EVE-OS VLAN Switch Network Instance Use Case

1. Introduction

The current EVE-OS implementation of a switch network instance is completely transparent to the Ethernet types and payload, carrying 802.1Q tags transparently. Hence, all the attachments to a switch network instance are trunk ports (allowing all VLANs and untagged packets).
 
Starting with ZedControl Release 6.7.0, the 'Access VLAN' field is added in the ZedUI for the edge application instance network adapter configuration. This field is valid for a switch network instance only. The allowed VLAN values are between 2 and 4093.
 
With the implementation of EVE-OS VLAN, the focus is on the application traffic on a switch network instance. Some application instances use trunk ports (for example, a firewall of virtual router VNF), and other application instances use an access port configured to be on one VLAN. The switch network instance may or may not have an external port. If it does, such a port will by default be a trunk port.
 

2. Use Case

Let's look into the following use case scenario for understanding the implementation details:
EVE-OS VLAN Switch Network Instance.png
As seen in the diagram, there is a Switch Network Instance. There are two VLANs–VLAN 100 and VLAN 200. There are other ports where VLAN is not configured.
 
Following are the application instances that are connected to the switch network instance:
  • Two Ubuntu containers connected to VLAN 100.
  • An Ubuntu virtual machine (VM) is connected to VLAN 200.
  • A VYOS instance (router on stick) with a trunk port interface. Basically, the packets going out of this interface will be tagged. DHCP, NAT, and other services run on this instance. This instance also does some basic static routing.
  • An Ubuntu VM with no VLANs configured.
 
VMs and containers must be able to talk to each other within the same VLAN. The following is an example of a router, containers, and a virtual machine configuration provided as a bulleted list.
 

2.1. Router (VYOS) Configuration

  • The router is connected to a trunk port on the switch network instance side. On the router side,
  • Eth1 is a trunk port on which eth1.100 (for VLAN 100) and eth1.200 (for VLAN 200) subinterfaces are configured.
  • The DHCP server is configured on both of the subinterfaces so that any application instances connected to VLAN 100 get their IP address (from the 20.1.1.0 range) from eth1.100. Those connected to VLAN 200 get their IP address (from the 30.1.1.0 range) from eth1.200 and so on.
  • The trunk port assigns IP addresses for the applications that do not have any VLAN configured and get their IP from the 40.1.1.0 range. The VYOS router is configured to allow the VLAN packets through it.
  • The packets are routed between the VLANs, no-VLAN trunk ports, and the router.
 

2.2. Container Configuration

  • Eth1 of container 1 is connected to VLAN 100 and gets an IP address of 20.1.1.2.
  • Similarly, eth1 of container 2 is connected to the same VLAN (VLAN 100) and gets an IP address of 20.1.1.3.
  • As the VYOS router assigns the IP addresses (with the 20.1.1.0 range), these two containers talk to each other.
     

2.3. Virtual Machine Configuration

  • Eth1 of the virtual machine is configured as VLAN 200.
  • The VYOS router assigns the IP address of configured range (30.1.1.0).
Was this article helpful?
0 out of 1 found this helpful