Tungsten Fabric入门宝典丨说说L3VPN及EVPN集成​



  • Tungsten Fabric入门宝典系列文章,来自技术大牛倾囊相授的实践经验,由TF中文社区为您编译呈现,旨在帮助新手深入理解TF的运行、安装、集成、调试等全流程。如果您有相关经验或疑问,欢迎与我们互动,并与社区极客们进一步交流。更多TF技术文章,请点击【TF中文社区】公号底部按钮>学习>文章合集。
    
    作者:Tatsuya Naganawa  译者:TF编译组
    

    在深入研究这一重要主题之前,我将首先在两种情况下,描述我个人偏爱的封装和控制平面协议,即DataCenter和NFVI。

    1.DataCenter: EVPN / VXLAN

    • 如果需要DC之间的MPLS over MPLS,则需要路由器配置来缝合它们

    2.NFVI: L3VPN / MPLS over UDP

    下面我来描述一下使用这些选择的理由。

    VXLAN或MPLS

    选择封装时,需要注意两个方面,即NIC和路由器/交换机。

    对于NIC来说,vxlan更为流行,即使Linux本身从4.1开始支持MPLS encap / decap,找到可以卸载MPLS encap / decap的硬件也并非易事。

    对于路由器/交换机来说,找到一种可以处理MPLS报文的硬件成本确实更高,因为大多数数据中心交换机当前都使用特定的Broadcom芯片,该芯片可以使用vxlan,但不能使用MPLS。

    因此在数据中心里,使用vxlan封装将是可行的选择。

    要使用VXLAN,EVPN将会是一个运行良好的控制平面。

    Tungsten Fabric controller当前支持Type 2和Type 5的EVPN,内部也使用Type 1、3、4。

    因此,vRouter加入EVPN/VXLAN网络基本上是可以的,尽管要实现完全的互操作性并不总是那么容易。

    要注意一件事,尽管某些交换机不具备此功能,但vRouter仍然能够进行vxlan路由。

    在此设置中,你可能需要特别注意,如何在物理交换机和vRouter之间发送vxlan间流量。

    一个极端的情况是,由于流量工程和链路保护等高级MPLS功能,数据中心之间必须使用MPLS-over-MPLS。

    在这种情况下,路由器必须缝合EVPN/VXLAN和EVPN/MPLS,通过以下的配置来实现。

    如果将其用作NFVI,由于Tungsten Fabric当前不支持EVPN Type 5的服务链,因此L3VPN / MPLS over UDP将是唯一的选择。

    由于在这种情况下首选使用DPDK,因此Linux堆栈的吞吐量限制不会成为一个问题。

    EVPN / VXLAN互操作

    为了说明evpn / vxlan的集成,让我描述一下CumulusVX的L2VNI和L3VNI设置(它使用FRRouting和Vanilla linux的vrf / virtual-switch)

    [1. 样例配置]
    
    Tungsten Fabric controller: 192.168.122.141/24
    Tungsten Fabric vRouter: 192.168.122.142/24
     vn1 (vxlan id: 7), 10.0.1.0/24, route-target: 64512:7 is set
      10.0.1.3 is a cirros container inside vn1
      vn1 is connected to lr1 (logical-router, vxlan id: 8, route-target 64512:8 is set)
       Tungsten Fabric's project setting, 'vxlan routing: enabled' is also set (this settimg might be changed in the future)
        https://review.opencontrail.org/c/Juniper/contrail-controller/+/51833
    CumulusVX: 192.168.122.151/24
     swp1: centos152 (10.0.1.152/24) is connected
      -> same l2 subnet with the container inside vRouter
     swp2: centos153 (192.168.130.153/24) is connected
      -> L3VRF will route the traffic from this to the container
    
    [2. bgp 设置]
    
    net add bgp autonomous-system 64513
    net add bgp router-id 192.168.122.151
    net add bgp neighbor 192.168.122.141 remote-as 64512
    net add bgp neighbor 192.168.122.141 capability extended-nexthop
    net add bgp l2vpn evpn  neighbor 192.168.122.141 activate
    net add bgp l2vpn evpn  advertise-all-vni
    net add bgp l2vpn evpn vni 7 rd 192.168.122.151:7
    net add bgp l2vpn evpn vni 7 route-target import 64512:7
    net add bgp l2vpn evpn vni 7 route-target export 64512:7
    
    
    cumulus@cumulus:~$ net show bgp summary
    show bgp ipv4 unicast summary
    =============================
    BGP router identifier 192.168.122.151, local AS number 64513 vrf-id 0
    BGP table version 0
    RIB entries 0, using 0 bytes of memory
    Peers 1, using 19 KiB of memory
    
    Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
    192.168.122.141 4      64512      55      43        0    0    0 00:01:15 NoNeg
    
    Total number of neighbors 1
    
    
    show bgp ipv6 unicast summary
    =============================
    % No BGP neighbors found
    
    
    show bgp l2vpn evpn summary
    ===========================
    BGP router identifier 192.168.122.151, local AS number 64513 vrf-id 0
    BGP table version 0
    RIB entries 3, using 456 bytes of memory
    Peers 1, using 19 KiB of memory
    
    Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
    192.168.122.141 4      64512      55      43        0    0    0 00:01:15            6
    
    Total number of neighbors 1
    cumulus@cumulus:~$
    
    
    [3. l2vni 设置]
    
    net add bridge bridge ports vni7
    net add bridge bridge vids 7
    net add interface swp1 bridge pvid 7
    net add vxlan vni7 vxlan id 7
    net add vxlan vni7 bridge learning off
    net add vxlan vni7 bridge access 7
    net add vxlan vni7 bridge arp-nd-suppress on
    net add vxlan vni7 vxlan local-tunnelip 192.168.122.151
    net add vlan 7 ip forward off
    net add vlan 7 ipv6 forward off
    
    
    cumulus@cumulus:~$ net show bgp l2vpn evpn route
    BGP table version is 18, local router ID is 192.168.122.151
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
    Origin codes: i - IGP, e - EGP, ? - incomplete
    EVPN type-2 prefix: [2]:[ESI]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
    EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
    EVPN type-5 prefix: [5]:[ESI]:[EthTag]:[IPlen]:[IP]
    
       Network          Next Hop            Metric LocPrf Weight Path
    Route Distinguisher: 192.168.122.142:1
    *> [2]:[0]:[0]:[48]:[52:54:00:d9:db:32]
                        192.168.122.142        100             0 64512 ?
    *> [2]:[0]:[0]:[48]:[52:54:00:d9:db:32]:[32]:[192.168.122.142]
                        192.168.122.142        100             0 64512 ?
    *> [3]:[0]:[32]:[192.168.122.142]
                        192.168.122.142        200             0 64512 ?
    Route Distinguisher: 192.168.122.142:3
    *> [2]:[0]:[0]:[48]:[02:98:81:86:80:8a]
                        192.168.122.142        100             0 64512 ?
    *> [2]:[0]:[0]:[48]:[02:98:81:86:80:8a]:[32]:[10.0.1.3]
                        192.168.122.142        100             0 64512 ?
    *> [3]:[0]:[32]:[192.168.122.142]
                        192.168.122.142        200             0 64512 ?
    Route Distinguisher: 192.168.122.142:4
    *> [5]:[0]:[0]:[32]:[10.0.1.3]
                        192.168.122.142        100             0 64512 ?
     (snip)
    Route Distinguisher: 192.168.122.151:7
    *> [3]:[0]:[32]:[192.168.122.151]
                        192.168.122.151                    32768 i
    Route Distinguisher: 192.168.122.151:8
    *> [5]:[0]:[0]:[24]:[192.168.131.0]
                        192.168.122.151          0         32768 ?
    
    Displayed 12 prefixes (12 paths)
    cumulus@cumulus:~$
    
    
    [root@centos152 ~]# ping 10.0.1.3
    PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data.
    64 bytes from 10.0.1.3: icmp_seq=1 ttl=64 time=1.37 ms
    64 bytes from 10.0.1.3: icmp_seq=2 ttl=64 time=0.836 ms
    64 bytes from 10.0.1.3: icmp_seq=3 ttl=64 time=0.778 ms
    64 bytes from 10.0.1.3: icmp_seq=4 ttl=64 time=0.753 ms
    64 bytes from 10.0.1.3: icmp_seq=5 ttl=64 time=0.801 ms
    
    --- 10.0.1.3 ping statistics ---
    5 packets transmitted, 5 received, 0% packet loss, time 4006ms
    rtt min/avg/max/mdev = 0.753/0.908/1.374/0.235 ms
    [root@centos152 ~]#
    
    
    cumulus@cumulus:~$ net show evpn arp-cache vni all
    VNI 7 #ARP (IPv4 and IPv6, local and remote) 3
    
    IP                        Type   State    MAC               Remote VTEP
    10.0.1.152                local  active   52:54:00:20:e5:9a
    fe80::28a0:caff:fe62:d16c local  active   2a:a0:ca:62:d1:6c
    10.0.1.3                  remote active   02:98:81:86:80:8a 192.168.122.142
    cumulus@cumulus:~$
     -> mac address of 10.0.1.3 container is learnt from Tungsten Fabric controller
    
    
    
    [4. l3vni 设置]
    
    net add vrf vrf8 vni 8
    net add bgp router-id 192.168.122.151
    net add bgp vrf vrf8 autonomous-system 64513
    net add bgp vrf vrf8 ipv4 unicast redistribute connected
    net add bgp vrf vrf8 l2vpn evpn  advertise ipv4 unicast
    net add bgp vrf vrf8 l2vpn evpn  rd 192.168.122.151:8
    net add bgp vrf vrf8 l2vpn evpn  route-target import 64512:8
    net add bgp vrf vrf8 l2vpn evpn  route-target export 64512:8
    net add vxlan vni8 vxlan id 8
    net add interface swp2 bridge pvid 8
    net add vlan 8 ip address 192.168.131.254/24
    net add vlan 8 vlan-id 8
    net add vlan 8 vrf vrf8
    net add vxlan vni8 vxlan local-tunnelip 192.168.122.151
    net add vxlan vni8 bridge access 8
    
    
    cumulus@cumulus:~$ net show bgp l2vpn evpn route type prefix
    BGP table version is 4, local router ID is 192.168.122.151
    Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
    Origin codes: i - IGP, e - EGP, ? - incomplete
    EVPN type-2 prefix: [2]:[ESI]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
    EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
    EVPN type-5 prefix: [5]:[ESI]:[EthTag]:[IPlen]:[IP]
    
       Network          Next Hop            Metric LocPrf Weight Path
    Route Distinguisher: 192.168.122.142:4
    *> [5]:[0]:[0]:[32]:[10.0.1.3]
                        192.168.122.142        100             0 64512 ?
    Route Distinguisher: 192.168.122.151:8
    *> [5]:[0]:[0]:[24]:[192.168.131.0]
                        192.168.122.151          0         32768 ?
    
    Displayed 2 prefixes (2 paths) (of requested type)
    cumulus@cumulus:~$
    
    cumulus@cumulus:~$ net show route vrf vrf8
    show ip route vrf vrf8
    =======================
    Codes: K - kernel route, C - connected, S - static, R - RIP,
           O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
           T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
           F - PBR,
           > - selected route, * - FIB route
    
    
    VRF vrf8:
    K * 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:31:09
    B>* 10.0.1.3/32 [20/100] via 192.168.122.142, vlan8 onlink, 00:31:09
    C>* 192.168.131.0/24 is directly connected, vlan8, 00:29:05
    
    
    [root@centos153 ~]# ping 10.0.1.3
    PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data.
    64 bytes from 10.0.1.3: icmp_seq=1 ttl=62 time=1.27 ms
    64 bytes from 10.0.1.3: icmp_seq=2 ttl=62 time=0.892 ms
    64 bytes from 10.0.1.3: icmp_seq=3 ttl=62 time=0.912 ms
    64 bytes from 10.0.1.3: icmp_seq=4 ttl=62 time=0.851 ms
    
    --- 10.0.1.3 ping statistics ---
    4 packets transmitted, 4 received, 0% packet loss, time 3004ms
    rtt min/avg/max/mdev = 0.851/0.981/1.272/0.173 ms
    [root@centos153 ~]#
    [root@centos153 ~]#
    [root@centos153 ~]# ip -o a
    1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
    1: lo    inet6 ::1/128 scope host \       valid_lft forever preferred_lft forever
    2: eth0    inet 192.168.131.153/24 brd 192.168.131.255 scope global noprefixroute eth0\       valid_lft forever preferred_lft forever
    2: eth0    inet6 fe80::24a9:6145:e488:5f15/64 scope link noprefixroute \       valid_lft forever preferred_lft forever
    [root@centos153 ~]#
    [root@centos153 ~]# ip route
    default via 192.168.131.254 dev eth0 proto static metric 100
    192.168.131.0/24 dev eth0 proto kernel scope link src 192.168.131.153 metric 100
    [root@centos153 ~]#
    

    配置EVPN T5路由

    在R1908版本之前,要启用EVPN T5,vxlan-routing属于项目级别的设置,因此一旦启用此knob,所有logical-router的类型均为:vxlan-routing,而不能用作snat-routing的logical-router。

    在R1908版本之后,可以为每个logical-router设定此设置。

    话虽如此,目前尚无办法从webui创建vxlan-routing的logical-router(可以通过API创建)。

    要尝试此功能,有一种方法是,将config-api模块修改为使用vxlan-routing而不是snat-routing。

    # docker exec -it config_api_1 bash
      # sed -i 's/snat-routing/vxlan-routing/' /usr/lib/python2.7/site-packages/vnc_cfg_api_server/resources/logical_router.py
      # exit
    # docker restart config_api_1
    

    此后,当某些logical-router连接到virtual-network时,EVPN T5路由将发送到其它bgp对等方。

    • 编排器需要是openstack
    (one VM is created in virtual-network vn1)
    (kolla-toolbox)[ansible@ip-172-31-13-153 /]$ openstack server list
    +--------------------------------------+------+--------+--------------+--------+---------+
    | ID                                   | Name | Status | Networks     | Image  | Flavor  |
    +--------------------------------------+------+--------+--------------+--------+---------+
    | e3a43979-a8ae-4f05-b065-0b0841cee47b | vm1  | ACTIVE | vn1=10.0.1.3 | cirros | m1.tiny |
    +--------------------------------------+------+--------+--------------+--------+---------+
    (kolla-toolbox)[ansible@ip-172-31-13-153 /]$ 
    
    (when logical-router is not connected to vn1, no type 5 route is seen)
    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py ctr route show --family evpn | grep ^5
    [root@ip-172-31-13-153 ~]# 
    
    
    (when logical-router is connected to vn1, type 5 route for this VM is sent to other bgp peer)
    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py ctr route show --family evpn | grep ^5
    5-0:0-0-10.0.1.3/32, age: 0:00:07.126096, last_modified: 2020-Jan-12 13:50:27.307760
    5-172.31.13.153:3-0-10.0.1.3/32, age: 0:00:07.077088, last_modified: 2020-Jan-12 13:50:27.356768
    [root@ip-172-31-13-153 ~]#
    

    此外,在R1912版本之后,EVPN T5也可以用于服务链路由(可以与vxlan一起使用)。

    要配置这个,需要遵循一些流程。

    • 使用opencontrailnightly:1912-latest测试过,一个节点安装(openstack controller, tungsten fabric controller, vRouter)

    1.创建两个virtual-network (vn1, vn2)和logical-routers (lr1, lr2)

    2.将lr1连接到vn1,lr2连接到vn2

    3.检查是否自动创建了virtual-network LR::lr1, LR::lr2

    (kolla-toolbox)[ansible@ip-172-31-13-153 /]$ openstack network list
    +--------------------------------------+-------------------------+--------------------------------------+
    | ID                                   | Name                    | Subnets                              |
    +--------------------------------------+-------------------------+--------------------------------------+
    | 667344f9-36f1-4d56-8d9e-e5b8c856658b | LR::lr1                 | ab81f262-52d3-496f-825e-758ca5e6d60f |
    | 0acf42ab-f917-4a32-a95a-5f2a555e955d | ip-fabric               |                                      |
    | 5ac821b2-b823-4ea7-8be2-e1ee71547df8 | LR::lr2                 | 45b16ec8-0497-4610-843d-13d6913f4c41 |
    | 0a0e30c2-d2fa-46dd-bd6f-233897f156f4 | vn1                     | c739aa67-bad3-4a69-b110-797018579b22 |
    | 822b12ae-8b9c-4c32-be91-1611c245e761 | vn2                     | c67c9f25-8169-44dd-b1cd-8d9ab788a0da |
    | 16715adc-93cb-4297-847a-50fcbcdef98b | __link_local__          |                                      |
    | 95b08fcc-b027-407a-8b35-8470989b7d5a | dci-network             |                                      |
    | 728957ed-9db3-4502-b45a-2ce3ce0ed575 | default-virtual-network |                                      |
    +--------------------------------------+-------------------------+--------------------------------------+
    (kolla-toolbox)[ansible@ip-172-31-13-153 /]$
    

    4.将子网添加到LR::lr1和LR::lr2(TF webui可用于此)

    5.使用LR::lr1和LR::lr2中的vNIC创建VNF

    (kolla-toolbox)[ansible@ip-172-31-13-153 /]$ openstack server list
    +--------------------------------------+------------+--------+--------------------------------------+--------+---------+
    | ID                                   | Name       | Status | Networks                             | Image  | Flavor  |
    +--------------------------------------+------------+--------+--------------------------------------+--------+---------+
    | 4477700f-8183-4f81-b7bf-7fb16e74aba8 | vm2        | ACTIVE | vn2=10.0.2.4                         | cirros | m1.tiny |
    | b631b50c-5ccf-4e48-86a8-bf390c174180 | lr1-to-lr2 | ACTIVE | LR::lr1=10.0.11.3; LR::lr2=10.0.12.3 | cirros | m1.tiny |
    | e3a43979-a8ae-4f05-b065-0b0841cee47b | vm1        | ACTIVE | vn1=10.0.1.3                         | cirros | m1.tiny |
    +--------------------------------------+------------+--------+--------------------------------------+--------+---------+
    (kolla-toolbox)[ansible@ip-172-31-13-153 /]$
    

    6.使用LR::lr1和LR::lr2创建服务实例(service-instance),网络策略(network-policy),并将network-policy附加到LR::lr1和LR::lr2

    当一切正常时,将添加带有协议ServiceChain的EVPN T5路由。

    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py ctr route show --family evpn | grep -e ^5 -e evpn -A 1 
    default-domain:admin:__contrail_lr_internal_vn_62651c76-7851-4459-8d54-41b2b1289e21__:__contrail_lr_internal_vn_62651c76-7851-4459-8d54-41b2b1289e21__.evpn.0: 2 destinations, 2 routes (1 primary, 1 secondary, 0 infeasible)
    
    5-0:0-0-10.0.1.3/32, age: 0:00:40.299110, last_modified: 2020-Jan-12 14:00:39.070835
        [ServiceChain (service-interface)|None] age: 0:00:40.302293, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 8, AS path: None
    --
    5-0:0-0-10.0.2.4/32, age: 0:04:22.046440, last_modified: 2020-Jan-12 13:56:57.323505
        [XMPP|ip-172-31-13-153.local] age: 0:04:22.049981, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 8, AS path: None
    --
    default-domain:admin:__contrail_lr_internal_vn_62651c76-7851-4459-8d54-41b2b1289e21__:service-20c08253-7212-40e2-8211-1548652de4b9-default-domain_admin_lr1-to-lr2.evpn.0: 2 destinations, 2 routes (1 primary, 1 secondary, 0 infeasible)
    
    5-0:0-0-10.0.1.3/32, age: 0:00:40.299524, last_modified: 2020-Jan-12 14:00:39.070421
        [ServiceChain (service-interface)|None] age: 0:00:40.303335, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 8, AS path: None
    --
    5-0:0-0-10.0.2.4/32, age: 0:00:40.316583, last_modified: 2020-Jan-12 14:00:39.053362
        [XMPP|ip-172-31-13-153.local] age: 0:00:40.320727, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 8, AS path: None
    --
    default-domain:admin:__contrail_lr_internal_vn_7693de7f-9b96-41de-84af-c6db113132e2__:__contrail_lr_internal_vn_7693de7f-9b96-41de-84af-c6db113132e2__.evpn.0: 2 destinations, 2 routes (1 primary, 1 secondary, 0 infeasible)
    
    5-0:0-0-10.0.1.3/32, age: 0:10:52.062185, last_modified: 2020-Jan-12 13:50:27.307760
        [XMPP|ip-172-31-13-153.local] age: 0:10:52.066796, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 6, AS path: None
    --
    5-0:0-0-10.0.2.4/32, age: 0:00:40.299766, last_modified: 2020-Jan-12 14:00:39.070179
        [ServiceChain (service-interface)|None] age: 0:00:40.304752, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 6, AS path: None
    --
    default-domain:admin:__contrail_lr_internal_vn_7693de7f-9b96-41de-84af-c6db113132e2__:service-20c08253-7212-40e2-8211-1548652de4b9-default-domain_admin_lr1-to-lr2.evpn.0: 2 destinations, 2 routes (1 primary, 1 secondary, 0 infeasible)
    
    5-0:0-0-10.0.1.3/32, age: 0:00:40.465418, last_modified: 2020-Jan-12 14:00:38.904527
        [XMPP|ip-172-31-13-153.local] age: 0:00:40.470671, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 6, AS path: None
    --
    5-0:0-0-10.0.2.4/32, age: 0:00:40.299958, last_modified: 2020-Jan-12 14:00:39.069987
        [ServiceChain (service-interface)|None] age: 0:00:40.305449, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 6, AS path: None
    --
    default-domain:admin:vn1:vn1.evpn.0: 4 destinations, 4 routes (4 primary, 0 secondary, 0 infeasible)
    
    --
    default-domain:admin:vn2:vn2.evpn.0: 4 destinations, 4 routes (4 primary, 0 secondary, 0 infeasible)
    
    --
    bgp.evpn.0: 13 destinations, 13 routes (0 primary, 13 secondary, 0 infeasible)
    
    --
    5-172.31.13.153:3-0-10.0.1.3/32, age: 0:10:52.013177, last_modified: 2020-Jan-12 13:50:27.356768
        [XMPP|ip-172-31-13-153.local] age: 0:10:52.023700, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 6, AS path: None
    --
    5-172.31.13.153:5-0-10.0.2.4/32, age: 0:04:22.046385, last_modified: 2020-Jan-12 13:56:57.323560
        [XMPP|ip-172-31-13-153.local] age: 0:04:22.057108, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 8, AS path: None
    --
    5-172.31.13.153:6-0-10.0.2.4/32, age: 0:00:40.299816, last_modified: 2020-Jan-12 14:00:39.070129
        [ServiceChain (service-interface)|None] age: 0:00:40.310798, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 6, AS path: None
    --
    5-172.31.13.153:7-0-10.0.1.3/32, age: 0:00:40.299164, last_modified: 2020-Jan-12 14:00:39.070781
        [ServiceChain (service-interface)|None] age: 0:00:40.310369, localpref: 200, nh: 172.31.13.153, encap: ['vxlan'], label: 8, AS path: None
    --
    default-domain:default-project:ip-fabric:ip-fabric.evpn.0: 4 destinations, 4 routes (4 primary, 0 secondary, 0 infeasible)
    
    [root@ip-172-31-13-153 ~]#
    

    vRouter的vrf也将加入VNF。

    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr vrf
    +--------------------------------------+---------+---------+---------+-----------+----------+--------------------------------------+
    | name                                 | ucindex | mcindex | brindex | evpnindex | vxlan_id | vn                                   |
    +--------------------------------------+---------+---------+---------+-----------+----------+--------------------------------------+
    | default-domain:admin:__contrail_lr_i | 5       | 5       | 5       | 5         | 8        | default-domain:admin:__contrail_lr_i |
    | nternal_vn_62651c76-7851-4459-8d54-4 |         |         |         |           |          | nternal_vn_62651c76-7851-4459-8d54-4 |
    | 1b2b1289e21__:__contrail_lr_internal |         |         |         |           |          | 1b2b1289e21__                        |
    | _vn_62651c76-7851-4459-8d54-41b2b128 |         |         |         |           |          |                                      |
    | 9e21__                               |         |         |         |           |          |                                      |
    | default-domain:admin:__contrail_lr_i | 7       | 7       | 7       | 7         | 0        | N/A                                  |
    | nternal_vn_62651c76-7851-4459-8d54-4 |         |         |         |           |          |                                      |
    | 1b2b1289e21__:service-86899929-7419  |         |         |         |           |          |                                      |
    | -427a-9b3f-f8e4a3d990eb-default-     |         |         |         |           |          |                                      |
    | domain_admin_lr1-to-lr2              |         |         |         |           |          |                                      |
    | default-domain:admin                 | 3       | 3       | 3       | 3         | 6        | default-domain:admin                 |
    | :__contrail_lr_internal_vn_7693de7f- |         |         |         |           |          | :__contrail_lr_internal_vn_7693de7f- |
    | 9b96-41de-84af-c6db113132e2__        |         |         |         |           |          | 9b96-41de-84af-c6db113132e2__        |
    | :__contrail_lr_internal_vn_7693de7f- |         |         |         |           |          |                                      |
    | 9b96-41de-84af-c6db113132e2__        |         |         |         |           |          |                                      |
    | default-domain:admin                 | 6       | 6       | 6       | 6         | 0        | N/A                                  |
    | :__contrail_lr_internal_vn_7693de7f- |         |         |         |           |          |                                      |
    | 9b96-41de-84af-                      |         |         |         |           |          |                                      |
    | c6db113132e2__:service-86899929-7419 |         |         |         |           |          |                                      |
    | -427a-9b3f-f8e4a3d990eb-default-     |         |         |         |           |          |                                      |
    | domain_admin_lr1-to-lr2              |         |         |         |           |          |                                      |
    | default-domain:admin:vn1:vn1         | 2       | 2       | 2       | 2         | 5        | default-domain:admin:vn1             |
    | default-domain:admin:vn2:vn2         | 4       | 4       | 4       | 4         | 7        | default-domain:admin:vn2             |
    | default-domain:default-project:ip-   | 0       | 0       | 0       | 0         | 0        | N/A                                  |
    | fabric:__default__                   |         |         |         |           |          |                                      |
    | default-domain:default-project:ip-   | 1       | 1       | 1       | 1         | 2        | default-domain:default-project:ip-   |
    | fabric:ip-fabric                     |         |         |         |           |          | fabric                               |
    +--------------------------------------+---------+---------+---------+-----------+----------+--------------------------------------+
    [root@ip-172-31-13-153 ~]# 
    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr route -v 3
    0.255.255.252/32
        [172.31.13.153] pref:200
         to 2:34:66:61:a2:96 via tap346661a2-96, assigned_label:39, nh_index:46 , nh_type:interface, nh_policy:enabled, active_label:39, vxlan_id:0
        [LocalVmPort] pref:200
         to 2:34:66:61:a2:96 via tap346661a2-96, assigned_label:39, nh_index:46 , nh_type:interface, nh_policy:enabled, active_label:39, vxlan_id:0
    10.0.1.3/32
        [EVPN-ROUTING] pref:200
         to 2:98:88:3c:38:50 via tap98883c38-50, assigned_label:-1, nh_index:34 , nh_type:interface, nh_policy:enabled, active_label:6, vxlan_id:6
    10.0.2.4/32
        [172.31.13.153] pref:200
         to 2:34:66:61:a2:96 via tap346661a2-96, assigned_label:39, nh_index:46 , nh_type:interface, nh_policy:enabled, active_label:39, vxlan_id:0
    10.0.11.0/24
        [Local] pref:100
         nh_index:1 , nh_type:discard, nh_policy:disabled, active_label:-1, vxlan_id:0
    10.0.11.1/32
        [Local] pref:100
         to 0:0:0:0:0:1 via pkt0, assigned_label:-1, nh_index:13 , nh_type:interface, nh_policy:enabled, active_label:-1, vxlan_id:0
    10.0.11.2/32
        [Local] pref:100
         to 0:0:0:0:0:1 via pkt0, assigned_label:-1, nh_index:13 , nh_type:interface, nh_policy:enabled, active_label:-1, vxlan_id:0
    10.0.11.3/32
        [172.31.13.153] pref:200
         to 2:34:66:61:a2:96 via tap346661a2-96, assigned_label:39, nh_index:46 , nh_type:interface, nh_policy:enabled, active_label:39, vxlan_id:0
        [LocalVmPort] pref:200
         to 2:34:66:61:a2:96 via tap346661a2-96, assigned_label:39, nh_index:46 , nh_type:interface, nh_policy:enabled, active_label:39, vxlan_id:0
    169.254.169.254/32
        [LinkLocal] pref:100
         via vhost0, nh_index:11 , nh_type:receive, nh_policy:enabled, active_label:0, vxlan_id:0
    [root@ip-172-31-13-153 ~]# 
    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr route -v 5
    0.255.255.251/32
        [172.31.13.153] pref:200
         to 2:15:37:f5:fa:fb via tap1537f5fa-fb, assigned_label:44, nh_index:51 , nh_type:interface, nh_policy:enabled, active_label:44, vxlan_id:0
        [LocalVmPort] pref:200
         to 2:15:37:f5:fa:fb via tap1537f5fa-fb, assigned_label:44, nh_index:51 , nh_type:interface, nh_policy:enabled, active_label:44, vxlan_id:0
    10.0.1.3/32
        [172.31.13.153] pref:200
         to 2:15:37:f5:fa:fb via tap1537f5fa-fb, assigned_label:44, nh_index:51 , nh_type:interface, nh_policy:enabled, active_label:44, vxlan_id:0
    10.0.2.4/32
        [EVPN-ROUTING] pref:200
         to 2:19:e0:a2:b:f3 via tap19e0a20b-f3, assigned_label:-1, nh_index:63 , nh_type:interface, nh_policy:enabled, active_label:8, vxlan_id:8
    10.0.12.0/24
        [Local] pref:100
         nh_index:1 , nh_type:discard, nh_policy:disabled, active_label:-1, vxlan_id:0
    10.0.12.1/32
        [Local] pref:100
         to 0:0:0:0:0:1 via pkt0, assigned_label:-1, nh_index:13 , nh_type:interface, nh_policy:enabled, active_label:-1, vxlan_id:0
    10.0.12.2/32
        [Local] pref:100
         to 0:0:0:0:0:1 via pkt0, assigned_label:-1, nh_index:13 , nh_type:interface, nh_policy:enabled, active_label:-1, vxlan_id:0
    10.0.12.3/32
        [172.31.13.153] pref:100
         to 2:15:37:f5:fa:fb via tap1537f5fa-fb, assigned_label:44, nh_index:51 , nh_type:interface, nh_policy:enabled, active_label:44, vxlan_id:0
        [LocalVmPort] pref:100
         to 2:15:37:f5:fa:fb via tap1537f5fa-fb, assigned_label:44, nh_index:51 , nh_type:interface, nh_policy:enabled, active_label:44, vxlan_id:0
    169.254.169.254/32
        [LinkLocal] pref:100
         via vhost0, nh_index:11 , nh_type:receive, nh_policy:enabled, active_label:0, vxlan_id:0
    [root@ip-172-31-13-153 ~]# 
    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr route -v 6
    0.255.255.252/32
        [172.31.13.153] pref:200
         to 2:34:66:61:a2:96 via tap346661a2-96, assigned_label:39, nh_index:46 , nh_type:interface, nh_policy:enabled, active_label:39, vxlan_id:0
    10.0.2.4/32
        [172.31.13.153] pref:200
         to 2:34:66:61:a2:96 via tap346661a2-96, assigned_label:39, nh_index:46 , nh_type:interface, nh_policy:enabled, active_label:39, vxlan_id:0
    10.0.11.3/32
        [172.31.13.153] pref:200
         to 2:34:66:61:a2:96 via tap346661a2-96, assigned_label:39, nh_index:46 , nh_type:interface, nh_policy:enabled, active_label:39, vxlan_id:0
    [root@ip-172-31-13-153 ~]# 
    [root@ip-172-31-13-153 ~]# 
    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr route -v 7
    0.255.255.251/32
        [172.31.13.153] pref:200
         to 2:15:37:f5:fa:fb via tap1537f5fa-fb, assigned_label:44, nh_index:51 , nh_type:interface, nh_policy:enabled, active_label:44, vxlan_id:0
    10.0.1.3/32
        [172.31.13.153] pref:200
         to 2:15:37:f5:fa:fb via tap1537f5fa-fb, assigned_label:44, nh_index:51 , nh_type:interface, nh_policy:enabled, active_label:44, vxlan_id:0
    10.0.12.3/32
        [172.31.13.153] pref:100
         to 2:15:37:f5:fa:fb via tap1537f5fa-fb, assigned_label:44, nh_index:51 , nh_type:interface, nh_policy:enabled, active_label:44, vxlan_id:0
    [root@ip-172-31-13-153 ~]# 
    
    [root@ip-172-31-13-153 ~]# ./contrail-introspect-cli/ist.py ctr route show --family l3vpn
    
    bgp.l3vpn.0: 9 destinations, 9 routes (0 primary, 9 secondary, 0 infeasible)
    
    172.31.13.153:1:172.31.13.153/32, age: 0:40:32.414715, last_modified: 2020-Jan-12 13:38:26.922346
        [XMPP (interface)|ip-172-31-13-153.local] age: 0:40:32.418428, localpref: 100, nh: 172.31.13.153, encap: ['gre', 'udp', 'native'], label: 17, AS path: None
    
    172.31.13.153:2:10.0.1.3/32, age: 0:29:55.551280, last_modified: 2020-Jan-12 13:49:03.785781
        [XMPP (interface)|ip-172-31-13-153.local] age: 0:29:55.555402, localpref: 200, nh: 172.31.13.153, encap: ['gre', 'udp'], label: 25, AS path: None
    
    172.31.13.153:3:0.255.255.252/32, age: 0:19:58.759556, last_modified: 2020-Jan-12 13:59:00.577505
        [XMPP (service-interface)|ip-172-31-13-153.local] age: 0:19:58.763917, localpref: 200, nh: 172.31.13.153, encap: ['gre', 'udp'], label: 39, AS path: None
    
    172.31.13.153:3:10.0.11.3/32, age: 0:23:22.131030, last_modified: 2020-Jan-12 13:55:37.206031
        [XMPP (interface)|ip-172-31-13-153.local] age: 0:23:22.135685, localpref: 200, nh: 172.31.13.153, encap: ['gre', 'udp'], label: 39, AS path: None
    
    172.31.13.153:4:10.0.2.4/32, age: 0:22:02.013695, last_modified: 2020-Jan-12 13:56:57.323366
        [XMPP (interface)|ip-172-31-13-153.local] age: 0:22:02.018717, localpref: 200, nh: 172.31.13.153, encap: ['gre', 'udp'], label: 49, AS path: None
    
    172.31.13.153:5:0.255.255.251/32, age: 0:19:58.547299, last_modified: 2020-Jan-12 13:59:00.789762
        [XMPP (service-interface)|ip-172-31-13-153.local] age: 0:19:58.552631, localpref: 200, nh: 172.31.13.153, encap: ['gre', 'udp'], label: 44, AS path: None
    
    172.31.13.153:5:10.0.12.3/32, age: 0:23:35.850393, last_modified: 2020-Jan-12 13:55:23.486668
        [XMPP (interface)|ip-172-31-13-153.local] age: 0:23:35.856031, localpref: 100, nh: 172.31.13.153, encap: ['gre', 'udp'], label: 44, AS path: None
    
    172.31.13.153:6:10.0.2.4/32, age: 0:08:56.528333, last_modified: 2020-Jan-12 14:10:02.808728
        [ServiceChain (service-interface)|None] age: 0:08:56.534255, localpref: 200, nh: 172.31.13.153, encap: ['gre', 'udp'], label: 39, AS path: None
    
    172.31.13.153:7:10.0.1.3/32, age: 0:08:56.527653, last_modified: 2020-Jan-12 14:10:02.809408
        [ServiceChain (service-interface)|None] age: 0:08:56.533918, localpref: 200, nh: 172.31.13.153, encap: ['gre', 'udp'], label: 44, AS path: None
    [root@ip-172-31-13-153 ~]#
    

    vlan-based和vlan-aware的EVPN T2

    在EVPN T2中,有vlan-based和vlan-aware两种形式,它们彼此不兼容。

    Tungsten Fabric controller默认情况下使用vlan-aware形式,因此它们的evpn t2路由不能由几种仅支持vlan-based形式的数据中心交换机导入。

    话虽如此,以下的补丁程序(以及基于R1912的容器)使以太网标签ID变为零,并且据称如果应用于某些交换机,会开始导入T2路由。


Log in to reply