7/30/2018

VXLAN Bridging with MLAG

VXLAN Bridging with MLAG
  • Key takeaways:
    • FH VTEP Encap/Decap
    • Routing between MLAG peers
    • MLAG peers share the same loopback/VTI address
  • https://eos.arista.com/vxlan-with-mlag-configuration-guide/
  • Provides remote L2 connectivity between racks or DC;
  • Each MLAG domain(2 MLAG peers) has ONE logical VTEP
    • Same virtual tunnel ip address (VTI)
    • 因为两个MLAG Peer work as ONE physical switch
  • MAC Sync:
    • For encap/decap traffic, both local and remote MAC address need to be sync'ed between peers via peer-link
    • remote = remote MAC associated with remote VTEP ip address. 
Configuration (same on both Mlag peers)
    interface loopback1
     ip address 192.168.0.1/32
    interface vxlan1
     vlan source-interface loopback 1
     vxlan udp-port 4789
     vxlan vlan 10 vni 10
     vxlan vlan 10 flood 192.168.0.2
      MAC, ARP, Traffic例子
      • serverA (macA) under MLAG domain 1 (Peer1A和1B),比方说VLAN 10,sends ARP request
        • ARP Req 会被Hash over 1 link of 2-port LAG. 
      • Peer1A受到这个ARP req, 有4个Actions
        • Act#1: peer1A floods this ARP Req所有本地VLAN 10的端口,因为是Bcast Pkt
        • Act#2: peer1A floods it to peer1B,这是给peer1B上面的Singly端口
          • peer1B只会flood singly ports,而不会flood dual-home ports
        • Act#3: peer1A sync with 1B,peer1B知道 macA 是在Port-channel上面
          • 这个Sync是另外的 MLAG signaling, 
        • Act#4: peer1A ENCAP ARP in VXLAN and floods all VTEP
          • FH GW 负责encap/decap vxlan traffic
      • VXLAN pkt is ECMP'ed to spine then to remote Peer2A/B,
        • Pear2A/B 和 1A/B一样,share一个VTI address,所以逻辑上是一个
        • peer1A ECMP to one spine;
        • This spine 有2个path to VTEP 192.168.0.2, 比方说ECMP to peer2A
        • Peer2A首到ARP req, DECAP VXLAN pkt and learns MACa in from VTEP 192.168.0.1, 以下是标准的MLAG流程 和 Peer1A很类似
          • Act#1: Peer2A flood ARP req all local ports
          • Act#2: Peer2A flood it via peer-link for those singly ports on Peer2B
          • Act#3: Peer2A sync‘s with Peer2B, MACa from VTEP 192.168.0.1
            • peerRemoteDynamic
        • ServerB unicasts ARP response to ServerA
          • dstMAC = MAC.AAA; srcMAC = MAC.BBB
        • Now both peer2A/2B know MAC.AAA is on VTEP 192.168.0.1, and ARP response is encap into VXLAN and routed to peer1B
          • ENCAP ARP reply on FH device
        • 如果peer1B 收到这个ARP reply, 
          • Learns MAC.BBB from VTEP 192.168.0.2, remoteDynamic;
          • sync with peer1A
          • and pkt fwd down to port-ch 10
        Useful CLIs:
        • show mac address, Ports里面有Vx1
        • show vxlan address-table, 有Mac/Vtep/Port
          Switch over 例子,例如Peer1A lose all uplinks
          • First Hop MLAG Peer/VTEP,负责encap/decap pkts, 这个是Principle
          • 例如MLAG peer1A lost all uplinks,但是device is up running
            • 还是Peer1A encap/decap pkts
            • 需要Routing between peer via Peerlink
          • Best Practise是建议routing on a dedicated VLAN而不是Peerlink VLAN 
          Posted by at
          Labels: , , ,

          No comments:

          Post a Comment

          Subscribe to: Post Comments (Atom)