【Nexus】Part 8 – EVPN/VXLAN vPC MH
今回はNXOSにおいてEVPN/VXLANでマルチホーミングを行うためにリーフスイッチ上でvPCを構成してみます。
*Nexus9000vシリーズの記事のまとめはこちらから
*Nexus 9000vはversion 9.3(1)を元に動作確認を行っています。
EVPN/VXLAN vPCマルチホーミグ構成
前回同様、Loopbackアドレスの配布のためアンダーレイプロトコルには、物理IPでのBGP peer(address-family ipv4)を確立しています。
vPCを利用するに当たっては、以下のドキュメントの通り、収束時間の改善のためにアンダーレイ用のLoopback0のほかに、VTEP用のLoopback100を定義しています。
Nexus9000シリーズ: vPC と VXLAN 併用時の収束時間について
https://community.cisco.com/t5/%E3%83%87%E3%83%BC%E3%82%BF%E3%82%BB%E3%83%B3%E3%82%BF%E3%83%BC-%E3%83%89%E3%82%AD%E3%83%A5%E3%83%A1%E3%83%B3%E3%83%88/nexus9000%E3%82%B7%E3%83%AA%E3%83%BC%E3%82%BA-vpc-%E3%81%A8-vxlan-%E4%BD%B5%E7%94%A8%E6%99%82%E3%81%AE%E5%8F%8E%E6%9D%9F%E6%99%82%E9%96%93%E3%81%AB%E3%81%A4%E3%81%84%E3%81%A6/ta-p/3722354
またLoopback100については、以下のドキュメントを参考に、セカンダリIPで定義して網側へのVIPとして利用しています。
Advertising Primary IP Address
On a vPC enabled leaf or border leaf switch, by default all Layer-3 routes are advertised with the secondary IP address (VIP) of the leaf switch VTEP as the BGP next-hop IP address. Prefix routes and leaf switch generated routes are not synced between vPC leaf switches. Using the VIP as the BGP next-hop for these types of routes can cause traffic to be forwarded to the wrong vPC leaf or border leaf switch and black-holed. The provision to use the primary IP address (PIP) as the next-hop when advertising prefix routes or loopback interface routes in BGP on vPC enabled leaf or border leaf switches allows users to select the PIP as BGP next-hop when advertising these types of routes, so that traffic will always be forwarded to the right vPC enabled leaf or border leaf switch.
https://www.cisco.com/c/en/us/td/docs/switches/datacenter/nexus9000/sw/93x/vxlan/configuration/guide/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x/b-cisco-nexus-9000-series-nx-os-vxlan-configuration-guide-93x_chapter_01000.html
Port-Channelについては、こちらの利用環境上でLACPフレームを透過しないためスタティックを設定しています。
ただし、peer-linkについてはコンフィグレーションガイド上ではLACPを設定していますのでLACPが推奨と考えられます。
アンダーレイ構成図
オーバレイ構成図
確認項目
各端末間で疎通できることを確認
各機器のコンフィグクレーション
NXOS1 – Spine1
hostname NXOS1
nv overlay evpn
feature bgp
route-map permitall permit 10
set ip next-hop unchanged
interface Ethernet1/1
no switchport
mac-address 5000.0003.0001
ip address 192.168.1.42/24
no shutdown
interface Ethernet1/2
no switchport
mac-address 5000.0003.0001
ip address 192.168.3.42/24
no shutdown
interface Ethernet1/3
no switchport
mac-address 5000.0003.0001
ip address 192.168.5.42/24
no shutdown
interface loopback0
ip address 10.1.1.1/32
router bgp 100
router-id 10.1.1.1
address-family ipv4 unicast
network 10.1.1.1/32
address-family l2vpn evpn
nexthop route-map permitall
retain route-target all
neighbor 30.1.1.1
remote-as 200
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
disable-peer-as-check
send-community extended
route-map permitall out
neighbor 40.1.1.1
remote-as 200
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
disable-peer-as-check
send-community extended
route-map permitall out
neighbor 40.1.1.2
remote-as 200
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
disable-peer-as-check
send-community extended
route-map permitall out
neighbor 192.168.1.43
remote-as 200
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
neighbor 192.168.3.43
remote-as 200
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
neighbor 192.168.5.43
remote-as 200
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
NXOS2 – Spine2
hostname NXOS2
nv overlay evpn
feature bgp
route-map permitall permit 10
set ip next-hop unchanged
interface Ethernet1/1
no switchport
mac-address 5000.0003.0002
ip address 192.168.2.42/24
no shutdown
interface Ethernet1/2
no switchport
mac-address 5000.0003.0002
ip address 192.168.4.42/24
no shutdown
interface Ethernet1/3
no switchport
mac-address 5000.0003.0002
ip address 192.168.6.42/24
no shutdown
interface loopback0
ip address 20.1.1.1/32
router bgp 100
router-id 20.1.1.1
address-family ipv4 unicast
network 20.1.1.1/32
address-family l2vpn evpn
retain route-target all
neighbor 30.1.1.1
remote-as 200
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
disable-peer-as-check
send-community extended
route-map permitall out
neighbor 40.1.1.1
remote-as 200
ebgp-multihop 3
address-family l2vpn evpn
disable-peer-as-check
send-community extended
route-map permitall out
neighbor 40.1.1.2
remote-as 200
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
disable-peer-as-check
send-community extended
route-map permitall out
neighbor 192.168.2.43
remote-as 200
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
neighbor 192.168.4.43
remote-as 200
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
neighbor 192.168.6.43
remote-as 200
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
NXOS3 – Leaf1
hostname NXOS3
nv overlay evpn
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature nv overlay
fabric forwarding anycast-gateway-mac 0000.2222.3333
vlan 1,101,1001-1002
vlan 101
vn-segment 900001
vlan 1001
vn-segment 2001001
vlan 1002
vn-segment 2001002
vrf context vxlan-900001
vni 900001
rd auto
address-family ipv4 unicast
route-target import 65535:101
route-target import 65535:101 evpn
route-target export 65535:101
route-target export 65535:101 evpn
address-family ipv6 unicast
route-target import 65535:101
route-target import 65535:101 evpn
route-target export 65535:101
route-target export 65535:101 evpn
hardware access-list tcam region vpc-convergence 256
interface Vlan101
no shutdown
vrf member vxlan-900001
ip forward
interface Vlan1001
no shutdown
vrf member vxlan-900001
ip address 4.1.1.1/24
ipv6 address 4:1:0:1::1/64
fabric forwarding mode anycast-gateway
interface Vlan1002
no shutdown
vrf member vxlan-900001
ip address 4.2.2.1/24
ipv6 address 4:2:0:1::1/64
fabric forwarding mode anycast-gateway
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 900001 associate-vrf
member vni 2001001
ingress-replication protocol bgp
member vni 2001002
ingress-replication protocol bgp
interface Ethernet1/1
no switchport
mac-address 5000.0003.0003
ip address 192.168.1.43/24
no shutdown
interface Ethernet1/2
no switchport
mac-address 5000.0003.0003
ip address 192.168.2.43/24
no shutdown
interface Ethernet1/3
switchport access vlan 1001
interface Ethernet1/4
switchport access vlan 1002
interface loopback0
ip address 30.1.1.1/32
router bgp 200
router-id 30.1.1.1
address-family ipv4 unicast
network 30.1.1.1/32
address-family l2vpn evpn
maximum-paths 64
maximum-paths ibgp 64
neighbor 10.1.1.1
remote-as 100
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
allowas-in 3
send-community extended
neighbor 20.1.1.1
remote-as 100
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
allowas-in 3
send-community extended
neighbor 192.168.1.42
remote-as 100
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
neighbor 192.168.2.42
remote-as 100
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
vrf vxlan-900001
neighbor 10.1.1.1
remote-as 100
evpn
vni 2001001 l2
rd 30.1.1.1:1001
route-target import 30.1.1.1:1001
route-target export 30.1.1.1:1001
vni 2001002 l2
rd 30.1.1.1:1002
route-target import 30.1.1.1:1002
route-target export 30.1.1.1:1002
NXOS4 – Leaf2 vPC1
hostname NXOS4
nv overlay evpn
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature nv overlay
feature vpc
fabric forwarding anycast-gateway-mac 0000.2222.3333
vlan 1,101,1001-1002
vlan 101
vn-segment 900001
vlan 1001
vn-segment 2001001
vlan 1002
vn-segment 2001002
vrf context vxlan-900001
vni 900001
rd auto
address-family ipv4 unicast
route-target import 65535:101
route-target import 65535:101 evpn
route-target export 65535:101
route-target export 65535:101 evpn
address-family ipv6 unicast
route-target import 65535:101
route-target import 65535:101 evpn
route-target export 65535:101
route-target export 65535:101 evpn
hardware access-list tcam region vpc-convergence 256
vpc domain 10
peer-switch
peer-keepalive destination 192.168.0.2
peer-gateway
auto-recovery
ipv6 nd synchronize
ip arp synchronize
interface Vlan101
no shutdown
vrf member vxlan-900001
ip forward
interface Vlan1001
no shutdown
vrf member vxlan-900001
ip address 4.1.1.1/24
ipv6 address 4:1:0:1::1/64
fabric forwarding mode anycast-gateway
interface Vlan1002
no shutdown
vrf member vxlan-900001
ip address 4.2.2.1/24
ipv6 address 4:2:0:1::1/64
fabric forwarding mode anycast-gateway
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 900001 associate-vrf
member vni 2001001
ingress-replication protocol bgp
member vni 2001002
ingress-replication protocol bgp
interface port-channel1
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
vpc 1
interface port-channel10
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
spanning-tree port type network
vpc peer-link
interface Ethernet1/1
no switchport
mac-address 5000.0003.0004
ip address 192.168.3.43/24
no shutdown
interface Ethernet1/2
no switchport
mac-address 5000.0003.0004
ip address 192.168.4.43/24
no shutdown
interface Ethernet1/3
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
channel-group 1
interface Ethernet1/6
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
channel-group 10
interface Ethernet1/7
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
channel-group 10
interface loopback0
ip address 40.1.1.1/32
interface loopback100
ip address 40.1.1.11/32
ip address 40.1.1.13/32 sec
router bgp 200
router-id 40.1.1.1
address-family ipv4 unicast
network 40.1.1.1/32
network 40.1.1.11/32
network 40.1.1.13/32
address-family l2vpn evpn
maximum-paths 64
maximum-paths ibgp 64
neighbor 10.1.1.1
remote-as 100
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
allowas-in 3
send-community extended
neighbor 20.1.1.1
remote-as 100
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
allowas-in 3
send-community extended
neighbor 192.168.3.42
remote-as 100
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
neighbor 192.168.4.42
remote-as 100
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
vrf vxlan-900001
evpn
vni 2001001 l2
rd 30.1.1.1:1001
route-target import 30.1.1.1:1001
route-target export 30.1.1.1:1001
vni 2001002 l2
rd 30.1.1.1:1002
route-target import 30.1.1.1:1002
route-target export 30.1.1.1:1002
interface mgmt0
vrf member management
ip address 192.168.0.1/24
NXOS5 – Leaf3 vPC2
hostname NXOS5
nv overlay evpn
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature nv overlay
feature vpc
fabric forwarding anycast-gateway-mac 0000.2222.3333
vlan 1,101,1001-1002
vlan 101
vn-segment 900001
vlan 1001
vn-segment 2001001
vlan 1002
vn-segment 2001002
vrf context vxlan-900001
vni 900001
rd auto
address-family ipv4 unicast
route-target import 65535:101
route-target import 65535:101 evpn
route-target export 65535:101
route-target export 65535:101 evpn
address-family ipv6 unicast
route-target import 65535:101
route-target import 65535:101 evpn
route-target export 65535:101
route-target export 65535:101 evpn
hardware access-list tcam region vpc-convergence 256
vpc domain 10
peer-switch
peer-keepalive destination 192.168.0.1
peer-gateway
auto-recovery
ipv6 nd synchronize
ip arp synchronize
interface Vlan101
no shutdown
vrf member vxlan-900001
ip forward
interface Vlan1001
no shutdown
vrf member vxlan-900001
ip address 4.1.1.1/24
ipv6 address 4:1:0:1::1/64
fabric forwarding mode anycast-gateway
interface Vlan1002
no shutdown
vrf member vxlan-900001
ip address 4.2.2.1/24
ipv6 address 4:2:0:1::1/64
fabric forwarding mode anycast-gateway
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback100
member vni 900001 associate-vrf
member vni 2001001
ingress-replication protocol bgp
member vni 2001002
ingress-replication protocol bgp
interface port-channel1
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
vpc 1
interface port-channel10
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
spanning-tree port type network
vpc peer-link
interface Ethernet1/1
no switchport
mac-address 5000.0003.0004
ip address 192.168.5.43/24
no shutdown
interface Ethernet1/2
no switchport
mac-address 5000.0003.0004
ip address 192.168.6.43/24
no shutdown
interface Ethernet1/3
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
channel-group 1
interface Ethernet1/6
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
channel-group 10
interface Ethernet1/7
switchport mode trunk
switchport trunk allowed vlan 1,1001,1002
channel-group 10
interface loopback0
ip address 40.1.1.2/32
interface loopback100
ip address 40.1.1.12/32
ip address 40.1.1.13/32 sec
router bgp 200
router-id 40.1.1.1
address-family ipv4 unicast
network 40.1.1.2/32
network 40.1.1.12/32
network 40.1.1.13/32
address-family l2vpn evpn
maximum-paths 64
maximum-paths ibgp 64
neighbor 10.1.1.1
remote-as 100
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
allowas-in 3
send-community extended
neighbor 20.1.1.1
remote-as 100
update-source loopback0
ebgp-multihop 3
address-family l2vpn evpn
allowas-in 3
send-community extended
neighbor 192.168.3.42
remote-as 100
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
neighbor 192.168.4.42
remote-as 100
address-family ipv4 unicast
allowas-in 3
disable-peer-as-check
vrf vxlan-900001
evpn
vni 2001001 l2
rd 30.1.1.1:1001
route-target import 30.1.1.1:1001
route-target export 30.1.1.1:1001
vni 2001002 l2
rd 30.1.1.1:1002
route-target import 30.1.1.1:1002
route-target export 30.1.1.1:1002
interface mgmt0
vrf member management
ip address 192.168.0.2/24
オーバレイのステータス確認
NXOS1 – Spine1
NXOS1# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 10.1.1.1, local AS number 100
BGP table version is 31, L2VPN EVPN config peers 3, capable peers 3
12 network entries and 18 paths using 3600 bytes of memory
BGP attribute entries [14/2296], BGP AS path entries [1/6]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
30.1.1.1 4 200 30 21 31 0 0 00:14:27 6
40.1.1.1 4 200 29 21 31 0 0 00:14:18 6
40.1.1.2 4 200 24 14 31 0 0 00:08:58 6
NXOS1#
NXOS1# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 31, Local Router ID is 10.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 30.1.1.1:1001
*>e[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
30.1.1.1 0 200 i
* e[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
*>e[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[4.1.1.11]/272
30.1.1.1 0 200 i
* e[2]:[0]:[0]:[48]:[0050.7966.6809]:[32]:[4.1.1.12]/272
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
*>e[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 0 200 i
* e[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
Route Distinguisher: 30.1.1.1:1002
*>e[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
30.1.1.1 0 200 i
* e[2]:[0]:[0]:[48]:[0050.7966.680a]:[0]:[0.0.0.0]/216
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
*>e[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[4.2.2.11]/272
30.1.1.1 0 200 i
* e[2]:[0]:[0]:[48]:[0050.7966.680a]:[32]:[4.2.2.12]/272
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
*>e[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 0 200 i
* e[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
NXOS1#
NXOS2 – Spine2
NXOS2# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 20.1.1.1, local AS number 100
BGP table version is 27, L2VPN EVPN config peers 3, capable peers 3
12 network entries and 18 paths using 3600 bytes of memory
BGP attribute entries [14/2296], BGP AS path entries [1/6]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
30.1.1.1 4 200 36 26 27 0 0 00:19:36 6
40.1.1.1 4 200 33 25 27 0 0 00:18:32 6
40.1.1.2 4 200 34 18 27 0 0 00:13:01 6
NXOS2#
NXOS2# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 27, Local Router ID is 20.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 30.1.1.1:1001
*>e[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
30.1.1.1 0 200 i
* e[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
*>e[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[4.1.1.11]/272
30.1.1.1 0 200 i
* e[2]:[0]:[0]:[48]:[0050.7966.6809]:[32]:[4.1.1.12]/272
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
*>e[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 0 200 i
* e[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
Route Distinguisher: 30.1.1.1:1002
*>e[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
30.1.1.1 0 200 i
* e[2]:[0]:[0]:[48]:[0050.7966.680a]:[0]:[0.0.0.0]/216
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
*>e[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[4.2.2.11]/272
30.1.1.1 0 200 i
* e[2]:[0]:[0]:[48]:[0050.7966.680a]:[32]:[4.2.2.12]/272
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
*>e[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 0 200 i
* e[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 0 200 i
*>e 40.1.1.13 0 200 i
NXOS2#
NXOS3 – Leaf1
NXOS3# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 30.1.1.1, local AS number 200
BGP table version is 22, L2VPN EVPNconfig peers 2, capable peers 2
14 network entries and 20 paths using 3840 bytes of memory
BGP attribute entries [14/2296], BGP AS path entries [1/10]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.1 4 100 32 26 22 0 0 00:19:40 6
20.1.1.1 4 100 32 26 22 0 0 00:20:23 6
NXOS3#
NXOS3# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 22, Local Router ID is 30.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 30.1.1.1:1001 (L2VNI 2001001)
*>l[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
30.1.1.1 100 32768 i
* e[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
40.1.1.13 0 100 200 i
*>e 40.1.1.13 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[4.1.1.11]/272
30.1.1.1 100 32768 i
*>e[2]:[0]:[0]:[48]:[0050.7966.6809]:[32]:[4.1.1.12]/272
40.1.1.13 0 100 200 i
* e 40.1.1.13 0 100 200 i
*>l[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 100 32768 i
* e[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 0 100 200 i
*>e 40.1.1.13 0 100 200 i
Route Distinguisher: 30.1.1.1:1002 (L2VNI 2001002)
*>l[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
30.1.1.1 100 32768 i
* e[2]:[0]:[0]:[48]:[0050.7966.680a]:[0]:[0.0.0.0]/216
40.1.1.13 0 100 200 i
*>e 40.1.1.13 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[4.2.2.11]/272
30.1.1.1 100 32768 i
* e[2]:[0]:[0]:[48]:[0050.7966.680a]:[32]:[4.2.2.12]/272
40.1.1.13 0 100 200 i
*>e 40.1.1.13 0 100 200 i
*>l[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 100 32768 i
* e[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 0 100 200 i
*>e 40.1.1.13 0 100 200 i
Route Distinguisher: 30.1.1.1:3 (L3VNI 900001)
*>e[2]:[0]:[0]:[48]:[0050.7966.6809]:[32]:[4.1.1.12]/272
40.1.1.13 0 100 200 i
*>e[2]:[0]:[0]:[48]:[0050.7966.680a]:[32]:[4.2.2.12]/272
40.1.1.13 0 100 200 i
NXOS3#
NXOS3# show system internal l2fwder mac
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 1001 0050.7966.6807 dynamic 00:18:02 F F Eth1/3
* 1002 0050.7966.680a static - F F nve-peer1 40.1.1.13
G - 5000:0003:0003 static - F F sup-eth1(R)
G 101 5000.0003.0007 static - F F sup-eth1(R)
* 1001 0050.7966.6809 static - F F nve-peer1 40.1.1.13
* 1002 0050.7966.6808 dynamic 00:07:47 F F Eth1/4
G 1001 5000.0003.0007 static - F F sup-eth1(R)
G 1002 5000.0003.0007 static - F F sup-eth1(R)
1 1 -00:00:22:22:33:33 - 1
NXOS3#
NXOS3# show ip route vrf vxlan-900001
IP Route Table for VRF "vxlan-900001"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
4.1.1.0/24, ubest/mbest: 1/0, attached
*via 4.1.1.1, Vlan1001, [0/0], 00:22:21, direct
4.1.1.1/32, ubest/mbest: 1/0, attached
*via 4.1.1.1, Vlan1001, [0/0], 00:22:21, local
4.1.1.11/32, ubest/mbest: 1/0, attached
*via 4.1.1.11, Vlan1001, [190/0], 00:17:51, hmm
4.1.1.12/32, ubest/mbest: 1/0
*via 40.1.1.13%default, [20/0], 00:06:43, bgp-200, external, tag 100 (evpn) segid: 900001 tunnelid: 0x2801010d encap: VXLAN
4.2.2.0/24, ubest/mbest: 1/0, attached
*via 4.2.2.1, Vlan1002, [0/0], 00:22:22, direct
4.2.2.1/32, ubest/mbest: 1/0, attached
*via 4.2.2.1, Vlan1002, [0/0], 00:22:22, local
4.2.2.11/32, ubest/mbest: 1/0, attached
*via 4.2.2.11, Vlan1002, [190/0], 00:06:57, hmm
4.2.2.12/32, ubest/mbest: 1/0
*via 40.1.1.13%default, [20/0], 00:17:29, bgp-200, external, tag 100 (evpn) segid: 900001 tunnelid: 0x2801010d encap: VXLAN
NXOS3#
NXOS3# show ip arp vrf vxlan-900001
Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface
IP ARP Table for context vxlan-900001
Total number of entries: 2
Address Age MAC Address Interface Flags
4.2.2.11 00:00:23 0050.7966.6808 Vlan1002
4.1.1.11 00:08:02 0050.7966.6807 Vlan1001
NXOS3#
NXOS3# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- -------------------------------------- ----- --------- -------- -----------------
nve1 40.1.1.13 Up CP 00:17:33 5000.0004.0007
NXOS3#
NXOS3# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
SU - Suppress Unknown Unicast
Xconn - Crossconnect
MS-IR - Multisite Ingress Replication
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 900001 n/a Up CP L3 [vxlan-900001]
nve1 2001001 UnicastBGP Up CP L2 [1001]
nve1 2001002 UnicastBGP Up CP L2 [1002]
NXOS3#
NXOS4 – Leaf2 vPC1
NXOS4# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 40.1.1.1, local AS number 200
BGP table version is 30, L2VPN EVPN config peers 2, capable peers 2
14 network entries and 20 paths using 3840 bytes of memory
BGP attribute entries [14/2296], BGP AS path entries [1/10]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.1 4 100 36 27 30 0 0 00:20:46 6
20.1.1.1 4 100 34 26 30 0 0 00:20:34 6
NXOS4#
NXOS4# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 30, Local Router ID is 40.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 30.1.1.1:1001 (L2VNI 2001001)
* e[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
40.1.1.13 100 32768 i
* e[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[4.1.1.11]/272
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[32]:[4.1.1.12]/272
40.1.1.13 100 32768 i
* e[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 100 32768 i
Route Distinguisher: 30.1.1.1:1002 (L2VNI 2001002)
* e[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.680a]:[0]:[0.0.0.0]/216
40.1.1.13 100 32768 i
* e[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[4.2.2.11]/272
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.680a]:[32]:[4.2.2.12]/272
40.1.1.13 100 32768 i
* e[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 100 32768 i
Route Distinguisher: 40.1.1.1:3 (L3VNI 900001)
*>e[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[4.1.1.11]/272
30.1.1.1 0 100 200 i
*>e[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[4.2.2.11]/272
30.1.1.1 0 100 200 i
NXOS4#
NXOS4# show system internal l2fwder mac
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 1001 0050.7966.6807 static - F F nve-peer1 30.1.1.1
* 1001 5000.0005.0007 static - F F Po10
* 1002 5000.0005.0007 static - F F Po10
G 101 5000.0004.0007 static - F F sup-eth1(R)
G - 5000:0004:0007 static - F F sup-eth1(R)
* 1002 0050.7966.680a dynamic 00:19:14 F F Po1
G 1001 5000.0004.0007 static - F F sup-eth1(R)
G 1002 5000.0004.0007 static - F F sup-eth1(R)
* 1001 0050.7966.6809 dynamic 00:09:00 F F Po1
G - 5000:0003:0004 static - F F sup-eth1(R)
* 1002 0050.7966.6808 static - F F nve-peer1 30.1.1.1
1 1 -00:00:22:22:33:33 - 1
NXOS4#
NXOS4# show ip route vrf vxlan-900001
IP Route Table for VRF "vxlan-900001"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
4.1.1.0/24, ubest/mbest: 1/0, attached
*via 4.1.1.1, Vlan1001, [0/0], 00:21:39, direct
4.1.1.1/32, ubest/mbest: 1/0, attached
*via 4.1.1.1, Vlan1001, [0/0], 00:21:39, local
4.1.1.11/32, ubest/mbest: 1/0
*via 30.1.1.1%default, [20/0], 00:19:07, bgp-200, external, tag 100 (evpn) segid: 900001 tunnelid: 0x1e010101 encap: VXLAN
4.1.1.12/32, ubest/mbest: 1/0, attached
*via 4.1.1.12, Vlan1001, [190/0], 00:07:59, hmm
4.2.2.0/24, ubest/mbest: 1/0, attached
*via 4.2.2.1, Vlan1002, [0/0], 00:21:39, direct
4.2.2.1/32, ubest/mbest: 1/0, attached
*via 4.2.2.1, Vlan1002, [0/0], 00:21:39, local
4.2.2.11/32, ubest/mbest: 1/0
*via 30.1.1.1%default, [20/0], 00:08:13, bgp-200, external, tag 100 (evpn) segid: 900001 tunnelid: 0x1e010101 encap: VXLAN
4.2.2.12/32, ubest/mbest: 1/0, attached
*via 4.2.2.12, Vlan1002, [190/0], 00:18:54, hmm
NXOS4#
NXOS4# show ip arp vrf vxlan-900001
Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface
IP ARP Table for context vxlan-900001
Total number of entries: 2
Address Age MAC Address Interface Flags
4.2.2.12 00:09:11 0050.7966.680a Vlan1002 +
4.1.1.12 00:01:58 0050.7966.6809 Vlan1001
NXOS4#
NXOS4# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po10 up 1,1001-1002
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
1 Po1 up success success 1,1001-1002
Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.
NXOS4#
NXOS4# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- -------------------------------------- ----- --------- -------- -----------------
nve1 30.1.1.1 Up CP 00:20:39 5000.0003.0007
NXOS4#
NXOS4# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
SU - Suppress Unknown Unicast
Xconn - Crossconnect
MS-IR - Multisite Ingress Replication
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 900001 n/a Up CP L3 [vxlan-900001]
nve1 2001001 UnicastBGP Up CP L2 [1001]
nve1 2001002 UnicastBGP Up CP L2 [1002]
NXOS4#
NXOS5 – Leaf3 vPC2
NXOS5# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 40.1.1.2, local AS number 200
BGP table version is 31, L2VPN EVPN config peers 2, capable peers 2
14 network entries and 20 paths using 3840 bytes of memory
BGP attribute entries [14/2296], BGP AS path entries [1/10]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
10.1.1.1 4 100 32 29 31 0 0 00:17:05 6
20.1.1.1 4 100 32 28 31 0 0 00:16:42 6
NXOS5#
NXOS5# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 31, Local Router ID is 40.1.1.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 30.1.1.1:1001 (L2VNI 2001001)
* e[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
40.1.1.13 100 32768 i
* e[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[4.1.1.11]/272
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[32]:[4.1.1.12]/272
40.1.1.13 100 32768 i
* e[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 100 32768 i
Route Distinguisher: 30.1.1.1:1002 (L2VNI 2001002)
* e[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.680a]:[0]:[0.0.0.0]/216
40.1.1.13 100 32768 i
* e[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[4.2.2.11]/272
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[2]:[0]:[0]:[48]:[0050.7966.680a]:[32]:[4.2.2.12]/272
40.1.1.13 100 32768 i
* e[3]:[0]:[32]:[30.1.1.1]/88
30.1.1.1 0 100 200 i
*>e 30.1.1.1 0 100 200 i
*>l[3]:[0]:[32]:[40.1.1.13]/88
40.1.1.13 100 32768 i
Route Distinguisher: 40.1.1.2:3 (L3VNI 900001)
*>e[2]:[0]:[0]:[48]:[0050.7966.6807]:[32]:[4.1.1.11]/272
30.1.1.1 0 100 200 i
*>e[2]:[0]:[0]:[48]:[0050.7966.6808]:[32]:[4.2.2.11]/272
30.1.1.1 0 100 200 i
NXOS5#
NXOS5# show system internal l2fwder mac
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 1001 0050.7966.6807 static - F F nve-peer1 30.1.1.1
G 1001 5000.0005.0007 static - F F sup-eth1(R)
G 1002 5000.0005.0007 static - F F sup-eth1(R)
* 1002 0050.7966.680a dynamic 00:10:50 F F Po1
* 1001 5000.0004.0007 static - F F Po10
* 1002 5000.0004.0007 static - F F Po10
* 1001 0050.7966.6809 dynamic 00:05:38 F F Po1
G 101 5000.0005.0007 static - F F sup-eth1(R)
G - 5000:0005:0007 static - F F sup-eth1(R)
G - 5000:0003:0004 static - F F sup-eth1(R)
* 1002 0050.7966.6808 static - F F nve-peer1 30.1.1.1
1 1 -00:00:22:22:33:33 - 1
NXOS5#
NXOS5# show ip route vrf vxlan-900001
IP Route Table for VRF "vxlan-900001"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
4.1.1.0/24, ubest/mbest: 1/0, attached
*via 4.1.1.1, Vlan1001, [0/0], 00:23:17, direct
4.1.1.1/32, ubest/mbest: 1/0, attached
*via 4.1.1.1, Vlan1001, [0/0], 00:23:17, local
4.1.1.11/32, ubest/mbest: 1/0
*via 30.1.1.1%default, [20/0], 00:16:43, bgp-200, external, tag 100 (evpn) segid: 900001 tunnelid: 0x1e010101 encap: VXLAN
4.1.1.12/32, ubest/mbest: 1/0, attached
*via 4.1.1.12, Vlan1001, [190/0], 00:09:37, hmm
4.2.2.0/24, ubest/mbest: 1/0, attached
*via 4.2.2.1, Vlan1002, [0/0], 00:23:17, direct
4.2.2.1/32, ubest/mbest: 1/0, attached
*via 4.2.2.1, Vlan1002, [0/0], 00:23:17, local
4.2.2.11/32, ubest/mbest: 1/0
*via 30.1.1.1%default, [20/0], 00:09:51, bgp-200, external, tag 100 (evpn) segid: 900001 tunnelid: 0x1e010101 encap: VXLAN
4.2.2.12/32, ubest/mbest: 1/0, attached
*via 4.2.2.12, Vlan1002, [190/0], 00:20:33, hmm
NXOS5#
NXOS5# show ip arp vrf vxlan-900001
Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface
IP ARP Table for context vxlan-900001
Total number of entries: 2
Address Age MAC Address Interface Flags
4.2.2.12 00:00:51 0050.7966.680a Vlan1002
4.1.1.12 00:01:35 0050.7966.6809 Vlan1001 +
NXOS5#
NXOS5# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 10
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Enabled, timer is off.(timeout = 240s)
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
Operational Layer3 Peer-router : Disabled
Virtual-peerlink mode : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ -------------------------------------------------
1 Po10 up 1,1001-1002
vPC status
----------------------------------------------------------------------------
Id Port Status Consistency Reason Active vlans
-- ------------ ------ ----------- ------ ---------------
1 Po1 up success success 1,1001-1002
Please check "show vpc consistency-parameters vpc <vpc-num>" for the
consistency reason of down vpc and for type-2 consistency reasons for
any vpc.
NXOS5#
NXOS5# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- -------------------------------------- ----- --------- -------- -----------------
nve1 30.1.1.1 Up CP 00:17:04 5000.0003.0007
NXOS5#
NXOS5# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
SU - Suppress Unknown Unicast
Xconn - Crossconnect
MS-IR - Multisite Ingress Replication
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 900001 n/a Up CP L3 [vxlan-900001]
nve1 2001001 UnicastBGP Up CP L2 [1001]
nve1 2001002 UnicastBGP Up CP L2 [1002]
NXOS5#
結果
問題なく各端末感で疎通できることを確認