Shared VRF and Router Usecase with
Examples
Topology
efa fabric create --name fabric1 --type non-clos
efa fabric setting update --name fabric1
--rack-l3-backup-port 0/47 --rack-mct-ports 0/46 --vni-auto-map No --backup-routing-enable Yes
efa fabric device add-bulk --name fabric1
--rack rack1 --ip 10.20.246.25-26 --rack rack2 --ip 10.20.246.17-18
--border-leaf-rack rack3 --border-leaf-ip 10.20.246.15-16
--username admin --password password
efa fabric configure --name fabric1
efa fabric show --name fabric1
Fabric Name: fabric1, Fabric Description: , Fabric Type: non-clos
+--------------+-------+--------------+------------+-------------+--------------+-------------+-------------------+-----------------+---------+-------+
| IP ADDRESS | RACK | HOST NAME | ASN | ROLE | DEVICE STATE | APP STATE | CONFIG GEN REASON | PENDING CONFIGS | VTLB ID | LB ID |
+--------------+-------+--------------+------------+-------------+--------------+-------------+-------------------+-----------------+---------+-------+
| 10.20.246.25 | rack1 | Orca-1 | 4200000000 | leaf | provisioned | cfg in-sync | NA | NA | 2 | 1 |
| 10.20.246.26 | rack1 | Orca-2 | 4200000000 | leaf | provisioned | cfg in-sync | NA | NA | 2 | 1 |
| 10.20.246.17 | rack2 | Freedom-01 | 4200000001 | leaf | provisioned | cfg in-sync | NA | NA | 2 | 1 |
| 10.20.246.18 | rack2 | Freedom-02 | 4200000001 | leaf | provisioned | cfg in-sync | NA | NA | 2 | 1 |
| 10.20.246.16 | rack3 | Avalanche-02 | 4200065535 | border-leaf | provisioned | cfg in-sync | NA | NA | 2 | 1 |
| 10.20.246.15 | rack3 | Avalanche-01 | 4200065535 | border-leaf | provisioned | cfg in-sync | NA | NA | 2 | 1 |
+--------------+-------+--------------+------------+-------------+--------------+-------------+-------------------+-----------------+---------+-------+
Shared VRF Configuration Overview
Shared Tenant and Private Tenant
Configuration
efa tenant create --name sharedTenant --type shared --port 10.20.246.15[0/31],10.20.246.16[0/31]
--vrf-count 10 --l3-vni-range 31001-31020
--vlan-range 31-40 --l2-vni-range 30011-30020
efa tenant create --name tenant1 --port 10.20.246.17[0/11-20],10.20.246.18[0/11-20],10.20.246.25[0/11-20],10.20.246.26[0/11-20]
--vlan-range 11-20 --l2-vni-range 10011-10020 --vrf-count 10 --l3-vni-range 11001-11020
efa tenant create --name tenant2 --port 10.20.246.17[0/21-30],10.20.246.18[0/21-30],10.20.246.25[0/21-30],10.20.246.26[0/21-30]
--vlan-range 21-30 --l2-vni-range 20011-20020 --vrf-count 10 --l3-vni-range 21001-21020
efa tenant show
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
| Name | Type | VLAN Range | L2VNI Range | L3VNI Range | VRF Count | Enable BD | Ports |
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
| sharedTenant | shared | 31-40 | 30011-30020 | 31001-31020 | 10 | false | 10.20.246.15[0/31] |
| | | | | | | | 10.20.246.16[0/31] |
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
| tenant1 | private | 11-20 | 10011-10020 | 11001-11020 | 10 | false | 10.20.246.18[0/11-20] |
| | | | | | | | 10.20.246.17[0/11-20] |
| | | | | | | | 10.20.246.25[0/11-20] |
| | | | | | | | 10.20.246.26[0/11-20] |
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
| tenant2 | private | 21-30 | 20011-20020 | 21001-21020 | 10 | false | 10.20.246.26[0/21-30] |
| | | | | | | | 10.20.246.18[0/21-30] |
| | | | | | | | 10.20.246.17[0/21-30] |
| | | | | | | | 10.20.246.25[0/21-30] |
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
Shared PO
and Private PO Configuration
efa tenant po create --name sharedPO --tenant sharedTenant
--port 10.20.246.15[0/31],10.20.246.16[0/31] --speed 10Gbps --negotiation active
efa tenant po create --name ten1po1 --tenant tenant1
--port 10.20.246.17[0/11],10.20.246.18[0/11] --speed 10Gbps --negotiation active
efa tenant po create --name ten1po2 --tenant tenant1
--port 10.20.246.25[0/11],10.20.246.26[0/11] --speed 10Gbps --negotiation active
efa tenant po create --name ten2po1 --tenant tenant2
--port 10.20.246.17[0/21],10.20.246.18[0/21] --speed 10Gbps --negotiation active
efa tenant po create --name ten2po2 --tenant tenant2
--port 10.20.246.25[0/21],10.20.246.26[0/21] --speed 10Gbps --negotiation active
efa tenant po show
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| Name | Tenant | ID | Speed | Negotiation | Min Link | Lacp | Ports | State | Dev State | App State |
| | | | | | Count | Timeout | | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| sharedPO | sharedTenant | 1 | 10Gbps | active | 1 | long | 10.20.246.16[0/31] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.15[0/31] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| ten1po1 | tenant1 | 1 | 10Gbps | active | 1 | long | 10.20.246.18[0/11] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.17[0/11] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| ten1po2 | tenant1 | 1 | 10Gbps | active | 1 | long | 10.20.246.25[0/11] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.26[0/11] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| ten2po1 | tenant2 | 2 | 10Gbps | active | 1 | long | 10.20.246.18[0/21] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.17[0/21] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| ten2po2 | tenant2 | 2 | 10Gbps | active | 1 | long | 10.20.246.25[0/21] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.26[0/21] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
Shared VRF and Private VRF
efa tenant vrf create --name sharedVrf --tenant sharedTenant
efa tenant vrf create --name ten1vrf1 --tenant tenant1
efa tenant vrf create --name ten2vrf1 --tenant tenant2
efa tenant vrf show
+-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+
| Name | Tenant | Routing Type | Centralized Routers | Redistribute | Max Path | Local Asn | Enable GR | State | Dev State | App State |
+-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+
| sharedVrf | sharedTenant | distributed | | connected | 8 | | false | vrf-create | not-provisioned | cfg-ready |
+-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+
| ten1vrf1 | tenant1 | distributed | | connected | 8 | | false | vrf-create | not-provisioned | cfg-ready |
+-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+
| ten2vrf1 | tenant2 | distributed | | connected | 8 | | false | vrf-create | not-provisioned | cfg-ready |
+-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+
Shared VRF: Inter POD
Routing
- Endpoint groups (EPGs) owned by
different Private Tenants using the shared
VRF
efa tenant epg create --name ten1epg1 --tenant tenant1 --po ten1po1,ten1po2 --switchport-mode trunk
--ctag-range 11 --anycast-ip 11:10.0.11.1/24 –vrf sharedVrf
efa tenant epg create --name ten2epg1 --tenant tenant2 --po ten2po1,ten2po2 --switchport-mode trunk
--ctag-range 21 --anycast-ip 21:10.0.21.1/24 --vrf sharedVrf
- EPGs owned by different Private
Tenants using their own private
VRF:
efa tenant epg create --name ten1epg2 --tenant tenant1 --po ten1po1,ten1po2 --switchport-mode trunk
--ctag-range 13 --anycast-ip 13:10.0.13.1/24 --vrf ten1vrf1
efa tenant epg create --name ten2epg2 --tenant tenant2 --po ten2po1,ten2po2 --switchport-mode trunk
--ctag-range 23 --anycast-ip 23:10.0.23.1/24 --vrf ten2vrf1
efa tenant epg show
+----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+
| Name | Tenant | Type | Ports | PO | SwitchPort | Native Vlan | Ctag Range | Vrf | L3Vni | State |
| | | | | | Mode | Tagging | | | | |
+----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+
| ten1epg1 | tenant1 | extension | | ten1po2 | trunk | false | 11 | sharedVrf | 31001 | |
| | | | | ten1po1 | | | | | | |
+----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+
| ten1epg2 | tenant1 | extension | | ten1po1 | trunk | false | 13 | ten1vrf1 | 11001 | |
| | | | | ten1po2 | | | | | | |
+----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+
| ten2epg1 | tenant2 | extension | | ten2po1 | trunk | false | 21 | sharedVrf | 31001 | |
| | | | | ten2po2 | | | | | | |
| | | | | | | | | | | |
+----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+
| ten2epg2 | tenant2 | extension | | ten2po2 | trunk | false | 23 | ten2vrf1 | 21001 | |
| | | | | ten2po1 | | | | | | |
| | | | | | | | | | | |
+----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+
L3 Handoff Using EPG and BGP Peer
Owned by Shared Tenant Using Shared VRF
- Endpoint Group (EPG) owned by
Shared Tenant handling off Shared
VRF
efa tenant epg create --name sharedTenepg1 --tenant sharedTenant --type l3-hand-off
--po sharedPO --switchport-mode trunk --ctag-range 31
--vrf sharedVrf --local-ip 31,10.20.246.15:10.0.31.2/24 --local-ip 31,10.20.246.16:10.0.31.2/24
- BGP peer owned by Shared Tenant
handling off Shared
VRF
efa tenant service bgp peer create --name sharedTenbgppeer1 --tenant sharedTenant
--ipv4-uc-nbr 10.20.246.15,sharedVrf:10.0.31.3,50000
--ipv4-uc-nbr 10.20.246.16,sharedVrf:10.0.31.3,50000
efa tenant epg show
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| Name | Tenant | Type | Ports | PO | SwitchPort | Native Vlan | Ctag Range | Vrf | L3Vni | State |
| | | | | | Mode | Tagging | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| sharedTenepg1 | sharedTenant | l3-hand-off | | sharedPO | trunk | false | 31 | sharedVrf | 31001 | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten1epg2 | tenant1 | extension | | ten1po2 | trunk | false | 13 | ten1vrf1 | 11001 | |
| | | | | ten1po1 | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten1epg3 | tenant1 | l3-hand-off | | sharedPO | trunk | false | 20 | ten1vrf1 | 11001 | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten1epg4 | tenant1 | l3-hand-off | | sharedPO | trunk | false | 19 | sharedVrf | 31001 | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten1epg1 | tenant1 | extension | | ten1po2 | trunk | false | 11 | sharedVrf | 31001 | |
| | | | | ten1po1 | | | | | | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten2epg3 | tenant2 | l3-hand-off | | sharedPO | trunk | false | 30 | ten2vrf1 | 21001 | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten2epg1 | tenant2 | extension | | ten2po2 | trunk | false | 21 | sharedVrf | 31001 | |
| | | | | ten2po1 | | | | | | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten2epg2 | tenant2 | extension | | ten2po1 | trunk | false | 23 | ten2vrf1 | 21001 | |
| | | | | ten2po2 | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
efa tenant service bgp peer show --detail
===========================================
Name : sharedTenbgppeer1
Tenant : sharedTenant
State : bs-state-created
Description :
Static Peer
-----------
Device IP : 10.20.246.15
VRF : sharedVrf
AFI : ipv4
SAFI : unicast
Remote IP : 10.0.31.3
Remote ASN : 50000
Next Hop Self : false
Update Source IP :
BFD Enabled : false
BFD Interval : 0
BFD Rx : 0
BFD Multiplier : 0
MD5 Password :
Dev State : provisioned
App State : cfg-in-sync
Device IP : 10.20.246.16
VRF : sharedVrf
AFI : ipv4
SAFI : unicast
Remote IP : 10.0.31.3
Remote ASN : 50000
Next Hop Self : false
Update Source IP :
BFD Enabled : false
BFD Interval : 0
BFD Rx : 0
BFD Multiplier : 0
MD5 Password :
Dev State : provisioned
App State : cfg-in-sync
Dynamic Peer
-----------
0 Records
===========================================
