03-11-2023 04:19 AM
Dears,
I'm currently implementing an Extreme Fabric connect setup (all VOSS switches, Cores are 7400 series with VOSS version 8.9) and would like to make sure about the below points:
1- is it a proper design to configure the C-VLANs and I-SIDs also on the cores with interface VLAN for each VLAN as the gateway? or I-SIDs for C-VLANs must only be on the BEBs ? if so what about my Gateways for those VLANs.
2- If I connect both Core VSPs together using two links, is it mandatory to have MLT configured on them (now I see one active and one stand-by for ISIS)? if yes what should be the config of the MLT to get SPBM properly running on them? knowing that I'm using vIST between the Cores.
3- Can I safely keep using the VLAN 4048 as my in-band mgmt VLAN for future auto onboarding? or I must change it to another VLAN after current onboarding is done?
Thank you.
03-11-2023 12:29 PM - edited 03-11-2023 12:29 PM
1) This is difficult to answer without knowing your specific setup, requirements or topology. Are you using L3VSNs or DVR?
2) It is not mandatory, but if you don't do it you get the result you currently see. If you want multiple links active between the /same/ switches, just create a standard MLT on the links between them and enable SPB on it. SMLT doesn't matter here.
mlt 1 enable
mlt 1 member 2/3-2/4
mlt 1 encapsulation dot1q
interface mlt 1
isis
isis spbm 1
isis enable
exit
3) Again, you do not need to change it. But I would heavily recommend to change it after onboarding because who would want some unknown device that was put into the onboarding VLAN be inside the management network? Especially if you leave auto-sense enabled, you should absolutely change it.
AFAICR it is pretty easy to change it in the newer versions of VOSS and you can even change it in-band, if you dare 😉 Something along the lines of:
mgmt vlan 4048
convert vlan 4047 ip x.x.x.x n.n.n.n gateway g.g.g.g rollback 60
if it worked:
mgmt convert-commit
Just make sure the new vlan has been properly setup beforehand of course. (i-sid mapping etc.)
03-12-2023 04:10 AM - edited 03-12-2023 04:13 AM
Thank you so much for the reply, regarding my first point, my topology simply has two Firewalls to be connected to the Cores, I want all the VLANs' GWs to be on Extreme Fabric and then do static routes to the FWs, I'm not configuring L3 VSNs or DVR.
03-13-2023 05:58 AM
Do you really need the GWs on the cores? If you're doing all the routing on the firewalls, it's unnecessary to build a transit network between the fabric and the firewalls.
You could just have the GWs on the firewalls and egress c-vids toward the firewalls on your cores.
03-13-2023 01:55 PM
it's a migration, customer insists to have exact same setup for now... would it harm if we do it on the cores ?