概要
GNS3でNexus9000vを使ってEVPN/VXLANを設定する。
Cisco Community | Nexus シリーズ : VXLAN EVPN 基本設定
使用するトポロジー
環境
- ThinkCentre M75q Gen2(8CPUs, Mem64GB)
- Ubuntu 20.04.1 LTS
- GNS3:2.2.42
事前準備
前回を参照:GNS3でNexus9000vを使ってvPCを設定する
設定
LEAF-01
//featureを有効化
feature ospf
feature bgp
feature vn-segment-vlan-based
feature nv overlay
//アンダーレイネットワークの設定
router ospf 100
router-id 1.1.1.1
!
interface loopback0
ip address 1.1.1.1/32
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
!
interface loopback1
ip address 192.168.1.3/32
ip address 192.168.1.129/32 secondary
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
!
interface port-channel2
description SPINE-01_Po2
no switchport
mtu 9216
ip address 192.168.2.22/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
!
interface Ethernet1/3
no switchport
mtu 9216
udld aggressive
channel-group 2 mode active
no shutdown
!
interface Ethernet1/4
no switchport
mtu 9216
udld aggressive
channel-group 2 mode active
no shutdown
//EVPN MP-BGPの設定
router bgp 65001
router-id 1.1.1.1
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 5.5.5.5
bfd
remote-as 65001
update-source loopback0
timers 20 60
address-family ipv4 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
//オーバーレイネットワークの設定
vlan 1,80-99
!
vlan 80
vn-segment 100080
vlan 81
vn-segment 100081
vlan 82
vn-segment 100082
vlan 83
vn-segment 100083
vlan 84
vn-segment 100084
vlan 85
vn-segment 100085
vlan 86
vn-segment 100086
vlan 87
vn-segment 100087
vlan 88
vn-segment 100088
vlan 89
vn-segment 100089
vlan 90
vn-segment 100090
vlan 91
vn-segment 100091
vlan 92
vn-segment 100092
vlan 93
vn-segment 100093
vlan 94
vn-segment 100094
vlan 95
vn-segment 100095
vlan 96
vn-segment 100096
vlan 97
vn-segment 100097
vlan 98
vn-segment 100098
vlan 99
vn-segment 100099
!
evpn
vni 100080 l2
rd auto
route-target import auto
route-target export auto
vni 100081 l2
rd auto
route-target import auto
route-target export auto
vni 100082 l2
rd auto
route-target import auto
route-target export auto
vni 100083 l2
rd auto
route-target import auto
route-target export auto
vni 100084 l2
rd auto
route-target import auto
route-target export auto
vni 100085 l2
rd auto
route-target import auto
route-target export auto
vni 100086 l2
rd auto
route-target import auto
route-target export auto
vni 100087 l2
rd auto
route-target import auto
route-target export auto
vni 100088 l2
rd auto
route-target import auto
route-target export auto
vni 100089 l2
rd auto
route-target import auto
route-target export auto
vni 100090 l2
rd auto
route-target import auto
route-target export auto
vni 100091 l2
rd auto
route-target import auto
route-target export auto
vni 100092 l2
rd auto
route-target import auto
route-target export auto
vni 100093 l2
rd auto
route-target import auto
route-target export auto
vni 100094 l2
rd auto
route-target import auto
route-target export auto
vni 100095 l2
rd auto
route-target import auto
route-target export auto
vni 100096 l2
rd auto
route-target import auto
route-target export auto
vni 100097 l2
rd auto
route-target import auto
route-target export auto
vni 100098 l2
rd auto
route-target import auto
route-target export auto
vni 100099 l2
rd auto
route-target import auto
route-target export auto
!
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback1
member vni 100080
ingress-replication protocol bgp
member vni 100081
ingress-replication protocol bgp
member vni 100082
ingress-replication protocol bgp
member vni 100083
ingress-replication protocol bgp
member vni 100084
ingress-replication protocol bgp
member vni 100085
ingress-replication protocol bgp
member vni 100086
ingress-replication protocol bgp
member vni 100087
ingress-replication protocol bgp
member vni 100088
ingress-replication protocol bgp
member vni 100089
ingress-replication protocol bgp
member vni 100090
ingress-replication protocol bgp
member vni 100091
ingress-replication protocol bgp
member vni 100092
ingress-replication protocol bgp
member vni 100093
ingress-replication protocol bgp
member vni 100094
ingress-replication protocol bgp
member vni 100095
ingress-replication protocol bgp
member vni 100096
ingress-replication protocol bgp
member vni 100097
ingress-replication protocol bgp
member vni 100098
ingress-replication protocol bgp
member vni 100099
ingress-replication protocol bgp
SPINE-01
//featureを有効化
feature ospf
feature bgp
//アンダーレイネットワークの設定
router ospf 100
router-id 5.5.5.5
!
interface loopback0
ip address 5.5.5.5/32
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
interface port-channel2
description LEAF-01_Po2
no switchport
mtu 9216
ip address 192.168.2.21/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
!
interface port-channel3
description LEAF-02_Po2
no switchport
mtu 9216
ip address 192.168.2.25/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
!
interface port-channel4
description LEAF-03_Po2
no switchport
mtu 9216
ip address 192.168.2.29/30
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
!
interface Ethernet1/3
no switchport
mtu 9216
udld aggressive
channel-group 2 mode active
no shutdown
!
interface Ethernet1/4
no switchport
mtu 9216
udld aggressive
channel-group 2 mode active
no shutdown
!
interface Ethernet1/5
no switchport
mtu 9216
udld aggressive
channel-group 3 mode active
no shutdown
!
interface Ethernet1/6
no switchport
mtu 9216
udld aggressive
channel-group 3 mode active
no shutdown
!
interface Ethernet1/7
no switchport
mtu 9216
udld aggressive
channel-group 4 mode active
no shutdown
!
interface Ethernet1/8
no switchport
mtu 9216
udld aggressive
channel-group 4 mode active
no shutdown
//EVPN MP-BGPの設定
nv overlay evpn
!
router bgp 65001
router-id 5.5.5.5
cluster-id 1
log-neighbor-changes
address-family ipv4 unicast
address-family l2vpn evpn
neighbor 1.1.1.1
remote-as 65001
update-source loopback0
timers 20 60
address-family ipv4 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 2.2.2.2
remote-as 65001
update-source loopback0
timers 20 60
address-family ipv4 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
neighbor 3.3.3.3
remote-as 65001
update-source loopback0
timers 20 60
address-family ipv4 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
route-reflector-client
コントロールプレーンの動作確認
RockyLinux8.5-1
bond0.80のMACアドレスは0c:91:18:28:00:01
[rocky@rocky-cloud ~]$ ip a
6: bond0.80@bond0: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000
link/ether 0c:91:18:28:00:01 brd ff:ff:ff:ff:ff:ff
inet 172.16.80.1/24 brd 172.16.80.255 scope global noprefixroute bond0.80
valid_lft forever preferred_lft forever
LEAF-01
//LEAF-01のMACアドレステーブルに 0c:91:18:28:00:01 が載る
LEAF-01# sh mac address-table vlan 80
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 80 0c91.1828.0001 dynamic 0 F F Po4
//L2RIB
LEAF-01# sh l2route evpn mac evi 80
Topology Mac Address Prod Flags Seq No Next-Hops
----------- -------------- ------ ------------- ---------- ---------------------
80 0c91.1828.0001 Local L, 0 Po4
//BGP L2VPN
LEAF-01# sh bgp l2vpn evpn vni-id 100080
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:32847 (L2VNI 100080)
*>l[2]:[0]:[0]:[48]:[0c91.1828.0001]:[0]:[0.0.0.0]/216
192.168.1.129 100 32768 i
//MP-BGPによって5.5.5.5(SPINE-01)へアドバタイズされる
LEAF-01# sh bgp l2vpn evpn 0c91.1828.0001
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 1.1.1.1:32847 (L2VNI 100080)
BGP routing table entry for [2]:[0]:[0]:[48]:[0c91.1828.0001]:[0]:[0.0.0.0]/216,
version 66
Paths: (1 available, best #1)
Flags: (0x000102) (high32 00000000) on xmit-list, is not in l2rib/evpn
Advertised path-id 1
Path type: local, path is valid, is best path, no labeled nexthop
AS-Path: NONE, path locally originated
192.168.1.129 (metric 0) from 0.0.0.0 (1.1.1.1)
Origin IGP, MED not set, localpref 100, weight 32768
Received label 100080
Extcommunity: RT:65001:100080 SOO:192.168.1.129:0 ENCAP:8
Path-id 1 advertised to peers:
5.5.5.5
LEAF-03
//MP-BGP to L2RIB
LEAF-03# sh bgp internal event-history events | i 0c91.1828.0001
[729] 2023 Aug 16 13:51:25.085565 [bgp] E_DEBUG [29184] (default) RIB: [L2VPN EVPN] Adding 3.3.3.3:32847:[2]:[0]:[0]:[48]:[0c91.1828.0001]:[0]:[0.0.0.0]/216 via 192.168.1.129 (encap 0, label 100080) to NH list (flags2: 0x400, l2r_nh_flags: 0x0)
[730] 2023 Aug 16 13:51:25.085557 [bgp] E_DEBUG [29184] (default) RIB: [L2VPN EVPN] Add/delete 3.3.3.3:32847:[2]:[0]:[0]:[48]:[0c91.1828.0001]:[0]:[0.0.0.0]/216, flags=0x200, in_rib: no
[731] 2023 Aug 16 13:51:25.085154 [bgp] E_DEBUG [29184] (default) IMP: [L2VPN EVPN] Created import destination entry for 3.3.3.3:32847:[2]:[0]:[0]:[48]:[0c91.1828.0001]:[0]:[0.0.0.0]/216
[732] 2023 Aug 16 13:51:25.085149 [bgp] E_DEBUG [29184] (default) IMP: [L2VPN EVPN] Importing prefix 1.1.1.1:32847:[2]:[0]:[0]:[48]:[0c91.1828.0001]:[0]:[0.0.0.0]/216 to <default> RD 3.3.3.3:32847
//L2RIB
LEAF-03# sh l2route evpn mac evi 80
Topology Mac Address Prod Flags Seq No Next-Hops ----------- -------------- ------ ------------- ---------- ---------------------
80 0c91.1828.0001 BGP Rcv 0 192.168.1.129 (Label:100080)
//MACアドレステーブルにエントリが載る
LEAF-03# show mac address-table vlan 80
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
C 80 0c91.1828.0001 dynamic 0 F F nve1(192.168.1.129)
このようなコントロールプレーンの動作によりLEAF-01に収容されているホストのMACがLEAF-03に伝播されることでpingが疎通できる。
[rocky@rocky-cloud ~]$ ping 172.16.80.2 -c 3
PING 172.16.80.2 (172.16.80.2) 56(84) bytes of data.
64 bytes from 172.16.80.2: icmp_seq=1 ttl=64 time=5.99 ms
64 bytes from 172.16.80.2: icmp_seq=2 ttl=64 time=6.62 ms
64 bytes from 172.16.80.2: icmp_seq=3 ttl=64 time=8.50 ms