在Nexus 9000交换机的VXLAN BGP EVPN中配置系统NVE Infra-Vlan

下载选项

  • PDF     (1.3 MB)
    在各种设备上使用 Adobe Reader 查看
  • ePub     (1.0 MB)
    在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上使用各种应用查看
  • Mobi (Kindle)     (599.0 KB)
    在 Kindle 设备上查看或在多个设备上使用 Kindle 应用查看
已更新: 2020 年 4 月 29 日
文档 ID:214624

非歧视性语言

此产品的文档集力求使用非歧视性语言。在本文档集中,非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言,文档中可能无法确保完全使用非歧视性语言。 深入了解思科如何使用包容性语言。

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言,希望全球的用户都能通过各自的语言得到支持性的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任,并建议您总是参考英文原始文档(已提供链接)。

    简介

    本文档介绍system nve infra-vlans命令在基于运行NX-OS操作系统的Cisco Nexus 9000交换机的虚拟可扩展LAN边界网关协议以太网VPN (VXLAN BGP EVPN)交换矩阵中的用途。

    当Nexus 9000交换机在虚拟端口通道(vPC)域中配置为VXLAN枝叶交换机(也称为VXLAN隧道终端(VTEP))时,必须使用接口vlan通过vPC对等链路在其间建立备份第3层路由邻接。此VLAN必须在交换机本地,而不是在VXLAN交换矩阵中延伸,并且属于默认VRF(全局路由表)。

    确保采用CloudScale ASIC的Nexus 9000平台已具备system nve infra-vlans命令,以指定VLAN可以用作上行链路,并通过vPC对等链路使用VXLAN封装正确转发帧。

    注意:本文档不适用于在以应用为中心的基础设施(ACI)模式下运行并由思科应用策略基础设施控制器(APIC)管理的Cisco Nexus 9000交换机。

    先决条件

    要求

    Cisco 建议您了解以下主题:

    • Nexus NX-OS软件
    • VXLAN BGP EVPN

    使用的组件

    本文档中的信息基于以下软件和硬件版本:

    • 思科N9K-C93180YC-EX
    • NXOS版本7.0(3)I7(6)

    本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。

    注意:本文档使用了可互换使用的术语“枝叶交换机”、“VTEP”和“ToR”。


    使用案例

    接下来的使用案例显示了何时需要配置system nve infra-vlans命令。在所有这些配置中,需要将分配的VLAN 777定义为system nve infra-vlans命令的一部分,并用于通过vPC对等链路实例化第3层路由备份邻接。此VLAN 777需要作为默认VRF(全局路由表)的一部分。

    注意:这些使用案例描述了直接物理连接到Cisco Nexus 9000 VXLAN枝叶或边界枝叶交换机的终端主机或路由器的常见场景。同样,这些使用案例适用于Nexus 9000枝叶交换机与终端主机或路由器之间的第2层交换机或网桥。


    vPC中枝叶交换机上的孤立端口

    此使用案例描述交换矩阵(主机A)内部连接到vPC域中的单个Cisco Nexus 9000 VXLAN枝叶交换机部分的终端主机。这称为孤立端口连接。作为路由的一部分,连接到交换矩阵中任何其他枝叶交换机的终端主机生成的流量在底层由vPC中的两个枝叶交换机(交换机枝叶A和交换机枝叶B)同时拥有的NVE任播IP地址(10.12.12.12)。这是为了使用等价多路径(ECMP)路由来利用所有枝叶到主干的上行链路。在此场景中,通过主干后,发往主机A的VXLAN帧可以散列到没有与主机A直接连接的枝叶B。系统要求基础设施vlan和备用路由才能使流量通过vPC对等链路。

    alt-tag-for-image

    vPC中枝叶交换机的上行链路故障

    在此使用案例中,交换矩阵内的终端主机(主机A)双宿至vPC域中的两个Cisco Nexus 9000 VXLAN枝叶交换机。但是,如果vPC中任何枝叶交换机上的所有上行链路发生故障,从而使其与主干交换机完全隔离,则系统需要nve infra-vlan和备份路由才能使流量通过vPC对等链路,这是现在唯一一条通向主干的可行路径。例如,图中显示主机A的流量已将其帧散列到隔离的交换机枝叶A。现在帧必须经过vPC对等链路。

    alt-tag-for-image

    vPC中的边界枝叶交换机

    边界枝叶交换机通过与外部路由器交换网络前缀提供与VXLAN交换矩阵外的连接,该交换机可以位于vPC中。

    与外部路由器的连接可抽象地视为与WAN的连接。

    如果链路发生故障,连接到WAN的边界枝叶交换机最终可能实现单宿主。在这种情况下,系统不需要基础设施vlan和备用路由,流量才能通过vPC对等链路,如下图所示。

    注意:对于下一个示例,除了全局路由表中的VLAN外,还必须存在Tenant-VRF的VLAN部分,该部分使用静态路由或路由协议在vPC对等链路上的边界枝叶交换机之间交换网络前缀。要填充Tenant-VRF路由表,必须执行此操作。



    alt-tag-for-image

    边界枝叶交换机还可以使用静态路由或在Tenant-VRF中实例化的路由协议,通过vPC对等链路通告接口环回。此流量也将通过vPC对等链路传输。


    alt-tag-for-image

    最后,连接到边界枝叶交换机的外部路由器单宿主可以通告网络前缀,这可能需要在网络流量的路径中包含vPC对等链路,如下图所示。

    alt-tag-for-image

    芽节点

    在Bud节点使用案例中,可以有一个基于硬件或软件的VTEP连接到Cisco Nexus 9000 VXLAN枝叶交换机。此VTEP可以将VXLAN封装的流量发送到枝叶交换机。必须将用于连接此硬件或软件VTEP的VLAN添加到system nve infra-vlans命令中。

    在本例中,它是VLAN 10和VLAN 777。


    alt-tag-for-image

    配置

    在此场景中,枝叶A和枝叶B是vPC中的VTEP。

    已选择VLAN 777参与底层路由协议,在本例中为开放最短路径优先(OSPF)。

    在每台枝叶A和枝叶B交换机上,OSPF已通过vPC对等链路与主干交换机形成相邻关系。

    OSPF或中间系统到中间系统(IS-IS)可以是底层所使用的路由协议。

    注意:在vlan 777配置部分下未配置vn-segment命令。这表示VLAN未在VXLAN交换矩阵中扩展,并且它在交换机中是本地的。 

    在全局配置模式下添加system nve infra-vlans命令,并选择vlan 777,因为它是用于底层OSPF邻接的vlan。

    注意:仅在使用CloudScale ASIC的Nexus 9000上需要系统基础设施vlan。 

    枝叶A 
    LEAF_A# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.255.255.254    1 FULL/ -          00:02:52 10.255.255.254  Eth1/6 
 10.255.255.2      1 FULL/ -          02:16:10 10.1.2.2        Vlan777 
LEAF_A#

    
LEAF_A# show running-config vlan 777

!Command: show running-config vlan 777
!Running configuration last done at: Tue Jul 16 19:45:24 2019
!Time: Tue Jul 16 19:48:46 2019

version 7.0(3)I7(6) Bios:version 07.65 
vlan 777
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA


LEAF_A# 

    
LEAF_A# show running-config interface vlan 777

!Command: show running-config interface Vlan777
!Running configuration last done at: Tue Jul 16 19:45:24 2019
!Time: Tue Jul 16 19:46:33 2019

version 7.0(3)I7(6) Bios:version 07.65 

interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.1/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0

LEAF_A#

    
LEAF_A# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LEAF_A(config)# system nve infra-vlans ?
  <1-3967>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512)

LEAF_A(config)# system nve infra-vlans 777
LEAF_A(config)#


    枝叶B 
    LEAF_B# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.255.255.254    1 FULL/ -          02:21:53 10.255.255.254  Eth1/5 
 10.255.255.1      1 FULL/ -          02:13:51 10.1.2.1        Vlan777 
LEAF_B#

    
LEAF_B# show running-config vlan 777


!Command: show running-config vlan 777
!Running configuration last done at: Tue Jul 16 18:17:29 2019
!Time: Tue Jul 16 19:49:19 2019

version 7.0(3)I7(6) Bios:version 07.65 
vlan 777
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA


LEAF_B# 

    
LEAF_B# sh running-config interface vlan 777

!Command: show running-config interface Vlan777
!Running configuration last done at: Tue Jul 16 18:17:29 2019
!Time: Tue Jul 16 19:48:14 2019

version 7.0(3)I7(6) Bios:version 07.65 

interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.2/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0

LEAF_B#

    
LEAF_B# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LEAF_B(config)# system nve infra-vlans ?
  <1-3967>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512)

LEAF_B(config)# system nve infra-vlans 777
LEAF_B(config)#


    注意:您不能配置infra-VLAN的某些组合。例如2和514、10和522,它们相隔512。

    网络图

    alt-tag-for-image


    配置

    枝叶A 
    configure terminal
!
hostname LEAF_A
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature vpc
feature lacp
!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
vpc domain 1
  peer-keepalive destination 10.82.140.99 source 10.82.140.98 vrf management
  peer-switch
  peer-gateway
  layer3 peer-router
!
interface Ethernet1/1
  switchport
  switchport mode trunk
  channel-group 1 mode active
  no shutdown
!
interface Port-Channel1
  vpc peer-link
  no shutdown
!
    interface Vlan777
      no shutdown
      no ip redirects
      ip address 10.1.2.1/24
      no ipv6 redirects
      ip ospf network point-to-point
      ip router ospf 1 area 0.0.0.0
    !
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/6
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/54
  description TO HOST-A
  switchport
  switchport access vlan 10
  spanning-tree port type edge
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.1.1.1/32
  ip address 10.12.12.12/32 secondary
  ip router ospf 1 area 0.0.0.0

interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.1/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
      ip forward
      no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.1
!
router bgp 65535
  router-id 10.255.255.1
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end


    枝叶B 
    configure terminal
!
hostname LEAF_B
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature vpc
feature lacp
!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
vpc domain 1
  peer-keepalive destination 10.82.140.98 source 10.82.140.99 vrf management
  peer-switch
  peer-gateway
  layer3 peer-router
!
interface Ethernet1/1
  switchport
  switchport mode trunk
  channel-group 1 mode active
  no shutdown
!
interface Port-Channel1
  vpc peer-link
  no shutdown
!
    interface Vlan777
      no shutdown
      no ip redirects
      ip address 10.1.2.2/24
      no ipv6 redirects
      ip ospf network point-to-point
      ip router ospf 1 area 0.0.0.0
    !
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/5
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.2.2.2/32
  ip address 10.12.12.12/32 secondary
  ip router ospf 1 area 0.0.0.0

interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.2/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
      ip forward
      no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.2
!
router bgp 65535
  router-id 10.255.255.2
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end
    枝叶C 
    configure terminal
!
hostname LEAF_C
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/1
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/49
  description TO HOST-A
  switchport
  switchport access vlan 10
  spanning-tree port type edge
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.3.3.3/32
  ip router ospf 1 area 0.0.0.0
!
interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.3/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
      ip forward
      no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.3
!
router bgp 65535
  router-id 10.255.255.3
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end


    主干 
    configure terminal
!
hostname SPINE
!
nv overlay evpn
feature ospf
feature bgp
feature nv overlay
!
interface Ethernet1/5
  description TO LEAF A
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/6
  description TO LEAF B
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/1
  description TO LEAF C
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.254/32
  ip router ospf 1 area 0.0.0.0
!
router ospf 1
  router-id 10.255.255.254
!
router bgp 65535
  router-id 10.255.255.254
  address-family ipv4 unicast
  address-family l2vpn evpn
    retain route-target all
  neighbor 10.255.255.1
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.255.2
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.255.3
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
!
end


    验证

    运行show system nve infra-vlans命令,确保vlan显示在Currently active infra Vlans下。

    枝叶A 
    LEAF_A# show system nve infra-vlans 
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_A#


    枝叶B 
    LEAF_B# show system nve infra-vlans
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_B#

    注意:建议在第3层物理接口上用作在交换矩阵中传输VXLAN流量的上行链路。不支持第3层子接口。要使用接口vlan传输VXLAN流量,请确保也通过vPC对等链路使用system nve infra-vlans命令标识vlan。

    故障排除

    如果枝叶A交换机遇到上行链路故障,并且它不再直接连接到主干交换机,仍可通过vPC对等链路上的infra-vlan实现可达性,该链路用作通向主干交换机的备用上行链路。

    alt-tag-for-image

    枝叶A 
    LEAF_A# show mac address-table vlan 10
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*   10     0000.0000.000a   dynamic  0         F      F    Eth1/54
C   10     0000.0000.000b   dynamic  0         F      F    nve1(10.3.3.3)
G   10     00be.755b.f1b7   static   -         F      F    sup-eth1(R)
G   10     4c77.6db9.a8db   static   -         F      F    vPC Peer-Link(R)
LEAF_A#
    
LEAF_A# show ip route 10.3.3.3
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

10.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.2.2, Vlan777, [110/49], 00:01:39, ospf-1, intra
LEAF_A#
    
LEAF_A# show system nve infra-vlans 
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_A#

    修订历史记录

    版本 发布日期 备注
    1.0
    25-Jul-2019
    初始版本
    TAC Authored

    由思科工程师提供

    • 赫克托·古斯塔沃·塞拉诺·古铁雷斯
      思科TAC工程师

    此文档是否有帮助?

    Feedback反馈

    联系我们

    本文档适用于以下产品