Pbr Rules On L1 And L2 (Enabled On Bdi10 And Bdi20); Pbr Rules On The Service Leaf Switch; How To Configure Pbr Support For The Vxlan Bgp Evpn Fabric - Cisco Nexus 7000 Series Configuration Manual
Nx-os vxlan
Hide thumbs
Also See for Nexus 7000 Series:
- Command reference manual (1018 pages) ,
- Reference manual (746 pages) ,
- Configuration manual (536 pages)
Table of Contents
Advertisement
PBR support for the VXLAN BGP EVPN fabric
1 The web client (IP address 209.165.200.25) sends a request for a specific service available in the servers
attached to L1 and L2. The destination IP address in the packets is 203.0.113.1, the load balancer's IP
address. This IP address is advertised to clients outside the fabric. The request reaches BL.
2 BL knows from the BGP EVPN control plane that the load balancer is attached to the service leaf switch.
BL VXLAN encapsulates the packets and forwards the request to the service leaf switch.
3 The service leaf switch receives it, VXLAN decapsulates the packets and sends the traffic to the load
balancer.
4 The load balancer uses a unique IP address 10.0.0.1 (or 2001:DB8:0:ABCD::1 for IPv6) when load
balancing traffic to one of the servers hosting the service. The load balancer decides to forward the request
to Server 2. In the packet header, the load balancer updates the destination IP address to 192.0.2.1 (or
2001:DB8::1), while the source IP address remains 209.165.200.25 (or a designated IPv6 address), and
forwards it to the service leaf switch. The service leaf switch sends the traffic over the VXLAN BGP
EVPN fabric towards L1. L1 decapsulates the VXLAN header and forwards the original packet to Server
2.
5 Server 2 responds to the service request. The source IP address is 192.0.2.1 or 2001:DB8::1/64 (Server
2's IP address), and the destination IP address remains 209.165.200.25. The response is sent to L1.
6 On L1, normal packet forwarding determines that the destination address is behind the border leaf switch.
However, PBR policy is applied on the interface on which the server is attached such that the packet is
forwarded to the service leaf switch instead of the border leaf switch.
7 On the service leaf switch, after VXLAN decapsulation, normal packet forwarding determines that the
destination address 209.165.200.25 is behind the border leaf switch. However, PBR policy is applied on
the Layer-3 VNI interface such that the packet is forwarded to the service leaf switch instead of the border
leaf switch.
8 The service leaf switch forwards it to BL, which forwards the service response to the web client.
PBR Rules on L1 and L2 (Enabled on BDI10 and BDI20)
• For server traffic (with source IP address 192.0.2.x, belonging to VLAN 10, VRF A, and Layer 2 virtual
• For server traffic (with source IP address 198.51.100.x, belonging to VLAN 20, VRF A and Layer 2
PBR Rules on the Service Leaf Switch
For server traffic (with source IP address 192.0.2.x or 198.51.100.x, belonging to VRF A, and Layer 3 VNI
50000) received on the PBR interface, send traffic to 10.0.0.1 (or 2001:DB8:0:ABCD::1).
How to Configure PBR Support for the VXLAN BGP EVPN Fabric
Type the switch# configure terminal command to enter global configuration mode (config)#
Note
network identifier [VNI] 1000) received on interface BDI10, send traffic to 10.0.0.1 (or
2001:DB8:0:ABCD::1).
VNI 2000), send traffic to 10.0.0.1 (or 2001:DB8:0:ABCD::1).
PBR Rules on L1 and L2 (Enabled on BDI10 and BDI20)
Cisco Nexus 7000 Series NX-OS VXLAN Configuration Guide
109
Advertisement
Table of Contents
