VLAN and inter-VLAN routing

Example model & SONiC version:

  • Aurora 615/715
  • Netberg SONiC: sonic-202012-nb-inno-211121

Create VLANs on the switch

Method 1

config vlan add [OPTIONS] <vid>

admin@sonic:~$ sudo config vlan add 10
admin@sonic:~$ sudo config vlan add 11

Add member interfaces to VLANs

config vlan member add [OPTIONS] <vid> port

admin@sonic:~$ sudo config vlan member add -u 10 Ethernet100
admin@sonic:~$ sudo config vlan member add -u 11 Ethernet104

The -u option means “untagged” vlan member.

If an interface is a router port (has an IP address assigned), it will result in an error:

admin@sonic:~$ sudo config vlan member add 10 Ethernet40
 Usage: config vlan member add [OPTIONS] <vid> port
 Try "config vlan member add -h" for help.
Error: Ethernet40 is a router interface!

In that case the IP address should be removed before joining.

Verify that VLANs are created:

admin@sonic:~$ show vlan brief
+-----------+--------------+-------------+----------------+-----------------------+-------------+
|   VLAN ID | IP Address   | Ports       | Port Tagging   | DHCP Helper Address   | Proxy ARP   |
+===========+==============+=============+================+=======================+=============+
|        10 |              | Ethernet100 | untagged       |                       | disabled    |
+-----------+--------------+-------------+----------------+-----------------------+-------------+
|        11 |              | Ethernet104 | untagged       |                       | disabled    |
+-----------+--------------+-------------+----------------+-----------------------+-------------+
admin@sonic:~$ show vlan config
Name      VID  Member       Mode
------  -----  -----------  --------
Vlan1       1  Ethernet100  tagged
Vlan2       2  Ethernet104  untagged

Note that the capital V – it’s the interface name and must start with a capital letter.

Enable or disable proxy ARP for a VLAN interface (optional):

admin@sonic:~$ sudo config vlan proxy_arp 1 enabled
This command will enable proxy ARP for the interface 'Vlan1'

Save the config

admin@sonic:~$ sudo config save -y

Check VLAN configuration from Linux perspective:

admin@sonic:~$ sudo bridge vlan
port    vlan ids
docker0  1 PVID Egress Untagged

Ethernet104      11 PVID Egress Untagged

Ethernet100      10 PVID Egress Untagged

Bridge   10
         11

dummy    1 PVID Egress Untagged

Method 2

Modify the VLAN hierarchy statements in the /etc/sonic/config_db.json file.

    "VLAN": {
        "Vlan1": {
            "vlanid": "10"
        },
        "Vlan2": {
            "vlanid": "11"
        }
    },
    "VLAN_MEMBER": {
        "Vlan10|Ethernet100": {
            "tagging_mode": "untagged"
        },
        "Vlan11|Ethernet104": {
            "tagging_mode": "untagged"
        }
    },

Inter-VLAN routing

A layer 3 interface that serves to route traffic from a switch on one VLAN to another switch on another VLAN is called a switch virtual interface.

Bridges can be part of a routing topology after being assigned an IP address. The IP address of the bridge is typically from the same subnet as the member hosts of the bridge. This enables hosts within the bridge to communicate with other hosts outside of the bridge through a switch virtual interface (SVI), which provides layer 3 routing.

Assign IP addresses to the VLANs on the switch – it’s necessary to route between the VLANs.

admin@sonic:~$ sudo config interface ip add Vlan10 192.168.10.1/24
admin@sonic:~$ sudo config interface ip add Vlan11 192.168.11.1/24

Check the result:

admin@sonic:~$ show vlan brief
+-----------+-----------------+-------------+----------------+-----------------------+-------------+
|   VLAN ID | IP Address      | Ports       | Port Tagging   | DHCP Helper Address   | Proxy ARP   |
+===========+=================+=============+================+=======================+=============+
|        10 | 192.168.10.1/24 | Ethernet100 | untagged       |                       | disabled    |
+-----------+-----------------+-------------+----------------+-----------------------+-------------+
|        11 | 192.168.11.1/24 | Ethernet104 | untagged       |                       | disabled    |
+-----------+-----------------+-------------+----------------+-----------------------+-------------+
admin@sonic:~$ show ip interfaces
Interface    Master    IPv4 address/mask    Admin/Oper    BGP Neighbor    Neighbor IP
-----------  --------  -------------------  ------------  --------------  -------------
Loopback0              10.1.0.1/32          up/up         N/A             N/A
Vlan10                 192.168.10.1/24      up/up         N/A             N/A
Vlan11                 192.168.11.1/24      up/up         N/A             N/A
docker0                240.127.1.1/24       up/down       N/A             N/A
eth0                   192.168.0.126/24     up/up         N/A             N/A
lo                     127.0.0.1/16         up/up         N/A             N/A

Check the routing table:

admin@sonic:~$ show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued, r - rejected, b - backup

K>* 0.0.0.0/0 [0/0] via 192.168.0.1, eth0, 00:46:57
C>* 10.1.0.1/32 is directly connected, Loopback0, 00:06:09
C>* 192.168.0.0/24 is directly connected, eth0, 00:46:57
C>* 192.168.10.0/24 is directly connected, Vlan10, 00:00:17
C>* 192.168.11.0/24 is directly connected, Vlan11, 00:00:17

As you can see, handling VLANs in SONiC is simple and effective.

Modify the VLAN hierarchy statements in the /etc/sonic/config_db.json file to achieve the same result.

    "VLAN": {
        "Vlan10": {
            "vlanid": "10"
        },
        "Vlan11": {
            "vlanid": "11"
        }
    },
    "VLAN_INTERFACE": {
        "Vlan10": {},
        "Vlan10|192.168.10.1/24": {},
        "Vlan11": {},
        "Vlan11|192.168.11.1/24": {}
    },
    "VLAN_MEMBER": {
        "Vlan10|Ethernet100": {
            "tagging_mode": "untagged"
        },
        "Vlan11|Ethernet104": {
            "tagging_mode": "untagged"
        }
    },

 

NEWS

Latest news

Netberg launches Aurora 810 platform for next-generation networks

Netberg announced the new Aurora 810 400G model programmable switch with Intel Tofino 2 Intelligent Fabric Processors (IFPs) at its heart. The new platform has 32x 400G QSFP-DD Ethernet ports and a 12.8Tbps switching capacity.

Fast Forward Initiative 2022.

Taipei, Taiwan, 24th of October 2022. Netberg participates in the new round of the Fast Forward Initiative by Intel (FFI'22). The program supports academic and research organizations today, aiming at accelerating tomorrow's best network programmability research.

Launch of SONiC distribution by Netberg.

Taipei, Taiwan 13th of July 2022. Netberg launches its hardened SONiC distribution for Intel Tofino and Marvell Teralynx platforms.

Official SONiC support for the Innovium Teralynx platforms.

Taipei, Taiwan 8th of November 2021. Netberg’s SONiC platform code for Aurora 715 and Aurora 615 Innovium Teralynx-based switches is accepted into the official GitHub repository.

Netberg introduces Innovium Teralynx-based platforms

Taipei, Taiwan 1st of June 2021. Netberg, a leading open networking vendor, announces two new Aurora 715 and Aurora 615 models - high-performance 25/100G switches for future-proof Cloud, Enterprise, and Edge data centers.

Netberg Launches Custom Networking Solutions

Taipei, Taiwan 17th of November 2020. Netberg announces new services - custom networking software and hardware development.

Address: 10F, No. 111-3, Xiyuan Road, Zhongli District, Taoyuan City, 320 Taiwan R.O.C.
Tel: + 886-3-2609203
Email: sales@netbergtw.com