!
l2vpn evpn instance 203 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 204 vlan-based
encapsulation vxlan
!
system mtu 9198
!
vlan configuration 101
member evpn-instance 101 vni 10101
vlan configuration 102
member evpn-instance 102 vni 10102
vlan configuration 103
member evpn-instance 103 vni 10103
vlan configuration 104
member evpn-instance 104 vni 10104
vlan configuration 201
member evpn-instance 201 vni 10201
vlan configuration 202
member evpn-instance 202 vni 10202
vlan configuration 203
member evpn-instance 203 vni 10203
vlan configuration 204
member evpn-instance 204 vni 10204
vlan configuration 901
member vni 50901
!
vlan 101
private-vlan primary
private-vlan association 102-104
!
vlan 102
private-vlan community
!
vlan 103
private-vlan community
!
vlan 104
private-vlan isolated
!
vlan 201
private-vlan primary
private-vlan association 202-204
!
vlan 202
private-vlan community
!
!
l2vpn evpn instance 203 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 204 vlan-based
encapsulation vxlan
!
system mtu 9198
!
vlan configuration 101
member evpn-instance 101 vni 10101
vlan configuration 102
member evpn-instance 102 vni 10102
vlan configuration 103
member evpn-instance 103 vni 10103
vlan configuration 104
member evpn-instance 104 vni 10104
vlan configuration 201
member evpn-instance 201 vni 10201
vlan configuration 202
member evpn-instance 202 vni 10202
vlan configuration 203
member evpn-instance 203 vni 10203
vlan configuration 204
member evpn-instance 204 vni 10204
vlan configuration 901
member vni 50901
!
vlan 101
private-vlan primary
private-vlan association 102-104
!
vlan 102
private-vlan community
!
vlan 103
private-vlan community
!
vlan 104
private-vlan isolated
!
vlan 201
private-vlan primary
private-vlan association 202-204
!
vlan 202
private-vlan community
!
!
l2vpn evpn instance 203 vlan-based
encapsulation vxlan
!
l2vpn evpn instance 204 vlan-based
encapsulation vxlan
!
system mtu 9198
!
vlan configuration 101
member evpn-instance 101 vni 10101
vlan configuration 102
member evpn-instance 102 vni 10102
vlan configuration 103
member evpn-instance 103 vni 10103
vlan configuration 104
member evpn-instance 104 vni 10104
vlan configuration 201
member evpn-instance 201 vni 10201
vlan configuration 202
member evpn-instance 202 vni 10202
vlan configuration 203
member evpn-instance 203 vni 10203
vlan configuration 204
member evpn-instance 204 vni 10204
vlan configuration 901
member vni 50901
!
vlan 101
private-vlan primary
private-vlan association 102-104
!
vlan 102
private-vlan community
!
vlan 103
private-vlan community
!
vlan 104
private-vlan isolated
!
vlan 201
private-vlan primary
private-vlan association 202-204
!
vlan 202
private-vlan community
!
vlan 203
private-vlan community
!
vlan 204
private-vlan isolated
!
vlan 901
!
interface Loopback0
ip address 172.16.255.3 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface Loopback1
ip address 172.16.254.3 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface GigabitEthernet1/0/1
no switchport
ip address 172.16.13.3 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/2
no switchport
ip address 172.16.23.3 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/3
switchport access vlan 102
switchport private-vlan host-association 101 102
switchport mode private-vlan host
spanning-tree portfast
!
interface GigabitEthernet1/0/4
switchport access vlan 103
switchport private-vlan host-association 101 103
switchport mode private-vlan host
spanning-tree portfast
!
vlan 203
private-vlan community
!
vlan 204
private-vlan isolated
!
vlan 901
!
interface Loopback0
ip address 172.16.255.4 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface Loopback1
ip address 172.16.254.4 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface GigabitEthernet1/0/1
no switchport
ip address 172.16.14.4 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/2
no switchport
ip address 172.16.24.4 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/11
switchport access vlan 102
switchport private-vlan host-association 101 102
switchport mode private-vlan host
spanning-tree portfast
!
interface GigabitEthernet1/0/12
switchport access vlan 103
switchport private-vlan host-association 101 103
switchport mode private-vlan host
spanning-tree portfast
!
vlan 203
private-vlan community
!
vlan 204
private-vlan isolated
!
vlan 901
!
interface Loopback0
ip address 172.16.255.5 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface Loopback1
ip address 172.16.254.5 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface GigabitEthernet0/0
vrf forwarding Mgmt-vrf
ip address 10.62.149.183 255.255.255.0
negotiation auto
!
interface GigabitEthernet1/0/1
no switchport
ip address 172.16.15.5 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/2
no switchport
ip address 172.16.25.5 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/16
switchport access vlan 202
switchport private-vlan host-association 201 202
switchport mode private-vlan host
spanning-tree portfast
!
interface GigabitEthernet1/0/5
switchport access vlan 104
switchport private-vlan host-association 101 104
switchport mode private-vlan host
spanning-tree portfast
!
interface Vlan101
vrf forwarding green
ip address 10.1.101.1 255.255.255.0
private-vlan mapping 102-104
!
interface Vlan201
vrf forwarding green
ip address 10.1.201.1 255.255.255.0
private-vlan mapping 202-204
!
interface Vlan901
vrf forwarding green
ip unnumbered Loopback1
ipv6 enable
no autostate
!
interface nve1
no ip address
source-interface Loopback1
host-reachability protocol bgp
member vni 10101 mcast-group 225.1.1.1
member vni 10102 mcast-group 225.1.1.1
member vni 10103 mcast-group 225.1.1.1
member vni 10104 mcast-group 225.1.1.1
member vni 10201 mcast-group 225.1.1.1
member vni 10202 mcast-group 225.1.1.1
member vni 10203 mcast-group 225.1.1.1
member vni 10204 mcast-group 225.1.1.1
member vni 50901 vrf green
!
router ospf 1
router-id 172.16.255.3
!
interface GigabitEthernet1/0/13
switchport access vlan 104
switchport private-vlan host-association 101 104
switchport mode private-vlan host
spanning-tree portfast
!
interface Vlan101
vrf forwarding green
ip address 10.1.101.1 255.255.255.0
private-vlan mapping 102-104
!
interface Vlan201
vrf forwarding green
ip address 10.1.201.1 255.255.255.0
private-vlan mapping 202-204
!
interface Vlan901
vrf forwarding green
ip unnumbered Loopback1
ipv6 enable
no autostate
!
interface nve1
no ip address
source-interface Loopback1
host-reachability protocol bgp
member vni 10101 mcast-group 225.1.1.1
member vni 10102 mcast-group 225.1.1.1
member vni 10103 mcast-group 225.1.1.1
member vni 10104 mcast-group 225.1.1.1
member vni 10201 mcast-group 225.1.1.1
member vni 10202 mcast-group 225.1.1.1
member vni 10203 mcast-group 225.1.1.1
member vni 10204 mcast-group 225.1.1.1
member vni 50901 vrf green
!
router ospf 1
router-id 172.16.255.4
!
interface GigabitEthernet1/0/17
switchport access vlan 203
switchport private-vlan host-association 201 203
switchport mode private-vlan host
spanning-tree portfast
!
interface GigabitEthernet1/0/18
switchport access vlan 204
switchport private-vlan host-association 201 204
switchport mode private-vlan host
spanning-tree portfast
!
interface Vlan101
vrf forwarding green
ip address 10.1.101.1 255.255.255.0
private-vlan mapping 102-104
!
interface Vlan201
vrf forwarding green
ip address 10.1.201.1 255.255.255.0
private-vlan mapping 202-204
!
interface Vlan901
vrf forwarding green
ip unnumbered Loopback1
ipv6 enable
no autostate
!
interface nve1
no ip address
source-interface Loopback1
host-reachability protocol bgp
member vni 10101 mcast-group 225.1.1.1
member vni 10102 mcast-group 225.1.1.1
member vni 10103 mcast-group 225.1.1.1
member vni 10104 mcast-group 225.1.1.1
member vni 10201 mcast-group 225.1.1.1
member vni 10202 mcast-group 225.1.1.1
member vni 10203 mcast-group 225.1.1.1
member vni 10204 mcast-group 225.1.1.1
member vni 50901 vrf green
!
Spine-01# show running-config
hostname Spine-01
!
ip routing
!
ip multicast-routing
!
system mtu 9198
!
interface Loopback0
ip address 172.16.255.1 255.255.255.255
ip ospf 1 area 0
!
interface Loopback1
ip address 172.16.254.1 255.255.255.255
ip ospf 1 area 0
!
interface Loopback2
ip address 172.16.255.255 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface GigabitEthernet1/0/1
no switchport
ip address 172.16.13.1 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/2
no switchport
ip address 172.16.14.1 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/3
no switchport
ip address 172.16.15.1 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
router ospf 1
router-id 172.16.255.1
!
router bgp 65001
bgp router-id 172.16.255.1
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 172.16.255.2 remote-as 65001
neighbor 172.16.255.2 update-source Loopback0
neighbor 172.16.255.3 remote-as 65001
neighbor 172.16.255.3 update-source Loopback0
neighbor 172.16.255.4 remote-as 65001
neighbor 172.16.255.4 update-source Loopback0
neighbor 172.16.255.5 remote-as 65001
neighbor 172.16.255.5 update-source Loopback0
!
Spine-02# show running-config
hostname Spine-02
!
ip routing
!
ip multicast-routing
!
system mtu 9198
!
interface Loopback0
ip address 172.16.255.2 255.255.255.255
ip ospf 1 area 0
!
interface Loopback1
ip address 172.16.254.2 255.255.255.255
ip ospf 1 area 0
!
interface Loopback2
ip address 172.16.255.255 255.255.255.255
ip pim sparse-mode
ip ospf 1 area 0
!
interface GigabitEthernet1/0/1
no switchport
ip address 172.16.23.2 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/2
no switchport
ip address 172.16.24.2 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
interface GigabitEthernet1/0/3
no switchport
ip address 172.16.25.2 255.255.255.0
ip pim sparse-mode
ip ospf network point-to-point
ip ospf 1 area 0
!
router ospf 1
router-id 172.16.255.2
!
router bgp 65001
bgp router-id 172.16.255.2
bgp log-neighbor-changes
no bgp default ipv4-unicast
neighbor 172.16.255.1 remote-as 65001
neighbor 172.16.255.1 update-source Loopback0
neighbor 172.16.255.3 remote-as 65001
neighbor 172.16.255.3 update-source Loopback0
neighbor 172.16.255.4 remote-as 65001
neighbor 172.16.255.4 update-source Loopback0
neighbor 172.16.255.5 remote-as 65001
neighbor 172.16.255.5 update-source Loopback0
!
address-family ipv4
exit-address-family
!
address-family l2vpn evpn
neighbor 172.16.255.2 activate
neighbor 172.16.255.2 send-community both
neighbor 172.16.255.2 route-reflector-client
neighbor 172.16.255.3 activate
neighbor 172.16.255.3 send-community both
neighbor 172.16.255.3 route-reflector-client
neighbor 172.16.255.4 activate
neighbor 172.16.255.4 send-community both
neighbor 172.16.255.4 route-reflector-client
neighbor 172.16.255.5 activate
neighbor 172.16.255.5 send-community both
neighbor 172.16.255.5 route-reflector-client
exit-address-family
!
ip pim rp-address 172.16.255.255
ip msdp peer 172.16.254.2 connect-source Loopback1 remote-as 65001
ip msdp cache-sa-state
!
end
Spine-01#
address-family ipv4
exit-address-family
!
address-family l2vpn evpn
neighbor 172.16.255.1 activate
neighbor 172.16.255.1 send-community both
neighbor 172.16.255.1 route-reflector-client
neighbor 172.16.255.3 activate
neighbor 172.16.255.3 send-community both
neighbor 172.16.255.3 route-reflector-client
neighbor 172.16.255.4 activate
neighbor 172.16.255.4 send-community both
neighbor 172.16.255.4 route-reflector-client
neighbor 172.16.255.5 activate
neighbor 172.16.255.5 send-community both
neighbor 172.16.255.5 route-reflector-client
exit-address-family
!
ip pim rp-address 172.16.255.255
ip msdp peer 172.16.254.1 connect-source Loopback1 remote-as 65001
ip msdp cache-sa-state
!
end
Spine-02#
BGP EVPN VXLAN ファブリック内の PVLAN 拡張の確認
次の項では、上記で設定したトポロジのデバイスで PVLAN の拡張を確認する際に使用する show コマンドの出力例を示します。
Leaf-02# show bgp l2vpn evpn
BGP table version is 65, local router ID is 172.16.255.4
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
r RIB-failure, S Stale, m multipath, b backup-path, f RT-Filter,
x best-external, a additional-path, c RIB-compressed,
t secondary path, L long-lived-stale,
Origin codes: i - IGP, e - EGP, ? - incomplete
RPKI validation codes: V valid, I invalid, N Not found
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 172.16.255.3:101
* i [2][172.16.255.3:101][0][48][10B3D56A8FC1][32][10.1.101.1]/24
172.16.254.3 0 100 0 ?
*>i 172.16.254.3 0 100 0 ?
* i [2][172.16.255.3:101][0][48][F4CFE24334C2][32][10.1.101.3]/24
172.16.254.3 0 100 0 ?
*>i 172.16.254.3 0 100 0 ?
* i [2][172.16.255.3:101][0][48][F4CFE24334C3][32][10.1.101.4]/24
172.16.254.3 0 100 0 ?
*>i 172.16.254.3 0 100 0 ?
* i [2][172.16.255.3:101][0][48][F4CFE24334C4][32][10.1.101.5]/24
172.16.254.3 0 100 0 ?
*>i 172.16.254.3 0 100 0 ?
Route Distinguisher: 172.16.255.3:102
* i [2][172.16.255.3:102][0][48][F4CFE24334C2][0][*]/20
172.16.254.3 0 100 0 ?
*>i 172.16.254.3 0 100 0 ?
Route Distinguisher: 172.16.255.3:103
* i [2][172.16.255.3:103][0][48][F4CFE24334C3][0][*]/20
172.16.254.3 0 100 0 ?
*>i 172.16.254.3 0 100 0 ?
Route Distinguisher: 172.16.255.3:104
*>i [2][172.16.255.3:104][0][48][F4CFE24334C4][0][*]/20
172.16.254.3 0 100 0 ?
* i 172.16.254.3 0 100 0 ?
Route Distinguisher: 172.16.255.4:101
*>i [2][172.16.255.4:101][0][48][10B3D56A8FC1][32][10.1.101.1]/24
172.16.254.3 0 100 0 ?
*> [2][172.16.255.4:101][0][48][44D3CA286CC3][32][10.1.101.13]/24
:: 32768 ?
*> [2][172.16.255.4:101][0][48][44D3CA286CC4][32][10.1.101.14]/24
:: 32768 ?
*> [2][172.16.255.4:101][0][48][44D3CA286CC5][32][10.1.101.15]/24
:: 32768 ?
*> [2][172.16.255.4:101][0][48][7C210DBD9541][32][10.1.101.1]/24
:: 32768 ?
*>i [2][172.16.255.4:101][0][48][F4CFE24334C2][32][10.1.101.3]/24
172.16.254.3 0 100 0 ?
*>i [2][172.16.255.4:101][0][48][F4CFE24334C3][32][10.1.101.4]/24
Network Next Hop Metric LocPrf Weight Path
172.16.254.3 0 100 0 ?
*>i [2][172.16.255.4:101][0][48][F4CFE24334C4][32][10.1.101.5]/24
172.16.254.3 0 100 0 ?
Route Distinguisher: 172.16.255.4:102
*> [2][172.16.255.4:102][0][48][44D3CA286CC3][0][*]/20
:: 32768 ?
*>i [2][172.16.255.4:102][0][48][F4CFE24334C2][0][*]/20
172.16.254.3 0 100 0 ?
Route Distinguisher: 172.16.255.4:103
*> [2][172.16.255.4:103][0][48][44D3CA286CC4][0][*]/20
:: 32768 ?
*>i [2][172.16.255.4:103][0][48][F4CFE24334C3][0][*]/20
172.16.254.3 0 100 0 ?
Route Distinguisher: 172.16.255.4:104
*> [2][172.16.255.4:104][0][48][44D3CA286CC5][0][*]/20
:: 32768 ?
*>i [2][172.16.255.4:104][0][48][F4CFE24334C4][0][*]/20
172.16.254.3 0 100 0 ?
Route Distinguisher: 172.16.255.4:201
*>i [2][172.16.255.4:201][0][48][44D3CA286CC6][32][10.1.102.3]/24
172.16.254.5 0 100 0 ?
*>i [2][172.16.255.4:201][0][48][44D3CA286CC7][32][10.1.102.4]/24
172.16.254.5 0 100 0 ?
*>i [2][172.16.255.4:201][0][48][44D3CA286CC8][32][10.1.102.5]/24
172.16.254.5 0 100 0 ?
*>i [2][172.16.255.4:201][0][48][7C210DBD274C][32][10.1.201.1]/24
172.16.254.5 0 100 0 ?
Route Distinguisher: 172.16.255.4:202
*>i [2][172.16.255.4:202][0][48][44D3CA286CC6][0][*]/20
172.16.254.5 0 100 0 ?
Route Distinguisher: 172.16.255.4:203
*>i [2][172.16.255.4:203][0][48][44D3CA286CC7][0][*]/20
172.16.254.5 0 100 0 ?
Route Distinguisher: 172.16.255.4:204
*>i [2][172.16.255.4:204][0][48][44D3CA286CC8][0][*]/20
172.16.254.5 0 100 0 ?
Route Distinguisher: 172.16.255.5:201
*>i [2][172.16.255.5:201][0][48][44D3CA286CC6][32][10.1.102.3]/24
172.16.254.5 0 100 0 ?
* i 172.16.254.5 0 100 0 ?
*>i [2][172.16.255.5:201][0][48][44D3CA286CC7][32][10.1.102.4]/24
172.16.254.5 0 100 0 ?
* i 172.16.254.5 0 100 0 ?
*>i [2][172.16.255.5:201][0][48][44D3CA286CC8][32][10.1.102.5]/24
172.16.254.5 0 100 0 ?
* i 172.16.254.5 0 100 0 ?
*>i [2][172.16.255.5:201][0][48][7C210DBD274C][32][10.1.201.1]/24
172.16.254.5 0 100 0 ?
Network Next Hop Metric LocPrf Weight Path
* i 172.16.254.5 0 100 0 ?
Route Distinguisher: 172.16.255.5:202
*>i [2][172.16.255.5:202][0][48][44D3CA286CC6][0][*]/20
172.16.254.5 0 100 0 ?
* i 172.16.254.5 0 100 0 ?
Route Distinguisher: 172.16.255.5:203
*>i [2][172.16.255.5:203][0][48][44D3CA286CC7][0][*]/20
172.16.254.5 0 100 0 ?
* i 172.16.254.5 0 100 0 ?
Route Distinguisher: 172.16.255.5:204
*>i [2][172.16.255.5:204][0][48][44D3CA286CC8][0][*]/20
172.16.254.5 0 100 0 ?
* i 172.16.254.5 0 100 0 ?
Route Distinguisher: 1:1 (default for vrf green)
* i [5][1:1][0][24][10.1.101.0]/17
172.16.254.3 0 100 0 ?
* i 172.16.254.3 0 100 0 ?
*> 0.0.0.0 0 32768 ?
*>i [5][1:1][0][24][10.1.201.0]/17
172.16.254.5 0 100 0 ?
* i 172.16.254.5 0 100 0 ?
Leaf-02#
VTEP 3 の設定を確認する出力
次に、VTEP 3 での show vlan private-vlan コマンドの出力例を示します。
Leaf-03# show vlan private-vlan
Primary Secondary Type Ports
------- --------- ----------------- ------------------------------------------
101 102 community
101 103 community
101 104 isolated
201 202 community Gi1/0/16
201 203 community Gi1/0/17
201 204 isolated Gi1/0/18
Leaf-03#
次に、VTEP 3 での show ip arp vrf green コマンドの出力例を示します。
Leaf-03# show ip arp vrf green
Protocol Address Age (min) Hardware Addr Type Interface
Internet 10.1.101.1 - 7c21.0dbd.2741 ARPA Vlan101
Internet 10.1.201.1 - 7c21.0dbd.274c ARPA Vlan201
Internet 172.16.254.5 - 7c21.0dbd.2748 ARPA Vlan901
Leaf-03#
次に、VTEP 3 での show mac address-table vlan vlan-id コマンドの出力例を示します。
Leaf-03# show mac address-table vlan 101
Mac Address Table
-------------------------------------------
Vlan Mac Address Type Ports
---- ----------- -------- -----
101 7c21.0dbd.2741 STATIC Vl101
Total Mac Addresses for this criterion: 1
Leaf-03#
次に、VTEP 3 での show l2vpn evpn peers vxlan コマンドの出力例を示します。
Leaf-03# show l2vpn evpn peers vxlan
Leaf-03#
次に、VTEP 3 での show nve peer コマンドの出力例を示します。
Leaf-03# show nve peer
Interface VNI Type Peer-IP RMAC/Num_RTs eVNI state flags UP time
nve1 50901 L3CP 172.16.254.3 10b3.d56a.8fc8 50901 UP A/M/4 01:34:51
nve1 50901 L3CP 172.16.254.4 7c21.0dbd.9548 50901 UP A/M/4 01:34:51
Leaf-03#
次に、VTEP 3 での show l2vpn evpn mac local コマンドの出力例を示します。
Leaf-03# show l2vpn evpn mac local
MAC Address EVI VLAN ESI Ether Tag Next Hop(s)
-------------- ----- ----- ------------------------ ---------- ---------------
44d3.ca28.6cc6 201 201 0000.0000.0000.0000.0000 0 Gi1/0/16:201
44d3.ca28.6cc7 201 201 0000.0000.0000.0000.0000 0 Gi1/0/17:201
44d3.ca28.6cc8 201 201 0000.0000.0000.0000.0000 0 Gi1/0/18:201
44d3.ca28.6cc6 202 202 0000.0000.0000.0000.0000 0 Gi1/0/16:202
44d3.ca28.6cc7 203 203 0000.0000.0000.0000.0000 0 Gi1/0/17:203
44d3.ca28.6cc8 204 204 0000.0000.0000.0000.0000 0 Gi1/0/18:204
Leaf-03#
次に、VTEP 3 での show l2vpn evpn mac remote コマンドの出力例を示します。