Просмотреть исходный

Схема:

Важно:

Отключать spanning-tree до узлов. Он может блокировать линки.
Настраивать одинаковый route-target both 100:100, чтобы была маршрутизация между nvi.
На узлах настроен более точный маршрут 20.1.1.0/24 [1/0] via 10.1.1.1, до основного шлюза, а не 0.0.0.0. Потому что пинг может быть не стабилен если много DG настроено.

Настройки:

7200_TOP:

hostname 7200_TOP
sysLocation 123007, Moscow, 1-st Magistralnaya street, 13b7
sysContact 8(800)302-42-57
!
multi config access
authentication logging enable
!
username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5
username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e
!
authentication line console login local
!
!
!
!
!
ssh-server enable
ssh-server timeout 600
!
info-center logfile 4 config count 40960 flash logfile.log
info-center logfile 4 output-enable
info-center logfile 4 match level warnings
info-center logfile 3 record-cmd
info-center logfile 4 record-cmd
!
!
!
lldp enable
spanning-tree
!
!
!
Interface Ethernet0
ip address 192.168.255.11 255.255.255.0
!
!
!
!
evpn nve source-address 1.1.1.1
!
!
vlan 1;10
!
vxlan remote mac-address-learning disable
vxlan remote arp-learning disable
vxlan remote nd-learning disable
loopback-group 1
!
nvi 10
vxlan-id 10
evpn
rd 1:1
route-target both 100:100
enable
evpn-exit
!
nvi 20
vxlan-id 20
evpn
rd 30:30
route-target both 100:100
enable
evpn-exit
!
!
!

Interface Ethernet1/0/3
speed-duplex force1g-full
description For_VXLAN_proxy
loopback-group 1
!
Interface Ethernet1/0/4
speed-duplex force1g-full
description TO_2100
no spanning-tree
xconnect nvi 20
esi 0011.2222.3333.4444.5555
!
Interface Ethernet1/0/5
!
!

Interface Ethernet1/0/24
!
Interface Ethernet1/0/25
speed-duplex force1g-full
description TO_VNC3000
no spanning-tree
xconnect nvi 10
esi 0011.2222.3333.4444.4444
!
Interface Ethernet1/0/26
speed-duplex force1g-full
!
!

Interface Ethernet1/6/1
speed-duplex force40g-full
description TO_7200_32Q
switchport access vlan 10
!
vxlan proxy loopback-group 1
!
ip vrf vpn1
rd 33:1
route-target both 100:1
l3-vni 1000
!
interface Vlan1
ip address 192.168.1.1 255.255.255.0
!
interface Vlan10
ip address 10.10.10.1 255.255.255.0
!
interface Loopback1
ip address 1.1.1.1 255.255.255.255
!
interface Nvi-interface10
ip vrf forwarding vpn1
mac-address 00-00-33-33-99-99
distributed-gateway enable
ipv6 address 2103::1/64
ip address 10.1.1.1 255.255.255.0
!
interface Nvi-interface20
ip vrf forwarding vpn1
mac-address 00-00-33-34-99-99
distributed-gateway enable
ipv6 address 2203::1/64
ip address 20.1.1.1 255.255.255.0
!
router ospf 1
ospf router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.10.10.0 0.0.0.255 area 0
!
router bgp 100
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source 1.1.1.1
neighbor 3.3.3.3 remote-as 100
neighbor 3.3.3.3 update-source 1.1.1.1
address-family l2vpn evpn
neighbor 2.2.2.2 activate
neighbor 3.3.3.3 activate
exit-address-family
address-family ipv4 vrf vpn1
redistribute connected
exit-address-family
!
ip route 0.0.0.0/0 192.168.255.1
ip route 10.0.254.0/23 192.168.255.1
!
!
exec-timeout 30 0
no login
!
end

7200_BOT:

hostname 7200_BOT
sysLocation 123007, Moscow, 1-st Magistralnaya street, 13b7
sysContact 8(800)302-42-57
!
multi config access
authentication logging enable
!
username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5
username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e
!
authentication line console login local
!
!
!
!
!
ssh-server enable
ssh-server timeout 600
!
info-center logfile 4 config count 40960 flash logfile.log
info-center logfile 4 output-enable
info-center logfile 4 match level warnings
info-center logfile 4 record-cmd
!
!
!
lldp enable
spanning-tree
!
!
!
Interface Ethernet0
ip address 192.168.255.15 255.255.255.0
!
!
!
!
evpn nve source-address 3.3.3.3
!
!
vlan 1;20
!
vxlan remote mac-address-learning disable
vxlan remote arp-learning disable
vxlan remote nd-learning disable
loopback-group 1
!
nvi 10
vxlan-id 10
evpn
rd 3:3
route-target both 100:100
enable
evpn-exit
!
nvi 20
vxlan-id 20
evpn
rd 30:30
route-target both 100:100
enable
evpn-exit
!
!
Interface Ethernet1/0/1
speed-duplex force1g-full
description TO_2100
no spanning-tree
xconnect nvi 20
esi 0011.2222.3333.4444.5555
!
Interface Ethernet1/0/2
speed-duplex force1g-full
!
Interface Ethernet1/0/3
speed-duplex force1g-full
description For_VXLAN_proxy
loopback-group 1
!
Interface Ethernet1/0/4
speed-duplex force1g-full
!

Interface Ethernet1/0/24
!
Interface Ethernet1/0/25
speed-duplex force1g-full
description TO_VNC3000
no spanning-tree
xconnect nvi 10
esi 0011.2222.3333.4444.4444
!
!

Interface Ethernet1/6/1
speed-duplex force40g-full
description TO_7200_32Q
switchport access vlan 20
!
vxlan proxy loopback-group 1
!
ip vrf vpn1
rd 33:1
route-target both 100:1
l3-vni 1000
!
interface Vlan20
ip address 20.20.20.1 255.255.255.0
!
interface Loopback1
ip address 3.3.3.3 255.255.255.255
!
interface Nvi-interface10
ip vrf forwarding vpn1
mac-address 00-00-33-33-99-99
distributed-gateway enable
ipv6 address 2103::1/64
ip address 10.1.1.1 255.255.255.0
!
interface Nvi-interface20
ip vrf forwarding vpn1
mac-address 00-00-33-34-99-99
distributed-gateway enable
ipv6 address 2203::1/64
ip address 20.1.1.1 255.255.255.0
!
router ospf 1
ospf router-id 3.3.3.3
network 3.3.3.3 0.0.0.0 area 0
network 20.20.20.0 0.0.0.255 area 0
!
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source 3.3.3.3
neighbor 2.2.2.2 remote-as 100
neighbor 2.2.2.2 update-source 3.3.3.3
address-family l2vpn evpn
neighbor 1.1.1.1 activate
neighbor 2.2.2.2 activate
exit-address-family
address-family ipv4 vrf vpn1
redistribute connected
exit-address-family
!
ip route 0.0.0.0/0 192.168.255.1
ip route 10.0.254.0/23 192.168.255.1
!
!
exec-timeout 30 0
no login
!
end

7200_32Q:

hostname 7200_32Q
sysLocation 123007, Moscow, 1-st Magistralnaya street, 13b7
sysContact 8(800)302-42-57
!
authentication logging enable
!
username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5
username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e
username test password 7 098f6bcd4621d373cade4e832627b4f6
!
authentication line console login local
!
!
!
!
!
ssh-server enable
ssh-server timeout 600
!
info-center logfile 4 config count 40960 flash logfile.log
info-center logfile 4 output-enable
info-center logfile 4 match level warnings
!
!
!
!
!
Interface Ethernet0
ip address 192.168.255.17 255.255.255.0
!
!
!
!
!
vlan 1;10;20
!
!
Interface Ethernet1/1/1
!
Interface Ethernet1/2/1
!
Interface Ethernet1/3/1
!
Interface Ethernet1/4/1
!
Interface Ethernet1/5/1
!
Interface Ethernet1/6/1
!
Interface Ethernet1/7/1
!
Interface Ethernet1/8/1
!
Interface Ethernet1/9/1
!
Interface Ethernet1/10/1
!
Interface Ethernet1/11/1
!
Interface Ethernet1/12/1
!
Interface Ethernet1/13/1
!
Interface Ethernet1/14/1
!
Interface Ethernet1/15/1
!
Interface Ethernet1/16/1
!
Interface Ethernet1/17/1
!
Interface Ethernet1/18/1
!
Interface Ethernet1/19/1
!
Interface Ethernet1/20/1
!
Interface Ethernet1/20/2
!
Interface Ethernet1/20/3
!
Interface Ethernet1/20/4
!
Interface Ethernet1/21/1
!
Interface Ethernet1/22/1
!
Interface Ethernet1/23/1
!
Interface Ethernet1/24/1
!
Interface Ethernet1/25/1
!
Interface Ethernet1/26/1
!
Interface Ethernet1/27/1
!
Interface Ethernet1/28/1
!
Interface Ethernet1/29/1
!
Interface Ethernet1/30/1
description 7200_TOP-100G-down
shutdown
!
Interface Ethernet1/31/1
speed-duplex force40g-full
description TO_7200_TOP
switchport access vlan 10
!
Interface Ethernet1/32/1
speed-duplex force40g-full
description TO_7200_BOT
switchport access vlan 20
!
interface Vlan10
ip address 10.10.10.2 255.255.255.0
!
interface Vlan20
ip address 20.20.20.2 255.255.255.0
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
router ospf 1
ospf router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 10.10.10.0 0.0.0.255 area 0
network 20.20.20.0 0.0.0.255 area 0
!
ip route 0.0.0.0/0 192.168.255.1
ip route 10.0.254.0/23 10.0.1.1
!
!
no login
!
end

Тесты:

Используемые show команды:

show arp vrf vpn1
show ip route vrf vpn1
show ip bgp neighbors
show evpn nve all
show evpn nvi all
show nvi nve tunnel
show vxlan mac-address-table
show ip bgp evpn all

Когда включены все линки.

All show commands in attach, file "show_commands_1.txt".

Если отключить оба линка до PE.
Например до PE1:

All show commands in attach, file "show_commands_2.txt".

Если отключить оба линка до PE2.

All show commands in attach, file "show_commands_3.txt".

Если отключить два линка так, чтобы основные шлюзы для узлов были на разных коммутаторах.

All show commands in attach, file "show_commands_4.txt".

Отключить другие два линка.

All show commands in attach, file "show_commands_5.txt".

Переключил толстый компьютер из 1/0/6 стека VA2100-24P в порт 2 нижнего 7200.

Interface Ethernet1/0/2
no spanning-tree
xconnect nvi 10

FAT_ctrl
10.1.1.21 255.255.255.0

пинг до 10.1.1.11 появился не сразу.
Пропинговал сначала все шлюза с VNC, потом FAT.

Переключил, линк из порта 2 верхнего 7200 в порт 4 нижнего 7200.

BOT
Interface Ethernet1/0/4
speed-duplex force1g-full
description Slim_node
no spanning-tree
xconnect nvi 20
esi 0011.2222.3333.4444.6666

TOP
Interface Ethernet1/0/1
speed-duplex force1g-full
description TO_PC_slim
no spanning-tree
xconnect nvi 20
esi 0011.2222.3333.4444.6666

Slim_node

20.1.1.21 255.255.255.0

iperf3 -c 10.1.1.21 -R -P 10 -V -t 0
iperf3 -s

Подождать 10 секунд прежде чем ребутать второй интерфейс

ребут интерфейса на linux
выключение линка на 1-ом коммутаторе
педание суммарной скорости на 100 mbit на одно измерение (с 900 до 800)
включение линка на 1-ом коммутаторе
педание суммарной скорости на 100 mbit на одно измерение (с 900 до 800)
выключение линка на 2-ом коммутаторе
падение суммарной скорости до 0 на 20 секунд, потом поднятие до 900 обратно, но с кривоватыми значениями по потокам.
включение линка на 2-ом коммутаторе
визуально поведение iperf не изменилось
выключение линка на 1-ом коммутаторе
педание суммарной скорости на 100 mbit на одно измерение (с 900 до 800)
иногда падение скорости до 1 mbit
включение линка на 1-ом коммутаторе
визуально поведение iperf не изменилось
выключение линка на 2-ом коммутаторе
падение суммарной скорости до 0 на 20 секунд, потом поднятие до 900 обратно, но с кривоватыми значениями по потокам.

Вынули 32Q

Вот его конфиг:
7200_32Q#show run
!!
switch convert mode stand-alone
!!
!
no service password-encryption
!
hostname 7200_32Q
sysLocation 123007, Moscow, 1-st Magistralnaya street, 13b7
sysContact 8(800)302-42-57
!
authentication logging enable
!
username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5
username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e
username test password 7 098f6bcd4621d373cade4e832627b4f6
!
authentication line console login local
!
!
!
!
!
ssh-server enable
ssh-server timeout 600
!
info-center logfile 4 config count 40960 flash logfile.log
info-center logfile 4 output-enable
info-center logfile 4 match level warnings
!
!
!
!
!
Interface Ethernet0
ip address 192.168.255.17 255.255.255.0
!
!
!
!
port-group 100
!
!
vlan 1;10;20
!
!
Interface Ethernet1/1/1
!
Interface Ethernet1/2/1
!
Interface Ethernet1/3/1
!
Interface Ethernet1/4/1
!
Interface Ethernet1/5/1
!
Interface Ethernet1/6/1
!
Interface Ethernet1/7/1
!
Interface Ethernet1/8/1
!
Interface Ethernet1/9/1
!
Interface Ethernet1/10/1
!
Interface Ethernet1/11/1
!
Interface Ethernet1/12/1
!
Interface Ethernet1/13/1
!
Interface Ethernet1/14/1
!
Interface Ethernet1/15/1
!
Interface Ethernet1/16/1
!
Interface Ethernet1/17/1
!
Interface Ethernet1/18/1
!
Interface Ethernet1/19/1
!
Interface Ethernet1/20/1
!
Interface Ethernet1/20/2
!
Interface Ethernet1/20/3
!
Interface Ethernet1/20/4
!
Interface Ethernet1/21/1
!
Interface Ethernet1/22/1
!
Interface Ethernet1/23/1
!
Interface Ethernet1/24/1
!
Interface Ethernet1/25/1
!
Interface Ethernet1/26/1
!
Interface Ethernet1/27/1
!
Interface Ethernet1/28/1
!
Interface Ethernet1/29/1
!
Interface Ethernet1/30/1
description 7200_TOP-100G-down
shutdown
!
Interface Ethernet1/31/1
speed-duplex force40g-full
description TO_7200_TOP
switchport access vlan 10
!
Interface Ethernet1/32/1
speed-duplex force40g-full
description TO_7200_BOT
switchport access vlan 20
!
Interface Port-Channel100
load-balance enhance-profile
!
interface Vlan10
ip address 10.10.10.2 255.255.255.0
!
interface Vlan20
ip address 20.20.20.2 255.255.255.0
!
interface Loopback1
ip address 2.2.2.2 255.255.255.255
!
router ospf 1
ospf router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 10.10.10.0 0.0.0.255 area 0
network 20.20.20.0 0.0.0.255 area 0
!
ip route 0.0.0.0/0 192.168.255.1
ip route 10.0.254.0/23 10.0.1.1
!
!
no login
!
end

Обновил до V705R203C001B041