01-26-2021 07:47 PM
Hi all-
This is regarding a multi-tenant DC fabric, using eVPN control plane. Each tenant has a separate L3VNI, for inter-L2VNI. And since it maps to the VRF, the L3VNI has to be unique for the customer.
What about the L2VNI? Can 2 tenants have the same L2VNI, if it is guaranteed that they don't have overlap at the leaf layer?
Thanks
Solved! Go to Solution.
01-27-2021 11:02 AM - edited 01-27-2021 11:04 AM
Hmm interesting scenario. Now I get your question. Technically you can do it, but to have clear separation of the tenants, and avoid routes leaking between tenants you must configure statically the route target for L2VNI.
The auto derived route-target for let's say ASN 65000 and L2VNI 11000 would be 65000:11000.
You can use another logic like <tenant-number>:<L2VNI>
And now my thoughts: although technically it is possible to do it, why would you like to implement something like this. It would be quite difficult to keep track of the overlapping VNIs or Leaf-VNI-customer mapping or things like this, and it would be a nightmare to troubleshoot.
Though I am sure you have your reasons (and please share them if you can, I'm super curious) I must insist: go for a much simpler and cleaner solution - do not overlap VNIs. Allocate a specific range for each of your tenants. People were doing just fine with 4k vlans so far, so I guess if you allocate 10000 VNIs per tenant should be more then enough for anyone
Take care,
Sergiu
01-27-2021 07:43 AM - edited 01-27-2021 08:01 AM
Hi @s.ram
What do you mean by "it is guaranteed that they don't have overlap at the leaf layer"?
"Can 2 tenants have the same L2VNI" -> You configure the SVIs for the L2VNIs in the tenant VRF (basically this is how you asociate the L3VNI/VRF/Tenant to L2VNI), so I would say, in normal operations you should not see overlaps, because you will notice problems with communication over L3VNI anyway. Also, the 16M VNIs should be large enough to avoid any potential vni overlap.
Stay safe,
Sergiu
01-27-2021 09:11 AM
hi @Sergiu.Daniluk -
Thanks for getting back. Let's say 2 tenants. T1, T2. T1 VLANS are on Leaf1, Leaf2. T2 VLANs are on Leaf3, Leaf4.
T1 has a L3VNI 1000. T2 has a L3VNI 2000.
Can I have something like T1 L2VNI 1100 maps to VLAN 100, subnet 100.100.100/24 (SVIs in T1 VRF on Leaf1, Leaf2) and T2 L2VNI 1100 maps to VLAN 200, subnet 150.150.150/24 (SVIs in T2 VRF on Leaf3, Leaf4)?
All that is common is, the same L2VNI, 1100, is used in the fabric for both the VLANs.
Thanks.
01-27-2021 11:02 AM - edited 01-27-2021 11:04 AM
Hmm interesting scenario. Now I get your question. Technically you can do it, but to have clear separation of the tenants, and avoid routes leaking between tenants you must configure statically the route target for L2VNI.
The auto derived route-target for let's say ASN 65000 and L2VNI 11000 would be 65000:11000.
You can use another logic like <tenant-number>:<L2VNI>
And now my thoughts: although technically it is possible to do it, why would you like to implement something like this. It would be quite difficult to keep track of the overlapping VNIs or Leaf-VNI-customer mapping or things like this, and it would be a nightmare to troubleshoot.
Though I am sure you have your reasons (and please share them if you can, I'm super curious) I must insist: go for a much simpler and cleaner solution - do not overlap VNIs. Allocate a specific range for each of your tenants. People were doing just fine with 4k vlans so far, so I guess if you allocate 10000 VNIs per tenant should be more then enough for anyone
Take care,
Sergiu
01-28-2021 11:23 AM
Hi @Sergiu.Daniluk -
This was a scenario that was brought up, and I'm hesitant signing up into such a scheme for the very reasons you mentioned.
Thank you!
01-28-2021 12:23 PM
As a consultant, I always try to give my clients what they need, not what they want. It works in favor of both parties ^_^
Discover and save your favorite ideas. Come back to expert answers, step-by-step guides, recent topics, and more.
New here? Get started with these tips. How to use Community New member guide