Arista EOSにおける実践的なLayer3 EVPNとISPなどの外部ネットワークへ接続する方法を説明します。EVPN関連の検証シナリオの中で最も複雑な設定ですが、基本的に今まで紹介した技術要素の組み合わせですので、ひとつひとつ慎重に設定を追いかければ、充分構築可能なハズです。
- Arista vEOSの基本的な使い方
- Arista cEOSの基本的な使い方
- Arista cEOS docker-composeを使った操作例
- Arista cEOS docker-topoを使った操作例
- Arista EOSの基本操作 SSHログインが出来るようになるまで
- Arista EOS vxlanの設定紹介
- Arista EOS Layer2 EVPNの設定紹介
- Arista EOS Layer3 EVPNの設定紹介
- Arista EOS Layer3 EVPNとダイナミックルーティングの併用
- Arista EOS MLAGの設定方法
- Arista EOS 実践的なvxlan設定
- Arista EOS 実践的なLayer2 EVPN設定
- Arista EOS アップリンク二重障害の対応
- Arista EOS 実践的なLayer3 EVPN設定
- Arista EOS 実践的なEVPNとダイナミックルーティング併用例 (いまここ)
- Arista EOS ゼロタッチプロビジョニングの設定
構成図
以下の環境で動作確認を行います。
初期設定
アンダーレイのルーティングおよびMLAGの設定は完了している状態から動作確認を行います。
flood vtepの送信元となるLoopback10も設定済とします。
動作確認
ゲートウェイの設定
リーフスイッチ側にデフォルトゲートウェイとなるIPアドレスを付与します。
bondingの切り替わりやvMotionでサーバ側に移動があったとしても、サーバ側のARPテーブルに影響を与えないよう、デフォルトゲートウェイとなるIPアドレスに対応するMACアドレスを固定します。
# leaf01 vrf instance GATEWAY ip routing vrf GATEWAY vlan 70 interface Vlan70 vrf GATEWAY ip address 192.168.70.1/24 ip virtual-router address 192.168.70.254 ip virtual-router mac-address 00:00:00:00:00:0a # leaf02 vrf instance GATEWAY ip routing vrf GATEWAY vlan 70 interface Vlan70 vrf GATEWAY ip address 192.168.70.2/24 ip virtual-router address 192.168.70.254 ip virtual-router mac-address 00:00:00:00:00:0a # leaf03 vrf instance GATEWAY ip routing vrf GATEWAY interface Ethernet4 no switchport vrf GATEWAY ip address 192.168.80.3/24 # leaf04 vrf instance GATEWAY ip routing vrf GATEWAY interface Ethernet4 no switchport vrf GATEWAY ip address 192.168.90.4/24
host07等からデフォルトゲートウェイまでのpingが届く事を確認します。またMACアドレスがip virtual-router mac-addressで指定した値になっている事を確認します。
host07#ping 192.168.70.254 PING 192.168.70.254 (192.168.70.254) 72(100) bytes of data. 80 bytes from 192.168.70.254: icmp_seq=1 ttl=64 time=5.04 ms 80 bytes from 192.168.70.254: icmp_seq=2 ttl=64 time=3.17 ms 80 bytes from 192.168.70.254: icmp_seq=3 ttl=64 time=3.57 ms 80 bytes from 192.168.70.254: icmp_seq=4 ttl=64 time=3.09 ms 80 bytes from 192.168.70.254: icmp_seq=5 ttl=64 time=3.06 ms --- 192.168.70.254 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 19ms rtt min/avg/max/mdev = 3.060/3.591/5.047/0.751 ms, ipg/ewma 4.852/4.288 ms host07# host07# host07#show arp Address Age (sec) Hardware Addr Interface 192.168.70.254 0:00:18 0000.0000.000a Vlan70, Port-Channel12 host07#
VXLANの設定
リーフスイッチに対してvxlanの設定を行います。
# leaf01, leaf02 vlan 70 interface Vxlan1 vxlan source-interface Loopback10 vxlan vlan 70 vni 9070 vxlan vrf GATEWAY vni 9999 # leaf03, leaf04 interface Vxlan1 vxlan source-interface Loopback10 vxlan vrf GATEWAY vni 9999
インターフェースvxlanがup状態である事を確認します。この時点ではEVPN未設定のためflood vtepの宛先は認識していません。
leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
Hardware is Vxlan
Source interface is Loopback10 and is active with 10.12.12.12
Replication/Flood Mode is headend with Flood List Source: CLI
Remote MAC learning is disabled
VNI mapping to VLANs
Static VLAN to VNI mapping is
[70, 9070]
Dynamic VLAN to VNI mapping for 'evpn' is
[4094, 9999]
Note: All Dynamic VLANs used by VCS are internal VLANs.
Use 'show vxlan vni' for details.
Static VRF to VNI mapping is
[GATEWAY, 9999]
MLAG Shared Router MAC is 0000.0000.0000
leaf01#
EVPN
リーフ/スパイン間でEVPN neighborを確立します。EVPNを使用するにはservice routing protocols model multi-agentコマンドが必要であり、これの設定反映には再起動が必要です。
また、EVPNは拡張コミにティによって情報を伝搬しますので、send-communityも必要です。
# leaf01
service routing protocols model multi-agent
!
router bgp 65000
neighbor 192.168.15.5 send-community
neighbor 192.168.16.6 send-community
!
vlan 70
rd 10.1.1.1:9070
route-target both 99:9070
redistribute learned
!
vrf GATEWAY
rd 10.1.1.1:9999
route-target import evpn 99:9999
route-target export evpn 99:9999
redistribute connected
!
address-family evpn
neighbor 192.168.15.5 activate
neighbor 192.168.16.6 activate
# leaf02
service routing protocols model multi-agent
!
router bgp 65000
neighbor 192.168.25.5 send-community
neighbor 192.168.26.6 send-community
!
vlan 70
rd 10.2.2.2:9070
route-target both 99:9070
redistribute learned
!
vrf GATEWAY
rd 10.2.2.2:9999
route-target import evpn 99:9999
route-target export evpn 99:9999
redistribute connected
!
address-family evpn
neighbor 192.168.25.5 activate
neighbor 192.168.26.6 activate
# leaf03
service routing protocols model multi-agent
!
router bgp 65000
neighbor 192.168.35.5 send-community
neighbor 192.168.36.6 send-community
!
vrf GATEWAY
rd 10.3.3.3:9999
route-target import evpn 99:9999
route-target export evpn 99:9999
redistribute connected
!
address-family evpn
neighbor 192.168.35.5 activate
neighbor 192.168.36.6 activate
# leaf04
service routing protocols model multi-agent
!
router bgp 65000
neighbor 192.168.45.5 send-community
neighbor 192.168.46.6 send-community
!
vlan 78
rd 10.4.4.4:9078
route-target both 99:9078
redistribute learned
!
vlan 80
rd 10.4.4.4:9080
route-target both 99:9080
redistribute learned
!
vrf GATEWAY
rd 10.4.4.4:9999
route-target import evpn 99:9999
route-target export evpn 99:9999
redistribute connected
!
address-family evpn
neighbor 192.168.45.5 activate
neighbor 192.168.46.6 activate
# spine05
service routing protocols model multi-agent
!
router bgp 65000
neighbor 192.168.15.1 send-community
neighbor 192.168.25.2 send-community
neighbor 192.168.35.3 send-community
neighbor 192.168.45.4 send-community
!
address-family evpn
neighbor 192.168.15.1 activate
neighbor 192.168.25.2 activate
neighbor 192.168.35.3 activate
neighbor 192.168.45.4 activate
# spine06
service routing protocols model multi-agent
!
router bgp 65000
neighbor 192.168.16.1 send-community
neighbor 192.168.26.2 send-community
neighbor 192.168.36.3 send-community
neighbor 192.168.46.4 send-community
!
address-family evpn
neighbor 192.168.16.1 activate
neighbor 192.168.26.2 activate
neighbor 192.168.36.3 activate
neighbor 192.168.46.4 activate
BGP address-family evpn neighborが確立された事を確認します。
leaf01#show bgp evpn summary BGP summary information for VRF default Router identifier 10.1.1.1, local AS number 65000 Neighbor Status Codes: m - Under maintenance Neighbor V AS MsgRcvd MsgSent InQ OutQ Up/Down State PfxRcd PfxAcc 192.168.15.5 4 65000 71 65 0 0 00:07:38 Estab 5 5 192.168.16.6 4 65000 66 66 0 0 00:07:38 Estab 5 5 leaf01#
互いに経路を交換している事を確認します。
leaf01#show ip route vrf GATEWAY
VRF: GATEWAY
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route, V - VXLAN Control Service,
DH - DHCP client installed default route, M - Martian,
DP - Dynamic Policy Route, L - VRF Leaked,
RC - Route Cache Route
Gateway of last resort is not set
C 192.168.70.0/24 is directly connected, Vlan70
B I 192.168.80.0/24 [200/0] via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:9e:a4:3a
B I 192.168.90.0/24 [200/0] via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:cd:d9:6d
leaf01#
このシナリオではvlanをvxlanに変換して、リース/スパイン間をLayer2で接続する通信経路はないので、flood vtepの宛先は表示されません。
leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
Hardware is Vxlan
Source interface is Loopback10 and is active with 10.12.12.12
Replication/Flood Mode is headend with Flood List Source: EVPN
Remote MAC learning via EVPN
VNI mapping to VLANs
Static VLAN to VNI mapping is
[70, 9070]
Dynamic VLAN to VNI mapping for 'evpn' is
[1006, 9999]
Note: All Dynamic VLANs used by VCS are internal VLANs.
Use 'show vxlan vni' for details.
Static VRF to VNI mapping is
[GATEWAY, 9999]
MLAG Shared Router MAC is 0000.0000.0000
leaf01#
ISPとの接続部分の設定
ISPとOSPFで接続する設定例について考察します。ISPとリーフスイッチの間でOSPF neighborを確立します。
# leaf03 router ospf 1 vrf GATEWAY network 192.168.80.0/24 area 0.0.0.0 # leaf04 router ospf 1 vrf GATEWAY network 192.168.90.0/24 area 0.0.0.0 # isp08 router ospf 1 network 192.168.80.0/24 area 0.0.0.0 network 192.168.89.0/24 area 0.0.0.0 # isp09 router ospf 1 network 192.168.89.0/24 area 0.0.0.0 network 192.168.90.0/24 area 0.0.0.0
リーフスイッチがISPの経路情報を受信しルーティングテーブルに載せている事を確認します。
leaf03#show ip route vrf GATEWAY ospf
VRF: GATEWAY
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route, V - VXLAN Control Service,
DH - DHCP client installed default route, M - Martian,
DP - Dynamic Policy Route, L - VRF Leaked,
RC - Route Cache Route
O 192.168.89.0/24 [110/20] via 192.168.80.8, Ethernet4
O 192.168.90.0/24 [110/30] via 192.168.80.8, Ethernet4
leaf03#
leaf03, leaf04でOSPF,BGP間で再配送を設定します。
# leaf03, leaf04
router ospf 1 vrf GATEWAY
redistribute bgp
!
router bgp 65000
vrf GATEWAY
redistribute ospf
再配送によって互いに通信経路を交換できている事を確認します。
leaf01#show ip route vrf GATEWAY 192.168.89.0
VRF: GATEWAY
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route, V - VXLAN Control Service,
DH - DHCP client installed default route, M - Martian,
DP - Dynamic Policy Route, L - VRF Leaked,
RC - Route Cache Route
B I 192.168.89.0/24 [200/0] via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:cd:d9:6d
via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:9e:a4:3a
leaf01#
isp08#show ip route
VRF: default
Codes: C - connected, S - static, K - kernel,
O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
NG - Nexthop Group Static Route, V - VXLAN Control Service,
DH - DHCP client installed default route, M - Martian,
DP - Dynamic Policy Route, L - VRF Leaked,
RC - Route Cache Route
Gateway of last resort is not set
O E2 192.168.70.0/24 [110/1] via 192.168.80.3, Ethernet1
C 192.168.80.0/24 is directly connected, Ethernet1
C 192.168.89.0/24 is directly connected, Ethernet2
O 192.168.90.0/24 [110/20] via 192.168.89.9, Ethernet2
isp08#
疎通
host07とisp08,isp09の間で互いに疎通可能である事を確認します。
host07#ping 192.168.89.8 PING 192.168.89.8 (192.168.89.8) 72(100) bytes of data. 80 bytes from 192.168.89.8: icmp_seq=1 ttl=61 time=15.1 ms 80 bytes from 192.168.89.8: icmp_seq=2 ttl=61 time=13.7 ms 80 bytes from 192.168.89.8: icmp_seq=3 ttl=61 time=12.9 ms 80 bytes from 192.168.89.8: icmp_seq=4 ttl=61 time=11.2 ms 80 bytes from 192.168.89.8: icmp_seq=5 ttl=61 time=11.4 ms --- 192.168.89.8 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 55ms rtt min/avg/max/mdev = 11.291/12.917/15.148/1.438 ms, pipe 2, ipg/ewma 13.800/13.938 ms host07#ping 192.168.89.9 PING 192.168.89.9 (192.168.89.9) 72(100) bytes of data. 80 bytes from 192.168.89.9: icmp_seq=1 ttl=62 time=14.6 ms 80 bytes from 192.168.89.9: icmp_seq=2 ttl=62 time=15.8 ms 80 bytes from 192.168.89.9: icmp_seq=3 ttl=62 time=15.5 ms 80 bytes from 192.168.89.9: icmp_seq=4 ttl=62 time=17.2 ms 80 bytes from 192.168.89.9: icmp_seq=5 ttl=62 time=17.2 ms --- 192.168.89.9 ping statistics --- 5 packets transmitted, 5 received, 0% packet loss, time 58ms rtt min/avg/max/mdev = 14.622/16.115/17.293/1.028 ms, pipe 2, ipg/ewma 14.673/15.434 ms host07#
MACアドレス等の情報を互いに学習している事を確認します。
leaf01#show vxlan address-table
Vxlan Mac Address Table
----------------------------------------------------------------------
VLAN Mac Address Type Prt VTEP Moves Last Move
---- ----------- ---- --- ---- ----- ---------
1006 0050.569e.a43a EVPN Vx1 10.34.34.34 1 0:17:53 ago
1006 0050.56cd.d96d EVPN Vx1 10.34.34.34 1 0:17:53 ago
Total Remote Mac Addresses for this criterion: 2
leaf01#
leaf01#
leaf01#show bgp evpn
BGP routing table information for VRF default
Router identifier 10.1.1.1, local AS number 65000
Route status codes: s - suppressed, * - valid, > - active, E - ECMP head, e - ECMP
S - Stale, c - Contributing to ECMP, b - backup
% - Pending BGP convergence
Origin codes: i - IGP, e - EGP, ? - incomplete
AS Path Attributes: Or-ID - Originator ID, C-LST - Cluster List, LL Nexthop - Link Local Nexthop
Network Next Hop Metric LocPref Weight Path
* > RD: 10.1.1.1:9070 mac-ip 0050.56ea.fea3
- - - 0 i
RD: 10.2.2.2:9070 mac-ip 0050.56ea.fea3
10.12.12.12 - 100 0 i Or-ID: 10.2.2.2 C-LST: 10.5.5.5
RD: 10.2.2.2:9070 mac-ip 0050.56ea.fea3
10.12.12.12 - 100 0 i Or-ID: 10.2.2.2 C-LST: 10.6.6.6
* > RD: 10.1.1.1:9070 mac-ip 0050.56ea.fea3 192.168.70.7
- - - 0 i
* > RD: 10.1.1.1:9070 imet 10.12.12.12
- - - 0 i
RD: 10.2.2.2:9070 imet 10.12.12.12
10.12.12.12 - 100 0 i Or-ID: 10.2.2.2 C-LST: 10.5.5.5
RD: 10.2.2.2:9070 imet 10.12.12.12
10.12.12.12 - 100 0 i Or-ID: 10.2.2.2 C-LST: 10.6.6.6
* > RD: 10.1.1.1:9999 ip-prefix 192.168.70.0/24
- - - 0 i
RD: 10.2.2.2:9999 ip-prefix 192.168.70.0/24
10.12.12.12 - 100 0 i Or-ID: 10.2.2.2 C-LST: 10.5.5.5
RD: 10.2.2.2:9999 ip-prefix 192.168.70.0/24
10.12.12.12 - 100 0 i Or-ID: 10.2.2.2 C-LST: 10.6.6.6
* >Ec RD: 10.3.3.3:9999 ip-prefix 192.168.80.0/24
10.34.34.34 - 100 0 i Or-ID: 10.3.3.3 C-LST: 10.6.6.6
* ec RD: 10.3.3.3:9999 ip-prefix 192.168.80.0/24
10.34.34.34 - 100 0 i Or-ID: 10.3.3.3 C-LST: 10.5.5.5
* >Ec RD: 10.4.4.4:9999 ip-prefix 192.168.80.0/24
10.34.34.34 - 100 0 i Or-ID: 10.4.4.4 C-LST: 10.5.5.5
* ec RD: 10.4.4.4:9999 ip-prefix 192.168.80.0/24
10.34.34.34 - 100 0 i Or-ID: 10.4.4.4 C-LST: 10.6.6.6
* >Ec RD: 10.3.3.3:9999 ip-prefix 192.168.89.0/24
10.34.34.34 - 100 0 i Or-ID: 10.3.3.3 C-LST: 10.6.6.6
* ec RD: 10.3.3.3:9999 ip-prefix 192.168.89.0/24
10.34.34.34 - 100 0 i Or-ID: 10.3.3.3 C-LST: 10.5.5.5
* >Ec RD: 10.4.4.4:9999 ip-prefix 192.168.89.0/24
10.34.34.34 - 100 0 i Or-ID: 10.4.4.4 C-LST: 10.5.5.5
* ec RD: 10.4.4.4:9999 ip-prefix 192.168.89.0/24
10.34.34.34 - 100 0 i Or-ID: 10.4.4.4 C-LST: 10.6.6.6
* >Ec RD: 10.3.3.3:9999 ip-prefix 192.168.90.0/24
10.34.34.34 - 100 0 i Or-ID: 10.3.3.3 C-LST: 10.6.6.6
* ec RD: 10.3.3.3:9999 ip-prefix 192.168.90.0/24
10.34.34.34 - 100 0 i Or-ID: 10.3.3.3 C-LST: 10.5.5.5
* >Ec RD: 10.4.4.4:9999 ip-prefix 192.168.90.0/24
10.34.34.34 - 100 0 i Or-ID: 10.4.4.4 C-LST: 10.6.6.6
* ec RD: 10.4.4.4:9999 ip-prefix 192.168.90.0/24
10.34.34.34 - 100 0 i Or-ID: 10.4.4.4 C-LST: 10.5.5.5
leaf01#
