Complete Cisco Nexus VXLAN Configuration Guide – Traditional vs Modern VXLAN EVPN
VXLAN is one of the most important technologies in modern data center networking. Traditional Layer 2 VLAN networks were never designed for the massive scale required by modern cloud environments, virtualization, container platforms, and multi-tenant architectures. Cisco Nexus switches combined with VXLAN solve these problems by extending Layer 2 domains across Layer 3 infrastructure.
This guide explains every configuration step in extreme detail. Instead of only copying commands, this tutorial explains the networking theory, multicast behavior, encapsulation mechanics, VNI calculations, routing protocols, and the transition from traditional switching to modern VXLAN EVPN architectures.
Table of Contents
- 1. Network Overview
- 2. Traditional VLAN Switching Limitations
- 3. What is VXLAN?
- 4. VXLAN Mathematics and Encapsulation
- 5. Task 1 – Nexus Initialization
- 6. Task 2 – IP Address Configuration
- 7. Task 3 – OSPF Configuration
- 8. Task 4 – PIM Sparse Mode and Multicast
- 9. Task 5 – VLAN to VNI Mapping
- 10. Task 6 – NVE Interface Configuration
- 11. Task 7 – Trunk Port Configuration
- 12. Task 8 – Internal Switch Configuration
- 13. Task 9 – Connectivity Verification
- 14. Traditional Switching vs VXLAN
- 15. Old VXLAN vs Modern VXLAN EVPN
- 16. Troubleshooting Commands
- 17. Related Articles
1. Network Overview
The lab topology contains:
- 1 Cisco Router (R1)
- 2 Cisco Nexus switches (NX-01 and NX-02)
- 2 Internal Layer 2 switches (SW1 and SW2)
The Nexus switches form the VXLAN transport network. The traditional VLANs are mapped into VXLAN VNIs and transported across the Layer 3 underlay using multicast groups.
Lab Objectives
- Configure Layer 3 reachability
- Configure OSPF routing
- Configure multicast using PIM Sparse Mode
- Create VLAN to VNI mappings
- Configure NVE interfaces
- Extend VLANs across Layer 3 infrastructure
- Verify VXLAN tunnel communication
2. Traditional VLAN Switching Limitations
Before VXLAN existed, enterprises relied heavily on traditional VLAN-based Layer 2 switching.
However, traditional VLAN architecture introduced major scalability limitations.
| Traditional VLAN Problem | Impact |
|---|---|
| Maximum VLAN limit = 4094 | Insufficient for cloud-scale environments |
| Spanning Tree dependency | Blocked links and wasted bandwidth |
| Layer 2 flooding | Broadcast scalability issues |
| Difficult multi-tenancy | Tenant isolation complexity |
| Large failure domains | Broadcast storms affect many devices |
3. What is VXLAN?
VXLAN stands for:
Virtual Extensible LAN
VXLAN encapsulates Layer 2 Ethernet frames inside UDP packets and transports them across Layer 3 IP networks.
VXLAN Header Structure
A normal Ethernet frame becomes encapsulated inside:
- Outer Ethernet Header
- Outer IP Header
- UDP Header
- VXLAN Header
- Original Ethernet Frame
Important VXLAN Concepts
| Component | Purpose |
|---|---|
| VNI | VXLAN Network Identifier |
| NVE | Network Virtualization Edge |
| VTEP | VXLAN Tunnel Endpoint |
| Multicast Group | Flood and learn transport |
| Loopback Interface | Stable VTEP source address |
4. VXLAN Mathematics and Encapsulation
VLAN Scaling Mathematics
Traditional VLAN uses 12 bits:
\\[ 2^{12} = 4096 \\]
Usable VLANs:
\\[ 4096 - 2 = 4094 \\]
VXLAN uses 24-bit VNIs:
\\[ 2^{24} = 16,777,216 \\]
This massive increase allows modern cloud-scale segmentation.
VXLAN Encapsulation Overhead
| Header | Bytes |
|---|---|
| Outer Ethernet | 14 |
| Outer IP | 20 |
| UDP | 8 |
| VXLAN Header | 8 |
| Total Overhead | 50 Bytes |
Total encapsulation:
\\[ 14 + 20 + 8 + 8 = 50 \\]
Because of the additional overhead, modern VXLAN deployments usually increase MTU values.
5. Task 1 – Nexus Initialization
The first step initializes both Nexus switches and configures the default admin password.
Why Initialization Matters
Nexus switches require initial bootstrap configuration before advanced features like VXLAN and OSPF can operate.
Configuration Example
switch setup
Enter the password for admin: Cisco123
Confirm the password: Cisco123
CLI Output Example
Show Sample Output
---- Basic System Configuration Dialog ----
Would you like to enter the basic configuration dialog (yes/no): yes
Create another login account (yes/no) [n]:
Configure read-only SNMP community string (yes/no) [n]:
Enter the password for admin: Cisco123
Confirm the password for admin: Cisco123
6. Task 2 – IP Address Configuration
The underlay network provides IP connectivity between the VXLAN tunnel endpoints.
Router R1 Configuration
hostname R1
interface e0/0
ip address 10.10.10.1 255.255.255.0
duplex full
no shutdown
interface e0/1
ip address 10.20.20.1 255.255.255.0
duplex full
no shutdown
interface loopback0
ip address 1.1.1.1 255.255.255.255
NX-01 Configuration
hostname NX-01
interface loopback0
ip address 192.168.1.1/32
interface ethernet1/1
no switchport
ip address 10.10.10.11/24
no shutdown
NX-02 Configuration
hostname NX-02
interface loopback0
ip address 192.168.1.2/32
interface ethernet1/1
no switchport
ip address 10.20.20.22/24
no shutdown
Why Loopback Interfaces Are Important
Loopback interfaces provide stable endpoint addresses for VXLAN tunnels.
Physical interfaces may fail, but loopbacks remain logically up if routing exists.
Mathematical Reliability Concept
If a tunnel depends on one physical interface:
\\[ Availability = P(single\\ link) \\]
With routed redundancy:
\\[ Availability = 1 - (FailureProbability)^n \\]
This improves resiliency dramatically.
7. Task 3 – OSPF Configuration
OSPF provides reachability between VTEP loopback addresses.
Why OSPF is Required
VXLAN tunnel endpoints must communicate over the IP underlay.
Without routing, multicast and VXLAN encapsulated traffic cannot traverse the network.
R1 OSPF Configuration
router ospf 1
router-id 1.1.1.1
network 10.0.0.0 0.255.255.255 area 0
network 1.0.0.0 0.255.255.255 area 0
NX-01 OSPF Configuration
feature ospf
router ospf 1
router-id 11.11.11.11
interface loopback0
ip router ospf 1 area 0
interface ethernet1/1
ip router ospf 1 area 0
NX-02 OSPF Configuration
feature ospf
router ospf 1
router-id 22.22.22.22
interface loopback0
ip router ospf 1 area 0
interface ethernet1/1
ip router ospf 1 area 0
OSPF SPF Mathematics
OSPF uses Dijkstra's Shortest Path First algorithm.
Cost calculation:
\\[ Cost = \\frac{Reference\\ Bandwidth}{Interface\\ Bandwidth} \\]
For example:
\\[ Cost = \\frac{100000000}{10000000} = 10 \\]
Verification Command
show ip ospf neighbor
Expected Output
Neighbor ID Pri State Dead Time Address Interface
11.11.11.11 1 FULL/DR 00:00:38 10.10.10.11 Ethernet0/0
22.22.22.22 1 FULL/DR 00:00:35 10.20.20.22 Ethernet0/1
8. Task 4 – Multicast and PIM Sparse Mode
Multicast transport is used in traditional VXLAN flood-and-learn deployments.
Why Multicast is Needed
Unknown unicast, broadcast, and multicast traffic must be replicated across VXLAN tunnels.
PIM Sparse Mode Theory
PIM Sparse Mode operates using Rendezvous Points (RP).
Traffic initially flows through the RP before shortest path trees are created.
Multicast Mathematical Concept
Traditional unicast replication:
\\[ Traffic = n \\times Bandwidth \\]
Multicast replication:
\\[ Traffic = 1 \\times Bandwidth \\]
This improves efficiency dramatically.
R1 Multicast Configuration
ip multicast-routing
interface loopback0
ip pim sparse-mode
interface e0/0
ip pim sparse-mode
interface e0/1
ip pim sparse-mode
ip pim rp-address 1.1.1.1
NX-01 Multicast Configuration
feature pim
interface loopback0
ip pim sparse-mode
interface ethernet1/1
ip pim sparse-mode
ip pim rp-address 1.1.1.1
NX-02 Multicast Configuration
feature pim
interface loopback0
ip pim sparse-mode
interface ethernet1/1
ip pim sparse-mode
ip pim rp-address 1.1.1.1
9. Task 5 – VLAN to VNI Mapping
This step maps traditional VLANs into VXLAN VNIs.
Why VNI Mapping Matters
VXLAN tunnels do not transport VLAN IDs directly.
Instead, VLANs are translated into VXLAN Network Identifiers.
Configuration
feature vn-segment-vlan-based
vlan 11
vn-segment 10011
vlan 22
vn-segment 10022
VNI Design Logic
| VLAN | Mapped VNI |
|---|---|
| 11 | 10011 |
| 22 | 10022 |
Many engineers align VNI numbers with VLAN IDs for operational simplicity.
10. Task 6 – NVE Interface Configuration
The NVE interface acts as the VXLAN tunnel endpoint.
Configuration
feature nv overlay
interface nve1
source-interface loopback0
member vni 10011
mcast-group 239.1.1.11
member vni 10022
mcast-group 239.1.1.22
no shutdown
Multicast Group Assignment
| VNI | Multicast Group |
|---|---|
| 10011 | 239.1.1.11 |
| 10022 | 239.1.1.22 |
Why Different Multicast Groups?
Separate multicast groups isolate flood traffic between VXLAN segments.
11. Task 7 – Trunk Port Configuration
SW1 Configuration
interface ethernet1/2
switchport
switchport mode trunk
switchport trunk allowed vlan 11,22
no shutdown
SW2 Configuration
interface ethernet1/2
switchport
switchport mode trunk
switchport trunk allowed vlan 11,22
no shutdown
12. Task 8 – Internal Switch Configuration
SW1
vlan 11
vlan 22
interface e0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 11,22
no shutdown
ip routing
interface vlan11
ip address 10.11.11.1 255.255.255.0
no shutdown
interface vlan22
ip address 10.22.22.1 255.255.255.0
no shutdown
SW2
vlan 11
vlan 22
interface e0/0
switchport trunk encapsulation dot1q
switchport mode trunk
switchport trunk allowed vlan 11,22
no shutdown
ip routing
interface vlan11
ip address 10.11.11.2 255.255.255.0
no shutdown
interface vlan22
ip address 10.22.22.2 255.255.255.0
no shutdown
13. Task 9 – Connectivity Verification
Verify communication across the VXLAN fabric.
Ping Tests
ping 10.11.11.2
ping 10.22.22.2
Expected Output
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.11.11.2
!!!!!
Success rate is 100 percent
14. Traditional Switching vs VXLAN
| Traditional VLAN | VXLAN |
|---|---|
| 4094 VLAN limit | 16 million VNIs |
| STP dependency | Layer 3 ECMP fabric |
| Limited scalability | Cloud-scale architecture |
| Difficult multi-tenancy | Easy tenant segmentation |
| Broadcast heavy | Efficient overlay transport |
15. Old VXLAN vs Modern VXLAN EVPN
Your current lab uses traditional multicast flood-and-learn VXLAN.
Modern data centers now use:
VXLAN EVPN
Old VXLAN Characteristics
- Multicast dependency
- Flood and learn behavior
- MAC learning through data plane
- Less scalable
Modern VXLAN EVPN Characteristics
- BGP EVPN control plane
- No multicast requirement
- Control-plane MAC learning
- Better scalability
- Better convergence
- Cloud-ready architecture
Modern EVPN Example
feature bgp
feature nv overlay
nv overlay evpn
router bgp 65000
router-id 192.168.1.1
address-family l2vpn evpn
neighbor 192.168.1.2
remote-as 65000
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
Why EVPN is Better
EVPN eliminates multicast flooding and uses BGP advertisements instead.
This significantly reduces unnecessary traffic.
Traffic Reduction Mathematics
Flood-and-learn traffic:
\\[ Traffic \\propto NumberOfHosts \\]
EVPN control-plane learning:
\\[ Traffic \\propto NumberOfChanges \\]
This dramatically improves scalability.
16. Troubleshooting Commands
| Command | Purpose |
|---|---|
| show nve peers | Verify VXLAN peers |
| show nve vni | Verify VNI status |
| show ip ospf neighbor | Verify OSPF adjacency |
| show ip pim neighbor | Verify multicast neighbors |
| show mac address-table | Verify MAC learning |
| show bgp l2vpn evpn summary | Verify EVPN peers |
Example Troubleshooting Output
show nve peers
Interface Peer-IP State LearnType Uptime
nve1 192.168.1.2 Up CP 01:20:55
Important Learning Summary
- VXLAN extends Layer 2 over Layer 3
- VLANs are mapped into VNIs
- OSPF provides underlay reachability
- PIM Sparse Mode enables multicast transport
- NVE interfaces act as VXLAN tunnel endpoints
- Modern EVPN replaces multicast flood-and-learn designs
- VXLAN supports massive scalability improvements
17. Related Articles
- Understanding OSPF Configuration
- Mastering OSPF Router-ID Configuration
- Configuring Trunk Interfaces
- Reliable BGP Peering
- Optimizing OSPF Timers
- Preventing Routing Loops in OSPF
- Complete Cisco Nexus VXLAN EVPN Configuration Guide Part 2 | BGP EVPN, Anycast Gateway & Inter-VXLAN Routing
Final Thoughts
VXLAN has fundamentally transformed modern data center networking. The transition from traditional Layer 2 VLAN architectures to VXLAN EVPN fabrics represents one of the most important evolutions in enterprise and cloud networking.
This lab demonstrates the foundations of VXLAN operation including underlay routing, multicast transport, VNI mappings, and NVE configuration. Modern EVPN deployments build upon these concepts and introduce scalable control-plane learning using BGP EVPN.
Understanding these fundamentals is critical for engineers working with Cisco Nexus switches, modern data centers, private clouds, Kubernetes networking, and large-scale virtualization environments.
No comments:
Post a Comment