From 7bf57a73bb1de78c43bac1dadba3b71c1709d34d Mon Sep 17 00:00:00 2001 From: Andrea Florio Date: Tue, 7 Dec 2021 11:27:33 +0100 Subject: [PATCH 1/3] simplify nx-os simplify nx-os configuration. enabled advertise-pip always. it is mandatory for fabric vpc peering but even without it is best practice to enable it as it effects EVPN type 5 --- roles/cfg-evpn/tasks/nxos.yml | 11 +++-------- 1 file changed, 3 insertions(+), 8 deletions(-) diff --git a/roles/cfg-evpn/tasks/nxos.yml b/roles/cfg-evpn/tasks/nxos.yml index 8f07e8d..4ad009d 100644 --- a/roles/cfg-evpn/tasks/nxos.yml +++ b/roles/cfg-evpn/tasks/nxos.yml @@ -5,11 +5,8 @@ config: | router bgp {{ ibgp_asn }} log-neighbor-changes - ! - ! The next two lines needed only for vPC Fabric peering - ! address-family l2vpn evpn - ! advertise-pip - ! + address-family l2vpn evpn + advertise-pip template peer VXLAN_SPINE remote-as {{ ibgp_asn }} update-source loopback0 @@ -50,10 +47,8 @@ connection: network_cli cli_config: config: | - ip prefix-list ATTACHED_SVIS seq 10 permit 172.16.0.0/16 ge 24 - ! route-map ADV_SVIS permit 10 - match ip address prefix-list ATTACHED_SVIS + match tag 12345 - name: Advertise L3 GW address (NXOS) connection: network_cli From 273cdca5225e121e8012ac5007f57f996bf23d63 Mon Sep 17 00:00:00 2001 From: Andrea Florio Date: Tue, 7 Dec 2021 11:34:17 +0100 Subject: [PATCH 2/3] simplify nx-os configuration move suppress-arp from a per vni to global move ingress replication from a per vni to global, if IR is to be used move "no shut" as the last step to make sure that anycast-gateway mac address is properly applied on an SVI add "tag 12345" to the ip address of an svi to allow redistribution in BGP using the simplified route-map applied in the evpn task --- roles/cfg-vxlan/tasks/nxos.yml | 17 +++++------------ 1 file changed, 5 insertions(+), 12 deletions(-) diff --git a/roles/cfg-vxlan/tasks/nxos.yml b/roles/cfg-vxlan/tasks/nxos.yml index 546af10..2b8f777 100644 --- a/roles/cfg-vxlan/tasks/nxos.yml +++ b/roles/cfg-vxlan/tasks/nxos.yml @@ -7,6 +7,7 @@ no shutdown advertise virtual-rmac host-reachability protocol bgp + global suppress-arp source-interface {{ vtep_iface }} when: inventory_hostname not in groups['spine'] tags: vxlan @@ -18,13 +19,6 @@ fabric forwarding anycast-gateway-mac {{ nxos_fabric_anycast_gw_mac }} when: inventory_hostname not in groups['spine'] -- name: Reconfigure access-list for arp suppression (NXOS) - connection: network_cli - cli_config: - config: | - hardware access-list tcam region vpc-convergence 0 - hardware access-list tcam region arp-ether 256 - - name: Configure VNIs with mcast (NXOS) connection: network_cli cli_config: @@ -35,7 +29,6 @@ interface nve1 ! member vni {{ l2_networks[item.vlanid].vnid }} - suppress-arp mcast-group {{ item.mcast_grp }} with_items: "{{ l2_ports[ansible_network_os] }}" @@ -49,10 +42,9 @@ vn-segment {{ l2_networks[item.vlanid].vnid }} interface nve1 + global ingress-replication protocol bvp ! member vni {{ l2_networks[item.vlanid].vnid }} - suppress-arp - ingress-replication protocol bgp with_items: "{{ l2_ports[ansible_network_os] }}" when: l2_ports is defined and replication != 'mcast' @@ -86,9 +78,10 @@ config: | int Vlan{{ item.vlanid }} vrf member {{ l2_networks[item.vlanid].vrf }} - no shut - ip address {{ l2_networks[item.vlanid].ip_address }} + ip address {{ l2_networks[item.vlanid].ip_address }} tag 12345 + ! mtu 9000 should not be a must. mtu 9000 fabric forwarding mode anycast-gateway + no shut with_items: "{{ l2_ports[ansible_network_os] }}" when: l2_ports is defined From 26323e8de6337f1600409ce5790a946df14b4931 Mon Sep 17 00:00:00 2001 From: Andrea Florio Date: Tue, 7 Dec 2021 11:47:53 +0100 Subject: [PATCH 3/3] ensure that the SVI gets redistributed into BGP ensure that the SVI gets redistributed into BGP as type 5 --- roles/cfg-server-ports/tasks/nxos.yml | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/roles/cfg-server-ports/tasks/nxos.yml b/roles/cfg-server-ports/tasks/nxos.yml index c03e7b9..93e90da 100644 --- a/roles/cfg-server-ports/tasks/nxos.yml +++ b/roles/cfg-server-ports/tasks/nxos.yml @@ -16,7 +16,7 @@ interface {{ l2_networks[item.vlanid].vlanif }} no shutdown mtu 9000 - ip address {{ l2_networks[item.vlanid].ip_address }} + ip address {{ l2_networks[item.vlanid].ip_address }} tag 12345 with_items: "{{ l2_ports[ansible_network_os] }}"