Hey Habr. Ngiqhubeka nochungechunge lwezihloko ze-VxLAN EVPN ubuchwepheshe, okuyinto zibhalelwe ukwethulwa kwezifundo ngu-OTUS. Futhi namuhla sizocabangela ingxenye ethakazelisayo yemisebenzi - umzila. Kungakhathaliseki ukuthi kungase kuzwakale kangakanani, noma kunjalo, njengengxenye yomsebenzi wefekthri yenethiwekhi, konke kungase kungabi lula kangako.
Engxenyeni yokugcina, sizuze isizinda esisodwa sokusakaza esakhelwe phezu kwendwangu yenethiwekhi ku-Nexus 9000v. Nokho, lokhu akulona lonke uhla lwemisebenzi okudingeka ixazululwe ngaphakathi kohlaka lwenethiwekhi yesikhungo sedatha. Futhi namuhla sizocabangela umsebenzi olandelayo - umzila phakathi kwamanethiwekhi noma phakathi kwe-VNIs.
Ake ngikukhumbuze ukuthi i-Spine-Leaf topology isetshenziswa:
Okokuqala, sizohlaziya ukuthi umzila wenziwa kanjani nokuthi inaziphi izici.
Ukuze siqonde, masenze lula umdwebo we-logic futhi sengeze enye i-VNI 20000 ye-Host-2. Umphumela uthi:
Kulesi simo, ungayidlulisela kanjani i-traffic isuka ku-Host eyodwa iye kwenye?
Kunezinketho ezimbili:
- Gcina ulwazi mayelana nawo wonke ama-VNI kuwo wonke ama-Leaf switch, khona-ke wonke umzila uzokwenzeka kuLeaf lokuqala kunethiwekhi;
- Sebenzisa okunikezelwe - L3 VNI
Indlela yokuqala ilula futhi elula. Njengoba udinga kuphela ukuqala wonke ama-VNI kuwo wonke ama-Leaf switch. Nokho, ukusebenzisa amakhulu ambalwa noma izinkulungwane zama-VNI kulo lonke Iqabunga akusabonakali njengomsebenzi olula. Ngakho-ke, emsebenzini isetshenziswa kakhulu kuyaqabukela.
Sizohlaziya indlela yesi-2, njengethakazelisa kakhulu futhi eyinkimbinkimbi, kodwa enikeza ukuguquguquka okwengeziwe ekusetheni ifekthri.
Ake sengeze "PROD" ku-VRF topology. Ake sengeze isikhombimsebenzisi i-vlan 10 kuso kubhangqa leLeaf-11/12 kanye nesixhumi esibonakalayo se-VLAN 20 kuLeaf-21. I-VLAN 20 ihlotshaniswa ne-VNI 20000
vrf context PROD
rd auto ! Route Distinguisher Π½Π΅ ΠΏΡΠΈΠ½ΡΠΈΠΏΠΈΠ°Π»Π΅Π½ ΠΈ ΠΌΠΎΠΆΠ΅ΠΌ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ ΡΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½Π½ΡΠΉ Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈ
address-family ipv4 unicast
route-target both auto ! ΡΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ Route-target Ρ ΠΊΠΎΡΠΎΡΡΠΌ Π±ΡΠ΄ΡΡ ΠΈΠΌΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΈ ΡΠΊΡΠΏΠΎΡΡΠΈΡΠΎΠ²Π°ΡΡΡΡ ΠΏΡΠ΅ΡΠΈΠΊΡΡ Π²/ΠΈΠ· VRF
vlan 20
vn-segment 20000
interface nve 1
member vni 20000
ingress-replication protocol bgp
interface Vlan10
no shutdown
vrf member PROD
ip address 192.168.20.1/24
fabric forwarding mode anycast-gatewayUkuze usebenzise i-L3VNI, udinga ukudala i-VLAN entsha, uyihlobanise ne-VNI entsha. I-VNI entsha kufanele ifane kuwo wonke Amaqabunga anentshisekelo kulwazi lwe-VLAN 10 no-20.
vlan 99
vn-segment 99000
interface nve1
member vni 99000 associate-vrf ! Π‘ΠΎΠ·Π΄Π°Π΅ΠΌ L3 VNI
vrf context PROD
vni 99000 ! ΠΡΠΈΠ²ΡΠ·ΡΠ²Π°Π΅ΠΌ L3 VNI ΠΊ ΠΎΠΏΡΠ΅Π΄Π΅Π»Π΅Π½Π½ΠΎΠΌΡ VRFNgenxa yalokho, umdwebo uzobukeka kanje:
Kusele ukuqeda kancane - engeza esinye isixhumi esibonakalayo - isikhombimsebenzisi se-vlan 99 ku-VRF PROD
interface Vlan99
no shutdown
vrf member PROD
ip forward ! ΠΠ° ΠΈΠ½ΡΠ΅ΡΡΠ΅ΠΉΡΠ΅ Π½Π΅ Π΄ΠΎΠ»ΠΆΠ½ΠΎ Π±ΡΡΡ IP. ΠΡΠΏΠΎΠ»ΡΠ·ΡΠ΅ΡΡΡ ΡΠΎΠ»ΡΠΊΠΎ Π΄Π»Ρ ΠΏΠ΅ΡΠ΅ΡΡΠ»ΠΊΠΈ ΠΏΠ°ΠΊΠ΅ΡΠΎΠ² ΠΌΠ΅ΠΆΠ΄Ρ LeafNjengomphumela, ingqondo yokudlulisa uhlaka ukusuka ku-Host-1 kuya ku-Host-2 imi kanje:
- Uhlaka oluthunyelwe ngu-Host-1 lufika ku-Leaf ku-VLAN 10, ehlotshaniswa ne-VNI 10000;
- Iqabunga lihlola ukuthi ikheli lendawo likuphi bese liyithola nge-L3 VNI kuswishi yeLeaf yesibili;
- Ngokushesha nje lapho umzila oya ekhelini lendawo utholakala, iLeaf ipakisha ifreyimu ibe unhlokweni nge-L3VNI 99000 edingekayo - futhi iyithumele ngaseLeaf lesibili;
- Iswishi yesibili ye-Leaf ithola idatha esuka ku-L3VNI 99000. Ithola uhlaka lwangempela futhi iyidlulisele ku-L2VNI 20000 edingekayo bese iba ku-VLAN 20.
Njengomphumela walo msebenzi, i-L3VNI isusa isidingo sokugcina ulwazi mayelana nawo wonke ama-VNI akunethiwekhi kuwo wonke ama-switch weLeaf.
Njengomphumela, lapho sithumela ithrafikhi kusuka ku-Host-1 kuya ku-Host-2, iphakethe ligcwele ngaphakathi kwe-VxLAN nge-VNI entsha - 99000:
Kusazobonakala ukuthi iLeaf-1 ifunda kanjani ngekheli le-MAC kwenye i-VNI. Lokhu futhi kwenzeka ngosizo lwe-EVPN yohlobo 2 lomzila (MAC/IP).
Okulandelayo kubonisa inqubo yokusabalalisa umzila mayelana nesiqalo esikwenye i-VNI:
Okungukuthi, amakheli atholwe ku-VNI 20000 anama-RT amabili.
Ake ngikukhumbuze ukuthi imizila etholwe ku-Update iwela kuthebula le-BGP nge-Route-thaget ecaciswe kuzilungiselelo ze-VRF (inqubo iyinkimbinkimbi kakhulu, kodwa ngeke siye kulesi sihloko).
I-RT ngokwayo yakhiwe ifomula: AS:VNI (uma imodi ezenzakalelayo isetshenziswa).
Isibonelo sokwakheka kwe-RT kumamodi othomathikhi nawemanuwali:
vrf context PROD
address-family ipv4 unicast
route-target import auto - Π°Π²ΡΠΎΠΌΠ°ΡΠΈΡΠ΅ΡΠΊΠΈΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠ°Π±ΠΎΡΡ
route-target export 65001:20000 - ΡΡΡΠ½ΠΎΠΉ ΡΠ΅ΠΆΠΈΠΌ ΡΠΎΡΠΌΠΈΡΠΎΠ²Π°Π½ΠΈΡ RTNjengomphumela, ungabona ngenhla ukuthi iziqalo ezivela kwenye i-VNI zinamanani amabili e-RT.
Enye yazo 65001:99000 iyi-L3 VNI eyengeziwe. Njengoba le VNI ifana kuwo wonke Amaqabunga futhi iwela ngaphansi kwemithetho yethu yokungenisa kuzilungiselelo ze-VRF, isiqalo singena kuthebula le-BGP, elingabonakala kokuphumayo:
sh bgp l2vpn evpn
<.....>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:32777 (L2VNI 10000)
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 32768 i
*>l[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 32768 i
*>l[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 32768 i
Route Distinguisher: 10.255.1.21:32787
* i[2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.20]/272 ! ΠΡΠ΅ΡΠΈΠΊΡ ΠΏΠΎΠ»ΡΡΠ΅Π½Π½ΡΠΉ ΠΈΠ· VNI 20000
10.255.1.20 100 0 i
*>i 10.255.1.20 100 0 iUma sibhekisisa kakhudlwana isibuyekezo esitholiwe, singabona ukuthi lesi siqalo sinama-RT amabili:
Leaf11# sh bgp l2vpn evpn 5001.0008.0007
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 10.255.1.21:32787
BGP routing table entry for [2]:[0]:[0]:[48]:[5001.0008.0007]:[32]:[192.168.20.2
0]/272, version 5164
Paths: (2 available, best #2)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not i
n HW
Path type: internal, path is valid, not best reason: Neighbor Address, no labeled nexthop
AS-Path: NONE, path sourced internal to AS
10.255.1.20 (metric 81) from 10.255.1.102 (10.255.1.102)
Origin IGP, MED not set, localpref 100, weight 0
Received label 20000 99000 ! ΠΠ²Π° label Π΄Π»Ρ ΡΠ°Π±ΠΎΡΡ VxLAN
Extcommunity: RT:65001:20000 RT:65001:99000 SOO:10.255.1.20:0 ENCAP:8 ! ΠΠ²Π° Π·Π½Π°ΡΠ΅Π½ΠΈΡ Route-target, Π½Π° ΠΎΡΠ½ΠΎΠ²Π΅, ΠΊΠΎΡΠΎΡΡΡ
Π΄ΠΎΠ±Π°Π²ΠΈΠ»ΠΈ Π΄Π°Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ
Router MAC:5001.0005.0007
Originator: 10.255.1.21 Cluster list: 10.255.1.102
<......>Kuthebula lomzila kuLeaf-1, ungabona futhi isiqalo 192.168.20.20/32:
Leaf11# sh ip route vrf PROD
192.168.10.0/24, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, direct
192.168.10.1/32, ubest/mbest: 1/0, attached
*via 192.168.10.1, Vlan10, [0/0], 01:29:28, local
192.168.10.10/32, ubest/mbest: 1/0, attached
*via 192.168.10.10, Vlan10, [190/0], 01:27:22, hmm
192.168.20.20/32, ubest/mbest: 1/0 ! ΠΠ΄ΡΠ΅Ρ Host-2
*via 10.255.1.20%default, [200/0], 01:20:20, bgp-65001, internal, tag 65001 ! ΠΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf-2
(evpn) segid: 99000 tunnelid: 0xaff0114 encap: VXLAN ! Π§Π΅ΡΠ΅Π· VNI 99000Qaphela isiqalo esiyinhloko esingekho 192.168.20.0/24 kuthebula lomzila?
Kunjalo, akekho. Okusho ukuthi, i-remote Leafs ithola ulwazi mayelana nabasingathi abakunethiwekhi yakho kuphela. Futhi lokhu ukuziphatha okulungile. Ngenhla, kuzo zonke izibuyekezo, ungabona ukuthi imininingwane iza nokuqukethwe kwe-MAC / IP. Azikho iziqalo okungakhulunywa ngazo.
Lena iphrothokholi ye-Host Mobility Manager (HMM), egcwalisa ithebula le-ARP lapho ithebula le-BGP liphinde ligcwaliswe (sizoyiyeka le nqubo ngaphakathi kohlaka lwalesi sihloko). Ngokusekelwe olwazini olutholwe ku-HMM, ama-EVPN ohlobo 2 womzila ayakhiwa (ahanjiswe yi-MAC/IP).
Nokho, kuthiwani uma kunesidingo sokudlulisa ulwazi mayelana nesiqalo?
Ngalolu hlobo lolwazi, kukhona i-EVPN yohlobo lwe-5 - ikuvumela ukuthi uthumele iziqalo ngekheli-umndeni l2vpn evpn (lolu hlobo lomzila ngesikhathi salokhu kubhalwa lukunguqulo yokusalungiswa kuphela , ngenxa yalokhu, abakhiqizi abahlukene bangase babe nokuziphatha okuhlukile kwalolu hlobo lomzila)
Ukudlulisa iziqalo, kuyadingeka ukwengeza iziqalo kunqubo ye-BGP ye-VRF, ezokhangiswa:
router bgp 65001
vrf PROD
address-family ipv4 unicast
redistribute direct route-map VNI20000 ! Π Π΄Π°Π½Π½ΠΎΠΌ ΡΠ»ΡΡΠ°Π΅ Π°Π½ΠΎΠ½ΡΠΈΡΡΠ΅ΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΡ ΠΏΠΎΠ΄ΠΊΠ»ΡΡΠ΅Π½ΠΈΠ΅ Π½Π΅ΠΏΠΎΡΡΠ΅Π΄ΡΡΠ²Π΅Π½Π½ΠΎ ΠΊ Leaf Π² VNI 20000
route-map VNI20000 permit 10
match ip address prefix-list VNI20000_OUT ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΎΠΉ ΠΈΡΠΏΠΎΠ»ΡΠ·ΠΎΠ²Π°ΡΡ prefix-list
ip prefix-list VNI20000_OUT seq 5 permit 192.168.20.0/24 ! Π£ΠΊΠ°Π·ΡΠ²Π°Π΅ΠΌ ΠΊΠ°ΠΊΠΈΠ΅ ΡΠ΅ΡΠΈ Π±ΡΠ΄ΡΡ ΠΏΠΎΠΏΠ°Π΄Π°ΡΡ Π² EVPN route-type 5Ngenxa yalokho, isibuyekezo sizoba:
Ake sibheke ithebula le-BGP. Ngokungeziwe kuhlobo lomzila we-EVPN 2,3, thayipha imizila emi-5 equkethe ulwazi mayelana nenombolo yenethiwekhi:
<......>
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10.255.1.11:3
* i[5]:[0]:[0]:[24]:[192.168.10.0]/224
10.255.1.10 0 100 0 ?
*>i 10.255.1.10 0 100 0 ?
Route Distinguisher: 10.255.1.11:32777
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[0]:[0.0.0.0]/216
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[2]:[0]:[0]:[48]:[5001.0007.0007]:[32]:[192.168.10.10]/272
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
* i[3]:[0]:[32]:[10.255.1.10]/88
10.255.1.10 100 0 i
*>i 10.255.1.10 100 0 i
Route Distinguisher: 10.255.1.12:3
*>i[5]:[0]:[0]:[24]:[192.168.10.0]/224 ! EVPN route-type 5 Ρ Π½ΠΎΠΌΠ΅ΡΠΎΠΌ ΠΏΡΠ΅ΡΠΈΠΊΡΠ°
10.255.1.10 0 100 0 ?
* i
<.......> Isiqalo siphinde savela kuthebula lomzila:
Leaf21# sh ip ro vrf PROD
192.168.10.0/24, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 00:14:32, bgp-65001, internal, tag 65001 ! Π£Π΄Π°Π»Π΅Π½Π½ΡΠΉ ΠΏΡΠ΅ΡΠΈΠΊΡ, Π΄ΠΎΡΡΡΠΏΠ½ΡΠΉ ΡΠ΅ΡΠ΅Π· Leaf1/2(Π°Π΄ΡΠ΅Ρ Next-hop = virtual IP ΠΌΠ΅ΠΆΠ΄Ρ ΠΏΠ°ΡΠΎΠΉ VPC)
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN ! ΠΡΠ΅ΡΠΈΠΊΡ Π΄ΠΎΡΡΡΠΏΠ΅Π½ ΡΠ΅ΡΠ΅Π· L3VNI 99000
192.168.10.10/32, ubest/mbest: 1/0
*via 10.255.1.10%default, [200/0], 02:33:40, bgp-65001, internal, tag 65001
(evpn) segid: 99000 tunnelid: 0xaff010a encap: VXLAN
192.168.20.0/24, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, direct
192.168.20.1/32, ubest/mbest: 1/0, attached
*via 192.168.20.1, Vlan20, [0/0], 02:39:44, local
192.168.20.20/32, ubest/mbest: 1/0, attached
*via 192.168.20.20, Vlan20, [190/0], 02:35:46, hmmLokhu kuphetha ingxenye yesibili yochungechunge lwama-athikili ku-VxLAN EVPN. Engxenyeni elandelayo, sizocubungula izinketho ezahlukahlukene zomzila phakathi kwama-VRF.
Source: www.habr.com