Go to Qiita Advent Calendar 2024 Top
LoginSignup
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?

お題は不問!Qiita Engineer Festa 2024で記事投稿!
Qiita Engineer Festa20242024年7月17日まで開催中!
@liveinvalley

Cisco Nexus でL2/L3冗長化:EVPN multihoming + anycast gateway

Last updated at Posted at 2024-06-20

はじめに

リンクアグリゲーション(LAG)の設定は世の中にたくさんありますが,複数スイッチでLAGを構成することは難しいです。

  • スタック構成:コントロールプレーンが一つしかなく,ちゃんと切り替わるか...
  • MC-LAG構成:コントロールプレーンが二つありますが,各社独自技術

BGPを利用するEVPNにはmultihomingの仕組みがあり,標準技術で複数スイッチにまたがるLAGを構成できます。
構成方法は,みんなFirst-Hop Redundancyどうしているよ?という資料をNTTさまが出しておられます。

上記資料の構成を,仮想環境に構築した Cisco Nexus で検証してみました(VMイメージをCisco社からダウンロード可能です)。

環境構成

image.png

Spine-Leaf構成にします。
LEAF1 e1/9 とLEAF2 e1/8 は,EVPN multihomingによりLAG構成になっています。
また,192.168.0.254/24というゲートウェイアドレスが設定されています(anycast gateway)。
H1は実際にはWindowsなどのサーバです。

  • LACPによるNICチーミング
  • IPとして192.168.0.x/24を設定
  • デフォルトゲートウェイとして192.168.0.254を設定

WAN-LEAFはインターネットやVPN・専用線への接続用ルータの想定です。

Nexus 設定

関係する部分だけです。自信ないので,間違っているところあれば教えてください...

Spine設定

SPINE1およびSPINE2は以下の設定をします。
OSPFによりトポロジの維持を行い,BGPをLEAFのloopbackとの間で張ります。SPINEはBGPのルートリフレクタにします。
BGPのアドレスファミリは,IPv4およびEVPNを有効にします。

SPINE1

nv overlay evpn
feature ospf
feature bgp
feature vn-segment-vlan-based
feature nv overlay

interface Ethernet1/1
  no switchport
  ip address 192.168.64.0/31
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown

interface Ethernet1/2
  no switchport
  ip address 192.168.64.2/31
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown

interface loopback0
  ip address 192.168.128.1/32
  ip router ospf 1 area 0.0.0.0

router ospf 1
  router-id 192.168.128.1
router bgp 65000
  router-id 192.168.128.1
  cluster-id 192.168.128.1
  address-family ipv4 unicast
    maximum-paths ibgp 2
  address-family l2vpn evpn
    maximum-paths ibgp 2
  template peer ROUTE-REFLECTOR-CLIENT
    remote-as 65000
    update-source loopback0
    address-family ipv4 unicast
      route-reflector-client
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 192.168.128.3
    inherit peer ROUTE-REFLECTOR-CLIENT
  neighbor 192.168.128.4
    inherit peer ROUTE-REFLECTOR-CLIENT
  neighbor 192.168.128.5
    inherit peer ROUTE-REFLECTOR-CLIENT

SPINE2

nv overlay evpn
feature ospf
feature bgp
feature vn-segment-vlan-based
feature nv overlay

interface Ethernet1/1
  no switchport
  ip address 192.168.64.4/31
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown

interface Ethernet1/2
  no switchport
  ip address 192.168.64.6/31
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown

interface loopback0
  ip address 192.168.128.2/32
  ip router ospf 1 area 0.0.0.0

router ospf 1
  router-id 192.168.128.2
router bgp 65000
  router-id 192.168.128.2
  cluster-id 192.168.128.1
  address-family ipv4 unicast
    maximum-paths ibgp 2
  address-family l2vpn evpn
    maximum-paths ibgp 2
  template peer ROUTE-REFLECTOR-CLIENT
    remote-as 65000
    update-source loopback0
    address-family ipv4 unicast
      route-reflector-client
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 192.168.128.3
    inherit peer ROUTE-REFLECTOR-CLIENT
  neighbor 192.168.128.4
    inherit peer ROUTE-REFLECTOR-CLIENT
  neighbor 192.168.128.5
    inherit peer ROUTE-REFLECTOR-CLIENT

Leaf設定

LEAF1およびLEAF2は以下の設定をします。
OSPFによりトポロジの維持を行い,BGPをSPINEのloopbackとの間で張ります。
BGPのアドレスファミリは,IPv4およびEVPNを有効にします。
VNI 10010はL2VNIで,multihoming用です。
VNI 10000はL3VNIで,anycast gateway用です。

LEAF1

nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature nv overlay

fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,10,1000
vlan 10
  vn-segment 10010

vlan 1000
  vn-segment 10000

route-map RM-NETWORK permit 10
  match ip address AL-NETWORK

interface Vlan10
  no shutdown
  ip address 192.168.0.254/24
  fabric forwarding mode anycast-gateway

interface Vlan1000
  no shutdown
  ip forward

interface port-channel10
  switchport access vlan 10
  ethernet-segment 1010
    system-mac 0000.0000.1010

interface nve1
  no shutdown
  host-reachability protocol bgp
  source-interface loopback0
  member vni 10000 associate-vrf
  member vni 10010
    ingress-replication protocol bgp

interface Ethernet1/1
  no switchport
  evpn multihoming core-tracking
  ip address 192.168.64.1/31
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown

interface Ethernet1/2
  no switchport
  evpn multihoming core-tracking
  ip address 192.168.64.5/31
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown

interface Ethernet1/9
  switchport access vlan 10
  channel-group 10 mode active

interface loopback0
  ip address 192.168.128.3/32
  ip router ospf 1 area 0.0.0.0

router ospf 1
  router-id 192.168.128.3
router bgp 65000
  router-id 192.168.128.3
  address-family ipv4 unicast
    redistribute direct route-map RM-NETWORK
    redistribute hmm route-map RM-NETWORK
    maximum-paths ibgp 2
  address-family l2vpn evpn
    maximum-paths ibgp 2
  template peer ROUTE-REFLECTOR
    remote-as 65000
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  neighbor 192.168.128.1
    inherit peer ROUTE-REFLECTOR
  neighbor 192.168.128.2
    inherit peer ROUTE-REFLECTOR
evpn
  vni 10010 l2
    rd 192.168.128.3:65000
    route-target import auto
    route-target export auto

LEAF2

nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature nv overlay

fabric forwarding anycast-gateway-mac 2020.0000.00aa
vlan 1,10,1000
vlan 10
  vn-segment 10010
vlan 1000
  vn-segment 10000

route-map RM-NETWORK permit 10
  match ip address AL-NETWORK

interface Vlan10
  no shutdown
  ip address 192.168.0.254/24
  fabric forwarding mode anycast-gateway

interface Vlan1000
  no shutdown
  ip forward

interface port-channel10
  switchport access vlan 10
  ethernet-segment 1010
    system-mac 0000.0000.1010

interface nve1
  no shutdown
  host-reachability protocol bgp
  source-interface loopback0
  member vni 10000 associate-vrf
  member vni 10010
    ingress-replication protocol bgp

interface Ethernet1/1
  no switchport
  evpn multihoming core-tracking
  ip address 192.168.64.3/31
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown

interface Ethernet1/2
  no switchport
  evpn multihoming core-tracking
  ip address 192.168.64.7/31
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown

interface Ethernet1/9
  switchport access vlan 10
  channel-group 10 mode active

interface loopback0
  ip address 192.168.128.4/32
  ip router ospf 1 area 0.0.0.0

router ospf 1
  router-id 192.168.128.4
router bgp 65000
  router-id 192.168.128.4
  address-family ipv4 unicast
    redistribute direct route-map RM-NETWORK
    redistribute hmm route-map RM-NETWORK
    maximum-paths ibgp 2
  address-family l2vpn evpn
    maximum-paths ibgp 2
  template peer ROUTE-REFLECTOR
    remote-as 65000
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  neighbor 192.168.128.1
    inherit peer ROUTE-REFLECTOR
  neighbor 192.168.128.2
    inherit peer ROUTE-REFLECTOR
evpn
  vni 10010 l2
    rd 192.168.128.4:65000
    route-target import auto
    route-target export auto

終わりに

上記設定で,H1 ⇔ WAN-LEAFの疎通および冗長化が可能でした。
複雑ですが,整理して理解していきたいと思います。

0
0
0

Register as a new user and use Qiita more conveniently

  1. You get articles that match your needs
  2. You can efficiently read back useful information
  3. You can use dark theme
What you can do with signing up
Sign upLogin
0
0

Delete article

Deleted articles cannot be recovered.

Draft of this article would be also deleted.

Are you sure you want to delete this article?