{"id":710,"date":"2025-12-21T21:26:48","date_gmt":"2025-12-21T21:26:48","guid":{"rendered":"http:\/\/blog.miguelsarmiento.com\/?p=710"},"modified":"2025-12-21T21:31:39","modified_gmt":"2025-12-21T21:31:39","slug":"pve-sdn-nxos-follow-up","status":"publish","type":"post","link":"https:\/\/blog.miguelsarmiento.com\/?p=710","title":{"rendered":"PVE SDN NXOS Follow Up!"},"content":{"rendered":"<p>Hello,<\/p>\n<p>This is a follow up to my previous blog regarding <a href=\"https:\/\/blog.miguelsarmiento.com\/?p=639\" target=\"_blank\" rel=\"noopener noreferrer\">PVE SDN and NXOS<\/a>\u00a0.<\/p>\n<p>Astute readers which all of you are, would have realized that in order to go across\u00a0 VXLAN segments, the default gateway for each VNET is located at the PVE nodes.<\/p>\n<p>This is not really a an efficient way of routing across an EVPN SDN layout. The default gateway should be local to the VTEPs in which your VNIs are located.<\/p>\n<p>A way of accomplishing this, is to use the\u00a0 &#8220;anycast-gateway&#8221; feature. To do this will create a SVI on the 9k, and assign it to the vrf (the L3 vrf we configured) and give it an IP address.<\/p>\n<p>Looking at the configuration we have:<\/p>\n<pre class=\"western\"><b>vlan 1,100,200,1000,2000<\/b>\r\n<b>vlan 100<\/b>\r\n  <b>vn-segment 31000<\/b>\r\n<b>vlan 200<\/b>\r\n  <b>vn-segment 41000<\/b>\r\n<b>vlan 1000<\/b>\r\n  <b>vn-segment 30000<\/b>\r\n<b>vlan 2000<\/b>\r\n  <b>vn-segment 40000\r\n\r\n<\/b><\/pre>\n<pre class=\"western\"><b>vrf context management<\/b>\r\n<b>vrf context vrfvx_v100<\/b>\r\n  <b>vni 30000<\/b>\r\n  <b>rd auto<\/b>\r\n  <b>address-family ipv4 unicast<\/b>\r\n    <b>route-target both auto<\/b>\r\n    <b>route-target both auto evpn<\/b>\r\n<b>vrf context vrfvx_v200<\/b>\r\n  <b>vni 40000<\/b>\r\n  <b>address-family ipv4 unicast<\/b>\r\n    <b>route-target both auto<\/b>\r\n    <b>route-target both auto evpn<\/b><\/pre>\n<p>Thus we need to create a VLAN 100 and assign it to vrf vrfvx_100 and _200.<\/p>\n<p>Before we do this we need to make note of the MAC addresses the PVE is giving to the VNETs we configured. This will be under the &#8220;sdn&#8221; file in the &#8220;interface.d&#8221; folder. This ensures that the gateways we create will have the same MAC addresses, so if you were to migrate a VM it will not have a conflict between ARP entries and MAC addresses on the different leaf it now resides.<\/p>\n<p>In our case we will use the static method or manual MAC configuration. Another way is to use MAC aliasing.<\/p>\n<p>Now we can configure both VLANS:<\/p>\n<pre>interface Vlan100\r\n no shutdown\r\n <strong>mac-address bc24.11e7.f432<\/strong> \r\n vrf member vrfvx_v100\r\n ip address 10.100.1.1\/24 \r\n <strong>fabric forwarding mode anycast-gateway<\/strong>\r\n\r\ninterface Vlan200\r\n no shutdown\r\n <strong>mac-address BC:24:11:58:A1:F9<\/strong>\r\n vrf member vrfvx_v200\r\n ip address 10.200.1.1\/24\r\n <strong>fabric forwarding mode anycast-gateway<\/strong><\/pre>\n<p>Notice that we defined the mac addresses for each VNET and then we use the any-cast gateway command.<\/p>\n<p>The interfaces should be up and if the PVE allowed this you would be able to ping across VNIs. How to allow access across VNIs will be a topic for another blog.<\/p>\n<p>Cheers,<\/p>\n<p>Ciao.<\/p>\n<p>&nbsp;<\/p>\n","protected":false},"excerpt":{"rendered":"<p>Hello, This is a follow up to my previous blog regarding PVE SDN and NXOS\u00a0. Astute readers which all of you are, would have realized that in order to go across\u00a0 VXLAN segments, the default gateway for each VNET is located at the PVE nodes. This is not really a an efficient way of routing &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/blog.miguelsarmiento.com\/?p=710\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;PVE SDN NXOS Follow Up!&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[],"class_list":["post-710","post","type-post","status-publish","format-standard","hentry","category-uncategorized"],"_links":{"self":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/710","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcomments&post=710"}],"version-history":[{"count":8,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/710\/revisions"}],"predecessor-version":[{"id":718,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=\/wp\/v2\/posts\/710\/revisions\/718"}],"wp:attachment":[{"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fmedia&parent=710"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Fcategories&post=710"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/blog.miguelsarmiento.com\/index.php?rest_route=%2Fwp%2Fv2%2Ftags&post=710"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}