Arista EOS vxlanの設定紹介 – 自宅で体験できるファブリックネットワーク

2020.10.04
スポンサーリンク

Arista EOSでvxlanを設定する方法を説明します。vxlanはudpでカプセル化するLayer2のトンネリング技術です。従来のスパニングツリーとVLANの併用構成では、Acitve/Standyで帯域を有効活用できなかったり、vlan数の上限4094に抵触したりの課題がありました。この課題を解消するvxlanの設定例を紹介します。

構成図

以下の環境で動作確認を行います。

                    +---------------+
192.168.13.0/24  .3 |    spine03    | .3  192.168.23.0/24
        +-----------+Lo0:10.3.3.3/32+----+
        |        e1 +---------------+ e2 |
        |                                |
     e2 | .1                          e1 | .2
+-------+-------+                +-------+-------+
|    leaf01     |                |    leaf02     |
|Lo0:10.1.1.1/32|                |Lo0:10.2.2.2/32|
+-------+-------+                +-------+-------+
     e1 | vlan100                     e2 | vlan100
        |                                |
        | 192.168.100.0/24               | 192.168.100.0/24
        |                                |
     e1 | .1                          e1 | .2
+-------+-------+                +-------+-------+
|    host01     |                |    host02     |
+---------------+                +---------------+

初期設定

初期設定はIPアドレスのみです。この状態からvxlanに必要な設定を投入していきます。

host01
! Command: show running-config
! device: host01 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host01
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$1HdZV8EnhStZl7Jq$ykA.fAxEM2WTNGiPYNFMQ9a88CjY2yK9F0tZM1x8xMWUAcmOQsuEWHVvYHo2OBUnZcxw2aqn767XrqkLaV8CS/
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.100.1/24
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.41/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end
leaf01
! Command: show running-config
! device: leaf01 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf01
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$8g4im0prH7WjskGr$WSWnk6NXojEYqo03GaaS0kg0RdAjkwKCF7hqpLk1b2/aIyjAUwIcBWcq.7zuWDyxdv8Otf74JsHzZnn9aR9hG.
!
vlan 100
!
vrf instance CONSOLE
!
interface Ethernet1
   switchport access vlan 100
!
interface Ethernet2
   no switchport
   ip address 192.168.13.1/24
!
interface Loopback0
   ip address 10.1.1.1/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.42/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end
spine03
! Command: show running-config
! device: spine03 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname spine03
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$XNluPtcOuBEDxR5H$EqK9UnbxO1KHRl.1tmHKZoRw9mFvxp3/hFJqQUDQ9wnkXjINlDPRUoZ4wPECNmKue.BfLxYDT/LtYLe8u6T4J0
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.13.3/24
!
interface Ethernet2
   no switchport
   ip address 192.168.23.3/24
!
interface Loopback0
   ip address 10.3.3.3/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.43/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end
leaf02
! Command: show running-config
! device: leaf02 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname leaf02
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$bVpJ2.2SeukhvZ49$i20QxV1G6Y4RsuFV57vcPuvB2gZo5LsVHdE9Ht9yxzQoNaieMNPkBB6gdvbsykwBqXG2UDN2peT49dbeQteuX/
!
vlan 100
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.23.2/24
!
interface Ethernet2
   switchport access vlan 100
!
interface Loopback0
   ip address 10.2.2.2/32
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.44/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end
host02
! Command: show running-config
! device: host02 (vEOS, EOS-4.25.0FX-LDP-RSVP)
!
! boot system flash:/vEOS-lab.swi
!
transceiver qsfp default-mode 4x10G
!
service routing protocols model ribd
!
hostname host02
!
spanning-tree mode mstp
!
no aaa root
!
username admin role network-admin secret sha512 $6$k0Y65l5FD1m2IXQu$PGCSozozxe9XwHS2jPp/iDTy11fm34zcPkJfb1.hY0Ajgzoa9GpmVjqAF8nW1I0P9Per1sLq6oSiEOGEaYLlf.
!
vrf instance CONSOLE
!
interface Ethernet1
   no switchport
   ip address 192.168.100.2/24
!
interface Management1
   vrf CONSOLE
   ip address 192.168.1.45/24
!
no ip routing
ip routing vrf CONSOLE
!
ip route vrf CONSOLE 0.0.0.0/0 192.168.1.1
!
end

動作確認

アンダーレイネットワークの構築

vxlanによる疎通を行うには、vxlanでカプセル間する時のトンネルの両端間での疎通が可能になる必要があります。このシナリオではleaf01とleaf02のLoopback同士でトンネルを確立します。

トンネル間の疎通を担保するためのルーティングプロトコルは何でも差し支えございません。static routeでもOSPFでも何を使っても問題ありません。ここでは、OSPFを使った設定例を紹介します。

BGPを連想する方も居るかと思われますが、vxlanのみならばBGPは必須ではありません。

以下の設定を投入し、leaf01, spine03, leaf02間が互いに疎通可能にあるようにします。

# leaf01
ip routing
router ospf 1
   network 10.1.1.1/32 area 0.0.0.0
   network 192.168.13.0/24 area 0.0.0.0

# spine03
ip routing
router ospf 1
   network 10.3.3.3/32 area 0.0.0.0
   network 192.168.13.0/24 area 0.0.0.0
   network 192.168.23.0/24 area 0.0.0.0

# leaf02
ip routing
router ospf 1
   network 10.2.2.2/32 area 0.0.0.0
   network 192.168.23.0/24 area 0.0.0.0

leaf01とleaf02の間が互いに疎通可能である事を確認します。

leaf01#show ip route ospf

VRF: default
Codes: C - connected, S - static, K - kernel, 
       O - OSPF, IA - OSPF inter area, E1 - OSPF external type 1,
       E2 - OSPF external type 2, N1 - OSPF NSSA external type 1,
       N2 - OSPF NSSA external type2, B - BGP, B I - iBGP, B E - eBGP,
       R - RIP, I L1 - IS-IS level 1, I L2 - IS-IS level 2,
       O3 - OSPFv3, A B - BGP Aggregate, A O - OSPF Summary,
       NG - Nexthop Group Static Route, V - VXLAN Control Service,
       DH - DHCP client installed default route, M - Martian,
       DP - Dynamic Policy Route, L - VRF Leaked,
       RC - Route Cache Route

 O        10.2.2.2/32 [110/30] via 192.168.13.3, Ethernet2
 O        10.3.3.3/32 [110/20] via 192.168.13.3, Ethernet2
 O        192.168.23.0/24 [110/20] via 192.168.13.3, Ethernet2

leaf01#
leaf01#ping 10.2.2.2 source Loopback0
PING 10.2.2.2 (10.2.2.2) from 10.1.1.1 : 72(100) bytes of data.
80 bytes from 10.2.2.2: icmp_seq=1 ttl=63 time=4.64 ms
80 bytes from 10.2.2.2: icmp_seq=2 ttl=63 time=2.49 ms
80 bytes from 10.2.2.2: icmp_seq=3 ttl=63 time=3.72 ms
80 bytes from 10.2.2.2: icmp_seq=4 ttl=63 time=2.68 ms
80 bytes from 10.2.2.2: icmp_seq=5 ttl=63 time=2.36 ms

--- 10.2.2.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 17ms
rtt min/avg/max/mdev = 2.367/3.181/4.641/0.875 ms, ipg/ewma 4.367/3.875 ms
leaf01#

VXLANの設定

leaf01, leaf02にvxlanの設定を入れます。定義する情報はトンネルの送信元Interfaceと宛先IPアドレス、さらにはvlanとvniのマッピング情報を定義します。

# leaf01
interface Vxlan1
   vxlan source-interface Loopback0
   vxlan vlan 100 vni 90100
   vxlan flood vtep 10.2.2.2

# leaf02
interface Vxlan1
   vxlan source-interface Loopback0
   vxlan vlan 100 vni 90100
   vxlan flood vtep 10.1.1.1

interface vxlanがup状態である事とvlanとvniのマッピングが想定通りである事を確認します。

leaf01#show interfaces vxlan 1
Vxlan1 is up, line protocol is up (connected)
  Hardware is Vxlan
  Source interface is Loopback0 and is active with 10.1.1.1
  Replication/Flood Mode is headend with Flood List Source: CLI
  Remote MAC learning via Datapath
  VNI mapping to VLANs
  Static VLAN to VNI mapping is 
    [100, 90100]     
  Note: All Dynamic VLANs used by VCS are internal VLANs.
        Use 'show vxlan vni' for details.
  Static VRF to VNI mapping is not configured
  Headend replication flood vtep list is:
   100 10.2.2.2       
  MLAG Shared Router MAC is 0000.0000.0000
leaf01#

vxlanトンネルの宛先が想定通りである事を確認します。

leaf01#show vxlan flood vtep
          VXLAN Flood VTEP Table
--------------------------------------------------------------------------------

VLANS                            Ip Address
-----------------------------   ------------------------------------------------
100 *                           10.2.2.2       
* All VLANs in the indicated VLAN range list are using the default VTEP flood list 
leaf01#

疎通確認

host01からhost02への疎通を確認します。

host01#ping 192.168.100.2
PING 192.168.100.2 (192.168.100.2) 72(100) bytes of data.
80 bytes from 192.168.100.2: icmp_seq=1 ttl=64 time=52.8 ms
80 bytes from 192.168.100.2: icmp_seq=2 ttl=64 time=43.6 ms
80 bytes from 192.168.100.2: icmp_seq=3 ttl=64 time=36.8 ms
80 bytes from 192.168.100.2: icmp_seq=4 ttl=64 time=28.0 ms
80 bytes from 192.168.100.2: icmp_seq=5 ttl=64 time=18.8 ms

--- 192.168.100.2 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 41ms
rtt min/avg/max/mdev = 18.809/36.040/52.890/11.857 ms, pipe 5, ipg/ewma 10.267/43.600 ms
host01#

pingによる疎通確認直後に以下のコマンドをleaf01やleaf02で実行すると、vxlanが管理しているMacアドレステーブルを確認する事ができます。

leaf01#show vxlan address-table 
          Vxlan Mac Address Table
----------------------------------------------------------------------

VLAN  Mac Address     Type     Prt  VTEP             Moves   Last Move
----  -----------     ----     ---  ----             -----   ---------
 100  0050.56f4.e19e  DYNAMIC  Vx1  10.2.2.2         1       0:00:06 ago
Total Remote Mac Addresses for this criterion: 1
leaf01#

パケットキャプチャ

この通信をleaf01/spine03間でパケットキャプチャすると以下のようになります。

外側のIPアドレスがleaf01, leaf02になっており、内側のIPアドレスはhost01, host02になっています。また、VXLANの識別子となるVNIの値が90100になっている事が分かります。

No.     Time           Source                Destination           Protocol Length Info
      2 2.228034       192.168.100.2         192.168.100.1         ICMP     164    Echo (ping) reply    id=0x0ba1, seq=1/256, ttl=64

Frame 2: 164 bytes on wire (1312 bits), 164 bytes captured (1312 bits)
Ethernet II, Src: VMware_48:69:be (00:50:56:48:69:be), Dst: VMware_96:2a:5a (00:50:56:96:2a:5a)
Internet Protocol Version 4, Src: 10.2.2.2, Dst: 10.1.1.1
User Datagram Protocol, Src Port: 1686, Dst Port: 4789
Virtual eXtensible Local Area Network
    Flags: 0x0800, VXLAN Network ID (VNI)
    Group Policy ID: 0
    VXLAN Network Identifier (VNI): 90100
    Reserved: 0
Ethernet II, Src: VMware_f4:e1:9e (00:50:56:f4:e1:9e), Dst: VMware_05:9b:a5 (00:0c:29:05:9b:a5)
Internet Protocol Version 4, Src: 192.168.100.2, Dst: 192.168.100.1
Internet Control Message Protocol
タイトルとURLをコピーしました