概要
GNS3でNexus9000vを使ってEVPN/VXLAN Anycast Gatewayを設定する。
L3VNI とは、VXLAN において prefix の広報を実現するために使用されます。これにより、VXLAN fabric 外の経路情報を広報することや、VXLAN domain 間の routing が可能となります。
Cisco Community | Cisco Nexus シリーズ : VXLAN EVPN L3VNI 基本設定
物理
論理
設定
Leaf01にはL2VNIとして10011と10033、Leaf03にはL2VNIとして10011と10022を持たせて、それぞれにL3VNIとして100500を設定する。
Leaf01 Overlay
Leaf03 Overlay
動作確認
Anycast Gateway
vm01のARPテーブルを見ると、Leaf01/Leaf02でvlan11 SVIに設定したanycast-gateway-macである2020.0000.00aaが見える。
[rocky@vm01 ~]$ ip neigh
172.16.11.254 dev eth1 lladdr 20:20:00:00:00:aa STALE
172.16.11.3 dev eth1 lladdr 52:54:00:e2:32:bb STALE
同じくvm02のARPテーブルを見ると、vlan33 SVIに設定したanycast-gateway-macである2020.0000.00aaが見える。
[rocky@vm02 ~]$ ip neigh
172.16.33.254 dev eth1 lladdr 20:20:00:00:00:aa STALE
同じくvm03でも、anycast-gateway-macである2020.0000.00aaが見える。
[rocky@vm03 ~]$ ip neigh
172.16.11.1 dev eth1 lladdr 52:54:00:74:fc:98 STALE
172.16.11.254 dev eth1 lladdr 20:20:00:00:00:aa STALE
Leafを跨ぐ同一vlan通信(vm01→vm03)
@Leaf01/02
vm03のMACアドレス(5254.00e2.32bb)がMACアドレステーブルに登録されている
leaf01# sh mac address-table interface nve1
VNI MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
C 11 0cfb.3278.0000 dynamic 0 F F nve1(3.3.3.3)
C 11 5254.00e2.32bb dynamic 0 F F nve1(3.3.3.3)
* 500 0c42.0000.1b08 static - F F nve1(3.3.3.3)
vm03のMACアドレス(5254.00e2.32bb)に関するL2VPN経路
leaf01# show bgp l2vpn evpn 5254.00e2.32bb
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 1.1.1.1:32778 (L2VNI 10011)
BGP routing table entry for [2]:[0]:[0]:[48]:[5254.00e2.32bb]:[0]:[0.0.0.0]/216, version 736
Paths: (1 available, best #1)
Flags: (0x000212) (high32 00000000) on xmit-list, is in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop, in rib
Imported from 3.3.3.3:32778:[2]:[0]:[0]:[48]:[5254.00e2.32bb]:[0]:[0.0.0.0]/216
AS-Path: NONE, path sourced internal to AS
3.3.3.3 (metric 81) from 5.5.5.5 (5.5.5.5)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10011
Extcommunity: RT:65001:10011 ENCAP:8
Originator: 3.3.3.3 Cluster list: 0.0.0.1
Path-id 1 not advertised to any peer
BGP routing table entry for [2]:[0]:[0]:[48]:[5254.00e2.32bb]:[32]:[172.16.11.3]/272, version 37
Paths: (1 available, best #1)
Flags: (0x000212) (high32 00000000) on xmit-list, is in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop, in rib
Imported from 3.3.3.3:32778:[2]:[0]:[0]:[48]:[5254.00e2.32bb]:[32]:[172.16.11.3]/272
AS-Path: NONE, path sourced internal to AS
3.3.3.3 (metric 81) from 5.5.5.5 (5.5.5.5)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10011 10500
Extcommunity: RT:65001:10011 RT:65001:10500 ENCAP:8 Router MAC:0c42.0000.1b08
Originator: 3.3.3.3 Cluster list: 0.0.0.1
Path-id 1 not advertised to any peer
Route Distinguisher: 3.3.3.3:32778
BGP routing table entry for [2]:[0]:[0]:[48]:[5254.00e2.32bb]:[0]:[0.0.0.0]/216, version 735
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 1 destination(s)
Imported paths list: L2-10011
AS-Path: NONE, path sourced internal to AS
3.3.3.3 (metric 81) from 5.5.5.5 (5.5.5.5)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10011
Extcommunity: RT:65001:10011 ENCAP:8
Originator: 3.3.3.3 Cluster list: 0.0.0.1
Path-id 1 not advertised to any peer
BGP routing table entry for [2]:[0]:[0]:[48]:[5254.00e2.32bb]:[32]:[172.16.11.3]/272, version 36
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 3 destination(s)
Imported paths list: VRF-001 L3-10500 L2-10011
AS-Path: NONE, path sourced internal to AS
3.3.3.3 (metric 81) from 5.5.5.5 (5.5.5.5)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10011 10500
Extcommunity: RT:65001:10011 RT:65001:10500 ENCAP:8 Router MAC:0c42.0000.1b08
Originator: 3.3.3.3 Cluster list: 0.0.0.1
Path-id 1 not advertised to any peer
Route Distinguisher: 1.1.1.1:3 (L3VNI 10500)
BGP routing table entry for [2]:[0]:[0]:[48]:[5254.00e2.32bb]:[32]:[172.16.11.3]/272, version 38
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported from 3.3.3.3:32778:[2]:[0]:[0]:[48]:[5254.00e2.32bb]:[32]:[172.16.11.3]/272
AS-Path: NONE, path sourced internal to AS
3.3.3.3 (metric 81) from 5.5.5.5 (5.5.5.5)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10011 10500
Extcommunity: RT:65001:10011 RT:65001:10500 ENCAP:8 Router MAC:0c42.0000.1b08
Originator: 3.3.3.3 Cluster list: 0.0.0.1
Path-id 1 not advertised to any peer
同一LeafのVLAN間通信(vm01→vm02)
@vm01
default routeを使用して172.16.11.254へ(Leaf01/02 SVI vlan11)
[rocky@vm01 ~]$ ip route
default via 172.16.11.254 dev eth1 proto static metric 100
172.16.11.0/24 dev eth1 proto kernel scope link src 172.16.11.1 metric 100
@Leaf01/02
Leaf01/02のARPテーブルのエントリにvm02の宛先が載っている
leaf01# show ip arp vrf VRF-001
Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface
IP ARP Table for context VRF-001
Total number of entries: 2
Address Age MAC Address Interface Flags
172.16.11.1 00:13:03 5254.0074.fc98 Vlan11
172.16.33.2 00:13:09 5254.008c.dcdb Vlan33 +
Leafを跨ぐvlan間通信(vm01→vm04)
@vm01
default routeを使用して172.16.11.254へ(Leaf01/02 SVI vlan11)
[rocky@vm01 ~]$ ip route
default via 172.16.11.254 dev eth1 proto static metric 100
172.16.11.0/24 dev eth1 proto kernel scope link src 172.16.11.1 metric 100
@Leaf01/02
Leaf01/02のルートテーブルのエントリにvm04の宛先が載っている
leaf01# sh ip route 172.16.22.4 vrf vrf-001
IP Route Table for VRF "VRF-001"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
172.16.22.4/32, ubest/mbest: 1/0
*via 3.3.3.3%default, [200/0], 1d23h, bgp-65001, internal, tag 65001, segid: 10500 tunnelid: 0x3030303 encap: VXLAN
vm04に関するL2VPN経路
leaf01# show bgp l2vpn evpn 172.16.22.4
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 3.3.3.3:32789
BGP routing table entry for [2]:[0]:[0]:[48]:[5254.00a4.fd92]:[32]:[172.16.22.4]/272, version 21
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported to 2 destination(s)
Imported paths list: VRF-001 L3-10500
AS-Path: NONE, path sourced internal to AS
3.3.3.3 (metric 81) from 5.5.5.5 (5.5.5.5)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10022 10500
Extcommunity: RT:65001:10022 RT:65001:10500 ENCAP:8 Router MAC:0c42.0000.1b08
Originator: 3.3.3.3 Cluster list: 0.0.0.1
Path-id 1 not advertised to any peer
Route Distinguisher: 1.1.1.1:3 (L3VNI 10500)
BGP routing table entry for [2]:[0]:[0]:[48]:[5254.00a4.fd92]:[32]:[172.16.22.4]/272, version 24
Paths: (1 available, best #1)
Flags: (0x000202) (high32 00000000) on xmit-list, is not in l2rib/evpn, is not in HW
Advertised path-id 1
Path type: internal, path is valid, is best path, no labeled nexthop
Imported from 3.3.3.3:32789:[2]:[0]:[0]:[48]:[5254.00a4.fd92]:[32]:[172.16.22.4]/272
AS-Path: NONE, path sourced internal to AS
3.3.3.3 (metric 81) from 5.5.5.5 (5.5.5.5)
Origin IGP, MED not set, localpref 100, weight 0
Received label 10022 10500
Extcommunity: RT:65001:10022 RT:65001:10500 ENCAP:8 Router MAC:0c42.0000.1b08
Originator: 3.3.3.3 Cluster list: 0.0.0.1
Path-id 1 not advertised to any peer