实验需求
如图所示,LEAF交换机下分别下挂2台物理服务器Server1和Server2,在Server1上创建2台虚拟机VM1和VM2,其中VM1属于vlan 10,VM2属于vlan 20,并通过服务器内的虚拟交换机vSwitch1接入至LEAF1;在Server2上创建2台虚拟机VM3和VM4,其中VM3属于vlan 30,VM4属于vlan 40,并通过服务器内的虚拟交换机vSwitch2接入至LEAF2。VM1和VM3属于同一网段,VM2和VM4属于同一网段,现在LEAF1和LEAF2上部署分布式网关实现虚拟机VM之间同子网和跨子网互访。
实验拓扑
配置思路
- 在CE1与CE2、CE3配置IGP路由协议,实现loopback地址路由可达。
- 分别在C2、CE3上配置业务接入点实现区分业务流量。
- 使能EVPN作VXLAN控制平面。
- 在CE1上建立与CE2,CE3之间的EVPN IBGP对等体关系,并配置反射器功能。
- 在CE2、CE3上配置VPN实例和EVPN实例。
- 分别在CE2、CE3上使能头端复制功能。
- 在CE2,CE3上配置VXLAN三层网关。
- 在CE1与CE2、CE3间向EVPN对等体通告IRB类型的路由。
数据准备
- VM所属的VLAN ID分别是VLAN 10,VLAN 20,VLAN 30,VLAN 40。
- 网络中设备互连的接口IP地址。
- 网络中使用的IGP路由协议是OSPF路由协议。
- 广播域BD 10,VXLAN网络标识VNI 5010,EVPN实例的RD值为100:10,ERT值为100:5010 ,100:1;IRT值为100:5010。
- 广播域BD 20,VXLAN网络标识VNI 5020,EVPN实例的RD值为100:20,ERT值为100:5020 ,100:1;IRT值为100:5020。
- 租户L3VPN实例,用于网络隔离,L3VPN实例的RD值为100:1,RT值为100:1,VNI为100。
- 三层网关vbdif10, vbdif20绑定到L3VPN实例。
配置脚本
CE1配置
#
sysname CE1
#
evpn-overlay enable //使能evpn功能
#
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.1.12.1 255.255.255.252
ospf network-type p2p
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 10.1.13.1 255.255.255.252
ospf network-type p2p
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface NULL0
#
bgp 100
router-id 1.1.1.1
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
l2vpn-family evpn //配置evpn对等体
undo policy vpn-target //CE无VPN业务接入,仅作RR,无需检查vpn-target
peer 2.2.2.2 enable //激活evpn邻居
peer 2.2.2.2 advertise irb //向evpn对等体通告IRB路由
peer 2.2.2.2 reflect-client //配置路由反射器关系
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irb
peer 3.3.3.3 reflect-client
#
ospf 10 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.12.0 0.0.0.3
network 10.1.13.0 0.0.0.3
#
CE2配置
#
sysname CE2
#
evpn-overlay enable //使能evpn功能
#
ip vpn-instance VRF_A //配置L3VPN实例
ipv4-family
route-distinguisher 100:1 //配置RD
vpn-target 100:1 export-extcommunity evpn //配置evpn的ERT
vpn-target 100:1 import-extcommunity evpn //配置evpn的IRT
vxlan vni 100 //三层VNI,类似(MPLS VPN的私网标签)
#
bridge-domain 10 //配置BD域
vxlan vni 5010 //配置二层VNI
evpn
route-distinguisher 100:10 //配置RD
vpn-target 100:5010 export-extcommunity //配置路由导出ERT值,给L2VPN实例使用
vpn-target 100:1 export-extcommunity //配置路由导出ERT值,给L3VPN实例使用
vpn-target 100:5010 import-extcommunity //配置路由导入IRT值,导入IRT值相同的L2VPN实例路由使用
#
bridge-domain 20
vxlan vni 5020
evpn
route-distinguisher 100:20
vpn-target 100:5020 export-extcommunity
vpn-target 100:1 export-extcommunity
vpn-target 100:5020 import-extcommunity
#
interface Vbdif10
ip binding vpn-instance VRF_A
ip address 192.168.1.254 255.255.255.0
mac-address 0000-005e-1111
vxlan anycast-gateway enable //启用分布式网关功能
arp collect host enable //主机ARP信息收集,用于IRB路由通告使用
#
interface Vbdif20
ip binding vpn-instance VRF_A
ip address 192.168.2.254 255.255.255.0
mac-address 0000-005e-2222
vxlan anycast-gateway enable
arp collect host enable
#
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.1.12.2 255.255.255.252
ospf network-type p2p
#
interface GE1/0/1
undo shutdown
#
interface GE1/0/1.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
#
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Nve1
source 2.2.2.2 //VXLAN隧道源地址
vni 5010 head-end peer-list protocol bgp //配置头端复制
vni 5020 head-end peer-list protocol bgp
#
interface NULL0
#
bgp 100
router-id 2.2.2.2
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
peer 1.1.1.1 enable
#
l2vpn-family evpn //配置evpn对等体关系
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 advertise irb //向对等体通告IRB类型路由
#
ospf 10 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.12.0 0.0.0.3
#
CE3配置
sysname CE3
#
evpn-overlay enable
#
ip vpn-instance VRF_A
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity evpn
vpn-target 100:1 import-extcommunity evpn
vxlan vni 100
#
bridge-domain 10
vxlan vni 5010
evpn
route-distinguisher 100:10
vpn-target 100:5010 export-extcommunity
vpn-target 100:1 export-extcommunity
vpn-target 100:5010 import-extcommunity
#
bridge-domain 20
vxlan vni 5020
evpn
route-distinguisher 100:20
vpn-target 100:5020 export-extcommunity
vpn-target 100:1 export-extcommunity
vpn-target 100:5020 import-extcommunity
#
interface Vbdif10
ip binding vpn-instance VRF_A
ip address 192.168.1.254 255.255.255.0
mac-address 0000-005e-1111
vxlan anycast-gateway enable
arp collect host enable
#
interface Vbdif20
ip binding vpn-instance VRF_A
ip address 192.168.2.254 255.255.255.0
mac-address 0000-005e-2222
vxlan anycast-gateway enable
arp collect host enable
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.1.13.2 255.255.255.252
ospf network-type p2p
#
interface GE1/0/1
undo shutdown
#
interface GE1/0/1.10 mode l2
encapsulation dot1q vid 30
bridge-domain 10
#
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 40
bridge-domain 20
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Nve1
source 3.3.3.3
vni 5010 head-end peer-list protocol bgp
vni 5020 head-end peer-list protocol bgp
#
interface NULL0
#
bgp 100
router-id 3.3.3.3
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
peer 1.1.1.1 enable
#
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 advertise irb
#
ospf 10 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.1.13.0 0.0.0.3
#
vSwitch1配置
#
sysname SW2
#
vlan batch 30 40
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 30
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 40
#
vSwitch2配置
#
sysname SW2
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
#
配置检查
- 使用display bgp evpn peer命令查看bgp evpn邻居关系是否建立起来;
- 使用display vxlan tunnel命令查看vxlan 隧道是否建立起来,隧道状态信息是否正确;
- 使用display vxlan vni命令可查VNI的状态是否为Up;
- 使用dis bgp evpn all routing-table命令查看evpn路由;
dis bgp evpn all routing-table
Local AS number : 100
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Mac Routes: 6
Route Distinguisher: 100:10
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:0000-005e-1111:0:0.0.0.0 0.0.0.0
*>i 0:48:5489-98e8-3333:32:192.168.1.2 3.3.3.3
*> 0:48:5489-98fe-1111:32:192.168.1.1 0.0.0.0
Route Distinguisher: 100:20
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:0000-005e-2222:0:0.0.0.0 0.0.0.0
*>i 0:48:5489-9803-4444:32:192.168.2.2 3.3.3.3
*> 0:48:5489-9850-2222:32:192.168.2.1 0.0.0.0
EVPN-Instance 10:
Number of Mac Routes: 3
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:0000-005e-1111:0:0.0.0.0 0.0.0.0
*>i 0:48:5489-98e8-3333:32:192.168.1.2 3.3.3.3
*> 0:48:5489-98fe-1111:32:192.168.1.1 0.0.0.0
EVPN-Instance 20:
Number of Mac Routes: 3
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:0000-005e-2222:0:0.0.0.0 0.0.0.0
*>i 0:48:5489-9803-4444:32:192.168.2.2 3.3.3.3
*> 0:48:5489-9850-2222:32:192.168.2.1 0.0.0.0
EVPN-Instance __RD_1_100_1__:
Number of Mac Routes: 2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-9803-4444:32:192.168.2.2 3.3.3.3
*>i 0:48:5489-98e8-3333:32:192.168.1.2 3.3.3.3
EVPN address family:
Number of Inclusive Multicast Routes: 4
Route Distinguisher: 100:10
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:2.2.2.2 0.0.0.0
*>i 0:32:3.3.3.3 3.3.3.3
Route Distinguisher: 100:20
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:2.2.2.2 0.0.0.0
*>i 0:32:3.3.3.3 3.3.3.3
EVPN-Instance 10:
Number of Inclusive Multicast Routes: 2
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:2.2.2.2 0.0.0.0
*>i 0:32:3.3.3.3 3.3.3.3
EVPN-Instance 20:
Number of Inclusive Multicast Routes: 2
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:2.2.2.2 0.0.0.0
*>i 0:32:3.3.3.3 3.3.3.3
dis bgp evpn all routing-table inclusive-route
Local AS number : 100
BGP Local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Inclusive Multicast Routes: 4
Route Distinguisher: 100:10
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:2.2.2.2 0.0.0.0
*>i 0:32:3.3.3.3 3.3.3.3
Route Distinguisher: 100:20
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:2.2.2.2 0.0.0.0
*>i 0:32:3.3.3.3 3.3.3.3
EVPN-Instance 10:
Number of Inclusive Multicast Routes: 2
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:2.2.2.2 0.0.0.0
*>i 0:32:3.3.3.3 3.3.3.3
EVPN-Instance 20:
Number of Inclusive Multicast Routes: 2
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:2.2.2.2 0.0.0.0
*>i 0:32:3.3.3.3 3.3.3.3
dis bgp evpn all routing-table mac-route 0:48:5489-98e8-3333:32:192.168.1.2
BGP local router ID : 2.2.2.2
Local AS number : 100
Total routes of Route Distinguisher(100:10): 1
BGP routing table entry information of 0:48:5489-98e8-3333:32:192.168.1.2:
Label information (Received/Applied): 5010 100/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h26m20s
Relay IP Nexthop: 10.1.12.1
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <100 : 1>, RT <100 : 5010>, Tunnel Type , Router's MAC
<707b-e8ae-776d>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, bes
t, select, pre 255, IGP cost 2
Originator: 3.3.3.3
Cluster list: 1.1.1.1
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 5489-98e8-3333/48, IP Address/Len: 192.168
.1.2/32, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
EVPN-Instance 10:
Number of Mac Routes: 1
BGP routing table entry information of 0:48:5489-98e8-3333:32:192.168.1.2:
Route Distinguisher: 100:10
Remote-Cross route
Label information (Received/Applied): 5010 100/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h26m20s
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <100 : 1>, RT <100 : 5010>, Tunnel Type , Router's MAC
<707b-e8ae-776d>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, bes
t, select, pre 255
Originator: 3.3.3.3
Cluster list: 1.1.1.1
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 5489-98e8-3333/48, IP Address/Len: 192.168
.1.2/32, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
EVPN-Instance __RD_1_100_1__:
Number of Mac Routes: 1
BGP routing table entry information of 0:48:5489-98e8-3333:32:192.168.1.2:
Route Distinguisher: 100:10
Remote-Cross route
Label information (Received/Applied): 5010 100/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h26m21s
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <100 : 1>, RT <100 : 5010>, Tunnel Type , Router's MAC
<707b-e8ae-776d>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, bes
t, select, pre 255
Originator: 3.3.3.3
Cluster list: 1.1.1.1
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 5489-98e8-3333/48, IP Address/Len: 192.168
.1.2/32, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
dis bgp evpn all routing-table mac-route 0:48:5489-9803-4444:32:192.168.2.2
BGP local router ID : 2.2.2.2
Local AS number : 100
Total routes of Route Distinguisher(100:20): 1
BGP routing table entry information of 0:48:5489-9803-4444:32:192.168.2.2:
Label information (Received/Applied): 5020 100/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h30m10s
Relay IP Nexthop: 10.1.12.1
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <100 : 1>, RT <100 : 5020>, Tunnel Type , Router's MAC
<707b-e8ae-776d>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, bes
t, select, pre 255, IGP cost 2
Originator: 3.3.3.3
Cluster list: 1.1.1.1
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 5489-9803-4444/48, IP Address/Len: 192.168
.2.2/32, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
EVPN-Instance 20:
Number of Mac Routes: 1
BGP routing table entry information of 0:48:5489-9803-4444:32:192.168.2.2:
Route Distinguisher: 100:20
Remote-Cross route
Label information (Received/Applied): 5020 100/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h30m10s
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <100 : 1>, RT <100 : 5020>, Tunnel Type , Router's MAC
<707b-e8ae-776d>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, bes
t, select, pre 255
Originator: 3.3.3.3
Cluster list: 1.1.1.1
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 5489-9803-4444/48, IP Address/Len: 192.168
.2.2/32, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
EVPN-Instance __RD_1_100_1__:
Number of Mac Routes: 1
BGP routing table entry information of 0:48:5489-9803-4444:32:192.168.2.2:
Route Distinguisher: 100:20
Remote-Cross route
Label information (Received/Applied): 5020 100/NULL
From: 1.1.1.1 (1.1.1.1)
Route Duration: 0d00h30m11s
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <100 : 1>, RT <100 : 5020>, Tunnel Type , Router's MAC
<707b-e8ae-776d>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, bes
t, select, pre 255
Originator: 3.3.3.3
Cluster list: 1.1.1.1
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 5489-9803-4444/48, IP Address/Len: 192.168
.2.2/32, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
- 使用display ip routing-table vpn-instance VRF_A查看VRF_A路由表,去往VM3和VM4的32位主机路由下一跳位3.3.3.3,出接口为VXLAN隧道;
- 使用display mac-address bridge-domain 10查看MAC地址信息。
连通性测试