Aloha Habr. Ke hoʻomau nei au i ke ʻano o nā ʻatikala ma ka ʻenehana VxLAN EVPN, ʻo ia ua kākau ʻia no ka hoʻomaka ʻana o ka papa na OTUS. A i kēia lā e noʻonoʻo mākou i kahi ʻāpana hoihoi o nā hana - ke alahele. No ke ʻano o ke kani ʻana, akā naʻe, ma ke ʻano he hana o kahi hale hana pūnaewele, ʻaʻole maʻalahi nā mea a pau.
Ma ka ʻāpana hope, ua hoʻokō mākou i hoʻokahi kahua hoʻolaha i kūkulu ʻia ma luna o kahi lole pūnaewele ma kahi Nexus 9000v. Eia naʻe, ʻaʻole kēia ka ʻano hana holoʻokoʻa e pono e hoʻoholo ʻia i loko o ke kāʻei o ka pūnaewele kikowaena data. A i kēia lā e noʻonoʻo mākou i ka hana aʻe - ke ala ʻana ma waena o nā pūnaewele a i ʻole ma waena o nā VNI.
E hoʻomanaʻo wau e hoʻohana ʻia ka topology Spine-Leaf:
I ka hoʻomaka ʻana, e nānā mākou i ke ʻano o ke ala ala a me nā hiʻohiʻona i loaʻa iā ia.
No ka hoʻomaopopo ʻana, e hoʻomaʻamaʻa mākou i ke kiʻi loiloi a hoʻohui i kekahi VNI 20000 no Host-2. ʻO ka hopena:
Pehea, i kēia hihia, hiki iā ʻoe ke hoʻololi i ke kaʻa mai kahi Host i kekahi?
ʻElua nā koho:
- E mālama i ka ʻike e pili ana i nā VNI a pau ma nā hoʻololi Leaf āpau, a laila e hana ʻia nā alahele āpau ma ka Leaf mua ma ka pūnaewele;
- E hoʻohana i hoʻolaʻa - L3 VNI
ʻO ke ala mua he maʻalahi a maʻalahi. No ka mea pono ʻoe e hoʻomaka i nā VNI āpau ma nā hoʻololi Leaf āpau. Eia naʻe, ʻaʻole like me ka hana maʻalahi ka holo ʻana i kekahi mau haneli a mau tausani paha o VNI ma ka Leaf holoʻokoʻa. No laila, ma ka hana ua hoʻohana ʻole ʻia.
E nānā mākou i ke ʻano 2, ʻoi aku ka hoihoi a ʻoi aku ka paʻakikī, akā hāʻawi i ka maʻalahi i ka hoʻonohonoho ʻana i ka hale hana.
E hoʻohui i "PROD" i ka topology VRF. E hoʻohui kākou i ka vlan 10 iā ia ma ka hui Leaf-11/12 a me ka VLAN 20 ma ka Leaf-21. Hoʻopili ʻia ʻo VLAN 20 me VNI 20000
vrf context PROD
rd auto ! Route Distinguisher не принципиален и можем использовать сформированный автоматически
address-family ipv4 unicast
route-target both auto ! указываем Route-target с которым будут импортироваться и экспортироваться префиксы в/из VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayNo ka hoʻohana ʻana iā L3VNI, pono ʻoe e hana i kahi VLAN hou, e hui pū me ka VNI hou. Pono e like ka VNI hou ma nā Leafs makemake i ka ʻike VLAN 10 a me 20.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Создаем L3 VNI
vrf context PROD
vni 99000 ! Привязываем L3 VNI к определенному VRFʻO ka hopena, e like ke kiʻi me kēia:
Ke hoʻomau nei e hoʻopau i kahi liʻiliʻi - hoʻohui i hoʻokahi interface - interface vlan 99 ma VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! На интерфейсе не должно быть IP. Используется только для пересылки пакетов между LeafʻO ka hopena, ʻo ka loiloi o ka hoʻolilo ʻana i ke kiʻi mai Host-1 a i Host-2 penei:
- Hōʻea kahi kiʻi i hoʻouna ʻia e Host-1 ma kahi Leaf ma VLAN 10, i pili pū me VNI 10000;
- Nānā Leaf i kahi o ka helu wahi e hele ai a loaʻa iā ia ma o L3 VNI ma ka lua o ka hoʻololi Leaf;
- Ke ʻike ʻia ke ala i ka helu wahi e hele ai, hoʻopili ka Leaf i ke kiʻi i kahi poʻomanaʻo me ka L3VNI 99000 pono - a hoʻouna iā ia i ka Leaf lua;
- Loaʻa ka ʻikepili Leaf lua mai L3VNI 99000. Loaʻa i ke kiʻi kumu a hoʻololi iā ia i ka L2VNI 20000 pono a laila i VLAN 20.
Ma muli o kēia hana, wehe ʻo L3VNI i ka pono e mālama i ka ʻike e pili ana i nā VNI āpau ma ka pūnaewele ma nā hoʻololi Leaf āpau.
ʻO ka hopena, ke hoʻouna mākou i nā kaʻa mai Host-1 a i Host-2, ua hoʻopili ʻia ka ʻeke i loko o VxLAN me ka VNI hou - 99000:
E ʻike ʻia pehea e aʻo ai ʻo Leaf-1 e pili ana i ka helu MAC mai kekahi VNI. Hana pū kēia me ke kōkua o EVPN ala-ʻano 2 (MAC / IP).
Hōʻike kēia i ke kaʻina hana o ka hoʻolaha ʻana i kahi ala e pili ana i kahi prefix i loaʻa i kekahi VNI:
ʻO ia hoʻi, loaʻa nā helu wahi mai VNI 20000 i ʻelua RT.
E hoʻomanaʻo wau iā ʻoe e hāʻule nā ala i loaʻa mai Update i ka papa BGP me ke ala-ala i kuhikuhi ʻia i nā hoʻonohonoho VRF (ʻoi aku ka paʻakikī o ke kaʻina hana, akā ʻaʻole mākou e komo i kēia ʻatikala).
Hoʻokumu ʻia ka RT ponoʻī e ke ʻano: AS: VNI (inā hoʻohana ʻia ke ʻano maʻalahi).
ʻO kahi hiʻohiʻona o ka hoʻokumu ʻana o RT ma nā ʻano ʻokoʻa a me ka manual:
vrf context PROD
address-family ipv4 unicast
route-target import auto - автоматический режим работы
route-target export 65001:20000 - ручной режим формирования RTʻO ka hopena, hiki iā ʻoe ke ʻike ma luna o nā prefix mai kekahi VNI ʻelua mau waiwai RT.
ʻO kekahi o lākou 65001:99000 he L3 VNI hou. No ka mea ua like kēia VNI ma nā Leafs āpau a hāʻule i lalo o kā mākou mau lula hoʻokomo i nā hoʻonohonoho VRF, komo ka prefix i ka papa BGP, hiki ke ʻike ʻia mai ka hopena:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! Префикс полученный из VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iInā mākou e nānā pono i ka mea i loaʻa, hiki iā mākou ke ʻike he ʻelua RT kēia prefix:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! Два label для работы VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! Два значения Route-target, на основе, которых добавили данный префикс
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>Ma ka papa kuhikuhi ma ka Leaf-1, hiki iā ʻoe ke ʻike i ka prefix 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! Адрес Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! Доступный через Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Через VNI 99000E ʻike i ka nalo ʻana o ka prefix mua 192.168.20.0/24 i ka papa kuhikuhi?
Pololei, ʻaʻole ʻo ia ma laila. ʻO ia hoʻi, loaʻa nā Leafs mamao i ka ʻike e pili ana i nā pūʻali ma kāu pūnaewele. A ʻo kēia ke ʻano kūpono. Ma luna, i nā mea hou a pau, hiki iā ʻoe ke ʻike e hele mai ka ʻike me ka ʻike o MAC / IP. ʻAʻohe prefix e ʻōlelo ai.
ʻO kēia ka protocol Host Mobility Manager (HMM), e hoʻopiha ana i ka papa ARP kahi i hoʻopiha hou ʻia ai ka papa BGP (e haʻalele mākou i kēia kaʻina hana i loko o ke ʻano o kēia ʻatikala). Ma muli o ka ʻike i loaʻa mai ka HMM, ua hoʻokumu ʻia ka EVPN route-type 2 (i lawe ʻia e MAC / IP).
Eia naʻe, pehea inā pono e hāʻawi i ka ʻike e pili ana i kahi prefix?
No kēia ʻano ʻike, aia kahi ala ala EVPN-type 5 - hiki iā ʻoe ke hoʻouna i nā prefix ma o ka address-family l2vpn evpn (ʻo kēia ʻano ala i ka manawa o kēia kākau ʻana aia wale nō i ka mana kikoʻī. , ma muli o kēia, hiki i nā mea hana like ʻole ke ʻano like ʻole o kēia ʻano ala)
No ka hoʻololi ʻana i nā prefixes, pono e hoʻohui i nā prefix i ke kaʻina BGP no VRF, e hoʻolaha ʻia:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! В данном случае анонсируем префиксы подключение непосредственно к Leaf в VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Указываем какой использовать prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Указываем какие сети будут попадать в EVPN route-type 5ʻO ka hopena, ʻo ia ka mea hou:
E nana kakou i ka papa BGP. Ma waho aʻe o ka EVPN route-type 2,3, ua ʻike ʻia ke ʻano 5 ala i loaʻa ka ʻike e pili ana i ka helu pūnaewele:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 с номером префикса
10.255.1.10 0 100 0 ?
* i
<.......> Ua ʻike ʻia ka prefix ma ka papa kuhikuhi.
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Удаленный префикс, доступный через Leaf1/2(адрес Next-hop = virtual IP между парой VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! Префикс доступен через L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmHoʻopau kēia i ka ʻāpana ʻelua o nā ʻatikala ma VxLAN EVPN. Ma ka ʻāpana aʻe, e noʻonoʻo mākou i nā koho like ʻole no ke ala ʻana ma waena o nā VRF.
Source: www.habr.com