Salve, habr. Praesens sum curriculum ducis pro curriculo Engineer Network apud OTUS.
In antecessum initium novae dilectionis ad cursum Articulorum seriem in VxLAN EVPN technologiam paravi.
Ingens copia materiae est quomodo opera VxLAN EVPN, ergo varias functiones et consuetudines colligere cupio ad solvendas difficultates in moderna notitia centri.
In prima seriei parte de technologia VxLAN EVPN, videre cupimus modum L2 connectivity inter catervas ordinandi super fabricae retis.
Omnia exempla a Cisco Nexus 9000v facienda erunt, quae in topologia Spine-Folio convenerunt. Substratum retis in hoc articulo constituendo non habitabimus.
- Substratum network
- BGP prospiciens per electronica familia l2vpn evpn
- Erexerit NVE
- Supprimere arp
Substratum network
Acta summorum pontificum talis est:
Let's addressing on all machinis;
Spine-1 - 10.255.1.101
Spine-2 - 10.255.1.102
Leaf-11 - 10.255.1.11
Leaf-12 - 10.255.1.12
Leaf-21 - 10.255.1.21
Host-1 - 192.168.10.10
Host-2 - 192.168.10.20Sit scriptor reprehendo quod connectivity IP inter omnes cogitationes:
Leaf21# sh ip route
<........>
10.255.1.11/32, ubest/mbest: 2/0 ! Leaf-11 доступен чеерз два Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 2/0 ! Leaf-12 доступен чеерз два Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.21/32, ubest/mbest: 2/0, attached
*via 10.255.1.22, Lo0, [0/0], 00:02:20, local
*via 10.255.1.22, Lo0, [0/0], 00:02:20, direct
10.255.1.101/32, ubest/mbest: 1/0
*via 10.255.1.101, Eth1/4, [110/41], 00:00:06, ospf-UNDERLAY, intra
10.255.1.102/32, ubest/mbest: 1/0
*via 10.255.1.102, Eth1/3, [110/41], 00:00:03, ospf-UNDERLAY, intraReprehendamus quod dominium VPC creatum est et utraeque virgae constantiam reprimunt et occasus in utraque nodis identificantur;
Leaf11# show vpc
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
5 Po5 up success success 1BGP prospiciens
Demum, retiacula ipsasque erigere potes.
Cum pars articuli, retis inter hostias ordinare necesse est, ut in schemate infra ostendetur:
Configurare reticulum deauratum, opus est ut BGP super Spinam et Folium virgas cum auxilio pro l2vpn evpn familiam efficias;
feature bgp
nv overlay evpnDeinde, debes configurare BGP prospiciens inter Folium et Spinam. Ut simpliciorem reddere et optimize distributio notitiarum fudisset, Spinam configurare sicut cultor itineris-Reflector. Totum Folium scribemus in config utendo templates ad optimize setup.
Occasus itaque in Spina hoc simile est:
router bgp 65001
template peer LEAF
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.255.1.11
inherit peer LEAF
neighbor 10.255.1.12
inherit peer LEAF
neighbor 10.255.1.21
inherit peer LEAFSetup in Foliorum switch similis formae:
router bgp 65001
template peer SPINE
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.255.1.101
inherit peer SPINE
neighbor 10.255.1.102
inherit peer SPINEIn Spina, cum omnibus foliis virgas inspiciamus prospiciens:
Spine1# sh bgp l2vpn evpn summary
<.....>
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.1.11 4 65001 7 8 6 0 0 00:01:45 0
10.255.1.12 4 65001 7 7 6 0 0 00:01:16 0
10.255.1.21 4 65001 7 7 6 0 0 00:01:01 0Ut vides, nullae difficultates cum BGP fuerunt. Transeamus ad constituendum VxLAN. Configuratio ulterior solum in virgarum foliorum parte fiet. Spina tantum agit ut nucleum retis et tantum implicatur in tradendo commercio. Omnis encapsulation et via determinatio operis nonnisi in virgas Foliorum occurrit.
Erexerit NVE
NVE - network virtualis interface
Priusquam a parocho incipias, terminologiam aliquam inducamus:
VTEP - Vitalis Tunnel Finis Point, machina qua cuniculus VxLAN incipit vel desinit. VTEP non ex necessitate aliqua retis fabrica. Servus sustentans technologiam VxLAN ministrantem agere potest. In nostra topologia, omnes virgae Foliorum sunt VTEP.
VNI - Retis Virtualis Index - retis identifier intra VxLAN. Trahi potest analogia cum VLAN. Sed sunt aliquae differentiae. Cum fabrica utens, VLANs unica fiunt tantum intra unum folium transitum et per retiaculum non transmittitur. Sed uterque VLAN habere potest numerum VNI cum eo consociatum, qui iam per reticulum transmittitur. Quid simile et quomodo utendum sit, ulterius dicetur.
Praestet pluma VxLAN artificii operandi et facultatem VLAN numeros coniungendi cum numero VNI:
feature nv overlay
feature vn-segment-vlan-basedConfigurare NVE interface, quae operationi VxLAN est responsabilis. Haec interfacius responsabilis est ad tabulas in VxLAN capitis capitis encapsulare. Contrahere potes analogiam cum cuniculo interfaciei pro GRE:
interface nve1
no shutdown
host-reachability protocol bgp ! используем BGP для передачи маршрутной информации
source-interface loopback0 ! интерфейс с которого отправляем пакеты loopback0In Folio XXI transibit omnia sine problematibus creantur. Sed si praecepti output reprehendo show nve peerstunc vacua erit. Hic debes ad VPC configurationem redire. Videmus Folium-11 et Folium 12 in binis operari et per dominium VPC coniungi. Hanc nobis condicionem sequentem praebet;
Hostia-2 unam tabulam mittit ad Folium-21 ut per reticulum versus Hostiam transmittat-1. Nihilominus, Folium-21 perspicit inscriptionem MAC hostii-I per duas VTEPs simul pervias esse. Quid hoc in casu facere debet Folium? Ceterum hoc significat ansam in retiaculis apparere posse.
Ad hanc solvendam condicionem, necesse est Folium 11 et Folium-12 etiam ut unum machinam in officina agant. Solutio satis simplex. In Loopback interface e quo cuniculum construimus, inscriptioni secundae adde. Secunda oratio eadem in utroque VTEPs esse debet.
interface loopback0
ip add 10.255.1.10/32 secondaryIta, ex aliorum VTEPs sententia, sequenti topologia efficitur:
Hoc est, nunc cuniculum inter IP inscriptionem Folii-21 et virtualem IP inter duos Folii-11 et Folium XII aedificabitur. Nunc nullae difficultates erunt electronicam MAC discentes ex duabus machinis et mercatura ab uno VTEP ad aliam movere possunt. Uter VTEPs processus negotiationis constituitur utens fuso mensa in Spina:
Spine1# sh ip route
<.....>
10.255.1.10/32, ubest/mbest: 2/0
*via 10.255.1.11, Eth1/1, [110/41], 1d01h, ospf-UNDERLAY, intra
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra
10.255.1.11/32, ubest/mbest: 1/0
*via 10.255.1.11, Eth1/1, [110/41], 1d22h, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 1/0
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intraUt supra videre potes, oratio 10.255.1.10 statim per duos proximos adsultim praesto est.
In hac scaena de connectivity fundamentali egimus. Transeamus ad constituendum NVE interface:
Confestim Vlan 10 efficiamus et eam cum VNI 10000 in singulis Foliis agminibus coniungamus. Lets extruxerat L2 cuniculum inter exercituum
vlan 10 ! Включаем VLAN на всех VTEP подключенных к необходимым хостам
vn-segment 10000 ! Ассоциируем VLAN с номер VNI
interface nve1
member vni 10000 ! Добавляем VNI 10000 для работы через интерфейс NVE. для инкапсуляции в VxLAN
ingress-replication protocol bgp ! указываем, что для распространения информации о хосте используем BGPNunc comprimamus nve pares et mensam pro BGP EVPN:
Leaf21# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 10.255.1.10 Up CP 00:00:41 n/a ! Видим что peer доступен с secondary адреса
Leaf11# sh bgp l2vpn evpn
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000) ! От кого именно пришел этот l2VNI
*>l[3]:[0]:[32]:[10.255.1.10]/88 ! EVPN route-type 3 - показывает нашего соседа, который так же знает об l2VNI10000
10.255.1.10 100 32768 i
*>i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
* i 10.255.1.20 100 0 i
Route Distinguisher: 10.255.1.21:32777
* i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iSupra solum EVPN iter itineris species 3 itinera cernimus: hoc genus itineris loquitur de pari (Leaf), sed ubi sunt virtutes nostrae?
Res est notitias de MAC exercituum per EVPN iter itineris genus 2 . traduci
Ut virtutes nostras videas, EVPN iter configurare debes 2-type:
evpn
vni 10000 l2
route-target import auto ! в рамках данной статьи используем автоматический номер для route-target
route-target export autoSit ping ab Hostia II ad Hostiam-I:
Firewall2# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
36 bytes from 192.168.10.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 192.168.10.1: icmp_seq=1 ttl=254 time=215.555 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=254 time=38.756 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=254 time=42.484 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=254 time=40.983 msEt infra videre possumus quod genus 2 itineris cum exercitu MAC inscriptionem apparuisse in tabula BGP - 5001.0007.0007 et 5001.0008.0007
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 и mac адрес хоста 1
10.255.1.10 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 и mac адрес хоста 2
* i 10.255.1.20 100 0 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iDein de Renovatione detailed informationem videre potes in quibus informationes accepisti de MAC Hostia. Infra non omnes imperium output.
Leaf21# sh bgp l2vpn evpn 5001.0007.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.11:32777 ! отправил Update с MAC Host. Не виртуальный адрес VPC, а адрес Leaf
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216,
version 1507
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labe
led nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.10 (metric 81) from 10.255.1.102 (10.255.1.102) ! с кем именно строим VxLAN тоннель
Origin IGP, MED not set, localpref 100, weight 0
Received label 10000 ! Номер VNI, который ассоциирован с VLAN, в котором находится Host
Extcommunity: RT:65001:10000 SOO:10.255.1.10:0 ENCAP:8 ! Тут видно, что RT сформировался автоматически на основе номеров AS и VNI
Originator: 10.255.1.11 Cluster list: 10.255.1.102
<........>Videamus quae tabulae tamquam per officinam transierint;
Supprimere-ARP
Magnum, nunc habemus L2 communicationem inter catervas et ibi perficere potuimus. Sed non omnes simplices. Quamdiu paucas hostias habemus, nullae difficultates erunt. Sed fingamus locum ubi centena milia exercituum habemus. Quid dubitamus os?
Hoc problema est BUM (passim, ignoti Unicast, Multicast) negotiatio. In hoc articulo, de facultate commercii passim tractandi deliberabimus.
Praecipua generans passim in retiacula Aernetica est ipsae exercitus per protocollum ARP.
Nexus instrumenti sequentis mechanismi ad petitiones ARP pugnandi - supprimendi-ARP.
Hoc pluma ut sequitur:
- Host-1 petitionem APR mittit ad electronicam radiophonicam retis eius.
- Petitio transitum ad Folium attingit et pro hac petitione longius ad fabricam versus Host-2 transiens, Folium se respondet et debitum IP et MAC indicat.
Ita petitio radiophonica officinas non ivit. Sed quomodo potest hoc opus, si Folium solum MAC inscriptionem novit?
Omnia simplicia sunt, EVPN meatus-typus 2, praeter inscriptionem MAC/IP transmittere possunt. Ad hoc faciendum, opus IP in VLAN in Folio configurare. Quaeritur, quid IP ponam? De nexu in omnes virgas distributa oratio creare potest:
feature interface-vlan
fabric forwarding anycast-gateway-mac 0001.0001.0001 ! задаем virtual mac для создания распределенного шлюза между всеми коммутаторами
interface Vlan10
no shutdown
ip address 192.168.10.254/24 ! на всех Leaf задаем одинаковый IP
fabric forwarding mode anycast-gateway ! говорим использовать Virtual macIta, ex acierum sententia, reticulum hoc spectabit;
Sit scriptor reprehendo BGP l2route evpn
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.21 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
* i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
<......>
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
*>i 10.255.1.20 100 0 i
<......>Ex praecepto output videre potes in II itinere-typo EVPN, praeter MAC, nunc etiam exercitum IP inscriptionem videre.
Redeamus ad supprimendum-arp occasum. Hic locus datur singulis VNI separatim;
interface nve1
member vni 10000
suppress-arpDeinde oritur aliqua multiplicitas;
- Hoc pluma ad opus, spatium in TCAM memoria requiritur. Exemplar hic fundorum pro-arp supprimendum:
hardware access-list tcam region arp-ether 256Hic occasus duplicem latitudinem requiret. Hoc est, si 256 ponas, debes liberare 512 in TCAM, TCAM ponere extra ambitum huius articuli, cum constituendum TCAM solum a munere tibi assignato et ab una retis in aliam differat.
- Exsequens supprimendum-arp in omnibus virgas Foliorum fieri debet. Complicatio tamen oriri potest cum paria foliorum figurantium in dominio VPC residentium. Si mutatur TCAM, constantia inter paria frangetur et unus nodi sumi potest ab operatione. Accedit, requiri machinam reboot adhibere TCAM mutationem occasus.
Quam ob rem diligenter considerare debes an, in tuo situ, valeat ad hanc occasum in officinas currens exsequendam.
Haec prima pars seriei concludit. In altera parte videbimus per fabricam VxLAN fundere cum reticulorum separatione in diversas VRFs.
Nunc omnes invitare ad infra quem de cursu singillatim referam. Primi XX participes ad subcriptio huius webinaris accipient Discount Certificatorium via email intra 20-1 dies post iaci.
Source: www.habr.com