Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

Virtual Networks

Virtual Networks Overview

You can create an overlay network in an Apstra blueprint by creating virtual networks (VN)s to group physically separate endpoints into logical groups. These collections of Layer 2 forwarding domains can be either VLANs or VXLANs.

VLANs have the following characteristics:

  • Single rack (rack-local)
  • Single leafs or leaf pairs
  • Can be deployed in Layer 2-only mode (for example, isolated cluster networks for database replication)
  • Can be deployed with Layer 3 gateway (SVI) IP address on rack leaf, hosted with or without first-hop redundancy

VXLANs have the following characteristics:

  • Fabric-wide for ubiquitous Layer 2 (inter-rack)
  • Combination of single rack leafs or leaf pairs (MLAG)
  • Can be deployed in Layer 2-only mode
  • Can be deployed with Layer 3 gateway functionality
  • The control plane selected (Static VXLAN Routing or MP-EBGP EVPN) when configuring the template for your blueprint determines what is configured in the VN. (MP-EBGP EVPN provides a control plane for VXLAN routing.)
  • VXLAN-EVPN capabilities for VXLAN VNs are dependent on network device makes and models. For more information see the evpn_support_addendum:Apstra EVPN Support Addendum.

For complete VN feature compatibility for supported Network Operating Systems (NOS), see the Apstra Feature Matrix for the applicable release (in the Reference <reference> section). For detailed capability information for a device, contact your network device vendor or Juniper Support.

VNs contain the following details:

Table 1: Virtual Network Parameters
Name Description
Type
  • VLAN (rack-local VN)
  • VXLAN (EVPN) (inter-rack VN)
Name 32 characters or fewer. Underscore, dash, and alphanumeric characters only.
Routing Zone
  • VLAN - default routing zone only
  • VXLAN - default routing zone or user-defined routing zone
  • Default routing zone is used for the underlay network.
Default VLAN ID (VLAN only)
  • Layer 2 VLAN ID on the switch that the VN is assigned to.

  • If left blank, it's auto-assigned from static pool (2-4094).

  • If you assign it, we don't recommend assigning VLAN ID 1 for active VNs.

  • Cisco NX-OS reserves VLAN IDs 3968-4094.

  • Cumulus VLAN-aware Bridge Mode reserves:

    • for Cumulus 3.7: 3000-3999
    • for Cumulus 4.1: 3600-3999
  • Arista reserves 1006-4094 for internal VLANs for routed ports. You can modify "reserved" VLAN ID range with the EOS vlan internal allocation policy configuration command. You can apply it to all EOS devices using a SYSTEM configlet before configuring and deploying VNs.

    l2-virtual-ext-002-leaf1(config)#vlan internal allocation policy ascending range 3001 3999
    l2-virtual-ext-002-leaf1(config)#exit
    l2-virtual-ext-002-leaf1#show vlan internal allocation policy
    Internal VLAN Allocation Policy: ascending
    Internal VLAN Allocation Range: 3001-3999
    l2-virtual-ext-002-leaf1#
  • Using reserved VLAN IDs may cause deployment errors, but not build errors.

VNI(s) (VXLAN only) Layer 2 VXLAN ID on the switch that the VN is assigned to. If left blank, it's auto-assigned from resource pools. Create up to 40 VNs at once by entering ranges or individual VNI IDs separated by commas (for example: 5555-5560, 7777). Commit the first 40 VNs before creating additional ones.
Set same VLAN ID on all leafs (VXLAN only) Option to use same VLAN ID on all leafs
DHCP server Enabled/Disabled - DHCP relay forwarder configuration on SVI. Implies L3 routing on SVI
IPv4 Connectivity Enabled/Disabled - for SVI routing
IPv4 subnet (if connectivity is enabled)
  • IPv4 subnet - (for example: 192.168.100.0/24) (can't use batching VLANs)
  • IPv4 CIDR length - automatically assigns a subnet with the specified length (for example: /26)
  • If left blank, it's auto-assigned a /24 subnet network from resource pools
Virtual Gateway IPv4 The IPv4 address, if enabled
IPv6 Connectivity Enabled/Disabled - IPv6 connectivity for SVI routing. IPv6 must be enabled in blueprint. If template used IPv4 spine-to-leaf link types, IPv6 can't be used in default routing zone and for VLAN type VNs.
IPv6 subnet (if connectivity is enabled)
  • IPv6 subnet (for example: 2001:4de0::/64)
  • IPv6 CIDR length - automatically assigns a subnet with the specified length (for example: /56)
  • If left blank, it's auto-assigned a /64 subnet network from resource pools.
  • If assigned automatically, the IP is derived from the assigned VNs SVI pools.
  • To assign multiple VLAN networks, leave blank or specify CIDR length.
Virtual Gateway IPv6 The IPv6 address, if enabled
Create connectivity templates for
  • Tagged
  • Untagged
Assigned to The racks that the VN is assigned to. For more information, see table below.
Table 2: Virtual Network Rack (or Pod) Details
Assigned To Details Description
Pod Name (5-stage) 5-stage Clos networks include pods, and leaf devices within each pod can be selected to extend VN to those devices.
Bound to The racks assigned. For MLAG racks, the leaf pair is shown. For VLANs, if more than one rack is selected, multiple rack-local VLAN-based VNs are created.
Link Labels Label assigned to rack (for example, ext-link-1, single-link, single-link, ext-link-0)
VLAN ID Can be used for batch creating VNs
IPv4 mode / IPv6 Mode (aka SVI IP address allocation mode)
  • SVIs are configured on VLANs to provide a default gateway for the VLAN, allow traffic to be routed between VLANs, provide Layer 3 IP connectivity to the switch, and support bridging configurations and routing protocols.
  • Allocate IP addresses on a per-SVI basis (as of Apstra release 4.0)
  • Enabled - if device requires an SVI, it's assigned from resource pools (for example: for Arista IPv6 Routing or Cumulus IPv4/IPv6 VXLAN Routing)
  • Forced - SVI is unconditionally assigned from resource pool (or it can be entered) To additionally allocate an SVI IP to that particular leaf if default semantics for VXLAN did not require it.
  • Link Local (IPv6 only) - used when an IPv6 link-local address is required on the SVI. Usually for a BGP unnumbered scenario without explicit IPv6 address allocation for the SVI.
IPv4 Address / IPv6 Address Can be specified to set the first-hop-redundancy IP address for the SVI (VRRP, VARP and so on). If left blank, the SVI IP address is assigned from the selected pool. When you bind an EVPN connectivity template to a Layer 2 application point, the SVI IP address is used as the source / destination for the BGP session, static routes and so on.

From the blueprint, navigate to Staged > Virtual > Virtual Networks to go to the VN list view. You can create, edit and delete VNs.

Create Virtual Network

  1. From the blueprint, navigate to Staged > Virtual > Virtual Networks and click Create Virtual Networks.
  2. Select the VN type (VLAN, VXLAN) and enter a name.
  3. Select the routing zone to associate with the VN(s). (VLANs must use the default routing zone.)
  4. If you're creating VLANs, specify the default VLAN ID(s). If you're creating VXLANs, specify VNIs and VLAN ID (on leafs). See overview above for details.
  5. If you enable DHCP Service, enter a subnet. A DHCP relay forwarder is configured on the SVI. This option also implies Layer 3 routing on this SVI. (You assign the DHCP server in the routing zone.)
  6. If you enable IPv4 Connectivity, enter a subnet, unless you're batch creating VNs. Then enter an IPv4 CIDR length, or leave subnet blank to allow auto-assignment.
  7. If you enable Virtual Gateway IPv4, enter an IPv4 address.
  8. If IPv6 is enabled in the blueprint (Policies > Fabric Addressing Policy), and you enable IPv6 Connectivity, enter a subnet, unless you're batch creating VNs. Then enter an IPv6 CIDR length, or leave subnet blank to allow auto-assignment.
  9. If you enable Virtual Gateway IPv6, enter an IPv6 address.
  10. To create connectivity templates for the VN(s), check the box for Tagged and/or Untagged, as applicable.
  11. Select and configure racks that the VN is to be assigned to. See overview above for details.
  12. Click Create to stage the VN and return to the list view.
  13. Assign IPv4 (IPv6) resources for SVI subnets. Navigate to Staged > Virtual > Virtual Networks and assign resources in the Build panel (right-side).
  14. For VXLAN only: Assign VTEP IPs. Navigate to Staged > Virtual > Virtual Networks and assign resources in the Build panel (right-side). (You can display the VTEPs list in the nodes table (Staged > Physical > Nodes). Select the type of VTEP to display from the Columns drop-down list (above the table).)
    • Single Leaf Nodes require one VTEP IP and an anycast VTEP IP for all switches in the VN.
    • MLAG Leaf-pair Nodes require a common VTEP IP for the leaf-pair and an anycast VTEP IP for all switches in the VN.
  15. To deploy changes to the active blueprint, click the Uncommitted tab to review and commit (or discard) changes.

Edit Virtual Network

  1. From the blueprint, navigate to Staged > Virtual > Virtual Networks and click the name of the VN to edit.
  2. Click the Edit button (on the right) and make your changes.
  3. Click Update to stage the changes and return to the list view.

Delete Virtual Network

  1. From the blueprint, navigate to Staged > Virtual > Virtual Networks and click the Delete button (trash can) for the VN to delete.
  2. Click Delete to stage the deletion and return to the list view.