Concept Guide
• Only one Remote VTEP can be reached through a single interface in a broadcast domain.
• Single VNI can be mapped to Single VLAN in both static and NSX controller-based VXLAN. Hence, only 4000 VNIs are supported while
conguring static VXLAN.
• You can map multiple VNIs with multiple VLANs in an NSX-based VXLAN.
• You can congure only one Nuage controller in a VXLAN setup. Nuage controller datapath-learning is not supported.
• In a Nuage controller-based VXLAN deployment, station moves of non-virtualized entities may not work as expected due to a possible
issue in the Nuage contoller.
NOTE: When more than 15000 learned MAC addresses are synchronized from the Nuage controller to one of the VTEPs, the
SSL connection between the controller and the VTEP aps continuously.
Conguring and Controlling VXLAN from the NSX
Controller GUI
You can congure and control VXLAN from the NSX controller GUI, by adding a hardware device to NSX and authenticating the device.
1 Generate a certicate in your system and add it to the NSX before adding a hardware device for authentication.
To generate a certicate, use the following command:
• crypto cert generate self-signed cert-file flash://vtep-cert.pem key-file flash://vtep-
privkey.pem
To view the certicate, use the following command:
• show file flash://vtep-cert.pem
The output appears similar to the following example:
-----BEGIN CERTIFICATE-----
MIID3jCCAsagAwIBAgIBATANBgkqhkiG9w0BAQUFADCBmTELMAkGA1UEBhMCVVMxFTATBgNVBAMMDHd3dy5kZWxsLmNvb
TENMAsGA1UECgwERGVsbDEYMBYGA1UECwwPRGVsbCBOZXR3b3JraW5nMREwDwYDVQQHDAhTQU4gSm9zZTETMBEGA1UECA
wKQ2FsaWZvcm5pYTEiMCAGCSqGSIb3DQEJARYTc29tZW9uZUBleGFtcGxlLmNvbTAeFw0xNTExMjAwMzA0NTNaFw0yNTE
xMTcwMzA0NTNaMIGZMQswCQYDVQQGEwJVUzEVMBMGA1UEAwwMd3d3LmRlbGwuY29tMQ0wCwYDVQQKDAREZWxsMRgwFgYD
VQQLDA9EZWxsIE5ldHdvcmtpbmcxETAPBgNVBAcMCFNBTiBKb3NlMRMwEQYDVQQIDApDYWxpZm9ybmlhMSIwIAYJKoZIh
vcNAQkBFhNzb21lb25lQGV4YW1wbGUuY29tMIIBIjANBgkqhkiG9w0BAQEFAAOCAQ8AMIIBCgKCAQEAqGaGq3Cv4/
RpuoiuePrnayORRhzEW/H2Ypv8OKEcew1gySmFz24LQttzSHo4AO+qF3LkILvFW2RaHZ1mxbmm95d3PnZ8fXg2wgPz+
+T6coHGYH0o0+LkHVBb3IIXd/CSp+TBRzAwWMPS7tnaRv1UqiJtm6/RjcJghbf6zcQWUcg2CTtKe5ej/
rS2tIU9EBGCzL3xs6DRB3lvScgmuckc5L18qWqNHRWMdKFgKwHKUOOvHakPFs9RNJNy5Sxwfe/kgkVmqA/
KWiRIecLIgmgYjKu2E0uC3URpuydoN7UwPSeigXWeR3JyhzfFVEr5LtyXVpo9zS2JGyygKtzZBpke1wIDAQABoy8wLTAM
BgNVHRMEBTADAQH/MB0GA1UdDgQWBBTaOaPuXmtLDTJVv++VYBiQr9gHCTANBgkqhkiG9w0BAQUFAAOCAQEAn5E/
w3BLQrX3e3Jv3EUFftGV0NABXOQxb/ODH4doA/68nQcvW7GZgpwoxe77YQH+C/uBNFwSBFxsu9ZkXhKu2q8wrCd
+cnuaNu7Kq2V0DGSdR7eIkDTHkflttHbMmRfStHLetk3bA0HgXTW5c+vFn79EX/nJqxIvkl5ADT7k5JZR
+j6i9eskgUlvBuV5OOZKzh29Gy4sjXvdYL5GirZFon8iZNY5FON
+WlpcLJ9GjMvVfwvJx7exVs9cqXvm6UZ4Bf262STKbm+Q4qz30tyjDdF1xDBcBjL83UcEvSW65V/
sSFKBohqu40EWXIBJ0QbKvFWv91rbjkgtsrHVTdohrA==
-----END CERTIFICATE-----
Copy and paste the generated certicate to the NSX.
NOTE
: Once controller connectivity is established from VLT peers, if you want to generate a new certicate and use it
for controller connection, generate the certicate from the node (node that is directly connected to controller). If you
do not generate a new certicate from the node, system shows inconsistent behavior.
2 Create a VXLAN Gateway.
To create service node, the required elds are the IP address and SSL certicate of the server. The Service node is responsible for
broadcast/unknown unicast/multicast trac replication. The following is the snapshot of the user interface for the creation of service
node:
Select Home > Networking and Security > Service Denition > Hardware Devices. Under Hardware Devices, click the Add button.
Virtual Extensible LAN (VXLAN)
1159