Configuring VN-Segment

This chapter contains the following sections:

Information About VN-Segment

The VN-Segment feature defines a new way to "tag" packets on the wire replacing the traditional 802.1Q VLAN tag. This feature uses a 24-bit tag also referred to as a Virtual Network Identifier (VNI). CE links (access and trunk) carry traditional VLAN tagged/untagged frames. These are the VN-Segment Edge ports.

FabricPath links (switchport mode fabricpath ) carry VN-Segment tagged frames for VLANs that have VNIs defined. These are the VN-Segment core ports.

Figure 1. VN-Segment and FabricPath

VN-Segment and FabricPath

The previous figure shows a typical Cisco FabricPath network. Switches S1 and S2 are the spine switches. Switches S3 and S4 are the leaf switches and are connected to the spines over FabricPath interfaces. The VN-Segment feature is enabled on all leaf switches.

Server A is connected to leaf switch S3 and server B is connected to leaf switch S4 through normal Layer 2 trunk/access ports. These interfaces are also referred to as the "VNSeg Edge" ports. The servers send and receive traditional .1Q tagged or untagged frames. No new configurations are needed on the servers. The spines forward the VN-Segment tagged frames to the intended leafs.

Assume that servers A and B need to be in the same Layer 2 flood domain.

On the leaf switches, VLAN 333 is mapped to an available VN-Segment ID 16535. This VN-Segment ID identifies the VLAN 333 on the FabricPath network.

Here is a typical packet flow:

  1. A data packet from server A to server B tagged with VLAN 333 is received on the VNSEG port of S3.

  2. S3 does the packet lookup and sends the packet on the FabricPath port towards the spine. The switch S3 uses the VN-Segment ID corresponding to the VLAN.

  3. S1 and S2 performs FabricPath forwarding towards the intended leafs.

  4. S4 receives the VN-Segment ID tagged packet and performs packet lookups. Once the packet destination port is identified as a VNSEG edge port, S4 uses the VLAN ID corresponding to the VN-Segment ID in the packet and sends the packet.


    Note

    If the VN-Segment ID to VLAN mapping does not exist, the packet is dropped.
  5. Server B receives the .1Q data packet from Server A.

The same process is followed in the data packets from server B to server A.

Guidelines and Limitations for VN-Segment

VN-Segment has the following guidelines and limitations:

  • The VN-Segment tag is added to traffic egressing FabricPath (FP) links only.

  • Data forwarding semantics is the same as that of the VLANs.

  • The devices must be VN-Segment aware with appropriate hardware support.

  • Leaf switches must be configured for VN-Segment.

  • The Virtual Network Identifier (VNI) is the network global ID, not the VLAN ID.

  • Up to 4K VN-Segments and global VLANs are supported per leaf switch. There are only 4K VLANs.

  • Different leafs can have different mapping to up to support 50K tenants on the fabric, depending on hardware and software limitations.

  • If compatibility checks fail for the image, ISSD might be rejected .

  • The VLAN-to-VN-Segment mapping must be consistent on the vPC+ peer switches for correct traffic flow. vPC type 1 consistency checks suspend VLANs on vPC peer swtiches with inconsistent mappings.

Enabling VN-Segment

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# install feature-set fabricpath

Installs the FabricPath feature set on the switch.

Step 3

switch(config)# feature-set fabricpath

Enables the FabricPath feature set on the switch.

Step 4

switch(config)# feature vn-segment-vlan-based

Enables the VN-Segment feature on the switch.

Step 5

(Optional) switch(config)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example

This example shows how to enable VN-Segment:

switch# configure terminal
switch(config)# install feature-set fabricpath 
switch(config)# feature-set fabricpath
switch(config)# feature vn-segment-vlan-based
 
switch(config)# copy running-config startup-config 

Configuring VN-Segment for a VLAN

Before you begin

The VN-Segment feature must be enabled.

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# vlan vlan-id

Creates a VLAN.

Step 3

switch(config-vlan)# mode fabricpath

Configures the VLAN as a FabricPath VLAN.

VN-Segments for a VLAN must be configured in FabricPath mode on the Leaf.

Step 4

switch(config-vlan)# vn-segment segmentation-id

Defines the network global ID.

The segmentation-id range is from 4096 to 16,773,119.

Step 5

(Optional) switch(config-vlan)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example

This example shows how to configure VN-Segment for VLAN:

switch# configure terminal
switch(config)# vlan 100
switch(config-vlan)# mode fabricpath
switch(config-vlan)# vn-segment 4096
 

Configuring VN-Segment for VLAN in Configure Sync

VN-Segments can be configured with the configure sync command for VPCs.

Procedure

  Command or Action Purpose
Step 1

switch# configure sync

Enter configuration sync mode.

Step 2

switch(config-sync)# switch-profile test

Creates a switch profile that contains a predetermined configuration.

Step 3

switch(config-sync-sp)# vlan vlan-id

Creates a VLAN.

Step 4

switch(config-sync-sp-vlan)# vn-segment segmentation-id

Defines the network global ID.

The segmentation-id range is from 4096 to 16,773,119.

Step 5

(Optional) switch(config-sync-sp-vlan)# commit

(Optional)

Synchronizes the configuration with the peer switch and applies the configuration locally.

Step 6

switch(config-sync-sp-vlan)# copy running-config startup-config

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example

This example shows how to configure VN-Segment for a VLAN in configure sync mode:

switch# configure sync
switch(config-sync)# switch-profile test
Switch-Profile started, Profile ID is 1
switch(config-sync-sp)# vlan 3500
switch(config-sync-sp-vlan)# vn-segment 40001
switch(config-sync-sp-vlan)# 

Configuring VN-Segment in Transit Mode

Before you begin

The FabricPath feature set must be enabled.

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# fabricpath mode transit

Enables transit mode. You need to save the configuration and reload the spine.

Note 
This command is disallowed if vn-segment-vlan-based is configured because they are mutually exclusive.

Example

The example shows how to configure VN-Segment in transit mode:

switch# configure terminal
switch(config)# fabricpath mode transit
Enabling transit mode. Please save configuration and reload.

What to do next

Enter the show fabricpath mode command to show the status of the mode.

Configuring VN-Segment in Non-Transit Mode

You need to enter the feature vn-segment-vlan-based command on the spine to enable the spine in non-transit mode.

Before you begin

The FabricPath feature set must be enabled.

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# feature vn-segment-vlan-based

Enables a VLAN-based VN-Segment.

Step 3

switch(config)# vni vni-id

The range of vni-id is 4096 to 16,773,119.

Example

This example shows how to configure VN-Segment in non-transit mode:

switch# configure terminal
switch(config)# feature vn-segment-vlan-based
switch(config)# vni 16896

Disabling VN-Segment

Before you begin

VN-Segment configurations must be removed manually prior to disabling the feature.

Procedure

  Command or Action Purpose
Step 1

switch# configure terminal

Enters global configuration mode.

Step 2

switch(config)# no feature vn-segment-vlan-based

Disables VN-Segment.

Step 3

(Optional) switch(config)# copy running-config startup-config

(Optional)

Saves the change persistently through reboots and restarts by copying the running configuration to the startup configuration.

Example

This example shows how to disable VN-Segment:

switch# configure terminal
switch(config)# no feature vn-segment-vlan-based

Verifying VN-Segment Configuration

Use the following commands to display VN- Segment configuration information:

Command Purpose

show vlan id vland-id-list vn-segment

Displays the configured VLAN-to-VN-Segment mappings for the specified list of VLANs.

show vpc consistency-parameters global

Displays information on the number of VLANs and VN-Segment mappings on each VPC switch to help determine any mismatches.

show vpc consistency-parameters vlans

Displays information to identify the VLAN and VN-Segment configuration mismatches.