vxlanEXEC

show nve peers

Displays information about NVE peers, including their IP addresses, interface state, uptime, and control-plane or data-plane learning details.

Overview

The 'show nve peers' command is a critical diagnostic tool for VXLAN overlay networks on Cisco Nexus switches running NX-OS. It displays the status of remote VTEPs (VXLAN Tunnel Endpoints) that the local switch has discovered, either through BGP EVPN control-plane learning or via data-plane flood-and-learn. In modern VXLAN EVPN fabrics, this command is used to verify that all expected remote VTEPs are reachable and that the BGP EVPN session is successfully exchanging Network Layer Reachability Information (NLRI). The command shows each peer's IP address, the NVE interface it is associated with, its operational state (Up/Down), the learning method (CP for control-plane, DP for data-plane), and the uptime since the peer was established. This information is essential for troubleshooting connectivity issues between VTEPs, such as when hosts in different VXLAN segments cannot communicate. The command also supports a 'detail' option that provides additional information, including the router MAC addresses of both the local and remote VTEPs, the peer's NVE interface, and the list of VNIs (Virtual Network Identifiers) that are shared with that peer. This detailed view helps in verifying that the correct VNIs are being exchanged and that the MAC address tables are populated correctly. In a typical troubleshooting workflow, an engineer would first use 'show nve peers' to confirm that all remote VTEPs are in the 'Up' state. If any peer is 'Down', the next steps would involve checking IP reachability (ping), verifying the NVE interface configuration, and inspecting BGP EVPN sessions. The command is also useful during initial deployment to ensure that new VTEPs are discovered and that the overlay network is fully meshed. On Cisco NX-OS, the command is available in EXEC mode and does not require any special privileges. It is important to note that the output may vary slightly depending on the NX-OS version and the specific Nexus platform (e.g., 9000 series, 7000 series with F3 line cards). However, the core fields remain consistent across platforms.

Syntax·EXEC
show nve peers [interface nve <num>] [peer-ip <ip-address>] [detail]

When to Use This Command

  • Verify that VXLAN tunnel endpoints (VTEPs) have established BGP EVPN peering and are reachable.
  • Troubleshoot missing or flapping NVE peers in a VXLAN EVPN fabric.
  • Check the operational state and uptime of remote VTEPs after a network change.
  • Monitor the number of peers and their learning source (control-plane vs data-plane) for capacity planning.

Parameters

ParameterSyntaxDescription
interface nve <num>interface nve <1-16384>Specifies the NVE interface to filter peers. If omitted, all NVE interfaces are shown. The number must match an existing NVE interface.
peer-ip <ip-address>peer-ip A.B.C.DFilters output to show only the peer with the specified IP address. Used with 'detail' to get detailed information about a specific peer.
detaildetailDisplays detailed information about each peer, including router MAC addresses, peer NVE interface, and VNI list. Must be used with 'interface nve' and optionally 'peer-ip'.

Command Examples

Basic NVE peer summary

show nve peers
Interface  Peer-IP          State  LearnType  Uptime
nve1      192.168.10.1     Up     CP         2d18h
nve1      192.168.10.2     Up     CP         2d18h
nve1      192.168.10.3     Up     CP         2d18h

Shows three NVE peers on interface nve1, all in Up state, learned via control-plane (CP), with uptime of 2 days 18 hours.

Detailed NVE peer information

show nve peers interface nve 1 peer-ip 192.168.10.1 detail
Interface: nve1, Peer-IP: 192.168.10.1
State: Up
LearnType: CP
Uptime: 2d18h
Router MAC: 00:0c:29:ab:cd:01
NVE Flags: none
Peer Router MAC: 00:0c:29:12:34:56
Peer NVE Interface: nve1
Peer VNI Count: 10
Peer VNI List: 10010,10020,10030,10040,10050,10060,10070,10080,10090,10100

Detailed output for a specific peer shows router MACs, peer NVE interface, and the list of VNIs shared with this peer.

Understanding the Output

The 'show nve peers' command output provides a table with key columns: Interface (the NVE interface), Peer-IP (the remote VTEP IP address), State (Up or Down), LearnType (CP for control-plane, DP for data-plane), and Uptime (how long the peer has been established). A healthy peer shows State as 'Up' and LearnType as 'CP' (in EVPN deployments). If State is 'Down', the peer is unreachable or the NVE interface is down. LearnType 'DP' indicates data-plane learning, which is less common in modern EVPN fabrics and may indicate misconfiguration. The 'detail' option adds router MAC addresses, peer NVE interface, and a list of VNIs learned from that peer. The VNI count and list help verify that all expected VNIs are being exchanged. A missing VNI could indicate a BGP EVPN route advertisement issue.

Configuration Scenarios

Verifying NVE Peers in a Two-Node VXLAN EVPN Fabric

Two Nexus 9000 switches configured as VTEPs in a VXLAN EVPN fabric. The goal is to verify that both switches see each other as NVE peers.

Topology

+--------+ +--------+ | N9K-1 |----------| N9K-2 | |VTEP | IP:10.0.0.1/32 |VTEP | +--------+ +--------+ NVE: nve1 NVE: nve1

Steps

  1. 1.On N9K-1, enter EXEC mode and run 'show nve peers'.
  2. 2.Verify that N9K-2's IP address (10.0.0.2) appears with State 'Up' and LearnType 'CP'.
  3. 3.On N9K-2, run the same command and confirm N9K-1's IP (10.0.0.1) is present.
Configuration
! No configuration changes needed; this is a verification step.

Verify: Both switches show each other as 'Up' with 'CP' learning. The uptime should be consistent.

Watch out: If the peer state is 'Down', check IP connectivity (ping) and ensure BGP EVPN sessions are established.

Troubleshooting with This Command

When troubleshooting VXLAN connectivity issues, 'show nve peers' is the first command to run after verifying basic IP connectivity. If a remote VTEP is not appearing in the output, the most common causes are: (1) The remote VTEP is not configured with the same VNI or NVE interface, (2) BGP EVPN sessions are not established, (3) Firewall rules are blocking VXLAN UDP port 4789, or (4) The underlay network is not providing reachability between the VTEP loopback addresses. If a peer appears but is in 'Down' state, check the NVE interface status with 'show nve interface nve1' and verify that the interface is not administratively down. Also check the peer's IP address is reachable via ping. If the peer is 'Up' but the LearnType is 'DP' when it should be 'CP', this indicates that the peer was learned via data-plane flood-and-learn, which may happen if BGP EVPN is not properly configured or if the peer is a legacy VTEP. In such cases, verify the BGP EVPN configuration with 'show bgp l2vpn evpn summary'. The 'detail' option is particularly useful when a peer is missing specific VNIs. For example, if a host in VNI 10010 cannot communicate with a host on a remote VTEP, run 'show nve peers interface nve1 peer-ip <remote-ip> detail' and check if VNI 10010 appears in the 'Peer VNI List'. If it is missing, the issue is likely in the BGP EVPN route advertisement for that VNI. Additionally, the 'Router MAC' fields can be used to verify that the correct MAC addresses are being learned. If the peer router MAC is all zeros or incorrect, there may be a MAC address conflict or a problem with the BGP EVPN control plane. Finally, the 'Uptime' field helps identify flapping peers; if the uptime is very low (e.g., seconds), the peer is unstable and the cause should be investigated (e.g., link flapping, BGP session bouncing).

CCNA Exam Tips

1.

Remember that 'CP' (control-plane) learning is used with BGP EVPN, while 'DP' (data-plane) is used with flood-and-learn (traditional VXLAN).

2.

In CCNP Enterprise, know that 'show nve peers' is the primary command to verify VTEP connectivity in VXLAN EVPN fabrics.

3.

Be able to interpret the 'State' field: 'Up' means the peer is reachable and the NVE interface is operational; 'Down' indicates a problem.

Common Mistakes

Confusing 'show nve peers' with 'show nve vni' – the former shows remote VTEPs, the latter shows local VNIs.

Assuming all peers should show 'CP' learning – in legacy deployments, 'DP' is normal, but in EVPN it indicates a problem.

Forgetting to specify the interface when using 'detail' – the command requires 'interface nve <num>' to show detailed output.

Platform Notes

On Cisco NX-OS, the 'show nve peers' command is available on Nexus 9000, 7000 (with F3 line cards), and 3000 series switches. The output format is consistent across these platforms, though the 'detail' option may show slightly different fields (e.g., 'Peer Router MAC' vs 'Remote Router MAC'). In contrast, Cisco IOS-XE (e.g., Catalyst 9000) uses a different command set for VXLAN; the equivalent command is 'show vxlan peers' or 'show vxlan tunnel-endpoint peers'. On IOS-XE, the output includes similar fields but with different column names (e.g., 'Tunnel Endpoint' instead of 'Peer-IP'). Additionally, NX-OS supports the 'detail' keyword, while IOS-XE may require 'show vxlan tunnel-endpoint peers detail'. For Arista EOS, the equivalent command is 'show vxlan peers' or 'show vxlan address-table'. It is important to note that on older NX-OS versions (pre-7.0), the command may not support the 'detail' option. Also, on Nexus 7000 with F2 line cards, VXLAN is not supported, so this command will not be available. When migrating from IOS to NX-OS, engineers should be aware that the NVE interface concept is unique to NX-OS; in IOS, VXLAN tunnels are configured under 'interface Tunnel' or 'interface Vxlan'. The 'show nve peers' command is a powerful tool that, when combined with 'show nve vni' and 'show bgp l2vpn evpn', provides a complete picture of the VXLAN overlay network health.

Practice for the CCNA 200-301

Test your knowledge with hundreds of CCNA practice questions covering all exam domains.

Practice CCNA Questions