实践EVPN-VXLAN over MPLS L3VPN

CE1-EVPN-RR:gobgp充当vxlan overlay网的EVPN路由反射器

VMX-PE1,VMX-PE2,VMX-PE3充当MPLS骨干

VQFX-RE-CE2和VQFX-RE-CE3充当VTEP节点

VMX-PE1的配置

set version 14.1R4.8

set system host-name PE1

set system root-authentication encrypted-password "$1$UE.2fi.U$/povrlX3IQtZQNxUoH3zf1"

set interfaces ge-0/0/1 unit 0 family inet address 192.168.1.254/24

set interfaces ge-0/0/2 unit 0 family inet address 12.12.12.1/24

set interfaces ge-0/0/2 unit 0 family mpls

set interfaces ge-0/0/3 unit 0 family inet address 13.13.13.1/24

set interfaces ge-0/0/3 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 1.1.1.1/32

set routing-options router-id 1.1.1.1

set routing-options autonomous-system 64512

set protocols mpls interface ge-0/0/2.0

set protocols mpls interface ge-0/0/3.0

set protocols bgp group PE-PE type internal

set protocols bgp group PE-PE local-address 1.1.1.1

set protocols bgp group PE-PE family inet-vpn unicast

set protocols bgp group PE-PE neighbor 2.2.2.2

set protocols bgp group PE-PE neighbor 3.3.3.3

set protocols ospf area 0.0.0.0 interface ge-0/0/2.0

set protocols ospf area 0.0.0.0 interface ge-0/0/3.0

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ldp interface ge-0/0/2.0

set protocols ldp interface ge-0/0/3.0

set routing-instances VRF instance-type vrf

set routing-instances VRF interface ge-0/0/1.0

set routing-instances VRF route-distinguisher 1.1.1.1:1

set routing-instances VRF vrf-target target:64512:1

set routing-instances VRF protocols bgp group PE-CE type external

set routing-instances VRF protocols bgp group PE-CE local-address 192.168.1.254

set routing-instances VRF protocols bgp group PE-CE neighbor 192.168.1.1 peer-as 65001

VMX-PE2的配置

set version 14.1R4.8

set system host-name PE2

set system root-authentication encrypted-password "$1$LKKUx3fj$DIltr23hxUShkxoghtYoV0"

set interfaces ge-0/0/0 unit 0 family inet address 23.23.23.2/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/2 unit 0 family inet address 12.12.12.2/24

set interfaces ge-0/0/2 unit 0 family mpls

set interfaces ge-0/0/3 unit 0 family inet address 192.168.2.254/24

set interfaces lo0 unit 0 family inet address 2.2.2.2/32

set routing-options router-id 2.2.2.2

set routing-options autonomous-system 64512

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/2.0

set protocols bgp group PE-PE type internal

set protocols bgp group PE-PE local-address 2.2.2.2

set protocols bgp group PE-PE family inet-vpn unicast

set protocols bgp group PE-PE neighbor 1.1.1.1

set protocols bgp group PE-PE neighbor 3.3.3.3

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0

set protocols ospf area 0.0.0.0 interface ge-0/0/2.0

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ldp interface ge-0/0/0.0

set protocols ldp interface ge-0/0/2.0

set routing-instances VRF instance-type vrf

set routing-instances VRF interface ge-0/0/3.0

set routing-instances VRF route-distinguisher 2.2.2.2:1

set routing-instances VRF vrf-target target:64512:1

set routing-instances VRF protocols bgp group PE-CE type external

set routing-instances VRF protocols bgp group PE-CE local-address 192.168.2.254

set routing-instances VRF protocols bgp group PE-CE neighbor 192.168.2.1 peer-as 65002

VMX-PE3的配置

set version 14.1R4.8

set system host-name PE3

set system root-authentication encrypted-password "$1$EGgnDiro$WwLuBYMuwFUWDHoJvFXrl/"

set interfaces ge-0/0/0 unit 0 family inet address 23.23.23.3/24

set interfaces ge-0/0/0 unit 0 family mpls

set interfaces ge-0/0/1 unit 0 family inet address 192.168.3.254/24

set interfaces ge-0/0/3 unit 0 family inet address 13.13.13.3/24

set interfaces ge-0/0/3 unit 0 family mpls

set interfaces lo0 unit 0 family inet address 3.3.3.3/32

set routing-options router-id 3.3.3.3

set routing-options autonomous-system 64512

set protocols mpls interface ge-0/0/0.0

set protocols mpls interface ge-0/0/3.0

set protocols bgp group PE-PE type internal

set protocols bgp group PE-PE local-address 3.3.3.3

set protocols bgp group PE-PE family inet-vpn unicast

set protocols bgp group PE-PE neighbor 1.1.1.1

set protocols bgp group PE-PE neighbor 2.2.2.2

set protocols ospf area 0.0.0.0 interface ge-0/0/0.0

set protocols ospf area 0.0.0.0 interface ge-0/0/3.0

set protocols ospf area 0.0.0.0 interface lo0.0 passive

set protocols ldp interface ge-0/0/0.0

set protocols ldp interface ge-0/0/3.0

set routing-instances VRF instance-type vrf

set routing-instances VRF interface ge-0/0/1.0

set routing-instances VRF route-distinguisher 3.3.3.3:1

set routing-instances VRF vrf-target target:64512:1

set routing-instances VRF protocols bgp group PE-CE type external

set routing-instances VRF protocols bgp group PE-CE local-address 192.168.3.254

set routing-instances VRF protocols bgp group PE-CE neighbor 192.168.3.1 peer-as 65003

VQFX-RE-CE2的配置

set version 15.1X53-D63.9

set system host-name VQFX-RE-CE2

set system root-authentication encrypted-password "$1$QrPRwg3K$9RYSpnMY8K/7E3AplgzE8/"

set system services ssh root-login allow

set interfaces xe-0/0/0 unit 0 family inet address 192.168.2.1/24

set interfaces xe-0/0/1 description DEV=TOR-SW

set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk

set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members all

set interfaces em0 unit 0 family inet dhcp

set interfaces em1 unit 0 family inet address 169.254.0.2/24

set interfaces lo0 unit 0 family inet address 22.22.22.22/32

set forwarding-options storm-control-profiles default all

set routing-options router-id 22.22.22.22

set routing-options autonomous-system 65002

set protocols bgp group CE-PE type external

set protocols bgp group CE-PE local-address 192.168.2.1

set protocols bgp group CE-PE export POLICY_EXPORT_LO0

set protocols bgp group CE-PE neighbor 192.168.2.254 peer-as 64512

set protocols bgp group overlay type internal

set protocols bgp group overlay local-address 22.22.22.22

set protocols bgp group overlay family evpn signaling

set protocols bgp group overlay local-as 65000

set protocols bgp group overlay neighbor 11.11.11.11

set protocols evpn encapsulation vxlan

set protocols evpn extended-vni-list 100

set protocols evpn multicast-mode ingress-replication

set protocols evpn vni-options vni 100 vrf-target export target:65000:100

set protocols igmp-snooping vlan default

set policy-options policy-statement POLICY_EXPORT_LO0 from family inet

set policy-options policy-statement POLICY_EXPORT_LO0 from protocol direct

set policy-options policy-statement POLICY_EXPORT_LO0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32

set policy-options policy-statement POLICY_EXPORT_LO0 then accept

set policy-options policy-statement POLICY_VRF_IMPORT term T_100 from community COM_100

set policy-options policy-statement POLICY_VRF_IMPORT term T_100 then accept

set policy-options policy-statement POLICY_VRF_IMPORT term T_999 then reject

set policy-options community COM_100 members target:65000:100

set switch-options service-id 1

set switch-options vtep-source-interface lo0.0

set switch-options route-distinguisher 22.22.22.22:1

set switch-options vrf-import POLICY_VRF_IMPORT

set switch-options vrf-target target:65000:1

set switch-options vrf-target auto

set vlans default vlan-id 1

set vlans v100 vlan-id 100

set vlans v100 vxlan vni 100

set vlans v100 vxlan ingress-node-replication

VQFX-RE-CE3的配置

set version 15.1X53-D63.9

set system host-name VQFX-RE-CE3

set system root-authentication encrypted-password "$1$OnzdOoaM$3sCh1drLuHUZ0O3Il75h/."

set system services ssh root-login allow

set interfaces xe-0/0/0 unit 0 family inet address 192.168.3.1/24

set interfaces xe-0/0/1 description DEV=TOR-SW

set interfaces xe-0/0/1 unit 0 family ethernet-switching interface-mode trunk

set interfaces xe-0/0/1 unit 0 family ethernet-switching vlan members all

set interfaces em0 unit 0 family inet dhcp

set interfaces em1 unit 0 family inet address 169.254.0.2/24

set interfaces lo0 unit 0 family inet address 33.33.33.33/32

set forwarding-options storm-control-profiles default all

set routing-options router-id 33.33.33.33

set routing-options autonomous-system 65003

set protocols bgp group CE-PE type external

set protocols bgp group CE-PE local-address 192.168.3.1

set protocols bgp group CE-PE export POLICY_EXPORT_LO0

set protocols bgp group CE-PE neighbor 192.168.3.254 peer-as 64512

set protocols bgp group overlay type internal

set protocols bgp group overlay local-address 33.33.33.33

set protocols bgp group overlay family evpn signaling

set protocols bgp group overlay local-as 65000

set protocols bgp group overlay neighbor 11.11.11.11

set protocols evpn encapsulation vxlan

set protocols evpn extended-vni-list 100

set protocols evpn multicast-mode ingress-replication

set protocols evpn vni-options vni 100 vrf-target export target:65000:100

set protocols igmp-snooping vlan default

set policy-options policy-statement POLICY_EXPORT_LO0 from family inet

set policy-options policy-statement POLICY_EXPORT_LO0 from protocol direct

set policy-options policy-statement POLICY_EXPORT_LO0 from route-filter 0.0.0.0/0 prefix-length-range /32-/32

set policy-options policy-statement POLICY_EXPORT_LO0 then accept

set policy-options policy-statement POLICY_VRF_IMPORT term T_100 from community COM_100

set policy-options policy-statement POLICY_VRF_IMPORT term T_100 then accept

set policy-options policy-statement POLICY_VRF_IMPORT term T_999 then reject

set policy-options community COM_100 members target:65000:100

set switch-options service-id 1

set switch-options vtep-source-interface lo0.0

set switch-options route-distinguisher 33.33.33.33:1

set switch-options vrf-import POLICY_VRF_IMPORT

set switch-options vrf-target target:65000:1

set switch-options vrf-target auto

set vlans default vlan-id 1

set vlans v100 vlan-id 100

set vlans v100 vxlan vni 100

set vlans v100 vxlan ingress-node-replication

GOBGP CE1机器的设置

root@gobgp:~# cat /etc/gobgp/gobgpd.conf

[global]

[global.config]

as = 65000

router-id = "192.168.1.1"

[[neighbors]]

[neighbors.config]

peer-type = "external"

neighbor-address = "192.168.1.254"

peer-as = 64512

local-as = 65001

[[neighbors.afi-safis]]

[neighbors.afi-safis.config]

afi-safi-name = "ipv4-unicast"

[[neighbors]]

[neighbors.config]

neighbor-address = "22.22.22.22"

peer-as = 65000

[neighbors.route-reflector.config]

route-reflector-client = true

route-reflector-cluster-id = "11.11.11.11"

[[neighbors.afi-safis]]

[neighbors.afi-safis.config]

afi-safi-name = "l2vpn-evpn"

[[neighbors]]

[neighbors.config]

neighbor-address = "33.33.33.33"

peer-as = 65000

[neighbors.route-reflector.config]

route-reflector-client = true

route-reflector-cluster-id = "11.11.11.11"

[[neighbors.afi-safis]]

[neighbors.afi-safis.config]

afi-safi-name = "l2vpn-evpn"

两台TOR交换机的设置

hostname TOR-SW1

spanning-tree mode mstp

vlan 100

interface Ethernet1

switchport mode trunk

interface Ethernet2

switchport access vlan 100

hostname TOR-SW2

spanning-tree mode mstp

vlan 100

interface Ethernet1

switchport mode trunk

interface Ethernet2

switchport access vlan 100

GOBGP机器的启动(执行test.sh)

root@gobgp:~# cat test.sh

ip add add 11.11.11.11/32 dev lo

ip add add 192.168.1.1/24 dev ens4

ip link set ens4 up;

gobgpd -f /etc/gobgp/gobgpd.conf &

gobgp global rib add 11.11.11.11/32 -a ipv4

ip route add 22.22.22.22/32 via 192.168.1.254

ip route add 33.33.33.33/32 via 192.168.1.254

CUST-Linux1和CUST-Linux2的网卡ip及mac设置

验证

gobgp global rib -a ipv4

gobgp global rib -a evpn

gobgp neighbor x.x.x.x

gobgp参考:

https://github.com/osrg/gobgp/blob/master/docs/sources/cli-command-syntax.md#global

实践EVPN-VXLAN over MPLS L3VPN

推荐阅读更多精彩内容