Header Only - DO NOT REMOVE - Extreme Networks

VMAN and Jumbo-Frame Question(s)


Userlevel 5
I'm faced with having to configure a VMAN for one of our customers between two of our data centers in different cities. The current setup is Edge(460) <-> BD8806 <- metro link -> BD8806 <-> Edge(460)

Reading up in a hurry (of course - does it ever happen otherwise?), I hand off an untagged port to the customer on the edge switch, VMAN/tagged ports on all other switches that are involved, and enable jumbo frames on all ports involved. Does that sound about right?

My questions are:
- Is it a good idea to create one VMAN per customer who wants/needs that, or is there some VMAN "sharing" that should rather be done for all customers that are being carried between the two cities (but aren't supposed to see each other's traffic)?
- Do I also have to enable jumbo frames on the edge switch port (handoff to customer)
- The metro link port that connects the BD8806s between two cities, it can be part of regular VLANs as well as VMANs, correct?

On Jumbo-frames:
- If a customer device connected to the edge switch doesn't support jumbo frames, will the edge switch just "handle it"?
- is there a disadvantage to transporting standard-size MTU traffic over jumbo-frame enabled ports? Let's say I have a vlan where the access ports are on an edge switch, but I need to route/transport the traffic over the jumbo-enabled metro link port (via vlan, not vman), are there issues?

Sorry for the many questions, and yes, I've cross-read through the documentation, but I haven't found the answers (yet), or I may have read them but missed them as answers due to my lack of fully understanding the concepts.

Thank you all for your help!

Frank

8 replies

Userlevel 2
Frank,

First all, are you using mpls inside your core or just tagged this vman trought your backbone?

Now about your questions,
My questions are:
- Is it a good idea to create one VMAN per customer who wants/needs that, or is there some VMAN "sharing" that should rather be done for all customers that are being carried between the two cities (but aren't supposed to see each other's traffic)?

You should think about what is the real necessity of your customer, so that, we usually vman where the customer wants to use vlans or other protocols, so that all circuit be transparent to them, otherwise only vlan will help you.
So, if you really need to set up a vman, the right way is use vlan to each customers, so, you are able to isolated the traffic unsolicited to others places in your network.

- Do I also have to enable jumbo frames on the edge switch port (handoff to customer)

Yes, if you are using vman, you should always use jumbo-frames in all network, because we have double-tag and it will do the ethernet packates overrun the 1500bytes available in each interface, and it will occurr a few issues to this clients.

- The metro link port that connects the BD8806s between two cities, it can be part of regular VLANs as well as VMANs, correct?

It'll depends of your scene of your network, but in overrall you don't need to set up a vman/vlan between yours routers or in the middle of your network, just in the end points, what you need to do is just permit these packated tagged trought these ports.

So i was seeing an scene where you don't using mpls, because if you are using mpls it all will change.

Anyway, i hope i could help you.

Welisson
Userlevel 5
welisson wrote:

Frank,

First all, are you using mpls inside your core or just tagged this vman trought your backbone?

Now about your questions,
My questions are:
- Is it a good idea to create one VMAN per customer who wants/needs that, or is there some VMAN "sharing" that should rather be done for all customers that are being carried between the two cities (but aren't supposed to see each other's traffic)?

You should think about what is the real necessity of your customer, so that, we usually vman where the customer wants to use vlans or other protocols, so that all circuit be transparent to them, otherwise only vlan will help you.
So, if you really need to set up a vman, the right way is use vlan to each customers, so, you are able to isolated the traffic unsolicited to others places in your network.

- Do I also have to enable jumbo frames on the edge switch port (handoff to customer)

Yes, if you are using vman, you should always use jumbo-frames in all network, because we have double-tag and it will do the ethernet packates overrun the 1500bytes available in each interface, and it will occurr a few issues to this clients.

- The metro link port that connects the BD8806s between two cities, it can be part of regular VLANs as well as VMANs, correct?

It'll depends of your scene of your network, but in overrall you don't need to set up a vman/vlan between yours routers or in the middle of your network, just in the end points, what you need to do is just permit these packated tagged trought these ports.

So i was seeing an scene where you don't using mpls, because if you are using mpls it all will change.

Anyway, i hope i could help you.

Welisson

Thank you very much! We're not using MPLS (saves an aspirin!), so I'll just run with it.
And to clarify - we have separate vlans for the customers (one vlan for each customer) over the metro link - this would be a case of a separate customer wanting to transport his own VLANs end-to-end, which triggered my VMAN questions.

Yay - more new things to break stuff with - I mean "get experienced in"
Userlevel 5
Frank,

Yes..

1. I would suggest one VMAN per customer, this is becuase the VMAN is the broadcast domain and if you want to make sure there is a clear delineation of traffic one VMAN per customer.

2. Enable jumbo frames on all ports on your side. Doesn't matter on customer but I would suggest jumbo-frames their too.

3. Configuration on your end, tagged VMAN's all the way through your core.

4. Jumbo frames will not be a problem, enable them on all of your ports and your good to go.

5. You also need to configure the ethertype for the VMAN too... "configure vman ethertype 0x8100"

Let me know if there are any other questions...

Bill
Userlevel 5
Bill Stritzinger wrote:

Frank,

Yes..

1. I would suggest one VMAN per customer, this is becuase the VMAN is the broadcast domain and if you want to make sure there is a clear delineation of traffic one VMAN per customer.

2. Enable jumbo frames on all ports on your side. Doesn't matter on customer but I would suggest jumbo-frames their too.

3. Configuration on your end, tagged VMAN's all the way through your core.

4. Jumbo frames will not be a problem, enable them on all of your ports and your good to go.

5. You also need to configure the ethertype for the VMAN too... "configure vman ethertype 0x8100"

Let me know if there are any other questions...

Bill

Thank you, Bill. Sounds "simple enough" (which scares me a little 😉 )
Userlevel 6
Bill Stritzinger wrote:

Frank,

Yes..

1. I would suggest one VMAN per customer, this is becuase the VMAN is the broadcast domain and if you want to make sure there is a clear delineation of traffic one VMAN per customer.

2. Enable jumbo frames on all ports on your side. Doesn't matter on customer but I would suggest jumbo-frames their too.

3. Configuration on your end, tagged VMAN's all the way through your core.

4. Jumbo frames will not be a problem, enable them on all of your ports and your good to go.

5. You also need to configure the ethertype for the VMAN too... "configure vman ethertype 0x8100"

Let me know if there are any other questions...

Bill

One more tidbit... if you have created a vman before you change the default ethertype to 0x8100 you must delete this vman ....change to 0x8100 and then you can recreate. The reasoning behind changing the vman ethertype to 0x8100 it seems to be more common if you need to create a NNI port and bundle several vman's tagged to other carriers or vender gear. It also allows you to in theory stack multiple tags beyond just 2.

Your question about your client side handling jumbo frames. If ingress traffic is a standard q-tagged frame or untagged frame they will handle it just fine. If one side does send true jumbo frames and other side is not jumbo too odds are that switch/router will drop the frame and not be able to fragment it into smaller frames.

Vmans get handled in EAPS or Lag just like standard vlans. You still only have your 4096 tag ids to share between tagged vlans and vmans. Good luck to you
Userlevel 5
Of course "we" just added another wrinkle. (Exos 15.6.3.1-p9)
Customer wants to also get his STP across the link - as far as I know, since 15.5 you need to tunnel that.

From what I see, I need to create an l2pt profile, "add protocol filter stp action tunnel" (stp is already predefined in 15.6.3.1-p9) - and do I need to specify 'encaps' anywhere?

Now, adding that profile to the vman, I think I need to add both the untagged port where the customer plugs their switch in, as well as the uplink port to my 8800, right?
Like : config vman test ports 3,55 l2pt profile allow-stp

Now, do I have to add l2pt profiles to the 8800s as well and add all the proper ports to the vman configuration on the 8800s, or do I not have to worry about it on the in-between switches, because everything's already encapsulated and firmly inside the vman?

Thanks again!
Userlevel 5
Frank wrote:

Of course "we" just added another wrinkle. (Exos 15.6.3.1-p9)
Customer wants to also get his STP across the link - as far as I know, since 15.5 you need to tunnel that.

From what I see, I need to create an l2pt profile, "add protocol filter stp action tunnel" (stp is already predefined in 15.6.3.1-p9) - and do I need to specify 'encaps' anywhere?

Now, adding that profile to the vman, I think I need to add both the untagged port where the customer plugs their switch in, as well as the uplink port to my 8800, right?
Like : config vman test ports 3,55 l2pt profile allow-stp

Now, do I have to add l2pt profiles to the 8800s as well and add all the proper ports to the vman configuration on the 8800s, or do I not have to worry about it on the in-between switches, because everything's already encapsulated and firmly inside the vman?

Thanks again!

Nevermind. Typos screw things up - VMAN works well now, transporting the customer VLANs across as advertised, and it appears that STP works across the link as well - not that I know how (because I'm not doing l2pt), but it's Monday and I take any victory 😉
Userlevel 5
Glad to hear things are working!

Reply