Arista VXLAN HER

Arista는 두가지 VXLAN Tunneling 방식을 지원한다.

1. RFC7348은 Broadcast, Unknown packet을 multicast packet으로 encapsulation하여 PIM router에서 Flooding하여 peer VTEP가 수신할 수 있는 방식을 설명한다.
2. 하지만 많은 사업자들이 IP multicast를 지원하지 않는 경우가 있기 때문에 multicast가 아닌 unicast로 encapsulation하는 방식도 지원하는데 이를 HER(Head End Replication) 이라고 한다.

이번 포스트에서는 Unicast Based(HEF) VXLAN을 시험해보도록 한다.

Test Env.

• GNS3 Local Server (1.5.2)
• vEOS x 2 (4.16, VirtualBox, 1.5 GB)
• c7200 x 1 (15.2(4)M8, Dynamips)
• Ostinato (VirtualBox, 256 MB)

Test

HER VXLAN은 underday network으로 IP multicast를 사용하지 않으므로 Test network에 PIM 설정을 생략한다.

Broadcast tunneling packet

Destination IP address와 MAC address가 unicast address를 사용하고 있다.

Unknown Unicast tunneling packet

Destination IP address와 MAC address가 unicast address를 사용하고 있다.

Known unicast tunneling packet

vEOS-1#show mac address-table

          Mac Address Table

------------------------------------------------------------------

  

Vlan    Mac Address       Type        Ports      Moves   Last Move

----    -----------       ----        -----      -----   ---------

  10    0000.0000.0011    DYNAMIC     Et2        47      37 seconds ago

  10    0000.0000.0022    DYNAMIC     Vx1        1       37 seconds ago

Total Mac Addresses for this criterion: 2

  

          Multicast Mac Address Table

------------------------------------------------------------------

  

Vlan    Mac Address       Type        Ports

----    -----------       ----        -----

Total Mac Addresses for this criterion: 0

VXLAN 관련 확인

vxlan을 통행 learning된 mac address-table 확인

vEOS-1#show vxlan address-table

          Vxlan Mac Address Table

----------------------------------------------------------------------

  

Vlan  Mac Address     Type     Prt  Vtep             Moves   Last Move

----  -----------     ----     ---  ----             -----   ---------

  10  0000.0000.0022  DYNAMIC  Vx1  2.2.2.2          1       0:00:54 ago

Total Remote Mac Addresses for this criterion: 1

vxlan를 통해 수신된 peer VTEP list

vEOS-1#show vxlan vtep

Remote vteps for Vxlan1:

2.2.2.2

Total number of remote vteps:  1

Configuration

vEOS-1

! Command: show running-config

 ! device: vEOS-1 (vEOS, EOS-4.16.6M)

!

! boot system flash:/vEOS-lab.swi

!

transceiver qsfp default-mode 4x10G

!

no lldp run

!

hostname vEOS-1

!

spanning-tree mode mstp

!

no aaa root

!

vlan 10

!

interface Ethernet1

   no switchport

   ip address 10.1.1.2/30

!

interface Ethernet2

   switchport access vlan 10

!

interface Ethernet3

!

interface Ethernet4

!

interface Loopback0

   ip address 1.1.1.1/32

!

interface Management1

!

interface Vxlan1

   vxlan source-interface Loopback0

   vxlan udp-port 4789

   vxlan vlan 10 vni 4096

   vxlan flood vtep 2.2.2.2

!

ip routing

!

router ospf 1

   router-id 1.1.1.1

   network 1.1.1.1/32 area 0.0.0.0

   network 10.1.1.0/30 area 0.0.0.0

   max-lsa 12000

!

!

end

c7200

Building configuration...

Current configuration : 1343 bytes

!

! Last configuration change at 17:24:29 UTC Fri Sep 23 2016

upgrade fpd auto

version 15.2

service timestamps debug datetime msec

service timestamps log datetime msec

no service password-encryption

!

hostname c7200

!

boot-start-marker

boot-end-marker

!

!

!

no aaa new-model

no ip icmp rate-limit unreachable

!

!

!

!

!

!

no ip domain lookup

ip cef

no ipv6 cef

!

multilink bundle-name authenticated

!

!

!

!

!

!

!

!

!

!

redundancy

!

!

ip tcp synwait-time 5

!

!

!

!

!

!

!

!

!

!

interface Loopback0

 ip address 5.5.5.5 255.255.255.255

!

interface FastEthernet0/0

 no ip address

 shutdown

 duplex half

!

interface FastEthernet1/0

 ip address 10.1.1.1 255.255.255.252

 duplex auto

 speed auto

 no keepalive

!

interface FastEthernet1/1

 ip address 20.1.1.1 255.255.255.252

 duplex auto

 speed auto

 no keepalive

!

router ospf 1

 router-id 5.5.5.5

 network 5.5.5.5 0.0.0.0 area 0

 network 10.1.1.0 0.0.0.3 area 0

 network 20.1.1.0 0.0.0.3 area 0

!

ip forward-protocol nd

no ip http server

no ip http secure-server

!

!

!

no cdp log mismatch duplex

no cdp run

!

!

!

control-plane

!

!

!

mgcp profile default

!

!

!

gatekeeper

 shutdown

!

!

line con 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

 stopbits 1

line aux 0

 exec-timeout 0 0

 privilege level 15

 logging synchronous

 stopbits 1

line vty 0 4

 login

 transport input all

!

!

end

vEOS-2

! Command: show running-config

 ! device: vEOS-2 (vEOS, EOS-4.16.6M)

!

! boot system flash:/vEOS-lab.swi

!

transceiver qsfp default-mode 4x10G

!

no lldp run

!

hostname vEOS-2

!

spanning-tree mode mstp

!

no aaa root

!

vlan 10

!

interface Ethernet1

   no switchport

   ip address 20.1.1.2/30

!

interface Ethernet2

   switchport access vlan 10

!

interface Ethernet3

!

interface Ethernet4

!

interface Loopback0

   ip address 2.2.2.2/32

!

interface Management1

!

interface Vxlan1

   vxlan source-interface Loopback0

   vxlan udp-port 4789

   vxlan vlan 10 vni 4096

   vxlan flood vtep 1.1.1.1

!

ip routing

!

router ospf 1

   router-id 2.2.2.2

   network 2.2.2.2/32 area 0.0.0.0

   network 20.1.1.0/30 area 0.0.0.0

   max-lsa 12000

!

!

end

후기

• Cisco 장비가 underlay network으로 IP multicast를 사용함으로써 PIM ASM 똫는 PIM Bidir를 장비별로 요구하는데 반해, Unicast IP를 사용함으로써 Deployment의 제약이 적은것 같다.