はじめに
このドキュメントでは、Cisco Nexus VXLAN EVPNの基本設定及び設定方法を紹介いたします。
使用するトポロジ
設定方法
STEP1, アンダーレイネットワークの設定
各VTEPに疎通性を持たせるため、アンダーレイネットワークを構築します。
また、今回はルーティングプロトコルとしてOSPFを使用し、各LeafではLoopback 0をEVPN MP-BGPで使用するSource I/Fとして設定しておきます。
Spine :
conf t
!
feature ospf
!
router ospf UNDERLAY
router-id 1.1.1.1
!
interface loopback 0
ip address 1.1.1.1/32
ip router ospf UNDERLAY area 0
no shutdown
!
interface ethernet 1/3
no switchport
ip address 192.168.13.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
mtu 9216
no shutdown
!
interface ethernet 1/4
no switchport
ip address 192.168.14.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
mtu 9216
no shutdown
!
end
Leaf101 :
conf t
!
feature ospf
!
router ospf UNDERLAY
router-id 3.3.3.3
!
interface loopback 0
ip address 3.3.3.3/32
ip router ospf UNDERLAY area 0
no shutdown
!
interface ethernet 1/3
no switchport
ip address 192.168.13.3/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
mtu 9216
no shutdown
!
end
Leaf102 :
conf t
!
feature ospf
!
router ospf UNDERLAY
router-id 4.4.4.4
!
interface loopback 0
ip address 4.4.4.4/32
ip router ospf UNDERLAY area 0
no shutdown
!
interface ethernet 1/4
no switchport
ip address 192.168.14.4/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
mtu 9216
no shutdown
!
end
上記設定が完了すると、Spineと各LeafがOSPF neighborを形成できていることが確認できます。
Spine# show ip ospf neighbors
OSPF Process ID UNDERLAY VRF default
Total number of neighbors: 2
Neighbor ID Pri State Up Time Address Interface
3.3.3.3 1 FULL/ - 00:00:02 192.168.13.3 Eth1/3
4.4.4.4 1 FULL/ - 00:00:01 192.168.14.4 Eth1/4
!
Leaf101# show ip ospf neighbors
OSPF Process ID UNDERLAY VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
1.1.1.1 1 FULL/ - 00:00:28 192.168.13.1 Eth1/3
!
Leaf102# show ip ospf neighbors
OSPF Process ID UNDERLAY VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
1.1.1.1 1 FULL/ - 00:01:04 192.168.14.1 Eth1/4
STEP2, EVPN MP-BGPの設定
ホストの情報交換やVTEPの検出を行うため、EVPN MP-BGPを設定します。
また、Spineは各LeafのRR(Route Reflector)とします。
Spine :
conf t
!
feature bgp
nv overlay evpn
!
router bgp 10000
neighbor 3.3.3.3
remote-as 10000
update-source lo 0
address-family l2vpn evpn
send-community both
route-reflector-client
!
neighbor 4.4.4.4
remote-as 10000
update-source lo 0
address-family l2vpn evpn
send-community both
route-reflector-client
!
end
Leaf101, 102 :
conf t
!
feature bgp
nv overlay evpn
!
router bgp 10000
neighbor 1.1.1.1
remote-as 10000
update-source lo 0
address-family l2vpn evpn
send-community both
!
end
上記設定が完了すると、Spineと各LeafがMP-BGP neighborを形成できていることが確認できます。
Spine# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 1.1.1.1, local AS number 10000
BGP table version is 4, L2VPN EVPN config peers 2, capable peers 2
0 network entries and 0 paths using 0 bytes of memory
BGP attribute entries [0/0], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
3.3.3.3 4 10000 6 6 4 0 0 00:00:15 0
4.4.4.4 4 10000 7 7 4 0 0 00:01:16 0
!
Leaf101# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 3.3.3.3, local AS number 10000
BGP table version is 3, L2VPN EVPN config peers 1, capable peers 1
0 network entries and 0 paths using 0 bytes of memory
BGP attribute entries [0/0], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 10000 6 6 3 0 0 00:00:47 0
!
Leaf102# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 4.4.4.4, local AS number 10000
BGP table version is 3, L2VPN EVPN config peers 1, capable peers 1
0 network entries and 0 paths using 0 bytes of memory
BGP attribute entries [0/0], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
1.1.1.1 4 10000 8 8 3 0 0 00:02:17 0
STEP3, オーバーレイネットワーク(VXLAN EVPN)の設定
VXLANにてL2延伸を行うため、オーバーレイネットワークを構築します。
仮想ネットワーク(L2 VNI)を定義し、VLAN及びVXLAN トンネルインターフェース(NVEインターフェース)との紐付けを行います。
また、VXLANでカプセル化する際のSource I/FとしてLoopback 1を設定します。
Leaf101 :
conf t
!
feature vn-segment-vlan-based
!
vlan 100
vn-segment 10100
!
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
!
interface loopback 1
ip add 33.33.33.33/32
ip router ospf UNDERLAY area 0
no shutdown
!
feature nv overlay
!
interface nve 1
source-interface lo 1
host-reachability protocol bgp
member vni 10100
ingress-replication protocol bgp
no shutdown
Leaf102 :
conf t
!
feature vn-segment-vlan-based
!
vlan 100
vn-segment 10100
!
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
!
interface loopback 1
ip address 44.44.44.44/32
ip router ospf UNDERLAY area 0
no shutdown
!
feature nv overlay
!
interface nve 1
source-interface lo 1
host-reachability protocol bgp
member vni 10100
ingress-replication protocol bgp
no shutdown
最後に、Leafに接続するHostのための設定を行います。
今回はanycast-gateway-macを各Leafに設定し、各LeafのSVI 100に紐づくMACアドレスを統一します。これにより、vMotionなどが発生した際もHostはゲートウェイの情報を書き換え・更新する必要がなくなります。
Leaf101, 102 :
conf t
!
interface ethernet 1/5
switchport access vlan 100
no shutdown
!
fabric forwarding anycast-gateway-mac 2020.0000.00aa
feature interface-vlan
!
interface vlan 100
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
no shutdown
上記設定が完了し、Host1(192.168.100.1/24)からHost2(192.168.100.2/24)に通信を行おうとすると、VXLAN EVPNによりSpineや各LeafにHostの情報が広報され、通信が可能となります。
Spine# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 9, Local Router ID is 1.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 3.3.3.3:32867
*>i[3]:[0]:[32]:[33.33.33.33]/88
33.33.33.33 100 0 i
Route Distinguisher: 4.4.4.4:32867
*>i[3]:[0]:[32]:[44.44.44.44]/88
44.44.44.44 100 0 i
!
Spine# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 14, Local Router ID is 1.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 3.3.3.3:32867
*>i[2]:[0]:[0]:[48]:[2c31.24fa.e264]:[0]:[0.0.0.0]/216
33.33.33.33 100 0 i
*>i[2]:[0]:[0]:[48]:[2c31.24fa.e264]:[32]:[192.168.100.1]/248
33.33.33.33 100 0 i
*>i[3]:[0]:[32]:[33.33.33.33]/88
33.33.33.33 100 0 i
Route Distinguisher: 4.4.4.4:32867
*>i[2]:[0]:[0]:[48]:[c4b9.cd0d.7f64]:[0]:[0.0.0.0]/216
44.44.44.44 100 0 i
*>i[2]:[0]:[0]:[48]:[c4b9.cd0d.7f64]:[32]:[192.168.100.2]/248
44.44.44.44 100 0 i
*>i[3]:[0]:[32]:[44.44.44.44]/88
44.44.44.44 100 0 iLeaf101# show nve peers detail
Details of nve Peers:
----------------------------------------
Peer-Ip: 44.44.44.44
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:00:59
Router-Mac : n/a
Peer First VNI : 10100
Time since Create : 00:00:59
Configured VNIs : 10100
Provision State : peer-add-complete
Learnt CP VNIs : 10100
vni assignment mode : SYMMETRIC
Peer Location : N/A
!
Leaf101# show nve internal platform interface nve 1 detail
Printing Interface ifindex 0x49000001 detail
|======|=========================|===============|===============|=====|=====|
|Intf |State |PriIP |SecIP |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1 |UP |33.33.33.33 |0.0.0.0 |1 |1 |
|======|=========================|===============|===============|=====|=====|
SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|========
|Sw BD |Vni |State |Intf |Type|Vrf-ID|Notified
|======|======|=========================|======|====|======|========
|100 |10100 |UP |nve1 |CP |0 |Yes
|======|======|=========================|======|====|======|========
Peers of interface nve1:
============================================
Peer_ip: 44.44.44.44
Peer-ID : 1
State : UP
Learning : Disabled
TunnelID : 0x0
Mode : Symmetric
MAC : 0000.0000.0000
Table-ID : 0x1
Encap : 0x0
!
Leaf101# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 12, Local Router ID is 3.3.3.3
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 3.3.3.3:32867 (L2VNI 10100)
*>l[2]:[0]:[0]:[48]:[2c31.24fa.e264]:[0]:[0.0.0.0]/216
33.33.33.33 100 32768 i
*>i[2]:[0]:[0]:[48]:[c4b9.cd0d.7f64]:[0]:[0.0.0.0]/216
44.44.44.44 100 0 i
*>l[2]:[0]:[0]:[48]:[2c31.24fa.e264]:[32]:[192.168.100.1]/248
33.33.33.33 100 32768 i
*>i[2]:[0]:[0]:[48]:[c4b9.cd0d.7f64]:[32]:[192.168.100.2]/248
44.44.44.44 100 0 i
*>l[3]:[0]:[32]:[33.33.33.33]/88
33.33.33.33 100 32768 i
*>i[3]:[0]:[32]:[44.44.44.44]/88
44.44.44.44 100 0 i
Route Distinguisher: 4.4.4.4:32867
*>i[2]:[0]:[0]:[48]:[c4b9.cd0d.7f64]:[0]:[0.0.0.0]/216
44.44.44.44 100 0 i
*>i[2]:[0]:[0]:[48]:[c4b9.cd0d.7f64]:[32]:[192.168.100.2]/248
44.44.44.44 100 0 i
*>i[3]:[0]:[32]:[44.44.44.44]/88
44.44.44.44 100 0 i
!
Leaf101# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 100 2c31.24fa.e264 dynamic 0 F F Eth1/5
C 100 c4b9.cd0d.7f64 dynamic 0 F F nve1(44.44.44.44)
G - 2020.0000.00aa static - F F sup-eth1(R)
G - 2cd0.2d51.7ab5 static - F F sup-eth1(R)
G 100 2cd0.2d51.7ab5 static - F F sup-eth1(R)Leaf102# show nve peers detail
Details of nve Peers:
----------------------------------------
Peer-Ip: 33.33.33.33
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:05:50
Router-Mac : n/a
Peer First VNI : 10100
Time since Create : 00:05:50
Configured VNIs : 10100
Provision State : peer-add-complete
Learnt CP VNIs : 10100
vni assignment mode : SYMMETRIC
Peer Location : N/A
!
Leaf102# show nve internal platform interface nve 1 detail
Printing Interface ifindex 0x49000001 detail
|======|=========================|===============|===============|=====|=====|
|Intf |State |PriIP |SecIP |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1 |UP |44.44.44.44 |0.0.0.0 |1 |1 |
|======|=========================|===============|===============|=====|=====|
SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|========
|Sw BD |Vni |State |Intf |Type|Vrf-ID|Notified
|======|======|=========================|======|====|======|========
|100 |10100 |UP |nve1 |CP |0 |Yes
|======|======|=========================|======|====|======|========
Peers of interface nve1:
============================================
Peer_ip: 33.33.33.33
Peer-ID : 1
State : UP
Learning : Disabled
TunnelID : 0x0
Mode : Symmetric
MAC : 0000.0000.0000
Table-ID : 0x1
Encap : 0x0
!
Leaf102# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 12, Local Router ID is 4.4.4.4
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 3.3.3.3:32867
*>i[2]:[0]:[0]:[48]:[2c31.24fa.e264]:[0]:[0.0.0.0]/216
33.33.33.33 100 0 i
*>i[2]:[0]:[0]:[48]:[2c31.24fa.e264]:[32]:[192.168.100.1]/248
33.33.33.33 100 0 i
*>i[3]:[0]:[32]:[33.33.33.33]/88
33.33.33.33 100 0 i
Route Distinguisher: 4.4.4.4:32867 (L2VNI 10100)
*>i[2]:[0]:[0]:[48]:[2c31.24fa.e264]:[0]:[0.0.0.0]/216
33.33.33.33 100 0 i
*>l[2]:[0]:[0]:[48]:[c4b9.cd0d.7f64]:[0]:[0.0.0.0]/216
44.44.44.44 100 32768 i
*>i[2]:[0]:[0]:[48]:[2c31.24fa.e264]:[32]:[192.168.100.1]/248
33.33.33.33 100 0 i
*>l[2]:[0]:[0]:[48]:[c4b9.cd0d.7f64]:[32]:[192.168.100.2]/248
44.44.44.44 100 32768 i
*>i[3]:[0]:[32]:[33.33.33.33]/88
33.33.33.33 100 0 i
*>l[3]:[0]:[32]:[44.44.44.44]/88
44.44.44.44 100 32768 i
!
Leaf102# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 1 2cd0.2d51.7ab5 dynamic 0 F F Eth1/3
C 100 2c31.24fa.e264 dynamic 0 F F nve1(33.33.33.33)
* 100 c4b9.cd0d.7f64 dynamic 0 F F Eth1/5
G - 2020.0000.00aa static - F F sup-eth1(R)
G - 2cd0.2d51.6565 static - F F sup-eth1(R)
G 100 2cd0.2d51.6565 static - F F sup-eth1(R)
設定例
Spine :
conf t
!
feature ospf
feature bgp
nv overlay evpn
!
router ospf UNDERLAY
router-id 1.1.1.1
!
interface loopback 0
ip address 1.1.1.1/32
ip router ospf UNDERLAY area 0
no shutdown
!
interface ethernet 1/3
no switchport
ip address 192.168.13.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
mtu 9216
no shutdown
!
interface ethernet 1/4
no switchport
ip address 192.168.14.1/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
mtu 9216
no shutdown
!
router bgp 10000
neighbor 3.3.3.3
remote-as 10000
update-source lo 0
address-family l2vpn evpn
send-community both
route-reflector-client
!
neighbor 4.4.4.4
remote-as 10000
update-source lo 0
address-family l2vpn evpn
send-community both
route-reflector-client
!
end
Leaf101 :
conf t
!
feature ospf
feature bgp
feature nv overlay
feature vn-segment-vlan-based
feature interface-vlan
!
nv overlay evpn
!
fabric forwarding anycast-gateway-mac 2020.0000.00aa
!
vlan 100
vn-segment 10100
!
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
!
router ospf UNDERLAY
router-id 3.3.3.3
!
router bgp 10000
neighbor 1.1.1.1
remote-as 10000
update-source loopback 0
address-family l2vpn evpn
send-community both
!
interface loopback 0
ip address 3.3.3.3/32
ip router ospf UNDERLAY area 0
no shutdown
!
interface loopback 1
ip add 33.33.33.33/32
ip router ospf UNDERLAY area 0
no shutdown
!
interface nve 1
source-interface loopback 1
host-reachability protocol bgp
member vni 10100
ingress-replication protocol bgp
no shutdown
!
interface ethernet 1/3
no switchport
ip address 192.168.13.3/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
mtu 9216
no shutdown
!
interface ethernet 1/5
switchport access vlan 100
no shutdown
!
interface vlan 100
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
no shutdown
!
end
Leaf102 :
conf t
!
feature ospf
feature bgp
feature nv overlay
feature vn-segment-vlan-based
feature interface-vlan
!
nv overlay evpn
!
fabric forwarding anycast-gateway-mac 2020.0000.00aa
!
vlan 100
vn-segment 10100
!
evpn
vni 10100 l2
rd auto
route-target import auto
route-target export auto
!
router ospf UNDERLAY
router-id 4.4.4.4
!
router bgp 10000
neighbor 1.1.1.1
remote-as 10000
update-source loopback 0
address-family l2vpn evpn
send-community both
!
interface loopback 0
ip address 4.4.4.4/32
ip router ospf UNDERLAY area 0
no shutdown
!
interface loopback 1
ip address 44.44.44.44/32
ip router ospf UNDERLAY area 0
no shutdown
!
interface nve 1
source-interface lo 1
host-reachability protocol bgp
member vni 10100
ingress-replication protocol bgp
no shutdown
!
interface ethernet 1/4
no switchport
ip address 192.168.14.4/24
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
mtu 9216
no shutdown
!
interface ethernet 1/5
switchport access vlan 100
no shutdown
!
interface vlan 100
ip address 192.168.100.254/24
fabric forwarding mode anycast-gateway
no shutdown
!
end
関連コンテンツ
Nexus スイッチ (NX-OS) : 設定例
参考情報
Configuration Guide : Configuring VXLAN BGP EVPN
