cancel
Showing results for 
Search instead for 
Did you mean: 
cancel
2293
Views
5
Helpful
5
Replies

L2VNI scope in a multi-tenant eVPN based VxLAN network

s.ram
Level 1
Level 1

Hi all-

This is regarding a multi-tenant DC fabric, using eVPN control plane. Each tenant has a separate L3VNI, for inter-L2VNI. And since it maps to the VRF, the L3VNI has to be unique for the customer.

What about the L2VNI? Can 2 tenants have the same L2VNI, if it is guaranteed that they don't have overlap at the leaf layer?

Thanks

1 Accepted Solution

Accepted Solutions

Hmm interesting scenario. Now I get your question. Technically you can do it, but to have clear separation of the tenants, and avoid routes leaking between tenants you must configure statically the route target for L2VNI.

The auto derived route-target for let's say ASN 65000 and L2VNI 11000 would be 65000:11000.

You can use another logic like <tenant-number>:<L2VNI>

 

And now my thoughts: although technically it is possible to do it, why would you like to implement something like this. It would be quite difficult to keep track of the overlapping VNIs or Leaf-VNI-customer mapping or things like this, and it would be a nightmare to troubleshoot.

Though I am sure you have your reasons (and please share them if you can, I'm super curious) I must insist: go for a much simpler and cleaner solution - do not overlap VNIs. Allocate a specific range for each of your tenants. People were doing just fine with 4k vlans so far, so I guess if you allocate 10000 VNIs per tenant should be more then enough for anyone

 

Take care,

Sergiu

View solution in original post

5 Replies 5

Sergiu.Daniluk
VIP Alumni
VIP Alumni

Hi @s.ram 

What do you mean by "it is guaranteed that they don't have overlap at the leaf layer"?

"Can 2 tenants have the same L2VNI" -> You configure the SVIs for the L2VNIs in the tenant VRF (basically this is how you asociate the L3VNI/VRF/Tenant to L2VNI), so I would say, in normal operations you should not see overlaps, because you will notice problems with communication over L3VNI anyway. Also, the 16M VNIs should be large enough to avoid any potential vni overlap. 

 

Stay safe,

Sergiu

hi @Sergiu.Daniluk -

Thanks for getting back. Let's say 2 tenants. T1, T2. T1 VLANS are on Leaf1, Leaf2. T2 VLANs are on Leaf3, Leaf4.

T1 has a L3VNI 1000. T2 has a L3VNI 2000.

Can I have something like T1 L2VNI 1100 maps to VLAN 100, subnet 100.100.100/24 (SVIs in T1 VRF on Leaf1, Leaf2) and T2 L2VNI 1100 maps to VLAN 200, subnet 150.150.150/24 (SVIs in T2 VRF on Leaf3, Leaf4)?

All that is common is, the same L2VNI, 1100, is used in the fabric for both the VLANs.

Thanks.

 

Hmm interesting scenario. Now I get your question. Technically you can do it, but to have clear separation of the tenants, and avoid routes leaking between tenants you must configure statically the route target for L2VNI.

The auto derived route-target for let's say ASN 65000 and L2VNI 11000 would be 65000:11000.

You can use another logic like <tenant-number>:<L2VNI>

 

And now my thoughts: although technically it is possible to do it, why would you like to implement something like this. It would be quite difficult to keep track of the overlapping VNIs or Leaf-VNI-customer mapping or things like this, and it would be a nightmare to troubleshoot.

Though I am sure you have your reasons (and please share them if you can, I'm super curious) I must insist: go for a much simpler and cleaner solution - do not overlap VNIs. Allocate a specific range for each of your tenants. People were doing just fine with 4k vlans so far, so I guess if you allocate 10000 VNIs per tenant should be more then enough for anyone

 

Take care,

Sergiu

Hi @Sergiu.Daniluk -

This was a scenario that was brought up, and I'm hesitant signing up into such a scheme for the very reasons you mentioned. 

Thank you!

As a consultant, I always try to give my clients what they need, not what they want. It works in favor of both parties ^_^

Review Cisco Networking for a $25 gift card