VxLAN是一种overlay技术,将二层以太网帧封装在UDP报文里面,穿过骨干三层underlay IP网络,VxLAN的24 bytes的VNID,使得现有的二层网络得到了很好的扩展,尤其是在云计算大数据时代,是主流的大二层组网方案。VxLAN有两种实现方式:
- 基于组播的VxLAN,它是一种数据驱动式的泛洪与学习(driven flood-&-learn),没有控制面,通过组播来传送VxLAN BUM流量(Broadcast, Unknown Unicast and Multicast)
- 以EVPN作为控制面的VxLAN,EVPN通过MP-BGP来自动发现和认证VTEP邻居,通过MP-BGP来通告主机MAC/IP地址
实验拓扑:构造如下拓扑,来进行以EVPN作为控制面的VxLAN的实验。
实验目的:验证同一VxLAN以及不同VxLAN中的主机可以互通。
实验环境:本实验使用EVE-NG来模拟,VTEP-1/2,和RR均使用NXOS,镜像版本如下
Used images for lab: nxosv9k-7.0.3.I7.1, x4CPU, 8Gb RAM each IOL L3 15.4.2T Routers vIOS L2 15.2 Switches VPCS VMs
实验步骤:
第一步:完成基本配置,实现同一VxLAN下主机的互通
配置VTEP-1
VTEP-1# show running-config
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,200,210
vlan 200
vn-segment 20000
vlan 210
vn-segment 20010
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 20000
mcast-group 230.1.1.1
member vni 20010
mcast-group 230.1.1.2
interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 200,210
interface Ethernet1/2
no switchport
ip address 20.1.1.2/24
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback0
ip address 100.100.100.1/32
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
router ospf 1
router-id 100.100.100.1
router bgp 100
router-id 100.100.100.1
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 100.100.100.3
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
evpn
vni 20000 l2
rd auto
route-target import auto
route-target export auto
vni 20010 l2
rd auto
route-target import auto
route-target export auto
VTEP-1#
配置VTEP-2
VTEP-2# show running-config
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,200,210
vlan 200
vn-segment 20000
vlan 210
vn-segment 20010
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 20000
mcast-group 230.1.1.1
member vni 20010
mcast-group 230.1.1.2
interface Ethernet1/1
switchport mode trunk
switchport trunk allowed vlan 200,210
interface Ethernet1/2
no switchport
ip address 30.1.1.2/24
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback0
ip address 100.100.100.2/32
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
router ospf 1
router-id 100.100.100.2
router bgp 100
router-id 100.100.100.2
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 100.100.100.3
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
evpn
vni 20000 l2
rd auto
route-target import auto
route-target export auto
vni 20010 l2
rd auto
route-target import auto
route-target export auto
VTEP-2#
配置RR
RR# show running-config
nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
interface Ethernet1/1
no switchport
ip address 20.1.1.1/24
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface Ethernet1/2
no switchport
ip address 30.1.1.1/24
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback0
ip address 100.100.100.3/32
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
router ospf 1
router-id 100.100.100.3
router bgp 100
router-id 100.100.100.3
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 100.100.100.1
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
route-reflector-client
neighbor 100.100.100.2
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
route-reflector-client
RR#
配置Switch1
Switch1#show running-config interface GigabitEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk media-type rj45 negotiation auto ! interface GigabitEthernet0/1 switchport access vlan 200 media-type rj45 negotiation auto ! interface GigabitEthernet0/2 switchport access vlan 210 media-type rj45 negotiation auto ! Switch1#
配置Switch2
Switch2#show running-config interface GigabitEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk media-type rj45 negotiation auto ! interface GigabitEthernet0/1 switchport access vlan 200 media-type rj45 negotiation auto ! interface GigabitEthernet0/2 switchport access vlan 210 media-type rj45 negotiation auto ! Switch2#
VM1 Ping测试VM3
VM1> ping 192.168.1.11 84 bytes from 192.168.1.11 icmp_seq=1 ttl=64 time=35.080 ms 84 bytes from 192.168.1.11 icmp_seq=2 ttl=64 time=19.675 ms 84 bytes from 192.168.1.11 icmp_seq=3 ttl=64 time=17.657 ms 84 bytes from 192.168.1.11 icmp_seq=4 ttl=64 time=24.238 ms 84 bytes from 192.168.1.11 icmp_seq=5 ttl=64 time=16.781 ms VM1>
VM2 Ping测试VM4
VM2> ping 172.16.1.11 84 bytes from 172.16.1.11 icmp_seq=1 ttl=64 time=47.187 ms 84 bytes from 172.16.1.11 icmp_seq=2 ttl=64 time=20.255 ms 84 bytes from 172.16.1.11 icmp_seq=3 ttl=64 time=20.980 ms 84 bytes from 172.16.1.11 icmp_seq=4 ttl=64 time=18.804 ms 84 bytes from 172.16.1.11 icmp_seq=5 ttl=64 time=26.887 ms VM2>
查看VTEP-1的EVPN邻居关系
VTEP-1# show bgp l2vpn evpn summary BGP summary information for VRF default, address family L2VPN EVPN BGP router identifier 100.100.100.1, local AS number 100 BGP table version is 34, L2VPN EVPN config peers 1, capable peers 1 6 network entries and 6 paths using 1128 bytes of memory BGP attribute entries [4/640], BGP AS path entries [0/0] BGP community entries [0/0], BGP clusterlist entries [1/4] Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 100.100.100.3 4 100 62 53 34 0 0 00:39:55 2 VTEP-1#
查看VTEP-2的EVPN邻居关系
VTEP-2# show bgp l2vpn evpn summary BGP summary information for VRF default, address family L2VPN EVPN BGP router identifier 100.100.100.2, local AS number 100 BGP table version is 34, L2VPN EVPN config peers 1, capable peers 1 6 network entries and 6 paths using 1128 bytes of memory BGP attribute entries [4/640], BGP AS path entries [0/0] BGP community entries [0/0], BGP clusterlist entries [1/4] Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 100.100.100.3 4 100 61 55 34 0 0 00:40:35 2 VTEP-2#
查看RR的EVPN邻居关系
RR# show bgp l2vpn evpn summary BGP summary information for VRF default, address family L2VPN EVPN BGP router identifier 100.100.100.3, local AS number 100 BGP table version is 28, L2VPN EVPN config peers 2, capable peers 2 4 network entries and 4 paths using 928 bytes of memory BGP attribute entries [2/320], BGP AS path entries [0/0] BGP community entries [0/0], BGP clusterlist entries [0/0] Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 100.100.100.1 4 100 60 54 28 0 0 00:40:48 2 100.100.100.2 4 100 62 51 28 0 0 00:40:57 2 RR#
查看VTEP-1的EVPN路由更新条目
VTEP-1# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 34, Local Router ID is 100.100.100.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100.100.100.1:32967 (L2VNI 20000)
*>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
100.100.100.1 100 32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
100.100.100.2 100 0 i
Route Distinguisher: 100.100.100.1:32977 (L2VNI 20010)
*>l[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
100.100.100.1 100 32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
100.100.100.2 100 0 i
Route Distinguisher: 100.100.100.2:32967
*>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
100.100.100.2 100 0 i
Route Distinguisher: 100.100.100.2:32977
*>i[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
100.100.100.2 100 0 i
VTEP-1#
查看VTEP-2的EVPN路由更新条目
VTEP-2# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 34, Local Router ID is 100.100.100.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 100.100.100.1:32967
*>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
100.100.100.1 100 0 i
Route Distinguisher: 100.100.100.1:32977
*>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
100.100.100.1 100 0 i
Route Distinguisher: 100.100.100.2:32967 (L2VNI 20000)
*>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
100.100.100.1 100 0 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
100.100.100.2 100 32768 i
Route Distinguisher: 100.100.100.2:32977 (L2VNI 20010)
*>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
100.100.100.1 100 0 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
100.100.100.2 100 32768 i
VTEP-2#
查看VTEP-1的EVPN MAC学习
VTEP-1# show l2route evpn mac all Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link (Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending (S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override (Pf):Permanently-Frozen Topology Mac Address Prod Flags Seq No Next-Hops ----------- -------------- ------ ------------- ---------- ---------------- 200 0050.7966.6806 Local L, 0 Eth1/1 200 0050.7966.6808 BGP Rcv 0 100.100.100.2 210 0050.7966.6807 Local L, 0 Eth1/1 210 0050.7966.6809 BGP Rcv 0 100.100.100.2 VTEP-1#
查看VTEP-2的EVPN MAC学习
VTEP-2# show l2route evpn mac all Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link (Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending (S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override (Pf):Permanently-Frozen Topology Mac Address Prod Flags Seq No Next-Hops ----------- -------------- ------ ------------- ---------- ---------------- 200 0050.7966.6806 BGP Rcv 0 100.100.100.1 200 0050.7966.6808 Local L, 0 Eth1/1 210 0050.7966.6807 BGP Rcv 0 100.100.100.1 210 0050.7966.6809 Local L, 0 Eth1/1 VTEP-2#
重建BGP邻居
RR# clear ip bgp *
在VTEP-1上查看BGP updates信息
VTEP-1# debug bgp updates 2017 Dec 28 01:50:12.361546 bgp: [26340] (default) UPD: [IPv4 Unicast] Starting update run for peer 100.100.100.3 (#0) 2017 Dec 28 01:50:12.361619 bgp: [26340] (default) UPD: [IPv4 Unicast] Found marker dest 0xd7a9ef64 on xmitlist for peer 100.100.100.3 (sent prefixes: 0) 2017 Dec 28 01:50:12.361694 bgp: [26340] (default) UPD: [IPv4 Unicast] Created EOR marker UPDATE msg (len 29) to peer 100.100.100.3 after sending 0 routes 2017 Dec 28 01:50:12.362218 bgp: [26340] (default) UPD: [IPv4 Unicast] (#4) Suspending update run for peer 100.100.100.3 (#0) 2017 Dec 28 01:50:12.362234 bgp: [26340] (default) UPD: [L2VPN EVPN] Continuing update run for peer 100.100.100.3 (#0) 2017 Dec 28 01:50:12.362241 bgp: [26340] (default) UPD: [L2VPN EVPN] Found marker dest 0xd7bb53be on xmitlist for peer 100.100.100.3 (sent prefixes: 0) 2017 Dec 28 01:50:12.362255 bgp: [26340] (default) UPD: [L2VPN EVPN] Created EOR marker UPDATE msg (len 29) to peer 100.100.100.3 after sending 0 routes 2017 Dec 28 01:50:12.362262 bgp: [26340] (default) UPD: [L2VPN EVPN] (#41) Suspending update run for peer 100.100.100.3 (#41) 2017 Dec 28 01:50:34.760968 bgp: [26340] (default) UPD: [L2VPN EVPN] Continuing update run for peer 100.100.100.3 (#41) 2017 Dec 28 01:50:34.761099 bgp: [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off 2017 Dec 28 01:50:34.761338 bgp: [26340] (default) UPD: 100.100.100.3 Sending attr code 1, length 1, Origin: IGP 2017 Dec 28 01:50:34.761747 bgp: [26340] (default) UPD: 100.100.100.3 Sending attr code 5, length 4, Local-pref: 100 2017 Dec 28 01:50:34.762554 bgp: [26340] (default) UPD: 100.100.100.3 Sending attr code 16, length 16, Ext-community: RT:100:20000 ENCAP:8 2017 Dec 28 01:50:34.762597 bgp: [26340] (default) UPD: 100.100.100.3 Sending attr code 14 (Mp-reach), length 44, nexthop/length: 100.100.100.1/4 2017 Dec 28 01:50:34.762665 bgp: [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 Created UPD msg (len 104) with prefix 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 (Not Installed in HW) path-id 1 for peer 2017 Dec 28 01:50:34.762709 bgp: [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3: walked 0 nodes and packed 0/0 prefixes (104 bytes) 2017 Dec 28 01:50:34.763825 bgp: [26340] (default) UPD: [L2VPN EVPN] (#42) Finished update run for peer 100.100.100.3 (#42) 2017 Dec 28 01:50:35.782806 bgp: [26340] (default) UPD: Received UPDATE message from 100.100.100.3 2017 Dec 28 01:50:35.782875 bgp: [26340] (default) UPD: 100.100.100.3 parsed UPDATE message from peer, len 118 , withdraw len 0, attr len 95, nlri len 0 2017 Dec 28 01:50:35.782891 bgp: [26340] (default) UPD: Attr code 1, length 1, Origin: IGP 2017 Dec 28 01:50:35.782921 bgp: [26340] (default) UPD: Attr code 5, length 4, Local-pref: 100 2017 Dec 28 01:50:35.782942 bgp: [26340] (default) UPD: Attr code 16, length 16, Ext-community: RT:100:20000 ENCAP:8 2017 Dec 28 01:50:35.782951 bgp: [26340] (default) UPD: Attr code 9, length 4, Originator: 100.100.100.2 2017 Dec 28 01:50:35.782958 bgp: [26340] (default) UPD: Attr code 10, length 4, Cluster-list 2017 Dec 28 01:50:35.785367 bgp: [26340] (default) UPD: Peer 100.100.100.3 nexthop length in MP reach: 4 2017 Dec 28 01:50:35.785486 bgp: [26340] (default) UPD: Recvd NEXTHOP 100.100.100.2 2017 Dec 28 01:50:35.785498 bgp: [26340] (default) UPD: Attr code 14, length 44, Mp-reach 2017 Dec 28 01:50:35.785601 bgp: [26340] (default) UPD: Received ESI 0000.0000.0000.0000.0000 for route type 2 from peer 100.100.100.3 2017 Dec 28 01:50:35.785641 bgp: [26340] (default) UPD: [L2VPN EVPN] Received rd 100.100.100.2:32967 prefix [2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 from peer 100.100.100.3, origin 0, next hop 100.100.100.2, localpref 100, med 0 2017 Dec 28 01:50:35.787998 bgp: [26340] (default) UPD: [L2VPN EVPN] Starting update run for peer 100.100.100.3 (#42) 2017 Dec 28 01:50:35.788048 bgp: [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.2:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off 2017 Dec 28 01:50:35.788073 bgp: [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 100.100.100.2:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 path-id 1 not sent to peer due to: advertising peer 2017 Dec 28 01:50:35.788348 bgp: [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off 2017 Dec 28 01:50:35.788372 bgp: [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 path-id 1 not sent to peer due to: advertising peer 2017 Dec 28 01:50:35.788451 bgp: [26340] (default) UPD: [L2VPN EVPN] (#44) Finished update run for peer 100.100.100.3 (#44) VTEP-1#
第二步:实现不同VxLAN下主机的互通
- 配置anycast-gateway-mac地址
- 针对不同租户配置VRF
- 为VRF创建L3 VNI
- 配置anycast-gateway
- 在每个租户VRF的address-family ipv4 unicast地址族下启用EVPN路由通告
VTEP-1配置
fabric forwarding anycast-gateway-mac 0002.0002.0002
vlan 200,210,3900
vlan 3900
name l3-vni-vlan-for-tenant-1
vn-segment 39000
vrf context evpn-tenant-1
vni 39000
rd auto
address-family ipv4 unicast
route-target import 39000:39000
route-target export 39000:39000
route-target both auto evpn
interface Vlan200
no shutdown
vrf member evpn-tenant-1
ip address 192.168.1.254/24
fabric forwarding mode anycast-gateway
interface Vlan210
no shutdown
vrf member evpn-tenant-1
ip address 172.16.1.254/24
fabric forwarding mode anycast-gateway
interface Vlan3900
description l3-vni-for-tenant-1-routing
no shutdown
vrf member evpn-tenant-1
ip address 12.1.1.1/30
fabric forwarding mode anycast-gateway
router bgp 100
router-id 100.100.100.1
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 100.100.100.3
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
vrf evpn-tenant-1
address-family ipv4 unicast
advertise l2vpn evpn
vrf evpn-tenant-2
address-family ipv4 unicast
advertise l2vpn evpn
VTEP-2配置
fabric forwarding anycast-gateway-mac 0002.0002.0002
vlan 200,210,3900
vlan 3900
name l3-vni-vlan-for-tenant-1
vn-segment 39000
vrf context evpn-tenant-1
vni 39000
rd auto
address-family ipv4 unicast
route-target import 39000:39000
route-target export 39000:39000
route-target both auto evpn
interface Vlan200
no shutdown
vrf member evpn-tenant-1
ip address 192.168.1.254/24
fabric forwarding mode anycast-gateway
interface Vlan210
no shutdown
vrf member evpn-tenant-1
ip address 172.16.1.254/24
fabric forwarding mode anycast-gateway
interface Vlan3900
description l3-vni-for-tenant-1-routing
no shutdown
vrf member evpn-tenant-1
ip address 12.1.1.1/30
fabric forwarding mode anycast-gateway
router bgp 100
router-id 100.100.100.2
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 100.100.100.3
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
vrf evpn-tenant-1
address-family ipv4 unicast
advertise l2vpn evpn
vrf evpn-tenant-2
address-family ipv4 unicast
advertise l2vpn evpn
VM1> ping 192.168.1.11 84 bytes from 192.168.1.11 icmp_seq=1 ttl=64 time=21.972 ms 84 bytes from 192.168.1.11 icmp_seq=2 ttl=64 time=17.022 ms 84 bytes from 192.168.1.11 icmp_seq=3 ttl=64 time=21.564 ms 84 bytes from 192.168.1.11 icmp_seq=4 ttl=64 time=21.546 ms 84 bytes from 192.168.1.11 icmp_seq=5 ttl=64 time=17.653 ms VM1> ping 172.16.1.11 84 bytes from 172.16.1.11 icmp_seq=1 ttl=62 time=25.515 ms 84 bytes from 172.16.1.11 icmp_seq=2 ttl=62 time=33.164 ms 84 bytes from 172.16.1.11 icmp_seq=3 ttl=62 time=31.302 ms 84 bytes from 172.16.1.11 icmp_seq=4 ttl=62 time=21.556 ms 84 bytes from 172.16.1.11 icmp_seq=5 ttl=62 time=29.198 ms VM1>
相同VxLAN间通信封装的是L2的VNI是20000
不同VxLAN间通信封装的是L3 VNI是39000
第三步:实现外部路由的注入
如下图所示,WAN-R1上面向VxLAN网络注入三条路由,8.8.8.8/32、100.0.0.0/24、100.0.1.0/24
VTEP-2配置
interface Ethernet1/3
no switchport
vrf member evpn-tenant-1
ip address 40.1.1.1/24
no shutdown
router bgp 100
router-id 100.100.100.2
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 100.100.100.3
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community extended
vrf evpn-tenant-1
address-family ipv4 unicast
network 192.168.1.0/24
advertise l2vpn evpn
neighbor 40.1.1.2
remote-as 200
address-family ipv4 unicast
prefix-list outbound-no-hosts out
evpn
vni 20000 l2
rd auto
route-target import auto
route-target export auto
vni 20010 l2
rd auto
route-target import auto
route-target export auto
vrf context evpn-tenant-1
rd auto
address-family ipv4 unicast
route-target import 39000:39000
route-target export 39000:39000
route-target both auto evpn
VTEP-2#
WAN-R1配置
! interface Loopback100 ip address 8.8.8.8 255.255.255.255 end ! interface Ethernet0/0 ip address 40.1.1.2 255.255.255.0 end ! router bgp 200 bgp log-neighbor-changes neighbor 40.1.1.1 remote-as 100 ! address-family ipv4 network 8.8.8.8 mask 255.255.255.255 network 100.0.0.0 mask 255.255.255.0 network 100.0.1.0 mask 255.255.255.0 neighbor 40.1.1.1 activate exit-address-family ! ip route 100.0.0.0 255.255.255.0 Null0 ip route 100.0.1.0 255.255.255.0 Null0 !
VM1 Ping测WAN-R1发布的8.8.8.8
VM1> ping 8.8.8.8 84 bytes from 8.8.8.8 icmp_seq=1 ttl=253 time=23.228 ms 84 bytes from 8.8.8.8 icmp_seq=2 ttl=253 time=22.362 ms 84 bytes from 8.8.8.8 icmp_seq=3 ttl=253 time=28.130 ms 84 bytes from 8.8.8.8 icmp_seq=4 ttl=253 time=20.304 ms 84 bytes from 8.8.8.8 icmp_seq=5 ttl=253 time=24.945 ms VM1>
VTEP-1上面收到WAN-R1发布的路由8.8.8.8/32、100.0.0.0/24、100.0.1.0/24
VTEP-1# show ip route vrf evpn-tenant-1
IP Route Table for VRF "evpn-tenant-1"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
8.8.8.8/32, ubest/mbest: 1/0
*via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
12.1.1.0/30, ubest/mbest: 1/0, attached
*via 12.1.1.1, Vlan3900, [0/0], 01:39:24, direct
12.1.1.1/32, ubest/mbest: 1/0, attached
*via 12.1.1.1, Vlan3900, [0/0], 01:39:24, local
100.0.0.0/24, ubest/mbest: 1/0
*via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
100.0.1.0/24, ubest/mbest: 1/0
*via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
172.16.1.0/24, ubest/mbest: 1/0, attached
*via 172.16.1.254, Vlan210, [0/0], 01:39:24, direct
172.16.1.10/32, ubest/mbest: 1/0, attached
*via 172.16.1.10, Vlan210, [190/0], 00:55:10, hmm
172.16.1.11/32, ubest/mbest: 1/0
*via 100.100.100.2%default, [200/0], 00:54:13, bgp-100, internal, tag 100 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
172.16.1.254/32, ubest/mbest: 1/0, attached
*via 172.16.1.254, Vlan210, [0/0], 01:39:24, local
192.168.1.0/24, ubest/mbest: 1/0, attached
*via 192.168.1.254, Vlan200, [0/0], 01:39:24, direct
192.168.1.10/32, ubest/mbest: 1/0, attached
*via 192.168.1.10, Vlan200, [190/0], 00:55:02, hmm
192.168.1.11/32, ubest/mbest: 1/0
*via 100.100.100.2%default, [200/0], 00:01:59, bgp-100, internal, tag 100 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
192.168.1.254/32, ubest/mbest: 1/0, attached
*via 192.168.1.254, Vlan200, [0/0], 01:39:24, local
VTEP-1#
实验总结:至此实验目的已经全部达成。使用EVPN的VxLAN方案,先天的转控分离更适合在SDN方案中部署,后续继续进行VxLAN在SDN中的实验。
================
Scenario: configure VxLAN both Flood & Learn and EVPN mode. ( 场景:同时配置VxLAN Flood&Learn和EVPN模式。 )
Premise: ( 前提:)
- You have 1 Spines and 3 Leafs. Leaf-2 and Leaf-3 are setup as vPC pairs. ( 您有1个刺和3个叶子。Leaf-2和Leaf-3设置为vPC对 )
- The host port on Leaf-1 is in VLAN 10 and on Leaf-2 in VLAN 10 & 20 ( Leaf-1上的主机端口在VLAN 10中,而Leaf-2上的主机端口在VLAN 10和20中 )
- vPC pair has a L2 switch connected to its member port and is passing all Vlans 10, 20 , 30. ( vPC对具有连接到其成员端口的L2交换机,并且正在通过所有Vlan 10、20、30 )
Goal: The Goal of the lab is to configure VXLAN overlay to provide reachability between SW1,SW2 and SW3 using VXLAN ( 目标:实验室的目标是配置VXLAN覆盖,以使用VXLAN在SW1,SW2和SW3之间提供可达性 )
STEP1: Configure basic IP reachability between Leaf and Spine switches using OSPF routing protocol.
( 步骤1:使用OSPF路由协议在Leaf和Spine交换机之间配置基本IP可达性。 )
STEP2: Configure multicast between Leaf and Spine. Best practice is to use bidirectional mode. We can configure anycast or phantom RP for Spine redundancy. Make sure to allow the correct group address to be used for VxLAN.
( 步骤2:在Leaf和Spine之间配置多播。最佳实践是使用双向模式。我们可以为Spine冗余配置任播或幻影RP。确保允许将正确的组地址用于VxLAN。 )
Note: Flood and Learn (F&L) 注意:泛洪与学习(F&L)
As the name suggests, F&L used exactly flooding and learning procedure to learn the end hosts. F&L works in data plane. ( 顾名思义,F&L使用精确的泛洪和学习过程来学习最终主机。F&L在数据平面中工作。 )
Step3: Configure “feature nv overlay” and “feature vn-segment-vlan-based” on all Leaf switches ( 步骤3: 在所有Leaf交换机上配置“功能nv叠加”和“基于功能vn-segment-vlan” )
Step4: Configure Vlan and associate unique vn-segment per vlan. ( 步骤4: 配置VLAN,并为每个VLAN关联唯一的vn段。 )
Step5: Configure “nve” interface with source interface of Loopback 0. Associate vni to nve interface and assign multicast group of which vni should be part of.
( 步骤5:使用Loopback 0的源接口配置“ nve”接口。将vni与nve接口相关联,并分配vni应该属于其中的多播组。 )
Step6: Configure a common secondary IP on loopback for vpc peers. The nve peering will be done with secondary IP only.
( 步骤6:为vpc对等体配置通用的辅助IP环回。nve对等将仅使用辅助IP进行。 )
Step7: Configure VPC nve vlan on both vpc peers and SVI with ospf on it. Make sure to have increased cost on this link, so that it can’t be used as transit for all traffic.
( 步骤7:在vpc对等方和SVI上均配置ospf的VPC nve vlan。确保增加此链接的费用,以便不能将其用作所有流量的中转站。 )
Note: In F&L, there is no configuration needed on Spine. ( 注意:在F&L中,在Spine上不需要配置。 )
Verification: Once nve interface is configured on all the leafs, you are ready to test the connectivity. ( 验证:在所有叶子上配置nve接口后,就可以测试连接了。 )
Verification: you will see (*,G) and (S,G) entry in mroute table. ( 验证:您将在mroute表中看到(*,G)和(S,G)条目。 )
BGP EVPN:
Step1: Configure “nv overlay evpn” on all switches. ( 步骤1: 在所有交换机上配置“ nv overlay evpn”。 )
Step2: For control plane, configure BGP from Leaf to Spine with address family l2vpn evpn. ( 步骤2:对于控制平面,使用地址族l2vpn evpn配置从Leaf到Spine的BGP。 )
Verification: ( 验证: )
Step3: configure bgp in line with the interface to use bgp as a protocol for host reachability. ( 步骤3:根据接口配置bgp,以使用bgp作为主机可达性协议。 )
Step4: Map the vni to evpn and configure RD/RT. Here we have an option configure device to automatically generated RD/RT value.
( 第四步: 中号AP的VNI到EVPN和配置RD / RT。在这里,我们有一个选项,可将设备配置为自动生成RD / RT值。 )
Verification: ( 验证: )
Step5: Configure the spines as route-reflector Client ( 步骤5:将刺配置为路由反射器客户端 )
This is data driven protocol, which means you will see nve peer and mac address only when there is an active traffic. ( 这是数据驱动的协议,这意味着仅当有活动流量时,您才会看到nve对等方和mac地址 )
Once the address is learned on leaf, BGP control plane will advertise the same to remote peers.
( 一旦在叶上学习到地址,BGP控制平面就会将其通告给远程对等体。 )
