前書き
以前、Catalyst 9000vでvlan-basedのEVPN-VXLANを検証しましたが、今回はvlan-awareに挑戦します。
CMLの仕様なのかCatalyst 9000vの仕様なのかわかっていませんが、CMLのCatalyst 9000vでは「l2vpn evpn instance xxx vlan-aware」のコマンドが打てません。
Catalyst 8000vではコマンドが通ったので、こちらで検証します。
環境
CMLをProxmoxVE上に立てて環境構築しています。
- CML2.7
次に各ノードの紹介です。
- Catalyst 8000v ×3(以降cat8000v)
- IOSv ×4(以降iosv)
構成図
緑色が回線事業者想定で、黄色がA社、青色がB社としたときにA社とB社は互いにルーティングはできず、同じIPv4アドレスを一部重複して持っているというシナリオです。(Lo0のアドレスも重複できますがわかりやすさを優先しました。)
今回はvlan-aware1の方式を使っているため、1つのVLANが1つのBD(bridge-domain)と1つVNIに紐づき、N個のBDが1つのEVIに紐づいています。今回はIRB(L3VNI)の構築ができなかったので、A社のルータは対向のA社のルータと直接ピアを結んでいます。3拠点以上ある場合にフルメッシュでiBGPピアを張るのは運用面で見ると適切ではないため、HUB-SPOKE構成とみてRRを設定することになるかと思います。
IRBが設定できなかった件は記事の最後の方に記載しています。
vlan-basedと比較した際のvlan-awareのメリットですが、EVIが少数ながらも多数のセグメントをL2VPN接続できる点だと思っており、サービスプロバイダー目線でマルチテナントを考えた際に一つの会社にひとつのEVIを独占させるのではなく、N個の会社でEVIを重畳することができます。
今回はVLAN10とVLAN20をA社に割り当てていますが、VLAN10をA社、VLAN20をZ社に使わせることでEVI101に2社とも通信を載せられるといった使い方ができるかと思います。(EVIの上限数は9502ほどらしい)
コンフィグ
予め、cat8000vの4台はライセンスのアドバンテージライセンス有効化済み3の前提です。
PE1
en
!
conf t
!
hostname pe1
!
ip routing
!
interface Loopback 0
ip address 11.11.11.11 255.255.255.255
ip ospf 1 area 0
!
interface GigabitEthernet 1
no shutdown
no ip address
negotiation auto
service instance 10 ethernet
encapsulation dot1q 10
service instance 20 ethernet
encapsulation dot1q 20
!
interface GigabitEthernet 2
no shutdown
no ip address
negotiation auto
service instance 30 ethernet
encapsulation dot1q 30
service instance 40 ethernet
encapsulation dot1q 40
!
interface GigabitEthernet 3
ip address 100.0.0.1 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
no shutdown
!
router ospf 1
router-id 11.11.11.11
!
router bgp 65001
bgp log-neighbor-changes
no bgp default ipv4-unicast
bgp router-id 11.11.11.11
neighbor 22.22.22.22 remote-as 65001
neighbor 22.22.22.22 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn evpn
neighbor 22.22.22.22 activate
neighbor 22.22.22.22 send-community both
exit-address-family
!
l2vpn evpn
replication-type ingress
router-id loopback 0
!
l2vpn evpn instance 101 vlan-aware
encapsulation vxlan
!
l2vpn evpn instance 201 vlan-aware
encapsulation vxlan
!
interface nve1
no ip address
source-interface Loopback0
host-reachability protocol bgp
member vni 10101 ingress-replication
member vni 20202 ingress-replication
member vni 30303 ingress-replication
member vni 40404 ingress-replication
!
bridge-domain 10
mac aging-time 30
member evpn-instance 101 vni 10101
member GigabitEthernet1 service-instance 10
exit
!
bridge-domain 20
mac aging-time 30
member evpn-instance 101 vni 20202
member GigabitEthernet1 service-instance 20
exit
!
bridge-domain 30
mac aging-time 30
member evpn-instance 201 vni 30303
member GigabitEthernet2 service-instance 30
exit
!
bridge-domain 40
mac aging-time 30
member evpn-instance 201 vni 40404
member GigabitEthernet2 service-instance 40
exit
!
end
!P
en
!
conf t
!
hostname p
!
ip routing
!
interface Loopback 0
ip address 22.22.22.22 255.255.255.255
ip ospf 1 area 0
!
interface GigabitEthernet 3
ip address 100.0.0.2 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
no shutdown
!
interface GigabitEthernet 4
ip address 200.0.0.2 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
no shutdown
!
router ospf 1
router-id 22.22.22.22
!
router bgp 65001
template peer-policy POLICY
route-reflector-client
send-community extended
exit-peer-policy
!
template peer-session SESSION
remote-as 65001
update-source Loopback0
exit-peer-session
!
bgp log-neighbor-changes
no bgp default ipv4-unicast
bgp router-id 22.22.22.22
neighbor 11.11.11.11 inherit peer-session SESSION
neighbor 33.33.33.33 inherit peer-session SESSION
!
address-family ipv4
exit-address-family
!
address-family l2vpn evpn
neighbor 11.11.11.11 activate
neighbor 11.11.11.11 inherit peer-policy POLICY
neighbor 33.33.33.33 activate
neighbor 33.33.33.33 inherit peer-policy POLICY
exit-address-family
!
end
!PE2
en
!
conf t
!
hostname pe2
!
ip routing
!
interface Loopback 0
ip address 33.33.33.33 255.255.255.255
ip ospf 1 area 0
!
interface GigabitEthernet 1
no shutdown
no ip address
negotiation auto
service instance 10 ethernet
encapsulation dot1q 10
service instance 20 ethernet
encapsulation dot1q 20
!
interface GigabitEthernet 2
no shutdown
no ip address
negotiation auto
service instance 30 ethernet
encapsulation dot1q 30
service instance 40 ethernet
encapsulation dot1q 40
!
interface GigabitEthernet 4
ip address 200.0.0.1 255.255.255.0
ip ospf network point-to-point
ip ospf 1 area 0
no shutdown
!
router ospf 1
router-id 33.33.33.33
!
router bgp 65001
bgp log-neighbor-changes
no bgp default ipv4-unicast
bgp router-id 33.33.33.33
neighbor 22.22.22.22 remote-as 65001
neighbor 22.22.22.22 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn evpn
neighbor 22.22.22.22 activate
neighbor 22.22.22.22 send-community both
exit-address-family
!
l2vpn evpn
replication-type ingress
router-id loopback 0
!
l2vpn evpn instance 101 vlan-aware
encapsulation vxlan
!
l2vpn evpn instance 201 vlan-aware
encapsulation vxlan
!
interface nve1
no ip address
source-interface Loopback0
host-reachability protocol bgp
member vni 10101 ingress-replication
member vni 20202 ingress-replication
member vni 30303 ingress-replication
member vni 40404 ingress-replication
!
bridge-domain 10
mac aging-time 30
member evpn-instance 101 vni 10101
member GigabitEthernet1 service-instance 10
exit
!
bridge-domain 20
mac aging-time 30
member evpn-instance 101 vni 20202
member GigabitEthernet1 service-instance 20
exit
!
bridge-domain 30
mac aging-time 30
member evpn-instance 201 vni 30303
member GigabitEthernet2 service-instance 30
exit
!
bridge-domain 40
mac aging-time 30
member evpn-instance 201 vni 40404
member GigabitEthernet2 service-instance 40
exit
!
end
!CE-A1
en
!
conf t
!
hostname ce-a1
!
ip routing
!
interface Loopback 0
ip address 10.0.0.1 255.255.255.255
!
interface GigabitEthernet 0/0
no shutdown
!
interface GigabitEthernet 0/0.10
encapsulation dot1Q 10
ip address 1.1.1.1 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0.20
encapsulation dot1Q 20
ip address 2.2.2.1 255.255.255.0
no shutdown
!
router bgp 65002
neighbor GROUP-A peer-group
neighbor GROUP-A remote-as 65002
neighbor 1.1.1.2 peer-group GROUP-A
neighbor 2.2.2.2 peer-group GROUP-A
no auto-summary
no synchronization
redistribute connected
!
end
!CE-B1
en
!
conf t
!
hostname ce-b1
!
ip routing
!
interface Loopback 0
ip address 10.0.0.2 255.255.255.255
!
interface GigabitEthernet 0/0
no shutdown
!
interface GigabitEthernet 0/0.30
encapsulation dot1Q 30
ip address 1.1.1.1 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0.40
encapsulation dot1Q 40
ip address 2.2.2.1 255.255.255.0
no shutdown
!
router bgp 65003
neighbor GROUP-B peer-group
neighbor GROUP-B remote-as 65003
neighbor 1.1.1.2 peer-group GROUP-B
neighbor 2.2.2.2 peer-group GROUP-B
no auto-summary
no synchronization
redistribute connected
!
end
!CE-A2
en
!
conf t
!
hostname ce-a2
!
ip routing
!
interface Loopback 0
ip address 10.0.0.3 255.255.255.255
!
interface GigabitEthernet 0/0
no shutdown
!
interface GigabitEthernet 0/0.10
encapsulation dot1Q 10
ip address 1.1.1.2 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0.20
encapsulation dot1Q 20
ip address 2.2.2.2 255.255.255.0
no shutdown
!
router bgp 65002
neighbor GROUP-A peer-group
neighbor GROUP-A remote-as 65002
neighbor 1.1.1.1 peer-group GROUP-A
neighbor 2.2.2.1 peer-group GROUP-A
no auto-summary
no synchronization
redistribute connected
!
end
!CE-B2
en
!
conf t
!
hostname ce-b2
!
ip routing
!
interface Loopback 0
ip address 10.0.0.4 255.255.255.255
!
interface GigabitEthernet 0/0
no shutdown
!
interface GigabitEthernet 0/0.30
encapsulation dot1Q 30
ip address 1.1.1.2 255.255.255.0
no shutdown
!
interface GigabitEthernet 0/0.40
encapsulation dot1Q 40
ip address 2.2.2.2 255.255.255.0
no shutdown
!
router bgp 65003
neighbor GROUP-B peer-group
neighbor GROUP-B remote-as 65003
neighbor 1.1.1.1 peer-group GROUP-B
neighbor 2.2.2.1 peer-group GROUP-B
no auto-summary
no synchronization
redistribute connected
!
end
!showコマンド結果
show bgp l2vpn evpn summary
PE1
pe1#show bgp l2vpn evpn summary
BGP router identifier 11.11.11.11, local AS number 65001
BGP table version is 3255, main routing table version 3255
30 network entries using 11520 bytes of memory
30 path entries using 6960 bytes of memory
12/12 BGP path/bestpath attribute entries using 3552 bytes of memory
1 BGP rrinfo entries using 40 bytes of memory
2 BGP extended community entries using 80 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 22152 total bytes of memory
BGP activity 166/136 prefixes, 1642/1612 paths, scan interval 60 secs
36 networks peaked at 15:42:22 Feb 21 2025 UTC (01:33:12.245 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
22.22.22.22 4 65001 1425 718 3255 0 0 01:35:30 10P
p#show bgp l2vpn evpn summary
BGP router identifier 22.22.22.22, local AS number 65001
BGP table version is 2205, main routing table version 2205
18 network entries using 6912 bytes of memory
18 path entries using 4176 bytes of memory
10/10 BGP path/bestpath attribute entries using 2960 bytes of memory
2 BGP extended community entries using 80 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 14128 total bytes of memory
BGP activity 131/111 prefixes, 1111/1093 paths, scan interval 60 secs
24 networks peaked at 15:42:22 Feb 21 2025 UTC (01:34:24.443 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
11.11.11.11 4 65001 729 1447 2205 0 0 01:36:42 9
33.33.33.33 4 65001 730 1446 2205 0 0 01:36:28 9PE2
pe2#show bgp l2vpn evpn summary
BGP router identifier 33.33.33.33, local AS number 65001
BGP table version is 3313, main routing table version 3313
30 network entries using 11520 bytes of memory
30 path entries using 6960 bytes of memory
12/12 BGP path/bestpath attribute entries using 3552 bytes of memory
1 BGP rrinfo entries using 40 bytes of memory
2 BGP extended community entries using 80 bytes of memory
0 BGP route-map cache entries using 0 bytes of memory
0 BGP filter-list cache entries using 0 bytes of memory
BGP using 22152 total bytes of memory
BGP activity 188/158 prefixes, 1671/1641 paths, scan interval 60 secs
36 networks peaked at 15:42:22 Feb 21 2025 UTC (01:34:42.998 ago)
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
22.22.22.22 4 65001 1452 733 3313 0 0 01:36:47 10show l2route evpn mac
PE1
pe1#show l2route evpn mac
EVI ETag Prod Mac Address Next Hop(s) Seq Number
----- ---------- ----- -------------- ---------------------------------------------------- ----------
101 10101 L2VPN 5254.0016.35d2 Gi1:10 0
101 10101 BGP 5254.001e.cae1 V:10101 33.33.33.33 0
101 20202 L2VPN 5254.0016.35d2 Gi1:20 0
101 20202 BGP 5254.001e.cae1 V:20202 33.33.33.33 0
201 30303 BGP 5254.000a.47ac V:30303 33.33.33.33 0
201 30303 L2VPN 5254.0018.19fe Gi2:30 0
201 40404 BGP 5254.000a.47ac V:40404 33.33.33.33 0
201 40404 L2VPN 5254.0018.19fe Gi2:40 0P
中継ルータのため表示なし
p#show l2route evpn mac
EVI ETag Prod Mac Address Next Hop(s) Seq Number
----- ---------- ----- -------------- ---------------------------------------------------- ----------PE2
pe2#show l2route evpn mac
EVI ETag Prod Mac Address Next Hop(s) Seq Number
----- ---------- ----- -------------- ---------------------------------------------------- ----------
101 10101 BGP 5254.0016.35d2 V:10101 11.11.11.11 0
101 10101 L2VPN 5254.001e.cae1 Gi1:10 0
101 20202 BGP 5254.0016.35d2 V:20202 11.11.11.11 0
101 20202 L2VPN 5254.001e.cae1 Gi1:20 0
201 30303 L2VPN 5254.000a.47ac Gi2:30 0
201 30303 BGP 5254.0018.19fe V:30303 11.11.11.11 0
201 40404 L2VPN 5254.000a.47ac Gi2:40 0
201 40404 BGP 5254.0018.19fe V:40404 11.11.11.11 0show ip route
PE1
pe1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
11.0.0.0/32 is subnetted, 1 subnets
C 11.11.11.11 is directly connected, Loopback0
22.0.0.0/32 is subnetted, 1 subnets
O 22.22.22.22 [110/2] via 100.0.0.2, 01:41:51, GigabitEthernet3
33.0.0.0/32 is subnetted, 1 subnets
O 33.33.33.33 [110/3] via 100.0.0.2, 01:41:31, GigabitEthernet3
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.0.0.0/24 is directly connected, GigabitEthernet3
L 100.0.0.1/32 is directly connected, GigabitEthernet3
O 200.0.0.0/24 [110/2] via 100.0.0.2, 01:41:51, GigabitEthernet3P
p#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
11.0.0.0/32 is subnetted, 1 subnets
O 11.11.11.11 [110/2] via 100.0.0.1, 01:43:05, GigabitEthernet3
22.0.0.0/32 is subnetted, 1 subnets
C 22.22.22.22 is directly connected, Loopback0
33.0.0.0/32 is subnetted, 1 subnets
O 33.33.33.33 [110/2] via 200.0.0.1, 01:42:50, GigabitEthernet4
100.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 100.0.0.0/24 is directly connected, GigabitEthernet3
L 100.0.0.2/32 is directly connected, GigabitEthernet3
200.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.0.0.0/24 is directly connected, GigabitEthernet4
L 200.0.0.2/32 is directly connected, GigabitEthernet4PE2
pe2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
11.0.0.0/32 is subnetted, 1 subnets
O 11.11.11.11 [110/3] via 200.0.0.2, 01:43:07, GigabitEthernet4
22.0.0.0/32 is subnetted, 1 subnets
O 22.22.22.22 [110/2] via 200.0.0.2, 01:43:07, GigabitEthernet4
33.0.0.0/32 is subnetted, 1 subnets
C 33.33.33.33 is directly connected, Loopback0
100.0.0.0/24 is subnetted, 1 subnets
O 100.0.0.0 [110/2] via 200.0.0.2, 01:43:07, GigabitEthernet4
200.0.0.0/24 is variably subnetted, 2 subnets, 2 masks
C 200.0.0.0/24 is directly connected, GigabitEthernet4
L 200.0.0.1/32 is directly connected, GigabitEthernet4CE-A1
ce-a1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, GigabitEthernet0/0.10
L 1.1.1.1/32 is directly connected, GigabitEthernet0/0.10
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.2.2.0/24 is directly connected, GigabitEthernet0/0.20
L 2.2.2.1/32 is directly connected, GigabitEthernet0/0.20
10.0.0.0/32 is subnetted, 2 subnets
C 10.0.0.1 is directly connected, Loopback0
B 10.0.0.3 [200/0] via 1.1.1.2, 01:36:12CE-B1
ce-b1#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, GigabitEthernet0/0.30
L 1.1.1.1/32 is directly connected, GigabitEthernet0/0.30
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.2.2.0/24 is directly connected, GigabitEthernet0/0.40
L 2.2.2.1/32 is directly connected, GigabitEthernet0/0.40
10.0.0.0/32 is subnetted, 2 subnets
C 10.0.0.2 is directly connected, Loopback0
B 10.0.0.4 [200/0] via 1.1.1.2, 01:36:32CE-A2
ce-a2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, GigabitEthernet0/0.10
L 1.1.1.2/32 is directly connected, GigabitEthernet0/0.10
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.2.2.0/24 is directly connected, GigabitEthernet0/0.20
L 2.2.2.2/32 is directly connected, GigabitEthernet0/0.20
10.0.0.0/32 is subnetted, 2 subnets
B 10.0.0.1 [200/0] via 1.1.1.1, 01:36:57
C 10.0.0.3 is directly connected, Loopback0CE-B2
ce-b2#show ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
Gateway of last resort is not set
1.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 1.1.1.0/24 is directly connected, GigabitEthernet0/0.30
L 1.1.1.2/32 is directly connected, GigabitEthernet0/0.30
2.0.0.0/8 is variably subnetted, 2 subnets, 2 masks
C 2.2.2.0/24 is directly connected, GigabitEthernet0/0.40
L 2.2.2.2/32 is directly connected, GigabitEthernet0/0.40
10.0.0.0/32 is subnetted, 2 subnets
B 10.0.0.2 [200/0] via 1.1.1.1, 01:37:25
C 10.0.0.4 is directly connected, Loopback0疎通確認
ping
CE-A1
ce-a1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-a1#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
ce-a1#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-a1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
ce-a1#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-a1#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
ce-a1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)CE-B1
ce-b1#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-b1#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
ce-b1#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-b1#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
ce-b1#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-b1#ping 10.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 3/3/5 ms
ce-b1#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ce-b1#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)CE-A2
ce-a2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/3/4 ms
ce-a2#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
ce-a2#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
ce-a2#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-a2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
ce-a2#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-a2#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ce-a2#ping 10.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)CE-B2
ce-b2#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/2 ms
ce-b2#ping 1.1.1.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/2 ms
ce-b2#ping 2.2.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
ce-b2#ping 2.2.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 2.2.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-b2#ping 10.0.0.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/3 ms
ce-b2#ping 10.0.0.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
ce-b2#ping 10.0.0.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.1, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)
ce-b2#ping 10.0.0.3
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.0.0.3, timeout is 2 seconds:
.....
Success rate is 0 percent (0/5)ということで、A社同士のルータはL2リンク、ループバックアドレスともに疎通でき、A社とB社間では疎通できない想定通りの結果になりました。
ちなみにCE-A1からCE-A2のループバックインターフェースへpingを送った際のパケットキャプチャ上では、VXLANによるカプセル化とdot1qによるカプセル化が見えています。
VLAN10とVLAN20がある中で10が使われているのは、BGPの経路がVLAN10経由の経路が優先されて10.0.0.3のネクストホップが1.1.1.2になっているからです。
ce-a1#sho ip bgp all
For address family: IPv4 Unicast
BGP table version is 5, local router ID is 10.0.0.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
* i 1.1.1.0/24 2.2.2.2 0 100 0 ?
* i 1.1.1.2 0 100 0 ?
*> 0.0.0.0 0 32768 ?
* i 2.2.2.0/24 2.2.2.2 0 100 0 ?
* i 1.1.1.2 0 100 0 ?
*> 0.0.0.0 0 32768 ?
*> 10.0.0.1/32 0.0.0.0 0 32768 ?
* i 10.0.0.3/32 2.2.2.2 0 100 0 ?
*>i 1.1.1.2 0 100 0 ?
For address family: IPv4 Multicast
For address family: L2VPN E-VPN
For address family: MVPNv4 Unicast前回の課題解決と新たな課題
- vlan-basedではVLAN-VNI-EVI-SVI-VRFが1つの状態となり、EVIの上限値からマルチテナントは950社が限界だった。これは予想通りvlan aware方式で実装することで、1つのEVIに複数のVLANを紐づけできるため解消できる。そうなると次の課題はvlan上限である4094になるが、どうやら世の中には10,000以上VLANを設定できる機器もあるらしいので、機器によってはこちらも解決可能。
- 今回は集中型の非対称IRBの設定も試みたが、cat8000vではcat9000vのようなSVIは使えない(作れるが有効化できない)。BDIによる代替も試してみたが、設定はできたもののIRB用に置いたルータにパケットが届くものの、帰りのパケットが返されない状況になった。おそらく、vxlanのカプセル化解除後にdot1qのカプセル化解除を行う部分でうまくいってないのではないかと思う。(BDは物理インターフェースにしか紐づけられないが、vxlanでカプセル化解除されたパケットが物理インターフェースを経由しないため、dot1qのカプセル化が行われない?)
後書き
また時間があれば分散型の非対称IRBが設定できるかどうかは試してみようと思います。
もし、IOS-XEのL3SWでvlan-awareが通る機器があれば教えてください!
おわり🙄
脚注
- 以下の13スライド目
https://www.nic.ad.jp/ja/materials/iw/2016/proceedings/t05/t5-kamitani-2.pdf
↩︎ - 6ページ目
https://www.cisco.com/c/en/us/td/docs/routers/asr920/configuration/guide/segment-routing/17-1-1/b-segment-routing-17-1-asr920/m-evpn-irb.pdf
↩︎ - 過去の記事
https://enjimiya.com/vrfbgpvlan%e3%81%ab%e3%82%88%e3%82%8b%e3%83%88%e3%83%a9%e3%83%95%e3%82%a3%e3%83%83%e3%82%af%e3%81%ae%e8%ab%96%e7%90%86%e5%88%86%e5%89%b2/#:~:text=%E3%81%A9%E3%81%86%E3%82%84%E3%82%89CML%E3%81%AE%E3%83%87%E3%83%95%E3%82%A9%E3%83%AB%E3%83%88%E3%81%AE%E3%83%A9%E3%82%A4%E3%82%BB%E3%83%B3%E3%82%B9%E3%81%A0%E3%81%A8%E3%80%81cat9000v%E3%81%A7%E3%81%AFVRF%E3%81%AA%E3%81%A9%E3%81%8C%E4%BD%BF%E3%81%88%E3%81%AA%E3%81%841%E3%82%88%E3%81%86%E3%81%AA%E3%81%AE%E3%81%A7%E3%80%81%E3%81%BE%E3%81%9A%E3%82%A2%E3%83%89%E3%83%90%E3%83%B3%E3%83%86%E3%83%BC%E3%82%B8%E3%83%A9%E3%82%A4%E3%82%BB%E3%83%B3%E3%82%B9%E3%81%AE%E6%9C%89%E5%8A%B9%E5%8C%96%E3%82%92%E8%A1%8C%E3%81%84%E3%81%BE%E3%81%99%E3%80%82
↩︎
コメント