EVPN 故障排除
本节提供各种命令来帮助您检查 EVPN 配置,并提供故障排除提示。
常规命令
您可以使用各种 NVUE 或 Linux 命令来检查接口、VLAN 映射和 Linux 内核已知的桥 MAC 转发数据库。您还可以使用这些命令来检查邻居缓存和路由表(用于底层网络或特定租户 VRF)。一些关键命令是
ip [-d] link show type vxlan(Linux)nv show bridge domain <domain> mac-table(NVUE) 或bridge [-s] fdb show(Linux)nv show bridge domain <domain> vlan(NVUE) 或bridge vlan show(Linux)nv show bridge vlan-vni-map(NVUE)nv show bridge domain <bridge> vlan-vni-map(NVUE)nv show interface neighbor(NVUE) 或ip neighbor show(Linux)ip route show [table <vrf-name>](Linux)
下面的示例输出显示了一个 VXLAN 接口的 ip -d link show type vxlan 命令输出。相关参数是 VNI 值、状态、VXLAN 隧道的本地 IP 地址、UDP 端口号 (4789) 以及接口所属的桥(下面示例中的bridge)。输出还显示 VXLAN 接口上的 MAC 学习为关闭。
cumulus@leaf01:~$ ip -d link show type vxlan
14: vni10: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 9216 qdisc noqueue master bridge state UP mode DEFAULT group default qlen 1000
link/ether 42:83:73:20:46:ba brd ff:ff:ff:ff:ff:ff promiscuity 1 minmtu 68 maxmtu 65535
vxlan id 10 local 10.0.1.1 srcport 0 0 dstport 4789 nolearning ttl 64 ageing 300 udpcsum noudp6zerocsumtx noudp6zerocsumrx
bridge_slave state forwarding priority 8 cost 100 hairpin off guard off root_block off fastleave off learning off flood on port_id 0x8005 port_no 0x5 designated_port 32773 designated_cost 0 designated_bridge 8000.76:ed:2a:8a:67:24 designated_root 8000.76:ed:2a:8a:67:24 hold_timer 0.00 message_age_timer 0.00 forward_delay_timer 0.00 topology_change_ack 0 config_pending 0 proxy_arp off proxy_arp_wifi off mcast_router 1 mcast_fast_leave off mcast_flood on neigh_suppress on group_fwd_mask 0x0 group_fwd_mask_str 0x0 group_fwd_maskhi 0x0 group_fwd_maskhi_str 0x0 vlan_tunnel off isolated off addrgenmode eui64 numtxqueues 1 numrxqueues 1 gso_max_size 65536 gso_max_segs 65535
...
以下显示了 nv show bridge domain <domain> mac-table 命令的示例输出
cumulus@leaf01:mgmt:~$ nv show bridge domain br_default mac-table
entry-id MAC address vlan interface remote-dst src-vni entry-type last-update age
-------- ----------------- ---- ---------- ----------- ------- ------------ ----------- -------
1 48:b0:2d:fd:d3:bf 10 vxlan48 extern_learn 8:06:02 8:06:02
2 48:b0:2d:4e:1c:fe 20 vxlan48 extern_learn 8:06:02 8:06:02
3 48:b0:2d:a7:4d:ce 30 vxlan48 extern_learn 8:06:02 8:06:02
4 48:b0:2d:53:d2:34 20 vxlan48 extern_learn 8:06:30 8:06:30
5 44:38:39:be:ef:bb 4063 vxlan48 extern_learn 8:06:30 8:06:30
6 48:b0:2d:2d:5f:b3 30 vxlan48 extern_learn 8:06:32 8:06:32
7 44:38:39:be:ef:bb 4006 vxlan48 extern_learn 8:06:32 8:06:32
8 48:b0:2d:93:a1:3e 10 vxlan48 extern_learn 8:06:35 8:06:35
9 44:38:39:22:01:74 4006 vxlan48 extern_learn 8:06:38 8:06:38
10 44:38:39:22:01:74 4063 vxlan48 extern_learn 8:06:38 8:06:38
11 44:38:39:22:01:7c 4006 vxlan48 extern_learn 8:06:39 8:06:39
12 44:38:39:22:01:7c 4063 vxlan48 extern_learn 8:06:39 8:06:39
13 44:38:39:22:01:8a 30 vxlan48 extern_learn 8:06:42 8:06:42
14 44:38:39:22:01:8a 20 vxlan48 extern_learn 8:06:42 8:06:42
15 44:38:39:22:01:8a 10 vxlan48 extern_learn 8:06:42 8:04:05
16 44:38:39:22:01:84 10 vxlan48 extern_learn 8:06:43 8:06:43
17 44:38:39:22:01:84 30 vxlan48 extern_learn 8:06:43 8:06:15
18 44:38:39:22:01:84 20 vxlan48 extern_learn 8:06:43 8:06:43
19 44:38:39:22:01:8a 4006 vxlan48 extern_learn 8:06:43 8:06:43
20 44:38:39:22:01:8a 4063 vxlan48 extern_learn 8:06:43 8:06:43
21 44:38:39:22:01:84 4063 vxlan48 extern_learn 8:06:43 8:06:43
22 44:38:39:22:01:84 4006 vxlan48 extern_learn 8:06:43 8:06:43
23 44:38:39:22:01:78 4063 vxlan48 extern_learn 8:06:43 8:06:43
24 44:38:39:22:01:78 4006 vxlan48 extern_learn 8:06:43 8:06:43
25 02:91:8d:cf:03:b2 vxlan48 permanent 8:06:56 8:06:56
26 00:00:00:00:00:00 vxlan48 10.0.1.34 30 permanent 8:06:43 0:28:22
27 44:38:39:22:01:78 vxlan48 10.10.10.2 4001 extern_learn 8:06:43 8:06:43
28 44:38:39:22:01:8a vxlan48 10.0.1.34 30 static 8:06:43 8:06:43
29 48:b0:2d:fd:d3:bf vxlan48 10.0.1.34 10 extern_learn 8:06:02 8:06:02
30 44:38:39:22:01:84 vxlan48 10.0.1.34 10 extern_learn 8:06:43 8:06:43
31 48:b0:2d:2d:5f:b3 vxlan48 10.0.1.34 30 extern_learn 8:06:32 8:06:32
...
以下示例显示了 nv show interface neighbor 命令输出
cumulus@leaf01:mgmt:~$ nv show interface neighbor
Interface IP/IPV6 LLADR(MAC) State Flag
------------- ------------------------- ----------------- --------- ----------
eth0 192.168.200.1 48:b0:2d:82:3b:b3 reachable
192.168.200.251 48:b0:2d:00:00:01 stale
fe80::4ab0:2dff:fe00:1 48:b0:2d:00:00:01 reachable router
peerlink.4094 169.254.0.1 48:b0:2d:52:11:90 permanent
fe80::4ab0:2dff:fe52:1190 48:b0:2d:52:11:90 reachable router
swp51 169.254.0.1 48:b0:2d:b8:2b:bc permanent
fe80::4ab0:2dff:feb8:2bbc 48:b0:2d:b8:2b:bc reachable router
swp52 169.254.0.1 48:b0:2d:e1:08:f7 permanent
fe80::4ab0:2dff:fee1:8f7 48:b0:2d:e1:08:f7 reachable router
swp53 169.254.0.1 48:b0:2d:c0:71:8b permanent
fe80::4ab0:2dff:fec0:718b 48:b0:2d:c0:71:8b reachable router
swp54 169.254.0.1 48:b0:2d:18:f4:68 permanent
fe80::4ab0:2dff:fe18:f468 48:b0:2d:18:f4:68 reachable router
vlan10 10.1.10.3 44:38:39:22:01:78 permanent
fe80::4638:39ff:fe22:178 44:38:39:22:01:78 permanent
vlan20 10.1.20.3 44:38:39:22:01:78 permanent
fe80::4638:39ff:fe22:178 44:38:39:22:01:78 permanent
vlan30 10.1.30.3 44:38:39:22:01:78 permanent
fe80::4638:39ff:fe22:178 44:38:39:22:01:78 permanent
vlan4024_l3 10.10.10.63 44:38:39:22:01:74 noarp |ext_learn
10.10.10.64 44:38:39:22:01:7c noarp |ext_learn
10.10.10.4 44:38:39:22:01:8a noarp |ext_learn
10.10.10.3 44:38:39:22:01:84 noarp |ext_learn
10.10.10.2 44:38:39:22:01:78 noarp |ext_learn
fe80::4638:39ff:fe22:178 44:38:39:22:01:78 permanent
vlan4036_l3 10.10.10.63 44:38:39:22:01:74 noarp |ext_learn
10.10.10.64 44:38:39:22:01:7c noarp |ext_learn
10.10.10.4 44:38:39:22:01:8a noarp |ext_learn
10.10.10.3 44:38:39:22:01:84 noarp |ext_learn
10.10.10.2 44:38:39:22:01:78 noarp |ext_learn
fe80::4638:39ff:fe22:178 44:38:39:22:01:78 permanent
vxlan48 10.10.10.63 44:38:39:22:01:74 noarp |ext_learn
10.10.10.4 44:38:39:22:01:8a noarp |ext_learn
10.10.10.3 44:38:39:22:01:84 noarp |ext_learn
10.10.10.2 44:38:39:22:01:78 noarp |ext_learn
10.10.10.64 44:38:39:22:01:7c noarp |ext_learn
...
以下命令显示所有桥的 VLAN 到 VNI 映射
cumulus@switch:mgmt:~$nv show bridge vlan-vni-map
br_default vlan-vni-offset: 0
VLAN VNI
---- -------
10 10
20 20
30 30
以下命令显示特定桥的 VLAN 到 VNI 映射
cumulus@switch:mgmt:~$ nv show bridge domain br_default vlan-vni-map
vlan-vni-offset: 0
VLAN VNI
---- -------
10 10
20 20
30 30
常规 BGP 命令
如果您使用 BGP 进行底层路由,请运行 vtysh show bgp summary 命令以查看第 3 层结构连接的摘要
cumulus@leaf01:mgmt:~$ sudo vtysh
...
leaf01# show bgp summary
IPv4 Unicast Summary
BGP router identifier 10.10.10.1, local AS number 65101 vrf-id 0
BGP table version 13
RIB entries 25, using 4800 bytes of memory
Peers 5, using 106 KiB of memory
Peer groups 1, using 64 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
spine01(swp51) 4 65199 814 805 0 0 0 00:37:34 7
spine02(swp52) 4 65199 814 805 0 0 0 00:37:34 7
spine03(swp53) 4 65199 814 805 0 0 0 00:37:34 7
spine04(swp54) 4 65199 814 805 0 0 0 00:37:34 7
leaf02(peerlink.4094) 4 65101 766 768 0 0 0 00:37:35 12
Total number of neighbors 5
show bgp ipv6 unicast summary
=============================
% No BGP neighbors found
show bgp l2vpn evpn summary
===========================
BGP router identifier 10.10.10.1, local AS number 65101 vrf-id 0
BGP table version 0
RIB entries 23, using 4416 bytes of memory
Peers 4, using 85 KiB of memory
Peer groups 1, using 64 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
spine01(swp51) 4 65199 814 805 0 0 0 00:37:35 34
spine02(swp52) 4 65199 814 805 0 0 0 00:37:35 34
spine03(swp53) 4 65199 814 805 0 0 0 00:37:35 34
spine04(swp54) 4 65199 814 805 0 0 0 00:37:35 34
Total number of neighbors 4
运行 vtysh show ip route 命令以检查底层路由并确定交换机如何到达远程 VTEP。以下示例显示了来自叶子交换机的输出
这是全局(底层)路由表的路由表。使用 `vrf` 关键字查看主机所在的特定 VRF 的路由。
cumulus@leaf01:mgmt:~$ sudo vtysh
leaf01# show ip route
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
C>* 10.0.1.1/32 is directly connected, lo, 00:40:02
B>* 10.0.1.2/32 [20/0] via fe80::2ef3:45ff:fef4:6f5f, swp53, weight 1, 00:40:04
* via fe80::ae56:f0ff:fef3:590c, swp54, weight 1, 00:40:04
* via fe80::c299:6bff:fec0:e1ca, swp52, weight 1, 00:40:04
* via fe80::f208:5fff:fe12:cc8c, swp51, weight 1, 00:40:04
B>* 10.0.1.254/32 [20/0] via fe80::2ef3:45ff:fef4:6f5f, swp53, weight 1, 00:35:18
* via fe80::ae56:f0ff:fef3:590c, swp54, weight 1, 00:35:18
* via fe80::c299:6bff:fec0:e1ca, swp52, weight 1, 00:35:18
* via fe80::f208:5fff:fe12:cc8c, swp51, weight 1, 00:35:18
C>* 10.10.10.1/32 is directly connected, lo, 00:42:58
B>* 10.10.10.2/32 [200/0] via fe80::c28a:e6ff:fe03:96d0, peerlink.4094, weight 1, 00:42:56
B>* 10.10.10.3/32 [20/0] via fe80::2ef3:45ff:fef4:6f5f, swp53, weight 1, 00:42:55
* via fe80::ae56:f0ff:fef3:590c, swp54, weight 1, 00:42:55
* via fe80::c299:6bff:fec0:e1ca, swp52, weight 1, 00:42:55
* via fe80::f208:5fff:fe12:cc8c, swp51, weight 1, 00:42:55
B>* 10.10.10.4/32 [20/0] via fe80::2ef3:45ff:fef4:6f5f, swp53, weight 1, 00:42:55
* via fe80::ae56:f0ff:fef3:590c, swp54, weight 1, 00:42:55
* via fe80::c299:6bff:fec0:e1ca, swp52, weight 1, 00:42:55
* via fe80::f208:5fff:fe12:cc8c, swp51, weight 1, 00:42:55
B>* 10.10.10.63/32 [20/0] via fe80::2ef3:45ff:fef4:6f5f, swp53, weight 1, 00:42:55
* via fe80::ae56:f0ff:fef3:590c, swp54, weight 1, 00:42:55
* via fe80::c299:6bff:fec0:e1ca, swp52, weight 1, 00:42:55
* via fe80::f208:5fff:fe12:cc8c, swp51, weight 1, 00:42:55
B>* 10.10.10.64/32 [20/0] via fe80::2ef3:45ff:fef4:6f5f, swp53, weight 1, 00:38:07
* via fe80::ae56:f0ff:fef3:590c, swp54, weight 1, 00:38:07
* via fe80::c299:6bff:fec0:e1ca, swp52, weight 1, 00:38:07
* via fe80::f208:5fff:fe12:cc8c, swp51, weight 1, 00:38:07
B>* 10.10.10.101/32 [20/0] via fe80::f208:5fff:fe12:cc8c, swp51, weight 1, 00:42:56
B>* 10.10.10.102/32 [20/0] via fe80::c299:6bff:fec0:e1ca, swp52, weight 1, 00:42:56
B>* 10.10.10.103/32 [20/0] via fe80::2ef3:45ff:fef4:6f5f, swp53, weight 1, 00:42:56
B>* 10.10.10.104/32 [20/0] via fe80::ae56:f0ff:fef3:590c, swp54, weight 1, 00:42:56
显示 EVPN 地址族对等体
运行 vtysh show bgp l2vpn evpn summary 命令以查看参与 EVPN 地址族的 BGP 对等体及其状态。以下来自叶子交换机的示例输出显示与四个脊交换机建立 eBGP 对等以交换 EVPN 路由;所有对等会话均处于established 状态。
cumulus@leaf01:mgmt:~$ sudo vtysh
leaf01# show bgp l2vpn evpn summary
BGP router identifier 10.10.10.1, local AS number 65101 vrf-id 0
BGP table version 0
RIB entries 23, using 4416 bytes of memory
Peers 4, using 85 KiB of memory
Peer groups 1, using 64 bytes of memory
Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd
spine01(swp51) 4 65199 958 949 0 0 0 00:44:46 34
spine02(swp52) 4 65199 958 949 0 0 0 00:44:46 34
spine03(swp53) 4 65199 958 949 0 0 0 00:44:46 34
spine04(swp54) 4 65199 958 949 0 0 0 00:44:46 34
Total number of neighbors 4
显示 EVPN VNI
要在参与 BGP EVPN 的网络设备上显示配置的 VNI,请运行 vtysh show bgp l2vpn evpn vni 命令。此命令仅与 VTEP 相关。对于对称路由,此命令显示每个租户 VRF 的特殊第 3 层 VNI。
cumulus@leaf01:mgmt:~$ sudo vtysh
leaf01# show bgp l2vpn evpn vni
Advertise Gateway Macip: Disabled
Advertise SVI Macip: Disabled
Advertise All VNI flag: Enabled
BUM flooding: Head-end replication
Number of L2 VNIs: 3
Number of L3 VNIs: 2
Flags: * - Kernel
VNI Type RD Import RT Export RT Tenant VRF
* 20 L2 10.10.10.1:4 65101:20 65101:20 RED
* 30 L2 10.10.10.1:6 65101:30 65101:30 BLUE
* 10 L2 10.10.10.1:3 65101:10 65101:10 RED
* 4002 L3 10.1.30.2:2 65101:4002 65101:4002 BLUE
* 4001 L3 10.1.20.2:5 65101:4001 65101:4001 RED
运行 NVUE nv show evpn vni 命令或 vtysh show evpn vni 命令以查看所有 VNI 的摘要以及与每个 VNI 关联的 MAC 或 ARP 条目的数量。
cumulus@leaf01:mgmt:~$ nv show evpn vni
NumMacs - Number of MACs (local and remote) known for this VNI, NumArps - Number
of ARPs (IPv4 and IPv6, local and remote) known for this VNI
, NumRemVteps - Number of Remote Vteps, Bridge - Bridge to which the vni
belongs, Vlan - VLAN assoicated to MAC
VNI NumMacs NumArps NumRemVteps TenantVrf Bridge Vlan
--- ------- ------- ----------- --------- ---------- ----
10 7 4 1 RED br_default 10
20 7 4 1 RED br_default 20
30 7 4 1 BLUE br_default 30
运行 NVUE nv show evpn vni <vni> 命令或 vtysh show evpn vni <vni> 命令以详细检查特定 VNI 的 EVPN 信息。以下示例输出显示了第 2 层 VNI 10 的详细信息。输出显示了包含该 VNI 的远程 VTEP。
cumulus@leaf01:mgmt:~$ nv show evpn vni 10
----------------- ----------- -------
operational applied
----------------- ----------- -------
route-advertise
svi-ip off
default-gateway off
[remote-vtep] 10.0.1.34
vlan 10
bridge-domain br_default
tenant-vrf RED
vxlan-interface vxlan48
mac-count 7
host-count 4
remote-vtep-count 1
local-vtep 10.0.1.12
要显示 VNI BGP 信息,请运行 NVUE nv show evpn vni <id> bgp-info 和 nv show vrf <vrf_id> evpn bgp-info 命令,或 vtysh show bgp l2vpn evpn vni <vni> 命令。
cumulus@border01:mgmt:~$ nv show vrf RED evpn bgp-info
operational
--------------------- -----------------
rd 10.10.10.1:3
local-vtep 10.0.1.12
router-mac 44:38:39:be:ef:aa
system-mac 44:38:39:22:01:7a
system-ip 10.10.10.1
[import-route-target] 65101:4001
[export-route-target] 65101:4001
检查 VNI 的本地和远程 MAC 地址
运行 NVUE nv show evpn vni <vni> mac 命令或 vtysh show evpn mac vni <vni> 命令以检查 VNI 的所有本地和远程 MAC 地址。此命令仅与第 2 层 VNI 相关
cumulus@leaf01:mgmt:~$ nv show evpn vni 10 mac
LocMobSeq - local mobility sequence, RemMobSeq - remote mobility sequence,
RemoteVtep - Remote Vtep address, Esi - Remote Esi
MAC address Type LocMobSeq RemMobSeq Interface RemoteVtep Esi
----------------- ------ --------- --------- --------- ---------- ---
44:38:39:22:01:8a remote 0 0 10.0.1.34
44:38:39:22:01:78 local 0 0 peerlink
44:38:39:22:01:84 remote 0 0 10.0.1.34
48:b0:2d:5c:8a:ee local 0 0 bond1
48:b0:2d:29:c0:bb remote 0 0 10.0.1.34
48:b0:2d:c9:f8:14 remote 0 0 10.0.1.34
48:b0:2d:fa:72:e7 local 0 0 bond
运行 vtysh show evpn mac vni all 命令以检查所有 VNI 的 MAC 地址。
您可以检查特定 MAC 地址的详细信息或查询特定 VTEP 后面的所有远程 MAC 地址
cumulus@leaf01:mgmt:~$ sudo vtysh
...
leaf01# show evpn mac vni 10 mac 94:8e:1c:0d:77:93
MAC: 94:8e:1c:0d:77:93
Remote VTEP: 10.0.1.2
Sync-info: neigh#: 0
Local Seq: 0 Remote Seq: 0
Neighbors:
No Neighbors
leaf01# show evpn mac vni 20 vtep 10.0.1.2
VNI 20
MAC Type FlagsIntf/Remote ES/VTEP VLAN Seq #'s
12:15:9a:9c:f2:e1 remote 10.0.1.2 1/0
50:88:b2:3c:08:f9 remote 10.0.1.2 0/0
f8:4f:db:ef:be:8b remote 10.0.1.2 0/0
c8:7d:bc:96:71:f3 remote 10.0.1.2 0/0
检查 VNI 的本地和远程邻居
运行 vtysh show evpn arp-cache vni <vni> 命令以检查 VNI 的所有本地和远程邻居(ARP 条目)。此命令仅与第 2 层 VNI 相关,输出显示 IPv4 和 IPv6 邻居条目
cumulus@leaf01:mgmt:~$ sudo vtysh
...
leaf01# show evpn arp-cache vni 10
Number of ARPs (local and remote) known for this VNI: 6
Flags: I=local-inactive, P=peer-active, X=peer-proxy
Neighbor Type Flags State MAC Remote ES/VTEP Seq #'s
10.1.10.2 local active 76:ed:2a:8a:67:24 0/0
fe80::968e:1cff:fe0d:7793 remote active 68:0f:31:ae:3d:7a 10.0.1.2 0/0
10.1.10.101 local active 26:76:e6:93:32:78 0/0
fe80::9465:45ff:fe6d:4890 local active 26:76:e6:93:32:78 0/0
10.1.10.104 remote active 68:0f:31:ae:3d:7a 10.0.1.2 0/0
fe80::74ed:2aff:fe8a:6724 local active 76:ed:2a:8a:67:24 0/0
...
运行 vtysh show evpn arp-cache vni all 命令以检查所有 VNI 的邻居条目。
检查远程路由器 MAC 地址
要检查与对称路由的所有远程 VTEP 对应的路由器 MAC 地址,请运行 NVUE nv show vrf <vrf> evpn remote-router-mac 命令或 vtysh show evpn rmac vni all 命令。此命令仅与第 3 层 VNI 相关
cumulus@border01:mgmt:~$ nv show vrf RED evpn remote-router-mac
MAC address remote-vtep
----------------- -----------
44:38:39:22:01:7a 10.10.10.1
44:38:39:22:01:7c 10.10.10.64
44:38:39:22:01:8a 10.10.10.4
44:38:39:22:01:78 10.10.10.2
44:38:39:22:01:84 10.10.10.3
44:38:39:be:ef:aa 10.0.1.12
检查网关下一跳
要检查对称路由的网关下一跳,请运行 NVUE nv show vrf <vrf> evpn nexthop-vtep 命令或 vtysh show evpn next-hops vni all 命令。此命令仅与第 3 层 VNI 相关。网关下一跳 IP 地址对应于远程 VTEP IP 地址。Cumulus Linux 使用这些下一跳安装远程主机和前缀路由。
cumulus@border01:mgmt:~$ nv show vrf RED evpn nexthop-vtep
Nexthop router-mac
----------- -----------------
10.0.1.12 44:38:39:be:ef:aa
10.10.10.1 44:38:39:22:01:7a
10.10.10.2 44:38:39:22:01:78
10.10.10.3 44:38:39:22:01:84
10.10.10.4 44:38:39:22:01:8a
10.10.10.64 44:38:39:22:01:7c
要显示特定下一跳的路由器 MAC 地址,请运行 NVUE nv show vrf <vrf> evpn nexthop-vtep <ip-address> 命令
cumulus@leaf01:mgmt:~$ nv show vrf RED evpn nexthop-vtep 10.10.10.2
operational
---------- -----------------
router-mac 44:38:39:22:01:78
要显示通过特定下一跳的远程主机和前缀路由,请运行 vtysh show evpn next-hops vni <vni> ip <ip-address> 命令
cumulus@leaf01:mgmt:~$ sudo vtysh
...
leaf01# show evpn next-hops vni 4001 ip 10.0.1.2
Ip: 10.0.1.2
RMAC: 44:38:39:be:ef:bb
Refcount: 2
Prefixes:
10.1.10.104/32
10.1.20.105/32
要显示下一跳组的 VTEP IP 地址,请运行 nv show evpn l2-nhg vtep-ip 命令。
显示访问 VLAN
要在交换机上显示访问 VLAN 及其对应的 VNI,请运行 NVUE nv show evpn access-vlan-info 命令或 vtysh show evpn access-vlan 命令。
cumulus@border01:mgmt:~$ nv show evpn access-vlan-info
vlan
=======
Id MemberCnt Vni VniCnt VxlanIntf MemberIntf
---- --------- --- ------ --------- ----------
1 1 peerlink
10 2 10 1 vxlan48 bond1
peerlink
20 2 20 1 vxlan48 bond2
peerlink
30 2 30 1 vxlan48 bond3
peerlink
4006 1 vxlan48
4063 1 vxlan48
您可以使用 nv show evpn access-vlan-info vlan <vlan> 命令深入了解并显示有关特定 vlan 的信息。
在 FRR 中显示 VRF 路由表
运行 NVUE nv show vrf <vrf-id> router rib <address-family> route 命令或 vtysh show ip route vrf <vrf-name> 命令以检查 VRF 路由表。使用此命令进行对称路由以验证远程主机和前缀路由是否在 VRF 路由表中,并指向适当的网关下一跳。
cumulus@leaf01:mgmt:~$ nv show vrf RED router rib ipv4 route
Flags - * - selected, q - queued, o - offloaded, i - installed, S - fib-
selected, x - failed
Route Protocol Distance Uptime NHGId Metric Flags
-------------- --------- -------- -------------------- ----- ------ -----
0.0.0.0/0 kernel 255 2024-10-25T14:02:23Z 21 8192 *Si
10.1.10.0/24 connected 0 2024-10-25T14:02:33Z 100 1024 io
connected 0 2024-10-25T14:02:33Z 88 0 *Sio
10.1.20.0/24 connected 0 2024-10-25T14:02:33Z 103 1024 io
connected 0 2024-10-25T14:02:33Z 92 0 *Sio
10.1.20.105/32 bgp 20 2024-10-25T14:02:46Z 166 0 *Si
10.1.30.0/24 bgp 20 2024-10-25T14:02:39Z 154 0 *Si
cumulus@leaf01:mgmt:~$ sudo vtysh
...
leaf01# show ip route vrf RED
show ip route vrf RED
======================
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric,
> - selected route, * - FIB route, q - queued route, r - rejected route
VRF RED:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:53:46
C * 10.1.10.0/24 [0/1024] is directly connected, vlan10-v0, 00:53:46
C>* 10.1.10.0/24 is directly connected, vlan10, 00:53:46
B>* 10.1.10.104/32 [20/0] via 10.0.1.2, vlan4001 onlink, weight 1, 00:43:55
C * 10.1.20.0/24 [0/1024] is directly connected, vlan20-v0, 00:53:46
C>* 10.1.20.0/24 is directly connected, vlan20, 00:53:46
B>* 10.1.20.105/32 [20/0] via 10.0.1.2, vlan4001 onlink, weight 1, 00:20:07
...
在上面的输出中,EVPN 指定这些路由的下一跳为onlink,或可通过指定的 SVI 到达。这是必要的,因为此接口不需要具有 IP 地址。即使接口具有 IP 地址,下一跳也不在同一子网上,因为它通常是远程 VTEP 的 IP 地址(底层 IP 网络的一部分)。
显示全局 BGP EVPN 路由表
运行 vtysh show bgp l2vpn evpn route 命令以显示所有 EVPN 路由,包括本地路由和远程路由。Cumulus Linux 基于 RD 确定路由,因为它们跨越 VNI 和 VRF
cumulus@leaf01:mgmt:~$ sudo vtysh
...
leaf01# show bgp l2vpn evpn route
BGP table version is 6, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[ESI]:[EthTag]:[IPlen]:[VTEP-IP]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
Network Next Hop Metric LocPrf Weight Path
Extended Community
Route Distinguisher: 10.10.10.1:3
*> [2]:[0]:[48]:[00:60:08:69:97:ef]
10.0.1.1 32768 i
ET:8 RT:65101:10 RT:65101:4001 Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[26:76:e6:93:32:78]
10.0.1.1 32768 i
ET:8 RT:65101:10 RT:65101:4001 Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[26:76:e6:93:32:78]:[32]:[10.1.10.101]
10.0.1.1 32768 i
ET:8 RT:65101:10 RT:65101:4001 Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[26:76:e6:93:32:78]:[128]:[fe80::9465:45ff:fe6d:4890]
10.0.1.1 32768 i
ET:8 RT:65101:10
*> [2]:[0]:[48]:[c0:8a:e6:03:96:d0]
10.0.1.1 32768 i
ET:8 RT:65101:10 RT:65101:4001 MM:0, sticky MAC Rmac:44:38:39:be:ef:aa
*> [3]:[0]:[32]:[10.0.1.1]
10.0.1.1 32768 i
ET:8 RT:65101:10
Route Distinguisher: 10.10.10.1:4
*> [2]:[0]:[48]:[c0:8a:e6:03:96:d0]
10.0.1.1 32768 i
ET:8 RT:65101:20 RT:65101:4001 MM:0, sticky MAC Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[cc:6e:fa:8d:ff:92]
10.0.1.1 32768 i
ET:8 RT:65101:20 RT:65101:4001 Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[f0:9d:d0:59:60:5d]
10.0.1.1 32768 i
ET:8 RT:65101:20 RT:65101:4001 Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[f0:9d:d0:59:60:5d]:[128]:[fe80::ce6e:faff:fe8d:ff92]
10.0.1.1 32768 i
ET:8 RT:65101:20
*> [3]:[0]:[32]:[10.0.1.1]
10.0.1.1 32768 i
ET:8 RT:65101:20
Route Distinguisher: 10.10.10.1:6
*> [2]:[0]:[48]:[c0:8a:e6:03:96:d0]
10.0.1.1 32768 i
ET:8 RT:65101:30 RT:65101:4002 MM:0, sticky MAC Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[de:02:3b:17:c9:6d]
10.0.1.1 32768 i
ET:8 RT:65101:30 RT:65101:4002 Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[de:02:3b:17:c9:6d]:[128]:[fe80::dc02:3bff:fe17:c96d]
10.0.1.1 32768 i
ET:8 RT:65101:30
*> [2]:[0]:[48]:[ea:77:bb:f1:a7:ca]
10.0.1.1 32768 i
ET:8 RT:65101:30 RT:65101:4002 Rmac:44:38:39:be:ef:aa
*> [3]:[0]:[32]:[10.0.1.1]
10.0.1.1 32768 i
ET:8 RT:65101:30
Route Distinguisher: 10.10.10.3:3
*> [2]:[0]:[48]:[12:15:9a:9c:f2:e1]
10.0.1.2 0 65199 65102 i
RT:65102:20 RT:65102:4001 ET:8 Rmac:44:38:39:be:ef:bb
* [2]:[0]:[48]:[12:15:9a:9c:f2:e1]
10.0.1.2 0 65199 65102 i
RT:65102:20 RT:65102:4001 ET:8 Rmac:44:38:39:be:ef:bb
...
您可以根据 EVPN 路由类型过滤路由表。可用选项包括:ead:EAD(类型 1)路由 es:以太网段(类型 4)路由 macip:MAC-IP(类型 2)路由 multicast:组播前缀:IPv4 或 IPv6 前缀
显示 EVPN RD 路由
要显示 EVPN RD 路由,请运行 nv show vrf <vrf> router bgp address-family l2vpn-evpn route 命令。此命令以简要格式显示 EVPN RD 路由,以提高高规模环境的性能。要更详细地显示 EVPN RD 路由,请运行 nv show vrf <vrf> router bgp address-family l2vpn-evpn route --view=detail 命令。要以 json 格式显示信息,请运行 nv show vrf <vrf> router bgp address-family l2vpn-evpn route -o json 命令。
cumulus@leaf01:mgmt:~$ nv show vrf default router bgp address-family l2vpn-evpn route
PathCnt - number of L2VPN EVPN per (RD, route-type) paths
Route rd route-type PathCnt
---------------------------------------------------------------------- ------------- ---------- -------
[10.10.10.1:2]:[5]:[0]:[10.1.30.0/24] 10.10.10.1:2 5 1
[10.10.10.1:3]:[5]:[0]:[10.1.10.0/24] 10.10.10.1:3 5 1
[10.10.10.1:3]:[5]:[0]:[10.1.20.0/24] 10.10.10.1:3 5 1
[10.10.10.1:4]:[2]:[0]:[44:38:39:22:01:78] 10.10.10.1:4 2 1
[10.10.10.1:4]:[2]:[0]:[48:b0:2d:7f:74:13] 10.10.10.1:4 2 1
[10.10.10.1:4]:[2]:[0]:[48:b0:2d:7f:74:13]:[10.1.20.102] 10.10.10.1:4 2 1
[10.10.10.1:4]:[2]:[0]:[48:b0:2d:7f:74:13]:[fe80::4ab0:2dff:fe7f:7413] 10.10.10.1:4 2 1
[10.10.10.1:4]:[2]:[0]:[48:b0:2d:a4:40:62] 10.10.10.1:4 2 1
[10.10.10.1:4]:[3]:[0]:[10.0.1.12] 10.10.10.1:4 3 1
[10.10.10.1:5]:[2]:[0]:[44:38:39:22:01:78] 10.10.10.1:5 2 1
[10.10.10.1:5]:[2]:[0]:[48:b0:2d:99:9e:04] 10.10.10.1:5 2 1
[10.10.10.1:5]:[2]:[0]:[48:b0:2d:c2:f9:21] 10.10.10.1:5 2 1
[10.10.10.1:5]:[2]:[0]:[48:b0:2d:c2:f9:21]:[10.1.30.103] 10.10.10.1:5 2 1
[10.10.10.1:5]:[2]:[0]:[48:b0:2d:c2:f9:21]:[fe80::4ab0:2dff:fec2:f921] 10.10.10.1:5 2 1
[10.10.10.1:5]:[3]:[0]:[10.0.1.12] 10.10.10.1:5 3 1
[10.10.10.1:6]:[2]:[0]:[44:38:39:22:01:78] 10.10.10.1:6 2 1
[10.10.10.1:6]:[2]:[0]:[48:b0:2d:5c:8a:ee] 10.10.10.1:6 2 1
[10.10.10.1:6]:[2]:[0]:[48:b0:2d:fa:72:e7] 10.10.10.1:6 2 1
[10.10.10.1:6]:[2]:[0]:[48:b0:2d:fa:72:e7]:[10.1.10.101] 10.10.10.1:6 2 1
[10.10.10.1:6]:[2]:[0]:[48:b0:2d:fa:72:e7]:[fe80::4ab0:2dff:fefa:72e7] 10.10.10.1:6 2 1
[10.10.10.1:6]:[3]:[0]:[10.0.1.12] 10.10.10.1:6 3 1
[10.10.10.2:2]:[5]:[0]:[10.1.30.0/24] 10.10.10.2:2 5 5
[10.10.10.2:3]:[5]:[0]:[10.1.10.0/24] 10.10.10.2:3 5 5
[10.10.10.2:3]:[5]:[0]:[10.1.20.0/24] 10.10.10.2:3 5 5
[10.10.10.3:2]:[5]:[0]:[10.1.30.0/24] 10.10.10.3:2 5 5
[10.10.10.3:3]:[5]:[0]:[10.1.10.0/24] 10.10.10.3:3 5 5
[10.10.10.3:3]:[5]:[0]:[10.1.20.0/24] 10.10.10.3:3 5 5
[10.10.10.3:4]:[2]:[0]:[44:38:39:22:01:8a] 10.10.10.3:4 2 5
[10.10.10.3:4]:[2]:[0]:[48:b0:2d:48:21:9d] 10.10.10.3:4 2 5
[10.10.10.3:4]:[2]:[0]:[48:b0:2d:82:43:48] 10.10.10.3:4 2 5
[10.10.10.3:4]:[2]:[0]:[48:b0:2d:82:43:48]:[10.1.20.105] 10.10.10.3:4 2 5
[10.10.10.3:4]:[2]:[0]:[48:b0:2d:82:43:48]:[fe80::4ab0:2dff:fe82:4348] 10.10.10.3:4 2 5
[10.10.10.3:4]:[3]:[0]:[10.0.1.34] 10.10.10.3:4 3 5
[10.10.10.3:5]:[2]:[0]:[44:38:39:22:01:8a] 10.10.10.3:5 2 5
[10.10.10.3:5]:[2]:[0]:[48:b0:2d:d5:45:6f] 10.10.10.3:5 2 5
[10.10.10.3:5]:[2]:[0]:[48:b0:2d:d5:45:6f]:[10.1.30.106] 10.10.10.3:5 2 5
[10.10.10.3:5]:[2]:[0]:[48:b0:2d:d5:45:6f]:[fe80::4ab0:2dff:fed5:456f] 10.10.10.3:5 2 5
[10.10.10.3:5]:[2]:[0]:[48:b0:2d:df:a8:20] 10.10.10.3:5 2 5
[10.10.10.3:5]:[3]:[0]:[10.0.1.34] 10.10.10.3:5 3 5
[10.10.10.3:6]:[2]:[0]:[44:38:39:22:01:8a] 10.10.10.3:6 2 5
[10.10.10.3:6]:[2]:[0]:[48:b0:2d:29:c0:bb] 10.10.10.3:6 2 5
[10.10.10.3:6]:[2]:[0]:[48:b0:2d:29:c0:bb]:[10.1.10.104] 10.10.10.3:6 2 5
[10.10.10.3:6]:[2]:[0]:[48:b0:2d:29:c0:bb]:[fe80::4ab0:2dff:fe29:c0bb] 10.10.10.3:6 2 5
[10.10.10.3:6]:[2]:[0]:[48:b0:2d:c9:f8:14] 10.10.10.3:6 2 5
[10.10.10.3:6]:[3]:[0]:[10.0.1.34] 10.10.10.3:6 3 5
[10.10.10.4:2]:[5]:[0]:[10.1.30.0/24] 10.10.10.4:2 5 5
[10.10.10.4:3]:[5]:[0]:[10.1.10.0/24] 10.10.10.4:3 5 5
[10.10.10.4:3]:[5]:[0]:[10.1.20.0/24] 10.10.10.4:3 5 5
[10.10.10.4:4]:[2]:[0]:[44:38:39:22:01:84] 10.10.10.4:4 2 5
[10.10.10.4:4]:[2]:[0]:[48:b0:2d:48:21:9d] 10.10.10.4:4 2 5
[10.10.10.4:4]:[2]:[0]:[48:b0:2d:82:43:48] 10.10.10.4:4 2 5
[10.10.10.4:4]:[2]:[0]:[48:b0:2d:82:43:48]:[10.1.20.105] 10.10.10.4:4 2 5
[10.10.10.4:4]:[2]:[0]:[48:b0:2d:82:43:48]:[fe80::4ab0:2dff:fe82:4348] 10.10.10.4:4 2 5
[10.10.10.4:4]:[3]:[0]:[10.0.1.34] 10.10.10.4:4 3 5
[10.10.10.4:5]:[2]:[0]:[44:38:39:22:01:84] 10.10.10.4:5 2 5
[10.10.10.4:5]:[2]:[0]:[48:b0:2d:d5:45:6f] 10.10.10.4:5 2 5
[10.10.10.4:5]:[2]:[0]:[48:b0:2d:d5:45:6f]:[10.1.30.106] 10.10.10.4:5 2 5
[10.10.10.4:5]:[2]:[0]:[48:b0:2d:d5:45:6f]:[fe80::4ab0:2dff:fed5:456f] 10.10.10.4:5 2 5
[10.10.10.4:5]:[2]:[0]:[48:b0:2d:df:a8:20] 10.10.10.4:5 2 5
[10.10.10.4:5]:[3]:[0]:[10.0.1.34] 10.10.10.4:5 3 5
[10.10.10.4:6]:[2]:[0]:[44:38:39:22:01:84] 10.10.10.4:6 2 5
[10.10.10.4:6]:[2]:[0]:[48:b0:2d:29:c0:bb] 10.10.10.4:6 2 5
[10.10.10.4:6]:[2]:[0]:[48:b0:2d:29:c0:bb]:[10.1.10.104] 10.10.10.4:6 2 5
[10.10.10.4:6]:[2]:[0]:[48:b0:2d:29:c0:bb]:[fe80::4ab0:2dff:fe29:c0bb] 10.10.10.4:6 2 5
[10.10.10.4:6]:[2]:[0]:[48:b0:2d:c9:f8:14] 10.10.10.4:6 2 5
[10.10.10.4:6]:[3]:[0]:[10.0.1.34] 10.10.10.4:6 3 5
[10.10.10.63:2]:[5]:[0]:[10.1.10.0/24] 10.10.10.63:2 5 5
[10.10.10.63:2]:[5]:[0]:[10.1.20.0/24] 10.10.10.63:2 5 5
[10.10.10.63:3]:[5]:[0]:[10.1.30.0/24] 10.10.10.63:3 5 5
[10.10.10.64:2]:[5]:[0]:[10.1.10.0/24] 10.10.10.64:2 5 5
[10.10.10.64:2]:[5]:[0]:[10.1.20.0/24] 10.10.10.64:2 5 5
[10.10.10.64:3]:[5]:[0]:[10.1.30.0/24] 10.10.10.64:3 5 5
显示特定 EVPN 路由
要深入了解特定路由的更多信息,请运行 vtysh show bgp l2vpn evpn route rd <rd-value> 命令。此命令显示具有该 RD 的所有 EVPN 路由以及每个路径的路径属性详细信息。还可以根据路由类型或通过指定 MAC 和/或 IP 地址进行其他过滤。以下示例显示了 server05 的特定 MAC/IP 路由。输出显示此远程主机位于 VTEP 10.10.10.3 之后,并且可通过四个路径到达;每个路径都通过一个脊交换机。此示例来自对称路由配置,因此路由同时显示第 2 层 VNI (20) 和第 3 层 VNI (4001),以及与每个 VNI 对应的 EVPN 路由目标属性和关联的路由器 MAC 地址。
cumulus@leaf01:mgmt:~$ sudo vtysh
leaf01# show bgp l2vpn evpn route rd 10.10.10.3:3 mac 12:15:9a:9c:f2:e1 ip 10.1.20.105
BGP routing table entry for 10.10.10.3:3:[2]:[0]:[48]:[12:15:9a:9c:f2:e1]:[32]:[10.1.20.105]
Paths: (4 available, best #1)
Advertised to non peer-group peers:
spine01(swp51) spine02(swp52) spine03(swp53) spine04(swp54)
Route [2]:[0]:[48]:[12:15:9a:9c:f2:e1]:[32]:[10.1.20.105] VNI 20/4001
65199 65102
10.0.1.2 from spine01(swp51) (10.10.10.101)
Origin IGP, valid, external, bestpath-from-AS 65199, best (Router ID)
Extended Community: RT:65102:20 RT:65102:4001 ET:8 Rmac:44:38:39:be:ef:bb
Last update: Fri Jan 15 08:16:24 2021
Route [2]:[0]:[48]:[12:15:9a:9c:f2:e1]:[32]:[10.1.20.105] VNI 20/4001
65199 65102
10.0.1.2 from spine04(swp54) (10.10.10.104)
Origin IGP, valid, external
Extended Community: RT:65102:20 RT:65102:4001 ET:8 Rmac:44:38:39:be:ef:bb
Last update: Fri Jan 15 08:16:24 2021
Route [2]:[0]:[48]:[12:15:9a:9c:f2:e1]:[32]:[10.1.20.105] VNI 20/4001
65199 65102
10.0.1.2 from spine02(swp52) (10.10.10.102)
Origin IGP, valid, external
Extended Community: RT:65102:20 RT:65102:4001 ET:8 Rmac:44:38:39:be:ef:bb
Last update: Fri Jan 15 08:16:24 2021
Route [2]:[0]:[48]:[12:15:9a:9c:f2:e1]:[32]:[10.1.20.105] VNI 20/4001
65199 65102
10.0.1.2 from spine03(swp53) (10.10.10.103)
Origin IGP, valid, external
Extended Community: RT:65102:20 RT:65102:4001 ET:8 Rmac:44:38:39:be:ef:bb
Last update: Fri Jan 15 08:16:24 2021
Displayed 4 paths for requested prefix
- 仅使用全局 VNI。即使交换机在类型 2 和类型 5 路由中交换 VNI 值,Cumulus Linux 在将路由安装到转发平面时也不使用接收到的值,而是使用本地配置。确保整个网络中租户 VRF 的 VLAN 到 VNI 映射和第 3 层 VNI 分配相同。
- 如果远程主机是双连接的,则 EVPN 路由的下一跳是远程 MLAG 对在 MLAG 处于活动状态时的任播 IP 地址。
显示 VNI EVPN 路由表
即使没有适当的本地 VNI 将接收到的 EVPN 路由导入到其中,交换机也会将接收到的 EVPN 路由维护在全局 EVPN 路由表中。例如,脊交换机维护全局 EVPN 路由表,即使表中不存在 VNI。当本地 VNI 存在时,交换机会根据路由目标属性将接收到的 EVPN 路由导入到每个 VNI 的路由表中。您可以使用 vtysh show bgp vni <vni> 命令检查每个 VNI 的路由表
leaf01# show bgp vni 10
BGP table version is 351, local router ID is 10.10.10.1
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-1 prefix: [1]:[ESI]:[EthTag]:[IPlen]:[VTEP-IP]:[Frag-id]
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]
Network Next Hop Metric LocPrf Weight Path
*> [2]:[0]:[48]:[44:38:39:00:00:32]:[32]:[10.1.10.101]
10.0.1.12 (leaf01)
32768 i
ET:8 RT:65101:10 RT:65101:4001 Rmac:44:38:39:be:ef:aa
*> [2]:[0]:[48]:[44:38:39:00:00:32]:[128]:[fe80::4638:39ff:fe00:32]
10.0.1.12 (leaf01)
32768 i
ET:8 RT:65101:10
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (leaf02)
0 65102 65199 65104 i
RT:65104:10 ET:8
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (leaf02)
0 65102 65199 65103 i
RT:65103:10 ET:8
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (spine02)
0 65199 65104 i
RT:65104:10 ET:8
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (spine02)
0 65199 65103 i
RT:65103:10 ET:8
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (spine04)
0 65199 65104 i
RT:65104:10 ET:8
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (spine04)
0 65199 65103 i
RT:65103:10 ET:8
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (spine03)
0 65199 65104 i
RT:65104:10 ET:8
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (spine03)
0 65199 65103 i
RT:65103:10 ET:8
* [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (spine01)
0 65199 65104 i
RT:65104:10 ET:8
*> [2]:[0]:[48]:[44:38:39:00:00:3e]:[128]:[fe80::4638:39ff:fe00:3e]
10.0.1.34 (spine01)
0 65199 65103 i
RT:65103:10 ET:8
...
要显示所有 VNI 的 VNI 路由表,请运行 vtysh show bgp l2vpn evpn route vni all 命令。
要使用 NVUE 查看 EVPN RIB,请运行 nv show vrf <vrf> router bgp address-family l2vpn-evpn route 命令。
显示 VRF BGP 路由表
对于对称路由,交换机根据路由目标属性上的匹配项,将接收到的类型 2 和类型 5 路由导入到 VRF 路由表(根据地址族:IPv4 单播或 IPv6 单播)。要检查 BGP VRF 路由表,请运行 vtysh show bgp vrf <vrf-name> ipv4 unicast 和 show bgp vrf <vrf-name> ipv6 unicast 命令。
cumulus@leaf01:mgmt:~$ sudo vtysh
...
leaf01# show bgp vrf RED ipv4 unicast
BGP table version is 2, local router ID is 10.1.20.2, vrf id 24
Default local pref 100, local AS 65101
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 10.1.10.104/32 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
*> 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.1.20.105/32 10.0.1.2< 0 65199 65102 i
*> 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
* 10.0.1.2< 0 65199 65102 i
Displayed 2 routes and 16 total paths
支持 EVPN 邻居发现 (ND) 扩展社区
在仅为第 2 层配置 VTEP 的具有 ARP 和 ND 抑制的 EVPN VXLAN 中,EVPN 需要携带附加信息以用于连接的设备,以便代理 ND 可以为连接的主机提供正确的信息。如果没有此信息,主机将无法配置其默认路由器或丢失其现有的默认路由器信息。Cumulus Linux 支持 EVPN 邻居发现 (ND) 扩展社区,其类型字段值为 0x06,子类型字段值为 0x08(ND 扩展社区)和路由器标志;这使交换机能够确定特定的 IPv6-MAC 对是属于主机还是路由器。
以下配置使用路由器标志(R 位)
- 具有网关路由器的集中式 VXLAN 路由。
- 具有 ARP 和 ND 抑制的第 2 层交换机。
当 MAC/IP(类型 2)路由包含带有 R 位标志的 IPv6-MAC 对时,该路由属于路由器。如果 R 位为零,则该路由属于主机。如果路由器位于本地 LAN 网段中,则实施代理 ND 功能的交换机会通过侦听关联 IPv6 地址的邻居通告消息来了解此信息。其他 EVPN 对等体通过在 BGP 更新中使用 ND 扩展社区来交换此信息。
要显示邻居表包含 EVPN arp-cache 并且 IPv6-MAC 条目属于路由器,请运行 vtysh show evpn arp-cache vni <vni> ip <address> 命令。例如
cumulus@leaf01:mgmt:~$ sudo vtysh
...
leaf01# show evpn arp-cache vni 20 ip 10.1.20.105
IP: 10.1.20.105
Type: remote
State: active
MAC: 12:15:9a:9c:f2:e1
Sync-info: -
Remote VTEP: 10.0.1.2
Local Seq: 0 Remote Seq: 0
检查 MAC 移动
当 MAC 首次从一个 VTEP 后移动到另一个 VTEP 后时,BGP 会将 MAC 移动性 (MM) 扩展社区属性(序列号为 1)与该 MAC 的类型 2 路由相关联。从那里开始,每当此 MAC 移动到新的 VTEP 时,MM 序列号都会递增 1。您可以使用 vtysh show bgp l2vpn evpn route vni <vni> mac <mac> 命令检查与 MAC 的类型 2 路由关联的 MM 序列号。以下示例输出显示了已移动三次的 MAC 的类型 2 路由
cumulus@switch:~$ sudo vtysh
...
switch# show bgp l2vpn evpn route vni 10109 mac 00:02:22:22:22:02
BGP routing table entry for [2]:[0]:[0]:[48]:[00:02:22:22:22:02]
Paths: (1 available, best #1)
Not advertised to any peer
Route [2]:[0]:[0]:[48]:[00:02:22:22:22:02] VNI 10109
Local
6.0.0.184 from 0.0.0.0 (6.0.0.184)
Origin IGP, localpref 100, weight 32768, valid, sourced, local, bestpath-from-AS Local, best
Extended Community: RT:650184:10109 ET:8 MM:3
AddPath ID: RX 0, TX 10350121
Last update: Tue Feb 14 18:40:37 2017
Displayed 1 paths for requested prefix
检查静态 MAC 地址
您可以通过 vtysh show bgp l2vpn evpn route vni <vni> mac <mac> 命令输出的扩展社区行中是否存在 MM:0, sticky MAC 来识别 EVPN 中的静态或粘性 MAC。
cumulus@switch:~$ sudo vtysh
...
switch# show bgp l2vpn evpn route vni 10101 mac 00:02:00:00:00:01
BGP routing table entry for [2]:[0]:[0]:[48]:[00:02:00:00:00:01]
Paths: (1 available, best #1)
Not advertised to any peer
Route [2]:[0]:[0]:[48]:[00:02:00:00:00:01] VNI 10101
Local
172.16.130.18 from 0.0.0.0 (172.16.130.18)
Origin IGP, localpref 100, weight 32768, valid, sourced, local, bestpath-from-AS Local, best
Extended Community: ET:8 RT:60176:10101 MM:0, sticky MAC
AddPath ID: RX 0, TX 46
Last update: Tue Apr 11 21:44:02 2017
Displayed 1 paths for requested prefix
启用 FRR 调试日志
要排除 EVPN 故障,请启用 FRR 调试日志。相关的调试选项包括
选项 | 描述 |
|---|---|
debug zebra vxlan | 跟踪 VNI 添加和删除(本地和远程)以及 MAC 和邻居添加和删除(本地和远程)。 |
debug zebra kernel | 跟踪与内核交换的实际 netlink 消息,其中包括所有内容,而不仅仅是 EVPN。 |
debug bgp updates | 跟踪 BGP 更新交换,包括所有更新。输出还显示 EVPN 特定信息。 |
debug bgp zebra | 跟踪 BGP 和 zebra 之间针对 EVPN(和其他)路由的交互。 |
ICMP 回显回复和 ping 命令
当您运行 ping -I 命令并指定接口时,您不会收到 ICMP 回显回复。但是,当您运行不带 -I 选项的 ping 命令时,一切都按预期工作。
ping -I 命令示例
cumulus@switch:default:~:# ping -I swp2 10.0.10.1
PING 10.0.10.1 (10.0.10.1) from 10.0.0.2 swp1.5: 56(84) bytes of data.
ping 命令示例
cumulus@switch:default:~:# ping 10.0.10.1
PING 10.0.10.1 (10.0.10.1) 56(84) bytes of data.
64 bytes from 10.0.10.1: icmp_req=1 ttl=63 time=4.00 ms
64 bytes from 10.0.10.1: icmp_req=2 ttl=63 time=0.000 ms
64 bytes from 10.0.10.1: icmp_req=3 ttl=63 time=0.000 ms
64 bytes from 10.0.10.1: icmp_req=4 ttl=63 time=0.000 ms
^C
--- 10.0.10.1 ping statistics ---
4 packets transmitted, 4 received, 0% packet loss, time 3004ms
rtt min/avg/max/mdev = 0.000/1.000/4.001/1.732 ms
当您使用 ping -I 命令向不在同一子网中的 IP 地址发送 ICMP 回显请求时,Cumulus Linux 会为目标 IP 地址创建失败的 ARP 条目。
有关详细信息,请参阅本文。