Configuring Regular Traffic and vPG Traffic Over the Same Fabric Topology

Starting with NetVisor OS version 7.0.1, you can configure the Network Packet Broker functionality on the same network topology used for regular traffic (the so-called production network).

With NetVisor OS, only one VTEP configuration with auto-tunnel is allowed on a per switch (or switch pair) basis. The Network Packet Broker (NPB) functionality uses VTEPs with MAC learning disabled, whereas a production network uses VTEPs with MAC learning enabled. Therefore, because of this divergence, before NetVisor OS version 7.0.1, the fabric could be used either for production traffic or for NPB functionality. NetVisor OS version 7.0.1 enables both production and NPB traffic to coexist in the same fabric by using the same underlay and the same VTEPs. For a single VTEP, two tunnels are created, one for production traffic and one for NPB functionality. For production traffic, VXLAN tunnels is configured in standard mode. Additionally, for NPB traffic VXLAN tunnels are configured in transparent mode. This combination is referred to as hybrid mode.

Hybrid Mode

NetVisor OS can interconnect VTEPs automatically upon creation: when the switch is in hybrid mode (i.e., is configured for both standard and transparent mode), it creates two tunnels, one for regular traffic and one for NPB traffic. When hybrid mode is enabled for the same source IP, source port, destination IP and destination port, two tunnels are created: one standard tunnel with MAC learning enabled and another transparent tunnel with MAC learning disabled. Per-mode VNIs are associated to the VTEPs and are added to the respective tunnels in the hardware. (For more details on VTEPs, automatic tunnels and the VXLAN feature, refer to the Configuring VXLAN chapter.)

Note: Once the feature is enabled, and when a regular VTEP is created, for this special VTEP an automatic tunnel is created for standard mode only, as an additional tunnel is not supported nor required for NPB.

Note: While upgrading from earlier versions to NetVisor OS version 7.0.1, ensure that  the hybrid-mode is enabled before proceeding with upgrade if you want to configure both vLE and vPG on the same fabric.

The feature is disabled by default and can be enabled using the following command:

CLI (network-admin@switch) > system-setting-modify  hybrid-mode

To disable the hybrid mode, use the command:

CLI (network-admin@switch) > system-setting-modify  no-hybrid-mode

The hybrid mode value is visible only after enabling the hybrid mode feature. To view details, use the command:

CLI(network-admin@switch) > bridge-domain-show

switch   name         scope  vxlan    auto-vxlan vxlan-hybrid-mode rsvd-vlan ports         vxlan-inner-packet mac-learning l2-tunneling

-------- ------------ ------ -------- ---------- ----------------- --------- ------------- ------------------ ------------ ------------

switch-1 BD-1         fabric 10800    no         standard          1090                    auto               on           none

switch-2 BD-1         fabric 10800    no         standard          1090                    auto               on           none 

switch-3 BD-1         fabric 10800    no         standard          1090                    auto               on           none

switch-1 auto-dst_vpg local  12333333 no         transparent       2666      57-59,272,397 auto               off

switch-2 auto-dst_vpg local  12333333 no         transparent       2666      25-27,272,397 auto               off

switch-3 auto-dst_vpg local  12333333 no         transparent                 397           auto               off

Note: You must reboot the switch after enabling or disabling feature.

Note: Bridge domains created as part of the NPB functionality will have the transparent value in the vxlan-hybrid-mode output column.

Note: When hybrid mode is disabled, the entire column of vxlan-hybrid-mode field is not visible in the show command output.

Note: When hybrid mode is enabled, more hardware resources will be utilized: the number of vFlow entries in the system table is increased with one additional vFlow entry allocated per BD. If the system table gets full, new vPG creation will fail. So, if only NPB/production traffic is to be used in the fabric, hybrid mode can be disabled.

Note: Enabling this feature results in creating a vFlow to block the CPU's incoming traffic at tunnel decapsulation. The tupple for this ICAP vFlow is VXLAN of vPG bridge-domain. This will hinder any additional vFlow the user has to create from vPG traffic on the egress side.

VTEP Tunnel Creation in Hybrid Mode

In NetVisor OS version 7.0.1 or later, when hybrid mode feature is enabled two tunnels are created, one for standard and one for transparent mode as shown in the figure below.

  • In standard mode, auto-tunnel naming follows the standard rules. In transparent mode, the keyword _transparent_mode is appended.
  • A transparent mode tunnel uses the same tunnel source and tunnel destination as a standard tunnel, but with MAC learning disabled and enabled for transparent as well as standard tunnel respectively.

Figure 11-4 - Switches with two auto tunnels in Hybrid mode

For more details, visit the Configuring the Overlay: VTEP Interconnections and VNIs topic.