Tagging virtual-router vlans down the same physical port

  • 0
  • 1
  • Question
  • Updated 5 years ago
On a Cisco switch, I can have two VRFs with different VLANs tagged into each, but then both VLANs tagged on the same uplink port.

I've tried to find a way to do this on my Extreme switches, but am struggling as you have to add physical ports to a VR before adding a VLAN, and the switch won't allow me to add multiple VRs to a physical port.  Is there a way to do this?

* L065-Core_10K.27 # configure vr test2 add ports 1:24
Error: Port 1:24 belongs to another vr test.

Surely part of the point of the virtual-router is to be able to segregate traffic coming into the router, and in the majority of cases, a router is only going to have one physical upstream connection to a WAN.  I can't believe this wouldn't be supported, so I'm assuming my understanding is missing something?

We're currently running ExtremeXOS 12.5.4.5.

Any ideas gratefully received!

Thanks,
Rob.

Photo of Robin W

Robin W

  • 120 Points 100 badge 2x thumb

Posted 5 years ago

  • 0
  • 1
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello Rob

I think your issue is that you are still using vr-default.  If you look in the concepts guide on page 661 of guide 15.4 ( sorry I didnt download the 12.5 guide it should be under virtual routers then configuration examples) it will explain the process.  I was able to create two user VRs with two separate VLANS and add a port to both VLANs Tagged see below

Port:   1
        Virtual-router: None
        Type:           UTP
        Random Early drop:      Unsupported
        Admin state:    Enabled with  auto-speed sensing  auto-duplex
        Link State:     Active, 100Mbps, full-duplex
        Link Ups:       1        Last: Thu Feb 27 13:59:44 2014
        Link Downs:     0        Last: --

        VLAN cfg:
                 Name: test, 802.1Q Tag = 300, MAC-limit = No-limit, Virtual router:   vr-test
                 Name: test2, 802.1Q Tag = 400, MAC-limit = No-limit, Virtual router:   vr-paul
        STP cfg:

        Protocol:
        Trunking:       Load sharing is not enabled.

Let me know if you tried this or if my assumption is incorrect.

Thanks
P

Photo of Robin W

Robin W

  • 120 Points 100 badge 2x thumb
Hi Paul,

Thanks a lot for your message.

Indeed, when I try to do it without having the physical port in any VRs (including default) I get a different error:

configure vlan vlan3001 add ports 1:11 tagged
Error: Port 1:11 doesn't support virtual routers. Can not be added to user VR.

Am hoping this is a config thing rather than a licensing or hardware support thing, but I'm guessing it probably isn't!

Thanks,
Robin.

Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Thanks Rob

User created VRs are supported on edge licenses assuming that it is the correct HW and the BD10K is supported and came with the core license as well so we should be ok.

Here's the commands to get it to work can you look this over and let me know if they are what you are using

 

•  Create a user VR named  helix.

•  Remove ports from the VLAN Default and VR-Default.

•  Add ports to user VR helix.

•  Add the OSPF protocol to user VR helix.

•  Set the VR context  to helix, so that subsequent VR commands affect VR helix.

•  Create an incoming VLAN named  helix-accounting-in.

•  Create an outgoing  VLAN named  helix-accounting-out.

•  Add ports that belong to user VR helix to the helix-accounting incoming and outgoing  VLANs.

 

The CLI prompt  is shown in this example to show how the VR context  appears.  At the end of the example, the VR is ready to be configured for OSPF, using ExtremeXOS software  commands.

 

* BD10K.1 # create virtual-router helix

* BD10K.2 # configure vlan default delete ports 3:*

* BD10K.3 # configure vr vr-default delete ports 3:*

* BD10K.4 # configure vr helix add ports 3:*

* BD10K.5 # configure vr helix add protocol ospf

* BD10K.6 # virtual-router helix

* (vr helix) BD10K.8 # configure helix-accounting-in add ports 3:1

* (vr helix) BD10K.8 # configure helix-accounting-out add ports 3:2


Thanks
P



Photo of Robin W

Robin W

  • 120 Points 100 badge 2x thumb
Hi Paul,

This is a transcript of what I get if I create the vr and either add it to a physical port, or just try to add a vlan to the VR and tag that to a port.  Also an output of show licenses at the bottom.  Do the enabled licenses seem right to you?

The other thing I had tried is creating a virtual-router with the 'vrf' keyword at the end.  That seems to create VRs which are children of VR-Default, though using these still seems to give me the same errors ultimately when I try to tag the VLAN.


* Slot-1 # create virtual-router helix
* Slot-1 # configure vlan default delete ports 1:11
* Slot-1 # configure vr vr-default delete ports 1:11
* Slot-1 # configure vr helix add ports 1:11
Error: Port 1:11 doesn't support virtual routers. Can not be added to user VR.
Configuration failed on backup MSM, command execution aborted!

* Slot-1 # create vlan vlan3000 vr helix
* Slot-1 # configure vlan vlan3000 tag 3000
* Slot-1 # configure vlan vlan3000 add ports 1:11 tagged 
Error: Port 1:11 doesn't support virtual routers. Can not be added to user VR.
Configuration failed on backup MSM, command execution aborted!

* Slot-1 # show licenses 
Enabled License Level:
        Core
Enabled Feature Packs:
        Unknown
Effective License Level:
        Core

Thanks,
Robin




Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey  Robin

The licenses look ok.  The feature packs are things like MPLS etc.

Unfortunately I do not have a BD10K to test with.  I would recommend opening up a case with TAC to see if it is something in the config.  I am testing it on our VM (XOS running on Virtual box) which acts like a 10K. 

I am curious about your prompt.  This is a BD10K correct I am wondering why the prompted says slot-1

P
Photo of Robin W

Robin W

  • 120 Points 100 badge 2x thumb
Sorry Paul, I should have mentioned before, it's only a stack of  x450a-48t's.

I've just tried on a BD10K and that seems to work OK when tagged to 2 ports, see below.  Might this mean it's not supported on the x450?  I know it's not the newest of the available products!


*  10K.4 # delete virtual-router "helix" 
*  10K.5 # create virtual-router helix
*  10K.6 # configure vlan default delete ports 1:24
*  10K.7 # configure vr vr-default delete ports 1:24
*  10K.8 # create vlan vlan3000 vr helix
*  10K.10 # configure vlan vlan3000 tag 3000
*  10K.11 # configure vlan vlan3000 add ports 1:24 tagged 
Warning: Port properties related to diff serv and code replacement on 
some of the ports will not work. This is true for those ports that belong to 
VLAN's and different virtual routers
*  10K.12 # create virtual-router helix2
*  10K.13 # create vlan vlan3001 vr helix2
*  10K.14 # configure vlan vlan3001 tag 3001
*  10K.15 # configure vlan vlan3001 add ports 1:24 tagged 
Warning: Port properties related to diff serv and code replacement on 
some of the ports will not work. This is true for those ports that belong to 
VLAN's and different virtual routers

10K.16 # show licenses 
Enabled License Level:
Advanced Core
Enabled Feature Packs:
MPLS-Layer2VPN


Thanks,
Robin.




Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hey Robin

Yep sorry the 450a does not support the user defined VR.  Information on the Licenses and what is supported in each is in Appendix A of the Concepts guide (in case you need to check later on)

This is the section on User defined VR

User-created Virtual Routers (VRs)
Virtual Router and Forwarding (VRF)
Summit X460, X480, X650, and X670 series
BlackDiamond 8000 c- and xl-series modules
E4G-200, E4G-400 and BX8 series


Hope that helps
P
Photo of Robin W

Robin W

  • 120 Points 100 badge 2x thumb
Ouchie, was hoping that wasn't the case.  Going to have to think of another way.  Thanks Paul.
Photo of Robin W

Robin W

  • 120 Points 100 badge 2x thumb
Paul,

In light of upgrading some 450s to 460s for VR support, are you aware whether the stacking and 10G modules are cross-compatible between the 450 and 460?

Thanks,
Robin.
Photo of Paul Russo

Paul Russo, Alum

  • 9,694 Points 5k badge 2x thumb
Hello Robin

Unfortunately they are not interchangeable.  The 460 has the ability to have two VIM modules where the 450 only has one so they are different sizes.

Sorry to keep being the source of bad news.

P