ProHoster > Blog > Ma'muriyat > VxLAN zavodi. 2-qism

VxLAN zavodi. 2-qism

Salom Xabr. Men VxLAN EVPN texnologiyasi bo'yicha maqolalar seriyasini davom ettiraman, bu Kursning boshlanishi uchun maxsus yozilgan "Tarmoq muhandisi" OTUS tomonidan. Va bugun biz vazifalarning qiziqarli qismini - marshrutni ko'rib chiqamiz. Bu qanchalik oddiy tuyulmasin, lekin tarmoq zavodi ishining bir qismi sifatida hamma narsa unchalik oddiy bo'lishi mumkin emas.

VxLAN zavodi. 2-qism

Tsiklning 1 qismi - serverlar orasidagi L2 ulanishi

Oxirgi qismda biz Nexus 9000v-da tarmoq matosi ustiga qurilgan bitta eshittirish domeniga erishdik. Biroq, bu ma'lumotlar markazlari tarmog'i doirasida hal qilinishi kerak bo'lgan barcha vazifalar to'plami emas. Va bugun biz quyidagi vazifani ko'rib chiqamiz - tarmoqlar o'rtasida yoki VNIlar o'rtasida marshrutlash.

Eslatib o'taman, Spine-Leaf topologiyasi qo'llaniladi:

VxLAN zavodi. 2-qism

Boshlash uchun biz marshrutlash qanday sodir bo'lishini va u qanday xususiyatlarga ega ekanligini tahlil qilamiz.

Tushunish uchun mantiqiy diagrammani soddalashtiramiz va Host-20000 uchun yana bir VNI 2 qo'shamiz. Natijada:

VxLAN zavodi. 2-qism

Qanday qilib bu holda trafikni bir Xostdan boshqasiga o'tkazish mumkin?

Ikkita variant mavjud:

  1. Barcha VNI haqida ma'lumotni barcha Leaf kalitlarida saqlang, keyin barcha marshrutlash tarmoqdagi birinchi Leafda sodir bo'ladi;
  2. Maxsus foydalanish - L3 VNI

Birinchi usul oddiy va qulay. Chunki siz faqat barcha Leaf kalitlarida barcha VNI-larni ishga tushirishingiz kerak. Biroq, butun Leaf bo'ylab bir necha yuz yoki minglab VNI-larni ishga tushirish endi oson ish kabi ko'rinmaydi. Shuning uchun ishda u juda kam qo'llaniladi.

Biz 2-usulni tahlil qilamiz, chunki u yanada qiziqarli va biroz murakkabroq, ammo zavodni tashkil etishda ko'proq moslashuvchanlik beradi.

Keling, VRF topologiyasiga "PROD" ni qo'shamiz. Keling, unga Leaf-10/11 juftligidagi vlan 12 interfeysini va Leaf-20 da VLAN 21 interfeysini qo'shamiz. VLAN 20 VNI 20000 bilan bog'langan

vrf context PROD
  rd auto       ! Route Distinguisher Π½Π΅ ΠΏΡ€ΠΈΠ½Ρ†ΠΈΠΏΠΈΠ°Π»Π΅Π½ ΠΈ ΠΌΠΎΠΆΠ΅ΠΌ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒ сформированный автоматичСски
  address-family ipv4 unicast
    route-target both auto      ! ΡƒΠΊΠ°Π·Ρ‹Π²Π°Π΅ΠΌ Route-target с ΠΊΠΎΡ‚ΠΎΡ€Ρ‹ΠΌ Π±ΡƒΠ΄ΡƒΡ‚ ΠΈΠΌΠΏΠΎΡ€Ρ‚ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒΡΡ ΠΈ ΡΠΊΡΠΏΠΎΡ€Ρ‚ΠΈΡ€ΠΎΠ²Π°Ρ‚ΡŒΡΡ прСфиксы Π²/ΠΈΠ· VRF
vlan 20
  vn-segment 20000

interface nve 1
  member vni 20000
    ingress-replication protocol bgp

interface Vlan10
  no shutdown
  vrf member PROD
  ip address 192.168.20.1/24
  fabric forwarding mode anycast-gateway

L3VNI-dan foydalanish uchun siz yangi VLAN yaratishingiz, uni yangi VNI bilan bog'lashingiz kerak. Yangi VNI VLAN 10 va 20 ma'lumotlariga qiziqqan barcha Leaflarda bir xil bo'lishi kerak.

vlan 99
  vn-segment 99000

interface nve1
  member vni 99000 associate-vrf        ! Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ L3 VNI

vrf context PROD
  vni 99000                             ! ΠŸΡ€ΠΈΠ²ΡΠ·Ρ‹Π²Π°Π΅ΠΌ L3 VNI ΠΊ ΠΎΠΏΡ€Π΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌΡƒ VRF

Natijada, diagramma quyidagicha ko'rinadi:

VxLAN zavodi. 2-qism

Biroz tugatish qoladi - yana bitta interfeys qo'shing - VRF PROD-da vlan 99 interfeysi

interface Vlan99
  no shutdown
  vrf member PROD
  ip forward  ! На интСрфСйсС Π½Π΅ Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±Ρ‹Ρ‚ΡŒ IP. Π˜ΡΠΏΠΎΠ»ΡŒΠ·ΡƒΠ΅Ρ‚ΡΡ Ρ‚ΠΎΠ»ΡŒΠΊΠΎ для пСрСсылки ΠΏΠ°ΠΊΠ΅Ρ‚ΠΎΠ² ΠΌΠ΅ΠΆΠ΄Ρƒ Leaf

Natijada, freymni Xost-1 dan Xost-2 ga o'tkazish mantig'i quyidagicha:

  1. Host-1 tomonidan yuborilgan ramka VNI 10 bilan bog'langan VLAN 10000-dagi Leaf-ga keladi;
  2. Leaf maqsad manzili qayerda ekanligini tekshiradi va uni ikkinchi Leaf kalitida L3 VNI orqali topadi;
  3. Belgilangan manzilga marshrut topilishi bilanoq, Leaf freymni kerakli L3VNI 99000 sarlavhasiga to'playdi va uni ikkinchi Bargga jo'natadi;
  4. Ikkinchi Leaf kaliti L3VNI 99000 dan ma'lumotlarni oladi. Asl kadrni oladi va uni kerakli L2VNI 20000 ga, keyin esa VLAN 20 ga o'tkazadi.

Ushbu ish natijasida L3VNI tarmoqdagi barcha VNIlar haqidagi ma'lumotlarni barcha Leaf kalitlarida saqlash zaruriyatini yo'q qiladi.

Natijada, biz Host-1-dan Xost-2-ga trafik jo'natganimizda, paket yangi VNI - 99000 bilan VxLAN ichiga to'planadi:

VxLAN zavodi. 2-qism

Leaf-1 boshqa VNI-dan MAC manzili haqida aniq qanday bilib olishini ko'rish kerak. Bu, shuningdek, EVPN marshrut turi 2 (MAC / IP) yordamida sodir bo'ladi.

Quyida boshqa VNIda joylashgan prefiks bo'yicha marshrutni targ'ib qilish jarayoni ko'rsatilgan:

VxLAN zavodi. 2-qism

Ya'ni, VNI 20000 dan olingan manzillar ikkita RTga ega.
Eslatib o'taman, Yangilashdan olingan marshrutlar VRF sozlamalarida ko'rsatilgan marshrut-maqsadli BGP jadvaliga tushadi (jarayon biroz murakkabroq, ammo biz ushbu maqolaga kirmaymiz).
RTning o'zi quyidagi formula bo'yicha tuzilgan: AS:VNI (agar avtomatik rejim ishlatilsa).

Avtomatik va qo'lda rejimlarda RT shakllanishiga misol:

vrf context PROD
  address-family ipv4 unicast
    route-target import auto - автоматичСский Ρ€Π΅ΠΆΠΈΠΌ Ρ€Π°Π±ΠΎΡ‚Ρ‹
    route-target export 65001:20000 - Ρ€ΡƒΡ‡Π½ΠΎΠΉ Ρ€Π΅ΠΆΠΈΠΌ формирования RT

Natijada, boshqa VNI prefikslari ikkita RT qiymatiga ega ekanligini yuqorida ko'rishingiz mumkin.
Ulardan biri 65001:99000 qo'shimcha L3 VNI hisoblanadi. Ushbu VNI barcha Barglarda bir xil bo'lgani va VRF sozlamalaridagi import qoidalarimizga to'g'ri kelganligi sababli, prefiks BGP jadvaliga kiradi, buni chiqishdan ko'rish mumkin:

sh bgp l2vpn evpn
<.....>
   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 10.255.1.11:32777    (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
                      10.255.1.10                       100      32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
                      10.255.1.10                       100      32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
                      10.255.1.10                       100      32768 i

Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272    ! ΠŸΡ€Π΅Ρ„ΠΈΠΊΡ ΠΏΠΎΠ»ΡƒΡ‡Π΅Π½Π½Ρ‹ΠΉ ΠΈΠ· VNI 20000
                      10.255.1.20                       100          0 i
*>i                   10.255.1.20                       100          0 i

Qabul qilingan yangilanishni diqqat bilan ko'rib chiqsak, ushbu prefiksda ikkita RT borligini ko'rishimiz mumkin:

Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW

  Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
  AS-Path: NONE, path sourced internal to AS
    10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
      Origin IGP, MED not set, localpref 100, weight 0
      Received label 20000 99000                                 ! Π”Π²Π° label для Ρ€Π°Π±ΠΎΡ‚Ρ‹ VxLAN
      Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8     ! Π”Π²Π° значСния Route-target, Π½Π° основС, ΠΊΠΎΡ‚ΠΎΡ€Ρ‹Ρ… Π΄ΠΎΠ±Π°Π²ΠΈΠ»ΠΈ Π΄Π°Π½Π½Ρ‹ΠΉ прСфикс
          Router MAC:5001.0005.0007
      Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>

Leaf-1-dagi marshrutlash jadvalida siz 192.168.20.20/32 prefiksini ham ko'rishingiz mumkin:

Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
    *via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
    *via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
    *via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0                                        ! АдрСс Host-2
    *via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001     ! Доступный Ρ‡Π΅Ρ€Π΅Π· Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN                                ! Π§Π΅Ρ€Π΅Π· VNI 99000

Marshrutlash jadvalida etishmayotgan asosiy prefiks 192.168.20.0/24ga e'tibor bering?
To'g'ri, u erda emas. Ya'ni, masofaviy Leafs faqat sizning tarmog'ingizdagi xostlar haqida ma'lumot oladi. Va bu to'g'ri xatti-harakatlar. Yuqorida, barcha yangilanishlarda siz ma'lumotlar MAC / IP mazmuni bilan kelishini ko'rishingiz mumkin. Gapiradigan prefikslar yo'q.

Bu BGP jadvali to'ldiriladigan ARP jadvalini to'ldiradigan Xost Mobility Manager (HMM) protokoli (biz ushbu maqola doirasida ushbu jarayonni o'tkazib yuboramiz). HMM dan olingan ma'lumotlarga asoslanib, marshrut turi 2 EVPNlar shakllantiriladi (MAC / IP orqali uzatiladi).

Biroq, agar prefiks haqida ma'lumot uzatish zarurati tug'ilsa-chi?

Ushbu turdagi ma'lumotlar uchun 5-turdagi EVPN marshruti mavjud - bu sizga l2vpn evpn manzil-familiyasi orqali prefikslarni yuborish imkonini beradi (ushbu yozish paytida ushbu turdagi marshrut faqat qoralama versiyada mavjud) RFC, shuning uchun turli ishlab chiqaruvchilar ushbu turdagi marshrutning har xil xatti-harakatlariga ega bo'lishi mumkin)

Prefikslarni uzatish uchun VRF uchun BGP jarayonida prefikslarni qo'shish kerak, ular reklama qilinadi:

router bgp 65001
  vrf PROD
    address-family ipv4 unicast
      redistribute direct route-map VNI20000        ! Π’ Π΄Π°Π½Π½ΠΎΠΌ случаС анонсируСм прСфиксы ΠΏΠΎΠ΄ΠΊΠ»ΡŽΡ‡Π΅Π½ΠΈΠ΅ нСпосрСдствСнно ΠΊ Leaf Π² VNI 20000
route-map VNI20000 permit 10
  match ip address prefix-list VNI20000_OUT    ! Π£ΠΊΠ°Π·Ρ‹Π²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΎΠΉ ΠΈΡΠΏΠΎΠ»ΡŒΠ·ΠΎΠ²Π°Ρ‚ΡŒ prefix-list

ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24   ! Π£ΠΊΠ°Π·Ρ‹Π²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΈΠ΅ сСти Π±ΡƒΠ΄ΡƒΡ‚ ΠΏΠΎΠΏΠ°Π΄Π°Ρ‚ΡŒ Π² EVPN route-type 5

Natijada, yangilanish quyidagicha bo'ladi:

VxLAN zavodi. 2-qism

Keling, BGP jadvalini ko'rib chiqaylik. EVPN marshrut turi 2,3 ga qo'shimcha ravishda tarmoq raqami haqida ma'lumotni o'z ichiga olgan 5-turdagi marshrutlar paydo bo'ldi:

<......>
   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
                      10.255.1.10              0        100          0 ?
*>i                   10.255.1.10              0        100          0 ?

Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
                      10.255.1.10                       100          0 i
*>i                   10.255.1.10                       100          0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
                      10.255.1.10                       100          0 i
*>i                   10.255.1.10                       100          0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
                      10.255.1.10                       100          0 i
*>i                   10.255.1.10                       100          0 i

Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224      ! EVPN route-type 5 с Π½ΠΎΠΌΠ΅Ρ€ΠΎΠΌ прСфикса
                      10.255.1.10              0        100          0 ?
* i
<.......>

Prefiks marshrutlash jadvalida ham paydo bo'ldi:

Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
    *via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001  ! Π£Π΄Π°Π»Π΅Π½Π½Ρ‹ΠΉ прСфикс, доступный Ρ‡Π΅Ρ€Π΅Π· Leaf1/2(адрСс Next-hop = virtual IP ΠΌΠ΅ΠΆΠ΄Ρƒ ΠΏΠ°Ρ€ΠΎΠΉ VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN      ! ΠŸΡ€Π΅Ρ„ΠΈΠΊΡ доступСн Ρ‡Π΅Ρ€Π΅Π· L3VNI 99000

192.168.10.10/32, ubest/mbest: 1/0
    *via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN

192.168.20.0/24, ubest/mbest: 1/0, attached
    *via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
    *via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
    *via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmm

Bu VxLAN EVPN haqidagi maqolalar seriyasining ikkinchi qismini yakunlaydi. Keyingi qismda biz VRFlar o'rtasida marshrutlashning turli variantlarini ko'rib chiqamiz.

IPv6 asoslari va uning IPv4 dan farqi

Manba: www.habr.com

a Izoh qo'shish