Hello everyone! My name is Mateo. I'm a software developer and network engineer from Argentina.
At my company, we use a wide variety of technical solutions: open-source software, proprietary solutions, and many others. While there are many useful software product manuals available, official documentation does not always cover solving complex problems and corner cases. So I will be preparing useful articles and sharing my own experience in this field on my blog.
For now, I have chosen to focus on the products offered by ISPsystem: VMmanager and DCImanager. This article covers the flat networks workflow. I hope you enjoy reading and find the information useful!
If your infrastructure includes both VMs and physical servers, you may one day find that you need to connect them to the single network. L3 connectivity is not always the answer. And sometimes, you need to combine services into an L2 network.
For example, you have a platform installed on a virtual machine to manage your physical IT infrastructure. If all your hardware is located in one site and you have access to network equipment, you can solve the problem by configuring VLANs on switch ports and in the hypervisor.
But what if the servers and VMs are geographically distributed, and you don't have access to switches and routers in the data center? So, you will need to configure L2VPN between the sites.
Here's how you can solve this problem.
How it works
We’ll use VxLAN tunnels and the BGP EVPN dynamic routing protocol to connect two networks.
If you already have VMmanager, turn on the "Virtual Networks" technology for your cluster. VMmanager will set up the BGP FRR daemon on the cluster nodes and create VxLAN tunnels.
Here’s an example.
Let's assume we have a Juniper QFX5100 physical switch with VxLAN and BGP EVPN support. Let's connect a physical server to port xe-0/0/1.
VMmanager cluster consists of two nodes connected to a switch. Node 1 hosts a virtual machine that is connected to a virtual network. A physical server located at another site is connected to the Juniper QFX switch via port XE-0/0/1. A routable network is configured between the QFX switch and nodes 1 and 2.
The setup process
Configure the switch
Connect the QFX to the routable network so that the address on the lo0.0 interface is accessible from the VMmanager cluster nodes (in our example, this is 10.3.0.47).
Select the AS number to use. In this example it is 62200:
routing-options {
router-id 10.3.0.47;
autonomous-system 62200;
}
- Configure VTEP:
switch-options {
vtep-source-interface lo0.0;
route-distinguisher 10.3.0.47:1;
vrf-target target:62200:1;
}
- Configure BGP and specify all nodes of your VMmanager cluster as neighbors:
protocols {
bgp {
group VMmanager {
type internal;
local-address 10.3.0.47;
family evpn {
signaling;
}
peer-as 62200;
neighbor 172.31.33.2 {
cluster 10.3.0.47;
}
neighbor 172.31.33.3 {
cluster 10.3.0.47;
}
}
}
Set up VMmanager
- In the cluster settings, turn on "Virtual Networks" and switch to Route Reflector mode.
- Set the local autonomous system to 62200.
- Add QFX 10.3.0.47 with autonomous system 62200 to the neighbors.
Let’s assume that johndoe@ispsystem.net is our default VMmanager user. Log in to the administrator user account and do the following:
- Create a new virtual network: 192.168.10.0/24.
- Create a new virtual machine in this virtual network.
After creating the VM, go to the “Network Settings” section and copy the VxLAN number. In our example, the interface is connected to vxbr1194142, which means that our VNI will be 1194142.
Return to the QFX configuration
- Add the EVPN protocol settings:
protocols {
evpn {
vni-options {
vni 1194142 {
vrf-target target:62200:1194142;
}
}
encapsulation vxlan;
multicast-mode ingress-replication;
extended-vni-list all;
}
}
Please note: it is crucial to specify vrf-target = target:ASN:VNI, otherwise the routes will not be established and there will be no connectivity.
- Create a VLAN:
vlans {
test {
vlan-id 100;
vxlan {
vni 1194142;
ingress-node-replication;
}
}
}
- Connect the following port to this VLAN:
interfaces {
xe-0/0/1 {
ether-options {
auto-negotiation;
}
unit 0 {
family ethernet-switching {
interface-mode access;
vlan {
members test;
}
}
}
}
}
Done! Now the VM you created and the server are on the same flat network.
Troubleshooting
Let's check the connection on our server:
root> show evpn database
Instance: default-switch
VLAN DomainId MAC address Active source Timestamp IP address
1194142 00:1e:67:ca:6d:a9 xe-0/0/1.0 Mar 12 15:44:40 192.168.13.3
1194142 52:54:00:6b:33:a6 172.31.33.2 Mar 12 14:12:26
Also, let's check the connection on the VM Manager node. Run the vtysh command:
show evpn mac vni 1194142
Number of MACs (local and remote) known for this VNI: 2
Flags: N=sync-neighs, I=local-inactive, P=peer-active, X=peer-proxy
MAC Type Flags Intf/Remote ES/VTEP VLAN Seq #'s
00:1e:67:ca:6d:a9 remote 10.3.0.47 0/0
52:54:00:6b:33:a6 local vm13706_vxlan0 0/0
Other servers can be added to this network by simply assigning the VLAN to the appropriate port. In addition, we can create more virtual machines for the user in this VxLAN. They will all be inside the virtual network.
The result
We combined virtual machines and physical servers in different locations into a flat, non-routable L2 network. Now, we can manage physical servers through DCImanager or deploy a private network between virtual and physical servers to complete other tasks.
The most important feature of this approach is that it does not involve routing. With VxLAN, traffic is encapsulated and appears to external routers as UDP traffic between two points.
I hope this mini-tutorial was helpful and saved you some time. I plan to publish new tutorials on my blog, so stay tuned for updates and subscribe!
Top comments (0)