Hello, habr. Hadda waxaan ahay hogaamiyaha koorsada koorsada Engineer Network ee OTUS.
Iyadoo la filayo bilowga diiwaangelinta cusub ee koorsada
Waxaa jira qalab aad u badan oo ku saabsan sida VxLAN EVPN u shaqeyso, sidaa darteed waxaan rabaa in aan soo ururiyo hawlo iyo dhaqamo kala duwan oo lagu xalliyo dhibaatooyinka xarunta xogta casriga ah.
Qaybta hore ee taxanaha tignoolajiyada VxLAN EVPN, waxaan rabaa inaan eego hab lagu abaabulo isku xirka L2 ee u dhexeeya martigaliyayaasha korka ka ah dharka shabakada.
Tusaalooyinka oo dhan waxaa lagu samayn doonaa Cisco Nexus 9000v, oo lagu soo ururiyay topology-ga Spine-Leaf. Kuma dagi doono samaynta shabakad Underlay ee maqaalkan.
- Shabakadda hoose
- Bahda BGP ee ciwaanka-qoyska l2vpn evpn
- Dejinta NVE
- Cadaadis-arp
Shabakadda hoose
Topology-ga loo isticmaalo waa sida soo socota:
Aan ku dejino ciwaanka dhammaan aaladaha:
Spine-1 - 10.255.1.101
Spine-2 - 10.255.1.102
Leaf-11 - 10.255.1.11
Leaf-12 - 10.255.1.12
Leaf-21 - 10.255.1.21
Host-1 - 192.168.10.10
Host-2 - 192.168.10.20
Aynu hubino inuu jiro isku xidhka IP ee ka dhexeeya dhammaan aaladaha:
Leaf21# sh ip route
<........>
10.255.1.11/32, ubest/mbest: 2/0 ! Leaf-11 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 2/0 ! Leaf-12 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.21/32, ubest/mbest: 2/0, attached
*via 10.255.1.22, Lo0, [0/0], 00:02:20, local
*via 10.255.1.22, Lo0, [0/0], 00:02:20, direct
10.255.1.101/32, ubest/mbest: 1/0
*via 10.255.1.101, Eth1/4, [110/41], 00:00:06, ospf-UNDERLAY, intra
10.255.1.102/32, ubest/mbest: 1/0
*via 10.255.1.102, Eth1/3, [110/41], 00:00:03, ospf-UNDERLAY, intra
Aynu eegno in goobta VPC-ga la abuuray oo ay labaduba dhaafeen hubinta joogteynta iyo habaynta labada nood waa isku mid:
Leaf11# show vpc
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
5 Po5 up success success 1
Isbarbardhigga BGP
Ugu dambeyntii, waxaad u gudbi kartaa dejinta shabakadda Overlay.
Iyada oo qayb ka ah maqaalka, waa lagama maarmaan in la abaabulo shabakad u dhaxaysa martigeliyayaasha, sida ku cad jaantuska hoose:
Si aad u habaynayso isku-xidhka dulsaaran, waxaad u baahan tahay inaad awood u siiso BGP-ga beddelka laf dhabarta iyo caleenta adiga oo taageeraya qoyska l2vpn evpn:
feature bgp
nv overlay evpn
Marka xigta, waxaad u baahan tahay inaad habayso BGP peering inta u dhaxaysa caleen iyo lafdhabarta. Si loo fududeeyo habaynta iyo wanaajinta qaybinta macluumaadka dariiqa, waxaanu u habaynaynaa Spine sidii server-ka-Reflector-ka. Waxaan ku qori doonaa dhammaan Leaf qaabeynta annagoo adeegsanayna qaab-dhismeedka si aan u wanaajino dejinta.
Markaa goobaha laf dhabarta waxay u egyihiin sidan:
router bgp 65001
template peer LEAF
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.255.1.11
inherit peer LEAF
neighbor 10.255.1.12
inherit peer LEAF
neighbor 10.255.1.21
inherit peer LEAF
Habaynta ku taal beddelka caleentu waxay u egtahay mid la mid ah:
router bgp 65001
template peer SPINE
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.255.1.101
inherit peer SPINE
neighbor 10.255.1.102
inherit peer SPINE
Dhanka Laf-dhabarta, aan ku hubino is-fiirinta dhammaan furayaasha caleenta:
Spine1# sh bgp l2vpn evpn summary
<.....>
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.1.11 4 65001 7 8 6 0 0 00:01:45 0
10.255.1.12 4 65001 7 7 6 0 0 00:01:16 0
10.255.1.21 4 65001 7 7 6 0 0 00:01:01 0
Sida aad arki karto, wax dhibaato ah kama jirin BGP. Aan u gudubno dejinta VxLAN. Habayn dheeraad ah ayaa lagu samayn doonaa oo keliya dhinaca caleenta ee furayaasha. Laf-dhabarta waxay u shaqeysaa oo kaliya sida xudunta shabakada waxayna ku lug leedahay oo kaliya gudbinta taraafikada. Dhammaan shaqada isku xidhka iyo go'aaminta dariiqa waxay ku dhacdaa oo keliya furayaasha caleenta.
Dejinta NVE
NVE - interface interface network
Kahor intaanan bilaabin habaynta, aan soo bandhigno ereybixinno qaar:
VTEP - Vitual Tunnel End Point, aaladda uu tunnel-ka VxLAN ku bilaabo ama ku dhamaado. VTEP daruuri maaha qalab shabakad kasta. Server-ka taageera tignoolajiyada VxLAN wuxuu kaloo u dhaqmi karaa sidii adeege. Dusha sare eeyada, dhammaan furayaasha caleentu waa VTEP.
VNI - Tusmada Shabakadda Virtual - Aqoonsiga shabakada gudaha VxLAN. Is barbar dhig ayaa lagu sawiri karaa VLAN. Si kastaba ha ahaatee, waxaa jira kala duwanaansho qaar. Markaad isticmaalayso maro, VLAN-yadu waxay noqonayaan kuwo gaar ah oo keliya hal bedel oo caleen ah oo aan lagu kala qaadin shabakadda. Laakiin VLAN kastaa wuxuu yeelan karaa lambarka VNI ee la xidhiidha, kaas oo mar horeba lagu kala qaado shabakada. Sida ay u egtahay iyo sida loo isticmaali karo ayaa si dheeraad ah looga hadli doonaa.
Aan awoodno sifada tignoolajiyada VxLAN inay shaqeyso iyo awooda lagu xidhiidhiyo nambarada VLAN lambarka VNI:
feature nv overlay
feature vn-segment-vlan-based
Aynu habaynno interface-ka NVE, kaas oo ka mas'uul ah hawlgalka VxLAN. Interface-kaani waxa uu mas'uul ka yahay in lagu soo koobo fireemada madaxyada VxLAN. Waxaad ku sawiri kartaa isbarbardhig la leh Tunnel interface ee GRE:
interface nve1
no shutdown
host-reachability protocol bgp ! ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGP Π΄Π»Ρ ΠΏΠ΅ΡΠ΅Π΄Π°ΡΠΈ ΠΌΠ°ΡΡΡΡΡΠ½ΠΎΠΉ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ
source-interface loopback0 ! ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ Ρ ΠΊΠΎΡΠΎΡΠΎΠ³ΠΎ ΠΎΡΠΏΡΠ°Π²Π»ΡΠ΅ΠΌ ΠΏΠ°ΠΊΠ΅ΡΡ loopback0
On Leaf-21 beddelka wax walba waxaa la abuuray dhibaato la'aan. Si kastaba ha ahaatee, haddii aan hubinno wax soo saarka amarka show nve peers
, markaas way madhnaan doontaa. Halkan waxaad u baahan tahay inaad ku noqoto qaabaynta VPC. Waxaan aragnaa in Leaf-11 iyo Leaf-12 ay u shaqeeyaan labo-labo oo ay ku mideysan yihiin goobta VPC. Tani waxay ina siinaysaa xaaladdan soo socota:
Host-2 waxay u dirtaa hal jir dhanka Leaf-21 si ay ugu gudbiso shabakada dhanka Host-1. Si kastaba ha ahaatee, Leaf-21 waxay arkaysaa in cinwaanka MAC ee Host-1 laga heli karo laba VTEP hal mar. Maxaa la gudboon Leaf-21 kiiskan? Ka dib oo dhan, tani waxay la macno tahay in loop uu ka soo muuqan karo shabakadda.
Si loo xalliyo xaaladdan, waxaan u baahanahay Leaf-11 iyo Leaf-12 si ay u noqdaan hal qalab oo warshadda dhexdeeda ah. Xalku waa mid fudud. Isku xirka Loopback kaas oo aan ka dhisno tunnel-ka, ku dar ciwaanka labaad. Ciwaanka labaad waa in uu la mid noqdaa labada VTEP.
interface loopback0
ip add 10.255.1.10/32 secondary
Markaa, marka laga eego aragtida VTEP-yada kale, waxaanu helnaa topology-ga soo socda:
Taasi waa, hadda tunnel-ka waxaa laga dhisi doonaa inta u dhaxaysa ciwaanka IP-ga ee Leaf-21 iyo IP-ga dhabta ah ee u dhexeeya laba caleen-11 iyo Leaf-12. Hadda ma jiri doonto wax dhib ah oo ku saabsan barashada cinwaanka MAC ee laba qalab oo taraafikada waxay ka guuri kartaa mid VTEP oo kale ah. Midkee labada VTEP-yada ka shaqayn doona taraafikada ayaa la go'aamiyay iyadoo la isticmaalayo miiska dajinta ee Spine:
Spine1# sh ip route
<.....>
10.255.1.10/32, ubest/mbest: 2/0
*via 10.255.1.11, Eth1/1, [110/41], 1d01h, ospf-UNDERLAY, intra
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra
10.255.1.11/32, ubest/mbest: 1/0
*via 10.255.1.11, Eth1/1, [110/41], 1d22h, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 1/0
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra
Sida aad kor ku arki karto, ciwaanka 10.255.1.10 ayaa isla markaaba laga heli karaa laba Next-hops.
Marxaladdan, waxaan wax ka qabannay isku xirnaanta aasaasiga ah. Aan u gudubno dejinta NVE interface:
Aynu isla markiiba awoodno Vlan 10 oo aan ku xidhno VNI 10000 caleen kasta oo loogu talagalay martida loo yahay. Aynu samayno tunnel L2 inta u dhaxaysa martida loo yahay
vlan 10 ! ΠΠΊΠ»ΡΡΠ°Π΅ΠΌ VLAN Π½Π° Π²ΡΠ΅Ρ
VTEP ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½Π½ΡΡ
ΠΊ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠΌ Ρ
ΠΎΡΡΠ°ΠΌ
vn-segment 10000 ! ΠΡΡΠΎΡΠΈΠΈΡΡΠ΅ΠΌ VLAN Ρ Π½ΠΎΠΌΠ΅Ρ VNI
interface nve1
member vni 10000 ! ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ VNI 10000 Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ ΡΠ΅ΡΠ΅Π· ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ NVE. Π΄Π»Ρ ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ Π² VxLAN
ingress-replication protocol bgp ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ, ΡΡΠΎ Π΄Π»Ρ ΡΠ°ΡΠΏΡΠΎΡΡΡΠ°Π½Π΅Π½ΠΈΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ ΠΎ Ρ
ΠΎΡΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGP
Hadda aan eegno asxaabta nve iyo miiska BGP EVPN:
Leaf21# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 10.255.1.10 Up CP 00:00:41 n/a ! ΠΠΈΠ΄ΠΈΠΌ ΡΡΠΎ peer Π΄ΠΎΡΡΡΠΏΠ΅Π½ Ρ secondary Π°Π΄ΡΠ΅ΡΠ°
Leaf11# sh bgp l2vpn evpn
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000) ! ΠΡ ΠΊΠΎΠ³ΠΎ ΠΈΠΌΠ΅Π½Π½ΠΎ ΠΏΡΠΈΡΠ΅Π» ΡΡΠΎΡ l2VNI
*>l[3]:[0]:[32]:[10.255.1.10]/88 ! EVPN route-type 3 - ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ Π½Π°ΡΠ΅Π³ΠΎ ΡΠΎΡΠ΅Π΄Π°, ΠΊΠΎΡΠΎΡΡΠΉ ΡΠ°ΠΊ ΠΆΠ΅ Π·Π½Π°Π΅Ρ ΠΎΠ± l2VNI10000
10.255.1.10 100 32768 i
*>i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
* i 10.255.1.20 100 0 i
Route Distinguisher: 10.255.1.21:32777
* i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 i
Xagga sare waxaan ku aragnaa kaliya EVPN-dariiqyada 3. Dariiqa noocaan ah wuxuu ka hadlayaa saaxiibbada (caleemo), laakiin aaway martigeliyayaashayada?
Shayga ayaa ah in macluumaadka ku saabsan martigeliyaha MAC lagu kala qaado EVPN-nooca 2
Si aad u aragto martigeliyayaashayada, waxaad u baahan tahay inaad habayso jidka EVPN-nooca 2:
evpn
vni 10000 l2
route-target import auto ! Π² ΡΠ°ΠΌΠΊΠ°Ρ
Π΄Π°Π½Π½ΠΎΠΉ ΡΡΠ°ΡΡΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ Π½ΠΎΠΌΠ΅Ρ Π΄Π»Ρ route-target
route-target export auto
Aan ping ka soo qaadno Host-2 una gudubno Host-1:
Firewall2# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
36 bytes from 192.168.10.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 192.168.10.1: icmp_seq=1 ttl=254 time=215.555 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=254 time=38.756 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=254 time=42.484 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=254 time=40.983 ms
Oo hoos waxaan ku arki karnaa in nooca-dariiqa 2 oo leh cinwaanka martida loo yahay MAC uu ka soo muuqday miiska BGP - 5001.0007.0007 iyo 5001.0008.0007
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 1
10.255.1.10 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 2
* i 10.255.1.20 100 0 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 i
Marka xigta, waxaad arki kartaa macluumaad faahfaahsan oo ku saabsan Cusboonaysiinta, kaas oo aad ka heshay macluumaadka ku saabsan Marti-geliyaha MAC. Hoos ma aha dhammaan soo-saarka amarka.
Leaf21# sh bgp l2vpn evpn 5001.0007.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.11:32777 ! ΠΎΡΠΏΡΠ°Π²ΠΈΠ» Update Ρ MAC Host. ΠΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ Π°Π΄ΡΠ΅Ρ VPC, Π° Π°Π΄ΡΠ΅Ρ Leaf
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216,
version 1507
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labe
led nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.10 (metric 81) from 10.255.1.102 (10.255.1.102) ! Ρ ΠΊΠ΅ΠΌ ΠΈΠΌΠ΅Π½Π½ΠΎ ΡΡΡΠΎΠΈΠΌ VxLAN ΡΠΎΠ½Π½Π΅Π»Ρ
Origin IGP, MED not set, localpref 100, weight 0
Received label 10000 ! ΠΠΎΠΌΠ΅Ρ VNI, ΠΊΠΎΡΠΎΡΡΠΉ Π°ΡΡΠΎΡΠΈΠΈΡΠΎΠ²Π°Π½ Ρ VLAN, Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π½Π°Ρ
ΠΎΠ΄ΠΈΡΡΡ Host
Extcommunity: RT:65001:10000 SOO:10.255.1.10:0 ENCAP:8 ! Π’ΡΡ Π²ΠΈΠ΄Π½ΠΎ, ΡΡΠΎ RT ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π»ΡΡ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π½ΠΎΠΌΠ΅ΡΠΎΠ² AS ΠΈ VNI
Originator: 10.255.1.11 Cluster list: 10.255.1.102
<........>
Aynu aragno sida ay u eg yihiin xargaha marka warshadda la dhex maro:
Cadaadis-ARP
Way fiicantahay, hadda waxaanu leenahay xidhiidhka L2 ee u dhexeeya martigeliyayaasha waxaanan ku dhamayn karnaa halkaas. Si kastaba ha ahaatee, dhammaan ma fududa. Ilaa inta aan haysano martigeliyayaal yar wax dhib ah ma jiri doonaan. Laakiin aan qiyaasno xaalad aan ku leenahay boqollaal iyo kumanaan marti-geliyayaal ah. Dhibaato noocee ah ayaa laga yaabaa in aan la kulanno?
Dhibaatadani waa taraafikada BUM (Baahinta, Unknown Unicast, Multicast). Maqaalkan, waxaan tixgelin doonaa ikhtiyaarka wax ka qabashada taraafikada baahinta.
Soo-saare baahinta ugu weyn ee shabakadaha Ethernet waa kuwa iyagu martigeliya iyaga oo adeegsanaya nidaamka ARP.
Nexus waxa ay fulisaa habkan soo socda si uu ula dagaalamo codsiyada ARP - suppress-arp.
Habkani wuxuu u shaqeeyaa sida soo socota:
- Host-1 waxa ay codsi APR u dirtaa ciwaanka Baahinta ee shabakadeeda.
- Codsigu wuxuu gaarayaa beddelka caleenta oo halkii uu codsigan u sii gudbin lahaa dharka dhinaca Host-2, Caleentu way ka jawaabtaa nafteeda oo waxay muujinaysaa IP iyo MAC loo baahan yahay.
Sidaa darteed, codsiga Baahinta ma tagin warshadda. Laakiin sidee tani u shaqayn kartaa haddii Caleentu ay taqaano cinwaanka MAC oo keliya?
Wax walba waa wax fudud, EVPN-dariiqa-nooca 2, marka lagu daro cinwaanka MAC, waxay gudbin karaan isku dhafka MAC/IP. Si aad tan u samayso, waxaad u baahan tahay inaad ku habayso ciwaanka IP-ga ee VLAN ee caleenta. Su'aashu waxay soo baxaysaa, waa maxay IP-ga aan dejiyo? Isku-xidhka waxa suurtogal ah in lagu sameeyo ciwaan la qaybiyay (isku mid) dhammaan furayaasha:
feature interface-vlan
fabric forwarding anycast-gateway-mac 0001.0001.0001 ! Π·Π°Π΄Π°Π΅ΠΌ virtual mac Π΄Π»Ρ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ»ΡΠ·Π° ΠΌΠ΅ΠΆΠ΄Ρ Π²ΡΠ΅ΠΌΠΈ ΠΊΠΎΠΌΠΌΡΡΠ°ΡΠΎΡΠ°ΠΌΠΈ
interface Vlan10
no shutdown
ip address 192.168.10.254/24 ! Π½Π° Π²ΡΠ΅Ρ
Leaf Π·Π°Π΄Π°Π΅ΠΌ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΡΠΉ IP
fabric forwarding mode anycast-gateway ! Π³ΠΎΠ²ΠΎΡΠΈΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Virtual mac
Haddaba, marka laga eego dhinaca martida loo yahay, shabakadu waxay u ekaan doontaa sidan:
Aynu hubino BGP l2route evpn
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.21 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
* i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
<......>
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
*>i 10.255.1.20 100 0 i
<......>
Laga soo bilaabo soo-saarka amarka waxaad ka arki kartaa in EVPN-dariiqa 2, marka lagu daro MAC, waxaan sidoo kale aragnaa cinwaanka IP-ga martida loo yahay.
Aan ku soo laabano dejinta suppress-arp. Dejintan waxa loo dajiyay VNI kasta si gaar ah:
interface nve1
member vni 10000
suppress-arp
Kadibna xoogaa kakan ayaa soo baxa:
- Si habkani u shaqeeyo, meel bannaan oo xusuusta TCAM ah ayaa loo baahan yahay. Waa kuwan tusaalaha dejinta ee xakamaynta-arp:
hardware access-list tcam region arp-ether 256
Goobtani waxay u baahan doontaa laba-ballaaran Taasi waa, haddii aad dejiso 256, markaa waxaad u baahan tahay inaad xorayso 512 gudaha TCAM. Dejinta TCAM waa ka baxsan baaxadda qodobkan, maadaama samaynta TCAM ay ku xiran tahay oo keliya hawsha laguu dhiibay waxayna ka duwanaan kartaa hal shabakad ilaa mid kale.
- Hirgelinta xakamaynta-arp waa in lagu sameeyaa dhammaan furayaasha caleenta. Si kastaba ha ahaatee, kakanaanta ayaa soo bixi karta marka la isku habeynayo lammaanaha caleenta ee deggan goobta VPC. Haddii TCAM la beddelo, joogteynta labada lamaane waa la jebin doonaa waxaana laga yaabaa in hal nood laga saaro shaqada. Intaa waxaa dheer, dib-u-kicinta aaladda ayaa laga yaabaa in loo baahdo si loo isticmaalo goobta beddelka TCAM.
Natiijo ahaan, waxaad u baahan tahay inaad si taxadar leh u tixgeliso haddii, xaaladdaada, ay habboon tahay in la hirgeliyo goobtan warshad socda.
Tani waxay soo gabagabaynaysaa qaybtii hore ee taxanaha. Qaybta soo socota waxaynu ku eegi doonaa ku-wareejinta maro VxLAN ah oo leh kala soocida shabakadaha VRF-yada kala duwan.
Oo hadda waxaan ku martiqaadayaa qof walba
Source: www.habr.com