- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
手册下载
H3C交换机与第三方交换机对接操作指导-6W102-整本手册.pdf (2.02 MB)
H3C交换机
与第三方交换机对接操作指导
资料版本:6W102-20231025
Copyright © 2023 新华三技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。
除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。
本文档中的信息可能变动,恕不另行通知。
前 言
本文档主要用来介绍产品与友商设备的对接场景,以及对接参数的配置,指导用户完成对接操作。
前言部分包含如下内容:
· 读者对象
· 本书约定
· 文档使用前提
· 资料意见反馈
本手册主要适用于如下工程师:
· 具有一定网络技术基础的网络规划人员
· 负责网络配置和维护,且具有一定网络技术基础的网络管理员
本书采用各种醒目标志来表示在操作过程中应该特别注意的地方,这些标志的意义如下:
|
|
该标志后的注释需给予格外关注,不当的操作可能会对人身造成伤害。 |
|
|
提醒操作中应注意的事项,不当的操作可能会导致数据丢失或者设备损坏。 |
|
|
为确保设备配置成功或者正常工作而需要特别关注的操作或信息。 |
|
|
对操作内容的描述进行必要的补充和说明。 |
|
|
配置、操作、或使用设备的技巧、小窍门。 |
本书使用的图标及其含义如下:
|
|
该图标及其相关描述文字代表一般网络设备,如路由器、交换机、防火墙等。 |
|
|
该图标及其相关描述文字代表一般意义下的路由器,以及其他运行了路由协议的设备。 |
|
|
该图标及其相关描述文字代表二、三层以太网交换机,以及运行了二层协议的设备。 |
|
|
该图标及其相关描述文字代表无线控制器、无线控制器业务板和有线无线一体化交换机的无线控制引擎设备。 |
|
|
该图标及其相关描述文字代表无线接入点设备。 |
|
|
该图标及其相关描述文字代表无线终结单元。 |
|
|
该图标及其相关描述文字代表无线终结者。 |
|
|
该图标及其相关描述文字代表无线Mesh设备。 |
|
|
该图标代表发散的无线射频信号。 |
|
|
该图标代表点到点的无线射频信号。 |
|
|
该图标及其相关描述文字代表防火墙、UTM、多业务安全网关、负载均衡等安全设备。 |
|
|
该图标及其相关描述文字代表防火墙插卡、负载均衡插卡、NetStream插卡、SSL VPN插卡、IPS插卡、ACG插卡等安全插卡。 |
由于设备型号不同、配置不同、版本升级等原因,可能造成本手册中的内容与用户使用的设备显示信息不一致。实际使用中请以设备显示的内容为准。
本手册中出现的端口编号仅作示例,并不代表设备上实际具有此编号的端口,实际使用中请以设备上存在的端口编号为准。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和本文档中举例的配置不冲突。
如果您在使用过程中发现产品资料的任何问题,可以通过以下方式反馈:
E-mail:info@h3c.com
感谢您的反馈,让我们做得更好!
表1 EVPN/VXLAN互通性分析
|
H3C |
Cisco |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图1所示,H3C Switch A、Switch B为分布式EVPN网关设备,Cisco设备作为RR,负责在交换机之间反射BGP路由。现要求相同VXLAN之间可以二层互通;不同VXLAN之间通过分布式EVPN网关实现三层互通。
图1 采用IBGP模式对接配置组网图
· 配置H3C设备(SwitchA)
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchA] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 创建LoopBack口。
[SwitchA] interface LoopBack 0
[SwitchA-LoopBack0] ip address 2.2.2.2 32
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# 配置underlay网络。
[SwitchA] interface GigabitEthernet 1/0/45
[SwitchA-GigabitEthernet1/0/45] port link-mode route
[SwitchA-GigabitEthernet1/0/45] ip address 13.0.0.1 255.255.255.252
[SwitchA-GigabitEthernet1/0/45] ospf 1 area 0.0.0.0
[SwitchA-GigabitEthernet1/0/45] quit
[SwitchA] interface GigabitEthernet 1/0/47
[SwitchA-GigabitEthernet1/0/47] port link-mode route
[SwitchA-GigabitEthernet1/0/47] ip address 11.0.0.2 255.255.255.252
[SwitchA-GigabitEthernet1/0/47] ospf 1 area 0.0.0.0
[SwitchA-GigabitEthernet1/0/47] quit
# 创建VLAN1001。
[SwitchA] vlan 1001
[SwitchA-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchA] vsi v1
[SwitchA-vsi-v1] arp suppression enable
[SwitchA-vsi-v1] flooding disable all
[SwitchA-vsi-v1] evpn encapsulation vxlan
[SwitchA-vsi-v1-evpn-vxlan] route-distinguisher 2.2.2.2:10001
[SwitchA-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchA-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchA-vsi-v1] vxlan 10001
[SwitchA-vsi-v1-vxlan-10001] quit
[SwitchA-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 65001
[SwitchA-bgp-default] peer 1.1.1.1 as-number 65001
[SwitchA-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口GigabitEthernet1/0/5上创建以太网服务实例1,该实例用来匹配VLAN 1001的数据帧。
[SwitchA] interface gigabitethernet 1/0/5
[SwitchA-GigabitEthernet1/0/5] service-instance 1
[SwitchA-GigabitEthernet1/0/5-srv1] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchA-GigabitEthernet1/0/5-srv1] xconnect vsi v1
[SwitchA-GigabitEthernet1/0/5-srv1] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 2.2.2.2:10001
[SwitchA-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 100.0.0.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 0000-2017-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16777201,在该接口上配置VPN实例vpn1对应的L3VNI为16777201。
[SwitchA] interface vsi-interface 16777201
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 16777201
[SwitchA-Vsi-interface3] quit
# 配置VXLAN10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi v1
[SwitchA-vsi-v1] gateway vsi-interface 1
[SwitchA-vsi-v1] quit
· 配置H3C设备(SwitchB)
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchB] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 创建LoopBack口。
[SwitchB] interface LoopBack 0
[SwitchB-LoopBack0] ip address 3.3.3.3 32
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
# 配置underlay网络。
[SwitchB] interface GigabitEthernet 1/0/45
[SwitchB-GigabitEthernet1/0/45] port link-mode route
[SwitchB-GigabitEthernet1/0/45] ip address 13.0.0.2 255.255.255.252
[SwitchB-GigabitEthernet1/0/45] ospf 1 area 0.0.0.0
[SwitchB-GigabitEthernet1/0/45] quit
[SwitchB] interface GigabitEthernet 1/0/48
[SwitchB-GigabitEthernet1/0/48] port link-mode route
[SwitchB-GigabitEthernet1/0/48] ip address 12.0.0.2 255.255.255.252
[SwitchB-GigabitEthernet1/0/48] ospf 1 area 0.0.0.0
[SwitchB-GigabitEthernet1/0/48] quit
# 创建VLAN1001。
[SwitchB] vlan 1001
[SwitchB-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchB] vsi v1
[SwitchB-vsi-v1] arp suppression enable
[SwitchB-vsi-v1] flooding disable all
[SwitchB-vsi-v1] evpn encapsulation vxlan
[SwitchB-vsi-v1-evpn-vxlan] route-distinguisher 3.3.3.3:10001
[SwitchB-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchB-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchB-vsi-v1] vxlan 10001
[SwitchB-vsi-v1-vxlan-10001] quit
[SwitchB-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 65001
[SwitchB-bgp-default] peer 1.1.1.1 as-number 65001
[SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口GigabitEthernet1/0/5上创建以太网服务实例1,该实例用来匹配VLAN 1001的数据帧。
[SwitchB] interface gigabitethernet 1/0/5
[SwitchB-GigabitEthernet1/0/5] service-instance 1
[SwitchB-GigabitEthernet1/0/5-srv1] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchB-GigabitEthernet1/0/5-srv1] xconnect vsi v1
[SwitchB-GigabitEthernet1/0/5-srv1] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 3.3.3.3:10001
[SwitchB-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchB-vpn-instance-vpn1] address-family evpn
[SwitchB-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchB-vpn-evpn-vpn1] quit
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 100.0.0.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 0000-2017-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16777201,在该接口上配置VPN实例vpn1对应的L3VNI为16777201。
[SwitchB] interface vsi-interface 16777201
[SwitchB-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface3] l3-vni 16777201
[SwitchB-Vsi-interface3] quit
# 配置VXLAN10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi v1
[SwitchB-vsi-v1] gateway vsi-interface 1
[SwitchB-vsi-v1] quit
· 配置Cisco设备
# 如下配置以Nexus9000 93180YC-EX为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2016, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(2)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.2.bin
NXOS compile time: 7/21/2016 8:00:00 [07/21/2016 16:09:32]
Hardware
cisco Nexus9000 93180YC-EX chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 24634044 kB of memory.
Processor Board ID FDO20380BK7
Device name: CN93
bootflash: 53298520 kB
Kernel uptime is 1 day(s), 1 hour(s), 19 minute(s), 35 second(s)
Last reset at 776030 usecs after Wed Sep 20 02:52:01 2017
Reason: Reset Requested by CLI command reload
System version: 7.0(3)I4(2)
Service:
plugin
Core Plugin, Ethernet Plugin
# 切换资源模式。
Cisco# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)# system routing template-vxlan-scale
# 使能相关特性。
Cisco(config)#
Cisco(config)# nv overlay evpn
Cisco(config)# feature ospf
Cisco(config)# feature bgp
Cisco(config)# feature interface-vlan
Cisco(config)# feature lldp
Cisco(config)# feature vn-segment-vlan-based
Cisco(config)# feature nv overlay
# 创建VLAN 101 1001。
Cisco(config)# vlan 101 ,1001
Cisco(config-vlan)# exit
# 网关MAC。
Cisco(config)# fabric forwarding anycast-gateway-mac 0000.2017.0001
# 去使能igmp snooping。
Cisco(config)# no ip igmp snooping
# 创建vn-segment 16777201。
Cisco(config)# vlan 101
Cisco(config-vlan)# vn-segment 16777201
Cisco(config-vlan)# exit
# 创建vn-segment 10001。
Cisco(config)# vlan 1001
Cisco(config-vlan)# vn-segment 10001
Cisco(config-vlan)# exit
# 使能OSPF。
Cisco(config)# router ospf 1
Cisco(config-router)# exit
# 创建VRF。
Cisco(config)# vrf context vpn1
Cisco(config-vrf)# vni 16777201
Cisco(config-vrf)# rd 1.1.1.1:10001
Cisco(config-vrf)# address-family ipv4 unicast
Cisco(config-vrf-af-ipv4)# route-target import 65001:10001
Cisco(config-vrf-af-ipv4)# route-target import 65001:10001 evpn
Cisco(config-vrf-af-ipv4)# route-target export 65001:10001
Cisco(config-vrf-af-ipv4)# route-target export 65001:10001 evpn
Cisco(config-vrf-af-ipv4)# exit
Cisco(config-vrf)# exit
#创建VLAN101虚接口。
Cisco(config)# interface vlan 101
Cisco(config-if)# no shutdown
Cisco(config-if)# vrf member vpn1
Warning: Deleted all L3 config on interface Vlan101
Cisco(config-if)# exit
#创建VLAN1001虚接口。
Cisco(config)# interface vlan 1001
Cisco(config-if)# no shutdown
Cisco(config-if)# vrf member vpn1
Warning: Deleted all L3 config on interface Vlan1001
Cisco(config-if)# ip address 100.0.0.1/24
Cisco(config-if)# fabric forwarding mode anycast-gateway
Cisco(config-if)# exit
# 创建NVE1接口。
Cisco(config)# interface nve1
Cisco(config-if-nve)# no shutdown
Cisco(config-if-nve)# source-interface loopback0
Cisco(config-if-nve)# host-reachability protocol bgp
Cisco(config-if-nve)# member vni 10001
Cisco(config-if-nve-vni)# suppress-arp
Cisco(config-if-nve-vni)# ingress-replication protocol bgp
Cisco(config-if-nve-vni)# exit
Cisco(config-if-nve)# member vni 16777201 associate-vrf
Cisco(config-if-nve)# exit
# 与服务器相连接口配置。
Cisco(config)# interface ethernet 1/5
Cisco(config-if)# switchport
Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport trunk allowed vlan 1001
Cisco(config-if)# no shutdown
Cisco(config-if)# exit
# 配置underlay网络。
Cisco(config)# interface ethernet 1/47
Cisco(config-if)# ip address 11.0.0.1/30
Cisco(config-if)# ip router ospf 1 area 0.0.0.0
Cisco(config-if)# no shutdown
Cisco(config-if)# exit
Cisco(config)# interface ethernet 1/48
Cisco(config-if)# ip address 12.0.0.1/30
Cisco(config-if)# ip router ospf 1 area 0.0.0.0
Cisco(config-if)# no shutdown
Cisco(config-if)# exit
# 创建Loopback0。
Cisco(config)# interface loopback0
Cisco(config-if)# ip address 1.1.1.1/32
Cisco(config-if)# ip router ospf 1 area 0.0.0.0
Cisco(config-if)# exit
# 配置BGP。
Cisco(config)# router bgp 65001
Cisco(config-router)# router-id 1.1.1.1
Cisco(config-router)# address-family l2vpn evpn
Cisco(config-router-af)# neighbor 2.2.2.2
Cisco(config-router-neighbor)# remote-as 65001
Cisco(config-router-neighbor)# update-source loopback 0
Cisco(config-router-neighbor)# address-family ipv4 unicast
Cisco(config-router-neighbor-af)# send-community both
Cisco(config-router-neighbor-af)# route-reflector-client
Cisco(config-router-neighbor-af)# exit
Cisco(config-router-neighbor)# address-family l2vpn evpn
Cisco(config-router-neighbor-af)# send-community both
Cisco(config-router-neighbor-af)# route-reflector-client
Cisco(config-router-neighbor-af)#
Cisco(config-router-neighbor-af)# exit
Cisco(config-router-neighbor)# exit
Cisco(config-router)# neighbor 3.3.3.3
Cisco(config-router-neighbor)# remote-as 65001
Cisco(config-router-neighbor)# update-source loopback 0
Cisco(config-router-neighbor)# address-family ipv4 unicast
Cisco(config-router-neighbor-af)# send-community both
Cisco(config-router-neighbor-af)# route-reflector-client
Cisco(config-router-neighbor-af)# exit
Cisco(config-router-neighbor)# address-family l2vpn evpn
Cisco(config-router-neighbor-af)# send-community both
Cisco(config-router-neighbor-af)# route-reflector-client
Cisco(config-router-neighbor-af)# exit
Cisco(config-router-neighbor)# exit
Cisco(config-router)# exit
# 配置EVPN。
Cisco(config)# evpn
Cisco(config-evpn)# vni 10001 l2
Cisco(config-evpn-evi)# rd 1.1.1.1:10001
Cisco(config-evpn-evi)# route-target both 65001:10001
Cisco(config-evpn-evi)# exit
Cisco(config-evpn)# exit
· H3C设备(SwitchA)
# 验证BGP L2VPN对等体的信息。
[SwitchA] display bgp peer l2vpn evpn
BGP local router ID: 2.2.2.2
Local AS number: 65001
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 65001 168 185 0 8 02:12:37 Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchA] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
3.3.3.3:10001 3.3.3.3 3.3.3.3 VXLAN 10001
# 验证VPN实例对应EVPN的路由表信息。
[SwitchA] display evpn routing-table vpn-instance vpn1
VPN instance: vpn1 Local L3VNI: 16777201
IP address Next hop Outgoing interface NibID
100.0.0.111 1.1.1.1 Vsi-interface16777201 0x18000000
100.0.0.116 3.3.3.3 Vsi-interface16777201 0x18000001
# 验证EVPN的ARP信息。
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VPN instance: vpn1 Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 703d-15b5-1c8d 0 GL
100.0.0.111 0000-1ed4-45a1 006b-f183-c327 0 B
100.0.0.115 0000-32eb-e6bc 703d-15b5-1c8d 0 DL
100.0.0.116 0000-1279-80ce 703d-15b5-1cff 0 B
# 验证IPv4 EVPN的MAC地址信息。
[SwitchA] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VSI name: v1
MAC address Link ID/Name Flags Next hop
0005-0000-0001 Tunnel1 B 1.1.1.1
0000-1279-80ce Tunnel0 B 3.3.3.3
0000-1ed4-45a1 Tunnel1 B 1.1.1.1
# 验证与VXLAN关联的VXLAN隧道的信息。
[SwitchA] display vxlan tunnel
Total number of VXLANs: 2
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
VXLAN ID: 16777201, VSI name: Auto_L3VNI16777201_16777201
# 验证VSI的ARP泛洪抑制表项信息。
[SwitchA] display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
100.0.0.111 0000-1ed4-45a1 v1 0x5000001 N/A
100.0.0.115 0000-32eb-e6bc v1 0x0 16
100.0.0.116 0000-1279-80ce v1 0x5000000 N/A
# 验证VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16777201_16777201
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16777201
VXLAN ID : 16777201
VSI Name: v1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/5 srv1 0 Up Manual
· H3C设备(SwitchB)
# 验证BGP L2VPN对等体的信息。
[SwitchB] display bgp peer l2vpn evpn
BGP local router ID: 3.3.3.3
Local AS number: 65001
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 65001 667 688 0 7 09:50:51 Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchB] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
2.2.2.2:10001 2.2.2.2 2.2.2.2 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchB] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.0/24 Direct 0 0 100.0.0.1 Vsi1
100.0.0.0/32 Direct 0 0 100.0.0.1 Vsi1
100.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.111/32 BGP 255 0 1.1.1.1 Vsi16777201
100.0.0.115/32 BGP 255 0 2.2.2.2 Vsi16777201
100.0.0.255/32 Direct 0 0 100.0.0.1 Vsi1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchB] display evpn routing-table vpn-instance vpn1
VPN instance: vpn1 Local L3VNI: 16777201
IP address Next hop Outgoing interface NibID
100.0.0.111 1.1.1.1 Vsi-interface16777201 0x18000000
100.0.0.115 2.2.2.2 Vsi-interface16777201 0x18000001
# 验证EVPN的ARP信息。
[SwitchB] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VPN instance: vpn1 Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 703d-15b5-1cff 0 GL
100.0.0.111 0000-1ed4-45a1 006b-f183-c327 0 B
100.0.0.115 0000-32eb-e6bc 703d-15b5-1c8d 0 B
100.0.0.116 0000-1279-80ce 703d-15b5-1cff 0 DL
# 验证IPv4 EVPN的MAC地址信息。
[SwitchB] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VSI name: v1
MAC address Link ID/Name Flags Next hop
0005-0000-0001 Tunnel1 B 1.1.1.1
0000-1279-80ce 0 DL -
0000-1ed4-45a1 Tunnel1 B 1.1.1.1
0000-32eb-e6bc Tunnel0 B 2.2.2.2
# 验证与VXLAN关联的VXLAN隧道的信息。
[SwitchB] display vxlan tunnel
Total number of VXLANs: 2
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
VXLAN ID: 16777201, VSI name: Auto_L3VNI16777201_16777201
# 验证VSI的ARP泛洪抑制表项信息。
[SwitchB] display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
100.0.0.111 0000-1ed4-45a1 v1 0x5000001 N/A
100.0.0.116 0000-1279-80ce v1 0x0 11
100.0.0.115 0000-32eb-e6bc v1 0x5000000 N/A
# 验证VSI信息。
[SwitchB] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16777201_16777201
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16777201
VXLAN ID : 16777201
VSI Name: v1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/5 srv1 0 Up Manual
· Cisco设备
# 验证建立的BGP EVPN邻居信息。
Cisco# show bgp l2vpn evpn neighbors
BGP neighbor is 2.2.2.2, remote AS 65001, ibgp link, Peer index 1
BGP version 4, remote router ID 2.2.2.2
BGP state = Established, up for 02:14:17
Using loopback0 as update source for this peer
Last read 00:00:31, hold time = 180, keepalive interval is 60 seconds
Last written 00:00:22, keepalive timer expiry due 00:00:37
Received 194 messages, 0 notifications, 0 bytes in queue
Sent 186 messages, 2 notifications, 0 bytes in queue
Connections established 3, dropped 2
Last reset by us 02:14:29, due to route-reflector configuration change
Last reset by peer never, due to No error
Neighbor capabilities:
Dynamic capability: advertised (mp, refresh, gr)
Dynamic capability (old): advertised
Route refresh capability (new): advertised received
Route refresh capability (old): advertised
4-Byte AS capability: advertised received
Address family IPv4 Unicast: advertised
Address family L2VPN EVPN: advertised received
Graceful Restart capability: advertised
Graceful Restart Parameters:
Address families advertised to peer:
IPv4 Unicast L2VPN EVPN
Address families received from peer:
Forwarding state preserved by peer for:
Restart time advertised to peer: 120 seconds
Stale time for routes advertised by peer: 300 seconds
Extended Next Hop Encoding Capability: advertised
Message statistics:
Sent Rcvd
Opens: 3 3
Notifications: 2 0
Updates: 36 26
Keepalives: 142 157
Route Refresh: 3 8
Capability: 0 0
Total: 186 194
Total bytes: 5677 5698
Bytes in queue: 0 0
For address family: IPv4 Unicast
BGP table version 2, neighbor version 0
0 accepted paths consume 0 bytes of memory
0 sent paths
Community attribute sent to this neighbor
Extended community attribute sent to this neighbor
Third-party Nexthop will not be computed.
Route reflector client
For address family: L2VPN EVPN
BGP table version 76, neighbor version 76
4 accepted paths consume 496 bytes of memory
8 sent paths
Community attribute sent to this neighbor
Extended community attribute sent to this neighbor
Third-party Nexthop will not be computed.
Route reflector client
Local host: 1.1.1.1, Local port: 35453
Foreign host: 2.2.2.2, Foreign port: 179
fd = 76
BGP neighbor is 3.3.3.3, remote AS 65001, ibgp link, Peer index 2
BGP version 4, remote router ID 3.3.3.3
BGP state = Established, up for 02:14:40
Using loopback0 as update source for this peer
Last read 00:00:33, hold time = 180, keepalive interval is 60 seconds
Last written 00:00:13, keepalive timer expiry due 00:00:46
Received 185 messages, 0 notifications, 0 bytes in queue
Sent 185 messages, 2 notifications, 0 bytes in queue
Connections established 3, dropped 2
Last reset by us 02:14:52, due to route-reflector configuration change
Last reset by peer never, due to No error
Neighbor capabilities:
Dynamic capability: advertised (mp, refresh, gr)
Dynamic capability (old): advertised
Route refresh capability (new): advertised received
Route refresh capability (old): advertised
4-Byte AS capability: advertised received
Address family IPv4 Unicast: advertised
Address family L2VPN EVPN: advertised received
Graceful Restart capability: advertised
Graceful Restart Parameters:
Address families advertised to peer:
IPv4 Unicast L2VPN EVPN
Address families received from peer:
Forwarding state preserved by peer for:
Restart time advertised to peer: 120 seconds
Stale time for routes advertised by peer: 300 seconds
Extended Next Hop Encoding Capability: advertised
Message statistics:
Sent Rcvd
Opens: 3 3
Notifications: 2 0
Updates: 40 22
Keepalives: 137 152
Route Refresh: 3 8
Capability: 0 0
Total: 185 185
Total bytes: 6589 5220
Bytes in queue: 0 0
For address family: IPv4 Unicast
BGP table version 2, neighbor version 0
0 accepted paths consume 0 bytes of memory
0 sent paths
Community attribute sent to this neighbor
Extended community attribute sent to this neighbor
Third-party Nexthop will not be computed.
Route reflector client
For address family: L2VPN EVPN
BGP table version 76, neighbor version 76
4 accepted paths consume 496 bytes of memory
8 sent paths
Community attribute sent to this neighbor
Extended community attribute sent to this neighbor
Third-party Nexthop will not be computed.
Route reflector client
Local host: 1.1.1.1, Local port: 40155
Foreign host: 3.3.3.3, Foreign port: 179
fd = 77
# 验证NVE Peer的详细信息。
Cisco# show nve peers detail
Details of nve Peers:
----------------------------------------
Peer-Ip: 2.2.2.2
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:45:50
Router-Mac : 703d.15b5.1c8d
Peer First VNI : 16777201
Time since Create : 00:45:50
Configured VNIs : 10001,16777201
Provision State : add-complete
Route-Update : Yes
Peer Flags : RmacL2Rib, TunnelPD, DisableLearn
Learnt CP VNIs : 10001,16777201
Peer-ifindex-resp : Yes
----------------------------------------
Peer-Ip: 3.3.3.3
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:45:50
Router-Mac : 703d.15b5.1cff
Peer First VNI : 16777201
Time since Create : 00:45:50
Configured VNIs : 10001,16777201
Provision State : add-complete
Route-Update : Yes
Peer Flags : RmacL2Rib, TunnelPD, DisableLearn
Learnt CP VNIs : 10001,16777201
Peer-ifindex-resp : Yes
----------------------------------------
# 验证NVE VNI信息。
Cisco# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 10001 UnicastBGP Up CP L2 [1001] SA
nve1 16777201 n/a Up CP L3 [vpn1]
# 验证NVE VRF信息。
Cisco# show nve vrf
VRF-Name VNI Interface Gateway-MAC
------------ ---------- --------- -----------------
vpn1 16777201 nve1 006b.f183.c327
# 验证NVE VXLAN参数信息。
Cisco# show nve vxlan-params
VxLAN Dest. UDP Port: 4789
# 验证VXLAN信息。
Cisco# show vxlan
Vlan VN-Segment
==== ==========
101 16777201
1001 10001
# 验证L2VPN EVPN的BGP信息。
Cisco# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 88, local router ID is 1.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:10001 (L2VNI 10001)
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[0]:[0.0.0.0]/216
3.3.3.3 0 100 0 i
*>l[2]:[0]:[0]:[48]:[0000.1ed4.45a1]:[0]:[0.0.0.0]/216
1.1.1.1 100 32768 i
*>i[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[0]:[0.0.0.0]/216
2.2.2.2 0 100 0 i
*>l[2]:[0]:[0]:[48]:[0005.0000.0001]:[0]:[0.0.0.0]/216
1.1.1.1 100 32768 i
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[32]:[100.0.0.116]/272
3.3.3.3 0 100 0 i
*>l[2]:[0]:[0]:[48]:[0000.1ed4.45a1]:[32]:[100.0.0.111]/272
1.1.1.1 100 32768 i
*>i[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[32]:[100.0.0.115]/272
2.2.2.2 0 100 0 i
*>l[3]:[0]:[32]:[1.1.1.1]/88
1.1.1.1 100 32768 i
Route Distinguisher: 2.2.2.2:10001
*>i[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[0]:[0.0.0.0]/216
2.2.2.2 0 100 0 i
*>i[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[32]:[100.0.0.115]/272
2.2.2.2 0 100 0 i
*>i[3]:[0]:[32]:[2.2.2.2]/88
2.2.2.2 0 100 0 i
*>i[5]:[0]:[0]:[24]:[100.0.0.0]:[0.0.0.0]/224
2.2.2.2 0 100 0 i
Route Distinguisher: 3.3.3.3:10001
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[0]:[0.0.0.0]/216
3.3.3.3 0 100 0 i
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[32]:[100.0.0.116]/272
3.3.3.3 0 100 0 i
*>i[3]:[0]:[32]:[3.3.3.3]/88
3.3.3.3 0 100 0 i
*>i[5]:[0]:[0]:[24]:[100.0.0.0]:[0.0.0.0]/224
3.3.3.3 0 100 0 i
Route Distinguisher: 1.1.1.1:10001 (L3VNI 16777201)
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[0]:[0.0.0.0]/216
3.3.3.3 0 100 0 i
*>i[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[0]:[0.0.0.0]/216
2.2.2.2 0 100 0 i
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[32]:[100.0.0.116]/272
3.3.3.3 0 100 0 i
*>i[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[32]:[100.0.0.115]/272
2.2.2.2 0 100 0 i
# 验证二层路由的EVPN MAC。
Cisco# show l2route evpn mac all
Topology Mac Address Prod Next Hop (s)
----------- -------------- ------ ---------------
101 703d.15b5.1c8d VXLAN 2.2.2.2
101 703d.15b5.1cff VXLAN 3.3.3.3
1001 0000.1279.80ce BGP 3.3.3.3
1001 0000.1ed4.45a1 Local Eth1/5
1001 0000.32eb.e6bc BGP 2.2.2.2
1001 0005.0000.0001 Local Eth1/5
# 验证二层路由的EVPN MAC-IP路由。
Cisco# show l2route evpn mac-ip all
Topology ID Mac Address Prod Host IP Next Hop
(s)
----------- -------------- ---- --------------------------------------- --------
-------
1001 0000.1ed4.45a1 HMM 100.0.0.111 N/A
1001 0000.32eb.e6bc BGP 100.0.0.115 2.2.2.2
1001 0000.1279.80ce BGP 100.0.0.116 3.3.3.3
# 验证ARP抑制缓存详细信息。
Cisco# show ip arp suppression-cache detail
Flags: + - Adjacencies synced via CFSoE
L - Local Adjacency
R - Remote Adjacency
L2 - Learnt over L2 interface
Ip Address Age Mac Address Vlan Physical-ifindex Flags
100.0.0.111 00:10:00 0000.1ed4.45a1 1001 Ethernet1/5 L
100.0.0.116 01:05:23 0000.1279.80ce 1001 (null) R
100.0.0.115 01:05:17 0000.32eb.e6bc 1001 (null) R
# 验证指定VPN1的路由信息。
Cisco# show ip route vrf vpn1
IP Route Table for VRF "vpn1"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
100.0.0.0/24, ubest/mbest: 1/0, attached
*via 100.0.0.1, Vlan1001, [0/0], 07:51:12, direct
100.0.0.1/32, ubest/mbest: 1/0, attached
*via 100.0.0.1, Vlan1001, [0/0], 07:51:12, local
100.0.0.111/32, ubest/mbest: 1/0, attached
*via 100.0.0.111, Vlan1001, [190/0], 07:37:29, hmm
100.0.0.115/32, ubest/mbest: 1/0
*via 2.2.2.2%default, [200/0], 07:36:52, bgp-65001, internal, tag 65001 (evp
n) segid: 16777201 tunnelid: 0x2020202 encap: VXLAN
100.0.0.116/32, ubest/mbest: 1/0
*via 3.3.3.3%default, [200/0], 07:36:58, bgp-65001, internal, tag 65001 (evp
n) segid: 16777201 tunnelid: 0x3030303 encap: VXLAN
如图2所示,H3C Switch A、H3C Switch B和Cisco设备均为分布式EVPN网关。现要求相同VXLAN之间可以二层互通,不同VXLAN之间通过分布式EVPN网关实现三层互通。
图2 采用EBGP模式对接配置组网图
· 配置H3C设备(SwitchA)
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchA] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 创建LoopBack口。
[SwitchA] interface LoopBack 0
[SwitchA-LoopBack0] ip address 2.2.2.2 32
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# 配置underlay网络。
[SwitchA] interface GigabitEthernet 1/0/45
[SwitchA-GigabitEthernet1/0/45] port link-mode route
[SwitchA-GigabitEthernet1/0/45] ip address 13.0.0.1 255.255.255.252
[SwitchA-GigabitEthernet1/0/45] ospf 1 area 0.0.0.0
[SwitchA-GigabitEthernet1/0/45] quit
[SwitchA] interface GigabitEthernet 1/0/47
[SwitchA-GigabitEthernet1/0/47] port link-mode route
[SwitchA-GigabitEthernet1/0/47] ip address 11.0.0.2 255.255.255.252
[SwitchA-GigabitEthernet1/0/47] ospf 1 area 0.0.0.0
[SwitchA-GigabitEthernet1/0/47] quit
# 创建VLAN1001。
[SwitchA] vlan 1001
[SwitchA-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchA] vsi v1
[SwitchA-vsi-v1] arp suppression enable
[SwitchA-vsi-v1] flooding disable all
[SwitchA-vsi-v1] evpn encapsulation vxlan
[SwitchA-vsi-v1-evpn-vxlan] route-distinguisher 2.2.2.2:10001
[SwitchA-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchA-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchA-vsi-v1] vxlan 10001
[SwitchA-vsi-v1-vxlan-10001] quit
[SwitchA-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 2000
[SwitchA-bgp-default] peer 1.1.1.1 as-number 1000
[SwitchA-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchA-bgp-default] peer 1.1.1.1 ebgp-max-hop 10
[SwitchA-bgp-default] peer 3.3.3.3 as-number 1000
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] peer 3.3.3.3 ebgp-max-hop 10
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口GigabitEthernet1/0/5上创建以太网服务实例1,该实例用来匹配VLAN 1001的数据帧。
[SwitchA] interface gigabitethernet 1/0/5
[SwitchA-GigabitEthernet1/0/5] service-instance 1
[SwitchA-GigabitEthernet1/0/5-srv1] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchA-GigabitEthernet1/0/5-srv1] xconnect vsi v1
[SwitchA-GigabitEthernet1/0/5-srv1] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 2.2.2.2:10001
[SwitchA-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 100.0.0.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 0000-2017-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16777201,在该接口上配置VPN实例vpn1对应的L3VNI为16777201。
[SwitchA] interface vsi-interface 16777201
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 16777201
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi v1
[SwitchA-vsi-v1] gateway vsi-interface 1
[SwitchA-vsi-v1] quit
· 配置H3C设备(SwitchB)
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchB] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 创建LoopBack口。
[SwitchB] interface LoopBack 0
[SwitchB-LoopBack0] ip address 3.3.3.3 32
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
# 配置underlay网络。
[SwitchB] interface GigabitEthernet 1/0/45
[SwitchB-GigabitEthernet1/0/45] port link-mode route
[SwitchB-GigabitEthernet1/0/45] ip address 13.0.0.2 255.255.255.252
[SwitchB-GigabitEthernet1/0/45] ospf 1 area 0.0.0.0
[SwitchB-GigabitEthernet1/0/45] quit
[SwitchB] interface GigabitEthernet 1/0/48
[SwitchB-GigabitEthernet1/0/48] port link-mode route
[SwitchB-GigabitEthernet1/0/48] ip address 12.0.0.2 255.255.255.252
[SwitchB-GigabitEthernet1/0/48] ospf 1 area 0.0.0.0
[SwitchB-GigabitEthernet1/0/48] quit
# 创建VLAN1001。
[SwitchB] vlan 1001
[SwitchB-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchB] vsi v1
[SwitchB-vsi-v1] arp suppression enable
[SwitchB-vsi-v1] flooding disable all
[SwitchB-vsi-v1] evpn encapsulation vxlan
[SwitchB-vsi-v1-evpn-vxlan] route-distinguisher 3.3.3.3:10001
[SwitchB-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchB-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchB-vsi-v1] vxlan 10001
[SwitchB-vsi-v1-vxlan-10001] quit
[SwitchB-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 1000
[SwitchB-bgp-default] peer 1.1.1.1 as-number 1000
[SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchB-bgp-default] peer 2.2.2.2 as-number 2000
[SwitchB-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchB-bgp-default] peer 2.2.2.2 ebgp-max-hop 10
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchB-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口GigabitEthernet1/0/5上创建以太网服务实例1,该实例用来匹配VLAN 1001的数据帧。
[SwitchB] interface gigabitethernet 1/0/5
[SwitchB-GigabitEthernet1/0/5] service-instance 1
[SwitchB-GigabitEthernet1/0/5-srv1] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchB-GigabitEthernet1/0/5-srv1] xconnect vsi v1
[SwitchB-GigabitEthernet1/0/5-srv1] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 3.3.3.3:10001
[SwitchB-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchB-vpn-instance-vpn1] address-family evpn
[SwitchB-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchB-vpn-evpn-vpn1] quit
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 100.0.0.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 0000-2017-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16777201,在该接口上配置VPN实例vpn1对应的L3VNI为16777201。
[SwitchB] interface vsi-interface 16777201
[SwitchB-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface3] l3-vni 16777201
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi v1
[SwitchB-vsi-v1] gateway vsi-interface 1
[SwitchB-vsi-v1] quit
· 配置Cisco设备
# 如下配置以Nexus9000 93180YC-EX为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2016, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(2)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.2.bin
NXOS compile time: 7/21/2016 8:00:00 [07/21/2016 16:09:32]
Hardware
cisco Nexus9000 93180YC-EX chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 24634044 kB of memory.
Processor Board ID FDO20380BK7
Device name: CN93
bootflash: 53298520 kB
Kernel uptime is 1 day(s), 1 hour(s), 19 minute(s), 35 second(s)
Last reset at 776030 usecs after Wed Sep 20 02:52:01 2017
Reason: Reset Requested by CLI command reload
System version: 7.0(3)I4(2)
Service:
plugin
Core Plugin, Ethernet Plugin
#切换资源模式。
Cisco# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Cisco(config)# system routing template-vxlan-scale
# 使能相关特性。
Cisco(config)# nv overlay evpn
Cisco(config)# feature ospf
Cisco(config)# feature bgp
Cisco(config)# feature interface-vlan
Cisco(config)# feature lldp
Cisco(config)# feature vn-segment-vlan-based
Cisco(config)# feature nv overlay
# 创建VLAN 101 1001。
Cisco(config)# vlan 101 ,1001
Cisco(config-vlan)# exit
# 配置网关MAC。
Cisco(config)# fabric forwarding anycast-gateway-mac 0000.2017.0001
# 去使能igmp snooping。
Cisco(config)# no ip igmp snooping
# 创建vn-segment 16777201。
Cisco(config)# vlan 101
Cisco(config-vlan)# vn-segment 16777201
Cisco(config-vlan)# exit
# 创建vn-segment 10001。
Cisco(config)# vlan 1001
Cisco(config-vlan)# vn-segment 10001
Cisco(config-vlan)# exit
# 使能OSPF。
Cisco(config)# router ospf 1
Cisco(config-router)# exit
# 创建VRF。
Cisco(config)# vrf context vpn1
Cisco(config-vrf)# vni 16777201
Cisco(config-vrf)# rd 1.1.1.1:10001
Cisco(config-vrf)# address-family ipv4 unicast
Cisco(config-vrf-af-ipv4)# route-target import 65001:10001
Cisco(config-vrf-af-ipv4)# route-target import 65001:10001 evpn
Cisco(config-vrf-af-ipv4)# route-target export 65001:10001
Cisco(config-vrf-af-ipv4)# route-target export 65001:10001 evpn
Cisco(config-vrf-af-ipv4)# exit
Cisco(config-vrf)# exit
#创建VLAN101虚接口。
Cisco(config)# interface vlan 101
Cisco(config-if)# no shutdown
Cisco(config-if)# vrf member vpn1
Warning: Deleted all L3 config on interface Vlan101
Cisco(config-if)# exit
#创建VLAN1001虚接口。
Cisco(config)# interface vlan 1001
Cisco(config-if)# no shutdown
Cisco(config-if)# vrf member vpn1
Warning: Deleted all L3 config on interface Vlan1001
Cisco(config-if)# ip address 100.0.0.1/24
Cisco(config-if)# fabric forwarding mode anycast-gateway
Cisco(config-if)# exit
# 创建nve1接口。
Cisco(config)# interface nve1
Cisco(config-if-nve)# no shutdown
Cisco(config-if-nve)# source-interface loopback0
Cisco(config-if-nve)# host-reachability protocol bgp
Cisco(config-if-nve)# member vni 10001
Cisco(config-if-nve-vni)# suppress-arp
Cisco(config-if-nve-vni)# ingress-replication protocol bgp
Cisco(config-if-nve-vni)# exit
Cisco(config-if-nve)# member vni 16777201 associate-vrf
Cisco(config-if-nve)# exit
# 与服务器相连接口配置。
Cisco(config)# interface ethernet 1/5
Cisco(config-if)# switchport
Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport trunk allowed vlan 1001
Cisco(config-if)# no shutdown
Cisco(config-if)# exit
# 配置underlay网络。
Cisco(config)# interface ethernet 1/47
Cisco(config-if)# ip address 11.0.0.1/30
Cisco(config-if)# ip router ospf 1 area 0.0.0.0
Cisco(config-if)# no shutdown
Cisco(config-if)# exit
Cisco(config)# interface ethernet 1/48
Cisco(config-if)# ip address 12.0.0.1/30
Cisco(config-if)# ip router ospf 1 area 0.0.0.0
Cisco(config-if)# no shutdown
Cisco(config-if)# exit
# 创建Loopback0。
Cisco(config)# interface loopback0
Cisco(config-if)# ip address 1.1.1.1/32
Cisco(config-if)# ip router ospf 1 area 0.0.0.0
Cisco(config-if)# exit
# 配置BGP。
Cisco(config)# router bgp 1000
Cisco(config-router)# router-id 1.1.1.1
Cisco(config-router)# address-family l2vpn evpn
Cisco(config-router-af)# neighbor 2.2.2.2
Cisco(config-router-neighbor)# remote-as 2000
Cisco(config-router-neighbor)# update-source loopback 0
Cisco(config-router-neighbor)# ebgp-multihop 10
Cisco(config-router-neighbor)# address-family ipv4 unicast
Cisco(config-router-neighbor-af)# send-community both
Cisco(config-router-neighbor-af)# exit
Cisco(config-router-neighbor)# address-family l2vpn evpn
Cisco(config-router-neighbor-af)# send-community both
Cisco(config-router-neighbor-af)# exit
Cisco(config-router-neighbor)# exit
Cisco(config-router)# neighbor 3.3.3.3
Cisco(config-router-neighbor)# remote-as 1000
Cisco(config-router-neighbor)# update-source loopback 0
Cisco(config-router-neighbor)# address-family ipv4 unicast
Cisco(config-router-neighbor-af)# send-community both
Cisco(config-router-neighbor-af)# exit
Cisco(config-router-neighbor)# address-family l2vpn evpn
Cisco(config-router-neighbor-af)# send-community both
Cisco(config-router-neighbor-af)# exit
Cisco(config-router-neighbor)# exit
Cisco(config-router)# exit
# 配置EVPN。
Cisco(config)# evpn
Cisco(config-evpn)# vni 10001 l2
Cisco(config-evpn-evi)# rd 1.1.1.1:10001
Cisco(config-evpn-evi)# route-target both 65001:10001
Cisco(config-evpn-evi)# exit
Cisco(config-evpn)# exit
· H3C设备(SwitchA)
# 验证BGP L2VPN对等体信息。
[SwitchA] display bgp peer l2vpn evpn
BGP local router ID: 2.2.2.2
Local AS number: 2000
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 1000 17 20 0 8 00:06:19 Established
3.3.3.3 1000 20 17 0 8 00:08:47 Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchA] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
3.3.3.3:10001 3.3.3.3 3.3.3.3 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchA] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.0/24 Direct 0 0 100.0.0.1 Vsi1
100.0.0.0/32 Direct 0 0 100.0.0.1 Vsi1
100.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.111/32 BGP 255 0 3.3.3.3 Vsi16777201
100.0.0.116/32 BGP 255 0 3.3.3.3 Vsi16777201
100.0.0.255/32 Direct 0 0 100.0.0.1 Vsi1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchA] display evpn routing-table vpn-instance vpn1
VPN instance: vpn1 Local L3VNI: 16777201
IP address Next hop Outgoing interface NibID
100.0.0.111 3.3.3.3 Vsi-interface16777201 0x18000000
100.0.0.116 3.3.3.3 Vsi-interface16777201 0x18000000
# 验证EVPN的ARP信息。
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VPN instance: vpn1 Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 703d-15b5-1c8d 0 GL
100.0.0.111 0000-1ed4-45a1 006b-f183-c327 0 B
100.0.0.115 0000-32eb-e6bc 703d-15b5-1c8d 0 DL
100.0.0.116 0000-1279-80ce 703d-15b5-1cff 0 B
# 验证IPv4 EVPN的MAC地址信息。
[SwitchA] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VSI name: v1
MAC address Link ID/Name Flags Next hop
0005-0000-0001 Tunnel0 B 3.3.3.3
0000-1ed4-45a1 Tunnel0 B 3.3.3.3
0000-1279-80ce Tunnel0 B 3.3.3.3
# 验证与VXLAN关联的VXLAN隧道的信息。
[SwitchA] display vxlan tunnel
Total number of VXLANs: 2
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
VXLAN ID: 16777201, VSI name: Auto_L3VNI16777201_16777201
# 验证VSI的ARP泛洪抑制表项信息。
[SwitchA] display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
100.0.0.115 0000-32eb-e6bc v1 0x0 7
100.0.0.116 0000-1279-80ce v1 0x5000000 N/A
100.0.0.111 0000-1ed4-45a1 v1 0x5000000 N/A
# 验证VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16777201_16777201
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16777201
VXLAN ID : 16777201
VSI Name: v1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
ACs:
AC Link ID State Type
GE1/0/5 srv1 0 Up Manual
# 验证BGP L2VPN对等体的信息。
[SwitchA] display bgp l2vpn evpn
BGP local router ID is 2.2.2.2
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 16
Route distinguisher: 1.1.1.1:10001
Total number of routes: 8
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e [2][0][48][0000-1ed4-45a1][0][0.0.0.0]/104
3.3.3.3 0 1000i
* e 1.1.1.1 0 1000i
* >e [2][0][48][0000-1ed4-45a1][32][100.0.0.111]/136
3.3.3.3 0 1000i
* e 1.1.1.1 0 1000i
* >e [2][0][48][0005-0000-0001][0][0.0.0.0]/104
3.3.3.3 0 1000i
* e 1.1.1.1 0 1000i
* >e [3][0][32][1.1.1.1]/80
3.3.3.3 0 1000i
* e 1.1.1.1 0 1000i
Route distinguisher: 2.2.2.2:10001(vpn1)
Total number of routes: 5
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e [2][0][48][0000-1279-80ce][32][100.0.0.116]/136
3.3.3.3 0 0 1000i
* >e [2][0][48][0000-1ed4-45a1][32][100.0.0.111]/136
3.3.3.3 0 1000i
* > [2][0][48][0000-32eb-e6bc][32][100.0.0.115]/136
0.0.0.0 0 100 32768 i
* > [3][0][32][2.2.2.2]/80
0.0.0.0 0 100 32768 i
* > [5][0][24][100.0.0.0]/80
0.0.0.0 0 100 32768 i
Route distinguisher: 3.3.3.3:10001
Total number of routes: 8
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e [2][0][48][0000-1279-80ce][0][0.0.0.0]/104
3.3.3.3 0 0 1000i
* e 1.1.1.1 0 1000i
* >e [2][0][48][0000-1279-80ce][32][100.0.0.116]/136
3.3.3.3 0 0 1000i
* e 1.1.1.1 0 1000i
* >e [3][0][32][3.3.3.3]/80
3.3.3.3 0 0 1000i
* e 1.1.1.1 0 1000i
* >e [5][0][24][100.0.0.0]/80
3.3.3.3 0 0 1000i
* e 1.1.1.1 0 1000i
· H3C设备(SwitchB)
# 验证BGP L2VPN对等体信息。
[SwitchB] display bgp peer l2vpn evpn
BGP local router ID: 3.3.3.3
Local AS number: 1000
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 1000 22 25 0 8 00:11:02 Established
2.2.2.2 2000 22 24 0 4 00:12:15 Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchB] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
2.2.2.2:10001 2.2.2.2 2.2.2.2 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchB] display ip routing-table vpn-instance vpn1
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.0/24 Direct 0 0 100.0.0.1 Vsi1
100.0.0.0/32 Direct 0 0 100.0.0.1 Vsi1
100.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.111/32 BGP 255 0 1.1.1.1 Vsi16777201
100.0.0.115/32 BGP 255 0 2.2.2.2 Vsi16777201
100.0.0.255/32 Direct 0 0 100.0.0.1 Vsi1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchB] display evpn routing-table vpn-instance vpn1
VPN instance: vpn1 Local L3VNI: 16777201
IP address Next hop Outgoing interface NibID
100.0.0.111 1.1.1.1 Vsi-interface16777201 0x18000001
100.0.0.115 2.2.2.2 Vsi-interface16777201 0x18000000
# 验证EVPN的ARP信息。
[SwitchB] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VPN instance: vpn1 Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 703d-15b5-1cff 0 GL
100.0.0.111 0000-1ed4-45a1 006b-f183-c327 0 B
100.0.0.115 0000-32eb-e6bc 703d-15b5-1c8d 0 B
100.0.0.116 0000-1279-80ce 703d-15b5-1cff 0 DL
# 验证IPv4 EVPN的MAC地址信息。
[SwitchB] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VSI name: v1
MAC address Link ID/Name Flags Next hop
0005-0000-0001 Tunnel1 B 1.1.1.1
0000-1ed4-45a1 Tunnel1 B 1.1.1.1
0000-32eb-e6bc Tunnel0 B 2.2.2.2
0000-1279-80ce 0 DL -
# 验证与VXLAN关联的VXLAN隧道信息。
[SwitchB] display vxlan tunnel
Total number of VXLANs: 2
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
VXLAN ID: 16777201, VSI name: Auto_L3VNI16777201_16777201
# 验证VSI的ARP泛洪抑制表项信息。
[SwitchB] display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
100.0.0.116 0000-1279-80ce v1 0x0 24
100.0.0.115 0000-32eb-e6bc v1 0x5000000 N/A
100.0.0.111 0000-1ed4-45a1 v1 0x5000001 N/A
# 验证VSI信息。
[SwitchB] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16777201_16777201
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16777201
VXLAN ID : 16777201
VSI Name: v1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
ACs:
AC Link ID State Type
GE1/0/5 srv1 0 Up Manual
# 验证BGP EVPN路由信息。
[SwitchB] display bgp l2vpn evpn
BGP local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 12
Route distinguisher: 1.1.1.1:10001
Total number of routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [2][0][48][0000-1ed4-45a1][0][0.0.0.0]/104
1.1.1.1 100 0 i
* >i [2][0][48][0000-1ed4-45a1][32][100.0.0.111]/136
1.1.1.1 100 0 i
* >i [2][0][48][0005-0000-0001][0][0.0.0.0]/104
1.1.1.1 100 0 i
* >i [3][0][32][1.1.1.1]/80
1.1.1.1 100 0 i
Route distinguisher: 2.2.2.2:10001
Total number of routes: 8
Network NextHop MED LocPrf PrefVal Path/Ogn
* >e [2][0][48][0000-32eb-e6bc][0][0.0.0.0]/104
2.2.2.2 0 0 2000i
* i 2.2.2.2 0 100 0 2000i
* >e [2][0][48][0000-32eb-e6bc][32][100.0.0.115]/136
2.2.2.2 0 0 2000i
* i 2.2.2.2 0 100 0 2000i
* >e [3][0][32][2.2.2.2]/80
2.2.2.2 0 0 2000i
* i 2.2.2.2 0 100 0 2000i
* >e [5][0][24][100.0.0.0]/80
2.2.2.2 0 0 2000i
* i 2.2.2.2 0 100 0 2000i
Route distinguisher: 3.3.3.3:10001(vpn1)
Total number of routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [2][0][48][0000-1279-80ce][0][0.0.0.0]/104
0.0.0.0 0 100 32768 i
* > [2][0][48][0000-1279-80ce][32][100.0.0.116]/136
0.0.0.0 0 100 32768 i
* >i [2][0][48][0000-1ed4-45a1][32][100.0.0.111]/136
1.1.1.1 100 0 i
* >e [2][0][48][0000-32eb-e6bc][32][100.0.0.115]/136
2.2.2.2 0 0 2000i
* > [3][0][32][3.3.3.3]/80
0.0.0.0 0 100 32768 i
* > [5][0][24][100.0.0.0]/80
0.0.0.0 0 100 32768 i
· Cisco设备
# 验证建立的BGP EVPN邻居信息。
Cisco# show bgp l2vpn evpn neighbors
BGP neighbor is 2.2.2.2, remote AS 2000, ebgp link, Peer index 2
BGP version 4, remote router ID 2.2.2.2
BGP state = Established, up for 00:13:21
Using loopback0 as update source for this peer
External BGP peer might be upto 10 hops away
Last read 00:00:52, hold time = 180, keepalive interval is 60 seconds
Last written 00:00:20, keepalive timer expiry due 00:00:39
Received 29 messages, 0 notifications, 0 bytes in queue
Sent 27 messages, 1 notifications, 0 bytes in queue
Connections established 2, dropped 1
Last reset by us 00:13:33, due to address-family configuration change
Last reset by peer never, due to No error
Neighbor capabilities:
Dynamic capability: advertised (mp, refresh, gr)
Dynamic capability (old): advertised
Route refresh capability (new): advertised received
Route refresh capability (old): advertised
4-Byte AS capability: advertised received
Address family IPv4 Unicast: advertised
Address family L2VPN EVPN: advertised received
Graceful Restart capability: advertised
Graceful Restart Parameters:
Address families advertised to peer:
IPv4 Unicast L2VPN EVPN
Address families received from peer:
Forwarding state preserved by peer for:
Restart time advertised to peer: 120 seconds
Stale time for routes advertised by peer: 300 seconds
Extended Next Hop Encoding Capability: advertised
Message statistics:
Sent Rcvd
Opens: 2 2
Notifications: 1 0
Updates: 8 12
Keepalives: 16 15
Route Refresh: 0 0
Capability: 0 0
Total: 27 29
Total bytes: 1111 1592
Bytes in queue: 0 0
For address family: IPv4 Unicast
BGP table version 2, neighbor version 0
0 accepted paths consume 0 bytes of memory
0 sent paths
Community attribute sent to this neighbor
Extended community attribute sent to this neighbor
For address family: L2VPN EVPN
BGP table version 46, neighbor version 46
4 accepted paths consume 496 bytes of memory
8 sent paths
Community attribute sent to this neighbor
Extended community attribute sent to this neighbor
Local host: 1.1.1.1, Local port: 56082
Foreign host: 2.2.2.2, Foreign port: 179
fd = 78
BGP neighbor is 3.3.3.3, remote AS 1000, ibgp link, Peer index 1
BGP version 4, remote router ID 3.3.3.3
BGP state = Established, up for 00:14:35
Using loopback0 as update source for this peer
Last read 00:00:47, hold time = 180, keepalive interval is 60 seconds
Last written 00:00:34, keepalive timer expiry due 00:00:25
Received 30 messages, 0 notifications, 0 bytes in queue
Sent 28 messages, 1 notifications, 0 bytes in queue
Connections established 2, dropped 1
Last reset by us 00:14:48, due to address-family configuration change
Last reset by peer never, due to No error
Neighbor capabilities:
Dynamic capability: advertised (mp, refresh, gr)
Dynamic capability (old): advertised
Route refresh capability (new): advertised received
Route refresh capability (old): advertised
4-Byte AS capability: advertised received
Address family IPv4 Unicast: advertised
Address family L2VPN EVPN: advertised received
Graceful Restart capability: advertised
Graceful Restart Parameters:
Address families advertised to peer:
IPv4 Unicast L2VPN EVPN
Address families received from peer:
Forwarding state preserved by peer for:
Restart time advertised to peer: 120 seconds
Stale time for routes advertised by peer: 300 seconds
Extended Next Hop Encoding Capability: advertised
Message statistics:
Sent Rcvd
Opens: 2 2
Notifications: 1 0
Updates: 8 11
Keepalives: 17 17
Route Refresh: 0 0
Capability: 0 0
Total: 28 30
Total bytes: 1213 1497
Bytes in queue: 0 0
For address family: IPv4 Unicast
BGP table version 2, neighbor version 0
0 accepted paths consume 0 bytes of memory
0 sent paths
Community attribute sent to this neighbor
Extended community attribute sent to this neighbor
Third-party Nexthop will not be computed.
For address family: L2VPN EVPN
BGP table version 46, neighbor version 46
8 accepted paths consume 992 bytes of memory
8 sent paths
Community attribute sent to this neighbor
Extended community attribute sent to this neighbor
Third-party Nexthop will not be computed.
Local host: 1.1.1.1, Local port: 54671
Foreign host: 3.3.3.3, Foreign port: 179
fd = 77
# 验证NVE Peer的详细信息。
Cisco# show nve peers detail
Details of nve Peers:
----------------------------------------
Peer-Ip: 2.2.2.2
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:14:55
Router-Mac : 703d.15b5.1c8d
Peer First VNI : 10001
Time since Create : 00:14:55
Configured VNIs : 10001,16777201
Provision State : add-complete
Route-Update : Yes
Peer Flags : RmacL2Rib, TunnelPD, DisableLearn
Learnt CP VNIs : 10001,16777201
Peer-ifindex-resp : Yes
----------------------------------------
Peer-Ip: 3.3.3.3
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:14:55
Router-Mac : 703d.15b5.1cff
Peer First VNI : 16777201
Time since Create : 00:14:55
Configured VNIs : 10001,16777201
Provision State : add-complete
Route-Update : Yes
Peer Flags : RmacL2Rib, TunnelPD, DisableLearn
Learnt CP VNIs : 10001,16777201
Peer-ifindex-resp : Yes
----------------------------------------
# 验证NVE VNI的详细信息。
Cisco# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 10001 UnicastBGP Up CP L2 [1001] SA
nve1 16777201 n/a Up CP L3 [vpn1]
# 验证NVE VRF的详细信息。
Cisco# show nve vrf
VRF-Name VNI Interface Gateway-MAC
------------ ---------- --------- -----------------
vpn1 16777201 nve1 006b.f183.c327
# 验证NVE VXlAN参数信息。
Cisco# show nve vxlan-params
VxLAN Dest. UDP Port: 4789
# 验证VXLAN信息。
Cisco# show vxlan
Vlan VN-Segment
==== ==========
101 16777201
1001 10001
# 验证L2VPN EVPN的BGP信息。
Cisco# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 52, local router ID is 1.1.1.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 1.1.1.1:10001 (L2VNI 10001)
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[0]:[0.0.0.0]/216
3.3.3.3 0 100 0 i
*>l[2]:[0]:[0]:[48]:[0000.1ed4.45a1]:[0]:[0.0.0.0]/216
1.1.1.1 100 32768 i
*>l[2]:[0]:[0]:[48]:[0005.0000.0001]:[0]:[0.0.0.0]/216
1.1.1.1 100 32768 i
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[32]:[100.0.0.116]/272
3.3.3.3 0 100 0 i
*>l[2]:[0]:[0]:[48]:[0000.1ed4.45a1]:[32]:[100.0.0.111]/272
1.1.1.1 100 32768 i
*>e[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[32]:[100.0.0.115]/272
2.2.2.2 0 0 2000 i
*>l[3]:[0]:[32]:[1.1.1.1]/88
1.1.1.1 100 32768 i
*>e[3]:[0]:[32]:[2.2.2.2]/88
2.2.2.2 0 0 2000 i
*>i[3]:[0]:[32]:[3.3.3.3]/88
3.3.3.3 0 100 0 i
* e[5]:[0]:[0]:[24]:[100.0.0.0]:[0.0.0.0]/224
2.2.2.2 0 0 2000 i
*>i 3.3.3.3 0 100 0 i
Route Distinguisher: 2.2.2.2:10001
x i[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[0]:[0.0.0.0]/216
2.2.2.2 0 100 0 2000 i
x e 2.2.2.2 0 0 2000 i
*>e[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[32]:[100.0.0.115]/272
2.2.2.2 0 0 2000 i
* i 2.2.2.2 0 100 0 2000 i
*>e[3]:[0]:[32]:[2.2.2.2]/88
2.2.2.2 0 0 2000 i
* i 2.2.2.2 0 100 0 2000 i
*>e[5]:[0]:[0]:[24]:[100.0.0.0]:[0.0.0.0]/224
2.2.2.2 0 0 2000 i
* i 2.2.2.2 0 100 0 2000 i
Route Distinguisher: 3.3.3.3:10001
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[0]:[0.0.0.0]/216
3.3.3.3 0 100 0 i
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[32]:[100.0.0.116]/272
3.3.3.3 0 100 0 i
*>i[3]:[0]:[32]:[3.3.3.3]/88
3.3.3.3 0 100 0 i
*>i[5]:[0]:[0]:[24]:[100.0.0.0]:[0.0.0.0]/224
3.3.3.3 0 100 0 i
Route Distinguisher: 1.1.1.1:10001 (L3VNI 16777201)
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[0]:[0.0.0.0]/216
3.3.3.3 0 100 0 i
*>i[2]:[0]:[0]:[48]:[0000.1279.80ce]:[32]:[100.0.0.116]/272
3.3.3.3 0 100 0 i
*>e[2]:[0]:[0]:[48]:[0000.32eb.e6bc]:[32]:[100.0.0.115]/272
2.2.2.2 0 0 2000 i
*>e[3]:[0]:[32]:[2.2.2.2]/88
2.2.2.2 0 0 2000 i
*>i[3]:[0]:[32]:[3.3.3.3]/88
3.3.3.3 0 100 0 i
* e[5]:[0]:[0]:[24]:[100.0.0.0]:[0.0.0.0]/224
2.2.2.2 0 0 2000 i
*>i 3.3.3.3 0 100 0 i
# 验证二层路由的EVPN MAC。
Cisco# show l2route evpn mac all
Topology Mac Address Prod Next Hop (s)
----------- -------------- ------ ---------------
101 703d.15b5.1c8d VXLAN 2.2.2.2
101 703d.15b5.1cff VXLAN 3.3.3.3
1001 0000.1279.80ce BGP 3.3.3.3
1001 0000.1ed4.45a1 Local Eth1/5
1001 0000.32eb.e6bc BGP 2.2.2.2
1001 0005.0000.0001 Local Eth1/5
# 验证二层路由的EVPN MAC-IP。
Cisco# show l2route evpn mac-ip all
Topology ID Mac Address Prod Host IP Next Hop
(s)
----------- -------------- ---- --------------------------------------- --------
-------
1001 0000.1ed4.45a1 HMM 100.0.0.111 N/A
1001 0000.32eb.e6bc BGP 100.0.0.115 2.2.2.2
1001 0000.1279.80ce BGP 100.0.0.116 3.3.3.3
# 验证ARP抑制缓存详细信息。
Cisco# show ip arp suppression-cache detail
Flags: + - Adjacencies synced via CFSoE
L - Local Adjacency
R - Remote Adjacency
L2 - Learnt over L2 interface
Ip Address Age Mac Address Vlan Physical-ifindex Flags
100.0.0.111 00:08:06 0000.1ed4.45a1 1001 Ethernet1/5 L
100.0.0.116 00:16:12 0000.1279.80ce 1001 (null) R
100.0.0.115 00:14:57 0000.32eb.e6bc 1001 (null) R
# 验证指定VPN1的路由信息。
Cisco# show ip route vrf vpn1
IP Route Table for VRF "vpn1"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>
100.0.0.0/24, ubest/mbest: 1/0, attached
*via 100.0.0.1, Vlan1001, [0/0], 08:47:51, direct
100.0.0.1/32, ubest/mbest: 1/0, attached
*via 100.0.0.1, Vlan1001, [0/0], 08:47:51, local
100.0.0.111/32, ubest/mbest: 1/0, attached
*via 100.0.0.111, Vlan1001, [190/0], 08:34:08, hmm
100.0.0.115/32, ubest/mbest: 1/0
*via 2.2.2.2%default, [20/0], 00:15:05, bgp-1000, external, tag 2000 (evpn)
segid: 16777201 tunnelid: 0x2020202 encap: VXLAN
100.0.0.116/32, ubest/mbest: 1/0
*via 3.3.3.3%default, [200/0], 00:16:20, bgp-1000, internal, tag 1000 (evpn)
segid: 16777201 tunnelid: 0x3030303 encap: VXLAN
表2 EVPN/VXLAN互通性分析
|
H3C |
华为 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图3所示,H3C SwitchA、SwitchB为分布式EVPN网关设备,华为设备作为RR,负责在交换机之间反射BGP路由。现要求相同VXLAN之间可以二层互通;不同VXLAN之间通过分布式EVPN网关实现三层互通。
图3 采用IBGP模式对接配置组网图
· 配置H3C设备(SwitchA)
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchA] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 创建LoopBack口。
[SwitchA] interface LoopBack 0
[SwitchA-LoopBack0] ip address 2.2.2.2 32
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# 配置underlay网络。
[SwitchA] interface HundredGigE 1/0/3
[SwitchA-HundredGigE1/0/3] ip address 31.1.1.1 255.255.255.0
[SwitchA-HundredGigE1/0/3] ospf 1 area 0.0.0.0
[SwitchA-HundredGigE1/0/3] quit
[SwitchA]interface HundredGigE 1/0/6
[SwitchA-HundredGigE1/0/6] ip address 61.1.1.1 24
[SwitchA-HundredGigE1/0/6] ospf 1 area 0
[SwitchA-HundredGigE1/0/6] quit
# 创建VLAN1001。
[SwitchA] vlan 1001
[SwitchA-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchA] vsi v1
[SwitchA-vsi-v1] arp suppression enable
[SwitchA-vsi-v1] flooding disable all
[SwitchA-vsi-v1] evpn encapsulation vxlan
[SwitchA-vsi-v1-evpn-vxlan] route-distinguisher 2.2.2.2:10001
[SwitchA-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchA-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchA-vsi-v1] vxlan 10001
[SwitchA-vsi-v1-vxlan-10001] quit
[SwitchA-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 1.1.1.1 as-number 100
[SwitchA-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口HundredGigE1/0/20上创建以太网服务实例1,该实例用来匹配VLAN1001的数据帧。
[SwitchA] interface HundredGigE 1/0/20
[SwitchA-HundredGigE1/0/20] service-instance 1
[SwitchA-HundredGigE1/0/20-srv1000] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchA-HundredGigE1/0/20-srv1000] xconnect vsi v1
[SwitchA-HundredGigE1/0/20-srv1000] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 2.2.2.2:10001
[SwitchA-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 100.0.0.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 0000-2017-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16383,在该接口上配置VPN实例vpn1对应的L3VNI为16383。
[SwitchA] interface vsi-interface 16383
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 16383
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi v1
[SwitchA-vsi-v1] gateway vsi-interface 1
[SwitchA-vsi-v1] quit
· 配置H3C设备(SwitchB)
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchB] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 创建LoopBack口。
[SwitchB] interface LoopBack 0
[SwitchB-LoopBack0] ip address 3.3.3.3 32
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
[SwitchB]
# 配置underlay网络。
[SwitchB] interface HundredGigE 1/0/2
[SwitchB-HundredGigE1/0/2] ip address 21.0.0.1 24
[SwitchB-HundredGigE1/0/2] ospf 1 area 0.0.0.0
[SwitchB-HundredGigE1/0/2] quit
[SwitchB]interface HundredGigE 1/0/6
[SwitchB-HundredGigE1/0/6] ip address 61.1.1.2 24
[SwitchB-HundredGigE1/0/6] ospf 1 area 0.0.0.0
[SwitchB-HundredGigE1/0/6] quit
# 创建VLAN1001。
[SwitchB] vlan 1001
[SwitchB-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchB] vsi v1
[SwitchB-vsi-v1] arp suppression enable
[SwitchB-vsi-v1] flooding disable all
[SwitchB-vsi-v1] evpn encapsulation vxlan
[SwitchB-vsi-v1-evpn-vxlan] route-distinguisher 3.3.3.3:10001
[SwitchB-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchB-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchB-vsi-v1] vxlan 10001
[SwitchB-vsi-v1-vxlan-10001] quit
[SwitchB-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 1.1.1.1 as-number 100
[SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口HundredGigE1/0/20上创建以太网服务实例1,该实例用来匹配VLAN1001的数据帧。
[SwitchB] interface HundredGigE 1/0/20
[SwitchB-HundredGigE1/0/20] service-instance 1
[SwitchB-HundredGigE1/0/20-srv1000] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchB-HundredGigE1/0/20-srv1000] xconnect vsi v1
[SwitchB-HundredGigE1/0/20-srv1000] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 3.3.3.3:10001
[SwitchB-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchB-vpn-instance-vpn1] address-family evpn
[SwitchB-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchB-vpn-evpn-vpn1] quit
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 100.0.0.1 24
[SwitchB-Vsi-interface1] mac-address 0000-2017-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16383,在该接口上配置VPN实例vpn1对应的L3VNI为16383。
[SwitchB] interface vsi-interface 16383
[SwitchB-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface3] l3-vni 16383
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi v1
[SwitchB-vsi-v1] gateway vsi-interface 1
[SwitchB-vsi-v1] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 配置OSPF。
<HUAWEI> sys immediately
Enter system view, return user view with return command.
[HUAWEI] ospf 1
[HUAWEI-ospf-1-area-0.0.0.0] quit
[HUAWEI-ospf-1] quit
# 配置underlay网络。
[HUAWEI] interface 100GE 1/0/1
[HUAWEI-100GE1/0/1] undo portswitch
[HUAWEI-100GE1/0/1] ip address 31.1.1.2 24
[HUAWEI-100GE1/0/1] ospf enable 1 area 0
[HUAWEI-100GE1/0/1] quit
[HUAWEI] interface 100GE 1/0/2
[HUAWEI-100GE1/0/2] undo portswitch
[HUAWEI-100GE1/0/2] ip address 21.1.1.2 24
[HUAWEI-100GE1/0/2] ospf enable 1 area 0
[HUAWEI-100GE1/0/2] quit
# 创建LoopBack口。
[HUAWEI]interface LoopBack 0
[HUAWEI-LoopBack0] ip address 1.1.1.1 32
[HUAWEI-LoopBack0] ospf enable 1 area 0
[HUAWEI-LoopBack0] quit
# 使能EVPN作VXLAN控制平面功能。
[HUAWEI] evpn-overlay enable
# 配置BGP发布EVPN路由。
[HUAWEI] bgp 100
[HUAWEI-bgp] peer 2.2.2.2 as-number 100
[HUAWEI-bgp] peer 2.2.2.2 connect-interface LoopBack 0
[HUAWEI-bgp] peer 3.3.3.3 as-number 100
[HUAWEI-bgp] peer 3.3.3.3 connect-interface LoopBack 0
[HUAWEI-bgp] l2vpn-family evpn
[HUAWEI-bgp-af-evpn] peer 2.2.2.2 enable
Warning: This operation will reset the peer session. Continue? [Y/N]:y
[HUAWEI-bgp-af-evpn] peer 2.2.2.2 reflect-client
[HUAWEI-bgp-af-evpn] peer 3.3.3.3 enable
Warning: This operation will reset the peer session. Continue? [Y/N]:y
[HUAWEI-bgp-af-evpn] peer 3.3.3.3 reflect-client
[HUAWEI-bgp-af-evpn] undo policy vpn-target
[HUAWEI-bgp-af-evpn] quit
[HUAWEI-bgp] quit
# 创建VLAN1001。
[HUAWEI] vlan 1001
[HUAWEI-vlan1001] quit
# 配置业务接入点。
[HUAWEI] bridge-domain 1001
[HUAWEI-bd1001] quit
[HUAWEI] interface 100GE 1/0/6.1 mode l2
[HUAWEI-100GE1/0/6.1] encapsulation dot1q vid 1001
[HUAWEI-100GE1/0/6.1] bridge-domain 1001
[HUAWEI-100GE1/0/6.1] quit
# 配置VPN实例和EVPN实例。
[HUAWEI] ip vpn-instance vpn1
[HUAWEI-vpn-instance-vpn1] vxlan vni 16383
[HUAWEI-vpn-instance-vpn1] ipv4-family
[HUAWEI-vpn-instance-vpn1-af-ipv4] route-distinguisher 1.1.1.1:10001
[HUAWEI-vpn-instance-vpn1-af-ipv4] vpn-target 65001:10001
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[HUAWEI-vpn-instance-vpn1-af-ipv4]vpn-target 65001:10001 evpn
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[HUAWEI-vpn-instance-vpn1-af-ipv4] quit
[HUAWEI-vpn-instance-vpn1] quit
[HUAWEI] bridge-domain 1001
[HUAWEI-bd1001] vxlan vni 10001
[HUAWEI-bd1001] evpn
[HUAWEI-bd1001-evpn] route-distinguisher 1.1.1.1:10001
[HUAWEI-bd1001-evpn] vpn-target 65001:10001
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[HUAWEI-bd1001-evpn] quit
[HUAWEI-bd1001] quit
# 使能头端复制功能。
[HUAWEI] int Nve 1
Info: Ensure that the IP addresses and MAC addresses of the NVE interfaces on Devices are the same, as they are dual-active gateways using M-LAG.
[HUAWEI-Nve1] source 1.1.1.1
[HUAWEI-Nve1] vni 10001 head-end peer-list protocol bgp
[HUAWEI-Nve1] quit
# 配置业务环回接口,配置VXLAN三层网关。
[HUAWEI] int Eth-Trunk 1
[HUAWEI-Eth-Trunk1] service type tunnel
[HUAWEI-Eth-Trunk1] quit
[HUAWEI] int 100 1/0/5
[HUAWEI-100GE1/0/5] eth-trunk 1
[HUAWEI-100GE1/0/5] quit
[HUAWEI] int Vbdif 1001
[HUAWEI-Vbdif10] ip binding vpn-instance vpn1
Info: All IPv4 and IPv6 related configurations on this interface are removed.
[HUAWEI-Vbdif10] ip address 100.0.0.1 24
[HUAWEI-Vbdif10] mac-address 0000-2017-0001
Info: When configuring IP and MAC addresses on a VBDIF interface to implement M-LAG dual-active gateways, you must configure a virtual MAC address.
[HUAWEI-Vbdif10] arp distribute-gateway enable
[HUAWEI-Vbdif10] arp collect host enable
[HUAWEI-Vbdif10] quit
· H3C设备(SwitchA)
# 验证BGP L2VPN对等体信息。
[SwitchA] display bgp peer l2vpn evpn
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 100 3053 2675 0 5 0043h54m Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchA] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
3.3.3.3:10001 61.1.1.2 3.3.3.3 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchA] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.0/24 Direct 0 0 100.0.0.1 Vsi1
100.0.0.0/32 Direct 0 0 100.0.0.1 Vsi1
100.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.102/32 BGP 255 0 3.3.3.3 Vsi16383
100.0.0.255/32 Direct 0 0 100.0.0.1 Vsi1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchA] display evpn routing-table vpn-instance vpn1
Flags: E - with valid ESI A - AD ready L - Local ES exists
VPN instance:vpn1 Local L3VNI:16383
IP address Nexthop Outgoing interface NibID Flags
100.0.0.102 3.3.3.3 Vsi-interface16383 0x18000000 -
# 验证EVPN的ARP信息。
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VPN instance: vpn1 Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 78aa-8233-2201 0 GL
100.0.0.101 0010-9400-0001 78aa-8233-2201 0 DL
100.0.0.102 0010-9400-0002 741f-4aa1-2508 0 B
# 验证IPv4 EVPN的MAC地址信息。
[SwitchA] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VSI name: v1
MAC address : 0010-9400-0001
Link ID/Name : 0x0
Flags : DL
Encap : VXLAN
Next hop : -
Color : -
MAC address : 0000-2017-0001
Link ID/Name : Tunnel1
Flags : BS
Encap : VXLAN
Next hop : 1.1.1.1
Color : -
MAC address : 0010-9400-0002
Link ID/Name : Tunnel0
Flags : B
Encap : VXLAN
Next hop : 3.3.3.3
Color : -
# 验证与VXLAN关联的VXLAN隧道信息。
[SwitchA] display vxlan tunnel
Total number of VXLANs: 2
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel Name Link ID State Type Flood Proxy
Tunnel0 0x50000000 UP Auto Disabled
Tunnel1 0x50000001 UP Auto Disabled
VXLAN ID: 16383, VSI name: Auto_L3VNI16383_16383
# 验证VSI的ARP泛洪抑制表项信息。
[SwitchA]display arp suppression vsi
IP address MAC address VSI Name Link ID Aging(min)
100.0.0.101 0010-9400-0001 v1 0x0 22
100.0.0.102 0010-9400-0002 v1 0x50000000 N/A
# 验证VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16383_16383
VSI Index : 16383
VSI State : Down
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy Mode : Slave
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16383
VXLAN ID : 16383
VSI Name: v1
VSI Index : 0
VSI State : Up
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy Mode : Slave
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood Proxy
Tunnel0 0x50000000 UP Auto Disabled
Tunnel1 0x50000001 UP Auto Disabled
ACs:
AC Link ID State Type
HGE1/0/20 srv1 0x0 Up Manual
Statistics: Disabled
· H3C设备(SwitchB)
# 验证BGP L2VPN对等体信息。
[SwitchB] display bgp peer l2vpn evpn
BGP local router ID: 61.1.1.2
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 100 3253 3047 0 6 0046h35m Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchB] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
2.2.2.2:10001 2.2.2.2 2.2.2.2 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchB] display ip routing-table vpn-instance vpn1
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.0/24 Direct 0 0 100.0.0.1 Vsi1
100.0.0.0/32 Direct 0 0 100.0.0.1 Vsi1
100.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.101/32 BGP 255 0 2.2.2.2 Vsi16383
100.0.0.255/32 Direct 0 0 100.0.0.1 Vsi1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchB] display evpn routing-table vpn-instance vpn1
Flags: E - with valid ESI A - AD ready L - Local ES exists
VPN instance:vpn1 Local L3VNI:16383
IP address Nexthop Outgoing interface NibID Flags
100.0.0.101 2.2.2.2 Vsi-interface16383 0x18000000 -
# 验证EVPN的ARP信息。
[SwitchB] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
VPN instance: vpn1 Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 741f-4aa1-2508 0 GL
100.0.0.101 0010-9400-0001 78aa-8233-2201 0 B
100.0.0.102 0010-9400-0002 741f-4aa1-2508 0 DL
# 验证IPv4 EVPN的MAC地址信息。
[SwitchB] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
VSI name: v1
MAC address Link ID/Name Flags Nexthop
0000-2017-0001 Tunnel1 BS 1.1.1.1
0010-9400-0001 Tunnel0 B 2.2.2.2
# 验证与VXLAN关联的VXLAN隧道信息。
[SwitchB] display vxlan tunnel
Total number of VXLANs: 2
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
VXLAN ID: 16383, VSI name: Auto_L3VNI16383_16383
# 验证VSI信息。
[SwitchB] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16383_16383
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16383
VXLAN ID : 16383
VSI Name: v1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
ACs:
AC Link ID State Type
HGE1/0/20 srv1 0 Up Manual
· 华为设备
# 验证BGP EVPN对等体信息。
[HUAWEI] display bgp evpn peer
Status codes: * - Dynamic
BGP local router ID : 1.1.1.1
Local AS number : 100
Total number of peers : 2
Peers in established state : 2
Total number of dynamic peers : 0
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 100 2848 3248 0 0046h31m Established 3
3.3.3.3 4 100 3041 3247 0 0046h31m Established 3
# 验证指定实例的EVPN信息。
[HUAWEI] display evpn vpn-instance name 1001
EVPN-Instance Name RD Address-family
1001 1.1.1.1:10001 evpn
# 验证指定实例的路由信息。
[HUAWEI] display ip routing-table vpn-instance vpn1
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
100.0.0.0/24 Direct 0 0 D 100.0.0.1 Vbdif1001
100.0.0.1/32 Direct 0 0 D 127.0.0.1 Vbdif1001
100.0.0.101/32 IBGP 255 0 RD 2.2.2.2 VXLAN
100.0.0.102/32 IBGP 255 0 RD 3.3.3.3 VXLAN
100.0.0.255/32 Direct 0 0 D 127.0.0.1 Vbdif1001
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# 验证VXLAN隧道。
[HUAWEI] display vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531842 1.1.1.1 2.2.2.2 up dynamic 0046h01m
4026531843 1.1.1.1 3.3.3.3 up dynamic 0046h01m
如图4所示,H3C SwitchA、SwitchB和华为设备均为分布式EVPN网关。现要求相同VXLAN之间可以二层互通,不同VXLAN之间通过分布式EVPN网关实现三层互通。
图4 采用EBGP模式对接配置组网图
· 配置H3C设备(SwitchA)
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchA] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 创建LoopBack口。
[SwitchA] interface LoopBack 0
[SwitchA-LoopBack0] ip address 2.2.2.2 32
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# 配置underlay网络。
[SwitchA] interface HundredGigE 1/0/3
[SwitchA-HundredGigE1/0/3] ip address 31.1.1.1 255.255.255.0
[SwitchA-HundredGigE1/0/3] ospf 1 area 0.0.0.0
[SwitchA-HundredGigE1/0/3] quit
[SwitchA]interface HundredGigE 1/0/6
[SwitchA-HundredGigE1/0/6] ip address 61.1.1.1 24
[SwitchA-HundredGigE1/0/6] ospf 1 area 0
[SwitchA-HundredGigE1/0/6] quit
# 创建VLAN1001。
[SwitchA] vlan 1001
[SwitchA-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchA] vsi v1
[SwitchA-vsi-v1] arp suppression enable
[SwitchA-vsi-v1] flooding disable all
[SwitchA-vsi-v1] evpn encapsulation vxlan
[SwitchA-vsi-v1-evpn-vxlan] route-distinguisher 2.2.2.2:10001
[SwitchA-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchA-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchA-vsi-v1] vxlan 10001
[SwitchA-vsi-v1-vxlan-10001] quit
[SwitchA-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 1.1.1.1 as-number 200
[SwitchA-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchA-bgp-default] peer 1.1.1.1 ebgp-max-hop 10
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] peer 3.3.3.3 ebgp-max-hop 10
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口HundredGigE1/0/20上创建以太网服务实例1,该实例用来匹配VLAN 1001的数据帧。
[SwitchA] interface HundredGigE 1/0/20
[SwitchA-HundredGigE1/0/20] service-instance 1
[SwitchA-HundredGigE1/0/20-srv1000] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchA-HundredGigE1/0/20-srv1000] xconnect vsi v1
[SwitchA-HundredGigE1/0/20-srv1000] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 2.2.2.2:10001
[SwitchA-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 100.0.0.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 0000-2017-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16383,在该接口上配置VPN实例vpn1对应的L3VNI为16383。
[SwitchA] interface vsi-interface 16383
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 16383
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi v1
[SwitchA-vsi-v1] gateway vsi-interface 1
[SwitchA-vsi-v1] quit
· 配置H3C设备(SwitchB)
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchB] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 创建LoopBack口。
[SwitchB] interface LoopBack 0
[SwitchB-LoopBack0] ip address 3.3.3.3 32
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
# 配置underlay网络。
[SwitchB] interface HundredGigE 1/0/2
[SwitchB-HundredGigE1/0/2] ip address 21.0.0.1 24
[SwitchB-HundredGigE1/0/2] ospf 1 area 0.0.0.0
[SwitchB-HundredGigE1/0/2] quit
[SwitchB] interface HundredGigE 1/0/6
[SwitchB-HundredGigE1/0/6] ip address 61.1.1.2 24
[SwitchB-HundredGigE1/0/6] ospf 1 area 0.0.0.0
[SwitchB-HundredGigE1/0/6] quit
# 创建VLAN1001。
[SwitchB] vlan 1001
[SwitchB-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchB] vsi v1
[SwitchB-vsi-v1] arp suppression enable
[SwitchB-vsi-v1] flooding disable all
[SwitchB-vsi-v1] evpn encapsulation vxlan
[SwitchB-vsi-v1-evpn-vxlan] route-distinguisher 3.3.3.3:10001
[SwitchB-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchB-vsi-v1-evpn-vxlan] quit
# 创建VXLAN 10001。
[SwitchB-vsi-v1] vxlan 10001
[SwitchB-vsi-v1-vxlan-10001] quit
[SwitchB-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 1.1.1.1 as-number 200
[SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchB-bgp-default] peer 2.2.2.2 as-number 100
[SwitchB-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchB-bgp-default] peer 2.2.2.2 ebgp-max-hop 10
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchB-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口HundredGigE1/0/20上创建以太网服务实例1,该实例用来匹配VLAN 1001的数据帧。
[SwitchB] interface HundredGigE 1/0/20
[SwitchB-HundredGigE1/0/20] service-instance 1
[SwitchB-HundredGigE1/0/20-srv1000] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchB-HundredGigE1/0/20-srv1000] xconnect vsi v1
[SwitchB-HundredGigE1/0/20-srv1000] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 3.3.3.3:10001
[SwitchB-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchB-vpn-instance-vpn1] address-family evpn
[SwitchB-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchB-vpn-evpn-vpn1] quit
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 100.0.0.1 24
[SwitchB-Vsi-interface1] mac-address 0000-2017-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16383,在该接口上配置VPN实例vpn1对应的L3VNI为16383。
[SwitchB] interface vsi-interface 16383
[SwitchB-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface3] l3-vni 16383
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi v1
[SwitchB-vsi-v1] gateway vsi-interface 1
[SwitchB-vsi-v1] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 配置OSPF。
<HUAWEI>system immediately
Enter system view, return user view with return command.
[HUAWEI] ospf 1
[HUAWEI-ospf-1-area-0.0.0.0] quit
[HUAWEI-ospf-1] quit
# 配置underlay网络。
[HUAWEI] interface 100GE 1/0/1
[HUAWEI-100GE1/0/1] undo portswitch
[HUAWEI-100GE1/0/1] ip address 31.1.1.2 24
[HUAWEI-100GE1/0/1] ospf enable 1 area 0
[HUAWEI-100GE1/0/1] quit
[HUAWEI] interface 100GE 1/0/2
[HUAWEI-100GE1/0/2] undo portswitch
[HUAWEI-100GE1/0/2] ip address 21.1.1.2 24
[HUAWEI-100GE1/0/2] ospf enable 1 area 0
[HUAWEI-100GE1/0/2] quit
# 创建LoopBack口。
[HUAWEI] interface LoopBack 0
[HUAWEI-LoopBack0] ip address 1.1.1.1 32
[HUAWEI-LoopBack0] ospf enable 1 area 0
[HUAWEI-LoopBack0] quit
# 使能EVPN作VXLAN控制平面功能。
[HUAWEI] evpn-overlay enable
# 配置BGP发布EVPN路由。
[HUAWEI] bgp 200
[HUAWEI-bgp] peer 2.2.2.2 as-number 100
[HUAWEI-bgp] peer 2.2.2.2 connect-interface LoopBack 0
[HUAWEI-bgp] peer 2.2.2.2 ebgp-max-hop 10
[HUAWEI-bgp] peer 3.3.3.3 as-number 200
[HUAWEI-bgp] peer 3.3.3.3 connect-interface LoopBack 0
[HUAWEI-bgp] l2vpn-family evpn
[HUAWEI-bgp-af-evpn] peer 2.2.2.2 enable
Warning: This operation will reset the peer session. Continue? [Y/N]:y
[HUAWEI-bgp-af-evpn] peer 3.3.3.3 enable
Warning: This operation will reset the peer session. Continue? [Y/N]:y
[HUAWEI-bgp-af-evpn] undo policy vpn-target
[HUAWEI-bgp-af-evpn] quit
[HUAWEI-bgp] quit
# 创建VLAN1001。
[HUAWEI] vlan 1001
[HUAWEI-vlan1001] quit
# 配置业务接入点。
[HUAWEI] bridge-domain 1001
[HUAWEI-bd1001] quit
[HUAWEI] interface 100GE 1/0/6.1 mode l2
[HUAWEI-100GE1/0/6.1] encapsulation dot1q vid 1001
[HUAWEI-100GE1/0/6.1] bridge-domain 1001
[HUAWEI-100GE1/0/6.1] quit
# 配置VPN实例和EVPN实例。
[HUAWEI] ip vpn-instance vpn1
[HUAWEI-vpn-instance-vpn1] vxlan vni 16383
[HUAWEI-vpn-instance-vpn1] ipv4-family
[HUAWEI-vpn-instance-vpn1-af-ipv4] route-distinguisher 1.1.1.1:10001
[HUAWEI-vpn-instance-vpn1-af-ipv4] vpn-target 65001:10001
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[HUAWEI-vpn-instance-vpn1-af-ipv4]vpn-target 65001:10001 evpn
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[HUAWEI-vpn-instance-vpn1-af-ipv4] quit
[HUAWEI-vpn-instance-vpn1] quit
[HUAWEI] bridge-domain 1001
[HUAWEI-bd1001] vxlan vni 10001
[HUAWEI-bd1001] evpn
[HUAWEI-bd1001-evpn] route-distinguisher 1.1.1.1:10001
[HUAWEI-bd1001-evpn] vpn-target 65001:10001
IVT Assignment result:
Info: VPN-Target assignment is successful.
EVT Assignment result:
Info: VPN-Target assignment is successful.
[HUAWEI-bd1001-evpn] quit
[HUAWEI-bd1001] quit
# 使能头端复制功能。
[HUAWEI] interfce Nve 1
Info: Ensure that the IP addresses and MAC addresses of the NVE interfaces on Devices are the same, as they are dual-active gateways using M-LAG.
[HUAWEI-Nve1] source 1.1.1.1
[HUAWEI-Nve1] vni 10001 head-end peer-list protocol bgp
[HUAWEI-Nve1] quit
# 配置业务环回接口,配置VXLAN三层网关。
[HUAWEI] interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1] service type tunnel
[HUAWEI-Eth-Trunk1] quit
[HUAWEI]interface 100GE 1/0/5
[HUAWEI-100GE1/0/5] eth-trunk 1
[HUAWEI-100GE1/0/5] quit
[HUAWEI] interface Vbdif 1001
[HUAWEI-Vbdif10] ip binding vpn-instance vpn1
Info: All IPv4 and IPv6 related configurations on this interface are removed.
[HUAWEI-Vbdif10] ip address 100.0.0.1 24
[HUAWEI-Vbdif10] mac-address 0000-2017-0001
Info: When configuring IP and MAC addresses on a VBDIF interface to implement M-LAG dual-active gateways, you must configure a virtual MAC address.
[HUAWEI-Vbdif10] arp distribute-gateway enable
[HUAWEI-Vbdif10] arp collect host enable
[HUAWEI-Vbdif10] quit
· H3C设备(SwitchA)
# 验证BGP L2VPN对等体信息。
[SwitchA] display bgp peer l2vpn evpn
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 200 5 14 0 2 00:00:44 Established
3.3.3.3 200 9 9 0 5 00:00:53 Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchA] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 3.3.3.3 VXLAN 10001
3.3.3.3:10001 61.1.1.2 3.3.3.3 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchA] display ip routing-table vpn-instance vpn1
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.0/24 Direct 0 0 100.0.0.1 Vsi1
100.0.0.0/32 Direct 0 0 100.0.0.1 Vsi1
100.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.102/32 BGP 255 0 3.3.3.3 Vsi16383
100.0.0.255/32 Direct 0 0 100.0.0.1 Vsi1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchA] display evpn routing-table vpn-instance vpn1
Flags: E - with valid ESI A - AD ready L - Local ES exists
VPN instance:vpn1 Local L3VNI:16383
IP address Nexthop Outgoing interface NibID Flags
100.0.0.102 3.3.3.3 Vsi-interface16383 0x18000000 -
# 验证EVPN的ARP信息。
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VPN instance: vpn1 Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 78aa-8233-2201 0 GL
100.0.0.101 0010-9400-0001 78aa-8233-2201 0 DL
100.0.0.102 0010-9400-0002 741f-4aa1-2508 0 B
# 验证IPv4 EVPN的MAC地址信息。
[SwitchA] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VSI name: v1
MAC address : 0010-9400-0001
Link ID/Name : 0x0
Flags : DL
Encap : VXLAN
Next hop : -
Color : -
MAC address : 0010-9400-0002
Link ID/Name : Tunnel0
Flags : B
Encap : VXLAN
Next hop : 3.3.3.3
Color : -
MAC address : 0000-2017-0001
Link ID/Name : Tunnel0
Flags : BS
Encap : VXLAN
Next hop : 3.3.3.3
Color : -
# 验证与VXLAN关联的VXLAN隧道信息。
[SwitchA] display vxlan tunnel
Total number of VXLANs: 2
VXLAN ID: 10001, VSI name: v1, Total tunnels: 1 (1 up, 0 down, 0 defect, 0 blocked)
Tunnel Name Link ID State Type Flood Proxy
Tunnel0 0x50000000 UP Auto Disabled
VXLAN ID: 16383, VSI name: Auto_L3VNI16383_16383
[SwitchA]dis arp suppression vsi
IP address MAC address VSI Name Link ID Aging(min)
100.0.0.101 0010-9400-0001 v1 0x0 24
100.0.0.102 0010-9400-0002 v1 0x50000000 N/A
# 验证VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16383_16383
VSI Index : 16383
VSI State : Down
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy Mode : Slave
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16383
VXLAN ID : 16383
VSI Name: v1
VSI Index : 0
VSI State : Up
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy Mode : Slave
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood Proxy
Tunnel0 0x50000000 UP Auto Disabled
ACs:
AC Link ID State Type
HGE1/0/20 srv1 0x0 Up Manual
Statistics: Disabled
· H3C设备(SwitchB)
# 验证BGP L2VPN对等体信息。
[SwitchB] display bgp peer l2vpn evpn
BGP local router ID: 61.1.1.2
Local AS number: 200
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 200 27 41 0 2 00:14:58 Established
2.2.2.2 100 20 18 0 3 00:08:48 Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchB] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
2.2.2.2:10001 2.2.2.2 2.2.2.2 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchB] display ip routing-table vpn-instance vpn1
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.0/24 Direct 0 0 100.0.0.1 Vsi1
100.0.0.0/32 Direct 0 0 100.0.0.1 Vsi1
100.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.101/32 BGP 255 0 2.2.2.2 Vsi16383
100.0.0.255/32 Direct 0 0 100.0.0.1 Vsi1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchB] display evpn routing-table vpn-instance vpn1
Flags: E - with valid ESI A - AD ready L - Local ES exists
VPN instance:vpn1 Local L3VNI:16383
IP address Nexthop Outgoing interface NibID Flags
100.0.0.101 2.2.2.2 Vsi-interface16383 0x18000000 -
[SwitchB]display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
VPN instance: vpn1 Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 741f-4aa1-2508 0 GL
100.0.0.101 0010-9400-0001 78aa-8233-2201 0 B
100.0.0.102 0010-9400-0002 741f-4aa1-2508 0 DL
# 验证IPv4 EVPN的MAC地址信息。
[SwitchB] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
VSI name: v1
MAC address Link ID/Name Flags Nexthop
0010-9400-0001 Tunnel0 B 2.2.2.2
0000-2017-0001 Tunnel1 BS 1.1.1.1
# 验证与VXLAN关联的VXLAN隧道信息。
[SwitchB] display vxlan tunnel
Total number of VXLANs: 2
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
VXLAN ID: 16383, VSI name: Auto_L3VNI16383_16383
# 验证VSI的ARP泛洪抑制表项信息。
[SwitchB] display arp suppression vsi
IP address MAC address Vsi Name Link ID Aging
100.0.0.102 0010-9400-0002 v1 0x0 16
100.0.0.101 0010-9400-0001 v1 0x5000000 N/A
# 验证VSI信息。
[SwitchB] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16383_16383
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16383
VXLAN ID : 16383
VSI Name: v1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
ACs:
AC Link ID State Type
HGE1/0/20 srv1 0 Up Manual
· 华为设备
# 验证BGP EVPN对等体信息。
[HUAWEI] display bgp evpn peer
Status codes: * - Dynamic
BGP local router ID : 1.1.1.1
Local AS number : 200
Total number of peers : 2
Peers in established state : 2
Total number of dynamic peers : 0
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 100 24 12 0 00:06:58 Established 3
3.3.3.3 4 200 38 25 0 00:13:17 Established 6
# 验证指定实例的EVPN信息。
[HUAWEI] display evpn vpn-instance name 1001
EVPN-Instance Name RD Address-family
1001 1.1.1.1:10001 evpn
# 验证指定实例的路由信息。
[HUAWEI] display ip routing-table vpn-instance vpn1
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn1
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
100.0.0.0/24 Direct 0 0 D 100.0.0.1 Vbdif1001
100.0.0.1/32 Direct 0 0 D 127.0.0.1 Vbdif1001
100.0.0.101/32 EBGP 255 0 RD 2.2.2.2 VXLAN
100.0.0.102/32 IBGP 255 0 RD 3.3.3.3 VXLAN
100.0.0.255/32 Direct 0 0 D 127.0.0.1 Vbdif1001
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# 验证VXLAN隧道。
[HUAWEI] display vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531845 1.1.1.1 3.3.3.3 up dynamic 00:14:12
4026531846 1.1.1.1 2.2.2.2 up dynamic 00:08:01
表3 EVPN/VXLAN互通性分析
|
H3C |
锐捷 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图5所示,H3C SwitchA、SwitchB为分布式EVPN网关设备,锐捷设备作为RR,负责在交换机之间反射BGP路由。现要求相同VXLAN之间可以二层互通;不同VXLAN之间通过分布式EVPN网关实现三层互通。
图5 采用IBGP模式对接配置组网图
· 配置H3C设备(SwitchA)
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchA] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 创建LoopBack口。
[SwitchA] interface LoopBack 0
[SwitchA-LoopBack0] ip address 2.2.2.2 32
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# 配置underlay网络。
[SwitchA]interface HundredGigE 1/0/6
[SwitchA-HundredGigE1/0/6] ip address 61.1.1.1 24
[SwitchA-HundredGigE1/0/6] ospf 1 area 0.0.0.0
[SwitchA-HundredGigE1/0/6] quit
[SwitchA]interface HundredGigE 1/0/6
[SwitchA-HundredGigE1/0/5] ip address 51.1.1.1 24
[SwitchA-HundredGigE1/0/5] ospf 1 area 0
[SwitchA-HundredGigE1/0/5] quit
# 创建VLAN1001。
[SwitchA] vlan 1001
[SwitchA-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchA] vsi v1
[SwitchA-vsi-v1] arp suppression enable
[SwitchA-vsi-v1] flooding disable all
[SwitchA-vsi-v1] evpn encapsulation vxlan
[SwitchA-vsi-v1-evpn-vxlan] route-distinguisher 2.2.2.2:10001
[SwitchA-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchA-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchA-vsi-v1] vxlan 10001
[SwitchA-vsi-v1-vxlan-10001] quit
[SwitchA-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 1.1.1.1 as-number 100
[SwitchA-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口HundredGigE1/0/11上创建以太网服务实例1,该实例用来匹配VLAN1001的数据帧。
[SwitchA] interface HundredGigE 1/0/11
[SwitchA-HundredGigE1/0/11] service-instance 1
[SwitchA-HundredGigE1/0/11-srv1000] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchA-HundredGigE1/0/11-srv1000] xconnect vsi v1
[SwitchA-HundredGigE1/0/11-srv1000] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 2.2.2.2:10001
[SwitchA-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 100.0.0.1 24
[SwitchA-Vsi-interface1] mac-address 0000-2017-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16383,在该接口上配置VPN实例vpn1对应的L3VNI为16383。
[SwitchA] interface vsi-interface 16383
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 16383
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi v1
[SwitchA-vsi-v1] gateway vsi-interface 1
[SwitchA-vsi-v1] quit
· 配置H3C设备(SwitchB)
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchB] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 创建LoopBack口。
[SwitchB] interface LoopBack 0
[SwitchB-LoopBack0] ip address 3.3.3.3 32
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
# 配置underlay网络。
[SwitchB] interface HundredGigE 1/0/3
[SwitchB-HundredGigE1/0/3] ip address 110.0.0.1 24
[SwitchB-HundredGigE1/0/3] ospf 1 area 0.0.0.0
[SwitchB-HundredGigE1/0/3] quit
[SwitchB] interface HundredGigE 1/0/5
[SwitchB-HundredGigE1/0/5] ip address 51.1.1.2 24
[SwitchB-HundredGigE1/0/5] ospf 1 area 0.0.0.0
[SwitchB-HundredGigE1/0/5] quit
# 创建VLAN1001。
[SwitchB] vlan 1001
[SwitchB-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchB] vsi v1
[SwitchB-vsi-v1] arp suppression enable
[SwitchB-vsi-v1] flooding disable all
[SwitchB-vsi-v1] evpn encapsulation vxlan
[SwitchB-vsi-v1-evpn-vxlan] route-distinguisher 3.3.3.3:10001
[SwitchB-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchB-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchB-vsi-v1] vxlan 10001
[SwitchB-vsi-v1-vxlan-10001] quit
[SwitchB-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 1.1.1.1 as-number 100
[SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口HundredGigE1/0/11上创建以太网服务实例1,该实例用来匹配VLAN1001的数据帧。
[SwitchB]interface HundredGigE 1/0/11
[SwitchB-HundredGigE1/0/11] service-instance 1
[SwitchB-HundredGigE1/0/11-srv1000] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchB-HundredGigE1/0/11-srv1000] xconnect vsi v1
[SwitchB-HundredGigE1/0/11-srv1000] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 3.3.3.3:10001
[SwitchB-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchB-vpn-instance-vpn1] address-family evpn
[SwitchB-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchB-vpn-evpn-vpn1] quit
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 100.0.0.1 24
[SwitchB-Vsi-interface1] mac-address 0000-2017-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16383,在该接口上配置VPN实例vpn1对应的L3VNI为16383。
[SwitchB] interface vsi-interface 16383
[SwitchB-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface3] l3-vni 16383
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB]vsi v1
[SwitchB-vsi-v1]gateway vsi-interface 1
[SwitchB-vsi-v1]quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie> show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 配置VXLAN的硬件资源模式。
Ruijie>enable
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#switch-mode vxlan slot 0
# 网关MAC。
Ruijie(config)#fabric anycast-gateway-mac 0000.2017.0001
# 配置OSPF。
Ruijie(config)#route ospf 1
Ruijie(config-router)#area 0
Ruijie(config-router)#router-id 1.1.1.1
Ruijie(config-router)#exit
# 创建LoopBack口。
Ruijie(config)#interface loopback 0
Ruijie(config-if-Loopback 0)#ip address 1.1.1.1 32
Ruijie(config-if-Loopback 0)#ip ospf 1 area 0
Ruijie(config-if-Loopback 0)#exit
# 配置underlay网络。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip address 110.0.0.2 24
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip ospf 1 area 0
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
Ruijie(config)#interface hundredGigabitEthernet 0/51
Ruijie(config-if-HundredGigabitEthernet 0/51)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/51)#ip address 61.1.1.2 24
Ruijie(config-if-HundredGigabitEthernet 0/51)#ip ospf 1 area 0
Ruijie(config-if-HundredGigabitEthernet 0/51)#exit
# 配置vtep。
Ruijie(config)#vtep
Ruijie(config-vtep)#source loopback 0
Ruijie(config-vtep)#arp suppress enable
Ruijie(config-vtep)#exit
# 创建VRF。
Ruijie(config)#ip vrf vpn1
Ruijie(config-vrf)#rd 1.1.1.1:10001
Ruijie(config-vrf)#route-target both 65001:10001
Ruijie(config-vrf)#exit
# 创建overlayrouter接口。
Ruijie(config)#interface overlayrouter 1
Ruijie(config-if-OverlayRouter 1)#ip vrf forwarding vpn1
Ruijie(config-if-OverlayRouter 1)#ip address 100.0.0.1 24
Ruijie(config-if-OverlayRouter 1)#anycast-gateway
Ruijie(config-if-OverlayRouter 1)#route-in-vni
Ruijie(config-if-OverlayRouter 1)#exit
# 创建VXLAN10001。
Ruijie(config)#vxlan 10001
Ruijie(config-vxlan)#extend-vlan 1001
Ruijie(config-vxlan)#router-interface overlayRouter 1
Ruijie(config-vxlan)#arp suppress enable
Ruijie(config-vxlan)#exit
# 配置BGP发布EVPN路由。
Ruijie(config)#route bgp 100
Ruijie(config-router)#neighbor 2.2.2.2 remote-as 100
Ruijie(config-router)#neighbor 2.2.2.2 update-source Loopback 0
Ruijie(config-router)#neighbor 3.3.3.3 remote-as 100
Ruijie(config-router)#neighbor 3.3.3.3 update-source Loopback 0
Ruijie(config-router)#address-family l2vpn evpn
Ruijie(config-router-af)#neighbor 2.2.2.2 activate
Ruijie(config-router-af)#neighbor 2.2.2.2 route-reflector-client
Ruijie(config-router-af)#neighbor 3.3.3.3 activate
Ruijie(config-router-af)#neighbor 3.3.3.3 route-reflector-client
Ruijie(config-router-af)#exit
Ruijie(config-router)#exit
# 配置EVPN。
Ruijie(config)#evpn
Ruijie(config-evpn)#vni 10001
Ruijie(config-evpn-vni)#rd 1.1.1.1:10001
Ruijie(config-evpn-vni)#route-target both 65001:10001
Ruijie(config-evpn-vni)#exit
· H3C设备(SwitchA)
# 验证BGP L2VPN对等体信息。
[SwitchA] display bgp peer l2vpn evpn
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 100 116 109 0 8 01:30:19 Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchA] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
3.3.3.3:10001 3.3.3.3 3.3.3.3 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchA] display ip routing-table vpn-instance vpn1
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.103/32 BGP 255 0 3.3.3.3 Vsi16383
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchA] display evpn routing-table vpn-instance vpn1
Flags: E - with valid ESI A - AD ready L - Local ES exists
VPN instance:vpn1 Local L3VNI:16383
IP address Nexthop Outgoing interface NibID Flags
100.0.0.103 3.3.3.3 Vsi-interface16383 0x18000000 -
# 验证EVPN的ARP信息。
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VPN instance: vpna Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 - 3 BGI
100.0.0.101 0010-9400-000e - 3 B
100.0.0.102 0010-9400-000f 743a-2021-ae01 3 DL
100.0.0.103 0010-9400-000d 0000-fc00-0243 3 B
# 验证IPv4 EVPN的MAC地址信息。
[SwitchA] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VSI name: v1
MAC address : 0010-9400-000f
Link ID/Name : 0x0
Flags : DL
Encap : VXLAN
Next hop : -
Color : -
MAC address : 0010-9400-000e
Link ID/Name : Tunnel1
Flags : B
Encap : VXLAN
Next hop : 1.1.1.1
Color : -
MAC address : 0000-2017-0001
Link ID/Name : -
Flags : BGI
Encap : VXLAN
Next hop : 1.1.1.1
Color : -
MAC address : 0010-9400-000d
Link ID/Name : Tunnel0
Flags : B
Encap : VXLAN
Next hop : 3.3.3.3
Color : -
# 验证与VXLAN关联的VXLAN隧道信息。
[SwitchA] display vxlan tunnel
Total number of VXLANs: 4
VXLAN ID: 10, VSI name: vpna
VXLAN ID: 1000, VSI name: Auto_L3VNI1000_1000
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel Name Link ID State Type Flood Proxy
Tunnel0 0x50000000 UP Auto Disabled
Tunnel1 0x50000001 UP Auto Disabled
VXLAN ID: 16383, VSI name: Auto_L3VNI16383_16383
# 验证VSI的ARP泛洪抑制表项信息。
[SwitchA] display arp suppression vsi
IP address MAC address VSI Name Link ID Aging(min)
100.0.0.1 0000-2017-0001 v1 0x50000001 N/A
100.0.0.102 0010-9400-000f v1 0x0 20
100.0.0.103 0010-9400-000d v1 0x50000000 N/A
100.0.0.101 0010-9400-000e v1 0x50000001 N/A
# 验证VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_1000
VSI Index : 16383
VSI State : Down
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy Mode : Slave
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1000
VXLAN ID : 1000
VSI Name: v1
VSI Index : 3
VSI State : Up
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy Mode : Slave
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood Proxy
Tunnel0 0x50000000 UP Auto Disabled
Tunnel1 0x50000001 UP Auto Disabled
ACs:
AC Link ID State Type
HGE1/0/11 srv1 0x0 Up Manual
· 锐捷设备
# 验证VXLAN信息。
Ruijie(config)#show vxlan
VXLAN Total Count: 1
VXLAN Capacity : 4000
VXLAN 10001
Symmetric property : FALSE
Router Interface : overlayrouter 1 (anycast)
Extend VLAN : 1001
VTEP Adjacency Count: 2
VTEP Adjacency List :
Interface Source IP Destination IP Type
---------------------- --------------- --------------- -------
OverlayTunnel 6145 1.1.1.1 3.3.3.3 dynamic
OverlayTunnel 6147 1.1.1.1 2.2.2.2 dynamic
如图6所示,H3C Switch A、H3C Switch B和锐捷设备均为分布式EVPN网关。现要求相同VXLAN之间可以二层互通,不同VXLAN之间通过分布式EVPN网关实现三层互通。
图6 采用EBGP模式对接配置组网图
· 配置H3C设备(SwitchA)
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchA] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 创建LoopBack口。
[SwitchA] interface LoopBack 0
[SwitchA-LoopBack0] ip address 2.2.2.2 32
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# 配置underlay网络。
[SwitchA] interface HundredGigE 1/0/6
[SwitchA-HundredGigE1/0/6] ip address 61.1.1.1 24
[SwitchA-HundredGigE1/0/6] ospf 1 area 0.0.0.0
[SwitchA-HundredGigE1/0/6] quit
[SwitchA]interface HundredGigE 0/0/5
[SwitchA-HundredGigE1/0/5] ip address 51.1.1.1 24
[SwitchA-HundredGigE1/0/5] ospf 1 area 0
[SwitchA-HundredGigE1/0/5] quit
# 创建VLAN1001
[SwitchA] vlan 1001
[SwitchA-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchA] vsi v1
[SwitchA-vsi-v1] arp suppression enable
[SwitchA-vsi-v1] flooding disable all
[SwitchA-vsi-v1] evpn encapsulation vxlan
[SwitchA-vsi-v1-evpn-vxlan] route-distinguisher 2.2.2.2:10001
[SwitchA-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchA-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchA-vsi-v1] vxlan 10001
[SwitchA-vsi-v1-vxlan-10001] quit
[SwitchA-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 1.1.1.1 as-number 200
[SwitchA-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchA-bgp-default] peer 1.1.1.1 ebgp-max-hop 10
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] peer 3.3.3.3 ebgp-max-hop 10
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口HundredGigE1/0/11上创建以太网服务实例1,该实例用来匹配VLAN1001的数据帧。
[SwitchA] interface HundredGigE 1/0/11
[SwitchA-HundredGigE1/0/11] service-instance 1
[SwitchA-HundredGigE1/0/11-srv1000] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchA-HundredGigE1/0/11-srv1000] xconnect vsi v1
[SwitchA-HundredGigE1/0/11-srv1000] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 2.2.2.2:10001
[SwitchA-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 100.0.0.1 24
[SwitchA-Vsi-interface1] mac-address 0000-2017-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
[SwitchA]
# 创建VSI虚接口VSI-interface16383,在该接口上配置VPN实例vpn1对应的L3VNI为16383。
[SwitchA]interface vsi-interface 16383
[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface3] l3-vni 16383
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi v1
[SwitchA-vsi-v1] gateway vsi-interface 1
[SwitchA-vsi-v1] quit
· 配置H3C设备(SwitchB)
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式。
[SwitchB] hardware-resource vxlan border40k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置OSPF。
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 创建LoopBack口。
[SwitchB] interface LoopBack 0
[SwitchB-LoopBack0] ip address 3.3.3.3 32
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
# 配置underlay网络。
[SwitchB] interface HundredGigE 1/0/3
[SwitchB-HundredGigE1/0/3] ip address 110.0.0.1 24
[SwitchB-HundredGigE1/0/3] ospf 1 area 0.0.0.0
[SwitchB-HundredGigE1/0/3] quit
[SwitchB]interface HundredGigE 1/0/5
[SwitchB-HundredGigE1/0/5] ip address 51.1.1.2 24
[SwitchB-HundredGigE1/0/5] ospf 1 area 0.0.0.0
[SwitchB-HundredGigE1/0/5] quit
# 创建VLAN1001。
[SwitchB] vlan 1001
[SwitchB-vlan1001] quit
# 在VSI实例v1下创建EVPN实例,并配置EVPN实例的RD和RT。
[SwitchB] vsi v1
[SwitchB-vsi-v1] arp suppression enable
[SwitchB-vsi-v1] flooding disable all
[SwitchB-vsi-v1] evpn encapsulation vxlan
[SwitchB-vsi-v1-evpn-vxlan] route-distinguisher 3.3.3.3:10001
[SwitchB-vsi-v1-evpn-vxlan] vpn-target 65001:10001
[SwitchB-vsi-v1-evpn-vxlan] quit
# 创建VXLAN10001。
[SwitchB-vsi-v1] vxlan 10001
[SwitchB-vsi-v1-vxlan-10001] quit
[SwitchB-vsi-v1] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 1.1.1.1 as-number 200
[SwitchB-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchB-bgp-default] peer 2.2.2.2 connect-interface LoopBack0
[SwitchB-bgp-default] peer 2.2.2.2 ebgp-max-hop 10
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchB-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口HundredGigE1/0/11上创建以太网服务实例1,该实例用来匹配VLAN 1001的数据帧。
[SwitchB]interface HundredGigE 1/0/11
[SwitchB-HundredGigE1/0/11] service-instance 1
[SwitchB-HundredGigE1/0/11-srv1000] encapsulation s-vid 1001
# 配置以太网服务实例1与VSI实例v1关联。
[SwitchB-HundredGigE1/0/11-srv1000] xconnect vsi v1
[SwitchB-HundredGigE1/0/11-srv1000] quit
# 配置L3VNI的RD和RT。
[SwitchB]ip vpn-instance vpn1
[SwitchB-vpn-instance-vpn1] route-distinguisher 3.3.3.3:10001
[SwitchB-vpn-instance-vpn1] vpn-target 65001:10001
[SwitchB-vpn-instance-vpn1] address-family evpn
[SwitchB-vpn-evpn-vpn1] vpn-target 65001:10001
[SwitchB-vpn-evpn-vpn1] quit
[SwitchB-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface1] ip address 100.0.0.1 24
[SwitchB-Vsi-interface1] mac-address 0000-2017-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface16383,在该接口上配置VPN实例vpn1对应的L3VNI为16383。
[SwitchB] interface vsi-interface 16383
[SwitchB-Vsi-interface3] ip binding vpn-instance vpn1
[SwitchB-Vsi-interface3] l3-vni 16383
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi v1
[SwitchB-vsi-v1] gateway vsi-interface 1
[SwitchB-vsi-v1] quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie> show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 配置VXLAN的硬件资源模式。
Ruijie>enable
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#switch-mode vxlan slot 0
# 配置网关MAC。
Ruijie(config)#fabric anycast-gateway-mac 0000.2017.0001
# 配置OSPF。
Ruijie(config)#route ospf 1
Ruijie(config-router)#area 0
Ruijie(config-router)#router-id 1.1.1.1
Ruijie(config-router)#exit
# 创建LoopBack口。
Ruijie(config)#interface loopback 0
Ruijie(config-if-Loopback 0)#ip address 1.1.1.1 32
Ruijie(config-if-Loopback 0)#ip ospf 1 area 0
Ruijie(config-if-Loopback 0)#exit
# 配置underlay网络。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip address 110.0.0.2 24
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip ospf 1 area 0
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
Ruijie(config)#interface hundredGigabitEthernet 0/51
Ruijie(config-if-HundredGigabitEthernet 0/51)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/51)#ip address 61.1.1.2 24
Ruijie(config-if-HundredGigabitEthernet 0/51)#ip ospf 1 area 0
Ruijie(config-if-HundredGigabitEthernet 0/51)#exit
# 配置vtep。
Ruijie(config)#vtep
Ruijie(config-vtep)#source loopback 0
Ruijie(config-vtep)#arp suppress enable
Ruijie(config-vtep)#exit
# 创建VRF。
Ruijie(config)#ip vrf vpn1
Ruijie(config-vrf)#rd 1.1.1.1:10001
Ruijie(config-vrf)#route-target both 65001:10001
Ruijie(config-vrf)#exit
# 创建overlayrouter接口。
Ruijie(config)#interface overlayrouter 1
Ruijie(config-if-OverlayRouter 1)#ip vrf forwarding vpn1
Ruijie(config-if-OverlayRouter 1)#ip address 100.0.0.1 24
Ruijie(config-if-OverlayRouter 1)#anycast-gateway
Ruijie(config-if-OverlayRouter 1)#route-in-vni
Ruijie(config-if-OverlayRouter 1)#exit
# 创建VXLAN10001。
Ruijie(config)#vxlan 10001
Ruijie(config-vxlan)#extend-vlan 1001
Ruijie(config-vxlan)#router-interface overlayRouter 1
Ruijie(config-vxlan)#arp suppress enable
Ruijie(config-vxlan)#exit
# 配置BGP发布EVPN路由。
Ruijie(config)#route bgp 200
Ruijie(config-router)#neighbor 2.2.2.2 remote-as 100
Ruijie(config-router)#neighbor 2.2.2.2 ebgp-multihop 10
Ruijie(config-router)#neighbor 2.2.2.2 update-source Loopback 0
Ruijie(config-router)#neighbor 3.3.3.3 remote-as 200
Ruijie(config-router)#neighbor 3.3.3.3 update-source Loopback 0
Ruijie(config-router)#address-family l2vpn evpn
Ruijie(config-router-af)#neighbor 2.2.2.2 activate
Ruijie(config-router-af)#neighbor 3.3.3.3 activate
Ruijie(config-router-af)#exit
Ruijie(config-router)#exit
# 配置EVPN。
Ruijie(config)#evpn
Ruijie(config-evpn)#vni 10001
Ruijie(config-evpn-vni)#rd 1.1.1.1:10001
Ruijie(config-evpn-vni)#route-target both 65001:10001
Ruijie(config-evpn-vni)#exit
· H3C设备(SwitchA)
# 验证BGP L2VPN对等体信息。
[SwitchA] display bgp peer l2vpn evpn
BGP local router ID: 2.2.2.2
Local AS number: 100
Total number of peers: 2 Peers in established state: 2
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
1.1.1.1 200 31 42 0 6 00:18:08 Established
3.3.3.3 200 34 39 0 6 00:18:05 Established
# 验证通过包含性组播以太网标签路由(Inclusive multicast Ethernet tag route)发现的IPv4邻居信息。
[SwitchA] display evpn auto-discovery imet
Total number of automatically discovered peers: 2
VSI name: v1
RD PE_address Tunnel_address Tunnel mode VXLAN ID
1.1.1.1:10001 1.1.1.1 1.1.1.1 VXLAN 10001
3.3.3.3:10001 3.3.3.3 3.3.3.3 VXLAN 10001
# 验证VPN1的路由表信息。
[SwitchA] display ip routing-table vpn-instance vpn1
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
100.0.0.103/32 BGP 255 0 3.3.3.3 Vsi16383
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 验证VPN实例对应EVPN的路由表信息。
[SwitchA] display evpn routing-table vpn-instance vpn1
Flags: E - with valid ESI A - AD ready L - Local ES exists
VPN instance:vpn1 Local L3VNI:16383
IP address Nexthop Outgoing interface NibID Flags
100.0.0.103 3.3.3.3 Vsi-interface16383 0x18000000 -
# 验证EVPN的ARP信息。
[SwitchA] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VPN instance: vpna Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
100.0.0.1 0000-2017-0001 - 3 BGI
100.0.0.101 0010-9400-000e - 3 B
100.0.0.102 0010-9400-000f 743a-2021-ae01 3 DL
100.0.0.103 0010-9400-000d 0000-fc00-0243 3 B
# 验证IPv4 EVPN的MAC地址信息。
[SwitchA] display evpn route mac
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping I - Invalid
E - Multihoming ES sync F - Leaf
VSI name: v1
MAC address : 0010-9400-000f
Link ID/Name : 0x0
Flags : DL
Encap : VXLAN
Next hop : -
Color : -
MAC address : 0010-9400-000e
Link ID/Name : Tunnel1
Flags : B
Encap : VXLAN
Next hop : 1.1.1.1
Color : -
MAC address : 0000-2017-0001
Link ID/Name : -
Flags : BGI
Encap : VXLAN
Next hop : 1.1.1.1
Color : -
MAC address : 0010-9400-000d
Link ID/Name : Tunnel0
Flags : B
Encap : VXLAN
Next hop : 3.3.3.3
Color : -
# 验证VXLAN隧道信息。
[SwitchA] display vxlan tunnel
Total number of VXLANs: 4
VXLAN ID: 10, VSI name: vpna
VXLAN ID: 1000, VSI name: Auto_L3VNI1000_1000
VXLAN ID: 10001, VSI name: v1, Total tunnels: 2 (2 up, 0 down, 0 defect, 0 blocked)
Tunnel Name Link ID State Type Flood Proxy
Tunnel0 0x50000000 UP Auto Disabled
Tunnel1 0x50000001 UP Auto Disabled
VXLAN ID: 16383, VSI name: Auto_L3VNI16383_16383
# 验证VSI的ARP泛洪抑制表项信息。
[SwitchA] display arp suppression vsi
IP address MAC address VSI Name Link ID Aging(min)
100.0.0.102 0010-9400-000f v1 0x0 24
100.0.0.1 0000-2017-0001 v1 0x50000001 N/A
100.0.0.101 0010-9400-000e v1 0x50000001 N/A
100.0.0.103 0010-9400-000d v1 0x50000000 N/A
# 验证VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI16383_16383
VSI Index : 16382
VSI State : Down
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy Mode : Slave
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 16383
VXLAN ID : 16383
VSI Name: v1
VSI Index : 3
VSI State : Up
MTU : 1500
Diffserv Mode : -
Bandwidth : Unlimited
Broadcast Restrain : 4294967295 kbps
Multicast Restrain : 4294967295 kbps
Unknown Unicast Restrain: 4294967295 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
PW Redundancy Mode : Slave
Flooding : Disabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10001
Tunnels:
Tunnel Name Link ID State Type Flood Proxy
Tunnel0 0x50000000 UP Auto Disabled
Tunnel1 0x50000001 UP Auto Disabled
ACs:
AC Link ID State Type
HGE1/0/11 srv1 0x0 Up Manual
Statistics: Disabled
· 锐捷设备
# 验证VXLAN信息。
Ruijie(config)#show vxlan
VXLAN Total Count: 1
VXLAN Capacity : 4000
VXLAN 10001
Symmetric property : FALSE
Router Interface : overlayrouter 1 (anycast)
Extend VLAN : 1001
VTEP Adjacency Count: 2
VTEP Adjacency List :
Interface Source IP Destination IP Type
---------------------- --------------- --------------- -------
OverlayTunnel 6145 1.1.1.1 2.2.2.2 dynamic
OverlayTunnel 6147 1.1.1.1 16.1.105.99 dynamic
H3C支持的STP/RSTP/MSTP均是IEEE标准组织制定的标准协议。Cisco支持的生成树协议中,MSTP为标准协议,Rapid-Pvst为Cisco私有协议。
如表4所示,H3C和Cisco生成树协议的互通性情况如下:
· H3C的MSTP与Cisco的MSTP可以完全互通
为了实现互通,在保证相连的H3C交换机域配置和Cisco交换机域配置完全一致的前提下,还需要在H3C设备上通过stp config-digest-snooping命令,在每一个和Cisco交换机相连的端口上开启摘要侦听功能功能。
另外,H3C设备的Comware V5 MSTP默认BPDU封装格式为legacy,Comware V7 MSTP默认BPDU封装格式为802.1s。在Cisco设备上需要通过spanning-tree mst pre-standard(legacy)或no spanning-tree mst pre-standard(802.1s)命令,将MSTP BPDU封装格式修改为legacy 或802.1s,使得H3C设备和Cisco设备的MSTP BPDU封装格式一致。
· H3C的MSTP与Cisco的Rapid-Pvst可以在一定程度上完成互通
如果H3C设备采用Access端口对接,H3C设备会将Cisco设备当作一个支持IEEE802.1D的设备,正常进行生成树计算。如果H3C设备采用Trunk接口对接,标准的STP设备可以与Rapid-Pvst设备的VLAN 1互通;但在其他VLAN上,标准STP设备无法识别Rapid-Pvst报文,要求物理环路必须在标准STP设备上来阻断,也就是说Blocking端口必须在标准STP设备(H3C)上而不是Rapid-Pvst设备(Cisco)上,否则就可能导致VLAN 1以外的其他VLAN出现广播风暴。
表4 MSTP/PVST互通性分析
|
H3C |
Cisco |
互通结论 |
|
STP模式 |
MSTP模式(Legacy和802.1s封装) |
在实例0中可以互通 |
|
STP模式 |
Rapid-Pvst模式 |
在Cisco设备上不取消VLAN 1的Rapid-Pvst功能的情况下,可以互通 |
|
RSTP模式 |
MSTP模式(Legacy和802.1s封装) |
在实例0中可以互通 |
|
RSTP模式 |
Rapid-Pvst模式 |
在Cisco设备上不取消VLAN 1的Rapid-Pvst功能的情况下,可以互通 |
|
MSTP模式 |
MSTP模式(Legacy和802.1s封装) |
在H3C设备配置stp config-digest-snooping命令的情况下,可以互通 |
|
MSTP模式 |
Rapid-Pvst模式 |
在Cisco设备上不取消VLAN 1的Rapid-Pvst功能的情况下,可以互通 |
如图7所示,H3C设备与Cisco设备通过两条链路相互连接。现要求在H3C设备和Cisco设备上分别配置MSTP,实现MSTP互通。
图7 MSTP对接配置组网图
· 配置H3C设备
# 创建VLAN接口2,并为该接口配置IP地址和子网掩码。
<H3C> system-view
[H3C] vlan 2
[H3C-vlan2] quit
[H3C] interface Vlan-interface 2
[H3C-Vlan-interface2] ip address 16.1.11.55 255.255.255.0
[H3C-Vlan-interface2]quit
# 在端口GigabitEthernet1/0/1上开启摘要侦听功能。
[H3C] interface gigabitethernet 1/0/1
[H3C-GigabitEthernet1/0/1] stp config-digest-snooping
# 配置端口GigabitEthernet1/0/1为Trunk端口,允许VLAN2通过。
[H3C-GigabitEthernet1/0/1] port link-type trunk
[H3C-GigabitEthernet1/0/1] port trunk permit vlan 2
[H3C-GigabitEthernet1/0/1] quit
# 在端口GigabitEthernet1/0/2上开启摘要侦听功能。
[H3C] interface gigabitethernet 1/0/2
[H3C-GigabitEthernet1/0/2] stp config-digest-snooping
# 配置端口GigabitEthernet1/0/2为Trunk端口,允许VLAN2通过。
[H3C-GigabitEthernet1/0/2] port link-type trunk
[H3C-GigabitEthernet1/0/2] port trunk permit vlan 2
[H3C-GigabitEthernet1/0/2] quit
# 全局开启摘要侦听功能。
[H3C] stp global config-digest-snooping
# 全局开启生成树协议。
[H3C] stp global enable
为保证H3C交换机的路径开销计算标准与第三方交换机一致,需要确认第三方交换机的开销计算标准,然后在H3C交换机上进行相应的修改。
# 当Cisco设备采用缺省路径开销计算标准,H3C交换机需要配置按照IEEE 802.1D-1998标准来计算缺省路径开销。
[H3C] stp pathcost-standard dot1d-1998
· 配置Cisco设备
# 如下配置以Cisco Nexus9000 C9236C为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(6)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 07:05:18]
Hardware
cisco Nexus9000 C9236C chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 16400984 kB of memory.
Processor Board ID FDO20511FC7
Device name: switch
bootflash: 53298520 kB
Kernel uptime is 17 day(s), 20 hour(s), 9 minute(s), 30 second(s)
Last reset
Reason: Unknown
System version: 7.0(3)I4(6)
Service:
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 进入VLAN2的配置模式,并配置IP地址。
Cisco# configure terminal
Cisco(config)# interface vlan 2
Cisco(config-if)#ip address 16.1.11.56 255.255.255.0
Cisco(config-if)#exit
# 配置接口Ethernet1/11为Trunk口,并指定为VLAN2的成员端口。
Cisco(config)# interface Ethernet 1/11
Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport access vlan 2
Cisco(config-if)# switchport trunk allowed vlan 2
Cisco(config-if)# exit
# 配置接口Ethernet1/13为Trunk口,并指定为VLAN2的成员端口。
Cisco(config-if)# interface Ethernet 1/13
Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport access vlan 2
Cisco(config-if)# switchport trunk allowed vlan 2
Cisco(config-if)# end
# 在H3C设备上验证生成树状态和统计的简要信息。
[H3C] display stp brief
MST ID Port Role TP State Protection
0 GigabitEthernet1/0/1 DESI FORWARDING NONE
0 GigabitEthernet1/0/2 DESI FORWARDING NONE
# 在H3C设备上验证在MSTP模式下,显示MSTI0在端口GigabitEthernet1/0/2上生成树状态和统计的信息。
[H3C] display stp instance 0 interface gigabitethernet 1/0/2
-------[CIST Global Info][Mode MSTP]-------
Bridge ID : 32768.1cab-3496-09f6
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 32768.1cab-3496-09f6, 0
RegRoot ID/IRPC : 32768.1cab-3496-09f6, 0
RootPort ID : 0.0
BPDU-Protection : Disabled
Bridge Config-
Digest-Snooping : Enabled
TC or TCN received : 2
Time since last TC : 0 days 0h:34m:14s
----[Port391(GigabitEthernet1/0/2)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port
Port ID : 128.391
Port cost(Legacy) : Config=auto, Active=1
Desg.bridge/port : 32768.1cab-3496-09f6, 128.391
Port edged : Config=disabled, Active=disabled
Point-to-Point : Config=auto, Active=true
Transmit limit : 10 packets/hello-time
TC-Restriction : Disabled
Role-Restriction : Disabled
Protection type : Config=none, Active=none
MST BPDU format : Config=auto, Active=802.1s
Port Config-
Digest-Snooping : Enabled
Rapid transition : False
Num of VLANs mapped : 2
Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 20
BPDU sent : 1784
TCN: 0, Config: 0, RST: 0, MST: 1784
BPDU received : 0
TCN: 0, Config: 0, RST: 0, MST: 0
# 在H3C设备上验证在MSTP模式下,显示MSTI0在端口GigabitEthernet1/0/1上生成树状态和统计的信息。
[H3C] display stp instance 0 interface gigabitethernet 1/0/1
-------[CIST Global Info][Mode MSTP]-------
Bridge ID : 32768.1cab-3496-09f6
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 32768.1cab-3496-09f6, 0
RegRoot ID/IRPC : 32768.1cab-3496-09f6, 0
RootPort ID : 0.0
BPDU-Protection : Disabled
Bridge Config-
Digest-Snooping : Enabled
TC or TCN received : 2
Time since last TC : 0 days 0h:34m:21s
----[Port381(GigabitEthernet1/0/1)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port (Boundary)
Port ID : 128.381
Port cost(Legacy) : Config=auto, Active=1
Desg.bridge/port : 32768.1cab-3496-09f6, 128.381
Port edged : Config=disabled, Active=disabled
Point-to-Point : Config=auto, Active=true
Transmit limit : 10 packets/hello-time
TC-Restriction : Disabled
Role-Restriction : Disabled
Protection type : Config=none, Active=none
MST BPDU format : Config=auto, Active=802.1s
Port Config-
Digest-Snooping : Enabled
Rapid transition : False
Num of VLANs mapped : 2
Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 20
BPDU sent : 1787
TCN: 0, Config: 0, RST: 0, MST: 1787
BPDU received : 2
TCN: 0, Config: 0, RST: 2, MST: 0
表5 MSTP/PVST互通性分析
|
H3C |
华为 |
互通结论 |
|
MSTP模式 |
MSTP模式 |
可以互通 |
如图8所示,H3C设备与华为设备通过两条链路相互连接。现要求在H3C设备和华为设备上分别配置MSTP,实现MSTP互通。
图8 MSTP对接配置组网图
· 配置H3C设备
# 全局开启生成树协议。
<H3C>system-view
[H3C] stp global enable
# 创建VLAN接口10,并为该接口配置IP地址和子网掩码。
[H3C] vlan 10
[H3C-vlan10] quit
[H3C]interface Vlan-interface 10
[H3C-Vlan-interface10] ip address 100.0.0.1 255.255.255.0
[H3C-Vlan-interface10] quit
# 在端口HundredGigE1/0/1上开启摘要侦听功能。
[H3C]interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] stp config-digest-snooping
# 配置端口HundredGigE1/0/1为Trunk端口,允许VLAN 10通过。
[H3C-HundredGigE1/0/1] port link-type trunk
[H3C-HundredGigE1/0/1] port trunk permit vlan 10
[H3C-HundredGigE1/0/1] quit
# 在端口HundredGigE1/0/2上开启摘要侦听功能。
[H3C]interface HundredGigE 1/0/2
[H3C-HundredGigE1/0/2] stp config-digest-snooping
# 配置端口HundredGigE1/0/2为Trunk端口,允许VLAN 10通过。
[H3C-HundredGigE1/0/2] port link-type trunk
[H3C-HundredGigE1/0/2] port trunk permit vlan 10
[H3C-HundredGigE1/0/2] quit
# 全局开启摘要侦听功能。
[H3C] stp global config-digest-snooping
为保证H3C交换机的路径开销计算标准与第三方交换机一致,需要确认第三方交换机的开销计算标准,然后在H3C交换机上进行相应的修改。
# 当华为设备采用缺省路径开销计算标准,H3C交换机需要配置按照IEEE 802.1t标准来计算缺省路径开销。
[H3C] stp pathcost-standard dot1t
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 使能设备的STP/RSTP/MSTP功能。
<HUAWEI>system-view immediately
Enter system view, return user view with return command.
[HUAWEI]stp enable
# 创建VLAN接口10,并为该接口配置IP地址和子网掩码。
[HUAWEI]vlan 10
[HUAWEI-vlan10]quit
[HUAWEI]interface vlanif 10
[HUAWEI-Vlanif10]ip address 100.0.0.2 24
[HUAWEI-Vlanif10]quit
# 配置端口100GE1/0/1属于VLAN10。
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]port link-type trunk
[HUAWEI-100GE1/0/1]port trunk allow-pass vlan 10
[HUAWEI-100GE1/0/1]quit
# 配置端口100GE1/0/2属于VLAN10。
[HUAWEI]interface 100GE 1/0/2
[HUAWEI-100GE1/0/2]port link-type trunk
[HUAWEI-100GE1/0/2]port trunk allow-pass vlan 10
[HUAWEI-100GE1/0/2]quit
# 在H3C设备上验证生成树状态和统计的简要信息。
[H3C] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/1 DESI FORWARDING NONE
0 HundredGigE1/0/2 DESI FORWARDING NONE
# 在H3C设备上验证在MSTP模式下,显示MSTI 0在端口HundredGigE1/0/1上生成树状态和统计的信息。
[H3C] display stp instance 0 interface HundredGigE 1/0/1
-------[CIST Global Info][Mode MSTP]-------
Bridge ID : 32768.743a-2021-ae00
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 32768.743a-2021-ae00, 0
RegRoot ID/IRPC : 32768.743a-2021-ae00, 0
RootPort ID : 0.0
BPDU-Protection : Disabled
Bridge Config-
Digest-Snooping : Enabled
TC or TCN received : 0
Time since last TC : 0 days 0h:41m:50s
----[Port51(HundredGigE1/0/1)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port (Boundary)
Port ID : 128.51
Port cost(Legacy) : Config=auto, Active=1
Desg.bridge/port : 32768.743a-2021-ae00, 128.51
Port edged : Config=disabled, Active=disabled
Point-to-Point : Config=auto, Active=true
Transmit limit : 10 packets/hello-time
TC-Restriction : Disabled
Role-Restriction : Disabled
Protection type : Config=none, Active=none
MST BPDU format : Config=auto, Active=802.1s
Port Config-
Digest-Snooping : Enabled
Rapid transition : True
Num of VLANs mapped : 2
Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 20
BPDU sent : 1256
TCN: 0, Config: 0, RST: 0, MST: 1256
BPDU received : 3
TCN: 0, Config: 0, RST: 0, MST: 3
表6 MSTP/PVST互通性分析
|
H3C |
锐捷 |
互通结论 |
|
MSTP模式 |
MSTP模式 |
可以互通 |
如图9所示,H3C设备与锐捷设备通过两条链路相互连接。现要求在H3C设备和锐捷设备上分别配置MSTP,实现MSTP互通。
图9 MSTP对接配置组网图
· 配置H3C设备
# 全局开启生成树协议。
<H3C> system-view
[H3C] stp global enable
# 创建VLAN接口10,并为该接口配置IP地址和子网掩码。
[H3C] vlan 10
[H3C-vlan10] quit
[H3C] interface Vlan-interface 10
[H3C-Vlan-interface10] ip address 100.0.0.1 24
[H3C-Vlan-interface10] quit
# 配置端口HundredGigE1/0/3为Trunk端口,允许VLAN10通过。
[H3C] interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] port link-type trunk
[H3C-HundredGigE1/0/3] port trunk permit vlan 10
# 在端口HundredGigE1/0/3上开启摘要侦听功能。
[H3C-HundredGigE1/0/3] stp config-digest-snooping
[H3C-HundredGigE1/0/3] quit
# 配置端口HundredGigE1/0/4为Trunk端口,允许VLAN 10通过。
[H3C]interface HundredGigE 1/0/4
[H3C-HundredGigE1/0/4] port link-type trunk
[H3C-HundredGigE1/0/4] port trunk permit vlan 10
# 在端口HundredGigE1/0/4上开启摘要侦听功能。
[H3C-HundredGigE1/0/4] stp config-digest-snooping
[H3C-HundredGigE1/0/4] quit
# 全局开启摘要侦听功能。
[H3C] stp global config-digest-snooping
为保证H3C交换机的路径开销计算标准与第三方交换机一致,需要确认第三方交换机的开销计算标准,然后在H3C交换机上进行相应的修改。
# 当锐捷设备采用缺省路径开销计算标准,H3C交换机需要配置按照IEEE 802.1t标准来计算缺省路径开销。
[H3C] stp pathcost-standard dot1t
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQI为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 打开spanning-tree功能。
Ruijie>enable
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#spanning-tree
# 配置IP地址。
Ruijie(config)#interface vlan 10
Ruijie(config-if-VLAN 10)#ip address 100.0.0.2 24
Ruijie(config-if-VLAN 10)#no shutdown
Ruijie(config-if-VLAN 10)#exit
# 配置hundredGigabitEthernet 0/49为Trunk端口,且该接口附带switchport trunk allowed vlan only 10。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport mode trunk
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport trunk allowed vlan only 10
Ruijie(config-if-HundredGigabitEthernet 0/49)#no shutdown
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 配置hundredGigabitEthernet 0/50为Trunk端口,且该接口附带switchport trunk allowed vlan only 10。
Ruijie(config)#interface hundredGigabitEthernet 0/50
Ruijie(config-if-HundredGigabitEthernet 0/50)#switchport
Ruijie(config-if-HundredGigabitEthernet 0/50)#switchport mode trunk
Ruijie(config-if-HundredGigabitEthernet 0/50)#switchport trunk allowed vlan only 10
Ruijie(config-if-HundredGigabitEthernet 0/50)#no shutdown
Ruijie(config-if-HundredGigabitEthernet 0/50)#exit
# 在H3C设备上验证生成树状态和统计的简要信息。
[H3C] display stp brief
MST ID Port Role STP State Protection
0 HundredGigE1/0/3 DESI FORWARDING NONE
0 HundredGigE1/0/4 DESI FORWARDING NONE
# 在H3C设备上验证在MSTP模式下,显示MSTI 0在端口HundredGigE1/0/3上生成树状态和统计的信息。
[H3C] display stp instance 0 interface HundredGigE 1/0/3
-------[CIST Global Info][Mode MSTP]-------
Bridge ID : 32768.0000-fc00-0242
Bridge times : Hello 2s MaxAge 20s FwdDelay 15s MaxHops 20
Root ID/ERPC : 32768.0000-fc00-0242, 0
RegRoot ID/IRPC : 32768.0000-fc00-0242, 0
RootPort ID : 0.0
BPDU-Protection : Disabled
Bridge Config-
Digest-Snooping : Disabled
TC or TCN received : 0
Time since last TC : 0 days 0h:7m:27s
----[Port5(HundredGigE1/0/3)][FORWARDING]----
Port protocol : Enabled
Port role : Designated Port (Boundary)
Port ID : 128.5
Port cost(Legacy) : Config=auto, Active=1
Desg.bridge/port : 32768.0000-fc00-0242, 128.5
Port edged : Config=disabled, Active=disabled
Point-to-Point : Config=auto, Active=true
Transmit limit : 10 packets/hello-time
TC-Restriction : Disabled
Role-Restriction : Disabled
Protection type : Config=none, Active=none
MST BPDU format : Config=auto, Active=802.1s
Port Config-
Digest-Snooping : Enabled
Rapid transition : True
Num of VLANs mapped : 2
Port times : Hello 2s MaxAge 20s FwdDelay 15s MsgAge 0s RemHops 20
BPDU sent : 240
TCN: 0, Config: 0, RST: 0, MST: 240
BPDU received : 1
TCN: 0, Config: 0, RST: 0, MST: 1
表7 互通性分析
|
H3C |
Cisco |
互通结论 |
|
Static(缺省) |
On(缺省) |
可以互通 |
|
Dynamic |
Active |
可以互通 |
如图10所示,H3C设备与Cisco设备通过各自的二层以太网接口相互连接。现要求在H3C设备和Cisco设备上分别配置静态链路聚合,实现增加链路带宽、提高链路可靠性的目的。
· 配置H3C设备
# 创建三层聚合接口1,并为该接口配置IP地址和子网掩码。
<H3C> system-view
[H3C] interface Route-aggregation 1
[H3C-Route-Aggregation1] ip address 16.1.105.33 24
[H3C-Route-Aggregation1] quit
# 将三层以太网接口GigabitEthernet1/0/1加入三层聚合组1中。
[H3C] interface gigabitethernet 1/0/1
[H3C-GigabitEthernet1/0/1] port link-aggregation group 1
[H3C-GigabitEthernet1/0/1] quit
# 将三层以太网接口GigabitEthernet1/0/2加入三层聚合组1中。
[H3C] interface GigabitEthernet 1/0/2
[H3C-GigabitEthernet1/0/2] port link-aggregation group 1
[H3C-GigabitEthernet1/0/2] quit
· 配置Cisco设备
# 如下配置以Cisco Nexus9000 C9236C为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(6)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 07:05:18]
Hardware
cisco Nexus9000 C9236C chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 16400984 kB of memory.
Processor Board ID FDO20511FC7
Device name: switch
bootflash: 53298520 kB
Kernel uptime is 17 day(s), 20 hour(s), 9 minute(s), 30 second(s)
Last reset
Reason: Unknown
System version: 7.0(3)I4(6)
Service:
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 配置聚合口的IP地址。
Cisco# configure terminal
Cisco(config)# interface channel-group 1
Cisco(config-if)# ip address 16.1.105.34 255.255.255.0
Cisco(config-if)# exit
# 设置接口Ethernet1/3的聚合模式为手动方式。
Cisco(config)# interface Ethernet 1/3
Cisco(config-if)# channel-group 1 mode on
Cisco(config-if)# exit
# 设置接口Ethernet1/5的聚合模式为手动方式。
Cisco(config-if)# interface Ethernet 1/5
Cisco(config-if)# channel-group 1 mode on
Cisco(config-if)# end
# 在H3C设备上验证聚合组的详细信息。
[H3C] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Management VLANs: None
Port Status Priority Oper-Key
GE1/0/1(R) S 32768 1
GE1/0/2 S 32768 1
# 在H3C设备上能Ping通对端设备。
[H3C ] ping 16.1.105.34
Ping 16.1.105.34 (16.1.105.34): 56 data bytes, press CTRL_C to break
56 bytes from 16.1.105.34: icmp_seq=0 ttl=255 time=2.537 ms
56 bytes from 16.1.105.34: icmp_seq=1 ttl=255 time=2.000 ms
56 bytes from 16.1.105.34: icmp_seq=2 ttl=255 time=1.935 ms
56 bytes from 16.1.105.34: icmp_seq=3 ttl=255 time=2.044 ms
56 bytes from 16.1.105.34: icmp_seq=4 ttl=255 time=2.143 ms
--- Ping statistics for 16.1.105.34 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.935/2.132/2.537/0.214 ms
如图11所示,H3C设备与Cisco设备通过各自的二层以太网接口相互连接。现要求在H3C设备和Cisco设备上分别配置动态链路聚合,实现增加链路带宽、提高链路可靠性的目的。
· 配置H3C设备
# 创建三层聚合接口1,并为该接口配置IP地址和子网掩码。
<H3C> system-view
[H3C] interface Route-aggregation 1
[H3C-Route-Aggregation1] ip address 16.1.105.33 24
# 配置三层聚合接口1对应的聚合组工作在动态聚合模式下。
[H3C-Route-Aggregation1] link-aggregation mode dynamic
[H3C-Route-Aggregation1] quit
# 将三层以太网接口GigabitEthernet1/0/1加入三层聚合组1中。
[H3C] interface gigabitethernet 1/0/1
[H3C-GigabitEthernet1/0/1] port link-aggregation group 1
[H3C-GigabitEthernet1/0/1] quit
# 将三层以太网接口GigabitEthernet1/0/2加入三层聚合组1中。
[H3C] interface gigabitethernet 1/0/2
[H3C-GigabitEthernet1/0/2] port link-aggregation group 1
[H3C-GigabitEthernet1/0/2] quit
· 配置Cisco设备
# 如下配置以Cisco Nexus9000 C9236C为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(6)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 07:05:18]
Hardware
cisco Nexus9000 C9236C chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 16400984 kB of memory.
Processor Board ID FDO20511FC7
Device name: switch
bootflash: 53298520 kB
Kernel uptime is 17 day(s), 20 hour(s), 9 minute(s), 30 second(s)
Last reset
Reason: Unknown
System version: 7.0(3)I4(6)
Service:
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 启动LACP。
Cisco# configure terminal
Cisco(config)# feature lacp
# 设置聚合接口的IP地址。
Cisco(config)# interface channel-group 1
Cisco(config-if)# ip address 16.1.105.34 255.255.255.0
Cisco(config-if)# exit
# 将Ethernet1/3接口设置为LACP的active模式。
Cisco(config)# interface Ethernet 1/3
Cisco(config-if)# channel-group 1 mode active
Cisco(config-if)# exit
# 将Ethernet1/5接口设置为LACP的active模式。
Cisco(config-if)# interface Ethernet 1/5
Cisco(config-if)# channel-group 1 mode active
Cisco(config-if)# end
# 在H3C设备上验证聚合组的详细信息。
[H3C] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 1cab-3496-09f6
Local:
Port Status Priority Index Oper-Key Flag
GE1/0/1(R) S 32768 1 1 {ACDEF}
GE1/0/2 S 32768 2 1 {ACDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
GE1/0/1 32768 265 32768 0x8000, 2c33-113a-eaef {ACDEF}
GE1/0/2 32768 273 32768 0x8000, 2c33-113a-eaef {ACDEF}
# 在H3C设备上能Ping通对端设备。
[H3C] ping 16.1.105.34
Ping 16.1.105.34 (16.1.105.34): 56 data bytes, press CTRL_C to break
Request time out
56 bytes from 16.1.105.34: icmp_seq=1 ttl=255 time=2.331 ms
56 bytes from 16.1.105.34: icmp_seq=2 ttl=255 time=2.063 ms
56 bytes from 16.1.105.34: icmp_seq=3 ttl=255 time=2.202 ms
56 bytes from 16.1.105.34: icmp_seq=4 ttl=255 time=2.219 ms
--- Ping statistics for 16.1.105.34 ---
5 packet(s) transmitted, 4 packet(s) received, 20.0% packet loss
round-trip min/avg/max/std-dev = 2.063/2.204/2.331/0.095 ms
表8 互通性分析
|
H3C |
华为 |
互通结论 |
|
Static(缺省) |
Normal |
可以互通 |
|
Dynamic |
Lacp-Static/lacp-Dynamic |
可以互通 |
如图12所示,H3C设备与华为设备通过各自的二层以太网接口相互连接。现要求在H3C设备和华为设备上分别配置静态链路聚合,实现增加链路带宽、提高链路可靠性的目的。
· 配置H3C设备
# 创建三层聚合接口1,并为该接口配置IP地址和子网掩码。
<H3C> system-view
[H3C] interface Route-aggregation 1
[H3C-Route-Aggregation1] ip address 100.0.0.1 24
[H3C-Route-Aggregation1] quit
# 将三层以太网接口HundredGigE1/0/1加入三层聚合组1中。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] port link-aggregation group 1
[H3C-HundredGigE1/0/1] quit
# 将三层以太网接口HundredGigE1/0/2加入三层聚合组1中。
[H3C] interface HundredGigE 1/0/2
[H3C-HundredGigE1/0/2] port link-aggregation group 1
[H3C-HundredGigE1/0/2] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 配置Eth-Trunk接口1的IP地址。
<HUAWEI>system-view immediately
Enter system view, return user view with return command.
[HUAWEI] interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1]undo portswitch
[HUAWEI-Eth-Trunk1]ip address 100.0.0.2 24
[HUAWEI-Eth-Trunk1]quit
# 将接口100GE1/0/1加入ID为1的Eth-Trunk接口。
[HUAWEI] interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]eth-trunk 1
[HUAWEI-100GE1/0/1]quit
# 将接口100GE1/0/2加入ID为1的Eth-Trunk接口。
[HUAWEI] interface 100GE 1/0/2
[HUAWEI-100GE1/0/2]eth-trunk 1
[HUAWEI-100GE1/0/2]quit
# 在H3C设备上验证聚合组的详细信息。
[H3C] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
HGE1/0/1 S 32768 1
HGE1/0/2(R) S 32768 1
# 在H3C设备上能Ping通对端设备。
[H3C] ping 100.0.0.2
Ping 100.0.0.2 (100.0.0.2): 56 data bytes, press CTRL+C to break
56 bytes from 100.0.0.2: icmp_seq=0 ttl=254 time=0.927 ms
56 bytes from 100.0.0.2: icmp_seq=1 ttl=254 time=0.614 ms
56 bytes from 100.0.0.2: icmp_seq=2 ttl=254 time=0.603 ms
56 bytes from 100.0.0.2: icmp_seq=3 ttl=254 time=1.021 ms
56 bytes from 100.0.0.2: icmp_seq=4 ttl=254 time=0.631 ms
--- Ping statistics for 100.0.0.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.603/0.759/1.021/0.178 ms
[H3C] %Oct 19 17:29:07:624 2021 H3C PING/6/PING_STATISTICS: Ping statistics for 100.0.0.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 0.603/0.759/1.021/0.178 ms.
如图13所示,H3C设备与华为设备通过各自的二层以太网接口相互连接。现要求在H3C设备和华为设备上分别配置动态链路聚合,实现增加链路带宽、提高链路可靠性的目的。
· 配置H3C设备
# 创建三层聚合接口1,并为该接口配置IP地址和子网掩码。
<H3C> system-view
[H3C] interface Route-Aggregation 1
[H3C-Route-Aggregation1] ip address 100.0.0.1 24
# 配置三层聚合接口1对应的聚合组工作在动态聚合模式下。
[H3C-Route-Aggregation1] link-aggregation mode dynamic
[H3C-Route-Aggregation1] quit
# 将三层以太网接口GigabitEthernet1/0/1加入三层聚合组1中。
[H3C]interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] port link-aggregation group 1
[H3C-HundredGigE1/0/1] quit
# 将三层以太网接口GigabitEthernet1/0/2加入三层聚合组1中。
[H3C]interface HundredGigE 1/0/2
[H3C-HundredGigE1/0/2] port link-aggregation group 1
[H3C-HundredGigE1/0/2] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 指定Eth-Trunk接口1的工作模式为动态LACP模式。
<HUAWEI>system-view immediately
Enter system view, return user view with return command.
[HUAWEI]interface Eth-Trunk 1
[HUAWEI-Eth-Trunk1]mode lacp-dynamic
[HUAWEI-Eth-Trunk1]quit
# 将接口100GE1/0/1加入ID为1的Eth-Trunk接口。
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]eth-trunk 1
[HUAWEI-100GE1/0/1]quit
# 将接口100GE1/0/2加入ID为1的Eth-Trunk接口。
[HUAWEI]interface 100GE 1/0/2
[HUAWEI-100GE1/0/2]eth-trunk 1
[HUAWEI-100GE1/0/2]quit
# 在H3C设备上验证聚合组的详细信息。
[H3C] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
System ID: 0x8000, 743a-2021-ae00
Local:
Port Status Priority Index Oper-Key Flag
HGE1/0/1(R) S 32768 1 1 {ACDEF}
HGE1/0/2 S 32768 2 1 {ACDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
HGE1/0/1 32768 1 337 0x8000, a4be-2b3a-50d1 {ACDEF}
HGE1/0/2 32768 2 337 0x8000, a4be-2b3a-50d1 {ACDEF}
# 在H3C设备上能Ping通对端设备。
[H3C] ping 100.0.0.2
Ping 100.0.0.2 (100.0.0.2): 56 data bytes, press CTRL+C to break
56 bytes from 100.0.0.2: icmp_seq=0 ttl=254 time=1.094 ms
56 bytes from 100.0.0.2: icmp_seq=1 ttl=254 time=0.753 ms
56 bytes from 100.0.0.2: icmp_seq=2 ttl=254 time=0.666 ms
56 bytes from 100.0.0.2: icmp_seq=3 ttl=254 time=0.686 ms
56 bytes from 100.0.0.2: icmp_seq=4 ttl=254 time=0.566 ms
--- Ping statistics for 100.0.0.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 0.566/0.753/1.094/0.181 ms
round-trip min/avg/max/std-dev = 2.063/2.204/2.331/0.095 ms
表9 互通性分析
|
H3C |
锐捷 |
互通结论 |
|
Static(缺省) |
On(缺省) |
可以互通 |
|
Dynamic |
active |
可以互通 |
如图14所示,H3C设备与锐捷设备通过各自的二层以太网接口相互连接。现要求在H3C设备和锐捷设备上分别配置静态链路聚合,实现增加链路带宽、提高链路可靠性的目的
· 配置H3C设备
# 创建三层聚合接口1,并为该接口配置IP地址和子网掩码。
<H3C> system-view
[H3C] interface Route-Aggregation 1
[H3C-Route-Aggregation1] ip address 100.0.0.1 24
[H3C-Route-Aggregation1] quit
# 将三层以太网接口HundredGigE1/0/3加入三层聚合组1中。
[H3C] interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] port link-aggregation group 1
[H3C-HundredGigE1/0/3] quit
# 将三层以太网接口HundredGigE1/0/4加入三层聚合组1中。
[H3C]interface HundredGigE 1/0/4
[H3C-HundredGigE1/0/4] port link-aggregation group 1
[H3C-HundredGigE1/0/4] quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 进入Aggregateport1的配置模式。
Ruijie>enable
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#interface aggregatePort 1
# 将接口设置为3层模式。
Ruijie(config-if-AggregatePort 1)#no switchport
# 配置接口的IP地址。
Ruijie(config-if-AggregatePort 1)#ip address 100.0.0.2 24
Ruijie(config-if-AggregatePort 1)#exit
# 将接口0/49设置为3层模式,并配置成静态AP1成员。
Ruijie(config)# interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#port-group 1
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 将接口0/50设置为3层模式,并配置成静态AP1成员。
Ruijie(config)# interface hundredGigabitEthernet 0/50
Ruijie(config-if-HundredGigabitEthernet 0/50)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/50)#port-group 1
Ruijie(config-if-HundredGigabitEthernet 0/50)#exit
# 在H3C设备上验证聚合组的详细信息。
[H3C] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Role: P -- Primary, S -- Secondary
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Management VLANs: None
Port Status Priority Oper-Key Role
HGE1/0/3(R) S 32768 1 None
HGE1/0/4 S 32768 1 None
# 在H3C设备上能Ping通对端设备。
[H3C] ping 100.0.0.2
Ping 100.0.0.2 (100.0.0.2): 56 data bytes, press CTRL_C to break
56 bytes from 100.0.0.2: icmp_seq=0 ttl=64 time=23.359 ms
56 bytes from 100.0.0.2: icmp_seq=1 ttl=64 time=1.215 ms
56 bytes from 100.0.0.2: icmp_seq=2 ttl=64 time=1.395 ms
56 bytes from 100.0.0.2: icmp_seq=3 ttl=64 time=1.237 ms
56 bytes from 100.0.0.2: icmp_seq=4 ttl=64 time=1.223 ms
--- Ping statistics for 100.0.0.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.215/5.686/23.359/8.837 ms
如图15所示,H3C设备与锐捷设备通过各自的二层以太网接口相互连接。现要求在H3C设备和锐捷设备上分别配置动态链路聚合,实现增加链路带宽、提高链路可靠性的目的。
· 配置H3C设备
# 创建三层聚合接口1,并为该接口配置IP地址和子网掩码。
<H3C>system-view
[H3C] interface Route-Aggregation 1
[H3C-Route-Aggregation1] ip address 100.0.0.1 24
# 配置三层聚合接口1对应的聚合组工作在动态聚合模式下。
[H3C-Route-Aggregation1] link-aggregation mode dynamic
[H3C-Route-Aggregation1] quit
# 将三层以太网接口HundredGigE1/0/3加入三层聚合组1中。
[H3C]interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] port link-aggregation group 1
[H3C-HundredGigE1/0/3] quit
# 将三层以太网接口HundredGigE1/0/4加入三层聚合组1中。
[H3C]interface HundredGigE 1/0/4
[H3C-HundredGigE1/0/4]port link-aggregation group 1
[H3C-HundredGigE1/0/4]quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 进入Aggregateport 1的配置模式。
Ruijie>enable
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#interface aggregatePort 1
# 将接口设置为三层模式。
Ruijie(config-if-AggregatePort 1)#no switchport
# 配置接口的IP地址。
Ruijie(config-if-AggregatePort 1)#ip address 100.0.0.2 24
Ruijie(config-if-AggregatePort 1)#exit
# 将接口0/49设置为3层模式,并配置成LACP AP1成员,且聚合模式为主动模式。
Ruijie(config)# interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#port-group 1 mode active
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 将接口0/50设置为3层模式,并配置成LACP AP1成员,且聚合模式为主动模式。
Ruijie(config)# interface hundredGigabitEthernet 0/50
Ruijie(config-if-HundredGigabitEthernet 0/50)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/50)#port-group 1 mode active
Ruijie(config-if-HundredGigabitEthernet 0/50)#exit
Ruijie(config)#
# 在H3C设备上验证聚合组的详细信息。
[H3C] display link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Role: P -- Primary, S -- Secondary
Aggregate Interface: Route-Aggregation1
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 0000-fc00-0242
Local:
Port Status Priority Index Oper-Key Flag
HGE1/0/3(R) S 32768 1 1 {ACDEF}
HGE1/0/4 S 32768 2 1 {ACDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
HGE1/0/3 32768 49 1 0x8000, c0b8-e672-cd08 {ACDEF}
HGE1/0/4 32768 50 1 0x8000, c0b8-e672-cd08 {ACDEF}
# 在H3C设备上能Ping通对端设备。
[H3C] ping 100.0.0.2
Ping 100.0.0.2 (100.0.0.2): 56 data bytes, press CTRL_C to break
56 bytes from 100.0.0.2: icmp_seq=0 ttl=64 time=1.596 ms
56 bytes from 100.0.0.2: icmp_seq=1 ttl=64 time=1.342 ms
56 bytes from 100.0.0.2: icmp_seq=2 ttl=64 time=1.376 ms
56 bytes from 100.0.0.2: icmp_seq=3 ttl=64 time=1.354 ms
56 bytes from 100.0.0.2: icmp_seq=4 ttl=64 time=1.299 ms
--- Ping statistics for 100.0.0.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.299/1.393/1.596/0.104 ms
表10 ISIS互通性分析
|
H3C |
Cisco |
互通结论 |
|
增加配置isis small-hello命令 |
增加配置no isis hello-padding always命令 |
由于H3C和Cisco的MTU不同(H3C为1500,Cisco为9000),因此需要增加特定配置后,设备间ISIS邻居才可以建立 |
如图16所示,H3C设备与Cisco设备通过各自的三层以太网接口相互连接,现要求实现H3C设备与Cisco设备对接建立ISIS邻居。
图16 ISIS对接配置组网
· 配置H3C设备
# 在IS-IS进程1中使能NSR功能。
<H3C> system-view
[H3C] isis 1
[H3C-isis-1] non-stop-routing
# 配置路由器的Level级别为Level-2。
[H3C-isis-1] is-level level-2
# 配置IS-IS进程1的带宽参考值为10000Mbps。
[H3C-isis-1] bandwidth-reference 100000
# 配置路由器只可以接收和发送采用wide方式表示到达目的地路径开销的报文。
[H3C-isis-1] cost-style wide
# 配置IS-IS路由计算的最大时间间隔为1秒,最小时间间隔为50毫秒,惩罚增量为50毫秒。
[H3C-isis-1] timer spf 1 50 50
# 为本地IS配置主机名称。
[H3C-isis-1] is-name 12516
# 指定NET为48.0001.1001.7220.0160.00。
[H3C-isis-1] network-entity 48.0001.1001.7220.0160.00
[H3C-isis-1] quit
# 配置接口GigabitEthernet1/0/1.501的IP地址。
[H3C] interface gigabitethernet 1/0/1.501
[H3C-GigabitEthernet1/0/1.501] ip address 172.16.16.46 255.255.255.252
# 在接口GigabitEthernet1/0/1.501上使能IS-IS功能。
[H3C-GigabitEthernet1/0/1.501] isis enable 1
# 配置接口GigabitEthernet1/0/1.501的网络类型为P2P。
[H3C-GigabitEthernet1/0/1.501] isis circuit-type p2p
# 指定接口GigabitEthernet1/0/1.501发送小型Hello报文。
[H3C-GigabitEthernet1/0/1.501] isis small-hello
[H3C-GigabitEthernet1/0/1.501] quit
# 配置接口GigabitEthernet1/0/1.502的IP地址。
[H3C] interface gigabitethernet 1/0/1.502
[H3C-GigabitEthernet1/0/1.502] ip address 172.16.16.50 255.255.255.252
# 在接口GigabitEthernet1/0/1.502上使能IS-IS功能。
[H3C-GigabitEthernet1/0/1.502] isis enable 1
# 配置接口GigabitEthernet1/0/1.502的网络类型为P2P。
[H3C-GigabitEthernet1/0/1.502] isis circuit-type p2p
# 指定接口GigabitEthernet1/0/1.502发送小型Hello报文。
[H3C-GigabitEthernet1/0/1.502] isis small-hello
· 配置Cisco设备
# 如下配置以Cisco Nexus9000 C9236C为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(6)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 07:05:18]
Hardware
cisco Nexus9000 C9236C chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 16400984 kB of memory.
Processor Board ID FDO20511FC7
Device name: switch
bootflash: 53298520 kB
Kernel uptime is 17 day(s), 20 hour(s), 9 minute(s), 30 second(s)
Last reset
Reason: Unknown
System version: 7.0(3)I4(6)
Service:
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 配置ISIS。
Cisco# configure terminal
Cisco(config)# router isis 1
Cisco(config-router)# net 48.0001.0000.0000.0001.00
Cisco(config-router)# is-type level-1-2
Cisco(config-router)# address-family ipv4 unicast
Cisco(config-router-af)# default-information originate
Cisco(config-router)# exit
# 配置接口Ethernet1/7.501的dot1q封装及IP地址。
Cisco(config-)# interface Ethernet1/7.501
Cisco(config-if)# encapsulation dot1q 501
Cisco(config-if)# ip address 172.16.16.45/30
#在接口下配置ISIS。
Cisco(config- if)# no isis hello-padding always
Cisco(config- if)# isis network point-to-point
Cisco(config- if)# isis circuit-type level-1-2
Cisco(config- if)# ip router isis 1
Cisco(config- if)# no shutdown
Cisco(config- if)# exit
# 配置接口Ethernet1/7.502的dot1q封装及IP地址。
Cisco(config)# interface Ethernet1/7.502
Cisco(config- if)# encapsulation dot1q 502
Cisco(config- if)# ip address 172.16.16.49/30
#在接口下配置ISIS。
Cisco(config- if)# no isis hello-padding always
Cisco(config- if)# isis network point-to-point
Cisco(config- if)# isis circuit-type level-1-2
Cisco(config- if)# ip router isis 1
Cisco(config- if)# no shutdown
Cisco(config- if)# exit
#在接口下配置ISIS及IP地址。
Cisco(config)# interface Ethernet1/7
Cisco(config- if)# ip address 116.1.1.1/30
Cisco(config- if)# ip router isis 1
Cisco(config- if)# exit
# 在H3C设备上验证IS-IS的邻居信息。
[H3C] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: Cisco
Interface: GE1/0/1.501 Circuit Id: 001
State: Up HoldTime: 27s Type: L2 PRI: --
System ID: Cisco
Interface: GE1/0/1.502 Circuit Id: 001
State: Up HoldTime: 29s Type: L2 PRI: --
# 在H3C设备上验证所有ISIS路由信息。
[H3C] display ip routing-table protocol isis
Summary count : 4
ISIS Routing table status : <Active>
Summary count : 2
Destination/Mask Proto Pre Cost NextHop Interface
116.1.1.0/30 IS_L2 15 11 172.16.16.45 GE1/0/1.501
172.16.16.49 GE1/0/1.502
ISIS Routing table status : <Inactive>
Summary count : 2
Destination/Mask Proto Pre Cost NextHop Interface
172.16.16.44/30 IS_L2 15 10 0.0.0.0 GE1/0/1.501
172.16.16.48/30 IS_L2 15 10 0.0.0.0 GE1/0/1.502
表11 ISIS互通性分析
|
H3C |
华为 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图17所示,H3C设备与华为设备通过各自的三层以太网接口相互连接,现要求实现H3C设备与华为设备对接建立ISIS邻居。
图17 ISIS对接配置组网
· 配置H3C设备
# 配置路由器的Level级别为Level-2。
<H3C> system-view
[H3C] isis 1
[H3C-isis-1] is-level level-2
# 配置路由器只可以接收和发送采用wide方式表示到达目的地路径开销的报文。
[H3C-isis-1] cost-style wide
# 指定NET为48.0001.1001.7220.0160.00。
[H3C-isis-1] network-entity 48.0001.1001.7220.0160.00
[H3C-isis-1] quit
# 配置接口HundredGigE1/0/1的IP地址。
[H3C]interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] ip address 100.0.0.1 24
# 在指定接口上使能IS-IS功能,并配置与该接口关联的IS-IS进程。
[H3C-HundredGigE1/0/1] isis enable 1
# 配置接口的网络类型为P2P。
[H3C-HundredGigE1/0/1] isis circuit-type p2p
[H3C-HundredGigE1/0/1] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 使能IS-IS协议,并进入IS-IS视图。
<HUAWEI>system-view immediately
Enter system view, return user view with return command.
[HUAWEI]isis 1
# 设置当前交换机工作在Level-2。
[HUAWEI-isis-1]is-level level-2
Info: IS-IS level changed. The process 1 will be reset.
# 配置IS-IS进程的网络实体名称NET为48.0001.1001.7220.0170.00。
[HUAWEI-isis-1]network-entity 48.0001.1001.7220.0170.00
# 指定IS-IS设备只能接收和发送开销类型为wide的路由。
[HUAWEI-isis-1]cost-style wide
Info: Cost style Changed. IS-IS process 1 will be reset.
[HUAWEI-isis-1]quit
# 设置接口1/0/1的IP地址。
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]ip address 100.0.0.2 24
# 创建IS-IS路由进程1,并在接口100GE1/0/1上激活这个路由进程。
[HUAWEI-100GE1/0/1]isis enable 1
将IS-IS广播网接口的网络类型模拟为P2P类型。
[HUAWEI-100GE1/0/1]isis circuit-type p2p
[HUAWEI-100GE1/0/1]quit
# 在H3C设备上验证IS-IS的邻居信息。
[H3C] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 1001.7220.0170
Interface: HGE1/0/1 Circuit Id: 061
State: Up HoldTime: 25s Type: L2 PRI: --
# 在H3C设备上验证所有ISIS路由信息。
[H3C] display ip routing-table protocol isis
Summary count : 2
ISIS Routing table status : <Active>
Summary count : 0
ISIS Routing table status : <Inactive>
Summary count : 1
Destination/Mask Proto Pre Cost NextHop Interface
100.0.0.0/24 IS_L2 15 10 0.0.0.0 HGE1/0/1
表12 ISIS互通性分析
|
H3C |
锐捷 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图18所示,H3C设备与锐捷设备通过各自的三层以太网接口相互连接,现要求实现H3C设备与锐捷设备对接建立ISIS邻居。
图18 ISIS对接配置组网
· 配置H3C设备
# 启动IS-IS,并进入IS-IS视图。
<H3C> system-view
[H3C] isis 1
# 配置路由器的Level级别为Level-2。
[H3C-isis-1] is-level level-2
# 配置路由器只可以接收和发送采用wide方式表示到达目的地路径开销的报文。
[H3C-isis-1] cost-style wide
# 指定NET为48.0001.1001.7220.0160.00。
[H3C-isis-1] network-entity 48.0001.1001.7220.0160.00
[H3C-isis-1] quit
# 配置接口HundredGigE1/0/3的IP地址。
[H3C] interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] ip address 100.0.0.1 24
# 在接口HundredGigE1/0/3上使能IS-IS功能。
[H3C-HundredGigE1/0/3] isis enable 1
# 配置接口HundredGigE1/0/3的网络类型为P2P。
[H3C-HundredGigE1/0/3] isis circuit-type p2p
[H3C-HundredGigE1/0/3] quit
# 配置接口HundredGigE1/0/4的IP地址。
[H3C] interface HundredGigE 1/0/4
[H3C-HundredGigE1/0/4] ip address 200.0.0.1 24
# 在接口HundredGigE1/0/4上使能IS-IS功能。
[H3C-HundredGigE1/0/4] isis enable 1
# 配置接口HundredGigE1/0/4的网络类型为P2P。
[H3C-HundredGigE1/0/4] isis circuit-type p2p
[H3C-HundredGigE1/0/4] quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 创建IS-IS实例。
Ruijie>enable
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#route isis 1
# 设置IS-IS的NET地址。
Ruijie(config-router)#net 48.0001.1001.7220.0170.00
# 指定IS-IS所运行的Level。
Ruijie(config-router)#is-type level-1-2
Ruijie(config-router)#exit
# 将接口设置为3层模式,并配置IP地址。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#no shutdown
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip address 100.0.0.2 24
# 在接口上设置该接口支持IPv4 IS-IS路由。
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip router isis 1
# 将Broadcast类型的接口设置为Point-to-Point类型。
Ruijie(config-if-HundredGigabitEthernet 0/49)#isis network point-to-point
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 将接口设置为3层模式,并配置IP地址。
Ruijie(config)#interface hundredGigabitEthernet 0/50
Ruijie(config-if-HundredGigabitEthernet 0/50)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/50)#no shutdown
Ruijie(config-if-HundredGigabitEthernet 0/50)#ip address 200.0.0.2 24
# 在接口上设置该接口支持IPv4 IS-IS路由。
Ruijie(config-if-HundredGigabitEthernet 0/50)#ip router isis 1
# 将Broadcast类型的接口设置为Point-to-Point类型。
Ruijie(config-if-HundredGigabitEthernet 0/50)#isis network point-to-point
Ruijie(config-if-HundredGigabitEthernet 0/50)#exit
# 在H3C设备上验证IS-IS的邻居信息。
<H3C> display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 1001.7220.0170
Interface: HGE0/0/3 Circuit Id: 001
State: Up HoldTime: 29s Type: L2 PRI: --
System ID: 1001.7220.0170
Interface: HGE1/0/4 Circuit Id: 002
State: Up HoldTime: 26s Type: L2 PRI: --
# 在H3C设备上验证所有ISIS路由信息。
<H3C> display ip routing-table protocol isis
Summary count : 2
ISIS Routing table status : <Active>
Summary count : 0
ISIS Routing table status : <Inactive>
Summary count : 2
Destination/Mask Proto Pre Cost NextHop Interface
100.0.0.0/24 IS_L2 15 10 0.0.0.0 HGE1/0/3
200.0.0.0/24 IS_L2 15 10 0.0.0.0 HGE1/0/4
表13 NTP互通性分析
|
H3C |
Cisco |
互通结论 |
|
作为NTP Server |
作为NTP单播Client |
可以时间同步 |
|
作为NTP单播Client |
作为NTP Server |
可以时间同步 |
如图19所示,H3C设备与Cisco设备通过各自的三层以太网接口相互连接,现要求H3C设备作为NTP客户端,Cisco设备作为NTP服务器,实现H3C设备与Cisco设备的时间同步。
图19 NTP对接配置组网图
· 配置H3C设备
# 配置接口GigabitEthernet1/0/1的IP地址。
<H3C> system-view
[H3C] interface gigabitethernet 1/0/1
[H3C-GigabitEthernet1/0/1] ip address 16.10.10.11 255.255.255.0
[H3C-GigabitEthernet1/0/1] quit
# 开启NTP服务。
[H3C] ntp-service enable
# 配置通过NTP协议获取时间。
[H3C] clock protocol ntp
# 配置设备的NTP服务器为16.10.10.10。
[H3C] ntp-service unicast-server 16.10.10.10
· 配置Cisco设备
# 如下配置以Cisco Nexus9000 C9236C为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(6)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 07:05:18]
Hardware
cisco Nexus9000 C9236C chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 16400984 kB of memory.
Processor Board ID FDO20511FC7
Device name: switch
bootflash: 53298520 kB
Kernel uptime is 17 day(s), 20 hour(s), 9 minute(s), 30 second(s)
Last reset
Reason: Unknown
System version: 7.0(3)I4(6)
Service:
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 配置NTP。
Cisco# configure terminal
Cisco(config)# interface Ethernet 1/7
Cisco(config-if)# ip address 16.10.10.10/24
Cisco(config-if)# exit
Cisco(config)# feature ntp
Cisco(config)# ntp master
# 在H3C设备上验证系统当前日期和时间。
[H3C] display clock
06:07:42.650 UTC Tue 03/29/2011
# 在H3C设备上验证NTP服务的所有IPv4会话的简要信息。
[H3C] display ntp-service sessions
source reference stra reach poll now offset delay disper
********************************************************************************
[12345]16.10.10.10 127.127.1.0 9 255 64 22 -2.882 2.9144 2.7313
Notes: 1 source(master), 2 source(peer), 3 selected, 4 candidate, 5 configured.
Total sessions: 1
# 在Cisco设备上验证显示系统当前日期和时间。
Cisco(config)# show clock
06:06:51.294 UTC Tue Mar 29 2011
表14 NTP互通性分析
|
H3C |
华为 |
互通结论 |
|
作为NTP Server |
作为NTP 单播Client |
可以时间同步 |
|
作为NTP 单播Client |
作为NTP Server |
可以时间同步 |
如图20所示,H3C设备与华为设备通过各自的三层以太网接口相互连接,现要求H3C设备作为NTP客户端,华为设备作为NTP服务器,实现H3C设备与华为设备的时间同步。
图20 NTP对接配置组网图
· 配置H3C设备
# 配置接口HundredGigE 1/0/1的IP地址。
<H3C> system-view
[H3C]interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] ip address 100.0.0.1 24
[H3C-HundredGigE1/0/1] quit
# 开启NTP服务。
[H3C] ntp-service enable
# 配置通过NTP协议获取时间。
[H3C] clock protocol ntp
# 配置设备的NTP服务器为100.0.0.2。
[H3C] ntp-service unicast-server 100.0.0.2
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 设置接口的IP地址。
<HUAWEI>system-view immediately
Enter system view, return user view with return command.
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]ip address 100.0.0.2 24
[HUAWEI-100GE1/0/1]quit
# 开启IPv4和IPv6NTP功能。
[HUAWEI]undo ntp server disable
# 设置本地时钟作为NTP主时钟,为其它设备提供同步时间。
[HUAWEI]ntp-service refclock-master 2
# 在H3C设备上验证系统当前日期和时间。
[H3C] display clock
11:19:56 UTC Thu 03/31/2022
# 在华为设备上验证显示系统当前日期和时间。
[HUAWEI] display clock
2022-03-31 11:20:01
Thursday
Time Zone(DefaultZoneName) : UTC
表15 NTP互通性分析
|
H3C |
锐捷 |
互通结论 |
|
作为NTP Server |
作为NTP 单播Client |
可以时间同步 |
|
作为NTP 单播Client |
作为NTP Server |
可以时间同步 |
如图21所示,H3C设备与锐捷设备通过各自的三层以太网接口相互连接,现要求H3C设备作为NTP客户端,锐捷设备作为NTP服务器,实现H3C设备与锐捷设备的时间同步。
图21 NTP对接配置组网图
· 配置H3C设备
# 配置接口HundredGigE1/0/3的IP地址。
<H3C>system-view
[H3C]interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] ip address 100.0.0.1 24
[H3C-HundredGigE1/0/3] quit
# 开启NTP服务。
[H3C] ntp-service enable
# 配置通过NTP协议获取时间。
[H3C] clock protocol ntp
# 配置设备的NTP服务器为100.0.0.2。
[H3C] ntp-service unicast-server 100.0.0.2
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 将接口设置为3层模式,并配置IP地址。
Ruijie>enable
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#no shutdown
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip address 100.0.0.2 24
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 设置NTP主时钟功能。
Ruijie(config)#ntp master
# 在H3C设备上验证系统当前日期和时间。
[H3C] display clock
19:51:01 UTC Mon 04/11/2022
# 在锐捷设备上验证显示系统当前日期和时间。
Ruijie(config)#show clock
19:51:18 UTC Mon, Apr 11, 2022
LLDP(Link Layer Discovery Protocol,链路层发现协议)为链路发现标准协议,可以使不同厂商的设备能够在网络中相互发现并交互各自的系统及配置信息。在与其它厂商的设备异构对接时,两端设备均开启LLDP功能即可。如果思科使用私有协议CDP,则需要在H3C设备端开启LLDP兼容CDP功能。
表16 LLDP互通性分析
|
H3C |
Cisco |
互通结论 |
|
LLDP工作模式为TxRx |
LLDP工作模式为TxRx |
可以建立LLDP邻居 |
|
LLDP |
CDP |
在H3C设备上开启LLDP兼容CDP功能的情况下,可以互通 |
如图22所示,H3C设备与Cisco设备通过各自的二层以太网接口相互连接,现要求H3C设备与Cisco设备对接建立LLDP邻居,实现双方能够在网络中相互发现并交互各自的系统及配置信息。
图22 LLDP对接配置组网图
· 配置H3C设备
# 全局开启LLDP功能。
<H3C> system-view
[H3C] lldp global enable
# 在接口GigabitEthernet1/0/1上开启LLDP功能。
[H3C] interface gigabitethernet 1/0/1
[H3C-GigabitEthernet1/0/1] lldp enable
# 配置接口GigabitEthernet1/0/1上最近客户桥代理LLDP的工作模式为TxRx。
[H3C-GigabitEthernet1/0/1] lldp admin-status txrx
· 配置Cisco设备
# 如下配置以Cisco Nexus9000 C9236C为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2017, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 07.56
NXOS: version 7.0(3)I4(6)
BIOS compile time: 06/08/2016
NXOS image file is: bootflash:///nxos.7.0.3.I4.6.bin
NXOS compile time: 3/9/2017 22:00:00 [03/10/2017 07:05:18]
Hardware
cisco Nexus9000 C9236C chassis
Intel(R) Xeon(R) CPU @ 1.80GHz with 16400984 kB of memory.
Processor Board ID FDO20511FC7
Device name: switch
bootflash: 53298520 kB
Kernel uptime is 17 day(s), 20 hour(s), 9 minute(s), 30 second(s)
Last reset
Reason: Unknown
System version: 7.0(3)I4(6)
Service:
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 配置LLDP。
Cisco# configure terminal
Cisco(config)# interface Ethernet 1/7
Cisco(config-if)# lldp receive
Cisco(config-if)# lldp transmit
Cisco(config-if)# exit
# 在H3C设备上验证所有接口最近桥代理收到的由邻居设备发来的LLDP详细信息。
[H3C] display lldp neighbor-information
LLDP neighbor-information of port 371[GigabitEthernet1/0/1]:
LLDP agent nearest-bridge:
LLDP neighbor index : 1
ChassisID/subtype : 2c33-113a-eb08/MAC address
PortID/subtype : Ethernet1/7/Interface name
Capabilities : Bridge, Router
# 在H3C设备上验证按列表显示由邻居设备发来的LLDP信息。
[H3C] display lldp neighbor-information list
Chassis ID : * -- -- Nearest nontpmr bridge neighbor
# -- -- Nearest customer bridge neighbor
Default -- -- Nearest bridge neighbor
Local Interface Chassis ID Port ID System Name
GE1/0/1 2c33-113a-eb08 Ethernet1/7 Cisco
表17 LLDP互通性分析
|
H3C |
华为 |
互通结论 |
|
工作模式为TxRx |
工作模式为TxRx |
可以建立LLDP邻居 |
如图23所示,H3C设备与华为设备通过各自的二层以太网接口相互连接,现要求H3C设备与华为设备对接建立LLDP邻居,实现双方能够在网络中相互发现并交互各自的系统及配置信息。
图23 LLDP对接配置组网图
· 配置H3C设备
# 全局开启LLDP功能。
<H3C> system-view
[H3C] lldp global enable
# 在接口HundredGigE1/0/1上开启LLDP功能。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] lldp enable
# 配置接口HundredGigE1/0/1上最近客户桥代理LLDP的工作模式为TxRx。
[H3C-HundredGigE1/0/1] lldp admin-status txrx
[H3C-HundredGigE1/0/1] quit
# 在接口HundredGigE1/0/2上开启LLDP功能。
[H3C] interface HundredGigE 1/0/2
[H3C-HundredGigE1/0/2] lldp enable
# 配置接口HundredGigE1/0/2上最近客户桥代理LLDP的工作模式为TxRx。
[H3C-HundredGigE1/0/2] lldp admin-status txrx
[H3C-HundredGigE1/0/2] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI>display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 使能全局的LLDP功能。
<HUAWEI> system-view immediately
Enter system view, return user view with return command.
[HUAWEI]lldp enable
# 使能接口的LLDP功能。
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]undo lldp disable
# 指定LLDP工作在Tx和Rx模式。
[HUAWEI-100GE1/0/1]lldp admin-status txrx
[HUAWEI-100GE1/0/1]quit
# 使能接口的LLDP功能。
[HUAWEI]interface 100GE 1/0/2
[HUAWEI-100GE1/0/2]undo lldp disable
# 指定LLDP工作在Tx和Rx模式。
[HUAWEI-100GE1/0/2]lldp admin-status txrx
[HUAWEI-100GE1/0/2]quit
# 在H3C设备上验证所有接口最近桥代理收到的由邻居设备发来的LLDP详细信息。
[H3C] display lldp neighbor-information
LLDP neighbor-information of port 51[HundredGigE1/0/1]:
LLDP agent nearest-bridge:
LLDP neighbor index : 2
ChassisID/subtype : a4be-2b3a-50d1/MAC address
PortID/subtype : 100GE1/0/1/Interface name
Capabilities : Bridge, Router
LLDP neighbor-information of port 98[HundredGigE1/0/2]:
LLDP agent nearest-bridge:
LLDP neighbor index : 2
ChassisID/subtype : a4be-2b3a-50d1/MAC address
PortID/subtype : 100GE1/0/2/Interface name
Capabilities : Bridge, Router
# 在H3C设备上验证按列表显示由邻居设备发来的LLDP信息。
[H3C] display lldp neighbor-information list
Chassis ID : * -- -- Nearest nontpmr bridge neighbor
# -- -- Nearest customer bridge neighbor
Default -- -- Nearest bridge neighbor
Local Interface Chassis ID Port ID System Name
HGE1/0/1 a4be-2b3a-50d1 100GE1/0/1 HUAWEI
HGE1/0/2 a4be-2b3a-50d1 100GE1/0/2 HUAWEI
表18 LLDP互通性分析
|
H3C |
锐捷 |
互通结论 |
|
工作模式为TxRx |
工作模式为TxRx |
可以建立LLDP邻居 |
如图24所示,H3C设备与锐捷设备通过各自的二层以太网接口相互连接,现要求H3C设备与锐捷设备对接建立LLDP邻居,实现双方能够在网络中相互发现并交互各自的系统及配置信息。
图24 LLDP对接配置组网图
· 配置H3C设备
# 全局开启LLDP功能。
<H3C> system-view
[H3C] lldp global enable
# 在接口HundredGigE1/0/3上开启LLDP功能。
[H3C]interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] lldp enable
# 配置接口HundredGigE1/0/3上最近客户桥代理LLDP的工作模式为TxRx。
[H3C-HundredGigE1/0/3] lldp admin-status txrx
[H3C-HundredGigE1/0/3] quit
# 在接口HundredGigE1/0/4上开启LLDP功能。
[H3C]interface HundredGigE 1/0/4
[H3C-HundredGigE1/0/4] lldp enable
# 配置接口HundredGigE1/0/3上最近客户桥代理LLDP的工作模式为TxRx。
[H3C-HundredGigE1/0/4] lldp admin-status txrx
[H3C-HundredGigE1/0/4] quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQI为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 打开LLDP功能。
Ruijie>enable
Ruijie#configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
Ruijie(config)#lldp enable
# 打开接口的LLDP功能。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#lldp enable
# 配置LLDP的工作模式。
Ruijie(config-if-HundredGigabitEthernet 0/49)#lldp mode txrx
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 打开接口的LLDP功能。
Ruijie(config)#interface hundredGigabitEthernet 0/50
Ruijie(config-if-HundredGigabitEthernet 0/50)#lldp enable
# 配置LLDP的工作模式。
Ruijie(config-if-HundredGigabitEthernet 0/50)#lldp mode txrx
Ruijie(config-if-HundredGigabitEthernet 0/50)#exit
# 在H3C设备上验证所有接口最近桥代理收到的由邻居设备发来的LLDP详细信息。
[H3C] display lldp neighbor-information
LLDP neighbor-information of port 5[HundredGigE1/0/3]:
LLDP agent nearest-bridge:
LLDP neighbor index : 1
ChassisID/subtype : c0b8-e672-cd08/MAC address
PortID/subtype : HundredGigabitEthernet 0/49/Interface name
Capabilities : Repeater, Bridge, Router
LLDP neighbor-information of port 6[HundredGigE1/0/4]:
LLDP agent nearest-bridge:
LLDP neighbor index : 1
ChassisID/subtype : c0b8-e672-cd08/MAC address
PortID/subtype : HundredGigabitEthernet 0/50/Interface name
Capabilities : Repeater, Bridge, Router
# 在H3C设备上验证按列表显示由邻居设备发来的LLDP信息。
[H3C] display lldp neighbor-information list
Chassis ID : * -- -- Nearest nontpmr bridge neighbor
# -- -- Nearest customer bridge neighbor
Default -- -- Nearest bridge neighbor
Local Interface Chassis ID Port ID System Name
HGE1/0/3 c0b8-e672-cd08 HundredGigabitEthernet 0/49 Ruijie
HGE1/0/4 c0b8-e672-cd08 HundredGigabitEthernet 0/50 Ruijie
表19 PIM SM互通性分析
|
H3C |
Cisco |
互通结论 |
|
启动PIM SM协议 |
启动PIM SM协议 |
实现三层组播点播 |
如图25所示,H3C设备与Cisco设备通过各自的二层以太网接口相互连接。现要求在H3C设备与Cisco设备之间实现三层组播互通。
图25 PIM SM对接配置组网图
· 配置H3C设备
# 先使能公网中的IP组播路由,再进入公网的PIM视图。
<H3C> system-view
[H3C] multicast routing
[H3C-mrib] quit
[H3C] pim
# 将IP地址为16.1.10.4的设备配置为Global域的C-BSR。
[H3C-pim] c-bsr 16.1.10.4
# 指定C-RP的IP地址为16.1.10.4 。
[H3C-pim] c-rp 16.1.10.4
[H3C-pim] quit
# 创建VLAN 100。
[H3C] vlan 100
[H3C-Vlan100] quit
# 配置VLAN接口100的IP地址。
[H3C] interface vlan-interface 100
[H3C-Vlan-interface-100] ip address 16.1.10.4 255.255.255.0
# 使能PIM-SM。
[H3C-Vlan-interface-100] pim sm
[H3C-Vlan-interface-100] quit
# 配置端口GigabitEthernet1/0/1配置为Trunk端口,允许VLAN 100通过。
[H3C] interface gigabitethernet 1/0/1
[H3C-GigabitEthernet1/0/1] port link-type trunk
[H3C-GigabitEthernet1/0/1] port trunk permit vlan 100
[H3C-GigabitEthernet1/0/1] quit
· 配置Cisco设备
# 如下配置以Cisco Nexus9000 C93180YC-FX为例进行介绍,设备具体信息如下:
Cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2019, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 05.43
NXOS: version 9.3(3)
BIOS compile time: 11/22/2020
NXOS image file is: bootflash:///nxos.9.3.3.bin
NXOS compile time: 12/22/2019 2:00:00 [12/22/2019 14:00:37]
Hardware
cisco Nexus9000 C93180YC-FX Chassis
Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 32827212 kB of memory.
Processor Board ID FDO25250294
Device name: cisco-leaf2
bootflash: 115805708 kB
Kernel uptime is 167 day(s), 6 hour(s), 51 minute(s), 41 second(s)
Last reset at 744629 usecs after Thu Jan 13 02:02:26 2022
Reason: Module PowerCycled
System version:
Service: HW check by card-client
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 配置PIM。
Cisco# configure terminal
Cisco(config)# feature pim
Cisco(config)# ip pim auto-rp forward listen
Cisco(config)# ip pim bsr forward listen
# 配置接口的IP地址。
Cisco(config)# interface vlan 100
Cisco(config-if)# ip address 16.1.10.2 255.255.255.0
# 配置组播PIM Sparse模式。
Cisco(config-if)# ip pim sparse-mode
Cisco(config-if)# exit
# 设置Ethernet1/9为Trunk,且端口为vlan100的成员端口。
Cisco(config)# interface Ethernet 1/9
Cisco(config-if)# switchport
Cisco(config-if)# switchport mode trunk
Cisco(config-if)# switchport trunk allowed vlan 100
Cisco(config-if)# exit
# 在H3C设备上验证所有接口上的PIM信息。
[H3C] display pim interface
Interface NbrCnt HelloInt DR-Pri DR-Address
Vlan100 1 30 1 16.1.10.4 (local)
# 在H3C设备上验证所有PIM邻居。
[H3C] display pim neighbor
Total Number of Neighbors = 1
Neighbor Interface Uptime Expires DR-Priority Mode
16.1.10.2 Vlan100 00:12:15 00:01:26 1 B
# 在H3C设备上显示PIM-SM域中的BSR信息
[H3C] display pim bsr-info
Scope: non-scoped
State: Elected
Bootstrap timer: 00:00:27
Elected BSR address: 16.1.10.4
Priority: 64
Hash mask length: 30
Uptime: 00:00:53
Candidate BSR address: 16.1.10.4
Priority: 64
Hash mask length: 30
# 在H3C设备上所有组播组对应的RP信息
[H3C] display pim rp-info
BSR RP information:
Scope: non-scoped
Group/MaskLen: 224.0.0.0/4
RP address Priority HoldTime Uptime Expires
16.1.10.4 (local) 192 180 00:17:12 00:02:47
# 在思科设备上验证所有接口上的PIM信息
Cisco(config-if)# show ip pim interface
PIM Interface Status for VRF "default"
Vlan100, Interface status: protocol-up/link-up/admin-up
IP address: 16.1.10.2, IP subnet: 16.1.10.0/24
PIM DR: 16.1.10.4, DR's priority: 1
PIM neighbor count: 1
PIM hello interval: 30 secs, next hello sent in: 00:00:17
PIM neighbor holdtime: 105 secs
PIM configured DR priority: 1
PIM configured DR delay: 3 secs
PIM border interface: no
PIM GenID sent in Hellos: 0x21f2f9b7
PIM Hello MD5-AH Authentication: disabled
PIM Neighbor policy: none configured
PIM Join-Prune inbound policy: none configured
PIM Join-Prune outbound policy: none configured
PIM Join-Prune interval: 1 minutes
PIM Join-Prune next sending: 0 minutes
PIM BFD enabled: no
PIM passive interface: no
PIM VPC SVI: no
PIM Auto Enabled: no
PIM Interface Statistics, last reset: never
General (sent/received):
Hellos: 61/55 (early: 0), JPs: 0/0, Asserts: 0/0
Grafts: 0/0, Graft-Acks: 0/0
DF-Offers: 0/0, DF-Winners: 0/0, DF-Backoffs: 0/0, DF-Passes: 0/0
Errors:
Checksum errors: 0, Invalid packet types/DF subtypes: 0/0
Authentication failed: 0
Packet length errors: 0, Bad version packets: 0, Packets from self: 0
Packets from non-neighbors: 0
Packets received on passiveinterface: 0
JPs received on RPF-interface: 0
(*,G) Joins received with no/wrong RP: 0/0
(*,G)/(S,G) JPs received for SSM/Bidir groups: 0/0
JPs filtered by inbound policy: 0
JPs filtered by outbound policy: 0
# 在思科设备上验证所有PIM邻居。
Cisco(config-if)# show ip pim neighbor
PIM Neighbor Status for VRF "default"
Neighbor Interface Uptime Expires DR Bidir- BFD ECMP Redirect
Priority Capable State Capable
16.1.10.4 Vlan100 00:23:12 00:01:43 1 no n/a no
# 在思科设备上验证所有RP信息。
Cisco(config-if)# show ip pim rp
PIM RP Status Information for VRF "default"
BSR: 16.1.10.4, uptime: 00:05:41, expires: 00:01:49,
priority: 64, hash-length: 30
Auto-RP RPA: unknown
BSR RP Candidate policy: None
BSR RP policy: None
Auto-RP Announce policy: None
Auto-RP Discovery policy: None
RP: 16.1.10.4, (0),
uptime: 00:05:20 priority: 192,
RP-source: 16.1.10.4 (B),
group ranges:
224.0.0.0/4 , expires: 00:02:39 (B)
cisco-leaf2(config-if)#
# 在思科设备上验证所有route信息。
Cisco(config-if)# show ip pim route
PIM Routing Table for VRF "default" - 1 entries
(*, 232.0.0.0/8), expires 00:02:20
Incoming interface: Null, RPF nbr 0.0.0.0
Oif-list: (0) 00000000, Timeout-list: (0) 00000000
Immediate-list: (0) 00000000, Immediate-timeout-list: (0) 00000000
Sgr-prune-list: (0) 00000000 Timeout-interval: 2, JP-holdtime round-up: 3
表20 PIM SM互通性分析
|
H3C |
华为 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图26所示,H3C设备与华为设备通过各自的二层以太网接口相互连接。现要求在H3C设备与华为设备之间实现三层组播互通。
图26 PIM SM对接配置组网图
· 配置H3C设备
# 先使能公网中的IP组播路由,再进入公网的PIM视图。
<H3C> system-view
[H3C] multicast routing
[H3C-mrib] quit
[H3C] pim
# 将IP地址为100.0.0.1的设备配置为Global域的C-BSR。
[H3C-pim] c-bsr 100.0.0.1
# 指定C-RP的IP地址为100.0.0.1 。
[H3C-pim] c-rp 100.0.0.1
[H3C-pim] quit
# 创建VLAN 10。
[H3C] vlan 10
[H3C-vlan10] quit
# 配置端口HundredGigE1/0/1配置为Trunk端口,允许VLAN 10通过。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] port link-type trunk
[H3C-HundredGigE1/0/1] port trunk permit vlan 10
[H3C-HundredGigE1/0/1] quit
# 配置VLAN接口100的IP地址。
[H3C] interface Vlan-interface 10
[H3C-Vlan-interface10] undo shutdown
[H3C-Vlan-interface10] ip address 100.0.0.1 24
# 使能PIM-SM。
[H3C-Vlan-interface10] pim sm
[H3C-Vlan-interface10] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 使能组播功能。
<HUAWEI>system-view immediately
Enter system view, return user view with return command.
[HUAWEI]multicast routing-enable
# 创建一个ID为2的VLAN。
[HUAWEI]vlan 10
[HUAWEI-vlan10]quit
# 将接口100GE1/0/1的链路类型设置为Trunk,并允许通过的VLAN为10。
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]port link-type trunk
[HUAWEI-100GE1/0/1]port trunk allow-pass vlan 10
[HUAWEI-100GE1/0/1]quit
# 配置VLANIF接口的IP地址。
[HUAWEI]interface Vlanif 10
[HUAWEI-Vlanif10]ip address 100.0.0.2 24
在接口上使能PIM-SM。
[HUAWEI-Vlanif10]pim sm
[HUAWEI-Vlanif10]quit
# 在H3C设备上验证所有接口上的PIM信息。
[H3C] display pim interface
Interface NbrCnt HelloInt DR-Pri DR-Address
Vlan10 1 30 1 100.0.0.2
# 在H3C设备上验证所有PIM邻居。
[H3C] display pim neighbor
Total Number of Neighbors = 1
Neighbor Interface Uptime Expires DR-Priority Mode
100.0.0.2 Vlan10 00:02:29 00:01:16 1
# 在H3C设备上显示PIM-SM域中的BSR信息。
[H3C] display pim bsr-info
Scope: non-scoped
State: Elected
Bootstrap timer: 00:00:56
Elected BSR address: 100.0.0.1
Priority: 64
Hash mask length: 30
Uptime: 00:02:13
Candidate BSR address: 100.0.0.1
Priority: 64
Hash mask length: 30
# 在H3C设备上所有组播组对应的RP信息。
[H3C] display pim rp-info
BSR RP information:
Scope: non-scoped
Group/MaskLen: 224.0.0.0/4
RP address Priority HoldTime Uptime Expires
100.0.0.1 (local) 192 180 00:02:34 00:02:25
# 在HUAWEI设备上验证所有接口上的PIM信息。
[HUAWEI] display pim interface
VPN-Instance: public net
Interface State NbrCnt HelloInt DR-Pri DR-Address
Vlanif10 up 1 30 1 100.0.0.2 (local)
# HUAWEI设备上显示所有PIM邻居。
[HUAWEI] display pim neighbor
VPN-Instance: public net
Total: 1
Neighbor Interface Uptime Expires Dr-Priority BFD-Session
100.0.0.1 Vlanif10 00:32:53 00:01:30 1 N
# 在HUAWEI设备上显示PIM-SM域中的BSR信息。
[HUAWEI] display pim bsr-info
VPN-Instance: public net
Elected AdminScoped BSR Count: 0
Elected BSR Address: 100.0.0.1
Priority: 64
Hash mask length: 30
State: Accept Preferred
Scope: Not scoped
# 在HUAWEI设备上所有组播组对应的RP信息。
[HUAWEI] display pim rp-info
VPN-Instance: public net
PIM-SM BSR RP Number:1
Group/MaskLen: 224.0.0.0/4
RP: 100.0.0.1
Priority: 192
Uptime: 00:08:58
Expires: 00:02:48
BIDIR: N
Uptime: 00:09:16
Expires: 00:01:40
C-RP Count: 1
表21 PIM SM互通性分析
|
H3C |
锐捷 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图27所示,H3C设备与锐捷设备通过各自的二层以太网接口相互连接。现要求在H3C设备与锐捷设备之间实现三层组播互通。
图27 PIM SM对接配置组网图
· 配置H3C设备
# 先使能公网中的IP组播路由,再进入公网的PIM视图。
<H3C>system-view
[H3C] multicast routing
[H3C-mrib] quit
[H3C] pim
# 将IP地址为100.0.0.1的设备配置为Global域的C-BSR。
[H3C-pim] c-bsr 100.0.0.1
# 指定C-RP的IP地址为100.0.0.1。
[H3C-pim] c-rp 100.0.0.1
[H3C-pim] quit
# 创建VLAN10。
[H3C] vlan 10
[H3C-vlan10] quit
# 配置端口HundredGigE1/0/3配置为Trunk端口,允许VLAN10通过。
[H3C] interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] port link-type trunk
[H3C-HundredGigE1/0/3] port trunk permit vlan 10
[H3C-HundredGigE1/0/3] quit
# 配置VLAN接口10的IP地址。
[H3C] interface Vlan-interface 10
[H3C-Vlan-interface10] ip address 100.0.0.1 24
# 使能PIM-SM。
[H3C-Vlan-interface10] pim sm
[H3C-Vlan-interface10] quit
· 配置锐捷设备
# 如下配置以锐捷RG-S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 启动组播路由。
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#ip multicast-routing
# 创建VLAN10。
Ruijie(config)#vlan 10
Ruijie(config-vlan)#exit
# 将一个二层Trunk接口HundredGigabitEthernet0/49加入VLAN10。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport mode trunk
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport trunk allowed vlan only 10
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
#进入VLAN10的配置模式,配置IP地址。
Ruijie(config)#interface vlAN 10
Ruijie(config-if-VLAN 10)#ip address 100.0.0.2 24
# 在当前接口上启用PIM-SM。
Ruijie(config-if-VLAN 10)#ip pim sparse-mode
Ruijie(config-if-VLAN 10)#exit
# 在H3C设备上验证所有接口上的PIM信息。
[H3C] display pim interface
Interface NbrCnt HelloInt DR-Pri DR-Address
Vlan10 1 30 1 100.0.0.2
# 在H3C设备上验证所有PIM邻居。
[H3C] display pim neighbor
Total Number of Neighbors = 1
Neighbor Interface Uptime Expires DR-Priority Mode
100.0.0.2 Vlan10 00:03:25 00:01:20 1
# 在H3C设备上验证PIM-SM域中的BSR信息。
[H3C] display pim bsr-info
Scope: non-scoped
State: Elected
Bootstrap timer: 00:00:37
Elected BSR address: 100.0.0.1
Priority: 64
Hash mask length: 30
Uptime: 00:06:33
Candidate BSR address: 100.0.0.1
Priority: 64
Hash mask length: 30
#在显示H3C设备上所有组播组对应的RP信息。
[H3C] display pim rp-info
BSR RP information:
Scope: non-scoped
Group/MaskLen: 224.0.0.0/4
RP address Priority HoldTime Uptime Expires
100.0.0.1 (local) 192 180 02:59:48 00:02:12
# 在锐捷设备上验证所有接口上的PIM信息。
Ruijie#show ip pim sparse-mode interface
Address Interface VIFindex Ver/Mode Nbr-Count DR-Prior DR
100.0.0.2 VLAN 10 1 v2/S 1 1 100.0.0.2
# 在锐捷设备上查看所有的PIM邻居。
Ruijie#show ip pim sparse-mode neighbor
Neighbor Interface Uptime/Expires Ver DR
Address Priority/Mode
100.0.0.1 VLAN 10 02:55:09/00:01:20 v2 1 /
# 在锐捷设备上查看BSR信息。
Ruijie#show ip pim sparse-mode bsr-router
PIMv2 Bootstrap information
BSR address: 100.0.0.1
Uptime: 00:36:06, BSR Priority: 64, Hash mask length: 30
Expires: 00:01:24
Role: Non-candidate BSR Priority: 0, Hash mask length: 10
State: Accept Preferred
# 在锐捷设备上查看本机上所有的RP及其服务的组。
Ruijie#show ip pim sparse-mode rp mapping
PIM Group-to-RP Mappings
Group(s): 224.0.0.0/4
RP: 100.0.0.1(Not self)
Info source: 100.0.0.1, via bootstrap, priority 192
Uptime: 00:36:04, expires: 00:02:16
表22 BFD互通性分析
|
H3C |
思科 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图28示,H3C设备与思科设备通过二层交换机连接。现要求使用静态路由与BFD联动技术,实现H3C设备或思科设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告静态路由。
图28 采用静态路由联动BFD对接配置组网图
· 配置H3C设备
# 创建VLAN 10。
<H3C> system-view
[H3C] vlan 10
[H3C-vlan10] quit
# 配置端口HundredGigE1/0/1为Trunk口,并允许VLAN10通过。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] port link-type trunk
[H3C-HundredGigE1/0/1] port trunk permit vlan 10
[H3C-HundredGigE1/0/1] undo port trunk permit vlan 1
[H3C-HundredGigE1/0/1] quit
# 配置接口Vlan-interface10的IP地址为100.0.0.1。
[H3C] interface Vlan-interface 10
[H3C-Vlan-interface10] ip address 100.0.0.1 24
# 配置接口Vlan-interface10发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-Vlan-interface10] bfd min-transmit-interval 300
# 配置接口Vlan-interface10接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-Vlan-interface10] bfd min-receive-interval 300
# 配置接口Vlan-interface10的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-Vlan-interface10] bfd detect-multiplier 3
[H3C-Vlan-interface10] quit
# 配置接口LoopBack0的IP地址。
[H3C] interface LoopBack0
[H3C-LoopBack0] ip address 1.1.1.1 32
[H3C-LoopBack0] quit
# 配置静态路由,并使能BFD(Bidirectional Forwarding Detection,双向转发检测)功能,对静态路由下一跳的可达性进行快速检测,当下一跳不可达时可以快速切换到备份路由。
[H3C] ip route-static 2.2.2.2 32 Vlan-interface10 100.0.0.2 bfd control-packet
· 配置思科设备
# 如下配置以Cisco Nexus9000 C93180YC-FX为例进行介绍,设备具体信息如下:
cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2019, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 05.43
NXOS: version 9.3(3)
BIOS compile time: 11/22/2020
NXOS image file is: bootflash:///nxos.9.3.3.bin
NXOS compile time: 12/22/2019 2:00:00 [12/22/2019 14:00:37]
Hardware
cisco Nexus9000 C93180YC-FX Chassis
Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 32827212 kB of memory.
Processor Board ID FDO25250294
Device name: cisco-leaf2
bootflash: 115805708 kB
Kernel uptime is 167 day(s), 6 hour(s), 51 minute(s), 41 second(s)
Last reset at 744629 usecs after Thu Jan 13 02:02:26 2022
Reason: Module PowerCycled
System version:
Service: HW check by card-client
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 创建vlan10。
cisco# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
cisco(config-if)# vlan 10
cisco(config-vlan)# exit
# 将接口ETH1/54的链路类型设置为Trunk,并允许通过的VLAN为10。
cisco(config)# interface ethernet 1/54
cisco(config-if)# no shutdown
cisco(config-if)# switchport
cisco(config-if)# switch mode trunk
cisco(config-if)# switchport trunk allowed vlan 10
cisco(config-if)# exit
# 配置Vlan-interface10的IP地址,Vlan-interface10的BFD参数。
cisco(config)# interface vlan 10
cisco(config-if)# no shutdown
cisco(config-if)# ip address 100.0.0.2 255.255.255.0
cisco(config-if)# bfd interval 300 min_rx 300 multiplier 3
cisco(config-if)# exit
# 配置LoopBack接口的IP地址。
cisco(config)# interface loopback 0
cisco(config-if)# ip address 2.2.2.2 255.255.255.255
cisco(config-if)# exit
# 使能静态路由绑定动态BFD会话进行快速故障检测。
cisco(config)# ip route static bfd vlan 10 100.0.0.1
# 在H3C设备上验证BFD会话概要信息。
[H3C] display bfd session
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 session working in control packet mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
257/1090519047 100.0.0.1 100.0.0.2 Up 674ms Vlan10
# 在H3C设备上验证BFD会话详细信息。
[H3C] display bfd session verbose
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 session working in control packet mode:
Local Discr: 257 Remote Discr: 1090519047
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Session State: Up Interface: Vlan-interface10
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 1300 Tx Count: 1359
Connect Type: Direct Running Up for: 00:05:45
Hold Time: 784ms Auth mode: None
Detect Mode: Async Slot: 1
Protocol: STATIC
Version: 1
Diag Info: No Diagnostic
# 在思科设备上验证BFD邻居信息。
cisco(config-if)# show bfd neighbors
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf Type
100.0.0.2 100.0.0.1 1090519047/257 Up 737(3) Up Vlan10 default SH
如图29所示,H3C设备与思科设备通过二层交换机连接。现要求使用OSPF与BFD联动技术,实现H3C设备或思科设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告OSPF路由。
图29 采用OSPF路由联动BFD对接配置组网图
· 配置H3C设备
# 创建OSPF区域0并进入OSPF区域视图。
<H3C> system-view
[H3C] ospf 100
[H3C-ospf-100] area 0
[H3C-ospf-100-area-0.0.0.0]qu
[H3C-ospf-100] quit
# 配置接口HundredGigE1/0/1的IP地址。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] ip address 100.0.0.1 24
# 配置接口HundredGigE1/0/1使能OSPF进程100,接口所在的OSPF区域ID为0。
[H3C-HundredGigE1/0/1] ospf 100 area 0
# 使能OSPF的BFD功能。
[H3C-HundredGigE1/0/1] ospf bfd enable
# 配置接口HundredGigE1/0/1发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/1接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/1的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/1] bfd detect-multiplier 3
[H3C-HundredGigE1/0/1] quit
· 配置思科设备
# 如下配置以Cisco Nexus9000 C93180YC-FX为例进行介绍,设备具体信息如下:
cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2019, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 05.43
NXOS: version 9.3(3)
BIOS compile time: 11/22/2020
NXOS image file is: bootflash:///nxos.9.3.3.bin
NXOS compile time: 12/22/2019 2:00:00 [12/22/2019 14:00:37]
Hardware
cisco Nexus9000 C93180YC-FX Chassis
Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 32827212 kB of memory.
Processor Board ID FDO25250294
Device name: cisco-leaf2
bootflash: 115805708 kB
Kernel uptime is 167 day(s), 6 hour(s), 51 minute(s), 41 second(s)
Last reset at 744629 usecs after Thu Jan 13 02:02:26 2022
Reason: Module PowerCycled
System version:
Service: HW check by card-client
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 运行OSPF协议,使能bfd。
cisco# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
cisco(config)# router ospf 100
cisco(config-router)# area 0 default-cost 1
cisco(config-router)# bfd
cisco(config-router)# exit
# 配置接口的IP地址。
cisco(config)# interface ethernet 1/54
cisco(config-if)# ip address 100.0.0.2 255.255.255.0
#使能接口到OSPF指定区域。
cisco(config-if)# ip router ospf 100 area 0.0.0.0
# 在接口上使能BFD特性。
cisco(config-if)# ip ospf bfd
cisco(config-if)# exit
# 配置BFD会话的参数值。
cisco(config)# bfd interval 300 min_rx 300 multiplier 3
# 在H3C设备上验证OSPF邻居信息。
[H3C] display ospf peer
OSPF Process 100 with Router ID 3.3.3.4
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
2.2.2.2 100.0.0.2 1 33 Full/BDR HGE1/0/1
# 在H3C设备上验证BFD会话的概要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40768/16389 100.0.0.1 100.0.0.2 Up 616ms HGE0/0/1
# 在H3C设备上验证BFD会话的详细信息。
[H3C] display bfd session verbose
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 session working in control packet mode:
Local Discr: 257 Remote Discr: 1090519048
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Session State: Up Interface: HundredGigE1/0/1
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 749 Tx Count: 846
Connect Type: Direct Running Up for: 00:03:40
Hold Time: 817ms Auth mode: None
Detect Mode: Async Slot: 1
Protocol: OSPF
Version: 1
Diag Info: No Diagnostic
# 在思科设备上验证ospf邻居信息。
cisco(config)# show ip ospf neighbors
OSPF Process ID 100 VRF default
Total number of neighbors: 1
Neighbor ID Pri State Up Time Address Interface
3.3.3.4 1 FULL/DR 00:01:59 100.0.0.1 Eth1/54
# 在思科设备上验证bfd邻居信息。
cisco(config)# show bfd neighbors
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf Type
100.0.0.2 100.0.0.1 1090519048/257 Up 810(3) Up Eth1/54 default SH
如图30所示,H3C设备与思科设备通过二层交换机连接。现要求使用ISIS与BFD联动技术,实现H3C设备或思科设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告ISIS路由。
图30 采用ISIS路由联动BFD对接配置组网图
· 配置H3C设备
# 创建IS-IS进程1。
<H3C> system-view
[H3C] isis 1
# 配置路由器的Level级别为Level-2。
[H3C-isis-1] is-level level-2
# 配置网络实体名称为10.0000.0000.0000.0002.00。
[H3C-isis-1] network-entity 10.0000.0000.0000.0002.00
[H3C-isis-1] quit
# 配置接口HundredGigE1/0/1的IP地址。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] ip address 100.0.0.1 24
# 在接口HundredGigE1/0/1上使能IS-IS功能。
[H3C-HundredGigE1/0/1] isis enable 1
# 配置接口HundredGigE1/0/1的网络类型为P2P。
[H3C-HundredGigE1/0/1] isis circuit-type p2p
# 使能接口HundredGigE1/0/1的IS-IS BFD功能。
[H3C-HundredGigE1/0/1] isis bfd enable
# 配置接口HundredGigE1/0/1发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/1接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/1的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/1] bfd detect-multiplier 3
[H3C-HundredGigE1/0/1] quit
· 配置思科设备
# 如下配置以Cisco Nexus9000 C93180YC-FX为例进行介绍,设备具体信息如下:
cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2019, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 05.43
NXOS: version 9.3(3)
BIOS compile time: 11/22/2020
NXOS image file is: bootflash:///nxos.9.3.3.bin
NXOS compile time: 12/22/2019 2:00:00 [12/22/2019 14:00:37]
Hardware
cisco Nexus9000 C93180YC-FX Chassis
Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 32827212 kB of memory.
Processor Board ID FDO25250294
Device name: cisco-leaf2
bootflash: 115805708 kB
Kernel uptime is 167 day(s), 6 hour(s), 51 minute(s), 41 second(s)
Last reset at 744629 usecs after Thu Jan 13 02:02:26 2022
Reason: Module PowerCycled
System version:
Service: HW check by card-client
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 使能isis feature启动ISIS路由进程1。
cisco# configure terminal
cisco(config)# feature isis
cisco(config)# router isis 1
# 设置ISIS设备级别为level-2。
cisco(config-router)# is-type level-2
# 指定ISIS进程的网络实体名称。
cisco(config-router)# net 10.0000.0000.0000.0001.00
# 配置接口的IP地址。
cisco(config)# interface ethernet 1/54
cisco(config-if)# ip address 100.0.0.2 255.255.255.0
# 在接口上激活这个路由进程。
cisco(config-if)# ip router isis 1
# 设置接口类型为P2P类型。
cisco(config-if)# medium p2p
# 在接口上使能BFD特性。
cisco(config-if)# isis bfd
# 配置BFD会话的参数值。
cisco(config)# bfd interval 300 min_rx 300 multiplier 3
# 在H3C设备上验证ISIS邻居信息。
[H3C] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 0000.0000.0001
Interface: HGE1/0/1 Circuit Id: 001
State: Up HoldTime: 20s Type: L2 PRI: --
# 在H3C设备上验证BFD会话概要信息。
[H3C] display bfd session
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 session working in control packet mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
257/1090519050 100.0.0.1 100.0.0.2 Up 778ms HGE1/0/1
# 在H3C设备上验证BFD会话详细信息。
[H3C] display bfd session verbose
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 session working in control packet mode:
Local Discr: 257 Remote Discr: 1090519050
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Session State: Up Interface: HundredGigE1/0/1
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900
Rx Count: 234128 Tx Count: 267540
Connect Type: Direct Running Up for: 19:29:08
Hold Time: 820ms Auth mode: None
Detect Mode: Async Slot: 1
Protocol: ISIS_P2P
Version: 1
Diag Info: No Diagnostic
# 在思科设备上验证ISIS路由信息。
cisco(config-if)# show isis route
IS-IS process: 1 VRF: default
IS-IS IPv4 routing table
100.0.0.0/24, L2, direct
*via Ethernet1/54, metric 1, L2, direct
# 在思科设备上验证bfd邻居信息。
cisco(config-if)# show bfd neighbors
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf Type
100.0.0.2 100.0.0.1 1090519050/257 Up 641(3) Up Eth1/54 default SH
如图31所示,H3C设备与思科设备通过二层交换机连接。现要求使用BGP与BFD联动技术,实现H3C设备或思科设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告BGP路由。
图31 采用BGP路由联动BFD对接配置组网图
· 配置H3C设备
# 配置接口HundredGigE1/0/1的IP地址。
<H3C> system-view
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] ip address 100.0.0.1 24
# 配置接口HundredGigE1/0/1发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/1接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/1制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/1] bfd detect-multiplier 3
[H3C-HundredGigE1/0/1] quit
# 在BGP实例视图下,指定对等体组的AS号为100。
[H3C] bgp 100
[H3C-bgp-default] peer 100.0.0.2 as-number 200
# 配置通过BFD检测本地路由器和指定BGP对等体/对等体组之间的链路。
[H3C-bgp-default] peer 100.0.0.2 bfd
# 在BGP实例视图下,创建BGP IPv4单播地址族,并进入BGP IPv4单播地址族视图。
[H3C-bgp-default] address-family ipv4 unicast
# 在BGP IPv4单播地址族视图下,使能本地路由器与对等体100.0.0.2交换IPv4单播路由信息的能力。
[H3C-bgp-default-ipv4] peer 100.0.0.2 enable
[H3C-bgp-default-ipv4] quit
[H3C-bgp-default] quit
· 配置思科设备
# 如下配置以Cisco Nexus9000 C93180YC-FX为例进行介绍,设备具体信息如下:
cisco# show version
Cisco Nexus Operating System (NX-OS) Software
TAC support: http://www.cisco.com/tac
Copyright (C) 2002-2019, Cisco and/or its affiliates.
All rights reserved.
The copyrights to certain works contained in this software are
owned by other third parties and used and distributed under their own
licenses, such as open source. This software is provided "as is," and unless
otherwise stated, there is no warranty, express or implied, including but not
limited to warranties of merchantability and fitness for a particular purpose.
Certain components of this software are licensed under
the GNU General Public License (GPL) version 2.0 or
GNU General Public License (GPL) version 3.0 or the GNU
Lesser General Public License (LGPL) Version 2.1 or
Lesser General Public License (LGPL) Version 2.0.
A copy of each such license is available at
http://www.opensource.org/licenses/gpl-2.0.php and
http://opensource.org/licenses/gpl-3.0.html and
http://www.opensource.org/licenses/lgpl-2.1.php and
http://www.gnu.org/licenses/old-licenses/library.txt.
Software
BIOS: version 05.43
NXOS: version 9.3(3)
BIOS compile time: 11/22/2020
NXOS image file is: bootflash:///nxos.9.3.3.bin
NXOS compile time: 12/22/2019 2:00:00 [12/22/2019 14:00:37]
Hardware
cisco Nexus9000 C93180YC-FX Chassis
Intel(R) Xeon(R) CPU D-1528 @ 1.90GHz with 32827212 kB of memory.
Processor Board ID FDO25250294
Device name: cisco-leaf2
bootflash: 115805708 kB
Kernel uptime is 167 day(s), 6 hour(s), 51 minute(s), 41 second(s)
Last reset at 744629 usecs after Thu Jan 13 02:02:26 2022
Reason: Module PowerCycled
System version:
Service: HW check by card-client
plugin
Core Plugin, Ethernet Plugin
Active Package(s):
# 配置接口的IP地址。
cisco# configure terminal
cisco(config)# interface ethernet 1/54
cisco(config-if)# ip address 100.0.0.2 255.255.255.0
cisco(config-if)# exit
# 配置对等体的对端AS号为100。
cisco(config)# router bgp 200
cisco(config-router)# neighbor 100.0.0.1 remote-as 100
cisco(config-router-neighbor)# address-family ipv4 unicast
cisco(config-router-neighbor-af)# neighbor 100.0.0.1 remote-as 100
# 为对等体配置BFD功能。
cisco(config-router-neighbor)# bfd
# 配置BFD会话参数。
cisco(config)# bfd interval 300 min_rx 300 multiplier 3
#在H3C设备上验证所有BGP IPv4单播对等体的简要信息。
[H3C] display bgp peer ipv4
BGP local router ID: 3.3.3.4
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
100.0.0.2 200 8 19 0 0 00:04:50 Established
# 在H3C设备上验证BFD会话的简要信息。
[H3C] display bfd session
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 session working in control packet mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
257/1090519049 100.0.0.1 100.0.0.2 Up 900ms HGE1/0/1
# 在H3C设备上验证BFD会话的详细信息。
[H3C] display bfd session verbose
Total Session Num: 1 Up Session Num: 1 Init Mode: Active
IPv4 session working in control packet mode:
Local Discr: 257 Remote Discr: 1090519049
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Session State: Up Interface: HundredGigE1/0/1
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 1355 Tx Count: 1406
Connect Type: Direct Running Up for: 00:05:33
Hold Time: 688ms Auth mode: None
Detect Mode: Async Slot: 1
Protocol: BGP
Version: 1
Diag Info: No Diagnostic
# 在思科设备上验证bgp会话信息。
cisco(config)# show bgp sessions
Total peers 1, established peers 1
ASN 200
VRF default, local ASN 200
peers 1, established peers 1, local router-id 2.2.2.2
State: I-Idle, A-Active, O-Open, E-Established, C-Closing, S-Shutdown
Neighbor ASN Flaps LastUpDn|LastRead|LastWrit St Port(L/R) Notif(S/R)
100.0.0.1 100 0 00:05:55|00:00:49|00:00:54 E 44009/179 0/0
# 在思科设备上验证bfd会话信息。
cisco(config)# show bfd neighbors
OurAddr NeighAddr LD/RD RH/RS Holdown(mult) State Int Vrf Type
100.0.0.2 100.0.0.1 1090519049/257 Up 878(3) Up Eth1/54 default SH
表23 BFD互通性分析
|
H3C |
华为 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图32所示,H3C设备与华为设备通过二层交换机连接。现要求使用静态路由与BFD联动技术,实现H3C设备或华为设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告静态路由。
图32 采用静态路由联动BFD对接配置组网图
· 配置H3C设备
# 创建VLAN10。
<H3C> system-view
[H3C] vlan 10
[H3C-vlan10] quit
# 配置端口HundredGigE1/0/1为Trunk口,并允许VLAN10通过。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] port link-type trunk
[H3C-HundredGigE1/0/1] port trunk permit vlan 10
[H3C-HundredGigE1/0/1] undo port trunk permit vlan 1
[H3C-HundredGigE1/0/1] quit
# 配置接口Vlan-interface10的IP地址为100.0.0.1。
[H3C] interface Vlan-interface 10
[H3C-Vlan-interface10] ip address 100.0.0.1 24
# 配置接口Vlan-interface10发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-Vlan-interface10] bfd min-transmit-interval 300
# 配置接口Vlan-interface10接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-Vlan-interface10] bfd min-receive-interval 300
# 配置接口Vlan-interface10的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-Vlan-interface10] bfd detect-multiplier 3
[H3C-Vlan-interface10] quit
# 配置接口LoopBack0的IP地址。
[H3C] interface LoopBack0
[H3C-LoopBack0] ip address 1.1.1.1 32
[H3C-LoopBack0] quit
# 配置静态路由,并使能BFD(Bidirectional Forwarding Detection,双向转发检测)功能,对静态路由下一跳的可达性进行快速检测,当下一跳不可达时可以快速切换到备份路由。
[H3C] ip route-static 2.2.2.2 32 Vlan-interface10 100.0.0.2 bfd control-packet
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 使能IP组播功能。
<HUAWEI>system-view immediately
[HUAWEI]multicast routing-enable
# 创建vlan 10。
[HUAWEI]vlan 10
[HUAWEI-vlan10]quit
# 将接口100GE1/0/1的链路类型设置为Trunk,并允许通过的VLAN为10。
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]port link-type trunk
[HUAWEI-100GE1/0/1]port trunk allow-pass vlan 10
[HUAWEI-100GE1/0/1]undo port trunk allow-pass vlan 1
[HUAWEI-100GE1/0/1]quit
# 配置VLANIF接口的IP地址。
[HUAWEI]interface Vlanif 10
[HUAWEI-Vlanif10]ip address 100.0.0.2 24
[HUAWEI-Vlanif10]quit
# 配置LoopBack接口的IP地址。
[HUAWEI]interface LoopBack 0
[HUAWEI-LoopBack0]ip address 2.2.2.2 32
[HUAWEI-LoopBack0]quit
# 配置静态路由的BFD参数。
[HUAWEI]ip route-static bfd Vlanif 10 100.0.0.1 local-address 100.0.0.2 min-tx-interval 300 min-rx-interval 300 detect-multiplier 3
# 使能静态路由绑定动态BFD会话进行快速故障检测。
[HUAWEI]ip route-static 1.1.1.1 32 Vlanif 10 100.0.0.1 bfd enable
# 在H3C设备上验证BFD会话概要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40768/16385 100.0.0.1 100.0.0.2 Up 762ms Vlan10
# 在H3C设备上验证BFD会话详细信息。
[H3C] display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
Local Discr: 40768 Remote Discr: 16385
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Destination port: 3784 Session State: Up
Interface: Vlan-interface10
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 1109 Tx Count: 1160
Connect Type: Direct Running Up for: 00:07:15
Hold Time: 734ms Auth Mode: None
Detect Mode: Async Slot: 0
Protocol: STATIC
Version: 1
Diag Info: No Diagnostic
如图33所示,H3C设备与华为设备通过二层交换机连接。现要求使用OSPF与BFD联动技术,实现H3C设备或华为设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告OSPF路由。
图33 采用OSPF路由联动BFD对接配置组网图
· 配置H3C设备
# 创建OSPF区域0并进入OSPF区域视图。
<H3C> system-view
[H3C] ospf 100
[H3C-ospf-100] area 0
[H3C-ospf-100] quit
# 配置接口HundredGigE1/0/1的IP地址。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] ip address 100.0.0.1 24
# 配置接口HundredGigE1/0/1使能OSPF进程1,接口所在的OSPF区域ID为0。
[H3C-HundredGigE1/0/1] ospf 100 area 0
# 使能OSPF的BFD功能。
[H3C-HundredGigE1/0/1] ospf bfd enable
# 配置接口HundredGigE1/0/1发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/1接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/1的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/1] bfd detect-multiplier 3
[H3C-HundredGigE1/0/1] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 运行OSPF协议。
<HUAWEI>system-view immediately
[HUAWEI]ospf 100
[HUAWEI-ospf-100-area-0.0.0.0]quit
[HUAWEI-ospf-100]quit
# 配置接口的IP地址。
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]ip address 100.0.0.2 255.255.255.0
#使能接口到OSPF指定区域。
[HUAWEI-100GE1/0/1]ospf enable 100 area 0.0.0.0
# 在接口上使能BFD特性。
[HUAWEI-100GE1/0/1]ospf bfd enable
# 配置BFD会话的参数值。
[HUAWEI-100GE1/0/1]ospf bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 3
[HUAWEI-100GE1/0/1]quit
# 在H3C设备上验证OSPF邻居信息。
[H3C] display ospf peer
OSPF Process 100 with Router ID 1.1.1.1
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
16.1.111.51 100.0.0.2 1 37 Full/DR HGE1/0/1
# 在H3C设备上验证BFD会话的概要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40768/16389 100.0.0.1 100.0.0.2 Up 616ms HGE1/0/1
# 在H3C设备上验证BFD会话的详细信息。
[H3C] display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
Local Discr: 40768 Remote Discr: 16389
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Destination port: 3784 Session State: Up
Interface: HundredGigE1/0/1
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 19560 Tx Count: 19548
Connect Type: Direct Running Up for: 05:22:40
Hold Time: 776ms Auth Mode: None
Detect Mode: Async Slot: 0
Protocol: OSPF
Version: 1
Diag Info: No Diagnostic
如图34所示,H3C设备与华为设备通过二层交换机连接。现要求使用ISIS与BFD联动技术,实现H3C设备或华为设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告ISIS路由。
图34 采用ISIS路由联动BFD对接配置组网图
· 配置H3C设备
# 创建IS-IS进程1。
<H3C> system-view
[H3C] isis 1
# 配置路由器的Level级别为Level-2。
[H3C-isis-1] is-level level-2
# 配置路由器只可以接收和发送采用wide方式。
[H3C-isis-1] cost-style wide
# 配置网络实体名称为48.0001.1001.7220.0160.00。
[H3C-isis-1] network-entity 48.0001.1001.7220.0160.00
[H3C-isis-1] quit
# 配置接口HundredGigE1/0/1的IP地址。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] ip address 100.0.0.1 24
# 在接口HundredGigE1/0/1上使能IS-IS功能。
[H3C-HundredGigE1/0/1] isis enable 1
# 配置接口HundredGigE1/0/1的网络类型为P2P。
[H3C-HundredGigE1/0/1] isis circuit-type p2p
# 使能接口HundredGigE1/0/1的IS-IS BFD功能。
[H3C-HundredGigE1/0/1] isis bfd enable
# 配置接口HundredGigE1/0/1发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/1接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/1的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/1] bfd detect-multiplier 3
[H3C-HundredGigE1/0/1] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 启动ISIS路由进程1。
<HUAWEI>system-view immediately
[HUAWEI]isis 1
# 设置ISIS设备级别为level-2。
[HUAWEI-isis-1]is-level level-2
# 指定ISIS进程的网络实体名称。
[HUAWEI-isis-1]network-entity 48.0001.1001.7220.0170.00
# 指定ISIS设备只能接收和发送开销类型为wide的路由。
[HUAWEI-isis-1]cost-style wide
[HUAWEI-isis-1]quit
# 配置接口的IP地址。
[HUAWEI]interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]ip address 100.0.0.2 24
# 在接口100GE1/0/1上激活这个路由进程。
[HUAWEI-100GE1/0/1]isis enable 1
# 设置100GE1/0/1为P2P类型。
[HUAWEI-100GE1/0/1]isis circuit-type p2p
# 在100GE1/0/1接口上使能BFD特性。
[HUAWEI-100GE1/0/1]isis bfd enable
# 配置BFD会话的参数值。
[HUAWEI-100GE1/0/1]isis bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 3
[HUAWEI-100GE1/0/1]quit
# 在H3C设备上验证ISIS邻居信息。
[H3C] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 1001.7220.0170
Interface: HGE1/0/1 Circuit Id: 061
State: Up HoldTime: 26s Type: L2 PRI: --
# 在H3C设备上验证BFD会话概要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40768/16390 100.0.0.1 100.0.0.2 Up 797ms HGE1/0/1
# 在H3C设备上验证BFD会话详细信息。
[H3C] display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
Local Discr: 40768 Remote Discr: 16390
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Destination port: 3784 Session State: Up
Interface: HundredGigE1/0/1
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 481 Tx Count: 494
Connect Type: Direct Running Up for: 00:03:12
Hold Time: 653ms Auth Mode: None
Detect Mode: Async Slot: 0
Protocol: ISIS_P2P
Version: 1
Diag Info: No Diagnostic
如图35所示,H3C设备与华为设备通过二层交换机连接。现要求使用BGP与BFD联动技术,实现H3C设备或华为设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告BGP路由。
图35 采用BGP路由联动BFD对接配置组网图
· 配置H3C设备
# 配置接口HundredGigE1/0/1的IP地址。
<H3C> system-view
System View: return to User View with Ctrl+Z.
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] ip address 100.0.0.1 24
# 配置接口HundredGigE1/0/1发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/1接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/1] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/1的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/1] bfd detect-multiplier 3
[H3C-HundredGigE1/0/1] quit
# 在BGP实例视图下,指定对等体组的AS号为100。
[H3C] bgp 100
[H3C-bgp-default] peer 100.0.0.2 as-number 200
# 配置通过BFD检测本地路由器和指定BGP对等体/对等体组之间的链路。
[H3C-bgp-default] peer 100.0.0.2 bfd
# 在BGP实例视图下,创建BGP IPv4单播地址族,并进入BGP IPv4单播地址族视图。
[H3C-bgp-default] address-family ipv4 unicast
# 在BGP IPv4单播地址族视图下,使能本地路由器与对等体100.0.0.2交换IPv4单播路由信息的能力。
[H3C-bgp-default-ipv4] peer 100.0.0.2 enable
[H3C-bgp-default-ipv4] quit
[H3C-bgp-default] quit
· 配置华为设备
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEI> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 配置接口的IP地址。
<HUAWEI>system-view immediately
[HUAWEI] interface 100GE 1/0/1
[HUAWEI-100GE1/0/1]ip address 100.0.0.2 24
[HUAWEI-100GE1/0/1]quit
# 配置对等体的对端AS号为100。
[HUAWEI]bgp 200
[HUAWEI-bgp]peer 100.0.0.1 as-number 100
# 为对等体配置BFD功能。
[HUAWEI-bgp]peer 100.0.0.1 bfd enable
# 配置BFD会话参数。
[HUAWEI-bgp]peer 100.0.0.1 bfd min-tx-interval 300 min-rx-interval 300 detect-multiplier 3
[HUAWEI-bgp]quit
#在H3C设备上验证所有BGP IPv4单播对等体的简要信息。
[H3C] display bgp peer ipv4
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
100.0.0.2 200 12 216 0 0 00:08:30 Established
# 在H3C设备上验证BFD会话的简要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40768/16391 100.0.0.1 100.0.0.2 Up 737ms HGE1/0/1
# 在H3C设备上验证BFD会话的详细信息。
[H3C] display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
Local Discr: 40768 Remote Discr: 16391
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Destination port: 3784 Session State: Up
Interface: HundredGigE1/0/1
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 131 Tx Count: 212
Connect Type: Direct Running Up for: 00:00:42
Hold Time: 694ms Auth Mode: None
Detect Mode: Async Slot: 0
Protocol: BGP
Version: 1
Diag Info: No Diagnostic
表24 BFD互通性分析
|
H3C |
锐捷 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图36所示,H3C设备与锐捷设备通过二层交换机连接。现要求使用静态路由与BFD联动技术,实现H3C设备或锐捷设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告静态路由。
图36 采用静态路由联动BFD对接配置组网图
· 配置H3C设备
# 创建VLAN 10。
<H3C> system-view
[H3C] vlan 10
[H3C-vlan10] quit
# 配置端口HundredGigE1/0/1为Trunk口,并允许vlan 10通过。
[H3C] interface HundredGigE 1/0/1
[H3C-HundredGigE1/0/1] port link-type trunk
[H3C-HundredGigE1/0/1] port trunk permit vlan 10
[H3C-HundredGigE1/0/1] undo port trunk permit vlan 1
[H3C-HundredGigE1/0/1] quit
# 配置接口Vlan-interface10的IP地址为100.0.0.1。
[H3C] interface Vlan-interface 10
[H3C-Vlan-interface10] ip address 100.0.0.1 24
# 配置接口Vlan-interface10发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-Vlan-interface10] bfd min-transmit-interval 300
# 配置接口Vlan-interface10接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-Vlan-interface10] bfd min-receive-interval 300
# 配置接口Vlan-interface10的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-Vlan-interface10] bfd detect-multiplier 3
[H3C-Vlan-interface10] quit
# 配置接口LoopBack0的IP地址。
[H3C] interface LoopBack0
[H3C-LoopBack0] ip address 1.1.1.1 32
[H3C-LoopBack0] quit
# 配置静态路由,并使能BFD(Bidirectional Forwarding Detection,双向转发检测)功能,对静态路由下一跳的可达性进行快速检测,当下一跳不可达时可以快速切换到备份路由。
[H3C] ip route-static 2.2.2.2 32 Vlan-interface10 100.0.0.2 bfd control-packet
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 使能IP组播功能。
Ruijie>enable
Ruijie#configure terminal
# 将接口0/49的链路类型设置为Trunk,并允许通过的VLAN为10。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport mode trunk
Ruijie(config-if-HundredGigabitEthernet 0/49)#switchport trunk allowed vlan only 10
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 配置VLAN10接口的IP地址。
Ruijie(config)#interface vlAN 10
Ruijie(config-if-VLAN 10)#ip address 100.0.0.2 24
# 配置BFD参数。
Ruijie(config-if-VLAN 10)#bfd interval 300 min_rx 300 multiplier 3
Ruijie(config-if-VLAN 10)#exit
# 配置静态路由。
Ruijie(config)#ip route 1.1.1.1 255.255.255.255 VLAN 10 100.0.0.1
# 配置静态路由绑定BFD会话。
Ruijie(config)#ip route static bfd VLAN 10 100.0.0.1 source 100.0.0.2
# 在H3C设备上验证BFD会话概要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40768/8192 100.0.0.1 100.0.0.2 Up 788ms Vlan10
# 在H3C设备上验证BFD会话详细信息。
[H3C] display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
Local Discr: 40768 Remote Discr: 8192
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Destination port: 3784 Session State: Up
Interface: Vlan-interface10
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 1375 Tx Count: 1372
Connect Type: Direct Running Up for: 00:01:07
Hold Time: 888ms Auth Mode: None
Detect Mode: Async Slot: 0
Protocol: STATIC
Version: 1
Diag Info: No Diagnostic
如图37所示,H3C设备与锐捷设备通过二层交换机连接。现要求使用OSPF与BFD联动技术,实现H3C设备或锐捷设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告OSPF路由。
图37 采用OSPF路由联动BFD对接配置组网图
· 配置H3C设备
# 创建OSPF区域0并进入OSPF区域视图。
<H3C> system-view
[H3C] ospf 1
[H3C-ospf-1] area 0
[H3C-ospf-1-area-0.0.0.0] quit
[H3C-ospf-1] quit
# 配置接口HundredGigE1/0/3的IP地址。
[H3C]interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] ip address 100.0.0.1 255.255.255.0
# 配置接口HundredGigE1/0/3使能OSPF进程1,接口所在的OSPF区域ID为0。
[H3C-HundredGigE1/0/3] ospf 1 area 0
# 使能OSPF的BFD功能。
[H3C-HundredGigE1/0/3] ospf bfd enable
# 配置接口HundredGigE1/0/3发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/3] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/3接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/3] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/3的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/3] bfd detect-multiplier 3
[H3C-HundredGigE1/0/3] quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 创建OSPF路由进程并进入OSPF路由配置模式。
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#route ospf 1
# 配置指定区域。
Ruijie(config-router)#area 0
Ruijie(config-router)#exit
#配置接口0/49的IP地址。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet0/49)#ip address 100.0.0.2 24
# 配置接口加入指定区域。
Ruijie(config-if-HundredGigabitEthernet0/49)#ip ospf 1 area 0
# 配置运行OSPF的指定接口启动BFD进行链路检测。
Ruijie(config-if-HundredGigabitEthernet0/49)#ip ospf bfd
# 配置BFD的参数。
Ruijie(config-if-HundredGigabitEthernet0/49)#bfd interval 300 min_rx 300 multiplier 3
Ruijie(config-if-HundredGigabitEthernet0/49)#exit
# 在H3C设备上验证OSPF邻居信息。
[H3C] display ospf peer
OSPF Process 1 with Router ID 16.1.105.99
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
2.2.2.2 100.0.0.2 1 39 Full/DR HGE0/0/3
# 在H3C设备上验证BFD会话的概要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40768/8192 100.0.0.1 100.0.0.2 Up 836ms HGE1/0/3
# 在H3C设备上验证BFD会话的详细信息。
[H3C] display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
Local Discr: 40768 Remote Discr: 8192
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Destination port: 3784 Session State: Up
Interface: HundredGigE1/0/3
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 164 Tx Count: 188
Connect Type: Direct Running Up for: 00:00:48
Hold Time: 727ms Auth Mode: None
Detect Mode: Async Slot: 0
Protocol: OSPF
Version: 1
Diag Info: No Diagnostic
如图38所示,H3C设备与锐捷设备通过二层交换机连接。现要求使用ISIS与BFD联动技术,实现H3C设备或锐捷设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告ISIS路由。
图38 采用ISIS路由联动BFD对接配置组网图
· 配置H3C设备
# 创建IS-IS进程1。
<H3C> system-view
[H3C] isis 1
# 配置路由器的Level级别为Level-2。
[H3C-isis-1] is-level level-2
# 配置路由器只可以接收和发送采用wide方式。
[H3C-isis-1] cost-style wide
# 配置网络实体名称为48.0001.1001.7220.0160.00。
[H3C-isis-1] network-entity 48.0001.1001.7220.0160.00
[H3C-isis-1] quit
# 配置接口HundredGigE1/0/3的IP地址。
[H3C] interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] ip address 100.0.0.1 24
# 在接口HundredGigE1/0/3上使能IS-IS功能。
[H3C-HundredGigE1/0/3] isis enable 1
# 配置接口HundredGigE1/0/3的网络类型为P2P。
[H3C-HundredGigE1/0/3] isis circuit-type p2p
# 使能接口HundredGigE1/0/3的IS-IS BFD功能。
[H3C-HundredGigE1/0/3] isis bfd enable
# 配置接口HundredGigE1/0/3发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/3] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/3接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/3] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/3的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/3] bfd detect-multiplier 3
[H3C-HundredGigE1/0/3] quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
# 创建ISIS实例。
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#route isis 1
# 设置ISIS的NET地址。
Ruijie(config-router)#net 48.0001.1001.7220.0170.00
# 指定ISIS所运行的Level。
Ruijie(config-router)#is-type level-1-2
# 设置metric类型。
Ruijie(config-router)#metric-style wide
Ruijie(config-router)#exit
# 配置接口0/49的IP地址,并在该接口上启用ISIS路由。
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip address 100.0.0.2 24
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip router isis 1
# 将Broadcast类型的接口设置为Point-to-Point类型。
Ruijie(config-if-HundredGigabitEthernet 0/49)#isis network point-to-point
# 在接口上使能ISIS与BFD联动。
Ruijie(config-if-HundredGigabitEthernet 0/49)#isis bfd
# 配置BFD参数值。
Ruijie(config-if-HundredGigabitEthernet 0/49)#bfd interval 300 min_rx 300 multiplier 3
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 在H3C设备上验证ISIS邻居信息。
[H3C] display isis peer
Peer information for IS-IS(1)
-----------------------------
System ID: 1001.7220.0170
Interface: HGE1/0/3 Circuit Id: 002
State: Up HoldTime: 24s Type: L2 PRI: --
# 在H3C设备上验证BFD会话概要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40769/8192 100.0.0.1 100.0.0.2 Up 680ms HGE1/0/3
# 在H3C设备上验证BFD会话详细信息。
[H3C] display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
Local Discr: 40769 Remote Discr: 8192
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Destination port: 3784 Session State: Up
Interface: HundredGigE1/0/3
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 1863 Tx Count: 1893
Connect Type: Direct Running Up for: 00:09:23
Hold Time: 633ms Auth Mode: None
Detect Mode: Async Slot: 0
Protocol: ISIS_P2P
Version: 1
Diag Info: No Diagnostic
如图39所示,H3C设备与锐捷设备通过二层交换机连接。现要求使用BGP与BFD联动技术,实现H3C设备或锐捷设备与二层交换机之间的链路出现故障时,BFD能够快速感知并通告BGP路由。
图39 采用BGP路由联动BFD对接配置组网图
· 配置H3C设备
# 配置接口HundredGigE1/0/3的IP地址。
<H3C> system-view
[H3C]interface HundredGigE 1/0/3
[H3C-HundredGigE1/0/3] ip address 100.0.0.1 255.255.255.0
# 配置接口HundredGigE1/0/3发送单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/3] bfd min-transmit-interval 300
# 配置接口HundredGigE1/0/3接收单跳BFD控制报文的最小时间间隔为300毫秒。
[H3C-HundredGigE1/0/3] bfd min-receive-interval 300
# 配置接口HundredGigE1/0/3的控制报文方式单跳检测和Echo报文方式的BFD检测时间倍数为3。
[H3C-HundredGigE1/0/3] bfd detect-multiplier 3
[H3C-HundredGigE1/0/3] quit
# 在BGP实例视图下,指定对等体组的AS号为100。
[H3C] bgp 100
[H3C-bgp-default] peer 100.0.0.2 as-number 200
# 配置通过BFD检测本地路由器和指定BGP对等体/对等体组之间的链路。
[H3C-bgp-default] peer 100.0.0.2 bfd
# 在BGP实例视图下,创建BGP IPv4单播地址族,并进入BGP IPv4单播地址族视图。
[H3C-bgp-default] address-family ipv4 unicast
# 在BGP IPv4单播地址族视图下,使能本地路由器与对等体100.0.0.2交换IPv4单播路由信息的能力。
[H3C-bgp-default-ipv4] peer 100.0.0.2 enable
[H3C-bgp-default-ipv4] quit
[H3C-bgp-default ]quit
· 配置锐捷设备
# 如下配置以锐捷S6510-48VS8CQ为例进行介绍,设备具体信息如下:
Ruijie>show version
System description : Ruijie Full 25G Routing Switch(S6510-48VS8CQ) By Ruijie Networks
System start time : 2022-06-10 17:56:53
System uptime : 16:16:51:47
System hardware version : 2.30
System software version : S6500_RGOS 11.0(5)B9P59
System patch number : NA
System serial number : G1QH10Q10637A
System boot version : 1.3.8
Module information:
Slot 0 : RG-S6510-48VS8CQ
Hardware version : 2.30
Boot version : 1.3.8
Software version : S6500_RGOS 11.0(5)B9P59
Serial number : G1QH10Q10637A
#设置接口0/49的IP地址及BFD参数。
Ruijie>enable
Ruijie#configure terminal
Ruijie(config)#interface hundredGigabitEthernet 0/49
Ruijie(config-if-HundredGigabitEthernet 0/49)#no switchport
Ruijie(config-if-HundredGigabitEthernet 0/49)#ip address 100.0.0.2 24
Ruijie(config-if-HundredGigabitEthernet 0/49)#bfd interval 300 min_rx 300 multiplier 3
Ruijie(config-if-HundredGigabitEthernet 0/49)#exit
# 开启BGP协议,设置本地AS为100。
Ruijie(config)#route bgp 200
# 创建对等体100.0.0.1。
Ruijie(config-router)#neighbor 100.0.0.1 remote-as 100
# 关联BFD应用。
Ruijie(config-router)#neighbor 100.0.0.1 fall-over bfd
Ruijie(config-router)#exit
#在H3C设备上验证所有BGP IPv4单播对等体的简要信息。
[H3C] display bgp peer ipv4
BGP local router ID: 1.1.1.1
Local AS number: 100
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
100.0.0.2 200 12 216 0 0 00:08:30 Established
# 在H3C设备上验证BFD会话的简要信息。
[H3C] display bfd session
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
LD/RD SourceAddr DestAddr State Holdtime Interface
40768/16391 100.0.0.1 100.0.0.2 Up 737ms HGE1/0/3
# 在H3C设备上验证BFD会话的详细信息。
[H3C] display bfd session verbose
Total sessions: 1 Up sessions: 1 Init mode: Active
IPv4 session working in control mode:
Local Discr: 40768 Remote Discr: 16391
Source IP: 100.0.0.1 Destination IP: 100.0.0.2
Destination port: 3784 Session State: Up
Interface: HundredGigE1/0/3
Min Tx Inter: 300ms Act Tx Inter: 300ms
Min Rx Inter: 300ms Detect Inter: 900ms
Rx Count: 131 Tx Count: 212
Connect Type: Direct Running Up for: 00:00:42
Hold Time: 694ms Auth Mode: None
Detect Mode: Async Slot: 0
Protocol: BGP
Version: 1
Diag Info: No Diagnostic
表25 MPLS-LDP互通性分析
|
H3C |
Cisco |
互通结论 |
|
配置OSPF和本地LDP会话 |
配置OSPF和本地LDP会话 |
可以建立LDP LSP互通 |
如图40所示,两台H3C设备与华为设备组成MPLS网络;在3台设备上分别配置OSPF和本地LDP会话,可以建立从LSRA到LSRC的LDP LSP连通。因为LDP根据路由信息动态分配标签,因此,利用LDP动态建立LSP时,需要配置路由协议(本举例采用OSPF协议),使得各设备之间路由可达。
图40 采用MPLS-LDP对接配置组网图
# 配置各接口的IP地址,按照图40https://press.h3c.com/MaterialExpoDocumentLibrary/Comware V7 B70D064%E5%88%86%E6%94%AF/B70D064%E5%88%86%E6%94%AF%E4%B8%AD%E6%96%87/10-MPLS/03-LDP/LDP%E9%85%8D%E7%BD%AE.htm - _Ref294687824配置各接口IP地址和掩码,包括Loopback接口,具体配置过程略。
· 配置LSRA。
# 配置OSPF。
<LSRA> system-view
[LSRA] ospf 1
[LSRA-ospf-1] area 0
[LSRA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[LSRA-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[LSRA-ospf-1-area-0.0.0.0] quit
[LSRA-ospf-1] quit
# 配置MPLS和LDP功能。
[LSRA] mpls lsr-id 1.1.1.1
[LSRA] mpls ldp
[LSRA-ldp] quit
[LSRA] interface HundredGigE 2/0/4
[LSRA-HundredGigE2/0/4] mpls enable
[LSRA-HundredGigE2/0/4] mpls ldp enable
[LSRA-HundredGigE2/0/4] quit
· 配置LSRC。
# 配置OSPF。
<LSRC> system-view
[LSRC] ospf 1
[LSRC-ospf-1] area 0
[LSRC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[LSRC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[LSRC-ospf-1-area-0.0.0.0] quit
[LSRC-ospf-1] quit
# 配置MPLS和LDP功能。
[LSRC] mpls lsr-id 3.3.3.3
[LSRC] mpls ldp
[LSRC-ldp] quit
[LSRC] interface HundredGigE 2/0/4
[LSRC-HundredGigE2/0/4] mpls enable
[LSRC-HundredGigE2/0/4] mpls ldp enable
[LSRC-HundredGigE2/0/4] quit
· 配置华为设备
# 如下配置以华为CE6860-48S8CQ-EI为例进行介绍,设备具体信息如下:
<LSRB> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.180 (CE6860EI V200R005C10SPC800)
Copyright (C) 2012-2018 Huawei Technologies Co., Ltd.
HUAWEI CE6860-48S8CQ-EI uptime is 2 days, 13 hours, 54 minutes
CE6860-48S8CQ-EI(Master) 1 : uptime is 2 days, 13 hours, 53 minutes
StartupTime 2023/02/08 20:04:57
Memory Size : 2048 M bytes
Flash Size : 1024 M bytes
CE6860-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP01 VER A
2. MAB Version : 2
3. Board Type : CE6860-48S8CQ-EI
4. CPLD1 Version : 104
5. CPLD2 Version : 104
6. BIOS Version : 192
# 配置OSPF。
<LSRB> system-view
[LSRB] ospf 1
[LSRB-ospf-1] area 0
[LSRB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[LSRB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[LSRB-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[LSRB-ospf-1-area-0.0.0.0] quit
[LSRB-ospf-1] quit
# 配置MPLS和LDP功能。
[LSRB] mpls lsr-id 2.2.2.2
[LSRB] mpls
[LSRB-mpls] quit
[LSRB] mpls ldp
[LSRB-mpls-ldp] quit
[LSRB] interface 100GE 1/0/1
[LSRB-100GE1/0/1] mpls
[LSRB-100GE1/0/1] mpls ldp
[LSRB-100GE1/0/1] quit
[LSRB] interface 100GE 1/0/2
[LSRB-100GE1/0/2] mpls
[LSRB-100GE1/0/2] mpls ldp
[LSRB-100GE1/0/2] quit
# 在H3C设备上执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。以LSRA为例:
<LSRA> display mpls ldp lsp
Status Flags: * - stale, L - liberal, B - backup, N/A - unavailable
FECs: 3 Ingress: 2 Transit: 2 Egress: 1
FEC In/Out Label Nexthop OutInterface
1.1.1.1/32 3/-
2.2.2.2/32 -/3 12.1.1.2 HGE2/0/4
24128/3 12.1.1.2 HGE2/0/4
3.3.3.3/32 -/45 12.1.1.2 HGE2/0/4
24127/45 12.1.1.2 HGE2/0/4
# 在LSRA上检测LSRA到LSRC的LDP LSP的可达性。
<LSRA> ping mpls ipv4 3.3.3.3 32
MPLS ping FEC 3.3.3.3/32 with 100 bytes of data:
100 bytes from 13.1.1.2: Sequence=1 time=1 ms
100 bytes from 13.1.1.2: Sequence=2 time=1 ms
100 bytes from 13.1.1.2: Sequence=3 time=1 ms
100 bytes from 13.1.1.2: Sequence=4 time=1 ms
100 bytes from 13.1.1.2: Sequence=5 time=1 ms
--- Ping statistics for FEC 3.3.3.3/32 ---
5 packets transmitted, 5 packets received, 0.0% packet loss
Round-trip min/avg/max = 1/1/1 ms
<LSRA>%Feb 10 15:44:06:798 2023 H3C LSPV/6/LSPV_PING_STATIS_INFO: -MDC=1; Ping statistics for FEC 3.3.3.3/32: 5 packets transmitted, 5 packets received, 0.0% packets loss, round-trip min/avg/max = 1/1/1 ms.
# 在LSRC上检测LSRC到LSRA的LDP LSP的可达性。
<LSRC> ping mpls ipv4 1.1.1.1 32
MPLS ping FEC 1.1.1.1/32 with 100 bytes of data:
100 bytes from 12.1.1.1: Sequence=1 time=1 ms
100 bytes from 12.1.1.1: Sequence=2 time=1 ms
100 bytes from 12.1.1.1: Sequence=3 time=1 ms
100 bytes from 12.1.1.1: Sequence=4 time=1 ms
100 bytes from 12.1.1.1: Sequence=5 time=1 ms
--- Ping statistics for FEC 1.1.1.1/32 ---
5 packets transmitted, 5 packets received, 0.0% packet loss
Round-trip min/avg/max = 1/1/1 ms
<LSRC> %Feb 10 15:46:52:766 2023 H3C LSPV/6/LSPV_PING_STATIS_INFO: -MDC=1; Ping statistics for FEC 1.1.1.1/32: 5 packets transmitted, 5 packets received, 0.0% packets loss, round-trip min/avg/max = 1/1/1 ms.
# 在华为设备上执行display mpls ldp session命令,可以查看LDP对等体间的会话信息。
<LSRB> display mpls ldp session
LDP Session(s) in Public Network
LAM: Label Advertisement Mode, KA: KeepAlive
SsnAge: Session Age, Unit(DDDD:HH:MM)
An asterisk (*) before a session means the session is being deleted.
--------------------------------------------------------------------------
PeerID Status LAM SsnRole SsnAge KASent/Rcv
--------------------------------------------------------------------------
1.1.1.1:0 Operational DU Active 0000:20:32 4930/4928
3.3.3.3:0 Operational DU Passive 0000:20:21 4889/4888
--------------------------------------------------------------------------
TOTAL: 2 Session(s) Found.
# 在LSRB上检测到LSRA和LSRC的LDP LSP的可达性。
<LSRB> ping lsp -a 2.2.2.2 ip 1.1.1.1 32
LSP PING FEC: IPV4 PREFIX 1.1.1.1/32/ : 100 data bytes, press CTRL_C to break
Reply from 12.1.1.1: bytes=100 Sequence=1 time=2 ms
Reply from 12.1.1.1: bytes=100 Sequence=2 time=1 ms
Reply from 12.1.1.1: bytes=100 Sequence=3 time=1 ms
Reply from 12.1.1.1: bytes=100 Sequence=4 time=2 ms
Reply from 12.1.1.1: bytes=100 Sequence=5 time=2 ms
--- FEC: IPV4 PREFIX 1.1.1.1/32 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/1/2 ms
<LSRB> ping lsp -a 2.2.2.2 ip 3.3.3.3 32
LSP PING FEC: IPV4 PREFIX 3.3.3.3/32/ : 100 data bytes, press CTRL_C to break
Reply from 13.1.1.2: bytes=100 Sequence=1 time=2 ms
Reply from 13.1.1.2: bytes=100 Sequence=2 time=2 ms
Reply from 13.1.1.2: bytes=100 Sequence=3 time=2 ms
Reply from 13.1.1.2: bytes=100 Sequence=4 time=2 ms
Reply from 13.1.1.2: bytes=100 Sequence=5 time=2 ms
--- FEC: IPV4 PREFIX 3.3.3.3/32 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/2/2 ms
表26 LDP方式VPLS互通性分析
|
H3C |
华为 |
互通结论 |
|
配置OSPF和LDP方式VPLS |
配置OSPF和BD接入的LDP方式VPLS |
可以互通 |
如图41所示,三台H3C设备和华为设备组成VPLS网络;在PE1和PE2上分别配置OSPF协议和LDP方式VPLS,最终实现从CE1到CE2的互通。
图41 LDP方式VPLS对接配置组网图
华为设备只支持BD接入的LDP方式VPLS。
· 配置H3C设备(CE1)
# 配置VLAN接口10。
<CE1> system-view
[CE1] vlan 10
[CE1-vlan10] quit
[CE1] interface Vlan-interface 10
[CE1-Vlan-interface10] ip address 11.1.1.1 255.255.255.0
[CE1-Vlan-interface10] quit
# 配置HundredGigE2/0/8接口。
[CE1]interface HundredGigE 2/0/8
[CE1-HundredGigE2/0/8] port link-mode bridge
[CE1-HundredGigE2/0/8] port link-type trunk
[CE1-HundredGigE2/0/8] port trunk permit vlan 10
[CE1-HundredGigE2/0/8] quit
· 配置H3C设备(PE1)
# 创建LoopBack口。
<PE1> system-view
[PE1] interface loopback 0
[PE1-LoopBack0] ip address 1.1.1.1 32
[PE1-LoopBack0] quit
# 配置HundredGigE2/0/8接口。
[PE1] interface HundredGigE 2/0/8
[PE1-HundredGigE2/0/8] port link-mode bridge
[PE1-HundredGigE2/0/8] port link-type trunk
[PE1-HundredGigE2/0/8] port trunk permit vlan 10
[PE1-HundredGigE2/0/8] quit
# 配置HundredGigE2/0/4接口。
[PE1] interface HundredGigE 2/0/4
[PE1-HundredGigE2/0/8] port link-mode route
[PE1-HundredGigE2/0/8] ip address 12.1.1.1 24
[PE1-HundredGigE2/0/8] quit
# 配置OSPF。
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# 配置MPLS。
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
# 开启L2VPN功能。
[PE1] l2vpn enable
# 创建PW模板并配置PW的数据封装类型。
[PE1] pw-class h3c
[PE1-pw-h3c] pw-type ethernet
[PE1-pw-h3c] quit
# 指定名为aaa的VSI使用LDP信令建立PW。
[PE1] vsi aaa
[PE1-vsi-aaa] pwsignaling ldp
# 配置远端PE的地址为2.2.2.2,PW ID为500,并指定PW的数据封装类型为ethernet;如果不指定PW数据封装类型,则默认封装类型为VLAN;需要保证与对端华为交换机PW封装类型一致。
[PE1-vsi-aaa-ldp] peer 2.2.2.2 pw-id 500 pw-class h3c
[PE1-vsi-aaa-ldp-2.2.2.2-500] quit
# 在接口GigabitEthernet2/0/8上创建服务实例,并绑定VSI实例aaa。
[PE1] interface gigabitethernet 2/0/8
[PE1-GigabitEthernet2/0/8] port link-mode bridge
[PE1-GigabitEthernet2/0/8] service-instance 10
[PE1-GigabitEthernet2/0/8-srv10] encapsulation s-vid 10
[PE1-GigabitEthernet2/0/8-srv10] xconnect vsi aaa access-mode ethernet
[PE1-GigabitEthernet2/0/8-srv10] quit
[PE1-GigabitEthernet2/0/8] quit
· # 配置H3C设备(CE2)
# 配置子接口可以终结的VLAN报文的最外两层VLAN ID。(当CE1以VLAN方式接入PE1时,华为交换机出来的报文中带两个VLAN头,所以需要在CE2侧对两个VLAN头剥离才能保证CE1和CE2互通)
<CE2> system-view
[CE2]interface HundredGigE 2/0/4.1
[CE2-HundredGigE2/0/4.1]ip address 11.1.1.2 255.255.255.0
[CE2-HundredGigE2/0/4.1] vlan-type dot1q vid 10 second-dot1q 10
[CE2-HundredGigE2/0/4.1] quit
· 配置华为设备(PE2)
# 如下配置以华为CE6860-48S8CQ-EI为例进行介绍,设备具体信息如下:
<PE2> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.180 (CE6860EI V200R005C10SPC800)
Copyright (C) 2012-2018 Huawei Technologies Co., Ltd.
HUAWEI CE6860-48S8CQ-EI uptime is 2 days, 13 hours, 54 minutes
CE6860-48S8CQ-EI(Master) 1 : uptime is 2 days, 13 hours, 53 minutes
StartupTime 2023/02/08 20:04:57
Memory Size : 2048 M bytes
Flash Size : 1024 M bytes
CE6860-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP01 VER A
2. MAB Version : 2
3. Board Type : CE6860-48S8CQ-EI
4. CPLD1 Version : 104
5. CPLD2 Version : 104
6. BIOS Version : 192
# 配置Loopback1口。
<PE2> system-view immediately
[PE2] interface loopback1
[PE2-Loopback1] ip address 2.2.2.2 32
[PE2-Loopback1] quit
# 配置100GE1/0/1口。
[PE2] interface 100GE 1/0/1
[PE2-100GE1/0/1] undo portswitch
[PE2-100GE1/0/1] ip address 12.1.1.2 24
[PE2-100GE1/0/1] quit
[PE2] interface 100GE 1/0/2.1 mode l2
[PE2-100GE1/0/2.1] quit
# 配置OSPF。
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2.0.0.0.0
[PE2-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# 配置MPLS。
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface 100ge 1/0/1
[PE2-10GE1/0/1] mpls
[PE2-10GE1/0/1] mpls ldp
[PE2-10GE1/0/1] quit
# 配置MPLS L2VPN。
[PE2] mpls l2vpn
[PE2-l2vpn] quit
# 配置VSI(CE6860EI V200R005C10SPC800只支持BD模式下创建VSI)。
[PE2] vsi aaa bd-mode
[PE2-vsi-aaa] encapsulation ethernet
[PE2-vsi-aaa] pwsignal ldp
[PE2-vsi-aaa-ldp] vsi-id 500
[PE2-vsi-aaa-ldp] peer 1.1.1.1
[PE2-vsi-aaa-ldp] quit
[PE2-vsi-aaa] quit
# 配置VSI。
[PE2] bridge-domain 500
[PE2-bd10] l2 binding vsi aaa
[PE2-bd10] quit
# 配置VSI与接口100GE 1/0/2.1绑定。
[PE2] interface 100GE 1/0/2.1 mode l2
[PE2-100GE1/0/2.1] encapsulation dot1q vid 10
[PE2-100GE1/0/2.1] bridge-domain 500
[PE2-100GE1/0/2.1] quit
# 在PE1上执行display l2vpn pw verbose命令,可以看到建立的PW,状态为up。
[PE1] display l2vpn pw verbose
VSI Name: aaa
Peer: 2.2.2.2 PW ID: 500
Signaling Protocol : LDP
Link ID : 1024 PW State : Up
In Label : 24253 Out Label: 54
MTU : 1500
PW Attributes : Main
VCCV CC : -
VCCV BFD : -
Tunnel Group ID : 0x800000330000000
Tunnel NHLFE IDs : 6
#在PE 2上执行display vpls vsi name aaa命令,可以看到名为aaa的VSI建立了一条PW到PE2,VSI状态为up。
[PE2] display vpls vsi name aaa verbose
***VSI Name : aaa
Administrator VSI : no
Isolate Spoken : disable
VSI Index : 3
PW Signaling : ldp
Member Discovery Style : --
Bridge-domain Mode : enable
Service Type : e-lan
PW MAC Learn Style : qualify
Encapsulation Type : ethernet
MTU : 1500
Ignore AcState : disable
P2P VSI : disable
Create Time : 2 days, 17 hours, 40 minutes, 37 seconds
VSI State : up
Resource Status : --
VSI ID : 500
*Peer Router ID : 1.1.1.1
Negotiation-vc-id : 500
Encapsulation Type : ethernet
primary or secondary : primary
ignore-standby-state : no
VC Label : 54
Peer Type : dynamic
Session : up
Tunnel ID : 0x0000000001004c4b81
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
CKey : 129
NKey : 16777583
Stp Enable : 0
PwIndex : 129
Control Word : disable
BFD for PW : unavailable
Access Bridge-domain : Bridge-domain 500
Vac State : up
Last Up Time : 2023/02/15 11:33:44
Total Up Time : 1 days, 20 hours, 35 minutes, 47 seconds
**PW Information:
*Peer Ip Address : 1.1.1.1
PW State : up
Local VC Label : 54
Remote VC Label : 24253
Remote Control Word : disable
PW Type : label
Local VCCV : alert lsp-ping bfd
Remote VCCV : lsp-ping
Tunnel ID : 0x0000000001004c4b81
Broadcast Tunnel ID : --
Broad BackupTunnel ID : --
Ckey : 129
Nkey : 16777583
Main PW Token : 0x0
Slave PW Token : 0x0
Tnl Type : ldp
OutInterface : --
Backup OutInterface : --
Stp Enable : 0
Mac Flapping : 0
Monitor Group Name : --
PW Last Up Time : 2023/02/15 19:33:36
PW Total Up Time : 2 days, 11 hours, 14 minutes, 45 seconds
# 在PE1上查看VSI的MAC地址表信息。
[PE1] display l2vpn mac-address vsi aaa
MAC Address State VSI Name Link ID/Name Aging
7485-c41b-4201 Dynamic aaa HGE2/0/8 Aging
74d6-cb83-2081 Dynamic aaa 1024 Aging
--- 2 mac address(es) found ---
# 在PE2上查看MAC地址表信息。
[PE2] display mac-address
Flags: * - Backup
# - forwarding logical interface, operations cannot be performed based
on the interface.
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/VSI/BD Learned-From Type Age
-------------------------------------------------------------------------------
7485-c41b-4201 -/aaa/500 1.1.1.1 dynamic 18077
74d6-cb83-2081 -/aaa/500 100GE1/0/2.1 dynamic 12868
-------------------------------------------------------------------------------
Total items: 2
# 在CE1(11.1.1.1)上能够ping通CE2(11.1.1.2)。
[CE1] ping 11.1.1.2
Ping 11.1.1.2 (11.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 11.1.1.2: icmp_seq=0 ttl=255 time=1.495 ms
56 bytes from 11.1.1.2: icmp_seq=1 ttl=255 time=1.149 ms
56 bytes from 11.1.1.2: icmp_seq=2 ttl=255 time=2.108 ms
56 bytes from 11.1.1.2: icmp_seq=3 ttl=255 time=1.277 ms
56 bytes from 11.1.1.2: icmp_seq=4 ttl=255 time=1.157 ms
--- Ping statistics for 11.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.149/1.437/2.108/0.358 ms
[CE1]%Feb 16 05:51:35:465 2023 Switch B PING/6/PING_STATISTICS: -MDC=1; Ping statistics for 11.1.1.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.149/1.437/2.108/0.358 ms.
# 在CE2(11.1.1.2)上能够ping通CE1(11.1.1.1)。
[CE2] ping 11.1.1.1
Ping 11.1.1.1 (11.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 11.1.1.1: icmp_seq=0 ttl=255 time=1.768 ms
56 bytes from 11.1.1.1: icmp_seq=1 ttl=255 time=1.823 ms
56 bytes from 11.1.1.1: icmp_seq=2 ttl=255 time=1.392 ms
56 bytes from 11.1.1.1: icmp_seq=3 ttl=255 time=1.343 ms
56 bytes from 11.1.1.1: icmp_seq=4 ttl=255 time=1.222 ms
--- Ping statistics for 11.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.222/1.510/1.823/0.241 ms
[CE2]%Feb 16 13:45:49:212 2023 H3C PING/6/PING_STATISTICS: Ping statistics for 11.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.222/1.510/1.823/0.241 ms.
表27 MPLS L3VPN互通性分析
|
H3C |
华为 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图42所示,三台H3C设备和华为设备组成MPLS L3VPN网络,在CE与PE之间配置EBGP交换VPN路由信息,在PE1和PE2之间配置OSPF实现PE内部的互通、配置MP-IBGP交换VPN路由信息,最终实现从CE1到CE2的互通。
图42 MPLS L3VPN对接配置组网图
· 配置H3C设备(PE1)
# 配置Loopback1口。
<PE1> system-view
[PE1] interface loopback 1
[PE1-LoopBack1] ip address 1.1.1.1 32
[PE1-LoopBack1] quit
# 配置HundredGigE2/0/4口。
[PE1] interface HundredGigE 2/0/4
[PE1-HundredGigE2/0/4] ip address 12.1.1.1 24
[PE1-HundredGigE2/0/4] quit
# 配置OSPF。
[PE1] ospf 1
[PE1-ospf-1] area 0
[PE1-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[PE1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[PE1-ospf-1-area-0.0.0.0] quit
[PE1-ospf-1] quit
# 配置MPLS和LDP功能。
[PE1] mpls lsr-id 1.1.1.1
[PE1] mpls ldp
[PE1-ldp] quit
[PE1] interface HundredGigE 2/0/4
[PE1-HundredGigE2/0/4] mpls enable
[PE1-HundredGigE2/0/4] mpls ldp enable
[PE1-HundredGigE2/0/4] quit
# 配置VPN实例,将CE1接入PE1。
[PE1] ip vpn-instance vpn1
[PE1-vpn-instance-vpn1] route-distinguisher 100:1
[PE1-vpn-instance-vpn1] vpn-target 111:1
[PE1-vpn-instance-vpn1] quit
[PE1] interface HundredGigE 2/0/8
[PE1-HundredGigE2/0/8] ip binding vpn-instance vpn1
[PE1-HundredGigE2/0/8] ip address 11.1.1.2 24
[PE1-HundredGigE2/0/8] quit
# 在PE与CE之间建立EBGP对等体,引入VPN路由。
[PE1] bgp 200
[PE1-bgp-default] ip vpn-instance vpn1
[PE1-bgp-default-vpn1] peer 11.1.1.1 as-number 100
[PE1-bgp-default-vpn1] address-family ipv4 unicast
[PE1-bgp-default-ipv4-vpn1] peer 11.1.1.1 enable
[PE1-bgp-default-ipv4-vpn1] quit
[PE1-bgp-default-vpn1] quit
[PE1-bgp-default] quit
# PE之间建立MP-IBGP对等体
[PE1] bgp 200
[PE1-bgp-default] peer 2.2.2.2 as-number 200
[PE1-bgp-default] peer 2.2.2.2 connect-interface loopback 1
[PE1-bgp-default] address-family vpnv4
[PE1-bgp-default-vpnv4] peer 2.2.2.2 enable
[PE1-bgp-default-vpnv4] quit
[PE1-bgp-default] quit
· 配置H3C设备(CE1)
# 配置HundredGigE2/0/8口。
<CE1> system-view
[CE1] interface HundredGigE 2/0/8
[CE1-HundredGigE2/0/8] ip address 11.1.1.1 24
[CE1-HundredGigE2/0/8] quit
#在PE与CE之间建立EBGP对等体,引入VPN路由。
[CE1] bgp 100
[CE1-bgp-default] peer 11.1.1.2 as-number 200
[CE1-bgp-default] address-family ipv4 unicast
[CE1-bgp-default-ipv4] peer 10.1.1.2 enable
[CE1-bgp-default-ipv4] import-route direct
[CE1-bgp-default-ipv4] quit
[CE1-bgp-default] quit
· 配置H3C设备(CE2)
# 配置HundredGigE2/0/4口。
<CE2> system-view
[CE2] interface HundredGigE 2/0/4
[CE2-HundredGigE2/0/8] ip address 13.1.1.2 24
[CE2-HundredGigE2/0/8] quit
#在PE与CE之间建立EBGP对等体,引入VPN路由。
[CE2] bgp 300
[CE2-bgp-default] peer 13.1.1.1 as-number 200
[CE2-bgp-default] address-family ipv4 unicast
[CE2-bgp-default-ipv4] peer 13.1.1.1 enable
[CE2-bgp-default-ipv4] import-route direct
[CE2-bgp-default-ipv4] quit
[CE2-bgp-default] quit
· 配置华为设备(PE2)
# 如下配置以华为CE6860-48S8CQ-EI为例进行介绍,设备具体信息如下:
<PE2> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.180 (CE6860EI V200R005C10SPC800)
Copyright (C) 2012-2018 Huawei Technologies Co., Ltd.
HUAWEI CE6860-48S8CQ-EI uptime is 2 days, 13 hours, 54 minutes
CE6860-48S8CQ-EI(Master) 1 : uptime is 2 days, 13 hours, 53 minutes
StartupTime 2023/02/08 20:04:57
Memory Size : 2048 M bytes
Flash Size : 1024 M bytes
CE6860-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP01 VER A
2. MAB Version : 2
3. Board Type : CE6860-48S8CQ-EI
4. CPLD1 Version : 104
5. CPLD2 Version : 104
6. BIOS Version : 192
# 配置Loopback1口。
<PE2> system-view immediately
[PE2] interface loopback1
[PE2-Loopback1] ip address 2.2.2.2 32
[PE2-Loopback1] quit
# 配置100GE1/0/1口。
[PE2] interface 100GE 1/0/1
[PE2-100GE1/0/1] undo portswitch
[PE2-100GE1/0/1] ip address 12.1.1.2 24
[PE2-100GE1/0/1] quit
# 配置OSPF。
[PE2] ospf 1
[PE2-ospf-1] area 0
[PE2-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[PE2-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[PE2-ospf-1-area-0.0.0.0] quit
[PE2-ospf-1] quit
# 配置MPLS和LDP。
[PE2] mpls lsr-id 2.2.2.2
[PE2] mpls
[PE2-mpls] quit
[PE2] mpls ldp
[PE2-mpls-ldp] quit
[PE2] interface 100GE 1/0/1
[PE2-100GE1/0/1] mpls
[PE2-100GE1/0/1] mpls ldp
[PE2-100GE1/0/1] quit
# 配置VPN实例,将CE2接入PE2。
[PE2] ip vpn-instance vpn1
[PE2-vpn-instance-vpn1] ipv4-family
[PE2-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
[PE2-vpn-instance-vpn1-af-ipv4] vpn-target 111:1 both
[PE2-vpn-instance-vpn1-af-ipv4] quit
[PE2-vpn-instance-vpn1] quit
[PE2] interface 100GE 1/0/2
[PE2-100GE1/0/1] undo portswitch
[PE2-100GE1/0/1] ip binding vpn-instance vpn1
[PE2-100GE1/0/1] ip address 13.1.1.1 24
[PE2-100GE1/0/1] quit
# 在PE2与CE2之间建立EBGP对等体,引入VPN路由。
[PE2] bgp 200
[PE2-bgp] ipv4-family vpn-instance vpn1
[PE2-bgp-vpn1] peer 13.1.1.2 as-number 300
[PE2-bgp-vpn1] quit
[PE2-bgp] quit
# 在PE1上执行display bgp peer vpnv4命令,可以看到PE之间的IBGP对等体关系已建立,并达到Established状态。
[PE1] display bgp peer vpnv4
BGP local router ID: 1.1.1.1
Local AS number: 200
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
2.2.2.2 200 1720 1912 0 3 24:51:49 Established
# 在PE1上执行display bgp peer vpnv4命令,可以看到PE1与CE1之间的EBGP对等体关系已建立,并达到Established状态。
[PE1] display bgp peer ipv4 vpn-instance vpn1
BGP local router ID: 1.1.1.1
Local AS number: 200
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
11.1.1.1 100 328 307 0 2 04:51:03 Established
# 在PE1上Ping CE1,可以Ping通。
<PE1> ping -vpn-instance vpn1 11.1.1.1
Ping 11.1.1.1 (11.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 11.1.1.1: icmp_seq=0 ttl=255 time=2.323 ms
56 bytes from 11.1.1.1: icmp_seq=1 ttl=255 time=1.274 ms
56 bytes from 11.1.1.1: icmp_seq=2 ttl=255 time=1.405 ms
56 bytes from 11.1.1.1: icmp_seq=3 ttl=255 time=1.230 ms
56 bytes from 11.1.1.1: icmp_seq=4 ttl=255 time=1.497 ms
--- Ping statistics for 11.1.1.1 in VPN instance vpn1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.230/1.546/2.323/0.400 ms
<PE1>%Feb 22 16:32:25:730 2023 H3C PING/6/PING_VPN_STATISTICS: -MDC=1; Ping statistics for 11.1.1.1 in VPN instance vpn1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.230/1.546/2.323/0.400 ms.
# 在PE2上执行display bgp vpnv4 all peer命令,可以看到PE2与PE1、CE2的BGP对等体关系已建立,并达到Established状态。
[PE2] display bgp vpnv4 all peer
BGP local router ID : 2.2.2.2
Local AS number : 200
Total number of peers : 2
Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
1.1.1.1 4 200 1925 1734 0 0025h03m Established 2
Peer of IPv4-family for vpn instance :
VPN-Instance vpn1, Router ID 2.2.2.2:
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
13.1.1.2 4 300 1305 1666 0 21:26:10 Established 3
# 在PE2上Ping CE2,可以Ping通。
<PE2> ping -vpn-instance vpn1 13.1.1.2
PING 13.1.1.2: 56 data bytes, press CTRL_C to break
Reply from 13.1.1.2: bytes=56 Sequence=1 ttl=255 time=4 ms
Reply from 13.1.1.2: bytes=56 Sequence=2 ttl=255 time=2 ms
Reply from 13.1.1.2: bytes=56 Sequence=3 ttl=255 time=1 ms
Reply from 13.1.1.2: bytes=56 Sequence=4 ttl=255 time=1 ms
Reply from 13.1.1.2: bytes=56 Sequence=5 ttl=255 time=2 ms
--- 13.1.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 1/2/4 ms
#在CE1上Ping CE2,可以Ping通。
<CE1> ping 13.1.1.2
Ping 13.1.1.2 (13.1.1.2): 56 data bytes, press CTRL+C to break
56 bytes from 13.1.1.2: icmp_seq=0 ttl=253 time=1.953 ms
56 bytes from 13.1.1.2: icmp_seq=1 ttl=253 time=1.355 ms
56 bytes from 13.1.1.2: icmp_seq=2 ttl=253 time=1.166 ms
56 bytes from 13.1.1.2: icmp_seq=3 ttl=253 time=1.063 ms
56 bytes from 13.1.1.2: icmp_seq=4 ttl=253 time=1.177 ms
--- Ping statistics for 13.1.1.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.063/1.343/1.953/0.319 ms
<CE1>%Feb 22 08:40:23:685 2023 Switch B PING/6/PING_STATISTICS: -MDC=1; Ping statistics for 13.1.1.2: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.063/1.343/1.953/0.319 ms.
# 在CE 2上Ping CE1,可以Ping通。
<CE2> ping 11.1.1.1
Ping 11.1.1.1 (11.1.1.1): 56 data bytes, press CTRL+C to break
56 bytes from 11.1.1.1: icmp_seq=0 ttl=253 time=1.732 ms
56 bytes from 11.1.1.1: icmp_seq=1 ttl=253 time=1.256 ms
56 bytes from 11.1.1.1: icmp_seq=2 ttl=253 time=1.279 ms
56 bytes from 11.1.1.1: icmp_seq=3 ttl=253 time=2.485 ms
56 bytes from 11.1.1.1: icmp_seq=4 ttl=253 time=2.700 ms
--- Ping statistics for 11.1.1.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.256/1.890/2.700/0.602 ms
<CE2>%Feb 22 16:34:49:957 2023 H3C PING/6/PING_STATISTICS: Ping statistics for 11.1.1.1: 5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 1.256/1.890/2.700/0.602 ms.
表28 互通性分析
|
H3C |
华为 |
互通结论 |
|
支持 |
支持 |
可以互通 |
|
场景 |
产品型号 |
推荐版本 |
|
数据中心 |
S12500X-AF/S12500G-AF/S12500F-AF |
· S12500X-AF/S12500F-AF H系列单板:R2825 · S12500G-AF全系列单板:R7625及以上的版本 |
|
S9820/S9850 |
S9820/S9850:R6710 |
|
|
S6800/S6860/S6812[S6813]/S6805/S6825/S6850/S6890/S6900 |
· S6800/S6860/S6900/S6805/S6850/S6825:R6710 · S6890:R2825 · S6812/S6813:F6628P22 |
|
|
园区 |
S12500G-AF/S12500-XS |
R7625及以上的版本 |
|
S10500X |
R7625及以上的版本 |
|
|
S7600/S7600E-X/S7500X |
R7625及以上的版本 |
|
|
S6550XE-HI/S6525XE-HI/S6520X-EI/S6520X-HI/S5560X-EI/S5560X-HI |
· S6550XE-HI/S6525XE-HI:E8106及以上版本 · S6520X-EI/S6520X-HI:F6628P11及以上版本 · S5560X-EI/S5560X-HI:F6628P11及以上版本 |
如图43所示,H3C设备与华为设备通过各自的二层以太网聚合接口相互连接。现要求在H3C设备和华为设备上分别配置M-LAG,实现两台物理设备在聚合层面虚拟成一台设备来实现跨设备链路聚合,从而提供设备级冗余保护和流量负载分担。
图43 M-LAG对接配置组网图
· 配置H3C设备(SwitchA)
# 配置M-LAG系统MAC地址。
<SwitchA> system-view
[SwitchA] m-lag system-mac 0000-0000-1111
# 配置M-LAG系统编号。
[SwitchA] m-lag system-number 1
# 配置M-LAG系统优先级。
[SwitchA] m-lag system-priority 100
# 创建VLAN 1000。
[SwitchA] vlan 1000
[SwitchA-vlan1000] quit
# 配置端口Ten-GigabitEthernet1/0/48工作在三层模式,并配置IP地址为Keepalive报文的源IP地址。
[SwitchA] interface Ten-GigabitEthernet1/0/48
[SwitchA-Ten-GigabitEthernet1/0/48] port link-mode route
[SwitchA-Ten-GigabitEthernet1/0/48] ip address 22.254.121.7 255.255.255.254
[SwitchA-Ten-GigabitEthernet1/0/48] quit
# 配置Keepalive报文的目的IP地址和源IP地址。
[SwitchA] m-lag keepalive ip destination 22.254.121.6 source 22.254.121.7
# 配置Keepalive链路接口为保留接口。
[SwitchA] m-lag mad exclude interface Ten-GigabitEthernet 1/0/48
# 创建二层聚合接口1、256、1002,并配置该接口为动态聚合模式。
[SwitchA] interface Bridge-Aggregation 1
[SwitchA-Bridge-Aggregation1] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation1] quit
[SwitchA] interface Bridge-Aggregation 256
[SwitchA-Bridge-Aggregation256] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation256] quit
[SwitchA] interface Bridge-Aggregation 1002
[SwitchA-Bridge-Aggregation1002] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation1002] quit
# 分别将端口Ten-GigabitEthernet1/0/7、Ten-GigabitEthernet1/0/8加入到聚合组1,将端口Ten-GigabitEthernet1/0/2加入到聚合组1002,将端口FortyGigE1/0/53和FortyGigE1/0/54加入到聚合组256。
[SwitchA] interface Ten-GigabitEthernet1/0/7
[SwitchA-Ten-GigabitEthernet1/0/7] port link-aggregation group 1
[SwitchA-Ten-GigabitEthernet1/0/7] quit
[SwitchA] interface Ten-GigabitEthernet1/0/8
[SwitchA-Ten-GigabitEthernet1/0/8] port link-aggregation group 1
[SwitchA-Ten-GigabitEthernet1/0/8] quit
[SwitchA] interface Ten-GigabitEthernet1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 1002
[SwitchA-Ten-GigabitEthernet1/0/2] quit
[SwitchA] interface FortyGigE 1/0/53
[SwitchA-FortyGigE1/0/53] port link-aggregation group 256
[SwitchA-FortyGigE1/0/53] quit
[SwitchA] interface FortyGigE 1/0/54
[SwitchA-FortyGigE1/0/54] port link-aggregation group 256
[SwitchA-FortyGigE1/0/54] quit
# 将二层聚合接口256配置为IPP口。
[SwitchA] interface Bridge-Aggregation 256
[SwitchA-Bridge-Aggregation256] port m-lag peer-link 1
[SwitchA-Bridge-Aggregation256] quit
# 聚合端口1和1002加入VLAN 1000。
[SwitchA] interface Bridge-Aggregation 1
[SwitchA-Bridge-Aggregation1] port link-type trunk
[SwitchA-Bridge-Aggregation1] undo port trunk permit vlan 1
[SwitchA-Bridge-Aggregation1] port trunk permit vlan 1000
[SwitchA-Bridge-Aggregation1] quit
[SwitchA] interface Bridge-Aggregation 1002
[SwitchA-Bridge-Aggregation1002] port link-type trunk
[SwitchA-Bridge-Aggregation1002] undo port trunk permit vlan 1
[SwitchA-Bridge-Aggregation1002] port trunk permit vlan 1000
[SwitchA-Bridge-Aggregation1002] quit
# 将二层聚合接口1加入分布式聚合组1000,二层聚合接口1002加入分布式聚合组1002。
[SwitchA] interface Bridge-Aggregation 1
[SwitchA-Bridge-Aggregation1] port m-lag group 1000
[SwitchA-Bridge-Aggregation1] quit
[SwitchA] interface Bridge-Aggregation 1002
[SwitchA-Bridge-Aggregation1002] port m-lag group 1002
[SwitchA-Bridge-Aggregation1002] quit
· 配置H3C设备(SwitchB)
# 配置M-LAG系统MAC地址。
<SwitchB> system-view
[SwitchB] m-lag system-mac 0000-0000-1111
# 配置M-LAG系统编号。
[SwitchB] m-lag system-number 2
# 配置M-LAG系统优先级。
[SwitchB] m-lag system-priority 100
# 创建VLAN 1000。
[SwitchB] vlan 1000
[SwitchB-vlan1000] quit
# 配置端口Ten-GigabitEthernet1/0/48工作在三层模式,并配置IP地址为Keepalive报文的源IP地址。
[SwitchB] interface Ten-GigabitEthernet1/0/48
[SwitchB-Ten-GigabitEthernet1/0/48] port link-mode route
[SwitchB-Ten-GigabitEthernet1/0/48] ip address 22.254.121.6 255.255.255.254
[SwitchB-Ten-GigabitEthernet1/0/48] quit
# 配置Keepalive报文的目的IP地址和源IP地址。
[SwitchB] m-lag keepalive ip destination 22.254.121.7 source 22.254.121.6
# 配置Keepalive链路接口为保留接口。
[SwitchB] m-lag mad exclude interface Ten-GigabitEthernet 1/0/48
# 创建二层聚合接口1、256、1002,并配置该接口为动态聚合模式。
[SwitchB] interface Bridge-Aggregation 1
[SwitchB-Bridge-Aggregation1] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation1] quit
[SwitchB] interface Bridge-Aggregation 256
[SwitchB-Bridge-Aggregation256] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation256] quit
[SwitchB] interface Bridge-Aggregation 1002
[SwitchB-Bridge-Aggregation1002] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation1002] quit
# 分别将端口Ten-GigabitEthernet1/0/7、Ten-GigabitEthernet1/0/8加入到聚合组1,将端口Ten-GigabitEthernet1/0/2加入到聚合组1002,将端口FortyGigE 1/0/53和FortyGigE 1/0/54加入到聚合组256。
[SwitchB] interface Ten-GigabitEthernet1/0/7
[SwitchB-Ten-GigabitEthernet1/0/7] port link-aggregation group 1
[SwitchB-Ten-GigabitEthernet1/0/7] quit
[SwitchB] interface Ten-GigabitEthernet1/0/8
[SwitchB-Ten-GigabitEthernet1/0/8] port link-aggregation group 1
[SwitchB-Ten-GigabitEthernet1/0/8] quit
[SwitchB] interface Ten-GigabitEthernet1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 1002
[SwitchB-Ten-GigabitEthernet1/0/2] quit
[SwitchB] interface FortyGigE 1/0/53
[SwitchB-FortyGigE 1/0/53] port link-aggregation group 256
[SwitchB-FortyGigE 1/0/53] quit
[SwitchB] interface FortyGigE 1/0/54
[SwitchB-FortyGigE 1/0/54] port link-aggregation group 256
[SwitchB-FortyGigE 1/0/54] quit
# 将二层聚合接口256配置为IPP口。
[SwitchB] interface Bridge-Aggregation 256
[SwitchB-Bridge-Aggregation256] port m-lag peer-link 1
[SwitchB-Bridge-Aggregation256] quit
# 聚合端口1和1002加入VLAN 1000。
[SwitchB] interface Bridge-Aggregation 1
[SwitchB-Bridge-Aggregation1] port link-type trunk
[SwitchB-Bridge-Aggregation1] undo port trunk permit vlan 1
[SwitchB-Bridge-Aggregation1] port trunk permit vlan 1000
[SwitchB-Bridge-Aggregation1] quit
[SwitchB] interface Bridge-Aggregation 1002
[SwitchB-Bridge-Aggregation1002] port link-type trunk
[SwitchB-Bridge-Aggregation1002] undo port trunk permit vlan 1
[SwitchB-Bridge-Aggregation1002] port trunk permit vlan 1000
[SwitchB-Bridge-Aggregation1002] quit
# 将二层聚合接口1加入分布式聚合组1000,二层聚合接口1002加入分布式聚合组1002。
[SwitchB] interface Bridge-Aggregation 1
[SwitchB-Bridge-Aggregation1] port m-lag group 1000
[SwitchB-Bridge-Aggregation1] quit
[SwitchB] interface Bridge-Aggregation 1002
[SwitchB-Bridge-Aggregation1002] port m-lag group 1002
[SwitchB-Bridge-Aggregation1002] quit
· 配置华为设备(HUAWEIA)
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEIA> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 创建VLAN 1000。
<HUAWEIA> system-view
Enter system view, return user view with return command.
[~HUAWEIA] vlan 1000
[~HUAWEIA-vlan1000] quit
[~HUAWEIA] commit
# 配置端口25GE1/0/15工作在三层模式,并配置IP地址为Keepalive报文的源IP地址。
[~HUAWEIA] interface 25GE 1/0/15
[~HUAWEIA-25GE1/0/15] undo portswitch
[~HUAWEIA-25GE1/0/15] ip address 10.254.120.2 255.255.255.0
[~HUAWEIA-25GE1/0/15] quit
[~HUAWEIA] commit
# 创建动态交换服务组DFS Group,并配置DFS Group优先级,配置DFS Group绑定的IPv4地址。
[~HUAWEIA] dfs-group 1
[~HUAWEIA-dfs-group-1] priority 150
[~HUAWEIA-dfs-group-1] source ip 10.254.120.2
[~HUAWEIA-dfs-group-1] quit
[~HUAWEIA] commit
# 创建二层聚合接口Eth-Trunk1、Eth-Trunk10,并配置该接口为动态LACP模式。
[~HUAWEIA] interface Eth-Trunk 1
[~HUAWEIA-Eth-Trunk1] mode lacp-dynamic
[~HUAWEIA-Eth-Trunk1] quit
[~HUAWEIA] interface Eth-Trunk 10
[~HUAWEIA-Eth-Trunk10] mode lacp-dynamic
[~HUAWEIA-Eth-Trunk10] quit
# 创建二层聚合接口Eth-Trunk0,并配置该接口为静态LACP模式。
[~HUAWEIA] interface Eth-Trunk 0
[~HUAWEIA-Eth-Trunk0] mode lacp-static
[~HUAWEIA-Eth-Trunk0] quit
[~HUAWEIA] commit
# 分别将端口25G1/0/7、25G1/0/8加入到聚合组1,将端口25G1/0/3加入到聚合组10,将端口100GE1/0/1、100GE1/0/2加入到聚合组0。
[~HUAWEIA] interface 25GE 1/0/7
[~HUAWEIA-25GE1/0/7] eth-trunk 1
[~HUAWEIA-25GE1/0/7] quit
[~HUAWEIA] interface 25GE 1/0/8
[~HUAWEIA-25GE1/0/8] eth-trunk 1
[~HUAWEIA-25GE1/0/8] quit
[~HUAWEIA] interface 100GE 1/0/1
[~HUAWEIA-100GE1/0/1] eth-trunk 0
[~HUAWEIA-100GE1/0/1] quit
[~HUAWEIA] interface 100GE 1/0/2
[~HUAWEIA-100GE1/0/2] eth-trunk 0
[~HUAWEIA-100GE1/0/2] quit
[~HUAWEIA] interface 25GE 1/0/3
[~HUAWEIA-25GE1/0/3] eth-trunk 10
[~HUAWEIA-25GE1/0/3] quit
[~HUAWEIA] commit
# 指定Eth-Trunk0接口为peer-link接口。
[~HUAWEIA] interface Eth-Trunk 0
[~HUAWEIA-Eth-Trunk0] peer-link 1
[*HUAWEIA-Eth-Trunk0] qui
[*HUAWEIA] commit
Committing....done.
# 配置 Eth-Trunk1、Eth-Trunk10加入VLAN1000。
[~HUAWEIA]interface Eth-Trunk 1
[~HUAWEIA-Eth-Trunk1] port link-type trunk
[~HUAWEIA-Eth-Trunk1] undo port trunk allow-pass vlan 1
[~HUAWEIA-Eth-Trunk1] port trunk allow-pass vlan 1000
[~HUAWEIA-Eth-Trunk1] quit
[~HUAWEIA]interface Eth-Trunk 10
[~HUAWEIA-Eth-Trunk10] port link-type trunk
[~HUAWEIA-Eth-Trunk10] undo port trunk allow-pass vlan 1
[~HUAWEIA-Eth-Trunk10] port trunk allow-pass vlan 1000
[~HUAWEIA-Eth-Trunk10] quit
[*HUAWEIA] commit
· 配置华为设备(HUAWEIB)
# 如下配置以华为CE6865-48S8CQ-EI为例进行介绍,设备具体信息如下:
<HUAWEIB> display version
Huawei Versatile Routing Platform Software
VRP (R) software, Version 8.191 (CE6865EI V200R019C10SPC800)
Copyright (C) 2012-2020 Huawei Technologies Co., Ltd.
HUAWEI CE6865-48S8CQ-EI uptime is 3 days, 18 hours, 29 minutes
CE6865-48S8CQ-EI(Master) 1 : uptime is 3 days, 18 hours, 28 minutes
StartupTime 2022/06/23 19:58:16
Memory Size : 4096 M bytes
Flash Size : 2048 M bytes
CE6865-48S8CQ-EI version information
1. PCB Version : CEM48S8CQP04 VER A
2. MAB Version : 1
3. Board Type : CE6865-48S8CQ-EI
4. CPLD1 Version : 102
5. CPLD2 Version : 102
6. BIOS Version : 205
# 创建VLAN 1000。
<HUAWEIB> system-view
[~HUAWEIB] vlan 1000
[~HUAWEIB-vlan1000] quit
[~HUAWEIB] commit
# 配置端口25GE1/0/15工作在三层模式,并配置IP地址为Keepalive报文的源IP地址。
[~HUAWEIB] interface 25GE 1/0/15
[~HUAWEIB-25GE1/0/15] undo portswitch
[~HUAWEIB-25GE1/0/15] ip address 10.254.120.2 255.255.255.0
[~HUAWEIB-25GE1/0/15] quit
[~HUAWEIB] commit
# 创建动态交换服务组DFS Group,并配置DFS Group优先级,配置DFS Group绑定的IPv4地址。
[~HUAWEIB] dfs-group 1
[~HUAWEIB-dfs-group-1] priority 150
[~HUAWEIB-dfs-group-1] source ip 10.254.120.2
[~HUAWEIB-dfs-group-1] quit
[~HUAWEIB] commit
# 创建二层聚合接口Eth-Trunk1、Eth-Trunk10,并配置该接口为动态LACP模式。
[~HUAWEIB] interface Eth-Trunk 1
[~HUAWEIB-Eth-Trunk1] mode lacp-dynamic
[~HUAWEIB-Eth-Trunk1] quit
[~HUAWEIB] interface Eth-Trunk 10
[~HUAWEIB-Eth-Trunk10] mode lacp-dynamic
[~HUAWEIB-Eth-Trunk10] quit
# 创建二层聚合接口Eth-Trunk0,并配置该接口为静态LACP模式。
[~HUAWEIB] interface Eth-Trunk 0
[~HUAWEIB-Eth-Trunk0] mode lacp-static
[~HUAWEIB-Eth-Trunk0] quit
[~HUAWEIB] commit
# 分别将端口25G1/0/7、25G1/0/8加入到聚合组1,将端口25G1/0/3加入到聚合10,将端口100GE1/0/1、100GE1/0/2加入到聚合组0。
[~HUAWEIB] interface 25GE 1/0/7
[~HUAWEIB-25GE1/0/7] eth-trunk 1
[~HUAWEIB-25GE1/0/7] quit
[~HUAWEIB] interface 25GE 1/0/8
[~HUAWEIB-25GE1/0/8] eth-trunk 1
[~HUAWEIB-25GE1/0/8] quit
[~HUAWEIB] interface 100GE 1/0/1
[~HUAWEIB-100GE1/0/1] eth-trunk 0
[~HUAWEIB-100GE1/0/1] quit
[~HUAWEIB] interface 100GE 1/0/2
[~HUAWEIB-100GE1/0/2] eth-trunk 0
[~HUAWEIB-100GE1/0/2] quit
[~HUAWEIB] interface 25GE 1/0/3
[~HUAWEIB-25GE1/0/3] eth-trunk 10
[~HUAWEIB-25GE1/0/3] quit
[~HUAWEIB] commit
# 指定Eth-Trunk 0接口为peer-link接口。
[~HUAWEIB] interface Eth-Trunk 0
[~HUAWEIB-Eth-Trunk0] peer-link 1
Info: Prepare for configuring the peer-link. Please wait.....done.
[*HUAWEIB-Eth-Trunk0] qui
[*HUAWEIB] commit
# 配置 Eth-Trunk1、Eth-Trunk10加入VLAN1000。
[~HUAWEIB]interface Eth-Trunk 1
[~HUAWEIB-Eth-Trunk1] port link-type trunk
[~HUAWEIB-Eth-Trunk1] undo port trunk allow-pass vlan 1
[~HUAWEIB-Eth-Trunk1] port trunk allow-pass vlan 1000
[~HUAWEIB-Eth-Trunk1] quit
[~HUAWEIB]interface Eth-Trunk 10
[~HUAWEIB-Eth-Trunk10] port link-type trunk
[~HUAWEIB-Eth-Trunk10] undo port trunk allow-pass vlan 1
[~HUAWEIB-Eth-Trunk10] port trunk allow-pass vlan 1000
[~HUAWEIB-Eth-Trunk10] quit
[*HUAWEIB] commit
# 在H3C设备上验证M-LAG的详细信息。
[SwitchA] display m-lag summary
Flags: A -- Aggregate interface down, B -- No peer M-LAG interface configured
C -- Configuration consistency check failed
Peer-link interface: BAGG256
Peer-link interface state (cause): UP
Keepalive link state (cause): UP
M-LAG interface information
M-LAG IF M-LAG group Local state (cause) Peer state Remaining down time(s)
BAGG1 1000 UP UP -
BAGG1002 1002 UP UP -
[SwitchB] display m-lag summary
Flags: A -- Aggregate interface down, B -- No peer M-LAG interface configured
C -- Configuration consistency check failed
Peer-link interface: BAGG256
Peer-link interface state (cause): UP
Keepalive link state (cause): UP
M-LAG interface information
M-LAG IF M-LAG group Local state (cause) Peer state Remaining down time(s)
BAGG1 1000 UP UP -
BAGG1002 1002 UP UP -
# 在华为设备上验证M-LAG的详细信息。
[~HUAWEIA] display dfs-group 1 m-lag
* : Local node
Heart beat state : OK
Node 1 *
Dfs-Group ID : 1
Priority : 150
Address : ip address 10.254.120.2
State : Master
Causation : -
System ID : ccbb-fe01-abf1
SysName : HUAWEIA
Version : V200R019C10SPC800
Device Type : CE6865EI
Node 2
Dfs-Group ID : 1
Priority : 100
Address : ip address 10.254.120.3
State : Backup
Causation : -
System ID : ccbb-fe01-abe1
SysName : HUAWEIB
Version : V200R019C10SPC800
Device Type : CE6865EI
[~HUAWEIA]disp dfs-group 1 m-lag
* : Local node
Heart beat state : OK
Node 2 *
Dfs-Group ID : 1
Priority : 100
Address : ip address 10.254.120.3
State : Backup
Causation : -
System ID : ccbb-fe01-abe1
SysName : HUAWEIB
Version : V200R019C10SPC800
Device Type : CE6865EI
Node 1
Dfs-Group ID : 1
Priority : 150
Address : ip address 10.254.120.2
State : Master
Causation : -
System ID : ccbb-fe01-abf1
SysName : HUAWEIA
Version : V200R019C10SPC800
Device Type : CE6865EI
[~HUAWEI-2]
# 在Device A上Ping Device B,可以Ping通。
<DeviceA> ping 10.0.0.1
Ping 10.0.0.1 (10.0.0.1): 56 data bytes, press CTRL+C to break
56 bytes from 10.0.0.1: icmp_seq=0 ttl=255 time=1.519 ms
56 bytes from 10.0.0.1: icmp_seq=1 ttl=255 time=1.262 ms
56 bytes from 10.0.0.1: icmp_seq=2 ttl=255 time=1.256 ms
56 bytes from 10.0.0.1: icmp_seq=3 ttl=255 time=1.184 ms
56 bytes from 10.0.0.1: icmp_seq=4 ttl=255 time=1.116 ms
--- Ping statistics for 10.0.0.1 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.116/1.267/1.519/0.137 ms
# 在Device B上Ping Device A,可以Ping通。
<DeviceB> ping 10.0.0.2
Ping 10.0.0.2 (10.0.0.2): 56 data bytes, press CTRL+C to break
56 bytes from 10.0.0.2: icmp_seq=0 ttl=255 time=1.519 ms
56 bytes from 10.0.0.2: icmp_seq=1 ttl=255 time=1.262 ms
56 bytes from 10.0.0.2: icmp_seq=2 ttl=255 time=1.256 ms
56 bytes from 10.0.0.2: icmp_seq=3 ttl=255 time=1.184 ms
56 bytes from 10.0.0.2: icmp_seq=4 ttl=255 time=1.116 ms
--- Ping statistics for 10.0.0.2 ---
5 packet(s) transmitted, 5 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 1.116/1.267/1.519/0.137 ms
表29 互通性分析
|
H3C |
赫斯曼 |
互通结论 |
|
支持 |
支持 |
可以互通 |
如图44所示,H3C设备作为MRC接入赫斯曼设备的MRP环网。现要求将H3C设备作为MRP环网的MRM,对MRP环网的环路状态进行检测,并对环网进行管理,如图45所示。
图44 H3C设备接入赫斯曼MRP环网配置组网图
图45 将H3C设备作为MRP环网的MRM配置组网图
· 配置H3C设备(DeviceD)
# 创建VLAN 4000。
<H3C> system-view
[H3C] vlan 4000
# 在MRP冗余域视图下,配置该MRP冗余域中用于传输MRP协议报文的VLAN ID为4000。
[H3C] iec-mrp redundancy-domain 1
[H3C-iec-mrp-redundancy-domain1] iec-mrp vlan 4000
# 配置设备在MRP冗余域中的节点角色。
[H3C-iec-mrp-redundancy-domain1] iec-mrp role client
[H3C-iec-mrp-redundancy-domain1] quit
# 配置端口GigabitEthernet1/0/1绑定MRP冗余域。
[H3C] interface GigabitEthernet1/0/1
[H3C-GigabitEthernet1/0/1] port link-type trunk
[H3C-GigabitEthernet1/0/1] port trunk permit vlan all
[H3C-GigabitEthernet1/0/1] undo stp enable
[H3C-GigabitEthernet1/0/1] port iec-mrp redundancy-domain 1
[H3C-GigabitEthernet1/0/1] quit
# 配置端口GigabitEthernet1/0/3绑定MRP冗余域。
[H3C] interface GigabitEthernet1/0/3
[H3C-GigabitEthernet1/0/3] port link-type trunk
[H3C-GigabitEthernet1/0/3] port trunk permit vlan all
[H3C-GigabitEthernet1/0/3] undo stp enable
[H3C-GigabitEthernet1/0/3] port iec-mrp redundancy-domain 1
[H3C-GigabitEthernet1/0/3] quit
# 开启MRP功能。
[H3C] iec-mrp redundancy-domain 1
[H3C-iec-mrp-redundancy-domain1] iec-mrp enable
[H3C-iec-mrp-redundancy-domain1] quit
· 配置赫斯曼设备(DeviceA)
# 创建VLAN,并配置端口允许通过。
(Hirschmann Railswitch) (Config)# vlan participation all include 100
(Hirschmann Railswitch) (Config)# vlan participation all include 4000
(Hirschmann Railswitch) (Config)# interface 1/3
(Hirschmann Railswitch) (Interface 1/3)# vlan acceptframe all
(Hirschmann Railswitch) (Interface 1/3)# vlan participation include 4000
(Hirschmann Railswitch) (Interface 1/3)# vlan tagging 4000
(Hirschmann Railswitch) (Interface 1/3)# vlan participation include 100
(Hirschmann Railswitch) (Interface 1/3)# vlan tagging 100
(Hirschmann Railswitch) (Interface 1/3)# no spanning-tree port mode
(Hirschmann Railswitch) (Interface 1/3)# exit
# 配置MRP的角色为MRM。
(Hirschmann Railswitch) (Config)# mrp current-domain mode manager
# 配置MRP协议交互VLAN。
(Hirschmann Railswitch) (Config)# mrp current-domain vlan 4000
# 配置MRP主副端口。
(Hirschmann Railswitch) (Config)# mrp current-domain port primary 1/3
(Hirschmann Railswitch) (Config)# mrp current-domain port secondary 1/4
# 开启MRP。
(Hirschmann Railswitch) (Config)# mrp current-domain operation enable
· 配置赫斯曼设备(DeviceB)
# 创建VLAN,并配置端口允许通过。
(Hirschmann Railswitch) (Config)# vlan participation all include 100
(Hirschmann Railswitch) (Config)# vlan participation all include 4000
(Hirschmann Railswitch) (Config)# interface 1/3
(Hirschmann Railswitch) (Interface 1/3)# vlan acceptframe all
(Hirschmann Railswitch) (Interface 1/3)# vlan participation include 4000
(Hirschmann Railswitch) (Interface 1/3)# vlan tagging 4000
(Hirschmann Railswitch) (Interface 1/3)# vlan participation include 100
(Hirschmann Railswitch) (Interface 1/3)# vlan tagging 100
(Hirschmann Railswitch) (Interface 1/3)# no spanning-tree port mode
(Hirschmann Railswitch) (Interface 1/3)# exit
# 配置MRP的角色为MRC。
(Hirschmann Railswitch) (Config)# mrp current-domain mode client
# 配置MRP协议交互VLAN。
(Hirschmann Railswitch) (Config)# mrp current-domain vlan 4000
# 配置MRP主副端口。
(Hirschmann Railswitch) (Config)# mrp current-domain port primary 1/3
(Hirschmann Railswitch) (Config)# mrp current-domain port secondary 1/4
# 开启MRP。
(Hirschmann Railswitch) (Config)# mrp current-domain operation enable
· 配置赫斯曼设备(DeviceC)
# 创建VLAN,并配置端口允许通过。
(Hirschmann Railswitch) (Config)# vlan participation all include 100
(Hirschmann Railswitch) (Config)# vlan participation all include 4000
(Hirschmann Railswitch) (Config)# interface 1/3
(Hirschmann Railswitch) (Interface 1/3)# vlan acceptframe all
(Hirschmann Railswitch) (Interface 1/3)# vlan participation include 4000
(Hirschmann Railswitch) (Interface 1/3)# vlan tagging 4000
(Hirschmann Railswitch) (Interface 1/3)# vlan participation include 100
(Hirschmann Railswitch) (Interface 1/3)# vlan tagging 100
(Hirschmann Railswitch) (Interface 1/3)# no spanning-tree port mode
(Hirschmann Railswitch) (Interface 1/3)# exit
# 配置MRP的角色为MRC。
(Hirschmann Railswitch) (Config)# mrp current-domain mode client
# 配置MRP协议交互VLAN。
(Hirschmann Railswitch) (Config)# mrp current-domain vlan 4000
# 配置MRP主副端口。
(Hirschmann Railswitch) (Config)# mrp current-domain port primary 1/3
(Hirschmann Railswitch) (Config)# mrp current-domain port secondary 1/4
# 开启MRP。
(Hirschmann Railswitch) (Config)# mrp current-domain operation enable
· 配置H3C设备(DeviceD)
# 配置设备在MRP冗余域中的节点角色。
<H3C> system-view
[H3C-iec-mrp-redundancy-domain1] iec-mrp role manager
[H3C-iec-mrp-redundancy-domain1] quit
· 配置赫斯曼设备(DeviceA)
# 配置MRP的角色为MRC。
(Hirschmann Railswitch) (Config)# mrp current-domain mode client
# 在H3C设备上查看MRP状态。
[H3C] display iec-mrp redundancy-domain 1 ver
Redundancy domain ID : 1
Domain name : N/A
Domain UUID : FFFFFFFF-FFFF-FFFF-FFFF-FFFFFFFFFFFF
Device role : MRM
Device priority : 32768
VLAN ID : 4000
Enhanced mode : Disabled
Convergence profile : 500 ms
Block state : Supported
Ring ports : GigabitEthernet1/0/1 forwarding
: GigabitEthernet1/0/3 forwarding
Link down change interval : 20 ms
Link up change interval : 20 ms
Link change count : 4
# 在赫斯曼交换机上查看MRP状态。
(Hirschmann Railswitch) #show mrp current-domain summary
Domain ID: 255.255.255.255.255.255.255.255.255.255.255.255.255.255.255.255
(Default MRP domain)
ConfigurationSettings:
Advanced Mode(react on link change)...........n/a(Switch is notManager)
ManagerPriority...............................n/a(Switch is notManager)
Mode of Switch(administrative setting)........Client
Mode of Switch(real operating state)..........Client
DomainName....................................<empty>
Recovery delay.................................500ms
Port Number,Primary...........................1/3,State:Forwarding
Port Number,Secondary.........................1/4,State:NotConnected
VLANID........................................4000
Operation......................................Enabled
GeneralOperatingStates:
MRP Setup Info(Config.Failure)...............Ring PortLinkError
Client-relatedOperatingStates:
Link DownInterval.............................20msec
Link UpInterval...............................20msec
Link ChangeCount..............................8
BlockedSupport................................Enabled
支持
售前咨询
售后咨询
人工在线咨询
