Question

vdx 6740 NOS - vlan's IP / VE IP addresses

  • 31 January 2019
  • 4 replies
  • 246 views

hi everyone

With Dell switches (where I come from) if I assign an IP to VLAN, stack (OS) takes care of that IP in terms of "floating" the IP between member switches, lets say if a member switch goes offline that IP is always accessible(as long as at least one switch is up)

With ExtremeNetworks NOS in VCS I was expecting similar behaviour(concept) but it seems that each switch in the "stack" has it's own VE's IP(unless I'm missing something). Why is that?

Is it not possible to have NOS assign an IP to a VLAN in such a way that we do not care where it really resides and that IP would be in HA terms always "on" if at least one switch is up?

many thanks.

4 replies

Hi Pawel,

What you're looking for is probably IPv4/v6 Fabric virtual gateway feature. You can find the details for that in Layer 3 Routing Configuration Guide. There is also anycast IP support, but applicable to eVPN environments only.

Many thanks,
Sargis
Userlevel 2
Hi Pawel,

You are correct regarding Ve interfaces, IP address should be different for each switch
VDX switches in the cluster don't share Layer 3 configuration.

Best Regards,
Yulia
thanks Sargis,

Would it be good from ACL's point of view?
Here I'm having a VLAN with an uplink to the "outside" and I need to "put" on IP(s) on that VLAN. The only purpose for having the IP is to be able to access the switch for management from the "outside".
For that should I go and enable & use Fabric-Virtual-Gateway or not?

And if I wanted to route traffic from "outside" via that VLAN, is Fabric-Virtual-Gateway a must?

Lastly, can both Fabric-Virtual-Gateway and "regular" VEs be in a VLAN and have IP addresses?

many thanks.
Could it be that ACLs do not work for Fabric-Virtual-Gateway VEs?
I have Fabric-Virtual-Gateway VE with IP 10.5.8.254 and I have an ACL:
code:
ip access-list deny_10-5-8-1 on Ve 4 at Ingress (From User)
seq 20 permit ip host 10.5.8.49 host 10.5.8.254 (Active)
seq 40 deny ip any host 10.5.8.254 (Active)
seq 60 permit ip any any (Active)

I apply the ACL to VE and no just 10.5.8.49 but other hosts/nodes can get to 10.5.8.254.
What could be the problem / I'm doing wrong here?

Many thanks.

Reply