评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置EVPN E-Tree示例
本例介绍EVPN E-Tree的配置过程,通过配置EVPN E-Tree可以使同一广播域的不同接口之间的流量相互隔离。
组网需求
如图12-45所示,用户希望在该组网中部署EVPN功能承载业务,即在PE1、PE2和PE3上配置EVPN实例(本例使用BD模式的EVPN实例),并且在这些设备间建立BGP EVPN邻居关系。为了提高网络的安全性,用户希望PE2和PE3仅能与PE1相互发送流量,而PE2和PE3之间无法相互发送流量。为了实现该功能,用户可以在网络中部署EVPN E-tree功能。
配置注意事项
在配置过程中,需注意以下事项:
同一EVPN实例的Export VPN-Target列表与其它站点的Import VPN-Target列表有共同的VPN-Target,Import VPN-Target列表与其它站点的Export VPN-Target列表有共同的VPN-Target。
PE上配置的源地址建议为本地Loopback地址。
配置思路
采用如下的思路配置EVPN E-Tree示例:
在PE上配置各接口的IP地址及Loopback接口的地址。
在PE上配置路由协议,保证网络三层互通,本示例采用了OSPF路由协议。
在PE上配置MPLS LDP功能。
在PE上配置BD模式EVPN实例和BD,并将BD绑定到相应的EVPN实例。
在PE上配置接入CE的接口。
在PE上配置源地址。
在各个PE之间配置BGP EVPN对等体关系。
将PE2和PE3的接入侧接口设置为Leaf属性。
操作步骤
- 在PE上配置各接口的IP地址及Loopback接口的地址
具体配置过程请参考配置文件。
- 在PE上配置路由协议,保证网络三层互通,本示例采用了OSPF路由协议
具体配置过程请参考配置文件。
- 在PE上配置MPLS LDP功能
具体配置过程请参考配置文件。
- 在PE上配置BD模式EVPN实例和BD,并将BD与相应的EVPN实例绑定
# 配置PE1。
[~PE1] evpn vpn-instance evrf1 bd-mode[*PE1-evpn-instance-evrf1] route-distinguisher 10:1[*PE1-evpn-instance-evrf1] vpn-target 11:1[*PE1-evpn-instance-evrf1] quit[*PE1] bridge-domain 10[*PE1-bd10] evpn binding vpn-instance evrf1[*PE1-bd10] quit[*PE1] commitPE2和PE3上的配置与PE1类似,具体配置过程请参考配置文件。
- 在PE上配置接入CE的接口
# 配置PE1。
[~PE1] interface gigabitethernet 1/0/0.1 mode l2
[*PE1-GigabitEthernet1/0/0.1] encapsulation dot1q vid 10
[*PE1-GigabitEthernet1/0/0.1] rewrite pop single
[*PE1-GigabitEthernet1/0/0.1] bridge-domain 10
[*PE1-GigabitEthernet1/0/0.1] quit
[*PE1] commitPE2和PE3上的配置与PE1类似,具体配置过程请参考配置文件。
- 配置PE上的源地址
# 配置PE1。
[~PE1] evpn source-address 1.1.1.1[*PE1] commit# 配置PE2。
[~PE2] evpn source-address 2.2.2.2[*PE2] commit# 配置PE3。
[~PE3] evpn source-address 3.3.3.3[*PE3] commit - 配PE间的BGP EVPN对等体关系
# 配置PE1。
[~PE1] bgp 100[*PE1-bgp] peer 2.2.2.2 as-number 100[*PE1-bgp] peer 2.2.2.2 connect-interface loopback 1[*PE1-bgp] peer 3.3.3.3 as-number 100[*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1[*PE1-bgp] l2vpn-family evpn[*PE1-bgp-af-evpn] peer 2.2.2.2 enable[*PE1-bgp-af-evpn] peer 3.3.3.3 enable[*PE1-bgp-af-evpn] quit[*PE1-bgp] quit[*PE1] commitPE2和PE3上的配置与PE1类似,具体配置过程请参考配置文件。
- 将PE2和PE3的接入侧接口设置为Leaf属性
# 配置PE2。
[~PE2] evpn vpn-instance evrf1 bd-mode[*PE2-evpn-instance-evrf1] etree enable[*PE2-evpn-instance-evrf1] quit[*PE2] interface gigabitethernet1/0/0.1 mode l2
[*PE2-GigabitEthernet1/0/0.1] evpn e-tree-leaf
[*PE2-GigabitEthernet1/0/0.1] quit
[*PE2] commit# 配置PE3。
[~PE3] evpn vpn-instance evrf1 bd-mode[*PE3-evpn-instance-evrf1] etree enable[*PE3-evpn-instance-evrf1] quit[*PE3] interface gigabitethernet3/0/0.1 mode l2
[*PE3-GigabitEthernet3/0/0.1] evpn e-tree-leaf
[*PE3-GigabitEthernet3/0/0.1] quit
[*PE3] commit - 检查配置结果
配置完成后,在PE1上执行display bgp evpn all routing-table命令,可以在Ethernet Auto-Discovery路由和MAC路由的详细信息中的Leaf属性。
[~PE1] display bgp evpn all routing-tableLocal AS number : 100 BGP Local router ID is 10.2.1.2 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete EVPN address family: Number of A-D Routes: 2 Route Distinguisher: 2.2.2.2:0 Network(ESI/EthTagId) NextHop *>i 0000.0000.0000.0000.0000:4294967295 2.2.2.2 Route Distinguisher: 3.3.3.3:0 Network(ESI/EthTagId) NextHop *>i 0000.0000.0000.0000.0000:4294967295 3.3.3.3 EVPN-Instance evrf1: Number of A-D Routes: 2 Network(ESI/EthTagId) NextHop *>i 0000.0000.0000.0000.0000:4294967295 2.2.2.2 * i 3.3.3.3 EVPN address family: Number of Mac Routes: 6 Route Distinguisher: 10:1 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:00e0-fc00-0001:0:0.0.0.0 0.0.0.0 *>i 0:48:00e0-fc00-0005:0:0.0.0.0 2.2.2.2 *>i 0:48:00e0-fc00-0004:0:0.0.0.0 3.3.3.3 *>i 0:48:00e0-fc00-0002:0:0.0.0.0 2.2.2.2 *>i 0:48:00e0-fc00-0003:0:0.0.0.0 3.3.3.3 *> 0:48:00e0-fc00-0006:0:0.0.0.0 0.0.0.0 EVPN-Instance evrf1: Number of Mac Routes: 6 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:00e0-fc00-0001:0:0.0.0.0 0.0.0.0 *>i 0:48:00e0-fc00-0005:0:0.0.0.0 2.2.2.2 *>i 0:48:00e0-fc00-0004:0:0.0.0.0 3.3.3.3 *>i 0:48:00e0-fc00-0002:0:0.0.0.0 2.2.2.2 *>i 0:48:00e0-fc00-0003:0:0.0.0.0 3.3.3.3 *> 0:48:00e0-fc00-0006:0:0.0.0.0 0.0.0.0 EVPN address family: Number of Inclusive Multicast Routes: 3 Route Distinguisher: 10:1 Network(EthTagId/IpAddrLen/OriginalIp) NextHop *> 0:32:1.1.1.1 127.0.0.1 *>i 0:32:2.2.2.2 2.2.2.2 *>i 0:32:3.3.3.3 3.3.3.3 EVPN-Instance evrf1: Number of Inclusive Multicast Routes: 3 Network(EthTagId/IpAddrLen/OriginalIp) NextHop *> 0:32:1.1.1.1 127.0.0.1 *>i 0:32:2.2.2.2 2.2.2.2 *>i 0:32:3.3.3.3 3.3.3.3[~PE1] display bgp evpn all routing-table ad-route 0000.0000.0000.0000.0000:4294967295BGP local router ID : 10.2.1.2 Local AS number : 100 Total routes of Route Distinguisher(2.2.2.2:0): 1 BGP routing table entry information of 0000.0000.0000.0000.0000:4294967295: From: 2.2.2.2 (2.2.2.2) Route Duration: 0d01h27m52s Relay IP Nexthop: 10.2.1.1 Relay Tunnel Out-Interface: LDP LSP Original nexthop: 2.2.2.2 Qos information : 0x0 Ext-Community: RT <11 : 1>, E-Tree <0 : 0 : 32915> AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 1 Route Type: 1 (Ethernet Auto-Discovery (A-D) route) ESI: 0000.0000.0000.0000.0000, Ethernet Tag ID: 4294967295 Not advertised to any peer yet Total routes of Route Distinguisher(3.3.3.3:0): 1 BGP routing table entry information of 0000.0000.0000.0000.0000:4294967295: From: 3.3.3.3 (3.3.3.3) Route Duration: 0d01h25m59s Relay IP Nexthop: 10.1.1.2 Relay Tunnel Out-Interface: LDP LSP Original nexthop: 3.3.3.3 Qos information : 0x0 Ext-Community: RT <11 : 1>, E-Tree <0 : 0 : 32915> AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 1 Route Type: 1 (Ethernet Auto-Discovery (A-D) route) ESI: 0000.0000.0000.0000.0000, Ethernet Tag ID: 4294967295 Not advertised to any peer yet EVPN-Instance evrf1: Number of A-D Routes: 2 BGP routing table entry information of 0000.0000.0000.0000.0000:4294967295: Route Distinguisher: 2.2.2.2:0 Remote-Cross route From: 2.2.2.2 (2.2.2.2) Route Duration: 0d01h27m52s Relay Tunnel Out-Interface: LDP LSP Original nexthop: 2.2.2.2 Qos information : 0x0 Ext-Community: RT <11 : 1>, E-Tree <0 : 0 : 32915> AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 1 Route Type: 1 (Ethernet Auto-Discovery (A-D) route) ESI: 0000.0000.0000.0000.0000, Ethernet Tag ID: 4294967295 Not advertised to any peer yet BGP routing table entry information of 0000.0000.0000.0000.0000:4294967295: Route Distinguisher: 3.3.3.3:0 Remote-Cross route From: 3.3.3.3 (3.3.3.3) Route Duration: 0d01h25m59s Relay Tunnel Out-Interface: LDP LSP Original nexthop: 3.3.3.3 Qos information : 0x0 Ext-Community: RT <11 : 1>, E-Tree <0 : 0 : 32915> AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 1, not preferred for router ID Route Type: 1 (Ethernet Auto-Discovery (A-D) route) ESI: 0000.0000.0000.0000.0000, Ethernet Tag ID: 4294967295 Not advertised to any peer yet[~PE1] display bgp evpn all routing-table mac-route 0:48:00e0-fc00-0005:0:0.0.0.0BGP local router ID : 10.2.1.2 Local AS number : 100 Total routes of Route Distinguisher(10:1): 1 BGP routing table entry information of 0:48:00e0-fc00-0005:0:0.0.0.0: Label information (Received/Applied): 32912/NULL From: 2.2.2.2 (2.2.2.2) Route Duration: 0d01h15m31s Relay IP Nexthop: 10.2.1.1 Relay Tunnel Out-Interface: LDP LSP Original nexthop: 2.2.2.2 Qos information : 0x0 Ext-Community: RT <11 : 1>, E-Tree <1 : 0 : 0> AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 1 Route Type: 2 (MAC Advertisement Route) Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc00-0005/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000 Not advertised to any peer yet EVPN-Instance evrf1: Number of Mac Routes: 1 BGP routing table entry information of 0:48:00e0-fc00-0005:0:0.0.0.0: Route Distinguisher: 10:1 Remote-Cross route Label information (Received/Applied): 32912/NULL From: 2.2.2.2 (2.2.2.2) Route Duration: 0d01h15m31s Relay Tunnel Out-Interface: LDP LSP Original nexthop: 2.2.2.2 Qos information : 0x0 Ext-Community: RT <11 : 1>, E-Tree <1 : 0 : 0> AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 1 Route Type: 2 (MAC Advertisement Route) Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc00-0005/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000 Not advertised to any peer yet
配置文件
PE1的配置文件
# sysname PE1 # evpn vpn-instance evrf1 bd-mode route-distinguisher 10:1 vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # mpls lsr-id 1.1.1.1 # mpls # bridge-domain 10 evpn binding vpn-instance evrf1 # mpls ldp # interface GigabitEthernet1/0/0.1 mode l2 encapsulation dot1q vid 10 rewrite pop single bridge-domain 10 # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable peer 3.3.3.3 enable # l2vpn-family evpn undo policy vpn-target peer 2.2.2.2 enable peer 3.3.3.3 enable # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.2.1.0 0.0.0.255 # evpn source-address 1.1.1.1 # return
PE2的配置文件
# sysname PE2 # evpn vpn-instance evrf1 bd-mode route-distinguisher 10:1 etree enable vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # mpls lsr-id 2.2.2.2 # mpls # bridge-domain 10 evpn binding vpn-instance evrf1 # mpls ldp # interface GigabitEthernet1/0/0.1 mode l2 encapsulation dot1q vid 10 rewrite pop single bridge-domain 10 evpn e-tree-leaf # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0 undo shutdown ip address 10.3.1.1 255.255.255.0 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 3.3.3.3 enable # l2vpn-family evpn undo policy vpn-target peer 1.1.1.1 enable peer 3.3.3.3 enable # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.2.1.0 0.0.0.255 network 10.3.1.0 0.0.0.255 # evpn source-address 2.2.2.2 # return
PE3的配置文件
# sysname PE3 # evpn vpn-instance evrf1 bd-mode route-distinguisher 10:1 etree enable vpn-target 11:1 export-extcommunity vpn-target 11:1 import-extcommunity # mpls lsr-id 3.3.3.3 # mpls # bridge-domain 10 evpn binding vpn-instance evrf1 # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.3.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet3/0/0.1 mode l2 encapsulation dot1q vid 10 rewrite pop single bridge-domain 10 evpn e-tree-leaf # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 2.2.2.2 enable # l2vpn-family evpn undo policy vpn-target peer 1.1.1.1 enable peer 2.2.2.2 enable # ospf 1 area 0.0.0.0 network 3.3.3.3 0.0.0.0 network 10.1.1.0 0.0.0.255 network 10.3.1.0 0.0.0.255 # evpn source-address 3.3.3.3 # return
