- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
01-EVPN+M-LAG典型配置舉例
本章節下載: 01-EVPN+M-LAG典型配置舉例 (689.84 KB)
4 EVPN和M-LAG二層轉發配置舉例(直連模式peer-link鏈路)
4.4.6 配置以太網服務實例匹配用戶報文,並將其與VSI關聯
5 EVPN和M-LAG二層轉發配置舉例(隧道模式peer-link鏈路)
5.4.6 配置以太網服務實例匹配用戶報文,並將其與VSI關聯
6 EVPN和M-LAG三層轉發配置舉例(直連模式peer-link鏈路)
6.4.7 配置以太網服務實例匹配用戶報文,並將其與VSI關聯
7 EVPN和M-LAG三層轉發配置舉例(隧道模式peer-link鏈路)
7.4.7 配置以太網服務實例匹配用戶報文,並將其與VSI關聯
本文檔介紹EVPN(Ethernet Virtual Private Network,以太網虛擬專用網絡)和M-LAG結合使用的典型配置舉例。
· EVPN是一種二層VPN技術,控製平麵采用MP-BGP通告EVPN路由信息,數據平麵采用VXLAN封裝方式轉發報文。
· M-LAG是一種跨設備鏈路聚合技術,將兩台物理設備在聚合層麵虛擬成一台設備來實現跨設備鏈路聚合,從而提供設備級冗餘保護和流量負載分擔。
通過EVPN和M-LAG結合部署的方式,將兩台物理設備連接起來虛擬成一台設備,使用該虛擬設備作為VTEP(既可以是僅用於二層轉發的VTEP,也可以是EVPN網關),可以避免VTEP單點故障對網絡造成影響,從而提高EVPN網絡的可靠性。
本文檔不嚴格與具體軟、硬件版本對應,如果使用過程中與產品實際情況有差異,請以設備實際情況為準。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解EVPN和M-LAG特性。
配置EVPN支持M-LAG時,需要注意:
· 開啟、關閉EVPN支持M-LAG功能後,需要在BGP實例視圖下執行address-family l2vpn evpn命令,以便設備采用新的隧道源端地址與遠端VTEP建立隧道。
· 分布式聚合的虛擬VTEP地址不能指定為接口的從IP地址。
· Underlay網絡為IPv4網絡(或IPv6網絡)時,M-LAG的虛擬VTEP地址必須同為IPv4地址(或IPv6地址),否則會導致作為M-LAG設備的VTEP無法與遠端VTEP(非M-LAG設備)建立VXLAN隧道。
· 為了避免M-LAG協議將接口置為M-LAG MAD DOWN狀態,需要將如下參與EVPN業務的接口配置為保留接口:
¡ 執行m-lag mad default-action none命令使M-LAG係統分裂後接口保持原狀態不變。
¡ M-LAG接口和peer-link接口所在VLAN對應的VLAN接口不需要做任何配置,M-LAG係統分裂後,這些端口不會Down。
¡ 采用直連模式peer-link鏈路時:上行接口(路由口、VLAN接口、物理接口)需要通過m-lag mad include interface命令配置為M-LAG非保留接口,M-LAG係統分裂後,這些端口會Down。采用隧道模式peer-link鏈路時不需要進行此配置。
¡ 所有參與EVPN業務的接口(VSI虛接口、BGP對等體地址所在的接口、Keepalive鏈路的接口)不需要做任何配置,M-LAG係統分裂後,這些端口不會Down。
¡ M-LAG設備采用的虛擬地址(即evpn m-lag group命令配置的IP地址)所在的接口不需要做任何配置,M-LAG係統分裂後,這些端口不會Down。
· 執行m-lag restore-delay命令配置延遲恢複時間大於等於300秒。
· 在M-LAG設備上,需要關閉VXLAN隧道對應的二層以太網接口上的STP功能,以免上行設備錯誤地阻塞連接M-LAG設備的接口。
配置采用直連模式peer-link鏈路的EVPN支持M-LAG時,需要注意:
· 根據用戶側以太網服務實例的報文匹配規則創建peer-link鏈路上的AC時,用戶側以太網服務實例配置的報文匹配規則隻能為匹配報文的外層VLAN tag(encapsulation s-vid { vlan-id | vlan-id-list })、匹配不攜帶VLAN tag的所有報文(encapsulation untagged),且AC的接入模式必須為VLAN模式。
· M-LAG的兩台VTEP上,同一M-LAG接口以及單掛AC口上以太網服務實例的匹配規則、關聯的VSI對應的VXLAN ID必須一致,且隻能采用手工方式創建AC。
· 建議將peer-link接口的PVID配置為4094。否則,如果設備配置了通過VXLAN ID映射方式生成peer-link鏈路上動態AC的報文匹配規則(l2vpn m-lag peer-link ac-match-rule vxlan-mapping命令),可能會出現計算出的AC的報文匹配規則外層VLAN標簽為peer-link接口的PVID,影響VLAN Tag為VXLAN ID%4094+1(VXLAN ID除以4094,取餘後加1)的Underlay流量轉發。
· 建議不要在M-LAG的兩台VTEP上引入外部路由。
配置采用隧道模式peer-link鏈路的EVPN支持M-LAG時,需要注意:
· M-LAG的兩台VTEP上,M-LAG接口的以太網服務實例匹配規則、關聯的VSI對應的VXLAN ID必須一致,且隻能采用手工方式創建AC。
· 在隧道模式peer-link鏈路的組網環境中,必須先將VXLAN隧道接口、VXLAN隧道的公網出接口配置為保留接口後,再將VXLAN隧道接口配置為peer-link接口。如果在配置保留接口前已經將VXLAN隧道接口配置為peer-link接口,則需要先取消VXLAN隧道接口作為peer-link接口的配置,待VXLAN隧道接口、VXLAN隧道的公網出接口up後,將這些接口配置為保留接口,之後再將VXLAN隧道接口配置為peer-link接口。
Switch A、Switch B、Switch D為與服務器連接的VTEP設備。Switch A和Switch B通過M-LAG虛擬為一台VTEP設備,Switch A和Switch B之間通過peer-link鏈路同步MAC地址和ARP信息,以確保兩台VTEP上的MAC地址和ARP信息保持一致。Switch C作為路由反射器在Switch A、Switch B、Switch D之間反射路由。本組網采用直連模式peer-link鏈路。
Switch A和Switch B均通過以太網鏈路與下行的虛擬機VM 1、VM 2連接,要求在連接每一台虛擬機的鏈路間跨設備建立二層聚合接口,避免單條以太網鏈路故障導致虛擬機無法訪問網絡。
虛擬機VM 1、VM 2和VM 3同屬於VXLAN 10,通過EVPN實現不同站點間的二層互通。
圖4-1 EVPN和M-LAG二層轉發組網圖(直連模式peer-link鏈路)
· 在交換機上配置路由協議,使得各交換機的接口IP地址(包括Loopback接口IP地址)之間路由可達。本舉例以OSPF路由協議為例。
· 在Switch A、Switch B上開啟EVPN支持M-LAG功能,使兩台設備虛擬為一台VTEP設備。
· 配置Switch C作為路由反射器在Switch A、Switch B、Switch D之間反射路由
· 在Switch A、Switch B和Switch D上配置EVPN,使VTEP之間通過BGP EVPN路由實現自動發現鄰居、自動建立/關聯VXLAN隧道、通告MAC/IP的可達性等,以便將虛擬機發送的二層報文封裝為IP報文後在IP核心網絡上轉發。
· 在Switch A、Switch B和Switch D的下行端口上配置以太網服務實例和相應的匹配規則,用來識別用戶網絡中的報文所屬的VXLAN。
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7634P09及以上版本 |
|
S10500X係列交換機 |
Release 7634P09及以上版本 |
|
S12500-XS係列交換機 |
Release 7634P09及以上版本 |
|
S7600E-X係列交換機 |
Release 7634P09及以上版本 |
|
S7500X-X係列交換機 |
Release 7634P09及以上版本 |
|
S9900X係列交換機 |
Release 7634P51及以上版本 |
|
S10500係列交換機 |
Release 7634P09及以上版本 |
|
S7600-X係列交換機 |
Release 7634P09及以上版本 |
|
S12500-S係列交換機 |
Release 7634P09及以上版本 |
|
S7500E-X係列交換機 |
Release 7634P09及以上版本 |
|
S7500E係列交換機 |
Release 7634P09及以上版本 |
|
S7500X係列交換機 |
Release 7634P09及以上版本 |
|
S7600係列交換機 |
Release 7634P09及以上版本 |
|
S7000ET係列交換機 |
不支持 |
# 在Switch A上配置各接口的IP地址。
<SwitchA> system-view
[SwitchA] interface loopback 0
[SwitchA-Loopback0] ip address 1.1.1.1 32
[SwitchA-Loopback0] quit
[SwitchA] interface loopback 1
[SwitchA-Loopback1] ip address 1.2.3.4 32
[SwitchA-Loopback1] quit
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/5
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
[SwitchA] interface ten-gigabitethernet 1/0/4
[SwitchA-Ten-GigabitEthernet1/0/4] port link-mode route
[SwitchA-Ten-GigabitEthernet1/0/4] ip address 60.1.1.1 24
[SwitchA-Ten-GigabitEthernet1/0/4] quit
# 請參考以上方法配置其它交換機上的接口IP地址,配置步驟此處省略。
# 配置OSPF發布接口所在網段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchB> system-view
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchC> system-view
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchD> system-view
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 開啟L2VPN能力。
[SwitchA] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 開啟L2VPN能力。
[SwitchB] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 開啟L2VPN能力。
[SwitchD] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI實例vpna下創建EVPN實例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] arp suppression enable
[SwitchD-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 開啟EVPN支持M-LAG功能,並配置虛擬VTEP地址為1.2.3.4。
[SwitchA] evpn m-lag group 1.2.3.4
# 配置M-LAG係統。
[SwitchA] m-lag system-mac 0001-0001-0001
[SwitchA] m-lag system-number 1
[SwitchA] m-lag system-priority 10
[SwitchA] m-lag restore-delay 180
[SwitchA] m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1
# 創建二層聚合接口3,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation3] quit
# 將端口Ten-GigabitEthernet1/0/3加入到聚合組3中。
[SwitchA] interface ten-gigabitethernet 1/0/3
[SwitchA-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchA-Ten-GigabitEthernet1/0/3] quit
# 將二層聚合接口3配置為peer-link接口。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] port m-lag peer-link 1
[SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchA-Bridge-Aggregation3] quit
# 配置M-LAG設備Switch A與Switch B之間路由可達。
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 100.1.1.1 255.255.255.0
[SwitchA-Vlan-interface100] ospf 1 area 0.0.0.0
[SwitchA-Vlan-interface100] quit
# 在端口Ten-GigabitEthernet1/0/5上關閉報文入接口與靜態MAC地址表項匹配檢查功能和生成樹協議。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 創建二層聚合接口4,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 將端口Ten-GigabitEthernet1/0/1加入到聚合組4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 將二層聚合接口4加入M-LAG組4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port m-lag group 4
[SwitchA-Bridge-Aggregation4] quit
# 創建二層聚合接口5,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 將端口Ten-GigabitEthernet1/0/2加入到聚合組5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 將二層聚合接口5加入M-LAG組5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port m-lag group 5
[SwitchA-Bridge-Aggregation5] quit
# 將所有參與EVPN業務的接口配置為保留接口。
[SwitchA] m-lag mad exclude interface loopback 0
[SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/4
[SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] m-lag mad exclude interface vlan-interface 11
# 開啟EVPN支持M-LAG功能,並配置虛擬VTEP地址為1.2.3.4。
[SwitchB] evpn m-lag group 1.2.3.4
# 配置M-LAG係統。
[SwitchB] m-lag system-mac 0001-0001-0001
[SwitchB] m-lag system-number 2
[SwitchB] m-lag system-priority 10
[SwitchB] m-lag restore-delay 180
[SwitchB] m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2
# 創建二層聚合接口3,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation3] quit
# 將端口Ten-GigabitEthernet1/0/3加入到聚合組3中。
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# 將二層聚合接口3配置為peer-link接口。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] port m-lag peer-link 1
[SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchB-Bridge-Aggregation3] quit
# 配置M-LAG設備Switch A與Switch B之間路由可達。
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] interface Vlan-interface 100
[SwitchB-Vlan-interface100] ip address 100.1.1.2 255.255.255.0
[SwitchB-Vlan-interface100] ospf 1 area 0.0.0.0
[SwitchB-Vlan-interface100] quit
# 在端口Ten-GigabitEthernet1/0/5上關閉報文入接口與靜態MAC地址表項匹配檢查功能和生成樹協議。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 創建二層聚合接口4,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 將端口Ten-GigabitEthernet1/0/1加入到聚合組4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 將二層聚合接口4加入M-LAG組4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port m-lag group 4
[SwitchB-Bridge-Aggregation4] quit
# 創建二層聚合接口5,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 將端口Ten-GigabitEthernet1/0/2加入到聚合組5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 將二層聚合接口5加入M-LAG組5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port m-lag group 5
[SwitchB-Bridge-Aggregation5] quit
# 將所有參與EVPN業務的接口配置為保留接口。
[SwitchB] m-lag mad exclude interface loopback 0
[SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/4
[SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] m-lag mad exclude interface vlan-interface 12
# 配置BGP發布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP發布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP發布EVPN路由,並作為路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置BGP發布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服務器的接口Bridge-Aggregation4上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# 接入服務器的接口Bridge-Aggregation5上創建以太網服務實例1000,該實例用來匹配VLAN 3的數據幀。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 接入服務器的接口Bridge-Aggregation4上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# 接入服務器的接口Bridge-Aggregation5上創建以太網服務實例1000,該實例用來匹配VLAN 3的數據幀。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 接入服務器的接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchD-Ten-GigabitEthernet1/0/1] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 查看Switch A上的EVPN路由信息。
[Switch A]display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 1
Route distinguisher: 1:10
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態,並且隧道源地址是虛擬VTEP地址。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到設備自動在peer-link鏈路上創建了AC,並將其與VSI關聯。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG3 srv2 1 Up Dynamic (MLAG)
BAGG5 srv1000 2 Up Manual
BAGG3 srv3 3 Up Dynamic (MLAG)
虛擬機VM 1、VM 2和VM 3之間可以互訪。虛擬機與Switch A或Switch B相連的鏈路斷開後,VM 1、VM 2和VM 3仍然可以通過另一台設備互訪。
· Switch A
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 1.2.3.4 0.0.0.0
network 11.1.1.0 0.0.0.255
#
vlan 11
#
l2vpn enable
vxlan tunnel arp-learning disable
evpn m-lag group 1.2.3.4
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation3
link-aggregation mode dynamic
port m-lag peer-link 1
undo mac-address static source-check enable
undo stp enable
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port m-lag group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port m-lag group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpna
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack0
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/4
port link-mode route
ip address 60.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 11
undo mac-address static source-check enable
undo stp enable
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1
m-lag restore-delay 180
m-lag system-mac 0001-0001-0001
m-lag system-number 1
m-lag system-priority 10
#
m-lag mad exclude interface LoopBack0
m-lag mad exclude interface Ten-GigabitEthernet1/0/4
m-lag mad exclude interface Ten-GigabitEthernet1/0/5
m-lag mad exclude interface Vlan-interface11
#
return
· Switch B
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 1.2.3.4 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
vlan 12
#
l2vpn enable
vxlan tunnel arp-learning disable
evpn m-lag group 1.2.3.4
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation3
link-aggregation mode dynamic
port m-lag peer-link 1
undo mac-address static source-check enable
undo stp enable
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port m-lag group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port m-lag group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpna
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/4
port link-mode route
ip address 60.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 12
undo mac-address static source-check enable
undo stp enable
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2
m-lag restore-delay 180
m-lag system-mac 0001-0001-0001
m-lag system-number 2
m-lag system-priority 10
#
m-lag mad exclude interface LoopBack0
m-lag mad exclude interface Ten-GigabitEthernet1/0/4
m-lag mad exclude interface Ten-GigabitEthernet1/0/5
m-lag mad exclude interface Vlan-interface12
#
return
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11 to 13
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.3 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 4.4.4.4 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· Switch D
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
Switch A、Switch B、Switch D為與服務器連接的VTEP設備。Switch A和Switch B通過M-LAG虛擬為一台VTEP設備,Switch A和Switch B之間采用隧道模式peer-link鏈路,同步MAC地址和ARP信息,以確保兩台VTEP上的MAC地址和ARP信息保持一致,在Switch A和Switch B上配置Monitor Link組。把所有上行口配置為Up-Link,所有下行DR成員口配置為Down-Link,通過Monitor Link實現上下行接口聯動,以便及時發現上行接口故障,並在DR成員設備之間進行主從切換。。Switch C同時作為路由反射器在Switch A、Switch B、Switch D之間反射路由。
Switch A和Switch B均通過以太網鏈路與下行的虛擬機VM 1、VM 2連接,要求在連接每一台虛擬機的鏈路間跨設備建立二層聚合接口,避免單條以太網鏈路故障導致虛擬機無法訪問網絡。
虛擬機VM 1、VM 2和VM 3同屬於VXLAN 10,通過EVPN實現不同站點間的二層互通。
圖5-1 EVPN和M-LAG二層轉發組網圖(隧道模式peer-link鏈路)
· 在交換機上配置路由協議,使得各交換機的接口IP地址(包括Loopback接口IP地址)之間路由可達。本舉例以OSPF路由協議為例。
· 在Switch A、Switch B上開啟EVPN支持M-LAG功能,使兩台設備虛擬為一台VTEP設備。
· Switch A、Switch B之間通過手工方式創建隧道模式peer-link鏈路,在Switch A和Switch B之間同步MAC地址和ARP信息。
· 配置Switch C作為路由反射器在Switch A、Switch B、Switch D之間反射路由
· 在Switch A、Switch B和Switch D上配置EVPN,使VTEP之間通過BGP EVPN路由實現自動發現鄰居、自動建立/關聯VXLAN隧道、通告MAC/IP的可達性等,以便將虛擬機發送的二層報文封裝為IP報文後在IP核心網絡上轉發。
· 在Switch A、Switch B和Switch D的下行端口上配置以太網服務實例和相應的匹配規則,用來識別用戶網絡中的報文所屬的VXLAN。
表5-1 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7634P09及以上版本 |
|
S10500X係列交換機 |
Release 7634P09及以上版本 |
|
S12500-XS係列交換機 |
Release 7634P09及以上版本 |
|
S7600E-X係列交換機 |
Release 7634P09及以上版本 |
|
S7500X-X係列交換機 |
Release 7634P09及以上版本 |
|
S9900X係列交換機 |
Release 7634P51及以上版本 |
|
S10500係列交換機 |
Release 7634P09及以上版本 |
|
S7600-X係列交換機 |
Release 7634P09及以上版本 |
|
S12500-S係列交換機 |
Release 7634P09及以上版本 |
|
S7500E-X係列交換機 |
Release 7634P09及以上版本 |
|
S7500E係列交換機 |
Release 7634P09及以上版本 |
|
S7500X係列交換機 |
Release 7634P09及以上版本 |
|
S7600係列交換機 |
Release 7634P09及以上版本 |
|
S7000ET係列交換機 |
不支持 |
# 在Switch A上配置各接口的IP地址。
<SwitchA> system-view
[SwitchA] interface loopback 0
[SwitchA-Loopback0] ip address 1.1.1.1 32
[SwitchA-Loopback0] quit
[SwitchA] interface loopback 1
[SwitchA-Loopback1] ip address 1.2.3.4 32
[SwitchA-Loopback1] quit
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/5
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
# 請參考以上方法配置其它交換機上的接口IP地址,配置步驟此處省略。
# 配置OSPF發布接口所在網段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchB> system-view
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchC> system-view
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchD> system-view
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 開啟L2VPN能力。
[SwitchA] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置預留VXLAN ID為1234。
[SwitchA] reserved vxlan 1234
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 開啟L2VPN能力。
[SwitchB] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置預留VXLAN ID為1234。
[SwitchB] reserved vxlan 1234
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 開啟L2VPN能力。
[SwitchD] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI實例vpna下創建EVPN實例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] arp suppression enable
[SwitchD-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 開啟EVPN支持M-LAG功能,並配置虛擬VTEP地址為1.2.3.4。
[SwitchA] evpn m-lag group 1.2.3.4
# 配置M-LAG係統。
[SwitchA] m-lag system-mac 0001-0001-0001
[SwitchA] m-lag system-number 1
[SwitchA] m-lag system-priority 10
[SwitchA] m-lag restore-delay 180
# 在Switch A和Switch B之間手工創建VXLAN隧道Tunnel1。
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] quit
# 將VXLAN隧道接口配置M-LAG保留接口。
[SwitchA] m-lag mad exclude interface tunnel 1
# 配置VXLAN隧道接口為peer-link接口。
[SwitchA] interface tunnel 1
[SwitchA-Tunnel1] port m-lag peer-link 1
[SwitchA-Tunnel1] quit
# 在端口Ten-GigabitEthernet1/0/5上關閉報文入接口與靜態MAC地址表項匹配檢查功能和生成樹協議。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 創建二層聚合接口4,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 將端口Ten-GigabitEthernet1/0/1加入到聚合組4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 將二層聚合接口4加入M-LAG組4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port m-lag group 4
[SwitchA-Bridge-Aggregation4] quit
# 創建二層聚合接口5,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 將端口Ten-GigabitEthernet1/0/2加入到聚合組5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 將二層聚合接口5加入M-LAG組5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port m-lag group 5
[SwitchA-Bridge-Aggregation5] quit
# 創建Monitor Link組1,添加上行和下行接口,以便在上下行接口之間形成聯動。
[SwitchA] monitor-link group 1
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink
[SwitchA-mtlk-group1] quit
# 將所有參與EVPN業務的接口配置為保留接口。
[SwitchA] m-lag mad exclude interface loopback 0
[SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] m-lag mad exclude interface vlan-interface 11
# 開啟EVPN支持M-LAG功能,並配置虛擬VTEP地址為1.2.3.4。
[SwitchB] evpn m-lag group 1.2.3.4
# 配置M-LAG係統。
[SwitchB] m-lag system-mac 0001-0001-0001
[SwitchB] m-lag system-number 2
[SwitchB] m-lag system-priority 10
[SwitchB] m-lag restore-delay 180
# 在Switch A和Switch B之間手工創建VXLAN隧道Tunnel1。
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1
[SwitchB-Tunnel1] quit
# 將VXLAN隧道接口配置M-LAG保留接口。
[SwitchB] m-lag mad exclude interface tunnel 1
# 配置VXLAN隧道接口為peer-link接口。
[SwitchB] interface tunnel 1
[SwitchB-Tunnel1] port m-lag peer-link 1
[SwitchB-Tunnel1] quit
# 在端口Ten-GigabitEthernet1/0/5上關閉報文入接口與靜態MAC地址表項匹配檢查功能和生成樹協議。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 創建二層聚合接口4,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 將端口Ten-GigabitEthernet1/0/1加入到聚合組4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 將二層聚合接口4加入M-LAG組4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port m-lag group 4
[SwitchB-Bridge-Aggregation4] quit
# 創建二層聚合接口5,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 將端口Ten-GigabitEthernet1/0/2加入到聚合組5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 將二層聚合接口5加入M-LAG組5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port m-lag group 5
[SwitchB-Bridge-Aggregation5] quit
# 創建Monitor Link組1,添加上行和下行接口,以便在上下行接口之間形成聯動。
[SwitchB] monitor-link group 1
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink
[SwitchB-mtlk-group1] quit
# 將所有參與EVPN業務的接口配置為保留接口。
[SwitchB] m-lag mad exclude interface loopback 0
[SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/5
[SwitchB] m-lag mad exclude interface vlan-interface 12
# 配置BGP發布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP發布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP發布EVPN路由,並作為路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置BGP發布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服務器的接口Bridge-Aggregation4上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# 接入服務器的接口Bridge-Aggregation5上創建以太網服務實例1000,該實例用來匹配VLAN 3的數據幀。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 接入服務器的接口Bridge-Aggregation4上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# 接入服務器的接口Bridge-Aggregation5上創建以太網服務實例1000,該實例用來匹配VLAN 3的數據幀。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 接入服務器的接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchD-Ten-GigabitEthernet1/0/1] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 查看Switch A上的EVPN路由信息。
[Switch A]display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 2
Route distinguisher: 1:10
Total number of routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.1.1.1]/80
1.1.1.1 0 100 32768 i
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][2.2.2.2]/80
2.2.2.2 0 100 0 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態,Tunnel0的隧道源地址是虛擬VTEP地址,Tunnel1為作為peer-link鏈路。
[SwitchA] display interface Tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 13 bytes/sec, 104 bits/sec, 0 packets/sec
Last 300 seconds output rate: 13 bytes/sec, 104 bits/sec, 0 packets/sec
Input: 332 packets, 36377 bytes, 0 drops
Output: 583 packets, 59132 bytes, 0 drops
# 查看Switch A上的VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG5 srv1000 2 Up Manual
虛擬機VM 1、VM 2和VM 3之間可以互訪。虛擬機與Switch A或Switch B相連的鏈路斷開後,VM 1、VM 2和VM 3仍然可以通過另一台設備互訪。
· Switch A
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 1.2.3.4 0.0.0.0
network 11.1.1.0 0.0.0.255
#
vlan 11
#
l2vpn enable
reserved vxlan 1234
vxlan tunnel arp-learning disable
evpn m-lag group 1.2.3.4
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port m-lag group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port m-lag group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpna
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 11
undo mac-address static source-check enable
undo stp enable
#
interface Tunnel1 mode vxlan
port m-lag peer-link 1
source 1.1.1.1
destination 2.2.2.2
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
monitor-link group 1
port ten-gigabitethernet 1/0/1 downlink
port ten-gigabitethernet 1/0/2 downlink
port ten-gigabitethernet 1/0/4 uplink
#
m-lag restore-delay 180
m-lag system-mac 0001-0001-0001
m-lag system-number 1
m-lag system-priority 10
#
m-lag mad exclude interface LoopBack0
m-lag mad exclude interface Ten-GigabitEthernet1/0/5
m-lag mad exclude interface Tunnel1
m-lag mad exclude interface Vlan-interface 11
#
return
· Switch B
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 1.2.3.4 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
vlan 12
#
l2vpn enable
reserved vxlan 1234
evpn m-lag group 1.2.3.4
vxlan tunnel arp-learning disable
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port m-lag group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port m-lag group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpna
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 12
undo mac-address static source-check enable
undo stp enable
#
interface Tunnel1 mode vxlan
port m-lag peer-link 1
source 2.2.2.2
destination 1.1.1.1
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
monitor-link group 1
port ten-gigabitethernet 1/0/1 downlink
port ten-gigabitethernet 1/0/2 downlink
port ten-gigabitethernet 1/0/4 uplink
#
m-lag restore-delay 180
m-lag system-mac 0001-0001-0001
m-lag system-number 2
m-lag system-priority 10
#
m-lag mad exclude interface LoopBack0
m-lag mad exclude interface Ten-GigabitEthernet1/0/5
m-lag mad exclude interface Tunnel1
m-lag mad exclude interface Vlan-interface 12
#
return
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11 to 13
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.3 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 4.4.4.4 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· Switch D
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
return
Switch A、Switch B、Switch D為與服務器連接的分布式EVPN網關,Switch A和Switch B通過M-LAG虛擬為一台VTEP設備,Switch A和Switch B之間通過peer-link鏈路同步MAC地址和ARP信息,以確保兩台VTEP上的MAC地址和ARP信息保持一致。Switch C作為路由反射器在Switch A、Switch B、Switch D之間反射路由。本組網采用直連模式peer-link鏈路。
Switch A和Switch B均通過以太網鏈路與下行的虛擬機VM 1、VM 2、VM 3和VM 4連接,要求在連接每一台虛擬機的鏈路間跨設備建立二層聚合接口,避免單條以太網鏈路故障導致虛擬機無法訪問網絡。
虛擬機VM 1、VM 3和VM 5屬於VXLAN 10,VM 2和VM 4屬於VXLAN 20,通過分布式EVPN網關實現不同VXLAN之間互通。
圖6-1 EVPN和M-LAG三層轉發組網圖(直連模式peer-link鏈路)
· 在交換機上配置路由協議,使得各交換機的接口IP地址(包括Loopback接口IP地址)之間路由可達。本舉例以OSPF路由協議為例。
· 在Switch A、Switch B上開啟EVPN支持M-LAG功能,使兩台設備虛擬為一台VTEP設備。
· 配置Switch C作為路由反射器在Switch A、Switch B、Switch D之間反射路由。
· 在Switch A、Switch B和Switch D上配置分布式EVPN網關,使VTEP之間通過BGP EVPN路由實現自動發現鄰居、自動建立/關聯VXLAN隧道、通告MAC/IP的可達性等,以便將虛擬機之間實現三層互通。
· 在Switch A、Switch B和Switch D的下行端口上配置以太網服務實例和相應的匹配規則,用來識別用戶網絡中的報文所屬的VXLAN。
表6-1 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7634P09及以上版本 |
|
S10500X係列交換機 |
Release 7634P09及以上版本 |
|
S12500-XS係列交換機 |
Release 7634P09及以上版本 |
|
S7600E-X係列交換機 |
Release 7634P09及以上版本 |
|
S7500X-X係列交換機 |
Release 7634P09及以上版本 |
|
S9900X係列交換機 |
Release 7634P51及以上版本 |
|
S10500係列交換機 |
Release 7634P09及以上版本 |
|
S7600-X係列交換機 |
Release 7634P09及以上版本 |
|
S12500-S係列交換機 |
Release 7634P09及以上版本 |
|
S7500E-X係列交換機 |
Release 7634P09及以上版本 |
|
S7500E係列交換機 |
Release 7634P09及以上版本 |
|
S7500X係列交換機 |
Release 7634P09及以上版本 |
|
S7600係列交換機 |
Release 7634P09及以上版本 |
|
S7000ET係列交換機 |
不支持 |
# 在Switch A上配置各接口的IP地址。
<SwitchA> system-view
[SwitchA] interface loopback 0
[SwitchA-Loopback0] ip address 1.1.1.1 32
[SwitchA-Loopback0] quit
[SwitchA] interface loopback 1
[SwitchA-Loopback1] ip address 1.2.3.4 32
[SwitchA-Loopback1] quit
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/5
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
[SwitchA] interface ten-gigabitethernet 1/0/4
[SwitchA-Ten-GigabitEthernet1/0/4] port link-mode route
[SwitchA-Ten-GigabitEthernet1/0/4] ip address 60.1.1.1 24
[SwitchA-Ten-GigabitEthernet1/0/4] quit
# 請參考以上方法配置其它交換機上的接口IP地址,配置步驟此處省略。
# 在VM 1、VM 3和VM 5上指定網關地址為10.1.1.1;在VM 2和VM 4上指定網關地址為10.1.2.1。(具體配置過程略)
# 配置OSPF發布接口所在網段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchB> system-view
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchC> system-view
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
<SwitchD> system-view
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 開啟L2VPN能力。
[SwitchA] l2vpn enable
# 配置VXLAN的硬件資源模式。
[SwitchA] hardware-resource vxlan l3gw
僅S12500G-AF係列交換機支持本配置,S10500X係列交換機和S7500E係列交換機通過switch-mode命令mix-bridging-routing參數配置VXLAN的硬件資源模式,不支持本配置。
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置EVPN的全局MAC地址為0002-0003-0004。
[SwitchA] evpn global-mac 2-3-4
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 創建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 開啟L2VPN能力。
[SwitchB] l2vpn enable
# 配置VXLAN的硬件資源模式。
[SwitchB] hardware-resource vxlan l3gw
僅S12500G-AF係列交換機支持本配置,S10500X係列交換機和S7500E係列交換機通過switch-mode命令mix-bridging-routing參數配置VXLAN的硬件資源模式,不支持本配置。
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置EVPN的全局MAC地址為0002-0003-0004。
[SwitchB] evpn global-mac 2-3-4
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
# 並配置自動生成EVPN實例的RD和RT。
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 創建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 開啟L2VPN能力。
[SwitchD] l2vpn enable
# 配置VXLAN的硬件資源模式。
[SwitchD] hardware-resource vxlan l3gw
僅S12500G-AF係列交換機支持本配置,S10500X係列交換機和S7500E係列交換機通過switch-mode命令mix-bridging-routing參數配置VXLAN的硬件資源模式,不支持本配置。
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI實例vpna下創建EVPN實例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 配置L3VPN的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
# 配置L3VPN的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 配置L3VPN的RD和RT。
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 1:1
[SwitchD-vpn-instance-vpna] address-family ipv4
[SwitchD-vpn-ipv4-vpna] vpn-target 2:2
[SwitchD-vpn-ipv4-vpna] quit
[SwitchD-vpn-instance-vpna] address-family evpn
[SwitchD-vpn-evpn-vpna] vpn-target 1:1
[SwitchD-vpn-evpn-vpna] quit
[SwitchD-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpna
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] local-proxy-arp enable
[SwitchD-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpna
[SwitchD-Vsi-interface3] l3-vni 1000
[SwitchD-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# 開啟EVPN支持M-LAG功能,並配置虛擬VTEP地址為1.2.3.4。
[SwitchA] evpn m-lag group 1.2.3.4
# 配置M-LAG係統。
[SwitchA] m-lag system-mac 0001-0002-0003
[SwitchA] m-lag system-number 1
[SwitchA] m-lag system-priority 10
[SwitchA] m-lag restore-delay 180
[SwitchA] m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1
# 創建二層聚合接口3,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation3] quit
# 將端口Ten-GigabitEthernet1/0/3加入到聚合組3中。
[SwitchA] interface ten-gigabitethernet 1/0/3
[SwitchA-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchA-Ten-GigabitEthernet1/0/3] quit
# 將二層聚合接口3配置為peer-link接口。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] port m-lag peer-link 1
[SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchA-Bridge-Aggregation3] quit
# 配置M-LAG設備Switch A與Switch B之間路由可達。
[SwitchA] vlan 100
[SwitchA-vlan100] quit
[SwitchA] interface Vlan-interface 100
[SwitchA-Vlan-interface100] ip address 100.1.1.1 255.255.255.0
[SwitchA-Vlan-interface100] ospf 1 area 0.0.0.0
[SwitchA-Vlan-interface100] quit
# 在端口Ten-GigabitEthernet1/0/5上關閉報文入接口與靜態MAC地址表項匹配檢查功能和生成樹協議。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 創建二層聚合接口4,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 將端口Ten-GigabitEthernet1/0/1加入到聚合組4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 將二層聚合接口4加入M-LAG組4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port m-lag group 4
[SwitchA-Bridge-Aggregation4] quit
# 創建二層聚合接口5,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 將端口Ten-GigabitEthernet1/0/2加入到聚合組5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 將二層聚合接口5加入M-LAG組5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port m-lag group 5
[SwitchA-Bridge-Aggregation5] quit
# 將所有參與EVPN業務的接口配置為保留接口。
[SwitchA] m-lag mad exclude interface loopback 0
[SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/4
[SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] m-lag mad exclude interface vlan-interface 11
[SwitchA] m-lag mad exclude interface vsi-interface 1
[SwitchA] m-lag mad exclude interface vsi-interface 2
# 開啟EVPN支持M-LAG功能,並配置虛擬VTEP地址為1.2.3.4。
[SwitchB] evpn m-lag group 1.2.3.4
# 配置M-LAG係統。
[SwitchB] m-lag system-mac 0001-0002-0003
[SwitchB] m-lag system-number 2
[SwitchB] m-lag system-priority 10
[SwitchB] m-lag restore-delay 180
[SwitchA] m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2
# 創建二層聚合接口3,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation3] quit
# 將端口Ten-GigabitEthernet1/0/3加入到聚合組3中。
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# 將二層聚合接口3配置為peer-link接口。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] port m-lag peer-link 1
[SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchB-Bridge-Aggregation3] quit
# 配置M-LAG設備Switch A與Switch B之間路由可達。
[SwitchB] vlan 100
[SwitchB-vlan100] quit
[SwitchB] interface Vlan-interface 100
[SwitchB-Vlan-interface100] ip address 100.1.1.2 255.255.255.0
[SwitchB-Vlan-interface100] ospf 1 area 0.0.0.0
[SwitchB-Vlan-interface100] quit
# 在端口Ten-GigabitEthernet1/0/5上關閉報文入接口與靜態MAC地址表項匹配檢查功能和生成樹協議。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 創建二層聚合接口4,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 將端口Ten-GigabitEthernet1/0/1加入到聚合組4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 將二層聚合接口4加入M-LAG組4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port m-lag group 4
[SwitchB-Bridge-Aggregation4] quit
# 創建二層聚合接口5,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 將端口Ten-GigabitEthernet1/0/2加入到聚合組5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 將二層聚合接口5加入M-LAG組5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port m-lag group 5
[SwitchB-Bridge-Aggregation5] quit
# 將所有參與EVPN業務的接口配置為保留接口。
[SwitchB] m-lag mad exclude interface loopback 0
[SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/4
[SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/5
[SwitchB] m-lag mad exclude interface vsi-interface 1
[SwitchB] m-lag mad exclude interface vsi-interface 2
[SwitchB] m-lag mad exclude interface vlan-interface 12
# 配置BGP發布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP發布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP發布EVPN路由,並作為路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置BGP發布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服務器的接口Bridge-Aggregation4上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# 接入服務器的接口Bridge-Aggregation5上創建以太網服務實例1000,該實例用來匹配VLAN 3的數據幀。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太網服務實例1000與VSI實例vpnb關聯。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpnb
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 接入服務器的接口Bridge-Aggregation4上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpnb關聯。
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# 接入服務器的接口Bridge-Aggregation5上創建以太網服務實例1000,該實例用來匹配VLAN 3的數據幀。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpnb
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 接入服務器的接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] quit
# 查看Switch A上的EVPN路由信息。
[Switch A]display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 2
Route distinguisher: 1:1(vpna)
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [5][0][24][10.1.1.0]/80
1.2.3.4 0 100 32768 i
* > [5][0][24][10.1.2.0]/80
1.2.3.4 0 100 32768 i
Route distinguisher: 1:10
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
Route distinguisher: 1:20
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態,並且隧道源地址是虛擬VTEP地址。
[SwitchA] display interface Tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到設備自動在peer-link鏈路上創建了AC,並將其與VSI關聯。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy : Slave
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG3 srv2 1 Up Dynamic (MLAG)
VSI Name: vpnb
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy : Slave
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG5 srv1000 0 Up Manual
BAGG3 srv3 1 Up Dynamic (MLAG)
虛擬機之間可以互訪。虛擬機VM 1與Switch A或Switch B相連的鏈路斷開後,VM 5仍然可以通過另一台設備訪問VM 1。
· Switch A
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 1.2.3.4 0.0.0.0
network 11.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw
#
vlan 11
#
l2vpn enable
vxlan tunnel arp-learning disable
evpn m-lag group 1.2.3.4
evpn global-mac 0002-0003-0004
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation3
link-aggregation mode dynamic
port m-lag peer-link 1
undo mac-address static source-check enable
undo stp enable
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port m-lag group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port m-lag group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/4
port link-mode route
ip address 60.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 11
undo mac-address static source-check enable
undo stp enable
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1
m-lag restore-delay 180
m-lag system-mac 0001-0002-0003
m-lag system-number 1
m-lag system-priority 10
#
m-lag mad exclude interface LoopBack0
m-lag mad exclude interface Ten-GigabitEthernet1/0/4
m-lag mad exclude interface Ten-GigabitEthernet1/0/5
m-lag mad exclude interface Vlan-interface 11
m-lag mad exclude interface Vsi-interface1
m-lag mad exclude interface Vsi-interface2
#
return
· Switch B
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 1.2.3.4 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw
#
vlan 12
#
l2vpn enable
vxlan tunnel arp-learning disable
evpn m-lag group 1.2.3.4
evpn global-mac 0002-0003-0004
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation3
link-aggregation mode dynamic
port m-lag peer-link 1
undo mac-address static source-check enable
undo stp enable
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port m-lag group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port m-lag group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/4
port link-mode route
ip address 60.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 12
undo mac-address static source-check enable
undo stp enable
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2
m-lag restore-delay 180
m-lag system-mac 0001-0002-0003
m-lag system-number 2
m-lag system-priority 10
#
m-lag mad exclude interface LoopBack0
m-lag mad exclude interface Ten-GigabitEthernet1/0/4
m-lag mad exclude interface Ten-GigabitEthernet1/0/5
m-lag mad exclude interface Vlan-interface 12
m-lag mad exclude interface Vsi-interface1
m-lag mad exclude interface Vsi-interface2
#
return
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11 to 13
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.3 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 4.4.4.4 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· Switch D
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
return
Switch A、Switch B、Switch D為與服務器連接的分布式EVPN網關,Switch A和Switch B通過M-LAG通過M-LAG功能虛擬為一台VTEP設備,Switch A和Switch B之間采用隧道模式peer-link鏈路;在Switch A和Switch B上配置Monitor Link組。把所有上行口配置為Up-Link,所有下行DR成員口配置為Down-Link,通過Monitor Link實現上下行接口聯動,以便及時發現上行接口故障,並在DR成員設備之間進行主從切換。Switch C作為路由反射器在Switch A、Switch B、Switch D之間反射路由。
Switch A和Switch B均通過以太網鏈路與下行的虛擬機VM 1、VM 2、VM 3和VM 4連接,要求在連接每一台虛擬機的鏈路間跨設備建立二層聚合接口,避免單條以太網鏈路故障導致虛擬機無法訪問網絡。
虛擬機VM 1、VM 3和VM 5屬於VXLAN 10,VM 2和VM 4屬於VXLAN 20,通過分布式EVPN網關實現不同VXLAN之間互通。
圖7-1 EVPN和M-LAG三層轉發組網圖(隧道模式peer-link鏈路)
· 在交換機上配置路由協議,使得各交換機的接口IP地址(包括Loopback接口IP地址)之間路由可達。本舉例以OSPF路由協議為例。
· 指定各虛擬機的網關地址。
· 在Switch A、Switch B上開啟EVPN支持M-LAG功能,使兩台設備虛擬為一台VTEP設備。
· Switch A、Switch B之間通過手工方式創建隧道模式peer-link鏈路,在Switch A和Switch B之間同步MAC地址和ARP信息。
· 配置Switch C作為路由反射器在Switch A、Switch B、Switch D之間反射路由
· 在Switch A、Switch B和Switch D上配置分布式EVPN網關,使VTEP之間通過BGP EVPN路由實現自動發現鄰居、自動建立/關聯VXLAN隧道、通告MAC/IP的可達性等,以便將虛擬機之間實現三層互通。
· 在Switch A、Switch B和Switch D的下行端口上配置以太網服務實例和相應的匹配規則,用來識別用戶網絡中的報文所屬的VXLAN。
表7-1 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7634P09及以上版本 |
|
S10500X係列交換機 |
Release 7634P09及以上版本 |
|
S12500-XS係列交換機 |
Release 7634P09及以上版本 |
|
S7600E-X係列交換機 |
Release 7634P09及以上版本 |
|
S7500X-X係列交換機 |
Release 7634P09及以上版本 |
|
S9900X係列交換機 |
Release 7634P51及以上版本 |
|
S10500係列交換機 |
Release 7634P09及以上版本 |
|
S7600-X係列交換機 |
Release 7634P09及以上版本 |
|
S12500-S係列交換機 |
Release 7634P09及以上版本 |
|
S7500E-X係列交換機 |
Release 7634P09及以上版本 |
|
S7500E係列交換機 |
Release 7634P09及以上版本 |
|
S7500X係列交換機 |
Release 7634P09及以上版本 |
|
S7600係列交換機 |
Release 7634P09及以上版本 |
|
S7000ET係列交換機 |
不支持 |
# 在Switch A上配置各接口的IP地址。
[SwitchA] interface loopback 0
[SwitchA-Loopback0] ip address 1.1.1.1 32
[SwitchA-Loopback0] quit
[SwitchA] interface loopback 1
[SwitchA-Loopback1] ip address 1.2.3.4 32
[SwitchA-Loopback1] quit
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/5
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
# 請參考以上方法配置其它交換機上的接口IP地址,配置步驟此處省略。
# 在VM 1、VM 3和VM 5上指定網關地址為10.1.1.1;在VM 2和VM 4上指定網關地址為10.1.2.1。(具體配置過程略)
# 配置OSPF發布接口所在網段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF發布接口所在網段的路由。
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 開啟L2VPN能力。
[SwitchA] l2vpn enable
# 配置VXLAN的硬件資源模式。
[SwitchA] hardware-resource vxlan l3gw
僅S12500G-AF係列交換機支持本配置,S10500X係列交換機和S7500E係列交換機通過switch-mode命令mix-bridging-routing參數配置VXLAN的硬件資源模式,不支持本配置。
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置預留VXLAN ID為1234。
[SwitchA] reserved vxlan 1234
# 配置EVPN的全局MAC地址為0002-0003-0004。
[SwitchA] evpn global-mac 2-3-4
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 創建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 開啟L2VPN能力。
[SwitchB] l2vpn enable
# 配置VXLAN的硬件資源模式。
[SwitchB] hardware-resource vxlan l3gw
僅S12500G-AF係列交換機支持本配置,S10500X係列交換機和S7500E係列交換機通過switch-mode命令mix-bridging-routing參數配置VXLAN的硬件資源模式,不支持本配置。
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置預留VXLAN ID為1234。
[SwitchB] reserved vxlan 1234
# 配置EVPN的全局MAC地址為0002-0003-0004。
[SwitchB] evpn global-mac 2-3-4
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 創建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 開啟L2VPN能力。
[SwitchD] l2vpn enable
# 配置VXLAN的硬件資源模式。
[SwitchD] hardware-resource vxlan l3gw
僅S12500G-AF係列交換機支持本配置,S10500X係列交換機和S7500E係列交換機通過switch-mode命令mix-bridging-routing參數配置VXLAN的硬件資源模式,不支持本配置。
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI實例vpna下創建EVPN實例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
# 配置自動生成EVPN實例的RD和RT。
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 創建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 配置L3VPN的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
# 配置L3VPN的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 配置L3VPN的RD和RT。
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 1:1
[SwitchD-vpn-instance-vpna] address-family ipv4
[SwitchD-vpn-ipv4-vpna] vpn-target 2:2
[SwitchD-vpn-ipv4-vpna] quit
[SwitchD-vpn-instance-vpna] address-family evpn
[SwitchD-vpn-evpn-vpna] vpn-target 1:1
[SwitchD-vpn-evpn-vpna] quit
[SwitchD-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpna
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] local-proxy-arp enable
[SwitchD-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpna
[SwitchD-Vsi-interface3] l3-vni 1000
[SwitchD-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# 開啟EVPN支持M-LAG功能,並配置虛擬VTEP地址為1.2.3.4。
[SwitchA] evpn m-lag group 1.2.3.4
# 配置M-LAG係統。
[SwitchA] m-lag system-mac 0001-0002-0003
[SwitchA] m-lag system-number 1
[SwitchA] m-lag system-priority 10
[SwitchA] m-lag restore-delay 180
# 在Switch A和Switch B之間手工創建VXLAN隧道Tunnel1。
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] quit
# 將VXLAN隧道接口配置M-LAG保留接口。
[SwitchA] m-lag mad exclude interface tunnel 1
# 配置VXLAN隧道接口為peer-link接口。
[SwitchA] interface tunnel 1
[SwitchA-Tunnel1] port m-lag peer-link 1
[SwitchA-Tunnel1] quit
# 在端口Ten-GigabitEthernet1/0/5上關閉報文入接口與靜態MAC地址表項匹配檢查功能和生成樹協議。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchA-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 創建二層聚合接口4,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 將端口Ten-GigabitEthernet1/0/1加入到聚合組4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 將二層聚合接口4加入M-LAG組4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port m-lag group 4
[SwitchA-Bridge-Aggregation4] quit
# 創建二層聚合接口5,並配置該接口為動態聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 將端口Ten-GigabitEthernet1/0/2加入到聚合組5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 將二層聚合接口5加入M-LAG組5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port m-lag group 5
[SwitchA-Bridge-Aggregation5] quit
# 創建Monitor Link組1,添加上行和下行接口,以便在上下行接口之間形成聯動。
[SwitchA] monitor-link group 1
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink
[SwitchA-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink
[SwitchA-mtlk-group1] quit
# 將所有參與EVPN業務的接口配置為保留接口。
[SwitchA] m-lag mad exclude interface loopback0
[SwitchA] m-lag mad exclude interface ten-gigabitethernet1/0/5
[SwitchA] m-lag mad exclude interface vsi-interface 1
[SwitchA] m-lag mad exclude interface vsi-interface 2
[SwitchA] m-lag mad exclude interface vlan-interface 11
# 開啟EVPN支持M-LAG功能,並配置虛擬VTEP地址為1.2.3.4。
[SwitchB] evpn m-lag group 1.2.3.4
# 配置M-LAG係統。
[SwitchB] m-lag system-mac 0001-0002-0003
[SwitchB] m-lag system-number 2
[SwitchB] m-lag system-priority 10
[SwitchB] m-lag restore-delay 180
# 在Switch A和Switch B之間手工創建VXLAN隧道Tunnel1。
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1
[SwitchB-Tunnel1] quit
# 將VXLAN隧道接口配置M-LAG保留接口。
[SwitchB] m-lag mad exclude interface tunnel 1
# 配置VXLAN隧道接口為peer-link接口。
[SwitchB] interface tunnel 1
[SwitchB-Tunnel1] port m-lag peer-link 1
[SwitchB-Tunnel1] quit
# 在端口Ten-GigabitEthernet1/0/5上關閉報文入接口與靜態MAC地址表項匹配檢查功能和生成樹協議。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchB-Ten-GigabitEthernet1/0/5] undo stp enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 創建二層聚合接口4,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 將端口Ten-GigabitEthernet1/0/1加入到聚合組4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 將二層聚合接口4加入M-LAG組4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port m-lag group 4
[SwitchB-Bridge-Aggregation4] quit
# 創建二層聚合接口5,並配置該接口為動態聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 將端口Ten-GigabitEthernet1/0/2加入到聚合組5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 將二層聚合接口5加入M-LAG組5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port m-lag group 5
[SwitchB-Bridge-Aggregation5] quit
# 創建Monitor Link組1,添加上行和下行接口,以便在上下行接口之間形成聯動。
[SwitchB] monitor-link group 1
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/1 downlink
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/2 downlink
[SwitchB-mtlk-group1] port ten-gigabitethernet 1/0/4 uplink
[SwitchB-mtlk-group1] quit
# 將所有參與EVPN業務的接口配置為保留接口。
[SwitchB] m-lag mad exclude interface loopback0
[SwitchB] m-lag mad exclude interface ten-gigabitethernet1/0/5
[SwitchB] m-lag mad exclude interface vsi-interface 1
[SwitchB] m-lag mad exclude interface vsi-interface 2
[SwitchB] m-lag mad exclude interface vlan-interface 12
# 配置BGP發布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP發布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP發布EVPN路由,並作為路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置BGP發布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服務器的接口Bridge-Aggregation4上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# 接入服務器的接口Bridge-Aggregation5上創建以太網服務實例1000,該實例用來匹配VLAN 3的數據幀。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太網服務實例1000與VSI實例vpnb關聯。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpnb
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 接入服務器的接口Bridge-Aggregation4上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# 接入服務器的接口Bridge-Aggregation5上創建以太網服務實例1000,該實例用來匹配VLAN 3的數據幀。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太網服務實例1000與VSI實例vpnb關聯。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpnb
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 接入服務器的接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] quit
# 查看Switch A上的EVPN路由信息。
[Switch A]display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 3
Route distinguisher: 1:1(vpna)
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [5][0][24][10.1.1.0]/80
1.1.1.1 0 100 32768 i
* > [5][0][24][10.1.2.0]/80
1.1.1.1 0 100 32768 i
Route distinguisher: 1:10
Total number of routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.1.1.1]/80
1.1.1.1 0 100 32768 i
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][2.2.2.2]/80
2.2.2.2 0 100 0 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
Route distinguisher: 1:20
Total number of routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.1.1.1]/80
1.1.1.1 0 100 32768 i
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][2.2.2.2]/80
2.2.2.2 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態,Tunnel0的隧道源地址是虛擬VTEP地址,Tunnel1為作為peer-link鏈路。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 149 bytes/sec, 1192 bits/sec, 1 packets/sec
Last 300 seconds output rate: 379 bytes/sec, 3032 bits/sec, 3 packets/sec
Input: 398 packets, 46446 bytes, 0 drops
Output: 3597 packets, 363591 bytes, 0 drops
# 查看Switch A上的VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
VSI Name: vpnb
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain: -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG5 srv1000 0 Up Manual
虛擬機之間可以互訪。虛擬機VM 1與Switch A或Switch B相連的鏈路斷開後,VM 5仍然可以通過另一台設備訪問VM 1。
· Switch A
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 1.2.3.4 0.0.0.0
network 11.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw
#
vlan 11
#
l2vpn enable
reserved vxlan 1234
vxlan tunnel arp-learning disable
evpn m-lag group 1.2.3.4
evpn global-mac 0002-0003-0004
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port m-lag group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port m-lag group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 11
undo mac-address static source-check enable
undo stp enable
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
interface Tunnel1 mode vxlan
port m-lag peer-link 1
source 1.1.1.1
destination 2.2.2.2
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
monitor-link group 1
port ten-gigabitethernet 1/0/1 downlink
port ten-gigabitethernet 1/0/2 downlink
port ten-gigabitethernet 1/0/4 uplink
#
m-lag restore-delay 180
m-lag system-mac 0001-0001-0001
m-lag system-number 1
m-lag system-priority 10
#
m-lag mad exclude interface LoopBack0
m-lag mad exclude interface Ten-GigabitEthernet1/0/5
m-lag mad exclude interface Tunnel1
m-lag mad exclude interface Vlan-interface 11
m-lag mad exclude interface Vsi-interface1
m-lag mad exclude interface Vsi-interface2
#
return
· Switch B
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 1.2.3.4 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw
#
vlan 12
#
l2vpn enable
reserved vxlan 1234
vxlan tunnel arp-learning disable
evpn m-lag group 1.2.3.4
evpn global-mac 0002-0003-0004
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port m-lag group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port m-lag group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 12
undo mac-address static source-check enable
undo stp enable
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
interface Tunnel1 mode vxlan
port m-lag peer-link 1
source 2.2.2.2
destination 1.1.1.1
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
monitor-link group 1
port ten-gigabitethernet 1/0/1 downlink
port ten-gigabitethernet 1/0/2 downlink
port ten-gigabitethernet 1/0/4 uplink
#
m-lag restore-delay 180
m-lag system-mac 0001-0002-0003
m-lag system-number 2
m-lag system-priority 10
#
m-lag mad exclude interface LoopBack0
m-lag mad exclude interface Ten-GigabitEthernet1/0/5
m-lag mad exclude interface Tunnel1
m-lag mad exclude interface Vlan-interface 12
m-lag mad exclude interface Vsi-interface1
m-lag mad exclude interface Vsi-interface2
#
return
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11 to 13
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.3 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 4.4.4.4 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· Switch D
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
return
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
