Spine(7200_32Q):
#Создаём VLAN:
conf t
no interface vlan 1
vlan 10,20
#Configure interface vlan10, vlan20 and loopback1
interface vlan 10
ip address 10.1.1.2 255.255.255.0
interface vlan 20
ip address 20.1.1.2 255.255.255.0
interface loopback 1
ip address 2.2.2.2 255.255.255.255
#Start the ospf protocol and configure the ospf area to which the interface belongs
router ospf 1
ospf router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
network 20.1.1.0 0.0.0.255 area 0
Leaf1(7200_TOP):
Создаём VLAN:
conf t
vlan 10
exit
interface ethernet 1/6/1
switchport access vlan 10
#Configure interface vlan10 and loopback1
interface vlan 10
ip address 10.1.1.1 255.255.255.0
interface loopback 1
ip address 1.1.1.1 255.255.255.255
#Configure the global nve source address
evpn nve source-address 1.1.1.1
#Disable the automatic learning function of remote MAC/ARP/ND
vxlan remote mac-address-learning disable
vxlan remote arp-learning disable
vxlan remote nd-learning disable
#Configure the service loopback group 1 referenced by vxlan
loopback-group 1
interface ethernet 1/0/3
description FOR_VXLAN_PROXY
loopback-group 1
exit
vxlan proxy loopback-group 1
#Configure virtual switch instance nvi 10 and enable evpn
nvi 10
vxlan-id 10
evpn
rd 1:1
route-target both 1000:1000
enable
exit
#Configure ARP/ND suppression
arp suppression enable
nd suppression enable
#Configure service access
interface ethernet 1/6/1
xconnect nvi 10 mode vlan svid 100
#Configure L3VPN instance and associate with l3-vni 1000
ip vrf vpn1
rd 11:1
route-target both 10:1
l3-vni 1000
#Configure the distributed gateway interface of the virtual switch instance
interface nvi-interface 10
ip vrf forwarding vpn1
mac-address 00-ff-ff-00-00-01
distributed-gateway enable
ipv6 address 1001::1/64
ip address 101.1.1.1 255.255.255.0
#Start the ospf protocol and configure the ospf area to which the interface belongs
router ospf 1
ospf router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.255 area 0
#Start the bgp protocol and declare evpn capability to the bgp peer
router bgp 100
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source 1.1.1.1
address-family l2vpn evpn
neighbor 3.3.3.3 activate
exit-address-family
address-family ipv4 vrf vpn1
redistribute connected
exit-address-family
#Настраиваем интерфейс до компа
interface ethernet 1/0/1-2
xconnect nvi 10
Leaf2(7200_BOT):
#Создаём VLAN:
conf t
vlan 20
exit
interface ethernet 1/6/1
switchport access vlan 20
#Configure interface vlan20 and loopback1
interface vlan 20
ip address 20.1.1.1 255.255.255.0
interface loopback 1
ip address 3.3.3.3 255.255.255.255
#Configure the global nve source address
evpn nve source-address 3.3.3.3
#Disable the automatic learning function of remote MAC/ARP/ND
vxlan remote mac-address-learning disable
vxlan remote arp-learning disable
vxlan remote nd-learning disable
#Configure the service loopback group 1 referenced by vxlan
loopback-group 1
interface ethernet 1/0/3
description FOR_VXLAN_PROXY
loopback-group 1
exit
vxlan proxy loopback-group 1
#Configure virtual switch instance nvi 20 and enable evpn
nvi 20
vxlan-id 20
evpn
rd 2:2
route-target both 2000:2000
enable
exit
#Configure ARP/ND suppression
arp suppression enable
nd suppression enable
#Configure service access
interface ethernet 1/6/1
xconnect nvi 20 mode vlan svid 100
#Configure L3VPN instance and associate with l3-vni 1000
ip vrf vpn1
rd 11:1
route-target both 10:1
l3-vni 1000
#Configure the distributed gateway interface of the virtual switch instance
interface nvi-interface 20
ip vrf forwarding vpn1
mac-address 00-ff-ff-00-00-02
distributed-gateway enable
ipv6 address 2001::1/64
ip address 201.1.1.1 255.255.0.0
#Start the ospf protocol and configure the ospf area to which the interface belongs
router ospf 1
ospf router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 20.1.1.0 0.0.0.255 area 0
#Start the bgp protocol and declare evpn capability to the bgp peer
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source 3.3.3.3
address-family l2vpn evpn
neighbor 1.1.1.1 activate
exit-address-family
address-family ipv4 vrf vpn1
redistribute connected
exit-address-family
#Настраиваем интерфейс до компа
interface ethernet 1/0/1
xconnect nvi 20
7200_32Q
7200_32Q#show run ! service password-encryption ! hostname 7200_32Q ! multi config access authentication logging enable ! username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5 username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e ! authentication line console login local ! ! logging executed-commands enable ! ssh-server enable ssh-server timeout 600 ! info-center logfile 4 config count 40960 flash logfile.log info-center logfile 4 output-enable info-center logfile 4 match level warnings info-center logfile 4 record-cmd ! ! lldp enable spanning-tree ! ! Interface Ethernet0 ip address 192.168.255.17 255.255.255.0 ! ! vlan 1;10;20 ! ! Interface Ethernet1/30/1 description 7200_TOP-100G-down ! Interface Ethernet1/31/1 speed-duplex force40g-full description TO_7200_TOP switchport access vlan 10 ! Interface Ethernet1/32/1 speed-duplex force40g-full description TO_7200_BOT switchport access vlan 20 ! interface Vlan10 ip address 10.1.1.2 255.255.255.0 ! interface Vlan20 ip address 20.1.1.2 255.255.255.0 ! interface Loopback1 ip address 2.2.2.2 255.255.255.255 ! router ospf 1 ospf router-id 2.2.2.2 network 2.2.2.2 0.0.0.0 area 0 network 10.1.1.0 0.0.0.255 area 0 network 20.1.1.0 0.0.0.255 area 0 ! ip route 0.0.0.0/0 192.168.255.1 ip route 10.0.254.0/23 10.0.1.1 ! ! exec-timeout 30 0 no login ! end |
7200_TOP
7200_TOP#show running-config ! service password-encryption ! hostname 7200_TOP ! multi config access authentication logging enable ! username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5 username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e ! authentication line console login local ! ! logging executed-commands enable ! ssh-server enable ssh-server timeout 600 ! info-center logfile 4 config count 40960 flash logfile.log info-center logfile 4 output-enable info-center logfile 4 match level warnings info-center logfile 3 record-cmd info-center logfile 4 record-cmd ! ! lldp enable spanning-tree ! ! Interface Ethernet0 ip address 192.168.255.11 255.255.255.0 ! ! evpn nve source-address 1.1.1.1 ! ! vlan 1;10 ! vxlan remote mac-address-learning disable vxlan remote arp-learning disable vxlan remote nd-learning disable loopback-group 1 ! nvi 10 vxlan-id 10 evpn rd 1:1 route-target both 1000:1000 enable evpn-exit arp suppression enable nd suppression enable ! ! Interface Ethernet1/0/1 speed-duplex force1g-full description TO_PC_slim no spanning-tree switchport access vlan 100 xconnect nvi 10 ! Interface Ethernet1/0/2 speed-duplex force1g-full description TO_PC_slim no spanning-tree switchport access vlan 100 xconnect nvi 10 ! Interface Ethernet1/0/3 speed-duplex force1g-full description FOR_VXLAN_PROXY loopback-group 1 ! ! Interface Ethernet1/4/1 description desc 7200_32Q-100G-down ! ! Interface Ethernet1/6/1 speed-duplex force40g-full description TO_7200_32Q switchport access vlan 10 ! vxlan proxy loopback-group 1 ! ip vrf vpn1 rd 11:1 route-target both 10:1 l3-vni 1000 ! interface Vlan10 ip address 10.1.1.1 255.255.255.0 ! interface Loopback1 ip address 1.1.1.1 255.255.255.255 ! interface Nvi-interface10 ip vrf forwarding vpn1 mac-address 00-ff-ff-00-00-01 distributed-gateway enable ipv6 address 1001::1/64 ip address 101.1.1.1 255.255.255.0 ! router ospf 1 ospf router-id 1.1.1.1 network 1.1.1.1 0.0.0.0 area 0 network 10.1.1.0 0.0.0.255 area 0 ! router bgp 100 neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 update-source 1.1.1.1 address-family l2vpn evpn neighbor 3.3.3.3 activate exit-address-family address-family ipv4 vrf vpn1 redistribute connected exit-address-family ! ip route 0.0.0.0/0 192.168.255.1 ip route 10.0.254.0/23 192.168.255.1 ! ! exec-timeout 30 0 no login ! |
7200_BOT
7200_BOT#sh run ! service password-encryption ! hostname 7200_BOT ! multi config access authentication logging enable ! username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5 username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e ! authentication line console login local ! ! logging executed-commands enable ! ssh-server enable ssh-server timeout 600 ! info-center logfile 4 config count 40960 flash logfile.log info-center logfile 4 output-enable info-center logfile 4 match level warnings info-center logfile 4 record-cmd ! ! lldp enable ! ! Interface Ethernet0 ip address 192.168.255.15 255.255.255.0 ! ! evpn nve source-address 3.3.3.3 ! ! vlan 1;20 ! vxlan remote mac-address-learning disable vxlan remote arp-learning disable vxlan remote nd-learning disable loopback-group 1 ! nvi 20 vxlan-id 20 evpn rd 2:2 route-target both 2000:2000 enable evpn-exit arp suppression enable nd suppression enable ! ! Interface Ethernet1/0/1 speed-duplex force1g-full description TO_2100_PC switchport access vlan 200 xconnect nvi 20 ! ! Interface Ethernet1/0/3 speed-duplex force1g-full description FOR_VXLAN_PROXY loopback-group 1 ! ! Interface Ethernet1/6/1 speed-duplex force40g-full description TO_7200_32Q switchport access vlan 20 ! vxlan proxy loopback-group 1 ! ip vrf vpn1 rd 11:1 route-target both 10:1 l3-vni 1000 ! interface Vlan20 ip address 20.1.1.1 255.255.255.0 ! interface Loopback1 ip address 3.3.3.3 255.255.255.255 ! interface Nvi-interface20 ip vrf forwarding vpn1 mac-address 00-ff-ff-00-00-02 distributed-gateway enable ipv6 address 2001::1/64 ip address 201.1.1.1 255.255.0.0 ! router ospf 1 ospf router-id 3.3.3.3 network 3.3.3.3 0.0.0.0 area 0 network 20.1.1.0 0.0.0.255 area 0 ! router bgp 100 neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 update-source 3.3.3.3 address-family l2vpn evpn neighbor 1.1.1.1 activate exit-address-family address-family ipv4 vrf vpn1 redistribute connected exit-address-family ! ip route 0.0.0.0/0 192.168.255.1 ip route 10.0.254.0/23 192.168.255.1 ! ! exec-timeout 30 0 no login ! end |
2100_PC
2100_PC#sh run ! service password-encryption ! hostname 2100_PC ! multi config access authentication logging enable ! username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5 username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e username guest privilege 15 password 7 65089d7f8ab310986db84b503c63fb39 username sng privilege 15 password 7 c72f099cc796dd509eca775f2c95800e username ekoren privilege 15 password 7 d061d2cc6f7b691bb163f89d180e32aa ! authentication line console login local ! ! logging executed-commands enable ! ssh-server enable ssh-server timeout 600 ! info-center logfile 4 config count 40960 nandflash logfile.log info-center logfile 4 output-enable info-center logfile 4 match level warnings info-center logfile 4 record-cmd ! ! cpu-protect enable cpu-protect per-ip limit-speed 200 cpu-protect per-mac limit-speed 200 ! lldp enable ! spanning-tree ! ! Interface Ethernet0 ip address 192.168.255.12 255.255.255.0 ! ! vlan 1 ! vlan 2 name mgmt_spaceVM ! ! ethernet cfm global ! ethernet cfm domain test level 5 service test pvlan 195 direction down mep mepid 100;200;300 continuity-check enable continuity-check receive rmep 200;300 exit ! Interface Ethernet1/0/1 description TO_7200_BOT ! Interface Ethernet1/0/2 description AnyDesk switchport access vlan 2 ! Interface Ethernet1/0/3 description PC_SpaceVM_mgmt switchport access vlan 2 ! ! Interface Ethernet1/0/5 description PC_SpaceVM_mgmt switchport access vlan 2 ! Interface Ethernet1/0/6 description PC_SpaceVM_VXLAN ! ! interface Vlan2 ip address 10.10.10.5 255.255.255.0 ! ! ip route 0.0.0.0/0 20.20.20.1 ip route 0.0.0.0/0 192.168.255.2 ip route 0.0.0.0/0 10.10.10.11 ip route 10.0.0.0/8 192.168.255.1 ip route 192.168.0.0/16 192.168.255.1 ! ! exec-timeout 30 0 no login ! captive-portal ! end |
Обновили оборудование до версии B033.
Восстановил рабочий конфиг E-VXLAN_Dis_Gate.cfg
Включил компы
Включил виртуалки
Результат:
Раньше 7200_TOP/7200_BOT не мог пинговать свой (ближайший) узел в vrf, хотя в арп впн его видел.
Сейчас может.
Раньше виртуалки не могли пинговать друг друга.
Сейчас могут.
Туннеля на коммутаторах нет
Каждая виртуалка пингует свой шлюз, но шлюз на другой стороне не пингует, может быть так и надо.
Коммутаторы не могут пинговать nvi друг друга, но возможно и не должны.
Команды:
show arp vrf vpn1 show ip route vrf vpn1 show ip bgp neighbors show interface nve show evpn nve all ping 3.3.3.3 ping vrf vpn1 101.1.1.10 clear counters show interface ethernet counter rate show interface ethernet counter packet clear nvi statistics show nvi statistics show vxlan mac-address-table show ip bgp evpn all show ip bgp evpn type<1-5> show nvi nve tunnel su tshell debug set EVPN_DEBUG 1 debug nsm no debug all debug ip icmp |
7200_TOP:
7200_TOP#show arp vrf vpn1 ARP Unicast Items: 2, Valid: 8, Matched: 1, Verifying: 0, Incomplete: 0, Failed: 0, None: 0 Ethernet Manager Port ARP Items: 6 Address Hardware Addr Interface Port Flag Age-time(sec) subvlanVID 101.1.1.10 02-ff-f0-24-58-ea Nvi-interface10 Ethernet1/0/1 Dynamic 1080 0 7200_TOP#show ip route vrf vpn1 Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area * - candidate default C 101.1.1.0/24 is directly connected, Nvi-interface10 tag:0 B 201.1.0.0/16 [200/0] via 3.3.3.3, 00:00:50 tag:0 B 201.1.1.10/32 [200/0] via 3.3.3.3, 00:00:46 tag:0 Total routes are : 3 item(s) 7200_TOP#show ip bgp neighbors BGP neighbor is 3.3.3.3, remote AS 100, local AS 100, internal link BGP version 4, remote router ID 3.3.3.3 BGP state = Established, up for 00:01:03 Last read 00:01:03, hold time is 240, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received (old and new) Four bytes AS: advertised and received Address family IPv4 Unicast: advertised and received Address family L2VPN EVPN: advertised and received Received 7 messages, 0 notifications, 0 in queue Sent 7 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 5 seconds Update source is 1.1.1.1 For address family: IPv4 Unicast BGP table version 2, neighbor version 2 Index 1, Offset 0, Mask 0x2 Community attribute sent to this neighbor (both) 0 accepted prefixes 0 announced prefixes For address family: L2VPN EVPN BGP table version 3, neighbor version 3 Index 1, Offset 0, Mask 0x2 Community attribute sent to this neighbor (both) 4 accepted prefixes 6 announced prefixes Connections established 1; dropped 0 Local host: 1.1.1.1, Local port: 179 Foreign host: 3.3.3.3, Foreign port: 32777 Nexthop: 1.1.1.1 Nexthop global: fe80::1ac3:f4ff:feb0:e2b Nexthop local: :: BGP connection: non shared network 7200_TOP#show interface nve Nve1 Nve1 is up, line protocol is up, index is 2869 Time since last status change:0w-0d-0h-1m-11s (71 seconds) Tunnel source 1.1.1.1, destination 3.3.3.3 Input unicast packets statistics: 0 input packets, 0 bytes Output unicast packets statistics: 0 output packets, 0 bytes 7200_TOP#show evpn nve all VXLAN ID Address LR 10 1.1.1.1 LOCAL 7200_TOP#ping 3.3.3.3 Type ^c to abort. Sending 5 56-byte ICMP Echos to 3.3.3.3, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/16 ms 7200_TOP#ping vrf vpn1 101.1.1.10 Type ^c to abort. Sending 5 56-byte ICMP Echos to 101.1.1.10, timeout is 2 seconds. !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 0/6/16 ms clear counters show interface ethernet counter rate 7200_TOP#show interface ethernet counter rate Interface IN(pkts/s) IN(bits/s) OUT(pkts/s) OUT(bits/s) 1/0/1 5m 0 79 0 34 5s 0 0 0 102 1/0/2 5m 0 79 0 34 5s 0 0 0 102 1/0/3 5m 0 34 0 34 5s 0 102 0 102 ... 1/6/1 5m 0 125 1 653 5s 0 239 1 832 show interface ethernet counter packet Interface Unicast(pkts) BroadCast(pkts) MultiCast(pkts) Err(pkts) 1/0/1 IN 0 0 2 0 OUT 0 0 2 0 1/0/2 IN 0 0 2 0 OUT 0 0 2 0 1/0/3 IN 0 0 2 0 OUT 0 0 2 0 ... 1/6/1 IN 2 0 7 0 OUT 2 0 29 0 7200_TOP#clear nvi statistics 7200_TOP#show nvi statistics The total number of nvi: 1 nvi 10 vxlan-id 10 Item Packets Bytes Input 1 149 Output 1 153 7200_TOP#show vxlan mac-address-table Read mac address table.... Nvi-id Mac Address Type Creator Ports ------------------ --------------------------- ------- -------- ------------------------------------- 10 00-e0-4c-68-07-b0 DYNAMIC Hardware Ethernet1/0/1 10 00-e0-4c-68-34-2a DYNAMIC Hardware Ethernet1/0/2 10 02-ff-f0-24-58-ea DYNAMIC Hardware Ethernet1/0/1 7200_TOP#show ip bgp evpn all BGP local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - local S Stale Origin codes: i - IGP, e - EGP, ? - incomplete network format description RT-1:[RT][ESI][ETID] RT-2:[RT][ETID][MAC][IPv4/v6] RT-3:[RT][ETID][IPv4/v6] RT-4:[RT][ESI][IPv4/v6] RT-5:[RT][ETID][Prefix len][Prefix] Route Distinguisher 1:1 Network Next Hop Metric LocPrf Weight Path *>l[2][0][00e0-4c68-07b0][] 1.1.1.1 100 32768 ? *>l[2][0][00e0-4c68-342a][] 1.1.1.1 100 32768 ? *>l[2][0][02ff-f024-58ea][] 1.1.1.1 100 32768 ? *>l[2][0][02ff-f024-58ea][101.1.1.10] 1.1.1.1 100 32768 ? *>l[3][0][1.1.1.1] 1.1.1.1 100 32768 ? Route Distinguisher 2:2 Network Next Hop Metric LocPrf Weight Path *>i[2][0][02ff-f024-5043][] 3.3.3.3 100 0 ? *>i[2][0][02ff-f024-5043][201.1.1.10] 3.3.3.3 100 0 ? *>i[2][0][8c1f-6436-51c9][] 3.3.3.3 100 0 ? *>i[3][0][3.3.3.3] 3.3.3.3 100 0 ? Route Distinguisher 11:1 Network Next Hop Metric LocPrf Weight Path *>i[5][0][16][201.1.0.0] 3.3.3.3 100 0 ? Route Distinguisher 11:1 Network Next Hop Metric LocPrf Weight Path *>l[5][0][24][101.1.1.0] 1.1.1.1 100 32768 ? show ip bgp evpn type<1-5> 7200_TOP#show nvi nve tunnel NVI 10 vxlan-id 10 Nve name state source destination |
7200_BOT:
7200_BOT#show arp vrf vpn1
ARP Unicast Items: 2, Valid: 16, Matched: 1, Verifying: 0, Incomplete: 0, Failed: 0, None: 0
Ethernet Manager Port ARP Items: 14
Address Hardware Addr Interface Port Flag Age-time(sec) subvlanVID
201.1.1.10 02-ff-f0-24-50-43 Nvi-interface20 Ethernet1/0/1 Dynamic 158 0
7200_BOT#show ip route vrf vpn1
Codes: K - kernel, C - connected, S - static, R - RIP, B - BGP
O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default
B 101.1.1.0/24 [200/0] via 1.1.1.1, 00:07:25 tag:0
B 101.1.1.10/32 [200/0] via 1.1.1.1, 00:07:25 tag:0
C 201.1.0.0/16 is directly connected, Nvi-interface20 tag:0
Total routes are : 3 item(s)
7200_BOT#show ip bgp neighbors
BGP neighbor is 1.1.1.1, remote AS 100, local AS 100, internal link
BGP version 4, remote router ID 1.1.1.1
BGP state = Established, up for 00:07:27
Last read 00:07:27, hold time is 240, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Four bytes AS: advertised and received
Address family IPv4 Unicast: advertised and received
Address family L2VPN EVPN: advertised and received
Received 14 messages, 0 notifications, 0 in queue
Sent 15 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 5 seconds
Update source is 3.3.3.3
For address family: IPv4 Unicast
BGP table version 212, neighbor version 212
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
0 accepted prefixes
0 announced prefixes
For address family: L2VPN EVPN
BGP table version 229, neighbor version 229
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
6 accepted prefixes
5 announced prefixes
Connections established 3; dropped 2
Local host: 3.3.3.3, Local port: 32777
Foreign host: 1.1.1.1, Foreign port: 179
Nexthop: 3.3.3.3
Nexthop global: fe80::1ac3:f4ff:feb0:303
Nexthop local: ::
BGP connection: non shared network
7200_BOT#show interface nve
Nve1
Nve1 is up, line protocol is up, index is 2869
Time since last status change:0w-0d-0h-7m-26s (446 seconds)
Tunnel source 3.3.3.3, destination 1.1.1.1
Input unicast packets statistics:
0 input packets, 0 bytes
Output unicast packets statistics:
0 output packets, 0 bytes
7200_BOT#show evpn nve all
VXLAN ID Address LR
20 3.3.3.3 LOCAL
7200_BOT#ping 1.1.1.1
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/0/0 ms
7200_BOT#ping vrf vpn1 201.1.1.10
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 201.1.1.10, timeout is 2 seconds.
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 0/3/16 ms
7200_BOT#clear counters
7200_BOT#show interface ethernet counter rate
7200_BOT#show interface ethernet counter rate
Interface IN(pkts/s) IN(bits/s) OUT(pkts/s) OUT(bits/s)
1/0/1 5m 1 483 0 17
5s 0 395 0 0
1/0/2 5m 0 0 0 0
5s 0 0 0 0
1/0/3 5m 0 17 0 17
...
1/6/1 5m 1 563 0 69
5s 1 533 0 0
7200_BOT#show interface ethernet counter packet
Interface Unicast(pkts) BroadCast(pkts) MultiCast(pkts) Err(pkts)
1/0/1 IN 0 0 24 0
OUT 0 0 1 0
1/0/2 IN 0 0 0 0
OUT 0 0 0 0
1/0/3 IN 0 0 1 0
OUT 0 0 1 0
...
1/6/1 IN 2 0 27 0
OUT 2 0 5 0
7200_BOT#clear nvi statistics
7200_BOT#show nvi statistics
The total number of nvi: 1
nvi 20 vxlan-id 20
Item Packets Bytes
Input 6 744
Output 6 0
7200_BOT#show vxlan mac-address-table
Read mac address table....
Nvi-id Mac Address Type Creator Ports
------------------ --------------------------- ------- -------- -------------------------------------
20 02-ff-f0-24-50-43 DYNAMIC Hardware Ethernet1/0/1
20 8c-1f-64-36-51-c9 DYNAMIC Hardware Ethernet1/0/1
7200_BOT#show ip bgp evpn all
BGP local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - local
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
network format description
RT-1:[RT][ESI][ETID]
RT-2:[RT][ETID][MAC][IPv4/v6]
RT-3:[RT][ETID][IPv4/v6]
RT-4:[RT][ESI][IPv4/v6]
RT-5:[RT][ETID][Prefix len][Prefix]
Route Distinguisher 1:1
Network Next Hop Metric LocPrf Weight Path
*>i[2][0][00e0-4c68-07b0][]
1.1.1.1 100 0 ?
*>i[2][0][00e0-4c68-342a][]
1.1.1.1 100 0 ?
*>i[2][0][02ff-f024-58ea][]
1.1.1.1 100 0 ?
*>i[2][0][02ff-f024-58ea][101.1.1.10]
1.1.1.1 100 0 ?
*>i[3][0][1.1.1.1]
1.1.1.1 100 0 ?
Route Distinguisher 2:2
Network Next Hop Metric LocPrf Weight Path
*>l[2][0][02ff-f024-5043][]
3.3.3.3 100 32768 ?
*>l[2][0][02ff-f024-5043][201.1.1.10]
3.3.3.3 100 32768 ?
*>l[2][0][8c1f-6436-51c9][]
3.3.3.3 100 32768 ?
*>l[3][0][3.3.3.3]
3.3.3.3 100 32768 ?
Route Distinguisher 11:1
Network Next Hop Metric LocPrf Weight Path
*>i[5][0][24][101.1.1.0]
1.1.1.1 100 0 ?
Route Distinguisher 11:1
Network Next Hop Metric LocPrf Weight Path
*>l[5][0][16][201.1.0.0]
3.3.3.3 100 32768 ?
7200_BOT#show nvi nve tunnel
NVI 20 vxlan-id 20
Nve name state source destination
|
Вытащили из стойки 2100:
1/0/1 UP/UP a-1G a-FULL 1 G-TX TO_7200_BOT
1/0/2 DOWN/DOWN auto auto 2 G-TX AnyDesk
1/0/3 UP/UP a-1G a-FULL 2 G-TX PC_SpaceVM_mgmt
1/0/4 DOWN/DOWN auto auto 1 G-TX to_Core
1/0/5 UP/UP a-1G a-FULL 2 G-TX PC_SpaceVM_mgmt
1/0/6 UP/UP a-1G a-FULL 1 G-TX PC_SpaceVM_VXLAN
1/0/7 DOWN/DOWN auto auto 1 G-TX PC_SpaceVM_VXLAN
...
1/0/15 UP/UP a-1G a-FULL 195 G-TX
.
1 02-ff-f0-24-50-43 DYNAMIC Hardware Ethernet1/0/6
1 a8-63-7d-41-f7-aa DYNAMIC Hardware Ethernet1/0/6
1 18-c3-f4-b0-03-04 DYNAMIC Hardware Ethernet1/0/1
2 02-ff-f0-2f-84-c3 DYNAMIC Hardware Ethernet1/0/3
2 f0-d7-af-92-9b-44 DYNAMIC Hardware Ethernet1/0/3
2 02-ff-f0-b1-d2-5d DYNAMIC Hardware Ethernet1/0/5
2 f0-d7-af-92-8f-bf DYNAMIC Hardware Ethernet1/0/5
195 8c-1f-64-36-51-ca DYNAMIC Hardware Ethernet1/0/15
195 8c-1f-64-36-51-d6 DYNAMIC Hardware Ethernet1/0/15
management из ядра 31 порт.
Обновили схему.
Заменили 2100_PC, на 2100-24P-stack.
Добавили как конечные узлы VNC3000 и 6100-stack.
Вот такая картина пинга была с обоих сторон:
VNC-3000#ping 201.1.1.11
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 201.1.1.11, timeout is 2 seconds.
..!..
6100#ping 101.1.1.11
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 101.1.1.11, timeout is 2 seconds.
...!.
Success rate is 20 percent (1/5), round-trip min/avg/max = 0/0/0 ms
Указание источника не помогает
в итоге пришлось прописать не 0.0.0.0/0 шлюз,
а маршруты в конкретные сети
ip route 101.1.1.0/24 201.1.1.1
и ip route 201.1.1.0/24 101.1.1.1
соответственно
Итог:
6100#ping 101.1.1.11
Type ^c to abort.
Sending 5 56-byte ICMP Echos to 101.1.1.11, timeout is 2 seconds.
!!!!!
6100#traceroute 101.1.1.11
Type ^c to abort.
Traceroute to host 101.1.1.11, maxhops is 30, timeout is 2000ms.
1 20ms 201.1.1.1
2 * request timed out
3 20ms 101.1.1.11