Arista EOSのEVPN構成でリーフスイッチのアップリンクの二重障害に対応する方法を説明します。多くの案件では二重障害の対策は不要とされていますが、アップリンクの二重障害は少しの手間で対応する事ができます。
構成図
leaf01のアップリンク2本に障害が発生したシナリオを想定します。
初期設定
「Arista EOS 実践的なLayer2 EVPN設定」が終了した時点のconfigを初期設定とします。
leaf01
! Command: show running-config
! device: leaf01 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname leaf01
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$DY3Y0gCzGUIW6tJw$nwRBX5nN1rhpD/XBNRJPg8w24AcWPIdP.6zXysf6xGB5jEdSE0VDkFm9vw4OA8Kjg92E8F/IWlZG2ykyeGwl/0
!
vlan 12,78
!
vrf instance CONSOLE
!
interface Port-Channel4
switchport mode trunk
mlag 4
!
interface Ethernet1
no switchport
ip address 192.168.15.1/24
!
interface Ethernet2
no switchport
ip address 192.168.16.1/24
!
interface Ethernet3
switchport mode trunk
!
interface Ethernet4
switchport mode trunk
channel-group 4 mode on
!
interface Loopback0
ip address 10.1.1.1/32
!
interface Loopback10
ip address 10.12.12.12/32
!
interface Management1
vrf CONSOLE
ip address 192.168.1.41/24
!
interface Vlan12
ip address 192.168.12.1/24
!
interface Vxlan1
vxlan source-interface Loopback10
vxlan udp-port 4789
vxlan vlan 78 vni 9078
!
ip routing
ip routing vrf CONSOLE
!
mlag configuration
domain-id domain12
local-interface Vlan12
peer-address 192.168.12.2
peer-link Ethernet3
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
router-id 10.1.1.1
timers bgp 10 30
maximum-paths 8 ecmp 16
neighbor 192.168.15.5 remote-as 65000
neighbor 192.168.15.5 send-community
neighbor 192.168.15.5 maximum-routes 12000
neighbor 192.168.16.6 remote-as 65000
neighbor 192.168.16.6 send-community
neighbor 192.168.16.6 maximum-routes 12000
!
vlan 78
rd 10.1.1.1:9078
route-target both 9078:9078
redistribute learned
!
address-family evpn
neighbor 192.168.15.5 activate
neighbor 192.168.16.6 activate
!
address-family ipv4
network 10.1.1.1/32
network 10.12.12.12/32
!
end
leaf02
! Command: show running-config
! device: leaf02 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname leaf02
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$9JQ5M00Xnj2AqWvA$JyN3mfa1nwjGDEvIqHsOuBH3qvT9gyhxjjHFEm..gN31rjrsNYsQygNBTQnP7LKzwNUsQp7gJdJePjiEG4RBv/
!
vlan 12,78
!
vrf instance CONSOLE
!
interface Port-Channel4
switchport mode trunk
mlag 4
!
interface Ethernet1
no switchport
ip address 192.168.25.2/24
!
interface Ethernet2
no switchport
ip address 192.168.26.2/24
!
interface Ethernet3
switchport mode trunk
!
interface Ethernet4
switchport mode trunk
channel-group 4 mode on
!
interface Loopback0
ip address 10.2.2.2/32
!
interface Loopback10
ip address 10.12.12.12/32
!
interface Management1
vrf CONSOLE
ip address 192.168.1.42/24
!
interface Vlan12
ip address 192.168.12.2/24
!
interface Vxlan1
vxlan source-interface Loopback10
vxlan udp-port 4789
vxlan vlan 78 vni 9078
!
ip routing
ip routing vrf CONSOLE
!
mlag configuration
domain-id domain12
local-interface Vlan12
peer-address 192.168.12.1
peer-link Ethernet3
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
router-id 10.2.2.2
timers bgp 10 30
maximum-paths 8 ecmp 16
neighbor 192.168.25.5 remote-as 65000
neighbor 192.168.25.5 send-community
neighbor 192.168.25.5 maximum-routes 12000
neighbor 192.168.26.6 remote-as 65000
neighbor 192.168.26.6 send-community
neighbor 192.168.26.6 maximum-routes 12000
!
vlan 78
rd 10.2.2.2:9078
route-target both 9078:9078
redistribute learned
!
address-family evpn
neighbor 192.168.25.5 activate
neighbor 192.168.26.6 activate
!
address-family ipv4
network 10.2.2.2/32
network 10.12.12.12/32
!
end
leaf03
! Command: show running-config
! device: leaf03 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname leaf03
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$TGVrvmoc9sf9EJQn$TEUpiD7T.OzdOWCnT4os043XKrmLnORhQVTllouCnYVcTvD.CWMgDjeuGOVJmgfOYPQiSIv84s6c7LQVr.BxG1
!
vlan 34,78
!
vrf instance CONSOLE
!
interface Port-Channel4
switchport mode trunk
mlag 4
!
interface Ethernet1
no switchport
ip address 192.168.35.3/24
!
interface Ethernet2
no switchport
ip address 192.168.36.3/24
!
interface Ethernet3
switchport mode trunk
!
interface Ethernet4
switchport mode trunk
channel-group 4 mode on
!
interface Loopback0
ip address 10.3.3.3/32
!
interface Loopback10
ip address 10.34.34.34/32
!
interface Management1
vrf CONSOLE
ip address 192.168.1.43/24
!
interface Vlan34
ip address 192.168.34.3/24
!
interface Vxlan1
vxlan source-interface Loopback10
vxlan udp-port 4789
vxlan vlan 78 vni 9078
!
ip routing
ip routing vrf CONSOLE
!
mlag configuration
domain-id domain34
local-interface Vlan34
peer-address 192.168.34.4
peer-link Ethernet3
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
router-id 10.3.3.3
timers bgp 10 30
maximum-paths 8 ecmp 16
neighbor 192.168.35.5 remote-as 65000
neighbor 192.168.35.5 send-community
neighbor 192.168.35.5 maximum-routes 12000
neighbor 192.168.36.6 remote-as 65000
neighbor 192.168.36.6 send-community
neighbor 192.168.36.6 maximum-routes 12000
!
vlan 78
rd 10.3.3.3:9078
route-target both 9078:9078
redistribute learned
!
address-family evpn
neighbor 192.168.35.5 activate
neighbor 192.168.36.6 activate
!
address-family ipv4
network 10.3.3.3/32
network 10.34.34.34/32
!
end
leaf04
! Command: show running-config
! device: leaf04 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname leaf04
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$9S0BfO0AdilA2Hi6$.Faho8IMxokJDTGTu9oVEGLgMJKxilgpKbTV/7/DlhIVaHOqbBuftfq3el/hszBaPHVh9lEn7tJaMGp/eK.Zc.
!
vlan 34,78
!
vrf instance CONSOLE
!
interface Port-Channel4
switchport mode trunk
mlag 4
!
interface Ethernet1
no switchport
ip address 192.168.45.4/24
!
interface Ethernet2
no switchport
ip address 192.168.46.4/24
!
interface Ethernet3
switchport mode trunk
!
interface Ethernet4
switchport mode trunk
channel-group 4 mode on
!
interface Loopback0
ip address 10.4.4.4/32
!
interface Loopback10
ip address 10.34.34.34/32
!
interface Management1
vrf CONSOLE
ip address 192.168.1.44/24
!
interface Vlan34
ip address 192.168.34.4/24
!
interface Vxlan1
vxlan source-interface Loopback10
vxlan udp-port 4789
vxlan vlan 78 vni 9078
!
ip routing
ip routing vrf CONSOLE
!
mlag configuration
domain-id domain34
local-interface Vlan34
peer-address 192.168.34.3
peer-link Ethernet3
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
router-id 10.4.4.4
timers bgp 10 30
maximum-paths 8 ecmp 16
neighbor 192.168.45.5 remote-as 65000
neighbor 192.168.45.5 send-community
neighbor 192.168.45.5 maximum-routes 12000
neighbor 192.168.46.6 remote-as 65000
neighbor 192.168.46.6 send-community
neighbor 192.168.46.6 maximum-routes 12000
!
vlan 78
rd 10.4.4.4:9078
route-target both 9078:9078
redistribute learned
!
address-family evpn
neighbor 192.168.45.5 activate
neighbor 192.168.46.6 activate
!
address-family ipv4
network 10.4.4.4/32
network 10.34.34.34/32
!
end
spine05
! Command: show running-config
! device: spine05 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname spine05
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$XFkOMPhEDNS1wWd4$Oe2lPKNVkMayb9d9CBNV8HRXqEkrWJd0zZMQvRYnZKkgiQXD/Asur3Fa1GxKnl0RavkMT9.7GqgYTzjhNAG3L1
!
vrf instance CONSOLE
!
interface Ethernet1
no switchport
ip address 192.168.15.5/24
!
interface Ethernet2
no switchport
ip address 192.168.25.5/24
!
interface Ethernet3
no switchport
ip address 192.168.35.5/24
!
interface Ethernet4
no switchport
ip address 192.168.45.5/24
!
interface Loopback0
ip address 10.5.5.5/32
!
interface Management1
vrf CONSOLE
ip address 192.168.1.45/24
!
ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
timers bgp 10 30
maximum-paths 8 ecmp 16
neighbor 192.168.15.1 remote-as 65000
neighbor 192.168.15.1 route-reflector-client
neighbor 192.168.15.1 send-community
neighbor 192.168.15.1 maximum-routes 12000
neighbor 192.168.25.2 remote-as 65000
neighbor 192.168.25.2 route-reflector-client
neighbor 192.168.25.2 send-community
neighbor 192.168.25.2 maximum-routes 12000
neighbor 192.168.35.3 remote-as 65000
neighbor 192.168.35.3 route-reflector-client
neighbor 192.168.35.3 send-community
neighbor 192.168.35.3 maximum-routes 12000
neighbor 192.168.45.4 remote-as 65000
neighbor 192.168.45.4 route-reflector-client
neighbor 192.168.45.4 send-community
neighbor 192.168.45.4 maximum-routes 12000
!
address-family evpn
neighbor 192.168.15.1 activate
neighbor 192.168.25.2 activate
neighbor 192.168.35.3 activate
neighbor 192.168.45.4 activate
!
address-family ipv4
network 10.5.5.5/32
network 192.168.15.0/24
network 192.168.25.0/24
network 192.168.35.0/24
network 192.168.45.0/24
!
end
spine06
! Command: show running-config
! device: spine06 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model multi-agent
!
hostname spine06
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$Oix6CIRpKHv7i8QG$pALu/2M0G83aGnlUS6xphzUQEJLdR/0ph75.n0JGq0.lKrC/mmvqC6gn8FnO0FTH4lI7KHUiMU2q/jwo.4uC4/
!
vrf instance CONSOLE
!
interface Ethernet1
no switchport
ip address 192.168.16.6/24
!
interface Ethernet2
no switchport
ip address 192.168.26.6/24
!
interface Ethernet3
no switchport
ip address 192.168.36.6/24
!
interface Ethernet4
no switchport
ip address 192.168.46.6/24
!
interface Loopback0
ip address 10.6.6.6/32
!
interface Management1
vrf CONSOLE
ip address 192.168.1.46/24
!
ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
timers bgp 10 30
maximum-paths 8 ecmp 16
neighbor 192.168.16.1 remote-as 65000
neighbor 192.168.16.1 route-reflector-client
neighbor 192.168.16.1 send-community
neighbor 192.168.16.1 maximum-routes 12000
neighbor 192.168.26.2 remote-as 65000
neighbor 192.168.26.2 route-reflector-client
neighbor 192.168.26.2 send-community
neighbor 192.168.26.2 maximum-routes 12000
neighbor 192.168.36.3 remote-as 65000
neighbor 192.168.36.3 route-reflector-client
neighbor 192.168.36.3 send-community
neighbor 192.168.36.3 maximum-routes 12000
neighbor 192.168.46.4 remote-as 65000
neighbor 192.168.46.4 route-reflector-client
neighbor 192.168.46.4 send-community
neighbor 192.168.46.4 maximum-routes 12000
!
address-family evpn
neighbor 192.168.16.1 activate
neighbor 192.168.26.2 activate
neighbor 192.168.36.3 activate
neighbor 192.168.46.4 activate
!
address-family ipv4
network 10.6.6.6/32
network 192.168.16.0/24
network 192.168.26.0/24
network 192.168.36.0/24
network 192.168.46.0/24
!
end
host07
! Command: show running-config
! device: host07 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host07
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$CVT.SBFewBoztbg4$Lt8hkoSUwYeQLpgs0i86cxyW2H9B5QPin0BEQ6D1sPhOZCaZKS1V9IZGDFYNyXCxt9axpDjhd3ziFwFpJnzSN1
!
vlan 78
!
vrf instance CONSOLE
!
interface Port-Channel12
switchport mode trunk
!
interface Ethernet1
switchport mode trunk
channel-group 12 mode on
!
interface Ethernet2
switchport mode trunk
channel-group 12 mode on
!
interface Management1
vrf CONSOLE
ip address 192.168.1.47/24
!
interface Vlan78
ip address 192.168.78.70/24
ip address 192.168.78.71/24 secondary
ip address 192.168.78.72/24 secondary
ip address 192.168.78.73/24 secondary
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end
host08
! Command: show running-config
! device: host08 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host08
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$Q0YNQvuLCDXy5o.A$fxTIZUs7UEjcM18CphWxwXddcAzMn43.FOTaGMR9uB.56r0Iv.xIHGlwaHDSmDApgDWmUKh7crSxMOxhL7z1H/
!
vlan 78
!
vrf instance CONSOLE
!
interface Port-Channel12
switchport mode trunk
!
interface Ethernet1
switchport mode trunk
channel-group 12 mode on
!
interface Ethernet2
switchport mode trunk
channel-group 12 mode on
!
interface Management1
vrf CONSOLE
ip address 192.168.1.48/24
!
interface Vlan78
ip address 192.168.78.80/24
ip address 192.168.78.81/24 secondary
ip address 192.168.78.82/24 secondary
ip address 192.168.78.83/24 secondary
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end
動作確認
正常系の確認
正常な状態ではleaf01のflood vtepの宛先は10.34.34.34になっています。
leaf01#show int vxlan 1
Vxlan1 is up, line protocol is up (connected)
Hardware is Vxlan
Source interface is Loopback10 and is active with 10.12.12.12
Replication/Flood Mode is headend with Flood List Source: EVPN
Remote MAC learning via EVPN
VNI mapping to VLANs
Static VLAN to VNI mapping is
[78, 9078]
Note: All Dynamic VLANs used by VCS are internal VLANs.
Use 'show vxlan vni' for details.
Static VRF to VNI mapping is not configured
Headend replication flood vtep list is:
78 10.34.34.34
MLAG Shared Router MAC is 0000.0000.0000
<h3>擬似障害の発生</h3>
leaf01のアップリンク2本に障害が発生した状態を再現します。
interface Ethernet1,2
shutdown
host07からhost08への疎通について考察すると、host07はleaf01かleaf02のいずれかに転送しますが、leaf01はflood vtepを認識していないため疎通不能になってしまいます。
アップリンクの障害によって、leaf01はvtep floodの宛先が認識できなくなった事を確認します。
leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
Hardware is Vxlan
Source interface is Loopback10 and is active with 10.12.12.12
Replication/Flood Mode is headend with Flood List Source: EVPN
Remote MAC learning via EVPN
VNI mapping to VLANs
Static VLAN to VNI mapping is
[78, 9078]
Note: All Dynamic VLANs used by VCS are internal VLANs.
Use 'show vxlan vni' for details.
Static VRF to VNI mapping is not configured
MLAG Shared Router MAC is 0000.0000.0000
leaf01#
また、flood vtepの宛先となる10.34.34.34への疎通ができない事を確認します。
leaf01#ping 10.34.34.34
connect: Network is unreachable
leaf01#
冗長化設定の投入
leaf01から10.34.34.34へ疎通可能になるよう設定します。BGP address-family ipv4とBGP address-family evpnの両者が疎通可能になるよう注意が必要です。
# leaf01
router bgp 65000
neighbor 192.168.12.2 remote-as 65000
neighbor 192.168.12.2 route-reflector-client
neighbor 192.168.12.2 send-community
!
address-family evpn
neighbor 192.168.12.2 activate
!
address-family ipv4
network 192.168.12.0/24
network 192.168.15.0/24
network 192.168.16.0/24
# leaf02
router bgp 65000
neighbor 192.168.12.1 remote-as 65000
neighbor 192.168.12.1 route-reflector-client
neighbor 192.168.12.1 send-community
!
address-family evpn
neighbor 192.168.12.1 activate
!
address-family ipv4
network 192.168.12.0/24
network 192.168.25.0/24
network 192.168.26.0/24
leaf01から10.34.34.34への疎通が可能になった事を確認します。
leaf01#show ip route bgp
VRF: default
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route, V - VXLAN Control Service,
DH - DHCP client installed default route, M - Martian,
DP - Dynamic Policy Route, L - VRF Leaked,
RC - Route Cache Route
B I 10.2.2.2/32 [200/0] via 192.168.12.2, Vlan12
B I 10.3.3.3/32 [200/0] via 192.168.12.2, Vlan12
B I 10.4.4.4/32 [200/0] via 192.168.12.2, Vlan12
B I 10.5.5.5/32 [200/0] via 192.168.12.2, Vlan12
B I 10.6.6.6/32 [200/0] via 192.168.12.2, Vlan12
B I 10.34.34.34/32 [200/0] via 192.168.12.2, Vlan12
B I 192.168.25.0/24 [200/0] via 192.168.12.2, Vlan12
B I 192.168.26.0/24 [200/0] via 192.168.12.2, Vlan12
B I 192.168.35.0/24 [200/0] via 192.168.12.2, Vlan12
B I 192.168.36.0/24 [200/0] via 192.168.12.2, Vlan12
B I 192.168.45.0/24 [200/0] via 192.168.12.2, Vlan12
B I 192.168.46.0/24 [200/0] via 192.168.12.2, Vlan12
leaf01#
leaf01#
leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
Hardware is Vxlan
Source interface is Loopback10 and is active with 10.12.12.12
Replication/Flood Mode is headend with Flood List Source: EVPN
Remote MAC learning via EVPN
VNI mapping to VLANs
Static VLAN to VNI mapping is
[78, 9078]
Note: All Dynamic VLANs used by VCS are internal VLANs.
Use 'show vxlan vni' for details.
Static VRF to VNI mapping is not configured
Headend replication flood vtep list is:
78 10.34.34.34
MLAG Shared Router MAC is 0000.0000.0000
leaf01#
leaf01#
leaf01#ping 10.34.34.34
PING 10.34.34.34 (10.34.34.34) 72(100) bytes of data.
80 bytes from 10.34.34.34: icmp_seq=1 ttl=62 time=7.93 ms
80 bytes from 10.34.34.34: icmp_seq=2 ttl=62 time=6.16 ms
80 bytes from 10.34.34.34: icmp_seq=3 ttl=62 time=7.08 ms
80 bytes from 10.34.34.34: icmp_seq=4 ttl=62 time=6.13 ms
80 bytes from 10.34.34.34: icmp_seq=5 ttl=62 time=6.63 ms
--- 10.34.34.34 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 31ms
rtt min/avg/max/mdev = 6.135/6.789/7.934/0.673 ms, ipg/ewma 7.798/7.344 ms
leaf01#
host07からhost08への疎通も問題ない事を確認します。
host07#ping 192.168.78.80
PING 192.168.78.80 (192.168.78.80) 72(100) bytes of data.
80 bytes from 192.168.78.80: icmp_seq=2 ttl=64 time=22.5 ms
80 bytes from 192.168.78.80: icmp_seq=3 ttl=64 time=18.1 ms
80 bytes from 192.168.78.80: icmp_seq=4 ttl=64 time=10.8 ms
80 bytes from 192.168.78.80: icmp_seq=5 ttl=64 time=18.6 ms
--- 192.168.78.80 ping statistics ---
5 packets transmitted, 4 received, 20% packet loss, time 66ms
rtt min/avg/max/mdev = 10.832/17.535/22.501/4.219 ms, pipe 2, ipg/ewma 16.696/20.328 ms
host07#
