- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
75-EVPN+DRNI典型配置举例
本章节下载: 75-EVPN+DRNI典型配置举例 (420.84 KB)
H3C S6860产品EVPN和DRNI综合组网配置举例
Copyright © 2018 新华三技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。
除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。
本文档中的信息可能变动,恕不另行通知。
4 EVPN和DRNI二层转发配置举例(以太网聚合链路作为IPL)
4.5.6 配置以太网服务实例匹配用户报文,并将其与VSI关联
5 EVPN和DRNI二层转发配置举例(VXLAN隧道作为IPL)
5.5.6 配置以太网服务实例匹配用户报文,并将其与VSI关联
6 EVPN和DRNI三层转发配置举例(以太网聚合链路作为IPL)
6.5.7 配置以太网服务实例匹配用户报文,并将其与VSI关联
7 EVPN和DRNI三层转发配置举例(VXLAN隧道作为IPL)
7.5.7 配置以太网服务实例匹配用户报文,并将其与VSI关联
本文档介绍EVPN(Ethernet Virtual Private Network,以太网虚拟专用网络)和DRNI(Distributed Resilient Network Interconnect,分布式弹性网络互连)结合使用的典型配置举例。
· EVPN是一种二层VPN技术,控制平面采用MP-BGP通告EVPN路由信息,数据平面采用VXLAN封装方式转发报文。
· DRNI是一种跨设备链路聚合技术,将两台物理设备在聚合层面虚拟成一台设备来实现跨设备链路聚合,从而提供设备级冗余保护和流量负载分担。
通过EVPN和DRNI结合部署的方式,将两台物理设备连接起来虚拟成一台设备,使用该虚拟设备作为VTEP(既可以是仅用于二层转发的VTEP,也可以是EVPN网关),可以避免VTEP单点故障对网络造成影响,从而提高EVPN网络的可靠性。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解EVPN和DRNI特性。
在二层转发组网中,以太网服务实例的报文匹配规则和接入模式之间存在如下限制:
· 报文匹配规则为匹配带VLAN Tag的报文(encapsulation tagged)、匹配不带VLAN Tag的报文(encapsulation untagged)、缺省报文匹配规则(encapsulation default)时,AC的接入模式必须配置为Ethernet接入模式,否则设备向VM发送报文时无法判断为报文添加的VLAN tag。
· 其他情况下,AC的接入模式既可以配置为Ethernet接入模式,也可以配置为VLAN接入模式。
EVPN网关在对报文进行三层转发时,以太网服务实例的报文匹配规则和接入模式只能配置为:
· 匹配不带VLAN Tag的报文(encapsulation untagged),且必须使用Ethernet接入模式。
· 仅匹配外层VLAN Tag(encapsulation s-vid { vlan-id [ only-tagged ] | vlan-id-list }),且必须使用VLAN接入模式。
Switch A、Switch B、Switch D为与服务器连接的VTEP设备。Switch A和Switch B通过DRNI虚拟为一台VTEP设备,Switch A和Switch B之间通过IPL(Intra-Portal Link,内部控制链路)同步MAC地址和ARP信息,以确保两台VTEP上的MAC地址和ARP信息保持一致。Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。本组网采用以太网聚合链路作为IPL。
Switch A和Switch B均通过以太网链路与下行的虚拟机VM 1、VM 2连接,要求在连接每一台虚拟机的链路间跨设备建立二层聚合接口,避免单条以太网链路故障导致虚拟机无法访问网络。
虚拟机VM 1、VM 2和VM 3同属于VXLAN 10,通过EVPN实现不同站点间的二层互通。
图1 EVPN和DRNI二层转发组网图(以太网聚合链路作为IPL)
· 在交换机上配置路由协议,使得各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。
· 在Switch A、Switch B上开启EVPN支持分布式聚合功能,使两台设备虚拟为一台VTEP设备。
· 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由
· 在Switch A、Switch B和Switch D上配置EVPN,使VTEP之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便将虚拟机发送的二层报文封装为IP报文后在IP核心网络上转发。
· 在Switch A、Switch B和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 分布式聚合的两台VTEP上EVPN配置必须一致。
· 匹配相同外层VLAN Tag(S-VID)的不同以太网服务实例必须关联相同的VSI。
· IPP口与IRF物理端口都需要配置undo mac-address static source-check enable命令。
· 建议使用Loopback接口的IP地址作为分布式聚合的虚拟VTEP地址。
# 在Switch A上配置各接口的IP地址。
<SwitchA> system-view
[SwitchA] interface loopback 0
[SwitchA-Loopback0] ip address 1.1.1.1 32
[SwitchA-Loopback0] quit
[SwitchA] interface loopback 1
[SwitchA-Loopback1] ip address 1.2.3.4 32
[SwitchA-Loopback1] quit
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/5
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
[SwitchA] interface ten-gigabitethernet 1/0/4
[SwitchA-Ten-GigabitEthernet1/0/4] port link-mode route
[SwitchA-Ten-GigabitEthernet1/0/4] ip address 60.1.1.1 24
[SwitchA-Ten-GigabitEthernet1/0/4] quit
# 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。
# 配置OSPF发布接口所在网段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchB> system-view
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchC> system-view
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchD> system-view
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 开启L2VPN能力。
[SwitchA] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 开启L2VPN能力。
[SwitchB] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 开启L2VPN能力。
[SwitchD] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] arp suppression enable
[SwitchD-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchA] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchA] drni system-mac 0001-0001-0001
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni restore-delay 180
[SwitchA] drni keepalive ip destination 60.1.1.2 source 60.1.1.1
# 创建二层聚合接口3,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation3] quit
# 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。
[SwitchA] interface ten-gigabitethernet 1/0/3
[SwitchA-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchA-Ten-GigabitEthernet1/0/3] quit
# 将二层聚合接口3配置为IPP口。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] port drni intra-portal-port 1
[SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchA-Bridge-Aggregation3] quit
# 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port drni group 4
[SwitchA-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port drni group 5
[SwitchA-Bridge-Aggregation5] quit
# 将所有参与EVPN业务的接口配置为保留接口。
[SwitchA] mad exclude interface loopback 0
[SwitchA] mad exclude interface ten-gigabitethernet 1/0/4
[SwitchA] mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] mad exclude interface vlan-interface 11
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchB] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchB] drni system-mac 0001-0001-0001
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni restore-delay 180
[SwitchB] drni keepalive ip destination 60.1.1.1 source 60.1.1.2
# 创建二层聚合接口3,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation3] quit
# 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# 将二层聚合接口3配置为IPP口。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] port drni intra-portal-port 1
[SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchB-Bridge-Aggregation3] quit
# 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port drni group 4
[SwitchB-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port drni group 5
[SwitchB-Bridge-Aggregation5] quit
# 将所有参与EVPN业务的接口配置为保留接口。
[SwitchB] mad exclude interface loopback 0
[SwitchB] mad exclude interface ten-gigabitethernet 1/0/4
[SwitchB] mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] mad exclude interface vlan-interface 12
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP发布EVPN路由,并作为路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchD-Ten-GigabitEthernet1/0/1] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 查看Switch A上的EVPN路由信息。
[Switch A]display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 1
Route distinguisher: 1:10
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并且隧道源地址是虚拟VTEP地址。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到设备自动在IPL上创建了AC,并将其与VSI关联。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG3 srv2 1 Up Dynamic (MLAG)
BAGG5 srv1000 2 Up Manual
BAGG3 srv3 3 Up Dynamic (MLAG)
虚拟机VM 1、VM 2和VM 3之间可以互访。虚拟机与Switch A或Switch B相连的链路断开后,VM 1、VM 2和VM 3仍然可以通过另一台设备互访。
· Switch A
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 1.2.3.4 0.0.0.0
network 11.1.1.0 0.0.0.255
#
vlan 11
#
l2vpn enable
vxlan tunnel arp-learning disable
evpn drni group 1.2.3.4
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation3
link-aggregation mode dynamic
port drni intra-portal-port 1
undo mac-address static source-check enable
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port drni group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port drni group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpna
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack0
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/4
port link-mode route
ip address 60.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 11
undo mac-address static source-check enable
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
drni keepalive ip destination 60.1.1.2 source 60.1.1.1
drni restore-delay 180
drni system-mac 0001-0001-0001
drni system-number 1
drni system-priority 10
#
mad exclude interface LoopBack0
mad exclude interface Ten-GigabitEthernet1/0/4
mad exclude interface Ten-GigabitEthernet1/0/5
mad exclude interface Vlan-interface11
#
return
· Switch B
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 1.2.3.4 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
vlan 12
#
l2vpn enable
vxlan tunnel arp-learning disable
evpn drni group 1.2.3.4
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation3
link-aggregation mode dynamic
port drni intra-portal-port 1
undo mac-address static source-check enable
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port drni group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port drni group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpna
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/4
port link-mode route
ip address 60.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 12
undo mac-address static source-check enable
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
drni keepalive ip destination 60.1.1.1 source 60.1.1.2
drni restore-delay 180
drni system-mac 0001-0001-0001
drni system-number 2
drni system-priority 10
#
mad exclude interface LoopBack0
mad exclude interface Ten-GigabitEthernet1/0/4
mad exclude interface Ten-GigabitEthernet1/0/5
mad exclude interface Vlan-interface12
#
return
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11 to 13
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.3 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 4.4.4.4 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· Switch D
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
Switch A、Switch B、Switch D为与服务器连接的VTEP设备。Switch A和Switch B通过DRNI虚拟为一台VTEP设备,Switch A和Switch B之间采用VXLAN隧道作为IPL,同步MAC地址和ARP信息,以确保两台VTEP上的MAC地址和ARP信息保持一致。Switch C同时作为路由反射器在Switch A、Switch B、Switch D之间反射路由。
Switch A和Switch B均通过以太网链路与下行的虚拟机VM 1、VM 2连接,要求在连接每一台虚拟机的链路间跨设备建立二层聚合接口,避免单条以太网链路故障导致虚拟机无法访问网络。
虚拟机VM 1、VM 2和VM 3同属于VXLAN 10,通过EVPN实现不同站点间的二层互通。
图2 EVPN和DRNI二层转发组网图(VXLAN隧道作为IPL)
· 在交换机上配置路由协议,使得各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。
· 在Switch A、Switch B上开启EVPN支持分布式聚合模式,使两台设备虚拟为一台VTEP设备。
· Switch A、Switch B之间通过手工方式创建VXLAN隧道作为IPL,在Switch A和Switch B之间同步MAC地址和ARP信息。
· 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由
· 在Switch A、Switch B和Switch D上配置EVPN,使VTEP之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便将虚拟机发送的二层报文封装为IP报文后在IP核心网络上转发。
· 在Switch A、Switch B和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 分布式聚合的两台VTEP上EVPN配置必须一致。
· 建议使用Loopback接口的IP地址作为分布式聚合的虚拟VTEP地址。
· DR口上以太网服务实例配置的报文匹配规则只能为匹配报文的外层VLAN tag(encapsulation s-vid { vlan-id | vlan-id-list })、匹配不携带VLAN tag的所有报文(encapsulation untagged)。
· 建议不要在分布式聚合的两台VTEP上引入外部路由。
· 在作为IPL的VXLAN隧道对应的二层以太网接口上关闭STP功能,以免上行设备错误地阻塞连接DR device的接口。
# 在Switch A上配置各接口的IP地址。
<SwitchA> system-view
[SwitchA] interface loopback 0
[SwitchA-Loopback0] ip address 1.1.1.1 32
[SwitchA-Loopback0] quit
[SwitchA] interface loopback 1
[SwitchA-Loopback1] ip address 1.2.3.4 32
[SwitchA-Loopback1] quit
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/5
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
# 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。
# 配置OSPF发布接口所在网段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchB> system-view
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchC> system-view
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchD> system-view
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 开启L2VPN能力。
[SwitchA] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置预留VXLAN ID为1234。
[SwitchA] reserved vxlan 1234
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] arp suppression enable
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 开启L2VPN能力。
[SwitchB] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置预留VXLAN ID为1234。
[SwitchB] reserved vxlan 1234
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] arp suppression enable
[SwitchB-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 开启L2VPN能力。
[SwitchD] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] arp suppression enable
[SwitchD-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchA] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchA] drni system-mac 0001-0001-0001
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni restore-delay 180
[SwitchA] drni keepalive ip destination 12.1.1.2 source 11.1.1.1
# 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,将其配置为IPP口。
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] port drni intra-portal-port 1
[SwitchA-Tunnel1] quit
# 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port drni group 4
[SwitchA-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port drni group 5
[SwitchA-Bridge-Aggregation5] quit
# 将所有参与EVPN业务的接口配置为保留接口。
[SwitchA] mad exclude interface tunnel 1
[SwitchA] mad exclude interface loopback 0
[SwitchA] mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] mad exclude interface vlan-interface 11
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchB] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchB] drni system-mac 0001-0001-0001
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni restore-delay 180
[SwitchB] drni keepalive ip destination 11.1.1.1 source 12.1.1.2
# 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,将其配置为IPP口。
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1
[SwitchB-Tunnel1] port drni intra-portal-port 1
[SwitchB-Tunnel1] quit
# 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port drni group 4
[SwitchB-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port drni group 5
[SwitchB-Bridge-Aggregation5] quit
# 将所有参与EVPN业务的接口配置为保留接口。
[SwitchB] mad exclude interface tunnel 1
[SwitchB] mad exclude interface loopback 0
[SwitchB] mad exclude interface ten-gigabitethernet 1/0/5
[SwitchB] mad exclude interface vlan-interface 12
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP发布EVPN路由,并作为路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchD-Ten-GigabitEthernet1/0/1] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 查看Switch A上的EVPN路由信息。
[Switch A]display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 2
Route distinguisher: 1:10
Total number of routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.1.1.1]/80
1.1.1.1 0 100 32768 i
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][2.2.2.2]/80
2.2.2.2 0 100 0 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,Tunnel0的隧道源地址是虚拟VTEP地址,Tunnel1为作为IPL的VXLAN隧道。
[SwitchA] display interface Tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 13 bytes/sec, 104 bits/sec, 0 packets/sec
Last 300 seconds output rate: 13 bytes/sec, 104 bits/sec, 0 packets/sec
Input: 332 packets, 36377 bytes, 0 drops
Output: 583 packets, 59132 bytes, 0 drops
# 查看Switch A上的VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG5 srv1000 2 Up Manual
虚拟机VM 1、VM 2和VM 3之间可以互访。虚拟机与Switch A或Switch B相连的链路断开后,VM 1、VM 2和VM 3仍然可以通过另一台设备互访。
· Switch A
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 1.2.3.4 0.0.0.0
network 11.1.1.0 0.0.0.255
#
vlan 11
#
l2vpn enable
reserved vxlan 1234
vxlan tunnel arp-learning disable
evpn drni group 1.2.3.4
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port drni group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port drni group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpna
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 11
undo mac-address static source-check enable
#
interface Tunnel1 mode vxlan
port drni intra-portal-port 1
source 1.1.1.1
destination 2.2.2.2
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
drni keepalive ip destination 12.1.1.2 source 11.1.1.1
drni restore-delay 180
drni system-mac 0001-0001-0001
drni system-number 1
drni system-priority 10
#
mad exclude interface LoopBack0
mad exclude interface Ten-GigabitEthernet1/0/5
mad exclude interface Tunnel1
mad exclude interface Vlan-interface 11
#
return
· Switch B
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 1.2.3.4 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
vlan 12
#
l2vpn enable
reserved vxlan 1234
vxlan tunnel arp-learning disable
evpn drni group 1.2.3.4
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port drni group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port drni group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpna
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 12
undo mac-address static source-check enable
#
interface Tunnel1 mode vxlan
port drni intra-portal-port 1
source 2.2.2.2
destination 1.1.1.1
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
drni keepalive ip destination 11.1.1.1 source 12.1.1.2
drni restore-delay 180
drni system-mac 0001-0001-0001
drni system-number 2
drni system-priority 10
#
mad exclude interface LoopBack0
mad exclude interface Ten-GigabitEthernet1/0/5
mad exclude interface Tunnel1
mad exclude interface Vlan-interface 12
#
return
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11 to 13
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.3 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 4.4.4.4 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· Switch D
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
return
Switch A、Switch B、Switch D为与服务器连接的分布式EVPN网关,Switch A和Switch B通过DRNI虚拟为一台VTEP设备,Switch A和Switch B之间通过IPL同步MAC地址和ARP信息,以确保两台VTEP上的MAC地址和ARP信息保持一致。Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。本组网采用以太网聚合链路作为IPL。
Switch A和Switch B均通过以太网链路与下行的虚拟机VM 1、VM 2、VM 3和VM 4连接,要求在连接每一台虚拟机的链路间跨设备建立二层聚合接口,避免单条以太网链路故障导致虚拟机无法访问网络。
虚拟机VM 1、VM 3和VM 5属于VXLAN 10,VM 2和VM 4属于VXLAN 20,通过分布式EVPN网关实现不同VXLAN之间互通。
图3 EVPN和DRNI三层转发组网图(以太网聚合链路作为IPL)
· 在交换机上配置路由协议,使得各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。
· 在Switch A、Switch B上开启EVPN支持分布式聚合功能,使两台设备虚拟为一台VTEP设备。
· 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。
· 在Switch A、Switch B和Switch D上配置分布式EVPN网关,使VTEP之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便将虚拟机之间实现三层互通。
· 在Switch A、Switch B和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 分布式聚合的两台VTEP上EVPN配置必须一致。
· 匹配相同外层VLAN Tag(S-VID)的不同以太网服务实例必须关联相同的VSI。
· IPP口与IRF物理端口都需要配置undo mac-address static source-check enable命令。
· 建议使用Loopback接口的IP地址作为分布式聚合的虚拟VTEP地址。
# 在Switch A上配置各接口的IP地址。
<SwitchA> system-view
[SwitchA] interface loopback 0
[SwitchA-Loopback0] ip address 1.1.1.1 32
[SwitchA-Loopback0] quit
[SwitchA] interface loopback 1
[SwitchA-Loopback1] ip address 1.2.3.4 32
[SwitchA-Loopback1] quit
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/5
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
[SwitchA] interface ten-gigabitethernet 1/0/4
[SwitchA-Ten-GigabitEthernet1/0/4] port link-mode route
[SwitchA-Ten-GigabitEthernet1/0/4] ip address 60.1.1.1 24
[SwitchA-Ten-GigabitEthernet1/0/4] quit
# 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。
# 在VM 1、VM 3和VM 5上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置OSPF发布接口所在网段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchB> system-view
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchC> system-view
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchD> system-view
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 开启L2VPN能力。
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchA] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置EVPN的全局MAC地址为0002-0003-0004。
[SwitchA] evpn global-mac 2-3-4
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 开启L2VPN能力。
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchB] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置EVPN的全局MAC地址为0002-0003-0004。
[SwitchB] evpn global-mac 2-3-4
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
# 并配置自动生成EVPN实例的RD和RT。
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 开启L2VPN能力。
[SwitchD] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchD] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 配置L3VPN的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
# 配置L3VPN的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 配置L3VPN的RD和RT。
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 1:1
[SwitchD-vpn-instance-vpna] address-family ipv4
[SwitchD-vpn-ipv4-vpna] vpn-target 2:2
[SwitchD-vpn-ipv4-vpna] quit
[SwitchD-vpn-instance-vpna] address-family evpn
[SwitchD-vpn-evpn-vpna] vpn-target 1:1
[SwitchD-vpn-evpn-vpna] quit
[SwitchD-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpna
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] local-proxy-arp enable
[SwitchD-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpna
[SwitchD-Vsi-interface3] l3-vni 1000
[SwitchD-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchA] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchA] drni system-mac 0001-0002-0003
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni restore-delay 180
[SwitchA] drni keepalive ip destination 60.1.1.2 source 60.1.1.1
# 创建二层聚合接口3,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation3] quit
# 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。
[SwitchA] interface ten-gigabitethernet 1/0/3
[SwitchA-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchA-Ten-GigabitEthernet1/0/3] quit
# 将二层聚合接口3配置为IPP口。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] port drni intra-portal-port 1
[SwitchA-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchA-Bridge-Aggregation3] quit
# 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port drni group 4
[SwitchA-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port drni group 5
[SwitchA-Bridge-Aggregation5] quit
# 将所有参与EVPN业务的接口配置为保留接口。
[SwitchA] mad exclude interface loopback 0
[SwitchA] mad exclude interface ten-gigabitethernet 1/0/4
[SwitchA] mad exclude interface ten-gigabitethernet 1/0/5
[SwitchA] mad exclude interface vlan-interface 11
[SwitchA] mad exclude interface vsi-interface 1
[SwitchA] mad exclude interface vsi-interface 2
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchB] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchB] drni system-mac 0001-0002-0003
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni restore-delay 180
[SwitchA] drni keepalive ip destination 60.1.1.1 source 60.1.1.2
# 创建二层聚合接口3,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation3] quit
# 将端口Ten-GigabitEthernet1/0/3加入到聚合组3中。
[SwitchB] interface ten-gigabitethernet 1/0/3
[SwitchB-Ten-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchB-Ten-GigabitEthernet1/0/3] quit
# 将二层聚合接口3配置为IPP口。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] port drni intra-portal-port 1
[SwitchB-Bridge-Aggregation3] undo mac-address static source-check enable
[SwitchB-Bridge-Aggregation3] quit
# 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port drni group 4
[SwitchB-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port drni group 5
[SwitchB-Bridge-Aggregation5] quit
# 将所有参与EVPN业务的接口配置为保留接口。
[SwitchB] mad exclude interface loopback 0
[SwitchB] mad exclude interface ten-gigabitethernet 1/0/4
[SwitchB] mad exclude interface ten-gigabitethernet 1/0/5
[SwitchB] mad exclude interface vsi-interface 1
[SwitchB] mad exclude interface vsi-interface 2
[SwitchB] mad exclude interface vlan-interface 12
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP发布EVPN路由,并作为路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpnb关联。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpnb
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpnb关联。
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpnb
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] quit
# 查看Switch A上的EVPN路由信息。
[Switch A]display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 2
Route distinguisher: 1:1(vpna)
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [5][0][24][10.1.1.0]/80
1.2.3.4 0 100 32768 i
* > [5][0][24][10.1.2.0]/80
1.2.3.4 0 100 32768 i
Route distinguisher: 1:10
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
Route distinguisher: 1:20
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并且隧道源地址是虚拟VTEP地址。
[SwitchA] display interface Tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到设备自动在IPL上创建了AC,并将其与VSI关联。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
BAGG3 srv2 1 Up Dynamic (MLAG)
VSI Name: vpnb
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG5 srv1000 0 Up Manual
BAGG3 srv3 1 Up Dynamic (MLAG)
虚拟机之间可以互访。虚拟机VM 1与Switch A或Switch B相连的链路断开后,VM 5仍然可以通过另一台设备访问VM 1。
· Switch A
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 1.2.3.4 0.0.0.0
network 11.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw8k
#
vlan 11
#
l2vpn enable
vxlan tunnel arp-learning disable
evpn drni group 1.2.3.4
evpn global-mac 0002-0003-0004
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation3
link-aggregation mode dynamic
port drni intra-portal-port 1
undo mac-address static source-check enable
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port drni group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port drni group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/4
port link-mode route
ip address 60.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 11
undo mac-address static source-check enable
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
drni keepalive ip destination 60.1.1.2 source 60.1.1.1
drni restore-delay 180
drni system-mac 0001-0002-0003
drni system-number 1
drni system-priority 10
#
mad exclude interface LoopBack0
mad exclude interface Ten-GigabitEthernet1/0/4
mad exclude interface Ten-GigabitEthernet1/0/5
mad exclude interface Vlan-interface 11
mad exclude interface Vsi-interface1
mad exclude interface Vsi-interface2
#
return
· Switch B
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 1.2.3.4 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw8k
#
vlan 12
#
l2vpn enable
vxlan tunnel arp-learning disable
evpn drni group 1.2.3.4
evpn global-mac 0002-0003-0004
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation3
link-aggregation mode dynamic
port drni intra-portal-port 1
undo mac-address static source-check enable
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port drni group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port drni group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/4
port link-mode route
ip address 60.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 12
undo mac-address static source-check enable
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
drni keepalive ip destination 60.1.1.1 source 60.1.1.2
drni restore-delay 180
drni system-mac 0001-0002-0003
drni system-number 2
drni system-priority 10
#
mad exclude interface LoopBack0
mad exclude interface Ten-GigabitEthernet1/0/4
mad exclude interface Ten-GigabitEthernet1/0/5
mad exclude interface Vlan-interface 12
mad exclude interface Vsi-interface1
mad exclude interface Vsi-interface2
#
return
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11 to 13
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.3 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 4.4.4.4 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· Switch D
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw8k
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
return
Switch A、Switch B、Switch D为与服务器连接的分布式EVPN网关,Switch A和Switch B通过DRNI分布式聚合为一台虚拟VTEP设备,Switch A和Switch B之间采用VXLAN隧道作为IPL;Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。
Switch A和Switch B均通过以太网链路与下行的虚拟机VM 1、VM 2、VM 3和VM 4连接,要求在连接每一台虚拟机的链路间跨设备建立二层聚合接口,避免单条以太网链路故障导致虚拟机无法访问网络。
虚拟机VM 1、VM 3和VM 5属于VXLAN 10,VM 2和VM 4属于VXLAN 20,通过分布式EVPN网关实现不同VXLAN之间互通。
图4 EVPN和DRNI三层转发组网图(VXLAN隧道作为IPL)
· 在交换机上配置路由协议,使得各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。
· 指定各虚拟机的网关地址。
· 在Switch A、Switch B上开启EVPN支持分布式聚合功能,使两台设备虚拟为一台VTEP设备。
· Switch A、Switch B之间通过手工方式创建VXLAN隧道作为IPL,在Switch A和Switch B之间同步MAC地址和ARP信息。
· 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由
· 在Switch A、Switch B和Switch D上配置分布式EVPN网关,使VTEP之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便将虚拟机之间实现三层互通。
· 在Switch A、Switch B和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 分布式聚合的两台VTEP上EVPN配置必须一致。
· 建议使用Loopback接口的IP地址作为分布式聚合的虚拟VTEP地址。
· DR口上以太网服务实例配置的报文匹配规则只能为匹配报文的外层VLAN tag(encapsulation s-vid { vlan-id | vlan-id-list })、匹配不携带VLAN tag的所有报文(encapsulation untagged)。
· 建议不要在分布式聚合的两台VTEP上引入外部路由。
# 在Switch A上配置各接口的IP地址。
[SwitchA] interface loopback 0
[SwitchA-Loopback0] ip address 1.1.1.1 32
[SwitchA-Loopback0] quit
[SwitchA] interface loopback 1
[SwitchA-Loopback1] ip address 1.2.3.4 32
[SwitchA-Loopback1] quit
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/5
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
# 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。
# 在VM 1、VM 3和VM 5上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置OSPF发布接口所在网段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 1.2.3.4 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 开启L2VPN能力。
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchA] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置预留VXLAN ID为1234。
[SwitchA] reserved vxlan 1234
# 配置EVPN的全局MAC地址为0002-0003-0004。
[SwitchA] evpn global-mac 2-3-4
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 开启L2VPN能力。
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchB] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置预留VXLAN ID为1234。
[SwitchB] reserved vxlan 1234
# 配置EVPN的全局MAC地址为0002-0003-0004。
[SwitchB] evpn global-mac 2-3-4
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 开启L2VPN能力。
[SwitchD] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchD] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 配置L3VPN的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
# 配置L3VPN的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 配置L3VPN的RD和RT。
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 1:1
[SwitchD-vpn-instance-vpna] address-family ipv4
[SwitchD-vpn-ipv4-vpna] vpn-target 2:2
[SwitchD-vpn-ipv4-vpna] quit
[SwitchD-vpn-instance-vpna] address-family evpn
[SwitchD-vpn-evpn-vpna] vpn-target 1:1
[SwitchD-vpn-evpn-vpna] quit
[SwitchD-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpna
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] local-proxy-arp enable
[SwitchD-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpna
[SwitchD-Vsi-interface3] l3-vni 1000
[SwitchD-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchA] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchA] drni system-mac 0001-0002-0003
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni restore-delay 180
[SwitchA] drni keepalive ip destination 12.1.1.2 source 11.1.1.1
# 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,将其配置为IPP口。
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] port drni intra-portal-port 1
[SwitchA-Tunnel1] quit
# 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能。
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] port drni group 4
[SwitchA-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] port drni group 5
[SwitchA-Bridge-Aggregation5] quit
# 将所有参与EVPN业务的接口配置为保留接口。
[SwitchA] mad exclude interface tunnel 1
[SwitchA] mad exclude interface loopback0
[SwitchA] mad exclude interface ten-gigabitethernet1/0/5
[SwitchA] mad exclude interface vsi-interface 1
[SwitchA] mad exclude interface vsi-interface 2
[SwitchA] mad exclude interface vlan-interface 11
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchB] evpn drni group 1.2.3.4
# 配置DR系统。
[SwitchB] drni system-mac 0001-0002-0003
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni restore-delay 180
[SwitchB] drni keepalive ip destination 11.1.1.1 source 12.1.1.2
# 在Switch A和Switch B之间手工创建VXLAN隧道Tunnel1,将其配置为IPP口。
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1
[SwitchB-Tunnel1] port drni intra-portal-port 1
[SwitchB-Tunnel1] quit
# 在端口Ten-GigabitEthernet1/0/5上关闭报文入接口与静态MAC地址表项匹配检查功能。
[SwitchB] interface ten-gigabitethernet 1/0/5
[SwitchB-Ten-GigabitEthernet1/0/5] undo mac-address static source-check enable
[SwitchB-Ten-GigabitEthernet1/0/5] quit
# 创建二层聚合接口4,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation4] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组4中。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 4
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 将二层聚合接口4加入分布式聚合组4中。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] port drni group 4
[SwitchB-Bridge-Aggregation4] quit
# 创建二层聚合接口5,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation5] quit
# 将端口Ten-GigabitEthernet1/0/2加入到聚合组5中。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 5
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 将二层聚合接口5加入分布式聚合组5中。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] port drni group 5
[SwitchB-Bridge-Aggregation5] quit
# 将所有参与EVPN业务的接口配置为保留接口。
[SwitchB] mad exclude interface tunnel 1
[SwitchB] mad exclude interface loopback0
[SwitchB] mad exclude interface ten-gigabitethernet1/0/5
[SwitchB] mad exclude interface vsi-interface 1
[SwitchB] mad exclude interface vsi-interface 2
[SwitchB] mad exclude interface vlan-interface 12
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 3.3.3.3 as-number 200
[SwitchA-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 3.3.3.3 as-number 200
[SwitchB-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP发布EVPN路由,并作为路由反射器反射路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] group evpn
[SwitchC-bgp-default] peer 1.1.1.1 group evpn
[SwitchC-bgp-default] peer 2.2.2.2 group evpn
[SwitchC-bgp-default] peer 4.4.4.4 group evpn
[SwitchC-bgp-default] peer evpn as-number 200
[SwitchC-bgp-default] peer evpn connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer evpn enable
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] peer evpn reflect-client
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 3.3.3.3 as-number 200
[SwitchD-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface bridge-aggregation 4
[SwitchA-Bridge-Aggregation4] service-instance 1000
[SwitchA-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation4-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchA] interface bridge-aggregation 5
[SwitchA-Bridge-Aggregation5] service-instance 1000
[SwitchA-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpnb关联。
[SwitchA-Bridge-Aggregation5-srv1000] xconnect vsi vpnb
[SwitchA-Bridge-Aggregation5-srv1000] quit
# 接入服务器的接口Bridge-Aggregation4上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface bridge-aggregation 4
[SwitchB-Bridge-Aggregation4] service-instance 1000
[SwitchB-Bridge-Aggregation4-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation4-srv1000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation4-srv1000] quit
# 接入服务器的接口Bridge-Aggregation5上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchB] interface bridge-aggregation 5
[SwitchB-Bridge-Aggregation5] service-instance 1000
[SwitchB-Bridge-Aggregation5-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpnb关联。
[SwitchB-Bridge-Aggregation5-srv1000] xconnect vsi vpnb
[SwitchB-Bridge-Aggregation5-srv1000] quit
# 接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] quit
# 查看Switch A上的EVPN路由信息。
[Switch A]display bgp l2vpn evpn
BGP local router ID is 1.2.3.4
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 3
Route distinguisher: 1:1(vpna)
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [5][0][24][10.1.1.0]/80
1.1.1.1 0 100 32768 i
* > [5][0][24][10.1.2.0]/80
1.1.1.1 0 100 32768 i
Route distinguisher: 1:10
Total number of routes: 4
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.1.1.1]/80
1.1.1.1 0 100 32768 i
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][2.2.2.2]/80
2.2.2.2 0 100 0 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
Route distinguisher: 1:20
Total number of routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [3][0][32][1.1.1.1]/80
1.1.1.1 0 100 32768 i
* > [3][0][32][1.2.3.4]/80
1.2.3.4 0 100 32768 i
* >i [3][0][32][2.2.2.2]/80
2.2.2.2 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,Tunnel0的隧道源地址是虚拟VTEP地址,Tunnel1为作为IPL的VXLAN隧道。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 149 bytes/sec, 1192 bits/sec, 1 packets/sec
Last 300 seconds output rate: 379 bytes/sec, 3032 bits/sec, 3 packets/sec
Input: 398 packets, 46446 bytes, 0 drops
Output: 3597 packets, 363591 bytes, 0 drops
# 查看Switch A上的VSI信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG4 srv1000 0 Up Manual
VSI Name: vpnb
VSI Index : 2
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 UP Manual Disabled
ACs:
AC Link ID State Type
BAGG5 srv1000 0 Up Manual
虚拟机之间可以互访。虚拟机VM 1与Switch A或Switch B相连的链路断开后,VM 5仍然可以通过另一台设备访问VM 1。
· Switch A
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 1.2.3.4 0.0.0.0
network 11.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw8k
#
vlan 11
#
l2vpn enable
reserved vxlan 1234
vxlan tunnel arp-learning disable
evpn drni group 1.2.3.4
evpn global-mac 0002-0003-0004
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port drni group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port drni group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 11
undo mac-address static source-check enable
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
interface Tunnel1 mode vxlan
port drni intra-portal-port 1
source 1.1.1.1
destination 2.2.2.2
tunnel tos 100
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
drni keepalive ip destination 12.1.1.2 source 11.1.1.1
drni restore-delay 180
drni system-mac 0001-0001-0001
drni system-number 1
drni system-priority 10
#
mad exclude interface LoopBack0
mad exclude interface Ten-GigabitEthernet1/0/5
mad exclude interface Tunnel1
mad exclude interface Vlan-interface 11
mad exclude interface Vsi-interface1
mad exclude interface Vsi-interface2
#
return
· Switch B
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 1.2.3.4 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw8k
#
vlan 12
#
l2vpn enable
reserved vxlan 1234
vxlan tunnel arp-learning disable
evpn drni group 1.2.3.4
evpn global-mac 0002-0003-0004
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation4
link-aggregation mode dynamic
port drni group 4
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation5
link-aggregation mode dynamic
port drni group 5
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface LoopBack1
ip address 1.2.3.4 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-aggregation group 4
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-aggregation group 5
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 12
undo mac-address static source-check enable
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
interface Tunnel1 mode vxlan
port drni intra-portal-port 1
source 2.2.2.2
destination 1.1.1.1
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
drni keepalive ip destination 11.1.1.1 source 12.1.1.2
drni restore-delay 180
drni system-mac 0001-0002-0003
drni system-number 2
drni system-priority 10
#
mad exclude interface LoopBack0
mad exclude interface Ten-GigabitEthernet1/0/5
mad exclude interface Tunnel1
mad exclude interface Vlan-interface 12
mad exclude interface Vsi-interface1
mad exclude interface Vsi-interface2
#
return
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11 to 13
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.3 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 4.4.4.4 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· Switch D
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
#
hardware-resource vxlan l3gw8k
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 200
peer 3.3.3.3 as-number 200
peer 3.3.3.3 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
#
return
· H3C S6860系列以太网交换机 EVPN配置指导-Release 26xx系列
· H3C S6860系列以太网交换机 EVPN命令参考-Release 26xx系列
· H3C S6860系列以太网交换机 二层技术-以太网交换配置指导-Release 26xx系列
· H3C S6860系列以太网交换机 二层技术-以太网交换命令参考-Release 26xx系列
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
