Wired Intelligent Edge

 View Only
  • 1.  Is Static VXLAN on VSX Supported?

    Posted Mar 31, 2022 01:00 PM
    We're moving our data center over to an Equinix colo facility and have a pair of 8360's installed with VSX configured, it's a small number of hosts so they are directly connected to both switches. We want to extend layer 2 back to our old data center and copy the servers over the wire to the new site. In 10.08 and earlier, the release notes stated that static VXLAN was not supported with VSX, but in the 10.09 release notes that is no longer mentioned as a caveat.

    I don't want to over complicate things with setting up EVPN if I can avoid it.  The issue is I can't find any info on setting up static VXLAN with VSX and for EVPN it sounds like I'd need a additional spine switch, which I don't have.

    Any ideas on how to accomplish this?

    Thanks
    Andy

    ------------------------------
    Andy Jezierski
    ------------------------------


  • 2.  RE: Is Static VXLAN on VSX Supported?

    Posted Apr 01, 2022 07:46 AM
    Edited by vincent.giles Apr 01, 2022 07:46 AM
    I'd like to clarify that spines are not mandatory at all to set-up EVPN between VTEPs. 
    Most of documentation focus on spine-leaf architecture because this is the majority of the deployment use-case.
    If you need only few VTEPs interconnecting, even directly, then no need for spine, no need for BGP route-reflector, just set-up
    full-mesh iBGP (starting at 4 nodes, it becomes more interesting to deploy RR).

    Second point about static VXLAN. True, you can use static VXLAN, still using anycast VXLAN source IP shared address between VSX Primary and Secondary. The underlay must handle routing for such anycast IP to reach both primary and secondary.

    ------------------------------
    Vincent Giles
    ------------------------------



  • 3.  RE: Is Static VXLAN on VSX Supported?

    Posted Sep 03, 2024 11:29 AM

    Hi Vincent!

    We have two VSX pairs between which we want to do static VXLAN. The idea is to use anycast loopback with a shared address between the primary and secondary device in a VSX pair. Anycast loopback would be used as a source, on the other hand it would be a destination for other pair of switches.
    What bothers us is that when you do a ping with the source address from that anycast loopback to the address on another pair of switches - from one device that source works, but from the other it does not, which I would say is normal behavior in case we have "duplicates" IP".

    Is this behavior expected? 

    How does it behave when we have a VXLAN tunnel up? Will the tunnel be functional only from one switch at a time or?
    An example of such a configuration is not really present in the available documents, so I would like to know how it behaves in reality.

    Thanks!

    Marko




  • 4.  RE: Is Static VXLAN on VSX Supported?

    Posted Sep 04, 2024 04:30 AM

    Hello Marko,

    Yes, it is expected behavior as the reply packet may (depending on ECMP, hashing) return on the VSX node which didn't send the echo packet. For ping/traceroute you need to source the traffic from unicast IP address (not from the anycast IP). This point is addressed in VXLAN user guide. So, best is to create a loopback, unique to each individual switch, one per VRF, and then source point from it.

    Tunnel is up on both switch, no issue. As this is static MACs are learnt through the dataplane. We fully support and document the concept of Extended-Edge where a standalone VTEP has a static VXLAN tunnel to a VSX pair (called Stub VTEP, linking dataplane MAC learning to EVPN domain). But not between 2 VSX pairs as a use-case. It is not officially tested and supported but technically it should work (would need to check exact recovery time at scale during live upgrade).

    When we have 2 VSX pairs, EVPN was the priority in term of qualification as the main use-case. 




  • 5.  RE: Is Static VXLAN on VSX Supported?

    Posted Sep 18, 2024 04:34 AM

    Hi Vincent, thank you for your reply. We eventually configured BGP EVPN and it works fine! But we received a request to isolate that underlay network in a separate VRF. In the documentation we did not find explicitly a restriction for that, but it seems that we cannot configure evpn neighbors that are in VRF context. Can you maybe confirm that? 



    ------------------------------
    Marko
    ------------------------------



  • 6.  RE: Is Static VXLAN on VSX Supported?

    Posted Sep 18, 2024 08:24 AM

    Correct. Underlay for VXLAN tunnels must be default VRF. I almost sure it is mentioned in VXLAN user guide but I'll have to check.
    Feel free to contact your local HPE Aruba Networking representative to raise this feature request.