Hey Habr. Mo tẹsiwaju lẹsẹsẹ awọn nkan lori imọ-ẹrọ VxLAN EVPN, eyiti ni a kọ ni pataki fun ifilọlẹ iṣẹ-ẹkọ naa nipasẹ OTUS. Ati loni a yoo ro ohun awon apa ti awọn iṣẹ-ṣiṣe - afisona. Ko si bi o ṣe le dun, sibẹsibẹ, gẹgẹbi apakan ti iṣẹ ti ile-iṣẹ nẹtiwọki kan, ohun gbogbo ko le rọrun.
Ni apakan ti o kẹhin, a ṣaṣeyọri agbegbe igbohunsafefe kan ti a ṣe si oke ti aṣọ nẹtiwọọki kan lori Nesusi 9000v kan. Sibẹsibẹ, eyi kii ṣe gbogbo awọn iṣẹ ṣiṣe ti o nilo lati yanju laarin ilana ti nẹtiwọọki aarin data. Ati loni a yoo ro awọn wọnyi iṣẹ-ṣiṣe - afisona laarin awọn nẹtiwọki tabi laarin awọn VNIs.
Jẹ ki n leti pe o jẹ lilo topology Spine-Leaf:
Lati bẹrẹ pẹlu, a yoo ṣe itupalẹ bi ipa-ọna ṣe waye ati awọn ẹya wo ni o ni.
Fun oye, jẹ ki a rọrun aworan atọka kannaa ki a ṣafikun VNI 20000 miiran fun Host-2. Abajade ni:
Bawo ni, ninu ọran yii, o le gbe ijabọ lati ọdọ Ogun kan si ekeji?
Awọn aṣayan meji wa:
- Tọju alaye nipa gbogbo awọn VNI lori gbogbo awọn iyipada bunkun, lẹhinna gbogbo ipa-ọna yoo waye lori Ewe akọkọ ni nẹtiwọọki;
- Lo igbẹhin - L3 VNI
Ọna akọkọ jẹ rọrun ati rọrun. Niwọn igba ti o nilo lati bẹrẹ gbogbo awọn VNI lori gbogbo awọn iyipada bunkun. Bibẹẹkọ, ṣiṣe awọn ọgọọgọrun diẹ tabi ẹgbẹẹgbẹrun VNI lori gbogbo Ewe naa ko dabi iṣẹ ṣiṣe ti o rọrun. Nitorina, ninu iṣẹ ti o ti lo oyimbo ṣọwọn.
A yoo ṣe itupalẹ ọna 2, bi iwunilori diẹ sii ati diẹ sii idiju, ṣugbọn fifun ni irọrun diẹ sii ni siseto ile-iṣẹ naa.
Jẹ ki a ṣafikun “PROD” si topology VRF. Jẹ ki ká fi ni wiwo vlan 10 si o lori bunkun-11/12 bata ati wiwo VLAN 20 on bunkun-21. VLAN 20 ni nkan ṣe pẹlu VNI 20000
vrf context PROD
rd auto ! Route Distinguisher не принципиален и можем использовать сформированный автоматически
address-family ipv4 unicast
route-target both auto ! указываем Route-target с которым будут импортироваться и экспортироваться префиксы в/из VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayLati le lo L3VNI, o nilo lati ṣẹda VLAN tuntun kan, ṣepọ pẹlu VNI tuntun. VNI tuntun gbọdọ jẹ kanna lori gbogbo Awọn ewe ti o nifẹ si alaye VLAN 10 ati 20.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Создаем L3 VNI
vrf context PROD
vni 99000 ! Привязываем L3 VNI к определенному VRFBi abajade, aworan naa yoo dabi eyi:
O wa lati pari diẹ - ṣafikun wiwo diẹ sii - wiwo vlan 99 ni VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! На интерфейсе не должно быть IP. Используется только для пересылки пакетов между LeafBi abajade, ọgbọn ti gbigbe fireemu lati Host-1 si Gbalejo-2 jẹ bi atẹle:
- A fireemu rán nipa Host-1 de lori kan bunkun ni VLAN 10, eyi ti o ni nkan ṣe pẹlu VNI 10000;
- Iwe sọwedowo ibi ti adirẹsi ibi ti o wa ati rii nipasẹ L3 VNI lori iyipada Ewe keji;
- Ni kete ti ipa ọna si adirẹsi ibi ti o nlo, Ewe naa ṣajọ fireemu naa sinu akọsori kan pẹlu L3VNI 99000 pataki - o si firanṣẹ si ọna Ewe keji;
- Yipada Ewe keji gba data lati L3VNI 99000. Gba fireemu atilẹba ati gbe lọ si L2VNI 20000 ti o nilo ati lẹhinna si VLAN 20.
Bi abajade iṣẹ yii, L3VNI yọ iwulo lati tọju alaye nipa gbogbo awọn VNI ti o wa lori nẹtiwọọki lori gbogbo awọn iyipada bunkun.
Bi abajade, nigba ti a ba fi ijabọ ranṣẹ lati Host-1 si Host-2, apo-iwe naa ti wa ninu VxLAN pẹlu VNI titun - 99000:
O wa lati rii bii gangan Leaf-1 ṣe kọ ẹkọ nipa adirẹsi MAC lati ọdọ VNI miiran. Eyi tun ṣẹlẹ pẹlu iranlọwọ ti EVPN ipa-iru 2 (MAC / IP).
Atẹle yii ṣe afihan ilana ti ikede ipa-ọna kan nipa asọtẹlẹ ti o wa ni VNI miiran:
Iyẹn ni, awọn adirẹsi ti a gba lati VNI 20000 ni awọn RT meji.
Jẹ ki n leti pe awọn ipa-ọna ti o gba lati Imudojuiwọn ṣubu sinu tabili BGP pẹlu ibi-afẹde ipa-ọna pato ninu awọn eto VRF (ilana jẹ idiju diẹ sii, ṣugbọn a kii yoo lọ sinu nkan yii).
RT funrararẹ jẹ agbekalẹ nipasẹ agbekalẹ: AS: VNI (ti o ba lo ipo aifọwọyi).
Apeere ti iṣeto RT ni aifọwọyi ati awọn ipo afọwọṣe:
vrf context PROD
address-family ipv4 unicast
route-target import auto - автоматический режим работы
route-target export 65001:20000 - ручной режим формирования RTBi abajade, o le rii loke pe awọn asọtẹlẹ lati VNI miiran ni awọn iye RT meji.
Ọkan ninu wọn 65001: 99000 jẹ afikun L3 VNI. Niwọn igba ti VNI yii jẹ kanna lori gbogbo Awọn ewe ti o ṣubu labẹ awọn ofin agbewọle wa ni awọn eto VRF, ìpele n wọle sinu tabili BGP, eyiti o le rii lati iṣelọpọ:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! Префикс полученный из VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iTi a ba wo diẹ sii ni pẹkipẹki imudojuiwọn ti o gba, a le rii pe asọtẹlẹ yii ni awọn RT meji:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! Два label для работы VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! Два значения Route-target, на основе, которых добавили данный префикс
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>Ninu tabili afisona lori Leaf-1, o tun le wo ìpele 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! Адрес Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! Доступный через Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Через VNI 99000Ṣe akiyesi ìpele akọkọ ti o padanu 192.168.20.0/24 ninu tabili afisona?
Iyẹn tọ, ko si nibẹ. Iyẹn ni, Awọn ewe jijin gba alaye nikan nipa awọn ogun ti o wa lori nẹtiwọọki rẹ. Ati pe eyi ni ihuwasi ti o tọ. Loke, ni gbogbo awọn imudojuiwọn, o le rii pe alaye wa pẹlu akoonu MAC / IP. Ko si awọn ami-iṣaaju lati sọrọ nipa.
Eyi ni Ilana Alakoso Iṣipopada Gbalejo (HMM), eyiti o kun tabili ARP lati eyiti tabili BGP ti kun siwaju (a yoo fi ilana yii silẹ laarin ilana ti nkan yii). Da lori alaye ti o gba lati ọdọ HMM, iru-ọna 2 EVPN ti wa ni akoso (ti a gbejade nipasẹ MAC / IP).
Sibẹsibẹ, kini ti iwulo ba wa lati kọja alaye nipa asọtẹlẹ kan?
Fun iru alaye yii, iru-ọna EVPN wa-Iru 5 - o fun ọ laaye lati firanṣẹ awọn ami-iṣaaju nipasẹ adirẹsi-ẹbi l2vpn evpn (iru ipa-ọna yii ni akoko kikọ yii jẹ nikan ni ẹya yiyan , Nitori eyi, awọn aṣelọpọ oriṣiriṣi le ni ihuwasi oriṣiriṣi ti iru ipa-ọna yii)
Lati gbe awọn ami-iṣaaju, o jẹ dandan lati ṣafikun awọn ami-iṣaaju ninu ilana BGP fun VRF, eyiti yoo ṣe ipolowo:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! В данном случае анонсируем префиксы подключение непосредственно к Leaf в VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Указываем какой использовать prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Указываем какие сети будут попадать в EVPN route-type 5Bi abajade, imudojuiwọn yoo jẹ:
Jẹ ki a wo tabili BGP. Ni afikun si EVPN-iru-iru 2,3, iru awọn ipa-ọna 5 ti han ti o ni alaye nipa nọmba nẹtiwọki:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 с номером префикса
10.255.1.10 0 100 0 ?
* i
<.......> Ipele tun han ninu tabili ipa ọna:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Удаленный префикс, доступный через Leaf1/2(адрес Next-hop = virtual IP между парой VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! Префикс доступен через L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmEyi pari apakan keji ti lẹsẹsẹ awọn nkan lori VxLAN EVPN. Ni apakan ti nbọ, a yoo gbero ọpọlọpọ awọn aṣayan fun ipa-ọna laarin awọn VRF.
orisun: www.habr.com