Posted on June 8, 2020 5:57 pm
 |  Asked by Jon Still
Print Friendly, PDF & Email


We are considering purchasing some Arista 7150 series switches as edge switches in a DC.  These will connect to 3rd parties and learn/advertise routes via BGP into an EVPN VRF.  Is it possible to twice NAT both source and destinations, and at the same time leak the translated source into another VRF? Exit from the switch will be to the spine within VXLAN encaps.

So the flow should be:

Pre-NAT, in customer VRF

Src: Customer IP

Dst: Public IP

Post-NAT, in provider VRF

Src: Provider-assigned unique IP

Dst: private internal IP



Posted by Aniket Bhowmick
Answered on June 9, 2020 2:57 am

Hi Jon,

Thanks for the explanation. However, on the 7150 you cannot run NAT and VxLan together as it is not supported at the same time- you can either run Vxlan or NAT at a time.

You need to divide the NAT and Vxlan encapsulation task by having another 7150 where you can do the twice NAT first --> send the NAT'ed traffic to the second 7150 where you can do the Vxlan Encapsulation.

If the option I suggested is not feasible, then I would request you to work with your SE (System Engineer of Arista) to see which platform you can use to make this work.

Let us know if you need help in finding your SE (in case you don't know).



Posted by Sébastien Keller
Answered on June 9, 2020 3:25 pm

Hi Jon,

Please also note that the 7150 does support VXLAN but does not support EVPN. You can find a list of supported features per platform here:


Post your Answer

You must be logged in to post an answer.