- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
03-EVPN組播典型配置舉例
本章節下載: 03-EVPN組播典型配置舉例 (475.71 KB)
本文檔介紹EVPN組播特性的配置舉例。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解EVPN組播特性。
如圖1所示,EVPN分布式網關組網中,Leaf 1和Leaf 2為EVPN分布式網關;RR為路由反射器,在Leaf 1和Leaf 2之間反射路由。Leaf 1連接組播接收者,Leaf 2連接組播源。組播源和組播接收者均屬於VXLAN 10。組播流量需要跨越EVPN網絡從組播源發送給屬於同一VXLAN網絡的組播接收者,即需要在EVPN網絡中實現二層組播流量轉發。
具體需求為:
· 對於Overlay網絡,Leaf 1和Leaf 2均在AS 65000中與RR建立BGP EVPN鄰居,由RR在Leaf 1和Leaf 2之間反射BGP EVPN路由。
· 對於Underlay網絡,Leaf 1、RR和Leaf 2運行OSPF,實現路由互通。
圖1 EVPN二層組播配置組網圖
為了實現組播流量跨越EVPN網絡進行二層轉發,需要在Leaf設備上開啟IGMP Snooping功能,偵聽組播接收者發送的IGMP成員關係報告報文,並通過EVPN SMET路由(Selective Multicast Ethernet Tag Route,選擇性組播以太網標簽路由)在Leaf間通告組播加入請求,以便在Leaf上建立二層組播轉發表項。
表1 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7639P01及以上版本 |
|
S10500X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-XS係列交換機 |
Release 7639P01及以上版本 |
|
S7600E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500X-X係列交換機 |
Release 7639P01及以上版本 |
|
S10500係列交換機 |
Release 7639P01及以上版本 |
|
S7600-X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-S係列交換機 |
Release 7639P01及以上版本 |
|
S7500E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500E係列交換機 |
Release 7639P01及以上版本 |
|
S7500X係列交換機 |
Release 7639P01及以上版本 |
|
S7600係列交換機 |
Release 7639P01及以上版本 |
|
S7000ET係列交換機 |
不支持 |
在VSI內使能了IGMP Snooping之後,IGMP Snooping隻在屬於該VSI的端口上生效。
在EVPN VXLAN組網中,由於VSI內IGMP Snooping查詢器發送查詢報文不攜帶VLAN Tag,所以不建議在攜帶VLAN Tag的Ethernet接入模式下配置IGMP Snooping查詢器。
分布式EVPN網關上VSI虛接口存在如下配置要求:
· VSI虛接口的MAC地址不能配置為設備的保留MAC。
· 同一分布式網關上承載L3VNI的VSI虛接口的MAC地址必須配置一致。在分布式EVPN網關設備上,如果通過mac-address命令修改了某一關聯L3VNI的VSI虛接口的MAC地址,則必須通過該命令將所有與L3VNI關聯的VSI虛接口的MAC地址修改為相同的值,否則可能會導致報文轉發失敗。
· 當網關連接IPv6站點網絡時,需要為同一分布式網關上承載L3VNI的VSI虛接口配置相同的IPv6鏈路本地地址。采用自動方式生成鏈路本地地址時,由於MAC地址相同,則生成的鏈路本地地址相同;若采用手工方式配置,則必須保證配置的鏈路本地地址相同。
· 不同分布式網關上作為同一個VXLAN網絡網關接口的VSI虛接口需要配置相同的IP/IPv6地址和MAC地址。
分布式EVPN網關上配置的L3VNI不能與mapping vni命令配置的映射遠端VXLAN ID相同。
在分布式EVPN網關設備上,如果開啟了ARP/ND泛洪抑製功能,並在VSI虛接口上開啟了本地代理ARP/ND功能,則隻有本地代理ARP/ND功能生效。建議不要在分布式EVPN網關設備上同時開啟這兩個功能。
# 配置Loopback接口和GigabitEthernet1/0/3接口的IP地址。
<Sysname> system-view
[Sysname] sysname Leaf1
[Leaf1] interface loopback 0
[Leaf1-LoopBack0] ip address 172.16.0.1 255.255.255.255
[Leaf1-LoopBack0] quit
[Leaf1] interface gigabitethernet 1/0/3
[Leaf1-GigabitEthernet1/0/3] port link-mode route
[Leaf1-GigabitEthernet1/0/3] ip address 12.1.1.1 24
[Leaf1-GigabitEthernet1/0/3] quit
# 配置OSPF,使得Underlay網絡路由可達。
[Leaf1] router id 172.16.0.1
[Leaf1] ospf
[Leaf1-ospf-1] area 0
[Leaf1-ospf-1-area-0.0.0.0] network 172.16.0.1 0.0.0.0
[Leaf1-ospf-1-area-0.0.0.0] network 12.1.1.1 0.0.0.255
[Leaf1-ospf-1-area-0.0.0.0] quit
[Leaf1-ospf-1] quit
# 創建VPN實例vpn1,並配置VPN實例的RD和RT。
[Leaf1] ip vpn-instance vpn1
[Leaf1-vpn-instance-vpn1] route-distinguisher 1:1
[Leaf1-vpn-instance-vpn1] address-family ipv4
[Leaf1-vpn-ipv4-vpn1] vpn-target 2:2 import-extcommunity
[Leaf1-vpn-ipv4-vpn1] vpn-target 2:2 export-extcommunity
[Leaf1-vpn-ipv4-vpn1] quit
[Leaf1-vpn-instance-vpn1] address-family evpn
[Leaf1-vpn-evpn-vpn1] vpn-target 1:1 import-extcommunity
[Leaf1-vpn-evpn-vpn1] vpn-target 1:1 export-extcommunity
[Leaf1-vpn-evpn-vpn1] quit
[Leaf1-vpn-instance-vpn1] quit
# 配置VSI網關接口。
[Leaf1] interface vsi-interface 1
[Leaf1-Vsi-interface1] ip binding vpn-instance vpn1
[Leaf1-Vsi-interface1] ip address 10.255.255.254 255.0.0.0
[Leaf1-Vsi-interface1] mac-address 0000-0001-0001
[Leaf1-Vsi-interface1] distributed-gateway local
[Leaf1-Vsi-interface1] quit
# 開啟L2VPN服務。
[Leaf1] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[Leaf1] vxlan tunnel mac-learning disable
[Leaf1] vxlan tunnel arp-learning disable
# 配置VSI與VXLAN 10關聯,並指定VSI網關接口為VSI虛接口1。
[Leaf1] vsi vsi1
[Leaf1-vsi-vsi1] gateway vsi-interface 1
[Leaf1-vsi-vsi1] statistics enable
[Leaf1-vsi-vsi1] arp suppression enable
[Leaf1-vsi-vsi1] vxlan 10
[Leaf1-vsi-vsi1-vxlan-10] quit
# 配置VXLAN封裝方式EVPN實例的RD和RT。
[Leaf1-vsi-vsi1] evpn encapsulation vxlan
[Leaf1-vsi-vsi1-evpn-vxlan] route-distinguisher auto
[Leaf1-vsi-vsi1-evpn-vxlan] vpn-target auto export-extcommunity
[Leaf1-vsi-vsi1-evpn-vxlan] vpn-target auto import-extcommunity
[Leaf1-vsi-vsi1-evpn-vxlan] quit
[Leaf1-vsi-vsi1] quit
# 配置關聯L3VNI的VSI虛接口。
[Leaf1] interface vsi-interface 2
[Leaf1-Vsi-interface2] ip binding vpn-instance vpn1
[Leaf1-Vsi-interface2] l3-vni 10000
[Leaf1-Vsi-interface2] quit
# 配置Leaf 1與RR建立BGP EVPN鄰居。
[Leaf1] bgp 65000
[Leaf1-bgp-default] peer 172.16.10.1 as-number 65000
[Leaf1-bgp-default] peer 172.16.10.1 connect-interface loopback 0
[Leaf1-bgp-default] peer 172.16.10.1 password simple overlay
[Leaf1-bgp-default] address-family l2vpn evpn
[Leaf1-bgp-default-evpn] peer 172.16.10.1 enable
[Leaf1-bgp-default-evpn] quit
[Leaf1-bgp-default] quit
# 在接口GigabitEthernet1/0/1上創建以太網服務實例,並配置以太網服務實例與VSI實例vsi1關聯。
[Leaf1] interface gigabitethernet 1/0/1
[Leaf1-GigabitEthernet1/0/1] port link-mode bridge
[Leaf1-GigabitEthernet1/0/1] port link-type trunk
[Leaf1-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[Leaf1-GigabitEthernet1/0/1] port trunk permit vlan 1000
[Leaf1-GigabitEthernet1/0/1] service-instance 1
[Leaf1-GigabitEthernet1/0/1-srv1] encapsulation s-vid 1000
[Leaf1-GigabitEthernet1/0/1-srv1] statistics enable
[Leaf1-GigabitEthernet1/0/1-srv1] xconnect vsi vsi1
[Leaf1-GigabitEthernet1/0/1-srv1] quit
[Leaf1-GigabitEthernet1/0/1] quit
# 在接口GigabitEthernet1/0/2上創建以太網服務實例,並配置以太網服務實例與VSI實例vsi1關聯。
[Leaf1] interface gigabitethernet 1/0/2
[Leaf1-GigabitEthernet1/0/2] port link-mode bridge
[Leaf1-GigabitEthernet1/0/2] port link-type trunk
[Leaf1-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[Leaf1-GigabitEthernet1/0/2] port trunk permit vlan 1001
[Leaf1-GigabitEthernet1/0/2] service-instance 1
[Leaf1-GigabitEthernet1/0/2-srv1] encapsulation s-vid 1001
[Leaf1-GigabitEthernet1/0/2-srv1] statistics enable
[Leaf1-GigabitEthernet1/0/2-srv1] xconnect vsi vsi1
[Leaf1-GigabitEthernet1/0/2-srv1] quit
[Leaf1-GigabitEthernet1/0/2] quit
# 全局開啟IGMP Snooping。
[Leaf1] igmp-snooping
[Leaf1-igmp-snooping] global-enable
[Leaf1-igmp-snooping] quit
# 開啟VSI實例的IGMP Snooping,並配置IGMP Snooping功能。
[Leaf1] vsi vsi1
[Leaf1-vsi-vsi1] igmp-snooping enable
[Leaf1-vsi-vsi1] igmp-snooping drop-unknown
[Leaf1-vsi-vsi1] igmp-snooping proxy enable
# 配置Leaf設備作為IGMP查詢器。(也可以配置網絡中的其他設備作為IGMP查詢器)
[Leaf1-vsi-vsi1] igmp-snooping querier
[Leaf1-vsi-vsi1] quit
# 配置Loopback接口和GigabitEthernet1/0/3接口的IP地址。
<Sysname> system-view
[Sysname] sysname Leaf2
[Leaf2] interface loopback 0
[Leaf2-LoopBack0] ip address 172.16.0.2 255.255.255.255
[Leaf2-LoopBack0] quit
[Leaf2] interface gigabitethernet 1/0/3
[Leaf2-GigabitEthernet1/0/3] port link-mode route
[Leaf2-GigabitEthernet1/0/3] ip address 13.1.1.2 24
[Leaf2-GigabitEthernet1/0/3] quit
# 配置OSPF,使得Underlay網絡路由可達。
[Leaf2] router id 172.16.0.2
[Leaf2] ospf
[Leaf2-ospf-1] area 0
[Leaf2-ospf-1-area-0.0.0.0] network 172.16.0.2 0.0.0.0
[Leaf2-ospf-1-area-0.0.0.0] network 13.1.1.2 0.0.0.255
[Leaf2-ospf-1-area-0.0.0.0] quit
[Leaf2-ospf-1] quit
# 創建VPN實例vpn1,並配置VPN實例的RD和RT。
[Leaf2] ip vpn-instance vpn1
[Leaf2-vpn-instance-vpn1] route-distinguisher 1:1
[Leaf2-vpn-instance-vpn1] address-family ipv4
[Leaf2-vpn-ipv4-vpn1] vpn-target 2:2 import-extcommunity
[Leaf2-vpn-ipv4-vpn1] vpn-target 2:2 export-extcommunity
[Leaf2-vpn-ipv4-vpn1] quit
[Leaf2-vpn-instance-vpn1] address-family evpn
[Leaf2-vpn-evpn-vpn1] vpn-target 1:1 import-extcommunity
[Leaf2-vpn-evpn-vpn1] vpn-target 1:1 export-extcommunity
[Leaf2-vpn-evpn-vpn1] quit
[Leaf2-vpn-instance-vpn1] quit
# 配置VSI網關接口。
[Leaf2] interface vsi-interface 1
[Leaf2-Vsi-interface1] ip binding vpn-instance vpn1
[Leaf2-Vsi-interface1] ip address 10.255.255.254 255.0.0.0
[Leaf2-Vsi-interface1] mac-address 0000-0001-0001
[Leaf2-Vsi-interface1] distributed-gateway local
[Leaf2-Vsi-interface1] quit
# 開啟L2VPN服務。
[Leaf2] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[Leaf2] vxlan tunnel mac-learning disable
[Leaf2] vxlan tunnel arp-learning disable
# 配置VSI與VXLAN 10關聯,並指定VSI網關接口為VSI虛接口1。
[Leaf2] vsi vsi1
[Leaf2-vsi-vsi1] gateway vsi-interface 1
[Leaf2-vsi-vsi1] statistics enable
[Leaf2-vsi-vsi1] arp suppression enable
[Leaf2-vsi-vsi1] vxlan 10
[Leaf2-vsi-vsi1-vxlan-10] quit
# 配置VXLAN封裝方式EVPN實例的RD和RT。
[Leaf2-vsi-vsi1] evpn encapsulation vxlan
[Leaf2-vsi-vsi1-evpn-vxlan] route-distinguisher auto
[Leaf2-vsi-vsi1-evpn-vxlan] vpn-target auto export-extcommunity
[Leaf2-vsi-vsi1-evpn-vxlan] vpn-target auto import-extcommunity
[Leaf2-vsi-vsi1-evpn-vxlan] quit
[Leaf2-vsi-vsi1] quit
# 配置關聯L3VNI的VSI虛接口。
[Leaf2] interface vsi-interface 10000
[Leaf2-Vsi-interface10000] ip binding vpn-instance vpn1
[Leaf2-Vsi-interface10000] l3-vni 10000
[Leaf2-Vsi-interface10000] quit
# 配置Leaf 1與RR建立BGP EVPN鄰居。
[Leaf2] bgp 65000
[Leaf2-bgp-default] peer 172.16.10.1 as-number 65000
[Leaf2-bgp-default] peer 172.16.10.1 connect-interface loopback 0
[Leaf2-bgp-default] peer 172.16.10.1 password simple overlay
[Leaf2-bgp-default] address-family l2vpn evpn
[Leaf2-bgp-default-evpn] peer 172.16.10.1 enable
[Leaf2-bgp-default-evpn] quit
[Leaf2-bgp-default] quit
# 在GigabitEthernet1/0/1上創建以太網服務實例,並配置以太網服務實例與VSI實例vsi1關聯。
[Leaf2] interface gigabitethernet 1/0/1
[Leaf2-GigabitEthernet1/0/1] port link-mode bridge
[Leaf2-GigabitEthernet1/0/1] port link-type trunk
[Leaf2-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[Leaf2-GigabitEthernet1/0/1] port trunk permit vlan 1002
[Leaf2-GigabitEthernet1/0/1] storm-constrain control shutdown
[Leaf2-GigabitEthernet1/0/1] service-instance 1
[Leaf2-GigabitEthernet1/0/1-srv1] encapsulation s-vid 1002
[Leaf2-GigabitEthernet1/0/1-srv1] statistics enable
[Leaf2-GigabitEthernet1/0/1-srv1] xconnect vsi vsi1
[Leaf2-GigabitEthernet1/0/1-srv1] quit
[Leaf2-GigabitEthernet1/0/1] quit
# 全局開啟IGMP Snooping。
[Leaf1] igmp-snooping
[Leaf1-igmp-snooping] global-enable
[Leaf1-igmp-snooping] quit
# 開啟VSI實例的IGMP Snooping,並配置IGMP Snooping功能。
[Leaf2] vsi vsi1
[Leaf2-vsi-vsi1] igmp-snooping enable
[Leaf2-vsi-vsi1] igmp-snooping drop-unknown
[Leaf2-vsi-vsi1] igmp-snooping proxy enable
# 配置Leaf設備作為IGMP查詢器。(也可以配置網絡中的其他設備作為IGMP查詢器)
[Leaf2-vsi-vsi1] igmp-snooping querier
[Leaf2-vsi-vsi1] quit
# 配置Loopback接口、GigabitEthernet1/0/1接口和GigabitEthernet1/0/2接口的IP地址。
<Sysname> system-view
[Sysname] sysname RR
[RR] interface loopback 0
[RR-LoopBack0] ip address 172.16.10.1 255.255.255.255
[RR-LoopBack0] quit
[RR] interface gigabitethernet 1/0/1
[RR-GigabitEthernet1/0/1] port link-mode route
[RR-GigabitEthernet1/0/1] ip address 12.1.1.3 24
[RR-GigabitEthernet1/0/1] quit
[RR] interface gigabitethernet 1/0/2
[RR-GigabitEthernet1/0/2] port link-mode route
[RR-GigabitEthernet1/0/2] ip address 13.1.1.3 24
[RR-GigabitEthernet1/0/2] quit
# 配置OSPF,使得Underlay網絡路由可達。
[RR] router id 172.16.10.1
[RR] ospf
[RR-ospf-1] area 0
[RR-ospf-1-area-0.0.0.0] network 172.16.10.1 0.0.0.0
[RR-ospf-1-area-0.0.0.0] network 12.1.1.3 0.0.0.255
[RR-ospf-1-area-0.0.0.0] network 13.1.1.3 0.0.0.255
[RR-ospf-1-area-0.0.0.0] quit
[RR-ospf-1] quit
# 將Leaf 1和Leaf 2加入IBGP對等體組leaf。
[RR] bgp 65000
[RR-bgp-default] group leaf internal
[RR-bgp-default] peer leaf connect-interface loopback 0
[RR-bgp-default] peer leaf password simple overlay
[RR-bgp-default] peer 172.16.0.1 group leaf
[RR-bgp-default] peer 172.16.0.2 group leaf
# 配置本地設備作為路由反射器,與IBGP對等體組leaf建立BGP EVPN鄰居,並關閉EVPN路由的VPN-Target過濾功能,以便路由反射器接收所有EVPN路由。
[RR-bgp-default] address-family l2vpn evpn
[RR-bgp-default-evpn] undo policy vpn-target
[RR-bgp-default-evpn] peer leaf enable
[RR-bgp-default-evpn] peer leaf reflect-client
[RR-bgp-default-evpn] quit
# 以Leaf 1為例,查看公網IP路由表,可以看到Leaf和RR通過OSPF學習到了彼此的路由,Underlay網絡路由可達。
[Leaf1] display ip routing-table
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 Direct 0 0 12.1.1.1 GE1/0/3
12.1.1.0/32 Direct 0 0 12.1.1.1 GE1/0/3
12.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.255/32 Direct 0 0 12.1.1.1 GE1/0/3
13.1.1.0/24 O_INTRA 10 2 12.1.1.3 GE1/0/3
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.2/32 O_INTRA 10 2 12.1.1.3 GE1/0/3
172.16.10.1/32 O_INTRA 10 1 12.1.1.3 GE1/0/3
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 以Leaf 1為例,查看BGP EVPN對等體信息,可以看到Leaf與RR建立了BGP EVPN對等體。
[Leaf1] display bgp peer l2vpn evpn
BGP local router ID: 172.16.0.1
Local AS number: 65000
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
^ - Peer created through link-local address
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
172.16.10.1 65000 24 27 0 4 00:14:59 Established
# 以Leaf 1為例,查看VSI的詳細信息,可以看到與VSI關聯的VXLAN隧道和AC。
[Leaf1] display l2vpn vsi verbose
VSI Name: Auto_L3VNI10000_2
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : 5120 kbps
Multicast Restrain : 5120 kbps
Unknown Unicast Restrain: 5120 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : Unlimited
Drop Unknown : Disabled
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 10000
VSI Name: vsi1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : 5120 kbps
Multicast Restrain : 5120 kbps
Unknown Unicast Restrain: 5120 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : Unlimited
Drop Unknown : Disabled
Flooding : Enabled
Statistics : Enabled
Input Statistics :
Octets :0
Packets :0
Errors :0
Discards :0
Output Statistics :
Octets :0
Packets :0
Errors :0
Discards :0
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
GE1/0/1 srv1 0 Up Manual
GE1/0/2 srv1 1 Up Manual
# 以Leaf 1為例,查看IGMP Snooping的狀態信息,可以看到VSI內IGMP Snooping處於開啟狀態。
[Leaf1] display igmp-snooping vsi vsi1
IGMP snooping information: VSI vsi1
IGMP snooping: Enabled
Forwarding mode: IP
Drop-unknown: Enabled
Version: 2
Host-aging-time: 260s
Router-aging-time: 260s
Max-response-time: 10s
Last-member-query-interval: 1s
Querier: Enabled (IP:10.255.255.254, Expires: 00:01:39)
Querier-election: Disabled
Query-interval: 125s
General-query source IP: 10.255.255.254
Special-query source IP: 10.255.255.254
Report source IP: 10.255.255.254
Leave source IP: 10.255.255.254
Proxy: Enabled
IPP: -(Link ID: 0xffff)
# 在Leaf 1上查看動態IGMP Snooping組播組的信息,可以看到VSI實例vsi1內,接口GigabitEthernet1/0/1上Link ID為0的AC是組播組(0.0.0.0, 225.0.0.1)的成員端口,即Leaf 1接收到任意組播源發往225.0.0.1的組播流量後,會將該流量通過AC轉發給組播接收者。
[Leaf1] display igmp-snooping group
Total 1 entries.
VSI vsi1: Total 1 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
GE1/0/1 (Link ID 0) (00:03:42)
# 在Leaf 1上查看EVPN的SMET路由信息,可以看到本地生成了SMET路由,該路由會發送給遠端Leaf。
[Leaf1] display evpn route smet
VSI name: vsi1
Source address :
Group address : 225.0.0.1
Local version : v2
ACs :
AC Link ID Flags
GE1/0/1 srv1 0 Local
# 在Leaf 2上查看EVPN的SMET路由信息,可以看到Leaf 2接收到了Leaf 1發送SMET路由。
[Leaf2] display evpn route smet
VSI name: vsi1
Source address :
Group address : 225.0.0.1
Local version : -
Peers :
Nexthop Tunnel name Link ID Remote version
172.16.0.1 Tunnel0 0x5000000 v2
# 在Leaf 2上查看IGMP Snooping通過EVPN學習到的組播組信息,可以看到Leaf 2通過SMET路由生成了IGMP Snooping表項,該表項表示:VSI實例vsi1內,VXLAN隧道Tunnel0為組播組(0.0.0.0, 225.0.0.1)的成員端口,即Leaf 2接收到任意組播源發往225.0.0.1的組播流量後,會將該流量通過VXLAN隧道轉發給遠端Leaf。
[Leaf2] display igmp-snooping evpn-group
Total 1 entries.
VSI vsi1: Total 1 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 10)
· Leaf 1
#
sysname Leaf1
#
ip vpn-instance vpn1
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 172.16.0.1
#
ospf 1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 172.16.0.1 0.0.0.0
#
igmp-snooping
global-enable
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vsi1
gateway vsi-interface 1
statistics enable
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping drop-unknown
igmp-snooping querier
igmp-snooping proxy enable
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000
#
service-instance 1
encapsulation s-vid 1000
statistics enable
xconnect vsi vsi1
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001
#
service-instance 1
encapsulation s-vid 1001
statistics enable
xconnect vsi vsi1
#
interface LoopBack0
ip address 172.16.0.1 255.255.255.255
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 12.1.1.1 255.255.255.0
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 10.255.255.254 255.0.0.0
mac-address 0000-0001-0001
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpn1
l3-vni 10000
#
bgp 65000
peer 172.16.10.1 as-number 65000
peer 172.16.10.1 connect-interface LoopBack0
peer 172.16.10.1 password cipher $c$3$cLxsbhBfj0xOTCgIQD1N6k3oJBamRAhZ5d8=
#
address-family l2vpn evpn
peer 172.16.10.1 enable
#
return
· Leaf 2
#
sysname Leaf2
#
ip vpn-instance vpn1
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 172.16.0.2
#
ospf 1
area 0.0.0.0
network 13.1.1.0 0.0.0.255
network 172.16.0.2 0.0.0.0
#
igmp-snooping
global-enable
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vsi1
gateway vsi-interface 1
statistics enable
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping drop-unknown
igmp-snooping querier
igmp-snooping proxy enable
#
interface LoopBack0
ip address 172.16.0.2 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1002
storm-constrain control shutdown
#
service-instance 1
encapsulation s-vid 1002
statistics enable
xconnect vsi vsi1
#
interface GigabitEthernet1/0/3
port link-mode route
ip address 13.1.1.1 255.255.255.0
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 10.255.255.254 255.0.0.0
mac-address 0000-0001-0001
#
interface Vsi-interface2
ip binding vpn-instance vpn1
l3-vni 10000
#
bgp 65000
peer 172.16.10.1 as-number 65000
peer 172.16.10.1 connect-interface LoopBack0
peer 172.16.10.1 password cipher $c$3$saE3frSy9IuWBPp1FJT7L952YRagb0D9Ioo=
#
address-family l2vpn evpn
peer 172.16.10.1 enable
#
return
· RR
#
sysname RR
#
router id 172.16.10.1
#
ospf 1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
network 172.16.10.1 0.0.0.0
#
interface LoopBack0
ip address 172.16.10.1 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
ip address 12.1.1.3 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
ip address 13.1.1.3 255.255.255.0
#
bgp 65000
group leaf internal
peer leaf connect-interface LoopBack0
peer leaf password cipher $c$3$91PuaavWEYHlqhaILQV5i5G828J3vG+g67I=
peer 172.16.0.1 group leaf
peer 172.16.0.2 group leaf
#
address-family l2vpn evpn
undo policy vpn-target
peer leaf enable
peer leaf reflect-client
#
return
Device A、Device B為DC 1的Leaf設備,用於用戶的接入。Device C為DC 1的邊緣設備(ED),用於DC間的互聯。Device E為DC 2的Leaf設備,用於用戶的接入;Device D為DC 2的邊緣設備,用於DC間的互聯。DC 1和DC 2內均使用L3VNI 1000。
Device A連接組播源Source,Device B和Device E分別連接組播接收者Receiver 1和Receiver 2。組播源Source位於VXLAN 11,Receiver 1位於VXLAN 12,Receiver 2位於VXLAN 21。組播接收者需要跨VXLAN網絡、跨DC接收組播源發送的組播流量,即需要在DCI網絡中實現EVPN組播流量的三層轉發。
圖2 EVPN三層組播DCI典型配置組網圖
本舉例中的數據規劃如表2所示。
|
配置項 |
數據 |
|
DC所在的AS |
· DC 1:AS 100 · DC 2:AS 200 |
|
DC內及DC間的Underlay網絡路由協議 |
· DC 1和DC 2內均運行OSPF(OSPF進程1區域0),實現DC內Underlay網絡路由可達 · DC 1和DC 2之間運行BGP IPv4單播路由協議,實現DC間Underlay網絡路由可達 |
|
組播源和組播接收者接入的VLAN、VXLAN及接入位置 |
· 組播源Source屬於VLAN 11、VXLAN 11,通過GigabitEthernet1/0/1接口接入Device A · Receiver 1屬於VLAN 12、VXLAN 12,通過GigabitEthernet1/0/1接口接入Device B · Receiver 2位於VLAN 21、VXLAN 21,通過GigabitEthernet1/0/1接口接入Device E |
|
組播源和組播接收者所屬的VPN實例 |
DC 1和DC 2內組播源和組播接收者均屬於VPN實例vpn1 |
|
EVPN分布式網關地址 |
· Device A:192.168.10.1/24 · Device B:192.168.20.1/24 · Device E:192.168.40.1/24 |
|
L3VNI |
DC 1和DC 2內均使用L3VNI 1000 |
|
Loopback接口地址 |
· Device A:Loopback0和Loopback1的接口地址均為1.1.1.1/32 · Device B:Loopback0和Loopback1的接口地址均為2.2.2.2/32 · Device C:Loopback0和Loopback1的接口地址均為77.77.77.77/32 · Device D:Loopback0和Loopback1的接口地址均為4.4.4.4/32 · Device E:Loopback0和Loopback1的接口地址均為88.88.88.88/32 其中,接口Loopback0屬於公網,接口Loopback1屬於VPN實例vpn1 |
|
Default-group地址 |
DC 1和DC 2內均為239.0.0.1 |
|
Data-group地址範圍 |
DC 1和DC 2內均為239.1.1.0/24 |
為了實現跨VXLAN網絡、跨DC轉發組播流量,需要執行如下配置:
· Device A~Device E上均配置MDT模式的組播VXLAN功能,以實現跨VXLAN網絡轉發組播流量。
· Device A~Device E連接DC內設備的公網接口上均配置PIM-SM,Device E上使能IGMP Snooping功能,用於建立組播轉發表項。連接DC外設備的公網接口(即ED間的接口)不需要使能PIM-SM,如果該接口上已使能了PIM SM功能,則需要執行pim bsr-boundary命令將ED配置為BSR的服務邊界。
· 在ED(Device C和Device D)上使能DCI功能,以實現組播流量的跨DC轉發。如果不同DC內相同VPN使用不同的L3VNI,則還需要在ED上通過peer re-originated命令配置EVPN路由重生成。
· 在ED上配置路由策略,使得ED從本DC內的其他ED、從其他DC內的ED接收到S-PMSI A-D路由和SMET路由後,不會再將該路由發送給ED設備(包括本DC內的ED和其他DC的ED)。
· 在Leaf(Device A、Device B和Device E)上通過s-pmsi advertise source-active命令配置通過S-PMSI路由通告激活組播源信息,以便Leaf和ED根據該路由確認組播源位於DC內還是DC外。
表3 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7639P01及以上版本 |
|
S10500X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-XS係列交換機 |
Release 7639P01及以上版本 |
|
S7600E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500X-X係列交換機 |
Release 7639P01及以上版本 |
|
S10500係列交換機 |
Release 7639P01及以上版本 |
|
S7600-X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-S係列交換機 |
Release 7639P01及以上版本 |
|
S7500E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500E係列交換機 |
Release 7639P01及以上版本 |
|
S7500X係列交換機 |
Release 7639P01及以上版本 |
|
S7600係列交換機 |
Release 7639P01及以上版本 |
|
S7000ET係列交換機 |
不支持 |
不支持組播源和組播接收者直接連接在ED設備上。
通過BGP EVPN路由動態創建VXLAN-DCI隧道時,需要在ED間互連的三層接口上通過dci enable命令開啟DCI功能。ED間手工創建VXLAN-DCI隧道時,不能在ED間互連的三層接口上開啟DCI功能。
如果在Leaf設備上同時配置了s-pmsi advertise source-active命令和data-group命令,則Default-MDT向Data-MDT切換的延遲時間(由data-delay命令配置)必須大於BGP發布同一路由的時間間隔(由peer route-update-interval命令配置)。否則,通告Data-Group的S-PMSI路由可能會被BGP抑製發布,導致從Default-MDT向Data-MDT切換的過程中流量轉發中斷。
# 配置Loopback接口和Vlan-interface10接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceA
[DeviceA] interface loopback 0
[DeviceA-LoopBack0] ip address 1.1.1.1 255.255.255.255
[DeviceA-LoopBack0] quit
[DeviceA] vlan 10
[DeviceA-vlan10] port gigabitethernet 1/0/2
[DeviceA-vlan10] quit
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] ip address 11.1.1.1 24
[DeviceA-Vlan-interface10] quit
# 配置OSPF,使得Underlay網絡路由可達。
[DeviceA] router id 1.1.1.1
[DeviceA] ospf
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[DeviceA-ospf-1-area-0.0.0.0] network 11.1.1.1 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
# 使能IP組播路由,並進入MRIB視圖。
[DeviceA] multicast routing
[DeviceA-mrib] quit
# 在Loopback接口和Vlan-interface10接口上使能PIM SM。
[DeviceA] interface loopback 0
[DeviceA-LoopBack0] pim sm
[DeviceA-LoopBack0] quit
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] pim sm
[DeviceA-Vlan-interface10] quit
# 創建VPN實例vpn1,並配置VPN實例的RD和RT。
[DeviceA] ip vpn-instance vpn1
[DeviceA-vpn-instance-vpn1] route-distinguisher 1:1
[DeviceA-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[DeviceA-vpn-instance-vpn1] quit
# 開啟L2VPN能力。
[DeviceA] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[DeviceA] vxlan tunnel mac-learning disable
[DeviceA] vxlan tunnel arp-learning disable
# 配置VSI虛接口VSI-interface1作為網關接口,並在該接口上開啟PIM SM功能。
[DeviceA] interface vsi-interface 1
[DeviceA-Vsi-interface1] ip binding vpn-instance vpn1
[DeviceA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0
[DeviceA-Vsi-interface1] pim sm
[DeviceA-Vsi-interface1] distributed-gateway local
[DeviceA-Vsi-interface1] quit
# 配置VSI與VXLAN 11關聯,並指定VSI網關接口為VSI虛接口1。
[DeviceA] vsi vpna
[DeviceA-vsi-vpna] gateway vsi-interface 1
[DeviceA-vsi-vpna] arp suppression enable
[DeviceA-vsi-vpna] vxlan 11
[DeviceA-vsi-vpna-vxlan-11] quit
[DeviceA-vsi-vpna] quit
# 配置VXLAN封裝方式EVPN實例的RD和RT。
[DeviceA-vsi-vpna] evpn encapsulation vxlan
[DeviceA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[DeviceA-vsi-vpna-evpn-vxlan] vpn-target auto
[DeviceA-vsi-vpna-evpn-vxlan] quit
[DeviceA-vsi-vpna] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000,並在該接口上開啟PIM SM功能。
[DeviceA] interface vsi-interface 2
[DeviceA-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceA-Vsi-interface2] l3-vni 1000
[DeviceA-Vsi-interface2] pim sm
[DeviceA-Vsi-interface2] quit
# 配置BGP發布EVPN路由。
[DeviceA] bgp 100
[DeviceA-bgp-default] peer 77.77.77.77 as-number 100
[DeviceA-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[DeviceA-bgp-default] address-family l2vpn evpn
[DeviceA-bgp-default-evpn] peer 77.77.77.77 enable
[DeviceA-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[DeviceA-bgp-default-evpn] quit
[DeviceA-bgp-default] quit
# 創建VLAN 11。
[DeviceA] vlan 11
[DeviceA-vlan11] quit
# 在接入服務器的接口GigabitEthernet1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 11的數據幀。
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] port link-type trunk
[DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 1 11
[DeviceA-GigabitEthernet1/0/1] service-instance 100
[DeviceA-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11
# 配置以太網服務實例100與VSI實例vpna關聯。
[DeviceA-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[DeviceA-GigabitEthernet1/0/1-srv100] quit
# 全局開啟IGMP Snooping。
[DeviceA] igmp-snooping
[DeviceA-igmp-snooping] global-enable
[DeviceA-igmp-snooping] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[DeviceA] vsi vpna
[DeviceA-vsi-vpna] igmp-snooping enable
[DeviceA-vsi-vpna] igmp-snooping proxy enable
[DeviceA-vsi-vpna] quit
# 使能VPN實例vpn1的IP組播路由功能。
[DeviceA] multicast routing vpn-instance vpn1
[DeviceA-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,配置通過S-PMSI路由發布組播源功能,並配置由Default-MDT向Data-MDT切換的延遲時間為20秒(大於BGP發布同一路由的缺省時間間隔15秒)。
[DeviceA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceA-mvxlan-vpn1] address-family ipv4
[DeviceA-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[DeviceA-mvxlan-vpn1-ipv4] source loopback 0
[DeviceA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[DeviceA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[DeviceA-mvxlan-vpn1-ipv4] data-delay 20
[DeviceA-mvxlan-vpn1-ipv4] quit
[DeviceA-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[DeviceA] interface loopback 1
[DeviceA-LoopBack1] ip binding vpn-instance vpn1
[DeviceA-LoopBack1] ip address 1.1.1.1 32
[DeviceA-LoopBack1] pim sm
[DeviceA-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[DeviceA] pim vpn-instance vpn1
[DeviceA-pim-vpn1] c-bsr 1.1.1.1
[DeviceA-pim-vpn1] c-rp 1.1.1.1
[DeviceA-pim-vpn1] quit
# 配置Loopback接口和Vlan-interface20接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceB
[DeviceB] interface loopback 0
[DeviceB-LoopBack0] ip address 2.2.2.2 255.255.255.255
[DeviceB-LoopBack0] quit
[DeviceB] vlan 20
[DeviceB-vlan20] port gigabitethernet 1/0/2
[DeviceB-vlan20] quit
[DeviceB] interface vlan-interface 20
[DeviceB-Vlan-interface20] ip address 12.1.1.2 24
[DeviceB-Vlan-interface20] quit
# 配置OSPF,使得Underlay網絡路由可達。
[DeviceB] router id 2.2.2.2
[DeviceB] ospf
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[DeviceB-ospf-1-area-0.0.0.0] network 12.1.1.2 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
# 使能IP組播路由,並進入MRIB視圖。
[DeviceB] multicast routing
[DeviceB-mrib] quit
# 在Loopback接口和Vlan-interface20接口上使能PIM SM。
[DeviceB] interface loopback 0
[DeviceB-LoopBack0] pim sm
[DeviceB-LoopBack0] quit
[DeviceB] interface vlan-interface 20
[DeviceB-Vlan-interface20] pim sm
[DeviceB-Vlan-interface20] quit
# 配置VPN實例的RD和RT。
[DeviceB] ip vpn-instance vpn1
[DeviceB-vpn-instance-vpn1] route-distinguisher 1:2
[DeviceB-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[DeviceB-vpn-instance-vpn1] quit
# 開啟L2VPN能力。
[DeviceB] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[DeviceB] vxlan tunnel mac-learning disable
[DeviceB] vxlan tunnel arp-learning disable
# 配置VSI虛接口VSI-interface1作為網關接口,並在該接口上開啟PIM SM和IGMP功能。
[DeviceB] interface vsi-interface 1
[DeviceB-Vsi-interface1] ip binding vpn-instance vpn1
[DeviceB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0
[DeviceB-Vsi-interface1] pim sm
[DeviceB-Vsi-interface1] igmp enable
[DeviceB-Vsi-interface1] distributed-gateway local
[DeviceB-Vsi-interface1] quit
# 配置VSI與VXLAN 12關聯,並指定VSI網關接口為VSI虛接口1。
[DeviceB] vsi vpna
[DeviceB-vsi-vpna] gateway vsi-interface 1
[DeviceB-vsi-vpna] arp suppression enable
[DeviceB-vsi-vpna] vxlan 12
[DeviceB-vsi-vpna-vxlan-12] quit
[DeviceB-vsi-vpna] quit
# 配置VXLAN封裝方式EVPN實例的RD和RT。
[DeviceB-vsi-vpna] evpn encapsulation vxlan
[DeviceB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[DeviceB-vsi-vpna-evpn-vxlan] vpn-target auto
[DeviceB-vsi-vpna-evpn-vxlan] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000,並在該接口上開啟PIM SM功能。
[DeviceB] interface vsi-interface 2
[DeviceB-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceB-Vsi-interface2] l3-vni 1000
[DeviceB-Vsi-interface2] pim sm
[DeviceB-Vsi-interface2] quit
# 配置BGP發布EVPN路由。
[DeviceB] bgp 100
[DeviceB-bgp-default] peer 77.77.77.77 as-number 100
[DeviceB-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[DeviceB-bgp-default] address-family l2vpn evpn
[DeviceB-bgp-default-evpn] peer 77.77.77.77 enable
[DeviceB-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[DeviceB-bgp-default-evpn] quit
[DeviceB-bgp-default] quit
# 創建VLAN 12。
[DeviceB] vlan 12
[DeviceB-vlan12] quit
# 在接入服務器的接口GigabitEthernet1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 12的數據幀。
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 1 12
[DeviceB-GigabitEthernet1/0/1] service-instance 100
[DeviceB-GigabitEthernet1/0/1-srv100] encapsulation s-vid 12
# 配置以太網服務實例100與VSI實例vpna關聯。
[DeviceB-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[DeviceB-GigabitEthernet1/0/1-srv100] quit
# 全局開啟IGMP Snooping。
[DeviceB] igmp-snooping
[DeviceB-igmp-snooping] global-enable
[DeviceB-igmp-snooping] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[DeviceB] vsi vpna
[DeviceB-vsi-vpna] igmp-snooping enable
[DeviceB-vsi-vpna] igmp-snooping proxy enable
[DeviceB-vsi-vpna] quit
# 使能VPN實例vpn1的IP組播路由功能。
[DeviceB] multicast routing vpn-instance vpn1
[DeviceB-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[DeviceB] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceB-mvxlan-vpn1] address-family ipv4
[DeviceB-mvxlan-vpn1-ipv4] source loopback 0
[DeviceB-mvxlan-vpn1-ipv4] quit
[DeviceB-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[DeviceB] interface loopback 1
[DeviceB-LoopBack1] ip binding vpn-instance vpn1
[DeviceB-LoopBack1] ip address 2.2.2.2 32
[DeviceB-LoopBack1] pim sm
[DeviceB-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[DeviceB] pim vpn-instance vpn1
[DeviceB-pim-vpn1] c-bsr 2.2.2.2
[DeviceB-pim-vpn1] c-rp 2.2.2.2
[DeviceB-pim-vpn1] quit
# 配置Loopback接口和VLAN接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceC
[DeviceC] interface loopback 0
[DeviceC-LoopBack0] ip address 77.77.77.77 255.255.255.255
[DeviceC-LoopBack0] quit
[DeviceC] vlan 10
[DeviceC-vlan10] port gigabitethernet 1/0/1
[DeviceC-vlan10] quit
[DeviceC] interface vlan-interface 10
[DeviceC-Vlan-interface10] ip address 11.1.1.3 24
[DeviceC-Vlan-interface10] quit
[DeviceC] vlan 20
[DeviceC-vlan20] port gigabitethernet 1/0/2
[DeviceC-vlan20] quit
[DeviceC] interface vlan-interface 20
[DeviceC-Vlan-interface20] ip address 12.1.1.3 24
[DeviceC-Vlan-interface20] quit
[DeviceC] vlan 70
[DeviceC-vlan70] port gigabitethernet 1/0/3
[DeviceC-vlan70] quit
[DeviceC] interface vlan-interface 70
[DeviceC-Vlan-interface70] ip address 78.1.1.3 24
[DeviceC-Vlan-interface70] quit
# 配置OSPF,使得DC內路由可達。
[DeviceC] router id 77.77.77.77
[DeviceC] ospf
[DeviceC-ospf-1] area 0
[DeviceC-ospf-1-area-0.0.0.0] network 77.77.77.77 0.0.0.0
[DeviceC-ospf-1-area-0.0.0.0] network 11.1.1.3 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] network 12.1.1.3 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] quit
[DeviceC-ospf-1] quit
# 配置Device C與Device D建立EBGP鄰居,交互IPv4單播路由,使得DC間路由可達。
[DeviceC] bgp 100
[DeviceC-bgp-default] peer 88.88.88.88 as-number 200
[DeviceC-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[DeviceC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[DeviceC-bgp-default] address-family ipv4 unicast
[DeviceC-bgp-default-ipv4] peer 88.88.88.88 enable
[DeviceC-bgp-default-ipv4] network 88.88.88.88 32
[DeviceC-bgp-default-ipv4] network 78.1.1.3 24
[DeviceC-bgp-default-ipv4] quit
[DeviceC-bgp-default] quit
# 使能IP組播路由,並進入MRIB視圖。
[DeviceC] multicast routing
[DeviceC-mrib] quit
# 在Loopback接口、Vlan-interface10接口和Vlan-interface20接口上使能PIM SM。
[DeviceC] interface loopback 0
[DeviceC-LoopBack0] pim sm
[DeviceC-LoopBack0] quit
[DeviceC] interface vlan-interface 10
[DeviceC-Vlan-interface10] pim sm
[DeviceC-Vlan-interface10] quit
[DeviceC] interface vlan-interface 20
[DeviceC-Vlan-interface20] pim sm
[DeviceC-Vlan-interface20] quit
# 創建VPN實例vpn1,並配置VPN實例的RD和RT。
[DeviceC] ip vpn-instance vpn1
[DeviceC-vpn-instance-vpn1] route-distinguisher 1:3
[DeviceC-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[DeviceC-vpn-instance-vpn1] quit
# 開啟L2VPN能力。
[DeviceC] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[DeviceC] vxlan tunnel mac-learning disable
[DeviceC] vxlan tunnel arp-learning disable
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000,並在該接口上開啟PIM SM功能。
[DeviceC] interface vsi-interface 2
[DeviceC-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceC-Vsi-interface2] l3-vni 1000
[DeviceC-Vsi-interface2] pim sm
[DeviceC-Vsi-interface2] quit
# 將Device A和Device B加入IBGP對等體組group1。
[DeviceC] bgp 100
[DeviceC-bgp-default] group group1 internal
[DeviceC-bgp-default] peer group1 connect-interface loopback 0
[DeviceC-bgp-default] peer 1.1.1.1 group group1
[DeviceC-bgp-default] peer 2.2.2.2 group group1
# 配置Device C作為路由反射器與對等體組group1建立BGP EVPN鄰居,並配置向對等體組group1發布路由時將下一跳地址修改為本地地址。
[DeviceC-bgp-default] address-family l2vpn evpn
[DeviceC-bgp-default-evpn] peer group1 enable
[DeviceC-bgp-default-evpn] peer group1 next-hop-local
[DeviceC-bgp-default-evpn] peer group1 reflect-client
# 配置Device C與Device D建立BGP EVPN鄰居,並配置向Device D發布路由、將從Device D接收到的路由發布給其他對等體時,將路由的Router MAC修改為自身的Router MAC地址。
[DeviceC-bgp-default-evpn] peer 88.88.88.88 enable
[DeviceC-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[DeviceC-bgp-default-evpn] quit
[DeviceC-bgp-default] quit
# 全局開啟IGMP Snooping。
[DeviceC] igmp-snooping
[DeviceC-igmp-snooping] global-enable
[DeviceC-igmp-snooping] quit
# 使能VPN實例vpn1的IP組播路由功能。
[DeviceC] multicast routing vpn-instance vpn1
[DeviceC-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口,並開啟組播DCI功能。
[DeviceC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceC-mvxlan-vpn1] address-family ipv4
[DeviceC-mvxlan-vpn1-ipv4] source loopback 0
[DeviceC-mvxlan-vpn1-ipv4] dci enable
[DeviceC-mvxlan-vpn1-ipv4] quit
[DeviceC-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[DeviceC] interface loopback 1
[DeviceC-LoopBack1] ip binding vpn-instance vpn1
[DeviceC-LoopBack1] ip address 77.77.77.77 32
[DeviceC-LoopBack1] pim sm
[DeviceC-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[DeviceC] pim vpn-instance vpn1
[DeviceC-pim-vpn1] c-bsr 77.77.77.77
[DeviceC-pim-vpn1] c-rp 77.77.77.77
[DeviceC-pim-vpn1] quit
# 在與外部ED連接的物理口上開啟DCI功能。
[DeviceC] interface vlan-interface 70
[DeviceC-Vlan-interface70] dci enable
[DeviceC] quit
# 配置Loopback接口和VLAN接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceD
[DeviceD] interface loopback 0
[DeviceD-LoopBack0] ip address 88.88.88.88 255.255.255.255
[DeviceD-LoopBack0] quit
[DeviceD] vlan 20
[DeviceD-vlan10] port gigabitethernet 1/0/1
[DeviceD-vlan20] quit
[DeviceD] interface vlan-interface 20
[DeviceD-Vlan-interface20] ip address 22.1.1.2 24
[DeviceD-Vlan-interface20] quit
[DeviceD] vlan 70
[DeviceD-vlan70] port gigabitethernet 1/0/2
[DeviceD-vlan70] quit
[DeviceD] interface vlan-interface 70
[DeviceD-Vlan-interface70] ip address 78.1.1.2 24
[DeviceD-Vlan-interface70] quit
# 配置OSPF,使得DC內路由可達。
[DeviceD] router id 88.88.88.88
[DeviceD] ospf
[DeviceD-ospf-1] area 0
[DeviceD-ospf-1-area-0.0.0.0] network 88.88.88.88 0.0.0.0
[DeviceD-ospf-1-area-0.0.0.0] network 22.1.1.2 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.0] quit
[DeviceD-ospf-1] quit
# 配置Device C與Device D建立EBGP鄰居,交互IPv4單播路由,使得DC間路由可達。
[DeviceD] bgp 200
[DeviceD-bgp-default] peer 77.77.77.77 as-number 100
[DeviceD-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[DeviceD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[DeviceD-bgp-default] address-family ipv4 unicast
[DeviceD-bgp-default-ipv4] peer 77.77.77.77 enable
[DeviceD-bgp-default-ipv4] network 77.77.77.77 32
[DeviceD-bgp-default-ipv4] network 78.1.1.2 24
[DeviceD-bgp-default-ipv4] quit
[DeviceD-bgp-default] quit
# 使能IP組播路由,並進入MRIB視圖。
[DeviceD] multicast routing
[DeviceD-mrib] quit
# 在Loopback接口和Vlan-interface20接口上使能PIM SM。
[DeviceD] interface loopback 0
[DeviceD-LoopBack0] pim sm
[DeviceD-LoopBack0] quit
[DeviceD] interface vlan-interface 20
[DeviceD-Vlan-interface20] pim sm
[DeviceD-Vlan-interface20] quit
# 創建VPN實例vpn1,並配置VPN實例的RD和RT。
[DeviceD] ip vpn-instance vpn1
[DeviceD-vpn-instance-vpn1] route-distinguisher 2:1
[DeviceD-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[DeviceD-vpn-instance-vpn1] quit
# 開啟L2VPN能力。
[DeviceD] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[DeviceD] vxlan tunnel mac-learning disable
[DeviceD] vxlan tunnel arp-learning disable
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000,並在該接口上開啟PIM SM功能。
[DeviceD] interface vsi-interface 2
[DeviceD-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceD-Vsi-interface2] l3-vni 1000
[DeviceD-Vsi-interface2] pim sm
[DeviceD-Vsi-interface2] quit
# 配置Device E為IBGP鄰居。
[DeviceD] bgp 200
[DeviceD-bgp-default] peer 4.4.4.4 as-number 200
[DeviceD-bgp-default] peer 4.4.4.4 connect-interface loopback 0
# 配置Device D與Device E建立BGP EVPN鄰居,並配置向Device E發布路由時將下一跳地址修改為本地地址。
[DeviceD-bgp-default] address-family l2vpn evpn
[DeviceD-bgp-default-evpn] peer 4.4.4.4 enable
[DeviceD-bgp-default-evpn] peer 4.4.4.4 next-hop-local
# 配置Device D與Device C建立BGP EVPN鄰居,並配置向Device C發布路由、將從Device C接收到的路由發布給其他對等體時,將路由的Router MAC修改為自身的Router MAC地址。
[DeviceD-bgp-default-evpn] peer 77.77.77.77 enable
[DeviceD-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[DeviceD-bgp-default-evpn] quit
[DeviceD-bgp-default] quit
# 全局開啟IGMP Snooping。
[DeviceD] igmp-snooping
[DeviceD-igmp-snooping] global-enable
[DeviceD-igmp-snooping] quit
# 使能VPN實例vpn1的IP組播路由功能。
[DeviceD] multicast routing vpn-instance vpn1
[DeviceD-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Device D上配置的Data-Group範圍必須與Device A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[DeviceD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceD-mvxlan-vpn1] address-family ipv4
[DeviceD-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[DeviceD-mvxlan-vpn1-ipv4] source loopback 0
[DeviceD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[DeviceD-mvxlan-vpn1-ipv4] dci enable
[DeviceD-mvxlan-vpn1-ipv4] quit
[DeviceD-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[DeviceD] interface loopback 1
[DeviceD-LoopBack1] ip binding vpn-instance vpn1
[DeviceD-LoopBack1] ip address 88.88.88.88 32
[DeviceD-LoopBack1] pim sm
[DeviceD-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[DeviceD] pim vpn-instance vpn1
[DeviceD-pim-vpn1] c-bsr 88.88.88.88
[DeviceD-pim-vpn1] c-rp 88.88.88.88
[DeviceD-pim-vpn1] quit
# 在與外部ED連接的物理口上開啟DCI功能。
[DeviceD] interface vlan-interface 70
[DeviceD-Vlan-interface70] dci enable
[DeviceD-Vlan-interface70] quit
# 配置Loopback接口和Vlan-interface20接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceE
[DeviceE] interface loopback 0
[DeviceE-LoopBack0] ip address 4.4.4.4 255.255.255.255
[DeviceE-LoopBack0] quit
[DeviceE] vlan 20
[DeviceE-vlan20] port gigabitethernet 1/0/2
[DeviceE-vlan20] quit
[DeviceE] interface vlan-interface 20
[DeviceE-Vlan-interface20] ip address 22.1.1.1 24
[DeviceE-Vlan-interface20] quit
# 配置OSPF,使得Underlay網絡路由可達。
[DeviceE] router id 4.4.4.4
[DeviceE] ospf
[DeviceE-ospf-1] area 0
[DeviceE-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[DeviceE-ospf-1-area-0.0.0.0] network 22.1.1.1 0.0.0.255
[DeviceE-ospf-1-area-0.0.0.0] quit
[DeviceE-ospf-1] quit
# 使能IP組播路由,並進入MRIB視圖。
[DeviceE] multicast routing
[DeviceE-mrib] quit
# 在Loopback接口和Vlan-interface20接口上使能PIM SM。
[DeviceE] interface loopback 0
[DeviceE-LoopBack0] pim sm
[DeviceE-LoopBack0] quit
[DeviceE] interface vlan-interface 20
[DeviceE-Vlan-interface20] pim sm
[DeviceE-Vlan-interface20] quit
# 配置VPN實例的RD和RT。
[DeviceE] ip vpn-instance vpn1
[DeviceE-vpn-instance-vpn1] route-distinguisher 2:3
[DeviceE-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[DeviceE-vpn-instance-vpn1] quit
# 開啟L2VPN能力。
[DeviceE] l2vpn enable
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[DeviceE] vxlan tunnel mac-learning disable
[DeviceE] vxlan tunnel arp-learning disable
# 配置VSI虛接口VSI-interface1作為網關接口,並在該接口上開啟PIM SM和IGMP功能。
[DeviceE] interface vsi-interface 1
[DeviceE-Vsi-interface1] ip binding vpn-instance vpn1
[DeviceE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0
[DeviceE-Vsi-interface1] pim sm
[DeviceE-Vsi-interface1] igmp enable
[DeviceE-Vsi-interface1] distributed-gateway local
[DeviceE-Vsi-interface1] quit
# 配置VSI與VXLAN 21關聯,並指定VSI網關接口為VSI虛接口1。
[DeviceE] vsi vpna
[DeviceE-vsi-vpna] gateway vsi-interface 1
[DeviceE-vsi-vpna] arp suppression enable
[DeviceE-vsi-vpna] vxlan 21
[DeviceE-vsi-vpna-vxlan-21] quit
# 配置VXLAN封裝方式EVPN實例的RD和RT。
[DeviceE-vsi-vpna] evpn encapsulation vxlan
[DeviceE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[DeviceE-vsi-vpna-evpn-vxlan] vpn-target auto
[DeviceE-vsi-vpna-evpn-vxlan] quit
[DeviceE-vsi-vpna] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000,並在該接口上開啟PIM SM功能。
[DeviceE] interface vsi-interface 2
[DeviceE-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceE-Vsi-interface2] l3-vni 1000
[DeviceE-Vsi-interface2] pim sm
[DeviceE-Vsi-interface2] quit
# 配置BGP發布EVPN路由。
[DeviceE] bgp 200
[DeviceE-bgp-default] peer 88.88.88.88 as-number 200
[DeviceE-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[DeviceE-bgp-default] address-family l2vpn evpn
[DeviceE-bgp-default-evpn] peer 88.88.88.88 enable
[DeviceE-bgp-default-evpn] peer 88.88.88.88 next-hop-local
[DeviceE-bgp-default-evpn] quit
[DeviceE-bgp-default] quit
# 創建VLAN 21。
[DeviceE] vlan 21
[DeviceE-vlan21] quit
# 在接入服務器的接口GigabitEthernet1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 21的數據幀。
[DeviceE] interface gigabitethernet 1/0/1
[DeviceE-GigabitEthernet1/0/1] port link-type trunk
[DeviceE-GigabitEthernet1/0/1] port trunk permit vlan 1 21
[DeviceE-GigabitEthernet1/0/1] service-instance 100
[DeviceE-GigabitEthernet1/0/1-srv100] encapsulation s-vid 21
# 配置以太網服務實例100與VSI實例vpna關聯。
[DeviceE-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[DeviceE-GigabitEthernet1/0/1-srv100] quit
# 全局開啟IGMP Snooping。
[DeviceE] igmp-snooping
[DeviceE-igmp-snooping] global-enable
[DeviceE-igmp-snooping] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[DeviceE] vsi vpna
[DeviceE-vsi-vpna] igmp-snooping enable
[DeviceE-vsi-vpna] igmp-snooping proxy enable
[DeviceE-vsi-vpna] quit
# 使能VPN實例vpn1的IP組播路由功能。
[DeviceE] multicast routing vpn-instance vpn1
[DeviceE-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[DeviceE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceE-mvxlan-vpn1] address-family ipv4
[DeviceE-mvxlan-vpn1-ipv4] source loopback 0
[DeviceE-mvxlan-vpn1-ipv4] quit
[DeviceE-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[DeviceE] interface loopback 1
[DeviceE-LoopBack1] ip binding vpn-instance vpn1
[DeviceE-LoopBack1] ip address 4.4.4.4 32
[DeviceE-LoopBack1] pim sm
[DeviceE-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[DeviceE] pim vpn-instance vpn1
[DeviceE-pim-vpn1] c-bsr 4.4.4.4
[DeviceE-pim-vpn1] c-rp 4.4.4.4
[DeviceE-pim-vpn1] quit
Source發送組播流量(192.168.10.2, 225.0.0.1)。Receiver 1和Receiver 2加入組225.0.0.1,可以接收到組播流量。各設備上的組播路由信息如下所示。
(1) 查看Leaf設備上的組播路由信息。(以Device A為例,Device B和Device E的顯示信息與此類似)
# 查看Device A上VPN實例vpn1的組播路由信息,可以看到私網組播組(*, 225.0.0.1)和(192.168.10.2, 225.0.0.1)的下遊接口為組播隧道接口(Mtunnel0或Mtunnel1)。
<DeviceA> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:19:10
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 01:19:10, Expires: -
(192.168.10.2, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 03:27:40
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 01:19:06, Expires: -
# 查看Device A的公網組播路由信息,可以看到公網上建立了以1.1.1.1/2.2.2.2/77.77.77.77為根、Default-group地址為目的地址的Default-MDT,以及以1.1.1.1為根、Data-group地址為目的地址的Data-MDT。
<DeviceA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:43:30
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:19:18, Expires: 00:03:15
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:42
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:42, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:19:16
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:19:16, Expires: -
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:19:16
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:19:01, Expires: 00:02:30
(2) 查看ED上的組播路由信息。(以Device C為例,Device D的顯示信息與此類似)
# 查看Device C的VPN實例vpn1的組播路由信息,可以看到私網組播組(*, 225.0.0.1)和(192.168.10.2, 225.0.0.1)的下遊接口為VSI虛接口或組播隧道接口。
<DeviceC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:18:39
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 01:18:39, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 01:18:05, Expires: -
(192.168.10.2, 225.0.0.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 01:18:39
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: MD, UpTime: 01:18:39, Expires: -
# 查看Device C的公網組播路由信息,可以看到公網上建立了以1.1.1.1/2.2.2.2/77.77.77.77為根、Default-group地址為目的地址的Default-MDT,以及以1.1.1.1為根、Data-group地址為目的地址的Data-MDT。
<DeviceC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:46
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:44, Expires: -
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:11
Upstream interface: Vlan-interface20
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:15
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:11, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:19:30
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:18:44, Expires: 00:02:42
2: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 01:18:46
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:30, Expires: -
# 查看Device C上IGMP Snooping通過EVPN學習到的組播組信息。
<DeviceC> display igmp-snooping evpn-group
Total 2 entries.
VSI Auto_L3VNI1000_2: Total 2 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 1000)
(192.168.10.2, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 1000)
· Device A
#
sysname DeviceA
#
ip vpn-instance vpn1
route-distinguisher 1:1
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 1.1.1.1
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.1.1.0 0.0.0.255
#
igmp-snooping
global-enable
#
vlan 10 to 11
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
arp suppression enable
vxlan 11
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping proxy enable
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface Vlan-interface10
ip address 11.1.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 11
combo enable copper
#
service-instance 1000
encapsulation s-vid 11
xconnect vsi vpna
#
interface GigabitEthernet1/0/2
port access vlan 10
combo enable copper
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 192.168.10.1 255.255.255.0
pim sm
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 100
peer 77.77.77.77 as-number 100
peer 77.77.77.77 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 77.77.77.77 enable
peer 77.77.77.77 next-hop-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 1.1.1.1
c-rp 1.1.1.1
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
default-group 239.0.0.1
data-group 239.1.1.0 255.255.255.0
data-delay 20
s-pmsi advertise source-active
#
return
· Device B
#
sysname DeviceB
#
ip vpn-instance vpn1
route-distinguisher 1:2
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 2.2.2.2
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
igmp-snooping
global-enable
#
vlan 12
#
vlan 20
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
arp suppression enable
vxlan 12
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping proxy enable
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 2.2.2.2 255.255.255.255
pim sm
#
interface Vlan-interface20
ip address 12.1.1.2 255.255.255.0
pim sm
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 12
combo enable copper
#
service-instance 100
encapsulation s-vid 12
xconnect vsi vpna
#
interface GigabitEthernet1/0/2
port access vlan 20
combo enable copper
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 192.168.20.1 255.255.255.0
pim sm
igmp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 100
peer 77.77.77.77 as-number 100
peer 77.77.77.77 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 77.77.77.77 enable
peer 77.77.77.77 next-hop-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 2.2.2.2
c-rp 2.2.2.2
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
#
return
· Device C
#
sysname DeviceC
#
ip vpn-instance vpn1
route-distinguisher 1:3
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 77.77.77.77
#
ospf 1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 77.77.77.77 0.0.0.0
#
igmp-snooping
global-enable
#
vlan 10
#
vlan 20
#
vlan 70
#
l2vpn enable
vxlan tunnel arp-learning disable
#
interface LoopBack0
ip address 77.77.77.77 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 77.77.77.77 255.255.255.255
pim sm
#
interface Vlan-interface10
ip address 11.1.1.3 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 12.1.1.3 255.255.255.0
pim sm
#
interface Vlan-interface70
ip address 78.1.1.3 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 10
combo enable copper
#
interface GigabitEthernet1/0/2
port access vlan 20
combo enable copper
#
interface GigabitEthernet1/0/3
port access vlan 70
combo enable copper
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 100
group group1 internal
peer group1 connect-interface LoopBack0
peer 1.1.1.1 group group1
peer 2.2.2.2 group group1
peer 88.88.88.88 as-number 200
peer 88.88.88.88 connect-interface LoopBack0
peer 88.88.88.88 ebgp-max-hop 64
#
address-family ipv4 unicast
network 78.1.1.0 255.255.255.0
network 88.88.88.88 255.255.255.255
peer 88.88.88.88 enable
#
address-family l2vpn evpn
peer group1 enable
peer group1 next-hop-local
peer group1 reflect-client
peer 88.88.88.88 enable
peer 88.88.88.88 router-mac-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 77.77.77.77
c-rp 77.77.77.77
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
dci enable
#
return
· Device D
#
sysname DeviceD
#
ip vpn-instance vpn1
route-distinguisher 2:1
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 88.88.88.88
#
ospf 1
area 0.0.0.0
network 22.1.1.0 0.0.0.255
network 88.88.88.88 0.0.0.0
#
igmp-snooping
global-enable
#
vlan 20
#
vlan 70
#
l2vpn enable
vxlan tunnel arp-learning disable
#
interface LoopBack0
ip address 88.88.88.88 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 88.88.88.88 255.255.255.255
pim sm
#
interface Vlan-interface20
ip address 22.1.1.2 255.255.255.0
pim sm
#
interface Vlan-interface70
ip address 78.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 20
combo enable copper
#
interface GigabitEthernet1/0/2
port access vlan 70
combo enable copper
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
peer 77.77.77.77 as-number 100
peer 77.77.77.77 connect-interface LoopBack0
peer 77.77.77.77 ebgp-max-hop 64
#
address-family ipv4 unicast
network 77.77.77.77 255.255.255.255
network 78.1.1.0 255.255.255.0
peer 77.77.77.77 enable
#
address-family l2vpn evpn
peer 4.4.4.4 enable
peer 4.4.4.4 next-hop-local
peer 77.77.77.77 enable
peer 77.77.77.77 router-mac-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 88.88.88.88
c-rp 88.88.88.88
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
default-group 239.0.0.1
data-group 239.1.1.0 255.255.255.0
dci enable
#
return
· Device E
#
sysname DeviceE
#
ip vpn-instance vpn1
route-distinguisher 2:3
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 4.4.4.4
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 22.1.1.0 0.0.0.255
#
igmp-snooping
global-enable
#
vlan 20 to 21
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
arp suppression enable
vxlan 21
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping proxy enable
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 4.4.4.4 255.255.255.255
pim sm
#
interface Vlan-interface20
ip address 22.1.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 21
combo enable copper
#
service-instance 100
encapsulation s-vid 21
xconnect vsi vpna
#
interface GigabitEthernet1/0/2
port access vlan 20
combo enable copper
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 192.168.40.1 255.255.255.0
pim sm
igmp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 200
peer 88.88.88.88 as-number 200
peer 88.88.88.88 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 88.88.88.88 enable
peer 88.88.88.88 next-hop-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 4.4.4.4
c-rp 4.4.4.4
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
#
return
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
