ipng/ipng.ch
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Rename linuxadmin to pim
All checks were successful
continuous-integration/drone/push Build is passing
Details

Browse Source
This commit is contained in:
Pim van Pelt
2025-04-10 00:04:36 -05:00
parent ed087f3fc6
commit d0a7cdbe38
1 changed files with 74 additions and 74 deletions
Download Patch File Download Diff File Expand all files Collapse all files

148
content/articles/2025-04-09-frysix-evpn.md
View File

@ -133,15 +133,15 @@ an OOB network that I can remotely log in to. This is the first time that either
Nokia, but I find it reasonably intuitive once I get a few tips and tricks from Niek.
```
[linuxadmin@nikhef ~]$ sr_cli
[pim@nikhef ~]$ sr_cli
--{ running }--[ ]--
A:linuxadmin@nikhef# enter candidate
A:pim@nikhef# enter candidate
--{ candidate shared default }--[ ]--
A:linuxadmin@nikhef# set / interface lo0 admin-state enable
A:linuxadmin@nikhef# set / interface lo0 subinterface 0 admin-state enable
A:linuxadmin@nikhef# set / interface lo0 subinterface 0 ipv4 admin-state enable
A:linuxadmin@nikhef# set / interface lo0 subinterface 0 ipv4 address 198.19.16.1/32
A:linuxadmin@nikhef# commit stay
A:pim@nikhef# set / interface lo0 admin-state enable
A:pim@nikhef# set / interface lo0 subinterface 0 admin-state enable
A:pim@nikhef# set / interface lo0 subinterface 0 ipv4 admin-state enable
A:pim@nikhef# set / interface lo0 subinterface 0 ipv4 address 198.19.16.1/32
A:pim@nikhef# commit stay
```
There, my first config snippet! This creates a _loopback_ interface, and similar to JunOS, a
@ -151,7 +151,7 @@ domains or VRFs. There's a conveniently named _default_ network-instance, which
the point-to-point interface between the two 400G routers to:
```
A:linuxadmin@nikhef# info flat interface ethernet-1/29
A:pim@nikhef# info flat interface ethernet-1/29
set / interface ethernet-1/29 admin-state enable
set / interface ethernet-1/29 subinterface 0 admin-state enable
set / interface ethernet-1/29 subinterface 0 ip-mtu 9190
@ -159,11 +159,11 @@ set / interface ethernet-1/29 subinterface 0 ipv4 admin-state enable
set / interface ethernet-1/29 subinterface 0 ipv4 address 198.19.17.1/31
set / interface ethernet-1/29 subinterface 0 ipv6 admin-state enable
A:linuxadmin@nikhef# set / network-instance default type default
A:linuxadmin@nikhef# set / network-instance default admin-state enable
A:linuxadmin@nikhef# set / network-instance default interface ethernet-1/29.0
A:linuxadmin@nikhef# set / network-instance default interface lo0.0
A:linuxadmin@nikhef# commit stay
A:pim@nikhef# set / network-instance default type default
A:pim@nikhef# set / network-instance default admin-state enable
A:pim@nikhef# set / network-instance default interface ethernet-1/29.0
A:pim@nikhef# set / network-instance default interface lo0.0
A:pim@nikhef# commit stay
```
Cool. Assuming I now also do this on the other IXR-7220-D4 router, called _equinix_ (which gets the
@ -171,7 +171,7 @@ loopback address 198.19.16.0/32 and the point-to-point on the 400G interface of
should be able to do my first jumboframe ping:
```
A:linuxadmin@equinix# ping network-instance default 198.19.17.1 -s 9162 -M do
A:pim@equinix# ping network-instance default 198.19.17.1 -s 9162 -M do
Using network instance default
PING 198.19.17.1 (198.19.17.1) 9162(9190) bytes of data.
9170 bytes from 198.19.17.1: icmp_seq=1 ttl=64 time=0.466 ms
@ -185,14 +185,14 @@ OK, let's get these two Nokia routers to speak OSPF, so that they can reach each
It's really easy:
```
A:linuxadmin@nikhef# / network-instance default protocols ospf instance default
A:pim@nikhef# / network-instance default protocols ospf instance default
--{ candidate shared default }--[ network-instance default protocols ospf instance default ]--
A:linuxadmin@nikhef# set admin-state enable
A:linuxadmin@nikhef# set version ospf-v2
A:linuxadmin@nikhef# set router-id 198.19.16.1
A:linuxadmin@nikhef# set area 0.0.0.0 interface ethernet-1/29.0 interface-type point-to-point
A:linuxadmin@nikhef# set area 0.0.0.0 interface lo0.0 passive true
A:linuxadmin@nikhef# commit stay
A:pim@nikhef# set admin-state enable
A:pim@nikhef# set version ospf-v2
A:pim@nikhef# set router-id 198.19.16.1
A:pim@nikhef# set area 0.0.0.0 interface ethernet-1/29.0 interface-type point-to-point
A:pim@nikhef# set area 0.0.0.0 interface lo0.0 passive true
A:pim@nikhef# commit stay
```
Similar to in JunOS, I can descend into a configuration scope (the first line goes into the
@ -202,7 +202,7 @@ called `default`. Subsequent `set` commands operate at this scope. Once I commit
to life immediately:
```
A:linuxadmin@nikhef# show network-instance default protocols ospf neighbor
A:pim@nikhef# show network-instance default protocols ospf neighbor
=========================================================================================
Net-Inst default OSPFv2 Instance default Neighbors
=========================================================================================
@ -215,7 +215,7 @@ Net-Inst default OSPFv2 Instance default Neighbors
No. of Neighbors: 1
=========================================================================================
A:linuxadmin@nikhef# show network-instance default route-table all | more
A:pim@nikhef# show network-instance default route-table all | more
IPv4 unicast route table of network instance default
+------------------+-----+------------+--------------+--------+----------+--------+------+-------------+-----------------+
| Prefix | ID | Route Type | Route Owner | Active | Origin | Metric | Pref | Next-hop | Next-hop |
@ -230,7 +230,7 @@ IPv4 unicast route table of network instance default
| 198.19.17.1/32 | 6 | host | net_inst_mgr | True | default | 0 | 0 | None | None |
+==================+=====+============+==============+========+==========+========+======+=============+=================+
A:linuxadmin@nikhef# ping network-instance default 198.19.16.0
A:pim@nikhef# ping network-instance default 198.19.16.0
Using network instance default
PING 198.19.16.0 (198.19.16.0) 56(84) bytes of data.
64 bytes from 198.19.16.0: icmp_seq=1 ttl=64 time=0.484 ms
@ -312,31 +312,31 @@ route-reflectors for others. It means that they will have an iBGP session amongs
core routers. Any new router can just plug in, form an OSPF adjacency, and connect to both core
routers. I proceed to configure BGP on the Nokia's like this:
```
A:linuxadmin@nikhef# / network-instance default protocols bgp
A:linuxadmin@nikhef# set admin-state enable
A:linuxadmin@nikhef# set autonomous-system 65500
A:linuxadmin@nikhef# set router-id 198.19.16.1
A:linuxadmin@nikhef# set dynamic-neighbors accept match 198.19.16.0/24 peer-group overlay
A:linuxadmin@nikhef# set afi-safi evpn admin-state enable
A:linuxadmin@nikhef# set preference ibgp 170
A:linuxadmin@nikhef# set route-advertisement rapid-withdrawal true
A:linuxadmin@nikhef# set route-advertisement wait-for-fib-install false
A:linuxadmin@nikhef# set group overlay peer-as 65500
A:linuxadmin@nikhef# set group overlay afi-safi evpn admin-state enable
A:linuxadmin@nikhef# set group overlay afi-safi ipv4-unicast admin-state disable
A:linuxadmin@nikhef# set group overlay afi-safi ipv6-unicast admin-state disable
A:linuxadmin@nikhef# set group overlay local-as as-number 65500
A:linuxadmin@nikhef# set group overlay route-reflector client true
A:linuxadmin@nikhef# set group overlay transport local-address 198.19.16.1
A:linuxadmin@nikhef# set neighbor 198.19.16.0 admin-state enable
A:linuxadmin@nikhef# set neighbor 198.19.16.0 peer-group overlay
A:linuxadmin@nikhef# commit stay
A:pim@nikhef# / network-instance default protocols bgp
A:pim@nikhef# set admin-state enable
A:pim@nikhef# set autonomous-system 65500
A:pim@nikhef# set router-id 198.19.16.1
A:pim@nikhef# set dynamic-neighbors accept match 198.19.16.0/24 peer-group overlay
A:pim@nikhef# set afi-safi evpn admin-state enable
A:pim@nikhef# set preference ibgp 170
A:pim@nikhef# set route-advertisement rapid-withdrawal true
A:pim@nikhef# set route-advertisement wait-for-fib-install false
A:pim@nikhef# set group overlay peer-as 65500
A:pim@nikhef# set group overlay afi-safi evpn admin-state enable
A:pim@nikhef# set group overlay afi-safi ipv4-unicast admin-state disable
A:pim@nikhef# set group overlay afi-safi ipv6-unicast admin-state disable
A:pim@nikhef# set group overlay local-as as-number 65500
A:pim@nikhef# set group overlay route-reflector client true
A:pim@nikhef# set group overlay transport local-address 198.19.16.1
A:pim@nikhef# set neighbor 198.19.16.0 admin-state enable
A:pim@nikhef# set neighbor 198.19.16.0 peer-group overlay
A:pim@nikhef# commit stay
```
I can see that iBGP sessions establish between all the devices:
```
A:linuxadmin@nikhef# show network-instance default protocols bgp neighbor
A:pim@nikhef# show network-instance default protocols bgp neighbor
---------------------------------------------------------------------------------------------------------------------------
BGP neighbor summary for network-instance "default"
Flags: S static, D dynamic, L discovered by LLDP, B BFD enabled, - disabled, * slow
@ -404,15 +404,15 @@ VXLAN traffic from, and add the interface to the _default_ network-instance. So
defining that interface and associate a VXLAN interface with it, like so:
```
A:linuxadmin@nikhef# set / interface system0 admin-state enable
A:linuxadmin@nikhef# set / interface system0 subinterface 0 admin-state enable
A:linuxadmin@nikhef# set / interface system0 subinterface 0 ipv4 admin-state enable
A:linuxadmin@nikhef# set / interface system0 subinterface 0 ipv4 address 198.19.18.1/32
A:linuxadmin@nikhef# set / network-instance default interface system0.0
A:linuxadmin@nikhef# set / tunnel-interface vxlan1 vxlan-interface 2604 type bridged
A:linuxadmin@nikhef# set / tunnel-interface vxlan1 vxlan-interface 2604 ingress vni 2604
A:linuxadmin@nikhef# set / tunnel-interface vxlan1 vxlan-interface 2604 egress source-ip use-system-ipv4-address
A:linuxadmin@nikhef# commit stay
A:pim@nikhef# set / interface system0 admin-state enable
A:pim@nikhef# set / interface system0 subinterface 0 admin-state enable
A:pim@nikhef# set / interface system0 subinterface 0 ipv4 admin-state enable
A:pim@nikhef# set / interface system0 subinterface 0 ipv4 address 198.19.18.1/32
A:pim@nikhef# set / network-instance default interface system0.0
A:pim@nikhef# set / tunnel-interface vxlan1 vxlan-interface 2604 type bridged
A:pim@nikhef# set / tunnel-interface vxlan1 vxlan-interface 2604 ingress vni 2604
A:pim@nikhef# set / tunnel-interface vxlan1 vxlan-interface 2604 egress source-ip use-system-ipv4-address
A:pim@nikhef# commit stay
```
This creates the plumbing for a VXLAN sub-interface called `vxlan1.2604` which will accept/send
@ -422,27 +422,27 @@ LAN), and it'll use the `system0.0` address to source that traffic from.
The second part is to create what SR Linux calls a MAC-VRF and put some interface in it:
```
A:linuxadmin@nikhef# set / interface ethernet-1/9 admin-state enable
A:linuxadmin@nikhef# set / interface ethernet-1/9 breakout-mode num-breakout-ports 4
A:linuxadmin@nikhef# set / interface ethernet-1/9 breakout-mode breakout-port-speed 10G
A:linuxadmin@nikhef# set / interface ethernet-1/9/3 admin-state enable
A:linuxadmin@nikhef# set / interface ethernet-1/9/3 vlan-tagging true
A:linuxadmin@nikhef# set / interface ethernet-1/9/3 subinterface 0 type bridged
A:linuxadmin@nikhef# set / interface ethernet-1/9/3 subinterface 0 admin-state enable
A:linuxadmin@nikhef# set / interface ethernet-1/9/3 subinterface 0 vlan encap untagged
A:pim@nikhef# set / interface ethernet-1/9 admin-state enable
A:pim@nikhef# set / interface ethernet-1/9 breakout-mode num-breakout-ports 4
A:pim@nikhef# set / interface ethernet-1/9 breakout-mode breakout-port-speed 10G
A:pim@nikhef# set / interface ethernet-1/9/3 admin-state enable
A:pim@nikhef# set / interface ethernet-1/9/3 vlan-tagging true
A:pim@nikhef# set / interface ethernet-1/9/3 subinterface 0 type bridged
A:pim@nikhef# set / interface ethernet-1/9/3 subinterface 0 admin-state enable
A:pim@nikhef# set / interface ethernet-1/9/3 subinterface 0 vlan encap untagged
A:linuxadmin@nikhef# / network-instance peeringlan
A:linuxadmin@nikhef# set type mac-vrf
A:linuxadmin@nikhef# set admin-state enable
A:linuxadmin@nikhef# set interface ethernet-1/9/3.0
A:linuxadmin@nikhef# set vxlan-interface vxlan1.2604
A:linuxadmin@nikhef# set protocols bgp-evpn bgp-instance 1 admin-state enable
A:linuxadmin@nikhef# set protocols bgp-evpn bgp-instance 1 vxlan-interface vxlan1.2604
A:linuxadmin@nikhef# set protocols bgp-evpn bgp-instance 1 evi 2604
A:linuxadmin@nikhef# set protocols bgp-vpn bgp-instance 1 route-distinguisher rd 65500:2604
A:linuxadmin@nikhef# set protocols bgp-vpn bgp-instance 1 route-target export-rt target:65500:2604
A:linuxadmin@nikhef# set protocols bgp-vpn bgp-instance 1 route-target import-rt target:65500:2604
A:linuxadmin@nikhef# commit stay
A:pim@nikhef# / network-instance peeringlan
A:pim@nikhef# set type mac-vrf
A:pim@nikhef# set admin-state enable
A:pim@nikhef# set interface ethernet-1/9/3.0
A:pim@nikhef# set vxlan-interface vxlan1.2604
A:pim@nikhef# set protocols bgp-evpn bgp-instance 1 admin-state enable
A:pim@nikhef# set protocols bgp-evpn bgp-instance 1 vxlan-interface vxlan1.2604
A:pim@nikhef# set protocols bgp-evpn bgp-instance 1 evi 2604
A:pim@nikhef# set protocols bgp-vpn bgp-instance 1 route-distinguisher rd 65500:2604
A:pim@nikhef# set protocols bgp-vpn bgp-instance 1 route-target export-rt target:65500:2604
A:pim@nikhef# set protocols bgp-vpn bgp-instance 1 route-target import-rt target:65500:2604
A:pim@nikhef# commit stay
```
In the first block here, Arend took what is a 100G port called `ethernet-1/9` and split it into 4x25G
@ -606,7 +606,7 @@ The Nokia IXR-7220-D4 router called _equinix_ has also learned a bunch of EVPN r
which I can inspect as follows:
```
A:linuxadmin@equinix# show network-instance default protocols bgp routes evpn route-type summary
A:pim@equinix# show network-instance default protocols bgp routes evpn route-type summary
--------------------------------------------------------------------------------------------------------------------------------------------------------------------
Show report for the BGP route table of network-instance "default"
--------------------------------------------------------------------------------------------------------------------------------------------------------------------