VRF 路由泄露的三层扩展
在引入基于 IP 的 VPN 服务后,VRF 路由泄露在企业和服务提供商环境以及基于 EVPN 的以太网 VPN 中变得越来越普遍。VRF 隔离路由表,并在广域网 (WAN) 和数据中心内创建多租户。然而,跨 VRF 的路由通常是必要的,尤其是在 VRF 之间的外部路由不可行或不经济的情况下。在数据中心 Fabric 中实施路由泄露时,您需要知道网络中需要在哪里发生路由泄露。
如果您想使用一个通用分母来保留每个 POD 的摘要,并将 POD 和 DC 位置互连,则边界叶是一个不错的选择。通常,您在数据中心互连的地方使用边界叶,例如防火墙、负载均衡器、IDS、SSL 卸载设备或 WAF。如果您有任何这些互连服务,则边界叶是可以看到 DC 中每个租户的点。您通常在与每个租户网络直接连接的 VRF 之间使用这些网络和安全服务。因此,在常规叶交换机上执行 VRF 路由泄露会阻止这些服务看到全局,因为它们连接到服务叶或边界叶。如果您希望拥有确定性的一组下一跳或到达交叉连接点的跳数,则使用边界叶也是一个好主意。
每个网络都是独一无二的,并且有其自身的业务和技术要求。您可能会发现,路由泄露最适合您在每个单独的叶子上进行。每个叶子都可以执行泄露操作;因此,根据操作的复杂性和规模,这可能是所需的解决方案。您也可以部分在边界叶上执行路由泄露,部分在常规叶上执行。
配置
以下示例显示了路由泄露配置。
cumulus@borderleaf01:mgmt:~$ nv set evpn enable on
cumulus@borderleaf01:mgmt:~$ nv set interface eth0 ip vrf mgmt
cumulus@borderleaf01:mgmt:~$ nv set interface eth0 type eth
cumulus@borderleaf01:mgmt:~$ nv set interface lo ip address 10.10.10.10/32
cumulus@borderleaf01:mgmt:~$ nv set interface lo type loopback
cumulus@borderleaf01:mgmt:~$ nv set interface swp1-3 type swp
cumulus@borderleaf01:mgmt:~$ nv set nve vxlan enable on
cumulus@borderleaf01:mgmt:~$ nv set router bgp autonomous-system 65110
cumulus@borderleaf01:mgmt:~$ nv set router bgp enable on
cumulus@borderleaf01:mgmt:~$ nv set router bgp router-id 10.10.10.10
cumulus@borderleaf01:mgmt:~$ nv set router policy route-map control_t5 rule 1 action permit
cumulus@borderleaf01:mgmt:~$ nv set router policy route-map control_t5 rule 1 match evpn-route-type ip-prefix
cumulus@borderleaf01:mgmt:~$ nv set router policy route-map control_t5 rule 3 action deny
cumulus@borderleaf01:mgmt:~$ nv set service lldp
cumulus@borderleaf01:mgmt:~$ nv set system config auto-save enable on
cumulus@borderleaf01:mgmt:~$ nv set system global anycast-id 10
cumulus@borderleaf01:mgmt:~$ nv set system global fabric-id 10
cumulus@borderleaf01:mgmt:~$ nv set system hostname borderleaf01
cumulus@borderleaf01:mgmt:~$ nv set system message post-login 'DCI ref guide - Layer3 VRF stretch topology with route leaking use case'
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN evpn enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN evpn vni 4002
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast aggregate-route 192.168.1.0/24
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast aggregate-route 192.168.10.0/24
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast route-export to-evpn enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp autonomous-system 65110
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target 65210:5001
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target 65210:5002
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:4001
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:4002
cumulus@borderleaf01:mgmt:~$ nv set vrf GREEN router bgp router-id 10.10.10.10
cumulus@borderleaf01:mgmt:~$ nv set vrf RED evpn enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf RED evpn vni 4001
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast aggregate-route 192.168.2.0/24
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast aggregate-route 192.168.20.0/24
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast route-export to-evpn enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast route-import
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp autonomous-system 65110
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target 65210:5001
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target 65210:5002
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:4001
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:4002
cumulus@borderleaf01:mgmt:~$ nv set vrf RED router bgp router-id 10.10.10.10
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast network 10.10.10.10/32
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp address-family l2vpn-evpn enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp neighbor swp1 peer-group underlay
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp neighbor swp1 type unnumbered
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp neighbor swp2 peer-group underlay
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp neighbor swp2 type unnumbered
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp neighbor swp3 peer-group dci_group1
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp neighbor swp3 type unnumbered
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 address-family ipv4-unicast enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 address-family l2vpn-evpn enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 address-family l2vpn-evpn policy outbound route-map control_t5
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 remote-as external
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp peer-group underlay address-family ipv4-unicast
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp peer-group underlay address-family l2vpn-evpn enable on
cumulus@borderleaf01:mgmt:~$ nv set vrf default router bgp peer-group underlay remote-as external
cumulus@borderleaf04:mgmt:~$ nv set evpn enable on
cumulus@borderleaf04:mgmt:~$ nv set interface eth0 ip vrf mgmt
cumulus@borderleaf04:mgmt:~$ nv set interface eth0 type eth
cumulus@borderleaf04:mgmt:~$ nv set interface lo ip address 10.10.20.11/32
cumulus@borderleaf04:mgmt:~$ nv set interface lo type loopback
cumulus@borderleaf04:mgmt:~$ nv set interface swp1-3 type swp
cumulus@borderleaf04:mgmt:~$ nv set nve vxlan enable on
cumulus@borderleaf04:mgmt:~$ nv set router bgp autonomous-system 65210
cumulus@borderleaf04:mgmt:~$ nv set router bgp enable on
cumulus@borderleaf04:mgmt:~$ nv set router bgp router-id 10.10.20.11
cumulus@borderleaf04:mgmt:~$ nv set router policy community-list
cumulus@borderleaf04:mgmt:~$ nv set router policy route-map control_t5 rule 1 action permit
cumulus@borderleaf04:mgmt:~$ nv set router policy route-map control_t5 rule 1 match evpn-route-type ip-prefix
cumulus@borderleaf04:mgmt:~$ nv set router policy route-map control_t5 rule 3 action deny
cumulus@borderleaf04:mgmt:~$ nv set service lldp
cumulus@borderleaf04:mgmt:~$ nv set system config auto-save enable on
cumulus@borderleaf04:mgmt:~$ nv set system global anycast-id 20
cumulus@borderleaf04:mgmt:~$ nv set system global fabric-id 20
cumulus@borderleaf04:mgmt:~$ nv set system hostname borderleaf04
cumulus@borderleaf04:mgmt:~$ nv set system message post-login 'DCI ref guide - Layer3 VRF stretch topology with route leaking use case'
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN evpn enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN evpn vni 5002
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast aggregate-route 192.168.10.0/24
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast route-export to-evpn enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp autonomous-system 65210
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target 65110:4001
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target 65110:4002
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:5001
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:5002
cumulus@borderleaf04:mgmt:~$ nv set vrf GREEN router bgp router-id 10.10.20.11
cumulus@borderleaf04:mgmt:~$ nv set vrf RED evpn enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf RED evpn vni 5001
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast aggregate-route 192.168.20.0/24
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast route-export to-evpn enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp autonomous-system 65210
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target 65110:4001
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target 65110:4002
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:5001
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:5002
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router bgp router-id 10.10.20.11
cumulus@borderleaf04:mgmt:~$ nv set vrf RED router static
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast network 10.10.20.11/32
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp address-family l2vpn-evpn enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp neighbor swp1 peer-group underlay
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp neighbor swp1 type unnumbered
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp neighbor swp2 peer-group underlay
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp neighbor swp2 type unnumbered
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp neighbor swp3 peer-group dci_group1
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp neighbor swp3 type unnumbered
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 address-family ipv4-unicast enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 address-family l2vpn-evpn enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 address-family l2vpn-evpn policy outbound route-map control_t5
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 remote-as external
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp peer-group underlay address-family l2vpn-evpn enable on
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp peer-group underlay remote-as external
cumulus@leaf01:mgmt:~$ nv set vrf GREEN evpn enable on
cumulus@leaf01:mgmt:~$ nv set vrf GREEN evpn vni 4002
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast enable on
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast route-export to-evpn enable on
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp autonomous-system 65101
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp enable on
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp peer-group underlay address-family l2vpn-evpn enable on
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:4001
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:4002
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:5001
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:5002
cumulus@leaf01:mgmt:~$ nv set vrf GREEN router bgp router-id 10.10.10.1
cumulus@leaf01:mgmt:~$ nv set vrf RED evpn enable on
cumulus@leaf01:mgmt:~$ nv set vrf RED evpn vni 4001
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast enable on
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast route-export to-evpn enable on
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp autonomous-system 65101
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp enable on
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp peer-group underlay address-family l2vpn-evpn enable on
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:4001
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:4002
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:5001
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:5002
cumulus@leaf01:mgmt:~$ nv set vrf RED router bgp router-id 10.10.10.1
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast enable on
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast network 10.10.10.1/32
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp address-family l2vpn-evpn enable on
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp enable on
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp neighbor swp1 peer-group underlay
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp neighbor swp1 type unnumbered
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp neighbor swp2 peer-group underlay
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp neighbor swp2 type unnumbered
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp peer-group underlay address-family l2vpn-evpn enable on
cumulus@leaf01:mgmt:~$ nv set vrf default router bgp peer-group underlay remote-as external
cumulus@leaf03:mgmt:~$ nv set vrf GREEN evpn enable on
cumulus@leaf03:mgmt:~$ nv set vrf GREEN evpn vni 5002
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast enable on
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp address-family ipv4-unicast route-export to-evpn enable on
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp autonomous-system 65201
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp enable on
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp peer-group underlay address-family l2vpn-evpn enable on
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:4001
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:4002
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:5001
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp route-import from-evpn route-target ANY:5002
cumulus@leaf03:mgmt:~$ nv set vrf GREEN router bgp router-id 10.10.20.1
cumulus@leaf03:mgmt:~$ nv set vrf RED evpn enable on
cumulus@leaf03:mgmt:~$ nv set vrf RED evpn vni 5001
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast enable on
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp address-family ipv4-unicast route-export to-evpn enable on
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp autonomous-system 65201
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp enable on
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp peer-group underlay address-family l2vpn-evpn enable on
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:4001
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:4002
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:5001
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp route-import from-evpn route-target ANY:5002
cumulus@leaf03:mgmt:~$ nv set vrf RED router bgp router-id 10.10.20.1
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast enable on
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast network 10.10.20.1/32
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp address-family ipv4-unicast redistribute connected enable on
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp address-family l2vpn-evpn enable on
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp enable on
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp neighbor swp1 peer-group underlay
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp neighbor swp1 type unnumbered
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp neighbor swp2 peer-group underlay
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp neighbor swp2 type unnumbered
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp peer-group underlay address-family l2vpn-evpn enable on
cumulus@leaf03:mgmt:~$ nv set vrf default router bgp peer-group underlay remote-as external
叶交换机还必须导入边界叶通告的跨站点路由目标;互连的数据中心使用与下游 VNI 不同的 VNI。经典的 auto-route-target 导入功能无法检测到这些 VNI,也无法自动导入路由目标。
Both RED and GREEN VRFs include the route-import statement to mutually leak (inject) EVPN type-5 routes into their respective routing tables: nv set vrf <vrf_name> router bgp route-import from-evpn route-target <asn:vni>
borderleaf01 和 borderleaf04 之间存在直接 DCI 连接。您必须为 DCI 底层会话启用 l2vpn 地址族,以交换 EVPN 路由。
为避免使用 EVPN type-2 和 type-3 路由进行任何二层扩展,请使用应用于出站方向 BGP 对等组的简单过滤器来过滤任何不需要的 EVPN 路由类型
cumulus@borderleaf04:mgmt:~$ nv set router policy route-map control_t5 rule 1 action permit
cumulus@borderleaf04:mgmt:~$ nv set router policy route-map control_t5 rule 1 match evpn-route-type ip-prefix
cumulus@borderleaf04:mgmt:~$ nv set router policy route-map control_t5 rule 3 action deny
cumulus@borderleaf04:mgmt:~$ nv set vrf default router bgp peer-group dci_group1 address-family l2vpn-evpn policy outbound route-map control_t5
验证和检查路由泄露
要验证泄露到每个 VRF 中的路由目标,并检查每个 VRF 的 BGP 和路由表,请在边界叶交换机上运行以下命令。
cumulus@borderleaf01:mgmt:~$ nv show vrf RED evpn bgp-info
operational applied
--------------------- ----------------- -------
local-vtep 10.10.10.10
router-mac 44:38:39:22:dd:06
system-ip 10.10.10.10
system-mac 44:38:39:22:dd:06
[export-route-target] 65110:4001
[import-route-target] 0:4001
[import-route-target] 0:4002
[import-route-target] 65210:5001
[import-route-target] 65210:5002
cumulus@borderleaf01:mgmt:~$ nv show vrf GREEN evpn bgp-info
operational applied
--------------------- ----------------- -------
local-vtep 10.10.10.10
router-mac 44:38:39:22:dd:06
system-ip 10.10.10.10
system-mac 44:38:39:22:dd:06
[export-route-target] 65110:4002
[import-route-target] 0:4001
[import-route-target] 0:4002
[import-route-target] 65210:5001
[import-route-target] 65210:5002
cumulus@borderleaf01:mgmt:~$ net show route vrf RED
show ip route vrf RED
======================
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric, Z - FRR,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF RED:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:45:07
B>* 192.168.1.0/24 [20/0] via 10.10.10.1, vlan220_l3 onlink, weight 1, 00:45:04
* via 10.10.10.2, vlan220_l3 onlink, weight 1, 00:45:04
B>* 192.168.1.10/32 [20/0] via 10.10.10.1, vlan220_l3 onlink, weight 1, 00:45:04
* via 10.10.10.2, vlan220_l3 onlink, weight 1, 00:45:04
B>* 192.168.2.0/24 [200/0] unreachable (blackhole), weight 1, 00:45:04
B>* 192.168.2.10/32 [20/0] via 10.10.10.1, vxlan99 (vrf default) onlink, label 4002, weight 1, 00:45:04
* via 10.10.10.2, vxlan99 (vrf default) onlink, label 4002, weight 1, 00:45:04
B>* 192.168.10.0/24 [20/0] via 10.10.20.11, vxlan99 (vrf default) onlink, label 5002, weight 1, 00:45:04
B>* 192.168.20.0/24 [20/0] via 10.10.20.11, vxlan99 (vrf default) onlink, label 5001, weight 1, 00:45:04
show ipv6 route vrf RED
========================
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric, Z - FRR,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF RED:
K>* ::/0 [255/8192] unreachable (ICMP unreachable), 00:45:07
C>* fe80::/64 is directly connected, vlan220_l3, 00:45:07
cumulus@borderleaf01:mgmt:~$ net show route vrf GREEN
show ip route vrf GREEN
========================
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric, Z - FRR,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF GREEN:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 00:45:12
B>* 192.168.1.0/24 [200/0] unreachable (blackhole), weight 1, 00:45:09
B>* 192.168.1.10/32 [20/0] via 10.10.10.1, vxlan99 (vrf default) onlink, label 4001, weight 1, 00:45:09
* via 10.10.10.2, vxlan99 (vrf default) onlink, label 4001, weight 1, 00:45:09
B>* 192.168.2.0/24 [20/0] via 10.10.10.1, vlan370_l3 onlink, weight 1, 00:45:09
* via 10.10.10.2, vlan370_l3 onlink, weight 1, 00:45:09
B>* 192.168.2.10/32 [20/0] via 10.10.10.1, vlan370_l3 onlink, weight 1, 00:45:09
* via 10.10.10.2, vlan370_l3 onlink, weight 1, 00:45:09
B>* 192.168.10.0/24 [20/0] via 10.10.20.11, vxlan99 (vrf default) onlink, label 5002, weight 1, 00:45:09
B>* 192.168.20.0/24 [20/0] via 10.10.20.11, vxlan99 (vrf default) onlink, label 5001, weight 1, 00:45:09
show ipv6 route vrf GREEN
==========================
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric, Z - FRR,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF GREEN:
K>* ::/0 [255/8192] unreachable (ICMP unreachable), 00:45:12
C>* fe80::/64 is directly connected, vlan370_l3, 00:45:12
cumulus@borderleaf01:mgmt:~$ net show bgp vrf RED
show bgp vrf RED ipv4 unicast
=============================
BGP table version is 6, local router ID is 10.10.10.10, vrf id 13
Default local pref 100, local AS 65110
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*= 192.168.1.0/24 10.10.10.2< 0 65199 65102 ?
* 10.10.10.2< 0 65199 65102 ?
*> 10.10.10.1< 0 65199 65101 ?
* 10.10.10.1< 0 65199 65101 ?
*= 192.168.1.10/32 10.10.10.2< 0 65199 65102 i
* 10.10.10.2< 0 65199 65102 i
*> 10.10.10.1< 0 65199 65101 i
* 10.10.10.1< 0 65199 65101 i
*> 192.168.2.0/24 0.0.0.0 32768 i
* 10.10.10.2< 0 65199 65102 ?
* 10.10.10.2< 0 65199 65102 ?
* 10.10.10.1< 0 65199 65101 ?
* 10.10.10.1< 0 65199 65101 ?
*= 192.168.2.10/32 10.10.10.2< 0 65199 65102 i
* 10.10.10.2< 0 65199 65102 i
*> 10.10.10.1< 0 65199 65101 i
* 10.10.10.1< 0 65199 65101 i
*> 192.168.10.0/24 10.10.20.11< 0 65210 i
*> 192.168.20.0/24 10.10.20.11< 0 65210 i
Displayed 6 routes and 19 total paths
show bgp vrf RED ipv6 unicast
=============================
No BGP prefixes displayed, 0 exist
cumulus@borderleaf01:mgmt:~$ net show bgp vrf GREEN
show bgp vrf GREEN ipv4 unicast
===============================
BGP table version is 6, local router ID is 10.10.10.10, vrf id 11
Default local pref 100, local AS 65110
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
* 192.168.1.0/24 10.10.10.2< 0 65199 65102 ?
*> 0.0.0.0 32768 i
* 10.10.10.2< 0 65199 65102 ?
* 10.10.10.1< 0 65199 65101 ?
* 10.10.10.1< 0 65199 65101 ?
*= 192.168.1.10/32 10.10.10.2< 0 65199 65102 i
* 10.10.10.2< 0 65199 65102 i
*> 10.10.10.1< 0 65199 65101 i
* 10.10.10.1< 0 65199 65101 i
*= 192.168.2.0/24 10.10.10.2< 0 65199 65102 ?
* 10.10.10.2< 0 65199 65102 ?
*> 10.10.10.1< 0 65199 65101 ?
* 10.10.10.1< 0 65199 65101 ?
*= 192.168.2.10/32 10.10.10.2< 0 65199 65102 i
* 10.10.10.2< 0 65199 65102 i
*> 10.10.10.1< 0 65199 65101 i
* 10.10.10.1< 0 65199 65101 i
*> 192.168.10.0/24 10.10.20.11< 0 65210 i
*> 192.168.20.0/24 10.10.20.11< 0 65210 i
Displayed 6 routes and 19 total paths
show bgp vrf GREEN ipv6 unicast
===============================
No BGP prefixes displayed, 0 exist
cumulus@borderleaf04:mgmt:~$ nv show vrf RED evpn bgp-info
operational applied
--------------------- ----------------- -------
local-vtep 10.10.20.11
router-mac 44:38:39:22:dd:09
system-ip 10.10.20.11
system-mac 44:38:39:22:dd:09
[export-route-target] 65210:5001
[import-route-target] 0:5001
[import-route-target] 0:5002
[import-route-target] 65110:4001
[import-route-target] 65110:4002
cumulus@borderleaf04:mgmt:~$ nv show vrf GREEN evpn bgp-info
operational applied
--------------------- ----------------- -------
local-vtep 10.10.20.11
router-mac 44:38:39:22:dd:09
system-ip 10.10.20.11
system-mac 44:38:39:22:dd:09
[export-route-target] 65210:5002
[import-route-target] 0:5001
[import-route-target] 0:5002
[import-route-target] 65110:4001
[import-route-target] 65110:4002
cumulus@borderleaf04:mgmt:~$ net show route vrf RED
show ip route vrf RED
======================
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric, Z - FRR,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF RED:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 1d03h32m
B>* 192.168.1.0/24 [20/0] via 10.10.10.10, vxlan99 (vrf default) onlink, label 4002, weight 1, 00:41:52
B>* 192.168.2.0/24 [20/0] via 10.10.10.10, vxlan99 (vrf default) onlink, label 4001, weight 1, 00:41:52
B>* 192.168.10.0/24 [20/0] via 10.10.20.1, vlan220_l3 onlink, weight 1, 00:41:52
* via 10.10.20.2, vlan220_l3 onlink, weight 1, 00:41:52
B>* 192.168.10.110/32 [20/0] via 10.10.20.1, vlan220_l3 onlink, weight 1, 00:41:52
* via 10.10.20.2, vlan220_l3 onlink, weight 1, 00:41:52
B>* 192.168.20.0/24 [200/0] unreachable (blackhole), weight 1, 00:41:52
B>* 192.168.20.110/32 [20/0] via 10.10.20.1, vxlan99 (vrf default) onlink, label 5002, weight 1, 00:41:52
* via 10.10.20.2, vxlan99 (vrf default) onlink, label 5002, weight 1, 00:41:52
show ipv6 route vrf RED
========================
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric, Z - FRR,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF RED:
K>* ::/0 [255/8192] unreachable (ICMP unreachable), 1d03h32m
C>* fe80::/64 is directly connected, vlan220_l3, 1d03h32m
cumulus@borderleaf04:mgmt:~$ net show route vrf GREEN
show ip route vrf GREEN
========================
Codes: K - kernel route, C - connected, S - static, R - RIP,
O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
F - PBR, f - OpenFabric, Z - FRR,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF GREEN:
K>* 0.0.0.0/0 [255/8192] unreachable (ICMP unreachable), 1d03h32m
B>* 192.168.1.0/24 [20/0] via 10.10.10.10, vxlan99 (vrf default) onlink, label 4002, weight 1, 00:41:57
B>* 192.168.2.0/24 [20/0] via 10.10.10.10, vxlan99 (vrf default) onlink, label 4001, weight 1, 00:41:57
B>* 192.168.10.0/24 [200/0] unreachable (blackhole), weight 1, 00:41:57
B>* 192.168.10.110/32 [20/0] via 10.10.20.1, vxlan99 (vrf default) onlink, label 5001, weight 1, 00:41:57
* via 10.10.20.2, vxlan99 (vrf default) onlink, label 5001, weight 1, 00:41:57
B>* 192.168.20.0/24 [20/0] via 10.10.20.1, vlan370_l3 onlink, weight 1, 00:41:57
* via 10.10.20.2, vlan370_l3 onlink, weight 1, 00:41:57
B>* 192.168.20.110/32 [20/0] via 10.10.20.1, vlan370_l3 onlink, weight 1, 00:41:57
* via 10.10.20.2, vlan370_l3 onlink, weight 1, 00:41:57
show ipv6 route vrf GREEN
==========================
Codes: K - kernel route, C - connected, S - static, R - RIPng,
O - OSPFv3, I - IS-IS, B - BGP, N - NHRP, T - Table,
v - VNC, V - VNC-Direct, A - Babel, D - SHARP, F - PBR,
f - OpenFabric, Z - FRR,
> - selected route, * - FIB route, q - queued, r - rejected, b - backup
t - trapped, o - offload failure
VRF GREEN:
K>* ::/0 [255/8192] unreachable (ICMP unreachable), 1d03h32m
C>* fe80::/64 is directly connected, vlan370_l3, 1d03h32m
cumulus@borderleaf04:mgmt:~$ net show bgp vrf RED
show bgp vrf RED ipv4 unicast
=============================
BGP table version is 40, local router ID is 10.10.20.11, vrf id 13
Default local pref 100, local AS 65210
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0/24 10.10.10.10< 0 65110 i
*> 192.168.2.0/24 10.10.10.10< 0 65110 i
*= 192.168.10.0/24 10.10.20.2< 0 65299 65202 ?
* 10.10.20.2< 0 65299 65202 ?
*> 10.10.20.1< 0 65299 65201 ?
* 10.10.20.1< 0 65299 65201 ?
*= 192.168.10.110/32
10.10.20.2< 0 65299 65202 i
* 10.10.20.2< 0 65299 65202 i
*> 10.10.20.1< 0 65299 65201 i
* 10.10.20.1< 0 65299 65201 i
*> 192.168.20.0/24 0.0.0.0 32768 i
* 10.10.20.2< 0 65299 65202 ?
* 10.10.20.2< 0 65299 65202 ?
* 10.10.20.1< 0 65299 65201 ?
* 10.10.20.1< 0 65299 65201 ?
*= 192.168.20.110/32
10.10.20.2< 0 65299 65202 i
* 10.10.20.2< 0 65299 65202 i
*> 10.10.20.1< 0 65299 65201 i
* 10.10.20.1< 0 65299 65201 i
Displayed 6 routes and 19 total paths
show bgp vrf RED ipv6 unicast
=============================
No BGP prefixes displayed, 0 exist
cumulus@borderleaf04:mgmt:~$ net show bgp vrf GREEN
show bgp vrf GREEN ipv4 unicast
===============================
BGP table version is 40, local router ID is 10.10.20.11, vrf id 11
Default local pref 100, local AS 65210
Status codes: s suppressed, d damped, h history, * valid, > best, = multipath,
i internal, r RIB-failure, S Stale, R Removed
Nexthop codes: @NNN nexthop's vrf id, < announce-nh-self
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
*> 192.168.1.0/24 10.10.10.10< 0 65110 i
*> 192.168.2.0/24 10.10.10.10< 0 65110 i
*> 192.168.10.0/24 0.0.0.0 32768 i
* 10.10.20.2< 0 65299 65202 ?
* 10.10.20.2< 0 65299 65202 ?
* 10.10.20.1< 0 65299 65201 ?
* 10.10.20.1< 0 65299 65201 ?
*= 192.168.10.110/32
10.10.20.2< 0 65299 65202 i
* 10.10.20.2< 0 65299 65202 i
*> 10.10.20.1< 0 65299 65201 i
* 10.10.20.1< 0 65299 65201 i
*= 192.168.20.0/24 10.10.20.2< 0 65299 65202 ?
* 10.10.20.2< 0 65299 65202 ?
*> 10.10.20.1< 0 65299 65201 ?
* 10.10.20.1< 0 65299 65201 ?
*= 192.168.20.110/32
10.10.20.2< 0 65299 65202 i
* 10.10.20.2< 0 65299 65202 i
*> 10.10.20.1< 0 65299 65201 i
* 10.10.20.1< 0 65299 65201 i
Displayed 6 routes and 19 total paths
show bgp vrf GREEN ipv6 unicast
===============================
No BGP prefixes displayed, 0 exist