Allied Telesis C613-16164-00 REV E Sharing VRF routing and double tagging on the same port, Green

Page 75

VCStack and VRF-lite

Sharing VRF routing and double tagging on the same port

In this scenario, both VRF-lite traffic and double vlan tagged traffic is transported between the two x610 switches via a single shared port. The double tagging feature (nested vlans) makes use of the tag-in-tag technique. The inner tag comes from the end hosts whilst the outer tag is configured in the x610 switches. VRF-lite traffic remains separated from the double vlan tagged traffic.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

port6

 

 

 

 

 

 

 

.2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

.111

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

.

168

 

.2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192

 

 

 

.112

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

port5

vrf

 

168vlan112.

 

 

 

 

.

168

 

.1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

112.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192

 

 

.78

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

green

1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192.

 

 

 

 

 

 

 

 

 

 

 

.

168

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

vrf

168vlan111.

 

 

 

 

 

 

 

 

 

192

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

red

111.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

port20

 

 

 

 

 

 

 

 

x610 A

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

vlan20

provider

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

vlan11

port

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

vlan12

192.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

168.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192.

 

11.

 

 

 

 

 

 

 

 

 

 

port12

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

168. 2

vrf

 

 

 

 

 

 

 

 

 

vlan20

 

 

 

 

 

 

 

 

 

 

 

 

 

 

port5

 

 

 

12.

red

 

 

 

port20

 

 

customer

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

2

vrf

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

vlan20

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

vrf

168vlan211.

 

 

 

 

green

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

vlan11

provider

 

 

 

 

 

port

 

 

 

 

 

 

 

 

 

 

 

 

 

red

211.

 

x610

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1

 

 

 

 

 

vlan12

port

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

168.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

B

 

 

 

 

 

 

192.

11.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

168.

vrf

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

12.

red

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

1

vrf

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

green

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

port12

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

.2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

vlan20

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

.

211

 

 

 

 

 

 

 

 

port6

 

customer

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

.

168

 

 

 

.

2

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

.

212

 

 

 

 

 

 

192.

 

 

 

port

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

.

168

 

 

 

 

.2

 

 

vrf 168vlan212.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192

 

 

 

.

78

 

 

 

 

 

212.

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

.168

 

 

 

 

 

 

green

1

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

192

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Communication plan

Host 192.168.111.2 A can communicate with host 192.168.211.2 by VRF red routing.

Host 192.168.112.2 A can communicate with host 192.168.212.2 by VRF green routing.

Host 192.168.78.1 can communicate with host 192.168.78.2 by double tagging. When Ethernet frames enter the customer edge port, the switch adds an outer vlan tag (VID 20) on top of the customer inner vlan tag. Ethernet frames can also be sent untagged from the hosts. The customer VID (inner tag) is ignored whilst the frames are bridged between the two x610 switches. As Ethernet frames exit the customer edge port of the destination switch, the outer tag is removed. Therefore, when the packets exit the customer port, the original VLAN tags (or untagged Ethernet frames) are preserved.

Configure VRF-lite Page 75

Image 75
Contents What is VRF-lite? How To Configure VRF-lite IntroductionWhich products and software version does it apply to? Software feature licensesCommand summary Who should read this document?Contents VRF GlossaryUnderstanding VRF-lite Vlan5 VRF-lite security domainsRoute table and interface management with VRF-lite Interface management with VRFAdding a VRF-aware static ARP Route management with VRFInter-VRF communication Static and dynamic inter-VRF routing For example VRF-lite features in AW+ Ping VRF aware services includeRoute limiting per VRF instance VRF-aware utilities within AW+ Telnet client  SSH client TCP dump Awplusconfig# access-list standard Configuring VRF-liteAwplusconfig-if#switchportaccess vlanx Family Awplusconfig-route-map#match ip Ip route 192.168.50.0/24 Ip route vrf green 192.168.1.0/24 Static inter-VRF routingForwarding Information Base FIB and routing protocols Dynamic inter-VRF communication explainedBGP Inter-VRF communication via BGP Can be replaced with Using the route-target commandRoute-target import ASNVRFinstance For example Route-target both ASNVRFinstance For exampleVia BGP IVR, VRF shared will end up with the routes Also, if VRF shared configuration includesIf VRF red initially includes If VRF shared initially includesThen via BGP IVR, VRF red will end up with the routes If VRF shared configuration includesViewing source VRF and attribute information for a prefix How VRF-lite security is maintainedMultiple VRFs without inter-VRF communication Simple VRF-lite configuration examples26 Configure VRF-lite Vlan 28 Configure VRF-lite Configure VRF-lite 30 Configure VRF-lite Configure VRF-lite 32 Configure VRF-lite Inter-VRF configuration examples with Internet access Configuration Configure VRF-lite Example B Configuration 38 Configure VRF-lite Configure VRF-lite Example C Configuration 42 Configure VRF-lite Configure VRF-lite Configuring a complex inter-VRF solution Network description Each VLANs is associated with a VRF instance VRF communication plan Configuration breakdown Configure VRF-lite Configure Vrfs Configure the hardware ACLs This example, three access groups are attached to port Within the same IP subnet that the switch port is a member192.168.43.0/24 via the shared VRF Configure Vlan Database Configure IP Addresses Configure VRF-lite Configure Dynamic Routing Configure VRF-lite 56 Configure VRF-lite Configure Static Routing Complete show run output from VRF device is below Configure VRF-lite 60 Configure VRF-lite Configure VRF-lite IP route table from VRF device is below VRF blue Hostname Internetrouter Hostname sharedrouter N1 Ospf Nssa Hostname redospfpeerHostname greeniBGPpeer Hostname bluerippeer Hostname orangerouter Hostname orangeospfpeer Grey Other features used in this configurationVCStack and VRF-lite Stack provisioningVirtual Chassis ID X610 VCStack configurationX900 configuration 74 Configure VRF-lite Port Sharing VRF routing and double tagging on the same portCommunication plan GreenConfigurations X610 aX610 B Configure VRF-lite Additional notes BGP configuration tips 80 Configure VRF-lite VRF device Red router vlan database Red router Route Limits Configuring static route limitsConfiguring Dynamic route limits Allowed number of fib routes excluding Connect and Static100 Syntax No max-fib-routesVRF-lite usage guidelines Useful VRF-related diagnostics command list GeneralRouting general Routing protocols IP prefix network, e.g TCPdump HW platform table commands

C613-16164-00 REV E specifications

The Allied Telesis C613-16164-00 REV E is a robust networking device designed to enhance connectivity and communication within enterprise environments. Renowned for its reliability and efficiency, this device serves as an ideal choice for organizations seeking to improve their network infrastructure.

At its core, the C613-16164-00 REV E is a part of Allied Telesis' suite of products that adhere to high-performance standards. One of the main features is its support for both Layer 2 and Layer 3 networking, making it versatile enough to handle a variety of network configurations. This capability allows for seamless integration into different network architectures, whether for simple local area networks (LANs) or more advanced setups with routing capabilities.

Another significant characteristic of the C613-16164-00 REV E is its high-speed data transfer capabilities. With support for Gigabit Ethernet, the device ensures that data can be transmitted quickly and efficiently across the network. This is particularly important for businesses that rely on heavy data usage and need to maintain performance standards even during peak hours.

Additionally, the C613-16164-00 REV E features advanced security measures, including VLAN support and port security configurations, which help protect sensitive information and prevent unauthorized access. This is essential for businesses that handle confidential data and must comply with industry regulations.

In terms of manageability, the device supports SNMP (Simple Network Management Protocol), allowing for easy monitoring and management of network resources. Network administrators can efficiently manage the device and optimize performance with minimal effort, improving overall productivity.

The design of the C613-16164-00 REV E is also noteworthy; it is built for durability, often featuring a compact form factor that makes installation straightforward without compromising on performance. Its compatibility with various Allied Telesis products ensures that organizations can build a cohesive network ecosystem.

In conclusion, the Allied Telesis C613-16164-00 REV E stands out as an excellent networking solution characterized by its support for multiple networking layers, high-speed data transfer, and robust security features. Ideal for both small to medium enterprises and larger organizations, it helps ensure that businesses can maintain efficient and secure operations in a constantly evolving digital landscape.