Configure VXLAN with Ansible Part 2
Welcome to part 2 of this guide. If you've completed part 1, you should have the base configuration applied and the device interfaces all configured, so it's now time to build the VXLAN underlay. For the VXLAN Underlay, you will need to configure OSPF, and the required multicast configuration in preparation for VXLAN BGP EVPN.
As with the base configuration role, for the underlay I created another role called dcb_underlay. Below is my folder structure for this role.
(ansible root)
roles
- dcb_underlay
- tasks
- main.yml
- dcb_pim.yml
- dcb_spine_pim_rp.yml
- underlay_ospf.yml
Again, as with the previous role, the main.yml file only contains the tasks and the order to process them. As the configuration of a PIM RP only required to be configured on the Spine switch in this lab, I've included the when statement in the task so that only devices in the group dcb_spine will have this configuration applied.
main.yml
- name: Configure OSPF on all switches
include_role:
name: dcb_underlay
tasks_from: underlay_ospf.yml
- name: Enable pim on all switches
include_role:
name: dcb_underlay
tasks_from: dcb_pim.yml
- name: Configure the RP address on the Spine
include_role:
name: dcb_underlay
tasks_from: dcb_spine_pim_rp.yml
when: inventory_hostname in groups['dcb_spine']The first task in this role is to configure the underlay OSPF. This is a very simple play that configures the OSPF process and enables OSPF on the required Ethernet and loopback interfaces. The final task in the underlay ospf play, is an additional configuration that isn't required, but I like that NX-OS does this. This task will configure the DNS host entries on the local switch so that when you do a show ip ospf neigh, you see the hostname instead of the router-ID as below.
WRLABSPSWB01# sh ip ospf ne
OSPF Process ID WRLAB-DC2 VRF default
Total number of neighbors: 4
Neighbor ID Pri State Up Time Address Interface
WRLABBGSWB01 1 FULL/ - 4d11h 10.199.223.1 Eth1/1
WRLABLFSWB01 1 FULL/ - 4d11h 10.199.223.6 Eth1/2
WRLABLFSWB02 1 FULL/ - 4d11h 10.199.223.10 Eth1/3
WRLABLFSWB03 1 FULL/ - 4d11h 10.199.223.14 Eth1/4 The following is the underlay_ospf.yml tasks. This one is pretty self explanatory I think. It simply configures the required OSPF parameters on each of the switches as OSPF is used for the underlay routing. There are a number of additional OSPF options that can be configured with this play but this will configure the device for a very basic OSPF routing process and enable the specified interfaces for OSPF. Note that enabling OSPF on the loopback interfaces is a must as these are used for the overlay and multicast.
underlay_ospf.yml
- name: Configure the OSPF process
cisco.nxos.nxos_ospfv2:
config:
processes:
- process_id: "{{ ospf_proc_dc2 }}"
router_id: "{{ rid }}"
auto_cost:
reference_bandwidth: 200000
unit: Mbps
log_adjacency_changes:
log: true
name_lookup: true
passive_interface:
default: true
rfc1583compatibility: true
- name: Configure the OSPF Ethernet Interfaces
cisco.nxos.nxos_ospf_interfaces:
config:
- name: "{{ item.int }}"
address_family:
- afi: "{{ item.afi }}"
processes:
- process_id: "{{ item.proc_id }}"
area:
area_id: "{{ item.area_id }}"
passive_interface: false
network: "{{ item.netw }}"
loop: "{{ ospf_eth_int }}"
- name: Configure the OSPF Loopback Interfaces
cisco.nxos.nxos_ospf_interfaces:
config:
- name: "{{ item.int }}"
address_family:
- afi: "{{ item.afi }}"
processes:
- process_id: "{{ item.proc_id }}"
area:
area_id: "{{ item.area_id }}"
network: "{{ item.netw }}"
loop: "{{ ospf_loop_int }}"
- name: Configure ip hosts for OSPF neighbours
cisco.nxos.nxos_command:
commands:
- conf t
- ip host {{ item.name }} {{ item.ip }}
loop: "{{ ospf_host_name }}"With the OSPF underlay part done, next configure the required underlay PIM settings for your lab environment. Again there are more options that can be configured but if you're following my lab, this is all that is needed for a basic PIM configuration. This play gets run against all switches within your VXLAN topology.
dcb_pim.yml
- name: Enable PIM Sparse mode on all required interfaces
cisco.nxos.nxos_pim_interface:
interface: "{{ item.int }}"
sparse: true
loop: "{{ pim_int }}"
- name: Configure RP address and multicast group
cisco.nxos.nxos_pim_rp_address:
rp_address: 10.199.222.2
group_list: 224.0.0/4
- name: Configure PIM SSM range
cisco.nxos.nxos_pim:
ssm_range: 232.0.0.0/8As I mentioned earlier, the PIM RP address configuration is only required on the spine switches. While the Ansible NX-OS documentation says that there is a module for doing this, I couldn't get it to work and my Ansible implementation kept throwing a module error so my workaround was to use the nxos_command module and just configure the lines of code required. You could use variables for your RP configuration here as well, but I just hard coded the IP information.
dcb_spine_pim_rp.yml
- name: Configure PiM anycast RP address
cisco.nxos.nxos_command:
commands:
- conf t
- ip pim anycast-rp 10.199.222.2 10.199.220.2That's all that's required for the VXLAN underlay configuration. Once you have configured your inventory files and created the role and all tasks, you can now update the playbook that you created to run the base configuration role to also include this new underlay role.
---
- hosts: dcb_switches
roles:
- dcb_base
- dcb_underlayNow when you run this playbook, it will run the lab_dc2_base role, followed by the lab_dc2_underlay role. Once you've updated the playbook, run the play to confirm everything works as expected. Once again, i've removed a lot of the output for brevity.
[ray@wrlabansbl01 wrlab]$ ansible-playbook -i inventories/lab/inventory.yml playbooks/test/test_lab_roles.yml
PLAY [dcb_switches] *******************************************************************************************************************************************************************************************
TASK [Gathering Facts] ****************************************************************************************************************************************************************************************
ok: [wrlablfswb01]
ok: [wrlabbgwswb01]
ok: [wrlablfswb02]
ok: [wrlabspswb01]
ok: [wrlablfswb03]
TASK [Configure all switch ethernet and loopback interfaces] **************************************************************************************************************************************************
----------------- OMITTED --------------
TASK [dcb_underlay : Configure RP address and multicast group] ********************************************************************************************************************************************
changed: [wrlabbgwswb01]
changed: [wrlablfswb02]
changed: [wrlablfswb03]
changed: [wrlabspswb01]
changed: [wrlablfswb01]
TASK [dcb_underlay : Configure PIM SSM range] *************************************************************************************************************************************************************
changed: [wrlabbgwswb01]
changed: [wrlablfswb03]
changed: [wrlablfswb02]
changed: [wrlabspswb01]
changed: [wrlablfswb01]
TASK [Configure the RP address on the Spine] ******************************************************************************************************************************************************************
skipping: [wrlabbgwswb01]
skipping: [wrlablfswb01]
skipping: [wrlablfswb02]
skipping: [wrlablfswb03]
TASK [dcb_underlay : Configure PiM anycast RP address] ****************************************************************************************************************************************************
ok: [wrlabspswb01]
PLAY RECAP ****************************************************************************************************************************************************************************************************
wrlabbgwswb01 : ok=14 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
wrlablfswb01 : ok=14 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
wrlablfswb02 : ok=14 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
wrlablfswb03 : ok=14 changed=2 unreachable=0 failed=0 skipped=1 rescued=0 ignored=0
wrlabspswb01 : ok=15 changed=2 unreachable=0 failed=0 skipped=0 rescued=0 ignored=0 That's it, the required OSPF and PIM configuration should be applied, and you should now see each OSPF neighbour and OSPF routes being advertised as well as pim neighbours on all of your lab switches.
WRLABLFSWB01# sh ip ospf ne
OSPF Process ID WRLAB-DC2 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
WRLABSPSWB01 1 FULL/ - 1w0d 10.199.223.5 Eth1/1
WRLABSPSWB01# sh ip pim neighbor
PIM Neighbor Status for VRF "default"
Neighbor Interface Uptime Expires DR Bidir- BFD ECMP Redirect
Priority Capable State Capable
10.199.223.1 Ethernet1/1 4d11h 00:01:34 1 yes n/a no
10.199.223.6 Ethernet1/2 4d11h 00:01:22 1 yes n/a no
10.199.223.10 Ethernet1/3 4d11h 00:01:43 1 yes n/a no
10.199.223.14 Ethernet1/4 4d11h 00:01:21 1 yes n/a noNow that you have the base configuration and the underlay is ready to go, the last step is to configure the VXLAN overlay.
Add new comment