Molo, habr. Okwangoku ndiyinkokeli yekhosi yekhosi yeNjineli yeNethiwekhi e-OTUS.
Ukulindela ukuqala kobhaliso olutsha lwekhosi , Ndilungiselele uluhlu lwamanqaku kwi-teknoloji ye-VxLAN EVPN.
Kukho ubuninzi bezinto eziphathekayo malunga nendlela i-VxLAN EVPN isebenza ngayo, ngoko ke ndifuna ukuqokelela imisebenzi eyahlukeneyo kunye nezenzo zokusombulula iingxaki kwiziko ledatha yanamhlanje.
Kwinxalenye yokuqala yochungechunge kwi-teknoloji ye-VxLAN EVPN, ndifuna ukujonga indlela yokuququzelela uxhulumaniso lwe-L2 phakathi kwemikhosi phezu kwendwangu yenethiwekhi.
Yonke imizekelo iya kwenziwa kwiCisco Nexus 9000v, ehlanganiswe kwi-topology ye-Spine-Leaf. Asiyi kuhlala ekusekeni inethiwekhi ye-Underlay kweli nqaku.
- Uthungelwano lwangaphantsi
- BGP yokujonga idilesi-usapho l2vpn evpn
- Ukumisela i-NVE
- Ukucinezela-arp
Uthungelwano lwangaphantsi
I-topology esetyenziswe ngolu hlobo lulandelayo:
Masisete iidilesi kuzo zonke izixhobo:
Spine-1 - 10.255.1.101
Spine-2 - 10.255.1.102
Leaf-11 - 10.255.1.11
Leaf-12 - 10.255.1.12
Leaf-21 - 10.255.1.21
Host-1 - 192.168.10.10
Host-2 - 192.168.10.20Makhe sijonge ukuba kukho unxibelelwano lwe-IP phakathi kwazo zonke izixhobo:
Leaf21# sh ip route
<........>
10.255.1.11/32, ubest/mbest: 2/0 ! Leaf-11 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 2/0 ! Leaf-12 Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅Π΅ΡΠ· Π΄Π²Π° Spine
*via 10.255.1.101, Eth1/4, [110/81], 00:00:03, ospf-UNDERLAY, intra
*via 10.255.1.102, Eth1/3, [110/81], 00:00:03, ospf-UNDERLAY, intra
10.255.1.21/32, ubest/mbest: 2/0, attached
*via 10.255.1.22, Lo0, [0/0], 00:02:20, local
*via 10.255.1.22, Lo0, [0/0], 00:02:20, direct
10.255.1.101/32, ubest/mbest: 1/0
*via 10.255.1.101, Eth1/4, [110/41], 00:00:06, ospf-UNDERLAY, intra
10.255.1.102/32, ubest/mbest: 1/0
*via 10.255.1.102, Eth1/3, [110/41], 00:00:03, ospf-UNDERLAY, intraMakhe sijonge ukuba i-domain ye-VPC yenziwe kwaye zombini iitshintshi zigqithise ukukhangela okufanayo kunye nezicwangciso kuzo zombini iindawo ziyafana:
Leaf11# show vpc
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 0
Peer Gateway : Disabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
5 Po5 up success success 1BGP ukujonga
Okokugqibela, ungaqhubela phambili ukuseta inethiwekhi yeNgqungquthela.
Njengenxalenye yenqaku, kuyimfuneko ukulungiselela uthungelwano phakathi kweenginginya, njengoko kubonisiwe kumzobo ongezantsi:
Ukuqwalasela inethiwekhi ye-Overlay, kufuneka wenze i-BGP kwi-Spine kunye ne-Leaf switch ngenkxaso yosapho lwe-l2vpn evpn:
feature bgp
nv overlay evpnOkulandelayo, kufuneka uqwalasele iBGP yokujonga phakathi kweQebi kunye noMnqonqo. Ukwenza lula ukuseta kunye nokwandisa ukusasazwa kolwazi lwendlela, siqwalasela i-Spine njengomncedisi we-Route-Reflector. Siza kubhala lonke Igqabi kuqwalaselo sisebenzisa iitemplates ukwandisa ukuseta.
Ke iisetingi kwiSpine zijongeka ngolu hlobo:
router bgp 65001
template peer LEAF
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 10.255.1.11
inherit peer LEAF
neighbor 10.255.1.12
inherit peer LEAF
neighbor 10.255.1.21
inherit peer LEAFUkuseta kwiSwitshi yeLeaf kubonakala kufana:
router bgp 65001
template peer SPINE
remote-as 65001
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.255.1.101
inherit peer SPINE
neighbor 10.255.1.102
inherit peer SPINEKwiSpine, makhe sijonge ukujonga kuzo zonke iiswitshi zeLeaf:
Spine1# sh bgp l2vpn evpn summary
<.....>
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.255.1.11 4 65001 7 8 6 0 0 00:01:45 0
10.255.1.12 4 65001 7 7 6 0 0 00:01:16 0
10.255.1.21 4 65001 7 7 6 0 0 00:01:01 0Njengoko ubona, akukho ngxaki nge BGP. Masiqhubele phambili ukuseta iVxLAN. Uqwalaselo olongezelelweyo luya kwenziwa kuphela kwicala leLeaf lokutshintsha. Umqolo usebenza kuphela njengondoqo womnatha kwaye ubandakanyeka kuphela ekudluliseni i-traffic. Wonke umsebenzi we-encapsulation kunye nokuzimisela kwendlela kwenzeka kuphela kwiiswitshi zeLeaf.
Ukumisela i-NVE
I-NVE - ujongano lwenyani yenethiwekhi
Ngaphambi kokuba siqalise ukuseta, makhe sazise isigama:
I-VTEP - I-Vitual Tunnel End Point, isixhobo apho i-tunnel ye-VxLAN iqala okanye iphela. I-VTEP ayisiyiyo nasiphi na isixhobo sothungelwano. Iseva exhasa iteknoloji yeVxLAN nayo inokusebenza njengomncedisi. Kwitopology yethu, zonke iiswitshi zeLeaf ziyi-VTEP.
I-VNI - i-Index yeNethiwekhi ebonakalayo - isihlonzi senethiwekhi ngaphakathi kweVxLAN. Isifaniso sinokuzotywa ngeVLAN. Noko ke, kukho umahluko. Xa usebenzisa ilaphu, iiVLANs ziba zizodwa kuphela kwiShitshi enye kwaye azigqithiselwa kwinethiwekhi. Kodwa i-VLAN nganye ingaba nenombolo ye-VNI ehambelana nayo, esele idluliselwe kwinethiwekhi. Indlela ekhangeleka ngayo nendlela enokusetyenziswa ngayo kuya kuxutyushwa ngokubhekele phaya.
Masivumele inqaku letekhnoloji ye-VxLAN ukuba isebenze kunye nokukwazi ukudibanisa iinombolo zeVLAN ngenombolo yeVNI:
feature nv overlay
feature vn-segment-vlan-basedMakhe siqwalasele i-interface ye-NVE, enoxanduva lokusebenza kweVxLAN. Olu jongano lunoxanduva lokufakela izakhelo kwiiheader zeVxLAN. Ungazoba umzekeliso kunye nojongano lweTunnel ye-GRE:
interface nve1
no shutdown
host-reachability protocol bgp ! ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGP Π΄Π»Ρ ΠΏΠ΅ΡΠ΅Π΄Π°ΡΠΈ ΠΌΠ°ΡΡΡΡΡΠ½ΠΎΠΉ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ
source-interface loopback0 ! ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ Ρ ΠΊΠΎΡΠΎΡΠΎΠ³ΠΎ ΠΎΡΠΏΡΠ°Π²Π»ΡΠ΅ΠΌ ΠΏΠ°ΠΊΠ΅ΡΡ loopback0Kwi-Leaf-21 switch yonke into yenziwa ngaphandle kweengxaki. Nangona kunjalo, ukuba sijonga imveliso yomyalelo show nve peers, ngoko liya kuba lilize. Apha kufuneka ubuyele kuqwalaselo lweVPC. Siyabona ukuba iLeaf-11 kunye neLeaf-12 basebenza ngababini kwaye badityaniswa yi-domain yeVPC. Oku kusinika le meko ilandelayo:
Umamkeli-2 uthumela isakhelo esinye ngakwiLeaf-21 ukuze idlulise phezu kothungelwano ukuya kumamkeli-1. Nangona kunjalo, iLeaf-21 ibona ukuba idilesi ye-MAC ye-Host-1 ifikeleleka kwii-VTEP ezimbini kanye. Kufuneka lenze ntoni iLeaf-21 kule meko? Ngapha koko, oku kuthetha ukuba i-loop inokuvela kwinethiwekhi.
Ukusombulula le meko, sifuna iLeaf-11 kunye neLeaf-12 ukuba zisebenze njengesixhobo esinye kumzi-mveliso. Isisombululo silula kakhulu. Kujongano lweLoopback apho sakha khona itonela, yongeza idilesi yesibini. Idilesi yesibini kufuneka ifane kuzo zombini ii-VTEPs.
interface loopback0
ip add 10.255.1.10/32 secondaryKe, ngokwembono yezinye ii-VTEPs, sifumana le topology ilandelayo:
Oko kukuthi, ngoku itonela iya kwakhiwa phakathi kwedilesi ye-IP ye-Leaf-21 kunye ne-IP ebonakalayo phakathi kwe-Leaf-11 kunye ne-Leaf-12. Ngoku akuyi kuba neengxaki zokufunda idilesi ye-MAC kwizixhobo ezibini kunye ne-traffic inokuhamba ukusuka kwi-VTEP enye ukuya kwenye. Yeyiphi kwezi zimbini ii-VTEP eziya kuqhubekekisa i-traffic igqitywe kusetyenziswa itafile yomzila kwi-Spine:
Spine1# sh ip route
<.....>
10.255.1.10/32, ubest/mbest: 2/0
*via 10.255.1.11, Eth1/1, [110/41], 1d01h, ospf-UNDERLAY, intra
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intra
10.255.1.11/32, ubest/mbest: 1/0
*via 10.255.1.11, Eth1/1, [110/41], 1d22h, ospf-UNDERLAY, intra
10.255.1.12/32, ubest/mbest: 1/0
*via 10.255.1.12, Eth1/2, [110/41], 1d01h, ospf-UNDERLAY, intraNjengoko ubona ngasentla, idilesi 10.255.1.10 ifumaneka ngoko nangoko ngokusebenzisa ezimbini Next-hops.
Kweli nqanaba, siye sajongana noqhagamshelo olusisiseko. Masiqhubele phambili ukuseta ujongano lwe-NVE:
Masivumele ngokukhawuleza iVlan 10 kwaye siyinxulumanise ne-VNI 10000 kwiPhepha ngalinye kubamkeli. Masiseke itonela ye-L2 phakathi kweenginginya
vlan 10 ! ΠΠΊΠ»ΡΡΠ°Π΅ΠΌ VLAN Π½Π° Π²ΡΠ΅Ρ
VTEP ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½Π½ΡΡ
ΠΊ Π½Π΅ΠΎΠ±Ρ
ΠΎΠ΄ΠΈΠΌΡΠΌ Ρ
ΠΎΡΡΠ°ΠΌ
vn-segment 10000 ! ΠΡΡΠΎΡΠΈΠΈΡΡΠ΅ΠΌ VLAN Ρ Π½ΠΎΠΌΠ΅Ρ VNI
interface nve1
member vni 10000 ! ΠΠΎΠ±Π°Π²Π»ΡΠ΅ΠΌ VNI 10000 Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ ΡΠ΅ΡΠ΅Π· ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡ NVE. Π΄Π»Ρ ΠΈΠ½ΠΊΠ°ΠΏΡΡΠ»ΡΡΠΈΠΈ Π² VxLAN
ingress-replication protocol bgp ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ, ΡΡΠΎ Π΄Π»Ρ ΡΠ°ΡΠΏΡΠΎΡΡΡΠ°Π½Π΅Π½ΠΈΡ ΠΈΠ½ΡΠΎΡΠΌΠ°ΡΠΈΠΈ ΠΎ Ρ
ΠΎΡΡΠ΅ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ BGPNgoku makhe sijonge nve oontanga kunye netafile ye-BGP EVPN:
Leaf21# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 10.255.1.10 Up CP 00:00:41 n/a ! ΠΠΈΠ΄ΠΈΠΌ ΡΡΠΎ peer Π΄ΠΎΡΡΡΠΏΠ΅Π½ Ρ secondary Π°Π΄ΡΠ΅ΡΠ°
Leaf11# sh bgp l2vpn evpn
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000) ! ΠΡ ΠΊΠΎΠ³ΠΎ ΠΈΠΌΠ΅Π½Π½ΠΎ ΠΏΡΠΈΡΠ΅Π» ΡΡΠΎΡ l2VNI
*>l[3]:[0]:[32]:[10.255.1.10]/88 ! EVPN route-type 3 - ΠΏΠΎΠΊΠ°Π·ΡΠ²Π°Π΅Ρ Π½Π°ΡΠ΅Π³ΠΎ ΡΠΎΡΠ΅Π΄Π°, ΠΊΠΎΡΠΎΡΡΠΉ ΡΠ°ΠΊ ΠΆΠ΅ Π·Π½Π°Π΅Ρ ΠΎΠ± l2VNI10000
10.255.1.10 100 32768 i
*>i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
* i 10.255.1.20 100 0 i
Route Distinguisher: 10.255.1.21:32777
* i[3]:[0]:[32]:[10.255.1.20]/88
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iNgaphezulu sibona kuphela umzila we-EVPN-uhlobo lweendlela ze-3. Olu hlobo lwendlela luthetha malunga nentanga (Igqabi), kodwa baphi ababuki zindwendwe bethu?
Into kukuba ulwazi malunga neenginginya ze-MAC zihanjiswa nge-EVPN indlela yohlobo lwe-2
Ukuze ubone ababuki zindwendwe bethu, kufuneka uqwalasele indlela ye-EVPN yohlobo 2:
evpn
vni 10000 l2
route-target import auto ! Π² ΡΠ°ΠΌΠΊΠ°Ρ
Π΄Π°Π½Π½ΠΎΠΉ ΡΡΠ°ΡΡΠΈ ΠΈΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΠΌ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ Π½ΠΎΠΌΠ΅Ρ Π΄Π»Ρ route-target
route-target export autoMasingene sisuka kuMamkeli-2 siye kumamkeli-1:
Firewall2# ping 192.168.10.1
PING 192.168.10.1 (192.168.10.1): 56 data bytes
36 bytes from 192.168.10.2: Destination Host Unreachable
Request 0 timed out
64 bytes from 192.168.10.1: icmp_seq=1 ttl=254 time=215.555 ms
64 bytes from 192.168.10.1: icmp_seq=2 ttl=254 time=38.756 ms
64 bytes from 192.168.10.1: icmp_seq=3 ttl=254 time=42.484 ms
64 bytes from 192.168.10.1: icmp_seq=4 ttl=254 time=40.983 msKwaye ngezantsi sinokubona ukuba indlela-uhlobo lwe-2 kunye nedilesi ye-MAC yomninimzi ibonakala kwitafile ye-BGP - 5001.0007.0007 kunye ne-5001.0008.0007
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 1
10.255.1.10 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216 ! evpn route-type 2 ΠΈ mac Π°Π΄ΡΠ΅Ρ Ρ
ΠΎΡΡΠ° 2
* i 10.255.1.20 100 0 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iOkulandelayo, unokubona iinkcukacha ezineenkcukacha kuHlaziyo, apho ufumene khona ulwazi malunga noMamkeli we-MAC. Apha ngezantsi akusiyo yonke imveliso yomyalelo.
Leaf21# sh bgp l2vpn evpn 5001.0007.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.11:32777 ! ΠΎΡΠΏΡΠ°Π²ΠΈΠ» Update Ρ MAC Host. ΠΠ΅ Π²ΠΈΡΡΡΠ°Π»ΡΠ½ΡΠΉ Π°Π΄ΡΠ΅Ρ VPC, Π° Π°Π΄ΡΠ΅Ρ Leaf
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216,
version 1507
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labe
led nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.10 (metric 81) from 10.255.1.102 (10.255.1.102) ! Ρ ΠΊΠ΅ΠΌ ΠΈΠΌΠ΅Π½Π½ΠΎ ΡΡΡΠΎΠΈΠΌ VxLAN ΡΠΎΠ½Π½Π΅Π»Ρ
Origin IGP, MED not set, localpref 100, weight 0
Received label 10000 ! ΠΠΎΠΌΠ΅Ρ VNI, ΠΊΠΎΡΠΎΡΡΠΉ Π°ΡΡΠΎΡΠΈΠΈΡΠΎΠ²Π°Π½ Ρ VLAN, Π² ΠΊΠΎΡΠΎΡΠΎΠΌ Π½Π°Ρ
ΠΎΠ΄ΠΈΡΡΡ Host
Extcommunity: RT:65001:10000 SOO:10.255.1.10:0 ENCAP:8 ! Π’ΡΡ Π²ΠΈΠ΄Π½ΠΎ, ΡΡΠΎ RT ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π»ΡΡ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅ Π½ΠΎΠΌΠ΅ΡΠΎΠ² AS ΠΈ VNI
Originator: 10.255.1.11 Cluster list: 10.255.1.102
<........>Makhe sibone ukuba iifreyimu zikhangeleka njani xa zigqithwa kumzi-mveliso:
Ukucinezela-ARP
Kulungile, ngoku sinonxibelelwano lwe-L2 phakathi kwababuki zindwendwe kwaye sinokugqiba apho. Nangona kunjalo, ayizizo zonke ezilula. Ngethuba nje sineendwendwe ezimbalwa aziyi kubakho iingxaki. Kodwa makhe sibe nomfanekiso-ngqondweni wemeko apho sinamakhulu kunye namawaka emikhosi. Yiyiphi ingxaki esinokujamelana nayo?
Le ngxaki yi-BUM(Usasazo, i-Unicast engaziwayo, i-Multicast) traffic. Kweli nqaku, siza kuqwalasela ukhetho lokujongana ne-traffic traffic.
Ijenereyitha yoSasazo ephambili kwiinethiwekhi ze-Ethernet yimikhosi ngokwazo nge-protocol ye-ARP.
I-Nexus isebenzisa le ndlela ilandelayo yokulwa izicelo ze-ARP - cinezela-arp.
Olu phawu lusebenza ngolu hlobo lulandelayo:
- Umamkeli-1 uthumela isicelo se-APR kwidilesi yoSasazo yenethiwekhi yayo.
- Isicelo sifikelela kwi-Leaf switch kwaye endaweni yokudlulisa esi sicelo ngakumbi kwilaphu ukuya kwi-Host-2, iLeaf liphendula ngokwalo kwaye libonisa i-IP efunekayo kunye ne-MAC.
Ke, isicelo soSasazo asizange siye kumzi-mveliso. Kodwa inokusebenza njani le nto ukuba iLeaf iyazi idilesi ye-MAC kuphela?
Yonke into ilula, uhlobo lwe-2 ye-EVPN, ukongeza kwidilesi ye-MAC, inokuhambisa indibaniselwano ye-MAC/IP. Ukwenza oku, kufuneka uqwalasele idilesi ye-IP kwiVLAN kwiLeaf. Umbuzo uvela, yiyiphi i-IP endimele ndiyibeke? Kwi-nexus kuyenzeka ukwenza idilesi esasaziweyo (efanayo) kuzo zonke iiswitshi:
feature interface-vlan
fabric forwarding anycast-gateway-mac 0001.0001.0001 ! Π·Π°Π΄Π°Π΅ΠΌ virtual mac Π΄Π»Ρ ΡΠΎΠ·Π΄Π°Π½ΠΈΡ ΡΠ°ΡΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠ³ΠΎ ΡΠ»ΡΠ·Π° ΠΌΠ΅ΠΆΠ΄Ρ Π²ΡΠ΅ΠΌΠΈ ΠΊΠΎΠΌΠΌΡΡΠ°ΡΠΎΡΠ°ΠΌΠΈ
interface Vlan10
no shutdown
ip address 192.168.10.254/24 ! Π½Π° Π²ΡΠ΅Ρ
Leaf Π·Π°Π΄Π°Π΅ΠΌ ΠΎΠ΄ΠΈΠ½Π°ΠΊΠΎΠ²ΡΠΉ IP
fabric forwarding mode anycast-gateway ! Π³ΠΎΠ²ΠΎΡΠΈΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ Virtual macKe, ngokwembono yenginginya, inethiwekhi iya kujongeka ngolu hlobo:
Makhe sijonge i-BGP l2route evpn
Leaf11# sh bgp l2vpn evpn
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.21 100 32768 i
*>i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
* i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
<......>
Route Distinguisher: 10.255.1.21:32777
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[0]:[0.0.0.0]/216
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.10.20]/248
*>i 10.255.1.20 100 0 i
<......>Ukusuka kwisiphumo somyalelo unokubona ukuba kwi-EVPN yohlobo lwe-2, ukongeza kwi-MAC, ngoku sibona idilesi ye-IP yomkhosi.
Masibuyele kulungiselelo lokucinezela-arp. Olu seto luvuliwe kwiVNI nganye ngokwahlukeneyo:
interface nve1
member vni 10000
suppress-arpEmva koko kuvela ubunzima obuthile:
- Ukuze olu phawu lusebenze, kufuneka indawo kwimemori ye-TCAM. Nanku umzekelo wemimiselo yokucinezela-arp:
hardware access-list tcam region arp-ether 256Olu seto luya kufuna ububanzi obuphindwe kabini. Okokuthi, ukuba ubeka i-256, ngoko kufuneka ukhulule i-512 kwi-TCAM.Ukumisela i-TCAM kungaphaya kommandla weli nqaku, ekubeni ukuseta i-TCAM kuxhomekeke kuphela kumsebenzi owabelwe wona kwaye kunokwahluka kwinethiwekhi enye ukuya kwenye.
- Ukuphumeza i-spress-arp kufuneka kwenziwe kuzo zonke iiswitshi zeLeaf. Nangona kunjalo, ukuntsonkotha kunokuvela xa kuqwalaselwe kwizibini zeLeaf ezihlala kwindawo yeVPC. Ukuba i-TCAM itshintshile, ukuhambelana phakathi kweebini kuya kwaphulwa kwaye enye i-node inokukhutshwa ngaphandle kokusebenza. Ukongeza, ukuqaliswa kwesixhobo kunokufuneka ukuba ufake isethingi yokutshintsha kwe-TCAM.
Ngenxa yoko, kufuneka uqwalasele ngononophelo ukuba, kwimeko yakho, kufanelekile ukuphumeza olu seto kwifektri esebenzayo.
Oku kuqukumbela inxalenye yokuqala yolu ngcelele. Kwicandelo elilandelayo siza kujonga indlela ngelaphu leVxLAN kunye nokwahlulwa kothungelwano kwiiVRF ezahlukeneyo.
Kwaye ngoku ndimema wonke umntu , apho ndiya kukuxelela ngokubanzi malunga nekhosi. Abathathi-nxaxheba bokuqala be-20 ukubhalisa kule webinar baya kufumana iSatifikethi seDiscount nge-imeyile kwiintsuku ze-1-2 emva kokusasazwa.
umthombo: www.habr.com