在Catalyst 9000系列交換器上設定多個AF的BGP DN
簡介
本檔案介紹適用於Catalyst 9000系列交換器上EVPN和MVPN位址系列中的BGP動態鄰居的EVPN簡化CLI。
必要條件
需求
思科建議您瞭解以下主題:
- 基本BGP配置
- BGP地址系列
採用元件
本文中的資訊係根據以下軟體和硬體版本:
- Catalyst 9300
- Catalyst 9400
- Catalyst 9500
- Catalyst 9600
- Cisco IOS® XE 17.11.1及更高版本
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
背景資訊
EVPN部署涉及與許多對等體的BGP鄰居關係,通常在同一子網中。在引入BGP動態鄰居(DN)功能之前,需要和維護至少255條配置行,以便與/24子網中的所有對等體建立BGP會話。使用BGP DN時,只能使用3條線路來完成此操作。靜態鄰居配置和動態鄰居配置之間的唯一功能差異是,後者僅被動建立與其他BGP對等體的連線。因此,此功能只能由對等體之一進行設定。
將子網範圍內的許多對等點分組是非常理想的(如果不是必要的話),這樣部署才可行,並且已廣泛應用於IPv4、IPv6和VRF地址系列。此功能對於其他地址系列(特別是EVPN)來說也是理想的,因為它有助於避免在脊柱 — 枝葉拓撲中寫入和維護大量複雜的配置(其中許多枝葉位於同一子網中)。
註:此功能不會引入任何新CLI。它允許在以前不支援的地址系列下啟用配置有「bgp listen range」的對等組。
技術
| DN |
動態鄰居 |
被動模式,其中BGP偵聽連線嘗試並形成鄰居 |
| AF |
地址系列 |
定義BGP處理的型別字首和路由資訊 |
| AS |
自治系統 |
一組網際網路可路由IP字首,它們屬於一個網路或一組網路,都由單個實體或組織管理、控制和監督 |
| EVPN |
乙太網路虛擬私人網路 |
允許BGP傳輸第2層MAC和第3層IP資訊的擴展是EVPN和 使用多協定邊界網關協定(MP-BGP)作為協定,以分發與VXLAN重疊網路相關的可達性資訊。 |
| MVPN |
多點傳播 虛擬私人網路 |
多點傳送VPN(MVPN)功能提供在第3層虛擬私人網路(VPN)上支援多點傳送的功能 |
| VXLAN |
虛擬可擴充LAN(區域網路) |
VXLAN的用途是克服VLAN和STP的固有限制。建議採用的IETF標準[RFC 7348]提供與VLAN相同的乙太網第2層網路服務,但具有更高的靈活性。功能上,它是UDP內MAC封裝協定,在第3層底層網路上作為虛擬重疊運行。 |
設定
網路圖表
底層(OSPF)
重疊(BGP)
骨幹–01
Spine-01#sh run | section r b router bgp 65001 bgp router-id 172.16.255.1 bgp log-neighbor-changes bgp listen range 172.16.255.0/29 peer-group DN-GROUP <-- Listen for connections from peers in this subnet
bgp listen block 172.16.255.2 <-- Excluded peer RR from DN subnet range to allow static peer bgp listen limit 4 <-- Limit the number of peerings allowed no bgp default ipv4-unicast neighbor DN-GROUP peer-group neighbor DN-GROUP remote-as 65001 <-- Peers only allowed in this AS neighbor DN-GROUP update-source Loopback0
neighbor 172.16.255.2 remote-as 65001 <-- Static Neighbor config
neighbor 172.16.255.2 update-source Loopback0 <-- Static Neighbor config
! address-family ipv4 exit-address-family ! address-family ipv4 mvpn neighbor DN-GROUP activate <--- Dynamic peer group must be activated in MVPN AF neighbor DN-GROUP send-community both neighbor DN-GROUP route-reflector-client
neighbor 172.16.255.2 activate <--- Static peering activation in MVPN AF
neighbor 172.16.255.2 send-community extended exit-address-family ! address-family l2vpn evpn neighbor DN-GROUP activate <--- Dynamic peer group must be activated in EVPN AF neighbor DN-GROUP send-community both neighbor DN-GROUP route-reflector-client
neighbor 172.16.255.2 activate <-- Static peering activation in EVPN AF
neighbor 172.16.255.2 send-community extended
exit-address-family
注意:可以將靜態和動態鄰居作為同一對等體組的一部分,但靜態鄰居需要單獨啟用。
提示:建議將對等體數量限製為您希望必須阻止意外對等體的鄰居數量。儘可能嚴格地設定子網範圍和偵聽限制。
分葉–01
Leaf-01#show run | sec r bgp router bgp 65001 bgp router-id 172.16.255.3 bgp log-neighbor-changes no bgp default ipv4-unicast neighbor 172.16.255.1 remote-as 65001 neighbor 172.16.255.1 update-source Loopback0 neighbor 172.16.255.2 remote-as 65001 neighbor 172.16.255.2 update-source Loopback0 ! address-family ipv4 exit-address-family ! address-family ipv4 mvpn neighbor 172.16.255.1 activate <-- Route Reflector 1 neighbor 172.16.255.1 send-community both neighbor 172.16.255.2 activate <-- Route Reflector 2 neighbor 172.16.255.2 send-community both exit-address-family ! address-family l2vpn evpn neighbor 172.16.255.1 activate <-- Route Reflector 2 neighbor 172.16.255.1 send-community both neighbor 172.16.255.2 activate <-- Route Reflector 2 neighbor 172.16.255.2 send-community both exit-address-family
注意:其他主幹路由反射器和VTEP的配置相同,因此本節不重複這些配置
注意:要使用DN的對等RR,必須使用靜態配置。它們處於被動模式,不會相互生成OPEN消息
可選配置
Alternate-AS
允許與指定子網中列出了AS編號的對等方建立BGP會話(共6個AS最多支援五個備用eBGP AS)。
Spine-01#show run | section r b router bgp 65001 bgp listen range 172.16.255.0/29 peer-group DN-GROUP bgp listen limit 20 neighbor DN-GROUP peer-group neighbor DN-GROUP remote-as 1 alternate-as 2 3 4 5 6<-- Allow peering with more than one AS neighbor DN-GROUP update-source Loopback0
注意:這可能不足以替代大規模EVPN使用案例(每個動態鄰居對等組可能需要多達1000個遠端AS)。未來版本將增加此限制,以適應此類部署。
驗證
骨幹(RR)
驗證作為BGP偵聽器的骨幹已形成動態對等體
- Spine-02看起來相同,因此僅在此示例輸出中顯示Spine-01
Spine-01#show ip bgp all summary For address family: L2VPN E-VPN <-- Address Family type EVPN BGP router identifier 172.16.255.1, local AS number 65001 BGP table version is 64, main routing table version 64 19 network entries using 7296 bytes of memory 24 path entries using 5568 bytes of memory 13/10 BGP path/bestpath attribute entries using 3848 bytes of memory 13 BGP extended community entries using 1670 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 18382 total bytes of memory BGP activity 22/3 prefixes, 56/32 paths, scan interval 60 secs 19 networks peaked at 19:07:48 May 10 2023 UTC (00:48:59.007 ago) Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd *172.16.255.3 4 65001 286 328 64 0 0 04:05:53 9 *172.16.255.4 4 65001 309 340 64 0 0 04:05:53 13 *172.16.255.5 4 65001 276 315 64 0 0 04:05:43 1 *172.16.255.6 4 65001 276 313 64 0 0 04:05:53 1 * Dynamically created based on a listen range command Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd Dynamically created neighbors: 4, Subnet ranges: 1 BGP peergroup DN-GROUP listen range group members: 172.16.255.0/29 <-- Peering subnet configured For address family: MVPNv4 Unicast <-- Address Family type MVPN BGP router identifier 172.16.255.1, local AS number 65001 BGP table version is 1, main routing table version 1 Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd *172.16.255.3 4 65001 286 328 1 0 0 04:05:53 0 *172.16.255.4 4 65001 309 340 1 0 0 04:05:54 0 *172.16.255.5 4 65001 276 315 1 0 0 04:05:43 0 *172.16.255.6 4 65001 276 313 1 0 0 04:05:53 0 * Dynamically created based on a listen range command Dynamically created neighbors: 4, Subnet ranges: 1 BGP peergroup DN-GROUP listen range group members: 172.16.255.0/29 <-- Peering subnet configured Total dynamically created neighbors: 4/(4 max), Subnet ranges: 1 <-- 4 total neighbors from the max of 4
註:您可以使用每個AF BGP命令僅檢視單個AF的資訊:
- show bgp l2vpn evpn summary
- show ip bgp ipv4 mvpn all summary
觀察Spine-01(RR)TCP埠:
- 由於脊柱是被動的,因此其本地埠始終是固定的BGP埠179,而VTEP顯示臨時埠
- 172.16.255.1 > 172.16.255.2被定義為靜態對等體,但此RR也恰好接收了OPEN SO使用的埠179
Spine-01#show tcp brief TCB Local Address Foreign Address (state) 72632453A5C0 172.16.255.1.179 172.16.255.5.15285 ESTAB <-- Dynamic peer (Leaf-03) 7263245C73C0 172.16.255.1.179 172.16.255.6.52693 ESTAB <-- Dynamic peer (Border Leaf) 7263245B3D30 172.16.255.1.179 172.16.255.4.44091 ESTAB <-- Dynamic peer (Leaf-02) 7263272DE460 172.16.254.1.22430 172.16.254.2.639 ESTAB <-- MSDP peer (Spine-02) 7263246DD3A8 172.16.255.1.179 172.16.255.2.21866 ESTAB <-- Static Peer (Spine-02 RR) 7263245BDAC0 172.16.255.1.179 172.16.255.3.31383 ESTAB <-- Dynamic peer (Leaf-01)
疑難排解
DN對等
如果將對等體組新增到L2VPN EVPN地址系列下,則當在另一個AF下啟用對等體組時,該對等體組不會生效。
- 在這種情況下,對等組在MVPN下存在,然後在EVPN下啟用。
- EVPN鄰居只有在執行硬清除後才形成。
Spine-01(config)#router bgp 65001
Spine-01(config-router)#address-family l2vpn evpn
Spine-01(config-router-af)#neighbor DN-GROUP activate
Spine-01(config-router-af)#end
% BGP: Dynamic peergroup DN-GROUP does not reset session by default and requires manual reset if this peer-group is also activated under another address-family
Spine-01#sh bgp l2vpn evpn summary
<--- Neighbor info missing
BGP peergroup DN-GROUP listen range group members:
172.16.255.0/29
Total dynamically created neighbors: 4/(4 max), Subnet ranges: 1
Spine-01#clear ip bgp * <-- Hard clear
%BGP-3-NOTIFICATION_MANY: sent to 5 sessions 6/4 (Administrative Reset) for all peers <-- Resetting all peers %BGP_SESSION-5-ADJCHANGE: neighbor *172.16.255.3 MVPNv4 Unicast topology base removed from session Neighbor deleted %BGP-5-ADJCHANGE: neighbor *172.16.255.3 Down User reset %BGP_SESSION-5-ADJCHANGE: neighbor *172.16.255.4 MVPNv4 Unicast topology base removed from session Neighbor deleted %BGP-5-ADJCHANGE: neighbor *172.16.255.4 Down User reset %BGP_SESSION-5-ADJCHANGE: neighbor *172.16.255.5 MVPNv4 Unicast topology base removed from session Neighbor deleted %BGP-5-ADJCHANGE: neighbor *172.16.255.5 Down User reset %BGP_SESSION-5-ADJCHANGE: neighbor *172.16.255.6 MVPNv4 Unicast topology base removed from session Neighbor deleted %BGP-5-ADJCHANGE: neighbor *172.16.255.6 Down User reset %BGP-5-ADJCHANGE: neighbor 172.16.255.2 Down User reset %BGP_SESSION-5-ADJCHANGE: neighbor 172.16.255.2 MVPNv4 Unicast topology base removed from session User reset
%BGP-5-ADJCHANGE: neighbor *172.16.255.3 Up <-- Peers coming back up for both MVPN and EVPN
%BGP-5-ADJCHANGE: neighbor *172.16.255.5 Up
%BGP-5-ADJCHANGE: neighbor *172.16.255.4 Up
%BGP-5-ADJCHANGE: neighbor *172.16.255.6 Up
Spine-01#sh bgp l2vpn evpn all summary BGP router identifier 172.16.255.1, local AS number 65001 BGP table version is 61, main routing table version 61 41 network entries using 15744 bytes of memory 48 path entries using 11136 bytes of memory 25/22 BGP path/bestpath attribute entries using 7400 bytes of memory 20 BGP extended community entries using 2120 bytes of memory 0 BGP route-map cache entries using 0 bytes of memory 0 BGP filter-list cache entries using 0 bytes of memory BGP using 36400 total bytes of memory BGP activity 145/104 prefixes, 22148/22100 paths, scan interval 60 secs 41 networks peaked at 21:07:01 May 11 2023 UTC (4d21h ago) Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd *172.16.255.3 4 65001 26 12 61 0 0 00:05:03 16 <-- Dynamic Peers now show up in EVPN (* = dynamically created) *172.16.255.4 4 65001 27 10 61 0 0 00:05:08 19 *172.16.255.5 4 65001 14 12 61 0 0 00:05:05 6 *172.16.255.6 4 65001 17 10 61 0 0 00:05:10 7 * Dynamically created based on a listen range command Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd Dynamically created neighbors: 4, Subnet ranges: 1 BGP peergroup DN-GROUP listen range group members: 172.16.255.0/29 Total dynamically created neighbors: 4/(4 max), Subnet ranges: 1
註:需要清除鄰居才能使配置更改生效。這與支援BGP動態鄰居的地址系列的當前行為一致。
DN調試
如果動態對等體存在問題,您可以使用調試檢視更多有關問題的資訊
Spine-01#debug bgp all range detail
Spine-01#sh debugging
IP routing:
BGP dynamic range debugging is on with detail (Dynamic neighbor details only) <-- Only debug DN type neighbors
Spine-01(config)#router bgp 65001
Spine-01(config-router)# address-family l2vpn evpn
Spine-01(config-router-af)# neighbor DN-GROUP activate
% BGP: Dynamic peergroup DN-GROUP does not reset session by default and requires manual reset if this peer-group is also activated under another address-family
*May 16 18:29:53.744: BGP:DN: Peergroup DN-GROUP is activated for Dynamic Neighbors for L2VPN E-VPN <-- Debug event
Spine-01#clear ip bgp *
*May 16 18:31:34.806: %BGP-3-NOTIFICATION_MANY: sent to 5 sessions 6/4 (Administrative Reset) for all peers
*May 16 18:31:34.806: BGP:DN: free: *172.16.255.3
*May 16 18:31:34.806: BGP:DN: free: *172.16.255.4
*May 16 18:31:34.806: BGP:DN: free: *172.16.255.5
*May 16 18:31:34.807: BGP:DN: free: *172.16.255.6
*May 16 18:31:43.855: BGP:DN: validating TCP SYN from 172.16.255.5: in range 172.16.255.0/29, val =0, peer-group = DN-GROUP <-- Validate a TCP SYN from peer (in DN Range?)
*May 16 18:31:43.856: BGP: 172.16.255.5 passive open to 172.16.255.1
*May 16 18:31:43.856: BGP:DN: passive open ACCEPT - TCP session : tcb=0x7263248098B8,context 0x726317305E20, ctx_group name 172.16.255.0/29, tcb->foreign=172.16.255.5, magic_cookie=0xFEEDFACE <-- Accept BGP OPEN
*May 16 18:31:43.856: BGP:DN: group->prefix_length=24, group->prefix=172.16.255.0
*May 16 18:31:43.856: BGP:DN: 172.16.255.5 get_rc_shim_transport_group: range group =172.16.255.0/29, group address = 0x726317305E20
*May 16 18:31:43.856: BGP:DN: init dynamic neighbor for peergroup DN-GROUP in L2VPN Evpn
*May 16 18:31:43.856: BGP:DN: Created a new neighbor *172.16.255.5 in range 172.16.255.0/29, peer-group DN-GROUP, count= 0 <-- Create this neighborship
*May 16 18:31:43.856: BGP:DN: accepted: nbr *172.16.255.5/7263245A3508 peer-grp: DN-GROUP/726317306460 <-- Peering is completed
注意:其他3個對等體具有相同的調試結果,因此此處未顯示。
靜態鄰居
如果以前以動態方式建立了鄰居,則無法將其轉換為靜態。
Spine-01(config-router)#neighbor 172.16.255.3 remote-as 65001
% Cannot configure for dynamically created neighbor
在路由器BGP模式下,您可以使用以下命令排除DN範圍內的鄰居。這允許在DN子網範圍內混合使用靜態和動態對等體
router bgp 65001
bgp listen block 172.16.255.3
相關資訊
修訂記錄
| 修訂 | 發佈日期 | 意見 |
|---|---|---|
1.0 |
17-May-2023 |
初始版本 |
意見