In a data center there
are often instances when you want to merge separate Layer 2 domains. For
example, you might have two data centers that are connected via some form of
Data Center Interconnect (DCI) such as Overlay Transport Virtualization (OTV).
Both data centers might have an engineering group that has its own VLAN in each
data center. Due to differences such as different administrators, the VLAN
number might be different in each data center. Once the two data centers are
connected via DCI, it makes sense that all engineering traffic should be
visible in both data centers. In complex installations reconfiguration is not
worth the collateral damage reconfiguration can cause. This is a scenario where
VLAN translation would be useful to merge the two Layer 2 domains without
actually changing their VLAN number.
describes the functionality of the VLAN translation feature on NX-OS and its
interaction with other features on the Cisco Nexus device. The following
diagram shows a possible datacenter application for VLAN translation.
Figure 2. DC VLAN
The first datacenter
on the left has an engineering VLAN with number 100 and a marketing VLAN with
number 200. The second datacenter on the right has an engineering VLAN with
number 101 and a marketing VLAN with number 201. For the engineering machines
in the second datacenter to see data from the engineering machines in the first
datacenter, the core Cisco Nexus device in the second datacenter must translate
the VLAN ID in the ingress packets on the trunk port from the ingress VLAN 100
to the local VLAN 101. The local VLAN tag is a function of the port on which
the traffic arrives and the ingress VLAN tag on which it arrives. Upon egress
from the trunk port, the reverse translation must be to convert VLAN 101 to
For example, VLAN
translation can be enabled on a port such that packets with ingress VLANs
V1,V2…V10 are mapped to local VLANs V101, V102,…,V110, the packets coming in to
the second network are tagged as follows:
V1, V2, V10 map to
V101, V102, V110 respectively (Packets are single tagged and tag is a function
of ingress VLAN tag and port).
For a given port,
there is a strict one-to-one mapping of the ingress VLAN to local VLAN and more
than one ingress VLAN is not allowed to map to the same local VLAN.