Posted on June 2, 2021 6:18 pm
 |  Asked by Michael Johnson
 |  247 views
RESOLVED
0
0
Print Friendly, PDF & Email

Hi,

We have a requirement to extend an isolated PVLAN over the EVPN fabric with Centralized GWs. We wanted to understand what are the best options to block peer to peer communication over EVPN with a centralized GW fabric.

I read some previous posts to the forum, but could not validate whether or not PVLAN isolation over VXLAN w/ Centralized Gateway is supported?

Can someone confirm? I don’t want to go down to far into a rabbit hole.

 

Thanks.

0
Posted by Vijai Gopal
Answered on June 21, 2021 6:16 pm

Hello Michael,

Thank you for posting your query on EOS forum!

PVLAN over VXLAN/EVPN is a new feature introduced in EOS - 4.26.x and is currently supported on selected Arista platforms.

You can either make use of the Community Vlan or Isolated Vlan, to block peer to peer communication. A short description on the types of PVLAN is given below:

Primary VLAN: Primary VLAN is normal VLAN, and it is used to learn the mac address and learned macs are advertised with this VLAN ID to remote VTEPs.

Secondary vlans divide a VLAN domain into subdomain. It can be either community vlan or isolated vlan.

Community VLAN: Hosts connected in community VLANs can communicate with each other as well as hosts in primary vlan. Hosts in one community VLAN can’t reach different community VLAN’s hosts. This means hosts in community VLAN 200 can’t reach to the hosts in community VLAN 300.

Isolated VLAN: Host connected in an isolated VLAN can reach the host connected in the primary VLAN, but not any other secondary VLAN. In addition, hosts associated with the same Isolated VLAN cannot reach each other. Hosts in isolated VLANs can’t reach any host in community VLANs.

Please refer to the following TOI that explains the feature in detail. Refer to the platform compatibility section to get the list of platforms that support this feature currently. 

 

TOI Link: https://eos.arista.com/eos-4-26-1f/pvlan-vxlan-evpn/

 

Other reference links regarding PVLAN & secondary Vlan : 

https://eos.arista.com/eos-4-25-0f/support-for-private-vlan/

https://eos.arista.com/eos-4-15-2f/secondary-private-vlan-trunk/

 

Further I would suggest you to get in touch with your Arista SE  as well, who will have more visibility of your network and can guide you with the best configurations as per your network requirement.

 

Regards,

Vijai Gopal 

Post your Answer

You must be logged in to post an answer.