- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
04-组播VXLAN配置
本章节下载: 04-组播VXLAN配置 (1.76 MB)
目 录
3.12.1 相同VPN内MVXLAN三层组播互通配置举例(IPv4站点网络)
3.12.2 相同VPN内MVXLAN三层组播互通配置举例(IPv6站点网络)
3.12.3 对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)
3.12.4 非对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)
3.12.5 存在公网接收者跨VPN组网MVXLAN三层组播互通配置举例
3.12.6 组播VXLAN分布式聚合配置举例(以太网聚合链路作为peer-link链路)
3.12.7 双DC跨数据中心组播源直连ED配置举例(不同DC相同L3VNI)
3.12.8 三DC跨数据中心三层组播互通支持多ED配置举例(使用相同L3VNI映射)
3.12.9 双DC跨数据中心三层组播ED支持M-LAG配置举例(不同DC相同L3VNI)
MVXLAN(Multicast VXLAN,组播VXLAN)是一种在VXLAN或EVPN VXLAN网络中进行组播业务传输的技术,实现了点到多点的高效数据传递。
组播VXLAN功能受设备的工作模式限制,在使用组播VXLAN功能前,请在系统视图下使用switch-mode 1命令配置设备工作在VXLAN模式,保存设备当前配置,然后重启设备。有关设备工作模式的详细介绍请参见“基础配置指导”中的“设备管理”。
目前,MVXLAN仅支持IPv4 Underlay网络,不支持IPv6 Underlay网络。
目前,组播VXLAN支持两种工作模式:
· 入方向复制模式:实现在VXLAN网络中传输不同VPN实例的组播流量。入方向复制模式组播VXLAN仅支持IPv4站点网络(即私网组播网络为IPv4网络)。
· MDT(Multicast Distribution Tree,组播分发树)模式:实现在EVPN VXLAN网络中传输组播流量。MDT模式组播VXLAN既支持IPv4站点网络(即私网组播网络为IPv4网络),又支持IPv6站点网络(即私网组播网络为IPv6网络)。本文以IPv4站点网络为例,介绍MVXLAN的工作机制。IPv6站点网络的MVXLAN工作机制与此类似。
入方向复制模式组播VXLAN的典型组网如图1-1所示。Border设备与VTEP设备之间手工建立VXLAN隧道,并与VXLAN关联。组播源连接到Border,组播接收者连接到VTEP。Border接收到组播源发送的组播流量后,能够区分流量所属的VPN,并在对应的VPN内通过VXLAN隧道将组播流量转发到远端VTEP。VTEP再将组播流量转发给组播接收者。
入方向复制模式组播VXLAN组网中,Border和VTEP上需要进行如下组播相关配置:
· 在Border上创建VSI虚接口,将该接口与VPN实例绑定,并在该接口上开启IGMP功能。
· 将Border连接组播源的接口与VPN实例绑定。
· Border和VTEP上,均需要在VSI视图下开启IGMP snooping功能。
入方向复制模式组播VXLAN的组播表项学习过程为:
(1) 在Border的VSI虚接口上开启IGMP功能后,该接口将在其关联的VXLAN内广播发送IGMP查询报文。
(2) VTEP从VXLAN隧道上接收到IGMP查询报文后,将VXLAN隧道接口设置为IGMP snooping的路由器端口。VTEP解封装报文,并将其发送给本地主机。
(3) 如果本地存在组播接收者,则接收者回复IGMP成员关系报告报文。
(4) VTEP将接收到IGMP成员关系报告报文的AC设置为IGMP snooping的成员端口,并通过路由器端口(VXLAN隧道接口)将该报文封装后发送给Border。
(5) Border从VXLAN隧道上接收到IGMP成员关系报告报文后,将该VXLAN隧道接口设置为IGMP snooping的成员端口。
完成组播表项学习后,组播流量将按照表项进行转发:
(1) Border接收到组播流量后,判断流量接收接口所属的VPN实例,在该VPN实例内查表转发组播流量。
(2) 如果组播流量的出接口为VSI虚接口,则在该VSI虚接口对应VXLAN内查找IGMP snooping成员端口(VXLAN隧道接口),通过这些VXLAN隧道接口将组播流量转发给连接组播接收者的远端VTEP。
(3) VTEP从VXLAN隧道上接收到组播流量后,解封装该报文,并将其通过IGMP snooping成员端口转发给相应的组播接收者。
MDT模式即在公网上建立以组播源所在的VTEP为根,组播接收者所在的VTEP为叶的组播分发树,通过单向MVXLAN隧道在公网中沿组播分发树转发组播流量,实现组播流量的最优路径转发。
MDT模式组播VXLAN具有如下优点:
· 按需转发组播流量:使用BGP EVPN路由和PIM协议搭建组播分发树、控制接收者加入或离开组播组,实现按需转发组播流量。
· 不同VXLAN之间可以转发组播流量:通过部署分布式EVPN网关,实现组播流量跨VXLAN的三层转发。
如图1-2所示,VTEP均为分布式EVPN网关,VTEP间建立MVXLAN隧道。VTEP上创建MVXLAN实例指导组播流量转发,通过本地AC和MVXLAN隧道分别将组播流量转发至本地接收者和远端VTEP。有关VTEP、VSI、VXLAN的详细介绍,请参见“VXLAN配置指导”中的“VXLAN”。有关EVPN的详细介绍,请参见“EVPN配置指导”中的“EVPN”。
· MDT:建立在属于同一MVXLAN内所有VTEP间的组播分发树,包括Default-MDT和Data-MDT两种。
· Default-Group(默认组):每个MVXLAN在公网上分配一个独立的组播组,称为Default-Group。它是MVXLAN在公网上的唯一标志,用来在公网上建立MVXLAN所对应的Default-MDT。无论私网组播报文属于哪个组播组,VTEP都统一将其封装为普通的公网组播数据报文,并以Default-Group作为其所属的公网组播组。
· Default-MDT(Default-Multicast Distribution Tree,默认组播分发树):以Default-Group为组地址的MDT,称为Default-MDT。MVXLAN使用Default-Group唯一标识一棵Default-MDT。在该MVXLAN中传输的所有私网组播报文,无论从哪个VTEP进入公网,都经由此Default-MDT转发。Default-MDT是在配置完成后自动生成的,在公网中将会一直存在,而不论公网或私网中有没有实际的组播业务。
· Data-Group(数据组):当组播流量通过指定ACL规则的过滤时,入口VTEP会为其分配一个独立的组播组,称为Data-Group,并通知其它VTEP使用该组播组在公网内转发该组播数据流量。一个MVXLAN唯一确定一个Data-Group范围以便进行Data-MDT切换。在进行Data-MDT切换时,从Data-Group范围中选取一个被引用最少的地址,从VTEP进入公网、通过指定ACL规则过滤的私网组播报文将使用该地址进行封装。
· Data-MDT(Data-Multicast Distribution Tree,数据组播分发树):以Data-Group为组地址的MDT,称为Data-MDT。下游存在接收者的VTEP加入Data-Group,形成一棵Data-MDT,入口VTEP使用Data-MDT在公网中转发封装后的私网组播数据。
为了支持MVXLAN,MP-BGP在EVPN地址族新增了如下EVPN路由用于创建MDT:
· Supplementary Broadcast Domain Selective Multicast Ethernet Tag Route:增强型广播域选择性组播以太网标签路由,也叫SBD-SMET路由,包含私网组播源地址和组播组地址信息,用于接收者侧的VTEP通告希望接收某个(*,G)或(S,G)的组播流量。该路由携带VPN实例下配置的RD和VPN实例IPv4/IPv6地址族下配置的Export target。
· Selective Provider Multicast Service Interface Route:选择性组播业务接口路由,也叫S-PMSI A-D路由,包含私网组播源地址、私网组播组地址、Default-Group或Data-Group地址及MVXLAN源接口地址。主要用于:
¡ 组播源侧VTEP与其所有BGP邻居间建立Default-MDT。
¡ Default-MDT向Data-MDT切换。
该路由携带VPN实例下配置的RD和VPN实例IPv4/IPv6地址族下配置的Export target。
在MVXLAN网络中,VTEP间会自动创建源为MVXLAN下指定的源接口地址,组地址为Default-Group或Data-Group地址的MVXLAN隧道用于转发三层组播流量。该MVXLAN隧道是由组播源端VTEP指向组播接收者所在VTEP的单向MVXLAN隧道。MVXLAN创建后会自动与MVXLAN实例关联。
公网中运行的组播路由协议可以是PIM-SM或PIM-SSM。在这两种情况下,创建Default-MDT的过程是相同的,且Default-MDT都具有以下特点:
· 网络中所有属于同一个MVXLAN的VTEP都加入该MVXLAN的Default-MDT。
· 所有属于某MVXLAN的私网组播报文进入公网后,均沿该MVXLAN的Default-MDT向各VTEP转发,无论VTEP所连接的Site中是否存在接收者。
图1-3 PIM-SM网络中创建MDT
如图1-3所示,公网中运行PIM-SM,VTEP 1、VTEP 2和VTEP 3都运行MVXLAN。以VTEP 1下的站点作为组播源为例,Default-MDT的创建过程如下:
(1) VTEP 1向VTEP 2和VTEP 3发送携带(*,*)信息的S-PMSI A-D路由给所有BGP邻居,开始创建Default-MDT。
(2) VTEP 2和VTEP 3收到S-PMSI A-D路由后,路由中携带的(*,*)信息会触发VTEP 2和VTEP 3加入组播组,即VTEP 2和VTEP 3根据路由的PMSI Tunnel属性中的组播源和组播组信息(源为VTEP 1上MVXLAN隧道源接口的IP地址,组地址为VTEP 1上配置的Default-group)发送公网PIM加入信息,并在公网沿途建立组播表项,形成以VTEP 1为根,以VTEP 2和VTEP 3为叶的SPT,此SPT就是Default-MDT。
当Default-MDT创建完成后,组播源即可通过Default-MDT将私网组播数据发送给各Site中的接收者。私网组播数据在本地VTEP上进行VXLAN封装并沿Default-MDT传输,在远端VTEP上解封装并继续在私网内传输。
如图1-4所示,网络中运行PIM-SM,属于Site 2的私网组播组G(225.1.1.1)的接收者(Receiver)与VTEP 2相连;属于Site 1的组播源(Source)向G发送组播数据;用于公网组播数据转发的Default-Group为239.1.1.1。私网组播数据跨越公网进行传输的过程如下:
(1) Source发送私网组播数据(192.1.1.1,225.1.1.1)到VTEP 1。
(2) VTEP 1上根据组播报文,在VPN实例中创建(192.1.1.1,225.1.1.1)组播转发表。如果此时Receiver已经向VTEP 2发送IGMP加入信息,VTEP 2会向VTEP 1发送携带(*,G)的SBD-SMET路由,VTEP 1根据路由中的信息对组播报文进行VXLAN封装(外层源地址为MVXLAN的源接口地址,外层组地址为Default-group地址)沿已经创建好的Default-MDT将VXLAN报文发送至所有远端VTEP;如果此时没有接收者,则丢弃组播报文。
(3) VTEP 2收到报文后,解封装VXLAN报文,还原私网组播报文,查找组播转发表将组播报文发送至本地Receiver。至此跨越公网网络的私网组播数据传输完成。
(4) VTEP 3收到报文后,解封装VXLAN报文,还原私网组播报文,发现本地没有接收者,会将组播报文丢弃。
Data-MDT和Default-MDT都是同一个MVXLAN中的转发隧道。Default-MDT由Default-Group唯一确定;Data-MDT则由Data-Group唯一确定。每个Default-Group关联一组Data-Group范围。
在公网中通过Default-MDT传送组播数据时,组播报文被传输到支持同一VPN实例的所有VTEP上,无论该VTEP所连接的Site内是否存在接收者。当私网中组播数据的传输数据比较大时,可能在公网中造成数据的泛滥。这样既浪费网络带宽,又增加了VTEP的处理负担。
为了解决上述问题,MDT模式的MVXLAN支持在连接私网组播接收者和私网组播源的VTEP之间建立专用的Data-MDT,并将组播数据流从Default-MDT切换到Data-MDT,实现按需进行组播数据转发,避免组播流量在公网中泛滥。
Default-MDT向Data-MDT切换的过程如下:
(1) 私网组播数据通过了ACL规则的过滤时,发起从Default-MDT向Data-MDT的切换。
(2) 源端VTEP从配置的Data-Group范围中选取一个引用次数最少的Data-Group地址,并将其通过S-PMSI A-D路由发送至远端VTEP,该路由中包含私网组播源地址、私网组播组地址、源端VTEP上MVXLAN源接口地址、Data-Group地址。
(3) 远端VTEP收到S-PMSI A-D路由消息后,检查本地是否有私网组播流量的接收者:如果有,则回复加入信息加入以组播源所在的VTEP为根的Data-MDT;如果没有,则将该消息缓存起来,等待有接收者时直接回复加入信息加入Data-MDT。
(4) 当组播源端的VTEP发送S-PMSI A-D路由信息一定时间后,该VTEP会停止使用Default-Group地址对私网组播数据进行封装,并改用Data-Group地址进行封装,组播数据沿Data-MDT向下分发。
(5) Default-MDT切换到Data-MDT之后,当某下游VTEP不再连接接收者时,可以通过发送PIM剪枝消息退出Data-MDT。
当私网组播数据切换到Data-MDT之后,由于情况变化导致其不满足切换条件时,组播源所在的VTEP会把此私网组播数据从Data-MDT反向切换回Default-MDT,反向切换的过程与Default-MDT切换为Data-MDT相同,此处不再赘述。只要满足如下条件之一,VTEP就会进行反向切换:
· 更改Data-Group范围后,用于私网组播数据封装的Data-Group不在新的范围之内。
· 控制私网组播数据由Default-MDT向Data-MDT切换的ACL规则发生了变化,私网组播数据不能通过新ACL规则的过滤。
组播VXLAN利用分布式聚合功能M-LAG(Multichassis link aggregation,跨设备链路聚合)将两台物理设备连接起来虚拟成一台设备,避免设备单点故障对网络造成影响,从而提高组播VXLAN网络的可靠性。M-LAG的详细介绍,请参见“二层技术-以太网交换配置指导”中的“M-LAG”。
如图1-5所示,在组播VXLAN组网中,VTEP和Border设备均支持分布式聚合,且分布式聚合的VTEP和Border设备均可以连接组播源和组播接收者。
组播VXLAN支持分布式聚合通过peer-link链路在组成M-LAG系统的成员设备间同步组播流量和组播接收者加入请求(IGMP成员关系报告报文或者PIM加入报文),使成员设备上的组播源和组播接收者信息保持一致,形成设备级备份。当一台成员设备发生故障(设备故障、上下行链路故障等)时,组播流量可以由另一台成员设备进行转发,从而避免组播流量转发中断。
如图1-5所示,以VTEP 1和VTEP 2组成的M-LAG系统为例,组播VXLAN支持分布式聚合的工作机制为:
(1) VTEP 1和VTEP 2通过M-LAG虚拟成一台设备,拥有相同的虚拟地址,并与其他设备建立以虚拟地址为组播源地址、相同的Default-group为目的地址的MVXLAN隧道。
(2) VTEP 1从Agg2接口接收到组播接收者发送的加入请求后,通过peer-link链路将加入请求同步到VTEP 2。
(3) VTEP 1和VTEP 2均根据加入请求建立相应的组播转发表项,并向组播源侧VTEP发送SBD-SMET路由。
(4) VTEP 1从Agg1接口接收到组播源发送的组播流量后,通过peer-link链路将组播流量转发至VTEP 2。
(5) 组播流量在VTEP 1和VTEP 2之间采用奇偶原则进行负载分担,即M-LAG系统编号为奇数的成员设备转发组播组地址为奇数的流量,M-LAG系统编号为偶数的成员设备转发组播组地址为偶数的流量。当一台设备发生故障时,另一台设备可以接替其工作,避免流量转发中断。
(6) 如果私网组播数据满足Data-group切换条件,则需要由Default-group向Data-group切换。在组播VXLAN支持分布式聚合组网中,M-LAG的主设备(假设为VTEP 1)负责选取Data-group,进行Default-group向Data-group的切换,并通过SBD-SMET路由将选取的Data-group通告给VTEP 2。VTEP 2接收到SBD-SMET路由后,如果路由中通告的Data-group在本地配置的Data-Group范围内,则VTEP 2使用相同的Data-group;否则,VTEP 2自行选择Data-Group。VTEP 2未接收到SBD-SMET路由时,VTEP 1和VTEP 2独立选取Data-group。
如图1-6所示,组播VXLAN支持分布式聚合组网中,当VTEP 1的上行链路故障时,VTEP 2上的组播流量无法通过peer-link链路同步给VTEP 1。根据奇偶转发原则,VTEP 2只能将组播组地址为奇(或者偶)数的组播流量转发给下游接收者,导致组播组地址为偶(或者奇)数的组播流量转发异常。
通过在VTEP 1和VTEP 2上配置peer-link链路的保留VLAN功能,将peer-link接口加入到保留VLAN中,可以实现将peer-link作为逃生链路,避免三层组播流量转发失败。如图1-7所示,当VTEP 2上的(S,G)表项对应的出接口为保留VLAN接口时,peer-link接口会被添加到(S,G)表项的出端口中,VTEP 2上的组播流量会通过peer-link链路发送给VTEP 1。有关peer-link链路的保留VLAN功能的详细介绍,请参见“二层技术-以太网交换配置指导”中的“M-LAG”。
图1-7 三层组播流量通过peer-link链路进行逃生
入方向复制模式组播VXLAN组网中,组播源只能连接到Border设备。
开启VSI虚接口的组播相关功能前,必须先配置VSI虚接口的主IP地址。
入方向复制模式组播VXLAN配置任务如下:
(1) 配置VXLAN
a. 创建VSI和VXLAN
b. 配置VXLAN隧道
c. 手工关联VXLAN与VXLAN隧道
d. 建立数据帧与VSI的关联
有关VXLAN的配置方法,请参见“VXLAN配置指导”中的“VXLAN”。
(2) 配置IGMP和IGMP Snooping
a. 在Border上使能VSI虚接口的IGMP功能
b. 在Border和VTEP上使能VSI的IGMP Snooping
有关IGMP和IGMP Snooping的配置方法,请参见“IP组播配置指导”中的“IGMP”和“IGMP Snooping”。
(3) 配置VPN实例
a. 创建VPN实例
b. 在Border上配置VSI虚接口和连接组播源的接口关联VPN实例
有关VPN实例的配置方法,请参见“MPLS配置指导”中的“MPLS L3VPN”。
(4) 配置MVXLAN
b. 创建MVXLAN实例
c. 配置分布式DR接口
VTEP作为分布式VXLAN IP网关时,必须执行本配置。
(1) 进入系统视图。
system-view
(2) 使能VPN实例中的组播路由,并进入该VPN实例的MRIB视图。
multicast routing vpn-instance instance-name
缺省情况下,VPN实例的IP组播路由处于关闭状态。
本命令的具体介绍请参见“IP组播命令参考”中的“组播路由与转发”。
可以在VTEP上创建一个或多个入方向复制模式MVXLAN实例,以便为公网或不同的VPN实例提供服务。
(1) 进入系统视图。
system-view
(2) 创建MVXLAN实例,并进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode ingress-replication
(3) 创建MVXLAN IPv4地址族,并进入该地址族视图。
address-family ipv4
(1) 进入系统视图。
system-view
(2) 创建MVXLAN实例,并进入MVXLAN视图。
multicast-vpn vxlan public-instance mode ingress-replication
(3) 创建MVXLAN IPv4地址族,并进入该地址族视图。
address-family ipv4
在分布式网关组网中运行组播业务时,需要在分布式网关的VSI虚接口上执行本命令将VSI虚接口配置为分布式DR(Designated Router,指定路由器)接口,从而强制指定自己为DR,以便将组播流量转发至本地站点。
(1) 进入系统视图。
system-view
(2) 进入VSI虚接口视图。
interface vsi-interface interface-number
(3) 将VSI虚接口配置为分布式DR接口。
pim distributed-dr
缺省情况下,VSI虚接口不是分布式DR接口。
本命令的详细介绍,请参见“IP组播命令参考”中的“PIM”。
边界网关Border连接外部网络,组播源连接到Border。VTEP 1作为集中式VXLAN IP网关,本地存在组播接收者。VTEP 2同样连接着组播接收者。通过入方向复制模式组播VXLAN,实现组播流量在VXLAN网络中的转发。
图2-1 入方向复制模式组播VXLAN配置组网图
(1) 配置IP地址和单播路由协议
配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保路由器之间路由可达。
(2) 配置Border
# 开启L2VPN能力,并使能IGMP snooping。
<Border> system-view
[Border] l2vpn enable
[Border] igmp-snooping
[Border-igmp-snooping] quit
# 在Border和VTEP之间建立VXLAN隧道。
[Border] interface tunnel 1 mode vxlan
[Border-Tunnel1] source 2.2.2.2
[Border-Tunnel1] destination 1.1.1.1
[Border-Tunnel1] quit
[Border] interface tunnel 2 mode vxlan
[Border-Tunnel2] source 2.2.2.2
[Border-Tunnel2] destination 3.3.3.3
[Border-Tunnel2] quit
# 创建VSI实例vpna和VXLAN 10,并使能VSI的IGMP snooping。
[Border] vsi vpna
[Border-vsi-vpna] igmp-snooping enable
[Border-vsi-vpna] vxlan 10
# 配置Tunnel1、Tunnel2与VXLAN 10关联
[Border-vsi-vpna-vxlan-10] tunnel 1
[Border-vsi-vpna-vxlan-10] tunnel 2
[Border-vsi-vpna-vxlan-10] quit
[Border-vsi-vpna] quit
# 创建VPN实例vpna。
[Border] ip vpn-instance vpna
[Border-vpn-instance-vpna] quit
# 使能IP组播路由。
[Border] multicast routing vpn-instance vpna
[Border-mrib] quit
# 创建VSI虚接口,将其与VPN实例vpna绑定,并在其上使能IGMP。
[Border] interface vsi-interface 1
[Border-Vsi-interface] ip binding vpn-instance vpna
[Border-Vsi-interface] ip address 100.1.1.2 255.255.255.0
[Border-Vsi-interface] igmp enable
[Border-Vsi-interface] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[Border] vsi vpna
[Border-vsi-vpna] gateway vsi-interface 1
[Border-vsi-vpna] quit
# 配置连接组播源的接口Vlan-interface30与vpn实例vpna关联,并在该接口上开启PIM SM。
[Border] interface vlan-interface 30
[Border-Vlan-interface30] ip binding vpn-instance vpna
[Border-Vlan-interface30] ip address 100.2.2.2 255.255.255.0
[Border-Vlan-interface30] pim sm
[Border-Vlan-interface30] quit
# 创建VPN实例vpna的入方向复制模式MVXLAN,进入MVXLAN IPv4地址族视图。
[Border] multicast-vpn vxlan vpn-instance vpna mode ingress-replication
[Border-mvxlan-vpna] address-family ipv4
[Border-mvxlan-vpna] quit
(3) 配置VTEP 1
# 开启L2VPN能力,并使能IGMP snooping。
<VTEP1> system-view
[VTEP1] l2vpn enable
[VTEP1] igmp-snooping
[VTEP1-igmp-snooping] quit
# 在VTEP 1和Border之间建立VXLAN隧道。
[VTEP1] interface tunnel 2 mode vxlan
[VTEP1-Tunnel2] source 1.1.1.1
[VTEP1-Tunnel2] destination 2.2.2.2
[VTEP1-Tunnel2] quit
# 创建VSI实例vpna和VXLAN 10,并使能VSI的IGMP snooping。
[VTEP1] vsi vpna
[VTEP1-vsi-vpna] igmp-snooping enable
[VTEP1-vsi-vpna] vxlan 10
# 配置Tunnel2与VXLAN10关联。
[VTEP1-vsi-vpna-vxlan-10] tunnel 2
[VTEP1-vsi-vpna-vxlan-10] quit
[VTEP1-vsi-vpna] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧,并将以太网服务实例与VSI实例vpna关联。
[VTEP1] interface ten-gigabitethernet 1/0/1
[VTEP1-Ten-GigabitEthernet1/0/1] service-instance 1000
[VTEP1-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
[VTEP1-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[VTEP1-Ten-GigabitEthernet1/0/1-srv1000] quit
[VTEP1-Ten-GigabitEthernet1/0/1] quit
[VTEP1] interface ten-gigabitethernet 1/0/2
[VTEP1-Ten-GigabitEthernet1/0/2] service-instance 1000
[VTEP1-Ten-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 2
[VTEP1-Ten-GigabitEthernet1/0/2-srv1000] xconnect vsi vpna
[VTEP1-Ten-GigabitEthernet1/0/2-srv1000] quit
[VTEP1-Ten-GigabitEthernet1/0/2] quit
(4) 配置VTEP 2
# 开启L2VPN能力,并使能IGMP snooping。
<VTEP2> system-view
[VTEP2] l2vpn enable
[VTEP2] igmp-snooping
[VTEP2-igmp-snooping] quit
# 在VTEP 2和Border之间建立VXLAN隧道。
[VTEP2] interface tunnel 2 mode vxlan
[VTEP2-Tunnel2] source 3.3.3.3
[VTEP2-Tunnel2] destination 2.2.2.2
[VTEP2-Tunnel2] quit
# 创建VSI实例vpna和VXLAN 10,并使能VSI的IGMP snooping。
[VTEP2] vsi vpna
[VTEP2-vsi-vpna] igmp-snooping enable
[VTEP2-vsi-vpna] vxlan 10
# 配置Tunnel2与VXLAN10关联。
[VTEP2-vsi-vpna-vxlan-10] tunnel 2
[VTEP2-vsi-vpna-vxlan-10] quit
[VTEP2-vsi-vpna] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧,并将以太网服务实例与VSI实例vpna关联。
[VTEP2] interface ten-gigabitethernet 1/0/1
[VTEP2-Ten-GigabitEthernet1/0/1] service-instance 1000
[VTEP2-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
[VTEP2-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[VTEP2-Ten-GigabitEthernet1/0/1-srv1000] quit
[VTEP2-Ten-GigabitEthernet1/0/1] quit
[VTEP2] interface ten-gigabitethernet 1/0/2
[VTEP2-Ten-GigabitEthernet1/0/2] service-instance 1000
[VTEP2-Ten-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 2
[VTEP2-Ten-GigabitEthernet1/0/2-srv1000] xconnect vsi vpna
[VTEP2-Ten-GigabitEthernet1/0/2-srv1000] quit
[VTEP2-Ten-GigabitEthernet1/0/2] quit
(1) 验证Border设备
# 查看Border上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。
[Border] display interface tunnel 1
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 2.2.2.2, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Border上的VSI虚接口信息,可以看到VSI虚接口处于up状态。
[Border] display interface vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi1 UP UP 10.1.1.1
# 查看Border上的组播路由表项,可以看到VSI虚接口作为组播路由表项的出接口。
[Border] display pim vpn-instance vpna routing-table
Total 17 (*, G) entries; 18 (S, G) entries
(10.1.2.99, 225.0.1.1)
RP: 10.1.2.88 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT 2MVPN
UpTime: 21:24:27
Upstream interface: Vlan-interface30
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 07:08:26, Expires: -
(2) 验证VTEP设备
# 查看VTEP 1上的IGMP snooping组播组信息,可以看到AC侧接口为成员端口。
[VTEP1] display igmp-snooping group
Total 1 entries.
VSI vpna: Total 1 entries.
(0.0.0.0, 225.0.1.1)
Host ports (1 in total):
XGE1/0/1 (Link ID 0) (00:04:20)
XGE1/0/2 (Link ID 1) (00:04:20)
# 查看VTEP 1上的IGMP snooping路由器端口信息,可以看到Tunnel接口为路由器端口。
[VTEP1] display igmp-snooping router-port
VSI vpna:
Router ports (1 in total):
Tun2 (VXLAN ID 10) (00:03:23)
(3) 组播接收者可以接收到组播源发送的数据。
MDT模式组播VXLAN配置任务如下:
(1) 配置EVPN
¡ 创建VSI和VXLAN
¡ 配置AC与VSI关联
¡ 配置EVPN实例
¡ 配置BGP发布EVPN路由
¡ 配置分布式EVPN网关
有关EVPN的配置方法,请参见“EVPN配置指导”中的“EVPN”。
(2) 配置IGMP和IGMP Snooping
¡ 使能VSI虚接口的IGMP功能
¡ 使能VSI虚接口的IGMP代理功能
¡ 使能IGMP Snooping
¡ 配置IGMP Snooping Proxy
有关IGMP和IGMP Snooping的配置方法,请参见“IP组播配置指导”中的“IGMP”和“IGMP Snooping”。
(3) VTEP公网侧接口配置PIM协议
请至少选择其中一项任务进行配置:
¡ 配置PIM-SM
¡ 配置PIM-SSM
有关PIM协议的配置方法,请参见“IP组播配置指导”中的“PIM”。
(4) 配置MVXLAN
¡ 创建MVXLAN
¡ (可选)配置跨VPN组播转发路由选路策略
¡ (可选)配置组播VXLAN支持分布式聚合
如需在MDT模式组播VXLAN组网中使用IGMP代理功能,则需要注意以下要求:
· 所有VTEP和ED设备上都需要开启IGMP代理功能,不允许仅部分VTEP或ED开启IGMP代理功能。
· 不支持使用IGMPv1。
· 如果组播接收者发送携带(*,G)的IGMP成员关系报告,则向组播组G发送组播流量的所有组播源必须连接到同一台VTEP,否则会导致组播转发表项的出接口频繁变化,影响组播流量转发。
(1) 进入系统视图。
system-view
(2) 使能VPN实例中的IPv4组播路由,并进入该VPN实例的MRIB视图。
multicast routing vpn-instance instance-name
缺省情况下,VPN实例的IPv4组播路由处于关闭状态。
本命令的具体介绍请参见“IP组播命令参考”中的“组播路由与转发”。
(1) 进入系统视图。
system-view
(2) 使能VPN实例中的IPv6组播路由,并进入该VPN实例的IPv6 MRIB视图。
ipv6 multicast routing vpn-instance instance-name
缺省情况下,VPN实例的IPv6组播路由处于关闭状态。
本命令的具体介绍请参见“IP组播命令参考”中的“IPv6组播路由与转发”。
可以在VTEP上创建一个或多个MDT模式MVXLAN实例为不同的VPN或公网实例提供服务。
当组播源和组播接收者通过不同的VTEP(或Border)接入时,不支持通过公网实例的MVXLAN实现组播流量互通。
(1) 进入系统视图。
system-view
(2) 创建MVXLAN实例,并进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(1) 进入系统视图。
system-view
(2) 创建MVXLAN实例,并进入MVXLAN视图。
multicast-vpn vxlan public-instance mode mdt
VTEP在对私网组播报文进行VXLAN封装时,使用Default-Group作为报文外层目的地址。
不同MVXLAN实例的Default-Group地址不能相同,且Default-Group地址不能与Data-Group地址相同。
对于同一个MVXLAN,IPv4 MVXLAN和IPv6 MVXLAN使用的Default-Group必须相同,Data-Group范围不能重叠。
(1) 进入系统视图。
system-view
(2) 进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 创建MVXLAN IPv4地址族或MVXLAN IPv6地址族,并进入相应地址族视图。
¡ 创建MVXLAN IPv4地址族,并进入MVXLAN IPv4地址族视图。
address-family ipv4
¡ 创建MVXLAN IPv6地址族,并进入MVXLAN IPv6地址族视图。
address-family ipv6
(4) 指定Default-Group。
default-group group-address
VTEP在封装私网组播报文时使用MVXLAN的源接口的IP地址作为外层源地址。
同一台设备上所有MVXLAN实例使用的MVXLAN源接口必须一致。
MVXLAN源接口必须与建立BGP对等体时所使用的源接口相同,否则将无法获取正确的路由信息。
(1) 进入系统视图。
system-view
(2) 进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 进入MVXLAN IPv4地址族或MVXLAN IPv6地址族视图。
¡ 进入MVXLAN IPv4地址族视图。
address-family ipv4
¡ 进入MVXLAN IPv6地址族视图。
address-family ipv6
(4) 指定MVXLAN源接口。
source interface-type interface-number
缺省情况下,未指定MVXLAN源接口。
为了减少公网流量泛滥,节约带宽,可将Default-MDT切换为Data-MDT,实现组播流量按需转发。满足切换条件的组播流量不会立即切换到Data-MDT,而是等待一段延迟时间后再进行切换,以避免组播数据流量在Default-MDT与Data-MDT之间进行频繁切换。
同一台设备上,一个MVXLAN的Data-group范围不能包含任何其他MVXLAN的Default-group,也不能与其他任何MVXLAN的Data-group范围重叠。
对于同一个MVXLAN,IPv4 MVXLAN和IPv6 MVXLAN使用的Default-Group必须相同,Data-Group范围不能重叠。
所有VPN实例共用Data-Group资源,所以不建议在单个VPN实例内把Data-Group的范围配置的过大,否则会导致其他VPN实例无可用Data-Group。
(1) 进入系统视图。
system-view
(2) 进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(3) 进入MVXLAN IPv4地址族或MVXLAN IPv6地址族视图。
¡ 进入MVXLAN IPv4地址族视图。
address-family ipv4
¡ 进入MVXLAN IPv6地址族视图。
address-family ipv6
(4) 配置Data-Group的范围和切换条件。
data-group group-address { mask-length | mask } [ acl acl-number | name acl-name ]
缺省情况下,不存在Data-Group的范围,不会向Data-MDT进行切换。
(5) 配置由Default-MDT向Data-MDT切换的延迟时间。
data-delay delay
缺省情况下,由Default-MDT向Data-MDT切换的延迟时间为3秒。
在EVPN组网中运行组播业务时,需要在分布式EVPN网关的VSI虚接口上执行本命令将VSI虚接口配置为分布式DR(Designated Router,指定路由器)接口,从而强制指定自己为DR,用于将组播流量转发至本地站点。
(1) 进入系统视图。
system-view
(2) 进入VSI虚接口视图。
interface vsi-interface interface-number
(3) 将VSI虚接口配置为分布式DR接口。
pim distributed-dr
缺省情况下,VSI虚接口不是分布式DR接口。
本命令的详细介绍,请参见“IP组播命令参考”中的“PIM”。
执行本配置后,可以将某VPN实例的接收者的加入信息通过其它VPN实例发送至组播源,从而实现组播源和组播接收者位于不同的VPN网络之间的组播转发。
跨VPN组播转发路由的RPF选路策略分为:
· 基于L3VNI的RPF选路策略:即根据L3VNI判断是否进行跨VPN组播转发。
在组播源侧VTEP上配置该策略时,VTEP根据组播源所在VPN实例的L3VNI、组播源地址、组播组地址查找匹配的RPF选路策略。如果存在匹配的策略,则根据该RPF策略将组播流量引入到指定的VPN实例。
在组播接收者侧VTEP上配置该策略时,跨VPN组播转发机制为:
a. 组播源侧VTEP接收到组播源发送的组播报文后,为组播报文添加VXLAN头,VXLAN头中携带组播源所在VPN实例的L3VNI。
b. 组播接收者侧VTEP接收到VXLAN封装的组播报文后,如果该报文的L3VNI、组播源地址、组播组地址匹配了RPF选路策略,则根据该RPF策略将组播流量引入到指定的VPN实例。
· 基于VPN实例的RPF选路策略:即根据VPN实例判断是否进行跨VPN组播转发。
在组播源侧VTEP上配置该策略时,VTEP根据组播源所属的VPN实例、组播源地址、组播组地址查找匹配的RPF选路策略。如果存在匹配的策略,则根据该RPF策略将组播流量引入到指定的VPN实例。
在组播接收者侧VTEP上配置该策略时,跨VPN组播转发机制为:
a. 组播源侧VTEP接收到组播源发送的组播报文后,为组播报文添加VXLAN头,VXLAN头中携带组播源所在VPN实例的L3VNI。
b. 组播接收者侧VTEP接收到VXLAN封装的组播报文后,在本地查找L3VNI对应的VPN实例,如果L3VNI对应的VPN实例、组播源地址、组播组地址匹配了RPF选路策略,则根据该RPF策略将组播流量引入到指定的VPN实例。
跨VPN组网环境分为:
· 非对称跨VPN组网:组播接收者侧VTEP上不存在组播源所在的VPN实例。
该组网方式支持的跨VPN组播转发路由选路策略类型与选路策略配置的位置有关:
¡ 在组播源侧VTEP上,既可以配置基于L3VNI的选路策略,也可以配置基于VPN实例的选路策略。
¡ 在组播接收者侧VTEP上,只能配置基于L3VNI的选路策略。
· 对称跨VPN组网:组播接收者侧VTEP上存在组播源所在的VPN实例。
在这种组网中,组播源侧VTEP和组播接收者侧VTEP上,均可以配置基于L3VNI的选路策略和基于VPN实例的选路策略。
如果VTEP连接的部分组播接收者属于公网,则无论是对称跨VPN组网还是非对称跨VPN组网,都不能在RPF选路策略中指定l3-vni vxlan-id参数和vpn-instance vpn-instance-name参数。组播接收者侧VTEP上,为了实现在公网内转发组播流量的同时,将该流量引入到另一个VPN实例,需要配置与公网实例关联的L3VNI(假设为vxlan-id1),并在需要引入流量的VPN实例下配置未指定L3VNI和VPN实例的RPF选路策略(假设为policy-a)。组播接收者侧VTEP接收到L3VNI为vxlan-id1的组播报文后,如果该报文与RPF选路策略policy-a匹配,则会在公网和指定VPN实例内转发组播流量。
源VPN和接收者VPN必须运行相同的PIM模式,目前支持PIM-SM和PIM-SSM。
采用PIM-SM模式时,推荐使用下面的方式配置跨VPN选路策略:
· 只指定组播源方式:该方式下,必须配置两条选路策略,一条以服务于有跨VPN需求的组播组的RP地址作为源地址,一条以源VPN里的组播源作为源地址。如果存在多个有跨VPN需求的组播组,则推荐单独配置RP服务于这些组播组,同时需要将此RP配置为跨VPN组播路由的RPF选路策略的组播源地址。
· 只指定组播组方式:只需要配置一条指定源VPN中组播组地址的选路策略。
采用PIM-SSM方式时,推荐使用下面的方式配置跨VPN选路策略:一条同时指定源VPN内组播源地址和组播组地址的选路策略。
暂不支持通过基于L3VNI(指定l3-vni vxlan-id参数)的RPF选路策略将VSI虚接口接收到的公网组播流量(组播源所属的VSI与公网实例关联)引流到接收者VPN。
只支持一次跨VPN组播转发,接收者VPN不能同时作为源VPN,即配置VPN a引入VPN b中流量的跨VPN选路策略后,不能再配置VPN b引入VPN a中流量的跨VPN选路策略。
对于同一个组播源、组播组地址,不能同时配置基于L3VNI(指定l3-vni vxlan-id参数)和基于VPN实例的(指定vpn-instance vpn-instance-name参数)的选路策略。具体要求为:
· 采用PIM-SM模式时,对于同一个组播组地址,只能配置一条指定l3-vni vxlan-id参数或vpn-instance vpn-instance-name参数的选路策略。
· 采用PIM-SSM方式时,对于同一个组播源和组播组地址,只能配置一条指定l3-vni vxlan-id参数或vpn-instance vpn-instance-name参数的选路策略。
在一个接收者VPN(multicast routing [ vpn-instance vpn-instance-name ]命令指定的VPN)内,来自同一个源VPN的所有组播流量必须配置相同方式的选路策略,不能为不同组播源、组播组地址配置不同方式的选路策略。
如果在接收者VPN中配置了跨VPN的IPv4/IPv6组播路由的RPF选路策略,且该策略只指定了组播组地址,那么该VPN原先相同的VPN实例的组播流量转发将中断。
不同跨VPN策略的组播源地址和组播组地址范围不能完全相同,但是可以有重叠。若对于同一个(S,G)表项,存在多条匹配的选路策略,则按照最长匹配进行选择:
· 选择组地址掩码匹配最长的选路策略。
· 如果组地址掩码相同,则选择源地址掩码匹配最长的选路策略。
(1) 进入系统视图。
system-view
(2) 进入MRIB实例视图。
multicast routing [ vpn-instance vpn-instance-name ]
(3) 配置VPN的IPv4组播路由的RPF路策略。
multicast extranet select-rpf [ l3-vni vxlan-id | vpn-instance vpn-instance-name ] { source source-address { mask | mask-length } | group group-address { mask | mask-length } } *
(1) 进入系统视图。
system-view
(2) 进入IPv6 MRIB实例视图。
ipv6 multicast routing [ vpn-instance vpn-instance-name ]
(3) 配置VPN的IPv4组播路由的RPF路策略。
ipv6 multicast extranet select-rpf [ l3-vni vxlan-id | vpn-instance vpn-instance-name ] { group group-address prefix-length | source source-address prefix-length } *
在两台VTEP(或Border)设备上均指定采用源接口的地址作为M-LAG系统的虚拟地址,并为VTEP(或Border)设备配置相同的源接口地址后,这两台设备将虚拟成为一台设备。该设备采用虚拟地址作为组播源地址与远端设备建立MVXLAN隧道,从而避免设备单点故障对网络造成影响。
设备上需要同时使能二层组播和三层组播功能,组播VXLAN支持分布式聚合功能才能生效。
组播VXLAN支持分布式聚合组网中,需要在连接M-LAG系统成员设备的设备上配置BGP Add-Path(Additional Paths)功能,以便该设备从不同成员设备接收到相同前缀的BGP路由后,将这些路由都发布给BGP对等体,从而形成到达同一目的网络的多条路径。
组播VXLAN支持分布式聚合功能不能应用在如下场景:
· 暂不支持单挂AC(AC仅连接到M-LAG系统中的一台成员设备)接入。
· 仅支持以太网聚合链路作为peer-link链路,暂不支持VXLAN隧道作为peer-link链路。
· VTEP设备之间、VTEP与Border设备之间暂不支持采用M-LAG方式聚合接入。
仅支持根据组播目的地址、基于奇偶原则在成员设备之间进行组播流量的负载分担,不支持基于组播源地址进行负载分担。
当peer-link链路发生故障时,M-LAG系统中的成员设备会将MVXLAN隧道的源地址由虚拟地址转换为各自的本地地址,且不再进行Data-group切换,只沿Default-group转发流量。此时,成员设备之间不再进行组播流量的负载分担,成员设备转发所有接收到的组播流量。当peer-link链路恢复后,MVXLAN隧道的源地址由本地地址切换为虚拟地址,满足条件的情况下会进行Data-group切换。此时,成员设备之间会进行组播流量的负载分担。
如果Underlay网络的流量通过VLAN接口进入VTEP或Border设备,则建议在peer-link链路上配置不允许Underlay流量所在的VLAN通过;否则,可能会导致接收者收到两份相同的组播流量。
本配置与系统视图下的EVPN支持分布式聚合配置之间存在如下关系:
· 执行本配置的同时,需要执行evpn m-lag group命令开启EVPN的分布式聚合模式并配置虚拟VTEP/ED地址,且该地址必须与MVXLAN源接口的地址相同。
· 可以通过多种方式配置组成M-LAG系统的本地IP地址和远端IP地址。如果同时配置了多种方式,则对于某一个MVXLAN网络,优先级从高到底依次为:
a. MVXLAN地址族视图下的m-lag local命令:该配置仅对当前MVXLAN网络生效。
b. 系统视图下的multicast-vpn vxlan m-lag local命令:该配置对所有MVXLAN网络生效。
c. 系统视图下的evpn m-lag local命令:该配置对所有MVXLAN网络生效。
(1) 进入系统视图。
system-view
(2) 全局配置组成M-LAG系统的本地IP地址和远端IP地址。
multicast-vpn vxlan m-lag local local-ipv4-address remote remote-ipv4-address
缺省情况下,未全局指定组成M-LAG系统的本地IP地址和远端IP地址。
(3) 进入MVXLAN视图。
multicast-vpn vxlan vpn-instance instance-name mode mdt
(4) 进入MVXLAN IPv4地址族或MVXLAN IPv6地址族视图。
¡ 进入MVXLAN IPv4地址族视图。
address-family ipv4
¡ 进入MVXLAN IPv6地址族视图。
address-family ipv6
(5) 配置组成M-LAG系统的本地IP地址和远端IP地址。
m-lag local local-ipv4-address remote remote-ipv4-address
缺省情况下,未指定组成M-LAG系统的本地IP地址和远端IP地址。
(6) 指定MVXLAN源接口,并指定虚拟地址为源接口的地址。
source interface-type interface-number evpn-mlag-group
缺省情况下,未指定MVXLAN源接口。
(7) (可选)配置peer-link链路的保留VLAN。
a. 依次执行以下命令进入VLAN视图。
quit
quit
vlan vlan-id
b. 配置当前VLAN为peer-link链路的保留VLAN。
m-lag peer-link reserved
缺省情况下,当前VLAN不是peer-link链路的保留VLAN。
本命令的详细介绍,请参见“二层技术-以太网交换命令参考”中的“M-LAG”。
在完成上述配置后,在任意视图下执行display命令可以显示配置后的MDT模式组播VXLAN的运行情况,通过查看显示信息验证配置的效果。
表3-1 MDT模式组播VXLAN显示和维护
|
命令 |
|
|
显示MVXLAN接收到的用于封装IPv4私网组播报文的Data-Group信息 |
display multicast-vpn vxlan { vpn-instance instance-name | public-instance } data-group receive [ brief | [ active | group group-address | sender source-address | vpn-source-address [ mask { mask-length | mask } ] | vpn-group-address [ mask { mask-length | mask } ] ] * ] |
|
显示MVXLAN发送的用于封装IPv4私网组播报文的Data-Group信息 |
display multicast-vpn vxlan { vpn-instance instance-name | public-instance } data-group send [ group group-address | vpn-source-address [ mask { mask-length | mask } ] | vpn-group-address [ mask { mask-length | mask } ] ] * |
|
显示MVXLAN中用于封装IPv4私网组播报文的Default-Group信息 |
display multicast-vpn vxlan [ vpn-instance instance-name | public-instance ] default-group { local | remote } |
|
显示MVXLAN接收到的用于封装IPv6私网组播报文的Data-Group信息 |
display multicast-vpn vxlan vpn-instance instance-name ipv6 data-group receive [ brief | [ active | group group-address | sender source-address | vpn-source-address [ prefix-length ] | vpn-group-address [ prefix-length ] ] * ] |
|
显示MVXLAN发送的用于封装IPv6私网组播报文的Data-Group信息 |
display multicast-vpn vxlan vpn-instance instance-name ipv6 data-group send [ group group-address | vpn-source-address [ prefix-length ] | vpn-group-address [ prefix-length ] ] * |
|
显示MVXLAN中用于封装IPv6私网组播报文的Default-Group信息 |
display multicast-vpn vxlan [ vpn-instance instance-name ] ipv6 default-group { local | remote } |
Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。
虚拟机VM 1为组播源,其余VM为组播接收者,VM1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。VM 2、VM 3和VM 4均可通过分布式EVPN接收组播组225.0.0.0的组播流量。
图3-1 相同VPN内MVXLAN三层组播互通配置举例
(1) 配置IP地址和单播路由协议
# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建VLAN接口11并进入视图。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 创建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 创建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 创建VLAN接口12并进入视图。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 创建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 创建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2通过。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
# 配置端口Ten-GigabitEthernet1/0/2为Trunk端口,允许VLAN 3通过。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 配置VPN实例vpna的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 1:1
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] source loopback 0
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 12.12.12.12
[SwitchB-pim-vpna] c-rp 12.12.12.12
[SwitchB-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
(4) 配置Switch C
# 开启L2VPN能力,使能IP组播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VLAN接口13并进入视图。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 1:1
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN实例vpna中的IP组播路由。
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] source loopback 0
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 12.12.12.12
[SwitchC-pim-vpna] c-rp 12.12.12.12
[SwitchC-pim-vpna] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100
# 将缺省路由引入到VPN实例vpna的BGP IPv4单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpna] default-route imported
[SwitchC-bgp-default-ipv4-vpna] import-route static
[SwitchC-bgp-default-ipv4-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# 创建VLAN 20,并进入VLAN视图。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置连接广域网的接口Vlan-interface20与VPN实例vpna关联。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
(5) 配置Switch D
# 使能IP组播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D与其他交换机建立BGP连接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的组播路由信息。
# 查看Swich A上VPN实例vpna的组播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# 查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:16:34, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:08:52
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:15:34, Expires: 00:03:11
(2) 查看Switch B的组播路由信息。
# 查看Switch B的VPN实例vpna的组播路由信息。
<SwitchB> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 05:04:06
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: igmp, UpTime: 05:04:06, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ FROMVXLAN
UpTime: 01:57:12
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 01:57:12, Expires: -
# 查看Switch B公网的路由信息。
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 01:59:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:59:46, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT
UpTime: 01:58:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:58:46, Expires: -
Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能MLD Snooping功能,用于建立组播转发表项。
虚拟机VM 1为组播源,其余VM为组播接收者,VM1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。VM 2、VM 3和VM 4均可通过分布式EVPN接收组播组FF1E::的组播流量。
图3-2 相同VPN内MVXLAN三层组播互通配置举例
(1) 配置IP地址和单播路由协议
# 在VM 1和VM 3上指定网关地址为10:1::1:1;在VM 2和VM 4上指定网关地址为10:1::2:1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的MLD Snooping功能。
[SwitchA] mld-snooping
[SwitchA-mld-snooping] quit
# 关闭远端MAC地址和远端ND自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel nd-learning disable
# 创建VLAN接口11并进入视图。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能MLD Snooping和MLD Snooping proxy功能。
[SwitchA-vsi-vpna] mld-snooping enable
[SwitchA-vsi-vpna] mld-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能MLD Snooping和MLD Snooping proxy功能。
[SwitchA-vsi-vpnb] mld-snooping enable
[SwitchA-vsi-vpnb] mld-snooping proxy enable
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 创建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 创建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv6
[SwitchA-vpn-ipv6-vpna] vpn-target 1:1
[SwitchA-vpn-ipv6-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ipv6 address 10:1::1:1 96
[SwitchA-Vsi-interface1] ipv6 pim sm
[SwitchA-Vsi-interface1] ipv6 pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ipv6 address 10:1::2:1 96
[SwitchA-Vsi-interface2] mld enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] ipv6 pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] ipv6 multicast routing vpn-instance vpna
[SwitchA-mrib6-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv6地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv6
[SwitchA-mvxlan-vpna-ipv6] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv6] source loopback 0
[SwitchA-mvxlan-vpna-ipv6] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv6] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ipv6 address 12:12::12:12 128
[SwitchA-LoopBack1] ipv6 pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的IPv6 PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchA] ipv6 pim vpn-instance vpna
[SwitchA-pim6-vpna] c-bsr 12:12::12:12
[SwitchA-pim6-vpna] c-rp 12:12::12:12
[SwitchA-pim6-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的MLD Snooping功能。
[SwitchB] mld-snooping
[SwitchB-mld-snooping] quit
# 关闭远端MAC地址和远端ND自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel nd-learning disable
# 创建VLAN接口12并进入视图。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能MLD Snooping和MLD Snooping proxy功能。
[SwitchB-vsi-vpna] mld-snooping enable
[SwitchB-vsi-vpna] mld-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能MLD Snooping和MLD Snooping proxy功能。
[SwitchB-vsi-vpnb] mld-snooping enable
[SwitchB-vsi-vpnb] mld-snooping proxy enable
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 创建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 创建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2通过。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
# 配置端口Ten-GigabitEthernet1/0/2为Trunk端口,允许VLAN 3通过。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 配置VPN实例vpna的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv6
[SwitchB-vpn-ipv6-vpna] vpn-target 1:1
[SwitchB-vpn-ipv6-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ipv6 address 10:1::1:1 96
[SwitchB-Vsi-interface1] mld enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpna
[SwitchB-Vsi-interface2] ipv6 address 10:1::2:1 96
[SwitchB-Vsi-interface2] mld enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] ipv6 pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchB] ipv6 multicast routing vpn-instance vpna
[SwitchB-mrib6-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv6地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv6
[SwitchB-mvxlan-vpna-ipv6] source loopback 0
[SwitchB-mvxlan-vpna-ipv6] quit
[SwitchB-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ipv6 address 12:12::12:12 128
[SwitchB-LoopBack1] ipv6 pim sm
[SwitchB-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchB] ipv6 pim vpn-instance vpna
[SwitchB-pim6-vpna] c-bsr 12:12::12:12
[SwitchB-pim6-vpna] c-rp 12:12::12:12
[SwitchB-pim6-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
(4) 配置Switch C
# 开启L2VPN能力,使能IP组播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 关闭远端MAC地址和远端ND自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel nd-learning disable
# 创建VLAN接口13并进入视图。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv6
[SwitchC-vpn-ipv6-vpna] vpn-target 1:1
[SwitchC-vpn-ipv6-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] ipv6 pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN实例vpna中的IP组播路由。
[SwitchC] ipv6 multicast routing vpn-instance vpna
[SwitchC-mrib6-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv6地址族视图,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv6
[SwitchC-mvxlan-vpna-ipv6] source loopback 0
[SwitchC-mvxlan-vpna-ipv6] quit
[SwitchC-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ipv6 address 12:12::12:12 128
[SwitchC-LoopBack1] ipv6 pim sm
[SwitchC-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchC] ipv6 pim vpn-instance vpna
[SwitchC-pim6-vpna] c-bsr 12:12::12:12
[SwitchC-pim6-vpna] c-rp 12:12::12:12
[SwitchC-pim6-vpna] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20:1::1:100。
[SwitchC] ipv6 route-static vpn-instance vpna 0::0 20:1::1:100
# 将缺省路由引入到VPN实例vpna的BGP IPv6单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpna
[SwitchC-bgp-default-vpna] address-family ipv6 unicast
[SwitchC-bgp-default-ipv6-vpna] default-route imported
[SwitchC-bgp-default-ipv6-vpna] import-route static
[SwitchC-bgp-default-ipv6-vpna] quit
[SwitchC-bgp-default-vpna] quit
[SwitchC-bgp-default] quit
# 创建VLAN 20,并进入VLAN视图。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置连接广域网的接口Vlan-interface20与VPN实例vpna关联。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpna
[SwitchC-Vlan-interface20] ipv6 address 20:1::1:3 96
[SwitchC-Vlan-interface20] ipv6 pim sm
[SwitchC-Vlan-interface20] quit
(5) 配置Switch D
# 使能IP组播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D与其他交换机建立BGP连接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的组播路由信息。
# 查看Swich A上VPN实例vpna的组播路由信息。
<SwitchA> display ipv6 pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, FF1E::1)
RP: 12:12::12:12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(10:1::1:10, FF1E::1)
RP: 12:12::12:12 (local)
Protocol: pim-sm, Flag: SPT LOC ACT SQ RC SRC-ACT 2MVPN
UpTime: 04:44:08
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:00:27, Expires: -
# 查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:16:34, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:08:52
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:15:34, Expires: 00:03:11
(2) 查看Switch B的组播路由信息。
# 查看Switch B的VPN实例vpna的组播路由信息。
<SwitchB> display ipv6 pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, FF1E::1)
RP: 12:12::12:12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 05:04:06
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: mld, UpTime: 05:04:06, Expires: -
(10:1::1:10, FF1E::1)
RP: 12:12::12::12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ FROMVXLAN
UpTime: 01:57:12
Upstream interface: MVXLAN-UPE0 (::)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 01:57:12, Expires: -
# 查看Switch B公网的路由信息。
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 01:59:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:59:46, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT
UpTime: 01:58:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 01:58:46, Expires: -
Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。
虚拟机VM 1为组播源,其余VM为组播接收者。VM 1、VM 2和VM 3属于VPN实例vpna,VM 4属于VPN实例vpnb。VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。
图3-3 对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)
组播接收者侧VTEP上存在组播源所在的VPN实例,该组网为对称跨VPN组网。在该组网中,组播源侧VTEP和组播接收者侧VTEP上相同VPN的RT必须相同,且只需要在与源VPN相同的VPN实例内配置组播VXLAN。
在对称跨VPN组网中,跨VPN组播转发路由的RPF选路策略既可以配置组播源侧VTEP上,也可以配置在组播接收者侧VTEP上。在组播接收者侧VTEP上,既可以配置基于L3VNI的选路策略,也可以配置基于VPN实例的选路策略。本举例仅以组播接收者侧VTEP上配置基于L3VNI的选路策略为例。
(1) 配置IP地址和单播路由协议
# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建VLAN接口11并进入视图。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 创建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 创建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN,并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 创建VLAN接口12并进入视图。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 创建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 创建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2通过。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000]encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
# 配置端口Ten-GigabitEthernet1/0/2为Trunk端口,允许VLAN 3通过。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 配置VPN实例vpna的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 1:1
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VPN实例vpnb的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# 使能VPN实例vpnb的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# 创建VPN实例vpna的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] source loopback 0
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpna
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpna的C-BSR和C-RP
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 12.12.12.12
[SwitchB-pim-vpna] c-rp 12.12.12.12
[SwitchB-pim-vpna] quit
# 创建接口LoopBack2,并配置LoopBack2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpnb
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为VPN实例vpnb的C-BSR和C-RP
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 13.13.13.13
[SwitchB-pim-vpnb] c-rp 13.13.13.13
[SwitchB-pim-vpnb] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 配置跨VPN策略,将VPN实例vpna的流量引入到VPN实例vpnb中。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
[SwitchB-mrib-vpnb] quit
(4) 配置Switch C
# 开启L2VPN能力,使能IP组播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VLAN接口13并进入视图。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 1:1
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 配置VPN实例vpnb的RD和RT。
[SwitchC] ip vpn-instance vpnb
[SwitchC-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchC-vpn-instance-vpnb] address-family ipv4
[SwitchC-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchC-vpn-ipv4-vpnb] quit
[SwitchC-vpn-instance-vpnb] address-family evpn
[SwitchC-vpn-evpn-vpnb] vpn-target 1:1
[SwitchC-vpn-evpn-vpnb] quit
[SwitchC-vpn-instance-vpnb] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN实例vpna中的IP组播路由。
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# 使能VPN实例vpnb中的IP组播路由。
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] quit
# 创建VPN实例vpna的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] source loopback 0
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpna的C-BSR和C-RP
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 12.12.12.12
[SwitchC-pim-vpna] c-rp 12.12.12.12
[SwitchC-pim-vpna] quit
# 创建接口LoopBack2,并配置LoopBack2接口。
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpnb
[SwitchC-LoopBack2] ip address 13.13.13.13 32
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为VPN实例vpnb的C-BSR和C-RP
[SwitchC] pim vpn-instance vpnb
[SwitchC-pim-vpnb] c-bsr 13.13.13.13
[SwitchC-pim-vpnb] c-rp 13.13.13.13
[SwitchC-pim-vpnb] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpnb 0.0.0.0 0 20.1.1.100
# 将缺省路由引入到VPN实例vpnb的BGP IPv4单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpnb
[SwitchC-bgp-default-vpnb] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpnb] default-route imported
[SwitchC-bgp-default-ipv4-vpnb] import-route static
[SwitchC-bgp-default-ipv4-vpnb] quit
[SwitchC-bgp-default-vpnb] quit
[SwitchC-bgp-default] quit
# 创建VLAN接口20并进入视图。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置连接广域网的接口Vlan-interface 20与VPN实例vpnb关联。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpnb
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
# 配置跨VPN策略将VPN实例vpna的流量转发到VPN实例vpnb中。
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
[SwitchC-mrib-vpnb] quit
(5) 配置Switch D
# 使能IP组播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D与其他交换机建立BGP连接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的组播路由信息。
# 查看Swich A上VPN实例vpna的组播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 03:01:20
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 03:01:22, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 03:01:20
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 03:01:22, Expires: -
# 查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 04:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 04:09:40, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:00:20
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:00:20, Expires: 00:03:11
(2) 查看Switch B的组播路由信息。
# 查看Switch B的VPN实例vpna的组播路由信息。
<SwitchB> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 03:01:20
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 03:01:20, Expires: -
2: Vsi-interface1
Protocol: igmp, UpTime: 03:01:20, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT FROMVXLAN
UpTime: 03:00:20
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 03:00:20, Expires: -
2: Vsi-interface1
Protocol: pim-sm, UpTime: 03:00:20, Expires: -
# 查看Switch B的VPN实例vpnb的组播路由信息。
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 03:01:20
Upstream interface: Extranet (VPN: vpna, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: igmp, UpTime: 05:04:11, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 03:00:20
Upstream interface: Extranet (VPN: vpna, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: pim-sm, UpTime: 03:00:20, Expires: -
# 查看Switch B公网的路由信息。
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 04:09:00
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:09:40, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 03:00:20
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:00:20, Expires: -
Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。
虚拟机VM 1为组播源,其余VM为组播接收者。VM 1和VM 2属于VPN实例vpna,VM 3属于VPN实例vpnb,VM 4属于VPN实例vpnc。VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。
图3-4 非对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)
组播接收者侧VTEP上不存在组播源所在的VPN实例,该组网为非对称跨VPN组网。在该组网中,组播接收者侧VTEP上组播接收者所在VPN实例的RT必须和组播源侧VTEP上组播源所在VPN实例的RT相同。
在非对称跨VPN组网中,跨VPN组播转发路由的RPF选路策略既可以配置组播源侧VTEP上,也可以配置在组播接收者侧VTEP上。在组播接收者侧VTEP上,仅可以配置基于L3VNI的选路策略。本举例仅以组播接收者侧VTEP上配置基于L3VNI的选路策略为例。
(1) 配置IP地址和单播路由协议
# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建VLAN接口11并进入视图。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 创建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 创建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 创建VLAN接口12并进入视图。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 创建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 创建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2通过。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000]encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
# 配置端口Ten-GigabitEthernet1/0/2为Trunk端口,允许VLAN 3通过。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 配置VPN实例vpnb的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置VPN实例vpnc的RD和RT。
[SwitchB] ip vpn-instance vpnc
[SwitchB-vpn-instance-vpnc] route-distinguisher 3:3
[SwitchB-vpn-instance-vpnc] address-family ipv4
[SwitchB-vpn-ipv4-vpnc] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnc] quit
[SwitchB-vpn-instance-vpnc] address-family evpn
[SwitchB-vpn-evpn-vpnc] vpn-target 1:1
[SwitchB-vpn-evpn-vpnc] quit
[SwitchB-vpn-instance-vpnc] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnc
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置公网实例对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN实例vpnb的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# 使能VPN实例vpnc的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpnc
[SwitchB-mrib-vpnc] quit
# 创建VPN实例vpnb的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchB-mvxlan-vpnb] address-family ipv4
[SwitchB-mvxlan-vpnb-ipv4] source loopback 0
[SwitchB-mvxlan-vpnb-ipv4] quit
[SwitchB-mvxlan-vpnb] quit
# 创建VPN实例vpnc的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpnc mode mdt
[SwitchB-mvxlan-vpnc] address-family ipv4
[SwitchB-mvxlan-vpnc-ipv4] source loopback 0
[SwitchB-mvxlan-vpnc-ipv4] quit
[SwitchB-mvxlan-vpnc] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpnb
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpnb的C-BSR和C-RP
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 12.12.12.12
[SwitchB-pim-vpnb] c-rp 12.12.12.12
[SwitchB-pim-vpnb] quit
# 创建接口LoopBack2,并配置LoopBack2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpnc
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为VPN实例vpnc的C-BSR和C-RP
[SwitchB] pim vpn-instance vpnc
[SwitchB-pim-vpnc] c-bsr 13.13.13.13
[SwitchB-pim-vpnc] c-rp 13.13.13.13
[SwitchB-pim-vpnc] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 配置跨VPN策略,将源VPN实例vpna的流量引入到接收者VPN实例vpnb和vpnc中。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
[SwitchB-mrib-vpnb] quit
[SwitchB] multicast routing vpn-instance vpnc
[SwitchB-mrib-vpnc] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
[SwitchB-mrib-vpnc] quit
(4) 配置Switch C
# 开启L2VPN能力,使能IP组播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VLAN接口13并进入视图。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN实例vpnb的RD和RT。
[SwitchC] ip vpn-instance vpnb
[SwitchC-vpn-instance-vpnb] route-distinguisher 1:1
[SwitchC-vpn-instance-vpnb] address-family ipv4
[SwitchC-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchC-vpn-ipv4-vpnb] quit
[SwitchC-vpn-instance-vpnb] address-family evpn
[SwitchC-vpn-evpn-vpnb] vpn-target 1:1
[SwitchC-vpn-evpn-vpnb] quit
[SwitchC-vpn-instance-vpnb] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置公网实例对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN实例vpnb中的IP组播路由。
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] quit
# 创建VPN实例vpnb的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchC-mvxlan-vpnb] address-family ipv4
[SwitchC-mvxlan-vpnb-ipv4] source loopback 0
[SwitchC-mvxlan-vpnb-ipv4] quit
[SwitchC-mvxlan-vpnb] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpnb
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpnb的C-BSR和C-RP
[SwitchC] pim vpn-instance vpnb
[SwitchC-pim-vpnb] c-bsr 12.12.12.12
[SwitchC-pim-vpnb] c-rp 12.12.12.12
[SwitchC-pim-vpnb] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。
[SwitchC] ip route-static vpn-instance vpnb 0.0.0.0 0 20.1.1.100
# 将缺省路由引入到VPN实例vpnb的BGP IPv4单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] ip vpn-instance vpnb
[SwitchC-bgp-default-vpnb] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4-vpnb] default-route imported
[SwitchC-bgp-default-ipv4-vpnb] import-route static
[SwitchC-bgp-default-ipv4-vpnb] quit
[SwitchC-bgp-default-vpnb] quit
[SwitchC-bgp-default] quit
# 创建VLAN接口20并进入视图。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置连接广域网的接口Vlan-interface 20与VPN实例vpnb关联。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip binding vpn-instance vpnb
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
# 配置跨VPN策略将VPN实例vpna的流量转发到VPN实例vpnb中。
[SwitchC] multicast routing vpn-instance vpnb
[SwitchC-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16
[SwitchC-mrib-vpnb] quit
(5) 配置Switch D
# 使能IP组播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D与其他交换机建立BGP连接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的组播路由信息。
# 查看Swich A上VPN实例vpna的组播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:56:31, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 02:56:31
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:21, Expires: -
2: Vsi-interface2
Protocol: igmp, UpTime: 02:56:31, Expires: -
# 查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:08:52, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:55:31
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 02:55:20, Expires: 00:03:11
(2) 查看Switch B的组播路由信息。
# 查看Switch B的VPN实例vpnb的组播路由信息。
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:32
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: igmp, UpTime: 02:56:32, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:55:20
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 02:55:20, Expires: -
# 查看Switch B的VPN实例vpnc的组播路由信息。
<SwitchB> display pim vpn-instance vpnc routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:32
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: igmp, UpTime: 02:56:32, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:55:20
Upstream interface: Extranet (public instance, l3-vni: 1000)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: pim-sm, UpTime: 02:55:20, Expires: -
# 查看Switch B公网的路由信息。
<SwitchB> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 03:08:52
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:08:52, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 02:55:31
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 02:55:31, Expires: -
Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。
虚拟机VM 1为组播源,其余VM为组播接收者。VM 1和VM 2属于VPN实例vpna,VM 3属于公网,VM 4属于VPN实例vpnb。VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。
图3-5 存在公网接收者跨VPN组网MVXLAN三层组播互通配置举例
组播接收者侧VTEP上只有公网加入,不需要配置跨VPN策略,需要配置公网实例的MVXLAN配置。
接收者侧VTEP上如果同时存在公网加入和其他私网加入,公网加入不需要配置跨VPN策略,但是私网加入必须配置不带l3-vni参数和vpn-instance参数的跨VPN策略。这种组网可以配置公网实例的MVXLAN配置或者私网实例的MVXLAN配置。
(1) 配置IP地址和单播路由协议
# 在VM 1和VM 2上指定网关地址为10.1.1.1;在VM 3和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建VLAN接口11并进入视图。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
# 在接口Vlan-interface 11上使能PIM-SM。
[SwitchA-Vlan-interface11] pim sm
[SwitchA-Vlan-interface11] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpnb] igmp-snooping enable
[SwitchA-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 创建VLAN 2。
[SwitchA] vlan 2
[SwitchA-vlan2] quit
# 创建VLAN 3。
[SwitchA] vlan 3
[SwitchA-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchA-Vsi-interface2] igmp enable
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 12.12.12.12 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpna的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 12.12.12.12
[SwitchA-pim-vpna] c-rp 12.12.12.12
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
(3) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 创建VLAN接口12并进入视图。
[SwitchB] vlan 12
[SwitchB-vlan12] quit
[SwitchB] interface vlan-interface 12
# 在接口Vlan-interface 12上配置PIM-SM。
[SwitchB-Vlan-interface12] pim sm
[SwitchB-Vlan-interface12] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpnb] igmp-snooping enable
[SwitchB-vsi-vpnb] igmp-snooping proxy enable
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP发布EVPN路由
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 创建VLAN 2。
[SwitchB] vlan 2
[SwitchB-vlan2] quit
# 创建VLAN 3。
[SwitchB] vlan 3
[SwitchB-vlan3] quit
# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2通过。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000]encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
# 配置端口Ten-GigabitEthernet1/0/2为Trunk端口,允许VLAN 3通过。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。
[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3
# 配置以太网服务实例2000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 配置VPN实例vpnb 的L3VNI的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 1:1
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 配置公网实例的RD和RT。
[SwitchB] ip public-instance
[SwitchB-public-instance] route-distinguisher 2:2
[SwitchB-public-instance] address-family ipv4
[SwitchB-public-instance-ipv4] vpn-target 1:1
[SwitchB-public-instance-ipv4] quit
[SwitchB-public-instance] address-family evpn
[SwitchB-public-instance-evpn] vpn-target 1:1
[SwitchB-public-instance-evpn] quit
[SwitchB-public-instance] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface2] igmp enable
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface4,在该接口上配置公网实例对应的L3VNI为1000。
[SwitchB] interface vsi-interface 4
[SwitchB-Vsi-interface4] l3-vni 1000
[SwitchB-Vsi-interface4] pim sm
[SwitchB-Vsi-interface4] quit
# 使能VPN实例vpnb的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] quit
# 创建VPN实例vpnb的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt
[SwitchB-mvxlan-vpnb] address-family ipv4
[SwitchB-mvxlan-vpnb-ipv4] source loopback 0
[SwitchB-mvxlan-vpnb-ipv4] quit
[SwitchB-mvxlan-vpnb] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance vpnb
[SwitchB-LoopBack1] ip address 12.12.12.12 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 进入VPN实例vpnb的PIM视图,并将接口LoopBack1配置为VPN实例vpnb的C-BSR和C-RP,并配置C-RP策略。
[SwitchB] pim vpn-instance vpnb
[SwitchB-pim-vpnb] c-bsr 12.12.12.12
[SwitchB-pim-vpnb] c-rp 12.12.12.12
[SwitchB-pim-vpnb] quit
# 创建接口LoopBack2,并配置LoopBack2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip address 13.13.13.13 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 创建一个编号为2000的IPv4基本ACL,并进入其视图。仅允许来自225.0.0.0/8网段的报文通过,而拒绝来自所有其它网段的报文通过。
[SwitchB-acl-ipv4-basic-2000] acl basic 2000
[SwitchB-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchB-acl-ipv4-basic-2000] quit
# 进入公网实例的PIM视图,并将接口LoopBack2配置为公网实例的C-BSR和C-RP,并配置C-RP策略。
[SwitchB] pim
[SwitchB-pim] c-bsr 13.13.13.13
[SwitchB-pim] c-rp 13.13.13.13 group-policy 2000
[SwitchB-pim] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 在VPN实例vpnb中配置跨VPN策略,将流量引入到公网和VPN实例vpnb中。
[SwitchB] multicast routing vpn-instance vpnb
[SwitchB-mrib-vpnb] multicast extranet select-rpf group 225.0.0.0 16
[SwitchB-mrib-vpnb] quit
(4) 配置Switch C
# 开启L2VPN能力,使能IP组播路由。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VLAN接口13并进入视图。
[SwitchC] vlan 13
[SwitchC-vlan13] quit
[SwitchC] interface vlan-interface 13
# 在接口Vlan-interface 13上使能PIM-SM。
[SwitchC-Vlan-interface13] pim sm
[SwitchC-Vlan-interface13] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置公网实例的RD和RT。
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 1:1
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance] vpn-target 1:1
[SwitchC-public-instance] quit
[SwitchC-public-instance] address-family evpn
[SwitchC-public-instance] vpn-target 1:1
[SwitchC-public-instance] quit
[SwitchC-public-instance] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置公网实例对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 创建公网实例的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。
[SwitchC] multicast-vpn vxlan public-instance mode mdt
[SwitchC-mvxlan-public-instance] address-family ipv4
[SwitchC-mvxlan-public-instance-ipv4] source loopback 0
[SwitchC-mvxlan-public-instance-ipv4] quit
[SwitchC-mvxlan-public-instance] quit
# 创建接口LoopBack1,并配置LoopBack1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip address 12.12.12.12 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 创建一个编号为2000的IPv4基本ACL,并进入其视图。仅允许来自225.0.0.0/8网段的报文通过,而拒绝来自所有其它网段的报文通过。
[SwitchC-acl-ipv4-basic-2000] acl basic 2000
[SwitchC-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255
[SwitchC-acl-ipv4-basic-2000] qui
# 进入公网实例的PIM视图,并将接口LoopBack1配置为公网实例的C-BSR和C-RP
[SwitchC] pim
[SwitchC-pim] c-bsr 12.12.12.12
[SwitchC-pim] c-rp 12.12.12.12 group-policy 2000
[SwitchC-pim] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。
[SwitchC] ip route-static 0.0.0.0 0 20.1.1.100
# 将缺省路由引入到公网实例的BGP IPv4单播路由表中。
[SwitchC] bgp 200
[SwitchC-bgp-default] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4] default-route imported
[SwitchC-bgp-default-ipv4] import-route static
[SwitchC-bgp-default-ipv4] quit
[SwitchC-bgp-default] quit
# 创建VLAN接口20并进入视图。
[SwitchC] vlan 20
[SwitchC-vlan20] quit
# 配置连接广域网的接口Vlan-interface 20与公网实例关联。
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip address 20.1.1.3 24
[SwitchC-Vlan-interface20] pim sm
[SwitchC-Vlan-interface20] quit
(5) 配置Switch D
# 使能IP组播路由。
<SwitchD> system-view
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP
[SwitchD] pim
[SwitchD-pim] c-bsr 4.4.4.4
[SwitchD-pim] c-rp 4.4.4.4
[SwitchD-pim] quit
# 在接口Vlan-interface11上使能PIM-SM。
[SwitchD] interface vlan-interface11
[SwitchD-Vlan-interface11] pim sm
[SwitchD-Vlan-interface11] quit
# 在接口Vlan-interface12上使能PIM-SM。
[SwitchD] interface vlan-interface12
[SwitchD-Vlan-interface12] pim sm
[SwitchD-Vlan-interface12] quit
# 在接口Vlan-interface13上使能PIM-SM。
[SwitchD] interface vlan-interface13
[SwitchD-Vlan-interface13] pim sm
[SwitchD-Vlan-interface13] quit
# 配置Switch D与其他交换机建立BGP连接。
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(1) 查看Switch A的组播路由信息。
# 查看Swich A上VPN实例vpna的组播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 02:57:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 02:57:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 02:56:31
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 02:56:31, Expires: -
# 查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:09:52
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 03:09:50, Expires: 00:03:10
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 02:55:31
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 02:55:28, Expires: 00:03:11
(2) 查看Switch B的组播路由信息。
# 查看Switch B的VPN实例vpnb的组播路由信息。
<SwitchB> display pim vpn-instance vpnb routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:35
Upstream interface: Extranet (public instance)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 11: Vsi-interface2
Protocol: igmp, UpTime: 02:56:35, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:56:31
Upstream interface: Extranet (public instance)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1 1: Vsi-interface2
Protocol: igmp, UpTime: 02:56:31, Expires: -
# 查看Switch B公网的路由信息。
<SwitchB> display pim routing-table
Total 1 (*, G) entries; 3 (S, G) entries
(*, 225.0.0.0)
RP: 13.13.13.13 (local)
Protocol: pim-sm, Flag: WC
UpTime: 02:56:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface 1
Protocol: igmp, UpTime: 02:56:31, Expires: -
2: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 02:56:31, Expires: -
(10.1.1.10, 225.0.0.0)
RP: 12.12.12.12 (local)
Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN
UpTime: 02:56:30
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface 1
Protocol: igmp, UpTime: 02:56:31, Expires: -
2: Extranet (VPN: vpnb)
Protocol: MD, UpTime: 02:56:31, Expires: -
(1.1.1.1, 236.0.0.1)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT
UpTime: 03:00:46
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 03:00:46, Expires: -
(1.1.1.1, 239.0.1.0)
RP: 4.4.4.4
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 02:56:31
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.4
RPF prime neighbor: 12.1.1.4
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 02:56:31, Expires: -
在组播VXLAN组网中,连接组播源和组播接收者的分布式EVPN网关、Border上均配置M-LAG,以提高网络的可靠性。具体需求如下:
· Switch A和Switch B连接组播源Source 1。采用M-LAG将Switch A和Switch B虚拟成一台设备,作为分布式EVPN网关。
· Switch C和Switch D连接组播接收者Receiver 1。采用M-LAG将Switch C和Switch D虚拟成一台设备,作为分布式EVPN网关。
· Switch E和Switch F连接组播接收者Receiver 2。采用M-LAG将Switch E和Switch F虚拟成一台设备,作为与广域网连接的边界网关设备Border,同时作为反射器在交换机之间反射路由。
· 所有M-LAG系统均采用以太网聚合链路作为peer-link链路。
· 在Switch A~Switch F上配置VLAN 100为peer-link链路的保留VLAN,并将peer-link接口添加到VLAN 100中,以实现上行链路故障时三层组播流量通过peer-link链路进行逃生。
· 各台设备上均使能IGMP Snooping功能,用于建立组播转发表项。
· 在各设备的公网接口上配置PIM-SM。
· 组播源Source 1、组播接收者Receiver 1、组播接收者Receiver 2均属于VXLAN 10。Receiver 1和Receiver 2可以接收Source 1发送的组播流量。
图3-6 组播VXLAN分布式聚合组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Switch A |
Loop0 |
1.1.1.1/32 |
Switch B |
Loop0 |
2.2.2.2/32 |
|
|
Loop1 |
1.2.3.4/32 |
|
Loop1 |
1.2.3.4/32 |
|
|
Loop2 |
1.2.3.4/32 |
|
Loop2 |
1.2.3.4/32 |
|
|
Vlan-int2 |
192.168.1.1/24 |
|
Vlan-int2 |
192.168.1.2/24 |
|
|
Vlan-int3 |
30.1.1.1/24 |
|
Vlan-int5 |
50.1.1.2/24 |
|
|
Vlan-int4 |
40.1.1.1/24 |
|
Vlan-int6 |
60.1.1.2/24 |
|
|
Vlan-int100 |
100.1.1.1/24 |
|
Vlan-int100 |
100.1.1.2/24 |
|
Switch C |
Loop0 |
3.3.3.3/32 |
Switch D |
Loop0 |
4.4.4.4/32 |
|
|
Loop1 |
1.2.3.6/32 |
|
Loop1 |
1.2.3.6/32 |
|
|
Loop2 |
1.2.3.6/32 |
|
Loop2 |
1.2.3.6/32 |
|
|
Vlan-int7 |
70.1.1.3/24 |
|
Vlan-int9 |
90.1.1.4/24 |
|
|
Vlan-int8 |
80.1.1.3/24 |
|
Vlan-int10 |
100.1.1.4/24 |
|
|
Vlan-int12 |
192.168.3.1/24 |
|
Vlan-int12 |
192.168.3.2/24 |
|
|
Vlan-int100 |
100.1.1.3/24 |
|
Vlan-int100 |
100.1.1.4/24 |
|
Switch E |
Loop0 |
5.5.5.5/32 |
Switch F |
Loop0 |
6.6.6.6/32 |
|
|
Loop1 |
1.2.3.5/32 |
|
Loop1 |
1.2.3.5/32 |
|
|
Loop2 |
1.2.3.5/32 |
|
Loop2 |
1.2.3.5/32 |
|
|
Vlan-int3 |
30.1.1.5/24 |
|
Vlan-int4 |
40.1.1.6/24 |
|
|
Vlan-int5 |
50.1.1.5/24 |
|
Vlan-int6 |
60.1.1.6/24 |
|
|
Vlan-int7 |
70.1.1.5/24 |
|
Vlan-int8 |
80.1.1.6/24 |
|
|
Vlan-int9 |
90.1.1.5/24 |
|
Vlan-int10 |
100.1.1.6/24 |
|
|
Vlan-int11 |
192.168.4.1/24 |
|
Vlan-int11 |
192.168.4.2/24 |
|
|
Vlan-int100 |
100.1.1.5/24 |
|
Vlan-int100 |
100.1.1.6/24 |
(1) 配置IP地址和单播路由协议
# 配置各接口的IP地址和子网掩码。(具体配置过程略)
# 在IP核心网络内配置OSPF协议,发布各接口IP地址(包括Loopback接口的IP地址)对应网段的路由,确保设备之间路由可达。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchA] evpn m-lag group 1.2.3.4
# 配置组成M-LAG系统的本地和远端VTEP的IPv4地址。
[SwitchA] evpn m-lag local 1.1.1.1 remote 2.2.2.2
# 使能IP组播路由。
[SwitchA] multicast routing
[SwitchA-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 5.5.5.5 as-number 200
[SwitchA-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchA-bgp-default] peer 6.6.6.6 as-number 200
[SwitchA-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchA-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] pim distributed-dr
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] pim sm
[SwitchA-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBack0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0
[SwitchA-LoopBack0] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip address 1.2.3.4 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] ospf 1 area 0
[SwitchA-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchA] interface loopback 2
[SwitchA-LoopBack2] ip binding vpn-instance vpna
[SwitchA-LoopBack2] ip address 1.2.3.4 32
[SwitchA-LoopBack2] pim sm
[SwitchA-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchA-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.0.1 30
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 1.2.3.4
[SwitchA-pim-vpna] c-rp 1.2.3.4
[SwitchA-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VLAN 100为peer-link链路的保留VLAN。
[SwitchA] vlan 100
[SwitchA–vlan100] m-lag peer-link reserved
[SwitchA–vlan100] quit
# 创建M-LAG聚合口。
[SwitchA] interface bridge-aggregation 21
[SwitchA-Bridge-Aggregation21] port link-type trunk
[SwitchA-Bridge-Aggregation21] port trunk permit vlan 1 20 to 29
[SwitchA-Bridge-Aggregation21] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation21] port m-lag group 1
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation21] service-instance 100
[SwitchA-Bridge-Aggregation21-srv100] encapsulation s-vid 21
[SwitchA-Bridge-Aggregation21-srv100] xconnect vsi vpna
[SwitchA-Bridge-Aggregation21-srv100] quit
# 将二层以太网接口加入M-LAG聚合口。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 21
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 配置以太网链路聚合接口作为peer-link链路。
[SwitchA] interface bridge-aggregation 9
[SwitchA-Bridge-Aggregation9] port link-type trunk
[SwitchA-Bridge-Aggregation9] port trunk permit vlan all
[SwitchA-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchA-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchA-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为M-LAG保留接口。
[SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/3
# 配置M-LAG系统。
[SwitchA] m-lag restore-delay 180
[SwitchA] m-lag system-mac 1-1-1
[SwitchA] m-lag system-number 1
[SwitchA] m-lag system-priority 10
[SwitchA] m-lag keepalive ip destination 192.168.1.2 source 192.168.1.1
(3) 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.4。
[SwitchB] evpn m-lag group 1.2.3.4
#配置组成M-LAG系统的本地和远端VTEP的IPv4地址。
[SwitchB] evpn m-lag local 2.2.2.2 remote 1.1.1.1
# 使能IP组播路由。
[SwitchB] multicast routing
[SwitchB-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchB-vsi-vpna] igmp-snooping enable
[SwitchB-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 5.5.5.5 as-number 200
[SwitchB-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchB-bgp-default] peer 6.6.6.6 as-number 200
[SwitchB-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchB-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchB] ip vpn-instance vpna
[SwitchB-vpn-instance-vpna] route-distinguisher 1:1
[SwitchB-vpn-instance-vpna] address-family ipv4
[SwitchB-vpn-ipv4-vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-vpna] quit
[SwitchB-vpn-instance-vpna] address-family evpn
[SwitchB-vpn-evpn-vpna] vpn-target 1:1
[SwitchB-vpn-evpn-vpna] quit
[SwitchB-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] pim distributed-dr
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] pim sm
[SwitchB-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchB] multicast routing vpn-instance vpna
[SwitchB-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBack0接口。
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] pim sm
[SwitchB-LoopBack0] ospf 1 area 0
[SwitchB-LoopBack0] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip address 1.2.3.4 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] ospf 1 area 0
[SwitchB-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchB] interface loopback 2
[SwitchB-LoopBack2] ip binding vpn-instance vpna
[SwitchB-LoopBack2] ip address 1.2.3.4 32
[SwitchB-LoopBack2] pim sm
[SwitchB-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchB-mvxlan-vpna] address-family ipv4
[SwitchB-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchB-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchB-mvxlan-vpna-ipv4] data-group 239.0.0.1 30
[SwitchB-mvxlan-vpna-ipv4] quit
[SwitchB-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。
[SwitchB] pim vpn-instance vpna
[SwitchB-pim-vpna] c-bsr 1.2.3.4
[SwitchB-pim-vpna] c-rp 1.2.3.4
[SwitchB-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VLAN 100为peer-link链路的保留VLAN。
[SwitchB] vlan 100
[SwitchB–vlan100] m-lag peer-link reserved
[SwitchB–vlan100] quit
# 创建M-LAG聚合口。
[SwitchB] interface bridge-aggregation 21
[SwitchB-Bridge-Aggregation21] port link-type trunk
[SwitchB-Bridge-Aggregation21] port trunk permit vlan 1 20 to 29
[SwitchB-Bridge-Aggregation21] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation21] port m-lag group 1
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation21] service-instance 100
[SwitchB-Bridge-Aggregation21-srv100] encapsulation s-vid 21
[SwitchB-Bridge-Aggregation21-srv100] xconnect vsi vpna
[SwitchB-Bridge-Aggregation21-srv100] quit
# 将二层以太网接口加入M-LAG聚合口。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 21
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为peer-link接口。
[SwitchB] interface bridge-aggregation 9
[SwitchB-Bridge-Aggregation9] port link-type trunk
[SwitchB-Bridge-Aggregation9] port trunk permit vlan all
[SwitchB-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchB-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchB] interface ten-gigabitethernet 1/0/2
[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchB-Ten-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为M-LAG保留接口。
[SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/3
# 配置M-LAG系统。
[SwitchB] m-lag restore-delay 180
[SwitchB] m-lag system-mac 1-1-1
[SwitchB] m-lag system-number 2
[SwitchB] m-lag system-priority 10
[SwitchB] m-lag keepalive ip destination 192.168.1.1 source 192.168.1.2
(4) 配置Switch C
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.6。
[SwitchC] evpn m-lag group 1.2.3.6
#配置组成M-LAG系统的本地和远端VTEP的IPv4地址。
[SwitchC] evpn m-lag local 3.3.3.3 remote 4.4.4.4
# 使能IP组播路由。
[SwitchC] multicast routing
[SwitchC-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchC-vsi-vpna] igmp-snooping enable
[SwitchC-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 6.6.6.6 as-number 200
[SwitchC-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchC-bgp-default] peer 5.5.5.5 as-number 200
[SwitchC-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchC-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] pim sm
[SwitchC-Vsi-interface1] igmp enable
[SwitchC-Vsi-interface1] pim distributed-dr
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] pim sm
[SwitchC-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBack0接口。
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 3.3.3.3 32
[SwitchC-LoopBack0] pim sm
[SwitchC-LoopBack0] ospf 1 area 0
[SwitchC-LoopBack1] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip address 1.2.3.6 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] ospf 1 area 0
[SwitchC-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchB] interface loopback 2
[SwitchC-LoopBack2] ip binding vpn-instance vpna
[SwitchC-LoopBack2] ip address 1.2.3.6 255.255.255.255
[SwitchC-LoopBack2] pim sm
[SwitchC-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchC-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchC-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchC-mvxlan-vpna-ipv4] m-lag local 3.3.3.3 remote 4.4.4.4
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 1.2.3.6
[SwitchC-pim-vpna] c-rp 1.2.3.6
[SwitchC-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 配置VLAN 100为peer-link链路的保留VLAN。
[SwitchC] vlan 100
[SwitchC–vlan100] m-lag peer-link reserved
[SwitchC–vlan100] quit
# 创建M-LAG聚合口。
[SwitchC] interface bridge-aggregation 17
[SwitchC-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation17] port m-lag group 17
# 配置以太网服务实例20与VSI实例vpna关联。
[SwitchC-Bridge-Aggregation17] service-instance 20
[SwitchC-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchC-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchC-Bridge-Aggregation17-srv20] quit
# 将二层以太网接口加入M-LAG聚合口。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-aggregation group 17
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为peer-link接口。
[SwitchC] interface bridge-aggregation 9
[SwitchC-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchC-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
# 将keeplive链路配置为M-LAG保留接口。
[SwitchC] m-lag mad exclude interface ten-gigabitethernet 1/0/3
# 配置M-LAG系统。
[SwitchC] m-lag restore-delay 180
[SwitchC] m-lag system-mac 2-2-2
[SwitchC] m-lag system-number 1
[SwitchC] m-lag system-priority 10
[SwitchC] m-lag keepalive ip destination 192.168.3.2 source 192.168.3.1
# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。
[SwitchC] interface bridge-aggregation 17
[SwitchC-Bridge-Aggregation17] port link-type trunk
[SwitchC-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchC-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchC-Bridge-Aggregation17] quit
# 配置peer-link接口为Trunk端口,允许所有的VLAN通过。
[SwitchC] interface bridge-aggregation 9
[SwitchC-Bridge-Aggregation9] port link-type trunk
[SwitchC-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchC-Bridge-Aggregation9] port trunk permit vlan all
[SwitchC-Bridge-Aggregation9] quit
(5) 配置Switch D
# 开启L2VPN能力。
<SwitchD> system-view
[SwitchD] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.6。
[SwitchD] evpn m-lag group 1.2.3.6
#配置组成M-LAG系统的本地和远端VTEP的IPv4地址。
[SwitchD] evpn m-lag local 4.4.4.4 remote 3.3.3.3
# 使能IP组播路由。
[SwitchD] multicast routing
[SwitchD-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchD-vsi-vpna] igmp-snooping enable
[SwitchD-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchD] bgp 200
[SwitchD-bgp-default] peer 6.6.6.6 as-number 200
[SwitchD-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchD-bgp-default] peer 5.5.5.5 as-number 200
[SwitchD-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchD-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 1:1
[SwitchD-vpn-instance-vpna] address-family ipv4
[SwitchD-vpn-ipv4-vpna] vpn-target 2:2
[SwitchD-vpn-ipv4-vpna] quit
[SwitchD-vpn-instance-vpna] address-family evpn
[SwitchD-vpn-evpn-vpna] vpn-target 1:1
[SwitchD-vpn-evpn-vpna] quit
[SwitchD-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpna
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] pim sm
[SwitchD-Vsi-interface1] igmp enable
[SwitchD-Vsi-interface1] pim distributed-dr
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] local-proxy-arp enable
[SwitchD-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpna
[SwitchD-Vsi-interface3] l3-vni 1000
[SwitchD-Vsi-interface3] pim sm
[SwitchD-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchD] multicast routing vpn-instance vpna
[SwitchD-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBack0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 4.4.4.4 32
[SwitchD-LoopBack0] pim sm
[SwitchD-LoopBack0] ospf 1 area 0
[SwitchD-LoopBack1] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip address 1.2.3.6 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] ospf 1 area 0
[SwitchD-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip binding vpn-instance vpna
[SwitchD-LoopBack2] ip address 1.2.3.6 255.255.255.255
[SwitchD-LoopBack2] pim sm
[SwitchD-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchD] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchD-mvxlan-vpna] address-family ipv4
[SwitchD-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchD-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchD-mvxlan-vpna-ipv4] data-group 239.0.1.0 30
[SwitchD-mvxlan-vpna-ipv4] m-lag local 4.4.4.4 remote 3.3.3.3
[SwitchD-mvxlan-vpna-ipv4] quit
[SwitchD-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP
[SwitchD] pim vpn-instance vpna
[SwitchD-pim-vpna] c-bsr 1.2.3.6
[SwitchD-pim-vpna] c-rp 1.2.3.6
[SwitchD-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# 配置VLAN 100为peer-link链路的保留VLAN。
[SwitchD] vlan 100
[SwitchD–vlan100] m-lag peer-link reserved
[SwitchD–vlan100] quit
# 创建M-LAG聚合口。
[SwitchD] interface bridge-aggregation 17
[SwitchD-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation17] port m-lag group 17
# 配置以太网服务实例20与VSI实例vpna关联。
[SwitchD-Bridge-Aggregation17] service-instance 20
[SwitchD-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchD-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchD-Bridge-Aggregation17-srv20] quit
# 将二层以太网接口加入M-LAG聚合口。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] port link-aggregation group 17
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为peer-link接口。
[SwitchD] interface bridge-aggregation 9
[SwitchD-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchD-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchD] interface ten-gigabitethernet 1/0/2
[SwitchD-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
# 将keeplive链路配置为M-LAG保留接口。
[SwitchD] m-lag mad exclude interface ten-gigabitethernet 1/0/3
# 配置M-LAG系统。
[SwitchD] m-lag restore-delay 180
[SwitchD] m-lag system-mac 2-2-2
[SwitchD] m-lag system-number 2
[SwitchD] m-lag system-priority 10
[SwitchD] m-lag keepalive ip destination 192.168.3.1 source 192.168.3.2
# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。
[SwitchD] interface bridge-aggregation 17
[SwitchD-Bridge-Aggregation17] port link-type trunk
[SwitchD-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchD-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchD-Bridge-Aggregation17] quit
# 配置peer-link接口为Trunk端口,允许所有的VLAN通过。
[SwitchD] interface bridge-aggregation 9
[SwitchD-Bridge-Aggregation9] port link-type trunk
[SwitchD-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchD-Bridge-Aggregation9] port trunk permit vlan all
[SwitchD-Bridge-Aggregation9] quit
(6) 配置Switch E
# 开启L2VPN能力。
<SwitchE> system-view
[SwitchE] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.5。
[SwitchE] evpn m-lag group 1.2.3.5
# 配置组成M-LAG系统的本地和远端VTEP的IPv4地址。
[SwitchE] evpn m-lag local 5.5.5.5 remote 6.6.6.6
# 使能IP组播路由。
[SwitchE] multicast routing
[SwitchE-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchE-vsi-vpna] vxlan 10
[SwitchE-vsi-vpna-vxlan-10] quit
[SwitchE-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchE] bgp 200
[SwitchE-bgp-default] non-stop-routing
[SwitchE-bgp-default] group evpn internal
[SwitchE-bgp-default] peer evpn connect-interface loopback 0
[SwitchE-bgp-default] peer 1.1.1.1 group evpn
[SwitchE-bgp-default] peer 2.2.2.2 group evpn
[SwitchE-bgp-default] peer 3.3.3.3 group evpn
[SwitchE-bgp-default] peer 4.4.4.4 group evpn
[SwitchE-bgp-default] peer 6.6.6.6 group evpn
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] undo policy vpn-target
[SwitchE-bgp-default-evpn] peer evpn enable
[SwitchE-bgp-default-evpn] peer evpn next-hop-local
[SwitchE-bgp-default-evpn] peer evpn reflect-client
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchE] ip vpn-instance vpna
[SwitchE-vpn-instance-vpna] route-distinguisher 1:1
[SwitchE-vpn-instance-vpna] address-family ipv4
[SwitchE-vpn-ipv4-vpna] vpn-target 2:2
[SwitchE-vpn-ipv4-vpna] quit
[SwitchE-vpn-instance-vpna] address-family evpn
[SwitchE-vpn-evpn-vpna] vpn-target 1:1
[SwitchE-vpn-evpn-vpna] quit
[SwitchE-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpna
[SwitchE-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] pim distributed-dr
[SwitchE-Vsi-interface1] mac-address 1-1-1
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] local-proxy-arp enable
[SwitchE-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchE] interface vsi-interface 3
[SwitchE-Vsi-interface3] ip binding vpn-instance vpna
[SwitchE-Vsi-interface3] l3-vni 1000
[SwitchE-Vsi-interface3] pim sm
[SwitchE-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchE] multicast routing vpn-instance vpna
[SwitchE-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBack0接口。
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 5.5.5.5 32
[SwitchE-LoopBack0] ospf 1 area 0
[SwitchE-LoopBack0] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip address 1.2.3.5 32
[SwitchE-LoopBack1] ospf 1 area 0
[SwitchE-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchE] interface loopback 2
[SwitchE-LoopBack2] ip binding vpn-instance vpna
[SwitchE-LoopBack2] ip address 1.2.3.5 255.255.255.255
[SwitchE-LoopBack2] pim sm
[SwitchE-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchE] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchE-mvxlan-vpna] address-family ipv4
[SwitchE-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchE-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchE-mvxlan-vpna-ipv4] data-group 239.0.0.1 30
[SwitchE-mvxlan-vpna-ipv4] quit
[SwitchE-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。
[SwitchE] pim vpn-instance vpna
[SwitchE-pim-vpna] c-bsr 1.2.3.5
[SwitchE-pim-vpna] c-rp 1.2.3.5
[SwitchE-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
# 配置VLAN 100为peer-link链路的保留VLAN。
[SwitchE] vlan 100
[SwitchE–vlan100] m-lag peer-link reserved
[SwitchE–vlan100] quit
# 创建M-LAG聚合口。
[SwitchE] interface bridge-aggregation 17
[SwitchE-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchE-Bridge-Aggregation17] port m-lag group 17
# 配置以太网服务实例20与VSI实例vpna关联。
[SwitchE-Bridge-Aggregation17] service-instance 20
[SwitchE-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchE-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchE-Bridge-Aggregation17-srv20] quit
# 将二层以太网接口加入M-LAG聚合口。
[SwitchE]interface ten-gigabitethernet 1/0/1
[SwitchE-Ten-GigabitEthernet1/0/1] port link-aggregation group 17
[SwitchE-Ten-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为peer-link接口。
[SwitchE] interface bridge-aggregation 9
[SwitchE-Bridge-Aggregation9] port link-type trunk
[SwitchE-Bridge-Aggregation9] port trunk permit vlan all
[SwitchE-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchE-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchE-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchE] interface ten-gigabitethernet 1/0/2
[SwitchE-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchE-Ten-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为M-LAG保留接口。
[SwitchE] m-lag mad exclude interface ten-gigabitethernet 1/0/3
# 配置M-LAG系统。
[SwitchE] m-lag restore-delay 180
[SwitchE] m-lag system-mac 3-3-3
[SwitchE] m-lag system-number 1
[SwitchE] m-lag system-priority 10
[SwitchE] m-lag keepalive ip destination 192.168.4.2 source 192.168.4.1
# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。
[SwitchE] interface bridge-aggregation 17
[SwitchE-Bridge-Aggregation17] port link-type trunk
[SwitchE-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchE-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchE-Bridge-Aggregation17] quit
# 配置peer-link接口为Trunk端口,允许所有的VLAN通过。
[SwitchE] interface bridge-aggregation 9
[SwitchE-Bridge-Aggregation9] port link-type trunk
[SwitchE-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchE-Bridge-Aggregation9] port trunk permit vlan all
[SwitchE-Bridge-Aggregation9] quit
(7) 配置Switch F
# 开启L2VPN能力。
<SwitchF> system-view
[SwitchF] l2vpn enable
# 开启EVPN的分布式聚合模式,并配置虚拟VTEP地址为1.2.3.5。
[SwitchF] evpn m-lag group 1.2.3.5
#配置组成M-LAG系统的本地和远端VTEP的IPv4地址。
[SwitchF] evpn m-lag local 6.6.6.6 remote 5.5.5.5
# 使能IP组播路由。
[SwitchF] multicast routing
[SwitchF-mrib] quit
# 开启设备的IGMP Snooping功能。
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchF] vxlan tunnel mac-learning disable
[SwitchF] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例。
[SwitchF] vsi vpna
[SwitchF-vsi-vpna] evpn encapsulation vxlan
[SwitchF-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchF-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchF-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchF-vsi-vpna] igmp-snooping enable
[SwitchF-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 10。
[SwitchF-vsi-vpna] vxlan 10
[SwitchF-vsi-vpna-vxlan-10] quit
[SwitchF-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchF] bgp 200
[SwitchF-bgp-default] non-stop-routing
[SwitchF-bgp-default] group evpn internal
[SwitchF-bgp-default] peer evpn connect-interface LoopBack0
[SwitchF-bgp-default] peer 1.1.1.1 group evpn
[SwitchF-bgp-default] peer 2.2.2.2 group evpn
[SwitchF-bgp-default] peer 3.3.3.3 group evpn
[SwitchF-bgp-default] peer 4.4.4.4 group evpn
[SwitchF-bgp-default] peer 5.5.5.5 group evpn
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] undo policy vpn-target
[SwitchF-bgp-default-evpn] peer evpn enable
[SwitchF-bgp-default-evpn] peer evpn next-hop-local
[SwitchF-bgp-default-evpn] peer evpn reflect-client
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# 配置VPN实例vpna的RD和RT。
[SwitchF] ip vpn-instance vpna
[SwitchF-vpn-instance-vpna] route-distinguisher 1:1
[SwitchF-vpn-instance-vpna] address-family ipv4
[SwitchF-vpn-ipv4-vpna] vpn-target 2:2
[SwitchF-vpn-ipv4-vpna] quit
[SwitchF-vpn-instance-vpna] address-family evpn
[SwitchF-vpn-evpn-vpna] vpn-target 1:1
[SwitchF-vpn-evpn-vpna] quit
[SwitchF-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchF] interface vsi-interface 1
[SwitchF-Vsi-interface1] ip binding vpn-instance vpna
[SwitchF-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchF-Vsi-interface1] pim sm
[SwitchF-Vsi-interface1] igmp enable
[SwitchF-Vsi-interface1] pim distributed-dr
[SwitchF-Vsi-interface1] mac-address 1-1-1
[SwitchF-Vsi-interface1] distributed-gateway local
[SwitchF-Vsi-interface1] local-proxy-arp enable
[SwitchF-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000
[SwitchF] interface vsi-interface 3
[SwitchF-Vsi-interface3] ip binding vpn-instance vpna
[SwitchF-Vsi-interface3] l3-vni 1000
[SwitchF-Vsi-interface3] pim sm
[SwitchF-Vsi-interface3] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchF] multicast routing vpn-instance vpna
[SwitchF-mrib-vpna] quit
# 创建接口LoopBack0,并配置LoopBack0接口。
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 6.6.6.6 32
[SwitchF-LoopBack0] ospf 1 area 0
[SwitchF-LoopBack0] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip address 1.2.3.5 32
[SwitchF-LoopBack1] ospf 1 area 0
[SwitchF-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip binding vpn-instance vpna
[SwitchF-LoopBack2] ip address 1.2.3.5 255.255.255.255
[SwitchF-LoopBack2] pim sm
[SwitchF-LoopBack2] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。
[SwitchF] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchF-mvxlan-vpna] address-family ipv4
[SwitchF-mvxlan-vpna-ipv4] default-group 236.0.0.1
[SwitchF-mvxlan-vpna-ipv4] source loopback 1 evpn-mlag-group
[SwitchF-mvxlan-vpna-ipv4] data-group 239.0.0.1 30
[SwitchF-mvxlan-vpna-ipv4] quit
[SwitchF-mvxlan-vpna] quit
# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpna
[SwitchF-pim-vpna] c-bsr 1.2.3.5
[SwitchF-pim-vpna] c-rp 1.2.3.5
[SwitchF-pim-vpna] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchF] vsi vpna
[SwitchF-vsi-vpna] gateway vsi-interface 1
[SwitchF-vsi-vpna] quit
# 配置VLAN 100为peer-link链路的保留VLAN。
[SwitchF] vlan 100
[SwitchF–vlan100] m-lag peer-link reserved
[SwitchF–vlan100] quit
# 创建M-LAG聚合口。
[SwitchF] interface bridge-aggregation 17
[SwitchF-Bridge-Aggregation17] link-aggregation mode dynamic
[SwitchF-Bridge-Aggregation17] port m-lag group 17
# 配置以太网服务实例20与VSI实例vpna关联。
[SwitchF-Bridge-Aggregation17] service-instance 20
[SwitchF-Bridge-Aggregation17-srv20] encapsulation s-vid 2
[SwitchF-Bridge-Aggregation17-srv20] xconnect vsi vpna
[SwitchF-Bridge-Aggregation17-srv20] quit
# 将二层以太网接口加入M-LAG聚合口。
[SwitchF] interface ten-gigabitethernet 1/0/1
[SwitchF-Ten-GigabitEthernet1/0/1] port link-aggregation group 17
[SwitchF-Ten-GigabitEthernet1/0/1] quit
# 配置以太网聚合接口作为peer-link接口。
[SwitchF] interface bridge-aggregation 9
[SwitchF-Bridge-Aggregation9] port link-type trunk
[SwitchF-Bridge-Aggregation9] port trunk permit vlan all
[SwitchF-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchF-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchF-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchF] interface ten-gigabitethernet 1/0/2
[SwitchF-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchF-Ten-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为M-LAG保留接口。
[SwitchF] m-lag mad exclude interface ten-gigabitethernet 1/0/3
# 配置M-LAG系统。
[SwitchF] m-lag restore-delay 180
[SwitchF] m-lag system-mac 3-3-3
[SwitchF] m-lag system-number 2
[SwitchF] m-lag system-priority 10
[SwitchF] m-lag keepalive ip destination 192.168.4.1 source 192.168.4.2
# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。
[SwitchF] interface bridge-aggregation 17
[SwitchF-Bridge-Aggregation17] port link-type trunk
[SwitchF-Bridge-Aggregation17] undo port trunk permit vlan 1
[SwitchF-Bridge-Aggregation17] port trunk permit vlan 20 to 29
[SwitchF-Bridge-Aggregation17] quit
# 配置peer-link接口为Trunk端口,允许所有的VLAN通过。
[SwitchF] interface bridge-aggregation 9
[SwitchF-Bridge-Aggregation9] port link-type trunk
[SwitchF-Bridge-Aggregation9] undo port trunk permit vlan 1
[SwitchF-Bridge-Aggregation9] port trunk permit vlan all
[SwitchF-Bridge-Aggregation9] quit
(1) 查看Switch A的VXLAN隧道和VSI信息
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并已采用虚拟VTEP地址建立VXLAN隧道。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 6.6.6.6
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 1159 packets, 176556 bytes, 0 drops
Output: 1176 packets, 178121 bytes, 0 drops
Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel3
Current state: UP
Line protocol state: UP
Description: Tunnel3 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.2.3.4, destination 1.2.3.6
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 8 packets, 480 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch A上的VSI信息,可以看到Switch A自动创建了VXLAN隧道,并将其与VSI关联。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : -
Broadcast Restrain : -
Multicast Restrain : -
Unknown Unicast Restrain : -
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
Tunnel1 0x5000001 UP Auto Disabled
Tunnel2 0x5000002 UP Auto Disabled
Tunnel3 0x5000003 UP Auto Disabled
ACs:
AC Link ID State Type
BAGG17 srv20 0 Up Manual
(2) 查看Switch A的组播路由信息
# peer-link链路未故障时,查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.2.3.4, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 03:59:50
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Register-Tunnel0
Protocol: pim-sm, UpTime: 03:38:17, Expires: -
(1.2.3.6, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 01:18:49
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE1
Protocol: MD, UpTime: 01:18:49, Expires: -
# 两个M-LAG系统的peer-link链路均故障时,查看Switch A的公网组播路由信息。
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:02:12
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:11, Expires: 00:03:19
(2.2.2.2, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:04
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:04, Expires: -
(3.3.3.3, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:36
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:36, Expires: -
(6.6.6.6, 236.0.0.1)
RP: 5.5.5.5
Protocol: pim-sm, Flag: SPT
UpTime: 00:00:32
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.11
RPF prime neighbor: 11.1.1.11
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:00:32, Expires: -
(3) 查看Switch E的组播路由信息。
# peer-link链路未故障时,查看Switch E的公网组播路由信息。
<SwitchE> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.2.3.4, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 04:11:32
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.2
RPF prime neighbor: 12.1.1.2
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface13
Protocol: pim-sm, UpTime: 01:33:53, Expires: 00:02:40
2: Vlan-interface14
Protocol: pim-sm, UpTime: 01:31:35, Expires: 00:02:40
(1.2.3.6, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 01:34:02
Upstream interface: Vlan-interface14
Upstream neighbor: 14.1.1.4
RPF prime neighbor: 14.1.1.4
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface11
Protocol: pim-sm, UpTime: 01:30:50, Expires: 00:02:40
2: Vlan-interface12
Protocol: pim-sm, UpTime: 01:30:50, Expires: 00:02:41-
# 两个M-LAG系统的peer-link链路均故障时,查看Switch E的公网组播路由信息。
<SwitchE> display pim routing-table
Total 0 (*, G) entries; 2 (S, G) entries
(1.1.1.1, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:04:00
Upstream interface: Vlan-interface11
Upstream neighbor: 11.1.1.1
RPF prime neighbor: 11.1.1.1
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface12
Protocol: pim-sm, UpTime: 00:02:51, Expires: 00:02:39
2: Vlan-interface13
Protocol: pim-sm, UpTime: 00:03:59, Expires: 00:03:06
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:03:59, Expires: 00:03:10
(2.2.2.2, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:02:52
Upstream interface: Vlan-interface12
Upstream neighbor: 12.1.1.2
RPF prime neighbor: 12.1.1.2
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:02:38
2: Vlan-interface13
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:02:39
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:03:10
(3.3.3.3, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:03:25
Upstream interface: Vlan-interface13
Upstream neighbor: 13.1.1.3
RPF prime neighbor: 13.1.1.3
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:03:24, Expires: 00:03:06
2: Vlan-interface12
Protocol: pim-sm, UpTime: 00:03:24, Expires: 00:02:38
3: Vlan-interface14
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10
(6.6.6.6, 236.0.0.1)
RP: 5.5.5.5 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN
UpTime: 00:02:20
Upstream interface: Vlan-interface14
Upstream neighbor: 14.1.1.4
RPF prime neighbor: 14.1.1.4
Downstream interface information:
Total number of downstream interfaces: 3
1: Vlan-interface11
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10
2: Vlan-interface12
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10
3: Vlan-interface13
Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:11
如图3-7所示,具体组网如下:
· Switch B为普通二层交换机,用于二层转发组播流量。
· Switch A为DC 1的VTEP设备,用于用户的接入。
· Switch C、Switch D为DC 1的ED设备,用于DC间的互联。Switch C和Switch D组成M-LAG系统,以提高网络的可靠性。
· Switch E、Switch F为DC 2的ED设备,用于DC间的互联。Switch E和Switch F组成M-LAG系统,以提高网络的可靠性。
· Switch G为DC 2的VTEP设备,用于用户的接入。
· DC 1和DC 2内均使用L3VNI 1000。
Switch A~Switch G连接DC内设备的公网接口上均配置PIM-SM,Switch C~Switch F上使能IGMP Snooping功能,用于建立组播转发表项。连接DC外设备的公网接口不需要使能PIM-SM。
组播源通过Switch B接入ED设备Switch C和Switch D,Switch A、Switch E、Switch F和Switch G连接组播接收者。组播接收者可接收来自组播源的组播流量。
图3-7 双DC跨数据中心组播源直连ED配置组网图(不同DC相同L3VNI)
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Switch A |
Loop0 |
1.1.1.1/32 |
Swtich G |
Loop0 |
6.6.6.6/32 |
|
|
Loop1 |
1.1.1.1/32 |
|
Loop1 |
6.6.6.6/32 |
|
|
Vlan-int12 |
12.1.1.1/24 |
|
Vlan-int13 |
13.1.1.6/24 |
|
|
VSI-int1 |
192.168.59.2/24 |
|
VSI-int1 |
192.168.60.2/24 |
|
Switch C |
Loop0 |
2.2.2.2/32 |
Swtich D |
Loop0 |
3.3.3.3/32 |
|
|
Loop1 |
2.2.2.2/32 |
|
Loop1 |
3.3.3.3/32 |
|
|
Loop2 |
1.2.3.4/32 |
|
Loop2 |
1.2.3.4/32 |
|
|
Vlan-int12 |
12.1.1.2/24 |
|
Vlan-int12 |
12.1.1.3/24 |
|
|
Vlan-int24 |
24.1.1.2/24 |
|
Vlan-int34 |
34.1.1.3/24 |
|
|
Vlan-int25 |
25.1.1.2/24 |
|
Vlan-int35 |
35.1.1.3/24 |
|
|
VSI-int1 |
192.168.57.2/24 |
|
VSI-int1 |
192.168.57.3/24 |
|
Swtich E |
Loop0 |
4.4.4.4/32 |
Swtich F |
Loop0 |
5.5.5.5/32 |
|
|
Loop1 |
4.4.4.4/32 |
|
Loop1 |
5.5.5.5/32 |
|
|
Loop2 |
5.6.7.8/32 |
|
Loop2 |
5.6.7.8/32 |
|
|
Vlan-int13 |
13.1.1.4/24 |
|
Vlan-int13 |
12.1.1.5/24 |
|
|
Vlan-int24 |
24.1.1.4/24 |
|
Vlan-int25 |
25.1.1.5/24 |
|
|
Vlan-int34 |
34.1.1.4/24 |
|
Vlan-int35 |
35.1.1.5/24 |
|
|
VSI-int1 |
192.168.58.2/24 |
|
VSI-int1 |
192.168.58.3/24 |
(1) 配置IP地址、单播路由协议和PIM SM协议
# 在Source上指定网关地址为192.168.57.1;在Receiver 1、Receiver 2和Receiver 3上分别指定网关地址为192.168.58.1、192.168.59.1和192.168.60.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在DC内配置OSPF协议,确保DC内的路由器之间路由可达。(具体配置过程略)
# 在DC内设备间相连的VLAN接口上使能PIM SM。ED间相连的VLAN接口上不能使能PIM SM。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能,创建VLAN 11。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] vlan 11
[SwitchA-vlan11] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建接口LoopBack0,并配置LoopBack0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] pim sm
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchA-vsi-vpna] igmp-snooping enable
[SwitchA-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 11。
[SwitchA-vsi-vpna] vxlan 11
[SwitchA-vsi-vpna-vxlan-11] quit
[SwitchA-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchA] bgp 100
[SwitchA-bgp-default] group evpn internal
[SwitchA-bgp-default] peer evpn connect-interface loopback 0
[SwitchA-bgp-default] peer 2.2.2.2 group evpn
[SwitchA-bgp-default] peer 3.3.3.3 group evpn
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer evpn enable
[SwitchA-bgp-default-evpn] peer evpn next-hop-local
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入组播接收者的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 11的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 11
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 100
[SwitchA-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv100] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance vpn1
[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1
[SwitchA-vpn-instance-vpn1] address-family ipv4
[SwitchA-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchA-vpn-ipv4-vpn1] quit
[SwitchA-vpn-instance-vpn1] address-family evpn
[SwitchA-vpn-evpn-vpn1] vpn-target 1:1
[SwitchA-vpn-evpn-vpn1] quit
[SwitchA-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface1] ip address 192.168.59.2 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] quit
# 使能VPN实例vpn1的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpn1
[SwitchA-mrib-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能,并配置由Default-MDT向Data-MDT切换的延迟时间为20秒(大于BGP发布同一路由的缺省时间间隔15秒)。
[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchA-mvxlan-vpn1] address-family ipv4
[SwitchA-mvxlan-vpn1-ipv4] default-group 236.0.0.0
[SwitchA-mvxlan-vpn1-ipv4] source loopback 0
[SwitchA-mvxlan-vpn1-ipv4] data-group 239.0.0.0 24
[SwitchA-mvxlan-vpn1-ipv4] quit
[SwitchA-mvxlan-vpn1] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpn1
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpn1
[SwitchA-pim-vpn1] c-bsr 1.1.1.1
[SwitchA-pim-vpn1] c-rp 1.1.1.1
[SwitchA-pim-vpn1] quit
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
(3) 配置Switch B
# 创建二层聚合接口1,并配置该接口为动态聚合模式。
<SwitchB> system-view
[SwitchB] interface bridge-aggregation 1
[SwitchB-Bridge-Aggregation1] link-aggregation mode dynamic
[SwitchB-Bridge-Aggregation1] quit
# 分别将端口Ten-GigabitEthernet1/0/2和Ten-GigabitEthernet1/0/3加入到聚合组1中。
[SwitchB] interface range ten-gigabitethernet 1/0/2 to ten-gigabitethernet 1/0/3
[SwitchB-if-range] port link-aggregation group 1
[SwitchB-if-range] quit
# 创建VLAN 11。
[SwitchB] vlan 11
[SwitchB-vlan11] quit
# 配置二层聚合口1为Trunk端口,并允许VLAN 11通过。
[SwitchB] interface Bridge-Aggregation 1
[SwitchB-Bridge-Aggregation1] port link-type trunk
[SwitchB-Bridge-Aggregation1] port trunk permit vlan 11
[SwitchB-Bridge-Aggregation1] quit
# 配置接口Ten-GigabitEthernet1/0/1为Trunk端口,并允许VLAN 11通过。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 11
[SwitchB-Ten-GigabitEthernet1/0/1] quit
(4) 配置Switch C
# 开启L2VPN能力,使能IP组播路由功能,并启动OSPF和RIP进程。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
[SwitchC] pim
[SwitchC-pim] quit
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
[SwitchC] rip 1
[SwitchC-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchC-vsi-vpna] igmp-snooping enable
[SwitchC-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 11。
[SwitchC-vsi-vpna] vxlan 11
[SwitchC-vsi-vpna-vxlan-11] quit
[SwitchC-vsi-vpna] quit
# 在与Switch E连接的三层口上配置RIP路由协议,并开启DCI功能。
[SwitchC] interface vlan-interface 24
[SwitchC-Vlan-interface24] rip 1 enable
[SwitchC-Vlan-interface24] dci enable
[SwitchC-Vlan-interface24] quit
# 在与Switch F连接的三层口上配置RIP路由协议,并开启DCI功能。
[SwitchC] interface vlan-interface 25
[SwitchC-Vlan-interface25] rip 1 enable
[SwitchC-Vlan-interface25] dci enable
[SwitchC-Vlan-interface25] quit
# 开启EVPN的分布式聚合模式,并配置虚拟ED地址为1.2.3.4。
[SwitchC] evpn m-lag group 1.2.3.4
# EVPN M-LAG组网中配置组成M-LAG系统的本地VTEP的IP地址为2.2.2.2、远端VTEP的IP地址为3.3.3.3。
[SwitchC] evpn m-lag local 2.2.2.2 remote 3.3.3.3
# 配置VPN实例vpn1的RD和RT。
[SwitchC] ip vpn-instance vpn1
[SwitchC-vpn-instance-vpn1] route-distinguisher 1:2
[SwitchC-vpn-instance-vpn1] address-family ipv4
[SwitchC-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchC-vpn-ipv4-vpn1] quit
[SwitchC-vpn-instance-vpn1] address-family evpn
[SwitchC-vpn-evpn-vpn1] vpn-target 1:1
[SwitchC-vpn-evpn-vpn1] quit
[SwitchC-vpn-instance-vpn1] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 2.2.2.2 32
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] rip 1 enable
[SwitchC-LoopBack0] pim sm
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpn1
[SwitchC-LoopBack1] ip address 2.2.2.2 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip address 1.2.3.4 32
[SwitchC-LoopBack2] ospf 1 area 0.0.0.0
[SwitchC-LoopBack2] rip 1 enable
[SwitchC-LoopBack2] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface1] ip address 192.168.57.2 255.255.255.0
[SwitchC-Vsi-interface1] pim sm
[SwitchC-Vsi-interface1] igmp enable
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] pim sm
[SwitchC-Vsi-interface2] quit
# 创建二层聚合接口1,并配置改接口为动态聚合模式。
[SwitchC] interface bridge-aggregation 1
[SwitchC-Bridge-Aggregation1] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation1] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组1中。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] port link-aggregation group 1
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# 在二层聚合接口1创建以太网服务实例100,该实例同来匹配VLAN 100的数据帧,并将其加入M-LAG组1中。
[SwitchC] interface bridge-aggregation 1
[SwitchC-Bridge-Aggregation1] port link-type trunk
[SwitchC-Bridge-Aggregation1] port trunk permit vlan 1 11
[SwitchC-Bridge-Aggregation1] port m-lag group 1
[SwitchC-Bridge-Aggregation1] service-instance 100
[SwitchC-Bridge-Aggregation1-srv100] encapsulation s-vid 11
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchC-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[SwitchC-Ten-GigabitEthernet1/0/1-srv100] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchC] multicast routing vpn-instance vpn1
[SwitchC-mrib-vpn1] quit
# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchC] pim vpn-instance vpn1
[SwitchC-pim-vpn1] c-bsr 2.2.2.2
[SwitchC-pim-vpn1] c-rp 2.2.2.2
[SwitchC-pim-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchC-mvxlan-vpn1] address-family ipv4
[SwitchC-mvxlan-vpn1-ipv4] default-group 236.0.0.0
[SwitchC-mvxlan-vpn1-ipv4] source loopback 2 evpn-mlag-group
[SwitchC-mvxlan-vpn1-ipv4] data-group 239.0.0.0 24
[SwitchC-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchC-mvxlan-vpn1-ipv4] dci enable
[SwitchC-mvxlan-vpn1-ipv4] quit
[SwitchC-mvxlan-vpn1] quit
# 配置组成M-LAG系统的本地和远端ED的IPv4地址。
[SwitchC] multicast-vpn vxlan m-lag local 2.2.2.2 remote 3.3.3.3
# 配置路由策略,使Switch C收到来自于Switch D的SMET路由和S-PMSI路由后,不将该路由转发给Switch E和Switch F;并且,Switch C收到来自于非M-LAG对端设备的SMET路由和S-PMSI路由后,修改路由的下一跳为2.2.2.2。
[SwitchC] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchC] ip prefix-list 2 index 10 permit 3.3.3.3 32
[SwitchC] route-policy 2 deny node 0
[SwitchC-route-policy-2-0] if-match ip route-source prefix-list 2
[SwitchC-route-policy-2-0] if-match route-type bgp-evpn-mac-ip bgp-evpn-imet bgp-evpn-ip-prefix
[SwitchC-route-policy-2-0] quit
[SwitchC] route-policy 2 deny node 1
[SwitchC-route-policy-2-1] if-match ip route-source prefix-list 2
[SwitchC-route-policy-2-1] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchC-route-policy-2-1] quit
[SwitchC] route-policy 2 permit node 2
[SwitchC-route-policy-2-2] if-match ip route-source prefix-list 1
[SwitchC-route-policy-2-2] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchC-route-policy-2-2] apply ip-address next-hop 2.2.2.2
[SwitchC-route-policy-2-2] quit
[SwitchC] route-policy 2 permit node 3
[SwitchC-route-policy-2-3] if-match ip route-source prefix-list 1
[SwitchC-route-policy-2-3] quit
# 配置路由策略,使Switch C只向Switch D发送SMET路由和S-PMSI路由。
[SwitchC] route-policy 10 permit node 1
[SwitchC-route-policy-10-1] if-match ip route-source prefix-list 1
[SwitchC-route-policy-10-1] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchC-route-policy-10-1] quit
# 配置BGP发布EVPN路由,指定发布EVPN路由时,将下一跳地址修改为M-LAG的虚拟ED地址。
[SwitchC] bgp 100
[SwitchC-bgp-default] peer 1.1.1.1 as-number 100
[SwitchC-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchC-bgp-default] peer 3.3.3.3 as-number 100
[SwitchC-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] peer 4.4.4.4 ebgp-max-hop 64
[SwitchC-bgp-default] peer 5.5.5.5 as-number 200
[SwitchC-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchC-bgp-default] peer 5.5.5.5 ebgp-max-hop 64
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] nexthop evpn-m-lag group-address
[SwitchC-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchC-bgp-default-evpn] peer 1.1.1.1 next-hop-local
[SwitchC-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchC-bgp-default-evpn] peer 3.3.3.3 next-hop-local
[SwitchC-bgp-default-evpn] peer 3.3.3.3 route-policy 10 export
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enabl
[SwitchC-bgp-default-evpn] peer 4.4.4.4 router-mac-local
[SwitchC-bgp-default-evpn] peer 4.4.4.4 route-policy 2 export
[SwitchC-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchC-bgp-default-evpn] peer 5.5.5.5 router-mac-local
[SwitchC-bgp-default-evpn] peer 5.5.5.5 route-policy 2 export
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置以太网链路聚合接口作为peer-link链路。
[SwitchC] interface bridge-aggregation 9
[SwitchC-Bridge-Aggregation9] port link-type trunk
[SwitchC-Bridge-Aggregation9] port trunk permit vlan all
[SwitchC-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchC-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchC-Ten-GigabitEthernet1/0/2] quit
# 配置M-LAG系统。
[SwitchC] m-lag restore-delay 180
[SwitchC] m-lag system-mac 0001-0001-0001
[SwitchC] m-lag system-number 1
[SwitchC] m-lag system-priority 10
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
(5) 配置Switch D
# 开启L2VPN能力,使能IP组播路由功能,并启动OSPF和RIP进程。
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
[SwitchD] pim
[SwitchD-pim] quit
[SwitchD] ospf 1
[SwitchD-ospf-1] area 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
[SwitchD] rip 1
[SwitchD-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchD-vsi-vpna] igmp-snooping enable
[SwitchD-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 11。
[SwitchD-vsi-vpna] vxlan 11
[SwitchD-vsi-vpna-vxlan-11] quit
[SwitchD-vsi-vpna] quit
# 在与Switch E连接的三层口上配置RIP路由协议,并开启DCI功能。
[SwitchD] interface vlan-interface 34
[SwitchD-Vlan-interface34] rip 1 enable
[SwitchD-Vlan-interface34] dci enable
[SwitchD-Vlan-interface34] quit
# 在与Switch F连接的三层口上配置RIP路由协议,并开启DCI功能。
[SwitchD] interface vlan-interface 35
[SwitchD-Vlan-interface35] rip 1 enable
[SwitchD-Vlan-interface35] dci enable
[SwitchD-Vlan-interface35] quit
# 开启EVPN的分布式聚合模式,并配置虚拟ED地址为1.2.3.4。
[SwitchD] evpn m-lag group 1.2.3.4
# EVPN M-LAG组网中配置组成M-LAG系统的本地VTEP的IP地址为3.3.3.3、远端VTEP的IP地址为2.2.2.2。
[SwitchD] evpn m-lag local 3.3.3.3 remote 2.2.2.2
# 配置VPN实例vpn1的RD和RT。
[SwitchD] ip vpn-instance vpn1
[SwitchD-vpn-instance-vpn1] route-distinguisher 1:3
[SwitchD-vpn-instance-vpn1] address-family ipv4
[SwitchD-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchD-vpn-ipv4-vpn1] quit
[SwitchD-vpn-instance-vpn1] address-family evpn
[SwitchD-vpn-evpn-vpn1] vpn-target 1:1
[SwitchD-vpn-evpn-vpn1] quit
[SwitchD-vpn-instance-vpn1] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 3.3.3.3 32
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] rip 1 enable
[SwitchD-LoopBack0] pim sm
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance vpn1
[SwitchD-LoopBack1] ip address 3.3.3.3 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip address 1.2.3.4 32
[SwitchD-LoopBack2] ospf 1 area 0.0.0.0
[SwitchD-LoopBack2] rip 1 enable
[SwitchD-LoopBack2] quit
# 配置VSI虚接口VSI-interface1。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface1] ip address 192.168.57.3 255.255.255.0
[SwitchD-Vsi-interface1] pim sm
[SwitchD-Vsi-interface1] igmp enable
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# 创建二层聚合接口1,并配置改接口为动态聚合模式。
[SwitchD] interface bridge-aggregation 1
[SwitchD-Bridge-Aggregation1] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation1] quit
# 将端口Ten-GigabitEthernet1/0/1加入到聚合组1中。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] port link-aggregation group 1
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 在二层聚合接口1创建以太网服务实例100,该实例同来匹配VLAN 100的数据帧,并将其加入M-LAG组1中。
[SwitchD] interface bridge-aggregation 1
[SwitchD-Bridge-Aggregation1] port link-type trunk
[SwitchD-Bridge-Aggregation1] port trunk permit vlan 1 11
[SwitchD-Bridge-Aggregation1] port m-lag group 1
[SwitchD-Bridge-Aggregation1] service-instance 100
[SwitchD-Bridge-Aggregation1-srv100] encapsulation s-vid 11
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchD-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1-srv100] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchD] multicast routing vpn-instance vpn1
[SwitchD-mrib-vpn1] quit
# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance vpn1
[SwitchD-pim-vpn1] c-bsr 3.3.3.3
[SwitchD-pim-vpn1] c-rp 3.3.3.3
[SwitchD-pim-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchD-mvxlan-vpn1] address-family ipv4
[SwitchD-mvxlan-vpn1-ipv4] default-group 236.0.0.0
[SwitchD-mvxlan-vpn1-ipv4] source loopback 2 evpn-mlag-group
[SwitchD-mvxlan-vpn1-ipv4] data-group 239.0.0.0 24
[SwitchD-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchD-mvxlan-vpn1-ipv4] dci enable
[SwitchD-mvxlan-vpn1-ipv4] quit
[SwitchD-mvxlan-vpn1] quit
# 配置组成M-LAG系统的本地和远端ED的IPv4地址。
[SwitchD] multicast-vpn vxlan m-lag local 3.3.3.3 remote 2.2.2.2
# 配置路由策略,使Switch D收到来自于Switch C的SMET路由和S-PMSI路由后,不将该路由转发给Switch E和Switch F;并且,Switch D收到来自于非M-LAG对端设备的SMET路由和S-PMSI路由后,修改路由的下一跳为3.3.3.3。
[SwitchD] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchD] ip prefix-list 2 index 10 permit 2.2.2.2 32
[SwitchD] route-policy 3 deny node 0
[SwitchD-route-policy-3-0] if-match ip route-source prefix-list 2
[SwitchD-route-policy-3-0] if-match route-type bgp-evpn-mac-ip bgp-evpn-imet bgp-evpn-ip-prefix
[SwitchD-route-policy-3-0] quit
[SwitchD] route-policy 3 deny node 1
[SwitchD-route-policy-3-1] if-match ip route-source prefix-list 2
[SwitchD-route-policy-3-1] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-3-1] quit
[SwitchD] route-policy 3 permit node 2
[SwitchD-route-policy-3-2] if-match ip route-source prefix-list 1
[SwitchD-route-policy-3-2] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-3-2] apply ip-address next-hop 3.3.3.3
[SwitchD-route-policy-3-2] quit
[SwitchD] route-policy 3 permit node 3
[SwitchD-route-policy-3-3] if-match ip route-source prefix-list 1
[SwitchD-route-policy-3-3] quit
# 配置路由策略,使Switch D只向Switch C发送SMET路由和S-PMSI路由。
[SwitchD] route-policy 10 permit node 1
[SwitchD-route-policy-10-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-10-1] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-10-1] quit
# 配置BGP发布EVPN路由,指定发布EVPN路由时,将下一跳地址修改为M-LAG的虚拟ED地址。
[SwitchD] bgp 100
[SwitchD-bgp-default] peer 1.1.1.1 as-number 100
[SwitchD-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchD-bgp-default] peer 2.2.2.2 as-number 100
[SwitchD-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchD-bgp-default] peer 4.4.4.4 as-number 200
[SwitchD-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchD-bgp-default] peer 4.4.4.4 ebgp-max-hop 64
[SwitchD-bgp-default] peer 5.5.5.5 as-number 200
[SwitchD-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchD-bgp-default] peer 5.5.5.5 ebgp-max-hop 64
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] nexthop evpn-m-lag group-address
[SwitchD-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchD-bgp-default-evpn] peer 1.1.1.1 next-hop-local
[SwitchD-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchD-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[SwitchD-bgp-default-evpn] peer 2.2.2.2 route-policy 10 export
[SwitchD-bgp-default-evpn] peer 4.4.4.4 enabl
[SwitchD-bgp-default-evpn] peer 4.4.4.4 router-mac-local
[SwitchD-bgp-default-evpn] peer 4.4.4.4 route-policy 3 export
[SwitchD-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchD-bgp-default-evpn] peer 5.5.5.5 router-mac-local
[SwitchD-bgp-default-evpn] peer 5.5.5.5 route-policy 3 export
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 配置以太网链路聚合接口作为peer-link链路。
[SwitchD] interface bridge-aggregation 9
[SwitchD-Bridge-Aggregation9] port link-type trunk
[SwitchD-Bridge-Aggregation9] port trunk permit vlan all
[SwitchD-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchD-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchD] interface ten-gigabitethernet 1/0/2
[SwitchD-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchD-Ten-GigabitEthernet1/0/2] quit
# 配置M-LAG系统。
[SwitchD] m-lag restore-delay 180
[SwitchD] m-lag system-mac 0001-0001-0001
[SwitchD] m-lag system-number 2
[SwitchD] m-lag system-priority 10
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
(6) 配置Switch E
# 开启L2VPN能力,使能IP组播路由功能,并启动OSPF和RIP进程。
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
[SwitchE] pim
[SwitchE-pim] quit
[SwitchE] ospf 1
[SwitchE-ospf-1] area 0.0.0.0
[SwitchE-ospf-1-area-0.0.0.0] quit
[SwitchE-ospf-1] quit
[SwitchE] rip 1
[SwitchE-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] evpn encapsulation vxlan
[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchE-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchE-vsi-vpna] igmp-snooping enable
[SwitchE-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 11。
[SwitchE-vsi-vpna] vxlan 11
[SwitchE-vsi-vpna-vxlan-11] quit
[SwitchE-vsi-vpna] quit
# 在与Switch C连接的三层口上配置RIP路由协议,并开启DCI功能。
[SwitchE] interface vlan-interface 24
[SwitchE-Vlan-interface24] rip 1 enable
[SwitchE-Vlan-interface24] dci enable
[SwitchE-Vlan-interface24] quit
# 在与Switch D连接的三层口上配置RIP路由协议,并开启DCI功能。
[SwitchE] interface vlan-interface 34
[SwitchE-Vlan-interface34] rip 1 enable
[SwitchE-Vlan-interface34] dci enable
[SwitchE-Vlan-interface34] quit
# 开启EVPN的分布式聚合模式,并配置虚拟ED地址为5.6.7.8。
[SwitchE] evpn m-lag group 5.6.7.8
# EVPN M-LAG组网中配置组成M-LAG系统的本地VTEP的IP地址为4.4.4.4、远端VTEP的IP地址为5.5.5.5。
[SwitchE] evpn m-lag local 4.4.4.4 remote 5.5.5.5
# 配置VPN实例vpn1的RD和RT。
[SwitchE] ip vpn-instance vpn1
[SwitchE-vpn-instance-vpn1] route-distinguisher 1:4
[SwitchE-vpn-instance-vpn1] address-family ipv4
[SwitchE-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchE-vpn-ipv4-vpn1] quit
[SwitchE-vpn-instance-vpn1] address-family evpn
[SwitchE-vpn-evpn-vpn1] vpn-target 1:1
[SwitchE-vpn-evpn-vpn1] quit
[SwitchE-vpn-instance-vpn1] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] rip 1 enable
[SwitchE-LoopBack0] pim sm
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance vpn1
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchE] interface loopback 2
[SwitchE-LoopBack2] ip address 5.6.7.8 32
[SwitchE-LoopBack2] ospf 1 area 0.0.0.0
[SwitchE-LoopBack2] rip 1 enable
[SwitchE-LoopBack2] quit
# 配置VSI虚接口VSI-interface1。
[SwitchE] interface vsi-interface 1
[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface1] ip address 192.168.58.2 255.255.255.0
[SwitchE-Vsi-interface1] pim sm
[SwitchE-Vsi-interface1] igmp enable
[SwitchE-Vsi-interface1] distributed-gateway local
[SwitchE-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchE-Vsi-interface2] l3-vni 1000
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 11的数据帧。
[SwitchE] interface ten-gigabitethernet 1/0/1
[SwitchE-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchE-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 11
[SwitchE-Ten-GigabitEthernet1/0/1] service-instance 100
[SwitchE-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchE-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[SwitchE-Ten-GigabitEthernet1/0/1-srv100] quit
# 使能VPN实例1的IP组播路由功能。
[SwitchE] multicast routing vpn-instance vpn1
[SwitchE-mrib-vpn1] quit
# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchE] pim vpn-instance vpn1
[SwitchE-pim-vpn1] c-bsr 4.4.4.4
[SwitchE-pim-vpn1] c-rp 4.4.4.4
[SwitchE-pim-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchE-mvxlan-vpn1] address-family ipv4
[SwitchE-mvxlan-vpn1-ipv4] default-group 236.0.0.0
[SwitchE-mvxlan-vpn1-ipv4] source loopback 2 evpn-mlag-group
[SwitchE-mvxlan-vpn1-ipv4] data-group 239.0.0.0 24
[SwitchE-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchE-mvxlan-vpn1-ipv4] dci enable
[SwitchE-mvxlan-vpn1-ipv4] quit
[SwitchE-mvxlan-vpn1] quit
# 配置组成M-LAG系统的本地和远端ED的IPv4地址。
[SwitchE] multicast-vpn vxlan m-lag local 4.4.4.4 remote 5.5.5.5
# 配置路由策略,使Switch E收到来自于Switch F的SMET路由和S-PMSI路由后,不将该路由转发给SwitchC和Switch D;并且,Switch E收到来自于非M-LAG对端设备的SMET路由和S-PMSI路由后,修改路由的下一跳为4.4.4.4。
[SwitchE] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchE] ip prefix-list 2 index 10 permit 5.5.5.5 32
[SwitchE] route-policy 4 deny node 0
[SwitchE-route-policy-4-0] if-match ip route-source prefix-list 2
[SwitchE-route-policy-4-0] if-match route-type bgp-evpn-mac-ip bgp-evpn-imet bgp-evpn-ip-prefix
[SwitchE-route-policy-4-0] quit
[SwitchE] route-policy 4 deny node 1
[SwitchE-route-policy-4-1] if-match ip route-source prefix-list 2
[SwitchE-route-policy-4-1] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-4-1] quit
[SwitchE] route-policy 4 permit node 2
[SwitchE-route-policy-4-2] if-match ip route-source prefix-list 1
[SwitchE-route-policy-4-2] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-4-2] apply ip-address next-hop 4.4.4.4
[SwitchE-route-policy-4-2] quit
[SwitchE] route-policy 4 permit node 3
[SwitchE-route-policy-4-3] if-match ip route-source prefix-list 1
[SwitchE-route-policy-4-3] quit
# 配置路由策略,使Switch E只向Switch F发送SMET路由和S-PMSI路由。
[SwitchE] route-policy 10 permit node 1
[SwitchE-route-policy-10-1] if-match ip route-source prefix-list 1
[SwitchE-route-policy-10-1] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-10-1] quit
# 配置BGP发布EVPN路由,指定发布EVPN路由时,将下一跳地址修改为M-LAG的虚拟ED地址。
[SwitchE] bgp 200
[SwitchE-bgp-default] peer 5.5.5.5 as-number 200
[SwitchE-bgp-default] peer 5.5.5.5 connect-interface loopback 0
[SwitchE-bgp-default] peer 6.6.6.6 as-number 200
[SwitchE-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchE-bgp-default] peer 2.2.2.2 as-number 100
[SwitchE-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchE-bgp-default] peer 2.2.2.2 ebgp-max-hop 64
[SwitchE-bgp-default] peer 3.3.3.3 as-number 100
[SwitchE-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchE-bgp-default] peer 3.3.3.3 ebgp-max-hop 64
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] nexthop evpn-m-lag group-address
[SwitchE-bgp-default-evpn] peer 5.5.5.5 enable
[SwitchE-bgp-default-evpn] peer 5.5.5.5 next-hop-local
[SwitchE-bgp-default-evpn] peer 5.5.5.5 route-policy 10 export
[SwitchE-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchE-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchE-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchE-bgp-default-evpn] peer 2.2.2.2 router-mac-local
[SwitchE-bgp-default-evpn] peer 2.2.2.2 route-policy 4 export
[SwitchE-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchE-bgp-default-evpn] peer 3.3.3.3 router-mac-local
[SwitchE-bgp-default-evpn] peer 3.3.3.3 route-policy 4 export
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
# 配置以太网链路聚合接口作为peer-link链路。
[SwitchE] interface bridge-aggregation 9
[SwitchE-Bridge-Aggregation9] port link-type trunk
[SwitchE-Bridge-Aggregation9] port trunk permit vlan all
[SwitchE-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchE-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchE-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchE] interface ten-gigabitethernet 1/0/2
[SwitchE-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchE-Ten-GigabitEthernet1/0/2] quit
# 配置M-LAG系统。
[SwitchE] m-lag restore-delay 180
[SwitchE] m-lag system-mac 0002-0002-0002
[SwitchE] m-lag system-number 1
[SwitchE] m-lag system-priority 10
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchE] vsi vpna
[SwitchE-vsi-vpna] gateway vsi-interface 1
[SwitchE-vsi-vpna] quit
(7) 配置Switch F
# 开启L2VPN能力,使能IP组播路由功能,并启动OSPF和RIP进程。
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
[SwitchF] pim
[SwitchF-pim] quit
[SwitchF] ospf 1
[SwitchF-ospf-1] area 0.0.0.0
[SwitchF-ospf-1-area-0.0.0.0] quit
[SwitchF-ospf-1] quit
[SwitchF] rip 1
[SwitchF-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchF] vsi vpna
[SwitchF-vsi-vpna] evpn encapsulation vxlan
[SwitchF-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchF-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchF-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchF-vsi-vpna] igmp-snooping enable
[SwitchF-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 11。
[SwitchF-vsi-vpna] vxlan 11
[SwitchF-vsi-vpna-vxlan-11] quit
[SwitchF-vsi-vpna] quit
# 在与Switch C连接的三层口上配置RIP路由协议,并开启DCI功能。
[SwitchF] interface vlan-interface 25
[SwitchF-Vlan-interface25] rip 1 enable
[SwitchF-Vlan-interface25] dci enable
[SwitchF-Vlan-interface25] quit
# 在与Switch D连接的三层口上配置RIP路由协议,并开启DCI功能。
[SwitchF] interface vlan-interface 35
[SwitchF-Vlan-interface35] rip 1 enable
[SwitchF-Vlan-interface35] dci enable
[SwitchF-Vlan-interface35] quit
# 开启EVPN的分布式聚合模式,并配置虚拟ED地址为5.6.7.8。
[SwitchF] evpn m-lag group 5.6.7.8
# EVPN M-LAG组网中配置组成M-LAG系统的本地VTEP的IP地址为5.5.5.5、远端VTEP的IP地址为4.4.4.4。
[SwitchF] evpn m-lag local 5.5.5.5 remote 4.4.4.4
# 配置VPN实例vpn1的RD和RT。
[SwitchF] ip vpn-instance vpn1
[SwitchF-vpn-instance-vpn1] route-distinguisher 1:5
[SwitchF-vpn-instance-vpn1] address-family ipv4
[SwitchF-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchF-vpn-ipv4-vpn1] quit
[SwitchF-vpn-instance-vpn1] address-family evpn
[SwitchF-vpn-evpn-vpn1] vpn-target 1:1
[SwitchF-vpn-evpn-vpn1] quit
[SwitchF-vpn-instance-vpn1] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 5.5.5.5 32
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] rip 1 enable
[SwitchF-LoopBack0] pim sm
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance vpn1
[SwitchF-LoopBack1] ip address 5.5.5.5 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip address 5.6.7.8 32
[SwitchF-LoopBack2] ospf 1 area 0.0.0.0
[SwitchF-LoopBack2] rip 1 enable
[SwitchF-LoopBack2] quit
# 配置VSI虚接口VSI-interface1。
[SwitchF] interface vsi-interface 1
[SwitchF-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchF-Vsi-interface1] ip address 192.168.58.3 255.255.255.0
[SwitchF-Vsi-interface1] pim sm
[SwitchF-Vsi-interface1] igmp enable
[SwitchF-Vsi-interface1] distributed-gateway local
[SwitchF-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] pim sm
[SwitchF-Vsi-interface2] quit
在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 11的数据帧。
[SwitchF] interface ten-gigabitethernet 1/0/1
[SwitchF-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchF-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 11
[SwitchF-Ten-GigabitEthernet1/0/1] service-instance 100
[SwitchF-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchF-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[SwitchF-Ten-GigabitEthernet1/0/1-srv100] quit
# 使能VPN实例1的IP组播路由功能。
[SwitchF] multicast routing vpn-instance vpn1
[SwitchF-mrib-vpn1] quit
# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpn1
[SwitchF-pim-vpn1] c-bsr 5.5.5.5
[SwitchF-pim-vpn1] c-rp 5.5.5.5
[SwitchF-pim-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchF] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchF-mvxlan-vpn1] address-family ipv4
[SwitchF-mvxlan-vpn1-ipv4] default-group 236.0.0.0
[SwitchF-mvxlan-vpn1-ipv4] source loopback 2 evpn-mlag-group
[SwitchF-mvxlan-vpn1-ipv4] data-group 239.0.0.0 24
[SwitchF-mvxlan-vpn1-ipv4] s-pmsi advertise source-active
[SwitchF-mvxlan-vpn1-ipv4] dci enable
[SwitchF-mvxlan-vpn1-ipv4] quit
[SwitchF-mvxlan-vpn1] quit
# 配置组成M-LAG系统的本地和远端ED的IPv4地址。
[SwitchF] multicast-vpn vxlan m-lag local 5.5.5.5 remote 4.4.4.4
# 配置路由策略,使Switch F收到来自于Switch E的SMET路由和S-PMSI路由后,不将该路由转发给Switch C和Switch D;并且,Switch F收到来自于非M-LAG对端设备的SMET路由和S-PMSI路由后,修改路由的下一跳为5.5.5.5。
[SwitchF] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchF] ip prefix-list 2 index 10 permit 4.4.4.4 32
[SwitchF] route-policy 5 deny node 0
[SwitchF-route-policy-5-0] if-match ip route-source prefix-list 2
[SwitchF-route-policy-5-0] if-match route-type bgp-evpn-mac-ip bgp-evpn-imet bgp-evpn-ip-prefix
[SwitchF-route-policy-5-0] quit
[SwitchF] route-policy 5 deny node 1
[SwitchF-route-policy-5-1] if-match ip route-source prefix-list 2
[SwitchF-route-policy-5-1] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-5-1] quit
[SwitchF] route-policy 5 permit node 2
[SwitchF-route-policy-5-2] if-match ip route-source prefix-list 1
[SwitchF-route-policy-5-2] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-5-2] apply ip-address next-hop 5.5.5.5
[SwitchF-route-policy-5-2] quit
[SwitchF] route-policy 5 permit node 3
[SwitchF-route-policy-5-3] if-match ip route-source prefix-list 1
[SwitchF-route-policy-5-3] quit
# 配置路由策略,使Switch F只向Switch E发送SMET路由和S-PMSI路由。
[SwitchF] route-policy 10 permit node 1
[SwitchF-route-policy-10-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-10-1] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-10-1] quit
# 配置BGP发布EVPN路由,指定发布EVPN路由时,将下一跳地址修改为M-LAG的虚拟ED地址。
[SwitchF] bgp 200
[SwitchF-bgp-default] peer 4.4.4.4 as-number 200
[SwitchF-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchF-bgp-default] peer 6.6.6.6 as-number 200
[SwitchF-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchF-bgp-default] peer 2.2.2.2 as-number 100
[SwitchF-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchF-bgp-default] peer 2.2.2.2 ebgp-max-hop 64
[SwitchF-bgp-default] peer 3.3.3.3 as-number 100
[SwitchF-bgp-default] peer 3.3.3.3 connect-interface loopback 0
[SwitchF-bgp-default] peer 3.3.3.3 ebgp-max-hop 64
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] nexthop evpn-m-lag group-address
[SwitchF-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchF-bgp-default-evpn] peer 4.4.4.4 next-hop-local
[SwitchF-bgp-default-evpn] peer 4.4.4.4 route-policy 10 export
[SwitchF-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchF-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchF-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchF-bgp-default-evpn] peer 2.2.2.2 router-mac-local
[SwitchF-bgp-default-evpn] peer 2.2.2.2 route-policy 5 export
[SwitchF-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchF-bgp-default-evpn] peer 3.3.3.3 router-mac-local
[SwitchF-bgp-default-evpn] peer 3.3.3.3 route-policy 5 export
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
# 配置以太网链路聚合接口作为peer-link链路。
[SwitchF] interface bridge-aggregation 9
[SwitchF-Bridge-Aggregation9] port link-type trunk
[SwitchF-Bridge-Aggregation9] port trunk permit vlan all
[SwitchF-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchF-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchF-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchF] interface ten-gigabitethernet 1/0/2
[SwitchF-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchF-Ten-GigabitEthernet1/0/2] quit
# 配置M-LAG系统。
[SwitchF] m-lag restore-delay 180
[SwitchF] m-lag system-mac 0002-0002-0002
[SwitchF] m-lag system-number 2
[SwitchF] m-lag system-priority 10
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchF] vsi vpna
[SwitchF-vsi-vpna] gateway vsi-interface 1
[SwitchF-vsi-vpna] quit
(8) 配置Switch G
# 开启L2VPN能力,使能IP组播路由功能,创建VLAN11。
<SwitchG> system-view
[SwitchG] l2vpn enable
[SwitchG] multicast routing
[SwitchG-mrib] quit
[SwitchG] vlan 11
[SwitchG-vlan11] quit
# 开启设备的IGMP Snooping功能。
[SwitchG] igmp-snooping
[SwitchG-igmp-snooping] quit
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchG] vxlan tunnel mac-learning disable
[SwitchG] vxlan tunnel arp-learning disable
# 创建接口LoopBack0,并配置LoopBack0接口。
[SwitchG] interface loopback 0
[SwitchG-LoopBack0] ip address 6.6.6.6 32
[SwitchG-LoopBack0] pim sm
[SwitchG-LoopBack0] ospf 1 area 0.0.0.0
[SwitchG-LoopBack0] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] evpn encapsulation vxlan
[SwitchG-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchG-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchG-vsi-vpna-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。
[SwitchG-vsi-vpna] igmp-snooping enable
[SwitchG-vsi-vpna] igmp-snooping proxy enable
# 创建VXLAN 11。
[SwitchG-vsi-vpna] vxlan 11
[SwitchG-vsi-vpna-vxlan-11] quit
[SwitchG-vsi-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchG] bgp 200
[SwitchG-bgp-default] group evpn internal
[SwitchG-bgp-default] peer evpn connect-interface loopback 0
[SwitchG-bgp-default] peer 4.4.4.4 group evpn
[SwitchG-bgp-default] peer 5.5.5.5 group evpn
[SwitchG-bgp-default] address-family l2vpn evpn
[SwitchG-bgp-default-evpn] peer evpn enable
[SwitchG-bgp-default-evpn] peer evpn next-hop-local
[SwitchG-bgp-default-evpn] quit
[SwitchG-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 11的数据帧。
[SwitchG] interface ten-gigabitethernet 1/0/1
[SwitchG-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchG-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 11
[SwitchG-Ten-GigabitEthernet1/0/1] service-instance 100
[SwitchG-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11
# 配置以太网服务实例100与VSI实例vpna关联。
[SwitchG-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna
[SwitchG-Ten-GigabitEthernet1/0/1-srv100] quit
# 配置L3VNI的RD和RT。
[SwitchG] ip vpn-instance vpn1
[SwitchG-vpn-instance-vpn1] route-distinguisher 1:6
[SwitchG-vpn-instance-vpn1] address-family ipv4
[SwitchG-vpn-ipv4-vpn1] vpn-target 2:2
[SwitchG-vpn-ipv4-vpn1] quit
[SwitchG-vpn-instance-vpn1] address-family evpn
[SwitchG-vpn-evpn-vpn1] vpn-target 1:1
[SwitchG-vpn-evpn-vpn1] quit
[SwitchG-vpn-instance-vpn1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchG] interface vsi-interface 1
[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface1] ip address 192.168.60.2 255.255.255.0
[SwitchG-Vsi-interface1] pim sm
[SwitchG-Vsi-interface1] igmp enable
[SwitchG-Vsi-interface1] distributed-gateway local
[SwitchG-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。
[SwitchG] interface vsi-interface 2
[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1
[SwitchG-Vsi-interface2] l3-vni 1000
[SwitchG-Vsi-interface2] pim sm
[SwitchG-Vsi-interface2] quit
# 使能VPN实例vpn1的IP组播路由功能。
[SwitchG] multicast routing vpn-instance vpn1
[SwitchG-mrib-vpn1] quit
# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。
[SwitchG] multicast-vpn vxlan vpn-instance vpn1 mode mdt
[SwitchG-mvxlan-vpn1] address-family ipv4
[SwitchG-mvxlan-vpn1-ipv4] default-group 236.0.0.0
[SwitchG-mvxlan-vpn1-ipv4] source loopback 0
[SwitchG-mvxlan-vpn1-ipv4] data-group 239.0.0.0 24
[SwitchG-mvxlan-vpn1-ipv4] quit
[SwitchG-mvxlan-vpn1] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchG] interface loopback 1
[SwitchG-LoopBack1] ip binding vpn-instance vpn1
[SwitchG-LoopBack1] ip address 6.6.6.6 32
[SwitchG-LoopBack1] pim sm
[SwitchG-LoopBack1] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchG] pim vpn-instance vpn1
[SwitchG-pim-vpn1] c-bsr 6.6.6.6
[SwitchG-pim-vpn1] c-rp 6.6.6.6
[SwitchG-pim-vpn1] quit
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchG] vsi vpna
[SwitchG-vsi-vpna] gateway vsi-interface 1
[SwitchG-vsi-vpna] quit
(1) 查看VTEP设备上的组播路由信息。
# 查看Switch A上VPN实例1和公网的组播路由信息。
<SwitchA> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF RC
UpTime: 00:00:55
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface1
Protocol: igmp, UpTime: 00:00:04, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:00:55, Expires: -
(192.168.57.1, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT FROMVXLAN
UpTime: 00:01:06
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:00:04, Expires: -
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 5 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 04:53:19
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Ten-GigabitEthernet1/0/2
Protocol: pim-sm, UpTime: 04:50:57, Expires: 00:03:30
2: Ten-GigabitEthernet1/0/3
Protocol: pim-sm, UpTime: 04:51:43, Expires: 00:02:35
(2.2.2.2, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 04:50:57
Upstream interface: Ten-GigabitEthernet1/0/2
Upstream neighbor: 12.1.1.2
RPF prime neighbor: 12.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:50:57, Expires: -
(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 04:51:43
Upstream interface: Ten-GigabitEthernet1/0/3
Upstream neighbor: 13.1.1.2
RPF prime neighbor: 13.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:51:43, Expires: -
(2.2.2.2, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:00:54
Upstream interface: Ten-GigabitEthernet1/0/2
Upstream neighbor: 12.1.1.2
RPF prime neighbor: 12.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:00:54, Expires: -
(3.3.3.3, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:00:54
Upstream interface: Ten-GigabitEthernet1/0/3
Upstream neighbor: 13.1.1.2
RPF prime neighbor: 13.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:00:54, Expires: -
# 查看SwitchG 上VPN实例vpn1和公网的组播路由信息。
<SwitchG> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF RC
UpTime: 00:03:29
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface1
Protocol: igmp, UpTime: 00:03:29, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:02:38, Expires: -
(192.168.57.1, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT FROMVXLAN
UpTime: 00:03:40
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:03:29, Expires: -
<SwitchG> display pim routing-table
Total 0 (*, G) entries; 5 (S, G) entries
(4.4.4.4, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 04:53:14
Upstream interface: Ten-GigabitEthernet1/0/2
Upstream neighbor: 46.1.1.1
RPF prime neighbor: 46.1.1.1
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:53:14, Expires: -
(5.5.5.5, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 04:52:09
Upstream interface: Ten-GigabitEthernet1/0/3
Upstream neighbor: 56.1.1.1
RPF prime neighbor: 56.1.1.1
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:52:09, Expires: -
(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 04:55:14
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Ten-GigabitEthernet1/0/2
Protocol: pim-sm, UpTime: 04:53:14, Expires: 00:02:47
2: Ten-GigabitEthernet1/0/3
Protocol: pim-sm, UpTime: 04:52:03, Expires: 00:02:46
(4.4.4.4, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:03:35
Upstream interface: Ten-GigabitEthernet1/0/2
Upstream neighbor: 46.1.1.1
RPF prime neighbor: 46.1.1.1
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:03:35, Expires: -
(5.5.5.5, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:03:35
Upstream interface: Ten-GigabitEthernet1/0/3
Upstream neighbor: 56.1.1.1
RPF prime neighbor: 56.1.1.1
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:03:35, Expires: -
(2) 查看ED层设备上的组播路由信息。
# 查看Switch C上VPN实例vpn1和公网的组播路由信息。
<SwitchC> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF RC
UpTime: 00:04:47
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: MTunnel0
Protocol: MD, UpTime: 00:03:55, Expires: -
2: Vsi-interface2
Protocol: MD, UpTime: 00:04:47, Expires: -
(192.168.57.1, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC ACT SQ SRC-ACT FROMMLAG
UpTime: 00:04:58
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: MD, UpTime: 00:04:47, Expires: -
<SwitchC> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 04:54:47
Upstream interface: Ten-GigabitEthernet1/0/2
Upstream neighbor: 12.1.1.1
RPF prime neighbor: 12.1.1.1
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:54:47, Expires: -
(2.2.2.2, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 04:56:53
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Ten-GigabitEthernet1/0/2
Protocol: pim-sm, UpTime: 04:54:47, Expires: 00:02:48
(2.2.2.2, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:05:34
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Ten-GigabitEthernet1/0/2
Protocol: pim-sm, UpTime: 00:04:42, Expires: 00:02:51
# 查看Switch D上VPN实例vpn1和公网的组播路由信息。
<SwitchD> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF RC
UpTime: 00:06:17
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:06:17, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:05:25, Expires: -
(192.168.57.1, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC ACT SQ SRC-ACT 2MVPN FROMMLAG
UpTime: 00:06:29
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: MTunnel1
Protocol: MD, UpTime: 00:05:25, Expires: -
2: Vsi-interface2
Protocol: MD, UpTime: 00:06:17, Expires: -
<SwitchD> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 04:56:42
Upstream interface: Ten-GigabitEthernet1/0/3
Upstream neighbor: 13.1.1.1
RPF prime neighbor: 13.1.1.1
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:56:42, Expires: -
(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 04:57:45
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Ten-GigabitEthernet1/0/3
Protocol: pim-sm, UpTime: 04:56:42, Expires: 00:03:02
(3.3.3.3, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:06:33
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Ten-GigabitEthernet1/0/3
Protocol: pim-sm, UpTime: 00:05:42, Expires: 00:02:51
# 查看Switch E上VPN实例vpn1和公网的组播路由信息。
<SwitchE> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF RC
UpTime: 00:07:09
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:06:18, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:07:09, Expires: -
(192.168.57.1, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT SQ SRC-ACT FROMACTDCI
UpTime: 00:07:21
Upstream interface: Vsi-interface2
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information: None
<SwitchE>display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries
(4.4.4.4, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 05:00:50
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Ten-GigabitEthernet1/0/2
Protocol: pim-sm, UpTime: 04:59:00, Expires: 00:02:52
(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 04:59:00
Upstream interface: Ten-GigabitEthernet1/0/2
Upstream neighbor: 46.1.1.2
RPF prime neighbor: 46.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:59:00, Expires: -
(4.4.4.4, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:08:49
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Ten-GigabitEthernet1/0/2
Protocol: pim-sm, UpTime: 00:08:49, Expires: 00:03:30
# 查看Switch F上VPN实例vpn1和公网的组播路由信息。
<SwitchF> display pim vpn-instance vpn1 routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF RC
UpTime: 00:10:25
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 3
1: MTunnel0
Protocol: MD, UpTime: 00:10:25, Expires: -
2: Vsi-interface2
Protocol: MD, UpTime: 00:09:34, Expires: -
3: Vsi-interface1
Protocol: igmp, UpTime: 00:09:35, Expires: -
(192.168.57.1, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT SQ SRC-ACT FROMACTDCI
UpTime: 00:10:37
Upstream interface: Vsi-interface2
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:09:35, Expires: -
2: MTunnel1
Protocol: MD, UpTime: 00:10:05, Expires: -
<SwitchF> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries
(5.5.5.5, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 05:02:07
Upstream interface: MTunnel0 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Ten-GigabitEthernet1/0/3
Protocol: pim-sm, UpTime: 04:58:49, Expires: 00:03:21
(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 04:58:49
Upstream interface: Ten-GigabitEthernet1/0/3
Upstream neighbor: 56.1.1.2
RPF prime neighbor: 56.1.1.2
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 04:58:49, Expires: -
(5.5.5.5, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:10:34
Upstream interface: MTunnel1 (VPN: vpn1)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Ten-GigabitEthernet1/0/3
Protocol: pim-sm, UpTime: 00:10:34, Expires: 00:02:55
Switch A、Switch B为DC 1的VTEP设备,用于用户的接入;Switch D、Switch E、Switch F为DC 1的ED设备,用于DC间的互联;Switch C为DC 1的RR,在Switch之间反射路由。Switch J为DC 2的VTEP设备,用于用户的接入;Switch H、Switch I为DC 2的ED设备,用于DC间的互联。Switch L为DC 3的VTEP设备,用于用户的接入;Switch K为DC 2的ED设备,用于DC间的互联;Switch G设备用于连接不同DC的ED。
DC 1内使用L3VNI 1000,DC 2内使用L3VNI 2000,DC 3内均使用L3VNI 3000。不同DC的L3VNI均映射为L3VNI 4000,以实现DC间组播流量互通。
Switch A~Switch L连接DC内设备的公网接口上均配置PIM-SM,Switch A、Switch B、Switch J、Switch L上使能IGMP Snooping功能,用于建立组播转发表项。连接DC外设备的公网接口不需要使能PIM-SM。
Switch A连接组播源,Switch B、Switch J、Switch L连接组播接收者,组播接收者可接收组播组225.0.0.1的组播流量。
图3-8 三DC跨数据中心三层组播互通支持多ED配置举例(使用相同L3VNI映射)
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Switch A |
Loop0 |
1.1.1.1/32 |
Switch B |
Loop0 |
2.2.2.2/32 |
|
|
Loop1 |
1.1.1.1/32 |
|
Loop1 |
2.2.2.2/32 |
|
|
Vlan-int10 |
121.121.121.1/24 |
|
XGE1/0/1 |
- |
|
|
XGE1/0/2 |
- |
|
Vlan-int20 |
122.122.122.2/24 |
|
|
VSI-int1 |
10.0.0.1/24 |
|
VSI-int1 |
10.0.0.1/24 |
|
|
VSI-int2 |
- |
|
VSI-int2 |
- |
|
Switch C |
Loop0 |
12.12.12.12/32 |
Swtich D |
Loop0 |
3.3.3.3/32 |
|
|
Vlan-int10 |
121.121.121.12/24 |
|
Loop1 |
3.3.3.3/32 |
|
|
Vlan-int20 |
122.122.122.12/24 |
|
Loop2 |
3.4.5.0/32 |
|
|
Vlan-int30 |
123.123.123.12/24 |
|
Vlan-int3 |
113.113.113.3/24 |
|
|
Vlan-int40 |
124.124.124.12/24 |
|
Vlan-int30 |
123.123.123.3/24 |
|
|
Vlan-int50 |
125.125.125.12/24 |
|
VSI-int2 |
- |
|
Swtich E |
Loop0 |
4.4.4.4/32 |
Swtich F |
Loop0 |
5.5.5.5/32 |
|
|
Loop1 |
4.4.4.4/32 |
|
Loop1 |
5.5.5.5/32 |
|
|
Loop2 |
3.4.5.0/32 |
|
Loop2 |
3.4.5.0/32 |
|
|
Vlan-int4 |
114.114.114.4/24 |
|
Vlan-int50 |
125.125.125.5/24 |
|
|
Vlan-int40 |
124.124.124.4/24 |
|
Vlan-int5 |
115.115.115.5/24 |
|
|
VSI-int2 |
- |
|
VSI-int2 |
- |
|
Swtich G |
Loop0 |
11.11.11.11/32 |
Switch J |
Loop0 |
8.8.8.8/32 |
|
|
Vlan-int3 |
113.113.113.11/24 |
|
Loop1 |
8.8.8.8/32 |
|
|
Vlan-int4 |
114.114.114.11/24 |
|
XGE1/0/1 |
- |
|
|
Vlan-int5 |
115.115.115.11/24 |
|
Vlan-int200 |
78.78.78.87/24 |
|
|
Vlan-int9 |
119.119.119.11/24 |
|
Vlan-int300 |
68.68.68.86/24 |
|
|
Vlan-int7 |
117.117.117.11/24 |
|
VSI-int1 |
10.0.0.1/24 |
|
|
Vlan-int6 |
116.116.116.11/24 |
|
VSI-int2 |
- |
|
Switch H |
Loop0 |
6.6.6.6/32 |
Switch I |
Loop0 |
7.7.7.7/32 |
|
|
Loop1 |
6.6.6.6/32 |
|
Loop1 |
7.7.7.7/32 |
|
|
Loop2 |
2.2.1.1/32 |
|
Loop2 |
2.2.1.1/32 |
|
|
Vlan-int300 |
68.68.68.68/24 |
|
Vlan-int7 |
117.117.117.7/24 |
|
|
Vlan-int6 |
116.116.116.6/24 |
|
Vlan-int200 |
78.78.78.78/24 |
|
|
VSI-int2 |
- |
|
VSI-int2 |
- |
|
Swtich K |
Loop0 |
9.9.9.9/32 |
Switch L |
Loop0 |
10.10.10.10/32 |
|
|
Loop1 |
9.9.9.9/32 |
|
Loop1 |
10.10.10.10/32 |
|
|
Vlan-int100 |
109.109.109.9/24 |
|
Vlan-int100 |
109.109.109.10/24 |
|
|
Vlan-int9 |
119.119.119.9/24 |
|
XGE1/0/2 |
- |
|
|
VSI-int2 |
- |
|
VSI-int1 |
10.0.0.1/24 |
|
|
|
|
|
VSI-int2 |
- |
(1) 配置IP地址、单播路由协议和PIM SM协议
# 在Source和Receiver上均指定网关地址为10.0.0.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在DC内配置OSPF协议,确保DC内的路由器之间路由可达。(具体配置过程略)
# 在DC内设备间相连的VLAN接口上使能PIM SM。ED间相连的VLAN接口上不能使能PIM SM。如果ED间的接口上已使能了PIM SM功能,则需要执行pim bsr-boundary命令将ED配置为BSR的服务边界。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF进程,创建VLAN 11。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] pim
[SwitchA-pim] quit
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA] vlan 11
[SwitchA-vlan11] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] quit
# 在VSI实例1下创建EVPN实例。
[SwitchA] vsi 1
[SwitchA-vsi-1] evpn encapsulation vxlan
[SwitchA-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity [SwitchA-vsi-1-evpn-vxlan] quit
# 在VSI实例1内使能IGMP Snooping。
[SwitchA-vsi-1] igmp-snooping enable
# 创建VXLAN 10。
[SwitchA-vsi-1] vxlan 10
[SwitchA-vsi-1-vxlan-10] quit
# 配置BGP发布EVPN路由,并使能与对等体的Add-Path接收能力。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 12.12.12.12 as-number 100
[SwitchA-bgp-default] peer 12.12.12.12 connect-interface LoopBack0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchA-bgp-default-evpn] peer 12.12.12.12 additional-paths receive
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/2上创建以太网服务实例11,该实例用来匹配VLAN 11的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-mode bridge
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 1 11
[SwitchA-Ten-GigabitEthernet1/0/2] service-instance 11
[SwitchA-Ten-GigabitEthernet1/0/2-srv11] encapsulation s-vid 11
# 配置以太网服务实例11与VSI实例1关联。
[SwitchA-Ten-GigabitEthernet1/0/2-srv11] xconnect vsi 1
[SwitchA-Ten-GigabitEthernet1/0/2-srv11] quit
[SwitchA-Ten-GigabitEthernet1/0/2] quit
# 配置VPN a的RD和RT。
[SwitchA] ip vpn-instance a
[SwitchA-vpn-instance-a] route-distinguisher 1:1
[SwitchA-vpn-instance-a] vpn-target 10:10 import-extcommunity
[SwitchA-vpn-instance-a] vpn-target 10:10 export-extcommunity
[SwitchA-vpn-instance-a] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance a
[SwitchA-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] mac-address 0001-0001-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为1000。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance a
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchA] multicast routing vpn-instance a
[SwitchA-mrib-a] quit
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。
[SwitchA] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchA-mvxlan-a] address-family ipv4
[SwitchA-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchA-mvxlan-a-ipv4] source loopback 0
[SwitchA-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchA-mvxlan-a-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-a-ipv4] quit
[SwitchA-mvxlan-a] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance a
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 进入VPN实例a的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance a
[SwitchA-pim-a] c-bsr 1.1.1.1
[SwitchA-pim-a] c-rp 1.1.1.1
[SwitchA-pim-a] quit
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi 1
[SwitchA-vsi-1] gateway vsi-interface 1
[SwitchA-vsi-1] quit
(3) 配置Switch B
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF进程,创建VLAN 22。
<SwitchB> system-view
[SwitchB] l2vpn enable
[SwitchB] multicast routing
[SwitchB-mrib] quit
[SwitchB] pim
[SwitchB-pim] quit
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
[SwitchB] vlan 22
[SwitchB-vlan22] quit
# 开启设备的IGMP Snooping功能。
[SwitchB] igmp-snooping
[SwitchB-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] quit
# 在VSI实例1下创建EVPN实例。
[SwitchB] vsi 1
[SwitchB-vsi-1] evpn encapsulation vxlan
[SwitchB-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchB-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity [SwitchB-vsi-1-evpn-vxlan] quit
# 在VSI实例1内使能IGMP Snooping。
[SwitchB-vsi-1] igmp-snooping enable
# 创建VXLAN 10。
[SwitchB-vsi-1] vxlan 10
[SwitchB-vsi-1-vxlan-10] quit
# 配置BGP发布EVPN路由,并使能与对等体的Add-Path接收能力。
[SwitchB] bgp 100
[SwitchB-bgp-default] peer 12.12.12.12 as-number 100
[SwitchB-bgp-default] peer 12.12.12.12 connect-interface LoopBack0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchB-bgp-default-evpn] peer 12.12.12.12 additional-paths receive
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例22,该实例用来匹配VLAN 22的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] port link-mode bridge
[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 22
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 22
[SwitchB-Ten-GigabitEthernet1/0/1-srv22] encapsulation s-vid 22
# 配置以太网服务实例22与VSI实例1关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv22] xconnect vsi 1
[SwitchB-Ten-GigabitEthernet1/0/1-srv22] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 配置VPN a的RD和RT。
[SwitchB] ip vpn-instance a
[SwitchB-vpn-instance-a] route-distinguisher 2:2
[SwitchB-vpn-instance-a] vpn-target 10:10 import-extcommunity
[SwitchB-vpn-instance-a] vpn-target 10:10 export-extcommunity
[SwitchB-vpn-instance-a] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance a
[SwitchB-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchB-Vsi-interface1] pim sm
[SwitchB-Vsi-interface1] igmp enable
[SwitchB-Vsi-interface1] mac-address 0001-0001-0001
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为1000。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance a
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] pim sm
[SwitchB-Vsi-interface2] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchB] multicast routing vpn-instance a
[SwitchB-mrib-a] quit
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。
[SwitchB] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchB-mvxlan-a] address-family ipv4
[SwitchB-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchB-mvxlan-a-ipv4] source loopback 0
[SwitchB-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchB-mvxlan-a-ipv4] s-pmsi advertise source-active
[SwitchB-mvxlan-a-ipv4] quit
[SwitchB-mvxlan-a] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchB] interface loopback 1
[SwitchB-LoopBack1] ip binding vpn-instance a
[SwitchB-LoopBack1] ip address 2.2.2.2 32
[SwitchB-LoopBack1] pim sm
[SwitchB-LoopBack1] quit
# 进入VPN实例a的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchB] pim vpn-instance a
[SwitchB-pim-a] c-bsr 2.2.2.2
[SwitchB-pim-a] c-rp 2.2.2.2
[SwitchB-pim-a] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi 1
[SwitchB-vsi-1] gateway vsi-interface 1
[SwitchB-vsi-1] quit
(4) 配置Switch C
# 使能IP组播路由功能,启动OSPF进程。
<SwitchC> system-view
[SwitchC] multicast routing
[SwitchC-mrib] quit
[SwitchC] pim
[SwitchC-pim] quit
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 12.12.12.12 32
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] quit
# 配置Switch C作为RR,在Switch之间反射BGP EVPN路由,使能与对等体Switch A和Switch B的Add-path发送能力,并配置Add-path优选路由的最大条数。其中,Add-path优选路由的最大条数不能小于ED对等体的个数。
[SwitchC] bgp 100
[SwitchC-bgp-default] group ED internal
[SwitchC-bgp-default] peer ED connect-interface LoopBack0
[SwitchC-bgp-default] group VTEP internal
[SwitchC-bgp-default] peer VTEP connect-interface LoopBack0
[SwitchC-bgp-default] peer 1.1.1.1 group VTEP
[SwitchC-bgp-default] peer 2.2.2.2 group VTEP
[SwitchC-bgp-default] peer 3.3.3.3 group ED
[SwitchC-bgp-default] peer 4.4.4.4 group ED
[SwitchC-bgp-default] peer 5.5.5.5 group ED
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] undo policy vpn-target
[SwitchC-bgp-default-evpn] additional-paths select-best 3
[SwitchC-bgp-default-evpn] peer ED enable
[SwitchC-bgp-default-evpn] peer ED reflect-client
[SwitchC-bgp-default-evpn] peer VTEP enable
[SwitchC-bgp-default-evpn] peer VTEP reflect-client
[SwitchC-bgp-default-evpn] peer VTEP additional-paths send
[SwitchC-bgp-default-evpn] peer VTEP advertise additional-paths best 3
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
(5) 配置Switch D
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF和RIP进程。
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
[SwitchD] pim
[SwitchD-pim] quit
[SwitchD] ospf 1
[SwitchD-ospf-1] area 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
[SwitchD] rip 1
[SwitchD-rip-1] network 3.0.0.0
[SwitchD-rip-1] network 113.0.0.0
[SwitchD-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 3.3.3.3 32
[SwitchD-LoopBack0] rip 1 enable
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] quit
# 在与外部ED连接的接口上配置RIP路由协议,并开启DCI功能。
[SwitchD] interface vlan-interface 3
[SwitchD-Vlan-interface3] rip 1 enable
[SwitchD-Vlan-interface3] dci enable
[SwitchD-Vlan-interface3] quit
# 配置ED设备的虚拟IPv4地址为3.4.5.0。
[SwitchD] evpn edge group 3.4.5.0
# 配置本DC内远端ED的IP地址。
[SwitchD] multicast-vpn vxlan edge remote 4.4.4.4
[SwitchD] multicast-vpn vxlan edge remote 5.5.5.5
# 配置VPN实例a的RD和RT。
[SwitchD] ip vpn-instance a
[SwitchD-vpn-instance-a] route-distinguisher 3:3
[SwitchD-vpn-instance-a] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchD-vpn-instance-a] vpn-target 10:10 export-extcommunity
[SwitchD-vpn-instance-a] quit
# 配置VPN实例b的RD和RT。
[SwitchD] ip vpn-instance b
[SwitchD-vpn-instance-b] route-distinguisher 3:33
[SwitchD-vpn-instance-b] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchD-vpn-instance-b] vpn-target 10:10 export-extcommunity
[SwitchD-vpn-instance-b] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance a
[SwitchD-LoopBack1] ip address 3.3.3.3 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip address 3.4.5.0 32
[SwitchD-LoopBack2] rip 1 enable
[SwitchD-LoopBack2] ospf 1 area 0.0.0.0
[SwitchD-LoopBack2] quit
# 进入VPN实例a的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance a
[SwitchD-pim-a] c-bsr 3.3.3.3
[SwitchD-pim-a] c-rp 3.3.3.3
[SwitchD-pim-a] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为1000。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance a
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例b对应的L3VNI为4000。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance b
[SwitchD-Vsi-interface3] l3-vni 4000
[SwitchD-Vsi-interface3] pim sm
[SwitchD-Vsi-interface3] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchD] multicast routing vpn-instance a
[SwitchD-mrib-a] quit
# 使能VPN实例b的IP组播路由功能。
[SwitchD] multicast routing vpn-instance b
[SwitchD-mrib-b] quit
[SwitchD] pim vpn-instance b
[SwitchD-pim-b] quit
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchD] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchD-mvxlan-a] address-family ipv4
[SwitchD-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchD-mvxlan-a-ipv4] source loopback 0
[SwitchD-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchD-mvxlan-a-ipv4] dci enable
[SwitchD-mvxlan-a-ipv4] quit
[SwitchD-mvxlan-a] quit
# 配置路由策略,使Switch D收到来自于Switch H和Switch I的SMET路由和S-PMSI路由后,不将该路由转发给Switch K;并且,Switch D收到来自于Switch K的SMET路由和S-PMSI路由后,不将该路由转发给Switch Switch H和Switch I。
[SwitchD] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchD] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchD] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchD] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchD] route-policy dc2 deny node 0
[SwitchD-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchD-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchD-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-dc2-1] route-policy dc3 deny node 0
[SwitchD-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchD-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchD-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchD-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchD-route-policy-dc3-1] quit
# 配置路由策略,修改Switch D发往Switch C的S-PMSI路由的下一跳为3.3.3.3。
[SwitchD] route-policy rt_spmsi permit node 0
[SwitchD-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchD-route-policy-rt_spmsi-0] apply ip-address next-hop 3.3.3.3
[SwitchD-route-policy-rt_spmsi-0] route-policy rt_spmsi permit node 1
[SwitchD-route-policy-rt_spmsi-1] quit
# 配置BGP发布EVPN路由,并配置路由重生成功能。Switch C作为反射器。
[SwitchD] bgp 100
[SwitchD-bgp-default] group ED2 external
[SwitchD-bgp-default] peer ED2 as-number 200
[SwitchD-bgp-default] peer ED2 connect-interface LoopBack0
[SwitchD-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchD-bgp-default] peer 6.6.6.6 group ED2
[SwitchD-bgp-default] peer 7.7.7.7 group ED2
[SwitchD-bgp-default] peer 9.9.9.9 as-number 300
[SwitchD-bgp-default] peer 9.9.9.9 connect-interface LoopBack0
[SwitchD-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchD-bgp-default] peer 12.12.12.12 as-number 100
[SwitchD-bgp-default] peer 12.12.12.12 connect-interface LoopBack0
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer ED2 enable
[SwitchD-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchD-bgp-default-evpn] peer ED2 router-mac-local
[SwitchD-bgp-default-evpn] peer ED2 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer ED2 imet replace-rt
[SwitchD-bgp-default-evpn] peer ED2 mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer ED2 smet replace-rt
[SwitchD-bgp-default-evpn] peer ED2 s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchD-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchD-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchD-bgp-default-evpn] peer 9.9.9.9 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 9.9.9.9 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 9.9.9.9 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 9.9.9.9 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 9.9.9.9 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchD-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchD-bgp-default-evpn] peer 12.12.12.12 re-originated replace-rt
[SwitchD-bgp-default-evpn] peer 12.12.12.12 re-originated mac-ip replace-rt
[SwitchD-bgp-default-evpn] peer 12.12.12.12 re-originated imet replace-rt
[SwitchD-bgp-default-evpn] peer 12.12.12.12 re-originated smet replace-rt
[SwitchD-bgp-default-evpn] peer 12.12.12.12 re-originated s-pmsi replace-rt
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
(6) 配置Switch E
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF和RIP进程。
<SwitchE> system-view
[SwitchE] l2vpn enable
[SwitchE] multicast routing
[SwitchE-mrib] quit
[SwitchE] pim
[SwitchE-pim] quit
[SwitchE] ospf 1
[SwitchE-ospf-1] area 0.0.0.0
[SwitchE-ospf-1-area-0.0.0.0] quit
[SwitchE] rip 1
[SwitchE-rip-1] network 4.0.0.0
[SwitchE-rip-1] network 114.0.0.0
[SwitchE-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchE] igmp-snooping
[SwitchE-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchE] interface loopback 0
[SwitchE-LoopBack0] ip address 4.4.4.4 32
[SwitchE-LoopBack0] rip 1 enable
[SwitchE-LoopBack0] ospf 1 area 0.0.0.0
[SwitchE-LoopBack0] quit
# 在与外部ED连接的接口上配置RIP路由协议,并开启DCI功能。
[SwitchE] interface vlan-interface 4
[SwitchE-Vlan-interface4] rip 1 enable
[SwitchE-Vlan-interface4] dci enable
[SwitchE-Vlan-interface4] quit
# 配置ED设备的虚拟IPv4地址为3.4.5.0。
[SwitchE] evpn edge group 3.4.5.0
# 配置VPN实例a的RD和RT。
[SwitchE] ip vpn-instance a
[SwitchE-vpn-instance-a] route-distinguisher 4:4
[SwitchE-vpn-instance-a] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchE-vpn-instance-a] vpn-target 10:10 export-extcommunity
[SwitchE-vpn-instance-a] quit
# 配置VPN实例b的RD和RT。
[SwitchE] ip vpn-instance b
[SwitchE-vpn-instance-b] route-distinguisher 4:44
[SwitchE-vpn-instance-b] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchE-vpn-instance-b] vpn-target 100:100 export-extcommunity
[SwitchE-vpn-instance-b] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchE] interface loopback 1
[SwitchE-LoopBack1] ip binding vpn-instance a
[SwitchE-LoopBack1] ip address 4.4.4.4 32
[SwitchE-LoopBack1] pim sm
[SwitchE-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchE] interface loopback 2
[SwitchE-LoopBack2] ip address 3.4.5.0 32
[SwitchE-LoopBack2] rip 1 enable
[SwitchE-LoopBack2] ospf 1 area 0.0.0.0
[SwitchE-LoopBack2] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为1000。
[SwitchE] interface vsi-interface 2
[SwitchE-Vsi-interface2] ip binding vpn-instance a
[SwitchE-Vsi-interface2] l3-vni 1000
[SwitchE-Vsi-interface2] pim sm
[SwitchE-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例b对应的L3VNI为4000。
[SwitchE] interface vsi-interface 3
[SwitchE-Vsi-interface3] ip binding vpn-instance b
[SwitchE-Vsi-interface3] l3-vni 4000
[SwitchE-Vsi-interface3] pim sm
[SwitchE-Vsi-interface3] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchE] multicast routing vpn-instance a
[SwitchE-mrib-a] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchE] pim vpn-instance a
[SwitchE-pim-a] c-bsr 4.4.4.4
[SwitchE-pim-a] c-rp 4.4.4.4
[SwitchE-pim-a] quit
# 使能VPN实例b的IP组播路由功能。
[SwitchE] multicast routing vpn-instance b
[SwitchE-mrib-b] quit
[SwitchE] pim vpn-instance b
[SwitchE-pim-b] quit
# 配置本DC内远端ED的IP地址。
[SwitchE] multicast-vpn vxlan edge remote 3.3.3.3
[SwitchE] multicast-vpn vxlan edge remote 5.5.5.5
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchE] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchE-mvxlan-a] address-family ipv4
[SwitchE-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchE-mvxlan-a-ipv4] source loopback 0
[SwitchE-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchE-mvxlan-a-ipv4] dci enable
[SwitchE-mvxlan-a-ipv4] quit
[SwitchE-mvxlan-a] quit
# 配置路由策略,使Switch E收到来自于Switch H和Switch I的SMET路由和S-PMSI路由后,不将该路由转发给Switch K;并且,Switch E收到来自于Switch K的SMET路由和S-PMSI路由后,不将该路由转发给Switch H和Switch I。
[SwitchE] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchE] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchE] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchE] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchE] route-policy dc2 deny node 0
[SwitchE-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchE-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchE-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchE-route-policy-dc2-1] route-policy dc3 deny node 0
[SwitchE-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchE-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchE-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchE-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchE-route-policy-dc3-1] quit
# 配置路由策略,修改Switch E发往Switch C的S-PMSI路由的下一跳为4.4.4.4。
[SwitchE] route-policy rt_spmsi permit node 0
[SwitchE-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchE-route-policy-rt_spmsi-0] apply ip-address next-hop 4.4.4.4
[SwitchE] quit
[SwitchE-route-policy-rt_spmsi-0] route-policy rt_spmsi permit node 1
[SwitchE-route-policy-rt_spmsi-1] quit
# 配置BGP发布EVPN路由,并配置路由重生成功能。Switch C作为反射器。
[SwitchE] bgp 100
[SwitchE-bgp-default] group ED2 external
[SwitchE-bgp-default] peer ED2 as-number 200
[SwitchE-bgp-default] peer ED2 connect-interface LoopBack0
[SwitchE-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchE-bgp-default] peer 6.6.6.6 group ED2
[SwitchE-bgp-default] peer 7.7.7.7 group ED2
[SwitchE-bgp-default] peer 9.9.9.9 as-number 300
[SwitchE-bgp-default] peer 9.9.9.9 connect-interface LoopBack0
[SwitchE-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchE-bgp-default] peer 12.12.12.12 as-number 100
[SwitchE-bgp-default] peer 12.12.12.12 connect-interface LoopBack0
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] undo policy vpn-target
[SwitchE-bgp-default-evpn] peer ED2 enable
[SwitchE-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchE-bgp-default-evpn] peer ED2 router-mac-local
[SwitchE-bgp-default-evpn] peer ED2 re-originated replace-rt
[SwitchE-bgp-default-evpn] peer ED2 imet replace-rt
[SwitchE-bgp-default-evpn] peer ED2 mac-ip replace-rt
[SwitchE-bgp-default-evpn] peer ED2 smet replace-rt
[SwitchE-bgp-default-evpn] peer ED2 s-pmsi replace-rt
[SwitchE-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchE-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchE-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchE-bgp-default-evpn] peer 9.9.9.9 re-originated replace-rt
[SwitchE-bgp-default-evpn] peer 9.9.9.9 re-originated mac-ip replace-rt
[SwitchE-bgp-default-evpn] peer 9.9.9.9 re-originated imet replace-rt
[SwitchE-bgp-default-evpn] peer 9.9.9.9 re-originated smet replace-rt
[SwitchE-bgp-default-evpn] peer 9.9.9.9 re-originated s-pmsi replace-rt
[SwitchE-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchE-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchE-bgp-default-evpn] peer 12.12.12.12 re-originated replace-rt
[SwitchE-bgp-default-evpn] peer 12.12.12.12 re-originated mac-ip replace-rt
[SwitchE-bgp-default-evpn] peer 12.12.12.12 re-originated imet replace-rt
[SwitchE-bgp-default-evpn] peer 12.12.12.12 re-originated smet replace-rt
[SwitchE-bgp-default-evpn] peer 12.12.12.12 re-originated s-pmsi replace-rt
[SwitchE-bgp-default-evpn] quit
[SwitchE-bgp-default] quit
(7) 配置Switch F
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF和RIP进程。
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
[SwitchF] pim
[SwitchF-pim] quit
[SwitchF] ospf 1
[SwitchF-ospf-1] area 0.0.0.0
[SwitchF-ospf-1-area-0.0.0.0] quit
[SwitchF] rip 1
[SwitchF-rip-1] network 5.0.0.0
[SwitchF-rip-1] network 115.0.0.0
[SwitchF-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 5.5.5.5 32
[SwitchF-LoopBack0] rip 1 enable
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] quit
# 在与外部ED连接的接口上配置RIP路由协议,并开启DCI功能。
[SwitchF] interface vlan-interface 5
[SwitchF-Vlan-interface5] rip 1 enable
[SwitchF-Vlan-interface5] dci enable
[SwitchF-Vlan-interface5] quit
# 配置VPN实例a的RD和RT。
[SwitchF] ip vpn-instance a
[SwitchF-vpn-instance-a] route-distinguisher 5:5
[SwitchF-vpn-instance-a] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchF-vpn-instance-a] vpn-target 10:10 export-extcommunity
[SwitchF-vpn-instance-a] quit
# 配置VPN实例b的RD和RT。
[SwitchF] ip vpn-instance b
[SwitchF-vpn-instance-b] route-distinguisher 5:55
[SwitchF-vpn-instance-b] vpn-target 10:10 200:200 300:300 import-extcommunity
[SwitchF-vpn-instance-b] vpn-target 100:100 export-extcommunity
[SwitchF-vpn-instance-b] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance a
[SwitchF-LoopBack1] ip address 5.5.5.5 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchF] interface loopback 2
[SwitchF-LoopBack2] ip address 3.4.5.0 32
[SwitchF-LoopBack2] rip 1 enable
[SwitchF-LoopBack2] ospf 1 area 0.0.0.0
[SwitchF-LoopBack2] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为1000。
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance a
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] pim sm
[SwitchF-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例b对应的L3VNI为4000。
[SwitchF] interface vsi-interface 3
[SwitchF-Vsi-interface2] ip binding vpn-instance b
[SwitchF-Vsi-interface2] l3-vni 4000
[SwitchF-Vsi-interface2] pim sm
[SwitchF-Vsi-interface2] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchF] multicast routing vpn-instance a
[SwitchF-mrib-a] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance a
[SwitchF-pim-a] c-bsr 5.5.5.5
[SwitchF-pim-a] c-rp 5.5.5.5
[SwitchF-pim-a] quit
# 使能VPN实例b的IP组播路由功能。
[SwitchF] multicast routing vpn-instance b
[SwitchF-mrib-b] quit
[SwitchF] pim vpn-instance b
[SwitchF-pim-b] quit
# 配置ED设备的虚拟IPv4地址为3.4.5.0。
[SwitchF] evpn edge group 3.4.5.0
# 配置本DC内远端ED的IP地址。
[SwitchF] multicast-vpn vxlan edge remote 3.3.3.3
[SwitchF] multicast-vpn vxlan edge remote 4.4.4.4
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchF] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchF-mvxlan-a] address-family ipv4
[SwitchF-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchF-mvxlan-a-ipv4] source loopback 0
[SwitchF-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchF-mvxlan-a-ipv4] dci enable
[SwitchF-mvxlan-a-ipv4] quit
[SwitchF-mvxlan-a] quit
# 配置路由策略,使Switch F收到来自于Switch H和Switch I的SMET路由和S-PMSI路由后,不将该路由转发给Switch K;并且,Switch D收到来自于Switch K的SMET路由和S-PMSI路由后,不将该路由转发给Switch H和Switch I。
[SwitchF] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchF] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchF] ip prefix-list 2 index 20 permit 7.7.7.7 32
[SwitchF] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchF] route-policy dc2 deny node 0
[SwitchF-route-policy-dc2-0] if-match ip route-source prefix-list 3
[SwitchF-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchF-route-policy-dc2-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-dc2-1] route-policy dc3 deny node 0
[SwitchF-route-policy-dc3-0] if-match ip route-source prefix-list 2
[SwitchF-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchF-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchF-route-policy-dc3-1] if-match ip route-source prefix-list 1
[SwitchF-route-policy-dc3-1] quit
# 配置路由策略,修改Switch D发往Switch C的S-PMSI路由的下一跳为5.5.5.5。
[SwitchF] route-policy rt_spmsi permit node 0
[SwitchF-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchF-route-policy-rt_spmsi-0] apply ip-address next-hop 5.5.5.5
[SwitchF-route-policy-rt_spmsi-0] route-policy rt_spmsi permit node 1
[SwitchF-route-policy-rt_spmsi-1] quit
# 配置BGP发布EVPN路由,并配置路由重生成功能。Switch C作为反射器。
[SwitchF] bgp 100
[SwitchF-bgp-default] group ED2 external
[SwitchF-bgp-default] peer ED2 as-number 200
[SwitchF-bgp-default] peer ED2 connect-interface LoopBack0
[SwitchF-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchF-bgp-default] peer 6.6.6.6 group ED2
[SwitchF-bgp-default] peer 7.7.7.7 group ED2
[SwitchF-bgp-default] peer 9.9.9.9 as-number 300
[SwitchF-bgp-default] peer 9.9.9.9 connect-interface LoopBack0
[SwitchF-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchF-bgp-default] peer 12.12.12.12 as-number 100
[SwitchF-bgp-default] peer 12.12.12.12 connect-interface LoopBack0
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] undo policy vpn-target
[SwitchF-bgp-default-evpn] peer ED2 enable
[SwitchF-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchF-bgp-default-evpn] peer ED2 router-mac-local
[SwitchF-bgp-default-evpn] peer ED2 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer ED2 imet replace-rt
[SwitchF-bgp-default-evpn] peer ED2 mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer ED2 smet replace-rt
[SwitchF-bgp-default-evpn] peer ED2 s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchF-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchF-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchF-bgp-default-evpn] peer 9.9.9.9 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 9.9.9.9 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 9.9.9.9 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 9.9.9.9 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 9.9.9.9 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] peer 12.12.12.12 enable
[SwitchF-bgp-default-evpn] peer 12.12.12.12 route-policy rt_spmsi export
[SwitchF-bgp-default-evpn] peer 12.12.12.12 re-originated replace-rt
[SwitchF-bgp-default-evpn] peer 12.12.12.12 re-originated mac-ip replace-rt
[SwitchF-bgp-default-evpn] peer 12.12.12.12 re-originated imet replace-rt
[SwitchF-bgp-default-evpn] peer 12.12.12.12 re-originated smet replace-rt
[SwitchF-bgp-default-evpn] peer 12.12.12.12 re-originated s-pmsi replace-rt
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
(8) 配置Switch G
# 启动RIP进程。
<SwitchG> system-view
[SwitchG] rip 1
[SwitchG-rip-1] network 113.0.0.0
[SwitchG-rip-1] network 114.0.0.0
[SwitchG-rip-1] network 115.0.0.0
[SwitchG-rip-1] network 116.0.0.0
[SwitchG-rip-1] network 117.0.0.0
[SwitchG-rip-1] network 119.0.0.0
[SwitchG-rip-1] quit
# 在与ED连接的接口上配置RIP路由协议。
[SwitchG] interface vlan-interface 3
[SwitchG-Vlan-interface3] rip 1 enable
[SwitchG-Vlan-interface3] quit
[SwitchG] interface vlan-interface 4
[SwitchG-Vlan-interface4] rip 1 enable
[SwitchG-Vlan-interface4] quit
[SwitchG] interface vlan-interface 5
[SwitchG-Vlan-interface5] rip 1 enable
[SwitchG-Vlan-interface5] quit
[SwitchG] interface vlan-interface 6
[SwitchG-Vlan-interface6] rip 1 enable
[SwitchG-Vlan-interface6] quit
[SwitchG] interface vlan-interface 7
[SwitchG-Vlan-interface7] rip 1 enable
[SwitchG-Vlan-interface7] quit
[SwitchG] interface vlan-interface 9
[SwitchG-Vlan-interface9] rip 1 enable
[SwitchG-Vlan-interface9] quit
(9) 配置Switch H
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF和RIP进程。
<SwitchH> system-view
[SwitchH] l2vpn enable
[SwitchH] multicast routing
[SwitchH-mrib] quit
[SwitchH] pim
[SwitchH-pim] quit
[SwitchH] ospf 1
[SwitchH-ospf-1] area 0.0.0.0
[SwitchH-ospf-1-area-0.0.0.0] quit
[SwitchH] rip 1
[SwitchH-rip-1] network 6.0.0.0
[SwitchH-rip-1] network 116.0.0.0
[SwitchH-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchH] igmp-snooping
[SwitchH-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchH] interface loopback 0
[SwitchH-LoopBack0] ip address 6.6.6.6 32
[SwitchH-LoopBack0] rip 1 enable
[SwitchH-LoopBack0] ospf 1 area 0.0.0.0
[SwitchH-LoopBack0] quit
# 在与外部ED连接的物理口上配置RIP路由协议,并开启DCI功能。
[SwitchH] interface vlan-interface 6
[SwitchH-Vlan-interface6] rip 1 enable
[SwitchH-Vlan-interface6] dci enable
[SwitchH-Vlan-interface6] quit
# 配置VPN实例a的RD和RT。
[SwitchH] ip vpn-instance a
[SwitchH-vpn-instance-a] route-distinguisher 6:6
[SwitchH-vpn-instance-a] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchH-vpn-instance-a] vpn-target 200:200 export-extcommunity
[SwitchH-vpn-instance-a] quit
# 配置VPN实例b的RD和RT。
[SwitchH] ip vpn-instance b
[SwitchH-vpn-instance-b] route-distinguisher 6:66
[SwitchH-vpn-instance-b] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchH-vpn-instance-b] vpn-target 200:200 export-extcommunity
[SwitchH-vpn-instance-b] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchH] interface loopback 1
[SwitchH-LoopBack1] ip binding vpn-instance a
[SwitchH-LoopBack1] ip address 6.6.6.6 32
[SwitchH-LoopBack1] pim sm
[SwitchH-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchH] interface loopback 2
[SwitchH-LoopBack2] ip address 2.2.1.1 32
[SwitchH-LoopBack2] rip 1 enable
[SwitchH-LoopBack2] ospf 1 area 0.0.0.0
[SwitchH-LoopBack2] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为2000。
[SwitchH] interface vsi-interface 2
[SwitchH-Vsi-interface2] ip binding vpn-instance a
[SwitchH-Vsi-interface2] l3-vni 2000
[SwitchH-Vsi-interface2] pim sm
[SwitchH-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例b对应的L3VNI为4000。
[SwitchH] interface vsi-interface 3
[SwitchH-Vsi-interface2] ip binding vpn-instance b
[SwitchH-Vsi-interface2] l3-vni 4000
[SwitchH-Vsi-interface2] pim sm
[SwitchH-Vsi-interface2] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchH] multicast routing vpn-instance a
[SwitchH-mrib-a] quit
# 进入VPN实例a的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchH] pim vpn-instance a
[SwitchH-pim-a] c-bsr 6.6.6.6
[SwitchH-pim-a] c-rp 6.6.6.6
[SwitchH-pim-a] quit
# 使能VPN实例b的IP组播路由功能。
[SwitchH] multicast routing vpn-instance b
[SwitchH-mrib-b] quit
[SwitchH] pim vpn-instance b
[SwitchH-pim-b] quit
# 配置ED设备的虚拟IPv4地址为2.2.1.1。
[SwitchH] evpn edge group 2.2.1.1
# 配置本DC内远端ED的IP地址。
[SwitchH] multicast-vpn vxlan edge remote 7.7.7.7
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchH] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchH-mvxlan-a] address-family ipv4
[SwitchH-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchH-mvxlan-a-ipv4] source loopback 0
[SwitchH-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchH-mvxlan-a-ipv4] dci enable
[SwitchH-mvxlan-a-ipv4] quit
[SwitchH-mvxlan-a] quit
# 配置路由策略,使Switch H收到来自于Switch D、Switch E和Switch F的SMET路由和S-PMSI路由后,不将该路由转发给Switch K;并且,Switch H收到来自于Switch K的SMET路由和S-PMSI路由后,不将该路由转发给Switch D、Switch E和Switch F。
[SwitchH] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchH] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchH] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchH] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchH] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchH] route-policy dc1 deny node 0
[SwitchH-route-policy-dc1-0] if-match ip route-source prefix-list 3
[SwitchH-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchH-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchH-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchH-route-policy-dc1-1] route-policy dc3 deny node 0
[SwitchH-route-policy-dc3-0] if-match ip route-source prefix-list 1
[SwitchH-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchH-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchH-route-policy-dc3-1] if-match ip route-source prefix-list 0
[SwitchH-route-policy-dc3-1] quit
[SwitchH] route-policy rt_spmsi permit node 0
# 配置路由策略,修改Switch H发往Switch J的S-PMSI路由的下一跳为6.6.6.6。
[SwitchH-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchH-route-policy-rt_spmsi-0] apply ip-address next-hop 6.6.6.6
[SwitchH-route-policy-rt_spmsi-0] quit
[SwitchH] route-policy rt_spmsi permit node 1
[SwitchH-route-policy-rt_spmsi-1] quit
# 配置BGP发布EVPN路由,并配置路由重生成功能。
[SwitchH] bgp 200
[SwitchH-bgp-default] group ED1 external
[SwitchH-bgp-default] peer ED1 as-number 100
[SwitchH-bgp-default] peer ED1 connect-interface LoopBack0
[SwitchH-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchH-bgp-default] peer 3.3.3.3 group ED1
[SwitchH-bgp-default] peer 4.4.4.4 group ED1
[SwitchH-bgp-default] peer 5.5.5.5 group ED1
[SwitchH-bgp-default] peer 7.7.7.7 as-number 200
[SwitchH-bgp-default] peer 7.7.7.7 connect-interface LoopBack0
[SwitchH-bgp-default] peer 8.8.8.8 as-number 200
[SwitchH-bgp-default] peer 8.8.8.8 connect-interface LoopBack0
[SwitchH-bgp-default] peer 9.9.9.9 as-number 300
[SwitchH-bgp-default] peer 9.9.9.9 connect-interface LoopBack0
[SwitchH-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchH-bgp-default] address-family l2vpn evpn
[SwitchH-bgp-default-evpn] peer ED1 enable
[SwitchH-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchH-bgp-default-evpn] peer ED1 router-mac-local
[SwitchH-bgp-default-evpn] peer ED1 re-originated mac-ip replace-rt
[SwitchH-bgp-default-evpn] peer ED1 re-originated imet replace-rt
[SwitchH-bgp-default-evpn] peer ED1 re-originated smet replace-rt
[SwitchH-bgp-default-evpn] peer ED1 re-originated s-pmsi replace-rt
[SwitchH-bgp-default-evpn] peer ED1 re-originated replace-rt
[SwitchH-bgp-default-evpn] peer 7.7.7.7 enable
[SwitchH-bgp-default-evpn] peer 7.7.7.7 next-hop-local
[SwitchH-bgp-default-evpn] peer 8.8.8.8 enable
[SwitchH-bgp-default-evpn] peer 8.8.8.8 route-policy rt_spmsi export
[SwitchH-bgp-default-evpn] peer 8.8.8.8 next-hop-local
[SwitchH-bgp-default-evpn] peer 8.8.8.8 re-originated mac-ip replace-rt
[SwitchH-bgp-default-evpn] peer 8.8.8.8 re-originated imet replace-rt
[SwitchH-bgp-default-evpn] peer 8.8.8.8 re-originated smet replace-rt
[SwitchH-bgp-default-evpn] peer 8.8.8.8 re-originated s-pmsi replace-rt
[SwitchH-bgp-default-evpn] peer 8.8.8.8 re-originated replace-rt
[SwitchH-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchH-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchH-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchH-bgp-default-evpn] peer 9.9.9.9 re-originated mac-ip replace-rt
[SwitchH-bgp-default-evpn] peer 9.9.9.9 re-originated imet replace-rt
[SwitchH-bgp-default-evpn] peer 9.9.9.9 re-originated smet replace-rt
[SwitchH-bgp-default-evpn] peer 9.9.9.9 re-originated s-pmsi replace-rt
[SwitchH-bgp-default-evpn] peer 9.9.9.9 re-originated replace-rt
[SwitchH-bgp-default-evpn] quit
[SwitchH-bgp-default] quit
(10) 配置Switch I
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF和RIP进程。
<SwitchI> system-view
[SwitchI] l2vpn enable
[SwitchI] multicast routing
[SwitchI-mrib] quit
[SwitchI] pim
[SwitchI-pim] quit
[SwitchI] ospf 1
[SwitchI-ospf-1] area 0.0.0.0
[SwitchI-ospf-1-area-0.0.0.0] quit
[SwitchI] rip 1
[SwitchI-rip-1] network 7.0.0.0
[SwitchI-rip-1] network 117.0.0.0
[SwitchI-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchI] igmp-snooping
[SwitchI-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchI] interface loopback 0
[SwitchI-LoopBack0] ip address 7.7.7.7 32
[SwitchI-LoopBack0] rip 1 enable
[SwitchI-LoopBack0] ospf 1 area 0.0.0.0
[SwitchI-LoopBack0] quit
# 在与外部ED连接的接口上配置RIP路由协议,并开启DCI功能。
[SwitchI] interface vlan-interface 7
[SwitchI-Vlan-interface7] rip 1 enable
[SwitchI-Vlan-interface7] dci enable
[SwitchI-Vlan-interface7] quit
# 配置VPN实例a的RD和RT。
[SwitchI] ip vpn-instance a
[SwitchI-vpn-instance-a] route-distinguisher 7:7
[SwitchI-vpn-instance-a] vpn-target 20:20 100:100 300:300 import-extcommunity
[SwitchI-vpn-instance-a] vpn-target 20:20 export-extcommunity
[SwitchI-vpn-instance-a] quit
# 配置VPN实例b的RD和RT。
[SwitchI] ip vpn-instance b
[SwitchI-vpn-instance-b] route-distinguisher 7:77
[SwitchI-vpn-instance-b] vpn-target 100:100 300:300 20:20 import-extcommunity
[SwitchI-vpn-instance-b] vpn-target 20:20 export-extcommunity
[SwitchI-vpn-instance-b] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchI] interface loopback 1
[SwitchI-LoopBack1] ip binding vpn-instance a
[SwitchI-LoopBack1] ip address 7.7.7.7 32
[SwitchI-LoopBack1] pim sm
[SwitchI-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchI] interface loopback 2
[SwitchI-LoopBack2] ip address 2.2.1.1 32
[SwitchI-LoopBack2] rip 1 enable
[SwitchI-LoopBack2] ospf 1 area 0.0.0.0
[SwitchI-LoopBack2] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为2000。
[SwitchI] interface vsi-interface 2
[SwitchI-Vsi-interface2] ip binding vpn-instance a
[SwitchI-Vsi-interface2] l3-vni 2000
[SwitchI-Vsi-interface2] pim sm
[SwitchI-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例b对应的L3VNI为4000。
[SwitchI] interface vsi-interface 3
[SwitchI-Vsi-interface3] ip binding vpn-instance b
[SwitchI-Vsi-interface3] l3-vni 4000
[SwitchI-Vsi-interface3] pim sm
[SwitchI-Vsi-interface3] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchI] multicast routing vpn-instance a
[SwitchI-mrib-a] quit
# 进入VPN实例a的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchI] pim vpn-instance a
[SwitchI-pim-a] c-bsr 7.7.7.7
[SwitchI-pim-a] c-rp 7.7.7.7
[SwitchI-pim-a] quit
# 使能VPN实例b的IP组播路由功能。
[SwitchI] multicast routing vpn-instance b
[SwitchI-mrib-b] quit
[SwitchI] pim vpn-instance b
[SwitchI-pim-b] quit
# 配置ED设备的虚拟IPv4地址为2.2.1.1。
[SwitchI] evpn edge group 2.2.1.1
# 配置本DC内远端ED的IP地址。
[SwitchI] multicast-vpn vxlan edge remote 6.6.6.6
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchI] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchI-mvxlan-a] address-family ipv4
[SwitchI-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchI-mvxlan-a-ipv4] source loopback 0
[SwitchI-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchI-mvxlan-a-ipv4] dci enable
[SwitchI-mvxlan-a-ipv4] quit
[SwitchI-mvxlan-a] quit
# 配置路由策略,使Switch I收到来自于Switch D、Switch E和Switch F的SMET路由和S-PMSI路由后,不将该路由转发给Switch K;并且,Switch D收到来自于Switch K的SMET路由和S-PMSI路由后,不将该路由转发给Switch D、Switch E和Switch F。
[SwitchI] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchI] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchI] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchI] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchI] ip prefix-list 3 index 10 permit 9.9.9.9 32
[SwitchI] route-policy dc1 deny node 0
[SwitchI-route-policy-dc1-0] if-match ip route-source prefix-list 3
[SwitchI-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchI-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchI-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchI-route-policy-dc1-1] route-policy dc3 deny node 0
[SwitchI-route-policy-dc3-0] if-match ip route-source prefix-list 1
[SwitchI-route-policy-dc3-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchI-route-policy-dc3-0] route-policy dc3 permit node 1
[SwitchI-route-policy-dc3-1] if-match ip route-source prefix-list 0
[SwitchI-route-policy-dc3-1] quit
# 配置路由策略,修改Switch D发往Switch C的S-PMSI路由的下一跳为7.7.7.7。
[SwitchI] route-policy rt_spmsi permit node 0
[SwitchI-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchI-route-policy-rt_spmsi-0] apply ip-address next-hop 7.7.7.7
[SwitchI-route-policy-rt_spmsi-0] quit
[SwitchI] route-policy rt_spmsi permit node 1
[SwitchI-route-policy-rt_spmsi-1] quit
# 配置BGP发布EVPN路由,并配置路由重生成功能。
[SwitchI] bgp 200
[SwitchI-bgp-default] group ED1 external
[SwitchI-bgp-default] peer ED1 as-number 100
[SwitchI-bgp-default] peer ED1 connect-interface LoopBack0
[SwitchI-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchI-bgp-default] peer 3.3.3.3 group ED1
[SwitchI-bgp-default] peer 4.4.4.4 group ED1
[SwitchI-bgp-default] peer 5.5.5.5 group ED1
[SwitchI-bgp-default] peer 6.6.6.6 as-number 200
[SwitchI-bgp-default] peer 6.6.6.6 connect-interface LoopBack0
[SwitchI-bgp-default] peer 8.8.8.8 as-number 200
[SwitchI-bgp-default] peer 8.8.8.8 connect-interface LoopBack0
[SwitchI-bgp-default] peer 9.9.9.9 as-number 300
[SwitchI-bgp-default] peer 9.9.9.9 connect-interface LoopBack0
[SwitchI-bgp-default] peer 9.9.9.9 ebgp-max-hop 64
[SwitchI-bgp-default] address-family l2vpn evpn
[SwitchI-bgp-default-evpn] peer ED1 enable
[SwitchI-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchI-bgp-default-evpn] peer ED1 router-mac-local
[SwitchI-bgp-default-evpn] peer ED1 re-originated mac-ip replace-rt
[SwitchI-bgp-default-evpn] peer ED1 re-originated imet replace-rt
[SwitchI-bgp-default-evpn] peer ED1 re-originated smet replace-rt
[SwitchI-bgp-default-evpn] peer ED1 re-originated s-pmsi replace-rt
[SwitchI-bgp-default-evpn] peer ED1 re-originated replace-rt
[SwitchI-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchI-bgp-default-evpn] peer 6.6.6.6 next-hop-local
[SwitchI-bgp-default-evpn] peer 8.8.8.8 enable
[SwitchI-bgp-default-evpn] peer 8.8.8.8 route-policy rt_spmsi export
[SwitchI-bgp-default-evpn] peer 8.8.8.8 next-hop-local
[SwitchI-bgp-default-evpn] peer 8.8.8.8 re-originated mac-ip replace-rt
[SwitchI-bgp-default-evpn] peer 8.8.8.8 re-originated imet replace-rt
[SwitchI-bgp-default-evpn] peer 8.8.8.8 re-originated smet replace-rt
[SwitchI-bgp-default-evpn] peer 8.8.8.8 re-originated s-pmsi replace-rt
[SwitchI-bgp-default-evpn] peer 8.8.8.8 re-originated replace-rt
[SwitchI-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchI-bgp-default-evpn] peer 9.9.9.9 route-policy dc3 export
[SwitchI-bgp-default-evpn] peer 9.9.9.9 router-mac-local
[SwitchI-bgp-default-evpn] peer 9.9.9.9 re-originated mac-ip replace-rt
[SwitchI-bgp-default-evpn] peer 9.9.9.9 re-originated imet replace-rt
[SwitchI-bgp-default-evpn] peer 9.9.9.9 re-originated smet replace-rt
[SwitchI-bgp-default-evpn] peer 9.9.9.9 re-originated s-pmsi replace-rt
[SwitchI-bgp-default-evpn] peer 9.9.9.9 re-originated replace-rt
[SwitchI-bgp-default-evpn] quit
[SwitchI-bgp-default] quit
(11) 配置Switch J
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF进程,创建VLAN 33。
<SwitchJ> system-view
[SwitchJ] l2vpn enable
[SwitchJ] multicast routing
[SwitchJ-mrib] quit
[SwitchJ] pim
[SwitchJ-pim] quit
[SwitchJ] ospf 1
[SwitchJ-ospf-1] area 0.0.0.0
[SwitchJ-ospf-1-area-0.0.0.0] quit
[SwitchJ] vlan 33
[SwitchJ-vlan33] quit
# 开启设备的IGMP Snooping功能。
[SwitchJ] igmp-snooping
[SwitchJ-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchJ] interface loopback 0
[SwitchJ-LoopBack0] ip address 8.8.8.8 32
[SwitchJ-LoopBack0] pim sm
[SwitchJ-LoopBack0] ospf 1 area 0.0.0.0
[SwitchJ-LoopBack0] quit
# 配置VPN实例a的RD和RT。
[SwitchJ] ip vpn-instance a
[SwitchJ-vpn-instance-a] route-distinguisher 8:8
[SwitchJ-vpn-instance-a] vpn-target 20:20 import-extcommunity
[SwitchJ-vpn-instance-a] vpn-target 20:20 export-extcommunity
[SwitchJ-vpn-instance-a] quit
# 配置VSI虚接口VSI-interface1。
[SwitchJ] interface vsi-interface 1
[SwitchJ-Vsi-interface1] ip binding vpn-instance a
[SwitchJ-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchJ-Vsi-interface1] pim sm
[SwitchJ-Vsi-interface1] igmp enable
[SwitchJ-Vsi-interface1] mac-address 0001-0001-0001
[SwitchJ-Vsi-interface1] distributed-gateway local
[SwitchJ-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为2000。
[SwitchJ] interface vsi-interface 2
[SwitchJ-Vsi-interface2] ip binding vpn-instance a
[SwitchJ-Vsi-interface2] l3-vni 2000
[SwitchJ-Vsi-interface2] pim sm
[SwitchJ-Vsi-interface2] quit
# 在VSI实例1下创建EVPN实例。
[SwitchJ] vsi 1
[SwitchJ-vsi-1] evpn encapsulation vxlan
[SwitchJ-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchJ-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchJ-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity [SwitchJ-vsi-1-evpn-vxlan] quit
# 在VSI实例vpna内使能IGMP Snooping。
[SwitchJ-vsi-1] igmp-snooping enable
# 创建VXLAN 10。
[SwitchJ-vsi-1] vxlan 10
[SwitchJ-vsi-1-vxlan-10] quit
# 配置BGP发布EVPN路由。
[SwitchJ] bgp 200
[SwitchJ-bgp-default] group ed internal
[SwitchJ-bgp-default] peer ed connect-interface LoopBack0
[SwitchJ-bgp-default] peer 6.6.6.6 group ed
[SwitchJ-bgp-default] peer 7.7.7.7 group ed
[SwitchJ-bgp-default] address-family l2vpn evpn
[SwitchJ-bgp-default-evpn] peer ed enable
[SwitchJ-bgp-default-evpn] peer ed next-hop-local
[SwitchJ-bgp-default-evpn] peer ed additional-paths receive
[SwitchJ-bgp-default-evpn] quit
[SwitchJ-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例33,该实例用来匹配VLAN 33的数据帧。
[SwitchJ] interface ten-gigabitethernet 1/0/1
[SwitchJ-Ten-GigabitEthernet1/0/1] port link-mode bridge
[SwitchJ-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchJ-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 33
[SwitchJ-Ten-GigabitEthernet1/0/1] service-instance 33
[SwitchJ-Ten-GigabitEthernet1/0/1-srv33] encapsulation s-vid 33
# 配置以太网服务实例33与VSI实例1关联。
[SwitchJ-Ten-GigabitEthernet1/0/1-srv33] xconnect vsi 1
[SwitchJ-Ten-GigabitEthernet1/0/1-srv33] quit
[SwitchJ-Ten-GigabitEthernet1/0/1] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchJ] multicast routing vpn-instance a
[SwitchJ-mrib-a] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchJ] pim vpn-instance a
[SwitchJ-pim-a] c-bsr 8.8.8.8
[SwitchJ-pim-a] c-rp 8.8.8.8
[SwitchJ-pim-a] quit
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。
[SwitchJ] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchJ-mvxlan-a] address-family ipv4
[SwitchJ-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchJ-mvxlan-a-ipv4] source loopback 0
[SwitchJ-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchJ-mvxlan-a-ipv4] s-pmsi advertise source-active
[SwitchJ-mvxlan-a-ipv4] quit
[SwitchJ-mvxlan-a] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchJ] interface loopback 1
[SwitchJ-LoopBack1] ip binding vpn-instance a
[SwitchJ-LoopBack1] ip address 8.8.8.8 32
[SwitchJ-LoopBack1] pim sm
[SwitchJ-LoopBack1] quit
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchJ] vsi 1
[SwitchJ-vsi-1] gateway vsi-interface 1
[SwitchJ-vsi-1] quit
(12) 配置Switch K
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF和RIP进程。
<SwitchK> system-view
[SwitchK] l2vpn enable
[SwitchK] multicast routing
[SwitchK-mrib] quit
[SwitchK] pim
[SwitchK-pim] quit
[SwitchK] ospf 1
[SwitchK-ospf-1] area 0.0.0.0
[SwitchK-ospf-1-area-0.0.0.0] quit
[SwitchK] rip 1
[SwitchK-rip-1] network 9.0.0.0
[SwitchK-rip-1] network 119.0.0.0
[SwitchK-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchK] igmp-snooping
[SwitchK-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchK] interface loopback 0
[SwitchK-LoopBack0] ip address 9.9.9.9 32
[SwitchK-LoopBack0] rip 1 enable
[SwitchK-LoopBack0] ospf 1 area 0.0.0.0
[SwitchK-LoopBack0] quit
# 在与外部ED连接的物理口上配置RIP路由协议,并开启DCI功能。
[SwitchK] interface vlan-interface 9
[SwitchK-Vlan-interface9] rip 1 enable
[SwitchK-Vlan-interface9] dci enable
[SwitchK-Vlan-interface9] quit
# 配置VPN实例a的RD和RT。
[SwitchK] ip vpn-instance a
[SwitchK-vpn-instance-a] route-distinguisher 9:9
[SwitchK-vpn-instance-a] vpn-target 30:30 100:100 200:200 import-extcommunity
[SwitchK-vpn-instance-a] vpn-target 30:30 export-extcommunity
[SwitchK-vpn-instance-a] quit
# 配置VPN实例b的RD和RT。
[SwitchK] ip vpn-instance b
[SwitchK-vpn-instance-b] route-distinguisher 9:99
[SwitchK-vpn-instance-b] vpn-target 30:30 100:100 200:200 import-extcommunity
[SwitchK-vpn-instance-b] vpn-target 300:300 export-extcommunity
[SwitchK-vpn-instance-b] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchK] interface loopback 1
[SwitchK-LoopBack1] ip binding vpn-instance a
[SwitchK-LoopBack1] ip address 9.9.9.9 32
[SwitchK-LoopBack1] pim sm
[SwitchK-LoopBack1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为3000。
[SwitchK] interface vsi-interface 2
[SwitchK-Vsi-interface2] ip binding vpn-instance a
[SwitchK-Vsi-interface2] l3-vni 3000
[SwitchK-Vsi-interface2] pim sm
[SwitchK-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例b对应的L3VNI为4000。
[SwitchI] interface vsi-interface 3
[SwitchI-Vsi-interface3] ip binding vpn-instance b
[SwitchI-Vsi-interface3] l3-vni 4000
[SwitchI-Vsi-interface3] pim sm
[SwitchI-Vsi-interface3] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchK] multicast routing vpn-instance a
[SwitchK-mrib-a] quit
# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchK] pim vpn-instance a
[SwitchK-pim-a] c-bsr 9.9.9.9
[SwitchK-pim-a] c-rp 9.9.9.9
[SwitchK-pim-a] quit
# 使能VPN实例b的IP组播路由功能。
[SwitchK] multicast routing vpn-instance b
[SwitchK-mrib-b] quit
[SwitchK] pim vpn-instance b
[SwitchK-pim-b] quit
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchK] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchK-mvxlan-a] address-family ipv4
[SwitchK-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchK-mvxlan-a-ipv4] source loopback 0
[SwitchK-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchK-mvxlan-a-ipv4] dci enable
[SwitchK-mvxlan-a-ipv4] quit
[SwitchK-mvxlan-a] quit
# 配置路由策略,使Switch K收到来自于Switch H和Switch I的SMET路由和S-PMSI路由后,不将该路由转发给Switch D、Switch E和Switch F;并且,Switch D收到来自于Switch D、Switch E和Switch F的SMET路由和S-PMSI路由后,不将该路由转发给Switch Switch H和Switch I。
[SwitchK] ip prefix-list 0 index 10 permit 0.0.0.0 0 less-equal 32
[SwitchK] ip prefix-list 1 index 10 permit 3.3.3.3 32
[SwitchK] ip prefix-list 1 index 20 permit 4.4.4.4 32
[SwitchK] ip prefix-list 1 index 30 permit 5.5.5.5 32
[SwitchK] ip prefix-list 2 index 10 permit 6.6.6.6 32
[SwitchK] ip prefix-list 2 index 10 permit 7.7.7.7 32
[SwitchK] route-policy dc1 deny node 0
[SwitchK-route-policy-dc1-0] if-match ip route-source prefix-list 2
[SwitchK-route-policy-dc1-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchK-route-policy-dc1-0] route-policy dc1 permit node 1
[SwitchK-route-policy-dc1-1] if-match ip route-source prefix-list 0
[SwitchK-route-policy-dc1-1] route-policy dc2 deny node 0
[SwitchK-route-policy-dc2-0] if-match ip route-source prefix-list 1
[SwitchK-route-policy-dc2-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi
[SwitchK-route-policy-dc2-0] route-policy dc2 permit node 1
[SwitchK-route-policy-dc2-1] if-match ip route-source prefix-list 0
[SwitchK-route-policy-dc2-1] quit
# 配置BGP发布EVPN路由。并配置路由重生成功能。
[SwitchK] bgp 300
[SwitchK-bgp-default] group ED1 external
[SwitchK-bgp-default] peer ED1 as-number 100
[SwitchK-bgp-default] peer ED1 connect-interface LoopBack0
[SwitchK-bgp-default] peer ED1 ebgp-max-hop 64
[SwitchK-bgp-default] group ED2 external
[SwitchK-bgp-default] peer ED2 as-number 200
[SwitchK-bgp-default] peer ED2 connect-interface LoopBack0
[SwitchK-bgp-default] peer ED2 ebgp-max-hop 64
[SwitchK-bgp-default] peer 3.3.3.3 group ED1
[SwitchK-bgp-default] peer 4.4.4.4 group ED1
[SwitchK-bgp-default] peer 5.5.5.5 group ED1
[SwitchK-bgp-default] peer 6.6.6.6 group ED2
[SwitchK-bgp-default] peer 7.7.7.7 group ED2
[SwitchK-bgp-default] peer 10.10.10.10 as-number 300
[SwitchK-bgp-default] peer 10.10.10.10 connect-interface LoopBack0
[SwitchK-bgp-default] address-family l2vpn evpn
[SwitchK-bgp-default-evpn] peer ED1 enable
[SwitchK-bgp-default-evpn] peer ED1 route-policy dc1 export
[SwitchK-bgp-default-evpn] peer ED1 router-mac-local
[SwitchK-bgp-default-evpn] peer ED1 re-originated replace-rt
[SwitchK-bgp-default-evpn] peer ED1 re-originated mac-ip replace-rt
[SwitchK-bgp-default-evpn] peer ED1 re-originated imet replace-rt
[SwitchK-bgp-default-evpn] peer ED1 re-originated smet replace-rt
[SwitchK-bgp-default-evpn] peer ED1 re-originated s-pmsi replace-rt
[SwitchK-bgp-default-evpn] peer ED2 enable
[SwitchK-bgp-default-evpn] peer ED2 route-policy dc2 export
[SwitchK-bgp-default-evpn] peer ED2 router-mac-local
[SwitchK-bgp-default-evpn] peer ED2 re-originated replace-rt
[SwitchK-bgp-default-evpn] peer ED2 re-originated mac-ip replace-rt
[SwitchK-bgp-default-evpn] peer ED2 re-originated imet replace-rt
[SwitchK-bgp-default-evpn] peer ED2 re-originated smet replace-rt
[SwitchK-bgp-default-evpn] peer ED2 re-originated s-pmsi replace-rt
[SwitchK-bgp-default-evpn] peer 10.10.10.10 enable
[SwitchK-bgp-default-evpn] peer 10.10.10.10 next-hop-local
[SwitchK-bgp-default-evpn] peer 10.10.10.10 re-originated replace-rt
[SwitchK-bgp-default-evpn] peer 10.10.10.10 re-originated mac-ip replace-rt
[SwitchK-bgp-default-evpn] peer 10.10.10.10 re-originated imet replace-rt
[SwitchK-bgp-default-evpn] peer 10.10.10.10 re-originated smet replace-rt
[SwitchK-bgp-default-evpn] peer 10.10.10.10 re-originated s-pmsi replace-rt
[SwitchK-bgp-default-evpn] quit
[SwitchK-bgp-default] quit
(13) 配置Switch L
# 开启L2VPN能力,使能IP组播路由功能,开启OSPF进程,创建VLAN 44。
<SwitchL> system-view
[SwitchL] l2vpn enable
[SwitchL] multicast routing
[SwitchL-mrib] quit
[SwitchL] pim
[SwitchL-pim] quit
[SwitchL] ospf 1
[SwitchL-ospf-1] area 0.0.0.0
[SwitchL-ospf-1-area-0.0.0.0]quit
[SwitchL] vlan 44
[SwitchL-vlan44] quit
# 开启设备的IGMP Snooping功能。
[SwitchL] igmp-snooping
[SwitchL-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchL] interface loopback 0
[SwitchL-LoopBack0] ip address 10.10.10.10 32
[SwitchL-LoopBack0] pim sm
[SwitchL-LoopBack0] ospf 1 area 0.0.0.0
[SwitchL-LoopBack0] quit
# 配置VPN实例a的RD和RT。
[SwitchL] ip vpn-instance a
[SwitchL-vpn-instance-a] route-distinguisher 10:10
[SwitchL-vpn-instance-a] vpn-target 30:30 import-extcommunity
[SwitchL-vpn-instance-a] vpn-target 30:30 export-extcommunity
[SwitchL-vpn-instance-a] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchL] interface loopback 1
[SwitchL-LoopBack1] ip binding vpn-instance a
[SwitchL-LoopBack1] ip address 10.10.10.10 32
[SwitchL-LoopBack1] pim sm
[SwitchL-LoopBack1] quit
# 配置VSI虚接口VSI-interface1。
[SwitchL] interface vsi-interface 1
[SwitchL-Vsi-interface1] ip binding vpn-instance a
[SwitchL-Vsi-interface1] ip address 10.0.0.1 255.255.255.0
[SwitchL-Vsi-interface1] pim sm
[SwitchL-Vsi-interface1] igmp enable
[SwitchL-Vsi-interface1] mac-address 0001-0001-0001
[SwitchL-Vsi-interface1] distributed-gateway local
[SwitchL-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例a对应的L3VNI为3000。
[SwitchL] interface vsi-interface 2
[SwitchL-Vsi-interface2] ip binding vpn-instance a
[SwitchL-Vsi-interface2] l3-vni 3000
[SwitchL-Vsi-interface2] pim sm
[SwitchL-Vsi-interface2] quit
# 在VSI实例1下创建EVPN实例。
[SwitchL] vsi 1
[SwitchL-vsi-1] evpn encapsulation vxlan
[SwitchL-vsi-1-evpn-vxlan] route-distinguisher auto
[SwitchL-vsi-1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchL-vsi-1-evpn-vxlan] vpn-target auto import-extcommunity [SwitchL-vsi-1-evpn-vxlan] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchL] vsi 1
[SwitchL-vsi-1] gateway vsi-interface 1
[SwitchL-vsi-1] quit
# 在VSI实例vpna内使能IGMP Snooping。
[SwitchL-vsi-1] igmp-snooping enable
# 创建VXLAN 10。
[SwitchL-vsi-1] vxlan 10
[SwitchL-vsi-1-vxlan-10] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/2上创建以太网服务实例44,该实例用来匹配VLAN44的数据帧。
[SwitchL] interface ten-gigabitethernet 1/0/2
[SwitchL-Ten-GigabitEthernet1/0/2] port link-mode bridge
[SwitchL-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchL-Ten-GigabitEthernet1/0/2] port trunk permit vlan 1 44
[SwitchL-Ten-GigabitEthernet1/0/2] service-instance 44
[SwitchL-Ten-GigabitEthernet1/0/2-srv44] encapsulation s-vid 44
# 配置以太网服务实例44与VSI实例1关联。
[SwitchL-Ten-GigabitEthernet1/0/2-srv44] xconnect vsi 1
[SwitchL-Ten-GigabitEthernet1/0/2-srv44] quit
[SwitchL-Ten-GigabitEthernet1/0/2] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchL] multicast routing vpn-instance a
[SwitchL-mrib-a] quit
# 进入VPN实例a的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchL] pim vpn-instance a
[SwitchL-pim-a] c-bsr 10.10.10.10
[SwitchL-pim-a] c-rp 10.10.10.10
[SwitchL-pim-a] quit
# 创建VPN实例a的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。
[SwitchL] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchL-mvxlan-a] address-family ipv4
[SwitchL-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchL-mvxlan-a-ipv4] source loopback 0
[SwitchL-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchL-mvxlan-a-ipv4] s-pmsi advertise source-active
[SwitchL-mvxlan-a-ipv4] quit
[SwitchL-mvxlan-a] quit
# 配置BGP发布EVPN路由。
[SwitchL] bgp 300
[SwitchL-bgp-default] peer 9.9.9.9 as-number 300
[SwitchL-bgp-default] peer 9.9.9.9 connect-interface LoopBack0
[SwitchL-bgp-default] address-family l2vpn evpn
[SwitchL-bgp-default-evpn] peer 9.9.9.9 enable
[SwitchL-bgp-default-evpn] peer 9.9.9.9 next-hop-local
[SwitchL-bgp-default-evpn] quit
[SwitchL-bgp-default] quit
(1) 查看Leaf层设备上的组播路由信息。
# 查看Switch A上VPN实例a和公网的组播路由信息。
<SwitchA> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:00:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 00:00:31, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 00:00:32
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 00:00:26, Expires: -
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 6 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:03:31
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 00:01:53, Expires: 00:02:38
(2.2.2.2, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -
(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:53
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:53, Expires: -
(4.4.4.4, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -
(5.5.5.5, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -
(1.1.1.1, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:00:51
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 00:00:51, Expires: 00:02:40
# 查看Switch J上VPN实例a和公网的组播路由信息。(Switch B和Switch L的显示信息与此类似)
<SwitchJ> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 8.8.8.8 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:12:32
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface1
Protocol: igmp, UpTime: 00:12:32, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:12:31, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 8.8.8.8 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:12:30
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:12:21, Expires: -
<SwitchJ> display pim routing-table
Total 0 (*, G) entries; 5 (S, G) entries
(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:19:27
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.68
RPF prime neighbor: 68.68.68.68
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:19:27, Expires: -
(7.7.7.7, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:19:29
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.78
RPF prime neighbor: 78.78.78.78
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:19:29, Expires: -
(8.8.8.8, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:20:26
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vlan-interface200
Protocol: pim-sm, UpTime: 00:19:29, Expires: 00:02:31
2: Vlan-interface300
Protocol: pim-sm, UpTime: 00:19:27, Expires: 00:02:56
(6.6.6.6, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:18:04
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.68
RPF prime neighbor: 68.68.68.68
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:18:04, Expires: -
(7.7.7.7, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:18:04
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.78
RPF prime neighbor: 78.78.78.78
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:18:04, Expires: -
(2) 查看ED层设备上的组播路由信息。
# 查看Switch D上VPN实例a、b和公网的组播路由信息。(Switch E和Switch F的显示信息与此类似)
<SwitchD> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:20:48
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:20:48, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:20:48, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:00:18
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Extranet (VPN: b)
Protocol: MD, UpTime: 00:00:18, Expires: -
[SwitchD]display pim vpn-instance b routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF
UpTime: 00:00:12
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 00:00:12, Expires: -
(10.0.0.2, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN
UpTime: 00:00:12
Upstream interface: Extranet (VPN: a)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 00:00:12, Expires: -
<SwitchD> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:23:32
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:23:32, Expires: -
(2.2.2.2, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:23:27
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:23:27, Expires: -
(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:25:33
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface30
Protocol: pim-sm, UpTime: 00:23:32, Expires: 00:02:58
(1.1.1.1, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:22:31
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:22:31, Expires: -
# 查看Switch D上二层组播路由信息。(Switch F的显示信息与此类似)
<SwichD> display igmp-snooping evpn-group
Total 0 entries.
# 查看Switch E上二层组播路由信息,可以看到Switch E上存在二层组播路由信息,说明由Switch E转发组播流量。
<SwichE> display igmp-snooping evpn-group
Total 2 entries.
VSI Auto_L3VNI4000_3: Total 2 entries.
(0.0.0.0, 225.0.0.1)
Host ports (2 in total):
Tun0 (VXLAN ID 4000)
Tun1 (VXLAN ID 4000)
(10.0.0.2, 225.0.0.1)
Host ports (2 in total):
Tun0 (VXLAN ID 4000)
Tun1 (VXLAN ID 4000)
# 查看Switch H上VPN实例a和公网的组播路由信息,可以看出流量由Switch H转发到DC 2。
<SwitchH> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries
(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:35:01
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface300
Protocol: pim-sm, UpTime: 00:33:54, Expires: 00:02:52
(8.8.8.8, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:33:54
Upstream interface: Vlan-interface300
Upstream neighbor: 68.68.68.86
RPF prime neighbor: 68.68.68.86
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:33:54, Expires: -
(6.6.6.6, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:32:39
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface300
Protocol: pim-sm, UpTime: 00:32:39, Expires: 00:03:13
<SwitchH> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 6.6.6.6 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:05:35
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 00:05:35, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 6.6.6.6 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT SQ RC SRC-ACT 2MVPN
UpTime: 00:05:35
Upstream interface: Extranet (VPN: b)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 00:05:33, Expires: -
<SwitchH> display pim vpn-instance b routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF
UpTime: 00:05:40
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 00:05:40, Expires: -
(10.0.0.2, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT SRC-ACT FROMDCI
UpTime: 00:05:40
Upstream interface: Vsi-interface3
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Extranet (VPN: a)
Protocol: MD, UpTime: 00:05:40, Expires: -
# 查看Switch I上VPN实例a、b和公网的组播路由信息。
<SwitchI> display pim routing-table
Total 0 (*, G) entries; 3 (S, G) entries
(7.7.7.7, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:35:43
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface200
Protocol: pim-sm, UpTime: 00:34:09, Expires: 00:03:21
(8.8.8.8, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:34:09
Upstream interface: Vlan-interface200
Upstream neighbor: 78.78.78.87
RPF prime neighbor: 78.78.78.87
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:34:09, Expires: -
(7.7.7.7, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:32:51
Upstream interface: MTunnel1 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface200
Protocol: pim-sm, UpTime: 00:32:51, Expires: 00:02:48
<SwitchI> display pim vpn-instance a routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:08:06
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 00:08:06, Expires: -
(10.0.0.2, 225.0.0.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: SPT 2MSDP SQ RC SRC-ACT
UpTime: 00:08:06
Upstream interface: Extranet (VPN: b)
Upstream neighbor: 127.0.0.1
RPF prime neighbor: 127.0.0.1
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 00:07:57, Expires: -
<SwitchI> display pim vpn-instance b routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: WC NIIF
UpTime: 00:08:10
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface3
Protocol: MD, UpTime: 00:08:10, Expires: -
(10.0.0.2, 225.0.0.1)
RP: NULL
Protocol: pim-sm, Flag: SPT NIIF SRC-ACT
UpTime: 00:08:10
Upstream interface: NULL
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface3
Protocol: MD, UpTime: 00:08:10, Expires: -
2: Extranet (VPN: a)
Protocol: MD, UpTime: 00:08:10, Expires: -
Switch A为DC 1的VTEP设备,用于用户的接入。Switch B为路由反射器,用于在DC 1内反射路由。Switch C和Switch D为DC 1的ED设备,用于DC间的互联。Switch C和Switch D组成M-LAG系统,以提高网络的可靠性。Switch F为DC 2的ED设备,用于DC间的互联。Switch E为普通三层交换机,实现ED间路由可达。Switch G为DC 2的VTEP设备,用于用户的接入。DC 1和DC 2内均使用L3VNI 1000。
Switch A~Switch G连接DC内设备的公网接口上均配置PIM-SM,Switch A、SwitchC上使能IGMP Snooping功能,用于建立组播转发表项。连接DC外设备的公网接口不需要使能PIM-SM。
Switch A连接组播源,Switch G连接组播接收者。组播接收者可接收来自组播源的组播流量。
图3-9 双DC跨数据中心三层组播ED支持M-LAG配置组网图(不同DC相同L3VNI)
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
Switch A |
Loop0 |
1.1.1.1/32 |
Switch B |
Loop0 |
2.2.2.2/32 |
|
|
Loop1 |
1.1.1.1/32 |
|
Vlan-int10 |
121.121.121.12/24 |
|
|
Vlan-int10 |
121.121.121.1/24 |
|
Vlan-int30 |
123.123.123.12/24 |
|
|
VSI-int1 |
100.1.1.1/24 |
|
Vlan-int50 |
124.124.124.12/24 |
|
Switch C |
Loop0 |
3.3.3.3/32 |
Swtich D |
Loop0 |
4.4.4.4/32 |
|
|
Loop1 |
3.3.3.3/32 |
|
Loop1 |
4.4.4.4/32 |
|
|
Loop2 |
1.2.3.4/32 |
|
Loop2 |
1.2.3.4/32 |
|
|
Vlan-int3 |
23.23.23.3/24 |
|
Vlan-int5 |
24.24.24.4/24 |
|
|
Vlan-int30 |
123.123.123.3/24 |
|
Vlan-int50 |
124.124.124.4/24 |
|
Swtich E |
Loop0 |
5.5.5.5/32 |
Swtich F |
Loop0 |
6.6.6.6/32 |
|
|
Vlan-int3 |
23.23.23.5/24 |
|
Loop1 |
6.6.6.6/32 |
|
|
Vlan-int5 |
24.24.24.5/24 |
|
Vlan-int6 |
26.26.26.6/24 |
|
|
Vlan-int6 |
26.26.26.5/24 |
|
Vlan-int20 |
68.68.68.68/24 |
|
Swtich G |
Loop0 |
7.7.7.7/32 |
|
|
|
|
|
Loop1 |
7.7.7.7/32 |
|
|
|
|
|
Vlan-int20 |
68.68.68.7/24 |
|
|
|
|
|
VSI-int1 |
100.1.2.1/24 |
|
|
|
(1) 配置IP地址、单播路由协议和PIM SM协议
# 在Source上指定网关地址为100.1.1.1;在Receiver上指定网关地址为100.1.2.1。(具体配置过程略)
# 配置各接口的IP地址和子网掩码;在DC内配置OSPF协议,确保DC内的路由器之间路由可达。(具体配置过程略)
# 在DC内设备间相连的VLAN接口上使能PIM SM。ED间相连的VLAN接口上不能使能PIM SM。如果ED间的接口上已使能了PIM SM功能,则需要执行pim bsr-boundary命令将ED配置为BSR的服务边界。(具体配置过程略)
(2) 配置Switch A
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF进程。
<SwitchA> system-view
[SwitchA] l2vpn enable
[SwitchA] multicast routing
[SwitchA-mrib] quit
[SwitchA] pim
[SwitchA-pim] quit
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] quit
# 开启设备的IGMP Snooping功能。
[SwitchA] igmp-snooping
[SwitchA-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] ospf 1 area 0.0.0.0
[SwitchA-LoopBack0] pim sm
# 在VSI实例vsi1下创建EVPN实例。
[SwitchA] vsi vsi1
[SwitchA-vsi-vsi1] evpn encapsulation vxlan
[SwitchA-vsi-vsi1-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vsi1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchA-vsi-vsi1-evpn-vxlan] vpn-target auto import-extcommunity [SwitchA-vsi-vsi1-evpn-vxlan] quit
# 在VSI实例vsi1内使能IGMP Snooping。
[SwitchA-vsi-vsi1] igmp-snooping enable
# 创建VXLAN 10。
[SwitchA-vsi-vsi1] vxlan 10
[SwitchA-vsi-vsi1-vxlan-10] quit
[SwitchA-vsi-vsi1] quit
# 配置BGP发布EVPN路由。并使能与对等体的Add-Path接收能力。
[SwitchA] bgp 100
[SwitchA-bgp-default] peer 2.2.2.2 as-number 100
[SwitchA-bgp-default] peer 2.2.2.2 connect-interface LoopBack0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchA-bgp-default-evpn] peer 2.2.2.2 additional-paths receive
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入组播源的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例11,该实例用来匹配VLAN 11的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-mode bridge
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 11
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 11
[SwitchA-Ten-GigabitEthernet1/0/1-srv11] encapsulation s-vid 11
# 配置以太网服务实例11与VSI实例vsi1关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv11] xconnect vsi vsi1
[SwitchA-Ten-GigabitEthernet1/0/1-srv11] quit
# 配置VPN实例vpna的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] vpn-target 1:1 import-extcommunity
[SwitchA-vpn-instance-vpna] vpn-target 1:1 export-extcommunity
[SwitchA-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 100.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] pim sm
[SwitchA-Vsi-interface1] igmp enable
[SwitchA-Vsi-interface1] mac-address 0001-0001-0001
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] pim sm
[SwitchA-Vsi-interface2] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchA] multicast routing vpn-instance vpna
[SwitchA-mrib-vpna] quit
# 进入VPN实例vpna的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchA] pim vpn-instance vpna
[SwitchA-pim-vpna] c-bsr 1.1.1.1
[SwitchA-pim-vpna] c-rp 1.1.1.1
[SwitchA-pim-vpna] quit
# 创建VPN实例vpna的MVXLAN,并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。
[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchA-mvxlan-vpna] address-family ipv4
[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.0
[SwitchA-mvxlan-vpna-ipv4] source loopback 0
[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.0.0 24
[SwitchA-mvxlan-vpna-ipv4] s-pmsi advertise source-active
[SwitchA-mvxlan-vpna-ipv4] quit
[SwitchA-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchA] interface loopback 1
[SwitchA-LoopBack1] ip binding vpn-instance vpna
[SwitchA-LoopBack1] ip address 1.1.1.1 32
[SwitchA-LoopBack1] pim sm
[SwitchA-LoopBack1] quit
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vsi1
[SwitchA-vsi-vsi1] gateway vsi-interface 1
[SwitchA-vsi-vsi1] quit
(3) 配置Switch B
# 使能IP组播路由功能,并启动OSPF进程。
<SwitchB> system-view
[SwitchB] multicast routing
[SwitchB-mrib] quit
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchB] interface loopback 0
[SwitchB-LoopBack0] ip address 2.2.2.2 32
[SwitchB-LoopBack0] ospf 1 area 0.0.0.0
[SwitchB-LoopBack0] pim sm
# 配置BGP发布EVPN路由。对于Switch A,开启Add-Path发送能力,并配置向对等体Switch A发送Add-Path优选路由的最大条数为2(最大条数不能小于与ED对等体的个数)。
[SwitchB] bgp 100
[SwitchB-bgp-default] group evpn internal
[SwitchB-bgp-default] peer evpn connect-interface loopback 0
[SwitchB-bgp-default] group vtep internal
[SwitchB-bgp-default] peer vtep connect-interface loopback 0
[SwitchB-bgp-default] peer 1.1.1.1 group vtep
[SwitchB-bgp-default] peer 3.3.3.3 group evpn
[SwitchB-bgp-default] peer 4.4.4.4 group evpn
[SwitchB-bgp-default-evpn] undo policy vpn-target
[SwitchB-bgp-default-evpn] additional-paths select-best 2
[SwitchB-bgp-default-evpn] peer evpn enable
[SwitchB-bgp-default-evpn] peer evpn reflect-client
[SwitchB-bgp-default-evpn] peer vtep enable
[SwitchB-bgp-default-evpn] peer vtep reflect-client
[SwitchB-bgp-default-evpn] peer vtep additional-paths send
[SwitchB-bgp-default-evpn] peer vtep advertise additional-paths best 2
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
(4) 配置Switch C
# 开启L2VPN能力,使能IP组播路由功能,并启动OSPF和RIP进程。
<SwitchC> system-view
[SwitchC] l2vpn enable
[SwitchC] multicast routing
[SwitchC-mrib] quit
[SwitchC] pim
[SwitchC-pim] quit
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
[SwitchC] rip 1
[SwitchC-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchC] igmp-snooping
[SwitchC-igmp-snooping] quit
# 在与外部ED连接的物理口上配置RIP路由协议,并开启DCI功能。
[SwitchC] interface ten-gigabitethernet 1/0/3
[SwitchC-Ten-GigabitEthernet1/0/3] rip 1 enable
[SwitchC-Ten-GigabitEthernet1/0/3] dci enable
[SwitchC-Ten-GigabitEthernet1/0/3] quit
# 开启EVPN的分布式聚合模式,并配置虚拟ED地址为1.2.3.4。
[SwitchC] evpn m-lag group 1.2.3.4
# 配置VPN实例vpna的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 3:3
[SwitchC-vpn-instance-vpna] vpn-target 1:1 import-extcommunity
[SwitchC-vpn-instance-vpna] vpn-target 1:1 export-extcommunity
[SwitchC-vpn-instance-vpna] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchC] interface loopback 0
[SwitchC-LoopBack0] ip address 3.3.3.3 32
[SwitchC-LoopBack0] ospf 1 area 0.0.0.0
[SwitchC-LoopBack0] rip 1 enable
[SwitchC-LoopBack0] pim sm
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchC] interface loopback 1
[SwitchC-LoopBack1] ip binding vpn-instance vpna
[SwitchC-LoopBack1] ip address 3.3.3.3 32
[SwitchC-LoopBack1] pim sm
[SwitchC-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchC] interface loopback 2
[SwitchC-LoopBack2] ip address 1.2.3.4 32
[SwitchC-LoopBack2] ospf 1 area 0.0.0.0
[SwitchC-LoopBack2] rip 1 enable
[SwitchC-LoopBack2] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpna
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] pim sm
[SwitchC-Vsi-interface2] quit
# 使能VPN实例a的IP组播路由功能。
[SwitchC] multicast routing vpn-instance vpna
[SwitchC-mrib-vpna] quit
# 进入VPN实例vpna的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchC] pim vpn-instance vpna
[SwitchC-pim-vpna] c-bsr 3.3.3.3
[SwitchC-pim-vpna] c-rp 3.3.3.3
[SwitchC-pim-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchC-mvxlan-vpna] address-family ipv4
[SwitchC-mvxlan-vpna-ipv4] default-group 236.0.0.0
[SwitchC-mvxlan-vpna-ipv4] source loopback 2 evpn-drni-group
[SwitchC-mvxlan-vpna-ipv4] data-group 239.0.0.0 24
[SwitchC-mvxlan-vpna-ipv4] dci enable
# 配置组成M-LAG系统的本地和远端ED的IPv4地址。
[SwitchC-mvxlan-vpna-ipv4] m-lag local 3.3.3.3 remote 4.4.4.4
[SwitchC-mvxlan-vpna-ipv4] quit
[SwitchC-mvxlan-vpna] quit
# 配置路由策略,修改Switch C发往Switch B的S-PMSI路由的下一跳为3.3.3.3。
[SwitchC] route-policy rt_spmsi permit node 0
[SwitchC-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchC-route-policy-rt_spmsi-0] apply ip-address next-hop 3.3.3.3
[SwitchC-route-policy-rt_spmsi-0] quit
[SwitchC] route-policy rt_spmsi permit node 1
[SwitchC-route-policy-rt_spmsi-1] quit
# 配置BGP发布EVPN路由,指定发布EVPN路由时,将下一跳地址修改为M-LAG的虚拟ED地址。
[SwitchC] bgp 100
[SwitchC-bgp-default] peer 2.2.2.2 as-number 100
[SwitchC-bgp-default] peer 2.2.2.2 connect-interface loopback 0
[SwitchC-bgp-default] peer 6.6.6.6 as-number 200
[SwitchC-bgp-default] peer 6.6.6.6 connect-interface loopback 0
[SwitchC-bgp-default] peer 6.6.6.6 ebgp-max-hop 64
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] nexthop evpn-m-lag group-address
[SwitchC-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchC-bgp-default-evpn] peer 2.2.2.2 route-policy rt_spmsi export
[SwitchC-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[SwitchC-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchC-bgp-default-evpn] peer 6.6.6.6 router-mac-local
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置以太网链路聚合接口作为peer-link链路。
[SwitchC] interface bridge-aggregation 9
[SwitchC-Bridge-Aggregation9] port link-type trunk
[SwitchC-Bridge-Aggregation9] port trunk permit vlan all
[SwitchC-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchC-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchC-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchC-Ten-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为M-LAG保留接口。
[SwitchC] m-lag mad exclude interface ten-gigabitethernet 1/0/1
# 配置M-LAG系统。
[SwitchC] m-lag restore-delay 180
[SwitchC] m-lag system-mac 0001-0001-0001
[SwitchC] m-lag system-number 1
[SwitchC] m-lag system-priority 10
[SwitchC] m-lag keepalive ip destination 60.1.1.2 source 60.1.1.1
(5) 配置Switch D
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF和RIP进程。
<SwitchD> system-view
[SwitchD] l2vpn enable
[SwitchD] multicast routing
[SwitchD-mrib] quit
[SwitchD] pim
[SwitchD-pim] quit
[SwitchD] ospf 1
[SwitchD-ospf-1] area 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
[SwitchD] rip 1
[SwitchD-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchD] igmp-snooping
[SwitchD-igmp-snooping] quit
# 在与外部ED连接的物理口上配置RIP路由协议,并开启DCI功能。
[SwitchD] interface ten-gigabitethernet 1/0/3
[SwitchD-Ten-GigabitEthernet1/0/3] rip 1 enable
[SwitchD-Ten-GigabitEthernet1/0/3] dci enable
[SwitchD-Ten-GigabitEthernet1/0/3] quit
# 开启EVPN的分布式聚合模式,并配置虚拟ED地址为1.2.3.4。
[SwitchD] evpn m-lag group 1.2.3.4
# 配置VPN实例vpna的RD和RT。
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 3:3
[SwitchD-vpn-instance-vpna] vpn-target 1:1 import-extcommunity
[SwitchD-vpn-instance-vpna] vpn-target 1:1 export-extcommunity
[SwitchD-vpn-instance-vpna] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchD] interface loopback 0
[SwitchD-LoopBack0] ip address 4.4.4.4 32
[SwitchD-LoopBack0] ospf 1 area 0.0.0.0
[SwitchD-LoopBack0] rip 1 enable
[SwitchD-LoopBack0] pim sm
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchD] interface loopback 1
[SwitchD-LoopBack1] ip binding vpn-instance vpna
[SwitchD-LoopBack1] ip address 4.4.4.4 32
[SwitchD-LoopBack1] pim sm
[SwitchD-LoopBack1] quit
# 创建接口LoopBack2,并配置LoopBcak2接口。
[SwitchD] interface loopback 2
[SwitchD-LoopBack2] ip address 1.2.3.4 32
[SwitchD-LoopBack2] ospf 1 area 0.0.0.0
[SwitchD-LoopBack2] rip 1 enable
[SwitchD-LoopBack2] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpna
[SwitchD-Vsi-interface2] l3-vni 1000
[SwitchD-Vsi-interface2] pim sm
[SwitchD-Vsi-interface2] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchD] multicast routing vpn-instance vpna
[SwitchD-mrib-vpna] quit
# 进入VPN实例vpna的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchD] pim vpn-instance vpna
[SwitchD-pim-vpna] c-bsr 4.4.4.4
[SwitchD-pim-vpna] c-rp 4.4.4.4
[SwitchD-pim-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchD] multicast-vpn vxlan vpn-instance a mode mdt
[SwitchD-mvxlan-a] address-family ipv4
[SwitchD-mvxlan-a-ipv4] default-group 236.0.0.0
[SwitchD-mvxlan-a-ipv4] source loopback 2 evpn-drni-group
[SwitchD-mvxlan-a-ipv4] data-group 239.0.0.0 24
[SwitchD-mvxlan-a-ipv4] dci enable
# 配置组成M-LAG系统的本地和远端ED的IPv4地址。
[SwitchD-mvxlan-a-ipv4] m-lag local 4.4.4.4 remote 3.3.3.3
[SwitchD-mvxlan-a-ipv4] quit
[SwitchD-mvxlan-a] quit
# 配置路由策略,修改Switch D发往Switch B的S-PMSI路由的下一跳为4.4.4.4。
[SwitchD] route-policy rt_spmsi permit node 0
[SwitchD-route-policy-rt_spmsi-0] if-match route-type bgp-evpn-s-pmsi
[SwitchD-route-policy-rt_spmsi-0] apply ip-address next-hop 4.4.4.4
[SwitchD-route-policy-rt_spmsi-0] quit
[SwitchD] route-policy rt_spmsi permit node 1
[SwitchD-route-policy-rt_spmsi-1] quit
# 配置BGP发布EVPN路由,指定发布EVPN路由时,将下一跳地址修改为M-LAG的虚拟ED地址。
[SwitchD] bgp 100
[SwitchD-bgp-default] peer 2.2.2.2 as-number 100
[SwitchD-bgp-default] peer 2.2.2.2 connect-interface LoopBack0
[SwitchD-bgp-default] peer 6.6.6.6 as-number 200
[SwitchD-bgp-default] peer 6.6.6.6 connect-interface LoopBack0
[SwitchD-bgp-default] peer 6.6.6.6 ebgp-max-hop 64
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] nexthop evpn-m-lag group-address
[SwitchD-bgp-default-evpn] peer 2.2.2.2 enable
[SwitchD-bgp-default-evpn] peer 2.2.2.2 route-policy rt_spmsi export
[SwitchD-bgp-default-evpn] peer 2.2.2.2 next-hop-local
[SwitchD-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchD-bgp-default-evpn] peer 6.6.6.6 router-mac-local
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 配置以太网链路聚合接口作为peer-link链路。
[SwitchD] interface bridge-aggregation 9
[SwitchD-Bridge-Aggregation9] port link-type trunk
[SwitchD-Bridge-Aggregation9] port trunk permit vlan all
[SwitchD-Bridge-Aggregation9] link-aggregation mode dynamic
[SwitchD-Bridge-Aggregation9] port m-lag peer-link 1
[SwitchD-Bridge-Aggregation9] quit
# 将二层以太网接口加入peer-link聚合口。
[SwitchD] interface ten-gigabitethernet 1/0/2
[SwitchD-Ten-GigabitEthernet1/0/2] port link-aggregation group 9
[SwitchD-Ten-GigabitEthernet1/0/2] quit
# 将keeplive链路配置为M-LAG保留接口。
[SwitchD] m-lag mad exclude interface ten-gigabitethernet 1/0/1
# 配置M-LAG系统。
[SwitchD] m-lag restore-delay 180
[SwitchD] m-lag system-mac 0001-0001-0001
[SwitchD] m-lag system-number 2
[SwitchD] m-lag system-priority 10
[SwitchD] m-lag keepalive ip destination 60.1.1.1 source 60.1.1.2
(6) 配置Switch E
# 启动RIP进程。
<SwitchE> system-view
[SwitchE] rip 1
[SwitchE-rip-1] quit
# 在各接口上配置RIP路由协议。
[SwitchE] interface vlan-interface 3
[SwitchE-Vlan-interface3] rip 1 enable
[SwitchE-Vlan-interface3] quit
[SwitchE] interface vlan-interface 5
[SwitchE-Vlan-interface5] rip 1 enable
[SwitchE-Vlan-interface5] quit
[SwitchE] interface vlan-interface 6
[SwitchE-Vlan-interface6] rip 1 enable
[SwitchE-Vlan-interface6] quit
(7) 配置Switch F
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF和RIP进程。
<SwitchF> system-view
[SwitchF] l2vpn enable
[SwitchF] multicast routing
[SwitchF-mrib] quit
[SwitchF] pim
[SwitchF-pim] quit
[SwitchF] ospf 1
[SwitchF-ospf-1] area 0.0.0.0
[SwitchF-ospf-1-area-0.0.0.0] quit
[SwitchF] rip 1
[SwitchF-rip-1] quit
# 开启IGMP Snooping功能。
[SwitchF] igmp-snooping
[SwitchF-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchF] interface loopback 0
[SwitchF-LoopBack0] ip address 6.6.6.6 32
[SwitchF-LoopBack0] pim sm
[SwitchF-LoopBack0] ospf 1 area 0.0.0.0
[SwitchF-LoopBack0] quit
# 在与外部ED连接的物理口上配置RIP路由协议,并开启DCI功能。
[SwitchF] interface ten-gigabitethernet 1/0/3
[SwitchF-Ten-GigabitEthernet1/0/3] ospf 1 area 0
[SwitchF-Ten-GigabitEthernet1/0/3] dci enable
# 配置VPN实例vpna的RD和RT。
[SwitchF] ip vpn-instance vpna
[SwitchF-vpn-instance-vpna] route-distinguisher 6:6
[SwitchF-vpn-instance-vpnvpna] vpn-target 1:1 import-extcommunity
[SwitchF-vpn-instance-a] vpn-target 1:1 export-extcommunity
[SwitchF-vpn-instance-vpna] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchF] interface vsi-interface 2
[SwitchF-Vsi-interface2] ip binding vpn-instance vpna
[SwitchF-Vsi-interface2] l3-vni 1000
[SwitchF-Vsi-interface2] pim sm
[SwitchF-Vsi-interface2] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchF] interface loopback 1
[SwitchF-LoopBack1] ip binding vpn-instance vpna
[SwitchF-LoopBack1] ip address 6.6.6.6 32
[SwitchF-LoopBack1] pim sm
[SwitchF-LoopBack1] quit
# 进入VPN实例vpna的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchF] pim vpn-instance vpna
[SwitchF-pim-vpna] c-bsr 6.6.6.6
[SwitchF-pim-vpna] c-rp 6.6.6.6
[SwitchF-pim-vpna] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchF] multicast routing vpn-instance vpna
[SwitchF-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。
[SwitchF] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchF-mvxlan-vpna] address-family ipv4
[SwitchF-mvxlan-vpna-ipv4] default-group 236.0.0.0
[SwitchF-mvxlan-vpna-ipv4] source loopback 0
[SwitchF-mvxlan-vpna-ipv4] data-group 239.0.0.0 24
[SwitchF-mvxlan-vpna-ipv4] dci enable
[SwitchF-mvxlan-vpna-ipv4] quit
[SwitchF-mvxlan-vpna] quit
# 配置BGP发布EVPN路由。
[SwitchF] bgp 200
[SwitchF-bgp-default] peer 3.3.3.3 as-number 100
[SwitchF-bgp-default] peer 3.3.3.3 connect-interface LoopBack0
[SwitchF-bgp-default] peer 3.3.3.3 ebgp-max-hop 64
[SwitchF-bgp-default] peer 4.4.4.4 as-number 100
[SwitchF-bgp-default] peer 4.4.4.4 connect-interface LoopBack0
[SwitchF-bgp-default] peer 4.4.4.4 ebgp-max-hop 64
[SwitchF-bgp-default] peer 7.7.7.7 as-number 200
[SwitchF-bgp-default] peer 7.7.7.7 connect-interface LoopBack0
[SwitchF-bgp-default] address-family l2vpn evpn
[SwitchF-bgp-default-evpn] peer 3.3.3.3 enable
[SwitchF-bgp-default-evpn] peer 3.3.3.3 router-mac-local
[SwitchF-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchF-bgp-default-evpn] peer 4.4.4.4 router-mac-local
[SwitchF-bgp-default-evpn] peer 7.7.7.7 enable
[SwitchF-bgp-default-evpn] peer 7.7.7.7 next-hop-local
[SwitchF-bgp-default-evpn] quit
[SwitchF-bgp-default] quit
(8) 配置Switch G
# 开启L2VPN能力,使能IP组播路由功能,启动OSPF进程。
<SwitchG> system-view
[SwitchG] l2vpn enable
[SwitchG] multicast routing
[SwitchG-mrib] quit
[SwitchG] pim
[SwitchG-pim] quit
[SwitchG] ospf 1
[SwitchG-ospf-1] area 0.0.0.0
[SwitchG-ospf-1-area-0.0.0.0] quit
# 开启设备的IGMP Snooping功能。
[SwitchG] igmp-snooping
[SwitchG-igmp-snooping] quit
# 创建接口LoopBack0,并配置LoopBcak0接口。
[SwitchG] interface loopback 0
[SwitchG-LoopBack0] ip address 7.7.7.7 32
[SwitchG-LoopBack0] pim sm
[SwitchG-LoopBack0] ospf 1 area 0.0.0.0
[SwitchG-LoopBack0] quit
# 在VSI实例vsi1下创建EVPN实例。
[SwitchG] vsi vsi1
[SwitchG-vsi-vsi1] evpn encapsulation vxlan
[SwitchG-vsi-vsi1-evpn-vxlan] route-distinguisher auto
[SwitchG-vsi-vsi1-evpn-vxlan] vpn-target auto export-extcommunity
[SwitchG-vsi-vsi1-evpn-vxlan] vpn-target auto import-extcommunity [SwitchG-vsi-vsi1-evpn-vxlan] quit
# 在VSI实例vsi1内使能IGMP Snooping。
[SwitchG-vsi-vsi1] igmp-snooping enable
# 创建VXLAN 10。
[SwitchG-vsi-vsi1] vxlan 10
[SwitchG-vsi-vsi1-vxlan-10] quit
# 配置BGP发布EVPN路由。
[SwitchG] bgp 200
[SwitchG-bgp-default] peer 6.6.6.6 as-number 200
[SwitchG-bgp-default] peer 6.6.6.6 connect-interface LoopBack0
[SwitchG-bgp-default] address-family l2vpn evpn
[SwitchG-bgp-default-evpn] peer 6.6.6.6 enable
[SwitchG-bgp-default-evpn] quit
[SwitchG-bgp-default] quit
# 在接入组播接收者的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例33,该实例用来匹配VLAN33的数据帧。
[SwitchG] interface ten-gigabitethernet 1/0/1
[SwitchG-Ten-GigabitEthernet1/0/1] port link-mode bridge
[SwitchG-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchG-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 33
[SwitchG-Ten-GigabitEthernet1/0/1] service-instance 33
[SwitchG-Ten-GigabitEthernet1/0/1-srv11] encapsulation s-vid 33
# 配置以太网服务实例33与VSI实例vsi1关联。
[SwitchG-Ten-GigabitEthernet1/0/1-srv11] xconnect vsi vsi1
[SwitchG-Ten-GigabitEthernet1/0/1-srv11] quit
# 配置VPN实例vpna的RD和RT。
[SwitchG] ip vpn-instance vpna
[SwitchG-vpn-instance-vpna] route-distinguisher 8:8
[SwitchG-vpn-instance-vpna] vpn-target 1:1 import-extcommunity
[SwitchG-vpn-instance-vpna] vpn-target 1:1 export-extcommunity
[SwitchG-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchG] interface vsi-interface 1
[SwitchG-Vsi-interface1] ip binding vpn-instance vpna
[SwitchG-Vsi-interface1] ip address 100.1.2.1 255.255.255.0
[SwitchG-Vsi-interface1] pim sm
[SwitchG-Vsi-interface1] igmp enable
[SwitchG-Vsi-interface1] mac-address 0001-0001-0001
[SwitchG-Vsi-interface1] distributed-gateway local
[SwitchG-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchG] interface vsi-interface 2
[SwitchG-Vsi-interface2] ip binding vpn-instance vpna
[SwitchG-Vsi-interface2] l3-vni 1000
[SwitchG-Vsi-interface2] pim sm
[SwitchG-Vsi-interface2] quit
# 使能VPN实例vpna的IP组播路由功能。
[SwitchG] multicast routing vpn-instance vpna
[SwitchG-mrib-vpna] quit
# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。
[SwitchG] multicast-vpn vxlan vpn-instance vpna mode mdt
[SwitchG-mvxlan-vpna] address-family ipv4
[SwitchG-mvxlan-vpna-ipv4] default-group 236.0.0.0
[SwitchG-mvxlan-vpna-ipv4] source loopback 0
[SwitchG-mvxlan-vpna-ipv4] data-group 239.0.0.0 24
[SwitchG-mvxlan-vpna-ipv4] s-pmsi advertise source-active
[SwitchG-mvxlan-vpna-ipv4] quit
[SwitchG-mvxlan-vpna] quit
# 创建接口LoopBack1,并配置LoopBcak1接口。
[SwitchG] interface loopback 1
[SwitchG-LoopBack1] ip binding vpn-instance vpna
[SwitchG-LoopBack1] ip address 7.7.7.7 32
[SwitchG-LoopBack1] pim sm
[SwitchG-LoopBack1] quit
# 进入VPN实例vpna的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。
[SwitchG] pim vpn-instance vpna
[SwitchG-pim-vpna] c-bsr 7.7.7.7
[SwitchG-pim-vpna] c-rp 7.7.7.7
[SwitchG-pim-vpna] quit
# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。
[SwitchG] vsi vsi1
[SwitchG-vsi-vsi1] gateway vsi-interface vsi1
[SwitchG-vsi-vsi1] quit
(1) 查看Leaf层设备上的组播路由信息。
# 查看Switch A上VPN实例vpna和公网的组播路由信息。
<SwitchA> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:00:31
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel0
Protocol: MD, UpTime: 00:00:31, Expires: -
(100.1.1.100, 225.0.0.1)
RP: 1.1.1.1 (local)
Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN
UpTime: 00:00:32
Upstream interface: Vsi-interface1
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: MTunnel1
Protocol: MD, UpTime: 00:00:26, Expires: -
<SwitchA> display pim routing-table
Total 0 (*, G) entries; 6 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:03:31
Upstream interface: MTunnel0 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 00:01:53, Expires: 00:02:38
(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:53
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:53, Expires: -
(4.4.4.4, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:01:47
Upstream interface: Vlan-interface10
Upstream neighbor: 121.121.121.12
RPF prime neighbor: 121.121.121.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:01:47, Expires: -
(1.1.1.1, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:00:51
Upstream interface: MTunnel1 (VPN: vpna)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface10
Protocol: pim-sm, UpTime: 00:00:51, Expires: 00:02:40
# 查看SwitchG上VPN实例vpna和公网的组播路由信息。
<SwitchG> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:12:32
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface1
Protocol: igmp, UpTime: 00:12:32, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:12:31, Expires: -
(100.1.1.100, 225.0.0.1)
RP: 7.7.7.7 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:12:30
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface1
Protocol: pim-sm, UpTime: 00:12:21, Expires: -
<SwitchG> display pim routing-table
Total 0 (*, G) entries; 5 (S, G) entries
(6.6.6.6, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:19:27
Upstream interface: Vlan-interface20
Upstream neighbor: 68.68.68.68
RPF prime neighbor: 68.68.68.68
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:19:27, Expires: -
(7.7.7.7, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:19:29
Upstream interface: Vlan-interface20
Upstream neighbor: 78.78.78.78
RPF prime neighbor: 78.78.78.78
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:19:29, Expires: -
(6.6.6.6, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:18:04
Upstream interface: Vlan-interface20
Upstream neighbor: 68.68.68.68
RPF prime neighbor: 68.68.68.68
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:18:04, Expires: -
(2) 查看ED设备上的组播路由信息。
# 查看Switch C上VPN实例vpna和公网的组播路由信息。
<SwitchC> display pim vpn-instance vpna routing-table
Total 1 (*, G) entries; 1 (S, G) entries
(*, 225.0.0.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: WC RC
UpTime: 00:20:48
Upstream interface: Register-Tunnel0
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 2
1: Vsi-interface2
Protocol: MD, UpTime: 00:20:48, Expires: -
2: MTunnel0
Protocol: MD, UpTime: 00:20:48, Expires: -
(100.1.1.100, 225.0.0.1)
RP: 3.3.3.3 (local)
Protocol: pim-sm, Flag: SPT 2MSDP ACT RQ SRC-ACT 2MVPN FROMVXLAN
UpTime: 00:20:47
Upstream interface: MVXLAN-UPE0 (0.0.0.0)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vsi-interface2
Protocol: MD, UpTime: 00:20:47, Expires: -
<SwitchC> display pim routing-table
Total 0 (*, G) entries; 4 (S, G) entries
(1.1.1.1, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT
UpTime: 00:23:32
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:23:32, Expires: -
(3.3.3.3, 236.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT LOC VXLAN_L3
UpTime: 00:25:33
Upstream interface: MTunnel0 (VPN: a)
Upstream neighbor: NULL
RPF prime neighbor: NULL
Downstream interface information:
Total number of downstream interfaces: 1
1: Vlan-interface30
Protocol: pim-sm, UpTime: 00:23:32, Expires: 00:02:58
(1.1.1.1, 239.0.0.0)
RP: NULL
Protocol: pim-sm, Flag: SPT ACT 2MVPN
UpTime: 00:22:31
Upstream interface: Vlan-interface30
Upstream neighbor: 123.123.123.12
RPF prime neighbor: 123.123.123.12
Downstream interface information:
Total number of downstream interfaces: 1
1: MVXLAN-UPE0
Protocol: MD, UpTime: 00:22:31, Expires: -
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
