Sawubona, Habr. Ngiqhubeka nochungechunge lwami lwezihloko ze-VxLAN EVPN ubuchwepheshe, okuyinto zibhalelwe ukwethulwa kwezifundo ngu-OTUSNamuhla, sizobheka isici esithakazelisayo somsebenzi: umzila. Njengoba kungase kuzwakale kuncane, ngaphakathi komongo wendwangu yenethiwekhi, izinto zingaba yinkimbinkimbi kakhulu.
Esigabeni esidlule, sizuze isizinda esisodwa sokusakaza esakhelwe phezu kwendwangu yenethiwekhi ku-Nexus 9000v. Nokho, lokhu kukude nohlu oluphelele lwemisebenzi edinga ukubhekwana nayo ngaphakathi kwenethiwekhi yesikhungo sedatha. Namuhla, sizocubungula inselele elandelayo: umzila phakathi kwamanethiwekhi noma phakathi kwama-VNI.
Ake ngikukhumbuze ukuthi i-Spine-Leaf topology isetshenziswa:
Okokuqala, ake sibheke ukuthi umzila usebenza kanjani nokuthi ziyini izici zakhona.
Ukuze uthole ukucaca, masenze lula umdwebo we-logic futhi sengeze enye i-VNI 20000 ye-Host-2. Umphumela uthi:
Ungayidlulisela kanjani ithrafikhi isuka ku-Host eyodwa iye kwenye kuleli cala?
Kunezinketho ezimbili:
- Wonke ama-Leaf switches kufanele aqukathe ulwazi mayelana nawo wonke ama-VNI, khona-ke wonke umzila uzokwenzeka kuLeaf lokuqala kunethiwekhi;
- Sebenzisa i-L3 VNI ezinikele
Indlela yokuqala ilula futhi ifanelekile, njengoba idinga kuphela ukwabela wonke ama-VNI kuwo wonke amaswishi Amaqabunga. Kodwa-ke, ukwabela amakhulu ambalwa noma izinkulungwane zama-VNI kuwo wonke ama-Leaf switch akusewona umsebenzi olula. Ngakho-ke, akuvamile ukusetshenziswa ekukhiqizeni.
Ake sibheke indlela yesi-2, ethakazelisa kakhulu futhi eyinkimbinkimbi kakhudlwana, kodwa inikeza ukuguquguquka okukhulu ekumiseni ifektri.
Ake sengeze i-"PROD" VRF ku-topology. Sizongeza isixhumi esibonakalayo se-VLAN 10 kubhangqa leLeaf-11/12 kanye nesixhumi esibonakalayo se-VLAN 20 kuya kuLeaf-21. Sizohlobanisa i-VLAN 20 ne-VNI 20000.
vrf context PROD
rd auto ! Route Distinguisher Π½Π΅ ΠΏΡΠΈΠ½ΡΠΈΠΏΠΈΠ°Π»Π΅Π½ ΠΈ ΠΌΠΎΠΆΠ΅ΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ
address-family ipv4 unicast
route-target both auto ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ Route-target Ρ ΠΊΠΎΡΠΎΡΡΠΌ Π±ΡΠ΄ΡΡ ΠΈΠΌΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΈ ΡΠΊΡΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΏΡΠ΅ΡΠΈΠΊΡΡ Π²/ΠΈΠ· VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayUkuze usebenzise i-L3VNI, udinga ukudala i-VLAN entsha bese uyihlobanisa ne-VNI entsha. I-VNI entsha kufanele ifane kuwo wonke Amaqabunga anentshisekelo olwazini lwe-VLAN 10 no-20.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ L3 VNI
vrf context PROD
vni 99000 ! ΠΡΠΈΠ²ΡΠ·ΡΠ²Π°Π΅ΠΌ L3 VNI ΠΊ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌΡ VRFNgenxa yalokho, umdwebo uzobukeka kanje:
Sekusele kancane ukwenze - engeza esinye isixhumi esibonakalayo - isikhombimsebenzisi se-vlan 99 ku-VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! ΠΠ° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅ Π½Π΅ Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ IP. ΠΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ ΡΠΎΠ»ΡΠΊΠΎ Π΄Π»Ρ ΠΏΠ΅ΡΠ΅ΡΡΠ»ΠΊΠΈ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ² ΠΌΠ΅ΠΆΠ΄Ρ LeafNjengomphumela, i-logic yokudluliswa kohlaka kusuka ku-Host-1 kuya ku-Host-2 imi kanje:
- Uhlaka oluthunyelwe ngu-Host-1 lufika eLeaf ku-VLAN 10, ehlotshaniswa ne-VNI 10000;
- Iqabunga lihlola ukuthi ikheli lendawo likuphi bese liyithola nge-L3 VNI kuswishi yeLeaf yesibili;
- Uma indlela eya endaweni okuyiwa kuyo isitholiwe, Iqabunga lipakisha ifreyimu ibe unhlokweni nge-L3VNI 99000 edingekayo bese ilithumela ngaseLeaf lesibili;
- Iswishi yesibili ye-Leaf ithola idatha esuka ku-L3VNI 99000. Ikhipha uhlaka lwangempela futhi iyidlulisele ku-L2VNI 20000 edingekayo bese iba ku-VLAN 20.
Njengomphumela walo msebenzi, i-L3VNI iqeda isidingo sokugcina ulwazi mayelana nawo wonke ama-VNI kunethiwekhi kuwo wonke ama-switch switch.
Njengomphumela, lapho sithumela ithrafikhi kusuka ku-Host-1 kuya ku-Host-2, iphakethe ligcwele ngaphakathi kwe-VxLAN nge-VNI entsha - 99000:
Kusazobonakala ukuthi iLeaf-1 ifunda kanjani ikheli le-MAC kwenye i-VNI. Lokhu futhi kwenzeka kusetshenziswa i-EVPN-route-type 2 (MAC/IP).
Inqubo yokusabalalisa umzila mayelana nesiqalo esitholakala ku-VNI ehlukile iboniswa ngezansi:
Okusho ukuthi, amakheli atholwe ku-VNI 20000 anama-RT amabili.
Ake ngikukhumbuze ukuthi imizila etholwe kusukela ku-Update yengezwe kuthebula le-BGP nge-Route-target ecaciswe kuzilungiselelo ze-VRF (inqubo iyinkimbinkimbi kakhulu, kodwa ngeke singene ngemininingwane kulesi sihloko).
I-RT ngokwayo yakheka ngokwefomula: AS:VNI (uma imodi ezenzakalelayo isetshenziswa).
Isibonelo sokwakheka kwe-RT kumodi ezenzakalelayo neyemanuwali:
vrf context PROD
address-family ipv4 unicast
route-target import auto - Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠ°Π±ΠΎΡΡ
route-target export 65001:20000 - ΡΡΡΠ½ΠΎΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΡ RTNjengomphumela, ungabona ngenhla ukuthi iziqalo ezivela kwenye i-VNI zinamanani amabili e-RT.
Enye yazo, 65001:99000, iyi-L3 VNI eyengeziwe. Njengoba le VNI ifana kuwo wonke Amaqabunga futhi ifanisa nemithetho yethu yokungenisa kuzilungiselelo ze-VRF, isiqalo sifakwe kuthebula le-BGP, njengoba kungabonakala kokuphumayo:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! ΠΡΠ΅ΡΠΈΠΊΡ ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΉ ΠΈΠ· VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iUma sibhekisisa kakhudlwana isibuyekezo esitholiwe, singabona ukuthi lesi siqalo sinama-RT amabili:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! ΠΠ²Π° label Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! ΠΠ²Π° Π·Π½Π°ΡΠ΅Π½ΠΈΡ Route-target, Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅, ΠΊΠΎΡΠΎΡΡΡ
Π΄ΠΎΠ±Π°Π²ΠΈΠ»ΠΈ Π΄Π°Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>Kuthebula lomzila kuLeaf-1 ungakwazi futhi ukubona isiqalo 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! ΠΠ΄ΡΠ΅Ρ Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! ΠΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Π§Π΅ΡΠ΅Π· VNI 99000Uqaphele ukungabikho kwesiqalo esiyinhloko 192.168.20.0/24 kuthebula lomzila?
Impela, ayikho lapho. Okusho ukuthi, i-remote Leafs ithola kuphela ulwazi mayelana nabasingathi kunethiwekhi yakho. Futhi lokhu ukuziphatha okulungile. Kuzo zonke izibuyekezo ezingenhla, ungabona ukuthi ulwazi olutholiwe luqukethe ulwazi lwe-MAC/IP. Akukho okukhulunywa ngakho nganoma yiziphi iziqalo.
Lona umsebenzi wephrothokholi ye-Host Mobility Manager (HMM), egcwalisa ithebula le-ARP, elibese ligcwalisa ithebula le-BGP (sizokweqa le nqubo ngezinjongo zalesi sihloko). Ngokusekelwe kulwazi olutholwe ku-HMM, i-EVPN yohlobo lomzila 2 (i-MAC/IP iyadluliselwa) iyakhiqizwa.
Nokho, yini okufanele uyenze uma kunesidingo sokudlulisa ulwazi mayelana nesiqalo esithile?
Ngalolu hlobo lolwazi, kukhona i-EVPN yohlobo lomzila 5 - ikuvumela ukuthi udlulise iziqalo ngekheli-umndeni l2vpn evpn (ngesikhathi sokubhala lolu hlobo lomzila lusenguqulo yokusalungiswa kuphela) , ngenxa yalokhu, abakhiqizi abahlukene bangase babe nokuziphatha okuhlukile lapho besebenza nalolu hlobo lomzila)
Ukuze udlulise iziqalo, kuyadingeka ukwengeza iziqalo ezizomenyezelwa kunqubo ye-BGP ye-VRF:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! Π Π΄Π°Π½Π½ΠΎΠΌ ΡΠ»ΡΡΠ°Π΅ Π°Π½ΠΎΠ½ΡΠΈΡΡΠ΅ΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΡ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π½Π΅ΠΏΠΎΡΡΠ΅Π΄ΡΡΠ²Π΅Π½Π½ΠΎ ΠΊ Leaf Π² VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΎΠΉ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΈΠ΅ ΡΠ΅ΡΠΈ Π±ΡΠ΄ΡΡ ΠΏΠΎΠΏΠ°Π΄Π°ΡΡ Π² EVPN route-type 5Ngenxa yalokho, Isibuyekezo sizoqukatha:
Ake sibheke ithebula le-BGP. Ngokungeziwe ezinhlotsheni zomzila we-EVPN 2 no-3, thayipha imizila emi-5, equkethe imininingwane yenombolo yenethiwekhi:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΠ°
10.255.1.10 0 100 0 ?
* i
<.......> Isiqalo siphinde savela kuthebula lomzila:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ, Π΄ΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf1/2(Π°Π΄ΡΠ΅Ρ Next-hop = virtual IP ΠΌΠ΅ΠΆΠ΄Ρ ΠΏΠ°ΡΠΎΠΉ VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! ΠΡΠ΅ΡΠΈΠΊΡ Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅ΡΠ΅Π· L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmLokhu kuphetha ingxenye yesibili yochungechunge lwethu ku-VxLAN EVPN. Engxenyeni elandelayo, sizobheka izinketho ezahlukene zomzila phakathi kwama-VRF.
Source: www.habr.com
