vxlan evpn分布式网关相同子网和跨子网互通实验
相同子网互通实验:
配置步骤:
-
组网拓扑:
分布式网关同子网互通.png - 配置underlay网络,保证undlay网络互通;
spine underlay配置
#
interface GE1/0/0
undo portswitch
undo shutdown
ip address 192.168.12.1 255.255.255.0
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 192.168.13.1 255.255.255.0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 192.168.12.0 0.0.0.255
network 192.168.13.0 0.0.0.255
#
leaf1 underlay网络配置
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface GE1/0/0
undo portswitch
undo shutdown
ip address 192.168.12.2 255.255.255.0
#
leaf2 underlay网络配置
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 192.168.13.3 255.255.255.0
#
- 配置bgp evpn对等体,用来通告evpn路由vtep的自动发现和vxlan隧道的建立;
配置前leaf必须全局开启evpn-overlay enable ,才能在BGP中配置 l2vpn-family evpn
leaf1 overlay配置
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
peer 3.3.3.3 enable
#
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irb
#
leaf2 overlay 配置
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
peer 2.2.2.2 enable
#
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
#
- 验证evpn对等体已经建立:
[~leaf1]display bgp evpn peer
BGP local router ID : 192.168.12.2
Local AS number : 100
Total number of peers : 1
Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.3 4 100 33 35 0 00:23:28 Established 1
- 配置bd和evpn实例:
[leaf1]
#
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 0:20
vpn-target 20:20 export-extcommunity
vpn-target 20:20 import-extcommunity
arp broadcast-suppress enable
#
[leaf2]
#
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 1:20
vpn-target 20:20 export-extcommunity
vpn-target 20:20 import-extcommunity
arp broadcast-suppress enable
#
- 配置vtep地址,用来建立vxlan隧道:
[leaf1]
#
interface Nve1
source 2.2.2.2
vni 20 head-end peer-list protocol bgp
#
[leaf2]
#
interface Nve1
source 3.3.3.3
vni 20 head-end peer-list protocol bgp
#
- 验证,同子网互通场景下,配置完nve接口后,本端VTEP EVPN实例会向对端EVPN实例通告type3类型的路由,type3主要用来vtep自动发现和vxlan隧道自动建立,因此此时vxlan隧道已经建立成功,如下:
查看vxlan隧道建立情况:
[~leaf1]display vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 2.2.2.2 3.3.3.3 up dynamic 00:20:24
查看type3类型路由:
[~leaf1]display bgp evpn vpn-instance 20 routing-table inclusive-route 0:32:3.3.3.3
BGP local router ID : 192.168.12.2
Local AS number : 100
EVPN-Instance 20:
Number of Inclusive Multicast Routes: 1
BGP routing table entry information of 0:32:3.3.3.3:
Route Distinguisher: 1:20----------------------------------------------------evpn实例路由区分器
Remote-Cross route
Label information (Received/Applied): 20/NULL -------------------type3携带bd下的二层vni
From: 3.3.3.3 (3.3.3.3) ------------------------------------------------------接收路由的evpn对等体
Route Duration: 0d00h25m38s-------------------------------------------路由学习到的时间
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 3.3.3.3---------------------------------------------------路由下一跳属性
Qos information : 0x0
Ext-Community: RT <20 : 20>, Tunnel Type <VxLan>----------------vpn-taget
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
PMSI: Flags 0, Ingress Replication, Label 0:0:0(20), Tunnel Identifier:3.3.3.3----vni和vtep地址
Route Type: 3 (Inclusive Multicast Route)------路由类型为type3
Ethernet Tag ID: 0, Originator IP:3.3.3.3/32----------起源者属性,路由的起源router-id
Not advertised to any peer yet
- 配置业务接口,验证同子网互通
leaf1
interface GE1/0/2
undo shutdown
#
interface GE1/0/2.1 mode l2
encapsulation untag
bridge-domain 20
#
return
leaf2
interface GE1/0/2
undo shutdown
#
interface GE1/0/2.1 mode l2
encapsulation untag
bridge-domain 20
#
- 连通性和结果验证
PC>ipconfig
Link local IPv6 address...........: fe80::5689:98ff:fe98:6dda
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.1
Physical address..................: 54-89-98-98-6D-DA
DNS server........................:
PC>ping 192.168.20.20
Ping 192.168.20.20: 32 data bytes, Press Ctrl_C to break
From 192.168.20.20: bytes=32 seq=1 ttl=128 time=16 ms
From 192.168.20.20: bytes=32 seq=2 ttl=128 time=15 ms
From 192.168.20.20: bytes=32 seq=3 ttl=128 time=32 ms
From 192.168.20.20: bytes=32 seq=4 ttl=128 time=15 ms
From 192.168.20.20: bytes=32 seq=5 ttl=128 time=32 ms
--- 192.168.20.20 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 15/22/32 ms
可以看到同网段互通不需要网关就可以互通
查看mac/ip路由:
~leaf1]display bgp evpn vpn-instance 20 routing-table mac-route
BGP Local router ID is 192.168.12.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN-Instance 20:
Number of Mac Routes: 1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:0000-5e00-0001:0:0.0.0.0 3.3.3.3
此时只有对端网关的mac/ip路由,因为同网段通信arp请求在主机之间,vtep没有配置网关地址,不能学习arp,因此没有主机mac/ip路由。
不同子网互通实验:
配置步骤:
-
组网拓扑:
拓扑在保持以上实验的同时增加pc3 网段192.168.30.0/24, vxlan网关为leaf2设备上的vbdif30 。实验目的为目的为PC3192.168.30.30 能够ping通PC1192.168.20.10:
- 在leaf2增加bd30
#
bridge-domain 30
vxlan vni 30
evpn
route-distinguisher 1:30
vpn-target 30:30 export-extcommunity
vpn-target 10:30 export-extcommunity
vpn-target 30:30 import-extcommunity
#
- 分别在leaf1 和leaf2 配置网关地址:
<leaf1>
#
interface Vbdif20
ip address 192.168.20.1 255.255.255.0
mac-address 0000-5e00-0001
vxlan anycast-gateway enable
arp collect host enable
#
<leaf2>
#
interface Vbdif30
ip address 192.168.30.1 255.255.255.0
mac-address 0000-5e00-0002
vxlan anycast-gateway enable
arp collect host enable
#
- 分别在leaf1 和 leaf2 配置l3vpn实例用来交叉接受不通网段的路由:
<leaf1>
#
ip vpn-instance evpn20
ipv4-family
route-distinguisher 60:20
vpn-target 10:30 import-extcommunity evpn
vxlan vni 60
#
return
<leaf2>
#
ip vpn-instance evpn30
ipv4-family
route-distinguisher 40:30
vpn-target 10:30 import-extcommunity evpn
vpn-target 20:20 import-extcommunity evpn
vxlan vni 50
#
return
leaf1 bd 20 下 export vpn-target 20:20 必须和leaf2 vpn-instance evpn30 的vpn-target 20:20 import-extcommunity evpn对应;
leaf2 bd 30 下export vpn-target 10:30 必须和leaf1 vpn-instance evpn20 的vpn-target 10:30 import-extcommunity evpn对应
- 将vpdif接口绑定到对应的l3vpn实例下面,用来保存各自网关的mac/ip路由
<leaf1>
#
interface Vbdif20
ip binding vpn-instance evpn20
<leaf2>
#
interface Vbdif30
ip binding vpn-instance evpn30
- 在各自的网关vpn实例下分别ping pc1 和 pc3 ,然后查看arp表项和evpn表项:
在leaf1 查看arp表象,已经有192.168.20.10 5489-9898-6dda
<leaf1>display arp
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN:VLAN or Bridge Domain
IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE
----------------------------------------------------------------------------------------
192.168.12.2 3850-1902-0100 I GE1/0/0
192.168.12.1 3850-1901-0100 12 D GE1/0/0
192.168.20.1 0000-5e00-0001 I Vbdif20 evpn20
192.168.20.10 5489-9898-6dda 2 D/BD20 GE1/0/2.1 evpn20
----------------------------------------------------------------------------------------
然后在leaf2 查看,是否已经通过evpn学习到了mac/ip路由
<leaf2>display bgp evpn vpn-instance __RD_1_40_30__ routing-table mac-route
BGP Local router ID is 192.168.20.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN-Instance __RD_1_40_30__:
Number of Mac Routes: 1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-9898-6dda:32:192.168.20.10 2.2.2.2--------已经学习到的路由,
在leaf2 vpn实例下查看路由表项目:
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : evpn30
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.20.10/32 IBGP 255 0 RD 2.2.2.2 VXLAN------已经有IBGP主机路由,下一跳接口为vxlan
192.168.30.0/24 Direct 0 0 D 192.168.30.1 Vbdif30
192.168.30.1/32 Direct 0 0 D 127.0.0.1 Vbdif30
192.168.30.255/32 Direct 0 0 D 127.0.0.1 Vbdif30
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
查看mac/ip路由详细信息:
<leaf2>display bgp evpn vpn-instance __RD_1_40_30__ routing-table mac-route 0:48:5489-9898-6dda:32:192.168.20.10
BGP local router ID : 192.168.20.1
Local AS number : 100
EVPN-Instance __RD_1_40_30__:
Number of Mac Routes: 1
BGP routing table entry information of 0:48:5489-9898-6dda:32:192.168.20.10:----路由条目信息
Route Distinguisher: 0:20----evpn实例的RD
Remote-Cross route
Label information (Received/Applied): 20 60/NULL-----二层vni和三层vni
From: 2.2.2.2 (192.168.12.2) ---------------------------------路由来自于那个对等体
Route Duration: 0d00h42m30s------------------------------路由已经学习到的时间
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 2.2.2.2--------------------------------------路由下一跳属性
Qos information : 0x0
Ext-Community: RT <20 : 20>, Tunnel Type <VxLan>, Router's MAC <707b-e8af-4e9f>------------------扩展团体属性为vpn-target 和对端nve接口的mac地址
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Route Type: 2 (MAC Advertisement Route) --------路由类型为type2
Ethernet Tag ID: 0, MAC Address/Len: 5489-9898-6dda/48, IP Address/Len: 192.168.20.10/32, ESI:0000.0000.0000.0000.0000 ----type2路由类型携带的mac/ip
Not advertised to any peer yet
- 在leaf1 清除arp表项,查看leaf2 是否还有路由:
<leaf1>reset arp all
<leaf1>display arp
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN:VLAN or Bridge Domain
IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE
----------------------------------------------------------------------------------------
192.168.12.2 3850-1902-0100 I GE1/0/0
192.168.12.1 3850-1901-0100 20 D GE1/0/0
192.168.20.1 0000-5e00-0001 I Vbdif20 evpn20
----------------------------------------------------------------------------------------
Total:3 Dynamic:1 Static:0 Interface:2 OpenFlow:0
Redirect:0
<leaf1>
<leaf2>display bgp evpn vpn-instance __RD_1_40_30__ routing-table mac-route
<leaf2>
可以看到已经没有mac/ip路由,说明evpn路由表象来自于arp表项。
在刚开始的同子网实验中,因为没有配置网关,因此vtep之间没有通告主机的mac/ip路由,现在已经有了网关,看leaf1和leaf2是否已经相互通告了各自主机PC1和PC2的mac/ip路由
<leaf2>display bgp evpn vpn-instance 20 routing-table mac-route
BGP Local router ID is 192.168.20.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN-Instance 20:
Number of Mac Routes: 3
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:0000-5e00-0001:0:0.0.0.0 0.0.0.0
* i 2.2.2.2
*>i 0:48:5489-9898-6dda:32:192.168.20.10 2.2.2.2
<leaf1>display bgp evpn vpn-instance 20 routing-table mac-route
BGP Local router ID is 192.168.12.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN-Instance 20:
Number of Mac Routes: 4
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:0000-5e00-0001:0:0.0.0.0 0.0.0.0
* i 3.3.3.3
*>i 0:48:0000-5e00-0002:0:0.0.0.0 3.3.3.3
*> 0:48:5489-9898-6dda:32:192.168.20.10 0.0.0.0
可以看到leaf2已经学习到了PC1的mac/ip路由信息
原理总结
待续。。。。。
