I've been trying to figure out what makes MLAG implementation in a vxlan enviroment different from other more 'regular vlan' implementations. The user guide suggests that the isc link gets turned into an ospf routed link, but it doesn't go into detail on how this impacts the rest of the mlag setup.
I've gotten this far with my configuration so far, it's working for traffic to and from vmware-hosts, however when connecting to other existing l2 enviroments strange things seem to happen with broadcast packets, and a switch-loop like scenario seems to appear.
I'm at wit's end on what the correct implementation of mlag and vxlan is supposed to be, I'm attaching the configuration I've done so far in hopes more experienced minds can figure out what I'm missing.
The configuration example omits ospf information, since I have done no such configuration in regards to mlag.
# Setting the same IP on both switches ensures both identify as the same
# vxlan endpoint
# Mlag peer creation: # Both:
enable sharing 1 grouping 1 algorithm address-based L2 lacp
# Left: create vlan "ISC" configure vlan ISC tag 4000 configure vlan ISC add ports 117 untagged
configure vlan ISC ipaddress 10.0.0.0 255.255.255.254 configure mlag ports convergence-control fast
create mlag peer "right" configure mlag peer "right" ipaddress 10.0.0.1 vr VR-Default
enable mlag port 1 peer "right" id 1
# Right: create vlan "ISC" configure vlan ISC tag 4000 configure vlan ISC add ports 117 untagged
configure vlan ISC ipaddress 10.0.0.1 255.255.255.254 configure mlag ports convergence-control fast
create mlag peer "left" configure mlag peer "left" ipaddress 10.0.0.0 vr VR-Default
enable mlag port 1 peer "left" id 1
#vxlan related config:
create vlan loopback enable loopback-mode loopback configure vlan loopback ipaddress 192.168.0.0 255.255.255.255 create vlan mlag-test disable igmp snooping vlan "mlag-test" configure vlan mlag-test tag 1000 configure vlan mlag-test add ports 1,117 tagged
create virtual-network "vni10001" flooding standard configure virtual-network "vni10001" vxlan vni 10001 configure virtual-network "vni10001" add vlan mlag-test configure virtual-network local-endpoint 192.168.0.0
OSPF router-ID and local address is configured as a secondary-IP on the vlan loopback. This is to keep the number of OSPF interfaces down so we can still keep under the limit imposed on the Advanced Edge licence.
Sorry, I missed the question at the end. You still have to configure a proper MLAG for the tenant VLANs, no change on that. What you are adding is a second loopback that will be common between the two peers and used as the Local VTEP address (so same address on both peers), plus a routed-link between the two (a vlan on the same physical path than the ISC), in OSPF as well. I personally prefer to use p2p links everywhere (and loopback as passive). OSPF router-id is different on each MLAG peer, using another loopback interface (also a passive interface in OSPF). You'll see traffic on that routed-isc link, and depending on the design you may have to configure a higher metric for that link (that's more a backup link than something else). You have to configure that routed-isc link.
MLAG with VXLAN:
- do not use MLAG alternate IP
- do not use the W MLAG (2 ISC feature)
Unfortunatly the suggested configuration would push me over the 4-ospf device limit imposed on the Advanced Edge license. I already have two OSPF links to the l3 layer on each switch, and one loopback-vlan for local routerID configuration.
Adding a routed-isc vlan would set me at 4 total OSPF devices, but a dedicated vltep vlan makes 5.Can I combine the vltep vlan with an ospf routerid as a secondary-IP, or will things break horribly?
I'm also a bit curious as to how this changes the underlying configuration of the mlag tenant VLANs, do these still need to be added to the isc port in a tagged manner. And what does the route-isc link provide?
create vlan routed-isc tag 11
config routed-isc add port 117 tagged
config routed-isc ipaddress 10.0.0.15/31
config ospf add routed-isc area 0.0.0.0 link-type point-to-point
For VXLAN I recommend using a dedicated virtual LTEP: