【华三】VXLAN 分布式网关EVPN实验
分布式网关转发
分布式网关的VTEP设备同时支持二层转发和三层转发,成为集成桥接和路由,即IRB转发;IRB转发可以分为对称IRB和非对称IRB;
对称IRB转发
入口网关和出口网关上的处理方式相同
对于二层流量,入口网关和出口网关都只进行二层转发,即查看MAC表;
对于三层流量,入口网关和出口网关都只进行三层转发,即查看IP路由表。
该模式每一台分布式网关只需要配置其下主机所在VNI的VSI信息和所在VRF的L3 VNI信息,且不需要维护本租户内的所有主机的ARP,只需要维护少量的其他分布式网关对应的MAC即可。
对称IRB转发引入以下两个概念:
L3 VNI(Layer 3 VNI)
在不同VTEP设备需要设置相同的L3VNI,该设备会基于L3VNI自动创建一个VSI实例,才能学习到各自的主机路由
在分布式网关的场景,通过L3 VNI来表示不同VXLAN的业务是否可以互访,即标识路由域(关联同一个VPN实例),通过VPN实例确保不同租户之间的业务隔离;作用类似MPLS L3VPN的私网标签(查看ILM表),目的是来查找哪个VPN实例
Route MAC
在分布式网关的场景,网关的Route MAC,用来唯一标识 不同的网关设备,用于网关之间通过VXLAN隧道转发三层流量
非对称IRB转发
入口网关和出口网关上的处理方式不同,
入口网关需要同时进行二层和三层转发;
而出口网关只进行二层转发。
该模式要求每一台分布式网关需要配置EVPN网络内所有VNI的VSI信息,且要求每一台分布式网关维护本租户内所有主机的ARP
EVPN的常用路由类型
类型1
RT-1:以太自动发现路由(Ethernet Auto-Discovery Route)
例如:发现自己是否连接同一个站点(CE)
主要用于多归属场景中,通告ES信息和servicelD信息
作用
① 实现环路避免
② 负载分担
③ 快速收敛
类型2
RT-2:MAC/IP发布路由(MAC/IP Advertisement Route)
有些场景发布MAC路由,有些场景发布主机路由
作用
① 通告MAC地址和主机路由信息(即ARP信息和ND信息)
② 自动同步MAC表项或ARP表项
③ 指导单播帧的转发
类型3
RT-3:包含性组播以太网标签路由,又称为IMET 路由(Inclusive Multicast Route )
例如:隧道的建立
作用
① 携带本端PE上EVPN实例的RD和RT值,以及SourcelP和PMSl(Provider Multicast Service Interface)信息
② 通告VTEP及其所属VXLAN,在EVPN VXLAN组网中实现VTEP自动发现、自动建立VXLAN隧道、自动创建VXLAN广播表等。VXLAN广播表的作用是用来指导BUM帧的转发:当VTEP设备收到BUM报文时,按照VXLAN广播表只会发送给已经和它建立VXLAN的VTEP设备
③ 在EVPN VPLS组网中用来通告PE信息,实现PE的自动发现、自动建立PW。
类型4
RT-4:以太网段路由(Ethernet Segment Route )
多归属场景下
作用
① 通告本端PE上的EVPN实例的RD值、ESI值和Source IP地址
② 用于ESI成员的发现
③ 在冗余组中进行DF的选举,只有DF设备才会将收到的BUM帧转发给内部设备(外部BUM帧)
类型5
RT-5:IP前缀路由(IP Prefix Route)
作用
① 用来通告路由信息
② 用于MPLS 环境,架设L3VPN
③ 分布式网关场景发布外部路由到VXLAN内部网络
实验
配置
通过用EVPN的方式来实现VXLAN的分布式网关部署,R1、R3、R4都为网关,R4为Border;实现内部用户能够互访,并且通过R4来进行访问互联网
L3VNI统一为1000;
vpna的Route-MAC为0010-0010-0010
vpnb的Route-MAC为0020-0020-0020
vpnc的Route-MAC为0030-0030-0030
PC1、PC4是属于VLAN10、归属于VSI实例vpna,VNI为5010
PC2、PC5是属于VLAN20、归属于VSI实例vpnb,VNI为5020
PC3、PC6、PC7是属于VLAN30、归属于VSI实例vpnc,VNI为5030
拓扑
设备型号
环境:HCL 5.10.3
路由器:MSR36-20
配置步骤
① 内部IGP全网互通(OSPF)
② 开启L2VPN功能,配置VSI实例,关联VNI
并将EVPN的封装模式设置为VXLAN,再设置自动添加RD、RT值
③ 与RR反射器“R2”建立EVPN邻居关系,传递EVPN路由
④ 关联接口到VSI实例中(AC),匹配用户流量,并关联相对应的VSI实例
⑤ 创建VPN实例,设置IPv4和EVPN地址家族的RT值
⑥ 在不同VTEP设备上创建相同的VSI接口以及设置相同的MAC地址,再关联相同的VPN实例中,并开启分布式网关功能
⑦ 创建L3VNI接口,关联到VPN实例同时绑定L3VNI标识
⑧ 将VSI接口绑定到相对应的VSI实例中
R1
# I IGP全网互通
[R1]int g0/0
[R1-GigabitEthernet0/0]ip address 192.168.12.1 24
[R1-GigabitEthernet0/0]quit
[R1]int LoopBack 0
[R1-LoopBack0]ip address 10.255.1.1 32
[R1-LoopBack0]quit
[R1]int range g0/0 LoopBack 0
[R1-if-range]ospf 1 area 0
[R1-if-range]quit
# II 开启L2VPN功能
[R1]l2vpn enable
[R1]vsi vpna ## 创建VSI vpna
[R1-vsi-vpna]vxlan 5010 ## 关联VNI 5010
[R1-vsi-vpna-vxlan-5010]quit
[R1-vsi-vpna]evpn encapsulation vxlan ## 将EVPN的封装模式设置为VXLAN
[R1-vsi-vpna-evpn-vxlan]route-distinguisher auto ## RD值自动设置
[R1-vsi-vpna-evpn-vxlan]vpn-target auto ## RT值自动设置
[R1-vsi-vpna-evpn-vxlan]quit
[R1-vsi-vpna]quit
[R1]vsi vpnb
[R1-vsi-vpnb]vxlan 5020
[R1-vsi-vpnb-vxlan-5020]quit
[R1-vsi-vpnb]evpn encapsulation vxlan
[R1-vsi-vpnb-evpn-vxlan]route-distinguisher auto
[R1-vsi-vpnb-evpn-vxlan]vpn-target auto
[R1-vsi-vpnb-evpn-vxlan]quit
[R1-vsi-vpnb]quit
[R1]vsi vpnc
[R1-vsi-vpnc]vxlan 5030
[R1-vsi-vpnc-vxlan-5030]quit
[R1-vsi-vpnc]evpn encapsulation vxlan
[R1-vsi-vpnc-evpn-vxlan]route-distinguisher auto
[R1-vsi-vpnc-evpn-vxlan]vpn-target auto
[R1-vsi-vpnc-evpn-vxlan]quit
[R1-vsi-vpnc]quit
# III 与RR反射器建立EVPN邻居关系,传递EVPN路由
[R1]bgp 100
[R1-bgp-default]peer 10.255.1.2 as-number 100
[R1-bgp-default]peer 10.255.1.2 connect-interface LoopBack 0
[R1-bgp-default]address-family l2vpn evpn
[R1-bgp-default-evpn]peer 10.255.1.2 enable
[R1-bgp-default-evpn]quit
[R1-bgp-default]quit
# IV 关联接口到VSI实例中(AC),匹配用户流量
[R1]int g0/1.10 ## 进入单臂路由子接口
[R1-GigabitEthernet0/1.10]vlan-type dot1q vid 10 ## vlan-tag 为10
[R1-GigabitEthernet0/1.10]xconnect vsi vpna ## 关联VSI实例
[R1-GigabitEthernet0/1.10]quit
[R1]int g0/1.20
[R1-GigabitEthernet0/1.20]vlan-type dot1q vid 20
[R1-GigabitEthernet0/1.20]xconnect vsi vpnb
[R1-GigabitEthernet0/1.20]quit
[R1]int g0/1.30
[R1-GigabitEthernet0/1.30]vlan-type dot1q vid 30
[R1-GigabitEthernet0/1.30]xconnect vsi vpnc
[R1-GigabitEthernet0/1.30]quit
# V 创建VPN实例,设置IPv4和EVPN地址家族的RT值
# IPv4地址家族RT值:接收IP前缀路由,访问外部网络(类型5)
# EVPN地址家族RT值:接收主机路由的(类型2)
[R1]ip vpn-instance CA
[R1-vpn-instance-CA]route-distinguisher 1:100 ## 设置RD值
[R1-vpn-instance-CA]address-family ipv4 ## 进入IPv4地址家族
[R1-vpn-ipv4-CA]vpn-target 1:1 ## 设置RT的进出值都为1:1
[R1-vpn-ipv4-CA]quit
[R1-vpn-instance-CA]address-family evpn ## 进入EVPN地址家族
[R1-vpn-evpn-CA]vpn-target 2:2 ## 设置RT的进出值都为2:2
[R1-vpn-evpn-CA]quit
[R1-vpn-instance-CA]quit
# VI 创建VSI接口
[R1]int Vsi-interface 10 ## 创建VSI接口10
[R1-Vsi-interface10]ip binding vpn-instance CA ## 绑定VPN实例CA
[R1-Vsi-interface10]ip address 192.168.10.254 24 ## 配置相对应用户的网关地址
[R1-Vsi-interface10]mac-address 10-10-10 ## 配置网关的Route-MAC地址
[R1-Vsi-interface10]distributed-gateway local ## 开启分布式网关功能
[R1-Vsi-interface10]quit
[R1]int Vsi-interface 20
[R1-Vsi-interface20]ip binding vpn-instance CA
[R1-Vsi-interface20]ip address 192.168.20.254 24
[R1-Vsi-interface20]mac-address 20-20-20
[R1-Vsi-interface20]distributed-gateway local
[R1-Vsi-interface20]quit
[R1]int Vsi-interface 30
[R1-Vsi-interface30]ip binding vpn-instance CA
[R1-Vsi-interface30]ip address 192.168.30.254 24
[R1-Vsi-interface30]mac-address 30-30-30
[R1-Vsi-interface30]distributed-gateway local
[R1-Vsi-interface30]quit
# VII 创建L3VNI接口
[R1]int Vsi-interface 100 ## VSI接口为100
[R1-Vsi-interface100]ip binding vpn-instance CA ## 绑定VPN实例CA
[R1-Vsi-interface100]l3-vni 1000 ## 设置L3VNI为1000
[R1-Vsi-interface100]quit
# VIII 将VSI接口绑定到相对应的VSI实例中
[R1]vsi vpna
[R1-vsi-vpna]gateway Vsi-interface 10
[R1-vsi-vpna]quit
[R1]vsi vpnb
[R1-vsi-vpnb]gateway Vsi-interface 20
[R1-vsi-vpnb]quit
[R1]vsi vpnc
[R1-vsi-vpnc]gateway Vsi-interface 30
[R1-vsi-vpnc]quit
R2
[R2]int g0/0
[R2-GigabitEthernet0/0]ip address 192.168.12.2 24
[R2-GigabitEthernet0/0]quit
[R2]int g0/1
[R2-GigabitEthernet0/1]ip address 192.168.23.2 24
[R2-GigabitEthernet0/1]quit
[R2]int g0/2
[R2-GigabitEthernet0/2]ip address 192.168.24.2 24
[R2-GigabitEthernet0/2]quit
[R2]int lo0
[R2-LoopBack0]ip address 10.255.1.2 32
[R2-LoopBack0]quit
[R2]int range g0/0 g0/1 g0/2 lo0
[R2-if-range]ospf 1 area 0
[R2-if-range]quit
[R2]bgp 100
[R2-bgp-default]peer 10.255.1.1 as-number 100
[R2-bgp-default]peer 10.255.1.1 connect-interface LoopBack 0
[R2-bgp-default]peer 10.255.1.3 as-number 100
[R2-bgp-default]peer 10.255.1.3 connect-interface LoopBack 0
[R2-bgp-default]peer 10.255.1.4 as-number 100
[R2-bgp-default]peer 10.255.1.4 connect-interface LoopBack 0
[R2-bgp-default]address-family l2vpn evpn
[R2-bgp-default-evpn]undo policy vpn-target
[R2-bgp-default-evpn]peer 10.255.1.1 enable
[R2-bgp-default-evpn]peer 10.255.1.1 reflect-client
[R2-bgp-default-evpn]peer 10.255.1.3 enable
[R2-bgp-default-evpn]peer 10.255.1.3 reflect-client
[R2-bgp-default-evpn]peer 10.255.1.4 enable
[R2-bgp-default-evpn]peer 10.255.1.4 reflect-client
[R2-bgp-default-evpn]quit
[R2-bgp-default]quit
R3
[R3]int g0/0
[R3-GigabitEthernet0/0]ip address 192.168.23.3 24
[R3-GigabitEthernet0/0]quit
[R3]int lo0
[R3-LoopBack0]ip address 10.255.1.3 24
[R3-LoopBack0]quit
[R3]int range lo0 g0/0
[R3-if-range]ospf 1 area 0
[R3-if-range]quit
[R3]l2vpn enable
[R3]vsi vpna
[R3-vsi-vpna]vxlan 5010
[R3-vsi-vpna-vxlan-5010]quit
[R3-vsi-vpna]evpn encapsulation vxlan
[R3-vsi-vpna-evpn-vxlan]route-distinguisher auto
[R3-vsi-vpna-evpn-vxlan]vpn-target auto
[R3-vsi-vpna-evpn-vxlan]quit
[R3vsi vpnb
[R3-vsi-vpnb]vxlan 5020
[R3-vsi-vpnb-vxlan-5020]quit
[R3-vsi-vpnb]evpn encapsulation vxlan
[R3-vsi-vpnb-evpn-vxlan]route-distinguisher auto
[R3-vsi-vpnb-evpn-vxlan]vpn-target auto
[R3-vsi-vpnb-evpn-vxlan]quit
[R3-vsi-vpnb]quit
[R3]vsi vpnc
[R3-vsi-vpnc]vxlan 5030
[R3-vsi-vpnc-vxlan-5030]quit
[R3-vsi-vpnc]evpn encapsulation vxlan
[R3-vsi-vpnc-evpn-vxlan]route-distinguisher auto
[R3-vsi-vpnc-evpn-vxlan]vpn-target auto
[R3-vsi-vpnc-evpn-vxlan]quit
[R3-vsi-vpnc]quit
[R3]bgp 100
[R3-bgp-default]peer 10.255.1.2 as-number 100
[R3-bgp-default]peer 10.255.1.2 connect-interface LoopBack 0
[R3-bgp-default]address-family l2vpn evpn
[R3-bgp-default-evpn]peer 10.255.1.2 enable
[R3-bgp-default-evpn]quit
[R3-bgp-default]quit
[R3]int g0/1.10
[R3-GigabitEthernet0/1.10]vlan-type dot1q vid 10
[R3-GigabitEthernet0/1.10]xconnect vsi vpna
[R3-GigabitEthernet0/1.10]quit
[R3]int g0/1.20
[R3-GigabitEthernet0/1.20]vlan-type dot1q vid 20
[R3-GigabitEthernet0/1.20]xconnect vsi vpnb
[R3-GigabitEthernet0/1.20]quit
[R3]int g0/1.30
[R3-GigabitEthernet0/1.30]vlan-type dot1q vid 30
[R3-GigabitEthernet0/1.30]xconnect vsi vpnc
[R3-GigabitEthernet0/1.30]quit
[R3]ip vpn-instance CA
[R3-vpn-instance-CA]route-distinguisher 1:100
[R3-vpn-instance-CA]address-family ipv4
[R3-vpn-ipv4-CA]vpn-target 1:1
[R3-vpn-ipv4-CA]quit
[R3-vpn-instance-CA]address-family evpn
[R3-vpn-evpn-CA]vpn-target 2:2
[R3-vpn-evpn-CA]quit
[R3-vpn-instance-CA]quit
[R3]int Vsi-interface 10
[R3-Vsi-interface10]ip binding vpn-instance CA
[R3-Vsi-interface10]ip address 192.168.10.254 24
[R3-Vsi-interface10]mac-address 10-10-10
[R3-Vsi-interface10]distributed-gateway local
[R3-Vsi-interface10]quit
[R3]int Vsi-interface 20
[R3-Vsi-interface20]ip binding vpn-instance CA
[R3-Vsi-interface20]ip address 192.168.20.254 24
[R3-Vsi-interface20]mac-address 20-20-20
[R3-Vsi-interface20]distributed-gateway local
[R3-Vsi-interface20]quit
[R3]int Vsi-interface 30
[R3-Vsi-interface30]ip binding vpn-instance CA
[R3-Vsi-interface30]ip address 192.168.30.254 24
[R3-Vsi-interface30]mac-address 30-30-30
[R3-Vsi-interface30]distributed-gateway local
[R3-Vsi-interface30]quit
[R3]int Vsi-interface 100
[R3-Vsi-interface100]ip binding vpn-instance CA
[R3-Vsi-interface100]l3-vni 1000
[R3-Vsi-interface100]quit
[R3]vsi vpna
[R3-vsi-vpna]gateway Vsi-interface 10
[R3-vsi-vpna]quit
[R3]vsi vpnb
[R3-vsi-vpnb]gateway Vsi-interface 20
[R3-vsi-vpnb]quit
[R3]vsi vpnc
[R3-vsi-vpnc]gateway Vsi-interface 30
[R3-vsi-vpnc]quit
R4
[R4]int g0/0
[R4-GigabitEthernet0/0]ip address 192.168.24.4 24
[R4-GigabitEthernet0/0]quit
[R4]int lo0
[R4-LoopBack0]ip address 10.255.1.4 32
[R4-LoopBack0]quit
[R4]int range g0/0 lo0
[R4-if-range]ospf 1 area 0
[R4-if-range]quit
[R4]l2vpn enable
[R4]vsi vpna
[R4-vsi-vpna]vxlan 5010
[R4-vsi-vpna-vxlan-5010]quit
[R4-vsi-vpna]evpn encapsulation vxlan
[R4-vsi-vpna-evpn-vxlan]route-distinguisher auto
[R4-vsi-vpna-evpn-vxlan]vpn-target auto
[R4-vsi-vpna-evpn-vxlan]quit
[R4-vsi-vpna]quit
[R4]vsi vpnb
[R4-vsi-vpnb]vxlan 5020
[R4-vsi-vpnb-vxlan-5020]quit
[R4-vsi-vpnb]evpn encapsulation vxlan
[R4-vsi-vpnb-evpn-vxlan]route-distinguisher auto
[R4-vsi-vpnb-evpn-vxlan]vpn-target auto
[R4-vsi-vpnb-evpn-vxlan]quit
[R4-vsi-vpnb]quit
[R4]vsi vpnc
[R4-vsi-vpnc]vxlan 5030
[R4-vsi-vpnc-vxlan-5030]quit
[R4-vsi-vpnc]evpn encapsulation vxlan
[R4-vsi-vpnc-evpn-vxlan]route-distinguisher auto
[R4-vsi-vpnc-evpn-vxlan]vpn-target auto
[R4-vsi-vpnc-evpn-vxlan]quit
[R4-vsi-vpnc]quit
[R4]bgp 100
[R4-bgp-default]peer 10.255.1.2 as-number 100
[R4-bgp-default]peer 10.255.1.2 connect-interface LoopBack 0
[R4-bgp-default]address-family l2vpn evpn
[R4-bgp-default-evpn]peer 10.255.1.2 enable
[R4-bgp-default-evpn]quit
[R4-bgp-default]quit
[R4]ip vpn-instance CA
[R4-vpn-instance-CA]route-distinguisher 1:100
[R4-vpn-instance-CA]address-family ipv4
[R4-vpn-ipv4-CA]vpn-target 1:1
[R4-vpn-ipv4-CA]quit
[R4-vpn-instance-CA]address-family evpn
[R4-vpn-evpn-CA]vpn-target 2:2
[R4-vpn-evpn-CA]quit
[R4-vpn-instance-CA]quit
[R4]int Vsi-interface 10
[R4-Vsi-interface10]ip binding vpn-instance CA
[R4-Vsi-interface10]ip address 192.168.10.254 24
[R4-Vsi-interface10]mac-address 10-10-10
[R4-Vsi-interface10]distributed-gateway local
[R4-Vsi-interface10]quit
[R4]int Vsi-interface 20
[R4-Vsi-interface20]ip binding vpn-instance CA
[R4-Vsi-interface20]ip address 192.168.20.254 24
[R4-Vsi-interface20]mac-address 20-20-20
[R4-Vsi-interface20]distributed-gateway local
[R4-Vsi-interface20]quit
[R4]int Vsi-interface 30
[R4-Vsi-interface30]ip binding vpn-instance CA
[R4-Vsi-interface30]ip address 192.168.30.254 24
[R4-Vsi-interface30]mac-address 30-30-30
[R4-Vsi-interface30]distributed-gateway local
[R4-Vsi-interface30]quit
[R4]int Vsi-interface 100
[R4-Vsi-interface100]ip binding vpn-instance CA
[R4-Vsi-interface100]l3-vni 1000
[R4-Vsi-interface100]quit
[R4]vsi vpna
[R4-vsi-vpna]gateway Vsi-interface 10
[R4-vsi-vpna]quit
[R4]vsi vpnb
[R4-vsi-vpnb]gateway Vsi-interface 20
[R4-vsi-vpnb]quit
[R4]vsi vpnc
[R4-vsi-vpnc]gateway Vsi-interface 30
[R4-vsi-vpnc]quit
访问互联网
# I 内部不同VPN实例用户需要注意好
[R4]int g0/1
[R4-GigabitEthernet0/1]ip binding vpn-instance CA
[R4-GigabitEthernet0/1]ip address 202.101.1.2 24
[R4-GigabitEthernet0/1]quit
[R4]acl basic 2000
[R4-acl-ipv4-basic-2000]rule permit source 192.168.10.0 0.0.0.255 vpn-instance CA
[R4-acl-ipv4-basic-2000]rule permit source 192.168.20.0 0.0.0.255 vpn-instance CA
[R4-acl-ipv4-basic-2000]rule permit source 192.168.30.0 0.0.0.255 vpn-instance CA
[R4-acl-ipv4-basic-2000]quit
[R4]int g0/1
[R4-GigabitEthernet0/1]nat outbound 2000 vpn-instance CA
[R4-GigabitEthernet0/1]quit
[R4]ip route-static vpn-instance CA 0.0.0.0 0 202.101.1.1
# II 将默认路由引入内部
[R4]bgp 100
[R4-bgp-default]ip vpn-instance CA
[R4-bgp-default-CA]address-family ipv4
[R4-bgp-default-ipv4-CA]import-route static
[R4-bgp-default-ipv4-CA]default-route imported
[R4-bgp-default-ipv4-CA]quit
[R4-bgp-default-CA]quit
[R4-bgp-default]quit
SW1
[SW1]vlan 10 20 30
[SW1]int g1/0/1
[SW1-GigabitEthernet1/0/1]port link-type trunk
[SW1-GigabitEthernet1/0/1]port trunk permit vlan 10 20 30
[SW1-GigabitEthernet1/0/1]quit
[SW1]int g1/0/2
[SW1-GigabitEthernet1/0/2]port link-type access
[SW1-GigabitEthernet1/0/2]port access vlan 10
[SW1-GigabitEthernet1/0/2]quit
[SW1]int g1/0/3
[SW1-GigabitEthernet1/0/3]port link-type access
[SW1-GigabitEthernet1/0/3]port access vlan 20
[SW1-GigabitEthernet1/0/3]quit
[SW1]int g1/0/4
[SW1-GigabitEthernet1/0/4]port link-type access
[SW1-GigabitEthernet1/0/4]port access vlan 30
[SW1-GigabitEthernet1/0/4]quit
SW2
[SW2]vlan 10 20 30
[SW2]int g1/0/1
[SW2-GigabitEthernet1/0/1]port link-type trunk
[SW2-GigabitEthernet1/0/1]port trunk permit vlan 10 20 30
[SW2-GigabitEthernet1/0/1]quit
[SW2]int g1/0/2
[SW2-GigabitEthernet1/0/2]port link-type access
[SW2-GigabitEthernet1/0/2]port access vlan 10
[SW2-GigabitEthernet1/0/2]quit
[SW2]int g1/0/3
[SW2-GigabitEthernet1/0/3]port link-type access
[SW2-GigabitEthernet1/0/3]port access vlan 20
[SW2-GigabitEthernet1/0/3]quit
[SW2]int g1/0/4
[SW2-GigabitEthernet1/0/4]port link-type access
[SW2-GigabitEthernet1/0/4]port access vlan 30
[SW2-GigabitEthernet1/0/4]quit
[SW2]int g1/0/5
[SW2-GigabitEthernet1/0/5]port link-type access
[SW2-GigabitEthernet1/0/5]port access vlan 30
[SW2-GigabitEthernet1/0/5]quit
PC
测试
检查
查看学到的路由
[R1]display bgp l2vpn evpn
通过该命令可以查看到,该环境中用到了哪些EVPN的类型路由
VXLAN隧道建立情况
[R1]display vxlan tunnel
L2VPN的MAC学习情况
网关的ARP表项
只维护网关的MAC地址
抓包
在R1的G0/0接口上开启抓包
将R3的G0/0接口shutdown后,再undo shutdown,再等一会,抓update报文即可看到以下的信息,主要是有EVPN路由类型2、路由类型3
路由类型5主要是传递外部路由(上网的默认路由),需要将R4的G0/0接口shutdown后再undo shutdown才能从update报抓到
配置文档
R1
#
sysname R1
#
ip vpn-instance CA
route-distinguisher 1:100
#
address-family ipv4
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family evpn
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 10
vxlan 5010
quit
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 20
vxlan 5020
quit
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnc
gateway vsi-interface 30
vxlan 5030
quit
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 10.255.1.1 255.255.255.255
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/0
ip address 192.168.12.1 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/1.10
vlan-type dot1q vid 10
xconnect vsi vpna
#
interface GigabitEthernet0/1.20
vlan-type dot1q vid 20
xconnect vsi vpnb
#
interface GigabitEthernet0/1.30
vlan-type dot1q vid 30
xconnect vsi vpnc
#
interface Vsi-interface10
ip binding vpn-instance CA
ip address 192.168.10.254 255.255.255.0
mac-address 0010-0010-0010
distributed-gateway local
#
interface Vsi-interface20
ip binding vpn-instance CA
ip address 192.168.20.254 255.255.255.0
mac-address 0020-0020-0020
distributed-gateway local
#
interface Vsi-interface30
ip binding vpn-instance CA
ip address 192.168.30.254 255.255.255.0
mac-address 0030-0030-0030
distributed-gateway local
#
interface Vsi-interface100
ip binding vpn-instance CA
l3-vni 1000
#
bgp 100
peer 10.255.1.2 as-number 100
peer 10.255.1.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 10.255.1.2 enable
R2
#
sysname R2
#
ospf 1
area 0.0.0.0
#
interface LoopBack0
ip address 10.255.1.2 255.255.255.255
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/0
ip address 192.168.12.2 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/1
ip address 192.168.23.2 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/2
ip address 192.168.24.2 255.255.255.0
ospf 1 area 0.0.0.0
#
bgp 100
peer 10.255.1.1 as-number 100
peer 10.255.1.1 connect-interface LoopBack0
peer 10.255.1.3 as-number 100
peer 10.255.1.3 connect-interface LoopBack0
peer 10.255.1.4 as-number 100
peer 10.255.1.4 connect-interface LoopBack0
#
address-family l2vpn evpn
undo policy vpn-target
peer 10.255.1.1 enable
peer 10.255.1.1 reflect-client
peer 10.255.1.3 enable
peer 10.255.1.3 reflect-client
peer 10.255.1.4 enable
peer 10.255.1.4 reflect-client
R3
#
sysname R3
#
ip vpn-instance CA
route-distinguisher 1:100
#
address-family ipv4
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family evpn
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
ospf 1
area 0.0.0.0
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 10
vxlan 5010
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 20
vxlan 5020
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnc
gateway vsi-interface 30
vxlan 5030
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 10.255.1.3 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/0
ip address 192.168.23.3 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/1.10
vlan-type dot1q vid 10
xconnect vsi vpna
#
interface GigabitEthernet0/1.20
vlan-type dot1q vid 20
xconnect vsi vpnb
#
interface GigabitEthernet0/1.30
vlan-type dot1q vid 30
xconnect vsi vpnc
#
interface Vsi-interface10
ip binding vpn-instance CA
ip address 192.168.10.254 255.255.255.0
mac-address 0010-0010-0010
distributed-gateway local
#
interface Vsi-interface20
ip binding vpn-instance CA
ip address 192.168.20.254 255.255.255.0
mac-address 0020-0020-0020
distributed-gateway local
#
interface Vsi-interface30
ip binding vpn-instance CA
ip address 192.168.30.254 255.255.255.0
mac-address 0030-0030-0030
distributed-gateway local
#
interface Vsi-interface100
ip binding vpn-instance CA
l3-vni 1000
#
bgp 100
peer 10.255.1.2 as-number 100
peer 10.255.1.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 10.255.1.2 enable
R4
#
sysname R4
#
ip vpn-instance CA
route-distinguisher 1:100
#
address-family ipv4
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family evpn
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
ospf 1
area 0.0.0.0
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 10
vxlan 5010
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 20
vxlan 5020
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnc
gateway vsi-interface 30
vxlan 5030
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 10.255.1.4 255.255.255.255
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/0
ip address 192.168.24.4 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet0/1
ip binding vpn-instance CA
ip address 202.101.1.2 255.255.255.0
nat outbound 2000 vpn-instance CA
#
interface Vsi-interface10
ip binding vpn-instance CA
ip address 192.168.10.254 255.255.255.0
mac-address 0010-0010-0010
distributed-gateway local
#
interface Vsi-interface20
ip binding vpn-instance CA
ip address 192.168.20.254 255.255.255.0
mac-address 0020-0020-0020
distributed-gateway local
#
interface Vsi-interface30
ip binding vpn-instance CA
ip address 192.168.30.254 255.255.255.0
mac-address 0030-0030-0030
distributed-gateway local
#
interface Vsi-interface100
ip binding vpn-instance CA
l3-vni 1000
#
bgp 100
peer 10.255.1.2 as-number 100
peer 10.255.1.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 10.255.1.2 enable
#
ip vpn-instance CA
#
address-family ipv4 unicast
default-route imported
import-route static
#
ip route-static vpn-instance CA 0.0.0.0 0 202.101.1.1
#
acl basic 2000
rule 0 permit vpn-instance CA source 192.168.10.0 0.0.0.255
rule 5 permit vpn-instance CA source 192.168.20.0 0.0.0.255
rule 10 permit vpn-instance CA source 192.168.30.0 0.0.0.255
#
SW1
vlan 10
#
vlan 20
#
vlan 30
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 10 20 30
#
interface GigabitEthernet1/0/2
port access vlan 10
#
interface GigabitEthernet1/0/3
port access vlan 20
#
interface GigabitEthernet1/0/4
port access vlan 30
SW2
vlan 10
#
vlan 20
#
vlan 30
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 10 20 30
#
interface GigabitEthernet1/0/2
port access vlan 10
#
interface GigabitEthernet1/0/3
port access vlan 20
#
interface GigabitEthernet1/0/4
port access vlan 30
#
interface GigabitEthernet1/0/5
port access vlan 30
本站资源均来自互联网,仅供研究学习,禁止违法使用和商用,产生法律纠纷本站概不负责!如果侵犯了您的权益请与我们联系!
转载请注明出处: 免费源码网-免费的源码资源网站 » 【华三】VXLAN 分布式网关EVPN实验
发表评论 取消回复