Pada posting sebelumnya saya telah melakukan semua basic konfigurasi meliputi IGP, MPLS/LDP, dan BGP signaling EVPN. Selanjutnya saya akan melakukan konfigurasi service Layer 2 menggunakan EVPN pada masing-masing PE router.
PE1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 |
root@PE1# show ---<output omitted>---- ge-0/0/3 { flexible-vlan-tagging; encapsulation flexible-ethernet-services; unit 2100 { encapsulation vlan-bridge; vlan-id 2100; } } ---<output omitted>---- routing-instances { EVPN { instance-type evpn; vlan-id none interface ge-0/0/3.2100; route-distinguisher 10.10.10.1:2000; vrf-target target:65000:2000; protocols { evpn; } } [edit] root@PE1# |
PE2
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 |
A:PE2# configure service vpls 2000 A:PE2>config>service>vpls# info ---------------------------------------------- bgp route-distinguisher 10.10.10.2:2000 route-target export target:65000:2000 import target:65000:2000 exit bgp-evpn vxlan shutdown exit mpls auto-bind-tunnel resolution any exit no shutdown exit exit stp shutdown exit sap 1/1/5:10 create no shutdown exit no shutdown ---------------------------------------------- A:PE2>config>service>vpls# |
Konfigurasi diatas akan menghasilkan EVPN route tipe 3 yaitu Inclusive PMSI (Provider Multicast Service Interface), untuk diketahui bahwa EVPN memiliki 5 tipe route yang berbeda-beda yaitu :
Route tipe 3 ini digunakan sebagai tunnel transport untuk trafik BUM (Broadcast, Unknown Unicast, Multicast), PE1 dan PE2 megenerate route ini dan di-advertise ke RR seberti pada output dibawah ini :
PE1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 |
root@PE1> show route advertising-protocol bgp 10.10.10.10 table EVPN.evpn.0 detail EVPN.evpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden) * 3:10.10.10.1:2000::0::10.10.10.1/304 (1 entry, 1 announced) BGP group internal type Internal Route Distinguisher: 10.10.10.1:2000 Route Label: 299840 PMSI: Flags 0x0: Label 299840: Type INGRESS-REPLICATION 10.10.10.1 Nexthop: Self Flags: Nexthop Change Localpref: 100 AS path: [65000] I Communities: target:65000:2000 PMSI: Flags 0x0: Label 299840: Type INGRESS-REPLICATION 10.10.10.1 root@PE1> |
PE2
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 |
A:PE2# show router bgp routes evpn inclusive-mcast hunt ---<output-omitted>--- ------------------------------------------------------------------------------- RIB Out Entries ------------------------------------------------------------------------------- Network : N/A Nexthop : 10.10.10.2 To : 10.10.10.10 Res. Nexthop : n/a Local Pref. : 100 Interface Name : NotAvailable Aggregator AS : None Aggregator : None Atomic Aggr. : Not Atomic MED : 0 AIGP Metric : None Connector : None Community : target:65000:2000 bgp-tunnel-encap:MPLS Cluster : No Cluster Members Originator Id : None Peer Router Id : 10.10.10.10 Origin : IGP AS-Path : No As-Path EVPN type : INCL-MCAST ESI : N/A Tag : 0 Originator IP : 10.10.10.2 Route Dist. : 10.10.10.2:2000 Route Tag : 0 Neighbor-AS : N/A Orig Validation: N/A Source Class : 0 Dest Class : 0 ------------------------------------------------------------------------------- PMSI Tunnel Attributes : Tunnel-type : Ingress Replication Flags : Type: RNVE(0) BM: 0 U: 0 Leaf: not required MPLS Label : LABEL 262139 Tunnel-Endpoint: 10.10.10.2 ------------------------------------------------------------------------------- ------------------------------------------------------------------------------- Routes : 3 =============================================================================== A:PE2# |
Format prefix yang di advertise pada PE1 (Juniper) adalah 3:<RD>:<VLAN_ID>:<ROUTER_ID_LENGTH>:<ROUTER_ID> (line 4 sampai 14). Angka 3 menunjukan tipe route yang diadvertise, VLAN_ID adalah derivasi dari vlan logical interface, saat diadvertise nilainya akan diletakkan pada Ethernet Tag.
Perlu diperhatikan bahwa service VPN juniper tidak melakukan vlan striping pada saat memasuki network MPLS, berbeda dengan nokia yang bersifat service delimiting tag yang artinya tag vlan akan dilepas ketika memasuki MPLS network, oleh karena itu kita harus melakukan normalisasi VLAN pada juniper supaya VLAN tag di strip ketika memasuki MPLS network. Pada router nokia, service evpn layer 2 nilai Eth-Tag nya akan selalu 0 (nol).
Perintah yang digunakan untuk normalisasi vlan pada service evpn juniper adalah root@PE1# set routing-instances EVPN vlan-id none .
Berikut ilustrasi paket treatment jika ada broadcast traffic (ARP Request) yang masuk ke PE1 :
Nah, ketika proses ARP sudah selesai antara CE1 dan CE2 maka setiap PE sudah menyimpan mac address CE1 dan CE2. Ketika CE1 dan CE2 ingin berkomunikasi maka inner label yang dipakai adalah label Mac Address (dikarenakan unicast traffic).
PE1
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 |
root@PE1> show route receive-protocol bgp 10.10.10.10 table EVPN.evpn.0 detail EVPN.evpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden) * 2:10.10.10.2:2000::0::00:50:79:66:68:07/304 (1 entry, 1 announced) Import Accepted Route Distinguisher: 10.10.10.2:2000 Route Label: 262140 ESI: 00:00:00:00:00:00:00:00:00:00 Nexthop: 10.10.10.2 MED: 0 Localpref: 100 AS path: I (Originator) Cluster list: 10.10.10.10 Originator ID: 10.10.10.2 Communities: target:65000:2000 unknown iana 30c * 3:10.10.10.2:2000::0::10.10.10.2/304 (1 entry, 1 announced) Import Accepted Route Distinguisher: 10.10.10.2:2000 Nexthop: 10.10.10.2 MED: 0 Localpref: 100 AS path: I (Originator) Cluster list: 10.10.10.10 Originator ID: 10.10.10.2 Communities: target:65000:2000 unknown iana 30c PMSI: Flags 0x0: Label 262139: Type INGRESS-REPLICATION 10.10.10.2 root@PE1> |
PE2
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 |
A:PE2# show router bgp routes evpn mac hunt =============================================================================== BGP Router ID:10.10.10.2 AS:65000 Local AS:65000 =============================================================================== Legend - Status codes : u - used, s - suppressed, h - history, d - decayed, * - valid l - leaked, x - stale, > - best, b - backup, p - purge Origin codes : i - IGP, e - EGP, ? - incomplete =============================================================================== BGP EVPN MAC Routes =============================================================================== ------------------------------------------------------------------------------- RIB In Entries ------------------------------------------------------------------------------- Network : N/A Nexthop : 10.10.10.1 From : 10.10.10.10 Res. Nexthop : 172.0.1.5 Local Pref. : 100 Interface Name : to-pe1 Aggregator AS : None Aggregator : None Atomic Aggr. : Not Atomic MED : None AIGP Metric : None Connector : None Community : target:65000:2000 Cluster : 10.10.10.10 Originator Id : 10.10.10.1 Peer Router Id : 10.10.10.10 Flags : Used Valid Best IGP Route Source : Internal AS-Path : No As-Path EVPN type : MAC ESI : ESI-0 Tag : 0 IP Address : N/A Route Dist. : 10.10.10.1:2000 Mac Address : 00:50:79:66:68:06 MPLS Label1 : LABEL 299776 MPLS Label2 : N/A Route Tag : 0 Neighbor-AS : N/A Orig Validation: N/A Source Class : 0 Dest Class : 0 Add Paths Send : Default Last Modified : 00h02m47s ---<output-omitted>--- A:PE2# |
Mac address CE2 * 2:10.10.10.2:2000::0::00:50:79:66:68:07/304 (line 4) yang diterima oleh PE1 dengan label 262140 (line 7), sedangkan PE2 menerima MAC address CE1 Mac Address : 00:50:79:66:68:06 (line 36) denga lable 299776 (line 37).
Era sekarang teknologi EVPN makin sering digunakan terutama pada environment datacenter, sebentar lagi mungkin akan merambah ke environment telco karena datacenter mulai tersebar di penjuru indonesia, nah challenge untuk telco network yaitu menyediakan transport untuk Interkoneksi Datacenter (DCI) tersebut, bagaimana kita seorang network engineer harus mengelola MAC address maupun IP yang berasal dari VM-VM yang ada di Datacenter supaya bisa tepat sasaran mencapai Datacenter lain. Sekian dulu pembahasan yang sangat sederhana ini, Wasalam.
Network Telco Engineer – SDN/NFV Enthusiast
Komentar