Hlo Habr. Kuv txuas ntxiv cov kab lus ntawm VxLAN EVPN thev naus laus zis, uas tau sau tshwj xeeb rau kev pib kawm los ntawm OTUS. Thiab niaj hnub no peb yuav xav txog ib feem nthuav ntawm cov dej num - routing. Txawm hais tias nws yuav zoo li cas, txawm li cas los xij, ua ib feem ntawm kev ua haujlwm ntawm lub Hoobkas network, txhua yam tuaj yeem tsis yooj yim.
Hauv ntu kawg, peb tau ua tiav ib qho kev tshaj tawm xov xwm ua rau saum lub network ntaub ntawm Nexus 9000v. Txawm li cas los xij, qhov no tsis yog tag nrho cov haujlwm uas yuav tsum tau daws nyob rau hauv lub moj khaum ntawm cov ntaub ntawv chaw network. Thiab niaj hnub no peb yuav xav txog cov haujlwm hauv qab no - kev sib txuas ntawm tes hauj lwm lossis ntawm VNIs.
Cia kuv ceeb toom koj tias Spine-Leaf topology yog siv:
Yuav pib nrog, peb yuav txheeb xyuas seb qhov kev ua haujlwm tshwm sim li cas thiab nws muaj dab tsi.
Rau kev nkag siab, cia peb ua kom yooj yim cov duab kos duab thiab ntxiv lwm VNI 20000 rau Host-2. Qhov tshwm sim yog:
Yuav ua li cas, nyob rau hauv cov ntaub ntawv no, koj yuav hloov tsheb los ntawm ib tug tswv mus rau lwm tus?
Muaj ob txoj hauv kev:
- Khaws cov ntaub ntawv hais txog tag nrho VNIs ntawm txhua nplooj ntawv hloov, tom qab ntawd txhua txoj kev yuav tshwm sim ntawm thawj nplooj hauv lub network;
- Siv nplooj siab - L3 VNI
Thawj txoj kev yog yooj yim thiab yooj yim. Txij li thaum koj tsuas yog yuav tsum pib tag nrho VNIs ntawm txhua nplooj ntawv hloov. Txawm li cas los xij, khiav ob peb puas lossis ntau txhiab VNIs ntawm tag nrho Nplooj tsis zoo li ib txoj haujlwm yooj yim. Yog li ntawd, hauv kev ua haujlwm nws yog siv tsis tshua muaj.
Peb yuav tshuaj xyuas txoj kev 2, raws li kev nthuav dav thiab me ntsis nyuaj, tab sis muab kev yooj yim dua rau kev teeb tsa lub Hoobkas.
Cia peb ntxiv "PROD" rau VRF topology. Wb ntxiv interface vlan 10 rau nws ntawm Leaf-11/12 khub thiab interface VLAN 20 ntawm Nplooj-21. VLAN 20 yog txuam nrog VNI 20000
vrf context PROD
rd auto ! Route Distinguisher Π½Π΅ ΠΏΡΠΈΠ½ΡΠΈΠΏΠΈΠ°Π»Π΅Π½ ΠΈ ΠΌΠΎΠΆΠ΅ΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ
address-family ipv4 unicast
route-target both auto ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ Route-target Ρ ΠΊΠΎΡΠΎΡΡΠΌ Π±ΡΠ΄ΡΡ ΠΈΠΌΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΈ ΡΠΊΡΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΏΡΠ΅ΡΠΈΠΊΡΡ Π²/ΠΈΠ· VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayTxhawm rau siv L3VNI, koj yuav tsum tsim VLAN tshiab, koom nrog VNI tshiab. VNI tshiab yuav tsum yog tib yam ntawm txhua nplooj ntawv xav paub VLAN 10 thiab 20 cov ntaub ntawv.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ L3 VNI
vrf context PROD
vni 99000 ! ΠΡΠΈΠ²ΡΠ·ΡΠ²Π°Π΅ΠΌ L3 VNI ΠΊ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌΡ VRFYog li ntawd, daim duab yuav zoo li no:
Nws tseem tshuav me ntsis - ntxiv ib qho ntxiv interface - interface vlan 99 hauv VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! ΠΠ° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅ Π½Π΅ Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ IP. ΠΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ ΡΠΎΠ»ΡΠΊΠΎ Π΄Π»Ρ ΠΏΠ΅ΡΠ΅ΡΡΠ»ΠΊΠΈ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ² ΠΌΠ΅ΠΆΠ΄Ρ LeafYog li ntawd, lub logic ntawm kev hla tus ncej ntawm Host-1 rau Host-2 yog raws li nram no:
- Ib tug ncej xa los ntawm Host-1 tuaj txog ntawm Nplooj hauv VLAN 10, uas cuam tshuam nrog VNI 10000;
- Nplooj tshuaj xyuas qhov chaw nyob qhov twg thiab pom nws ntawm L3 VNI ntawm nplooj thib ob hloov;
- Sai li sai tau txoj kev mus rau qhov chaw nyob tau pom, Nplooj packs lub thav duab rau hauv ib lub header nrog rau qhov tsim nyog L3VNI 99000 - thiab xa mus rau nplooj thib ob;
- Qhov thib ob Leaf hloov tau txais cov ntaub ntawv los ntawm L3VNI 99000. Tau txais cov qauv qub thiab hloov mus rau L2VNI 20000 thiab tom qab ntawd mus rau VLAN 20.
Raws li kev ua haujlwm no, L3VNI tshem tawm qhov yuav tsum tau khaws cov ntaub ntawv hais txog txhua VNIs uas nyob hauv lub network ntawm txhua qhov hloov pauv nplooj.
Yog li ntawd, thaum peb xa tsheb khiav los ntawm Host-1 mus rau Host-2, lub pob ntawv tau ntim rau hauv VxLAN nrog VNI tshiab - 99000:
Nws tseem yuav pom tias Leaf-1 kawm tau li cas txog MAC chaw nyob los ntawm lwm tus VNI. Qhov no kuj tshwm sim nrog kev pab ntawm EVPN txoj kev-hom 2 (MAC / IP).
Cov hauv qab no qhia txog cov txheej txheem ntawm kev tshaj tawm txoj hauv kev hais txog lub npe ua ntej nyob hauv lwm VNI:
Ntawd yog, qhov chaw nyob tau txais los ntawm VNI 20000 muaj ob RTs.
Cia kuv ceeb toom rau koj tias cov kev tau txais los ntawm Kev Hloov Kho tau poob rau hauv BGP lub rooj nrog Txoj Kev-lub hom phiaj tau teev tseg hauv VRF nqis (cov txheej txheem yuav nyuaj me ntsis, tab sis peb yuav tsis mus rau hauv kab lus no).
Tus RT nws tus kheej yog tsim los ntawm cov mis: AS:VNI (yog siv hom tsis siv neeg).
Ib qho piv txwv ntawm kev tsim RT nyob rau hauv hom tsis siv neeg thiab phau ntawv:
vrf context PROD
address-family ipv4 unicast
route-target import auto - Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠ°Π±ΠΎΡΡ
route-target export 65001:20000 - ΡΡΡΠ½ΠΎΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΡ RTRaws li qhov tshwm sim, koj tuaj yeem pom saum toj no cov lus hais ua ntej los ntawm lwm tus VNI muaj ob qhov txiaj ntsig RT.
Ib ntawm lawv 65001: 99000 yog L3 VNI ntxiv. Txij li thaum VNI no zoo ib yam ntawm tag nrho cov nplooj thiab poob rau hauv peb cov kev cai ntshuam hauv VRF chaw, cov lus ua ntej nkag mus rau hauv BGP rooj, uas tuaj yeem pom los ntawm cov zis:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! ΠΡΠ΅ΡΠΈΠΊΡ ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΉ ΠΈΠ· VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iYog tias peb saib ze ze ntawm qhov kev hloov tshiab tau txais, peb tuaj yeem pom tias qhov ua ntej no muaj ob RTs:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! ΠΠ²Π° label Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! ΠΠ²Π° Π·Π½Π°ΡΠ΅Π½ΠΈΡ Route-target, Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅, ΠΊΠΎΡΠΎΡΡΡ
Π΄ΠΎΠ±Π°Π²ΠΈΠ»ΠΈ Π΄Π°Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>Nyob rau hauv lub rooj routing ntawm Nplooj-1, koj tuaj yeem pom ua ntej 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! ΠΠ΄ΡΠ΅Ρ Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! ΠΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Π§Π΅ΡΠ΅Π· VNI 99000Daim ntawv ceeb toom qhov uas ploj lawm thawj prefix 192.168.20.0/24 nyob rau hauv lub routing table?
Yog lawm, nws tsis nyob ntawd. Ntawd yog, Nplooj Ntoos Tej thaj chaw deb tau txais cov ntaub ntawv tsuas yog hais txog cov tswv uas nyob hauv koj lub network. Thiab qhov no yog tus cwj pwm raug. Saum toj no, hauv txhua qhov hloov tshiab, koj tuaj yeem pom tias cov ntaub ntawv tuaj nrog cov ntsiab lus ntawm MAC / IP. Tsis muaj prefixes los hais txog.
Qhov no yog Tus Thawj Saib Xyuas Kev Lag Luam (HMM) raws tu qauv, uas ua rau lub rooj ARP los ntawm cov lus BGP ntxiv (peb yuav tshem tawm cov txheej txheem no nyob rau hauv lub moj khaum ntawm tsab xov xwm no). Raws li cov ntaub ntawv tau txais los ntawm HMM, txoj kev-hom 2 EVPNs yog tsim (hloov los ntawm MAC / IP).
Txawm li cas los xij, yuav ua li cas yog tias xav tau kom dhau cov ntaub ntawv hais txog kev ua ntej?
Rau hom ntaub ntawv no, muaj EVPN txoj kev-hom 5 - nws tso cai rau koj xa prefixes ntawm chaw nyob-tsev neeg l2vpn evpn (txoj kev no thaum lub sij hawm sau ntawv no tsuas yog nyob rau hauv cov ntawv sau version. , vim li no, cov tuam txhab sib txawv yuav muaj tus cwj pwm sib txawv ntawm txoj kev no)
Txhawm rau hloov cov ntawv ua ntej, nws yuav tsum tau ntxiv cov npe ua ntej hauv BGP txheej txheem rau VRF, uas yuav raug tshaj tawm:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! Π Π΄Π°Π½Π½ΠΎΠΌ ΡΠ»ΡΡΠ°Π΅ Π°Π½ΠΎΠ½ΡΠΈΡΡΠ΅ΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΡ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π½Π΅ΠΏΠΎΡΡΠ΅Π΄ΡΡΠ²Π΅Π½Π½ΠΎ ΠΊ Leaf Π² VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΎΠΉ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΈΠ΅ ΡΠ΅ΡΠΈ Π±ΡΠ΄ΡΡ ΠΏΠΎΠΏΠ°Π΄Π°ΡΡ Π² EVPN route-type 5Raws li qhov tshwm sim, Hloov tshiab yuav yog:
Wb saib BGP rooj. Ntxiv rau EVPN txoj kev-hom 2,3, hom 5 txoj kev tau tshwm sim uas muaj cov ntaub ntawv hais txog tus lej xov tooj:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΠ°
10.255.1.10 0 100 0 ?
* i
<.......> Lub prefix kuj tshwm sim nyob rau hauv lub rooj routing:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ, Π΄ΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf1/2(Π°Π΄ΡΠ΅Ρ Next-hop = virtual IP ΠΌΠ΅ΠΆΠ΄Ρ ΠΏΠ°ΡΠΎΠΉ VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! ΠΡΠ΅ΡΠΈΠΊΡ Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅ΡΠ΅Π· L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmQhov no xaus qhov thib ob ntawm cov kab lus ntawm VxLAN EVPN. Hauv ntu tom ntej, peb yuav xav txog ntau yam kev xaiv rau kev sib txuas ntawm VRFs.
Tau qhov twg los: www.hab.com