VXLAN as Code is a data-model driven framework. It allows you to define your network infrastructure as code, following a simple to use data model. This data model essentially
provides the structure of all variables and parameters that are required to build your fabric. The data model is defined using several YAML files, which are easy to read and write. The data model
to build the VXLAN Fabric is divided into multiple high level sections or keys. For your reference the entire data-model for VXLAN as code can be found here:
VXLAN as Code Data Model
To begin building the VXLAN Fabric, you will need to create a set of YAML files that define the fabric, global settings, underlay, and other parameters. These files will be used by Ansible to create and manage the fabric in ND.
Create the fabric.nac.yml file in the host_vars/fabric-stage directory. This file will contain the fabric name and type.
Do note that the actual filename does not matter, rather the keys and values within the file need to follow the VXLAN as Code Data Model structure.
touch ~/workspace/ndlab/nac/host_vars/fabric-stage/fabric.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/fabric.nac.yml
---
vxlan:
fabric:
name: fabric-stage
type: VXLAN_EVPN
Next, you will create the global.nac.yml file in the host_vars/fabric-stage directory. This file will contain global settings for the fabric, such as BGP ASN, route reflectors, DNS servers, NTP servers, and bootstrap settings.
touch ~/workspace/ndlab/nac/host_vars/fabric-stage/global.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/global.nac.yml
---
vxlan:
global:
ibgp:
bgp_asn: "65001"
route_reflectors: 2
anycast_gateway_mac: 12:34:56:78:90:00
dns_servers:
- ip_address: 10.0.249.16
vrf: management
ntp_servers:
- ip_address: 10.81.254.131
vrf: management
You will then create the underlay.nac.yml file in the host_vars/fabric-stage directory. This file will contain underlay settings for the fabric, such as routing protocol to use, IP addressing, and multicast settings.
touch ~/workspace/ndlab/nac/host_vars/fabric-stage/underlay.nac.yml
code-server -r ~/workspace/ndlab/nac/host_vars/fabric-stage/underlay.nac.yml
---
vxlan:
underlay:
general:
routing_protocol: ospf
underlay_routing_loopback_id: 0
underlay_routing_protocol_tag: UNDERLAY
underlay_vtep_loopback_id: 1
replication_mode: multicast
underlay_rp_loopback_id: 250
ipv4:
fabric_interface_numbering: p2p
subnet_mask: 31
underlay_routing_loopback_ip_range: 10.11.0.0/22
underlay_vtep_loopback_ip_range: 10.111.100.0/22
underlay_rp_loopback_ip_range: 10.251.251.0/24
underlay_subnet_ip_range: 10.1.0.0/16
ospf:
area_id: 0.0.0.0
multicast:
underlay_rp_loopback_id: 250
rp_mode: asm
vxlan.yml Ansible PlaybookNow you need to create the main or top level Ansible playbook that will be used to build the fabric. This file will be the main entry point for all of the tasks and roles that you will create and invoke to manage your fabric using ND and Ansible.
touch ~/workspace/ndlab/nac/vxlan.yml
cat << EOF > ~/workspace/ndlab/nac/vxlan.yml
---
# This is the main entry point playbook for calling the various
# roles in this collection.
- name: Main Playbook
hosts: nd
any_errors_fatal: true
gather_facts: false
roles:
# -----------------------
# DataCenter Roles
# cisco.nac_dc_vxlan.dtc manages direct to controller ND workflows
#
- role: cisco.nac_dc_vxlan.dtc.create
tags: 'role_create'
- role: cisco.nac_dc_vxlan.dtc.deploy
tags: 'role_deploy'
- role: cisco.nac_dc_vxlan.dtc.remove
tags: 'role_remove'
EOF
Make sure you are in your root Ansible directory
cd ~/workspace/ndlab/nac
From the root Ansible project directory execute the following command:
ansible-playbook -i hosts.stage.yml vxlan.yml
Upon a successful run of the playbook your output should look as follows:
<... SNIP ...> PLAY RECAP ********************************************************************************************************************************************************************* fabric-stage : ok=249 changed=31 unreachable=0 failed=0 skipped=1246 rescued=0 ignored=0 PLAYBOOK RECAP ***************************************************************************************************************************************************************** Playbook run took 0 days, 0 hours, 2 minutes, 0 seconds TASKS RECAP ******************************************************************************************************************************************************************** Wednesday 01 October 2025 15:29:06 +0000 (0:00:00.064) 0:02:00.339 ***** =============================================================================== cisco.nac_dc_vxlan.create : Manage Fabric in Nexus Dashboard ----------------------------------------------------------------------------------------------------------- 20.98s cisco.nac_dc_vxlan.connectivity_check : Get Cisco Nexus Dashboard Fabric Controller Version ----------------------------------------------------------------------------- 1.66s cisco.nac_dc_vxlan.common : Get POAP Data From POAP Enabled Devices ----------------------------------------------------------------------------------------------------- 1.62s cisco.nac_dc_vxlan.remove : Get List of iBGP VXLAN Fabric Switches from Nexus Dashboard --------------------------------------------------------------------------------- 1.19s cisco.nac_dc_vxlan.remove : Get Multisite Fabric Associations in Nexus Dashboard ---------------------------------------------------------------------------------------- 1.16s cisco.nac_dc_vxlan.common : Build Fabric Creation Parameters From Template ---------------------------------------------------------------------------------------------- 0.83s cisco.nac_dc_vxlan.connectivity_check : Verify Authorization to Nexus Dashboard ----------------------------------------------------------------------------------------- 0.78s cisco.nac_dc_vxlan.validate : Copy Service Model Data to Host ----------------------------------------------------------------------------------------------------------- 0.68s cisco.nac_dc_vxlan.common : Build Policy List From Template ------------------------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build Fabric Switch Inventory List From Template -------------------------------------------------------------------------------------------- 0.67s cisco.nac_dc_vxlan.common : Build Interface ----------------------------------------------------------------------------------------------------------------------------- 0.65s cisco.nac_dc_vxlan.common : Build Fabric Links -------------------------------------------------------------------------------------------------------------------------- 0.64s cisco.nac_dc_vxlan.common : Build Interface Po -------------------------------------------------------------------------------------------------------------------------- 0.63s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ------------------------------------------------------------ 0.63s cisco.nac_dc_vxlan.common : Build Interface ----------------------------------------------------------------------------------------------------------------------------- 0.63s cisco.nac_dc_vxlan.common : Retrieve NDFC Device Username and Password from Group Vars and update inv_config ------------------------------------------------------------ 0.62s cisco.nac_dc_vxlan.common : Build Fabric Switch Inventory List From Template -------------------------------------------------------------------------------------------- 0.62s cisco.nac_dc_vxlan.common : Build VRFs Attach List From Template -------------------------------------------------------------------------------------------------------- 0.62s cisco.nac_dc_vxlan.common : Build vPC interface ------------------------------------------------------------------------------------------------------------------------- 0.61s cisco.nac_dc_vxlan.common : Build Interface ----------------------------------------------------------------------------------------------------------------------------- 0.61s ROLES RECAP ******************************************************************************************************************************************************************** Wednesday 01 October 2025 15:29:06 +0000 (0:00:00.069) 0:02:00.342 ***** =============================================================================== common ----------------------------------------------------------------- 57.94s create ----------------------------------------------------------------- 34.84s remove ----------------------------------------------------------------- 14.15s validate ---------------------------------------------------------------- 4.23s connectivity_check ------------------------------------------------------ 3.99s deploy ------------------------------------------------------------------ 1.92s common_global ----------------------------------------------------------- 0.05s ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ total ----------------------------------------------------------------- 117.11s
Return to ND in your browser where you should still be sitting at the Fabrics dashboard. After the playbook has run, verify your staging fabric has been created by Ansible.
You should see the fabric fabric-stage in the list of fabrics.
This fabric was created by the Ansible playbook you just ran using your variables and defaults of ND and is empty at this point.
If your fabric-stage is not showing, please try clicking the Refresh button in the top-right of the Fabrics pane.
Each time you run the Ansible playbook in this vxlan-as-code section of the lab you will notice
a set of dependency roles and tasks within these roles get run before the
cisco.nac_dc_vxlan.dtc.create role is executed.
The dependecy roles are the:
cisco.nac_dc_vxlan.dtc.connectivity_check role,
cisco.nac_dc_vxlan.validate role, and the
cisco.nac_dc_vxlan.common role.
The diagram below illustrates the dependencies of the cisco.nac_dc_vxlan.dtc.create role and the various tasks that run in each role.
The cisco.nac_dc_vxlan.dtc.create role is dependent on the:
cisco.nac_dc_vxlan.dtc.connectivity_check rolecisco.nac_dc_vxlan.validate rolecisco.nac_dc_vxlan.common rolecisco.nac_dc_vxlan.dtc.create role is the role that creates the fabric in ND.
As you can see from the ROLES RECAP, the dependency roles take around 50 seconds to run before the cisco.nac_dc_vxlan.dtc.create role is executed.
With devops toolchains, it comes naturally that you deal with a number of files. In an effort to keep your workspace in VSCode tidy and focused on your current tasks, you can use a keyboard shortcut to close files at the end of each section.
Navigate back to your VSCode application. On the keyword press Ctrl + K + W. This should close all open tabs to clear your workspace for the next section.
Please continue to the next section to start managing inventory in your staging fabric.