Test Env.
- GNS3 Local Server (1.5.2)
- CSR1000v x 2 (3.14.02.S, Virtualbox, 1 CPU, 2.5G Memory)
- c7200 x 1 (15.2(4)M8, Dyanmips)
- Ostinato (VirtualBox 256 MB)
사전준비
Cisco 사이트에서 CSR 1000v ISO 파일을 준비한다.
CSR1000v Overview를 보면 VxLAN은 3.11s 버전부터 지원하며, License에 따라서 지원여부가 달라짐을 확인 할 수 있다.
3.12s 이하 버전에서는 다음과 같은 Command로 license를 변경할 수 있다.
csr1k_1(config)#license boot level premium
아래 사이트를 참고하여 VirtualBox에 ISO 파일로 VM을 생성한다.
GNS3에서 console 접속시 diag mode로 접속되므로 사이트에 나와 있는데도 virtualbox console 에서 아래 설정까지 수행한다.
Router(config)#platform console serial
GNS3에서 VirtulBox template를 등록한다.
- http://www.cisco.com/c/dam/m/sl_si/events/2016/cisco_dan_inovativnih_resitev/pdf/cisco_day_slovenia_2016_vxlan_marian_klas_final.pdf
- http://lostintransit.se/2015/08/09/many-to-many-multicast-pim-bidir/
용어
- NVE = Network Virtualization Edge
- VNI(Vritual Network Instance) = Virtual Netowrk Instance
- VTEP = VXLAN Tunnel End-Point
Test
각 VETP는 VNI를 매핑한 multicast address로 PIM join message를 전달한다. c7200 RP router에서 연결된 interface에 PIM join한 정보를 확인할 수 있다.
c7200#show ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
V - RD & Vector, v - Vector
Outgoing interface flags: H - Hardware switched, A - Assert winner
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*,224.0.0.0/4), 05:10:05/-, RP 5.5.5.5, flags: B
Bidir-Upstream: Loopback0, RPF nbr: 5.5.5.5
Incoming interface list:
FastEthernet1/1, Accepting/Sparse
FastEthernet1/0, Accepting/Sparse
Loopback0, Accepting/Sparse
(*, 225.1.1.1), 05:10:04/00:03:21, RP 5.5.5.5, flags: B
Bidir-Upstream: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet1/1, Forward/Sparse, 05:10:04/00:03:21
FastEthernet1/0, Forward/Sparse, 05:10:04/00:02:51
(*, 224.0.1.40), 05:10:05/00:03:27, RP 5.5.5.5, flags: BCL
Bidir-Upstream: Null, RPF nbr 0.0.0.0
Outgoing interface list:
FastEthernet1/0, Forward/Sparse, 05:10:04/00:02:43
FastEthernet1/1, Forward/Sparse, 05:10:05/00:03:27
Loopback0, Forward/Sparse, 05:10:05/00:02:48
CSR1000v-1#show ip mroute
IP Multicast Routing Table
Flags: D - Dense, S - Sparse, B - Bidir Group, s - SSM Group, C - Connected,
L - Local, P - Pruned, R - RP-bit set, F - Register flag,
T - SPT-bit set, J - Join SPT, M - MSDP created entry, E - Extranet,
X - Proxy Join Timer Running, A - Candidate for MSDP Advertisement,
U - URD, I - Received Source Specific Host Report,
Z - Multicast Tunnel, z - MDT-data group sender,
Y - Joined MDT-data group, y - Sending to MDT-data group,
G - Received BGP C-Mroute, g - Sent BGP C-Mroute,
N - Received BGP Shared-Tree Prune, n - BGP C-Mroute suppressed,
Q - Received BGP S-A Route, q - Sent BGP S-A Route,
V - RD & Vector, v - Vector, p - PIM Joins on route,
x - VxLAN group
Outgoing interface flags: H - Hardware switched, A - Assert winner, p - PIM Join
Timers: Uptime/Expires
Interface state: Interface, Next-Hop or VCD, State/Mode
(*,224.0.0.0/4), 03:16:39/-, RP 5.5.5.5, flags: B
Bidir-Upstream: GigabitEthernet1, RPF nbr: 10.1.1.1
Incoming interface list:
Tunnel0, Accepting/Sparse-Dense
GigabitEthernet1, Accepting/Sparse
(*, 225.1.1.1), 03:16:55/stopped, RP 5.5.5.5, flags: BCx
Bidir-Upstream: GigabitEthernet1, RPF nbr 10.1.1.1
Outgoing interface list:
Tunnel0, Forward/Sparse-Dense, 03:16:39/00:01:20
GigabitEthernet1, Bidir-Upstream/Sparse, 03:16:39/stopped
(*, 224.0.1.40), 03:16:56/00:02:42, RP 5.5.5.5, flags: BPL
Bidir-Upstream: GigabitEthernet1, RPF nbr 10.1.1.1
Outgoing interface list:
GigabitEthernet1, Bidir-Upstream/Sparse, 03:16:39/stopped
패킷을 전송했을때 learning되는 mac address-table
Bridge-domain 1 (2 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
GigabitEthernet2 service instance 10
vni 4096
AED MAC address Policy Tag Age Pseudoport
0 0000.0022.0000 forward dynamic 300 nve1.VNI4096, VxLAN
src: 1.1.1.1 dst: 2.2.2.2
0 0000.0011.0000 forward dynamic 300 GigabitEthernet2.EFP10
1 FFFF.FFFF.FFFF flood static 0 OLIST_PTR:0xe7fa0400
기타 VXLAN 관련 정보 확인
Interface: nve1, State: Admin Up, Oper Up Encapsulation: Vxlan
source-interface: Loopback0 (primary:1.1.1.1 vrf:0)
Pkts In Bytes In Pkts Out Bytes Out
7157 486676 24479 1664572
CSR1000v-1#show nve vni
Interface VNI Multicast-group VNI state
nve1 4096 225.1.1.1 Up
CSR1000v-1#show nve peers
Interface Peer-IP VNI Peer state
nve1 2.2.2.2 4096 -
Brodcast Traffic
Broadcast 패킷은 동일한 VNI를 사용하는 Peer VTEP 에 전달하기 위해 multicast address를 사용하여 PIM router에서 flooding 할 수 있도록 전달한다.
Unknown Unicast Traffic
MAC table에서 찾을 수 없는 DLF(Destination Lookup Failure) 패킷은 동일한 VNI를 사용하는 Peer VTEP 에 전달하기 위해 multicast address를 사용하여 PIM router에서 flooding 할 수 있도록 전달한다.
Known Unicast Traffic
Known unicast traffic은 해당 VTEP로 전달하기 위해 unicast packet으로 전달한다.
Configurfation
CSR1000v-1
Building configuration...
Current configuration : 1401 bytes
!
! Last configuration change at 08:16:33 UTC Thu Sep 22 2016
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname CSR1000v-1
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip multicast-routing distributed
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
license udi pid CSR1000V sn 9N0GDTAC4IX
spanning-tree extend system-id
!
!
redundancy
bridge-domain 1
member vni 4096
member GigabitEthernet2 service-instance 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 1.1.1.1 255.255.255.255
!
interface nve1
no ip address
member vni 4096 mcast-group 225.1.1.1
source-interface Loopback0
!
interface GigabitEthernet1
ip address 10.1.1.2 255.255.255.252
ip pim sparse-mode
negotiation auto
no keepalive
!
interface GigabitEthernet2
no ip address
negotiation auto
no keepalive
service instance 10 ethernet
encapsulation untagged
!
!
router ospf 1
router-id 1.1.1.1
network 1.1.1.1 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
ip pim bidir-enable
ip pim rp-address 5.5.5.5 bidir
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line vty 0 4
login
!
!
end
c7200
Building configuration...
Current configuration : 1633 bytes
!
! Last configuration change at 12:05:33 UTC Thu Sep 22 2016
upgrade fpd auto
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname c7200
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip multicast-routing
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 5.5.5.5 255.255.255.255
ip pim sparse-mode
!
interface FastEthernet0/0
no ip address
shutdown
duplex half
!
interface FastEthernet1/0
ip address 10.1.1.1 255.255.255.252
ip pim sparse-mode
duplex auto
speed auto
no keepalive
!
interface FastEthernet1/1
ip address 20.1.1.1 255.255.255.252
ip pim sparse-mode
duplex auto
speed auto
no keepalive
!
interface FastEthernet2/0
no ip address
shutdown
duplex auto
speed auto
!
interface FastEthernet2/1
no ip address
shutdown
duplex auto
speed auto
!
router ospf 1
router-id 5.5.5.5
network 5.5.5.5 0.0.0.0 area 0
network 10.1.1.0 0.0.0.3 area 0
network 20.1.1.0 0.0.0.3 area 0
!
ip forward-protocol nd
no ip http server
no ip http secure-server
!
!
ip pim bidir-enable
ip pim rp-address 5.5.5.5 bidir
!
no cdp log mismatch duplex
no cdp run
!
!
!
control-plane
!
!
!
mgcp profile default
!
!
!
gatekeeper
shutdown
!
!
line con 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line aux 0
exec-timeout 0 0
privilege level 15
logging synchronous
stopbits 1
line vty 0 4
login
transport input all
!
!
end
CSR1000v-2
Building configuration...
Current configuration : 1397 bytes
!
! Last configuration change at 05:07:32 UTC Thu Sep 22 2016
!
version 15.5
service timestamps debug datetime msec
service timestamps log datetime msec
no platform punt-keepalive disable-kernel-core
platform console serial
!
hostname Router
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
!
!
!
!
!
!
!
!
!
ip multicast-routing distributed
!
!
!
!
!
!
!
!
!
!
subscriber templating
!
multilink bundle-name authenticated
!
!
!
license udi pid CSR1000V sn 9VTUBY6X6YF
spanning-tree extend system-id
!
!
redundancy
bridge-domain 1
member vni 4096
member GigabitEthernet2 service-instance 10
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
!
interface Loopback0
ip address 2.2.2.2 255.255.255.255
!
interface nve1
no ip address
member vni 4096 mcast-group 225.1.1.1
source-interface Loopback0
!
interface GigabitEthernet1
ip address 20.1.1.2 255.255.255.252
ip pim sparse-mode
negotiation auto
no keepalive
!
interface GigabitEthernet2
no ip address
negotiation auto
no keepalive
service instance 10 ethernet
encapsulation untagged
!
!
router ospf 1
router-id 2.2.2.2
network 2.2.2.2 0.0.0.0 area 0
network 20.1.1.0 0.0.0.3 area 0
!
!
virtual-service csr_mgmt
!
ip forward-protocol nd
!
ip pim bidir-enable
ip pim rp-address 5.5.5.5 bidir
no ip http server
no ip http secure-server
!
!
!
!
control-plane
!
!
line con 0
exec-timeout 0 0
line vty 0 4
login
!
!
end
후기
- csr1000v ova 파일은 VMWare 으로 생성 후 GNS3에서 network adapter 문제로 실행되지 않았다.
- csr1000v ova 파일은 VirtualBox 이용시 에러가 발생하여 VM이 생성되지 않는다.
- Tagged Frame을 VXLAN으로 tunneling 하고자 했으나, 동작하지 않아 Untagged frame으로 시험하였다.
댓글 없음:
댓글 쓰기