MP-BGP EVPN 컨트롤 플레인으로 VXLAN 구성 및 확인
소개
이 문서에서는 MP-BGP EVPN 컨트롤 플레인을 사용하는 VXLAN 컨피그레이션에 대해 설명합니다.
사전 요구 사항
요구 사항
다음 주제에 대한 지식을 보유하고 있으면 유용합니다.
- MPLS 레이어 3 VPN
- MP-BGP도 도움이 됩니다.
사용되는 구성 요소
이 문서는 특정 소프트웨어 및 하드웨어 버전으로 한정되지 않습니다.
이 문서의 정보는 특정 랩 환경의 디바이스를 토대로 작성되었습니다. 이 문서에 사용된 모든 디바이스는 초기화된(기본) 컨피그레이션으로 시작되었습니다. 현재 네트워크가 작동 중인 경우 모든 명령의 잠재적인 영향을 미리 숙지하시기 바랍니다.
배경 정보
또한 이 문서에서는 검증 및 이해를 돕기 위해 샘플 네트워크 시나리오 및 관련 출력이 포함된 해당 컨피그레이션을 보여줍니다.
VXLAN은 네트워크 가상화를 제공하도록 설계되었습니다. UDP 캡슐화의 MAC입니다. 레이어 2 인프라는 레이어 3 언더레이 네트워크로 확장되어 데이터센터에서 서버의 물리적 및 지리적 위치에 의존하지 않는 간소화된 서비스를 제공합니다.
이 문서에서는 MP-BGP EVPN 컨트롤 플레인을 사용하는 VXLAN에 대해 설명합니다. 이는 오버레이 인프라에서 업데이트를 보내고 받기 위해 BGP 프로토콜이 사용됨을 의미합니다.
STP를 사용한 기존 네트워크 구축에서는 일부 업링크가 영구적으로 차단되었습니다. VXLAN 설계에서는 모든 업링크가 작동하며, 언더레이 인프라가 IP 네트워크이므로 ECMP가 활용됩니다.
모든 세부 사항에 대한 논의는 이 문서의 범위를 벗어나지만 몇 가지 중요한 용어가 아래에 나와 있습니다.
VXLAN - 가상 확장 LAN
MP-BGP - 다중 프로토콜 BGP
EVPN - 이더넷 VPN
VTEP - 가상 터널 엔드포인트 잎이라고도 합니다. 이는 패킷이 캡슐화되고 역캡슐화되는 위치입니다.
Spine - MPLS L3 VPN의 Route-Reflector와 매우 유사합니다. 이 디바이스는 하나의 VTEP에서 업데이트를 가져와 다른 VTEP로 전달합니다.
VNI - VXLAN 네트워크 식별자. 이는 주로 층-2 경계들에 대한 격리를 제공하는 데 사용된다. 이 필드의 길이는 24비트이므로 기존 VLAN의 범위 제한을 극복합니다. VTEP의 VNI는 기존 VLAN에 매핑됩니다. 이에 대해서는 나중에 설명합니다.
구성
네트워크 다이어그램
표시된 이미지는 컨피그레이션 및 검증 측면에 사용됩니다. VXLAN 인프라의 관점에서 비vpc, vpc, intra-vni, inter-vni 및 외부 연결 컨피그레이션을 다룹니다.
설정
VTEP1
! Enabling features
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature vpc
feature nv overlay
!
fabric forwarding anycast-gateway-mac 0001.0001.0001 ! This is needed for seamless VM mobility across VTEPS,this configuration is same on all VTEPS.
ip pim rp-address 192.168.9.9 group-list 224.0.0.0/4 ! SPINE is the RP.
!
ip pim ssm range 232.0.0.0/8
!
vlan 1,10,30,40,100,200
!
vlan 10 ! VLAN 10 is used as layer3 VNI to route Inter-VNI traffic.
name L3-VNI-VLAN-10
vn-segment 10000010
vlan 30 ! The Host A resides on Vlan 30, The below command 'maps' vlan 30 with VNID 10000030.
vn-segment 10000030
!
vrf context EVPN-L3-VNI-VLAN-10 ! Defining layer3 vrf for Inter-VNI traffic.
vni 10000010
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
!
interface Vlan10 ! Layer3 VNI associated interface vlan does not have an ip address.
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip forward
!
interface Vlan30 ! Associating the Host A Vlan with layer3 vrf.
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip address 172.16.30.1/24
fabric forwarding mode anycast-gateway ! This is needed for seamless VM mobility across VTEPS, same on all VTEPS.
!
interface nve1 ! Nve is logical interface where VXLAN packets are encapsulated and decapsulated.
no shutdown
source-interface loopback2
host-reachability protocol bgp ! This means BGP control plane is used to exchange updates.
member vni 10000010 associate-vrf ! associate-vrf is used for for layer3 vni.
member vni 10000030
suppress-arp
mcast-group 239.1.1.10 ! A vlan or set of vlans mapped to VNI can be given identical multicast address, this is used for controlled flooding of arp requests.
!
interface Ethernet1/2 ! Ospf with PIM is used as Underlay.
description "Going to Spine"
no switchport
ip address 192.168.19.1/24
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface Ethernet1/11 ! Port to Host A.
switchport mode trunk
!
interface loopback2 ! Loopback for BGP Peering.
description "Loopback for "BGP"
ip address 192.168.11.11/32
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
!
router ospf UNDERLAY
!
router bgp 65000
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 192.168.9.9 ! Peering with SPINE.
remote-as 65000
update-source loopback2
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
vrf EVPN-L3-VNI-VLAN-10
address-family ipv4 unicast
advertise l2vpn evpn
!
evpn
vni 10000030 l2
rd auto ! RD is default calculated as VNI:BGP Router ID
route-target import auto ! RT is default calculated as BGP AS:VNI
route-target export auto
VTEP2
!
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature vpc
feature nv overlay
!
fabric forwarding anycast-gateway-mac 0001.0001.0001
!
ip pim rp-address 192.168.9.9 group-list 224.0.0.0/4
!
ip pim ssm range 232.0.0.0/8
vlan 1,10,30,40,100
!
vlan 10 ! This VTEP is dedicated for external connectivity, there is only layer3 VNI config.
name L3-VNI-VLAN-10
vn-segment 10000010
!
vrf context EVPN-L3-VNI-VLAN-10 ! Defining layer3 vrf for Inter-VNI traffic.
vni 10000010
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
!
interface Vlan10 ! Layer3 VNI associated interface vlan does not have an ip address.
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip forward
!
interface Vlan100 ! This vlan is used to peer with external EBGP Peer.
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip address 192.168.1.2/24
!
interface nve1
no shutdown
source-interface loopback2
host-reachability protocol bgp
member vni 10000010 associate-vrf
!
interface Ethernet1/2 ! Ospf and PIM are used in Underlay.
description "Going to Spine"
no switchport
ip address 192.168.29.2/24
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface Ethernet1/12 ! Port to External Peer.
switchport mode trunk
!
interface loopback2
ip address 192.168.22.22/32
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
!
router ospf UNDERLAY
!
router bgp 65000
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 192.168.9.9 ! Peering with SPINE.
remote-as 65000
update-source loopback2
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
vrf EVPN-L3-VNI-VLAN-10
address-family ipv4 unicast
advertise l2vpn evpn
neighbor 192.168.1.1 ! Peering with External Peer, under vrf.
remote-as 65111
update-source Vlan100
address-family ipv4 unicast
VTEP3
VTEP3 및 VTEP1의 구성은 거의 동일합니다. 유일한 차이점은 VPC와 vlan 40을 위한 추가 레이어 2 VNI입니다.
!
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature vpc
feature nv overlay
!
fabric forwarding anycast-gateway-mac 0001.0001.0001
!
ip pim rp-address 192.168.9.9 group-list 224.0.0.0/4
!
ip pim ssm range 232.0.0.0/8
!
vlan 1,10,20,30,40
!
vlan 10
name L3-VNI-VLAN-10
vn-segment 10000010
!
vlan 30
vn-segment 10000030
!
vlan 40 ! New host vlan 40.
vn-segment 10000040
!
vpc domain 2 ! Vpc Configs.
peer-keepalive destination 10.197.204.103 source 10.197.204.106
!
interface Vlan10
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip forward
!
interface Vlan30
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip address 172.16.30.1/24
!
fabric forwarding mode anycast-gateway
!
interface Vlan40
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip address 172.16.40.1/24
!
fabric forwarding mode anycast-gateway
!
interface port-channel2
switchport mode trunk
vpc 2
!
interface port-channel34
switchport mode trunk
spanning-tree port type network
vpc peer-link
!
interface nve1
no shutdown
source-interface loopback2
host-reachability protocol bgp
member vni 10000010 associate-vrf
member vni 10000030
suppress-arp
mcast-group 239.1.1.10
member vni 10000040 !New layer2 VNI for Vlan 40.
suppress-arp
mcast-group 239.1.1.20
!
interface Ethernet1/1 ! Connected to VTEP4.
switchport mode trunk
channel-group 34 mode active
!
interface Ethernet1/2
description "going to Spine"
no switchport
ip address 192.168.39.3/24
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface Ethernet1/13 ! Connected to N5K, which simulates Host C and D.
switchport mode trunk
channel-group 2 mode active
!
interface loopback2
description "loopback for Bgp"
ip address 192.168.33.33/32
ip address 192.168.33.34/32 secondary! For other VTEPs VTEP3 and VTEP4 look as single entity.
ip router ospf UNDERLAY area 0.0.0.0!This secondary address is needed in Vpc designs.
!
router ospf UNDERLAY
!
router bgp 65000
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 192.168.9.9 remote-as 100
remote-as 65000
update-source loopback2
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
vrf EVPN-L3-VNI-VLAN-10
address-family ipv4 unicast
advertise l2vpn evpn
!
evpn
vni 10000030 l2
rd auto
route-target import auto
route-target export auto
vni 10000040 l2
rd auto
route-target import auto
route-target export auto
VTEP4
!
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature vpc
feature nv overlay
!
fabric forwarding anycast-gateway-mac 0001.0001.0001
!
ip pim rp-address 192.168.9.9 group-list 224.0.0.0/4
!
ip pim ssm range 232.0.0.0/8
!
vlan 1,10,20,30,40
!
vlan 10
name L3-VNI-VLAN-10
vn-segment 10000010
!
vlan 30
vn-segment 10000030
!
vlan 40
vn-segment 10000040
!
vrf context EVPN-L3-VNI-VLAN-10
vni 10000010
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
!
interface Vlan10
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip forward
!
interface Vlan30
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip address 172.16.30.1/24
!
fabric forwarding mode anycast-gateway
!
interface Vlan40
no shutdown
vrf member EVPN-L3-VNI-VLAN-10
ip address 172.16.40.1/24
!
fabric forwarding mode anycast-gateway
!
interface port-channel2
switchport mode trunk
vpc 2
!
interface port-channel34
switchport mode trunk
spanning-tree port type network
vpc peer-link
!
interface nve1
no shutdown
source-interface loopback2
host-reachability protocol bgp
member vni 10000010 associate-vrf
member vni 10000030
suppress-arp
mcast-group 239.1.1.10
member vni 10000040
suppress-arp
mcast-group 239.1.1.20
!
interface Ethernet1/1 ! Connected to VTEP3.
switchport mode trunk
channel-group 34 mode active
!
interface Ethernet1/2
description "going to spine"
no switchport
ip address 192.168.49.4/24
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface Ethernet1/13 ! Connected to N5K, which simulates Host C and D.
switchport mode trunk
channel-group 2 mode active
!
router ospf UNDERLAY
!
router bgp 65000
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 192.168.9.9 remote-as 100
remote-as 65000
update-source loopback2
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
vrf EVPN-L3-VNI-VLAN-10
address-family ipv4 unicast
advertise l2vpn evpn
!
evpn
vni 10000030 l2
rd auto
route-target import auto
route-target export auto
vni 10000040 l2
rd auto
route-target import auto
route-target export auto
등뼈
!
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature vpc
feature nv overlay
!
ip pim rp-address 192.168.9.9 group-list 224.0.0.0/4
!
ip pim ssm range 232.0.0.0/8
!
interface Ethernet1/1 ! To VTEP1.
ip address 192.168.19.9/24
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface Ethernet1/2 ! To VTEP2.
ip address 192.168.29.9/24
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface Ethernet1/3 ! To VTEP3.
ip address 192.168.39.9/24
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface Ethernet1/4 ! To VTEP4.
ip address 192.168.49.9/24
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
no shutdown
!
interface loopback1 ! SPINE is RP(Rendezvous Point).
ip address 192.168.9.9/32
ip router ospf UNDERLAY area 0.0.0.0
ip pim sparse-mode
!
router ospf UNDERLAY
!
router bgp 65000
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
retain route-target all
template peer VTEP-PEERS
remote-as 65000
update-source loopback1
address-family ipv4 unicast
send-community both
route-reflector-client ! Spine treats VTEPs as Route-Reflector Clients.
address-family l2vpn evpn
send-community both
route-reflector-client
neighbor 192.168.11.11 ! VTEP1.
inherit peer VTEP-PEERS
neighbor 192.168.22.22 ! VTEP2.
inherit peer VTEP-PEERS
neighbor 192.168.33.33 ! VTEP3.
inherit peer VTEP-PEERS
neighbor 192.168.44.44 ! VTEP4.
inherit peer VTEP-PEERS
호스트 A
호스트 A는 3750 스위치에 의해 시뮬레이션됩니다.
! This port is the uplink to VTEP1.
interface GigabitEthernet1/0/1
switchport trunk encapsulation dot1q
switchport mode trunk
!
interface Vlan30
ip address 172.16.30.33 255.255.255.0
!
! Below the default route to VTEP1.
ip route 0.0.0.0 0.0.0.0 172.16.30.1
호스트 B
호스트 B는 외부 피어링 디바이스입니다. 여기서는 N5K를 사용합니다.
!
router bgp 65111
address-family ipv4 unicast
!
network 172.16.2.2/32 ! Advertsing the external subnet to VXLAN infrastructure.
neighbor 192.168.1.2 remote-as 65000 ! EBGP Peering with VTEP2.
address-family ipv4 unicast
!
interface loopback1
ip address 172.16.2.2/32
!
interface Ethernet1/19 ! Uplink port to VTEP2.
switchport mode trunk
!
interface Vlan100
no shutdown
ip address 192.168.1.1/24
호스트 C 및 D
호스트 C와 D는 Nexus5k에 의해 시뮬레이션되며, 고유한 vrf에서 ip 주소를 유지합니다.
!
vrf context vni30 ! This vrf simulates the HOST C.
ip route 0.0.0.0/0 172.16.30.1
vrf context vni40 ! This vrf simulates the HOST D.
ip route 0.0.0.0/0 172.16.40.1
!
interface Vlan30 ! Addressing for HOST C.
no shutdown
vrf member vni30
ip address 172.16.30.2/24
!
interface Vlan40 ! Addressing for HOST D.
no shutdown
vrf member vni40
ip address 172.16.40.2/24
!
interface Ethernet1/20 ! Uplink port to VTEP3 in Port-Channel.
switchport mode trunk
channel-group 2 mode active
!
interface Ethernet1/21 ! Uplink port to VTEP4 in Port-Channel.
switchport mode trunk
channel-group 2 mode active< /pre>
다음을 확인합니다.
호스트 A에서 외부 호스트 B로의 연결
HOST_A#ping 172.16.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
호스트 A에서 호스트 C로의 연결(Intra-VNI)
HOST_A#ping 172.16.30.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.30.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/4/9 ms
호스트 A에서 호스트 D로의 연결(Inter-VNI)
HOST_A#ping 172.16.40.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 172.16.40.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/9 ms
호스트 B(외부 피어)의 라우팅 테이블
N5K-5672-1# show ip route bgp
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.30.2/32, ubest/mbest: 1/0, pending ! Host route for Host C.
*via 192.168.1.2, [20/0], 00:00:22, bgp-65100, external, tag 65000,
172.16.30.33/32, ubest/mbest: 1/0, pending ! Host route for Host A.
*via 192.168.1.2, [20/0], 00:00:22, bgp-65100, external, tag 65000,
172.16.40.2/32, ubest/mbest: 1/0, pending ! Host route for Host D.
*via 192.168.1.2, [20/0], 00:00:22, bgp-65100, external, tag 65000,
호스트 경로가 이 외부 BGP 피어에 성공적으로 알려졌음을 확인할 수 있습니다.
컨트롤 플레인 확인
- 이 명령은 VNID가 있는 기존 VLAN의 매핑을 표시합니다.
VTEP1# show vxlan
Vlan VN-Segment
==== ==========
10 10000010
30 10000030
40 10000040
- 다음 단계는 mac이 VTEP에서 로컬로 학습되는지 확인하는 것입니다.
VTEP1# show mac address-table vlan 30
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 30 0006.f63f.e3c1 dynamic 0 F F Eth1/11 ! Mac of HOST A
* 30 8c60.4ff2.f541 dynamic 0 F F nve1(192.168.33.34)! Mac of HOST C installed into mac address table, it was learned from BGP.
G 30 e00e.da2a.2393 static - F F sup-eth1(R)
- 다음 단계는 경로가 l2rib에 설치되어 있는지 확인하는 것입니다.
VTEP1# show l2route evpn mac evi 30
Mac Address Prod Next Hop (s)
-------------- ------ ---------------
0006.f63f.e3c1 Local Eth1/11 ! Mac of HOST A installed into l2rib.
8c60.4ff2.f541 BGP 192.168.33.34 ! Mac of HOST C installed into l2rib learnt via BGP.
VTEP1# show l2route evpn mac-ip evi 30
Mac Address Prod Host IP Next Hop (s)
-------------- ---- --------------------------------------- ---------------
0006.f63f.e3c1 HMM 172.16.30.33 N/A
8c60.4ff2.f541 BGP 172.16.30.2 192.168.33.34 ! Mac+IP of Host C learnt across the Vxlan Fabric.
VTEP1# show l2route evpn mac-ip evi 40
Mac Address Prod Host IP Next Hop (s)
-------------- ---- --------------------------------------- ---------------
8c60.4ff2.f541 BGP 172.16.40.2 192.168.33.34 ! Mac+IP of Host D learnt across the Vxlan Fabric.
- 다음 단계는 l2rib가 업데이트를 l2vpn evpn으로 내보내는지 확인하는 것입니다.
VTEP1# show bgp l2vpn evpn vni-id 10000030
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 31, local router ID is 192.168.11.11
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 192.168.11.11:32797 (L2VNI 10000030)
*>l[2]:[0]:[0]:[48]:[0006.f63f.e3c1]:[0]:[0.0.0.0]/216 ! Mac of Host A in update.
192.168.11.11 100 32768 i
*>i[2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[0]:[0.0.0.0]/216
192.168.33.34 100 0 i
* i 192.168.33.34 100 0 i
*>l[2]:[0]:[0]:[48]:[0006.f63f.e3c1]:[32]:[172.16.30.33]/272 ! Mac and IP of Host A in update.
192.168.11.11 100 32768 i
* i[2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[32]:[172.16.30.2]/272 ! Mac and IP of Host C in update from Spine.
192.168.33.34 100 0 i
*>i 192.168.33.34 100 0 i
- 다음 단계는 경로가 Spine에 광고되는지 확인하는 것입니다.
VTEP1# show bgp l2vpn evpn nei 192.168.9.9 advertised-routes
Peer 192.168.9.9 routes for address family L2VPN EVPN:
BGP table version is 31, local router ID is 192.168.11.11
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 192.168.11.11:32797 (L2VNI 10000030)
*>l[2]:[0]:[0]:[48]:[0006.f63f.e3c1]:[0]:[0.0.0.0]/216
192.168.11.11 100 32768 i
*>l[2]:[0]:[0]:[48]:[0006.f63f.e3c1]:[32]:[172.16.30.33]/272 ! Mac and IP advertised to Spine.
192.168.11.11 100 32768 i
- 다음 단계는 Spine에서 수신한 경로를 확인하는 것입니다.
VTEP1# show bgp l2vpn evpn nei 192.168.9.9 routes
Peer 192.168.9.9 routes for address family L2VPN EVPN:
BGP table version is 31, local router ID is 192.168.11.11
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 192.168.11.11:32797 (L2VNI 10000030)
*>i[2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[0]:[0.0.0.0]/216
192.168.33.34 100 0 i
* i 192.168.33.34 100 0 i
* i[2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[32]:[172.16.30.2]/272 ! This is update from Host C in same VNID.
192.168.33.34 100 0 i
*>i 192.168.33.34 100 0 i
Route Distinguisher: 192.168.11.11:32807 (L2VNI 10000040)
*>i[2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[0]:[0.0.0.0]/216
192.168.33.34 100 0 i
* i 192.168.33.34 100 0 i
* i[2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[32]:[172.16.40.2]/272 ! This is update from Host D in different VNID.
192.168.33.34 100 0 i
*>i 192.168.33.34 100 0 i
Route Distinguisher: 192.168.11.11:3 (L3VNI 10000010)
*>i[2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[32]:[172.16.30.2]/272
192.168.33.34 100 0 i
* i 192.168.33.34 100 0 i
*>i[2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[32]:[172.16.40.2]/272
192.168.33.34 100 0 i
* i 192.168.33.34 100 0 i
*>i[5]:[0]:[0]:[32]:[172.16.2.2]:[0.0.0.0]/224 ! ! This is update from External Host.
192.168.22.22 100 0 65100 i
VTEP1# show ip bgp vrf EVPN-L3-VNI-VLAN-10
BGP routing table information for VRF EVPN-L3-VNI-VLAN-10, address family IPv4 Unicast
BGP table version is 5, local router ID is 192.168.1.254
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
*>i172.16.2.2/32 192.168.22.22 100 0 65111 i
*>i172.16.30.2/32 192.168.33.34 100 0 i
* i 192.168.33.34 100 0 i
*>i172.16.40.2/32 192.168.33.34 100 0 i
* i 192.168.33.34 100 0 i
- VTEP1에서는 VNID 10000030만 구성되며, 호스트 A의 mac 및 ip가 로컬에서 학습되고 evpn 경로로도 알려지는 것이 확인되었습니다. 또한 호스트 C로부터 업데이트를 수신하여 여기에 설치하는 것도 관찰되었습니다.
- 트래픽을 전달하려면 먼저 nve 피어가 작동 중일 수도 있습니다.
VTEP1# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 192.168.22.22 Up CP 01:39:15 0062.ecbf.5325 ! VTEP2
nve1 192.168.33.34 Up CP 01:40:09 f8c2.8823.275f ! VTEP3 and VTEP4 appear as single entity as both are in Vpc.
VTEP1# sh bgp internal nve-peer-vni
PeerAddress VNI VrfID GatewayMAC TunnelID Encap EgressVNI F
192.168.22.22 10000010 1 0062.ecbf.5325 0xc0a81616 1 0 0
192.168.33.34 10000010 1 0062.ecbf.4e4d 0xc0a82122 1 0 0
192.168.33.34 10000010 1 f8c2.8823.275f 0xc0a82122 1 0 0
192.168.33.34 10000030 1 0000.0000.0000 0x0 1 0 0
192.168.33.34 10000040 1 0000.0000.0000 0x0 1 0 0
문제 해결
- nve interface를 선택하면 캡슐화 및 역캡슐화에 대한 카운터의 증가분을 확인할 수 있습니다.
VTEP1# show interface nve 1
nve1 is up
admin state is up, Hardware: NVE
MTU 9216 bytes
Encapsulation VXLAN
Auto-mdix is turned off
RX
ucast: 133 pkts, 22344 bytes - mcast: 0 pkts, 0 bytes
TX
ucast: 134 pkts, 22512 bytes - mcast: 0 pkts, 0 bytes
- 필터링에 투명 방화벽을 사용하는 경우 관련 포트가 허용되는지 확인합니다.
VTEP1# show nve vxlan-params
VxLAN Dest. UDP Port: 4789
- VNI 간 라우팅에 사용되는 로컬 VTEP mac 주소를 확인합니다. 보조 주소는 VTEP가 VPC 쌍에 있을 때 표시됩니다.
VTEP1# show nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
VPC Capability: VPC-VIP-Only [not-notified]
Local Router MAC: e00e.da2a.2393
Host Learning Mode: Control-Plane
Source-Interface: loopback2 (primary: 192.168.11.11, secondary: 0.0.0.0)
- 원격 VTEPS mac 주소 및 피어링 상태를 확인합니다.
VTEP1# sh nve internal platform interface nve1 detail
Printing Interface ifindex 0x49000001 detail
|======|=========================|===============|===============|=====|=====|
|Intf |State |PriIP |SecIP |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1 |UP |192.168.11.11 |0.0.0.0 |3 |2 | ! Secondary Ip is 0.0.0.0 because this VTEP is not in vpc
|======|=========================|===============|===============|=====|=====|
SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|========
|Sw BD |Vni |State |Intf |Type|Vrf-ID|Notified
|======|======|=========================|======|====|======|========
|10 |10000010|UP |nve1 |CP |3 |Yes
|30 |10000030|UP |nve1 |CP |0 |Yes
|40 |10000040|UP |nve1 |CP |0 |Yes
|======|======|=========================|======|====|======|========
Peers of interface nve1:
============================================
Peer_ip: 192.168.22.22
Peer-ID : 1
State : UP
Learning : Disabled
TunnelID : 0xc0a81616
MAC : 0062.ecbf.5325
Table-ID : 0x1
Encap : 0x1
Peer_ip: 192.168.33.34 ! For both VTEP3 and VTEP4
Peer-ID : 2
State : UP
Learning : Disabled
TunnelID : 0xc0a82122
MAC : 0062.ecbf.4e4d
Table-ID : 0x1
Encap : 0x1
- VTEP 피어에 대한 피어링 시간 및 VNI 정보를 확인합니다.
VTEP1# show nve peer detail
Details of nve Peers:
----------------------------------------
Peer-Ip: 192.168.22.22
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:22:17
Router-Mac : 0062.ecbf.5325
Peer First VNI : 10000010
Time since Create : 00:22:17
Configured VNIs : 10000010,10000030,10000040
Provision State : add-complete ! Hardware ready for forwarding.
Route-Update : Yes
Peer Flags : RmacL2Rib, TunnelPD, DisableLearn
Learnt CP VNIs : 10000010
Peer-ifindex-resp : Yes
----------------------------------------
Peer-Ip: 192.168.33.34
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:22:10
Router-Mac : 0062.ecbf.4e4d
Peer First VNI : 10000010
Time since Create : 00:22:10
Configured VNIs : 10000010,10000030,10000040
Provision State : add-complete ! Hardware ready for forwarding.
Route-Update : Yes
Peer Flags : RmacL2Rib, TunnelPD, DisableLearn
Learnt CP VNIs : 10000010,10000030,10000040
Peer-ifindex-resp : Yes
----------------------------------------
- BGP가 EVI와 상호 작용하는 방식 및 내부 정보가 빌드되었는지 확인합니다. 다음은 VNI VLAN에 매핑된 VLAN 3010000030 예입니다.
VTEP1# sh bgp internal evi 10000030
*************************************************
L2RIB bound / VNI Req to L2RIB : Yes / 1
L2VNI Adds / Dels / ALL Dels from L2RIB : 4 / 3 / 1
First L2VNI Add/Del : Dec 17 19:07:41.680736 / Dec 17 19:10:48.455562
Last L2VNI Add/Del : Dec 17 19:11:13.916893 / Dec 17 19:10:48.455792
L3VNI Adds / Dels from L2RIB : 2 / 0 / 1
First L3VNI Add/Del : Dec 17 19:07:41.681313 / never
Last L3VNI Add/Del : Dec 17 19:11:11.838315 / never
First/Last All VNI Del : Dec 17 19:10:48.455542 / Dec 17 19:10:48.455543
ALL VNI Del from L2RIB state (cleanup status) : All VNI Not Start (0x000006)
All VNI down loop count : 0
L2RIB is up/registered/local-req: 1/1
L2RIB down: in-prg/up-defer: 0/0
L2RIB register/failures: 1/0
L2RIB deregister/failures: 0/0
L2RIB flow control (#enabled/#disabled): Disabled (0/0)
*************************************************
BGP L2VPN/EVPN RD Information for 192.168.11.11:32797
L2VNI ID : 10000030 (evi_10000030)
#Prefixes Local/BRIB : 2 / 4
#Paths L3VPN->EVPN/EVPN->L3VPN : 129 / 0
*************************************************
==============================================
BGP Configured VNI Information:
evi_cfg : 0xd87786c8
VNI ID (Index) : 10000030 (1)
RD : 192.168.11.11:32797
Export RTs : 1
ExportRT cfg list:
65000:10000030 (auto)
Import RTs : 1
ImportRT cfg list:
65000:10000030 (auto)
Topo Id : 30
VTEP IP : 192.168.11.11
VTEP VPC IP : 0.0.0.0
Encap Type : 8
Refcount : #00000003
Enabled : Yes ! If this is no then check the NVE interface config for this VNID
Delete Pending : No
Creation Req : No
Future RD : NULL
evi_ctx : 0xd86e554c
RD/Import RT/Export RT : Yes(Auto)/Yes/Yes
MAC First Add/Del : Dec 17 19:11:12.45086 / never
MAC Last Add/Del : Dec 17 19:11:12.45086 / never
MAC IP First Add/Del : Dec 17 19:11:12.54976 / never
MAC IP Last Add/Del : Dec 17 19:11:12.54977 / never
IMET First Add/Del : never / never
IMET Last Add/Del : never / never
==============================================
++++++++++++++++++++++++++++++++++++++++++
BGP VNI Information for evi_10000030 (0xd86e554c)
L2VNI ID : 10000030 (evi_10000030)
RD (rdinfo) : 192.168.11.11:32797 (0xd8811eb0)
Prefixes (local/total) : 2/4
Created : Dec 17 19:11:12.37640
Last Oper Up/Down : Dec 17 19:11:12.37827 / never
Enabled : Yes
Delete pending : 0
Stale : No
Import pending : 0
Import in progress : 0
Encap : VxLAN
Topo Id : 30
VTEP IP : 192.168.11.11
VTEP VPC IP : 0.0.0.0
Router-MAC : 0000.0000.0000
Active Export RTs : 1
Active Export RT list : 65000:10000030
Config Export RTs : 1
ExportRT cfg list:
65000:10000030 (auto)
Export RT chg/chg-pending : 0/0
Active Import RTs : 1
Active Import RT list : 65000:10000030
Config Import RTs : 1
ImportRT cfg list:
65000:10000030 (auto)
Import RT chg/chg-pending : 0/0
IMET Reg/Unreg from L2RIB : 2/0
MAC Reg/Unreg from L2RIB : 2/0
MAC IP Reg/Unreg from L2RIB : 2/0
IMET Add/Del from L2RIB : 0/0
MAC Add/Del from L2RIB : 1/0
MAC IP Add/Del from L2RIB : 1/0
IMET Dnld/Wdraw to L2RIB : 0/0
MAC Dnld/Wdraw to L2RIB : 1/0
MAC IP Dnld/Wdraw to L2RIB : 1/0
- 업데이트를 수신할 때 Inter-VNI 또는 Intra-VNI 업데이트라는 사실과 상관없이 올바른 RT(Route Target)를 수신하고 있고 업데이트를 수신하는 VTEP에 관련 구성이 있는지 확인합니다. SPINE을 통해 전송되는 VTEP3의 업데이트가 여기에서 RT 일관성을 위해 분석됩니다. VTEP1에 대한 RT 및 RD의 로컬 상태가 이러한 출력에 표시되었습니다.
SPINE# show bgp l2vpn evpn 172.16.30.2 ! Update from Spine
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 3.3.3.3:32797
BGP routing table entry for [2]:[0]:[0]:[48]:[8c60.4ff2.f541]:[32]:[172.16.30.2]
/272, version 25
Paths: (1 available, best #1)
Flags: (0x000202) on xmit-list, is not in l2rib/evpn, is not in HW,
Advertised path-id 1
Path type: internal, path is valid, is best path, remote nh not installed, no
labeled nexthop
AS-Path: NONE, path sourced internal to AS
192.168.33.34 (metric 5) from 192.168.33.33 (3.3.3.3)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10000030 1000001
Extcommunity: RT:65000:10000010 RT:65000:10000030 SOO:192.168.33.34:0 ENC
AP:8 Router MAC:0062.ecbf.4e4d
Path-id 1 advertised to peers:
192.168.11.11 192.168.22.22 192.168.44.44
개정 이력
| 개정 | 게시 날짜 | 의견 |
|---|---|---|
2.0 |
19-Dec-2023 |
대체 텍스트를 추가했습니다.
업데이트된 PII, 기계 번역, 스타일 요구 사항, 법적 고지 사항 및 서식. |
1.0 |
31-Jan-2017 |
최초 릴리스 |
피드백