Latest

Home / Cisco / Cisco ACI / Datacenter / VXLAN / Datacenter Overlay : Achieving Seamless VXLAN High Availability

Datacenter Overlay : Achieving Seamless VXLAN High Availability

January 10, 2024 , , ,

Datacenter Overlay : Achieving Seamless VXLAN High Availability 

Amazon.com Best Deals Toys     ⭐Amazon.com Best Deals Health
Amazon.com Best Deals Electronics  ⭐Amazon.com Best Deals Video Games

As we are going to talk about the high availability of VXLAN in Datacenter where we are using Cisco Nexus devices as a physical infrastructure. For high availability, a pair of virtual port channel (vPC) switches can be used as a logical VTEP device sharing an Anycast VTEP address

The vPC switches allow redundant host connectivity while running Layer 3 protocols with the upstream devices in the underlay network. Both will join the multicast group for the same VXLAN VNI and utilize the same Anycast VTEP address as the source to send VXLAN-encapsulated packets to devices in the underlay network, including the multicast rendezvous point and remote VTEP devices. The two vPC VTEP switches appear to be one logical VTEP entity.

VXLAN High Availability
Fig 1.1- VXLAN High Availability

The following configurations must be identical among vPC peers:

  • Consistent mapping of the VLAN to the virtual network segment (VN-segment)
  • Consistent NVE binding to the same loopback secondary IP address (Anycast VTEP address)
  • Consistent VNI-to-group mapping.

vPC VTEP switches must utilize a secondary IP address on the loopback interface linked to the VXLAN NVE tunnel for the Anycast IP address. Both vPC switches must have the same secondary loopback IP address.

Both devices will broadcast this Anycast VTEP address to the underlay network, allowing upstream devices to learn the /32 route from both vPC VTEPs and load-share VXLAN unicast-encapsulated traffic between them.

In the event of a vPC peer-link failure, the vPC operational secondary switch will disable its VXLAN NVE-bound loopback interface. This shutdown will force the secondary vPC switch to remove the Anycast VTEP address from its IGP advertisement, causing the underlay network's upstream devices to send all traffic to the primary vPC switch. 

The goal of this procedure is to avoid a vPC active-active situation when the peer link is unavailable. When the vPC peer link fails, the orphan devices connected to the secondary vPC switch will be unable to receive VXLAN traffic.

Continue Reading...