ENCS 5400 is a purpose built compute platform for branch networking. Multiple VNFs (virtual network functions) can be hosted in the ENCS platform with flexible connectivity options. This document provides use-case design overview step-by-step configuration for key design options with ENCS switch.

Overview of networking in NFVIS

NFVIS uses L2 physical and virtual entities to plumb traffic from LAN towards the WAN. There are multiple Layer2 software and hardware entities in a typical ENCS based design. OVS vswitch, SRIOV, ENCS switch(8 ports) and External switch.

 

It is important to understand the "network" construct in NFVIS.

wan-net, lan-net, mgmt-net are essentially port-groups (ports in vswitch with same characteristics), idea is to abstract and hide virtual ports, simplify configuration as a result.

For example :

Connect multiple VNFs to mgmt-net on lan-br vswitch (access, vlan 10).

Connect multiple VNFs to lan-net on lan-br vswitch (trunk-> allowing vlan 20, 30).VNF lan side connection
ENCS switch connection

For making a connection from VNF towards a user on the lan side, at a minimum, OVS or SRIOV and ENCS Switch connectivity must be configured. Similar to connecting 2 physical switches, OVS vswitch and ENCS switch have 4 possible configuration possibilities. 

1. OVS network Trunk <-> ENCS Switch Trunk
   • Use OVS network Trunk when a Router/like VNF that is capable of dot1q tagging sends tagged towards LAN side.
   • ENCS Switch Trunk is relevant when connecting to external Switch or a dot1q enabled Router.
2. OVS network Access <-> ENCS Switch Access 
   • OVS network Access is relevant when using a VNF that is not capable of tagging traffic. Create a network in Access mode and connect VNF vnic to network, NFVIS will VLAN tag on behalf of the VNF.
   • ENCS Switch Access is relevant when connecting to PC or device that is expecting untagged traffic.
3. OVS network Access <-> ENCS Switch Trunk
   
   • OVS network Access is relevant when using a VNF that is not capable of tagging traffic. Create a network in Access mode and connect VNF vnic to network, NFVIS will VLAN tag on behalf of the VNF.
   • ENCS Switch Trunk is relevant when connecting to external Switch or a dot1q enabled Router.
4. OVS network Trunk <-> ENCS Switch Access
   • Use OVS network Trunk when a Router/like VNF that is capable of dot1q tagging sends tagged towards LAN side.
   • ENCS Switch Access is relevant when connecting to PC or device that is expecting untagged traffic.Configure ENCS Switch via GUI

Configure OVS Trunk <-> ENCS SwitchOVS Trunk to ENCS switchTrunk, Access

ENCS-Left(config)# switch

ENCS-Left(config-switch)# vlan 20

ENCS-Left(config-switch-vlan)# vlan 30

ENCS-Left(config)# switch interface gigabitEthernet 1/1

ENCS-Left(config-switch-if)# switchport mode access

ENCS-Left(config-switch-if)# switchport access vlan 20

ENCS-Left(config-switch-if)# interface gigabitEthernet 1/7

ENCS-Left(config-switch-if)# switchport mode trunk

ENCS-Left(config-switch-if)# switchport trunk allowed vlan 20,30

ENCS-Left(config-switch-if)# commit

ENCS-Left(config)# networks network lan-net

ENCS-Left(config-network-lan-net)# vlan 20

ENCS-Left(config-network-lan-net)# vlan 30

ENCS-Left(config-network-lan-net)# commit

Configure OVS Access <-> ENCS Switch TrunOVS Access to ENCS Switchk, Access

ENCS-Left(config)# switch interface gigabitEthernet 1/7

ENCS-Left(config-switch-if)# switchport mode trunk

ENCS-Left(config-switch-if)# switchport trunk allowed vlan 10

ENCS-Left(config-switch-if)# interface gigabitEthernet 1/1

ENCS-Left(config-switch-if)# switchport mode access

ENCS-Left(config-switch-if)# switchport access vlan 10

ENCS-Left(config-switch-if)# commit

ENCS-Left(config)# networks network mgmt-net

ENCS-Left(config-network-mgmt-net)# bridge lan-br

ENCS-Left(config-network-mgmt-net)# trunk false

ENCS-Left(config-network-mgmt-net)# vlan 10

 

Combined OVS Trunk&Access and ENCS Switch Trunk&Access configuration

OVS and ENCS Switch design

ENCS Switch Spanning Tree configuration 

When using Cisco ENCS and Cisco Switches, common expectation is to use PVST+, detect loops and switch specific ports to BLOCKING mode.

ENCS switch does NOT support PVST (Per VLAN spanning tree). By Default, RSTP could end up blocking ENCS port back-to-back connection, this will result in Blocking “Traffic path between the VNFs”.

MSTP required in ENCS High Availability design

 

Recommended Solution is to use MSTP in ENCS and the External Switches. Following topology and configuration provides a step-by-step procedure with reasoning for specific config use.

Essentially, there are 2 instances of MSTP created. One for handling “Traffic path between VNFs” and the Second for handling “Traffic from/towards LAN”.

Note : Ensure that the MST instance id is identical in the participating switches with, also match the VLAN id's associated with MST instances. 

 

NOTE: In cases where External Switch cannot be configured for MSTP, RSTP will be used and the 2 links back-2-back between ENCS will not be in port-channel.

• One the links would carry “Traffic between VNFs” with “disable spanning tree” configured. The second back-to-back link between ENCS will process RSTP and forward/block for the ‘Traffic from/towards LAN”.
• From each of the ENCS, a 3^rd physical link will connect to the External switch. This will also forward/block for the ‘Traffic from/towards LAN” depending on the RSTP decisions.

Refer attached ENCS HA design for further details.