VXLAN
Konfigurasi SPINE-01 (VXLAN Underlay)
##CONFIG IP INTERFACE##
feature ospf
router ospf UNDERLAY
int lo0
ip add 192.168.0.1/32
ip router ospf UNDERLAY area 0
exit
int eth1/1
no shut
mtu 9150
no switchport
ip add 10.11.14.4/29
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
exit
int eth1/2
no shut
mtu 9150
no switchport
ip add 10.12.14.4/29
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
exit
###PIM CONFIGURATION##
feature pim
ip pim rp-address 10.4.5.10 group-list 224.0.0./4
ip pim anycast-rp 10.4.5.10 192.168.0.1
ip pim anycast-rp 10.4.5.10 192.168.0.2
int lo0
ip add 192.168.0.1/32
ip pim sparse-mode
int lo1
ip add 10.4.5.10/32
ip pim sparse-mode
int eth1/1, eth1/2
ip pim sparse-mode
##Config BGP ##
feature bgp
feature nv overlay
nv overlay evpn
router bgp 65000
router-id 1.1.1.1
neighbor 192.168.10.0/24
remote-as 65000
update-source loo0
address-family l2vpn evpn
send community extended
route-reflector-client
exit
exit
Konfigurasi SPINE-02
##CONFIG IP INTERFACE##
feature ospf
router ospf UNDERLAY
int lo0
ip add 192.168.0.2/32
ip router ospf UNDERLAY area 0
exit
int eth1/1
no shut
mtu 9150
no switchport
ip add 10.11.15.5/29
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
exit
int eth1/2
no shut
mtu 9150
no switchport
ip add 10.12.15.5/29
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
exit
###PIM CONFIGURATION##
feature pim
ip pim rp-address 10.4.5.10 group-list 224.0.0./4
ip pim anycast-rp 10.4.5.10 192.168.0.1
ip pim anycast-rp 10.4.5.10 192.168.0.2
int lo0
ip add 192.168.0.2/32
ip pim sparse-mode
int lo1
ip add 10.4.5.11/32
ip pim sparse-mode
int eth1/1, eth1/2
ip pim sparse-mode
##Config BGP ##
feature bgp
feature nv overlay
nv overlay evpn
router bgp 65000
router-id 2.2.2.2
neighbor 192.168.10.0/24
remote-as 65000
update-source loo0
address-family l2vpn evpn
send community extended
route-reflector-client
exit
exit
VERIFKASI:
sh bgp l2vpn evpn summary
sh ip os neighbors
LEAF-01
TAHAP-1: Underlay Configuration
feature ospf
router ospf UNDERLAY
int lo0
ip add 192.168.10.3/32
ip router ospf UNDERLAY area 0
exit
int eth1/1
no shut
mtu 9150
no switchport
ip add 10.11.14.1/29
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
exit
int eth1/2
no shut
mtu 9150
no switchport
ip add 10.11.15.1/29
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
exit
TAHAP-2: PIM CONFIGURATION
feature pim
ip pim rp-address 10.4.5.10 group-list 224.0.0./4
int lo0
ip add 192.168.10.3/32
ip pim sparse-mode
int eth1/1, eth1/2
ip pim sparse-mode
TAHAP-3: BGP CONFIGURATION
feature bgp
feature nv overlay
nv overlay evpn
router bgp 65000
router-id 3.3.3.3
neighbor 192.168.0.1
remote-as 65000
update-source loo0
address-family l2vpn evpn
send community extended
exit
neighbor 192.168.0.2
remote-as 65000
update-source loo0
address-family l2vpn evpn
send community extended
exit
VERIFIKASi:
show cli history unformatted
show cli history unformatted | last 50
sh run | sec rp-address
sh run | sec ospf
sh run | sec bgp
sh ip ospf neighbor
ping 192.168.10.4 source 192.168.10.3
sh ip route 192.168.10.4
sh ip pim rp
sh ip pim neighbor
VERIFIKASI BGP
sh run | sec bgp
sh bgp l2vpn evpn summary
==============================================
TAHAP-4: OVERLAY L2 BRIDGING CONFIGURATION
Config Fabric Programing
I. Overlay Configuration for L2 Forwarding
a. Config VLAN and Map
b. Config downstraming port as access or trunk port
c. Config NVE interface required VNI members and config nescesary as multicast group and ARP suppresion
d. Define L2 VNIs under teh EVPN
a)
------
feature vn-segment-vlan-based
a).
vlan 10
vn-segment 100010
vlan 20
vn-segment 100020
b).
Biasanya ketika input suppres-arp akan muncul error karena kita diminta untuk mengkonfig TCAM terlebih dahulu. Maka ketik command dibawah ini dimasing-masing switch LEAF-01 dan LEAF-02
hardware access-list tcam region span 0
hardware access-list tcam region vacl 0
hardware access-list tcam region arp-ether 256
Lalu lanjut konfig interface NVE dibawah ini
interface nve 1
no shut
host-reachability protocol bgp
source-interface loo0
member vni 100010
mcast-group 239.0.0.10
suppress-arp
member vni 100020
mcast-group 239.0.0.10
suppress-arp
VERIFIKASI:
show nve vni
show nve vni summary
sh run interface nve 1
show vxlan
c).
feature fabric forwarding
evpn
vni 100010 l2
rd auto
route-target import auto
route-target export auto
vni 1000q0 l2
rd auto
route-target import auto
route-target export auto
-----------------------------------------------------
Noted: jika diperangkat N5k butuh tambaha konfigurasi:
install feature-set fabric
feature-set fabric
hardware ethernet store-and-forward-switching
-----------------------------------------------------
VERIFIKASI:
show run | sec feature
---------------------------
**Additional
feature telnet
feature privilege
---------------------------------------
KONFIG TAMBAHAN: (Leaf-1 dan Leaf-2)
nv overlay evpn
evpn
vni 100010 l2
rd auto
route-target both auto
------------------------------------------
VERIFKASI:
sh run | sec evpn
show nve interface
show nve peers -->pastika peer-nya muncul
Assign port Eth1/3 vlan 10, dan Eth1/4 VLan20
interface ethernet 1/3
no sh
switchport
switchport mod access
switchport access vlan 10
exit
interface ethernet 1/4
no sh
switchport
switchport mod access
switchport access vlan 20
===========================================
TAHAP-5: Overlay L3 Routing Configuration
a). Config VRF mengunakan overlay trafikand define L3 Vni
b). COnfig VRF_Shared VLan used L3 forwarding nad associate it with VRF's L3 VNI
c). COnfig distribution anycast gateway MAC
d). COnfig SVIs include VRDF-shared
e). Under NVE interface , assiciate L3 VNI define in the CRF contecx config
f). Redsitrubute the SVI subnet into BGP process under VRF address familiy
(ALL LEAF SWITCH)
vrf context TENANT1
vni 50000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
VERIFKASI:
show run | sec vrf
-------------------------------
vlan 500
vn-segment 50000
VERIFKASI:
show run vlan 500
---------------------------------
fabric forwarding anycast-gateway-mac 0000.1234.5678
-----------------------------
feature interface-vlan
interface vlan 10
mtu 9150
vrf member TENANT1
ip address 192.168.100.254/24 tag 56363
fabric forwarding mode anycast-gateway
ip pim sparse-mode
no shut
exit
interface vlan 20
mtu 9150
vrf member TENANT1
ip address 192.168.200.254/24 tag 56363
fabric forwarding mode anycast-gateway
ip pim sparse-mode
no shut
exit
VERIFKASI:
sh run interface vlan 10
---
int vlan 500
vrf member TENANT1
ip forward
no shut
VERIFKASI:
sh ip int br vrf TENANT1
sh spanning-tree vlan 10
----------------------------
interface nve 1
member vni 50000 associate-vrf
Konfig Route-MAP Permit
route-map SUBNETs permit 10
match tag 56363
exit
router bgp 65000
vrf TENANT1
address-familiy ipv4 unicast
redistribute direct route-map SUBNETs
VERIFIKASI:
sh run bgp
sh bgp l2vpn evpn
sh ip int br vrf teNANT1
sh ip route 192.168.100.11 vrf TENANT1
sh ip route 192.168.200.11 vrf TENANT1
===========================================
LEAF-02
TAHAP-1: Underlay Configuration
feature ospf
router ospf UNDERLAY
int lo0
ip add 192.168.10.4/32
ip router ospf UNDERLAY area 0
exit
int eth1/1
no shut
mtu 9150
no switchport
ip add 10.11.15.5/29
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
exit
int eth1/2
no shut
mtu 9150
no switchport
ip add 10.12.15.5/29
ip ospf network point-to-point
ip router ospf UNDERLAY area 0
exit
TAHAP-2: PIM CONFIGURATION
feature pim
ip pim rp-address 10.4.5.10 group-list 224.0.0./4
int lo0
ip add 192.168.10.4/32
ip pim sparse-mode
int eth1/1, eth1/2
ip pim sparse-mode
TAHAP-3: BGP CONFIGURATION
feature bgp
feature nv overlay
nv overlay evpn
router bgp 65000
router-id 4.4.4.4
neighbor 192.168.0.1
remote-as 65000
update-source loo0
address-family l2vpn evpn
send community extended
exit
neighbor 192.168.0.2
remote-as 65000
update-source loo0
address-family l2vpn evpn
send community extended
exit
VERIFIKASi:
show cli history unformatted
show cli history unformatted | last 50
sh run | sec rp-address
sh run | sec ospf
sh run | sec bgp
sh ip ospf neighbor
ping 192.168.10.3 source 192.168.10.4
sh ip route 192.168.10.3
sh ip pim rp
sh ip pim neighbor
VERIFIKASI BGP
sh run | sec bgp
sh bgp l2vpn evpn summary
======================================================
TAHAP-4: OVERLAY L2 BRIDGING CONFIGURATION
Config Fabric Programing
I. Overlay Configuration for L2 Forwarding
a. Config VLAN and Map
b. Config downstraming port as access or trunk port
c. Config NVE interface required VNI members and config nescesary as multicast group and ARP suppresion
d. Define L2 VNIs under teh EVPN
a)
----
feature vn-segment-vlan-based
a).
vlan 10
vn-segment 100010
vlan 20
vn-segment 100020
b).
interface nve 1
no shut
host-reachability protocol bgp
source-interface loo0
member vni 100010
mcast-group 239.0.0.10
suppress-arp
member vni 100020
mcast-group 239.0.0.10
suppress-arp
VERIFIKASI:
show nve vni
show nve vni summary
sh run interface nve 1
show vxlan
---
c).
feature fabric forwarding
evpn
vni 100010 l2
rd auto
route-target import auto
route-target export auto
vni 1000q0 l2
rd auto
route-target import auto
route-target export auto
-----------------------------------------------------
Noted: jika diperangkat N5k butuh tambaha konfigurasi:
install feature-set fabric
feature-set fabric
hardware ethernet store-and-forward-switching
-----------------------------------------------------
VERIFIKASI:
show run | sec feature
---------------------------
**Additional
feature telnet
feature privilege
---------------------------------------
KONFIG TAMBAHAN: (Leaf-1 dan Leaf-2)
nv overlay evpn
evpn
vni 100010 l2
rd auto
route-target both auto
------------------------------------------
VERIFKASI:
sh run | sec evpn
show nve interface
show nve peers -->pastika peer-nya muncul
-------------------------
Assign port Eth1/3 vlan 10, dan Eth1/4 VLan20
interface ethernet 1/3
no sh
switchport
switchport mod access
switchport access vlan 10
exit
interface ethernet 1/4
no sh
switchport
switchport mod access
switchport access vlan 20
===========================================
TAHAP-5: Overlay L3 Routing Configuration
a). Config VRF mengunakan overlay trafikand define L3 Vni
b). COnfig VRF_Shared VLan used L3 forwarding nad associate it with VRF's L3 VNI
c). COnfig distribution anycast gateway MAC
d). COnfig SVIs include VRDF-shared
e). Under NVE interface , assiciate L3 VNI define in the CRF contecx config
f). Redsitrubute the SVI subnet into BGP process under VRF address familiy
(ALL LEAF SWITCH)
vrf context TENANT1
vni 50000
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
VERIFKASI:
show run | sec vrf
-------------------------------
vlan 500
vn-segment 50000
VERIFKASI:
show run vlan 500
---------------------------------
fabric forwarding anycast-gateway-mac 0000.1234.5678
-----------------------------
feature interface-vlan
interface vlan 10
mtu 9150
vrf member TENANT1
ip address 192.168.100.254/24 tag 56363
fabric forwarding mode anycast-gateway
ip pim sparse-mode
no shut
exit
interface vlan 20
mtu 9150
vrf member TENANT1
ip address 192.168.200.254/24 tag 56363
fabric forwarding mode anycast-gateway
ip pim sparse-mode
no shut
exit
VERIFKASI:
sh run interface vlan 10
------------------------------
int vlan 500
vrf member TENANT1
ip forward
no shut
VERIFKASI:
sh ip int br vrf TENANT1
sh spanning-tree vlan 10
----------------------------
interface nve 1
member vni 50000 associate-vrf
VERIFIKASI:
sh nve vni
------------------------------
Konfig Route-MAP Permit
route-map SUBNETs permit 10
match tag 56363
exit
router bgp 65000
vrf TENANT1
address-familiy ipv4 unicast
redistribute direct route-map SUBNETs
VERIFIKASI:
sh run bgp
sh bgp l2vpn evpn
-----------------
sw1:
sh ip route 192.168.100.10 vrf TENANT1
sh ip route 192.168.200.10 vrf TENANT1
VERIFIKASI DARI PC (SEGMENT BERBEDA)
Posting Komentar untuk "VXLAN"