Logical Isolation Design

Enterprise

Worldwide

Huawei Global - English

- South Africa - English
- Morocco - English
- Brazil - Português
- Mexico - Español
- United Arab Emirates - English
- Saudi Arabia - English
- Australia - English
- China - 简体中文
- Hong Kong, China - English
- India - English
- Japan - 日本語
- South Korea- English
- Kazakhstan - русский
- Malaysia - English
- Singapore - English
- Indonesia - English
- Thailand - English
- Philippines - English
- Austria - Deutsch
- Czech - English
- France - Français
- Germany - Deutsch
- Greece - English
- Hungary- English
- Italy - Italiano
- Poland - English
- Sweden - English
- Russia - русский
- Spain - Español
- Turkey - Türkçe
- United Kingdom - English
- Ukraine - English

Menu
Products and Services
Industries
Technical Support
Partners
Community

Most people search for
Switches Routers Servers Storage Data Center Energy Cloud Computing

CloudEngine 12800, 12800E, 8800, 7800, 6800, and 5800 Series Switches VXLAN Best Practices

Rate and give feedback:

Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).

Logical Isolation Design

VXLAN technology is used to build virtual networks on the same physical network and uses VRF technology to isolate access on the physical network. The entire network is divided into three logical planes through VRFs: service, storage, and management planes. By default, the three planes do not interwork. If the three planes need to interwork, static routes can be configured or VRF routes can be imported by configuring RTs.

Storage VRF: transmits storage traffic such as NAS mirroring traffic and traffic of file sharing.
Service VRF: transmits service traffic of service servers.
Management VRF: transmits management traffic of VMs and hosts, for example, traffic of SSH login, backup, and VM creation and migration.

Besides the three logical planes, a management network needs to be configured. The management network can use out-of-band or in-band management.

In-band management: Service interfaces of devices are used for device management. However, device login may be affected when faults occur on the service network.
(Recommended) Out-of-band management: The specified management interface of a device is used for device management. In this mode, the management and control are separate.
Out-of-band management is used as an example. The management VLAN ID is VLAN 20, and network devices in out-of-band management mode include switches, firewalls, and LBs. The management interfaces of network devices are connected to management switches, and management interfaces of switches are configured based on the planned management addresses, facilitating remote login. For details on how to configure management interfaces and perform login configurations of NEs, see corresponding product documentation.

Translation

简体中文

Download

Updated: 2021-10-22

Document ID: EDOC1100004176

Downloads: 1507

Average rating:

This Document Applies to these Products

Related Version

Digital Signature File

Digital Signature Authentication Mode

Related Version

Related Documents

Digital Signature File