Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Virtual Networks Introduction

You can create an overlay network in an Apstra blueprint by creating virtual networks (VN)s to group physically separate endpoints into logical groups. These collections of Layer 2 forwarding domains are either VLANs or VXLANs.

VLANs have the following characteristics:

  • Single rack (rack-local)
  • Single leaf devices or leaf pairs
  • Can deploy in Layer 2-only mode (for example, isolated cluster networks for database replication)
  • Can deploy with Layer 3 gateway (SVI) IP address on rack leaf, hosted with or without first-hop redundancy

VXLANs have the following characteristics:

  • Fabric-wide for ubiquitous Layer 2 (inter-rack)
  • Combination of single rack leaf devices or leaf pairs (MLAG)
  • Can deploy in Layer 2-only mode
  • Can deploy with Layer 3 gateway functionality
  • The control plane selected (Static VXLAN Routing, renamed to Pure IP Fabric in Apstra version 4.2.1, or MP-EBGP EVPN) when configuring the template for your blueprint determines what is configured in the VN. (MP-EBGP EVPN provides a control plane for VXLAN routing.)
  • VXLAN-EVPN capabilities for VXLAN VNs are dependent on network device makes and models. For more information see the evpn_support_addendum:Apstra EVPN Support Addendum.

For complete VN feature compatibility for supported Network Operating Systems (NOS), see the Apstra Feature Matrix for the applicable release (in the Reference section). For detailed capability information for a device, contact your network device vendor or Juniper Support.

VNs contain the following details:

Table 1: Virtual Network Parameters
Name Description
Type
  • VLAN (rack-local VN)
  • VXLAN (EVPN) (inter-rack VN)
Name 30 characters or fewer. Underscore, dash, and alphanumeric characters only.
Routing Zone
  • VLAN - default routing zone only (used for the underlay network)
  • VXLAN - default routing zone or user-defined routing zone
Default VLAN ID (VLAN only)

  • Layer 2 VLAN ID on the switch that the VN is assigned to.

  • If left blank, it's auto-assigned from static pool (2-4094).

  • If you assign it, we don't recommend assigning VLAN ID 1 for active VNs.

  • Cisco NX-OS reserves VLAN IDs 3968-4094.

  • Arista reserves 1006-4094 for internal VLANs for routed ports. You can modify "reserved" VLAN ID range with the EOS vlan internal allocation policy configuration command. You can apply it to all EOS devices using a SYSTEM configlet before configuring and deploying VNs.

    l2-virtual-ext-002-leaf1(config)#vlan internal allocation policy ascending range 3001 3999
l2-virtual-ext-002-leaf1(config)#exit
l2-virtual-ext-002-leaf1#show vlan internal allocation policy
Internal VLAN Allocation Policy: ascending
Internal VLAN Allocation Range: 3001-3999
l2-virtual-ext-002-leaf1#

  • Using reserved VLAN IDs may cause deployment errors, but not build errors.
VNI(s) (VXLAN only) Layer 2 VXLAN ID on the switch that the VN is assigned to. If left blank, it's auto-assigned from resource pools. Create up to 40 VNs at once by entering ranges or individual VNI IDs separated by commas (for example: 5555-5560, 7777). Commit the first 40 VNs before creating additional ones.
VLAN ID (on leaf devices) VLAN ID
Reserve across blueprint (VXLAN only) Option to use same VLAN ID on all leaf devices
DHCP server Enabled/Disabled - DHCP relay forwarder configuration on SVI. Implies L3 routing on SVI
IPv4 Connectivity Enabled/Disabled - for SVI routing
IPv4 subnet (if connectivity is enabled)
  • IPv4 subnet - (for example: 192.168.100.0/24) (can't use batching VLANs)
  • IPv4 CIDR length - automatically assigns a subnet with the specified length (for example: /26)
  • If left blank, it's auto-assigned a /24 subnet network from resource pools
Virtual Gateway IPv4 The IPv4 address, if enabled
IPv6 Connectivity Enabled/Disabled - IPv6 connectivity for SVI routing. You must enable IPv6 in blueprint. If the template uses IPv4 spine-to-leaf link types, you can't use IPv6 in default routing zone and for VLAN type VNs.
IPv6 subnet (if connectivity is enabled)
  • IPv6 subnet (for example: 2001:4de0::/64)
  • IPv6 CIDR length - automatically assigns a subnet with the specified length (for example: /56)
  • If left blank, it's auto-assigned a /64 subnet network from resource pools.
  • If assigned automatically, the IP is derived from the assigned VNs SVI pools.
  • To assign multiple VLAN networks, leave blank or specify CIDR length.
Virtual Gateway IPv6 The IPv6 address, if enabled
Create connectivity templates for
  • Tagged
  • Untagged
L3 MTU Default value is from Virtual Network Policy. You can update the value here for these specific virtual networks.
Assigned to The racks that the VN is assigned to. For more information, see table below.
Table 2: Virtual Network Rack (or Pod) Details
Assigned To Details Description
Pod Name (5-stage) 5-stage Clos networks include pods, and you can select leaf devices within each pod to extend VNs to those devices.
Bound to The racks assigned. For MLAG racks, the leaf pair is shown. For VLANs, if more than one rack is selected, multiple rack-local VLAN-based VNs are created.
Link Labels Label assigned to rack (for example, ext-link-1, single-link, single-link, ext-link-0)
VLAN ID Can use for batch creating VNs
Secondary IP Allocation Mode

  • Enabled (default) - Apstra decides whether a secondary IP address is needed.

    • Automatically allocate if an assigned connectivity template requires an address (BGP, Static routes).

    • VN of type VXLAN:

      • Some NOS types automatically allocate unicast IPv4 addresses when an anycast IPv4 gateway is present: (Junos when in an ESI pair).

      • If a NOS type forbids co-existence of an anycast IPv4 address with an unicast IPv4 address, a blueprint error will be raised (Sonic).

    • VN of type VLAN - All NOS types require unicast IPv4 addresses when the IPv4 anycast address is enabled.

  • Forced - A secondary IP address is rendered irrespective of whether or not a connectivity template requires it.

    • If a NOS type forbids co-existence of an anycast IPv4 address with a unicast IPv4 address, a blueprint error will be raised.

    • Permits you to manually create an optional unicast IPv4 address for purposes such as BGP peering or static routing.
IPv4 Address / IPv6 Address You can set the first-hop-redundancy IP address for the SVI (VRRP, VARP and so on). If left blank, the SVI IP address is assigned from the selected pool. When you bind an EVPN connectivity template to a Layer 2 application point, the SVI IP address is used as the source / destination for the BGP session, static routes and so on.

From the blueprint, navigate to Staged > Virtual > Virtual Networks to go to the virtual network table view. You can create, edit, import, export, and delete virtual networks.