Posted on January 29, 2014 11:45 am
 |  Asked by Gareth
 |  20638 views
RESOLVED
0
0
Print Friendly, PDF & Email

As per the question, is this on the road map?

Interested in hearing how Arista propose to deal with security boundaries in a multi-tennant DC environment using a VXLAN leaf-spine topology. Right now I am thinking I will need to break out the VXLANs into VLANs at the spine VTEP and send them to a L3 gateway where they can be put into the appropriate VRFs. It would be great if this bottleneck and .1q limitation could be avoided and directly switched on the 7500 spine by way of VXLAN to VRF mapping.

0
Posted by gflook
Answered on January 29, 2014 11:46 am

hi Ben,

Data plane VRF (VRF Lite) is available as of EOS-4.12.0. This is the release that ships on the 7500E however as per release notes we don’t yet have dataplane VRF support on 7500E. The hardware is capable and we will be enabling it later on this year. Talk to your local Arista representative (probably Chris or me), we’re more than happy to talk about the details.

7500E is also capable of h/w VXLAN gateway and can do so at quite large scale.  Again, we’re more than happy to provide details of our plans, reach out to your local folks.

As far as designs go, in a two-tier leaf/spine design we’d suggest that rather than punting all VXLAN up to the spine you’d scale far better by doing it at the leaf in a distributed manner.

If we considered mapping of VXLAN to VLAN to be ’global’ on a per leaf switch basis, at that point you have VLANs locally significant to a leaf switch and you can scale out multi-tenancy as you grow the number of leaf switches.  Assuming a typical Leaf switch of 64 ports with 48 down : 16 up (3:1 oversubscribed), 4094 VLANs across 48 ports = 85 VLANs per physical port, or likely more than you run VM density on servers today.

Of course, today’s scale doesn’t reflect tomorrow’s, so like you could envisage a VXLAN world where VLANs aren’t globally significant anymore but become locally-significant – or – one utilizes double tagging or some larger # of bits to represent a tenant.

Lots of high level information here and a lot of detail skipped over. Bottom line, reach out to your local Arista person, we’d be more than happy to help.

0
Posted by gflook
Answered on January 29, 2014 11:47 am

Data Plane VRF support for the 7500E was added in EOS 4.13.0F.  Full details of the functionality and how to configure VRFs can be found in the EOS 4.13 TOI document on aristanetworks.com.

Cheers

Gareth

Post your Answer

You must be logged in to post an answer.