はじめに
リンクアグリゲーション(LAG)の設定は世の中にたくさんありますが,複数スイッチでLAGを構成することは難しいです。
- スタック構成:コントロールプレーンが一つしかなく,ちゃんと切り替わるか...
- MC-LAG構成:コントロールプレーンが二つありますが,各社独自技術
BGPを利用するEVPNにはmultihomingの仕組みがあり,標準技術で複数スイッチにまたがるLAGを構成できます。
構成方法は,みんなFirst-Hop Redundancyどうしているよ?という資料をNTTさまが出しておられます。
上記資料の構成を,仮想環境に構築した Cisco Nexus で検証してみました(VMイメージをCisco社からダウンロード可能です)。
環境構成
Spine-Leaf構成にします。
LEAF1 e1/9 とLEAF2 e1/8 は,EVPN multihomingによりLAG構成になっています。
また,192.168.0.254/24というゲートウェイアドレスが設定されています(anycast gateway)。
H1は実際にはWindowsなどのサーバです。
- LACPによるNICチーミング
- IPとして192.168.0.x/24を設定
- デフォルトゲートウェイとして192.168.0.254を設定
WAN-LEAFはインターネットやVPN・専用線への接続用ルータの想定です。
Nexus 設定
関係する部分だけです。自信ないので,間違っているところあれば教えてください...
Spine設定
SPINE1およびSPINE2は以下の設定をします。
OSPFによりトポロジの維持を行い,BGPをLEAFのloopbackとの間で張ります。SPINEはBGPのルートリフレクタにします。
BGPのアドレスファミリは,IPv4およびEVPNを有効にします。
SPINE1
nv overlay evpn
feature ospf
feature bgp
feature vn-segment-vlan-based
feature nv overlay
interface Ethernet1/1
no switchport
ip address 192.168.64.0/31
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
ip address 192.168.64.2/31
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no shutdown
interface loopback0
ip address 192.168.128.1/32
ip router ospf 1 area 0.0.0.0
router ospf 1
router-id 192.168.128.1
router bgp 65000
router-id 192.168.128.1
cluster-id 192.168.128.1
address-family ipv4 unicast
maximum-paths ibgp 2
address-family l2vpn evpn
maximum-paths ibgp 2
template peer ROUTE-REFLECTOR-CLIENT
remote-as 65000
update-source loopback0
address-family ipv4 unicast
route-reflector-client
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 192.168.128.3
inherit peer ROUTE-REFLECTOR-CLIENT
neighbor 192.168.128.4
inherit peer ROUTE-REFLECTOR-CLIENT
neighbor 192.168.128.5
inherit peer ROUTE-REFLECTOR-CLIENT
SPINE2
nv overlay evpn
feature ospf
feature bgp
feature vn-segment-vlan-based
feature nv overlay
interface Ethernet1/1
no switchport
ip address 192.168.64.4/31
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
ip address 192.168.64.6/31
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no shutdown
interface loopback0
ip address 192.168.128.2/32
ip router ospf 1 area 0.0.0.0
router ospf 1
router-id 192.168.128.2
router bgp 65000
router-id 192.168.128.2
cluster-id 192.168.128.1
address-family ipv4 unicast
maximum-paths ibgp 2
address-family l2vpn evpn
maximum-paths ibgp 2
template peer ROUTE-REFLECTOR-CLIENT
remote-as 65000
update-source loopback0
address-family ipv4 unicast
route-reflector-client
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 192.168.128.3
inherit peer ROUTE-REFLECTOR-CLIENT
neighbor 192.168.128.4
inherit peer ROUTE-REFLECTOR-CLIENT
neighbor 192.168.128.5
inherit peer ROUTE-REFLECTOR-CLIENT
Leaf設定
LEAF1およびLEAF2は以下の設定をします。
OSPFによりトポロジの維持を行い,BGPをSPINEのloopbackとの間で張ります。
BGPのアドレスファミリは,IPv4およびEVPNを有効にします。
VNI 10010はL2VNIで,multihoming用です。
VNI 10000はL3VNIで,anycast gateway用です。
LEAF1
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature nv overlay
fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,10,1000
vlan 10
vn-segment 10010
vlan 1000
vn-segment 10000
route-map RM-NETWORK permit 10
match ip address AL-NETWORK
interface Vlan10
no shutdown
ip address 192.168.0.254/24
fabric forwarding mode anycast-gateway
interface Vlan1000
no shutdown
ip forward
interface port-channel10
switchport access vlan 10
ethernet-segment 1010
system-mac 0000.0000.1010
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 10000 associate-vrf
member vni 10010
ingress-replication protocol bgp
interface Ethernet1/1
no switchport
evpn multihoming core-tracking
ip address 192.168.64.1/31
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
evpn multihoming core-tracking
ip address 192.168.64.5/31
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no shutdown
interface Ethernet1/9
switchport access vlan 10
channel-group 10 mode active
interface loopback0
ip address 192.168.128.3/32
ip router ospf 1 area 0.0.0.0
router ospf 1
router-id 192.168.128.3
router bgp 65000
router-id 192.168.128.3
address-family ipv4 unicast
redistribute direct route-map RM-NETWORK
redistribute hmm route-map RM-NETWORK
maximum-paths ibgp 2
address-family l2vpn evpn
maximum-paths ibgp 2
template peer ROUTE-REFLECTOR
remote-as 65000
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
neighbor 192.168.128.1
inherit peer ROUTE-REFLECTOR
neighbor 192.168.128.2
inherit peer ROUTE-REFLECTOR
evpn
vni 10010 l2
rd 192.168.128.3:65000
route-target import auto
route-target export auto
LEAF2
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature nv overlay
fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,10,1000
vlan 10
vn-segment 10010
vlan 1000
vn-segment 10000
route-map RM-NETWORK permit 10
match ip address AL-NETWORK
interface Vlan10
no shutdown
ip address 192.168.0.254/24
fabric forwarding mode anycast-gateway
interface Vlan1000
no shutdown
ip forward
interface port-channel10
switchport access vlan 10
ethernet-segment 1010
system-mac 0000.0000.1010
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 10000 associate-vrf
member vni 10010
ingress-replication protocol bgp
interface Ethernet1/1
no switchport
evpn multihoming core-tracking
ip address 192.168.64.3/31
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no shutdown
interface Ethernet1/2
no switchport
evpn multihoming core-tracking
ip address 192.168.64.7/31
ip ospf network point-to-point
ip router ospf 1 area 0.0.0.0
no shutdown
interface Ethernet1/9
switchport access vlan 10
channel-group 10 mode active
interface loopback0
ip address 192.168.128.4/32
ip router ospf 1 area 0.0.0.0
router ospf 1
router-id 192.168.128.4
router bgp 65000
router-id 192.168.128.4
address-family ipv4 unicast
redistribute direct route-map RM-NETWORK
redistribute hmm route-map RM-NETWORK
maximum-paths ibgp 2
address-family l2vpn evpn
maximum-paths ibgp 2
template peer ROUTE-REFLECTOR
remote-as 65000
update-source loopback0
address-family ipv4 unicast
address-family l2vpn evpn
send-community
send-community extended
neighbor 192.168.128.1
inherit peer ROUTE-REFLECTOR
neighbor 192.168.128.2
inherit peer ROUTE-REFLECTOR
evpn
vni 10010 l2
rd 192.168.128.4:65000
route-target import auto
route-target export auto
終わりに
上記設定で,H1 ⇔ WAN-LEAFの疎通および冗長化が可能でした。
複雑ですが,整理して理解していきたいと思います。