- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
04-组播VXLAN配置
本章节下载: 04-组播VXLAN配置 (709.34 KB)
MVXLAN(Multicast VXLAN,组播VXLAN)是在EVPN VXLAN网络中实现组播业务传输的技术。MVXLAN结合组播和EVPN VXLAN技术的优点,在VXLAN网络中完成点到多点的高效数据传输。
仅Release 6616及以上版本支持组播VXLAN功能。
目前,MVXLAN仅支持IPv4 Underlay网络,不支持IPv6 Underlay网络。
当Mtunnel的下一跳对应underlay网络的多个下一跳时,建议所有下一跳的入接口使用相同的接口类型,类型如下:
· 路由接口
· 路由子接口和VLAN虚接口。
组播VXLAN具有如下优点:
· 按需转发组播流量:使用BGP EVPN路由和PIM协议搭建组播分发树、控制接收者加入或离开组播组,实现按需转发组播流量。
· 不同VXLAN之间可以转发组播流量:通过部署分布式EVPN网关,实现组播流量跨VXLAN的三层转发。
如图1-1所示,VTEP均为分布式EVPN网关,VTEP间建立MVXLAN隧道。VTEP上创建MVXLAN实例指导组播流量转发,通过本地AC和MVXLAN隧道分别将组播流量转发至本地接收者和远端VTEP。有关VTEP、VSI、VXLAN的详细介绍,请参见“VXLAN配置指导”中的“VXLAN”。有关EVPN的详细介绍,请参见“EVPN配置指导”中的“EVPN”。
· MDT(Multicast Distribution Tree,组播分发树):建立在属于同一MVXLAN内所有VTEP间的组播分发树,包括Default-MDT和Data-MDT两种。
· Default-Group(默认组):每个MVXLAN在公网上分配一个独立的组播组,称为Default-Group。它是MVXLAN在公网上的唯一标志,用来在公网上建立MVXLAN所对应的Default-MDT。无论私网组播报文属于哪个组播组,VTEP都统一将其封装为普通的公网组播数据报文,并以Default-Group作为其所属的公网组播组。
· Default-MDT(Default-Multicast Distribution Tree,默认组播分发树):以Default-Group为组地址的MDT,称为Default-MDT。MVXLAN使用Default-Group唯一标识一棵Default-MDT。在该MVXLAN中传输的所有私网组播报文,无论从哪个VTEP进入公网,都经由此Default-MDT转发。Default-MDT是在配置完成后自动生成的,在公网中将会一直存在,而不论公网或私网中有没有实际的组播业务。
· Data-Group(数据组):当某私网组播数据的流量达到或超过阈值时,入口VTEP会为其分配一个独立的组播组,称为Data-Group,并通知其它VTEP使用该组播组在公网内转发该组播数据流量。一个MVXLAN唯一确定一个Data-Group范围以便进行Data-MDT切换。在进行Data-MDT切换时,从Data-Group范围中选取一个被引用最少的地址,从VTEP进入公网、流量达到或超过切换阈值的私网组播报文将使用该地址进行封装。
· Data-MDT(Data-Multicast Distribution Tree,数据组播分发树):以Data-Group为组地址的MDT,称为Data-MDT。下游存在接收者的VTEP加入Data-Group,形成一棵Data-MDT,入口VTEP使用Data-MDT在公网中转发封装后的私网组播数据。
MDT模式即在公网上建立以组播源所在的VTEP为根,组播接收者所在的VTEP为叶的组播分发树,通过单向MVXLAN隧道在公网中沿组播分发树转发组播流量。在MVXLAN组网中,通过MDT模式实现组播流量的最优路径转发。
为了支持MVXLAN,MP-BGP在EVPN地址族新增了如下EVPN路由用于创建MDT:
· Supplementary Broadcast Domain Selective Multicast Ethernet Tag Route:增强型广播域选择性组播以太网标签路由,也叫SBD-SMET路由,包含私网组播源地址和组播组地址信息,用于接收者侧的VTEP通告希望接收某个(*,G)或(S,G)的组播流量。该路由携带VPN实例下配置的RD和VPN实例IPv4地址族下配置的Export target。
· Selective Provider Multicast Service Interface Route:选择性组播业务接口路由,也叫S-PMSI A-D路由,包含私网组播源地址、私网组播组地址、Default-Group或Data-Group地址及MVXLAN源接口地址。主要用于:
¡ 组播源侧VTEP与其所有BGP邻居间建立Default-MDT。
¡ Default-MDT向Data-MDT切换。
该路由携带VPN实例下配置的RD和VPN实例IPv4地址族下配置的Export target。
在MVXLAN网络中,VTEP间会自动创建源为MVXLAN下指定的源接口地址,组地址为Default-Group或Data-Group地址的MVXLAN隧道用于转发三层组播流量。该MVXLAN隧道是由组播源端VTEP指向组播接收者所在VTEP的单向MVXLAN隧道。MVXLAN创建后会自动与MVXLAN实例关联。
公网中运行的组播路由协议可以是PIM-SM或PIM-SSM。在这两种情况下,创建Default-MDT的过程是相同的,且Default-MDT都具有以下特点:
· 网络中所有属于同一个MVXLAN的VTEP都加入该MVXLAN的Default-MDT。
· 所有属于某MVXLAN的私网组播报文进入公网后,均沿该MVXLAN的Default-MDT向各VTEP转发,无论VTEP所连接的Site中是否存在接收者。
图1-2 PIM-SM网络中创建MDT
如图1-2所示,公网中运行PIM-SM,VTEP 1、VTEP 2和VTEP 3都运行MVXLAN。以VTEP 1下的站点作为组播源为例,Default-MDT的创建过程如下:
(1) VTEP 1向VTEP 2和VTEP 3发送携带(*,*)信息的S-PMSI A-D路由给所有BGP邻居,开始创建Default-MDT。
(2) VTEP 2和VTEP 3收到S-PMSI A-D路由后,路由中携带的(*,*)信息会触发VTEP 2和VTEP 3加入组播组,即VTEP 2和VTEP 3根据路由的PMSI Tunnel属性中的组播源和组播组信息(源为VTEP 1上MVXLAN隧道源接口的IP地址,组地址为VTEP 1上配置的Default-group)发送公网PIM加入信息,并在公网沿途建立组播表项,形成以VTEP 1为根,以VTEP 2和VTEP 3为叶的SPT,此SPT就是Default-MDT。
当Default-MDT创建完成后,组播源即可通过Default-MDT将私网组播数据发送给各Site中的接收者。私网组播数据在本地VTEP上进行VXLAN封装并沿Default-MDT传输,在远端VTEP上解封装并继续在私网内传输。
如图1-3所示,网络中运行PIM-SM,属于Site 2的私网组播组G(225.1.1.1)的接收者(Receiver)与VTEP 2相连;属于Site 1的组播源(Source)向G发送组播数据;用于公网组播数据转发的Default-Group为239.1.1.1。私网组播数据跨越公网进行传输的过程如下:
(1) Source发送私网组播数据(192.1.1.1,225.1.1.1)到VTEP 1。
(2) VTEP 1上根据组播报文,在VPN实例中创建(192.1.1.1,225.1.1.1)组播转发表。如果此时Receiver已经向VTEP 2发送IGMP加入信息,VTEP 2会向VTEP 1发送携带(*,G)的SBD-SMET路由,VTEP 1根据路由中的信息对组播报文进行VXLAN封装(外层源地址为MVXLAN的源接口地址,外层组地址为Default-group地址)沿已经创建好的Default-MDT将VXLAN报文发送至所有远端VTEP;如果此时没有接收者,则丢弃组播报文。
(3) VTEP 2收到报文后,解封装VXLAN报文,还原私网组播报文,查找组播转发表将组播报文发送至本地Receiver。至此跨越公网网络的私网组播数据传输完成。
(4) VTEP 3收到报文后,解封装VXLAN报文,还原私网组播报文,发现本地没有接收者,会将组播报文丢弃。
Data-MDT和Default-MDT都是同一个MVXLAN中的转发隧道。Default-MDT由Default-Group唯一确定;Data-MDT则由Data-Group唯一确定。每个Default-Group关联一组Data-Group范围。
在公网中通过Default-MDT传送组播数据时,组播报文被传输到支持同一VPN实例的所有VTEP上,无论该VTEP所连接的Site内是否存在接收者。当私网中组播数据的传输数据比较大时,可能在公网中造成数据的泛滥。这样既浪费网络带宽,又增加了VTEP的处理负担。
为了解决上述问题,MDT模式的MVXLAN支持在连接私网组播接收者和私网组播源的VTEP之间建立专用的Data-MDT,并将组播数据流从Default-MDT切换到Data-MDT,实现按需进行组播数据转发,避免组播流量在公网中泛滥。
Default-MDT向Data-MDT切换的过程如下:
(1) 源端VTEP周期性地检测私网组播数据的转发速率。发起从Default-MDT向Data-MDT的切换必须同时满足以下要求:
¡ 私网组播数据通过了由Default-MDT向Data-MDT切换的ACL规则的过滤;
¡ 私网组播数据的转发速率超过了切换阈值,且维持了一定的时间。
(2) 源端VTEP从配置的Data-Group范围中选取一个引用次数最少的Data-Group地址,并将其通过S-PMSI A-D路由发送至远端VTEP,该路由中包含私网组播源地址、私网组播组地址、源端VTEP上MVXLAN源接口地址、Data-Group地址。
(3) 远端VTEP收到S-PMSI A-D路由消息后,检查本地是否有私网组播流量的接收者:如果有,则回复加入信息加入以组播源所在的VTEP为根的Data-MDT;如果没有,则将该消息缓存起来,等待有接收者时直接回复加入信息加入Data-MDT。
(4) 当组播源端的VTEP发送S-PMSI A-D路由信息一定时间后,该VTEP会停止使用Default-Group地址对私网组播数据进行封装,并改用Data-Group地址进行封装,组播数据沿Data-MDT向下分发。
(5) Default-MDT切换到Data-MDT之后,当某下游VTEP不再连接接收者时,可以通过发送PIM剪枝消息退出Data-MDT。
当私网组播数据切换到Data-MDT之后,由于情况变化导致其不满足切换条件时,组播源所在的VTEP会把此私网组播数据从Data-MDT反向切换回Default-MDT,反向切换的过程与Default-MDT切换为Data-MDT相同,此处不再赘述。只要满足如下条件之一,VTEP就会进行反向切换:
· 私网组播数据转发速率低于指定切换阈值,且维持了一定的时间。
· 更改Data-Group范围后,用于私网组播数据封装的Data-Group不在新的范围之内。
· 控制私网组播数据由Default-MDT向Data-MDT切换的ACL规则发生了变化,私网组播数据不能通过新ACL规则的过滤。
目前,本功能仅支持站点网络和Underlay网络同为IPv4网络。
仅Release 6635及以上版本支持本功能。
组播VXLAN利用分布式聚合功能DRNI(Distributed Resilient Network Interconnect,分布式弹性网络互连)将两台物理设备连接起来虚拟成一台设备,避免设备单点故障对网络造成影响,从而提高组播VXLAN网络的可靠性。DRNI的详细介绍,请参见“二层技术-以太网交换配置指导”中的“DRNI”。
如图1-4所示,在组播VXLAN组网中,VTEP和Border设备均支持分布式聚合,且分布式聚合的VTEP和Border设备均可以连接组播源和组播接收者。
组播VXLAN支持分布式聚合通过IPL链路在组成DR(Distributed Relay,分布式聚合)系统的成员设备间同步组播流量和组播接收者加入请求(IGMP成员关系报告报文或者PIM加入报文),使成员设备上的组播源和组播接收者信息保持一致,形成设备级备份。当一台成员设备发生故障(设备故障、上下行链路故障等)时,组播流量可以由另一台成员设备进行转发,从而避免组播流量转发中断。
如图1-4所示,以VTEP 1和VTEP 2组成的DR系统为例,组播VXLAN支持分布式聚合的工作机制为:
(1) VTEP 1和VTEP 2通过DRNI虚拟成一台设备,拥有相同的虚拟地址,并与其他设备建立以虚拟地址为组播源地址、相同的Default-group为目的地址的MVXLAN隧道。
(2) VTEP 1从Agg2接口接收到组播接收者发送的加入请求后,通过IPL链路将加入请求同步到VTEP 2。
(3) VTEP 1和VTEP 2均根据加入请求建立相应的组播转发表项,并向组播源侧VTEP发送SBD-SMET路由。
(4) VTEP 1从Agg1接口接收到组播源发送的组播流量后,通过IPL链路将组播流量转发至VTEP 2。
(5) 组播流量在VTEP 1和VTEP 2之间采用奇偶原则进行负载分担,即DR系统编号为奇数的成员设备转发组播组地址为奇数的流量,DR系统编号为偶数的成员设备转发组播组地址为偶数的流量。当一台设备发生故障时,另一台设备可以接替其工作,避免流量转发中断。
(6) 如果私网组播数据满足Data-group切换条件,则需要由Default-group向Data-group切换。在组播VXLAN支持分布式聚合组网中,DRNI的主设备(假设为VTEP 1)负责选取Data-group,进行Default-group向Data-group的切换,并通过SBD-SMET路由将选取的Data-group通告给VTEP 2。VTEP 2接收到SBD-SMET路由后,如果路由中通告的Data-group在本地配置的Data-Group范围内,则VTEP 2使用相同的Data-group;否则,VTEP 2自行选择Data-Group。VTEP 2未接收到SBD-SMET路由时,VTEP 1和VTEP 2独立选取Data-group。
组播VXLAN配置任务如下:
(1) 配置EVPN
¡ 创建VSI和VXLAN
¡ 配置AC与VSI关联
¡ 配置EVPN实例
¡ 配置BGP发布EVPN路由
¡ 配置分布式EVPN网关
有关EVPN的配置方法,请参见“EVPN配置指导”中的“EVPN”。
(2) 配置IGMP和IGMP Snooping
¡ 使能VSI虚接口的IGMP功能
¡ 使能IGMP Snooping
¡ 配置IGMP Snooping Proxy
有关IGMP和IGMP Snooping的配置方法,请参见“IP组播配置指导”中的“IGMP”和“IGMP Snooping”。
(3) VTEP公网侧接口配置PIM协议
请至少选择其中一项任务进行配置:
¡ 配置PIM-SM
¡ 配置PIM-SSM
有关PIM协议的配置方法,请参见“IP组播配置指导”中的“PIM”。
(4) 配置MVXLAN
¡ 创建MVXLAN
(1) 进入系统视图。
system-view
(2) 使能VPN实例中的组播路由,并进入该VPN实例的MRIB视图。
multicast routing vpn-instance instance-name
缺省情况下,VPN实例的IP组播路由处于关闭状态。
本命令的具体介绍请参见“IP组播命令参考”中的“组播路由与转发”。
可以在VTEP上创建一个或多个MDT模式MVXLAN实例为不同的VPN或公网实例提供服务。
(1) 进入系统视图。
system-view
(2) 创建MVXLAN实例,并进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(1) 进入系统视图。
system-view
(2) 创建MVXLAN实例,并进入MVXLAN视图。
multicast-vpn vxlan public-instance mode mdt
仅在公网点播者跨VPN接收组播流量的场景中,在连接公网点播者的VTEP上创建公网实例MVXLAN。其他场景下,不要创建公网实例MVXLAN,以避免公私网组播流量转发异常。
VTEP在对私网组播报文进行VXLAN封装时,使用Default-Group作为报文外层目的地址。
不同MVXLAN实例的Default-Group地址不能相同,Default-Group地址不能与Data-Group地址相同,且Default-Group地址不能与VXLAN视图下group命令指定的VXLAN泛洪组播地址相同。group命令的详细介绍,请参见“VXLAN命令参考”中的“VXLAN”。
(1) 进入系统视图。
system-view
(2) 进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 创建MVXLAN IPv4地址族,并进入该地址族视图。
address-family ipv4
(4) 指定Default-Group。
default-group group-address
VTEP在封装私网组播报文时使用MVXLAN的源接口的IP地址作为外层源地址。
MVXLAN源接口必须与建立BGP对等体时所使用的源接口相同,否则将无法获取正确的路由信息。
(1) 进入系统视图。
system-view
(2) 进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 进入MVXLAN地址族视图。
address-family ipv4
(4) 指定MVXLAN源接口。
source interface-type interface-number
缺省情况下,未指定MVXLAN源接口。
为了减少公网流量泛滥,节约带宽,可将Default-MDT切换为Data-MDT,实现组播流量按需转发。在某些情况下,私网组播数据的转发速率会在切换阈值上下震荡。为了避免组播数据流在Default-MDT与Data-MDT之间进行频繁切换,可以指定当转发速率高于阈值后并不立即切换,而是等待Data-Delay时间。如果这段时间内转发速率始终高于阈值,则切换至Data-MDT,否则继续使用Default-MDT进行转发。
同一台设备上,一个MVXLAN的Data-group范围不能包含任何其他MVXLAN的Default-group、不能包含VXLAN视图下group命令指定的VXLAN泛洪组播地址,也不能与其他任何MVXLAN的Data-group范围重叠。group命令的详细介绍,请参见“VXLAN命令参考”中的“VXLAN”。
所有VPN实例共用Data-Group资源,所以不建议在单个VPN实例内把Data-Group的范围配置的过大,否则会导致其他VPN实例无可用Data-Group。
(1) 进入系统视图。
system-view
(2) 进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 进入MVXLAN地址族视图。
address-family ipv4
(4) 配置Data-Group的范围和切换条件。
data-group group-address { mask-length | mask } [ acl acl-number ]
缺省情况下,不存在Data-Group的范围,不会向Data-MDT进行切换。
(5) 配置由Default-MDT向Data-MDT切换的延迟时间。
data-delay delay
缺省情况下,由Default-MDT向Data-MDT切换的延迟时间为3秒。
在EVPN组网中运行组播业务时,需要在分布式EVPN网关的VSI虚接口上执行本命令将VSI虚接口配置为分布式DR接口,从而强制指定自己为DR,用于将组播流量转发至本地站点。
(1) 进入系统视图。
system-view
(2) 进入VSI虚接口视图。
interface vsi-interface interface-number
(3) 将VSI虚接口配置为分布式DR接口。
pim distributed-dr
本功能需要在组播接收者侧VTEP上执行。
执行本配置后,组播接收者侧VTEP可以将某VPN实例的接收者的加入信息通过其它VPN实例发送至组播源,从而实现组播源和组播接收者位于不同VPN网络时的组播流量转发。
基于VPN实例的RPF选路策略,即根据VPN实例判断是否进行跨VPN组播转发。配置该策略后,跨VPN组播转发的机制为:
(1) 组播源侧VTEP接收到组播源发送的组播报文后,为组播报文添加VXLAN头,VXLAN头中携带组播源所在VPN实例的L3VNI。
(2) 组播接收者侧VTEP接收到VXLAN封装的组播报文后,在本地查找L3VNI对应的VPN实例,如果L3VNI对应的VPN实例、组播源地址、组播组地址匹配了RPF选路策略,则根据该RPF策略将组播流量引入到指定的VPN实例。
跨VPN组播转发路由的RPF选路策略需要部署在对称跨VPN组网中,即组播接收者侧VTEP上必须存在组播源所在的VPN实例。
源VPN和接收者VPN必须运行相同的PIM模式,目前支持PIM-SM和PIM-SSM。
采用PIM-SM模式时,推荐使用下面的方式配置跨VPN选路策略:
· 只指定组播源方式:该方式下,必须配置两条选路策略,一条以服务于有跨VPN需求的组播组的RP地址作为源地址,一条以源VPN里的组播源作为源地址。如果存在多个有跨VPN需求的组播组,则推荐单独配置RP服务于这些组播组,同时需要将此RP配置为跨VPN组播路由的RPF选路策略的组播源地址。
· 只指定组播组方式:只需要配置一条指定源VPN中组播组地址的选路策略。
采用PIM-SSM方式时,推荐使用下面的方式配置跨VPN选路策略:一条同时指定源VPN内组播源地址和组播组地址的选路策略。
只支持一次跨VPN组播转发,接收者VPN不能同时作为源VPN,即配置VPN a引入VPN b中流量的跨VPN选路策略后,不能再配置VPN b引入VPN a中流量的跨VPN选路策略。
如果在接收者VPN中配置了跨VPN的IPv4组播路由的RPF选路策略,且该策略只指定了组播组地址,那么该VPN原先相同的VPN实例的组播流量转发将中断。
不同跨VPN策略的组播源地址和组播组地址范围不能完全相同,但是可以有重叠。若对于同一个(S,G)表项,存在多条匹配的选路策略,则按照最长匹配进行选择:
· 选择组地址掩码匹配最长的选路策略。
· 如果组地址掩码相同,则选择源地址掩码匹配最长的选路策略。
(1) 进入系统视图。
system-view
(2) 进入MRIB实例视图。
multicast routing [ vpn-instance vpn-instance-name ]
(3) 配置VPN的IPv4组播路由的RPF选路策略。
multicast extranet select-rpf [ vpn-instance vpn-instance-name ] { source source-address { mask | mask-length } | group group-address { mask | mask-length } } *
在两台VTEP(或Border)设备上均指定采用源接口的地址作为DR系统的虚拟地址,并为VTEP(或Border)设备配置相同的源接口地址后,这两台设备将虚拟成为一台设备。该设备采用虚拟地址作为组播源地址与远端设备建立MVXLAN隧道,从而避免设备单点故障对网络造成影响。
仅Release 6635及以上版本支持配置本功能。
设备上需要同时使能二层组播和三层组播功能,组播VXLAN支持分布式聚合功能才能生效。
组播VXLAN支持分布式聚合功能不能应用在如下场景:
· 暂不支持单挂AC(AC仅连接到DR系统中的一台成员设备)接入。
· 仅支持以太网聚合链路作为IPL,暂不支持VXLAN隧道作为IPL。
· VTEP设备之间、VTEP与Border设备之间暂不支持采用DRNI方式聚合接入。
仅支持根据组播目的地址、基于奇偶原则在成员设备之间进行组播流量的负载分担,不支持基于组播源地址进行负载分担。
当IPL链路发生故障时,DR系统中的成员设备会将MVXLAN隧道的源地址由虚拟地址转换为各自的本地地址,且不再进行Data-group切换,只沿Default-group转发流量。此时,成员设备之间不再进行组播流量的负载分担,成员设备转发所有接收到的组播流量。当IPL链路恢复后,MVXLAN隧道的源地址由本地地址切换为虚拟地址,满足条件的情况下会进行Data-group切换。此时,成员设备之间会进行组播流量的负载分担。
本配置与系统视图下的EVPN支持分布式聚合配置之间存在如下关系:
· 执行本配置的同时,需要执行evpn drni group命令开启EVPN的分布式聚合模式并配置虚拟VTEP/ED地址,且该地址必须与MVXLAN源接口的地址相同。
· 既可以通过MVXLAN地址族视图下的drni local命令配置本地和远端的IP地址,该配置仅对当前MVXLAN网络生效。也可以在系统视图下通过evpn drni local命令配置本地和远端的IP地址,该配置对所有MVXLAN网络生效。如果同时执行二者,则对于某一个MVXLAN网络,以该MVXLAN网络对应MVXLAN地址族视图下的配置为准。
(1) 进入系统视图。
system-view
(2) 进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 进入MVXLAN地址族视图。
address-family ipv4
(4) 配置组成DR系统的本地IP地址和远端IP地址。
drni local local-ipv4-address remote remote-ipv4-address
缺省情况下,未指定组成DR系统的本地IP地址和远端IP地址。
(5) 指定MVXLAN源接口,并指定虚拟地址为源接口的地址。
source interface-type interface-number evpn-drni-group
缺省情况下,未指定MVXLAN源接口。
在完成上述配置后,在任意视图下执行display命令可以显示配置后的MVXLAN的运行情况,通过查看显示信息验证配置的效果。
表2-1 MVXLAN显示和维护
|
命令 |
|
|
显示MVXLAN接收报文中的Data-Group信息 |
display multicast-vpn vxlan { vpn-instance instance-name | public-instance } data-group receive [ brief | [ active | group group-address | sender source-address | vpn-source-address [ mask { mask-length | mask } ] | vpn-group-address [ mask { mask-length | mask } ] ] * ] |
|
显示MVXLAN发送报文中的Data-Group信息 |
display multicast-vpn vxlan { vpn-instance instance-name | public-instance } data-group send [ group group-address | vpn-source-address [ mask { mask-length | mask } ] | vpn-group-address [ mask { mask-length | mask } ] ] * |
|
显示MVXLAN报文的Default-Group的信息 |
display multicast-vpn vxlan [ vpn-instance instance-name | public-instance ] default-group { local | remote } |
Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。
虚拟机VM 1为组播源,其余VM为组播接收者,VM1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。VM 2、VM 3和VM 4均可通过分布式EVPN接收组播组225.0.0.0的组播流量。
图2-1 相同VPN内MVXLAN三层组播互通配置举例
(1) 配置设备的硬件资源模式
# 配置Switch A、Switch B和Switch C工作的硬件资源模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建VLAN接口11并进入视图。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Twenty-FiveGigE1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# 在接入服务器的接口Twenty-FiveGigE1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] pim distributed-dr
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 25
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(4) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 创建VLAN接口12并进入视图。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接口Twenty-FiveGigE1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000]encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# 在接口Twenty-FiveGigE1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/1] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] source loopback 0
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 12.12.12.12
[SwitchB-pim-vpna] c-rp 12.12.12.12
[SwitchB-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
(5) 配置Switch C
# 开启L2VPN能力,使能IP组播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VLAN接口13并进入视图。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置L3 VNI的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN实例vpna中的IP组播路由。
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] source loopback 0
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 12.12.12.12
[SwitchC-pim-vpna] c-rp 12.12.12.12
[SwitchC-pim-vpna] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100
# 将缺省路由引入到VPN实例vpna的BGP IPv4单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpna] default-route imported
[SwitchC-bgp-default-ipv4-vpna] import-route static
[SwitchC-bgp-default-ipv4-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# 配置连接广域网的接口Twenty-FiveGigE1/0/2与VPN实例vpna关联。
[SwitchC] interface twenty-fivegige 1/0/2
[SwitchC-Twenty-FiveGigE1/0/2] ip binding vpn-instance vpna
[SwitchC-Twenty-FiveGigE1/0/2] ip address 20.1.1.3 24
[SwitchC-Twenty-FiveGigE1/0/2] pim sm
[SwitchC-Twenty-FiveGigE1/0/2] quit
(6) 配置Switch D
# 使能IP组播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D与其他交换机建立BGP连接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的组播路由信息。
# 查看Swich A上VPN实例vpna的组播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# 查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:16:34, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:08:52
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:15:34, Expires: 00:03:11
(2) 查看Switch B的组播路由信息。
# 查看Switch B的VPN实例vpna的组播路由信息。
<SwitchB> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 05:04:06
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: igmp, UpTime: 05:04:06, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ FRTNL
UpTime: 01:57:12
Upstream interface: Multicast-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 01:57:12, Expires: -
# 查看Switch B公网的路由信息。
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 01:59:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: Multicast-UPE0
Protocol: MD, UpTime: 01:59:46, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT
UpTime: 01:58:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: Multicast-UPE0
Protocol: MD, UpTime: 01:58:46, Expires: -
Switch A、Switch B、Switch C为分布式EVPN网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1为组播源,VM 2、VM 3为组播接收者。VM 1属于VXLAN 10,位于VPN实例vpna;VM 2属于VXLAN 20,位于VPN实例vpnb;VM 3属于VXLAN 30,位于公网。通过MVXLAN和公私网互通配置,保证VM 1和VM 2之间互通(私网之间互通),VM 1和VM 3之间互通(公私网互通)。
图2-2 MVXLAN三层组播公私网互通配置举例
仅Release 6635及以上版本支持配置本举例。
(1) 配置设备的硬件资源模式
# 配置Switch A、Switch B和Switch C工作的硬件资源模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1上指定网关地址为10.1.1.1;在VM 2上指定网关地址为10.1.2.1;在VM 3上指定网关地址为10.1.3.1。(具体配置过程略)
# 请按照图2-2配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建VLAN接口11并进入接口视图。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 1的数据帧。
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 1
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-GigabitEthernet1/0/1-srv1000] quit
[SwitchA-GigabitEthernet1/0/1] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN,并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.2.0.0
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.2.0.0 24
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 11.11.11.11 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 11.11.11.11
[SwitchA-pim-vpna] c-rp 11.11.11.11
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
(4) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 创建VLAN接口12并进入接口视图。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接口GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpnb关联。
[SwitchB-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-GigabitEthernet1/0/1] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 1:1
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 2:2
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface1] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 2-2-2
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置L3VNI为1000,用来匹配从Switch A接收的流量。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpnb
[SwitchB-LoopBack1] ip address 22.22.22.22 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 使能VPN实例vpna的IP组播路由功能,并配置将公网实例的流量引入到VPN实例vpnb中。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf source 10.1.1.0 24
[SwitchB-mrib-vpnb] multicast extranet select-rpf source 22.22.22.0 24
[SwitchB-mrib-vpnb] quit
# 创建VPN实例vpnb的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchB-mvxlan-vpnb] address-family ipv4
[SwitchB-mvxlan-vpnb-ipv4] source loopback 0
[SwitchB-mvxlan-vpnb-ipv4] quit
[SwitchB-mvxlan-vpnb] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpnb的C-BSR和C-RP。
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 22.22.22.22
[SwitchB-pim-vpnb] c-rp 22.22.22.22
[SwitchB-pim-vpnb] quit
# 创建接口LoopBack2,并配置LoopBack2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip address 23.23.23.23 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 创建一个编号为2000的IPv4基本ACL,并进入其视图。仅允许来自225.0.0.0/8网段的报文通过,而拒绝来自所有其它网段的报文通过。
[SwitchB] acl basic 2000
[SwitchB-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchB-acl-ipv4-basic-2000] quit
# 进入公网PIM视图,并将接口LoopBack2配置为公网实例的C-RP。
[SwitchB] pim
[SwitchB-pim] c-rp 23.23.23.23 group-policy 2000
[SwitchB-pim] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 1
[SwitchB-vsi-vpnb] quit
(5) 配置Switch C
# 开启L2VPN能力,使能IP组播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VLAN接口13并进入视图。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 在VSI实例vpnc下创建EVPN实例。
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] evpn encapsulation vxlan
[SwitchC-vsi-vpnc-evpn-vxlan] quit
# 在VSI vpnc内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchC-vsi-vpnc] igmp-snooping enable
[SwitchC-vsi-vpnc] igmp-snooping proxy enable
# 创建VXLAN 30。
[SwitchC-vsi-vpnc] vxlan 30
[SwitchC-vsi-vpnc-vxlan-30] quit
[SwitchC-vsi-vpnc] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 在接口GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchC] interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] service-instance 1000
[SwitchC-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpnc关联。
[SwitchC-GigabitEthernet1/0/1-srv1000] xconnect vsi vpnc
[SwitchC-GigabitEthernet1/0/1-srv1000] quit
[SwitchC-GigabitEthernet1/0/1] quit
# 配置公网实例的RD和RT。
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 1:1
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance-ipv4] vpn-target 2:2
[SwitchC-public-instance-ipv4] quit
[SwitchC-vpn-instance] address-family evpn
[SwitchC-public-instance-evpn] vpn-target 1:1
[SwitchC-public-instance-evpn] quit
[SwitchC-public-instance] quit
# 创建公网实例的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan public-instance mode mdt
[SwitchC-mvxlan-public-instance] address-family ipv4
[SwitchC-mvxlan-public-instance-ipv4] source loopback 0
[SwitchC-mvxlan-public-instance-ipv4] quit
[SwitchC-mvxlan-public-instance] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] pim distributed-dr
[SwitchC-Vsi-interface1] ip address 10.1.3.1 255.255.255.0
[SwitchC-Vsi-interface1] igmp enable
[SwitchC-Vsi-interface1] mac-address 3-3-3
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置L3VNI为1000,用来匹配Switch A接收的路由。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip address 33.33.33.33 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 创建一个编号为2000的IPv4基本ACL,并进入其视图。仅允许来自225.0.0.0/8网段的报文通过,而拒绝来自所有其它网段的报文通过。
[SwitchC] acl basic 2000
[SwitchC-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchC-acl-ipv4-basic-2000] quit
# 进入公网PIM视图,并将接口LoopBack1配置为公网实例的C-RP。
[SwitchC] pim
[SwitchC-pim] c-rp 33.33.33.33 group-policy 2000
[SwitchC-pim] quit
# 配置VXLAN 30所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] gateway vsi-interface 1
[SwitchC-vsi-vpnc] quit
(6) 配置Switch D
# 使能IP组播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 进入公网实例的PIM视图,并将接口LoopBack0配置为Underlay公网的C-BSR和C-RP。
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D与其他交换机建立BGP连接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的路由信息。
# 查看Switch A上公网实例的路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:16:34, Expires: 00:03:08
(1.1.1.1, 239.2.0.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:08:52
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:15:34, Expires: 00:03:11
# 查看SwitchA上VPN实例vpna的路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 11.11.11.11 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 11.11.11.11 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
(2) 查看Switch B的路由信息。
# 查看Switch B上公网实例的路由信息。
<SwitchB> display pim routing-table
Total 1 (*, G) entries; 3 (S, G) entries
(*, 225.0.0.0)
RP: 22.22.22.22 (local)
Protocol: pim-sm, Flag: WC
UpTime: 00:01:24
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 00:01:32, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 22.22.22.22 (local)
Protocol: pim-sm, Flag: SPT ACT 2MVPN FRTNL
UpTime: 00:00:39
Upstream interface: Multicast-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 00:01:32, Expires: -
(1.1.1.1, 236.2.0.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 01:58:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: Multicast-UPE0
Protocol: MD, UpTime: 01:59:16, Expires: -
(1.1.1.1, 239.2.0.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT
UpTime: 01:58:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: Multicast-UPE0
Protocol: MD, UpTime: 01:58:46, Expires: -
# 查看SwitchB上VPN实例vpnb的路由信息。
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 22.22.22.22 (local)
Protocol: pim-sm, Flag: WC
UpTime: 00:01:24
Upstream interface: Extranet (VPN: public net)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: igmp, UpTime: 00:01:24, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 22.22.22.22 (local)
Protocol: pim-sm, Flag: SPT ACT 2MVPN FRTNL
UpTime: 00:00:39
Upstream interface: Extranet (VPN: public net)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:00:39, Expires: -
(3) 查看Switch C的路由信息。
# 查看Switch C上公网实例的路由信息。
<SwitchC> display pim routing-table
Total 1 (*, G) entries; 3 (S, G) entries
(*, 225.0.0.0)
RP: 33.33.33.33 (local)
Protocol: pim-sm, Flag: WC
UpTime: 00:01:13
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: igmp, UpTime: 00:01:13, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 33.33.33.33 (local)
Protocol: pim-sm, Flag: SPT ACT RQ FRTNL
UpTime: 00:00:52
Upstream interface: Multicast-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:00:52, Expires: -
(1.1.1.1, 236.2.0.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 00:00:30
Upstream interface: Vlan-interface13
Upstream neighbor: 13.1.1.4
RPF prime neighbor: 13.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: Multicast-UPE0
Protocol: MD, UpTime: 01:59:16, Expires: -
(1.1.1.1, 239.2.0.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT
UpTime: 00:00:30
Upstream interface: Vlan-interface13
Upstream neighbor: 13.1.1.4
RPF prime neighbor: 13.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: Multicast-UPE0
Protocol: MD, UpTime: 01:58:56, Expires: -
Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。
虚拟机VM 1为组播源,其余VM为组播接收者。VM 1和VM 2属于VPN实例vpna,VM 3属于公网,VM 4属于VPN实例vpnb。VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。
图2-3 存在公网接收者跨VPN组网MVXLAN三层组播互通配置举例
接收者侧VTEP上同时存在公网加入和私网加入,公网加入不需要配置跨VPN策略,但是私网加入必须配置不带l3-vni参数和vpn-instance参数的跨VPN策略。
(1) 配置设备的硬件资源模式
# 配置Switch A、Switch B和Switch C工作的硬件资源模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 在VM 1和VM 2上指定网关地址为10.1.1.1;在VM 3和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建VLAN接口11并进入视图。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 创建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 创建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1为Trunk端口,允许VLAN 2、3通过。
[SwitchA] interface twenty-fivegige 1/0/1
[SwitchA-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchA-Twenty-FiveGigE1/0/1] port trunk permit vlan 2 3
# 在接入服务器的接口Twenty-FiveGigE1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Twenty-FiveGigE1/0/1-srv1000] quit
# 在接入服务器的接口Twenty-FiveGigE1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Twenty-FiveGigE1/0/1] service-instance 2000
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Twenty-FiveGigE1/0/1-srv2000] quit
[SwitchA-Twenty-FiveGigE1/0/1] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 25
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpna的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(4) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 创建VLAN接口12并进入视图。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 创建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 创建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Twenty-FiveGigE1/0/1为Trunk端口,允许VLAN 2通过。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/1] port trunk permit vlan 2
# 在接口Twenty-FiveGigE1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface twenty-fivegige 1/0/1
[SwitchB-Twenty-FiveGigE1/0/1] service-instance 1000
[SwitchB-Twenty-FiveGigE1/0/1-srv1000]encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Twenty-FiveGigE1/0/1-srv1000] quit
# 配置端口Twenty-FiveGigE1/0/2为Trunk端口,允许VLAN 3通过。
[SwitchB] interface twenty-fivegige 1/0/2
[SwitchB-Twenty-FiveGigE1/0/2] port link-type trunk
[SwitchB-Twenty-FiveGigE1/0/2] port trunk permit vlan 3
# 在接口Twenty-FiveGigE1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB-Twenty-FiveGigE1/0/2] service-instance 2000
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Twenty-FiveGigE1/0/2-srv2000] quit
[SwitchB-Twenty-FiveGigE1/0/2] quit
# 配置VPN实例vpnb 的L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 1:1
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置公网实例的RD和RT。
[SwitchB] ip public-instance
[SwitchB-public-instance] route-distinguisher 2:2
[SwitchB-public-instance] address-family ipv4
[SwitchB-public-instance-ipv4] vpn-target 1:1
[SwitchB-public-instance-ipv4] quit
[SwitchB-public-instance] address-family evpn
[SwitchB-public-instance-evpn] vpn-target 1:1
[SwitchB-public-instance-evpn] quit
[SwitchB-public-instance] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface4,在该接口上配置公网实例对应的L3VNI为1000。
[SwitchB] interface vsi-interface 4
[SwitchB-Vsi-interface4] l3-vni 1000
[SwitchB-Vsi-interface4] pim sm
[SwitchB-Vsi-interface4] quit
# 使能VPN实例vpnb的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# 创建VPN实例vpnb的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchB-mvxlan-vpnb] address-family ipv4
[SwitchB-mvxlan-vpnb-ipv4] source loopback 0
[SwitchB-mvxlan-vpnb-ipv4] quit
[SwitchB-mvxlan-vpnb] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpnb
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 进入VPN实例vpnb的PIM视图,并将接口LoopBack1配置为VPN实例vpnb的C-BSR和C-RP,并配置C-RP策略。
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 12.12.12.12
[SwitchB-pim-vpnb] c-rp 12.12.12.12
[SwitchB-pim-vpnb] quit
# 创建接口LoopBack2,并配置LoopBack2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 创建一个编号为2000的IPv4基本ACL,并进入其视图。仅允许来自225.0.0.0/8网段的报文通过,而拒绝来自所有其它网段的报文通过。
[SwitchB-acl-ipv4-basic-2000] acl basic 2000
[SwitchB-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchB-acl-ipv4-basic-2000] quit
# 进入公网实例的PIM视图,并将接口LoopBack2配置为公网实例的C-BSR和C-RP,并配置C-RP策略。
[SwitchB] pim
[SwitchB-pim] c-bsr 13.13.13.13
[SwitchB-pim] c-rp 13.13.13.13 group-policy 2000
[SwitchB-pim] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpnc
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnc
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 在VPN实例vpnb中配置跨VPN策略,将流量引入到公网和VPN实例vpnb中。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf group 225.0.0.0 16
(5) 配置Switch C
# 开启L2VPN能力,使能IP组播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VLAN接口13并进入视图。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置公网实例的RD和RT。
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 1:1
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance] vpn-target 1:1
[SwitchC-public-instance] quit
[SwitchC-public-instance] address-family evpn
[SwitchC-public-instance] vpn-target 1:1
[SwitchC-public-instance] quit
[SwitchC-public-instance] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置公网实例对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 创建公网实例的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan public-instance mode mdt
[SwitchC-mvxlan-public-instance] address-family ipv4
[SwitchC-mvxlan-public-instance-ipv4] source loopback 0
[SwitchC-mvxlan-public-instance-ipv4] quit
[SwitchC-mvxlan-public-instance] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 创建一个编号为2000的IPv4基本ACL,并进入其视图。仅允许来自225.0.0.0/8网段的报文通过,而拒绝来自所有其它网段的报文通过。
[SwitchB-acl-ipv4-basic-2000] acl basic 2000
[SwitchB-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchB-acl-ipv4-basic-2000] qui
# 进入公网实例的PIM视图,并将接口LoopBack1配置为公网实例的C-BSR和C-RP
[SwitchC] pim
[SwitchC-pim] c-bsr 12.12.12.12
[SwitchC-pim] c-rp 12.12.12.12 group-policy 2000
[SwitchC-pim] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。
[SwitchC] ip route-static 0.0.0.0 0 20.1.1.100
# 将缺省路由引入到公网实例的BGP IPv4单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4] default-route imported
[SwitchC-bgp-default-ipv4] import-route static
[SwitchC-bgp-default-ipv4] quit
[SwitchC-bgp-default] quit
# 创建VLAN接口20并进入视图。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置连接广域网的接口Vlan-interface 20与公网实例关联。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
(6) 配置Switch D
# 使能IP组播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D与其他交换机建立BGP连接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的组播路由信息。
# 查看Swich A上VPN实例vpna的组播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 02:56:31
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:31, Expires: -
# 查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:09:50, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:55:31
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 02:55:28, Expires: 00:03:11
(2) 查看Switch B的组播路由信息。
# 查看Switch B的VPN实例vpnb的组播路由信息。
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:35
Upstream interface: Extranet (public instance)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 11: Vsi-interface2
Protocol: igmp, UpTime: 02:56:35, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:56:31
Upstream interface: Extranet (public instance)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1 1: Vsi-interface2
Protocol: igmp, UpTime: 02:56:31, Expires: -
# 查看Switch B公网的路由信息。
<SwitchB> display pim routing-table
Total 1 (*, G) entries; 3 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface 1
Protocol: igmp, UpTime: 02:56:31, Expires: -
2: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 02:56:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:56:30
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface 1
Protocol: igmp, UpTime: 02:56:31, Expires: -
2: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 02:56:31, Expires: -
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 03:00:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:00:46, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 02:56:31
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 02:56:31, Expires: -
在组播VXLAN组网中,连接组播源和组播接收者的分布式EVPN网关、Border上均配置DRNI,以提高网络的可靠性。具体需求如下:
· Switch A和Switch B连接组播源Source 1。采用DRNI将Switch A和Switch B虚拟成一台设备,作为分布式EVPN网关。
· Switch C和Switch D连接组播接收者Receiver 1。采用DRNI将Switch C和Switch D虚拟成一台设备,作为分布式EVPN网关。
· Switch E和Switch F连接组播接收者Receiver 2。采用DRNI将Switch E和Switch F虚拟成一台设备,作为与广域网连接的边界网关设备Border,同时作为反射器在交换机之间反射路由。
· 所有DR系统均采用以太网聚合链路作为IPL。
· 各台设备上均使能IGMP Snooping功能,用于建立组播转发表项。
· 在各设备的公网接口上配置PIM-SM。
· 组播源Source 1、组播接收者Receiver 1、组播接收者Receiver 2均属于VXLAN 10。Receiver 1和Receiver 2可以接收Source 1发送的组播流量。
图2-4 组播VXLAN分布式聚合组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Switch A |
Loop0 |
1.1.1.1/32 |
Switch B |
Loop0 |
2.2.2.2/32 |
|
|
Loop1 |
1.2.3.4/32 |
|
Loop1 |
1.2.3.4/32 |
|
|
Loop2 |
1.2.3.4/32 |
|
Loop2 |
1.2.3.4/32 |
|
|
Vlan-int2 |
192.168.1.1/24 |
|
Vlan-int2 |
192.168.1.2/24 |
|
|
Vlan-int3 |
30.1.1.1/24 |
|
Vlan-int5 |
50.1.1.2/24 |
|
|
Vlan-int4 |
40.1.1.1/24 |
|
Vlan-int6 |
60.1.1.2/24 |
|
Switch C |
Loop0 |
3.3.3.3/32 |
Switch D |
Loop0 |
4.4.4.4/32 |
|
|
Loop1 |
1.2.3.6/32 |
|
Loop1 |
1.2.3.6/32 |
|
|
Loop2 |
1.2.3.6/32 |
|
Loop2 |
1.2.3.6/32 |
|
|
Vlan-int7 |
70.1.1.3/24 |
|
Vlan-int9 |
90.1.1.4/24 |
|
|
Vlan-int8 |
80.1.1.3/24 |
|
Vlan-int10 |
100.1.1.4/24 |
|
|
Vlan-int12 |
192.168.3.1/24 |
|
Vlan-int12 |
192.168.3.2/24 |
|
Switch E |
Loop0 |
5.5.5.5/32 |
Switch F |
Loop0 |
6.6.6.6/32 |
|
|
Loop1 |
1.2.3.5/32 |
|
Loop1 |
1.2.3.5/32 |
|
|
Loop2 |
1.2.3.5/32 |
|
Loop2 |
1.2.3.5/32 |
|
|
Vlan-int3 |
30.1.1.5/24 |
|
Vlan-int4 |
40.1.1.6/24 |
|
|
Vlan-int5 |
50.1.1.5/24 |
|
Vlan-int6 |
60.1.1.6/24 |
|
|
Vlan-int7 |
70.1.1.5/24 |
|
Vlan-int8 |
80.1.1.6/24 |
|
|
Vlan-int9 |
90.1.1.5/24 |
|
Vlan-int10 |
100.1.1.6/24 |
|
|
Vlan-int11 |
192.168.4.1/24 |
|
Vlan-int11 |
192.168.4.2/24 |
仅Release 6635及以上版本支持配置本举例。
(1) 配置设备的硬件资源模式
# 配置Switch A、Switch B、Switch C、Switch D、Switch E和Switch F工作的硬件资源模式,并重启设备。以Switch A为例,其他设备的配置方法与此相同。
[SwitchA] hardware-resource vxlan l3gw
Do you want to change the specified hardware resource working mode? [Y/N]:y
The hardware resource working mode is changed, please save the configuration and
reboot the system to make it effective.
[SwitchA] quit
<SwitchA> reboot
Start to check configuration with next startup configuration file, please wait..
.......DONE!
Current configuration may be lost after the reboot, save current configuration?
[Y/N]:y
This command will reboot the device. Continue? [Y/N]:y
(2) 配置IP地址和单播路由协议
# 配置各接口的IP地址和子网掩码。(具体配置过程略)
# 在IP核心网络内配置OSPF协议,发布各接口IP地址(包括Loopback接口的IP地址)对应网段的路由,确保设备之间路由可达。(具体配置过程略)
(3) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchA] evpn drni group 1.2.3.4
# 配置组成DR系统的本地和远端VTEP的IPv4地址。
[SwitchA] evpn drni local 1.1.1.1 remote 2.2.2.2
# 使能IP组播路由。
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 5.5.5.5 as-number 200
[SwitchA-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchA-bgp-default] peer 6.6.6.6 as-number 200
[SwitchA-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchA-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip address 1.2.3.4 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] ospf 1 area 0
[SwitchA-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchA] interface loopback 2
[SwitchA-LoopBack2] ip binding vpn-instance vpna
[SwitchA-LoopBack2] ip address 1.2.3.4 32
[SwitchA-LoopBack2] pim sm
[SwitchA-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 1 evpn-drni-group
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.0.1 24
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 1.2.3.4
[SwitchA-pim-vpna] c-rp 1.2.3.4
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 创建DR聚合口。
[SwitchA] interface bridge-aggregation 21
[SwitchA-Bridge-Aggregation21] port link-type trunk
[SwitchA-Bridge-Aggregation21] port trunk permit vlan 1 20 to 29 [SwitchA-Bridge-Aggregation21] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation21] port drni group 1
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation21] service-instance 100
[SwitchA-Bridge-Aggregation21-srv100] encapsulation s-vid 21
[SwitchA-Bridge-Aggregation21-srv100] xconnect vsi vpna
[SwitchA-Bridge-Aggregation21-srv100] quit
# 将二层以太网接口加入DR聚合口。
[SwitchA] interface gigabitethernet 1/0/1
[SwitchA-GigabitEthernet1/0/1] port link-aggregation group 1
[SwitchA-GigabitEthernet1/0/1] quit
# 配置以太网链路聚合接口作为IPL。
[SwitchA] interface bridge-aggregation 9
[SwitchA-Bridge-Aggregation9] port link-type trunk
[SwitchA-Bridge-Aggregation9] port trunk permit vlan all
[SwitchA-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation9] port drni intra-portal-port 1
[SwitchA-Bridge-Aggregation9] quit
# 将二层以太网接口加入IPL聚合口。
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchA-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为DRNI保留接口。
[SwitchA] drni mad exclude interface gigabitethernet 1/0/3
# 配置DRNI系统。
[SwitchA] drni restore-delay 180
[SwitchA] drni system-mac 1-1-1
[SwitchA] drni system-number 1
[SwitchA] drni system-priority 10
[SwitchA] drni keepalive ip destination 192.168.1.2 source 192.168.1.1
(4) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchB] evpn drni group 1.2.3.4
#配置组成DR系统的本地和远端VTEP的IPv4地址。
[SwitchB] evpn drni local 2.2.2.2 remote 1.1.1.1
# 使能IP组播路由。
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 5.5.5.5 as-number 200
[SwitchB-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchB-bgp-default] peer 6.6.6.6 as-number 200
[SwitchB-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchB-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] pim distributed-dr
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip address 1.2.3.4 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] ospf 1 area 0
[SwitchB-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpna
[SwitchB-LoopBack2] ip address 1.2.3.4 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchB-mvxlan-vpna-ipv4] source loopback 1 evpn-drni-group
[SwitchB-mvxlan-vpna-ipv4] data-group 239.0.0.1 24
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 1.2.3.4
[SwitchB-pim-vpna] c-rp 1.2.3.4
[SwitchB-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 创建DR聚合口。
[SwitchB] interface bridge-aggregation 21
[SwitchB-Bridge-Aggregation21] port link-type trunk
[SwitchB-Bridge-Aggregation21] port trunk permit vlan 1 20 to 29
[SwitchB-Bridge-Aggregation21] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation21] port drni group 1
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation21] service-instance 100
[SwitchB-Bridge-Aggregation21-srv100] encapsulation s-vid 21
[SwitchB-Bridge-Aggregation21-srv100] xconnect vsi vpna
[SwitchB-Bridge-Aggregation21-srv100] quit
# 将二层以太网接口加入DR聚合口。
[SwitchB] interface gigabitethernet 1/0/1
[SwitchB-GigabitEthernet1/0/1] port link-aggregation group 1
[SwitchB-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为IPL。
[SwitchB] interface bridge-aggregation 9
[SwitchB-Bridge-Aggregation9] port link-type trunk
[SwitchB-Bridge-Aggregation9] port trunk permit vlan all
[SwitchB-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation9] port drni intra-portal-port 1
[SwitchB-Bridge-Aggregation9] quit
# 将二层以太网接口加入IPL聚合口。
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchB-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为DRNI保留接口。
[SwitchB] drni mad exclude interface gigabitethernet 1/0/3
# 配置DRNI系统。
[SwitchB] drni restore-delay 180
[SwitchB] drni system-mac 1-1-1
[SwitchB] drni system-number 2
[SwitchB] drni system-priority 10
[SwitchB] drni keepalive ip destination 192.168.1.1 source 192.168.1.2
(5) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.6。
[SwitchC] evpn drni group 1.2.3.6
#配置组成DR系统的本地和远端VTEP的IPv4地址。
[SwitchC] evpn drni local 3.3.3.3 remote 4.4.4.4
# 使能IP组播路由。
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchC-vsi-vpna] igmp-snooping enable
[SwitchC-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 6.6.6.6 as-number 200
[SwitchC-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchC-bgp-default] peer 5.5.5.5 as-number 200
[SwitchC-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchC-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] pim sm
[SwitchC-Vsi-interface1] igmp enable
[SwitchC-Vsi-interface1] pim distributed-dr
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 3.3.3.3 32
[SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] ospf 1 area 0
[SwitchC-LoopBack1] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip address 1.2.3.6 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] ospf 1 area 0
[SwitchC-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchB] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpna
[SwitchC-LoopBack2] ip address 1.2.3.6 255.255.255.255
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchC-mvxlan-vpna-ipv4] source loopback 1 evpn-drni-group
[SwitchC-mvxlan-vpna-ipv4] data-group 239.0.1.0 24
[SwitchC-mvxlan-vpna-ipv4] drni local 3.3.3.3 remote 4.4.4.4
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 1.2.3.6
[SwitchC-pim-vpna] c-rp 1.2.3.6
[SwitchC-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 创建DR聚合口。
[SwitchC] interface bridge-aggregation 17
[SwitchC-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation17] port drni group 17
# 配置以太网服务实例20与VSI实例vpna关联。
[SwitchC-Bridge-Aggregation17] service-instance 20
[SwitchC-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchC-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchC-Bridge-Aggregation17-srv20] quit
# 将二层以太网接口加入DR聚合口。
[SwitchC]interface gigabitethernet 1/0/1
[SwitchC-GigabitEthernet1/0/1] port link-aggregation group 17
[SwitchC-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为IPL。
[SwitchC] interface bridge-aggregation 9
[SwitchC-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation9] port drni intra-portal-port 1
[SwitchC-Bridge-Aggregation9] quit
# 将二层以太网接口加入IPL聚合口。
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-aggregation group 9
# 将keeplive链路配置为DRNI保留接口。
[SwitchC] drni mad exclude interface gigabitethernet 1/0/3
# 配置DRNI系统。
[SwitchC] drni restore-delay 180
[SwitchC] drni system-mac 2-2-2
[SwitchC] drni system-number 1
[SwitchC] drni system-priority 10
[SwitchC] drni keepalive ip destination 192.168.3.2 source 192.168.3.1
# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。
[SwitchC] interface bridge-aggregation 17
[SwitchC-Bridge-Aggregation17] port link-type trunk
[SwitchC-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchC-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchC-Bridge-Aggregation17] quit
# 配置IPP口为Trunk端口,允许所有的VLAN通过。
[SwitchC] interface bridge-aggregation 9
[SwitchC-Bridge-Aggregation9] port link-type trunk
[SwitchC-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchC-Bridge-Aggregation9] port trunk permit vlan all
[SwitchC-Bridge-Aggregation9] quit
(6) 配置Switch D
# 开启L2VPN能力。
<SwitchD> system-view
[SwitchD] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.6。
[SwitchD] evpn drni group 1.2.3.6
#配置组成DR系统的本地和远端VTEP的IPv4地址。
[SwitchD] evpn drni local 4.4.4.4 remote 3.3.3.3
# 使能IP组播路由。
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchD-vsi-vpna] igmp-snooping enable
[SwitchD-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 6.6.6.6 as-number 200
[SwitchD-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchD-bgp-default] peer 5.5.5.5 as-number 200
[SwitchD-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchD-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 1:1
[SwitchD-vpn-instance-vpna] address-family ipv4
[SwitchD-vpn-ipv4-vpna] vpn-target 2:2
[SwitchD-vpn-ipv4-vpna] quit
[SwitchD-vpn-instance-vpna] address-family evpn
[SwitchD-vpn-evpn-vpna] vpn-target 1:1
[SwitchD-vpn-evpn-vpna] quit
[SwitchD-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpna
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] pim sm
[SwitchD-Vsi-interface1] igmp enable
[SwitchD-Vsi-interface1] pim distributed-dr
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] local-proxy-arp enable
[SwitchD-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpna
[SwitchD-Vsi-interface3] l3-vni 1000
[SwitchD-Vsi-interface3] pim sm
[SwitchD-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchD] multicast routing vpn-instance vpna
[SwitchD-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 4.4.4.4 32
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] ospf 1 area 0
[SwitchD-LoopBack1] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip address 1.2.3.6 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] ospf 1 area 0
[SwitchD-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip binding vpn-instance vpna
[SwitchD-LoopBack2] ip address 1.2.3.6 255.255.255.255
[SwitchD-LoopBack2] pim sm
[SwitchD-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchD] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchD-mvxlan-vpna] address-family ipv4
[SwitchD-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchD-mvxlan-vpna-ipv4] source loopback 1 evpn-drni-group
[SwitchD-mvxlan-vpna-ipv4] data-group 239.0.1.0 24
[SwitchD-mvxlan-vpna-ipv4] drni local 4.4.4.4 remote 3.3.3.3
[SwitchD-mvxlan-vpna-ipv4] quit
[SwitchD-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP
[SwitchD] pim vpn-instance vpna
[SwitchD-pim-vpna] c-bsr 1.2.3.6
[SwitchD-pim-vpna] c-rp 1.2.3.6
[SwitchD-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# 创建DR聚合口。
[SwitchD] interface bridge-aggregation 17
[SwitchD-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation17] port drni group 17
# 配置以太网服务实例20与VSI实例vpna关联。
[SwitchD-Bridge-Aggregation17] service-instance 20
[SwitchD-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchD-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchD-Bridge-Aggregation17-srv20] quit
# 将二层以太网接口加入DR聚合口。
[SwitchD] interface gigabitethernet 1/0/1
[SwitchD-GigabitEthernet1/0/1] port link-aggregation group 17
[SwitchD-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为IPL。
[SwitchD] interface bridge-aggregation 9
[SwitchD-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation9] port drni intra-portal-port 1
[SwitchD-Bridge-Aggregation9] quit
# 将二层以太网接口加入IPL聚合口。
[SwitchD] interface gigabitethernet 1/0/2
[SwitchD-GigabitEthernet1/0/2] port link-aggregation group 9
# 将keeplive链路配置为DRNI保留接口。
[SwitchD] drni mad exclude interface gigabitethernet 1/0/3
# 配置DRNI系统。
[SwitchD] drni restore-delay 180
[SwitchD] drni system-mac 2-2-2
[SwitchD] drni system-number 2
[SwitchD] drni system-priority 10
[SwitchD] drni keepalive ip destination 192.168.3.1 source 192.168.3.2
# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。
[SwitchD] interface bridge-aggregation 17
[SwitchD-Bridge-Aggregation17] port link-type trunk
[SwitchD-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchD-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchD-Bridge-Aggregation17] quit
# 配置IPP口为Trunk端口,允许所有的VLAN通过。
[SwitchD] interface bridge-aggregation 9
[SwitchD-Bridge-Aggregation9] port link-type trunk
[SwitchD-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchD-Bridge-Aggregation9] port trunk permit vlan all
[SwitchD-Bridge-Aggregation9] quit
(7) 配置Switch E
# 开启L2VPN能力。
<SwitchE> system-view
[SwitchE] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.5。
[SwitchE] evpn drni group 1.2.3.5
# 配置组成DR系统的本地和远端VTEP的IPv4地址。
[SwitchE] evpn drni local 5.5.5.5 remote 6.6.6.6
# 使能IP组播路由。
[SwitchE] multicast routing
[SwitchE-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchE-vsi-vpna] vxlan 10
[SwitchE-vsi-vpna-vxlan-10] quit
[SwitchE-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchE] bgp 200
[SwitchE-bgp-default] non-stop-routing
[SwitchE-bgp-default] group evpn internal
[SwitchE-bgp-default] peer evpn connect-interface loopback 0
[SwitchE-bgp-default] peer 1.1.1.1 group evpn
[SwitchE-bgp-default] peer 2.2.2.2 group evpn
[SwitchE-bgp-default] peer 3.3.3.3 group evpn
[SwitchE-bgp-default] peer 4.4.4.4 group evpn
[SwitchE-bgp-default] peer 6.6.6.6 group evpn
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] undo policy vpn-target
[SwitchE-bgp-default-evpn] peer evpn enable
[SwitchE-bgp-default-evpn] peer evpn next-hop-local
[SwitchE-bgp-default-evpn] peer evpn reflect-client
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchE] ip vpn-instance vpna
[SwitchE-vpn-instance-vpna] route-distinguisher 1:1
[SwitchE-vpn-instance-vpna] address-family ipv4
[SwitchE-vpn-ipv4-vpna] vpn-target 2:2
[SwitchE-vpn-ipv4-vpna] quit
[SwitchE-vpn-instance-vpna] address-family evpn
[SwitchE-vpn-evpn-vpna] vpn-target 1:1
[SwitchE-vpn-evpn-vpna] quit
[SwitchE-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpna
[SwitchE-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] pim distributed-dr
[SwitchE-Vsi-interface1] mac-address 1-1-1
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] local-proxy-arp enable
[SwitchE-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchE] interface vsi-interface 3
[SwitchE-Vsi-interface3] ip binding vpn-instance vpna
[SwitchE-Vsi-interface3] l3-vni 1000
[SwitchE-Vsi-interface3] pim sm
[SwitchE-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchE] multicast routing vpn-instance vpna
[SwitchE-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 5.5.5.5 32
[SwitchE-LoopBack0] ospf 1 area 0
[SwitchE-LoopBack0] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip address 1.2.3.5 32
[SwitchE-LoopBack1] ospf 1 area 0
[SwitchE-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchE] interface loopback 2
[SwitchE-LoopBack2] ip binding vpn-instance vpna
[SwitchE-LoopBack2] ip address 1.2.3.5 255.255.255.255
[SwitchE-LoopBack2] pim sm
[SwitchE-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchE] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchE-mvxlan-vpna] address-family ipv4
[SwitchE-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchE-mvxlan-vpna-ipv4] source loopback 1 evpn-drni-group
[SwitchE-mvxlan-vpna-ipv4] data-group 239.0.0.1 24
[SwitchE-mvxlan-vpna-ipv4] quit
[SwitchE-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。
[SwitchE] pim vpn-instance vpna
[SwitchE-pim-vpna] c-bsr 1.2.3.5
[SwitchE-pim-vpna] c-rp 1.2.3.5
[SwitchE-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
# 创建DR聚合口。
[SwitchE] interface bridge-aggregation 17
[SwitchE-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchE-Bridge-Aggregation17] port drni group 17
# 配置以太网服务实例20与VSI实例vpna关联。
[SwitchE-Bridge-Aggregation17] service-instance 20
[SwitchE-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchE-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchE-Bridge-Aggregation17-srv20] quit
# 将二层以太网接口加入DR聚合口。
[SwitchE]interface gigabitethernet 1/0/1
[SwitchE-GigabitEthernet1/0/1] port link-aggregation group 17
[SwitchE-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为IPL。
[SwitchE] interface bridge-aggregation 9
[SwitchE-Bridge-Aggregation9] port link-type trunk
[SwitchE-Bridge-Aggregation9] port trunk permit vlan all
[SwitchE-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchE-Bridge-Aggregation9] port drni intra-portal-port 1
[SwitchE-Bridge-Aggregation9] quit
# 将二层以太网接口加入IPL聚合口。
[SwitchE] interface gigabitethernet 1/0/2
[SwitchE-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchE-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为DRNI保留接口。
[SwitchE] drni mad exclude interface gigabitethernet 1/0/3
# 配置DRNI系统。
[SwitchE] drni restore-delay 180
[SwitchE] drni system-mac 2-2-2
[SwitchE] drni system-number 1
[SwitchE] drni system-priority 10
[SwitchE] drni keepalive ip destination 192.168.4.2 source 192.168.4.1
# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。
[SwitchE] interface bridge-aggregation 17
[SwitchE-Bridge-Aggregation17] port link-type trunk
[SwitchE-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchE-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchE-Bridge-Aggregation17] quit
# 配置IPP口为Trunk端口,允许所有的VLAN通过。
[SwitchE] interface bridge-aggregation 9
[SwitchE-Bridge-Aggregation9] port link-type trunk
[SwitchE-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchE-Bridge-Aggregation9] port trunk permit vlan all
[SwitchE-Bridge-Aggregation9] quit
(8) 配置Switch F
# 开启L2VPN能力。
<SwitchF> system-view
[SwitchF] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.5。
[SwitchF] evpn drni group 1.2.3.5
#配置组成DR系统的本地和远端VTEP的IPv4地址。
[SwitchF] evpn drni local 6.6.6.6 remote 5.5.5.5
# 使能IP组播路由。
[SwitchF] multicast routing
[SwitchF-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchF] vsi vpna
[SwitchF-vsi-vpna] evpn encapsulation vxlan
[SwitchF-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchF-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchF-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchF-vsi-vpna] igmp-snooping enable
[SwitchF-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchF-vsi-vpna] vxlan 10
[SwitchF-vsi-vpna-vxlan-10] quit
[SwitchF-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchF] bgp 200
[SwitchF-bgp-default] non-stop-routing
[SwitchF-bgp-default] group evpn internal
[SwitchF-bgp-default] peer evpn connect-interface LoopBack0
[SwitchF-bgp-default] peer 1.1.1.1 group evpn
[SwitchF-bgp-default] peer 2.2.2.2 group evpn
[SwitchF-bgp-default] peer 3.3.3.3 group evpn
[SwitchF-bgp-default] peer 4.4.4.4 group evpn
[SwitchF-bgp-default] peer 5.5.5.5 group evpn
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] undo policy vpn-target
[SwitchF-bgp-default-evpn] peer evpn enable
[SwitchF-bgp-default-evpn] peer evpn next-hop-local
[SwitchF-bgp-default-evpn] peer evpn reflect-client
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchF] ip vpn-instance vpna
[SwitchF-vpn-instance-vpna] route-distinguisher 1:1
[SwitchF-vpn-instance-vpna] address-family ipv4
[SwitchF-vpn-ipv4-vpna] vpn-target 2:2
[SwitchF-vpn-ipv4-vpna] quit
[SwitchF-vpn-instance-vpna] address-family evpn
[SwitchF-vpn-evpn-vpna] vpn-target 1:1
[SwitchF-vpn-evpn-vpna] quit
[SwitchF-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchF] interface vsi-interface 1
[SwitchF-Vsi-interface1] ip binding vpn-instance vpna
[SwitchF-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchF-Vsi-interface1] pim sm
[SwitchF-Vsi-interface1] igmp enable
[SwitchF-Vsi-interface1] pim distributed-dr
[SwitchF-Vsi-interface1] mac-address 1-1-1
[SwitchF-Vsi-interface1] distributed-gateway local
[SwitchF-Vsi-interface1] local-proxy-arp enable
[SwitchF-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchF] interface vsi-interface 3
[SwitchF-Vsi-interface3] ip binding vpn-instance vpna
[SwitchF-Vsi-interface3] l3-vni 1000
[SwitchF-Vsi-interface3] pim sm
[SwitchF-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchF] multicast routing vpn-instance vpna
[SwitchF-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 6.6.6.6 32
[SwitchF-LoopBack0] ospf 1 area 0
[SwitchF-LoopBack0] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip address 1.2.3.5 32
[SwitchF-LoopBack1] ospf 1 area 0
[SwitchF-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip binding vpn-instance vpna
[SwitchF-LoopBack2] ip address 1.2.3.5 255.255.255.255
[SwitchF-LoopBack2] pim sm
[SwitchF-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchF] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchF-mvxlan-vpna] address-family ipv4
[SwitchF-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchF-mvxlan-vpna-ipv4] source loopback 1 evpn-drni-group
[SwitchF-mvxlan-vpna-ipv4] data-group 239.0.0.1 24
[SwitchF-mvxlan-vpna-ipv4] quit
[SwitchF-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpna
[SwitchF-pim-vpna] c-bsr 1.2.3.5
[SwitchF-pim-vpna] c-rp 1.2.3.5
[SwitchF-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchF] vsi vpna
[SwitchF-vsi-vpna] gateway vsi-interface 1
[SwitchF-vsi-vpna] quit
# 创建DR聚合口。
[SwitchF] interface bridge-aggregation 17
[SwitchF-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchF-Bridge-Aggregation17] port drni group 17
# 配置以太网服务实例20与VSI实例vpna关联。
[SwitchF-Bridge-Aggregation17] service-instance 20
[SwitchF-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchF-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchF-Bridge-Aggregation17-srv20] quit
# 将二层以太网接口加入DR聚合口。
[SwitchF] interface gigabitethernet 1/0/1
[SwitchF-GigabitEthernet1/0/1] port link-aggregation group 17
[SwitchF-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为IPL。
[SwitchF] interface bridge-aggregation 9
[SwitchF-Bridge-Aggregation9] port link-type trunk
[SwitchF-Bridge-Aggregation9] port trunk permit vlan all
[SwitchF-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchF-Bridge-Aggregation9] port drni intra-portal-port 1
[SwitchF-Bridge-Aggregation9] quit
# 将二层以太网接口加入IPL聚合口。
[SwitchF] interface gigabitethernet 1/0/2
[SwitchF-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchF-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为DRNI保留接口。
[SwitchF] drni mad exclude interface gigabitethernet 1/0/3
# 配置DRNI系统。
[SwitchF] drni restore-delay 180
[SwitchF] drni system-mac 2-2-2
[SwitchF] drni system-number 2
[SwitchF] drni system-priority 10
[SwitchF] drni keepalive ip destination 192.168.4.1 source 192.168.4.2
# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。
[SwitchF] interface bridge-aggregation 17
[SwitchF-Bridge-Aggregation17] port link-type trunk
[SwitchF-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchF-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchF-Bridge-Aggregation17] quit
# 配置IPP口为Trunk端口,允许所有的VLAN通过。
[SwitchF] interface bridge-aggregation 9
[SwitchF-Bridge-Aggregation9] port link-type trunk
[SwitchF-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchF-Bridge-Aggregation9] port trunk permit vlan all
[SwitchF-Bridge-Aggregation9] quit
(1) 查看Switch A的VXLAN隧道和VSI信息
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并已采用虚拟VTEP地址建立VXLAN隧道。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 6.6.6.6
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 1159 packets, 176556 bytes, 0 drops
Output: 1176 packets, 178121 bytes, 0 drops
Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel3
Current state: UP
Line protocol state: UP
Description: Tunnel3 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 1.2.3.6
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 8 packets, 480 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到Switch A自动创建了VXLAN隧道,并将其与VSI关联。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
Tunnel2 0x5000002 UP Auto Disabled
Tunnel3 0x5000003 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG17 srv20 0 Up Manual
(2) 查看Switch A的组播路由信息
# IPL未故障时,查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.2.3.4, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:59:50
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Register-Tunnel0
Protocol: pim-sm, UpTime: 03:38:17, Expires: -
(1.2.3.6, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:49
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE1
Protocol: MD, UpTime: 01:18:49, Expires: -
# 两个DR系统的IPL均故障时,查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:02:12
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:11, Expires: 00:03:19
(2.2.2.2, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:04
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:04, Expires: -
(3.3.3.3, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:36
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:36, Expires: -
(6.6.6.6, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:00:32
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:00:32, Expires: -
(3) 查看Switch E的组播路由信息。
# IPL未故障时,查看Switch E的公网组播路由信息。
<SwitchE> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.2.3.4, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 04:11:32
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.2
RPF prime neighbor: 12.1.1.2
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface13
Protocol: pim-sm, UpTime: 01:33:53, Expires: 00:02:40
2: Vlan-interface14
Protocol: pim-sm, UpTime: 01:31:35, Expires: 00:02:40
(1.2.3.6, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 01:34:02
Upstream interface: Vlan-interface14
Upstream neighbor: 14.1.1.4
RPF prime neighbor: 14.1.1.4
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:30:50, Expires: 00:02:40
2: Vlan-interface12
Protocol: pim-sm, UpTime: 01:30:50, Expires: 00:02:41-
# 两个DR系统的IPL均故障时,查看Switch E的公网组播路由信息。
<SwitchE> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:04:00
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface12
Protocol: pim-sm, UpTime: 00:02:51, Expires: 00:02:39
2: Vlan-interface13
Protocol: pim-sm, UpTime: 00:03:59, Expires: 00:03:06
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:03:59, Expires: 00:03:10
(2.2.2.2, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:02:52
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.2
RPF prime neighbor: 12.1.1.2
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:02:38
2: Vlan-interface13
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:02:39
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:03:10
(3.3.3.3, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:03:25
Upstream interface: Vlan-interface13
Upstream neighbor: 13.1.1.3
RPF prime neighbor: 13.1.1.3
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:03:24, Expires: 00:03:06
2: Vlan-interface12
Protocol: pim-sm, UpTime: 00:03:24, Expires: 00:02:38
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10
(6.6.6.6, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:02:20
Upstream interface: Vlan-interface14
Upstream neighbor: 14.1.1.4
RPF prime neighbor: 14.1.1.4
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10
2: Vlan-interface12
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10
3: Vlan-interface13
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:11
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
