Salve, Habr. Pergo seriem articulorum in technologia VxLAN EVPN, quam sunt scripta specialiter ad launch of course per OTUS. Hodieque partem interesting operis - routing spectabimus. Quamvis leve sonet, tamen intra ambitum operis retis officina, omnia non tam simplicia esse possunt.
In ultima parte unam iaci domain aedificatam super fabricam retis in nexu 9000v consecuti sumus. Nihilominus, hoc non est tota ampliatio operum quae solvenda est intra ornatum centrum datae. Et hodie inspiciemus proximum negotium - evertere inter retiacula vel inter VNIs.
Admoneam te ut topologiae Spinae-folii usus sit;
Primum videamus quomodo fiat fugatio et quid habeat.
Intellegere, logicam diagramma simpliciorem reddere et aliud VNI 20000 Hostiae addere. Consequens est:
Quomodo hoc in casu ab uno Hostia in aliam negotiationem potes transferre?
Duo sunt optiones:
- Retineas informationes de omnibus VNIs in omnibus virgas Foliorum, tunc omnia fugata occurrent in primo Folio in retiaculis;
- Dedicata L3 VNI . utere
Primus modus est simplex et conveniens. Cum vos iustus postulo ut omnes VNI in omni Foli virgas instituere. Quamquam complura centum vel milia VNIs constituens pro omnibus Foliis non iam simplex negotium videtur. Ideo in opere raro admodum usurpatur.
Methodum inspiciamus 2, quae plus interesting et paulo implicatior est, sed flexibilitatem magis dat in fabricandis constituendis.
Addamus "PROD" ad topologiam VRF. Huic adiiciemus interfaciem vlan 10 in Folii 11/12 par et interfaciem VLAN 20 in Folium-21. VLAN 20 coniungitur cum VNI 20000
vrf context PROD
rd auto ! Route Distinguisher не принципиален и можем использовать сформированный автоматически
address-family ipv4 unicast
route-target both auto ! указываем Route-target с которым будут импортироваться и экспортироваться префиксы в/из VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayUt L3VNI utaris, debes novam VLAN creare et cum novo VNI coniungere. Novus VNI idem esse debet in omnibus Foliis quae in VLAN X et XX informationibus requiruntur
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Создаем L3 VNI
vrf context PROD
vni 99000 ! Привязываем L3 VNI к определенному VRFQuam ob rem schema sic erit:
Reliquum est ut paulo - unum interfaciam plus addat - interfaciei vlan 99 in VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! На интерфейсе не должно быть IP. Используется только для пересылки пакетов между LeafQuam ob rem logica ratiocinandi de replo ab hoste-1 ad Hostiam transiens haec est:
- Artus ab Host-I missa advenit Folium in VLAN X, quod cum VNI 1 coniungitur;
- Folium inhibet ubi oratio destinatum est et invenit eam per L3 VNI in secundo Foli switch;
- Ut primum iter ad destinationem inscriptionis inuenitur, Folium artus in caput L3VNI 99000 fasciculi inuenitur, et eum ad secundum Folium emittit;
- Alterum Folium switch data ex L3VNI 99000 accipit. Artam originalem accipit et ad 2 L20000VNI inquisitam transfert et deinde ad VLAN XX.
Ex hoc opere, L3VNI excludit necessitatem ut informationes de omnibus VNIs quae in reticulo in omnibus virgas Foliorum sunt.
Quam ob rem, cum negotiatio ab Hostia-1 ad Hostiam mittimus, fasciculus intra VxLAN cum novo VNI - 2 refertus est;
Superest videndum quam exacte discat 1 Folium de inscriptione MAC ab alia VNI. Hoc quoque evenit utens II itineris genus EVPN (MAC/IP).
Sequens ostendit processum propagandi meatus circa praepositionem in alio VNI positam;
Id est, inscriptiones ab VNI 20000 receptas duas RTs habent.
Admoneam me tibi itinera ab Renovatione recepta in mensa BGP cum Route-scopis in VRF occasus designatis (processus aliquanto magis implicatus est, sed in hunc articulum non inseremus).
Ipsa RT formatur secundum formulam: AS:VNI (si modus latae sententiae adhibetur).
Exemplum RT formationis in modum latis et manualis:
vrf context PROD
address-family ipv4 unicast
route-target import auto - автоматический режим работы
route-target export 65001:20000 - ручной режим формирования RTProventus supra demonstrat quod praefixa ex alia VNI habent duo valores RT.
Earum una est 65001: 99000 - adiectis L3 VNI. Cum hoc VNI in omnibus Foliis idem sit ac sub nostra importa regula in VRF occasus cadat, praepositio in tabula BGP desinens, quae ex output videri potest;
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! Префикс полученный из VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iSi propius ad renovationem receptam inspiciamus, videre possumus hanc praepositionem duas RTs habere:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! Два label для работы VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! Два значения Route-target, на основе, которых добавили данный префикс
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>In tabula fuso in Leaf-1 praepositione etiam videre potes 192.168.20.20/32;
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! Адрес Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! Доступный через Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Через VNI 99000Animadvertit absentiam praepositionis principalis 192.168.20.0/24 in excitanda mensa?
Sic est, ibi non est. Hoc est, Folia remota tantum informationes accipiunt de exercitibus quae in retiacula tua sunt. Et hoc est honestum moribus. Ante omnia in omnibus updates videre potes informationes venire cum MAC/IP contentis. Nulla praefigitur enarratio.
Haec est quomodo Mobilitas Hostiae Procurator (HMM) protocollum operatur, quod mensam ARP implet, ex qua mensa BGP tunc impletur (hoc processum ad proposita huius articuli omittemus). Fundatur in informationibus ab HMM acceptis, II itineris genus EVPN formatur (transmittitur MAC/IP).
Sed quid si opus est ut informationes de praepositione transmittant?
Ad hoc genus informationis, evPN itineris genus 5 est - permittit ut transmittere praefixiones per l2vpn evpn inscriptionis-familiae (hoc genus itinerum tempore scribendi solum in versione emissa est. propter hoc, mores huius viae diversi inter artifices differre possunt)
Ut praefixiones transmittant, praefixas addere oportet quae in BGP processu VRF proscriptiones erunt:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! В данном случае анонсируем префиксы подключение непосредственно к Leaf в VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Указываем какой использовать prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Указываем какие сети будут попадать в EVPN route-type 5Quam ob rem, Renovatio habebit;
Inspice mensam BGP. Praeter EVPN itineris genus 2,3, apparuerunt viae typus 5 quae informationes continent de numero retis:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 с номером префикса
10.255.1.10 0 100 0 ?
* i
<.......> Praefixio etiam in mensa excitanda apparuit;
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Удаленный префикс, доступный через Leaf1/2(адрес Next-hop = virtual IP между парой VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! Префикс доступен через L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmHoc concludit secundam partem seriei articulorum in VxLAN EVPN. In altera parte videbimus varias optiones inter VRFs excitandas.
Source: www.habr.com