Nyob zoo, habr. Tam sim no kuv yog tus thawj coj hauv chav kawm rau Network Engineer chav kawm ntawm OTUS.
Nyob rau hauv kev cia siab ntawm qhov pib ntawm qhov kev tso npe tshiab rau chav kawm , Kuv tau npaj cov kab lus ntawm VxLAN EVPN thev naus laus zis.
Muaj ntau cov ntaub ntawv hais txog yuav ua li cas VxLAN EVPN ua haujlwm, yog li kuv xav sau ntau yam haujlwm thiab kev coj ua los daws cov teeb meem hauv cov ntaub ntawv niaj hnub no.
Hauv thawj ntu ntawm cov koob ntawm VxLAN EVPN thev naus laus zis, Kuv xav saib txoj hauv kev los npaj L2 kev sib txuas ntawm cov tswv nyob rau sab saum toj ntawm lub network ntaub.
Tag nrho cov piv txwv yuav ua rau Cisco Nexus 9000v, sib sau ua ke hauv Spine-Leaf topology. Peb yuav tsis nyob ntawm kev teeb tsa Underlay network hauv kab lus no.
- Hauv qab network
- BGP peering rau chaw nyob-tsev neeg l2vpn evpn
- Kev teeb tsa NVE
- Npog-arp
Hauv qab network
Lub topology siv yog raws li nram no:
Cia peb teeb qhov chaw nyob ntawm txhua yam khoom siv:
Spine-1 - 10.255.1.101
Spine-2 - 10.255.1.102
Leaf-11 - 10.255.1.11
Leaf-12 - 10.255.1.12
Leaf-21 - 10.255.1.21
Host-1 - 192.168.10.10
Host-2 - 192.168.10.20Cia peb txheeb xyuas tias muaj kev sib txuas IP ntawm txhua yam khoom siv:
Leaf21# sh ip route
<........>
10.255.1.11/32, ubest/mbest: 2/0 ! Leaf-11 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 2/0 ! Leaf-12 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.21/32, ubest/mbest: 2/0, attached
*via 10.255.1.22, Lo0, [0/0], 00:02:20, local
*via 10.255.1.22, Lo0, [0/0], 00:02:20, direct
10.255.1.101/32, ubest/mbest: 1/0
*via 10.255.1.101, Eth1/4, [110/41], 00:00:06, ospf-UNDERLAY, intra
10.255.1.102/32, ubest/mbest: 1/0
*via 10.255.1.102, Eth1/3, [110/41], 00:00:03, ospf-UNDERLAY, intraCia peb kuaj xyuas tias VPC sau tau raug tsim thiab ob qho kev hloov pauv tau dhau los ntawm kev txheeb xyuas qhov sib xws thiab cov chaw ntawm ob lub nodes zoo ib yam:
Leaf11# show vpc
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
5 Po5 up success success 1BGP kev sib tw
Thaum kawg, koj tuaj yeem txav mus rau qhov teeb tsa Overlay network.
Raws li ib feem ntawm tsab xov xwm, nws yog ib qho tsim nyog los npaj lub network ntawm cov tswv, raws li qhia hauv daim duab hauv qab no:
Txhawm rau teeb tsa lub Overlay network, koj yuav tsum tau ua kom BGP ntawm tus nqaj qaum thiab nplooj hloov nrog kev txhawb nqa rau l2vpn evpn tsev neeg:
feature bgp
nv overlay evpnTom ntej no, koj yuav tsum tau teeb tsa BGP peering ntawm nplooj thiab qaum. Txhawm rau kom yooj yim teeb tsa thiab ua kom zoo tshaj qhov kev faib tawm cov ntaub ntawv routing, peb teeb tsa Spine raws li Route-Reflector server. Peb yuav sau tag nrho Nplooj hauv qhov kev teeb tsa siv cov qauv los ua kom zoo rau kev teeb tsa.
Yog li cov chaw ntawm Spine zoo li no:
router bgp 65001
template peer LEAF
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.255.1.11
inherit peer LEAF
neighbor 10.255.1.12
inherit peer LEAF
neighbor 10.255.1.21
inherit peer LEAFKev teeb tsa ntawm Leaf hloov zoo ib yam:
router bgp 65001
template peer SPINE
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.255.1.101
inherit peer SPINE
neighbor 10.255.1.102
inherit peer SPINENtawm Kab laug sab, cia peb tshawb xyuas peering nrog tag nrho cov nplooj hloov pauv:
Spine1# sh bgp l2vpn evpn summary
<.....>
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.1.11 4 65001 7 8 6 0 0 00:01:45 0
10.255.1.12 4 65001 7 7 6 0 0 00:01:16 0
10.255.1.21 4 65001 7 7 6 0 0 00:01:01 0Raws li koj tau pom, tsis muaj teeb meem nrog BGP. Cia peb mus rau kev teeb tsa VxLAN. Ntxiv configuration yuav ua tau tsuas yog nyob rau nplooj nplooj ntawm cov keyboards. Tus txha caj qaum tsuas yog ua raws li lub hauv paus ntawm lub network thiab tsuas yog koom nrog hauv kev sib kis. Tag nrho cov encapsulation thiab txoj kev txiav txim siab ua hauj lwm tshwm sim tsuas yog nyob rau nplooj hloov.
Kev teeb tsa NVE
NVE - network virtual interface
Ua ntej pib qhov teeb tsa, cia peb qhia qee cov lus siv:
VTEP - Vitual Tunnel End Point, lub cuab yeej uas VxLAN qhov pib pib lossis xaus. VTEP tsis yog ib qho khoom siv network. Ib tus neeg rau zaub mov txhawb nqa VxLAN thev naus laus zis tuaj yeem ua tus neeg rau zaub mov. Hauv peb qhov topology, tag nrho cov nplooj hloov pauv yog VTEP.
VNI - Virtual Network Index - network identifier hauv VxLAN. Ib qho piv txwv tuaj yeem kos nrog VLAN. Txawm li cas los xij, muaj qee qhov sib txawv. Thaum siv cov ntaub, VLANs ua qhov tshwj xeeb hauv ib nplooj ntawv hloov thiab tsis kis mus thoob lub network. Tab sis txhua tus VLAN tuaj yeem muaj tus lej VNI cuam tshuam nrog nws, uas twb tau kis thoob lub network. Nws zoo li cas thiab yuav siv tau li cas yuav tau tham ntxiv.
Cia peb ua kom muaj qhov tshwj xeeb rau VxLAN thev naus laus zis ua haujlwm thiab muaj peev xwm los koom nrog VLAN tus lej nrog tus lej VNI:
feature nv overlay
feature vn-segment-vlan-basedCia peb teeb tsa NVE interface, uas yog lub luag haujlwm rau kev ua haujlwm ntawm VxLAN. Qhov no interface yog lub luag haujlwm rau encapsulating thav duab hauv VxLAN headers. Koj tuaj yeem kos ib qho piv txwv nrog Tunnel interface rau GRE:
interface nve1
no shutdown
host-reachability protocol bgp ! ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGP Π΄Π»Ρ ΠΏΠ΅ΡΠ΅Π΄Π°ΡΠΈ ΠΌΠ°ΡΡΡΡΡΠ½ΠΎΠΉ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ
source-interface loopback0 ! ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ Ρ ΠΊΠΎΡΠΎΡΠΎΠ³ΠΎ ΠΎΡΠΏΡΠ°Π²Π»ΡΠ΅ΠΌ ΠΏΠ°ΠΊΠ΅ΡΡ loopback0Ntawm nplooj-21 hloov txhua yam yog tsim yam tsis muaj teeb meem. Txawm li cas los xij, yog tias peb txheeb xyuas cov zis ntawm cov lus txib show nve peers, ces nws yuav npliag. Ntawm no koj yuav tsum rov qab mus rau VPC configuration. Peb pom tias Nplooj-11 thiab Nplooj-12 ua haujlwm ua khub thiab koom ua ke los ntawm VPC domain. Qhov no muab peb cov xwm txheej hauv qab no:
Host-2 xa ib thav duab ntawm nplooj-21 kom nws xa nws hla lub network ntawm Host-1. Txawm li cas los xij, Leaf-21 pom tias MAC chaw nyob ntawm Host-1 tuaj yeem nkag tau los ntawm ob VTEPs ib zaug. Leaf-21 yuav tsum ua li cas rau qhov no? Tom qab tag nrho, qhov no txhais tau hais tias lub voj tuaj yeem tshwm sim hauv lub network.
Txhawm rau daws qhov teeb meem no, peb xav tau Leaf-11 thiab Leaf-12 los ua ib qho khoom siv hauv lub hoobkas. Txoj kev daws yog yooj yim heev. Ntawm Loopback interface uas peb tsim lub qhov, ntxiv qhov chaw nyob thib ob. Qhov chaw nyob Secondary yuav tsum yog tib yam ntawm ob VTEPs.
interface loopback0
ip add 10.255.1.10/32 secondaryYog li, los ntawm qhov pom ntawm lwm tus VTEPs, peb tau txais cov hauv qab no topology:
Ntawd yog, tam sim no lub qhov taub yuav tsim nruab nrab ntawm tus IP chaw nyob ntawm nplooj-21 thiab tus IP virtual ntawm ob nplooj-11 thiab Nplooj-12. Tam sim no yuav tsis muaj teeb meem kawm MAC chaw nyob los ntawm ob lub cuab yeej thiab kev khiav tsheb tuaj yeem txav los ntawm ib qho VTEP mus rau lwm qhov. Qhov twg ntawm ob VTEPs yuav ua cov tsheb khiav yog txiav txim siab siv lub rooj sib tham ntawm Kab laug sab:
Spine1# sh ip route
<.....>
10.255.1.10/32, ubest/mbest: 2/0
*via 10.255.1.11, Eth1/1, [110/41], 1d01h, ospf-UNDERLAY, intra
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra
10.255.1.11/32, ubest/mbest: 1/0
*via 10.255.1.11, Eth1/1, [110/41], 1d22h, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 1/0
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intraRaws li koj tuaj yeem pom saum toj no, qhov chaw nyob 10.255.1.10 muaj tam sim ntawd los ntawm ob lub Next-hops.
Nyob rau theem no, peb tau hais txog qhov yooj yim kev sib txuas. Cia peb mus rau kev teeb tsa NVE interface:
Cia tam sim ntawd qhib Vlan 10 thiab koom nrog VNI 10000 ntawm txhua nplooj ntawv rau cov tswv. Cia peb teeb tsa L2 qhov nruab nrab ntawm cov tswv
vlan 10 ! ΠΠΊΠ»ΡΡΠ°Π΅ΠΌ VLAN Π½Π° Π²ΡΠ΅Ρ
VTEP ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½Π½ΡΡ
ΠΊ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠΌ Ρ
ΠΎΡΡΠ°ΠΌ
vn-segment 10000 ! ΠΡΡΠΎΡΠΈΠΈΡΡΠ΅ΠΌ VLAN Ρ Π½ΠΎΠΌΠ΅Ρ VNI
interface nve1
member vni 10000 ! ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ VNI 10000 Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ ΡΠ΅ΡΠ΅Π· ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ NVE. Π΄Π»Ρ ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ Π² VxLAN
ingress-replication protocol bgp ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ, ΡΡΠΎ Π΄Π»Ρ ΡΠ°ΡΠΏΡΠΎΡΡΡΠ°Π½Π΅Π½ΠΈΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ ΠΎ Ρ
ΠΎΡΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGPTam sim no cia peb kuaj nve cov phooj ywg thiab cov lus rau BGP EVPN:
Leaf21# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 10.255.1.10 Up CP 00:00:41 n/a ! ΠΠΈΠ΄ΠΈΠΌ ΡΡΠΎ peer Π΄ΠΎΡΡΡΠΏΠ΅Π½ Ρ secondary Π°Π΄ΡΠ΅ΡΠ°
Leaf11# sh bgp l2vpn evpn
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000) ! ΠΡ ΠΊΠΎΠ³ΠΎ ΠΈΠΌΠ΅Π½Π½ΠΎ ΠΏΡΠΈΡΠ΅Π» ΡΡΠΎΡ l2VNI
*>l[3]:[0]:[32]:[10.255.1.10]/88 ! EVPN route-type 3 - ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ Π½Π°ΡΠ΅Π³ΠΎ ΡΠΎΡΠ΅Π΄Π°, ΠΊΠΎΡΠΎΡΡΠΉ ΡΠ°ΠΊ ΠΆΠ΅ Π·Π½Π°Π΅Ρ ΠΎΠ± l2VNI10000
10.255.1.10 100 32768 i
*>i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
* i 10.255.1.20 100 0 i
Route Distinguisher: 10.255.1.21:32777
* i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iSaum toj no peb pom tsuas yog EVPN txoj kev-hom 3 txoj kev. Txoj kev no tham txog cov phooj ywg (Nplooj), tab sis peb cov tswv nyob qhov twg?
Qhov tshaj plaws yog tias cov ntaub ntawv hais txog MAC tus tswv tau xa los ntawm EVPN txoj kev-hom 2
Txhawm rau pom peb cov tswv, koj yuav tsum teeb tsa EVPN txoj kev-hom 2:
evpn
vni 10000 l2
route-target import auto ! Π² ΡΠ°ΠΌΠΊΠ°Ρ
Π΄Π°Π½Π½ΠΎΠΉ ΡΡΠ°ΡΡΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ Π½ΠΎΠΌΠ΅Ρ Π΄Π»Ρ route-target
route-target export autoCia peb ping ntawm Host-2 rau Host-1:
Firewall2# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
36 bytes from 192.168.10.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 192.168.10.1: icmp_seq=1 ttl=254 time=215.555 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=254 time=38.756 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=254 time=42.484 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=254 time=40.983 msThiab hauv qab no peb tuaj yeem pom tias txoj kev-hom 2 nrog tus tswv tsev MAC chaw nyob tau tshwm sim hauv BGP lub rooj - 5001.0007.0007 thiab 5001.0008.0007
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 1
10.255.1.10 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 2
* i 10.255.1.20 100 0 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iTom ntej no, koj tuaj yeem pom cov ncauj lus kom ntxaws ntawm Kev Hloov Kho, uas koj tau txais cov ntaub ntawv hais txog MAC Host. Hauv qab no tsis yog tag nrho cov lus txib tso zis.
Leaf21# sh bgp l2vpn evpn 5001.0007.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.11:32777 ! ΠΎΡΠΏΡΠ°Π²ΠΈΠ» Update Ρ MAC Host. ΠΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ Π°Π΄ΡΠ΅Ρ VPC, Π° Π°Π΄ΡΠ΅Ρ Leaf
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216,
version 1507
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labe
led nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.10 (metric 81) from 10.255.1.102 (10.255.1.102) ! Ρ ΠΊΠ΅ΠΌ ΠΈΠΌΠ΅Π½Π½ΠΎ ΡΡΡΠΎΠΈΠΌ VxLAN ΡΠΎΠ½Π½Π΅Π»Ρ
Origin IGP, MED not set, localpref 100, weight 0
Received label 10000 ! ΠΠΎΠΌΠ΅Ρ VNI, ΠΊΠΎΡΠΎΡΡΠΉ Π°ΡΡΠΎΡΠΈΠΈΡΠΎΠ²Π°Π½ Ρ VLAN, Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π½Π°Ρ
ΠΎΠ΄ΠΈΡΡΡ Host
Extcommunity: RT:65001:10000 SOO:10.255.1.10:0 ENCAP:8 ! Π’ΡΡ Π²ΠΈΠ΄Π½ΠΎ, ΡΡΠΎ RT ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π»ΡΡ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π½ΠΎΠΌΠ΅ΡΠΎΠ² AS ΠΈ VNI
Originator: 10.255.1.11 Cluster list: 10.255.1.102
<........>Cia peb pom dab tsi thav duab zoo li thaum lawv dhau los ntawm lub Hoobkas:
Txhaum-ARP
Zoo, tam sim no peb muaj L2 kev sib txuas lus ntawm cov tswv thiab peb tuaj yeem ua tiav qhov ntawd. Txawm li cas los xij, tsis yog txhua yam yooj yim. Tsuav peb muaj ob peb tus tswv yuav tsis muaj teeb meem. Tab sis cia peb xav txog qhov xwm txheej uas peb muaj ntau pua txhiab tus tswv. Peb yuav ntsib teeb meem dab tsi?
Qhov teeb meem no yog BUM (Broadcast, Unknown Unicast, Multicast). Hauv tsab xov xwm no, peb yuav xav txog qhov kev xaiv ntawm kev cuam tshuam nrog kev tshaj tawm xov xwm.
Lub tshuab hluav taws xob tseem ceeb tshaj tawm hauv Ethernet tes hauj lwm yog tus tswv lawv tus kheej ntawm ARP raws tu qauv.
Nexus siv cov txheej txheem hauv qab no los tawm tsam ARP thov - suppress-arp.
Qhov no feature ua haujlwm raws li hauv qab no:
- Host-1 xa daim ntawv thov APR mus rau qhov chaw nyob tshaj tawm ntawm nws lub network.
- Qhov kev thov mus txog Leaf hloov thiab tsis dhau qhov kev thov no ntxiv rau cov ntaub ntawm Host-2, Nplooj teb nws tus kheej thiab qhia txog qhov xav tau IP thiab MAC.
Yog li, qhov kev thov tshaj tawm tsis tau mus rau lub Hoobkas. Tab sis qhov no yuav ua li cas yog tias Leaf tsuas paub qhov chaw nyob MAC?
Txhua yam yooj yim heev, EVPN txoj kev-hom 2, ntxiv rau qhov chaw nyob MAC, tuaj yeem xa cov MAC / IP ua ke. Txhawm rau ua qhov no, koj yuav tsum teeb tsa tus IP chaw nyob hauv VLAN ntawm nplooj. Cov lus nug tshwm sim, kuv yuav tsum teeb IP li cas? Ntawm nexus nws tuaj yeem tsim qhov chaw faib (tib yam) ntawm txhua qhov hloov pauv:
feature interface-vlan
fabric forwarding anycast-gateway-mac 0001.0001.0001 ! Π·Π°Π΄Π°Π΅ΠΌ virtual mac Π΄Π»Ρ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ»ΡΠ·Π° ΠΌΠ΅ΠΆΠ΄Ρ Π²ΡΠ΅ΠΌΠΈ ΠΊΠΎΠΌΠΌΡΡΠ°ΡΠΎΡΠ°ΠΌΠΈ
interface Vlan10
no shutdown
ip address 192.168.10.254/24 ! Π½Π° Π²ΡΠ΅Ρ
Leaf Π·Π°Π΄Π°Π΅ΠΌ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΡΠΉ IP
fabric forwarding mode anycast-gateway ! Π³ΠΎΠ²ΠΎΡΠΈΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Virtual macYog li, los ntawm lub tswv yim pom, lub network yuav zoo li no:
Cia wb mus saib BGP l2route evpn
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.21 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
* i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
<......>
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
*>i 10.255.1.20 100 0 i
<......>Los ntawm cov lus txib tso zis koj tuaj yeem pom tias hauv EVPN txoj kev-hom 2, ntxiv rau MAC, tam sim no peb kuj pom tus tswv tsev IP chaw nyob.
Cia peb rov qab mus rau qhov teeb tsa suppress-arp. Qhov kev teeb tsa no tau qhib rau txhua VNI nyias:
interface nve1
member vni 10000
suppress-arpTom qab ntawd ib co complexity tshwm sim:
- Rau qhov ua haujlwm no, qhov chaw hauv TCAM nco yog xav tau. Nov yog ib qho piv txwv ntawm kev teeb tsa rau suppress-arp:
hardware access-list tcam region arp-ether 256Qhov kev teeb tsa no yuav xav tau ob sab dav. Qhov ntawd yog, yog tias koj teeb tsa 256, ces koj yuav tsum pub dawb 512 hauv TCAM. Kev teeb tsa TCAM yog dhau ntawm cov kab lus no, txij li kev teeb tsa TCAM tsuas yog nyob ntawm txoj haujlwm tau muab rau koj thiab yuav txawv ntawm ib lub network mus rau lwm qhov.
- Kev ua kom muaj zog-arp yuav tsum ua tiav ntawm txhua qhov hloov pauv nplooj. Txawm li cas los xij, qhov nyuaj tuaj yeem tshwm sim thaum teeb tsa ntawm nplooj nplooj nyob hauv VPC sau. Yog tias TCAM hloov pauv, qhov sib xws ntawm cov khub yuav tawg thiab ib qho ntawm qhov yuav raug tshem tawm ntawm kev ua haujlwm. Tsis tas li ntawd, ib lub cuab yeej reboot yuav tsum tau siv TCAM hloov chaw.
Yog li ntawd, koj yuav tsum ua tib zoo xav txog seb, hauv koj qhov xwm txheej, nws tsim nyog siv qhov teeb tsa no rau hauv lub Hoobkas khiav.
Qhov no xaus thawj ntu ntawm koob. Hauv ntu tom ntej peb yuav saib txog kev sib txuas ntawm VxLAN ntaub nrog kev sib cais ntawm cov tes hauj lwm rau hauv VRFs sib txawv.
Thiab tam sim no kuv caw sawv daws mus , nyob rau hauv uas kuv yuav qhia rau koj paub meej txog cov chav kawm. Thawj 20 tus neeg tuaj koom rau npe rau qhov webinar no yuav tau txais daim ntawv pov thawj luv nqi ntawm email hauv 1-2 hnub tom qab tshaj tawm.
Tau qhov twg los: www.hab.com