Startseite Juniper - "Centrally-Routed Bridging Overlay" - Part 1 - Underlay
Eintrag
Abbrechen

Juniper - "Centrally-Routed Bridging Overlay" - Part 1 - Underlay

Veröffentlicht 2020-11-01
Von grumpy
13 Minuten lesen

Um ein Datacenter Netzwerk aufzubauen wird im Regelfall auf Leaf und Spine gesetzt. Je nach Gerät können die Konfigurationen unterschiedlich ausfallen. Im “Centrally-Routed Bridging Overlay” Design von Juniper werden Netze in den Spines geroutet (“zentral”). Alle Leaf-Switches verwenden EVPN zu den Spines um eine Kommunikation der Endsysteme zu ermöglichen. EVPN wird über ein Overlaynetzwerk realisiert, welches bei Juniper auf iBGP setzt. Das Underlaynetzwerk basiert auf eBGP. Im ersten Schritt wird das Underlay konfiguriert. Folgende Topologie wird erstellt:

Netzwerkplan

Underlay einrichten

Bei den Links zwischen den Leafs und Spines handelt es sich um Layer-3 Links. Die Netze haben einen Prefix von /31 um möglichst wenig IPv4 Adressen zu verschwenden. Das Underlaynetz stellt sicher, dass alle Geräte erreichbar sind. Dies ist wichtig, sobald VxLAN verwendet werden soll, da die Tunnelendpunkte unbedingt erreichbar sein müssen.

Konfigurationsdaten

Interfaces

Gerät Interface IP-Adresse /31
Spine01 xe-0/0/0 192.168.10.2
Spine01 xe-0/0/1 192.168.10.6
Spine01 xe-0/0/2 192.168.10.10
Spine01 xe-0/0/3 192.168.10.14
Spine02 xe-0/0/0 192.168.10.4
Spine02 xe-0/0/1 192.168.10.8
Spine02 xe-0/0/2 192.168.10.12
Spine02 xe-0/0/3 192.168.10.16
Leaf01 xe-0/0/0 192.168.10.3
Leaf01 xe-0/0/1 192.168.10.5
Leaf02 xe-0/0/0 192.168.10.7
Leaf02 xe-0/0/1 192.168.10.9
Leaf03 xe-0/0/0 192.168.10.11
Leaf03 xe-0/0/1 192.168.10.13
Leaf04 xe-0/0/0 192.168.10.15
Leaf04 xe-0/0/1 192.168.10.17

ASN Underlay

Gerät ASN Loopback IP /32
Spine01 65101 192.168.0.1
Spine02 65102 192.168.0.2
Leaf01 65201 192.168.1.1
Leaf02 65202 192.168.1.2
Leaf03 65203 192.168.1.3
Leaf04 65204 192.168.1.4

Konfiguration - Interfaces

Im ersten Schritt werden die Interfaces eingerichtet. Auf den Interfaces wird LLDP aktiviert.

Spine01

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

set system host-name Spine01

wildcard range delete interfaces xe-0/0/[0-3] unit 0 family inet dhcp

edit interfaces

set xe-0/0/0 description "Leaf01"
set xe-0/0/0 unit 0 family inet address 192.168.10.2/31
set xe-0/0/1 description "Leaf02"
set xe-0/0/1 unit 0 family inet address 192.168.10.6/31
set xe-0/0/2 description "Leaf03"
set xe-0/0/2 unit 0 family inet address 192.168.10.10/31
set xe-0/0/3 description "Leaf04"
set xe-0/0/3 unit 0 family inet address 192.168.10.14/31

set lo0 unit 0 family inet address 192.168.0.1/32 primary preferred 

top
edit protocols lldp
set interface xe-0/0/0
set interface xe-0/0/1
set interface xe-0/0/2
set interface xe-0/0/3

commit

Spine02

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25

set system host-name Spine02

wildcard range delete interfaces xe-0/0/[0-3] unit 0 family inet dhcp

edit interfaces

set xe-0/0/0 description "Leaf01"
set xe-0/0/0 unit 0 family inet address 192.168.10.4/31
set xe-0/0/1 description "Leaf02"
set xe-0/0/1 unit 0 family inet address 192.168.10.8/31
set xe-0/0/2 description "Leaf03"
set xe-0/0/2 unit 0 family inet address 192.168.10.12/31
set xe-0/0/3 description "Leaf04"
set xe-0/0/3 unit 0 family inet address 192.168.10.16/31

set lo0 unit 0 family inet address 192.168.0.2/32 primary preferred

top
edit protocols lldp
set interface xe-0/0/0
set interface xe-0/0/1
set interface xe-0/0/2
set interface xe-0/0/3

commit

Leaf01

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

set system host-name Leaf01

wildcard range delete xe-0/0/[0-1] unit 0 family inet dhcp

edit interfaces

set xe-0/0/0 description Spine01
set xe-0/0/0 unit 0 family inet address 192.168.10.3/31

set xe-0/0/1 description Spine02
set xe-0/0/1 unit 0 family inet address 192.168.10.5/31

set lo0 unit 0 family inet address 192.168.1.1/32 primary preferred

top
edit protocols lldp
set interface xe-0/0/0
set interface xe-0/0/1

commit

Leaf02

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

set system host-name Leaf02

wildcard range delete xe-0/0/[0-1] unit 0 family inet dhcp

edit interfaces

set xe-0/0/0 description Spine01
set xe-0/0/0 unit 0 family inet address 192.168.10.7/31

set xe-0/0/1 description Spine02
set xe-0/0/1 unit 0 family inet address 192.168.10.9/31

set lo0 unit 0 family inet address 192.168.1.2/32 primary preferred

top
edit protocols lldp
set interface xe-0/0/0
set interface xe-0/0/1

commit

Leaf03

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

set system host-name Leaf03

wildcard range delete xe-0/0/[0-1] unit 0 family inet dhcp

edit interfaces

set xe-0/0/0 description Spine01
set xe-0/0/0 unit 0 family inet address 192.168.10.11/31

set xe-0/0/1 description Spine02
set xe-0/0/1 unit 0 family inet address 192.168.10.13/31

set lo0 unit 0 family inet address 192.168.1.3/32 primary preferred

top
edit protocols lldp
set interface xe-0/0/0
set interface xe-0/0/1

commit

Leaf04

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20

set system host-name Leaf04

wildcard range delete xe-0/0/[0-1] unit 0 family inet dhcp

edit interfaces

set xe-0/0/0 description Spine01
set xe-0/0/0 unit 0 family inet address 192.168.10.15/31

set xe-0/0/1 description Spine02
set xe-0/0/1 unit 0 family inet address 192.168.10.17/31

set lo0 unit 0 family inet address 192.168.1.4/32 primary preferred

top
edit protocols lldp
set interface xe-0/0/0
set interface xe-0/0/1

commit

Mittels ping sollten jetzt alle Systeme erreichbar sein. 

Konfiguration - eBGP

Sobald alle Leafs von beiden Spines per ping erreichbar sind, wird eBPG eingerichtet. Es werden erstmal nur die Loopback Adressen exportiert. Weiterhin wird BFD und Loadbalancing eingerichtet.

Spine01

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

edit protocols bgp group UNDERLAY

set description "Underlay Network"
set type external
set local-as 65101
set hold-time 10
set family inet unicast
set export bgp_loopback_0
set multipath multiple-as
set bfd-liveness-detection minimum-interval 100
set neighbor 192.168.10.3 peer-as 65201
set neighbor 192.168.10.3 authentication-key password
set neighbor 192.168.10.3 description "Leaf01"

set neighbor 192.168.10.7 peer-as 65202
set neighbor 192.168.10.7 authentication-key password
set neighbor 192.168.10.7 description "Leaf02"

set neighbor 192.168.10.11 peer-as 65203
set neighbor 192.168.10.11 authentication-key password
set neighbor 192.168.10.11 description "Leaf03"

set neighbor 192.168.10.15 peer-as 65204
set neighbor 192.168.10.15 authentication-key password
set neighbor 192.168.10.15 description "Leaf04"

top

edit policy-options policy-statement bgp_loopback_0
set term 1 from protocol direct
set term 1 from route-filter 192.168.0.1/32 exact
set term 1 then accept

up

edit policy-statement pfe-ecmp
set then load-balance per-packet

top

set routing-options forwarding-table export pfe-ecmp

commit

Spine02

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43

edit protocols bgp group UNDERLAY
set description "Underlay Network"
set type external
set local-as 65102
set hold-time 10
set family inet unicast
set export bgp_loopback_0
set multipath multiple-as
set bfd-liveness-detection minimum-interval 100

set neighbor 192.168.10.5 peer-as 65201
set neighbor 192.168.10.5 authentication-key password
set neighbor 192.168.10.5 description "Leaf01"

set neighbor 192.168.10.9 peer-as 65202
set neighbor 192.168.10.9 authentication-key password
set neighbor 192.168.10.9 description "Leaf02"

set neighbor 192.168.10.13 peer-as 65203
set neighbor 192.168.10.13 authentication-key password
set neighbor 192.168.10.13 description "Leaf03"

set neighbor 192.168.10.15 peer-as 65204
set neighbor 192.168.10.15 authentication-key password
set neighbor 192.168.10.15 description "Leaf04"

top

edit policy-options policy-statement bgp_loopback_0
set term 1 from protocol direct
set term 1 from route-filter 192.168.0.2/32 exact
set term 1 then accept

up

edit policy-statement pfe-ecmp
set then load-balance per-packet

top

set routing-options forwarding-table export pfe-ecmp

commit

Leaf01

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

edit protocols bgp group UNDERLAY
set description "Underlay Network"
set type external
set local-as 65201
set hold-time 10
set family inet unicast
set export bgp_loopback_0
set multipath multiple-as
set bfd-liveness-detection minimum-interval 100

set neighbor 192.168.10.2 peer-as 65101
set neighbor 192.168.10.2 authentication-key password
set neighbor 192.168.10.2 description "Spine01"

set neighbor 192.168.10.4 peer-as 65102
set neighbor 192.168.10.4 authentication-key password
set neighbor 192.168.10.4 description "Spine02"

top

edit policy-options policy-statement bgp_loopback_0
set term 1 from protocol direct
set term 1 from route-filter 192.168.1.1/32 exact
set term 1 then accept

up

edit policy-statement pfe-ecmp
set then load-balance per-packet _

top

set routing-options forwarding-table export pfe-ecmp

commit

Leaf02

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

edit protocols bgp group UNDERLAY
set description "Underlay Network"
set type external
set local-as 65202
set hold-time 10
set family inet unicast
set export bgp_loopback_0
set multipath multiple-as
set bfd-liveness-detection minimum-interval 100

set neighbor 192.168.10.6 peer-as 65101
set neighbor 192.168.10.6 authentication-key password
set neighbor 192.168.10.6 description "Spine01"

set neighbor 192.168.10.8 peer-as 65102
set neighbor 192.168.10.8 authentication-key password
set neighbor 192.168.10.8 description "Spine02"

top

edit policy-options policy-statement bgp_loopback_0
set term 1 from protocol direct
set term 1 from route-filter 192.168.1.2/32 exact
set term 1 then accept

up

edit policy-statement pfe-ecmp
set then load-balance per-packet _

top

set routing-options forwarding-table export pfe-ecmp

commit

Leaf03

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

edit protocols bgp group UNDERLAY
set description "Underlay Network"
set type external
set local-as 65203
set hold-time 10
set family inet unicast
set export bgp_loopback_0
set multipath multiple-as
set bfd-liveness-detection minimum-interval 100

set neighbor 192.168.10.10 peer-as 65101
set neighbor 192.168.10.10 authentication-key password
set neighbor 192.168.10.10 description "Spine01"

set neighbor 192.168.10.12 peer-as 65102
set neighbor 192.168.10.12 authentication-key password
set neighbor 192.168.10.12 description "Spine02"

top

edit policy-options policy-statement bgp_loopback_0
set term 1 from protocol direct
set term 1 from route-filter 192.168.1.3/32 exact
set term 1 then accept

up

edit policy-statement pfe-ecmp
set then load-balance per-packet _

top

set routing-options forwarding-table export pfe-ecmp

commit

Leaf04

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35

edit protocols bgp group UNDERLAY
set description "Underlay Network"
set type external
set local-as 65204
set hold-time 10
set family inet unicast
set export bgp_loopback_0
set multipath multiple-as
set bfd-liveness-detection minimum-interval 100

set neighbor 192.168.10.14 peer-as 65101
set neighbor 192.168.10.14 authentication-key password
set neighbor 192.168.10.14 description "Spine01"

set neighbor 192.168.10.16 peer-as 65102
set neighbor 192.168.10.16 authentication-key password
set neighbor 192.168.10.16 description "Spine02"

top

edit policy-options policy-statement bgp_loopback_0
set term 1 from protocol direct
set term 1 from route-filter 192.168.1.4/32 exact
set term 1 then accept

up

edit policy-statement pfe-ecmp
set then load-balance per-packet _

top

set routing-options forwarding-table export pfe-ecmp

commit

Show Befehle

Es müssen pro Spine vier Leafs im Routingprozess sichtbar sein:

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15

root@Spine01# run show bgp summary
Threading mode: BGP I/O
Groups: 1 Peers: 4 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
7 7 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.10.3 65201 9 11 0 1139 13 Establ
  inet.0: 2/2/2/0
192.168.10.7 65202 11 11 0 29 13 Establ
  inet.0: 1/1/1/0
192.168.10.11 65203 9 11 0 3 13 Establ
  inet.0: 2/2/2/0
192.168.10.15 65204 9 12 0 7 13 Establ
  inet.0: 2/2/2/0

Auf den Leafs müssen beide Spines sichtbar sein:

1
2
3
4
5
6
7
8
9
10
11

root@Leaf03# run show bgp summary
Threading mode: BGP I/O
Groups: 1 Peers: 2 Down peers: 0
Table Tot Paths Act Paths Suppressed History Damp State Pending
inet.0
10 7 0 0 0 0
Peer AS InPkt OutPkt OutQ Flaps Last Up/Dwn State|#Active/Received/Accepted/Damped...
192.168.10.10 65101 22 14 0 4 16 Establ
  inet.0: 4/5/5/0
192.168.10.12 65102 20 19 0 10 13 Establ
  inet.0: 3/5/5/0

In der Routingtabelle sollte nur die Loopback Adressen auftachen:

1
2
3
4
5
6

root@Leaf03# run show route | match bgp
192.168.0.1/32 *[BGP/170] 00:01:10, localpref 100
192.168.0.2/32 *[BGP/170] 00:00:02, localpref 100
192.168.1.1/32 *[BGP/170] 00:00:08, localpref 100
192.168.1.2/32 *[BGP/170] 00:00:06, localpref 100
192.168.1.4/32 *[BGP/170] 00:00:01, localpref 100

Die BFD-Sessions sollten alle aktiv sein:

Leaf:

1
2
3
4
5
6
7
8

root@Leaf03# run show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
192.168.10.10 Up xe-0/0/0.0 0.300 0.100 3
192.168.10.12 Up xe-0/0/1.0 0.300 0.100 3

2 sessions, 2 clients
Cumulative transmit rate 20.0 pps, cumulative receive rate 20.0 pps

Spine: 

1
2
3
4
5
6
7
8
9
10

root@Spine01# run show bfd session
Detect Transmit
Address State Interface Time Interval Multiplier
192.168.10.3 Up xe-0/0/0.0 0.300 0.100 3
192.168.10.7 Up xe-0/0/1.0 0.300 0.100 3
192.168.10.11 Up xe-0/0/2.0 0.300 0.100 3
192.168.10.15 Up xe-0/0/3.0 0.300 0.100 3

4 sessions, 4 clients
Cumulative transmit rate 40.0 pps, cumulative receive rate 40.0 pps

Die Ausgaben können variieren, sollten jedoch im Großen und Ganzen mit dem Beispiel übereinstimmen. Sollte es zu komplett falschen Ausgaben kommen, muss Troubeshooting betrieben werden.

Konfiguration - Blöcke

Spine01

1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80

root@Spine01# show interfaces xe-0/0/0
description Leaf01;
unit 0 {
family inet {
address 192.168.10.2/31;
 }
}

root@Spine01# show interfaces xe-0/0/1
description Leaf02;
unit 0 {
family inet {
address 192.168.10.6/31;
 }
}

{master:0}[edit]
root@Spine01# show interfaces xe-0/0/2
description Leaf03;
unit 0 {
family inet {
address 192.168.10.10/31;
 }
}


root@Spine01# show protocols bgp
group UNDERLAY {
type external;
description "Underlay Network";
hold-time 10;
family inet {
unicast;
}
export bgp_loopback_0;
local-as 65101;
multipath {
multiple-as;
}
bfd-liveness-detection {
minimum-interval 100;
}
neighbor 192.168.10.3 {
description Leaf01;
authentication-key "$9$9gOrC0IEhrv87SrVYgoji369Cu1"; ## SECRET-DATA
peer-as 65201;
}
neighbor 192.168.10.7 {
description Leaf02;
authentication-key "$9$aHJjqmPQn9p5QBEcyW824aJDk"; ## SECRET-DATA
peer-as 65202;
}
neighbor 192.168.10.11 {
description Leaf03;
authentication-key "$9$9qAjC0IEhrv87SrVYgoji369Cu1"; ## SECRET-DATA
peer-as 65203;
}
neighbor 192.168.10.15 {
description Leaf04;
authentication-key "$9$nnw36tO1IclvLEcNbs2GUQFn6A0"; ## SECRET-DATA
peer-as 65204;
 }
}


root@Spine01# show policy-options
policy-statement bgp_loopback_0 {
term 1 {
from {
protocol direct;
route-filter 192.168.0.1/32 exact;
}
then accept;
 }
}
policy-statement pfe-ecmp {
then {
load-balance per-packet;
 }
}
Netzwerk, Juniper
bgp routing leaf spine evpn datacenter
Inhalt