Configure Fabric Extend

Use the following procedure to configure Fabric Extend (FE) between a Main office and a Branch office, which is a typical deployment.

Note

Note

If your deployment creates tunnels between two switches that natively support Fabric Extend, then repeat the steps identified for native support and ignore the steps for switches that require an ONA.

You must configure the tunnel source address and logical interface on both ends of the tunnel to complete this procedure.

You can also configure an optional parallel tunnel between the same two nodes to create a backup Fabric Extend adjacency.

Before you begin

  • If using the tunnel originating address, the logical interface address, on the GRT, Fabric Extend has the following requirements:

    • The tunnel source IP address must be on the GRT, not on a VRF.

      Note

      Note

      To configure Fabric Extend using a tunnel source IP address on the GRT, use separate IP addresses for the SPBM IP Shortcuts (ip source-address) and the Fabric Extend ip-tunnel-source address. Exclude the ip-source-address address with an IS-IS accept policy if you want these IP addresses to be the same. You cannot use the redistribute command with a route-map exclusion.

      Specify a CLIP interface to use as the ip source-address for SPBM IP shortcuts.

    • If you enable IP Shortcuts, you must configure an IS-IS accept policy or use an exclude route-map to ensure that tunnel destination IP addresses are not learned through IS-IS.

  • If using the tunnel originating address on a VRF, Fabric Extend has the following requirements:

    • Configure a CLIP and tunnel source IP address on the VRF.

    • Remote management of the VSP 4450 Series is possible after establishing IP Shortcuts over IS-IS. Alternatively, you can enable GRT-VRF redistribution locally.

About this task

The tunnel source IP address can be a brouter port IP, a CLIP IP, or a VLAN IP.

Note

Note

Product Notice: VSP 8600 Series does not support a VLAN IP as the Fabric Extend tunnel source IP address.

For information about product support, see Fabric Extend Considerations.

The VSP 4450 Series source address command is different from other platforms because of ONA support. The logical interface commands are different between Layer 2 and Layer 3 networks.

Note

Note

VRF is an optional parameter. If you do not configure a VRF, then FE uses the GRT.

For a logical IS-IS interface, Layer 2 and Layer 3 refer to the following use cases:

  • Layer 2 — Fabric Extend VID (FE-VID)

  • Layer 3 — Fabric Extend IP (FE-IP)

Procedure

The following steps are for platforms that support FE natively:

  1. Enter IS-IS Router Configuration mode:

    enable

    configure terminal

    router isis

  2. Configure the IP tunnel source address:

    ip-tunnel-source-address <A.B.C.D> [vrf WORD<1–16>] [overlay]

  3. Enter Global Configuration mode:

    exit

  4. Use one of the following commands to create a logical IS-IS interface:

    • In a network with a Layer 3 Core, enter logical-intf isis <1–255> dest-ip <A.B.C.D> [name WORD<1–64>] [mtu <750-9000>]

    • In a network with a Layer 2 Core, enter logical-intf isis <1–255> vid {vlan-id[-vlan-id][,...]} primary-vid <2–4059> port <slot/port> mlt PT_MLT<1-512> [name WORD<1–64>] [mtu <750-9000>]

      Note

      Note

      The primary VLAN ID (primary-vid must be one of the VIDs in the vid {vlan-id[-vlan-id][,...]}.

  5. Optional: Configure an additional source address and optional VRF to use as the parallel tunnel:
    Note

    Note

    This step only applies to VSP 4900 Series and VSP 7400 Series.

    logical-intf isis <1–255> dest-ip <A.B.C.D> src-ip <A.B.C.D> [vrf WORD<1-16>]

The following steps are for platforms that require an ONA to support FE:

Note

Note

The interface VLAN connecting to the ONA network port is always in the GRT and the member port that the VLAN is part of is always an access port.

  1. Enter IS-IS Router Configuration mode:

    enable

    configure terminal

    router isis

  2. Configure the IP tunnel source address on the port that connects to the Device side of the ONA:

    ip-tunnel-source-address <A.B.C.D> port <slot/port> [mtu <mtu_value>] [vrf WORD<1–16>]

  3. Exit back into Global Configuration mode:

    exit

  4. Use one of the following commands to create a logical IS-IS interface:

    • In a network with a Layer 3 Core, enter:

      logical-intf isis <1–255> dest-ip <A.B.C.D> [name WORD<1–64>]

    • In a network with a Layer 2 Core, enter:

      logical-intf isis <1–255> vid {vlan-id[-vlan-id][,...]} primary-vid <2–4059> port <slot/port> mlt PT_MLT<1-512> [name WORD<1–64>]

      Note

      Note

      The primary VLAN ID (primary-vid) must be one of the VIDs in the vid {vlan-id[-vlan-id][,...]}.

Variable Definitions

The following table defines parameters for the ip-tunnel-source-address command.

Variable

Value

<A.B.C.D>

Specifies the IS-IS IPv4 tunnel source address, which can be a brouter interface IP, a CLIP IP, or a VLAN IP.

mtu <mtu_value>

Note:

Exception: only supported on VSP 4450 Series.

Specifies the Maximum Transmission Unit (MTU) size for each packet.

This parameter only applies to an ONA configuration.
overlay

Permits the configuration of the tunnel source address even though it belongs to a VRF with an attached I-SID.

port <slot/port>

Note:

Exception: only supported on VSP 4450 Series.

Specifies the port that is connected to the ONA device port.

vrf WORD<1–16>

Specifies the VRF name associated with the IP tunnel.

The following tables define parameters for the logical-intf isis command, depending on whether you have a Layer 2 or Layer 3 core.

Table 1. Layer 2 core (FE-VID)

Variable

Value

<1–255>

Specifies the index number that uniquely identifies this logical interface.

mlt PT_MLT<1-512>

Specifies the MLT ID that the logical interface is connected to in a Layer 2 network.

mtu<750-9000>

Note:

Exception: only supported on XA1400 Series.

Specifies the Maximum Transmission Unit (MTU) size of each packet. The default MTU value is 1950.

name WORD<1–64>

Specifies the administratively-assigned name of this logical interface, which can be up to 64 characters.

port {slot/port[/sub-port] [-slot/port[/sub-port]] [,...]}

Specifies the physical port that the logical interface is connected to in a Layer 2 network.

primary-vid <2–4059>

Specifies the primary tunnel VLAN ID associated with this Layer 2 IS-IS logical interface.

vid {vlan-id[-vlan-id][,...]}

Specifies the list of VLANs that are associated with this logical interface.
Table 2. Layer 3 core (FE-IP)

Variable

Value

<1–255>

Specifies the index number that uniquely identifies this logical interface.

dest-ip <A.B.C.D>

Specifies the tunnel destination IP address of the remote BEB.

name WORD<1–64>

Specifies the administratively-assigned name of this logical interface, which can be up to 64 characters.

mtu<750-9000>

Note:

Exception: only supported on XA1400 Series.

Specifies the Maximum Transmission Unit (MTU) size of each packet. The default MTU value is 1950.

src-ip <A.B.C.D> [vrf WORD<1-16>]

Note:

Exception: only supported on VSP 4900 Series and VSP 7400 Series.

Configures an additional source address and optional VRF to use as the parallel tunnel to create a backup adjacency.

The VRF is the next-hop VRF to reach the logical tunnel destination IP associated with the parallel tunnel.

To use an IPsec-encrypted tunnel as the parallel tunnel, ensure that you configure the same source IP address on the logical IS-IS interface and in the Fabric IPsec Gateway virtual machine.
9037464-00 Rev AC