Коммутаторы Maipu. Что есть у вендора для сетей ЦОД?

Мы продолжаем изучать возможности и ограничения оборудования Maipu Communication Technology. В предыдущем материале мы уже рассказали, что это за производитель и что его маршрутизаторы умеют в части DMVPN. Сегодня речь пойдет о VXLAN/BGP/EVPN-фабрике для центров обработки данных.

Оборудование

По состоянию на лето 2022 года в линейке ЦОД-коммутаторов Maipu всего 6 моделей. Порты могут быть от 1 до 100 Гбит/сек. Софт на всех моделях одинаковый. Весь программный функционал доступен сразу, без дополнительных лицензий.

Первые четыре модели коммутаторов — одноюнитовые:

5830-56XQFP: 48 портов 10G SFP+, 8 портов 100G QSFP28

5830-54XTQFP: 48 портов 1/10G RJ45, 6 портов 100G QSFP28

5930-56SQFP: 48 портов 25G SFP28, 8 портов 100G QSFP28

5950-32QFP: 32 порта 100G QSFP28

Две другие модели — модульные серии 18500. Доступны шасси на 4 и 8 интерфейсных плат.

Underlay

Для начала — минимальный набор коммутаторов, чтобы увидеть, как настраивается L2 и L3-связность между двумя серверами, подключёнными к разным Leaf-коммутаторам.

Мы проверили реализацию, похожую на базовую, предлагаемую Cisco: BGP-Peering через Loopback-интерфейсы и OSPF в Underlay, чтобы сделать эти Loopback-интерфейсы взаимно доступными.

DC1-Leaf1	DC1-Leaf2
router ospf 1 router-id 1.0.0.3 network 1.0.0.0 0.0.0.255 area 0 network 1.0.255.0 0.0.0.255 area 0 network 10.1.0.0 0.0.0.255 area 0 exit router bgp 1 no auto-summary no synchronization neighbor SPINES peer-group neighbor SPINES remote-as 1 neighbor SPINES update-source loopback0 neighbor 1.0.0.1 peer-group SPINES neighbor 1.0.0.2 peer-group SPINES address-family l2vpn evpn neighbor 1.0.0.1 activate neighbor 1.0.0.1 send-community both neighbor 1.0.0.2 activate neighbor 1.0.0.2 send-community both exit-address-family exit	router ospf 1 router-id 1.0.0.4 network 1.0.0.0 0.0.0.255 area 0 network 1.0.255.0 0.0.0.255 area 0 network 10.1.0.0 0.0.0.255 area 0 exit router bgp 1 no auto-summary no synchronization neighbor SPINES peer-group neighbor SPINES remote-as 1 neighbor SPINES update-source loopback0 neighbor 1.0.0.1 peer-group SPINES neighbor 1.0.0.2 peer-group SPINES address-family l2vpn evpn neighbor 1.0.0.1 activate neighbor 1.0.0.1 send-community both neighbor 1.0.0.2 activate neighbor 1.0.0.2 send-community both exit-address-family exit
DC1-Spine1	DC1-Spine2
router ospf 1 router-id 1.0.0.1 network 1.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.0.255 area 0 network 10.1.1.0 0.0.0.255 area 0 exit router bgp 1 no auto-summary no synchronization neighbor LEAVES peer-group neighbor LEAVES remote-as 1 neighbor LEAVES update-source loopback0 neighbor LEAVES route-reflector-client neighbor 1.0.0.3 peer-group LEAVES neighbor 1.0.0.4 peer-group LEAVES neighbor 5.1.0.5 remote-as 1 neighbor 5.1.0.5 route-reflector-client address-family l2vpn evpn neighbor LEAVES activate neighbor LEAVES route-reflector-client neighbor LEAVES send-community both neighbor 1.0.0.3 peer-group LEAVES neighbor 1.0.0.4 peer-group LEAVES exit-address-family exit	router ospf 1 router-id 1.0.0.2 network 1.0.0.0 0.0.0.255 area 0 network 10.1.0.0 0.0.0.255 area 0 network 10.1.1.0 0.0.0.255 area 0 exit router bgp 1 no auto-summary no synchronization neighbor LEAVES peer-group neighbor LEAVES remote-as 1 neighbor LEAVES update-source loopback0 neighbor LEAVES route-reflector-client neighbor 1.0.0.3 peer-group LEAVES neighbor 1.0.0.4 peer-group LEAVES neighbor 5.1.0.5 remote-as 1 neighbor 5.1.0.5 route-reflector-client address-family l2vpn evpn neighbor LEAVES activate neighbor LEAVES route-reflector-client neighbor LEAVES send-community both neighbor 1.0.0.3 peer-group LEAVES neighbor 1.0.0.4 peer-group LEAVES exit-address-family exit

Multihoming

Из всех возможных опций Multihoming на коммутаторах Maipu доступна только одна — MCLAG с соединениями между Leaf-коммутаторами. Логически соединений требуется два: Peer-Link и Peer-Keepalive Link.

Peer-Link обеспечивает работу MLAG на уровне протокола и передаёт пользовательские данные, которые по какой-то причине должны попасть с одного MLAG-коммутатора на другой.

Peer-Keepalive Link — L3-соединение, с помощью которого каждый из MLAG-коммутаторов знает о том, что его партнёр жив.

В нашем случае Peer-Keepalive Link продет с помощью VLAN через отдельные физические интерфейсы коммутаторов.

Пример конфига:

mlag domain 1

node id 1

node role-priority 50

role preempt

system-mac 0001.7a95.000b

keepalive ip destination 30.0.0.2 source 30.0.0.1

exit

interface link-aggregation1

description -= MLAG to SERVER =-

switchport mode trunk

switchport trunk allowed vlan add 1,10,100,150,200

switchport trunk pvid vlan 1

vxlan 1000 encapsulation vlan 100

vxlan 2000 encapsulation vlan 200

mlag group 1

exit

interface link-aggregation10

description -= PEER-LINK =-

switchport mode trunk

switchport trunk allowed vlan add 1,10,100,150,200

switchport trunk pvid vlan 1

mlag peer-link

exit

interface vlan4094

description -= PEER-KEEPALIVE LINK =-

ip address 30.0.0.1 255.255.255.0

exit

interface tengigabitethernet0/10

switchport access vlan 4094

exit

mlag domain 1

node id 2

system-mac 0001.7a95.000b

keepalive ip destination 30.0.0.1 source 30.0.0.2

exit

interface link-aggregation1

description -= MLAG to SERVER =-

switchport mode trunk

switchport trunk allowed vlan add 1,100,150,200

switchport trunk pvid vlan 1

vxlan 1000 encapsulation vlan 100

vxlan 2000 encapsulation vlan 200

mlag group 1

exit

interface link-aggregation10

description -= PEER-LINK =-

switchport mode trunk

switchport trunk allowed vlan add 100,150,200

switchport trunk pvid vlan 1

mlag peer-link

exit

interface vlan4094

description -= PEER-KEEPALIVE LINK =-

ip address 30.0.0.2 255.255.255.0

exit

interface tengigabitethernet0/10

switchport access vlan 4094

exit

DC1-LEAF1#show mlag brief

MLAG domain id : 1

Role FSM status : MASTER

Peering FSM status : ESTABLISHED

Keepalive FSM status : ALIVE

PTS Service : ON

Up-delay : 90sec

Graceful-restart : Disabled

Number of mlags configured : 1

——————————————————

Peer-Link Link-status Data-status Active-vlans

——————— ———— ———— ———

link-aggregation10 UP UP 100,150,200

——————————————————

Node ID Role System-MAC System-Priority

——- —- ——- ————— —————-

Self 1 MASTER 0001.7a95.000b 32768

Remote 2 SLAVE 0001.7a95.000b 32768

DC1-LEAF1#show mlag group 1

mlag-id: 1 (link-aggregation1)

—Link status: UP

—Data status: UP

—Active mlag vlans: 100,150,200

—Redirect FSM state: UNREDIRECT

—Isolate FSM state: ISOLATE

—Block FSM state: UNBLOCK

—Remote interface: link-aggregation 1

—Remote link status: UP

—Remote data status: UP

DC1-LEAF1#show mlag keepalive

Keepalive status : ALIVE

—Destination IP address : 30.0.0.2

—Source IP address : 30.0.0.1

—Keepalive UDP port : 53910

—Keepalive vrf : global

—Keepalive interval : 1000 msec

—Keepalive timeout : 6 sec

—Keepalive quiet time : 3000 msec

DC1-LEAF2#sh mlag brief

MLAG domain id : 1

Role FSM status : SLAVE

Peering FSM status : ESTABLISHED

Keepalive FSM status : ALIVE

PTS Service : ON

Up-delay : 90sec

Graceful-restart : Disabled

Number of mlags configured : 1

——————————————————

Peer-Link Link-status Data-status Active-vlans

——————— ———— ———— ———

link-aggregation10 UP UP 100,150,200

——————————————————

Node ID Role System-MAC System-Priority

——- —- ——- ————— —————-

Self 2 SLAVE 0001.7a95.000b 32768

Remote 1 MASTER 0001.7a95.000b 32768

DC1-LEAF2#sh mlag group 1

mlag-id: 1 (link-aggregation1)

—Link status: UP

—Data status: UP

—Active mlag vlans: 100,150,200

—Redirect FSM state: UNREDIRECT

—Isolate FSM state: ISOLATE

—Block FSM state: UNBLOCK

—Remote interface: link-aggregation 1

—Remote link status: UP

—Remote data status: UP

DC1-LEAF2#sh mlag keepalive

Keepalive status : ALIVE

—Destination IP address : 30.0.0.1

—Source IP address : 30.0.0.2

—Keepalive UDP port : 53910

—Keepalive vrf : global

—Keepalive interval : 1000 msec

—Keepalive timeout : 6 sec

—Keepalive quiet time : 3000 msec

VXLAN

Настройка VXLAN похожа на Cisco:

Maipu

Cisco

L3VNI

ip vrf DC1-L3VNI

rd 1:1

l3vnid 1

address-family evpn

route-target import 12:12 ipv4

route-target export 12:12 ipv4

vrf context Tenant-1

vni 1

rd 1:1

address-family ipv4 unicast

route-target both 12:12

route-target both 12:12 evpn

L2VNI

vxlan 1000

vxlan vnid 1000

address-family evpn

rd 1000:1000

route-target import 1000:1000

route-target export 1000:1000

exit

vxlan 2000

vxlan vnid 2000

address-family evpn

rd 2000:2000

route-target import 2000:2000

route-target export 2000:2000

exit

evpn

vni 20100 l2

rd auto

route-target import 1000:1000

route-target export 1000:1000

vni 20200 l2

rd auto

route-target import 2000:2000

route-target export 2000:2000

Привязка VLAN к VXLAN VNID

interface link-aggregation1

vxlan 1000 encapsulation vlan 100

vxlan 2000 encapsulation vlan 200

mlag group 1

vlan 100

vn-segment 1000

vlan 200

vn-segment 2000

Anycast-Gateway

interface vxlan1000

ip vrf forwarding DC1-L3VNI

vxlan distribute-gateway

ip address 192.168.100.254 255.255.255.0

mac-address 0001.0001.0001

interface vxlan2000

ip vrf forwarding DC1-L3VNI

vxlan distribute-gateway

ip address 192.168.200.254 255.255.255.0

mac-address 0002.0002.0002

fabric forwarding anycast-gateway-mac 0001.0001.0001

interface Vlan100

no shutdown

ip address 192.168.100.254/24

fabric forwarding