Using a Single Interface for L2 Switching and a Dedicated Management VLAN: A Use Case

Updated

Introduction

A Virtual Local Area Network (VLAN) enables the segmentation of a physical network into multiple logical networks, allowing for better traffic control, security, and resource optimization. This use case demonstrates how to configure a Switch Network Instance with access VLANs and EVE-OS management VLAN sub-interfaces on a single interface. 

You might configure this when you need to do all of the following simultaneously on an edge node that has only a single physical interface:

  • IP Address Management (IPAM) external
  • Provide L2 switching for multiple applications inside the edge node, using a Switch Network Instance with access and trunk ports.
  • Isolate management traffic onto its own dedicated VLAN sub-interface.

For further information about network instances in general, see Network Instance Overview.

Prerequisites

  • You have the SysManager or SysAdmin role role in your ZEDEDA Cloud enterprise.
  • You have onboarded an edge node with at least one physical port.
  • Your edge node is running EVE-OS version 14.5.2-LTS or greater.
  • You have configured one switch network instance
  • You have two applications. 
  • You have a switch configured with one trunk port to carry traffic for multiple VLANs. 

Example Scenario

Prior to EVE-OS version 14.5.2-LTS, you could only use VLAN sub-interfaces with Local Network Instances or access VLANs with Switch Network Instances on separate physical ports. 

Scenario 1: VLAN sub-interface with Local Network Instances

Scenario 2: Access VLAN with Switch Network Instance 

  • IPAM external
  • Separates app traffic 
  • Applies to Switch NI
  • BUM traffic flooded for trunk ports (ports without access-vlan configured)
  • EVE-OS no min version 
  • Existing functionality: EVE-OS VLAN Switch Network Instance Use Case

Since the release of EVE-OS version 14.5.2-LTS, you can now combine Switch Network Instance access VLANs and VLAN sub-interfaces on the same physical port, using a trunk port to pass all the management traffic, tagged application traffic, and untagged traffic.

Scenario 3: Combo of Scenario 1 and Scenario 2 - IPAM external plus EVE-OS management

  • App 4 (in the following diagram) w/ tagged traffic (trunk -- VLANs transported to app instance)
  • Applies to Switch NI
  • Broadcast, Unknown Unicast, and Multicast traffic flooded for trunk ports
  • EVE-OS 14.5.2 
  • New functionality is Switch NI with access/trunk ports plus VLAN sub-interfaces for management on the same physical port.

This traffic segmentation scenario includes the following: 

  • Edge node with one physical ethernet port: eth0
  • One Switch access VLAN: VLAN 100
  • One VLAN sub-interface for management: VLAN 10
  • Switch configured with one trunk port to carry traffic for multiple VLANs of all management, application, and untagged traffic: p0
  • One Network Instance: NI3 Switch
  • Two Applications: Application 3, Application 4

Configure the Edge Node VLANs

  1. You have already onboarded an edge node in the prerequisites. 
  2. Click Edge Nodes in the left panel. 
  3. Click the Name of your edge node.
  4. From the Adapters tab, click the pencil icon.
  5. For each of the Network Adapters, revise the following items:
    (Note that Logical labels should not contain whitespace characters.)

Eth0

Configure eth0. This interface is App Shared because it’s being used for both VLAN and untagged traffic. 

  1. For Interface Usage select App Shared
  2. Click the Expand icon
  3. Click VLAN Details

Sub-interface VLAN 10 

  1. Enter a Logical Label for VLAN 10 (for example, eth0.10)
  2. Enter a VLAN ID of 10
  3. Select Interface Usage of Management
  4. Click Add another VLAN

Access VLAN 100 

This is a Switch Network Instance access VLAN.

  1. For Interface Usage select App Shared
  2. The (access) VLAN 100 is configured when deploying Application 4. 
  3. See the Configure the Network Instance Ports section. 

Note that it’s possible to configure this as a Switch Network Instance with a VLAN sub-interface instead. However, the access VLAN is the preferred method for optimal performance. 

Configure the Network Instance Ports

  1. You have already configured a switch network instance in the prerequisites. 
  2. Hover over Library in the left panel.
  3. Click Network Instances.
  4. For each of the network instances, revise the following items. 

Note: Do not attach a Switch to a VLAN subinterface AND simultaneously configure an access VLAN on the NI . The GUI will not block this, but EVE-OS will return an error and will not create the Network Instance. 

Sub-interface VLAN 10 

This one doesn’t need a network instance.  

Access VLAN 100 (Switch)

Apply the VLAN to the switch network instance of the edge app instance interface: 

  1. Deploy your Edge Application Instance.
  2. In the Adapters & Networks tab, for eth3, select the Name (such as NI 3 Switch) of your switch network instance that you want to use for VLAN 100. 
  3. Click the Expand icon.
  4. For Access VLAN Id, enter 100.
  5. Continue to configure as you choose, clicking Next.
  6. Click Deploy.

Trunk

The trunk traffic will be using the IP address that’s assigned to the network interfaces for eth0. 

Was this article helpful?
0 out of 0 found this helpful