evpn + vpcpeer(一)
10.10.18.209节点
evpn1# show running-config Building configuration... Current configuration: ! frr version 7.3-MyOwnFRRVersion frr defaults traditional hostname evpn2.novalocal log file /var/log/frr/bgpd.log hostname evpn1 ! vrf evpn-vrf vni 100 exit-vrf ! vrf evpn-vrf2 vni 1000 exit-vrf ! router bgp 8888 bgp router-id 10.10.18.209 bgp bestpath as-path multipath-relax neighbor fabric peer-group neighbor fabric remote-as external neighbor 10.10.18.212 peer-group fabric neighbor 10.10.18.212 update-source 10.10.18.209 ! address-family l2vpn evpn neighbor fabric activate advertise-all-vni exit-address-family ! router bgp 8888 vrf evpn-vrf ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family ! router bgp 8888 vrf evpn-vrf2 ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family ! line vty ! end evpn1#
10.10.18.212
evpn2.novalocal# show running-config Building configuration... Current configuration: ! frr version 7.3-MyOwnFRRVersion frr defaults traditional hostname evpn2.novalocal log file /var/log/frr/bgpd.log ! vrf evpn-vrf vni 100 exit-vrf ! vrf evpn-vrf2 vni 1000 exit-vrf ! router bgp 9999 bgp router-id 10.10.18.212 bgp bestpath as-path multipath-relax neighbor fabric peer-group neighbor fabric remote-as external neighbor 10.10.18.209 peer-group fabric neighbor 10.10.18.209 update-source 10.10.18.212 ! address-family l2vpn evpn neighbor fabric activate advertise-all-vni exit-address-family vrf-policy evpn-vrf exit-vrf-policy vnc defaults exit-vnc ! router bgp 9999 vrf evpn-vrf ! address-family ipv4 unicast network 0.0.0.0/0 network 9.9.9.0/24 exit-address-family ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family ! router bgp 9999 vrf evpn-vrf2 ! address-family ipv4 unicast network 0.0.0.0/0 exit-address-family ! address-family l2vpn evpn advertise ipv4 unicast exit-address-family ! line vty ! end
10.10.18.209上evpn-vrf中ping evpn-vrf2中192.168.3.3
[root@evpn1 ~]# ip netns exec host1 ping 192.168.3.3 PING 192.168.3.3 (192.168.3.3) 56(84) bytes of data. ^C --- 192.168.3.3 ping statistics --- 1 packets transmitted, 0 received, 100% packet loss, time 0ms [root@evpn1 ~]# ip netns exec host1 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0@if4: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether ea:e1:8d:a6:39:96 brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 2.2.2.2/24 scope global eth0 valid_lft forever preferred_lft forever inet6 fe80::e8e1:8dff:fea6:3996/64 scope link valid_lft forever preferred_lft forever [root@evpn1 ~]# ip netns exec host1 ping 192.168.3.3 PING 192.168.3.3 (192.168.3.3) 56(84) bytes of data. ^C --- 192.168.3.3 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 50ms [root@evpn1 ~]#
10.10.18.212上evpn-vrf中ping evpn-vrf2中192.168.3.3
[root@evpn2 ~]# ip netns exec host2 ip a 1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000 link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00 inet 127.0.0.1/8 scope host lo valid_lft forever preferred_lft forever inet6 ::1/128 scope host valid_lft forever preferred_lft forever 2: eth0@if3: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc noqueue state UP group default qlen 1000 link/ether 6e:7f:fc:df:5d:bb brd ff:ff:ff:ff:ff:ff link-netnsid 0 inet 9.9.9.1/24 scope global eth0 valid_lft forever preferred_lft forever [root@evpn2 ~]# ip netns exec host3 ping 192.168.3.3 PING 192.168.3.3 (192.168.3.3) 56(84) bytes of data. ^C --- 192.168.3.3 ping statistics --- 2 packets transmitted, 0 received, 100% packet loss, time 27ms [root@evpn2 ~]#
10.10.18.212上import vrf evpn-vrf2
evpn2.novalocal# router bgp 9999 vrf evpn-vrf % Unknown command: router bgp 9999 vrf evpn-vrf evpn2.novalocal# conf t evpn2.novalocal(config)# router bgp 9999 vrf evpn-vrf evpn2.novalocal(config-router)# import vrf evpn-vrf2 % Unknown command: import vrf evpn-vrf2 evpn2.novalocal(config-router)# address-family ipv4 unicast evpn2.novalocal(config-router-af)# import vrf evpn-vrf2 evpn2.novalocal(config-router-af)# exit evpn2.novalocal(config-router)# exit evpn2.novalocal(config)# exit evpn2.novalocal# wr m Note: this version of vtysh never writes vtysh.conf Building Configuration... Configuration saved to /etc/frr/zebra.conf Configuration saved to /etc/frr/ospfd.conf Configuration saved to /etc/frr/bgpd.conf Configuration saved to /etc/frr/pimd.conf Configuration saved to /etc/frr/fabricd.conf Configuration saved to /etc/frr/staticd.conf
10.10.18.209上import vrf evpn-vrf2
evpn1# conf t
evpn1(config)# router bgp 8888 vrf evpn-vrf
evpn1(config-router)# address-family l2vpn evpn
evpn1(config-router-af)# import vrf evpn-vrf2
% Unknown command: import vrf evpn-vrf2
evpn1(config-router-af)# exit
evpn1(config-router)# address-family ipv4 unicast
evpn1(config-router-af)# import vrf evpn-vrf2
evpn1(config-router-af)# exit-address-family
evpn1(config-router)# exit
evpn1(config)# exit
evpn1# wr
Note: this version of vtysh never writes vtysh.conf
Building Configuration...
Configuration saved to /etc/frr/zebra.conf
Configuration saved to /etc/frr/ospfd.conf
Configuration saved to /etc/frr/bgpd.conf
Configuration saved to /etc/frr/pimd.conf
Configuration saved to /etc/frr/fabricd.conf
Configuration saved to /etc/frr/staticd.conf
sysctl -w net.ipv4.conf.all.rp_filter=0 sysctl -w net.ipv4.conf.default.rp_filter=0 两个添加了l3vni的网桥 [root@evpn2 ~]# sysctl -w net.ipv4.conf.br100.rp_filter=0 net.ipv4.conf.br100.rp_filter = 0 [root@evpn2 ~]# sysctl -w net.ipv4.conf.br1000.rp_filter=0 net.ipv4.conf.br1000.rp_filter = 0
[root@evpn1 ~]# ip route sh vrf evpn-vrf default via 10.10.18.212 dev br1000 proto bgp metric 20 onlink 2.2.2.0/24 dev br10 proto kernel scope link src 2.2.2.254 3.3.3.0/24 dev br20 proto kernel scope link src 3.3.3.254 9.9.9.0/24 via 10.10.18.212 dev br100 proto bgp metric 20 onlink 192.168.3.3 dev br20 scope link 192.168.3.4 via 10.10.18.212 dev br1000 proto bgp metric 20 onlink ------------------------------ [root@evpn1 ~]# ip route sh vrf evpn-vrf2 default via 10.10.18.212 dev br100 proto bgp metric 20 onlink 2.2.2.2 dev br20 scope link 9.9.9.0/24 via 10.10.18.212 dev br100 proto bgp metric 20 onlink 192.168.3.0/24 dev br30 proto kernel scope link src 192.168.3.254 192.168.3.4 via 10.10.18.212 dev br1000 proto bgp metric 20 onlink ----------------------------经过br1000 [root@evpn1 ~]# ip netns exec host1 ping 192.168.3.4 PING 192.168.3.4 (192.168.3.4) 56(84) bytes of data. ^C --- 192.168.3.4 ping statistics --- 83 packets transmitted, 0 received, 100% packet loss, time 363ms
10.10.18.212上添加两条路由
[root@evpn2 ~]# ip route add 2.2.2.3 dev br30 vrf evpn-vrf2 [root@evpn2 ~]# ip netns exec host3 ping 192.168.3.3 PING 192.168.3.3 (192.168.3.3) 56(84) bytes of data. ^C --- 192.168.3.3 ping statistics --- 3 packets transmitted, 0 received, 100% packet loss, time 49ms [root@evpn2 ~]# ip route add 192.168.3.3 dev br30 vrf evpn-vrf [root@evpn2 ~]# ip netns exec host3 ping 192.168.3.3 PING 192.168.3.3 (192.168.3.3) 56(84) bytes of data. From 2.2.2.254: icmp_seq=2 Redirect Host(New nexthop: 192.168.3.3) From 2.2.2.254: icmp_seq=3 Redirect Host(New nexthop: 192.168.3.3) From 2.2.2.254 icmp_seq=1 Destination Host Unreachable From 2.2.2.254 icmp_seq=4 Destination Host Unreachable From 2.2.2.254 icmp_seq=5 Destination Host Unreachable From 2.2.2.254 icmp_seq=6 Destination Host Unreachable From 2.2.2.254 icmp_seq=7 Destination Host Unreachable ^C --- 192.168.3.3 ping statistics --- 10 packets transmitted, 0 received, +5 errors, 100% packet loss, time 357ms pipe 4 [root@evpn2 ~]#
evpn2.novalocal# show ip route vrf evpn-vrf Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route VRF evpn-vrf: K>* 0.0.0.0/0 [0/0] via 5.5.5.254, default_g1, 03w3d16h C>* 2.2.2.0/24 is directly connected, br30, 03w3d16h C>* 5.5.5.0/24 is directly connected, default_g1, 03w3d16h C>* 9.9.9.0/24 is directly connected, br20, 03w3d16h K>* 192.168.3.3/32 [0/0] is directly connected, br30, 00:39:22
evpn2.novalocal# show ip route vrf evpn-vrf2 Codes: K - kernel route, C - connected, S - static, R - RIP, O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP, T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR, f - OpenFabric, > - selected route, * - FIB route, q - queued route, r - rejected route VRF evpn-vrf2: K>* 0.0.0.0/0 [0/0] via 6.6.6.254, vrf2-in, 03w3d16h K>* 2.2.2.3/32 [0/0] is directly connected, br30(vrf evpn-vrf), 00:42:24 C>* 6.6.6.0/24 is directly connected, vrf2-in, 03w3d16h C>* 192.168.3.0/24 is directly connected, br40, 00:07:40 C>* 192.168.4.0/24 is directly connected, br40, 00:34:02 evpn2.novalocal#
[root@evpn2 ~]# tcpdump -i br30 icmp -nnvv tcpdump: listening on br30, link-type EN10MB (Ethernet), capture size 262144 bytes 11:33:44.597688 IP (tos 0x0, ttl 64, id 47853, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 1, length 64 11:33:45.613898 IP (tos 0x0, ttl 64, id 47937, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 2, length 64 11:33:45.613950 IP (tos 0xc0, ttl 64, id 61782, offset 0, flags [none], proto ICMP (1), length 112) 2.2.2.254 > 2.2.2.3: ICMP redirect 192.168.3.3 to host 192.168.3.3, length 92 IP (tos 0x0, ttl 63, id 47937, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 2, length 64 11:33:46.653885 IP (tos 0x0, ttl 64, id 47944, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 3, length 64 11:33:46.653930 IP (tos 0xc0, ttl 64, id 61850, offset 0, flags [none], proto ICMP (1), length 112) 2.2.2.254 > 2.2.2.3: ICMP redirect 192.168.3.3 to host 192.168.3.3, length 92 IP (tos 0x0, ttl 63, id 47944, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 3, length 64 11:33:47.693837 IP (tos 0xc0, ttl 64, id 61878, offset 0, flags [none], proto ICMP (1), length 112) 2.2.2.254 > 2.2.2.3: ICMP host 192.168.3.3 unreachable, length 92 IP (tos 0x0, ttl 63, id 47853, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 1, length 64 11:33:47.693986 IP (tos 0x0, ttl 64, id 48030, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 4, length 64 11:33:48.733909 IP (tos 0x0, ttl 64, id 48045, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 5, length 64 11:33:49.773891 IP (tos 0x0, ttl 64, id 48131, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 6, length 64 11:33:50.813829 IP (tos 0xc0, ttl 64, id 62151, offset 0, flags [none], proto ICMP (1), length 112) 2.2.2.254 > 2.2.2.3: ICMP host 192.168.3.3 unreachable, length 92 IP (tos 0x0, ttl 63, id 48030, offset 0, flags [DF], proto ICMP (1), length 84) 2.2.2.3 > 192.168.3.3: ICMP echo request, id 15457, seq 4, length 64
但是同一个vtep 10.10.19.212
[root@evpn2 ~]# ip netns exec host3 ping 192.168.3.4 PING 192.168.3.4 (192.168.3.4) 56(84) bytes of data. 64 bytes from 192.168.3.4: icmp_seq=1 ttl=252 time=0.979 ms 64 bytes from 192.168.3.4: icmp_seq=2 ttl=252 time=0.982 ms 64 bytes from 192.168.3.4: icmp_seq=3 ttl=252 time=0.910 ms ^C --- 192.168.3.4 ping statistics --- 3 packets transmitted, 3 received, 0% packet loss, time 4ms rtt min/avg/max/mdev = 0.910/0.957/0.982/0.033 ms [root@evpn2 ~]#
[root@evpn2 ~]# ip route del 192.168.3.3 dev br30 vrf evpn-vrf [root@evpn2 ~]# ip route del 2.2.2.3 dev br30 vrf evpn-vrf RTNETLINK answers: No such process [root@evpn2 ~]# ip route del 2.2.2.3 dev br30 vrf evpn-vrf2 [root@evpn2 ~]# ip netns exec host3 ping 192.168.3.4 PING 192.168.3.4 (192.168.3.4) 56(84) bytes of data. 64 bytes from 192.168.3.4: icmp_seq=4 ttl=252 time=1920 ms 64 bytes from 192.168.3.4: icmp_seq=5 ttl=252 time=880 ms 64 bytes from 192.168.3.4: icmp_seq=6 ttl=252 time=0.879 ms 64 bytes from 192.168.3.4: icmp_seq=7 ttl=252 time=0.858 ms 64 bytes from 192.168.3.4: icmp_seq=8 ttl=252 time=0.878 ms 64 bytes from 192.168.3.4: icmp_seq=9 ttl=252 time=0.908 ms 64 bytes from 192.168.3.4: icmp_seq=10 ttl=252 time=0.897 ms ^C --- 192.168.3.4 ping statistics --- 10 packets transmitted, 7 received, 30% packet loss, time 337ms rtt min/avg/max/mdev = 0.858/400.664/1920.115/690.520 ms, pipe 2 [root@evpn2 ~]#
浙公网安备 33010602011771号