はじめに
本ドキュメントでは、Catalyst においての、EVPN VXLAN L2 Overlay ( underlay multicast )の設定について解説します。
本ドキュメントの検証にあたり、Cisco Modeling Labs ( CML )および cat9000v-17.11 を使用しています。
※ CML、cat9000v-17.11 の取得および使用方法については、本ドキュメントでは扱いません
Back-to-Back L2 VNI Configurations
Topology
EVPN VXLAN L2 Overlay 設定
- VTEPでのL2 VPN EVPNの設定
- VTEPのVLANでのEVPNインスタンス設定
- VTEP の VLAN でのアクセス側インターフェイスの設定
- VTEP でのループバック インターフェイスの設定
- VTEP での NVE インターフェイスの設定
- EVPN アドレスファミリを使用した VTEP での BGP の設定
1. VTEPでのL2 VPN EVPNの設定
hostname VTEP-1
(snip)
!
l2vpn evpn
logging peer state
replication-type static
router-id Loopback0
!
l2vpn evpn instance 10 vlan-based <<< 10 = vlan id
encapsulation vxlan
!
2. VTEPのVLANでのEVPNインスタンス設定
hostname VTEP-1
(snip)
!
vlan configuration 10 <<< 10 = vlan id
member evpn-instance 10 vni 10010
!
3. VTEP の VLAN でのアクセス側インターフェイスの設定
hostname VTEP-1
(snip)
!
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
4.VTEP でのループバック インターフェイスの設定
hostname VTEP-1
(snip)
!
interface Loopback0
ip address 172.16.255.1 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
5. VTEP での NVE インターフェイスの設定
hostname VTEP-1
(snip)
!
interface nve1
no ip address
source-interface Loopback0
host-reachability protocol bgp
member vni 10010 mcast-group 225.0.0.1
!
6. EVPN アドレスファミリを使用した VTEP での BGP の設定
hostname VTEP-1
(snip)
!
router bgp 65000
bgp log-neighbor-changes
neighbor 172.16.255.2 remote-as 65000
neighbor 172.16.255.2 update-source Loopback0
!
address-family ipv4
neighbor 172.16.255.2 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 172.16.255.2 activate
neighbor 172.16.255.2 send-community both
exit-address-family
!
VXLANのカプセル化に50byteオーバーヘッドが発生するため、MTUを拡張
system mtu 8978
アンダーレイマルチキャスト設定
hostname VTEP-1
!
(snip)
ip multicast-routing
!
interface Loopback0
ip address 172.16.255.1 255.255.255.255
ip pim sparse-mode
!
interface GigabitEthernet1/0/2
ip pim sparse-mode
!
ip pim rp-address 172.16.255.1
!
VTEP-1 Full Config
hostname VTEP-1
!
ip routing
!
ip multicast-routing
!
l2vpn evpn
replication-type static
router-id Loopback0
!
l2vpn evpn instance 10 vlan-based
encapsulation vxlan
!
system mtu 8978
!
vlan configuration 10
member evpn-instance 10 vni 10010
!
interface Loopback0
ip address 172.16.255.1 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
no switchport
ip address 172.16.0.1 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface nve1
no ip address
source-interface Loopback0
host-reachability protocol bgp
member vni 10010 mcast-group 225.0.0.10
!
router ospf 1
router-id 172.16.255.1
!
router bgp 65000
no bgp log-neighbor-changes
neighbor 172.16.255.2 remote-as 65000
neighbor 172.16.255.2 update-source Loopback0
!
address-family ipv4
neighbor 172.16.255.2 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 172.16.255.2 activate
neighbor 172.16.255.2 send-community both
exit-address-family
!
ip pim rp-address 172.16.255.1
!
end
VTEP-2 Full Config
hostname VTEP-2
!
ip routing
!
ip multicast-routing
!
l2vpn evpn
replication-type static
router-id Loopback0
!
l2vpn evpn instance 10 vlan-based
encapsulation vxlan
!
system mtu 8978
!
vlan configuration 10
member evpn-instance 10 vni 10010
!
interface Loopback0
ip address 172.16.255.2 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface GigabitEthernet1/0/1
switchport access vlan 10
switchport mode access
spanning-tree portfast
!
interface GigabitEthernet1/0/2
no switchport
ip address 172.16.0.2 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface nve1
no ip address
source-interface Loopback0
host-reachability protocol bgp
member vni 10010 mcast-group 225.0.0.10
!
router ospf 1
router-id 172.16.255.2
!
router bgp 65000
no bgp log-neighbor-changes
neighbor 172.16.255.1 remote-as 65000
neighbor 172.16.255.1 update-source Loopback0
!
address-family ipv4
neighbor 172.16.255.1 activate
exit-address-family
!
address-family l2vpn evpn
neighbor 172.16.255.1 activate
neighbor 172.16.255.1 send-community both
exit-address-family
!
ip pim rp-address 172.16.255.1
!
end
確認コマンド
- show nve peers
- show bgp l2vpn evpn summary
- show bgp l2vpn evpn
- show l2vpn evpn mac evi 10
- show ip mroute
- show ip mfib
- show arp
Host-1 -> Host-2へのトラフィック送信時
show nve peers
ピアリーフスイッチの NVE インターフェイスの状態の情報を表示
- state UPを確認
VTEP-1# sh nve peers
'M' - MAC entry download flag 'A' - Adjacency download flag
'4' - IPv4 flag '6' - IPv6 flag
Interface VNI Type Peer-IP RMAC/Num_RTs eVNI state flags UP time
nve1 10010 L2CP 172.16.255.2 3 10010 UP N/A 00:02:42
show bgp l2vpn evpn summary
レイヤ 2 VPN EVPN アドレスファミリの BGP 情報を表示
- BGP Neighbor がUPしていることを確認
VTEP-1#show bgp l2vpn evpn summary
(snip)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
172.16.255.2 4 65000 2 7 224 0 0 00:01:32 0
show bgp l2vpn evpn
BGP table にRoute Distinguisher: 172.16.255.2:10が登録されていることを確認
VTEP-1#sh bgp l2vpn evpn
(snip)
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 172.16.255.1:10
*> [2][172.16.255.1:10][0][48][000011111111][0][*]/20
0.0.0.0 32768 ?
*>i [2][172.16.255.1:10][0][48][000022222222][0][*]/20
172.16.255.2 0 100 0 ?
*>i [2][172.16.255.1:10][0][48][000022222222][32][192.168.10.22]/24
172.16.255.2 0 100 0 ?
*>i [2][172.16.255.1:10][0][48][5254000E90CC][0][*]/20
172.16.255.2 0 100 0 ?
*>i [2][172.16.255.1:10][0][48][5254000E90CC][128][FE80::5054:FF:FE0E:90CC]/36
172.16.255.2 0 100 0 ?
*> [2][172.16.255.1:10][0][48][5254001C6D17][0][*]/20
0.0.0.0 32768 ?
Network Next Hop Metric LocPrf Weight Path
*> [2][172.16.255.1:10][0][48][5254001C6D17][128][FE80::5054:FF:FE1C:6D17]/36
0.0.0.0 32768 ?
Route Distinguisher: 172.16.255.2:10
*>i [2][172.16.255.2:10][0][48][000022222222][0][*]/20
172.16.255.2 0 100 0 ?
*>i [2][172.16.255.2:10][0][48][000022222222][32][192.168.10.22]/24
172.16.255.2 0 100 0 ?
*>i [2][172.16.255.2:10][0][48][5254000E90CC][0][*]/20
172.16.255.2 0 100 0 ?
*>i [2][172.16.255.2:10][0][48][5254000E90CC][128][FE80::5054:FF:FE0E:90CC]/36
172.16.255.2 0 100 0 ?
show l2vpn evpn mac
VTEP-1#sh l2vpn evpn mac
MAC Address EVI VLAN ESI Ether Tag Next Hop(s)
-------------- ----- ----- ------------------------ ---------- ---------------
0000.1111.1111 10 10 0000.0000.0000.0000.0000 0 Gi1/0/1:10
0000.2222.2222 10 10 0000.0000.0000.0000.0000 0 172.16.255.2
5254.000e.90cc 10 10 0000.0000.0000.0000.0000 0 172.16.255.2
5254.001c.6d17 10 10 0000.0000.0000.0000.0000 0 Gi1/0/1:10
show ip mroute
マルチキャスト ルーティング テーブル情報を表示
VTEP-1#sh ip mroute
(snip)
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*, 225.0.0.10), 01:05:51/00:03:13, RP 172.16.255.1, flags: SJCFx
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
GigabitEthernet1/0/2, Forward/Sparse, 01:02:33/00:03:13, flags:
Tunnel0, Forward/Sparse-Dense, 01:05:51/00:00:09, flags:
(172.16.255.1, 225.0.0.10), 00:11:18/00:03:00, flags: FTx
Incoming interface: Loopback0, RPF nbr 0.0.0.0
Outgoing interface list:
GigabitEthernet1/0/2, Forward/Sparse, 00:11:18/00:03:13, flags:
(172.16.255.2, 225.0.0.10), 00:20:09/00:01:31, flags: Tx
Incoming interface: GigabitEthernet1/0/2, RPF nbr 172.16.0.2
Outgoing interface list:
Tunnel0, Forward/Sparse-Dense, 00:20:09/00:00:50, flags:
(*, 224.0.1.40), 01:07:47/00:03:18, RP 172.16.255.1, flags: SJCL
Incoming interface: Null, RPF nbr 0.0.0.0
Outgoing interface list:
GigabitEthernet1/0/2, Forward/Sparse, 01:02:33/00:03:18, flags:
Loopback0, Forward/Sparse, 01:07:46/00:02:16, flags:
show ip mfib
VTEP-1# show ip mfib
(snip)
Forwarding Counts: Pkt Count/Pkts per second/Avg Pkt Size/Kbits per second
Other counts: Total/RPF failed/Other drops
I/O Item Counts: HW Pkt Count/FS Pkt Count/PS Pkt Count Egress Rate in pps
Default
(*,224.0.0.0/4) Flags: C HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 0/0/0/0, Other: 0/0/0
(*,224.0.1.40) Flags: C HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 0/0/0/0, Other: 0/0/0
Tunnel2 Flags: A NP
GigabitEthernet1/0/2 Flags: F NS
Pkts: 0/0/0 Rate: 0 pps
Loopback0 Flags: F IC NS
Pkts: 0/0/0 Rate: 0 pps
(*,225.0.0.10) Flags: C HW
SW Forwarding: 1/0/150/0, Other: 0/0/0
HW Forwarding: 0/0/0/0, Other: 0/0/0
Tunnel2 Flags: A NP
GigabitEthernet1/0/2 Flags: F NS
Pkts: 0/0/1 Rate: 0 pps
Tunnel0, VXLAN Decap Flags: F NS
Pkts: 0/0/1 Rate: 0 pps
(172.16.255.1,225.0.0.10) Flags: HW
SW Forwarding: 0/0/0/0, Other: 0/0/0
HW Forwarding: 1761/3/155/3, Other: 0/0/0
Null0 Flags: A
GigabitEthernet1/0/2 Flags: F NS
Pkts: 0/0/0 Rate: 0 pps
(172.16.255.2,225.0.0.10) Flags: HW
SW Forwarding: 15/0/150/0, Other: 0/0/0
HW Forwarding: 4034/3/167/3, Other: 0/0/0
GigabitEthernet1/0/2 Flags: A
Tunnel0, VXLAN Decap Flags: F NS
Pkts: 0/0/15 Rate: 0 pps
show arp
Host-1#ping 192.168.10.22
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.10.22, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 306/319/345 ms
Host-1#sh arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.10.11 - 0000.1111.1111 ARPA GigabitEthernet1
Internet 192.168.10.22 72 0000.2222.2222 ARPA GigabitEthernet1
関連記事
参考情報
Cisco IOS XE Bengaluru 17.6.x(Catalyst 9300 スイッチ)BGP EVPN VXLAN コンフィギュレーションガイド
検索バーにキーワード、フレーズ、または質問を入力し、お探しのものを見つけましょう
シスコ コミュニティをいち早く使いこなしていただけるよう役立つリンクをまとめました。みなさんのジャーニーがより良いものとなるようお手伝いします
