Overlapping VLAN Support Using VLAN Translation in EVPN-VXLAN Networks
You can use VLAN translation to manage overlapping VLAN IDs in an EVPN-VXLAN fabric. For this purpose, we support VLAN translation on the following platforms operating as leaf devices in the fabric:
-
QFX5110 and QFX5120 switches—Starting in Junos OS Release 21.2R1
-
QFX5130-32CD and QFX5700 switches—Starting in Junos OS Evolved Release 22.1R1
We support this feature:
-
On trunk mode access-side interfaces configured in the enterprise style.
-
On leaf devices in edge-routed bridging (ERB) and centrally routed bridging (CRB) overlays.
-
With MAC-VRF EVPN routing instances (any supported service types).
-
On access side ports that can be single-homed or multihomed.
-
On Layer 2 (L2) VXLAN gateway access-side ports.
-
On Layer 3 (L3) VXLAN gateway IRB interfaces for VXLAN bridge domains.
Benefits
-
Simplifies re-provisioning a network after combining different business areas in the network that might use the same VLAN IDs for different functions.
-
Helps service providers to maintain traffic isolation in the same network among different customers using one or more of the same VLAN IDs.
Overview
When you configure VLAN translation, you map the host VLAN ID in tagged packets coming in on an interface to a configured VLAN ID. We call that configured VLAN ID a mapped VLAN value. For ingress packets from the host, the device substitutes the mapped VLAN value for the host VLAN ID before the packet enters the packet processing pipeline. On egress when forwarding tagged traffic toward the host, the device replaces the mapped VLAN value with the host VLAN ID.
You use the usual VLAN configuration statements to define the VLANs you plan to use as
mapped VLAN values. You also associate interfaces with those VLANs. Then to configure the
VLAN translation, use the vlan-rewrite
translate from-vlan-id
to-vlan-id statement at the [edit interfaces
interface-name unit logical-unit-number family
ethernet-switching] for each host VLAN mapping and interface as needed. With this
statement:
-
The from-vlan-id is the host VLAN ID.
-
The to-vlan-id is the mapped VLAN value.
You can specify host VLAN IDs and mapped VLAN values in the usual VLAN range—1 through 4094.
If you configure an interface with multiple host VLANs and map some (but not all) of those host VLANs to mapped VLAN values, the interface:
-
Accepts and passes through packets that are tagged with host VLAN IDs that are not mapped (host VLAN IDs that have no corresponding
vlan-rewrite translatestatement). -
Accepts packets that are tagged with a host VLAN ID for which the interface has a
vlan-rewrite translateconfiguration. The interface drops packets that are tagged with the corresponding mapped VLAN value.
For example, the following configuration includes VLANs 100 and 101 on interface xe-0/0/1. The configuration also establishes VLAN translation for host VLAN ID 200 to mapped VLAN value 100.
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan101 set vlans vlan100 vlan-id 100 set vlans vlan101 vlan-id 101 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100
With this configuration, the interface:
-
Accepts incoming packets that are tagged with VLAN 101 because that VLAN isn't mapped.
-
Accepts incoming packets that are tagged with VLAN 200 because that VLAN is a host VLAN with a
vlan-rewritemapping. -
Drops incoming packets tagged with VLAN 100 because that VLAN is a mapped VLAN value for host VLAN 200.
Supported VLAN Translation Configurations
We support VLAN translation on an interface as follows:
-
You can map a host VLAN ID to a mapped VLAN value only on access interfaces with enterprise style interface configurations.
-
You can map each host VLAN to one and only one mapped VLAN value.
You'll see a commit error if you try to configure VLAN translation of the same host VLAN to more than one mapped VLAN value.
For example, the following configuration includes VLAN IDs 100 and 101 on interface xe-0/0/1. The configuration also maps host VLAN ID 200 to mapped VLAN value 100.
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan101 set vlans vlan100 vlan-id 100 set vlans vlan101 vlan-id 101 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100
If you then try to map the same host VLAN 200 to the other configured VLAN 101 on the same interface, the CLI won't allow the commit:
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 101
-
You can map only one host VLAN to the same mapped VLAN value on an interface.
In other words, after you map a host VLAN, you can’t map a different host VLAN tag to the same mapped VLAN value on the same interface. The CLI doesn't block the commit operation, but only the most recent mapping will take effect.
For example, you configure VLAN 100 on an interface, and map host VLAN 200 to mapped VLAN value 100:
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100 set vlans vlan100 vlan-id 100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100
You commit that configuration, then configure a mapping from host VLAN 300 to the same mapped VLAN value 100:
set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 300 100
The device overwrites the first mapping with the second one for that mapped VLAN value, and processes packets only according to the second mapping.
-
You can map different host VLANs to different mapped VLAN values on the same interface.
For example, if you configure VLANs 100 and 101 on an interface, you can map host VLAN 200 to one mapped VLAN value (100) and host VLAN 300 to another mapped VLAN value (101) on that same interface:
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan101 set vlans vlan100 vlan-id 100 set vlans vlan101 vlan-id 101 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 300 101
-
You can map the same host VLAN to the same mapped VLAN value on different interfaces.
For example, if you configure two interfaces xe-0/0/1 and xe-0/0/2 as members of VLAN 100, you can map host VLAN 200 to the same mapped VLAN value (100) for both interfaces:
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100 set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members vlan100 set vlans vlan100 vlan-id 100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100 set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan-rewrite translate 200 100
-
You can map different host VLAN tags to the same mapped VLAN value on different interfaces.
For example, your configuration includes VLAN 100 on interfaces xe-0/0/1 and xe-0/0/2. You can map host VLAN 200 on xe-0/0/1 and host VLAN 300 on xe-0/0/2 to the same mapped VLAN value 100:
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100 set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members vlan100 set vlans vlan100 vlan-id 100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100 set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan-rewrite translate 300 100
(QFX5xxx switches) In an EVPN-VXLAN fabric, you can’t configure the native-vlan-id statement on the same interface where you enable VLAN translation with the vlan-rewrite statement.
Verify VLAN Translation Mappings on an Interface
Run the show ethernet-switching interface interface-name
detail CLI command to verify the VLAN translation mappings on an interface.
For example, consider again the case where you configure different VLANs (VLAN 100 and VLAN 101) on the same interface, xe-0/0/1. Then you map different host VLAN IDs (200 and 300) to each of those mapped VLAN values (100 and 101, respectively).
set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members vlan101 set vlans vlan100 vlan-id 100 set vlans vlan101 vlan-id 101 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 200 100 set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan-rewrite translate 300 101
In the output from the show ethernet-switching interface xe-0/0/1 detail,
you see the host VLAN ID (200 or 300) in the Trunk id: output field. You
also see the corresponding mapped VLAN value (100 or 101) in the VLAN id:
output field, and its configured VLAN name (vlan100 or vlan101) in the VLAN
name: output field.
user@leaf> show ethernet-switching interface xe-0/0/1 detail
Information for interface family:
Name: xe-0/0/1.0
Type: IFF Handle: 0x2701c10
Index: 554 Generation: 186
Flags: UP
IFD index: 659 Routing/Vlan index: 7
IFL index: 554 Address family: 63
Sequence number: 0 MAC sequence number: 0
MAC limit: 294912 MACs learned: 0
Static MACs learned: 0 Non configured static MACs learned: 0
MAC+IP limit: 0 MAC+IPs learned: 0
Name: xe-0/0/1.0
Type: IFBD (static) Handle: 0x1de8890
Index: Generation: 147
Trunk id: 200 Flags: UP,
IFD index: Routing/Vlan index: 5
IFL index: Address family:
VLAN id: 100 VLAN name: vlan100
Sequence number: 0 MAC sequence number: 0
MAC limit: 294912 MACs learned: 0
Static MACs learned: 0 Non configured static MACs learned: 0
MAC+IP limit: 0 MAC+IPs learned: 0
VSTP index: 9 STP State: Forwarding
Tagging: tagged Rewrite op: SWAP
Name: xe-0/0/1.0
Type: IFBD (static) Handle: 0x1de7c50
Index: Generation: 148
Trunk id: 300 Flags: UP,
IFD index: Routing/Vlan index: 6
IFL index: Address family:
VLAN id: 101 VLAN name: vlan101
Sequence number: 0 MAC sequence number: 0
MAC limit: 294912 MACs learned: 0
Static MACs learned: 0 Non configured static MACs learned: 0
MAC+IP limit: 0 MAC+IPs learned: 0
VSTP index: 9 STP State: Forwarding
Tagging: tagged Rewrite op: SWAP
Change History Table
Feature support is determined by the platform and release you are using. Use Feature Explorer to determine if a feature is supported on your platform.