\documentclass[10pt,a4paper]{article} % Packages \usepackage{fancyhdr} % For header and footer \usepackage{multicol} % Allows multicols in tables \usepackage{tabularx} % Intelligent column widths \usepackage{tabulary} % Used in header and footer \usepackage{hhline} % Border under tables \usepackage{graphicx} % For images \usepackage{xcolor} % For hex colours %\usepackage[utf8x]{inputenc} % For unicode character support \usepackage[T1]{fontenc} % Without this we get weird character replacements \usepackage{colortbl} % For coloured tables \usepackage{setspace} % For line height \usepackage{lastpage} % Needed for total page number \usepackage{seqsplit} % Splits long words. %\usepackage{opensans} % Can't make this work so far. Shame. Would be lovely. \usepackage[normalem]{ulem} % For underlining links % Most of the following are not required for the majority % of cheat sheets but are needed for some symbol support. \usepackage{amsmath} % Symbols \usepackage{MnSymbol} % Symbols \usepackage{wasysym} % Symbols %\usepackage[english,german,french,spanish,italian]{babel} % Languages % Document Info \author{sh-arista} \pdfinfo{ /Title (arista-vxlan-direct-routing.pdf) /Creator (Cheatography) /Author (sh-arista) /Subject (Arista VXLAN Direct Routing Cheat Sheet) } % Lengths and widths \addtolength{\textwidth}{6cm} \addtolength{\textheight}{-1cm} \addtolength{\hoffset}{-3cm} \addtolength{\voffset}{-2cm} \setlength{\tabcolsep}{0.2cm} % Space between columns \setlength{\headsep}{-12pt} % Reduce space between header and content \setlength{\headheight}{85pt} % If less, LaTeX automatically increases it \renewcommand{\footrulewidth}{0pt} % Remove footer line \renewcommand{\headrulewidth}{0pt} % Remove header line \renewcommand{\seqinsert}{\ifmmode\allowbreak\else\-\fi} % Hyphens in seqsplit % This two commands together give roughly % the right line height in the tables \renewcommand{\arraystretch}{1.3} \onehalfspacing % Commands \newcommand{\SetRowColor}[1]{\noalign{\gdef\RowColorName{#1}}\rowcolor{\RowColorName}} % Shortcut for row colour \newcommand{\mymulticolumn}[3]{\multicolumn{#1}{>{\columncolor{\RowColorName}}#2}{#3}} % For coloured multi-cols \newcolumntype{x}[1]{>{\raggedright}p{#1}} % New column types for ragged-right paragraph columns \newcommand{\tn}{\tabularnewline} % Required as custom column type in use % Font and Colours \definecolor{HeadBackground}{HTML}{333333} \definecolor{FootBackground}{HTML}{666666} \definecolor{TextColor}{HTML}{333333} \definecolor{DarkBackground}{HTML}{235091} \definecolor{LightBackground}{HTML}{F1F4F8} \renewcommand{\familydefault}{\sfdefault} \color{TextColor} % Header and Footer \pagestyle{fancy} \fancyhead{} % Set header to blank \fancyfoot{} % Set footer to blank \fancyhead[L]{ \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{C} \SetRowColor{DarkBackground} \vspace{-7pt} {\parbox{\dimexpr\textwidth-2\fboxsep\relax}{\noindent \hspace*{-6pt}\includegraphics[width=5.8cm]{/web/www.cheatography.com/public/images/cheatography_logo.pdf}} } \end{tabulary} \columnbreak \begin{tabulary}{11cm}{L} \vspace{-2pt}\large{\bf{\textcolor{DarkBackground}{\textrm{Arista VXLAN Direct Routing Cheat Sheet}}}} \\ \normalsize{by \textcolor{DarkBackground}{sh-arista} via \textcolor{DarkBackground}{\uline{cheatography.com/93954/cs/20831/}}} \end{tabulary} \end{multicols}} \fancyfoot[L]{ \footnotesize \noindent \begin{multicols}{3} \begin{tabulary}{5.8cm}{LL} \SetRowColor{FootBackground} \mymulticolumn{2}{p{5.377cm}}{\bf\textcolor{white}{Cheatographer}} \\ \vspace{-2pt}sh-arista \\ \uline{cheatography.com/sh-arista} \\ \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Cheat Sheet}} \\ \vspace{-2pt}Not Yet Published.\\ Updated 29th October, 2019.\\ Page {\thepage} of \pageref{LastPage}. \end{tabulary} \vfill \columnbreak \begin{tabulary}{5.8cm}{L} \SetRowColor{FootBackground} \mymulticolumn{1}{p{5.377cm}}{\bf\textcolor{white}{Sponsor}} \\ \SetRowColor{white} \vspace{-5pt} %\includegraphics[width=48px,height=48px]{dave.jpeg} Measure your website readability!\\ www.readability-score.com \end{tabulary} \end{multicols}} \begin{document} \raggedright \raggedcolumns % Set font size to small. Switch to any value % from this page to resize cheat sheet text: % www.emerson.emory.edu/services/latex/latex_169.html \footnotesize % Small font. \begin{multicols*}{2} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{VXLAN Direct Routing}} \tn \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{To route between VLANs which are crossing the VXLAN overlay (also known as "stretched" or "extended" VLANs), Switched Virtual Interfaces (SVIs) need to be added to the VTEPs to perform the routing. With the direct routing model, every VTEP serves as the first-hop default gateway (DG) for locally attached hosts. Every SVI will be configured on every VTEP, even if there isn't a local host for a particular extended VLAN.% Row Count 9 (+ 9) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{\seqsplit{https://www.arista.com/en/um-eos/eos-section-22-3-vxlan-configuration\#ww1154798}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{p{0.8 cm} p{0.8 cm} } \SetRowColor{DarkBackground} \mymulticolumn{2}{x{8.4cm}}{\bf\textcolor{white}{VXLAN and NAT cannot coexist on a switch.}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{2}{x{8.4cm}}{} \tn % Row Count 0 (+ 0) \hhline{>{\arrayrulecolor{DarkBackground}}--} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Simple Topology}} \tn \SetRowColor{LightBackground} \mymulticolumn{1}{p{8.4cm}}{\vspace{1px}\centerline{\includegraphics[width=5.1cm]{/web/www.cheatography.com/public/uploads/sh-arista_1571329133_topology 2.jpg}}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{This network includes 3 VTEPs - 2 Routing VTEPs and 1 Bridging-only VTEP. This example is used to illustrate how and why the virtual VTEP IP (secondary IP on the VTI loopback) is used.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Pros of Direct Routing}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Leads to more efficient traffic flows than indirect routing.} \tn % Row Count 2 (+ 2) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Load sharing and redundancy as there will be more than one VTEP who can route .} \tn % Row Count 4 (+ 2) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{Useful in vMotion as all VTEPs have the same VIP and VMAC so default gateway configurations remain the same for servers across Data Centers.} \tn % Row Count 7 (+ 3) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Troubleshooting}} \tn % Row 0 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\bf{show int vxlan 1}}} \tn \mymulticolumn{1}{x{8.4cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\emph{Should be "up"; correctly reflect configured VLAN-to-VNI mappings; confirm control plane (multicast, HER, CVX, EVPN)}}} \tn % Row Count 4 (+ 4) % Row 1 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{{\bf{show mac address-table}}} \tn \mymulticolumn{1}{x{8.4cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\emph{The L2 forwarding table should show that mac addresses are either learned locally or from across the VXLAN overlay - "Vx1"; if we are not learning MACs from another VTEP confirm flood list and L3 reachability between VTEPs}}} \tn % Row Count 10 (+ 6) % Row 2 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\bf{show vxlan address-table}}} \tn \mymulticolumn{1}{x{8.4cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\emph{Shows the VXLAN MAC info, including the Host MAC, remote VTEP IP, and MAC moves.}}} \tn % Row Count 13 (+ 3) % Row 3 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{{\bf{show ip route}}} \tn \mymulticolumn{1}{x{8.4cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\emph{All VTEP IPs (primary and secondary) should have L3 reachability (ping to confirm)}}} \tn % Row Count 16 (+ 3) % Row 4 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\bf{show vxlan counters software}}} \tn \mymulticolumn{1}{x{8.4cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\emph{See "Arista VXLAN Bridging" for more info}}} \tn % Row Count 18 (+ 2) % Row 5 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{{\bf{show vxlan counters varp}}} \tn \mymulticolumn{1}{x{8.4cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\emph{Gives insight into ARP replies/requests sent and received, etc.}}} \tn % Row Count 21 (+ 3) % Row 6 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\bf{With MLAG, make sure loopback primary IPs are identical.}}} \tn % Row Count 23 (+ 2) % Row 7 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Make sure there is a secondary IP configured on the loopback for routing VTEPs.} \tn % Row Count 25 (+ 2) % Row 8 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\bf{Run a Recirc/TCAM profile check based on platform}}} \tn \mymulticolumn{1}{x{8.4cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\emph{See Arista VXLAN Routing}}} \tn % Row Count 28 (+ 3) % Row 9 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Confirm MTU on uplinks} \tn \mymulticolumn{1}{x{8.4cm}}{\hspace*{6 px}\rule{2px}{6px}\hspace*{6 px}{\emph{VXLAN adds a 50-byte header to the packet.}}} \tn % Row Count 30 (+ 2) \end{tabularx} \par\addvspace{1.3em} \vfill \columnbreak \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Troubleshooting (cont)}} \tn % Row 10 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\bf{Confirm the VMAC on any bridging VTEPs is either not configured or is a different VMAC than the routing VTEPs.}}} \tn % Row Count 3 (+ 3) % Row 11 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{There should be no secondary IP on the bridging VTEP's loopback.} \tn % Row Count 5 (+ 2) % Row 12 \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\bf{Secondary IP should be in the flood list of any bridging VTEPs.}}} \tn % Row Count 7 (+ 2) % Row 13 \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Make sure SVIs are configured on EVERY routing VTEP when using the Direct Routing model.} \tn % Row Count 9 (+ 2) \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Configuration}} \tn \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{{\bf{VTEP1}} \newline {\emph{Configure a loopback as the L3 source interface for the VXLAN tunnel/VTEP}} \newline {\bf{!}} \newline {\bf{interface loopback 1 }} \newline {\bf{ip address 1.1.1.1/32}} \newline {\emph{Configure a second IP, the virtual VTEP IP, on routing VTEPs}} \newline {\bf{ip address 100.100.100.100/32 secondary}} \newline {\bf{!}} \newline {\emph{Add DGs for routing - aka "anycast gateway"; can use VARP as seen here or "ip address virtual" to save IP space}} \newline {\bf{!}} \newline {\bf{interface vlan 10}} \newline {\bf{ip address 10.0.0.1/24}} \newline {\bf{ip virtual-router address 10.0.0.254}} \newline {\bf{!}} \newline {\bf{interface vlan 20}} \newline {\bf{ip address 20.0.0.1/24}} \newline {\bf{ip virtual-router 20.0.0.254}} \newline {\bf{!}} \newline {\bf{interface vlan 30}} \newline {\bf{ip address 30.0.0.1/24}} \newline {\bf{ip virtual-router address 30.0.0.254}} \newline {\bf{!}} \newline {\emph{Configure the VXLAN tunnel interface}} \newline {\bf{!}} \newline {\bf{interface vxlan 1}} \newline {\emph{Add the source interface configured earlier}} \newline {\bf{vxlan source-interface loopback1}} \newline {\emph{Configure the UDP destination port; be consistent across VTEPs}} \newline {\bf{vxlan udp-port 4789}} \newline {\emph{Configure the VLAN to VNI bindings for any extended VLANs}} \newline {\bf{vxlan vlan 10 vni 10010}} \newline {\bf{vxlan vlan 20 vni 10020}} \newline {\bf{vxlan vlan 30 vni 10030}} \newline {\emph{Configure the static flood-set if using HER for control-plane; include all VTEP IPs that need to receive BUM traffic}} \newline {\bf{vxlan flood vtep 2.2.2.2}} \newline {\bf{!}} \newline {\emph{Configure the virtual MAC to be used with all virtual IPs}} \newline {\bf{!}} \newline {\bf{ip virtual-router mac-address 00:00:11:22:33:44}} \newline {\bf{!}} \newline {\emph{Ensure routing is enabled}} \newline {\bf{ip routing}} \newline {\bf{!}} \newline \newline {\bf{VTEP2}} \newline {\bf{!}} \newline {\bf{interface loopback 1}} \newline {\bf{ip address 2.2.2.2/32}} \newline {\emph{Ensure the virtual VTEP IP is {\bf{identical}} across all routing VTEPs}} \newline {\bf{ip address 100.100.100.100/32 secondary}} \newline {\bf{!}} \newline {\bf{interface vlan 10}} \newline {\emph{Here using "ip address virtual" as the anycast gateway IP}} \newline {\bf{ip address virtual 10.0.0.254/24}} \newline {\bf{!}} \newline {\bf{interface vlan 20}} \newline {\bf{ip address virtual 20.0.0.254/24}} \newline {\bf{!}} \newline {\bf{interface vlan 30}} \newline {\bf{ip address virtual 30.0.0.254/24}} \newline {\bf{!}} \newline {\bf{interface vxlan 1}} \newline {\bf{vxlan source-interface loopback1}} \newline {\bf{vxlan udp-port 4789}} \newline {\bf{vxlan vlan 10 vni 10010}} \newline {\bf{vxlan vlan 20 vni 10020}} \newline {\bf{vxlan vlan 30 vni 10030}} \newline {\bf{vxlan flood vtep 1.1.1.1}} \newline {\bf{!}} \newline {\bf{ip virtual-router mac-address 00:00:11:22:33:44}} \newline {\bf{!}} \newline {\bf{ip routing}} \newline {\bf{!}} \newline \newline {\bf{VTEP 3}} \newline {\bf{!}} \newline {\bf{interface loopback 1}} \newline {\bf{ip address 3.3.3.3/32 }} \newline {\emph{No virtual VTEP IP on a bridging VTEP!}} \newline {\bf{!}} \newline {\bf{interface vxlan 1}} \newline {\bf{vxlan source-interface loopback1}} \newline {\bf{vxlan udp-port 4789}} \newline {\bf{vxlan vlan 10 vni 10010}} \newline {\bf{vxlan vlan 20 vni 10020}} \newline {\bf{vxlan vlan 30 vni 10030}} \newline {\emph{Ensure the virtual VTEP IP is included in the flood-set for BUM traffic.}} \newline {\bf{vxlan flood vtep 1.1.1.1 2.2.2.2 100.100.100.100}} \newline {\bf{!}} \newline {\bf{ip routing}}} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \SetRowColor{LightBackground} \mymulticolumn{1}{x{8.4cm}}{VTEP 1 and 2 have secondary IPs configured that are identical. This is to avoid MAC flapping on the bridging VTEP 3. If the secondary IP wasn't configured, when VTEP 1 and 2 send GARPs out for the SVIs using VARP, VTEP 3 would see the virtual MAC flap between VTEP 1 and VTEP 2 in the vxlan address table. \newline \newline "ip address virtual" could also have been used, saving IP address space as no physical IP address is needed.} \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} \begin{tabularx}{8.4cm}{X} \SetRowColor{DarkBackground} \mymulticolumn{1}{x{8.4cm}}{\bf\textcolor{white}{Virtual MAC on the Bridging VTEP...}} \tn \SetRowColor{white} \mymulticolumn{1}{x{8.4cm}}{Notice there is no VMAC configured on the bridging VTEP. It is not unlikely that a VTEP could be a "logical" VTEP - i.e. two VTEPs in MLAG and have a VMAC configured for VARP. It is not unlikely that there are both regular VLANs, not using VXLAN at all, and VXLAN VLANs. If the VXLAN VLANs had no SVIs, making this a "bridging" VTEP, make sure the VMAC on these switches is different from the routing VTEPs for the VXLAN VLANs or the switches will consume the packets.% Row Count 10 (+ 10) } \tn \hhline{>{\arrayrulecolor{DarkBackground}}-} \end{tabularx} \par\addvspace{1.3em} % That's all folks \end{multicols*} \end{document}