- アンダーレイの設定
CX1、CX2、CX3の各スイッチにループバックインタフェースを設定し、OSPFでアドバタイズします。
[CX3-Spine]
!
interface 1/1/1
no shutdown
mtu 9198
ip address 192.168.1.3/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface 1/1/2
no shutdown
mtu 9198
ip address 192.168.2.3/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface loopback 0
ip address 10.1.1.3/32
ip ospf 1 area 0.0.0.0
!
router ospf 1
router-id 10.1.1.3
max-metric router-lsa on-startup
passive-interface default
area 0.0.0.0
!
[CX1-Leaf]
!
interface 1/1/1
no shutdown
mtu 9198
ip address 192.168.1.1/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface loopback 0
ip address 10.1.1.1/32
ip ospf 1 area 0.0.0.0
!
router ospf 1
router-id 10.1.1.1
max-metric router-lsa on-startup
passive-interface default
area 0.0.0.0
!
[CX2-Leaf]
!
interface 1/1/2
no shutdown
mtu 9198
ip address 192.168.2.2/24
ip ospf 1 area 0.0.0.0
no ip ospf passive
ip ospf network point-to-point
interface loopback 0
ip address 10.1.1.2/32
ip ospf 1 area 0.0.0.0
!
router ospf 1
router-id 10.1.1.2
max-metric router-lsa on-startup
passive-interface default
area 0.0.0.0
!
- MP-BGPの設定
コントロールプレーンとして利用するEVPNを動作させるために、MP-BGPを設定します。
[CX3-Spine]
!
router bgp 64520
bgp router-id 10.1.1.3
neighbor 10.1.1.1 remote-as 64520
neighbor 10.1.1.1 update-source loopback 0
neighbor 10.1.1.2 remote-as 64520
neighbor 10.1.1.2 update-source loopback 0
address-family l2vpn evpn
neighbor 10.1.1.1 route-reflector-client
neighbor 10.1.1.1 send-community extended
neighbor 10.1.1.1 activate
neighbor 10.1.1.2 route-reflector-client
neighbor 10.1.1.2 send-community extended
neighbor 10.1.1.2 activate
exit-address-family
!
[CX1-Leaf]
!
router bgp 64520
bgp router-id 10.1.1.1
neighbor 10.1.1.3 remote-as 64520
neighbor 10.1.1.3 update-source loopback 0
address-family l2vpn evpn
neighbor 10.1.1.3 send-community extended
neighbor 10.1.1.3 activate
exit-address-family
!
[CX2-Leaf]
!
router bgp 64520
bgp router-id 10.1.1.2
neighbor 10.1.1.3 remote-as 64520
neighbor 10.1.1.3 update-source loopback 0
address-family l2vpn evpn
neighbor 10.1.1.3 send-community extended
neighbor 10.1.1.3 activate
exit-address-family
!
- テナントやホストに関する設定
ホストが接続されるセグメントに利用するVLANやSVI、テナントを区別するためにVRFを設定します。
[CX1-Leaf]
!
vrf VRF1
!
vlan 100
!
interface 1/1/4
no shutdown
no routing
vlan access 100
!
interface vlan 100
vrf attach VRF1
ip mtu 9000
ip address 172.16.100.254/24
!
[CX2-Leaf]
!
vrf VRF1
!
vlan 101
!
interface 1/1/5
no shutdown
no routing
vlan access 101
!
interface vlan 101
vrf attach VRF1
ip mtu 9000
ip address 172.16.101.254/24
!
- VXLANの設定
L2 VNIとL3 VNIを設定して、VLANとVXLANトンネルインタフェースを関連づけします。CX1-LeafとCX2-Leafが持つサブネットをアドバタイズさせます。
L2VNIとL3 VNIの値は、VNI論理構成に記載のとおりの値です。
[CX1-Leaf]
!
vrf VRF1
rd 10.1.1.1:1
route-target export 64520:1 evpn
route-target import 64520:1 evpn
!
evpn
vlan 100
rd auto
route-target export 64520:100
route-target import 64520:100
redistribute host-route
!
interface vxlan 1
source ip 10.1.1.1
no shutdown
vni 100
vlan 100
vni 10001
vrf VRF1
routing
!
ip prefix-list endpoint-VRF1 seq 11 permit 172.16.100.0/24 le 32
!
route-map connect-bgp-VRF1 permit seq 11
match ip address prefix-list endpoint-VRF1
!
router bgp 64520
vrf VRF1
address-family ipv4 unicast
redistribute connected route-map connect-bgp-VRF1
exit-address-family
!
virtual-mac 02:00:00:00:02:00
!
[補足]
・rdは、VRF毎にユニークな値となるように設定します。トラブルシューティングを容易にするために、ループバックアドレス: VRF番号で設定します。
・vrfで設定するroute-targetは、BGP AS番号:VRF番号で設定しています。
・evpnで設定するroute-targetは、BGP AS番号:VLAN IDで設定しています。
[CX2-Leaf]
!
vrf VRF1
rd 10.1.1.2:1
route-target export 64520:1 evpn
route-target import 64520:1 evpn
!
evpn
vlan 101
rd auto
route-target export 64520:101
route-target import 64520:101
redistribute host-route
!
interface vxlan 1
source ip 10.1.1.2
no shutdown
vni 101
vlan 101
vni 10001
vrf VRF1
routing
!
ip prefix-list endpoint-VRF1 seq 11 permit 172.16.101.0/24 le 32
!
route-map connect-bgp-VRF1 permit seq 11
match ip address prefix-list endpoint-VRF1
!
router bgp 64520
vrf VRF1
address-family ipv4 unicast
redistribute connected route-map connect-bgp-VRF1
exit-address-family
!
virtual-mac 02:00:00:00:02:00
!
- CX4とCX5の設定
CX4とCX5を通信確認用にIPアドレスとデフォルトゲートウェイを設定します。
[CX4]
!
vlan 100
!
interface 1/1/4
no shutdown
no routing
vlan access 100
!
interface vlan 100
ip address 172.16.100.4/24
!
ip route 0.0.0.0/0 172.16.100.254
!
[CX5]
!
vlan 101
!
interface 1/1/5
no shutdown
no routing
vlan access 101
!
interface vlan 101
ip address 172.16.101.5/24
!
ip route 0.0.0.0/0 172.16.101.254
!
【動作・状態の確認】
[CX1-Leaf]
show bgp l2vpn evpn route-type 5コマンドで、経路情報を学習できてることが確認できます。
CX1-Leaf# show bgp l2vpn evpn route-type 5
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, e external S Stale, R Removed, a additional-paths
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN Route-Type 5 prefix: [5]:[ESI]:[EthTag]:[IPAddrLen]:[IPAddr]
VRF : default
Local Router-ID 10.1.1.1
Network Nexthop Metric LocPrf Weight Path
-------------------------------------------------------------------------------------------------------------------------------------
Route Distinguisher: 10.1.1.1:1 (L3VNI 10001)
*> [5]:[0]:[0]:[24]:[172.16.100.0] 10.1.1.1 0 100 0 ?
Route Distinguisher: 10.1.1.2:1 (L3VNI 10001)
*>i [5]:[0]:[0]:[24]:[172.16.101.0] 10.1.1.2 0 100 0 ?
Total number of entries 2
CX1-Leaf#
CX1-Leaf# show ip route vrf VRF1
Displaying ipv4 routes selected for forwarding
Origin Codes: C - connected, S - static, L - local
R - RIP, B - BGP, O - OSPF, D - DHCP
U - Unnumbered
Type Codes: E - External BGP, I - Internal BGP, V - VPN, EV - EVPN
IA - OSPF internal area, E1 - OSPF external type 1
E2 - OSPF external type 2
VRF: VRF1
Prefix Nexthop Interface VRF(egress) Origin/ Distance/ Age
Type Metric
--------------------------------------------------------------------------------------------------------
172.16.100.0/24 - vlan100 - C [0/0] -
172.16.100.254/32 - vlan100 - L [0/0] -
172.16.101.0/24 10.1.1.2 - - B/EV [200/0] 00h:21m:45s
172.16.101.5/32 10.1.1.2 - - B/EV [200/0] 00h:21m:45s
Total Route Count : 4
CX1-Leaf#
[CX2-Leaf]
CX2-Leaf# show bgp l2vpn evpn route-type 5
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, e external S Stale, R Removed, a additional-paths
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN Route-Type 5 prefix: [5]:[ESI]:[EthTag]:[IPAddrLen]:[IPAddr]
VRF : default
Local Router-ID 10.1.1.2
Network Nexthop Metric LocPrf Weight Path
-------------------------------------------------------------------------------------------------------------------------------------
Route Distinguisher: 10.1.1.1:1 (L3VNI 10001)
*>i [5]:[0]:[0]:[24]:[172.16.100.0] 10.1.1.1 0 100 0 ?
Route Distinguisher: 10.1.1.2:1 (L3VNI 10001)
*> [5]:[0]:[0]:[24]:[172.16.101.0] 10.1.1.2 0 100 0 ?
Total number of entries 2
CX2-Leaf#
CX2-Leaf# show ip route vrf VRF1
Displaying ipv4 routes selected for forwarding
Origin Codes: C - connected, S - static, L - local
R - RIP, B - BGP, O - OSPF, D - DHCP
U - Unnumbered
Type Codes: E - External BGP, I - Internal BGP, V - VPN, EV - EVPN
IA - OSPF internal area, E1 - OSPF external type 1
E2 - OSPF external type 2
VRF: VRF1
Prefix Nexthop Interface VRF(egress) Origin/ Distance/ Age
Type Metric
--------------------------------------------------------------------------------------------------------
172.16.100.0/24 10.1.1.1 - - B/EV [200/0] 00h:23m:25s
172.16.100.4/32 10.1.1.1 - - B/EV [200/0] 00h:23m:25s
172.16.101.0/24 - vlan101 - C [0/0] -
172.16.101.254/32 - vlan101 - L [0/0] -
Total Route Count : 4
CX2-Leaf#
【疎通確認】
*CX4とCX5をPC端末やサーバの代用としています。
[CX4]
CX4# ping 172.16.101.5 source 172.16.100.4 repetitions 5
PING 172.16.101.5 (172.16.101.5) from 172.16.100.4 : 100(128) bytes of data.
108 bytes from 172.16.101.5: icmp_seq=1 ttl=62 time=3.56 ms
108 bytes from 172.16.101.5: icmp_seq=2 ttl=62 time=3.60 ms
108 bytes from 172.16.101.5: icmp_seq=3 ttl=62 time=3.63 ms
108 bytes from 172.16.101.5: icmp_seq=4 ttl=62 time=4.13 ms
108 bytes from 172.16.101.5: icmp_seq=5 ttl=62 time=5.69 ms
--- 172.16.101.5 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4004ms
rtt min/avg/max/mdev = 3.560/4.121/5.689/0.810 ms
CX4#
[CX5]
CX5# ping 172.16.100.4 source 172.16.101.5 repetitions 5
PING 172.16.100.4 (172.16.100.4) from 172.16.101.5 : 100(128) bytes of data.
108 bytes from 172.16.100.4: icmp_seq=1 ttl=62 time=3.49 ms
108 bytes from 172.16.100.4: icmp_seq=2 ttl=62 time=3.25 ms
108 bytes from 172.16.100.4: icmp_seq=3 ttl=62 time=3.49 ms
108 bytes from 172.16.100.4: icmp_seq=4 ttl=62 time=3.65 ms
108 bytes from 172.16.100.4: icmp_seq=5 ttl=62 time=18.7 ms
--- 172.16.100.4 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4005ms
rtt min/avg/max/mdev = 3.250/6.509/18.673/6.082 ms
CX5#
【その他の確認コマンド】
アンダーレイのOSPFの動作、経路学習状態や、VTEPなどの確認には以下のコマンドがあります。出力行数が多いため、記事内では省略しておりますが、検証構成で採取したログは添付ファイルにまとめています。
show ip ospf neighbors
show ip route ospf
show ip route
show bgp all-vrf all summary
show bgp l2vpn evpn
show bgp l2vpn evpn route-type 2
show bgp l2vpn evpn route-type 3
show bgp l2vpn evpn route-type 5
show bgp l2vpn evpn vni 100
show bgp l2vpn evpn vni 10001
show bgp l2vpn evpn extcommunity
show bgp l2vpn evpn vtep 10.1.1.1
show bgp l2vpn evpn vtep 10.1.1.2
show ip route vrf VRF1
show mac-address-table
show arp vrf VRF1
show interface vxlan 1
show interface vxlan vni
show interface vxlan vteps detail
show interface vxlan vni 100
show interface vxlan vni 100 vteps
show interface vxlan vni 10001
show interface vxlan vni 10001 vteps
show evpn vtep-neighbor all-vrfs
show evpn evi
show evpn evi summary
show evpn evi 100
show evpn evi 100 detail
show evpn evi 10001
show evpn evi 10001 detail
#Blog #Wired