Buy or Renew
Buy or Renew
Cisco + Splunk: It’s a new day for your data. Learn more.
 
cancel
Turn on suggestions
Auto-suggest helps you quickly narrow down your search results by suggesting possible matches as you type.
Showing results for 
Search instead for 
Did you mean: 
cancel
Start a conversation
785
Views
0
Helpful
3
Replies

Service Tags/VLANS- Cloud Provider for Azure & AWS

jamesupcott1
Level 1
Level 1

‎04-20-2017 04:46 AM - edited ‎03-08-2019 10:16 AM

A customer of mine has an infrastructure setup to directly connect end customers into Microsoft Azure via Express Route. My customer uses Nexus 9K spine and leaves.

They currently only offer connectivity into Azure which works fine. The customer is assigned an S-Tag (Vlan) from Microsoft which is configured on my customers leaf switches, and then all VLAN's are trunked through to Microsoft for connectivity into Azure.

They now want to become a connectivity option for AWS Direct Connect. The concept is exactly the same and I have no issues with the configuration, however my concern is that Microsoft and AWS assign the customer their S-Tag (VLAN), which has the potential to clash, so if I am using the same leaf switch for Azure and AWS connectivity, what is the best way for me to set this up when there is the potential of a VLAN clash between Azure and AWS? Or is it simply not possible? Example a customer is assigned S-Tag 2 for Azure, and another S-Tag 2 for AWS.

My main objective is to utilise the existing equipment they have, giving the customers an option of either cloud service.

Regards

James

Labels:
0 Helpful
3 Replies 3

Reza Sharifi
Hall of Fame
Hall of Fame

‎04-20-2017 10:21 AM

As far as I know, AWS direct connect (DX) can only be done using layer-3 routed port or using sub-interfaces (depending on how many VPCs you have) with static routes or BGP and not just layer-2 trunk.

Can you verify?

HTH

0 Helpful

jamesupcott1
Level 1
Level 1
In response to Reza Sharifi

‎04-21-2017 02:15 AM

Hi Reza

Thanks for your reply.

Yes the end customer and Azure/AWS router end uses a layer 3 port with subinterfaces and BGP configured.

However my client is a Layer 2 connectivity provider (Middle man). An example would be: Customer A's Router plugs into my client layer 2 nexus switch, where the S-Tag is applied to the incoming traffic (Q-in-Q) on a dot1q-tunnel port, then it exits the switch on a trunk to microsofts/AWS router where they strip the S-Tag's their end.

As my customer is a layer 2 provider they are only concerned with the S-Tag's (VLANS), and my concern is that if AWS and Microsoft use conflicting ID's which will definitely happen.

Regards

James

0 Helpful

Reza Sharifi
Hall of Fame
Hall of Fame
In response to jamesupcott1

‎04-22-2017 09:59 AM

 Hi James,

I have never worked with Microsoft cloud tech support but I know that AWS support is very good and flexible.  You or your customer can work with their support to make sure there are no conflicting IDs. 

HTH

0 Helpful
Getting Started

Find answers to your questions by entering keywords or phrases in the Search bar above. New here? Use these resources to familiarize yourself with the community:

Customers Also Viewed These Support Documents
Review Cisco Networking products for a $25 gift card