Single-Domain SR-TE その9(EVPN VPWS Preferred Path over SR-TE Policy)
EVPN VPWS Preferred Path over SR-TE Policy が理解できたので自分のメモ用にアウトプットします。
- 1. EVPN VPWS Preferred Path over SR-TE Policy
- 2. Topology
- 3. Config
- 4. EVPN VPWS Preferred Path over SR-TE Policy の実装
- 5. 検証
- 5.1 fallback enabled 検証
- 5.2 fallback disable 検証
- 6. 参考
1. EVPN VPWS Preferred Path over SR-TE Policy
一言で言うと VPWS に SR-TE を関連付けることです。
2. Topology
3. Config
h_N1(主役① PEルータ;fallback enable)
hostname h_N1
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
!
interface 'Loopback .*'
address-family ipv4 unicast
!
!
!
end-group
!
vrf A
rd 10:1
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
!
!
interface Loopback0
ipv4 address 1.1.1.1 255.255.255.255
!
interface MgmtEth0/RP0/CPU0/0
shutdown
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.1.2.1 255.255.255.0
!
interface GigabitEthernet0/0/0/1.10 l2transport
encapsulation dot1q 10
!
interface GigabitEthernet0/0/0/1.20
vrf A
ipv4 address 198.51.100.1 255.255.255.0
encapsulation dot1q 20
!
interface GigabitEthernet0/0/0/2
ipv4 address 10.1.3.1 255.255.255.0
!
interface GigabitEthernet0/0/0/3
shutdown
!
interface GigabitEthernet0/0/0/4
shutdown
!
route-policy PASS
pass
end-policy
!
router isis 1
apply-group CCIE-ISIS
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 1
!
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
router bgp 10
bgp router-id 1.1.1.1
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor 6.6.6.6
remote-as 10
update-source Loopback0
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
!
vrf A
rd 10:1
address-family ipv4 unicast
!
neighbor 198.51.100.100
remote-as 100
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
evpn
evi 100
advertise-mac
!
!
!
l2vpn
pw-class PW60000
encapsulation mpls
preferred-path sr-te policy srte_c_60000_ep_6.6.6.6 fallback enable
!
!
xconnect group EVPN_VPWS
p2p EVPN_1
interface GigabitEthernet0/0/0/1.10
neighbor evpn evi 1010 target 60 source 10
pw-class PW60000
!
!
!
!
mpls oam
!
segment-routing
traffic-eng
segment-list EVPN_VPWS_PREFER
index 10 mpls label 16002
index 20 mpls label 16003
index 30 mpls label 16004
index 40 mpls label 16005
index 50 mpls label 16006
!
policy LIGHTNING
binding-sid mpls 61000
color 60000 end-point ipv4 6.6.6.6
autoroute
include ipv4 6.6.6.6/32
!
candidate-paths
preference 100
explicit segment-list EVPN_VPWS_PREFER
!
!
!
!
!
!
mpls label range table 0 1001001 1001999
end
h_N1(主役① PEルータ;fallback disable)
hostname h_N1
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
!
interface 'Loopback .*'
address-family ipv4 unicast
!
!
!
end-group
!
vrf A
rd 10:1
address-family ipv4 unicast
import route-target
200:1
!
export route-target
100:1
!
!
!
interface Loopback0
ipv4 address 1.1.1.1 255.255.255.255
!
interface MgmtEth0/RP0/CPU0/0
shutdown
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.1.2.1 255.255.255.0
!
interface GigabitEthernet0/0/0/1.10 l2transport
encapsulation dot1q 10
!
interface GigabitEthernet0/0/0/1.20
vrf A
ipv4 address 198.51.100.1 255.255.255.0
encapsulation dot1q 20
!
interface GigabitEthernet0/0/0/2
ipv4 address 10.1.3.1 255.255.255.0
!
interface GigabitEthernet0/0/0/3
shutdown
!
interface GigabitEthernet0/0/0/4
shutdown
!
route-policy PASS
pass
end-policy
!
router isis 1
apply-group CCIE-ISIS
net 49.0001.0000.0000.0001.00
address-family ipv4 unicast
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 1
!
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
router bgp 10
bgp router-id 1.1.1.1
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor 6.6.6.6
remote-as 10
update-source Loopback0
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
!
vrf A
rd 10:1
address-family ipv4 unicast
!
neighbor 198.51.100.100
remote-as 100
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
evpn
evi 100
advertise-mac
!
!
!
l2vpn
pw-class PW60000
encapsulation mpls
preferred-path sr-te policy srte_c_60000_ep_6.6.6.6 fallback disable
!
!
xconnect group EVPN_VPWS
p2p EVPN_1
interface GigabitEthernet0/0/0/1.10
neighbor evpn evi 1010 target 60 source 10
pw-class PW60000
!
!
!
!
mpls oam
!
segment-routing
traffic-eng
segment-list EVPN_VPWS_PREFER
index 10 mpls label 16002
index 20 mpls label 16003
index 30 mpls label 16004
index 40 mpls label 16005
index 50 mpls label 16006
!
policy LIGHTNING
binding-sid mpls 61000
color 60000 end-point ipv4 6.6.6.6
autoroute
include ipv4 6.6.6.6/32
!
candidate-paths
preference 100
explicit segment-list EVPN_VPWS_PREFER
!
!
!
!
!
!
mpls label range table 0 1001001 1001999
end
h_N2(脇役)
hostname h_N2 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 2.2.2.2 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.1.2.2 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.2.3.2 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.2.4.2 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0002.00 address-family ipv4 unicast ! interface Loopback0 address-family ipv4 unicast prefix-sid index 2 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! ! mpls oam ! mpls label range table 0 1002001 1002999 end
h_N3(脇役)
hostname h_N3 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 3.3.3.3 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.1.3.3 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.2.3.3 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.3.5.3 255.255.255.0 ! interface GigabitEthernet0/0/0/3 ipv4 address 10.3.4.3 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0003.00 address-family ipv4 unicast ! interface Loopback0 address-family ipv4 unicast prefix-sid index 3 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/3 ! ! mpls oam ! mpls label range table 0 1003001 1003999 end
h_N4(脇役)
hostname h_N4 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 4.4.4.4 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.2.4.4 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.4.5.4 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.4.6.4 255.255.255.0 ! interface GigabitEthernet0/0/0/3 ipv4 address 10.3.4.4 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0004.00 address-family ipv4 unicast ! interface Loopback0 prefix-attributes anycast address-family ipv4 unicast prefix-sid index 4 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! interface GigabitEthernet0/0/0/3 ! ! mpls oam ! mpls label range table 0 1004001 1004999 end
h_N5(脇役)
hostname h_N5 group CCIE-ISIS router isis '.*' is-type level-2-only address-family ipv4 unicast metric-style wide segment-routing mpls ! interface 'Gi.*' point-to-point address-family ipv4 unicast ! ! interface 'Loopback .*' address-family ipv4 unicast ! ! ! end-group ! interface Loopback0 ipv4 address 5.5.5.5 255.255.255.255 ! interface MgmtEth0/RP0/CPU0/0 shutdown ! interface GigabitEthernet0/0/0/0 ipv4 address 10.3.5.5 255.255.255.0 ! interface GigabitEthernet0/0/0/1 ipv4 address 10.4.5.5 255.255.255.0 ! interface GigabitEthernet0/0/0/2 ipv4 address 10.5.6.5 255.255.255.0 ! router isis 1 apply-group CCIE-ISIS net 49.0001.0000.0000.0005.00 address-family ipv4 unicast ! interface Loopback0 prefix-attributes anycast address-family ipv4 unicast prefix-sid index 5 ! ! interface GigabitEthernet0/0/0/0 ! interface GigabitEthernet0/0/0/1 ! interface GigabitEthernet0/0/0/2 ! ! mpls oam ! mpls label range table 0 1005001 1005999 end
h_N6(準主役① PEルータ)
hostname h_N6
group CCIE-ISIS
router isis '.*'
is-type level-2-only
address-family ipv4 unicast
metric-style wide
segment-routing mpls
!
interface 'Gi.*'
point-to-point
address-family ipv4 unicast
!
!
interface 'Loopback .*'
address-family ipv4 unicast
!
!
!
end-group
!
vrf B
rd 10:6
address-family ipv4 unicast
import route-target
100:1
!
export route-target
200:1
!
!
!
interface Loopback0
ipv4 address 6.6.6.6 255.255.255.255
!
interface MgmtEth0/RP0/CPU0/0
shutdown
!
interface GigabitEthernet0/0/0/0
ipv4 address 10.4.6.6 255.255.255.0
!
interface GigabitEthernet0/0/0/1.10 l2transport
encapsulation dot1q 10
!
interface GigabitEthernet0/0/0/1.30
vrf B
ipv4 address 203.0.113.6 255.255.255.0
encapsulation dot1q 30
!
interface GigabitEthernet0/0/0/2
ipv4 address 10.5.6.6 255.255.255.0
!
interface GigabitEthernet0/0/0/3
shutdown
!
interface GigabitEthernet0/0/0/4
shutdown
!
route-policy PASS
pass
end-policy
!
router isis 1
apply-group CCIE-ISIS
net 49.0001.0000.0000.0006.00
address-family ipv4 unicast
!
interface Loopback0
address-family ipv4 unicast
prefix-sid index 6
!
!
interface GigabitEthernet0/0/0/0
!
interface GigabitEthernet0/0/0/2
!
!
router bgp 10
bgp router-id 6.6.6.6
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
neighbor 1.1.1.1
remote-as 10
update-source Loopback0
address-family vpnv4 unicast
!
address-family l2vpn evpn
!
!
vrf B
rd 10:6
address-family ipv4 unicast
!
neighbor 203.0.113.200
remote-as 200
address-family ipv4 unicast
route-policy PASS in
route-policy PASS out
!
!
!
!
evpn
evi 100
advertise-mac
!
!
!
l2vpn
xconnect group EVPN_VPWS
p2p EVPN_1
interface GigabitEthernet0/0/0/1.10
neighbor evpn evi 1010 target 10 source 60
!
!
!
!
mpls oam
!
mpls label range table 0 1006001 1006999
end
h_CE1(準主役② CEルータ)
hostname CE1 ! no ip domain lookup ! interface Loopback0 ip address 100.100.100.100 255.255.255.255 ! interface Loopback110 ip address 1.1.1.10 255.255.255.255 ! interface GigabitEthernet1 no ip address ! interface GigabitEthernet1.10 encapsulation dot1Q 10 ip address 192.0.2.100 255.255.255.0 ! interface GigabitEthernet1.20 encapsulation dot1Q 20 ip address 198.51.100.100 255.255.255.0 ! router bgp 100 bgp router-id 100.100.100.100 bgp log-neighbor-changes network 1.1.1.10 mask 255.255.255.255 neighbor 198.51.100.1 remote-as 10 ! line con 0 exec-timeout 0 0 ! end
h_CE2(準主役③ CEルータ)
hostname CE2 ! no ip domain lookup ! interface Loopback0 ip address 200.200.200.200 255.255.255.255 ! interface Loopback210 ip address 2.2.2.10 255.255.255.255 ! interface Loopback220 ip address 2.2.2.20 255.255.255.255 ! interface GigabitEthernet1 no ip address ! interface GigabitEthernet1.10 encapsulation dot1Q 10 ip address 192.0.2.200 255.255.255.0 ! interface GigabitEthernet1.30 encapsulation dot1Q 30 ip address 203.0.113.200 255.255.255.0 ! router bgp 200 bgp router-id 200.200.200.200 bgp log-neighbor-changes network 2.2.2.10 mask 255.255.255.255 network 2.2.2.20 mask 255.255.255.255 neighbor 203.0.113.6 remote-as 10 ! line con 0 exec-timeout 0 0 ! end
4. EVPN VPWS Preferred Path over SR-TE Policy の実装
L2VPN が実装されている前提で話を進めます。 → Single-Domain SR-TE その6(LxVPN over SR)完了した状態からスタートします。
実装の流れは、① Head-end で explicit Path を定義し、② SR-TEのポリシーを定義します。③ 経路(Candidate-paths)の候補を②で指定した path list から選択します。
④ Head-end で Pseudowire class template を定義し、⑤ L2VPN(E-LINE) で Pseudowire class template を指定します。
4.1 PEルータ(Head-end)
4.1.1 explicit Path の定義
① Segment Routing を定義します。
RP/0/RP0/CPU0:h_N1(config)# segment-routing Segment Routing
② Segment Routing で Traffic Engineering を定義します。
RP/0/RP0/CPU0:h_N1(config-sr)#? traffic-eng Segment Routing Traffic Engineering
③ Segment-list configuration でSegment-list名(任意:EVPN_VPWS_PREFER)を定義します。
RP/0/RP0/CPU0:h_N1(config-sr-te)#? segment-list Segment-list configuration RP/0/RP0/CPU0:h_N1(config-sr-te)#segment-list ? name Segment-list name WORD Identifying name for segment-list RP/0/RP0/CPU0:h_N1(config-sr-te)#segment-list EVPN_VPWS_PREFER
④ SR-TEで経路を明示的に定義します。
RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#? index Next entry index RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index ? <1-65535> Index number RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index 10 ? mpls MPLS configuration RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index 10 mpls ? label MPLS label configuration RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index 10 mpls label ? <0-1048575> MPLS label value RP/0/RP0/CPU0:h_N1(config-sr-te-sl)#index 10 mpls label 16002
EVPN_VPWS_PREFER N1→N2→N3→N4→N5→N6 を作ります。
segment-routing traffic-eng segment-list EVPN_VPWS_PREFER index 10 mpls label 16002 index 20 mpls label 16003 index 30 mpls label 16004 index 40 mpls label 16005 index 50 mpls label 16006 ! ! !
4.1.2 SR-TE Policy の定義
SR-TE Policy を以下のように定義します。
a) ポリシー名 :LIGHTNING
b) B-SID(任意):61000
c) color :60000
d) Tail-End :6.6.6.6(h_N6)
SR-TEは、a)ポリシー名とc)カラー、d)Tail-Endの指定が必須です。
① 先ずはポリシー名を定義します。
RP/0/RP0/CPU0:h_N1(config-sr-te)#policy ? WORD Identifying name for policy with max 59 characters RP/0/RP0/CPU0:h_N1(config-sr-te)#policy LIGHTNING
② B-SID(binding-sid)は任意設定です。 ※ SR-TE Policy自体に割り当てられたSIDをB-SID(binding-sid)と呼びます。
RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#? binding-sid Binding Segment Identifier RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#binding-sid ? mpls MPLS label RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#binding-sid mpls ? <16-1048575> MPLS label RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#binding-sid mpls 61000
③ 次にカラーとTail-Endを指定します。
RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#? color Specify color for policy RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color ? <1-4294967295> Color value RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color 60000 ? end-point Policy endpoint RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color 60000 end-point ? ipv4 IPv4 address RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color 60000 end-point ipv4 ? A.B.C.D IPv4 endpoint address RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#color 60000 end-point ipv4 6.6.6.6 ? <cr>
④ SR-TEポリシーで作成したLSP経由でパケットを転送させるため、autorouteを定義します。
端的に言うと、For traffic steering toward h_N6 ってことです。
RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#? autoroute Autoroute configuration RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#autoroute RP/0/RP0/CPU0:h_N1(config-sr-te-policy-autoroute)#? include Prefixes for which IGP routes will be installed RP/0/RP0/CPU0:h_N1(config-sr-te-policy-autoroute)#include ? all Include all eligible prefixes ipv4 IPv4 address family RP/0/RP0/CPU0:h_N1(config-sr-te-policy-autoroute)#include ipv4 ? A.B.C.D/length IP prefix route to include RP/0/RP0/CPU0:h_N1(config-sr-te-policy-autoroute)#include ipv4 6.6.6.6/32
4.1.3 Candidate-paths の定義
Candidate-paths を以下のように定義します。
a) preference :100
b) explicit path :EVPN_VPWS_PREFER
preference と指定する経路リストをセットで指定します。
RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#? candidate-paths Candidate-paths configuration RP/0/RP0/CPU0:h_N1(config-sr-te-policy)#candidate-paths RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path)#? preference Policy path-option preference entry RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path)#preference ? <1-65535> Path-option preference RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path)#preference 100 RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path-pref)#? explicit Preconfigured path RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path-pref)#explicit ? segment-list Specify Segment-list RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path-pref)#explicit segment-list ? EXPLICIT_LIST Identifying name for segment-list WORD Identifying name for segment-list RP/0/RP0/CPU0:h_N1(config-sr-te-policy-path-pref)#explicit segment-list EVPN_VPWS_PREFER
4.1.4 Pseudowire class template の定義
① 事前に SR-TE のポリシー名を控えておきます。 今回は”srte_c_60000_ep_6.6.6.6 ”です。
RP/0/RP0/CPU0:h_N1#show segment-routing traffic-eng policy candidate-path name LIGHTNING | i Name
Sun May 28 15:34:47.209 UTC
★ Name: srte_c_60000_ep_6.6.6.6
Name: LIGHTNING
RP/0/RP0/CPU0:h_N1#
② L2VPN の Pseudowire class で優先させる SR-TE を指定します。
途中、①で控えた SR-TE のポリシー名を使います★
RP/0/RP0/CPU0:h_N1(config)#?
l2vpn Configure l2vpn commands
RP/0/RP0/CPU0:h_N1(config-l2vpn)#?
pw-class Pseudowire class template
RP/0/RP0/CPU0:h_N1(config-l2vpn)#pw-class ?
WORD Pseudowire-class name (Max character length: 32)
RP/0/RP0/CPU0:h_N1(config-l2vpn)#pw-class PW60000
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc)#?
encapsulation Pseudowire encapsulation
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc)#encapsulation ?
mpls Set pseudowire encapsulation to MPLS
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc)#encapsulation mpls
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#?
preferred-path Preferred path tunnel settings
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#preferred-path ?
sr-te Use segment-routing traffic-engineering for preferred path
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#preferred-path sr-te ?
policy Specify SR TE policy for preferred path
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#preferred-path sr-te policy ?
WORD Name of SR TE policy
★ RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#preferred-path sr-te policy srte_c_60000_ep_6.6.6.6
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#show
Sun May 28 15:48:27.562 UTC
l2vpn
pw-class PW60000
encapsulation mpls
preferred-path sr-te policy srte_c_60000_ep_6.6.6.6
!
!
!
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#commit
Sun May 28 15:48:33.683 UTC
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#
4.1.5 L2VPN(E-LINE) の定義
③ L2VPN(E-LINE)の定義に、Pseudowire class template を指定します。
xconnect Group:EVPN_VPWS
p2p xconnect :EVPN_1
AC interface :GigabitEthernet0/0/0/1.10
EVI :1010
remote AC :60
local AC :10
★ Pseudowire class:PW60000
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#exi
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc)#exi
RP/0/RP0/CPU0:h_N1(config-l2vpn)#
RP/0/RP0/CPU0:h_N1(config-l2vpn)#xconnect group EVPN_VPWS
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc)#p2p EVPN_1
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#interface GigabitEthernet 0/0/0/1.10
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p)#neighbor evpn evi 1010 target 60 sourc$
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p-pw)#?
pw-class PW class template name to use
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p-pw)#pw-class ?
WORD Pseudowire-class name
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p-pw)#pw-class PW60000
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p-pw)#show
Sun May 28 16:03:00.598 UTC
l2vpn
xconnect group EVPN_VPWS
p2p EVPN_1
neighbor evpn evi 1010 target 60 source 10
pw-class PW60000
!
!
!
!
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p-pw)#commit
Sun May 28 16:03:16.166 UTC
RP/0/RP0/CPU0:h_N1(config-l2vpn-xc-p2p-pw)#
5. 検証
5.1 fallback enabled 検証
① SR-TE Prefered path を定義する前にはなかった Preferred path Active と言う行が出現します。
RP/0/RP0/CPU0:h_N1#show l2vpn xconnect detail
Sun May 28 23:26:41.929 UTC
Group EVPN_VPWS, XC EVPN_1, state is up; Interworking none
AC: GigabitEthernet0/0/0/1.10, state is up
Type VLAN; Num Ranges: 1
Rewrite Tags: []
VLAN ranges: [10, 10]
MTU 1504; XC ID 0x2; interworking none
Statistics:
packets: received 10113, sent 5077
bytes: received 67544, sent 596810
drops: illegal VLAN 0, illegal length 0
★1 EVPN: neighbor 6.6.6.6, PW ID: evi 1010, ac-id 60, state is up ( established )
XC ID 0xa0000003
Encapsulation MPLS
Encap type Ethernet, control word disabled
Sequencing not set
★2 Preferred path Active : SR TE srte_c_60000_ep_6.6.6.6 (BSID:61000, IFH:0x3c), Statically configured, fallback enabled
Ignore MTU mismatch: Enabled
Transmit MTU zero: Enabled
Tunnel : Up
EVPN Local Remote
------------ ------------------------------ -----------------------------
Label 24004 24004
MTU 1518 unknown
Control word disabled disabled
AC ID 10 60
EVPN type Ethernet Ethernet
------------ ------------------------------ -----------------------------
Create time: 21/05/2023 06:33:56 (1w0d ago)
Last time status changed: 28/05/2023 23:25:57 (00:00:44 ago)
Statistics:
packets: received 5077, sent 10113
bytes: received 596810, sent 67544
RP/0/RP0/CPU0:h_N1#
★1 EVPN VPWS state is up ( established ) UPしています。
★2 Default で fallback enabled です。つまり、SR-TE が仮に down しても IGP routing によって通信を継続します。
→ SR-TE down を fallback するという option 定義です。
② SR TE srte_c_60000_ep_6.6.6.6 の転送状況を確認します。
RP/0/RP0/CPU0:h_N1#show segment-routing traffic-eng forwarding policy detail
Sun May 28 23:36:52.736 UTC
SR-TE Policy Forwarding database
--------------------------------
Color: 60000, End-point: 6.6.6.6
★1 Name: srte_c_60000_ep_6.6.6.6
Binding SID: 61000
★2 Active LSP:
Candidate path:
Preference: 100 (configuration)
Name: LIGHTNING
★3 Local label: 1001007
Segment lists:
SL[0]:
Name: EVPN_VPWS_PREFER
Switched Packets/Bytes: 14856/1811022
[MPLS -> MPLS]: 14856/1811022
Paths:
Path[0]:
Outgoing Label: 16003
Outgoing Interfaces: GigabitEthernet0/0/0/0
Next Hop: 10.1.2.2
Switched Packets/Bytes: 14856/1811022
[MPLS -> MPLS]: 14856/1811022
FRR Pure Backup: No
ECMP/LFA Backup: No
Internal Recursive Label: Unlabelled (recursive)
★4 Label Stack (Top -> Bottom): { 16003, 16004, 16005, 16006 }
Path-id: 1, Weight: 64
Policy Packets/Bytes Switched: 23417/2943792
RP/0/RP0/CPU0:h_N1#
★1 SR-TE のポリシー名は、srte_c_60000_ep_6.6.6.6
★2 SR-TE は有効です。
★3 Local label: 1001007
★4 Label Stack している状況が確認できます。
③ SR-TE は UP/UP しています。
RP/0/RP0/CPU0:h_N1#show segment-routing traffic-eng policy detail
Sun May 28 23:48:28.366 UTC
SR-TE policy database
---------------------
★ Color: 60000, End-point: 6.6.6.6
Name: srte_c_60000_ep_6.6.6.6
Status:
★ Admin: up Operational: up for 00:22:30 (since May 28 23:25:57.433)
Candidate-paths:
Preference: 100 (configuration) (active)
Name: LIGHTNING
Requested BSID: 61000
Protection Type: protected-preferred
Maximum SID Depth: 10
★ Explicit: segment-list EVPN_VPWS_PREFER (valid)
Weight: 1, Metric Type: TE
16002
16003
16004
16005
16006
LSPs:
LSP[0]:
LSP-ID: 3 policy ID: 5 (active)
Local label: 1001007
State: Programmed
Binding SID: 61000
Attributes:
Binding SID: 61000
Forward Class: Not Configured
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: yes
Invalidation drop enabled: no
RP/0/RP0/CPU0:h_N1#
Admin: up Operational: up で、Explicit: segment-list EVPN_VPWS_PREFER (valid) 想定通り steering しています。
④ Provider NW内の SR-TE を traceroute で確認します。
RP/0/RP0/CPU0:h_N1#traceroute 6.6.6.6 source loopback 0 Sun May 28 23:42:38.955 UTC Type escape sequence to abort. Tracing the route to 6.6.6.6 1 10.1.2.2 [MPLS: Labels 16003/16004/16005/16006 Exp 0] 12 msec 4 msec 4 msec 2 10.2.3.3 [MPLS: Labels 16004/16005/16006 Exp 0] 6 msec 4 msec 4 msec 3 10.3.4.4 [MPLS: Labels 16005/16006 Exp 0] 7 msec 4 msec 4 msec 4 10.4.5.5 [MPLS: Label 16006 Exp 0] 8 msec 4 msec 4 msec 5 10.5.6.6 12 msec * 6 msec RP/0/RP0/CPU0:h_N1#
L2VPN なので CEルータ同士の疎通確認ではラベルスタックが確認できませんが、↑のようにトラフィックが流れます。
⑤ 当然ですが、CEルータ同士の疎通できています。
CE1#ping 192.0.2.200 repeat 40 Type escape sequence to abort. Sending 40, 100-byte ICMP Echos to 192.0.2.200, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (40/40), round-trip min/avg/max = 2/3/8 ms CE1#
⑥ ここで、SR-TE を DOWN させます。Explicit Path の最初の SID が Down すると、SR-TE が DOWN します。手っ取り早いのは h_N2 の Loopback 0 を shutdown することです。詳しくは、過去のブログをご参照ください。
chimay-wh.hatenablog.com
RP/0/RP0/CPU0:h_N2#con Sun May 28 23:57:24.318 UTC RP/0/RP0/CPU0:h_N2(config)#int lo0 RP/0/RP0/CPU0:h_N2(config-if)#shutdown RP/0/RP0/CPU0:h_N2(config-if)#commit Sun May 28 23:57:34.816 UTC RP/0/RP0/CPU0:h_N2(config-if)#
⑦ SR-TE が DOWN します。
RP/0/RP0/CPU0:h_N1#show segment-routing traffic-eng policy detail
Sun May 28 23:59:17.625 UTC
SR-TE policy database
---------------------
★ Color: 60000, End-point: 6.6.6.6
Name: srte_c_60000_ep_6.6.6.6
Status:
★ Admin: up Operational: down for 00:01:42 (since May 28 23:57:35.059)
Candidate-paths:
Preference: 100 (configuration)
Name: LIGHTNING
Requested BSID: 61000
Protection Type: protected-preferred
Maximum SID Depth: 10
★ Explicit: segment-list EVPN_VPWS_PREFER (invalid)
Last error: unresolved first label (16002)
Weight: 1, Metric Type: TE
Attributes:
Forward Class: 0
Steering labeled-services disabled: no
Steering BGP disabled: no
IPv6 caps enable: no
Invalidation drop enabled: no
RP/0/RP0/CPU0:h_N1#
Admin: up Operational: down となり、segment-list EVPN_VPWS_PREFER (invalid) となります。
⑧ しかし、EVPN VPWS は、SR-TE を使わずに regular IGP path を使って state is up ( established ) を継続します。
RP/0/RP0/CPU0:h_N1#show l2vpn xconnect detail
Mon May 29 00:08:19.514 UTC
Group EVPN_VPWS, XC EVPN_1, state is up; Interworking none
AC: GigabitEthernet0/0/0/1.10, state is up
Type VLAN; Num Ranges: 1
Rewrite Tags: []
VLAN ranges: [10, 10]
MTU 1504; XC ID 0x2; interworking none
Statistics:
packets: received 9030, sent 15901
bytes: received 1370146, sent 1874042
drops: illegal VLAN 0, illegal length 0
★ EVPN: neighbor 6.6.6.6, PW ID: evi 1010, ac-id 60, state is up ( established )
XC ID 0xa0000003
Encapsulation MPLS
Encap type Ethernet, control word disabled
Sequencing not set
Preferred path Active : SR TE srte_c_60000_ep_6.6.6.6 (BSID:None, IFH:0x3c), Statically configured, fallback enabled
Ignore MTU mismatch: Enabled
Transmit MTU zero: Enabled
Tunnel : Up
EVPN Local Remote
------------ ------------------------------ -----------------------------
Label 24004 24004
MTU 1518 unknown
Control word disabled disabled
AC ID 10 60
EVPN type Ethernet Ethernet
------------ ------------------------------ -----------------------------
Create time: 21/05/2023 06:33:56 (1w0d ago)
Last time status changed: 28/05/2023 23:25:57 (00:42:21 ago)
Statistics:
packets: received 15901, sent 9030
bytes: received 1874042, sent 1370146
RP/0/RP0/CPU0:h_N1#
SR-TE の転送状況を確認すると、SR-TE を使っていないことは明白です。
RP/0/RP0/CPU0:h_N1#show segment-routing traffic-eng forwarding policy detail
Mon May 29 00:15:18.715 UTC
SR-TE Policy Forwarding database
--------------------------------
Color: 60000, End-point: 6.6.6.6
Name: srte_c_60000_ep_6.6.6.6
Policy Packets/Bytes Switched: 35199/4426854
RP/0/RP0/CPU0:h_N1#
⑨ Provider NW内の SR-TE を traceroute で確認します。
RP/0/RP0/CPU0:h_N1#traceroute 6.6.6.6 source loopback 0
Mon May 29 00:17:30.554 UTC
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.2.2 [MPLS: Label 16006 Exp 0] 10 msec
10.1.3.3 8 msec 3 msec
2 10.3.5.5 [MPLS: Label 16006 Exp 0] 7 msec
10.3.4.4 6 msec
10.3.5.5 4 msec
3 10.5.6.6 9 msec *
10.4.6.6 5 msec
RP/0/RP0/CPU0:h_N1#
⑩ 当然ですが、CEルータ同士の疎通できています。
CE1#ping 192.0.2.200 repeat 40 Type escape sequence to abort. Sending 40, 100-byte ICMP Echos to 192.0.2.200, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! Success rate is 100 percent (40/40), round-trip min/avg/max = 4/5/7 ms CE1#
これが fallback enabled(Default)の動作です。SR-TE が DOWN しても、regular IGP path を使って EVPN VPWS を継続利用できるようになります。
5.2 fallback disable 検証
ここまでの状況を簡単に言うと、SR-TE が DOWN しています。しかし、EVPN VPWS は preferred-path の fallback option によって通信を継続させています。 ここで、fallback option を disable にするとどうなるのかを検証します。
① fallback option を disable にします。
RP/0/RP0/CPU0:h_N1#conf
Mon May 29 00:22:57.885 UTC
RP/0/RP0/CPU0:h_N1(config)#l2vpn
RP/0/RP0/CPU0:h_N1(config-l2vpn)#pw-class PW60000
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc)#encapsulation mpls
★ RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#$srte_c_60000_ep_6.6.6.6 ?
★ fallback Fallback option for preferred path
★ <cr>
★ RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#$srte_c_60000_ep_6.6.6.6 fallback ?
★ disable Disable fallback for preferred path
★ RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#preferred-path sr-te policy srte_c_6$
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#show
Mon May 29 00:26:53.780 UTC
l2vpn
pw-class PW60000
encapsulation mpls
preferred-path sr-te policy srte_c_60000_ep_6.6.6.6 fallback disable
!
!
!
RP/0/RP0/CPU0:h_N1(config-l2vpn-pwc-mpls)#
② VPWS の詳細を確認します。
RP/0/RP0/CPU0:h_N1#show l2vpn xconnect detail
Mon May 29 00:31:21.114 UTC
Group EVPN_VPWS, XC EVPN_1, state is down; Interworking none
AC: GigabitEthernet0/0/0/1.10, state is up
Type VLAN; Num Ranges: 1
Rewrite Tags: []
VLAN ranges: [10, 10]
MTU 1504; XC ID 0x2; interworking none
Statistics:
packets: received 9030, sent 15901
bytes: received 1370146, sent 1874042
drops: illegal VLAN 0, illegal length 0
★ EVPN: neighbor 6.6.6.6, PW ID: evi 1010, ac-id 60, state is down ( local ready )
XC ID 0xa0000003
Encapsulation MPLS
Encap type Ethernet, control word disabled
Sequencing not set
Preferred path Active : SR TE srte_c_60000_ep_6.6.6.6 (BSID:None, IFH:0x3c), Statically configured, fallback disabled
Ignore MTU mismatch: Enabled
Transmit MTU zero: Enabled
Tunnel : Down
EVPN Local Remote
------------ ------------------------------ -----------------------------
Label 24004 24004
MTU 1518 unknown
Control word disabled disabled
AC ID 10 60
EVPN type Ethernet Ethernet
------------ ------------------------------ -----------------------------
Create time: 21/05/2023 06:33:56 (1w0d ago)
Last time status changed: 29/05/2023 00:30:59 (00:00:21 ago)
Statistics:
packets: received 15901, sent 9030
bytes: received 1874042, sent 1370146
RP/0/RP0/CPU0:h_N1#
state is down ( local ready ) となり、EVPN VPWS も SR-TE と同様に DOWN します。
③ Provider NW内の SR-TE を traceroute で確認します。
RP/0/RP0/CPU0:h_N1#traceroute 6.6.6.6 source loopback 0
Mon May 29 00:36:22.736 UTC
Type escape sequence to abort.
Tracing the route to 6.6.6.6
1 10.1.2.2 [MPLS: Label 16006 Exp 0] 9 msec 3 msec
10.1.3.3 6 msec
2 10.2.4.4 [MPLS: Label 16006 Exp 0] 5 msec 3 msec 4 msec
3 10.4.6.6 9 msec
10.5.6.6 5 msec *
RP/0/RP0/CPU0:h_N1#
regular IGP path が生きているため Head-end から End-point との通信は可能な状態です。
④ Provider NW 内は疎通可能な状態ですが、SR-TE が DOWN しており更に VPWS の preferred-path の fallback option が disable になっているため SR-TE の fallback が働かないため、CEルータ同士は疎通ができなくなります。
CE1#ping 192.0.2.200 repeat 40 Type escape sequence to abort. Sending 40, 100-byte ICMP Echos to 192.0.2.200, timeout is 2 seconds: ........................................ Success rate is 0 percent (0/40) CE1#
6. 参考
① EVPN VPWS Preferred Path over SR-TE Policy
www.cisco.com
次回は、On Demand Next-hop:ODN について記事を書きます。
最後までお読みいただきありがとうございました!
