ENSP Pro VXLAN EVPN分布式网关部署配置

分布式网关

在BGP EVPN方式部署分布式网关的场景中，控制平面的流程包括VXLAN隧道建立、MAC地址动态学习；转发平面的流程包括同子网已知单播报文转发、同子网BUM报文转发、跨子网报文转发。该方式实现的功能全面，支持主机IP路由通告、主机MAC地址通告、主机ARP通告，可以直接使能ARP广播抑制功能。如果在VXLAN网络中采用分布式网关，推荐使用此方式。

对比集中式网关，分布式网关的arp条目比集中式网关的arp条目少，分布式网关只学习租户侧的arp条目，不学习网络侧的arp条目

拓扑

实验目的

全互联互通，underlay使用OSPF来使底层可达，后使用BGP EVPN传递Type 2（学习MAC和32位的主机路由），Type 3路由（动态发现VTEP，自动建立VXLAN隧道）
创建两个BD，1.0/24在BD1000，2.0/24在BD2000 网关分别为：192.168.1.254/24 192.168.2.254/24

业务接入点

TOR_S-1：
    vlan batch  10 20
    #
    interface GE1/0/1
 		port link-type trunk
 		port trunk allow-pass vlan 10 20
	#
    interface GE1/0/2
    	port link-type access 
 		port default vlan 10
	#
	interface GE1/0/3
    	port link-type access 
 		port default vlan 20

TOR_S-2：
    vlan batch  10 20
    #
    interface GE1/0/1
 		port link-type trunk
 		port trunk allow-pass vlan 10 20
	#
    interface GE1/0/3
    	port link-type access 
 		port default vlan 10
	#
	interface GE1/0/2
    	port link-type access 
 		port default vlan 20

leaf1_CE-3:
	bridge-domain 1000
 		vxlan vni 5010
	#
	bridge-domain 2000
 		vxlan vni 5020
    #
	interface GE1/0/3.10 mode l2
 		encapsulation dot1q vid 10
 		bridge-domain 1000
	#
	interface GE1/0/3.20 mode l2
 		encapsulation dot1q vid 20
 		bridge-domain 2000

leaf1_CE-4:
	bridge-domain 1000
 		vxlan vni 5010
	#
	bridge-domain 2000
 		vxlan vni 5020
    #
	interface GE1/0/3.10 mode l2
 		encapsulation dot1q vid 10
 		bridge-domain 1000
	#
	interface GE1/0/3.20 mode l2
 		encapsulation dot1q vid 20
 		bridge-domain 2000

underlay

leaf1_CE-3:
	interface LoopBack0
 		ip address 1.1.1.1 255.255.255.255
	#
	interface LoopBack1
		 ip address 11.11.11.11 255.255.255.255
    #
	interface GE1/0/1
 		undo portswitch
 		ip address 10.1.1.1 255.255.255.252
 		ospf network-type p2p
	#
	interface GE1/0/2
 		undo portswitch
 		ip address 10.1.1.5 255.255.255.252
 		ospf network-type p2p
    #
	ospf 1 router-id 11.11.11.11
 		area 0.0.0.0
  			network 1.1.1.1 0.0.0.0
  			network 10.1.1.0 0.0.0.255
  			network 11.11.11.11 0.0.0.0

leaf1_CE-4:
	interface LoopBack0
 		ip address 2.2.2.2 255.255.255.255
	#
	interface LoopBack1
		 ip address 22.22.22.22 255.255.255.255
    #
	interface GE1/0/1
 		undo portswitch
 		ip address 10.1.1.9 255.255.255.252
 		ospf network-type p2p
	#
	interface GE1/0/2
 		undo portswitch
 		ip address 10.1.1.13 255.255.255.252
 		ospf network-type p2p
    #
	ospf 1 router-id 22.22.22.22
 		area 0.0.0.0
  			network 2.2.2.2 0.0.0.0
  			network 10.1.1.0 0.0.0.255
  			network 22.22.22.22 0.0.0.0

spine_CE-1：
	interface LoopBack1
		 ip address 33.33.33.33 255.255.255.255
    #
	interface GE1/0/1
 		undo portswitch
 		ip address 10.1.1.2 255.255.255.252
 		ospf network-type p2p
	#
	interface GE1/0/2
 		undo portswitch
 		ip address 10.1.1.10 255.255.255.252
 		ospf network-type p2p
    #
	ospf 1 router-id 33.33.33.33
 		area 0.0.0.0
  			network 10.1.1.0 0.0.0.255
  			network 33.33.33.33 0.0.0.0

spine_CE-2：
	interface LoopBack1
		 ip address 44.44.44.44 255.255.255.255
    #
	interface GE1/0/1
 		undo portswitch
 		ip address 10.1.1.6 255.255.255.252
 		ospf network-type p2p
	#
	interface GE1/0/2
 		undo portswitch
 		ip address 10.1.1.14 255.255.255.252
 		ospf network-type p2p
    #
	ospf 1 router-id 44.44.44.44
 		area 0.0.0.0
  			network 10.1.1.0 0.0.0.255
  			network 44.44.44.44 0.0.0.0

underlay已经完成，ospf邻居已经建立成功

Overlay

leaf1_CE-3:
	evpn-overlay enable 
    #
	ip vpn-instance abc
 		ipv4-family
  			route-distinguisher 1:1
  			vpn-target 11:1 export-extcommunity evpn
  			vpn-target 11:1 import-extcommunity evpn
 		vxlan vni 3000
	#
    bridge-domain 1000
 		vxlan vni 5010
 		evpn
  			route-distinguisher 1000:1
  			vpn-target 5010:1 export-extcommunity
 			vpn-target 11:1 export-extcommunity
  			vpn-target 5010:1 import-extcommunity
	#
    bridge-domain 2000
 		vxlan vni 5020
 		evpn
  			route-distinguisher 2000:1
  			vpn-target 5020:1 export-extcommunity
 			vpn-target 11:1 export-extcommunity
  			vpn-target 5020:1 import-extcommunity
	#
	interface Vbdif1000
    	ip binding vpn-instance abc
 		ip address 192.168.1.254 255.255.255.0
 		mac-address 0000-5e00-0001
 		vxlan anycast-gateway enable
 		arp collect host enable
	#
	interface Vbdif2000
    	ip binding vpn-instance abc
 		ip address 192.168.2.254 255.255.255.0
 		mac-address 0000-5e00-0002
 		vxlan anycast-gateway enable
 		arp collect host enable
	#
	interface Nve1
 		source 1.1.1.1
 		vni 5010 head-end peer-list protocol bgp
 		vni 5020 head-end peer-list protocol bgp
	#
	bgp 65000
 		router-id 11.11.11.11
 		undo default ipv4-unicast
 		peer 33.33.33.33 as-number 65000
 		peer 33.33.33.33 connect-interface LoopBack1
 		peer 44.44.44.44 as-number 65000
 		peer 44.44.44.44 connect-interface LoopBack1
 		l2vpn-family evpn
  			policy vpn-target
  			peer 33.33.33.33 enable
  			peer 33.33.33.33 advertise irb
  			peer 44.44.44.44 enable
  			peer 44.44.44.44 advertise irb

leaf1_CE-4:
	evpn-overlay enable 
    #
	ip vpn-instance abc
 		ipv4-family
  			route-distinguisher 1:2
  			vpn-target 11:1 export-extcommunity evpn
  			vpn-target 11:1 import-extcommunity evpn
 		vxlan vni 3000
	#
    bridge-domain 1000
 		vxlan vni 5010
 		evpn
  			route-distinguisher 1000:2
  			vpn-target 5010:1 export-extcommunity
 			vpn-target 11:1 export-extcommunity
  			vpn-target 5010:1 import-extcommunity
	#
    bridge-domain 2000
 		vxlan vni 5020
 		evpn
  			route-distinguisher 2000:2
  			vpn-target 5020:1 export-extcommunity
 			vpn-target 11:1 export-extcommunity
  			vpn-target 5020:1 import-extcommunity
	#
	interface Vbdif1000
    	ip binding vpn-instance abc
 		ip address 192.168.1.254 255.255.255.0
 		mac-address 0000-5e00-0001
 		vxlan anycast-gateway enable
 		arp collect host enable
	#
	interface Vbdif2000
    	ip binding vpn-instance abc
 		ip address 192.168.2.254 255.255.255.0
 		mac-address 0000-5e00-0002
 		vxlan anycast-gateway enable
 		arp collect host enable
	#
	interface Nve1
 		source 2.2.2.2
 		vni 5010 head-end peer-list protocol bgp
 		vni 5020 head-end peer-list protocol bgp
	#
	bgp 65000
 		router-id 22.22.22.22
 		undo default ipv4-unicast
 		peer 33.33.33.33 as-number 65000
 		peer 33.33.33.33 connect-interface LoopBack1
 		peer 44.44.44.44 as-number 65000
 		peer 44.44.44.44 connect-interface LoopBack1
 		l2vpn-family evpn
  			policy vpn-target
  			peer 33.33.33.33 enable
  			peer 33.33.33.33 advertise irb
  			peer 44.44.44.44 enable
  			peer 44.44.44.44 advertise irb

spine_CE-1：
	bgp 65000
 		router-id 33.33.33.33
 		undo default ipv4-unicast
 		peer 11.11.11.11 as-number 65000
 		peer 11.11.11.11 connect-interface LoopBack1
        peer 22.22.22.22 as-number 65000
 		peer 22.22.22.22 connect-interface LoopBack1
 		l2vpn-family evpn
  			undo policy vpn-target
  			peer 11.11.11.11 enable
  			peer 11.11.11.11 advertise irb
  			peer 11.11.11.11 reflect-client
  			peer 22.22.22.22 enable
  			peer 22.22.22.22 advertise irb
  			peer 22.22.22.22 reflect-client

spine_CE-2：
	bgp 65000
 		router-id 44.44.44.44
 		undo default ipv4-unicast
 		peer 11.11.11.11 as-number 65000
 		peer 11.11.11.11 connect-interface LoopBack1
        peer 22.22.22.22 as-number 65000
 		peer 22.22.22.22 connect-interface LoopBack1
 		l2vpn-family evpn
  			undo policy vpn-target
  			peer 11.11.11.11 enable
  			peer 11.11.11.11 advertise irb
  			peer 11.11.11.11 reflect-client
  			peer 22.22.22.22 enable
  			peer 22.22.22.22 advertise irb
  			peer 22.22.22.22 reflect-client

验证

当leaf1_CE-3的VBDIF接口有了租户的ARP表项后，会通过BGP EVPN的Type 2传递32位的主机路由给对等体

下一跳为leaf1_CE-3的VTEP IP（NVE IP)，但是如果leaf1_CE-3租户的arp表项超时了，该路由也会撤销。MAC表也是类似的，当leaf1_CE-3租户的MAC超时，leaf2_CE-4上对应从EVPN Type2学到的MAC表也是撤销

Spine有两个并且都作为RR为什么只有一条呢？