설정 정보 (Spine)
Spine 스위치는 Leaf 간의 전송을 담당하는 Underlay 네트워크의 핵심입니다. Leaf 스위치들이 교환하는 EVPN 경로 정보를 모든 Leaf에게 중계해주는 BGP Route Reflector(RR) 역할을 수행합니다.
- OSPF 설정: 모든 Leaf 스위치들의 Loopback 주소를 학습하여 Underlay 전체의 경로 정보를 확보합니다.
- BGP 설정: Loopback 주소를 기반으로 모든 Leaf 스위치와 iBGP Neighbor 관계를 맺고, 수신한 EVPN 경로를 다른 모든 Leaf에게 반사(reflect)하도록 `route-reflector-client`로 설정합니다.
[Spine1]
interface Ethernet2
mtu 9214
no switchport
ip address 10.0.11.1/29
ip ospf network point-to-point
!
interface Ethernet3
mtu 9214
no switchport
ip address 10.0.12.1/29
ip ospf network point-to-point
!
interface Ethernet4
mtu 9214
no switchport
ip address 10.0.13.1/29
ip ospf network point-to-point
!
interface Loopback0
ip address 1.1.1.1/32
router ospf 1
router-id 1.1.1.1
network 1.1.1.1/32 area 0.0.0.0
network 10.0.11.0/29 area 0.0.0.0
network 10.0.12.0/29 area 0.0.0.0
network 10.0.13.0/29 area 0.0.0.0
max-lsa 12000
router bgp 65001
router-id 1.1.1.1
neighbor LEAF peer group
neighbor LEAF remote-as 65001
neighbor LEAF update-source Loopback0
neighbor LEAF route-reflector-client
neighbor LEAF send-community extended
neighbor 10.1.1.1 peer group LEAF
neighbor 10.1.1.2 peer group LEAF
neighbor 10.1.1.3 peer group LEAF
!
address-family evpn
neighbor LEAF activate
[Spine2]
interface Ethernet2
mtu 9214
no switchport
ip address 10.0.21.2/29
ip ospf network point-to-point
!
interface Ethernet3
mtu 9214
no switchport
ip address 10.0.22.2/29
ip ospf network point-to-point
!
interface Ethernet4
mtu 9214
no switchport
ip address 10.0.23.2/29
ip ospf network point-to-point
!
interface Loopback0
ip address 2.2.2.2/32
router ospf 1
router-id 2.2.2.2
network 2.2.2.2/32 area 0.0.0.0
network 10.0.21.0/29 area 0.0.0.0
network 10.0.22.0/29 area 0.0.0.0
network 10.0.23.0/29 area 0.0.0.0
max-lsa 12000
router bgp 65001
router-id 2.2.2.2
neighbor LEAF peer group
neighbor LEAF remote-as 65001
neighbor LEAF update-source Loopback0
neighbor LEAF route-reflector-client
neighbor LEAF send-community extended
neighbor 10.1.1.1 peer group LEAF
neighbor 10.1.1.2 peer group LEAF
neighbor 10.1.1.3 peer group LEAF
!
address-family evpn
neighbor LEAF activate
설정 정보 (Leaf)
Leaf 스위치는 서버/호스트와 직접 연결되는 EVPN 패브릭의 Edge입니다. VXLAN 터널링의 시작점이자 종단점인 VTEP 역할을 수행합니다.
- Loopback 인터페이스: 안정적인 BGP 연동을 위한 Router-ID(`Loopback0`)와 VXLAN 패킷의 출발지 주소로 사용할 VTEP IP(`Loopback1`)를 생성합니다.
- OSPF 설정: Spine 및 다른 Leaf 스위치들의 Loopback 주소를 학습하여 Underlay 통신을 보장합니다.
- BGP 설정: Spine Route Reflector와 Neighbor 관계를 맺고, `address-family evpn`을 활성화하여 MAC/IP 주소와 같은 Overlay 정보를 교환할 준비를 합니다.
[Leaf1]
vlan 10,20
!
interface Ethernet1
mtu 9214
no switchport
ip address 10.0.11.3/29
ip ospf network point-to-point
!
interface Ethernet2
mtu 9214
no switchport
ip address 10.0.21.3/29
ip ospf network point-to-point
!
interface Ethernet3
switchport access vlan 10
!
interface Ethernet4
switchport access vlan 20
!
interface Loopback0
description vxlan
ip address 10.1.1.1/32
!
interface Loopback1
description evpn-control-plan
ip address 10.2.2.1/32
router ospf 1
router-id 10.1.1.1
network 10.0.11.0/29 area 0.0.0.0
network 10.0.21.0/29 area 0.0.0.0
network 10.1.1.1/32 area 0.0.0.0
network 10.2.2.1/32 area 0.0.0.0
max-lsa 12000
router bgp 65001
router-id 10.1.1.1
neighbor SPINE peer group
neighbor SPINE remote-as 65001
neighbor SPINE update-source Loopback0
neighbor SPINE send-community extended
neighbor 1.1.1.1 peer group SPINE
neighbor 2.2.2.2 peer group SPINE
!
address-family evpn
neighbor SPINE activate
[Leaf2]
vlan 10
!
interface Ethernet1
mtu 9214
no switchport
ip address 10.0.12.4/29
ip ospf network point-to-point
!
interface Ethernet2
mtu 9214
no switchport
ip address 10.0.22.4/29
ip ospf network point-to-point
!
interface Ethernet3
switchport access vlan 10
!
interface Ethernet4
switchport access vlan 10
!
interface Loopback0
description vxlan
ip address 10.1.1.2/32
!
interface Loopback1
description evpn-control-plan
ip address 10.2.2.2/32
router ospf 1
router-id 10.1.1.2
network 10.0.12.0/29 area 0.0.0.0
network 10.0.22.0/29 area 0.0.0.0
network 10.1.1.2/32 area 0.0.0.0
network 10.2.2.2/32 area 0.0.0.0
max-lsa 12000
router bgp 65001
router-id 10.1.1.2
neighbor SPINE peer group
neighbor SPINE remote-as 65001
neighbor SPINE update-source Loopback0
neighbor SPINE send-community extended
neighbor 1.1.1.1 peer group SPINE
neighbor 2.2.2.2 peer group SPINE
!
address-family evpn
neighbor SPINE activate
[Leaf3]
vlan 20
!
interface Ethernet1
mtu 9214
no switchport
ip address 10.0.13.5/29
ip ospf network point-to-point
!
interface Ethernet2
mtu 9214
no switchport
ip address 10.0.23.5/29
ip ospf network point-to-point
!
interface Ethernet3
switchport access vlan 20
!
interface Ethernet4
switchport access vlan 20
!
interface Loopback0
description vxlan
ip address 10.1.1.3/32
!
interface Loopback1
description evpn-control-plan
ip address 10.2.2.3/32
router ospf 1
router-id 10.1.1.3
network 10.0.13.0/29 area 0.0.0.0
network 10.0.23.0/29 area 0.0.0.0
network 10.1.1.3/32 area 0.0.0.0
network 10.2.2.3/32 area 0.0.0.0
max-lsa 12000
router bgp 65001
router-id 10.1.1.3
neighbor SPINE peer group
neighbor SPINE remote-as 65001
neighbor SPINE update-source Loopback0
neighbor SPINE send-community extended
neighbor 1.1.1.1 peer group SPINE
neighbor 2.2.2.2 peer group SPINE
!
address-family evpn
neighbor SPINE activate
라우팅 테이블 확인
Spine과 Leaf 모두 OSPF를 통해 서로의 Loopback 주소를 학습하여, BGP 세션과 VXLAN 터널링에 필요한 모든 경로 정보를 확보한 것을 확인할 수 있습니다.
Underlay 라우팅은 OSPF가 담당하므로 BGP 라우팅 테이블에는 경로가 없는 것이 정상입니다.
[Spine1]
Spine1#show ip route ospf
...
O 2.2.2.2/32 [110/30]
via 10.0.11.3, Ethernet2
via 10.0.12.4, Ethernet3
via 10.0.13.5, Ethernet4
O 10.0.21.0/29 [110/20]
via 10.0.11.3, Ethernet2
O 10.0.22.0/29 [110/20]
via 10.0.12.4, Ethernet3
O 10.0.23.0/29 [110/20]
via 10.0.13.5, Ethernet4
O 10.1.1.1/32 [110/20]
via 10.0.11.3, Ethernet2
O 10.1.1.2/32 [110/20]
via 10.0.12.4, Ethernet3
O 10.1.1.3/32 [110/20]
via 10.0.13.5, Ethernet4
O 10.2.2.1/32 [110/20]
via 10.0.11.3, Ethernet2
O 10.2.2.2/32 [110/20]
via 10.0.12.4, Ethernet3
O 10.2.2.3/32 [110/20]
via 10.0.13.5, Ethernet4
// bgp 라우팅 정보 없음
Spine1#show ip route bgp
...
[Spine2]
Spine2#show ip route ospf
...
O 1.1.1.1/32 [110/30]
via 10.0.21.3, Ethernet2
via 10.0.22.4, Ethernet3
via 10.0.23.5, Ethernet4
O 10.0.11.0/29 [110/20]
via 10.0.21.3, Ethernet2
O 10.0.12.0/29 [110/20]
via 10.0.22.4, Ethernet3
O 10.0.13.0/29 [110/20]
via 10.0.23.5, Ethernet4
O 10.1.1.1/32 [110/20]
via 10.0.21.3, Ethernet2
O 10.1.1.2/32 [110/20]
via 10.0.22.4, Ethernet3
O 10.1.1.3/32 [110/20]
via 10.0.23.5, Ethernet4
O 10.2.2.1/32 [110/20]
via 10.0.21.3, Ethernet2
O 10.2.2.2/32 [110/20]
via 10.0.22.4, Ethernet3
O 10.2.2.3/32 [110/20]
via 10.0.23.5, Ethernet4
// bgp 라우팅 정보 없음
Spine2#show ip route bgp
...
[Leaf1]
Leaf1#show ip route ospf
...
O 1.1.1.1/32 [110/20]
via 10.0.11.1, Ethernet1
O 2.2.2.2/32 [110/20]
via 10.0.21.2, Ethernet2
O 10.0.12.0/29 [110/20]
via 10.0.11.1, Ethernet1
O 10.0.13.0/29 [110/20]
via 10.0.11.1, Ethernet1
O 10.0.22.0/29 [110/20]
via 10.0.21.2, Ethernet2
O 10.0.23.0/29 [110/20]
via 10.0.21.2, Ethernet2
O 10.1.1.2/32 [110/30]
via 10.0.11.1, Ethernet1
via 10.0.21.2, Ethernet2
O 10.1.1.3/32 [110/30]
via 10.0.11.1, Ethernet1
via 10.0.21.2, Ethernet2
O 10.2.2.2/32 [110/30]
via 10.0.11.1, Ethernet1
via 10.0.21.2, Ethernet2
O 10.2.2.3/32 [110/30]
via 10.0.11.1, Ethernet1
via 10.0.21.2, Ethernet2
// bgp 라우팅 정보 없음
Leaf1#show ip route bgp
...
[Leaf2]
Leaf2#show ip route ospf
...
O 1.1.1.1/32 [110/20]
via 10.0.12.1, Ethernet1
O 2.2.2.2/32 [110/20]
via 10.0.22.2, Ethernet2
O 10.0.11.0/29 [110/20]
via 10.0.12.1, Ethernet1
O 10.0.13.0/29 [110/20]
via 10.0.12.1, Ethernet1
O 10.0.21.0/29 [110/20]
via 10.0.22.2, Ethernet2
O 10.0.23.0/29 [110/20]
via 10.0.22.2, Ethernet2
O 10.1.1.1/32 [110/30]
via 10.0.12.1, Ethernet1
via 10.0.22.2, Ethernet2
O 10.1.1.3/32 [110/30]
via 10.0.12.1, Ethernet1
via 10.0.22.2, Ethernet2
O 10.2.2.1/32 [110/30]
via 10.0.12.1, Ethernet1
via 10.0.22.2, Ethernet2
O 10.2.2.3/32 [110/30]
via 10.0.12.1, Ethernet1
via 10.0.22.2, Ethernet2
// bgp 라우팅 정보 없음
Leaf2#show ip route bgp
...
[Leaf3]
Leaf3#show ip route ospf
...
O 1.1.1.1/32 [110/20]
via 10.0.13.1, Ethernet1
O 2.2.2.2/32 [110/20]
via 10.0.23.2, Ethernet2
O 10.0.11.0/29 [110/20]
via 10.0.13.1, Ethernet1
O 10.0.12.0/29 [110/20]
via 10.0.13.1, Ethernet1
O 10.0.21.0/29 [110/20]
via 10.0.23.2, Ethernet2
O 10.0.22.0/29 [110/20]
via 10.0.23.2, Ethernet2
O 10.1.1.1/32 [110/30]
via 10.0.13.1, Ethernet1
via 10.0.23.2, Ethernet2
O 10.1.1.2/32 [110/30]
via 10.0.13.1, Ethernet1
via 10.0.23.2, Ethernet2
O 10.2.2.1/32 [110/30]
via 10.0.13.1, Ethernet1
via 10.0.23.2, Ethernet2
O 10.2.2.2/32 [110/30]
via 10.0.13.1, Ethernet1
via 10.0.23.2, Ethernet2
// bgp 라우팅 정보 없음
Leaf3#show ip route bgp
...
Ping 테스트
Underlay 구축의 마지막 단계로 Spine 스위치에서 모든 Leaf와 Spine의 Loopback IP로 Ping 테스트를 수행하여 전체 Underlay 네트워크 연결성을 확인합니다.
반면, 호스트가 사용하는 Overlay 대역(`172.16.x.x`)으로는 통신이 실패하는데, 이는 Underlay 전송 역할만 하는 Spine이 Overlay VNI 정보를 가지지 않는 정상적인 동작입니다.
[Spine]
Spine1#ping 2.2.2.2
PING 2.2.2.2 (2.2.2.2) 72(100) bytes of data.
80 bytes from 2.2.2.2: icmp_seq=1 ttl=63 time=0.985 ms
80 bytes from 2.2.2.2: icmp_seq=2 ttl=63 time=0.536 ms
Spine1#ping 10.1.1.1
PING 10.1.1.1 (10.1.1.1) 72(100) bytes of data.
80 bytes from 10.1.1.1: icmp_seq=1 ttl=64 time=0.083 ms
80 bytes from 10.1.1.1: icmp_seq=2 ttl=64 time=0.048 ms
Spine1#ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 72(100) bytes of data.
80 bytes from 10.1.1.2: icmp_seq=1 ttl=64 time=0.067 ms
80 bytes from 10.1.1.2: icmp_seq=2 ttl=64 time=0.053 ms
Spine1#ping 10.1.1.3
PING 10.1.1.3 (10.1.1.3) 72(100) bytes of data.
80 bytes from 10.1.1.3: icmp_seq=1 ttl=64 time=0.064 ms
80 bytes from 10.1.1.3: icmp_seq=2 ttl=64 time=0.038 ms
Spine1#ping 10.2.2.1
PING 10.2.2.1 (10.2.2.1) 72(100) bytes of data.
80 bytes from 10.2.2.1: icmp_seq=1 ttl=64 time=0.075 ms
80 bytes from 10.2.2.1: icmp_seq=2 ttl=64 time=0.048 ms
Spine1#ping 10.2.2.2
PING 10.2.2.2 (10.2.2.2) 72(100) bytes of data.
80 bytes from 10.2.2.2: icmp_seq=1 ttl=64 time=0.072 ms
80 bytes from 10.2.2.2: icmp_seq=2 ttl=64 time=0.045 ms
Spine1#ping 10.2.2.3
PING 10.2.2.3 (10.2.2.3) 72(100) bytes of data.
80 bytes from 10.2.2.3: icmp_seq=1 ttl=64 time=0.065 ms
80 bytes from 10.2.2.3: icmp_seq=2 ttl=64 time=0.038 ms
// 오버레이 구간 대역은 통신 불가
Spine1#ping 172.16.10.10
PING 172.16.10.10 (172.16.10.10) 72(100) bytes of data.
--- 172.16.10.10 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 41ms
Spine1#ping 172.16.20.20
PING 172.16.20.20 (172.16.20.20) 72(100) bytes of data.
--- 172.16.20.20 ping statistics ---
5 packets transmitted, 0 received, 100% packet loss, time 41ms
[Leaf]
// Spine
Leaf1#ping 1.1.1.1
PING 1.1.1.1 (1.1.1.1) 72(100) bytes of data.
80 bytes from 1.1.1.1: icmp_seq=1 ttl=64 time=0.061 ms
80 bytes from 1.1.1.1: icmp_seq=2 ttl=64 time=0.015 ms
Leaf1#ping 2.2.2.2
PING 2.2.2.2 (2.2.2.2) 72(100) bytes of data.
80 bytes from 2.2.2.2: icmp_seq=1 ttl=64 time=0.078 ms
80 bytes from 2.2.2.2: icmp_seq=2 ttl=64 time=0.042 ms
// VxLAN
Leaf1#ping 10.1.1.2
PING 10.1.1.2 (10.1.1.2) 72(100) bytes of data.
80 bytes from 10.1.1.2: icmp_seq=1 ttl=63 time=1.03 ms
80 bytes from 10.1.1.2: icmp_seq=2 ttl=63 time=1.14 ms
Leaf1#ping 10.1.1.3
PING 10.1.1.3 (10.1.1.3) 72(100) bytes of data.
80 bytes from 10.1.1.3: icmp_seq=1 ttl=63 time=0.888 ms
80 bytes from 10.1.1.3: icmp_seq=2 ttl=63 time=1.24 ms
// EVPN
Leaf1#ping 10.2.2.2
PING 10.2.2.2 (10.2.2.2) 72(100) bytes of data.
80 bytes from 10.2.2.2: icmp_seq=1 ttl=63 time=0.934 ms
80 bytes from 10.2.2.2: icmp_seq=2 ttl=63 time=0.605 ms
Leaf1#ping 10.2.2.3
PING 10.2.2.3 (10.2.2.3) 72(100) bytes of data.
80 bytes from 10.2.2.3: icmp_seq=1 ttl=63 time=0.926 ms
80 bytes from 10.2.2.3: icmp_seq=2 ttl=63 time=0.781 ms
'Routing > VXLAN-EVPN' 카테고리의 다른 글
| [EVPN] VXLAN-EVPN 연동 실습#2 - EVPN Overlay L2VPN 연동 (단일 테넌트) (0) | 2026.01.24 |
|---|---|
| [EVPN] EVPN MAC Learning, ARP Suppression 동작 원리 (0) | 2026.01.10 |
| [EVPN] EVPN Route Type 완벽 정리 (Type 1~5) (0) | 2026.01.03 |
| [EVPN] EVPN 구성 필수 요소 (RD, RT, MP-BGP) (0) | 2025.12.27 |
| [EVPN] EVPN(Ethernet VPN) 이란? (+용어정리) (1) | 2025.12.20 |
