ネットワーク備忘録

アラフォーエンジニアのネットワーク系の備忘録。twitter:@deigo25374582

JUNOS_EVPN_(eBGP)

juniper cisco

以前、NexusでVXLANをやってみたけど、vQFXでも検証出来たのでメモ

構成は↓

f:id:klock_3rd:20190310233443p:plain

 Underlay・・・eBGP(AS番号は赤字)

Overla・・・iBGP(AS番号は青字)

 

Config

vQFX01

 set version 15.1X53-D60.4
set system host-name vQFX01
set interfaces xe-0/0/0 unit 0 family inet address 172.16.0.1/24
set interfaces xe-0/0/1 unit 0 family inet address 172.16.1.1/24
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
set routing-options router-id 1.1.1.1
set routing-options autonomous-system 1
set protocols bgp group underlay-EXT type external
set protocols bgp group underlay-EXT export To_BGP
set protocols bgp group underlay-EXT multipath multiple-as
set protocols bgp group underlay-EXT neighbor 172.16.0.254 peer-as 3
set protocols bgp group underlay-EXT neighbor 172.16.1.254 peer-as 4
set protocols lldp interface xe-0/0/0
set protocols lldp interface xe-0/0/1
set protocols igmp-snooping vlan default
set policy-options policy-statement ECMP from protocol bgp
set policy-options policy-statement ECMP then load-balance per-packet
set policy-options policy-statement To_BGP term 1 from protocol direct
set policy-options policy-statement To_BGP term 1 then accept

 vQFX02

 

set version 15.1X53-D60.4
set system host-name vQFX02
set interfaces xe-0/0/0 unit 0 family inet address 172.16.2.1/24
set interfaces xe-0/0/1 unit 0 family inet address 172.16.3.1/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
set routing-options router-id 2.2.2.2
set routing-options autonomous-system 2
set protocols bgp group underlay-EXT type external
set protocols bgp group underlay-EXT export To_BGP
set protocols bgp group underlay-EXT multipath multiple-as
set protocols bgp group underlay-EXT neighbor 172.16.2.254 peer-as 3
set protocols bgp group underlay-EXT neighbor 172.16.3.254 peer-as 4
set protocols lldp interface xe-0/0/0
set protocols lldp interface xe-0/0/1
set policy-options policy-statement ECMP from protocol bgp
set policy-options policy-statement ECMP then load-balance per-packet
set policy-options policy-statement To_BGP term 1 from protocol direct
set policy-options policy-statement To_BGP term 1 then accept

 vQFX03

set version 15.1X53-D60.4
set system host-name vQFX03
set interfaces xe-0/0/0 unit 0 family inet address 172.16.0.254/24
set interfaces xe-0/0/1 unit 0 family inet address 172.16.2.254/24
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members vlan10
set interfaces lo0 unit 0 family inet address 3.3.3.3/32
set forwarding-options storm-control-profiles default all
set routing-options router-id 3.3.3.3
set routing-options autonomous-system 3
set protocols bgp group underlay-EXT type external
set protocols bgp group underlay-EXT export To_BGP
set protocols bgp group underlay-EXT multipath multiple-as
set protocols bgp group underlay-EXT neighbor 172.16.0.1 peer-as 1
set protocols bgp group underlay-EXT neighbor 172.16.2.1 peer-as 2
set protocols bgp group overlay-INT type internal
set protocols bgp group overlay-INT local-address 3.3.3.3
set protocols bgp group overlay-INT family evpn signaling
set protocols bgp group overlay-INT local-as 65500
set protocols bgp group overlay-INT multipath
set protocols bgp group overlay-INT neighbor 4.4.4.4
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10
set protocols lldp interface xe-0/0/0
set protocols lldp interface xe-0/0/1
set protocols lldp interface xe-0/0/2
set policy-options policy-statement ECMP from protocol bgp
set policy-options policy-statement ECMP then load-balance per-packet
set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term import_vni10 from community com10
set policy-options policy-statement LEAF-IN term import_vni10 then accept
set policy-options policy-statement To_BGP term 1 from protocol direct
set policy-options policy-statement To_BGP term 1 then accept
set policy-options community com10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 3.3.3.3:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans vlan10 vlan-id 10
set vlans vlan10 vxlan vni 10
set vlans vlan10 vxlan ingress-node-replication
 

 vQFX04

set version 15.1X53-D60.4
set system host-name vQFX04
set interfaces xe-0/0/0 unit 0 family inet address 172.16.1.254/24
set interfaces xe-0/0/1 unit 0 family inet address 172.16.3.254/24
set interfaces xe-0/0/2 unit 0 family ethernet-switching interface-mode access
set interfaces xe-0/0/2 unit 0 family ethernet-switching vlan members vlan10
set interfaces lo0 unit 0 family inet address 4.4.4.4/32
set routing-options router-id 4.4.4.4
set routing-options autonomous-system 4
set protocols bgp group underlay-EXT type external
set protocols bgp group underlay-EXT export To_BGP
set protocols bgp group underlay-EXT multipath multiple-as
set protocols bgp group underlay-EXT neighbor 172.16.3.1 peer-as 2
set protocols bgp group underlay-EXT neighbor 172.16.1.1 peer-as 1
set protocols bgp group overlay-INT type internal
set protocols bgp group overlay-INT local-address 4.4.4.4
set protocols bgp group overlay-INT family evpn signaling
set protocols bgp group overlay-INT local-as 65500
set protocols bgp group overlay-INT multipath
set protocols bgp group overlay-INT neighbor 3.3.3.3
set protocols evpn encapsulation vxlan
set protocols evpn extended-vni-list 10
set protocols evpn multicast-mode ingress-replication
set protocols evpn vni-options vni 10 vrf-target export target:1:10
set protocols lldp interface xe-0/0/0
set protocols lldp interface xe-0/0/1
set protocols lldp interface xe-0/0/2
set protocols igmp-snooping vlan default
set policy-options policy-statement ECMP from protocol bgp
set policy-options policy-statement ECMP then load-balance per-packet
set policy-options policy-statement LEAF-IN term import_leaf_esi from community comm-leaf_esi
set policy-options policy-statement LEAF-IN term import_leaf_esi then accept
set policy-options policy-statement LEAF-IN term import_vni10 from community com10
set policy-options policy-statement LEAF-IN term import_vni10 then accept
set policy-options policy-statement To_BGP term 1 from protocol direct
set policy-options policy-statement To_BGP term 1 then accept
set policy-options community com10 members target:1:10
set policy-options community comm-leaf_esi members target:9999:9999
set switch-options vtep-source-interface lo0.0
set switch-options route-distinguisher 4.4.4.4:1
set switch-options vrf-import LEAF-IN
set switch-options vrf-target target:9999:9999
set vlans default vlan-id 1
set vlans vlan10 vlan-id 10
set vlans vlan10 vxlan vni 10
set vlans vlan10 vxlan ingress-node-replication
 

赤字・・・UnderlayでのeBGPの設定

青字・・・OverlayでのMP-BGP(iBGP)の設定

緑字・・・MP-BGPに流すVXLANの設定

 

この状態で、csr1kvからlldpで確認

csr1kv01

CSR1kv01#show lldp neighbors

Device ID  Local Intf  Hold-time Capability  Port ID
vQFX03    Gi2   120  B,R    514

 csr1kv02

csr1kv02#sho lldp neighbors

Device ID   Local Intf  Hold-time Capability  Port ID
vQFX04    Gi2   120  B,R    514


 csr1kvは直接つながっていない。
ここで、

CSR1kv01_Gi2→10.1.1.1
CSR1kv02_Gi2→10.1.1.2
として、01→02へPingを実行

CSR1kv01#ping 10.1.1.2 source 10.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.2, timeout is 2 seconds:
Packet sent with a source address of 10.1.1.1
!!!!!

 PingOK

 

CSR1kv01と接続している、vQFX03で確認

admin@vQFX03> show evpn database
Instance: default-switch
VLAN VNI MAC address    Active source      Timestamp    IP address
   10  00:0c:29:b1:71:ff 4.4.4.4         Mar 10 22:31:59
   10  00:0c:29:d9:9a:cd xe-0/0/2.0        Mar 10 22:24:38
 

 CSR1kvのGi2のmacを確認

CSR1kv01#show interfaces gi2
GigabitEthernet2 is up, line protocol is up
Hardware is CSR vNIC, address is 000c.29d9.9acd (bia 000c.29d9.9acd)
Internet address is 10.1.1.1/24

~~

csr1kv02#show interfaces gi2
GigabitEthernet2 is up, line protocol is up
Hardware is CSR vNIC, address is 000c.29b1.71ff (bia 000c.29b1.71ff)
Internet address is 10.1.1.2/24

CSR1kv01→vQFX03のxe-0/0/2の先にいる
CSR1kv02→vQFX04(4.4.4.4)の先にいる

 

一旦ここまで