说明:
- CE1 CE2 CE3 使用12800镜像,镜像版本为:CE12800 V200R005C10SPC607B607
- LSW1和LSW2使用S3700镜像
- CE2做为三层普通路由,CE2 不能做为RR,模拟器存在bug,有时可以,有时不能反射路由
- PC1使用vlan 10 接入到LSW1交换机,PC2使用vlan 20 接入到LSW2交换机,PC3使用vlan 10 接入到LSW2交换机,PC4使用vlan 20接入到LSW2交换机
- LSW1 Ethernet0/0/1以及LSW2 Ethernet0/0/1 使用trunk 放行vlan 10和vlan 20
- CE1下192.168.10.10 属于租户A,vpn实例为vpnA,CE3下的172.16.10.20 属于租户B,vpn实例为vpnB
- CE1 和Service Leaf 建立三层VXLAN隧道,CE3与Service Leaf建立三层VXLAN隧道,在Service Leaf上配置vpn实例静态路由最终实现互通
- 因模拟器不支持在在回环接口eth-trunk 0 配置service type tunnel,所以PC1无法ping通PC4 ,但是在真实物理环境中可以访问,本实验只讲诉过程
名称/接口 | GE1/0/1 | GE1/0/0 | Loopback0 | GE1/0/2 |
CE1 | 无 | 12.1.1.1/24 | 1.1.1.1/32 | |
CE2 | 23.1.1.2/24 | 12.1.1.2/24 | 2.2.2.2/32 | 24.1.1.2/24 |
CE3 | 无 | 23.1.1.3/24 | 3.3.3.3/32 | |
Service Leaf | 24.1.1.4/24 | 4.4.4.4/32 |
配置完成后保证直连接口可以相互ping通
CE1配置:
interface GE1/0/0
undo portswitch
undo shutdown
ip address 12.1.1.1 255.255.255.0 //和CE2互联接口
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
CE2配置:
interface GE1/0/0
undo portswitch
undo shutdown
ip address 12.1.1.2 255.255.255.0 //和CE1互联接口
interface GE1/0/1
undo portswitch
undo shutdown
ip address 23.1.1.2 255.255.255.0 //和CE3互联接口
interface GE1/0/2
undo portswitch
undo shutdown
ip address 24.1.1.2 255.255.255.0 //和Service Leaf互联接口
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
CE3配置:
interface GE1/0/0
undo portswitch
undo shutdown
ip address 23.1.1.3 255.255.255.0 //和CE2互联接口
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
ServiceLeaf配置:
interface GE1/0/0
undo portswitch
undo shutdown
ip address 24.1.1.4 255.255.255.0 //和CE2互联地址
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
//真实物理机需要配置以下命令vpn实例间才可以互通,Ensp模拟器不支持
interface eth-trunk 0 //配置回环接口
service type tunnel //配置为tunnel配置CE1 CE2 CE3 Service Leaf使用OSPF协议实现全互联
CE1配置:
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
#
CE2配置:
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.2 0.0.0.0
network 23.1.1.2 0.0.0.0
network 24.1.1.2 0.0.0.0
#
CE3配置:
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 23.1.1.3 0.0.0.0
#
Service Leaf配置:
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 24.1.1.4 0.0.0.0
从CE1测试是否可以正常访问CE3,如下截图代表正常
配置CE1和Service Leaf建立BGP EVPN邻居关系
CE1配置:
evpn-overlay enable //开启evpn支持
bgp 100
peer 4.4.4.4 as-number 100 //指定邻居ibgp
peer 4.4.4.4 connect-interface LoopBack0 //指定邻居更新接口
#
ipv4-family unicast
undo peer 4.4.4.4 enable //关闭bgp 单播邻居
#
l2vpn-family evpn //进入evpn地址族
policy vpn-target
peer 4.4.4.4 enable //启用bgp evpn邻居
peer 4.4.4.4 advertise irb //发布irb路由
#
IRB路由:
CE3配置:
evpn-overlay enable //开启evpn支持
bgp 100
peer 4.4.4.4 as-number 100 //指定邻居ibgp
peer 4.4.4.4 connect-interface LoopBack0 //指定邻居 更新接口
#
ipv4-family unicast
undo peer 4.4.4.4 enable //关闭bgp 单播邻居
#
l2vpn-family evpn //进入evpn地址族
policy vpn-target
peer 4.4.4.4 enable //启用bgp evpn邻居
peer 4.4.4.4 advertise irb //发布irb路由
#
CE3配置:
evpn-overlay enable //开启evpn支持
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 1.1.1.1 enable
undo peer 3.3.3.3 enable
#
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 advertise irb
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irb
#
查看邻居关系
CE1和Service Leaf建立了邻居关系:
CE3和Service Leaf 建立了邻居关系:
Service Leaf:
CE1配置:
interface Nve1
source 1.1.1.1 //指定NVE接口源地址
CE3配置:
interface Nve1
source 3.3.3.3 //指定NVE接口源地址
ServiceLeaf配置:
interface Nve1
source 4.4.4.4 //指定NVE接口源地址配置LSW1和LSW2 交换机接入配置
LSW1配置:
vlan batch 10 20
interface Ethernet0/0/1
port link-type trunk //和CE1互联接口配置为Trunk
port trunk allow-pass vlan 10 20 //Trunk 放行VLAN 10 20
#
interface Ethernet0/0/2 //PC1 连接的接口设置为vlan10
port link-type access
port default vlan 10
#
LSW2配置:
vlan batch 10 20
interface Ethernet0/0/1 //和CE3互联接口配置为Trunk
port link-type trunk
port trunk allow-pass vlan 10 20 //Trunk 放行VLAN 10 20
#
interface Ethernet0/0/3 //PC4 连接的接口设置为vlan20
port link-type access
port default vlan 20
#配置CE1和CE3配置Bridge-Domain
CE1配置:
bridge-domain 10 //新建BD 10
vxlan vni 10 //指定二层vni
evpn //进入evpn
route-distinguisher 10:1 //配置RD
vpn-target 10:1 export-extcommunity //evpn实例 出方向RT
vpn-target 1000:1 export-extcommunity //用于vpn实例接收的出方向RT
vpn-target 10:2 import-extcommunity //evpn实例 入方向RT
arp broadcast-suppress enable //开启arp 广播抑制功能
#
CE3配置:
bridge-domain 20 //新建BD 20
vxlan vni 20 //指定二层vni
evpn //进入evpn
route-distinguisher 20:1 //配置RD
vpn-target 20:1 export-extcommunity //evpn实例 出方向RT
vpn-target 2000:1 export-extcommunity //用于vpn实例接收的出方向RT
vpn-target 20:2 import-extcommunity //evpn实例 入方向RT
#配置vlan 10接入到CE1
CE1配置vlan10 接入大二层BD:
interface GE1/0/1
undo shutdown
interface GE1/0/1.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10配置vlan 20接入到CE3
CE3配置vlan20 接入大二层BD:
interface GE1/0/1
undo shutdown
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20配置CE1和CE3 VBDIF接口
CE1配置:
//配置vpn示例,例如为租户A
ip vpn-instance vpnA //配置vpn实例租户A
ipv4-family
route-distinguisher 100:1 //配置RD
vpn-target 1000:1 import-extcommunity evpn //接收service Leaf生成的5类路由
vxlan vni 100 //三层VNI
//配置vbdif接口
interface Vbdif10
ip binding vpn-instance vpnA //绑定vpn实例
ip address 192.168.10.1 255.255.255.0
vxlan anycast-gateway enable //开启分布式网关
arp collect host enable //收集arp主机路由用于发布Type2 路由
#
CE3配置:
ip vpn-instance vpnB
ipv4-family
route-distinguisher 22:1
vpn-target 2000:1 import-extcommunity evpn //接收service Leaf生成的5类路由
vxlan vni 200
interface Vbdif20
ip binding vpn-instance vpnB
ip address 172.16.10.1 255.255.255.0
vxlan anycast-gateway enable
arp collect host enable
Service Leaf配置:
ip vpn-instance vpnA
ipv4-family
route-distinguisher 44:1
vpn-target 1000:1 export-extcommunity evpn //用于发送Type5路由 EERT
vpn-target 1000:1 import-extcommunity evpn //接收evpn 实例路由IERT
vxlan vni 44
#
ip vpn-instance vpnB
ipv4-family
route-distinguisher 55:1
vpn-target 2000:1 export-extcommunity evpn //用于发送Type5路由 EERT
vpn-target 2000:1 import-extcommunity evpn //接收evpn 实例路由IERT
vxlan vni 55
#配置Service Leaf租户静态路由实现实例
//配置vpnA实例到vpnB实例 172.16.10.0 网段路由,真机中必须设置Service Leaf tunnel接口,模拟器不支持
ip route-static vpn-instance vpnA 172.16.10.0 255.255.255.0 vpn-instance vpnB
//配置vpnB实例到vpnA实例 192.168.10.0 网段路由,真机中必须设置Service Leaf tunnel接口,模拟器不支持
ip route-static vpn-instance vpnB 192.168.10.0 255.255.255.0 vpn-instance vpnA
查看路由表vpnA,可以看到静态路由已经加入到路由表中
查看路由表vpnB,可以看到静态路由已经加入到路由表中
bgp 100
ipv4-family vpn-instance vpnA //进入VPN实例A
import-route static //引入静态路由
advertise l2vpn evpn //发布到evpn中
#
ipv4-family vpn-instance vpnB //进入VPN实例A
import-route static //引入静态路由
advertise l2vpn evpn //发布到evpn中CE1和CE3上查看收到的Type5 路由
CE1:
//通过以下输出可以看到Type5 路由已经发送给了CE1
[~CE1-bgp]dis bgp evpn all routing-table prefix-route
Local AS number : 100
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Ip Prefix Routes: 1
Route Distinguisher: 44:1
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*>i 0:172.16.10.0:24 4.4.4.4
EVPN-Instance __RD_1_100_1__:
Number of Ip Prefix Routes: 1
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*>i 0:172.16.10.0:24 4.4.4.4
[~CE1-bgp]
//查看Type5类型路由0:172.16.10.0:24 详细信息
[~CE1-bgp]dis bgp evpn all routing-table prefix-route 0:172.16.10.0:24
BGP local router ID : 12.1.1.1 //CE1 BGP routerid
Local AS number : 100 //AS号
Total routes of Route Distinguisher(44:1): 1 //Service Leaf发送过来的RD
BGP routing table entry information of 0:172.16.10.0:24:
Label information (Received/Applied): 44/NULL //收到的三层VNI
From: 4.4.4.4 (4.4.4.4) //发送端IP
Route Duration: 0d00h52m19s
Relay IP Nexthop: 12.1.1.2
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 4.4.4.4 //起源IP
Qos information : 0x0
Ext-Community: RT <1000 : 1>, Tunnel Type <VxLan>, Router's MAC <707b-e8e6-3155
> //service Leaf发送的EERT(1000:1)和本端CE1 IERT(1000:1)匹配
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, intern
al, best, select, pre 255, IGP cost 2
Route Type: 5 (Ip Prefix Route) //Type5 类型路由
Ethernet Tag ID: 0, IP Prefix/Len: 172.16.10.0/24, ESI: 0000.0000.0000.0000.000
0, GW IP Address: 0.0.0.0 //Type5 类型路由前缀 长度
Not advertised to any peer yet
EVPN-Instance __RD_1_100_1__: //将接收路由放入到vpn实例数据库中
Number of Ip Prefix Routes: 1
BGP routing table entry information of 0:172.16.10.0:24:
Route Distinguisher: 44:1
Remote-Cross route
Label information (Received/Applied): 44/NULL
From: 4.4.4.4 (4.4.4.4)
Route Duration: 0d00h52m19s
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 4.4.4.4
Qos information : 0x0
Ext-Community: RT <1000 : 1>, Tunnel Type <VxLan>, Router's MAC <707b-e8e6-3155
>
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, intern
al, best, select, pre 255
Route Type: 5 (Ip Prefix Route)
Ethernet Tag ID: 0, IP Prefix/Len: 172.16.10.0/24, ESI: 0000.0000.0000.0000.000
0, GW IP Address: 0.0.0.0
Not advertised to any peer yet
CE3路由:
//通过以下输出可以看到Type5 路由已经发送给了CE3
[CE3-bgp]dis bgp evpn all routing-table prefix-route
Local AS number : 100
BGP Local router ID is 23.1.1.3
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Ip Prefix Routes: 1
Route Distinguisher: 55:1
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*>i 0:192.168.10.0:24 4.4.4.4
EVPN-Instance __RD_1_22_1__:
Number of Ip Prefix Routes: 1
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*>i 0:192.168.10.0:24 4.4.4.4
[CE3-bgp]
//查看详细的路由
[CE3-bgp]dis bgp evpn all routing-table prefix-route 0:192.168.10.0:24
BGP local router ID : 23.1.1.3 //CE3 BGP routerID
Local AS number : 100 //BGP AS号
Total routes of Route Distinguisher(55:1): 1 //Service Leaf发送过来的RD
BGP routing table entry information of 0:192.168.10.0:24:
Label information (Received/Applied): 55/NULL //三层VNI
From: 4.4.4.4 (4.4.4.4) //路由从哪里发送的
Route Duration: 0d01h04m21s
Relay IP Nexthop: 23.1.1.2
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 4.4.4.4 //起源路由
Qos information : 0x0
Ext-Community: RT <2000 : 1>, Tunnel Type <VxLan>, Router's MAC <707b-e8e6-3155
> //service Leaf发送的EERT(2000:1)和本端CE3 IERT(3000:1)匹配
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, intern
al, best, select, pre 255, IGP cost 2
Route Type: 5 (Ip Prefix Route) //Type5类型路由
Ethernet Tag ID: 0, IP Prefix/Len: 192.168.10.0/24, ESI: 0000.0000.0000.0000.00
00, GW IP Address: 0.0.0.0 //Type5 类型路由前缀长度
Not advertised to any peer yet
EVPN-Instance __RD_1_22_1__:
Number of Ip Prefix Routes: 1
BGP routing table entry information of 0:192.168.10.0:24:
Route Distinguisher: 55:1
Remote-Cross route
Label information (Received/Applied): 55/NULL
From: 4.4.4.4 (4.4.4.4)
Route Duration: 0d01h04m21s
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 4.4.4.4
Qos information : 0x0
Ext-Community: RT <2000 : 1>, Tunnel Type <VxLan>, Router's MAC <707b-e8e6-3155
>
AS-path Nil, origin incomplete, MED 0, localpref 100, pref-val 0, valid, intern
al, best, select, pre 255
Route Type: 5 (Ip Prefix Route)
Ethernet Tag ID: 0, IP Prefix/Len: 192.168.10.0/24, ESI: 0000.0000.0000.0000.00
00, GW IP Address: 0.0.0.0
Not advertised to any peer yet
Type5类型路由说明:
抓包接口GE1/0/0 ,Service Leaf 发送给CE1的update报文
抓包接口GE1/0/0 ,Service Leaf 发送给CE3的update报文
由于模拟器不支持设置tunnel接口所以无法ping通以下是从Service Leaf抓到的icmp报文
