评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置L3VPN HoVPN和EVPN L3VPN拼接示例
本例介绍通过部署L3VPN HoVPN和EVPN L3VPN拼接功能实现网络互通。
组网需求
当前IP承载网络一般使用L3VPN(HVPN)和L2VPN协议承载二三层业务,协议复杂度较高。由于EVPN协议可以同时承载二三层业务,为了简化IP承载网络的业务承载协议,因此很多IP承载网络将会演进为EVPN协议,其中承载三层业务的L3VPN HVPN功能需要演进为EVPN L3VPN HVPN功能。在演进过程中,如果网络中设备较多,可能无法一次性实现端到端的演进,因此会出现L3VPN网络和EVPN L3VPN网络共存的场景。如图12-68所示,UPE和SPE之间为接入层网络,SPE和NPE之间为汇聚层网络,接入层网络和汇聚层网络分别部署独立IGP协议实现各自网络层的互通。UPE和SPE之间部署L3VPN HoVPN功能,SPE和NPE之间部署EVPN L3VPN功能。其中SPE仅向UPE发布缺省L3VPN路由,SPE在收到UPE的明细路由后,会将这些L3VPN路由重新封装为EVPN路由发布给NPE。
配置思路
采用如下的思路进行配置:
UPE和SPE之间、SPE和NPE之间部署IGP协议,本例分别使用OSPF和IS-IS。
UPE、SPE和NPE上配置MPLS LDP功能。
在UPE、SPE、NPE上创建VPN实例。
在UPE和NPE上配置接入侧接口绑定VPN实例。
在SPE上配置私网静态缺省路由。
在NPE上配置路由策略,使NPE不接收缺省路由。
在SPE和NPE上配置BGP EVPN功能。
在UPE和SPE上的配置BGP VPNv4功能并在SPE上指定UPE设备,然后引入私网缺省路由。
在SPE上配置路由重生成。
数据准备
为完成此配置例,需准备如下的数据:
UPE、SPE及NPE上的MPLS LSR-ID分别为1.1.1.1、2.2.2.2和3.3.3.3。
VPN实例名称为vpn1,RD为100:1。
VPN实例的收发路由属性VPN-Target为1:1和2:2。
操作步骤
- 配置UPE、SPE和NPE的IP地址及Loopback接口的地址
配置各接口的IP地址和掩码,具体配置过程请参考配置文件。
- UPE和SPE之间、SPE和NPE之间部署IGP协议,本例分别使用OSPF和IS-IS
具体配置过程请参考配置文件。
- 配置UPE、SPE和NPE的MPLS LDP功能
具体配置过程请参考配置文件。
- 在UPE、SPE、NPE上创建VPN实例
# 配置UPE。
[~UPE] ip vpn-instance vpn1[*UPE-vpn-instance-vpn1] ipv4-family[*UPE-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1[*UPE-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both[*UPE-vpn-instance-vpn1-af-ipv4] quit[*UPE-vpn-instance-vpn1] quit[*UPE] commit# 配置SPE。
[~SPE] ip vpn-instance vpn1[*SPE-vpn-instance-vpn1] ipv4-family[*SPE-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1[*SPE-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both[*SPE-vpn-instance-vpn1-af-ipv4] vpn-target 2:2 both evpn[*SPE-vpn-instance-vpn1-af-ipv4] evpn mpls routing-enable[*SPE-vpn-instance-vpn1-af-ipv4] quit[*SPE-vpn-instance-vpn1] quit[*SPE] commit# 配置NPE。
[~NPE] ip vpn-instance vpn1[*NPE-vpn-instance-vpn1] ipv4-family[*NPE-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1[*NPE-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 both[*NPE-vpn-instance-vpn1-af-ipv4] vpn-target 2:2 both evpn[*NPE-vpn-instance-vpn1-af-ipv4] evpn mpls routing-enable[*NPE-vpn-instance-vpn1-af-ipv4] quit[*NPE-vpn-instance-vpn1] quit[*NPE] commit - 在UPE和NPE上配置接入侧接口绑定VPN实例
# 配置UPE。
[~UPE] interface GigabitEthernet 2/0/0
[*UPE-GigabitEthernet2/0/0] ip binding vpn-instance vpn1
[*UPE-GigabitEthernet2/0/0] ip address 192.168.20.1 255.255.255.0
[*UPE-GigabitEthernet2/0/0] quit
[*UPE] commit# 配置NPE。
[~NPE] interface GigabitEthernet 2/0/0
[*NPE-GigabitEthernet2/0/0] ip binding vpn-instance vpn1
[*NPE-GigabitEthernet2/0/0] ip address 192.168.30.1 255.255.255.0
[*NPE-GigabitEthernet2/0/0] quit
[*NPE] commit - 在SPE上配置静态缺省路由
[~SPE] ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 NULL0[*SPE] commit - 在NPE上配置路由策略,使NPE不接收缺省路由
[~NPE] ip ip-prefix default index 10 permit 0.0.0.0 0[*NPE] route-policy SPE deny node 10[*NPE-route-policy] if-match ip-prefix default[*NPE-route-policy] quit[*NPE] route-policy SPE permit node 20[*NPE-route-policy] quit[*NPE] ip vpn-instance vpn1[*NPE-vpn-instance-vpn1] ipv4-family[*NPE-vpn-instance-vpn1-af-ipv4] import route-policy SPE evpn[*NPE-vpn-instance-vpn1-af-ipv4] quit[*NPE-vpn-instance-vpn1] quit[*NPE] commit - 在SPE和NPE上配置BGP EVPN功能
# 配置SPE。
[~SPE] bgp 100[*SPE-bgp] peer 3.3.3.3 as-number 100[*SPE-bgp] peer 3.3.3.3 connect-interface LoopBack1[*SPE-bgp] l2vpn-family evpn[*SPE-bgp-af-evpn] peer 3.3.3.3 enable[*SPE-bgp-af-evpn] quit[*SPE-bgp] quit[*SPE] commit# 配置NPE。
[~NPE] bgp 100[*NPE-bgp] peer 2.2.2.2 as-number 100[*NPE-bgp] peer 2.2.2.2 connect-interface LoopBack1[*NPE-bgp] l2vpn-family evpn[*NPE-bgp-af-evpn] peer 2.2.2.2 enable[*NPE-bgp-af-evpn] quit[*NPE-bgp] ipv4-family vpn-instance vpn1[*NPE-bgp-vpn1] advertise l2vpn evpn[*NPE-bgp-vpn1] import-route direct[*NPE-bgp-vpn1] quit[*NPE-bgp] quit[*NPE] commit - 在UPE和SPE上的配置BGP VPNv4功能并在SPE上指定UPE设备,然后引入私网缺省路由。
# 配置UPE。
[~UPE] bgp 100[*UPE-bgp] peer 2.2.2.2 as-number 100[*UPE-bgp] peer 2.2.2.2 connect-interface LoopBack1[*UPE-bgp] ipv4-family vpnv4[*UPE-bgp-af-vpnv4] peer 2.2.2.2 enable[*UPE-bgp-af-vpnv4] quit[*UPE-bgp] ipv4-family vpn-instance vpn1[*UPE-bgp-vpn1] import-route direct[*UPE-bgp-vpn1] quit[*UPE-bgp] quit[*UPE] commit# 配置SPE。
[~SPE] bgp 100[*SPE-bgp] peer 1.1.1.1 as-number 100[*SPE-bgp] peer 1.1.1.1 connect-interface LoopBack1[*SPE-bgp] ipv4-family vpnv4[*SPE-bgp-af-vpnv4] peer 1.1.1.1 enable[*SPE-bgp-af-vpnv4] peer 1.1.1.1 upe[*SPE-bgp-af-vpnv4] quit[*SPE-bgp] ipv4-family vpn-instance vpn1[*SPE-bgp-vpn1] network 0.0.0.0 0[*SPE-bgp-vpn1] advertise l2vpn evpn[*SPE-bgp-vpn1] quit[*SPE-bgp] quit[*SPE] commit - 在SPE上配置路由重生成
# 配置SPE。
[~SPE] bgp 100[*SPE-bgp] ipv4-family vpnv4[*SPE-bgp-af-vpnv4] peer 1.1.1.1 import reoriginate[*SPE-bgp-af-vpnv4] quit[*SPE-bgp] l2vpn-family evpn[*SPE-bgp-af-evpn] undo policy vpn-target[*SPE-bgp-af-evpn] peer 3.3.3.3 advertise route-reoriginated vpnv4[*SPE-bgp-af-evpn] quit[*SPE-bgp] quit[*SPE] commit - 验证配置结果
在NPE设备上执行display bgp evpn all routing-table命令,可以看到从UPE方向收到的EVPN路由:
[~NPE] display bgp evpn all routing-tableLocal AS number : 100 BGP Local router ID is 10.2.1.2 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete EVPN address family: Number of Ip Prefix Routes: 3 Route Distinguisher: 100:1 Network(EthTagId/IpPrefix/IpPrefixLen) NextHop *>i 0:0.0.0.0:0 2.2.2.2 *>i 0:192.168.20.0:24 2.2.2.2 *> 0:192.168.30.0:24 0.0.0.0在NPE上执行display ip routing-table vpn-instance vpn1命令可查看从UPE方向收到的私网路由信息:
[~NPE] display ip routing-table vpn-instance vpn1Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route------------------------------------------------------------------------------ Routing Table : vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 192.168.20.0/24 IBGP 255 0 RD 2.2.2.2 GigabitEthernet1/0/0 192.168.30.0/24 Direct 0 0 RD 192.168.30.1 GigabitEthernet2/0/0 192.168.30.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 192.168.30.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0在UPE上执行display ip routing-table vpn-instance vpn1命令可查看到私网缺省路由信息:
[~UPE] display ip routing-table vpn-instance vpn1Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route------------------------------------------------------------------------------ Routing Table : vpn1 Destinations : 5 Routes : 5 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 IBGP 255 0 RD 2.2.2.2 GigabitEthernet1/0/0 192.168.20.0/24 Direct 0 0 RD 192.168.20.1 GigabitEthernet1/0/0 192.168.20.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 192.168.20.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet1/0/0 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
配置文件
UPE的配置文件
# sysname UPE # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 apply-label per-instance vpn-target 1:1 export-extcommunity vpn-target 1:1 import-extcommunity # mpls lsr-id 1.1.1.1 # mpls # mpls ldp # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.1 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip binding vpn-instance vpn1 ip address 192.168.20.1 255.255.255.0 # interface LoopBack1 ip address 1.1.1.1 255.255.255.255 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # ipv4-family vpnv4 policy vpn-target peer 2.2.2.2 enable # ipv4-family vpn-instance vpn1 import-route direct # ospf 1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.1.0 0.0.0.255 # return
SPE的配置文件
# sysname SPE # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 apply-label per-instance vpn-target 1:1 export-extcommunity vpn-target 2:2 export-extcommunity evpn vpn-target 1:1 import-extcommunity vpn-target 2:2 import-extcommunity evpn evpn mpls routing-enable # mpls lsr-id 2.2.2.2 # mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0002.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.1.1.2 255.255.255.0 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip address 10.2.1.1 255.255.255.0 isis enable 1 mpls mpls ldp # interface LoopBack1 ip address 2.2.2.2 255.255.255.255 isis enable 1 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack1 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 1.1.1.1 enable peer 3.3.3.3 enable # ipv4-family vpnv4 undo policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 upe peer 1.1.1.1 import reoriginate # ipv4-family vpn-instance vpn1 network 0.0.0.0 advertise l2vpn evpn # l2vpn-family evpn undo policy vpn-target peer 3.3.3.3 enable peer 3.3.3.3 advertise route-reoriginated vpnv4 # ospf 1 area 0.0.0.0 network 2.2.2.2 0.0.0.0 network 10.1.1.0 0.0.0.255 # ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 NULL0 # return
NPE的配置文件
# sysname NPE # ip vpn-instance vpn1 ipv4-family route-distinguisher 100:1 apply-label per-instance import route-policy SPE evpn vpn-target 1:1 export-extcommunity vpn-target 2:2 export-extcommunity evpn vpn-target 1:1 import-extcommunity vpn-target 2:2 import-extcommunity evpn evpn mpls routing-enable # mpls lsr-id 3.3.3.3 # mpls # mpls ldp # isis 1 network-entity 10.0000.0000.0003.00 # interface GigabitEthernet1/0/0 undo shutdown ip address 10.2.1.2 255.255.255.0 isis enable 1 mpls mpls ldp # interface GigabitEthernet2/0/0 undo shutdown ip binding vpn-instance vpn1 ip address 192.168.30.1 255.255.255.0 # interface LoopBack1 ip address 3.3.3.3 255.255.255.255 isis enable 1 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 2.2.2.2 enable # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # l2vpn-family evpn policy vpn-target peer 2.2.2.2 enable # route-policy SPE deny node 10 if-match ip-prefix default # route-policy SPE permit node 20 # ip ip-prefix default index 10 permit 0.0.0.0 0 # return
