Overlapping VLAN Support Using Multiple Forwarding Instances or VLAN Normalization
In platform-as-a-service (PaaS) and infrastructure-as-a-service (IaaS) deployments, each customer uses a separate physical interface to connect to a leaf device. In this situation, you can't use the same VLAN ID for two different tenants in separate MAC-VRF instances that share the same default forwarding instance. However, you can have a VLAN name with the same VLAN-ID (for example, vlan200 with VLAN ID 200) in two different MAC-VRF instances if they each have their own forwarding instances. You can also configure explicit or implicit VLAN normalization using service provider style interface configuration.
You can configure forwarding instance identifiers on the QFX10000 line of switches and ACX7100-32C and ACX7100-48L devices.
We support overlapping VLANs on some platforms that don’t support multiple forwarding instances. See Overlapping VLAN Support Using VLAN Translation in EVPN-VXLAN Networks for more information.
On the QFX10000 line of switches, you can configure up to 99 forwarding instance identifiers.
On ACX7100-32C and ACX7100-48L devices, you can configure up to 6 forwarding instances.
Benefits
-
Enables overlapping VLANs
-
Identifies which customers are sharing VLANs
Overlapping VLANs Using the Enterprise Style Interface Configuration
Overlapping VLANs with Multiple Forwarding Instances
This configuration allows overlapping VLAN-ID 200 in different MAC-VRF instances by configuring separate forwarding instances.
set interfaces et-0/0/20:3 unit 0 family ethernet-switching interface-mode trunk set interfaces et-0/0/20:3 unit 0 family ethernet-switching vlan members vlan200 set interfaces et-0/0/0:0 unit 0 family ethernet-switching interface-mode trunk set interfaces et-0/0/0:0 unit 0 family ethernet-switching vlan members vlan200 set routing-instances MAC-VRF1 instance-type mac-vrf set routing-instances MAC-VRF1 forwarding-instance identifier 1 set routing-instances MAC-VRF1 interface et-0/0/20:3.0 set routing-instances MAC-VRF1 vlans vlan200 vlan-id 200 set routing-instances MAC-VRF1 vlans vlan200 vxlan vni 200 set routing-instances MAC-VRF2 instance-type mac-vrf set routing-instances MAC-VRF2 forwarding-instance identifier 2 set routing-instances MAC-VRF2 interface et-0/0/0:0.0 set routing-instances MAC-VRF2 vlans vlan200 vlan-id 200 set routing-instances MAC-VRF2 vlans vlan200 vxlan vni 2000
Overlapping VLANs Using the Service Provider Interface Style Configuration
- Implicit Normalization With VLAN ID Sample Configuration
- Implicit Normalization with VLAN ID None Sample Configuration
- Explicit Normalization with VLAN Maps
- Multiple Forwarding Instances Sample Configuration
Implicit Normalization With VLAN ID Sample Configuration
This configuration implicitly translates the customer VLAN ID to the VLAN ID specified in the bridge domain upon ingress. At egress, the VLAN ID used to normalize the bridge domain is removed, and the customer VLAN ID is pushed onto the frame. In this case, the overlapping VLAN IDs of 150 are mapped to VLAN ID 200 and 400, respectively. In this example, the subscriber traffic is transported over the EVPN core using VXLAN VNI assignments that match the normalized VLAN IDs.
set interfaces et-0/0/20:3 flexible-vlan-tagging set interfaces et-0/0/20:3 unit 150 encapsulation vlan-bridges set interfaces et-0/0/20:3 unit 150 vlan-id 150 set interfaces et-0/0/0 flexible-vlan-tagging set interfaces et-0/0/0 unit 150 encapsulation vlan-bridge set interfaces et-0/0/0 unit 150 vlan-id 150 set routing-instances VS1 vlans vlan200 vlan-id 200 set routing-instances VS1 vlans vlan200 interface et-0/0/20:3.150 set routing-instances VS1 vlans vlan200 vxlan vni 200 set routing-instances VS2 vlans vlan400 vlan-id 400 set routing-instances VS2 vlans vlan400 interface et-0/0/0:0.150 set routing-instances VS2 vlans vlan400 vxlan vni 400
Implicit Normalization with VLAN ID None Sample Configuration
This configuration implicitly normalizes the two overlapping customer VLANs to unique VLAN IDs within their respective bridge domains. At ingress, the customer VLAN ID is stripped and the (now) untagged traffic is transported over the EVPN VXLAN fabric. At egress on the customer interface, the VLAN tag is pushed back onto the frame. In the EVPN core, the two customer VLANs, which both use VLAN ID 150, map to VXLAN VNIs 200 and 400, respectively.
set interfaces et-0/0/20:3 flexible-vlan-tagging set interfaces et-0/0/20:3 unit 150 encapsulation vlan-bridge set interfaces et-0/0/20:3 unit 150 vlan-id 150 set interfaces et-0/0/0 flexible-vlan-tagging set interfaces et-0/0/0 unit 150 encapsulation vlan-bridge set interfaces et-0/0/0 unit 150 vlan-id 150 set routing-instances MAC-VRF1 vlans vlan200 vlan-id none set routing-instances MAC-VRF1 vlans vlan200 interface et-0/0/20:3.150 set routing-instances MAC-VRF1 vlans vlan200 vxlan vni 200 set routing-instances MAC-VRF2 vlans vlan400 vlan-id none set routing-instances MAC-VRF2 vlans vlan400 interface et-0/0/0:0.150 set routing-instances MAC-VRF2 vlans vlan400 vxlan vni 400
Explicit Normalization with VLAN Maps
Explicit normalization does not specify a VLAN ID in the bridge domain. Instead, VLAN map operations are used to manipulate the VLAN label stack to achieve the desired normalization. In this example, two customers use the same VLAN ID of 150. The input and output maps applied to the interface explicitly swap the customer tag with the normalized assignments used in the provider network. In the egress direction, the swap operation causes the interface's VLAN tag to be swapped onto the frame.
Explicit normalization is needed when using the vlan-bundle service type
for the instance.
set interfaces ge-2/0/4 flexible-vlan-tagging set interfaces ge-2/0/4 unit 150 encapsulation vlan-bridge set interfaces ge-2/0/4 unit 150 vlan-id 150 set interfaces ge-2/0/4 unit 150 input-vlan-map swap set interfaces ge-2/0/4 unit 150 input-vlan-map vlan-id 200 set interfaces ge-2/0/4 unit 150 output-vlan-map swap set interfaces ge-2/0/10 flexible-vlan-tagging set interfaces ge-2/0/10 unit 150 encapsulation vlan-bridge set interfaces ge-2/0/10 unit 150 vlan-id 150 set interfaces ge-2/0/10 unit 150 input-vlan-map swap set interfaces ge-2/0/10 unit 150 input-vlan-map vlan-id 400 set interfaces ge-2/0/10 unit 150 output-vlan-map swap set routing-instances VS4 instance-type mac-vrf set routing-instances VS4 protocols evpn encapsulation vxlan set routing-instances VS4 protocols evpn multicast-mode ingress-replication set routing-instances VS4 vtep-source-interface lo0.0 set routing-instances VS4 bridge-domains vlanBundle-1 interface ge-2/0/4.150 set routing-instances VS4 bridge-domains vlanBundle-1 vxlan vni 200 set routing-instances VS4 bridge-domains vlanBundle-1 vxlan ingress-node-replication set routing-instances VS4 service-type vlan-bundle set routing-instances VS4 route-distinguisher 10.1.0.1:4 set routing-instances VS4 vrf-target target:10:4 set routing-instances VS5 instance-type mac-vrf set routing-instances VS5 protocols evpn encapsulation vxlan set routing-instances VS5 protocols evpn multicast-mode ingress-replication set routing-instances VS5 vtep-source-interface lo0.0 set routing-instances VS5 bridge-domains vlanBundle-1 interface ge-2/0/10.150 set routing-instances VS5 bridge-domains vlanBundle-1 vxlan vni 400 set routing-instances VS5 bridge-domains vlanBundle-1 vxlan ingress-node-replication set routing-instances VS5 service-type vlan-bundle set routing-instances VS5 route-distinguisher 10.1.0.1:5 set routing-instances VS5 vrf-target target:10:5
Multiple Forwarding Instances Sample Configuration
This configuration is similar to the enterprise style interface configuration. You use separate forwarding instances to allow overlapping VLAN-ID 200 in different MAC-VRF instances.
set interfaces et-0/0/20:3 flexible-vlan-tagging set interfaces et-0/0/20:3 unit 200 encapsulation vlan-bridge set interfaces et-0/0/20:3 unit 200 vlan-id 200 set interfaces et-0/0/0 flexible-vlan-tagging set interfaces et-0/0/0 unit 200 encapsulation vlan-bridge set interfaces et-0/0/0 unit 200 vlan-id 200 set interfaces et-0/0/1 flexible-vlan-tagging set interfaces et-0/0/1 unit 200 encapsulation vlan-bridge set interfaces et-0/0/1 unit 200 vlan-id-list 1000-2000 set routing-instances MAC-VRF1 instance-type mac-vrf set routing-instances MAC-VRF1 forwarding-instance identifier 1 set routing-instances MAC-VRF1 vlans vlan200 vlan-id 200 set routing-instances MAC-VRF1 vlans vlan200 interface et-0/0/20:3.200 set routing-instances MAC-VRF1 vlans vlan200 vxlan vni 200 set routing-instances MAC-VRF2 instance-type mac-vrf set routing-instances MAC-VRF2 forwarding-instance identifier 2 set routing-instances MAC-VRF2 vlans vlan200 vlan-id 200 set routing-instances MAC-VRF2 vlans vlan200 interface et-0/0/0:0.200 set routing-instances MAC-VRF2 vlans vlan200 interface et-0/0/1.200 set routing-instances MAC-VRF2 vlans vlan200 vxlan vni 2000