【华三】VXLAN 分布式网关EVPN实验
分布式网关转发
分布式网关的VTEP设备同时支持二层转发和三层转发,成为集成桥接和路由,即IRB转发;IRB转发可以分为对称IRB和非对称IRB;
对称IRB转发
入口网关和出口网关上的处理方式相同
对于二层流量,入口网关和出口网关都只进行二层转发,即查看MAC表;
对于三层流量,入口网关和出口网关都只进行三层转发,即查看IP路由表。
该模式每一台分布式网关只需要配置其下主机所在VNI的VSI信息和所在VRF的L3 VNI信息,且不需要维护本租户内的所有主机的ARP,只需要维护少量的其他分布式网关对应的MAC即可。
对称IRB转发引入以下两个概念:
L3 VNI(Layer 3 VNI)
在不同VTEP设备需要设置相同的L3VNI,该设备会基于L3VNI自动创建一个VSI实例,才能学习到各自的主机路由
在分布式网关的场景,通过L3 VNI来表示不同VXLAN的业务是否可以互访,即标识路由域(关联同一个VPN实例),通过VPN实例确保不同租户之间的业务隔离;作用类似MPLS L3VPN的私网标签(查看ILM表),目的是来查找哪个VPN实例
Route MAC
在分布式网关的场景,网关的Route MAC,用来唯一标识 不同的网关设备,用于网关之间通过VXLAN隧道转发三层流量
非对称IRB转发
入口网关和出口网关上的处理方式不同,
入口网关需要同时进行二层和三层转发;
而出口网关只进行二层转发。
该模式要求每一台分布式网关需要配置EVPN网络内所有VNI的VSI信息,且要求每一台分布式网关维护本租户内所有主机的ARP
EVPN的常用路由类型
类型1
RT-1:以太自动发现路由(Ethernet Auto-Discovery Route)
例如:发现自己是否连接同一个站点(CE)
主要用于多归属场景中,通告ES信息和servicelD信息
作用
① 实现环路避免
② 负载分担
③ 快速收敛
类型2
RT-2:MAC/IP发布路由(MAC/IP Advertisement Route)
有些场景发布MAC路由,有些场景发布主机路由
作用
① 通告MAC地址和主机路由信息(即ARP信息和ND信息)
② 自动同步MAC表项或ARP表项
③ 指导单播帧的转发
类型3
RT-3:包含性组播以太网标签路由,又称为IMET 路由(Inclusive Multicast Route )
例如:隧道的建立
作用
① 携带本端PE上EVPN实例的RD和RT值,以及SourcelP和PMSl(Provider Multicast Service Interface)信息
② 通告VTEP及其所属VXLAN,在EVPN VXLAN组网中实现VTEP自动发现、自动建立VXLAN隧道、自动创建VXLAN广播表等。VXLAN广播表的作用是用来指导BUM帧的转发:当VTEP设备收到BUM报文时,按照VXLAN广播表只会发送给已经和它建立VXLAN的VTEP设备
③ 在EVPN VPLS组网中用来通告PE信息,实现PE的自动发现、自动建立PW。
类型4
RT-4:以太网段路由(Ethernet Segment Route )
多归属场景下
作用
① 通告本端PE上的EVPN实例的RD值、ESI值和Source IP地址
② 用于ESI成员的发现
③ 在冗余组中进行DF的选举,只有DF设备才会将收到的BUM帧转发给内部设备(外部BUM帧)
类型5
RT-5:IP前缀路由(IP Prefix Route)
作用
① 用来通告路由信息
② 用于MPLS 环境,架设L3VPN
③ 分布式网关场景发布外部路由到VXLAN内部网络
实验
配置
通过用EVPN的方式来实现VXLAN的分布式网关部署,R1、R3、R4都为网关,R4为Border;实现内部用户能够互访,并且通过R4来进行访问互联网
L3VNI统一为1000;
vpna的Route-MAC为0010-0010-0010
vpnb的Route-MAC为0020-0020-0020
vpnc的Route-MAC为0030-0030-0030
PC1、PC4是属于VLAN10、归属于VSI实例vpna,VNI为5010
PC2、PC5是属于VLAN20、归属于VSI实例vpnb,VNI为5020
PC3、PC6、PC7是属于VLAN30、归属于VSI实例vpnc,VNI为5030
拓扑
设备型号
环境:HCL 5.10.3
路由器:MSR36-20
配置步骤
① 内部IGP全网互通(OSPF)
② 开启L2VPN功能,配置VSI实例,关联VNI
并将EVPN的封装模式设置为VXLAN,再设置自动添加RD、RT值
③ 与RR反射器“R2”建立EVPN邻居关系,传递EVPN路由
④ 关联接口到VSI实例中(AC),匹配用户流量,并关联相对应的VSI实例
⑤ 创建VPN实例,设置IPv4和EVPN地址家族的RT值
⑥ 在不同VTEP设备上创建相同的VSI接口以及设置相同的MAC地址,再关联相同的VPN实例中,并开启分布式网关功能
⑦ 创建L3VNI接口,关联到VPN实例同时绑定L3VNI标识
⑧ 将VSI接口绑定到相对应的VSI实例中
R1
# I IGP全网互通[R1]int g0/0[R1-GigabitEthernet0/0]ip address 192.168.12.124[R1-GigabitEthernet0/0]quit
[R1]int LoopBack 0[R1-LoopBack0]ip address 10.255.1.132[R1-LoopBack0]quit
[R1]int range g0/0 LoopBack 0[R1-if-range]ospf 1 area 0[R1-if-range]quit
# II 开启L2VPN功能[R1]l2vpn enable
[R1]vsi vpna ## 创建VSI vpna
[R1-vsi-vpna]vxlan 5010 ## 关联VNI 5010[R1-vsi-vpna-vxlan-5010]quit
[R1-vsi-vpna]evpn encapsulation vxlan ## 将EVPN的封装模式设置为VXLAN
[R1-vsi-vpna-evpn-vxlan]route-distinguisher auto ## RD值自动设置
[R1-vsi-vpna-evpn-vxlan]vpn-target auto ## RT值自动设置
[R1-vsi-vpna-evpn-vxlan]quit
[R1-vsi-vpna]quit
[R1]vsi vpnb
[R1-vsi-vpnb]vxlan 5020[R1-vsi-vpnb-vxlan-5020]quit
[R1-vsi-vpnb]evpn encapsulation vxlan
[R1-vsi-vpnb-evpn-vxlan]route-distinguisher auto
[R1-vsi-vpnb-evpn-vxlan]vpn-target auto
[R1-vsi-vpnb-evpn-vxlan]quit
[R1-vsi-vpnb]quit
[R1]vsi vpnc
[R1-vsi-vpnc]vxlan 5030[R1-vsi-vpnc-vxlan-5030]quit
[R1-vsi-vpnc]evpn encapsulation vxlan
[R1-vsi-vpnc-evpn-vxlan]route-distinguisher auto
[R1-vsi-vpnc-evpn-vxlan]vpn-target auto
[R1-vsi-vpnc-evpn-vxlan]quit
[R1-vsi-vpnc]quit
# III 与RR反射器建立EVPN邻居关系,传递EVPN路由[R1]bgp 100[R1-bgp-default]peer 10.255.1.2as-number 100[R1-bgp-default]peer 10.255.1.2 connect-interfaceLoopBack0[R1-bgp-default]address-family l2vpn evpn
[R1-bgp-default-evpn]peer 10.255.1.2 enable
[R1-bgp-default-evpn]quit
[R1-bgp-default]quit
# IV 关联接口到VSI实例中(AC),匹配用户流量[R1]int g0/1.10 ## 进入单臂路由子接口
[R1-GigabitEthernet0/1.10]vlan-type dot1q vid 10 ## vlan-tag 为10[R1-GigabitEthernet0/1.10]xconnect vsi vpna ## 关联VSI实例
[R1-GigabitEthernet0/1.10]quit
[R1]int g0/1.20[R1-GigabitEthernet0/1.20]vlan-type dot1q vid 20[R1-GigabitEthernet0/1.20]xconnect vsi vpnb
[R1-GigabitEthernet0/1.20]quit
[R1]int g0/1.30[R1-GigabitEthernet0/1.30]vlan-type dot1q vid 30[R1-GigabitEthernet0/1.30]xconnect vsi vpnc
[R1-GigabitEthernet0/1.30]quit
# V 创建VPN实例,设置IPv4和EVPN地址家族的RT值# IPv4地址家族RT值:接收IP前缀路由,访问外部网络(类型5)# EVPN地址家族RT值:接收主机路由的(类型2) [R1]ip vpn-instance CA
[R1-vpn-instance-CA]route-distinguisher 1:100 ## 设置RD值
[R1-vpn-instance-CA]address-family ipv4 ## 进入IPv4地址家族
[R1-vpn-ipv4-CA]vpn-target 1:1 ## 设置RT的进出值都为1:1[R1-vpn-ipv4-CA]quit
[R1-vpn-instance-CA]address-family evpn ## 进入EVPN地址家族
[R1-vpn-evpn-CA]vpn-target 2:2 ## 设置RT的进出值都为2:2[R1-vpn-evpn-CA]quit
[R1-vpn-instance-CA]quit
# VI 创建VSI接口[R1]int Vsi-interface10 ## 创建VSI接口10[R1-Vsi-interface10]ip binding vpn-instance CA ## 绑定VPN实例CA
[R1-Vsi-interface10]ip address 192.168.10.25424 ## 配置相对应用户的网关地址
[R1-Vsi-interface10]mac-address 10-10-10 ## 配置网关的Route-MAC地址
[R1-Vsi-interface10]distributed-gateway local ## 开启分布式网关功能
[R1-Vsi-interface10]quit
[R1]int Vsi-interface20[R1-Vsi-interface20]ip binding vpn-instance CA
[R1-Vsi-interface20]ip address 192.168.20.25424[R1-Vsi-interface20]mac-address 20-20-20[R1-Vsi-interface20]distributed-gateway local
[R1-Vsi-interface20]quit
[R1]int Vsi-interface30[R1-Vsi-interface30]ip binding vpn-instance CA
[R1-Vsi-interface30]ip address 192.168.30.25424[R1-Vsi-interface30]mac-address 30-30-30[R1-Vsi-interface30]distributed-gateway local
[R1-Vsi-interface30]quit
# VII 创建L3VNI接口[R1]int Vsi-interface100 ## VSI接口为100[R1-Vsi-interface100]ip binding vpn-instance CA ## 绑定VPN实例CA
[R1-Vsi-interface100]l3-vni 1000 ## 设置L3VNI为1000[R1-Vsi-interface100]quit
# VIII 将VSI接口绑定到相对应的VSI实例中[R1]vsi vpna
[R1-vsi-vpna]gateway Vsi-interface10[R1-vsi-vpna]quit
[R1]vsi vpnb
[R1-vsi-vpnb]gateway Vsi-interface20[R1-vsi-vpnb]quit
[R1]vsi vpnc
[R1-vsi-vpnc]gateway Vsi-interface30[R1-vsi-vpnc]quit
R2
[R2]int g0/0[R2-GigabitEthernet0/0]ip address 192.168.12.224[R2-GigabitEthernet0/0]quit
[R2]int g0/1[R2-GigabitEthernet0/1]ip address 192.168.23.224[R2-GigabitEthernet0/1]quit
[R2]int g0/2[R2-GigabitEthernet0/2]ip address 192.168.24.224[R2-GigabitEthernet0/2]quit
[R2]int lo0
[R2-LoopBack0]ip address 10.255.1.232[R2-LoopBack0]quit
[R2]int range g0/0 g0/1 g0/2 lo0
[R2-if-range]ospf 1 area 0[R2-if-range]quit
[R2]bgp 100[R2-bgp-default]peer 10.255.1.1as-number 100[R2-bgp-default]peer 10.255.1.1 connect-interfaceLoopBack0[R2-bgp-default]peer 10.255.1.3as-number 100[R2-bgp-default]peer 10.255.1.3 connect-interfaceLoopBack0[R2-bgp-default]peer 10.255.1.4as-number 100[R2-bgp-default]peer 10.255.1.4 connect-interfaceLoopBack0[R2-bgp-default]address-family l2vpn evpn
[R2-bgp-default-evpn]undo policy vpn-target
[R2-bgp-default-evpn]peer 10.255.1.1 enable
[R2-bgp-default-evpn]peer 10.255.1.1 reflect-client
[R2-bgp-default-evpn]peer 10.255.1.3 enable
[R2-bgp-default-evpn]peer 10.255.1.3 reflect-client
[R2-bgp-default-evpn]peer 10.255.1.4 enable
[R2-bgp-default-evpn]peer 10.255.1.4 reflect-client
[R2-bgp-default-evpn]quit
[R2-bgp-default]quit
R3
[R3]int g0/0[R3-GigabitEthernet0/0]ip address 192.168.23.324[R3-GigabitEthernet0/0]quit
[R3]int lo0
[R3-LoopBack0]ip address 10.255.1.324[R3-LoopBack0]quit
[R3]int range lo0 g0/0[R3-if-range]ospf 1 area 0[R3-if-range]quit
[R3]l2vpn enable
[R3]vsi vpna
[R3-vsi-vpna]vxlan 5010[R3-vsi-vpna-vxlan-5010]quit
[R3-vsi-vpna]evpn encapsulation vxlan
[R3-vsi-vpna-evpn-vxlan]route-distinguisher auto
[R3-vsi-vpna-evpn-vxlan]vpn-target auto
[R3-vsi-vpna-evpn-vxlan]quit
[R3vsi vpnb
[R3-vsi-vpnb]vxlan 5020[R3-vsi-vpnb-vxlan-5020]quit
[R3-vsi-vpnb]evpn encapsulation vxlan
[R3-vsi-vpnb-evpn-vxlan]route-distinguisher auto
[R3-vsi-vpnb-evpn-vxlan]vpn-target auto
[R3-vsi-vpnb-evpn-vxlan]quit
[R3-vsi-vpnb]quit
[R3]vsi vpnc
[R3-vsi-vpnc]vxlan 5030[R3-vsi-vpnc-vxlan-5030]quit
[R3-vsi-vpnc]evpn encapsulation vxlan
[R3-vsi-vpnc-evpn-vxlan]route-distinguisher auto
[R3-vsi-vpnc-evpn-vxlan]vpn-target auto
[R3-vsi-vpnc-evpn-vxlan]quit
[R3-vsi-vpnc]quit
[R3]bgp 100[R3-bgp-default]peer 10.255.1.2as-number 100[R3-bgp-default]peer 10.255.1.2 connect-interfaceLoopBack0[R3-bgp-default]address-family l2vpn evpn
[R3-bgp-default-evpn]peer 10.255.1.2 enable
[R3-bgp-default-evpn]quit
[R3-bgp-default]quit
[R3]int g0/1.10[R3-GigabitEthernet0/1.10]vlan-type dot1q vid 10[R3-GigabitEthernet0/1.10]xconnect vsi vpna
[R3-GigabitEthernet0/1.10]quit
[R3]int g0/1.20[R3-GigabitEthernet0/1.20]vlan-type dot1q vid 20[R3-GigabitEthernet0/1.20]xconnect vsi vpnb
[R3-GigabitEthernet0/1.20]quit
[R3]int g0/1.30[R3-GigabitEthernet0/1.30]vlan-type dot1q vid 30[R3-GigabitEthernet0/1.30]xconnect vsi vpnc
[R3-GigabitEthernet0/1.30]quit
[R3]ip vpn-instance CA
[R3-vpn-instance-CA]route-distinguisher 1:100[R3-vpn-instance-CA]address-family ipv4
[R3-vpn-ipv4-CA]vpn-target 1:1[R3-vpn-ipv4-CA]quit
[R3-vpn-instance-CA]address-family evpn
[R3-vpn-evpn-CA]vpn-target 2:2[R3-vpn-evpn-CA]quit
[R3-vpn-instance-CA]quit
[R3]int Vsi-interface10[R3-Vsi-interface10]ip binding vpn-instance CA
[R3-Vsi-interface10]ip address 192.168.10.25424[R3-Vsi-interface10]mac-address 10-10-10[R3-Vsi-interface10]distributed-gateway local
[R3-Vsi-interface10]quit
[R3]int Vsi-interface20[R3-Vsi-interface20]ip binding vpn-instance CA
[R3-Vsi-interface20]ip address 192.168.20.25424[R3-Vsi-interface20]mac-address 20-20-20[R3-Vsi-interface20]distributed-gateway local
[R3-Vsi-interface20]quit
[R3]int Vsi-interface30[R3-Vsi-interface30]ip binding vpn-instance CA
[R3-Vsi-interface30]ip address 192.168.30.25424[R3-Vsi-interface30]mac-address 30-30-30[R3-Vsi-interface30]distributed-gateway local
[R3-Vsi-interface30]quit
[R3]int Vsi-interface100[R3-Vsi-interface100]ip binding vpn-instance CA
[R3-Vsi-interface100]l3-vni 1000[R3-Vsi-interface100]quit
[R3]vsi vpna
[R3-vsi-vpna]gateway Vsi-interface10[R3-vsi-vpna]quit
[R3]vsi vpnb
[R3-vsi-vpnb]gateway Vsi-interface20[R3-vsi-vpnb]quit
[R3]vsi vpnc
[R3-vsi-vpnc]gateway Vsi-interface30[R3-vsi-vpnc]quit
R4
[R4]int g0/0[R4-GigabitEthernet0/0]ip address 192.168.24.424[R4-GigabitEthernet0/0]quit
[R4]int lo0
[R4-LoopBack0]ip address 10.255.1.432[R4-LoopBack0]quit
[R4]int range g0/0 lo0
[R4-if-range]ospf 1 area 0[R4-if-range]quit
[R4]l2vpn enable
[R4]vsi vpna
[R4-vsi-vpna]vxlan 5010[R4-vsi-vpna-vxlan-5010]quit
[R4-vsi-vpna]evpn encapsulation vxlan
[R4-vsi-vpna-evpn-vxlan]route-distinguisher auto
[R4-vsi-vpna-evpn-vxlan]vpn-target auto
[R4-vsi-vpna-evpn-vxlan]quit
[R4-vsi-vpna]quit
[R4]vsi vpnb
[R4-vsi-vpnb]vxlan 5020[R4-vsi-vpnb-vxlan-5020]quit
[R4-vsi-vpnb]evpn encapsulation vxlan
[R4-vsi-vpnb-evpn-vxlan]route-distinguisher auto
[R4-vsi-vpnb-evpn-vxlan]vpn-target auto
[R4-vsi-vpnb-evpn-vxlan]quit
[R4-vsi-vpnb]quit
[R4]vsi vpnc
[R4-vsi-vpnc]vxlan 5030[R4-vsi-vpnc-vxlan-5030]quit
[R4-vsi-vpnc]evpn encapsulation vxlan
[R4-vsi-vpnc-evpn-vxlan]route-distinguisher auto
[R4-vsi-vpnc-evpn-vxlan]vpn-target auto
[R4-vsi-vpnc-evpn-vxlan]quit
[R4-vsi-vpnc]quit
[R4]bgp 100[R4-bgp-default]peer 10.255.1.2as-number 100[R4-bgp-default]peer 10.255.1.2 connect-interfaceLoopBack0[R4-bgp-default]address-family l2vpn evpn
[R4-bgp-default-evpn]peer 10.255.1.2 enable
[R4-bgp-default-evpn]quit
[R4-bgp-default]quit
[R4]ip vpn-instance CA
[R4-vpn-instance-CA]route-distinguisher 1:100[R4-vpn-instance-CA]address-family ipv4
[R4-vpn-ipv4-CA]vpn-target 1:1[R4-vpn-ipv4-CA]quit
[R4-vpn-instance-CA]address-family evpn
[R4-vpn-evpn-CA]vpn-target 2:2[R4-vpn-evpn-CA]quit
[R4-vpn-instance-CA]quit
[R4]int Vsi-interface10[R4-Vsi-interface10]ip binding vpn-instance CA
[R4-Vsi-interface10]ip address 192.168.10.25424[R4-Vsi-interface10]mac-address 10-10-10[R4-Vsi-interface10]distributed-gateway local
[R4-Vsi-interface10]quit
[R4]int Vsi-interface20[R4-Vsi-interface20]ip binding vpn-instance CA
[R4-Vsi-interface20]ip address 192.168.20.25424[R4-Vsi-interface20]mac-address 20-20-20[R4-Vsi-interface20]distributed-gateway local
[R4-Vsi-interface20]quit
[R4]int Vsi-interface30[R4-Vsi-interface30]ip binding vpn-instance CA
[R4-Vsi-interface30]ip address 192.168.30.25424[R4-Vsi-interface30]mac-address 30-30-30[R4-Vsi-interface30]distributed-gateway local
[R4-Vsi-interface30]quit
[R4]int Vsi-interface100[R4-Vsi-interface100]ip binding vpn-instance CA
[R4-Vsi-interface100]l3-vni 1000[R4-Vsi-interface100]quit
[R4]vsi vpna
[R4-vsi-vpna]gateway Vsi-interface10[R4-vsi-vpna]quit
[R4]vsi vpnb
[R4-vsi-vpnb]gateway Vsi-interface20[R4-vsi-vpnb]quit
[R4]vsi vpnc
[R4-vsi-vpnc]gateway Vsi-interface30[R4-vsi-vpnc]quit
访问互联网
# I 内部不同VPN实例用户需要注意好[R4]int g0/1[R4-GigabitEthernet0/1]ip binding vpn-instance CA
[R4-GigabitEthernet0/1]ip address 202.101.1.224[R4-GigabitEthernet0/1]quit
[R4]acl basic 2000[R4-acl-ipv4-basic-2000]rule permit source 192.168.10.00.0.0.255 vpn-instance CA
[R4-acl-ipv4-basic-2000]rule permit source 192.168.20.00.0.0.255 vpn-instance CA
[R4-acl-ipv4-basic-2000]rule permit source 192.168.30.00.0.0.255 vpn-instance CA
[R4-acl-ipv4-basic-2000]quit
[R4]int g0/1[R4-GigabitEthernet0/1]nat outbound 2000 vpn-instance CA
[R4-GigabitEthernet0/1]quit
[R4]ip route-static vpn-instance CA 0.0.0.00202.101.1.1# II 将默认路由引入内部[R4]bgp 100[R4-bgp-default]ip vpn-instance CA
[R4-bgp-default-CA]address-family ipv4
[R4-bgp-default-ipv4-CA]import-route static[R4-bgp-default-ipv4-CA]default-route imported
[R4-bgp-default-ipv4-CA]quit
[R4-bgp-default-CA]quit
[R4-bgp-default]quit
SW1
[SW1]vlan 102030[SW1]int g1/0/1[SW1-GigabitEthernet1/0/1]port link-type trunk
[SW1-GigabitEthernet1/0/1]port trunk permit vlan 102030[SW1-GigabitEthernet1/0/1]quit
[SW1]int g1/0/2[SW1-GigabitEthernet1/0/2]port link-type access
[SW1-GigabitEthernet1/0/2]port access vlan 10[SW1-GigabitEthernet1/0/2]quit
[SW1]int g1/0/3[SW1-GigabitEthernet1/0/3]port link-type access
[SW1-GigabitEthernet1/0/3]port access vlan 20[SW1-GigabitEthernet1/0/3]quit
[SW1]int g1/0/4[SW1-GigabitEthernet1/0/4]port link-type access
[SW1-GigabitEthernet1/0/4]port access vlan 30[SW1-GigabitEthernet1/0/4]quit
SW2
[SW2]vlan 102030[SW2]int g1/0/1[SW2-GigabitEthernet1/0/1]port link-type trunk
[SW2-GigabitEthernet1/0/1]port trunk permit vlan 102030[SW2-GigabitEthernet1/0/1]quit
[SW2]int g1/0/2[SW2-GigabitEthernet1/0/2]port link-type access
[SW2-GigabitEthernet1/0/2]port access vlan 10[SW2-GigabitEthernet1/0/2]quit
[SW2]int g1/0/3[SW2-GigabitEthernet1/0/3]port link-type access
[SW2-GigabitEthernet1/0/3]port access vlan 20[SW2-GigabitEthernet1/0/3]quit
[SW2]int g1/0/4[SW2-GigabitEthernet1/0/4]port link-type access
[SW2-GigabitEthernet1/0/4]port access vlan 30[SW2-GigabitEthernet1/0/4]quit
[SW2]int g1/0/5[SW2-GigabitEthernet1/0/5]port link-type access
[SW2-GigabitEthernet1/0/5]port access vlan 30[SW2-GigabitEthernet1/0/5]quit
PC
测试
检查
查看学到的路由
[R1]display bgp l2vpn evpn
通过该命令可以查看到,该环境中用到了哪些EVPN的类型路由
VXLAN隧道建立情况
[R1]display vxlan tunnel
L2VPN的MAC学习情况
网关的ARP表项
只维护网关的MAC地址
抓包
在R1的G0/0接口上开启抓包
将R3的G0/0接口shutdown后,再undo shutdown,再等一会,抓update报文即可看到以下的信息,主要是有EVPN路由类型2、路由类型3
路由类型5主要是传递外部路由(上网的默认路由),需要将R4的G0/0接口shutdown后再undo shutdown才能从update报抓到
配置文档
R1
#
sysname R1
#
ip vpn-instance CA
route-distinguisher 1:100#
address-family ipv4
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family evpn
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
l2vpn enable
#
vsi vpna
gateway vsi-interface10
vxlan 5010
quit
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface20
vxlan 5020
quit
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnc
gateway vsi-interface30
vxlan 5030
quit
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#interfaceLoopBack0
ip address 10.255.1.1255.255.255.255
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/0
ip address 192.168.12.1255.255.255.0
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/1.10
vlan-type dot1q vid 10
xconnect vsi vpna
#interfaceGigabitEthernet0/1.20
vlan-type dot1q vid 20
xconnect vsi vpnb
#interfaceGigabitEthernet0/1.30
vlan-type dot1q vid 30
xconnect vsi vpnc
#interfaceVsi-interface10
ip binding vpn-instance CA
ip address 192.168.10.254255.255.255.0
mac-address 0010-0010-0010
distributed-gateway local
# interfaceVsi-interface20
ip binding vpn-instance CA
ip address 192.168.20.254255.255.255.0
mac-address 0020-0020-0020
distributed-gateway local
#interfaceVsi-interface30
ip binding vpn-instance CA
ip address 192.168.30.254255.255.255.0
mac-address 0030-0030-0030
distributed-gateway local
#interfaceVsi-interface100
ip binding vpn-instance CA
l3-vni 1000#
bgp 100
peer 10.255.1.2as-number 100
peer 10.255.1.2 connect-interfaceLoopBack0#
address-family l2vpn evpn
peer 10.255.1.2 enable
R2
#
sysname R2
#
ospf 1
area 0.0.0.0#interfaceLoopBack0
ip address 10.255.1.2255.255.255.255
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/0
ip address 192.168.12.2255.255.255.0
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/1
ip address 192.168.23.2255.255.255.0
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/2
ip address 192.168.24.2255.255.255.0
ospf 1 area 0.0.0.0#
bgp 100
peer 10.255.1.1as-number 100
peer 10.255.1.1 connect-interfaceLoopBack0
peer 10.255.1.3as-number 100
peer 10.255.1.3 connect-interfaceLoopBack0
peer 10.255.1.4as-number 100
peer 10.255.1.4 connect-interfaceLoopBack0#
address-family l2vpn evpn
undo policy vpn-target
peer 10.255.1.1 enable
peer 10.255.1.1 reflect-client
peer 10.255.1.3 enable
peer 10.255.1.3 reflect-client
peer 10.255.1.4 enable
peer 10.255.1.4 reflect-client
R3
#
sysname R3
#
ip vpn-instance CA
route-distinguisher 1:100#
address-family ipv4
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family evpn
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
ospf 1
area 0.0.0.0#
l2vpn enable
#
vsi vpna
gateway vsi-interface10
vxlan 5010
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface20
vxlan 5020
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnc
gateway vsi-interface30
vxlan 5030
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#interfaceLoopBack0
ip address 10.255.1.3255.255.255.0
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/0
ip address 192.168.23.3255.255.255.0
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/1.10
vlan-type dot1q vid 10
xconnect vsi vpna
#interfaceGigabitEthernet0/1.20
vlan-type dot1q vid 20
xconnect vsi vpnb
#interfaceGigabitEthernet0/1.30
vlan-type dot1q vid 30
xconnect vsi vpnc
#interfaceVsi-interface10
ip binding vpn-instance CA
ip address 192.168.10.254255.255.255.0
mac-address 0010-0010-0010
distributed-gateway local
#interfaceVsi-interface20
ip binding vpn-instance CA
ip address 192.168.20.254255.255.255.0
mac-address 0020-0020-0020
distributed-gateway local
#interfaceVsi-interface30
ip binding vpn-instance CA
ip address 192.168.30.254255.255.255.0
mac-address 0030-0030-0030
distributed-gateway local
#interfaceVsi-interface100
ip binding vpn-instance CA
l3-vni 1000#
bgp 100
peer 10.255.1.2as-number 100
peer 10.255.1.2 connect-interfaceLoopBack0#
address-family l2vpn evpn
peer 10.255.1.2 enable
R4
#
sysname R4
#
ip vpn-instance CA
route-distinguisher 1:100#
address-family ipv4
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family evpn
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
ospf 1
area 0.0.0.0#
l2vpn enable
#
vsi vpna
gateway vsi-interface10
vxlan 5010
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface20
vxlan 5020
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnc
gateway vsi-interface30
vxlan 5030
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#interfaceLoopBack0
ip address 10.255.1.4255.255.255.255
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/0
ip address 192.168.24.4255.255.255.0
ospf 1 area 0.0.0.0#interfaceGigabitEthernet0/1
ip binding vpn-instance CA
ip address 202.101.1.2255.255.255.0
nat outbound 2000 vpn-instance CA
#interfaceVsi-interface10
ip binding vpn-instance CA
ip address 192.168.10.254255.255.255.0
mac-address 0010-0010-0010
distributed-gateway local
#interfaceVsi-interface20
ip binding vpn-instance CA
ip address 192.168.20.254255.255.255.0
mac-address 0020-0020-0020
distributed-gateway local
#interfaceVsi-interface30
ip binding vpn-instance CA
ip address 192.168.30.254255.255.255.0
mac-address 0030-0030-0030
distributed-gateway local
#interfaceVsi-interface100
ip binding vpn-instance CA
l3-vni 1000#
bgp 100
peer 10.255.1.2as-number 100
peer 10.255.1.2 connect-interfaceLoopBack0#
address-family l2vpn evpn
peer 10.255.1.2 enable
#
ip vpn-instance CA
#
address-family ipv4 unicast
default-route imported
import-route static#
ip route-static vpn-instance CA 0.0.0.00202.101.1.1#
acl basic 2000
rule 0 permit vpn-instance CA source 192.168.10.00.0.0.255
rule 5 permit vpn-instance CA source 192.168.20.00.0.0.255
rule 10 permit vpn-instance CA source 192.168.30.00.0.0.255#
SW1
vlan 10#
vlan 20#
vlan 30#interfaceGigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1102030#interfaceGigabitEthernet1/0/2
port access vlan 10#interfaceGigabitEthernet1/0/3
port access vlan 20#interfaceGigabitEthernet1/0/4
port access vlan 30
SW2
vlan 10#
vlan 20#
vlan 30#interfaceGigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1102030#interfaceGigabitEthernet1/0/2
port access vlan 10#interfaceGigabitEthernet1/0/3
port access vlan 20#interfaceGigabitEthernet1/0/4
port access vlan 30#interfaceGigabitEthernet1/0/5
port access vlan 30
版权归原作者 张白夕 所有, 如有侵权,请联系我们删除。