配置手册:CX-N下基于REST API方法的VXLAN EVPN场景验证
1 目标
本文主要描述如何在Asterfusion CX308P-48Y-N和CX532P-N(以下简称CX308和CX532)搭建的网络上,使用BGP EVPN自动化地创建VXLAN隧道、传递虚拟路由,完成其连接的Server的数据包封装及解封装工作。
注:REST API目前无法涵盖所有功能,因此部分功能配置依然依赖命令行进行配置。
2 设备拓扑
部署所使用的设备、接口及管理IP如下:
3 具体配置
3.1 原子级REST API配置
3.1.1 修改CLI-mode
REST API与Klish命令行不兼容,使用REST API的前提就是修改cli-mode为bash。需要在四台交换机上配置如下命令:
admin@Leaf1:~$ config cli-mode bash3.1.2 登录交换机
执行REST API需要登陆对应的交换机后,才能调用其接口。
POST https://10.230.1.7/rest/v3/login
{
"username":"admin",
"password":"asteros"
}3.1.3 配置各交换机端口速率及IP
Spine1:
POST https://10.230.1.7/rest/v3/router-interfaces/
{
"C1": {
"vrf": "default",
"ip_addr": [
"10.0.100.2/24"
]
},
"C2": {
"vrf": "default",
"ip_addr": [
"10.0.200.2/24"
]
}
}
Spine2:
POST https://10.230.1.8/rest/v3/router-interfaces/
{
"C1": {
"vrf": "default",
"ip_addr": [
"10.100.100.2/24"
]
},
"C2": {
"vrf": "default",
"ip_addr": [
"10.100.200.2/24"
]
}
}
Leaf1:
admin@Leaf1:~$ sudo config interface speed Ethernet0 10000
admin@Leaf1:~$ sudo config interface speed Ethernet1 10000
POST https://10.230.1.18/rest/v3/router-interfaces/
{
"C1": {
"vrf": "default",
"ip_addr": [
"10.0.100.1/24"
]
},
"C2": {
"vrf": "default",
"ip_addr": [
"10.100.100.1/24"
]
}
}
Leaf2:
admin@Leaf2:~$ sudo config interface speed Ethernet0 10000
admin@Leaf2:~$ sudo config interface speed Ethernet1 10000
POST https://10.230.1.19/rest/v3/router-interfaces/
{
"C1": {
"vrf": "default",
"ip_addr": [
"10.0.200.1/24"
]
},
"C2": {
"vrf": "default",
"ip_addr": [
"10.100.200.1/24"
]
}
}3.1.4配置Leaf1、Leaf2的VRF及VLAN信息
Leaf1:
POST https://10.230.1.18/rest/v3/vrfs/
{
"vrf-123": {
"src_mac": " 00:11:22:33:44:55"
}
}
POST: https://10.230.1.18/rest/v3/vlans/
{
"vlan100": {
"members": [
{
"id": "Y1",
"tagging_mode": "untagged"
}
]
}
}
POST https://10.230.1.18/rest/v3/router-interfaces/
{
"vlan100": {
"ip_addr": [
"100.0.10.1/24"
],
"vrf": "vrf-123",
"mac_address": " 00:11:22:33:44:55 "
}
}
Leaf2:
POST https://10.230.1.19/rest/v3/vrfs/
{
"vrf-456": {
"src_mac": "00:11:22:33:44:a5"
}
}
POST: https://10.230.1.19/rest/v3/vlans/
{
"vlan200": {
"members": [
{
"id": "Y1",
"tagging_mode": "untagged"
}
]
}
}
POST: https://10.230.1.19/rest/v3/router-interfaces/
{
"vlan200": {
"vrf": "vrf-456",
"ip_addr": [
"100.0.20.1/24"
],
"mac_address": " 00:11:22:33:44:a5"
}
}3.1.5 配置BGP
Spine1:
admin@Spine1:~$ sudo config bgp asn 65201
POST https://10.230.1.7/rest/v3/protocols/bgp-neighbors/
{
"10.0.100.1": {
"configuration": {
"rrclient_enable": "false",
"name": "S1-L1",
"local_addr": "10.0.100.2",
"nhopself_enable": "false",
"admin_status": "up",
"holdtime": "180",
"asn": "65203",
"keepalive": "60"
}
},
"10.0.200.1": {
"configuration": {
"rrclient_enable": "false",
"name": "S1-L2",
"local_addr": "10.0.200.2",
"nhopself_enable": "false",
"admin_status": "up",
"holdtime": "180",
"asn": "65204",
"keepalive": "60"
}
}
}
POST https://10.230.1.7/rest/v3/protocols/bgp-interface-neighbors/
{
"C1": {
"configuration": {
"admin_status": "up",
"asn": "external"
}
},
"C2": {
"configuration": {
"admin_status": "up",
"asn": "external"
}
}
}
admin@Spine1:~$ sudo config bgp add network default 10.10.25.1/32 ipv4
Spine2:
admin@Spine2:~$ sudo config bgp asn 65202
POST https://10.230.1.8/rest/v3/protocols/bgp-neighbors/
{
"10.100.100.1": {
"configuration": {
"rrclient_enable": "false",
"name": "S2-L1",
"local_addr": "10.100.100.2",
"nhopself_enable": "false",
"admin_status": "up",
"holdtime": "180",
"asn": "65203",
"keepalive": "60"
}
},
"10.100.200.1": {
"configuration": {
"rrclient_enable": "false",
"name": "S2-L2",
"local_addr": "10.100.200.2",
"nhopself_enable": "false",
"admin_status": "up",
"holdtime": "180",
"asn": "65204",
"keepalive": "60"
}
}
}
POST https://10.230.1.8/rest/v3/protocols/bgp-interface-neighbors/
{
"C1": {
"configuration": {
"admin_status": "up",
"asn": "external"
}
},
"C2": {
"configuration": {
"admin_status": "up",
"asn": "external"
}
}
}
admin@Spine2:~$ sudo config bgp add network default 10.10.25.2/32 ipv4
Leaf1:
admin@Leaf1:~$ sudo config bgp asn 65203
POST https://10.230.1.18/rest/v3/protocols/bgp-neighbors/
{
"10.0.100.2": {
"configuration": {
"rrclient_enable": "false",
"name": "S1-L1",
"local_addr": "10.0.100.1",
"nhopself_enable": "false",
"admin_status": "up",
"holdtime": "180",
"asn": "65201",
"keepalive": "60"
}
},
"10.100.100.2": {
"configuration": {
"rrclient_enable": "false",
"name": "S2-L1",
"local_addr": "10.100.100.1",
"nhopself_enable": "false",
"admin_status": "up",
"holdtime": "180",
"asn": "65202",
"keepalive": "60"
}
}
}
POST https://10.230.1.18/rest/v3/protocols/bgp-interface-neighbors/
{
"C1": {
"configuration": {
"admin_status": "up",
"asn": "external"
}
},
"C2": {
"configuration": {
"admin_status": "up",
"asn": "external"
}
}
}
admin@Leaf1:~$ sudo config bgp add network default 10.10.25.3/32 ipv4
Leaf2:
admin@Leaf2:~$ sudo config bgp asn 65204
POST https://10.230.1.19/rest/v3/protocols/bgp-neighbors/
{
"10.0.200.2": {
"configuration": {
"rrclient_enable": "false",
"name": "S1-L2",
"local_addr": "10.0.200.1",
"nhopself_enable": "false",
"admin_status": "up",
"holdtime": "180",
"asn": "65201",
"keepalive": "60"
}
},
"10.100.200.2": {
"configuration": {
"rrclient_enable": "false",
"name": "S2-L2",
"local_addr": "10.100.200.1",
"nhopself_enable": "false",
"admin_status": "up",
"holdtime": "180",
"asn": "65202",
"keepalive": "60"
}
}
}
POST https://10.230.1.19/rest/v3/protocols/bgp-interface-neighbors/
{
"C1": {
"configuration": {
"admin_status": "up",
"asn": "external"
}
},
"C2": {
"configuration": {
"admin_status": "up",
"asn": "external"
}
}
}
admin@Leaf2:~$ sudo config bgp add network default 10.10.25.4/32 ipv4
3.1.6 配置VTEP开启EVPN
Leaf1:
admin@Leaf1:~$ sudo config evpn advertise all-vni
admin@Leaf1:~$ sudo config vxlan add vxlan0 10.10.25.3
admin@Leaf1:~$ sudo config vxlan evpn_nvo add nvo0 vxlan0
Leaf2:
admin@Leaf2:~$ sudo config evpn advertise all-vni
admin@Leaf2:~$ sudo config vxlan add vxlan0 10.10.25.4
admin@Leaf2:~$ sudo config vxlan evpn_nvo add nvo0 vxlan0
3.1.7 配置VXLAN映射
Leaf1:
POST https://10.230.1.18/rest/v3/protocols/evpn-tunnel-maps/
{
"100": {
"map": "vlan100",
"type": "vlan",
"vxlan_id": "0"
},
"1000": {
"map": "vrf-123",
"type": "vrf",
"vxlan_id": "0"
}
}
Leaf2:
POST https://10.230.1.19/rest/v3/protocols/evpn-tunnel-maps/
{
"200": {
"map": "vlan200",
"type": "vlan",
"vxlan_id": "0"
},
"1000": {
"map": "vrf-456",
"type": "vrf",
"vxlan_id": "0"
}
}
3.1.8 保存&重载
以Spine1为例:
POST https://10.230.1.7/rest/v3/system_config/
{
"action": "save"
}
POST https://10.230.1. 7/rest/v3/system_config/
{
"action": "reload"
}3.1.9 服务器配置
Server1:
[root@server1 ~]# route add -net 100.0.20.0 netmask 255.255.255.0 gw 100.0.10.1 dev ens1f0Server2:
[root@server2 network-scripts]# route add -net 100.0.10.0 netmask 255.255.255.0 gw 100.0.20.1 dev enp2s0f03.1.10 配置验证
3.1.10.1服务器连通性
Server1:
Server2:
3.1.10.2查看Leaf1信息
查看EVPN信息
查看VXLAN VTEP
查看Leaf1路由
3.1.10.3查看Leaf2信息
查看EVPN信息
查看VXLAN VTEP
查看Leaf2路由
3.2 Overlay REST API配置(事务级)
事务级API为针对Overlay网络配置的API,只支持VLAN、VRF以及VXLAN映射这些配置需要进行重新配置,端口IP、BGP等配置只能使用原子级REST API。
3.2.1 安装事务级API
上传安装包到Leaf交换机上,执行如下命令:
unzip overlay_rest_api_20231121.zip -d overlayrestapi
cd overlayrestapi
chmod +x install.sh
./install.sh rest-api_20231121.aa018e98735f584bf595638f2013f95b.deb3.2.2 配置VLAN、VRF以及EVPN映射关系
Leaf1:
POST https://10.230.1.18/rest/v3/overlay/evpn/nvo
{
"vrf": [
{
"vrf": "vrf-100",
"mac": "00:00:ff:23:33:11",
"l3vni": "2000",
"static_redistribute": "false",
"network": ["200.0.10.0/24"]
}
],
"router_interface": [
{
"vlan": "vlan101",
"vrf": "vrf-100",
"ip_addr": [
"200.0.10.1/24"
],
"description": "test"
}
],
"vlan": [
{
"vlan": "vlan101",
"vlan_member": [
{
"id": "Y2",
"tagging_mode": "untagged"
}
]
}
],
"nvo_subnet": [
{
"vrf": "vrf-100",
"l2vni": "101",
"vlan": "vlan101",
"network_redistribute": "true"
}
]
}
Leaf2:
{
"vrf": [
{
"vrf": "vrf-200",
"mac": "00:00:ff:23:33:22",
"l3vni": "2000",
"static_redistribute": "false",
"network": ["200.0.20.0/24"]
}
],
"router_interface": [
{
"vlan": "vlan201",
"vrf": "vrf-200",
"ip_addr": [
"200.0.20.1/24"
],
"description": "test"
}
],
"vlan": [
{
"vlan": "vlan201",
"vlan_member": [
{
"id": "Y2",
"tagging_mode": "untagged"
}
]
}
],
"nvo_subnet": [
{
"vrf": "vrf-200",
"l2vni": "201",
"vlan": "vlan201",
"network_redistribute": "true"
}
]
}3.2.3 保存&重载
Leaf1:
POST https://10.230.1.18/rest/v3/system_config/
{
"action": "save"
}
POST https://10.230.1.18/rest/v3/system_config/
{
"action": "reload"
}
Leaf2:
POST https://10.230.1.19/rest/v3/system_config/
{
"action": "save"
}
POST https://10.230.1.19/rest/v3/system_config/
{
"action": "reload"
}
3.2.4 服务器配置
Server1:
[root@server1 ~]# route add -net 200.0.20.0 netmask 255.255.255.0 gw 200.0.10.1 dev ens1f1Server2:
[root@server1 ~]# route add -net 200.0.20.0 netmask 255.255.255.0 gw 200.0.20.1 dev enp2s0f13.2.2 配置验证
3.2.5.1服务器连通性
Server1:
Server2:
3.2.5.2查看Leaf1信息
查看EVPN信息
查看Leaf1路由
3.2.5.3查看Leaf2信息
查看EVPN信息
查看Leaf2路由
