评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置AS域内的三段式VXLAN实现三层互通的示例
组网需求
如图1-74所示,园区A和园区B规划在相同的BGP AS域(例如BGP AS 100),在园区内部配置BGP EVPN创建分布式网关VXLAN网络,实现同一园区ServerA-1和ServerA-2之间的互通、ServerB-1和ServerB-2之间的互通,通过在VTEP1和VTEP6之间配置BGP EVPN创建VXLAN隧道,实现园区A和园区B之间的互通(例如ServerA-1和ServerB-2之间互通)。
本举例中VXLAN隧道侧接口以X系列单板为例。
数据准备
表1-27 配置BGP EVPN相关数据
设备 |
EVPN实例 |
RD值 |
BD |
VNI |
Router id |
Peer IP |
|---|---|---|---|---|---|---|
VTEP1 |
- |
- |
- |
- |
10.1.1.1 |
10.2.2.2 10.3.3.3 10.6.6.6 |
VTEP2 |
evpn10:
|
2:10 |
10 |
10 |
10.2.2.2 |
10.1.1.1 |
VTEP3 |
evpn20:
|
3:20 |
20 |
20 |
10.3.3.3 |
10.1.1.1 |
VTEP6 |
- |
- |
- |
- |
10.6.6.6 |
10.1.1.1 10.7.7.7 10.8.8.8 |
VTEP7 |
evpn30:
|
7:30 |
30 |
30 |
10.7.7.7 |
10.6.6.6 |
VTEP8 |
evpn40:
|
8:40 |
40 |
40 |
10.8.8.8 |
10.6.6.6 |
表1-28 配置VPN实例相关数据
设备 |
接口 |
VPN实例 |
VNI |
RD值 |
|---|---|---|---|---|
VTEP1 |
- |
vpn1:
|
100 |
1:100 |
VTEP2 |
VBDIF10:
|
vpn1:
|
100 |
2:100 |
VTEP3 |
VBDIF20:
|
vpn1:
|
100 |
3:100 |
VTEP6 |
- |
vpn1:
|
100 |
6:100 |
VTEP7 |
VBDIF30:
|
vpn1:
|
100 |
7:100 |
VTEP8 |
VBDIF40:
|
vpn1:
|
100 |
8:100 |
在配置VPN实例的RT(EVPN)属性时,应注意除用于园区间互通的设备(如本示例中VTEP1和VTEP6)外,园区内的设备间EVPN路由交叉,园区间的设备间EVPN路由不交叉。园区间互通设备的EVPN路由同所在园区内设备EVPN路由交叉,同其他园区的互通设备的EVPN路由交叉。
以该示例场景中园区A为例,VTEP2与VTEP3的EVPN路由交叉,且分别与VTEP1的EVPN路由交叉,VTEP2、VTEP3跟园区B内的设备EVPN路由不交叉,VTEP1同园区B的VTEP6的EVPN路由值交叉。
配置思路
采用如下思路配置不同网段用户通过VXLAN网关互通:
在园区A内部和园区B内部配置VXLAN隧道,实现园区内部互通
- 分别在VTEP1、VTEP2、VTEP3、VTEP6、VTEP7、VTEP8上配置路由协议,保证网络三层互通。
- 分别在Switch4、Switch5、Switch9、Switch10上配置VLAN,管理用户接入的VLAN部署。在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN接入业务部署方式,实现用户接入VXLAN网络。
- 分别在VTEP2、VTEP3、VTEP7、VTEP8上配置EVPN实例并绑定BD域。
- 分别在VTEP1、VTEP6上配置VPN实例,在VTEP2、VTEP3、VTEP7、VTEP8上配置VPN实例并绑定VBDIF接口。
- 分别在VTEP1与VTEP2、VTEP3之间,VTEP6与VTEP7、VTEP8之间的BGP EVPN对等体关系,实现VTEP1与VTEP2、VTEP3之间,VTEP6与VTEP7、VTEP8之间EVPN路由的接收和发布。
- 配置VTEP1为反射器,指定VTEP2、VTEP3为客户端。配置VTEP6为反射器,指定VTEP7和VTEP8为客户端。实现VTEP2和VTEP3,以及VTEP7和VTEP8之间BGP EVPN对等体的建立和EVPN路由接收和发布。
- 分别在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN隧道目的端地址。
- 分别在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN分布式网关。
- 分别在VTEP1、VTEP6上配置缺省路由,并引入BGP。实现园区A内的用户同园区A外通信时统一由VTEP1负责,园区B内的用户同园区B外通信时统一由VTEP6负责。
园区网络的三层互通是构建虚拟网络的基础条件,现网中,如果园区网络已经实现三层网络的互通,那么该举例中的步骤1可以省略。
在园区A、园区B之间配置VXLAN隧道,实现两个园区之间的互通
- 在VTEP1和VTEP6之间配置BGP EVPN对等体关系,实现VTEP1和VTEP6之间的EVPN路由的接收和发布。
- 在VTEP1和VTEP6上配置EVPN路由的重生成功能,实现VTEP1和VTEP6将接收到的IP前缀路由重新生成,园区间通过VTEP1和VTEP6之间的VXLAN互通。
操作步骤
- 配置路由协议。
# 配置VTEP2各接口IP地址。VTEP1、VTEP3、VTEP6、VTEP7、VTEP8的配置与VTEP2类似,这里不再赘述。配置OSPF时,注意需要发布设备上的Loopback接口地址。
<HUAWEI> system-view [HUAWEI] sysname VTEP2 [VTEP2] interface loopback 1 [VTEP2-LoopBack1] ip address 10.2.2.2 32 [VTEP2-LoopBack1] quit [VTEP2] interface gigabitethernet 1/0/1 [VTEP2-GigabitEthernet1/0/1] undo portswitch [VTEP2-GigabitEthernet1/0/1] ip address 192.168.1.1 24 [VTEP2-GigabitEthernet1/0/1] quit [VTEP2] ospf router-id 10.2.2.2 [VTEP2-ospf-1] area 0 [VTEP2-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.0 [VTEP2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [VTEP2-ospf-1-area-0.0.0.0] quit [VTEP2-ospf-1] quit
# OSPF成功配置后,VTEP1、VTEP2、VTEP3、VTEP6、VTEP7、VTEP8之间可通过OSPF协议发现对方的Loopback接口的IP地址,并能互相ping通。以VTEP2 ping VTEP3的显示为例。
[VTEP2] ping 10.3.3.3 PING 10.3.3.3: 56 data bytes, press CTRL_C to break Reply from 10.3.3.3: bytes=56 Sequence=1 ttl=255 time=240 ms Reply from 10.3.3.3: bytes=56 Sequence=2 ttl=255 time=5 ms Reply from 10.3.3.3: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.3.3.3: bytes=56 Sequence=4 ttl=255 time=14 ms Reply from 10.3.3.3: bytes=56 Sequence=5 ttl=255 time=5 ms --- 10.3.3.3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 5/53/240 ms - 在园区A的Switch4、Switch5上进行VLAN接入的配置;在VTEP2、VTEP3上配置VXLAN业务接入点。在园区B的Switch9、Switch10上进行VLAN接入的配置;在VTEP7、VTEP8上配置VXLAN业务接入点。
# 配置Switch4,Switch9的配置和Switch4类似。
<HUAWEI> system-view [HUAWEI] sysname Switch4 [Switch4] vlan batch 10 [Switch4] interface gigabitethernet 1/0/2 [Switch4-GigabitEthernet1/0/2] port link-type access [Switch4-GigabitEthernet1/0/2] port default vlan 10 [Switch4-GigabitEthernet1/0/2] quit [Switch4] interface gigabitethernet 1/0/1 [Switch4-GigabitEthernet1/0/1] port link-type trunk [Switch4-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch4-GigabitEthernet1/0/1] quit
# 配置Switch5,Switch10的配置与Switch5类似。
<HUAWEI> system-view [HUAWEI] sysname Switch5 [Switch5] vlan batch 20 [Switch5] interface gigabitethernet 1/0/2 [Switch5-GigabitEthernet1/0/2] port link-type access [Switch5-GigabitEthernet1/0/2] port default vlan 20 [Switch5-GigabitEthernet1/0/2] quit [Switch5] interface gigabitethernet 1/0/1 [Switch5-GigabitEthernet1/0/1] port link-type trunk [Switch5-GigabitEthernet1/0/1] port trunk allow-pass vlan 20 [Switch5-GigabitEthernet1/0/1] quit
# 配置VTEP2,VTEP7的配置与VTEP2类似。
[VTEP2] bridge-domain 10 [VTEP2-bd10] quit [VTEP2] vcmp role silent [VTEP2] interface gigabitethernet 1/0/2 [VTEP2-GigabitEthernet1/0/2] port link-type trunk [VTEP2-GigabitEthernet1/0/2] quit [VTEP2] interface gigabitethernet 1/0/2.1 mode l2 [VTEP2-GigabitEthernet1/0/2.1] encapsulation dot1q vid 10 [VTEP2-GigabitEthernet1/0/2.1] bridge-domain 10 [VTEP2-GigabitEthernet1/0/2.1] quit
# 配置VTEP3,VTEP8的配置与VTEP3类似。
[VTEP3] bridge-domain 20 [VTEP3-bd20] quit [VTEP3] vcmp role silent [VTEP3] interface gigabitethernet 1/0/2 [VTEP3-GigabitEthernet1/0/2] port link-type trunk [VTEP3-GigabitEthernet1/0/2] quit [VTEP3] interface gigabitethernet 1/0/2.1 mode l2 [VTEP3-GigabitEthernet1/0/2.1] encapsulation dot1q vid 20 [VTEP3-GigabitEthernet1/0/2.1] bridge-domain 20 [VTEP3-GigabitEthernet1/0/2.1] quit
- 在园区A的VTEP2、VTEP3上配置EVPN实例并绑定BD域。在园区B的VTEP7、VTEP8上配置EVPN实例并绑定BD域。
# 配置VTEP2,VTEP7的配置与VTEP2类似。
[VTEP2] evpn vpn-instance evpn10 bd-mode [VTEP2-evpn-instance-evpn10] route-distinguisher 2:10 [VTEP2-evpn-instance-evpn10] vpn-target 10:1 both [VTEP2-evpn-instance-evpn10] vpn-target 1:100 export-extcommunity [VTEP2-evpn-instance-evpn10] quit [VTEP2] bridge-domain 10 [VTEP2-bd10] vxlan vni 10 [VTEP2-bd10] evpn binding vpn-instance evpn10 [VTEP2-bd10] quit
# 配置VTEP3,VTEP8的配置与VTEP3类似。
[VTEP3] evpn vpn-instance evpn20 bd-mode [VTEP3-evpn-instance-evpn20] route-distinguisher 3:20 [VTEP3-evpn-instance-evpn20] vpn-target 20:1 both [VTEP3-evpn-instance-evpn20] vpn-target 1:100 export-extcommunity [VTEP3-evpn-instance-evpn20] quit [VTEP3] bridge-domain 20 [VTEP3-bd20] vxlan vni 20 [VTEP3-bd20] evpn binding vpn-instance evpn20 [VTEP3-bd20] quit
- 在园区A的VTEP1和园区B的VTEP6上配置VPN实例,在园区A的VTEP2、VTEP3和园区B的VTEP7、VTEP8上配置VPN实例并绑定VBDIF接口。
# 配置VTEP1,VTEP6的配置和VTEP1类似。
[VTEP1] ip vpn-instance vpn1 [VTEP1-vpn-instance-vpn1] ipv4-family [VTEP1-vpn-instance-vpn1-af-ipv4] route-distinguisher 1:100 [VTEP1-vpn-instance-vpn1-af-ipv4] vpn-target 1:100 both evpn [VTEP1-vpn-instance-vpn1-af-ipv4] vpn-target 10:100 both evpn [VTEP1-vpn-instance-vpn1-af-ipv4] quit [VTEP1-vpn-instance-vpn1] vxlan vni 100 [VTEP1-vpn-instance-vpn1] quit
# 配置VTEP2,VTEP7的配置和VTEP2类似。
[VTEP2] ip vpn-instance vpn1 [VTEP2-vpn-instance-vpn1] ipv4-family [VTEP2-vpn-instance-vpn1-af-ipv4] route-distinguisher 2:100 [VTEP2-vpn-instance-vpn1-af-ipv4] vpn-target 1:100 both evpn [VTEP2-vpn-instance-vpn1-af-ipv4] quit [VTEP2-vpn-instance-vpn1] vxlan vni 100 [VTEP2-vpn-instance-vpn1] quit [VTEP2] interface vbdif 10 [VTEP2-Vbdif10] ip binding vpn-instance vpn1 [VTEP2-Vbdif10] quit
# 配置VTEP3,VTEP8的配置与VTEP3类似。
[VTEP3] ip vpn-instance vpn1 [VTEP3-vpn-instance-vpn1] ipv4-family [VTEP3-vpn-instance-vpn1-af-ipv4] route-distinguisher 3:100 [VTEP3-vpn-instance-vpn1-af-ipv4] vpn-target 1:100 both evpn [VTEP3-vpn-instance-vpn1-af-ipv4] quit [VTEP3-vpn-instance-vpn1] vxlan vni 100 [VTEP3-vpn-instance-vpn1] quit [VTEP3] interface vbdif 20 [VTEP3-Vbdif20] ip binding vpn-instance vpn1 [VTEP3-Vbdif20] quit
- 在园区A中配置VTEP1和VTEP2、VTEP3之间的BGP EVPN对等体关系。在园区B中配置VTEP6和VTEP7、VTEP8之间的BGP EVPN对等体关系。
# 配置VTEP1,VTEP6的配置与VTEP1类似。
[VTEP1] bgp 100 [VTEP1-bgp] router-id 10.1.1.1 [VTEP1-bgp] peer 10.2.2.2 as-number 100 [VTEP1-bgp] peer 10.2.2.2 connect-interface LoopBack1 [VTEP1-bgp] peer 10.3.3.3 as-number 100 [VTEP1-bgp] peer 10.3.3.3 connect-interface LoopBack1 [VTEP1-bgp] l2vpn-family evpn [VTEP1-bgp-af-evpn] peer 10.2.2.2 enable [VTEP1-bgp-af-evpn] peer 10.2.2.2 advertise irb [VTEP1-bgp-af-evpn] peer 10.3.3.3 enable [VTEP1-bgp-af-evpn] peer 10.3.3.3 advertise irb [VTEP1-bgp-af-evpn] quit [VTEP1-bgp] ipv4-family vpn-instance vpn1 [VTEP1-bgp-vpn1] import-route direct [VTEP1-bgp-vpn1] advertise l2vpn evpn [VTEP1-bgp-vpn1] quit [VTEP1-bgp] quit
# 配置VTEP2,VTEP7的配置与VTEP2类似。
[VTEP2] bgp 100 [VTEP2-bgp] router-id 10.2.2.2 [VTEP2-bgp] peer 10.1.1.1 as-number 100 [VTEP2-bgp] peer 10.1.1.1 connect-interface LoopBack1 [VTEP2-bgp] l2vpn-family evpn [VTEP2-bgp-af-evpn] peer 10.1.1.1 enable [VTEP2-bgp-af-evpn] peer 10.1.1.1 advertise irb [VTEP2-bgp-af-evpn] quit [VTEP2-bgp] ipv4-family vpn-instance vpn1 [VTEP2-bgp-vpn1] import-route direct [VTEP2-bgp-vpn1] advertise l2vpn evpn [VTEP2-bgp-vpn1] quit [VTEP2-bgp] quit
# 配置VTEP3,VTEP8的配置与VTEP3类似。
[VTEP3] bgp 100 [VTEP3-bgp] router-id 10.3.3.3 [VTEP3-bgp] peer 10.1.1.1 as-number 100 [VTEP3-bgp] peer 10.1.1.1 connect-interface LoopBack1 [VTEP3-bgp] l2vpn-family evpn [VTEP3-bgp-af-evpn] peer 10.1.1.1 enable [VTEP3-bgp-af-evpn] peer 10.1.1.1 advertise irb [VTEP3-bgp-af-evpn] quit [VTEP3-bgp] ipv4-family vpn-instance vpn1 [VTEP3-bgp-vpn1] import-route direct [VTEP3-bgp-vpn1] advertise l2vpn evpn [VTEP3-bgp-vpn1] quit [VTEP3-bgp] quit
- 配置VTEP1为反射器,指定VTEP2、VTEP3为客户端。配置VTEP6为反射器,指定VTEP7和VTEP8为客户端。
# 配置VTEP1,VTEP6的配置与VTEP1类似。
[VTEP1] bgp 100 [VTEP1-bgp] l2vpn-family evpn [VTEP1-bgp-af-evpn] peer 10.2.2.2 reflect-client [VTEP1-bgp-af-evpn] peer 10.3.3.3 reflect-client [VTEP1-bgp-af-evpn] undo policy vpn-target [VTEP1-bgp-af-evpn] quit [VTEP1-bgp] quit
- 在园区A的VTEP1、VTEP2、VTEP3上配置VXLAN隧道目的端地址。在园区B的VTEP6、VTEP7、VTEP8上配置VXLAN隧道目的端地址。
# 配置VTEP1,VTEP6的配置与VTEP1类似。
[VTEP1] interface nve 1 [VTEP1-Nve1] source 10.1.1.1 [VTEP1-Nve1] quit
# 配置VTEP2,VTEP7的配置与VTEP2类似。
[VTEP2] interface nve 1 [VTEP2-Nve1] source 10.2.2.2 [VTEP2-Nve1] vni 10 head-end peer-list protocol bgp [VTEP2-Nve1] quit
# 配置VTEP3,VTEP8的配置与VTEP3类似。
[VTEP3] interface nve 1 [VTEP3-Nve1] source 10.3.3.3 [VTEP3-Nve1] vni 20 head-end peer-list protocol bgp [VTEP3-Nve1] quit
- 在园区A的VTEP2、VTEP3上配置VXLAN分布式网关。在园区B的VTEP7、VTEP8上配置VXLAN分布式网关。
# 配置VTEP2,VTEP7的配置与VTEP2类似。
[VTEP2] interface vbdif 10 [VTEP2-Vbdif10] ip address 192.168.10.1 24 [VTEP2-Vbdif10] arp distribute-gateway enable [VTEP2-Vbdif10] arp collect host enable [VTEP2-Vbdif10] mac-address 0000-5e00-0101 [VTEP2-Vbdif10] quit
# 配置VTEP3,VTEP8的配置与VTEP3类似。
[VTEP3] interface vbdif 20 [VTEP3-Vbdif20] ip address 192.168.20.1 24 [VTEP3-Vbdif20] arp distribute-gateway enable [VTEP3-Vbdif20] arp collect host enable [VTEP3-Vbdif20] mac-address 0000-5e00-0102 [VTEP3-Vbdif20] quit
- 在园区A的VTEP1配置缺省路由,并引入BGP。在园区B的VTEP6配置缺省路由,并引入BGP。
# 配置VTEP1。
[VTEP1] ip route-static vpn-instance vpn1 0.0.0.0 0 NULL0 [VTEP1] bgp 100 [VTEP1-bgp] ipv4-family vpn-instance vpn1 [VTEP1-bgp-vpn1] import-route static [VTEP1-bgp-vpn1] default-route imported [VTEP1] quit
# 配置VTEP6。
[VTEP6] ip route-static vpn-instance vpn1 0.0.0.0 0 NULL0 [VTEP6] bgp 100 [VTEP6-bgp] ipv4-family vpn-instance vpn1 [VTEP6-bgp-vpn1] import-route static [VTEP6-bgp-vpn1] default-route imported [VTEP6] quit
- 验证园区内通过VXLAN互通的配置结果。
# 上述配置成功后,在VTEP2、VTEP3、VTEP7、VTEP8上执行命令display vxlan tunnel可查看到VXLAN隧道的信息。以VTEP2显示为例。
[VTEP2] display vxlan tunnel Tunnel ID Source Destination State Type ---------------------------------------------------------------------------- 24 10.2.2.2 10.1.1.1 up l3 dynamic 20 10.2.2.2 10.3.3.3 up l3 dynamic ---------------------------------------------------------------------------- Number of vxlan tunnel : Total : 2 Static: 0 L2 dynamic: 0 L3 dynamic: 2
# 配置完成后,不同网段用户之间可以三层互通。以ServerA-1 ping ServerA-2上的VM1的显示为例。
C:\Users\VM1> ping 192.168.20.10 Pinging 192.168.20.10 with 32 bytes of data: Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Ping statistics for 192.168.20.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms - 在园区A的VTEP1和园区B的VTEP6间配置EVPN对等体关系。
# 配置VTEP1。
[VTEP1] bgp 100 [VTEP1-bgp] peer 10.6.6.6 as-number 100 [VTEP1-bgp] peer 10.6.6.6 connect-interface LoopBack1 [VTEP1-bgp] l2vpn-family evpn [VTEP1-bgp-af-evpn] peer 10.6.6.6 enable [VTEP1-bgp-af-evpn] quit [VTEP1-bgp] quit
# 配置VTEP6。
[VTEP6] bgp 100 [VTEP6-bgp] peer 10.1.1.1 as-number 100 [VTEP6-bgp] peer 10.1.1.1 connect-interface LoopBack1 [VTEP6-bgp] l2vpn-family evpn [VTEP6-bgp-af-evpn] peer 10.1.1.1 enable [VTEP6-bgp-af-evpn] quit [VTEP6-bgp] quit
- 在园区A的VTEP1和园区B的VTEP6上配置EVPN路由中的IP前缀路由的重生成功能。
# 配置VTEP1。
[VTEP1] bgp 100 [VTEP1-bgp] l2vpn-family evpn [VTEP1-bgp-af-evpn] peer 10.2.2.2 import reoriginate [VTEP1-bgp-af-evpn] peer 10.3.3.3 import reoriginate [VTEP1-bgp-af-evpn] peer 10.6.6.6 advertise route-reoriginated evpn ip [VTEP1-bgp-af-evpn] quit [VTEP1-bgp] quit
# 配置VTEP6。
[VTEP6] bgp 100 [VTEP6-bgp] l2vpn-family evpn [VTEP6-bgp-af-evpn] peer 10.7.7.7 import reoriginate [VTEP6-bgp-af-evpn] peer 10.8.8.8 import reoriginate [VTEP6-bgp-af-evpn] peer 10.1.1.1 advertise route-reoriginated evpn ip [VTEP6-bgp-af-evpn] quit [VTEP6-bgp] quit
- 验证园区之间IP前缀路由的重生成的结果。
# 配置完成后,园区之间IP前缀路由会通过两个园区之间的VXLAN隧道进行重生成。以VTEP1上的显示为例。
[VTEP1] display ip routing-table vpn-instance vpn1 Route Flags: R - relay, D - download to fib, T - to vpn-instance ------------------------------------------------------------------------------ Routing Tables: vpn1 Destinations : 7 Routes : 7 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 Static 60 0 D 0.0.0.0 NULL0 192.168.10.0/24 IBGP 255 0 RD 10.2.2.2 VXLAN 192.168.10.10/32 IBGP 255 0 RD 10.2.2.2 VXLAN 192.168.20.0/24 IBGP 255 0 RD 10.3.3.3 VXLAN 192.168.20.10/32 IBGP 255 0 RD 10.3.3.3 VXLAN 192.168.30.0/24 IBGP 255 0 RD 10.6.6.6 VXLAN 192.168.40.0/24 IBGP 255 0 RD 10.6.6.6 VXLAN - 验证园区之间通过VXLAN互通的配置结果。
# 配置完成后,园区之间不同网段用户之间可以三层互通。以ServerA-1 ping ServerB-2上的VM1的显示为例。
C:\Users\VM1> ping 192.168.40.10 Pinging 192.168.40.10 with 32 bytes of data: Reply from 192.168.40.10: bytes=32 time=1ms TTL=126 Reply from 192.168.40.10: bytes=32 time=1ms TTL=126 Reply from 192.168.40.10: bytes=32 time=1ms TTL=126 Reply from 192.168.40.10: bytes=32 time=1ms TTL=126 Ping statistics for 192.168.40.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
配置文件
VTEP1的配置文件
# sysname VTEP1 # ip vpn-instance vpn1 ipv4-family route-distinguisher 1:100 vpn-target 1:100 10:100 export-extcommunity evpn vpn-target 1:100 10:100 import-extcommunity evpn vxlan vni 100 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.1.2 255.255.255.0 # interface GigabitEthernet1/0/2 undo portswitch ip address 192.168.2.1 255.255.255.0 # interface GigabitEthernet1/0/3 undo portswitch ip address 192.168.6.1 255.255.255.0 # interface LoopBack1 ip address 10.1.1.1 255.255.255.255 # interface Nve1 source 10.1.1.1 # bgp 100 router-id 10.1.1.1 peer 10.2.2.2 as-number 100 peer 10.2.2.2 connect-interface LoopBack1 peer 10.3.3.3 as-number 100 peer 10.3.3.3 connect-interface LoopBack1 peer 10.6.6.6 as-number 100 peer 10.6.6.6 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 10.2.2.2 enable peer 10.3.3.3 enable peer 10.6.6.6 enable # l2vpn-family evpn undo policy vpn-target peer 10.2.2.2 enable peer 10.2.2.2 advertise irb peer 10.2.2.2 reflect-client peer 10.2.2.2 import reoriginate peer 10.3.3.3 enable peer 10.3.3.3 advertise irb peer 10.3.3.3 reflect-client peer 10.3.3.3 import reoriginate peer 10.6.6.6 enable peer 10.6.6.6 advertise route-reoriginated evpn ip # ipv4-family vpn-instance vpn1 default-route imported import-route direct import-route static advertise l2vpn evpn # ospf 1 router-id 10.1.1.1 area 0.0.0.0 network 10.1.1.1 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 192.168.6.0 0.0.0.255 # ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 NULL0 # return
VTEP2的配置文件
# sysname VTEP2 # vcmp role silent # ip vpn-instance vpn1 ipv4-family route-distinguisher 2:100 vpn-target 1:100 export-extcommunity evpn vpn-target 1:100 import-extcommunity evpn vxlan vni 100 # evpn vpn-instance evpn10 bd-mode route-distinguisher 2:10 vpn-target 1:100 10:1 export-extcommunity vpn-target 10:1 import-extcommunity # bridge-domain 10 vxlan vni 10 evpn binding vpn-instance evpn10 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface LoopBack1 ip address 10.2.2.2 255.255.255.255 # interface Vbdif10 mac-address 0000-5e00-0101 ip binding vpn-instance vpn1 arp collect host enable arp distribute-gateway enable ip address 192.168.10.1 255.255.255.0 # interface Nve1 source 10.2.2.2 vni 10 head-end peer-list protocol bgp # bgp 100 router-id 10.2.2.2 peer 10.1.1.1 as-number 100 peer 10.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 10.1.1.1 enable # l2vpn-family evpn policy vpn-target peer 10.1.1.1 enable peer 10.1.1.1 advertise irb # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ospf 1 router-id 10.2.2.2 area 0.0.0.0 network 10.2.2.2 0.0.0.0 network 192.168.1.0 0.0.0.255 # return
VTEP3的配置文件
# sysname VTEP3 # vcmp role silent # ip vpn-instance vpn1 ipv4-family route-distinguisher 3:100 vpn-target 1:100 export-extcommunity evpn vpn-target 1:100 import-extcommunity evpn vxlan vni 100 # evpn vpn-instance evpn20 bd-mode route-distinguisher 3:20 vpn-target 1:100 20:1 export-extcommunity vpn-target 20:1 import-extcommunity # bridge-domain 20 vxlan vni 20 evpn binding vpn-instance evpn20 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.2.2 255.255.255.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface LoopBack1 ip address 10.3.3.3 255.255.255.255 # interface Vbdif20 mac-address 0000-5e00-0102 ip binding vpn-instance vpn1 arp collect host enable arp distribute-gateway enable ip address 192.168.20.1 255.255.255.0 # interface Nve1 source 10.3.3.3 vni 20 head-end peer-list protocol bgp # bgp 100 router-id 10.3.3.3 peer 10.1.1.1 as-number 100 peer 10.1.1.1 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 10.1.1.1 enable # l2vpn-family evpn policy vpn-target peer 10.1.1.1 enable peer 10.1.1.1 advertise irb # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ospf 1 router-id 10.3.3.3 area 0.0.0.0 network 10.3.3.3 0.0.0.0 network 192.168.2.0 0.0.0.255 # return
Switch4的配置文件
# sysname Switch4 # vlan batch 10 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 port link-type access port default vlan 10 # return
Switch5的配置文件
# sysname Switch5 # vlan batch 20 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet1/0/2 port link-type access port default vlan 20 # return
VTEP6的配置文件
# sysname VTEP6 # ip vpn-instance vpn1 ipv4-family route-distinguisher 6:100 vpn-target 6:100 10:100 export-extcommunity evpn vpn-target 6:100 10:100 import-extcommunity evpn vxlan vni 100 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.3.2 255.255.255.0 # interface GigabitEthernet1/0/2 undo portswitch ip address 192.168.4.1 255.255.255.0 # interface GigabitEthernet1/0/3 undo portswitch ip address 192.168.8.1 255.255.255.0 # interface LoopBack1 ip address 10.6.6.6 255.255.255.255 # interface Nve1 source 10.6.6.6 # bgp 100 router-id 10.6.6.6 peer 10.1.1.1 as-number 100 peer 10.1.1.1 connect-interface LoopBack1 peer 10.7.7.7 as-number 100 peer 10.7.7.7 connect-interface LoopBack1 peer 10.8.8.8 as-number 100 peer 10.8.8.8 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 10.1.1.1 enable peer 10.7.7.7 enable peer 10.8.8.8 enable # l2vpn-family evpn undo policy vpn-target peer 10.1.1.1 enable peer 10.1.1.1 advertise route-reoriginated evpn ip peer 10.7.7.7 enable peer 10.7.7.7 advertise irb peer 10.7.7.7 reflect-client peer 10.7.7.7 import reoriginate peer 10.8.8.8 enable peer 10.8.8.8 advertise irb peer 10.8.8.8 reflect-client peer 10.8.8.8 import reoriginate # ipv4-family vpn-instance vpn1 default-route imported import-route direct import-route static advertise l2vpn evpn # ospf 1 router-id 10.6.6.6 area 0.0.0.0 network 10.6.6.6 0.0.0.0 network 192.168.3.0 0.0.0.255 network 192.168.4.0 0.0.0.255 network 192.168.8.0 0.0.0.255 # ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 NULL0 # return
VTEP7的配置文件
# sysname VTEP7 # vcmp role silent # ip vpn-instance vpn1 ipv4-family route-distinguisher 7:100 vpn-target 6:100 export-extcommunity evpn vpn-target 6:100 import-extcommunity evpn vxlan vni 100 # evpn vpn-instance evpn30 bd-mode route-distinguisher 7:30 vpn-target 6:100 30:1 export-extcommunity vpn-target 30:1 import-extcommunity # bridge-domain 30 vxlan vni 30 evpn binding vpn-instance evpn30 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.3.1 255.255.255.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 30 bridge-domain 30 # interface LoopBack1 ip address 10.7.7.7 255.255.255.255 # interface Vbdif30 mac-address 0000-5e00-0103 ip binding vpn-instance vpn1 arp collect host enable arp distribute-gateway enable ip address 192.168.30.1 255.255.255.0 # interface Nve1 source 10.7.7.7 vni 30 head-end peer-list protocol bgp # bgp 100 router-id 10.7.7.7 peer 10.6.6.6 as-number 100 peer 10.6.6.6 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 10.6.6.6 enable # l2vpn-family evpn policy vpn-target peer 10.6.6.6 enable peer 10.6.6.6 advertise irb # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ospf 1 router-id 10.7.7.7 area 0.0.0.0 network 10.7.7.7 0.0.0.0 network 192.168.3.0 0.0.0.255 # return
VTEP8的配置文件
# sysname VTEP8 # vcmp role silent # ip vpn-instance vpn1 ipv4-family route-distinguisher 8:100 vpn-target 6:100 export-extcommunity evpn vpn-target 6:100 import-extcommunity evpn vxlan vni 100 # evpn vpn-instance evpn40 bd-mode route-distinguisher 8:40 vpn-target 6:100 40:1 export-extcommunity vpn-target 40:1 import-extcommunity # bridge-domain 40 vxlan vni 40 evpn binding vpn-instance evpn40 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.4.2 255.255.255.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 40 bridge-domain 40 # interface LoopBack1 ip address 10.8.8.8 255.255.255.255 # interface Vbdif40 mac-address 0000-5e00-0104 ip binding vpn-instance vpn1 arp collect host enable arp distribute-gateway enable ip address 192.168.40.1 255.255.255.0 # interface Nve1 source 10.8.8.8 vni 40 head-end peer-list protocol bgp # bgp 100 router-id 10.8.8.8 peer 10.6.6.6 as-number 100 peer 10.6.6.6 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 10.6.6.6 enable # l2vpn-family evpn policy vpn-target peer 10.6.6.6 enable peer 10.6.6.6 advertise irb # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ospf 1 router-id 10.8.8.8 area 0.0.0.0 network 10.8.8.8 0.0.0.0 network 192.168.4.0 0.0.0.255 # return
Switch9的配置文件
# sysname Switch9 # vlan batch 30 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 30 # interface GigabitEthernet1/0/2 port link-type access port default vlan 30 # return
Switch10的配置文件
# sysname Switch10 # vlan batch 40 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 40 # interface GigabitEthernet1/0/2 port link-type access port default vlan 40 # return
