HPE Community
Comware Based
1829586 Members
2102 Online
109992 Solutions
New Discussion

VXLAN and VLANs on same interface

 
SOLVED
Go to solution
Hugo29
Occasional Advisor

‎12-08-2020 03:38 PM

‎12-08-2020 03:38 PM

VXLAN and VLANs on same interface

Hi,

Do somebody know, is it possible to use on 5940 vlans and vxlans on the same interface?

When I added service instances with VSI vxlans to in production trunk interface, I got packet loss and service interuptions on some vlans. If I use vlans on one and vxlans on other, all is OK.  Is it something known or not?

Best Regards,

Hugo29 

0 Kudos
4 REPLIES 4
Ivan_B
HPE Pro

‎12-08-2020 11:11 PM

‎12-08-2020 11:11 PM

Re: VXLAN and VLANs on same interface

Hi @Hugo29 !

Is it Brigde-Aggregation or standalone interface?

 

I am an HPE employee

Accept or Kudo

0 Kudos
Hugo29
Occasional Advisor

‎12-09-2020 12:00 AM

‎12-09-2020 12:00 AM

Re: VXLAN and VLANs on same interface

Hi Ivan,

 

I tried and got packet loss on bri.  Is it a difference?

Interesting, how traffic is processed with service instances and bri interfaces? For SI it does not matter, which vlan is permitted and which not.  Even in phisical interfaces. From my understanding, at first should be processing at eth level, and then in bri. It means, that vlan should be permitted in eth trunk accesslist, and then sent to bri SI. But really SI works on bri only and doesn't matter, what is permitted in any trunk acl.

What would be best port configuration in such a situations for vxlan ccess ports? Leaving default access vlan1 can produce a cyclotron, when  vsi and service instance will go down. May be, best solution is to make some  unused vlans  for these ports?  If vsi will go down, port will be "parked" in it.

 

Best Regards,

Hugo29

 

  

0 Kudos
Ivan_B
HPE Pro

‎12-09-2020 04:16 AM

‎12-09-2020 04:16 AM

Solution

Re: VXLAN and VLANs on same interface

The issue you are experiencing is pretty known and it is a specific of 5940 platform. Actually, it is even described in the vxlan configuration guide:

A Layer 2 aggregate interface reflects back incoming flood traffic that does not match any Ethernet service instance on that interface. To solve this issue, you can assign the interface to an isolation group. The interface will stop reflecting back any incoming packets.

So in your case you will need to configure one isolation group per BAGG. For example for BAGG2 in your case that has following config:

interface Bridge-Aggregation2
description VLANTrunk-2 to Flex
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102 401 2510 2612
link-aggregation mode dynamic
stp edged-port
#
service-instance 401
encapsulation s-vid 401
xconnect vsi vsi401
#
service-instance 2510
encapsulation s-vid 2510
xconnect vsi vsi2510
#
service-instance 2612
encapsulation s-vid 2612
xconnect vsi vsi2612
#
interface FortyGigE2/1/25
 port link-mode bridge
 description VLANTrunk-2 FlexFabric 20/40 Bay2 Port Q1
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 101 to 102 401 2510 2612
 stp edged-port
 port link-aggregation group 2
#
interface FortyGigE2/1/26
 port link-mode bridge
 description VLANTrunk-2 FlexFabric 20/40 Bay2 Port Q2
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 101 to 102 401 2510 2612
 stp edged-port
 port link-aggregation group 2
#

 

you need to apply following commands:

system-view
#
port-isolate group 2
#
interface FortyGigE2/1/25
 port-isolate enable group 2
#
interface FortyGigE2/1/25
 port-isolate enable group 2
#


I think the idea is clear - one isolation-group per BAGG, all physical ports which are the BAGG's members should be included in that single isolation-group. This will fix your performance and intermittent connection issue, as it will effectively stop BUM traffic reflection.

As for the client-facing port (AC) configuration, if you want to intercept all untagged traffic and push it into VSI, you can use following config:

interface Ten-GigabitEthernet2/2/4
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
#
service-instance 1
encapsulation untagged
xconnect vsi vsi102

This effectively disables any traffic except the one entering VSI, you can check it by the "display interface <port>::

....
PVID: 1
MDI type: Automdix
Port link-type: Trunk
VLAN Passing: None
VLAN permitted: None
Trunk port encapsulation: IEEE 802.1q
....

 

Hope this helps!

 

 

I am an HPE employee

Accept or Kudo

Hugo29
Occasional Advisor

‎12-09-2020 04:42 AM

‎12-09-2020 04:42 AM

Re: VXLAN and VLANs on same interface

Hi Ivan,

Thank's! It was just I wanted.

 

Best regards,

Hugo29

0 Kudos
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.