cancel
Showing results forĀ 
Search instead forĀ 
Did you mean:Ā 

Why do you assign a VLAN to a virtual router, and not an interface?

Why do you assign a VLAN to a virtual router, and not an interface?

jeronimo
Contributor III
Hi,

I'm trying to understand why you assign a VLAN to a VR, instead of an interface, which is what I you would expect. Why does EXOS work that way?

How I would imagine it to work:
* Create user VR-A
* Go into VR-A and say "i want it to have an interface in VLAN 10 with IP x"
* Also say "i want it to have an interface in VLAN 20 with IP y" (so the VR will route between VLANs 10 and 20)
Further you could:
* Create a second user VR-B
* Go into VR-B and say "i want it to have an interface in VLAN 10 (same as above), this time with IP z (same IP range, or a secondary address)"

I have not tried if you can actually accomplish this... for now I am wondering why it works using VLANs and not interfaces/IPs...

This question arose because we were wondering whether you would be able to assign different secondary IP address of an interface to different VRs? Is it possible?

Thanks,
Marki
9 REPLIES 9

AndrƩ_Herkenrat
Extreme Employee
At first: Don't ever use secondary IP adresses on a VLAN Interface unless you need as a workaround for a migration scenario.

The big advantage of VRs is that you can have several l3 environments on the same physics without the need of of ACLs.

Imagine you have a big campus on a university where you want to have a network for the students and a network for the teachers. Each network itself is a 3 tier network with dynamic routing (OSPF) and provides a loop free environment with OSPF/ECMP and MLAG.

Your link from distribution to access contains 2 VLANs : Student and Teacher.

Based on the authorisation on the access the PC will be put into one of the two VLANs.
On the distribution switch these VLANs are in different VRs - now both networks are totally separated and the only way for communication between these networks is via a default gateway on the perimeter of each network (in most cases it's a firewall)

You can achieve this, without one single ACL. You could even use the same IP Ranges for these two networks - but I wouldn't do that for the case you want to establish communication between these networks.

Hope this example helps

The traffic from several subnets (on the same VLAN, i.e. secondary networks) needs to use a different default gateway for every subnet. This can be accomplished by putting each subnet together with a transit network to wherever we want to go into a separate VR.

You can create a VLAN in every VR and assign 1 or more IP Adresses to it. You can even use the same IP Adresses on different VRs. With some external cabling you can do much more strage things. What do you want to accomplish ?

But you can't assign a secondary to another VR, right?
GTM-P2G8KFN