Design & Build

Data Center Infrastructure-Deployment Guide: VCS Fabric with Virtual Fabrics

by ‎06-09-2014 11:02 AM - edited ‎08-06-2014 08:57 AM (5,781 Views)

SYNOPSIS: Brocade VCS Fabric Technology includes the Virtual Fabric (VF) feature that logically divides a physical VCS Fabric into multiple securely isolated networks each with their own VLAN address space. The VF feature simplifies network configuration and management in multi-tennant environments.

 

 

Preface

 

Overview

This document provides design guidance for deployment of Brocade’s VCS Fabric Virtual Fabric (VF) feature with Brocade Network Operating System (NOS) release 4.1.0.

 

Audience

This document is intended for network design and operation staffs who are interested in deploying the Brocade VCS Virtual Fabric feature for datacenter virtualization.

 

Objectives

This design guide provides guidance and recommendations for deployment of the Brocade VCS Virtual Fabric feature for datacenter virtualization.

 

Related Documents

The following documents are valuable resources for the network designer. In addition, any Brocade release notes that have been published for Brocade VDX Switches should be reviewed.

 

References

 

Brocade®(NASDAQ: BRCD)networking solutions help the world’s leading organizationstransition smoothly to a world where applications and information reside anywhere.This vision is designed to deliver key business benefits such as unmatched simplicity, non-stop networking, application optimization, and investment protection.

 

Innovative Ethernet and storage networking solutions for datacenter, campus, and service provider networks help reduce complexity and cost while enabling virtualization and cloud computing to increase business agility.

 

To help ensure a complete solution, Brocade partners with world-class IT companies and provides comprehensive education, support, and professional services offerings. (www.brocade.com)

 

Key Contributors

The content in this guide was developed by the following key contributors.

  • Lead Architect: Chris Yoon, Strategic Solutions Lab

Document History

Date                  Version        Description

2014-6-09         1.0                  Initial Release

 

Introduction

 

Network Requirements

Various types of datacenters found at cloud service providers and enterprises require secure multi-tenancy. Brocade’s VCS Fabric technology with the VCS Virtual Fabric feature is designed to meet the requirements for a variety of multi-tenancy configurations as shown in the figure below.

 

NetworkRequirementsforMulti-tenancy.jpg

   Network Requirements for Multi-tenancy

 

A similar feature is available in Brocade’s Fabric Operating System (FOS) for storage area networks (SAN). The FOS Virtual Fabric feature works only with Fibre Channel networks while the NOS Virtual Fabric feature works with Brocade’s implemenation of an Ethernet Fabric, called Brocade VCS Fabric, available with Brocade’s VDX Family of switches.

 

Virtual Fabric Introduction

Brocade VCS Fabric technology is based on TRILL and the Virtual Fabric feature introduced in Brocade NOS release 4.1.0 implementes TRILL Fine-Grained Labels (IETF RFC# 7172). A Brocade Virtual Fabric (VF) is similar to a TRILL Logical Fabric. A VF is allocated to each tenant whose traffic is being transported over the same physical VCS Fabric. Fine Grained Labels permit up to 16 million VF but the number supported in a VCS Fabric is release dependent. Each VF contains its own VLAN address space so the same VLAN can exist in multiple Virtual Fabrics within the same physical VCS Fabric. Brocade’s NOS 4.1.0 release the Virtual Fabric feature provides the following capabilities, a Service VF and a Transport VF.

 

  • A Service VF expands the conventional 12-bit 802.1Q address’ space to 24-bits and increases the total VLANs to 8K. The increased VLAN address space provides a multi-tenancy solution to separate data plane traffic between overlapping customer VLAN domains in large datacenter networks. Each Service VF is identified by a 24-bits VCS fabric wide Virtual Fabric ID, allowing the customer to address beyond >4K 8021.Q VLANs. This Virtual Fabric ID places multiple tenants occupying the same VLAN domain into different Virtual Fabric forwarding domains, in essence, isolating the data plane traffic for each tenant.

 ServiceVFForMultiTenantWithSameVCSFabric.jpg

   Service Virtual Fabric for Multi-tenants on Same VCS Fabric

 

  • A Transport VF enables the service for a group of VLANs rather than per individual VLAN. The group of VLANs is used by a specific tenant’s applications. All the VLANs in the VLAN group share the same Layer 2 forwarding domain.

 TransportVFUsedForGroupsofVLANs .jpg

   Transport Virtual Fabric with VLAN Groups

 

  • VF can be extended between sites using Layer 2 or Layer 3 network infrastructure. 

 

Service Virtual Fabric

When a cloud service provider provisions the virtual DC by replicating server rack PODs across server ports, different tenant domains exist but with overlapping 802.1Q VLANs at the server ports. The tenant domain isolation is achieved by mapping the 802.1Q VLAN at each VDX switch interface to a different VF forwarding domain. This capability allows the VCS Fabric to support more than the 4K VLANs permitted by the conventional 802.1Q address space.

 

ServiceVirtualFabricUseCase.jpg

   Service Virtual Fabric Use Case

 

The diagram below illustrates the Service VF deployment model for multi-tenancy and overlapping VLANs. The datacenter has three PODs All three PODs (ESXi 1-3) have the identical pre-installed configuration.  Each POD supports two tenants. Tenant 1 and Tenant 3 have two applications running on VLAN 10 and VLAN 20. Tennant 2 and 4 have one application each running on VLAN 30. Tenant 1 and Tenant 2 currently run on ESXi1 and ESXi2 while Tenant 3 and 4 applications run on ESXi3.  With Service VF, the same VLANs (VLAN 10, 20) can be used for Tenant 1 and 3 yet their traffic is logically isolated into separate Service VFs (5010 and 5020 for Tennant 1 and 6010 and 6020 for Tenant 3). Similarly, the same VLANs for Tenant 2 and Tenant 4 are isolated into separate Service VFs (6030 for Tenant 2 and 6030 for Tenant 4).

 

ServiceVFDeploymentModel.jpg

   Service VF Deployment Model

 

Based on the mapping of each tenant’s individual VLANs to Service VF, we can create solutions to address the following key network requirements identified earlier for the multi-tenancy models:  

 

  • Need to offer a service on specific VLANs
  • Need a set of Individual VLANs across multiple VMs to provide connectivity

Multi-tenancyUseCasesforServiceVF.jpg

   Multi-tenancy Use Cases forService VF

 

Transport Virtual Fabric (VF)

Transport VFs enable the cloud provider to offer a service on a specific group of VLANs rather than per individual tenant VLAN. The offered service can only be associated with a single Transport VF that collectively represents all the VLANs in the group that participate in this service. Therefore, all the VLANs in the group share the same Layer 2 forwarding domain, and individual VLAN isolation is not maintained in the Transport VF. Each VLAN group is assigned to a unique Transport VF forwarding domain providing traffic isolation for overlapping VLAN groups. Transport VFs terminate at the Edge Port of the VCS Fabric: the TRILL header is removed, and the frame exits the edge port with its original 802.1Q VLAN header. So, individual VLAN isolation is maintained at the edge port.

 

Another use case for Transport VF is when multiple tenants lease servers in a datacenter and require transparent LAN connectivity across the servers. The cloud service provider creates transport solutions with Transport VFs to carry a bundle of VLANs via Virtual Fabric classification of many-to-one mapping.

 

For example as shown below, Tenant 1 (in Grey) and Tenant 2 (in Blue) lease servers in a datacenter and require transparent LAN connectivity between their individual leased servers as shown below. The servers may be virtualized or non-virtualized. Traffic must be isolated so Tenant 1 traffic between Grey servers is secured from Tenant 2 traffic between Blue servers. The cloud service provider creates a separate Transport VF for Tenant 1 and Tenant 2. Each Transport VF provides transparent VLAN connectivity between the tenant’s leased servers for that tenants group of VLANs.

 

TransportVFforMultipleTenantLeasedServers.jpg 

   Transport VF for Multiple Tenant Leased Servers

 

As illustrated below, each tenant’s group of Layer 2 VLANs is mapped to a Transport Virtual Fabric providing secure traffic between servers at different locations (on-site or between datacenter sites) uisng common physical network infrastructure.

 

Multi-tenancyUseCasesforTransportVirtualFabric.jpg

   Multi-tenancy Use Cases for Transport Virtual Fabrics

 

Solution Architecture

 

H/W and S/W Requirements

The Virtual Fabric feature is supported only on VDX 8770, VDX 6740, VDX 6740T, and VDX 6740T-1G switches with the NOS 4.1.0 software release or higher. The VCS Fabric must be operating in Logical Chassis mode.  

 

Note: Make sure the VCS Fabric includes only Virtual Fabric capable switches.  If attempting to enable Virtual Fabric in a fabric containing unsupported platforms (that is, VDX 6410, VDX 6420, or VDX 6430) the VCS Fabric will segment. Similarly, if attempting to add an unsupported platform to a VCS Fabric with the Virtual Fabric feature enabled, the unsupported switches will not join the fabric.

 

Virtual Fabric Feature Only VDX 6740 Switches

In the NOS 4.1.0 software release, when a VCS Fabric consists of VDX 6740/6740T switches, the maximum number of supported Virtual Fabrics is 2,000 and up to 1,000 of these can be Transport VFs. For example, if there are 1,000 Transport VFs in a VCS Fabric, then 1,000 Service VFs are supported if any Transport VF are deployed. If there are no Transport VF deployed then 2,000 Service VFs can be defined in the VCS Fabric.

 

Virtual Fabric Feature with Only VDX 8770 Switches

In the NOS 4.1.0 software release, when a VCS Fabric has only VDX 8770 switches, the maximum number of supported Virtual Fabrics is 8,000 with up to 1,000 of these available for Transport VF. For example, if there are 1,000 Transport VF in a VCS Fabric, then a maximum of 7,000 Service VFs can be deployed. If there are no Transport VF deployed, then up to 8,000 Service VF can be deployed in the VCS Fabric.

 

Virtual Fabric Feature with Mix of VDX 8770 and VDX 6740 Switches

In the NOS 4.1.0 software release, when a VCS Fabric include VDX 8770 and VDX6470/6470T switches, the maximum number of supported Virtual Fabrics is 2,000 and up to 1,000 of these can be configured as Transport VFs. For example, if there are 1,000 Transport VFs in the VCS Fabric, then 1,000 Service VFs are supported. If there are no Transport VFs, then up to 2,000 Service VFs can be configured in the VCS Fabric.

 

Typical Deployment

 

Service Virtual Fabric Deployment

This section shows how to deploy the Service VF with VMware ESXi servers hosting multiple tenant VMs with overlapping and non-overlapping 802.1Q VLANs. Mapping each tenant’s VLANs to a separate Service VF allows overlapping VLANs to co-exist without changing VLAN assignments used by the VMs.

 

Deployment Scenario

As shown in the figure below, the network has four switches, two VDX 8770s and two VDX 6740s, in a VCS Fabric configured in Logical Chassis mode. Four tenants’ VMs in four ESXi servers are used to forward VLAN traffic across Service VFs. Each ESXi server supports two tenants. Each tenant VMs’ VLAN is provisioned as shown below:

 

  • Tenant 1 and Tenant 3 have two VMs assigned to VLAN 10 and VLAN 20.
  • Tenant 2 has two VMs assigned to VLAN 30 and VLAN 1000.
  • Tenant 4 has two VMs assigned to VLAN 30 and VLAN 2000.

 

Therefore, VLAN 10 and VLAN 20 are overlapping for Tenant 1 and Tenant 3, and VLAN 30 is overlapping for Tenant 2 and Tenant 4 and VLAN 1000 for Tenant 2 and VLAN 2000 for Tenant 4 are unique.

 

ServiceVFExampleConfiguration.jpg

   Service VF Example Configuration

 

Service VF Mapping Table

The following table shows how Virtual Fabric IDs are assigned to for the four tenants to prevent VLAN ID overlap in the VCS Fabric.

 

Service

Virtual Fabric ID

Tenant Name

VM Name

Original 802.1Q VLAN

1000

Tenant 2

VM14, VM24

VLAN 1000

2000

Tenant 4

VM34, VM44

VLAN 2000

5010

Tenant 1

VM10, VM20

VLAN 10

5020

Tenant 1

VM11, VM21

VLAN 20

5030

Tenant 2

VM13, VM23

VLAN 30

6010

Tenant 3

VM30, VM40

VLAN 10

6020

Tenant 3

VM31, VM41

VLAN 20

6030

Tenant 4

VM33, VM43

VLAN 30

   Table 1: Service VF Mapping Table

 

Both Tenant 1 and 3 use the same VLANs; 10 and 20. Both Tenant 2 and 4 use VLAN 30. Eight Service VFs isolate the data plane traffic while preserving the original VLAN assigned to the VMs.

 

  • Tenant 1 VLAN 10 and 20 are mapped to Virtual Fabric ID 5010 and 5020 respectively
  • Tenant 3 VLAN 10 and 20 are mapped to Virtual Fabric ID 6010 and 6020 respectively
  • Tenant 2 VLAN 30 is mapped to Virtual Fabric ID 5030
  • Tenant 4 VLAN 30 is mapped to Virtual Fabric ID 6030
  • Tenant 2 VLAN 1000 and Tenant 4 VLAN 2000 don’t overlap. They are each mapped to a Service VF number matching the VLAN number.

 

Service VFs’ Configuration

See “Service Virtual Fabric Deployment Configuration” section in the Configuration, Diagnose and Troubleshooting etc.

 

Conclusion

This deployment example shows Service VF is multi-tenancy solution to provide connectivity for tenant purchase VMs occupying overlapping or non-overlapping 802.1Q VLANs in public cloud IaaS and enterprise private cloud, isolating data plane traffic for each tenant. 

 

Transport Virtual Fabric Deployment

This section describes an example scenario deploying the Transport VFs to provide transport solutions for tenants with leased servers and a group of 802.1Q VLANs that may or may not overlap. 

 

Deployment Scenario

As shown in the figure below, the network has four switches, two VDX 8770s and two VDX 6740s, in a VCS Fabric configured in Logical Chassis mode. Tenant 5 leases ESXi1 and ESXi4 servers from a managed hosting and colocation provider. Tenant 6 leases servers ESXi2 and ESXi3 servers from the same provider. Each server has four VMs. Each tenant requires the same 802.1Q VLANs in the range 1001 – 1004.

 

The Transport VFs aggregate a group of VLANs across the VCS Fabric between each tenant’s leased servers in two different provider locations. Each tenant has access to the same VLANs but the VCS Fabric keeps their traffic logically isolated.

 

TransportVFExampleConfiguration.jpg

   Transport VF Example Configuration

 

Transport VFs Mapping Table  

The following table shows how Transport VFs are assigned to each tenant’s VLANs.

 

Transport

Virtual Fabric ID

Tenant Name

VM Name

Original 802.1Q VLAN

5050

 

Tenant 5

 

VM50, VM54

VLAN 1001

VM51, VM55

VLAN 1002

VM52, VM56

VLAN 1003

VM53, VM57

VLAN 1004

6050

Tenant 6

VM60, VM64

VLAN 1001

VM61, VM65

VLAN 1002

VM62, VM66

VLAN 1003

VM63, VM67

VLAN 1004

   Table 2: Transport VF to Tenant VLAN Group Mapping

 

Both Tenant 5 and 6 use the same VLAN range 1001 - 1004. The Transport VFs maintain logical traffic isolation so no changes are required to the tenant VM configurations.

 

Transport VFs’ Configuration

See “Transport Virtual Fabric Deployment Configuration” section in the Configuration, Diagnose and Troubleshooting etc. 

 

Conclusion

This deployment example shows Transport Virtual Fabric is multi-tenancy solution to provide connectivity for a bundle of VLANs across multiple servers occupying overlapping 802.1Q VLANs in Managed Hosting and Colo. 

 

Deployment Considerations

  • The Virtual Fabric feature is only supported in VCS Fabric Logical Chassis mode.
  • The VDX 6740 and VDX 8770 switches are the only models supporting the VF feature. The following limitations exist:

      o   MAC-based classification is not supported.

      o   Duplicate MACs within a Virtual Fabric are not supported.

 

Service VF Deployment Considerations

  • Layer-2/Layer-3 service configurations are supported on a Service VF. This means AMPP, xSTP, PVLAN, RSPAN, ACL, VE and IGMP snooping configurations are supported for a Service VF.
  • Tagged control traffic received on a Service VF is governed by its respective protocol configuration.

 

Transport VF Deployment Considerations

  • All end-stations that participate in a Transport VF must have unique MAC addresses.
  • All interfaces participating in a Transport VF must have the same VLAN range mapping.
  • Transport VF configuration is only supported on a VCS Fabric Edge Port in trunk mode. 
  • Both Service VFs and Transport VFs can coexisted on  the same edge port. A different C-TAG is assigned to the Service and Transport VFs.
  • Multiple Transport VFs can be configured on the same port.
  • Transport VF classification can be based on any of the following:

     o   A C-TAG range

     o   The native VLAN

     o   Default traffic (any nonmatching data traffic)

 

  • Layer-2/Layer-3 or any other service configurations are not supported on a Transport VF. This means AMPP, xSTP, PVLAN, RSPAN, ACL and VE configurations are not allowed on a Transport VF.
  • Control traffic is classified and handled as follows:

     o   Untagged control traffic is not subject to Transport VF classification rules. It is handled according to the

          respective protocol configuration, i.e., trapped, dropped or forwarded.

     o   Tagged control traffic received on a Transport VF is forwarded as is data traffic.

     o   PVST cannot be established on the transport VF and is always in the shutdown state.

 

  • A VXLAN VNI cannot be mapped to a Transport VF.

 

Using a Virtual Fabric with Port Profiles

 

Automatic Migration of Port Profiles (AMPP)

 

Port-Profile Domain

In NOS 4.1.0, port-profile domains are introduced to define the scope of VM mobility in Service VFs and VCS fabric can be partitioned into port-profile domains. A domain consists of a set of port-profiles where Virtual Fabrics do not have overlapping traditional 802.1Q VLAN (that is, ctag) classifications. Therefore, the scope of VM mobility is defined by the set of port-profiled ports where the port-profile domain is applied as shown in the diagram below

 

Port-ProfileDomains.jpg

   Port-Profile Domains

 

Each port-profiled port is associated with a port-profile (PP) domain. For example, as shown in the diagram, port “P1” of RB1 is associated with the PP domain of “PP Domain 1”, and port “P2” of RB1 is associated with the port-profile domain of “PP Domain 2”.

 

A port-profile may be associated with multiple port-profile domains. However, the following shows an example where the port-profile of Tenant1_PP cannot be associated to vDC1 and vDC2 port-profile domains because of conflicting classifications:

 

===============

port-profile-domain vDC1

 port-profile Tenant1_PP

 port-profile Tenant2_PP

 

!--- Port-profile Tenant1_PP and Tenant2_PP are associated to port-profile-domain vDC1.

 

port-profile-domain vDC2

 port-profile Tenant3_PP

 port-profile Tenant4_PP

 

!--- Port-profile Tenant3_PP and Tenant4_PP are associated to port-profile-domain vDC2.

 

port-profile Tenant1_PP

 vlan-profile

  switchport

  switchport mode trunk

  switchport trunk allowed vlan add 5010 ctag 10

switchport trunk allowed vlan add 5020 ctag 20

 

!--- Port-profile Tenant1_PP has Virtual Fabric classifications on a trunk edge port.

 

port-profile Tenant2_PP

 vlan-profile

  switchport

  switchport mode trunk

switchport trunk allowed vlan add 5030 ctag 30

 

!--- Port-profile Tenant2_PP has Virtual Fabric classification on a trunk edge port.

 

port-profile Tenant3_PP

 vlan-profile

  switchport

  switchport mode trunk

  switchport trunk allowed vlan add 6010 ctag 10

switchport trunk allowed vlan add 6020 ctag 20

 

!--- Port-profile Tenant3_PP has Virtual Fabric classifications on a trunk edge port.

 

port-profile Tenant4_PP

 vlan-profile

  switchport

  switchport mode trunk

switchport trunk allowed vlan add 6030 ctag 30

 

!--- Port-profile Tenant4_PP has Virtual Fabric classifications on a trunk edge port.

===============

 

In this example, two port-profile domains of vDC1 and vDC2 are configured and the port-profile of Tenant1_PP is associated with the port-profile domain of vDC1. When Tenant1_PP is associated with the port-profile domain of vDC2, an error message is displayed as shown below.

 

VCS10-RB2(config)# port-profile-domain vDC1

VCS10-RB2(config-port-profile-domain-vDC1)# port-profile Tenant3_PP

%Error : port-profile conflicts with other port-profiles of the domain.

 

Since the port-profile of Tenant3_PP is overlapping with the port-profile of Tenant1_PP in 802.1Q VLAN classification and the Service VF classification cannot overlap across port-profiles in the same port-profile domain, then this is an illegal assignment.

 

Note: In NOS 4.1.0, vCenter auto-profile does not support Virtual Fabric classification, and therefore, a network administrator must explicitly configure port-profile for Virtual Fabric as shown below:     

 

===============

port-profile Tenant1_PP

 vlan-profile    

  switchport

  switchport mode trunk

  switchport trunk allowed vlan add 6010 ctag 10

  switchport trunk allowed vlan add 6020 ctag 20

       

!--- Port-profile Tenant1_PP has Virtual Fabric classifications on a trunk edge port.

 

port-profile Tenant1_PP activate

port-profile Tenant1_PP static 0050.5698.00e6

port-profile Tenant1_PP static 0050.5698.2e4b

port-profile Tenant1_PP static 0050.5698.4cad

port-profile Tenant1_PP static 0050.5698.7922

 

!--- Port-profile Tenant1_PP is activated, and the VM’s mac-addresses for Tenant 1 are configured                                                                  

===============

 

Default Port-Profile Domain 

 

Overview

After upgrading to NOS 4.1.0, a default port-profile domain is created to maintain AMPP behavior when the Virtual Fabric is not utilized. The default PP domain contains all the existing user created port-profiles, vCenter created auto-profiles prior to the upgrade, and a port-profile of UpgradedVlanProfile as shown below.

 

===============

port-profile-domain default

 port-profile UpgradedVlanProfile

 port-profile auto_VC217_datacenter-21_Dep1_Network

 port-profile auto_VC217_datacenter-21_LNX_http_VLAN100

 port-profile auto_VC217_datacenter-21_Management

 port-profile auto_VC217_datacenter-21_Management+Network

 port-profile auto_VC217_datacenter-21_PG100

 port-profile auto_VC217_datacenter-21_PG101

 port-profile auto_VC217_datacenter-21_PG512

 port-profile auto_VC217_datacenter-21_PG7

 port-profile auto_VC217_datacenter-21_Private100

 port-profile auto_VC217_datacenter-21_Private200

 port-profile auto_VC217_datacenter-21_SAP_HANA

 port-profile auto_VC217_datacenter-21_SAP_HANA2

 port-profile auto_VC217_datacenter-21_SAP_HANA3

 port-profile auto_VC217_datacenter-21_VCS

 port-profile auto_VC217_datacenter-21_VM+Network

 port-profile auto_VC217_datacenter-21_VM+Network10

 port-profile auto_VC217_datacenter-21_VM+Network20

 port-profile auto_VC217_datacenter-21_VM+Network30

 port-profile auto_VC217_datacenter-21_VM+Network50

 port-profile auto_VC217_datacenter-21_VM+Network51

 port-profile auto_VC217_datacenter-21_VMkernel

 port-profile auto_VC217_datacenter-21_VMkernel+2

 port-profile auto_VC217_datacenter-21_Virsto+Host+Kernel+Port

 port-profile auto_VC217_datacenter-21_Virsto+Private+NAS+Network

 port-profile auto_VC217_datacenter-21_Win_VLAN150

 

!--- After upgrade to NOS 4.1.0, a port-profile domain of default is created to maintain AMPP behavior when Virtual Fabric is not deployed, and therefore, this default domain contains all the existing user created port-profile and vCenter created auto-profiles prior to upgrade, and a port-profile of UpgradedVlanProfile.

 

 

port-profile UpgradedVlanProfile

 vlan-profile

  switchport

  switchport mode trunk

switchport trunk allowed vlan all

 

!--- The port-profile of UpgradedVlanProfile is automatically created port profile in NOS 4.1.0. This port-profile is the single vlan profile that contains the “switch port trunk allow vlan all”, so it replaces default port-profile in prior release. In NOS 4.1.0, the “switch port trunk allow vlan all” is removed from default port-profile.

 

 

port-profile default

 vlan-profile

  switchport

  switchport mode trunk

switchport trunk native-vlan 1

 

!--- In NOS 4.1.0, the “switch port trunk allow vlan all” is removed from default port-profile.

 

 

interface Te 1/0/1

port-profile-port

 

!--- In NOS 4.1.0, when “port-profile-port” only is configured an interface without associating a port-file domain or port-profile, default port-profile-domain is applied to the interface.  

===============

 

The port-profile of “UpgradedVlanProfile” is automatically created. This PP is the single VLAN profile that contains the “switch port trunk allow vlan all”, so it replaces the default PP in prior releases. In NOS 4.1.0, the “switch port trunk allow vlan all” is removed from the default port-profile. In NOS 4.1.0, when “port-profile-port” is configured on an interface without associating a port-file domain or port-profile, the default port-profile-domain is applied to the interface.

 

Default Port-Profile Domain with Virtual Fabric Enabled

When Virtual Fabric is enabled with the “vcs Virtual Fabric enable” command, the following rules apply:

 

  • The network administrator can edit the UpgradedVlanProfile just like any other port-profile.  
  • A new port-profile is not automatically added to the default domain. It can only be explicitly added to, or removed from, the default profile-domain.
  • vCenter managed auto-profiles continues to add/delete automatically into/from the default port-profile domain.

Note: In NOS 4.1.0, vCenter auto-profile does not support Virtual Fabric classification and therefore, a network administrator must explicitly configure port-profile for Virtual Fabric IDs.

 

  • The network administrator is allowed to edit the default-profile-domain.
  • The network administrator is not allowed to delete the default-profile-domain.

 

Default Port-Profile Domain with Virtual Fabric Disabled

When Virtual Fabric is disabled in a VCS Fabric, the following rules apply:

 

  • The network Administrator can edit the UpgradedVlanProfile just like any other port-profile.  
  • A newly created user port-profile or vCenter auto-profile is automatically added to the default profile-domain.
  • A deleted user or auto port-profile is automatically deleted from the default profile-domain.
  • The network administrator is not allowed to edit the default-profile-domain.

 

Default Port-Profile Domain Deployment Example

This section describes an example scenario deploying port-profile domains to define the scope of VM vMotion for multiple tenant VMs running overlapping 802.1Q VLANs.

 

Deployment Scenario

The network consists of four switches, two VDX 8770s and two VDX 6740s in VCS Fabric Logical Chassis mode. VMs in four ESXi servers are used to forward VLAN traffic in the Virtual Fabric. Each ESXi server supports two tenants. ESXi1 and ESXi2 have Tenant 1 and 2, and ESXi3 and ESXi4 have Tenant 3 and 4 VMs. Both Tenant 1 and 3 have two VMs running on VLAN 10 and 20. The other tenants have one VM running on VLAN 30. Therefore, a total of four Tenant VMs with overlapping VLANs are provisioned as shown below. 

 

To define the scope of VM vMotion, the VCS fabric is partitioned into 2 port-profile domains, vDC1 and vDC2. vDC1 is the domain for Tenant 1 and 2 and vDC2 is the domain for Tenant 3 and 4.

 

The VCS Fabric is partitioned into port-profile domains to define the scope of VM vMotion when the AMPP port-profile of each tenant’s Virtual Fabric classification is configured.

 

PortProfileDomainExample.jpg

    Port-Profile Domain Example

 

VMs and Virtual Machine Port-Group in VMware vCenter

In VMware vCenter, the VMs on the ESXi servers, Virtual Machine Port-Groups and “vMotion192” for vMotion network are represented as shown below.

 

vDC1 is the domain for Tenant 1 and 2 and vDC2 is the domain for Tenant 3 and 4 for the scope of a VM motion. Therefore, vDC1 and vDC2 folders in VMware vCenter are created for Tenant 1 VMs and Tenant 2 VMs respectively so that VM vMotion is allowed between the ESXi servers in the same folder.  

 

VMPortGroupinVMwarevCenter.jpg

   VM Port Group in VMware vCenter

 

Service VFs and VMs MAC Address Table

The following table shows how Service VF IDs are assigned to VMs and VLANs for each tenant.

 

Service

Virtual Fabric ID

Tenant name

VM name (VM mac address)

Original 802.1Q VLAN

5010

Tenant 1

VM10 (0050.5698.26ab)

VM20 (0050.5698.0ae3)

VLAN 10

5020

Tenant 1

VM11 (0050.5698.643c)

VM21 (0050.5698.694f)

VLAN 20

5030

Tenant 2

VM13 (0050.5698.6d20)

VM23 (0050.5698.473c

VLAN 30

6010

Tenant 3

VM30 (0050.5698.2e4b)

VM40 (0050.5698.00e6)

VLAN 10

6020

Tenant 3

VM31 (0050.5698.4cad)

VM41 (0050.5698.7922)

VLAN 20

6030

Tenant 4

VM33 (0050.5698.4b2a)

VM43 (0050.5698.04f8)

VLAN 30

 

   Table 3: Service VFs and VMs Mac Address Table

 

Both Tenant 1 and 3 use the same VLANs 10 and 20 while Tenant 2 and 4 VLAN 30. Virtual Fabrics are used to isolate the four Tenant’s data plane traffic while preserving their original 802.1Q VLANs.

 

  • Tenant 1’s VLAN 10 and 20 are mapped to Virtual Fabric ID 5010 and 5020 respectively.
  • Tenant 3’s VLAN 10 and 20 are mapped to Virtual Fabric ID 6010 and 6020 respectively.
  • Tenant 2’s VLAN 30 is mapped to Virtual Fabric ID 5030
  • Tenant 4’s VLAN 30 is mapped to Virtual Fabric ID.

 

Port-profile Domains and Port-profiles Associated

As shown below, vDC1 port-profile domain for Tenant 1 and Tenant 2, and vDC2 port-profile domain for Tenant 3 and Tenant 4 limit a VM vMotion to the ESXi servers in the same domain.

 

PortProfileDomainsIsolateVMvMotion.jpg

   Port Profile Domains Isolate VM vMotion

 

Port-Profile Domain Configuration 

See “Port-Profile Domain Configuration” section in the Configuration, Diagnose and Troubleshooting etc.   

 

VM vMotion in the Virtual Fabrics

See “VM vMotion in the Virtula-Fabrics” section in the Configuration, Diagnose and Troubleshooting etc.   

 

Configuration and Troubleshooting

This section provides examples of configuring Virtual Fabrics and how to troubleshooting incorrect configurations.

 

Enabling the Virtual Fabric Feature

After the VCS Fabric is in Logical Chassis mode, log into the principle switch to enable the Virtual-Fabric.

 

===============

VCS-RB12#(config)vcs Virtual Fabric enable

===============

 

Verify the Virtual Fabric feature is enabled.

 

===============

RB12# show Virtual Fabric status

fabric is Virtual Fabric enabled

Rbridge-Id          Virtual Fabric status                  

============================================================

1                       enabled                                

2                       enabled                                

11                     enabled                                

12                     enabled                                

===============

 

Service VF Deployment Configuration

Based on the Service VF Mapping Table (Table 1), the following Service VFs are created:

 

===============

interface Vlan 5010

 spanning-tree shutdown

 

interface Vlan 5020

 spanning-tree shutdown

 

interface Vlan 5030

 spanning-tree shutdown

 

interface Vlan 6010

 spanning-tree shutdown

 

interface Vlan 6020

 spanning-tree shutdown

 

interface Vlan 6030

 spanning-tree shutdown

===============

 

Note that “interface Vlan 5010” is configured to define the Service VF 5010 in the same way traditional 802.1Q VLAN is created. NOS 4.1.0 release supports Virtual Fabric ID in the range 4096 - 8191.  

 

The tenants’ domain isolation is achieved by mapping the 802.1Q VLAN of each tenant to a different Service VF ID at the VDX switch’s edge port:

 

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 1/4/23

interface TenGigabitEthernet 1/4/23

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6010 ctag 10

 switchport trunk allowed vlan add 6020 ctag 20

 switchport trunk allowed vlan add 6030 ctag 30

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

 

!--- Ctag specifies incoming 802.1Q VLAN tag.

!--- Service VF 6010 is configured for Tenant 3 running 802.1Q VLAN 10. 

!--- Service VF 6020 is configured for Tenant 3 running 802.1Q VLAN 20.

!--- Service VF 6030 is configured for Tenant 4 running 802.1Q VLAN 30.

 

VCS10-RB2# show running-config interface TenGigabitEthernet 11/0/23

interface TenGigabitEthernet 11/0/23

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5010 ctag 10

 switchport trunk allowed vlan add 5020 ctag 20

 switchport trunk allowed vlan add 5030 ctag 30

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

 

!--- Service VF 5010 is configured for Tenant 1 running 802.1Q VLAN 10.

!--- Service VF 5020 is configured for Tenant 1 running 802.1Q VLAN 20.

!--- Service VF 5030 is configured for Tenant 2 running 802.1Q VLAN 30.

 

VCS10-RB2# show running-config interface Port-channel 2           

interface Port-channel 2

 vlag ignore-split

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6010 ctag 10

 switchport trunk allowed vlan add 6020 ctag 20

 switchport trunk allowed vlan add 6030 ctag 30

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

 

VCS10-RB2# show running-config interface Port-channel 1

interface Port-channel 1

 vlag ignore-split

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5010 ctag 10

 switchport trunk allowed vlan add 5020 ctag 20

 switchport trunk allowed vlan add 5030 ctag 30

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

The output of “show vlan” after Virtual Fabrics classification is configured shows the interface and 802.1.Q VLAN tags associated with the specific Virtual Fabric ID:

 

===============

VCS10-RB2# show vlan 5010

VLAN             Name             State           Ports                                    Classification               

(F)-FCoE                                                 (u)-Untagged, (t)-Tagged

(R)-RSPAN                                             (c)-Converged

(T)-TRANSPARENT 

==============================================================================

5010             VLAN5010       ACTIVE        Po 1(t)                                   ctag 10

                                                              Te 11/0/23(t)                           ctag 10

===============

 

The output below shows the mac-address-table on the VCS fabric after Service VFs are enabled to isolate the four Tenants’ data plane traffic:

 

===============

VCS10-RB2# show mac-address-table     

VlanId   Mac-address        Type         State           Ports

5010     0050.5698.0ae3    Dynamic   Active          Po 1

5010     0050.5698.26ab    Dynamic   Remote       Te 11/0/23

5020     0050.5698.643c    Dynamic   Remote       Te 11/0/23

5020     0050.5698.694f     Dynamic   Active          Po 1

5030     0050.5698.473c    Dynamic   Active          Po 1

5030     0050.5698.6d20    Dynamic   Remote       Te 11/0/23

6010     0050.5698.00e6    Dynamic   Remote       Te 1/4/23

6010     0050.5698.2e4b    Dynamic   Remote       Po 2

6020     0050.5698.4cad    Dynamic   Remote       Po 2

6020     0050.5698.7922    Dynamic   Remote       Te 1/4/23

6030     0050.5698.04f8    Dynamic   Remote        Te 1/4/23

6030     0050.5698.4b2a    Dynamic  Remote        Po 2

Total MAC addresses    :  12

===============

 

Service VFs’ Tenant Connectivity Extension beyond the VCS Fabric

Tenant applications processing is not necessarily bound to a single datacenter or a single VCS Fabric. Therefore, the ESXi servers the applications run on may exist in different VCS Fabrics within a same site or in geographically separated sites connected by L2 or L3 provider network infrastructure. To provide seamless communication for VM between these sites, the Service VF is extended from one VCS Fabric to another. The extension mechanism depends on how the VCS Fabric is connected to the underlying infrastructure. The following approaches are possible.

 

  • VCS connected by MPLS VPLS or QinQ network
  • VCS directly connected at L2
  • VCS connected by IP network

 

Note: NOS 4.1.0 release does not support any form of VCS extension.

 

The following example shows the Service VF 5010 and 6010 domains for Tenant 1 and Tenant 3 are extended using MPLS VPLS from the VCS 10 fabric in Datacenter 1 to the VCS 20 fabric in Datacenter 2. Service VFs 5010 and 6010 terminate at the VCS Fabric Edge Port and the TRILL header is removed so frames retain the original 802.1Q VLAN as the exit the Edge Port. Therefore, both Tenant 1 and Tenant 3 can be extended from one VCS Fabric to another using different VPLS ports and instances as shown below.

 

ServiceVFTenantConnectivityExtensionBeyondVCSFabric.jpg 

   Service VF Tenant Connectivity Extension Beyond VCS Fabric

 

The following shows the Service VF configuration for Tenant 1 occupying 802.1Q VLAN 10 in Datacenter 1 and 2: 

 

  • Configuration for TengigabitEthernet 11/0/23 that is connected to ESXi1 in Datacenter 1:

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 11/0/23

interface TenGigabitEthernet 11/0/23

  switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5010 ctag 10

spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TengigabitEthernet 1/1/11 that is connected to a MLX in Datacenter 1:

===============

VCS10-RB2# show running-config interface TengigabitEthernet 1/1/11

interface TengigabitEthernet 1/1/11

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5010 ctag 10

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TengigabitEthernet 11/0/23 that is connected to ESXi3 in Datacenter 2:

===============

VCS20-RB20# show running-config interface TenGigabitEthernet 11/0/23

interface TenGigabitEthernet 11/0/23

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5010 ctag 10

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TenGigabitEthernet 3/1/11 that is connected to a MLX in Datacenter 2:

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 3/1/11

interface TenGigabitEthernet 3/1/11

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5010 ctag 10

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

The following shows the Service VF configuration for Tenant 3 occupying 802.1Q VLAN 10 at datacenter 1 and 2: 

 

  • Configuration for Port-channel 2 that is connected to ESXi1 in Datacenter 1:

===============

VCS10-RB2# show running-config interface Port-channel 2

interface Port-channel 2

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6010 ctag 10

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TengigabitEthernet 2/2/31 that is connected to a MLX in Datacenter 1:

===============

VCS10-RB2# show running-config interface TengigabitEthernet 2/2/31

interface TengigabitEthernet 2/2/31

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6010 ctag 10

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for Port-channel 2 that is connected to ESXi4 in Datacenter 2:

===============

VCS20-RB20# show running-config interface Port-channel 2

interface Port-channel 2

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6010 ctag 10

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TenGigabitEthernet 4/2/31 that is connected to a MLX in Datacenter 2:

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 4/2/31

interface TenGigabitEthernet 4/2/31

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6010 ctag 10

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

Layer 3 over Service VF

The Service VF supports Layer 3 functions except PIM-SM just like a conventional 802.1Q VLAN. The “interface ve” command can be used for a Virtual Fabric to create a Switched Virtual Interface (SVI) called a “ve”, or virtual ethernet interface. All commands under the “ve” sub-mode are supported.  A “ve” interface can be assigned to a VRF. Layer 3 protocols including OSPF can be enabled and mapped to the “ve” interface to exchange routes between RBridges in that VRF instance.

 

VRRP/E, OSPF, VRF and BGP features are supported on a Virtual Fabric “ve” interface. PIM-SM is not supported on a Service VF. The typical deployment model for Layer 3 over the Virtual Fabric is creating multiple “ve” interfaces corresponding to Virtual Fabric, mapping to them a VRF as shown below.

 

===============

!Create a Virtual Fabric 5000 that requires L3 enabled:

sw0(config)#Interface vlan 5000

sw0(config)#interface te 3/1/1

sw0(config-if-te 3/1/1)#switchport

sw0(config-if-te-3/1/1)#switchport mode trunk

sw0(config-if-te-3/1/1)#switchport trunk allowed vlan add 5000 ctag 50

 

!Enable VRRP on the rbridge:

sw0(config)#rbridge-id 3

sw0(config-rbridge-id-3)#protocol vrrp

 

!Create a VRF on the rbridge:

Sw0(config-rbridge-id-3)#vrf CUST1

Sw0(config-vrf-CUST1)#rd 100.1.1.1:1

Sw0(config-vrf-CUST1)#address-family ipv4

Sw0(config-vrf-CUST1)#exit

 

!Create VE 5000 interface for the Virtual Fabric 5000, and configure VRRP and VRF on the VE interface:

Sw0(config-rbridge-id-3)#interface ve 5000

sw0(config-ve-5000)#ip address 10.1.1.1/24

sw0(config-ve-5000)#vrf forwarding CUST1

sw0(config-ve-5000)#vrrp-group 22

sw0(config-vrrp-group-22)# virtual-ip 10.1.1.1

===============

 

Service VF’s VLAN Translation

The Service VF provides VLAN translation capability allowing the original ingress 802.1Q VLAN ID to be mapped to a different egress 802.1Q VLAN ID as shown below.

 

ServiceVFVLANTranslation.jpg

   Service VF VLAN Translation 

 

For example, 802.1Q frames with VLAN IDs of 10, 20, and 30 at the ingress trunk port are mapped to Virtual Fabric IDs 6010, 6020 and 6030 forwarding domains. On the egress trunk port where the same Virtual Fabric classification exists, the 802.1Q VLAN IDs are translated to 802.1Q VLAN IDs of 40, 50 and 60 as shown below

 

===============

!Service VFs are created:

interface Vlan 6010

 spanning-tree shutdown

 

interface Vlan 6020

 spanning-tree shutdown

 

interface Vlan 6030

 spanning-tree shutdown

 

!Ingress trunk switchport configuration:

VCS10-RB2# show running-config interface TenGigabitEthernet 1/4/23

interface TenGigabitEthernet 1/4/23

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6010 ctag 10

 switchport trunk allowed vlan add 6020 ctag 20

 switchport trunk allowed vlan add 6030 ctag 30

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

 

!Egress trunk switchport configuration:

VCS10-RB2# show running-config interface Port-channel 2           

interface Port-channel 2

 vlag ignore-split

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6010 ctag 40

 switchport trunk allowed vlan add 6020 ctag 50

 switchport trunk allowed vlan add 6030 ctag 60

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

Service VF’s Coexistence with Conventional 802.1Q VLAN 

The Service Virtual Fabric classifications can coexist with conventional 802.1Q VLAN tagging as shown below:

 

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 11/0/23

interface TenGigabitEthernet 11/0/23

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 100-400

 switchport trunk allowed vlan add 5010 ctag 10

 switchport trunk allowed vlan add 5020 ctag 20

 switchport trunk allowed vlan add 5030 ctag 30

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

Transport VF Configuration

Based on the Transport VF Mapping Table (Table 2), the following two Transport VFs are created as shown:

 

===============

VCS10-RB2# show running-config interface Vlan 5050

interface Vlan 5050

 transport-service 1

 

!--- “transport-service <id>“ command associates a Virtual Fabric to a Transport VF.  So, Transport VF 5050 is associated to transport-service 1. NOS 4.1.0 release support transport-service id range 1-1000. 

 

 spanning-tree shutdown

 

VCS10-RB2# show running-config interface Vlan 6050

interface Vlan 6050

 transport-service 2

 spanning-tree shutdown

 

!--- Transport VF 6050 is associated to transport-service 2.

===============

 

Tenant 5 and Tenant 6 domain isolation is achieved by mapping at the VDX switch interface to two different Transport VFs. Below is the configuration for Tenant 5 VLAN domains of 50-59: 

 

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 1/4/23

interface TenGigabitEthernet 1/4/23

 fabric isl enable

 fabric trunk enable

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5050 ctag 50-59

 

!--- Transport VF 5050 is configured on the trunk edge port by classifying 802.1Q VLANs of 50 – 59.

 

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

 

VCS10-RB2# show running-config interface TenGigabitEthernet 11/0/23

interface TenGigabitEthernet 11/0/23

 fabric isl enable

 fabric trunk enable

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5050 ctag 50-59

 

!--- Transport VF 5050 is configured on the trunk edge port by classifying 802.1Q VLANs of 50 – 59.

 

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

Below is the configuration for Tenant 6 VLAN domains of 50-59: 

 

===============

VCS10-RB2# show running-config interface Port-channel 1           

interface Port-channel 1

 vlag ignore-split

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6050 ctag 50-59

 

!--- Transport VF 6050 is configured on the trunk edge port by classifying 802.1Q VLANs of 50 – 59.

 

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

 

VCS10-RB2# show running-config interface Port-channel 2

interface Port-channel

 vlag ignore-split

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6050 ctag 50-59

 

!--- Transport VF 6050 is configured on the trunk edge port by classifying 802.1Q VLANs of 50 – 59.

 

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

Below is the output of the mac-address-table on the VCS fabric after Transport VFs are enabled to isolate the two Tenants’ data plane traffic:

 

===============

VCS10-RB2# show mac-address-table vlan 5050

VlanId   Mac-address       Type     State        Ports

5050     0050.5698.0a36    Dynamic  Remote       Te 11/0/23

5050     0050.5698.0e89    Dynamic  Remote       Te 11/0/23

5050     0050.5698.5786    Dynamic  Remote       Te 1/4/23

5050     0050.5698.5e6f    Dynamic  Remote       Te 11/0/23

5050     0050.5698.6347    Dynamic  Remote       Te 1/4/23

5050     0050.5698.69b9    Dynamic  Remote       Te 1/4/23

5050     0050.5698.708e    Dynamic  Remote       Te 11/0/23

5050     0050.5698.7b5f    Dynamic  Remote       Te 1/4/23

Total MAC addresses    :  8

 

VCS10-RB2# show mac-address-table vlan 6050

VlanId   Mac-address       Type     State        Ports

6050     0050.5698.2fe5    Dynamic  Active       Po 1

6050     0050.5698.32db    Dynamic  Active       Po 1

6050     0050.5698.3df5    Dynamic  Active       Po 1

6050     0050.5698.4cfe    Dynamic  Remote       Po 2

6050     0050.5698.4faa    Dynamic  Remote       Po 2

6050     0050.5698.5ac5    Dynamic  Remote       Po 2

6050     0050.5698.6ab7    Dynamic  Remote       Po 2

6050     0050.5698.7607    Dynamic  Active       Po 1

Total MAC addresses    :  8

===============

Transport VF’s VLAN Translation

Transport VF does not support VLAN translation. In the Transport VF, the ingress 802.1Q VLAN tag is always preserved regardless of the Transport VF configuration on the egress trunk port.

 

Transport VF’s Coexistence with conventional 802.1Q VLANs 

Similar to the Virtual Fabric classifications, Transport VF classifications can coexist with conventional 802.1Q VLAN tagging and they can coexist with the Service VF classifications as well:

 

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 11/0/23

interface TenGigabitEthernet 11/0/23

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5050 ctag 50-59

 switchport trunk allowed vlan add 100-400

 switchport trunk allowed vlan add 5010 ctag 10

 switchport trunk allowed vlan add 5020 ctag 20

 switchport trunk allowed vlan add 5030 ctag 30

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

Transport VFs’ Tenant Connectivity Extension beyond the VCS Fabric

Tenant leased servers are not necessarily located in a single datacenter or a single VCS Fabric. They may be in different VCS Fabrics at a site or in geographically separated sites. The Transport VF can between VCS Fabrics in a datacenter or between datacenters using VPLS. 

 

Note: In NOS 4.1.0, Transport VFs extension that has overlapping 802.1Q VLANs from one VCS fabric to another using VPLS cannot be configured on the same port since extension port cannot support QinQ encapsulation. 

 

The following shows two Transport VFs, 5050 and 6050, for Tenant 5 and 6 each having VLAN ranges 50-54. MPLS VPLS are used between VCS Fabric 10 in Datacenter 1 and VCS Fabric 20 in Datacenter 2. The Transport VFs 5050 and 6050 terminate at an Edge Port of the VCS Fabric and the TRILL header is removed and the frame forwarded with the original VLAN header. Therefore, Tenant 5 and 6 traffic can extend between VCS Fabric via a separate VPLS port and instance as shown below.

 

ServiceVFTenantConnectivityExtensionBeyondVCSFabric.jpg

   Transport VF Tenant Connectivity Extension Beyond VCS Fabric

 

Below is the Transport VFs configuration for Tenant 5 VLANs 50-53 at Datacenter 1 and 2:

 

  • Configuration for TengigabitEthernet 11/0/23 that is connected to ESXi1 in Datacenter 1:

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 11/0/23

interface TenGigabitEthernet 11/0/23

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5050 ctag 50-53

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TengigabitEthernet 1/1/11 that is connected to a MLX in Datacenter 1:

===============

VCS10-RB2# show running-config interface TengigabitEthernet 1/1/11

interface TengigabitEthernet 1/1/11

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5050 ctag 50-53

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TengigabitEthernet 11/0/23 that is connected to ESXi3 in Datacenter 2:

===============

VCS20-RB20# show running-config interface TenGigabitEthernet 11/0/23

interface TenGigabitEthernet 11/0/23

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5050 ctag 50-53

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TenGigabitEthernet 3/1/11 that is connected to a MLX in Datacenter 2:

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 3/1/11

interface TenGigabitEthernet 3/1/11

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 5050 ctag 50-53

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

Below is the Transport VF configuration for Tenant 6 VLANs 50-53 in datacenter 1 and 2:

 

  • Configuration for Port-channel 2 that is connected to ESXi1 in Datacenter 1:

===============

VCS10-RB2# show running-config interface Port-channel 2

interface Port-channel 2

 fabric isl enable

 fabric trunk enable

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6050 ctag 50-53

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TengigabitEthernet 2/2/31 that is connected to a MLX in Datacenter 1:

===============

VCS10-RB2# show running-config interface TengigabitEthernet 2/2/31

interface TengigabitEthernet 2/2/31

 fabric isl enable

 fabric trunk enable

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6050 ctag 50-53

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

 

  • Configuration for Port-channel 2 that is connected to ESXi4 in Datacenter 2:

===============

VCS20-RB20# show running-config interface Port-channel 2

interface Port-channel 2

 fabric isl enable

 fabric trunk enable

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6050 ctag 50-53

 switchport trunk tag native-vlan”

 spanning-tree shutdown

 no shutdown

===============

 

  • Configuration for TenGigabitEthernet 4/2/31 that is connected to a MLX in Datacenter 2:

===============

VCS10-RB2# show running-config interface TenGigabitEthernet 4/2/31

interface TenGigabitEthernet 4/2/31

 fabric isl enable

 fabric trunk enable

 switchport

 switchport mode trunk

 switchport trunk allowed vlan add 6050 ctag 50-53

 switchport trunk tag native-vlan

 spanning-tree shutdown

 no shutdown

===============

 

Port-Profile Domain Configuration 

Based on the Service VFs and VM Mac Address Table (Table 3), a port-profile with Virtual Fabric classification is created for each tenant. The “auto_VC212_datacenter-2_vMotion192” is a vCenter managed auto-profile for vMotion network:

 

===============

port-profile Tenant1_PP

 vlan-profile

  switchport

  switchport mode trunk

  switchport trunk allowed vlan add 5010 ctag 10

  switchport trunk allowed vlan add 5020 ctag 20

 

!--- Tenant1_PP is the port-profile for Tenant1 VMs. vCenter managed auto-profile does not support Virtual Fabric classification and therefore, a network administrator must explicitly configure port-profile for Virtual Fabric.

 

port-profile Tenant2_PP

 vlan-profile

  switchport

  switchport mode trunk

switchport trunk allowed vlan add 5030 ctag 30

 

port-profile Tenant3_PP

 vlan-profile

  switchport

  switchport mode trunk

  switchport trunk allowed vlan add 6010 ctag 10

  switchport trunk allowed vlan add 6020 ctag 20

 

port-profile Tenant4_PP

 vlan-profile

  switchport

  switchport mode trunk

  switchport trunk allowed vlan add 6030 ctag 30

 

port-profile auto_VC212_datacenter-2_vMotion192

 vlan-profile

  switchport

  switchport mode trunk

switchport trunk allowed vlan add 192

 

!--- “auto_VC212_datacenter-2_vMotion192” is vCenter managed auto-profile for vMotion network.

 

port-profile Tenant1_PP activate

port-profile Tenant1_PP static 0050.5698.0ae3

port-profile Tenant1_PP static 0050.5698.26ab

port-profile Tenant1_PP static 0050.5698.643c

port-profile Tenant1_PP static 0050.5698.694f

 

!--- The port-profile of Tenant1_PP is activated, and its VMs mac addresses are configured. vCenter managed auto-profile does not support Virtual Fabric classification and therefore, a network administrator must explicitly configure VMs mac addresses for the  port-profile.

 

port-profile Tenant2_PP activate

port-profile Tenant2_PP static 0050.5698.473c

port-profile Tenant2_PP static 0050.5698.6d20

 

port-profile Tenant3_PP activate

port-profile Tenant3_PP static 0050.5698.00e6

port-profile Tenant3_PP static 0050.5698.2e4b

port-profile Tenant3_PP static 0050.5698.4cad

port-profile Tenant3_PP static 0050.5698.7922

 

port-profile Tenant4_PP activate

port-profile Tenant4_PP static 0050.5698.04f8

port-profile Tenant4_PP static 0050.5698.4b2a

 

port-profile auto_VC212_datacenter-2_vMotion192 activate

port-profile auto_VC212_datacenter-2_vMotion192 static 0050.5662.199b

port-profile auto_VC212_datacenter-2_vMotion192 static 0050.5663.bc2e

port-profile auto_VC212_datacenter-2_vMotion192 static 0050.5665.7a82

port-profile auto_VC212_datacenter-2_vMotion192 static 0050.5665.83c2

 

!--- “auto_VC212_datacenter-2_vMotion192” is vCenter managed auto-profile for vMotion network, and therefore, it is automatically created.

===============

 

vDC1 port-profile domain for Tenant 1 and 2, and vDC2 port-profile domain for Tenant 3 and 4 are created so a VM vMotion is only allowed between the ESXi servers in the same domain.  After the two domains are created, a network administrator must add “auto_VC212_datacenter-2_vMotion192” profile for vMotion network to vDC1 and vDC2 domain respectively as shown below. 

 

===============

port-profile-domain vDC1

 port-profile Tenant1_PP

 port-profile Tenant2_PP

 port-profile auto_VC212_datacenter-2_vMotion192

 

!--- vDC1 domain is for Tenant 1 and 2 for the scope of VM motion so that VM vMotion can be attempted between the ESXi servers in the same domain. “auto_VC212_datacenter-2_vMotion192” profile for vMotion network is added to vDC1 domain.

 

port-profile-domain vDC2

 port-profile Tenant3_PP

 port-profile Tenant4_PP

 port-profile auto_VC212_datacenter-2_vMotion192

 

!--- vDC2 domain is for Tenant 3 and 4 for the scope of VM motion so that VM vMotion can be attempted between the ESXi servers in the same domain. “auto_VC212_datacenter-2_vMotion192” profile for vMotion network is added to vDC1 domain.

===============

 

Port-profile domains vDC1 and vDC2 are applied to the interfaces in the VCS Fabric so that the VCS Fabric is segmented into two domains to define the scope of VM vMotion:

 

===============

interface TenGigabitEthernet 11/0/23

 port-profile-port domain vDC1

 fabric isl enable

 fabric trunk enable

 no shutdown

 

!--- Port-profile domain vDC1 is applied to the interface TenGigabitEthernet 11/0/23.

 

interface Port-channel 1

 vlag ignore-split

 port-profile-port domain vDC1

 no shutdown

 

!--- Port-profile domain vDC1 is applied to the interface Port-channel 1.

 

interface TenGigabitEthernet 1/4/23

 port-profile-port domain vDC2

 fabric isl enable

 fabric trunk enable

 no shutdown

 

!--- Port-profile domain vDC2 is applied to the interface TenGigabitEthernet 1/4/23.

 

interface Port-channel 2

 vlag ignore-split

 port-profile-port domain vDC2

 no shutdown

 

!--- Port-profile domain vDC2 is applied to the interface Port-channel 2.

===============

 

Shown below is the port profile status for vDC1 and vDC2 domains showing they are activated:

 

===============

VCS-RB12# show port-profile domain vDC1 status

Port-Profile                                                   PPID     Activated         Associated MAC   Interface       

Tenant1_PP                                                  11          Yes               0050.5698.0ae3    Po 1            

                                                                                                      0050.5698.26ab    Po 1            

                                                                                                      0050.5698.643c    Te 11/0/23

                                                                                                      0050.5698.694f     Po 1            

 

Tenant2_PP                                                  12         Yes                0050.5698.473c    Po 1            

                                                                                                      0050.5698.6d20    Te 11/0/23      

 

auto_VC212_datacenter-2_vMotion192            15            Yes             0050.5662.199b    None            

                                                                                                      0050.5663.bc2e    None            

                                                                                                      0050.5665.7a82    None      

                                                                                                      0050.5665.83c2    None      

 

 

VCS-RB12# show port-profile domain vDC2 status

Port-Profile                                                 PPID     Activated           Associated MAC  Interface       

Tenant3_PP                                                13          Yes                0050.5698.00e6    Te 1/4/23       

                                                                                                     0050.5698.2e4b    Po 2            

                                                                                                     0050.5698.4cad    Po 2            

                                                                                                     0050.5698.7922    Te 1/4/23       

 

Tenant4_PP                                                14          Yes                0050.5698.04f8     Te 1/4/23       

                                                                                                     0050.5698.4b2a     Po 2            

 

auto_VC212_datacenter-2_vMotion192          15          Yes                0050.5662.199b     None            

                                                                                                     0050.5663.bc2e     None            

                                                                                                     0050.5665.7a82     None            

                                                                                                     0050.5665.83c2     None   

===============

 

VM vMotion in a Virtual Fabric

When a server administrator migrates VM10 from ESXi 1 (10.17.87.210) to ESXi 2 ESXi  (10.17.83.10) using vMotion, MAC addresses for the vMotion network are automatically created in the VCS Fabric with the port profile name "auto_VC212_datacenter-2_vMotion192” as shown below:

 

===============

VCS-RB12# show mac-address-table port-profile    

Legend: Untagged(U), Tagged (T), Not Forwardable(NF) and Conflict(C)

VlanId   Mac-address      Type         State     Port-Profile   Ports    

6010     0050.5698.00e6   Dynamic  Active    Profiled(T)    Te 1/4/23

6020     0050.5698.7922   Dynamic  Active    Profiled(T)    Te 1/4/23

6030     0050.5698.04f8    Dynamic  Active    Profiled(T)    Te 1/4/23

192       0050.5665.83c2   Dynamic Active     Profiled(T)    Po 1

 

!--- 0050.5665.83c2 is the ESXi 2’s mac address for vMotion network auto-created by port-profile “auto_VC212_datacenter-2_vMotion192”.

 

5010     0050.5698.0ae3   Dynamic  Active    Profiled(T)    Po 1     

5010     0050.5698.26ab   Dynamic  Active    Profiled(T)    Po 1     

5020     0050.5698.694f    Dynamic  Active    Profiled(T)    Po 1     

5030     0050.5698.473c   Dynamic  Active    Profiled(T)    Po 1     

192       0050.5665.7a82   Dynamic  Active    Profiled(T)    Te 11/0/23

 

!--- 0050.5665.7a82 is the ESXi 1’s mac address for vMotion network auto-created by port-profile “auto_VC212_datacenter-2_vMotion192”.

 

 

5020     0050.5698.643c   Dynamic  Active    Profiled(T)    Te 11/0/23

5030     0050.5698.6d20   Dynamic  Active    Profiled(T)    Te 11/0/23

6010     0050.5698.2e4b   Dynamic  Active    Profiled(T)    Po 2      

6020     0050.5698.4cad   Dynamic  Active    Profiled(T)    Po 2     

6030     0050.5698.4b2a   Dynamic  Active    Profiled(T)    Po 2     

Total MAC addresses    :  14

 

VCS-RB12# show port-profile domain vDC1 status

Port-Profile                                                   PPID     Activated         Associated MAC        Interface       

Tenant1_PP                                                  11          Yes                 0050.5698.0ae3        Po 1            

                                                                                                        0050.5698.26ab        Po 1            

                                                                                                        0050.5698.643c        Te 11/0/23      

                                                                                                        0050.5698.694f         Po 1            

 

Tenant2_PP                                                  12           Yes                0050.5698.473c        Po 1            

                                                                                                        0050.5698.6d20        Te 11/0/23      

 

auto_VC212_datacenter-2_vMotion192            15          Yes                 0050.5662.199b        None            

                                                                                                        0050.5663.bc2e        None            

                                                                                                        0050.5665.7a82        Te 11/0/23   

!--- 0050.5665.7a82 is the ESXi 1’s mac address for vMotion network auto-created by port-profile “auto_VC212_datacenter-2_vMotion192”.

                                                                                                        0050.5665.83c2         Po 1      

 

!--- 0050.5665.83c2 is the ESXi 2’s mac address for vMotion network auto-created by port-profile “auto_VC212_datacenter-2_vMotion192”.

===============

 

Virtual Fabric Configuration Examples

The following are configuration examples for Virtual Fabric use cases.

 

1. Virtual Fabric switchport mode access for source MAC/MAC group classification:

===============

(config)#mac-group 1

(config-mac-group 1)# mac 0005.0005.0005

(config-mac-group 1)# mac 0002.0002.0002

(config-mac-group 1)# mac 0008.0008.0008

 

(config)#int te 2/0/1

 

#Default access vlan is 1

(config-if te 2/0/1)# switchport mode access

 

#Set default access vlan to Virtual Fabric 5000

(config-if te 2/0/1)# switchport access vlan 5000

 

#Classify access vlan 200 by MAC address

(config-if te 2/0/1)# switchport access vlan 200 mac 0002.0002.0002

(config-if te 2/0/1)# switchport access vlan 5000 mac 0004.0004.0004

 

#Mac address can only classified to one Virtual Fabric on the

#same interface

(config-if te 2/0/1)# switchport access vlan 6000 mac-group 1

Error: mac address is already used in another gvlan classification

(config-if-te 2/0/1)# interface te 3/0/1

(config-if te 3/0/1)# switchport mode access

(config-if te 3/0/1)# switchport access vlan 7000 mac-group 1

(config-if te 3/0/1)# switchport access vlan 8000 0008.0008.0008

Error: mac address is already used in another gvlan classification

===============

 

2. Virtual Fabric default-vlan command

This command allows the user to configure untagged or tagged data traffic not matching any classification rule on a trunk port:

===============

(config)#interface vlan 6000

(config-Vlan-6000)# transport-service 60

 

#Classify all traffic not matching any of the trunk switchport’s

#classification rule to this Transport #Virtual Fabric default-vlan

(config-if te 2/0/1)# switchport trunk default-vlan 6000

 

#Classify default native vlan 1 (tagged and untagged) into

#Transport VF default vlan

(config-if te 2/0/1)#sw trunk default-vlan 6000 allow-native

===============

 

3. Virtual Fabric native-vlan

This command allows the user to configure native VLAN as a Virtual Fabric or Transport VF on a trunk port. For Virtual Fabric native-vlan, the CTAG (that is, incoming 802.1Q VLAN tag) is optional depending on the “switchport trunk tag native-vlan” configuration:

===============

(config)#interface te 2/0/1

(config-if te 2/0/1)# switchport mode trunk

(config-if te 2/0/1)# switchport trunk tag native-vlan

 

#Change default native-vlan from 1 to 5000

(config-if te 2/0/1)# switchport trunk native-vlan 5000 ctag 50

 

#Change default native vlan from 5000 to 200

(config-if te 2/0/1)# switchport trunk native-vlan 200

 

#Interface must allow untagged packet for classified for Virtual

#Fabric native-vlan without ctag

(config-if te 2/0/1)# sw trunk native-vlan 5000

ERROR: interface is not configured to accept untagged packet

(config-if te 2/0/1)# no switchport trunk tag native-vlan

(config-if te 2/0/1)# switchport trunk native-vlan 5000

===============

 

4. Virtual Fabric “trunk-no-default-native” mode

This new trunk mode does not automatically configure VLAN 1 as the default native-vlan.  In this new trunk mode, VLAN 1 frames will be dropped unless the user explicitly configures a native-vlan. Additionally, the user is also given the flexibility to control the ingress/egress tagging capability of the native-vlans:

===============

#In the new mode, default behavior is to drop all packets

(config)#int te 1/0/1

(config-if te 1/0/1)# switchport mode trunk-no-default-native

 

#VLAN configuration similar to that of regular trunk mode can be achieved after explicitly #configuring VLAN 1 as native vlan.

(config-if te 1/0/1)# switchport trunk native-vlan-tagged 1 egress tagged

 

#Re-Classify native vlan to vlan 10

#All Service and Transport VF can continue to coexist on the same port.

(config-if te 1/0/1)# switchport trunk native-vlan-untagged 10

(config-if te 1/0/1)# switchport trunk allow vlan 5000 ctag 1

(config-if te 1/0/1)# switchport trunk allow vlan 6000 ctag 100-200

(config-if te 1/0/1)# switchport trunk default-vlan 7000

 

#Accept ingress tagged or untagged, but egress tagged only. Not allowed in default-vlan trunk #mode.

(config-if te 1/0/1)# switchport trunk native-vlan-tagged 10 egress tagged

 

#Classify tagged native vlan to Virtual Fabric 5000.

(config-if te 1/0/1)# switchport trunk native-vlan-tagged 5000 ctag 10 egress tagged

 

#Classify vlan 10 to a Transport VF 6000.Since this native vlan is a Transport Virtual-#Fabric, egress option is any. Native vlan and other ctag classifications could coexist in the same #Transport VF domain. (i.e., 6000)

 

(config-if te 1/0/1)# switchport trunk native-vlan-tagged 6000 ctag 10 egress any

(config-if te 1/0/1)# switchport trunk allow vlan 6000 ctag 100-200   

 

 

#Invalid configurations under new mode

(config)#int te 5/0/1

(config-if te 5/0/1)# switchport mode trunk-no-default-native

(config-it te 5/0/1)# switchport trunk tag-native

ERROR: invalid command

(config-it te 5/0/1)# switchport trunk native vlan 2

ERROR: invalid command

 

#C-tag classification to Service and Transport VF mapping is still

#1-to-1. Reject as #duplicate classification even when same ctag to

#VF mapping is given.

(config-if te 5/0/1)# switchport trunk native-vlan-tagged 6000 ctag 10 egress any

(config-if te 5/0/1)# switchport trunk allow vlan add 6000 ctag 10-20

ERROR: ctag already used in other classification

(config-if te 5/0/1)# switchport trunk allow vlan 7000 ctag 10

ERROR:  ctag already used in other classifications

===============

 

5. Service VFs configuration in trunk mode:

===============

(config)#int te 1/0/1

(config-if te 1/0/1)#sw mode trunk

 

# VF > 4k needs c-tag

(config-if te 1/0/1)# sw trunk allowed vlan add 7000

(config-if-te 1/0/1)#Error: c-tag required for GVLAN id > 4K

 

# Configure dot1q vlan with c-tag classification is not allowed

# This has a vlan translation semantics.

(config-if te 1/0/1)# sw trunk allowed vlan add 100 ctag 200

(config-if-te 1/0/1)#Error: 802.1q vlan cannot be configured by c-tag classification

 

# Configure VF with c-tag classification

(config-if te 1/0/1)#sw trunk allowed vlan add 5000 ctag100

(config-if te 1/0/1)# sw trunk allowed vlan add 6000 ctag 200

 

# The 802.1q vlan specified as a user vlan vs. as a ctag in Virtual

# Fabric classification must be exclusive. The following show

# conflict usage.

 

# Edge tag 100 already assigned to VF 5000 at the same port

(config-if-te 1/0/1)#switchport trunk allow vlan add 8000 ctag 100

(config-if-te 1/0/1)#Error: c-tag was already used in another GVLAN configuration

 

# Edge vlan 100 was already used in Virtual Fabric

(config-if-te 1/0/1)#switchport trunk allow vlan add 100

(config-if-te 1/0/1)#Error: vlan id was already used as tag in a GVLAN configuration

(config-if-te 1/0/1)#switchport trunk allow vlan add all

(config-if-te 1/0/1)#Error: GVLAN configurations already exists

(config-if-te 1/0/1)#switchport trunk allow vlan add 888

 

# Edge vlan 888 was already used in 802.1Q configuration.

(config-if-te 1/0/1)#switchport trunk allow vlan add 8000 ctag 888

(config-if-te 1/0/1)#Error: c-tag was already used in a GVLAN configuration

===============

 

Show Commands for Troubleshooting

 

Show Virtual Fabric status

The user can verify if Virtual Fabric is enabled or disabled.

 

===============

swo# show Virtual Fabric status

fabric is Virtual Fabric enabled

Rbridge-Id          Virtual Fabric status

============================================================

79                  enabled

211                 enabled

212                 enabled

233                 enabled

===============

 

Show overlapping-vlan-resource usage 

There is a limitation on the number of configurable Virtual Fabrics on a Virtual Fabric supported switch.  Once the Virtual Fabric resource usage is reached, further attempts to configure additional Virtual Fabric classifications will be rejected by the CLI.  The following command below can be used to verify the current Virtual Fabric resource usage and to plan for future Virtual Fabric assignments.

 

1. Show output on VDX6740/6470-T

===============

sw0# show overlapping-vlan-resource usage

 Number of table entries used:57.27%(max 4028, used 2307)

===============

 

2. Show output on VDX8770

===============

sw0# show overlapping-vlan-resource usage linecard 2

 Number of table entries used:43.15%(max 4028, used 1738)

===============

 

Show vlan brief 

The show vlan brief command can be used to display the number of total 802.1Q, Virtual Fabric, and Transport VFs configured in the logical-chassis fabric.  The command will also show the interfaces/ports that the VLANs are associated with.

 

===============

sw0# show vlan brief

Total Number of VLANs configured    : 8087

Total Number of VLANs provisioned   : 678

Total Number of VLANs unprovisioned : 7409

VLAN             Name            State                      Ports                         Classification

(F)-FCoE                                                    (u)-Untagged, (t)-Tagged

(R)-RSPAN                                                   (c)-Converged

(T)-TRANSPARENT

================ =============== ==========================

1                default              INACTIVE(no member port)

2                VLAN0002        ACTIVE                     Po 2(t)

                                                                          Po 3(t)

 

3                VLAN0003        ACTIVE                     Po 2(t)

                                                                          Po 3(t)

 

4                VLAN0004        ACTIVE                     Po 2(t)

                                                                          Po 3(t)

 

5                VLAN0005        ACTIVE                     Po 2(t)

                                                                          Po 3(t)

===============

 

Comments
by paudurie
on ‎12-10-2015 12:21 AM

Thanks a lot for this demo !!

Contributors