Mhoro, habr. Parizvino ndiri mutungamiri wekosi yeNetwork Engineer kosi kuOTUS.
Mukutarisira kutanga kwekunyoresa kutsva kwekosi , Ndakagadzirira zvinyorwa zvezvinyorwa zveVxLAN EVPN teknolojia.
Pane huwandu hukuru hwezvinhu zvekuti VxLAN EVPN inoshanda sei, saka ndinoda kuunganidza akasiyana mabasa uye maitiro ekugadzirisa matambudziko munzvimbo yemazuva ano data.
Muchikamu chekutanga chekutevedzana paVxLAN EVPN tekinoroji, ndinoda kutarisa nzira yekuronga L2 yekubatanidza pakati pevaenzi pamusoro pemucheka wetiweki.
Mienzaniso yese ichaitwa paCisco Nexus 9000v, yakaunganidzwa muSpine-Leaf topology. Hatisi kuzogara pakumisikidza Underlay network mune ino chinyorwa.
- Underlay network
- BGP yakatarisa kero-yemhuri l2vpn evpn
- Kugadzira NVE
- Suppress-arp
Underlay network
Iyo topology inoshandiswa ndeyotevera:
Ngatisete kero pamidziyo yese:
Spine-1 - 10.255.1.101
Spine-2 - 10.255.1.102
Leaf-11 - 10.255.1.11
Leaf-12 - 10.255.1.12
Leaf-21 - 10.255.1.21
Host-1 - 192.168.10.10
Host-2 - 192.168.10.20Ngatitarisei kuti pane IP yekubatanidza pakati pemidziyo yese:
Leaf21# sh ip route
<........>
10.255.1.11/32, ubest/mbest: 2/0 ! Leaf-11 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 2/0 ! Leaf-12 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.21/32, ubest/mbest: 2/0, attached
*via 10.255.1.22, Lo0, [0/0], 00:02:20, local
*via 10.255.1.22, Lo0, [0/0], 00:02:20, direct
10.255.1.101/32, ubest/mbest: 1/0
*via 10.255.1.101, Eth1/4, [110/41], 00:00:06, ospf-UNDERLAY, intra
10.255.1.102/32, ubest/mbest: 1/0
*via 10.255.1.102, Eth1/3, [110/41], 00:00:03, ospf-UNDERLAY, intraNgatitarisei kuti VPC domain yagadzirwa uye zvese zvinochinja zvapfuura cheki yekusagadzikana uye marongero ari maviri node akafanana:
Leaf11# show vpc
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
5 Po5 up success success 1BGP kutarisa
Pakupedzisira, unogona kuenderera mberi nekumisikidza iyo Overlay network.
Sechikamu chechinyorwa, zvinodikanwa kuronga network pakati pevaenzi, sezvakaratidzwa mumufananidzo uri pazasi:
Kuti ugadzirise iyo Overlay network, unofanirwa kugonesa BGP pane Spine uye Leaf switch nerutsigiro rwe l2vpn evpn mhuri:
feature bgp
nv overlay evpnTevere, unofanirwa kugadzirisa BGP kutarisa pakati peLeaf neSpine. Kurerutsa kuseta uye kukwidziridza kugovera kweruzivo rwekufambisa, isu tinogadzirisa Spine seNzira-Reflector server. Isu tichanyora ese Leaf mugadziriso tichishandisa matemplate kukwenenzvera kuseta.
Saka marongero ari paSpine anotaridzika seizvi:
router bgp 65001
template peer LEAF
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.255.1.11
inherit peer LEAF
neighbor 10.255.1.12
inherit peer LEAF
neighbor 10.255.1.21
inherit peer LEAFIyo setup paLeaf switch inotaridzika zvakafanana:
router bgp 65001
template peer SPINE
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.255.1.101
inherit peer SPINE
neighbor 10.255.1.102
inherit peer SPINEPaSpine, ngatitarisei kutarisisa nese Leaf switch:
Spine1# sh bgp l2vpn evpn summary
<.....>
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.1.11 4 65001 7 8 6 0 0 00:01:45 0
10.255.1.12 4 65001 7 7 6 0 0 00:01:16 0
10.255.1.21 4 65001 7 7 6 0 0 00:01:01 0Sezvauri kuona, pakanga pasina matambudziko neBGP. Ngatienderere mberi kumisikidza VxLAN. Kumwe kugadziridzwa kuchaitwa chete paLeaf side rema switch. Spine inoshanda chete seye musimboti wetiweki uye inongobatanidzwa mukufambisa traffic. Yese encapsulation uye nzira yekumisa basa inoitika chete paLeaf switch.
Kugadzira NVE
NVE - network virtual interface
Tisati tatanga kuseta, ngatitangei mamwe mazwi:
VTEP - Vitual Tunnel End Point, mudziyo unotanga kana kupera VxLAN tunnel. VTEP haisati iri iyo chero network network. Sevha inotsigira VxLAN tekinoroji inogonawo kuita sevhavha. Mune yedu topology, ese maLeaf switches ari VTEP.
VNI - Virtual Network Index - network identifier mukati meVxLAN. Enzaniso inogona kudhonzwa neVLAN. Zvisinei, pane zvimwe zvakasiyana. Paunenge uchishandisa jira, maVLAN anove akasiyana chete mukati meLeaf switch imwe chete uye haafambiswe pane network. Asi VLAN yega yega inogona kuve nenhamba yeVNI yakabatana nayo, iyo yakatofambiswa pamusoro petiweki. Kuti rinoratidzika sei uye kuti ringashandiswa sei zvichakurukurwa mberi.
Ngatigonese chimiro cheVxLAN tekinoroji kushanda uye kugona kubatanidza nhamba dzeVLAN nenhamba yeVNI:
feature nv overlay
feature vn-segment-vlan-basedNgatigadzirise iyo NVE interface, iyo ine basa rekushanda kweVxLAN. Iyi interface ine basa rekuvhara mafuremu muVxLAN misoro. Iwe unogona kudhirowa fananidzo neTunnel interface yeGRE:
interface nve1
no shutdown
host-reachability protocol bgp ! ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGP Π΄Π»Ρ ΠΏΠ΅ΡΠ΅Π΄Π°ΡΠΈ ΠΌΠ°ΡΡΡΡΡΠ½ΠΎΠΉ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ
source-interface loopback0 ! ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ Ρ ΠΊΠΎΡΠΎΡΠΎΠ³ΠΎ ΠΎΡΠΏΡΠ°Π²Π»ΡΠ΅ΠΌ ΠΏΠ°ΠΊΠ΅ΡΡ loopback0PaLeaf-21 switch zvese zvinogadzirwa pasina matambudziko. Zvisinei, kana tikatarisa kubudiswa kwemurairo show nve peers, ipapo richava risina chinhu. Pano iwe unofanirwa kudzokera kuVPC kumisikidza. Tinoona kuti Leaf-11 neLeaf-12 vanoshanda vari vaviri uye vakabatana neVPC domain. Izvi zvinotipa mamiriro anotevera:
Host-2 inotumira furemu imwe yakananga Leaf-21 kuitira kuti itumire pamusoro penetiweki yakananga kuHost-1. Nekudaro, Leaf-21 inoona kuti kero yeMAC yeHost-1 inowanikwa kuburikidza neVTEP mbiri kamwechete. Chii chinofanira kuita Leaf-21 munyaya iyi? Mushure mezvose, izvi zvinoreva kuti loop inogona kuoneka mune network.
Kugadzirisa mamiriro aya, tinoda Leaf-11 uye Leaf-12 kuti iitewo semudziyo mumwe mukati mefekitori. Mhinduro yacho iri nyore. PaLoopback interface yatinovaka mugero, wedzera kero yechipiri. Kero yeSekondari inofanirwa kunge yakafanana pamaVTEP ese ari maviri.
interface loopback0
ip add 10.255.1.10/32 secondarySaka, kubva pakuona kwemamwe maVTEP, tinowana inotevera topology:
Ndokunge, ikozvino mugero uchavakwa pakati peiyo IP kero yeLeaf-21 uye iyo chaiyo IP pakati pemashizha maviri-11 uye Leaf-12. Ikozvino hapazovi nematambudziko ekudzidza kero yeMAC kubva kumidziyo miviri uye traffic inogona kufamba kubva kune imwe VTEP kuenda kune imwe. Ndeipi yeVTEP mbiri ichagadzirisa traffic inosarudzwa uchishandisa tafura yenzira paSpine:
Spine1# sh ip route
<.....>
10.255.1.10/32, ubest/mbest: 2/0
*via 10.255.1.11, Eth1/1, [110/41], 1d01h, ospf-UNDERLAY, intra
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra
10.255.1.11/32, ubest/mbest: 1/0
*via 10.255.1.11, Eth1/1, [110/41], 1d22h, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 1/0
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intraSezvaunogona kuona pamusoro, kero 10.255.1.10 inowanikwa pakarepo kuburikidza maviri Next-hops.
Panguva ino, takabata neiyo basic yekubatanidza. Ngatifambire mberi kumisikidza iyo NVE interface:
Ngatibvei tigonese Vlan 10 uye tiisanganise neVNI 10000 pashizha rega rega kune vanogamuchira. Ngatimisei mugero weL2 pakati pevaenzi
vlan 10 ! ΠΠΊΠ»ΡΡΠ°Π΅ΠΌ VLAN Π½Π° Π²ΡΠ΅Ρ
VTEP ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½Π½ΡΡ
ΠΊ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠΌ Ρ
ΠΎΡΡΠ°ΠΌ
vn-segment 10000 ! ΠΡΡΠΎΡΠΈΠΈΡΡΠ΅ΠΌ VLAN Ρ Π½ΠΎΠΌΠ΅Ρ VNI
interface nve1
member vni 10000 ! ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ VNI 10000 Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ ΡΠ΅ΡΠ΅Π· ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ NVE. Π΄Π»Ρ ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ Π² VxLAN
ingress-replication protocol bgp ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ, ΡΡΠΎ Π΄Π»Ρ ΡΠ°ΡΠΏΡΠΎΡΡΡΠ°Π½Π΅Π½ΠΈΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ ΠΎ Ρ
ΠΎΡΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGPZvino ngatitarisei nve vezera uye tafura yeBGP EVPN:
Leaf21# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 10.255.1.10 Up CP 00:00:41 n/a ! ΠΠΈΠ΄ΠΈΠΌ ΡΡΠΎ peer Π΄ΠΎΡΡΡΠΏΠ΅Π½ Ρ secondary Π°Π΄ΡΠ΅ΡΠ°
Leaf11# sh bgp l2vpn evpn
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000) ! ΠΡ ΠΊΠΎΠ³ΠΎ ΠΈΠΌΠ΅Π½Π½ΠΎ ΠΏΡΠΈΡΠ΅Π» ΡΡΠΎΡ l2VNI
*>l[3]:[0]:[32]:[10.255.1.10]/88 ! EVPN route-type 3 - ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ Π½Π°ΡΠ΅Π³ΠΎ ΡΠΎΡΠ΅Π΄Π°, ΠΊΠΎΡΠΎΡΡΠΉ ΡΠ°ΠΊ ΠΆΠ΅ Π·Π½Π°Π΅Ρ ΠΎΠ± l2VNI10000
10.255.1.10 100 32768 i
*>i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
* i 10.255.1.20 100 0 i
Route Distinguisher: 10.255.1.21:32777
* i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iPamusoro tinoona chete EVPN nzira-mhando nzira 3. Mhando iyi yenzira inotaura nezve peer(Leaf), asi varipi vatiridzi?
Chinhu ndechekuti ruzivo nezve MAC mauto anofambiswa kuburikidza neEVPN nzira-rudzi rwechipiri
Kuti uone vatinotambira, unofanirwa kugadzirisa EVPN nzira-rudzi rwechipiri:
evpn
vni 10000 l2
route-target import auto ! Π² ΡΠ°ΠΌΠΊΠ°Ρ
Π΄Π°Π½Π½ΠΎΠΉ ΡΡΠ°ΡΡΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ Π½ΠΎΠΌΠ΅Ρ Π΄Π»Ρ route-target
route-target export autoNgatiite ping kubva kuHost-2 kuenda kuHost-1:
Firewall2# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
36 bytes from 192.168.10.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 192.168.10.1: icmp_seq=1 ttl=254 time=215.555 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=254 time=38.756 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=254 time=42.484 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=254 time=40.983 msUye pazasi tinogona kuona iyo nzira-yemhando yechipiri ine host MAC kero yakaonekwa muBGP tafura - 2 uye 5001.0007.0007
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 1
10.255.1.10 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 2
* i 10.255.1.20 100 0 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iTevere, iwe unogona kuona ruzivo rwakadzama paKugadziridza, kwawakagamuchira ruzivo nezve MAC Host. Pazasi haisi yese yekubuda kwemirairo.
Leaf21# sh bgp l2vpn evpn 5001.0007.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.11:32777 ! ΠΎΡΠΏΡΠ°Π²ΠΈΠ» Update Ρ MAC Host. ΠΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ Π°Π΄ΡΠ΅Ρ VPC, Π° Π°Π΄ΡΠ΅Ρ Leaf
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216,
version 1507
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labe
led nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.10 (metric 81) from 10.255.1.102 (10.255.1.102) ! Ρ ΠΊΠ΅ΠΌ ΠΈΠΌΠ΅Π½Π½ΠΎ ΡΡΡΠΎΠΈΠΌ VxLAN ΡΠΎΠ½Π½Π΅Π»Ρ
Origin IGP, MED not set, localpref 100, weight 0
Received label 10000 ! ΠΠΎΠΌΠ΅Ρ VNI, ΠΊΠΎΡΠΎΡΡΠΉ Π°ΡΡΠΎΡΠΈΠΈΡΠΎΠ²Π°Π½ Ρ VLAN, Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π½Π°Ρ
ΠΎΠ΄ΠΈΡΡΡ Host
Extcommunity: RT:65001:10000 SOO:10.255.1.10:0 ENCAP:8 ! Π’ΡΡ Π²ΠΈΠ΄Π½ΠΎ, ΡΡΠΎ RT ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π»ΡΡ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π½ΠΎΠΌΠ΅ΡΠΎΠ² AS ΠΈ VNI
Originator: 10.255.1.11 Cluster list: 10.255.1.102
<........>Ngationei kuti mafuremu anotaridzika sei kana achipfuura nemufekitori:
Kudzvanya-ARP
Zvakanaka, isu tave neL2 kutaurirana pakati pevaridzi uye isu tinogona kupedza ipapo. Zvisinei, hazvisi zvose zviri nyore. Chero bedzi isu tine vashoma vanogamuchira hapazove nematambudziko. Asi ngatimbofungidzira mamiriro ezvinhu apo tine mazana nezviuru zvevaenzi. Tingasangana nedambudziko ripi?
Dambudziko iri BUM (Broadcast, Unknown Unicast, Multicast) traffic. Muchinyorwa chino, isu tichafunga nezve sarudzo yekubata neyekutepfenyura traffic.
Iyo huru Broadcast jenareta muEthernet network ndiyo mauto pachawo kuburikidza neARP protocol.
Nexus inoshandisa nzira inotevera kurwisa zvikumbiro zveARP - kudzvanya-arp.
Ichi chimiro chinoshanda sezvinotevera:
- Host-1 inotumira chikumbiro cheAPR kune Broadcast kero yetiweki yayo.
- Chikumbiro chinosvika paLeaf switch uye pachinzvimbo chekupfuudza chikumbiro ichi mberi kune jira rakananga kuHost-2, Leaf rinopindura pacharo uye rinoratidza IP inodiwa neMAC.
Saka, chikumbiro cheBroadcast hachina kuenda kufekitari. Asi izvi zvingashanda sei kana Leaf achingoziva kero yeMAC?
Zvese zviri nyore, EVPN nzira-rudzi rwechipiri, kuwedzera kukero yeMAC, inogona kufambisa musanganiswa weMAC/IP. Kuti uite izvi, unofanirwa kugadzirisa IP kero muVLAN paLeaf. Mubvunzo unomuka, ndeipi IP yandinofanira kuisa? Pane nexus zvinokwanisika kugadzira kero yakagoverwa (yakafanana) pane ese switch:
feature interface-vlan
fabric forwarding anycast-gateway-mac 0001.0001.0001 ! Π·Π°Π΄Π°Π΅ΠΌ virtual mac Π΄Π»Ρ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ»ΡΠ·Π° ΠΌΠ΅ΠΆΠ΄Ρ Π²ΡΠ΅ΠΌΠΈ ΠΊΠΎΠΌΠΌΡΡΠ°ΡΠΎΡΠ°ΠΌΠΈ
interface Vlan10
no shutdown
ip address 192.168.10.254/24 ! Π½Π° Π²ΡΠ΅Ρ
Leaf Π·Π°Π΄Π°Π΅ΠΌ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΡΠΉ IP
fabric forwarding mode anycast-gateway ! Π³ΠΎΠ²ΠΎΡΠΈΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Virtual macSaka, kubva pamaonero evaenzi, network ichaita seizvi:
Ngatitarisei BGP l2route evpn
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.21 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
* i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
<......>
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
*>i 10.255.1.20 100 0 i
<......>Kubva pakubuda kwemirairo iwe unogona kuona kuti muEVPN nzira-rudzi rwechipiri, kuwedzera kune MAC, isu tava kuona zvakare iyo host IP kero.
Ngatidzokei kune kuseta suppress-arp. Izvi zvinogoneswa kune yega yega VNI zvakasiyana:
interface nve1
member vni 10000
suppress-arpIpapo kumwe kuoma kunomuka:
- Kuti chimiro ichi chishande, nzvimbo muTCAM memory inodiwa. Heino muenzaniso wezvirongwa zvekudzvanya-arp:
hardware access-list tcam region arp-ether 256Kuseta uku kunoda kupetwa kaviri. Ndiko kuti, kana ukaisa 256, saka unoda kusunungura 512 muTCAM.Kugadzika TCAM kunopfuura kudarika kwechinyorwa ichi, sezvo kugadzirisa TCAM kunoenderana chete nebasa rawakapiwa uye rinogona kusiyana kubva kune imwe network kune imwe.
- Kuita kudzvanya-arp kunofanirwa kuitwa pane ese Leaf switch. Nekudaro, kuomarara kunogona kumuka kana uchigadzirisa paLeaf pairs anogara muVPC domain. Kana TCAM ikashandurwa, kuwirirana pakati pevaviri kuchaputswa uye node imwe inogona kubviswa kushanda. Uyezve, chigadziriso chekugadzirisa chinogona kudiwa kuti uise TCAM shanduko yekugadzirisa.
Nekuda kweizvozvo, iwe unofanirwa kunyatso funga kana, mumamiriro ako ezvinhu, zvakakodzera kushandisa iyi seti mufekitori inomhanya.
Izvi zvinopedzisa chikamu chekutanga chenhevedzano. Muchikamu chinotevera tichatarisa nzira kuburikidza nejira reVxLAN rine kupatsanurwa kwematiweki kuita maVRF akasiyana.
Uye zvino ndinokoka munhu wese kuti auye , mukati umo ini ndichakuudza zvakadzama nezve kosi. Vatori vechikamu makumi maviri vekutanga kunyoresa kune iyi webinar vachawana Discount Sitifiketi kuburikidza neemail mukati memazuva 20-1 mushure mekutepfenyura.
Source: www.habr.com