VXLAN as Code is a data-model driven framework. It allows you to define your network infrastructure as code, following a simple to use data model. This data model essentially
provides the structure of all variables and parameters that are required to build your fabric. The data model is defined using several YAML files, which are easy to read and write. The data model
to build the VXLAN Fabric is divided into multiple high level sections or keys. For your reference the entire data-model for VXLAN as code can be found here:
VXLAN as Code Data Model
To begin building the VXLAN Fabric, you will need to create a set of YAML files that define the fabric, global settings, underlay, and other parameters. These files will be used by Ansible to create and manage the fabric in NDFC.
Create the fabric.nac.yml file in the host_vars/fabric-stage directory. This file will contain the fabric name and type.
Do note that the actual filename does not matter, rather the keys and values within the file need to follow the VXLAN as Code Data Model structure.
touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/fabric.nac.yml
code-server -r ~/workspace/ndfclab/nac/host_vars/fabric-stage/fabric.nac.yml
---
vxlan:
fabric:
name: fabric-stage
type: VXLAN_EVPN
Next, you will create the global.nac.yml file in the host_vars/fabric-stage directory. This file will contain global settings for the fabric, such as BGP ASN, route reflectors, DNS servers, NTP servers, and bootstrap settings.
touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/global.nac.yml
code-server -r ~/workspace/ndfclab/nac/host_vars/fabric-stage/global.nac.yml
---
vxlan:
global:
bgp_asn: "65001"
route_reflectors: 2
anycast_gateway_mac: 12:34:56:78:90:00
dns_servers:
- ip_address: 10.0.249.16
vrf: management
ntp_servers:
- ip_address: 10.81.254.131
vrf: management
bootstrap:
enable_bootstrap: true
enable_local_dhcp_server: true
dhcp_version: DHCPv4
dhcp_v4:
scope_start_address: 10.15.0.100
scope_end_address: 10.15.0.101
switch_mgmt_default_gw: 10.15.0.1
mgmt_prefix: 24
multi_subnet_scope: "10.15.6.100,10.15.6.101,10.15.6.1,24"
You will then create the underlay.nac.yml file in the host_vars/fabric-stage directory. This file will contain underlay settings for the fabric, such as routing protocol to use, IP addressing, and multicast settings.
touch ~/workspace/ndfclab/nac/host_vars/fabric-stage/underlay.nac.yml
code-server -r ~/workspace/ndfclab/nac/host_vars/fabric-stage/underlay.nac.yml
---
vxlan:
underlay:
general:
routing_protocol: ospf
underlay_routing_loopback_id: 0
underlay_routing_protocol_tag: UNDERLAY
underlay_vtep_loopback_id: 1
replication_mode: multicast
underlay_rp_loopback_id: 250
ipv4:
fabric_interface_numbering: p2p
subnet_mask: 31
underlay_routing_loopback_ip_range: 10.11.0.0/22
underlay_vtep_loopback_ip_range: 10.111.100.0/22
underlay_rp_loopback_ip_range: 10.251.251.0/24
underlay_subnet_ip_range: 10.1.0.0/16
ospf:
area_id: 0.0.0.0
multicast:
underlay_rp_loopback_id: 250
rp_mode: asm
vxlan.yml Ansible PlaybookNow you need to create the main or top level Ansible playbook that will be used to build the fabric. This file will be the main entry point for all of the tasks and roles that you will create and invoke to manage your fabric using NDFC and Ansible.
touch ~/workspace/ndfclab/nac/vxlan.yml
cat << EOF > ~/workspace/ndfclab/nac/vxlan.yml
---
# This is the main entry point playbook for calling the various
# roles in this collection.
- name: Main Playbook
hosts: ndfc
any_errors_fatal: true
gather_facts: false
roles:
# -----------------------
# DataCenter Roles
# cisco.nac_dc_vxlan.dtc manages direct to controller NDFC workflows
#
- role: cisco.nac_dc_vxlan.dtc.create
tags: 'role_create'
- role: cisco.nac_dc_vxlan.dtc.deploy
tags: 'role_deploy'
- role: cisco.nac_dc_vxlan.dtc.remove
tags: 'role_remove'
EOF
Make sure you are in your root Ansible directory
cd ~/workspace/ndfclab/nac
From the root Ansible project directory execute the following command:
ansible-playbook -i hosts.stage.yml vxlan.yml
Upon a successful run of the playbook your output should look as follows:
<... SNIP ...> PLAY RECAP **************************************************************************************************************************************************************** fabric-stage : ok=203 changed=25 unreachable=0 failed=0 skipped=760 rescued=0 ignored=0 PLAYBOOK RECAP ************************************************************************************************************************************************************ Playbook run took 0 days, 0 hours, 1 minutes, 27 seconds TASKS RECAP *************************************************************************************************************************************************************** Wednesday 07 May 2025 15:22:41 +0000 (0:00:00.061) 0:01:27.825 ********* =============================================================================== cisco.nac_dc_vxlan.create : Manage Fabric fabric-stage in NDFC ---------------------------------------------------------------------------------------------------- 11.24s cisco.nac_dc_vxlan.connectivity_check : Get Cisco NDFC Version ----------------------------------------------------------------------------------------------------- 1.82s cisco.nac_dc_vxlan.remove : Get List of Fabric Switches from NDFC -------------------------------------------------------------------------------------------------- 1.22s cisco.nac_dc_vxlan.remove : Get Multisite Fabric Associations ------------------------------------------------------------------------------------------------------ 1.19s cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template ----------------------------------------------------------------------------------------- 0.85s cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host ------------------------------------------------------------------------------------------------------ 0.83s cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices ------------------------------------------------------------------------------------------------ 0.83s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ------------------------------------------------------- 0.74s cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to NDFC 10.15.0.26 on Port 443 ------------------------------------------------------------------------ 0.74s cisco.nac_dc_vxlan.common : Build Policy List From Template -------------------------------------------------------------------------------------------------------- 0.71s cisco.nac_dc_vxlan.common : Build Networks Attach List From Template ----------------------------------------------------------------------------------------------- 0.69s cisco.nac_dc_vxlan.common : Build VPC interface -------------------------------------------------------------------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------------ 0.67s cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template for loopback -------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template --------------------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------------ 0.65s cisco.nac_dc_vxlan.common : Build Loopback Interfaces List From Template ------------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build Edge Connections ----------------------------------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build Interface ------------------------------------------------------------------------------------------------------------------------ 0.64s cisco.nac_dc_vxlan.common : Build Links for vPC Peering ------------------------------------------------------------------------------------------------------------ 0.63s ROLES RECAP *************************************************************************************************************************************************************** Wednesday 07 May 2025 15:22:41 +0000 (0:00:00.065) 0:01:27.827 ********* =============================================================================== common ----------------------------------------------------------------- 41.59s create ----------------------------------------------------------------- 20.94s remove ----------------------------------------------------------------- 12.88s validate ---------------------------------------------------------------- 4.96s connectivity_check ------------------------------------------------------ 4.03s deploy ------------------------------------------------------------------ 1.33s common_global ----------------------------------------------------------- 0.05s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ total ------------------------------------------------------------------ 85.78s
Return to NDFC in your browser where you should still be sitting at the Fabrics dashboard. After the playbook has run, verify your staging fabric has been created by Ansible.
You should see the fabric fabric-stage in the list of fabrics.
This fabric was created by the Ansible playbook you just ran using your variables and defaults of NDFC and is empty at this point.
If your fabric-stage is not showing, please try clicking the Refresh button in the top-right of the Fabrics pane.
Each time you run the Ansible playbook in this vxlan-as-code section of the lab you will notice
a set of dependency roles and tasks within these roles get run before the
cisco.nac_dc_vxlan.dtc.create role is executed.
The dependecy roles are the:
cisco.nac_dc_vxlan.dtc.connectivity_check role,
cisco.nac_dc_vxlan.validate role, and the
cisco.nac_dc_vxlan.common role.
The diagram below illustrates the dependencies of the cisco.nac_dc_vxlan.dtc.create role and the various tasks that run in each role.
The cisco.nac_dc_vxlan.dtc.create role is dependent on the:
cisco.nac_dc_vxlan.dtc.connectivity_check rolecisco.nac_dc_vxlan.validate rolecisco.nac_dc_vxlan.common rolecisco.nac_dc_vxlan.dtc.create role is the role that creates the fabric in NDFC.
As you can see from the ROLES RECAP, the dependency roles take around 50 seconds to run before the cisco.nac_dc_vxlan.dtc.create role is executed.
With devops toolchains, it comes naturally that you deal with a number of files. In an effort to keep your workspace in VSCode tidy and focused on your current tasks, you can use a keyboard shortcut to close files at the end of each section.
Navigate back to your VSCode application. On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.
Please continue to the next section to start managing inventory in your staging fabric.