Talofa Habr. Ou te faʻaauauina le faasologa o tala ile VxLAN EVPN tekinolosi, lea na tusia fa'apitoa mo le fa'alauiloaina o le kosi e OTUS. Ma o aso nei o le a tatou mafaufau i se vaega manaia o galuega - taʻavale. E tusa lava po o le a le faʻalogona atonu e foliga mai, peitaʻi, o se vaega o le galuega a se fale gaosi fesoʻotaʻiga, atonu e le faigofie mea uma.
I le vaega mulimuli, na matou ausia le tasi faʻasalalauga faʻasalalauga fau i luga o se ie fesoʻotaʻiga i luga o le Nexus 9000v. Ae ui i lea, e le o le vaega atoa lea o galuega e manaʻomia ona foia i totonu o le faʻavae o le upega tafaʻilagi o faʻamaumauga. Ma o aso nei o le a tatou mafaufau i le galuega o loʻo mulimuli mai - taʻavale i le va o fesoʻotaʻiga poʻo le va o VNI.
Sei ou faamanatu atu ia te oe o le Spine-Leaf topology e faʻaaogaina:
I le amataga, o le a tatou iloiloina pe faʻafefea ona tupu le taʻavale ma o a mea e iai.
Mo le malamalama, faʻafaigofie le faʻataʻitaʻiga ma faʻaopoopo se isi VNI 20000 mo Host-2. O le taunuuga o le:
E faʻapefea, i lenei tulaga, e mafai ona e faʻafeiloaʻi fefaʻatauaiga mai le tasi Host i le isi?
E lua filifiliga:
- Taofi faʻamatalaga e uiga i VNI uma i luga ole laiga uma, ona tupu uma ai lea o auala ile Laulau muamua ile fesoʻotaʻiga;
- Fa'aaogā fa'amaoni - L3 VNI
O le auala muamua e faigofie ma faigofie. Talu ai e na'o lou mana'omia e amata uma VNI i luga ole laiga uma. Ae ui i lea, o le faʻatinoina o ni nai selau pe afe o VNI i luga o le Laulau atoa e le o toe foliga mai o se galuega faigofie. O le mea lea, i le galuega e seasea faʻaaogaina.
O le a matou suʻesuʻeina le metotia 2, e sili atu ona manaia ma sili atu ona lavelave, ae tuʻuina atu le tele o fetuunaiga i le faʻatulagaina o le fale gaosimea.
Tatou fa'aopoopo le "PROD" ile VRF topology. Se'i o tatou fa'aopoopo i ai le vlan 10 i luga ole pa'aga o le Laulau-11/12 ma fa'afeso'ota'i le VLAN 20 ile Laulau-21. VLAN 20 e feso'ota'i ma VNI 20000
vrf context PROD
rd auto ! Route Distinguisher не принципиален и можем использовать сформированный автоматически
address-family ipv4 unicast
route-target both auto ! указываем Route-target с которым будут импортироваться и экспортироваться префиксы в/из VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayIna ia faʻaaoga le L3VNI, e tatau ona e fatuina se VLAN fou, faʻafesoʻotaʻi ma le VNI fou. Ole VNI fou e tatau ona tutusa i luga o Laulau uma e fiafia ile VLAN 10 ma le 20 faʻamatalaga.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Создаем L3 VNI
vrf context PROD
vni 99000 ! Привязываем L3 VNI к определенному VRFO se taunuuga, o le ata o le a pei o lenei:
O loʻo tumau pea e faʻamaeʻa sina mea itiiti - faʻaopoopo se isi faʻaoga - faʻaoga vlan 99 i le VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! На интерфейсе не должно быть IP. Используется только для пересылки пакетов между LeafO le iʻuga, o le manatu o le pasia o le faʻavaa mai le Host-1 i le Host-2 e faʻapea:
- O se fa'avaa na lafo mai e le Host-1 e taunu'u i luga o le Laulau ile VLAN 10, lea e feso'ota'i ma VNI 10000;
- E siaki e laulaau po'o fea le tuatusi o lo'o i ai ma maua e ala ile L3 VNI ile ki lona lua ole Laulau;
- O le taimi lava e maua ai le ala i le tuatusi o lo'o i ai, e fa'apipi'i e le Laulau le fa'avaa i totonu o se ulutala ma le L3VNI 99000 talafeagai - ma lafo atu i le Laulau lona lua;
- O le suiga lona lua o le Laulau e maua ai fa'amatalaga mai le L3VNI 99000. Maua le fa'avaa muamua ma tu'u atu i le L2VNI 20000 mana'omia ona fa'asolo lea i le VLAN 20.
O se taunuuga o lenei galuega, L3VNI aveese le manaʻoga e teu faʻamatalaga e uiga i VNI uma o loʻo i luga o le fesoʻotaʻiga i luga ole laiga uma.
O se taunuuga, pe a matou lafoina fefaʻatauaiga mai le Host-1 i le Host-2, o loʻo faʻapipiʻi le pusa i totonu o le VxLAN ma le VNI fou - 99000:
O loʻo tumau pea le vaʻaia pe faʻapefea ona iloa tonu e Leaf-1 le tuatusi MAC mai se isi VNI. E tupu foi lenei mea i le fesoasoani a le EVPN auala-ituaiga 2 (MAC / IP).
O loʻo faʻaalia i lalo le faʻagasologa o le faʻasalalauina o se auala e uiga i se prefix o loʻo i totonu o se isi VNI:
O lona uiga, o tuatusi na maua mai le VNI 20000 e lua RTs.
Sei ou faamanatu atu ia te oe o auala na maua mai le Update e pa'ū i totonu o le laulau BGP ma le Auala-taulai o loʻo faʻamaonia i totonu o le VRF (o le faagasologa e sili atu ona faigata, ae matou te le alu i lenei tusiga).
O le RT lava ia e faia i le fua fa'atatau: AS: VNI (pe a fa'aogaina le fa'aogaina otometi).
O se faʻataʻitaʻiga o le faʻavaeina o le RT i auala otometi ma tusi lesona:
vrf context PROD
address-family ipv4 unicast
route-target import auto - автоматический режим работы
route-target export 65001:20000 - ручной режим формирования RTO le i'uga, e mafai ona e va'ai i luga o fa'ailoga mai le isi VNI e lua fa'atauga RT.
O se tasi o latou 65001: 99000 o se L3 VNI faaopoopo. Talu ai o lenei VNI e tutusa i luga o Leafs uma ma e pa'ū i lalo oa tatou tulafono faʻaulufale mai i totonu o le VRF, o le prefix e oʻo i le laulau BGP, lea e mafai ona vaʻaia mai le gaioiga:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! Префикс полученный из VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iAfai tatou te vaʻavaʻai totoʻa ile faʻafouga na maua, e mafai ona tatou iloa o lenei prefix e lua RTs:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! Два label для работы VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! Два значения Route-target, на основе, которых добавили данный префикс
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>I le laulau fa'asolosolo ile Laulau-1, e mafai fo'i ona e va'ai i le prefix 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! Адрес Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! Доступный через Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Через VNI 99000Matau le mea muamua o lo'o misi 192.168.20.0/24 ile laulau fa'aala?
E sa'o, e le o iai o ia. O lona uiga, e maua e Leafs mamao faʻamatalaga e uiga i 'au o loʻo i luga o lau fesoʻotaʻiga. Ma o le amio sa'o lea. I luga, i faʻafouga uma, e mafai ona e vaʻaia o faʻamatalaga e sau ma mea o loʻo i totonu o le MAC / IP. E leai ni prefix e tautala ai.
O le Host Mobility Manager (HMM) protocol, lea e faʻatumu ai le laulau ARP lea o loʻo faʻatumu atili ai le laulau BGP (o le a matou faʻaaogaina lenei faiga i totonu o le faʻavae o lenei tusiga). Faʻavae i luga o faʻamatalaga na maua mai le HMM, auala-ituaiga 2 EVPN o loʻo faia (faʻasalalau e MAC / IP).
Ae peita'i, fa'afefea pe a iai se mana'oga e pasi fa'amatalaga e uiga i se prefix?
Mo lenei ituaiga o faʻamatalaga, o loʻo i ai le EVPN auala-ituaiga 5 - e faʻatagaina oe e lafoina prefix e ala ile tuatusi-aiga l2vpn evpn (o lenei ituaiga o auala i le taimi o lenei tusitusiga e naʻo le ata faataitai. , ona o lenei mea, e mafai e tagata gaosi oloa eseese ona i ai amioga eseese o lenei ituaiga auala)
Ina ia faʻafeiloaʻi prefix, e manaʻomia le faʻaopoopoina o faʻailoga i le BGP process mo VRF, lea o le a faʻasalalau:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! В данном случае анонсируем префиксы подключение непосредственно к Leaf в VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Указываем какой использовать prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Указываем какие сети будут попадать в EVPN route-type 5O le i'uga, Fa'afouina o le a:
Sei o tatou tilotilo i le laulau BGP. I le faaopoopo atu i le EVPN auala-ituaiga 2,3, ituaiga 5 auala ua aliali mai o loʻo iai faʻamatalaga e uiga i le numera fesoʻotaʻiga:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 с номером префикса
10.255.1.10 0 100 0 ?
* i
<.......> Na fa'aalia fo'i le prefix i le laulau fa'ata'avalevale:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Удаленный префикс, доступный через Leaf1/2(адрес Next-hop = virtual IP между парой VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! Префикс доступен через L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmE fa'ai'u le vaega lona lua o se faasologa o tala ile VxLAN EVPN. I le isi vaega, o le a tatou mafaufau i filifiliga eseese mo le taʻavale i le va o VRFs.
puna: www.habr.com