Distributed symmetric gateway

spine configuration

bgp evpn configuration

router bgp 7677
 bgp router-id 192.168.59.130
 bgp bestpath as-path multipath-relax
 neighbor fabric peer-group
 neighbor fabric remote-as external
 neighbor 192.168.59.128 peer-group fabric
 neighbor 192.168.59.129 peer-group fabric
 !
 address-family l2vpn evpn
  neighbor fabric activate
 exit-address-family
!

leaf1 and host1 configuration

Interface configuration

#Configure under root 
#!/bin/bash

#enable forward
sysctl -w net.ipv4.ip_forward=1  
sysctl -p

#add host1
ip netns add host1
ip link add veth1 type veth peer name eth0 netns host1
ip netns exec host1 ip link set lo up
ip netns exec host1 ip link set eth0 up
ip netns exec host1 ip addr add 2.2.2.2/24 dev eth0
ip netns exec host1 ip route add default via 2.2.2.254 dev eth0

ip link add br10 type bridge
ip link add vxlan10 type vxlan id 10 local 192.168.59.128 dstport 4789 nolearning
ip link set br10 up
ip link set veth1 up
ip link set vxlan10 up
ip link set veth1 master br10
ip link set vxlan10 master br10
ip link set dev br10 address 00:00:01:02:03:10
ip addr add 2.2.2.254/24 dev br10

#add l3 vni
ip link add br100 type bridge
ip link add vxlan100 type vxlan id 100 local 192.168.59.128 dstport 4789 nolearning
ip link set br100 up
ip link set vxlan100 up
ip link set vxlan100 master br100  
ip link set dev br100 address 00:00:01:02:03:04

# add vrf
ip link add evpn-vrf type vrf table 100
ip link set evpn-vrf up
ip link set br100 master evpn-vrf  
ip link set br10 master evpn-vrf 

bgp evpn configuration

vrf evpn-vrf
 vni 100
 exit-vrf
!
router bgp 7675
 bgp router-id 192.168.59.128
 bgp bestpath as-path multipath-relax
 neighbor fabric peer-group
 neighbor fabric remote-as external
 neighbor 192.168.59.130 peer-group fabric
 !
 address-family l2vpn evpn
  neighbor fabric activate
  advertise-all-vni
 exit-address-family
!
router bgp 7675 vrf evpn-vrf
 !
 address-family l2vpn evpn
  advertise ipv4 unicast
 exit-address-family
!
line vty
!
end

Note:

vrf evpn-vrf
 vni 100
 exit-vrf

This instruction indicates that an l3vni is specified

router bgp 7675 vrf evpn-vrf
 !
 address-family l2vpn evpn
  advertise ipv4 unicast
 exit-address-family
!

This instruction, advertisement IPv4 unicast, indicates that RT-5 route is declared.

leaf2 and host2 configurations

Interface configuration

#Configure under root
#!/bin/bash

#enable forward
sysctl -w net.ipv4.ip_forward=1  
sysctl -p

#add host2
ip netns add host2
ip link add veth2 type veth peer name eth0 netns host2
ip netns exec host2 ip link set lo up
ip netns exec host2 ip link set eth0 up
ip netns exec host2 ip addr add 1.1.1.1/24 dev eth0
ip netns exec host2 ip route add default via 1.1.1.254 dev eth0 

#add br20
ip link add br20 type bridge
ip link set br20 up
ip link set veth2 up
ip link set veth2 master br20
ip addr add 1.1.1.254/24 dev br20

#add host3
ip netns add host3
ip link add veth3 type veth peer name eth0 netns host3
ip netns exec host3 ip link set lo up
ip netns exec host3 ip link set eth0 up
ip netns exec host3 ip addr add 2.2.2.3/24 dev eth0
ip netns exec host3 ip route add default via 2.2.2.254 dev eth0

ip link add br30 type bridge
ip link add vxlan10 type vxlan id 10 local 192.168.59.129 dstport 4789 nolearning
ip link set vxlan10 up
ip link set vxlan10 master br30
ip link set br30 up
ip link set veth3 up
ip link set veth3 master br30
ip addr add 2.2.2.254/24 dev br30
ip link set dev br30 address 00:00:01:02:03:10

#add l3vni
ip link add br100 type bridge
ip link add vxlan100 type vxlan id 100 local 192.168.59.129 dstport 4789 nolearning
ip link set br100 up
ip link set vxlan100 up
ip link set vxlan100 master br100  
ip link set dev br100 address 00:00:01:02:03:05 

#add vrf
ip link add evpn-vrf type vrf table 100
ip link set evpn-vrf up
ip link set br100 master evpn-vrf  
ip link set br20 master evpn-vrf 
ip link set br30 master evpn-vrf 

bgp evpn configuration

vrf evpn-vrf
 vni 100
 exit-vrf
!
router bgp 7676
 bgp router-id 192.168.59.129
 bgp bestpath as-path multipath-relax
 neighbor fabric peer-group
 neighbor fabric remote-as external
 neighbor 192.168.59.130 peer-group fabric
 !
 address-family l2vpn evpn
  neighbor fabric activate
  advertise-all-vni
 exit-address-family
!
router bgp 7676 vrf evpn-vrf
 !
 address-family l2vpn evpn
  advertise ipv4 unicast
 exit-address-family
!
line vty
!
end

View bgp information

On host3, pinghost1:

root@3cfbe6f4301d:/# ip netns exec host3 ping 2.2.2.2 -c 1
PING 2.2.2.2 (2.2.2.2): 56 data bytes
64 bytes from 2.2.2.2: icmp_seq=0 ttl=64 time=0.095 ms
--- 2.2.2.2 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.095/0.095/0.095/0.000 ms
root@3cfbe6f4301d:/# 

leaf1

• View route information

70cf8caaa686# show ip bgp l2vpn evpn 
BGP table version is 30, local router ID is 192.168.59.128
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: ip 192.168.59.128:3

*> [2]:[0]:[48]:[06:20:e4:53:a6:8a]
                    192.168.59.128                     32768 i
*> [2]:[0]:[48]:[06:20:e4:53:a6:8a]:[32]:[2.2.2.2]
                    192.168.59.128                     32768 i
*> [3]:[0]:[32]:[192.168.59.128]
                    192.168.59.128                     32768 i
Route Distinguisher: ip 192.168.59.129:3

*> [2]:[0]:[48]:[4e:3b:63:e3:19:5e]
                    192.168.59.129                         0 7677 7676 i
*> [2]:[0]:[48]:[4e:3b:63:e3:19:5e]:[32]:[2.2.2.3]
                    192.168.59.129                         0 7677 7676 i
*> [3]:[0]:[32]:[192.168.59.129]
                    192.168.59.129                         0 7677 7676 i

Displayed 6 out of 6 total prefixes
70cf8caaa686# 

• View kernel routing information

70cf8caaa686# show ip route vrf evpn-vrf
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route


VRF evpn-vrf:
C>* 2.2.2.0/24 is directly connected, br10, 02:35:07
B>* 2.2.2.3/32 [20/0] via 192.168.59.129, br100 onlink, 00:12:45
70cf8caaa686# 

leaf2

• View route information

3cfbe6f4301d# show ip bgp l2vpn evpn 
BGP table version is 40, local router ID is 192.168.59.129
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: ip 192.168.59.128:3

*> [2]:[0]:[48]:[06:20:e4:53:a6:8a]
                    192.168.59.128                         0 7677 7675 i
*> [2]:[0]:[48]:[06:20:e4:53:a6:8a]:[32]:[2.2.2.2]
                    192.168.59.128                         0 7677 7675 i
*> [3]:[0]:[32]:[192.168.59.128]
                    192.168.59.128                         0 7677 7675 i
Route Distinguisher: ip 192.168.59.129:3

*> [2]:[0]:[48]:[4e:3b:63:e3:19:5e]
                    192.168.59.129                     32768 i
*> [2]:[0]:[48]:[4e:3b:63:e3:19:5e]:[32]:[2.2.2.3]
                    192.168.59.129                     32768 i
*> [3]:[0]:[32]:[192.168.59.129]
                    192.168.59.129                     32768 i

Displayed 6 out of 6 total prefixes
3cfbe6f4301d# 

• View kernel routing information

3cfbe6f4301d# show ip route vrf evpn-vrf
Codes: K - kernel route, C - connected, S - static, R - RIP,
       O - OSPF, I - IS-IS, B - BGP, E - EIGRP, N - NHRP,
       T - Table, v - VNC, V - VNC-Direct, A - Babel, D - SHARP,
       F - PBR, f - OpenFabric,
       > - selected route, * - FIB route, q - queued route, r - rejected route


VRF evpn-vrf:
C>* 1.1.1.0/24 is directly connected, br20, 01:50:19
C>* 2.2.2.0/24 is directly connected, br30, 01:50:19
B>* 2.2.2.2/32 [20/0] via 192.168.59.128, br100 onlink, 00:14:22
3cfbe6f4301d# 

As can be seen from the above, BGP evpn installs an exact host route for host1.

Capture analysis

In symmetric mode, the type-2 route will carry two vnis. When the neighbor receives the route, the fdb table entry will be installed in the routing table where vni is, and the exact routing table entry will be installed. Note the above router mac extended community attribute, which is a routing mac. When installing the exact routing, a neighbor table entry will be installed for the nexthop. The mac address is the mac.

Segment routing

At present, host2 cannot ping host1, because there is no 1.1.1.0/24 route in the vtep where host1 is located. At this time, the vtep where host2 is located needs to publish the network segment route.

Use the network command to publish:

router bgp 7676 vrf evpn-vrf
 !
 address-family ipv4 unicast
  network 1.1.1.0/24
 exit-address-family
 !

It is worth noting that the address family context is ipv4, not evpn. This is not very understandable.

You can also use the redistribute connected command to publish all the direct network segment routes.

leaf01

• View evpn routing information

70cf8caaa686# show ip bgp l2vpn evpn 
BGP table version is 7, local router ID is 192.168.59.128
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: ip 2.2.2.254:2

*> [5]:[0]:[24]:[1.1.1.0]
                    192.168.59.129                         0 7677 7676 i
Route Distinguisher: ip 192.168.59.128:3

*> [2]:[0]:[48]:[06:20:e4:53:a6:8a]
                    192.168.59.128                     32768 i
*> [2]:[0]:[48]:[06:20:e4:53:a6:8a]:[32]:[2.2.2.2]
                    192.168.59.128                     32768 i
*> [3]:[0]:[32]:[192.168.59.128]
                    192.168.59.128                     32768 i
Route Distinguisher: ip 192.168.59.129:3

*> [2]:[0]:[48]:[4e:3b:63:e3:19:5e]
                    192.168.59.129                         0 7677 7676 i
*> [2]:[0]:[48]:[4e:3b:63:e3:19:5e]:[32]:[2.2.2.3]
                    192.168.59.129                         0 7677 7676 i
*> [3]:[0]:[32]:[192.168.59.129]
                    192.168.59.129                         0 7677 7676 i

Displayed 7 out of 7 total prefixes
70cf8caaa686# 

You can see that there is an extra route of type-5.

• host1 ping 1.1.1.1

root@70cf8caaa686:/# ip netns exec host1 ping 1.1.1.1 -c 1
PING 1.1.1.1 (1.1.1.1): 56 data bytes
64 bytes from 1.1.1.1: icmp_seq=0 ttl=62 time=0.133 ms
--- 1.1.1.1 ping statistics ---
1 packets transmitted, 1 packets received, 0% packet loss
round-trip min/avg/max/stddev = 0.133/0.133/0.133/0.000 ms
root@70cf8caaa686:/# 

Capture analysis

The above message is a type-5 prefix routing message, and the corresponding network segment routing model of this message is interface less. In this route, the router MAC extension community is carried. The value is the MAC address of br100 on the vtep where host2 is located. When host 1's vtep encapsulates the message, the inner destination MAC will use the Mac.

summary

In the distributed symmetric model, when routing across network segments, whether the hit route is precise route or network segment route, whether there is a destination network segment vni or not, l3 vni is used for packet encapsulation, fdb forwarding is used for the same network segment, and vni is the vni of the network segment.