[Enterprise SONiC] SAG(static anycast gateway) Follow
Overview:
The SAG(Static anycast gateway) feature for EVPN/VXLAN is a default gateway address mechanism that enables the use of the same gateway IP address across all the leaf switches that are part of a VXLAN network. This ensures that every leaf switch can function as the default gateway for the workloads directly connected to it from Host machines.
Please not the design of SAG between 202111 branch and 202211 branch are different.
In the 202111 design, SAG has its own interface for specifying the MAC and IP addresses.
And in the 202211 design, SAG can be directly enabled on a VLAN interface with specific MAC and IP addresses.
Therefore, they have different commands and outputs.
Tested model & firmware version:
- Switch model name:
AS7362-56X -
Edgecore SONiC version:
202012.3
202111.3
202111.8
Restriction:
- SAG support with VLAN interface only.
-
Support single SAG mac-address setting.
- In certain cases, when the HOST's ARP is learned on SAG, but the HOST's MAC address is changed(Migration), the ARP won't be updated. Users must enable the flags(grate_arp_force_override) in the configuration database. (There is no command for it in the current version till 2111.8.) The flag configurations will be written to the configuration database. Please remember to save the configurations as startup configurations.
- Example for the SAG on VLAN2003
Configurations:
admin@sonic:~$ redis-cli -n 4 hset "VLAN_INTERFACE|Vlan2003" grat_arp_force_override enabled
Status validate:(The default isn't enable the flag, the return value is 1. If user enable this flag, the value will be return as 4)admin@sonic:~$ sudo cat /proc/sys/net/ipv4/conf/Sag2003/arp_accept 4
- Example for the SAG on VLAN2003
Symmetric IRB with SAG
Topology:
Procedure:
Step 1. Init FRR and set the loopback interface(reference Management port and front port ipv4/ipv6 and FRR init)
Step 2. Create the VLAN and IP binding as topology
SW 1:
admin@sonic:~$ sudo config vlan add 10
admin@sonic:~$ sudo config vlan add 1000
admin@sonic:~$ sudo config vlan member add -u 10 Ethernet0
admin@sonic:~$ sudo config interface ip add Ethernet48 10.1.0.2/31
SW 2:
admin@sonic:~$ sudo config vlan add 10
admin@sonic:~$ sudo config vlan add 1000
admin@sonic:~$ sudo config vlan member add -u 10 Ethernet0 admin@sonic:~$ sudo config interface ip add Ethernet48 10.1.0.3/31
Step 3. Configure VRF Setting
SW 1:
admin@sonic:~$ sudo config vrf add Vrf01
admin@sonic:~$ sudo config interface vrf bind Vlan10 Vrf01
admin@sonic:~$ sudo config interface vrf bind Vlan1000 Vrf01
SW 2:
admin@sonic:~$ sudo config vrf add Vrf01
admin@sonic:~$ sudo config interface vrf bind Vlan10 Vrf01
admin@sonic:~$ sudo config interface vrf bind Vlan1000 Vrf01
Step 4. Create Vxlan interface
SW 1:
admin@sonic:~$ sudo config vxlan add vtep 1.1.1.1
admin@sonic:~$ sudo config vxlan evpn_nvo add nvo vtep admin@sonic:~$ sudo config vxlan map add vtep 10 100 admin@sonic:~$ sudo config vxlan map add vtep 1000 10000
SW 2:
admin@sonic:~$ sudo config vxlan add vtep 2.2.2.2
admin@sonic:~$ sudo config vxlan evpn_nvo add nvo vtep admin@sonic:~$ sudo config vxlan map add vtep 10 100 admin@sonic:~$ sudo config vxlan map add vtep 1000 10000
Step 6: Set the layer3 VNI on both switches.
admin@sonic:~$ sudo config vrf add_vrf_vni_map Vrf01 10000
Step 7: Establish BGP environment for EVPN.
SW 1:
admin@sonic:~$ vtysh
Hello, this is FRRouting (version 8.0).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
sonic# configure terminal
sonic(config)# router bgp 65100
sonic(config-router)# neighbor 10.1.0.3 remote-as 65100
sonic(config-router)# address-family ipv4 unicast
sonic(config-router-af)# network 1.1.1.1/32
sonic(config-router-af)# exit
sonic(config-router)# address-family l2vpn evpn
sonic(config-router-af)# neighbor 10.1.0.3 activate
sonic(config-router-af)# advertise-all-vni
sonic(config-router-af)# end
sonic# configure terminal
sonic(config)# vrf Vrf01
sonic(config-vrf)# vni 10000
sonic(config-vrf)# end
sonic# configure terminal
sonic(config)# router bgp 65100 vrf Vrf01
sonic(config-router)# address-family ipv4 unicast
sonic(config-router-af)# redistribute connected
sonic(config-router-af)# exit
sonic(config-router)# address-family l2vpn evpn
sonic(config-router-af)# advertise ipv4 unicast
sonic(config-router-af)# end
sonic# write
SW 2:
admin@sonic:~$ vtysh
Hello, this is FRRouting (version 8.0).
Copyright 1996-2005 Kunihiro Ishiguro, et al.
sonic# configure terminal
sonic(config)# router bgp 65100
sonic(config-router)# neighbor 10.1.0.2 remote-as 65100
sonic(config-router)# address-family ipv4 unicast
sonic(config-router-af)# network 2.2.2.2/32
sonic(config-router-af)# exit
sonic(config-router)# address-family l2vpn evpn
sonic(config-router-af)# neighbor 10.1.0.2 activate
sonic(config-router-af)# advertise-all-vni
sonic(config-router-af)# end
sonic# configure terminal
sonic(config)# vrf Vrf01
sonic(config-vrf)# vni 10000
sonic(config-vrf)# end
sonic# configure terminal
sonic(config)# router bgp 65100 vrf Vrf01
sonic(config-router)# address-family ipv4 unicast
sonic(config-router-af)# redistribute connected
sonic(config-router-af)# exit
sonic(config-router)# address-family l2vpn evpn
sonic(config-router-af)# advertise ipv4 unicast
sonic(config-router-af)# end
sonic# write
Step 8: Enable SAG on both switch
For 202111 branch
admin@sonic:~$ sudo config sag mac_address add 00:11:22:33:44:55
admin@sonic:~$ sudo config sag ipv4 enable
admin@sonic:~$ sudo config interface sag ip add Vlan10 192.168.10.254/24
For 202211 branch
admin@sonic:~$ sudo config static-anycast-gateway mac_address add 00:11:22:33:44:55
admin@sonic:~$ sudo config interface ip add Vlan10 192.168.10.254/24
admin@sonic:~$ sudo config vlan static-anycast-gateway enable 10
Step 9: Check the SAG status.
For 202111 branch
admin@sonic:~$ show sag
Static Anycast Gateway Information
MacAddress IPv4 IPv6
----------------- ------ ------
00:11:22:33:44:55 enable N/A
admin@sonic:~$ show sag ip
Vlan Interface Name IPv4 address/mask
--------------------- -------------------
Vlan10 192.168.10.254/24
For 202211 branch
admin@sonic:~$ show static-anycast-gateway
Static Anycast Gateway Information
MacAddress Interfaces
----------------- ------------
00:11:22:33:44:55 Vlan10
Step 10: Check the interface status.
For 202111 branch
admin@sonic:~$ show ip int
Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP
----------- -------- ------------------- ------------ -------------- -------------
Ethernet48 10.1.0.2/31 up/up N/A N/A
Loopback0 1.1.1.1/32 up/up N/A N/A
Sag10 Vrf01 192.168.10.254/24 up/up N/A N/A
docker0 240.127.1.1/24 up/down N/A N/A
eth0 188.188.36.204/16 up/up N/A N/A
lo 127.0.0.1/16 up/up N/A N/A
For 202211 branch
admin@sonic:~$ show ip int
Interface Master IPv4 address/mask Admin/Oper BGP Neighbor Neighbor IP
----------- -------- ------------------- ------------ -------------- -------------
Ethernet48 10.1.0.2/31 up/up N/A N/A
Loopback0 1.1.1.1/32 up/up N/A N/A
Vlan10 Vrf01 192.168.10.254/24 up/up N/A N/A
docker0 240.127.1.1/24 up/down N/A N/A
eth0 188.188.36.204/16 up/up N/A N/A
lo 127.0.0.1/16 up/up N/A N/A
Comments
0 comments
Please sign in to leave a comment.