VXLAN_NX-OS
今回はCiscoのみ
以下の構成でN9kをVXLANで構成してみる。
考え方は↓
1.BGPのLoolback広告用→OSPF
2.実際のパケットが流れる→BGP
3.Vlan10 →VNI 10010
以下Config
N9k01
nv overlay evpn
feature ospf
feature bgp
feature vn-segment-vlan-based
feature lldp
feature nv overlayinterface Ethernet1/49
description To_n9k03
no switchport
mtu 9000
ip address 192.168.2.1/24
ip router ospf 1 area 0.0.0.0
no shutdown
interface Ethernet1/53
description To_N9k02
no switchport
mtu 9000
ip address 192.168.1.1/24
ip router ospf 1 area 0.0.0.0
no shutdowninterface loopback0
ip address 1.1.1.1/32
ip router ospf 1 area 0.0.0.0router ospf 1
router-id 1.1.1.1router bgp 1
router-id 1.1.1.1
log-neighbor-changes
neighbor 2.2.2.2
remote-as 1
update-source loopback0
address-family l2vpn evpn
send-community both
route-reflector-client
neighbor 3.3.3.3
remote-as 1
update-source loopback0
address-family l2vpn evpn
send-community both
route-reflector-client
N9k02
nv overlay evpn
feature ospf
feature bgp
feature vn-segment-vlan-based
feature lldp
feature nv overlayvlan 10
name Vlan10
vn-segment 10010interface nve1
no shutdown
source-interface loopback1
host-reachability protocol bgp
member vni 10010
ingress-replication protocol bgpinterface Ethernet1/1
switchport access vlan 10interface Ethernet1/53
description To_n9k01
no switchport
mtu 9000
ip address 192.168.1.2/24
ip router ospf 1 area 0.0.0.0
no shutdowninterface loopback0
ip address 2.2.2.2/32
ip router ospf 1 area 0.0.0.0interface loopback1
ip address 10.10.10.2/32
ip router ospf 1 area 0.0.0.0router ospf 1
router-id 2.2.2.2router bgp 1
router-id 2.2.2.2
neighbor 1.1.1.1
remote-as 1
update-source loopback0
address-family l2vpn evpn
send-community bothevpn
vni 10010 l2
rd auto
route-target import auto
route-target export auto
N9k03
nv overlay evpn
feature ospf
feature bgp
feature vn-segment-vlan-based
feature lldp
feature nv overlayvlan 10
name Vlan10
vn-segment 10010interface nve1
no shutdown
source-interface loopback1
host-reachability protocol bgp
member vni 10010
ingress-replication protocol bgpinterface Ethernet1/1
switchport access vlan 10interface Ethernet1/49
description To_n9k01
no switchport
mtu 9000
ip address 192.168.2.2/24
ip router ospf 1 area 0.0.0.0
no shutdowninterface loopback0
ip address 3.3.3.3/32
ip router ospf 1 area 0.0.0.0interface loopback1
ip address 10.10.10.3/32
ip router ospf 1 area 0.0.0.0router ospf 1
router-id 3.3.3.3router bgp 1
router-id 3.3.3.3
neighbor 1.1.1.1
remote-as 1
update-source loopback0
address-family l2vpn evpn
send-community bothevpn
vni 10010 l2
rd auto
route-target import auto
route-target export auto
確認
N9k02
# show vxlan
Vlan VN-Segment
==== ==========
10 10010
# show interface nve 1
nve1 is up
admin state is up, Hardware: NVE
MTU 9216 bytes
Encapsulation VXLAN
Auto-mdix is turned off
RX
ucast: 35 pkts, 30898 bytes - mcast: 5 pkts, 570 bytes
TX
ucast: 36 pkts, 31004 bytes - mcast: 0 pkts, 0 bytes
# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 10, local router ID is 2.2.2.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backupNetwork Next Hop Metric LocPrf Weight Path
Route Distinguisher: 2.2.2.2:32777 (L2VNI 10010)
*>l[2]:[0]:[0]:[48]:[cce1.xxxx.3b07]:[0]:[0.0.0.0]/216
10.10.10.2 100 32768 i
*>i[2]:[0]:[0]:[48]:[cce1.xxxx.3d07]:[0]:[0.0.0.0]/216
10.10.10.3 100 0 i
*>l[3]:[0]:[32]:[10.10.10.2]/88
10.10.10.2 100 32768 i
*>i[3]:[0]:[32]:[10.10.10.3]/88
10.10.10.3 100 0 iRoute Distinguisher: 3.3.3.3:32777
*>i[2]:[0]:[0]:[48]:[cce1.xxxx.3d07]:[0]:[0.0.0.0]/216
10.10.10.3 100 0 i
*>i[3]:[0]:[32]:[10.10.10.3]/88
10.10.10.3 100 0 i
・
・・
・・・
これは自身のが曖昧なので、ちょっと整理するのが難しくConfigを張り付けるので断念。
