5 基于BGP EVPN实现Cisco VxLAN控制层面之MA
2020-04-27 本文已影响0人
小岳_
一、说明
- 本篇主要描述BGP EVPN VxLAN同VNI内互通的控制层面操作,其中也包含了数据层面的转发过程;
- 本篇网络拓扑和配置信息全部基于上一篇“4 基于BGP EVPN实现Cisco VxLAN实验 & 分布式任播网关”。
二、拓扑
image.png
三、同VNI内控制层面操作(MAC地址学习过程)
- 以拓扑中的PC1和PC2同网段互通为例;
- 介绍如何通过VxLAN架构实现VNI内部同子网互通(L2 VNI),主要描述本端VTEP交换机如何从接口收到的以太网帧中学习其直连的主机的MAC地址,并将该信息装载到MAC地址表以及特定VNI的二层路由信息库(L2RIB,也称 MAC VRF)中;
- 此外,本章还说明如何使用BGP EVPN Route Type 2(Mac Advertisement Route)更新VTEP交换机之间的MAC信息。
3.1 本端VTEP MAC地址表更新
- 当主机PC1开机后,PC1通过发送免费ARP(GARP)报文向子网表示其存在并会验证其IP地址的唯一性,VTEP交换机Leaf-1从接口E1/3接收到GARP消息,并将PC1的MAC地址信息存储到MAC地址表中;
image.png
- 上图显示了PC1开机后,发出的免费ARP报文,其中主要包含PC1的MAC地址(0050.7966.6806)和IP地址(172.16.2.1);
Leaf-1# show system internal l2fwder mac | i 6806
* 20 0050.7966.6806 dynamic 00:02:32 F F Eth1/3
- 上方命令行输出显示了本端VTEP交换机Leaf-1的MAC地址表,MAC地址(0050.7966.6806)位于端口E1/3下,并且属于VLAN 20。请注意,默认的MAC地址条目老化时间为1800秒。
3.2 本端VTEP L2RIB更新
- PC1的MAC地址信息由Nexus交换机的2层转发组件(L2FWDER)装载到VNI 10020(也称EVPN实例或MAC VRF)特定的2层路由信息库(L2RIB)中,下方命令为查看VLAN 20/VNI 10020对应的L2RIB(MAC VRF);
Leaf-1# show l2route evpn mac evi 20
Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link
(Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending
(S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override
(Pf):Permanently-Frozen
Topology Mac Address Prod Flags Seq No Next-Hops
----------- -------------- ------ ------------- ---------- ----------------
20 0050.7966.6806 Local L, 0 Eth1/3
Leaf-1# show vlan id 20 vn-segment
VLAN Segment-id
---- -----------
20 10020
-
由上方命令行输出可看出,L2RIB包含MAC地址、下一跳和有关学习方式的信息,Topology ID描述了PC1的MAC地址0050.7966.6806所属的VLAN,上方第二条命令输出还可以看出VLAN ID与VNI ID的对应关系;
-
下方命令行输出说明了Leaf-1的L2FWDER组件如何关注到从接口E1/3(Interface Index:0x1a000400)感知到PC1的MAC地址的过程,Leaf-1从E1/3口(此接口属于VLAN 20)接收到数据帧,L2FWDER组件基于VLAN ID 20了解到PC1的MAC地址信息属于VNI 10020;
Leaf-1# show system internal l2fwder event-history events | i 6806
[117] [28237]: l2fwder_dbg_ev, 690 l2fwder_vxlan_mac_update, 886MAC move 005
0.7966.6806 (20) 0x0 -> 0x1a000400
[117] [28237]: l2fwder_dbg_ev, 690 l2fwder_l2rib_add_delete_local_mac_routes
, 154Adding route topo-id: 20, macaddr: 0050.7966.6806, nhifindx: 0x1a000400
[117] [28237]: l2fwder_dbg_ev, 690 l2fwder_l2rib_mac_update, 736MAC move 005
0.7966.6806 (20) 0x0 -> 0x1a000400
[117] [28581]: l2fwder_construct_and_send_macmv_ntf_per_cookie, 5258 mac 005
0.7966.6806 vlan 20 new if_index = 1a000400, old if_index = 0, is_del=0
[117] [28237]: l2fwder_dbg_ev, 690 l2fwder_vxlan_mac_update, 886MAC move 005
0.7966.6806 (20) 0x1a000400 -> 0x0
- 下方命令行输出说明了"Interface Index"与物理端口号的对应关系;
Leaf-1# show interface snmp-ifindex | in Eth1/3
Eth1/3 436208640 (0x1a000400)
- 下方命令行输出说明了Leaf-1关于PC1的L2RIB更新过程;
Leaf-1# sh system internal l2rib event-history mac | i 6806
[07/12/20 08:12:21.814 UTC 3 29746] Rcvd MAC ROUTE msg: (20, 0050.7966.6806), vn
i 0, admin_dist 0, seq 0, soo 0,
[07/12/20 08:12:21.863 UTC 8 29746] (20,0050.7966.6806,3):Is local route. is_mac
_remote_at_the_delete: 0
[07/12/20 08:12:21.863 UTC 9 29746] (20,0050.7966.6806,3):MAC route created with
seq 0, flags L, (),
[07/12/20 08:12:21.864 UTC a 29746] (20,0050.7966.6806,3): soo 0, peerid 0, pc-i
findex 0
[07/12/20 08:12:21.868 UTC b 29746] (20,0050.7966.6806,3):Encoding MAC best rout
e (ADD, client id 5)
[07/12/20 08:12:21.868 UTC c 29746] (20,0050.7966.6806,3):vni:10020 rt_flags:L,
admin_dist:6, seq_num:0 ecmp_label:0 soo:0(--)
[07/12/20 08:12:21.868 UTC d 29746] (20,0050.7966.6806,3):res:Regular esi:(F) pe
erid:0 nve_ifhdl:1224736769 mh_pc_ifidx:0 nh_count:1
[07/12/20 08:12:21.868 UTC e 29746] (20,0050.7966.6806,3):NH[0]:Eth1/3
- 为什么在VTEP交换机中每个VLAN/VNI有两个几乎相似的L2数据库(MAC地址表和L2RIB)? 因为仅当MAC信息首先装载到RIB中时,然后才可以将MAC路由发送到BGP进程,反之亦然。
3.3 本端VTEP BGP MAC路由导出
- VTEP交换机Leaf-1将PC1的MAC路由从L2RIB导出到BGP Local-RIB,并通过BGP的"Output Policy Engine"将MAC路由装载到Adj-RIB-Out。Leaf-1的BGP进程根据BGP对等体类型(iBGP/eBGP/RR-Client)附加Path属性,并将BGP EVPN Route Type 2更新发送到Spine-1和Spine-2(Route-Reflector)。Spine将BGP更新消息转发到其RR客户端Leaf-2和Leaf-3。BGP更新中携带的BGP Path属性"MP_REACH_NLRI"中包含NLRI信息,其中地址信息主要包括MAC地址,还包RD,RD是VNI 10020中所有MAC路由使用的前缀;
- RD可以看作是一种MAC VRF标识符。由于Spine不了解VLAN/VNI,所以Spine使用RD来区分可能在不同VNI/VLAN中使用的重叠MAC地址。从Spine的角度来看,主机PC1的Layer 2地址为3.3.3.3:32787:0050.7966.6806;
- MAC路由的RD由“发送方BGP路由器ID:基础值32767+VLAN ID”组成,所以Leaf-1中VLAN 20 MAC地址的RD是3.3.3.3:32787;
- NLRI中还有MPLS标签堆栈1字段,其中包括L2VNI标识符。VLAN 20映射到VNI 10020(=MPLS标签堆栈1:10020)。VNI ID被封装在VxLAN数据层面的包头中;
- BGP更新消息还包括两个BGP扩展Community属性,第一个是RT(BGP AS:VNI),由VTEP交换机用于执行MAC路由导出/导入策略。 第二个是封装类型,定义了数据平面中使用的封装(类型8=VxLAN);
- 下方命令行输出显示了Leaf-1的BGP进程如何接收从L2RIB导出的MAC路由,Leaf-1将MAC路由信息装载到BGP Local-RIB中,其中包含与BGP EVPN Route Type 2通告(L2VNI标识符、路由目标和封装类型)相关的必需信息。地址末尾的位数为112,即RD(64bit)+MAC地址(48bit)=112bit。
show bgp internal event-history events | i 6806
2020 Jul 13 18:29:01.686511: (default) BRIB: [L2VPN EVPN] Installing prefix 3.3.3.3:32787:[2]:[0]:[0
]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 (local) via 3.3.3.3 label 10020 (0x0/0x0) into BRIB with e
xtcomm Extcommunity: RT:65234:10020 ENCAP:8
2020 Jul 13 18:29:01.686151: EVT: Received from L2RIB MAC route: Add ESI 0000.0000.0000.0000.0000 to
po 10020 mac 0050.7966.6806 flags 0x000002 soo 0 seq 0 reorig: 0
- 下方显示了有关PC1 NLRI的BGP Adj-RIB-Out条目([2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216)的具体信息。其中L2VNI信息显示在“Received label”字段中,还有两个BGP扩展Communit属性:RT:65234:10020 和 ENCAP:8。RT用于MAC路由的导出/导入策略,ENCAP用于定义封装类型为VxLAN;
Leaf-1# show bgp l2vpn evpn 0050.7966.6806
BGP routing table information for VRF default, address family L2VPN EVPN
Route Distinguisher: 3.3.3.3:32787 (L2VNI 10020)
BGP routing table entry for [2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216, version 8770
Paths: (1 available, best #1)
Flags: (0x000102) (high32 00000000) on xmit-list, is not in l2rib/evpn
Advertised path-id 1
Path type: local, path is valid, is best path
AS-Path: NONE, path locally originated
3.3.3.3 (metric 0) from 0.0.0.0 (3.3.3.3)
Origin IGP, MED not set, localpref 100, weight 32768
Received label 10020
Extcommunity: RT:65234:10020 ENCAP:8
Path-id 1 advertised to peers:
1.1.1.1 2.2.2.2
注:此处省略了MAC-IP条目信息。
- BGP条目中的地址信息说明可参考下表;
| MAC路由信息 | 说明 | 备注 |
|---|---|---|
| RD | 3.3.3.3:32787 | / |
| 2 | BGP EVPN Route Type 2 | / |
| 0 | Ethernet Segment Identifier(ESI),全部为0=单宿主站点 | / |
| 0 | Ethernet Tag ID,EVPN路由必须为0 | / |
| 48 | MAC地址长度 | / |
| 0050.7966.6806 | PC1的MAC地址 | / |
| 0 | IP地址长度 | / |
| 0.0.0.0 | 携带的IP地址 | / |
| /216 | MAC VRF NLRI长度(单位:bit):RD(64bit)+MAC地址(48bit)+ L2VNI ID(24bit)+ ESI(80bit)=216bit | / |
- 下图显示了Leaf-1发送的BGP EVPN更新消息。请注意,仅在抓包的十六进制部分中才能看到下一跳地址和MPLS标签栈(L2VNI ID);
Next Hop: HEX 03 03 03 03 = DEC 3.3.3.3
MPLS Label Stack 1: HEX 00 27 24 = 10020(L2VNI ID)
image.png
3.4 远端VTEP BGP AFI L2EVPN MAC路由导入
- 远端VTEP交换机Leaf-2接收MAC路由更新通告后,会将其装载到BGP Adj-RIB-In数据库中。再根据EVPN导入策略(导入RT 65234:10020)和BGP最佳路径选择结果,将路由导入BGP Local-RIB;
- 在此导入过程中,RD值将从接收到的RD更改为本地RD。举例:Leaf-1中的子网172.16.2.0/24属于VLAN 10,而在Leaf-2中,同一子网172.16.2.0/24属于VLAN 20。这意味着Leaf-1生成的L2VNI 10010的原始RD为3.3.3.3:32777,当Leaf-2将路由从Adj-RIB-In移到Local-RIB作为L2VNI特定路由时,Leaf-2会更改RD为4.4.4.4:32787,在Leaf-2上可以用命令“show bgp l2vpn evpn 0050.7966.6806”验证更改前后的RD;
- 本环境中所有VTEP交换机上的相同子网所对应的VLAN ID一致,所以Leaf-2只会修改RD中的前半部分,即将RD由3.3.3.3:32787更改为4.4.4.4:32787;
- 下方命令行输出显示了BGP导入过程,Leaf-2收到BGP EVPN更新后,它将MAC路由导入BGP Adj-RIB-In,下一步将携带着各自属性的路由装载到Local-RIB中,最后再将MAC路由从BGP Local-RIB发送至L2RIB。
sh bgp internal event-history events | i 6806
2020 Jul 13 12:07:44.519030: (default) RIB: [L2VPN EVPN]: Send to L2RIB 4.4.4.4:32787:[2]:[0]:[0]:[4
8]:[0050.7966.6806]:[0]:[0.0.0.0]/112
2020 Jul 13 12:07:44.518665: (default) RIB: [L2VPN EVPN] For 4.4.4.4:32787:[2]:[0]:[0]:[48]:[0050.79
66.6806]:[0]:[0.0.0.0]/112, added 1 next hops, suppress 0
2020 Jul 13 12:07:44.518644: (default) RIB: [L2VPN EVPN] Adding 4.4.4.4:32787:[2]:[0]:[0]:[48]:[0050
.7966.6806]:[0]:[0.0.0.0]/112 via 3.3.3.3 to NH list (flags2: 0x0)
2020 Jul 13 12:07:44.518614: (default) RIB: [L2VPN EVPN] Add/delete 4.4.4.4:32787:[2]:[0]:[0]:[48]:[
0050.7966.6806]:[0]:[0.0.0.0]/112, flags=0x200, in_rib: no
2020 Jul 13 12:07:44.518323: (default) IMP: [L2VPN EVPN] Importing prefix 3.3.3.3:32787:[2]:[0]:[0]:
[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 to <default> RD 4.4.4.4:32787
2020 Jul 13 12:07:44.518256: (default) IMP: [L2VPN EVPN] Import of 3.3.3.3:32787:[2]:[0]:[0]:[48]:[0
050.7966.6806]:[0]:[0.0.0.0]/112 (EVI: 0) to RD 4.4.4.4:65534 (0) inhibited, no Type2 for EAD-ES imp
ort
2020 Jul 13 12:07:44.517257: (default) RIB: [L2VPN EVPN] Add/delete 3.3.3.3:32787:[2]:[0]:[0]:[48]:[
0050.7966.6806]:[0]:[0.0.0.0]/112, flags=0x200, evi_ctx invalid, in_rib: no
2020 Jul 13 12:07:44.512130: (default) BRIB: [L2VPN EVPN] (3.3.3.3:32787:[2]:[0]:[0]:[48]:[0050.7966
.6806]:[0]:[0.0.0.0]/112 (1.1.1.1)): returning from bgp_brib_add, reeval=0new_path: 0, change: 0, un
delete: 1, history: 0, force: 0, (pflags=0x40002010) rnh_flag_change 0
2020 Jul 13 12:07:44.511184: (default) BRIB: [L2VPN EVPN] (3.3.3.3:32787:[2]:[0]:[0]:[48]:[0050.7966
.6806]:[0]:[0.0.0.0]/112 (1.1.1.1)): bgp_brib_add: handling nexthop, path->flags2: 0x84000
2020 Jul 13 12:07:44.511159: (default) BRIB: [L2VPN EVPN] Path to 3.3.3.3:32787:[2]:[0]:[0]:[48]:[00
50.7966.6806]:[0]:[0.0.0.0]/112 via 1.1.1.1 was deleted, recover it (pflags=0x40000010)
2020 Jul 13 12:07:44.511125: (default) BRIB: [L2VPN EVPN] Installing prefix 3.3.3.3:32787:[2]:[0]:[0
]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 (1.1.1.1) via 3.3.3.3 label 10020 (0x0/0x0) into BRIB with
extcomm Extcommunity: RT:65234:10020 ENCAP:8
3.5 远端VTEP上的MAC VRF
- MAC路由信息从Local-RIB安装到VNI 10020的L2RIB中(基于MPLS标签栈1字段中携带的L2VNI ID)。路由信息的来源是BGP。端口信息指向VTEP交换机Leaf-1的远端NVE 1接口IP地址。如上方的命令行输出所示,MAC路由信息从BGP Local-RIB发送到L2RIB;
- 下方命令行输出显示了二层转发组件L2FWDER的操作;
Leaf-2# show system internal l2fwder event-history events | i 6806
[117] [29724]: l2fwder_dbg_ev, 690 l2fwder_l2rib_add_remote_entry, 299Add remote mac entry mac: 0050.7966.6806 vni:
20 sw_bd 20 vtep ip: 3.3.3.3
[117] [29724]: l2fwder_dbg_ev, 690 l2fwder_l2rib_msg_cb, 453MAC address: 0050.7966.6806
- 下方命令行输出显示了MAC路由的装载过程;
Leaf-2# sh system internal l2rib event-history mac | i 6806
[07/12/20 08:12:24.135 UTC 3 29681] Rcvd MAC ROUTE msg: (20, 0050.7966.6806), vni 0, admin_dist 0, seq 0, soo 0,
[07/12/20 08:12:24.191 UTC 8 29681] (20,0050.7966.6806,5):Setting Recv flag
[07/12/20 08:12:24.191 UTC 9 29681] (20,0050.7966.6806,5):MAC route created with seq 0, flags (Rcv),
[07/12/20 08:12:24.191 UTC a 29681] (20,0050.7966.6806,5): soo 0, peerid 0, pc-ifindex 0
[07/12/20 08:12:24.191 UTC b 29681] (20,0050.7966.6806,5):Splitting a MAC/IP route, flags
[07/12/20 08:12:24.191 UTC c 29681] (20,0050.7966.6806):Mobility check for new rte from prod: 5
[07/12/20 08:12:24.192 UTC d 29681] (20,0050.7966.6806):Current non-del-pending route local:no, remote:yes, linked mac-i
p count:0
[07/12/20 08:12:24.192 UTC e 29681] (20,0050.7966.6806):Mobility type: remote-to-remote:
[07/12/20 08:12:24.192 UTC f 29681] (20,0050.7966.6806): New route ESI: (F), SOO: 0, Seq num: 0Existing route ESI: (F),
SOO: 0, Seq num: 0 , rt_type: 1
[07/12/20 08:12:24.192 UTC 10 29681] (20,0050.7966.6806,5):Setting Split flag
[07/12/20 08:12:24.192 UTC 11 29681] (20,0050.7966.6806,5):MAC route modified (rc=0) with seq num:0, flags: (SplRcv), so
o:0, peerid:0, MH<truncated>
[07/12/20 08:12:24.193 UTC 12 29681] (20,0050.7966.6806):Bound MAC-IP(172.16.2.1) to MAC, Total MAC-IP linked: 1
[07/12/20 08:12:24.382 UTC 13 29681] (20,0050.7966.6806,5):Encoding MAC route (ADD, client id 0)
[07/12/20 08:12:24.382 UTC 14 29681] (20,0050.7966.6806,5):vni:10020 rt_flags: admin_dist:20, seq_num:0 ecmp_label:0 soo
:0(--)
[07/12/20 08:12:24.382 UTC 15 29681] (20,0050.7966.6806,5):res:Regular esi:(F) peerid:1 nve_ifhdl:1224736769 mh_pc_ifidx
:0 nh_count:1
[07/12/20 08:12:24.382 UTC 16 29681] (20,0050.7966.6806,5):NH[0]:3.3.3.3
- 下方命令行输出显示了L2VNI 10020 L2RIB中MAC VRF中的内容,下一跳为Leaf-1的NVE 1接口IP地址、来源为BGP、VLAN ID为20,VLAN ID 20对应VNI ID 10020;
Leaf-2# show l2route evpn mac evi 20
Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link
(Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending
(S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override
(Pf):Permanently-Frozen
Topology Mac Address Prod Flags Seq No Next-Hops
----------- -------------- ------ ------------- ---------- ----------------
20 0050.7966.6806 BGP SplRcv 0 3.3.3.3
- 下方命令行输出验证了VLAN ID到VNI ID的映射;
Leaf-2# sh vlan id 20 vn-segment
VLAN Segment-id
---- -----------
20 10020
3.6 远端VTEP上的MAC地址表
- 作为最后一步,远端VTEP Leaf-2的二层转发组件L2FWDER将来自L2RIB的MAC可达性信息装载到MAC地址表中,Next-Hop指向Leaf-1的NVE 1接口;
- 至此Leaf-1和Leaf-2都在其数据库中存在主机PC1 MAC地址的最新可达性信息,并且它们能够将帧发送到PC1;
- 下方命令行输出显示了VTEP交换机Leaf-2(nve-peer1)更新后的MAC地址表;
Leaf-2# show system internal l2fwder mac
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 20 0050.7966.6806 static - F F (0x47000001) nve-peer1 3.3.3.3
- PC2的MAC地址学习、MAC路由通告方式同理。
四、同VNI内数据层面操作
- 本章说明L2VNI数据平面的操作。参考拓扑,其中主机PC1(172.16.2.1/24)和PC2(172.16.2.2/24)连接到同一L2广播域,VTEP交换机Leaf-1和Leaf-2中的VLAN 20都映射到L2 VNI 10020,通过从PC1 ping PC2来解释数据平面的操作。
4.1 ARP请求
-
PC1开始ping PC2,PC1的ARP表中尚未包含主机PC2的MAC地址信息。PC1尝试通过生成并发送一个ARP L2广播请求来解析IP地址172.16.2.2所使用的MAC地址,请参考下图;
image.png
-
VTEP交换机Leaf-1从端口E1/3接收帧,E1/3口属于VLAN 20,基于VLAN到VNI的映射信息,Leaf-1使用VxLAN包头封装了广播帧,VxLAN包头中L2VNI为10020;
-
Leaf-1添加了带有固定目标端口4789和通过散列计算出源端口的UDP包头。请注意,在基于5元组(目标IP/源IP、第4层协议、目标端口/源端口)的相同开销链路之间进行ECMP负载平衡时,UDP源端口是唯一可更改的变量;
-
外层源IP地址为3.3.3.3。外层目标IP地址是组播组地址239.0.0.2,此组播地址用于L2VNI 10020的L2 BUM流量通信;
-
外层目的MAC地址是从组播组地址派生的,外层源MAC地址是Leaf-1的系统MAC;
-
Leaf-1将封装后的数据包从接口E1/1和E1/2转发到组播组239.0.0.2的RP即Spine-1和Spine-2,请参考下图:
image.png
-
此外,Leaf-1还为主机PC1的NLRI生成BGP EVPN更新并将其发送至Spine-1和Spine-2;
-
Spine-1和Spine-2根据外部IP包头的IP地址做出路由决策,由于目标IP地址是组播组地址,因此Spine-1和Spine-2会基于组播RIB路由该数据包,其中两个Spine上组播的Outgoing Interface List(OIL)为E1/1、E1/2、E1/3;
-
Spine-1和Spine-2还将从Leaf-1接收到的BGP Update消息转发到Leaf-2和Leaf-3;
-
VTEP交换机Leaf-2接收PC1发送的ARP请求后,Leaf-2删除了用于VxLAN隧道的包头(外部以太网包头+IP包头+UDP包头+VxLAN包头)。根据VNI到VLAN的映射数据库,Leaf-2将接收到的广播以太网帧从属于VLAN 20的接口中转发出去,即Leaf-2将数据帧从接口E1/3转发到PC2;
-
Leaf-2不会从Leaf-1发送的封装帧中学习MAC地址,Leaf-2取而代之的是从BGP Update消息中学习MAC地址;
4.2ARP回复
- 主机PC2收到ARP请求后,它感知到ARP请求中的MAC是自身。PC2将使用自己的MAC地址生成一个ARP应答消息,作为L2单播发送,该信息(目标MAC地址)是从接收到的帧中获悉的;
-
Leaf-2接收到帧,它为原始帧添加VxLAN头、UDP头、外层IP头、外层MAC头。由于Leaf-2通过BGP Update获知了主机PC1的MAC地址,因此它将数据包作为单播发送至Leaf-1(外层源目MAC为Leaf-2和Leaf-1的系统MAC),具体请参考下图;
image.png
-
Leaf-1接收到VxLAN报文后,删除VxLAN封装(删除VxLAN头、UDP头、外层IP头、外层MAC头),并将ARP回复消息转发给主机PC1,具体请参考下图;
image.png
4.3 IMCP请求
-
通过上方的ARP过程,PC1获得PC2的MAC地址,接着PC1向PC2发送ICMP请求,它发送带有目标IP地址为172.16.2.2的ICMP请求消息。
-
以太网帧中的目标MAC地址是先前获得的PC2的MAC地址0050.7966.6807;
-
VTEP交换机Leaf-1从E1/3(属于VLAN 20)接收到帧,Leaf-1注意到该帧属于L2VNI 10020,Leaf-1根据从MAC地址表中找到的信息转发帧,与PC2的MAC地址相关的MAC地址条目信息来自L2RIB,而L2RIB又从BGP收到。Leaf-1为帧添加VxLAN头、UDP头、外层IP头、外层MAC头后通过Spine-1和Spine-2(负载分担)将其转发到Leaf-2,请参考下图;
image.png
-
Leaf-2接收到数据包,它删除了外部以太网头+外部IP头+UDP头+VxLAN头,并将原始帧转发至属于VLAN 20的接口(E1/3),这时PC2接收到来自PC1的ICMP请求报文吗,请参考下图;
image.png
4.4 IMCP回复
- 当PC2收到ICMP请求时,它会通过向PC1发送"ICMP-Reply"消息来进行回复。帧处理过程与ARP回复过程相同,此处不在赘述;
-
ICMP回复报文请参考下图;
image.png
image.png
4.5 PC1 ping PC2
PC1> ping 172.16.2.2
84 bytes from 172.16.2.2 icmp_seq=1 ttl=64 time=85.358 ms
84 bytes from 172.16.2.2 icmp_seq=2 ttl=64 time=48.136 ms
84 bytes from 172.16.2.2 icmp_seq=3 ttl=64 time=54.086 ms
84 bytes from 172.16.2.2 icmp_seq=4 ttl=64 time=74.515 ms
84 bytes from 172.16.2.2 icmp_seq=5 ttl=64 time=62.960 ms
五、小结
- 本篇描述了本地VTEP交换机如何学习其直连主机的MAC地址,以及如何将此MAC地址信息发布到远端VTEP交换机;
- 本篇还描述了连接到同一L2 VNI中不同VTEP交换机下的主机之间互通的数据平面操作;
- MAC路由导出:PC1(GARP) → MAC地址表 → L2FWDER → L2RIB → BGP Local-RIB → Output Policy Engine → Adj-RIB-Out;
- MAC路由导入:Adj-RIB-In → Input Policy Engine → BGP Local-RIB → L2RIB → L2FWDER → MAC地址表(MAC VRF);
- 下篇将描述连接到不同VNI下的主机之间互通的数据平面操作。
六、引用参考
膜拜大佬:Toni Pasanen
https://nwktimes.blogspot.com/2018/05/vxlan-part-vii-vxlan-bgp-evpn-control.html
