Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Approaches to Enable External Connectivity for Overlay Networks

Contrail Enterprise Multicloud (CEM) supports both QFX Series and MX Series devices. You can connect an overlay network to an external network by using either a QFX Series device or an MX Series device.

Table 1 lists the differences in configuration when you use a QFX Series device (with EVPN configured) and an MX Series device (with L3VPN configured).

Table 1: Enabling External Connectivity for Overlay Networks

Action

Use Case

QFX (EVPN)

MX (L3VPN)

Extending a Virtual Network

Enabling external connectivity to a layer 3 network.

Uses L3VPN.

  1. Integrated Routed and Bridging (IRB) interface is created in inet.0.

  2. No virtual routing and forwarding (VRF) instances are created.

  1. Virtual switch with bridge domains (BD) are created.

  2. IRB is created in VRF.

  3. Configure static route to 0/0 inside the VRF. Apply appropriate filter to redirect traffic to the VRF.

Verdict—Does not help to route traffic between the Internet and the virtual network.

Verdict—The right approach is when Layer 3 VPN (L3VPN) routing instance is used and no Source Network Address Translation (SNAT) is used.

Extending an SNAT-LR

Enable external connectivity to a layer 3 network along with SNAT configuration.

Uses L3VPN.

  1. IRB is created in inet.0.

  2. No VRFs are created.

  3. No Service Physical Interface Card (PIC).

  1. Requires a Service PIC for SNAT.

  2. Virtual switch, BDs, and VRFs are created.

  3. IRB is created in VRF.

  4. Configure static route to 0/0 inside the VRF. Apply appropriate filter to redirect traffic to the VRF.

Verdict—Does not help to route traffic between the Internet and the virtual network

Verdict—The right approach is when Service PIC is present, L3VPN is used, and SNAT is used.

Extending a VXLAN-LR

Enable external connectivity from multiple layer 3 networks connected to a logical router.

Uses EVPN.

  1. Virtual local area network (VLAN) created.

  2. IRB created in VRF.

  3. Type 5 route advertised in VRF.

  4. Configure static route to 0/0 inside the VRF. Apply appropriate filter to redirect traffic to the VRF.

  1. Virtual switch with BDs created.

  2. Two VRFs created . Same IRB created in 2 VRFs, causing CommitError.

  3. Static route to 0/0 inside the VRFs and appropriate filter to redirect traffic into the VRFs.

  4. Virtual switch instances created with IRB.

Verdict—The right approach is when VXLAN-LR is used.

Verdict—Does not help to route traffic between the Internet and the virtual network