Question

Tagging virtual-router vlans down the same physical port


On a Cisco switch, I can have two VRFs with different VLANs tagged into each, but then both VLANs tagged on the same uplink port.

I've tried to find a way to do this on my Extreme switches, but am struggling as you have to add physical ports to a VR before adding a VLAN, and the switch won't allow me to add multiple VRs to a physical port. Is there a way to do this?

* L065-Core_10K.27 # configure vr test2 add ports 1:24
Error: Port 1:24 belongs to another vr test.

Surely part of the point of the virtual-router is to be able to segregate traffic coming into the router, and in the majority of cases, a router is only going to have one physical upstream connection to a WAN. I can't believe this wouldn't be supported, so I'm assuming my understanding is missing something?

We're currently running ExtremeXOS 12.5.4.5.

Any ideas gratefully received!

Thanks,
Rob.

10 replies

Userlevel 6
Hello Rob

I think your issue is that you are still using vr-default. If you look in the concepts guide on page 661 of guide 15.4 ( sorry I didnt download the 12.5 guide it should be under virtual routers then configuration examples) it will explain the process. I was able to create two user VRs with two separate VLANS and add a port to both VLANs Tagged see below

Port: 1
Virtual-router: None
Type: UTP
Random Early drop: Unsupported
Admin state: Enabled with auto-speed sensing auto-duplex
Link State: Active, 100Mbps, full-duplex
Link Ups: 1 Last: Thu Feb 27 13:59:44 2014
Link Downs: 0 Last: --

VLAN cfg:
Name: test, 802.1Q Tag = 300, MAC-limit = No-limit, Virtual router: vr-test
Name: test2, 802.1Q Tag = 400, MAC-limit = No-limit, Virtual router: vr-paul
STP cfg:

Protocol:
Trunking: Load sharing is not enabled.

Let me know if you tried this or if my assumption is incorrect.

Thanks
P
Hi Paul,

Thanks a lot for your message.

Indeed, when I try to do it without having the physical port in any VRs (including default) I get a different error:

configure vlan vlan3001 add ports 1:11 tagged
Error: Port 1:11 doesn't support virtual routers. Can not be added to user VR.

Am hoping this is a config thing rather than a licensing or hardware support thing, but I'm guessing it probably isn't!

Thanks,
Robin.
Userlevel 6
Thanks Rob

User created VRs are supported on edge licenses assuming that it is the correct HW and the BD10K is supported and came with the core license as well so we should be ok.

Here's the commands to get it to work can you look this over and let me know if they are what you are using

• Create a user VR named helix.

• Remove ports from the VLAN Default and VR-Default.

• Add ports to user VR helix.

• Add the OSPF protocol to user VR helix.

• Set the VR context to helix, so that subsequent VR commands affect VR helix.

• Create an incoming VLAN named helix-accounting-in.

• Create an outgoing VLAN named helix-accounting-out.

• Add ports that belong to user VR helix to the helix-accounting incoming and outgoing VLANs.



The CLI prompt is shown in this example to show how the VR context appears. At the end of the example, the VR is ready to be configured for OSPF, using ExtremeXOS software commands.



* BD10K.1 # create virtual-router helix

* BD10K.2 # configure vlan default delete ports 3:*

* BD10K.3 # configure vr vr-default delete ports 3:*

* BD10K.4 # configure vr helix add ports 3:*

* BD10K.5 # configure vr helix add protocol ospf

* BD10K.6 # virtual-router helix

* (vr helix) BD10K.8 # configure helix-accounting-in add ports 3:1

* (vr helix) BD10K.8 # configure helix-accounting-out add ports 3:2


Thanks
P
Hi Paul,

This is a transcript of what I get if I create the vr and either add it to a physical port, or just try to add a vlan to the VR and tag that to a port. Also an output of show licenses at the bottom. Do the enabled licenses seem right to you?

The other thing I had tried is creating a virtual-router with the 'vrf' keyword at the end. That seems to create VRs which are children of VR-Default, though using these still seems to give me the same errors ultimately when I try to tag the VLAN.

* Slot-1 # create virtual-router helix
* Slot-1 # configure vlan default delete ports 1:11
* Slot-1 # configure vr vr-default delete ports 1:11
* Slot-1 # configure vr helix add ports 1:11
Error: Port 1:11 doesn't support virtual routers. Can not be added to user VR.
Configuration failed on backup MSM, command execution aborted!

* Slot-1 # create vlan vlan3000 vr helix
* Slot-1 # configure vlan vlan3000 tag 3000
* Slot-1 # configure vlan vlan3000 add ports 1:11 tagged
Error: Port 1:11 doesn't support virtual routers. Can not be added to user VR.
Configuration failed on backup MSM, command execution aborted!

* Slot-1 # show licenses
Enabled License Level:
Core
Enabled Feature Packs:
Unknown
Effective License Level:
Core

Thanks,
Robin
Userlevel 6
Hey Robin

The licenses look ok. The feature packs are things like MPLS etc.

Unfortunately I do not have a BD10K to test with. I would recommend opening up a case with TAC to see if it is something in the config. I am testing it on our VM (XOS running on Virtual box) which acts like a 10K.

I am curious about your prompt. This is a BD10K correct I am wondering why the prompted says slot-1

P
Sorry Paul, I should have mentioned before, it's only a stack of x450a-48t's.

I've just tried on a BD10K and that seems to work OK when tagged to 2 ports, see below. Might this mean it's not supported on the x450? I know it's not the newest of the available products!

* 10K.4 # delete virtual-router "helix"
* 10K.5 # create virtual-router helix
* 10K.6 # configure vlan default delete ports 1:24
* 10K.7 # configure vr vr-default delete ports 1:24
* 10K.8 # create vlan vlan3000 vr helix
* 10K.10 # configure vlan vlan3000 tag 3000
* 10K.11 # configure vlan vlan3000 add ports 1:24 tagged
Warning: Port properties related to diff serv and code replacement on
some of the ports will not work. This is true for those ports that belong to
VLAN's and different virtual routers
* 10K.12 # create virtual-router helix2
* 10K.13 # create vlan vlan3001 vr helix2
* 10K.14 # configure vlan vlan3001 tag 3001
* 10K.15 # configure vlan vlan3001 add ports 1:24 tagged
Warning: Port properties related to diff serv and code replacement on
some of the ports will not work. This is true for those ports that belong to
VLAN's and different virtual routers

10K.16 # show licenses
Enabled License Level:
Advanced Core
Enabled Feature Packs:
MPLS-Layer2VPN

Thanks,
Robin.
Userlevel 6
Hey Robin

Yep sorry the 450a does not support the user defined VR. Information on the Licenses and what is supported in each is in Appendix A of the Concepts guide (in case you need to check later on)

This is the section on User defined VR

User-created Virtual Routers (VRs)
Virtual Router and Forwarding (VRF)
Summit X460, X480, X650, and X670 series
BlackDiamond 8000 c- and xl-series modules
E4G-200, E4G-400 and BX8 series

Hope that helps
P
Ouchie, was hoping that wasn't the case. Going to have to think of another way. Thanks Paul.
Paul,

In light of upgrading some 450s to 460s for VR support, are you aware whether the stacking and 10G modules are cross-compatible between the 450 and 460?

Thanks,
Robin.
Userlevel 6
Hello Robin

Unfortunately they are not interchangeable. The 460 has the ability to have two VIM modules where the 450 only has one so they are different sizes.

Sorry to keep being the source of bad news.

P

Reply