We are living in an era of Software Defined Networks (SDN) with Zero-touch installation, centralized Control Plane, Network Virtualization Overlay (NVO), Network Function Virtualization (NFV), and automated, self-learning networks where everything is managed as a system, not as individual components, via a graphical user interface. This is a huge benefit for business because everything that previously might take months can now be done in hours or even in minutes. However, it is often easy to forget that behind every SDN solution there is a highly complex system that consists of several physical/virtual devices and protocols which may fail. In these situations, it is crucial to understand how the system actually works, the role and the dependencies between protocols and so on. This book is an end-result of the author's own journey to understand a system called VXLAN Fabric. This 370 pages book includes 19 chapters, 87 file captures, 135 figures, 342 examples (configuration, show commands, and ping/trace). Every example in this book is done by using a minimum amount of devices by using Cisco VIRL and EVE-NG. This way reader can make own verification and testing.Chapters 1-7 explains the role and the operation of an Underlay Network discussing the Dijkstra algorithm used by OSPF and IS-IS as well as differences between them. It also introduces three BGP based solution (One-AS, Dual-AS, and Multi-AS). In addition, L2BUM forwarding based on "Anycast with PIM" and "PIM BiDir" solutions is explained. Chapters 8-10 explains the operation of the BGP L2VPN EVPN Control Plane. In addition, fabric external connection is discussed. Chapters 11-13 introduces vPC based multi-homing solution, while chapters 15-17 covers standard-based EVPN ESI Multi-Homing solution. Among these technologies, there are dedicated chapters for Firewall implementation, EVPN Multi-Site DC-Interconnect solution and Layer3 Multicast routing using Tenant Routed Multicast (TRM).
Author(s): Toni Pasanen
Edition: Second
Year: 2019
Language: English
Pages: 368
Chapter 1: Underlay Network – OSPF Operation
Introduction
OSPF
Link-State Database (LSDB) optimization
Shortest-Path First (SPF)/Dijkstra Algorithm
SPF Run – Phase I: Building a Shortest-Path Tree
First iteration round
Second iteration round
Third iteration round
Fourth iteration round
Fifth iteration round
Sixth iteration round
Seventh iteration round
SPF Run – Phase II: Adding Leafs to Shortest-Path Tree
References:
Chapter 2: Underlay Network – Comparison of OSPF and IS-IS
Scenario-1: Interface loopback 50 down on Leaf-101 (IS-IS)
Scenario-2: Interface loopback 50 down on Leaf-101 (OSPF)
Scenario-3: OSPF Incremental SPF – L50 Down on Leaf-101 (Stub)
Scenario-4: OSPF Incremental SPF – Interface g0/3 Down on Spine-12 (transit link does not participate in SPT)
Scenario-5: IS-IS SPF – Interface g0/3 Down on Spine-12 (Full SPF computation)
Scenario-6: IS-IS Incremental SPF – Interface g0/3 Down on Spine-12
(transit link does not participate in SPT)
Conclusion
Chapter 3: Underlay Network: iBGP in Underlay Network
Next-Hop-Self consideration
Case-1: Next-hop-self is changed by RR Spine-11.
Case-2: RR Spine-11 does not change Next-hop-self.
Chapter 4: Underlay Network: Two-AS eBGP
Underlay Network Control Plane eBGP
Overlay Network Control Plane: eBGP
References:
Chapter 5: eBGP as an Underlay Network Routing Protocol: Multi-AS eBGP
Underlay Network Control Plane: IPv4 eBGP peering
Overlay Network Control Plane: L2VPN EVPN eBGP peering
References:
Chapter 6: Layer 2 Multi-Destination Traffic - Anycast-RP with PIM.
Step 1: Configuring Anycast-RP cluster
Step 2: Assign unique Cluster Member IP and define members
Step 3: Assign unique Cluster Member IP and define members
Configuring NVE interface
Anycast-PIM Control Plane Operation
Phase 1: PIM Join
Phase 2: PIM Registration
Phase 3: PIM Registration-Stop
Phase 4: Anycast-RP peer notification
Data Plane operation
ARP Request
ARP Reply
References:
Chapter 7: Layer 2 Multi-destination traffic - PIM BiDir.
Configuration
Control Plane Operation
References
Chapter 8: BGP EVPN VXLAN Configuration and building blocks.
BGP EVPN VXLAN Building Blocks for Intra-VNI switching
Underlay Network: OSPF configuration
Overlay Network: BGP L2VPN EVPN configuration
Overlay Network: NVE Peering
Overlay Network: Host Mobility Manager
Overlay Network: Anycast Gateway (AGW)
Overlay Network: VLAN based service
Overlay Network: TCAM modification
Intra-VNI service (L2VNI) in VXLAN Fabric
Tenant based Inter-VNI Routing (L3VNI) in VXLAN Fabric
References
Chapter 9: BGP EVPN VXLAN Control and Data Plane Operation.
MAC address learning process
Phase 1: MAC Address-Table update
Phase 2: L2RIB Update
Phase 3: BGP MAC Route Export on Local VTEP
Phase 4: BGP AFI L2EVPN MAC Route Import on Remote VTEP
Phase 5: MAC VRF on Remote VTEP
Phase 6: MAC Address Table on Remote VTEP
L2VNI: Intra-VNI Data Plane
ARP Request
ARP Reply
ICMP Request
ICMP Reply
Summary
MAC-IP address learning process
Phase 1: ARP Table on Local VTEP
Phase 2-3: MAC-IP on Local VTEP
Phase 4: BGP Route Export on Local VTEP
Phase 5: BGP Route Import on Remote VTEP
Phase 6: IP VRF on Remote VTEP
ARP-Suppression
Host route Advertisement: Inter-VNI routing (L3VNI)
Phase 1. Host Route in Local Routing Information Base (RIB)
Phase 2. Host Route BGP Process on Local VTEP
Phase 3. Host Route BGP Process on Remote VTEP
Phase 4. Installing Host Route into RIB of Remote VTEP
Data Plane operation
Phase 1. Switching in VNI30000 on VTEP-102
Phase 2. Routing from VNI30000 to VNI 10077 on VTEP-102
Phase 3. Routing from VNI10077 to VNI 10000 on VTEP-101
Summary
Prefix Advertisement
Phase 1: vmBeef start pinging to vmBebe
Phase 2: Local VTEP Leaf-101: ARP process
Phase 3: Remote VTEP Leaf-102: ARP process - Request
Phase 4: vmBebe: ARP process - Reply
Phase 5: remote VTEP switch Leaf-102: BGP Update
Phase 6: Local VTEP switch Leaf-102: BGP Update
Data Plane testing
Phase 1: vmBeef start pinging to vmBebe
Phase 2: Local VTEP Leaf-101: Routing
Phase 3-4: Remote VTEP Leaf-102: ARP request
Phase 5: vmBebe: ARP Reply
Phase 6: Remote VTEP Leaf-102: ICMP Request forwarding
Phase 7: vmBebe: ICMP reply
Phase 8-9: Remote VTEP Leaf-102: Routing decision and ICMP reply
Phase 10-11: Local VTEP Leaf-101: Routing decision and ICMP reply
Summary
References
Chapter 10: VXLAN fabric External Connections
eBGP Configuration between Border Leaf-102 and Ext-Ro01
Starting point
Chapter 11: Multihoming with vPC
Virtual Port Channel Configuration
Some other consideration for vPC:
VTEP redundancy with vPC
Advertising Primary IP address
References:
Chapter 12: Multihoming - vPC and Graceful Insertion and Removal (GIR) operation
Loopback addressing
Graceful Insertion and Removal (GIR)
Verifications.
Example-2 summary: BGP EVPN peering and NVE1 using the same Loopback interface.
Conclusion
References:
Chapter 13: Using vPC Peer Link as an Underlay Backup Path
Configuration
Verification
References:
Chapter 14: VXLAN Fabric Firewall Implementation
Protected segment
Non-Protected segment
Connectivity Testing
References:
Chapter 15: EVPN ESI Multihoming
Introduction
Ethernet Segment Identifier (ESI) and Port-Channel
Designated Forwarder (DF)
Designated Forwarder
References:
Chapter 16: EVPN ESI Multihoming - Fast Convergence and Load Balancing
Ethernet A-D per ES route - Fast Convergence in the all-Active mode
Fast Convergence
Load Balancing (Aliasing)
Summary
References:
Chapter 17: EVPN ESI Multihoming - Data Flows and link failures
Introduction
Intra-VNI (L2VNI): Unicast Traffic
Scenario 1: Link e1/4 down on Leaf-102
Scenario 2: Core link down on Leaf-102.
Intra-VNI (L2VNI): Broadcast, Unknown Unicast and Multicast (BUM) traffic
Scenario 1: Traffic flow from Designated Forwarder
Scenario 2: Traffic flow from non-Designated Forwarder
CHAPTER 18: VXLAN EVPN Multi-Site
Shared EVPN domain limitations
EVPN Multi-Site Architecture Introduction
Intra-Site EVPN Domain (Fabric)
Intra-Site NVE peering and VXLAN tunnels
Summary
Shared Common EVPN Domain Connections
Border Gateway setup
Multi-Destination traffic forwarding
Designated Forwarder
Ingress-Replication
Fabric Link Failure
Normal State
Fabric-Link Failure
Fabric-Link Recovery
DCI-Link Failure
Normal State
DCI Link Failure
DCI Link Recovery
References
Chapter 19: Tenant Routed Multicast in VXLAN Fabric
Underlay Multicast Routing
PIM neighbor establishment process
Shared Multicast Tree for Intra-VN
Joining to Intra-VN Shared Tree
Joining to Intra-VN Source-Specific Tree
Tenant Routed Multicast (TRM) Configuration
Define Anycast-RP
Enable TRM on leaf switches
Define the tenant-based Multicast group for Multicast traffic.
Prevent PIM neighbor establishment within a specific VLAN
BGP afi IPv4 MVPN peering (Leaf)
BGP afi IPv4 MVPN peering (Spine)
Tenant Routed Multicast (TRM) operation
Shared/Source-Specific tree for Inter-VN
Verification
TRM Control Plane operation.
IGMP membership report
MVPN Source-Active Auto-Discovery
Data Plane Operation
Ingress leaf operation
Spine operation
Egress leaf operation
Summary
References
