ITPub博客

首页 > IT基础架构 > 网络通信/物联网 > Tungsten Fabric入门宝典丨说说L3VPN及EVPN集成

Tungsten Fabric入门宝典丨说说L3VPN及EVPN集成

原创 网络通信/物联网 作者:TF中文社区 时间:2020-05-27 12:54:47 0 删除 编辑
Tungsten Fabric入门宝典系列文章 ,来自技术大牛倾囊相授的实践经验,由TF中文社区为您编译呈现,旨在帮助新手深入理解TF的运行、安装、集成、调试等全流程。如果您有相关经验或疑问,欢迎与我们互动,并与社区极客们进一步交流。更多TF技术文章,请点击公号底部按钮>学习>文章合集。


作者:Tatsuya Naganawa  译者:TF编译组



在深入研究这一重要主题之前,我将首先在两种情况下,描述我个人偏爱的封装和控制平面协议,即DataCenter和NFVI。

1. DataCenter: EVPN / VXLAN

  • 如果需要DC之间的MPLS over MPLS,则需要路由器配置来缝合它们


2. NFVI: L3VPN / MPLS over UDP

下面我来描述一下使用这些选择的理由。

  VXLAN或MPLS

选择封装时,需要注意两个方面,即NIC和路由器/交换机。

对于NIC来说,vxlan更为流行,即使Linux本身从4.1开始支持MPLS encap / decap,找到可以卸载MPLS encap / decap的硬件也并非易事。


  • https://kernelnewbies.org/Linux_4.1#Multiprotocol_Label_Switching

  • 据我所知,如果不使用硬件卸载,基于Linux网络堆栈,kernel vRouter的性能极限将达到1.0 Mpps


  • 也就是说,尽管某些配置knob已经可用,但vRouter当前不支持linux api来卸载vxlan的encap / decap:

    https://github.com/Juniper/contrail-specs/blob/master/smart-nic-generic-offload.md


对于路由器/交换机来说,找到一种可以处理MPLS报文的硬件成本确实更高,因为大多数数据中心交换机当前都使用特定的Broadcom芯片,该芯片可以使用vxlan,但不能使用MPLS。


因此在数据中心里,使用vxlan封装将是可行的选择。


要使用VXLAN,EVPN将会是一个运行良好的控制平面。

Tungsten Fabric controller当前支持Type 2和Type 5的EVPN,内部也使用Type 1、3、4。

  • https://github.com/Juniper/contrail-specs/blob/master/EVPN-type-5-support-in-Contrail.md

  • https://github.com/Juniper/contrail-controller/blob/master/src/bgp/evpn/evpn_route.h#L47

  • Type 6的实施似乎也在进行中:

    https://github.com/Juniper/contrail-specs/blob/master/5.1/evpn_multicast_smet.md


因此,vRouter加入EVPN/VXLAN网络基本上是可以的,尽管要实现完全的互操作性并不总是那么容易。

要注意一件事,尽管某些交换机不具备此功能,但vRouter仍然能够进行vxlan路由。

在此设置中,你可能需要特别注意,如何在物理交换机和vRouter之间发送vxlan间流量。

  • 这个文档很好地描述了此行为:

    https://www.juniper.net/documentation/en_US/release-independent/solutions/information-products/pathway-pages/solutions/l3gw-vmto-evpn-vxlan-mpls.pdf


一个极端的情况是,由于流量工程和链路保护等高级MPLS功能,数据中心之间必须使用MPLS-over-MPLS。

在这种情况下,路由器必须缝合EVPN/VXLAN和EVPN/MPLS,通过以下的配置来实现。

  • https://www.juniper.net/documentation/en_US/junos/topics/concept/data-center-interconnect-evpn-vxlan-evpn-mpls-wan-overview.html


如果将其用作NFVI,由于Tungsten Fabric当前不支持EVPN Type 5的服务链,因此L3VPN / MPLS over UDP将是唯一的选择。

  • 注意:从R1912起,control / vRouter基于EVPN T5(和VXLAN)实现了服务链,因此L3VPN / MPLS over IP将不再是严格的要求:

    https://github.com/Juniper/contrail-specs/blob/master/R1912/bms-service-chaining.md


  • https://github.com/Juniper/contrail-specs/blob/master/EVPN-type-5-support-in-Contrail.md#control-node

  • MPLS over GRE也是可以的,虽然它有较少的熵,但可以用于诸如LAG负载平衡等。


由于在这种情况下首选使用DPDK,因此Linux堆栈的吞吐量限制不会成为一个问题。

  EVPN / VXLAN互操作

为了说明evpn / vxlan的集成,让我描述一下CumulusVX的L2VNI和L3VNI设置(它使用FRRouting和Vanilla linux的vrf / virtual-switch)

  • 可以在以下链接找到有关L3VPN / MPLS over (GRE|UDP)的其它示例(TODO:L3VPN / MPLS over (GRE|UDP)的配置示例)

  • https://marcelwiget.blog/2015/07/30/run-juniper-vmx-as-contrail-gateway-for-ipv6-overlay/


[1. 样例配置]

Tungsten Fabric controller: 192.168.122.141/24
Tungsten Fabric vRouter: 192.168.122.142/24
 vn1 (vxlan id: 7), 10.0.1.0/24, route-target: 64512:7 is set
  10.0.1.3 is a cirros container inside vn1
  vn1 is connected to lr1 (logical-router, vxlan id: 8, route-target 64512:8 is set)
   Tungsten Fabric's project setting, 'vxlan routing: enabled' is also set (this settimg might be changed in the future)
    https://review.opencontrail.org/c/Juniper/contrail-controller/+/51833
CumulusVX: 192.168.122.151/24
 swp1: centos152 (10.0.1.152/24) is connected
  -> same l2 subnet with the container inside vRouter
 swp2: centos153 (192.168.130.153/24) is connected
  -> L3VRF will route the traffic from this to the container

[2. bgp 设置]

net add bgp autonomous-system 64513
net add bgp router-id 192.168.122.151
net add bgp neighbor 192.168.122.141 remote-as 64512
net add bgp neighbor 192.168.122.141 capability extended-nexthop
net add bgp l2vpn evpn  neighbor 192.168.122.141 activate
net add bgp l2vpn evpn  advertise-all-vni
net add bgp l2vpn evpn vni 7 rd 192.168.122.151:7
net add bgp l2vpn evpn vni 7 route-target import 64512:7
net add bgp l2vpn evpn vni 7 route-target  export 64512:7


cumulus@cumulus:~$ net show bgp summary
show bgp ipv4 unicast summary
=============================
BGP router identifier 192.168.122.151, local AS number 64513 vrf-id 0
BGP table version 0
RIB entries 0, using 0 bytes of memory
Peers 1, using 19 KiB of memory

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
192.168.122.141 4      64512      55      43        0    0    0 00:01:15 NoNeg

Total number of neighbors 1


show bgp ipv6 unicast summary
=============================
% No BGP neighbors found


show bgp l2vpn evpn summary
===========================
BGP router identifier 192.168.122.151, local AS number 64513 vrf-id 0
BGP table version 0
RIB entries 3, using 456 bytes of memory
Peers 1, using 19 KiB of memory

Neighbor        V         AS MsgRcvd MsgSent   TblVer  InQ OutQ  Up/Down State/PfxRcd
192.168.122.141 4      64512      55      43        0    0    0 00:01:15            6

Total number of neighbors 1
cumulus@cumulus:~$


[3. l2vni 设置]

net add bridge bridge ports vni7
net add bridge bridge vids 7
net add interface swp1 bridge pvid 7
net add vxlan vni7 vxlan id 7
net add vxlan vni7 bridge learning off
net add vxlan vni7 bridge access 7
net add vxlan vni7 bridge arp-nd-suppress on
net add vxlan vni7 vxlan local-tunnelip 192.168.122.151
net add vlan 7 ip forward off
net add vlan 7 ipv6 forward off


cumulus@cumulus:~$ net show bgp l2vpn evpn route
BGP table version is 18, local router ID is 192.168.122.151
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-2 prefix: [2]:[ESI]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[ESI]:[EthTag]:[IPlen]:[IP]

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 192.168.122.142:1
*> [2]:[0]:[0]:[48]:[52:54:00:d9:db:32]
                    192.168.122.142        100             0 64512 ?
*> [2]:[0]:[0]:[48]:[52:54:00:d9:db:32]:[32]:[192.168.122.142]
                    192.168.122.142        100             0 64512 ?
*> [3]:[0]:[32]:[192.168.122.142]
                    192.168.122.142        200             0 64512 ?
Route Distinguisher: 192.168.122.142:3
*> [2]:[0]:[0]:[48]:[02:98:81:86:80:8a]
                    192.168.122.142        100             0 64512 ?
*> [2]:[0]:[0]:[48]:[02:98:81:86:80:8a]:[32]:[10.0.1.3]
                    192.168.122.142        100             0 64512 ?
*> [3]:[0]:[32]:[192.168.122.142]
                    192.168.122.142        200             0 64512 ?
Route Distinguisher: 192.168.122.142:4
*> [5]:[0]:[0]:[32]:[10.0.1.3]
                    192.168.122.142        100             0 64512 ?
 (snip)
Route Distinguisher: 192.168.122.151:7
*> [3]:[0]:[32]:[192.168.122.151]
                    192.168.122.151                    32768 i
Route Distinguisher: 192.168.122.151:8
*> [5]:[0]:[0]:[24]:[192.168.131.0]
                    192.168.122.151          0         32768 ?

Displayed 12 prefixes (12 paths)
cumulus@cumulus:~$


[root@centos152 ~] # ping 10.0.1.3
PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data.
64 bytes from 10.0.1.3: icmp_seq=1 ttl=64 time=1.37 ms
64 bytes from 10.0.1.3: icmp_seq=2 ttl=64 time=0.836 ms
64 bytes from 10.0.1.3: icmp_seq=3 ttl=64 time=0.778 ms
64 bytes from 10.0.1.3: icmp_seq=4 ttl=64 time=0.753 ms
64 bytes from 10.0.1.3: icmp_seq=5 ttl=64 time=0.801 ms

--- 10.0.1.3 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 4006ms
rtt min/avg/max/mdev = 0.753/0.908/1.374/0.235 ms
[root@centos152 ~] #


cumulus@cumulus:~$ net show evpn arp-cache vni all
VNI 7  #ARP (IPv4 and IPv6, local and remote) 3

IP                        Type   State    MAC               Remote VTEP
10.0.1.152                local  active   52:54:00:20:e5:9a
fe80::28a0:caff:fe62:d16c local  active   2a:a0:ca:62:d1:6c
10.0.1.3                  remote active   02:98:81:86:80:8a 192.168.122.142
cumulus@cumulus:~$
 -> mac address of 10.0.1.3 container is learnt from Tungsten Fabric controller



[4. l3vni 设置]

net add vrf vrf8 vni 8
net add bgp router-id 192.168.122.151
net add bgp vrf vrf8 autonomous-system 64513
net add bgp vrf vrf8 ipv4 unicast redistribute connected
net add bgp vrf vrf8 l2vpn evpn  advertise ipv4 unicast
net add bgp vrf vrf8 l2vpn evpn  rd 192.168.122.151:8
net add bgp vrf vrf8 l2vpn evpn  route-target import 64512:8
net add bgp vrf vrf8 l2vpn evpn  route-target  export 64512:8
net add vxlan vni8 vxlan id 8
net add interface swp2 bridge pvid 8
net add vlan 8 ip address 192.168.131.254/24
net add vlan 8 vlan-id 8
net add vlan 8 vrf vrf8
net add vxlan vni8 vxlan local-tunnelip 192.168.122.151
net add vxlan vni8 bridge access 8


cumulus@cumulus:~$ net show bgp l2vpn evpn route type prefix
BGP table version is 4, local router ID is 192.168.122.151
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-2 prefix: [2]:[ESI]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[ESI]:[EthTag]:[IPlen]:[IP]

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 192.168.122.142:4
*> [5]:[0]:[0]:[32]:[10.0.1.3]
                    192.168.122.142        100             0 64512 ?
Route Distinguisher: 192.168.122.151:8
*> [5]:[0]:[0]:[24]:[192.168.131.0]
                    192.168.122.151          0         32768 ?

Displayed 2 prefixes (2 paths) (of requested type)
cumulus@cumulus:~$


cumulus@cumulus:~$ net show route vrf vrf8
show ip route vrf vrf8
=======================
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR,
       > - selected route, * - FIB route


VRF vrf8:
K * 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:31:09
B>* 10.0.1.3/32 [20/100] via 192.168.122.142, vlan8 onlink, 00:31:09
C>* 192.168.131.0/24 is directly connected, vlan8, 00:29:05


[root@centos153 ~] # ping 10.0.1.3
PING 10.0.1.3 (10.0.1.3) 56(84) bytes of data.
64 bytes from 10.0.1.3: icmp_seq=1 ttl=62 time=1.27 ms
64 bytes from 10.0.1.3: icmp_seq=2 ttl=62 time=0.892 ms
64 bytes from 10.0.1.3: icmp_seq=3 ttl=62 time=0.912 ms
64 bytes from 10.0.1.3: icmp_seq=4 ttl=62 time=0.851 ms

--- 10.0.1.3 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.851/0.981/1.272/0.173 ms
[root@centos153 ~] #
[root@centos153 ~] #
[root@centos153 ~] # ip -o a
1: lo    inet 127.0.0.1/8 scope host lo\       valid_lft forever preferred_lft forever
1: lo    inet6 ::1/128 scope host \       valid_lft forever preferred_lft forever
2: eth0    inet 192.168.131.153/24 brd 192.168.131.255 scope global noprefixroute eth0\       valid_lft forever preferred_lft forever
2: eth0    inet6 fe80::24a9:6145:e488:5f15/64 scope link noprefixroute \       valid_lft forever preferred_lft forever
[root@centos153 ~] #
[root@centos153 ~] # ip route
default via 192.168.131.254 dev eth0 proto static metric 100
192.168.131.0/24 dev eth0 proto kernel scope link src 192.168.131.153 metric 100
[root@centos153 ~] #


  配置EVPN T5路由

在R1908版本之前,要启用EVPN T5,vxlan-routing属于项目级别的设置,因此一旦启用此knob,所有logical-router的类型均为:vxlan-routing,而不能用作snat-routing的logical-router。

  • https://github.com/Juniper/contrail-specs/blob/master/EVPN-type-5-support-in-Contrail.md


在R1908版本之后,可以为每个logical-router设定此设置。

  • https://review.opencontrail.org/c/Juniper/contrail-controller/+/51794


话虽如此,目前尚无办法从webui创建vxlan-routing的logical-router(可以通过API创建)。

要尝试此功能,有一种方法是,将config-api模块修改为使用vxlan-routing而不是snat-routing。

# docker  exec -it config_api_1 bash
  # sed -i  's/snat-routing/vxlan-routing/' /usr/lib/python2.7/site-packages/vnc_cfg_api_server/resources/logical_router.py
  #  exit
# docker restart config_api_1


此后,当某些logical-router连接到virtual-network时,EVPN T5路由将发送到其它bgp对等方。

  • 编排器需要是openstack


(one VM is created  in virtual-network vn1)
(kolla-toolbox)[ansible@ip- 172- 31- 13- 153 /]$ openstack server list
+--------------------------------------+------+--------+--------------+--------+---------+
| ID                                   | Name  | Status | Networks      | Image  | Flavor   |
+--------------------------------------+------+--------+--------------+--------+---------+
|
 e3a43979-a8ae- 4f05-b065-0b0841cee47b  | vm1  | ACTIVE  | vn1=10.0.1.3 | cirros  | m1.tiny |
+--------------------------------------+------+--------+--------------+--------+---------+
(kolla-toolbox)[ansible@ip- 172- 31- 13- 153 /]$ 

( when logical-router is  not connected to vn1, no type  5 route is seen)
[root@ip- 172- 31- 13- 153 ~] # ./contrail-introspect-cli/ist.py ctr route show --family evpn | grep ^5
[root@ip- 172- 31- 13- 153 ~]


( when logical-router is connected to vn1, type  5 route  for this VM is sent to other bgp peer)
[root@ip- 172- 31- 13- 153 ~] # ./contrail-introspect-cli/ist.py ctr route show --family evpn | grep ^5
5- 0:0- 0- 10.0. 1.3/ 32age:  0:00:07. 126096last_modified:  2020-Jan- 12  13:50:27.307760
5- 172.31. 13.153:3- 0- 10.0. 1.3/ 32age:  0:00:07. 077088,  last_modified:  2020-Jan- 12  13:50:27.356768
[root@ip- 172- 31- 13- 153 ~]


此外,在R1912版本之后,EVPN T5也可以用于服务链路由(可以与vxlan一起使用)。

  • https://github.com/Juniper/contrail-specs/blob/master/R1912/bms-service-chaining.md


要配置这个,需要遵循一些流程。

  • 使用opencontrailnightly:1912-latest测试过,一个节点安装(openstack controller, tungsten fabric controller, vRouter)


1. 创建两个virtual-network (vn1, vn2)和logical-routers (lr1, lr2)

2. 将lr1连接到vn1,lr2连接到vn2

3. 检查是否自动创建了virtual-network LR::lr1, LR::lr2


(kolla-toolbox)[ansible@ip- 172- 31- 13- 153 /]$ openstack network list
+--------------------------------------+-------------------------+--------------------------------------+
| ID                                   | Name                     | Subnets                              |
+--------------------------------------+-------------------------+--------------------------------------+
| 667344f9-36f1-4d56-8d9e-e5b8c856658b | LR::lr1                  | ab81f262-52d3-496f-825e-758ca5e6d60f |
| 0acf42ab-f917-4a32-a95a-5f2a555e955d | ip-fabric                |                                      |
| 5ac821b2-b823-4ea7-8be2-e1ee71547df8 | LR::lr2                  | 45b16ec8-0497-4610-843d-13d6913f4c41 |
| 0a0e30c2-d2fa-46dd-bd6f-233897f156f4 | vn1                      | c739aa67-bad3-4a69-b110-797018579b22 |
| 822b12ae-8b9c-4c32-be91-1611c245e761 | vn2                      | c67c9f25-8169-44dd-b1cd-8d9ab788a0da |
| 16715adc-93cb-4297-847a-50fcbcdef98b | __link_local_ _           |                                      |
| 95b08fcc-b027-407a-8b35-8470989b7d5a | dci-network              |                                      |
| 728957ed-9db3-4502-b45a-2ce3ce0ed575 | default-virtual-network  |                                      |
+--------------------------------------+-------------------------+--------------------------------------+
(kolla-toolbox)[ansible@ip- 172- 31- 13- 153 /]$ 


4. 将子网添加到LR::lr1和LR::lr2(TF webui可用于此)

5. 使用LR::lr1和LR::lr2中的vNIC创建VNF

(kolla-toolbox)[ansible@ip- 172- 31- 13- 153 /]$ openstack server list
+--------------------------------------+------------+--------+--------------------------------------+--------+---------+
| ID                                   | Name        | Status | Networks                              | Image  | Flavor   |
+--------------------------------------+------------+--------+--------------------------------------+--------+---------+
|
  4477700f- 8183- 4f81-b7bf- 7fb16e74aba8  | vm2        | ACTIVE  | vn2=10.0.2.4                         | cirros  | m1.tiny |
| b631b50c-5ccf-4e48-86a8-bf390c174180 | lr1-to-lr2  | ACTIVE | LR::lr1= 10.0. 11.3; LR::lr2= 10.0. 12.3  | cirros | m1.tiny  |
|
 e3a43979-a8ae- 4f05-b065-0b0841cee47b  | vm1        | ACTIVE  | vn1=10.0.1.3                         | cirros  | m1.tiny |
+--------------------------------------+------------+--------+--------------------------------------+--------+---------+
(kolla-toolbox)[ansible@ip- 172- 31- 13- 153 /]$ 


6. 使用LR::lr1和LR::lr2创建服务实例(service-instance),网络策略(network-policy),并将network-policy附加到LR::lr1和LR::lr2

当一切正常时,将添加带有协议ServiceChain的EVPN T5路由。

[ root@ip -172-31-13-153 ~]# ./contrail-introspect-cli/ist.py ctr route show --family evpn | grep -e ^ 5 -e evpn -A  1 
default-domain:admin:__contrail_lr_internal_vn_62651c76 -7851-4459-8d54 -41b2b1289e21__:__contrail_lr_internal_vn_62651c76 -7851-4459-8d54 -41b2b1289e21__.evpn .02 destinations,  2 routes ( 1 primary,  1 secondary,  0 infeasible)

5-0: 0-0-10.0.1.3/ 32, age:  0: 00: 40.299110, last_modified:  2020-Jan -12  14: 00: 39.070835
    [ServiceChain (service- interface)| Noneage0:00:40.302293localpref: 200nh: 172.31.13.153encap: ['vxlan']label: 8AS path: None
--
5-0: 0-0-10.0.2.4/ 32, age:  0: 04: 22.046440, last_modified:  2020-Jan -12  13: 56: 57.323505
    [XMPP|ip -172-31-13-153.local] age:  0: 04: 22.049981, localpref:  200, nh:  172.31.13.153, encap: [ 'vxlan'], label:  8, AS path: None
--
default-domain:admin:__contrail_lr_internal_vn_62651c76 -7851-4459-8d54 -41b2b1289e21__:service -20c08253 -7212-40e2-8211-1548652de4b9- default-domain_admin_lr1-to-lr2.evpn .02 destinations,  2 routes ( 1 primary,  1 secondary,  0 infeasible)

5-0: 0-0-10.0.1.3/ 32, age:  0: 00: 40.299524, last_modified:  2020-Jan -12  14: 00: 39.070421
    [ServiceChain (service- interface)| Noneage0:00:40.303335localpref: 200nh: 172.31.13.153encap: ['vxlan']label: 8AS path: None
--
5-0: 0-0-10.0.2.4/ 32, age:  0: 00: 40.316583, last_modified:  2020-Jan -12  14: 00: 39.053362
    [XMPP|ip -172-31-13-153.local] age:  0: 00: 40.320727, localpref:  200, nh:  172.31.13.153, encap: [ 'vxlan'], label:  8, AS path: None
--
default-domain:admin:__contrail_lr_internal_vn_7693de7f -9b96 -41de -84af-c6db113132e2__:__contrail_lr_internal_vn_7693de7f -9b96 -41de -84af-c6db113132e2__.evpn .02 destinations,  2 routes ( 1 primary,  1 secondary,  0 infeasible)

5-0: 0-0-10.0.1.3/ 32, age:  0: 10: 52.062185, last_modified:  2020-Jan -12  13: 50: 27.307760
    [XMPP|ip -172-31-13-153.local] age:  0: 10: 52.066796, localpref:  200, nh:  172.31.13.153, encap: [ 'vxlan'], label:  6, AS path: None
--
5-0: 0-0-10.0.2.4/ 32, age:  0: 00: 40.299766, last_modified:  2020-Jan -12  14: 00: 39.070179
    [ServiceChain (service- interface)| Noneage0:00:40.304752localpref: 200nh: 172.31.13.153encap: ['vxlan']label: 6AS path: None
--
default-domain:admin:__contrail_lr_internal_vn_7693de7f -9b96 -41de -84af-c6db113132e2__:service -20c08253 -7212-40e2-8211-1548652de4b9- default-domain_admin_lr1-to-lr2.evpn .02 destinations,  2 routes ( 1 primary,  1 secondary,  0 infeasible)

5-0: 0-0-10.0.1.3/ 32, age:  0: 00: 40.465418, last_modified:  2020-Jan -12  14: 00: 38.904527
    [XMPP|ip -172-31-13-153.local] age:  0: 00: 40.470671, localpref:  200, nh:  172.31.13.153, encap: [ 'vxlan'], label:  6, AS path: None
--
5-0: 0-0-10.0.2.4/ 32, age:  0: 00: 40.299958, last_modified:  2020-Jan -12  14: 00: 39.069987
    [ServiceChain (service- interface)| Noneage0:00:40.305449localpref: 200nh: 172.31.13.153encap: ['vxlan']label: 6AS path: None
--
default-domain:admin:vn1:vn1.evpn .04 destinations,  4 routes ( 4 primary,  0 secondary,  0 infeasible)

--
default-domain:admin:vn2:vn2.evpn .04 destinations,  4 routes ( 4 primary,  0 secondary,  0 infeasible)

--
bgp.evpn .013 destinations,  13 routes ( 0 primary,  13 secondary,  0 infeasible)

--
5-172.31.13.153: 3-0-10.0.1.3/ 32, age:  0: 10: 52.013177, last_modified:  2020-Jan -12  13: 50: 27.356768
    [XMPP|ip -172-31-13-153.local] age:  0: 10: 52.023700, localpref:  200, nh:  172.31.13.153, encap: [ 'vxlan'], label:  6, AS path: None
--
5-172.31.13.153: 5-0-10.0.2.4/ 32, age:  0: 04: 22.046385, last_modified:  2020-Jan -12  13: 56: 57.323560
    [XMPP|ip -172-31-13-153.local] age:  0: 04: 22.057108, localpref:  200, nh:  172.31.13.153, encap: [ 'vxlan'], label:  8, AS path: None
--
5-172.31.13.153: 6-0-10.0.2.4/ 32, age:  0: 00: 40.299816, last_modified:  2020-Jan -12  14: 00: 39.070129
    [ServiceChain (service- interface)| Noneage0:00:40.310798localpref: 200nh: 172.31.13.153encap: ['vxlan']label: 6AS path: None
--
5-172.31.13.153: 7-0-10.0.1.3/ 32, age:  0: 00: 40.299164, last_modified:  2020-Jan -12  14: 00: 39.070781
    [ServiceChain (service- interface)| Noneage0:00:40.310369localpref: 200nh: 172.31.13.153encap: ['vxlan']label: 8AS path: None
--
default-domain: default-project:ip-fabric:ip-fabric.evpn .04 destinations,  4 routes ( 4 primary,  0 secondary,  0 infeasible)

[ root@ip -172-31-13-153 ~]#


vRouter的vrf也将加入VNF。

[ root@ip -172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr vrf
+--------------------------------------+---------+---------+---------+-----------+----------+--------------------------------------+
| name                                 | ucindex | mcindex | brindex | evpnindex | vxlan_id | vn                                   |
+--------------------------------------+---------+---------+---------+-----------+----------+--------------------------------------+
default-domain:admin:__contrail_lr_i |  5       |  5       |  5       |  5         |  8        |  default-domain:admin:__contrail_lr_i |
| nternal_vn_62651c76 -7851-4459-8d54 -4 |         |         |         |           |          | nternal_vn_62651c76 -7851-4459-8d54 -4 |
1b2b1289e21__:__contrail_lr_internal |         |         |         |           |          |  1b2b1289e21__                        |
| _vn_62651c76 -7851-4459-8d54 -41b2b128 |         |         |         |           |          |                                      |
9e21__                               |         |         |         |           |          |                                      |
default-domain:admin:__contrail_lr_i |  7       |  7       |  7       |  7         |  0        | N/A                                  |
| nternal_vn_62651c76 -7851-4459-8d54 -4 |         |         |         |           |          |                                      |
1b2b1289e21__:service -86899929-7419  |         |         |         |           |          |                                      |
-427a -9b3f-f8e4a3d990eb- default-     |         |         |         |           |          |                                      |
| domain_admin_lr1-to-lr2              |         |         |         |           |          |                                      |
default-domain:admin                 |  3       |  3       |  3       |  3         |  6        |  default-domain:admin                 |
| :__contrail_lr_internal_vn_7693de7f- |         |         |         |           |          | :__contrail_lr_internal_vn_7693de7f- |
9b96 -41de -84af-c6db113132e2__        |         |         |         |           |          |  9b96 -41de -84af-c6db113132e2__        |
| :__contrail_lr_internal_vn_7693de7f- |         |         |         |           |          |                                      |
9b96 -41de -84af-c6db113132e2__        |         |         |         |           |          |                                      |
default-domain:admin                 |  6       |  6       |  6       |  6         |  0        | N/A                                  |
| :__contrail_lr_internal_vn_7693de7f- |         |         |         |           |          |                                      |
9b96 -41de -84af-                      |         |         |         |           |          |                                      |
| c6db113132e2__:service -86899929-7419 |         |         |         |           |          |                                      |
-427a -9b3f-f8e4a3d990eb- default-     |         |         |         |           |          |                                      |
| domain_admin_lr1-to-lr2              |         |         |         |           |          |                                      |
default-domain:admin:vn1:vn1         |  2       |  2       |  2       |  2         |  5        |  default-domain:admin:vn1             |
default-domain:admin:vn2:vn2         |  4       |  4       |  4       |  4         |  7        |  default-domain:admin:vn2             |
default-domain: default-project:ip-   |  0       |  0       |  0       |  0         |  0        | N/A                                  |
| fabric:__default__                   |         |         |         |           |          |                                      |
default-domain: default-project:ip-   |  1       |  1       |  1       |  1         |  2        |  default-domain: default-project:ip-   |
| fabric:ip-fabric                     |         |         |         |           |          | fabric                               |
+--------------------------------------+---------+---------+---------+-----------+----------+--------------------------------------+
[ root@ip -172-31-13-153 ~]# 
[ root@ip -172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr route -v  3
0.255.255.252/ 32
    [ 172.31.13.153] pref: 200
     to  2: 34: 66: 61:a2: 96 via tap346661a2 -96, assigned_label: 39, nh_index: 46 , nh_type: interfacenh_policy:enabledactive_label:39vxlan_id:0
    [LocalVmPort] pref: 200
     to  2: 34: 66: 61:a2: 96 via tap346661a2 -96, assigned_label: 39, nh_index: 46 , nh_type: interfacenh_policy:enabledactive_label:39vxlan_id:0
10.0.1.3/ 32
    [EVPN-ROUTING] pref: 200
     to  2: 98: 88: 3c: 38: 50 via tap98883c38 -50, assigned_label: -1, nh_index: 34 , nh_type: interfacenh_policy:enabledactive_label:6vxlan_id:6
10.0.2.4/ 32
    [ 172.31.13.153] pref: 200
     to  2: 34: 66: 61:a2: 96 via tap346661a2 -96, assigned_label: 39, nh_index: 46 , nh_type: interfacenh_policy:enabledactive_label:39vxlan_id:0
10.0.11.0/ 24
    [Local] pref: 100
     nh_index: 1 , nh_type:discard, nh_policy:disabled, active_label: -1, vxlan_id: 0
10.0.11.1/ 32
    [Local] pref: 100
     to  0: 0: 0: 0: 0: 1 via pkt0, assigned_label: -1, nh_index: 13 , nh_type: interfacenh_policy:enabledactive_label:-1vxlan_id:0
10.0.11.2/ 32
    [Local] pref: 100
     to  0: 0: 0: 0: 0: 1 via pkt0, assigned_label: -1, nh_index: 13 , nh_type: interfacenh_policy:enabledactive_label:-1vxlan_id:0
10.0.11.3/ 32
    [ 172.31.13.153] pref: 200
     to  2: 34: 66: 61:a2: 96 via tap346661a2 -96, assigned_label: 39, nh_index: 46 , nh_type: interfacenh_policy:enabledactive_label:39vxlan_id:0
    [LocalVmPort] pref: 200
     to  2: 34: 66: 61:a2: 96 via tap346661a2 -96, assigned_label: 39, nh_index: 46 , nh_type: interfacenh_policy:enabledactive_label:39vxlan_id:0
169.254.169.254/ 32
    [LinkLocal] pref: 100
     via vhost0, nh_index: 11 , nh_type:receive, nh_policy:enabled, active_label: 0, vxlan_id: 0
[ root@ip -172-31-13-153 ~]# 
[ root@ip -172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr route -v  5
0.255.255.251/ 32
    [ 172.31.13.153] pref: 200
     to  2: 15: 37:f5:fa:fb via tap1537f5fa-fb, assigned_label: 44, nh_index: 51 , nh_type: interfacenh_policy:enabledactive_label:44vxlan_id:0
    [LocalVmPort] pref: 200
     to  2: 15: 37:f5:fa:fb via tap1537f5fa-fb, assigned_label: 44, nh_index: 51 , nh_type: interfacenh_policy:enabledactive_label:44vxlan_id:0
10.0.1.3/ 32
    [ 172.31.13.153] pref: 200
     to  2: 15: 37:f5:fa:fb via tap1537f5fa-fb, assigned_label: 44, nh_index: 51 , nh_type: interfacenh_policy:enabledactive_label:44vxlan_id:0
10.0.2.4/ 32
    [EVPN-ROUTING] pref: 200
     to  2: 19:e0:a2:b:f3 via tap19e0a20b-f3, assigned_label: -1, nh_index: 63 , nh_type: interfacenh_policy:enabledactive_label:8vxlan_id:8
10.0.12.0/ 24
    [Local] pref: 100
     nh_index: 1 , nh_type:discard, nh_policy:disabled, active_label: -1, vxlan_id: 0
10.0.12.1/ 32
    [Local] pref: 100
     to  0: 0: 0: 0: 0: 1 via pkt0, assigned_label: -1, nh_index: 13 , nh_type: interfacenh_policy:enabledactive_label:-1vxlan_id:0
10.0.12.2/ 32
    [Local] pref: 100
     to  0: 0: 0: 0: 0: 1 via pkt0, assigned_label: -1, nh_index: 13 , nh_type: interfacenh_policy:enabledactive_label:-1vxlan_id:0
10.0.12.3/ 32
    [ 172.31.13.153] pref: 100
     to  2: 15: 37:f5:fa:fb via tap1537f5fa-fb, assigned_label: 44, nh_index: 51 , nh_type: interfacenh_policy:enabledactive_label:44vxlan_id:0
    [LocalVmPort] pref: 100
     to  2: 15: 37:f5:fa:fb via tap1537f5fa-fb, assigned_label: 44, nh_index: 51 , nh_type: interfacenh_policy:enabledactive_label:44vxlan_id:0
169.254.169.254/ 32
    [LinkLocal] pref: 100
     via vhost0, nh_index: 11 , nh_type:receive, nh_policy:enabled, active_label: 0, vxlan_id: 0
[ root@ip -172-31-13-153 ~]# 
[ root@ip -172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr route -v  6
0.255.255.252/ 32
    [ 172.31.13.153] pref: 200
     to  2: 34: 66: 61:a2: 96 via tap346661a2 -96, assigned_label: 39, nh_index: 46 , nh_type: interfacenh_policy:enabledactive_label:39vxlan_id:0
10.0.2.4/ 32
    [ 172.31.13.153] pref: 200
     to  2: 34: 66: 61:a2: 96 via tap346661a2 -96, assigned_label: 39, nh_index: 46 , nh_type: interfacenh_policy:enabledactive_label:39vxlan_id:0
10.0.11.3/ 32
    [ 172.31.13.153] pref: 200
     to  2: 34: 66: 61:a2: 96 via tap346661a2 -96, assigned_label: 39, nh_index: 46 , nh_type: interfacenh_policy:enabledactive_label:39vxlan_id:0
[ root@ip -172-31-13-153 ~]# 
[ root@ip -172-31-13-153 ~]# 
[ root@ip -172-31-13-153 ~]# ./contrail-introspect-cli/ist.py vr route -v  7
0.255.255.251/ 32
    [ 172.31.13.153] pref: 200
     to  2: 15: 37:f5:fa:fb via tap1537f5fa-fb, assigned_label: 44, nh_index: 51 , nh_type: interfacenh_policy:enabledactive_label:44vxlan_id:0
10.0.1.3/ 32
    [ 172.31.13.153] pref: 200
     to  2: 15: 37:f5:fa:fb via tap1537f5fa-fb, assigned_label: 44, nh_index: 51 , nh_type: interfacenh_policy:enabledactive_label:44vxlan_id:0
10.0.12.3/ 32
    [ 172.31.13.153] pref: 100
     to  2: 15: 37:f5:fa:fb via tap1537f5fa-fb, assigned_label: 44, nh_index: 51 , nh_type: interfacenh_policy:enabledactive_label:44vxlan_id:0
[ root@ip -172-31-13-153 ~]# 

[ root@ip -172-31-13-153 ~]# ./contrail-introspect-cli/ist.py ctr route show --family l3vpn

bgp.l3vpn .09 destinations,  9 routes ( 0 primary,  9 secondary,  0 infeasible)

172.31.13.153: 1: 172.31.13.153/ 32, age:  0: 40: 32.414715, last_modified:  2020-Jan -12  13: 38: 26.922346
    [XMPP ( interface)| ip-172-31-13-153. localage0:40:32.418428localpref: 100nh: 172.31.13.153encap: ['gre''udp''native']label: 17AS path: None

172.31.13.153: 2: 10.0.1.3/ 32, age:  0: 29: 55.551280, last_modified:  2020-Jan -12  13: 49: 03.785781
    [XMPP ( interface)| ip-172-31-13-153. localage0:29:55.555402localpref: 200nh: 172.31.13.153encap: ['gre''udp']label: 25AS path: None

172.31.13.153: 3: 0.255.255.252/ 32, age:  0: 19: 58.759556, last_modified:  2020-Jan -12  13: 59: 00.577505
    [XMPP (service- interface)| ip-172-31-13-153. localage0:19:58.763917localpref: 200nh: 172.31.13.153encap: ['gre''udp']label: 39AS path: None

172.31.13.153: 3: 10.0.11.3/ 32, age:  0: 23: 22.131030, last_modified:  2020-Jan -12  13: 55: 37.206031
    [XMPP ( interface)| ip-172-31-13-153. localage0:23:22.135685localpref: 200nh: 172.31.13.153encap: ['gre''udp']label: 39AS path: None

172.31.13.153: 4: 10.0.2.4/ 32, age:  0: 22: 02.013695, last_modified:  2020-Jan -12  13: 56: 57.323366
    [XMPP ( interface)| ip-172-31-13-153. localage0:22:02.018717localpref: 200nh: 172.31.13.153encap: ['gre''udp']label: 49AS path: None

172.31.13.153: 5: 0.255.255.251/ 32, age:  0: 19: 58.547299, last_modified:  2020-Jan -12  13: 59: 00.789762
    [XMPP (service- interface)| ip-172-31-13-153. localage0:19:58.552631localpref: 200nh: 172.31.13.153encap: ['gre''udp']label: 44AS path: None

172.31.13.153: 5: 10.0.12.3/ 32, age:  0: 23: 35.850393, last_modified:  2020-Jan -12  13: 55: 23.486668
    [XMPP ( interface)| ip-172-31-13-153. localage0:23:35.856031localpref: 100nh: 172.31.13.153encap: ['gre''udp']label: 44AS path: None

172.31.13.153: 6: 10.0.2.4/ 32, age:  0: 08: 56.528333, last_modified:  2020-Jan -12  14: 10: 02.808728
    [ServiceChain (service- interface)| Noneage0:08:56.534255localpref: 200nh: 172.31.13.153encap: ['gre''udp']label: 39AS path: None

172.31.13.153: 7: 10.0.1.3/ 32, age:  0: 08: 56.527653, last_modified:  2020-Jan -12  14: 10: 02.809408
    [ServiceChain (service- interface)| Noneage0:08:56.533918localpref: 200nh: 172.31.13.153encap: ['gre''udp']label: 44AS path: None
[ root@ip -172-31-13-153 ~]# 


  vlan-based和vlan-aware的EVPN T2

在EVPN T2中,有vlan-based和vlan-aware两种形式,它们彼此不兼容。

Tungsten Fabric controller默认情况下使用vlan-aware形式,因此它们的evpn t2路由不能由几种仅支持vlan-based形式的数据中心交换机导入。

  • https://bugs.launchpad.net/juniperopenstack/+bug/1781102


话虽如此,以下的补丁程序(以及基于R1912的容器)使以太网标签ID变为零,并且据称如果应用于某些交换机,会开始导入T2路由。

  • https://github.com/tnaganawa/tungstenfabric-docs/blob/master/TungstenFabricKnowledgeBase.md#vlan-base-interop

  • https://hub.docker.com/r/tnaganawa/contrail-controller-control-control




Tungsten Fabric入门宝典系列文章——

  1. 首次启动和运行指南

  2. TF组件的七种“武器”

  3. 编排器集成

  4. 关于安装的那些事(上)

  5. 关于安装的那些事(下)

  6. 主流监控系统工具的集成

  7. 开始第二天的工作

  8. 8个典型故障及排查Tips

  9. 关于集群更新的那些事


 Tungsten Fabric 架构解析 系列文章——



来自 “ ITPUB博客 ” ,链接:http://blog.itpub.net/69957171/viewspace-2694670/,如需转载,请注明出处,否则将追究法律责任。

全部评论
Tungsten Fabric项目是一个开源项目协议,它基于标准协议开发,并且提供网络虚拟化和网络安全所必需的所有组件。项目的组件包括:SDN控制器,虚拟路由器,分析引擎,北向API的发布,硬件集成功能,云编排软件和广泛的REST API。

注册时间:2019-12-11

  • 博文量
    78
  • 访问量
    31336