Solved

VRF limits


Hi,

we are designing our new datacenter and will probably use Cumulus Linux. As the datacenter used by multiple tenants (up to 500), we would like to use the VRF feature for secure network separation.

In the Cumulus documentation I've read, that there is a limitation of 64 VRF-Instances per switch. On some slides I've read that the limit depends on hardware capabilities.

Does someone know the definitive limit for Tomahawk based switches (esp. the Edgecore AS7712-32X)?

If the limit really is 64 VRF-Instances, are there any other suggestions to separate the networks?

Thanks,
Christian
icon

Best answer by Attilla 23 September 2018, 19:47

Hi CHB,

We have increased the number to 256 in the latest release. I'll notify our documentation team to update the documentation.

This however will still not be enough if you need 500. Perhaps we can help you with the design or a workaround. Could you explain how you are running into the limitations on a single box and can you provide more details on the design?

Best regards,
Attilla

View original

4 replies

Hi CHB,

We have increased the number to 256 in the latest release. I'll notify our documentation team to update the documentation.

This however will still not be enough if you need 500. Perhaps we can help you with the design or a workaround. Could you explain how you are running into the limitations on a single box and can you provide more details on the design?

Best regards,
Attilla
Hi Attilla,

256 should be enough to give us a start.

We probably won't need all instances on a single box. But our intent was to simplify the configuration deployment in our setup and we wanted to have all leafs the same base config. (Regardless of the VRF instance really being used on the box).

At some later point we can add the logic to configure VRF instances on demand.

Thanks for the quick answer.

Best regards,
Christian
Good to hear this will help you for now.

In general though it is not recommended to configure everything everywhere. I assume that you will use the VRFs in combination with EVPN-VxLAN and will use the same concept for VNIs. These also have scalability limitations of their own.

I would recommend to look at a DevOps tool like Ansible to provision your configuration dynamically.

Best regards,
Attilla
Userlevel 3
Thanks for answering here @Attilla. I just verified with engineering that the actual number of supported VRFs is 255 on 3.7.0, not 256. Note the slight difference, @chb. I updated the VRF doc just now to reflect this.

Reply