Molo, Habr. Ndiqhubeka nochungechunge lwamanqaku kwi-VxLAN EVPN iteknoloji, leyo zibhalelwe ngokukodwa ukuqaliswa kwekhosi ukusuka OTUS. Kwaye namhlanje siza kujonga inxalenye enomdla yomsebenzi - umzila. Kungakhathaliseki ukuba ingaba yinto encinci kangakanani, nangona kunjalo, ngaphakathi kwesakhelo somsebenzi wefektri yenethiwekhi, yonke into isenokungabi lula.
Kwinxalenye yokugqibela, siphumelele isizinda esinye sosasazo esakhiwe phezulu kwelaphu lenethiwekhi kwi-Nexus 9000v. Nangona kunjalo, olu alulo lonke uluhlu lwemisebenzi ekufuneka isonjululwe ngaphakathi kwinethiwekhi yeziko ledatha. Kwaye namhlanje siza kujonga umsebenzi olandelayo - umzila phakathi kwenethiwekhi okanye phakathi kweVNIs.
Makhe ndikukhumbuze ukuba i-Spine-Leaf topology isetyenziswa:
Okokuqala, makhe sijonge indlela okwenzeka ngayo umzila kunye nokuba zeziphi iimpawu enazo.
Ukuqonda, masenze lula umzobo we-logic kwaye songeze enye i-VNI 20000 ye-Host-2. Isiphumo sithi:
Njani, kule meko, ungayidlulisela njani i-traffic ukusuka kwi-Host enye ukuya kwenye?
Zimbini izinto onokukhetha kuzo:
- Gcina ulwazi malunga nazo zonke iiVNIs kuzo zonke iiswitshi zeLeaf, emva koko zonke iindlela ziya kwenzeka kwiLeaf lokuqala kwinethiwekhi;
- Sebenzisa i-L3 VNI ezinikeleyo
Indlela yokuqala ilula kwaye ifanelekile. Kuba ufuna nje ukufaka yonke iVNI kuzo zonke iiswitshi zeLeaf. Nangona kunjalo, ukuseta amakhulu okanye amawaka e-VNIs kuwo onke amagqabi akusabonakali njengomsebenzi olula. Ke ngoko, isetyenziswa kakhulu kunqabile emsebenzini.
Makhe sijonge indlela yesi-2, enomdla ngakumbi kwaye intsonkothe ngakumbi, kodwa inika ukuguquguquka ngakumbi ekumiseni umzi-mveliso.
Makhe songeze "PROD" kwi-VRF topology. Kuyo siya kongeza ujongano vlan 10 kwi pair Leaf-11/12 kunye nojongano VLAN 20 kwi Leaf-21. I-VLAN 20 inxulumene neVNI 20000
vrf context PROD
rd auto ! Route Distinguisher не принципиален и можем использовать сформированный автоматически
address-family ipv4 unicast
route-target both auto ! указываем Route-target с которым будут импортироваться и экспортироваться префиксы в/из VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayUkuze usebenzise i-L3VNI, kufuneka wenze iVLAN entsha kwaye uyinxulumanise neVNI entsha. I-VNI entsha kufuneka ifane kuwo onke aMagqabi anomdla kwi-VLAN 10 kunye nolwazi lwe-20
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Создаем L3 VNI
vrf context PROD
vni 99000 ! Привязываем L3 VNI к определенному VRFNgenxa yoko, umzobo uya kujongeka ngolu hlobo:
Kuhlala kusenziwa kancinci-yongeza enye i-interface - ujongano vlan 99 kwiVRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! На интерфейсе не должно быть IP. Используется только для пересылки пакетов между LeafNgenxa yoko, ingqiqo yokudlulisa isakhelo ukusuka kwi-Host-1 ukuya kwi-Host-2 ihamba ngolu hlobo lulandelayo:
- Isakhelo esithunyelwe ngu-Host-1 sifika kwiLeaf kwi-VLAN 10, ehambelana ne-VNI 10000;
- Igqabi lijonga ukuba iphi idilesi yendawo ekuyiwa kuyo kwaye liyifumene nge-L3 VNI kwitshintshi yesibini yeLeaf;
- Ngokukhawuleza ukuba indlela eya kwidilesi yendawo ifunyenwe, iLeaf ipakisha isakhelo kwi-header kunye ne-L3VNI efunekayo 99000 - kwaye iyithumele ngokubhekiselele kwiNqanaba lesibini;
- Ukutshintshwa kweLeaf yesibini ifumana idatha kwi-L3VNI 99000. Ithatha isakhelo sokuqala kwaye siyidlulisela kwi-L2VNI 20000 efunekayo kwaye emva koko kwi-VLAN 20.
Ngenxa yalo msebenzi, i-L3VNI iphelisa imfuneko yokugcina ulwazi malunga nazo zonke ii-VNI ezikuthungelwano kuzo zonke iinguqu zeLeaf.
Ngenxa yoko, xa sithumela i-traffic esuka kwi-Host-1 ukuya kwi-Host-2, ipakethe ifakwe ngaphakathi kwe-VxLAN nge-VNI entsha - 99000:
Kuhlala kubonwa ukuba iLeaf-1 ifunda njani malunga nedilesi ye-MAC kwenye iVNI. Oku kwenzeka kwakhona usebenzisa i-EVPN indlela yohlobo lwe-2 (MAC/IP).
Oku kulandelayo kubonisa inkqubo yokusasaza indlela malunga nesimaphambili esikwenye iVNI:
Oko kukuthi, iidilesi ezifunyenwe kwi-VNI 20000 zinee-RT ezimbini.
Mandikukhumbuze ukuba iindlela ezifunyenwe kuHlaziyo ziphelela kwitafile ye-BGP kunye neNdlela-ekujoliswe kuyo ekhankanyiweyo kwizicwangciso zeVRF (inkqubo ngandlel' ithile intsonkothe ngakumbi, kodwa asiyi kungena kweli nqaku).
I-RT ngokwayo yenziwe ngokwefomula: AS:VNI (ukuba imo ezenzekelayo isetyenziswa).
Umzekelo wokwenziwa kwe-RT kwimowudi ezenzekelayo neyemanuwali:
vrf context PROD
address-family ipv4 unicast
route-target import auto - автоматический режим работы
route-target export 65001:20000 - ручной режим формирования RTIsiphumo esingentla sibonisa ukuba izimaphambili ezisuka kwenye iVNI zinamaxabiso amabini eRT.
Omnye wabo ngu-65001: 99000 - i-L3 VNI eyongezelelweyo. Ekubeni le VNI iyafana kuwo onke amagqabi kwaye iwela phantsi kwemithetho yethu yokungenisa kwi-VRF izicwangciso, isimaphambili siphela kwitafile ye-BGP, enokubonwa kwimveliso:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! Префикс полученный из VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iUkuba sijonga ngakumbi kuhlaziyo olufunyenweyo, sinokubona ukuba esi simaphambili sineeRT ezimbini:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! Два label для работы VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! Два значения Route-target, на основе, которых добавили данный префикс
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>Kwitheyibhile yendlela kwiLeaf-1 ungabona kwakhona isimaphambili 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! Адрес Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! Доступный через Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Через VNI 99000Uqaphele ukungabikho kwesimaphambili esiphambili 192.168.20.0/24 kwitheyibhile yomzila?
Kunjalo, akakho apho. Oko kukuthi, Amagqabi akude afumana ulwazi kuphela malunga neenginginya ezikwinethiwekhi yakho. Kwaye oku kukuziphatha okuchanekileyo. Ngaphezulu kulo lonke uhlaziyo unokubona ukuba ulwazi luza nomxholo we-MAC/IP. Akukho ntetho yaso nasiphi na isimaphambili.
Yile ndlela iprotocol ye-Host Mobility Manager (HMM) isebenza ngayo, egcwalisa itafile ye-ARP apho itheyibhile ye-BGP igcwaliswa (siya kuyishiya le nkqubo ngeenjongo zeli nqaku). Ngokusekelwe kulwazi olufunyenwe kwi-HMM, i-EVPN yohlobo lwendlela ye-2 yenziwa (ihanjiswa yi-MAC/IP).
Nangona kunjalo, kuthekani ukuba kukho imfuneko yokudlulisela ulwazi malunga nesimaphambili?
Ngolu hlobo lolwazi, kukho i-EVPN indlela-uhlobo lwe-5 - ikuvumela ukuba udlulise izimaphambili ngedilesi-usapho l2vpn evpn (olu hlobo lweendlela ngexesha lokubhala kuphela kwinguqulo yedrafti , ngenxa yoku, ukuziphatha kolu hlobo lwendlela kunokwahluka phakathi kwabavelisi abohlukeneyo)
Ukusasaza izimaphambili, kuyafuneka ukongeza izimaphambili eziya kubhengezwa kwinkqubo yeBGP yeVRF:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! В данном случае анонсируем префиксы подключение непосредственно к Leaf в VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Указываем какой использовать prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Указываем какие сети будут попадать в EVPN route-type 5Ngenxa yoko, uHlaziyo luya kuba:
Makhe sijonge itafile ye-BGP. Ukongeza kwindlela ye-EVPN-uhlobo lwe-2,3, uhlobo lweendlela ezi-5 zivele, eziqulethe ulwazi malunga nenombolo yenethiwekhi:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 с номером префикса
10.255.1.10 0 100 0 ?
* i
<.......> Isimaphambili siphinde savela kwitafile yendlela:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Удаленный префикс, доступный через Leaf1/2(адрес Next-hop = virtual IP между парой VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! Префикс доступен через L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmOku kugqiba inxalenye yesibini yoluhlu lwamanqaku kwi-VxLAN EVPN. Kwicandelo elilandelayo siza kujonga iindlela ezahlukeneyo zokukhetha phakathi kweVRFs.
umthombo: www.habr.com
