evpn+vxlan二层标准配置来一份,不用起三层的集中和分布式网关。
- 0关注
- 0收藏,945浏览
问题描述:
需要一份evpn+vxlan二层标准配置来一份,不用起三层的集中和分布式网关。谢谢
组网及组网描述:
- 2023-10-27提问
- 举报
-
(0)
最佳答案
- 配置VXLAN隧道工作模式为二层转发模式。
- 创建VSI和VXLAN,并将它们关联。
- 创建EVPN实例,并将其与VXLAN关联。
- 配置BGP发布EVPN路由。
- 配置AC与VSI关联。
具体的配置命令如下:
# 配置VXLAN隧道工作模式为二层转发模式 system-view vxlan forwarding-mode l2 # 创建VSI和VXLAN,并将它们关联 vsi vsi1 vxlan 1000 evpn encapsulation vxlan # 创建EVPN实例,并将其与VXLAN关联 evpn instance evpn1
vxlan 1000 # 配置BGP发布EVPN路由 bgp 65000 peer 10.1.1.2 as-number 65000 address-family l2vpn evpn peer 10.1.1.2 enable # 配置AC与VSI关联 interface GigabitEthernet1/0/1 port link-mode bridge - 2023-10-27回答
- 评论(0)
- 举报
-
(0)
拓扑:PC1--SW1--SW2--SW3-PC2 (SW2是RR)
SW1配置如下:这个是哪里配置还有问题么?
vsi vpna
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
arp suppression enable
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 2.2.2.2 enable
#
#
interface GigabitEthernet3/0
port link-mode route
xconnect vsi vpna
#
interface GigabitEthernet4/0
port link-mode route
xconnect vsi vpnb
#
- 2023-10-27回答
- 评论(0)
- 举报
-
(0)
暂无评论
您好,请知:
以下是配置案例,请参考:
2.18 EVPN VXLAN典型配置举例
2.18.1 集中式EVPN网关配置举例
本节仅以IPv4站点接入IPv4网络为例,IPv4站点接入IPv6、IPv6站点接入IPv4网络、IPv6站点接入IPv6网络的配置与此类似。
1. 组网需求
Switch A、Switch B为与服务器连接的VTEP设备;Switch C为与广域网连接的集中式EVPN网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。相同VXLAN之间可以二层互通,不同VXLAN之间、VXLAN与广域网之间可以通过集中式EVPN网关互通。
2. 组网图
图2-2 集中式IPv4 EVPN网关配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B和Switch C工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN隧道工作在二层转发模式。
[SwitchA] undo vxlan ip-forwarding
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] arp suppression enable
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN隧道工作在二层转发模式。
[SwitchB] undo vxlan ip-forwarding
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] arp suppression enable
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 创建VSI虚接口VSI-interface1,并为其配置IP地址,该IP地址作为VXLAN 10内虚拟机的网关地址。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 创建VSI虚接口VSI-interface2,并为其配置IP地址,该IP地址作为VXLAN 20内虚拟机的网关地址。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
(6) 配置Switch D
# 配置Switch D与其他交换机建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
4. 验证配置
(1) 验证EVPN网关设备Switch C
# 查看Switch C上的EVPN路由信息,可以看到Switch C发送了网关的MAC/IP路由和IMET路由,并接收到Switch A和Switch B发送的MAC/IP路由和IMET路由。(具体显示信息略)
# 查看Switch C上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch C上的VSI虚接口信息,可以看到VSI虚接口处于up状态。
[SwitchC] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
Vsi2 UP UP 10.1.2.1
# 查看Switch C上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
VSI Name: vpnb
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
# 查看Switch C上VSI的EVPN ARP表项信息,可以看到已学习到了虚拟机的ARP信息。
[SwitchC] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
Public instance Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
10.1.1.1 0003-0003-0003 - 0 GL
10.1.1.10 0000-1234-0001 - 0 B
10.1.1.20 0000-1234-0003 - 0 B
Public instance Interface: Vsi-interface2
IP address MAC address Router MAC VSI index Flags
10.1.2.1 0005-0005-0005 - 1 GL
10.1.2.10 0000-1234-0002 - 1 B
10.1.2.20 0000-1234-0004 - 1 B
# 查看Switch C上FIB表项信息,可以看到已学习到了虚拟机的转发表项信息。
[SwitchC] display fib 10.1.1.10
Destination count: 1 FIB entry count: 1
Flag:
U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
10.1.1.10/32 10.1.1.10 UH Vsi1 Null
(2) 验证主机之间可以互访
虚拟机VM 1、VM 2、VM 3、VM 4之间可以互访。
2.18.2 对称IRB方式分布式EVPN网关配置举例(IPv4网络)
本节仅以IPv4站点接入IPv4网络为例,IPv6站点接入IPv4网络的配置与此类似。
1. 组网需求
Switch A、Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。相同VXLAN之间可以二层互通;不同VXLAN之间通过分布式EVPN网关实现三层互通,并采用对称IRB方式转发流量;VXLAN与广域网之间通过边界网关实现三层互通。
2. 组网图
图2-3 分布式IPv4 EVPN网关配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B和Switch C工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 配置L3 VNI的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置L3 VNI的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100
# 将缺省路由引入到VPN实例vpna的BGP IPv4单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpna] default-route imported
[SwitchC-bgp-default-ipv4-vpna] import-route static
[SwitchC-bgp-default-ipv4-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# 配置连接广域网的接口Vlan-interface20与VPN实例vpna关联。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] quit
(6) 配置Switch D
# 配置Switch D与其他交换机建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
4. 验证配置
(1) 验证分布式EVPN网关设备Switch A
# 查看Switch A上的EVPN路由信息,可以看到Switch A发送了网关的IP前缀路由、各VSI的IMET路由和MAC/IP路由,并接收到Switch B发送的网关IP前缀路由、各VSI的IMET路由和MAC/IP路由。(具体显示信息略)
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。(以Tunnel0接口为例)
[SwitchA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI虚接口信息,可以看到VSI虚接口处于up状态。(以VSI虚接口1为例)
[SwitchA] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
Vsi2 UP UP 10.1.2.1
# 查看Switch A上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0 Up Manual
VSI Name: vpnb
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv2000 0 Up Manual
# 查看Switch A上VSI的ARP表项信息,可以看到已学习到了本地虚拟机的ARP信息。
# 查看Switch A上VSI的EVPN ARP表项信息,可以看到已学习到了本地虚拟机的ARP信息。
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
VPN instance: vpna Interface: Vsi-interface1
IP address MAC address Router MAC VSI Index Flags
10.1.1.1 0001-0001-0001 a0ce-7e40-0400 0 GL
10.1.1.10 0000-1234-0001 a0ce-7e40-0400 0 DL
10.1.2.10 0000-1234-0002 a0ce-7e40-0400 0 DL
10.1.1.20 0000-1234-0003 a0ce-7e40-0400 0 B
10.1.2.20 0000-1234-0004 a0ce-7e40-0400 0 B
(2) 验证主机之间可以互访
虚拟机VM 1、VM 2、VM 3、VM 4之间可以互访。
2.18.3 对称IRB方式分布式EVPN网关配置举例(IPv6网络)
本节仅以IPv6站点接入IPv6网络为例,IPv4站点接入IPv6网络的配置与此类似。
1. 组网需求
Switch A、Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。相同VXLAN之间可以二层互通;不同VXLAN之间通过分布式EVPN网关实现三层互通,并采用对称IRB方式转发流量;VXLAN与广域网之间通过边界网关实现三层互通。
2. 组网图
图2-4 分布式EVPN网关IPv6 Underlay配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B和Switch C工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1和VM 3上指定网关地址为11::1;在VM 2和VM 4上指定网关地址为12::1。(具体配置过程略)
# 配置各接口的IPv6地址和子网掩码;在IP核心网络内配置OSPFv3协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 关闭远端MAC地址和远端ND自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel nd-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] router-id 1.1.1.1
[SwitchA-bgp-default] peer 4::4 as-number 200
[SwitchA-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4::4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv6
[SwitchA-vpn-ipv6-vpna] vpn-target 2:2
[SwitchA-vpn-ipv6-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ipv6 address 11::1 64
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-nd enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ipv6 address 12::1 64
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-nd enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] ipv6 address auto link-local
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 关闭远端MAC地址和远端ND自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel nd-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] router-id 2.2.2.2
[SwitchB-bgp-default] peer 4::4 as-number 200
[SwitchB-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4::4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 配置L3 VNI的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv6
[SwitchB-vpn-ipv6-vpna] vpn-target 2:2
[SwitchB-vpn-ipv6-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ipv6 address 11::1 64
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-nd enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ipv6 address 12::1 64
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-nd enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] ipv6 address auto link-local
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址和远端ND自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel nd-learning disable
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] router-id 3.3.3.3
[SwitchC-bgp-default] peer 4::4 as-number 200
[SwitchC-bgp-default] peer 4::4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4::4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置L3 VNI的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv6
[SwitchC-vpn-ipv6-vpna] vpn-target 2:2
[SwitchC-vpn-ipv6-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] ipv6 address auto link-local
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20::100。
[SwitchC] ipv6 route-static vpn-instance vpna :: 0 20::100
# 将缺省路由引入到VPN实例vpna的BGP IPv6单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv6 unicast
[SwitchC-bgp-default-ipv6-vpna] default-route imported
[SwitchC-bgp-default-ipv6-vpna] import-route static
[SwitchC-bgp-default-ipv6-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# 配置连接广域网的接口Vlan-interface20与VPN实例vpna关联,并配置接口的IPv6地址。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ipv6 address 20::1 64
[SwitchC-Vlan-interface20] quit
(6) 配置Switch D
# 配置Switch D与其他交换机建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] router-id 4.4.4.4
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1::1 group evpn
[SwitchD-bgp-default] peer 2::2 group evpn
[SwitchD-bgp-default] peer 3::3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
4. 验证配置
(1) 验证分布式EVPN网关设备Switch A
# 查看Switch A上的EVPN路由信息,可以看到Switch A发送了网关的IP前缀路由、各VSI的IMET路由和MAC/IP路由,并接收到Switch B发送的网关IP前缀路由、各VSI的IMET路由和MAC/IP路由。(具体显示信息略)
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。(以Tunnel0接口为例)
[SwitchA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1::1, destination 2::2
Tunnel protocol/transport UDP_VXLAN/IPv6
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI虚接口信息,可以看到VSI虚接口处于up状态。(以VSI虚接口1为例)
[SwitchA] display ipv6 interface vsi-interface brief
*down: administratively down
(s): spoofing
Interface Physical Protocol IPv6 Address
Vsi1 UP UP 11::1
Vsi2 UP UP 12::1
# 查看Switch A上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0 Up Manual
VSI Name: vpnb
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000001 Up Auto Disabled
Tunnel1 0x5000002 Up Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv2000 0 Up Manual
# 查看Switch A上VSI的EVPN ND表项信息,可以看到已学习到了本地虚拟机的ND信息。
[SwitchA] display evpn route nd
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
VPN instance: vpna Interface: Vsi-interface1
IPv6 address : 11::1
MAC address : 0001-0001-0001 Router MAC : 06dc-93de-0100
VSI index : 0 Flags : GL
IPv6 address : 11::7
MAC address : 06dc-98ca-0206 Router MAC : 06dc-93de-0100
VSI index : 0 Flags : DL
IPv6 address : 11::8
MAC address : 06dc-a8dd-0506 Router MAC : 06dc-a235-0400
VSI index : 0 Flags : B
VPN instance: vpnb Interface: Vsi-interface2
IPv6 address : 12::1
MAC address : 0002-0002-0002 Router MAC : 06dc-93de-0100
VSI index : 1 Flags : GL
IPv6 address : 12::7
MAC address : 06dc-9ca0-0306 Router MAC : 06dc-93de-0100
VSI index : 1 Flags : DL
IPv6 address : 12::8
MAC address : 06dc-ad91-0606 Router MAC : 06dc-a235-0400
VSI index : 1 Flags : B
(2) 验证主机之间可以互访
虚拟机VM 1、VM 2、VM 3、VM 4之间可以互访。
2.18.4 非对称IRB方式分布式IPv4 EVPN网关配置举例
1. 组网需求
Switch A、Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。相同VXLAN之间可以二层互通;不同站点、相同VXLAN的VM通过分布式EVPN网关实现三层互通,并采用非对称IRB方式转发流量;VXLAN与广域网之间通过边界网关实现三层互通。
2. 组网图
图2-5 分布式EVPN网关配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B和Switch C工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1、VM 2、VM 3和VM 4上分别指定网关地址为10.1.1.1、10.1.2.1、20.1.1.1、20.1.2.1。(具体配置过程略)
# 请按照图2-5配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置EVPN VXLAN采用非对称IRB方式转发流量。
[SwitchA] evpn irb asymmetric
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置EVPN VXLAN采用非对称IRB方式转发流量。
[SwitchA] evpn irb asymmetric
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 配置L3 VNI的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 20.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 20.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置L3 VNI的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100
# 将缺省路由引入到VPN实例vpna的BGP IPv4单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpna] default-route imported
[SwitchC-bgp-default-ipv4-vpna] import-route static
[SwitchC-bgp-default-ipv4-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# 配置连接广域网的接口Vlan-interface20与VPN实例vpna关联。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] quit
(6) 配置Switch D
# 配置Switch D与其他交换机建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
4. 验证配置
(1) 验证分布式EVPN网关设备Switch A
# 查看Switch A上的EVPN路由信息,可以看到Switch A发送了网关的IP前缀路由、各VSI的IMET路由和MAC/IP路由,并接收到Switch B发送的网关IP前缀路由、各VSI的IMET路由和MAC/IP路由。(具体显示信息略)
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。(以Tunnel0接口为例)
[SwitchA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI虚接口信息,可以看到VSI虚接口处于up状态。(以VSI虚接口1为例)
[SwitchA] display interface vsi-interface 1
Vsi-interface1
Current state: UP
Line protocol state: UP
Description: Vsi-interface1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0003-0003-0003
IPv6 packet frame type: Ethernet II, hardware address: 0003-0003-0003
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
Tunnel Statistics : Disabled
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0x0 Up Manual
VSI Name: vpnb
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv2000 0x0 Up Manual
# 查看Switch A上VSI的ARP表项信息,可以看到已学习到了本地虚拟机的ARP信息。
# 以VSI实例vpna为例,查看Switch A上VSI的EVPN ARP表项信息,可以看到已学习到了本地和远端虚拟机的ARP信息。
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VPN instance: vpna Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
10.1.1.1 0001-0001-0001 522b-3413-0200 0 GL
10.1.1.10 521f-b814-0106 522b-3413-0200 0 DL
20.1.1.20 522b-3c6a-0406 522b-38cd-0300 0 B
(2) 验证主机之间可以互访
虚拟机VM 1和VM 3、VM 2和VM 4之间分别可以互访。
2.18.5 EVPN公私网互通配置举例
本节仅以IPv4站点接入IPv4网络为例,IPv4站点接入IPv6、IPv6站点接入IPv4网络、IPv6站点接入IPv6网络的配置与此类似。
1. 组网需求
Switch A、Switch B、Switch C为分布式EVPN网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1属于VXLAN 10、位于VPN实例vpna;VM 2属于VXLAN 20、位于VPN实例vpnb;VM 3属于VXLAN 30、位于公网。通过EVPN分布式网关和公私网互通配置,保证VM 1和VM 2之间互通(私网之间互通),VM 2不能访问VM 3,VM 1和VM 3之间互通(公私网互通)。
2. 组网图
图2-6 IPv4 EVPN公私网互通配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B和Switch C工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1上指定网关地址为10.1.1.1;在VM 2上指定网关地址为10.1.2.1;在VM 3上指定网关地址10.1.3.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 1的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 1
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 配置L3 VNI的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2 import-extcommunity
[SwitchA-vpn-ipv4-vpna] vpn-target 3:3 import-extcommunity
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] vpn-target 2:2 import-extcommunity
[SwitchA-vpn-evpn-vpna] vpn-target 3:3 import-extcommunity
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置L3VNI为2000,用来匹配从Switch B接收的路由。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] l3-vni 2000
[SwitchA-Vsi-interface3] quit
# 创建VSI虚接口VSI-interface4,在该接口上配置L3VNI为3000,用来匹配从Switch C接收的路由。
[SwitchA] interface vsi-interface 4
[SwitchA-Vsi-interface4] l3-vni 3000
[SwitchA-Vsi-interface4] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 配置L3 VNI的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 2:2
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 2:2
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface1] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置L3VNI为1000,用来匹配从Switch A接收的路由。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] qui
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpnb对应的L3VNI为2000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface3] l3-vni 2000
[SwitchB-Vsi-interface3] quit
# 创建VSI虚接口VSI-interface4,在该接口上配置L3VNI为3000,用来匹配从Switch C接收的路由。
[SwitchA] interface vsi-interface 4
[SwitchA-Vsi-interface4] l3-vni 3000
[SwitchA-Vsi-interface4] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 1
[SwitchB-vsi-vpnb] quit
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 在VSI实例vpnc下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] evpn encapsulation vxlan
[SwitchC-vsi-vpnc-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnc-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnc-evpn-vxlan] quit
# 创建VXLAN 30。
[SwitchC-vsi-vpnc] vxlan 30
[SwitchC-vsi-vpnc-vxlan-30] quit
[SwitchC-vsi-vpnc] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4]quit
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置公网实例的RD和RT,配置公网实例对应的L3VNI为3000。
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 3:3
[SwitchC-public-instance] l3-vni 3000
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance-ipv4] vpn-target 3:3
[SwitchC-public-instance-ipv4] vpn-target 1:1 import-extcommunity
[SwitchC-public-instance-ipv4] quit
[SwitchC-public-instance] address-family evpn
[SwitchC-public-instance-evpn]vpn-target 3:3
[SwitchC-public-instance-evpn] vpn-target 1:1 import-extcommunity
[SwitchC-public-instance-evpn] quit
[SwitchC-public-instance] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 3
[SwitchC-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpnc
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.3.1 255.255.255.0
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置L3VNI为1000,用来匹配从Switch A接收的路由。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置L3VNI为2000,用来匹配从Switch B接收的路由。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 2000
[SwitchC-Vsi-interface3] quit
# 创建VSI虚接口VSI-interface4,在该接口上配置公网实例对应的L3VNI为3000。
[SwitchC] interface vsi-interface 4
[SwitchC-Vsi-interface4] l3-vni 3000
[SwitchC-Vsi-interface4] quit
# 配置VXLAN 30所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] gateway vsi-interface 1
[SwitchC-vsi-vpnc] quit
(6) 配置Switch D
# 配置Switch D与其他交换机建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
4. 验证配置
(1) 验证分布式EVPN网关设备Switch A
# 查看Switch A上的EVPN路由信息,可以看到Switch A发送了网关的IP前缀路由、各VSI的IMET路由、带主机MAC的MAC路由和带主机ARP的MAC/IP发布路由,并接收到SwitchB, SwitchC发出的网关的IP前缀路由和MAC/IP发布路由。(具体显示信息略)
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI虚接口信息,可以看到VSI虚接口处于up状态。
[SwitchA] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
Vsi2 UP UP --
Vsi3 UP UP --
Vsi4 UP UP --
# 查看Switch A上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_2
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 1000
VSI Name: Auto_L3VNI2000_3
VSI Index : 2
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 2000
VSI Name: Auto_L3VNI3000_4
VSI Index : 3
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 4
VXLAN ID : 3000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0 Up Manual
# 查看Switch A上VSI的ARP表项信息,可以看到已学习到了本地虚拟机的ARP信息和BGP EVPN路由下一跳地址的ARP信息。
(2) 验证主机之间互访
VM 1和VM 2、VM 1和VM 3之间可以互访,VM 2和VM 3不能互访。
2.18.6 IPv4 EVPN分布式聚合配置举例(以太网聚合链路作为IPL)
本节仅以IPv4站点接入IPv4网络为例,IPv6站点接入IPv6网络的配置与此类似。
1. 组网需求
Switch A、Switch B、Switch D为与服务器连接的VTEP设备,Switch A和Switch B分布式聚合为一台虚拟VTEP设备,采用以太网聚合链路作为IPL;Switch C为与广域网连接的集中式EVPN网关设备,Switch C同时作为路由反射器在Switch A、Switch B、Switch D之间反射路由。
虚拟机VM 1和VM 2属于VXLAN 10,VM 3属于VXLAN 20,通过集中式EVPN网关实现VM 1、VM 2和VM 3互通。
2. 组网图
图2-7 IPv4 EVPN分布式聚合配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B、Switch C和Switch D工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1和VM 2上指定网关地址为10.1.1.1;在VM 3上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码。(具体配置过程略)
# 在IP核心网络内配置OSPF协议,发布各接口IP地址(包括Loopback接口的IP地址)对应网段的路由,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN隧道工作在二层转发模式。
[SwitchA] undo vxlan ip-forwarding
# 配置IPL上动态AC的报文匹配规则,有如下两个方案。Switch A和Switch B上采用的方案必须相同。
¡ 方案一:采用VXLAN ID映射方式生成IPL上动态AC的报文匹配规则。
[SwitchA] l2vpn drni peer-link ac-match-rule vxlan-mapping
¡ 方案二:根据用户侧以太网服务实例的报文匹配规则创建IPL上的AC。
无需执行其他配置,默认采用该方案。
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchA] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchA] drni system-mac 0001-0001-0001
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni keepalive ip destination 60.1.1.2 source 60.1.1.1
[SwitchA] drni restore-delay 180
# 创建二层聚合接口3,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation3] quit
# 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。
[SwitchA] interface ten-gigabitethernet 1/0/3
[SwitchA-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchA-Ten-GigabitEthernet1/0/3] quit
# 将二层聚合接口3配置为IPP口。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] port drni intra-portal-port 1
[SwitchA-Bridge-Aggregation3] quit
# 配置DR设备Switch A与Switch B之间路由可达。
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 100.1.1.1 255.255.255.0
[SwitchA-Vlan-interface100] ospf 1 area 0.0.0.0
[SwitchA-Vlan-interface100] quit
# 在网络侧物理出接口Ten-GigabitEthernet1/0/5上关闭生成树协议。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port drni group 4
[SwitchA-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port drni group 5
[SwitchA-Bridge-Aggregation5] quit
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port link-type trunk
[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation10-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation10-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 将所有参与EVPN业务的接口配置为DRNI保留接口。
[SwitchA] drni mad exclude interface loopback 0
[SwitchA] drni mad exclude interface loopback 1
[SwitchA] drni mad exclude interface ten-gigabitethernet 1/0/4
[SwitchA] drni mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] drni mad exclude interface vlan-interface 11
[SwitchA] drni mad exclude interface vlan-interface 100
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN隧道工作在二层转发模式。
[SwitchB] undo vxlan ip-forwarding
# 配置IPL上动态AC的报文匹配规则,有如下两个方案。Switch A和Switch B上采用的方案必须相同。
¡ 方案一:采用VXLAN ID映射方式生成IPL上动态AC的报文匹配规则。
[SwitchB] l2vpn drni peer-link ac-match-rule vxlan-mapping
¡ 方案二:根据用户侧以太网服务实例的报文匹配规则创建IPL上的AC。
无需执行其他配置,默认采用该方案。
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchB] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchB] drni system-mac 0001-0001-0001
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni keepalive ip destination 60.1.1.1 source 60.1.1.2
[SwitchB] drni restore-delay 180
# 创建二层聚合接口3,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation3] quit
# 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# 将二层聚合接口3配置为IPP口。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] port drni intra-portal-port 1
[SwitchB-Bridge-Aggregation3] quit
# 配置DR设备Switch A与Switch B之间路由可达。
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] interface Vlan-interface 100
[SwitchB-Vlan-interface100] ip address 100.1.1.2 255.255.255.0
[SwitchB-Vlan-interface100] ospf 1 area 0.0.0.0
[SwitchB-Vlan-interface100] quit
# 在网络侧物理出接口Ten-GigabitEthernet1/0/5上关闭生成树协议。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port drni group 4
[SwitchB-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port drni group 5
[SwitchB-Bridge-Aggregation5] quit
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation10-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation10-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 将所有参与EVPN业务的接口配置为DRNI保留接口。
[SwitchB] drni mad exclude interface loopback 0
[SwitchB] drni mad exclude interface loopback 1
[SwitchB] drni mad exclude interface ten-gigabitethernet 1/0/4
[SwitchB] drni mad exclude interface ten-gigabitethernet 1/0/5
[SwitchB] drni mad exclude interface vlan-interface 11
[SwitchB] drni mad exclude interface vlan-interface 100
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# 配置BGP发布EVPN路由,并作为路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 创建VSI虚接口VSI-interface1,并为其配置IP地址,该IP地址作为VXLAN 10内虚拟机的网关地址。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 创建VSI虚接口VSI-interface2,并为其配置IP地址,该IP地址作为VXLAN 20内虚拟机的网关地址。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
(6) 配置Switch D
# 开启L2VPN能力。
<SwitchD> system-view
[SwitchD] l2vpn enable
# 配置VXLAN隧道工作在二层转发模式。
[SwitchD] undo vxlan ip-forwarding
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] arp suppression enable
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 4的数据帧。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1] encapsulation s-vid 4
# 配置以太网服务实例1000与VSI实例vpnb关联。
[SwitchD-Ten-GigabitEthernet1/0/1] xconnect vsi vpnb
[SwitchD-Ten-GigabitEthernet1/0/1] quit
4. 验证配置
(1) 验证EVPN网关设备Switch C
# 查看Switch C上的EVPN路由信息,可以看到Switch C发送了网关的MAC/IP路由和IMET路由,并接收到Switch A、Switch B和Switch D发送的MAC/IP路由和IMET路由。(具体显示信息略)
# 查看Switch C上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并且隧道目的地址是虚拟VTEP地址。
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.2.3.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch C上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
VSI Name: vpnb
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 UP Auto Disabled
(2) 以Switch A为例,验证分布式聚合设备
# 查看Switch A上的EVPN路由信息。
[SwitchA] display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 5
Route distinguisher: 1:100
Total number of routes: 5
* > Network : [2][0][48][0800-2700-400e][0][0.0.0.0]/104
NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
* >i Network : [2][0][48][46b2-aea0-0101][0][0.0.0.0]/104
NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
* > Network : [2][0][48][ac1e-24e3-0201][0][0.0.0.0]/104
NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
* >i Network : [3][0][32][1.2.3.4]/80
NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
* >i Network : [3][0][32][3.3.3.3]/80
NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并且隧道源地址是虚拟VTEP地址。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到设备自动在IPL上创建了AC,并将其与VSI关联。
¡ 采用VXLAN ID映射方式生成IPL上动态AC的报文匹配规则:
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG3 srv1 0 Up Dynamic (DRNI)
BAGG4 srv1000 1 Up Manual
BAGG5 srv1000 2 Up Manual
¡ 根据用户侧以太网服务实例的报文匹配规则创建IPL上的AC:
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG3 srv2 1 Up Dynamic (DRNI)
BAGG5 srv1000 2 Up Manual
BAGG3 srv3 3 Up Dynamic (DRNI)
(3) 验证主机之间可以互访
虚拟机VM 1、VM 2和VM 3之间可以互访。虚拟机与Switch A或Switch B相连的链路断开后,VM 1、VM 2和VM 3仍然可以通过另一台设备互访。
2.18.7 IPv4 EVPN分布式聚合配置举例(VXLAN隧道作为IPL)
本节仅以IPv4站点接入IPv4网络为例,IPv6站点接入IPv6网络的配置与此类似。
1. 组网需求
Switch A、Switch B、Switch D为与服务器连接的VTEP设备,Switch A和Switch B分布式聚合为一台虚拟VTEP设备,采用VXLAN隧道作为IPL。在Switch A和Switch B上配置Monitor Link组。把所有上行口配置为Up-Link,所有下行DR成员口配置为Down-Link,通过Monitor Link实现上下行接口联动,以便及时发现上行接口故障,并在DR成员设备之间进行主从切换。
Switch C为与广域网连接的集中式EVPN网关设备,Switch C同时作为路由反射器在Switch A、Switch B、Switch D之间反射路由。
虚拟机VM 1和VM 2属于VXLAN 10,VM 3属于VXLAN 20,通过集中式EVPN网关实现VM 1、VM 2和VM 3互通。
2. 组网图
图2-8 IPv4 EVPN分布式聚合配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B、Switch C和Switch D工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1和VM 2上指定网关地址为10.1.1.1;在VM 3上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码。(具体配置过程略)
# 在IP核心网络内配置OSPF协议,发布各接口IP地址(包括Loopback接口的IP地址)对应网段的路由,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN隧道工作在二层转发模式。
[SwitchA] undo vxlan ip-forwarding
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchA] evpn drni group 1.2.3.4
# 配置预留VXLAN ID为1234。
[SwitchA] reserved vxlan 1234
# 配置DR系统。
[SwitchA] drni system-mac 0001-0001-0001
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni restore-delay 180
# 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,并配置封装后隧道报文的ToS值为100。
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] tunnel tos 100
[SwitchA-Tunnel1] quit
# 将VXLAN隧道接口配置DRNI保留接口。
[SwitchA] drni mad exclude interface tunnel 1
# 配置VXLAN隧道接口为IPP口。
[SwitchA] interface tunnel 1
[SwitchA-Tunnel1] port drni intra-portal-port 1
[SwitchA-Tunnel1] quit
# 在网络侧物理出接口Ten-GigabitEthernet1/0/4上关闭生成树协议。
[SwitchA] interface ten-gigabitethernet 1/0/4
[SwitchA-Ten-GigabitEthernet1/0/4] undo stp enable
[SwitchA-Ten-GigabitEthernet1/0/4] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port drni group 4
[SwitchA-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port drni group 5
[SwitchA-Bridge-Aggregation5] quit
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port link-type trunk
[SwitchA-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation10-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation10-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port link-type trunk
[SwitchA-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 创建Monitor Link组1,添加上行和下行接口,以便在上下行接口之间形成联动。
[SwitchA] monitor-link group 1
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink
[SwitchA-mtlk-group1] quit
# 将所有参与EVPN业务的接口配置为DRNI保留接口。
[SwitchA] drni mad exclude interface loopback 0
[SwitchA] drni mad exclude interface loopback 1
[SwitchA] drni mad exclude interface ten-gigabitethernet 1/0/4
[SwitchA] drni mad exclude interface vlan-interface 11
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN隧道工作在二层转发模式。
[SwitchB] undo vxlan ip-forwarding
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchB] evpn drni group 1.2.3.4
# 配置预留VXLAN ID为1234。
[SwitchB] reserved vxlan 1234
# 配置DR系统。
[SwitchB] drni system-mac 0001-0001-0001
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni restore-delay 180
# 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,并配置封装后隧道报文的ToS值为100。
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1
[SwitchB-Tunnel1] tunnel tos 100
[SwitchB-Tunnel1] quit
# 将VXLAN隧道接口配置DRNI保留接口。
[SwitchB] drni mad exclude interface tunnel 1
# 配置VXLAN隧道接口为IPP口。
[SwitchB] interface tunnel 1
[SwitchB-Tunnel1] port drni intra-portal-port 1
[SwitchB-Tunnel1] quit
# 在网络侧物理出接口Ten-GigabitEthernet1/0/4上关闭生成树协议。
[SwitchB] interface ten-gigabitethernet 1/0/4
[SwitchB-Ten-GigabitEthernet1/0/4] undo stp enable
[SwitchB-Ten-GigabitEthernet1/0/4] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port drni group 4
[SwitchB-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port drni group 5
[SwitchB-Bridge-Aggregation5] quit
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port link-type trunk
[SwitchB-Bridge-Aggregation4] port trunk permit vlan 2
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation10-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation10-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port link-type trunk
[SwitchB-Bridge-Aggregation5] port trunk permit vlan 3
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 创建Monitor Link组1,添加上行和下行接口,以便在上下行接口之间形成联动。
[SwitchB] monitor-link group 1
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink
[SwitchB-mtlk-group1] quit
# 将所有参与EVPN业务的接口配置为DRNI保留接口。
[SwitchB] drni mad exclude interface loopback 0
[SwitchB] drni mad exclude interface loopback 1
[SwitchB] drni mad exclude interface ten-gigabitethernet 1/0/4
[SwitchB] drni mad exclude interface vlan-interface 11
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# 配置BGP发布EVPN路由,并作为路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 创建VSI虚接口VSI-interface1,并为其配置IP地址,该IP地址作为VXLAN 10内虚拟机的网关地址。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 创建VSI虚接口VSI-interface2,并为其配置IP地址,该IP地址作为VXLAN 20内虚拟机的网关地址。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
(6) 配置Switch D
# 开启L2VPN能力。
<SwitchD> system-view
[SwitchD] l2vpn enable
# 配置VXLAN隧道工作在二层转发模式。
[SwitchD] undo vxlan ip-forwarding
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] arp suppression enable
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 4的数据帧。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchD-Ten-GigabitEthernet1/0/1] port trunk permit vlan 4
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1] encapsulation s-vid 4
# 配置以太网服务实例1000与VSI实例vpnb关联。
[SwitchD-Ten-GigabitEthernet1/0/1] xconnect vsi vpnb
[SwitchD-Ten-GigabitEthernet1/0/1] quit
4. 验证配置
(1) 验证EVPN网关设备Switch C
# 查看Switch C上的EVPN路由信息,可以看到Switch C发送了网关的MAC/IP路由和IMET路由,并接收到Switch A、Switch B和Switch D发送的MAC/IP路由和IMET路由。(具体显示信息略)
# 查看Switch C上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并与虚拟VTEP地址建立VXLAN隧道。
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.2.3.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel3
Current state: UP
Line protocol state: UP
Description: Tunnel3 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch C上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 UP Auto Disabled
Tunnel2 0x5000002 UP Auto Disabled
Tunnel3 0x5000003 UP Auto Disabled
VSI Name: vpnb
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
(2) 以Switch A为例,验证分布式聚合设备
# 查看Switch A上的EVPN路由信息。
[SwitchA] display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 3
Route distinguisher: 1:10
Total number of routes: 5
* >i Network : [2][0][48][7e9a-48e9-0100][32][10.1.1.1]/136
NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
* > Network : [3][0][32][1.1.1.1]/80
NextHop : 1.1.1.1 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
* > Network : [3][0][32][1.2.3.4]/80
NextHop : 1.2.3.4 LocPrf : 100
PrefVal : 32768 OutLabel : NULL
MED : 0
Path/Ogn: i
* >i Network : [3][0][32][3.3.3.3]/80
NextHop : 3.3.3.3 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
* >i Network : [3][0][32][2.2.2.2]/80
NextHop : 2.2.2.2 LocPrf : 100
PrefVal : 0 OutLabel : NULL
MED : 0
Path/Ogn: i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并且隧道源地址是虚拟VTEP地址。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到作为IPL的VXLAN隧道与VSI关联。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Down Manual
BAGG5 srv1000 1 Down Manual
(3) 验证主机之间可以互访
虚拟机VM 1、VM 2和VM 3之间可以互访。虚拟机与Switch A或Switch B相连的链路断开后,VM 1、VM 2和VM 3仍然可以通过另一台设备互访。
2.18.8 EVPN支持IPv4站点多归属配置举例
1. 组网需求
Switch A、Switch B、Switch C为分布式EVPN网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1、VM 2和VM 3属于VXLAN 10;VM 4属于VXLAN 20。VM 2通过聚合链路多归属于Switch A、Switch B,VM 3通过聚合链路多归属于Switch B、Switch C。VM 1、VM 4分别为Switch A和Switch C下的单归属设备。相同VXLAN之间可以二层互通;不同VXLAN之间通过分布式EVPN网关实现三层互通。
2. 组网图
图2-9 EVPN支持IPv4站点多归属配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B和Switch C工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1、VM 2和VM 3上指定网关地址为10.1.1.1;在VM 4上指定网关地址为20.1.1.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA ] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/2上配置ESI值。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchA-Ten-GigabitEthernet1/0/2] esi 0.0.0.0.1
# 在该接口上创建以太网服务实例2000,用来匹配VLAN 2的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 2
# 配置以太网服务实例2000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/2-srv2000] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn
[SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上配置ESI值。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/1] esi 0.0.0.0.1
# 在该接口上创建以太网服务实例2000,用来匹配VLAN 2的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 2
# 配置以太网服务实例2000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/2上配置ESI值。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/2] esi 0.0.0.0.2
# 在该接口上创建以太网服务实例3000,用来匹配VLAN 2的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 3000
[SwitchB-Ten-GigabitEthernet1/0/2-srv3000] encapsulation s-vid 2
# 配置以太网服务实例3000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv3000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/2-srv3000] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance l3vpna
[SwitchB-vpn-instance-l3vpna] route-distinguisher 2:2
[SwitchB-vpn-instance-l3vpna] address-family ipv4
[SwitchB-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上配置ESI值。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchC-Ten-GigabitEthernet1/0/1] esi 0.0.0.0.2
# 在该接口上创建以太网服务实例3000,用来匹配VLAN 2的数据帧。
[SwitchC-Ten-GigabitEthernet1/0/1] service-instance 3000
[SwitchC-Ten-GigabitEthernet1/0/1-srv3000] encapsulation s-vid 2
# 配置以太网服务实例3000与VSI实例vpna关联。
[SwitchC-Ten-GigabitEthernet1/0/1-srv3000] xconnect vsi vpna
[SwitchC-Ten-GigabitEthernet1/0/1-srv3000] quit
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例4000,该实例用来匹配VLAN 2的数据帧。
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
[SwitchC-Ten-GigabitEthernet1/0/2] service-instance 4000
[SwitchC-Ten-GigabitEthernet1/0/2-srv4000] encapsulation s-vid 3
# 配置以太网服务实例4000与VSI实例vpnb关联。
[SwitchC-Ten-GigabitEthernet1/0/2-srv4000] xconnect vsi vpnb
[SwitchC-Ten-GigabitEthernet1/0/2-srv4000] quit
[SwitchC-Ten-GigabitEthernet1/0/2] quit
# 配置L3VNI的RD和RT。
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 3:3
[SwitchC-vpn-instance-l3vpna] address-family ipv4
[SwitchC-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface2] ip address 20.1.1.1 255.255.255.0
[SwitchC-Vsi-interface2] mac-address 2-2-2
[SwitchC-Vsi-interface2] distributed-gateway local
[SwitchC-Vsi-interface2] local-proxy-arp enable
[SwitchC-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
(6) 配置Switch D
# 配置SwitchD与其他路由器建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
4. 验证配置
(1) 验证分布式EVPN多归属网关设备Switch C
# 查看Switch C上的EVPN路由信息,可以看到Switch C发送了网关的IP前缀路由、各VSI的IMET路由、MAC/IP路由、Auto-Discovery路由、Ethernet segment路由,并接收到其他网关发送的网关IP前缀路由、各VSI的IMET路由、MAC/IP路由、Auto-Discovery路由以及Ethernet segment路由。(具体显示信息略)
# 查看Switch C上的EVPN Routing信息。可以看到存在关于VM 2的三层等价信息。
<SwitchC> display evpn routing-table vpn-instance l3vpna
Flags: E - with valid ESI A - AD ready L - Local ES exists
VPN instance:l3vpna Local L3VNI:1000
IP address Next hop Outgoing interface NibID Flags
10.1.1.10 1.1.1.1 Vsi-interface3 0x18000001 -
10.1.1.20 2.2.2.2 Vsi-interface3 0x18000000 EA
1.1.1.1 Vsi-interface3 0x18000001 EA
# 查看Switch C上的L2VPN MAC及EVPN Route MAC信息。可以看到VM 1、VM 2、VM 3和VM 4的MAC信息。其中VM 2的表项存在二层等价信息。
<SwitchC> display l2vpn mac-address
* - The output interface is issued to another VSI
MAC Address State VSI Name Link ID/Name Aging
0001-0001-0010 EVPN vpna Tunnel0 NotAging
0001-0001-0020 EVPN vpna Tunnel0 NotAging
Tunnel1 NotAging
0001-0001-0030 Dynamic vpna XGE1/0/1 Aging
0002-0001-0010 Dynamic vpnb XGE1/0/2 Aging
--- 4 mac address(es) found ---
# 查看Switch C上的EVPN的MAC地址信息。
<SwitchC> display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
VSI name: vpna
EVPN instance: -
MAC address Link ID/Name Flags Encap Next hop
0001-0001-0030 0 DL VXLAN -
0001-0001-0010 Tunnel0 B VXLAN 1.1.1.1
0001-0001-0020 Tunnel0 B VXLAN 1.1.1.1
Tunnel1 B VXLAN 2.2.2.2
VSI name: vpnb
EVPN instance: -
MAC address Link ID/Name Flags Encap Next hop
0002-0001-0010 0 DL VXLAN -
# 查看Switch C上的本地和远端ES信息。
<SwitchC> display evpn es local
Redundancy mode: A - All active, S - Single active
VSI name : vpna
EVPN instance: -
ESI Tag ID DF address Mode State ESI label
0000.0000.0000.0000.0002 - 2.2.2.2 A Up -
<SwitchC> display evpn es remote
Control Flags: P – Primary, B – Backup, C - Control word
VSI name : vpna
EVPN instance: -
ESI : 0000.0000.0000.0000.0001
A-D per ES routes :
Peer IP Remote Redundancy mode
1.1.1.1 All active
2.2.2.2 All active
A-D per EVI routes :
Tag ID Peer IP
- 1.1.1.1
- 2.2.2.2
ESI : 0000.0000.0000.0000.0002
Ethernet segment routes :
2.2.2.2
A-D per ES routes :
Peer IP Remote Redundancy mode
2.2.2.2 All active
A-D per ES routes :
2.2.2.2
A-D per EVI routes :
Tag ID Peer IP
- 2.2.2.2
(2) 验证主机之间可以互访
2.18.9 EVPN支持组播配置举例
1. 组网需求
Switch A、Switch B、Switch C为分布式EVPN网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1、VM 2和VM 3属于VXLAN 10。VM 2通过聚合链路多归属于Switch A、Switch B, VM 3通过聚合链路多归属于Switch B、Switch C。VM 1为Switch A下的单归属设备。相同VXLAN之间可以二层互通。
2. 组网图
图2-10 EVPN支持组播配置组网图
3. 配置步骤
(1) 配置设备工作在VXLAN模式。
# 配置Switch A、Switch B和Switch C工作在VXLAN模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
<SwitchA> system-view
[SwitchA] switch-mode 1
Reboot device to make the configuration take effect.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1、VM 2和VM 3上指定网关地址为10.1.1.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/2上配置ESI值。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchA-Ten-GigabitEthernet1/0/2] esi 0.0.0.0.1
# 在该接口上创建以太网服务实例2000,用来匹配VLAN 2的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 2
# 配置以太网服务实例2000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/2-srv2000] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn
[SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 开启设备的IGMP Snooping特性。
<SwitchA> system-view
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 在VSI vpna内使能IGMP Snooping proxy,并开启丢弃未知组播数据报文功能。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
[SwitchA-vsi-vpna] igmp-snooping drop-unknown
# 配置IGMP Snooping版本和查询器
[SwitchA-vsi-vpna] igmp-snooping version 3
[SwitchA-vsi-vpna] igmp-snooping querier
[SwitchA-vsi-vpna] quit
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上配置ESI值。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/1] esi 0.0.0.0.1
# 在该接口上创建以太网服务实例2000,用来匹配VLAN 2的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 2
# 配置以太网服务实例2000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/2上配置ESI值。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchB-Ten-GigabitEthernet1/0/2] esi 0.0.0.0.2
# 在该接口上创建以太网服务实例3000,用来匹配VLAN 2的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 3000
[SwitchB-Ten-GigabitEthernet1/0/2-srv3000] encapsulation s-vid 2
# 配置以太网服务实例3000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv3000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/2-srv3000] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance l3vpna
[SwitchB-vpn-instance-l3vpna] route-distinguisher 2:2
[SwitchB-vpn-instance-l3vpna] address-family ipv4
[SwitchB-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
# 开启设备的IGMP Snooping特性。
<SwitchB> system-view
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 在VSI vpna内使能IGMP Snooping proxy,并开启丢弃未知组播数据报文功能。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
[SwitchB-vsi-vpna] igmp-snooping drop-unknown
# 配置IGMP Snooping版本和查询器
[SwitchB-vsi-vpna] igmp-snooping version 3
[SwitchB-vsi-vpna] igmp-snooping querier
[SwitchB-vsi-vpna] quit
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上配置ESI值。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchC-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
[SwitchC-Ten-GigabitEthernet1/0/1] esi 0.0.0.0.2
# 在该接口上创建以太网服务实例3000,用来匹配VLAN 2的数据帧。
[SwitchC-Ten-GigabitEthernet1/0/1] service-instance 3000
[SwitchC-Ten-GigabitEthernet1/0/1-srv3000] encapsulation s-vid 2
# 配置以太网服务实例3000与VSI实例vpna关联。
[SwitchC-Ten-GigabitEthernet1/0/1-srv3000] xconnect vsi vpna
[SwitchC-Ten-GigabitEthernet1/0/1-srv3000] quit
# 配置L3VNI的RD和RT。
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 3:3
[SwitchC-vpn-instance-l3vpna] address-family ipv4
[SwitchC-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 开启设备的IGMP Snooping特性。
<SwitchC> system-view
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# 在VSI vpna内使能IGMP Snooping proxy,并开启丢弃未知组播数据报文功能。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] igmp-snooping enable
[SwitchC-vsi-vpna] igmp-snooping proxy enable
[SwitchC-vsi-vpna] igmp-snooping drop-unknown
# 配置IGMP Snooping版本和查询器
[SwitchC-vsi-vpna] igmp-snooping version 3
[SwitchC-vsi-vpna] igmp-snooping querier
[SwitchC-vsi-vpna] quit
(6) 配置Switch D
# 配置Switch D与其他路由器建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
4. 验证配置
(1) 当配置完成后,从VM 1发送组地址为225.0.0.1的IGMP加入报文,Switch B和Switch C会收到Switch A同步的路由信息。在Switch B和Switch C上通过使用display igmp-snooping evpn-group和display evpn route smet命令可以分别查看EVPN表项和路由信息。
# 查看Switch B上的SMET路由信息。
<SwitchB> display evpn route smet
VSI name: vpna
Source address : 0.0.0.0
Group address : 225.0.0.1
Local version : -
Peers :
Nexthop Tunnel name Link ID Remote version
1.1.1.1 Tunnel0 0x5000000 v3(E)
#通过display igmp-snooping evpn-group查看EVPN表项
<SwitchB> display igmp-snooping evpn-group
Total 1 entries.
VSI vpna: Total 1 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 10)
(2) 多归属的VM 2向Switch A发送加入报文时,冗余备份组中的Switch B会收到EVPN 多归属的路由信息,可通过命令display evpn route igmp-js查看路由信息。通过display igmp-snooping evpn-group查看表项信息。
# 查看SwitchB上EVPN多归属的路由信息。
<SwitchB> display evpn route igmp-js
VSI name: vpna
Source address : 0.0.0.0
Group address : 225.0.0.1
Local version : -
Remote version : v3(E)
ESI : 0000.0000.0000.0000.0001
Ethernet tag ID : 2
Interface : XGE1/0/1 srv2000
Peers : 1.1.1.1
- 2023-10-27回答
- 评论(0)
- 举报
-
(0)
暂无评论
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论