Файлы конфигурации:
| Device | IP management | IP vlan 10 | IP vlan 20 |
|---|---|---|---|
| PC | 192.168.255.10 | 10.10.10.3 | |
| 7200_TOP | 192.168.255.11 | 10.10.10.1 | |
| 6200 | 192.168.255.13 | 10.10.10.2 | 20.20.20.2 |
| 7200_BOT | 192.168.255.15 | 20.20.20.1 | |
| 2100_PC | 192.168.255.12 | 10.10.10.4 |
Необходимо выделить один интерфейс под vxlan proxy, чтобы коммутатор зарезервировал ресурсы. Т.е. настроить loopback-group 1 на интерфейсе, который не используется вообще, в который даже кабель не вставлен. Он поднимется в состояние UP и будет использоваться для VXLAN proxy. В cтенде это пор 1/0/46.
Настройка xconnect nvi 10 вешается на интерфейс до VM, логика такая же как и в static vxlan. В стенде это порт 1/0/1.
Узлы с разных сторон туннеля должны быть в одном vlan.
nvi 1 - network virtual instance, типо внутренний(internel) интерфейс, трафик с которого будет туннелироваться
vxlan-id 1 - назначаем ID для этого внутреннего интерфейса
Interface Ethernet1/0/1 xconnect nvi 1 - привязываем трафик с порта 1/0/1 к внутреннему интерфейсу vxlan
Если же использовать mode vlan svid <X>, то нужно отдавать с конечного узла тегированный трафик с vlan <X>.
nve - внешний(externel) интерфейс, тоннель через который ходит трафик
7200_TOP#sh run ! hostname 7200_TOP ! Interface Ethernet0 ip address 192.168.255.11 255.255.255.0 ! evpn nve source-address 1.1.1.1 ! vlan 1 ! vlan 10 name TO_6200 ! loopback-group 1 ! nvi 10 vxlan-id 10 evpn rd 1:1 route-target both 1:1 route-target both 2:2 enable evpn-exit ! ! Interface Ethernet1/0/1 speed-duplex force1g-full description TO_PC switchport access vlan 10 xconnect nvi 10 ! Interface Ethernet1/0/2 speed-duplex force1g-full ! Interface Ethernet1/0/3 speed-duplex force1g-full description FOR_VXLAN_PROXY loopback-group 1 ! Interface Ethernet1/0/47 speed-duplex force10g-full description TO_6200 switchport access vlan 10 ! vxlan proxy loopback-group 1 ! interface Vlan1 ! interface Vlan10 ip address 10.10.10.1 255.255.255.0 ! interface Loopback1 description FOR_OSPF_BGP ip address 1.1.1.1 255.255.255.255 ! router ospf ospf router-id 1.1.1.1 network 1.1.1.1/32 area 0 network 10.10.10.0/24 area 0 ! router bgp 100 neighbor 3.3.3.3 remote-as 100 neighbor 3.3.3.3 update-source 1.1.1.1 address-family l2vpn evpn neighbor 3.3.3.3 activate exit-address-family ! end |
6200#show run ! hostname 6200 ! Interface Ethernet0 ip address 192.168.255.13 255.255.255.0 ! ! vlan 1 ! vlan 10 name TO_7200_TOP ! vlan 20 name TO_7200_BOT ! Interface Ethernet1/0/47 description TO_7200_TOP switchport access vlan 10 ! Interface Ethernet1/0/48 description TO_7200_BOT switchport access vlan 20 ! interface Vlan1 ! interface Vlan10 description TO_7200_TOP ip address 10.10.10.2 255.255.255.0 ! interface Vlan20 description TO_7200_BOT ip address 20.20.20.2 255.255.255.0 ! interface Loopback1 description FOR_OSPF ip address 2.2.2.2 255.255.255.255 ! router ospf ospf router-id 2.2.2.2 network 2.2.2.2/32 area 0 network 10.10.10.0/24 area 0 network 20.20.20.0/24 area 0 ! no login ! end |
7200_BOT#sh run ! hostname 7200_BOT ! Interface Ethernet0 ip address 192.168.255.15 255.255.255.0 ! evpn nve source-address 3.3.3.3 ! vlan 1 ! vlan 20 name TO_6200 ! loopback-group 1 ! nvi 10 vxlan-id 10 evpn rd 2:2 route-target both 1:1 route-target both 2:2 enable evpn-exit ! ! Interface Ethernet1/0/1 speed-duplex force1g-full description TO_2100_PC switchport access vlan 20 xconnect nvi 10 ! Interface Ethernet1/0/2 speed-duplex force1g-full ! Interface Ethernet1/0/3 speed-duplex force1g-full description FOR_VXLAN_PROXY loopback-group 1 ! Interface Ethernet1/0/48 speed-duplex force10g-full description TO_6200 switchport access vlan 20 ! vxlan proxy loopback-group 1 ! interface Vlan1 ! interface Vlan20 description TO_6200 ip address 20.20.20.1 255.255.255.0 ! interface Loopback1 description TO_OSPF_BGP ip address 3.3.3.3 255.255.255.255 ! router ospf ospf router-id 3.3.3.3 network 3.3.3.3/32 area 0 network 20.20.20.0/24 area 0 ! router bgp 100 neighbor 1.1.1.1 remote-as 100 neighbor 1.1.1.1 update-source 3.3.3.3 address-family l2vpn evpn neighbor 1.1.1.1 activate exit-address-family ! end |
show ip bgp evpn all
show nvi nve tunnel
show nvi statistics
show vxlan mac-address-table
show bgp neighbors
7200_TOP#show ip bgp evpn all
BGP local router ID is 1.1.1.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - local
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
network format description
RT-1:[RT][ESI][ETID]
RT-2:[RT][ETID][MAC][IPv4/v6]
RT-3:[RT][ETID][IPv4/v6]
RT-4:[RT][ESI][IPv4/v6]
RT-5:[RT][ETID][Prefix len][Prefix]
Route Distinguisher 1:1
Network Next Hop Metric LocPrf Weight Path
*>l[2][0][84a9-387c-c9ae][]
1.1.1.1 100 32768 ?
*>l[3][0][1.1.1.1]
1.1.1.1 100 32768 ?
Route Distinguisher 2:2
Network Next Hop Metric LocPrf Weight Path
*>i[2][0][8c1f-6436-51c9][]
3.3.3.3 100 0 ?
*>i[3][0][3.3.3.3]
3.3.3.3 100 0 ?
7200_TOP#show nvi nve tunnel
NVI 10 vxlan-id 10
Nve name state source destination
Nve1 UP 1.1.1.1 3.3.3.3
7200_TOP#show nvi statistics
The total number of nvi: 1
nvi 10 vxlan-id 10
Item Packets Bytes
Input 40815 4784263
Output 142399 10698411
7200_TOP#show vxlan mac-address-table
Read mac address table....
Nvi-id Mac Address Type Creator Ports
------------------ --------------------------- ------- -------- -------------------------------------
10 84-a9-38-7c-c9-ae DYNAMIC Hardware Ethernet1/0/1
10 8c-1f-64-36-51-c9 DYNAMIC Hardware Nve1
7200_TOP#show bgp neighbors
BGP neighbor is 3.3.3.3, remote AS 100, local AS 100, internal link
BGP version 4, remote router ID 3.3.3.3
BGP state = Established, up for 1d03h16m
Last read 1d03h16m, hold time is 240, keepalive interval is 60 seconds
Neighbor capabilities:
Route refresh: advertised and received (old and new)
Four bytes AS: advertised and received
Address family IPv4 Unicast: advertised and received
Address family L2VPN EVPN: advertised and received
Received 2369 messages, 0 notifications, 0 in queue
Sent 1903 messages, 0 notifications, 0 in queue
Route refresh request: received 0, sent 0
Minimum time between advertisement runs is 5 seconds
Update source is 1.1.1.1
For address family: IPv4 Unicast
BGP table version 1, neighbor version 1
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
0 accepted prefixes
0 announced prefixes
For address family: L2VPN EVPN
BGP table version 6885, neighbor version 6885
Index 1, Offset 0, Mask 0x2
Community attribute sent to this neighbor (both)
2 accepted prefixes
2 announced prefixes
Connections established 2; dropped 1
Local host: 1.1.1.1, Local port: 32792
Foreign host: 3.3.3.3, Foreign port: 179
Nexthop: 1.1.1.1
Nexthop global: fe80::1ac3:f4ff:feb0:e2b
Nexthop local: ::
BGP connection: non shared network
7200_BOT#show ip bgp evpn all
BGP local router ID is 3.3.3.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
network format description
RT-1:[RT][ESI][ETID]
RT-2:[RT][ETID][MAC][IPv4/v6]
RT-3:[RT][ETID][IPv4/v6]
RT-4:[RT][ESI][IPv4/v6]
RT-5:[RT][ETID][Prefix len][Prefix]
Route Distinguisher 1:1
Network Next Hop Metric LocPrf Weight Path
*>i[2][0][84a9-387c-c9ae][]
1.1.1.1 100 0 ?
*>i[3][0][1.1.1.1]
1.1.1.1 100 0 ?
Route Distinguisher 2:2
Network Next Hop Metric LocPrf Weight Path
*> [2][0][8c1f-6436-50c9][]
3.3.3.3 100 32768 ?
*> [2][0][8c1f-6436-51c9][]
3.3.3.3 100 32768 ?
*> [3][0][3.3.3.3]
3.3.3.3 100 32768 ?
7200_BOT#show nvi nve tunnel
NVI 10 vxlan-id 10
Nve name state source destination
Nve1 UP 3.3.3.3 1.1.1.1
7200_BOT#show nvi statistics
The total number of nvi: 1
nvi 10 vxlan-id 10
Item Packets Bytes
Input 24132 1549727
Output 155683 11157402
7200_BOT#show vxlan mac-address-table
Read mac address table....
Nvi-id Mac Address Type Creator Ports
------------------ --------------------------- ------- -------- -------------------------------------
10 84-a9-38-7c-c9-ae DYNAMIC Hardware Nve1
10 8c-1f-64-36-50-c9 DYNAMIC Hardware Ethernet1/0/1
10 8c-1f-64-36-51-c9 DYNAMIC Hardware Ethernet1/0/1 |
-Необходимо существующие mgmt интерфейсы оставить вкл в один свитч, а новые интересы включить согласно схеме только ip поменять и vlan например 11 сделать под тест vxlan.
-Проверил вот такую схему с ноутами - работает.
Из настроек поменялось только то, что до компьютеров изменился vlan.
Было:
Interface Ethernet1/0/1
speed-duplex force1g-full
description TO_PC
switchport access vlan 10
xconnect nvi 10
Стало:
Interface Ethernet1/0/1
speed-duplex force1g-full
description TO_PC
switchport access vlan 11
xconnect nvi 10
какой бы я влан не вешал на один край - пинг до второго края не пропадает - даже trunk вешаю, пинг всё равно есть
Как я себе это объясняю. До узла единственно важной настройка является xconnect nvi X - привязываем трафик с порта к внутреннему интерфейсу VXLAN.
Поэтому поменяв сети с обоих концов на 10.10.11.0/24 и ноутбуки продолжили друг друга пинговать.
Вместо ноутов сейчас подключил Гравитроны в новые сетевые адаптеры
Старые сетевые адаптеры гравитронов, вместе с ноутом-Anydesk, вывел в management vlan
После настроен SpaceVM show команды выглядят следующим образом:
7200_TOP#show ip bgp evpn all BGP local router ID is 1.1.1.1 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - local S Stale Origin codes: i - IGP, e - EGP, ? - incomplete network format description RT-1:[RT][ESI][ETID] RT-2:[RT][ETID][MAC][IPv4/v6] RT-3:[RT][ETID][IPv4/v6] RT-4:[RT][ESI][IPv4/v6] RT-5:[RT][ETID][Prefix len][Prefix] Route Distinguisher 1:1 Network Next Hop Metric LocPrf Weight Path *>l[2][0][02ff-f024-eaee][] 1.1.1.1 100 32768 ? *>l[2][0][a863-7d41-f7a7][] 1.1.1.1 100 32768 ? *>l[3][0][1.1.1.1] 1.1.1.1 100 32768 ? Route Distinguisher 2:2 Network Next Hop Metric LocPrf Weight Path *>i[2][0][02ff-f024-5278][] 3.3.3.3 100 0 ? *>i[2][0][8c1f-6436-51c9][] 3.3.3.3 100 0 ? *>i[2][0][8c1f-6436-51ca][] 3.3.3.3 100 0 ? *>i[3][0][3.3.3.3] 3.3.3.3 100 0 ? 7200_TOP#show nvi nve tunnel NVI 10 vxlan-id 10 Nve name state source destination Nve1 UP 1.1.1.1 3.3.3.3 7200_TOP#show nvi statistics The total number of nvi: 1 nvi 10 vxlan-id 10 Item Packets Bytes Input 721401186 78777211846 Output 2757875147 272768776903 7200_TOP#show vxlan mac-address-table Read mac address table.... Nvi-id Mac Address Type Creator Ports ------------------ --------------------------- ------- -------- ------------------------------------- 10 02-ff-f0-24-52-78 DYNAMIC Hardware Nve1 10 02-ff-f0-24-ea-ee DYNAMIC Hardware Ethernet1/0/1 10 8c-1f-64-36-51-c9 DYNAMIC Hardware Nve1 10 8c-1f-64-36-51-ca DYNAMIC Hardware Nve1 10 a8-63-7d-41-f7-a7 DYNAMIC Hardware Ethernet1/0/1 7200_TOP#show bgp neighbors BGP neighbor is 3.3.3.3, remote AS 100, local AS 100, internal link BGP version 4, remote router ID 3.3.3.3 BGP state = Established, up for 02w1d23h Last read 02w1d23h, hold time is 240, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received (old and new) Four bytes AS: advertised and received Address family IPv4 Unicast: advertised and received Address family L2VPN EVPN: advertised and received Received 26752 messages, 0 notifications, 0 in queue Sent 26791 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 5 seconds Update source is 1.1.1.1 For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Index 1, Offset 0, Mask 0x2 Community attribute sent to this neighbor (both) 0 accepted prefixes 0 announced prefixes For address family: L2VPN EVPN BGP table version 23936, neighbor version 23936 Index 1, Offset 0, Mask 0x2 Community attribute sent to this neighbor (both) 4 accepted prefixes 3 announced prefixes Connections established 2; dropped 1 Local host: 1.1.1.1, Local port: 179 Foreign host: 3.3.3.3, Foreign port: 32800 Nexthop: 1.1.1.1 Nexthop global: fe80::1ac3:f4ff:feb0:e2b Nexthop local: :: BGP connection: non shared network |
7200_BOT#show ip bgp evpn all BGP local router ID is 3.3.3.3 Status codes: s suppressed, d damped, h history, * valid, > best, i - internal, l - local S Stale Origin codes: i - IGP, e - EGP, ? - incomplete network format description RT-1:[RT][ESI][ETID] RT-2:[RT][ETID][MAC][IPv4/v6] RT-3:[RT][ETID][IPv4/v6] RT-4:[RT][ESI][IPv4/v6] RT-5:[RT][ETID][Prefix len][Prefix] Route Distinguisher 1:1 Network Next Hop Metric LocPrf Weight Path *>i[2][0][02ff-f024-eaee][] 1.1.1.1 100 0 ? *>i[2][0][a863-7d41-f7a7][] 1.1.1.1 100 0 ? *>i[3][0][1.1.1.1] 1.1.1.1 100 0 ? Route Distinguisher 2:2 Network Next Hop Metric LocPrf Weight Path *>l[2][0][02ff-f024-5278][] 3.3.3.3 100 32768 ? *>l[2][0][8c1f-6436-51c9][] 3.3.3.3 100 32768 ? *>l[2][0][8c1f-6436-51ca][] 3.3.3.3 100 32768 ? *>l[3][0][3.3.3.3] 3.3.3.3 100 32768 ? 7200_BOT#show nvi nve tunnel NVI 10 vxlan-id 10 Nve name state source destination Nve1 UP 3.3.3.3 1.1.1.1 7200_BOT#show nvi statistics The total number of nvi: 1 nvi 10 vxlan-id 10 Item Packets Bytes Input 1671125748 191022265591 Output 3263306345 362738726828 7200_BOT#show vxlan mac-address-table Read mac address table.... Nvi-id Mac Address Type Creator Ports ------------------ --------------------------- ------- -------- ------------------------------------- 10 02-ff-f0-24-52-78 DYNAMIC Hardware Ethernet1/0/1 10 02-ff-f0-24-ea-ee DYNAMIC Hardware Nve1 10 8c-1f-64-36-51-c9 DYNAMIC Hardware Ethernet1/0/1 10 8c-1f-64-36-51-ca DYNAMIC Hardware Ethernet1/0/1 10 a8-63-7d-41-f7-a7 DYNAMIC Hardware Nve1 7200_BOT#show bgp neighbors BGP neighbor is 1.1.1.1, remote AS 100, local AS 100, internal link BGP version 4, remote router ID 1.1.1.1 BGP state = Established, up for 02w1d23h Last read 02w1d23h, hold time is 240, keepalive interval is 60 seconds Neighbor capabilities: Route refresh: advertised and received (old and new) Four bytes AS: advertised and received Address family IPv4 Unicast: advertised and received Address family L2VPN EVPN: advertised and received Received 26794 messages, 0 notifications, 0 in queue Sent 26754 messages, 0 notifications, 0 in queue Route refresh request: received 0, sent 0 Minimum time between advertisement runs is 5 seconds Update source is 3.3.3.3 For address family: IPv4 Unicast BGP table version 1, neighbor version 1 Index 1, Offset 0, Mask 0x2 Community attribute sent to this neighbor (both) 0 accepted prefixes 0 announced prefixes For address family: L2VPN EVPN BGP table version 38990, neighbor version 38990 Index 1, Offset 0, Mask 0x2 Community attribute sent to this neighbor (both) 3 accepted prefixes 4 announced prefixes Connections established 4; dropped 3 Local host: 3.3.3.3, Local port: 32800 Foreign host: 1.1.1.1, Foreign port: 179 Nexthop: 3.3.3.3 Nexthop global: fe80::1ac3:f4ff:feb0:303 Nexthop local: :: BGP connection: non shared network |
Настроил адрес 10.10.10.5 на коммутаторе 2100_PC