Wired Intelligent Edge (Campus Switching and Routing)

Reply
Highlighted

Configuring VRF on ArubaOS-CX - Checklist

Virtual Routing and Forwarding:

Virtual Routing and Forwarding (VRF) is a Layer 3 level isolation to achieve Virtual Private Network (VPN).

Virtual routing and forwarding (VRF) is a technology that allows multiple instances of a routing table to co-exist within the same router.

Because the routing instances are independent, the same or overlapping IP addresses can be used without conflicting with each other.

Network functionality is improved because network paths can be segmented without requiring multiple routers.

 

Network Diagram:AOS-CX-VRFjpg.jpg

ABBREVIATION:

HB: Heartbeat Link

VSX: Virtual Switching Extension

MC-LAG: Multi-chassis LAG

VRF: Virtual Routing and Forwarding

 

Checklist for configuring VRF on AOS-CX Switch:

It about using the command “vrf attach” to the L3 Interface.

We got two VRF here.,

Default: 172.30.29.0/24                TRANSIT SUBNET: 10.10.101.2

DOE: 10.10.200.0/24                    TRANSIT SUBNET: 10.10.102.2

The transit subnet should also be a part of the VRF.

Since we only got one link from AOS-CX to 7005 Gateway, the links needs to be configured as trunk with multiple VLAN L3 interface, one for each VRF.

 

Create the VRF:

vrf DOE

 

Create the VLANs:

vlan 102

    name DOE_Transit_Subnet

vlan 200

    name DOE-Network

 

Define the connection mode and VLAN tagging:

interface lag 1 multi-chassis   //Connection between 2930M and AOS-CX

    vsx-sync vlans

    no shutdown

    description MC-LAG

    no routing

    vlan trunk native 101

    vlan trunk allowed all

    lacp mode active

interface 1/1/32

    no shutdown

    description From_2930M_Distribution_MCLAG

    lag 1

 

interface 1/1/48     //Connection between the AOS-CX and the 7005 G/W

    no shutdown

    description To_7005_Gateway

    no routing

    vlan trunk native 101

    vlan trunk allowed all

 

Doing the VRF Attach:

interface vlan102

    vsx-sync active-gateways

    vrf attach DOE

    description DOE-Network

    ip address 10.10.102.12/24

    active-gateway ip mac 00:00:00:00:02:00

    active-gateway ip 10.10.102.2

interface vlan200

    vsx-sync active-gateways

    vrf attach DOE

    description DOE-Network

    ip address 10.10.200.2/24

    active-gateway ip mac 00:00:00:00:02:00

    active-gateway ip 10.10.200.1

 

Remember to configure default Gateway on AOS-CX for each VRF:

ip route 0.0.0.0/0 10.10.102.1 vrf DOE                     //For VRF “DOE”

ip route 0.0.0.0/0 10.10.101.1                                  //For VRF “Default”

 

Also add the reverse route on the 7005 Gateway:

ip route 10.10.200.0 255.255.255.0 10.10.102.2       //For VRF “DOE”

ip route 172.30.29.0 255.255.255.0 10.10.101.2      //For VRF “Default”

 

In order to know how to configure VSX and MC-LAG, please refer the below link

https://community.arubanetworks.com/t5/Wired-Intelligent-Edge-Campus/ArubaOS-CX-Switches-VSX-and-MC-LAG/m-p/617685#M7734

 

VERIFICATION:

show vrfVRFs.jpg

 

IP Inteface on Different VRF - show ip interface briefIP Interfaces.jpg

 

Routing Table: show ip route

Default VRFDefault_Routing_Table.jpg

"DOE" VRFDOE Routing Table.jpg

 

Checking the clients Pingability:Client Pinging.jpg

 

Hope you find this post useful !

 

Highlighted

Re: Configuring VRF on ArubaOS-CX - Checklist

Are the VRF/routing limits documented somwhere for the 83xx and 6400M switches? (For example how many VRFs you can and how many routes in those)

Highlighted
MVP Guru Elite

Re: Configuring VRF on ArubaOS-CX - Checklist


@pubjohndoe wrote:

Are the VRF/routing limits documented somwhere for the 83xx and 6400M switches? (For example how many VRFs you can and how many routes in those)


if remenber, it is 64 VRF max



PowerArubaSW: Powershell Module to use Aruba Switch API for Vlan, VlanPorts, LACP, LLDP... More info

PowerArubaCP: Powershell Module to use ClearPass API (create NAD, Guest...) More info

PowerArubaCX: Powershell Module to use ArubaCX API (get interface/vlan/ports info)

PowerArubaIAP: Powershell Module to use Aruba Instant AP

PowerArubaMC: Powershell Module to use Mobility Controller / Master


ACMP 6.4 / ACMX #107 / ACCP 6.5 / ACSP
MVP Guru

Re: Configuring VRF on ArubaOS-CX - Checklist

The number of supported routes is documented in the product DataSheet.

The number of supported VRFs has been increased over the past main releases for 8320/8325/8400.

For all products, it is now 64 VRFs.

The number of supported routes is given for all aggregated/configured VRFs (not per VRF).

 

 

 

Highlighted

Re: Configuring VRF on ArubaOS-CX - Checklist

We're running MPLS between our distribution switches in different buildings and at the DCs we have a lot more than 64 VRFs configured. With dynamic segmentation we could probably do with a bit less, but currently it seems that for our use case that VRF amount would limit us.

Highlighted
MVP Guru

Re: Configuring VRF on ArubaOS-CX - Checklist

This topic would deserve a separate thread as it is diverging from the initial subject of the current thread.

Highlighted

Re: Configuring VRF on ArubaOS-CX - Checklist


@vincent.giles wrote:

This topic would deserve a separate thread as it is diverging from the initial subject of the current thread.


Yep probably 64 VRF limit is enough as there is no way to configure these centrally but just doing 'VRF-lite' type of stuff. And if you have more than 64 it's not really manageable :)

 

Still I think it's important to understand that there are limitations

 

Not sure how you would build your network with EVPN over VXLAN. Currently I think ArubaOS-CX only supports bridging, so if you're using FW as the GW you would have all the ARP entries on the FW and in a larger network that would be too much. Instead of doing IRB.

 

With MPLS PE's you can just have the local building PE act as a router and then just route that /23-/26 towards the rest of the network.

 

Search Airheads
cancel
Showing results for 
Search instead for 
Did you mean: