はじめに
NETCON(JANOG57) Level3-5の問題を解いた過程を記録します。
1.Spine-01でアンダーレイの状態確認
- そもそもアンダーレイがEstablishしていない
Spine-01#show bgp ipv4 unicast summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor Status Codes: m - Under maintenance
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc PfxAdv
10.1.20.1 4 65100 0 0 0 0 04:29:01 Active
10.1.30.1 4 65200 0 0 0 0 04:29:01 Active
10.1.40.1 4 65300 0 0 0 0 04:29:01 Active
Spine-01#
- BGPのConfigが間違っていそう
router bgp 65057
router-id 10.1.10.1
no bgp default ipv4-unicast
bgp default ipv4-unicast transport ipv6
distance bgp 20 200 200
maximum-paths 3 ecmp 6
neighbor LEAF peer group
neighbor LEAF-EVPN peer group
neighbor LEAF-EVPN next-hop-unchanged
neighbor LEAF-EVPN update-source Loopback0
neighbor LEAF-EVPN ebgp-multihop 3
neighbor LEAF-EVPN send-community extended
neighbor LEAF-EVPN maximum-routes 12000
neighbor 10.1.20.1 peer group LEAF-EVPN
neighbor 10.1.20.1 remote-as 65100
neighbor 10.1.30.1 peer group LEAF-EVPN
neighbor 10.1.30.1 remote-as 65200
neighbor 10.1.40.1 peer group LEAF-EVPN
neighbor 10.1.40.1 remote-as 65300
redistribute connected
neighbor interface Et1 peer-group LEAF remote-as 65100
neighbor interface Et2 peer-group LEAF remote-as 65200
neighbor interface Et3 peer-group LEAF remote-as 65300
!
address-family evpn
neighbor LEAF activate
!
address-family ipv4
no neighbor LEAF activate
neighbor LEAF-EVPN activate
!
- address-family IPv4でpeer group LEAFがactivateされる必要があるので設定を修正
address-family ipv4
neighbor LEAF activate
no neighbor LEAF-EVPN activate
- アンダーレイのBGPネイバーはEstablishとなった
Spine-01#show bgp ipv4 unicast summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor Status Codes: m - Under maintenance
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc PfxAdv
fe80::a8c1:abff:fe2a:abf1%Et1 4 65100 116 234 0 0 00:00:30 Estab 0 0 3
fe80::a8c1:abff:fe63:9e61%Et3 4 65300 113 229 0 0 00:00:30 Estab 0 0 3
fe80::a8c1:abff:feaf:c5d6%Et2 4 65200 116 229 0 0 00:00:30 Estab 0 0 3
Spine-01#
2.Spine-01でオーバーレイの状態確認
- オーバーレイはそもそもネイバーがIPv6 LLAとなっておりなんか違いそう
Spine-01#show bgp evpn summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor Status Codes: m - Under maintenance
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc PfxAdv
fe80::a8c1:abff:fe2a:abf1%Et1 4 65100 120 238 0 0 00:03:54 Estab(NotNegotiated)
fe80::a8c1:abff:fe63:9e61%Et3 4 65300 117 234 0 0 00:03:53 Estab(NotNegotiated)
fe80::a8c1:abff:feaf:c5d6%Et2 4 65200 120 233 0 0 00:03:54 Estab(NotNegotiated)
Spine-01#
- Configをみるとアンダーレイ同様で、適切なpeer groupをactivateできていないため設定を修正
address-family evpn
no neighbor LEAF activate
neighbor LEAF-EVPN activate
!
- ネイバーアドレスはLoopbackになったがStateはActive
Spine-01#show bgp evpn summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor Status Codes: m - Under maintenance
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc PfxAdv
10.1.20.1 4 65100 0 0 0 0 1d19h Active
10.1.30.1 4 65200 0 0 0 0 1d19h Active
10.1.40.1 4 65300 0 0 0 0 1d19h Active
Spine-01#
3.Leaf-01のConfigを確認
- Leaf-01にてaddress-family IPv4のConfigを見ると、Spine-01には設定されていないneighbor SPINE next-hop address-family ipv6 originate というコマンドが存在する
- 調べてみると、広報するIPv4ルートのNexthopをIPv6にしてくれ、IPv6 LLAのセッション上でNexthopを解決できるようになるとのこと
- 今回のようなIPv6 LLAの構成ではこの設定がないとLoopback(IPv4)へのNexthop解決ができず、VTEP間の通信が不可となる
address-family ipv4
neighbor SPINE activate
neighbor SPINE next-hop address-family ipv6 originate
no neighbor SPINE-EVPN activate
!
4.Spine-01のBGP設定変更
- 上記の設定をSpine-01にも投入する
address-family ipv4
neighbor LEAF activate
neighbor LEAF next-hop address-family ipv6 originate
no neighbor LEAF-EVPN activate
!
- オーバーレイもEstablishとなった!
Spine-01#show bgp evpn summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor Status Codes: m - Under maintenance
Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc PfxAdv
10.1.20.1 4 65100 7 8 0 0 00:00:05 Estab 3 3 7
10.1.30.1 4 65200 6 8 0 0 00:00:05 Estab 3 3 8
10.1.40.1 4 65300 7 8 0 0 00:00:05 Estab 3 3 7
Spine-01#
- これでSpine-01のBGPステータスは達成条件となる
Spine-01#show bgp summary
BGP summary information for VRF default
Router identifier 10.1.10.1, local AS number 65057
Neighbor AS Session State AFI/SAFI AFI/SAFI State NLRI Rcd NLRI Acc NLRI Adv
----------------------------- ----------- ------------- ----------------------- -------------- ---------- ---------- ----------
10.1.20.1 65100 Established L2VPN EVPN Negotiated 4 4 8
10.1.30.1 65200 Established L2VPN EVPN Negotiated 4 4 8
10.1.40.1 65300 Established L2VPN EVPN Negotiated 4 4 8
fe80::a8c1:abff:fe71:32fd%Et2 65200 Established IPv4 Unicast Negotiated 3 3 7
fe80::a8c1:abff:fe9e:dcf7%Et3 65300 Established IPv4 Unicast Negotiated 3 3 7
fe80::a8c1:abff:feff:e3bd%Et1 65100 Established IPv4 Unicast Negotiated 3 3 7
Spine-01#
5.SV-01から疎通確認
- SV-02およびSV-03への疎通が確認できた
SV-01:~# ping -c 3 192.168.20.2
PING 192.168.20.2 (192.168.20.2) 56(84) bytes of data.
64 bytes from 192.168.20.2: icmp_seq=1 ttl=62 time=3.98 ms
64 bytes from 192.168.20.2: icmp_seq=2 ttl=62 time=4.34 ms
64 bytes from 192.168.20.2: icmp_seq=3 ttl=62 time=4.10 ms
--- 192.168.20.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2002ms
rtt min/avg/max/mdev = 3.984/4.140/4.338/0.147 ms
SV-01:~#
SV-01:~# ping -c 3 2001:db8:cafe:c02::2
PING 2001:db8:cafe:c02::2 (2001:db8:cafe:c02::2) 56 data bytes
64 bytes from 2001:db8:cafe:c02::2: icmp_seq=1 ttl=64 time=8.91 ms
64 bytes from 2001:db8:cafe:c02::2: icmp_seq=2 ttl=64 time=4.28 ms
64 bytes from 2001:db8:cafe:c02::2: icmp_seq=3 ttl=64 time=4.32 ms
--- 2001:db8:cafe:c02::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 4.280/5.834/8.905/2.171 ms
SV-01:~#
SV-01:~# ping -c 3 192.168.30.2
PING 192.168.30.2 (192.168.30.2) 56(84) bytes of data.
64 bytes from 192.168.30.2: icmp_seq=1 ttl=62 time=5.89 ms
64 bytes from 192.168.30.2: icmp_seq=2 ttl=62 time=3.93 ms
64 bytes from 192.168.30.2: icmp_seq=3 ttl=62 time=3.93 ms
--- 192.168.30.2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2003ms
rtt min/avg/max/mdev = 3.925/4.581/5.888/0.923 ms
SV-01:~#
SV-01:~# ping -c 3 2001:db8:cafe:c03::2
PING 2001:db8:cafe:c03::2 (2001:db8:cafe:c03::2) 56 data bytes
64 bytes from 2001:db8:cafe:c03::2: icmp_seq=1 ttl=64 time=8.15 ms
64 bytes from 2001:db8:cafe:c03::2: icmp_seq=2 ttl=64 time=4.10 ms
64 bytes from 2001:db8:cafe:c03::2: icmp_seq=3 ttl=64 time=4.02 ms
--- 2001:db8:cafe:c03::2 ping statistics ---
3 packets transmitted, 3 received, 0% packet loss, time 2001ms
rtt min/avg/max/mdev = 4.020/5.421/8.145/1.926 ms
SV-01:~#
6.Leaf-01で経路確認
- EVPN Route Type-5でAS65200、AS65300それぞれの経路を学習できている
Leaf-01#show bgp evpn route-type ip-prefix
BGP routing table information for VRF default
Router identifier 10.1.20.1, local AS number 65100
Route status codes: * - valid, > - active, S - Stale, E - ECMP head, e - ECMP
c - Contributing to ECMP, % - Pending best path selection
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric LocPref Weight Path
* > RD: 10.1.20.2:9999 ip-prefix 192.168.10.0/24
- - - 0 i
* > RD: 10.1.30.2:9999 ip-prefix 192.168.20.0/24
10.1.30.2 - 100 0 65057 65200 i
* > RD: 10.1.40.2:9999 ip-prefix 192.168.30.0/24
10.1.40.2 - 100 0 65057 65300 i
* > RD: 10.1.20.2:9999 ip-prefix 2001:db8:cafe:c01::/64
- - - 0 i
* > RD: 10.1.30.2:9999 ip-prefix 2001:db8:cafe:c02::/64
10.1.30.2 - 100 0 65057 65200 i
* > RD: 10.1.40.2:9999 ip-prefix 2001:db8:cafe:c03::/64
10.1.40.2 - 100 0 65057 65300 i
Leaf-01#
7.おさらい
- Spine-01のアンダーレイ(address-family IPv4)にてactivateするpeer groupが適切でなかった
- Spine-01のオーバーレイ(address-family EVPN)にてactivateするpeer groupが適切でなかった
- Spine-01のアンダーレイにneighbor LEAF next-hop address-family ipv6 originateが設定されておらず、各LeafがSpineのLoopbackアドレスへのNexthopを解決できなかったので、オーバーレイでBGPネイバーを張ることができなかった。