Pulogalamu ya ProHoster > Blog > Ulamuliro > VxLAN fakitale. Gawo 1

VxLAN fakitale. Gawo 1

Hello, habr. Panopa ndine mtsogoleri wa maphunziro a Network Engineer ku OTUS.
Poyembekezera kuyamba kwa kulembetsa kwatsopano kwa maphunzirowa "Network engineer", Ndakonzekera mndandanda wa nkhani za VxLAN EVPN teknoloji.

Pali zinthu zambiri za momwe VxLAN EVPN imagwirira ntchito, kotero ndikufuna kusonkhanitsa ntchito zosiyanasiyana ndi machitidwe kuti athetse mavuto kumalo amakono a deta.

VxLAN fakitale. Gawo 1

Mu gawo loyamba la mndandanda pa teknoloji ya VxLAN EVPN, ndikufuna kuyang'ana njira yokonzekera kugwirizana kwa L2 pakati pa makamu pamwamba pa nsalu ya intaneti.

Zitsanzo zonse zidzachitidwa pa Cisco Nexus 9000v, yosonkhanitsidwa mu Spine-Leaf topology. Sitidzakhazikika pakukhazikitsa maukonde a Underlay m'nkhaniyi.

  1. Underlay network
  2. BGP kuyang'ana kwa adilesi-banja l2vpn evpn
  3. Kupanga NVE
  4. Kupondereza-arp

Underlay network

Topology yomwe imagwiritsidwa ntchito ndi iyi:

VxLAN fakitale. Gawo 1

Tiyeni tiyike maadiresi pazida zonse:

Spine-1 - 10.255.1.101
Spine-2 - 10.255.1.102

Leaf-11 - 10.255.1.11
Leaf-12 - 10.255.1.12
Leaf-21 - 10.255.1.21

Host-1 - 192.168.10.10
Host-2 - 192.168.10.20

Tiyeni tiwone kuti pali kulumikizana kwa IP pakati pa zida zonse:

Leaf21# sh ip route
<........>
10.255.1.11/32, ubest/mbest: 2/0                      ! Leaf-11 доступСн Ρ‡Π΅Π΅Ρ€Π· Π΄Π²Π° Spine
    *via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
    *via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 2/0                      ! Leaf-12 доступСн Ρ‡Π΅Π΅Ρ€Π· Π΄Π²Π° Spine
    *via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
    *via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.21/32, ubest/mbest: 2/0, attached
    *via 10.255.1.22, Lo0, [0/0], 00:02:20, local
    *via 10.255.1.22, Lo0, [0/0], 00:02:20, direct
10.255.1.101/32, ubest/mbest: 1/0
    *via 10.255.1.101, Eth1/4, [110/41], 00:00:06, ospf-UNDERLAY, intra
10.255.1.102/32, ubest/mbest: 1/0
    *via 10.255.1.102, Eth1/3, [110/41], 00:00:03, ospf-UNDERLAY, intra

Tiyeni tiwone kuti dera la VPC lapangidwa ndipo masinthidwe onse adutsa cheke ndipo zokonda pamfundo zonse ziwiri ndizofanana:

Leaf11# show vpc 

vPC domain id                     : 1
Peer status                       : peer adjacency formed ok
vPC keep-alive status             : peer is alive
Configuration consistency status  : success
Per-vlan consistency status       : success
Type-2 consistency status         : success
vPC role                          : primary
Number of vPCs configured         : 0
Peer Gateway                      : Disabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled
Delay-restore status              : Timer is off.(timeout = 30s)
Delay-restore SVI status          : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router    : Disabled

vPC status
----------------------------------------------------------------------------
Id    Port          Status Consistency Reason                Active vlans
--    ------------  ------ ----------- ------                ---------------
5     Po5           up     success     success               1

BGP kuyang'ana

Pomaliza, mutha kupitiliza kukhazikitsa netiweki ya Overlay.

Monga gawo la nkhaniyi, m'pofunika kukonza maukonde pakati pa makamu, monga momwe chithunzi chili pansipa:

VxLAN fakitale. Gawo 1

Kuti mukonze netiweki ya Overlay, muyenera kuyatsa BGP pa Spine ndi Leaf switches mothandizidwa ndi banja la l2vpn evpn:

feature bgp
nv overlay evpn

Kenako, muyenera kukonza kuyang'ana kwa BGP pakati pa Leaf ndi Spine. Kuti muchepetse kukhazikitsidwa ndi kukhathamiritsa kugawa kwazomwe zimayendera, timakonza Spine ngati seva ya Route-Reflector. Tidzalemba Leaf onse mu config pogwiritsa ntchito ma templates kuti tikwaniritse kukhazikitsidwa.

Chifukwa chake zokonda pa Spine zikuwoneka motere:

router bgp 65001
  template peer LEAF 
    remote-as 65001
    update-source loopback0
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.1.11
    inherit peer LEAF
  neighbor 10.255.1.12
    inherit peer LEAF
  neighbor 10.255.1.21
    inherit peer LEAF

Kukhazikitsa pa Leaf switch kumawoneka chimodzimodzi:

router bgp 65001
  template peer SPINE
    remote-as 65001
    update-source loopback0
    address-family l2vpn evpn
      send-community
      send-community extended
  neighbor 10.255.1.101
    inherit peer SPINE
  neighbor 10.255.1.102
    inherit peer SPINE

Pa Spine, tiyeni tiwone kuyang'ana ndi masiwichi onse a Leaf:

Spine1# sh bgp l2vpn evpn summary
<.....>
Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
10.255.1.11     4 65001       7       8        6    0    0 00:01:45 0
10.255.1.12     4 65001       7       7        6    0    0 00:01:16 0
10.255.1.21     4 65001       7       7        6    0    0 00:01:01 0

Monga mukuonera, panalibe mavuto ndi BGP. Tiyeni tipitirire kukhazikitsa VxLAN. Kusintha kwina kudzachitika kokha pa Leaf mbali ya masiwichi. Msana umagwira ntchito ngati pachimake pa intaneti ndipo umangotenga nawo gawo pakutumiza magalimoto. Ntchito zonse za encapsulation ndi kutsimikiza njira zimachitika pama switch a Leaf okha.

Kupanga NVE

NVE - mawonekedwe apakompyuta

Tisanayambe kuyikapo, tiyeni titchule mawu akuti:

VTEP - Vitual Tunnel End Point, chipangizo chomwe msewu wa VxLAN umayambira kapena kutha. VTEP sikuti ndi chipangizo chilichonse cha netiweki. Seva yothandizira ukadaulo wa VxLAN imathanso kukhala ngati seva. Mu topology yathu, masinthidwe onse a Leaf ndi VTEP.

VNI - Virtual Network Index - chizindikiritso cha netiweki mkati mwa VxLAN. Fanizo likhoza kujambulidwa ndi VLAN. Komabe, pali zosiyana. Mukamagwiritsa ntchito nsalu, ma VLAN amakhala apadera mkati mwa Leaf switch imodzi ndipo samafalikira pa netiweki. Koma VLAN iliyonse ikhoza kukhala ndi nambala ya VNI yogwirizana nayo, yomwe imafalitsidwa kale pa intaneti. Tidzakambitsirananso za momwe zimawonekera komanso momwe zingagwiritsire ntchito.

Tiyeni tiwonetsetse kuti ukadaulo wa VxLAN ugwire ntchito komanso kuthekera kophatikiza manambala a VLAN ndi nambala ya VNI:

feature nv overlay
feature vn-segment-vlan-based

Tiyeni tikonze mawonekedwe a NVE, omwe amayang'anira ntchito ya VxLAN. Mawonekedwewa ali ndi udindo woyika mafelemu mumitu ya VxLAN. Mutha kujambula fanizo ndi mawonekedwe a Tunnel a GRE:

interface nve1
  no shutdown
  host-reachability protocol bgp ! ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌ BGP для ΠΏΠ΅Ρ€Π΅Π΄Π°Ρ‡ΠΈ ΠΌΠ°Ρ€ΡˆΡ€ΡƒΡ‚Π½ΠΎΠΉ ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ
  source-interface loopback0    ! интСрфСйс  с ΠΊΠΎΡ‚ΠΎΡ€ΠΎΠ³ΠΎ отправляСм ΠΏΠ°ΠΊΠ΅Ρ‚Ρ‹ loopback0

Pa Leaf-21 chosinthira chilichonse chimapangidwa popanda mavuto. Komabe, ngati tiwona zotsatira za lamulo show nve peers, pamenepo lidzakhala lopanda kanthu. Apa muyenera kubwerera ku kasinthidwe ka VPC. Tikuwona kuti Leaf-11 ndi Leaf-12 amagwira ntchito awiriawiri ndipo alumikizidwa ndi dera la VPC. Izi zimatipatsa zinthu zotsatirazi:

Host-2 imatumiza chimango chimodzi chopita ku Leaf-21 kuti chizidutsitsa pamaneti kupita ku Host-1. Komabe, Leaf-21 akuwona kuti adilesi ya MAC ya Host-1 ikupezeka kudzera ma VTEP awiri nthawi imodzi. Kodi Leaf-21 achite chiyani pamenepa? Kupatula apo, izi zikutanthauza kuti kuzungulira kungawonekere pamaneti.

Kuti tithane ndi vutoli, tifunika Leaf-11 ndi Leaf-12 kuti azigwiranso ntchito ngati chipangizo chimodzi mufakitale. Yankho lake ndi losavuta. Pa mawonekedwe a Loopback omwe timapanga ngalandeyi, onjezani adilesi yachiwiri. Adilesi Yachiwiri iyenera kukhala yofanana pa ma VTEP onse awiri.

interface loopback0
 ip add 10.255.1.10/32 secondary

Chifukwa chake, malinga ndi ma VTEP ena, timapeza ma topology awa:

VxLAN fakitale. Gawo 1

Ndiye kuti, tsopano ngalandeyo imangidwa pakati pa adilesi ya IP ya Leaf-21 ndi IP yeniyeni pakati pa Leaf-11 ndi Leaf-12. Tsopano sipadzakhala zovuta kuphunzira adilesi ya MAC kuchokera ku zida ziwiri ndi magalimoto amatha kuchoka ku VTEP kupita ku ina. Ndi iti mwa ma VTEP awiriwa omwe angayendetse magalimoto amasankhidwa pogwiritsa ntchito tebulo la Spine:

Spine1# sh ip route
<.....>
10.255.1.10/32, ubest/mbest: 2/0
    *via 10.255.1.11, Eth1/1, [110/41], 1d01h, ospf-UNDERLAY, intra
    *via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra
10.255.1.11/32, ubest/mbest: 1/0
    *via 10.255.1.11, Eth1/1, [110/41], 1d22h, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 1/0
    *via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra

Monga mukuwonera pamwambapa, adilesi 10.255.1.10 imapezeka nthawi yomweyo kudzera mu Next-hops ziwiri.

Munthawi imeneyi, tathana ndi kulumikizana koyambira. Tiyeni tipitirire kukhazikitsa mawonekedwe a NVE:
Tiyeni tiyambitse Vlan 10 nthawi yomweyo ndikuyiphatikiza ndi VNI 10000 pa Tsamba lililonse la omwe ali nawo. Tiyeni tikhazikitse njira ya L2 pakati pa makamu

vlan 10                 ! Π’ΠΊΠ»ΡŽΡ‡Π°Π΅ΠΌ VLAN Π½Π° всСх VTEP ΠΏΠΎΠ΄ΠΊΠ»ΡŽΡ‡Π΅Π½Π½Ρ‹Ρ… ΠΊ Π½Π΅ΠΎΠ±Ρ…ΠΎΠ΄ΠΈΠΌΡ‹ΠΌ хостам
  vn-segment 10000      ! АссоциируСм VLAN с Π½ΠΎΠΌΠ΅Ρ€ VNI 

interface nve1
  member vni 10000      ! ДобавляСм VNI 10000 для Ρ€Π°Π±ΠΎΡ‚Ρ‹ Ρ‡Π΅Ρ€Π΅Π· интСрфСйс NVE. для инкапсуляции Π² VxLAN
    ingress-replication protocol bgp    ! ΡƒΠΊΠ°Π·Ρ‹Π²Π°Π΅ΠΌ, Ρ‡Ρ‚ΠΎ для распространСния ΠΈΠ½Ρ„ΠΎΡ€ΠΌΠ°Ρ†ΠΈΠΈ ΠΎ хостС ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌ BGP

Tsopano tiyeni tiwone anzanu ndi tebulo la BGP EVPN:

Leaf21# sh nve peers
Interface Peer-IP          State LearnType Uptime   Router-Mac
--------- ---------------  ----- --------- -------- -----------------
nve1      10.255.1.10      Up    CP        00:00:41 n/a                 ! Π’ΠΈΠ΄ΠΈΠΌ Ρ‡Ρ‚ΠΎ peer доступСн с secondary адрСса

Leaf11# sh bgp l2vpn evpn

   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 10.255.1.11:32777    (L2VNI 10000)        ! ΠžΡ‚ ΠΊΠΎΠ³ΠΎ ΠΈΠΌΠ΅Π½Π½ΠΎ ΠΏΡ€ΠΈΡˆΠ΅Π» этот l2VNI
*>l[3]:[0]:[32]:[10.255.1.10]/88                                   ! EVPN route-type 3 - ΠΏΠΎΠΊΠ°Π·Ρ‹Π²Π°Π΅Ρ‚ нашСго сосСда, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ Ρ‚Π°ΠΊ ΠΆΠ΅ Π·Π½Π°Π΅Ρ‚ ΠΎΠ± l2VNI10000
                      10.255.1.10                       100      32768 i
*>i[3]:[0]:[32]:[10.255.1.20]/88
                      10.255.1.20                       100          0 i
* i                   10.255.1.20                       100          0 i

Route Distinguisher: 10.255.1.21:32777
* i[3]:[0]:[32]:[10.255.1.20]/88
                      10.255.1.20                       100          0 i
*>i                   10.255.1.20                       100          0 i

Pamwambapa tikuwona njira za EVPN zokha zamtundu wa 3. Njira yamtunduwu imakamba za anzawo(Leaf), koma otilandira ali kuti?
Chowonadi ndi chakuti zambiri za makamu a MAC zimafalitsidwa kudzera pa EVPN mtundu wa 2

Kuti muwone omwe ali nawo, muyenera kukonza mtundu wa 2 wa EVPN:

evpn
  vni 10000 l2
    route-target import auto   ! Π² Ρ€Π°ΠΌΠΊΠ°Ρ… Π΄Π°Π½Π½ΠΎΠΉ ΡΡ‚Π°Ρ‚ΡŒΠΈ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅ΠΌ автоматичСский Π½ΠΎΠΌΠ΅Ρ€ для route-target
    route-target export auto

Tiyeni tiyimbe kuchokera ku Host-2 kupita ku Host-1:

Firewall2# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
36 bytes from 192.168.10.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 192.168.10.1: icmp_seq=1 ttl=254 time=215.555 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=254 time=38.756 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=254 time=42.484 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=254 time=40.983 ms

Ndipo pansipa titha kuwona kuti njira ya 2 yokhala ndi adilesi ya MAC yolandila idawonekera patebulo la BGP - 5001.0007.0007 ndi 5001.0008.0007

Leaf11# sh bgp l2vpn evpn
<......>

   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 10.255.1.11:32777    (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216                      !  evpn route-type 2 ΠΈ mac адрСс хоста 1
                      10.255.1.10                       100      32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216                      ! evpn route-type 2 ΠΈ mac адрСс хоста 2
* i                   10.255.1.20                       100          0 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
                      10.255.1.10                       100      32768 i
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
                      10.255.1.20                       100          0 i
*>i                   10.255.1.20                       100          0 i

Kenako, mutha kuwona zambiri za Kusintha, komwe mudalandira zambiri za MAC Host. Pansipa sizinthu zonse zomwe zimatuluka.

Leaf21# sh bgp l2vpn evpn 5001.0007.0007

BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.11:32777        !  ΠΎΡ‚ΠΏΡ€Π°Π²ΠΈΠ» Update с MAC Host. НС Π²ΠΈΡ€Ρ‚ΡƒΠ°Π»ΡŒΠ½Ρ‹ΠΉ адрСс VPC, Π° адрСс Leaf
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216,
 version 1507
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW

  Path type: internal, path is valid, not best reason: Neighbor Address, no labe
led nexthop
  AS-Path: NONE, path sourced internal to AS
    10.255.1.10 (metric 81) from 10.255.1.102 (10.255.1.102)    ! с ΠΊΠ΅ΠΌ ΠΈΠΌΠ΅Π½Π½ΠΎ строим VxLAN Ρ‚ΠΎΠ½Π½Π΅Π»ΡŒ
      Origin IGP, MED not set, localpref 100, weight 0
      Received label 10000         ! НомСр VNI, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΉ ассоциирован с VLAN, Π² ΠΊΠΎΡ‚ΠΎΡ€ΠΎΠΌ находится Host
      Extcommunity: RT:65001:10000 SOO:10.255.1.10:0 ENCAP:8        ! Π’ΡƒΡ‚ Π²ΠΈΠ΄Π½ΠΎ, Ρ‡Ρ‚ΠΎ RT сформировался автоматичСски Π½Π° основС Π½ΠΎΠΌΠ΅Ρ€ΠΎΠ² AS ΠΈ VNI
      Originator: 10.255.1.11 Cluster list: 10.255.1.102
<........>

Tiyeni tiwone momwe mafelemu amawonekera akadutsa fakitale:

VxLAN fakitale. Gawo 1

Kuletsa-ARP

Zabwino, tsopano tili ndi kulumikizana kwa L2 pakati pa olandila ndipo titha kumaliza pamenepo. Komabe, si zonse zosavuta. Malingana ngati tili ndi ochereza ochepa sipadzakhala mavuto. Koma tiyeni tiyerekeze mkhalidwe umene tili ndi mazana ndi zikwi za makamu. Kodi tingakumane ndi vuto lotani?

Vutoli ndi BUM(Broadcast, Unknown Unicast, Multicast). M'nkhaniyi, tiwona njira yothanirana ndi magalimoto owulutsa.
Jenereta yayikulu ya Broadcast mu ma netiweki a Ethernet ndi omwe amakhala nawo kudzera pa protocol ya ARP.

Nexus imagwiritsa ntchito njira zotsatirazi kuti ithane ndi zopempha za ARP - suppress-arp.
Izi zimagwira ntchito motere:

  1. Host-1 imatumiza pempho la APR ku adilesi ya Broadcast ya netiweki yake.
  2. Pempho likufika pa Leaf switch ndipo mmalo mopereka pempholi ku nsalu yopita ku Host-2, Leaf amadziyankha yekha ndikuwonetsa IP ndi MAC yofunikira.

Chifukwa chake, pempho la Broadcast silinapite kufakitale. Koma izi zitha bwanji ngati Leaf amangodziwa adilesi ya MAC?

Chilichonse ndichosavuta, mtundu wa 2 wa EVPN, kuphatikiza adilesi ya MAC, imatha kutumiza kuphatikiza kwa MAC/IP. Kuti muchite izi, muyenera kukonza adilesi ya IP mu VLAN pa Leaf. Funso likubuka, ndiyenera kukhazikitsa IP iti? Pa nexus ndizotheka kupanga adilesi yogawidwa (yomweyi) pama switch onse:

feature interface-vlan

fabric forwarding anycast-gateway-mac 0001.0001.0001    ! Π·Π°Π΄Π°Π΅ΠΌ virtual mac для создания распрСдСлСнного шлюза ΠΌΠ΅ΠΆΠ΄Ρƒ всСми ΠΊΠΎΠΌΠΌΡƒΡ‚Π°Ρ‚ΠΎΡ€Π°ΠΌΠΈ

interface Vlan10
  no shutdown
  ip address 192.168.10.254/24          ! Π½Π° всСх Leaf Π·Π°Π΄Π°Π΅ΠΌ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²Ρ‹ΠΉ IP
  fabric forwarding mode anycast-gateway    ! Π³ΠΎΠ²ΠΎΡ€ΠΈΠΌ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒ Virtual mac

Chifukwa chake, kuchokera kwa omwe akukhala nawo, maukonde aziwoneka motere:

VxLAN fakitale. Gawo 1

Tiyeni tiwone BGP l2route evpn

Leaf11# sh bgp l2vpn evpn
<......>

   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 10.255.1.11:32777    (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
                      10.255.1.21                       100      32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
                      10.255.1.10                       100          0 i
* i                   10.255.1.10                       100          0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
                      10.255.1.10                       100          0 i
*>i                   10.255.1.10                       100          0 i

<......>

Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
                      10.255.1.20                       100          0 i
*>i                   10.255.1.20                       100          0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
*>i                   10.255.1.20                       100          0 i

<......>

Kuchokera pamawu olamula mutha kuwona kuti mumtundu wa EVPN mtundu 2, kuphatikiza pa MAC, tsopano tikuwonanso adilesi ya IP.

Tiyeni tibwerere ku kukhazikitsa suppress-arp. Izi zimayatsidwa pa VNI iliyonse padera:

interface nve1
  member vni 10000   
    suppress-arp

Kenako zovuta zina zimawuka:

  • Kuti izi zigwire ntchito, malo okumbukira TCAM amafunikira. Nachi chitsanzo cha makonda a suppress-arp:

hardware access-list tcam region arp-ether 256

Kukonzekera uku kudzafuna kuwirikiza kawiri. Izi ndizo, ngati mutakhazikitsa 256, ndiye kuti muyenera kumasula 512 ku TCAM. Kukhazikitsa TCAM sikudutsa m'nkhani ino, popeza kukhazikitsa TCAM kumadalira ntchito yomwe mwapatsidwa ndipo ikhoza kusiyana ndi intaneti imodzi.

  • Kukhazikitsa suppress-arp kuyenera kuchitika pazosintha zonse za Leaf. Komabe, zovuta zimatha kubwera mukamakonza pa Leaf awiriawiri okhala mu dera la VPC. Ngati TCAM isinthidwa, kusagwirizana pakati pa awiriawiri kudzasweka ndipo node imodzi ikhoza kuchotsedwa ntchito. Kuonjezera apo, kuyambiransoko chipangizo kungafunike kuti mugwiritse ntchito kusintha kwa TCAM.

Zotsatira zake, muyenera kuganizira mozama ngati, muzochitika zanu, ndikofunikira kukhazikitsa izi kukhala fakitale yothamanga.

Izi zikumaliza gawo loyamba la mndandanda. Mu gawo lotsatira tiwona njira yodutsa munsalu ya VxLAN ndi kulekanitsa maukonde kukhala ma VRF osiyanasiyana.

Ndipo tsopano ndikuitana aliyense webinar yaulere, m'mene ndikuuzeni mwatsatanetsatane za maphunzirowa. Oyamba 20 omwe adalembetsa nawo webinar iyi alandila Sitifiketi Yochotsera kudzera pa imelo mkati mwa masiku 1-2 kuchokera kuulutsidwa.

Source: www.habr.com

Kuwonjezera ndemanga