Hei Habr. Kei te haere tonu ahau i nga raupapa tuhinga mo te hangarau VxLAN EVPN, e i tuhia motuhake mo te whakarewatanga o te akoranga na OTUS. Na i tenei ra ka whakaarohia e tatou tetahi waahanga whakamere o nga mahi - ararere. Ahakoa he aha te ahua o te tangi, engari, hei waahanga o te mahi a te wheketere whatunga, kaore e tino ngawari nga mea katoa.
I te wahanga whakamutunga, i tutuki i a matou tetahi rohe haapurororaa i hangaia ki runga ake o te papanga whatunga i runga i te Nexus 9000v. Engari, ehara tenei i te katoa o nga mahi hei whakaoti i roto i te anga o te whatunga pokapū raraunga. Na i tenei ra ka whakaarohia e maatau nga mahi e whai ake nei - ararere i waenga i nga whatunga, i waenga ranei i nga VNI.
Me whakamahara ahau ki a koe kei te whakamahia te topology-Leaf:
Hei timata, ka wetewetehia me pehea te puta o te ararere me nga ahuatanga kei roto.
Mo te maarama, me whakangawari te hoahoa arorau me te taapiri i tetahi atu VNI 20000 mo te Kaihautu-2. Ko te hua ko:
Me pehea, i tenei keehi, ka taea e koe te whakawhiti waka mai i tetahi Kaihautu ki tetahi atu?
E rua nga whiringa:
- Puritia nga korero mo nga VNI katoa i runga i nga huringa Rau katoa, katahi ka puta nga ararere katoa ki te Rau tuatahi i te whatunga;
- Whakamahia whakatapua - L3 VNI
Ko te huarahi tuatahi he ngawari me te waatea. I te mea me timata koe i nga VNI katoa i runga i nga huringa Rau katoa. Heoi, ko te whakahaere i etahi rau, mano tini ranei o nga VNI i runga i te katoa o te Rau kaore he mahi ngawari. Na reira, i roto i te mahi he tino uaua te whakamahi.
Ka wetewetehia te tikanga 2, he pai ake, he uaua ake, engari he ngawari ake te whakarite i te wheketere.
Me taapiri "PROD" ki te topology VRF. Me taapiri te atanga vlan 10 ki runga i te takirua Leaf-11/12 me te atanga VLAN 20 ki te Leaf-21. Ko te VLAN 20 e hono ana ki te VNI 20000
vrf context PROD
rd auto ! Route Distinguisher не принципиален и можем использовать сформированный автоматически
address-family ipv4 unicast
route-target both auto ! указываем Route-target с которым будут импортироваться и экспортироваться префиксы в/из VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayHei whakamahi i te L3VNI, me hanga e koe he VLAN hou, hono atu ki te VNI hou. Me rite te VNI hou ki nga Rau katoa e hiahia ana ki nga korero VLAN 10 me 20.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Создаем L3 VNI
vrf context PROD
vni 99000 ! Привязываем L3 VNI к определенному VRFKo te mutunga, ka penei te ahua o te hoahoa:
He iti noa te whakaoti - taapirihia tetahi atanga - atanga vlan 99 i roto i te VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! На интерфейсе не должно быть IP. Используется только для пересылки пакетов между LeafKo te mutunga, ko te arorau o te tuku i te anga mai i Host-1 ki Host-2 e whai ake nei:
- Ko te anga i tukuna e Kaihautu-1 ka tae mai ki runga Rau i VLAN 10, e hono ana ki te VNI 10000;
- Ka tirohia e te rau kei hea te wahitau ūnga ka kitea ma te L3 VNI i te whakawhiti tuarua o te Rau;
- Ina kitea te huarahi ki te wahitau ūnga, ka whakakoia e te Rau te anga ki roto i te pane me te L3VNI 99000 e tika ana - ka tukuna atu ki te Rau tuarua;
- Ko te huringa Leaf tuarua ka whiwhi raraunga mai i te L3VNI 99000. Ka tikina te anga taketake ka whakawhiti ki te L2VNI 20000 e hiahiatia ana katahi ki VLAN 20.
Ko te hua o tenei mahi, ka whakakorehia e L3VNI te hiahia ki te pupuri i nga korero mo nga VNI katoa kei runga i te whatunga i runga i nga huringa Leaf katoa.
Ko te mutunga mai, ka tukuna e matou nga waka mai i te Kaihautu-1 ki te Kaihautu-2, ka kiki te paatete ki roto VxLAN me te VNI hou - 99000:
Kei te noho tonu kia kitea me pehea te ako a Leaf-1 mo te wahitau MAC mai i tetahi atu VNI. Ka puta ano tenei ma te awhina a EVPN ara-momo 2 (MAC / IP).
Ko nga mea e whai ake nei e whakaatu ana i te tukanga o te whakamaarama i tetahi ara mo te prefix kei tetahi atu VNI:
Arā, ko ngā wāhitau kua riro mai i VNI 20000 e rua nga RT.
Me whakamahara ahau ki a koe ko nga huarahi i whakawhiwhia mai i te Whakahoutanga ka taka ki roto i te tepu BGP me te whainga-ara kua tohua i roto i nga tautuhinga VRF (he ahua uaua te mahi, engari kaore matou e uru ki tenei tuhinga).
Ko te RT ake ka hangaia e te tauira: AS:VNI (mehemea ka whakamahia te aratau aunoa).
He tauira o te hanganga RT i roto i nga aratau aunoa me te a-ringa:
vrf context PROD
address-family ipv4 unicast
route-target import auto - автоматический режим работы
route-target export 65001:20000 - ручной режим формирования RTKo te mutunga mai, ka kite koe i runga ake ko nga prefix mai i tetahi atu VNI e rua nga uara RT.
Ko tetahi o ratou 65001: 99000 he taapiri L3 VNI. I te mea he rite tonu tenei VNI ki runga i nga Rau katoa ka taka ki raro i o maatau ture kawemai i nga tautuhinga VRF, ka uru te prefix ki te ripanga BGP, ka kitea mai i te putanga:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! Префикс полученный из VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iMena ka ata titiro atu tatou ki te whakahou kua tae mai, ka kite tatou e rua nga RT o tenei prefix:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! Два label для работы VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! Два значения Route-target, на основе, которых добавили данный префикс
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>I te ripanga ararere i runga i te Rau-1, ka taea e koe te kite i te prefix 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! Адрес Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! Доступный через Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Через VNI 99000Tirohia te 192.168.20.0/24 tuatahi kei te ngaro i te ripanga ararere?
Ka tika, kaore ia i reira. Arā, ka whiwhi korero a Leafs mamao mo nga kaihautu kei runga i to whatunga. A koinei te whanonga tika. I runga ake, i nga whakahoutanga katoa, ka kite koe ka tae mai nga korero me nga ihirangi o MAC / IP. Karekau he prefix hei korero.
Koinei te kawa Kaiwhakahaere Mobility Kaihautū (HMM), e whakakī ana i te ripanga ARP mai i reira ka whakakiia te ripanga BGP (ka waiho e matou tenei tukanga i roto i te anga o tenei tuhinga). I runga i nga korero i whakawhiwhia mai i te HMM, ka hangaia nga huarahi-momo 2 EVPNs (i tukuna e MAC / IP).
Heoi, ka pehea mena he hiahia ki te tuku korero mo te prefix?
Mo tenei momo korero, kei reira te EVPN ara-momo 5 - ka taea e koe te tuku tohumua ma te wahitau-whānau l2vpn evpn (ko tenei momo ara i te wa o tenei tuhi kei roto noa i te putanga tauira , na tenei, he rereke pea nga ahuatanga o nga kaihanga rereke o tenei momo huarahi)
Hei whakawhiti i nga prefix, he mea tika ki te taapiri i nga prefix i roto i te tukanga BGP mo VRF, ka panuitia:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! В данном случае анонсируем префиксы подключение непосредственно к Leaf в VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Указываем какой использовать prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Указываем какие сети будут попадать в EVPN route-type 5Ko te mutunga, ko te Whakahoutanga ko:
Kia titiro tatou ki te ripanga BGP. I tua atu i te EVPN ara-momo 2,3, momo 5 ara kua puta kei roto nga korero mo te tau whatunga:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 с номером префикса
10.255.1.10 0 100 0 ?
* i
<.......> I puta ano te prefix i te ripanga ararere:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Удаленный префикс, доступный через Leaf1/2(адрес Next-hop = virtual IP между парой VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! Префикс доступен через L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmKa mutu tenei i te waahanga tuarua o te raupapa tuhinga mo VxLAN EVPN. I te waahanga e whai ake nei, ka whakaarohia e matou nga momo whiringa mo te ararere i waenga i nga VRF.
Source: will.com