VXLAN EVPN eBGP

Diagram

Classes

global (vxlan)

Name	Type	Constraint	Mandatory	Default Value
ebgp	Class	[ebgp]	No

ebgp (vxlan.global)

Name	Type	Constraint	Mandatory	Default Value
spine_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	Yes
super_spine_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
bgp_asn_mode	Choice	Multi-AS, Same-Tier-AS	No	Multi-AS
leaf_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
border_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
leaf_same_bgp_asn	Boolean	true, false	No	false
anycast_gateway_mac	Any	String[Regex: ^[a-f0-9]{1}\.[a-f0-9]{1}\.[a-f0-9]{1}$] or String[Regex: ^[a-f0-9]{4}\.[a-f0-9]{4}\.[a-f0-9]{4}$] or String[Regex: ^[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}$] or String[Regex: ^[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}$]	No	20:20:00:00:00:aa
overlay_mode	Choice	cli, config-profile	No	cli
layer2_vni_range	Class	[layer2_vni_range]	No
layer3_vni_range	Class	[layer3_vni_range]	No
layer2_vlan_range	Class	[layer2_vlan_range]	No
layer3_vlan_range	Class	[layer3_vlan_range]	No
enable_l3_vni_no_vlan	Boolean	true, false	No	false
multisite_site_id	Integer	min: 1, max: 281474976710655	No
vpc	Class	[vpc]	No
ptp	Class	[ptp]	No
snmp_server_host_trap	Boolean	true, false	No	true
enable_nxapi_http	Boolean	true, false	No	false
nxapi_http_port	Integer		No	80
enable_nxapi_https	Boolean	true, false	No	true
nxapi_https_port	Integer		No	443
auth_proto	Choice	MD5, SHA, MD5_DES, MD5_AES, SHA_DES, SHA_AES	No	MD5
dns_servers	List	[dns_servers]	No
ntp_servers	List	[ntp_servers]	No
syslog_servers	List	[syslog_servers]	No
netflow	Class	[netflow]	No
bootstrap	Class	[bootstrap]	No
aaa_freeform	String		No
banner_freeform	String		No
leaf_pre_interface_freeform	String		No
leaf_post_interface_freeform	String		No
spine_pre_interface_freeform	String		No
spine_post_interface_freeform	String		No
tor_pre_interface_freeform	String		No
tor_post_interface_freeform	String		No
intra_fabric_link_freeform	String		No

layer2_vni_range (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 1, max: 16777214	Yes	30000
to	Integer	min: 1, max: 16777214	No	49000

layer2_vlan_range (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 2, max: 4094	Yes	2300
to	Integer	min: 2, max: 4094	No	2999

vpc (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
peer_link_vlan	Integer	min: 2, max: 3967	No	3600
peer_keep_alive	Choice	loopback, management	No	management
auto_recovery_time	Integer	min: 240, max: 3600	No	360
delay_restore_time	Integer	min: 1, max: 3600	No	150
peer_link_port_channel_id	Integer	min: 1, max: 4096	No	500
ipv6_nd_sync	Boolean	true, false	No	true
advertise_pip	Boolean	true, false	No	false
advertise_pip_border_only	Boolean	true, false	No	true
advertise_pip_border_gateway	Boolean	true, false	No	false
domain_id_range	String		No	1-1000
fabric_vpc_qos	Boolean	true, false	No	false
fabric_vpc_qos_policy_name	String		No	spine_qos_for_fabric_vpc_peering

ptp (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable	Boolean	true, false	No	false
domain_id	Integer	min: 0, max: 127	No	0
lb_id	Integer	min: 0, max: 1023	No	0
vlan_id	Integer	min: 2, max: 3967	No

dns_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

ntp_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

syslog_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes
severity	Integer	min: 0, max: 7	Yes

netflow (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable	Boolean	true, false	No	false
exporter	List	[exporter]	No
record	List	[record]	No
monitor	List	[monitor]	No

bootstrap (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable_bootstrap	Boolean	true, false	No	false
enable_local_dhcp_server	Boolean	true, false	No	false
dhcp_version	Choice	DHCPv4, DHCPv6	No
dhcp_v4	Class	[dhcp_v4]	No
dhcp_v6	Class	[dhcp_v6]	No
enable_cdp_mgmt	Boolean	true, false	No	false
bootstrap_freeform	String		No

exporter (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
ip_address	IP		Yes
vrf	String		No
source_interface	String	Regex: (?i)^(?:e|eth(?:ernet)?)\d(?:\/\d+){1,2}(\.\d{1,4})?$	Yes
udp_port	Integer	min: 1, max: 65535	Yes

record (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
template	Choice	netflow_ipv4_record, netflow_l2_record	Yes
layer2	Boolean	true, false	No

monitor (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
record	String		Yes
exporter1	String		Yes
exporter2	String		No

dhcp_v4 (vxlan.global.ebgp.bootstrap)

Name	Type	Constraint	Mandatory	Default Value
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: 8, max: 30	Yes
multi_subnet_scope	String		No
domain_name	String		No

dhcp_v6 (vxlan.global.ebgp.bootstrap)

Name	Type	Constraint	Mandatory	Default Value
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: 64, max: 126	Yes
multi_subnet_scope	String		No
domain_name	String		No

Note

With release 0.5.1, the data model was updated under the global key to provide segmentation for the different fabric types that are supported to provide better clarity for applicable parameters and attributes for a given fabric type. The primary keys for fabric types that are directly under the global key are ibgp, ebgp, and external. For fabric types ibgp and external, keys that were available in 0.5.0 under the global key are maintained and mapped for backwards compatibility for the time being. For the ebgp fabric type, initial support started with the usage of the ebgp key under the global key directly. Users should target the global section of the data model to reference vxlan.global.ibgp, vxlan.global.ebgp, or vxlan.global.external going forward.

eBGP

For detailed information about eBGP fabric creation and deployment, refer to the Cisco NDFC BGP Fabric Documentation.

Basic eBGP Fabric Configuration

global.nac.yaml

vxlan:
  fabric:
    name: ebgp-fabric
    type: eBGP_VXLAN
  global:
    ebgp:
        spine_bgp_asn: "65000.3"
        super_spine_bgp_asn: "65000.1"
        bgp_asn_mode: Multi-AS
        leaf_same_bgp_asn: true
        anycast_gateway_mac: 20:20:00:00:00:aa
        layer2_vni_range:
            from: 30000
            to: 49000
        layer3_vni_range:
            from: 50000
            to: 59000
        layer2_vlan_range:
            from: 2300
            to: 2999
        layer3_vlan_range:
            from: 2000
            to: 2299
        vpc:
            peer_link_vlan: 3600
            peer_keep_alive: management
            auto_recovery_time: 360
            delay_restore_time: 150
            peer_link_port_channel_id: 500
            ipv6_nd_sync: false
            advertise_pip: true
            advertise_pip_border_only: false
            domain_id_range: 1-100
            advertise_pip_border_gateway: true
        snmp_server_host_trap: true
        auth_proto: MD5
        dns_servers:
            - ip_address: 10.200.253.13
            vrf: management
        ntp_servers:
            - ip_address: 10.200.253.13
            vrf: management
        syslog_servers:
            - ip_address: 10.200.253.19
            vrf: management
            severity: 4
        intra_fabric_link_freeform: |
            service-policy type qos input my_fabric_policy

Required Policies

eBGP underlay deployment requires specific policies to be configured for proper underlay and overlay operation.

1. Leaf BGP AS Policies

Each leaf switch must have a leaf_bgp_asn policy to specify its BGP AS number:

policy.nac.yaml

---
vxlan:
  policy:
    policies:
      - name: bgp_as_policy_leaf
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.4"
      - name: bgp_as_policy_BL
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.5"
      - name: bgp_as_policy_BGW
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.22"

2. Spine Switch Overlay Policies

For spine switches, use the custom ebgp_overlay_spine_all_neighbor_custom policy:

NDFC overrides description fields during deployment for the standard ebgp_overlay_spine_all_neighbor as these overlay policies are part of core system overlay policies, which interferes with VXLAN as Code tracking using the policy description. Therefore, a custom version with a different template name is required.

Important: You must manually duplicate the following templates in NDFC:

• ebgp_overlay_spine_all_neighbor → ebgp_overlay_spine_all_neighbor_custom
• ebgp_overlay_leaf_all_neighbor → ebgp_overlay_leaf_all_neighbor_custom

This step is required before using these templates. For template management instructions, refer to the Cisco NDFC Templates Documentation.

The LEAF_IP_LIST has the loopback0 addresses of leaf switches, and LEAF_ASNS has their ASN numbers. For instance, the leaf with loopback0 IP 10.12.0.249 has the ASN number “65000.22.”

policy.nac.yaml

policies:
  - name: ebgp_overlay_spine_all_neighbor_custom
    template_name: ebgp_overlay_spine_all_neighbor_custom
    template_vars:
      LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253"
      INTF_NAME: "Loopback0"
      LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"

3. Leaf Switch Overlay Policies

For leaf switches, use the custom ebgp_overlay_leaf_all_neighbor_custom policy:

policy.nac.yaml

policies:
  - name: ebgp_overlay_leaf_all_neighbor_custom
    template_name: ebgp_overlay_leaf_all_neighbor_custom
    template_vars:
      SPINE_IP_LIST: "10.12.0.229,10.12.0.239"
      INTF_NAME: "Loopback0"

Complete Policy Example

Here’s a complete example showing all required policies with proper priority settings:

policy.nac.yaml

---
vxlan:
  policy:
    policies:
      # Leaf BGP AS Policies
      - name: bgp_as_policy_leaf
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.4"
      - name: bgp_as_policy_BL
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.5"
      - name: bgp_as_policy_BGW
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.22"

      # Spine Overlay Policy
      - name: ebgp_overlay_spine_all_neighbor_custom
        template_name: ebgp_overlay_spine_all_neighbor_custom
        template_vars:
          LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253"
          INTF_NAME: "Loopback0"
          LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"

      # Leaf Overlay Policy
      - name: ebgp_overlay_leaf_all_neighbor_custom
        template_name: ebgp_overlay_leaf_all_neighbor_custom
        template_vars:
          SPINE_IP_LIST: "10.12.0.229,10.12.0.239"
          INTF_NAME: "Loopback0"

    groups:
      - name: leaf_group
        policies:
          - name: bgp_as_policy_leaf
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: leaf_border_group
        policies:
          - name: bgp_as_policy_BGW
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: leaf_border_leaf
        policies:
          - name: bgp_as_policy_BL
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: spine_group
        policies:
          - name: ebgp_overlay_spine_all_neighbor_custom

    switches:
      - name: S1-S1
        groups:
          - spine_group
      - name: S1-S2
        groups:
          - spine_group
      - name: S1-L1
        groups:
          - leaf_group
      - name: S1-L2
        groups:
          - leaf_group
      - name: S1-BL1
        groups:
          - leaf_border_leaf
      - name: S1-BL2
        groups:
          - leaf_border_leaf
      - name: S1-BGW1
        groups:
          - leaf_border_group

Diagram

Classes

global (vxlan)

Name	Type	Constraint	Mandatory	Default Value
ebgp	Class	[ebgp]	No

ebgp (vxlan.global)

Name	Type	Constraint	Mandatory	Default Value
spine_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	Yes
super_spine_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
bgp_asn_mode	Choice	Multi-AS, Same-Tier-AS	No	Multi-AS
leaf_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
border_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
leaf_same_bgp_asn	Boolean	true, false	No	false
anycast_gateway_mac	Any	String[Regex: ^[a-f0-9]{1}\.[a-f0-9]{1}\.[a-f0-9]{1}$] or String[Regex: ^[a-f0-9]{4}\.[a-f0-9]{4}\.[a-f0-9]{4}$] or String[Regex: ^[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}$] or String[Regex: ^[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}$]	No	20:20:00:00:00:aa
overlay_mode	Choice	cli, config-profile	No	cli
layer2_vni_range	Class	[layer2_vni_range]	No
layer3_vni_range	Class	[layer3_vni_range]	No
layer2_vlan_range	Class	[layer2_vlan_range]	No
layer3_vlan_range	Class	[layer3_vlan_range]	No
enable_l3_vni_no_vlan	Boolean	true, false	No	false
multisite_site_id	Integer	min: 1, max: 281474976710655	No
vpc	Class	[vpc]	No
ptp	Class	[ptp]	No
snmp_server_host_trap	Boolean	true, false	No	true
enable_nxapi_http	Boolean	true, false	No	false
nxapi_http_port	Integer		No	80
enable_nxapi_https	Boolean	true, false	No	true
nxapi_https_port	Integer		No	443
auth_proto	Choice	MD5, SHA, MD5_DES, MD5_AES, SHA_DES, SHA_AES	No	MD5
dns_servers	List	[dns_servers]	No
ntp_servers	List	[ntp_servers]	No
syslog_servers	List	[syslog_servers]	No
netflow	Class	[netflow]	No
bootstrap	Class	[bootstrap]	No
aaa_freeform	String		No
banner_freeform	String		No
leaf_pre_interface_freeform	String		No
leaf_post_interface_freeform	String		No
spine_pre_interface_freeform	String		No
spine_post_interface_freeform	String		No
tor_pre_interface_freeform	String		No
tor_post_interface_freeform	String		No
intra_fabric_link_freeform	String		No

layer2_vni_range (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 1, max: 16777214	Yes	30000
to	Integer	min: 1, max: 16777214	No	49000

layer2_vlan_range (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 2, max: 4094	Yes	2300
to	Integer	min: 2, max: 4094	No	2999

vpc (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
peer_link_vlan	Integer	min: 2, max: 3967	No	3600
peer_keep_alive	Choice	loopback, management	No	management
auto_recovery_time	Integer	min: 240, max: 3600	No	360
delay_restore_time	Integer	min: 1, max: 3600	No	150
peer_link_port_channel_id	Integer	min: 1, max: 4096	No	500
ipv6_nd_sync	Boolean	true, false	No	true
advertise_pip	Boolean	true, false	No	false
advertise_pip_border_only	Boolean	true, false	No	true
advertise_pip_border_gateway	Boolean	true, false	No	false
domain_id_range	String		No	1-1000
fabric_vpc_qos	Boolean	true, false	No	false
fabric_vpc_qos_policy_name	String		No	spine_qos_for_fabric_vpc_peering

ptp (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable	Boolean	true, false	No	false
domain_id	Integer	min: 0, max: 127	No	0
lb_id	Integer	min: 0, max: 1023	No	0
vlan_id	Integer	min: 2, max: 3967	No

dns_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

ntp_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

syslog_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes
severity	Integer	min: 0, max: 7	Yes

netflow (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable	Boolean	true, false	No	false
exporter	List	[exporter]	No
record	List	[record]	No
monitor	List	[monitor]	No

bootstrap (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable_bootstrap	Boolean	true, false	No	false
enable_local_dhcp_server	Boolean	true, false	No	false
dhcp_version	Choice	DHCPv4, DHCPv6	No
dhcp_v4	Class	[dhcp_v4]	No
dhcp_v6	Class	[dhcp_v6]	No
enable_cdp_mgmt	Boolean	true, false	No	false
bootstrap_freeform	String		No

exporter (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
ip_address	IP		Yes
vrf	String		No
source_interface	String	Regex: (?i)^(?:e|eth(?:ernet)?)\d(?:\/\d+){1,2}(\.\d{1,4})?$	Yes
udp_port	Integer	min: 1, max: 65535	Yes

record (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
template	Choice	netflow_ipv4_record, netflow_l2_record	Yes
layer2	Boolean	true, false	No

monitor (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
record	String		Yes
exporter1	String		Yes
exporter2	String		No

dhcp_v4 (vxlan.global.ebgp.bootstrap)

Name	Type	Constraint	Mandatory	Default Value
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: 8, max: 30	Yes
multi_subnet_scope	String		No
domain_name	String		No

dhcp_v6 (vxlan.global.ebgp.bootstrap)

Name	Type	Constraint	Mandatory	Default Value
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: 64, max: 126	Yes
multi_subnet_scope	String		No
domain_name	String		No

Note

With release 0.5.1, the data model was updated under the global key to provide segmentation for the different fabric types that are supported to provide better clarity for applicable parameters and attributes for a given fabric type. The primary keys for fabric types that are directly under the global key are ibgp, ebgp, and external. For fabric types ibgp and external, keys that were available in 0.5.0 under the global key are maintained and mapped for backwards compatibility for the time being. For the ebgp fabric type, initial support started with the usage of the ebgp key under the global key directly. Users should target the global section of the data model to reference vxlan.global.ibgp, vxlan.global.ebgp, or vxlan.global.external going forward.

eBGP

For detailed information about eBGP fabric creation and deployment, refer to the Cisco NDFC BGP Fabric Documentation.

Basic eBGP Fabric Configuration

global.nac.yaml

vxlan:
  fabric:
    name: ebgp-fabric
    type: eBGP_VXLAN
  global:
    ebgp:
        spine_bgp_asn: "65000.3"
        super_spine_bgp_asn: "65000.1"
        bgp_asn_mode: Multi-AS
        leaf_same_bgp_asn: true
        anycast_gateway_mac: 20:20:00:00:00:aa
        layer2_vni_range:
            from: 30000
            to: 49000
        layer3_vni_range:
            from: 50000
            to: 59000
        layer2_vlan_range:
            from: 2300
            to: 2999
        layer3_vlan_range:
            from: 2000
            to: 2299
        vpc:
            peer_link_vlan: 3600
            peer_keep_alive: management
            auto_recovery_time: 360
            delay_restore_time: 150
            peer_link_port_channel_id: 500
            ipv6_nd_sync: false
            advertise_pip: true
            advertise_pip_border_only: false
            domain_id_range: 1-100
            advertise_pip_border_gateway: true
        snmp_server_host_trap: true
        auth_proto: MD5
        dns_servers:
            - ip_address: 10.200.253.13
            vrf: management
        ntp_servers:
            - ip_address: 10.200.253.13
            vrf: management
        syslog_servers:
            - ip_address: 10.200.253.19
            vrf: management
            severity: 4
        intra_fabric_link_freeform: |
            service-policy type qos input my_fabric_policy

Required Policies

eBGP underlay deployment requires specific policies to be configured for proper underlay and overlay operation.

1. Leaf BGP AS Policies

Each leaf switch must have a leaf_bgp_asn policy to specify its BGP AS number:

policy.nac.yaml

---
vxlan:
  policy:
    policies:
      - name: bgp_as_policy_leaf
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.4"
      - name: bgp_as_policy_BL
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.5"
      - name: bgp_as_policy_BGW
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.22"

2. Spine Switch Overlay Policies

For spine switches, use the custom ebgp_overlay_spine_all_neighbor_custom policy:

NDFC overrides description fields during deployment for the standard ebgp_overlay_spine_all_neighbor as these overlay policies are part of core system overlay policies, which interferes with VXLAN as Code tracking using the policy description. Therefore, a custom version with a different template name is required.

Important: You must manually duplicate the following templates in NDFC:

• ebgp_overlay_spine_all_neighbor → ebgp_overlay_spine_all_neighbor_custom
• ebgp_overlay_leaf_all_neighbor → ebgp_overlay_leaf_all_neighbor_custom

This step is required before using these templates. For template management instructions, refer to the Cisco NDFC Templates Documentation.

The LEAF_IP_LIST has the loopback0 addresses of leaf switches, and LEAF_ASNS has their ASN numbers. For instance, the leaf with loopback0 IP 10.12.0.249 has the ASN number “65000.22.”

policy.nac.yaml

policies:
  - name: ebgp_overlay_spine_all_neighbor_custom
    template_name: ebgp_overlay_spine_all_neighbor_custom
    template_vars:
      LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253"
      INTF_NAME: "Loopback0"
      LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"

3. Leaf Switch Overlay Policies

For leaf switches, use the custom ebgp_overlay_leaf_all_neighbor_custom policy:

policy.nac.yaml

policies:
  - name: ebgp_overlay_leaf_all_neighbor_custom
    template_name: ebgp_overlay_leaf_all_neighbor_custom
    template_vars:
      SPINE_IP_LIST: "10.12.0.229,10.12.0.239"
      INTF_NAME: "Loopback0"

Complete Policy Example

Here’s a complete example showing all required policies with proper priority settings:

policy.nac.yaml

---
vxlan:
  policy:
    policies:
      # Leaf BGP AS Policies
      - name: bgp_as_policy_leaf
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.4"
      - name: bgp_as_policy_BL
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.5"
      - name: bgp_as_policy_BGW
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.22"

      # Spine Overlay Policy
      - name: ebgp_overlay_spine_all_neighbor_custom
        template_name: ebgp_overlay_spine_all_neighbor_custom
        template_vars:
          LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253"
          INTF_NAME: "Loopback0"
          LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"

      # Leaf Overlay Policy
      - name: ebgp_overlay_leaf_all_neighbor_custom
        template_name: ebgp_overlay_leaf_all_neighbor_custom
        template_vars:
          SPINE_IP_LIST: "10.12.0.229,10.12.0.239"
          INTF_NAME: "Loopback0"

    groups:
      - name: leaf_group
        policies:
          - name: bgp_as_policy_leaf
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: leaf_border_group
        policies:
          - name: bgp_as_policy_BGW
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: leaf_border_leaf
        policies:
          - name: bgp_as_policy_BL
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: spine_group
        policies:
          - name: ebgp_overlay_spine_all_neighbor_custom

    switches:
      - name: S1-S1
        groups:
          - spine_group
      - name: S1-S2
        groups:
          - spine_group
      - name: S1-L1
        groups:
          - leaf_group
      - name: S1-L2
        groups:
          - leaf_group
      - name: S1-BL1
        groups:
          - leaf_border_leaf
      - name: S1-BL2
        groups:
          - leaf_border_leaf
      - name: S1-BGW1
        groups:
          - leaf_border_group

Diagram

Classes

global (vxlan)

Name	Type	Constraint	Mandatory	Default Value
ebgp	Class	[ebgp]	No

ebgp (vxlan.global)

Name	Type	Constraint	Mandatory	Default Value
spine_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	Yes
super_spine_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
bgp_asn_mode	Choice	Multi-AS, Same-Tier-AS	No	Multi-AS
leaf_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
border_bgp_asn	String	Regex: ^(?:\d{1,10}|\d{1,5}\.\d{1,5})$	No
leaf_same_bgp_asn	Boolean	true, false	No	false
anycast_gateway_mac	Any	String[Regex: ^[a-f0-9]{1}\.[a-f0-9]{1}\.[a-f0-9]{1}$] or String[Regex: ^[a-f0-9]{4}\.[a-f0-9]{4}\.[a-f0-9]{4}$] or String[Regex: ^[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}:[a-f0-9]{2}$] or String[Regex: ^[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}-[a-f0-9]{2}$]	No	20:20:00:00:00:aa
overlay_mode	Choice	cli, config-profile	No	cli
layer2_vni_range	Class	[layer2_vni_range]	No
layer3_vni_range	Class	[layer3_vni_range]	No
layer2_vlan_range	Class	[layer2_vlan_range]	No
layer3_vlan_range	Class	[layer3_vlan_range]	No
enable_mvpn_vri_id_range	Boolean	true, false	No	true
enable_l3_vni_no_vlan	Boolean	true, false	No	false
multisite_site_id	Integer	min: 1, max: 281474976710655	No
vpc	Class	[vpc]	No
ptp	Class	[ptp]	No
snmp_server_host_trap	Boolean	true, false	No	true
enable_nxapi_http	Boolean	true, false	No	false
nxapi_http_port	Integer		No	80
enable_nxapi_https	Boolean	true, false	No	true
nxapi_https_port	Integer		No	443
auth_proto	Choice	MD5, SHA, MD5_DES, MD5_AES, SHA_DES, SHA_AES	No	MD5
dns_servers	List	[dns_servers]	No
ntp_servers	List	[ntp_servers]	No
syslog_servers	List	[syslog_servers]	No
netflow	Class	[netflow]	No
bootstrap	Class	[bootstrap]	No

layer2_vni_range (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 1, max: 16777214	Yes	30000
to	Integer	min: 1, max: 16777214	No	49000

layer2_vlan_range (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
from	Integer	min: 2, max: 4094	Yes	2300
to	Integer	min: 2, max: 4094	No	2999

vpc (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
peer_link_vlan	Integer	min: 2, max: 3967	No	3600
peer_keep_alive	Choice	loopback, management	No	management
auto_recovery_time	Integer	min: 240, max: 3600	No	360
delay_restore_time	Integer	min: 1, max: 3600	No	150
peer_link_port_channel_id	Integer	min: 1, max: 4096	No	500
ipv6_nd_sync	Boolean	true, false	No	true
advertise_pip	Boolean	true, false	No	false
advertise_pip_border_only	Boolean	true, false	No	true
advertise_pip_border_gateway	Boolean	true, false	No	false
domain_id_range	String		No	1-1000
fabric_vpc_qos	Boolean	true, false	No	false
fabric_vpc_qos_policy_name	String		No	spine_qos_for_fabric_vpc_peering

ptp (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable	Boolean	true, false	No	false
domain_id	Integer	min: 0, max: 127	No	0
lb_id	Integer	min: 0, max: 1023	No	0
vlan_id	Integer	min: 2, max: 3967	No

dns_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

ntp_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes

syslog_servers (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
ip_address	IP		Yes
vrf	String		Yes
severity	Integer	min: 0, max: 7	Yes

netflow (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable	Boolean	true, false	No	false
exporter	List	[exporter]	No
record	List	[record]	No
monitor	List	[monitor]	No

bootstrap (vxlan.global.ebgp)

Name	Type	Constraint	Mandatory	Default Value
enable_bootstrap	Boolean	true, false	No	false
enable_local_dhcp_server	Boolean	true, false	No	false
dhcp_version	Choice	DHCPv4, DHCPv6	No
dhcp_v4	Class	[dhcp_v4]	No
dhcp_v6	Class	[dhcp_v6]	No
enable_cdp_mgmt	Boolean	true, false	No	false

exporter (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
ip_address	IP		Yes
vrf	String		No
source_interface	String	Regex: (?i)^(?:e|eth(?:ernet)?)\d(?:\/\d+){1,2}(\.\d{1,4})?$	Yes
udp_port	Integer	min: 1, max: 65535	Yes

record (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
template	Choice	netflow_ipv4_record, netflow_l2_record	Yes
layer2	Boolean	true, false	No

monitor (vxlan.global.ebgp.netflow)

Name	Type	Constraint	Mandatory	Default Value
name	String		Yes
record	String		Yes
exporter1	String		Yes
exporter2	String		No

dhcp_v4 (vxlan.global.ebgp.bootstrap)

Name	Type	Constraint	Mandatory	Default Value
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: 8, max: 30	Yes
multi_subnet_scope	String		No
domain_name	String		No

dhcp_v6 (vxlan.global.ebgp.bootstrap)

Name	Type	Constraint	Mandatory	Default Value
scope_start_address	IP		Yes
scope_end_address	IP		Yes
switch_mgmt_default_gw	IP		Yes
mgmt_prefix	Integer	min: 64, max: 126	Yes
multi_subnet_scope	String		No
domain_name	String		No

Note

With release 0.5.1, the data model was updated under the global key to provide segmentation for the different fabric types that are supported to provide better clarity for applicable parameters and attributes for a given fabric type. The primary keys for fabric types that are directly under the global key are ibgp, ebgp, and external. For fabric types ibgp and external, keys that were available in 0.5.0 under the global key are maintained and mapped for backwards compatibility for the time being. For the ebgp fabric type, initial support started with the usage of the ebgp key under the global key directly. Users should target the global section of the data model to reference vxlan.global.ibgp, vxlan.global.ebgp, or vxlan.global.external going forward.

eBGP

For detailed information about eBGP fabric creation and deployment, refer to the Cisco NDFC BGP Fabric Documentation.

Basic eBGP Fabric Configuration

global.nac.yaml

vxlan:
  fabric:
    name: ebgp-fabric
    type: eBGP_VXLAN
  global:
    ebgp:
        spine_bgp_asn: "65000.3"
        super_spine_bgp_asn: "65000.1"
        bgp_asn_mode: Multi-AS
        leaf_same_bgp_asn: true
        anycast_gateway_mac: 20:20:00:00:00:aa
        layer2_vni_range:
            from: 30000
            to: 49000
        layer3_vni_range:
            from: 50000
            to: 59000
        layer2_vlan_range:
            from: 2300
            to: 2999
        layer3_vlan_range:
            from: 2000
            to: 2299
        vpc:
            peer_link_vlan: 3600
            peer_keep_alive: management
            auto_recovery_time: 360
            delay_restore_time: 150
            peer_link_port_channel_id: 500
            ipv6_nd_sync: false
            advertise_pip: true
            advertise_pip_border_only: false
            domain_id_range: 1-100
            advertise_pip_border_gateway: true
        snmp_server_host_trap: true
        auth_proto: MD5
        dns_servers:
            - ip_address: 10.200.253.13
            vrf: management
        ntp_servers:
            - ip_address: 10.200.253.13
            vrf: management
        syslog_servers:
            - ip_address: 10.200.253.19
            vrf: management
            severity: 4

Required Policies

eBGP underlay deployment requires specific policies to be configured for proper underlay and overlay operation.

1. Leaf BGP AS Policies

Each leaf switch must have a leaf_bgp_asn policy to specify its BGP AS number:

policy.nac.yaml

---
vxlan:
  policy:
    policies:
      - name: bgp_as_policy_leaf
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.4"
      - name: bgp_as_policy_BL
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.5"
      - name: bgp_as_policy_BGW
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.22"

2. Spine Switch Overlay Policies

For spine switches, use the custom ebgp_overlay_spine_all_neighbor_custom policy:

NDFC overrides description fields during deployment for the standard ebgp_overlay_spine_all_neighbor as these overlay policies are part of core system overlay policies, which interferes with VXLAN as Code tracking using the policy description. Therefore, a custom version with a different template name is required.

Important: You must manually duplicate the following templates in NDFC:

• ebgp_overlay_spine_all_neighbor → ebgp_overlay_spine_all_neighbor_custom
• ebgp_overlay_leaf_all_neighbor → ebgp_overlay_leaf_all_neighbor_custom

This step is required before using these templates. For template management instructions, refer to the Cisco NDFC Templates Documentation.

The LEAF_IP_LIST has the loopback0 addresses of leaf switches, and LEAF_ASNS has their ASN numbers. For instance, the leaf with loopback0 IP 10.12.0.249 has the ASN number “65000.22.”

policy.nac.yaml

policies:
  - name: ebgp_overlay_spine_all_neighbor_custom
    template_name: ebgp_overlay_spine_all_neighbor_custom
    template_vars:
      LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253"
      INTF_NAME: "Loopback0"
      LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"

3. Leaf Switch Overlay Policies

For leaf switches, use the custom ebgp_overlay_leaf_all_neighbor_custom policy:

policy.nac.yaml

policies:
  - name: ebgp_overlay_leaf_all_neighbor_custom
    template_name: ebgp_overlay_leaf_all_neighbor_custom
    template_vars:
      SPINE_IP_LIST: "10.12.0.229,10.12.0.239"
      INTF_NAME: "Loopback0"

Complete Policy Example

Here’s a complete example showing all required policies with proper priority settings:

policy.nac.yaml

---
vxlan:
  policy:
    policies:
      # Leaf BGP AS Policies
      - name: bgp_as_policy_leaf
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.4"
      - name: bgp_as_policy_BL
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.5"
      - name: bgp_as_policy_BGW
        template_name: leaf_bgp_asn
        template_vars:
          BGP_AS: "65000.22"

      # Spine Overlay Policy
      - name: ebgp_overlay_spine_all_neighbor_custom
        template_name: ebgp_overlay_spine_all_neighbor_custom
        template_vars:
          LEAF_IP_LIST: "10.12.0.249,10.12.0.199,10.12.0.198,10.12.0.254,10.12.0.253"
          INTF_NAME: "Loopback0"
          LEAF_ASNS: "65000.22,65000.4,65000.4,65000.5,65000.5"

      # Leaf Overlay Policy
      - name: ebgp_overlay_leaf_all_neighbor_custom
        template_name: ebgp_overlay_leaf_all_neighbor_custom
        template_vars:
          SPINE_IP_LIST: "10.12.0.229,10.12.0.239"
          INTF_NAME: "Loopback0"

    groups:
      - name: leaf_group
        policies:
          - name: bgp_as_policy_leaf
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: leaf_border_group
        policies:
          - name: bgp_as_policy_BGW
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: leaf_border_leaf
        policies:
          - name: bgp_as_policy_BL
          - name: ebgp_overlay_leaf_all_neighbor_custom
      - name: spine_group
        policies:
          - name: ebgp_overlay_spine_all_neighbor_custom

    switches:
      - name: S1-S1
        groups:
          - spine_group
      - name: S1-S2
        groups:
          - spine_group
      - name: S1-L1
        groups:
          - leaf_group
      - name: S1-L2
        groups:
          - leaf_group
      - name: S1-BL1
        groups:
          - leaf_border_leaf
      - name: S1-BL2
        groups:
          - leaf_border_leaf
      - name: S1-BGW1
        groups:
          - leaf_border_group