Frrouting EVPN Synmetric VXLAN Routing exmaple

frr1.conf

Current configuration:
!
frr version 6.0
frr defaults traditional
hostname frr1
log file /var/log/frr.log informational
service integrated-vtysh-config
username cumulus nopassword
!
vrf vrf1
 vni 1000
 exit-vrf
!
router bgp 2501
 neighbor evpn peer-group
 neighbor evpn remote-as 2501
 neighbor evpn update-source 10.0.0.1
 neighbor evpn capability extended-nexthop
 neighbor 10.0.0.2 peer-group evpn
 neighbor 10.0.0.3 peer-group evpn
 !
 address-family l2vpn evpn
  neighbor evpn activate
  advertise-all-vni
  advertise ipv4 unicast
 exit-address-family
!
router bgp 2501 vrf vrf1
 !
 address-family ipv4 unicast
  redistribute connected metric 10 route-map any
 exit-address-family
 !
 address-family l2vpn evpn
  advertise ipv4 unicast
 exit-address-family
!
ip prefix-list any seq 10 permit 0.0.0.0/0 le 32
!
route-map any permit 10
 match ip address prefix-list any
!
line vty
!
end

memo.txt

RoutingするVLAN(VNI)は必ずVRF配下になければならない。Default VRFではできない。
vlan-aware bridgeも必須に見える。

L3 VNIは、frrのconfigでvrf配下に指定したVNIのvxlan interfaceがなる。
L3 VNIのVXLAN interfaceは、bridgeに何らかのvlan idでuntagでささり、そのidのvlan interfaceをつくり、このvlan interfaceをvrfにいれる。
type-5(またはtype-2でipまであるやつ)は、このvlan interfaceへのonlinkの経路としてinstallされる。

frr2# show bgp l2vpn evpn route 
BGP table version is 11, local router ID is 192.168.56.102
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal
Origin codes: i - IGP, e - EGP, ? - incomplete
EVPN type-2 prefix: [2]:[EthTag]:[MAClen]:[MAC]:[IPlen]:[IP]
EVPN type-3 prefix: [3]:[EthTag]:[IPlen]:[OrigIP]
EVPN type-4 prefix: [4]:[ESI]:[IPlen]:[OrigIP]
EVPN type-5 prefix: [5]:[EthTag]:[IPlen]:[IP]

   Network          Next Hop            Metric LocPrf Weight Path
Route Distinguisher: 10.0.99.254:2
*>i[5]:[0]:[24]:[10.0.10.0]
                    10.0.0.1                10    100      0 ?
                    
は、
frr2# show ip route vrf vrf1
VRF vrf1:
B>* 10.0.10.0/24 [200/0] via 10.0.0.1, vlan1000 onlink, 00:08:52
こうなる。

setup-netns.sh

#!/bin/bash

oct4=1
local=10.0.0.1

vrf=vrf1
if [ -e /sys/class/net/$vrf ]; then
	ip link del dev $vrf
fi
ip link add $vrf type vrf table 10
ip link set dev $vrf up


br=bridge
if [ -e /sys/class/net/$br ]; then
	ip link del dev $br
fi
ip link add $br type bridge vlan_filtering 1
ip link set dev $br up


for x in 10 99; do

	nsname=ns$x
	ipns="ip netns exec $nsname"
	addr=10.0.$x.$oct4/24
	gw=10.0.$x.254
	vxlan=vxlan$x
	vetha=veth${x}a
	vethb=veth${x}b
	vlan=vlan$x

	if [ -e /var/run/netns/$nsname ]; then
		ip netns del $nsname
	fi
	if [ -e /sys/class/net/$vxlan ]; then
		ip link del dev $vxlan
	fi
	if [ -e /sys/class/net/$vetha ]; then
		ip link del dev $vetha
	fi

	# create interfaces
	ip netns add $nsname
	ip link add $vxlan type vxlan id $x nolearning local $local dstport 4789
	ip link add $vetha type veth peer name $vethb
	ip link set dev $vxlan up
	ip link set dev $vetha up
	ip link set dev $vethb netns $nsname
	$ipns ip link set dev $vethb up
	$ipns ip link set dev lo up
	$ipns ip addr add dev $vethb $addr

	# bridge configuration
	ip link set dev $vxlan master $br
	ip link set dev $vetha master $br
	bridge vlan add vid $x dev $br self
	bridge vlan add vid $x dev $vxlan egress untagged pvid
	bridge vlan add vid $x dev $vetha egrss untagged pvid

	ip link add $vlan link $br type vlan id $x
	ip link set dev $vlan up
	ip link set dev $vlan master $vrf
	ip addr add dev $vlan $gw/24
	$ipns ip route add to default via $gw
done

# l3vni setup
if [ -e /sys/class/net/vxlan1000 ]; then
	ip link del dev vxlan1000
fi
ip link add vxlan1000 type vxlan id 1000 nolearning dstport 4789 local $local
ip link set dev vxlan1000 master $br
ip link set dev vxlan1000 up
bridge vlan add vid 1000 dev $br self
bridge vlan add vid 1000 dev vxlan1000 egress untagged pvid
ip link add vlan1000 link bridge type vlan id 1000
ip link set dev vlan1000 up
ip link set dev vlan1000 master vrf1