Configuring Cumulus Linux High Availability Layer 2 Network – Part 2

Hi everyone, we’re going to continue where we left off in the previous post, so far we have configured:

  • MLAG in our spine and leaf switches
  • Bridge as a VLAN-aware bridge
  • Uplinks and downlink port as a trunk port
  • Bonding (Link aggregation)

In this post we will configure.

  • Switch Virtual Interface (SVI)
  • Virtual Router Redundancy Protocol (VRRP)
  • Open Shortest Path First (OSPF)

Refer to the Figure 1, for the host within the cluster to communicate to outside network, the spine switches must provide gateway and routing services. In the high availability network, it is recommended to implement a Virtual Router Redundancy Protocol to provide redundancy in the gateway and routing services.

layer-3
Figure 1 – Layer 3 connectivity to external

Configure SVI and VRRP

To accomplish this task we must first configure a Switch Virtual Interface (SVI) for each of the VLANs on spine switches. Edit the file under ‘/etc/network/interfaces.

######################### spine-01 #########################
# SVI for VLAN10 and VRRP configuration
auto brvlan.10
iface brvlan.10
 address 10.0.10.1/24
 address-virtual 00:00:5e:00:01:01 10.0.10.254/24

# SVI for VLAN20 and VRRP configuration
auto brvlan.20 
iface brvlan.20 
 address 10.0.20.1/24
 address-virtual 00:00:5e:00:01:02 10.0.20.254/24

# SVI for VLAN30 and VRRP configuration
auto brvlan.30
iface brvlan.30 
 address 10.0.30.1/24
 address-virtual 00:00:5e:00:01:03 10.0.30.254/24
######################### spine-02 #########################
# SVI for VLAN10 and VRRP configuration
auto brvlan.10
iface brvlan.10
 address 10.0.10.2/24
 address-virtual 00:00:5e:00:01:01 10.0.10.254/24

# SVI for VLAN20 and VRRP configuration
auto brvlan.20 
iface brvlan.20 
 address 10.0.20.2/24
 address-virtual 00:00:5e:00:01:02 10.0.20.254/24

# SVI for VLAN30 and VRRP configuration
auto brvlan.30
iface brvlan.30 
 address 10.0.30.2/24
 address-virtual 00:00:5e:00:01:03 10.0.30.254/24

  • brvlan.10 – this is the name of bridge followed by the dot and the VLAN ID. In this case, the name of the bridge is brvlan, and the VLAN ID is 10So you will have to create each SVI for each of your VLAN.
  • address – a unique IP address of the SVI (if you’re not running VRRP this will be the default gateway of the PC client).
  • address-virtual – this is the attribute to enable the VRRP. The 00:00:5e:00:01:01 is the virtual mac address of the two router participating in VRRP. Cumulus Linux has a reserved mac address for this and the range is 00:00:5e:00:01:00 – 00:00:5e:00:01:ff The next address 10.0.10.254/24 is the virtual IP address, and this will serve as the default gateway for all the host in each VLAN if running VRRP. The two virtual MAC and IP address must be the same in participating router in VRRP.

Below is the sample output from spine-01 and spine-02. The brvlan-10-v0  is the virtual interface created by VRRP, which has the virtual MAC and IP address

svi-10

svi-10-01.PNG

Configure Quagga and OSPF

The next part, we will configure the routing between the spine switches and core switch. Cumulus Linux used an open source routing suite called Quagga, which can run routing protocol like RIP, OSPF, BGP both in IPv4 and IPv6.

In this lab we will choose OSPF, if you come from Cisco background, you will have the same CLI experience in configuring Quagga. But Cumulus Linux, have built their own Linux shell command in configuring and managing Quagga, see the reference below.

To enable routing in Cumulus Linux we must first enable the Quagga daemon by editing the file in /etc/quagga/daemons and set to yes the routing protocol you want to use. In the sample output below, the zebra must be enabled first before enabling a particular routing protocol.

quagga-enable.PNG

After that, issue a command systemctl enable quagga.service and systemctl start quagga.serviceThen issue a command vtysh Linux shell to enter quagga CLI and enable the service integrated-vtysh-config in global configuration. Below is the sample output.

vty-quagga

What service integrated-vtysh-config does, it saves all the configuration in one file called /etc/quagga/Quagga.conf. To verify if service integrated-vtysh-config was enabled, issue a command copy running start, and you see where the configuration saved.

The Quagga CLI is where you configure all your routing commands, like in Cisco IOS.

The interface IP address must be configured first in /etc/network/interfaces before you can configure specific routing parameters under Quagga CLI. This the recommended way by Cumulus, because Quagga inherits all the interface IP addressing under /etc/network/interfaces.

Below is sample output from the spine-01 configuration in /etc/network/interfaces, it includes the SVI of each VLAN and the interface connected to core-sw, which is the swp8.

spine-ospf1.PNG

After you specify the IP addressing on /etc/network/interfaces you can now configure specific routing protocol parameters under Quagga CLI. Below is the sample configuration on spine-01 under Quagga CLI.

ospf-1.PNG

In the figure above, you don’t need to specify the OSPF instance, unlike Cisco. That is because by default Cumulus Linux only run one OSPF instance. If you require to run more than one OSPF instance, edit the daemons file in /etc/quagga/daemons.

ospf-2.PNG

In our topology the core and spine switch are directly connected each other, so we don’t need to specify which will be the Designated Router (DR) or Backup Designated Router (DR) instead, we tell the OSPF that it is a point-to-point network. To do this, we go to Quagga CLI and enter a command ip ospf network point-to-point, see sample output below.

ospf-3.PNG

The spine-02 have the same configuration as spine-01 with regards in configuring the SVI, Quagga, and OSPF. Below is the sample show ip route output from core-sw that is running Cisco IOS. As you can see, that is all the route that is advertised by spine-01 and spine-02. Notice that it is also the network of our VLANs.

ospf-4.PNG

So with this, we now have a working Cumulus Linux as your network device in enterprise or data center environment.

If you have any question, just leave a message or email me, I would be grateful to help

Thanks for stopping by.

Reference: Open Shortest Path First, Quagga, Cumulus Linux Validated Design

Advertisements

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s