Configuring Virtual Private LAN
Introduction
The Open vSwitch Database (OVSDB) control protocol is used to implement the Network Virtualization Controller (NVC) management and deployment of VTEP devices in the VXLAN network. AmpCon Virtual Private LAN function is an application of the OVSDB-VTEP function. As shown in Figure 1, Pica8 switches are used as the VTEP devices where OVSDB server lies, AmpCon Server acts as a network virtualization controller to manage the switch and deploy VXLAN.
Figure 1. AmpCon Virtual Private LAN Networking
Configuration Process
To deploy Virtual Private LAN function, you need to complete the relevant configurations on the Switch and AmpCon Server respectively to establish the OVSDB connection, which will be used for exchanging user-side access information and VXLAN tunnel global source address information.
The configuration process on Switch is shown in the following figure with complete relevant configurations to establish connection between OVSDB server and AmpCon controller.
Figure 2. Configuration Process on Switch
AmpCon Server acts as the Network Virtualization Controller (NVC), the configuration procedure is shown in the figure below.
Figure 3. Configuration Procedure on AmpCon Server
After completing all the configurations depicted above, the AmpCon controller can successfully set VTEP IP and VNI to the switches which act as VTEP devices, ensuring VTEP devices at each end of the same VXLAN VNI can communicate with each other over Layer 2.
Configuration Notes
- Before configuring Virtual Private LAN, the switches must be deployed or imported through a fixed deployment/import sequence on AmpCon Server.
- PTCP protocol is used to establish connection between AmpCon Server and OVSDB server. Therefore, the OVSDB connection protocol on the switch should be configured as PTCP.
Example for Configuring Virtual Private LAN
Networking Requirements
Figure 4.  Topology of Configuring Virtual Private LAN
As shown in Figure 4, an enterprise has its tenants in different data centers. In order to achieve communication between the same tenant in different data centers across the three-layer network, complete the following configurations on the switch:
- Deploy MLAG on Spine A and Spine B so that Leaf 1 and Leaf 2 can be dual-homed to the network. Similarly, deploy MLAG on Spine C and Spine D so that Leaf 3 and Leaf 4 can be dual-homed to the network.
- Deploy VXLAN function on Spine A and Spine B, both as VTEP 1, with the source IP of 10.10.10.1. Similarly, deploy VXLAN on Spine C and Spine D, both as VTEP2, with the source IP of 20.20.20.1.
- Deploy an AmpCon Server in the network to act as a network virtualization controller, with the IP address 10.10.53.109, and enable OVSDB management function on each Spine node.
The configurations on the AmpCon server will be delivered to the switches to establish a VXLAN tunnel between VTEP1 and VTEP2 and achieve Layer 2 communication over Layer 3 network between different VTEPs through VXLAN.
It will also ensure that user's access traffic will not be interrupted when tenants migrate between sites.
Configuration Procedure
Switch Configuration
Follow the configuration procedure described in Configuration Process to complete the configurations on Spine devices and Leaf devices.
SpineA
MLAG Configurations
set interface aggregate-ethernet ae3 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae3 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae3 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 500 set interface aggregate-ethernet ae48 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae48 family ethernet-switching native-vlan-id 4088 set interface aggregate-ethernet ae48 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae48 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 500 set interface aggregate-ethernet ae8 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae8 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae8 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 500 set interface gigabit-ethernet te-1/1/3 ether-options 802.3ad "ae3" set interface gigabit-ethernet te-1/1/8 ether-options 802.3ad "ae8" set interface gigabit-ethernet xe-1/1/1 ether-options 802.3ad "ae48" set interface gigabit-ethernet xe-1/1/2 ether-options 802.3ad "ae48" set protocols mlag domain 255 node 0 set protocols mlag domain 255 peer-ip 192.168.2.2 peer-link "ae48" set protocols mlag domain 255 peer-ip 192.168.2.2 peer-vlan 4088 set protocols mlag domain 255 interface ae3 link 3 set protocols mlag domain 255 interface ae8 link 8 set vlans vlan-id 100 set vlans vlan-id 200 set vlans vlan-id 300 set vlans vlan-id 400 set vlans vlan-id 500 set vlans vlan-id 4088 l3-interface "vlan4088" set l3-interface vlan-interface vlan4088 address 192.168.2.1 prefix-length 24 |
VXLAN Configurations
set vxlans ovsdb-managed true set vlan-interface loopback address 10.10.10.1 prefix-length 32 set vxlans source-interface loopback address 10.10.10.1 set protocols ovsdb controller 10.10.53.109 protocol "ptcp" set protocols ovsdb controller 10.10.53.109 port 6640 set protocols ovsdb interface ae3 set protocols ovsdb interface ae8 set ip routing enable true |
SpineB
MLAG Configurations
set interface aggregate-ethernet ae3 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae3 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae3 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 500 set interface aggregate-ethernet ae48 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae48 family ethernet-switching native-vlan-id 4088 set interface aggregate-ethernet ae48 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae48 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 500 set interface aggregate-ethernet ae8 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae8 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae8 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 500 set interface gigabit-ethernet te-1/1/3 ether-options 802.3ad "ae3" set interface gigabit-ethernet te-1/1/8 ether-options 802.3ad "ae8" set interface gigabit-ethernet xe-1/1/1 ether-options 802.3ad "ae48" set interface gigabit-ethernet xe-1/1/2 ether-options 802.3ad "ae48" set protocols mlag domain 255 node 1 set protocols mlag domain 255 peer-ip 192.168.2.1 peer-link "ae48" set protocols mlag domain 255 peer-ip 192.168.2.1 peer-vlan 4088 set protocols mlag domain 255 interface ae3 link 3 set protocols mlag domain 255 interface ae8 link 8 set vlans vlan-id 100 set vlans vlan-id 200 set vlans vlan-id 300 set vlans vlan-id 400 set vlans vlan-id 500 set vlans vlan-id 4088 l3-interface "vlan4088" set l3-interface vlan-interface vlan4088 address 192.168.2.2 prefix-length 24 |
VXLAN Configurations
set vxlans ovsdb-managed true set vlan-interface loopback address 10.10.10.1 prefix-length 32 set vxlans source-interface loopback address 10.10.10.1 set protocols ovsdb controller 10.10.53.109 protocol "ptcp" set protocols ovsdb controller 10.10.53.109 port 6640 set protocols ovsdb interface ae3 set protocols ovsdb interface ae8 set ip routing enable true |
SpineC
MLAG Configurations
set interface aggregate-ethernet ae3 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae3 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae3 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 500 set interface aggregate-ethernet ae48 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae48 family ethernet-switching native-vlan-id 4094 set interface aggregate-ethernet ae48 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae48 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 500 set interface aggregate-ethernet ae8 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae8 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae8 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 500 set interface gigabit-ethernet te-1/1/3 ether-options 802.3ad "ae3" set interface gigabit-ethernet te-1/1/8 ether-options 802.3ad "ae8" set interface gigabit-ethernet xe-1/1/1 ether-options 802.3ad "ae48" set interface gigabit-ethernet xe-1/1/2 ether-options 802.3ad "ae48" set protocols mlag domain 255 node 0 set protocols mlag domain 255 peer-ip 192.168.2.2 peer-link "ae48" set protocols mlag domain 255 peer-ip 192.168.2.2 peer-vlan 4094 set protocols mlag domain 255 interface ae3 link 3 set protocols mlag domain 255 interface ae8 link 8 set vlans vlan-id 100 set vlans vlan-id 200 set vlans vlan-id 300 set vlans vlan-id 400 set vlans vlan-id 500 set vlans vlan-id 4094 l3-interface "vlan4094" set l3-interface vlan-interface vlan4094 address 192.168.2.1 prefix-length 24 |
VXLAN Configurations
set vxlans ovsdb-managed true set vlan-interface loopback address 20.20.20.1 prefix-length 32 set vxlans source-interface loopback address 20.20.20.1 set protocols ovsdb controller 10.10.53.109 protocol "ptcp" set protocols ovsdb controller 10.10.53.109 port 6640 set protocols ovsdb interface ae3 set protocols ovsdb interface ae8 set ip routing enable true |
SpineD
MLAG Configurations
set interface aggregate-ethernet ae3 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae3 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae3 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae3 family ethernet-switching vlan members 500 set interface aggregate-ethernet ae48 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae48 family ethernet-switching native-vlan-id 4094 set interface aggregate-ethernet ae48 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae48 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae48 family ethernet-switching vlan members 500 set interface aggregate-ethernet ae8 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae8 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae8 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae8 family ethernet-switching vlan members 500 set interface gigabit-ethernet te-1/1/3 ether-options 802.3ad "ae3" set interface gigabit-ethernet te-1/1/8 ether-options 802.3ad "ae8" set interface gigabit-ethernet xe-1/1/1 ether-options 802.3ad "ae48" set interface gigabit-ethernet xe-1/1/2 ether-options 802.3ad "ae48" set protocols mlag domain 255 node 1 set protocols mlag domain 255 peer-ip 192.168.2.1 peer-link "ae48" set protocols mlag domain 255 peer-ip 192.168.2.1 peer-vlan 4094 set protocols mlag domain 255 interface ae3 link 3 set protocols mlag domain 255 interface ae8 link 8 set vlans vlan-id 100 set vlans vlan-id 200 set vlans vlan-id 300 set vlans vlan-id 400 set vlans vlan-id 500 set vlans vlan-id 4094 l3-interface "vlan4094" set l3-interface vlan-interface vlan4094 address 192.168.2.2 prefix-length 24 |
VXLAN Configurations
set vxlans ovsdb-managed true set vlan-interface loopback address 20.20.20.1 prefix-length 32 set vxlans source-interface loopback address 20.20.20.1 set protocols ovsdb controller 10.10.53.109 protocol "ptcp" set protocols ovsdb controller 10.10.53.109 port 6640 set protocols ovsdb interface ae3 set protocols ovsdb interface ae8 set ip routing enable true |
Leaf1
set interface aggregate-ethernet ae1 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae1 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae1 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 200 untagged set interface aggregate-ethernet ae1 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 500 set interface gigabit-ethernet te-1/1/1 ether-options 802.3ad "ae1" set interface gigabit-ethernet te-1/1/2 ether-options 802.3ad "ae1" set system hostname "leaf1" set vlans vlan-id 100 set vlans vlan-id 200 set vlans vlan-id 300 set vlans vlan-id 400 set vlans vlan-id 500 |
Leaf2
set interface aggregate-ethernet ae1 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae1 family ethernet-switching native-vlan-id 200 set interface aggregate-ethernet ae1 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae1 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 500 set interface gigabit-ethernet te-1/1/1 ether-options 802.3ad "ae1" set interface gigabit-ethernet te-1/1/2 ether-options 802.3ad "ae1" set system hostname "leaf2" set vlans vlan-id 100 set vlans vlan-id 200 set vlans vlan-id 300 set vlans vlan-id 400 set vlans vlan-id 500 |
Leaf3
set interface aggregate-ethernet ae1 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae1 family ethernet-switching native-vlan-id 200 set interface aggregate-ethernet ae1 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae1 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 500 set interface gigabit-ethernet te-1/1/1 ether-options 802.3ad "ae1" set interface gigabit-ethernet te-1/1/2 ether-options 802.3ad "ae1" set system hostname "leaf3" set vlans vlan-id 100 set vlans vlan-id 200 set vlans vlan-id 300 set vlans vlan-id 400 set vlans vlan-id 500 |
Leaf4
set interface aggregate-ethernet ae1 aggregated-ether-options lacp enable true set interface aggregate-ethernet ae1 family ethernet-switching native-vlan-id 200 set interface aggregate-ethernet ae1 family ethernet-switching port-mode "trunk" set interface aggregate-ethernet ae1 family ethernet-switching vlan members 100 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 200 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 300 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 400 set interface aggregate-ethernet ae1 family ethernet-switching vlan members 500 set interface gigabit-ethernet te-1/1/1 ether-options 802.3ad "ae1" set interface gigabit-ethernet te-1/1/2 ether-options 802.3ad "ae1" set system hostname "leaf4" set vlans vlan-id 100 set vlans vlan-id 200 set vlans vlan-id 300 set vlans vlan-id 400 set vlans vlan-id 500 |
Configuring AmpCon Server for Virtual Private LAN
Step 1Â Â Â Â Select SDN Applications > Virtual Private LAN to enter Virtual Private LAN interface.
Step 2Â Â Â Â Add the deployed switches (the spine switches) to SDN.
  a) Click vtep_tab1 tab, click the green part of the icon 
 , it will display the list of VTEP switches that can be added to SDN.
  b) Click the "Enable SDN" button in the Operation column of Spine A switch, Click Yes in the pop-up Are you sure? dialog box to add Spine A to AmpCon's SDN management.
  
  c) Repeat step b) to add Spine B, Spine C and Spine D to AmpCon's SDN management.
      
Step 3Â Â Â Â Create VLANs for access devices.
  a) Click the button 
on the Virtual Private LAN interface, add new VLANs in the pop-up Edit VLANs dialog box.
  
 The parameter descriptions are shown in the following table when adding the VLAN.
Parameter | Description |
VLAN-ID | Specifies the VLAN ID. The value is an integer that ranges from 1 to 4094. |
VLAN Name | Optional. Specifies the VLAN name. The value is a string. |
 b) Click "Create VLAN" button, then click Yes in the Are you sure? dialog box to complete the configuration.
 c) Repeat step b) to complete the creation of VLAN100, VLAN200, VLAN300, VLAN400 and VLAN500.
 When a new VLAN is created, AmpCon controller will automatically create a new VNI based on the VLAN ID.
Step 4Â Â Â Â Apply the VLANs to VXLAN.
  a) Click the button 
, it will pop up an Are you sure? dialog box.
  
  b) Click Yes in the Are you sure? dialog box to add the VLAN to VXLAN switches.
  c) Repeat steps a) and b) to add all VLANs to VXLAN switches.
After applying all the VLANs to VXLAN switches, AmpCon server will automatically finish setting VTEP IP successfully for each VTEP devices by exchanging information with the spine switches.
Verify the Configurations
- Check VXLAN tunnel information on each spine switch.
      
      
- All spine devices can communicate with each other.
- Devices of the same tenant in different data centers can communicate across the Layer 3 network.
Copyright © 2024 Pica8 Inc. All Rights Reserved.