My goal here was to make updating an ACL that is applied on multiple devices as easy as possible. Below is a portion of my vars.yml file just to give an idea of how updates are done:
Going with the same diagram i’ve been using. I’m going to configure an ansible playbook to push out new VNIs to my VXLAN lab Continue reading “Using Ansible to push new VXLAN VNIs”
In the last blog post I setup a basic VXLAN config just allowing 2 hosts on separate leaf switches to communicate within their common subnet. In that configuration all of the hosts were learned by the VTEPs from BUM traffic flooded using multicast. Using BGP EVPN, hosts are learned by their own leaf switch and then advertised to the BGP speaking spine switches which reflect them back down to all other leafs. As soon as a leaf switch learns of a host (most likely from that host sending a GARP or some ARP request) it will advertise that host’s information to everyone else. Even when using BGP EVPN arp requests are still sent to all VTEPs using multicast even though the VTEPs have probably already learned about the remote host via BGP. That is where arp suppression comes into play. Arp suppression allows the VTEP to respond to arp requests if the VTEP already knows the remote hosts mac address. There is a bit of upfront work to get this setup though because some switches require you carve up the TCAM to make room for ether-arp.
I’m going to create a basic playbook just to ping 18.104.22.168
Host file contents under /etc/ansible/hosts. I have my NX-OS devices already included and configured the username for all devices (‘admin’)
The below script was used on Nexus 9000v NX-API which can be enabled with ‘feature nxapi’
I’m using the same topology from the VXLAN post: Continue reading “Using REST to update interface descriptions with CDP neighbors”