This example shows how to configure OVSDB protocol support for VXLAN Gateway.
Important
OVSDB protocol support for VXLAN Gateway also requires an ESXi host running VMware NSX configured with a HW-VTEP, and a Logical Switch configured with VNID to HW-VTEP bindings to function. See VMware NSX documentation for more information.
Important
OVSDB requires full interworking mode on the VXLAN Gateway. Changing the mode requires a reboot for the change to take effect, which can cause a loss of traffic.
# #VXLAN GATEWAY UNDERLAY IP NETWORK CONFIGURATION HW-VTEP 1 # enable config terminal ip vrf underlay-vxlan vrfid 1 router vrf underlay-vxlan ip ospf ip osfp admin-state ip osfp router-id 203.0.113.1 vlan create 10 type port-mstprstp 1 vlan mlt 10 10 interface vlan 10 vrf underlay-vxlan ip address 198.51.100.122 255.255.255.0 ip ospf enable exit # #VXLAN GATEWAY UNDERLAY IP NETWORK CONFIGURATION HW-VTEP 2 # ip vrf underlay-vxlan vrfid 1 router vrf underlay-vxlan ip ospf ip osfp admin-state ip osfp router-id 203.0.113.2 vlan create 12 type port-mstprstp 1 vlan members add 12 3/1 portmember interface vlan 12 vrf underlay-vxlan ip address 198.51.100.124 255.255.255.0 ip ospf enable exit # #NLS and VTEP CONFIGURATIONS HW-VTEP 1 # vlan create 4059 type port-mstprstp 0 vlan members 4059 1/24 portmember mgmt vlan 4059 ip address 192.0.2.101/24 ip route 192.0.2.0/16 next-hop 192.0.2.1 weight 1 enable exit interface loopback 10 ip address 10 122.122.122.1/255.255.255.255 vrf underlay-vxlan ip ospf 10 vrf underlay-vxlan vtep source-ip 122.122.122.1 vrf underlay-vxlan # #NLS and VTEP CONFIGURATIONS HW-VTEP 2 # vlan create 4059 type port-mstprstp 0 vlan members 4059 3/24 portmember mgmt vlan 4059 ip address 192.0.2.102/24 ip route 192.0.2.0/16 next-hop 192.0.2.1 weight 1 enable exit interface loopback 10 ip address 10 124.124.124.124/255.255.255.255 vrf underlay-vxlan ip ospf 10 vrf underlay-vxlan vtep source-ip 124.124.124.1 vrf underlay-vxlan # #LAYER2 VNI SERVICE AND MANAGED-INTERFACE CONFIGURATIONS HW-VTEP 1 # vlan create 1001 type port-mstprstp 0 vlan members 1001 1/10 portmember vlan i-sid 1001 1001 ovsdb managed-interface i-sids 1001 exit # ##LAYER2 VNI SERVICE AND MANAGED-INTERFACE CONFIGURATIONS HW-VTEP 2 # vlan create 1001 type port-mstprstp 0 vlan members 1001 3/10 portmember vlan i-sid 1001 1001 ovsdb managed-interface i-sids 1001 exit # #OVSDB CERTIFICATE AND PRIVATE KEY CONFIGURATION HW-VTEP 1 # ovsdb install-cert-file /intflash/tom/vtep1-cert.pem private-key /intflash/tom/vtep1-privkey.pem enable exit # #OVSDB NETWORK VIRTUALIZATION CONTROLLER CONFIGURATION HW-VTEP 1 # ovsdb controller 1 ip address 192.0.2.2 protocol ssl port 6640 exit # #OVSDB CERTIFICATE AND PRIVATE KEY CONFIGURATION HW-VTEP 2 # # ovsdb install-cert-file /intflash/tom/vtep2-cert.pem private-key /intflash/tom/vtep2-privkey.pem enable exit # #OVSDB NETWORK VIRTUALIZATION CONTROLLER CONFIGURATION HW-VTEP 2 # ovsdb controller 1 ip address 192.0.2.2 protocol ssl port 6640 exit #If HW-VTEP 1 needs VXLAN Gateway redundancy, the redundant gateway must be a VIST peer(HW-VTEP 11). #For VXLAN Gateway redundancy, the configs at HW-VTEP-1 must also have ovsdb replication config: # #OVSDB NETWORK VIRTUALIZATION CONTROLLER REPLICATION CONFIGURATION # ovsdb replication peer-ip 192.0.2.101 local-ip 192.0.2.111 exit # #Configs at HW-VTEP-11 for reduncancy: # #VXLAN GATEWAY UNDERLAY IP NETWORK CONFIGURATION HW-VTEP 11 # enable config terminal ip vrf underlay-vxlan vrfid 1 router vrf underlay-vxlan ip ospf ip osfp admin-state ip osfp router-id 203.0.113.11 vlan create 10 type port-mstprstp 1 vlan mlt 10 10 interface vlan 10 vrf underlay-vlxan ip address 198.51.100.111 255.255.255.0 ip ospf enable exit # #NLS and VTEP CONFIGURATIONS HW-VTEP 11 #NOTE: HW-VTEP 1 and HW-VTEP 11‘s VTEP IP must be the same. # vlan create 4059 type port-mstprstp 0 vlan members 4059 1/24 portmember mgmt vlan 4059 ip address 192.0.2.111/24 ip route 192.0.2.0/16 next-hop 192.0.2.1 weight 1 enable exit interface loopback 10 ip address 10 122.122.122.1/255.255.255.255 vrf underlay-vxlan ip ospf 10 vrf underlay-vxlan vtep source-ip 122.122.122.1 vrf underlay-vxlan # #LAYER2 VNI SERVICE AND MANAGED-INTERFACE CONFIGURATIONS HW-VTEP 11 #NOTE: HW-VTEP 1 and HW-VTEP 11 must have same managed-interface configured under ‘ovsdb‘ # vlan create 1001 type port-mstprstp 0 vlan members 1001 1/10 portmember vlan i-sid 1001 1001 ovsdb managed-interface i-sids 1001 exit # #OVSDB CERTIFICATE AND PRIVATE KEY CONFIGURATION HW-VTEP 11 #NOTE: HW-VTEP 1 and HW-VTEP 11 must have same certificate and private keys configured. # ovsdb install-cert-file /intflash/tom/vtep1-cert.pem private-key /intflash/tom/vtep1-privkey.pem enable exit # #OVSDB NETWORK VIRTUALIZATION CONTROLLER CONFIGURATION HW-VTEP 11 # ovsdb controller 1 ip address 192.0.2.2 protocol ssl port 6640 exit # #OVSDB NETWORK VIRTUALIZATION CONTROLLER REPLICATION CONFIGURATION # ovsdb replication peer-ip 192.0.2.101 local-ip 192.0.2.111 exit #