Shared VRF and Router Usecase with Examples
Topology
efa fabric create --name fabric1 --type non-clos
efa fabric setting update --name fabric1
--vni-auto-map No --backup-routing-enable Yes
efa fabric device add-bulk --name fabric1
--rack rack1 --ip 10.20.246.25-26 --rack rack2 --ip 10.20.246.17-18
--border-leaf-rack rack3 --border-leaf-ip 10.20.246.15-16
--username admin --password password
efa fabric configure --name fabric1
efa fabric show
Fabric Name: default, Fabric Description: Default Fabric, Fabric Stage: 3, Fabric Type: clos, Fabric Status: created
+------------+-----+-----------+-----+------+--------------+-----------+-------------------+-----------------+---------+-------+
| IP ADDRESS | POD | HOST NAME | ASN | ROLE | DEVICE STATE | APP STATE | CONFIG GEN REASON | PENDING CONFIGS | VTLB ID | LB ID |
+------------+-----+-----------+-----+------+--------------+-----------+-------------------+-----------------+---------+-------+
+------------+-----+-----------+-----+------+--------------+-----------+-------------------+-----------------+---------+-------+
Fabric Name: fs, Fabric Description: , Fabric Stage: 3, Fabric Type: clos, Fabric Status: settings-updated
Updated Fabric Settings: BGP-LL
+-------------+-----+-----------+-------+-------+---------------------+-------------+-------------------+----------------------------------------------+---------+-------+
| IP ADDRESS | POD | HOST NAME | ASN | ROLE | DEVICE STATE | APP STATE | CONFIG GEN REASON | PENDING CONFIGS | VTLB ID | LB ID |
+-------------+-----+-----------+-------+-------+---------------------+-------------+-------------------+----------------------------------------------+---------+-------+
| 10.20.246.1 | | SLX-1 | 64512 | Spine | provisioned | cfg in-sync | NA | NA | NA | 1 |
| 10.20.246.7 | | SLX | 65000 | Leaf | provisioning failed | cfg ready | IA,IU,MD,DA | SYSP-C,MCT-C,MCT-PA,BGP-C,INTIP-C,EVPN-C,O-C | 2 | 1 |
| 10.20.246.8 | | slx-8 | 65000 | Leaf | provisioned | cfg in-sync | NA | NA | 2 | 1 |
+-------------+-----+-----------+-------+-------+---------------------+-------------+-------------------+----------------------------------------------+---------+-------+
FABRIC SETTING:
BGPLL - BGP Dynamic Peer Listen Limit, BGP-MD5 - BGP MD5 Password , BFD-RX - Bfd Rx Timer, BFD-TX - Bfd Tx Timer, BFD-MULTIPLIER - Bfd multiplier,
BFD-ENABLE - Enable Bfd, BGP-MULTIHOP - BGP ebgp multihop, P2PLR - Point-to-Point Link Range, MCTLR - MCT Link Range, LOIP - Loopback IP Range
CONFIG GEN REASON:
LA/LD - Link Add/Delete, IA/ID/IU - Interface Add/Delete/Update, PLC/PLD/PLU - IPPrefixList Create/Delete/Update
MD/MU - MCT Delete/Update, OD/OU - Overlay Gateway Delete/Update, EU/ED - Evpn Delete/Update, PC/PD/PU - RouterPim Create/Delete/Update
DD - Dependent Device Update, DA/DR - Device Add/ReAdd, ASN - Asn Update, SYS - System Properties Update
MD5 - BGP MD5 Password, BGPU - Router BGP Update, BGPLL - BGP Listen Limit, POU - Port Channel Update, NA - Not Applicable
PENDING CONFIGS:
MCT - MCT Cluster, O - Overlay Gateway, SYSP - System Properties, INTIP - Interface IP, BGP - Router BGP
C/D/U - Create/Delete/Update, PA/PD - Port Add/Port Delete
Shared VRF Configuration Overview
Shared Tenant and Private Tenant Configuration
efa tenant create --name sharedTenant --type shared --port 10.20.246.15[0/31],10.20.246.16[0/31]
--vrf-count 10 --l3-vni-range 31001-31020
--vlan-range 31-40 --l2-vni-range 30011-30020
efa tenant create --name tenant1 --port 10.20.246.17[0/11-20],10.20.246.18[0/11-20],10.20.246.25[0/11-20],10.20.246.26[0/11-20]
--vlan-range 11-20 --l2-vni-range 10011-10020 --vrf-count 10 --l3-vni-range 11001-11020
efa tenant create --name tenant2 --port 10.20.246.17[0/21-30],10.20.246.18[0/21-30],10.20.246.25[0/21-30],10.20.246.26[0/21-30]
--vlan-range 21-30 --l2-vni-range 20011-20020 --vrf-count 10 --l3-vni-range 21001-21020
efa tenant show
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
| Name | Type | VLAN Range | L2VNI Range | L3VNI Range | VRF Count | Enable BD | Ports |
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
| sharedTenant | shared | 31-40 | 30011-30020 | 31001-31020 | 10 | false | 10.20.246.15[0/31] |
| | | | | | | | 10.20.246.16[0/31] |
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
| tenant1 | private | 11-20 | 10011-10020 | 11001-11020 | 10 | false | 10.20.246.18[0/11-20] |
| | | | | | | | 10.20.246.17[0/11-20] |
| | | | | | | | 10.20.246.25[0/11-20] |
| | | | | | | | 10.20.246.26[0/11-20] |
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
| tenant2 | private | 21-30 | 20011-20020 | 21001-21020 | 10 | false | 10.20.246.26[0/21-30] |
| | | | | | | | 10.20.246.18[0/21-30] |
| | | | | | | | 10.20.246.17[0/21-30] |
| | | | | | | | 10.20.246.25[0/21-30] |
+--------------+---------+------------+-------------+-------------+-----------+-----------+-----------------------+
Shared PO and Private PO Configuration
efa tenant po create --name sharedPO --tenant sharedTenant
--port 10.20.246.15[0/31],10.20.246.16[0/31] --speed 10Gbps --negotiation active
efa tenant po create --name ten1po1 --tenant tenant1
--port 10.20.246.17[0/11],10.20.246.18[0/11] --speed 10Gbps --negotiation active
efa tenant po create --name ten1po2 --tenant tenant1
--port 10.20.246.25[0/11],10.20.246.26[0/11] --speed 10Gbps --negotiation active
efa tenant po create --name ten2po1 --tenant tenant2
--port 10.20.246.17[0/21],10.20.246.18[0/21] --speed 10Gbps --negotiation active
efa tenant po create --name ten2po2 --tenant tenant2
--port 10.20.246.25[0/21],10.20.246.26[0/21] --speed 10Gbps --negotiation active
efa tenant po show
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| Name | Tenant | ID | Speed | Negotiation | Min Link | Lacp | Ports | State | Dev State | App State |
| | | | | | Count | Timeout | | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| sharedPO | sharedTenant | 1 | 10Gbps | active | 1 | long | 10.20.246.16[0/31] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.15[0/31] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| ten1po1 | tenant1 | 1 | 10Gbps | active | 1 | long | 10.20.246.18[0/11] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.17[0/11] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| ten1po2 | tenant1 | 1 | 10Gbps | active | 1 | long | 10.20.246.25[0/11] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.26[0/11] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| ten2po1 | tenant2 | 2 | 10Gbps | active | 1 | long | 10.20.246.18[0/21] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.17[0/21] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
| ten2po2 | tenant2 | 2 | 10Gbps | active | 1 | long | 10.20.246.25[0/21] | po-created | provisioned | cfg-in-sync |
| | | | | | | | 10.20.246.26[0/21] | | | |
+----------+--------------+----+--------+-------------+----------+---------+--------------------+------------+-------------+-------------+
Shared VRF and Private VRF
efa tenant vrf create --name sharedVrf --tenant sharedTenant efa tenant vrf create --name ten1vrf1 --tenant tenant1 efa tenant vrf create --name ten2vrf1 --tenant tenant2 efa tenant vrf show +-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+ | Name | Tenant | Routing Type | Centralized Routers | Redistribute | Max Path | Local Asn | Enable GR | State | Dev State | App State | +-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+ | sharedVrf | sharedTenant | distributed | | connected | 8 | | false | vrf-create | not-provisioned | cfg-ready | +-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+ | ten1vrf1 | tenant1 | distributed | | connected | 8 | | false | vrf-create | not-provisioned | cfg-ready | +-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+ | ten2vrf1 | tenant2 | distributed | | connected | 8 | | false | vrf-create | not-provisioned | cfg-ready | +-----------+--------------+--------------+---------------------+--------------+----------+-----------+-----------+------------+-----------------+-----------+
Shared VRF: Inter POD Routing
- Endpoint groups (EPGs) owned by
different Private Tenants using the shared
VRF
efa tenant epg create --name ten1epg1 --tenant tenant1 --po ten1po1,ten1po2 --switchport-mode trunk --ctag-range 11 --anycast-ip 11:10.0.11.1/24 –vrf sharedVrf efa tenant epg create --name ten2epg1 --tenant tenant2 --po ten2po1,ten2po2 --switchport-mode trunk --ctag-range 21 --anycast-ip 21:10.0.21.1/24 --vrf sharedVrf - EPGs owned by different Private
Tenants using their own private
VRF:
efa tenant epg create --name ten1epg2 --tenant tenant1 --po ten1po1,ten1po2 --switchport-mode trunk --ctag-range 13 --anycast-ip 13:10.0.13.1/24 --vrf ten1vrf1 efa tenant epg create --name ten2epg2 --tenant tenant2 --po ten2po1,ten2po2 --switchport-mode trunk --ctag-range 23 --anycast-ip 23:10.0.23.1/24 --vrf ten2vrf1
efa tenant epg show +----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+ | Name | Tenant | Type | Ports | PO | SwitchPort | Native Vlan | Ctag Range | Vrf | L3Vni | State | | | | | | | Mode | Tagging | | | | | +----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+ | ten1epg1 | tenant1 | extension | | ten1po2 | trunk | false | 11 | sharedVrf | 31001 | | | | | | | ten1po1 | | | | | | | +----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+ | ten1epg2 | tenant1 | extension | | ten1po1 | trunk | false | 13 | ten1vrf1 | 11001 | | | | | | | ten1po2 | | | | | | | +----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+ | ten2epg1 | tenant2 | extension | | ten2po1 | trunk | false | 21 | sharedVrf | 31001 | | | | | | | ten2po2 | | | | | | | | | | | | | | | | | | | +----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+ | ten2epg2 | tenant2 | extension | | ten2po2 | trunk | false | 23 | ten2vrf1 | 21001 | | | | | | | ten2po1 | | | | | | | | | | | | | | | | | | | +----------+---------+-----------+-------+---------+------------+-------------+------------+-----------+-------+-------+
L3 Handoff Using EPG and BGP Peer Owned by Shared Tenant Using Shared VRF
- Endpoint Group (EPG) owned by
Shared Tenant handling off Shared
VRF
efa tenant epg create --name sharedTenepg1 --tenant sharedTenant --type l3-hand-off --po sharedPO --switchport-mode trunk --ctag-range 31 --vrf sharedVrf --local-ip 31,10.20.246.15:10.0.31.2/24 --local-ip 31,10.20.246.16:10.0.31.2/24 - BGP peer owned by Shared Tenant
handling off Shared
VRF
efa tenant service bgp peer create --name sharedTenbgppeer1 --tenant sharedTenant --ipv4-uc-nbr 10.20.246.15,sharedVrf:10.0.31.3,50000 --ipv4-uc-nbr 10.20.246.16,sharedVrf:10.0.31.3,50000
efa tenant epg show
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| Name | Tenant | Type | Ports | PO | SwitchPort | Native Vlan | Ctag Range | Vrf | L3Vni | State |
| | | | | | Mode | Tagging | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| sharedTenepg1 | sharedTenant | l3-hand-off | | sharedPO | trunk | false | 31 | sharedVrf | 31001 | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten1epg2 | tenant1 | extension | | ten1po2 | trunk | false | 13 | ten1vrf1 | 11001 | |
| | | | | ten1po1 | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten1epg3 | tenant1 | l3-hand-off | | sharedPO | trunk | false | 20 | ten1vrf1 | 11001 | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten1epg4 | tenant1 | l3-hand-off | | sharedPO | trunk | false | 19 | sharedVrf | 31001 | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten1epg1 | tenant1 | extension | | ten1po2 | trunk | false | 11 | sharedVrf | 31001 | |
| | | | | ten1po1 | | | | | | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten2epg3 | tenant2 | l3-hand-off | | sharedPO | trunk | false | 30 | ten2vrf1 | 21001 | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten2epg1 | tenant2 | extension | | ten2po2 | trunk | false | 21 | sharedVrf | 31001 | |
| | | | | ten2po1 | | | | | | |
| | | | | | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
| ten2epg2 | tenant2 | extension | | ten2po1 | trunk | false | 23 | ten2vrf1 | 21001 | |
| | | | | ten2po2 | | | | | | |
+---------------+--------------+-------------+-------+----------+------------+-------------+------------+-----------+-------+-------+
efa tenant service bgp peer show --detail
===========================================
Name : sharedTenbgppeer1
Tenant : sharedTenant
State : bs-state-created
Description :
Static Peer
-----------
Device IP : 10.20.246.15
VRF : sharedVrf
AFI : ipv4
SAFI : unicast
Remote IP : 10.0.31.3
Remote ASN : 50000
Next Hop Self : false
Update Source IP :
BFD Enabled : false
BFD Interval : 0
BFD Rx : 0
BFD Multiplier : 0
MD5 Password :
Dev State : provisioned
App State : cfg-in-sync
Device IP : 10.20.246.16
VRF : sharedVrf
AFI : ipv4
SAFI : unicast
Remote IP : 10.0.31.3
Remote ASN : 50000
Next Hop Self : false
Update Source IP :
BFD Enabled : false
BFD Interval : 0
BFD Rx : 0
BFD Multiplier : 0
MD5 Password :
Dev State : provisioned
App State : cfg-in-sync
Dynamic Peer
-----------
0 Records
===========================================