ネットワーク備忘録

アラフォーエンジニアのネットワーク系の備忘録。twitter:@deigo25374582

JUNOS_EVPN_LAGあり

以前やったものは、Laefスイッチ1台のみでの接続。
実際の業務では冗長が基本なので、それを検証。

構成は以下。

f:id:klock_3rd:20190418002843p:plain

物理

 


下記機器のloだったり、VLAN-IFのIPは以下

f:id:klock_3rd:20190418003213p:plain

論理


ただし、Spine(vQFX01/02) とLeaf(vQFX03~vQFX06)間は、そこまで重要ではないので上図からは割愛。

 そして今回もアンダーレイはeBGPで、オーバーレイはMP-BGP(iBGP)。

まずは、アンダーレイの設定

vQFX01

set interfaces xe-0/0/0 unit 0 description To_vQFX03
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.0/31
set interfaces xe-0/0/1 unit 0 description To_vQFX04
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.2/31
set interfaces xe-0/0/2 unit 0 description To_vQFX05
set interfaces xe-0/0/2 unit 0 family inet address 172.16.1.4/31
set interfaces xe-0/0/3 unit 0 description To_vQFX06
set interfaces xe-0/0/3 unit 0 family inet address 172.16.1.6/31
set interfaces lo0 unit 0 family inet address 172.16.100.1/32
set routing-options router-id 172.16.100.1
set routing-options autonomous-system 1
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.1 peer-as 3
set protocols bgp group EXT neighbor 172.16.1.3 peer-as 4
set protocols bgp group EXT neighbor 172.16.1.5 peer-as 5
set protocols bgp group EXT neighbor 172.16.1.7 peer-as 6
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet

 vQFX02

set interfaces xe-0/0/0 unit 0 description To_vQFX03
set interfaces xe-0/0/0 unit 0 family inet address 172.16.2.0/31
set interfaces xe-0/0/1 unit 0 description To_vQFX04
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.2/31
set interfaces xe-0/0/2 unit 0 description To_vQFX05
set interfaces xe-0/0/2 unit 0 family inet address 172.16.2.4/31
set interfaces xe-0/0/3 unit 0 description To_vQFX06
set interfaces xe-0/0/3 unit 0 family inet address 172.16.2.6/31
set interfaces lo0 unit 0 family inet address 172.16.200.1/32
set forwarding-options storm-control-profiles default all
set routing-options router-id 172.16.200.1
set routing-options autonomous-system 2
set routing-options forwarding-table export ECMP
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.2.1 peer-as 3
set protocols bgp group EXT neighbor 172.16.2.3 peer-as 4
set protocols bgp group EXT neighbor 172.16.2.5 peer-as 5
set protocols bgp group EXT neighbor 172.16.2.7 peer-as 6
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet

vQFX03

set interfaces xe-0/0/0 unit 0 description To_vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.1/31
set interfaces xe-0/0/1 unit 0 description To_vQFX02
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.1/31
set interfaces lo0 unit 0 family inet address 172.16.30.1/32
set routing-options router-id 172.16.30.1
set routing-options autonomous-system 3
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.0 peer-as 1
set protocols bgp group EXT neighbor 172.16.2.0 peer-as 2
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet

 vQFX04

set interfaces xe-0/0/0 unit 0 description To_vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.3/31
set interfaces xe-0/0/1 unit 0 description To_vQFX02
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.3/31
set interfaces lo0 unit 0 family inet address 172.16.40.1/32
set routing-options router-id 172.16.40.1
set routing-options autonomous-system 4
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.2 peer-as 1
set protocols bgp group EXT neighbor 172.16.2.2 peer-as 2
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet
 

 vQFX05

set interfaces xe-0/0/0 unit 0 description To_vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.5/31
set interfaces xe-0/0/1 unit 0 description To_vQFX02
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.5/31
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces lo0 unit 0 family inet address 172.16.50.1/32
set routing-options router-id 172.16.50.1
set routing-options autonomous-system 5
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.4 peer-as 1
set protocols bgp group EXT neighbor 172.16.2.4 peer-as 2
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet

 vQFX06

set interfaces xe-0/0/0 unit 0 description To_vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.7/31
set interfaces xe-0/0/1 unit 0 description To_vQFX02
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.7/31
set interfaces lo0 unit 0 family inet address 172.16.60.1/32
set routing-options router-id 172.16.60.1
set routing-options autonomous-system 6
set routing-options forwarding-table export ECMP
set protocols bgp group EXT type external
set protocols bgp group EXT export CONN
set protocols bgp group EXT multipath multiple-as
set protocols bgp group EXT neighbor 172.16.1.6 peer-as 1
set protocols bgp group EXT neighbor 172.16.2.6 peer-as 2
set policy-options policy-statement CONN term 1 from protocol direct
set policy-options policy-statement CONN term 1 then accept
set policy-options policy-statement ECMP then load-balance per-packet

 

以下が、本題

vQFX03

set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces ae0 encapsulation ethernet-bridge
set interfaces ae0 esi 00:00:00:00:00:00:00:00:00:01
set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:ae:00
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v10

 

set protocols bgp group INT type internal
set protocols bgp group INT local-address 172.16.30.1
set protocols bgp group INT family evpn signaling
set protocols bgp group INT local-as 10
set protocols bgp group INT multipath
set protocols bgp group INT neighbor 172.16.40.1
set protocols bgp group INT neighbor 172.16.50.1
set protocols bgp group INT neighbor 172.16.60.1
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10
set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term VNI10 from community VRF-10
set policy-options policy-statement LEAF-IN term VNI10 then accept

set policy-options community VRF-10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.30.1:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans default vlan-id 1
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 10
set vlans v10 vxlan ingress-node-replication

vQFX04

 set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces ae0 encapsulation ethernet-bridge
set interfaces ae0 esi 00:00:00:00:00:00:00:00:00:01
set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:ae:00
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v10

 

set protocols bgp group INT type internal
set protocols bgp group INT local-address 172.16.40.1
set protocols bgp group INT family evpn signaling
set protocols bgp group INT local-as 10
set protocols bgp group INT multipath
set protocols bgp group INT neighbor 172.16.30.1
set protocols bgp group INT neighbor 172.16.50.1
set protocols bgp group INT neighbor 172.16.60.1
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10

set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term VNI10 from community VRF-10
set policy-options policy-statement LEAF-IN term VNI10 then accept
set policy-options community VRF-10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.40.1:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 10
set vlans v10 vxlan ingress-node-replication

 vQFX05

set chassis aggregated-devices ethernet device-count 10
set interfaces xe-0/0/2 ether-options 802.3ad ae0
set interfaces ae0 encapsulation ethernet-bridge
set interfaces ae0 esi 00:00:00:00:00:00:00:00:00:02
set interfaces ae0 esi all-active
set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 aggregated-ether-options lacp system-id 00:00:00:00:ae:00
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v10


set protocols bgp group INT type internal
set protocols bgp group INT local-address 172.16.50.1
set protocols bgp group INT family evpn signaling
set protocols bgp group INT local-as 10
set protocols bgp group INT multipath
set protocols bgp group INT neighbor 172.16.30.1
set protocols bgp group INT neighbor 172.16.40.1
set protocols bgp group INT neighbor 172.16.60.1
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10
set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term VNI10 from community VRF-10
set policy-options policy-statement LEAF-IN term VNI10 then accept
set policy-options community VRF-10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.50.1:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans default vlan-id 1
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 10
set vlans v10 vxlan ingress-node-replication 

 vQFX06

 set protocols bgp group INT type internal
set protocols bgp group INT local-address 172.16.60.1
set protocols bgp group INT family evpn signaling
set protocols bgp group INT local-as 10
set protocols bgp group INT multipath
set protocols bgp group INT neighbor 172.16.30.1
set protocols bgp group INT neighbor 172.16.40.1
set protocols bgp group INT neighbor 172.16.50.1
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10
set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term VNI10 from community VRF-10
set policy-options policy-statement LEAF-IN term VNI10 then accept
set policy-options community VRF-10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 172.16.60.1:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans default vlan-id 1
set vlans v10 vlan-id 10
set vlans v10 vxlan vni 10
set vlans v10 vxlan ingress-node-replication

 

vQFX07/vQFX08(ここは普通のLAGなので簡単に)

set interfaces ae0 aggregated-ether-options lacp active
set interfaces ae0 aggregated-ether-options lacp periodic fast
set interfaces ae0 unit 0 family ethernet-switching interface-mode trunk
set interfaces ae0 unit 0 family ethernet-switching vlan members v10

set interfaces irb unit 10 family inet address <図のIPを割り当て>

set vlans v10 vlan-id 10
set vlans v10 l3-interface irb.10

 

まず、vQFX03/04 と、vQFX07でLAGを確認

admin@vQFX07# run show lacp interfaces
Aggregated interface: ae0
  LACP state:    Role  Exp  Def Dist Col Syn Aggr Timeout Activity
   xe-0/0/0    Actor  No  No  Yes Yes Yes  Yes   Fast  Active
   xe-0/0/0   Partner  No  No  Yes Yes Yes  Yes   Fast  Active
   xe-0/0/1    Actor  No  No  Yes Yes Yes  Yes   Fast  Active
   xe-0/0/1   Partner  No  No  Yes Yes Yes  Yes   Fast  Active
  LACP protocol:    Receive State Transmit State     Mux State
   xe-0/0/0         Current  Fast periodic Collecting distributing
   xe-0/0/1         Current  Fast periodic Collecting distributing

vQFX03/04

admin@vQFX03# run show lacp interfaces
Aggregated interface: ae0
  LACP state:    Role  Exp  Def Dist Col Syn Aggr Timeout Activity
   xe-0/0/2    Actor  No  No  Yes Yes Yes  Yes   Fast  Active
   xe-0/0/2   Partner  No  No  Yes Yes Yes  Yes   Fast  Active
  LACP protocol:    Receive State Transmit State     Mux State
   xe-0/0/2         Current  Fast periodic Collecting distributing


admin@vQFX04# run show lacp interfaces
Aggregated interface: ae0
  LACP state:    Role  Exp  Def Dist Col Syn Aggr Timeout Activity
   xe-0/0/2    Actor  No  No  Yes Yes Yes  Yes   Fast  Active
   xe-0/0/2   Partner  No  No  Yes Yes Yes  Yes   Fast  Active
  LACP protocol:    Receive State Transmit State     Mux State
   xe-0/0/2         Current  Fast periodic Collecting distributing

ここはMC-LAGに慣れていれば抵抗ないはず。

 

この状態で、vQFX07→vQFX08へping

admin@vQFX07# run ping 10.1.1.2 count 3
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=52.669 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=54.037 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=55.430 ms

--- 10.1.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 52.669/54.045/55.430/1.127 ms

{master:0}[edit]
admin@vQFX07# run show arp | match 10.1.1.2
02:05:86:71:d8:00 10.1.1.2

 admin@vQFX07# run show ethernet-switching table | match 02:05:86:71:d8:00
v10 02:05:86:71:d8:00 D - ae0.0 0 0

 vQFX08のMAC確認

admin@vQFX08# run show interfaces irb
Physical interface: irb , Enabled, Physical link is Up
Interface index: 640, SNMP ifIndex: 504
Type: Ethernet, Link-level type: Ethernet, MTU: 1514
Device flags : Present Running
Interface flags: SNMP-Traps
Link type : Full-Duplex
Link flags : None
Current address: 02:05:86:71:d8:00, Hardware address: 02:05:86:71:d8:00

 

この状態で、vQFX05--vQFX08間をdisable

admin@vQFX08# run show lacp interfaces
Aggregated interface: ae0
  LACP state:    Role  Exp  Def Dist Col Syn Aggr Timeout Activity
   xe-0/0/0    Actor  No  Yes  No  No  No  Yes   Fast  Active
   xe-0/0/0   Partner  No  Yes  No  No  No  Yes   Fast  Passive
   xe-0/0/1    Actor  No  No  Yes Yes Yes  Yes   Fast  Active
   xe-0/0/1   Partner  No  No  Yes Yes Yes  Yes   Fast  Active
  LACP protocol:    Receive State Transmit State     Mux State
   xe-0/0/0        Defaulted  Fast periodic      Detached
   xe-0/0/1         Current  Fast periodic Collecting distributing 

!!!! 仮想環境なので、vQFX05--vQFX08間はvSwitchがあるので物理環境とは多少表示が異なるはず。


 vQFX07からPing

admin@vQFX07# run ping 10.1.1.2 count 3
PING 10.1.1.2 (10.1.1.2): 56 data bytes
64 bytes from 10.1.1.2: icmp_seq=0 ttl=64 time=58.674 ms
64 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=56.737 ms
64 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=63.748 ms

--- 10.1.1.2 ping statistics ---
3 packets transmitted, 3 packets received, 0% packet loss
round-trip min/avg/max/stddev = 56.737/59.720/63.748/2.956 ms

{master:0}[edit]
admin@vQFX07# run show ethernet-switching table | match 02:05:86:71:d8:00
v10 02:05:86:71:d8:00 D - ae0.0 0 0

{master:0}[edit]
admin@vQFX07#

 疎通問題なし。

 

長くなりすぎたので、一旦はここまで。