拓扑图
实验需求
- 同子网通信
- 跨子网通信
- 与外部网络通信
配置
vLSW1、vLSW2充当虚拟交换机,给数据添加vlan tag
SW1
sysname vSW1
#
vlan batch 10
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
SW2
sysname vSW2
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/24
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
1.同子网通信
- 配置underlay网络,IGP为OSPF
- 配置EVPN,CE1为RR服务端,RR服务端需关闭RT过滤
,CE2/CE3为RR客户端 - 配置BD域,处于同一个BD域的PC属于同一个子网
- 配置2层VNI
- 配置NVE接口,通过BGP EVPN自动建立VxLan隧道
- 配置子接口,对接收到相应vlan tag的数据进行vxlan封装
配置
CE1
sysname CE1
#
evpn-overlay enable
#
interface GE1/0/2
undo portswitch
undo shutdown
ip address 123.1.12.1 255.255.255.0
#
interface GE1/0/3
undo portswitch
undo shutdown
ip address 123.1.13.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 123.1.0.0 0.0.255.255
#
bgp 100
undo default ipv4-unicast
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
l2vpn-family evpn
undo policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
#
CE2
sysname CE2
#
evpn-overlay enable
#
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:2
vpn-target 10:2 export-extcommunity
vpn-target 10:3 import-extcommunity
#
interface GE1/0/0
undo portswitch
undo shutdown
ip address 123.1.12.2 255.255.255.0
#
interface GE1/0/1
undo shutdown
#
interface GE1/0/1.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Nve1
source 2.2.2.2
vni 10 head-end peer-list protocol bgp
#
bgp 100
undo default ipv4-unicast
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 123.1.12.2 0.0.0.0
#
CE3
sysname CE3
#
evpn-overlay enable
#
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:3
vpn-target 10:3 export-extcommunity
vpn-target 10:2 import-extcommunity
#
interface GE1/0/0
undo portswitch
undo shutdown
ip address 123.1.13.3 255.255.255.0
#
interface GE1/0/1
undo shutdown
#
interface GE1/0/1.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Nve1
source 3.3.3.3
vni 10 head-end peer-list protocol bgp
#
bgp 100
undo default ipv4-unicast
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
#
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 123.1.13.3 0.0.0.0
#
检查配置结果
查看OSPF邻居是否建立,路由是否学习到
查看BGP EVPN邻居关系
查看EVPN的3类路由
3类路由详情
同子网,PC1 访问PC2
查看MAC地址表
抓包
2.跨子网通信
- 配置bd20
- 配置VPN实例,配置eIRT,需与EVPN中的ERT值对应,配置3层VNI
- 配置分布式网关,创建vbdif接口,绑定VPN实例,将通过BGP EVPN学习的32位主机路由放到VPN实例中
- 配置BGP通告IRB路由
- vxlan anycast-gateway enable,让设备知道自己是分布式网关
- arp collect host enable,收集32位主机路由并通过EVPN通告
- 创建子接口,接收到vlan tag20的数据封装vxlan
配置
CE1
bgp 100
l2vpn-family evpn
peer 2.2.2.2 advertise irb
peer 3.3.3.3 advertise irb
#
CE2
ip vpn-instance VPN_A
ipv4-family
route-distinguisher 100:2
vpn-target 10:3 import-extcommunity evpn
vpn-target 20:3 import-extcommunity evpn
vxlan vni 1000
#
interface Vbdif10
ip binding vpn-instance VPN_A
ip address 10.1.10.254 255.255.255.0
vxlan anycast-gateway enable
arp collect host enable
#
bgp 100
l2vpn-family evpn
peer 1.1.1.1 advertise irb
#
CE3
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:3
vpn-target 20:3 export-extcommunity
#
ip vpn-instance VPN_A
ipv4-family
route-distinguisher 100:3
vpn-target 10:2 import-extcommunity evpn
vxlan vni 1000
#
interface Vbdif10
ip binding vpn-instance VPN_A
ip address 10.1.10.254 255.255.255.0
vxlan anycast-gateway enable
arp collect host enable
#
interface Vbdif20
ip binding vpn-instance VPN_A
ip address 10.1.20.254 255.255.255.0
vxlan anycast-gateway enable
arp collect host enable
#
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
#
bgp 100
l2vpn-family evpn
peer 1.1.1.1 advertise irb
#
检查配置结果
由于模拟器PC不会主动发送ARP,需要用PC ping 网关地址
查看VPN实例中的路由,学习到32位主机路由
查看EVPN的2类路由
查看mac路由详情
跨子网,PC1 访问PC3
抓包
3.与外部网络通信
- 配置VPN实例,配置eIRT,eERT,3层vni
- 将外部接口绑定VPN实例
- BGP在VPN实例中通告外部网络路由,并配置通告EVPN5类路由
- EVPN中的ERT需与IP VPN中的eIRT对应
- 创建NVE接口,建立3层VxLan隧道
配置
CE1
ipv4-family
route-distinguisher 100:1
vpn-target 100:1 export-extcommunity evpn
vpn-target 10:2 import-extcommunity evpn
vpn-target 10:3 import-extcommunity evpn
vpn-target 20:3 import-extcommunity evpn
vxlan vni 1000
#
bgp 100
ipv4-family vpn-instance VPN_A
network 10.1.1.0 255.255.255.0
advertise l2vpn evpn
#
interface Nve1
source 1.1.1.1
#
CE2
ip vpn-instance VPN_A
ipv4-family
vpn-target 100:1 import-extcommunity evpn
#
CE3
ip vpn-instance VPN_A
ipv4-family
vpn-target 100:1 import-extcommunity evpn
#
检查配置结果
查看3层VxLan隧道
查看VPN实例内路由
查看BGP EVPN学习的5类路由
查看5类路由详情
CE1上学习到32位主机路由(回城路由)
测试PC访问外部网络Server
抓包