Op 07/02/2024 om 12:08 schreef Wei ZHOU:
Hi,
There are several discussions in the past, you can read them on
https://lists.apache.org/[email protected]:lte=1M:vxlan
Indeed, however, here is the Frr configuration we are using.
Keep in mind that you will need a modified version of modifyvxlan.sh so
that it doesn't use Multicast for your VXLAN!
The configuration below uses BGP Unnumbered on two uplink interfaces
(ens3f0np0 and ens3f1np1) where it then announces a /32 and /128 to the
upstream routers.
VXLAN traffic is carried by IPv4 in this design, but with proper modern
switch this can be IPv6 as well.
IPv6 is used in this case for all other traffic then VXLAN:
- Management
- Storage
- Ceph
- TrueNAS
- Monitoring
frr version 7.1
frr defaults traditional
hostname hv-04-08-15.XXX.XXX.net
!
log syslog informational
!
no ipv6 forwarding
!
service integrated-vtysh-config
!
ip route 10.0.0.0/8 lo
!
!
interface ens3f0np0
no ipv6 nd suppress-ra
!
interface ens3f1np1
no ipv6 nd suppress-ra
!
interface lo
ip address 10.255.192.37/32
ipv6 address 2a00:XXX:3:35::1/128
!
router bgp 4200800815
bgp router-id 10.255.192.37
no bgp default ipv4-unicast
no bgp ebgp-requires-policy
neighbor uplinks peer-group
neighbor uplinks remote-as external
neighbor uplinks ebgp-multihop 255
neighbor ens3f0np0 interface peer-group uplinks
neighbor ens3f1np1 interface peer-group uplinks
!
address-family ipv4 unicast
network 10.255.192.37/32
neighbor uplinks activate
neighbor uplinks next-hop-self
neighbor uplinks soft-reconfiguration inbound
neighbor uplinks route-map upstream-v4-out out
neighbor uplinks route-map upstream-v4-in in
exit-address-family
!
address-family ipv6 unicast
network 2a00:XXX:3:35::1/128
neighbor uplinks activate
neighbor uplinks soft-reconfiguration inbound
neighbor uplinks route-map upstream-v6-in in
neighbor uplinks route-map upstream-v6-out out
exit-address-family
!
address-family l2vpn evpn
neighbor uplinks activate
advertise-all-vni
advertise-svi-ip
exit-address-family
!
ip prefix-list local-v4 seq 5 permit 10.255.192.37/32
ip prefix-list all-v4 seq 5 permit any
ip prefix-list upstream-v4 seq 5 permit 10.0.0.0/8 ge 24 le 32
!
ipv6 prefix-list default-v6 seq 5 permit ::/0
ipv6 prefix-list local-v6 seq 5 permit 2a00:XXX:3:35::1/128
ipv6 prefix-list all-v6 seq 5 permit any
ipv6 prefix-list upstream-v6 seq 5 permit 2a00:XXX:3::/48 le 128
ipv6 prefix-list upstream-v6 seq 10 permit 2a00:XXX:4::/48 le 64
ipv6 prefix-list upstream-v6 seq 15 permit 2a00:XXX:5::/48 le 64
!
route-map upstream-v4-in permit 10
match ip address prefix-list upstream-v4
!
route-map upstream-v4-in deny 1000
match ip address prefix-list all-v4
!
route-map upstream-v4-out permit 10
match ip address prefix-list local-v4
!
route-map upstream-v4-out deny 1000
match ip address prefix-list all-v4
!
route-map upstream-v6-out permit 10
match ipv6 address prefix-list local-v6
!
route-map upstream-v6-out deny 1000
match ipv6 address prefix-list all-v6
!
route-map upstream-v6-in permit 10
match ipv6 address prefix-list upstream-v6
!
route-map upstream-v6-in permit 100
match ipv6 address prefix-list default-v6
!
route-map upstream-v6-in deny 1000
match ipv6 address prefix-list all-v6
!
line vty
!
-Wei
On Wed, 7 Feb 2024 at 11:58, Francisco Arencibia Quesada <
[email protected]> wrote:
Good morning guys,
me again :)
We are configuring VXLAN with KVM+Cloudstack, I have read the doc from
cloudstack website, but I cannot find anything about FRR, I understand that
cloudstack does not manage FRRounting, but in any case could you please
recommend a good guide?
Kind regards
Thank you all in advance
--
*Francisco Arencibia Quesada.*
*DevOps Engineer*
