[Nexus9Kv] LLMは構成図と概要説明だけでIPv6 Unnumbered eBGPコンフィグを自動生成してくれるのか?
久しぶりの投稿となります。
ここ数年で、LLMはものすごいスピードで進化しています。コードの世界では、LLMを利用したコード生成が当たり前になってきています。ネットワーク業界でもLLMを活用したさまざまなソリューションが、各ベンダーからリリースされてきています。
とはいえ、このような面白い進化をベンダーソリューションに任せるだけでなく、個々の組織でどこまで活用できるのか、いろいろと実験していきたいと思います。
今回のチャレンジは、
NX-OSでAll IPv6 Unnumbered eBGP(RFC5549/8950)のSpine/Leaf 3台構成のコンフィグをLLMに作ってもらう
というものです。
先に結論から言うと、わりと雑なプロンプトと構成情報でもベースとなるコンフィグは作成してくれます。ただしいくつか手直しが必要となりました。
構成情報とプロンプト
今回は、以下のシンプルな構成で試してみたいと思います。
L2VNIを1つ作成し、オーバーレイ越しにLeaf配下のエンドポイント同士をシンプルにL2接続するためのスイッチコンフィグを生成してもらいます。
- アンダーレイ:IPv6 unnumbered eBGP
- オーバーレイ:IPv6 unnumbered eBGP VXLAN EVPN
- L2VNI:30000
LLM環境は以下です。
- ChatGPT:GPT-5.5 Thinking
プロンプト
nexus 9kvで添付の構成を元にIPv6 unnumbered bgpを利用したVXLAN EVPNのconfigを作って Nexus 9000v: version 10.6(5) NXOS14: spine NXOS15: leaf NXOS16: leaf L2 VNIでVNIは30000 NXOS15:e1/7はaccess modeのvlan 10 NXOS16:e1/7はaccess modeのvlan 10 LoopbackはIPv6で
※試験後にプロンプトを見返すとN9KvのVersionは10.6(3)の間違えでした
生成されたコンフィグ
出来上がったコンフィグはこちらです。
Spine NXOS14
conf t
hostname NXOS14
feature bgp
feature nv overlay
nv overlay evpn
! IPv6 LLA / BGP unnumbered を使う場合
! 実機では copy run start + reload が必要
! Nexus 9000v では環境により不要/非対応の場合あり
hardware access-list tcam region ing-sup 768
interface Ethernet1/1
description to NXOS15 Ethernet1/1
no switchport
ipv6 enable
no shutdown
interface Ethernet1/2
description to NXOS16 Ethernet1/1
no switchport
ipv6 enable
no shutdown
interface loopback0
description SPINE_LOOPBACK
ipv6 address 2001:db8:100::14/128
no shutdown
router bgp 65000
router-id 14.14.14.14
bestpath as-path multipath-relax
address-family ipv6 unicast
network 2001:db8:100::14/128
address-family l2vpn evpn
retain route-target all
neighbor Ethernet1/1
description BGP_UNNUMBERED_TO_NXOS15
remote-as 65015
address-family ipv6 unicast
address-family l2vpn evpn
send-community
send-community extended
next-hop-unchanged
neighbor Ethernet1/2
description BGP_UNNUMBERED_TO_NXOS16
remote-as 65016
address-family ipv6 unicast
address-family l2vpn evpn
send-community
send-community extended
next-hop-unchanged
end
Leaf1 NXOS15
conf t
hostname NXOS15
feature bgp
feature nv overlay
feature vn-segment-vlan-based
feature interface-vlan
nv overlay evpn
! IPv6 LLA / BGP unnumbered を使う場合
! 実機では copy run start + reload が必要
! Nexus 9000v では環境により不要/非対応の場合あり
hardware access-list tcam region ing-sup 768
vlan 10
name VLAN10_L2VNI30000
vn-segment 30000
interface Ethernet1/1
description to NXOS14 Ethernet1/1
no switchport
ipv6 enable
no shutdown
interface Ethernet1/7
description to VPC9
switchport
switchport mode access
switchport access vlan 10
spanning-tree port type edge
no shutdown
interface loopback0
description VTEP_LOOPBACK_IPV6
ipv6 address 2001:db8:100::15/128
no shutdown
interface nve1
no shutdown
source-interface loopback0
host-reachability protocol bgp
member vni 30000
ingress-replication protocol bgp
evpn
vni 30000 l2
rd 15.15.15.15:30000
route-target import 30000:30000
route-target export 30000:30000
route-map RM_EVPN_NH permit 10
set ipv6 next-hop 2001:db8:100::15
router bgp 65015
router-id 15.15.15.15
bestpath as-path multipath-relax
address-family ipv6 unicast
network 2001:db8:100::15/128
address-family l2vpn evpn
advertise-all-vni
neighbor Ethernet1/1
description BGP_UNNUMBERED_TO_NXOS14
remote-as 65000
address-family ipv6 unicast
address-family l2vpn evpn
send-community
send-community extended
route-map RM_EVPN_NH out
end
Leaf2 NXOS16
conf t
hostname NXOS16
feature bgp
feature nv overlay
feature vn-segment-vlan-based
feature interface-vlan
nv overlay evpn
! IPv6 LLA / BGP unnumbered を使う場合
! 実機では copy run start + reload が必要
! Nexus 9000v では環境により不要/非対応の場合あり
hardware access-list tcam region ing-sup 768
vlan 10
name VLAN10_L2VNI30000
vn-segment 30000
interface Ethernet1/1
description to NXOS14 Ethernet1/2
no switchport
ipv6 enable
no shutdown
interface Ethernet1/7
description to VPC10
switchport
switchport mode access
switchport access vlan 10
spanning-tree port type edge
no shutdown
interface loopback0
description VTEP_LOOPBACK_IPV6
ipv6 address 2001:db8:100::16/128
no shutdown
interface nve1
no shutdown
source-interface loopback0
host-reachability protocol bgp
member vni 30000
ingress-replication protocol bgp
evpn
vni 30000 l2
rd 16.16.16.16:30000
route-target import 30000:30000
route-target export 30000:30000
route-map RM_EVPN_NH permit 10
set ipv6 next-hop 2001:db8:100::16
router bgp 65016
router-id 16.16.16.16
bestpath as-path multipath-relax
address-family ipv6 unicast
network 2001:db8:100::16/128
address-family l2vpn evpn
advertise-all-vni
neighbor Ethernet1/1
description BGP_UNNUMBERED_TO_NXOS14
remote-as 65000
address-family ipv6 unicast
address-family l2vpn evpn
send-community
send-community extended
route-map RM_EVPN_NH out
end
コンフィグ投入時のエラーと修正
とりあえず何も考えずに投入してみると、以下の設定がエラーではじかれてしまいました。
hardware access-list tcam region ing-sup 768
unchange-update
ipv6 enablehardwareコマンドは物理機器のコマンドとなりますので無視します。ほかはIOS系のコマンドと混同してそうです。そこで以下のCiscoドキュメントを添えて、修正するようにLLMへ入力しました。
すると以下のような修正案が返ってきました。
ipv6 enable↓
ipv6 address use-link-local-only
ipv6 nd ra-interval 4 min 3
ipv6 nd ra-lifetime 10また、以下の設定についても修正が入りました。
next-hop-unchanged↓
route-map NEXT-HOP-UNCH permit 10
set ipv6 next-hop unchangedその後もいくつかやり取りを重ね、最終的にはコンフィグが投入できる状態になりました。
修正後のコンフィグ
修正後のコンフィグはこちらです。
Spine NXOS14修正後
NXOS14# show run
!Command: show running-config
!Running configuration last done at: Sat May 30 10:40:25 2026
!Time: Sat May 30 23:51:22 2026
version 10.6(3) Bios:version
hostname NXOS14
vdc NXOS14 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature bgp
feature nv overlay
no password strength-check
username admin password 5 $5$KIHFBC$mO1JQBJsy3wnQqTTwOPbQXbC7C8m6KjTeLowOzTZg0A role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 3743A1BE85C6174BD940D1DFDCBADA6D6471 priv aes-128 366AB8E39F9C37008E5890DDCCA6826B3B03 localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vlan 1
route-map NEXT-HOP-UNCH permit 10
set ip next-hop unchanged
set ipv6 next-hop unchanged
vrf context management
interface Ethernet1/1
description to NXOS15 Ethernet1/1
no switchport
ipv6 address use-link-local-only
ipv6 nd ra-interval 4 min 3
ipv6 nd ra-lifetime 10
no shutdown
interface Ethernet1/2
description to NXOS16 Ethernet1/1
no switchport
ipv6 address use-link-local-only
ipv6 nd ra-interval 4 min 3
ipv6 nd ra-lifetime 10
no shutdown
<snip>
interface loopback0
description SPINE_LOOPBACK
ipv6 address 2001:db8:100::14/128
icam monitor scale
line console
line vty
boot nxos bootflash:/nxos64-cs.10.6.3.F.bin
router bgp 65000
router-id 14.14.14.14
bestpath as-path multipath-relax
address-family ipv6 unicast
network 2001:db8:100::14/128
address-family l2vpn evpn
retain route-target all
neighbor Ethernet1/1
remote-as 65015
description BGP_UNNUMBERED_TO_NXOS15
address-family ipv6 unicast
address-family l2vpn evpn
send-community
send-community extended
route-map NEXT-HOP-UNCH out
neighbor Ethernet1/2
remote-as 65016
description BGP_UNNUMBERED_TO_NXOS16
address-family ipv6 unicast
address-family l2vpn evpn
send-community
send-community extended
route-map NEXT-HOP-UNCH out
NXOS14#
Leaf1 NXOS15 修正後
NXOS15# show run
!Command: show running-config
!Running configuration last done at: Sat May 30 23:49:34 2026
!Time: Sat May 30 23:52:32 2026
version 10.6(3) Bios:version
hostname NXOS15
vdc NXOS15 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
no password strength-check
username admin password 5 $5$LOIPLK$YanhRSw53xdXJXiRxynYj6vWs1kgz9EhdStwCKrJ6s5 role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 01660C30A1C67DF66ACFBDE38366FADA7D1D priv aes-128 332D5960F4CE63EF12DBA4B9C836B9C32D17 localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vlan 1,10
vlan 10
name VLAN10_L2VNI30000
vn-segment 30000
route-map RM_EVPN_NH permit 10
set ipv6 next-hop 2001:db8:100::15
vrf context management
interface Vlan1
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 30000
ingress-replication protocol bgp
interface Ethernet1/1
description to NXOS14 Ethernet1/1
no switchport
ipv6 address use-link-local-only
ipv6 nd ra-interval 4 min 3
ipv6 nd ra-lifetime 10
no shutdown
<snip>
interface Ethernet1/7
description to VPC9
switchport access vlan 10
spanning-tree port type edge
<snip>
interface loopback0
description VTEP_LOOPBACK_IPV6
ipv6 address 2001:db8:100::15/128
icam monitor scale
line console
line vty
boot nxos bootflash:/nxos64-cs.10.6.3.F.bin
router bgp 65015
router-id 15.15.15.15
bestpath as-path multipath-relax
address-family ipv6 unicast
network 2001:db8:100::15/128
address-family l2vpn evpn
neighbor Ethernet1/1
remote-as 65000
description BGP_UNNUMBERED_TO_NXOS14
address-family ipv6 unicast
address-family l2vpn evpn
send-community
send-community extended
route-map RM_EVPN_NH out
evpn
vni 30000 l2
rd 15.15.15.15:30000
route-target import 30000:30000
route-target export 30000:30000
NXOS15#
Leaf2 NXOS16 修正後
NXOS16# show run
!Command: show running-config
!Running configuration last done at: Sat May 30 23:50:56 2026
!Time: Sat May 30 23:52:34 2026
version 10.6(3) Bios:version
hostname NXOS16
vdc NXOS16 id 1
limit-resource vlan minimum 16 maximum 4094
limit-resource vrf minimum 2 maximum 4096
limit-resource port-channel minimum 0 maximum 511
limit-resource m4route-mem minimum 58 maximum 58
limit-resource m6route-mem minimum 8 maximum 8
nv overlay evpn
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
no password strength-check
username admin password 5 $5$FOIMEG$ni0iwj2Wp1/jmV2grFs5tOfIEjRfbQ2OBSN/5/gF6I3 role network-admin
ip domain-lookup
copp profile strict
snmp-server user admin network-admin auth md5 530174F5905A0E7C52AEE5E6749E33ACDD1B priv aes-128 366A5F80E52C1F3AB4B4859910AE5BD03BD4 localizedV2key
rmon event 1 log trap public description FATAL(1) owner PMON@FATAL
rmon event 2 log trap public description CRITICAL(2) owner PMON@CRITICAL
rmon event 3 log trap public description ERROR(3) owner PMON@ERROR
rmon event 4 log trap public description WARNING(4) owner PMON@WARNING
rmon event 5 log trap public description INFORMATION(5) owner PMON@INFO
vlan 1,10
vlan 10
name VLAN10_L2VNI30000
vn-segment 30000
route-map RM_EVPN_NH permit 10
set ipv6 next-hop 2001:db8:100::16
vrf context management
interface Vlan1
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 30000
ingress-replication protocol bgp
interface Ethernet1/1
description to NXOS14 Ethernet1/2
no switchport
ipv6 address use-link-local-only
ipv6 nd ra-interval 4 min 3
ipv6 nd ra-lifetime 10
no shutdown
<snip>
interface Ethernet1/7
description to VPC10
switchport access vlan 10
spanning-tree port type edge
<snip>
interface mgmt0
vrf member management
interface loopback0
description VTEP_LOOPBACK_IPV6
ipv6 address 2001:db8:100::16/128
icam monitor scale
line console
line vty
boot nxos bootflash:/nxos64-cs.10.6.3.F.bin
router bgp 65016
router-id 16.16.16.16
bestpath as-path multipath-relax
address-family ipv6 unicast
network 2001:db8:100::16/128
address-family l2vpn evpn
neighbor Ethernet1/1
remote-as 65000
description BGP_UNNUMBERED_TO_NXOS14
address-family ipv6 unicast
address-family l2vpn evpn
send-community
send-community extended
route-map RM_EVPN_NH out
evpn
vni 30000 l2
rd 16.16.16.16:30000
route-target import 30000:30000
route-target export 30000:30000
NXOS16#
各ステータス
各ステータスを見ると、以下のような状況です。アンダーレイ、オーバレイともにBGPは問題なく動作し、EVPNのType-2経路はお互いに学習できています。NVEも正常にアップしています。
Spine NXOS14
NXOS14# show bgp ipv6 unicast sum
BGP summary information for VRF default, address family IPv6 Unicast
BGP router identifier 14.14.14.14, local AS number 65000
BGP table version is 13, IPv6 Unicast config peers 2, capable peers 2
3 network entries and 3 paths using 1128 bytes of memory
BGP attribute entries [3/1104], BGP AS path entries [2/12]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
fe80::520f:ff:fe00:1b08%Ethernet1/1
4 65015 828 833 13 0 0 00:00:54 1
fe80::5210:ff:fe00:1b08%Ethernet1/2
4 65016 830 832 13 0 0 00:00:55 1
NXOS14#
XOS14# show bgp l2 evpn sum
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 14.14.14.14, local AS number 65000
BGP table version is 29, L2VPN EVPN config peers 2, capable peers 2
4 network entries and 4 paths using 1456 bytes of memory
BGP attribute entries [4/1472], BGP AS path entries [2/12]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
fe80::520f:ff:fe00:1b08%Ethernet1/1
4 65015 828 833 29 0 0 00:00:54 2
fe80::5210:ff:fe00:1b08%Ethernet1/2
4 65016 830 832 29 0 0 00:00:55 2
Neighbor T AS Type-1 Type-2 Type-3 Type-4 Type-5 Type-6 Type-7 Type-8 Type-12
fe80::520f:ff:fe00:1b08
I 65015 0 1 1 0 0 0 0 0 0
fe80::5210:ff:fe00:1b08
I 65016 0 1 1 0 0 0 0 0 0
NXOS14#
Leaf1 NXOS15
NXOS15# show ipv6 route
IPv6 Routing Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
2001:db8:100::14/128, ubest/mbest: 1/0
*via fe80::520e:ff:fe00:1b08, Eth1/1, [20/0], 00:02:17, bgp-65015, external, tag 65000
2001:db8:100::15/128, ubest/mbest: 2/0, attached
*via 2001:db8:100::15, Lo0, [0/0], 13:37:06, direct
*via 2001:db8:100::15, Lo0, [0/0], 13:37:06, local
2001:db8:100::16/128, ubest/mbest: 1/0
*via fe80::520e:ff:fe00:1b08, Eth1/1, [20/0], 00:02:17, bgp-65015, external, tag 65000
NXOS15#
NXOS15# show bgp ipv6 unicast sum
BGP summary information for VRF default, address family IPv6 Unicast
BGP router identifier 15.15.15.15, local AS number 65015
BGP table version is 12, IPv6 Unicast config peers 1, capable peers 1
3 network entries and 3 paths using 1128 bytes of memory
BGP attribute entries [3/1104], BGP AS path entries [2/16]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
fe80::520e:ff:fe00:1b08%Ethernet1/1
4 65000 839 823 12 0 0 00:02:17 2
NXOS15#
NXOS15# show bgp l2 evpn sum
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 15.15.15.15, local AS number 65015
BGP table version is 31, L2VPN EVPN config peers 1, capable peers 1
6 network entries and 6 paths using 1976 bytes of memory
BGP attribute entries [6/2208], BGP AS path entries [1/10]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
fe80::520e:ff:fe00:1b08%Ethernet1/1
4 65000 839 823 31 0 0 00:02:17 2
Neighbor T AS Type-1 Type-2 Type-3 Type-4 Type-5 Type-6 Type-7 Type-8 Type-12
fe80::520e:ff:fe00:1b08
I 65000 0 1 1 0 0 0 0 0 0
NXOS15# show bgp l2 evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 31, Local Router ID is 15.15.15.15
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 15.15.15.15:30000 (L2VNI 30000)
*>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
2001:db8:100::15
100 32768 i
*>e[2]:[0]:[0]:[48]:[0050.7966.680a]:[0]:[0.0.0.0]/216
2001:db8:100::16
0 65000 65016 i
*>l[3]:[0]:[128]:[2001:db8:100::15]/184
2001:db8:100::15
100 32768 i
*>e[3]:[0]:[128]:[2001:db8:100::16]/184
2001:db8:100::16
0 65000 65016 i
Route Distinguisher: 16.16.16.16:30000
*>e[2]:[0]:[0]:[48]:[0050.7966.680a]:[0]:[0.0.0.0]/216
2001:db8:100::16
0 65000 65016 i
*>e[3]:[0]:[128]:[2001:db8:100::16]/184
2001:db8:100::16
0 65000 65016 i
NXOS15#
NXOS15# show nve peer
Interface Peer-IP State LearnType Uptime Router-Mac
--------- -------------------------------------- ----- --------- -------- -----------------
nve1 2001:db8:100::16 Up CP 00:02:16 n/a
NXOS15# show nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
VPC Capability: VPC-VIP-Only [not-notified]
Local Router MAC: 500f.0000.1b08
Host Learning Mode: Control-Plane
Source-Interface: loopback0 (primary: 2001:db8:100::15, secondary: 0.0.0.0)
NXOS15#
NXOS15# show mac add
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
(NA)- Not Applicable A - ESI Active Path, S - ESI Standby Path
TL - True Learned, PS - Peer Sync, RO - Re-originate
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 10 0050.7966.6809 dynamic NA F F Eth1/7
C 10 0050.7966.680a dynamic NA F F nve1(2001:db8:100::16)
G - 500f.0000.1b08 static - F F sup-eth1(R)
NXOS15#
Leaf2 NXOS16
NXOS16# show ipv6 route
IPv6 Routing Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
2001:db8:100::14/128, ubest/mbest: 1/0
*via fe80::520e:ff:fe00:1b08, Eth1/1, [20/0], 00:01:02, bgp-65016, external, tag 65000
2001:db8:100::15/128, ubest/mbest: 1/0
*via fe80::520e:ff:fe00:1b08, Eth1/1, [20/0], 00:01:01, bgp-65016, external, tag 65000
2001:db8:100::16/128, ubest/mbest: 2/0, attached
*via 2001:db8:100::16, Lo0, [0/0], 13:35:43, direct
*via 2001:db8:100::16, Lo0, [0/0], 13:35:43, local
NXOS16#
NXOS16# show bgp ipv6 unicast sum
BGP summary information for VRF default, address family IPv6 Unicast
BGP router identifier 16.16.16.16, local AS number 65016
BGP table version is 12, IPv6 Unicast config peers 1, capable peers 1
3 network entries and 3 paths using 1128 bytes of memory
BGP attribute entries [3/1104], BGP AS path entries [2/16]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
fe80::520e:ff:fe00:1b08%Ethernet1/1
4 65000 839 824 12 0 0 00:01:02 2
NXOS16# show bgp ipv6 unicast
BGP routing table information for VRF default, address family IPv6 Unicast
BGP table version is 12, Local Router ID is 16.16.16.16
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
*>e2001:db8:100::14/128
fe80::520e:ff:fe00:1b08
0 65000 i
*>e2001:db8:100::15/128
fe80::520e:ff:fe00:1b08
0 65000 65015 i
*>l2001:db8:100::16/128
0:: 100 32768 i
NXOS16#
NXOS16# show bgp l2 evpn sum
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 16.16.16.16, local AS number 65016
BGP table version is 31, L2VPN EVPN config peers 1, capable peers 1
6 network entries and 6 paths using 1976 bytes of memory
BGP attribute entries [6/2208], BGP AS path entries [1/10]
BGP community entries [0/0], BGP clusterlist entries [0/0]
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
fe80::520e:ff:fe00:1b08%Ethernet1/1
4 65000 839 824 31 0 0 00:01:02 2
Neighbor T AS Type-1 Type-2 Type-3 Type-4 Type-5 Type-6 Type-7 Type-8 Type-12
fe80::520e:ff:fe00:1b08
I 65000 0 1 1 0 0 0 0 0 0
NXOS16# show bgp l2 evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 31, Local Router ID is 16.16.16.16
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-injected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 15.15.15.15:30000
*>e[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
2001:db8:100::15
0 65000 65015 i
*>e[3]:[0]:[128]:[2001:db8:100::15]/184
2001:db8:100::15
0 65000 65015 i
Route Distinguisher: 16.16.16.16:30000 (L2VNI 30000)
*>e[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
2001:db8:100::15
0 65000 65015 i
*>l[2]:[0]:[0]:[48]:[0050.7966.680a]:[0]:[0.0.0.0]/216
2001:db8:100::16
100 32768 i
*>e[3]:[0]:[128]:[2001:db8:100::15]/184
2001:db8:100::15
0 65000 65015 i
*>l[3]:[0]:[128]:[2001:db8:100::16]/184
2001:db8:100::16
100 32768 i
NXOS16#
NXOS16# show nve peer
Interface Peer-IP State LearnType Uptime Router-Mac
--------- -------------------------------------- ----- --------- -------- -----------------
nve1 2001:db8:100::15 Up CP 00:01:01 n/a
NXOS16# show nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
VPC Capability: VPC-VIP-Only [not-notified]
Local Router MAC: 5010.0000.1b08
Host Learning Mode: Control-Plane
Source-Interface: loopback0 (primary: 2001:db8:100::16, secondary: 0.0.0.0)
NXOS16#
NXOS16# show mac add
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan,
(NA)- Not Applicable A - ESI Active Path, S - ESI Standby Path
TL - True Learned, PS - Peer Sync, RO - Re-originate
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
C 10 0050.7966.6809 dynamic NA F F nve1(2001:db8:100::15)
* 10 0050.7966.680a dynamic NA F F Eth1/7
G - 5010.0000.1b08 static - F F sup-eth1(R)
NXOS16#
Ping試験とN9Kvで発生した事象
しかし、Leaf配下の端末から双方にPingを打ってみたところ、MACアドレスは学習しているものの片方向しか通信できませんでした。
切り分けを進めたところ、ここはN9Kvの問題でした。
キャプチャを確認すると、Unicastで送信されるARP ReplyのInner MAC Addressがなぜか書き換えられていました。以下の画面はLeafのUplinkをキャプチャしたものですが、ARPの中身と、Inner MAC address、Outer MAC addressを見るとおかしいことがわかると思います。
Cisco CMLでも試しましたが、同様の事象が発生しました。その後、実機を確保して確認したところ問題なく動作したためN9Kv側の問題であると判断しました。N9KvにおけるAll IPv6構成時のフォワーディング実装の問題なのかもしれません。
まとめ
今回の結果としては、以下のような所感です。
- コンフィグのベースは作成してくれる
- ハルシネーションにより誤ったコンフィグが生成されるため、その後のやり取りが必要
- 生成されるコンフィグの安定感はまだ低い
- 同じプロンプトでも、毎回異なるコンフィグが生成された
精度を高めるためには、当たり前のなのですが以下のような工夫が考えられます。
- プロンプトを改善する
- RAG的に、質の高いドキュメントを参照させる
ただし、IPv6 unnumberedに関する情報はドキュメントとして手薄な印象であり質の高いドキュメントがないと正解にたどりつくまで時間がかかるかもしれないです。
とはいえ、LLMによってネットワークエンジニアの生産性が上がることは間違いないと思います。今後もぜひ活用していきたいところです。