Configuring OVSDB protocol support for VXLAN Gateway

Use the following procedure to configure OVSDB protocol support for VXLAN Gateway on the switch.

Before you begin

  • You must enable VXLAN Gateway Full Interworking Mode. You can use show boot config flags to verify the current VXLAN Gateway mode. For more information, see Configuring the VXLAN Gateway boot flag.

  • You must configure and use the Segmented Management Instance IP address on the VXLAN Gateway to establish connectivity with the NVC. For more information about Segmented Management Instance, see Segmented Management Instance Configuration using the CLI.

  • You must configure an OVSDB management interface. For more information, see Configuring OVSDB Managed Interfaces.

  • You must transfer an OVSDB certificate file and private-key file to the flash storage of the switch. You can use an ovs-pki utility with SSL libraries to generate the private keys and certificates. You can use boot config flags FTPD and then an SCP utility to transfer the private key and certificate file to the flash storage of the switch.

  • If the switch is an aggregation switch, the IST peer must support OVSDB, have the same source VTEP-IP and OVSDB managed-interface, and must communicate with the NVC management IP.

Procedure

  1. Enter Global Configuration mode:

    enable

    configure terminal

  2. Configure the source VTEP IP address:

    vtep source-ip <A.B.C.D> [vrf WORD<1–16>]

  3. Enter OVSDB Configuration mode:

    ovsdb

  4. Install the OVSDB certificate file:

    install-cert-file WORD<1–128>

  5. Install the OVSDB private key:

    private—key WORD<1–128>

  6. Enable OVSDB protocol support for VXLAN Gateway:

    enable

  7. Configure the NVC:

    controller <1–100> ip address <A.B.C.D> protocol <ssl|tcp> [port <1–65535>]

Example

The following is an example of configuring a VTEP source IP, installing an OVSDB certificate file, installing an OVSDB private key, enabling OVSDB protocol support for VXLAN Gateway, and configuring the IP address, protocol, and port for one NVC.
SWITCH:1>enable
SWITCH:1#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
SWITCH:1(config)#vtep source-ip 192.0.2.1 vrf vxlan-underlay
SWITCH:1(config)#ovsdb
SWITCH:1(config-ovsdb)#install-cert-file /intflash/tom/sc-cert.pem
SWITCH:1(config-ovsdb)#private-key /intflash/tom/sc-privkey.pem
SWITCH:1(config-ovsdb)#enable
SWITCH:1(config-ovsdb)#controller 1 ip address 192.0.2.2 protocol ssl port 6640
Note

Note

You can configure multiple controllers for high availability. One VXLAN Gateway can support a maximum of three controllers.

Important

Important

If you add or delete a controller, or modify the OVSDB managed interface when a controller is configured, the existing controller connections reset. Log messages generate to indicate the status changes as the controllers disconnect and reconnect.

If you change a previously configured VTEP source-ip and re-enable OVSDB, the controller sees a new VXLAN tunnel instead of updating the existing VXLAN. You must configure the VNID to I-SID binding on the controller for the new VXLAN tunnel associated with the new VTEP IP address.

Variable definitions

Use the data in the following table to use the vtep source-ip command.

Variable

Value

<A.B.C.D> [vrf WORD<1–16>]

Specifies the VXLAN tunnel end point (VTEP) source IP address in IPv4 format. Optionally you can specify a VRF.

Note:

The VTEP source IP address must be on a loopback interface.

Use the data in the following table to use the install-cert-file command.

Variable

Value

WORD<1–128>

Specifies the path and file name of the OVSDB certificate file.

Use the data in the following table to use the private-key command.

Variable

Value

WORD<1–128>

Specifies the path and file name of the OVSDB private key.

Use the data in the following table to use the controller command.

Variable

Value

<1–100>

Specifies the ID of the controller.

ip address <A.B.C.D>

Specifies the IP address of the controller in IPv4 format.

protocol <ssl|tcp>

Specifies the networking protocol as SSL or TCP for controller communications.

port <1–65535>

Specifies the networking port of the controller.