Single-Domain SR-TE その6(LxVPN over SR)
今後、SR-TE で LxVPN を steering する必要があるため、LxVPN over SR を自分のメモ用にアウトプットします。
1. LxVPN over SR
一言でいうとオーバーレイで L3VPN 若しくは L2VPN を、アンダーレイで SR を動かすこと
2. Topology
3. Config
h_N1(主役① PEルータ)
hostname h_N1
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
!
interface 'Loopback .*'
address-family ipv4 unicast
!
!
!
end-group
!
vrf A
rd 10:1
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
!
!
!
interface Loopback0
ipv4 address 1.1.1.1 255.255.255.255
!
interface MgmtEth0/RP0/CPU0/0
shutdown
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.1.2.1 255.255.255.0
!
interface GigabitEthernet0/0/0/1.10 l2transport
encapsulation dot1q 10
!
interface GigabitEthernet0/0/0/1.20
vrf A
ipv4 address 198.51.100.1 255.255.255.0
encapsulation dot1q 20
!
interface GigabitEthernet0/0/0/2
ipv4 address 10.1.3.1 255.255.255.0
!
!
route-policy PASS
pass
end-policy
!
router isis 1
apply-group CCIE-ISIS
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 1
!
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
router bgp 10
bgp router-id 1.1.1.1
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor 6.6.6.6
remote-as 10
update-source Loopback0
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
!
vrf A
rd 10:1
address-family ipv4 unicast
!
neighbor 198.51.100.100
remote-as 100
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
!
l2vpn
xconnect group EVPN_VPWS
p2p EVPN_1
interface GigabitEthernet0/0/0/1.10
neighbor evpn evi 1010 target 60 source 10
!
!
!
!
mpls oam
!
mpls label range table 0 1001001 1001999
end
h_N2(脇役)
hostname h_N2 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 2.2.2.2 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.1.2.2 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.2.3.2 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.2.4.2 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0002.00 address-family ipv4 unicast ! interface Loopback0 address-family ipv4 unicast prefix-sid index 2 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! ! mpls oam ! mpls label range table 0 1002001 1002999 end
h_N3(脇役)
hostname h_N3 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 3.3.3.3 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.1.3.3 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.2.3.3 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.3.5.3 255.255.255.0 ! interface GigabitEthernet0/0/0/3 ipv4 address 10.3.4.3 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0003.00 address-family ipv4 unicast ! interface Loopback0 address-family ipv4 unicast prefix-sid index 3 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/3 ! ! mpls oam ! mpls label range table 0 1003001 1003999 end
h_N4(脇役)
hostname h_N4 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 4.4.4.4 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.2.4.4 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.4.5.4 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.4.6.4 255.255.255.0 ! interface GigabitEthernet0/0/0/3 ipv4 address 10.3.4.4 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0004.00 address-family ipv4 unicast ! interface Loopback0 prefix-attributes anycast address-family ipv4 unicast prefix-sid index 4 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/3 ! ! mpls oam ! mpls label range table 0 1004001 1004999 end
h_N5(脇役)
hostname h_N5 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 5.5.5.5 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.3.5.5 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.4.5.5 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.5.6.5 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0005.00 address-family ipv4 unicast ! interface Loopback0 prefix-attributes anycast address-family ipv4 unicast prefix-sid index 5 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! ! mpls oam ! mpls label range table 0 1005001 1005999 end
h_N6(主役② PEルータ)
hostname h_N6
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
!
interface 'Loopback .*'
address-family ipv4 unicast
!
!
!
end-group
!
vrf B
rd 10:6
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
!
!
interface Loopback0
ipv4 address 6.6.6.6 255.255.255.255
!
interface MgmtEth0/RP0/CPU0/0
shutdown
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.4.6.6 255.255.255.0
!
interface GigabitEthernet0/0/0/1.10 l2transport
encapsulation dot1q 10
!
interface GigabitEthernet0/0/0/1.30
vrf B
ipv4 address 203.0.113.6 255.255.255.0
encapsulation dot1q 30
!
interface GigabitEthernet0/0/0/2
ipv4 address 10.5.6.6 255.255.255.0
!
route-policy PASS
pass
end-policy
!
router isis 1
apply-group CCIE-ISIS
net 49.0001.0000.0000.0006.00
address-family ipv4 unicast
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 6
!
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
router bgp 10
bgp router-id 6.6.6.6
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor 1.1.1.1
remote-as 10
update-source Loopback0
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
!
vrf B
rd 10:6
address-family ipv4 unicast
!
neighbor 203.0.113.200
remote-as 200
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
l2vpn
xconnect group EVPN_VPWS
p2p EVPN_1
interface GigabitEthernet0/0/0/1.10
neighbor evpn evi 1010 target 10 source 60
!
!
!
!
mpls oam
!
mpls label range table 0 1006001 1006999
end
h_CE1(準主役① CEルータ)
hostname CE1 ! no ip domain lookup ! interface Loopback0 ip address 100.100.100.100 255.255.255.255 ! interface Loopback110 ip address 1.1.1.10 255.255.255.255 ! interface GigabitEthernet1 no ip address ! interface GigabitEthernet1.10 encapsulation dot1Q 10 ip address 192.0.2.100 255.255.255.0 ! interface GigabitEthernet1.20 encapsulation dot1Q 20 ip address 198.51.100.100 255.255.255.0 ! router bgp 100 bgp router-id 100.100.100.100 bgp log-neighbor-changes network 1.1.1.10 mask 255.255.255.255 neighbor 198.51.100.1 remote-as 10 ! line con 0 exec-timeout 0 0 ! end
h_CE2(準主役② CEルータ)
hostname CE2 ! no ip domain lookup ! interface Loopback0 ip address 200.200.200.200 255.255.255.255 ! interface Loopback210 ip address 2.2.2.10 255.255.255.255 ! interface Loopback220 ip address 2.2.2.20 255.255.255.255 ! interface GigabitEthernet1 no ip address ! interface GigabitEthernet1.10 encapsulation dot1Q 10 ip address 192.0.2.200 255.255.255.0 ! interface GigabitEthernet1.30 encapsulation dot1Q 30 ip address 203.0.113.200 255.255.255.0 ! router bgp 200 bgp router-id 200.200.200.200 bgp log-neighbor-changes network 2.2.2.10 mask 255.255.255.255 network 2.2.2.20 mask 255.255.255.255 neighbor 203.0.113.6 remote-as 10 ! line con 0 exec-timeout 0 0 ! end
4. LxVPN over SR の実装
実装の流れは、① CEルータで eBGP を定義します。② Provider NW の全ノードでSegment Routing を有効にします。③ PEルータで CEルータとの vrf を定義します。 ④ PEルータで MP-BGP を定義します。⑤ PEルータで L2VPN EVPN を定義します。⑥ PEルータで L2VPN(E-LINE:VPWS)を定義します。
4.1 CEルータ(準主役)
① L2VPN と L3VPN を使い分けるために、サブインターフェースを使用します。
RP/0/RP0/CPU0:h_N1#show ip interface brief | i "Status|0/1" Sat May 20 23:36:13.212 UTC Interface IP-Address Status Protocol Vrf-Name GigabitEthernet0/0/0/1 unassigned Up Up default GigabitEthernet0/0/0/1.10 unassigned Up Up default GigabitEthernet0/0/0/1.20 198.51.100.1 Up Up A RP/0/RP0/CPU0:h_N1#
対向の CEルータも同様に定義します。
RP/0/RP0/CPU0:h_N6#show ip interface brief | i "Status|0/1" Sat May 20 23:49:16.964 UTC Interface IP-Address Status Protocol Vrf-Name GigabitEthernet0/0/0/1 unassigned Up Up default GigabitEthernet0/0/0/1.10 unassigned Up Up default GigabitEthernet0/0/0/1.30 203.0.113.6 Up Up B RP/0/RP0/CPU0:h_N6#
② CEルータ ~ PEルータ の eBGPを定義します。
router bgp 100 bgp router-id 100.100.100.100 neighbor 198.51.100.1 remote-as 10
逆サイドの CEルータも同様に eBGP を定義します。
router bgp 200 bgp router-id 200.200.200.200 neighbor 203.0.113.6 remote-as 10
③ Loopback を作成して Prefix をアドバタイズします。
interface Loopback110 ip address 1.1.1.10 255.255.255.255 ! router bgp 100 bgp router-id 100.100.100.100 network 1.1.1.10 mask 255.255.255.255 neighbor 198.51.100.1 remote-as 10
逆サイドの CEルータもLoopback を作成して Prefix をアドバタイズします。
interface Loopback210 ip address 2.2.2.10 255.255.255.255 ! interface Loopback220 ip address 2.2.2.20 255.255.255.255 ! router bgp 200 bgp router-id 200.200.200.200 network 2.2.2.10 mask 255.255.255.255 network 2.2.2.20 mask 255.255.255.255 neighbor 203.0.113.6 remote-as 10
4.2 Provider NW ルータ(主役、脇役)
全部同じダイナミックラベルだとどこでラベル付いたのか分からなくなるので、ラベル情報をカスタマイズしておきます。
ちなみに必須設定ではありません。
RP/0/RP0/CPU0:h_N1#conf Sun May 21 00:57:46.080 UTC RP/0/RP0/CPU0:h_N1(config)#mpls label range table 0 1001001 1001999 RP/0/RP0/CPU0:h_N1(config)#
ダイナミックラベルが付与されてからでは変更できないので、一番最初に実施しておかないといけません。
RP/0/RP0/CPU0:h_N6#conf Sun May 21 00:59:54.084 UTC RP/0/RP0/CPU0:h_N6(config)#mpls label range table 0 1006001 1006999 RP/0/RP0/CPU0:h_N6(config)#
ラベル:AS番号,ノード番号,001 ~ AS番号,ノード番号,999 としました。
① Segment Routing を有効にします。 忘れずに Loopback0 で prefix-sid index X を有効化します。
router isis '.*'
net 49.0001.0000.0000.000X.00
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
!
interface Loopback 0
address-family ipv4 unicast
prefix-sid index X
!
!
!
4.3 PEルータ(主役)
4.3.1 vrf
① RD,RTを定義します。
vrf A rd 10:1 address-family ipv4 unicast import route-target 200:1 ! export route-target 100:1 ! ! !
h_N6 も同様に定義します。
vrf B rd 10:6 address-family ipv4 unicast import route-target 100:1 ! export route-target 200:1 ! ! !
② インターフェースに vrf を定義します。
RP/0/RP0/CPU0:h_N1#sh run int gigabitEthernet 0/0/0/1.20 Sun May 21 01:05:19.847 UTC interface GigabitEthernet0/0/0/1.20 vrf A ipv4 address 198.51.100.1 255.255.255.0 encapsulation dot1q 20 ! RP/0/RP0/CPU0:h_N1#
h_N6 も同様に定義します。
RP/0/RP0/CPU0:h_N6#sh run int gigabitEthernet 0/0/0/1.30 Sun May 21 01:05:58.418 UTC interface GigabitEthernet0/0/0/1.30 vrf B ipv4 address 203.0.113.6 255.255.255.0 encapsulation dot1q 30 ! RP/0/RP0/CPU0:h_N6#
4.3.2 MP-BGP
① route-policy を定義します。
route-policy PASS pass end-policy !
② PEルータ ~ PEルータ の iBGP を定義します。
RP/0/RP0/CPU0:h_N1(config)#router bgp 10 RP/0/RP0/CPU0:h_N1(config-bgp)# bgp router-id 1.1.1.1 RP/0/RP0/CPU0:h_N1(config-bgp)# address-family vpnv4 unicast RP/0/RP0/CPU0:h_N1(config-bgp-af)# ! RP/0/RP0/CPU0:h_N1(config-bgp-af)# neighbor 6.6.6.6 RP/0/RP0/CPU0:h_N1(config-bgp-nbr)# remote-as 10 RP/0/RP0/CPU0:h_N1(config-bgp-nbr)# update-source Loopback0 RP/0/RP0/CPU0:h_N1(config-bgp-nbr)# address-family vpnv4 unicast RP/0/RP0/CPU0:h_N1(config-bgp-nbr-af)#
③ CEルータ ~ PEルータ の eBGP を定義します。
RP/0/RP0/CPU0:h_N1(config)#router bgp 10 RP/0/RP0/CPU0:h_N1(config-bgp)# vrf A RP/0/RP0/CPU0:h_N1(config-bgp-vrf)# rd 10:1 RP/0/RP0/CPU0:h_N1(config-bgp-vrf)# address-family ipv4 unicast RP/0/RP0/CPU0:h_N1(config-bgp-vrf-af)# ! RP/0/RP0/CPU0:h_N1(config-bgp-vrf-af)# neighbor 198.51.100.100 RP/0/RP0/CPU0:h_N1(config-bgp-vrf-nbr)# remote-as 100 RP/0/RP0/CPU0:h_N1(config-bgp-vrf-nbr)# address-family ipv4 unicast RP/0/RP0/CPU0:h_N1(config-bgp-vrf-nbr-af)# route-policy PASS in RP/0/RP0/CPU0:h_N1(config-bgp-vrf-nbr-af)# route-policy PASS out RP/0/RP0/CPU0:h_N1(config-bgp-vrf-nbr-af)#
対向のPEルータも同様に定義します。
4.3.3 L2VPN EVPN
① address-family l2vpn evpn を定義します。
RP/0/RP0/CPU0:h_N1(config)#router bgp 10 RP/0/RP0/CPU0:h_N1(config-bgp)#address-family l2vpn evpn RP/0/RP0/CPU0:h_N1(config-bgp-af)#
② 対向の PEルータとのl2vpn evpn を定義します。
RP/0/RP0/CPU0:h_N1(config)#router bgp 10 RP/0/RP0/CPU0:h_N1(config-bgp)#neighbor 6.6.6.6 RP/0/RP0/CPU0:h_N1(config-bgp-nbr)#remote-as 10 RP/0/RP0/CPU0:h_N1(config-bgp-nbr)#update-source lo0 RP/0/RP0/CPU0:h_N1(config-bgp-nbr)#address-family l2vpn evpn RP/0/RP0/CPU0:h_N1(config-bgp-nbr-af)#
対向のPEルータも同様に定義します。
4.3.4 L2VPN(E-LINE:VPWS)
① サブインターフェースにAC(attachment circuit)を付与します。
RP/0/RP0/CPU0:h_N1(config)#interface GigabitEthernet0/0/0/1.10 l2transport RP/0/RP0/CPU0:h_N1(config-subif)# encapsulation dot1q 10 RP/0/RP0/CPU0:h_N1(config-subif)#
② L2VPN(E-LINE)を定義します。
RP/0/RP0/CPU0:h_N1(config)#? l2vpn Configure l2vpn commands RP/0/RP0/CPU0:h_N1(config)#l2vpn RP/0/RP0/CPU0:h_N1(config-l2vpn)#
xconnect Group:EVPN_VPWS
p2p xconnect :EVPN_1
AC interface :GigabitEthernet0/0/0/1.10
EVI :1010
remote AC :60
local AC :10
③ cross connect のグループを定義します。
RP/0/RP0/CPU0:h_N1(config-l2vpn)#? xconnect Configure cross connect commands RP/0/RP0/CPU0:h_N1(config-l2vpn)#xconnect ? group Specify the group the cross connects belong to RP/0/RP0/CPU0:h_N1(config-l2vpn)#xconnect group ? WORD Name of the cross connects group RP/0/RP0/CPU0:h_N1(config-l2vpn)#xconnect group EVPN_VPWS RP/0/RP0/CPU0:h_N1(config-l2vpn-xc)#
④ point to point の xconnect を定義します。
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc)#? p2p Configure point to point cross connect commands RP/0/RP0/CPU0:h_N1(config-l2vpn-xc)#p2p ? WORD Name of the point to point cross connect RP/0/RP0/CPU0:h_N1(config-l2vpn-xc)#p2p EVPN_1 RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#
⑤ AC を付与するインターフェースを定義します。
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#? interface Specify the attachment circuit RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#interface ? GigabitEthernet GigabitEthernet/IEEE 802.3 interface(s) | short name is Gi RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#interface GIgabitEthernet 0/0/0/1.10 RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#
⑥ EVPN VPWS サービスを有効化する定義をします。
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#? neighbor Specify the peer to cross connect RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#neighbor ? evpn Specify the Ethernet VPN RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#neighbor evpn ? evi Ethernet VPN Identifier RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#neighbor evpn evi ? <1-65534> Ethernet VPN ID to set RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#neighbor evpn evi 1010 ? target Specify remote attachment circuit identifier RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#neighbor evpn evi 1010 target ? <1-4294967294> Remote ac-id (hex or decimal format) RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#neighbor evpn evi 1010 target 60 ? source Specify source attachment circuit identifier RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#$t 60 source ?evi 1010 target 60 source <1-4294967294> Source ac-id (hex or decimal format) RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#neighbor evpn evi 1010 target 60 source 10 RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p-pw)#
5. L3VPN 検証
5.1 VRF 確認
Topology通りに定義できていることを確認します。
RP/0/RP0/CPU0:h_N1#show vrf A
Sun May 21 01:48:05.178 UTC
VRF RD RT AFI SAFI
A 10:1
import 200:1 IPV4 Unicast
export 100:1 IPV4 Unicast
RP/0/RP0/CPU0:h_N1#
RP/0/RP0/CPU0:h_N1#show vrf A ipv4 unicast detail
Sun May 21 01:48:45.996 UTC
VRF A; RD 10:1; VPN ID not set
VRF mode: Regular
Description not set
Interfaces:
★ GigabitEthernet0/0/0/1.20
Address family IPV4 Unicast
Import VPN route-target communities:
RT:200:1
Export VPN route-target communities:
RT:100:1
No import route policy
No export route policy
RP/0/RP0/CPU0:h_N1#
対向のPEルータも確認します。
RP/0/RP0/CPU0:h_N6#show vrf B
Sun May 21 01:54:16.427 UTC
VRF RD RT AFI SAFI
B 10:6
import 100:1 IPV4 Unicast
export 200:1 IPV4 Unicast
RP/0/RP0/CPU0:h_N6#
RP/0/RP0/CPU0:h_N6#show vrf B ipv4 unicast detail
Sun May 21 01:55:03.941 UTC
VRF B; RD 10:6; VPN ID not set
VRF mode: Regular
Description not set
Interfaces:
★ GigabitEthernet0/0/0/1.30
Address family IPV4 Unicast
Import VPN route-target communities:
RT:100:1
Export VPN route-target communities:
RT:200:1
No import route policy
No export route policy
RP/0/RP0/CPU0:h_N6#
5.2 VPN 確認
PEルータ同士で vpnv4 の neighbor が張れていることを確認します。
RP/0/RP0/CPU0:h_N1#sh bgp vpnv4 unicast summary Sun May 21 06:04:07.673 UTC BGP router identifier 1.1.1.1, local AS number 10 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 24 BGP NSR Initial initsync version 8 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 24 24 24 24 24 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 6.6.6.6 0 10 329 331 24 0 0 05:13:36 2 RP/0/RP0/CPU0:h_N1#
RP/0/RP0/CPU0:h_N6#show bgp vpnv4 unicast summary Sun May 21 06:05:46.010 UTC BGP router identifier 6.6.6.6, local AS number 10 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 8 BGP NSR Initial initsync version 6 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 8 8 8 8 8 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 1.1.1.1 0 10 321 322 8 0 0 05:15:14 1 RP/0/RP0/CPU0:h_N6#
5.3 ラベル 確認
対向の CEルータから Loopback がアドバタイズされていることが確認できます。
RP/0/RP0/CPU0:h_N1#sh bgp vrf A
Sun May 21 06:07:29.480 UTC
BGP VRF A, state: Active
BGP Route Distinguisher: 10:1
VRF ID: 0x60000001
BGP router identifier 1.1.1.1, local AS number 10
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000001 RD version: 24
BGP main routing table version 24
BGP NSR Initial initsync version 8 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10:1 (default for vrf A)
*> 1.1.1.10/32 198.51.100.100 0 0 100 i
★*>i2.2.2.10/32 6.6.6.6 0 100 0 200 i
★*>i2.2.2.20/32 6.6.6.6 0 100 0 200 i
Processed 3 prefixes, 3 paths
RP/0/RP0/CPU0:h_N1#
そしてそのラベルはというと...
RP/0/RP0/CPU0:h_N1#sh bgp vrf A labels
Sun May 21 06:10:43.366 UTC
BGP VRF A, state: Active
BGP Route Distinguisher: 10:1
VRF ID: 0x60000001
BGP router identifier 1.1.1.1, local AS number 10
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000001 RD version: 24
BGP main routing table version 24
BGP NSR Initial initsync version 8 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 10:1 (default for vrf A)
*> 1.1.1.10/32 198.51.100.100 nolabel 1001005
★*>i2.2.2.10/32 6.6.6.6 1006006 nolabel
★*>i2.2.2.20/32 6.6.6.6 1006005 nolabel
Processed 3 prefixes, 3 paths
RP/0/RP0/CPU0:h_N1#
AS10 のノード06 つまり対向の PEルータで付与されたラベルが見えます。
同様に対向の PEルータも確認します。
RP/0/RP0/CPU0:h_N6#show bgp vrf B
Sun May 21 06:14:03.190 UTC
BGP VRF B, state: Active
BGP Route Distinguisher: 10:6
VRF ID: 0x60000004
BGP router identifier 6.6.6.6, local AS number 10
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000004 RD version: 8
BGP main routing table version 8
BGP NSR Initial initsync version 6 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 10:6 (default for vrf B)
★*>i1.1.1.10/32 1.1.1.1 0 100 0 100 i
*> 2.2.2.10/32 203.0.113.200 0 0 200 i
*> 2.2.2.20/32 203.0.113.200 0 0 200 i
Processed 3 prefixes, 3 paths
RP/0/RP0/CPU0:h_N6#
受信しているラベルは、1001005 のはずです。
RP/0/RP0/CPU0:h_N6#show bgp vrf B labels
Sun May 21 06:16:03.056 UTC
BGP VRF B, state: Active
BGP Route Distinguisher: 10:6
VRF ID: 0x60000004
BGP router identifier 6.6.6.6, local AS number 10
Non-stop routing is enabled
BGP table state: Active
Table ID: 0xe0000004 RD version: 8
BGP main routing table version 8
BGP NSR Initial initsync version 6 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 10:6 (default for vrf B)
★*>i1.1.1.10/32 1.1.1.1 1001005 nolabel
*> 2.2.2.10/32 203.0.113.200 nolabel 1006006
*> 2.2.2.20/32 203.0.113.200 nolabel 1006005
Processed 3 prefixes, 3 paths
RP/0/RP0/CPU0:h_N6#
5.4 疎通確認
対向の PEルータのPrefix-SID とVPN Labels がスタックされることが分かります。
CE1#traceroute 2.2.2.10 source loopback 110
Type escape sequence to abort.
Tracing the route to 2.2.2.10
VRF info: (vrf in name/id, vrf out name/id)
1 198.51.100.1 2 msec 1 msec 1 msec
2 10.1.2.2 [MPLS: Labels 16006/1006006 Exp 0] 8 msec 4 msec 3 msec
3 10.3.4.4 [MPLS: Labels 16006/1006006 Exp 0] 3 msec 3 msec
10.2.4.4 [MPLS: Labels 16006/1006006 Exp 0] 3 msec
4 10.4.6.6 [MPLS: Label 1006006 Exp 0] 3 msec 3 msec 3 msec
5 203.0.113.200 3 msec * 5 msec
CE1#
CE1#traceroute 2.2.2.20 source loopback 110
Type escape sequence to abort.
Tracing the route to 2.2.2.20
VRF info: (vrf in name/id, vrf out name/id)
1 198.51.100.1 2 msec 1 msec 1 msec
2 10.1.3.3 [MPLS: Labels 16006/1006005 Exp 0] 6 msec
10.1.2.2 [MPLS: Labels 16006/1006005 Exp 0] 4 msec 4 msec
3 10.3.5.5 [MPLS: Labels 16006/1006005 Exp 0] 5 msec
10.3.4.4 [MPLS: Labels 16006/1006005 Exp 0] 3 msec
10.3.5.5 [MPLS: Labels 16006/1006005 Exp 0] 2 msec
4 10.4.6.6 [MPLS: Label 1006005 Exp 0] 4 msec 3 msec
10.5.6.6 [MPLS: Label 1006005 Exp 0] 4 msec
5 203.0.113.200 4 msec * 5 msec
CE1#
逆サイドからも同様に確認します。
CE2#traceroute 1.1.1.10 source loopback 210
Type escape sequence to abort.
Tracing the route to 1.1.1.10
VRF info: (vrf in name/id, vrf out name/id)
1 203.0.113.6 2 msec 1 msec 1 msec
2 10.5.6.5 [MPLS: Labels 16001/1001005 Exp 0] 4 msec 3 msec 3 msec
3 10.3.4.3 [MPLS: Labels 16001/1001005 Exp 0] 3 msec
10.3.5.3 [MPLS: Labels 16001/1001005 Exp 0] 3 msec 4 msec
4 10.1.3.1 [MPLS: Label 1001005 Exp 0] 4 msec 3 msec 3 msec
5 198.51.100.100 3 msec * 6 msec
CE2#
6. L2VPN 検証
6.1 VPWS 確認
Topology通りに定義できていることを確認します。
RP/0/RP0/CPU0:h_N1#show l2vpn xconnect
Sun May 21 06:34:07.395 UTC
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed,
LU = Local Up, RU = Remote Up, CO = Connected, (SI) = Seamless Inactive
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
EVPN_VPWS EVPN_1 UP Gi0/0/0/1.10 UP EVPN 1010,60,6.6.6.6 UP
----------------------------------------------------------------------------------------
RP/0/RP0/CPU0:h_N1#
対向の PEルータも確認します。
RP/0/RP0/CPU0:h_N6#show l2vpn xconnect
Sun May 21 06:43:01.991 UTC
Legend: ST = State, UP = Up, DN = Down, AD = Admin Down, UR = Unresolved,
SB = Standby, SR = Standby Ready, (PP) = Partially Programmed,
LU = Local Up, RU = Remote Up, CO = Connected, (SI) = Seamless Inactive
XConnect Segment 1 Segment 2
Group Name ST Description ST Description ST
------------------------ ----------------------------- -----------------------------
EVPN_VPWS EVPN_1 UP Gi0/0/0/1.10 UP EVPN 1010,10,1.1.1.1 UP
----------------------------------------------------------------------------------------
RP/0/RP0/CPU0:h_N6#
6.2 VPN 確認
PEルータ同士で L2VPN EVPN の neighbor が張れていることを確認します。
RP/0/RP0/CPU0:h_N1#show bgp l2vpn evpn summary Sun May 21 06:38:54.047 UTC BGP router identifier 1.1.1.1, local AS number 10 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 12 BGP NSR Initial initsync version 1 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 12 12 12 12 12 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 6.6.6.6 0 10 364 370 12 0 0 05:48:22 1 RP/0/RP0/CPU0:h_N1#
RP/0/RP0/CPU0:h_N6#show bgp l2vpn evpn summary Sun May 21 06:47:58.078 UTC BGP router identifier 6.6.6.6, local AS number 10 BGP generic scan interval 60 secs Non-stop routing is enabled BGP table state: Active Table ID: 0x0 RD version: 0 BGP main routing table version 10 BGP NSR Initial initsync version 1 (Reached) BGP NSR/ISSU Sync-Group versions 0/0 BGP scan interval 60 secs BGP is operating in STANDALONE mode. Process RcvTblVer bRIB/RIB LabelVer ImportVer SendTblVer StandbyVer Speaker 10 10 10 10 10 0 Neighbor Spk AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down St/PfxRcd 1.1.1.1 0 10 368 369 10 0 0 05:57:26 1 RP/0/RP0/CPU0:h_N6#
St/PfxRcd 1 というのは、L2VPN EVPN の Prefix が1つがありますよと言う意味です。
6.3 ラベル確認
VPWS の詳細で確認します。
RP/0/RP0/CPU0:h_N1#show l2vpn xconnect detail
Sun May 21 06:57:29.857 UTC
Group EVPN_VPWS, XC EVPN_1, state is up; Interworking none
AC: GigabitEthernet0/0/0/1.10, state is up
Type VLAN; Num Ranges: 1
Rewrite Tags: []
VLAN ranges: [10, 10]
MTU 1504; XC ID 0x2; interworking none
Statistics:
packets: received 33, sent 30
bytes: received 2778, sent 2704
drops: illegal VLAN 0, illegal length 0
EVPN: neighbor 6.6.6.6, PW ID: evi 1010, ac-id 60, state is up ( established )
XC ID 0xa0000003
Encapsulation MPLS
Encap type Ethernet, control word disabled
Sequencing not set
Ignore MTU mismatch: Enabled
Transmit MTU zero: Enabled
LSP : Up
EVPN Local Remote
------------ ------------------------------ -----------------------------
★ Label 24004 24004
MTU 1518 unknown
Control word disabled disabled
AC ID 10 60
EVPN type Ethernet Ethernet
------------ ------------------------------ -----------------------------
Create time: 21/05/2023 06:33:56 (00:23:33 ago)
Last time status changed: 21/05/2023 06:34:01 (00:23:28 ago)
Statistics:
packets: received 30, sent 33
bytes: received 2704, sent 2778
RP/0/RP0/CPU0:h_N1#
BGP でも確認できます。
RP/0/RP0/CPU0:h_N1#show bgp l2vpn evpn labels
Sun May 21 06:59:54.074 UTC
BGP router identifier 1.1.1.1, local AS number 10
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 14
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 1.1.1.1:1010 (default for vrf VPWS:1010)
*> [1][0000.0000.0000.0000.0000][10]/120
0.0.0.0 nolabel nolabel
*>i[1][0000.0000.0000.0000.0000][60]/120
6.6.6.6 24004 nolabel
Route Distinguisher: 6.6.6.6:1010
*>i[1][0000.0000.0000.0000.0000][60]/120
6.6.6.6 24004 nolabel
Processed 3 prefixes, 3 paths
RP/0/RP0/CPU0:h_N1#
逆からも確認します。
RP/0/RP0/CPU0:h_N6#show l2vpn xconnect detail
Sun May 21 07:05:16.073 UTC
Group EVPN_VPWS, XC EVPN_1, state is up; Interworking none
AC: GigabitEthernet0/0/0/1.10, state is up
Type VLAN; Num Ranges: 1
Rewrite Tags: []
VLAN ranges: [10, 10]
MTU 1504; XC ID 0x2; interworking none
Statistics:
packets: received 24, sent 25
bytes: received 2138, sent 2120
drops: illegal VLAN 0, illegal length 0
EVPN: neighbor 1.1.1.1, PW ID: evi 1010, ac-id 10, state is up ( established )
XC ID 0xa0000003
Encapsulation MPLS
Encap type Ethernet, control word disabled
Sequencing not set
Ignore MTU mismatch: Enabled
Transmit MTU zero: Enabled
LSP : Up
EVPN Local Remote
------------ ------------------------------ -----------------------------
Label 24004 24004
MTU 1518 unknown
Control word disabled disabled
AC ID 60 10
EVPN type Ethernet Ethernet
------------ ------------------------------ -----------------------------
Create time: 21/05/2023 06:42:44 (00:22:31 ago)
Last time status changed: 21/05/2023 06:42:49 (00:22:26 ago)
Statistics:
packets: received 25, sent 24
bytes: received 2120, sent 2138
RP/0/RP0/CPU0:h_N6#
RP/0/RP0/CPU0:h_N6#show bgp l2vpn evpn labels
Sun May 21 07:05:51.613 UTC
BGP router identifier 6.6.6.6, local AS number 10
BGP generic scan interval 60 secs
Non-stop routing is enabled
BGP table state: Active
Table ID: 0x0 RD version: 0
BGP main routing table version 10
BGP NSR Initial initsync version 1 (Reached)
BGP NSR/ISSU Sync-Group versions 0/0
BGP scan interval 60 secs
Status codes: s suppressed, d damped, h history, * valid, > best
i - internal, r RIB-failure, S stale, N Nexthop-discard
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Rcvd Label Local Label
Route Distinguisher: 1.1.1.1:1010
*>i[1][0000.0000.0000.0000.0000][10]/120
1.1.1.1 24004 nolabel
Route Distinguisher: 6.6.6.6:1010 (default for vrf VPWS:1010)
*>i[1][0000.0000.0000.0000.0000][10]/120
1.1.1.1 24004 nolabel
*> [1][0000.0000.0000.0000.0000][60]/120
0.0.0.0 nolabel nolabel
Processed 3 prefixes, 3 paths
RP/0/RP0/CPU0:h_N6#
6.4 疎通確認
Provider NW を超えてCEルータ同士で疎通することができます。
CE1#traceroute 192.0.2.200 source gigabitEthernet 1.10 Type escape sequence to abort. Tracing the route to 192.0.2.200 VRF info: (vrf in name/id, vrf out name/id) 1 192.0.2.200 7 msec * 6 msec CE1# CE1#ping 192.0.2.200 source gigabitEthernet 1.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.0.2.200, timeout is 2 seconds: Packet sent with a source address of 192.0.2.100 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 5/5/6 ms CE1#
逆サイドからも同様に確認します。
CE2#traceroute 192.0.2.100 source gigabitEthernet 1.10 Type escape sequence to abort. Tracing the route to 192.0.2.100 VRF info: (vrf in name/id, vrf out name/id) 1 192.0.2.100 7 msec * 6 msec CE2# CE2#ping 192.0.2.100 source gigabitEthernet 1.10 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.0.2.100, timeout is 2 seconds: Packet sent with a source address of 192.0.2.200 !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 4/5/7 ms CE2#
7. 参考
① Configuring BGP as the Routing Protocol Between the PE and CE Routers
www.cisco.com
② EVPN-VPWS Single Homed
www.cisco.com
次回は、Automated steering(Egress PE)について記事を書きます。
最後までお読みいただきありがとうございました!
