Arista EOS 実践的なLayer3 EVPN設定 – 自宅で体験できるファブリックネットワーク

Arista EOSにおける実践的なLayer3 EVPNの設定を紹介します。冗長性かつActive/Active構成にするにはMLAGとVXLANを併用する必要があります。この構成を採用するためには、MLAGピア同士でIPアドレスを重複させたLoopbackアドレスを持たせる必要があります。

• Arista vEOSの基本的な使い方
• Arista cEOSの基本的な使い方
• Arista cEOS docker-composeを使った操作例
• Arista cEOS docker-topoを使った操作例
• Arista EOSの基本操作 SSHログインが出来るようになるまで
• Arista EOS vxlanの設定紹介
• Arista EOS Layer2 EVPNの設定紹介
• Arista EOS Layer3 EVPNの設定紹介
• Arista EOS Layer3 EVPNとダイナミックルーティングの併用
• Arista EOS MLAGの設定方法
• Arista EOS 実践的なvxlan設定
• Arista EOS 実践的なLayer2 EVPN設定
• Arista EOS アップリンク二重障害の対応
• Arista EOS 実践的なLayer3 EVPN設定 (いまここ)
• Arista EOS 実践的なEVPNとダイナミックルーティング併用例
• Arista EOS ゼロタッチプロビジョニングの設定

構成図

以下の環境で動作確認を行います。

初期設定

アンダーレイのルーティングおよびMLAGの設定は完了している状態から動作確認を行います。

flood vtepの送信元となるLoopback10も設定済とします。

! Command: show running-config
! device: leaf01 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf01
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$DY3Y0gCzGUIW6tJw$nwRBX5nN1rhpD/XBNRJPg8w24AcWPIdP.6zXysf6xGB5jEdSE0VDkFm9vw4OA8Kjg92E8F/IWlZG2ykyeGwl/0
!
vlan 12
!
vrf instance CONSOLE
!
interface Port-Channel4
   switchport mode trunk
   mlag 4
!
interface Ethernet1
   no switchport
   ip address 192.168.15.1/24
!
interface Ethernet2
   no switchport
   ip address 192.168.16.1/24
!
interface Ethernet3
   switchport mode trunk
!
interface Ethernet4
   switchport mode trunk
   channel-group 4 mode on
!
interface Loopback0
   ip address 10.1.1.1/32
!
interface Loopback10
   ip address 10.12.12.12/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.41/24
!
interface Vlan12
   ip address 192.168.12.1/24
!
ip routing
ip routing vrf CONSOLE
!
mlag configuration
   domain-id domain12
   local-interface Vlan12
   peer-address 192.168.12.2
   peer-link Ethernet3
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
   router-id 10.1.1.1
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.15.5 remote-as 65000
   neighbor 192.168.15.5 maximum-routes 12000
   neighbor 192.168.16.6 remote-as 65000
   neighbor 192.168.16.6 maximum-routes 12000
   network 10.1.1.1/32
   network 10.12.12.12/32
!
end

! Command: show running-config
! device: leaf02 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf02
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$9JQ5M00Xnj2AqWvA$JyN3mfa1nwjGDEvIqHsOuBH3qvT9gyhxjjHFEm..gN31rjrsNYsQygNBTQnP7LKzwNUsQp7gJdJePjiEG4RBv/
!
vlan 12
!
vrf instance CONSOLE
!
interface Port-Channel4
   switchport mode trunk
   mlag 4
!
interface Ethernet1
   no switchport
   ip address 192.168.25.2/24
!
interface Ethernet2
   no switchport
   ip address 192.168.26.2/24
!
interface Ethernet3
   switchport mode trunk
!
interface Ethernet4
   switchport mode trunk
   channel-group 4 mode on
!
interface Loopback0
   ip address 10.2.2.2/32
!
interface Loopback10
   ip address 10.12.12.12/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.42/24
!
interface Vlan12
   ip address 192.168.12.2/24
!
ip routing
ip routing vrf CONSOLE
!
mlag configuration
   domain-id domain12
   local-interface Vlan12
   peer-address 192.168.12.1
   peer-link Ethernet3
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
   router-id 10.2.2.2
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.25.5 remote-as 65000
   neighbor 192.168.25.5 maximum-routes 12000
   neighbor 192.168.26.6 remote-as 65000
   neighbor 192.168.26.6 maximum-routes 12000
   network 10.2.2.2/32
   network 10.12.12.12/32
!
end

! Command: show running-config
! device: leaf03 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf03
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$TGVrvmoc9sf9EJQn$TEUpiD7T.OzdOWCnT4os043XKrmLnORhQVTllouCnYVcTvD.CWMgDjeuGOVJmgfOYPQiSIv84s6c7LQVr.BxG1
!
vlan 34
!
vrf instance CONSOLE
!
interface Port-Channel4
   switchport mode trunk
   mlag 4
!
interface Ethernet1
   no switchport
   ip address 192.168.35.3/24
!
interface Ethernet2
   no switchport
   ip address 192.168.36.3/24
!
interface Ethernet3
   switchport mode trunk
!
interface Ethernet4
   switchport mode trunk
   channel-group 4 mode on
!
interface Loopback0
   ip address 10.3.3.3/32
!
interface Loopback10
   ip address 10.34.34.34/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.43/24
!
interface Vlan34
   ip address 192.168.34.3/24
!
ip routing
ip routing vrf CONSOLE
!
mlag configuration
   domain-id domain34
   local-interface Vlan34
   peer-address 192.168.34.4
   peer-link Ethernet3
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
   router-id 10.3.3.3
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.35.5 remote-as 65000
   neighbor 192.168.35.5 maximum-routes 12000
   neighbor 192.168.36.6 remote-as 65000
   neighbor 192.168.36.6 maximum-routes 12000
   network 10.3.3.3/32
   network 10.34.34.34/32
!
end

! Command: show running-config
! device: leaf04 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf04
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$9S0BfO0AdilA2Hi6$.Faho8IMxokJDTGTu9oVEGLgMJKxilgpKbTV/7/DlhIVaHOqbBuftfq3el/hszBaPHVh9lEn7tJaMGp/eK.Zc.
!
vlan 34
!
vrf instance CONSOLE
!
interface Port-Channel4
   switchport mode trunk
   mlag 4
!
interface Ethernet1
   no switchport
   ip address 192.168.45.4/24
!
interface Ethernet2
   no switchport
   ip address 192.168.46.4/24
!
interface Ethernet3
   switchport mode trunk
!
interface Ethernet4
   switchport mode trunk
   channel-group 4 mode on
!
interface Loopback0
   ip address 10.4.4.4/32
!
interface Loopback10
   ip address 10.34.34.34/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.44/24
!
interface Vlan34
   ip address 192.168.34.4/24
!
ip routing
ip routing vrf CONSOLE
!
mlag configuration
   domain-id domain34
   local-interface Vlan34
   peer-address 192.168.34.3
   peer-link Ethernet3
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
   router-id 10.4.4.4
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.45.5 remote-as 65000
   neighbor 192.168.45.5 maximum-routes 12000
   neighbor 192.168.46.6 remote-as 65000
   neighbor 192.168.46.6 maximum-routes 12000
   network 10.4.4.4/32
   network 10.34.34.34/32
!
end

! Command: show running-config
! device: spine05 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname spine05
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$XFkOMPhEDNS1wWd4$Oe2lPKNVkMayb9d9CBNV8HRXqEkrWJd0zZMQvRYnZKkgiQXD/Asur3Fa1GxKnl0RavkMT9.7GqgYTzjhNAG3L1
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.15.5/24
!
interface Ethernet2
   no switchport
   ip address 192.168.25.5/24
!
interface Ethernet3
   no switchport
   ip address 192.168.35.5/24
!
interface Ethernet4
   no switchport
   ip address 192.168.45.5/24
!
interface Loopback0
   ip address 10.5.5.5/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.45/24
!
ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.15.1 remote-as 65000
   neighbor 192.168.15.1 route-reflector-client
   neighbor 192.168.15.1 maximum-routes 12000
   neighbor 192.168.25.2 remote-as 65000
   neighbor 192.168.25.2 route-reflector-client
   neighbor 192.168.25.2 maximum-routes 12000
   neighbor 192.168.35.3 remote-as 65000
   neighbor 192.168.35.3 route-reflector-client
   neighbor 192.168.35.3 maximum-routes 12000
   neighbor 192.168.45.4 remote-as 65000
   neighbor 192.168.45.4 route-reflector-client
   neighbor 192.168.45.4 maximum-routes 12000
   network 10.5.5.5/32
   network 192.168.15.0/24
   network 192.168.25.0/24
   network 192.168.35.0/24
   network 192.168.45.0/24
!
end

! Command: show running-config
! device: spine06 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname spine06
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$Oix6CIRpKHv7i8QG$pALu/2M0G83aGnlUS6xphzUQEJLdR/0ph75.n0JGq0.lKrC/mmvqC6gn8FnO0FTH4lI7KHUiMU2q/jwo.4uC4/
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.16.6/24
!
interface Ethernet2
   no switchport
   ip address 192.168.26.6/24
!
interface Ethernet3
   no switchport
   ip address 192.168.36.6/24
!
interface Ethernet4
   no switchport
   ip address 192.168.46.6/24
!
interface Loopback0
   ip address 10.6.6.6/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.46/24
!
ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
router bgp 65000
   timers bgp 10 30
   maximum-paths 8 ecmp 16
   neighbor 192.168.16.1 remote-as 65000
   neighbor 192.168.16.1 route-reflector-client
   neighbor 192.168.16.1 maximum-routes 12000
   neighbor 192.168.26.2 remote-as 65000
   neighbor 192.168.26.2 route-reflector-client
   neighbor 192.168.26.2 maximum-routes 12000
   neighbor 192.168.36.3 remote-as 65000
   neighbor 192.168.36.3 route-reflector-client
   neighbor 192.168.36.3 maximum-routes 12000
   neighbor 192.168.46.4 remote-as 65000
   neighbor 192.168.46.4 route-reflector-client
   neighbor 192.168.46.4 maximum-routes 12000
   network 10.6.6.6/32
   network 192.168.16.0/24
   network 192.168.26.0/24
   network 192.168.36.0/24
   network 192.168.46.0/24
!
end

! Command: show running-config
! device: host07 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host07
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$CVT.SBFewBoztbg4$Lt8hkoSUwYeQLpgs0i86cxyW2H9B5QPin0BEQ6D1sPhOZCaZKS1V9IZGDFYNyXCxt9axpDjhd3ziFwFpJnzSN1
!
vlan 70,78
!
vrf instance CONSOLE
!
vrf instance vrf70
!
vrf instance vrf78
!
interface Port-Channel12
   switchport mode trunk
!
interface Ethernet1
   switchport mode trunk
   channel-group 12 mode on
!
interface Ethernet2
   switchport mode trunk
   channel-group 12 mode on
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.47/24
!
interface Vlan70
   vrf vrf70
   ip address 192.168.70.7/24
!
interface Vlan78
   vrf vrf78
   ip address 192.168.78.7/24
!
no ip routing
ip routing vrf CONSOLE
ip routing vrf vrf70
ip routing vrf vrf78
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
ip route vrf vrf70 0.0.0.0/0 192.168.70.254
ip route vrf vrf78 0.0.0.0/0 192.168.78.254
!
end

! Command: show running-config
! device: host08 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host08
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$Q0YNQvuLCDXy5o.A$fxTIZUs7UEjcM18CphWxwXddcAzMn43.FOTaGMR9uB.56r0Iv.xIHGlwaHDSmDApgDWmUKh7crSxMOxhL7z1H/
!
vlan 78,80
!
vrf instance CONSOLE
!
vrf instance vrf78
!
vrf instance vrf80
!
interface Port-Channel12
   switchport mode trunk
!
interface Ethernet1
   switchport mode trunk
   channel-group 12 mode on
!
interface Ethernet2
   switchport mode trunk
   channel-group 12 mode on
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.48/24
!
interface Vlan78
   vrf vrf78
   ip address 192.168.78.8/24
!
interface Vlan80
   vrf vrf80
   ip address 192.168.80.8/24
!
no ip routing
ip routing vrf CONSOLE
ip routing vrf vrf78
ip routing vrf vrf80
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
ip route vrf vrf78 0.0.0.0/0 192.168.78.254
ip route vrf vrf80 0.0.0.0/0 192.168.80.254
!
end

動作確認

ゲートウェイの設定

リーフスイッチ側にデフォルトゲートウェイとなるIPアドレスを付与します。

bondingの切り替わりやvMotionでサーバ側に移動があったとしても、サーバ側のARPテーブルに影響を与えないよう、デフォルトゲートウェイとなるIPアドレスに対応するMACアドレスを固定します。

# leaf01
vrf instance GATEWAY
ip routing vrf GATEWAY
vlan 70,78
interface Vlan70
   vrf GATEWAY 
   ip address 192.168.70.1/24
   ip virtual-router address 192.168.70.254
interface Vlan78
   vrf GATEWAY 
   ip address 192.168.78.1/24
   ip virtual-router address 192.168.78.254
ip virtual-router mac-address 00:00:00:00:00:0a

# leaf02
vrf instance GATEWAY
ip routing vrf GATEWAY
vlan 70,78
interface Vlan70
   vrf GATEWAY 
   ip address 192.168.70.2/24
   ip virtual-router address 192.168.70.254
interface Vlan78
   vrf GATEWAY 
   ip address 192.168.78.2/24
   ip virtual-router address 192.168.78.254
ip virtual-router mac-address 00:00:00:00:00:0a

# leaf03
vrf instance GATEWAY
ip routing vrf GATEWAY
vlan 78,80
interface Vlan78
   vrf GATEWAY 
   ip address 192.168.78.3/24
   ip virtual-router address 192.168.78.254
interface Vlan80
   vrf GATEWAY 
   ip address 192.168.80.3/24
   ip virtual-router address 192.168.80.254
ip virtual-router mac-address 00:00:00:00:00:0a

# leaf04
vrf instance GATEWAY
ip routing vrf GATEWAY
vlan 78,80
interface Vlan78
   vrf GATEWAY 
   ip address 192.168.78.4/24
   ip virtual-router address 192.168.78.254
interface Vlan80
   vrf GATEWAY 
   ip address 192.168.80.4/24
   ip virtual-router address 192.168.80.254
ip virtual-router mac-address 00:00:00:00:00:0a

host07, host08等からデフォルトゲートウェイまでのpingが届く事を確認します。またMACアドレスがip virtual-router mac-addressで指定した値になっている事を確認します。

host08#ping vrf vrf80 192.168.80.254
PING 192.168.80.254 (192.168.80.254) 72(100) bytes of data.
80 bytes from 192.168.80.254: icmp_seq=1 ttl=64 time=16.3 ms
80 bytes from 192.168.80.254: icmp_seq=2 ttl=64 time=9.91 ms
80 bytes from 192.168.80.254: icmp_seq=3 ttl=64 time=3.80 ms
80 bytes from 192.168.80.254: icmp_seq=4 ttl=64 time=3.40 ms
80 bytes from 192.168.80.254: icmp_seq=5 ttl=64 time=3.40 ms

--- 192.168.80.254 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 54ms
rtt min/avg/max/mdev = 3.404/7.368/16.314/5.111 ms, pipe 2, ipg/ewma 13.672/11.555 ms
host08#
host08#
host08#show arp vrf vrf80
Address         Age (sec)  Hardware Addr   Interface
192.168.80.4          N/A  0050.56cd.d96d  Vlan80, Port-Channel12
192.168.80.254        N/A  0000.0000.000a  Vlan80, Port-Channel12
host08#

VXLANの設定

リーフスイッチに対してvxlanの設定を行います。

# leaf01, leaf02
vlan 70,78
interface Vxlan1
   vxlan source-interface Loopback10
   vxlan vlan 70 vni 9070
   vxlan vlan 78 vni 9078
   vxlan vrf GATEWAY vni 9999

# leaf03, leaf04
vlan 78,80
interface Vxlan1
   vxlan source-interface Loopback10
   vxlan vlan 78 vni 9078
   vxlan vlan 80 vni 9080
   vxlan vrf GATEWAY vni 9999

インターフェースvxlanがup状態である事を確認します。この時点ではEVPN未設定のためflood vtepの宛先は認識していません。

leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
  Hardware is Vxlan
  Source interface is Loopback10 and is active with 10.12.12.12
  Replication/Flood Mode is headend with Flood List Source: CLI
  Remote MAC learning is disabled
  VNI mapping to VLANs
  Static VLAN to VNI mapping is 
    [70, 9070]        [78, 9078]       
  Dynamic VLAN to VNI mapping for 'evpn' is
    [4094, 9999]     
  Note: All Dynamic VLANs used by VCS are internal VLANs.
        Use 'show vxlan vni' for details.
  Static VRF to VNI mapping is 
   [GATEWAY, 9999]
  MLAG Shared Router MAC is 0000.0000.0000

EVPN

リーフ/スパイン間でEVPN neighborを確立します。EVPNを使用するにはservice routing protocols model multi-agentコマンドが必要であり、これの設定反映には再起動が必要です。

また、EVPNは拡張コミにティによって情報を伝搬しますので、send-communityも必要です。

# leaf01
service routing protocols model multi-agent
!
router bgp 65000
   neighbor 192.168.15.5 send-community
   neighbor 192.168.16.6 send-community
   !
   vlan 70
      rd 10.1.1.1:9070
      route-target both 99:9070
      redistribute learned
   !
   vlan 78
      rd 10.1.1.1:9078
      route-target both 99:9078
      redistribute learned
   !
   vrf GATEWAY
      rd 10.1.1.1:9999
      route-target import evpn 99:9999
      route-target export evpn 99:9999
      redistribute connected
   !
   address-family evpn
      neighbor 192.168.15.5 activate
      neighbor 192.168.16.6 activate

# leaf02
service routing protocols model multi-agent
!
router bgp 65000
   neighbor 192.168.25.5 send-community
   neighbor 192.168.26.6 send-community
   !
   vlan 70
      rd 10.2.2.2:9070
      route-target both 99:9070
      redistribute learned
   !
   vlan 78
      rd 10.2.2.2:9078
      route-target both 99:9078
      redistribute learned
   !
   vrf GATEWAY
      rd 10.2.2.2:9999
      route-target import evpn 99:9999
      route-target export evpn 99:9999
      redistribute connected
   !
   address-family evpn
      neighbor 192.168.25.5 activate
      neighbor 192.168.26.6 activate

# leaf03
service routing protocols model multi-agent
!
router bgp 65000
   neighbor 192.168.35.5 send-community
   neighbor 192.168.36.6 send-community
   !
   vlan 78
      rd 10.3.3.3:9078
      route-target both 99:9078
      redistribute learned
   !
   vlan 80
      rd 10.3.3.3:9080
      route-target both 99:9080
      redistribute learned
   !
   vrf GATEWAY
      rd 10.3.3.3:9999
      route-target import evpn 99:9999
      route-target export evpn 99:9999
      redistribute connected
   !
   address-family evpn
      neighbor 192.168.35.5 activate
      neighbor 192.168.36.6 activate

# leaf04
service routing protocols model multi-agent
!
router bgp 65000
   neighbor 192.168.45.5 send-community
   neighbor 192.168.46.6 send-community
   !
   vlan 78
      rd 10.4.4.4:9078
      route-target both 99:9078
      redistribute learned
   !
   vlan 80
      rd 10.4.4.4:9080
      route-target both 99:9080
      redistribute learned
   !
   vrf GATEWAY
      rd 10.4.4.4:9999
      route-target import evpn 99:9999
      route-target export evpn 99:9999
      redistribute connected
   !
   address-family evpn
      neighbor 192.168.45.5 activate
      neighbor 192.168.46.6 activate

# spine05
service routing protocols model multi-agent
!
router bgp 65000
   neighbor 192.168.15.1 send-community
   neighbor 192.168.25.2 send-community
   neighbor 192.168.35.3 send-community
   neighbor 192.168.45.4 send-community
   !
   address-family evpn
      neighbor 192.168.15.1 activate
      neighbor 192.168.25.2 activate
      neighbor 192.168.35.3 activate
      neighbor 192.168.45.4 activate

# spine06
service routing protocols model multi-agent
!
router bgp 65000
   neighbor 192.168.16.1 send-community
   neighbor 192.168.26.2 send-community
   neighbor 192.168.36.3 send-community
   neighbor 192.168.46.4 send-community
   !
   address-family evpn
      neighbor 192.168.16.1 activate
      neighbor 192.168.26.2 activate
      neighbor 192.168.36.3 activate
      neighbor 192.168.46.4 activate

BGP address-family evpn neighborが確立された事を確認します。

leaf01#show bgp evpn summary 
BGP summary information for VRF default
Router identifier 10.1.1.1, local AS number 65000
Neighbor Status Codes: m - Under maintenance
  Neighbor         V  AS           MsgRcvd   MsgSent  InQ OutQ  Up/Down State   PfxRcd PfxAcc
  192.168.15.5     4 65000             46        30    0    0 00:00:23 Estab   21     21
  192.168.16.6     4 65000             44        28    0    0 00:00:20 Estab   21     21
leaf01#

互いに経路を交換している事を確認します。

leaf01#show ip route vrf GATEWAY

VRF: GATEWAY
Codes: C - connected, S - static, K - kernel, 
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian,
       DP - Dynamic Policy Route, L - VRF Leaked,
       RC - Route Cache Route

Gateway of last resort is not set

 C        192.168.70.0/24 is directly connected, Vlan70
 B I      192.168.78.8/32 [200/0] via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:9e:a4:3a
                                  via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:cd:d9:6d
 C        192.168.78.0/24 is directly connected, Vlan78
 B I      192.168.80.8/32 [200/0] via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:9e:a4:3a
                                  via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:cd:d9:6d
 B I      192.168.80.0/24 [200/0] via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:9e:a4:3a
                                  via VTEP 10.34.34.34 VNI 9999 router-mac 00:50:56:cd:d9:6d

leaf01#

flood vtepの宛先を認識している事を確認します。

leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
  Hardware is Vxlan
  Source interface is Loopback10 and is active with 10.12.12.12
  Replication/Flood Mode is headend with Flood List Source: EVPN
  Remote MAC learning via EVPN
  VNI mapping to VLANs
  Static VLAN to VNI mapping is 
    [70, 9070]        [78, 9078]       
  Dynamic VLAN to VNI mapping for 'evpn' is
    [1006, 9999]     
  Note: All Dynamic VLANs used by VCS are internal VLANs.
        Use 'show vxlan vni' for details.
  Static VRF to VNI mapping is 
   [GATEWAY, 9999]
  Headend replication flood vtep list is:
    78 10.34.34.34    
  MLAG Shared Router MAC is 0000.0000.0000
leaf01#

疎通

host07とhost08の間で互いに疎通可能である事を確認します。

host07#ping vrf vrf70 192.168.78.8
PING 192.168.78.8 (192.168.78.8) 72(100) bytes of data.
80 bytes from 192.168.78.8: icmp_seq=1 ttl=62 time=22.6 ms
80 bytes from 192.168.78.8: icmp_seq=2 ttl=62 time=14.8 ms
80 bytes from 192.168.78.8: icmp_seq=3 ttl=62 time=16.8 ms
80 bytes from 192.168.78.8: icmp_seq=4 ttl=62 time=17.4 ms
80 bytes from 192.168.78.8: icmp_seq=5 ttl=62 time=15.5 ms

--- 192.168.78.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 62ms
rtt min/avg/max/mdev = 14.828/17.466/22.625/2.744 ms, pipe 3, ipg/ewma 15.560/19.972 ms
host07#
host07#
host07#ping vrf vrf70 192.168.80.8
PING 192.168.80.8 (192.168.80.8) 72(100) bytes of data.
80 bytes from 192.168.80.8: icmp_seq=1 ttl=62 time=22.8 ms
80 bytes from 192.168.80.8: icmp_seq=2 ttl=62 time=15.5 ms
80 bytes from 192.168.80.8: icmp_seq=3 ttl=62 time=21.6 ms
80 bytes from 192.168.80.8: icmp_seq=4 ttl=62 time=24.0 ms
80 bytes from 192.168.80.8: icmp_seq=5 ttl=62 time=17.4 ms

--- 192.168.80.8 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 80ms
rtt min/avg/max/mdev = 15.528/20.301/24.066/3.259 ms, pipe 2, ipg/ewma 20.017/21.566 ms
host07#

MACアドレス等の情報を互いに学習している事を確認します。

leaf01#show vxlan address-table 
          Vxlan Mac Address Table
----------------------------------------------------------------------

VLAN  Mac Address     Type     Prt  VTEP             Moves   Last Move
----  -----------     ----     ---  ----             -----   ---------
  78  0050.562d.680f  EVPN     Vx1  10.34.34.34      1       0:02:23 ago
1006  0050.569e.a43a  EVPN     Vx1  10.34.34.34      1       0:02:23 ago
1006  0050.56cd.d96d  EVPN     Vx1  10.34.34.34      1       0:02:23 ago
Total Remote Mac Addresses for this criterion: 3
leaf01#

leaf03#show vxlan address-table 
          Vxlan Mac Address Table
----------------------------------------------------------------------

VLAN  Mac Address     Type     Prt  VTEP             Moves   Last Move
----  -----------     ----     ---  ----             -----   ---------
1006  0050.5603.9409  EVPN     Vx1  10.12.12.12      1       0:02:37 ago
1006  0050.561b.0c4b  EVPN     Vx1  10.12.12.12      1       0:02:37 ago
Total Remote Mac Addresses for this criterion: 2
leaf03#