• Category : VXLAN

 
 

VXLAN: security recommendations

Abstract This document provides recommendations that are advised to implement in order to increase the security in multitenant network environments built on Arista Networks devices using VXLAN. Introduction One of the crucial qualities of modern cloud network infrastructure is scalability. Scalability can’t be achieved if security of the network operations inside the cloud is compromised. As for example, load scalability is not achievable in environments where the VMs are not able to operate when the network between them is not working properly due to hijacked MAC-addresses. One of the technologies used nowadays to address the challenges with scalability inside the cloud networks...
Continue reading →

Summary of Arista VxLAN Control Plane Options

IP Multicast Head End Replication (HER) with static flood-set CloudVision eXchange (CVX) Ethernet VPN (EVPN) – VTEPs within a VNI join a configured control plane multicast group.– BUM traffic is sent to all VTEPs within the VNI over the configured multicast-group.– Arista supports only multicast decapsulation to interop with third-party VTEP(s). HER will be used for BUM traffic encapsulation.  – Underlay needs to be multicast capable which can possibly make the deployment limited.– Recommended for deployments where Arista VTEPs need to interop with legacy third-party VTEPs that support only multicast underlay for BUM traffic handling. – BUM traffic within a...
Continue reading →

CVX Deployment Recommendations for VxLAN Control Service

CVX (CloudVision eXchange) is an infrastructure for aggregating and sharing state across a network of physical switches running EOS. Services that run on top of this infrastructure provide network-wide visibility and coordination. CVX is a single pane of glass for network wide visibility and orchestration of physical switches running EOS. CVX provides VxLAN Control Service (VCS) which is a mechanism by which hardware VTEPs share states between each other in order to establish VxLAN tunnels without the need for a multicast control plane or manual configuration of static flood-set for Head End Replication. CVX is built on the same underlying...
Continue reading →

Automating L3 EVPN instances deployment using CloudVision Portal

The intention of this article is to show how CloudVision Portal can be used to deploy L3 EVPN instances on one switch, or many switches, using a CloudVision Portal configlet builder. A complete demonstration of how CloudVision Portal is used to deploy an EVPN instance and EVPN fabric can be found here The configlet builder example provided on the GitHub Arista repo covers L3 EVPN deployments using physical interfaces as SVI as CE facing interface. The configlet builder example can be used on top of any EVPN underlay and overlay. Below is a step by step procedure which describes how to import...
Continue reading →

Deploying L2 and L3 services with Multiple Tenants on a Single Interface

The intention of this post is to provide a configuration example on how multiple tenants could be deployed on a single physical interface with a mix of multiple L2 and L3 EVPN services. Ponder the network in below diagram, where two EVPN end point switches have multiple tenants (Tenant A, B, C and D) connected on the same physical interface. The interface in this case is Ethernet3, at the respective sites. Tenant A and B want L2 EVPN services. Tenant C and D want L3 EVPN services. Please note that the IP core in the diagram could be a spine...
Continue reading →

Automating EVPN fabric deployment using CVP

To simplify and speed up the deployment of an EVPN fabric, CloudVision Portal can be a powerful tool to work with. The intention of this post is to divide this up into steps to simplify, qualify the actions steps needed and provide an example CloudVision Portal configlet builder to execute needed tasks in CloudVision. A complete demonstration of how CloudVision Portal is used to deploy an EVPN instance and EVPN fabric can be found here First of all, there needs to be a decision of which deployment model of EVPN underlay and overlay that suits the particular deployment being worked on....
Continue reading →

Automating L2 EVPN instances deployment using CloudVision Portal

The intention of this article is to show how CloudVision Portal can be used to deploy L2 EVPN instances on one switch, or many switches, using a CloudVision Portal configlet builder. A complete demonstration of how CloudVision Portal is used to deploy an EVPN instance and EVPN fabric can be found here The configlet builder example provided at GitHub Arista repo covers L2 EVPN deployments using MLAG, single interface, VLAN trunk, access VLAN, symmetric routing and asymmetric routing. The configlet builder example can be used on top of any EVPN underlay and overlay. Below is a step by step procedure is...
Continue reading →

EVPN Configuration – Layer 2 EVPN design with Type-2 routes

Introduction This document describes the operation and configuration of BGP EVPN with a VXLAN forwarding plane, for the construction of multi-tenant Layer 2 networks, termed L2VPNs within this document, over a layer 3 leaf-spine network. The configuration and guidance within the document unless specifically noted are based on the platforms and EOS releases noted in the table below Platform Software Release 7050X Series EOS release 4.18.1 7050X2 series EOS release 4.18.1 7060X Series EOS release 4.18.1 7160 series EOS release 4.18.1 7280R/7500R EOS release 4.18.1   Leaf spine underlay architecture EVPN with a VXLAN forwarding plane provides the ability to...
Continue reading →

Deploying Arista Switches using CloudVision Portal

Deploying Arista switches using CloudVision Portal (CVP) Introduction CloudVision Portal or CVP is an automation and orchestration tool for management and deployment of switch configuration across an entire IP based data center network. CVP uses a container hierarchy for organizing devices into logical groups and splits the device configurations into ‘configlets’ which can be applied at varying levels of the hierarchy to provide inheritance and de-duplication of effort when developing device configuration. This approach reduces human error thru inheritance of configuration. Operators can focus on the device specific configuration, knowing that general configuration, such as, AAA, domain name and DNS...
Continue reading →

VXLAN Without Controller for Network Virtualization with Arista physical VTEPs

  1) Introduction This article assumed an understanding of the VXLAN concepts. This article aims at guiding the design and implementation of network virtualization with VXLAN, employing physical VTEPs. This controller-less design provides Layer2 communication across a Layer3 network for any Layer2 Ethernet device. This solution guide resolves network virtualization for network teams that might not have yet a network virtualisation controller, or cloud management platform (CMP), but want to benefit now from all the advantages of VXLAN. Without network controller, the virtual switches will not participate natively in the VXLAN overlay setup, they would be configured the traditional way...
Continue reading →

VXLAN Routing with MLAG

Introduction This document describes the operation and configuration of  VXLAN routing on an Arista platform in conjunction with MLAG for redundancy. The configuration and guidance within the document unless specifically noted is based on the platforms and EOS releases noted in the table below.   Arista’s Multi-Chassis LAG (MLAG) technology provides the ability to build a loop free active-active layer 2 topology. The technology operates by allowing two physical Arista switches to appear as a single logical switch (MLAG domain), third-party switches, servers or neighbouring Arista switches connect to the logical switch via a standard port-channel (static, passive or active)...
Continue reading →

VXLAN bridging with MLAG

VXLAN bridging with MLAG Introduction This document describes the operation and configuration of VXLAN within an Multi-Chassis LAG (MLAG) deployment. The configuration and guidance within the document is based on the platforms and EOS release of table 1.0 Arista MLAG technologyTable 1.0 Arista’s Multi-Chassis LAG (MLAG) technology provides the ability to build a loop free active-active layer 2 topology. The technology operates by allowing two physical Arista switches to appear as a single logical switch (MLAG domain), third-party switches, servers or neighbouring Arista switches connect to the logical switch via a standard port-channel (static, passive or active) with the physical links...
Continue reading →

Script example – Automating VXLAN deployments with EAPI

  1) Introduction This article describes briefly what is required to deploy overlay networks with VXLAN, but we assume a good understanding of the VXLAN fundamentals. To achieve such VXLAN deployments, multiple options exist, from simple but manual, to fully automated service chaining (orchestration) at the cost of having to also set a Cloud Management Platform or a network virtualization controler This article focuses on an easy option that is a good balance between simplicity of operation (automation), and simplicity of  setting up (script ready to go)   2) Working towards automation: it is an evolution This article is not providing...
Continue reading →

Follow

Get every new post on this blog delivered to your Inbox.

Join other followers: