H3C S6800 EVPN分布式VXLAN IP网关典型配置
- 0关注
- 4收藏 5190浏览
· PCA、PCB分别模拟不同站点的主机;
· PCA和PCB处在不同VXLAN;
· S6800A和S6800B作为分布式EVPN VXLAN网关设备;
· S6800C作为RR设备负责反射BGP路由;
· 通过配置分布式EVPN网关实现不同VXLAN之间的三层互通;
1、配置PC 的IP地址
分别配置PCA和PCB IP地址为 10.1.1.1 与 20.1.1.1 其网关分别是10.1.1.254/24、20.1.1.254/24、30.1.1.254/24
2、配置S6800A交换机
步骤一:配置VXLAN的硬件资源模式(需重启设备生效)。
<H3C> system-view
[H3C] hardware-resource vxlan l3gw8k
步骤二:配置VLAN 10、13, PCA连接端口属于VLAN10,S6800A与S6800C互联口属于VLAN13
[H3C] vlan 10
[H3C-vlan10]quit
[H3C] vlan 13
[H3C-vlan13]quit
[H3C] interface Ten-GigabitEthernet1/0/10
[H3C-Ten-GigabitEthernet1/0/10] port access vlan 10
[H3C] interface Ten-GigabitEthernet1/0/2
[H3C-Ten-GigabitEthernet1/0/2] port access vlan 13
步骤三:创建Loopback 1接口
[H3C]interface LoopBack 1
[H3C-LoopBack1]ip address 1.1.1.1 32
步骤四:创建vlan13虚接口
[H3C]interface Vlan-interface 13
[H3C-Vlan-interface13]ip address 13.1.1.1 30
步骤五:配置OSPF,使得设备之间IP可达
[H3C]ospf 1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.3
[H3C-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
步骤六:开启L2VPN功能
[H3C] l2vpn enable
步骤七:关闭远端MAC地址和远端ARP自动学习功能
[H3C] vxlan tunnel mac-learning disable
[H3C] vxlan tunnel arp-learning disable
步骤八:创建VSI,并进入VSI视图(这里1和2即创建的VSI名称),并分别关联VXLAN100和200
[H3C]vsi 1
[H3C-vsi-1]vxlan 100
[H3C-vsi-1-vxlan-100]quit
[H3C-vsi-1]quit
[H3C]vsi 2
[H3C-vsi-2]vxlan 200
[H3C-vsi-2-vxlan-200]quit
[H3C-vsi-2]quit
步骤九:在VSI实例1下创建EVPN实例,并配置自动生成EVPN实例的RD和RT
[H3C] vsi 1
[H3C-vsi-1] evpn encapsulation vxlan
[H3C-vsi-1-evpn-vxlan] route-distinguisher auto
[H3C-vsi-1-evpn-vxlan] vpn-target auto
[H3C-vsi-1-evpn-vxlan] quit
步骤十:在VSI实例2下创建EVPN实例,并配置自动生成EVPN实例的RD和RT
[H3C] vsi 2
[H3C-vsi-2] evpn encapsulation vxlan
[H3C-vsi-2-evpn-vxlan] route-distinguisher auto
[H3C-vsi-2-evpn-vxlan] vpn-target auto
[H3C-vsi-2-evpn-vxlan] quit
步骤十一:配置BGP发布EVPN路由
[H3C]bgp 100
[H3C-bgp-default] peer 3.3.3.3 as-number 100
[H3C-bgp-default] peer 3.3.3.3 connect-interface LoopBack1
[H3C-bgp-default]address-family l2vpn evpn
[H3C-bgp-default-evpn]peer 3.3.3.3 enable
步骤十二:创建以太网服务实例1及配置封装模式,并使其与VSI关联
[H3C]interface Ten-GigabitEthernet 1/0/10
[H3C-Ten-GigabitEthernet1/0/10]service-instance 1
[H3C-Ten-GigabitEthernet1/0/10-srv1]encapsulation s-vid 10
[H3C-Ten-GigabitEthernet1/0/10-srv1]xconnect vsi 1
步骤十三: 配置L3VNI的RD和RT
[H3C] ip vpn-instance 1
[H3C-vpn-instance-1] route-distinguisher 1:1
[H3C-vpn-instance-1] address-family ipv4
[H3C-vpn-ipv4-1] vpn-target 2:2
[H3C-vpn-ipv4-1] quit
[H3C-vpn-instance-1] address-family evpn
[H3C-vpn-evpn-1] vpn-target 1:1
[H3C-vpn-evpn-1] quit
[H3C-vpn-instance-1] quit
步骤十四:创建VSI虚接口VSI-interface1,并为其配置IP地址和MAC地址,该IP地址作为VXLAN 100内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[H3C]interface Vsi-interface 1
[H3C-Vsi-interface1] ip binding vpn-instance 1
[H3C-Vsi-interface1]ip address 10.1.1.254 24
[H3C-Vsi-interface1] mac-address 0001-0001-0001
[H3C-Vsi-interface1] local-proxy-arp enable
[H3C-Vsi-interface1] distributed-gateway local
[H3C-Vsi-interface1] quit
步骤十五:创建VSI虚接口VSI-interface2,并为其配置IP地址和MAC地址,该IP地址作为VXLAN 200内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[H3C]interface Vsi-interface 2
[H3C-Vsi-interface2] ip binding vpn-instance 1
[H3C-Vsi-interface2]ip address 20.1.1.254 24
[H3C-Vsi-interface2] mac-address 0002-0002-0002
[H3C-Vsi-interface2] local-proxy-arp enable
[H3C-Vsi-interface2] distributed-gateway local
[H3C-Vsi-interface2] quit
步骤十六:创建VSI虚接口VSI-interface3,在该接口上配置VPN实例1对应的L3VNI为1
[H3C]interface Vsi-interface 3
[H3C-Vsi-interface3] ip binding vpn-instance 1
[H3C-Vsi-interface3] l3-vni 1
[H3C-Vsi-interface3]quit
步骤十七:配置VXLAN 100所在的VSI实例和接口VSI-interface1关联。
[H3C]vsi 1
[H3C-vsi-1]gateway vsi-interface 1
步骤十八:配置VXLAN 200所在的VSI实例和接口VSI-interface2关联。
[H3C]vsi 2
[H3C-vsi-2]gateway vsi-interface 2
3、配置S6800B交换机
步骤一:配置VXLAN的硬件资源模式(需重启设备生效)。
<H3C> system-view
[H3C] hardware-resource vxlan l3gw8k
步骤二:配置VLAN 20、23,PCB连接端口属于VLAN20,S6800B与S6800C互联口属于vlan 23
<H3C> system-view
[H3C] vlan 20
[H3C-vlan20]quit
[H3C] vlan 23
[H3C-vlan123]quit
[H3C] interface Ten-GigabitEthernet1/0/20
[H3C-Ten-GigabitEthernet1/0/20] port access vlan 20
[H3C] interface Ten-GigabitEthernet1/0/3
[H3C-Ten-GigabitEthernet1/0/3] port access vlan 23
步骤三:创建loopback1 接口
[H3C]interface LoopBack 1
[H3C-LoopBack1]ip address 2.2.2.2 32
步骤四:创建VLAN23虚接口
[H3C]interface Vlan-interface 23
[H3C-Vlan-interface23]ip address 23.1.1.1 30
步骤五:配置OSPF,使得两台设备之间IP可达
[H3C]ospf 1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.3
[H3C-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
步骤六:开启L2VPN功能
[H3C] l2vpn enable
步骤七:关闭远端MAC地址和远端ARP自动学习功能
[H3C] vxlan tunnel mac-learning disable
[H3C] vxlan tunnel arp-learning disable
步骤八:创建VSI,并进入VSI视图(这里1和2即创建的VSI名称),并分别关联VXLAN100和200
[H3C]vsi 1
[H3C-vsi-1]vxlan 100
[H3C-vsi-1-vxlan-100]quit
[H3C-vsi-1]quit
[H3C]vsi 2
[H3C-vsi-2]vxlan 200
[H3C-vsi-2-vxlan-200]quit
[H3C-vsi-2]quit
步骤九:在VSI实例1下创建EVPN实例,并配置自动生成EVPN实例的RD和RT
[H3C] vsi 1
[H3C-vsi-1] evpn encapsulation vxlan
[H3C-vsi-1-evpn-vxlan] route-distinguisher auto
[H3C-vsi-1-evpn-vxlan] vpn-target auto
[H3C-vsi-1-evpn-vxlan] quit
步骤十:在VSI实例2下创建EVPN实例,并配置自动生成EVPN实例的RD和RT
[H3C] vsi 2
[H3C-vsi-2] evpn encapsulation vxlan
[H3C-vsi-2-evpn-vxlan] route-distinguisher auto
[H3C-vsi-2-evpn-vxlan] vpn-target auto
[H3C-vsi-2-evpn-vxlan] quit
步骤十一:配置BGP发布EVPN路由
[H3C]bgp 100
[H3C-bgp-default] peer 3.3.3.3 as-number 100
[H3C-bgp-default] peer 3.3.3.3 connect-interface LoopBack1
[H3C-bgp-default]address-family l2vpn evpn
[H3C-bgp-default-evpn]peer 3.3.3.3 enable
步骤十二:创建以太网服务实例2及配置封装模式,并使其与VSI关联
[H3C]interface Ten-GigabitEthernet 1/0/20
[H3C-Ten-GigabitEthernet1/0/20]service-instance 1
[H3C-Ten-GigabitEthernet1/0/20-srv1]encapsulation s-vid 20
[H3C-Ten-GigabitEthernet1/0/20-srv1]xconnect vsi 2
步骤十三: 配置L3VNI的RD和RT
[H3C] ip vpn-instance 1
[H3C-vpn-instance-1] route-distinguisher 1:1
[H3C-vpn-instance-1] address-family ipv4
[H3C-vpn-ipv4-1] vpn-target 2:2
[H3C-vpn-ipv4-1] quit
[H3C-vpn-instance-1] address-family evpn
[H3C-vpn-evpn-1] vpn-target 1:1
[H3C-vpn-evpn-1] quit
[H3C-vpn-instance-1] quit
步骤十四:创建VSI虚接口VSI-interface1,并为其配置IP地址和MAC地址,该IP地址作为VXLAN 100内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[H3C]interface Vsi-interface 1
[H3C-Vsi-interface1] ip binding vpn-instance 1
[H3C-Vsi-interface1]ip address 10.1.1.254 24
[H3C-Vsi-interface1] mac-address 0001-0001-0001
[H3C-Vsi-interface1] local-proxy-arp enable
[H3C-Vsi-interface1] distributed-gateway local
[H3C-Vsi-interface1] quit
步骤十五:创建VSI虚接口VSI-interface2,并为其配置IP地址和MAC地址,该IP地址作为VXLAN 200内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[H3C]interface Vsi-interface 2
[H3C-Vsi-interface2] ip binding vpn-instance 1
[H3C-Vsi-interface2]ip address 20.1.1.254 24
[H3C-Vsi-interface2] mac-address 0002-0002-0002
[H3C-Vsi-interface2] local-proxy-arp enable
[H3C-Vsi-interface2] distributed-gateway local
[H3C-Vsi-interface2] quit
步骤十六:创建VSI虚接口VSI-interface3,在该接口上配置VPN实例1对应的L3VNI为1
[H3C]interface Vsi-interface 3
[H3C-Vsi-interface3] ip binding vpn-instance 1
[H3C-Vsi-interface3] l3-vni 1
[H3C-Vsi-interface3]quit
步骤十七:配置VXLAN 100所在的VSI实例和接口VSI-interface1关联。
[H3C]vsi 1
[H3C-vsi-1]gateway vsi-interface 1
步骤十八:配置VXLAN 200所在的VSI实例和接口VSI-interface2关联。
[H3C]vsi 2
[H3C-vsi-2]gateway vsi-interface 2
4、配置S6800C交换机
步骤一:配置VLAN 13、23,S6800C与S6800A互联口属于vlan 13、S6800C与S6800B互联口属于vlan 23
[H3C] vlan 13
[H3C-vlan13]quit
[H3C] vlan 23
[H3C-vlan23]quit
[H3C] interface Ten-GigabitEthernet1/0/2
[H3C-Ten-GigabitEthernet1/0/2] port access vlan 13
[H3C] interface Ten-GigabitEthernet1/0/3
[H3C-Ten-GigabitEthernet1/0/3] port access vlan 23
步骤二:创建loopback1 接口
[H3C]interface LoopBack 1
[H3C-LoopBack1]ip address 3.3.3.3 32
步骤三:创建vlan13、VLAN23虚接口
[H3C]interface Vlan-interface 13
[H3C-Vlan-interface13]ip address 13.1.1.2 30
[H3C]interface Vlan-interface 23
[H3C-Vlan-interface23]ip address 23.1.1.2 30
步骤四:配置OSPF,使得两台设备之间IP可达
[H3C]ospf 1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.3
[H3C-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.3
[H3C-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
步骤五: 配置BGP分别与S6800A、S6800B建立BGP连接
[H3C] bgp 100
[H3C-bgp-default] group evpn internal
[H3C-bgp-default] peer evpn connect-interface LoopBack1
[H3C-bgp-default] peer 1.1.1.1 group evpn
[H3C-bgp-default] peer 2.2.2.2 group evpn
[H3C-bgp-default] address-family l2vpn evpn
[H3C-bgp-default-evpn]undo policy vpn-target
[H3C-bgp-default-evpn]peer evpn enable
步骤六:配置S6800C为路由反射器
[H3C-bgp-default-evpn]peer evpn reflect-client
[H3C-bgp-default-evpn]quit
[H3C-bgp-default]quit
5、配置完成后的结果检验
步骤一:查看设备Tunnel接口状态及信息
<A>display interface Tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 12 packets, 684 bytes, 0 drops
Output: 41 packets, 2370 bytes, 0 drops
步骤二:查看设备VSI虚接口信息
<A>display interface Vsi-interface
Vsi-interface1
Current state: UP
Line protocol state: UP
Description: Vsi-interface1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet address: 10.1.1.254/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0001-0001-0001
IPv6 packet frame type: Ethernet II, hardware address: 0001-0001-0001
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 221376 packets, 16128896 bytes, 0 drops
Vsi-interface2
Current state: UP
Line protocol state: UP
Description: Vsi-interface2 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet address: 20.1.1.254/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0002-0002-0002
IPv6 packet frame type: Ethernet II, hardware address: 0002-0002-0002
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 53792 packets, 3844672 bytes, 0 drops
Vsi-interface3
Current state: UP
Line protocol state: UP
Description: Vsi-interface3 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet protocol processing: Disabled
IP packet frame type: Ethernet II, hardware address: 74ea-cb54-3c8e
IPv6 packet frame type: Ethernet II, hardware address: 74ea-cb54-3c8e
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
步骤三:查看设备VSI信息
<A>display l2vpn vsi verbose
VSI Name: 1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 100
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/10 srv1 0 Up Manual
VSI Name: 2
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 200
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
VSI Name: Auto_L3VNI1_3
VSI Index : 2
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1
步骤四:查看设备VSI 的ARP表项
<A>display arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VID Interface/Link ID Aging Type
13.1.1.2 74ea-cb58-5736 13 XGE1/0/2 4 D
10.1.1.1 4437-e6ab-9cea 0 0x0 20 D
2.2.2.2 74ea-cb64-5a06 2 Tunnel0 N/A R
步骤五:查看设备VSI 的EVPN ARP表项
<A>display evpn route arp
Flags: D - Dynamic B - BGP G - Gateway L - Local active M - Mapping
VPN instance:1 Interface:Vsi-interface2
IP address MAC address Router MAC VSI index Flags
20.1.1.1 0025-ab95-b089 74ea-cb64-5a06 1 B
20.1.1.254 0002-0002-0002 74ea-cb54-3c8e 1 GL
VPN instance:1 Interface:Vsi-interface1
IP address MAC address Router MAC VSI index Flags
10.1.1.1 4437-e6ab-9cea 74ea-cb54-3c8e 0 DL
10.1.1.254 0001-0001-0001 74ea-cb54-3c8e 0 GL
步骤六:查看设备的EVPN 路由信息
<A>display bgp l2vpn evpn
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 10
Route distinguisher: 1:1(1)
Total number of routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [2][0][48][0025-ab95-b089][32][20.1.1.1]/136
2.2.2.2 0 100 0 i
* > [5][0][24][10.1.1.0]/80
0.0.0.0 0 100 32768 i
* > [5][0][24][20.1.1.0]/80
0.0.0.0 0 100 32768 i
Route distinguisher: 1:100
Total number of routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [2][0][48][4437-e6ab-9cea][0][0.0.0.0]/104
0.0.0.0 0 100 32768 i
* > [2][0][48][4437-e6ab-9cea][32][10.1.1.1]/136
0.0.0.0 0 100 32768 i
* > [3][0][32][1.1.1.1]/80
0.0.0.0 0 100 32768 i
* >i [3][0][32][2.2.2.2]/80
2.2.2.2 0 100 0 i
Route distinguisher: 1:200
Total number of routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [2][0][48][0025-ab95-b089][0][0.0.0.0]/104
2.2.2.2 0 100 0 i
* >i [2][0][48][0025-ab95-b089][32][20.1.1.1]/136
2.2.2.2 0 100 0 i
* > [3][0][32][1.1.1.1]/80
0.0.0.0 0 100 32768 i
* >i [3][0][32][2.2.2.2]/80
2.2.2.2 0 100 0 i
无。
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作