Utilize Vlans accross Multiple Virtual Routers, help in concept/cfg

  • 1
  • Idea
  • Updated 2 years ago
I'm attaching a document of my current setup. I'm trying to utilize more of the Virtual Routers of a summit v670 and currently only managing one switch and still learning the concepts. I believe I have a good start as I have an active cfg currently working.

What I'm trying to accomplish is get my IPTV service to go strait through the switch, bypassing the NAT router, so IGMP traffic directly flows to the cross connect circuit. In the meantime I need my ip/data traffic to flow to transport circuits  transparently  through the switch(i think across switch VRs) and to the router for NAT purposes and back to the switch to engress/ingress to the providers. I may need some QnQ?

The reason IPTV traffic and Provider Traffic are on separate VRs currently is because my local network and the IPTV provider local network share a lot of the same private IP space and therefore currently the two different VRs house separate routing tables... The IPTV vlans are basically bridging through my nat router. I believe I will gain multicast efficiency by avoiding this on my router as It cannot switch properly.

Am I making this too complicated? Could I simply jumper VR to VR for  access ports?

The proposed diagram is getting overwhelming from a cfg standpoint, not sure my concept can work... I was hoping someone could take a look and possible help me figure out if the configs can even happen or if there is a simpler way without buying additional switching equipment.
 
Photo of RC Barnhart

RC Barnhart

  • 200 Points 100 badge 2x thumb

Posted 2 years ago

  • 1
Photo of Stachal

Stachal

  • 380 Points 250 badge 2x thumb
I need to to do some Fact checking but I believe you cannot use the same vlans/tags across multiple VRs You can however route from one VR to the next in version 15.6+ but you may be limited to using static vs a routing protocol.
 
Photo of Roy Noh

Roy Noh, Employee

  • 1,078 Points 1k badge 2x thumb
It's quite complicated. I don't know if I get it right but you may only need 2 VRs for the implementation.

Below picture is a simplified version of what I am thinking.
The switch in the middle is x670, below is CCR and a L2 switch on the right side.
Consider yellow color as a vlan for IPTV, and green as a data, Mgmt and others.
End points of arrows are where the traffic should be L3 routed.

With this implementation, x670 should be a gateway for IPTV vlan but your CCR would be the one for all of other vlans.
If the data traffic from the l2 switch need to go outside of your network, it goes though the VR-2 of x670 to CCR, the gateway. CCR will process NAT and it will be routed on VR-1 once more and there will be an path selection based on ECMP.
Again, I don't know if this concept is what are you looking for but I hope this can help you a bit.
(Edited)
Photo of RC Barnhart

RC Barnhart

  • 200 Points 100 badge 2x thumb
See diagram: can I untag a port in vman and tag the same port in the VR?
Then jumper between VRs? Trying to avoid another switch and transparently send data traffic to the CCR. There would be no need for routing protocols in VR2 as VR1 would handle all data routing and VR3 would handle IPTV routing..  VR2 is strictly Layer2 switching?

(Edited)
Photo of Roy Noh

Roy Noh, Employee

  • 1,078 Points 1k badge 2x thumb
If you do want transparent traffic flow for data vlan, just disabling ipforwarding on the x670 will work. Also there will be no IPTV vlan on your CCR too. Is there other reason to use VMAN?
Photo of Roy Noh

Roy Noh, Employee

  • 1,078 Points 1k badge 2x thumb
By disabling ipforwarding, I mean except IPTV vlan.
Photo of Roy Noh

Roy Noh, Employee

  • 1,078 Points 1k badge 2x thumb
And I remember that we can not use a jumper between VRs since both VR have same mac address.
Photo of Stachal

Stachal

  • 380 Points 250 badge 2x thumb
Agreed, Different Routing tables but not different MAC or FDB.
Photo of RC Barnhart

RC Barnhart

  • 200 Points 100 badge 2x thumb
ok, just to be clear, IPTV VR and Default VR have separate routing tables, the default VR houses BGP and local ospf  routing protocols, by passing traffic through the IPTV VR, (which uses ip forwarding) then data traffic and iptv traffic remains segmented inside IPTV VR?
Photo of Stachal

Stachal

  • 380 Points 250 badge 2x thumb
Doing some research (didn't know this was possible) but you can have vlans from different VRs on the same port as long as you delete the port out of any VRs.

EXOS version 12.6 or higher

X670#   sho port 27 in det
Port:   27
        Virtual-router: VR-Default

X670# configure "VR-Default" delete ports 27

X670# sho port 27 in det
Port:   27
        Virtual-router: None
       

X670#   sho vlan
---------------------------------------------------------------------------------------------
Name            VID  Protocol Addr       Flags                       Proto  Ports  Virtual
                                                                            Active router
                                                                            /Total
---------------------------------------------------------------------------------------------

VLAN1    1377 ------------------------------------------------ ANY    4 /4   eDMZ
VLAN2     1307 ------------------------------------------------ ANY    7 /7   VR-Default

X670# config "VLAN1" add port 27 tagged
X670# config "VLAN2"  add port 27 tagged



X670# sho port 27 in det
Port:   27
        Virtual-router: None
        Type:           NONE
        Random Early drop:      Unsupported
        Admin state:    Enabled with  10G full-duplex
        Link State:     Ready
        Link Ups:       0        Last: --
        Link Downs:     0        Last: --

        VLAN cfg:
                 Name: VLAN1, 802.1Q Tag = 1307, MAC-limit = No-limit, Virtual router:   VR-Default
                 Name: VLAN2, 802.1Q Tag = 1377, MAC-limit = No-limit, Virtual router:   eDMZ
 
(Edited)
Photo of RC Barnhart

RC Barnhart

  • 200 Points 100 badge 2x thumb
I think this is exactly what I need to do. This should simplify things. I'll be testing this in few weeks.
Thanks for the help everyone. Happy Holidays.
Photo of Roy Noh

Roy Noh, Employee

  • 1,078 Points 1k badge 2x thumb
They are logically separated on IPTV VR in vlan level.
And if you do not enable ipforwarding to all other vlans, except one for IPTV, the switch can not have routing table for those vlans. Just L2 switching is what IPTV VR does for data and other vlans.
So basically IPTV vlan can not communicate to data or other vlans.

IPTV vlan : Every traffic will be routed based on routing table on IPTV VR.
Other vlans : Goes to their gateway, CCR, which serve NAT process and routes them to default VR. (IPTV VR is only l2 switch for them) Default VR then route them to ISP 1 or 2 based on the ECMP algorithm.
Photo of RC Barnhart

RC Barnhart

  • 200 Points 100 badge 2x thumb
ok looks like version 12.6 or higher , missed that.....thanks..
(Edited)
Photo of Stachal

Stachal

  • 380 Points 250 badge 2x thumb
I tested it on 15.3.1.4 but yes the documentation I found says 12.6 or higher.
Photo of RC Barnhart

RC Barnhart

  • 200 Points 100 badge 2x thumb
new cfg works great, thanks for the help....
Photo of Tripathy, Priya Ranjan

Tripathy, Priya Ranjan, ESE

  • 2,306 Points 2k badge 2x thumb
Nice to know this works....Even i gave a try on the latest software recommendation for X670 (16.1.3.6) this also holds good. So in a nutshell i would say higher of the release this also works and for future it is always better to keep this hardware on this recommended release for future benefits and feature enhancements requirement.

Let us wind off this discussion here on a positive note....