E-VXLAN_Centr_Multi_Act_Gate_Spine1.cfgE-VXLAN_Centr_Multi_Act_Gate_Leaf.cfgE-VXLAN_Centr_Multi_Act_Gate_Spine2.cfg

После того, как два spine запустят функцию VEG (virtual-equipment-group) и настроят один и тот же NVE адрес источника (внешний/externel интерфейс тоннеля через который ходит трафик)  и привяжут VEG  к интерфейсу NVI (внутренний/internel интерфейс, трафик с которого будет туннелироваться), служба синхронизации ARP и ND будет автоматически включена.

Настройка Spine1:

!#Создать vlan
#Настроим интерфейсы vlan12, vlan100, loopback1 and loopback2:

Spine1(config)#interface vlan 12
Spine1(config-if-vlan12)#ip address 12.1.1.2 255.255.255.0
Spine1(config)#interface vlan 100
Spine1(config-if-vlan100)#ip address 100.1.1.3 255.255.255.0
Spine1(config)#interface loopback 1
Spine1(config-if-loopback1)#ip address 2.2.2.2 255.255.255.255
Spine1(config)#interface loopback 2
Spine1(config-if-loopback2)#ip address 5.5.5.5 255.255.255.255

#настроим глобальный nve адрес источника 

Spine1(config)#evpn nve source-address 2.2.2.2

#Выключим nvi-vlan mapping monitor of EVPN

Spine1(config)#evpn nvi-vlan-mapping-monitor disable

#!% Global EVPN NVE source address has been configured!
#Настроим service loopback group 1, для vxlan.

Spine1(config)#loopback-group 1
Spine1(config)#interface ethernet 1/0/3
Spine1(config-if-ethernet1/0/3)#loopback-group 1
Spine1(config)#vxlan proxy loopback-group 1

#Настроим virtual equipment group (VEG)

Spine1(config)#virtual-equipment-group 1
Spine1(config-veg1)#source ip 100.1.1.3
Spine1(config-veg1)#remote ip 100.1.1.2

#Настроим virtual switch instance - nvi 10 и включим evpn

Spine1(config)#nvi 10
Spine1(config-nvi)#vxlan-id 10
Spine1(config-nvi)#evpn
Spine1(config-nvi-evpn)#rd 1:1
Spine1(config-nvi-evpn)#route-target both 1000:1000
Spine1(config-nvi-evpn)#enable

#Настроим L3VPN instance

Spine1(config)#ip vrf vpn1
Spine1(config-vrf)#rd 1000:1000
Spine1(config-vrf)#route-target both 1000:1000

#Настроим gateway interface of the virtual switch instance(nvi)

Spine1(config)#interface nvi-interface 10
Spine1(config-if-nvi-interface10)#ip vrf forwarding vpn1

!# Interface IP address removed due to (из-за) enabling VRF vpn1

Spine1(config-if-nvi-interface10)#mac-address 90-3c-bb-aa-ee-ff
Spine1(config-if-nvi-interface10)#ipv6 address 10::1/64
Spine1(config-if-nvi-interface10)#virtual-equipment-group 1
Spine1(config-if-nvi-interface10)#ip address 10.1.1.1 255.255.255.0

#Включим ospf protocol и настроим ospf area к которым интерфейс принадлежит

Spine1(config)#router ospf 1
Spine1(config-router)#ospf router-id 5.5.5.5
Spine1(config-router)#network 2.2.2.2 0.0.0.0 area 0
Spine1(config-router)#network 5.5.5.5 0.0.0.0 area 0
Spine1(config-router)#network 12.1.1.0 0.0.0.255 area 0
Spine1(config-router)#network 100.1.1.0 0.0.0.255 area 0

#Включим bgp protocol и объявим возможность evpn для bgp peer

Spine1(config)#router bgp 100
Spine1(config-router)#neighbor 1.1.1.1 remote-as 100
Spine1(config-router)#neighbor 1.1.1.1 update-source 5.5.5.5
Spine1(config-router)#address-family l2vpn evpn
Spine1(config-router-af)#neighbor 1.1.1.1 activate
Spine1(config-router-af)#exit-address-family


Настройка Spine2:


#Configure interface vlan14, vlan100, loopback1 and loopback2
interface vlan 14
ip address 14.1.1.2 255.255.255.0
interface vlan 100
ip address 100.1.1.2 255.255.255.0
interface loopback 1
ip address 2.2.2.2 255.255.255.255
interface loopback 2
ip address 6.6.6.6 255.255.255.255

#Configure the global nve source address
evpn nve source-address 2.2.2.2

#Disable the nvi-vlan mapping monitor of EVPN
evpn nvi-vlan-mapping-monitor disable


#Configure the service loopback group 1 referenced by vxlan
loopback-group 1
interface ethernet 1/0/3
loopback-group 1
vxlan proxy loopback-group 1

#Configure the virtual equipment group
virtual-equipment-group 1
source ip 100.1.1.2
remote ip 100.1.1.3

#Configure virtual switch instance nvi 10 and enable evpn
nvi 10
vxlan-id 10
evpn
rd 1:1
route-target both 1000:1000
enable

#Configure L3VPN instance
ip vrf vpn1
rd 1000:1000
route-target both 1000:1000

#Configure the gateway interface of the virtual switch instance
interface nvi-interface 10
ip vrf forwarding vpn1


mac-address 90-3c-bb-aa-ee-ff
ipv6 address 10::1/64
virtual-equipment-group 1
ip address 10.1.1.1 255.255.255.0

#Start the ospf protocol and configure the ospf area to which the interface belongs
router ospf 1
ospf router-id 6.6.6.6
network 2.2.2.2 0.0.0.0 area 0
network 6.6.6.6 0.0.0.0 area 0
network 14.1.1.0 0.0.0.255 area 0
network 100.1.1.0 0.0.0.255 area 0

#Start the bgp protocol and declare evpn capability to the bgp peer
router bgp 100
neighbor 1.1.1.1 remote-as 100
neighbor 1.1.1.1 update-source 6.6.6.6
address-family l2vpn evpn
Spine2(config-router-af)#neighbor 1.1.1.1 activate
Spine2(config-router-af)#exit-address-family


Настройка Leaf:

!#Создать vlan

#Configure interface vlan12, vlan14 and loopback1
Leaf(config)#interface vlan 12
Leaf(config-if-vlan12)#ip address 12.1.1.1 255.255.255.0
Leaf(config)#interface vlan 14
Leaf(config-if-vlan14)#ip address 14.1.1.1 255.255.255.0
Leaf(config)#interface loopback 1
Leaf(config-if-loopback1)#ip address 1.1.1.1 255.255.255.255

#Configure the global nve source address
Leaf(config)#evpn nve source-address 1.1.1.1

!# не настройки evpn nvi-vlan-mapping-monitor disable!

#Configure the service loopback group 1 referenced by vxlan
Leaf(config)#loopback-group 1
Leaf(config)#interface ethernet 1/0/3
Leaf(config-if-ethernet1/0/3)#loopback-group 1
Leaf(config)#vxlan proxy loopback-group 1

#Configure virtual switch instance nvi 10 and enable evpn
Leaf(config)#nvi 10
Leaf(config-nvi)#vxlan-id 10
Leaf(config-nvi)#evpn
Leaf(config-nvi-evpn)#rd 1:1
Leaf(config-nvi-evpn)#route-target both 1000:1000
Leaf(config-nvi-evpn)#enable

#Configure ARP/ND suppression
Leaf(config-nvi)#arp suppression enable
Leaf(config-nvi)#nd suppression enable

!#Если использовать mode vlan svid <X>, то нужно отдавать с конечного узла тегированный трафик с vlan <X>.
!interface ethernet 1/0/25
!# поэтому мы будем использовать xconnect nvi 10 - это будет по умолчанию mode ethernet , интерфейс будет ожидать нетегированный трафик. Привязываем трафик с порта к внутреннему интерфейсу VXLAN
!# switchport access vlan 10

!# смотри комментарии выше Configure service access

Leaf(config)#interface ethernet 1/0/5
Leaf(config-if-ethernet1/0/5)#xconnect nvi 10 mode vlan svid 100

#Start the ospf protocol and configure the ospf area to which the interface belongs
Leaf(config)#router ospf 1
Leaf(config-router)#ospf router-id 1.1.1.1
Leaf(config-router)#network 1.1.1.1 0.0.0.0 area 0
Leaf(config-router)#network 12.1.1.0 0.0.0.255 area 0
Leaf(config-router)#network 14.1.1.0 0.0.0.255 area 0

#Start the bgp protocol and declare evpn capability to the bgp peer
Leaf(config)#router bgp 100
Leaf(config-router)#neighbor 5.5.5.5 remote-as 100
Leaf(config-router)#neighbor 5.5.5.5 update-source 1.1.1.1
Leaf(config-router)#neighbor 6.6.6.6 remote-as 100
Leaf(config-router)#neighbor 6.6.6.6 update-source 1.1.1.1
Leaf(config-router)#address-family l2vpn evpn
Leaf(config-router-af)#neighbor 5.5.5.5 activate
Leaf(config-router-af)#neighbor 6.6.6.6 activate
Leaf(config-router-af)#exit-address-family


Конфиг 7200_TOP_Leaf

!!
switch convert mode stand-alone
vsf member 2
vsf priority 16
vsf port-group 1
 vsf port-group Interface Ethernet1/1/1
!
vsf port-group 2
 vsf port-group Interface Ethernet1/2/1
!
!!
!
no service password-encryption
!
hostname 7200_TOP_Leaf
sysLocation 123007, Moscow, 1-st Magistralnaya street, 13b7
sysContact 8(800)302-42-57
!
multi config access
authentication logging enable
!
username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5
username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e
!
authentication line console login local
!
!
!
!
!
ssh-server enable
ssh-server timeout 600
!
info-center logfile 4 config count 40960 flash logfile.log
info-center logfile 4 output-enable
info-center logfile 4 match level warnings 
info-center logfile 3 record-cmd
info-center logfile 4 record-cmd
!
!
!
lldp enable
spanning-tree
!
!
!
Interface Ethernet0
 ip address 192.168.255.11 255.255.255.0
!
!
!
!
evpn nve source-address 1.1.1.1
!
!         
vlan 1 
!
vlan 12
 name TO_32Q_VXLAN
!
vlan 14
 name TO_BOT_VXLAN
!
vlan 100
 name For_untag_svid
!
loopback-group 1
!
nvi 10
 vxlan-id 10
 evpn
  rd 1:1
  route-target both 1000:1000
  enable
  evpn-exit
 arp suppression enable
 nd suppression enable
!
!
Interface Ethernet1/0/1
 speed-duplex force1g-full
 description TO_PC_slim
 no spanning-tree
!
Interface Ethernet1/0/2
 speed-duplex force1g-full
 description TO_PC_slim
 no spanning-tree
!
Interface Ethernet1/0/3
 speed-duplex force1g-full
 description For_vxlan_proxy
 loopback-group 1
!
Interface Ethernet1/0/4
 speed-duplex force1g-full
!
Interface Ethernet1/0/5
!
Interface Ethernet1/0/6
!
Interface Ethernet1/0/7
!
Interface Ethernet1/0/8
!
Interface Ethernet1/0/9
!
Interface Ethernet1/0/10
!
Interface Ethernet1/0/11
!
Interface Ethernet1/0/12
!
Interface Ethernet1/0/13
!
Interface Ethernet1/0/14
!
Interface Ethernet1/0/15
!
Interface Ethernet1/0/16
!
Interface Ethernet1/0/17
!
Interface Ethernet1/0/18
!
Interface Ethernet1/0/19
!
Interface Ethernet1/0/20
!
Interface Ethernet1/0/21
!
Interface Ethernet1/0/22
!
Interface Ethernet1/0/23
!
Interface Ethernet1/0/24
!
Interface Ethernet1/0/25
 speed-duplex force1g-full
 description TO_VNC3000
 no spanning-tree
 switchport access vlan 100
 xconnect nvi 10 
!
Interface Ethernet1/0/26
 speed-duplex force1g-full
!
Interface Ethernet1/0/27
 speed-duplex force1g-full
!
Interface Ethernet1/0/28
 speed-duplex force1g-full
!
Interface Ethernet1/0/29
!
Interface Ethernet1/0/30
!
Interface Ethernet1/0/31
!
Interface Ethernet1/0/32
!
Interface Ethernet1/0/33
!
Interface Ethernet1/0/34
!         
Interface Ethernet1/0/35
!
Interface Ethernet1/0/36
!
Interface Ethernet1/0/37
!
Interface Ethernet1/0/38
!
Interface Ethernet1/0/39
!
Interface Ethernet1/0/40
!
Interface Ethernet1/0/41
!
Interface Ethernet1/0/42
!
Interface Ethernet1/0/43
!
Interface Ethernet1/0/44
!
Interface Ethernet1/0/45
!
Interface Ethernet1/0/46
!
Interface Ethernet1/0/47
!
Interface Ethernet1/0/48
!
Interface Ethernet1/1/1
!
Interface Ethernet1/2/1
!
Interface Ethernet1/3/1
 description TO_7200_BOT_shutdown
 switchport access vlan 14
!
Interface Ethernet1/4/1
 description desc 7200_32Q-100G
 shutdown
!
Interface Ethernet1/5/1
!
Interface Ethernet1/6/1
 speed-duplex force40g-full
 description TO_7200_32Q
 switchport access vlan 12
!
vxlan proxy loopback-group 1
!
interface Vlan12
 ip address 12.1.1.1 255.255.255.0
!
interface Vlan14
 ip address 14.1.1.1 255.255.255.0
!         
interface Loopback1
 ip address 1.1.1.1 255.255.255.255
!
router ospf 1
 ospf router-id 1.1.1.1
 network 1.1.1.1 0.0.0.0 area 0
 network 12.1.1.0 0.0.0.255 area 0
 network 14.1.1.0 0.0.0.255 area 0
!
router bgp 100
 neighbor 5.5.5.5 remote-as 100
 neighbor 5.5.5.5 update-source 1.1.1.1
 neighbor 6.6.6.6 remote-as 100
 neighbor 6.6.6.6 update-source 1.1.1.1
 address-family l2vpn evpn
 neighbor 5.5.5.5 activate
 neighbor 6.6.6.6 activate
 exit-address-family
!
ip route 0.0.0.0/0 192.168.255.1
ip route 10.0.254.0/23 192.168.255.1
!
!
exec-timeout 30 0
no login
!
end


Конфиг 7200_BOT_Spine2

!!
switch convert mode stand-alone
vsf member 1
vsf priority 32
vsf port-group 1
 vsf port-group Interface Ethernet1/1/1
!
vsf port-group 2
 vsf port-group Interface Ethernet1/2/1
!
!!
!
no service password-encryption
!
hostname 7200_BOT_Spine2
sysLocation 123007, Moscow, 1-st Magistralnaya street, 13b7
sysContact 8(800)302-42-57
!
multi config access
authentication logging enable
!
username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5
username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e
!
authentication line console login local
!
!
!
!
!
ssh-server enable
ssh-server timeout 600
!
info-center logfile 4 config count 40960 flash logfile.log
info-center logfile 4 output-enable
info-center logfile 4 match level warnings 
info-center logfile 4 record-cmd
!
!
!
lldp enable
!
!
Interface Ethernet0
 ip address 192.168.255.15 255.255.255.0
!
!
!
!
evpn nve source-address 2.2.2.2
!
!
vlan 1 
!
vlan 14   
 name TO_TOP_VXLAN
!
vlan 100
 name TO_32Q_VEG
!
loopback-group 1
!
nvi 10
 vxlan-id 10
 evpn
  rd 1:1
  route-target both 1000:1000
  enable
  evpn-exit
!
!
Interface Ethernet1/0/1
 speed-duplex force1g-full
 description TO_2100_PC
!
Interface Ethernet1/0/2
 speed-duplex force1g-full
!
Interface Ethernet1/0/3
 speed-duplex force1g-full
 description For_vxlan_proxy
 loopback-group 1
!
Interface Ethernet1/0/4
 speed-duplex force1g-full
!
Interface Ethernet1/0/5
!
Interface Ethernet1/0/6
!
Interface Ethernet1/0/7
!
Interface Ethernet1/0/8
!
Interface Ethernet1/0/9
!
Interface Ethernet1/0/10
!
Interface Ethernet1/0/11
!
Interface Ethernet1/0/12
!
Interface Ethernet1/0/13
!
Interface Ethernet1/0/14
!
Interface Ethernet1/0/15
!
Interface Ethernet1/0/16
!         
Interface Ethernet1/0/17
!
Interface Ethernet1/0/18
!
Interface Ethernet1/0/19
!
Interface Ethernet1/0/20
!
Interface Ethernet1/0/21
!
Interface Ethernet1/0/22
!
Interface Ethernet1/0/23
!
Interface Ethernet1/0/24
!
Interface Ethernet1/0/25
!
Interface Ethernet1/0/26
!
Interface Ethernet1/0/27
!
Interface Ethernet1/0/28
!
Interface Ethernet1/0/29
!
Interface Ethernet1/0/30
!
Interface Ethernet1/0/31
!
Interface Ethernet1/0/32
!
Interface Ethernet1/0/33
!
Interface Ethernet1/0/34
!
Interface Ethernet1/0/35
!
Interface Ethernet1/0/36
!
Interface Ethernet1/0/37
!
Interface Ethernet1/0/38
!
Interface Ethernet1/0/39
!
Interface Ethernet1/0/40
!
Interface Ethernet1/0/41
!
Interface Ethernet1/0/42
!
Interface Ethernet1/0/43
!
Interface Ethernet1/0/44
!
Interface Ethernet1/0/45
!
Interface Ethernet1/0/46
!
Interface Ethernet1/0/47
!
Interface Ethernet1/0/48
!
Interface Ethernet1/1/1
!
Interface Ethernet1/2/1
!
Interface Ethernet1/3/1
 description TO_7200_TOP
 switchport access vlan 14
!
Interface Ethernet1/4/1
!
Interface Ethernet1/5/1
!
Interface Ethernet1/6/1
 speed-duplex force40g-full
 description TO_7200_32Q
 switchport access vlan 100
!
virtual-equipment-group 1
 source ip 100.1.1.2
 remote ip 100.1.1.3
!
vxlan proxy loopback-group 1
!
ip vrf vpn1
 rd 1000:1000
 route-target both 1000:1000
!
interface Vlan14
 ip address 14.1.1.2 255.255.255.0
!
interface Vlan100
 ip address 100.1.1.2 255.255.255.0
!
interface Loopback1
 ip address 2.2.2.2 255.255.255.255
!
interface Loopback2
 ip address 6.6.6.6 255.255.255.255
!
interface Nvi-interface10
 ip vrf forwarding vpn1
 mac-address 90-3c-bb-aa-ee-ff
 ipv6 address 10::1/64
 virtual-equipment-group 1
 ip address 10.1.1.1 255.255.255.0
!         
router ospf 1
 ospf router-id 6.6.6.6
 network 2.2.2.2 0.0.0.0 area 0
 network 6.6.6.6 0.0.0.0 area 0
 network 14.1.1.0 0.0.0.255 area 0
 network 100.1.1.0 0.0.0.255 area 0
!
router bgp 100
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source 6.6.6.6
 address-family l2vpn evpn
 neighbor 1.1.1.1 activate
 exit-address-family
!
ip route 0.0.0.0/0 192.168.255.1
ip route 10.0.254.0/23 192.168.255.1
!
!
exec-timeout 30 0
no login
!
end


Конфиг 7200_32Q_Spine1

!!
switch convert mode stand-alone
!!
!
service password-encryption
!
hostname 7200_32Q_Spine1
sysLocation 302028, Orel, Razdolnaya, 76b3, 69, Russia
sysContact 8(800)302-42-57
!
multi config access
authentication logging enable
!
username admin privilege 15 password 7 88ad795fe330411b653d6f18e8e4f4e5
username zakko privilege 15 password 7 cc5f68197114476743ac55440382994e
username test password 7 098f6bcd4621d373cade4e832627b4f6
!
authentication line console login local
!
!
!
!
!
ssh-server enable
ssh-server timeout 600
!
info-center logfile 4 config count 40960 flash logfile.log
info-center logfile 4 output-enable
info-center logfile 4 match level warnings 
info-center logfile 4 record-cmd
!
!
!
lldp enable
spanning-tree
!
!
!
Interface Ethernet0
 ip address 192.168.255.17 255.255.255.0
!
!
!
!
evpn nve source-address 2.2.2.2
!
!
vlan 1 
!
vlan 12
 name TO_TOP_VXLAN
!
vlan 100
 name TO_BOT_VEG
!         
loopback-group 1
!
nvi 10
 vxlan-id 10
 evpn
  rd 1:1
  route-target both 1000:1000
  enable
  evpn-exit
!
!
Interface Ethernet1/1/1
!
Interface Ethernet1/2/1
!
Interface Ethernet1/3/1
 description For_vxlan_proxy
 loopback-group 1
!
Interface Ethernet1/4/1
!
Interface Ethernet1/5/1
!
Interface Ethernet1/6/1
!
Interface Ethernet1/7/1
!
Interface Ethernet1/8/1
!
Interface Ethernet1/9/1
!
Interface Ethernet1/10/1
!
Interface Ethernet1/11/1
!
Interface Ethernet1/12/1
!
Interface Ethernet1/13/1
!
Interface Ethernet1/14/1
!
Interface Ethernet1/15/1
!
Interface Ethernet1/16/1
!
Interface Ethernet1/17/1
!
Interface Ethernet1/18/1
!
Interface Ethernet1/19/1
!
Interface Ethernet1/20/1
!
Interface Ethernet1/20/2
!         
Interface Ethernet1/20/3
!
Interface Ethernet1/20/4
!
Interface Ethernet1/21/1
!
Interface Ethernet1/22/1
!
Interface Ethernet1/23/1
!
Interface Ethernet1/24/1
!
Interface Ethernet1/25/1
!
Interface Ethernet1/26/1
!
Interface Ethernet1/27/1
!
Interface Ethernet1/28/1
!
Interface Ethernet1/29/1
!
Interface Ethernet1/30/1
 description 7200_TOP-100G-down
 shutdown
!
Interface Ethernet1/31/1
 speed-duplex force40g-full
 description TO_7200_TOP
 switchport access vlan 12
!
Interface Ethernet1/32/1
 speed-duplex force40g-full
 description TO_7200_BOT
 switchport access vlan 100
!
virtual-equipment-group 1
 source ip 100.1.1.3
 remote ip 100.1.1.2
!
vxlan proxy loopback-group 1
!
ip vrf vpn1
 rd 1000:1000
 route-target both 1000:1000
!
interface Vlan12
 ip address 12.1.1.2 255.255.255.0
!
interface Vlan100
 ip address 100.1.1.3 255.255.255.0
!
interface Loopback1
 ip address 2.2.2.2 255.255.255.255
!         
interface Loopback2
 ip address 5.5.5.5 255.255.255.255
!
interface Nvi-interface10
 ip vrf forwarding vpn1
 mac-address 90-3c-bb-aa-ee-ff
 ipv6 address 10::1/64
 virtual-equipment-group 1
 ip address 10.1.1.1 255.255.255.0
!
router ospf 1
 ospf router-id 5.5.5.5
 network 2.2.2.2 0.0.0.0 area 0
 network 5.5.5.5 0.0.0.0 area 0
 network 12.1.1.0 0.0.0.255 area 0
 network 100.1.1.0 0.0.0.255 area 0
!
router bgp 100
 neighbor 1.1.1.1 remote-as 100
 neighbor 1.1.1.1 update-source 5.5.5.5
 address-family l2vpn evpn
 neighbor 1.1.1.1 activate
 exit-address-family
!
ip route 0.0.0.0/0 192.168.255.1
ip route 10.0.254.0/23 10.0.1.1
!
!
exec-timeout 30 0
no login
!
end


ping vrf vpn1 10.1.1.11 не работает

  • Нет меток

В случае возникновения любых вопросов касательно работы с оборудованием Вектор Технологии просьба обращаться на support@vectortechnologies.ru