- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
05-組播VXLAN配置
本章節下載: 05-組播VXLAN配置 (1.21 MB)
目 錄
3.13.2 對稱跨VPN組網MVXLAN三層組播互通配置舉例(接收者側配置策略)
3.13.3 非對稱跨VPN組網MVXLAN三層組播互通配置舉例(接收者側配置策略)
3.13.4 存在公網接收者跨VPN組網MVXLAN三層組播互通配置舉例
3.13.5 雙DC跨數據中心三層組播互通配置舉例(不同DC相同L3VNI)
3.13.8 三DC跨數據中心三層組播互通支持多ED配置舉例(不同DC相同L3VNI)
MVXLAN(Multicast VXLAN,組播VXLAN)是一種在VXLAN或EVPN VXLAN網絡中進行組播業務傳輸的技術,實現了點到多點的高效數據傳遞。
在MVXLAN網絡中配置AC與VSI關聯時:
· 不支持Ethernet接入模式。配置接入模式的相關命令為xconnect vsi,關於此命令的詳細介紹,請參見“VXLAN命令參考”中的“VXLAN”。
· AC不支持同時匹配外層VLAN標簽和內層VLAN標簽(encapsulation s-vid { vlan-id | vlan-id-list } c-vid { vlan-id-list | all })。
目前,MVXLAN僅支持IPv4 Underlay網絡,不支持IPv6 Underlay網絡。
目前,組播VXLAN支持兩種工作模式:
· 入方向複製模式:實現在VXLAN網絡中傳輸不同VPN實例的組播流量。
· MDT(Multicast Distribution Tree,組播分發樹)模式:實現在EVPN VXLAN網絡中傳輸組播流量。
入方向複製模式組播VXLAN的典型組網如圖1-1所示。Border設備與VTEP設備之間手工建立VXLAN隧道,並與VXLAN關聯。組播源連接到Border,組播接收者連接到VTEP。Border接收到組播源發送的組播流量後,能夠區分流量所屬的VPN,並在對應的VPN內通過VXLAN隧道將組播流量轉發到遠端VTEP。VTEP再將組播流量轉發給組播接收者。
入方向複製模式組播VXLAN組網中,Border和VTEP上需要進行如下組播相關配置:
· 在Border上創建VSI虛接口,將該接口與VPN實例綁定,並在該接口上開啟IGMP功能。
· 將Border連接組播源的接口與VPN實例綁定。
· Border和VTEP上,均需要在VSI視圖下開啟IGMP snooping功能。
入方向複製模式組播VXLAN的組播表項學習過程為:
(1) 在Border的VSI虛接口上開啟IGMP功能後,該接口將在其關聯的VXLAN內廣播發送IGMP查詢報文。
(2) VTEP從VXLAN隧道上接收到IGMP查詢報文後,將VXLAN隧道接口設置為IGMP snooping的路由器端口。VTEP解封裝報文,並將其發送給本地主機。
(3) 如果本地存在組播接收者,則接收者回複IGMP成員關係報告報文。
(4) VTEP將接收到IGMP成員關係報告報文的AC設置為IGMP snooping的成員端口,並通過路由器端口(VXLAN隧道接口)將該報文封裝後發送給Border。
(5) Border從VXLAN隧道上接收到IGMP成員關係報告報文後,將該VXLAN隧道接口設置為IGMP snooping的成員端口。
完成組播表項學習後,組播流量將按照表項進行轉發:
(1) Border接收到組播流量後,判斷流量接收接口所屬的VPN實例,在該VPN實例內查表轉發組播流量。
(2) 如果組播流量的出接口為VSI虛接口,則在該VSI虛接口對應VXLAN內查找IGMP snooping成員端口(VXLAN隧道接口),通過這些VXLAN隧道接口將組播流量轉發給連接組播接收者的遠端VTEP。
(3) VTEP從VXLAN隧道上接收到組播流量後,解封裝該報文,並將其通過IGMP snooping成員端口轉發給相應的組播接收者。
MDT模式即在公網上建立以組播源所在的VTEP為根,組播接收者所在的VTEP為葉的組播分發樹,通過單向MVXLAN隧道在公網中沿組播分發樹轉發組播流量,實現組播流量的最優路徑轉發。
MDT模式組播VXLAN具有如下優點:
· 按需轉發組播流量:使用BGP EVPN路由和PIM協議搭建組播分發樹、控製接收者加入或離開組播組,實現按需轉發組播流量。
· 不同VXLAN之間可以轉發組播流量:通過部署分布式EVPN網關,實現組播流量跨VXLAN的三層轉發。
如圖1-2所示,VTEP均為分布式EVPN網關,VTEP間建立MVXLAN隧道。VTEP上創建MVXLAN實例指導組播流量轉發,通過本地AC和MVXLAN隧道分別將組播流量轉發至本地接收者和遠端VTEP。有關VTEP、VSI、VXLAN的詳細介紹,請參見“VXLAN配置指導”中的“VXLAN”。有關EVPN的詳細介紹,請參見“EVPN配置指導”中的“EVPN”。
· MDT:建立在屬於同一MVXLAN內所有VTEP間的組播分發樹,包括Default-MDT和Data-MDT兩種。
· Default-Group(默認組):每個MVXLAN在公網上分配一個獨立的組播組,稱為Default-Group。它是MVXLAN在公網上的唯一標誌,用來在公網上建立MVXLAN所對應的Default-MDT。無論私網組播報文屬於哪個組播組,VTEP都統一將其封裝為普通的公網組播數據報文,並以Default-Group作為其所屬的公網組播組。
· Default-MDT(Default-Multicast Distribution Tree,默認組播分發樹):以Default-Group為組地址的MDT,稱為Default-MDT。MVXLAN使用Default-Group唯一標識一棵Default-MDT。在該MVXLAN中傳輸的所有私網組播報文,無論從哪個VTEP進入公網,都經由此Default-MDT轉發。Default-MDT是在配置完成後自動生成的,在公網中將會一直存在,而不論公網或私網中有沒有實際的組播業務。
· Data-Group(數據組):當組播流量通過指定ACL規則的過濾時,入口VTEP會為其分配一個獨立的組播組,稱為Data-Group,並通知其它VTEP使用該組播組在公網內轉發該組播數據流量。一個MVXLAN唯一確定一個Data-Group範圍以便進行Data-MDT切換。在進行Data-MDT切換時,從Data-Group範圍中選取一個被引用最少的地址,從VTEP進入公網、通過指定ACL規則過濾的私網組播報文將使用該地址進行封裝。
· Data-MDT(Data-Multicast Distribution Tree,數據組播分發樹):以Data-Group為組地址的MDT,稱為Data-MDT。下遊存在接收者的VTEP加入Data-Group,形成一棵Data-MDT,入口VTEP使用Data-MDT在公網中轉發封裝後的私網組播數據。
為了支持MVXLAN,MP-BGP在EVPN地址族新增了如下EVPN路由用於創建MDT:
· Supplementary Broadcast Domain Selective Multicast Ethernet Tag Route:增強型廣播域選擇性組播以太網標簽路由,也叫SBD-SMET路由,包含私網組播源地址和組播組地址信息,用於接收者側的VTEP通告希望接收某個(*,G)或(S,G)的組播流量。該路由攜帶VPN實例下配置的RD和VPN實例IPv4地址族下配置的Export target。
· Selective Provider Multicast Service Interface Route:選擇性組播業務接口路由,也叫S-PMSI A-D路由,包含私網組播源地址、私網組播組地址、Default-Group或Data-Group地址及MVXLAN源接口地址。主要用於:
¡ 組播源側VTEP與其所有BGP鄰居間建立Default-MDT。
¡ Default-MDT向Data-MDT切換。
該路由攜帶VPN實例下配置的RD和VPN實例IPv4地址族下配置的Export target。
在MVXLAN網絡中,VTEP間會自動創建源為MVXLAN下指定的源接口地址,組地址為Default-Group或Data-Group地址的MVXLAN隧道用於轉發三層組播流量。該MVXLAN隧道是由組播源端VTEP指向組播接收者所在VTEP的單向MVXLAN隧道。MVXLAN創建後會自動與MVXLAN實例關聯。
公網中運行的組播路由協議可以是PIM-SM或PIM-SSM。在這兩種情況下,創建Default-MDT的過程是相同的,且Default-MDT都具有以下特點:
· 網絡中所有屬於同一個MVXLAN的VTEP都加入該MVXLAN的Default-MDT。
· 所有屬於某MVXLAN的私網組播報文進入公網後,均沿該MVXLAN的Default-MDT向各VTEP轉發,無論VTEP所連接的Site中是否存在接收者。
圖1-3 PIM-SM網絡中創建MDT
如圖1-3所示,公網中運行PIM-SM,VTEP 1、VTEP 2和VTEP 3都運行MVXLAN。以VTEP 1下的站點作為組播源為例,Default-MDT的創建過程如下:
(1) VTEP 1向VTEP 2和VTEP 3發送攜帶(*,*)信息的S-PMSI A-D路由給所有BGP鄰居,開始創建Default-MDT。
(2) VTEP 2和VTEP 3收到S-PMSI A-D路由後,路由中攜帶的(*,*)信息會觸發VTEP 2和VTEP 3加入組播組,即VTEP 2和VTEP 3根據路由的PMSI Tunnel屬性中的組播源和組播組信息(源為VTEP 1上MVXLAN隧道源接口的IP地址,組地址為VTEP 1上配置的Default-group)發送公網PIM加入信息,並在公網沿途建立組播表項,形成以VTEP 1為根,以VTEP 2和VTEP 3為葉的SPT,此SPT就是Default-MDT。
當Default-MDT創建完成後,組播源即可通過Default-MDT將私網組播數據發送給各Site中的接收者。私網組播數據在本地VTEP上進行VXLAN封裝並沿Default-MDT傳輸,在遠端VTEP上解封裝並繼續在私網內傳輸。
如圖1-4所示,網絡中運行PIM-SM,屬於Site 2的私網組播組G(225.1.1.1)的接收者(Receiver)與VTEP 2相連;屬於Site 1的組播源(Source)向G發送組播數據;用於公網組播數據轉發的Default-Group為239.1.1.1。私網組播數據跨越公網進行傳輸的過程如下:
(1) Source發送私網組播數據(192.1.1.1,225.1.1.1)到VTEP 1。
(2) VTEP 1上根據組播報文,在VPN實例中創建(192.1.1.1,225.1.1.1)組播轉發表。如果此時Receiver已經向VTEP 2發送IGMP加入信息,VTEP 2會向VTEP 1發送攜帶(*,G)的SBD-SMET路由,VTEP 1根據路由中的信息對組播報文進行VXLAN封裝(外層源地址為MVXLAN的源接口地址,外層組地址為Default-group地址)沿已經創建好的Default-MDT將VXLAN報文發送至所有遠端VTEP;如果此時沒有接收者,則丟棄組播報文。
(3) VTEP 2收到報文後,解封裝VXLAN報文,還原私網組播報文,查找組播轉發表將組播報文發送至本地Receiver。至此跨越公網網絡的私網組播數據傳輸完成。
(4) VTEP 3收到報文後,解封裝VXLAN報文,還原私網組播報文,發現本地沒有接收者,會將組播報文丟棄。
Data-MDT和Default-MDT都是同一個MVXLAN中的轉發隧道。Default-MDT由Default-Group唯一確定;Data-MDT則由Data-Group唯一確定。每個Default-Group關聯一組Data-Group範圍。
在公網中通過Default-MDT傳送組播數據時,組播報文被傳輸到支持同一VPN實例的所有VTEP上,無論該VTEP所連接的Site內是否存在接收者。當私網中組播數據的傳輸數據比較大時,可能在公網中造成數據的泛濫。這樣既浪費網絡帶寬,又增加了VTEP的處理負擔。
為了解決上述問題,MDT模式的MVXLAN支持在連接私網組播接收者和私網組播源的VTEP之間建立專用的Data-MDT,並將組播數據流從Default-MDT切換到Data-MDT,實現按需進行組播數據轉發,避免組播流量在公網中泛濫。
Default-MDT向Data-MDT切換的過程如下:
(1) 私網組播數據通過了ACL規則的過濾時,發起從Default-MDT向Data-MDT的切換。
(2) 源端VTEP從配置的Data-Group範圍中選取一個引用次數最少的Data-Group地址,並將其通過S-PMSI A-D路由發送至遠端VTEP,該路由中包含私網組播源地址、私網組播組地址、源端VTEP上MVXLAN源接口地址、Data-Group地址。
(3) 遠端VTEP收到S-PMSI A-D路由消息後,檢查本地是否有私網組播流量的接收者:如果有,則回複加入信息加入以組播源所在的VTEP為根的Data-MDT;如果沒有,則將該消息緩存起來,等待有接收者時直接回複加入信息加入Data-MDT。
(4) 當組播源端的VTEP發送S-PMSI A-D路由信息一定時間後,該VTEP會停止使用Default-Group地址對私網組播數據進行封裝,並改用Data-Group地址進行封裝,組播數據沿Data-MDT向下分發。
(5) Default-MDT切換到Data-MDT之後,當某下遊VTEP不再連接接收者時,可以通過發送PIM剪枝消息退出Data-MDT。
當私網組播數據切換到Data-MDT之後,由於情況變化導致其不滿足切換條件時,組播源所在的VTEP會把此私網組播數據從Data-MDT反向切換回Default-MDT,反向切換的過程與Default-MDT切換為Data-MDT相同,此處不再贅述。隻要滿足如下條件之一,VTEP就會進行反向切換:
· 更改Data-Group範圍後,用於私網組播數據封裝的Data-Group不在新的範圍之內。
· 控製私網組播數據由Default-MDT向Data-MDT切換的ACL規則發生了變化,私網組播數據不能通過新ACL規則的過濾。
MDT模式組播VXLAN跨DC(Data Center,數據中心)三層組播互通具有如下優點:
· 按需轉發組播流量:通過BGP EVPN路由感知DC外是否存在組播接收者,以此來控製ED是否將組播流量經VXLAN-DCI隧道轉發至其他DC,實現按需轉發組播流量。
· 不同DC使用不同L3VNI時也能互通:通過在ED上將不同DC的L3VNI映射為相同的L3VNI,或不同DC間的L3VNI相互映射,可以實現DC間相同VPN內不同L3VNI組播流量的互通。
如圖1-5所示,跨數據中心三層組播互通組網中,ED之間需要建立VXLAN-DCI隧道,組播流量通過該隧道在數據中心之間轉發。
ED從對端ED接收到SBD-SMET路由和S-PMSI A-D路由後,需要進行如下處理:
· SMET路由:ED根據路由的下一跳地址查找VXLAN-DCI隧道,該隧道接口作為組播流量的出接口,以便將DC內的組播流量通過該隧道轉發給對端ED。
· S-PMSI A-D路由:ED將該路由的PMSI Tunnel屬性中的組播源地址修改為本地ED的MVXLAN源接口地址,以便在DC內建立以該ED為組播源的Default-MDT或Data-MDT。
DC內ED和VTEP之間的BGP EVPN路由發布和MVXLAN隧道建立過程與非跨數據中心組網完全相同。
完成BGP EVPN路由發布和VXLAN/MVXLAN隧道建立後,跨數據中心三層組播流量的轉發過程為:
(1) VTEP 1接收到組播源發送的組播流量後,識別流量所屬的VPN,並在對應的VPN內通過組播隧道將流量轉發給本DC內的VTEP 2和ED 1。
(2) VTEP 2將組播流量轉發給其下的組播接收者;ED 1將組播流量經VXLAN-DCI隧道轉發給DC 2內的ED 2。
(3) ED 2通過組播隧道將組播流量轉發給VTEP 3,VTEP 3再將組播流量轉發給組播接收者。
不同DC中的相同用戶VPN使用不同L3VNI時,為了實現相同用戶VPN內三層組播流量的跨數據中心互通,需要在ED進行如下處理:
· 創建一個專屬的VPN實例。
· 對L3VNI進行映射,並使用映射的L3VNI與該VPN實例關聯。ED上的L3VNI映射方式包括如下幾種:
¡ 將不同DC的L3VNI映射為相同的L3VNI,該L3VNI稱為中間L3VNI。例如,DC 1內使用L3VNI 1、DC 2內使用L3VNI 2時,在DC 1內的ED 1上將L3VNI 1映射為中間L3VNI 12,在DC 2的ED 2內將L3VNI 2映射為中間L3VNI 12。
¡ 不同DC的L3VNI互相映射。例如,DC 1內使用L3VNI 10、DC 2內使用L3VNI 20時,在DC 1內的ED 1上將L3VNI 10映射為L3VNI 20,在DC 2的ED 2內將L3VNI 20映射為L3VNI 10。
· 在VTEP和ED之間、不同DC的ED之間進行S-PMSI和SMET路由重生成,修改路由中的RD、RT和L3VNI。
圖1-6 L3VNI映射示意圖
如圖1-6所示,DC 1的L3VNI為1,DC 2的L3VNI為2,使用中間L3VNI 12進行L3VNI映射。在該組網中,ED上路由重生成及組播轉發表項建立的過程為:
(1) 在VTEP 3上配置Default-Group之後,VTEP 3會主動發送攜帶(*,*)的S-PMSI路由,攜帶的L3VNI為2。
(2) ED 2收到該S-PMSI路由(DC內)後,將其添加到用戶VPN和專屬VPN,在專屬VPN內進行路由重生成,即替換S-PMSI中RD、RT和L3VNI(L3VNI替換為12)信息,並發送給ED 1。
(3) ED 1收到重生成的S-PMSI路由(DC外,L3VNI為12)後,將其添加到用戶VPN和專屬VPN,在用戶VPN內進行路由重生成,即替換S-PMSI中RD、RT和L3VNI(L3VNI替換為1)信息,並發送給VTEP 1和VTEP 2。
(4) Recevier 3發送組播組G的IGMP Report報文後,VTEP 3上會生成(*,G)的組播表項,並主動發送(*,G)的SMET路由。
(5) ED 2收到該SMET路由(DC內)後,將其添加到用戶VPN和專屬VPN,在專屬VPN內對其進行重生成,即替換SMET中的RD等信息,發送給ED 1。同時,ED 2在用戶VPN內生成(*,G)組播表項。
(6) ED 1收到重生成的SMET路由(DC外)後,將其添加到戶VPN和專屬VPN,在用戶VPN內對其進行重生成,發送給VTEP 1和VTEP 2。同時,ED 1在專屬VPN內生成(*,G)組播表項,出接口為VSI接口。
(7) VTEP 1和VTEP 2收到重生成的SMET路由(DC內)後,將其添加到用戶VPN,並生成(*,G)組播表項。
(8) 組播流量到達VTEP 1上後,VTEP 1會主動發送封裝Default-group並攜帶(S,G)組播源信息的S-PMSI路由。
(9) ED 1收到攜帶(S,G)的S-PMSI路由(DC內),對路由進行重生成。同時,ED 1會在用戶VPN內生成(S,G)的組播表項,出接口為專屬VPN;專屬VPN內也會生成(S,G)的組播表項,入接口為用戶VPN,出接口為VSI接口,該VSI接口對應的出端口為VXLAN-DCI 隧道接口。即,流量從用戶VPN進入後,通過專屬VPN內的VSI接口(VXLAN-DCI隧道接口)發送出去,到達ED 2。
(10) ED 2收到攜帶(S,G)的S-PMSI路由(DC外),對路由進行重生成。同時,ED 2會在專屬VPN內生成(S,G)的組播表項,入接口為VSI接口,出接口為用戶VPN;用戶VPN內也會生成(S,G)的組播表項,入接口為專屬VPN,出接口為MTunnel口。即,流量從專屬VPN進入後,通過用戶VPN內的MTunnel組播隧道轉發至VTEP 3。
在跨數據中心三層組播互通組網中,為了提高ED的可靠性,避免單點故障,在數據中心的邊緣可以部署多台ED設備與其他數據中心互聯。這些ED設備使用相同的虛擬IP地址,虛擬成一台ED設備,並采用虛擬IP地址與VTEP、遠端ED建立VXLAN隧道,以實現ED的冗餘備份和負載分擔。
如圖1-7所示,跨數據中心三層組播互通支持多ED組網中,BGP EVPN路由發布和VXLAN/MVXLAN隧道建立過程與跨數據中心三層組播互通組網基本相同。所不同的是:
· 多ED(ED 1和ED 2)使用虛擬IP地址與遠端ED(ED 3)建立VXLAN-DCI隧道。
· ED 3接收到來自DC 1的SMET路由或S-PMSI A-D路由後,將路由的下一跳修改為多ED的虛擬IP地址。
· ED不會加入同一個數據中心的其他ED的MVXLAN隧道。
完成BGP EVPN路由發布和VXLAN/MVXLAN隧道建立後,跨數據中心三層組播流量的轉發過程為:
(1) VTEP 1接收到組播源發送的組播流量後,識別流量所屬的VPN,並在對應的VPN內通過組播隧道將流量轉發給本DC內的VTEP、ED 1和ED2。
(2) 本DC內的其他VTEP將組播流量轉發給其下的組播接收者。ED 1和ED 2根據一定的原則從中選取一台設備將組播流量經VXLAN-DCI隧道轉發給DC 2內的ED 3。
(3) 遠端ED(ED 3)通過組播隧道將組播流量轉發給VTEP 2,VTEP 2再將組播流量轉發給組播接收者。
入方向複製模式組播VXLAN組網中,組播源隻能連接到Border設備。
開啟VSI虛接口的組播相關功能前,必須先配置VSI虛接口的主IP地址。
入方向複製模式組播VXLAN配置任務如下:
(1) 配置VXLAN
a. 創建VSI和VXLAN
b. 配置VXLAN隧道
c. 手工關聯VXLAN與VXLAN隧道
d. 建立數據幀與VSI的關聯
有關VXLAN的配置方法,請參見“VXLAN配置指導”中的“VXLAN”。
(2) 配置IGMP和IGMP Snooping
a. 在Border上使能VSI虛接口的IGMP功能
b. 在Border和VTEP上使能VSI的IGMP Snooping
有關IGMP和IGMP Snooping的配置方法,請參見“IP組播配置指導”中的“IGMP”和“IGMP Snooping”。
(3) 配置VPN實例
a. 創建VPN實例
b. 在Border上配置VSI虛接口和連接組播源的接口關聯VPN實例
有關VPN實例的配置方法,請參見“MPLS配置指導”中的“MPLS L3VPN”。
(4) 配置MVXLAN
b. 創建MVXLAN實例
c. 配置分布式DR接口
VTEP作為分布式VXLAN IP網關時,必須執行本配置。
(1) 進入係統視圖。
system-view
(2) 使能VPN實例中的組播路由,並進入該VPN實例的MRIB視圖。
multicast routing vpn-instance instance-name
缺省情況下,VPN實例的IP組播路由處於關閉狀態。
本命令的具體介紹請參見“IP組播命令參考”中的“組播路由與轉發”。
可以在VTEP上創建一個或多個入方向複製模式MVXLAN實例,以便為公網或不同的VPN實例提供服務。
(1) 進入係統視圖。
system-view
(2) 創建MVXLAN實例,並進入MVXLAN視圖。
multicast-vpn vxlan vpn-instance instance-name mode ingress-replication
(3) 創建MVXLAN IPv4地址族,並進入該地址族視圖。
address-family ipv4
(1) 進入係統視圖。
system-view
(2) 創建MVXLAN實例,並進入MVXLAN視圖。
multicast-vpn vxlan public-instance mode ingress-replication
(3) 創建MVXLAN IPv4地址族,並進入該地址族視圖。
address-family ipv4
在分布式網關組網中運行組播業務時,需要在分布式網關的VSI虛接口上執行本命令將VSI虛接口配置為分布式DR(Designated Router,指定路由器)接口,從而強製指定自己為DR,以便將組播流量轉發至本地站點。
(1) 進入係統視圖。
system-view
(2) 進入VSI虛接口視圖。
interface vsi-interface interface-number
(3) 將VSI虛接口配置為分布式DR接口。
pim distributed-dr
缺省情況下,VSI虛接口不是分布式DR接口。
本命令的詳細介紹,請參見“IP組播命令參考”中的“PIM”。
邊界網關Border連接外部網絡,組播源連接到Border。VTEP 1作為集中式VXLAN IP網關,本地存在組播接收者。VTEP 2同樣連接著組播接收者。通過入方向複製模式組播VXLAN,實現組播流量在VXLAN網絡中的轉發。
圖2-1 入方向複製模式組播VXLAN配置組網圖
(1) 配置IP地址和單播路由協議
配置各接口的IP地址和子網掩碼;在IP核心網絡內配置OSPF協議,確保路由器之間路由可達。
(2) 配置Border
# 開啟L2VPN能力,並使能IGMP snooping。
<Border> system-view
[Border] l2vpn enable
[Border] igmp-snooping
[Border-igmp-snooping] quit
# 在Border和VTEP之間建立VXLAN隧道。
[Border] interface tunnel 1 mode vxlan
[Border-Tunnel1] source 2.2.2.2
[Border-Tunnel1] destination 1.1.1.1
[Border-Tunnel1] quit
[Border] interface tunnel 2 mode vxlan
[Border-Tunnel2] source 2.2.2.2
[Border-Tunnel2] destination 3.3.3.3
[Border-Tunnel2] quit
# 創建VSI實例vpna和VXLAN 10,並使能VSI的IGMP snooping。
[Border] vsi vpna
[Border-vsi-vpna] igmp-snooping enable
[Border-vsi-vpna] vxlan 10
# 配置Tunnel1、Tunnel2與VXLAN 10關聯
[Border-vsi-vpna-vxlan-10] tunnel 1
[Border-vsi-vpna-vxlan-10] tunnel 2
[Border-vsi-vpna-vxlan-10] quit
[Border-vsi-vpna] quit
# 創建VPN實例vpna。
[Border] ip vpn-instance vpna
[Border-vpn-instance-vpna] quit
# 使能IP組播路由。
[Border] multicast routing vpn-instance vpna
[Border-mrib] quit
# 創建VSI虛接口,將其與VPN實例vpna綁定,並在其上使能IGMP。
[Border] interface vsi-interface vsi 1
[Border-Vsi-interface] ip binding vpn-instance vpna
[Border-Vsi-interface] ip address 100.1.1.2 255.255.255.0
[Border-Vsi-interface] igmp enable
[Border-Vsi-interface] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[Border] vsi vpna
[Border-vsi-vpna] gateway vsi-interface 1
[Border-vsi-vpna] quit
# 配置連接組播源的接口Vlan-interface30與vpn實例vpna關聯,並在該接口上開啟PIM SM。
[Border] interface vlan-interface 30
[Border-Vlan-interface30] ip binding vpn-instance vpna
[Border-Vlan-interface30] ip address 100.2.2.2 255.255.255.0
[Border-Vlan-interface30] pim sm
[Border-Vlan-interface30] quit
# 創建VPN實例vpna的入方向複製模式MVXLAN,進入MVXLAN IPv4地址族視圖。
[Border] multicast-vpn vxlan vpn-instance vpna mode ingress-replication
[Border-mvxlan-vpna] address-family ipv4
(3) 配置VTEP 1
# 開啟L2VPN能力,並使能IGMP snooping。
<VTEP1> system-view
[VTEP1] l2vpn enable
[VTEP1] igmp-snooping
[VTEP1-igmp-snooping] quit
# 在VTEP 1和Border之間建立VXLAN隧道。
[VTEP1] interface tunnel 2 mode vxlan
[VTEP1-Tunnel2] source 1.1.1.1
[VTEP1-Tunnel2] destination 2.2.2.2
[VTEP1-Tunnel2] quit
# 創建VSI實例vpna和VXLAN 10,並使能VSI的IGMP snooping。
[VTEP1] vsi vpna
[VTEP1-vsi-vpna] igmp-snooping enable
[VTEP1-vsi-vpna] vxlan 10
# 配置Tunnel2與VXLAN10關聯。
[VTEP1-vsi-vpna-vxlan-10] tunnel 2
[VTEP1-vsi-vpna-vxlan-10] quit
[VTEP1-vsi-vpna] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1和Twenty-FiveGigE1/0/2上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀,並將以太網服務實例與VSI實例vpna關聯。
[VTEP1] interface twenty-fivegige 1/0/1
[VTEP1-Twenty-FiveGigE1/0/1] service-instance 1000
[VTEP1-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
[VTEP1-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[VTEP1-Twenty-FiveGigE1/0/1-srv1000] quit
[VTEP1-Twenty-FiveGigE1/0/1] quit
[VTEP1] interface twenty-fivegige 1/0/2
[VTEP1-Twenty-FiveGigE1/0/2] service-instance 1000
[VTEP1-Twenty-FiveGigE1/0/2-srv1000] encapsulation s-vid 2
[VTEP1-Twenty-FiveGigE1/0/2-srv1000] xconnect vsi vpna
[VTEP1-Twenty-FiveGigE1/0/2-srv1000] quit
[VTEP1-Twenty-FiveGigE1/0/2] quit
(4) 配置VTEP 2
# 開啟L2VPN能力,並使能IGMP snooping。
<VTEP2> system-view
[VTEP2] l2vpn enable
[VTEP2] igmp-snooping
[VTEP2-igmp-snooping] quit
# 在VTEP 2和Border之間建立VXLAN隧道。
[VTEP2] interface tunnel 2 mode vxlan
[VTEP2-Tunnel2] source 3.3.3.3
[VTEP2-Tunnel2] destination 2.2.2.2
[VTEP2-Tunnel2] quit
# 創建VSI實例vpna和VXLAN 10,並使能VSI的IGMP snooping。
[VTEP2] vsi vpna
[VTEP2-vsi-vpna] igmp-snooping enable
[VTEP2-vsi-vpna] vxlan 10
# 配置Tunnel2與VXLAN10關聯。
[VTEP2-vsi-vpna-vxlan-10] tunnel 2
[VTEP2-vsi-vpna-vxlan-10] quit
[VTEP2-vsi-vpna] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1和Twenty-FiveGigE1/0/2上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀,並將以太網服務實例與VSI實例vpna關聯。
[VTEP2] interface twenty-fivegige 1/0/1
[VTEP2-Twenty-FiveGigE1/0/1] service-instance 1000
[VTEP2-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
[VTEP2-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[VTEP2-Twenty-FiveGigE1/0/1-srv1000] quit
[VTEP2-Twenty-FiveGigE1/0/1] quit
[VTEP2] interface twenty-fivegige 1/0/2
[VTEP2-Twenty-FiveGigE1/0/2] service-instance 1000
[VTEP2-Twenty-FiveGigE1/0/2-srv1000] encapsulation s-vid 2
[VTEP2-Twenty-FiveGigE1/0/2-srv1000] xconnect vsi vpna
[VTEP2-Twenty-FiveGigE1/0/2-srv1000] quit
[VTEP2-Twenty-FiveGigE1/0/2] quit
(1) 驗證Border設備
# 查看Border上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態。
[Border] display interface tunnel 1
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 2.2.2.2, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Border上的VSI虛接口信息,可以看到VSI虛接口處於up狀態。
[Border] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
# 查看Border上的組播路由表項,可以看到VSI虛接口作為組播路由表項的出接口。
[Border] display pim vpn-instance vpna routing-table
Total 17 (*, G) entries; 18 (S, G) entries
(10.1.2.99, 225.0.1.1)
RP: 10.1.2.88 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT 2MVPN
UpTime: 21:24:27
Upstream interface: Vlan-interface30
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 07:08:26, Expires: -
(2) 驗證VTEP設備
# 查看VTEP 1上的IGMP snooping組播組信息,可以看到AC側接口為成員端口。
[VTEP1] display igmp-snooping group
Total 1 entries.
VSI vpna: Total 1 entries.
(0.0.0.0, 225.0.1.1)
Host ports (1 in total):
WGE1/0/1 (Link ID 0) (00:04:20)
WGE1/0/2 (Link ID 1) (00:04:20)
# 查看VTEP 1上的IGMP snooping路由器端口信息,可以看到Tunnel接口為路由器端口。
[VTEP1] display igmp-snooping router-port
VSI vpna:
Router ports (1 in total):
Tun2 (VXLAN ID 10) (00:03:23)
(3) 組播接收者可以接收到組播源發送的數據。
MDT模式組播VXLAN配置任務如下:
(1) 配置EVPN
¡ 創建VSI和VXLAN
¡ 配置AC與VSI關聯
¡ 配置EVPN實例
¡ 配置BGP發布EVPN路由
¡ 配置分布式EVPN網關
有關EVPN的配置方法,請參見“EVPN配置指導”中的“EVPN”。
(2) 配置IGMP和IGMP Snooping
¡ 使能VSI虛接口的IGMP功能
¡ 使能VSI虛接口的IGMP代理功能
¡ 使能IGMP Snooping
¡ 配置IGMP Snooping Proxy
有關IGMP和IGMP Snooping的配置方法,請參見“IP組播配置指導”中的“IGMP”和“IGMP Snooping”。
(3) VTEP公網側接口配置PIM協議
請至少選擇其中一項任務進行配置:
¡ 配置PIM-SM
¡ 配置PIM-SSM
有關PIM協議的配置方法,請參見“IP組播配置指導”中的“PIM”。
(4) 配置MVXLAN
¡ 創建MVXLAN
¡ (可選)配置跨VPN組播轉發路由選路策略
¡ (可選)配置跨數據中心三層組播互通
¡ (可選)配置跨數據中心三層組播互通支持多ED
如需在MDT模式組播VXLAN組網中使用IGMP代理功能,則需要注意以下要求:
· 所有VTEP和ED設備上都需要開啟IGMP代理功能,不允許僅部分VTEP或ED開啟IGMP代理功能。
· 不支持使用IGMPv1。
· 如果組播接收者發送攜帶(*,G)的IGMP成員關係報告,則向組播組G發送組播流量的所有組播源必須連接到同一台VTEP,否則會導致組播轉發表項的出接口頻繁變化,影響組播流量轉發。
(1) 進入係統視圖。
system-view
(2) 使能VPN實例中的組播路由,並進入該VPN實例的MRIB視圖。
multicast routing vpn-instance instance-name
缺省情況下,VPN實例的IP組播路由處於關閉狀態。
本命令的具體介紹請參見“IP組播命令參考”中的“組播路由與轉發”。
可以在VTEP上創建一個或多個MDT模式MVXLAN實例為不同的VPN或公網實例提供服務。
當組播源和組播接收者通過不同的VTEP(或Border)接入時,不支持通過公網實例的MVXLAN實現組播流量互通。
(1) 進入係統視圖。
system-view
(2) 創建MVXLAN實例,並進入MVXLAN視圖。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(1) 進入係統視圖。
system-view
(2) 創建MVXLAN實例,並進入MVXLAN視圖。
multicast-vpn vxlan public-instance mode mdt
VTEP在對私網組播報文進行VXLAN封裝時,使用Default-Group作為報文外層目的地址。
不同MVXLAN實例的Default-Group地址不能相同,且Default-Group地址不能與Data-Group地址相同。
(1) 進入係統視圖。
system-view
(2) 進入MVXLAN視圖。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 創建MVXLAN IPv4地址族,並進入該地址族視圖。
address-family ipv4
(4) 指定Default-Group。
default-group group-address
VTEP在封裝私網組播報文時使用MVXLAN的源接口的IP地址作為外層源地址。
同一台設備上所有MVXLAN實例使用的MVXLAN源接口必須一致。
MVXLAN源接口必須與建立BGP對等體時所使用的源接口相同,否則將無法獲取正確的路由信息。
(1) 進入係統視圖。
system-view
(2) 進入MVXLAN視圖。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 進入MVXLAN地址族視圖。
address-family ipv4
(4) 指定MVXLAN源接口。
source interface-type interface-number
缺省情況下,未指定MVXLAN源接口。
為了減少公網流量泛濫,節約帶寬,可將Default-MDT切換為Data-MDT,實現組播流量按需轉發。滿足切換條件的組播流量不會立即切換到Data-MDT,而是等待一段延遲時間後再進行切換,以避免組播數據流量在Default-MDT與Data-MDT之間進行頻繁切換。
同一台設備上,一個MVXLAN的Data-group範圍不能包含任何其他MVXLAN的Default-group,也不能與其他任何MVXLAN的Data-group範圍重疊。
所有VPN實例共用Data-Group資源,所以不建議在單個VPN實例內把Data-Group的範圍配置的過大,否則會導致其他VPN實例無可用Data-Group。
(1) 進入係統視圖。
system-view
(2) 進入MVXLAN視圖。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 進入MVXLAN地址族視圖。
address-family ipv4
(4) 配置Data-Group的範圍和切換條件。
data-group group-address { mask-length | mask } [ acl acl-number | name acl-name ]
缺省情況下,不存在Data-Group的範圍,不會向Data-MDT進行切換。
(5) 配置由Default-MDT向Data-MDT切換的延遲時間。
data-delay delay
缺省情況下,由Default-MDT向Data-MDT切換的延遲時間為3秒。
在EVPN組網中運行組播業務時,需要在分布式EVPN網關的VSI虛接口上執行本命令將VSI虛接口配置為分布式DR(Designated Router,指定路由器)接口,從而強製指定自己為DR,用於將組播流量轉發至本地站點。
(1) 進入係統視圖。
system-view
(2) 進入VSI虛接口視圖。
interface vsi-interface interface-number
(3) 將VSI虛接口配置為分布式DR接口。
pim distributed-dr
缺省情況下,VSI虛接口不是分布式DR接口。
本命令的詳細介紹,請參見“IP組播命令參考”中的“PIM”。
執行本配置後,可以將某VPN實例的接收者的加入信息通過其它VPN實例發送至組播源,從而實現組播源和組播接收者位於不同的VPN網絡之間的組播轉發。
跨VPN組播轉發路由的RPF選路策略分為:
· 基於L3VNI的RPF選路策略:即根據L3VNI判斷是否進行跨VPN組播轉發。
在組播源側VTEP上配置該策略時,VTEP根據組播源所在VPN實例的L3VNI、組播源地址、組播組地址查找匹配的RPF選路策略。如果存在匹配的策略,則根據該RPF策略將組播流量引入到指定的VPN實例。
在組播接收者側VTEP上配置該策略時,跨VPN組播轉發機製為:
a. 組播源側VTEP接收到組播源發送的組播報文後,為組播報文添加VXLAN頭,VXLAN頭中攜帶組播源所在VPN實例的L3VNI。
b. 組播接收者側VTEP接收到VXLAN封裝的組播報文後,如果該報文的L3VNI、組播源地址、組播組地址匹配了RPF選路策略,則根據該RPF策略將組播流量引入到指定的VPN實例。
· 基於VPN實例的RPF選路策略:即根據VPN實例判斷是否進行跨VPN組播轉發。
在組播源側VTEP上配置該策略時,VTEP根據組播源所屬的VPN實例、組播源地址、組播組地址查找匹配的RPF選路策略。如果存在匹配的策略,則根據該RPF策略將組播流量引入到指定的VPN實例。
在組播接收者側VTEP上配置該策略時,跨VPN組播轉發機製為:
a. 組播源側VTEP接收到組播源發送的組播報文後,為組播報文添加VXLAN頭,VXLAN頭中攜帶組播源所在VPN實例的L3VNI。
b. 組播接收者側VTEP接收到VXLAN封裝的組播報文後,在本地查找L3VNI對應的VPN實例,如果L3VNI對應的VPN實例、組播源地址、組播組地址匹配了RPF選路策略,則根據該RPF策略將組播流量引入到指定的VPN實例。
跨VPN組網環境分為:
· 非對稱跨VPN組網:組播接收者側VTEP上不存在組播源所在的VPN實例。
該組網方式支持的跨VPN組播轉發路由選路策略類型與選路策略配置的位置有關:
¡ 在組播源側VTEP上,既可以配置基於L3VNI的選路策略,也可以配置基於VPN實例的選路策略。
¡ 在組播接收者側VTEP上,隻能配置基於L3VNI的選路策略。
· 對稱跨VPN組網:組播接收者側VTEP上存在組播源所在的VPN實例。
在這種組網中,組播源側VTEP和組播接收者側VTEP上,均可以配置基於L3VNI的選路策略和基於VPN實例的選路策略。
如果VTEP連接的部分組播接收者屬於公網,則無論是對稱跨VPN組網還是非對稱跨VPN組網,都不能在RPF選路策略中指定l3-vni vxlan-id參數和vpn-instance vpn-instance-name參數。組播接收者側VTEP上,為了實現在公網內轉發組播流量的同時,將該流量引入到另一個VPN實例,需要配置與公網實例關聯的L3VNI(假設為vxlan-id1),並在需要引入流量的VPN實例下配置未指定L3VNI和VPN實例的RPF選路策略(假設為policy-a)。組播接收者側VTEP接收到L3VNI為vxlan-id1的組播報文後,如果該報文與RPF選路策略policy-a匹配,則會在公網和指定VPN實例內轉發組播流量。
源VPN和接收者VPN必須運行相同的PIM模式,目前支持PIM-SM和PIM-SSM。
采用PIM-SM模式時,推薦使用下麵的方式配置跨VPN選路策略:
· 隻指定組播源方式:該方式下,必須配置兩條選路策略,一條以服務於有跨VPN需求的組播組的RP地址作為源地址,一條以源VPN裏的組播源作為源地址。如果存在多個有跨VPN需求的組播組,則推薦單獨配置RP服務於這些組播組,同時需要將此RP配置為跨VPN組播路由的RPF選路策略的組播源地址。
· 隻指定組播組方式:隻需要配置一條指定源VPN中組播組地址的選路策略。
采用PIM-SSM方式時,推薦使用下麵的方式配置跨VPN選路策略:一條同時指定源VPN內組播源地址和組播組地址的選路策略。
暫不支持通過基於L3VNI(指定l3-vni vxlan-id參數)的RPF選路策略將VSI虛接口接收到的公網組播流量(組播源所屬的VSI與公網實例關聯)引流到接收者VPN。
隻支持一次跨VPN組播轉發,接收者VPN不能同時作為源VPN,即配置VPN a引入VPN b中流量的跨VPN選路策略後,不能再配置VPN b引入VPN a中流量的跨VPN選路策略。
對於同一個組播源、組播組地址,不能同時配置基於L3VNI(指定l3-vni vxlan-id參數)和基於VPN實例的(指定vpn-instance vpn-instance-name參數)的選路策略。具體要求為:
· 采用PIM-SM模式時,對於同一個組播組地址,隻能配置一條指定l3-vni vxlan-id參數或vpn-instance vpn-instance-name參數的選路策略。
· 采用PIM-SSM方式時,對於同一個組播源和組播組地址,隻能配置一條指定l3-vni vxlan-id參數或vpn-instance vpn-instance-name參數的選路策略。
在一個接收者VPN(multicast routing [ vpn-instance vpn-instance-name ]命令指定的VPN)內,來自同一個源VPN的所有組播流量必須配置相同方式的選路策略,不能為不同組播源、組播組地址配置不同方式的選路策略。
如果在接收者VPN中配置了跨VPN的IPv4組播路由的RPF選路策略,且該策略隻指定了組播組地址,那麼該VPN原先相同的VPN實例的組播流量轉發將中斷。
不同跨VPN策略的組播源地址和組播組地址範圍不能完全相同,但是可以有重疊。若對於同一個(S,G)表項,存在多條匹配的選路策略,則按照最長匹配進行選擇:
· 選擇組地址掩碼匹配最長的選路策略。
· 如果組地址掩碼相同,則選擇源地址掩碼匹配最長的選路策略。
(1) 進入係統視圖。
system-view
(2) 進入MRIB實例視圖。
multicast routing [ vpn-instance vpn-instance-name ]
(3) 配置VPN的IPv4組播路由的RPF路策略。
multicast extranet select-rpf [ l3-vni vxlan-id | vpn-instance vpn-instance-name ] { source source-address { mask | mask-length } | group group-address { mask | mask-length } } *
跨數據中心三層組播互通組網中,不僅需要在VTEP和ED上完成MDT模式組播VXLAN的相關配置,還需要執行本配置,以便實現三層組播流量通過ED跨數據中心轉發。
不支持組播源和組播接收者直接連接在ED設備上。
暫不支持組播源跨DC遷移。
通過BGP EVPN路由動態創建VXLAN-DCI隧道時,需要在ED間互連的三層接口上通過dci enable命令開啟DCI功能。ED間手工創建VXLAN-DCI隧道時,不能在ED間互連的三層接口上開啟DCI功能。
MDT模式組播VXLAN跨數據中心三層組播互通組網中,如果使用專屬VPN進行L3VNI映射,則不同專屬VPN實例的RT屬性不能有交叉,即一個專屬VPN實例的Export RT不能同時與其他專屬VPN實例的Import RT匹配,以保證每個專屬VPN之間路由完全隔離。
跨數據中心三層組播互通組網中,需要在ED上配置路由策略,使得ED從本DC內的其他ED、從其他DC內的ED接收到S-PMSI A-D路由和SMET路由後,不會再將該路由發送給ED設備(包括本DC內的ED和其他DC的ED)。
(1) 進入係統視圖。
system-view
(2) 進入MVXLAN視圖。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 進入MVXLAN地址族視圖。
address-family ipv4
(4) 開啟組播DCI功能。
dci enable
缺省情況下,組播DCI功能處於關閉狀態。
(5) (可選)配置修改BGP EVPN路由中的信息。
a. 退回係統視圖。
quit
quit
b. 進入BGP實例視圖。
bgp as-number [ instance instance-name ]
c. 進入BGP EVPN地址族視圖。
address-family l2vpn evpn
d. 配置從對等體/對等體組接收到BGP EVPN路由後,修改路由中的信息。
peer { group-name | ipv4-address [ mask-length ] } re-originated [ smet | s-pmsi ] [ replace-rt ]
缺省情況下,不修改從對等體/對等體組接收到的EVPN路由的信息。
不同DC內相同VPN使用不同的L3VNI時,需要執行本命令。
本命令的詳細介紹,請參見“EVPN命令參考”中的“EVPN”。
如果在設備上同時配置了s-pmsi advertise source-active命令和data-group命令,則Default-MDT向Data-MDT切換的延遲時間(由data-delay命令配置)必須大於BGP發布同一路由的時間間隔(由peer route-update-interval命令配置)。否則,通告Data-Group的S-PMSI路由可能會被BGP抑製發布,導致從Default-MDT向Data-MDT切換的過程中流量轉發中斷。
(1) 進入係統視圖。
system-view
(2) 進入MVXLAN視圖。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 進入MVXLAN地址族視圖。
address-family ipv4
(4) 配置通過S-PMSI路由通告激活組播源信息。
s-pmsi advertise source-active
缺省情況下,不會通過S-PMSI路由通告激活組播源信息。
配置本命令後,VTEP接收到組播流量時,會發送攜帶組播流量所屬(S,G)的S-PMSI路由。通過該路由,VTEP和ED可以確認組播源位於DC內還是DC外。
跨數據中心三層組播互通組網中,通過配置本功能在一個數據中心中部署多台ED,可以提高ED設備的可靠性,避免單點故障。
當多台ED中的一台ED故障時,其餘ED可以接管該ED的流量。ED故障恢複後,需要通告BGP EVPN路由,觸發重新建立組播轉發表項,該ED才可以正常轉發組播報文。如果在組播轉發表項建立前將流量回切到該ED,則會導致組播流量轉發中斷。因此,需要在所有ED上均配置回切延遲時間,確保某個ED故障恢複後,其餘ED等待延遲時間再回切流量,以避免流量轉發中斷。
為了避免組播流量轉發失敗,需要在VTEP上執行vxlan default-decapsulation命令開啟缺省解封裝指定IPv4 VXLAN報文的功能,或在VTEP上手工創建到達同一數據中心的各個ED設備真實IP地址的VXLAN隧道。
同一個數據中心的多台ED之間需要BGP路由互通,且ED之間不能配置BGP路由重生成。
不能在同一DC的ED之間轉發S-PMSI A-D路由和SMET路由。由於BGP的部署方式(如,同一DC內的ED之間建立全連接),使得ED之間可能會轉發BGP路由時,需要在ED上配置路由策略,限製ED將從其他BGP對等體接收到的S-PMSI A-D路由和SMET路由發送給本DC的其他ED。
係統視圖和MVXLAN地址族視圖下均可以配置ED的回切延遲時間。係統視圖的配置對所有MVXLAN網絡都有效,而MVXLAN地址族視圖的配置隻對當前MVXLAN網絡有效。對於一個MVXLAN網絡來說,優先采用對應MVXLAN地址族視圖的配置,隻有MVXLAN地址族視圖下未進行配置時,才采用係統視圖的配置。
執行本配置前,需要完成跨數據中心三層組播互通相關配置,詳細介紹請參見“3.10 配置跨數據中心三層組播互通”。
(1) 進入係統視圖。
system-view
(2) 配置ED設備的虛擬IP地址。
evpn edge group group-ipv4
缺省情況下,未配置ED設備的虛擬IP地址。
本命令的詳細介紹,請參見“EVPN命令參考”中的“EVPN”。
(3) 跨數據中心三層組播互通支持多ED組網中,在ED設備上配置屬於同一個數據中心的其他ED設備的IP地址。
multicast-vpn vxlan edge remote remote-ipv4-address
缺省情況下,跨數據中心三層組播互通支持多ED組網中,未在ED設備上指定其它ED設備的IP地址。
(4) 全局配置ED的回切延遲時間。
multicast-vpn vxlan dci switch-delay delay-time
缺省情況下,ED的回切延遲時間為10秒。
(5) 進入MVXLAN視圖。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(6) 進入MVXLAN IPv4地址族視圖。
address-family ipv4
(7) 配置ED的回切延遲時間。
dci switch-delay delay-time
缺省情況下,以係統視圖下multicast-vpn vxlan dci switch-delay命令全局配置的ED回切延遲時間為準。
在完成上述配置後,在任意視圖下執行display命令可以顯示配置後的MDT模式組播VXLAN的運行情況,通過查看顯示信息驗證配置的效果。
表3-1 MDT模式組播VXLAN顯示和維護
|
命令 |
|
|
顯示MVXLAN接收報文中的Data-Group信息 |
display multicast-vpn vxlan { vpn-instance instance-name | public-instance } data-group receive [ brief | [ active | group group-address | sender source-address | vpn-source-address [ mask { mask-length | mask } ] | vpn-group-address [ mask { mask-length | mask } ] ] * ] |
|
顯示MVXLAN發送報文中的Data-Group信息 |
display multicast-vpn vxlan { vpn-instance instance-name | public-instance } data-group send [ group group-address | vpn-source-address [ mask { mask-length | mask } ] | vpn-group-address [ mask { mask-length | mask } ] ] * |
|
顯示MVXLAN報文的Default-Group的信息 |
display multicast-vpn vxlan [ vpn-instance instance-name | public-instance ] default-group { local | remote } |
Switch A和Switch B為分布式EVPN網關設備;Switch C為與廣域網連接的邊界網關設備;Switch D為RR,負責在交換機之間反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公網接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用於建立組播轉發表項。
虛擬機VM 1為組播源,其餘VM為組播接收者,VM1和VM 3屬於VXLAN 10;VM 2和VM 4屬於VXLAN 20。VM 2、VM 3和VM 4均可通過分布式EVPN接收組播組225.0.0.0的組播流量。
圖3-1 相同VPN內MVXLAN三層組播互通配置舉例
(1) 配置IP地址和單播路由協議
# 在VM 1和VM 3上指定網關地址為10.1.1.1;在VM 2和VM 4上指定網關地址為10.1.2.1。(具體配置過程略)
# 配置各接口的IP地址和子網掩碼;在IP核心網絡內配置OSPF協議,確保交換機之間路由可達。(具體配置過程略)
(2) 配置Switch A
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 創建VLAN接口11並進入視圖。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI實例vpnb內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 創建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP發布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 創建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 創建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1為Trunk端口,允許VLAN 2、3通過。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 3的數據幀。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# 配置以太網服務實例2000與VSI實例vpnb關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# 配置VPN實例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN實例vpna的IP組播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 24
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 創建VLAN接口12並進入視圖。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI實例vpnb內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 創建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP發布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 創建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 創建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1為Trunk端口,允許VLAN 2、3通過。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 3的數據幀。
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# 配置以太網服務實例2000與VSI實例vpnb關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# 配置VPN實例vpna的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 1:1
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN實例vpna的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] source loopback 0
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 12.12.12.12
[SwitchB-pim-vpna] c-rp 12.12.12.12
[SwitchB-pim-vpna] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
(4) 配置Switch C
# 開啟L2VPN能力,使能IP組播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 創建VLAN接口13並進入視圖。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP發布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN實例vpna的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 1:1
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN實例vpna中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] source loopback 0
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 12.12.12.12
[SwitchC-pim-vpna] c-rp 12.12.12.12
[SwitchC-pim-vpna] quit
# 配置缺省路由,下一跳為廣域網中某台設備的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100
# 將缺省路由引入到VPN實例vpna的BGP IPv4單播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpna] default-route imported
[SwitchC-bgp-default-ipv4-vpna] import-route static
[SwitchC-bgp-default-ipv4-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# 配置連接廣域網的接口Twenty-FiveGigE1/0/2與VPN實例vpna關聯。
[SwitchC] interface twenty-fivegige 1/0/2
[SwitchC-Twenty-FiveGigE1/0/2] ip binding vpn-instance vpna
[SwitchC-Twenty-FiveGigE1/0/2] ip address 20.1.1.3 24
[SwitchC-Twenty-FiveGigE1/0/2] pim sm
[SwitchC-Twenty-FiveGigE1/0/2] quit
# 創建VLAN 20,並進入VLAN視圖。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置連接廣域網的接口Vlan-interface20與VPN實例vpna關聯。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
(5) 配置Switch D
# 使能IP組播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 進入公網實例的PIM視圖,並將接口LoopBack0配置為公網的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D與其他交換機建立BGP連接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP發布EVPN路由,並關閉BGP EVPN路由的VPN-Target過濾功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D為路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的組播路由信息。
# 查看Swich A上VPN實例vpna的組播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# 查看Switch A的公網組播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:16:34, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:08:52
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:15:34, Expires: 00:03:11
(2) 查看Switch B的組播路由信息。
# 查看Switch B的VPN實例vpna的組播路由信息。
<SwitchB> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 05:04:06
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: igmp, UpTime: 05:04:06, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ FROMVXLAN
UpTime: 01:57:12
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 01:57:12, Expires: -
# 查看Switch B公網的路由信息。
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 01:59:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:59:46, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT
UpTime: 01:58:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:58:46, Expires: -
Switch A和Switch B為分布式EVPN網關設備;Switch C為與廣域網連接的邊界網關設備;Switch D為RR,負責在交換機之間反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公網接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用於建立組播轉發表項。
虛擬機VM 1為組播源,其餘VM為組播接收者。VM 1、VM 2和VM 3屬於VPN實例vpna,VM 4屬於VPN實例vpnb。VM 1和VM 3屬於VXLAN 10;VM 2和VM 4屬於VXLAN 20。
圖3-2 對稱跨VPN組網MVXLAN三層組播互通配置舉例(接收者側配置策略)
組播接收者側VTEP上存在組播源所在的VPN實例,該組網為對稱跨VPN組網。在該組網中,組播源側VTEP和組播接收者側VTEP上相同VPN的RT必須相同,且隻需要在與源VPN相同的VPN實例內配置組播VXLAN。
在對稱跨VPN組網中,跨VPN組播轉發路由的RPF選路策略既可以配置組播源側VTEP上,也可以配置在組播接收者側VTEP上。在組播接收者側VTEP上,既可以配置基於L3VNI的選路策略,也可以配置基於VPN實例的選路策略。本舉例僅以組播接收者側VTEP上配置基於L3VNI的選路策略為例。
(1) 配置IP地址和單播路由協議
# 在VM 1和VM 3上指定網關地址為10.1.1.1;在VM 2和VM 4上指定網關地址為10.1.2.1。(具體配置過程略)
# 配置各接口的IP地址和子網掩碼;在IP核心網絡內配置OSPF協議,確保交換機之間路由可達。(具體配置過程略)
(2) 配置Switch A
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 創建VLAN接口11並進入視圖。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI實例vpnb內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 創建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP發布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 創建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 創建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1為Trunk端口,允許VLAN 2、3通過。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 3的數據幀。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# 配置以太網服務實例2000與VSI實例vpnb關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# 配置VPN實例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN實例vpna的IP組播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 創建VPN實例vpna的MVXLAN,並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 25
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 創建VLAN接口12並進入視圖。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI實例vpnb內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 創建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP發布EVPN路由
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 創建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 創建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1為Trunk端口,允許VLAN 2通過。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000]encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# 配置端口Twenty-FiveGigE1/0/2為Trunk端口,允許VLAN 3通過。
[SwitchA] interface twenty-fivegige 1/0/2
[SwitchA-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# 在接口Twenty-FiveGigE1/0/2上創建以太網服務實例2000,該實例用來匹配VLAN 3的數據幀。
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# 配置以太網服務實例2000與VSI實例vpnb關聯。
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# 配置VPN實例vpna的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 1:1
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VPN實例vpnb的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN實例vpna的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# 使能VPN實例vpnb的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# 創建VPN實例vpna的MVXLAN,並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] source loopback 0
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為VPN實例vpna的C-BSR和C-RP
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 12.12.12.12
[SwitchB-pim-vpna] c-rp 12.12.12.12
[SwitchB-pim-vpna] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpnb
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack2配置為VPN實例vpnb的C-BSR和C-RP
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 13.13.13.13
[SwitchB-pim-vpnb] c-rp 13.13.13.13
[SwitchB-pim-vpnb] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 配置跨VPN策略,將VPN實例vpna的流量引入到VPN實例vpnb中。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
(4) 配置Switch C
# 開啟L2VPN能力,使能IP組播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 創建VLAN接口13並進入視圖。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP發布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN實例vpna的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 1:1
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 配置VPN實例vpnb的RD和RT。
[SwitchC] ip vpn-instance vpnb
[SwitchC-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchC-vpn-instance-vpnb] address-family ipv4
[SwitchC-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchC-vpn-ipv4-vpnb] quit
[SwitchC-vpn-instance-vpnb] address-family evpn
[SwitchC-vpn-evpn-vpnb] vpn-target 1:1
[SwitchC-vpn-evpn-vpnb] quit
[SwitchC-vpn-instance-vpnb] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN實例vpna中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# 使能VPN實例vpnb中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] quit
# 創建VPN實例vpna的MVXLAN,並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] source loopback 0
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為VPN實例vpna的C-BSR和C-RP
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 12.12.12.12
[SwitchC-pim-vpna] c-rp 12.12.12.12
[SwitchC-pim-vpna] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpnb
[SwitchC-LoopBack2] ip address 13.13.13.13 32
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack2配置為VPN實例vpnb的C-BSR和C-RP
[SwitchC] pim vpn-instance vpnb
[SwitchC-pim-vpnb] c-bsr 13.13.13.13
[SwitchC-pim-vpnb] c-rp 13.13.13.13
[SwitchC-pim-vpnb] quit
# 配置缺省路由,下一跳為廣域網中某台設備的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpnb 0.0.0.0 0 20.1.1.100
# 將缺省路由引入到VPN實例vpnb的BGP IPv4單播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpnb
[SwitchC-bgp-default-vpnb] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpnb] default-route imported
[SwitchC-bgp-default-ipv4-vpnb] import-route static
[SwitchC-bgp-default-ipv4-vpnb] quit
[SwitchC-bgp-default-vpnb] quit
[SwitchC-bgp-default] quit
# 創建VLAN接口20並進入視圖。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置連接廣域網的接口Vlan-interface 20與VPN實例vpnb關聯。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpnb
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
# 配置跨VPN策略將VPN實例vpna的流量轉發到VPN實例vpnb中。
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
(5) 配置Switch D
# 使能IP組播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 進入公網實例的PIM視圖,並將接口LoopBack0配置為公網的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D與其他交換機建立BGP連接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP發布EVPN路由,並關閉BGP EVPN路由的VPN-Target過濾功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D為路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的組播路由信息。
# 查看Swich A上VPN實例vpna的組播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 03:01:20
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 03:01:22, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 03:01:20
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 03:01:22, Expires: -
# 查看Switch A的公網組播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 04:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 04:09:40, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:00:20
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:00:20, Expires: 00:03:11
(2) 查看Switch B的組播路由信息。
# 查看Switch B的VPN實例vpna的組播路由信息。
<SwitchB> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 03:01:20
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 03:01:20, Expires: -
2: Vsi-interface1
Protocol: igmp, UpTime: 03:01:20, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT FROMVXLAN
UpTime: 03:00:20
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 03:00:20, Expires: -
2: Vsi-interface1
Protocol: pim-sm, UpTime: 03:00:20, Expires: -
# 查看Switch B的VPN實例vpnb的組播路由信息。
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 03:01:20
Upstream interface: Extranet (VPN: vpna, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: igmp, UpTime: 05:04:11, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 03:00:20
Upstream interface: Extranet (VPN: vpna, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: pim-sm, UpTime: 03:00:20, Expires: -
# 查看Switch B公網的路由信息。
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 04:09:00
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:09:40, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 03:00:20
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:00:20, Expires: -
Switch A和Switch B為分布式EVPN網關設備;Switch C為與廣域網連接的邊界網關設備;Switch D為RR,負責在交換機之間反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公網接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用於建立組播轉發表項。
虛擬機VM 1為組播源,其餘VM為組播接收者。VM 1和VM 2屬於VPN實例vpna,VM 3屬於VPN實例vpnb,VM 4屬於VPN實例vpnc。VM 1和VM 3屬於VXLAN 10;VM 2和VM 4屬於VXLAN 20。
圖3-3 非對稱跨VPN組網MVXLAN三層組播互通配置舉例(接收者側配置策略)
組播接收者側VTEP上不存在組播源所在的VPN實例,該組網為非對稱跨VPN組網。在該組網中,組播接收者側VTEP上組播接收者所在VPN實例的RT必須和組播源側VTEP上組播源所在VPN實例的RT相同。
在非對稱跨VPN組網中,跨VPN組播轉發路由的RPF選路策略既可以配置組播源側VTEP上,也可以配置在組播接收者側VTEP上。在組播接收者側VTEP上,僅可以配置基於L3VNI的選路策略。本舉例僅以組播接收者側VTEP上配置基於L3VNI的選路策略為例。
(1) 配置IP地址和單播路由協議
# 在VM 1和VM 3上指定網關地址為10.1.1.1;在VM 2和VM 4上指定網關地址為10.1.2.1。(具體配置過程略)
# 配置各接口的IP地址和子網掩碼;在IP核心網絡內配置OSPF協議,確保交換機之間路由可達。(具體配置過程略)
(2) 配置Switch A
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 創建VLAN接口11並進入視圖。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI實例vpnb內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 創建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP發布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 創建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 創建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1為Trunk端口,允許VLAN 2、3通過。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 3的數據幀。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# 配置以太網服務實例2000與VSI實例vpnb關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# 配置VPN實例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN實例vpna的IP組播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 25
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 創建VLAN接口12並進入視圖。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI實例vpnb內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 創建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP發布EVPN路由
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 創建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 創建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1為Trunk端口,允許VLAN 2通過。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000]encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# 配置端口Twenty-FiveGigE1/0/2為Trunk端口,允許VLAN 3通過。
[SwitchA] interface twenty-fivegige 1/0/2
[SwitchA-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# 在接口Twenty-FiveGigE1/0/2上創建以太網服務實例2000,該實例用來匹配VLAN 3的數據幀。
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# 配置以太網服務實例2000與VSI實例vpnb關聯。
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# 配置VPN實例vpnb的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置VPN實例vpnc的RD和RT。
[SwitchB] ip vpn-instance vpnc
[SwitchB-vpn-instance-vpnc] route-distinguisher 3:3
[SwitchB-vpn-instance-vpnc] address-family ipv4
[SwitchB-vpn-ipv4-vpnc] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnc] quit
[SwitchB-vpn-instance-vpnc] address-family evpn
[SwitchB-vpn-evpn-vpnc] vpn-target 1:1
[SwitchB-vpn-evpn-vpnc] quit
[SwitchB-vpn-instance-vpnc] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnc
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置公網實例對應的L3VNI為1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN實例vpnb的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# 使能VPN實例vpnc的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpnc
[SwitchB-mrib-vpnc] quit
# 創建VPN實例vpnb的MVXLAN,並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchB-mvxlan-vpnb] address-family ipv4
[SwitchB-mvxlan-vpnb-ipv4] source loopback 0
[SwitchB-mvxlan-vpnb-ipv4] quit
[SwitchB-mvxlan-vpnb] quit
# 創建VPN實例vpnc的MVXLAN,並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpnc mode mdt
[SwitchB-mvxlan-vpnc] address-family ipv4
[SwitchB-mvxlan-vpnc-ipv4] source loopback 0
[SwitchB-mvxlan-vpnc-ipv4] quit
[SwitchB-mvxlan-vpnc] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpnb
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為VPN實例vpnb的C-BSR和C-RP
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 12.12.12.12
[SwitchB-pim-vpnb] c-rp 12.12.12.12
[SwitchB-pim-vpnb] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpnc
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack2配置為VPN實例vpnc的C-BSR和C-RP
[SwitchB] pim vpn-instance vpnc
[SwitchB-pim-vpnc] c-bsr 13.13.13.13
[SwitchB-pim-vpnc] c-rp 13.13.13.13
[SwitchB-pim-vpnc] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 配置跨VPN策略,將源VPN實例vpna的流量引入到接收者VPN實例vpnb和vpnc中。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
[SwitchB] multicast routing vpn-instance vpnc
[SwitchB-mrib-vpnc] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
(4) 配置Switch C
# 開啟L2VPN能力,使能IP組播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 創建VLAN接口13並進入視圖。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP發布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN實例vpnb的RD和RT。
[SwitchC] ip vpn-instance vpnb
[SwitchC-vpn-instance-vpnb] route-distinguisher 1:1
[SwitchC-vpn-instance-vpnb] address-family ipv4
[SwitchC-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchC-vpn-ipv4-vpnb] quit
[SwitchC-vpn-instance-vpnb] address-family evpn
[SwitchC-vpn-evpn-vpnb] vpn-target 1:1
[SwitchC-vpn-evpn-vpnb] quit
[SwitchC-vpn-instance-vpnb] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置公網實例對應的L3VNI為1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN實例vpnb中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] quit
# 創建VPN實例vpnb的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchC-mvxlan-vpnb] address-family ipv4
[SwitchC-mvxlan-vpnb-ipv4] source loopback 0
[SwitchC-mvxlan-vpnb-ipv4] quit
[SwitchC-mvxlan-vpnb] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpnb
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為VPN實例vpnb的C-BSR和C-RP
[SwitchC] pim vpn-instance vpnb
[SwitchC-pim-vpnb] c-bsr 12.12.12.12
[SwitchC-pim-vpnb] c-rp 12.12.12.12
[SwitchC-pim-vpnb] quit
# 配置缺省路由,下一跳為廣域網中某台設備的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpnb 0.0.0.0 0 20.1.1.100
# 將缺省路由引入到VPN實例vpnb的BGP IPv4單播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpnb
[SwitchC-bgp-default-vpnb] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpnb] default-route imported
[SwitchC-bgp-default-ipv4-vpnb] import-route static
[SwitchC-bgp-default-ipv4-vpnb] quit
[SwitchC-bgp-default-vpnb] quit
[SwitchC-bgp-default] quit
# 創建VLAN接口20並進入視圖。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置連接廣域網的接口Vlan-interface 20與VPN實例vpnb關聯。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpnb
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
# 配置跨VPN策略將VPN實例vpna的流量轉發到VPN實例vpnb中。
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
(5) 配置Switch D
# 使能IP組播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 進入公網實例的PIM視圖,並將接口LoopBack0配置為公網的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D與其他交換機建立BGP連接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP發布EVPN路由,並關閉BGP EVPN路由的VPN-Target過濾功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D為路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的組播路由信息。
# 查看Swich A上VPN實例vpna的組播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:56:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 02:56:31
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:21, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 02:56:31, Expires: -
# 查看Switch A的公網組播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:08:52, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:55:31
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 02:55:20, Expires: 00:03:11
(2) 查看Switch B的組播路由信息。
# 查看Switch B的VPN實例vpnb的組播路由信息。
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:32
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: igmp, UpTime: 02:56:32, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:55:20
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 02:55:20, Expires: -
# 查看Switch B的VPN實例vpnc的組播路由信息。
<SwitchB> display pim vpn-instance vpnc routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:32
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: igmp, UpTime: 02:56:32, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:55:20
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: pim-sm, UpTime: 02:55:20, Expires: -
# 查看Switch B公網的路由信息。
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 03:08:52
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:08:52, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 02:55:31
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 02:55:31, Expires: -
Switch A和Switch B為分布式EVPN網關設備;Switch C為與廣域網連接的邊界網關設備;Switch D為RR,負責在交換機之間反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公網接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用於建立組播轉發表項。
虛擬機VM 1為組播源,其餘VM為組播接收者。VM 1和VM 2屬於VPN實例vpna,VM 3屬於公網,VM 4屬於VPN實例vpnb。VM 1和VM 3屬於VXLAN 10;VM 2和VM 4屬於VXLAN 20。
圖3-4 存在公網接收者跨VPN組網MVXLAN三層組播互通配置舉例
組播接收者側VTEP上隻有公網加入,不需要配置跨VPN策略,需要配置公網實例的MVXLAN配置。
接收者側VTEP上如果同時存在公網加入和其他私網加入,公網加入不需要配置跨VPN策略,但是私網加入必須配置不帶l3-vni參數和vpn-instance參數的跨VPN策略。這種組網可以配置公網實例的MVXLAN配置或者私網實例的MVXLAN配置。
(1) 配置IP地址和單播路由協議
# 在VM 1和VM 2上指定網關地址為10.1.1.1;在VM 3和VM 4上指定網關地址為10.1.2.1。(具體配置過程略)
# 配置各接口的IP地址和子網掩碼;在IP核心網絡內配置OSPF協議,確保交換機之間路由可達。(具體配置過程略)
(2) 配置Switch A
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 創建VLAN接口11並進入視圖。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI實例vpnb內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 創建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP發布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 創建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 創建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1為Trunk端口,允許VLAN 2、3通過。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 3的數據幀。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# 配置以太網服務實例2000與VSI實例vpnb關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# 配置VPN實例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN實例vpna的IP組播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 25
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為VPN實例vpna的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 創建VLAN接口12並進入視圖。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI實例vpnb下創建EVPN實例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI實例vpnb內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 創建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP發布EVPN路由
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 創建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 創建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1為Trunk端口,允許VLAN 2通過。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2的數據幀。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000]encapsulation s-vid 2
# 配置以太網服務實例1000與VSI實例vpna關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# 配置端口Twenty-FiveGigE1/0/2為Trunk端口,允許VLAN 3通過。
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# 在接口Twenty-FiveGigE1/0/2上創建以太網服務實例2000,該實例用來匹配VLAN 3的數據幀。
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# 配置以太網服務實例2000與VSI實例vpnb關聯。
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# 配置VPN實例vpnb 的L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 1:1
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置公網實例的RD和RT。
[SwitchB] ip public-instance
[SwitchB-public-instance] route-distinguisher 2:2
[SwitchB-public-instance] address-family ipv4
[SwitchB-public-instance-ipv4] vpn-target 1:1
[SwitchB-public-instance-ipv4] quit
[SwitchB-public-instance] address-family evpn
[SwitchB-public-instance-evpn] vpn-target 1:1
[SwitchB-public-instance-evpn] quit
[SwitchB-public-instance] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虛接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface4,在該接口上配置公網實例對應的L3VNI為1000。
[SwitchB] interface vsi-interface 4
[SwitchB-Vsi-interface4] l3-vni 1000
[SwitchB-Vsi-interface4] pim sm
[SwitchB-Vsi-interface4] quit
# 使能VPN實例vpnb的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# 創建VPN實例vpnb的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchB-mvxlan-vpnb] address-family ipv4
[SwitchB-mvxlan-vpnb-ipv4] source loopback 0
[SwitchB-mvxlan-vpnb-ipv4] quit
[SwitchB-mvxlan-vpnb] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpnb
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 進入VPN實例vpnb的PIM視圖,並將接口LoopBack1配置為VPN實例vpnb的C-BSR和C-RP,並配置C-RP策略。
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 12.12.12.12
[SwitchB-pim-vpnb] c-rp 12.12.12.12
[SwitchB-pim-vpnb] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 創建一個編號為2000的IPv4基本ACL,並進入其視圖。僅允許來自225.0.0.0/8網段的報文通過,而拒絕來自所有其它網段的報文通過。
[SwitchB-acl-ipv4-basic-2000] acl basic 2000
[SwitchB-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchB-acl-ipv4-basic-2000] quit
# 進入公網實例的PIM視圖,並將接口LoopBack2配置為公網實例的C-BSR和C-RP,並配置C-RP策略。
[SwitchB] pim
[SwitchB-pim] c-bsr 13.13.13.13
[SwitchB-pim] c-rp 13.13.13.13 group-policy 2000
[SwitchB-pim] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI實例和接口VSI-interface2關聯。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 在VPN實例vpnb中配置跨VPN策略,將流量引入到公網和VPN實例vpnb中。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf group 225.0.0.0 16
(4) 配置Switch C
# 開啟L2VPN能力,使能IP組播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 創建VLAN接口13並進入視圖。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP發布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置公網實例的RD和RT。
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 1:1
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance] vpn-target 1:1
[SwitchC-public-instance] quit
[SwitchC-public-instance] address-family evpn
[SwitchC-public-instance] vpn-target 1:1
[SwitchC-public-instance] quit
[SwitchC-public-instance] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置公網實例對應的L3VNI為1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 創建公網實例的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan public-instance mode mdt
[SwitchC-mvxlan-public-instance] address-family ipv4
[SwitchC-mvxlan-public-instance-ipv4] source loopback 0
[SwitchC-mvxlan-public-instance-ipv4] quit
[SwitchC-mvxlan-public-instance] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 創建一個編號為2000的IPv4基本ACL,並進入其視圖。僅允許來自225.0.0.0/8網段的報文通過,而拒絕來自所有其它網段的報文通過。
[SwitchC-acl-ipv4-basic-2000] acl basic 2000
[SwitchC-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchC-acl-ipv4-basic-2000] qui
# 進入公網實例的PIM視圖,並將接口LoopBack1配置為公網實例的C-BSR和C-RP
[SwitchC] pim
[SwitchC-pim] c-bsr 12.12.12.12
[SwitchC-pim] c-rp 12.12.12.12 group-policy 2000
[SwitchC-pim] quit
# 配置缺省路由,下一跳為廣域網中某台設備的IP地址20.1.1.100。
[SwitchC] ip route-static 0.0.0.0 0 20.1.1.100
# 將缺省路由引入到公網實例的BGP IPv4單播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4] default-route imported
[SwitchC-bgp-default-ipv4] import-route static
[SwitchC-bgp-default-ipv4] quit
[SwitchC-bgp-default] quit
# 創建VLAN接口20並進入視圖。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置連接廣域網的接口Vlan-interface 20與公網實例關聯。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
(5) 配置Switch D
# 使能IP組播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 進入公網實例的PIM視圖,並將接口LoopBack0配置為公網的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D與其他交換機建立BGP連接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP發布EVPN路由,並關閉BGP EVPN路由的VPN-Target過濾功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D為路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的組播路由信息。
# 查看Swich A上VPN實例vpna的組播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 02:56:31
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:31, Expires: -
# 查看Switch A的公網組播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:09:50, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:55:31
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 02:55:28, Expires: 00:03:11
(2) 查看Switch B的組播路由信息。
# 查看Switch B的VPN實例vpnb的組播路由信息。
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:35
Upstream interface: Extranet (public instance)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 11: Vsi-interface2
Protocol: igmp, UpTime: 02:56:35, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:56:31
Upstream interface: Extranet (public instance)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1 1: Vsi-interface2
Protocol: igmp, UpTime: 02:56:31, Expires: -
# 查看Switch B公網的路由信息。
<SwitchB> display pim routing-table
Total 1 (*, G) entries; 3 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface 1
Protocol: igmp, UpTime: 02:56:31, Expires: -
2: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 02:56:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:56:30
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface 1
Protocol: igmp, UpTime: 02:56:31, Expires: -
2: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 02:56:31, Expires: -
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 03:00:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:00:46, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 02:56:31
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 02:56:31, Expires: -
Switch A、Switch B為DC 1的Leaf層設備,用於用戶的接入。Switch C為DC 1的邊緣設備,用於DC間的互聯。Switch E為DC 2的Leaf層設備,用於用戶的接入;Switch D為DC 2的邊緣設備,用於DC間的互聯。DC 1和DC 2內均使用L3VNI 1000。
Switch A~Switch E連接DC內設備的公網接口上均配置PIM-SM,Switch E上使能IGMP Snooping功能,用於建立組播轉發表項。連接DC外設備的公網接口不需要使能PIM-SM。
Switch A連接組播源,Switch B和Switch E連接組播接收者,組播接收者可接收組播組225.0.0.1的組播流量。
圖3-5 雙DC跨數據中心三層組播互通配置組網圖(不同DC相同L3VNI)
(1) 配置IP地址、單播路由協議和PIM SM協議
# 在Source上指定網關地址為192.168.10.1;在Receiver 1上指定網關地址為192.168.20.1;在Receiver 2上指定網關地址為192.168.40.1。(具體配置過程略)
# 配置各接口的IP地址和子網掩碼;在DC內配置OSPF協議,確保DC內的路由器之間路由可達。(具體配置過程略)
# 在DC內設備間相連的VLAN接口上使能PIM SM。ED間相連的VLAN接口上不能使能PIM SM。(具體配置過程略)
(2) 配置Switch A
# 開啟L2VPN能力,使能IP組播路由功能,創建VLAN11。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] vlan 11
[SwitchA-vlan11] quit
# 開啟設備的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 11。
[SwitchA-vsi-vpna] vxlan 11
[SwitchA-vsi-vpna-vxlan-11] quit
[SwitchA-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 77.77.77.77 as-number 100
[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 11的數據幀。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 11
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchA-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 11
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv100] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,配置通過S-PMSI路由發布組播源功能,並配置由Default-MDT向Data-MDT切換的延遲時間為20秒(大於BGP發布同一路由的缺省時間間隔15秒)。
[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchA-mvxlan-vpn1] address-family ipv4
[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchA-mvxlan-vpn1-ipv4] source loopback 0
[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-vpn1-ipv4] data-delay 20
[SwitchA-mvxlan-vpn1-ipv4] quit
[SwitchA-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpn1
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpn1
[SwitchA-pim-vpn1] c-bsr 1.1.1.1
[SwitchA-pim-vpn1] c-rp 1.1.1.1
[SwitchA-pim-vpn1] quit
# 配置VXLAN 11所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
(3) 配置Switch B
# 開啟L2VPN能力,使能IP組播路由功能,創建VLAN12。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
[SwitchB] vlan 12
[SwitchB-vlan12] quit
# 開啟設備的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 12。
[SwitchB-vsi-vpna] vxlan 12
[SwitchB-vsi-vpna-vxlan-12] quit
[SwitchB-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 77.77.77.77 as-number 100
[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 12的數據幀。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 12
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchB-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 12
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpn1
[SwitchB-mrib-vpn1] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchB-mvxlan-vpn1] address-family ipv4
[SwitchB-mvxlan-vpn1-ipv4] source loopback 0
[SwitchB-mvxlan-vpn1-ipv4] quit
[SwitchB-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpn1
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[SwitchB] pim vpn-instance vpn1
[SwitchB-pim-vpn1] c-bsr 2.2.2.2
[SwitchB-pim-vpn1] c-rp 2.2.2.2
[SwitchB-pim-vpn1] quit
# 配置VXLAN 12所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
(4) 配置Switch C
# 開啟L2VPN能力,使能IP組播路由功能,啟動RIP進程。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
[SwitchC] rip 1
[SwitchC-rip-1] quit
# 開啟IGMP Snooping功能。
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchC]vxlan tunnel mac-learning disable
[SwitchC]vxlan tunnel arp-learning disable
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 77.77.77.77 32
[SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] rip 1 enable
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] quit
# 在與外部ED連接的物理口上配置RIP路由協議,並開啟DCI功能。
[SwitchC] interface vlan-interface 70
[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0
[SwitchC-Vlan-interface70] rip 1 enable
[SwitchC-Vlan-interface70] dci enable
# 配置BGP發布EVPN路由,Switch C作為反射器。
[SwitchC] bgp 100
[SwitchC-bgp-default] group group1 internal
[SwitchC-bgp-default] peer group1 connect-interface loopback 0
[SwitchC-bgp-default] peer 1.1.1.1 group group1
[SwitchC-bgp-default] peer 2.2.2.2 group group1
[SwitchC-bgp-default] peer 88.88.88.88 as-number 200
[SwitchC-bgp-default] peer 88.88.88.88 connect-interface LoopBack0
[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer group1 enable
[SwitchC-bgp-default-evpn] peer group1 next-hop-local
[SwitchC-bgp-default-evpn] peer group1 reflect-client
[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN實例的RD和RT。
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:3
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchC-vpn-instance-vpn1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] pim sm
[SwitchC-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchC] multicast routing vpn-instance vpn1
[SwitchC-mrib-vpn1] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口,並開啟組播DCI功能。
[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchC-mvxlan-vpn1] address-family ipv4
[SwitchC-mvxlan-vpn1-ipv4] source loopback 0
[SwitchC-mvxlan-vpn1-ipv4] dci enable
[SwitchC-mvxlan-vpn1-ipv4] quit
[SwitchC-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpn1
[SwitchC-LoopBack1] ip address 77.77.77.77 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchC] pim vpn-instance vpn1
[SwitchC-pim-vpn1] c-bsr 77.77.77.77
[SwitchC-pim-vpn1] c-rp 77.77.77.77
[SwitchC-pim-vpn1] quit
(5) 配置Switch D
# 開啟L2VPN能力,使能IP組播路由功能,開啟RIP進程。
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
[SwitchD] rip 1
[SwitchD-rip-1] quit
# 開啟IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchD]vxlan tunnel mac-learning disable
[SwitchD]vxlan tunnel arp-learning disable
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 88.88.88.88 32
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] rip 1 enable
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] quit
# 在與外部ED連接的物理口上配置RIP路由協議,並開啟DCI功能。
[SwitchD] interface vlan-interface 70
[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0
[SwitchD-Vlan-interface70] rip 1 enable
[SwitchD-Vlan-interface70] dci enable
# 配置BGP發布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 4.4.4.4 as-number 200
[SwitchD-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchD-bgp-default] peer 77.77.77.77 as-number 100
[SwitchD-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 配置VPN實例的RD和RT。
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1
[SwitchD-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchD-vpn-instance-vpn1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchD] multicast routing vpn-instance vpn1
[SwitchD-mrib-vpn1] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Switch D上配置的Data-Group範圍必須與Switch A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchD-mvxlan-vpn1] address-family ipv4
[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchD-mvxlan-vpn1-ipv4] source loopback 0
[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[SwitchD-mvxlan-vpn1-ipv4] dci enable
[SwitchD-mvxlan-vpn1-ipv4] quit
[SwitchD-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance vpn1
[SwitchD-LoopBack1] ip address 88.88.88.88 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance vpn1
[SwitchD-pim-vpn1] c-bsr 88.88.88.88
[SwitchD-pim-vpn1] c-rp 88.88.88.88
[SwitchD-pim-vpn1] quit
(6) 配置Switch E
# 開啟L2VPN能力,使能IP組播路由功能,創建VLAN 21。
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
[SwitchE] vlan 21
[SwitchE-vlan21] quit
# 開啟IGMP Snooping功能。
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] pim sm
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 21。
[SwitchE-vsi-vpna] vxlan 21
[SwitchE-vsi-vpna-vxlan-21] quit
[SwitchE-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchE] bgp 200
[SwitchE-bgp-default] peer 88.88.88.88 as-number 200
[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 21的數據幀。
[SwitchE] interface twenty-fivegige 1/0/1
[SwitchE-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchE-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 21
[SwitchE-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchE-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 21
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchE-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchE-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchE] ip vpn-instance vpn1
[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3
[SwitchE-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchE-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1000。
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface2] l3-vni 1000
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchE] multicast routing vpn-instance vpn1
[SwitchE-mrib-vpn1] quit
# 創建VPN實例vpna的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchE-mvxlan-vpn1] address-family ipv4
[SwitchE-mvxlan-vpn1-ipv4] source loopback 0
[SwitchE-mvxlan-vpn1-ipv4] quit
[SwitchE-mvxlan-vpn1] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance vpn1
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[SwitchE] pim vpn-instance vpn1
[SwitchE-pim-vpn1] c-bsr 4.4.4.4
[SwitchE-pim-vpn1] c-rp 4.4.4.4
[SwitchE-pim-vpn1] quit
# 配置VXLAN 21所在的VSI實例和接口VSI-interface1關聯。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
Source發送組播流量(192.168.10.2, 225.0.0.1)。Receiver 1和Receiver 2加入組225.0.0.1,可以接收到組播流量。各設備上的組播路由信息如下所示。
(1) 查看Leaf層設備上的組播路由信息。(以Switch A為例,Switch B和Switch E的顯示信息與此類似)
# 查看Switch A上VPN實例vpn1的組播路由信息。
<SwitchA> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:19:10
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 01:19:10, Expires: -
(192.168.10.2, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 03:27:40
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 01:19:06, Expires: -
# 查看Switch A的公網組播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:43:30
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:19:18, Expires: 00:03:15
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:42
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:42, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:19:16
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:19:16, Expires: -
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:19:16
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:19:01, Expires: 00:02:30
(2) 查看ED上的組播路由信息。(以Switch C為例,Switch D的顯示信息與此類似)
# 查看Switch C的VPN實例vpn1的組播路由信息。
<SwitchC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:18:39
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 01:18:39, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 01:18:05, Expires: -
(192.168.10.2, 225.0.0.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 01:18:39
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: MD, UpTime: 01:18:39, Expires: -
# 查看Switch C公網的組播路由信息。
<SwitchC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:46
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:44, Expires: -
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:11
Upstream interface: Vlan-interface20
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:15
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:11, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:19:30
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:18:44, Expires: 00:02:42
2: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 01:18:46
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:30, Expires: -
# 查看Switch C上IGMP Snooping通過EVPN學習到的組播組信息。
<SwitchC> display igmp-snooping evpn-group
Total 2 entries.
VSI Auto_L3VNI1000_2: Total 2 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 1000)
(192.168.10.2, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 1000)
Switch A、Switch B為DC 1的Leaf層設備,用於用戶的接入。Switch C為DC 1的邊緣設備,用於DC間的互聯。Switch E為DC 2的Leaf層設備,用於用戶的接入;Switch D為DC 2的邊緣設備,用於DC間的互聯。Switch G為DC 3的Leaf層設備,用於用戶的接入;Switch F為DC 3的邊緣設備,用於DC間的互聯。
Switch A、Switch B、Switch E和Switch G的公網接口上均配置PIM-SM,Switch B、Switch E和Switch G上使能IGMP Snooping功能,用於建立組播轉發表項。
Switch A連接組播源,Switch B、Switch E和Switch G連接組播接收者。組播源和組播接收者都屬於vpn1,且組播接收者均可接收組播組225.0.1.1的組播流量。
DC 1內,vpn1對應的L3VNI為1001;DC 2內vpn1對應的L3VNI為1002;DC 3內vpn1對應的L3VNI為1003。在Switch C、Switch D和Switch F上使用相同的專屬VPN(vpn2),對應的L3VNI為1000,使組播源發送的組播流量經專屬VPN vpn2轉發至其他DC,進而到達其他DC的組播接收者。
圖3-6 三DC之間使用相同專屬VPN進行映射配置組網圖
(1) 配置IP地址、單播路由協議和PIM SM協議
# 在組播源上指定網關地址為192.168.10.1;在Receiver 1上指定網關地址為192.168.20.1;在Receiver 2上指定網關地址為192.168.40.1;在Receiver 3上指定網關地址為192.168.60.1。(具體配置過程略)
# 配置各接口的IP地址和子網掩碼;在DC內配置OSPF協議,確保交換機之間路由可達。(具體配置過程略)
# 在DC內設備間相連的VLAN接口上使能PIM SM。建議不要在ED間相連的VLAN接口上使能PIM SM。(具體配置過程略)
(2) 配置Switch A
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 創建VLAN 11,並進入VLAN視圖。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 11。
[SwitchA-vsi-vpna] vxlan 11
[SwitchA-vsi-vpna-vxlan-11] quit
[SwitchA-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 77.77.77.77 as-number 100
[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 11的數據幀。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 11
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchA-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 11
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1001。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 1001
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,配置通過S-PMSI路由通告激活組播源信息,並配置由Default-MDT向Data-MDT切換的延遲時間為20秒(大於BGP發布同一路由的缺省時間間隔15秒)。
[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchA-mvxlan-vpn1] address-family ipv4
[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchA-mvxlan-vpn1-ipv4] source loopback 0
[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-vpn1-ipv4] data-delay 20
[SwitchA-mvxlan-vpn1-ipv4] quit
[SwitchA-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpn1
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpn1
[SwitchA-pim-vpn1] c-bsr 1.1.1.1
[SwitchA-pim-vpn1] c-rp 1.1.1.1
[SwitchA-pim-vpn1] quit
# 配置VXLAN 11所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
(3) 配置Switch B
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 開啟設備的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 創建VLAN 12,並進入VLAN視圖。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 12。
[SwitchB-vsi-vpna] vxlan 12
[SwitchB-vsi-vpna-vxlan-12] quit
[SwitchB-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 77.77.77.77 as-number 100
[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 12的數據幀。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 12
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchB-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 12
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1001。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface2] l3-vni 1001
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpn1
[SwitchB-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchB-mvxlan-vpn1] address-family ipv4
[SwitchB-mvxlan-vpn1-ipv4] source loopback 0
[SwitchB-mvxlan-vpn1-ipv4] quit
[SwitchB-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpn1
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP
[SwitchB] pim vpn-instance vpn1
[SwitchB-pim-vpn1] c-bsr 2.2.2.2
[SwitchB-pim-vpn1] c-rp 2.2.2.2
[SwitchB-pim-vpn1] quit
# 配置VXLAN 12所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
(4) 配置Switch C
# 開啟L2VPN能力,使能IP組播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 配置路由策略,使Switch C收到來自於Switch D的SMET路由和S-PMSI路由後,不將該路由轉發給Switch F;並且,Switch C收到來自於Switch F的SMET路由和S-PMSI路由後,不將該路由轉發給Switch D。
[SwitchC] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchC] ip prefix-list 8 index 10 permit 99.99.99.99 32
[SwitchC] ip prefix-list 9 index 10 permit 88.88.88.88 32
[SwitchC] route-policy 8 deny node 0
[SwitchC-route-policy-8-0] if-match ip route-source prefix-list 8
[SwitchC-route-policy-8-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchC-route-policy-8-0] quit
[SwitchC] route-policy 8 permit node 1
[SwitchC-route-policy-8-1] if-match ip route-source prefix-list 1
[SwitchC-route-policy-8-1] quit
[SwitchC] route-policy 9 deny node 0
[SwitchC-route-policy-9-0] if-match ip route-source prefix-list 9
[SwitchC-route-policy-9-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchC-route-policy-9-0] quit
[SwitchC] route-policy 9 permit node 1
[SwitchC-route-policy-9-1] if-match ip route-source prefix-list 1
[SwitchC-route-policy-9-1] quit
# 配置BGP發布EVPN路由,Switch C作為反射器。
[SwitchC] bgp 100
[SwitchC-bgp-default] group group1 internal
[SwitchC-bgp-default] peer group1 connect-interface loopback 0
[SwitchC-bgp-default] peer 1.1.1.1 group group1
[SwitchC-bgp-default] peer 2.2.2.2 group group1
[SwitchC-bgp-default] peer 88.88.88.88 as-number 200
[SwitchC-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchC-bgp-default] peer 99.99.99.99 as-number 300
[SwitchC-bgp-default] peer 99.99.99.99 connect-interface loopback 0
[SwitchC-bgp-default] peer 99.99.99.99 ebgp-max-hop 64
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer group1 enable
[SwitchC-bgp-default-evpn] peer group1 next-hop-local
[SwitchC-bgp-default-evpn] peer group1 reflect-client
[SwitchC-bgp-default-evpn] peer group1 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer group1 advertise original-route
[SwitchC-bgp-default-evpn] peer group1 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchC-bgp-default-evpn] peer 88.88.88.88 route-policy 8 export
[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchC-bgp-default-evpn] peer 99.99.99.99 route-policy 9 export
[SwitchC-bgp-default-evpn] peer 99.99.99.99 router-mac-local
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置用戶VPN的RD和RT。
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:3
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity [SwitchC-vpn-instance-vpn1] quit
# 配置專屬VPN的RD和RT。
[SwitchC] ip vpn-instance vpn2
[SwitchC-vpn-instance-vpn2] route-distinguisher 1:13
[SwitchC-vpn-instance-vpn2] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchC-vpn-instance-vpn2] vpn-target 100:100 export-extcommunity [SwitchC-vpn-instance-vpn2] quit
# 創建VSI虛接口VSI-interface1,在該接口上配置VPN實例vpn1對應的L3VNI為1001。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface1] l3-vni 1001
[SwitchC-Vsi-interface1] pim sm
[SwitchC-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn2對應的L3VNI為1000。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] pim sm
[SwitchC-Vsi-interface2] quit
# 使能VPN實例vpn1中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpn1
[SwitchC-mrib-vpn1] quit
# 使能VPN實例vpn2中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpn2
[SwitchC-mrib-vpn2] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口和Default-Group,並開啟組播DCI功能。
[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchC-mvxlan-vpn1] address-family ipv4
[SwitchC-mvxlan-vpn1-ipv4] source loopback 0
[SwitchC-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchC-mvxlan-vpn1-ipv4] dci enable
[SwitchC-mvxlan-vpn1-ipv4] quit
[SwitchC-mvxlan-vpn1] quit
# 配置ED間的互連接口Vlan-interface70。
[SwitchC] interface vlan-interface 70
[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0
[SwitchC-Vlan-interface70] ospf 1 area 0.0.0.0
[SwitchC-Vlan-interface70] dci enable
[SwitchC-Vlan-interface70] quit
# 配置ED間的互連接口Vlan-interface90。
[SwitchC] interface vlan-interface 90
[SwitchC-Vlan-interface90] ip address 79.1.1.1 255.255.255.0
[SwitchC-Vlan-interface90] ospf 1 area 0.0.0.0
[SwitchC-Vlan-interface90] dci enable
[SwitchC-Vlan-interface90] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 77.77.77.77 32
[SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpn1
[SwitchC-LoopBack1] ip address 77.77.77.77 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpn2
[SwitchC-LoopBack2] ip address 77.77.77.77 32
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# 進入VPN實例vpn1的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchC] pim vpn-instance vpn1
[SwitchC-pim-vpn1] c-bsr 77.77.77.77
[SwitchC-pim-vpn1] c-rp 77.77.77.77
[SwitchC-pim-vpn1] quit
進入VPN實例vpn2的PIM視圖,並將接口LoopBack2配置為本地的C-BSR和C-RP。
[SwitchC] pim vpn-instance vpn2
[SwitchC-pim-vpn2] c-bsr 77.77.77.77
[SwitchC-pim-vpn2] c-rp 77.77.77.77
[SwitchC-pim-vpn2] quit
(5) 配置Switch D
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 配置路由策略,使Switch D收到來自於Switch C的SMET路由和S-PMSI路由後,不將該路由轉發給Switch F;並且,Switch D收到來自於Switch F的SMET路由和S-PMSI路由後,不將該路由轉發給Switch C。
[SwitchD] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchD] ip prefix-list 7 index 10 permit 99.99.99.99 32
[SwitchD] ip prefix-list 9 index 10 permit 77.77.77.77 32
[SwitchD] route-policy 7 deny node 0
[SwitchD-route-policy-7-0] if-match ip route-source prefix-list 7
[SwitchD-route-policy-7-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-7-0] quit
[SwitchD] route-policy 7 permit node 1
[SwitchD-route-policy-7-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-7-1] quit
[SwitchD] route-policy 9 deny node 0
[SwitchD-route-policy-9-0] if-match ip route-source prefix-list 9
[SwitchD-route-policy-9-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-9-0] quit
[SwitchD] route-policy 9 permit node 1
[SwitchD-route-policy-9-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-9-1] quit
# 配置BGP發布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 4.4.4.4 as-number 200
[SwitchD-bgp-default] peer 4.4.4.4 connect-interface LoopBack0
[SwitchD-bgp-default] peer 77.77.77.77 as-number 100
[SwitchD-bgp-default] peer 77.77.77.77 connect-interface LoopBack0
[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchD-bgp-default] peer 99.99.99.99 as-number 300
[SwitchD-bgp-default] peer 99.99.99.99 connect-interface LoopBack0
[SwitchD-bgp-default] peer 99.99.99.99 ebgp-max-hop 64
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchD-bgp-default-evpn] peer 77.77.77.77 route-policy 7 export
[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchD-bgp-default-evpn] peer 99.99.99.99 route-policy 9 export
[SwitchD-bgp-default-evpn] peer 99.99.99.99 router-mac-local
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 配置用戶VPN的RD和RT。
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity [SwitchD-vpn-instance-vpn1] quit
# 配置專屬VPN的RD和RT。
[SwitchD] ip vpn-instance vpn2
[SwitchD-vpn-instance-vpn2] route-distinguisher 2:11
[SwitchD-vpn-instance-vpn2] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchD-vpn-instance-vpn2] vpn-target 200:200 export-extcommunity [SwitchD-vpn-instance-vpn2] quit
# 創建VSI虛接口VSI-interface1,在該接口上配置VPN實例vpn1對應的L3VNI為1002。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface1] l3-vni 1002
[SwitchD-Vsi-interface1] pim sm
[SwitchD-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn2對應的L3VNI為1000。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# 使能VPN實例vpn1中的IP組播路由。
[SwitchD] multicast routing vpn-instance vpn1
[SwitchD-mrib-vpn1] quit
# 使能VPN實例vpn2中的IP組播路由。
[SwitchD] multicast routing vpn-instance vpn2
[SwitchD-mrib-vpn2] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Switch D上配置的Data-Group範圍必須與Switch A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchD-mvxlan-vpn1] address-family ipv4
[SwitchD-mvxlan-vpn1-ipv4] source loopback 0
[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[SwitchD-mvxlan-vpn1-ipv4] dci enable
[SwitchD-mvxlan-vpn1-ipv4] quit
[SwitchD-mvxlan-vpn1] quit
# 配置ED間的互連接口Vlan-interface70。
[SwitchD] interface vlan-interface 70
[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0
[SwitchD-Vlan-interface70] ospf 1 area 0.0.0.0
[SwitchD-Vlan-interface70] dci enable
[SwitchD-Vlan-interface70] quit
# 配置ED間的互連接口Vlan-interface80。
[SwitchD] interface vlan-interface 80
[SwitchD-Vlan-interface80] ip address 89.1.1.1 255.255.255.0
[SwitchD-Vlan-interface80] ospf 1 area 0.0.0.0
[SwitchD-Vlan-interface80] dci enable
[SwitchD-Vlan-interface80] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 88.88.88.88 32
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance vpn1
[SwitchD-LoopBack1] ip address 88.88.88.88 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip binding vpn-instance vpn2
[SwitchD-LoopBack2] ip address 88.88.88.88 32
[SwitchD-LoopBack2] pim sm
[SwitchD-LoopBack2] quit
# 進入VPN實例vpn1的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance vpn1
[SwitchD-pim-vpn1] c-bsr 88.88.88.88
[SwitchD-pim-vpn1] c-rp 88.88.88.88
[SwitchD-pim-vpn1] quit
# 進入VPN實例vpn2的PIM視圖,並將接口LoopBack2配置為本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance vpn2
[SwitchD-pim-vpn2] c-bsr 88.88.88.88
[SwitchD-pim-vpn2] c-rp 88.88.88.88
[SwitchD-pim-vpn2] quit
(6) 配置Switch E
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable
# 創建VLAN 21,並進入VLAN視圖。
[SwitchE] vlan 21
[SwitchE-vlan12] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 21。
[SwitchE-vsi-vpna] vxlan 21
[SwitchE-vsi-vpna-vxlan-21] quit
[SwitchE-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchE] bgp 200
[SwitchE-bgp-default] peer 88.88.88.88 as-number 200
[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 21的數據幀。
[SwitchE] interface twenty-fivegige 1/0/1
[SwitchE-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchE-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 21
[SwitchE-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchE-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 21
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchE-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchE-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN的RD和RT。
[SwitchE] ip vpn-instance vpn1
[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 import-extcommunity
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchE-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1002。
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface2] l3-vni 1002
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchE] multicast routing vpn-instance vpn1
[SwitchE-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchE-mvxlan-vpn1] address-family ipv4
[SwitchE-mvxlan-vpn1-ipv4] source loopback 0
[SwitchE-mvxlan-vpn1-ipv4] quit
[SwitchE-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] pim sm
[SwitchE-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance vpn1
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchE] pim vpn-instance vpn1
[SwitchE-pim-vpn1] c-bsr 4.4.4.4
[SwitchE-pim-vpn1] c-rp 4.4.4.4
[SwitchE-pim-vpn1] quit
# 配置VXLAN 21所在的VSI實例和接口VSI-interface1關聯。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
(7) 配置Switch F
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable
# 配置路由策略,使Switch F收到來自於Switch C的SMET路由和S-PMSI路由後,不將該路由轉發給Switch D;並且,Switch F收到來自於Switch D的SMET路由和S-PMSI路由後,不將該路由轉發給Switch C。
[SwitchF] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchF] ip prefix-list 7 index 10 permit 88.88.88.88 32
[SwitchF] ip prefix-list 8 index 10 permit 77.77.77.77 32
[SwitchF] route-policy 7 deny node 0
[SwitchF-route-policy-7-0] if-match ip route-source prefix-list 7
[SwitchF-route-policy-7-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-7-0] quit
[SwitchF] route-policy 7 permit node 1
[SwitchF-route-policy-7-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-7-1] quit
[SwitchF] route-policy 8 deny node 0
[SwitchF-route-policy-8-0] if-match ip route-source prefix-list 8
[SwitchF-route-policy-8-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-8-0] quit
[SwitchF] route-policy 8 permit node 1
[SwitchF-route-policy-8-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-8-1] quit
# 配置BGP發布EVPN路由。
[SwitchF] bgp 300
[SwitchF-bgp-default] peer 6.6.6.6 as-number 300
[SwitchF-bgp-default] peer 6.6.6.6 connect-interface LoopBack0
[SwitchF-bgp-default] peer 77.77.77.77 as-number 100
[SwitchF-bgp-default] peer 77.77.77.77 connect-interface LoopBack0
[SwitchF-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchF-bgp-default] peer 88.88.88.88 as-number 200
[SwitchF-bgp-default] peer 88.88.88.88 connect-interface LoopBack0
[SwitchF-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchF-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchF-bgp-default-evpn] peer 77.77.77.77 route-policy 7 export
[SwitchF-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchF-bgp-default-evpn] peer 88.88.88.88 route-policy 8 export
[SwitchF-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# 配置用戶VPN的RD和RT。
[SwitchF] ip vpn-instance vpn1
[SwitchF-vpn-instance-vpn1] route-distinguisher 3:1
[SwitchF-vpn-instance-vpn1] vpn-target 30:30 100:100 200:200 import-extcommunity
[SwitchF-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity [SwitchF-vpn-instance-vpn1] quit
# 配置專屬VPN的RD和RT。
[SwitchF] ip vpn-instance vpn2
[SwitchF-vpn-instance-vpn2] route-distinguisher 3:11
[SwitchF-vpn-instance-vpn2] vpn-target 30:30 100:100 200:200 import-extcommunity
[SwitchF-vpn-instance-vpn2] vpn-target 300:300 export-extcommunity [SwitchF-vpn-instance-vpn2] quit
# 創建VSI虛接口VSI-interface1,在該接口上配置VPN實例vpn1對應的L3VNI為1003。
[SwitchF] interface vsi-interface 1
[SwitchF-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchF-Vsi-interface1] l3-vni 1003
[SwitchF-Vsi-interface1] pim sm
[SwitchF-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn2對應的L3VNI為1000。
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] pim sm
[SwitchF-Vsi-interface2] quit
# 使能VPN實例vpn1中的IP組播路由。
[SwitchF] multicast routing vpn-instance vpn1
[SwitchF-mrib-vpn1] quit
# 使能VPN實例vpn2中的IP組播路由。
[SwitchF] multicast routing vpn-instance vpn2
[SwitchF-mrib-vpn2] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Switch F上配置的Data-Group範圍必須與Switch A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[SwitchF] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchF-mvxlan-vpn1] address-family ipv4
[SwitchF-mvxlan-vpn1-ipv4] source loopback 0
[SwitchF-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchF-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[SwitchF-mvxlan-vpn1-ipv4] dci enable
[SwitchF-mvxlan-vpn1-ipv4] quit
[SwitchF-mvxlan-vpn1] quit
# 配置ED間的互連接口Vlan-interface80。
[SwitchF] interface vlan-interface 80
[SwitchF-Vlan-interface80] ip address 89.1.1.2 255.255.255.0
[SwitchF-Vlan-interface80] ospf 1 area 0.0.0.0
[SwitchF-Vlan-interface80] dci enable
[SwitchF-Vlan-interface80] quit
# 配置ED間的互連接口Vlan-interface90。
[SwitchF] interface vlan-interface 90
[SwitchF-Vlan-interface90] ip address 79.1.1.2 255.255.255.0
[SwitchF-Vlan-interface90] ospf 1 area 0.0.0.0
[SwitchF-Vlan-interface90] dci enable
[SwitchF-Vlan-interface90] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 99.99.99.99 32
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] pim sm
[SwitchF-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance vpn1
[SwitchF-LoopBack1] ip address 99.99.99.99 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip binding vpn-instance vpn2
[SwitchF-LoopBack2] ip address 99.99.99.99 32
[SwitchF-LoopBack2] pim sm
[SwitchF-LoopBack2] quit
# 進入VPN實例vpn1的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpn1
[SwitchF-pim-vpn1] c-bsr 99.99.99.99
[SwitchF-pim-vpn1] c-rp 99.99.99.99
[SwitchF-pim-vpn1] quit
# 進入VPN實例vpn2的PIM視圖,並將接口LoopBack2配置為本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpn2
[SwitchF-pim-vpn2] c-bsr 99.99.99.99
[SwitchF-pim-vpn2] c-rp 99.99.99.99
[SwitchF-pim-vpn2] quit
(8) 配置Switch G
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchG> system-view
[SwitchG] l2vpn enable
[SwitchG] multicast routing
[SwitchG-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchG] igmp-snooping
[SwitchG-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchG] vxlan tunnel mac-learning disable
[SwitchG] vxlan tunnel arp-learning disable
# 創建VLAN 31,並進入VLAN視圖。
[SwitchG] vlan 31
[SwitchG-vlan31] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] evpn encapsulation vxlan
[SwitchG-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchG-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchG-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchG-vsi-vpna] igmp-snooping enable
[SwitchG-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 31。
[SwitchG-vsi-vpna] vxlan 31
[SwitchG-vsi-vpna-vxlan-31] quit
[SwitchG-vsi-vpna] quit
# 配置BGP發布EVPN路由
[SwitchG] bgp 300
[SwitchG-bgp-default] peer 99.99.99.99 as-number 300
[SwitchG-bgp-default] peer 99.99.99.99 connect-interface loopback 0
[SwitchG-bgp-default] address-family l2vpn evpn
[SwitchG-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchG-bgp-default-evpn] peer 99.99.99.99 next-hop-local
[SwitchG-bgp-default-evpn] quit
[SwitchG-bgp-default] quit
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 31的數據幀。
[SwitchG] interface twenty-fivegige 1/0/1
[SwitchG-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchG-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 31
[SwitchG-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchG-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 31
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchG-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchG-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchG] ip vpn-instance vpn1
[SwitchG-vpn-instance-vpn1] route-distinguisher 3:2
[SwitchG-vpn-instance-vpn1] vpn-target 30:30 import-extcommunity
[SwitchG-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity
[SwitchG-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchG] interface vsi-interface 1
[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface1] ip address 192.168.60.1 255.255.255.0
[SwitchG-Vsi-interface1] igmp enable
[SwitchG-Vsi-interface1] pim sm
[SwitchG-Vsi-interface1] distributed-gateway local
[SwitchG-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1002。
[SwitchG] interface vsi-interface 2
[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface2] l3-vni 1003
[SwitchG-Vsi-interface2] pim sm
[SwitchG-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchG] multicast routing vpn-instance vpn1
[SwitchG-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchG] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchG-mvxlan-vpn1] address-family ipv4
[SwitchG-mvxlan-vpn1-ipv4] source loopback 0
[SwitchG-mvxlan-vpn1-ipv4] quit
[SwitchG-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchG] interface loopback 0
[SwitchG-LoopBack0] ip address 6.6.6.6 32
[SwitchG-LoopBack0] ospf 1 area 0.0.0.0
[SwitchG-LoopBack0] pim sm
[SwitchG-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchG] interface loopback 1
[SwitchG-LoopBack1] ip binding vpn-instance vpn1
[SwitchG-LoopBack1] ip address 6.6.6.6 32
[SwitchG-LoopBack1] pim sm
[SwitchG-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchG] pim vpn-instance vpn1
[SwitchG-pim-vpn1] c-bsr 6.6.6.6
[SwitchG-pim-vpn1] c-rp 6.6.6.6
[SwitchG-pim-vpn1] quit
# 配置VXLAN 21所在的VSI實例和接口VSI-interface1關聯。
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] gateway vsi-interface 1
[SwitchG-vsi-vpna] quit
(1) 查看Leaf層設備上的組播路由信息。(以Switch A為例,Switch B、Switch E和Switch G的顯示信息與此類似)
# 查看Swich A上VPN實例vpn1的組播路由信息。
<SwitchA> display pim vpn-instance vpn routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(192.168.10.10, 225.0.1.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# 查看Switch A的公網組播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:08:58
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:08:06, Expires: 00:03:26
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:07:53
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:07:53, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:08:06
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:08:06, Expires: -
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:07:53
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:07:53, Expires: 00:02:39
(2) 查看ED上的組播路由信息。(以Switch C為例,Switch D和Switch F的顯示信息與此類似)
# 查看Switch C的VPN實例vpn1的組播路由信息。
<SwitchC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:29:29
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 01:29:29, Expires: -
(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 01:29:42
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Extranet (VPN: vpn2)
Protocol: MD, UpTime: 01:29:37, Expires: -
# 查看Switch C的VPN實例vpn2的組播路由信息。
<SwitchC> display pim vpn-instance vpn2 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC
UpTime: 01:39:28
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 01:39:28, Expires: -
(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT
UpTime: 01:39:24
Upstream interface: Extranet (VPN: vpn1)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 01:39:24, Expires: -
# 查看Switch C的公網組播路由信息。
<SwitchC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:29:21
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:21, Expires: -
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:29:08
Upstream interface: Vlan-interface20
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:20
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:08, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:30:55
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:29:21, Expires: 00:03:07
2: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 01:29:08
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:08, Expires: -
Switch A、Switch B為DC 1的Leaf層設備,用於用戶的接入。Switch C為DC 1的邊緣設備,用於DC間的互聯。Switch E為DC 2的Leaf層設備,用於用戶的接入;Switch D為DC 2的邊緣設備,用於DC間的互聯。Switch G為DC 3的Leaf層設備,用於用戶的接入;Switch F為DC 3的邊緣設備,用於DC間的互聯。
Switch A、Switch B、Switch E和Switch G的公網接口上均配置PIM-SM,Switch B、Switch E和Switch G上使能IGMP Snooping功能,用於建立組播轉發表項。
Switch A連接組播源,Switch B、Switch E和Switch G連接組播接收者。組播源和組播接收者都屬於vpn1,且組播接收者均可接收組播組225.0.1.1的組播流量。
DC 1內,vpn1對應的L3VNI為1001;DC 2內vpn1對應的L3VNI為1002;DC 3內vpn1對應的L3VNI為1003。為了實現不同L3VNI的互通,需要配置專屬VPN:
· 在Switch C和Switch D上使用專屬VPN vpn2,對應的L3VNI為1122,使組播源發送的組播流量在Switch C上經專屬VPN vpn2轉發至Switch D,進而到達Receiver 2。
· 在Switch C和Switch F上使用專屬VPN vpn4,對應的L3VNI為1133,使組播源發送的組播流量在Switch C經專屬VPN vpn4轉發至Switch F,進而到達Receiver 3。
圖3-7 三DC之間使用不同專屬VPN進行映射配置組網圖
(1) 配置IP地址、單播路由協議和pim sm協議
# 在組播源上指定網關地址為192.168.10.1;在Receiver 1上指定網關地址為192.168.20.1;在Receiver 2上指定網關地址為192.168.40.1;在Receiver 3上指定網關地址為192.168.60.1。(具體配置過程略)
# 配置各接口的IP地址和子網掩碼;在DC內配置OSPF協議,確保交換機之間路由可達。(具體配置過程略)
# 在DC內設備間相連的VLAN接口上使能PIM SM。建議不要在ED間相連的VLAN接口上使能PIM SM。(具體配置過程略)
(2) 配置Switch A
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# 開啟IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 創建VLAN 11,並進入VLAN視圖。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 11。
[SwitchA-vsi-vpna] vxlan 11
[SwitchA-vsi-vpna-vxlan-11] quit
[SwitchA-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 77.77.77.77 as-number 100
[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 11的數據幀。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 11
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchA-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 11
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchA-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity
[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1001。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 1001
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,配置通過S-PMSI路由通告激活組播源信息,並配置由Default-MDT向Data-MDT切換的延遲時間為20秒(大於BGP發布同一路由的缺省時間間隔15秒)。
[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchA-mvxlan-vpn1] address-family ipv4
[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchA-mvxlan-vpn1-ipv4] source loopback 0
[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-vpn1-ipv4] data-delay 20
[SwitchA-mvxlan-vpn1-ipv4] quit
[SwitchA-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpn1
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpn1
[SwitchA-pim-vpn1] c-bsr 1.1.1.1
[SwitchA-pim-vpn1] c-rp 1.1.1.1
[SwitchA-pim-vpn1] quit
# 配置VXLAN 11所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
(3) 配置Switch B
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 創建VLAN 12,並進入VLAN視圖。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 12。
[SwitchB-vsi-vpna] vxlan 12
[SwitchB-vsi-vpna-vxlan-12] quit
[SwitchB-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 77.77.77.77 as-number 100
[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 12的數據幀。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 12
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchB-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 12
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity
[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1001。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface2] l3-vni 1001
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchB] multicast routing vpn-instance vpn1
[SwitchB-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchB-mvxlan-vpn1] address-family ipv4
[SwitchB-mvxlan-vpn1-ipv4] source loopback 0
[SwitchB-mvxlan-vpn1-ipv4] quit
[SwitchB-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpn1
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchB] pim vpn-instance vpn1
[SwitchB-pim-vpn1] c-bsr 2.2.2.2
[SwitchB-pim-vpn1] c-rp 2.2.2.2
[SwitchB-pim-vpn1] quit
# 配置VXLAN 12所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
(4) 配置Switch C
# 開啟L2VPN能力,使能IP組播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 配置BGP發布EVPN路由,Switch C作為反射器。
[SwitchC] bgp 100
[SwitchC-bgp-default] group group1 internal
[SwitchC-bgp-default] peer group1 connect-interface LoopBack0
[SwitchC-bgp-default] peer 1.1.1.1 group group1
[SwitchC-bgp-default] peer 2.2.2.2 group group1
[SwitchC-bgp-default] peer 88.88.88.88 as-number 200
[SwitchC-bgp-default] peer 88.88.88.88 connect-interface LoopBack0
[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchC-bgp-default] peer 99.99.99.99 as-number 300
[SwitchC-bgp-default] peer 99.99.99.99 connect-interface LoopBack0
[SwitchC-bgp-default] peer 99.99.99.99 ebgp-max-hop 64
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer group1 enable
[SwitchC-bgp-default-evpn] peer group1 next-hop-local
[SwitchC-bgp-default-evpn] peer group1 reflect-client
[SwitchC-bgp-default-evpn] peer group1 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer group1 advertise original-route
[SwitchC-bgp-default-evpn] peer group1 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer group1 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchC-bgp-default-evpn] peer 99.99.99.99 router-mac-local
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt
[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置用戶VPN的RD和RT。
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 200:200 3000:3000 import-extcommunity
[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity [SwitchC-vpn-instance-vpn1] quit
# 配置專屬VPN vpn2的RD和RT。
[SwitchC] ip vpn-instance vpn2
[SwitchC-vpn-instance-vpn2] route-distinguisher 1:11
[SwitchC-vpn-instance-vpn2] vpn-target 10:10 200:200 import-extcommunity
[SwitchC-vpn-instance-vpn2] vpn-target 100:100 export-extcommunity [SwitchC-vpn-instance-vpn2] quit
# 配置專屬VPN vpn4的RD和RT。
[SwitchC] ip vpn-instance vpn4
[SwitchC-vpn-instance-vpn4] route-distinguisher 1:111
[SwitchC-vpn-instance-vpn4] vpn-target 10:10 3000:3000 import-extcommunity
[SwitchC-vpn-instance-vpn4] vpn-target 1000:1000 export-extcommunity [SwitchC-vpn-instance-vpn4] quit
# 創建VSI虛接口VSI-interface1,在該接口上配置VPN實例vpn1對應的L3VNI為1001。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface1] l3-vni 1001
[SwitchC-Vsi-interface1] pim sm
[SwitchC-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn2對應的L3VNI為1122。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchC-Vsi-interface2] l3-vni 1122
[SwitchC-Vsi-interface2] pim sm
[SwitchC-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface4,在該接口上配置VPN實例vpn4對應的L3VNI為1133。
[SwitchC] interface vsi-interface 4
[SwitchC-Vsi-interface4] ip binding vpn-instance vpn4
[SwitchC-Vsi-interface4] l3-vni 1133
[SwitchC-Vsi-interface4] pim sm
[SwitchC-Vsi-interface4] quit
# 使能VPN實例vpn1中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpn1
[SwitchC-mrib-vpn1] quit
# 使能VPN實例vpn2中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpn2
[SwitchC-mrib-vpn2] quit
# 使能VPN實例vpn4中的IP組播路由。
[SwitchC] multicast routing vpn-instance vpn4
[SwitchC-mrib-vpn4] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口和Default-Group,並開啟組播DCI功能。
[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchC-mvxlan-vpn1] address-family ipv4
[SwitchC-mvxlan-vpn1-ipv4] source loopback 0
[SwitchC-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchC-mvxlan-vpn1-ipv4] dci enable
[SwitchC-mvxlan-vpn1-ipv4] quit
[SwitchC-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack0] ip address 77.77.77.77 32
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpn1
[SwitchC-LoopBack1] ip address 77.77.77.77 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpn2
[SwitchC-LoopBack2] ip address 77.77.77.77 32
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# 創建接口LoopBack4,並配置LoopBack4接口。
[SwitchC] interface loopback 4
[SwitchC-LoopBack4] ip binding vpn-instance vpn4
[SwitchC-LoopBack4] ip address 77.77.77.77 32
[SwitchC-LoopBack4] pim sm
[SwitchC-LoopBack4] quit
# 配置ED間的互連接口Vlan-interface70。
[SwitchC] interface vlan-interface 70
[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0
[SwitchC-Vlan-interface70] ospf 1 area 0.0.0.0
[SwitchC-Vlan-interface70] dci enable
[SwitchC-Vlan-interface70] quit
# 配置ED間的互連接口Vlan-interface90。
[SwitchC] interface vlan-interface 90
[SwitchC-Vlan-interface90] ip address 79.1.1.1 255.255.255.0
[SwitchC-Vlan-interface90] ospf 1 area 0.0.0.0
[SwitchC-Vlan-interface90] dci enable
[SwitchC-Vlan-interface90] quit
# 進入VPN實例vpn1的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchC] pim vpn-instance vpn1
[SwitchC-pim-vpn1] c-bsr 77.77.77.77
[SwitchC-pim-vpn1] c-rp 77.77.77.77
[SwitchC-pim-vpn1] quit
#進入VPN實例vpn2的PIM視圖,並將接口LoopBack2配置為本地的C-BSR和C-RP。
[SwitchC] pim vpn-instance vpn2
[SwitchC-pim-vpn2] c-bsr 77.77.77.77
[SwitchC-pim-vpn2] c-rp 77.77.77.77
[SwitchC-pim-vpn2] quit
#進入VPN實例vpn4的PIM視圖,並將接口LoopBack4配置為本地的C-BSR和C-RP。
[SwitchC] pim vpn-instance vpn4
[SwitchC-pim-vpn4] c-bsr 77.77.77.77
[SwitchC-pim-vpn4] c-rp 77.77.77.77
[SwitchC-pim-vpn4] quit
(5) 配置Switch D
# 開啟L2VPN能力,使能IP組播路由。
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 配置BGP發布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 4.4.4.4 as-number 200
[SwitchD-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchD-bgp-default] peer 77.77.77.77 as-number 100
[SwitchD-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchD-bgp-default] peer 99.99.99.99 as-number 300
[SwitchD-bgp-default] peer 99.99.99.99 connect-interface loopback 0
[SwitchD-bgp-default] peer 99.99.99.99 ebgp-max-hop 64
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchD-bgp-default-evpn] peer 99.99.99.99 router-mac-local
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 配置用戶VPN的RD和RT。
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity [SwitchD-vpn-instance-vpn1] quit
# 配置專屬VPN vpn2的RD和RT。
[SwitchD] ip vpn-instance vpn2
[SwitchD-vpn-instance-vpn2] route-distinguisher 2:11
[SwitchD-vpn-instance-vpn2] vpn-target 20:20 100:100 import-extcommunity
[SwitchD-vpn-instance-vpn2] vpn-target 200:200 export-extcommunity [SwitchD-vpn-instance-vpn2] quit
# 配置專屬VPN vpn3的RD和RT。
[SwitchD] ip vpn-instance vpn3
[SwitchD-vpn-instance-vpn3] route-distinguisher 2:111
[SwitchD-vpn-instance-vpn3] vpn-target 20:20 300:300 import-extcommunity
[SwitchD-vpn-instance-vpn3] vpn-target 2000:2000 export-extcommunity [SwitchD-vpn-instance-vpn3] quit
# 創建VSI虛接口VSI-interface1,在該接口上配置VPN實例vpn1對應的L3VNI為1002。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface1] l3-vni 1002
[SwitchD-Vsi-interface1] pim sm
[SwitchD-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn2對應的L3VNI為1122。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn2
[SwitchD-Vsi-interface2] l3-vni 1122
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpn3對應的L3VNI為2233。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpn3
[SwitchD-Vsi-interface3] l3-vni 2233
[SwitchD-Vsi-interface3] pim sm
[SwitchD-Vsi-interface3] quit
# 使能VPN實例vpn1中的IP組播路由。
[SwitchD] multicast routing vpn-instance vpn1
[SwitchD-mrib-vpn1] quit
# 使能VPN實例vpn2中的IP組播路由。
[SwitchD] multicast routing vpn-instance vpn2
[SwitchD-mrib-vpn2] quit
# 使能VPN實例vpn3中的IP組播路由。
[SwitchD] multicast routing vpn-instance vpn3
[SwitchD-mrib-vpn3] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Switch D上配置的Data-Group範圍必須與Switch A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchD-mvxlan-vpn1] address-family ipv4
[SwitchD-mvxlan-vpn1-ipv4] source loopback 0
[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[SwitchD-mvxlan-vpn1-ipv4] dci enable
[SwitchD-mvxlan-vpn1-ipv4] quit
[SwitchD-mvxlan-vpn1] quit
# 配置ED間的互連接口Vlan-interface70。
[SwitchD] interface vlan-interface 70
[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0
[SwitchD-Vlan-interface70] ospf 1 area 0.0.0.0
[SwitchD-Vlan-interface70] dci enable
[SwitchD-Vlan-interface70] quit
# 配置ED間的互連接口Vlan-interface80。
[SwitchD] interface vlan-interface 80
[SwitchD-Vlan-interface80] ip address 89.1.1.1 255.255.255.0
[SwitchD-Vlan-interface80] ospf 1 area 0.0.0.0
[SwitchD-Vlan-interface80] dci enable
[SwitchD-Vlan-interface80] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 88.88.88.88 32
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance vpn1
[SwitchD-LoopBack1] ip address 88.88.88.88 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBack2接口。
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip binding vpn-instance vpn2
[SwitchD-LoopBack2] ip address 88.88.88.88 32
[SwitchD-LoopBack2] pim sm
[SwitchD-LoopBack2] quit
# 創建接口LoopBack3,並配置LoopBack3接口。
[SwitchD] interface loopback 3
[SwitchD-LoopBack3] ip binding vpn-instance vpn3
[SwitchD-LoopBack3] ip address 88.88.88.88 32
[SwitchD-LoopBack3] pim sm
[SwitchD-LoopBack3] quit
# 進入VPN實例vpn1的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance vpn1
[SwitchD-pim-vpn1] c-bsr 88.88.88.88
[SwitchD-pim-vpn1] c-rp 88.88.88.88
[SwitchD-pim-vpn1] quit
# 進入VPN實例vpn2的PIM視圖,並將接口LoopBack2配置為本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance vpn2
[SwitchD-pim-vpn2] c-bsr 88.88.88.88
[SwitchD-pim-vpn2] c-rp 88.88.88.88
[SwitchD-pim-vpn2] quit
# 進入VPN實例vpn3的PIM視圖,並將接口LoopBack3配置為本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance vpn3
[SwitchD-pim-vpn3] c-bsr 88.88.88.88
[SwitchD-pim-vpn3] c-rp 88.88.88.88
[SwitchD-pim-vpn3] quit
(6) 配置Switch E
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable
# 創建VLAN 21,並進入VLAN視圖。
[SwitchE] vlan 21
[SwitchE-vlan12] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 21。
[SwitchE-vsi-vpna] vxlan 21
[SwitchE-vsi-vpna-vxlan-21] quit
[SwitchE-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchE] bgp 200
[SwitchE-bgp-default] peer 88.88.88.88 as-number 200
[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 21的數據幀。
[SwitchE] interface twenty-fivegige 1/0/1
[SwitchE-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchE-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 21
[SwitchE-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchE-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 21
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchE-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchE-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchE] ip vpn-instance vpn1
[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 import-extcommunity
[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[SwitchE-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1002。
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface2] l3-vni 1002
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchE] multicast routing vpn-instance vpn1
[SwitchE-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchE-mvxlan-vpn1] address-family ipv4
[SwitchE-mvxlan-vpn1-ipv4] source loopback 0
[SwitchE-mvxlan-vpn1-ipv4] quit
[SwitchE-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] pim sm
[SwitchE-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance vpn1
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchE] pim vpn-instance vpn1
[SwitchE-pim-vpn1] c-bsr 4.4.4.4
[SwitchE-pim-vpn1] c-rp 4.4.4.4
[SwitchE-pim-vpn1] quit
# 配置VXLAN 21所在的VSI實例和接口VSI-interface1關聯。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
(7) 配置Switch F
# 開啟L2VPN能力,使能IP組播路由。
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable
# 配置BGP發布EVPN路由。
[SwitchF] bgp 300
[SwitchF-bgp-default] peer 6.6.6.6 as-number 300
[SwitchF-bgp-default] peer 6.6.6.6 connect-interface LoopBack0
[SwitchF-bgp-default] peer 77.77.77.77 as-number 100
[SwitchF-bgp-default] peer 77.77.77.77 connect-interface LoopBack0
[SwitchF-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[SwitchF-bgp-default] peer 88.88.88.88 as-number 200
[SwitchF-bgp-default] peer 88.88.88.88 connect-interface LoopBack0
[SwitchF-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchF-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 enable
[SwitchF-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 enable
[SwitchF-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# 配置用戶VPN的RD和RT。
[SwitchF] ip vpn-instance vpn1
[SwitchF-vpn-instance-vpn1] route-distinguisher 3:1
[SwitchF-vpn-instance-vpn1] vpn-target 30:30 1000:1000 2000:2000 import-extcommunity
[SwitchF-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity [SwitchF-vpn-instance-vpn1] quit
# 配置專屬VPN vpn3的RD和RT。
[SwitchF] ip vpn-instance vpn3
[SwitchF-vpn-instance-vpn3] route-distinguisher 3:11
[SwitchF-vpn-instance-vpn3] vpn-target 30:30 2000:2000 import-extcommunity
[SwitchF-vpn-instance-vpn3] vpn-target 300:300 export-extcommunity [SwitchF-vpn-instance-vpn3] quit
# 配置專屬VPN vpn4的RD和RT。
[SwitchF] ip vpn-instance vpn4
[SwitchF-vpn-instance-vpn4] route-distinguisher 3:111
[SwitchF-vpn-instance-vpn4] vpn-target 30:30 1000:1000 import-extcommunity
[SwitchF-vpn-instance-vpn4] vpn-target 3000:3000 export-extcommunity [SwitchF-vpn-instance-vpn4] quit
# 創建VSI虛接口VSI-interface1,在該接口上配置VPN實例vpn1對應的L3VNI為1003。
[SwitchF] interface vsi-interface 1
[SwitchF-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchF-Vsi-interface1] l3-vni 1003
[SwitchF-Vsi-interface1] pim sm
[SwitchF-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpn3對應的L3VNI為2233。
[SwitchF] interface vsi-interface 3
[SwitchF-Vsi-interface3] ip binding vpn-instance vpn3
[SwitchF-Vsi-interface3] l3-vni 2233
[SwitchF-Vsi-interface3] pim sm
[SwitchF-Vsi-interface3] quit
# 創建VSI虛接口VSI-interface4,在該接口上配置VPN實例vpn4對應的L3VNI為1133。
[SwitchF] interface vsi-interface 4
[SwitchF-Vsi-interface4] ip binding vpn-instance vpn4
[SwitchF-Vsi-interface4] l3-vni 1133
[SwitchF-Vsi-interface4] pim sm
[SwitchF-Vsi-interface4] quit
# 使能VPN實例vpn1中的IP組播路由。
[SwitchF] multicast routing vpn-instance vpn1
[SwitchF-mrib-vpn1] quit
# 使能VPN實例vpn2中的IP組播路由。
[SwitchF] multicast routing vpn-instance vpn3
[SwitchF-mrib-vpn3] quit
# 使能VPN實例vpn4中的IP組播路由。
[SwitchF] multicast routing vpn-instance vpn4
[SwitchF-mrib-vpn4] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Switch F上配置的Data-Group範圍必須與Switch A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[SwitchF] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchF-mvxlan-vpn1] address-family ipv4
[SwitchF-mvxlan-vpn1-ipv4] source loopback 0
[SwitchF-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[SwitchF-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[SwitchF-mvxlan-vpn1-ipv4] dci enable
[SwitchF-mvxlan-vpn1-ipv4] quit
[SwitchF-mvxlan-vpn1] quit
# 配置ED間的互連接口Vlan-interface80。
[SwitchF] interface vlan-interface 80
[SwitchF-Vlan-interface80] ip address 89.1.1.2 255.255.255.0
[SwitchF-Vlan-interface80] ospf 1 area 0.0.0.0
[SwitchF-Vlan-interface80] dci enable
[SwitchF-Vlan-interface80] quit
# 配置ED間的互連接口Vlan-interface90。
[SwitchF] interface vlan-interface 90
[SwitchF-Vlan-interface90] ip address 79.1.1.2 255.255.255.0
[SwitchF-Vlan-interface90] ospf 1 area 0.0.0.0
[SwitchF-Vlan-interface90] dci enable
[SwitchF-Vlan-interface90] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 99.99.99.99 32
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] pim sm
[SwitchF-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance vpn1
[SwitchF-LoopBack1] ip address 99.99.99.99 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# 創建接口LoopBack3,並配置LoopBack3接口。
[SwitchF] interface loopback 3
[SwitchF-LoopBack3] ip binding vpn-instance vpn3
[SwitchF-LoopBack3] ip address 99.99.99.99 32
[SwitchF-LoopBack3] pim sm
[SwitchF-LoopBack3] quit
# 創建接口LoopBack4,並配置LoopBack4接口。
[SwitchF] interface loopback 4
[SwitchF-LoopBack4] ip binding vpn-instance vpn4
[SwitchF-LoopBack4] ip address 99.99.99.99 32
[SwitchF-LoopBack4] pim sm
[SwitchF-LoopBack4] quit
# 進入VPN實例vpn1的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpn1
[SwitchF-pim-vpn1] c-bsr 99.99.99.99
[SwitchF-pim-vpn1] c-rp 99.99.99.99
[SwitchF-pim-vpn1] quit
# 進入VPN實例vpn3的PIM視圖,並將接口LoopBack3配置為本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpn3
[SwitchF-pim-vpn3] c-bsr 99.99.99.99
[SwitchF-pim-vpn3] c-rp 99.99.99.99
[SwitchF-pim-vpn3] quit
# 進入VPN實例vpn4的PIM視圖,並將接口LoopBack4配置為本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpn4
[SwitchF-pim-vpn4] c-bsr 99.99.99.99
[SwitchF-pim-vpn4] c-rp 99.99.99.99
[SwitchF-pim-vpn4] quit
(8) 配置Switch G
# 開啟L2VPN能力,使能IP組播路由功能。
<SwitchG> system-view
[SwitchG] l2vpn enable
[SwitchG] multicast routing
[SwitchG-mrib] quit
# 開啟IGMP Snooping功能。
[SwitchG] igmp-snooping
[SwitchG-igmp-snooping] quit
# 關閉遠端MAC地址和遠端ARP自動學習功能。
[SwitchG] vxlan tunnel mac-learning disable
[SwitchG] vxlan tunnel arp-learning disable
# 創建VLAN 31,並進入VLAN視圖。
[SwitchG] vlan 31
[SwitchG-vlan31] quit
# 在VSI實例vpna下創建EVPN實例。
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] evpn encapsulation vxlan
[SwitchG-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchG-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchG-vsi-vpna-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchG-vsi-vpna] igmp-snooping enable
[SwitchG-vsi-vpna] igmp-snooping proxy enable
# 創建VXLAN 31。
[SwitchG-vsi-vpna] vxlan 31
[SwitchG-vsi-vpna-vxlan-31] quit
[SwitchG-vsi-vpna] quit
# 配置BGP發布EVPN路由。
[SwitchG] bgp 300
[SwitchG-bgp-default] peer 99.99.99.99 as-number 300
[SwitchG-bgp-default] peer 99.99.99.99 connect-interface loopback 0
[SwitchG-bgp-default] address-family l2vpn evpn
[SwitchG-bgp-default-evpn] peer 99.99.99.99 enable
[SwitchG-bgp-default-evpn] peer 99.99.99.99 next-hop-local
[SwitchG-bgp-default-evpn] quit
[SwitchG-bgp-default] quit
# 在接口Twenty-FiveGigE1/0/1上創建以太網服務實例100,該實例用來匹配VLAN 31的數據幀。
[SwitchG] interface twenty-fivegige 1/0/1
[SwitchG-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchG-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 31
[SwitchG-Twenty-FiveGigE1/0/1] service-instance 100
[SwitchG-Twenty-FiveGigE1/0/1-srv100] encapsulation s-vid 31
# 配置以太網服務實例100與VSI實例vpna關聯。
[SwitchG-Twenty-FiveGigE1/0/1-srv100] xconnect vsi vpna
[SwitchG-Twenty-FiveGigE1/0/1-srv100] quit
# 配置VPN實例的RD和RT。
[SwitchG] ip vpn-instance vpn1
[SwitchG-vpn-instance-vpn1] route-distinguisher 3:2
[SwitchG-vpn-instance-vpn1] vpn-target 30:30 import-extcommunity
[SwitchG-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity
[SwitchG-vpn-instance-vpn1] quit
# 配置VSI虛接口VSI-interface1。
[SwitchG] interface vsi-interface 1
[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface1] ip address 192.168.60.1 255.255.255.0
[SwitchG-Vsi-interface1] igmp enable
[SwitchG-Vsi-interface1] pim sm
[SwitchG-Vsi-interface1] distributed-gateway local
[SwitchG-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例vpn1對應的L3VNI為1002。
[SwitchG] interface vsi-interface 2
[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface2] l3-vni 1003
[SwitchG-Vsi-interface2] pim sm
[SwitchG-Vsi-interface2] quit
# 使能VPN實例vpn1的IP組播路由功能。
[SwitchG] multicast routing vpn-instance vpn1
[SwitchG-mrib-vpn1] quit
# 創建VPN實例vpn1的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchG] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchG-mvxlan-vpn1] address-family ipv4
[SwitchG-mvxlan-vpn1-ipv4] source loopback 0
[SwitchG-mvxlan-vpn1-ipv4] quit
[SwitchG-mvxlan-vpn1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchG] interface loopback 0
[SwitchG-LoopBack0] ip address 6.6.6.6 32
[SwitchG-LoopBack0] ospf 1 area 0.0.0.0
[SwitchG-LoopBack0] pim sm
[SwitchG-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBack1接口。
[SwitchG] interface loopback 1
[SwitchG-LoopBack1] ip binding vpn-instance vpn1
[SwitchG-LoopBack1] ip address 6.6.6.6 32
[SwitchG-LoopBack1] pim sm
[SwitchG-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchG] pim vpn-instance vpn1
[SwitchG-pim-vpn1] c-bsr 6.6.6.6
[SwitchG-pim-vpn1] c-rp 6.6.6.6
[SwitchG-pim-vpn1] quit
# 配置VXLAN 21所在的VSI實例和接口VSI-interface1關聯。
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] gateway vsi-interface 1
[SwitchG-vsi-vpna] quit
(1) 查看Leaf層設備上的組播路由信息。(以Switch A為例,Switch B、Switch E和Switch G的顯示信息與此類似)
# 查看Swich A上VPN實例vpn1的組播路由信息。
<SwitchA> display pim vpn-instance vpn routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(192.168.10.10, 225.0.1.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# 查看Switch A的公網組播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:08:58
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:08:06, Expires: 00:03:26
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:07:53
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:07:53, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:08:06
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:08:06, Expires: -
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:07:53
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:07:53, Expires: 00:02:39
(2) 查看ED上的組播路由信息。(以Switch C為例,Switch D和Switch F的顯示信息與此類似)
# 查看Switch C的VPN實例vpn1的組播路由信息。
<SwitchC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:09:14
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 01:09:14, Expires: -
(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:58:36
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Extranet (VPN: vpn2)
Protocol: MD, UpTime: 00:58:36, Expires: -
2: Extranet (VPN: vpn4)
Protocol: MD, UpTime: 00:58:36, Expires: -
# 查看Switch C的VPN實例vpn2的組播路由信息。
<SwitchC> display pim vpn-instance vpn2 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC
UpTime: 01:39:28
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 01:39:28, Expires: -
(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT
UpTime: 01:39:24
Upstream interface: Extranet (VPN: vpn1)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 01:39:24, Expires: -
# 查看Switch C的VPN實例vpn4的組播路由信息。
<SwitchC> display pim vpn-instance vpn4 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC
UpTime: 01:04:54
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface4
Protocol: MD, UpTime: 01:04:54, Expires: -
(192.168.10.10, 225.0.1.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT
UpTime: 01:00:09
Upstream interface: Extranet (VPN: vpn1)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface4
Protocol: MD, UpTime: 01:00:09, Expires: -
# 查看Switch C的公網組播路由信息。
<SwitchC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:29:21
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:21, Expires: -
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:29:08
Upstream interface: Vlan-interface20
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:20
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:08, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:30:55
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:29:21, Expires: 00:03:07
2: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 01:29:08
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:29:08, Expires: -
Switch A、Switch B為DC 1的VTEP設備,用於用戶的接入;Switch D、Switch E、Switch F為DC 1的ED設備,用於DC間的互聯;Switch C為DC 1的RR,在Switch之間反射路由。Switch J為DC 2的VTEP設備,用於用戶的接入;Switch H、Switch I為DC 2的ED設備,用於DC間的互聯。Switch L為DC 3的VTEP設備,用於用戶的接入;Switch K為DC 2的ED設備,用於DC間的互聯。DC 1、DC 2、DC 3內均使用L3VNI 1000。Switch G設備用於連接不同數據中心的ED。
Switch A~Switch L連接DC內設備的公網接口上均配置PIM-SM,Switch A、Switch B、Switch J、Switch L上使能IGMP Snooping功能,用於建立組播轉發表項。連接DC外設備的公網接口不需要使能PIM-SM。
Switch A連接組播源,Switch B、Switch J、Switch L連接組播接收者,組播接收者可接收組播組225.0.0.1的組播流量。
圖3-8 三DC跨數據中心三層組播互通支持多ED配置組網圖(不同DC相同L3VNI)
|
設備 |
接口 |
IP地址 |
設備 |
接口 |
IP地址 |
|
Switch A |
Loop0 |
1.1.1.1/32 |
Switch B |
Loop0 |
2.2.2.2/32 |
|
|
Loop1 |
1.1.1.1/32 |
|
Loop1 |
2.2.2.2/32 |
|
|
Vlan-int10 |
121.121.121.1/24 |
|
WGE1/0/1 |
- |
|
|
WGE1/0/2 |
- |
|
Vlan-int20 |
122.122.122.2/24 |
|
|
VSI-int1 |
10.0.0.1/24 |
|
VSI-int1 |
10.0.0.1/24 |
|
|
VSI-int2 |
- |
|
VSI-int2 |
- |
|
Switch C |
Loop0 |
12.12.12.12/32 |
Swtich D |
Loop0 |
3.3.3.3/32 |
|
|
Vlan-int10 |
121.121.121.12/24 |
|
Loop1 |
3.3.3.3/32 |
|
|
Vlan-int20 |
122.122.122.12/24 |
|
Loop2 |
3.4.5.0/32 |
|
|
Vlan-int30 |
123.123.123.12/24 |
|
Vlan-int3 |
113.113.113.3/24 |
|
|
Vlan-int40 |
124.124.124.12/24 |
|
Vlan-int30 |
123.123.123.3/24 |
|
|
Vlan-int50 |
125.125.125.12/24 |
|
VSI-int2 |
- |
|
Swtich E |
Loop0 |
4.4.4.4/32 |
Swtich F |
Loop0 |
5.5.5.5/32 |
|
|
Loop1 |
4.4.4.4/32 |
|
Loop1 |
5.5.5.5/32 |
|
|
Loop2 |
3.4.5.0/32 |
|
Loop2 |
3.4.5.0/32 |
|
|
Vlan-int4 |
114.114.114.4/24 |
|
Vlan-int50 |
125.125.125.5/24 |
|
|
Vlan-int40 |
124.124.124.4/24 |
|
Vlan-int5 |
115.115.115.5/24 |
|
|
VSI-int2 |
- |
|
VSI-int2 |
- |
|
Swtich G |
Loop0 |
11.11.11.11/32 |
Switch J |
Loop0 |
8.8.8.8/32 |
|
|
Vlan-int3 |
113.113.113.11/24 |
|
Loop1 |
8.8.8.8/32 |
|
|
Vlan-int4 |
114.114.114.11/24 |
|
WGE1/0/1 |
- |
|
|
Vlan-int5 |
115.115.115.11/24 |
|
Vlan-int200 |
78.78.78.87/24 |
|
|
Vlan-int9 |
119.119.119.11/24 |
|
Vlan-int300 |
68.68.68.86/24 |
|
|
Vlan-int7 |
117.117.117.11/24 |
|
VSI-int1 |
10.0.0.1/24 |
|
|
Vlan-int6 |
116.116.116.11/24 |
|
VSI-int2 |
- |
|
Switch H |
Loop0 |
6.6.6.6/32 |
Switch I |
Loop0 |
7.7.7.7/32 |
|
|
Loop1 |
6.6.6.6/32 |
|
Loop1 |
7.7.7.7/32 |
|
|
Loop2 |
2.2.1.1/32 |
|
Loop2 |
2.2.1.1/32 |
|
|
Vlan-int300 |
68.68.68.68/24 |
|
Vlan-int7 |
117.117.117.7/24 |
|
|
Vlan-int6 |
116.116.116.6/24 |
|
Vlan-int200 |
78.78.78.78/24 |
|
|
VSI-int2 |
- |
|
VSI-int2 |
- |
|
Swtich K |
Loop0 |
9.9.9.9/32 |
Switch L |
Loop0 |
10.10.10.10/32 |
|
|
Loop1 |
9.9.9.9/32 |
|
Loop1 |
10.10.10.10/32 |
|
|
Vlan-int100 |
109.109.109.9/24 |
|
Vlan-int100 |
109.109.109.10/24 |
|
|
Vlan-int9 |
119.119.119.9/24 |
|
WGE1/0/2 |
- |
|
|
VSI-int2 |
- |
|
VSI-int1 |
10.0.0.1/24 |
|
|
|
|
|
VSI-int2 |
- |
(1) 配置IP地址、單播路由協議和PIM SM協議
# 在Source和Receiver上均指定網關地址為10.0.0.1。(具體配置過程略)
# 配置各接口的IP地址和子網掩碼;在DC內配置OSPF協議,確保DC內的路由器之間路由可達。(具體配置過程略)
# 在DC內設備間相連的VLAN接口上使能PIM SM。ED間相連的VLAN接口上不能使能PIM SM。(具體配置過程略)
(2) 配置Switch A
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF進程,創建VLAN 11。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] pim
[SwitchA-pim] quit
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA] vlan 11
[SwitchA-vlan11] quit
# 開啟設備的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# 開啟缺省解封裝指定IPv4 VXLAN報文功能。
[SwitchA] vxlan default-decapsulation source interface loopback 0
# 在VSI實例1下創建EVPN實例。
[SwitchA] vsi 1
[SwitchA-vsi-1] evpn encapsulation vxlan
[SwitchA-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-1-evpn-vxlan] quit
# 在VSI實例1內使能IGMP Snooping。
[SwitchA-vsi-1] igmp-snooping enable
# 創建VXLAN 10。
[SwitchA-vsi-1] vxlan 10
[SwitchA-vsi-1-vxlan-10] quit
# 配置BGP發布EVPN路由,並使能與對等體的Add-Path接收能力。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 12.12.12.12 as-number 100
[SwitchA-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchA-bgp-default-evpn] peer 12.12.12.12 additional-paths receive
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/2上創建以太網服務實例11,該實例用來匹配VLAN 11的數據幀。
[SwitchA] interface twenty-fivegige 1/0/2
[SwitchA-Twenty-FiveGigE1/0/2] port link-mode bridge
[SwitchA-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/2] port trunk permit vlan 1 11
[SwitchA-Twenty-FiveGigE1/0/2] service-instance 11
[SwitchA-Twenty-FiveGigE1/0/2-srv11] encapsulation s-vid 11
# 配置以太網服務實例11與VSI實例1關聯。
[SwitchA-Twenty-FiveGigE1/0/2-srv11] xconnect vsi 1
[SwitchA-Twenty-FiveGigE1/0/2-srv11] quit
[SwitchA-Twenty-FiveGigE1/0/2] quit
# 配置VPN a的RD和RT。
[SwitchA] ip vpn-instance a
[SwitchA-vpn-instance-a] route-distinguisher 1:1
[SwitchA-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchA-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchA-vpn-instance-a] quit
# 配置VSI虛接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance a
[SwitchA-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] mac-address 0001-0001-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance a
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] quit
# 使能公網的IP組播路由功能。
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] pim
[SwitchA-pim] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchA] multicast routing vpn-instance a
[SwitchA-mrib-a] quit
# 進入VPN實例a的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance a
[SwitchA-pim-a] c-bsr 1.1.1.1
[SwitchA-pim-a] c-rp 1.1.1.1
[SwitchA-pim-a] quit
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,配置通過S-PMSI路由發布組播源功能,並配置由Default-MDT向Data-MDT切換的延遲時間為20秒(大於BGP發布同一路由的缺省時間間隔15秒)。
[SwitchA] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchA-mvxlan-a] address-family ipv4
[SwitchA-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchA-mvxlan-a-ipv4] source loopback 0
[SwitchA-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchA-mvxlan-a-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-a-ipv4] data-delay 20
[SwitchA-mvxlan-a-ipv4] quit
[SwitchA-mvxlan-a] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance a
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 配置VXLAN 11所在的VSI實例和接口VSI-interface1關聯。
[SwitchA] vsi 1
[SwitchA-vsi-1] gateway vsi-interface 1
[SwitchA-vsi-1] quit
(3) 配置Switch B
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF進程,創建VLAN 22。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
[SwitchB] pim
[SwitchB-pim] quit
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB] vlan 22
[SwitchB-vlan22] quit
# 開啟設備的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] quit
# 開啟缺省解封裝指定IPv4 VXLAN報文功能。
[SwitchB] vxlan default-decapsulation source interface loopback 0
# 在VSI實例1下創建EVPN實例。
[SwitchB] vsi 1
[SwitchB-vsi-1] evpn encapsulation vxlan
[SwitchB-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-1-evpn-vxlan] quit
# 在VSI實例1內使能IGMP Snooping。
[SwitchB-vsi-1] igmp-snooping enable
# 創建VXLAN 10。
[SwitchB-vsi-1] vxlan 10
[SwitchB-vsi-1-vxlan-10] quit
# 配置BGP發布EVPN路由,並使能與對等體的Add-Path接收能力。
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 12.12.12.12 as-number 100
[SwitchB-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchB-bgp-default-evpn] peer 12.12.12.12 additional-paths receive
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例22,該實例用來匹配VLAN 22的數據幀。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-mode bridge
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 22
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 22
[SwitchB-Twenty-FiveGigE1/0/1-srv22] encapsulation s-vid 22
# 配置以太網服務實例22與VSI實例1關聯。
[SwitchB-Twenty-FiveGigE1/0/1-srv22] xconnect vsi 1
[SwitchB-Twenty-FiveGigE1/0/1-srv22] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# 配置VPN a的RD和RT。
[SwitchB] ip vpn-instance a
[SwitchB-vpn-instance-a] route-distinguisher 2:2
[SwitchB-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchB-vpn-instance-a] quit
# 配置VSI虛接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance a
[SwitchB-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 0001-0001-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance a
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# 使能公網的IP組播路由功能。
[SwitchB] multicast routing
[SwitchB-mrib] quit
[SwitchB] pim
[SwitchB-pim] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchB] multicast routing vpn-instance a
[SwitchB-mrib-a] quit
# 進入VPN實例a的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchB] pim vpn-instance a
[SwitchB-pim-a] c-bsr 2.2.2.2
[SwitchB-pim-a] c-rp 2.2.2.2
[SwitchB-pim-a] quit
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchB-mvxlan-a] address-family ipv4
[SwitchB-mvxlan-a-ipv4] source loopback 0
[SwitchB-mvxlan-a-ipv4] quit
[SwitchB-mvxlan-a] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance a
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchB] vsi 1
[SwitchB-vsi-1] gateway vsi-interface 1
[SwitchB-vsi-1] quit
(4) 配置Switch C
# 使能IP組播路由功能,啟動OSPF進程。
<SwitchC> system-view
[SwitchC] multicast routing
[SwitchC-mrib] quit
[SwitchC] pim
[SwitchC-pim] quit
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 12.12.12.12 32
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] quit
# 配置Switch C作為RR,在Switch之間反射BGP EVPN路由,使能與對等體Switch A和Switch B的Add-path發送能力,並配置Add-path優選路由的最大條數。其中,Add-path優選路由的最大條數不能小於ED對等體的個數。
[SwitchC] bgp 100
[SwitchC-bgp-default] group ED internal
[SwitchC-bgp-default] peer ED connect-interface loopback 0
[SwitchC-bgp-default] group VTEP internal
[SwitchC-bgp-default] peer VTEP connect-interface loopback 0
[SwitchC-bgp-default] peer 1.1.1.1 group VTEP
[SwitchC-bgp-default] peer 2.2.2.2 group VTEP
[SwitchC-bgp-default] peer 3.3.3.3 group ED
[SwitchC-bgp-default] peer 4.4.4.4 group ED
[SwitchC-bgp-default] peer 5.5.5.5 group ED
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] additional-paths select-best 3
[SwitchC-bgp-default-evpn] peer ED enable
[SwitchC-bgp-default-evpn] peer ED reflect-client
[SwitchC-bgp-default-evpn] peer VTEP enable
[SwitchC-bgp-default-evpn] peer VTEP reflect-client
[SwitchC-bgp-default-evpn] peer VTEP additional-paths send
[SwitchC-bgp-default-evpn] peer VTEP advertise additional-paths best 3
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
(5) 配置Switch D
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF和RIP進程。
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
[SwitchD] pim
[SwitchD-pim] quit
[SwitchD] ospf 1
[SwitchD-ospf-1] area 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
[SwitchD] rip 1
[SwitchD-rip-1] network 3.0.0.0
[SwitchD-rip-1] network 113.0.0.0
[SwitchD-rip-1] quit
# 開啟IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 在與外部ED連接的物理口上配置RIP路由協議,並開啟DCI功能。
[SwitchD] interface vlan-interface 3
[SwitchD-Vlan-interface3] rip 1 enable
[SwitchD-Vlan-interface3] dci enable
[SwitchD-Vlan-interface3] quit
# 配置ED設備的虛擬IPv4地址為3.4.5.0。
[SwitchD] evpn edge group 3.4.5.0
# 配置VPN實例a的RD和RT。
[SwitchD] ip vpn-instance a
[SwitchD-vpn-instance-a] route-distinguisher 3:3
[SwitchD-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchD-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchD-vpn-instance-a] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 3.3.3.3 32
[SwitchD-LoopBack0] rip 1 enable
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance a
[SwitchD-LoopBack1] ip address 3.3.3.3 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBcak2接口。
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip address 3.4.5.0 32
[SwitchD-LoopBack2] rip 1 enable
[SwitchD-LoopBack2] ospf 1 area 0.0.0.0
[SwitchD-LoopBack2] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance a
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchD] multicast routing vpn-instance a
[SwitchD-mrib-a] quit
# 進入VPN實例a的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance a
[SwitchD-pim-a] c-bsr 3.3.3.3
[SwitchD-pim-a] c-rp 3.3.3.3
[SwitchD-pim-a] quit
# 配置本DC內其他ED的IPv4地址。
[SwitchD] multicast-vpn vxlan edge remote 4.4.4.4
[SwitchD] multicast-vpn vxlan edge remote 5.5.5.5
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group和MVXLAN源接口,並開啟組播DCI功能。
[SwitchD] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchD-mvxlan-a] address-family ipv4
[SwitchD-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchD-mvxlan-a-ipv4] source loopback 0
[SwitchD-mvxlan-a-ipv4] dci enable
[SwitchD-mvxlan-a-ipv4] quit
[SwitchD-mvxlan-a] quit
# 配置路由策略,使Switch D收到來自於Switch H、Switch I的SMET路由和S-PMSI路由後,不將該路由轉發給Switch K;並且,Switch D收到來自於Switch K的SMET路由和S-PMSI路由後,不將該路由轉發給Switch H和Switch I。
[SwitchD] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchD] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchD] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchD] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchD] route-policy dc2 deny node 0
[SwitchD-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchD-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchD-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-dc2-1] route-policy dc3 deny node 0
[SwitchD-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchD-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchD-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-dc3-1] quit
# 配置路由策略,修改Switch D發往Switch C的S-PMSI路由的下一跳為3.3.3.3。
[SwitchD] route-policy rt_spmsi permit node 0
[SwitchD-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchD-route-policy-rt_spmsi-0] apply ip-address next-hop 3.3.3.3
[SwitchD-route-policy-rt_spmsi-0] quit
[SwitchD] route-policy rt_spmsi permit node 1
[SwitchD-route-policy-rt_spmsi-1] quit
# 配置BGP發布EVPN路由,Switch C作為反射器。
[SwitchD] bgp 100
[SwitchD-bgp-default] group ED2 external
[SwitchD-bgp-default] peer ED2 as-number 200
[SwitchD-bgp-default] peer ED2 connect-interface loopback 0
[SwitchD-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchD-bgp-default] peer 6.6.6.6 group ED2
[SwitchD-bgp-default] peer 7.7.7.7 group ED2
[SwitchD-bgp-default] peer 9.9.9.9 as-number 300
[SwitchD-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchD-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchD-bgp-default] peer 12.12.12.12 as-number 100
[SwitchD-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] undo policy vpn-target
[SwitchD-bgp-default-evpn] peer ED2 enable
[SwitchD-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchD-bgp-default-evpn] peer ED2 router-mac-local
[SwitchD-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchD-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchD-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchD-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchD-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(6) 配置Switch E
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF和RIP進程。
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
[SwitchE] pim
[SwitchE-pim] quit
[SwitchE] ospf 1
[SwitchE-ospf-1] area 0.0.0.0
[SwitchE-ospf-1-area-0.0.0.0] quit
[SwitchE] rip 1
[SwitchE-rip-1] network 4.0.0.0
[SwitchE-rip-1] network 114.0.0.0
[SwitchE-rip-1] quit
# 開啟IGMP Snooping功能。
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# 在與外部ED連接的物理口上配置RIP路由協議,並開啟DCI功能。
[SwitchE] interface vlan-interface 4
[SwitchE-Vlan-interface4] rip 1 enable
[SwitchE-Vlan-interface4] dci enable
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] rip 1 enable
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] quit
# 配置VPN實例a的RD和RT。
[SwitchE] ip vpn-instance a
[SwitchE-vpn-instance-a] route-distinguisher 4:4
[SwitchE-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchE-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchE-vpn-instance-a] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance a
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBcak2接口。
[SwitchE] interface loopback 2
[SwitchE-LoopBack2] ip address 3.4.5.0 32
[SwitchE-LoopBack2] rip 1 enable
[SwitchE-LoopBack2] ospf 1 area 0.0.0.0
[SwitchE-LoopBack2] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance a
[SwitchE-Vsi-interface2] l3-vni 1000
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# 配置ED設備的虛擬IPv4地址為3.4.5.0。
[SwitchE] evpn edge group 3.4.5.0
# 使能VPN實例a的IP組播路由功能。
[SwitchE] multicast routing vpn-instance a
[SwitchE-mrib-a] quit
# 進入VPN實例a的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchE] pim vpn-instance a
[SwitchE-pim-a] c-bsr 4.4.4.4
[SwitchE-pim-a] c-rp 4.4.4.4
[SwitchE-pim-a] quit
# 配置本DC內其他ED的IPv4地址。
[SwitchE] multicast-vpn vxlan edge remote 3.3.3.3
[SwitchE] multicast-vpn vxlan edge remote 5.5.5.5
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group和MVXLAN源接口,並開啟組播DCI功能。
[SwitchE] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchE-mvxlan-a] address-family ipv4
[SwitchE-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchE-mvxlan-a-ipv4] source loopback 0
[SwitchE-mvxlan-a-ipv4] dci enable
[SwitchE-mvxlan-a-ipv4] quit
[SwitchE-mvxlan-a] quit
# 配置路由策略,使Switch E收到來自於Switch H和Switch I的SMET路由和S-PMSI路由後,不將該路由轉發給Switch K;並且,Switch E收到來自於Switch K的SMET路由和S-PMSI路由後,不將該路由轉發給Switch H和Switch I。
[SwitchE] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchE] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchE] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchE] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchE] route-policy dc2 deny node 0
[SwitchE-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchE-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchE-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchE-route-policy-dc2-1] route-policy dc3 deny node 0
[SwitchE-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchE-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchE-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchE-route-policy-dc3-1] quit
# 配置路由策略,修改Switch E發往Switch C的S-PMSI路由的下一跳為4.4.4.4。
[SwitchE] route-policy rt_spmsi permit node 0
[SwitchE-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchE-route-policy-rt_spmsi-0] apply ip-address next-hop 4.4.4.4
[SwitchE-route-policy-rt_spmsi-0] quit
[SwitchE] route-policy rt_spmsi permit node 1
[SwitchE-route-policy-rt_spmsi-1] quit
# 配置BGP發布EVPN路由,Switch C作為反射器。
[SwitchE] bgp 100
[SwitchE-bgp-default] group ED2 external
[SwitchE-bgp-default] peer ED2 as-number 200
[SwitchE-bgp-default] peer ED2 connect-interface loopback 0
[SwitchE-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchE-bgp-default] peer 6.6.6.6 group ED2
[SwitchE-bgp-default] peer 7.7.7.7 group ED2
[SwitchE-bgp-default] peer 9.9.9.9 as-number 300
[SwitchE-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchE-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchE-bgp-default] peer 12.12.12.12 as-number 100
[SwitchE-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] undo policy vpn-target
[SwitchE-bgp-default-evpn] peer ED2 enable
[SwitchE-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchE-bgp-default-evpn] peer ED2 router-mac-local
[SwitchE-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchE-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchE-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchE-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchE-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
(7) 配置Switch F
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF和RIP進程。
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
[SwitchD] pim
[SwitchD-pim] quit
[SwitchF] ospf 1
[SwitchF-ospf-1] area 0.0.0.0
[SwitchF-ospf-1-area-0.0.0.0] quit
[SwitchF] rip 1
[SwitchF-rip-1] network 5.0.0.0
[SwitchF-rip-1] network 115.0.0.0
[SwitchF-rip-1] quit
# 開啟IGMP Snooping功能。
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 5.5.5.5 32
[SwitchF-LoopBack0] rip 1 enable
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] quit
# 在與外部ED連接的物理口上配置RIP路由協議,並開啟DCI功能。
[SwitchF] interface vlan-interface 5
[SwitchF-Vlan-interface5] rip 1 enable
[SwitchF-Vlan-interface5] dci enable
# 配置VPN實例a的RD和RT。
[SwitchF] ip vpn-instance a
[SwitchF-vpn-instance-a] route-distinguisher 5:5
[SwitchF-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchF-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchF-vpn-instance-a] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance a
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] pim sm
[SwitchF-Vsi-interface2] quit
# 配置ED設備的虛擬IPv4地址為3.4.5.0。
[SwitchF] evpn edge group 3.4.5.0
# 配置本DC內其他ED的IP地址。
[SwitchF] multicast-vpn vxlan edge remote 3.3.3.3
[SwitchF] multicast-vpn vxlan edge remote 4.4.4.4
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance a
[SwitchF-LoopBack1] ip address 5.5.5.5 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBcak2接口。
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip address 3.4.5.0 32
[SwitchF-LoopBack2] rip 1 enable
[SwitchF-LoopBack2] ospf 1 area 0.0.0.0
[SwitchF-LoopBack2] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance a
[SwitchF-pim-a] c-bsr 5.5.5.5
[SwitchF-pim-a] c-rp 5.5.5.5
[SwitchF-pim-a] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchF] multicast routing vpn-instance a
[SwitchF-mrib-a] quit
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group和MVXLAN源接口,並開啟組播DCI功能。
[SwitchF] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchF-mvxlan-a] address-family ipv4
[SwitchF-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchF-mvxlan-a-ipv4] source loopback 0
[SwitchF-mvxlan-a-ipv4] dci enable
[SwitchF-mvxlan-a-ipv4] quit
[SwitchF-mvxlan-a] quit
# 配置路由策略,使Switch F收到來自於Switch H和Switch I的SMET路由和S-PMSI路由後,不將該路由轉發給Switch K;並且,Switch D收到來自於Switch K的SMET路由和S-PMSI路由後,不將該路由轉發給Switch H和Switch I。
[SwitchF] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchF] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchF] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchF] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchF] route-policy dc2 deny node 0
[SwitchF-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchF-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchF-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-dc2-1] route-policy dc3 deny node 0
[SwitchF-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchF-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchF-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-dc3-1] quit
#配置路由策略,修改Switch D發往Switch C的S-PMSI路由的下一跳為5.5.5.5。
[SwitchF] route-policy rt_spmsi permit node 0
[SwitchF-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchF-route-policy-rt_spmsi-0] apply ip-address next-hop 5.5.5.5
[SwitchF] quit
[SwitchF-route-policy-rt_spmsi-0] route-policy rt_spmsi permit node 1
[SwitchF-route-policy-rt_spmsi-1] quit
# 配置BGP發布EVPN路由,Switch C作為反射器。
[SwitchF] bgp 100
[SwitchF-bgp-default] group ED2 external
[SwitchF-bgp-default] peer ED2 as-number 200
[SwitchF-bgp-default] peer ED2 connect-interface loopback 0
[SwitchF-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchF-bgp-default] peer 6.6.6.6 group ED2
[SwitchF-bgp-default] peer 7.7.7.7 group ED2
[SwitchF-bgp-default] peer 9.9.9.9 as-number 300
[SwitchF-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchF-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchF-bgp-default] peer 12.12.12.12 as-number 100
[SwitchF-bgp-default] peer 12.12.12.12 connect-interface loopback 0
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] undo policy vpn-target
[SwitchF-bgp-default-evpn] peer ED2 enable
[SwitchF-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchF-bgp-default-evpn] peer ED2 router-mac-local
[SwitchF-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchF-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchF-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchF-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchF-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
(8) 配置Switch G
#啟動RIP進程。
<SwitchG> system-view
[SwitchG] rip 1
[SwitchG-rip-1] network 113.0.0.0
[SwitchG-rip-1] network 114.0.0.0
[SwitchG-rip-1] network 115.0.0.0
[SwitchG-rip-1] network 116.0.0.0
[SwitchG-rip-1] network 117.0.0.0
[SwitchG-rip-1] network 119.0.0.0
[SwitchG-rip-1] quit
# 在與ED連接的物理口上配置RIP路由協議。
[SwitchG] interface vlan-interface 3
[SwitchG-Vlan-interface3] rip 1 enable
[SwitchG-Vlan-interface3] quit
[SwitchG] interface vlan-interface 4
[SwitchG-Vlan-interface4] rip 1 enable
[SwitchG-Vlan-interface4] quit
[SwitchG] interface vlan-interface 5
[SwitchG-Vlan-interface5] rip 1 enable
[SwitchG-Vlan-interface5] quit
[SwitchG] interface vlan-interface 6
[SwitchG-Vlan-interface6] rip 1 enable
[SwitchG-Vlan-interface6] quit
[SwitchG] interface vlan-interface 7
[SwitchG-Vlan-interface7] rip 1 enable
[SwitchG-Vlan-interface7] quit
[SwitchG] interface vlan-interface 9
[SwitchG-Vlan-interface9] rip 1 enable
[SwitchG-Vlan-interface9] quit
(9) 配置Switch H
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF和RIP進程。
<SwitchH> system-view
[SwitchH] l2vpn enable
[SwitchH] multicast routing
[SwitchH-mrib] quit
[SwitchH] pim
[SwitchH-pim] quit
[SwitchH] ospf 1
[SwitchH-ospf-1] area 0.0.0.0
[SwitchH-ospf-1-area-0.0.0.0] quit
[SwitchH] rip 1
[SwitchH-rip-1] network 2.0.0.0
[SwitchH-rip-1] network 6.0.0.0
[SwitchH-rip-1] network 116.0.0.0
[SwitchH-rip-1] quit
# 開啟IGMP Snooping功能。
[SwitchH] igmp-snooping
[SwitchH-igmp-snooping] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchH] interface loopback 0
[SwitchH-LoopBack0] ip address 6.6.6.6 32
[SwitchH-LoopBack0] rip 1 enable
[SwitchH-LoopBack0] ospf 1 area 0.0.0.0
[SwitchH-LoopBack0] quit
# 在與外部ED連接的物理口上配置RIP路由協議,並開啟DCI功能。
[SwitchH] interface vlan-interface 6
[SwitchH-Vlan-interface6] rip 1 enable
[SwitchH-Vlan-interface6] dci enable
[SwitchH-Vlan-interface6] quit
# 配置VPN實例a的RD和RT。
[SwitchH] ip vpn-instance a
[SwitchH-vpn-instance-a] route-distinguisher 6:6
[SwitchH-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchH-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchH-vpn-instance-a] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchH] interface vsi-interface 2
[SwitchH-Vsi-interface2] ip binding vpn-instance a
[SwitchH-Vsi-interface2] l3-vni 1000
[SwitchH-Vsi-interface2] pim sm
[SwitchH-Vsi-interface2] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchH] interface loopback 1
[SwitchH-LoopBack1] ip binding vpn-instance a
[SwitchH-LoopBack1] ip address 6.6.6.6 32
[SwitchH-LoopBack1] pim sm
[SwitchH-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBcak2接口。
[SwitchH] interface loopback 2
[SwitchH-LoopBack2] ip address 2.2.1.1 32
[SwitchH-LoopBack2] rip 1 enable
[SwitchH-LoopBack2] ospf 1 area 0.0.0.0
[SwitchH-LoopBack2] quit
# 進入VPN實例a的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchH] pim vpn-instance a
[SwitchH-pim-a] c-bsr 6.6.6.6
[SwitchH-pim-a] c-rp 6.6.6.6
[SwitchH-pim-a] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchH] multicast routing vpn-instance a
[SwitchH-mrib-a] quit
# 配置ED設備的虛擬IPv4地址為2.2.1.1。
[SwitchH] evpn edge group 2.2.1.1
# 配置本DC內其他ED的IP地址。
[SwitchH] multicast-vpn vxlan edge remote 7.7.7.7
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Switch H上配置的Data-Group範圍必須與Switch A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[SwitchH] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchH-mvxlan-a] address-family ipv4
[SwitchH-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchH-mvxlan-a-ipv4] source loopback 0
[SwitchH-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchH-mvxlan-a-ipv4] dci enable
[SwitchH-mvxlan-a-ipv4] quit
[SwitchH-mvxlan-a] quit
# 配置路由策略,使Switch H收到來自於Switch D、Switch E和Switch F的SMET路由和S-PMSI路由後,不將該路由轉發給Switch K;並且,Switch H收到來自於Switch K的SMET路由和S-PMSI路由後,不將該路由轉發給Switch D、Switch E和Switch F。
[SwitchH] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchH] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchH] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchH] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchH] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchH] route-policy dc1 deny node 0
[SwitchH-route-policy-dc1-0] if-match ip route-source prefix-list 3
[SwitchH-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchH-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchH-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchH-route-policy-dc1-1] route-policy dc3 deny node 0
[SwitchH-route-policy-dc3-0] if-match ip route-source prefix-list 1
[SwitchH-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchH-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchH-route-policy-dc3-1] if-match ip route-source prefix-list 0
[SwitchH-route-policy-dc3-1] quit
# 配置路由策略,修改Switch H發往Switch J的S-PMSI路由的下一跳為6.6.6.6。
[SwitchH] route-policy rt_spmsi permit node 0
[SwitchH-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchH-route-policy-rt_spmsi-0] apply ip-address next-hop 6.6.6.6
[SwitchH-route-policy-rt_spmsi-0] quit
[SwitchH] route-policy rt_spmsi permit node 1
[SwitchH-route-policy-rt_spmsi-1] quit
# 配置BGP發布EVPN路由。
[SwitchH] bgp 200
[SwitchH-bgp-default] group ED1 external
[SwitchH-bgp-default] peer ED1 as-number 100
[SwitchH-bgp-default] peer ED1 connect-interface loopback 0
[SwitchH-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchH-bgp-default] peer 3.3.3.3 group ED1
[SwitchH-bgp-default] peer 4.4.4.4 group ED1
[SwitchH-bgp-default] peer 5.5.5.5 group ED1
[SwitchH-bgp-default] peer 7.7.7.7 as-number 200
[SwitchH-bgp-default] peer 7.7.7.7 connect-interface loopback 0
[SwitchH-bgp-default] peer 8.8.8.8 as-number 200
[SwitchH-bgp-default] peer 8.8.8.8 connect-interface loopback 0
[SwitchH-bgp-default] peer 9.9.9.9 as-number 300
[SwitchH-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchH-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchH-bgp-default] address-family l2vpn evpn
[SwitchH-bgp-default-evpn] peer ED1 enable
[SwitchH-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchH-bgp-default-evpn] peer ED1 router-mac-local
[SwitchH-bgp-default-evpn] peer 7.7.7.7 enable
[SwitchH-bgp-default-evpn] peer 7.7.7.7 next-hop-local
[SwitchH-bgp-default-evpn] peer 8.8.8.8 enable
[SwitchH-bgp-default-evpn] peer 8.8.8.8 route-policy rt_spmsi export
[SwitchH-bgp-default-evpn] peer 8.8.8.8 next-hop-local
[SwitchH-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchH-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchH-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchH-bgp-default-evpn] quit
[SwitchH-bgp-default] quit
(10) 配置Switch I
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF和RIP進程。
<SwitchI> system-view
[SwitchI] l2vpn enable
[SwitchI] multicast routing
[SwitchI-mrib] quit
[SwitchI] pim
[SwitchI-pim] quit
[SwitchI] ospf 1
[SwitchI-ospf-1] area 0.0.0.0
[SwitchI-ospf-1-area-0.0.0.0] quit
[SwitchI] rip 1
[SwitchI-rip-1] network 2.0.0.0
[SwitchI-rip-1] network 7.0.0.0
[SwitchI-rip-1] network 117.0.0.0
[SwitchI-rip-1] quit
# 開啟IGMP Snooping功能。
[SwitchI] igmp-snooping
[SwitchI-igmp-snooping] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchI] interface loopback 0
[SwitchI-LoopBack0] ip address 7.7.7.7 32
[SwitchI-LoopBack0] rip 1 enable
[SwitchI-LoopBack0] ospf 1 area 0.0.0.0
[SwitchI-LoopBack0] quit
# 在與外部ED連接的物理口上配置RIP路由協議,並開啟DCI功能。
[SwitchI] interface vlan-interface 7
[SwitchI-Vlan-interface7] rip 1 enable
[SwitchI-Vlan-interface7] dci enable
# 配置VPN實例a的RD和RT。
[SwitchI] ip vpn-instance a
[SwitchI-vpn-instance-a] route-distinguisher 7:7
[SwitchI-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchI-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchI-vpn-instance-a] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchI] interface vsi-interface 2
[SwitchI-Vsi-interface2] ip binding vpn-instance a
[SwitchI-Vsi-interface2] l3-vni 1000
[SwitchI-Vsi-interface2] pim sm
[SwitchI-Vsi-interface2] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchI] interface loopback 1
[SwitchI-LoopBack1] ip binding vpn-instance a
[SwitchI-LoopBack1] ip address 7.7.7.7 32
[SwitchI-LoopBack1] pim sm
[SwitchI-LoopBack1] quit
# 創建接口LoopBack2,並配置LoopBcak2接口。
[SwitchI] interface loopback 2
[SwitchI-LoopBack2] ip address 2.2.1.1 32
[SwitchI-LoopBack2] rip 1 enable
[SwitchI-LoopBack2] ospf 1 area 0.0.0.0
[SwitchI-LoopBack2] quit
# 進入VPN實例a的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchI] pim vpn-instance a
[SwitchI-pim-a] c-bsr 7.7.7.7
[SwitchI-pim-a] c-rp 7.7.7.7
[SwitchI-pim-a] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchI] multicast routing vpn-instance a
[SwitchI-mrib-a] quit
# 配置ED設備的虛擬IPv4地址為2.2.1.1。
[SwitchI] evpn edge group 2.2.1.1
# 配置本DC內其他ED的IPv4地址。
[SwitchI] multicast-vpn vxlan edge remote 6.6.6.6
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Switch I上配置的Data-Group範圍必須與Switch A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[SwitchI] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchI-mvxlan-a] address-family ipv4
[SwitchI-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchI-mvxlan-a-ipv4] source loopback 0
[SwitchI-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchI-mvxlan-a-ipv4] dci enable
[SwitchI-mvxlan-a-ipv4] quit
[SwitchI-mvxlan-a] quit
# 配置路由策略,使Switch I收到來自於Switch D、Switch E和Switch F的SMET路由和S-PMSI路由後,不將該路由轉發給Switch K;並且,Switch D收到來自於Switch K的SMET路由和S-PMSI路由後,不將該路由轉發給Switch D、Switch E和Switch F。
[SwitchI] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchI] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchI] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchI] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchI] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchI] route-policy dc1 deny node 0
[SwitchI-route-policy-dc1-0] if-match ip route-source prefix-list 3
[SwitchI-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchI-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchI-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchI-route-policy-dc1-1] route-policy dc3 deny node 0
[SwitchI-route-policy-dc3-0] if-match ip route-source prefix-list 1
[SwitchI-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchI-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchI-route-policy-dc3-1] if-match ip route-source prefix-list 0
[SwitchI-route-policy-dc3-1] quit
# 配置路由策略,修改Switch D發往Switch C的S-PMSI路由的下一跳為7.7.7.7。
[SwitchI] route-policy rt_spmsi permit node 0
[SwitchI-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchI-route-policy-rt_spmsi-0] apply ip-address next-hop 7.7.7.7
[SwitchI-route-policy-rt_spmsi-0] route-policy rt_spmsi permit node 1
[SwitchI-route-policy-rt_spmsi-1] quit
# 配置BGP發布EVPN路由。
[SwitchI] bgp 200
[SwitchI-bgp-default] group ED1 external
[SwitchI-bgp-default] peer ED1 as-number 100
[SwitchI-bgp-default] peer ED1 connect-interface loopback 0
[SwitchI-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchI-bgp-default] peer 3.3.3.3 group ED1
[SwitchI-bgp-default] peer 4.4.4.4 group ED1
[SwitchI-bgp-default] peer 5.5.5.5 group ED1
[SwitchI-bgp-default] peer 6.6.6.6 as-number 200
[SwitchI-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchI-bgp-default] peer 8.8.8.8 as-number 200
[SwitchI-bgp-default] peer 8.8.8.8 connect-interface loopback 0
[SwitchI-bgp-default] peer 9.9.9.9 as-number 300
[SwitchI-bgp-default] peer 9.9.9.9 connect-interface loopback 0
[SwitchI-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchI-bgp-default] address-family l2vpn evpn
[SwitchI-bgp-default-evpn] peer ED1 enable
[SwitchI-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchI-bgp-default-evpn] peer ED1 router-mac-local
[SwitchI-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchI-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchI-bgp-default-evpn] peer 8.8.8.8 enable
[SwitchI-bgp-default-evpn] peer 8.8.8.8 route-policy rt_spmsi export
[SwitchI-bgp-default-evpn] peer 8.8.8.8 next-hop-local
[SwitchI-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchI-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchI-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchI-bgp-default-evpn] quit
[SwitchI-bgp-default] quit
(11) 配置Switch J
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF進程,創建VLAN 33。
<SwitchJ> system-view
[SwitchJ] l2vpn enable
[SwitchJ] multicast routing
[SwitchJ-mrib] quit
[SwitchJ] pim
[SwitchJ-pim] quit
[SwitchJ] ospf 1
[SwitchJ-ospf-1] area 0.0.0.0
[SwitchJ-ospf-1- area-0.0.0.0] quit
[SwitchJ] vlan 33
[SwitchJ-vlan33] quit
# 開啟設備的IGMP Snooping功能。
[SwitchJ] igmp-snooping
[SwitchJ-igmp-snooping] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchJ] interface loopback 0
[SwitchJ-LoopBack0] ip address 8.8.8.8 32
[SwitchJ-LoopBack0] pim sm
[SwitchJ-LoopBack0] ospf 1 area 0.0.0.0
[SwitchJ-LoopBack0] quit
# 開啟缺省解封裝指定IPv4 VXLAN報文功能。
[SwitchJ] vxlan default-decapsulation source interface loopback 0
# 在VSI實例1下創建EVPN實例。
[SwitchJ] vsi 1
[SwitchJ-vsi-1] evpn encapsulation vxlan
[SwitchJ-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchJ-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchJ-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchJ-vsi-1-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping。
[SwitchJ-vsi-1] igmp-snooping enable
# 創建VXLAN 10。
[SwitchJ-vsi-1] vxlan 10
[SwitchJ-vsi-1-vxlan-10] quit
# 配置BGP發布EVPN路由。
[SwitchJ] bgp 200
[SwitchJ-bgp-default] group ed internal
[SwitchJ-bgp-default] peer ed connect-interface loopback 0
[SwitchJ-bgp-default] peer 6.6.6.6 group ed
[SwitchJ-bgp-default] peer 7.7.7.7 group ed
[SwitchJ-bgp-default] address-family l2vpn evpn
[SwitchJ-bgp-default-evpn] peer ed enable
[SwitchJ-bgp-default-evpn] peer ed next-hop-local
[SwitchJ-bgp-default-evpn] peer ed additional-paths receive
[SwitchJ-bgp-default-evpn] quit
[SwitchJ-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/1上創建以太網服務實例33,該實例用來匹配VLAN 33的數據幀。
[SwitchJ] interface twenty-fivegige 1/0/1
[SwitchJ-Twenty-FiveGigE1/0/1] port link-mode bridge
[SwitchJ-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchJ-Twenty-FiveGigE1/0/1] port trunk permit vlan 1 33
[SwitchJ-Twenty-FiveGigE1/0/1] service-instance 33
[SwitchJ-Twenty-FiveGigE1/0/1-srv33] encapsulation s-vid 33
# 配置以太網服務實例33與VSI實例1關聯。
[SwitchJ-Twenty-FiveGigE1/0/1-srv33] xconnect vsi 1
[SwitchJ-Twenty-FiveGigE1/0/1-srv33] quit
[SwitchJ-Twenty-FiveGigE1/0/1] quit
# 配置VPN a的RD和RT。
[SwitchJ] ip vpn-instance a
[SwitchJ-vpn-instance-a] route-distinguisher 8:8
[SwitchJ-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchJ-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchJ-vpn-instance-a] quit
# 配置VSI虛接口VSI-interface1。
[SwitchJ] interface vsi-interface 1
[SwitchJ-Vsi-interface1] ip binding vpn-instance a
[SwitchJ-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchJ-Vsi-interface1] pim sm
[SwitchJ-Vsi-interface1] igmp enable
[SwitchJ-Vsi-interface1] mac-address 0001-0001-0001
[SwitchJ-Vsi-interface1] distributed-gateway local
[SwitchJ-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchJ] interface vsi-interface 2
[SwitchJ-Vsi-interface2] ip binding vpn-instance a
[SwitchJ-Vsi-interface2] l3-vni 1000
[SwitchJ-Vsi-interface2] pim sm
[SwitchJ-Vsi-interface2] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchJ] multicast routing vpn-instance a
[SwitchJ-mrib-a] quit
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchJ] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchJ-mvxlan-a] address-family ipv4
[SwitchJ-mvxlan-a-ipv4] source loopback 0
[SwitchJ-mvxlan-a-ipv4] quit
[SwitchJ-mvxlan-a] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchJ] interface loopback 1
[SwitchJ-LoopBack1] ip binding vpn-instance a
[SwitchJ-LoopBack1] ip address 8.8.8.8 32
[SwitchJ-LoopBack1] pim sm
[SwitchJ-LoopBack1] quit
# 進入VPN實例a的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchJ] pim vpn-instance a
[SwitchJ-pim-a] c-bsr 8.8.8.8
[SwitchJ-pim-a] c-rp 8.8.8.8
[SwitchJ-pim-a] quit
# 配置VXLAN 11所在的VSI實例和接口VSI-interface1關聯。
[SwitchJ] vsi 1
[SwitchJ-vsi-1] gateway vsi-interface 1
[SwitchJ-vsi-1] quit
(12) 配置Switch K
# 開啟L2VPN能力,使能IP組播路由功能,啟動OSPF和RIP進程。
<SwitchK> system-view
[SwitchK] l2vpn enable
[SwitchK] multicast routing
[SwitchK-mrib] quit
[SwitchK] pim
[SwitchK-pim] quit
[SwitchK] ospf 1
[SwitchK-ospf-1] area 0.0.0.0
[SwitchK-ospf-1-area-0.0.0.0] quit
[SwitchK] rip 1
[SwitchK-rip-1] network 9.0.0.0
[SwitchK-rip-1] network 119.0.0.0
[SwitchK-rip-1] quit
# 開啟IGMP Snooping功能。
[SwitchK] igmp-snooping
[SwitchK-igmp-snooping] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchK] interface loopback 0
[SwitchK-LoopBack0] ip address 9.9.9.9 32
[SwitchK-LoopBack0] rip 1 enable
[SwitchK-LoopBack0] ospf 1 area 0.0.0.0
[SwitchK-LoopBack0] quit
# 在與外部ED連接的物理口上配置RIP路由協議,並開啟DCI功能。
[SwitchK] interface vlan-interface 9
[SwitchK-Vlan-interface9] rip 1 enable
[SwitchK-Vlan-interface9] dci enable
[SwitchK-Vlan-interface9] quit
# 配置VPN實例a的RD和RT。
[SwitchK] ip vpn-instance a
[SwitchK-vpn-instance-a] route-distinguisher 9:9
[SwitchK-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchK-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchK-vpn-instance-a] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchK] interface vsi-interface 2
[SwitchK-Vsi-interface2] ip binding vpn-instance a
[SwitchK-Vsi-interface2] l3-vni 1000
[SwitchK-Vsi-interface2] pim sm
[SwitchK-Vsi-interface2] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchK] interface loopback 1
[SwitchK-LoopBack1] ip binding vpn-instance a
[SwitchK-LoopBack1] ip address 9.9.9.9 32
[SwitchK-LoopBack1] pim sm
[SwitchK-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchK] pim vpn-instance a
[SwitchK-pim-a] c-bsr 9.9.9.9
[SwitchK-pim-a] c-rp 9.9.9.9
[SwitchK-pim-a] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchK] multicast routing vpn-instance a
[SwitchK-mrib-a] quit
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定Default-Group、MVXLAN源接口和Data-Group範圍,並開啟組播DCI功能。Switch K上配置的Data-Group範圍必須與Switch A上配置的Data-Group範圍一致,否則可能會導致流量轉發失敗。
[SwitchK] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchK-mvxlan-a] address-family ipv4
[SwitchK-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchK-mvxlan-a-ipv4] source loopback 0
[SwitchK-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchK-mvxlan-a-ipv4] dci enable
[SwitchK-mvxlan-a-ipv4] quit
[SwitchK-mvxlan-a] quit
# 配置路由策略,使Switch K收到來自於Switch H和Switch I的SMET路由和S-PMSI路由後,不將該路由轉發給Switch D、Switch E和Switch F;並且,Switch D收到來自於Switch D、Switch E和Switch F的SMET路由和S-PMSI路由後,不將該路由轉發給Switch Switch H和Switch I。
[SwitchK] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchK] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchK] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchK] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchK] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchK] ip prefix-list 2 index 10 permit 7.7.7.7 32
[SwitchK] route-policy dc1 deny node 0
[SwitchK-route-policy-dc1-0] if-match ip route-source prefix-list 2
[SwitchK-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchK-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchK-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchK-route-policy-dc1-1] route-policy dc2 deny node 0
[SwitchK-route-policy-dc2-0] if-match ip route-source prefix-list 1
[SwitchK-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchK-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchK-route-policy-dc2-1] if-match ip route-source prefix-list 0
[SwitchK-route-policy-dc2-1] quit
# 配置BGP發布EVPN路由。
[SwitchK] bgp 300
[SwitchK-bgp-default] group ED1 external
[SwitchK-bgp-default] peer ED1 as-number 100
[SwitchK-bgp-default] peer ED1 connect-interface loopback 0
[SwitchK-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchK-bgp-default] group ED2 external
[SwitchK-bgp-default] peer ED2 as-number 100
[SwitchK-bgp-default] peer ED2 connect-interface loopback 0
[SwitchK-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchK-bgp-default] peer 3.3.3.3 group ED1
[SwitchK-bgp-default] peer 4.4.4.4 group ED1
[SwitchK-bgp-default] peer 5.5.5.5 group ED1
[SwitchK-bgp-default] peer 6.6.6.6 group ED2
[SwitchK-bgp-default] peer 7.7.7.7 group ED2
[SwitchK-bgp-default] peer 10.10.10.10 as-number 300
[SwitchK-bgp-default] peer 10.10.10.10 connect-interface loopback 0
[SwitchK-bgp-default] address-family l2vpn evpn
[SwitchK-bgp-default-evpn] peer ED1 enable
[SwitchK-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchK-bgp-default-evpn] peer ED1 router-mac-local
[SwitchK-bgp-default-evpn] peer ED2 enable
[SwitchK-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchK-bgp-default-evpn] peer ED2 router-mac-local
[SwitchK-bgp-default-evpn] peer 10.10.10.10 enable
[SwitchK-bgp-default-evpn] peer 10.10.10.10 next-hop-local
(13) 配置Switch L
# 開啟L2VPN能力,使能IP組播路由功能,開啟OSPF進程,創建VLAN 44。
<SwitchL> system-view
[SwitchL] l2vpn enable
[SwitchL] multicast routing
[SwitchL-mrib] quit
[SwitchL] pim
[SwitchL-pim] quit
[SwitchL] ospf 1
[SwitchL-ospf-1] area 0.0.0.0
[SwitchL-ospf-1-area-0.0.0.0] quit
[SwitchL] vlan 44
[SwitchL-vlan44] quit
# 開啟設備的IGMP Snooping功能。
[SwitchL] igmp-snooping
[SwitchL-igmp-snooping] quit
# 創建接口LoopBack0,並配置LoopBack0接口。
[SwitchL] interface loopback 0
[SwitchL-LoopBack0] ip address 10.10.10.10 32
[SwitchL-LoopBack0] pim sm
[SwitchL-LoopBack0] ospf 1 area 0.0.0.0
[SwitchL-LoopBack0] quit
# 在VSI實例1下創建EVPN實例。
[SwitchL] vsi 1
[SwitchL-vsi-1] evpn encapsulation vxlan
[SwitchL-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchL-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchL-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchL-vsi-1-evpn-vxlan] quit
# 在VSI實例vpna內使能IGMP Snooping。
[SwitchL-vsi-1] igmp-snooping enable
# 創建VXLAN 10。
[SwitchL-vsi-1] vxlan 10
[SwitchL-vsi-1-vxlan-10] quit
# 配置BGP發布EVPN路由。
[SwitchL] bgp 300
[SwitchL-bgp-default] peer 9.9.9.9 as-number 300
[SwitchL-bgp-default] peer 9.9.9.9 connect-interface LoopBack0
[SwitchL-bgp-default] address-family l2vpn evpn
[SwitchL-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchL-bgp-default-evpn] peer 9.9.9.9 next-hop-local
[SwitchL-bgp-default-evpn] quit
[SwitchL-bgp-default] quit
# 在接入服務器的接口Twenty-FiveGigE1/0/2上創建以太網服務實例44,該實例用來匹配VLAN44的數據幀。
[SwitchL] interface twenty-fivegige 1/0/2
[SwitchL-Twenty-FiveGigE1/0/2] port link-mode bridge
[SwitchL-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchL-Twenty-FiveGigE1/0/2] port trunk permit vlan 1 44
[SwitchL-Twenty-FiveGigE1/0/2] service-instance 44
[SwitchL-Twenty-FiveGigE1/0/2-srv44] encapsulation s-vid 44
# 配置以太網服務實例44與VSI實例1關聯。
[SwitchL-Twenty-FiveGigE1/0/2-srv44] xconnect vsi 1
[SwitchL-Twenty-FiveGigE1/0/2-srv44] quit
[SwitchL-Twenty-FiveGigE1/0/2] quit
# 配置VPN a的RD和RT。
[SwitchL] ip vpn-instance a
[SwitchL-vpn-instance-a] route-distinguisher 10:10
[SwitchL-vpn-instance-a] vpn-target 1:1 import-extcommunity
[SwitchL-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchL-vpn-instance-a] quit
# 配置VSI虛接口VSI-interface1。
[SwitchL] interface vsi-interface 1
[SwitchL-Vsi-interface1] ip binding vpn-instance a
[SwitchL-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchL-Vsi-interface1] pim sm
[SwitchL-Vsi-interface1] igmp enable
[SwitchL-Vsi-interface1] mac-address 0001-0001-0001
[SwitchL-Vsi-interface1] distributed-gateway local
[SwitchL-Vsi-interface1] quit
# 創建VSI虛接口VSI-interface2,在該接口上配置VPN實例a對應的L3VNI為1000。
[SwitchL] interface vsi-interface 2
[SwitchL-Vsi-interface2] ip binding vpn-instance a
[SwitchL-Vsi-interface2] l3-vni 1000
[SwitchL-Vsi-interface2] pim sm
[SwitchL-Vsi-interface2] quit
# 使能VPN實例a的IP組播路由功能。
[SwitchL] multicast routing vpn-instance a
[SwitchL-mrib-vpn1] quit
# 創建VPN實例a的MVXLAN並進入MVXLAN IPv4地址族視圖,指定MVXLAN源接口。
[SwitchL] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchL-mvxlan-a] address-family ipv4
[SwitchL-mvxlan-a-ipv4] source loopback 0
[SwitchL-mvxlan-a-ipv4] quit
[SwitchL-mvxlan-a] quit
# 創建接口LoopBack1,並配置LoopBcak1接口。
[SwitchL] interface loopback 1
[SwitchL-LoopBack1] ip binding vpn-instance a
[SwitchL-LoopBack1] ip address 10.10.10.10 32
[SwitchL-LoopBack1] pim sm
[SwitchL-LoopBack1] quit
# 進入VPN實例的PIM視圖,並將接口LoopBack1配置為本地的C-BSR和C-RP。
[SwitchL] pim vpn-instance a
[SwitchL-pim-a] c-bsr 10.10.10.10
[SwitchL-pim-a] c-rp 10.10.10.10
[SwitchL-pim-a] quit
# 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。
[SwitchL] vsi 1
[SwitchL-vsi-1] gateway vsi-interface 1
[SwitchL-vsi-1] quit
(1) 查看VTEP設備上的組播路由信息。
# 查看Switch A上VPN實例a和公網的組播路由信息。
<SwitchA> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:00:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 00:00:31, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 00:00:32
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 00:00:26, Expires: -
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 6 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:03:31
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 00:01:53, Expires: 00:02:38
(2.2.2.2, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -
(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:53
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:53, Expires: -
(4.4.4.4, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -
(5.5.5.5, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -
(1.1.1.1, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:00:51
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 00:00:51, Expires: 00:02:40
# 查看Switch J上VPN實例a和公網的組播路由信息。(Switch B和Switch L的顯示信息與此類似)
<SwitchJ> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 8.8.8.8 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:12:32
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface1
Protocol: igmp, UpTime: 00:12:32, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:12:31, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 8.8.8.8 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:12:30
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:12:21, Expires: -
<SwitchJ> display pim routing-table
Total 0 (*, G) entries; 5 (S, G) entries
(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:19:27
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.68
RPF prime neighbor: 68.68.68.68
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:19:27, Expires: -
(7.7.7.7, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:19:29
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.78
RPF prime neighbor: 78.78.78.78
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:19:29, Expires: -
(8.8.8.8, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:20:26
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface200
Protocol: pim-sm, UpTime: 00:19:29, Expires: 00:02:31
2: Vlan-interface300
Protocol: pim-sm, UpTime: 00:19:27, Expires: 00:02:56
(6.6.6.6, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:18:04
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.68
RPF prime neighbor: 68.68.68.68
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:18:04, Expires: -
(7.7.7.7, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:18:04
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.78
RPF prime neighbor: 78.78.78.78
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:18:04, Expires: -
(2) 查看ED設備上的組播路由信息。
# 查看Switch D上VPN實例a和公網的組播路由信息。(Switch E和Switch F的顯示信息與此類似)
<SwitchD> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:20:48
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:20:48, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:20:48, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:20:47
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: MD, UpTime: 00:20:47, Expires: -
<SwitchD> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:23:32
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:23:32, Expires: -
(2.2.2.2, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:23:27
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:23:27, Expires: -
(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:25:33
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface30
Protocol: pim-sm, UpTime: 00:23:32, Expires: 00:02:58
(1.1.1.1, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:22:31
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:22:31, Expires: -
# 查看Switch D上二層組播路由信息。(Switch F的顯示信息與此類似)
<SwichD> display igmp-snooping evpn-group
Total 0 entries.
# 查看Switch E上二層組播路由信息,可以看到Switch E上存在二層組播路由信息,說明由Switch E轉發組播流量。
<SwichE> display igmp-snooping evpn-group
Total 2 entries.
VSI Auto_L3VNI1000_2: Total 2 entries.
(0.0.0.0, 225.0.0.1)
Host ports (2 in total):
Tun0 (VXLAN ID 1000)
Tun1 (VXLAN ID 1000)
(10.0.0.2, 225.0.0.1)
Host ports (2 in total):
Tun0 (VXLAN ID 1000)
Tun1 (VXLAN ID 1000)
# 查看Switch H上VPN實例a和公網的組播路由信息。可以看出流量由Switch H轉發到DC 2。
<SwitchH> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries
(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:35:01
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface300
Protocol: pim-sm, UpTime: 00:33:54, Expires: 00:02:52
(8.8.8.8, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:33:54
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.86
RPF prime neighbor: 68.68.68.86
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:33:54, Expires: -
(6.6.6.6, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:32:39
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface300
Protocol: pim-sm, UpTime: 00:32:39, Expires: 00:03:13
<SwitchH> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 6.6.6.6 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:32:44
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:32:44, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:32:43, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 6.6.6.6 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT SQ RC SRC-ACT 2MVPN FROMDCI
UpTime: 00:32:44
Upstream interface: Vsi-interface2
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 00:32:35, Expires: -
# 查看Switch I上VPN實例a和公網的組播路由信息。
<SwitchI> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries
(7.7.7.7, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:35:43
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface200
Protocol: pim-sm, UpTime: 00:34:09, Expires: 00:03:21
(8.8.8.8, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:34:09
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.87
RPF prime neighbor: 78.78.78.87
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:34:09, Expires: -
(7.7.7.7, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:32:51
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface200
Protocol: pim-sm, UpTime: 00:32:51, Expires: 00:02:48
<SwitchI> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:32:57
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:32:57, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:32:56, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: SPT 2MSDP NIIF SQ RC SRC-ACT
UpTime: 00:32:57
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:32:57, Expires: -
2: MTunnel1
Protocol: MD, UpTime: 00:32:48, Expires: -
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
