Haye Habr. Waxaan sii wadaa maqaallada taxanaha ah ee VxLAN EVPN technology, kaas oo waxaa si gaar ah loogu qoray daah-furka koorsada by OTUS. Oo maanta waxaan tixgelin doonaa qayb xiiso leh oo ka mid ah hawlaha - wadista. Si kastaba ha ahaatee sida ay u dhawaaqi karto, si kastaba ha ahaatee, iyada oo qayb ka ah shaqada warshad shabakad, wax walba ma noqon karaan kuwo fudud.
Qaybtii u dambaysay, waxa aanu ku gaadhnay hal goob baahinta oo laga dul dhisay maro shabakadeed Nexus 9000v. Si kastaba ha ahaatee, tani maaha dhammaan hawlaha kala duwan ee u baahan in lagu xalliyo qaabka shabakadda xarunta xogta. Oo maanta waxaan tixgelin doonaa hawsha soo socota - isku xirka shabakadaha ama inta u dhaxaysa VNIs.
Aan ku xasuusiyo in topology-ga laf dhabarta la isticmaalo:
Bilawga, waxaanu falanqeyn doonaa sida uu u dhaco dariiqa iyo sifooyinka uu leeyahay.
Si loo fahmo, aan fududeyno jaantuska macquulka ah oo aan ku darno VNI 20000 kale oo loogu talagalay Host-2. Natiijadu waa:
Sidee, kiiskan, aad uga wareejin kartaa taraafikada hal Marti-geliyaha mid kale?
Waxaa jira laba ikhtiyaar:
- Ku hay macluumaadka ku saabsan dhammaan VNI-yada dhammaan furayaasha caleenta, ka dib dhammaan dariiqyada waxay ku dhici doonaan caleenta ugu horreysa ee shabakada;
- Isticmaal go'an - L3 VNI
Habka ugu horreeya waa mid fudud oo ku habboon. Maadaama aad u baahan tahay oo kaliya inaad ku bilowdo dhammaan VNI-yada dhammaan furayaasha caleenta. Si kastaba ha noqotee, ku socodsiinta dhowr boqol ama kun oo VNIs ah oo ku yaal caleenta oo dhan hadda uma muuqato hawl fudud. Sidaa darteed, shaqada waxaa loo isticmaalaa si dhif ah.
Waxaan falanqayn doonaa habka 2, sida aad u xiiso badan oo waxoogaa ka sii adag, laakiin siinta dabacsanaan dheeraad ah samaynta warshadda.
Aan kudarno "PROD" VRF topology. Aynu ku darno interface vlan 10 iyada oo ku taal Leaf-11/12 lammaane iyo interface VLAN 20 on Leaf-21. VLAN 20 waxay la xiriirtaa VNI 20000
vrf context PROD
rd auto ! Route Distinguisher Π½Π΅ ΠΏΡΠΈΠ½ΡΠΈΠΏΠΈΠ°Π»Π΅Π½ ΠΈ ΠΌΠΎΠΆΠ΅ΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ
address-family ipv4 unicast
route-target both auto ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ Route-target Ρ ΠΊΠΎΡΠΎΡΡΠΌ Π±ΡΠ΄ΡΡ ΠΈΠΌΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΈ ΡΠΊΡΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΏΡΠ΅ΡΠΈΠΊΡΡ Π²/ΠΈΠ· VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewaySi aad u isticmaasho L3VNI, waxaad u baahan tahay inaad abuurto VLAN cusub, ku xidho VNI-ga cusub. VNI-da cusub waa in ay la mid noqotaa dhammaan Caleemaha xiisaynaya VLAN 10 iyo 20 macluumaadka.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ L3 VNI
vrf context PROD
vni 99000 ! ΠΡΠΈΠ²ΡΠ·ΡΠ²Π°Π΅ΠΌ L3 VNI ΠΊ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌΡ VRFNatiijo ahaan, jaantusku wuxuu u ekaan doonaa sidan:
Way hadhsan tahay in la dhammeeyo wax yar - ku dar hal interface kale - interface vlan 99 gudaha VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! ΠΠ° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅ Π½Π΅ Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ IP. ΠΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ ΡΠΎΠ»ΡΠΊΠΎ Π΄Π»Ρ ΠΏΠ΅ΡΠ΅ΡΡΠ»ΠΊΠΈ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ² ΠΌΠ΅ΠΆΠ΄Ρ LeafNatiijo ahaan, macquulka ah ee ka gudbinta jir ka Host-1 ilaa Host-2 waa sida soo socota:
- Fareem ay soo dirtay Host-1 ayaa ku dul yimid caleen ku taal VLAN 10, kaas oo la xidhiidha VNI 10000;
- Caleentu waxay hubisaa meesha ciwaanka loo socdo oo waxay ka helaysaa L3 VNI ee beddelka caleenta labaad;
- Isla marka dariiqa loo maro ciwaanka loo socdo la helo, caleentu waxay ku xidhaa jirkeeda madax leh L3VNI 99000 ee lagama maarmaanka ah - waxayna u dirtaa dhinaca caleenta labaad;
- Beddelka caleenta labaad wuxuu helayaa xogta L3VNI 99000. Wuxuu helayaa qaabkii asalka ahaa wuxuuna u gudbiyaa L2VNI 20000 ee loo baahan yahay ka dibna VLAN 20.
Shaqadan awgeed, L3VNI waxay meesha ka saaraysaa baahida lagu hayo macluumaadka ku saabsan dhammaan VNI-yada ku jira shabakadda dhammaan furayaasha caleenta.
Natiijo ahaan, marka aan taraafikada ka dirno Host-1 una dirno Host-2, baakadda waxaa lagu soo buuxiyay VxLAN-ka cusub ee VNI - 99000:
Waa la arki doonaa sida saxda ah ee Leaf-1 ay uga ogaato ciwaanka MAC ee VNI kale. Tani waxay sidoo kale ku dhacdaa iyadoo la kaashanayo EVPN-dariiqa 2 (MAC / IP).
Kuwa soo socdaa waxay tusiyaan habka faafinta dariiqa ku saabsan horgalayaasha ku yaal VNI kale:
Taasi waa, ciwaanada laga helay VNI 20000 waxay leeyihiin laba RTs.
Aan ku xasuusiyo in dariiqyada laga helay Cusbooneysii ay ku dhacaan miiska BGP-ga oo leh marin-bartilmaameedka ku qeexan goobaha VRF (habku waa yara adag yahay, laakiin ma geli doono maqaalkan).
RT lafteeda waxaa lagu sameeyay qaacidada: AS:VNI (haddii habka tooska ah loo isticmaalo).
Tusaale ahaan samaynta RT ee qaababka tooska ah iyo kuwa gacanta:
vrf context PROD
address-family ipv4 unicast
route-target import auto - Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠ°Π±ΠΎΡΡ
route-target export 65001:20000 - ΡΡΡΠ½ΠΎΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΡ RTNatiijo ahaan, waxaad kor ku arki kartaa horgalayaasha VNI kale waxay leeyihiin laba qiime oo RT ah.
Mid ka mid ah 65001: 99000 waa L3 VNI dheeraad ah. Maaddaama VNI-dani ay la mid tahay dhammaan caleemaha oo ay hoos timaado xeerarka soo dejinta ee goobaha VRF, horgalaha wuxuu galaa miiska BGP, kaas oo laga arki karo wax soo saarka:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! ΠΡΠ΅ΡΠΈΠΊΡ ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΉ ΠΈΠ· VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iHaddii aan si dhow u eegno cusboonaysiinta la helay, waxaan arki karnaa in horgalahani uu leeyahay laba RTs:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! ΠΠ²Π° label Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! ΠΠ²Π° Π·Π½Π°ΡΠ΅Π½ΠΈΡ Route-target, Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅, ΠΊΠΎΡΠΎΡΡΡ
Π΄ΠΎΠ±Π°Π²ΠΈΠ»ΠΈ Π΄Π°Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>Jadwalka dariiqa ee Leaf-1, waxa kale oo aad arki kartaa horgalaha 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! ΠΠ΄ΡΠ΅Ρ Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! ΠΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Π§Π΅ΡΠ΅Π· VNI 99000U fiirso horgalayaasha aasaasiga ah ee maqan 192.168.20.0/24 ee ku dhex jira miiska dajinta?
Waa sax, ma joogo. Taasi waa, Caleemaha fog waxay helayaan macluumaadka ku saabsan martigeliyayaasha ku jira shabakadaada kaliya. Tanina waa hab-dhaqanka saxda ah. Kor, dhammaan cusbooneysiinta, waxaad arki kartaa in macluumaadka uu la socdo waxa ku jira MAC / IP. Ma jiraan horgalayaal laga hadlo.
Kani waa borotokoolka Maamulaha Dhaqdhaqaaqa Martigelinta (HMM), kaas oo buuxinaya miiska ARP kaas oo miiska BGP ka sii buuxsamay (waxa aanu kaga tagi doonaa habkan qaab dhismeedka qodobkan). Iyada oo ku saleysan macluumaadka laga helay HMM, nooca 2 EVPNs ayaa la sameeyay (waxaa gudbiya MAC / IP).
Si kastaba ha ahaatee, maxaa dhacaya haddii ay jirto baahi loo qabo gudbinta macluumaadka ku saabsan horgale?
Macluumaadka noocaan ah, waxaa jira EVPN-dariiqa 5 - waxay kuu ogolaaneysaa inaad ku soo dirto horgalayaasha cinwaanka qoyska l2vpn evpn , Sababtan awgeed, soosaarayaasha kala duwan ayaa laga yaabaa inay yeeshaan dabeecado kala duwan oo noocaan ah)
Si loo wareejiyo horgalayaasha, waa lagama maarmaan in lagu daro horgalayaasha nidaamka BGP ee VRF, kaas oo la xayeysiin doono:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! Π Π΄Π°Π½Π½ΠΎΠΌ ΡΠ»ΡΡΠ°Π΅ Π°Π½ΠΎΠ½ΡΠΈΡΡΠ΅ΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΡ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π½Π΅ΠΏΠΎΡΡΠ΅Π΄ΡΡΠ²Π΅Π½Π½ΠΎ ΠΊ Leaf Π² VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΎΠΉ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΈΠ΅ ΡΠ΅ΡΠΈ Π±ΡΠ΄ΡΡ ΠΏΠΎΠΏΠ°Π΄Π°ΡΡ Π² EVPN route-type 5Natiijo ahaan, Cusbooneysii wuxuu noqon doonaa:
Aan eegno miiska BGP. Marka lagu daro EVPN-dariiqa 2,3, nooca 5 ayaa soo muuqday kuwaas oo ka kooban macluumaadka ku saabsan lambarka shabakada:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΠ°
10.255.1.10 0 100 0 ?
* i
<.......> Horgalayaasha ayaa sidoo kale ka soo muuqday miiska dajinta:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ, Π΄ΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf1/2(Π°Π΄ΡΠ΅Ρ Next-hop = virtual IP ΠΌΠ΅ΠΆΠ΄Ρ ΠΏΠ°ΡΠΎΠΉ VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! ΠΡΠ΅ΡΠΈΠΊΡ Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅ΡΠ΅Π· L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmTani waxay soo gabagabaynaysaa qaybta labaad ee maqaallada taxanaha ah ee VxLAN EVPN. Qaybta soo socota, waxaan ku eegi doonaa doorashooyin kala duwan oo loogu talagalay isku xirka VRF-yada.
Source: www.habr.com