01 | 您所在的位置:网站首页 › 思科mlag配置 › 01 |
目 录 1 简介 2 配置前提 3 使用限制 4 EVPN和M-LAG二层转发配置举例(直连模式peer-link链路) 4.1 组网需求 4.2 配置思路 4.3 适用产品及版本 4.4 配置步骤 4.4.1 配置各接口的IP地址 4.4.2 配置路由协议 4.4.3 创建VSI、EVPN实例和VXLAN 4.4.4 配置M-LAG 4.4.5 配置BGP发布EVPN路由 4.4.6 配置以太网服务实例匹配用户报文,并将其与VSI关联 4.5 验证配置 4.6 配置文件 5 EVPN和M-LAG二层转发配置举例(隧道模式peer-link链路) 5.1 组网需求 5.2 配置思路 5.3 适用产品及版本 5.4 配置步骤 5.4.1 配置各接口的IP地址 5.4.2 配置路由协议 5.4.3 创建VSI、EVPN实例和VXLAN 5.4.4 配置M-LAG 5.4.5 配置BGP发布EVPN路由 5.4.6 配置以太网服务实例匹配用户报文,并将其与VSI关联 5.5 验证配置 5.6 配置文件 6 EVPN和M-LAG三层转发配置举例(直连模式peer-link链路) 6.1 组网需求 6.2 配置思路 6.3 适用产品及版本 6.4 配置步骤 6.4.1 配置各接口的IP地址 6.4.2 配置路由协议 6.4.3 创建VSI、EVPN实例和VXLAN 6.4.4 配置分布式EVPN网关 6.4.5 配置M-LAG 6.4.6 配置BGP发布EVPN路由 6.4.7 配置以太网服务实例匹配用户报文,并将其与VSI关联 6.5 验证配置 6.6 配置文件 7 EVPN和M-LAG三层转发配置举例(隧道模式peer-link链路) 7.1 组网需求 7.2 配置思路 7.3 适用产品及版本 7.4 配置步骤 7.4.1 配置各接口的IP地址 7.4.2 配置路由协议 7.4.3 创建VSI、EVPN实例和VXLAN 7.4.4 配置分布式EVPN网关 7.4.5 配置M-LAG 7.4.6 配置BGP发布EVPN路由 7.4.7 配置以太网服务实例匹配用户报文,并将其与VSI关联 7.5 验证配置 7.6 配置文件 1 简介 本文档介绍EVPN(Ethernet Virtual Private Network,以太网虚拟专用网络)和M-LAG结合使用的典型配置举例。 · EVPN是一种二层VPN技术,控制平面采用MP-BGP通告EVPN路由信息,数据平面采用VXLAN封装方式转发报文。 · M-LAG是一种跨设备链路聚合技术,将两台物理设备在聚合层面虚拟成一台设备来实现跨设备链路聚合,从而提供设备级冗余保护和流量负载分担。 通过EVPN和M-LAG结合部署的方式,将两台物理设备连接起来虚拟成一台设备,使用该虚拟设备作为VTEP(既可以是仅用于二层转发的VTEP,也可以是EVPN网关),可以避免VTEP单点故障对网络造成影响,从而提高EVPN网络的可靠性。 2 配置前提本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请以设备实际情况为准。 本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。 本文档假设您已了解EVPN和M-LAG特性。 3 使用限制配置EVPN支持M-LAG时,需要注意: · 开启、关闭EVPN支持M-LAG功能后,需要在BGP实例视图下执行address-family l2vpn evpn命令,以便设备采用新的隧道源端地址与远端VTEP建立隧道。 · 分布式聚合的虚拟VTEP地址不能指定为接口的从IP地址。 · Underlay网络为IPv4网络(或IPv6网络)时,M-LAG的虚拟VTEP地址必须同为IPv4地址(或IPv6地址),否则会导致作为M-LAG设备的VTEP无法与远端VTEP(非M-LAG设备)建立VXLAN隧道。 · 为了避免M-LAG协议将接口置为M-LAG MAD DOWN状态,需要将如下参与EVPN业务的接口配置为保留接口: ¡ 执行m-lag mad default-action none命令使M-LAG系统分裂后接口保持原状态不变。 ¡ M-LAG接口和peer-link接口所在VLAN对应的VLAN接口不需要做任何配置,M-LAG系统分裂后,这些端口不会Down。 ¡ 采用直连模式peer-link链路时:上行接口(路由口、VLAN接口、物理接口)需要通过m-lag mad include interface命令配置为M-LAG非保留接口,M-LAG系统分裂后,这些端口会Down。采用隧道模式peer-link链路时不需要进行此配置。 ¡ 所有参与EVPN业务的接口(VSI虚接口、BGP对等体地址所在的接口、Keepalive链路的接口)不需要做任何配置,M-LAG系统分裂后,这些端口不会Down。 ¡ M-LAG设备采用的虚拟地址(即evpn m-lag group命令配置的IP地址)所在的接口不需要做任何配置,M-LAG系统分裂后,这些端口不会Down。 · 执行m-lag restore-delay命令配置延迟恢复时间大于等于300秒。 · 在M-LAG设备上,需要关闭VXLAN隧道对应的二层以太网接口上的STP功能,以免上行设备错误地阻塞连接M-LAG设备的接口。 配置采用直连模式peer-link链路的EVPN支持M-LAG时,需要注意: · 根据用户侧以太网服务实例的报文匹配规则创建peer-link链路上的AC时,用户侧以太网服务实例配置的报文匹配规则只能为匹配报文的外层VLAN tag(encapsulation s-vid { vlan-id | vlan-id-list })、匹配不携带VLAN tag的所有报文(encapsulation untagged),且AC的接入模式必须为VLAN模式。 · M-LAG的两台VTEP上,同一M-LAG接口以及单挂AC口上以太网服务实例的匹配规则、关联的VSI对应的VXLAN ID必须一致,且只能采用手工方式创建AC。 · 建议将peer-link接口的PVID配置为4094。否则,如果设备配置了通过VXLAN ID映射方式生成peer-link链路上动态AC的报文匹配规则(l2vpn m-lag peer-link ac-match-rule vxlan-mapping命令),可能会出现计算出的AC的报文匹配规则外层VLAN标签为peer-link接口的PVID,影响VLAN Tag为VXLAN ID%4094+1(VXLAN ID除以4094,取余后加1)的Underlay流量转发。 · 建议不要在M-LAG的两台VTEP上引入外部路由。 配置采用隧道模式peer-link链路的EVPN支持M-LAG时,需要注意: · M-LAG的两台VTEP上,M-LAG接口的以太网服务实例匹配规则、关联的VSI对应的VXLAN ID必须一致,且只能采用手工方式创建AC。 · 在隧道模式peer-link链路的组网环境中,必须先将VXLAN隧道接口、VXLAN隧道的公网出接口配置为保留接口后,再将VXLAN隧道接口配置为peer-link接口。如果在配置保留接口前已经将VXLAN隧道接口配置为peer-link接口,则需要先取消VXLAN隧道接口作为peer-link接口的配置,待VXLAN隧道接口、VXLAN隧道的公网出接口up后,将这些接口配置为保留接口,之后再将VXLAN隧道接口配置为peer-link接口。 4 EVPN和M-LAG二层转发配置举例(直连模式peer-link链路) 4.1 组网需求Switch A、Switch B、Switch D为与服务器连接的VTEP设备。Switch A和Switch B通过M-LAG虚拟为一台VTEP设备,Switch A和Switch B之间通过peer-link链路同步MAC地址和ARP信息,以确保两台VTEP上的MAC地址和ARP信息保持一致。Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。本组网采用直连模式peer-link链路。 Switch A和Switch B均通过以太网链路与下行的虚拟机VM 1、VM 2连接,要求在连接每一台虚拟机的链路间跨设备建立二层聚合接口,避免单条以太网链路故障导致虚拟机无法访问网络。 虚拟机VM 1、VM 2和VM 3同属于VXLAN 10,通过EVPN实现不同站点间的二层互通。 图4-1 EVPN和M-LAG二层转发组网图(直连模式peer-link链路) 4.2 配置思路 · 在交换机上配置路由协议,使得各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。 · 在Switch A、Switch B上开启EVPN支持M-LAG功能,使两台设备虚拟为一台VTEP设备。 · 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由 · 在Switch A、Switch B和Switch D上配置EVPN,使VTEP之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便将虚拟机发送的二层报文封装为IP报文后在IP核心网络上转发。 · 在Switch A、Switch B和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。 4.3 适用产品及版本表4-1 适用产品及版本 产品 软件版本 S9850-G系列 Release 6010P03及以上版本 S6850-G系列 S6805-G系列 Release 6010P03及以上版本 S5590-HI系列 不支持 S5590-EI系列 S5500V3-HI系列 不支持 S6520X-EI-G系列 S6520XP-EI-G系列 不支持 S5590XP-HI-G系列 不支持 S5560-EI-G系列 不支持 S5500-D-G系列 S5100-D-G系列 不支持 S5130S-HI-G系列 不支持 S5130S-EI-G系列(除S5130S-30C-EI-G、S5130S-54C-EI-G) 不支持 S5130S-30C-EI-G S5130S-54C-EI-G 不支持 4.4 配置步骤 4.4.1 配置各接口的IP地址 # 在Switch A上配置各接口的IP地址。 system-view [SwitchA] interface loopback 0 [SwitchA-Loopback0] ip address 1.1.1.1 32 [SwitchA-Loopback0] quit [SwitchA] interface loopback 1 [SwitchA-Loopback1] ip address 1.2.3.4 32 [SwitchA-Loopback1] quit [SwitchA] vlan 11 [SwitchA-vlan11] port ten-gigabitethernet 1/0/5 [SwitchA-vlan11] quit [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] ip address 11.1.1.1 24 [SwitchA-Vlan-interface11] quit [SwitchA] interface ten-gigabitethernet 1/0/4 [SwitchA-Ten-GigabitEthernet1/0/4] port link-mode route [SwitchA-Ten-GigabitEthernet1/0/4] ip address 60.1.1.1 24 [SwitchA-Ten-GigabitEthernet1/0/4] quit # 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。 4.4.2 配置路由协议 1. 配置Switch A# 配置OSPF发布接口所在网段的路由。 [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit 2. 配置Switch B# 配置OSPF发布接口所在网段的路由。 system-view [SwitchB] ospf 1 router-id 2.2.2.2 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit 3. 配置Switch C# 配置OSPF发布接口所在网段的路由。 system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit 4. 配置Switch D# 配置OSPF发布接口所在网段的路由。 system-view [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit 4.4.3 创建VSI、EVPN实例和VXLAN 1. 配置Switch A# 开启L2VPN能力。 [SwitchA] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchA] vxlan tunnel mac-learning disable [SwitchA] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] arp suppression enable [SwitchA-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchA-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan-10] quit [SwitchA-vsi-vpna] quit 2. 配置Switch B# 开启L2VPN能力。 [SwitchB] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchB] vxlan tunnel mac-learning disable [SwitchB] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] arp suppression enable [SwitchB-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchB-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit 3. 配置Switch D# 开启L2VPN能力。 [SwitchD] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchD] vxlan tunnel mac-learning disable [SwitchD] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例。 [SwitchD] vsi vpna [SwitchD-vsi-vpna] arp suppression enable [SwitchD-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchD-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchD-vsi-vpna] vxlan 10 [SwitchD-vsi-vpna-vxlan-10] quit [SwitchD-vsi-vpna] quit 4.4.4 配置M-LAG 1. 配置Switch A# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。 [SwitchA] evpn m-lag group 1.2.3.4 # 配置M-LAG系统。 [SwitchA] m-lag system-mac 0001-0001-0001 [SwitchA] m-lag system-number 1 [SwitchA] m-lag system-priority 10 [SwitchA] m-lag restore-delay 180 [SwitchA] m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1 # 创建二层聚合接口3,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 3 [SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation3] quit # 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。 [SwitchA] interface ten-gigabitethernet 1/0/3 [SwitchA-Ten-GigabitEthernet1/0/3] port link-aggregation group 3 [SwitchA-Ten-GigabitEthernet1/0/3] quit # 将二层聚合接口3配置为peer-link接口。 [SwitchA] interface bridge-aggregation 3 [SwitchA-Bridge-Aggregation3] port m-lag intra-portal-port 1 [SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable [SwitchA-Bridge-Aggregation3] quit # 配置M-LAG设备Switch A与Switch B之间路由可达。 [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface Vlan-interface 100 [SwitchA-Vlan-interface100] ip address 100.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] ospf 1 area 0.0.0.0 [SwitchA-Vlan-interface100] quit # 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能和生成树协议。 [SwitchA] interface ten-gigabitethernet 1/0/5 [SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable [SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable [SwitchA-Ten-GigabitEthernet1/0/5] quit # 创建二层聚合接口4,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation4] quit # 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。 [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4 [SwitchA-Ten-GigabitEthernet1/0/1] quit # 将二层聚合接口4加入M-LAG组4中。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] port m-lag group 4 [SwitchA-Bridge-Aggregation4] quit # 创建二层聚合接口5,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation5] quit # 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。 [SwitchA] interface ten-gigabitethernet 1/0/2 [SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5 [SwitchA-Ten-GigabitEthernet1/0/2] quit # 将二层聚合接口5加入M-LAG组5中。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] port m-lag group 5 [SwitchA-Bridge-Aggregation5] quit # 将所有参与EVPN业务的接口配置为保留接口。 [SwitchA] m-lag mad exclude interface loopback 0 [SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/4 [SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/5 [SwitchA] m-lag mad exclude interface vlan-interface 11 2. 配置Switch B# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。 [SwitchB] evpn m-lag group 1.2.3.4 # 配置M-LAG系统。 [SwitchB] m-lag system-mac 0001-0001-0001 [SwitchB] m-lag system-number 2 [SwitchB] m-lag system-priority 10 [SwitchB] m-lag restore-delay 180 [SwitchB] m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2 # 创建二层聚合接口3,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 3 [SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation3] quit # 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。 [SwitchB] interface ten-gigabitethernet 1/0/3 [SwitchB-Ten-GigabitEthernet1/0/3] port link-aggregation group 3 [SwitchB-Ten-GigabitEthernet1/0/3] quit # 将二层聚合接口3配置为peer-link接口。 [SwitchB] interface bridge-aggregation 3 [SwitchB-Bridge-Aggregation3] port m-lag intra-portal-port 1 [SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable [SwitchB-Bridge-Aggregation3] quit # 配置M-LAG设备Switch A与Switch B之间路由可达。 [SwitchB] vlan 100 [SwitchB-vlan100] quit [SwitchB] interface Vlan-interface 100 [SwitchB-Vlan-interface100] ip address 100.1.1.2 255.255.255.0 [SwitchB-Vlan-interface100] ospf 1 area 0.0.0.0 [SwitchB-Vlan-interface100] quit # 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能和生成树协议。 [SwitchB] interface ten-gigabitethernet 1/0/5 [SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable [SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable [SwitchB-Ten-GigabitEthernet1/0/5] quit # 创建二层聚合接口4,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation4] quit # 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。 [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4 [SwitchB-Ten-GigabitEthernet1/0/1] quit # 将二层聚合接口4加入M-LAG组4中。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] port m-lag group 4 [SwitchB-Bridge-Aggregation4] quit # 创建二层聚合接口5,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation5] quit # 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。 [SwitchB] interface ten-gigabitethernet 1/0/2 [SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5 [SwitchB-Ten-GigabitEthernet1/0/2] quit # 将二层聚合接口5加入M-LAG组5中。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] port m-lag group 5 [SwitchB-Bridge-Aggregation5] quit # 将所有参与EVPN业务的接口配置为保留接口。 [SwitchB] m-lag mad exclude interface loopback 0 [SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/4 [SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/5 [SwitchA] m-lag mad exclude interface vlan-interface 12 4.4.5 配置BGP发布EVPN路由 1. 配置Switch A# 配置BGP发布EVPN路由。 [SwitchA] bgp 200 [SwitchA-bgp-default] peer 3.3.3.3 as-number 200 [SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchA-bgp-default] address-family l2vpn evpn [SwitchA-bgp-default-evpn] peer 3.3.3.3 enable [SwitchA-bgp-default-evpn] quit [SwitchA-bgp-default] quit 2. 配置Switch B# 配置BGP发布EVPN路由。 [SwitchB] bgp 200 [SwitchB-bgp-default] peer 3.3.3.3 as-number 200 [SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp-default] address-family l2vpn evpn [SwitchB-bgp-default-evpn] peer 3.3.3.3 enable [SwitchB-bgp-default-evpn] quit [SwitchB-bgp-default] quit 3. 配置Switch C# 配置BGP发布EVPN路由,并作为路由反射器反射路由。 [SwitchC] bgp 200 [SwitchC-bgp-default] group evpn [SwitchC-bgp-default] peer 1.1.1.1 group evpn [SwitchC-bgp-default] peer 2.2.2.2 group evpn [SwitchC-bgp-default] peer 4.4.4.4 group evpn [SwitchC-bgp-default] peer evpn as-number 200 [SwitchC-bgp-default] peer evpn connect-interface loopback 0 [SwitchC-bgp-default] address-family l2vpn evpn [SwitchC-bgp-default-evpn] peer evpn enable [SwitchC-bgp-default-evpn] undo policy vpn-target [SwitchC-bgp-default-evpn] peer evpn reflect-client [SwitchC-bgp-default-evpn] quit [SwitchC-bgp-default] quit 4. 配置Switch D# 配置BGP发布EVPN路由。 [SwitchD] bgp 200 [SwitchD-bgp-default] peer 3.3.3.3 as-number 200 [SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchD-bgp-default] address-family l2vpn evpn [SwitchD-bgp-default-evpn] peer 3.3.3.3 enable [SwitchD-bgp-default-evpn] quit [SwitchD-bgp-default] quit 4.4.6 配置以太网服务实例匹配用户报文,并将其与VSI关联 1. 配置Switch A# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] service-instance 1000 [SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna [SwitchA-Bridge-Aggregation4-srv1000] quit # 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] service-instance 1000 [SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna [SwitchA-Bridge-Aggregation5-srv1000] quit 2. 配置Switch B# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] service-instance 1000 [SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna [SwitchB-Bridge-Aggregation4-srv1000] quit # 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] service-instance 1000 [SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna [SwitchB-Bridge-Aggregation5-srv1000] quit 3. 配置Switch D# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchD] interface ten-gigabitethernet 1/0/1 [SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchD-Ten-GigabitEthernet1/0/1] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchD-Ten-GigabitEthernet1/0/1] xconnect vsi vpna [SwitchD-Ten-GigabitEthernet1/0/1] quit 4.5 验证配置 1. 以Switch A为例,验证M-LAG设备# 查看Switch A上的EVPN路由信息。 [Switch A]display bgp l2vpn evpn BGP local router ID is 1.2.3.4 Status codes: * - valid, > - best, d - dampened, h - history s - suppressed, S - stale, i - internal, e - external a - additional-path Origin: i - IGP, e - EGP, ? - incomplete Total number of routes from all PEs: 1 Route distinguisher: 1:10 Total number of routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn * > [3][0][32][1.2.3.4]/80 1.2.3.4 0 100 32768 i * >i [3][0][32][4.4.4.4]/80 4.4.4.4 0 100 0 i # 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并且隧道源地址是虚拟VTEP地址。 [SwitchA] display interface tunnel Tunnel0 Current state: UP Line protocol state: UP Description: Tunnel0 Interface Bandwidth: 64 kbps Maximum transmission unit: 1464 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 1.2.3.4, destination 4.4.4.4 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # 查看Switch A上的VSI信息,可以看到设备自动在peer-link链路上创建了AC,并将其与VSI关联。 [SwitchA] display l2vpn vsi verbose VSI Name: vpna VSI Index : 0 VSI State : Up MTU : 1500 Bandwidth : - Broadcast Restrain : - Multicast Restrain : - Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit : - MAC Learning rate : - Drop Unknown : - Flooding : Enabled Statistics : Disabled VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel0 0x5000000 UP Auto Disabled ACs: AC Link ID State Type BAGG4 srv1000 0 Up Manual BAGG3 srv2 1 Up Dynamic (MLAG) BAGG5 srv1000 2 Up Manual BAGG3 srv3 3 Up Dynamic (MLAG) 2. 验证主机之间可以互访虚拟机VM 1、VM 2和VM 3之间可以互访。虚拟机与Switch A或Switch B相连的链路断开后,VM 1、VM 2和VM 3仍然可以通过另一台设备互访。 4.6 配置文件· Switch A # vxlan tunnel mac-learning disable # ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 1.2.3.4 0.0.0.0 network 11.1.1.0 0.0.0.255 # vlan 11 # l2vpn enable vxlan tunnel arp-learning disable evpn m-lag group 1.2.3.4 # vsi vpna arp suppression enable vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface Bridge-Aggregation3 link-aggregation mode dynamic port m-lag intra-portal-port 1 undo mac-address static source-check enable undo stp enable # interface Bridge-Aggregation4 link-aggregation mode dynamic port m-lag group 4 # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Bridge-Aggregation5 link-aggregation mode dynamic port m-lag group 5 # service-instance 1000 encapsulation s-vid 3 xconnect vsi vpna # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack0 ip address 1.2.3.4 255.255.255.255 # interface Vlan-interface11 ip address 11.1.1.1 255.255.255.0 # interface Ten-GigabitEthernet1/0/4 port link-mode route ip address 60.1.1.1 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port link-aggregation group 3 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port access vlan 11 undo mac-address static source-check enable undo stp enable # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1 m-lag restore-delay 180 m-lag system-mac 0001-0001-0001 m-lag system-number 1 m-lag system-priority 10 # m-lag mad exclude interface LoopBack0 m-lag mad exclude interface Ten-GigabitEthernet1/0/4 m-lag mad exclude interface Ten-GigabitEthernet1/0/5 m-lag mad exclude interface Vlan-interface11 # return · Switch B # vxlan tunnel mac-learning disable # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 1.2.3.4 0.0.0.0 network 2.2.2.2 0.0.0.0 network 12.1.1.0 0.0.0.255 # vlan 12 # l2vpn enable vxlan tunnel arp-learning disable evpn m-lag group 1.2.3.4 # vsi vpna arp suppression enable vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface Bridge-Aggregation3 link-aggregation mode dynamic port m-lag intra-portal-port 1 undo mac-address static source-check enable undo stp enable # interface Bridge-Aggregation4 link-aggregation mode dynamic port m-lag group 4 # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Bridge-Aggregation5 link-aggregation mode dynamic port m-lag group 5 # service-instance 1000 encapsulation s-vid 3 xconnect vsi vpna # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface LoopBack1 ip address 1.2.3.4 255.255.255.255 # interface Vlan-interface12 ip address 12.1.1.2 255.255.255.0 # interface Ten-GigabitEthernet1/0/4 port link-mode route ip address 60.1.1.2 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port link-aggregation group 3 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port access vlan 12 undo mac-address static source-check enable undo stp enable # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2 m-lag restore-delay 180 m-lag system-mac 0001-0001-0001 m-lag system-number 2 m-lag system-priority 10 # m-lag mad exclude interface LoopBack0 m-lag mad exclude interface Ten-GigabitEthernet1/0/4 m-lag mad exclude interface Ten-GigabitEthernet1/0/5 m-lag mad exclude interface Vlan-interface12 # return · Switch C # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 11.1.1.0 0.0.0.255 network 12.1.1.0 0.0.0.255 network 13.1.1.0 0.0.0.255 # vlan 11 to 13 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # interface Vlan-interface11 ip address 11.1.1.3 255.255.255.0 # interface Vlan-interface12 ip address 12.1.1.3 255.255.255.0 # interface Vlan-interface13 ip address 13.1.1.3 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port access vlan 11 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port access vlan 12 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port access vlan 13 # bgp 200 group evpn internal peer evpn connect-interface LoopBack0 peer 1.1.1.1 group evpn peer 2.2.2.2 group evpn peer 4.4.4.4 group evpn # address-family l2vpn evpn undo policy vpn-target peer evpn enable peer evpn reflect-client # return · Switch D # vxlan tunnel mac-learning disable # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 13.1.1.0 0.0.0.255 # vlan 13 # l2vpn enable vxlan tunnel arp-learning disable # vsi vpna arp suppression enable vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # interface Vlan-interface13 ip address 13.1.1.4 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port access vlan 13 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # 5 EVPN和M-LAG二层转发配置举例(隧道模式peer-link链路) 5.1 组网需求Switch A、Switch B、Switch D为与服务器连接的VTEP设备。Switch A和Switch B通过M-LAG虚拟为一台VTEP设备,Switch A和Switch B之间采用隧道模式peer-link链路,同步MAC地址和ARP信息,以确保两台VTEP上的MAC地址和ARP信息保持一致,在Switch A和Switch B上配置Monitor Link组。把所有上行口配置为Up-Link,所有下行DR成员口配置为Down-Link,通过Monitor Link实现上下行接口联动,以便及时发现上行接口故障,并在DR成员设备之间进行主从切换。。Switch C同时作为路由反射器在Switch A、Switch B、Switch D之间反射路由。 Switch A和Switch B均通过以太网链路与下行的虚拟机VM 1、VM 2连接,要求在连接每一台虚拟机的链路间跨设备建立二层聚合接口,避免单条以太网链路故障导致虚拟机无法访问网络。 虚拟机VM 1、VM 2和VM 3同属于VXLAN 10,通过EVPN实现不同站点间的二层互通。 图5-1 EVPN和M-LAG二层转发组网图(隧道模式peer-link链路) 5.2 配置思路 · 在交换机上配置路由协议,使得各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。 · 在Switch A、Switch B上开启EVPN支持M-LAG功能,使两台设备虚拟为一台VTEP设备。 · Switch A、Switch B之间通过手工方式创建隧道模式peer-link链路,在Switch A和Switch B之间同步MAC地址和ARP信息。 · 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由 · 在Switch A、Switch B和Switch D上配置EVPN,使VTEP之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便将虚拟机发送的二层报文封装为IP报文后在IP核心网络上转发。 · 在Switch A、Switch B和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。 5.3 适用产品及版本表5-1 适用产品及版本 产品 软件版本 S9850-G系列 Release 6010P03及以上版本 S6850-G系列 S6805-G系列 Release 6010P03及以上版本 S5590-HI系列 不支持 S5590-EI系列 S5500V3-HI系列 不支持 S6520X-EI-G系列 S6520XP-EI-G系列 不支持 S5590XP-HI-G系列 不支持 S5560-EI-G系列 不支持 S5500-D-G系列 S5100-D-G系列 不支持 S5130S-HI-G系列 不支持 S5130S-EI-G系列(除S5130S-30C-EI-G、S5130S-54C-EI-G) 不支持 S5130S-30C-EI-G S5130S-54C-EI-G 不支持 5.4 配置步骤 5.4.1 配置各接口的IP地址 # 在Switch A上配置各接口的IP地址。 system-view [SwitchA] interface loopback 0 [SwitchA-Loopback0] ip address 1.1.1.1 32 [SwitchA-Loopback0] quit [SwitchA] interface loopback 1 [SwitchA-Loopback1] ip address 1.2.3.4 32 [SwitchA-Loopback1] quit [SwitchA] vlan 11 [SwitchA-vlan11] port ten-gigabitethernet 1/0/5 [SwitchA-vlan11] quit [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] ip address 11.1.1.1 24 [SwitchA-Vlan-interface11] quit # 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。 5.4.2 配置路由协议 1. 配置Switch A# 配置OSPF发布接口所在网段的路由。 [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit 2. 配置Switch B# 配置OSPF发布接口所在网段的路由。 system-view [SwitchB] ospf 1 router-id 2.2.2.2 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit 3. 配置Switch C# 配置OSPF发布接口所在网段的路由。 system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit 4. 配置Switch D# 配置OSPF发布接口所在网段的路由。 system-view [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit 5.4.3 创建VSI、EVPN实例和VXLAN 1. 配置Switch A# 开启L2VPN能力。 [SwitchA] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchA] vxlan tunnel mac-learning disable [SwitchA] vxlan tunnel arp-learning disable # 配置预留VXLAN ID为1234。 [SwitchA] reserved vxlan 1234 # 在VSI实例vpna下创建EVPN实例。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] arp suppression enable [SwitchA-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchA-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan-10] quit [SwitchA-vsi-vpna] quit 2. 配置Switch B# 开启L2VPN能力。 [SwitchB] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchB] vxlan tunnel mac-learning disable [SwitchB] vxlan tunnel arp-learning disable # 配置预留VXLAN ID为1234。 [SwitchB] reserved vxlan 1234 # 在VSI实例vpna下创建EVPN实例。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] arp suppression enable [SwitchB-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchB-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit 3. 配置Switch D# 开启L2VPN能力。 [SwitchD] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchD] vxlan tunnel mac-learning disable [SwitchD] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例。 [SwitchD] vsi vpna [SwitchD-vsi-vpna] arp suppression enable [SwitchD-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchD-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchD-vsi-vpna] vxlan 10 [SwitchD-vsi-vpna-vxlan-10] quit [SwitchD-vsi-vpna] quit 5.4.4 配置M-LAG 1. 配置Switch A# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。 [SwitchA] evpn m-lag group 1.2.3.4 # 配置M-LAG系统。 [SwitchA] m-lag system-mac 0001-0001-0001 [SwitchA] m-lag system-number 1 [SwitchA] m-lag system-priority 10 [SwitchA] m-lag restore-delay 180 # 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,并配置封装后隧道报文的ToS值为100。 [SwitchA] interface tunnel 1 mode vxlan [SwitchA-Tunnel1] source 1.1.1.1 [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] tunnel tos 100 [SwitchA-Tunnel1] quit # 将VXLAN隧道接口配置M-LAG保留接口。 [SwitchA] m-lag mad exclude interface tunnel 1 # 配置VXLAN隧道接口为peer-link接口。 [SwitchA] interface tunnel 1 [SwitchA-Tunnel1] port m-lag intra-portal-port 1 [SwitchA-Tunnel1] quit # 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能和生成树协议。 [SwitchA] interface ten-gigabitethernet 1/0/5 [SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable [SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable [SwitchA-Ten-GigabitEthernet1/0/5] quit # 创建二层聚合接口4,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation4] quit # 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。 [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4 [SwitchA-Ten-GigabitEthernet1/0/1] quit # 将二层聚合接口4加入M-LAG组4中。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] port m-lag group 4 [SwitchA-Bridge-Aggregation4] quit # 创建二层聚合接口5,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation5] quit # 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。 [SwitchA] interface ten-gigabitethernet 1/0/2 [SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5 [SwitchA-Ten-GigabitEthernet1/0/2] quit # 将二层聚合接口5加入M-LAG组5中。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] port m-lag group 5 [SwitchA-Bridge-Aggregation5] quit # 创建Monitor Link组1,添加上行和下行接口,以便在上下行接口之间形成联动。 [SwitchA] monitor-link group 1 [SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink [SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink [SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink [SwitchA-mtlk-group1] quit # 将所有参与EVPN业务的接口配置为保留接口。 [SwitchA] m-lag mad exclude interface loopback 0 [SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/5 [SwitchA] m-lag mad exclude interface vlan-interface 11 2. 配置Switch B# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。 [SwitchB] evpn m-lag group 1.2.3.4 # 配置M-LAG系统。 [SwitchB] m-lag system-mac 0001-0001-0001 [SwitchB] m-lag system-number 2 [SwitchB] m-lag system-priority 10 [SwitchB] m-lag restore-delay 180 # 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,并配置封装后隧道报文的ToS值为100。 [SwitchB] interface tunnel 1 mode vxlan [SwitchB-Tunnel1] source 2.2.2.2 [SwitchB-Tunnel1] destination 1.1.1.1 [SwitchB-Tunnel1] tunnel tos 100 [SwitchB-Tunnel1] quit # 将VXLAN隧道接口配置M-LAG保留接口。 [SwitchB] m-lag mad exclude interface tunnel 1 # 配置VXLAN隧道接口为peer-link接口。 [SwitchB] interface tunnel 1 [SwitchB-Tunnel1] port m-lag intra-portal-port 1 [SwitchB-Tunnel1] quit # 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能和生成树协议。 [SwitchB] interface ten-gigabitethernet 1/0/5 [SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable [SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable [SwitchB-Ten-GigabitEthernet1/0/5] quit # 创建二层聚合接口4,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation4] quit # 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。 [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4 [SwitchB-Ten-GigabitEthernet1/0/1] quit # 将二层聚合接口4加入M-LAG组4中。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] port m-lag group 4 [SwitchB-Bridge-Aggregation4] quit # 创建二层聚合接口5,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation5] quit # 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。 [SwitchB] interface ten-gigabitethernet 1/0/2 [SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5 [SwitchB-Ten-GigabitEthernet1/0/2] quit # 将二层聚合接口5加入M-LAG组5中。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] port m-lag group 5 [SwitchB-Bridge-Aggregation5] quit # 创建Monitor Link组1,添加上行和下行接口,以便在上下行接口之间形成联动。 [SwitchB] monitor-link group 1 [SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink [SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink [SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink [SwitchB-mtlk-group1] quit # 将所有参与EVPN业务的接口配置为保留接口。 [SwitchB] m-lag mad exclude interface loopback 0 [SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/5 [SwitchB] m-lag mad exclude interface vlan-interface 12 5.4.5 配置BGP发布EVPN路由 1. 配置Switch A# 配置BGP发布EVPN路由。 [SwitchA] bgp 200 [SwitchA-bgp-default] peer 3.3.3.3 as-number 200 [SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchA-bgp-default] address-family l2vpn evpn [SwitchA-bgp-default-evpn] peer 3.3.3.3 enable [SwitchA-bgp-default-evpn] quit [SwitchA-bgp-default] quit 2. 配置Switch B# 配置BGP发布EVPN路由。 [SwitchB] bgp 200 [SwitchB-bgp-default] peer 3.3.3.3 as-number 200 [SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp-default] address-family l2vpn evpn [SwitchB-bgp-default-evpn] peer 3.3.3.3 enable [SwitchB-bgp-default-evpn] quit [SwitchB-bgp-default] quit 3. 配置Switch C# 配置BGP发布EVPN路由,并作为路由反射器反射路由。 [SwitchC] bgp 200 [SwitchC-bgp-default] group evpn [SwitchC-bgp-default] peer 1.1.1.1 group evpn [SwitchC-bgp-default] peer 2.2.2.2 group evpn [SwitchC-bgp-default] peer 4.4.4.4 group evpn [SwitchC-bgp-default] peer evpn as-number 200 [SwitchC-bgp-default] peer evpn connect-interface loopback 0 [SwitchC-bgp-default] address-family l2vpn evpn [SwitchC-bgp-default-evpn] peer evpn enable [SwitchC-bgp-default-evpn] undo policy vpn-target [SwitchC-bgp-default-evpn] peer evpn reflect-client [SwitchC-bgp-default-evpn] quit [SwitchC-bgp-default] quit 4. 配置Switch D# 配置BGP发布EVPN路由。 [SwitchD] bgp 200 [SwitchD-bgp-default] peer 3.3.3.3 as-number 200 [SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchD-bgp-default] address-family l2vpn evpn [SwitchD-bgp-default-evpn] peer 3.3.3.3 enable [SwitchD-bgp-default-evpn] quit [SwitchD-bgp-default] quit 5.4.6 配置以太网服务实例匹配用户报文,并将其与VSI关联 1. 配置Switch A# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] service-instance 1000 [SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna [SwitchA-Bridge-Aggregation4-srv1000] quit # 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] service-instance 1000 [SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna [SwitchA-Bridge-Aggregation5-srv1000] quit 2. 配置Switch B# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] service-instance 1000 [SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna [SwitchB-Bridge-Aggregation4-srv1000] quit # 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] service-instance 1000 [SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna [SwitchB-Bridge-Aggregation5-srv1000] quit 3. 配置Switch D# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchD] interface ten-gigabitethernet 1/0/1 [SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchD-Ten-GigabitEthernet1/0/1] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchD-Ten-GigabitEthernet1/0/1] xconnect vsi vpna [SwitchD-Ten-GigabitEthernet1/0/1] quit 5.5 验证配置 1. 以Switch A为例,验证M-LAG设备# 查看Switch A上的EVPN路由信息。 [Switch A]display bgp l2vpn evpn BGP local router ID is 1.2.3.4 Status codes: * - valid, > - best, d - dampened, h - history s - suppressed, S - stale, i - internal, e - external a - additional-path Origin: i - IGP, e - EGP, ? - incomplete Total number of routes from all PEs: 2 Route distinguisher: 1:10 Total number of routes: 4 Network NextHop MED LocPrf PrefVal Path/Ogn * > [3][0][32][1.1.1.1]/80 1.1.1.1 0 100 32768 i * > [3][0][32][1.2.3.4]/80 1.2.3.4 0 100 32768 i * >i [3][0][32][2.2.2.2]/80 2.2.2.2 0 100 0 i * >i [3][0][32][4.4.4.4]/80 4.4.4.4 0 100 0 i # 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,Tunnel0的隧道源地址是虚拟VTEP地址,Tunnel1为作为peer-link链路。 [SwitchA] display interface Tunnel Tunnel0 Current state: UP Line protocol state: UP Description: Tunnel0 Interface Bandwidth: 64 kbps Maximum transmission unit: 1464 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 1.2.3.4, destination 4.4.4.4 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops
Tunnel1 Current state: UP Line protocol state: UP Description: Tunnel1 Interface Bandwidth: 64 kbps Maximum transmission unit: 1464 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 1.1.1.1, destination 2.2.2.2 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 13 bytes/sec, 104 bits/sec, 0 packets/sec Last 300 seconds output rate: 13 bytes/sec, 104 bits/sec, 0 packets/sec Input: 332 packets, 36377 bytes, 0 drops Output: 583 packets, 59132 bytes, 0 drops # 查看Switch A上的VSI信息。 [SwitchA] display l2vpn vsi verbose VSI Name: vpna VSI Index : 0 VSI State : Up MTU : 1500 Bandwidth : - Broadcast Restrain : - Multicast Restrain : - Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit : - MAC Learning rate : - Drop Unknown : - Flooding : Enabled Statistics : Disabled VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel0 0x5000000 UP Auto Disabled Tunnel1 0x5000001 UP Manual Disabled ACs: AC Link ID State Type BAGG4 srv1000 0 Up Manual BAGG5 srv1000 2 Up Manual 2. 验证主机之间可以互访虚拟机VM 1、VM 2和VM 3之间可以互访。虚拟机与Switch A或Switch B相连的链路断开后,VM 1、VM 2和VM 3仍然可以通过另一台设备互访。 5.6 配置文件· Switch A # vxlan tunnel mac-learning disable # ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 1.2.3.4 0.0.0.0 network 11.1.1.0 0.0.0.255 # vlan 11 # l2vpn enable reserved vxlan 1234 vxlan tunnel arp-learning disable evpn m-lag group 1.2.3.4 # vsi vpna arp suppression enable vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface Bridge-Aggregation4 link-aggregation mode dynamic port m-lag group 4 # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Bridge-Aggregation5 link-aggregation mode dynamic port m-lag group 5 # service-instance 1000 encapsulation s-vid 3 xconnect vsi vpna # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack1 ip address 1.2.3.4 255.255.255.255 # interface Vlan-interface11 ip address 11.1.1.1 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port access vlan 11 undo mac-address static source-check enable undo stp enable # interface Tunnel1 mode vxlan port m-lag intra-portal-port 1 source 1.1.1.1 destination 2.2.2.2 tunnel tos 100 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # monitor-link group 1 port ten-gigabitethernet 1/0/1 downlink port ten-gigabitethernet 1/0/2 downlink port ten-gigabitethernet 1/0/4 uplink # m-lag restore-delay 180 m-lag system-mac 0001-0001-0001 m-lag system-number 1 m-lag system-priority 10 # m-lag mad exclude interface LoopBack0 m-lag mad exclude interface Ten-GigabitEthernet1/0/5 m-lag mad exclude interface Tunnel1 m-lag mad exclude interface Vlan-interface 11 # return · Switch B # vxlan tunnel mac-learning disable # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 1.2.3.4 0.0.0.0 network 2.2.2.2 0.0.0.0 network 12.1.1.0 0.0.0.255 # vlan 12 # l2vpn enable reserved vxlan 1234 evpn m-lag group 1.2.3.4 vxlan tunnel arp-learning disable # vsi vpna arp suppression enable vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface Bridge-Aggregation4 link-aggregation mode dynamic port m-lag group 4 # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Bridge-Aggregation5 link-aggregation mode dynamic port m-lag group 5 # service-instance 1000 encapsulation s-vid 3 xconnect vsi vpna # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface LoopBack1 ip address 1.2.3.4 255.255.255.255 # interface Vlan-interface12 ip address 12.1.1.2 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port access vlan 12 undo mac-address static source-check enable undo stp enable # interface Tunnel1 mode vxlan port m-lag intra-portal-port 1 source 2.2.2.2 destination 1.1.1.1 tunnel tos 100 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # monitor-link group 1 port ten-gigabitethernet 1/0/1 downlink port ten-gigabitethernet 1/0/2 downlink port ten-gigabitethernet 1/0/4 uplink # m-lag restore-delay 180 m-lag system-mac 0001-0001-0001 m-lag system-number 2 m-lag system-priority 10 # m-lag mad exclude interface LoopBack0 m-lag mad exclude interface Ten-GigabitEthernet1/0/5 m-lag mad exclude interface Tunnel1 m-lag mad exclude interface Vlan-interface 12 # return · Switch C # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 11.1.1.0 0.0.0.255 network 12.1.1.0 0.0.0.255 network 13.1.1.0 0.0.0.255 # vlan 11 to 13 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # interface Vlan-interface11 ip address 11.1.1.3 255.255.255.0 # interface Vlan-interface12 ip address 12.1.1.3 255.255.255.0 # interface Vlan-interface13 ip address 13.1.1.3 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port access vlan 11 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port access vlan 12 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port access vlan 13 # bgp 200 group evpn internal peer evpn connect-interface LoopBack0 peer 1.1.1.1 group evpn peer 2.2.2.2 group evpn peer 4.4.4.4 group evpn # address-family l2vpn evpn undo policy vpn-target peer evpn enable peer evpn reflect-client # return · Switch D # vxlan tunnel mac-learning disable # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 13.1.1.0 0.0.0.255 # vlan 13 # l2vpn enable vxlan tunnel arp-learning disable # vsi vpna arp suppression enable vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # interface Vlan-interface13 ip address 13.1.1.4 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port access vlan 13 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # return 6 EVPN和M-LAG三层转发配置举例(直连模式peer-link链路) 6.1 组网需求Switch A、Switch B、Switch D为与服务器连接的分布式EVPN网关,Switch A和Switch B通过M-LAG虚拟为一台VTEP设备,Switch A和Switch B之间通过peer-link链路同步MAC地址和ARP信息,以确保两台VTEP上的MAC地址和ARP信息保持一致。Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。本组网采用直连模式peer-link链路。 Switch A和Switch B均通过以太网链路与下行的虚拟机VM 1、VM 2、VM 3和VM 4连接,要求在连接每一台虚拟机的链路间跨设备建立二层聚合接口,避免单条以太网链路故障导致虚拟机无法访问网络。 虚拟机VM 1、VM 3和VM 5属于VXLAN 10,VM 2和VM 4属于VXLAN 20,通过分布式EVPN网关实现不同VXLAN之间互通。 图6-1 EVPN和M-LAG三层转发组网图(直连模式peer-link链路) 6.2 配置思路 · 在交换机上配置路由协议,使得各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。 · 在Switch A、Switch B上开启EVPN支持M-LAG功能,使两台设备虚拟为一台VTEP设备。 · 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。 · 在Switch A、Switch B和Switch D上配置分布式EVPN网关,使VTEP之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便将虚拟机之间实现三层互通。 · 在Switch A、Switch B和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。 6.3 适用产品及版本表6-1 适用产品及版本 产品 软件版本 S9850-G系列 Release 6010P03及以上版本 S6850-G系列 S6805-G系列 Release 6010P03及以上版本 S5590-HI系列 不支持 S5590-EI系列 S5500V3-HI系列 不支持 S6520X-EI-G系列 S6520XP-EI-G系列 不支持 S5590XP-HI-G系列 不支持 S5560-EI-G系列 不支持 S5500-D-G系列 S5100-D-G系列 不支持 S5130S-HI-G系列 不支持 S5130S-EI-G系列(除S5130S-30C-EI-G、S5130S-54C-EI-G) 不支持 S5130S-30C-EI-G S5130S-54C-EI-G 不支持 6.4 配置步骤 6.4.1 配置各接口的IP地址 # 在Switch A上配置各接口的IP地址。 system-view [SwitchA] interface loopback 0 [SwitchA-Loopback0] ip address 1.1.1.1 32 [SwitchA-Loopback0] quit [SwitchA] interface loopback 1 [SwitchA-Loopback1] ip address 1.2.3.4 32 [SwitchA-Loopback1] quit [SwitchA] vlan 11 [SwitchA-vlan11] port ten-gigabitethernet 1/0/5 [SwitchA-vlan11] quit [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] ip address 11.1.1.1 24 [SwitchA-Vlan-interface11] quit [SwitchA] interface ten-gigabitethernet 1/0/4 [SwitchA-Ten-GigabitEthernet1/0/4] port link-mode route [SwitchA-Ten-GigabitEthernet1/0/4] ip address 60.1.1.1 24 [SwitchA-Ten-GigabitEthernet1/0/4] quit # 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。 # 在VM 1、VM 3和VM 5上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略) 6.4.2 配置路由协议 1. 配置Switch A# 配置OSPF发布接口所在网段的路由。 [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit 2. 配置Switch B# 配置OSPF发布接口所在网段的路由。 system-view [SwitchB] ospf 1 router-id 2.2.2.2 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit 3. 配置Switch C# 配置OSPF发布接口所在网段的路由。 system-view [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit 4. 配置Switch D# 配置OSPF发布接口所在网段的路由。 system-view [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit 6.4.3 创建VSI、EVPN实例和VXLAN 1. 配置Switch A# 开启L2VPN能力。 [SwitchA] l2vpn enable # 配置VXLAN的硬件资源模式。 [SwitchA] hardware-resource vxlan l3gw8k # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchA] vxlan tunnel mac-learning disable [SwitchA] vxlan tunnel arp-learning disable # 配置EVPN的全局MAC地址为0002-0003-0004。 [SwitchA] evpn global-mac 2-3-4 # 在VSI实例vpna下创建EVPN实例。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchA-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan-10] quit [SwitchA-vsi-vpna] quit # 在VSI实例vpnb下创建EVPN实例。 [SwitchA] vsi vpnb [SwitchA-vsi-vpnb] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto [SwitchA-vsi-vpnb-evpn-vxlan] quit # 创建VXLAN 20。 [SwitchA-vsi-vpnb] vxlan 20 [SwitchA-vsi-vpnb-vxlan-20] quit [SwitchA-vsi-vpnb] quit 2. 配置Switch B# 开启L2VPN能力。 [SwitchB] l2vpn enable # 配置VXLAN的硬件资源模式。 [SwitchB] hardware-resource vxlan l3gw8k # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchB] vxlan tunnel mac-learning disable [SwitchB] vxlan tunnel arp-learning disable # 配置EVPN的全局MAC地址为0002-0003-0004。 [SwitchB] evpn global-mac 2-3-4 # 在VSI实例vpna下创建EVPN实例。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] evpn encapsulation vxlan # 并配置自动生成EVPN实例的RD和RT。 [SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchB-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit # 在VSI实例vpnb下创建EVPN实例。 [SwitchB] vsi vpnb [SwitchB-vsi-vpnb] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto [SwitchB-vsi-vpnb-evpn-vxlan] quit # 创建VXLAN 20。 [SwitchB-vsi-vpnb] vxlan 20 [SwitchB-vsi-vpnb-vxlan-20] quit [SwitchB-vsi-vpnb] quit 3. 配置Switch D# 开启L2VPN能力。 [SwitchD] l2vpn enable # 配置VXLAN的硬件资源模式。 [SwitchD] hardware-resource vxlan l3gw8k # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchD] vxlan tunnel mac-learning disable [SwitchD] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例。 [SwitchD] vsi vpna [SwitchD-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchD-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchD-vsi-vpna] vxlan 10 [SwitchD-vsi-vpna-vxlan-10] quit [SwitchD-vsi-vpna] quit 6.4.4 配置分布式EVPN网关 1. 配置Switch A# 配置L3VPN的RD和RT。 [SwitchA] ip vpn-instance vpna [SwitchA-vpn-instance-vpna] route-distinguisher 1:1 [SwitchA-vpn-instance-vpna] address-family ipv4 [SwitchA-vpn-ipv4-vpna] vpn-target 2:2 [SwitchA-vpn-ipv4-vpna] quit [SwitchA-vpn-instance-vpna] address-family evpn [SwitchA-vpn-evpn-vpna] vpn-target 1:1 [SwitchA-vpn-evpn-vpna] quit [SwitchA-vpn-instance-vpna] quit # 配置VSI虚接口VSI-interface1。 [SwitchA] interface vsi-interface 1 [SwitchA-Vsi-interface1] ip binding vpn-instance vpna [SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vsi-interface1] mac-address 1-1-1 [SwitchA-Vsi-interface1] distributed-gateway local [SwitchA-Vsi-interface1] local-proxy-arp enable [SwitchA-Vsi-interface1] quit # 配置VSI虚接口VSI-interface2。 [SwitchA] interface vsi-interface 2 [SwitchA-Vsi-interface2] ip binding vpn-instance vpna [SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0 [SwitchA-Vsi-interface2] mac-address 2-2-2 [SwitchA-Vsi-interface2] distributed-gateway local [SwitchA-Vsi-interface2] local-proxy-arp enable [SwitchA-Vsi-interface2] quit # 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。 [SwitchA] interface vsi-interface 3 [SwitchA-Vsi-interface3] ip binding vpn-instance vpna [SwitchA-Vsi-interface3] l3-vni 1000 [SwitchA-Vsi-interface3] quit # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] gateway vsi-interface 1 [SwitchA-vsi-vpna] quit # 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。 [SwitchA] vsi vpnb [SwitchA-vsi-vpnb] gateway vsi-interface 2 [SwitchA-vsi-vpnb] quit 2. 配置Switch B# 配置L3VPN的RD和RT。 [SwitchB] ip vpn-instance vpna [SwitchB-vpn-instance-vpna] route-distinguisher 1:1 [SwitchB-vpn-instance-vpna] address-family ipv4 [SwitchB-vpn-ipv4-vpna] vpn-target 2:2 [SwitchB-vpn-ipv4-vpna] quit [SwitchB-vpn-instance-vpna] address-family evpn [SwitchB-vpn-evpn-vpna] vpn-target 1:1 [SwitchB-vpn-evpn-vpna] quit [SwitchB-vpn-instance-vpna] quit # 配置VSI虚接口VSI-interface1。 [SwitchB] interface vsi-interface 1 [SwitchB-Vsi-interface1] ip binding vpn-instance vpna [SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchB-Vsi-interface1] mac-address 1-1-1 [SwitchB-Vsi-interface1] distributed-gateway local [SwitchB-Vsi-interface1] local-proxy-arp enable [SwitchB-Vsi-interface1] quit # 配置VSI虚接口VSI-interface2。 [SwitchB] interface vsi-interface 2 [SwitchB-Vsi-interface2] ip binding vpn-instance vpna [SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0 [SwitchB-Vsi-interface2] mac-address 2-2-2 [SwitchB-Vsi-interface2] distributed-gateway local [SwitchB-Vsi-interface2] local-proxy-arp enable [SwitchB-Vsi-interface2] quit # 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。 [SwitchB] interface vsi-interface 3 [SwitchB-Vsi-interface3] ip binding vpn-instance vpna [SwitchB-Vsi-interface3] l3-vni 1000 [SwitchB-Vsi-interface3] quit # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] gateway vsi-interface 1 [SwitchB-vsi-vpna] quit # 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。 [SwitchB] vsi vpnb [SwitchB-vsi-vpnb] gateway vsi-interface 2 [SwitchB-vsi-vpnb] quit 3. 配置Switch D# 配置L3VPN的RD和RT。 [SwitchD] ip vpn-instance vpna [SwitchD-vpn-instance-vpna] route-distinguisher 1:1 [SwitchD-vpn-instance-vpna] address-family ipv4 [SwitchD-vpn-ipv4-vpna] vpn-target 2:2 [SwitchD-vpn-ipv4-vpna] quit [SwitchD-vpn-instance-vpna] address-family evpn [SwitchD-vpn-evpn-vpna] vpn-target 1:1 [SwitchD-vpn-evpn-vpna] quit [SwitchD-vpn-instance-vpna] quit # 配置VSI虚接口VSI-interface1。 [SwitchD] interface vsi-interface 1 [SwitchD-Vsi-interface1] ip binding vpn-instance vpna [SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchD-Vsi-interface1] mac-address 1-1-1 [SwitchD-Vsi-interface1] distributed-gateway local [SwitchD-Vsi-interface1] local-proxy-arp enable [SwitchD-Vsi-interface1] quit # 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。 [SwitchD] interface vsi-interface 3 [SwitchD-Vsi-interface3] ip binding vpn-instance vpna [SwitchD-Vsi-interface3] l3-vni 1000 [SwitchD-Vsi-interface3] quit # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchD] vsi vpna [SwitchD-vsi-vpna] gateway vsi-interface 1 [SwitchD-vsi-vpna] quit 6.4.5 配置M-LAG 1. 配置Switch A# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。 [SwitchA] evpn m-lag group 1.2.3.4 # 配置M-LAG系统。 [SwitchA] m-lag system-mac 0001-0002-0003 [SwitchA] m-lag system-number 1 [SwitchA] m-lag system-priority 10 [SwitchA] m-lag restore-delay 180 [SwitchA] m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1 # 创建二层聚合接口3,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 3 [SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation3] quit # 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。 [SwitchA] interface ten-gigabitethernet 1/0/3 [SwitchA-Ten-GigabitEthernet1/0/3] port link-aggregation group 3 [SwitchA-Ten-GigabitEthernet1/0/3] quit # 将二层聚合接口3配置为peer-link接口。 [SwitchA] interface bridge-aggregation 3 [SwitchA-Bridge-Aggregation3] port m-lag intra-portal-port 1 [SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable [SwitchA-Bridge-Aggregation3] quit # 配置M-LAG设备Switch A与Switch B之间路由可达。 [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface Vlan-interface 100 [SwitchA-Vlan-interface100] ip address 100.1.1.1 255.255.255.0 [SwitchA-Vlan-interface100] ospf 1 area 0.0.0.0 [SwitchA-Vlan-interface100] quit # 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能和生成树协议。 [SwitchA] interface ten-gigabitethernet 1/0/5 [SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable [SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable [SwitchA-Ten-GigabitEthernet1/0/5] quit # 创建二层聚合接口4,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation4] quit # 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。 [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4 [SwitchA-Ten-GigabitEthernet1/0/1] quit # 将二层聚合接口4加入M-LAG组4中。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] port m-lag group 4 [SwitchA-Bridge-Aggregation4] quit # 创建二层聚合接口5,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation5] quit # 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。 [SwitchA] interface ten-gigabitethernet 1/0/2 [SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5 [SwitchA-Ten-GigabitEthernet1/0/2] quit # 将二层聚合接口5加入M-LAG组5中。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] port m-lag group 5 [SwitchA-Bridge-Aggregation5] quit # 将所有参与EVPN业务的接口配置为保留接口。 [SwitchA] m-lag mad exclude interface loopback 0 [SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/4 [SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/5 [SwitchA] m-lag mad exclude interface vlan-interface 11 [SwitchA] m-lag mad exclude interface vsi-interface 1 [SwitchA] m-lag mad exclude interface vsi-interface 2 2. 配置Switch B# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。 [SwitchB] evpn m-lag group 1.2.3.4 # 配置M-LAG系统。 [SwitchB] m-lag system-mac 0001-0002-0003 [SwitchB] m-lag system-number 2 [SwitchB] m-lag system-priority 10 [SwitchB] m-lag restore-delay 180 [SwitchA] m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2 # 创建二层聚合接口3,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 3 [SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation3] quit # 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。 [SwitchB] interface ten-gigabitethernet 1/0/3 [SwitchB-Ten-GigabitEthernet1/0/3] port link-aggregation group 3 [SwitchB-Ten-GigabitEthernet1/0/3] quit # 将二层聚合接口3配置为peer-link接口。 [SwitchB] interface bridge-aggregation 3 [SwitchB-Bridge-Aggregation3] port m-lag intra-portal-port 1 [SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable [SwitchB-Bridge-Aggregation3] quit # 配置M-LAG设备Switch A与Switch B之间路由可达。 [SwitchB] vlan 100 [SwitchB-vlan100] quit [SwitchB] interface Vlan-interface 100 [SwitchB-Vlan-interface100] ip address 100.1.1.2 255.255.255.0 [SwitchB-Vlan-interface100] ospf 1 area 0.0.0.0 [SwitchB-Vlan-interface100] quit # 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能和生成树协议。 [SwitchB] interface ten-gigabitethernet 1/0/5 [SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable [SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable [SwitchB-Ten-GigabitEthernet1/0/5] quit # 创建二层聚合接口4,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation4] quit # 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。 [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4 [SwitchB-Ten-GigabitEthernet1/0/1] quit # 将二层聚合接口4加入M-LAG组4中。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] port m-lag group 4 [SwitchB-Bridge-Aggregation4] quit # 创建二层聚合接口5,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation5] quit # 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。 [SwitchB] interface ten-gigabitethernet 1/0/2 [SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5 [SwitchB-Ten-GigabitEthernet1/0/2] quit # 将二层聚合接口5加入M-LAG组5中。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] port m-lag group 5 [SwitchB-Bridge-Aggregation5] quit # 将所有参与EVPN业务的接口配置为保留接口。 [SwitchB] m-lag mad exclude interface loopback 0 [SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/4 [SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/5 [SwitchB] m-lag mad exclude interface vsi-interface 1 [SwitchB] m-lag mad exclude interface vsi-interface 2 [SwitchB] m-lag mad exclude interface vlan-interface 12 6.4.6 配置BGP发布EVPN路由 1. 配置Switch A# 配置BGP发布EVPN路由。 [SwitchA] bgp 200 [SwitchA-bgp-default] peer 3.3.3.3 as-number 200 [SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchA-bgp-default] address-family l2vpn evpn [SwitchA-bgp-default-evpn] peer 3.3.3.3 enable [SwitchA-bgp-default-evpn] quit [SwitchA-bgp-default] quit 2. 配置Switch B# 配置BGP发布EVPN路由。 [SwitchB] bgp 200 [SwitchB-bgp-default] peer 3.3.3.3 as-number 200 [SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp-default] address-family l2vpn evpn [SwitchB-bgp-default-evpn] peer 3.3.3.3 enable [SwitchB-bgp-default-evpn] quit [SwitchB-bgp-default] quit 3. 配置Switch C# 配置BGP发布EVPN路由,并作为路由反射器反射路由。 [SwitchC] bgp 200 [SwitchC-bgp-default] group evpn [SwitchC-bgp-default] peer 1.1.1.1 group evpn [SwitchC-bgp-default] peer 2.2.2.2 group evpn [SwitchC-bgp-default] peer 4.4.4.4 group evpn [SwitchC-bgp-default] peer evpn as-number 200 [SwitchC-bgp-default] peer evpn connect-interface loopback 0 [SwitchC-bgp-default] address-family l2vpn evpn [SwitchC-bgp-default-evpn] peer evpn enable [SwitchC-bgp-default-evpn] undo policy vpn-target [SwitchC-bgp-default-evpn] peer evpn reflect-client [SwitchC-bgp-default-evpn] quit [SwitchC-bgp-default] quit 4. 配置Switch D# 配置BGP发布EVPN路由。 [SwitchD] bgp 200 [SwitchD-bgp-default] peer 3.3.3.3 as-number 200 [SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchD-bgp-default] address-family l2vpn evpn [SwitchD-bgp-default-evpn] peer 3.3.3.3 enable [SwitchD-bgp-default-evpn] quit [SwitchD-bgp-default] quit 6.4.7 配置以太网服务实例匹配用户报文,并将其与VSI关联 1. 配置Switch A# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] service-instance 1000 [SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna [SwitchA-Bridge-Aggregation4-srv1000] quit # 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] service-instance 1000 [SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3 # 配置以太网服务实例1000与VSI实例vpnb关联。 [SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpnb [SwitchA-Bridge-Aggregation5-srv1000] quit 2. 配置Switch B# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] service-instance 1000 [SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpnb关联。 [SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna [SwitchB-Bridge-Aggregation4-srv1000] quit # 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] service-instance 1000 [SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpnb [SwitchB-Bridge-Aggregation5-srv1000] quit 3. 配置Switch D# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchD] interface ten-gigabitethernet 1/0/1 [SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchD-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchD-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna [SwitchD-Ten-GigabitEthernet1/0/1-srv1000] quit 6.5 验证配置 1. 以Switch A为例,验证M-LAG设备# 查看Switch A上的EVPN路由信息。 [Switch A]display bgp l2vpn evpn BGP local router ID is 1.2.3.4 Status codes: * - valid, > - best, d - dampened, h - history s - suppressed, S - stale, i - internal, e - external a - additional-path Origin: i - IGP, e - EGP, ? - incomplete Total number of routes from all PEs: 2 Route distinguisher: 1:1(vpna) Total number of routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn * > [5][0][24][10.1.1.0]/80 1.2.3.4 0 100 32768 i * > [5][0][24][10.1.2.0]/80 1.2.3.4 0 100 32768 i Route distinguisher: 1:10 Total number of routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn * > [3][0][32][1.2.3.4]/80 1.2.3.4 0 100 32768 i * >i [3][0][32][4.4.4.4]/80 4.4.4.4 0 100 0 i Route distinguisher: 1:20 Total number of routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn * > [3][0][32][1.2.3.4]/80 1.2.3.4 0 100 32768 i * >i [3][0][32][4.4.4.4]/80 4.4.4.4 0 100 0 i # 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并且隧道源地址是虚拟VTEP地址。 [SwitchA] display interface Tunnel Tunnel0 Current state: UP Line protocol state: UP Description: Tunnel0 Interface Bandwidth: 64 kbps Maximum transmission unit: 1464 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 1.2.3.4, destination 4.4.4.4 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops # 查看Switch A上的VSI信息,可以看到设备自动在peer-link链路上创建了AC,并将其与VSI关联。 [SwitchA] display l2vpn vsi verbose VSI Name: Auto_L3VNI1000_3 VSI Index : 1 VSI State : Down MTU : 1500 Bandwidth : - Broadcast Restrain : - Multicast Restrain : - Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit : - MAC Learning rate : - Drop Unknown : - Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 3 VXLAN ID : 1000
VSI Name: vpna VSI Index : 0 VSI State : Up MTU : 1500 Bandwidth : Unlimited Broadcast Restrain : Unlimited Multicast Restrain : Unlimited Unknown Unicast Restrain: Unlimited MAC Learning : Enabled MAC Table Limit : - MAC Learning rate : - Drop Unknown : - PW Redundancy : Slave Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 1 VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel0 0x5000000 UP Auto Disabled ACs: AC Link ID State Type BAGG4 srv1000 0 Up Manual BAGG3 srv2 1 Up Dynamic (MLAG)
VSI Name: vpnb VSI Index : 2 VSI State : Up MTU : 1500 Bandwidth : Unlimited Broadcast Restrain : Unlimited Multicast Restrain : Unlimited Unknown Unicast Restrain: Unlimited MAC Learning : Enabled MAC Table Limit : - MAC Learning rate : - Drop Unknown : - PW Redundancy : Slave Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 2 VXLAN ID : 20 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel0 0x5000000 UP Auto Disabled ACs: AC Link ID State Type BAGG5 srv1000 0 Up Manual BAGG3 srv3 1 Up Dynamic (MLAG) 2. 验证主机之间可以互访虚拟机之间可以互访。虚拟机VM 1与Switch A或Switch B相连的链路断开后,VM 5仍然可以通过另一台设备访问VM 1。 6.6 配置文件· Switch A # ip vpn-instance vpna route-distinguisher 1:1 # address-family ipv4 vpn-target 2:2 import-extcommunity vpn-target 2:2 export-extcommunity # address-family evpn vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # vxlan tunnel mac-learning disable # ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 1.2.3.4 0.0.0.0 network 11.1.1.0 0.0.0.255 # hardware-resource vxlan l3gw8k # vlan 11 # l2vpn enable vxlan tunnel arp-learning disable evpn m-lag group 1.2.3.4 evpn global-mac 0002-0003-0004 # vsi vpna gateway vsi-interface 1 vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # vsi vpnb gateway vsi-interface 2 vxlan 20 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface Bridge-Aggregation3 link-aggregation mode dynamic port m-lag intra-portal-port 1 undo mac-address static source-check enable undo stp enable # interface Bridge-Aggregation4 link-aggregation mode dynamic port m-lag group 4 # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Bridge-Aggregation5 link-aggregation mode dynamic port m-lag group 5 # service-instance 1000 encapsulation s-vid 3 xconnect vsi vpnb # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack1 ip address 1.2.3.4 255.255.255.255 # interface Vlan-interface11 ip address 11.1.1.1 255.255.255.0 # interface Ten-GigabitEthernet1/0/4 port link-mode route ip address 60.1.1.1 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port link-aggregation group 3 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port access vlan 11 undo mac-address static source-check enable undo stp enable # interface Vsi-interface1 ip binding vpn-instance vpna ip address 10.1.1.1 255.255.255.0 mac-address 0001-0001-0001 local-proxy-arp enable distributed-gateway local # interface Vsi-interface2 ip binding vpn-instance vpna ip address 10.1.2.1 255.255.255.0 mac-address 0002-0002-0002 local-proxy-arp enable distributed-gateway local # interface Vsi-interface3 ip binding vpn-instance vpna l3-vni 1000 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1 m-lag restore-delay 180 m-lag system-mac 0001-0002-0003 m-lag system-number 1 m-lag system-priority 10 # m-lag mad exclude interface LoopBack0 m-lag mad exclude interface Ten-GigabitEthernet1/0/4 m-lag mad exclude interface Ten-GigabitEthernet1/0/5 m-lag mad exclude interface Vlan-interface 11 m-lag mad exclude interface Vsi-interface1 m-lag mad exclude interface Vsi-interface2 # return · Switch B # ip vpn-instance vpna route-distinguisher 1:1 # address-family ipv4 vpn-target 2:2 import-extcommunity vpn-target 2:2 export-extcommunity # address-family evpn vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # vxlan tunnel mac-learning disable # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 1.2.3.4 0.0.0.0 network 2.2.2.2 0.0.0.0 network 12.1.1.0 0.0.0.255 # hardware-resource vxlan l3gw8k # vlan 12 # l2vpn enable vxlan tunnel arp-learning disable evpn m-lag group 1.2.3.4 evpn global-mac 0002-0003-0004 # vsi vpna gateway vsi-interface 1 vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # vsi vpnb gateway vsi-interface 2 vxlan 20 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface Bridge-Aggregation3 link-aggregation mode dynamic port m-lag intra-portal-port 1 undo mac-address static source-check enable undo stp enable # interface Bridge-Aggregation4 link-aggregation mode dynamic port m-lag group 4 # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Bridge-Aggregation5 link-aggregation mode dynamic port m-lag group 5 # service-instance 1000 encapsulation s-vid 3 xconnect vsi vpnb # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface LoopBack1 ip address 1.2.3.4 255.255.255.255 # interface Vlan-interface12 ip address 12.1.1.2 255.255.255.0 # interface Ten-GigabitEthernet1/0/4 port link-mode route ip address 60.1.1.2 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port link-aggregation group 3 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port access vlan 12 undo mac-address static source-check enable undo stp enable # interface Vsi-interface1 ip binding vpn-instance vpna ip address 10.1.1.1 255.255.255.0 mac-address 0001-0001-0001 local-proxy-arp enable distributed-gateway local # interface Vsi-interface2 ip binding vpn-instance vpna ip address 10.1.2.1 255.255.255.0 mac-address 0002-0002-0002 local-proxy-arp enable distributed-gateway local # interface Vsi-interface3 ip binding vpn-instance vpna l3-vni 1000 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2 m-lag restore-delay 180 m-lag system-mac 0001-0002-0003 m-lag system-number 2 m-lag system-priority 10 # m-lag mad exclude interface LoopBack0 m-lag mad exclude interface Ten-GigabitEthernet1/0/4 m-lag mad exclude interface Ten-GigabitEthernet1/0/5 m-lag mad exclude interface Vlan-interface 12 m-lag mad exclude interface Vsi-interface1 m-lag mad exclude interface Vsi-interface2 # return · Switch C # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 11.1.1.0 0.0.0.255 network 12.1.1.0 0.0.0.255 network 13.1.1.0 0.0.0.255 # vlan 11 to 13 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # interface Vlan-interface11 ip address 11.1.1.3 255.255.255.0 # interface Vlan-interface12 ip address 12.1.1.3 255.255.255.0 # interface Vlan-interface13 ip address 13.1.1.3 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port access vlan 11 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port access vlan 12 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port access vlan 13 # bgp 200 group evpn internal peer evpn connect-interface LoopBack0 peer 1.1.1.1 group evpn peer 2.2.2.2 group evpn peer 4.4.4.4 group evpn # address-family l2vpn evpn undo policy vpn-target peer evpn enable peer evpn reflect-client # return · Switch D # ip vpn-instance vpna route-distinguisher 1:1 # address-family ipv4 vpn-target 2:2 import-extcommunity vpn-target 2:2 export-extcommunity # address-family evpn vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # vxlan tunnel mac-learning disable # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 13.1.1.0 0.0.0.255 # hardware-resource vxlan l3gw8k # vlan 13 # l2vpn enable vxlan tunnel arp-learning disable # vsi vpna gateway vsi-interface 1 vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # interface Vlan-interface13 ip address 13.1.1.4 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port access vlan 13 # interface Vsi-interface1 ip binding vpn-instance vpna ip address 10.1.1.1 255.255.255.0 mac-address 0001-0001-0001 local-proxy-arp enable distributed-gateway local # interface Vsi-interface3 ip binding vpn-instance vpna l3-vni 1000 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # return 7 EVPN和M-LAG三层转发配置举例(隧道模式peer-link链路) 7.1 组网需求Switch A、Switch B、Switch D为与服务器连接的分布式EVPN网关,Switch A和Switch B通过M-LAG通过M-LAG功能虚拟为一台VTEP设备,Switch A和Switch B之间采用隧道模式peer-link链路;在Switch A和Switch B上配置Monitor Link组。把所有上行口配置为Up-Link,所有下行DR成员口配置为Down-Link,通过Monitor Link实现上下行接口联动,以便及时发现上行接口故障,并在DR成员设备之间进行主从切换。Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。 Switch A和Switch B均通过以太网链路与下行的虚拟机VM 1、VM 2、VM 3和VM 4连接,要求在连接每一台虚拟机的链路间跨设备建立二层聚合接口,避免单条以太网链路故障导致虚拟机无法访问网络。 虚拟机VM 1、VM 3和VM 5属于VXLAN 10,VM 2和VM 4属于VXLAN 20,通过分布式EVPN网关实现不同VXLAN之间互通。 图7-1 EVPN和M-LAG三层转发组网图(隧道模式peer-link链路) 7.2 配置思路 · 在交换机上配置路由协议,使得各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。 · 指定各虚拟机的网关地址。 · 在Switch A、Switch B上开启EVPN支持M-LAG功能,使两台设备虚拟为一台VTEP设备。 · Switch A、Switch B之间通过手工方式创建隧道模式peer-link链路,在Switch A和Switch B之间同步MAC地址和ARP信息。 · 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由 · 在Switch A、Switch B和Switch D上配置分布式EVPN网关,使VTEP之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便将虚拟机之间实现三层互通。 · 在Switch A、Switch B和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。 7.3 适用产品及版本表7-1 适用产品及版本 产品 软件版本 S9850-G系列 Release 6010P03及以上版本 S6850-G系列 S6805-G系列 Release 6010P03及以上版本 S5590-HI系列 不支持 S5590-EI系列 S5500V3-HI系列 不支持 S6520X-EI-G系列 S6520XP-EI-G系列 不支持 S5590XP-HI-G系列 不支持 S5560-EI-G系列 不支持 S5500-D-G系列 S5100-D-G系列 不支持 S5130S-HI-G系列 不支持 S5130S-EI-G系列(除S5130S-30C-EI-G、S5130S-54C-EI-G) 不支持 S5130S-30C-EI-G S5130S-54C-EI-G 不支持 7.4 配置步骤 7.4.1 配置各接口的IP地址 # 在Switch A上配置各接口的IP地址。 [SwitchA] interface loopback 0 [SwitchA-Loopback0] ip address 1.1.1.1 32 [SwitchA-Loopback0] quit [SwitchA] interface loopback 1 [SwitchA-Loopback1] ip address 1.2.3.4 32 [SwitchA-Loopback1] quit [SwitchA] vlan 11 [SwitchA-vlan11] port ten-gigabitethernet 1/0/5 [SwitchA-vlan11] quit [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] ip address 11.1.1.1 24 [SwitchA-Vlan-interface11] quit # 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。 # 在VM 1、VM 3和VM 5上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略) 7.4.2 配置路由协议 1. 配置Switch A# 配置OSPF发布接口所在网段的路由。 [SwitchA] ospf 1 router-id 1.1.1.1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0 [SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit 2. 配置Switch B# 配置OSPF发布接口所在网段的路由。 [SwitchB] ospf 1 router-id 2.2.2.2 [SwitchB-ospf-1] area 0 [SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0 [SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [SwitchB-ospf-1-area-0.0.0.0] quit [SwitchB-ospf-1] quit 3. 配置Switch C# 配置OSPF发布接口所在网段的路由。 [SwitchC] ospf 1 router-id 3.3.3.3 [SwitchC-ospf-1] area 0 [SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0 [SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchC-ospf-1-area-0.0.0.0] quit [SwitchC-ospf-1] quit 4. 配置Switch D# 配置OSPF发布接口所在网段的路由。 [SwitchD] ospf 1 router-id 4.4.4.4 [SwitchD-ospf-1] area 0 [SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0 [SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255 [SwitchD-ospf-1-area-0.0.0.0] quit [SwitchD-ospf-1] quit 7.4.3 创建VSI、EVPN实例和VXLAN 1. 配置Switch A# 开启L2VPN能力。 [SwitchA] l2vpn enable # 配置VXLAN的硬件资源模式。 [SwitchA] hardware-resource vxlan l3gw8k # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchA] vxlan tunnel mac-learning disable [SwitchA] vxlan tunnel arp-learning disable # 配置预留VXLAN ID为1234。 [SwitchA] reserved vxlan 1234 # 配置EVPN的全局MAC地址为0002-0003-0004。 [SwitchA] evpn global-mac 2-3-4 # 在VSI实例vpna下创建EVPN实例。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchA-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchA-vsi-vpna] vxlan 10 [SwitchA-vsi-vpna-vxlan-10] quit [SwitchA-vsi-vpna] quit # 在VSI实例vpnb下创建EVPN实例。 [SwitchA] vsi vpnb [SwitchA-vsi-vpnb] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto [SwitchA-vsi-vpnb-evpn-vxlan] quit # 创建VXLAN 20。 [SwitchA-vsi-vpnb] vxlan 20 [SwitchA-vsi-vpnb-vxlan-20] quit [SwitchA-vsi-vpnb] quit 2. 配置Switch B# 开启L2VPN能力。 [SwitchB] l2vpn enable # 配置VXLAN的硬件资源模式。 [SwitchB] hardware-resource vxlan l3gw8k # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchB] vxlan tunnel mac-learning disable [SwitchB] vxlan tunnel arp-learning disable # 配置预留VXLAN ID为1234。 [SwitchB] reserved vxlan 1234 # 配置EVPN的全局MAC地址为0002-0003-0004。 [SwitchB] evpn global-mac 2-3-4 # 在VSI实例vpna下创建EVPN实例。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchB-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchB-vsi-vpna] vxlan 10 [SwitchB-vsi-vpna-vxlan-10] quit [SwitchB-vsi-vpna] quit # 在VSI实例vpnb下创建EVPN实例。 [SwitchB] vsi vpnb [SwitchB-vsi-vpnb] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto [SwitchB-vsi-vpnb-evpn-vxlan] quit # 创建VXLAN 20。 [SwitchB-vsi-vpnb] vxlan 20 [SwitchB-vsi-vpnb-vxlan-20] quit [SwitchB-vsi-vpnb] quit 3. 配置Switch D# 开启L2VPN能力。 [SwitchD] l2vpn enable # 配置VXLAN的硬件资源模式。 [SwitchD] hardware-resource vxlan l3gw8k # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchD] vxlan tunnel mac-learning disable [SwitchD] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例。 [SwitchD] vsi vpna [SwitchD-vsi-vpna] evpn encapsulation vxlan # 配置自动生成EVPN实例的RD和RT。 [SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto [SwitchD-vsi-vpna-evpn-vxlan] quit # 创建VXLAN 10。 [SwitchD-vsi-vpna] vxlan 10 [SwitchD-vsi-vpna-vxlan-10] quit [SwitchD-vsi-vpna] quit 7.4.4 配置分布式EVPN网关 1. 配置Switch A# 配置L3VPN的RD和RT。 [SwitchA] ip vpn-instance vpna [SwitchA-vpn-instance-vpna] route-distinguisher 1:1 [SwitchA-vpn-instance-vpna] address-family ipv4 [SwitchA-vpn-ipv4-vpna] vpn-target 2:2 [SwitchA-vpn-ipv4-vpna] quit [SwitchA-vpn-instance-vpna] address-family evpn [SwitchA-vpn-evpn-vpna] vpn-target 1:1 [SwitchA-vpn-evpn-vpna] quit [SwitchA-vpn-instance-vpna] quit # 配置VSI虚接口VSI-interface1。 [SwitchA] interface vsi-interface 1 [SwitchA-Vsi-interface1] ip binding vpn-instance vpna [SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vsi-interface1] mac-address 1-1-1 [SwitchA-Vsi-interface1] distributed-gateway local [SwitchA-Vsi-interface1] local-proxy-arp enable [SwitchA-Vsi-interface1] quit # 配置VSI虚接口VSI-interface2。 [SwitchA] interface vsi-interface 2 [SwitchA-Vsi-interface2] ip binding vpn-instance vpna [SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0 [SwitchA-Vsi-interface2] mac-address 2-2-2 [SwitchA-Vsi-interface2] distributed-gateway local [SwitchA-Vsi-interface2] local-proxy-arp enable [SwitchA-Vsi-interface2] quit # 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。 [SwitchA] interface vsi-interface 3 [SwitchA-Vsi-interface3] ip binding vpn-instance vpna [SwitchA-Vsi-interface3] l3-vni 1000 [SwitchA-Vsi-interface3] quit # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] gateway vsi-interface 1 [SwitchA-vsi-vpna] quit # 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。 [SwitchA] vsi vpnb [SwitchA-vsi-vpnb] gateway vsi-interface 2 [SwitchA-vsi-vpnb] quit 2. 配置Switch B# 配置L3VPN的RD和RT。 [SwitchB] ip vpn-instance vpna [SwitchB-vpn-instance-vpna] route-distinguisher 1:1 [SwitchB-vpn-instance-vpna] address-family ipv4 [SwitchB-vpn-ipv4-vpna] vpn-target 2:2 [SwitchB-vpn-ipv4-vpna] quit [SwitchB-vpn-instance-vpna] address-family evpn [SwitchB-vpn-evpn-vpna] vpn-target 1:1 [SwitchB-vpn-evpn-vpna] quit [SwitchB-vpn-instance-vpna] quit # 配置VSI虚接口VSI-interface1。 [SwitchB] interface vsi-interface 1 [SwitchB-Vsi-interface1] ip binding vpn-instance vpna [SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchB-Vsi-interface1] mac-address 1-1-1 [SwitchB-Vsi-interface1] distributed-gateway local [SwitchB-Vsi-interface1] local-proxy-arp enable [SwitchB-Vsi-interface1] quit # 配置VSI虚接口VSI-interface2。 [SwitchB] interface vsi-interface 2 [SwitchB-Vsi-interface2] ip binding vpn-instance vpna [SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0 [SwitchB-Vsi-interface2] mac-address 2-2-2 [SwitchB-Vsi-interface2] distributed-gateway local [SwitchB-Vsi-interface2] local-proxy-arp enable [SwitchB-Vsi-interface2] quit # 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。 [SwitchB] interface vsi-interface 3 [SwitchB-Vsi-interface3] ip binding vpn-instance vpna [SwitchB-Vsi-interface3] l3-vni 1000 [SwitchB-Vsi-interface3] quit # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] gateway vsi-interface 1 [SwitchB-vsi-vpna] quit # 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。 [SwitchB] vsi vpnb [SwitchB-vsi-vpnb] gateway vsi-interface 2 [SwitchB-vsi-vpnb] quit 3. 配置Switch D# 配置L3VPN的RD和RT。 [SwitchD] ip vpn-instance vpna [SwitchD-vpn-instance-vpna] route-distinguisher 1:1 [SwitchD-vpn-instance-vpna] address-family ipv4 [SwitchD-vpn-ipv4-vpna] vpn-target 2:2 [SwitchD-vpn-ipv4-vpna] quit [SwitchD-vpn-instance-vpna] address-family evpn [SwitchD-vpn-evpn-vpna] vpn-target 1:1 [SwitchD-vpn-evpn-vpna] quit [SwitchD-vpn-instance-vpna] quit # 配置VSI虚接口VSI-interface1。 [SwitchD] interface vsi-interface 1 [SwitchD-Vsi-interface1] ip binding vpn-instance vpna [SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchD-Vsi-interface1] mac-address 1-1-1 [SwitchD-Vsi-interface1] distributed-gateway local [SwitchD-Vsi-interface1] local-proxy-arp enable [SwitchD-Vsi-interface1] quit # 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。 [SwitchD] interface vsi-interface 3 [SwitchD-Vsi-interface3] ip binding vpn-instance vpna [SwitchD-Vsi-interface3] l3-vni 1000 [SwitchD-Vsi-interface3] quit # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchD] vsi vpna [SwitchD-vsi-vpna] gateway vsi-interface 1 [SwitchD-vsi-vpna] quit 7.4.5 配置M-LAG 1. 配置Switch A# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。 [SwitchA] evpn m-lag group 1.2.3.4 # 配置M-LAG系统。 [SwitchA] m-lag system-mac 0001-0002-0003 [SwitchA] m-lag system-number 1 [SwitchA] m-lag system-priority 10 [SwitchA] m-lag restore-delay 180 # 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,并配置封装后隧道报文的ToS值为100。 [SwitchA] interface tunnel 1 mode vxlan [SwitchA-Tunnel1] source 1.1.1.1 [SwitchA-Tunnel1] destination 2.2.2.2 [SwitchA-Tunnel1] tunnel tos 100 [SwitchA-Tunnel1] quit # 将VXLAN隧道接口配置M-LAG保留接口。 [SwitchA] m-lag mad exclude interface tunnel 1 # 配置VXLAN隧道接口为peer-link接口。 [SwitchA] interface tunnel 1 [SwitchA-Tunnel1] port m-lag intra-portal-port 1 [SwitchA-Tunnel1] quit # 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能和生成树协议。 [SwitchA] interface ten-gigabitethernet 1/0/5 [SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable [SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable [SwitchA-Ten-GigabitEthernet1/0/5] quit # 创建二层聚合接口4,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation4] quit # 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。 [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4 [SwitchA-Ten-GigabitEthernet1/0/1] quit # 将二层聚合接口4加入M-LAG组4中。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] port m-lag group 4 [SwitchA-Bridge-Aggregation4] quit # 创建二层聚合接口5,并配置该接口为动态聚合模式。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic [SwitchA-Bridge-Aggregation5] quit # 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。 [SwitchA] interface ten-gigabitethernet 1/0/2 [SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5 [SwitchA-Ten-GigabitEthernet1/0/2] quit # 将二层聚合接口5加入M-LAG组5中。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] port m-lag group 5 [SwitchA-Bridge-Aggregation5] quit # 创建Monitor Link组1,添加上行和下行接口,以便在上下行接口之间形成联动。 [SwitchA] monitor-link group 1 [SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink [SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink [SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink [SwitchA-mtlk-group1] quit # 将所有参与EVPN业务的接口配置为保留接口。 [SwitchA] m-lag mad exclude interface loopback0 [SwitchA] m-lag mad exclude interface ten-gigabitethernet1/0/5 [SwitchA] m-lag mad exclude interface vsi-interface 1 [SwitchA] m-lag mad exclude interface vsi-interface 2 [SwitchA] m-lag mad exclude interface vlan-interface 11 2. 配置Switch B# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。 [SwitchB] evpn m-lag group 1.2.3.4 # 配置M-LAG系统。 [SwitchB] m-lag system-mac 0001-0002-0003 [SwitchB] m-lag system-number 2 [SwitchB] m-lag system-priority 10 [SwitchB] m-lag restore-delay 180 # 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,并配置封装后隧道报文的ToS值为100。 [SwitchB] interface tunnel 1 mode vxlan [SwitchB-Tunnel1] source 2.2.2.2 [SwitchB-Tunnel1] destination 1.1.1.1 [SwitchB-Tunnel1] tunnel tos 100 [SwitchB-Tunnel1] quit # 将VXLAN隧道接口配置M-LAG保留接口。 [SwitchB] m-lag mad exclude interface tunnel 1 # 配置VXLAN隧道接口为peer-link接口。 [SwitchB] interface tunnel 1 [SwitchB-Tunnel1] port m-lag intra-portal-port 1 [SwitchB-Tunnel1] quit # 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能和生成树协议。 [SwitchB] interface ten-gigabitethernet 1/0/5 [SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable [SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable [SwitchB-Ten-GigabitEthernet1/0/5] quit # 创建二层聚合接口4,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation4] quit # 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。 [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4 [SwitchB-Ten-GigabitEthernet1/0/1] quit # 将二层聚合接口4加入M-LAG组4中。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] port m-lag group 4 [SwitchB-Bridge-Aggregation4] quit # 创建二层聚合接口5,并配置该接口为动态聚合模式。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic [SwitchB-Bridge-Aggregation5] quit # 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。 [SwitchB] interface ten-gigabitethernet 1/0/2 [SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5 [SwitchB-Ten-GigabitEthernet1/0/2] quit # 将二层聚合接口5加入M-LAG组5中。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] port m-lag group 5 [SwitchB-Bridge-Aggregation5] quit # 创建Monitor Link组1,添加上行和下行接口,以便在上下行接口之间形成联动。 [SwitchB] monitor-link group 1 [SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink [SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink [SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink [SwitchB-mtlk-group1] quit # 将所有参与EVPN业务的接口配置为保留接口。 [SwitchB] m-lag mad exclude interface loopback0 [SwitchB] m-lag mad exclude interface ten-gigabitethernet1/0/5 [SwitchB] m-lag mad exclude interface vsi-interface 1 [SwitchB] m-lag mad exclude interface vsi-interface 2 [SwitchB] m-lag mad exclude interface vlan-interface 12 7.4.6 配置BGP发布EVPN路由 1. 配置Switch A# 配置BGP发布EVPN路由。 [SwitchA] bgp 200 [SwitchA-bgp-default] peer 3.3.3.3 as-number 200 [SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchA-bgp-default] address-family l2vpn evpn [SwitchA-bgp-default-evpn] peer 3.3.3.3 enable [SwitchA-bgp-default-evpn] quit [SwitchA-bgp-default] quit 2. 配置Switch B# 配置BGP发布EVPN路由。 [SwitchB] bgp 200 [SwitchB-bgp-default] peer 3.3.3.3 as-number 200 [SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchB-bgp-default] address-family l2vpn evpn [SwitchB-bgp-default-evpn] peer 3.3.3.3 enable [SwitchB-bgp-default-evpn] quit [SwitchB-bgp-default] quit 3. 配置Switch C# 配置BGP发布EVPN路由,并作为路由反射器反射路由。 [SwitchC] bgp 200 [SwitchC-bgp-default] group evpn [SwitchC-bgp-default] peer 1.1.1.1 group evpn [SwitchC-bgp-default] peer 2.2.2.2 group evpn [SwitchC-bgp-default] peer 4.4.4.4 group evpn [SwitchC-bgp-default] peer evpn as-number 200 [SwitchC-bgp-default] peer evpn connect-interface loopback 0 [SwitchC-bgp-default] address-family l2vpn evpn [SwitchC-bgp-default-evpn] peer evpn enable [SwitchC-bgp-default-evpn] undo policy vpn-target [SwitchC-bgp-default-evpn] peer evpn reflect-client [SwitchC-bgp-default-evpn] quit [SwitchC-bgp-default] quit 4. 配置Switch D# 配置BGP发布EVPN路由。 [SwitchD] bgp 200 [SwitchD-bgp-default] peer 3.3.3.3 as-number 200 [SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0 [SwitchD-bgp-default] address-family l2vpn evpn [SwitchD-bgp-default-evpn] peer 3.3.3.3 enable [SwitchD-bgp-default-evpn] quit [SwitchD-bgp-default] quit 7.4.7 配置以太网服务实例匹配用户报文,并将其与VSI关联 1. 配置Switch A# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchA] interface bridge-aggregation 4 [SwitchA-Bridge-Aggregation4] service-instance 1000 [SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna [SwitchA-Bridge-Aggregation4-srv1000] quit # 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。 [SwitchA] interface bridge-aggregation 5 [SwitchA-Bridge-Aggregation5] service-instance 1000 [SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3 # 配置以太网服务实例1000与VSI实例vpnb关联。 [SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpnb [SwitchA-Bridge-Aggregation5-srv1000] quit 2. 配置Switch B# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchB] interface bridge-aggregation 4 [SwitchB-Bridge-Aggregation4] service-instance 1000 [SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna [SwitchB-Bridge-Aggregation4-srv1000] quit # 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。 [SwitchB] interface bridge-aggregation 5 [SwitchB-Bridge-Aggregation5] service-instance 1000 [SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3 # 配置以太网服务实例1000与VSI实例vpnb关联。 [SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpnb [SwitchB-Bridge-Aggregation5-srv1000] quit 3. 配置Switch D# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。 [SwitchD] interface ten-gigabitethernet 1/0/1 [SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchD-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 # 配置以太网服务实例1000与VSI实例vpna关联。 [SwitchD-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna [SwitchD-Ten-GigabitEthernet1/0/1-srv1000] quit 7.5 验证配置 1. 以Switch A为例,验证M-LAG设备# 查看Switch A上的EVPN路由信息。 [Switch A]display bgp l2vpn evpn BGP local router ID is 1.2.3.4 Status codes: * - valid, > - best, d - dampened, h - history s - suppressed, S - stale, i - internal, e - external a - additional-path Origin: i - IGP, e - EGP, ? - incomplete Total number of routes from all PEs: 3 Route distinguisher: 1:1(vpna) Total number of routes: 2 Network NextHop MED LocPrf PrefVal Path/Ogn * > [5][0][24][10.1.1.0]/80 1.1.1.1 0 100 32768 i * > [5][0][24][10.1.2.0]/80 1.1.1.1 0 100 32768 i Route distinguisher: 1:10 Total number of routes: 4 Network NextHop MED LocPrf PrefVal Path/Ogn * > [3][0][32][1.1.1.1]/80 1.1.1.1 0 100 32768 i * > [3][0][32][1.2.3.4]/80 1.2.3.4 0 100 32768 i * >i [3][0][32][2.2.2.2]/80 2.2.2.2 0 100 0 i * >i [3][0][32][4.4.4.4]/80 4.4.4.4 0 100 0 i Route distinguisher: 1:20 Total number of routes: 3 Network NextHop MED LocPrf PrefVal Path/Ogn * > [3][0][32][1.1.1.1]/80 1.1.1.1 0 100 32768 i * > [3][0][32][1.2.3.4]/80 1.2.3.4 0 100 32768 i * >i [3][0][32][2.2.2.2]/80 2.2.2.2 0 100 0 i # 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,Tunnel0的隧道源地址是虚拟VTEP地址,Tunnel1为作为peer-link链路。 [SwitchA] display interface tunnel Tunnel0 Current state: UP Line protocol state: UP Description: Tunnel0 Interface Bandwidth: 64 kbps Maximum transmission unit: 1464 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 1.2.3.4, destination 4.4.4.4 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec Input: 0 packets, 0 bytes, 0 drops Output: 0 packets, 0 bytes, 0 drops
Tunnel1 Current state: UP Line protocol state: UP Description: Tunnel1 Interface Bandwidth: 64 kbps Maximum transmission unit: 1464 Internet protocol processing: Disabled Last clearing of counters: Never Tunnel source 1.1.1.1, destination 2.2.2.2 Tunnel protocol/transport UDP_VXLAN/IP Last 300 seconds input rate: 149 bytes/sec, 1192 bits/sec, 1 packets/sec Last 300 seconds output rate: 379 bytes/sec, 3032 bits/sec, 3 packets/sec Input: 398 packets, 46446 bytes, 0 drops Output: 3597 packets, 363591 bytes, 0 drops # 查看Switch A上的VSI信息。 [SwitchA] display l2vpn vsi verbose VSI Name: Auto_L3VNI1000_3 VSI Index : 1 VSI State : Down MTU : 1500 Bandwidth : - Broadcast Restrain : - Multicast Restrain : - Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit : - MAC Learning rate : - Drop Unknown : - Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 3 VXLAN ID : 1000
VSI Name: vpna VSI Index : 0 VSI State : Up MTU : 1500 Bandwidth : - Broadcast Restrain : - Multicast Restrain : - Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit : - MAC Learning rate : - Drop Unknown : - Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 1 VXLAN ID : 10 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel0 0x5000000 UP Auto Disabled Tunnel1 0x5000001 UP Manual Disabled ACs: AC Link ID State Type BAGG4 srv1000 0 Up Manual
VSI Name: vpnb VSI Index : 2 VSI State : Up MTU : 1500 Bandwidth : - Broadcast Restrain : - Multicast Restrain : - Unknown Unicast Restrain: - MAC Learning : Enabled MAC Table Limit : - MAC Learning rate : - Drop Unknown : - Flooding : Enabled Statistics : Disabled Gateway Interface : VSI-interface 2 VXLAN ID : 20 Tunnels: Tunnel Name Link ID State Type Flood proxy Tunnel1 0x5000001 UP Manual Disabled ACs: AC Link ID State Type BAGG5 srv1000 0 Up Manual 2. 验证主机之间可以互访虚拟机之间可以互访。虚拟机VM 1与Switch A或Switch B相连的链路断开后,VM 5仍然可以通过另一台设备访问VM 1。 7.6 配置文件· Switch A # ip vpn-instance vpna route-distinguisher 1:1 # address-family ipv4 vpn-target 2:2 import-extcommunity vpn-target 2:2 export-extcommunity # address-family evpn vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # vxlan tunnel mac-learning disable # ospf 1 router-id 1.1.1.1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 1.2.3.4 0.0.0.0 network 11.1.1.0 0.0.0.255 # hardware-resource vxlan l3gw8k # vlan 11 # l2vpn enable reserved vxlan 1234 vxlan tunnel arp-learning disable evpn m-lag group 1.2.3.4 evpn global-mac 0002-0003-0004 # vsi vpna gateway vsi-interface 1 vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # vsi vpnb gateway vsi-interface 2 vxlan 20 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface Bridge-Aggregation4 link-aggregation mode dynamic port m-lag group 4 # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Bridge-Aggregation5 link-aggregation mode dynamic port m-lag group 5 # service-instance 1000 encapsulation s-vid 3 xconnect vsi vpnb # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface LoopBack1 ip address 1.2.3.4 255.255.255.255 # interface Vlan-interface11 ip address 11.1.1.1 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port access vlan 11 undo mac-address static source-check enable undo stp enable # interface Vsi-interface1 ip binding vpn-instance vpna ip address 10.1.1.1 255.255.255.0 mac-address 0001-0001-0001 local-proxy-arp enable distributed-gateway local # interface Vsi-interface2 ip binding vpn-instance vpna ip address 10.1.2.1 255.255.255.0 mac-address 0002-0002-0002 local-proxy-arp enable distributed-gateway local # interface Vsi-interface3 ip binding vpn-instance vpna l3-vni 1000 # interface Tunnel1 mode vxlan port m-lag intra-portal-port 1 source 1.1.1.1 destination 2.2.2.2 tunnel tos 100 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # monitor-link group 1 port ten-gigabitethernet 1/0/1 downlink port ten-gigabitethernet 1/0/2 downlink port ten-gigabitethernet 1/0/4 uplink # m-lag restore-delay 180 m-lag system-mac 0001-0001-0001 m-lag system-number 1 m-lag system-priority 10 # m-lag mad exclude interface LoopBack0 m-lag mad exclude interface Ten-GigabitEthernet1/0/5 m-lag mad exclude interface Tunnel1 m-lag mad exclude interface Vlan-interface 11 m-lag mad exclude interface Vsi-interface1 m-lag mad exclude interface Vsi-interface2 # return · Switch B # ip vpn-instance vpna route-distinguisher 1:1 # address-family ipv4 vpn-target 2:2 import-extcommunity vpn-target 2:2 export-extcommunity # address-family evpn vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # vxlan tunnel mac-learning disable # ospf 1 router-id 2.2.2.2 area 0.0.0.0 network 1.2.3.4 0.0.0.0 network 2.2.2.2 0.0.0.0 network 12.1.1.0 0.0.0.255 # hardware-resource vxlan l3gw8k # vlan 12 # l2vpn enable reserved vxlan 1234 vxlan tunnel arp-learning disable evpn m-lag group 1.2.3.4 evpn global-mac 0002-0003-0004 # vsi vpna gateway vsi-interface 1 vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # vsi vpnb gateway vsi-interface 2 vxlan 20 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface Bridge-Aggregation4 link-aggregation mode dynamic port m-lag group 4 # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Bridge-Aggregation5 link-aggregation mode dynamic port m-lag group 5 # service-instance 1000 encapsulation s-vid 3 xconnect vsi vpnb # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface LoopBack1 ip address 1.2.3.4 255.255.255.255 # interface Vlan-interface12 ip address 12.1.1.2 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port link-aggregation group 4 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port link-aggregation group 5 # interface Ten-GigabitEthernet1/0/5 port link-mode bridge port access vlan 12 undo mac-address static source-check enable undo stp enable # interface Vsi-interface1 ip binding vpn-instance vpna ip address 10.1.1.1 255.255.255.0 mac-address 0001-0001-0001 local-proxy-arp enable distributed-gateway local # interface Vsi-interface2 ip binding vpn-instance vpna ip address 10.1.2.1 255.255.255.0 mac-address 0002-0002-0002 local-proxy-arp enable distributed-gateway local # interface Vsi-interface3 ip binding vpn-instance vpna l3-vni 1000 # interface Tunnel1 mode vxlan port m-lag intra-portal-port 1 source 2.2.2.2 destination 1.1.1.1 tunnel tos 100 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # monitor-link group 1 port ten-gigabitethernet 1/0/1 downlink port ten-gigabitethernet 1/0/2 downlink port ten-gigabitethernet 1/0/4 uplink # m-lag restore-delay 180 m-lag system-mac 0001-0002-0003 m-lag system-number 2 m-lag system-priority 10 # m-lag mad exclude interface LoopBack0 m-lag mad exclude interface Ten-GigabitEthernet1/0/5 m-lag mad exclude interface Tunnel1 m-lag mad exclude interface Vlan-interface 12 m-lag mad exclude interface Vsi-interface1 m-lag mad exclude interface Vsi-interface2 # return · Switch C # ospf 1 router-id 3.3.3.3 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 11.1.1.0 0.0.0.255 network 12.1.1.0 0.0.0.255 network 13.1.1.0 0.0.0.255 # vlan 11 to 13 # interface LoopBack0 ip address 3.3.3.3 255.255.255.255 # interface Vlan-interface11 ip address 11.1.1.3 255.255.255.0 # interface Vlan-interface12 ip address 12.1.1.3 255.255.255.0 # interface Vlan-interface13 ip address 13.1.1.3 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge port access vlan 11 # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port access vlan 12 # interface Ten-GigabitEthernet1/0/3 port link-mode bridge port access vlan 13 # bgp 200 group evpn internal peer evpn connect-interface LoopBack0 peer 1.1.1.1 group evpn peer 2.2.2.2 group evpn peer 4.4.4.4 group evpn # address-family l2vpn evpn undo policy vpn-target peer evpn enable peer evpn reflect-client # return · Switch D # ip vpn-instance vpna route-distinguisher 1:1 # address-family ipv4 vpn-target 2:2 import-extcommunity vpn-target 2:2 export-extcommunity # address-family evpn vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # vxlan tunnel mac-learning disable # ospf 1 router-id 4.4.4.4 area 0.0.0.0 network 4.4.4.4 0.0.0.0 network 13.1.1.0 0.0.0.255 # hardware-resource vxlan l3gw8k # vlan 13 # l2vpn enable vxlan tunnel arp-learning disable # vsi vpna gateway vsi-interface 1 vxlan 10 evpn encapsulation vxlan route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # interface Vlan-interface13 ip address 13.1.1.4 255.255.255.0 # interface Ten-GigabitEthernet1/0/1 port link-mode bridge # service-instance 1000 encapsulation s-vid 2 xconnect vsi vpna # interface Ten-GigabitEthernet1/0/2 port link-mode bridge port access vlan 13 # interface Vsi-interface1 ip binding vpn-instance vpna ip address 10.1.1.1 255.255.255.0 mac-address 0001-0001-0001 local-proxy-arp enable distributed-gateway local # interface Vsi-interface3 ip binding vpn-instance vpna l3-vni 1000 # bgp 200 peer 3.3.3.3 as-number 200 peer 3.3.3.3 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable # return |
CopyRight 2018-2019 实验室设备网 版权所有 |