实验需求
Server1和Server2不在同一个网段,通过分布式网关vxlan实现通信
实验配置过程
1、配置Leaf1:
配置bridge-domain域:
<Leaf1>system immediately
Enter system view, return user view with return command.
[Leaf1]bridge-domain 10
[Leaf1-bd10]vxlan vni 10 // L2 VNI
[Leaf1-bd10]evpn
[Leaf1-bd10-evpn]route-distinguisher 10:1
[Leaf1-bd10-evpn]vpn-target 10:1 export-extcommunity // BD的eRT
配置VPN-instance
[Leaf1]ipvpn-instance VRF1
[Leaf1-vpn-instance-VRF1]route-distinguisher 1:1
[Leaf1-vpn-instance-VRF1-af-ipv4]vpn-target 20:1 import-extcommunity evpn // VRF的iRT
IVT Assignment result:
Info: VPN-Target assignment is successful.
[Leaf1-vpn-instance-VRF1-af-ipv4]quit
[Leaf1-vpn-instance-VRF1]vxlan vni 1010 // L3 VNI
[Leaf1-vpn-instance-VRF1]quit
配置vbdif接口:
[Leaf1]interface vbdif 10
[Leaf1-Vbdif10]ip binding vpn-instance VRF1
[Leaf1-Vbdif10]ip address 172.19.162.254 24
[Leaf1-Vbdif10]vxlan anycast-gateway enable
[Leaf1-Vbdif10]arp collect host enable
[Leaf1-Vbdif10]quit
配置用户侧接入接口:
[Leaf1]interface Eth-Trunk 119.1 mode l2
[Leaf1-Eth-Trunk119.1]encapsulation untag
[Leaf1-Eth-Trunk119.1]bridge-domain 10
[Leaf1-Eth-Trunk119.1]quit
基础配置(接口ip、ospf):
<Leaf1>system immediately
[Leaf1]interface 10ge1/0/47 // underlay上行口互联接口
[Leaf1-10GE1/0/47]ip address 10.1.1.14 30
[Leaf1-10GE1/0/47]quit
[Leaf1]interface LoopBack0 // VTEP 地址;配置环回口 LoopBack1,作为 VTEP IP,通告进入底层路由协议
[Leaf1-LoopBack0]ip add 10.1.1.1 32
[Leaf1-LoopBack0]quit
[Leaf1]interface loopback1 // router-id、bgp peer地址
[Leaf1-LoopBack1]ip address 11.3.3.3 32
[Leaf1-LoopBack1]quit
[Leaf1]ospf 1 router-id 11.3.3.3
[Leaf1-ospf-1]area 0
[Leaf1-ospf-1-area-0.0.0.0]network 10.1.1.14 0.0.0.0
[Leaf1-ospf-1-area-0.0.0.0]network 10.1.1.1 0.0.0.0
[Leaf1-ospf-1-area-0.0.0.0]network 11.3.3.3 0.0.0.0
[Leaf1-ospf-1-area-0.0.0.0]quit
[Leaf1-ospf-1]quit
配置BGP EVPN、VTEP:
[Leaf1]evpn-overlay enable // 使能EVPN;启用 EVPN 作为 VXLAN 控制平面
[Leaf1]bgp 100
[Leaf1-bgp] router-id 11.3.3.3
[Leaf1-bgp] peer 11.1.1.1 as-number 100
[Leaf1-bgp] peer 11.1.1.1 connect-interface LoopBack1
[Leaf1-bgp] l2vpn-family evpn
[Leaf1-bgp-af-evpn] peer 11.1.1.1 enable
[Leaf1-bgp-af-evpn] peer 11.1.1.1 advertise irb // 需要使用irb路由;通告 IRB 类型路由
[Leaf1]interface nve 1 // 配置NVE接口,设置VTEP地址
[Leaf1-Nve1]source 10.1.1.1
[Leaf1-Nve1]quit
2、配置Leaf2:
配置bridge-domain域:
<Leaf2>system immediately
Enter system view, return user view with return command.
[Leaf2]bridge-domain 20
[Leaf2-bd20]vxlan vni 20 // L2 VNI
[Leaf2-bd20]evpn
[Leaf2-bd20-evpn]route-distinguisher 20:1
[Leaf2-bd20-evpn]vpn-target 20:1 export-extcommunity // BD的eRT
EVT Assignment result:
Info: VPN-Target assignment is successful.
[Leaf2-bd20-evpn]quit
[Leaf2-bd20]quit
配置VPN-instance
[Leaf2]ipvpn-instance VRF2
[Leaf2-vpn-instance-VRF2]route-distinguisher 2:1
[Leaf2-vpn-instance-VRF2-af-ipv4]vpn-target 10:1 import-extcommunity evpn // VRF的iRT
IVT Assignment result:
Info: VPN-Target assignment is successful.
[Leaf2-vpn-instance-VRF2-af-ipv4]quit
[Leaf2-vpn-instance-VRF2]vxlan vni 2020 // L3 VNI
[Leaf2-vpn-instance-VRF2]quit
配置vbdif接口:
[Leaf2]interface vbdif20
[Leaf2-Vbdif20]ip binding vpn-instance VRF2
[Leaf2-Vbdif20]ip address 172.19.165.254 24
[Leaf2-Vbdif20]vxlan anycast-gateway enable
[Leaf2-Vbdif20]arp collect host enable
[Leaf2-Vbdif20]quit
配置用户侧接入接口:
[Leaf2]interface 10ge1/0/21.1 mode l2
[Leaf2-10GE1/0/21.1]encapsulation dot1q vid 1105
[Leaf2-10GE1/0/21.1]bridge-domain 2
基础配置(接口ip、ospf):
[Leaf2]interface 10ge1/0/47 // underlay上行口互联接口
[Leaf2-10GE1/0/47]ip address 10.1.1.18 30
[Leaf2-10GE1/0/47]quit
[Leaf2]interface LoopBack0 // VTEP 地址
[Leaf2-LoopBack0]ip address 10.2.2.2 32
[Leaf2-LoopBack0]quit
[Leaf2]interface loopback1 // router-id、bgp peer地址
[Leaf2-LoopBack1]ip address 11.4.4.4 32
[Leaf2-LoopBack1]quit
[Leaf2]ospf1 router-id 11.2.2.2
[Leaf2-ospf-1]area 0
[Leaf2-ospf-1-area-0.0.0.0]network 10.1.1.18 0.0.0.0
[Leaf2-ospf-1-area-0.0.0.0]network 10.2.2.2 0.0.0.0
[Leaf2-ospf-1-area-0.0.0.0]network 11.4.4.4 0.0.0.0
[Leaf2-ospf-1-area-0.0.0.0]quit
[Leaf2-ospf-1]quit
配置BGP EVPN、VTEP:
[Leaf2]evpn-overlay enable ##使能EVPN
[Leaf2]bgp 100
[Leaf2-bgp] router-id 11.4.4.4
[Leaf2-bgp] peer 11.1.1.1 as-number 100
[Leaf2-bgp] peer 11.1.1.1 connect-interface LoopBack1
[Leaf2-bgp] l2vpn-family evpn
[Leaf2-bgp-af-evpn] peer 11.1.1.1 enable
[Leaf2-bgp-af-evpn] peer 11.1.1.1 advertise irb // 需要使用irb路由
[Leaf2]interface nve 1 // 配置NVE接口,设置VTEP地址
[Leaf2-Nve1]source 10.2.2.2
[Leaf2-Nve1]quit
3、配置Spine
做的RR反射器,BD域、VRF不需要配置,BGP的配置有差异
[Spine]evpn-overlay enable // 使能EVPN
[Spine]display current-configuration configuration bgp
#
bgp 100
router-id 11.1.1.1
peer 11.3.3.3 as-number 100
peer 11.3.3.3 connect-interface LoopBack1
peer 11.4.4.4 as-number 100
peer 11.4.4.4 connect-interface LoopBack1
ipv4-family unicast
peer 11.3.3.3 enable
peer 11.4.4.4 enable
l2vpn-family evpn
undo policy vpn-target ##需要undo vpn-target;由于 Leaf-1 和 Leaf-2 作为路由反射器,需要透传团体属性,需要 undo policy vpn-target
peer 11.3.3.3 enable
peer 11.3.3.3 advertise irb ##需要设置irb路由
peer 11.3.3.3 reflect-client ##RR反射器
peer 11.4.4.4 enable
peer 11.4.4.4 advertise irb ##需要设置irb路由
peer 11.4.4.4 reflect-client ##RR反射器
查看状态表项
1、Leaf1:
[Leaf1]display arp interface Vbdif 10
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow
EXP: Expire-time src: Source ip dst: Destination ip
IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN/CEVLAN INTERFACE
------------------------------------------------------------------------------
172.19.162.254 a008-6f76-fc11 I Vbdif10
172.19.162.100 1430-04cf-49b8 15 D Eth-Trunk119.1
------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1 OpenFlow:0
[Leaf1]display vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531842 10.1.1.1 10.2.2.2 up dynamic 00:45:48
[Leaf1]display ip routing-table vpn-instance VRF1
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : VRF1
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
172.19.162.0/24 Direct 0 0 D 172.19.162.254 Vbdif10
172.19.162.254/32 Direct 0 0 D 127.0.0.1 Vbdif10
172.19.162.255/32 Direct 0 0 D 127.0.0.1 Vbdif10
172.19.165.5/32 IBGP 255 0 RD 10.2.2.2 VXLAN
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
2、Leaf2:
[Leaf2]display arp interface Vbdif 20
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow
EXP: Expire-time src: Source ip dst: Destination ip
IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN/CEVLAN INTERFACE
------------------------------------------------------------------------------
172.19.165.254 a008-6fe1-0071 I Vbdif20
172.19.165.5 1430-04cf-49a6 20 D/1105/- 10GE1/0/21.1
------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1 OpenFlow:0
[Leaf2]display vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 10.2.2.2 10.1.1.1 up dynamic 00:49:11
[~leaf_mlag_21]
[Leaf2]display ip routing-table vpn-instance VRF2
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : VRF2
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
172.19.162.100/32 IBGP 255 0 RD 10.1.1.1 VXLAN
172.19.165.0/24 Direct 0 0 D 172.19.165.254 Vbdif20
172.19.165.254/32 Direct 0 0 D 127.0.0.1 Vbdif20
172.19.165.255/32 Direct 0 0 D 127.0.0.1 Vbdif20
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
实验总结
1、分布式网关不同网段场景,本端BD的eRT要和对端VRF下的iRT要相同,其他RT是可选配置
2、L3 VNI两边可以相同,也可以不相同,只是平时我们在规划中是建议相同的
3、现网参数规划建议参考最佳实践
扫一扫
1213
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
