Huawei Super VLAN

Posted on by

What is the Super VLAN ?

The SUPER VLAN concept of Huawei is to be able to divide an IP subnet into multiple broadcast domain that can or cannot talk between them. Physical interfaces cannot join a SUPER VLAN, only SVIs can aggregate multiple VLANs together.

Configuration of the SUPER VLAN

Topology

Let’s take a very simple topology :

image

Here we will have CLIENT1/CLIENT2 inside the VLAN 100 and CLIENT3/4 inside the VLAN 101. The IP subnet is 192.168.100.0/24, each client has his digit as IP host address.

All inter-switch links are trunks and all links to terminal are pure access links (no hybrid links).

Even if all clients are in the same IP space they cannot talk together at Layer 2.

From CLIENT1 to CLIENT2 ping is OK :

image

From CLIENT1 to CLIENT3 ping is NOK :

image

 

The configuration is as expected, the clients are in different broadcast domain so they cannot ARP each other which mean that they cannot communicate even if the are in the same IP space. Now let’s see the SUPER VLAN configuration :

Super VLAN configuration

First, be sure that the SUPER VLAN is not included in any physical interfaces and this includes trunks, you need to filter the SUPER VLAN from the trunks or an error message will be displayed.

The configuration of the SUPER VLAN can be broken into the following steps :

  1. Create the SUPER VLAN as a regular VLAN
  2. Enable the SUPER VLAN function with the aggregate-vlan command
  3. Tie the VLANs (also called sub-VLANs) with the SUPER VLAN using the access-vlan command
  4. Create the SVI for the SUPER VLAN ID
  5. Last but not least, enable ARP Proxy for inter-vlan communication

#

vlan 10

 aggregate-vlan

 access-vlan 100 to 101

#

interface Vlanif10

 ip address 192.168.100.254 255.255.255.0

 arp-proxy inter-sub-vlan-proxy enable

#

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 2 to 9 11 to 4094

#

interface GigabitEthernet0/0/4

 port link-type trunk

 port trunk allow-pass vlan 2 to 9 11 to 4094

#

There is no configuration to be done on the other switches, they will never be aware of the existence of the SUPER VLAN and they will only see regular VLANs like here VLAN 100 and VLAN 101.

image

Now CLIENT1 can ping CLIENT3 even if they are not in the same VLAN. How the ARP resolution is done ?

With the ARP proxying for the sub-VLAN activated on the SVI, the SVI will reply its MAC Address to ARP requests on behalf on the end system.

image

Conclusion

Now if you extend the concept you can have multiple sub VLAN inside one biggest IP Space (let’s say a /16), each VLAN can now have the same gateway and if you do not configure the ARP Proxy they will not be able to communicate together but they still will be reachable from the outside.

On a real life scenario, I’m not sure on how to push this in production. This is offering flexibility in some migration cases though !

Leave a Reply

Your email address will not be published. Required fields are marked *