在Catalyst 9000交換機上配置服務VRF EVPN VxLAN
簡介
本檔案介紹不同情況下的EVPN(乙太網路VPN)VXLAN(虛擬可擴充區域網路)路由洩漏組態。
必要條件
建議您熟悉單點傳播EVPN VxLAN功能BGP。
需求
本指南假設BGP、NVE對等體已經正確。如果基本EVPN VxLAN啟動有問題(單播ping失敗、BGP、NVE對等點關閉等),請根據需要參考BGP、EVPN、路由/交換機故障排除指南。
注意:僅支援IPv4的服務VRF配置示例。
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- C9300
- C9400
- C9500
- C9600
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
注意:有關用於在其他Cisco平台上啟用這些功能的命令,請參閱相應的配置指南。
設定
路由洩漏功能廣泛用於構建「共用VRF」服務或將邊界節點連線到防火牆的情況。通常,邊界枝葉是配置路由洩漏的節點。
- Cisco IOS® XE上EVPN/VXLAN的VRF之間的路由洩漏在BGP級別沒有正常執行。改用EVN(簡易虛擬網路)功能。
網路圖表
通用路由洩漏
在本示例中,計畫在邊界節點上配置從VRF「綠色」和「藍色」到VRF「vrf服務」的路由洩漏。
在路由表中檢查邊界上的VRF「綠色」和「藍色」:
Border#show ip route vrf green
<…snip…>
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.1.1.0/24 [200/0] via 172.16.254.3, 01:19:43, Vlan901
B 10.1.2.0/24 [200/0] via 172.16.254.3, 01:19:43, Vlan901
B 10.255.1.11/32 [200/0] via 172.16.254.3, 01:19:43, Vlan901
B 10.255.1.12/32 [200/0] via 172.16.254.4, 01:19:43, Vlan901
C 10.255.1.13/32 is directly connected, Loopback11
Border#show ip route vrf blue
<…snip…>
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
B 10.2.1.0/24 [200/0] via 172.16.254.3, 01:20:28, Vlan902
B 10.2.2.0/24 [200/0] via 172.16.254.3, 01:20:28, Vlan902
B 10.255.2.11/32 [200/0] via 172.16.254.3, 01:20:28, Vlan902
B 10.255.2.12/32 [200/0] via 172.16.254.4, 01:20:28, Vlan902
C 10.255.2.13/32 is directly connected, Loopback12
用於將所有路由從VRF「綠色」匯入到VRF「vrf服務」的配置
vrf definition vrf-service rd 3:3 ! address-family ipv4 route-replicate from vrf green unicast all route-target export 3:3 route-target import 3:3 exit-address-family
驗證邊界上VRF「vrf-service」的路由表包含來自VRF「green」的路由
Border#show ip route vrf vrf-service
Routing Table: vrf-service
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, m - OMP
n - NAT, Ni - NAT inside, No - NAT outside, Nd - NAT DIA
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
H - NHRP, G - NHRP registered, g - NHRP registration summary
o - ODR, P - periodic downloaded static route, l - LISP
a - application route
+ - replicated route, % - next hop override, p - overrides from PfR
& - replicated local route overrides by connected
Gateway of last resort is not set
10.0.0.0/8 is variably subnetted, 6 subnets, 2 masks
B + 10.1.1.0/24 [200/0] via 172.16.254.3, 00:00:42, Vlan901
B + 10.1.1.11/32 [200/0] via 172.16.254.3, 00:00:28, Vlan901
B + 10.255.1.11/32 [200/0] via 172.16.254.3, 01:32:49, Vlan901
B + 10.255.1.12/32 [200/0] via 172.16.254.4, 01:32:49, Vlan901
C + 10.255.1.13/32 is directly connected, Loopback11
C 10.255.3.13/32 is directly connected, Loopback13
觀察從VRF「綠色」的路由會複製到VRF「vrf服務」,並在路由表中標籤為「+」。
使用過濾的路由洩漏
路由複製可以通過過濾來完成。路由對映用於此目的。
僅將字首10.255.2.12從VRF「blue」複製到VRF「vrf-service」。
ip prefix-list PL-BLUE-2-VRF-SERVICE permit 10.255.2.12/32 ! route-map RM-BLUE-2-VRF-SERVICE permit 10 match ip adderess prefix-list PL-BLUE-2-VRF-SERVICE
使用篩選器配置複製
vrf definition vrf-service
rd 3:3
!
address-family ipv4
route-replicate from vrf green unicast all
route-replicate from vrf blue unicast all route-map RM-BLUE-2-VRF-SERVICE
route-target export 3:3
route-target import 3:3
exit-address-family
觀察VRF「vrf-service」的路由表包含源自VRF「blue」的字首10.255.2.12/32:
Border#show ip route vrf VRF-SERVICE
<…snip…>
10.0.0.0/8 is variably subnetted, 7 subnets, 2 masks
B + 10.1.1.0/24 [200/0] via 172.16.254.3, 00:09:38, Vlan901
B + 10.1.1.11/32 [200/0] via 172.16.254.3, 00:09:24, Vlan901
B + 10.255.1.11/32 [200/0] via 172.16.254.3, 01:41:45, Vlan901
B + 10.255.1.12/32 [200/0] via 172.16.254.4, 01:41:45, Vlan901
C + 10.255.1.13/32 is directly connected, Loopback11
B + 10.255.2.12/32 [200/0] via 172.16.254.4, 01:41:45, Vlan902 <--
C 10.255.3.13/32 is directly connected, Loopback13
僅預設路由通告和預設路由跟蹤
連線到帶有外部網路的Leafs的主機之間的連線是通過邊界建立的。
- 通常,Border僅接收預設路由或預設路由加上彙總路由。
- 要最佳化枝葉上的路由表,可以只通告來自邊界的預設路由。
預設路由在VRF "vrf-service"/"Shared service"中接收。
- 此路由可以複製到VRF「綠色」中,但無法重新通告複製的路由。需要在BGP中為VRF「綠色」配置預設路由通告。
- 可以配置帶有跟蹤對象的靜態路由,以避免在通告VRF「綠色」中的預設路由時,出現黑洞情況,但VRF「vrf-service」中的預設路由不存在。
檢查拓撲
驗證邊界節點上是否收到預設路由:
Border#show ip route vrf vrf-service 0.0.0.0
Routing Table: red
Routing entry for 0.0.0.0/0, supernet
Known via "bgp 65001", distance 20, metric 0, candidate default path
Tag 65002, type external
Last update from 192.168.3.2 00:13:32 ago
Routing Descriptor Blocks:
* 192.168.3.2, from 192.168.3.2, 00:13:32 ago
opaque_ptr 0x7FA2A139FE50
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 65002
MPLS label: none
Border#show ip cef vrf vrf-service 0.0.0.0/0
0.0.0.0/0
nexthop 192.168.3.2 TenGigabitEthernet1/0/5.3903
途徑1 檢查VRF「vrf服務」中預設路由的可達性。
track 1 ip route 0.0.0.0 0.0.0.0 reachability ip vrf vrf-service
驗證VRF「vrf服務」中存在預設路由,且跟蹤對象為「Up」。
Border#show track 1
Track 1
IP route 0.0.0.0 0.0.0.0 reachability
Reachability is Up (BGP)
2 changes, last change 00:23:12
VPN Routing/Forwarding table "vrf-service"
First-hop interface is TenGigabitEthernet1/0/5.3903
Tracked by:
Static IP Routing 0
在VRF「綠色」中配置預設路由,使用跟蹤選項
! ip route vrf green 0.0.0.0 0.0.0.0 TenGigabitEthernet1/0/5.3903 192.168.3.2 track 1 !
Border#show ip route vrf green 0.0.0.0
Routing Table: green
Routing entry for 0.0.0.0/0, supernet
Known via "static", distance 1, metric 0, candidate default path
Redistributing via bgp 65001
Advertised by bgp 65001
Routing Descriptor Blocks:
* 192.168.3.2, via TenGigabitEthernet1/0/5.3903
Route metric is 0, traffic share count is 1
在VRF「綠色」的BGP進程下配置預設路由通告
router bgp 65001 ! <...snip...> ! address-family ipv4 vrf green advertise l2vpn evpn redistribute static redistribute connected default-information originate exit-address-family ! <...snip...>
驗證是否將預設路由通告到L2VPN EVPN AF(類似於路由型別5)並在交換矩陣上傳播
Border#show bgp l2vpn evpn rd 1:1 route-type 5 0 0.0.0.0 0
BGP routing table entry for [5][1:1][0][0][0.0.0.0]/17, version 622
Paths: (1 available, best #1, table EVPN-BGP-Table)
Advertised to update-groups:
2
Refresh Epoch 1
Local, imported path from base
192.168.3.2 (via vrf red) from 0.0.0.0 (172.16.255.6)
Origin incomplete, metric 0, localpref 100, weight 32768, valid, external, best
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, local vtep: 172.16.254.6, VNI Label 50901, MPLS VPN Label 27
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD67.EF48
rx pathid: 0, tx pathid: 0x0
Updated on Jul 8 2022 10:41:40 UTC
檢查枝葉01上的EVPN、路由和cef資訊
Leaf-01#show bgp l2vpn evpn rd 1:1 route-type 5 0 0.0.0.0 0
BGP routing table entry for [5][1:1][0][0][0.0.0.0]/17, version 595
Paths: (2 available, best #2, table EVPN-BGP-Table)
Not advertised to any peer
Refresh Epoch 7
Local
172.16.254.6 (metric 3) (via default) from 172.16.255.2 (172.16.255.2)
Origin incomplete, metric 0, localpref 100, valid, internal
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, VNI Label 50901, MPLS VPN Label 0
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD67.EF48
Originator: 172.16.255.6, Cluster list: 172.16.255.2
rx pathid: 0, tx pathid: 0
Updated on Jul 8 2022 10:41:40 UTC
Refresh Epoch 7
Local
172.16.254.6 (metric 3) (via default) from 172.16.255.1 (172.16.255.1)
Origin incomplete, metric 0, localpref 100, valid, internal, best
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, VNI Label 50901, MPLS VPN Label 0
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD67.EF48
Originator: 172.16.255.6, Cluster list: 172.16.255.1
rx pathid: 0, tx pathid: 0x0
Updated on Jul 8 2022 10:41:40 UTC
Leaf-01#show ip route vrf green 0.0.0.0
Routing Table: green
Routing entry for 0.0.0.0/0, supernet
Known via "bgp 65001", distance 200, metric 0, candidate default path, type internal
Last update from 172.16.254.6 on Vlan901, 02:07:17 ago
Routing Descriptor Blocks:
* 172.16.254.6 (default), from 172.16.255.1, 02:07:17 ago, via Vlan901
opaque_ptr 0x7FC3606F4D80
Route metri c is 0, traffic share count is 1
AS Hops 0
MPLS label: none
Leaf-01#show ip cef vrf green 0.0.0.0/0
0.0.0.0/0
nexthop 172.16.254.6 Vlan901
從交換矩陣到外部網路的反向路由源自BGP,與總結路由類似
! ip route vrf vrf-service 10.0.0.0 255.0.0.0 Null0 ! router bgp 65001 <…snip…> ! address-family ipv4 vrf vrf-service advertise l2vpn evpn aggregate-address 10.0.0.0 255.0.0.0 summary-only redistribute static redistribute connected neighbor 192.168.3.2 remote-as 65002 neighbor 192.168.3.2 activate exit-address-family ! <…snip…>
檢查VRF「綠色」中的Leaf-01上的路由表並ping遠端IP地址192.168.255.1
Leaf-01#show ip route vrf green 192.168.255.1
Routing Table: green
% Network not in table
Leaf-01#show ip route vrf green 0.0.0.0
Routing Table: green
Routing entry for 0.0.0.0/0, supernet
Known via "bgp 65001", distance 200, metric 0, candidate default path, type internal
Last update from 172.16.254.6 on Vlan901, 05:15:19 ago
Routing Descriptor Blocks:
* 172.16.254.6 (default), from 172.16.255.1, 05:15:19 ago, via Vlan901
opaque_ptr 0x7FC3606F4D80
Route metric is 0, traffic share count is 1
AS Hops 0
MPLS label: none
Leaf-01#show ip cef vrf green 0.0.0.0/0
0.0.0.0/0
nexthop 172.16.254.6 Vlan901
Leaf-01#ping vrf green 192.168.3.2 source 10.255.1.11
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.3.2, timeout is 2 seconds:
Packet sent with a source address of 10.255.1.11
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
如果VRF「vrf-service」中邊界上的預設路由丟失,則跟蹤對象將關閉,VRF「綠色」中的靜態路由將從RIB中刪除,在BGP中通告的預設路由也將刪除
### Border ###
Border#show ip route vrf vrf-service 0.0.0.0 Routing Table: vrf-service % Network not in table Border#show track 1 Track 1 IP route 0.0.0.0 0.0.0.0 reachability Reachability is Down (no ip route) <-- Track object is down 3 changes, last change 00:03:15 VPN Routing/Forwarding table "vrf-service" First-hop interface is unknown Tracked by: Static IP Routing 0 Border#show ip route vrf green 0.0.0.0 Routing Table: green % Network not in table Border#show bgp l2vpn evpn rd 1:1 route-type 5 0 0.0.0.0 0 % Network not in table
### Leaf ### Leaf-01#show ip route vrf green 0.0.0.0 Routing Table: green % Network not in table
必須過濾從VRF「綠色」到VRF「vrf服務」的預設路由
vrf definition vrf-service rd 3:3 ! address-family ipv4 route-replicate from vrf green unicast all route-map RM-GREEN-2-VRF-SERVICE route-target export 3:3 route-target import 3:3 exit-address-family ip prefix-list PL-DEFAULT seq 5 permit 0.0.0.0/0 ! route-map RM-GREEN-2-VRF-SERVICE deny 10 match ip address prefix-list PL-DEFAULT ! route-map RM-GREEN-2-VRF-SERVICE permit 20
注意:由於丟失預設路由與跟蹤對象關閉之間存在延遲,因此靜態預設路由會從VRF「綠色」複製到VRF「vrf服務」,並保持跟蹤對象正常運行。因此,會向交換矩陣通告預設路由並將流量黑洞化。
預設路由通告(僅包含冗餘邊框)
本節提供了一個使用冗餘邊框的示例。
注意:在此範例中,我們使用BGP額外路徑功能。另一種方法是,在Border-01上使用不同的RD,而Border-02可用於通告從兩個邊界到枝葉的兩個預設路由。
檢查拓撲
Border-01和Border-02分別接收來自EXT-01和EXT-02的預設路由。
從Border-01
Border-01#show ip route vrf vrf-service 0.0.0.0
Routing Table: vrf-service
Routing entry for 0.0.0.0/0, supernet
Known via "bgp 65001", distance 20, metric 0, candidate default path
Tag 65002, type external
Last update from 192.168.3.2 00:00:06 ago
Routing Descriptor Blocks:
* 192.168.3.2, from 192.168.3.2, 00:00:06 ago
opaque_ptr 0x7F68E5AC02A0
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 65002
MPLS label: none
Border-01#show ip cef vrf vrf-service 0.0.0.0/0
0.0.0.0/0
nexthop 192.168.3.2 TenGigabitEthernet1/0/5.3903
從Border-02
Border-02#show ip route vrf vrf-service 0.0.0.0
Routing Table: vrf-service
Routing entry for 0.0.0.0/0, supernet
Known via "bgp 65001", distance 20, metric 0, candidate default path
Tag 65002, type external
Last update from 192.168.4.2 01:22:08 ago
Routing Descriptor Blocks:
* 192.168.4.2, from 192.168.4.2, 01:22:08 ago
opaque_ptr 0x7FE529FF3D48
Route metric is 0, traffic share count is 1
AS Hops 1
Route tag 65002
MPLS label: none
Border-02#show ip cef vrf vrf-service 0.0.0.0/0
0.0.0.0/0
nexthop 192.168.4.2 TenGigabitEthernet1/0/5.3904
與先前的示例 — 帶跟蹤的靜態預設路由一樣,在雙邊界配置中使用相同的方法。
配置Border-01/02路徑、vrf「綠色」中的預設靜態路由以及通告的bgp配置。
track 1 ip route 0.0.0.0 0.0.0.0 reachability ip vrf vrf-service ! ip route vrf green 0.0.0.0 0.0.0.0 TenGigabitEthernet1/0/5.3903 192.168.3.2 track 1 ! router bgp 65001 ! <...snip...> ! address-family ipv4 vrf green advertise l2vpn evpn redistribute static redistribute connected default-information originate exit-address-family ! <...snip...>
驗證主幹上是否收到來自兩個邊界的預設路由
Spine-01#show bgp l2vpn evpn
BGP table version is 25, local router ID is 172.16.255.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
* ia [5][1:1][0][0][0.0.0.0]/17
172.16.254.7 0 100 0 ?
*>i 172.16.254.6 0 100 0 ?
* i 172.16.254.6 0 100 0 ?
<...snip...>
Spine-02#show bgp l2vpn evpn
BGP table version is 75, local router ID is 172.16.255.2
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
* i [5][1:1][0][0][0.0.0.0]/17
172.16.254.6 0 100 0 ?
* ia 172.16.254.7 0 100 0 ?
*>i 172.16.254.6 0 100 0 ?
<...snip...>
在主幹上設定以傳播兩個預設路由BGP additional-path
router bgp 65001 ! <...snip...> ! address-family l2vpn evpn bgp additional-paths select all best 2 bgp additional-paths send receive <...snip...> neighbor 172.16.255.3 advertise additional-paths best 2 <...snip...> neighbor 172.16.255.4 advertise additional-paths best 2 ! <...snip...>
觀察此配置更改了預設僅最佳傳播,改為通告兩條路由
Spine-01#show bgp l2vpn evpn neighbors 172.16.255.3 advertised-routes
BGP table version is 25, local router ID is 172.16.255.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
*>i [5][1:1][0][0][0.0.0.0]/17
172.16.254.6 0 100 0 ? <-- best path
* ia [5][1:1][0][0][0.0.0.0]/17
172.16.254.7 0 100 0 ? <-- addtional path (note the a flag indicating this)
<...snip...>
觀察在枝葉上,我們看到4個BGP預設路由
Leaf-01#sh bgp l2vpn evpn
BGP table version is 63, local router ID is 172.16.255.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf green)
* i [5][1:1][0][0][0.0.0.0]/17
172.16.254.7 0 100 0 ?
* ia 172.16.254.7 0 100 0 ?
*>i 172.16.254.6 0 100 0 ?
* i 172.16.254.6 0 100 0 ?
<...snip...>
Leaf-01#sh bgp l2vpn evpn route-type 5 0 0.0.0.0 0
BGP routing table entry for [5][1:1][0][0][0.0.0.0]/17, version 64
Paths: (4 available, best #3, table EVPN-BGP-Table)
Not advertised to any peer
Refresh Epoch 4
Local
172.16.254.7 (metric 3) (via default) from 172.16.255.2 (172.16.255.2)
Origin incomplete, metric 0, localpref 100, valid, internal
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, VNI Label 50901, MPLS VPN Label 0
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD68.E548
Originator: 172.16.255.7, Cluster list: 172.16.255.2
rx pathid: 0x1, tx pathid: 0
Updated on Aug 24 2022 16:52:56 UTC
Refresh Epoch 1
Local
172.16.254.7 (metric 3) (via default) from 172.16.255.1 (172.16.255.1)
Origin incomplete, metric 0, localpref 100, valid, internal
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, VNI Label 50901, MPLS VPN Label 0
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD68.E548
Originator: 172.16.255.7, Cluster list: 172.16.255.1
rx pathid: 0x1, tx pathid: 0
Updated on Aug 24 2022 16:49:48 UTC
Refresh Epoch 1
Local
172.16.254.6 (metric 3) (via default) from 172.16.255.1 (172.16.255.1)
Origin incomplete, metric 0, localpref 100, valid, internal, best
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, VNI Label 50901, MPLS VPN Label 0
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD67.EF48
Originator: 172.16.255.6, Cluster list: 172.16.255.1
rx pathid: 0x0, tx pathid: 0x0
Updated on Aug 24 2022 16:49:48 UTC
Refresh Epoch 4
Local
172.16.254.6 (metric 3) (via default) from 172.16.255.2 (172.16.255.2)
Origin incomplete, metric 0, localpref 100, valid, internal
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, VNI Label 50901, MPLS VPN Label 0
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD67.EF48
Originator: 172.16.255.6, Cluster list: 172.16.255.2
rx pathid: 0x0, tx pathid: 0
Updated on Aug 24 2022 16:52:56 UTC
枝葉上的配置如下所示
router bgp 65001 ! <...snip...> ! address-family l2vpn evpn bgp additional-paths receive <...snip...> ! address-family ipv4 vrf green import path selection all maximum-paths ibgp 2 <...snip...>
驗證枝葉路由表上我們看到兩條到達兩個邊界的路由
Leaf-01#show ip route vrf green
Routing Table: green
<...snip...>
Gateway of last resort is 172.16.254.7 to network 0.0.0.0
B* 0.0.0.0/0 [200/0] via 172.16.254.7, 00:02:15, Vlan901
[200/0] via 172.16.254.6, 00:02:15, Vlan901
<...snip...>
Leaf-01#show ip cef vrf green 0.0.0.0/0
0.0.0.0/0
nexthop 172.16.254.6 Vlan901
nexthop 172.16.254.7 Vlan901
觀察在丟失Border-01的預設路由時會發生的情況。
Border-01#show ip route vrf vrf-service 0.0.0.0 Routing Table: vrf-service % Network not in table
跟蹤關閉
Border-01#show track 1
Track 1
IP route 0.0.0.0 0.0.0.0 reachability
Reachability is Down (no ip route)
5 changes, last change 00:00:56
VPN Routing/Forwarding table "vrf-service"
First-hop interface is unknown
Tracked by:
Static IP Routing 0
在脊椎上,我們只看到來自Border-02的路由
Spine-01#show bgp l2vpn evpn
BGP table version is 27, local router ID is 172.16.255.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1
* i [5][1:1][0][0][0.0.0.0]/17
172.16.254.7 0 100 0 ?
*>i 172.16.254.7 0 100 0 ?
<...snip...>
在枝葉上,我們只看到來自Border-02的路由
Leaf-01#show bgp l2vpn evpn
BGP table version is 68, local router ID is 172.16.255.3
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1:1 (default for vrf green)
*>i [5][1:1][0][0][0.0.0.0]/17
172.16.254.7 0 100 0 ?
* i 172.16.254.7 0 100 0 ?
<...snip...>
Leaf-01#sh bgp l2vpn evpn route-type 5 0 0.0.0.0 0
BGP routing table entry for [5][1:1][0][0][0.0.0.0]/17, version 68
Paths: (2 available, best #1, table EVPN-BGP-Table)
Not advertised to any peer
Refresh Epoch 1
Local
172.16.254.7 (metric 3) (via default) from 172.16.255.1 (172.16.255.1)
Origin incomplete, metric 0, localpref 100, valid, internal, best
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, VNI Label 50901, MPLS VPN Label 0
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD68.E548
Originator: 172.16.255.7, Cluster list: 172.16.255.1
rx pathid: 0x0, tx pathid: 0x0
Updated on Aug 24 2022 17:17:31 UTC
Refresh Epoch 4
Local
172.16.254.7 (metric 3) (via default) from 172.16.255.2 (172.16.255.2)
Origin incomplete, metric 0, localpref 100, valid, internal
EVPN ESI: 00000000000000000000, Gateway Address: 0.0.0.0, VNI Label 50901, MPLS VPN Label 0
Extended Community: RT:1:1 ENCAP:8 Router MAC:0C75.BD68.E548
Originator: 172.16.255.7, Cluster list: 172.16.255.2
rx pathid: 0x0, tx pathid: 0
Updated on Aug 24 2022 17:17:31 UTC
路由表中和Leaf-01上的CEF中僅存在一條路由
Leaf-01#show ip route vrf green Routing Table: green <...snip...> Gateway of last resort is 172.16.254.7 to network 0.0.0.0 B* 0.0.0.0/0 [200/0] via 172.16.254.7, 00:04:02, Vlan901 <...snip...> Leaf-01#show ip cef vrf green 0.0.0.0/0 0.0.0.0/0 nexthop 172.16.254.7 Vlan901
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
08-Feb-2023 |
初始版本 |
意見