Configuring Virtual Link Extension

The vLE configuration revolves around the creation and transport over VXLAN of one or more transparent VLANs using the transparent option of the vlan-create vxlan-mode standard|transparent command. To explain how that is implemented, let’s first refer to Figure 9-4 below which shows an example with port 10 and 17 as ingress/egress vLE ports on two fabric leaf switches that are supposed to be connected transparently through a vLE pseudo-wire:



Figure 9-4. Two Ports Interconnected Through a vLE Pseudo-wire



Establishing such vLE pseudo-wire transport requires multiple configuration steps:


  1. Configuration of jumbo frames on all the required ports (ingress and egress ports, as well as all inter-switch ports that are used to transport vLE traffic)
  2. Creation of Layer 3 VLANs (or of routed ports) that are used as tunnel end points (with an MTU configuration suitable to route jumbo frames)
  3. Set up of dedicated VXLAN connections. Typically, manual tunnels are created and set aside for vLE use.
  4. Creation of a VXLAN-mapped transparent VLAN to transport the traffic over vLE.
  5. Addition of the transparent VLAN’s VXLAN ID to the allocated tunnels.


Let us look at one configuration example for each of the above steps.


Step 1 requires adding the jumbo option as part of the port configuration with the following command(s):


CLI (network-admin@leaf-1) > port-config-modify port 10 jumbo


In this example, as shown in the figure above, port 10 on leaf-1 is a vLE port. Jumbo (i.e., oversized) frame support should be enabled if mirroring of ingress frames with a (typical) MTU of 9216 bytes is required.


This option is usually already configured end-to-end on inter-switch links if a VXLAN transport is used in the fabric (refer to the Configuring VXLAN section).


Otherwise, the following commands can be used to enable the transport of oversized frames on inter-switch links (individual ports or trunks):


CLI (network-admin@leaf-1) > port-config-modify port <inter-switch port-list> jumbo


CLI (network-admin@leaf-1) > trunk-modify name <trunkname> jumbo


Step 2 requires the creation of the Layer 3 routing endpoints, in this case VLAN interfaces (a.k.a. SVIs), on the switches where the ingress and egress vLE ports are located:


CLI (network-admin@leaf-1)> vlan-create id 1021 scope local description VLE-VTEP ports none


CLI (network-admin@leaf-1)> vrouter-interface-add vrouter-name Leaf-1 vlan 1021 ip 10.21.1.1/30 mtu 9398


CLI (network-admin@leaf-5)> vlan-create id 1021 scope local description VLE-VTEP ports none


CLI (network-admin@leaf-5)> vrouter-interface-add vrouter-name Leaf-5 vlan 1021 ip 10.21.7.1/30 mtu 9398


Then the VLAN(s) can be checked with the following command:


CLI (network-admin@leaf-1)> vlan-show id 1021


switch     id   scope description active

---------- ---- ------ ----------- -----

leaf-1     1021 local VLE-VTEP    yes                   

leaf-5     1021 local VLE-VTEP    yes                   


Step 3 involves the creation of the VXLAN tunnels:


CLI (network-admin@leaf-1)> tunnel-create name VLE_L1_to_L5 scope local local-ip 10.21.1.1 remote-ip 10.21.7.1 vrouter-name Leaf-1


CLI (network-admin@leaf-5)> tunnel-create name VLE_L5_to_L1 scope local local-ip 10.21.7.1 remote-ip 10.21.1.1 vrouter-name Leaf-5


The tunnel creation can be checked with the following commands:


CLI (network-admin@leaf-1) > tunnel-show local-ip 10.21.1.1 format switch,scope,name,type,vrouter-name,local-ip,remote-ip


switch     scope name         type  vrouter-name local-ip  remote-ip 

---------- ----- ------------ ----- ------------ --------- --------- 

leaf-1     local VLE_L1_to_L5 vxlan Leaf-1       10.21.1.1 10.21.7.1 


CLI (network-admin@leaf-5) > tunnel-show local-ip 10.21.7.1 format switch,scope,name,type,vrouter-name,local-ip,remote-ip


switch     scope name         type  vrouter-name local-ip  remote-ip 

---------- ----- ------------ ----- ------------ --------- --------- 

leaf-5     local VLE_L5_to_L1 vxlan Leaf-5       10.21.7.1 10.21.1.1 


Step 4 requires the creation of a transparent VLAN per vLE:


CLI (network-admin@leaf-1)> vlan-create id 3001 scope local description VLE-1 vxlan-mode transparent vxlan 3001000 ports 10

CLI (network-admin@leaf-5)> vlan-create id 3001 scope local description VLE-1 vxlan-mode transparent vxlan 3001000 ports 17


The VLAN’s creation can be checked with the following command:


CLI (network-admin@leaf-1)> vlan-show id 3001 format switch,id,type,vxlan,scope,description,active,ports


switch     id   type   vxlan   scope description active ports 

---------- ---- ------ ------- ----- ----------- ------ ----- 

leaf-1     3001 public 3001000 local VLE-1       yes    10    

leaf-5     3001 public 3001000 local VLE-1       yes    17


Finally, in step 5 the above VXLAN ID(s) of the transparent VLAN(s) are mapped to the tunnel(s):


CLI (network-admin@leaf-1)> tunnel-vxlan-add name VLE_L1_to_L5 vxlan 3001000

CLI (network-admin@leaf-5)> tunnel-vxlan-add name VLE_L5_to_L1 vxlan 3001000


The VXLAN tunnels and their mappings can be checked with the following command:


CLI (network-admin@leaf-1)> tunnel-vxlan-show vxlan 3001000


switch     name         vxlan   

---------- ------------ ------- 

leaf-1     VLE_L1_to_L5 3001000

leaf-5     VLE_L5_to_L1 3001000


Note: Starting from Netvisor ONE release 6.1.1, to prevent the misconfiguration of a vLE port which may get assigned to another VLAN by mistake, a new configuration check was added. The restriction is that a port assigned to a regular VLAN cannot be assigned to a vLE VLAN (i.e., in transparent mode) and vice versa.

Let's suppose VLAN 1 (the default VLAN) and VLAN 100 are assigned to port 1, as shown below:


CLI (network-admin@switch) > port-vlan-show ports 1

switch port vlans untagged-vlan description active-vlans

------ ---- ----- ------------- ----------- ------------

switch 1    1,100 1                         none


An attempt to assign this port to a vLE VLAN (VLAN 555 in transparent mode) is rejected:


CLI (network-admin@switch) > vlan-create id 555 scope local ports 1 vxlan-mode transparent vxlan 666666

vlan-create: vle port 1 cannot be member of other vlans


If you want to unassign the port and then reassign it to a vLE VLAN, you can go through a two-step process. First, remove the port from the specific VLAN (VLAN 100 in the above example, or from vlans all):


CLI (network-admin@switch) > port-vlan-remove port 1 vlans 100


CLI (network-admin@switch) > port-vlan-show ports 1

switch port vlans untagged-vlan description active-vlans

------ ---- ----- ------------- ----------- ------------

switch 1    1     1                         none


Then you can assign it to a vLE VLAN like so:


CLI (network-admin@switch) > vlan-create id 555 scope local ports 1 vxlan-mode transparent vxlan 666666

Vlans 555 created


CLI (network-admin@switch) > port-vlan-show ports 1

switch port vlans untagged-vlan description active-vlans

------ ---- ----- ------------- ----------- ------------

switch 1    555   555                       none


north
    keyboard_arrow_up
    keyboard_arrow_down
    description
    print
    feedback
    support
    business
    rss_feed
    south