Underlay通过OSPF互联,Overlay通过BGP EVPN建立隧道
Leaf1和Leaf2分别与Spine建立IBGP邻居关系,Spine作为路由反射器RR
Leaf1,Leaf2和Spine分别使用lo b接口地址作为VTEP地址和BGP EVPN源地址
Leaf1的VTEP地址为1.1.1.1/32
Leaf2的VTEP地址为2.2.2.2/32
Spine的VTEP地址为3.3.3.3/32
Vlan10的子网范围为192.168.10.0/24,网关地址为192.168.10.1
Vlan20的子网范围为192.168.20.0/24,网关地址为192.168.20.1
网关部署在spine上
Vlan10子网对应的VNI为10
Vlan20子网对应的VNI为20
双方Vlan20子网设备(PC2和PC3)能够直接通过Leaf1和Leaf2建立的VXLAN隧道通信
vlan10中的pc可以ping通vlan 20中的pc,vlan10和20的网关都在最上面核心上面。
spine配置:
evpn-overlay enable
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:3
vpn-target 10:3 export-extcommunity
vpn-target 10:1 import-extcommunity
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:3
vpn-target 20:3 export-extcommunity
vpn-target 20:2 import-extcommunity
interface Vbdif10
ip address 192.168.10.1 255.255.255.0
interface Vbdif20
ip address 192.168.20.1 255.255.255.0
interface MEth0/0/0
undo shutdown
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.12.1 255.255.255.0
ospf network-type p2p
interface GE1/0/1
undo portswitch
undo shutdown
ip address 10.0.13.1 255.255.255.0
ospf network-type p2p
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
interface Nve1
source 3.3.3.3
vni 10 head-end peer-list protocol bgp
vni 20 head-end peer-list protocol bgp
interface NULL0
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
ipv4-family unicast
undo peer 1.1.1.1 enable
undo peer 2.2.2.2 enable
l2vpn-family evpn
undo policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.12.1 0.0.0.0
network 10.0.13.1 0.0.0.0
leaf1节点配置:
evpn-overlay enable
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:1
vpn-target 10:1 export-extcommunity
vpn-target 10:3 import-extcommunity
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:1
vpn-target 20:1 export-extcommunity
vpn-target 20:2 import-extcommunity
interface MEth0/0/0
undo shutdown
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.12.2 255.255.255.0
ospf network-type p2p
interface GE1/0/1
undo shutdown
interface GE1/0/1.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
interface Nve1
source 1.1.1.1
vni 10 head-end peer-list protocol bgp
vni 20 head-end peer-list protocol bgp
interface NULL0
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
undo peer 3.3.3.3 enable
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.12.2 0.0.0.0
leaf2节点配置:
evpn-overlay enable
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:2
vpn-target 20:2 export-extcommunity
vpn-target 20:3 import-extcommunity
vpn-target 20:1 import-extcommunity
interface MEth0/0/0
undo shutdown
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.13.3 255.255.255.0
ospf network-type p2p
interface GE1/0/1
undo shutdown
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
interface Nve1
source 2.2.2.2
vni 20 head-end peer-list protocol bgp
interface NULL0
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
undo peer 3.3.3.3 enable
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.13.3 0.0.0.0
查看双方vxlan隧道建立
pc1和网关及其它vlan通信测试ping测试
注意:因为ENSP存在BUG,当一个bridge-domain下存在2个import方向的RT值时,无法正常工作,所以我们需要在Leaf2上删除掉同子网通信的IRT值再测试才行,把红色那条先undo掉再测试