- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
03-S-MLAG+EVPN典型配置举例
本章节下载: 03-S-MLAG+EVPN典型配置举例 (295.11 KB)
目 录
本文档介绍S-MLAG+EVPN场景的配置举例。
在EVPN VXLAN分布式网关站点多归属网络中,同时部署S-MLAG,可以在不提升拓扑复杂度的同时提供更高的可靠性,并且业务流量可以通过S-MLAG技术来实现负载分担,避免单一链路或设备成为性能瓶颈,从而避免网络过载和阻塞现象。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解S-MLAG和EVPN VXLAN特性。
如图3-1所示:
· Switch A、Switch B、Switch C为分布式EVPN网关设备;Switch D为RR,负责在交换机之间反射BGP路由。VM 1和VM 3属于VXLAN 10,VM 2和VM 4属于VXLAN 20。属于相同VXLAN的VM之间可以二层互通,属于不同VXLAN的VM之间可以通过分布式EVPN网关进行三层互通。
· 为了提高业务的可靠性,在Switch A和Switch B上配置S-MLAG以形成跨设备的链路聚合,保证正常工作时链路进行负载分担,且其中一台设备出现故障时业务也不中断。
· 在Switch A和Switch B上配置ESI,使得VM 1和VM 2通过聚合链路多归属于Switch A和Switch B,避免VTEP单点故障对网络造成影响,从而提高EVPN网络的可靠性。
· 在Switch A和Switch B上配置Monitor Link功能,将连接Switch D的接口设置为上行接口,将连接VM的接口设置为下行接口。Switch A和Switch B的上行链路down时,下行链路也变为down,使得VM的上行流量可以在Switch A和Switch B之间切换,以避免流量丢失。
图3-1 S-MLAG EVPN配置组网图
本配置举例需要配置的主要功能包含两个部分:EVPN VXLAN分布式网关站点多归属功能,以及S-MLAG功能。其中,在EVPN VXLAN分布式网关配置中,每台分布式网关都需要创建两个VSI虚接口,VSI虚接口1作为VM 1以及VM 3的网关接口,VSI虚接口2作为VM 2以及VM 4的网关接口。在S-MLAG配置中,需要创建两个S-MLAG组,Switch A和Switch B上连接VM 1的接口加入一个S-MLAG组,连接VM 2的接口加入另一个S-MLAG组。
|
产品 |
软件版本 |
|
S6805系列 |
Release 6715及以上版本 |
|
S6825系列 |
Release 6715及以上版本 |
|
S6850系列 |
Release 6715及以上版本 |
|
S9850系列 |
Release 6715及以上版本 |
|
S9820-64H |
不支持 |
|
S9820-8C |
不支持 |
|
S6800系列 |
不支持 |
|
S6860系列 |
不支持 |
|
S6826系列 |
不支持 |
|
S9826系列 |
不支持 |
· 在成员端口加入聚合组时,如果成员端口上的属性类配置(例如端口隔离配置、VLAN相关配置等)与聚合接口不一致,则成员端口无法加入聚合组。因此,推荐端口在缺省状态时再加入新创建的聚合接口,以避免配置冲突。
· 对于加入S-MLAG组的两台设备Switch A和Switch B,请确保两端加入同一S-MLAG组的聚合接口配置一致。
· 仅工作在动态聚合模式下的二层聚合接口可以加入S-MLAG组。
· 在同一设备上,不同的二层聚合接口不能加入同一S-MLAG组。
# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达(具体配置过程略)。
# 在VM 1和 VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为20.1.1.1(具体配置过程略)。
# 开启L2VPN能力。
<SwitchA> system-view
[SwitchA] l2vpn enable
# 创建VLAN 2、VLAN 3。
[SwitchA] vlan 2 3
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 配置LACP的系统地址为0001-0002-0003。
[SwitchA] lacp system-mac 1-2-3
# 配置LACP的系统优先级为123。
[SwitchA] lacp system-priority 123
# 配置LACP的系统编号为1。
[SwitchA] lacp system-number 1
# 创建二层聚合接口2,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 2
[SwitchA-Bridge-Aggregation2] link-aggregation mode dynamic
# 配置二层聚合接口2为聚合边缘接口。
[SwitchA-Bridge-Aggregation2] lacp edge-port
# 将二层聚合接口2加入S-MLAG组100。
[SwitchA-Bridge-Aggregation2] port s-mlag group 100
[SwitchA-Bridge-Aggregation2] quit
# 将连接VM 1的端口GigabitEthernet1/0/2加入到聚合组2中。
[SwitchA] interface gigabitethernet 1/0/2
[SwitchA-GigabitEthernet1/0/2] port link-aggregation group 2
[SwitchA-GigabitEthernet1/0/2] quit
# 创建二层聚合接口3,并配置该接口为动态聚合模式。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] link-aggregation mode dynamic
# 配置二层聚合接口3为聚合边缘接口。
[SwitchA-Bridge-Aggregation3] lacp edge-port
# 将二层聚合接口3加入S-MLAG组200。
[SwitchA-Bridge-Aggregation3] port s-mlag group 200
[SwitchA-Bridge-Aggregation3] quit
# 将连接VM 2的端口GigabitEthernet1/0/3加入到聚合组3中。
[SwitchA] interface gigabitethernet 1/0/3
[SwitchA-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchA-GigabitEthernet1/0/3] quit
# 创建VSI实例vpna,并在其中创建EVPN实例,配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] evpn encapsulation vxlan
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
[SwitchA-vsi-vpna] quit
# 创建VSI实例vpnb,并在其中创建EVPN实例,配置自动生成EVPN实例的RD和RT。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] evpn encapsulation vxlan
[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto router-id
[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan-20] quit
[SwitchA-vsi-vpnb] quit
# 配置BGP EVPN会话。
[SwitchA] bgp 200
[SwitchA-bgp-default] router-id 1.1.1.1
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 在接入VM 1的接口Bridge-Aggregation2上创建以太网服务实例2000,该实例用来匹配VLAN 2的数据帧。
[SwitchA] interface bridge-aggregation 2
[SwitchA-Bridge-Aggregation2] port link-type trunk
[SwitchA-Bridge-Aggregation2] undo port trunk permit vlan 1
[SwitchA-Bridge-Aggregation2] port trunk permit vlan 2
[SwitchA-Bridge-Aggregation2] service-instance 2000
[SwitchA-Bridge-Aggregation2-srv2000] encapsulation s-vid 2
# 配置以太网服务实例2000与VSI实例vpna关联。
[SwitchA-Bridge-Aggregation2-srv2000] xconnect vsi vpna
[SwitchA-Bridge-Aggregation2-srv2000] quit
# 将Bridge-Aggregation2配置为生成树边缘端口。
[SwitchA-Bridge-Aggregation2] stp edged-port
# 在接入VM 1的接口Bridge-Aggregation2上配置ESI值。
[SwitchA-Bridge-Aggregation2] esi 0.0.0.0.1
[SwitchA-Bridge-Aggregation2] quit
# 在接入VM 2的接口Bridge-Aggregation3上创建以太网服务实例3000,用来匹配VLAN 3的数据帧。
[SwitchA] interface bridge-aggregation 3
[SwitchA-Bridge-Aggregation3] port link-type trunk
[SwitchA-Bridge-Aggregation3] undo port trunk permit vlan 1
[SwitchA-Bridge-Aggregation3] port trunk permit vlan 3
[SwitchA-Bridge-Aggregation3] service-instance 3000
[SwitchA-Bridge-Aggregation3-srv3000] encapsulation s-vid 3
# 配置以太网服务实例3000与VSI实例vpnb关联。
[SwitchA-Bridge-Aggregation3-srv3000] xconnect vsi vpnb
[SwitchA-Bridge-Aggregation3-srv3000] quit
# 将Bridge-Aggregation3配置为生成树边缘端口。
[SwitchA-Bridge-Aggregation3] stp edged-port
# 在接入VM 2的接口Bridge-Aggregation3上配置ESI值。
[SwitchA-Bridge-Aggregation3] esi 0.0.0.0.2
[SwitchA-Bridge-Aggregation3] quit
# 配置L3VNI的RD和RT。
[SwitchA] ip vpn-instance l3vpna
[SwitchA-vpn-instance-l3vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-l3vpna] address-family ipv4
[SwitchA-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchA-vpn-ipv4-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] address-family evpn
[SwitchA-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchA-vpn-evpn-l3vpna] quit
[SwitchA-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] mac-address 1-1-1
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface2] ip address 20.1.1.1 255.255.255.0
[SwitchA-Vsi-interface2] mac-address 2-2-2
[SwitchA-Vsi-interface2] distributed-gateway local
[SwitchA-Vsi-interface2] local-proxy-arp enable
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchA-Vsi-interface3] l3-vni 1000
[SwitchA-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] gateway vsi-interface 2
[SwitchA-vsi-vpnb] quit
# 创建Monitor Link组1,并配置该组的上行接口为GigabitEthernet1/0/1,下行接口为GigabitEthernet1/0/2和GigabitEthernet1/0/3。
[SwitchA] monitor-link group 1
[SwitchA-mtlk-group1] port gigabitethernet 1/0/1 uplink
[SwitchA-mtlk-group1] port gigabitethernet 1/0/2 downlink
[SwitchA-mtlk-group1] port gigabitethernet 1/0/3 downlink
[SwitchA-mtlk-group1] quit
3.5.3 配置Switch B
# 开启L2VPN能力。
<SwitchB> system-view
[SwitchB] l2vpn enable
# 创建VLAN 2、VLAN 3。
[SwitchB] vlan 2 3
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 配置LACP的系统地址为0001-0002-0003。
[SwitchB] lacp system-mac 1-2-3
# 配置LACP的系统优先级为123。
[SwitchB] lacp system-priority 123
# 配置LACP的系统编号为2。
[SwitchB] lacp system-number 2
# 创建二层聚合接口2,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 2
[SwitchB-Bridge-Aggregation2] link-aggregation mode dynamic
# 配置二层聚合接口2为聚合边缘接口。
[SwitchB-Bridge-Aggregation2] lacp edge-port
# 将二层聚合接口2加入S-MLAG组100。
[SwitchB-Bridge-Aggregation2] port s-mlag group 100
[SwitchB-Bridge-Aggregation2] quit
# 将连接VM 1的端口GigabitEthernet1/0/2加入到聚合组2中。
[SwitchB] interface gigabitethernet 1/0/2
[SwitchB-GigabitEthernet1/0/2] port link-aggregation group 2
[SwitchB-GigabitEthernet1/0/2] quit
# 创建二层聚合接口3,并配置该接口为动态聚合模式。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] link-aggregation mode dynamic
# 配置二层聚合接口3为聚合边缘接口。
[SwitchB-Bridge-Aggregation3] lacp edge-port
# 将二层聚合接口3加入S-MLAG组200。
[SwitchB-Bridge-Aggregation3] port s-mlag group 200
[SwitchB-Bridge-Aggregation3] quit
# 将连接VM 2的端口GigabitEthernet1/0/3加入到聚合组3中。
[SwitchB] interface gigabitethernet 1/0/3
[SwitchB-GigabitEthernet1/0/3] port link-aggregation group 3
[SwitchB-GigabitEthernet1/0/3] quit
# 创建在VSI实例vpna,并在其中创建EVPN实例,配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] evpn encapsulation vxlan
[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan-10] quit
[SwitchB-vsi-vpna] quit
# 创建VSI实例vpnb,并在其中创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto router-id
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-20] quit
[SwitchB-vsi-vpnb] quit
# 配置BGP EVPN会话。
[SwitchB] bgp 200
[SwitchB-bgp-default] router-id 2.2.2.2
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 在接入VM 1的接口Bridge-Aggregation2上创建以太网服务实例2000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface bridge-aggregation 2
[SwitchB-Bridge-Aggregation2] port link-type trunk
[SwitchB-Bridge-Aggregation2] undo port trunk permit vlan 1
[SwitchB-Bridge-Aggregation2] port trunk permit vlan 2
[SwitchB-Bridge-Aggregation2] service-instance 2000
[SwitchB-Bridge-Aggregation2-srv2000] encapsulation s-vid 2
# 配置以太网服务实例2000与VSI实例vpna关联。
[SwitchB-Bridge-Aggregation2-srv2000] xconnect vsi vpna
[SwitchB-Bridge-Aggregation2-srv2000] quit
# 将Bridge-Aggregation2配置为生成树边缘端口。
[SwitchB-Bridge-Aggregation2] stp edged-port
# 在接入VM 1的接口Bridge-Aggregation2上配置ESI值。
[SwitchB-Bridge-Aggregation2] esi 0.0.0.0.1
[SwitchB-Bridge-Aggregation2] quit
# 在接入VM 2的接口Bridge-Aggregation3上创建以太网服务实例3000,用来匹配VLAN 3的数据帧。
[SwitchB] interface bridge-aggregation 3
[SwitchB-Bridge-Aggregation3] port link-type trunk
[SwitchB-Bridge-Aggregation3] undo port trunk permit vlan 1
[SwitchB-Bridge-Aggregation3] port trunk permit vlan 3
[SwitchB-Bridge-Aggregation3] service-instance 3000
[SwitchB-Bridge-Aggregation3-srv3000] encapsulation s-vid 3
# 配置以太网服务实例3000与VSI实例vpnb关联。
[SwitchB-Bridge-Aggregation3-srv3000] xconnect vsi vpnb
[SwitchB-Bridge-Aggregation3-srv3000] quit
# 将Bridge-Aggregation3配置为生成树边缘端口。
[SwitchB-Bridge-Aggregation3] stp edged-port
# 在接入VM 2的接口Bridge-Aggregation3上配置ESI值。
[SwitchB-Bridge-Aggregation3] esi 0.0.0.0.2
[SwitchB-Bridge-Aggregation3] quit
# 配置L3VNI的RD和RT。
[SwitchB] ip vpn-instance l3vpna
[SwitchB-vpn-instance-l3vpna] route-distinguisher 2:2
[SwitchB-vpn-instance-l3vpna] address-family ipv4
[SwitchB-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchB-vpn-ipv4-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] address-family evpn
[SwitchB-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchB-vpn-evpn-l3vpna] quit
[SwitchB-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchB-Vsi-interface1] mac-address 1-1-1
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface2] ip address 20.1.1.1 255.255.255.0
[SwitchB-Vsi-interface2] mac-address 2-2-2
[SwitchB-Vsi-interface2] distributed-gateway local
[SwitchB-Vsi-interface2] local-proxy-arp enable
[SwitchB-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchB-Vsi-interface3] l3-vni 1000
[SwitchB-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] gateway vsi-interface 1
[SwitchB-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 2
[SwitchB-vsi-vpnb] quit
# 创建Monitor Link组1,并配置该组的上行接口为GigabitEthernet1/0/1,下行接口为GigabitEthernet1/0/2和GigabitEthernet1/0/3。
[SwitchB] monitor-link group 1
[SwitchB-mtlk-group1] port gigabitethernet 1/0/1 uplink
[SwitchB-mtlk-group1] port gigabitethernet 1/0/2 downlink
[SwitchB-mtlk-group1] port gigabitethernet 1/0/3 downlink
[SwitchB-mtlk-group1] quit
<SwitchC> system-view
[SwitchC] l2vpn enable
# 创建VLAN 2、VLAN 3。
[SwitchC] vlan 2 3
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VSI实例vpna,并在其中创建EVPN实例,配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 创建VSI实例vpnb,并在其中创建EVPN实例,配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto router-id
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
# 配置BGP EVPN会话。
[SwitchC] bgp 200
[SwitchC-bgp-default] router-id 3.3.3.3
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 在接入VM 1的接口GigabitEthernet1/0/2上创建以太网服务实例2000,用来匹配VLAN 2的数据帧。
[SwitchC] interface gigabitethernet 1/0/2
[SwitchC-GigabitEthernet1/0/2] port link-type trunk
[SwitchC-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[SwitchC-GigabitEthernet1/0/2] port trunk permit vlan 2
[SwitchC-GigabitEthernet1/0/2] service-instance 2000`
[SwitchC-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 2
# 配置以太网服务实例3000与VSI实例vpna关联。
[SwitchC-GigabitEthernet1/0/2-srv2000] xconnect vsi vpna
[SwitchC-GigabitEthernet1/0/2-srv2000] quit
# 将GigabitEthernet1/0/2配置为生成树边缘端口。
[SwitchC-GigabitEthernet1/0/2] stp edged-port
[SwitchC-GigabitEthernet1/0/2] quit
# 在接入VM 2的接口GigabitEthernet1/0/3上创建以太网服务实例3000,该实例用来匹配VLAN 3的数据帧。
[SwitchC] interface gigabitethernet 1/0/3
[SwitchC-GigabitEthernet1/0/3] port link-type trunk
[SwitchC-GigabitEthernet1/0/3] undo port trunk permit vlan 1
[SwitchC-GigabitEthernet1/0/3] port trunk permit vlan 3
[SwitchC-GigabitEthernet1/0/3] service-instance 3000
[SwitchC-GigabitEthernet1/0/3-srv3000] encapsulation s-vid 3
# 配置以太网服务实例3000与VSI实例vpnb关联。
[SwitchC-GigabitEthernet1/0/3-srv3000] xconnect vsi vpnb
[SwitchC-GigabitEthernet1/0/3-srv3000] quit
# 将GigabitEthernet1/0/3配置为生成树边缘端口。
[SwitchC-GigabitEthernet1/0/3] stp edged-port
[SwitchC-GigabitEthernet1/0/3] quit
# 配置L3VNI的RD和RT。
[SwitchC] ip vpn-instance l3vpna
[SwitchC-vpn-instance-l3vpna] route-distinguisher 3:3
[SwitchC-vpn-instance-l3vpna] address-family ipv4
[SwitchC-vpn-ipv4-l3vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] address-family evpn
[SwitchC-vpn-evpn-l3vpna] vpn-target 1:1
[SwitchC-vpn-evpn-l3vpna] quit
[SwitchC-vpn-instance-l3vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface2] ip address 20.1.1.1 255.255.255.0
[SwitchC-Vsi-interface2] mac-address 2-2-2
[SwitchC-Vsi-interface2] distributed-gateway local
[SwitchC-Vsi-interface2] local-proxy-arp enable
[SwitchC-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例l3vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance l3vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
# 配置Switch D与其他EVPN分布式网关建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] router-id 4.4.4.4
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 使能BGP交互EVPN路由的功能,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器,Switch A、Switch B以及Switch C为Switch D的客户机。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 查看Switch C上的EVPN Routing信息。可以看到存在关于VM 1和VM 2的三层等价信息。
<Switch C> display evpn routing-table vpn-instance l3vpna
Flags: E - with valid ESI A - AD ready L - Local ES exists
VPN instance:l3vpna Local L3VNI:1000
IP address Nexthop Outgoing interface NibID Flags
10.1.1.10 1.1.1.1 Vsi-interface3 0x18000001 EA
2.2.2.2 Vsi-interface3 0x18000000 EA
20.1.1.10 2.2.2.2 Vsi-interface3 0x18000000 EA
1.1.1.1 Vsi-interface3 0x18000001 EA
# 查看Switch C上的L2VPN MAC信息,可以看到Switch C已经学习到了VM 1和VM 2的MAC地址,并且均存在等价信息。
<Switch C> display l2vpn mac-address
* - The output interface is issued to another VSI
MAC Address State VSI Name Link ID/Name/Peer
Aging
3445-a57f-0902 EVPN vpna Tunnel0
NotAging
Tunnel1
NotAging
3026-3998-0602 EVPN vpnb Tunnel0
NotAging
Tunnel1
NotAging
--- 2 mac address(es) found ---
# 查看Switch A上的本地和远端ES信息。
<SwitchA> display evpn es local
Redundancy mode: A - All-active, S - Single-active
VSI name : vpna
EVPN instance: -
ESI Tag ID DF address Mode State ESI label
0000.0000.0000.0000.0001 2 1.1.1.1 A Up -
VSI name : vpnb
EVPN instance: -
ESI Tag ID DF address Mode State ESI label
0000.0000.0000.0000.0002 3 2.2.2.2 A Up -
<SwitchA> display evpn es remote
Control Flags: P - Primary, B - Backup, C - Control word
Status codes: * - invalid
VSI name : vpna
EVPN instance: -
ESI : 0000.0000.0000.0000.0001
Ethernet segment routes :
2.2.2.2
A-D per ES routes :
Peer IP Remote Redundancy mode
2.2.2.2 All-active
A-D per EVI routes :
Tag ID Peer IP
2 2.2.2.2
VSI name : vpnb
EVPN instance: -
ESI : 0000.0000.0000.0000.0002
Ethernet segment routes :
2.2.2.2
A-D per ES routes :
Peer IP Remote Redundancy mode
2.2.2.2 All-active
A-D per EVI routes :
Tag ID Peer IP
3 2.2.2.2
# VM之间可以互访。
· Switch A
#
ip vpn-instance l3vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
lacp system-mac 0001-0002-0003
lacp system-number 1
lacp system-priority 123
#
vxlan tunnel mac-learning disable
#
ospf 1
area 0.0.0.0
#
vlan 1
#
vlan 2 to 3
#
vlan 11
#
monitor-link group 1
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway Vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto router-id
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway Vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto router-id
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
link-aggregation mode dynamic
lacp edge-port
port s-mlag group 100
stp edged-port
esi 0000.0000.0000.0000.0001
#
service-instance 2000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
link-aggregation mode dynamic
lacp edge-port
port s-mlag group 200
stp edged-port
esi 0000.0000.0000.0000.0002
#
service-instance 3000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf 1 area 0.0.0.0
#
interface Vlan-interface11
ip address 11.1.1.2 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
port monitor-link group 1 uplink
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
port monitor-link group 1 downlink
port link-aggregation group 2
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
port monitor-link group 1 downlink
port link-aggregation group 3
#
interface Vsi-interface1
ip binding vpn-instance l3vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance l3vpna
ip address 20.1.1.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance l3vpna
l3-vni 1000
#
bgp 200
router-id 1.1.1.1
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 4.4.4.4 enable
#
return
· Switch B
#
ip vpn-instance l3vpna
route-distinguisher 2:2
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
lacp system-mac 0001-0002-0003
lacp system-number 2
lacp system-priority 123
#
vxlan tunnel mac-learning disable
#
ospf 1
area 0.0.0.0
#
vlan 1
#
vlan 2 to 3
#
vlan 12
#
monitor-link group 1
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway Vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto router-id
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway Vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto router-id
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface Bridge-Aggregation2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
link-aggregation mode dynamic
lacp edge-port
port s-mlag group 100
stp edged-port
esi 0000.0000.0000.0000.0001
#
service-instance 2000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Bridge-Aggregation3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
link-aggregation mode dynamic
lacp edge-port
port s-mlag group 200
stp edged-port
esi 0000.0000.0000.0000.0002
#
service-instance 3000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
ospf 1 area 0.0.0.0
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 12
port monitor-link group 1 uplink
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
port monitor-link group 1 downlink
port link-aggregation group 2
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
port monitor-link group 1 downlink
port link-aggregation group 3
#
interface Vsi-interface1
ip binding vpn-instance l3vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance l3vpna
ip address 20.1.1.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance l3vpna
l3-vni 1000
#
bgp 200
router-id 2.2.2.2
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 4.4.4.4 enable
#
return
· Switch C
#
ip vpn-instance l3vpna
route-distinguisher 3:3
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1
area 0.0.0.0
#
vlan 1
#
vlan 2 to 3
#
vlan 13
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway Vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto router-id
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway Vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto router-id
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ospf 1 area 0.0.0.0
#
interface Vlan-interface13
ip address 13.1.1.2 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 13
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
stp edged-port
#
service-instance 2000
encapsulation s-vid 2
xconnect vsi vpna
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
stp edged-port
#
service-instance 3000
encapsulation s-vid 3
xconnect vsi vpnb
#
interface Vsi-interface1
ip binding vpn-instance l3vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance l3vpna
ip address 20.1.1.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance l3vpna
l3-vni 1000
#
bgp 200
router-id 3.3.3.3
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 4.4.4.4 enable
#
return
· Switch D
#
ospf 1
area 0.0.0.0
#
vlan 1
#
vlan 11 to 13
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
ospf 1 area 0.0.0.0
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
ospf 1 area 0.0.0.0
#
interface Vlan-interface12
ip address 12.1.1.1 255.255.255.0
ospf 1 area 0.0.0.0
#
interface Vlan-interface13
ip address 13.1.1.1 255.255.255.0
ospf 1 area 0.0.0.0
#
interface GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
bgp 200
router-id 4.4.4.4
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 3.3.3.3 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
请参考对应产品和版本的如下手册:
· 二层技术-以太网交换配置指导
· 二层技术-以太网交换命令参考
· EVPN配置指导
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
