在Nexus 9000交換機的VXLAN BGP EVPN中配置系統NVE Infra-Vlan

下載選項

  • PDF     (1.3 MB)
    在多種裝置上使用 Adobe Reader 檢視
  • ePub     (1.0 MB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上的各種應用程式中檢視
  • Mobi (Kindle)     (599.0 KB)
    在 Kindle 裝置或多部裝置的 Kindle 應用程式上檢視
已更新: 2020 年 4 月 29 日
文件 ID:214624

無偏見用語

本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。

關於此翻譯

思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。

    簡介

    本文檔介紹在基於運行NX-OS作業系統的Cisco Nexus 9000交換機的虛擬可擴展LAN邊界網關協定乙太網VPN (VXLAN BGP EVPN)交換矩陣中system nve infra-vlans命令的用途。

    當Nexus 9000交換機在虛擬埠通道(vPC)域中配置為VXLAN枝葉交換機(也稱為VXLAN隧道終端(VTEP))時,必須使用介面VLAN透過vPC對等鏈路在它們之間建立備份第3層路由鄰接。此VLAN必須位於交換機本地,而不是在VXLAN交換矩陣中延伸,且屬於預設VRF(全局路由表)。

    確保採用CloudScale ASIC的Nexus 9000平台上已採用system nve infra-vlans命令,以指定VLAN可以用作上行鏈路,並使用VXLAN封裝透過vPC對等鏈路正確轉發幀。

    注意:本文檔不適用於在應用中心基礎設施(ACI)模式下運行並由思科應用策略基礎設施控制器(APIC)管理的Cisco Nexus 9000交換機。

    必要條件

    需求

    思科建議您瞭解以下主題:

    • Nexus NX-OS軟體
    • VXLAN BGP EVPN

    採用元件

    本文中的資訊係根據以下軟體和硬體版本:

    • 思科N9K-C93180YC-EX
    • NXOS 7.0(3)I7(6)版

    本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。

    注意:本文檔使用術語「枝葉交換機」、「VTEP」和「ToR」進行互換使用。


    使用案例

    下一個使用案例顯示何時需要配置system nve infra-vlans命令。在所有命令中,需要將分配的VLAN 777定義為system nve infra-vlans命令的一部分,並用於透過vPC對等鏈路例項化第3層路由備份鄰接。此VLAN 777需要作為預設VRF(全局路由表)的一部分。

    注意:這些使用案例描述的是直接物理連線到Cisco Nexus 9000 VXLAN枝葉或邊界枝葉交換機的終端主機或路由器的常見情況。同樣,這些使用案例適用於Nexus 9000枝葉交換機與終端主機或路由器之間的第2層交換機或網橋。


    vPC中枝葉交換機上的孤立埠

    此使用案例描述交換矩陣(主機A)內部連線到vPC域中單個Cisco Nexus 9000 VXLAN枝葉交換機部分的終端主機。這稱為孤立埠連線。作為路由的一部分,連線到交換矩陣中任何其他枝葉交換機的終端主機生成的流量在底層中由vPC中的兩個枝葉交換機(交換機枝葉A和交換機枝葉B)同時擁有的NVE任播IP地址(10.12.12.12)。這是為了使用等價多路徑(ECMP)路由來利用所有枝葉到主幹的上行鏈路。在此場景中,透過主幹後,發往主機A的VXLAN幀可以雜湊到枝葉B,而枝葉B沒有與主機A的直接連線。系統沒有基礎設施VLAN且需要備份路由,流量才能通過vPC對等鏈路。

    alt-tag-for-image

    vPC中枝葉交換機上的上行鏈路故障

    在此使用案例中,交換矩陣內的終端主機(主機A)雙宿至vPC域中的兩個Cisco Nexus 9000 VXLAN枝葉交換機。但是,如果vPC中任何枝葉交換機上的所有上行鏈路都發生故障,從而使其與主幹交換機完全隔離,則系統需要配置基礎設施VLAN和備份路由,使流量透過vPC對等鏈路,而這現在是通向主幹的唯一可能路徑。例如,圖中顯示主機A的流量已雜湊到隔離的交換機Leaf A的幀。幀現在必須透過該vPC對等鏈路。

    alt-tag-for-image

    vPC中的邊界枝葉交換機

    邊界枝葉交換機可透過與外部路由器交換網路字首提供與VXLAN交換矩陣外部的連線,這些交換機可以位於vPC中。

    與外部路由器的這種連線可以抽象地視為與WAN的連線。

    如果鏈路發生故障,連線到WAN的邊界枝葉交換機可能最終成為單宿交換機。在這種情況下,系統不需要基礎設施vlan和備用路由,流量才能通過vPC對等鏈路,如下圖所示。

    注意:對於下一個示例,除了全局路由表中的VLAN外,租戶-VRF中還必須有一個VLAN部分,用於在vPC對等鏈路上的邊界枝葉交換機之間使用靜態路由或路由協定來交換網路字首。填充租戶-VRF路由表需要執行此操作。



    alt-tag-for-image

    邊界枝葉交換機還可以使用靜態路由或在租戶-VRF中例項化的路由協定,透過vPC對等鏈路通告介面環回。此流量也將透過vPC對等鏈路傳輸。


    alt-tag-for-image

    最後,連線到邊界枝葉交換機的外部路由器單宿主可以通告網路字首,如下圖所示,網路流量路徑中可能需要有vPC對等鏈路。

    alt-tag-for-image

    Bud節點

    在Bud節點使用案例中,可以有一個基於硬體或軟體的VTEP連線到Cisco Nexus 9000 VXLAN枝葉交換機。此VTEP可以將VXLAN封裝流量傳送到枝葉交換機。必須將用於連線此硬體或軟體VTEP的VLAN增加到system nve infra-vlans命令中。

    在本例中,它是VLAN 10和VLAN 777。


    alt-tag-for-image

    設定

    在此場景中,枝葉A和枝葉B是vPC中的VTEP。

    已選擇VLAN 777參與底層路由協定,在本例中為開放最短路徑優先(OSPF)。

    在每台枝葉A和枝葉B交換機上,OSPF已經透過上行鏈路與主幹交換機建立鄰接關係,並透過vPC對等鏈路與主幹交換機建立鄰接關係。

    OSPF或中間系統到中間系統(IS-IS)可以是底層中使用的路由協定。

    注意:在vlan 777配置部分下未配置vn-segment命令。這表示VLAN並未在VXLAN光纖上延伸,而是位於交換器中的本機VLAN。 

    在全局配置模式下增加system nve infra-vlans命令,並選擇vlan 777,因為它是用於底層OSPF鄰接的vlan。

    :僅在帶有CloudScale ASIC的Nexus 9000上需要系統網路infra-vlan。 

    枝葉A 
    LEAF_A# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.255.255.254    1 FULL/ -          00:02:52 10.255.255.254  Eth1/6 
 10.255.255.2      1 FULL/ -          02:16:10 10.1.2.2        Vlan777 
LEAF_A#

    
LEAF_A# show running-config vlan 777

!Command: show running-config vlan 777
!Running configuration last done at: Tue Jul 16 19:45:24 2019
!Time: Tue Jul 16 19:48:46 2019

version 7.0(3)I7(6) Bios:version 07.65 
vlan 777
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA


LEAF_A# 

    
LEAF_A# show running-config interface vlan 777

!Command: show running-config interface Vlan777
!Running configuration last done at: Tue Jul 16 19:45:24 2019
!Time: Tue Jul 16 19:46:33 2019

version 7.0(3)I7(6) Bios:version 07.65 

interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.1/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0

LEAF_A#

    
LEAF_A# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LEAF_A(config)# system nve infra-vlans ?
  <1-3967>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512)

LEAF_A(config)# system nve infra-vlans 777
LEAF_A(config)#


    枝葉B 
    LEAF_B# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.255.255.254    1 FULL/ -          02:21:53 10.255.255.254  Eth1/5 
 10.255.255.1      1 FULL/ -          02:13:51 10.1.2.1        Vlan777 
LEAF_B#

    
LEAF_B# show running-config vlan 777


!Command: show running-config vlan 777
!Running configuration last done at: Tue Jul 16 18:17:29 2019
!Time: Tue Jul 16 19:49:19 2019

version 7.0(3)I7(6) Bios:version 07.65 
vlan 777
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA


LEAF_B# 

    
LEAF_B# sh running-config interface vlan 777

!Command: show running-config interface Vlan777
!Running configuration last done at: Tue Jul 16 18:17:29 2019
!Time: Tue Jul 16 19:48:14 2019

version 7.0(3)I7(6) Bios:version 07.65 

interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.2/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0

LEAF_B#

    
LEAF_B# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LEAF_B(config)# system nve infra-vlans ?
  <1-3967>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512)

LEAF_B(config)# system nve infra-vlans 777
LEAF_B(config)#


    注意:您不能配置特定INFRA-VLAN組合。例如2和514、10和522,它們相隔512。

    網路圖表

    alt-tag-for-image


    組態

    枝葉A 
    configure terminal
!
hostname LEAF_A
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature vpc
feature lacp
!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
vpc domain 1
  peer-keepalive destination 10.82.140.99 source 10.82.140.98 vrf management
  peer-switch
  peer-gateway
  layer3 peer-router
!
interface Ethernet1/1
  switchport
  switchport mode trunk
  channel-group 1 mode active
  no shutdown
!
interface Port-Channel1
  vpc peer-link
  no shutdown
!
    interface Vlan777
      no shutdown
      no ip redirects
      ip address 10.1.2.1/24
      no ipv6 redirects
      ip ospf network point-to-point
      ip router ospf 1 area 0.0.0.0
    !
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/6
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/54
  description TO HOST-A
  switchport
  switchport access vlan 10
  spanning-tree port type edge
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.1.1.1/32
  ip address 10.12.12.12/32 secondary
  ip router ospf 1 area 0.0.0.0

interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.1/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
      ip forward
      no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.1
!
router bgp 65535
  router-id 10.255.255.1
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end


    枝葉B 
    configure terminal
!
hostname LEAF_B
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature vpc
feature lacp
!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
vpc domain 1
  peer-keepalive destination 10.82.140.98 source 10.82.140.99 vrf management
  peer-switch
  peer-gateway
  layer3 peer-router
!
interface Ethernet1/1
  switchport
  switchport mode trunk
  channel-group 1 mode active
  no shutdown
!
interface Port-Channel1
  vpc peer-link
  no shutdown
!
    interface Vlan777
      no shutdown
      no ip redirects
      ip address 10.1.2.2/24
      no ipv6 redirects
      ip ospf network point-to-point
      ip router ospf 1 area 0.0.0.0
    !
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/5
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.2.2.2/32
  ip address 10.12.12.12/32 secondary
  ip router ospf 1 area 0.0.0.0

interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.2/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
      ip forward
      no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.2
!
router bgp 65535
  router-id 10.255.255.2
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end
    枝葉C 
    configure terminal
!
hostname LEAF_C
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/1
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/49
  description TO HOST-A
  switchport
  switchport access vlan 10
  spanning-tree port type edge
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.3.3.3/32
  ip router ospf 1 area 0.0.0.0
!
interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.3/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
      ip forward
      no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.3
!
router bgp 65535
  router-id 10.255.255.3
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end


    骨幹 
    configure terminal
!
hostname SPINE
!
nv overlay evpn
feature ospf
feature bgp
feature nv overlay
!
interface Ethernet1/5
  description TO LEAF A
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/6
  description TO LEAF B
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/1
  description TO LEAF C
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.254/32
  ip router ospf 1 area 0.0.0.0
!
router ospf 1
  router-id 10.255.255.254
!
router bgp 65535
  router-id 10.255.255.254
  address-family ipv4 unicast
  address-family l2vpn evpn
    retain route-target all
  neighbor 10.255.255.1
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.255.2
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.255.3
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
!
end


    驗證

    運行show system nve infra-vlans命令,確保VLAN顯示在Currently active infra Vlans下。

    枝葉A 
    LEAF_A# show system nve infra-vlans 
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_A#


    枝葉B 
    LEAF_B# show system nve infra-vlans
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_B#

    注意:建議在第3層物理介面上用作上行鏈路,在交換矩陣中傳輸VXLAN流量。不支援第3層子介面。要使用介面vlan傳輸VXLAN流量,請確保也使用system nve infra-vlans命令在vPC對等鏈路上標識vlan。

    疑難排解

    如果LEAF A交換機出現上行鏈路故障,並且不再直接連線到主幹交換機,仍可透過用作通向主幹交換機的備用上行鏈路的vPC對等鏈路上的infra-vlan實現可達性。

    alt-tag-for-image

    枝葉A 
    LEAF_A# show mac address-table vlan 10
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*   10     0000.0000.000a   dynamic  0         F      F    Eth1/54
C   10     0000.0000.000b   dynamic  0         F      F    nve1(10.3.3.3)
G   10     00be.755b.f1b7   static   -         F      F    sup-eth1(R)
G   10     4c77.6db9.a8db   static   -         F      F    vPC Peer-Link(R)
LEAF_A#
    
LEAF_A# show ip route 10.3.3.3
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

10.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.2.2, Vlan777, [110/49], 00:01:39, ospf-1, intra
LEAF_A#
    
LEAF_A# show system nve infra-vlans 
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_A#

    修訂記錄

    修訂 發佈日期 意見
    1.0
    25-Jul-2019
    初始版本
    TAC Authored

    由思科工程師貢獻

    • Hector Gustavo Serrano Gutierrez
      Cisco TAC Engineer

    這份文件是否有所幫助?

    Feedback意見

    讓思科協助您

    本文件適用於這些產品