Global
Diagram
Section titled “Diagram”
Classes
Section titled “Classes”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| global | Class | [global] | No |
global (vxlan)
Section titled “global (vxlan)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ebgp | Class | [ebgp] | No | |
| ibgp | Class | [ibgp] | No | |
| external | Class | [external] | No |
ebgp (vxlan.global)
Section titled “ebgp (vxlan.global)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| spine_bgp_asn | String | Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$ | Yes | |
| super_spine_bgp_asn | String | Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$ | No | |
| bgp_asn_mode | Choice | Multi-AS, Same-Tier-AS | No | Multi-AS |
| leaf_bgp_asn | String | Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$ | No | |
| border_bgp_asn | String | Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$ | No | |
| leaf_same_bgp_asn | Boolean | true, false | No | false |
| anycast_gateway_mac | Any | String[Regex: ^[a-f0-9]{1}\.[a-f0-9]{1}\.[a-f0-9]{1}$] or String[Regex: ^[a-f0-9]{4}\.[a-f0-9]{4}\.[a-f0-9]{4}$] or String[Regex: ^[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}$] or String[Regex: ^[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}$] | No | 20:20:00:00:00:aa |
| overlay_mode | Choice | cli, config-profile | No | cli |
| layer2_vni_range | Class | [layer2_vni_range] | No | |
| layer3_vni_range | Class | [layer3_vni_range] | No | |
| layer2_vlan_range | Class | [layer2_vlan_range] | No | |
| layer3_vlan_range | Class | [layer3_vlan_range] | No | |
| enable_mvpn_vri_id_range | Boolean | true, false | No | true |
| enable_l3_vni_no_vlan | Boolean | true, false | No | false |
| multisite_site_id | Integer | min: 1, max: 281474976710655 | No | |
| vpc | Class | [vpc] | No | |
| ptp | Class | [ptp] | No | |
| snmp_server_host_trap | Boolean | true, false | No | true |
| enable_nxapi_http | Boolean | true, false | No | false |
| nxapi_http_port | Integer | No | 80 | |
| enable_nxapi_https | Boolean | true, false | No | true |
| nxapi_https_port | Integer | No | 443 | |
| auth_proto | Choice | MD5, SHA, MD5_DES, MD5_AES, SHA_DES, SHA_AES | No | MD5 |
| dns_servers | List | [dns_servers] | No | |
| ntp_servers | List | [ntp_servers] | No | |
| syslog_servers | List | [syslog_servers] | No | |
| netflow | Class | [netflow] | No | |
| bootstrap | Class | [bootstrap] | No |
ibgp (vxlan.global)
Section titled “ibgp (vxlan.global)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| bgp_asn | String | Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$ | Yes | |
| route_reflectors | Choice | 2, 4 | No | 2 |
| anycast_gateway_mac | Any | String[Regex: ^[a-f0-9]{1}\.[a-f0-9]{1}\.[a-f0-9]{1}$] or String[Regex: ^[a-f0-9]{4}\.[a-f0-9]{4}\.[a-f0-9]{4}$] or String[Regex: ^[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}$] or String[Regex: ^[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}$] | No | 20:20:00:00:00:aa |
| overlay_mode | Choice | cli, config-profile | No | cli |
| layer2_vni_range | Class | [layer2_vni_range] | No | |
| layer3_vni_range | Class | [layer3_vni_range] | No | |
| layer2_vlan_range | Class | [layer2_vlan_range] | No | |
| layer3_vlan_range | Class | [layer3_vlan_range] | No | |
| enable_mvpn_vri_id_range | Boolean | true, false | No | true |
| enable_l3_vni_no_vlan | Boolean | true, false | No | false |
| multisite_site_id | Integer | min: 1, max: 281474976710655 | No | |
| vpc | Class | [vpc] | No | |
| ptp | Class | [ptp] | No | |
| snmp_server_host_trap | Boolean | true, false | No | true |
| enable_nxapi_http | Boolean | true, false | No | false |
| nxapi_http_port | Integer | No | 80 | |
| enable_nxapi_https | Boolean | true, false | No | true |
| nxapi_https_port | Integer | No | 443 | |
| spanning_tree | Class | [spanning_tree] | No | |
| auth_proto | Choice | MD5, SHA, MD5_DES, MD5_AES, SHA_DES, SHA_AES | No | MD5 |
| dns_servers | List | [dns_servers] | No | |
| ntp_servers | List | [ntp_servers] | No | |
| syslog_servers | List | [syslog_servers] | No | |
| netflow | Class | [netflow] | No | |
| bootstrap | Class | [bootstrap] | No | |
| tcam_allocation | Boolean | true, false | No | true |
external (vxlan.global)
Section titled “external (vxlan.global)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| bgp_asn | String | Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$ | Yes | |
| enable_nxapi_http | Boolean | true, false | No | false |
| nxapi_http_port | Integer | No | 80 | |
| enable_nxapi_https | Boolean | true, false | No | true |
| nxapi_https_port | Integer | No | 443 | |
| auth_proto | Choice | MD5, SHA, MD5_DES, MD5_AES, SHA_DES, SHA_AES | No | MD5 |
| ptp | Class | [ptp] | No | |
| snmp_server_host_trap | Boolean | true, false | No | true |
| netflow | Class | [netflow] | No | |
| bootstrap | Class | [bootstrap] | No |
layer2_vni_range (vxlan.global.ebgp)
Section titled “layer2_vni_range (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| from | Integer | min: 1, max: 16777214 | Yes | 30000 |
| to | Integer | min: 1, max: 16777214 | No | 49000 |
layer2_vlan_range (vxlan.global.ebgp)
Section titled “layer2_vlan_range (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| from | Integer | min: 2, max: 4094 | Yes | 2300 |
| to | Integer | min: 2, max: 4094 | No | 2999 |
vpc (vxlan.global.ebgp)
Section titled “vpc (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| peer_link_vlan | Integer | min: 2, max: 3967 | No | 3600 |
| peer_keep_alive | Choice | loopback, management | No | management |
| auto_recovery_time | Integer | min: 240, max: 3600 | No | 360 |
| delay_restore_time | Integer | min: 1, max: 3600 | No | 150 |
| peer_link_port_channel_id | Integer | min: 1, max: 4096 | No | 500 |
| ipv6_nd_sync | Boolean | true, false | No | true |
| advertise_pip | Boolean | true, false | No | false |
| advertise_pip_border_only | Boolean | true, false | No | true |
| advertise_pip_border_gateway | Boolean | true, false | No | false |
| domain_id_range | String | No | 1-1000 | |
| fabric_vpc_qos | Boolean | true, false | No | false |
| fabric_vpc_qos_policy_name | String | No | spine_qos_for_fabric_vpc_peering |
ptp (vxlan.global.ebgp)
Section titled “ptp (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enable | Boolean | true, false | No | false |
| domain_id | Integer | min: 0, max: 127 | No | 0 |
| lb_id | Integer | min: 0, max: 1023 | No | 0 |
| vlan_id | Integer | min: 2, max: 3967 | No |
dns_servers (vxlan.global.ebgp)
Section titled “dns_servers (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip_address | IP | Yes | ||
| vrf | String | Yes |
ntp_servers (vxlan.global.ebgp)
Section titled “ntp_servers (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip_address | IP | Yes | ||
| vrf | String | Yes |
syslog_servers (vxlan.global.ebgp)
Section titled “syslog_servers (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| ip_address | IP | Yes | ||
| vrf | String | Yes | ||
| severity | Integer | min: 0, max: 7 | Yes |
netflow (vxlan.global.ebgp)
Section titled “netflow (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enable | Boolean | true, false | No | false |
| exporter | List | [exporter] | No | |
| record | List | [record] | No | |
| monitor | List | [monitor] | No |
bootstrap (vxlan.global.ebgp)
Section titled “bootstrap (vxlan.global.ebgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| enable_bootstrap | Boolean | true, false | No | false |
| enable_local_dhcp_server | Boolean | true, false | No | false |
| dhcp_version | Choice | DHCPv4, DHCPv6 | No | |
| dhcp_v4 | Class | [dhcp_v4] | No | |
| dhcp_v6 | Class | [dhcp_v6] | No | |
| enable_cdp_mgmt | Boolean | true, false | No | false |
spanning_tree (vxlan.global.ibgp)
Section titled “spanning_tree (vxlan.global.ibgp)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| root_bridge_protocol | Choice | rpvst+, mst, unmanaged | Yes | unmanaged |
| vlan_range | List | [vlan_range] | No | |
| mst_instance_range | List | [mst_instance_range] | No | |
| bridge_priority | Choice | 0, 4096, 8192, 12288, 16384, 20480, 24576, 28672, 32768, 36864, 40960, 45056, 49152, 53248, 57344, 61440 | No | 0 |
exporter (vxlan.global.ebgp.netflow)
Section titled “exporter (vxlan.global.ebgp.netflow)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| ip_address | IP | Yes | ||
| vrf | String | No | ||
| source_interface | String | Regex: (?i)^(?:e|eth(?:ernet)?)\d(?:\/\d+){1,2}(\.\d{1,4})?$ | Yes | |
| udp_port | Integer | min: 1, max: 65535 | Yes |
record (vxlan.global.ebgp.netflow)
Section titled “record (vxlan.global.ebgp.netflow)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| template | Choice | netflow_ipv4_record, netflow_l2_record | Yes | |
| layer2 | Boolean | true, false | No |
monitor (vxlan.global.ebgp.netflow)
Section titled “monitor (vxlan.global.ebgp.netflow)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| name | String | Yes | ||
| record | String | Yes | ||
| exporter1 | String | Yes | ||
| exporter2 | String | No |
dhcp_v4 (vxlan.global.ebgp.bootstrap)
Section titled “dhcp_v4 (vxlan.global.ebgp.bootstrap)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| scope_start_address | IP | Yes | ||
| scope_end_address | IP | Yes | ||
| switch_mgmt_default_gw | IP | Yes | ||
| mgmt_prefix | Integer | min: 8, max: 30 | Yes | |
| multi_subnet_scope | String | No | ||
| domain_name | String | No |
dhcp_v6 (vxlan.global.ebgp.bootstrap)
Section titled “dhcp_v6 (vxlan.global.ebgp.bootstrap)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| scope_start_address | IP | Yes | ||
| scope_end_address | IP | Yes | ||
| switch_mgmt_default_gw | IP | Yes | ||
| mgmt_prefix | Integer | min: 64, max: 126 | Yes | |
| multi_subnet_scope | String | No | ||
| domain_name | String | No |
vlan_range (vxlan.global.ibgp.spanning_tree)
Section titled “vlan_range (vxlan.global.ibgp.spanning_tree)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| from | Integer | min: 1, max: 3967 | Yes | |
| to | Integer | min: 1, max: 3967 | No |
mst_instance_range (vxlan.global.ibgp.spanning_tree)
Section titled “mst_instance_range (vxlan.global.ibgp.spanning_tree)”| Name | Type | Constraint | Mandatory | Default Value |
|---|---|---|---|---|
| from | Integer | min: 0, max: 4094 | Yes | |
| to | Integer | min: 0, max: 4094 | No |
Examples
Section titled “Examples”In this example we will create a EVPN Fabric name myfabric with the AS Number: 6512
The value in bgp_asn should between double quotes. Example:
global: ibgp: bgp_asn: "6512"global: ibgp: bgp_asn: "65000.1"vxlan: fabric: name: myfabric type: VXLAN_EVPN global: ibgp: bgp_asn: "6512" # Use quotes route_reflectors: 2 anycast_gateway_mac: 20:20:00:00:00:aa dns_servers: - ip_address: 172.25.74.200 vrf: service - ip_address: 172.25.74.201 vrf: service ntp_servers: - ip_address: 10.195.225.200 vrf: service syslog_servers: - ip_address: 172.16.255.251 vrf: management severity: 3 - ip_address: 172.16.255.252 vrf: management severity: 3 vpc: peer_link_vlan: 3600 peer_keep_alive: management auto_recovery_time: 240 delay_restore_time: 150 peer_link_port_channel_id: 500 advertise_pip: false advertise_pip_border_only: true domain_id_range: 1-100To display BGP session in asdot format, you can add the following CLI with a policy.
netascode-bgw(config)# as-format asdotnetascode-bgw# sh bgp l2vpn evpn summary | begin NeighborNeighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd10.0.0.1 4 65000.1 24569 24529 224 0 0 2w3d 1010.0.0.3 4 65000.1 24531 24532 224 0 0 2w3d 110.0.0.4 4 65000.1 24554 24531 224 0 0 2w3d 1010.0.0.5 4 65000.1 24599 24537 224 0 0 2w3d 1100.64.0.1 4 65000.100 6868 6873 224 0 0 12:19:50 1100.64.0.2 4 65000.100 6871 6873 224 0 0 12:19:54 1100.64.0.3 4 65000.100 1697 1700 224 0 0 12:20:07 1100.64.0.4 4 65000.100 1697 1700 224 0 0 12:19:22 1
Neighbor T AS PfxRcd Type-2 Type-3 Type-4 Type-5 Type-1210.0.0.1 I 65000.1 10 6 0 0 4 010.0.0.3 I 65000.1 1697 1699 224 0 0 12:18:34 1---vxlan: policy: policies: - name: asdot template_name: switch_freeform template_vars: CONF: |- as-format asdot groups: - name: commonPolicies priority: 500 policies: - name: asdot switches: - name: netascode-bgw groups: - commonPoliciesFor detailed information about eBGP fabric creation and deployment, refer to the Cisco NDFC BGP Fabric Documentation.
Basic eBGP Fabric Configuration
Section titled “Basic eBGP Fabric Configuration”vxlan: fabric: name: ebgp-fabric type: eBGP_VXLAN global: ebgp: spine_bgp_asn: "65000.3" super_spine_bgp_asn: "65000.1" bgp_asn_mode: Multi-AS leaf_same_bgp_asn: true anycast_gateway_mac: 20:20:00:00:00:aa layer2_vni_range: from: 30000 to: 49000 layer3_vni_range: from: 50000 to: 59000 layer2_vlan_range: from: 2300 to: 2999 layer3_vlan_range: from: 2000 to: 2299 vpc: peer_link_vlan: 3600 peer_keep_alive: management auto_recovery_time: 360 delay_restore_time: 150 peer_link_port_channel_id: 500 ipv6_nd_sync: false advertise_pip: true advertise_pip_border_only: false domain_id_range: 1-100 advertise_pip_border_gateway: true snmp_server_host_trap: true auth_proto: MD5 dns_servers: - ip_address: 10.200.253.13 vrf: management ntp_servers: - ip_address: 10.200.253.13 vrf: management syslog_servers: - ip_address: 10.200.253.19 vrf: management severity: 4Required Policies
Section titled “Required Policies”eBGP underlay deployment requires specific policies to be configured for proper underlay and overlay operation.
1. Leaf BGP AS Policies
Section titled “1. Leaf BGP AS Policies”Each leaf switch must have a leaf_bgp_asn policy to specify its BGP AS number:
---vxlan: policy: policies: - name: bgp_as_policy_leaf template_name: leaf_bgp_asn template_vars: BGP_AS: "65000.4" - name: bgp_as_policy_BL template_name: leaf_bgp_asn template_vars: BGP_AS: "65000.5" - name: bgp_as_policy_BGW template_name: leaf_bgp_asn template_vars: BGP_AS: "65000.22"2. Spine Switch Overlay Policies
Section titled “2. Spine Switch Overlay Policies”For spine switches, use the custom ebgp_overlay_spine_all_neighbor_custom policy:
NDFC overrides description fields during deployment for the standard ebgp_overlay_spine_all_neighbor as these overlay policies are part of core system overlay policies, which interferes with VXLAN as Code tracking using the policy description. Therefore, a custom version with a different template name is required.
Important: You must manually duplicate the following templates in NDFC:
ebgp_overlay_spine_all_neighbor→ebgp_overlay_spine_all_neighbor_customebgp_overlay_leaf_all_neighbor→ebgp_overlay_leaf_all_neighbor_custom
This step is required before using these templates. For template management instructions, refer to the Cisco NDFC Templates Documentation.
The LEAF_IP_LIST has the loopback0 addresses of leaf switches, and LEAF_ASNS has their ASN numbers. For instance, the leaf with loopback0 IP 10.12.0.249 has the ASN number “65000.22.”
policies: - name: ebgp_overlay_spine_all_neighbor_custom template_name: ebgp_overlay_spine_all_neighbor_custom template_vars: LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253" INTF_NAME: "Loopback0" LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"3. Leaf Switch Overlay Policies
Section titled “3. Leaf Switch Overlay Policies”For leaf switches, use the custom ebgp_overlay_leaf_all_neighbor_custom policy:
policies: - name: ebgp_overlay_leaf_all_neighbor_custom template_name: ebgp_overlay_leaf_all_neighbor_custom template_vars: SPINE_IP_LIST: "10.12.0.229,10.12.0.239" INTF_NAME: "Loopback0"Complete Policy Example
Section titled “Complete Policy Example”Here’s a complete example showing all required policies with proper priority settings:
---vxlan: policy: policies: # Leaf BGP AS Policies - name: bgp_as_policy_leaf template_name: leaf_bgp_asn template_vars: BGP_AS: "65000.4" - name: bgp_as_policy_BL template_name: leaf_bgp_asn template_vars: BGP_AS: "65000.5" - name: bgp_as_policy_BGW template_name: leaf_bgp_asn template_vars: BGP_AS: "65000.22"
# Spine Overlay Policy - name: ebgp_overlay_spine_all_neighbor_custom template_name: ebgp_overlay_spine_all_neighbor_custom template_vars: LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253" INTF_NAME: "Loopback0" LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"
# Leaf Overlay Policy - name: ebgp_overlay_leaf_all_neighbor_custom template_name: ebgp_overlay_leaf_all_neighbor_custom template_vars: SPINE_IP_LIST: "10.12.0.229,10.12.0.239" INTF_NAME: "Loopback0"
groups: - name: leaf_group policies: - name: bgp_as_policy_leaf - name: ebgp_overlay_leaf_all_neighbor_custom - name: leaf_border_group policies: - name: bgp_as_policy_BGW - name: ebgp_overlay_leaf_all_neighbor_custom - name: leaf_border_leaf policies: - name: bgp_as_policy_BL - name: ebgp_overlay_leaf_all_neighbor_custom - name: spine_group policies: - name: ebgp_overlay_spine_all_neighbor_custom
switches: - name: S1-S1 groups: - spine_group - name: S1-S2 groups: - spine_group - name: S1-L1 groups: - leaf_group - name: S1-L2 groups: - leaf_group - name: S1-BL1 groups: - leaf_border_leaf - name: S1-BL2 groups: - leaf_border_leaf - name: S1-BGW1 groups: - leaf_border_group