华为EVPN动态建立Vxlan隧道-分布式网关

最新推荐文章于 2024-03-15 16:40:41 发布

I love this bad girl

最新推荐文章于 2024-03-15 16:40:41 发布

阅读量1k

点赞数 2

文章标签：华为

本文链接：https://blog.csdn.net/qq_55707182/article/details/131051739

版权

一、拓扑

二、目的

PC1和其他几个PC是同一租户的虚拟机，要能相互访问

三、配置

1、底层网络

SW1配置

SW2配置

CE2配置
interface GE1/0/1
 undo portswitch
 undo shutdown
 ip address 10.1.12.2 255.255.255.0

interface LoopBack0
 ip address 2.2.2.2 255.255.255.255

ospf 1 router-id 2.2.2.2
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 10.1.12.0 0.0.0.255

CE1配置

interface GE1/0/0
 undo portswitch
 undo shutdown
 ip address 10.1.12.1 255.255.255.0
#
interface GE1/0/1
 undo portswitch
 undo shutdown
 ip address 10.1.13.1 255.255.255.0

ospf 1 router-id 1.1.1.1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 10.1.12.0 0.0.0.255
  network 10.1.13.0 0.0.0.255

CE3配置

interface GE1/0/1
 undo portswitch
 undo shutdown
 ip address 10.1.13.3 255.255.255.0

interface LoopBack0
 ip address 3.3.3.3 255.255.255.255

ospf 1 router-id 3.3.3.3
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 10.1.13.0 0.0.0.255

2、配置EVPN

CE2配置

evpn-overlay enable           全局开启EVPN

bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  peer 3.3.3.3 enable
 #
 l2vpn-family evpn            CE2和CE3建立BGP EVPN邻居关系可通过dis bgp evpn peer查看
  policy vpn-target
  peer 3.3.3.3 enable
  peer 3.3.3.3 advertise irb 配置对BGP EVPN邻居通告type2的IRB路由

bridge-domain 10    创建BD域（同一租户的每一个子网创建一个BD域 100:1和100：2的RT用于同子网互访，100:100的RT用于同一租户跨子网互访）
 vxlan vni 10       二层vni
 evpn
  route-distinguisher 100:1 
  vpn-target 100:1 export-extcommunity           
  vpn-target 100:100 export-extcommunity
  vpn-target 100:1 import-extcommunity

#
bridge-domain 20 创建BD域
 vxlan vni 20
 evpn
  route-distinguisher 100:2
  vpn-target 100:2 export-extcommunity
  vpn-target 100:100 export-extcommunity
  vpn-target 100:2 import-extcommunity

interface GE1/0/0.10 mode l2 配置二层子接口
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface GE1/0/0.20 mode l2
 encapsulation dot1q vid 20
 bridge-domain 20

ip vpn-instance A   创建VPN实例，一个VPN实例代表一个租户
 ipv4-family
  route-distinguisher 100:1
  vpn-target 100:100 import-extcommunity evpn
 vxlan vni 99     三层vni

interface Vbdif10 
 ip binding vpn-instance A  绑定vpn实例
 ip address 192.168.1.254 255.255.255.0
 arp distribute-gateway enable
 arp collect host enable
#
interface Vbdif20
 ip binding vpn-instance A  绑定vpn实例
 ip address 192.168.2.254 255.255.255.0
 arp distribute-gateway enable 开启分布式网关功能
 arp collect host enable  开启主机信息搜集的功能

interface Nve1
 source 2.2.2.2  指定隧道源IP
 vni 10 head-end peer-list protocol bgp 对端目的IP通过BGP动态建立，因为不知道要和谁建立，所以这个事情交给BGP做
 vni 20 head-end peer-list protocol bgp 对端目的IP通过BGP动态建立

CE3配置（和CE2类似）

evpn-overlay enable
#
ip vpn-instance A
 ipv4-family
  route-distinguisher 100:1
  vpn-target 100:100 import-extcommunity evpn
 vxlan vni 99
#
bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 100:1
  vpn-target 100:1 export-extcommunity
  vpn-target 100:100 export-extcommunity
  vpn-target 100:1 import-extcommunity
#
bridge-domain 20
 vxlan vni 20
 evpn
  route-distinguisher 100:2
  vpn-target 100:2 export-extcommunity
  vpn-target 100:100 export-extcommunity
  vpn-target 100:2 import-extcommunity
interface Vbdif10
 ip binding vpn-instance A
 ip address 192.168.1.254 255.255.255.0
 arp distribute-gateway enable
 arp collect host enable
#
interface Vbdif20
 ip binding vpn-instance A
 ip address 192.168.2.254 255.255.255.0
 arp distribute-gateway enable
 arp collect host enable

interface GE1/0/0.10 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface GE1/0/0.20 mode l2
 encapsulation dot1q vid 20
 bridge-domain 20
#
interface Nve1
 source 3.3.3.3
 vni 10 head-end peer-list protocol bgp
 vni 20 head-end peer-list protocol bgp
bgp 100
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack0
 #
 ipv4-family unicast
  peer 2.2.2.2 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 2.2.2.2 enable
  peer 2.2.2.2 advertise irb

三、验证