Multisite

Diagram

Classes

vxlan

Name	Type	Constraint	Mandatory	Default Value
multisite	Class	`[multisite]`	No

multisite (vxlan)

Name	Type	Constraint	Mandatory	Default Value
child_fabrics	List	`[child_fabrics]`	No
overlay	Class	`[overlay]`	No
anycast_gateway_mac	Any	String[Regex: `^[a-f0-9]{1}.[a-f0-9]{1}.[a-f0-9]{1}$`] or String[Regex: `^[a-f0-9]{4}.[a-f0-9]{4}.[a-f0-9]{4}$`] or String[Regex: `^[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}$`] or String[Regex: `^[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}$`]	No	`20:20:00:00:00:aa`
vtep_loopback_id	Integer	min: `0`, max: `1023`	No	`100`
bgw_ip_tag	String		No	`54321`
overlay_dci	Class	`[overlay_dci]`	No
ipv4_vtep_loopback_range	IP		No	`10.10.0.0/24`
isn	Class	`[isn]`	No

child_fabrics (vxlan.multisite)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
cluster	String		No

overlay (vxlan.multisite)

Name	Type	Constraint	Mandatory
vrfs	List	`[vrfs]`	No
networks	List	`[networks]`	No
vrf_attach_groups	List	`[vrf_attach_groups]`	No
network_attach_groups	List	`[network_attach_groups]`	No

overlay_dci (vxlan.multisite)

Name	Type	Constraint	Mandatory	Default Value
deployment_method	Choice	`Manual`, `Centralized_To_Route_Server`, `Direct_To_BGWS`	No	`Direct_To_BGWS`
ipv4_dci_subnet_range	IP		No	`10.10.1.0/24`
ipv4_dci_subnet_mask	Integer	min: `8`, max: `31`	No	`30`
route_server	Class	`[route_server]`	No
underlay_autoconfig	Boolean	`true`, `false`	No	`true`
enable_bgp_send_community	Boolean	`true`, `false`	No	`false`
enable_bgp_log_neighbor_change	Boolean	`true`, `false`	No	`false`
enable_bgp_bfd	Boolean	`true`, `false`	No	`false`
delay_restore	Integer	min: `30`, max: `1000`	No	`300`
enable_ebgp_password	Boolean	`true`, `false`	No	`false`
ebgp_password	String		No
ebgp_password_encryption_type	Choice	`3`, `7`	No
enable_trm	Boolean	`true`, `false`	No	`false`

isn (vxlan.multisite)

Name	Type	Constraint	Mandatory	Default Value
bgp_asn	String	Regex: `^(?:\d{1,10}\|\d{1,5}\.\d{1,5})$`	Yes
sub_int_range	String		No	`2-511`
enable_nxapi_http	Boolean	`true`, `false`	No
nxapi_http_port	Integer		No
enable_nxapi_https	Boolean	`true`, `false`	No
nxapi_https_port	Integer		No
bootstrap	Class	`[bootstrap]`	No

vrfs (vxlan.multisite.overlay)

Name	Type	Constraint	Mandatory
name	String		Yes
vrf_id	Integer	min: `4096`, max: `1677215`	No
vlan_id	Integer	min: `1`, max: `4094`	No
vrf_vlan_name	String		No
vrf_intf_desc	String		No
vrf_description	String		No
vrf_int_mtu	Integer	min: `1500`, max: `9216`	No
loopback_route_tag	Integer	min: `0`, max: `4294967295`	No
max_bgp_paths	Integer	min: `1`, max: `128`	No
max_ibgp_paths	Integer	min: `1`, max: `128`	No
ipv6_linklocal_enable	Boolean	`true`, `false`	No
adv_host_routes	Boolean	`true`, `false`	No
adv_default_routes	Boolean	`true`, `false`	No
static_default_route	Boolean	`true`, `false`	No
bgp_password	String		No
bgp_password_encryption_type	Choice	`3`, `7`	No
disable_rt_auto	Boolean	`true`, `false`	No
export_evpn_rt	String		No
export_mvpn_rt	String		No
export_vpn_rt	String		No
import_evpn_rt	String		No
import_mvpn_rt	String		No
import_vpn_rt	String		No
netflow_enable	Boolean	`true`, `false`	No
netflow_monitor	String		No
no_rp	Boolean	`true`, `false`	No
overlay_multicast_group	String		No
redist_direct_routemap	String		No
rp_address	IP		No
rp_external	Boolean	`true`, `false`	No
rp_loopback_id	Integer	min: `0`, max: `1023`	No
trm_enable	Boolean	`true`, `false`	No
trm_bgw_msite	Boolean	`true`, `false`	No
underlay_mcast_ip	IP		No
vrf_attach_group	String		No

networks (vxlan.multisite.overlay)

Name	Type	Constraint	Mandatory
name	String		Yes
is_l2_only	Boolean	`true`, `false`	No
vrf_name	String		No
net_id	Integer	min: `4096`, max: `1677215`	No
vlan_id	Integer	min: `1`, max: `4094`	No
vlan_name	String		No
gw_ip_address	IP		No
arp_suppress	Boolean	`true`, `false`	No
dhcp_loopback_id	Integer	min: `0`, max: `1023`	No
dhcp_servers	List	`[dhcp_servers]`	No
gw_ipv6_address	String		No
int_desc	String		No
l3gw_on_border	Boolean	`true`, `false`	No
mtu_l3intf	Integer		No
multicast_group_address	IP		No
netflow_enable	Boolean	`true`, `false`	No
route_target_both	Boolean	`true`, `false`	No
route_tag	Integer	min: `0`, max: `4294967295`	No
secondary_ip_addresses	List	`[secondary_ip_addresses]`	No
trm_enable	Boolean	`true`, `false`	No
vlan_netflow_monitor	String		No
network_attach_group	String		No

vrf_attach_groups (vxlan.multisite.overlay)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
switches	List	`[switches]`	No

network_attach_groups (vxlan.multisite.overlay)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
switches	List	`[switches]`	No

route_server (vxlan.multisite.overlay_dci)

Name	Type	Constraint	Mandatory	Default Value
peers	List	`[peers]`	No
redistribute_direct	Boolean	`true`, `false`	No	`false`
ip_tag	Integer	min: `0`, max: `4294967295`	No	`54321`

bootstrap (vxlan.multisite.isn)

Name	Type	Constraint	Mandatory
enable_bootstrap	Boolean	`true`, `false`	No
enable_local_dhcp_server	Boolean	`true`, `false`	No
dhcp_version	Choice	`DHCPv4`, `DHCPv6`	No
dhcp_v4	Class	`[dhcp_v4]`	No
dhcp_v6	Class	`[dhcp_v6]`	No
enable_cdp_mgmt	Boolean	`true`, `false`	No

dhcp_servers (vxlan.multisite.overlay.networks)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

secondary_ip_addresses (vxlan.multisite.overlay.networks)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
route_tag	Integer	min: `0`, max: `4294967295`	No

switches (vxlan.multisite.overlay.vrf_attach_groups)

Name	Type	Constraint	Mandatory
hostname	String		Yes
loopback_id	Integer	min: `0`, max: `1023`	No
loopback_ipv4	IP		No
loopback_ipv6	IP		No

switches (vxlan.multisite.overlay.network_attach_groups)

Name	Type	Constraint	Mandatory
hostname	String		Yes
ports	List	String[Regex: `^(?:e\|eth(?:ernet)?)\d(?:\/\d+){1,2}$`]	No
tors	List	`[tors]`	No

peers (vxlan.multisite.overlay_dci.route_server)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
bgp_asn	String	Regex: `^(?:\d{1,10}\|\d{1,5}\.\d{1,5})$`	Yes

dhcp_v4 (vxlan.multisite.isn.bootstrap)

Name	Type	Constraint	Mandatory
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: `8`, max: `30`	Yes
multi_subnet_scope	String		No
domain_name	String		No

dhcp_v6 (vxlan.multisite.isn.bootstrap)

Name	Type	Constraint	Mandatory
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: `64`, max: `126`	Yes
multi_subnet_scope	String		No
domain_name	String		No

tors (vxlan.multisite.overlay.network_attach_groups.switches)

Name	Type	Constraint	Mandatory	Default Value
hostname	String		Yes
ports	List	String[Regex: `^(?:e\|eth(?:ernet)?)\d(?:\/\d+){1,2}$`]	No

Workflow

To manage an MSD Fabric, you need to follow this process:

Step 1 - Create your child fabrics. In this example, we have four (4) childs fabrics:

nac-ndfc1
nac-ndfc2
nac-ndfc3
nac-isn

Each fabric has their own data source under host_vars.

host_vars directories
❯ tree -L1  host_vars
host_vars
├── nac-isn
├── nac-msd
├── nac-ndfc1
├── nac-ndfc2
└── nac-ndfc3

inventory.yaml
❯ cat inventory.yaml
---
all:
  children:
    ndfc:
      hosts:
        nac-isn:
          ansible_host: 10.x.x.x
        nac-msd:
          ansible_host: 10.x.x.x
        nac-ndfc1:
          ansible_host: 10.x.x.x
        nac-ndfc2:
          ansible_host: 10.x.x.x
        nac-ndfc3:
          ansible_host: 10.x.x.x

tip

If your fabric uses a different controller, you can provide a different IP address. Each folder will contain their own YAML data files to describe each respective fabric.

Step 2 - Create the MSD fabric, which includes child fabrics.

MSD Example

Figure: MultiSite topology overview

In this example, we have a fabric named MSD. In this MSD fabric, all fabrics use the same anycast gateway mac: DE:AD:BE:EF:FE:ED. The loopback ID used for the Anycast IP configured on each Border Gateway is: 100 and the subnet used to allocate an IP is: 10.10.0.0/24.

This configuration uses external ISN devices as the Route Server. In this configuration there are four (4) IP addresses:

100.64.0.1
100.64.0.2
100.64.0.3
100.64.0.4

Each IP will be associated to an Autonomous System (ASN), which can be different for each Route Server. In this example, all Route Servers will use the ASN 65000.100. When underlay_autoconfig is true, you need to provide a subnet for the DCI point-to-point (p2p) connection(s). Here we used the subnet 10.10.1.0/24. Each p2p will used CIDR /30.

warning

The value in bgp_asn should between double quotes. Example:

global:
    bgp_asn: "6512"

global:
  bgp_asn: "65000.1"

global.nac.yaml
---
vxlan:
  fabric:
    name: MSD
    type: MSD
  multisite:
    child_fabrics:
      - name: nac-ndfc1
      - name: nac-ndfc2
      - name: nac-ndfc3
      - name: nac-isn
    anycast_gateway_mac: de:ad:be:ef:fe:ed
    bgw_ip_tag: "54321"  # Use quotes
    vtep_loopback_id: 100
    ipv4_vtep_loopback_range: 10.10.0.0/24
    overlay_dci:
      underlay_autoconfig: true
      deployment_method: 'Centralized_To_Route_Server'
      ipv4_dci_subnet_range: 10.10.1.0/24
      ipv4_dci_subnet_mask: 30
      route_server:
        peers:
          - ip_address: 100.64.0.1
            bgp_asn: "65000.100"  # Use quotes
          - ip_address: 100.64.0.2
            bgp_asn: "65000.100"  # Use quotes
          - ip_address: 100.64.0.3
            bgp_asn: "65000.100"  # Use quotes
          - ip_address: 100.64.0.4
            bgp_asn: "65000.100"  # Use quotes
        redistribute_direct: false
        ip_tag: 54321
      enable_bgp_bfd: false
      enable_bgp_log_neighbor_change: true
      enable_bgp_send_community: true
      enable_ebgp_password: false
      enable_trm: false
      delay_restore: 300

ISN Example

This fabric named nac-isn, uses a fabric type: ISN. Here, we must configure an ASN. In addition we can add a range of vlan for sub-interface.

global.nac.yaml
---
vxlan:
  fabric:
    name: nac-isn
    type: ISN
  multisite:
   isn:
    bgp_asn: "65000.100"    # Use quotes
    sub_int_range: 2-511

note

With MSD, VRFs and Networks should be configured under the multisite section of the data model. In MSD, we have a new key: multisite for the overlay.

Examples:

vrfs.nac.yaml
vxlan:
  multisite:
    overlay:
      vrfs:
        # simple example
        - vrf_name: NetAsCodeVrf1
          vrf_id: 150001
          vlan_id: 2001
          attach_group: NetAsCodeVrf1_AttachGroup
      vrf_attach_groups:
        - name: NetAsCodeVrf1_AttachGroup
          switches:
            - hostname: dc1-leaf1
            - hostname: dc1-leaf2

networks.nac.yaml
vxlan:
  multisite:
    overlay:
      networks:
          # simple example
        - name: NetworkDMZ
          is_l2_only: true
          net_id: 33100
          vlan_id: 3100
          attach_group: dmz
      network_attach_groups:
        - name: dmz
          switches:
            - hostname: dc1-leaf1
              ports:
                - e1/23
                - e1/24
            - hostname: dc1-leaf2
              ports:
                - e1/23
                - e1/24

Diagram​

Classes​

vxlan​

multisite (vxlan)​

child_fabrics (vxlan.multisite)​

overlay (vxlan.multisite)​

overlay_dci (vxlan.multisite)​

isn (vxlan.multisite)​

vrfs (vxlan.multisite.overlay)​

networks (vxlan.multisite.overlay)​

vrf_attach_groups (vxlan.multisite.overlay)​

network_attach_groups (vxlan.multisite.overlay)​

route_server (vxlan.multisite.overlay_dci)​

bootstrap (vxlan.multisite.isn)​

dhcp_servers (vxlan.multisite.overlay.networks)​

secondary_ip_addresses (vxlan.multisite.overlay.networks)​

switches (vxlan.multisite.overlay.vrf_attach_groups)​

switches (vxlan.multisite.overlay.network_attach_groups)​

peers (vxlan.multisite.overlay_dci.route_server)​

dhcp_v4 (vxlan.multisite.isn.bootstrap)​

dhcp_v6 (vxlan.multisite.isn.bootstrap)​

tors (vxlan.multisite.overlay.network_attach_groups.switches)​

Workflow​

MSD Example​

ISN Example​