6/17/2019

Arista EOS Tunneling Mechanism (4) - Sw Tunnel vs Data




In the above topology, I show you that the data traffic doesn't go thru the sw tunnel. I use 2 routers to simulate hosts with default gateway pointing to R11 and R44. And we can see

  • Ping between R11 and R44 works
  • But the ping from host1 to host2 doesn't work

R11 has the correct route and ping to R44's ip address is good. 

 R11#sh ip route 99.2.2.99
...
 I L1     99.2.2.0/24 [115/20] via 10.100.100.44, Tunnel100

R11.cd642.leaf18#ping 99.2.2.2
PING 99.2.2.2 (99.2.2.2) 72(100) bytes of data.
80 bytes from 99.2.2.2: icmp_seq=1 ttl=64 time=0.264 ms
80 bytes from 99.2.2.2: icmp_seq=2 ttl=64 time=0.119 ms

Host1 also has right route but ping failed, so data traffic can't pass thru. 

host1#sh ip route 99.2.2.99
....
 S        99.0.0.0/8 [1/0] via 99.1.1.1, Ethernet51/1

 host1#ping 99.2.2.99
--- 99.2.2.99 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 40ms

Now, we add NHG + Decap group (will cover the details later) on both ends. 

!!!!! R11 !!!!!!
ip route 99.2.2.0/24 Nexthop-Group nhg-gre-99-net
!
nexthop-group nhg-gre-99-net type gre
   size 1
   ttl 64
   tunnel-source 11.11.11.11
   entry 0 tunnel-destination 44.44.44.44
!
ip decap-group decap-net-99
   tunnel type gre
   tunnel decap-ip 11.11.11.11

!!!!! R44 !!!!!!
ip route 99.1.1.0/24 Nexthop-Group nhg-gre-99-net
!
nexthop-group nhg-gre-99-net type gre
   size 1
   ttl 64
   tunnel-source 44.44.44.44
   entry 0 tunnel-destination 11.11.11.11
!
ip decap-group decap-net-99
   tunnel type gre
   tunnel decap-ip 44.44.44.44

Now the ping works well. 

host1#ping 99.2.2.99
PING 99.2.2.99 (99.2.2.99) 72(100) bytes of data.
80 bytes from 99.2.2.99: icmp_seq=1 ttl=62 time=0.264 ms
.....
--- 99.2.2.99 ping statistics ---
5 packets transmitted, 5 received, 0% packet loss, time 0ms
rtt min/avg/max/mdev = 0.102/0.140/0.264/0.062 ms, ipg/ewma 0.184/0.200 ms

So basically that's how it works. 
  • On each router has static nexthop + decap group configuration to other routers
  • The application software works as a passive ISIS neighbor to establish a neighbor with one ISIS router over a GRE tunnel. 
  • So it can fetch the whole LSA DB to get a whole view of the network. 
  • By using CLI or eAPI, the software can program each router with a static route pointing to the nexthop group entry configured in step 1. 
Posted by at
Labels: , ,

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)