JUNOS_EVPN_LAGあり
以前やったものは、Laefスイッチ1台のみでの接続。
実際の業務では冗長が基本なので、それを検証。
構成は以下。
下記機器のloだったり、VLAN-IFのIPは以下
ただし、Spine(vQFX01/02) とLeaf(vQFX03~vQFX06)間は、そこまで重要ではないので上図からは割愛。
そして今回もアンダーレイはeBGPで、オーバーレイはMP-BGP(iBGP)。
まずは、アンダーレイの設定
vQFX01
set interfaces xe-0/0/0 unit 0 description To_vQFX03
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.0/31
set interfaces xe-0/0/1 unit 0 description To_vQFX04
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.2/31
set interfaces xe-0/0/2 unit 0 description To_vQFX05
set interfaces xe-0/0/2 unit 0 family inet address 172.16.1.4/31
set interfaces xe-0/0/3 unit 0 description To_vQFX06
set interfaces xe-0/0/3 unit 0 family inet address 172.16.1.6/31
set interfaces lo0 unit 0 family inet address 172.16.100.1/32
set routing-options router-id 172.16.100.1
set routing-options autonomous-system 1
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.1 peer-as 3
set protocols bgp group EXT neighbor 172.16.1.3 peer-as 4
set protocols bgp group EXT neighbor 172.16.1.5 peer-as 5
set protocols bgp group EXT neighbor 172.16.1.7 peer-as 6
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet
vQFX02
set interfaces xe-0/0/0 unit 0 description To_vQFX03
set interfaces xe-0/0/0 unit 0 family inet address 172.16.2.0/31
set interfaces xe-0/0/1 unit 0 description To_vQFX04
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.2/31
set interfaces xe-0/0/2 unit 0 description To_vQFX05
set interfaces xe-0/0/2 unit 0 family inet address 172.16.2.4/31
set interfaces xe-0/0/3 unit 0 description To_vQFX06
set interfaces xe-0/0/3 unit 0 family inet address 172.16.2.6/31
set interfaces lo0 unit 0 family inet address 172.16.200.1/32
set forwarding-options storm-control-profiles default all
set routing-options router-id 172.16.200.1
set routing-options autonomous-system 2
set routing-options forwarding-table export ECMP
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.2.1 peer-as 3
set protocols bgp group EXT neighbor 172.16.2.3 peer-as 4
set protocols bgp group EXT neighbor 172.16.2.5 peer-as 5
set protocols bgp group EXT neighbor 172.16.2.7 peer-as 6
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet
vQFX03
set interfaces xe-0/0/0 unit 0 description To_vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.1/31
set interfaces xe-0/0/1 unit 0 description To_vQFX02
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.1/31
set interfaces lo0 unit 0 family inet address 172.16.30.1/32
set routing-options router-id 172.16.30.1
set routing-options autonomous-system 3
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.0 peer-as 1
set protocols bgp group EXT neighbor 172.16.2.0 peer-as 2
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet
vQFX04
set interfaces xe-0/0/0 unit 0 description To_vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.3/31
set interfaces xe-0/0/1 unit 0 description To_vQFX02
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.3/31
set interfaces lo0 unit 0 family inet address 172.16.40.1/32
set routing-options router-id 172.16.40.1
set routing-options autonomous-system 4
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.2 peer-as 1
set protocols bgp group EXT neighbor 172.16.2.2 peer-as 2
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet
vQFX05
set interfaces xe-0/0/0 unit 0 description To_vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.5/31
set interfaces xe-0/0/1 unit 0 description To_vQFX02
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.5/31
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces lo0 unit 0 family inet address 172.16.50.1/32
set routing-options router-id 172.16.50.1
set routing-options autonomous-system 5
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.4 peer-as 1
set protocols bgp group EXT neighbor 172.16.2.4 peer-as 2
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet
vQFX06
set interfaces xe-0/0/0 unit 0 description To_vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.7/31
set interfaces xe-0/0/1 unit 0 description To_vQFX02
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.7/31
set interfaces lo0 unit 0 family inet address 172.16.60.1/32
set routing-options router-id 172.16.60.1
set routing-options autonomous-system 6
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.6 peer-as 1
set protocols bgp group EXT neighbor 172.16.2.6 peer-as 2
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet
以下が、本題
vQFX03
set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces ae0 encapsulation ethernet-bridge
set interfaces ae0 esi 00:00:00:00:00:00:00:00:00:01
set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:ae:00
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v10
set protocols bgp group INT type internal
set protocols bgp group INT local-address 172.16.30.1
set protocols bgp group INT family evpn signaling
set protocols bgp group INT local-as 10
set protocols bgp group INT multipath
set protocols bgp group INT neighbor 172.16.40.1
set protocols bgp group INT neighbor 172.16.50.1
set protocols bgp group INT neighbor 172.16.60.1
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10
set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term VNI10 from community VRF-10
set policy-options policy-statement LEAF-IN term VNI10 then acceptset policy-options community VRF-10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.30.1:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans default vlan-id 1
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 10
set vlans v10 vxlan ingress-node-replication
vQFX04
set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces ae0 encapsulation ethernet-bridge
set interfaces ae0 esi 00:00:00:00:00:00:00:00:00:01
set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:ae:00
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v10
set protocols bgp group INT type internal
set protocols bgp group INT local-address 172.16.40.1
set protocols bgp group INT family evpn signaling
set protocols bgp group INT local-as 10
set protocols bgp group INT multipath
set protocols bgp group INT neighbor 172.16.30.1
set protocols bgp group INT neighbor 172.16.50.1
set protocols bgp group INT neighbor 172.16.60.1
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term VNI10 from community VRF-10
set policy-options policy-statement LEAF-IN term VNI10 then accept
set policy-options community VRF-10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.40.1:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 10
set vlans v10 vxlan ingress-node-replication
vQFX05
set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces ae0 encapsulation ethernet-bridge
set interfaces ae0 esi 00:00:00:00:00:00:00:00:00:02
set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:ae:00
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v10
set protocols bgp group INT type internal
set protocols bgp group INT local-address 172.16.50.1
set protocols bgp group INT family evpn signaling
set protocols bgp group INT local-as 10
set protocols bgp group INT multipath
set protocols bgp group INT neighbor 172.16.30.1
set protocols bgp group INT neighbor 172.16.40.1
set protocols bgp group INT neighbor 172.16.60.1
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10
set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term VNI10 from community VRF-10
set policy-options policy-statement LEAF-IN term VNI10 then accept
set policy-options community VRF-10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.50.1:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans default vlan-id 1
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 10
set vlans v10 vxlan ingress-node-replication
vQFX06
set protocols bgp group INT type internal
set protocols bgp group INT local-address 172.16.60.1
set protocols bgp group INT family evpn signaling
set protocols bgp group INT local-as 10
set protocols bgp group INT multipath
set protocols bgp group INT neighbor 172.16.30.1
set protocols bgp group INT neighbor 172.16.40.1
set protocols bgp group INT neighbor 172.16.50.1
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10
set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term VNI10 from community VRF-10
set policy-options policy-statement LEAF-IN term VNI10 then accept
set policy-options community VRF-10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.60.1:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans default vlan-id 1
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 10
set vlans v10 vxlan ingress-node-replication
vQFX07/vQFX08(ここは普通のLAGなので簡単に)
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v10set interfaces irb unit 10 family inet address <図のIPを割り当て>
set vlans v10 vlan-id 10
set vlans v10 l3-interface irb.10
まず、vQFX03/04 と、vQFX07でLAGを確認
admin@vQFX07# run show lacp interfaces
Aggregated interface: ae0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
xe-0/0/0 Actor No No Yes Yes Yes Yes Fast Active
xe-0/0/0 Partner No No Yes Yes Yes Yes Fast Active
xe-0/0/1 Actor No No Yes Yes Yes Yes Fast Active
xe-0/0/1 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
xe-0/0/0 Current Fast periodic Collecting distributing
xe-0/0/1 Current Fast periodic Collecting distributing
vQFX03/04
admin@vQFX03# run show lacp interfaces
Aggregated interface: ae0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
xe-0/0/2 Actor No No Yes Yes Yes Yes Fast Active
xe-0/0/2 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
xe-0/0/2 Current Fast periodic Collecting distributing
admin@vQFX04# run show lacp interfaces
Aggregated interface: ae0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
xe-0/0/2 Actor No No Yes Yes Yes Yes Fast Active
xe-0/0/2 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
xe-0/0/2 Current Fast periodic Collecting distributing
ここはMC-LAGに慣れていれば抵抗ないはず。
この状態で、vQFX07→vQFX08へping
admin@vQFX07# run ping 10.1.1.2 count 3
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=52.669 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=54.037 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=55.430 ms--- 10.1.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 52.669/54.045/55.430/1.127 ms{master:0}[edit]
admin@vQFX07# run show arp | match 10.1.1.2
02:05:86:71:d8:00 10.1.1.2admin@vQFX07# run show ethernet-switching table | match 02:05:86:71:d8:00
v10 02:05:86:71:d8:00 D - ae0.0 0 0
vQFX08のMAC確認
admin@vQFX08# run show interfaces irb
Physical interface: irb , Enabled, Physical link is Up
Interface index: 640, SNMP ifIndex: 504
Type: Ethernet, Link-level type: Ethernet, MTU: 1514
Device flags : Present Running
Interface flags: SNMP-Traps
Link type : Full-Duplex
Link flags : None
Current address: 02:05:86:71:d8:00, Hardware address: 02:05:86:71:d8:00
この状態で、vQFX05--vQFX08間をdisable
admin@vQFX08# run show lacp interfaces
Aggregated interface: ae0
LACP state: Role Exp Def Dist Col Syn Aggr Timeout Activity
xe-0/0/0 Actor No Yes No No No Yes Fast Active
xe-0/0/0 Partner No Yes No No No Yes Fast Passive
xe-0/0/1 Actor No No Yes Yes Yes Yes Fast Active
xe-0/0/1 Partner No No Yes Yes Yes Yes Fast Active
LACP protocol: Receive State Transmit State Mux State
xe-0/0/0 Defaulted Fast periodic Detached
xe-0/0/1 Current Fast periodic Collecting distributing
!!!! 仮想環境なので、vQFX05--vQFX08間はvSwitchがあるので物理環境とは多少表示が異なるはず。
vQFX07からPing
admin@vQFX07# run ping 10.1.1.2 count 3
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=58.674 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=56.737 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=63.748 ms--- 10.1.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 56.737/59.720/63.748/2.956 ms{master:0}[edit]
admin@vQFX07# run show ethernet-switching table | match 02:05:86:71:d8:00
v10 02:05:86:71:d8:00 D - ae0.0 0 0{master:0}[edit]
admin@vQFX07#
疎通問題なし。
長くなりすぎたので、一旦はここまで。