2025/06/16:CXスイッチの設定について追記、訂正しました。
以前の投稿では、CXシリーズスイッチを利用したVXLANの静的設定について紹介しました。
本投稿では、コントロールプレーンにEVPNを利用、データプレーンにVXLANを利用するEVPN-VXLANの設定について設定と確認のshowコマンドの出力をもとにまとめています。
シリーズごとの制限などは、各バージョンのコンフィグレーションガイド、リリースノートを確認してください。
【参考】
*AOS-CX 10.15.xxxx EVPN VXLAN Guide
https://arubanetworking.hpe.com/techdocs/AOS-CX/10.15/PDF/vxlan.pdf
*[CX-Switch]VXLANの静的設定
https://community.arubanetworks.com/discussion/cx-switchvxlan
【検証構成】
【CXスイッチの設定】
- アンダーレイの設定
CX1、CX2、CX3の各スイッチにループバックインタフェースを設定し、OSPFでアドバタイズさせます。
[CX3-Spine]
!
interface 1/1/1
no shutdown
mtu 9198
ip address 192.168.1.3/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface 1/1/2
no shutdown
mtu 9198
ip address 192.168.2.3/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface loopback 0
ip address 10.1.1.3/32
ip ospf 1 area 0.0.0.0
!
router ospf 1
router-id 10.1.1.3
passive-interface default
area 0.0.0.0
!
[CX1-Leaf]
!
interface 1/1/1
no shutdown
mtu 9198
ip address 192.168.1.1/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface 1/1/4
no shutdown
no routing
vlan access 100
interface loopback 0
ip address 10.1.1.1/32
ip ospf 1 area 0.0.0.0
!
router ospf 1
router-id 10.1.1.1
passive-interface default
area 0.0.0.0
!
[CX2-Leaf]
!
interface 1/1/1
no shutdown
mtu 9198
ip address 192.168.1.3/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface 1/1/2
no shutdown
mtu 9198
ip address 192.168.2.3/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface loopback 0
ip address 10.1.1.3/32
ip ospf 1 area 0.0.0.0
!
router ospf 1
router-id 10.1.1.3
passive-interface default
area 0.0.0.0
!
- MP-BGPの設定
コントロールプレーンとして利用するEVPNを動作させるために、MP-BGPを設定します。
[CX3-Spine]
!
router bgp 64520
bgp router-id 10.1.1.3
neighbor 10.1.1.1 remote-as 64520
neighbor 10.1.1.1 update-source loopback 0
neighbor 10.1.1.2 remote-as 64520
neighbor 10.1.1.2 update-source loopback 0
address-family l2vpn evpn
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.1 send-community both
neighbor 10.1.1.1 activate
neighbor 10.1.1.2 route-reflector-client
neighbor 10.1.1.2 send-community both
neighbor 10.1.1.2 activate
exit-address-family
!
[CX1-Leaf]
!
router bgp 64520
bgp router-id 10.1.1.1
neighbor 10.1.1.3 remote-as 64520
neighbor 10.1.1.3 update-source loopback 0
address-family l2vpn evpn
neighbor 10.1.1.3 send-community both
neighbor 10.1.1.3 activate
exit-address-family
!
[CX2-Leaf]
!
router bgp 64520
bgp router-id 10.1.1.2
neighbor 10.1.1.3 remote-as 64520
neighbor 10.1.1.3 update-source loopback 0
address-family l2vpn evpn
neighbor 10.1.1.3 send-community both
neighbor 10.1.1.3 activate
exit-address-family
!
- ホスト接続に関する設定
ホストが接続されるセグメントに利用するVLAN、インタフェースの設定をします。
[CX1-Leaf]
!
vlan 100
!
interface 1/1/4
no shutdown
no routing
vlan access 100
!
[CX2-Leaf]
!
vlan 100
!
interface 1/1/5
no shutdown
no routing
vlan access 100
!
- VXLANの設定
L2 VNIを設定して、VLANとVXLANトンネルインタフェースを関連づけします。
[CX1-Leaf]
!
evpn
vlan 100
rd auto
route-target export auto
route-target import auto
!
interface vxlan 1
source ip 10.1.1.1
no shutdown
vni 100
vlan 100
!
[CX2-Leaf]
!
evpn
vlan 100
rd auto
route-target export auto
route-target import auto
!
interface vxlan 1
source ip 10.1.1.2
no shutdown
vni 100
vlan 100
!
- CX4とCX5の設定
CX4toCX5wo通信確認用にIPアドレスを設定します。
[CX4]
!
vlan 100
!
interface 1/1/4
no shutdown
no routing
vlan access 100
interface vlan 100
ip address 172.16.100.4/24
!
[CX5]
!
vlan 100
!
interface 1/1/5
no shutdown
no routing
vlan access 100
interface vlan 100
ip address 172.16.100.5/24
!
【疎通確認】
*CX4とCX5をPC端末やサーバの代用としています。
[CX4]
CX4# ping 172.16.100.5 source 172.16.100.4 repetitions 5
PING 172.16.100.5 (172.16.100.5) from 172.16.100.4 : 100(128) bytes of data.
108 bytes from 172.16.100.5: icmp_seq=1 ttl=64 time=8.79 ms
108 bytes from 172.16.100.5: icmp_seq=2 ttl=64 time=9.03 ms
108 bytes from 172.16.100.5: icmp_seq=3 ttl=64 time=4.94 ms
108 bytes from 172.16.100.5: icmp_seq=4 ttl=64 time=6.02 ms
108 bytes from 172.16.100.5: icmp_seq=5 ttl=64 time=8.23 ms
--- 172.16.100.5 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 4.936/7.400/9.032/1.627 ms
CX4#
[CX5]
CX5# ping 172.16.100.4 source 172.16.100.5 repetitions 5
PING 172.16.100.4 (172.16.100.4) from 172.16.100.5 : 100(128) bytes of data.
108 bytes from 172.16.100.4: icmp_seq=1 ttl=64 time=9.12 ms
108 bytes from 172.16.100.4: icmp_seq=2 ttl=64 time=13.7 ms
108 bytes from 172.16.100.4: icmp_seq=3 ttl=64 time=10.8 ms
108 bytes from 172.16.100.4: icmp_seq=4 ttl=64 time=3.52 ms
108 bytes from 172.16.100.4: icmp_seq=5 ttl=64 time=22.7 ms
--- 172.16.100.4 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4009ms
rtt min/avg/max/mdev = 3.522/11.963/22.698/6.304 ms
CX5#
【動作・状態の確認】
CX4とCX5の間での通信確認後、SpineやLeafnoスイッチにホストの情報が登録されていることを確認できます。
[CX1-Leaf]
CX1-Leaf# show bgp l2vpn evpn summary
Codes: * Dynamic Neighbor
VRF : default
BGP Summary
-----------
Local AS : 64520 BGP Router Identifier : 10.1.1.1
Peers : 1 Log Neighbor Changes : No
Cfg. Hold Time : 180 Cfg. Keep Alive : 60
Confederation Id : 0
Neighbor Remote-AS MsgRcvd MsgSent Up/Down Time State AdminStatus
10.1.1.3 64520 17 18 00h:10m:31s Established Up
CX1-Leaf#
CX1-Leaf# show bgp l2vpn evpn
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, e external S Stale, R Removed, a additional-paths
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN Route-Type 2 prefix: [2]:[ESI]:[EthTag]:[MAC]:[OrigIP]
EVPN Route-Type 3 prefix: [3]:[EthTag]:[OrigIP]
EVPN Route-Type 5 prefix: [5]:[ESI]:[EthTag]:[IPAddrLen]:[IPAddr]
VRF : default
Local Router-ID 10.1.1.1
Network Nexthop Metric LocPrf Weight Path
-------------------------------------------------------------------------------------------------------------------------------------
Route Distinguisher: 10.1.1.1:100 (L2VNI 100)
*> [2]:[0]:[0]:[08:00:09:a1:a1:a9]:[] 10.1.1.1 0 100 0 ?
*> [2]:[0]:[0]:[08:00:09:a1:a1:ef]:[] 10.1.1.1 0 100 0 ?
*> [3]:[0]:[10.1.1.1] 10.1.1.1 0 100 0 ?
Route Distinguisher: 10.1.1.2:100 (L2VNI 100)
*>i [2]:[0]:[0]:[08:00:09:67:5f:9b]:[] 10.1.1.2 0 100 0 ?
*>i [2]:[0]:[0]:[08:00:09:67:5f:e0]:[] 10.1.1.2 0 100 0 ?
*>i [3]:[0]:[10.1.1.2] 10.1.1.2 0 100 0 ?
Total number of entries 6
CX1-Leaf#
[CX2-Leaf]
CX2-Leaf# show bgp l2vpn evpn summary
Codes: * Dynamic Neighbor
VRF : default
BGP Summary
-----------
Local AS : 64520 BGP Router Identifier : 10.1.1.2
Peers : 1 Log Neighbor Changes : No
Cfg. Hold Time : 180 Cfg. Keep Alive : 60
Confederation Id : 0
Neighbor Remote-AS MsgRcvd MsgSent Up/Down Time State AdminStatus
10.1.1.3 64520 58 59 00h:37m:22s Established Up
CX2-Leaf#
CX2-Leaf# show bgp l2vpn evpn
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, e external S Stale, R Removed, a additional-paths
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN Route-Type 2 prefix: [2]:[ESI]:[EthTag]:[MAC]:[OrigIP]
EVPN Route-Type 3 prefix: [3]:[EthTag]:[OrigIP]
EVPN Route-Type 5 prefix: [5]:[ESI]:[EthTag]:[IPAddrLen]:[IPAddr]
VRF : default
Local Router-ID 10.1.1.2
Network Nexthop Metric LocPrf Weight Path
-------------------------------------------------------------------------------------------------------------------------------------
Route Distinguisher: 10.1.1.1:100 (L2VNI 100)
*>i [2]:[0]:[0]:[08:00:09:a1:a1:a9]:[] 10.1.1.1 0 100 0 ?
*>i [2]:[0]:[0]:[08:00:09:a1:a1:ef]:[] 10.1.1.1 0 100 0 ?
*>i [3]:[0]:[10.1.1.1] 10.1.1.1 0 100 0 ?
Route Distinguisher: 10.1.1.2:100 (L2VNI 100)
*> [2]:[0]:[0]:[08:00:09:67:5f:9b]:[] 10.1.1.2 0 100 0 ?
*> [2]:[0]:[0]:[08:00:09:67:5f:e0]:[] 10.1.1.2 0 100 0 ?
*> [3]:[0]:[10.1.1.2] 10.1.1.2 0 100 0 ?
Total number of entries 6
CX2-Leaf#
[CX3-Spine]
CX3-Spine# show bgp l2vpn evpn summary
Codes: * Dynamic Neighbor
VRF : default
BGP Summary
-----------
Local AS : 64520 BGP Router Identifier : 10.1.1.3
Peers : 2 Log Neighbor Changes : No
Cfg. Hold Time : 180 Cfg. Keep Alive : 60
Confederation Id : 0
Neighbor Remote-AS MsgRcvd MsgSent Up/Down Time State AdminStatus
10.1.1.1 64520 60 59 00h:39m:23s Established Up
10.1.1.2 64520 58 58 00h:38m:58s Established Up
CX3-Spine#
CX3-Spine# show bgp l2vpn evpn
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, e external S Stale, R Removed, a additional-paths
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN Route-Type 2 prefix: [2]:[ESI]:[EthTag]:[MAC]:[OrigIP]
EVPN Route-Type 3 prefix: [3]:[EthTag]:[OrigIP]
EVPN Route-Type 5 prefix: [5]:[ESI]:[EthTag]:[IPAddrLen]:[IPAddr]
VRF : default
Local Router-ID 10.1.1.3
Network Nexthop Metric LocPrf Weight Path
-------------------------------------------------------------------------------------------------------------------------------------
Route Distinguisher: 10.1.1.1:100 (L2VNI 100)
*>i [2]:[0]:[0]:[08:00:09:a1:a1:a9]:[] 10.1.1.1 0 100 0 ?
*>i [2]:[0]:[0]:[08:00:09:a1:a1:ef]:[] 10.1.1.1 0 100 0 ?
*>i [3]:[0]:[10.1.1.1] 10.1.1.1 0 100 0 ?
Route Distinguisher: 10.1.1.2:100 (L2VNI 100)
*>i [2]:[0]:[0]:[08:00:09:67:5f:9b]:[] 10.1.1.2 0 100 0 ?
*>i [2]:[0]:[0]:[08:00:09:67:5f:e0]:[] 10.1.1.2 0 100 0 ?
*>i [3]:[0]:[10.1.1.2] 10.1.1.2 0 100 0 ?
Total number of entries 6
CX3-Spine#
#Blog #Wired