Configure OVSDB protocol support for VXLAN Gateway
Use the following procedure to configure OVSDB protocol support for VXLAN Gateway on the switch.
Before you begin
-
You must enable VXLAN Gateway Full Interworking Mode. You can use show boot config flags to verify the current VXLAN Gateway mode. For more information, see Enable VXLAN Gateway in Full Interworking Mode.
-
You must configure and use the Segmented Management Instance IP address on the VXLAN Gateway to establish connectivity with the NVC. For more information about Segmented Management Instance, see Segmented Management Instance Configuration using the CLI.
-
You must configure an OVSDB management interface. For more information, see Configure OVSDB Managed Interfaces.
-
You must transfer an OVSDB certificate file and private-key file to the flash storage of the switch. You can use an ovs-pki utility with SSL libraries to generate the private keys and certificates. You can use boot config flags FTPD and then an SCP utility to transfer the private key and certificate file to the flash storage of the switch.
-
If the switch is an aggregation switch, the IST peer must support OVSDB, have the same source VTEP-IP and OVSDB managed-interface, and must communicate with the NVC management IP.
Procedure
Example
SWITCH:1>enable SWITCH:1#configure terminal Enter configuration commands, one per line. End with CNTL/Z. SWITCH:1(config)#vtep source-ip 192.0.2.1 vrf vxlan-underlay SWITCH:1(config)#ovsdb SWITCH:1(config-ovsdb)#install-cert-file /intflash/tom/sc-cert.pem SWITCH:1(config-ovsdb)#private-key /intflash/tom/sc-privkey.pem SWITCH:1(config-ovsdb)#enable SWITCH:1(config-ovsdb)#controller 1 ip address 192.0.2.2 protocol ssl port 6640
Note
You can configure multiple controllers for high availability. One VXLAN Gateway can support a maximum of three controllers.
Important
If you add or delete a controller, or modify the OVSDB managed interface when a controller is configured, the existing controller connections reset. Log messages generate to indicate the status changes as the controllers disconnect and reconnect.
If you change a previously configured VTEP source-ip and re-enable OVSDB, the controller sees a new VXLAN tunnel instead of updating the existing VXLAN. You must configure the VNID to I-SID binding on the controller for the new VXLAN tunnel associated with the new VTEP IP address.
Variable definitions
Use the data in the following table to use the vtep source-ip command.
Variable |
Value |
---|---|
<A.B.C.D> [vrf WORD<1–16>] |
Specifies the VXLAN tunnel end point (VTEP) source IP address in IPv4 format. Optionally you can specify a VRF. Note:
The VTEP source IP address must be on a loopback interface. |
Use the data in the following table to use the install-cert-file command.
Variable |
Value |
---|---|
WORD<1–128> |
Specifies the path and file name of the OVSDB certificate file. |
Use the data in the following table to use the private-key command.
Variable |
Value |
---|---|
WORD<1–128> |
Specifies the path and file name of the OVSDB private key. |
Use the data in the following table to use the controller command.
Variable |
Value |
---|---|
<1–100> |
Specifies the ID of the controller. |
ip address <A.B.C.D> |
Specifies the IP address of the controller in IPv4 format. |
protocol <ssl|tcp> |
Specifies the networking protocol as SSL or TCP for controller communications. |
port <1–65535> |
Specifies the networking port of the controller. |