API Guide
To enable efficient traffic forwarding on a VTEP, OS10 supports distributed and centralized gateway routing. A distributed
gateway means that multiple VTEPs act as the gateway router for a tenant subnet. The VTEP nearest to a host acts as its
gateway router. To support seamless migration of hosts and virtual machines on different VTEPs, configure a common virtual IP
address, known as an anycast IP address, on all VTEPs for each virtual network. Use this anycast IP address as the gateway IP
address on VMs.
To support multiple tenants when each tenant has its own L2 segments, configure a different IP VRF for each tenant. All
tenants share the same VXLAN underlay IP fabric in the default VRF.
1. Create a non-default VRF instance for overlay routing in Configuration mode. For multi-tenancy, create a VRF instance for
each tenant.
ip vrf tenant-vrf-name
exit
2. Configure the anycast gateway MAC address all VTEPs use in all VXLAN virtual networks in Configuration mode.
When a VM sends an Address Resolution Protocol (ARP) request for the anycast gateway IP address in a VXLAN virtual
network, the nearest VTEP responds with the configured anycast MAC address. Configure the same MAC address on all
VTEPs so that the anycast gateway MAC address remains the same if a VM migrates to a different VTEP. Because the
configured MAC address is automatically used for all VXLAN virtual networks, configure it in global Configuration mode.
ip virtual-router mac-address mac-address
3. Configure a virtual-network interface, assign it to the tenant VRF, and configure an IP address.
The interface IP address must be unique on each VTEP, including VTEPs in VLT pairs. You can configure an IPv6 address on
the virtual-network interface. Different virtual-network interfaces you configure on the same VTEP must have virtual-
network IP addresses in different subnets. If you do not assign the virtual-network interface to a tenant VRF, it is assigned
to the default VRF.
interface virtual-network vn-id
ip vrf forwarding tenant-vrf-name
ip address ip-address/mask
no shutdown
exit
4. Configure an anycast gateway IPv4 or IPv6 address for each virtual network in INTERFACE-VIRTUAL-NETWORK mode. This
anycast IP address must be in the same subnet as the IP address of the virtual-network interface in Step 3.
Configure the same IPv4 or IPv6 address as the anycast IP address on all VTEPs in a virtual network. All hosts use the
anycast gateway IP address as the default gateway IP address in the subnet that connects to the virtual-network interface
configured in Step 3. Configure the anycast gateway IP address on all downstream VMs. Using the same anycast gateway IP
address allows host VMs to move from one VTEP to another VTEP in a VXLAN. Dell EMC recommends using an anycast
gateway in both VLT and non-VLT VXLAN configurations.
interface virtual-network vn-id
ip virtual-router address ip-address
Configuration notes for virtual-network routing:
● VXLAN overlay routing includes routing tenant traffic on the ingress VTEP and bridging the traffic on the egress VTEP. The
ingress VTEP learns ARP entries and associates all destination IP addresses of tenant VMs with the corresponding VM MAC
addresses in the overlay. On the ingress VTEP, configure a virtual network for each destination IP subnet even if there are
no locally attached hosts for an IP subnet.
● Routing protocols, such as Open Shortest Path First (OSPF) and BGP, are not supported on the virtual-network interface in
the overlay network. However, static routes that point to a virtual-network interface or to a next-hop IP address that
belongs to a virtual-network subnet are supported.
● When you add a static route in the overlay, any next-hop IP address that belongs to a virtual-network subnet must be the
only next-hop for that route and cannot be one of multiple ECMP next-hops. For example, if you enter the following
configuration commands one after the other, where 10.250.0.0/16 is a virtual-network subnet, only the first next-hop is
active on the switch.
OS10(config)# ip route 0.0.0.0/0 10.250.0.101
OS10(config)# ip route 0.0.0.0/0 10.250.0.102
If the next-hop is a pair of dual-homed VTEPs in a VLT domain, a workaround is to configure the same anycast gateway IP
address on both VTEPs and use this address as the next-hop IP address.
VXLAN
885