Hey Habr. Aku terus seri artikel ing teknologi VxLAN EVPN, kang ditulis khusus kanggo miwiti kursus dening OTUS. Lan dina iki kita bakal nimbang bagean menarik saka tugas - nuntun. Ora ketompo carane trite bisa muni, Nanging, minangka bagΓ©an saka karya saka pabrik jaringan, kabeh bisa uga ora dadi prasaja.
Ing bagean pungkasan, kita entuk siji domain siaran sing dibangun ing ndhuwur kain jaringan ing Nexus 9000v. Nanging, iki dudu kabeh tugas sing kudu dirampungake ing kerangka jaringan pusat data. Lan dina iki kita bakal nimbang tugas ing ngisor iki - nuntun antarane jaringan utawa antarane VNIs.
Ayo kula ngelingake sampeyan yen topologi Spine-Leaf digunakake:
Kanggo miwiti, kita bakal nganalisa kepiye rute lan fitur apa sing diduweni.
Kanggo mangerteni, ayo gampang diagram logika lan nambah VNI 20000 liyane kanggo Host-2. Hasile yaiku:
Kepiye, ing kasus iki, sampeyan bisa nransfer lalu lintas saka siji Host menyang liyane?
Ana rong opsi:
- Tansah informasi babagan kabeh VNI ing kabeh ngalih Leaf, banjur kabeh nuntun bakal kelakon ing Leaf pisanan ing jaringan;
- Gunakake darmabakti - L3 VNI
Cara pisanan prasaja lan trep. Awit sampeyan mung kudu miwiti kabeh VNI ing kabeh ngalih Leaf. Nanging, mlaku sawetara atus utawa ewu VNI ing kabeh Leaf ora katon kaya tugas sing gampang. Mulane, ing karya digunakake cukup arang.
Kita bakal njelasno cara 2, minangka luwih menarik lan rada luwih rumit, nanging menehi liyane keluwesan ing nyetel pabrik.
Ayo ditambahake "PROD" menyang topologi VRF. Ayo ditambahake vlan antarmuka 10 ing pasangan Leaf-11/12 lan antarmuka VLAN 20 ing Leaf-21. VLAN 20 digandhengake karo VNI 20000
vrf context PROD
rd auto ! Route Distinguisher Π½Π΅ ΠΏΡΠΈΠ½ΡΠΈΠΏΠΈΠ°Π»Π΅Π½ ΠΈ ΠΌΠΎΠΆΠ΅ΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ
address-family ipv4 unicast
route-target both auto ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ Route-target Ρ ΠΊΠΎΡΠΎΡΡΠΌ Π±ΡΠ΄ΡΡ ΠΈΠΌΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΈ ΡΠΊΡΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΏΡΠ΅ΡΠΈΠΊΡΡ Π²/ΠΈΠ· VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayKanggo nggunakake L3VNI, sampeyan kudu nggawe VLAN anyar, digandhengake karo VNI anyar. VNI anyar kudu padha ing kabeh Leafs kasengsem ing VLAN 10 lan 20 informasi.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ L3 VNI
vrf context PROD
vni 99000 ! ΠΡΠΈΠ²ΡΠ·ΡΠ²Π°Π΅ΠΌ L3 VNI ΠΊ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌΡ VRFAkibatΓ©, diagram bakal katon kaya iki:
Iku tetep kanggo rampung sethitik - nambah siji antarmuka liyane - antarmuka vlan 99 ing VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! ΠΠ° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅ Π½Π΅ Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ IP. ΠΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ ΡΠΎΠ»ΡΠΊΠΎ Π΄Π»Ρ ΠΏΠ΅ΡΠ΅ΡΡΠ»ΠΊΠΈ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ² ΠΌΠ΅ΠΆΠ΄Ρ LeafAkibatΓ©, logika ngliwati pigura saka Host-1 menyang Host-2 kaya ing ngisor iki:
- Pigura sing dikirim dening Host-1 teka ing Leaf ing VLAN 10, sing digandhengake karo VNI 10000;
- Leaf mriksa alamat tujuan lan nemokake liwat L3 VNI ing switch Leaf kapindho;
- Sanalika rute menyang alamat tujuan ditemokake, Leaf ngemas pigura menyang header karo L3VNI 99000 perlu - lan dikirim menyang Leaf kapindho;
- Switch Leaf kapindho nampa data saka L3VNI 99000. Entuk pigura asli lan transfer menyang L2VNI 20000 sing dibutuhake banjur menyang VLAN 20.
Minangka asil karya iki, mbusak L3VNI perlu kanggo nyimpen informasi bab kabeh VNIs sing ing jaringan ing kabeh ngalih Leaf.
AkibatΓ©, nalika ngirim lalu lintas saka Host-1 menyang Host-2, paket kasebut dikemas ing VxLAN kanthi VNI anyar - 99000:
Iku tetep kanggo ndeleng carane persis Leaf-1 sinau babagan alamat MAC saka VNI liyane. Iki uga kedadeyan kanthi bantuan EVPN route-type 2 (MAC / IP).
Ing ngisor iki nuduhake proses nyebarake rute babagan awalan sing ana ing VNI liyane:
Yaiku, alamat sing ditampa saka VNI 20000 duwe rong RT.
Ayo kula ngelingake sampeyan yen rute sing ditampa saka Update tiba ing tabel BGP karo Route-target kasebut ing setelan VRF (proses iki rada rumit, nanging kita ora bakal pindhah menyang artikel iki).
RT dhewe dibentuk kanthi rumus: AS: VNI ββ(yen mode otomatis digunakake).
Conto tatanan RT ing mode otomatis lan manual:
vrf context PROD
address-family ipv4 unicast
route-target import auto - Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠ°Π±ΠΎΡΡ
route-target export 65001:20000 - ΡΡΡΠ½ΠΎΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΡ RTAkibatΓ©, sampeyan bisa ndeleng ndhuwur sing ater-ater saka VNI liyane duwe loro nilai RT.
Salah sijine 65001: 99000 minangka tambahan L3 VNI. Wiwit VNI iki padha ing kabeh Leafs lan tumiba ing aturan ngimpor kita ing setelan VRF, ater-ater nemu menyang Tabel BGP, kang bisa katon saka output:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! ΠΡΠ΅ΡΠΈΠΊΡ ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΉ ΠΈΠ· VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iYen kita ndeleng kanthi luwih rinci babagan nganyari sing ditampa, kita bisa ndeleng manawa awalan iki duwe rong RT:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! ΠΠ²Π° label Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! ΠΠ²Π° Π·Π½Π°ΡΠ΅Π½ΠΈΡ Route-target, Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅, ΠΊΠΎΡΠΎΡΡΡ
Π΄ΠΎΠ±Π°Π²ΠΈΠ»ΠΈ Π΄Π°Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>Ing tabel nuntun ing Leaf-1, sampeyan uga bisa ndeleng awalan 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! ΠΠ΄ΡΠ΅Ρ Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! ΠΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Π§Π΅ΡΠ΅Π· VNI 99000Sok dong mirsani ilang ater-ater utami 192.168.20.0/24 ing tabel nuntun?
Bener, dheweke ora ana. Yaiku, Leafs remot nampa informasi mung babagan host sing ana ing jaringan sampeyan. Lan iki prilaku sing bener. Ndhuwur, ing kabeh nganyari, sampeyan bisa ndeleng manawa informasi kasebut kalebu isi MAC / IP. Ora ana prefiks kanggo ngomong.
Iki minangka protokol Host Mobility Manager (HMM), sing ngisi tabel ARP saka tabel BGP sing luwih diisi (kita bakal ngilangi proses iki ing kerangka artikel iki). Adhedhasar informasi sing ditampa saka HMM, rute-jinis 2 EVPNs dibentuk (dikirim dening MAC / IP).
Nanging, kepiye yen ana perlu kanggo ngirim informasi babagan awalan?
Kanggo informasi jinis iki, ana EVPN route-type 5 - ngidini sampeyan ngirim prefiks liwat alamat-kulawarga l2vpn evpn (jinis rute iki nalika nulis iki mung ing versi draf. , amarga iki, manufaktur sing beda bisa uga duwe prilaku sing beda saka jinis rute iki)
Kanggo nransfer ater-ater, prefiks kudu ditambahake ing proses BGP kanggo VRF, sing bakal diiklanake:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! Π Π΄Π°Π½Π½ΠΎΠΌ ΡΠ»ΡΡΠ°Π΅ Π°Π½ΠΎΠ½ΡΠΈΡΡΠ΅ΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΡ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π½Π΅ΠΏΠΎΡΡΠ΅Π΄ΡΡΠ²Π΅Π½Π½ΠΎ ΠΊ Leaf Π² VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΎΠΉ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΈΠ΅ ΡΠ΅ΡΠΈ Π±ΡΠ΄ΡΡ ΠΏΠΎΠΏΠ°Π΄Π°ΡΡ Π² EVPN route-type 5AkibatΓ©, Update bakal dadi:
Ayo katon ing tabel BGP. Saliyane EVPN route-type 2,3, jinis 5 rute wis muncul sing ngemot informasi babagan nomer jaringan:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΠ°
10.255.1.10 0 100 0 ?
* i
<.......> Ater-ater uga katon ing tabel routing:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ, Π΄ΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf1/2(Π°Π΄ΡΠ΅Ρ Next-hop = virtual IP ΠΌΠ΅ΠΆΠ΄Ρ ΠΏΠ°ΡΠΎΠΉ VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! ΠΡΠ΅ΡΠΈΠΊΡ Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅ΡΠ΅Π· L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmIki nyimpulake bagean kapindho saka seri artikel babagan VxLAN EVPN. Ing sisih sabanjure, kita bakal nimbang macem-macem opsi kanggo nuntun antarane VRFs.
Source: www.habr.com