Arista EOS Central - Tag

vEOS – Logical VTEP with MLAG – VXLAN interpreted on MLAG Peer

posted on May 1, 2017 by Lukas Hubschmid

Hello all, Please see attached picture for network topolgy. I try to use VXLAN with HER for DCI, together with BGP&BFD as routing protocol (for underlay) between Site A and Site B.– Site A: VLAN100 mapped to DCI VNI 10100– Site B: VLAN1100 mapped to DCI VNI 10100– spine1&spine2 as mlag peers with logical VTEP– spine3 as single VTEP– ports for DCI configured as L3 routed (no switchport)– EBGP between spine1 and spine3 as well as spine2 and spine3– VLAN4093 between spine1 (10.0.1.1) and spine2 (10.0.1.2) for re-routing in case one DCI is down– IBGP between spine1 and spine2– target...
Continue reading →

Access to manuals

posted on April 12, 2017 by Yevehnii Movlian

Hi there! Currently I’m doing some research in new data center networking technologies. I downloaded vEOS image and built basic topology using Unetlab. Now I want to configure EVPN, but I couldn’t find any manuals on it. For some reason this one – https://eos.arista.com/eos-4-18-1f/evpn-vxlan/ is protected. How can I get it?

VXLAN Indirect Routing on 7280E, 7280R and 7500R series

posted on March 31, 2017 by Harish Prabhu

In EOS-4.18.0F, VXLAN direct routing was introduced on the 7500R and 7280E/R series platforms. VXLAN routing provides the capability to route between VXLAN Layer 2 domains. In EOS-4.18.1, support for VXLAN Indirect Routing model is added to the 7500R and 7280E/R series platforms. In the Indirect routing model, the destination host is not directly attached to the VTEP(s) where the default gateway functionality is present. This model is called “indirect” because, in this model, the packet possibly needs to go through multiple hops in the overlay to reach the final destination. It typically involves running routing protocols in the overlay...
Continue reading →

Overlay IPv6 routing over VXLAN

posted on March 31, 2017 by Lavanya Lavanya

Overlay IPv6 routing over VXLAN Tunnel is simply routing IPv6 packets in and out of VXLAN Tunnels, similar to VXLAN overlay IPv4 routing. Underlay ( Outer IP Header ) in VXLAN still uses IPv4, and common for both overlay IPv4 and IPv6 . Hence VXLAN configuration remains exactly same for both IPv4 and IPv6 overlay routing support. This feature enables IPv6 networks/hosts get connected through VXLAN Tunnels. Following figure illustrates IPv6 routing followed by VXLAN encapsulation to reach a remote host across the VXLAN tunnel. Following figure illustrates VXLAN decapsulation and routing of an IPv6 packet. Platform compatibility DCS-7050X DCS-7060X DCS7260X DCS-7050X2 DCS-7250X DCS-7304 / DCS-7308 /...
Continue reading →

EVPN extension to BGP using VXLAN

posted on March 31, 2017 by Lavanya Lavanya

Ethernet VPN (EVPN) is an extension of the BGP protocol introducing a new address family: L2VPN (address family number 25) / EVPN (subsequent address family number 70). It is used to exchange overlay MAC and IP address reachability information between BGP peers within a tunnel [1]. In EOS 4.18.1F VXLAN tunnel support is introduced [2]. The available features are: Single-homing L2 routes (EVPN type 2 and type 3), with MLAG used as the L2 multi-homing solution. Multi-homing L2 routes (EVPN type 1 and type 2) are received and installed, with up to two all-active remote paths per destination (additional paths...
Continue reading →

OVSDB Hardware-VTEP L3 Integration

posted on March 13, 2017 by Lavanya Lavanya

EOS currently supports VXLAN L2 integration with external controllers using the Arista OVSDB HW VTEP schema ([HW-VTEP]) implementation. External controllers can read and write the tables specified in OVSDB to orchestrate a VXLAN L2 overlay network. EOS-4.18.0F introduces support for L3 functionality in VXLAN Overlay Networks. The functionality, implemented in Arista’s Cloudvision Controller (CVX) and switches, will be used to orchestrate L3 VXLAN Overlay in a physical network of Arista switches. External controllers (e.g., VMWare NSX or Nuage VSP) can interact with the OVSDB server running on CVX/EOS. CVX/EOS reads all the information from OVSDB and communicates with the appropriate Arista...
Continue reading →

VXLAN: security recommendations

posted on January 16, 2017 by Sergey Kolobov

Abstract This document provides recommendations that are advised to implement in order to increase the security in multitenant network environments built on Arista Networks devices using VXLAN. Introduction One of the crucial qualities of modern cloud network infrastructure is scalability. Scalability can’t be achieved if security of the network operations inside the cloud is compromised. As for example, load scalability is not achievable in environments where the VMs are not able to operate when the network between them is not working properly due to hijacked MAC-addresses. One of the technologies used nowadays to address the challenges with scalability inside the cloud networks...
Continue reading →

VXLan, MLAG and duplicate ARP

posted on November 14, 2016 by Jon Nicholson

We having an issue that we believe is related to receiving duplicate ARP requests. We’ve got nodes (part of openstack) connected to a pair of 7060 switches using MLAG, these 7060 switches then join a VXLan to connect to other pairs of 7060 switches where other nodes exist. The behaviour we’re seeing with ARP requests is that the broadcast is being flooded to the VTEP that is on both switches in the MLAG group, this is then being forwarded down both legs to the node, so the node sees the request twice. This seems to be confusing the OVS running...
Continue reading →

A comparison of virtual ip commands

posted on July 13, 2016 by Christie Joseph

The ‘ip virtual-router’ command Switch1: Switch1(config)#interface vlan 10 Switch1(config-if-Vl10)#ip address 10.0.0.2/24 Switch1(config-if-Vl10)#ip virtual-router address 10.0.0.1 Switch1(config)#ip virtual-router mac-address 00:1c:73:00:00:99 Switch2: Switch2(config)#interface vlan 10 Switch2(config-if-Vl10)#ip address 10.0.0.3/24 Switch2(config-if-Vl10)#ip virtual-router address 10.0.0.1 Switch2(config)#ip virtual-router mac-address 00:1c:73:00:00:99 The ‘ip virtual-router address’ command requires an IP address to be configured on the SVI where it is applied. How does the host resolve ARP for the default gateway/vIP? Gratuitous ARPs: Gratuitous ARPs are periodically sent from both switches which have VARP configured. In the gratuitous ARPs the configured vMAC is used as the Ethernet Source MAC. The ARP message informs the host that Virtual IP...
Continue reading →

VxLAN VTEP counters

posted on June 29, 2016 by Lavanya Lavanya

The VxLAN VTEP counters feature allows the device to count VxLAN packets received and sent by the device on a per VTEP basis. Specifically, it enables the device to count bytes and packets that are getting encapsulated and decapsulated as they are passing through. The counters are logically split up in the two VxLAN directions: “encap” counters count packets coming from the edge, encapsulated on the device and directed to the core, while “decap” counters count packets coming from the core, decapsulated on the device and heading towards the edge. To be able to count VxLAN packets the device has to support VxLAN and have a VxLAN interface...
Continue reading →

EVPN Control-Plane support for VxLAN

posted on May 11, 2016 by Michael Butash

Just wondering if there is EVPN Control-Plan extensions planned for support (and when) with VxLAN Leaf devices like ahem, other vendor’s are doing. Stretched fabrics (over wan) are becoming popular as an escape from OTV and prior ilk are where this seems most relevant, and something I’m seeing interest in where flood control can/should be most relevant.

ARP replies in a VxLAN plus routing Data Center Inter-connect deployment

posted on March 21, 2016 by Paul Bassett Bassett

Overview VxLAN and routing with DCI inter-connect can cause ARP issues with VLAN segment extensions between datacenters. The goal of this article is to outline the issue relating to ARP replies with VxLAN routing and VARP. We will show the use of a workaround today (recommended) and how the new ARP-Reply feature will resolve the problem. This feature will be introduced in later version of EOS. The date will be announced in the future. Issue: VxLAN with the directing routing model for DCI will requires a unique VARP MAC address per DC. This is needed when when there are two...
Continue reading →

VXLAN and private vlans

posted on March 1, 2016 by Krzysztof Cieplucha

Is it possible to tunnel private (secondary) VLANS over VXLAN tunnel? I haven’t found clear answer on that – most of the articles states it is not supported. If you have such setup working, could you please post some example configuration? Thanks.

VXLAN Without Controller for Network Virtualization with Arista physical VTEPs

posted on January 13, 2016 by Alexis Dacquay

1) Introduction This article assumed an understanding of the VXLAN concepts. This article aims at guiding the design and implementation of network virtualization with VXLAN, employing physical VTEPs. This controller-less design provides Layer2 communication across a Layer3 network for any Layer2 Ethernet device. This solution guide resolves network virtualization for network teams that might not have yet a network virtualisation controller, or cloud management platform (CMP), but want to benefit now from all the advantages of VXLAN. Without network controller, the virtual switches will not participate natively in the VXLAN overlay setup, they would be configured the traditional way...
Continue reading →

Configure CVX and VXLAN with Ansible

posted on August 28, 2015 by Werner Viljoen

Purpose: This Ansible playbook allows an administrator to easily configure a Cloud Vision Exchange (CVX) environment as well as configure a Virtual Extensible LAN (VXLAN) between two switches in an environment built using Arista switches, whether they be physical or virtual (vEOS). It is ideally suited for test environments and administrators wanting to test CVX and VXLAN. The playbook can be modified for more complex deployments. Running the playbook: From the /etc/ansible directory in the Linux CLI run: ansible-playbook cvx_vxlan_playbook.yaml Prerequisites: An Ansible server (http://docs.ansible.com/ansible/intro_installation.html) arista.eos roles for Ansible v1.0.1 # sudo ansible-galaxy install arista.eos. Rename the following files under...
Continue reading →

Ansible playbook for CVX and VXLAN configuration.

posted on August 26, 2015 by Werner Viljoen

Purpose: This playbook allows an administrator to easily configure Cloud Vision Exchange (CVX) and Virtual Extensible LAN (VXLAN) between two Arista switches. It is ideally suited for test environments and administrators wanting to test CVX and VXLAN functionality. The playbook can be modified for more advanced deployments. Running the playbook: From the cli under the /etc/ansible directory run: ansible-playbook cvx_vxlan_playbook.yaml Prerequisites: An Ansible server (http://docs.ansible.com/ansible/intro_installation.html) arista.eos roles for Ansible v1.0.1. To install run # sudo ansible-galaxy install arista.eos on the Ansible server. Rename the following files under /etc/ansible/roles/arista.eos/library to not have a .py extension i.e eos_config.py becomes eos_config. # cp...
Continue reading →

VXLAN cant support .1q frame?

posted on July 3, 2015 by 川辺哲也

I have configured the following VXLAN networks. [Sv1]—(Eth3)[vEOS1](Eth1)—[Router]—(Eth1)[vEOS2](Eth3)—[Sv2] Basic connectivity is there. And, untaged frame can be transfered over vxlan from Sv1 to Sv2. ex) ping. But Tagged frame (ieee802.1Q) can not be transfered over vxlan. Is this a general limitation or only from the vEOS ? OR How to configure ? configuration vEOS1 is following. (vEOS2 as well): vlan 102-103 ! interface Ethernet1 no switchport ip address 172.16.1.1/24 ip pim sparse-mode ! interface Ethernet2 switchport access vlan 102 ! interface Ethernet3 switchport access vlan 103 ! interface Loopback0 ip address 192.168.1.1/32 ! interface Management1 ! interface Vxlan1 vxlan multicast-group...
Continue reading →

VXLAN Routing with MLAG

posted on June 25, 2015 by Alex

Introduction This document describes the operation and configuration of VXLAN routing on an Arista platform in conjunction with MLAG for redundancy. The configuration and guidance within the document unless specifically noted is based on the platforms and EOS releases noted in the table below. Arista’s Multi-Chassis LAG (MLAG) technology provides the ability to build a loop free active-active layer 2 topology. The technology operates by allowing two physical Arista switches to appear as a single logical switch (MLAG domain), third-party switches, servers or neighbouring Arista switches connect to the logical switch via a standard port-channel (static, passive or active)...
Continue reading →

VXLAN to VLAN trunk port – multiple multicast-groups?

posted on June 5, 2015 by Lukas Hubschmid

Hello everybody, I have configured the following VXLAN networks using VMware vShield which should be mapped to VLANs on a virtual Arista Switch (vEOS 4.15.OF): VNI5000 / Multicast 225.1.1.1 / Map to VLAN 500 VNI5001 / Multicast 225.1.1.2 / Map to VLAN 501 VNI5002 / Multicast 225.1.1.3 / Map to VLAN 503 But on the interface vxlan 1, I can only set one multicast-group on the interface vxlan 1. Is there the possibility to set multiple multicast-group on this interface (one multicast-group per VNI)? I also cannot create more than one VXLAN interface – is this a general limitation or...
Continue reading →

VXLAN bridging with MLAG

posted on April 27, 2015 by Alex

VXLAN bridging with MLAG Introduction This document describes the operation and configuration of VXLAN within an Multi-Chassis LAG (MLAG) deployment. The configuration and guidance within the document is based on the platforms and EOS release of table 1.0 Arista MLAG technologyTable 1.0 Arista’s Multi-Chassis LAG (MLAG) technology provides the ability to build a loop free active-active layer 2 topology. The technology operates by allowing two physical Arista switches to appear as a single logical switch (MLAG domain), third-party switches, servers or neighbouring Arista switches connect to the logical switch via a standard port-channel (static, passive or active) with the physical links...
Continue reading →

unable to send traffic over VXLAN

posted on March 12, 2015 by Vivek Dasgupta

I am trying to setup a basic VXLAN configuration using vEOS on KVM VMs. Topology is as follows : [Linux VM1][edge1][Eth2][core1][Eth1][Eth1][core2][Eth2][edge2][Linux VM2] Each switch has two ports apart from the mgmt port. Both edge switches are configured to allow VLAN 42. I am trying to setup VTEPs on core1 and core2, hoping to see VXLAN traffic between them. Basic connectivity is there. Without any VLANs I am able to ping between Linux VM1 and VM2. Even with trunk ports on core switches allowing VLAN 42, I am able to connect. Now onto the VXLAN config -------------------------------------- core1 : ------- Interface...
Continue reading →

How to route to external subnets from VXLAN subnets and vice-versa

posted on October 10, 2014 by Victor

Hi, I was able to setup Vxlan between Host1 and Host2 which are in Vlan 600 subnet 172.16.1.0/24. Host1 and Host2 are able to reach each other via Vxlan. However, I want to know how do I setup the routing to external hosts outside the 172.16.1.0/24 subnet? Below are the configs for both VTEPS. VTEP1 switch has a network 160.144.1.1/24 that Host2 is trying to reach. Thank you VTEP1 (Switch1): spanning-tree mode mstp ! no aaa root ! vlan 492,600 ! interface Port-Channel2000 no switchport ip address 188.188.26.1/24 ! interface Ethernet1 no switchport ip address 188.188.11.2/24 ! interface Ethernet2 no switchport ip address...
Continue reading →

VXLAN VEOS support

posted on October 6, 2014 by Victor

Hi, Previously saw that VXLAN was supported on VEOS. However, I tried to configure a vxlan interface using VEOS version 4.13.7M and got message stating that it’s not supported on VEOS. Can someone please confirm? Thank you

VxLAN Problem

posted on May 6, 2014 by Raul Chen

I have an vEOS on virtual box and I have configured the VxLAN feature by reading the User Guide. Here are my questions: 1. VxLAN configure only specify a loopback interface as the source of Vxlan interface, so when broadcast packets come from local VMs, the Vxlan interface should encapsulate these packets and send then to remote VTEPs, at last Which actually physical Interface should send out these multicast packets? Eth1 or Eth2? 2. VxLAN can only specify one Vlan to one VNI, that means all the ports belong to this vlan will bridge in Vxlan, is there some situtation...
Continue reading →

vEOS VXLAN support

posted on February 24, 2014 by Gareth

Should vxlan work in vEOS 4.12.1? Regards

VRF-lite support in the 7500e coming?

posted on January 29, 2014 by Gareth

As per the question, is this on the road map? Interested in hearing how Arista propose to deal with security boundaries in a multi-tennant DC environment using a VXLAN leaf-spine topology. Right now I am thinking I will need to break out the VXLANs into VLANs at the spine VTEP and send them to a L3 gateway where they can be put into the appropriate VRFs. It would be great if this bottleneck and .1q limitation could be avoided and directly switched on the 7500 spine by way of VXLAN to VRF mapping.

Tagged: VXLAN