Configure Fabric Extend

Use the following procedure to configure Fabric Extend (FE). A typical Fabric Extend deployment would be between a Main office and a Branch office.

To complete the Fabric Extend tunnel, you must configure Fabric Extend at both ends of the tunnel.

Optionally, you can configure a parallel tunnel between the same two nodes to create a backup Fabric Extend adjacency.

Before you begin

If using the tunnel originating address on a VRF, configure a CLIP and tunnel source IP address on the VRF.

If using the tunnel originating address, the logical interface address, on the GRT, Fabric Extend has the following requirements:
  • The tunnel source IP address must be on the GRT, not on a VRF.

    Note

    Note

    To configure Fabric Extend using a tunnel source IP address on the GRT, use separate IP addresses for the SPBM IP Shortcuts (ip source-address) and the Fabric Extend ip-tunnel-source address. Exclude the ip-source-address address with an IS-IS accept policy if you want these IP addresses to be the same. You cannot use the redistribute command with a route-map exclusion.

    Specify a CLIP interface to use as the ip source-address for SPBM IP shortcuts.

  • If you enable IP Shortcuts, you must configure an IS-IS accept policy or use an exclude route-map to ensure that tunnel destination IP addresses are not learned through IS-IS.

About this task

The tunnel source IP address can be a brouter port IP, a CLIP IP, or a VLAN IP.

For information about product support, see Fabric Extend Considerations.

Note

Note

VRF is an optional parameter. If you do not configure a VRF, then FE uses the GRT.

Important

Important

Switches that support a single active VRF have feature interactions with Fabric Extend. For more information, see VRF Lite Configuration Rules. To assist with the single-active VRF restrictions, an overlay parameter exists for the ip-tunnel-source-address command.

For a logical IS-IS interface, Layer 2 and Layer 3 refer to the following use cases:

  • Layer 2 — Fabric Extend VID (FE-VID)

  • Layer 3 — Fabric Extend IP (FE-IP)

Procedure

  1. Enter IS-IS Router Configuration mode:

    enable

    configure terminal

    router isis

  2. Configure the IP tunnel source address:

    ip-tunnel-source-address <A.B.C.D> [vrf WORD<1–16>] [overlay]

  3. Enter Global Configuration mode:

    exit

  4. Create a logical IS-IS interface. Use the command that applies to your interface type:
    • For FE-VID interfaces (layer 2 core network), enter:

      logical-intf isis <1–255> vid {vlan-id[-vlan-id][,...]} primary-vid <2–4059> port <slot/port> mlt PT_MLT<1-512> [name WORD<1–64>]

      Note

      Note

      The primary VLAN ID (primary-vid must be one of the VIDs in the vid {vlan-id[-vlan-id][,...]}.

    • For FE-IP (Layer 3 core network), enter:

      logical-intf isis <1–255> dest-ip <A.B.C.D> [name WORD<1–64>]

  5. Configure the IS-IS MTU for the FE-IP (Layer 3) logical interface.
    isis mtu <750-1600>
  6. Configure IS-IS on the logical interface that you just created:
    1. Create an IS-IS circuit and interface:
      isis
    2. Enable the SPBM instance on the IS-IS interface:
      isis spbm <1-100>
    3. Enable the IS-IS circuit/interface:
      isis enable
    4. Exit logical interface configuration mode:
      exit
  7. Optional: If you want to deploy parallel tunnels, configure a backup IS-IS logical interface:
    1. Configure an additional source address and optional VRF to use for the backup tunnel:
      logical-intf isis <1–255> dest-ip <A.B.C.D> src-ip <A.B.C.D> [vrf WORD<1-16>]
    2. Optional: Configure the IS-IS MTU for the backup tunnel interface. This option is available for FE-IP only.
      isis mtu <750-1600>
    3. Configure the backup tunnel interface as an IS-IS logical interface. For the backup tunnel, enter the IS-IS commands that you entered for the primary tunnel in step 6.

What to do next

Configure Fabric Extend on the switch at the other end of the tunnel.

Variable Definitions

The following table defines parameters for the ip-tunnel-source-address command.

Variable

Value

<A.B.C.D>

Specifies the IS-IS IPv4 tunnel source address, which can be a brouter interface IP, a CLIP IP, or a VLAN IP.

overlay

Permits the configuration of the tunnel source address even though it belongs to a VRF with an attached I-SID.

vrf WORD<1–16>

Specifies the VRF name associated with the IP tunnel.

The following tables define parameters for the logical-intf isis command, depending on whether you have a Layer 2 or Layer 3 core.

Table 1. Layer 2 core (FE-VID)

Variable

Value

<1–255>

Specifies the index number that uniquely identifies this logical interface.

mlt PT_MLT<1-512>

Specifies the MLT ID that the logical interface is connected to in a Layer 2 network.

name WORD<1–64>

Specifies the administratively-assigned name of this logical interface, which can be up to 64 characters.

port {slot/port[/sub-port][-slot/port[/sub-port]][,...][slot/all][all]}

Specifies the physical port that the logical interface is connected to in a Layer 2 network.

primary-vid <2–4059>

Specifies the primary tunnel VLAN ID associated with this Layer 2 IS-IS logical interface.

vid {vlan-id[-vlan-id][,...]}

Specifies the list of VLANs that are associated with this logical interface.

Table 2. Layer 3 core (FE-IP)

Variable

Value

<1–255>

Specifies the index number that uniquely identifies this logical interface.

dest-ip <A.B.C.D>

Specifies the tunnel destination IP address of the remote BEB.

name WORD<1–64>

Specifies the administratively-assigned name of this logical interface.

src-ip <A.B.C.D> [vrf WORD<1-16>]

Configures an additional source address and optional VRF to use as the parallel tunnel to create a backup adjacency.

The VRF is the next-hop VRF to reach the logical tunnel destination IP associated with the parallel tunnel.

To use an IPsec-encrypted tunnel as the parallel tunnel, ensure that you configure the same source IP address on the logical IS-IS interface and in the Fabric IPsec Gateway virtual machine.

The following table defines parameters for the isis mtu command.

Variable

Definition

<750-1600>

Specifies the Maximum Transmission Unit (MTU) size in bytes for each IS-IS packet that uses this logical interface. The default is 1600.

This command is available for Layer 3 core (FE-IP) interfaces only.