EN ESTA PÁGINA
Ejemplo: configurar una estructura de puente de enrutamiento centralizado EVPN-VXLAN utilizando enrutadores MX como spines
En este ejemplo se muestra cómo configurar EVPN y VXLAN en una estructura IP para admitir el reenvío óptimo de tramas Ethernet, proporcionar segmentación de red a gran escala, habilitar el aprendizaje de MAC basado en plano de control y muchas otras ventajas. Este ejemplo se basa en una arquitectura EVPN de enrutamiento centralizado con puente (CRB) en una estructura Clos de 5 etapas.
En la arquitectura CRB, las interfaces IRB proporcionan conectividad de capa 3 a servidores y VMS que pertenecen a VLAN y redes diferentes. Estas interfaces IRB sirven como puerta de enlace predeterminada para el tráfico entre VLAN dentro de una estructura y también para destinos remotos a la estructura, por ejemplo, en el caso de la interconexión del centro de datos (DCI). En un diseño CRB, las interfaces IRB se definen solo en los dispositivos spine. Por lo tanto, dicho diseño se conoce como enrutamiento central, ya que todo el enrutamiento ocurre en las espinas.
Para obtener un ejemplo de un diseño de puente enrutado en el borde (ERB), consulte Ejemplo: Configuración de una estructura de puente enrutado en el borde EVPN-VXLAN con una puerta de enlace Anycast
Para obtener información general sobre la tecnología EVPN-VXLAN y las arquitecturas compatibles, consulte Manual de EVPN.
Requisitos
En el ejemplo original se utilizaban los siguientes componentes de hardware y software:
-
Dos enrutadores de la serie MX de Juniper Networks que actuarán como puertas de enlace IP para la superposición EVPN
-
Cuatro conmutadores QFX5100 Juniper Networks. Dos de estos conmutadores actúan como dispositivos PE en la topología EVPN, y los otros dos actúan como transporte IP puro para la capa subyacente.
-
Junos OS versión 16.1 o posterior.
- Actualizado y revalidado con Junos OS versión 21.3R1.9
-
A partir de Junos OS versión 17.3R1, EVPN-VXLAN también se admite en conmutadores EX9200. Anteriormente, solo se admitía la encapsulación MPLS. En este ejemplo, el conmutador EX9200 funcionaría como una puerta de enlace IP para la superposición EVPN. Existen algunas diferencias de configuración entre los enrutadores de la serie MX y los conmutadores EX9200. La sección de configuración más adelante en este tema contiene más información acerca de la configuración específica de un EX9200.
- Consulte el resumen de hardware para obtener una lista de las plataformas compatibles.
Visión general
Las VPN Ethernet (EVPN) permiten conectar grupos de sitios de clientes dispersos mediante puentes virtuales de capa 2, y las LAN extensibles virtuales (VXLAN) permiten ampliar la conexión de capa 2 a través de una red de capa 3 intermedia, a la vez que proporcionan segmentación de red como una VLAN, pero sin la limitación de escalabilidad de las VLAN tradicionales. EVPN con encapsulación VXLAN maneja la conectividad de capa 2 a la escala requerida por los proveedores de servicios en la nube y reemplaza los protocolos limitantes como STP, lo que libera su red de capa 3 para usar protocolos de enrutamiento más sólidos.
En este ejemplo de configuración, se muestra cómo configurar EVPN con encapsulación VXLAN. En este ejemplo, los enrutadores de la serie MX se denominan Core-1 y Core-2. Los conmutadores QFX5100 se denominan Leaf-1, Leaf-2, Spine-1 y Spine-2. Los enrutadores centrales actúan como puertas de enlace IP para la superposición EVPN, los conmutadores leaf actúan como dispositivos PE en la topología EVPN y los conmutadores spine actúan como transporte IP puro para la capa subyacente (también conocida como "lean spine").
Topología
En nuestra topología de ejemplo, demostramos el acceso al servidor mediante interfaces sin etiquetar y troncalizadas (etiquetadas). Una interfaz troncal utiliza el etiquetado explícito de VLAN. Tanto el servidor A como el C están configurados para el enlace troncal, mientras que el servidor B utiliza una interfaz de acceso sin etiquetar para ambas salidas.
Configuración
- Configuración rápida de CLI
- Configuración de Leaf-1
- Configuración de Spine-1
- Configuración de Core-1
Configuración rápida de CLI
Para configurar rápidamente este ejemplo, copie los siguientes comandos, péguelos en un archivo de texto, elimine los saltos de línea, cambie los detalles necesarios para que coincidan con su configuración de red y, a continuación, copie y pegue los comandos en la CLI en el nivel de [edit] jerarquía.
Hoja-1
set system host-name leaf-1 set chassis aggregated-devices ethernet device-count 2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.111.2/30 set interfaces xe-0/0/1 unit 0 family inet address 10.1.121.2/30 set interfaces xe-0/0/2 ether-options 802.3ad ae0 set interfaces xe-0/0/3 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/3 unit 0 family ethernet-switching vlan members v101 set interfaces ae0 esi 00:01:01:01:01:01:01:01:01:01 set interfaces ae0 esi all-active set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:01:01:01 set interfaces ae0 unit 0 family ethernet-switching interface-mode access set interfaces ae0 unit 0 family ethernet-switching vlan members v102 set interfaces lo0 unit 0 family inet address 10.1.255.111/32 set policy-options policy-statement lo0 from family inet set policy-options policy-statement lo0 from protocol direct set policy-options policy-statement lo0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 set policy-options policy-statement lo0 then accept set policy-options policy-statement load-balance term 1 then load-balance per-packet set policy-options policy-statement vrf-imp term t1 from community com101 set policy-options policy-statement vrf-imp term t1 then accept set policy-options policy-statement vrf-imp term t2 from community com102 set policy-options policy-statement vrf-imp term t2 then accept set policy-options policy-statement vrf-imp term t3 from community com103 set policy-options policy-statement vrf-imp term t3 then accept set policy-options policy-statement vrf-imp term t5 then reject set policy-options community com101 members target:65000:101 set policy-options community com102 members target:65000:102 set policy-options community com103 members target:65000:103 set routing-options router-id 10.1.255.111 set routing-options autonomous-system 65000 set routing-options forwarding-table export load-balance set routing-options forwarding-table ecmp-fast-reroute set protocols bgp group underlay type external set protocols bgp group underlay export lo0 set protocols bgp group underlay local-as 65111 set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 10.1.111.1 peer-as 65011 set protocols bgp group underlay neighbor 10.1.121.1 peer-as 65012 set protocols bgp group EVPN_VXLAN_CORE type internal set protocols bgp group EVPN_VXLAN_CORE local-address 10.1.255.111 set protocols bgp group EVPN_VXLAN_CORE family evpn signaling set protocols bgp group EVPN_VXLAN_CORE neighbor 10.1.255.1 set protocols bgp group EVPN_VXLAN_CORE neighbor 10.1.255.2 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn vni-options vni 101 vrf-target target:65000:101 set protocols evpn vni-options vni 102 vrf-target target:65000:102 set protocols evpn extended-vni-list 101 set protocols evpn extended-vni-list 102 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.1.255.111:1 set switch-options vrf-import vrf-imp set switch-options vrf-target target:65000:1 set vlans v101 vlan-id 101 set vlans v101 vxlan vni 101 set vlans v102 vlan-id 102 set vlans v102 vxlan vni 102
Hoja-2
set system host-name leaf-2 set chassis aggregated-devices ethernet device-count 2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.112.2/30 set interfaces xe-0/0/1 unit 0 family inet address 10.1.122.2/30 set interfaces xe-0/0/2 ether-options 802.3ad ae0 set interfaces xe-0/0/3 unit 0 family ethernet-switching interface-mode trunk set interfaces xe-0/0/3 unit 0 family ethernet-switching vlan members v103 set interfaces ae0 esi 00:01:01:01:01:01:01:01:01:01 set interfaces ae0 esi all-active set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:01:01:01 set interfaces ae0 unit 0 family ethernet-switching interface-mode access set interfaces ae0 unit 0 family ethernet-switching vlan members v102 set interfaces lo0 unit 0 family inet address 10.1.255.112/32 set policy-options policy-statement lo0 from family inet set policy-options policy-statement lo0 from protocol direct set policy-options policy-statement lo0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 set policy-options policy-statement lo0 then accept set policy-options policy-statement load-balance term 1 then load-balance per-packet set policy-options policy-statement vrf-imp term t1 from community com101 set policy-options policy-statement vrf-imp term t1 then accept set policy-options policy-statement vrf-imp term t2 from community com102 set policy-options policy-statement vrf-imp term t2 then accept set policy-options policy-statement vrf-imp term t3 from community com103 set policy-options policy-statement vrf-imp term t3 then accept set policy-options policy-statement vrf-imp term t5 then reject set policy-options community com101 members target:65000:101 set policy-options community com102 members target:65000:102 set policy-options community com103 members target:65000:103 set routing-options router-id 10.1.255.112 set routing-options autonomous-system 65000 set routing-options forwarding-table export load-balance set routing-options forwarding-table ecmp-fast-reroute set protocols bgp group underlay type external set protocols bgp group underlay export lo0 set protocols bgp group underlay local-as 65112 set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 10.1.112.1 peer-as 65011 set protocols bgp group underlay neighbor 10.1.122.1 peer-as 65012 set protocols bgp group EVPN_VXLAN_CORE type internal set protocols bgp group EVPN_VXLAN_CORE local-address 10.1.255.112 set protocols bgp group EVPN_VXLAN_CORE family evpn signaling set protocols bgp group EVPN_VXLAN_CORE neighbor 10.1.255.1 set protocols bgp group EVPN_VXLAN_CORE neighbor 10.1.255.2 set protocols evpn encapsulation vxlan set protocols evpn multicast-mode ingress-replication set protocols evpn vni-options vni 102 vrf-target target:65000:102 set protocols evpn vni-options vni 103 vrf-target target:65000:103 set protocols evpn extended-vni-list 102 set protocols evpn extended-vni-list 103 set switch-options vtep-source-interface lo0.0 set switch-options route-distinguisher 10.1.255.112:1 set switch-options vrf-import vrf-imp set switch-options vrf-target target:65000:1 set vlans v102 vlan-id 102 set vlans v102 vxlan vni 102 set vlans v103 vlan-id 103 set vlans v103 vxlan vni 103
Espina-1
set system host-name spine-1 set interfaces xe-0/0/0 unit 0 family inet address 10.1.11.2/30 set interfaces xe-0/0/1 unit 0 family inet address 10.1.21.2/30 set interfaces xe-0/0/2 unit 0 family inet address 10.1.111.1/30 set interfaces xe-0/0/3 unit 0 family inet address 10.1.112.1/30 set interfaces lo0 unit 0 family inet address 10.1.255.11/32 set policy-options policy-statement lo0 from family inet set policy-options policy-statement lo0 from protocol direct set policy-options policy-statement lo0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 set policy-options policy-statement lo0 then accept set policy-options policy-statement load-balance term 1 then load-balance per-packet set routing-options router-id 10.1.255.11 set routing-options autonomous-system 65000 set routing-options forwarding-table export load-balance set routing-options forwarding-table ecmp-fast-reroute set protocols bgp group underlay type external set protocols bgp group underlay export lo0 set protocols bgp group underlay local-as 65011 set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 10.1.11.1 peer-as 65001 set protocols bgp group underlay neighbor 10.1.21.1 peer-as 65002 set protocols bgp group underlay neighbor 10.1.111.2 peer-as 65111 set protocols bgp group underlay neighbor 10.1.112.2 peer-as 65112
Spine-2
set system host-name spine-2 set interfaces xe-0/0/0 unit 0 family inet address 10.1.12.2/30 set interfaces xe-0/0/1 unit 0 family inet address 10.1.22.2/30 set interfaces xe-0/0/2 unit 0 family inet address 10.1.121.1/30 set interfaces xe-0/0/3 unit 0 family inet address 10.1.122.1/30 set interfaces lo0 unit 0 family inet address 10.1.255.12/32 set policy-options policy-statement lo0 from family inet set policy-options policy-statement lo0 from protocol direct set policy-options policy-statement lo0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 set policy-options policy-statement lo0 then accept set policy-options policy-statement load-balance term 1 then load-balance per-packet set routing-options router-id 10.1.255.12 set routing-options autonomous-system 65000 set routing-options forwarding-table export load-balance set routing-options forwarding-table ecmp-fast-reroute set protocols bgp group underlay type external set protocols bgp group underlay export lo0 set protocols bgp group underlay local-as 65012 set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 10.1.12.1 peer-as 65001 set protocols bgp group underlay neighbor 10.1.22.1 peer-as 65002 set protocols bgp group underlay neighbor 10.1.121.2 peer-as 65111 set protocols bgp group underlay neighbor 10.1.122.2 peer-as 65112
Núcleo-1
set system host-name core-1 set interfaces xe-0/2/0 unit 0 family inet address 10.1.11.1/30 set interfaces xe-0/2/1 unit 0 family inet address 10.1.12.1/30 set interfaces irb unit 101 virtual-gateway-accept-data set interfaces irb unit 101 family inet address 10.1.101.1/24 virtual-gateway-address 10.1.101.254 set interfaces irb unit 102 virtual-gateway-accept-data set interfaces irb unit 102 family inet address 10.1.102.1/24 virtual-gateway-address 10.1.102.254 set interfaces irb unit 103 virtual-gateway-accept-data set interfaces irb unit 103 family inet address 10.1.103.1/24 virtual-gateway-address 10.1.103.254 set interfaces lo0 unit 0 family inet address 10.1.255.1/32 set policy-options policy-statement VS_VLAN101_IMP term ESI from community comm-leaf set policy-options policy-statement VS_VLAN101_IMP term ESI then accept set policy-options policy-statement VS_VLAN101_IMP term VS_VLAN101 from community comm-VS_VLAN101 set policy-options policy-statement VS_VLAN101_IMP term VS_VLAN101 then accept set policy-options policy-statement VS_VLAN102_IMP term ESI from community comm-leaf set policy-options policy-statement VS_VLAN102_IMP term ESI then accept set policy-options policy-statement VS_VLAN102_IMP term VS_VLAN102 from community comm-VS_VLAN102 set policy-options policy-statement VS_VLAN102_IMP term VS_VLAN102 then accept set policy-options policy-statement VS_VLAN103_IMP term ESI from community comm-leaf set policy-options policy-statement VS_VLAN103_IMP term ESI then accept set policy-options policy-statement VS_VLAN103_IMP term VS_VLAN103 from community comm-VS_VLAN103 set policy-options policy-statement VS_VLAN103_IMP term VS_VLAN103 then accept set policy-options policy-statement lo0 from family inet set policy-options policy-statement lo0 from protocol direct set policy-options policy-statement lo0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 set policy-options policy-statement lo0 then accept set policy-options policy-statement load-balance term 1 then load-balance per-packet set policy-options community comm-VS_VLAN101 members target:65000:101 set policy-options community comm-VS_VLAN102 members target:65000:102 set policy-options community comm-VS_VLAN103 members target:65000:103 set policy-options community comm-leaf members target:65000:1 set routing-instances VRF_Tenant_A instance-type vrf set routing-instances VRF_Tenant_A interface irb.101 set routing-instances VRF_Tenant_A route-distinguisher 10.1.255.1:1010 set routing-instances VRF_Tenant_A vrf-target target:65000:101 set routing-instances VRF_Tenant_B instance-type vrf set routing-instances VRF_Tenant_B interface irb.102 set routing-instances VRF_Tenant_B route-distinguisher 10.1.255.1:1020 set routing-instances VRF_Tenant_B vrf-target target:65000:102 set routing-instances VRF_Tenant_C instance-type vrf set routing-instances VRF_Tenant_C interface irb.103 set routing-instances VRF_Tenant_C route-distinguisher 10.1.255.1:1030 set routing-instances VRF_Tenant_C vrf-target target:65000:103 set routing-instances VS_VLAN101 instance-type virtual-switch set routing-instances VS_VLAN101 protocols evpn encapsulation vxlan set routing-instances VS_VLAN101 protocols evpn extended-vni-list 101 set routing-instances VS_VLAN101 protocols evpn multicast-mode ingress-replication set routing-instances VS_VLAN101 vtep-source-interface lo0.0 set routing-instances VS_VLAN101 bridge-domains bd101 vlan-id 101 set routing-instances VS_VLAN101 bridge-domains bd101 routing-interface irb.101 set routing-instances VS_VLAN101 bridge-domains bd101 vxlan vni 101 set routing-instances VS_VLAN101 route-distinguisher 10.1.255.1:101 set routing-instances VS_VLAN101 vrf-import VS_VLAN101_IMP set routing-instances VS_VLAN101 vrf-target target:65000:101 set routing-instances VS_VLAN102 instance-type virtual-switch set routing-instances VS_VLAN102 protocols evpn encapsulation vxlan set routing-instances VS_VLAN102 protocols evpn extended-vni-list 102 set routing-instances VS_VLAN102 protocols evpn multicast-mode ingress-replication set routing-instances VS_VLAN102 vtep-source-interface lo0.0 set routing-instances VS_VLAN102 bridge-domains bd102 vlan-id 102 set routing-instances VS_VLAN102 bridge-domains bd102 routing-interface irb.102 set routing-instances VS_VLAN102 bridge-domains bd102 vxlan vni 102 set routing-instances VS_VLAN102 route-distinguisher 10.1.255.1:102 set routing-instances VS_VLAN102 vrf-import VS_VLAN102_IMP set routing-instances VS_VLAN102 vrf-target target:65000:102 set routing-instances VS_VLAN103 instance-type virtual-switch set routing-instances VS_VLAN103 protocols evpn encapsulation vxlan set routing-instances VS_VLAN103 protocols evpn extended-vni-list 103 set routing-instances VS_VLAN103 protocols evpn multicast-mode ingress-replication set routing-instances VS_VLAN103 vtep-source-interface lo0.0 set routing-instances VS_VLAN103 bridge-domains bd103 vlan-id 103 set routing-instances VS_VLAN103 bridge-domains bd103 routing-interface irb.103 set routing-instances VS_VLAN103 bridge-domains bd103 vxlan vni 103 set routing-instances VS_VLAN103 route-distinguisher 10.1.255.1:103 set routing-instances VS_VLAN103 vrf-import VS_VLAN103_IMP set routing-instances VS_VLAN103 vrf-target target:65000:103 set routing-options router-id 10.1.255.1 set routing-options autonomous-system 65000 set routing-options forwarding-table export load-balance set routing-options forwarding-table ecmp-fast-reroute set protocols bgp group underlay type external set protocols bgp group underlay export lo0 set protocols bgp group underlay local-as 65001 set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 10.1.11.2 peer-as 65011 set protocols bgp group underlay neighbor 10.1.12.2 peer-as 65012 set protocols bgp group EVPN_VXLAN type internal set protocols bgp group EVPN_VXLAN local-address 10.1.255.1 set protocols bgp group EVPN_VXLAN family evpn signaling set protocols bgp group EVPN_VXLAN cluster 10.1.1.1 set protocols bgp group EVPN_VXLAN multipath set protocols bgp group EVPN_VXLAN neighbor 10.1.255.111 set protocols bgp group EVPN_VXLAN neighbor 10.1.255.112 set protocols bgp group EVPN_VXLAN neighbor 10.1.255.2
Núcleo-2
set system host-name core-2 set interfaces xe-0/2/0 unit 0 family inet address 10.1.21.1/30 set interfaces xe-0/2/1 unit 0 family inet address 10.1.22.1/30 set interfaces irb unit 101 virtual-gateway-accept-data set interfaces irb unit 101 family inet address 10.1.101.2/24 virtual-gateway-address 10.1.101.254 set interfaces irb unit 102 virtual-gateway-accept-data set interfaces irb unit 102 family inet address 10.1.102.2/24 virtual-gateway-address 10.1.102.254 set interfaces irb unit 103 virtual-gateway-accept-data set interfaces irb unit 103 family inet address 10.1.103.2/24 virtual-gateway-address 10.1.103.254 set interfaces lo0 unit 0 family inet address 10.1.255.2/32 set policy-options policy-statement VS_VLAN101_IMP term ESI from community comm-leaf set policy-options policy-statement VS_VLAN101_IMP term ESI then accept set policy-options policy-statement VS_VLAN101_IMP term VS_VLAN101 from community comm-VS_VLAN101 set policy-options policy-statement VS_VLAN101_IMP term VS_VLAN101 then accept set policy-options policy-statement VS_VLAN102_IMP term ESI from community comm-leaf set policy-options policy-statement VS_VLAN102_IMP term ESI then accept set policy-options policy-statement VS_VLAN102_IMP term VS_VLAN102 from community comm-VS_VLAN102 set policy-options policy-statement VS_VLAN102_IMP term VS_VLAN102 then accept set policy-options policy-statement VS_VLAN103_IMP term ESI from community comm-leaf set policy-options policy-statement VS_VLAN103_IMP term ESI then accept set policy-options policy-statement VS_VLAN103_IMP term VS_VLAN103 from community comm-VS_VLAN103 set policy-options policy-statement VS_VLAN103_IMP term VS_VLAN103 then accept set policy-options policy-statement lo0 from family inet set policy-options policy-statement lo0 from protocol direct set policy-options policy-statement lo0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 set policy-options policy-statement lo0 then accept set policy-options policy-statement load-balance term 1 then load-balance per-packet set policy-options community comm-VS_VLAN101 members target:65000:101 set policy-options community comm-VS_VLAN102 members target:65000:102 set policy-options community comm-VS_VLAN103 members target:65000:103 set policy-options community comm-leaf members target:65000:1 set routing-instances VRF_Tenant_A instance-type vrf set routing-instances VRF_Tenant_A interface irb.101 set routing-instances VRF_Tenant_A route-distinguisher 10.1.255.2:1010 set routing-instances VRF_Tenant_A vrf-target target:65000:101 set routing-instances VRF_Tenant_B instance-type vrf set routing-instances VRF_Tenant_B interface irb.102 set routing-instances VRF_Tenant_B route-distinguisher 10.1.255.2:1020 set routing-instances VRF_Tenant_B vrf-target target:65000:102 set routing-instances VRF_Tenant_C instance-type vrf set routing-instances VRF_Tenant_C interface irb.103 set routing-instances VRF_Tenant_C route-distinguisher 10.1.255.2:1030 set routing-instances VRF_Tenant_C vrf-target target:65000:103 set routing-instances VS_VLAN101 instance-type virtual-switch set routing-instances VS_VLAN101 protocols evpn encapsulation vxlan set routing-instances VS_VLAN101 protocols evpn extended-vni-list 101 set routing-instances VS_VLAN101 protocols evpn multicast-mode ingress-replication set routing-instances VS_VLAN101 vtep-source-interface lo0.0 set routing-instances VS_VLAN101 bridge-domains bd101 vlan-id 101 set routing-instances VS_VLAN101 bridge-domains bd101 routing-interface irb.101 set routing-instances VS_VLAN101 bridge-domains bd101 vxlan vni 101 set routing-instances VS_VLAN101 route-distinguisher 10.1.255.2:101 set routing-instances VS_VLAN101 vrf-import VS_VLAN101_IMP set routing-instances VS_VLAN101 vrf-target target:65000:101 set routing-instances VS_VLAN102 instance-type virtual-switch set routing-instances VS_VLAN102 protocols evpn encapsulation vxlan set routing-instances VS_VLAN102 protocols evpn extended-vni-list 102 set routing-instances VS_VLAN102 protocols evpn multicast-mode ingress-replication set routing-instances VS_VLAN102 vtep-source-interface lo0.0 set routing-instances VS_VLAN102 bridge-domains bd102 vlan-id 102 set routing-instances VS_VLAN102 bridge-domains bd102 routing-interface irb.102 set routing-instances VS_VLAN102 bridge-domains bd102 vxlan vni 102 set routing-instances VS_VLAN102 route-distinguisher 10.1.255.2:102 set routing-instances VS_VLAN102 vrf-import VS_VLAN102_IMP set routing-instances VS_VLAN102 vrf-target target:65000:102 set routing-instances VS_VLAN103 instance-type virtual-switch set routing-instances VS_VLAN103 protocols evpn encapsulation vxlan set routing-instances VS_VLAN103 protocols evpn extended-vni-list 103 set routing-instances VS_VLAN103 protocols evpn multicast-mode ingress-replication set routing-instances VS_VLAN103 vtep-source-interface lo0.0 set routing-instances VS_VLAN103 bridge-domains bd103 vlan-id 103 set routing-instances VS_VLAN103 bridge-domains bd103 routing-interface irb.103 set routing-instances VS_VLAN103 bridge-domains bd103 vxlan vni 103 set routing-instances VS_VLAN103 route-distinguisher 10.1.255.2:103 set routing-instances VS_VLAN103 vrf-import VS_VLAN103_IMP set routing-instances VS_VLAN103 vrf-target target:65000:103 set routing-options router-id 10.1.255.2 set routing-options autonomous-system 65000 set routing-options forwarding-table export load-balance set routing-options forwarding-table ecmp-fast-reroute set protocols bgp group underlay type external set protocols bgp group underlay export lo0 set protocols bgp group underlay local-as 65002 set protocols bgp group underlay multipath multiple-as set protocols bgp group underlay neighbor 10.1.21.2 peer-as 65011 set protocols bgp group underlay neighbor 10.1.22.2 peer-as 65012 set protocols bgp group EVPN_VXLAN type internal set protocols bgp group EVPN_VXLAN local-address 10.1.255.2 set protocols bgp group EVPN_VXLAN family evpn signaling set protocols bgp group EVPN_VXLAN cluster 10.2.2.2 set protocols bgp group EVPN_VXLAN multipath set protocols bgp group EVPN_VXLAN neighbor 10.1.255.111 set protocols bgp group EVPN_VXLAN neighbor 10.1.255.112 set protocols bgp group EVPN_VXLAN neighbor 10.1.255.1
Configuración del EX9200
En los conmutadores EX9200, se utiliza la vlans instrucción en lugar de bridge-domains, y la instrucción se utiliza en l3-interface lugar de routing-interface.
En el ejemplo siguiente se muestra cómo configurar estas instrucciones. Todas las demás configuraciones que se muestran para los enrutadores de la serie MX en este ejemplo también se aplican a los conmutadores EX9200.
set routing-instances VS_VLAN300 vlans vlan1300 vlan-id 300 set routing-instances VS_VLAN300 vlans vlan1300 l3-inteface irb.1300
En este ejemplo, dondequiera bridge-domains que routing-interface se usen instrucciones, para configurar en conmutadores EX9200, use vlans y l3-interface en su lugar.
Configuración de Leaf-1
Procedimiento paso a paso
En el ejemplo siguiente es necesario navegar por varios niveles en la jerarquía de configuración. Para obtener información acerca de cómo navegar por la CLI, consulte Uso del editor de CLI en modo de configuración en la Guía del usuario de CLI.
Los pasos para configurar Leaf-2 son similares a Leaf-1 y, por lo tanto, solo mostraremos los procedimientos paso a paso para Leaf-1.
Para configurar Leaf-1:
-
Establezca el nombre de host del sistema.
[edit] user@leaf-1# set system host-name leaf-1
-
Configure las opciones de enrutamiento. La load-balance directiva de exportación se configura en el siguiente paso.
[edit] user@leaf-1# set routing-options router-id 10.1.255.111 user@leaf-1# set routing-options autonomous-system 65000 user@leaf-1# set routing-options forwarding-table export load-balance user@leaf-1# set routing-options forwarding-table ecmp-fast-reroute
-
Configure la directiva de equilibrio de carga.
[edit policy-options policy-statement load-balance] user@leaf-1# set term 1 then load-balance per-packet
-
Configure el EBGP subyacente en los dispositivos de columna vertebral. La lo0 directiva de exportación se configura en el siguiente paso.
[edit] user@leaf-1# set protocols bgp group underlay type external user@leaf-1# set protocols bgp group underlay export lo0 user@leaf-1# set protocols bgp group underlay local-as 65111 user@leaf-1# set protocols bgp group underlay multipath multiple-as user@leaf-1# set protocols bgp group underlay neighbor 10.1.111.1 peer-as 65011 user@leaf-1# set protocols bgp group underlay neighbor 10.1.121.1 peer-as 65012
-
Configure una política para anunciar la dirección de circuito cerrado en la capa subyacente. En este ejemplo, se escribe una política portable que es independiente de la dirección de circuito cerrado, haciendo coincidir sólo las rutas directas con una longitud de prefijo /32. El resultado es una política que coincide con cualquier dirección de circuito cerrado y que se puede reutilizar en todos los dispositivos de la topología.
[edit policy-options policy-statement lo0] user@leaf-1# set from family inet user@leaf-1# set from protocol direct user@leaf-1# set from route-filter 0.0.0.0/0 prefix-length-range /32-/32 user@leaf-1# set then accept
-
Configurar opciones de conmutador La interfaz del extremo del túnel virtual es lo0.0, a la que se debe acceder a través del protocolo de enrutamiento subyacente. El diferenciador de ruta debe ser único en todos los conmutadores de la red para garantizar que todos los anuncios de ruta dentro de la superposición MP-BGP sean únicos a nivel mundial. El objetivo de la tabla VRF en el conmutador de la serie QFX es, como mínimo, la comunidad que el conmutador envía a todas las rutas ESI (tipo 1). La
vrf-import vrf-impinstrucción define la lista de comunidades de destino, que se importa a ladefault-switch.evpn.0instancia desde labgp.evpn.0tabla.[edit] user@leaf-1# set switch-options vtep-source-interface lo0.0 user@leaf-1# set switch-options route-distinguisher 10.1.255.111:1 user@leaf-1# set switch-options vrf-import vrf-imp user@leaf-1# set switch-options vrf-target target:65000:1
-
Configure la directiva de importación de tablas VRF.
[edit] user@leaf-1# set policy-options policy-statement vrf-imp term t1 from community com101 user@leaf-1# set policy-options policy-statement vrf-imp term t1 then accept user@leaf-1# set policy-options policy-statement vrf-imp term t2 from community com102 user@leaf-1# set policy-options policy-statement vrf-imp term t2 then accept user@leaf-1# set policy-options policy-statement vrf-imp term t3 from community com103 user@leaf-1# set policy-options policy-statement vrf-imp term t3 then accept user@leaf-1# set policy-options policy-statement vrf-imp term t5 then reject
-
Configure las comunidades relacionadas.
[edit] user@leaf-1# set policy-options community com101 members target:65000:101 user@leaf-1# set policy-options community com102 members target:65000:102 user@leaf-1# set policy-options community com103 members target:65000:103
-
Configure la lista de identificadores de red virtual extendidos (VNI) para establecer los VNI que desea que formen parte del dominio EVPN. También puede configurar la replicación de entrada; en EVPN-VXLAN, la replicación de entrada se usa para manejar la multidifusión sin necesidad de una base con capacidad de multidifusión. Se especifican diferentes destinos de ruta para cada instancia de identificador de red VXLAN en
vni-routing-options.[edit] user@leaf-1# set protocols evpn encapsulation vxlan user@leaf-1# set protocols evpn multicast-mode ingress-replication user@leaf-1# set protocols evpn vni-options vni 101 vrf-target target:65000:101 user@leaf-1# set protocols evpn vni-options vni 102 vrf-target target:65000:102 user@leaf-1# set protocols evpn extended-vni-list 101 user@leaf-1# set protocols evpn extended-vni-list 102
-
Asigne ID de VLAN de importancia local a identificadores de red VXLAN de importancia global.
[edit] user@leaf-1# set vlans v101 vlan-id 101 user@leaf-1# set vlans v101 vxlan vni 101 user@leaf-1# set vlans v102 vlan-id 102 user@leaf-1# set vlans v102 vxlan vni 102
-
Configure las sesiones de superposición de IBGP compatibles con EVPN.
[edit] user@leaf-1# set protocols bgp group EVPN_VXLAN_CORE type internal user@leaf-1# set protocols bgp group EVPN_VXLAN_CORE local-address 10.1.255.111 user@leaf-1# set protocols bgp group EVPN_VXLAN_CORE family evpn signaling user@leaf-1# set protocols bgp group EVPN_VXLAN_CORE neighbor 10.1.255.1 user@leaf-1# set protocols bgp group EVPN_VXLAN_CORE neighbor 10.1.255.2
Nota:Algunas estructuras IP utilizan una superposición EVPN-VXLAN basada en EBGP. Para obtener un ejemplo de una estructura IP que utiliza EBGP tanto para la capa subyacente como para la superposición, consulte Ejemplo: Configuración de una estructura de puente enrutado en el borde EVPN-VXLAN con una puerta de enlace Anycast. Tenga en cuenta que la elección de EBGP vs IBGP para la superposición no afecta a la arquitectura de la estructura. Tanto el diseño de CRB como el de puente de borde enrutado (ERB) admiten cualquier tipo de superposición.
-
Configure las interfaces de estructura.
[edit] user@leaf-1# set interfaces xe-0/0/0 unit 0 family inet address 10.1.111.2/30 user@leaf-1# set interfaces xe-0/0/1 unit 0 family inet address 10.1.121.2/30
-
Configure las interfaces de acceso. Tenga en cuenta nuevamente que demostramos una combinación de interfaces de acceso y troncales para la conexión del servidor.
[edit] user@leaf-1# set interfaces xe-0/0/2 ether-options 802.3ad ae0 user@leaf-1# set interfaces xe-0/0/3 unit 0 family ethernet-switching interface-mode trunk user@leaf-1# set interfaces xe-0/0/3 unit 0 family ethernet-switching vlan members v101
-
Configure la interfaz LAG habilitada para LACP. El valor ESI es único globalmente en todo el dominio EVPN. La
all-activeinstrucción de configuración garantiza que todos los enrutadores PE a los que está conectado este inquilino de host múltiple puedan reenviar tráfico desde el dispositivo CE, de modo que todos los vínculos CE se utilicen activamente.[edit] user@leaf-1# set interfaces ae0 esi 00:01:01:01:01:01:01:01:01:01 user@leaf-1# set interfaces ae0 esi all-active user@leaf-1# set interfaces ae0 aggregated-ether-options lacp active user@leaf-1# set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:01:01:01 user@leaf-1# set interfaces ae0 unit 0 family ethernet-switching interface-mode access user@leaf-1# set interfaces ae0 unit 0 family ethernet-switching vlan members v102
-
Configure la dirección de la interfaz de circuito cerrado.
[edit] user@leaf-1# set interfaces lo0 unit 0 family inet address 10.1.255.111/32
Configuración de Spine-1
Procedimiento paso a paso
En el ejemplo siguiente es necesario navegar por varios niveles en la jerarquía de configuración. Para obtener información acerca de cómo navegar por la CLI, consulte Uso del editor de CLI en modo de configuración en la Guía del usuario de CLI.
Los pasos para configurar Spine-2 son similares a Spine-1 y, por lo tanto, solo mostraremos los procedimientos paso a paso para Spine-1.
Para configurar Spine-1:
-
Establezca el nombre de host del sistema.
[edit] user@spine-1# set system host-name spine-1
-
Configure las opciones de enrutamiento.
[edit] user@spine-1# set routing-options router-id 10.1.255.11 user@spine-1# set routing-options autonomous-system 65000 user@spine-1# set routing-options forwarding-table export load-balance user@spine-1# set routing-options forwarding-table ecmp-fast-reroute
-
Configure una directiva de equilibrio de carga.
[edit policy-options policy-statement load-balance] user@spine-1# set term 1 then load-balance per-packet
-
Configure la base de EBGP con emparejamiento con los dispositivos leaf y core. La lo0 política que anuncia la dirección lo0 se aplica en este paso; la configuración de la propia política se muestra en el siguiente paso.
[edit] user@spine-1# set protocols bgp group underlay type external user@spine-1# set protocols bgp group underlay export lo0 user@spine-1# set protocols bgp group underlay local-as 65011 user@spine-1# set protocols bgp group underlay multipath multiple-as user@spine-1# set protocols bgp group underlay neighbor 10.1.11.1 peer-as 65001 user@spine-1# set protocols bgp group underlay neighbor 10.1.21.1 peer-as 65002 user@spine-1# set protocols bgp group underlay neighbor 10.1.111.2 peer-as 65111 user@spine-1# set protocols bgp group underlay neighbor 10.1.112.2 peer-as 65112
-
Configure una política denominada lo0 para anunciar rutas /32. La política coincide en la dirección de circuito cerrado, sin especificar ninguna IP específica. De esta manera, la misma política es reutilizable en cualquier dispositivo de estructura.
[edit policy-options policy-statement lo0] user@spine-1# set from family inet user@spine-1# set from protocol direct user@spine-1# set from route-filter 0.0.0.0/0 prefix-length-range /32-/32 user@spine-1# set then accept
Configuración de Core-1
Procedimiento paso a paso
En el ejemplo siguiente es necesario navegar por varios niveles en la jerarquía de configuración. Para obtener información acerca de cómo navegar por la CLI, consulte Uso del editor de CLI en modo de configuración en la Guía del usuario de CLI.
Los pasos para configurar Core-2 son similares a Core-1 y, por lo tanto, solo mostraremos los procedimientos paso a paso para Core-1.
Para configurar Core-1:
-
Establezca el nombre de host del sistema.
[edit] user@core-1# set system host-name core-1
-
Configure las opciones de enrutamiento. La load-balance directiva se aplica durante este paso. La directiva se crea en el paso siguiente
[edit] user@core-1# set routing-options router-id 10.1.255.1 user@core-1# set routing-options autonomous-system 65000 user@core-1# set routing-options forwarding-table export load-balance user@core-1# set routing-options forwarding-table ecmp-fast-reroute
-
Configure una política de equilibrio de carga denominada load-balance.
[edit policy-options policy-statement load-balance] user@core-1# set term 1 then load-balance per-packet
-
Configure el emparejamiento subyacente de BGP. La lo0 directiva que anuncia la dirección de circuito cerrado se aplica durante este paso. Esta directiva se configurará en el paso siguiente.
[edit] user@core-1# set protocols bgp group underlay type external user@core-1# set protocols bgp group underlay export lo0 user@core-1# set protocols bgp group underlay local-as 65001 user@core-1# set protocols bgp group underlay multipath multiple-as user@core-1# set protocols bgp group underlay neighbor 10.1.11.2 peer-as 65011 user@core-1# set protocols bgp group underlay neighbor 10.1.12.2 peer-as 65012
-
Configure una política denominada
lo0para anunciar rutas de circuito cerrado.[edit policy-options policy-statement lo0] user@core-1# set from family inet user@core-1# set from protocol direct user@core-1# set lo0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32 user@core-1# set lo0 then accept
-
Una gran parte de la configuración de Core-1 tiene lugar en la
[routing-instance]jerarquía. Configure los enrutadores virtuales y configure una política de importación de tablas VRF única para cada conmutador virtual.[edit] user@core-1# set routing-instances VRF_Tenant_A instance-type vrf user@core-1# set routing-instances VRF_Tenant_A interface irb.101 user@core-1# set routing-instances VRF_Tenant_A route-distinguisher 10.1.255.1:1010 user@core-1# set routing-instances VRF_Tenant_A vrf-target target:65000:101 user@core-1# set routing-instances VRF_Tenant_B instance-type vrf user@core-1# set routing-instances VRF_Tenant_B interface irb.102 user@core-1# set routing-instances VRF_Tenant_B route-distinguisher 10.1.255.1:1020 user@core-1# set routing-instances VRF_Tenant_B vrf-target target:65000:102 user@core-1# set routing-instances VRF_Tenant_C instance-type vrf user@core-1# set routing-instances VRF_Tenant_C interface irb.103 user@core-1# set routing-instances VRF_Tenant_C route-distinguisher 10.1.255.1:1030 user@core-1# set routing-instances VRF_Tenant_C vrf-target target:65000:103 user@core-1# set routing-instances VS_VLAN101 instance-type virtual-switch user@core-1# set routing-instances VS_VLAN101 protocols evpn encapsulation vxlan user@core-1# set routing-instances VS_VLAN101 protocols evpn extended-vni-list 101 user@core-1# set routing-instances VS_VLAN101 protocols evpn multicast-mode ingress-replication user@core-1# set routing-instances VS_VLAN101 vtep-source-interface lo0.0 user@core-1# set routing-instances VS_VLAN101 bridge-domains bd101 vlan-id 101 user@core-1# set routing-instances VS_VLAN101 bridge-domains bd101 routing-interface irb.101 user@core-1# set routing-instances VS_VLAN101 bridge-domains bd101 vxlan vni 101 user@core-1# set routing-instances VS_VLAN101 route-distinguisher 10.1.255.1:101 user@core-1# set routing-instances VS_VLAN101 vrf-import VS_VLAN101_IMP user@core-1# set routing-instances VS_VLAN101 vrf-target target:65000:101 user@core-1# set routing-instances VS_VLAN102 instance-type virtual-switch user@core-1# set routing-instances VS_VLAN102 protocols evpn encapsulation vxlan user@core-1# set routing-instances VS_VLAN102 protocols evpn extended-vni-list 102 user@core-1# set routing-instances VS_VLAN102 protocols evpn multicast-mode ingress-replication user@core-1# set routing-instances VS_VLAN102 vtep-source-interface lo0.0 user@core-1# set routing-instances VS_VLAN102 bridge-domains bd102 vlan-id 102 user@core-1# set routing-instances VS_VLAN102 bridge-domains bd102 routing-interface irb.102 user@core-1# set routing-instances VS_VLAN102 bridge-domains bd102 vxlan vni 102 user@core-1# set routing-instances VS_VLAN102 route-distinguisher 10.1.255.1:102 user@core-1# set routing-instances VS_VLAN102 vrf-import VS_VLAN102_IMP user@core-1# set routing-instances VS_VLAN102 vrf-target target:65000:102 user@core-1# set routing-instances VS_VLAN103 instance-type virtual-switch user@core-1# set routing-instances VS_VLAN103 protocols evpn encapsulation vxlan user@core-1# set routing-instances VS_VLAN103 protocols evpn extended-vni-list 103 user@core-1# set routing-instances VS_VLAN103 protocols evpn multicast-mode ingress-replication user@core-1# set routing-instances VS_VLAN103 vtep-source-interface lo0.0 user@core-1# set routing-instances VS_VLAN103 bridge-domains bd103 vlan-id 103 user@core-1# set routing-instances VS_VLAN103 bridge-domains bd103 routing-interface irb.103 user@core-1# set routing-instances VS_VLAN103 bridge-domains bd103 vxlan vni 103 user@core-1# set routing-instances VS_VLAN103 route-distinguisher 10.1.255.1:103 user@core-1# set routing-instances VS_VLAN103 vrf-import VS_VLAN103_IMP user@core-1# set routing-instances VS_VLAN103 vrf-target target:65000:103
-
Configure la directiva para cada instancia de enrutamiento.
[edit policy-options] user@core-1# set policy-statement VS_VLAN101_IMP term ESI from community comm-leaf user@core-1# set policy-statement VS_VLAN101_IMP term ESI then accept user@core-1# set policy-statement VS_VLAN101_IMP term VS_VLAN101 from community comm-VS_VLAN101 user@core-1# set policy-statement VS_VLAN101_IMP term VS_VLAN101 then accept user@core-1# set policy-statement VS_VLAN102_IMP term ESI from community comm-leaf user@core-1# set policy-statement VS_VLAN102_IMP term ESI then accept user@core-1# set policy-statement VS_VLAN102_IMP term VS_VLAN102 from community comm-VS_VLAN102 user@core-1# set policy-statement VS_VLAN102_IMP term VS_VLAN102 then accept user@core-1# set policy-statement VS_VLAN103_IMP term ESI from community comm-leaf user@core-1# set policy-statement VS_VLAN103_IMP term ESI then accept user@core-1# set policy-statement VS_VLAN103_IMP term VS_VLAN103 from community comm-VS_VLAN103 user@core-1# set policy-statement VS_VLAN103_IMP term VS_VLAN103 then accept
-
Configure las comunidades. Asegúrese de que la política acepta rutas etiquetadas con el comm-leaf destino 65000:1. Esto garantiza que todos los conmutadores virtuales importen las rutas ESI de tipo 1 desde todas las hojas.
[edit] user@core-1# set policy-options community comm-VS_VLAN101 members target:65000:101 user@core-1# set policy-options community comm-VS_VLAN102 members target:65000:102 user@core-1# set policy-options community comm-VS_VLAN103 members target:65000:103 user@core-1# set policy-options community comm-leaf members target:65000:1
-
Configure las interfaces IRB. Cada IRB tiene una dirección de puerta de enlace virtual, que es una dirección MAC y una dirección IP compartidas en Core-1 y Core-2.
[edit interfaces irb] user@core-1# set unit 101 virtual-gateway-accept-data user@core-1# set unit 101 family inet address 10.1.101.1/24 virtual-gateway-address 10.1.101.254 user@core-1# set unit 102 virtual-gateway-accept-data user@core-1# set unit 102 family inet address 10.1.102.1/24 virtual-gateway-address 10.1.102.254 user@core-1# set unit 103 virtual-gateway-accept-data user@core-1# set unit 103 family inet address 10.1.103.1/24 virtual-gateway-address 10.1.103.254
-
Configure las sesiones de superposición de IBGP hacia Leaf-1 y Leaf-2. Incluimos un emparejamiento entre los dispositivos Core para compartir rutas entre dispositivos Core.
[edit] user@core-1# set protocols bgp group EVPN_VXLAN type internal user@core-1# set protocols bgp group EVPN_VXLAN local-address 10.1.255.1 user@core-1# set protocols bgp group EVPN_VXLAN family evpn signaling user@core-1# set protocols bgp group EVPN_VXLAN cluster 10.1.1.1 user@core-1# set protocols bgp group EVPN_VXLAN multipath user@core-1# set protocols bgp group EVPN_VXLAN neighbor 10.1.255.111 user@core-1# set protocols bgp group EVPN_VXLAN neighbor 10.1.255.112 user@core-1# set protocols bgp group EVPN_VXLAN neighbor 10.1.255.2
Verificación
- Verificación de la accesibilidad de MAC a un dispositivo CE de base única (leaf-1)
- Verificación de la accesibilidad de MAC a un dispositivo CE de base única (tipo 2)
- Verificación de rutas importadas
- Verificación de la copia del demonio de aprendizaje de direcciones de capa 2
- Comprobación de la tabla de reenvío a nivel de kernel
- Verificación de la accesibilidad de MAC a un dispositivo CE de multihost
- Comprobación de EVPN, el demonio de aprendizaje de direcciones de capa 2 y las tablas de reenvío de kernel para dispositivos CE de host múltiple
Verificación de la accesibilidad de MAC a un dispositivo CE de base única (leaf-1)
Propósito
Verifique la accesibilidad de MAC para Tenant_A. Este usuario es de base única en Leaf-1. Primero, verifique que la dirección MAC se aprende localmente en Leaf-1. La hoja 1 genera la ruta EVPN tipo 2 solo después de aprender la dirección MAC.
Acción
Verifique que la dirección MAC se aprende localmente en Leaf-1.
lab@leaf-1> show ethernet-switching table vlan-id 101
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
Ethernet switching table : 4 entries, 4 learned
Routing instance : default-switch
Vlan MAC MAC Logical SVLBNH/ Active
name address flags interface VENH Index source
v101 00:00:5e:00:01:01 DRP esi.1749 05:00:00:fd:e8:00:00:00:65:00
v101 2c:6b:f5:54:95:f0 DR vtep.32770 10.1.255.2
v101 2c:6b:f5:ef:73:f0 DR vtep.32769 10.1.255.1
v101 56:04:15:00:bb:02 D xe-0/0/3.0
Significado
El resultado muestra que MAC 56:04:15:00:bb:02 se aprende correctamente desde el dispositivo Tenant_A CE, que es el servidor A en la interfaz xe-0/0/3.0.
Verificación de la accesibilidad de MAC a un dispositivo CE de base única (tipo 2)
Propósito
Verificar la accesibilidad de MAC a un dispositivo CE de base única (tipo 2)
Acción
Compruebe la generación de la ruta de tipo 2 al núcleo-1.
lab@leaf-1> show route advertising-protocol bgp 10.1.255.1 evpn-mac-address 56:04:15:00:bb:02 bgp.evpn.0: 50 destinations, 91 routes (50 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path 2:10.1.255.111:1::101::56:04:15:00:bb:02/304 MAC/IP * Self 100 I 2:10.1.255.111:1::101::56:04:15:00:bb:02::10.1.101.101/304 MAC/IP * Self 100 I default-switch.evpn.0: 47 destinations, 87 routes (47 active, 0 holddown, 0 hidden) Prefix Nexthop MED Lclpref AS path 2:10.1.255.111:1::101::56:04:15:00:bb:02/304 MAC/IP * Self 100 I 2:10.1.255.111:1::101::56:04:15:00:bb:02::10.1.101.101/304 MAC/IP * Self 100 I __default_evpn__.evpn.0: 3 destinations, 4 routes (3 active, 0 holddown, 0 hidden)
Significado
El resultado muestra que se anuncian MAC y MAC/IP.
En el núcleo 1, se recibe la ruta EVPN tipo 2 en bgp.evpn.0.
lab@core-1> show route receive-protocol bgp 10.1.255.111 evpn-mac-address 56:04:15:00:bb:02 extensive table bgp.evpn.0
bgp.evpn.0: 52 destinations, 68 routes (52 active, 0 holddown, 0 hidden)
* 2:10.1.255.111:1::101::56:04:15:00:bb:02/304 MAC/IP (2 entries, 1 announced)
Import Accepted
Route Distinguisher: 10.1.255.111:1
Route Label: 101
ESI: 00:00:00:00:00:00:00:00:00:00
Nexthop: 10.1.255.111
Localpref: 100
AS path: I
Communities: target:65000:101 encapsulation:vxlan(0x8)
* 2:10.1.255.111:1::101::56:04:15:00:bb:02::10.1.101.101/304 MAC/IP (2 entries, 1 announced)
Import Accepted
Route Distinguisher: 10.1.255.111:1
Route Label: 101
ESI: 00:00:00:00:00:00:00:00:00:00
Nexthop: 10.1.255.111
Localpref: 100
AS path: I
Communities: target:65000:101 encapsulation:vxlan(0x8)
El resultado muestra las rutas de tipo 2 para 56:04:15:00:bb:02. El distintivo de ruta es de Leaf-1 y está configurado en 10.1.255.111:1.
Verificación de rutas importadas
Propósito
Compruebe que la ruta EVPN tipo 2 está importada.
Acción
En Core-1, compruebe si las rutas EVPN tipo 2 se importan correctamente desde la bgp.evpn.0 tabla a la instancia del conmutador EVPN.
Significado
El resultado muestra que, en el conmutador virtual de Tenant_A, la ruta EVPN tipo 2 se anuncia con el destino correcto, target:1:101. Utilice la extensive opción para revisar la ruta de tipo 2 con mayor detalle.
lab@core-1> show route table VS_VLAN101.evpn.0 evpn-mac-address 56:04:15:00:bb:02
VS_VLAN101.evpn.0: 18 destinations, 25 routes (18 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2:10.1.255.111:1::101::56:04:15:00:bb:02/304 MAC/IP
*[BGP/170] 1w1d 20:50:01, localpref 100, from 10.1.255.111
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
[BGP/170] 3d 02:56:43, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
2:10.1.255.111:1::101::56:04:15:00:bb:02::10.1.101.101/304 MAC/IP
*[BGP/170] 1w1d 20:50:01, localpref 100, from 10.1.255.111
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
[BGP/170] 3d 02:56:43, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
El resultado muestra que Core-1 recibe dos copias. El primero es el anuncio de Leaf-1 (Fuente: 10.1.255.111). El segundo es el anuncio de Core-2 (Fuente: 10.1.255.2).
Verificación de la copia del demonio de aprendizaje de direcciones de capa 2
Propósito
Verifique la copia del demonio de aprendizaje de direcciones de capa 2.
Acción
Verifique la copia del demonio de aprendizaje de direcciones de capa 2 ingresando el show bridge-mac table comando.
Significado
El resultado muestra que se puede acceder a 56:04:15:00:bb:02 a través de la interfaz lógica vtep.32771 a Leaf-1.
lab@core-1> show bridge mac-table instance VS_VLAN101
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC, FU - Fast Update)
Routing instance : VS_VLAN101
Bridging domain : bd101, VLAN : 101
MAC MAC Logical Active
address flags interface source
00:00:5e:00:01:01 DRP esi.722 05:00:00:fd:e8:00:00:00:65:00
2c:6b:f5:54:95:f0 DR vtep.32779 10.1.255.2
56:04:15:00:bb:02 DR vtep.32771 10.1.255.111
En los conmutadores EX9200, el comando corresponde al show bridge mac-table instance instance-name comando utilizado aquí para los enrutadores de la show ethernet-switching table-instance instance-name serie MX
Comprobación de la tabla de reenvío a nivel de kernel
Propósito
Compruebe la tabla de reenvío a nivel de kernel, el identificador del siguiente salto y la tabla MAC y el hardware de capa 2.
Acción
Consulte la tabla de reenvío a nivel de kernel, correlacione el identificador del próximo salto del índice con el identificador de red virtual correcto y revise la tabla MAC y el hardware de capa 2.
Significado
Se puede acceder al MAC de Tenant_A, 56:04:15:00:bb:02, a través del índice 687.
lab@core-1> show route forwarding-table family bridge vpn VS_VLAN101
Routing table: VS_VLAN101.evpn-vxlan
VPLS:
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 dscd 664 1
vtep.32771 intf 0 comp 687 7
vtep.32774 intf 0 comp 691 4
vtep.32779 intf 0 comp 716 7
Routing table: VS_VLAN101.evpn-vxlan
Bridging domain: bd101.evpn-vxlan
VPLS:
Enabled protocols: Bridging, ACKed by all peers, EVPN VXLAN,
Destination Type RtRef Next hop Type Index NhRef Netif
00:00:5e:00:01:01/48 user 0 indr 1048579 2
comp 722 2
2c:6b:f5:54:95:f0/48 user 0 comp 716 7
56:04:15:00:bb:02/48 user 0 comp 687 7
0x30003/51 user 0 comp 705 2
Correlacione el índice 687 (NH-Id) con el identificador de red virtual correcto 101 y el VTEP-ID remoto de 10.1.255.111.
lab@core-1> show l2-learning vxlan-tunnel-end-point remote
Logical System Name Id SVTEP-IP IFL L3-Idx SVTEP-Mode ELP-SVTEP-IP
<default> 0 10.1.255.1 lo0.0 0
RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode ELP-IP Flags
10.1.255.2 VS_VLAN101 377 vtep.32779 716 RNVE
VNID MC-Group-IP
101 0.0.0.0
RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode ELP-IP Flags
10.1.255.111 VS_VLAN101 369 vtep.32771 687 RNVE
VNID MC-Group-IP
101 0.0.0.0
RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode ELP-IP Flags
10.1.255.112 VS_VLAN101 372 vtep.32774 691 RNVE
10.1.255.2 VS_VLAN102 376 vtep.32778 715 RNVE
VNID MC-Group-IP
102 0.0.0.0
RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode ELP-IP Flags
10.1.255.111 VS_VLAN102 370 vtep.32772 688 RNVE
VNID MC-Group-IP
102 0.0.0.0
RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode ELP-IP Flags
10.1.255.112 VS_VLAN102 373 vtep.32775 695 RNVE
VNID MC-Group-IP
102 0.0.0.0
RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode ELP-IP Flags
10.1.255.2 VS_VLAN103 375 vtep.32777 714 RNVE
VNID MC-Group-IP
103 0.0.0.0
RVTEP-IP L2-RTT IFL-Idx Interface NH-Id RVTEP-Mode ELP-IP Flags
10.1.255.111 VS_VLAN103 371 vtep.32773 689 RNVE
10.1.255.112 VS_VLAN103 374 vtep.32776 692 RNVE
VNID MC-Group-IP
103 0.0.0.0
En los conmutadores EX9200, el comando corresponde al show l2-learning comando que se muestra aquí para los enrutadores de la show ethernet-switching serie MX.
Verificación de la accesibilidad de MAC a un dispositivo CE de multihost
Propósito
Verifique la accesibilidad de MAC al dispositivo Tenant_B CE de multihost en Leaf-1 y Leaf-2.
Acción
Verifique que Leaf-1 y Leaf-2 anuncien la accesibilidad de tipo 1 y tipo 2 hacia el dispositivo CE de multiconexión.
lab@leaf-1> show ethernet-switching table vlan-id 102
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
Ethernet switching table : 4 entries, 4 learned
Routing instance : default-switch
Vlan MAC MAC Logical SVLBNH/ Active
name address flags interface VENH Index source
v102 00:00:5e:00:01:01 DR esi.1748 05:00:00:fd:e8:00:00:00:66:00
v102 2c:6b:f5:43:12:c0 DL ae0.0
v102 2c:6b:f5:54:95:f0 D vtep.32770 10.1.255.2
v102 2c:6b:f5:ef:73:f0 D vtep.32769 10.1.255.1
lab@leaf-2> show ethernet-switching table vlan-id 102
MAC flags (S - static MAC, D - dynamic MAC, L - locally learned, P - Persistent static
SE - statistics enabled, NM - non configured MAC, R - remote PE MAC, O - ovsdb MAC)
Ethernet switching table : 4 entries, 4 learned
Routing instance : default-switch
Vlan MAC MAC Logical SVLBNH/ Active
name address flags interface VENH Index source
v102 00:00:5e:00:01:01 DR esi.1749 05:00:00:fd:e8:00:00:00:66:00
v102 2c:6b:f5:43:12:c0 DR ae0.0
v102 2c:6b:f5:54:95:f0 D vtep.32769 10.1.255.2
v102 2c:6b:f5:ef:73:f0 D vtep.32770 10.1.255.1
Significado
El resultado muestra que 2c:6b:f5:43:12:c0 representa el MAC del Tenant_B conectado a Leaf-1 y Leaf-2.
Comprobación de EVPN, el demonio de aprendizaje de direcciones de capa 2 y las tablas de reenvío de kernel para dispositivos CE de host múltiple
Propósito
Compruebe la tabla EVPN del inquilino B y la tabla de demonio de aprendizaje de direcciones de capa 2 y la tabla de reenvío de kernel del núcleo 2.
Acción
En Core-1, muestre la tabla EVPN del inquilino B.
lab@core-1> show route table VS_VLAN102.evpn.0
VS_VLAN102.evpn.0: 20 destinations, 29 routes (20 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
1:10.1.255.2:0::050000fde80000006600::FFFF:FFFF/192 AD/ESI
*[BGP/170] 2d 23:43:32, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
to 10.1.11.2 via xe-0/2/0.0
> to 10.1.12.2 via xe-0/2/1.0
1:10.1.255.111:0::010101010101010101::FFFF:FFFF/192 AD/ESI
*[BGP/170] 00:14:59, localpref 100, from 10.1.255.111
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:14:58, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
1:10.1.255.111:1::010101010101010101::0/192 AD/EVI
*[BGP/170] 00:15:00, localpref 100, from 10.1.255.111
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:14:59, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
1:10.1.255.112:0::010101010101010101::FFFF:FFFF/192 AD/ESI
*[BGP/170] 00:10:13, localpref 100, from 10.1.255.112
AS path: I, validation-state: unverified
to 10.1.11.2 via xe-0/2/0.0
> to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:10:13, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
to 10.1.11.2 via xe-0/2/0.0
> to 10.1.12.2 via xe-0/2/1.0
1:10.1.255.112:1::010101010101010101::0/192 AD/EVI
*[BGP/170] 00:10:14, localpref 100, from 10.1.255.112
AS path: I, validation-state: unverified
to 10.1.11.2 via xe-0/2/0.0
> to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:10:14, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
to 10.1.11.2 via xe-0/2/0.0
> to 10.1.12.2 via xe-0/2/1.0
2:10.1.255.1:102::102::00:00:5e:00:01:01/304 MAC/IP
*[EVPN/170] 2d 23:44:03
Indirect
2:10.1.255.1:102::102::2c:6b:f5:ef:73:f0/304 MAC/IP
*[EVPN/170] 2d 23:44:03
Indirect
2:10.1.255.2:102::102::00:00:5e:00:01:01/304 MAC/IP
*[BGP/170] 2d 23:43:32, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
to 10.1.11.2 via xe-0/2/0.0
> to 10.1.12.2 via xe-0/2/1.0
2:10.1.255.2:102::102::2c:6b:f5:54:95:f0/304 MAC/IP
*[BGP/170] 2d 23:43:32, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
2:10.1.255.111:1::102::2c:6b:f5:43:12:c0/304 MAC/IP
*[BGP/170] 00:14:49, localpref 100, from 10.1.255.111
AS path: I, validation-state: unverified
to 10.1.11.2 via xe-0/2/0.0
> to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:14:49, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
to 10.1.11.2 via xe-0/2/0.0
> to 10.1.12.2 via xe-0/2/1.0
2:10.1.255.112:1::102::2c:6b:f5:43:12:c0/304 MAC/IP
*[BGP/170] 00:09:24, localpref 100, from 10.1.255.112
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:09:24, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
2:10.1.255.1:102::102::00:00:5e:00:01:01::10.1.102.254/304 MAC/IP
*[EVPN/170] 2d 23:44:03
Indirect
2:10.1.255.1:102::102::2c:6b:f5:ef:73:f0::10.1.102.1/304 MAC/IP
*[EVPN/170] 2d 23:44:03
Indirect
2:10.1.255.2:102::102::00:00:5e:00:01:01::10.1.102.254/304 MAC/IP
*[BGP/170] 2d 23:43:32, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
2:10.1.255.2:102::102::2c:6b:f5:54:95:f0::10.1.102.2/304 MAC/IP
*[BGP/170] 2d 23:43:32, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
2:10.1.255.112:1::102::2c:6b:f5:43:12:c0::10.1.102.101/304 MAC/IP
*[BGP/170] 00:06:19, localpref 100, from 10.1.255.112
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:06:18, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
3:10.1.255.1:102::102::10.1.255.1/248 IM
*[EVPN/170] 2d 23:45:49
Indirect
3:10.1.255.2:102::102::10.1.255.2/248 IM
*[BGP/170] 2d 23:44:03, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
3:10.1.255.111:1::102::10.1.255.111/248 IM
*[BGP/170] 00:14:58, localpref 100, from 10.1.255.111
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:14:58, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
3:10.1.255.112:1::102::10.1.255.112/248 IM
*[BGP/170] 00:10:17, localpref 100, from 10.1.255.112
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
[BGP/170] 00:10:17, localpref 100, from 10.1.255.2
AS path: I, validation-state: unverified
> to 10.1.11.2 via xe-0/2/0.0
to 10.1.12.2 via xe-0/2/1.0
Muestre la tabla de demonio de aprendizaje de direcciones de capa 2 de Core-1.
lab@core-1> show bridge mac-table instance VS_VLAN102
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC, FU - Fast Update)
Routing instance : VS_VLAN102
Bridging domain : bd102, VLAN : 102
MAC MAC Logical Active
address flags interface source
00:00:5e:00:01:01 DRP esi.708 05:00:00:fd:e8:00:00:00:66:00
2c:6b:f5:43:12:c0 DR esi.719 00:01:01:01:01:01:01:01:01:01
2c:6b:f5:54:95:f0 DR vtep.32772 10.1.255.2
En los conmutadores EX9200, el comando corresponde al show bridge mac-table instance instance-name comando que se muestra aquí para los enrutadores de la show ethernet-switching table-instance instance-name serie MX
Muestra la tabla de reenvío del kernel de Core-1.
lab@core-1> show route forwarding-table vpn VS_VLAN102
Routing table: VS_VLAN102.evpn-vxlan
VPLS:
Destination Type RtRef Next hop Type Index NhRef Netif
default perm 0 dscd 544 1
vtep.32772 intf 0 comp 688 7
vtep.32775 intf 0 comp 716 5
vtep.32778 intf 0 comp 722 5
Routing table: VS_VLAN102.evpn-vxlan
Bridging domain: bd102.evpn-vxlan
VPLS:
Enabled protocols: Bridging, ACKed by all peers, EVPN VXLAN,
Destination Type RtRef Next hop Type Index NhRef Netif
00:00:5e:00:01:01/48 user 0 indr 1048574 2
comp 708 2
2c:6b:f5:43:12:c0/48 user 0 indr 1048578 3
comp 719 2
2c:6b:f5:54:95:f0/48 user 0 comp 688 7
0x30004/51 user 0 comp 702 2
Significado
Para el dispositivo Tenant_B CE, se enumeran cuatro rutas diferentes para ESI 00:01:01:01:01:01:01:01:01:01:
-
1:10.1.255.111:0::010101010101010101::FFFF:FFFF/192 AD/ESI
Esta ruta EVPN por segmento A-D tipo 1 por Ethernet se originó en Leaf-1. El diferenciador de ruta se obtiene a nivel
routing-optionsglobal. El núcleo-1 recibe esta ruta de tipo 1, originada a partir de la hoja-1, tanto de la hoja-1 como de la hoja-2. -
1:10.1.255.111:1::010101010101010101::0/192 AD/EVI
Esta es la ruta EVPN A-D tipo 1 por EVI. El diferenciador de ruta se obtiene de la instancia de enrutamiento o, en el caso de QFX5100, del
switch-optionsarchivo . El núcleo-1 recibe esta ruta de tipo 1, originada a partir de la hoja-1, tanto de la hoja-1 como de la hoja-2. -
1:10.1.255.112:0::010101010101010101::FFFF:FFFF/192 AD/ESI
Esta es la ruta EVPN por segmento A-D tipo 1 por Ethernet originada en Leaf-2. El diferenciador de ruta se obtiene a nivel
routing-optionsglobal. El Núcleo-1 recibe esta ruta Tipo-1, originada a partir de la Hoja-2, tanto de la Hoja-2 como de la Hoja-1. -
1:10.1.255.112:1::010101010101010101::0/192 AD/EVI
Esta es la ruta EVPN A-D tipo 1 por EVI. El diferenciador de ruta se obtiene de la instancia de enrutamiento o, en el caso de QFX5100,
switch-options. El Núcleo-1 recibe esta ruta Tipo-1, originada a partir de la Hoja-2, tanto de la Hoja-2 como de la Hoja-1.
Las rutas de tipo 2 para las dos MAC físicas y una virtual asociadas con el dispositivo CE de host múltiple Tenant_B se originan como se esperaba.
A partir de la salida, aún no podemos determinar qué VTEP se utilizan para reenviar a ESI 00:01:01:01:01:01:01:01:01. Para determinar el VTEPS, muestre las ESI del extremo del túnel VXLAN.
lab@core-1> show l2-learning vxlan-tunnel-end-point esi
ESI RTT VLNBH INH ESI-IFL LOC-IFL #RVTEPs
00:01:01:01:01:01:01:01:01:01 VS_VLAN101 718 1048577 esi.718 2 Aliasing
RVTEP-IP RVTEP-IFL VENH MASK-ID FLAGS MAC-COUNT
10.1.255.112 vtep.32779 723 1 2 0
10.1.255.111 vtep.32774 714 0 2 0
...
En los conmutadores EX9200, el comando corresponde al show l2-learning comando que se muestra aquí para los enrutadores de la show ethernet-switching serie MX.
El resultado muestra el equilibrio de carga activo en las interfaces VTEP tanto para Leaf-1 como para Leaf-2 para las direcciones MAC en este ESI, lo que valida la configuración totalmente activa en Leaf-1 y Leaf-2.