BGP域内 EVPN方式VXLAN实验（二）

• 组网需求

园区A和园区B规划在相同的BGP AS域（例如BGP AS 100），在园区内部配置BGP EVPN创建分布式网关VXLAN网络，实现同一园区ServerA-1和ServerA-2之间的互通、ServerB-1和ServerB-2之间的互通，通过在VTEP1和VTEP6之间配置BGP EVPN创建VXLAN隧道，实现园区A和园区B之间的互通（例如ServerA-1和ServerB-2之间互通）。

• 实验图

• 配置思路

采用如下思路配置不同网段用户通过VXLAN网关互通： 在园区A内部和园区B内部配置VXLAN隧道，实现园区内部互通

1. 分别在VTEP1、VTEP2、VTEP3、VTEP6、VTEP7、VTEP8上配置路由协议，保证网络三层互通。
2. 分别在Switch4、Switch5、Switch9、Switch10上配置VLAN，管理用户接入的VLAN部署。在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN接入业务部署方式，实现用户接入VXLAN网络。
3. 分别在VTEP2、VTEP3、VTEP7、VTEP8上配置EVPN实例并绑定BD域。
4. 分别在VTEP1、VTEP6上配置VPN实例，在VTEP2、VTEP3、VTEP7、VTEP8上配置VPN实例并绑定VBDIF接口。
5. 分别在VTEP1与VTEP2、VTEP3之间，VTEP6与VTEP7、VTEP8之间的BGP EVPN对等体关系，实现VTEP1与VTEP2、VTEP3之间，VTEP6与VTEP7、VTEP8之间EVPN路由的接收和发布。
6. 配置VTEP1为反射器，指定VTEP2、VTEP3为客户端。配置VTEP6为反射器，指定VTEP7和VTEP8为客户端。实现VTEP2和VTEP3，以及VTEP7和VTEP8之间BGP EVPN对等体的建立和EVPN路由接收和发布。
7. 分别在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN隧道目的端地址。
8. 分别在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN分布式网关。
9. 分别在VTEP1、VTEP6上配置缺省路由，并引入BGP。实现园区A内的用户同园区A外通信时统一由VTEP1负责，园区B内的用户同园区B外通信时统一由VTEP6负责。

• 在园区A、园区B之间配置VXLAN隧道，实现两个园区之间的互通

1. 在VTEP1和VTEP6之间配置BGP EVPN对等体关系，实现VTEP1和VTEP6之间的EVPN路由的接收和发布。
2. 在VTEP1和VTEP6上配置EVPN路由的重生成功能，实现VTEP1和VTEP6将接收到的IP前缀路由重新生成，园区间通过VTEP1和VTEP6之间的VXLAN互通。

• 配置
• vtep1

#

sysname vtep1

#

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 1:100

vpn-target 1:100 export-extcommunity evpn

vpn-target 10:100 export-extcommunity evpn

vpn-target 1:100 import-extcommunity evpn

vpn-target 10:100 import-extcommunity evpn

vxlan vni 100

#

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.1.2 255.255.255.0

#

interface GE1/0/2

undo portswitch

undo shutdown

ip address 192.168.2.1 255.255.255.0

#

interface GE1/0/3

undo portswitch

shutdown

ip address 192.168.6.1 255.255.255.0

#

interface LoopBack1

ip address 10.1.1.1 255.255.255.255

#

interface Nve1

source 10.1.1.1

#

interface NULL0

#

bgp 100

router-id 10.1.1.1

peer 10.2.2.2 as-number 100

peer 10.2.2.2 connect-interface LoopBack1

peer 10.3.3.3 as-number 100

peer 10.3.3.3 connect-interface LoopBack1

peer 10.6.6.6 as-number 100

peer 10.6.6.6 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.2.2.2 enable

peer 10.3.3.3 enable

peer 10.6.6.6 enable

#

ipv4-family vpn-instance vpna

default-route imported

import-route direct

import-route static

advertise l2vpn evpn

#

l2vpn-family evpn

undo policy vpn-target

peer 10.2.2.2 enable

peer 10.2.2.2 advertise irb

peer 10.2.2.2 reflect-client

peer 10.2.2.2 import reoriginate

peer 10.3.3.3 enable

peer 10.3.3.3 advertise irb

peer 10.3.3.3 reflect-client

peer 10.3.3.3 import reoriginate

peer 10.6.6.6 enable

peer 10.6.6.6 advertise route-reoriginated evpn ip

#

ospf 1 router-id 10.1.1.1

area 0.0.0.0

network 10.1.1.1 0.0.0.0

network 192.168.1.0 0.0.0.255

network 192.168.2.0 0.0.0.255

network 192.168.6.0 0.0.0.255

#

ip route-static vpn-instance vpna 0.0.0.0 0.0.0.0 NULL0

#

• vtep2

sysname vtep2

#

device board 17 board-type CE-MPUB

device board 1 board-type CE-LPUE

#

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 2:100

vpn-target 1:100 export-extcommunity evpn

vpn-target 1:100 import-extcommunity evpn

vxlan vni 100

#

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 10:10

vpn-target 1:100 export-extcommunity

vpn-target 1:100 import-extcommunity

arp broadcast-suppress mismatch-discard enable

#

#

interface Vbdif10

ip binding vpn-instance vpna

ip address 192.168.10.1 255.255.255.0

arp distribute-gateway enable

mac-address 0000-2e00-0101

arp collect host enable

#

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.1.1 255.255.255.0

#

interface GE1/0/2

undo shutdown

port link-type trunk

#

interface GE1/0/2.1 mode l2

encapsulation dot1q vid 10

bridge-domain 10

#

interface LoopBack1

ip address 10.2.2.2 255.255.255.255

#

interface Nve1

source 10.2.2.2

vni 10 head-end peer-list protocol bgp

#

interface NULL0

#

bgp 100

router-id 10.2.2.2

peer 10.1.1.1 as-number 100

peer 10.1.1.1 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.1.1.1 enable

#

ipv4-family vpn-instance vpna

import-route direct

advertise l2vpn evpn

#

l2vpn-family evpn

policy vpn-target

peer 10.1.1.1 enable

peer 10.1.1.1 advertise irb

#

ospf 1 router-id 10.2.2.2

area 0.0.0.0

network 10.2.2.2 0.0.0.0

network 192.168.1.0 0.0.0.255

• VTEP3

sysname vtep3

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 3:100

vpn-target 1:100 export-extcommunity evpn

vpn-target 1:100 import-extcommunity evpn

vxlan vni 100

#

bridge-domain 20

vxlan vni 20

evpn

route-distinguisher 20:20

#

interface Vbdif20

ip binding vpn-instance vpna

ip address 192.168.20.1 255.255.255.0

arp distribute-gateway enable

mac-address 0000-2e00-0102

arp collect host enable

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.2.2 255.255.255.0

#

interface GE1/0/2

undo shutdown

port link-type trunk

#

interface GE1/0/2.1 mode l2

encapsulation dot1q vid 20

bridge-domain 20

#

#

interface LoopBack1

ip address 10.3.3.3 255.255.255.255

#

interface Nve1

source 10.3.3.3

vni 20 head-end peer-list protocol bgp

#

bgp 100

router-id 10.3.3.3

peer 10.1.1.1 as-number 100

peer 10.1.1.1 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.1.1.1 enable

#

ipv4-family vpn-instance vpna

import-route direct

advertise l2vpn evpn

#

l2vpn-family evpn

policy vpn-target

peer 10.1.1.1 enable

peer 10.1.1.1 advertise irb

#

ospf 1 router-id 10.3.3.3

area 0.0.0.0

network 10.3.3.3 0.0.0.0

network 192.168.2.0 0.0.0.255

#

• VTEP7

sysname vtep7

#

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 7:100

vpn-target 6:100 export-extcommunity evpn

vpn-target 6:100 import-extcommunity evpn

vxlan vni 100

#

bridge-domain 30

vxlan vni 30

evpn

route-distinguisher 30:30

vpn-target 6:100 export-extcommunity

vpn-target 6:100 import-extcommunity

arp broadcast-suppress mismatch-discard enable

#

interface Vbdif30

ip binding vpn-instance vpna

ip address 192.168.30.1 255.255.255.0

arp distribute-gateway enable

mac-address 0000-2e00-0103

arp collect host enable

#

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.3.1 255.255.255.0

#

interface GE1/0/2

undo shutdown

port link-type trunk

#

interface GE1/0/2.1 mode l2

encapsulation dot1q vid 30

bridge-domain 30

#

#

interface LoopBack1

ip address 10.7.7.7 255.255.255.255

#

interface Nve1

source 10.7.7.7

vni 30 head-end peer-list protocol bgp

#

interface NULL0

#

bgp 100

router-id 10.7.7.7

peer 10.6.6.6 as-number 100

peer 10.6.6.6 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.6.6.6 enable

#

ipv4-family vpn-instance vpna

import-route direct

advertise l2vpn evpn

#

l2vpn-family evpn

policy vpn-target

peer 10.6.6.6 enable

peer 10.6.6.6 advertise irb

#

ospf 1 router-id 10.7.7.7

area 0.0.0.0

network 10.7.7.7 0.0.0.0

network 192.168.3.0 0.0.0.255

#

• VTEP8

#

sysname vtep8

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 8:100

vpn-target 6:100 export-extcommunity evpn

vpn-target 6:100 import-extcommunity evpn

vxlan vni 100

#

bridge-domain 40

vxlan vni 40

evpn

route-distinguisher 40:40

vpn-target 6:100 export-extcommunity

vpn-target 6:100 import-extcommunity

arp broadcast-suppress mismatch-discard enable

#

#

interface Vbdif40

ip binding vpn-instance vpna

ip address 192.168.40.1 255.255.255.0

arp distribute-gateway enable

mac-address 0000-2e00-0104

arp collect host enable

#

interface MEth0/0/0

undo shutdown

#

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.4.2 255.255.255.0

#

interface GE1/0/2

undo shutdown

port link-type trunk

#

interface GE1/0/2.1 mode l2

encapsulation dot1q vid 40

bridge-domain 40

#

#

interface LoopBack1

ip address 10.8.8.8 255.255.255.255

#

interface Nve1

source 10.8.8.8

vni 40 head-end peer-list protocol bgp

#

interface NULL0

#

bgp 100

router-id 10.8.8.8

peer 10.6.6.6 as-number 100

peer 10.6.6.6 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.6.6.6 enable

#

ipv4-family vpn-instance vpna

import-route direct

advertise l2vpn evpn

#

l2vpn-family evpn

policy vpn-target

peer 10.6.6.6 enable

peer 10.6.6.6 advertise irb

#

ospf 1 router-id 10.8.8.8

area 0.0.0.0

network 10.8.8.8 0.0.0.0

network 192.168.4.0 0.0.0.255

#

return

• Switch9的配置文件

sysname Switch9

#

vlan batch 30

#

interface GigabitEthernet1/0/1

port link-type trunk

port trunk allow-pass vlan 30

#

interface GigabitEthernet1/0/2

port link-type access

port default vlan 30

• Switch10的配置文件

sysname Switch10

#

vlan batch 40

#

interface GigabitEthernet1/0/1

port link-type trunk

port trunk allow-pass vlan 40

#

interface GigabitEthernet1/0/2

port link-type access

port default vlan 40

验证园区内通过VXLAN互通的配置结果。

上述配置成功后，在VTEP2、VTEP3、VTEP7、VTEP8上执行命令display vxlan tunnel可查看到VXLAN隧道的信息。

• 执行命令display vxlan tunnel可查看到VXLAN隧道的信息