※自己学習のナレッジ化とアウトプット、備忘を目的としております、
誤りなどありましたら申し訳ございません
作った環境
今回は Arista の cEOSを使用して EVPN-VXLAN環境を構築していきます
環境構築にあたって全体的な概要図は以下のようなイメージです
まずはオーバーレイを構成するために必要な情報を各機器でやり取りするための設定をしていきます。(アンダーレイの構築)
設定するのは以下のような内容
・VTEP用のInterface設定(VXLANでカプセル化するためのEnd Point)
・EVPN用のInterface設定(リモートVTEPの検出やローカルで学習したMAC/IPの広報などのため)
・上記のIPを交換するためのダイナミックルーティング設定、物理Interface設定
ダイナミックルーティングは何でもよさそうですがとりあえずBGPにしておきます
Underlay_Interface設定
/31のP2Pアドレスを払い出すことが推奨の様子
Leafが増えることも意識して、/28ずつSpineに割り当てる想定
この物理IPを使用してSpine<->LeafでeBGPピアを形成する
#OSPFなど別のDynamicRoutingでも可
| 接続元 | IP | - | IP | 接続先 |
|---|---|---|---|---|
| Spine001 Eth1 | 192.168.1.0/31 | ⇔ | 192.168.1.1/31 | Eth1 Leaf001 |
| Spine001 Eth2 | 192.168.1.2/31 | ⇔ | 192.168.1.3/31 | Eth1 Leaf002 |
| Spine001 Eth3 | 192.168.1.4/31 | ⇔ | 192.168.1.5/31 | Eth1 Leaf003 |
| Spine002 Eth1 | 192.168.1.14/31 | ⇔ | 192.168.1.15/31 | Eth1 Leaf001 |
| Spine002 Eth2 | 192.168.1.16/31 | ⇔ | 192.168.1.17/31 | Eth1 Leaf002 |
| Spine002 Eth3 | 192.168.1.18/31 | ⇔ | 192.168.1.19/31 | Eth1 Leaf003 |
Config
Spine001 to Leaf001
##Spine001
interface Ethernet1
no switchport
ip address 192.168.1.0/31
###Leaf001
interface Ethernet1
no switchport
ip address 192.168.1.1/31
Spine001 to Leaf002
##Spine001
interface Ethernet2
no switchport
ip address 192.168.1.2/31
##Leaf002
interface Ethernet1
no switchport
ip address 192.168.1.3/31
Spine001 to Leaf003
##Spine001
interface Ethernet3
no switchport
ip address 192.168.1.4/31
##Leaf003
interface Ethernet1
no switchport
ip address 192.168.1.5/31
Spine002 to Leaf001
##Spine002
interface Ethernet1
no switchport
ip address 192.168.1.14/31
###Leaf001
interface Ethernet2
no switchport
ip address 192.168.1.15/31
Spine002 to Leaf002
##Spine002
interface Ethernet2
no switchport
ip address 192.168.1.16/31
##Leaf002
interface Ethernet2
no switchport
ip address 192.168.1.17/31
Spine002 to Leaf003
##Spine002
interface Ethernet3
no switchport
ip address 192.168.1.18/31
##Leaf003
interface Ethernet2
no switchport
ip address 192.168.1.19/31
〇Underlay_LoopbackInterface設定
オーバーレイのコントロールプレーンであるEVPN(MP-BGP)および
データプレーンであるVXLANのカプセル化を司るVTEP(VxlanTunnleEndPoint)
| Node | Interface | IP | 用途 |
|---|---|---|---|
| Spine001 | Loopback 0 | 172.16.0.1/32 | EVPN |
| Spine002 | Loopback 0 | 172.16.0.2/32 | EVPN |
| Leaf001 | Loopback 0 | 172.17.0.1/32 | EVPN |
| Loopback 1 | 10.0.0.15/32 | VTEP | |
| Leaf002 | Loopback 0 | 172.17.0.2/32 | EVPN |
| Loopback 1 | 10.0.0.16/32 | VTEP | |
| Leaf003 | Loopback 0 | 172.17.0.3/32 | EVPN |
| Loopback 1 | 10.0.0.17/32 | VTEP |
Config
Spine001
##EVPN
interface Loopback0
ip address 172.16.0.1/32
Spine002
##EVPN
interface Loopback0
ip address 172.16.0.2/32
Leaf001
##EVPN
interface Loopback0
ip address 172.17.0.1/32
##VTEP
interface Loopback1
ip address 10.0.0.15/32
Leaf002
##EVPN
interface Loopback0
ip address 172.17.0.2/32
##VTEP
interface Loopback1
ip address 10.0.0.16/32
Leaf003
##EVPN
interface Loopback0
ip address 172.17.0.3/32
##VTEP
interface Loopback1
ip address 10.0.0.17/32
〇Underlay_BGP設定
EVPN用途およびVTEP用途に作成したLoopback InterfaceのIPを交換するための
アンダーレイのBGPピアを形成
NeigborはそれぞれP2PのIPを指定
| Node | AS |
|---|---|
| Spine001 | 64512 |
| Spine002 | 64512 |
| Leaf001 | 64612 |
| Leaf002 | 64613 |
| Leaf003 | 64614 |
Config
Spine001
router bgp 64512
router-id 172.16.0.1 #
distance bgp 20 200 200 #
maximum-paths 8 ecmp 16 # マルチパスとなるよう設定、Leaf3台なのでmaximum-path 3でもよかったのか?
neighbor 192.168.1.1 remote-as 64612
neighbor 192.168.1.1 description ## UNDERLAY-To-Leaf001 ##
neighbor 192.168.1.3 remote-as 64613
neighbor 192.168.1.3 description ## UNDERLAY-To-Leaf002 ##
neighbor 192.168.1.5 remote-as 64614
neighbor 192.168.1.5 description ## UNDERLAY-To-Leaf003 ##
redistribute connected
Spine002
router bgp 64512
router-id 172.16.0.2
distance bgp 20 200 200
maximum-paths 8 ecmp 16
neighbor 192.168.1.15 remote-as 64612
neighbor 192.168.1.15 description ## UNDERLAY-To-Leaf001 ##
neighbor 192.168.1.17 remote-as 64613
neighbor 192.168.1.17 description ## UNDERLAY-To-Leaf002 ##
neighbor 192.168.1.19 remote-as 64614
neighbor 192.168.1.19 description ## UNDERLAY-To-Leaf003 ##
redistribute connected
Leaf001
router bgp 64612
router-id 172.17.0.1
distance bgp 20 200 200
maximum-paths 8 ecmp 16
neighbor SPINE peer group
neighbor SPINE remote-as 64512
neighbor SPINE allowas-in 1
neighbor SPINE send-community
neighbor 192.168.1.0 peer group SPINE
neighbor 192.168.1.14 peer group SPINE
redistribute connected
Leaf002
router bgp 64613
router-id 172.17.0.2
distance bgp 20 200 200
maximum-paths 8 ecmp 16
neighbor SPINE peer group
neighbor SPINE remote-as 64512
neighbor SPINE allowas-in 1
neighbor SPINE send-community
neighbor 192.168.1.2 peer group SPINE
neighbor 192.168.1.16 peer group SPINE
redistribute connected
Leaf003
router bgp 64614
router-id 172.17.0.3
distance bgp 20 200 200
maximum-paths 8 ecmp 16
neighbor SPINE peer group
neighbor SPINE remote-as 64512
neighbor SPINE allowas-in 1
neighbor SPINE send-community
neighbor 192.168.1.4 peer group SPINE
neighbor 192.168.1.18 peer group SPINE
redistribute connected
〇Status確認
これでいったんアンダーレイの環境は構成できるはずです
各Spine-LeafのeBGPが形成され、Loopback0,1のIPが学習できていることが期待値です
Underlay_BGP
Spine001==== show bgp summary ====
BGP summary information for VRF default
Router identifier 172.16.0.1, local AS number 64512
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc
----------- ----------- ------------- ----------------------- -------------- ---------- ----------
192.168.1.1 64612 Established IPv4 Unicast Negotiated 5 5 #--To Leaf001
192.168.1.3 64613 Established IPv4 Unicast Negotiated 7 7 #--To Leaf002
192.168.1.5 64614 Established IPv4 Unicast Negotiated 5 5 #--To Leaf003
Spine002==== show bgp summary ====
BGP summary information for VRF default
Router identifier 172.16.0.2, local AS number 64512
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc
------------ ----------- ------------- ----------------------- -------------- ---------- ----------
192.168.1.15 64612 Established IPv4 Unicast Negotiated 5 5 #--To Leaf001
192.168.1.17 64613 Established IPv4 Unicast Negotiated 7 7 #--To Leaf002
192.168.1.19 64614 Established IPv4 Unicast Negotiated 5 5 #--To Leaf003
Leaf001==== show bgp summary ====
BGP summary information for VRF default
Router identifier 172.17.0.1, local AS number 64612
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc
------------ ----------- ------------- ----------------------- -------------- ---------- ----------
192.168.1.0 64512 Established IPv4 Unicast Negotiated 13 13 #--To Spine001
192.168.1.14 64512 Established IPv4 Unicast Negotiated 13 13 #--To Spine002
Leaf002==== show bgp summary ====
BGP summary information for VRF default
Router identifier 172.17.0.2, local AS number 64613
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc
------------ ----------- ------------- ----------------------- -------------- ---------- ----------
192.168.1.2 64512 Established IPv4 Unicast Negotiated 11 11 #--To Spine001
192.168.1.16 64512 Established IPv4 Unicast Negotiated 11 11 #--To Spine002
Leaf003==== show bgp summary ====
BGP summary information for VRF default
Router identifier 172.17.0.3, local AS number 64614
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc
------------ ----------- ------------- ----------------------- -------------- ---------- ----------
192.168.1.4 64512 Established IPv4 Unicast Negotiated 13 13 #--To Spine001
192.168.1.18 64512 Established IPv4 Unicast Negotiated 13 13 #--To Spine002
Session State が Established になっておりBGPネイバーが形成できています
このBGPはEVPN用途ではないため AFI/SAFI(address-family)もIPv4 Unicastです
Underlay_RouteTable
Spine001==== show ip route ====
## ~ 中略 ~
Gateway of last resort:
S 0.0.0.0/0 [1/0]
via 172.20.20.1, Management0
#---------- Leafのloopback1(VTEP) -----------
B E 10.0.0.15/32 [20/0] #---Leaf001
via 192.168.1.1, Ethernet1
B E 10.0.0.16/32 [20/0] #---Leaf002
via 192.168.1.3, Ethernet2
B E 10.0.0.17/32 [20/0] #---Leaf003
via 192.168.1.5, Ethernet3
#---------- Leafのloopback0(EVPN) -----------
C 172.16.0.1/32
directly connected, Loopback0
B E 172.17.0.1/32 [20/0] #---Leaf001
via 192.168.1.1, Ethernet1
B E 172.17.0.2/32 [20/0] #---Leaf002
via 192.168.1.3, Ethernet2
B E 172.17.0.3/32 [20/0] #---Leaf003
via 192.168.1.5, Ethernet3
#---------- 物理IP -----------
C 192.168.1.0/31
directly connected, Ethernet1
C 192.168.1.2/31
directly connected, Ethernet2
C 192.168.1.4/31
directly connected, Ethernet3
B E 192.168.1.14/31 [20/0]
via 192.168.1.1, Ethernet1
B E 192.168.1.16/31 [20/0]
via 192.168.1.3, Ethernet2
B E 192.168.1.18/31 [20/0]
via 192.168.1.5, Ethernet3
Spine002==== show ip route ====
## ~ 中略 ~
Gateway of last resort:
S 0.0.0.0/0 [1/0]
via 172.20.20.1, Management0
#---------- Leafのloopback1(VTEP) -----------
B E 10.0.0.15/32 [200/0] #---Leaf001
via 192.168.1.15, Ethernet1
B E 10.0.0.16/32 [200/0] #---Leaf002
via 192.168.1.17, Ethernet2
B E 10.0.0.17/32 [200/0] #---Leaf003
via 192.168.1.19, Ethernet3
#---------- Leafのloopback0(EVPN) -----------
C 172.16.0.2/32
directly connected, Loopback0
B E 172.17.0.1/32 [200/0] #---Leaf001
via 192.168.1.15, Ethernet1
B E 172.17.0.2/32 [200/0] #---Leaf002
via 192.168.1.17, Ethernet2
B E 172.17.0.3/32 [200/0] #---Leaf003
via 192.168.1.19, Ethernet3
#---------- 物理IP -----------
B E 192.168.1.0/31 [200/0]
via 192.168.1.15, Ethernet1
B E 192.168.1.2/31 [200/0]
via 192.168.1.17, Ethernet2
B E 192.168.1.4/31 [200/0]
via 192.168.1.19, Ethernet3
C 192.168.1.14/31
directly connected, Ethernet1
C 192.168.1.16/31
directly connected, Ethernet2
C 192.168.1.18/31
directly connected, Ethernet3
Leaf001==== show ip route ====
## ~ 中略 ~
Gateway of last resort:
S 0.0.0.0/0 [1/0]
via 172.20.20.1, Management0
#---------- Leafのloopback1(VTEP) -----------
C 10.0.0.15/32
directly connected, Loopback1
B E 10.0.0.16/32 [20/0] #--Leaf002
via 192.168.1.0, Ethernet1
via 192.168.1.14, Ethernet2
B E 10.0.0.17/32 [20/0] #--Leaf002
via 192.168.1.0, Ethernet1
via 192.168.1.14, Ethernet2
##--マルチパスになっている
#---------- Spine(とLeaf)のloopback0(EVPN) -----------
B E 172.16.0.1/32 [20/0] #--Spine001
via 192.168.1.0, Ethernet1
B E 172.16.0.2/32 [20/0] #--Spine002
via 192.168.1.14, Ethernet2
C 172.17.0.1/32
directly connected, Loopback0
##↓Leaf同士ではEVPNピアを形成しないため学習してなくてもいいが,,Spineが広報してる?
##redistribute connected 入れてるはずなんですが,,
B E 172.17.0.2/32 [20/0] #--Leaf002
via 192.168.1.0, Ethernet1
via 192.168.1.14, Ethernet2
B E 172.17.0.3/32 [20/0] #--Leaf003
via 192.168.1.0, Ethernet1
via 192.168.1.14, Ethernet2
##--一応マルチパスになっている
#---------- 物理IP -----------
B E 192.168.1.0/31 [200/0]
via 192.168.1.15, Ethernet1
B E 192.168.1.2/31 [200/0]
via 192.168.1.17, Ethernet2
B E 192.168.1.4/31 [200/0]
via 192.168.1.19, Ethernet3
C 192.168.1.14/31
directly connected, Ethernet1
C 192.168.1.16/31
directly connected, Ethernet2
C 192.168.1.18/31
directly connected, Ethernet3
Leaf002==== show ip route ====
## ~ 中略 ~
Gateway of last resort:
S 0.0.0.0/0 [1/0]
via 172.20.20.1, Management0
#---------- Leafのloopback1(VTEP) -----------
B E 10.0.0.15/32 [20/0] #--Leaf001
via 192.168.1.2, Ethernet1
via 192.168.1.16, Ethernet2
C 10.0.0.16/32
directly connected, Loopback1
B E 10.0.0.17/32 [20/0] #--Leaf002
via 192.168.1.2, Ethernet1
via 192.168.1.16, Ethernet2
#---------- Spine(とLeaf)のloopback0(EVPN) -----------
B E 172.16.0.1/32 [20/0] #--Spine001
via 192.168.1.2, Ethernet1
B E 172.16.0.2/32 [20/0] #Spine002
via 192.168.1.16, Ethernet2
B E 172.17.0.1/32 [20/0] #--Leaf001
via 192.168.1.2, Ethernet1
via 192.168.1.16, Ethernet2
C 172.17.0.2/32
directly connected, Loopback0
B E 172.17.0.3/32 [20/0] #--Leaf003
via 192.168.1.2, Ethernet1
via 192.168.1.16, Ethernet2
#---------- 物理IP -----------
B E 192.168.1.0/31 [200/0]
via 192.168.1.15, Ethernet1
B E 192.168.1.2/31 [200/0]
via 192.168.1.17, Ethernet2
B E 192.168.1.4/31 [200/0]
via 192.168.1.19, Ethernet3
C 192.168.1.14/31
directly connected, Ethernet1
C 192.168.1.16/31
directly connected, Ethernet2
C 192.168.1.18/31
directly connected, Ethernet3
Leaf003==== show ip route ====
## ~ 中略 ~
Gateway of last resort:
S 0.0.0.0/0 [1/0]
via 172.20.20.1, Management0
#---------- Leafのloopback1(VTEP) -----------
B E 10.0.0.15/32 [20/0] #--Leaf001
via 192.168.1.4, Ethernet1
via 192.168.1.18, Ethernet2
B E 10.0.0.16/32 [20/0] #--Leaf002
via 192.168.1.4, Ethernet1
via 192.168.1.18, Ethernet2
C 10.0.0.17/32
directly connected, Loopback1
#---------- Spine(とLeaf)のloopback0(EVPN) -----------
B E 172.16.0.1/32 [20/0] #--Spine001
via 192.168.1.4, Ethernet1
B E 172.16.0.2/32 [20/0] #--Spine001
via 192.168.1.18, Ethernet2
B E 172.17.0.1/32 [20/0] #--Leaf001
via 192.168.1.4, Ethernet1
via 192.168.1.18, Ethernet2
B E 172.17.0.2/32 [20/0] #--Leaf002
via 192.168.1.4, Ethernet1
via 192.168.1.18, Ethernet2
C 172.17.0.3/32
directly connected, Loopback0
#---------- 物理IP -----------
B E 192.168.1.0/31 [20/0]
via 192.168.1.4, Ethernet1
B E 192.168.1.2/31 [20/0]
via 192.168.1.4, Ethernet1
C 192.168.1.4/31
directly connected, Ethernet1
B E 192.168.1.14/31 [20/0]
via 192.168.1.18, Ethernet2
B E 192.168.1.16/31 [20/0]
via 192.168.1.18, Ethernet2
C 192.168.1.18/31
directly connected, Ethernet2
次回
ここまでは通常のネットワーク構築でしたが、アンダーレイが構築できたので
次回はオーバーレイの設定を入れていきます
EVPNピアの形成、Vlanの作成、VlanとL2VNIの紐づけ、vxlanInterfaceの設定、Vxlan間通信のためのL3VNIの設定などなど
おわり