- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
03-EVPN组播典型配置举例
本章节下载: 03-EVPN组播典型配置举例 (475.71 KB)
本文档介绍EVPN组播特性的配置举例。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解EVPN组播特性。
如图1所示,EVPN分布式网关组网中,Leaf 1和Leaf 2为EVPN分布式网关;RR为路由反射器,在Leaf 1和Leaf 2之间反射路由。Leaf 1连接组播接收者,Leaf 2连接组播源。组播源和组播接收者均属于VXLAN 10。组播流量需要跨越EVPN网络从组播源发送给属于同一VXLAN网络的组播接收者,即需要在EVPN网络中实现二层组播流量转发。
具体需求为:
· 对于Overlay网络,Leaf 1和Leaf 2均在AS 65000中与RR建立BGP EVPN邻居,由RR在Leaf 1和Leaf 2之间反射BGP EVPN路由。
· 对于Underlay网络,Leaf 1、RR和Leaf 2运行OSPF,实现路由互通。
图1 EVPN二层组播配置组网图
为了实现组播流量跨越EVPN网络进行二层转发,需要在Leaf设备上开启IGMP Snooping功能,侦听组播接收者发送的IGMP成员关系报告报文,并通过EVPN SMET路由(Selective Multicast Ethernet Tag Route,选择性组播以太网标签路由)在Leaf间通告组播加入请求,以便在Leaf上建立二层组播转发表项。
表1 适用产品及版本
|
产品 |
软件版本 |
|
S12500G-AF系列交换机 |
Release 7639P01及以上版本 |
|
S10500X系列交换机 |
Release 7639P01及以上版本 |
|
S12500-XS系列交换机 |
Release 7639P01及以上版本 |
|
S7600E-X系列交换机 |
Release 7639P01及以上版本 |
|
S7500X-X系列交换机 |
Release 7639P01及以上版本 |
|
S10500系列交换机 |
Release 7639P01及以上版本 |
|
S7600-X系列交换机 |
Release 7639P01及以上版本 |
|
S12500-S系列交换机 |
Release 7639P01及以上版本 |
|
S7500E-X系列交换机 |
Release 7639P01及以上版本 |
|
S7500E系列交换机 |
Release 7639P01及以上版本 |
|
S7500X系列交换机 |
Release 7639P01及以上版本 |
|
S7600系列交换机 |
Release 7639P01及以上版本 |
|
S7000ET系列交换机 |
不支持 |
在VSI内使能了IGMP Snooping之后,IGMP Snooping只在属于该VSI的端口上生效。
在EVPN VXLAN组网中,由于VSI内IGMP Snooping查询器发送查询报文不携带VLAN Tag,所以不建议在携带VLAN Tag的Ethernet接入模式下配置IGMP Snooping查询器。
分布式EVPN网关上VSI虚接口存在如下配置要求:
· VSI虚接口的MAC地址不能配置为设备的保留MAC。
· 同一分布式网关上承载L3VNI的VSI虚接口的MAC地址必须配置一致。在分布式EVPN网关设备上,如果通过mac-address命令修改了某一关联L3VNI的VSI虚接口的MAC地址,则必须通过该命令将所有与L3VNI关联的VSI虚接口的MAC地址修改为相同的值,否则可能会导致报文转发失败。
· 当网关连接IPv6站点网络时,需要为同一分布式网关上承载L3VNI的VSI虚接口配置相同的IPv6链路本地地址。采用自动方式生成链路本地地址时,由于MAC地址相同,则生成的链路本地地址相同;若采用手工方式配置,则必须保证配置的链路本地地址相同。
· 不同分布式网关上作为同一个VXLAN网络网关接口的VSI虚接口需要配置相同的IP/IPv6地址和MAC地址。
分布式EVPN网关上配置的L3VNI不能与mapping vni命令配置的映射远端VXLAN ID相同。
在分布式EVPN网关设备上,如果开启了ARP/ND泛洪抑制功能,并在VSI虚接口上开启了本地代理ARP/ND功能,则只有本地代理ARP/ND功能生效。建议不要在分布式EVPN网关设备上同时开启这两个功能。
# 配置Loopback接口和GigabitEthernet1/0/3接口的IP地址。
<Sysname> system-view
[Sysname] sysname Leaf1
[Leaf1] interface loopback 0
[Leaf1-LoopBack0] ip address 172.16.0.1 255.255.255.255
[Leaf1-LoopBack0] quit
[Leaf1] interface gigabitethernet 1/0/3
[Leaf1-GigabitEthernet1/0/3] port link-mode route
[Leaf1-GigabitEthernet1/0/3] ip address 12.1.1.1 24
[Leaf1-GigabitEthernet1/0/3] quit
# 配置OSPF,使得Underlay网络路由可达。
[Leaf1] router id 172.16.0.1
[Leaf1] ospf
[Leaf1-ospf-1] area 0
[Leaf1-ospf-1-area-0.0.0.0] network 172.16.0.1 0.0.0.0
[Leaf1-ospf-1-area-0.0.0.0] network 12.1.1.1 0.0.0.255
[Leaf1-ospf-1-area-0.0.0.0] quit
[Leaf1-ospf-1] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[Leaf1] ip vpn-instance vpn1
[Leaf1-vpn-instance-vpn1] route-distinguisher 1:1
[Leaf1-vpn-instance-vpn1] address-family ipv4
[Leaf1-vpn-ipv4-vpn1] vpn-target 2:2 import-extcommunity
[Leaf1-vpn-ipv4-vpn1] vpn-target 2:2 export-extcommunity
[Leaf1-vpn-ipv4-vpn1] quit
[Leaf1-vpn-instance-vpn1] address-family evpn
[Leaf1-vpn-evpn-vpn1] vpn-target 1:1 import-extcommunity
[Leaf1-vpn-evpn-vpn1] vpn-target 1:1 export-extcommunity
[Leaf1-vpn-evpn-vpn1] quit
[Leaf1-vpn-instance-vpn1] quit
# 配置VSI网关接口。
[Leaf1] interface vsi-interface 1
[Leaf1-Vsi-interface1] ip binding vpn-instance vpn1
[Leaf1-Vsi-interface1] ip address 10.255.255.254 255.0.0.0
[Leaf1-Vsi-interface1] mac-address 0000-0001-0001
[Leaf1-Vsi-interface1] distributed-gateway local
[Leaf1-Vsi-interface1] quit
# 开启L2VPN服务。
[Leaf1] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[Leaf1] vxlan tunnel mac-learning disable
[Leaf1] vxlan tunnel arp-learning disable
# 配置VSI与VXLAN 10关联,并指定VSI网关接口为VSI虚接口1。
[Leaf1] vsi vsi1
[Leaf1-vsi-vsi1] gateway vsi-interface 1
[Leaf1-vsi-vsi1] statistics enable
[Leaf1-vsi-vsi1] arp suppression enable
[Leaf1-vsi-vsi1] vxlan 10
[Leaf1-vsi-vsi1-vxlan-10] quit
# 配置VXLAN封装方式EVPN实例的RD和RT。
[Leaf1-vsi-vsi1] evpn encapsulation vxlan
[Leaf1-vsi-vsi1-evpn-vxlan] route-distinguisher auto
[Leaf1-vsi-vsi1-evpn-vxlan] vpn-target auto export-extcommunity
[Leaf1-vsi-vsi1-evpn-vxlan] vpn-target auto import-extcommunity
[Leaf1-vsi-vsi1-evpn-vxlan] quit
[Leaf1-vsi-vsi1] quit
# 配置关联L3VNI的VSI虚接口。
[Leaf1] interface vsi-interface 2
[Leaf1-Vsi-interface2] ip binding vpn-instance vpn1
[Leaf1-Vsi-interface2] l3-vni 10000
[Leaf1-Vsi-interface2] quit
# 配置Leaf 1与RR建立BGP EVPN邻居。
[Leaf1] bgp 65000
[Leaf1-bgp-default] peer 172.16.10.1 as-number 65000
[Leaf1-bgp-default] peer 172.16.10.1 connect-interface loopback 0
[Leaf1-bgp-default] peer 172.16.10.1 password simple overlay
[Leaf1-bgp-default] address-family l2vpn evpn
[Leaf1-bgp-default-evpn] peer 172.16.10.1 enable
[Leaf1-bgp-default-evpn] quit
[Leaf1-bgp-default] quit
# 在接口GigabitEthernet1/0/1上创建以太网服务实例,并配置以太网服务实例与VSI实例vsi1关联。
[Leaf1] interface gigabitethernet 1/0/1
[Leaf1-GigabitEthernet1/0/1] port link-mode bridge
[Leaf1-GigabitEthernet1/0/1] port link-type trunk
[Leaf1-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[Leaf1-GigabitEthernet1/0/1] port trunk permit vlan 1000
[Leaf1-GigabitEthernet1/0/1] service-instance 1
[Leaf1-GigabitEthernet1/0/1-srv1] encapsulation s-vid 1000
[Leaf1-GigabitEthernet1/0/1-srv1] statistics enable
[Leaf1-GigabitEthernet1/0/1-srv1] xconnect vsi vsi1
[Leaf1-GigabitEthernet1/0/1-srv1] quit
[Leaf1-GigabitEthernet1/0/1] quit
# 在接口GigabitEthernet1/0/2上创建以太网服务实例,并配置以太网服务实例与VSI实例vsi1关联。
[Leaf1] interface gigabitethernet 1/0/2
[Leaf1-GigabitEthernet1/0/2] port link-mode bridge
[Leaf1-GigabitEthernet1/0/2] port link-type trunk
[Leaf1-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[Leaf1-GigabitEthernet1/0/2] port trunk permit vlan 1001
[Leaf1-GigabitEthernet1/0/2] service-instance 1
[Leaf1-GigabitEthernet1/0/2-srv1] encapsulation s-vid 1001
[Leaf1-GigabitEthernet1/0/2-srv1] statistics enable
[Leaf1-GigabitEthernet1/0/2-srv1] xconnect vsi vsi1
[Leaf1-GigabitEthernet1/0/2-srv1] quit
[Leaf1-GigabitEthernet1/0/2] quit
# 全局开启IGMP Snooping。
[Leaf1] igmp-snooping
[Leaf1-igmp-snooping] global-enable
[Leaf1-igmp-snooping] quit
# 开启VSI实例的IGMP Snooping,并配置IGMP Snooping功能。
[Leaf1] vsi vsi1
[Leaf1-vsi-vsi1] igmp-snooping enable
[Leaf1-vsi-vsi1] igmp-snooping drop-unknown
[Leaf1-vsi-vsi1] igmp-snooping proxy enable
# 配置Leaf设备作为IGMP查询器。(也可以配置网络中的其他设备作为IGMP查询器)
[Leaf1-vsi-vsi1] igmp-snooping querier
[Leaf1-vsi-vsi1] quit
# 配置Loopback接口和GigabitEthernet1/0/3接口的IP地址。
<Sysname> system-view
[Sysname] sysname Leaf2
[Leaf2] interface loopback 0
[Leaf2-LoopBack0] ip address 172.16.0.2 255.255.255.255
[Leaf2-LoopBack0] quit
[Leaf2] interface gigabitethernet 1/0/3
[Leaf2-GigabitEthernet1/0/3] port link-mode route
[Leaf2-GigabitEthernet1/0/3] ip address 13.1.1.2 24
[Leaf2-GigabitEthernet1/0/3] quit
# 配置OSPF,使得Underlay网络路由可达。
[Leaf2] router id 172.16.0.2
[Leaf2] ospf
[Leaf2-ospf-1] area 0
[Leaf2-ospf-1-area-0.0.0.0] network 172.16.0.2 0.0.0.0
[Leaf2-ospf-1-area-0.0.0.0] network 13.1.1.2 0.0.0.255
[Leaf2-ospf-1-area-0.0.0.0] quit
[Leaf2-ospf-1] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[Leaf2] ip vpn-instance vpn1
[Leaf2-vpn-instance-vpn1] route-distinguisher 1:1
[Leaf2-vpn-instance-vpn1] address-family ipv4
[Leaf2-vpn-ipv4-vpn1] vpn-target 2:2 import-extcommunity
[Leaf2-vpn-ipv4-vpn1] vpn-target 2:2 export-extcommunity
[Leaf2-vpn-ipv4-vpn1] quit
[Leaf2-vpn-instance-vpn1] address-family evpn
[Leaf2-vpn-evpn-vpn1] vpn-target 1:1 import-extcommunity
[Leaf2-vpn-evpn-vpn1] vpn-target 1:1 export-extcommunity
[Leaf2-vpn-evpn-vpn1] quit
[Leaf2-vpn-instance-vpn1] quit
# 配置VSI网关接口。
[Leaf2] interface vsi-interface 1
[Leaf2-Vsi-interface1] ip binding vpn-instance vpn1
[Leaf2-Vsi-interface1] ip address 10.255.255.254 255.0.0.0
[Leaf2-Vsi-interface1] mac-address 0000-0001-0001
[Leaf2-Vsi-interface1] distributed-gateway local
[Leaf2-Vsi-interface1] quit
# 开启L2VPN服务。
[Leaf2] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[Leaf2] vxlan tunnel mac-learning disable
[Leaf2] vxlan tunnel arp-learning disable
# 配置VSI与VXLAN 10关联,并指定VSI网关接口为VSI虚接口1。
[Leaf2] vsi vsi1
[Leaf2-vsi-vsi1] gateway vsi-interface 1
[Leaf2-vsi-vsi1] statistics enable
[Leaf2-vsi-vsi1] arp suppression enable
[Leaf2-vsi-vsi1] vxlan 10
[Leaf2-vsi-vsi1-vxlan-10] quit
# 配置VXLAN封装方式EVPN实例的RD和RT。
[Leaf2-vsi-vsi1] evpn encapsulation vxlan
[Leaf2-vsi-vsi1-evpn-vxlan] route-distinguisher auto
[Leaf2-vsi-vsi1-evpn-vxlan] vpn-target auto export-extcommunity
[Leaf2-vsi-vsi1-evpn-vxlan] vpn-target auto import-extcommunity
[Leaf2-vsi-vsi1-evpn-vxlan] quit
[Leaf2-vsi-vsi1] quit
# 配置关联L3VNI的VSI虚接口。
[Leaf2] interface vsi-interface 10000
[Leaf2-Vsi-interface10000] ip binding vpn-instance vpn1
[Leaf2-Vsi-interface10000] l3-vni 10000
[Leaf2-Vsi-interface10000] quit
# 配置Leaf 1与RR建立BGP EVPN邻居。
[Leaf2] bgp 65000
[Leaf2-bgp-default] peer 172.16.10.1 as-number 65000
[Leaf2-bgp-default] peer 172.16.10.1 connect-interface loopback 0
[Leaf2-bgp-default] peer 172.16.10.1 password simple overlay
[Leaf2-bgp-default] address-family l2vpn evpn
[Leaf2-bgp-default-evpn] peer 172.16.10.1 enable
[Leaf2-bgp-default-evpn] quit
[Leaf2-bgp-default] quit
# 在GigabitEthernet1/0/1上创建以太网服务实例,并配置以太网服务实例与VSI实例vsi1关联。
[Leaf2] interface gigabitethernet 1/0/1
[Leaf2-GigabitEthernet1/0/1] port link-mode bridge
[Leaf2-GigabitEthernet1/0/1] port link-type trunk
[Leaf2-GigabitEthernet1/0/1] undo port trunk permit vlan 1
[Leaf2-GigabitEthernet1/0/1] port trunk permit vlan 1002
[Leaf2-GigabitEthernet1/0/1] storm-constrain control shutdown
[Leaf2-GigabitEthernet1/0/1] service-instance 1
[Leaf2-GigabitEthernet1/0/1-srv1] encapsulation s-vid 1002
[Leaf2-GigabitEthernet1/0/1-srv1] statistics enable
[Leaf2-GigabitEthernet1/0/1-srv1] xconnect vsi vsi1
[Leaf2-GigabitEthernet1/0/1-srv1] quit
[Leaf2-GigabitEthernet1/0/1] quit
# 全局开启IGMP Snooping。
[Leaf1] igmp-snooping
[Leaf1-igmp-snooping] global-enable
[Leaf1-igmp-snooping] quit
# 开启VSI实例的IGMP Snooping,并配置IGMP Snooping功能。
[Leaf2] vsi vsi1
[Leaf2-vsi-vsi1] igmp-snooping enable
[Leaf2-vsi-vsi1] igmp-snooping drop-unknown
[Leaf2-vsi-vsi1] igmp-snooping proxy enable
# 配置Leaf设备作为IGMP查询器。(也可以配置网络中的其他设备作为IGMP查询器)
[Leaf2-vsi-vsi1] igmp-snooping querier
[Leaf2-vsi-vsi1] quit
# 配置Loopback接口、GigabitEthernet1/0/1接口和GigabitEthernet1/0/2接口的IP地址。
<Sysname> system-view
[Sysname] sysname RR
[RR] interface loopback 0
[RR-LoopBack0] ip address 172.16.10.1 255.255.255.255
[RR-LoopBack0] quit
[RR] interface gigabitethernet 1/0/1
[RR-GigabitEthernet1/0/1] port link-mode route
[RR-GigabitEthernet1/0/1] ip address 12.1.1.3 24
[RR-GigabitEthernet1/0/1] quit
[RR] interface gigabitethernet 1/0/2
[RR-GigabitEthernet1/0/2] port link-mode route
[RR-GigabitEthernet1/0/2] ip address 13.1.1.3 24
[RR-GigabitEthernet1/0/2] quit
# 配置OSPF,使得Underlay网络路由可达。
[RR] router id 172.16.10.1
[RR] ospf
[RR-ospf-1] area 0
[RR-ospf-1-area-0.0.0.0] network 172.16.10.1 0.0.0.0
[RR-ospf-1-area-0.0.0.0] network 12.1.1.3 0.0.0.255
[RR-ospf-1-area-0.0.0.0] network 13.1.1.3 0.0.0.255
[RR-ospf-1-area-0.0.0.0] quit
[RR-ospf-1] quit
# 将Leaf 1和Leaf 2加入IBGP对等体组leaf。
[RR] bgp 65000
[RR-bgp-default] group leaf internal
[RR-bgp-default] peer leaf connect-interface loopback 0
[RR-bgp-default] peer leaf password simple overlay
[RR-bgp-default] peer 172.16.0.1 group leaf
[RR-bgp-default] peer 172.16.0.2 group leaf
# 配置本地设备作为路由反射器,与IBGP对等体组leaf建立BGP EVPN邻居,并关闭EVPN路由的VPN-Target过滤功能,以便路由反射器接收所有EVPN路由。
[RR-bgp-default] address-family l2vpn evpn
[RR-bgp-default-evpn] undo policy vpn-target
[RR-bgp-default-evpn] peer leaf enable
[RR-bgp-default-evpn] peer leaf reflect-client
[RR-bgp-default-evpn] quit
# 以Leaf 1为例,查看公网IP路由表,可以看到Leaf和RR通过OSPF学习到了彼此的路由,Underlay网络路由可达。
[Leaf1] display ip routing-table
Destinations : 16 Routes : 16
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.0/24 Direct 0 0 12.1.1.1 GE1/0/3
12.1.1.0/32 Direct 0 0 12.1.1.1 GE1/0/3
12.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
12.1.1.255/32 Direct 0 0 12.1.1.1 GE1/0/3
13.1.1.0/24 O_INTRA 10 2 12.1.1.3 GE1/0/3
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.0/32 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
127.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.1/32 Direct 0 0 127.0.0.1 InLoop0
172.16.0.2/32 O_INTRA 10 2 12.1.1.3 GE1/0/3
172.16.10.1/32 O_INTRA 10 1 12.1.1.3 GE1/0/3
224.0.0.0/4 Direct 0 0 0.0.0.0 NULL0
224.0.0.0/24 Direct 0 0 0.0.0.0 NULL0
255.255.255.255/32 Direct 0 0 127.0.0.1 InLoop0
# 以Leaf 1为例,查看BGP EVPN对等体信息,可以看到Leaf与RR建立了BGP EVPN对等体。
[Leaf1] display bgp peer l2vpn evpn
BGP local router ID: 172.16.0.1
Local AS number: 65000
Total number of peers: 1 Peers in established state: 1
* - Dynamically created peer
^ - Peer created through link-local address
Peer AS MsgRcvd MsgSent OutQ PrefRcv Up/Down State
172.16.10.1 65000 24 27 0 4 00:14:59 Established
# 以Leaf 1为例,查看VSI的详细信息,可以看到与VSI关联的VXLAN隧道和AC。
[Leaf1] display l2vpn vsi verbose
VSI Name: Auto_L3VNI10000_2
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : -
Broadcast Restrain : 5120 kbps
Multicast Restrain : 5120 kbps
Unknown Unicast Restrain: 5120 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : Unlimited
Drop Unknown : Disabled
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 10000
VSI Name: vsi1
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : 5120 kbps
Multicast Restrain : 5120 kbps
Unknown Unicast Restrain: 5120 kbps
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : Unlimited
Drop Unknown : Disabled
Flooding : Enabled
Statistics : Enabled
Input Statistics :
Octets :0
Packets :0
Errors :0
Discards :0
Output Statistics :
Octets :0
Packets :0
Errors :0
Discards :0
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
GE1/0/1 srv1 0 Up Manual
GE1/0/2 srv1 1 Up Manual
# 以Leaf 1为例,查看IGMP Snooping的状态信息,可以看到VSI内IGMP Snooping处于开启状态。
[Leaf1] display igmp-snooping vsi vsi1
IGMP snooping information: VSI vsi1
IGMP snooping: Enabled
Forwarding mode: IP
Drop-unknown: Enabled
Version: 2
Host-aging-time: 260s
Router-aging-time: 260s
Max-response-time: 10s
Last-member-query-interval: 1s
Querier: Enabled (IP:10.255.255.254, Expires: 00:01:39)
Querier-election: Disabled
Query-interval: 125s
General-query source IP: 10.255.255.254
Special-query source IP: 10.255.255.254
Report source IP: 10.255.255.254
Leave source IP: 10.255.255.254
Proxy: Enabled
IPP: -(Link ID: 0xffff)
# 在Leaf 1上查看动态IGMP Snooping组播组的信息,可以看到VSI实例vsi1内,接口GigabitEthernet1/0/1上Link ID为0的AC是组播组(0.0.0.0, 225.0.0.1)的成员端口,即Leaf 1接收到任意组播源发往225.0.0.1的组播流量后,会将该流量通过AC转发给组播接收者。
[Leaf1] display igmp-snooping group
Total 1 entries.
VSI vsi1: Total 1 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
GE1/0/1 (Link ID 0) (00:03:42)
# 在Leaf 1上查看EVPN的SMET路由信息,可以看到本地生成了SMET路由,该路由会发送给远端Leaf。
[Leaf1] display evpn route smet
VSI name: vsi1
Source address :
Group address : 225.0.0.1
Local version : v2
ACs :
AC Link ID Flags
GE1/0/1 srv1 0 Local
# 在Leaf 2上查看EVPN的SMET路由信息,可以看到Leaf 2接收到了Leaf 1发送SMET路由。
[Leaf2] display evpn route smet
VSI name: vsi1
Source address :
Group address : 225.0.0.1
Local version : -
Peers :
Nexthop Tunnel name Link ID Remote version
172.16.0.1 Tunnel0 0x5000000 v2
# 在Leaf 2上查看IGMP Snooping通过EVPN学习到的组播组信息,可以看到Leaf 2通过SMET路由生成了IGMP Snooping表项,该表项表示:VSI实例vsi1内,VXLAN隧道Tunnel0为组播组(0.0.0.0, 225.0.0.1)的成员端口,即Leaf 2接收到任意组播源发往225.0.0.1的组播流量后,会将该流量通过VXLAN隧道转发给远端Leaf。
[Leaf2] display igmp-snooping evpn-group
Total 1 entries.
VSI vsi1: Total 1 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 10)
· Leaf 1
#
sysname Leaf1
#
ip vpn-instance vpn1
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 172.16.0.1
#
ospf 1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 172.16.0.1 0.0.0.0
#
igmp-snooping
global-enable
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vsi1
gateway vsi-interface 1
statistics enable
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping drop-unknown
igmp-snooping querier
igmp-snooping proxy enable
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1000
#
service-instance 1
encapsulation s-vid 1000
statistics enable
xconnect vsi vsi1
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1001
#
service-instance 1
encapsulation s-vid 1001
statistics enable
xconnect vsi vsi1
#
interface LoopBack0
ip address 172.16.0.1 255.255.255.255
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable copper
ip address 12.1.1.1 255.255.255.0
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 10.255.255.254 255.0.0.0
mac-address 0000-0001-0001
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpn1
l3-vni 10000
#
bgp 65000
peer 172.16.10.1 as-number 65000
peer 172.16.10.1 connect-interface LoopBack0
peer 172.16.10.1 password cipher $c$3$cLxsbhBfj0xOTCgIQD1N6k3oJBamRAhZ5d8=
#
address-family l2vpn evpn
peer 172.16.10.1 enable
#
return
· Leaf 2
#
sysname Leaf2
#
ip vpn-instance vpn1
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 172.16.0.2
#
ospf 1
area 0.0.0.0
network 13.1.1.0 0.0.0.255
network 172.16.0.2 0.0.0.0
#
igmp-snooping
global-enable
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vsi1
gateway vsi-interface 1
statistics enable
arp suppression enable
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping drop-unknown
igmp-snooping querier
igmp-snooping proxy enable
#
interface LoopBack0
ip address 172.16.0.2 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 1002
storm-constrain control shutdown
#
service-instance 1
encapsulation s-vid 1002
statistics enable
xconnect vsi vsi1
#
interface GigabitEthernet1/0/3
port link-mode route
ip address 13.1.1.1 255.255.255.0
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 10.255.255.254 255.0.0.0
mac-address 0000-0001-0001
#
interface Vsi-interface2
ip binding vpn-instance vpn1
l3-vni 10000
#
bgp 65000
peer 172.16.10.1 as-number 65000
peer 172.16.10.1 connect-interface LoopBack0
peer 172.16.10.1 password cipher $c$3$saE3frSy9IuWBPp1FJT7L952YRagb0D9Ioo=
#
address-family l2vpn evpn
peer 172.16.10.1 enable
#
return
· RR
#
sysname RR
#
router id 172.16.10.1
#
ospf 1
area 0.0.0.0
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
network 172.16.10.1 0.0.0.0
#
interface LoopBack0
ip address 172.16.10.1 255.255.255.255
#
interface GigabitEthernet1/0/1
port link-mode route
ip address 12.1.1.3 255.255.255.0
#
interface GigabitEthernet1/0/2
port link-mode route
ip address 13.1.1.3 255.255.255.0
#
bgp 65000
group leaf internal
peer leaf connect-interface LoopBack0
peer leaf password cipher $c$3$91PuaavWEYHlqhaILQV5i5G828J3vG+g67I=
peer 172.16.0.1 group leaf
peer 172.16.0.2 group leaf
#
address-family l2vpn evpn
undo policy vpn-target
peer leaf enable
peer leaf reflect-client
#
return
Device A、Device B为DC 1的Leaf设备,用于用户的接入。Device C为DC 1的边缘设备(ED),用于DC间的互联。Device E为DC 2的Leaf设备,用于用户的接入;Device D为DC 2的边缘设备,用于DC间的互联。DC 1和DC 2内均使用L3VNI 1000。
Device A连接组播源Source,Device B和Device E分别连接组播接收者Receiver 1和Receiver 2。组播源Source位于VXLAN 11,Receiver 1位于VXLAN 12,Receiver 2位于VXLAN 21。组播接收者需要跨VXLAN网络、跨DC接收组播源发送的组播流量,即需要在DCI网络中实现EVPN组播流量的三层转发。
图2 EVPN三层组播DCI典型配置组网图
本举例中的数据规划如表2所示。
|
配置项 |
数据 |
|
DC所在的AS |
· DC 1:AS 100 · DC 2:AS 200 |
|
DC内及DC间的Underlay网络路由协议 |
· DC 1和DC 2内均运行OSPF(OSPF进程1区域0),实现DC内Underlay网络路由可达 · DC 1和DC 2之间运行BGP IPv4单播路由协议,实现DC间Underlay网络路由可达 |
|
组播源和组播接收者接入的VLAN、VXLAN及接入位置 |
· 组播源Source属于VLAN 11、VXLAN 11,通过GigabitEthernet1/0/1接口接入Device A · Receiver 1属于VLAN 12、VXLAN 12,通过GigabitEthernet1/0/1接口接入Device B · Receiver 2位于VLAN 21、VXLAN 21,通过GigabitEthernet1/0/1接口接入Device E |
|
组播源和组播接收者所属的VPN实例 |
DC 1和DC 2内组播源和组播接收者均属于VPN实例vpn1 |
|
EVPN分布式网关地址 |
· Device A:192.168.10.1/24 · Device B:192.168.20.1/24 · Device E:192.168.40.1/24 |
|
L3VNI |
DC 1和DC 2内均使用L3VNI 1000 |
|
Loopback接口地址 |
· Device A:Loopback0和Loopback1的接口地址均为1.1.1.1/32 · Device B:Loopback0和Loopback1的接口地址均为2.2.2.2/32 · Device C:Loopback0和Loopback1的接口地址均为77.77.77.77/32 · Device D:Loopback0和Loopback1的接口地址均为4.4.4.4/32 · Device E:Loopback0和Loopback1的接口地址均为88.88.88.88/32 其中,接口Loopback0属于公网,接口Loopback1属于VPN实例vpn1 |
|
Default-group地址 |
DC 1和DC 2内均为239.0.0.1 |
|
Data-group地址范围 |
DC 1和DC 2内均为239.1.1.0/24 |
为了实现跨VXLAN网络、跨DC转发组播流量,需要执行如下配置:
· Device A~Device E上均配置MDT模式的组播VXLAN功能,以实现跨VXLAN网络转发组播流量。
· Device A~Device E连接DC内设备的公网接口上均配置PIM-SM,Device E上使能IGMP Snooping功能,用于建立组播转发表项。连接DC外设备的公网接口(即ED间的接口)不需要使能PIM-SM,如果该接口上已使能了PIM SM功能,则需要执行pim bsr-boundary命令将ED配置为BSR的服务边界。
· 在ED(Device C和Device D)上使能DCI功能,以实现组播流量的跨DC转发。如果不同DC内相同VPN使用不同的L3VNI,则还需要在ED上通过peer re-originated命令配置EVPN路由重生成。
· 在ED上配置路由策略,使得ED从本DC内的其他ED、从其他DC内的ED接收到S-PMSI A-D路由和SMET路由后,不会再将该路由发送给ED设备(包括本DC内的ED和其他DC的ED)。
· 在Leaf(Device A、Device B和Device E)上通过s-pmsi advertise source-active命令配置通过S-PMSI路由通告激活组播源信息,以便Leaf和ED根据该路由确认组播源位于DC内还是DC外。
表3 适用产品及版本
|
产品 |
软件版本 |
|
S12500G-AF系列交换机 |
Release 7639P01及以上版本 |
|
S10500X系列交换机 |
Release 7639P01及以上版本 |
|
S12500-XS系列交换机 |
Release 7639P01及以上版本 |
|
S7600E-X系列交换机 |
Release 7639P01及以上版本 |
|
S7500X-X系列交换机 |
Release 7639P01及以上版本 |
|
S10500系列交换机 |
Release 7639P01及以上版本 |
|
S7600-X系列交换机 |
Release 7639P01及以上版本 |
|
S12500-S系列交换机 |
Release 7639P01及以上版本 |
|
S7500E-X系列交换机 |
Release 7639P01及以上版本 |
|
S7500E系列交换机 |
Release 7639P01及以上版本 |
|
S7500X系列交换机 |
Release 7639P01及以上版本 |
|
S7600系列交换机 |
Release 7639P01及以上版本 |
|
S7000ET系列交换机 |
不支持 |
不支持组播源和组播接收者直接连接在ED设备上。
通过BGP EVPN路由动态创建VXLAN-DCI隧道时,需要在ED间互连的三层接口上通过dci enable命令开启DCI功能。ED间手工创建VXLAN-DCI隧道时,不能在ED间互连的三层接口上开启DCI功能。
如果在Leaf设备上同时配置了s-pmsi advertise source-active命令和data-group命令,则Default-MDT向Data-MDT切换的延迟时间(由data-delay命令配置)必须大于BGP发布同一路由的时间间隔(由peer route-update-interval命令配置)。否则,通告Data-Group的S-PMSI路由可能会被BGP抑制发布,导致从Default-MDT向Data-MDT切换的过程中流量转发中断。
# 配置Loopback接口和Vlan-interface10接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceA
[DeviceA] interface loopback 0
[DeviceA-LoopBack0] ip address 1.1.1.1 255.255.255.255
[DeviceA-LoopBack0] quit
[DeviceA] vlan 10
[DeviceA-vlan10] port gigabitethernet 1/0/2
[DeviceA-vlan10] quit
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] ip address 11.1.1.1 24
[DeviceA-Vlan-interface10] quit
# 配置OSPF,使得Underlay网络路由可达。
[DeviceA] router id 1.1.1.1
[DeviceA] ospf
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[DeviceA-ospf-1-area-0.0.0.0] network 11.1.1.1 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
# 使能IP组播路由,并进入MRIB视图。
[DeviceA] multicast routing
[DeviceA-mrib] quit
# 在Loopback接口和Vlan-interface10接口上使能PIM SM。
[DeviceA] interface loopback 0
[DeviceA-LoopBack0] pim sm
[DeviceA-LoopBack0] quit
[DeviceA] interface vlan-interface 10
[DeviceA-Vlan-interface10] pim sm
[DeviceA-Vlan-interface10] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[DeviceA] ip vpn-instance vpn1
[DeviceA-vpn-instance-vpn1] route-distinguisher 1:1
[DeviceA-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[DeviceA-vpn-instance-vpn1] quit
# 开启L2VPN能力。
[DeviceA] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[DeviceA] vxlan tunnel mac-learning disable
[DeviceA] vxlan tunnel arp-learning disable
# 配置VSI虚接口VSI-interface1作为网关接口,并在该接口上开启PIM SM功能。
[DeviceA] interface vsi-interface 1
[DeviceA-Vsi-interface1] ip binding vpn-instance vpn1
[DeviceA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0
[DeviceA-Vsi-interface1] pim sm
[DeviceA-Vsi-interface1] distributed-gateway local
[DeviceA-Vsi-interface1] quit
# 配置VSI与VXLAN 11关联,并指定VSI网关接口为VSI虚接口1。
[DeviceA] vsi vpna
[DeviceA-vsi-vpna] gateway vsi-interface 1
[DeviceA-vsi-vpna] arp suppression enable
[DeviceA-vsi-vpna] vxlan 11
[DeviceA-vsi-vpna-vxlan-11] quit
[DeviceA-vsi-vpna] quit
# 配置VXLAN封装方式EVPN实例的RD和RT。
[DeviceA-vsi-vpna] evpn encapsulation vxlan
[DeviceA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[DeviceA-vsi-vpna-evpn-vxlan] vpn-target auto
[DeviceA-vsi-vpna-evpn-vxlan] quit
[DeviceA-vsi-vpna] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000,并在该接口上开启PIM SM功能。
[DeviceA] interface vsi-interface 2
[DeviceA-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceA-Vsi-interface2] l3-vni 1000
[DeviceA-Vsi-interface2] pim sm
[DeviceA-Vsi-interface2] quit
# 配置BGP发布EVPN路由。
[DeviceA] bgp 100
[DeviceA-bgp-default] peer 77.77.77.77 as-number 100
[DeviceA-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[DeviceA-bgp-default] address-family l2vpn evpn
[DeviceA-bgp-default-evpn] peer 77.77.77.77 enable
[DeviceA-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[DeviceA-bgp-default-evpn] quit
[DeviceA-bgp-default] quit
# 创建VLAN 11。
[DeviceA] vlan 11
[DeviceA-vlan11] quit
# 在接入服务器的接口GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 11的数据帧。
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] port link-type trunk
[DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 1 11
[DeviceA-GigabitEthernet1/0/1] service-instance 100
[DeviceA-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11
# 配置以太网服务实例100与VSI实例vpna关联。
[DeviceA-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[DeviceA-GigabitEthernet1/0/1-srv100] quit
# 全局开启IGMP Snooping。
[DeviceA] igmp-snooping
[DeviceA-igmp-snooping] global-enable
[DeviceA-igmp-snooping] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[DeviceA] vsi vpna
[DeviceA-vsi-vpna] igmp-snooping enable
[DeviceA-vsi-vpna] igmp-snooping proxy enable
[DeviceA-vsi-vpna] quit
# 使能VPN实例vpn1的IP组播路由功能。
[DeviceA] multicast routing vpn-instance vpn1
[DeviceA-mrib-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能,并配置由Default-MDT向Data-MDT切换的延迟时间为20秒(大于BGP发布同一路由的缺省时间间隔15秒)。
[DeviceA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceA-mvxlan-vpn1] address-family ipv4
[DeviceA-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[DeviceA-mvxlan-vpn1-ipv4] source loopback 0
[DeviceA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[DeviceA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[DeviceA-mvxlan-vpn1-ipv4] data-delay 20
[DeviceA-mvxlan-vpn1-ipv4] quit
[DeviceA-mvxlan-vpn1] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[DeviceA] interface loopback 1
[DeviceA-LoopBack1] ip binding vpn-instance vpn1
[DeviceA-LoopBack1] ip address 1.1.1.1 32
[DeviceA-LoopBack1] pim sm
[DeviceA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[DeviceA] pim vpn-instance vpn1
[DeviceA-pim-vpn1] c-bsr 1.1.1.1
[DeviceA-pim-vpn1] c-rp 1.1.1.1
[DeviceA-pim-vpn1] quit
# 配置Loopback接口和Vlan-interface20接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceB
[DeviceB] interface loopback 0
[DeviceB-LoopBack0] ip address 2.2.2.2 255.255.255.255
[DeviceB-LoopBack0] quit
[DeviceB] vlan 20
[DeviceB-vlan20] port gigabitethernet 1/0/2
[DeviceB-vlan20] quit
[DeviceB] interface vlan-interface 20
[DeviceB-Vlan-interface20] ip address 12.1.1.2 24
[DeviceB-Vlan-interface20] quit
# 配置OSPF,使得Underlay网络路由可达。
[DeviceB] router id 2.2.2.2
[DeviceB] ospf
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[DeviceB-ospf-1-area-0.0.0.0] network 12.1.1.2 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
# 使能IP组播路由,并进入MRIB视图。
[DeviceB] multicast routing
[DeviceB-mrib] quit
# 在Loopback接口和Vlan-interface20接口上使能PIM SM。
[DeviceB] interface loopback 0
[DeviceB-LoopBack0] pim sm
[DeviceB-LoopBack0] quit
[DeviceB] interface vlan-interface 20
[DeviceB-Vlan-interface20] pim sm
[DeviceB-Vlan-interface20] quit
# 配置VPN实例的RD和RT。
[DeviceB] ip vpn-instance vpn1
[DeviceB-vpn-instance-vpn1] route-distinguisher 1:2
[DeviceB-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[DeviceB-vpn-instance-vpn1] quit
# 开启L2VPN能力。
[DeviceB] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[DeviceB] vxlan tunnel mac-learning disable
[DeviceB] vxlan tunnel arp-learning disable
# 配置VSI虚接口VSI-interface1作为网关接口,并在该接口上开启PIM SM和IGMP功能。
[DeviceB] interface vsi-interface 1
[DeviceB-Vsi-interface1] ip binding vpn-instance vpn1
[DeviceB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0
[DeviceB-Vsi-interface1] pim sm
[DeviceB-Vsi-interface1] igmp enable
[DeviceB-Vsi-interface1] distributed-gateway local
[DeviceB-Vsi-interface1] quit
# 配置VSI与VXLAN 12关联,并指定VSI网关接口为VSI虚接口1。
[DeviceB] vsi vpna
[DeviceB-vsi-vpna] gateway vsi-interface 1
[DeviceB-vsi-vpna] arp suppression enable
[DeviceB-vsi-vpna] vxlan 12
[DeviceB-vsi-vpna-vxlan-12] quit
[DeviceB-vsi-vpna] quit
# 配置VXLAN封装方式EVPN实例的RD和RT。
[DeviceB-vsi-vpna] evpn encapsulation vxlan
[DeviceB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[DeviceB-vsi-vpna-evpn-vxlan] vpn-target auto
[DeviceB-vsi-vpna-evpn-vxlan] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000,并在该接口上开启PIM SM功能。
[DeviceB] interface vsi-interface 2
[DeviceB-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceB-Vsi-interface2] l3-vni 1000
[DeviceB-Vsi-interface2] pim sm
[DeviceB-Vsi-interface2] quit
# 配置BGP发布EVPN路由。
[DeviceB] bgp 100
[DeviceB-bgp-default] peer 77.77.77.77 as-number 100
[DeviceB-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[DeviceB-bgp-default] address-family l2vpn evpn
[DeviceB-bgp-default-evpn] peer 77.77.77.77 enable
[DeviceB-bgp-default-evpn] peer 77.77.77.77 next-hop-local
[DeviceB-bgp-default-evpn] quit
[DeviceB-bgp-default] quit
# 创建VLAN 12。
[DeviceB] vlan 12
[DeviceB-vlan12] quit
# 在接入服务器的接口GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 12的数据帧。
[DeviceB] interface gigabitethernet 1/0/1
[DeviceB-GigabitEthernet1/0/1] port link-type trunk
[DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 1 12
[DeviceB-GigabitEthernet1/0/1] service-instance 100
[DeviceB-GigabitEthernet1/0/1-srv100] encapsulation s-vid 12
# 配置以太网服务实例100与VSI实例vpna关联。
[DeviceB-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[DeviceB-GigabitEthernet1/0/1-srv100] quit
# 全局开启IGMP Snooping。
[DeviceB] igmp-snooping
[DeviceB-igmp-snooping] global-enable
[DeviceB-igmp-snooping] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[DeviceB] vsi vpna
[DeviceB-vsi-vpna] igmp-snooping enable
[DeviceB-vsi-vpna] igmp-snooping proxy enable
[DeviceB-vsi-vpna] quit
# 使能VPN实例vpn1的IP组播路由功能。
[DeviceB] multicast routing vpn-instance vpn1
[DeviceB-mrib-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[DeviceB] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceB-mvxlan-vpn1] address-family ipv4
[DeviceB-mvxlan-vpn1-ipv4] source loopback 0
[DeviceB-mvxlan-vpn1-ipv4] quit
[DeviceB-mvxlan-vpn1] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[DeviceB] interface loopback 1
[DeviceB-LoopBack1] ip binding vpn-instance vpn1
[DeviceB-LoopBack1] ip address 2.2.2.2 32
[DeviceB-LoopBack1] pim sm
[DeviceB-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[DeviceB] pim vpn-instance vpn1
[DeviceB-pim-vpn1] c-bsr 2.2.2.2
[DeviceB-pim-vpn1] c-rp 2.2.2.2
[DeviceB-pim-vpn1] quit
# 配置Loopback接口和VLAN接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceC
[DeviceC] interface loopback 0
[DeviceC-LoopBack0] ip address 77.77.77.77 255.255.255.255
[DeviceC-LoopBack0] quit
[DeviceC] vlan 10
[DeviceC-vlan10] port gigabitethernet 1/0/1
[DeviceC-vlan10] quit
[DeviceC] interface vlan-interface 10
[DeviceC-Vlan-interface10] ip address 11.1.1.3 24
[DeviceC-Vlan-interface10] quit
[DeviceC] vlan 20
[DeviceC-vlan20] port gigabitethernet 1/0/2
[DeviceC-vlan20] quit
[DeviceC] interface vlan-interface 20
[DeviceC-Vlan-interface20] ip address 12.1.1.3 24
[DeviceC-Vlan-interface20] quit
[DeviceC] vlan 70
[DeviceC-vlan70] port gigabitethernet 1/0/3
[DeviceC-vlan70] quit
[DeviceC] interface vlan-interface 70
[DeviceC-Vlan-interface70] ip address 78.1.1.3 24
[DeviceC-Vlan-interface70] quit
# 配置OSPF,使得DC内路由可达。
[DeviceC] router id 77.77.77.77
[DeviceC] ospf
[DeviceC-ospf-1] area 0
[DeviceC-ospf-1-area-0.0.0.0] network 77.77.77.77 0.0.0.0
[DeviceC-ospf-1-area-0.0.0.0] network 11.1.1.3 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] network 12.1.1.3 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] quit
[DeviceC-ospf-1] quit
# 配置Device C与Device D建立EBGP邻居,交互IPv4单播路由,使得DC间路由可达。
[DeviceC] bgp 100
[DeviceC-bgp-default] peer 88.88.88.88 as-number 200
[DeviceC-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[DeviceC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64
[DeviceC-bgp-default] address-family ipv4 unicast
[DeviceC-bgp-default-ipv4] peer 88.88.88.88 enable
[DeviceC-bgp-default-ipv4] network 88.88.88.88 32
[DeviceC-bgp-default-ipv4] network 78.1.1.3 24
[DeviceC-bgp-default-ipv4] quit
[DeviceC-bgp-default] quit
# 使能IP组播路由,并进入MRIB视图。
[DeviceC] multicast routing
[DeviceC-mrib] quit
# 在Loopback接口、Vlan-interface10接口和Vlan-interface20接口上使能PIM SM。
[DeviceC] interface loopback 0
[DeviceC-LoopBack0] pim sm
[DeviceC-LoopBack0] quit
[DeviceC] interface vlan-interface 10
[DeviceC-Vlan-interface10] pim sm
[DeviceC-Vlan-interface10] quit
[DeviceC] interface vlan-interface 20
[DeviceC-Vlan-interface20] pim sm
[DeviceC-Vlan-interface20] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[DeviceC] ip vpn-instance vpn1
[DeviceC-vpn-instance-vpn1] route-distinguisher 1:3
[DeviceC-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity
[DeviceC-vpn-instance-vpn1] quit
# 开启L2VPN能力。
[DeviceC] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[DeviceC] vxlan tunnel mac-learning disable
[DeviceC] vxlan tunnel arp-learning disable
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000,并在该接口上开启PIM SM功能。
[DeviceC] interface vsi-interface 2
[DeviceC-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceC-Vsi-interface2] l3-vni 1000
[DeviceC-Vsi-interface2] pim sm
[DeviceC-Vsi-interface2] quit
# 将Device A和Device B加入IBGP对等体组group1。
[DeviceC] bgp 100
[DeviceC-bgp-default] group group1 internal
[DeviceC-bgp-default] peer group1 connect-interface loopback 0
[DeviceC-bgp-default] peer 1.1.1.1 group group1
[DeviceC-bgp-default] peer 2.2.2.2 group group1
# 配置Device C作为路由反射器与对等体组group1建立BGP EVPN邻居,并配置向对等体组group1发布路由时将下一跳地址修改为本地地址。
[DeviceC-bgp-default] address-family l2vpn evpn
[DeviceC-bgp-default-evpn] peer group1 enable
[DeviceC-bgp-default-evpn] peer group1 next-hop-local
[DeviceC-bgp-default-evpn] peer group1 reflect-client
# 配置Device C与Device D建立BGP EVPN邻居,并配置向Device D发布路由、将从Device D接收到的路由发布给其他对等体时,将路由的Router MAC修改为自身的Router MAC地址。
[DeviceC-bgp-default-evpn] peer 88.88.88.88 enable
[DeviceC-bgp-default-evpn] peer 88.88.88.88 router-mac-local
[DeviceC-bgp-default-evpn] quit
[DeviceC-bgp-default] quit
# 全局开启IGMP Snooping。
[DeviceC] igmp-snooping
[DeviceC-igmp-snooping] global-enable
[DeviceC-igmp-snooping] quit
# 使能VPN实例vpn1的IP组播路由功能。
[DeviceC] multicast routing vpn-instance vpn1
[DeviceC-mrib-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口,并开启组播DCI功能。
[DeviceC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceC-mvxlan-vpn1] address-family ipv4
[DeviceC-mvxlan-vpn1-ipv4] source loopback 0
[DeviceC-mvxlan-vpn1-ipv4] dci enable
[DeviceC-mvxlan-vpn1-ipv4] quit
[DeviceC-mvxlan-vpn1] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[DeviceC] interface loopback 1
[DeviceC-LoopBack1] ip binding vpn-instance vpn1
[DeviceC-LoopBack1] ip address 77.77.77.77 32
[DeviceC-LoopBack1] pim sm
[DeviceC-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[DeviceC] pim vpn-instance vpn1
[DeviceC-pim-vpn1] c-bsr 77.77.77.77
[DeviceC-pim-vpn1] c-rp 77.77.77.77
[DeviceC-pim-vpn1] quit
# 在与外部ED连接的物理口上开启DCI功能。
[DeviceC] interface vlan-interface 70
[DeviceC-Vlan-interface70] dci enable
[DeviceC] quit
# 配置Loopback接口和VLAN接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceD
[DeviceD] interface loopback 0
[DeviceD-LoopBack0] ip address 88.88.88.88 255.255.255.255
[DeviceD-LoopBack0] quit
[DeviceD] vlan 20
[DeviceD-vlan10] port gigabitethernet 1/0/1
[DeviceD-vlan20] quit
[DeviceD] interface vlan-interface 20
[DeviceD-Vlan-interface20] ip address 22.1.1.2 24
[DeviceD-Vlan-interface20] quit
[DeviceD] vlan 70
[DeviceD-vlan70] port gigabitethernet 1/0/2
[DeviceD-vlan70] quit
[DeviceD] interface vlan-interface 70
[DeviceD-Vlan-interface70] ip address 78.1.1.2 24
[DeviceD-Vlan-interface70] quit
# 配置OSPF,使得DC内路由可达。
[DeviceD] router id 88.88.88.88
[DeviceD] ospf
[DeviceD-ospf-1] area 0
[DeviceD-ospf-1-area-0.0.0.0] network 88.88.88.88 0.0.0.0
[DeviceD-ospf-1-area-0.0.0.0] network 22.1.1.2 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.0] quit
[DeviceD-ospf-1] quit
# 配置Device C与Device D建立EBGP邻居,交互IPv4单播路由,使得DC间路由可达。
[DeviceD] bgp 200
[DeviceD-bgp-default] peer 77.77.77.77 as-number 100
[DeviceD-bgp-default] peer 77.77.77.77 connect-interface loopback 0
[DeviceD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64
[DeviceD-bgp-default] address-family ipv4 unicast
[DeviceD-bgp-default-ipv4] peer 77.77.77.77 enable
[DeviceD-bgp-default-ipv4] network 77.77.77.77 32
[DeviceD-bgp-default-ipv4] network 78.1.1.2 24
[DeviceD-bgp-default-ipv4] quit
[DeviceD-bgp-default] quit
# 使能IP组播路由,并进入MRIB视图。
[DeviceD] multicast routing
[DeviceD-mrib] quit
# 在Loopback接口和Vlan-interface20接口上使能PIM SM。
[DeviceD] interface loopback 0
[DeviceD-LoopBack0] pim sm
[DeviceD-LoopBack0] quit
[DeviceD] interface vlan-interface 20
[DeviceD-Vlan-interface20] pim sm
[DeviceD-Vlan-interface20] quit
# 创建VPN实例vpn1,并配置VPN实例的RD和RT。
[DeviceD] ip vpn-instance vpn1
[DeviceD-vpn-instance-vpn1] route-distinguisher 2:1
[DeviceD-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[DeviceD-vpn-instance-vpn1] quit
# 开启L2VPN能力。
[DeviceD] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[DeviceD] vxlan tunnel mac-learning disable
[DeviceD] vxlan tunnel arp-learning disable
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000,并在该接口上开启PIM SM功能。
[DeviceD] interface vsi-interface 2
[DeviceD-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceD-Vsi-interface2] l3-vni 1000
[DeviceD-Vsi-interface2] pim sm
[DeviceD-Vsi-interface2] quit
# 配置Device E为IBGP邻居。
[DeviceD] bgp 200
[DeviceD-bgp-default] peer 4.4.4.4 as-number 200
[DeviceD-bgp-default] peer 4.4.4.4 connect-interface loopback 0
# 配置Device D与Device E建立BGP EVPN邻居,并配置向Device E发布路由时将下一跳地址修改为本地地址。
[DeviceD-bgp-default] address-family l2vpn evpn
[DeviceD-bgp-default-evpn] peer 4.4.4.4 enable
[DeviceD-bgp-default-evpn] peer 4.4.4.4 next-hop-local
# 配置Device D与Device C建立BGP EVPN邻居,并配置向Device C发布路由、将从Device C接收到的路由发布给其他对等体时,将路由的Router MAC修改为自身的Router MAC地址。
[DeviceD-bgp-default-evpn] peer 77.77.77.77 enable
[DeviceD-bgp-default-evpn] peer 77.77.77.77 router-mac-local
[DeviceD-bgp-default-evpn] quit
[DeviceD-bgp-default] quit
# 全局开启IGMP Snooping。
[DeviceD] igmp-snooping
[DeviceD-igmp-snooping] global-enable
[DeviceD-igmp-snooping] quit
# 使能VPN实例vpn1的IP组播路由功能。
[DeviceD] multicast routing vpn-instance vpn1
[DeviceD-mrib-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。Device D上配置的Data-Group范围必须与Device A上配置的Data-Group范围一致,否则可能会导致流量转发失败。
[DeviceD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceD-mvxlan-vpn1] address-family ipv4
[DeviceD-mvxlan-vpn1-ipv4] default-group 239.0.0.1
[DeviceD-mvxlan-vpn1-ipv4] source loopback 0
[DeviceD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24
[DeviceD-mvxlan-vpn1-ipv4] dci enable
[DeviceD-mvxlan-vpn1-ipv4] quit
[DeviceD-mvxlan-vpn1] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[DeviceD] interface loopback 1
[DeviceD-LoopBack1] ip binding vpn-instance vpn1
[DeviceD-LoopBack1] ip address 88.88.88.88 32
[DeviceD-LoopBack1] pim sm
[DeviceD-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[DeviceD] pim vpn-instance vpn1
[DeviceD-pim-vpn1] c-bsr 88.88.88.88
[DeviceD-pim-vpn1] c-rp 88.88.88.88
[DeviceD-pim-vpn1] quit
# 在与外部ED连接的物理口上开启DCI功能。
[DeviceD] interface vlan-interface 70
[DeviceD-Vlan-interface70] dci enable
[DeviceD-Vlan-interface70] quit
# 配置Loopback接口和Vlan-interface20接口的IP地址。
<Sysname> system-view
[Sysname] sysname DeviceE
[DeviceE] interface loopback 0
[DeviceE-LoopBack0] ip address 4.4.4.4 255.255.255.255
[DeviceE-LoopBack0] quit
[DeviceE] vlan 20
[DeviceE-vlan20] port gigabitethernet 1/0/2
[DeviceE-vlan20] quit
[DeviceE] interface vlan-interface 20
[DeviceE-Vlan-interface20] ip address 22.1.1.1 24
[DeviceE-Vlan-interface20] quit
# 配置OSPF,使得Underlay网络路由可达。
[DeviceE] router id 4.4.4.4
[DeviceE] ospf
[DeviceE-ospf-1] area 0
[DeviceE-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[DeviceE-ospf-1-area-0.0.0.0] network 22.1.1.1 0.0.0.255
[DeviceE-ospf-1-area-0.0.0.0] quit
[DeviceE-ospf-1] quit
# 使能IP组播路由,并进入MRIB视图。
[DeviceE] multicast routing
[DeviceE-mrib] quit
# 在Loopback接口和Vlan-interface20接口上使能PIM SM。
[DeviceE] interface loopback 0
[DeviceE-LoopBack0] pim sm
[DeviceE-LoopBack0] quit
[DeviceE] interface vlan-interface 20
[DeviceE-Vlan-interface20] pim sm
[DeviceE-Vlan-interface20] quit
# 配置VPN实例的RD和RT。
[DeviceE] ip vpn-instance vpn1
[DeviceE-vpn-instance-vpn1] route-distinguisher 2:3
[DeviceE-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity
[DeviceE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity
[DeviceE-vpn-instance-vpn1] quit
# 开启L2VPN能力。
[DeviceE] l2vpn enable
# 关闭远端MAC地址和远端ARP自动学习功能。
[DeviceE] vxlan tunnel mac-learning disable
[DeviceE] vxlan tunnel arp-learning disable
# 配置VSI虚接口VSI-interface1作为网关接口,并在该接口上开启PIM SM和IGMP功能。
[DeviceE] interface vsi-interface 1
[DeviceE-Vsi-interface1] ip binding vpn-instance vpn1
[DeviceE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0
[DeviceE-Vsi-interface1] pim sm
[DeviceE-Vsi-interface1] igmp enable
[DeviceE-Vsi-interface1] distributed-gateway local
[DeviceE-Vsi-interface1] quit
# 配置VSI与VXLAN 21关联,并指定VSI网关接口为VSI虚接口1。
[DeviceE] vsi vpna
[DeviceE-vsi-vpna] gateway vsi-interface 1
[DeviceE-vsi-vpna] arp suppression enable
[DeviceE-vsi-vpna] vxlan 21
[DeviceE-vsi-vpna-vxlan-21] quit
# 配置VXLAN封装方式EVPN实例的RD和RT。
[DeviceE-vsi-vpna] evpn encapsulation vxlan
[DeviceE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[DeviceE-vsi-vpna-evpn-vxlan] vpn-target auto
[DeviceE-vsi-vpna-evpn-vxlan] quit
[DeviceE-vsi-vpna] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000,并在该接口上开启PIM SM功能。
[DeviceE] interface vsi-interface 2
[DeviceE-Vsi-interface2] ip binding vpn-instance vpn1
[DeviceE-Vsi-interface2] l3-vni 1000
[DeviceE-Vsi-interface2] pim sm
[DeviceE-Vsi-interface2] quit
# 配置BGP发布EVPN路由。
[DeviceE] bgp 200
[DeviceE-bgp-default] peer 88.88.88.88 as-number 200
[DeviceE-bgp-default] peer 88.88.88.88 connect-interface loopback 0
[DeviceE-bgp-default] address-family l2vpn evpn
[DeviceE-bgp-default-evpn] peer 88.88.88.88 enable
[DeviceE-bgp-default-evpn] peer 88.88.88.88 next-hop-local
[DeviceE-bgp-default-evpn] quit
[DeviceE-bgp-default] quit
# 创建VLAN 21。
[DeviceE] vlan 21
[DeviceE-vlan21] quit
# 在接入服务器的接口GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 21的数据帧。
[DeviceE] interface gigabitethernet 1/0/1
[DeviceE-GigabitEthernet1/0/1] port link-type trunk
[DeviceE-GigabitEthernet1/0/1] port trunk permit vlan 1 21
[DeviceE-GigabitEthernet1/0/1] service-instance 100
[DeviceE-GigabitEthernet1/0/1-srv100] encapsulation s-vid 21
# 配置以太网服务实例100与VSI实例vpna关联。
[DeviceE-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[DeviceE-GigabitEthernet1/0/1-srv100] quit
# 全局开启IGMP Snooping。
[DeviceE] igmp-snooping
[DeviceE-igmp-snooping] global-enable
[DeviceE-igmp-snooping] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[DeviceE] vsi vpna
[DeviceE-vsi-vpna] igmp-snooping enable
[DeviceE-vsi-vpna] igmp-snooping proxy enable
[DeviceE-vsi-vpna] quit
# 使能VPN实例vpn1的IP组播路由功能。
[DeviceE] multicast routing vpn-instance vpn1
[DeviceE-mrib-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[DeviceE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[DeviceE-mvxlan-vpn1] address-family ipv4
[DeviceE-mvxlan-vpn1-ipv4] source loopback 0
[DeviceE-mvxlan-vpn1-ipv4] quit
[DeviceE-mvxlan-vpn1] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[DeviceE] interface loopback 1
[DeviceE-LoopBack1] ip binding vpn-instance vpn1
[DeviceE-LoopBack1] ip address 4.4.4.4 32
[DeviceE-LoopBack1] pim sm
[DeviceE-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[DeviceE] pim vpn-instance vpn1
[DeviceE-pim-vpn1] c-bsr 4.4.4.4
[DeviceE-pim-vpn1] c-rp 4.4.4.4
[DeviceE-pim-vpn1] quit
Source发送组播流量(192.168.10.2, 225.0.0.1)。Receiver 1和Receiver 2加入组225.0.0.1,可以接收到组播流量。各设备上的组播路由信息如下所示。
(1) 查看Leaf设备上的组播路由信息。(以Device A为例,Device B和Device E的显示信息与此类似)
# 查看Device A上VPN实例vpn1的组播路由信息,可以看到私网组播组(*, 225.0.0.1)和(192.168.10.2, 225.0.0.1)的下游接口为组播隧道接口(Mtunnel0或Mtunnel1)。
<DeviceA> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:19:10
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 01:19:10, Expires: -
(192.168.10.2, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 03:27:40
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 01:19:06, Expires: -
# 查看Device A的公网组播路由信息,可以看到公网上建立了以1.1.1.1/2.2.2.2/77.77.77.77为根、Default-group地址为目的地址的Default-MDT,以及以1.1.1.1为根、Data-group地址为目的地址的Data-MDT。
<DeviceA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:43:30
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:19:18, Expires: 00:03:15
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:42
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:42, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:19:16
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.2
RPF prime neighbor: 11.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:19:16, Expires: -
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:19:16
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:19:01, Expires: 00:02:30
(2) 查看ED上的组播路由信息。(以Device C为例,Device D的显示信息与此类似)
# 查看Device C的VPN实例vpn1的组播路由信息,可以看到私网组播组(*, 225.0.0.1)和(192.168.10.2, 225.0.0.1)的下游接口为VSI虚接口或组播隧道接口。
<DeviceC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 01:18:39
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 01:18:39, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 01:18:05, Expires: -
(192.168.10.2, 225.0.0.1)
RP: 77.77.77.77 (local)
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 01:18:39
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: MD, UpTime: 01:18:39, Expires: -
# 查看Device C的公网组播路由信息,可以看到公网上建立了以1.1.1.1/2.2.2.2/77.77.77.77为根、Default-group地址为目的地址的Default-MDT,以及以1.1.1.1为根、Data-group地址为目的地址的Data-MDT。
<DeviceC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:46
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:44, Expires: -
(2.2.2.2, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:11
Upstream interface: Vlan-interface20
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:15
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:11, Expires: -
(77.77.77.77, 239.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 01:19:30
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface10
Protocol: pim-sm, UpTime: 01:18:44, Expires: 00:02:42
2: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
(1.1.1.1, 239.1.1.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 01:18:46
Upstream interface: Vlan-interface10
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface20
Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17
2: MVXLAN-UPE0
Protocol: MD, UpTime: 01:18:30, Expires: -
# 查看Device C上IGMP Snooping通过EVPN学习到的组播组信息。
<DeviceC> display igmp-snooping evpn-group
Total 2 entries.
VSI Auto_L3VNI1000_2: Total 2 entries.
(0.0.0.0, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 1000)
(192.168.10.2, 225.0.0.1)
Host ports (1 in total):
Tun0 (VXLAN ID 1000)
· Device A
#
sysname DeviceA
#
ip vpn-instance vpn1
route-distinguisher 1:1
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 1.1.1.1
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.1.1.0 0.0.0.255
#
igmp-snooping
global-enable
#
vlan 10 to 11
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
arp suppression enable
vxlan 11
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping proxy enable
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 1.1.1.1 255.255.255.255
pim sm
#
interface Vlan-interface10
ip address 11.1.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 11
combo enable copper
#
service-instance 1000
encapsulation s-vid 11
xconnect vsi vpna
#
interface GigabitEthernet1/0/2
port access vlan 10
combo enable copper
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 192.168.10.1 255.255.255.0
pim sm
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 100
peer 77.77.77.77 as-number 100
peer 77.77.77.77 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 77.77.77.77 enable
peer 77.77.77.77 next-hop-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 1.1.1.1
c-rp 1.1.1.1
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
default-group 239.0.0.1
data-group 239.1.1.0 255.255.255.0
data-delay 20
s-pmsi advertise source-active
#
return
· Device B
#
sysname DeviceB
#
ip vpn-instance vpn1
route-distinguisher 1:2
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 2.2.2.2
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
igmp-snooping
global-enable
#
vlan 12
#
vlan 20
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
arp suppression enable
vxlan 12
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping proxy enable
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 2.2.2.2 255.255.255.255
pim sm
#
interface Vlan-interface20
ip address 12.1.1.2 255.255.255.0
pim sm
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 12
combo enable copper
#
service-instance 100
encapsulation s-vid 12
xconnect vsi vpna
#
interface GigabitEthernet1/0/2
port access vlan 20
combo enable copper
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 192.168.20.1 255.255.255.0
pim sm
igmp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 100
peer 77.77.77.77 as-number 100
peer 77.77.77.77 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 77.77.77.77 enable
peer 77.77.77.77 next-hop-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 2.2.2.2
c-rp 2.2.2.2
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
#
return
· Device C
#
sysname DeviceC
#
ip vpn-instance vpn1
route-distinguisher 1:3
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 77.77.77.77
#
ospf 1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 77.77.77.77 0.0.0.0
#
igmp-snooping
global-enable
#
vlan 10
#
vlan 20
#
vlan 70
#
l2vpn enable
vxlan tunnel arp-learning disable
#
interface LoopBack0
ip address 77.77.77.77 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 77.77.77.77 255.255.255.255
pim sm
#
interface Vlan-interface10
ip address 11.1.1.3 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 12.1.1.3 255.255.255.0
pim sm
#
interface Vlan-interface70
ip address 78.1.1.3 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 10
combo enable copper
#
interface GigabitEthernet1/0/2
port access vlan 20
combo enable copper
#
interface GigabitEthernet1/0/3
port access vlan 70
combo enable copper
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 100
group group1 internal
peer group1 connect-interface LoopBack0
peer 1.1.1.1 group group1
peer 2.2.2.2 group group1
peer 88.88.88.88 as-number 200
peer 88.88.88.88 connect-interface LoopBack0
peer 88.88.88.88 ebgp-max-hop 64
#
address-family ipv4 unicast
network 78.1.1.0 255.255.255.0
network 88.88.88.88 255.255.255.255
peer 88.88.88.88 enable
#
address-family l2vpn evpn
peer group1 enable
peer group1 next-hop-local
peer group1 reflect-client
peer 88.88.88.88 enable
peer 88.88.88.88 router-mac-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 77.77.77.77
c-rp 77.77.77.77
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
dci enable
#
return
· Device D
#
sysname DeviceD
#
ip vpn-instance vpn1
route-distinguisher 2:1
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 88.88.88.88
#
ospf 1
area 0.0.0.0
network 22.1.1.0 0.0.0.255
network 88.88.88.88 0.0.0.0
#
igmp-snooping
global-enable
#
vlan 20
#
vlan 70
#
l2vpn enable
vxlan tunnel arp-learning disable
#
interface LoopBack0
ip address 88.88.88.88 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 88.88.88.88 255.255.255.255
pim sm
#
interface Vlan-interface20
ip address 22.1.1.2 255.255.255.0
pim sm
#
interface Vlan-interface70
ip address 78.1.1.2 255.255.255.0
#
interface GigabitEthernet1/0/1
port access vlan 20
combo enable copper
#
interface GigabitEthernet1/0/2
port access vlan 70
combo enable copper
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
peer 77.77.77.77 as-number 100
peer 77.77.77.77 connect-interface LoopBack0
peer 77.77.77.77 ebgp-max-hop 64
#
address-family ipv4 unicast
network 77.77.77.77 255.255.255.255
network 78.1.1.0 255.255.255.0
peer 77.77.77.77 enable
#
address-family l2vpn evpn
peer 4.4.4.4 enable
peer 4.4.4.4 next-hop-local
peer 77.77.77.77 enable
peer 77.77.77.77 router-mac-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 88.88.88.88
c-rp 88.88.88.88
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
default-group 239.0.0.1
data-group 239.1.1.0 255.255.255.0
dci enable
#
return
· Device E
#
sysname DeviceE
#
ip vpn-instance vpn1
route-distinguisher 2:3
vpn-target 10:10 20:20 30:30 import-extcommunity
vpn-target 10:10 export-extcommunity
#
vxlan tunnel mac-learning disable
#
router id 4.4.4.4
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 22.1.1.0 0.0.0.255
#
igmp-snooping
global-enable
#
vlan 20 to 21
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
arp suppression enable
vxlan 21
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
igmp-snooping enable
igmp-snooping proxy enable
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
pim sm
#
interface LoopBack1
ip binding vpn-instance vpn1
ip address 4.4.4.4 255.255.255.255
pim sm
#
interface Vlan-interface20
ip address 22.1.1.1 255.255.255.0
pim sm
#
interface GigabitEthernet1/0/1
port link-type trunk
port trunk permit vlan 1 21
combo enable copper
#
service-instance 100
encapsulation s-vid 21
xconnect vsi vpna
#
interface GigabitEthernet1/0/2
port access vlan 20
combo enable copper
#
interface Vsi-interface1
ip binding vpn-instance vpn1
ip address 192.168.40.1 255.255.255.0
pim sm
igmp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpn1
pim sm
l3-vni 1000
#
bgp 200
peer 88.88.88.88 as-number 200
peer 88.88.88.88 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 88.88.88.88 enable
peer 88.88.88.88 next-hop-local
#
multicast routing
#
multicast routing vpn-instance vpn1
#
pim vpn-instance vpn1
c-bsr 4.4.4.4
c-rp 4.4.4.4
#
multicast-vpn vxlan vpn-instance vpn1 mode mdt
address-family ipv4
source LoopBack0
#
return
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
