Skip to content
Network as Code

General

Diagram

Section titled “Diagram”
Diagram

Classes

Section titled “Classes”

underlay (vxlan)

Section titled “underlay (vxlan)”
NameTypeConstraintMandatoryDefault Value
generalClass[general]No

general (vxlan.underlay)

Section titled “general (vxlan.underlay)”
NameTypeConstraintMandatoryDefault Value
routing_protocolChoiceospf, is-isNoospf
enable_ipv6_underlayBooleantrue, falseNofalse
replication_modeChoicemulticast, ingressNomulticast
manual_underlay_allocationBooleantrue, falseNofalse
underlay_routing_loopback_idIntegermin: 0, max: 1023No0
underlay_vtep_loopback_idIntegermin: 0, max: 1023No1
underlay_routing_protocol_tagStringNoUNDERLAY
intra_fabric_interface_mtuIntegermax: 9216No9216
layer2_host_interface_mtuIntegermax: 9216No9216
unshut_host_interfacesBooleantrue, falseNotrue

Examples

Section titled “Examples”
vxlan:
  underlay:
    general:
      routing_protocol: ospf
      enable_ipv6_underlay: false
      replication_mode: multicast
      manual_underlay_allocation: false
      underlay_routing_loopback_id: 0
      underlay_vtep_loopback_id: 1
      underlay_routing_protocol_tag: UNDERLAY
      underlay_rp_loopback_id: 254
      intra_fabric_interface_mtu: 9216
      layer2_host_interface_mtu: 9216
      unshut_host_interfaces: true

Manual Allocation

Section titled “Manual Allocation”

This documentation explains how to use manual allocation with NaC (Network as Code). It covers when to use manual allocation versus automatic allocation, prerequisites, step‑by‑step instructions to allocate and release resources, example workflows, and basic troubleshooting tips.

Limitations

Section titled “Limitations”
  • IPv6 is not supported.

Underlay configuration

Section titled “Underlay configuration”

Under vxlan.underlay.general.manual_underlay_allocation you need to set to true. When enabled, you need to define additional information i.e. (IPs for loopback etc)

---
vxlan:
  underlay:
    general:
      underlay_routing_loopback_id: 0
      underlay_vtep_loopback_id: 1
      replication_mode: multicast
      manual_underlay_allocation: true
    ipv4:
      fabric_interface_numbering: unnumbered
      subnet_mask: 31
    multicast:
      ipv4:
        anycast_rp: 1.1.1.1 # When manual allocation and rp_mode asm

In the previous example, there is three different section under vxlan.underlay.

  • general
  • ipv4
  • multicast

Underlay General

Section titled “Underlay General”

In general when you enable manual_underlay_allocation, you need to define ID for Routing and VTEP loopbacks:

  • general.underlay_routing_loopback_id
  • general.underlay_vtep_loopback_id

We use those IDs to get IP addresses configured on each switch. Example, if underlay_routing_loopback_id is 0, we search interface name: Loopback0.

Ex:

---
vxlan:
  topology:
    switches:
      - name: leaf1
        role: leaf
        management:
          default_gateway_v4: 10.254.42.254
          management_ipv4_address: 10.254.42.81
          subnet_mask_ipv4: 24
        interfaces:
          - name: Loopback0 # underlay_routing_loopback_id
            mode: fabric_loopback
            ipv4_address: 10.0.0.81
          - name: Loopback1 # underlay_vtep_loopback_id
            mode: fabric_loopback
            ipv4_address: 10.1.0.81

In addition, you need to define the replication_mode. If you use multicast you need to configuration an other value under vxlan.underlay.multicast.

Underlay IPv4

Section titled “Underlay IPv4”

In vxlan.underlay.ipv4 we have a key: fabric_interface_numbering to define which type of intra-fabric links you want. For example: P2P or unnumbered. When you choose P2P, you need to provide subnets for each P2P link. If you use unnumbered, you don’t need to provide that information except for the backup link between each member if switches are in vPC with fabric peer-link, because we cannot configure unnumbered with SVI.

Underlay multicast

Section titled “Underlay multicast”

In vxlan.underlay.multicast you need to configure the anycast IP. In the previous example, the anycast IP will be 1.1.1.1.

Fabric loopback IP allocation

Section titled “Fabric loopback IP allocation”

Now you need to define IP address for each switch depending on the previous options.

Standalone leaf (no vPC)

Section titled “Standalone leaf (no vPC)”

In this use case, you only need to define IPs for the routing and VTEP loopback.

For Loopback, you need to use mode: fabric_loopback. Other values provided are ignored. We only used IP addresses. It’s recommended to only configure the mode and ipv4_address.

---
vxlan:
  topology:
    switches:
      - name: leaf1
        role: leaf
        management:
          default_gateway_v4: 10.254.42.254
          management_ipv4_address: 10.254.42.81
          subnet_mask_ipv4: 24
        interfaces:
          - name: Loopback0
            mode: fabric_loopback
            enabled: true
            ipv4_address: 10.0.0.81
          - name: Loopback1
            mode: fabric_loopback
            enabled: true
            ipv4_address: 10.1.0.81

Secondary IP for Leaf switches in vPC

Section titled “Secondary IP for Leaf switches in vPC”

In this use case, you need to configure the secondary IP address (VTEP VIP) which is common to both members. In the following example, 10.1.0.110 will be used.

---
vxlan:
  topology:
    vpc_peers:
      - peer1: leaf1
        peer2: leaf2
        peer1_peerlink_interfaces:
          - name: Ethernet1/49
          - name: Ethernet1/50
        peer2_peerlink_interfaces:
          - name: Ethernet1/49
          - name: Ethernet1/50
        domain_id: 10
        vtep_vip: 10.1.0.110
        fabric_peering: false

In the previous example, fabric_peering is false, which means you need to configure an IP address for the backup link via the peer-link.

The following example will allocate the subnet 10.4.0.0/31 between leaf1 and leaf2. We will use IP 10.4.0.0/31 on the SVI: Vlan3600 in leaf1 and 10.4.0.1/31 in leaf2.

---
vxlan:
  topology:
    fabric_links:
      - source_device: leaf1
        source_interface: Vlan3600
        dest_device: leaf2
        dest_interface: Vlan3600
        ipv4:
          subnet: 10.4.0.0/31
          source_ipv4: 10.4.0.0
          dest_ipv4: 10.4.0.1

Here we use Vlan3600, which is the default value, but you can configure your own VLAN. VLAN IDs must be aligned across both devices.

---
vxlan:
  fabric:
    name: myfabric
    type: VXLAN_EVPN
  global:
    ibgp:
      vpc:
        peer_link_vlan: 3600
        peer_keep_alive: management
Section titled “Intra-Fabric links in Point-to-Point”

In this use case, you need to configure each subnet between devices. The following example defines two subnets between Leaf1, Spine1, and Spine2.

---
vxlan:
  topology:
    fabric_links:
      - source_device: Spine1
        source_interface: Ethernet1/1
        dest_device: Leaf1
        dest_interface: Ethernet1/49
        ipv4:
          subnet: 30.5.0.0/31
          source_ipv4: 30.5.0.0
          dest_ipv4: 30.5.0.1
      - source_device: Spine2
        source_interface: Ethernet1/1
        dest_device: Leaf1
        dest_interface: Ethernet1/50
        ipv4:
          subnet: 30.5.0.2/31
          source_ipv4: 30.5.0.2
          dest_ipv4: 30.5.0.3

Multi-Site VTEP VIP Allocation

Section titled “Multi-Site VTEP VIP Allocation”

In multi-site you can also configure your own IP address for the multi-site loopback.

---
vxlan:
  fabric:
    name: MSD
    type: MSD
  multisite:
    child_fabrics:
      - name: nac-ndfc1
        bgw_anycast_vip_ipv4: 100.66.1.1
      - name: nac-ndfc2
        bgw_anycast_vip_ipv4: 100.66.1.2
      - name: nac-ndfc3
        bgw_anycast_vip_ipv4: 100.66.1.3
      - name: nac-isn

You can configure IP addresses manually by disabling Multi-Site Underlay IFC. In that case, BGP send-community, BGP log neighbor change, and BFD under BGP are ignored.

---
vxlan:
  fabric:
    name: MSD
    type: MSD
  multisite:
    overlay_dci:
      underlay_autoconfig: false