- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
72-EVPN综合组网典型配置举例
本章节下载: 72-EVPN综合组网典型配置举例 (275.04 KB)
H3C S6860产品EVPN综合组网典型配置举例
Copyright © 2018 新华三技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。
除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。
本文档中的信息可能变动,恕不另行通知。
本文档介绍MDC(Multitenant Device Context,多租户设备环境)和EVPN(Ethernet Virtual Private Network,以太网虚拟专用网络)结合使用的典型配置举例。
· MDC是一种虚拟化技术,将一台物理设备或IRF虚拟成多台逻辑设备,每台逻辑设备称为一台MDC。
· EVPN是一种二层VPN技术,控制平面采用MP-BGP通告EVPN路由信息,数据平面采用VXLAN封装方式转发报文。
通过MDC和EVPN结合部署的方式,可以实现在传统网络的基础上快速部署EVPN业务,满足业务扩展的需要,同时实现传统业务和EVPN业务的隔离,降低网络管理成本。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解MDC和EVPN特性。
EVPN网关从AC接收到报文后,如果EVPN网关对报文进行三层转发,则不管报文接收接口上是否配置qos trust dscp命令,设备都信任IP报文自带的DSCP优先级,以此优先级进行优先级映射;如果对报文进行二层转发,则只有在报文接收接口上配置了qos trust dscp命令,设备才会信任IP报文自带的DSCP优先级。
EVPN网关组网中,在VTEP和EVPN网关的三层接口(除VSI虚接口外)上无法通过策略路由匹配VXLAN报文的外层源和目的IP地址。如需匹配VXLAN报文的外层源和目的IP地址,请在VSI虚接口上应用策略路由。
同一个EVPN网关上建议配置相同的VSI虚接口的MAC地址,避免流量转发不通。
配置Border设备时,需要注意:
· Border设备上不能通过mac-address命令配置三层以太网接口、三层以太网子接口、三层聚合接口和三层聚合子接口的MAC地址。
· 如果在三层以太网接口、三层聚合接口上配置通过ACL匹配报文,则该ACL会同时匹配该接口及其子接口上的报文。
· 如果在三层以太网接口上应用了QoS策略,且该策略的流分类中未定义匹配内外层VLAN ID的规则,则该策略会同时应用于该接口及其子接口。
· 如果在三层以太网接口、三层聚合接口上应用了策略路由,则该策略会同时应用于该接口及其子接口。
· 如果在三层以太网接口上配置了广播风暴抑制、组播风暴抑制或未知单播风暴抑制,则该配置会同时应用于该接口及其子接口。
· 在三层以太网接口之外的其它接口上应用QoS策略时,如果流分类中包含了匹配内外层VLAN ID的规则时,则该规则无法匹配需要进行三层转发且不携带该VLAN tag的报文。
· Border设备上不能通过arp mode uni命令配置接口为用户侧接口。
在分布式EVPN网关设备上,如果开启了ARP泛洪抑制功能,并在VSI虚接口上开启了本地代理ARP功能,则只有本地代理ARP功能生效。建议不要在分布式EVPN网关设备上同时开启这两个功能。
某公司现有网络为IP网络,通过IP网络为用户提供IPTV和OTT业务。由于业务扩展需求,该公司需要在现有网络设备的基础上部署EVPN网络。为了减少投资,该公司采用MDC和EVPN结合使用的方式快速部署EVPN网络。具体需求为:
· Switch A和Switch B分别虚拟为两台独立的设备(SWA-MDC1、SWA-MDC2和SWB-MDC1、SWB-MDC2)。SWA-MDC2、SWB-MDC2作为EVPN网络的RR,反射BGP路由;SWA-MDC1、SWB-MDC1分别作为IPTV平台和OTT平台的网关。
· Switch C和Switch D为分布式EVPN网关设备。
· Switch E是与广域网连接的边界网关设备。
· Sever 1和Sever 3属于VXLAN10,Sever 2和Sever 4属于VXLAN20。相同VXLAN之间可以二层互通;不同VXLAN之间通过分布式EVPN网关实现三层互通;VXLAN与广域网之间通过边界网关实现三层互通。
· IPTV平台作为接收者通过Switch F接收组播源Source发出的组播信息,SWA-MDC1、SWA-MDC2、SWB-MDC2、Switch D和Switch E启用PIM协议建立组播分发树。SWA-MDC1作为IPTV平台的业务网关实现IPTV平台与外界网络互通。
· OTT平台承载传统业务,SWB-MDC1作为OTT平台的业务网关实现OTT平台与外界网络互通。
本典型配置举例中,Switch A和Switch B使用S12500X-AF系列交换机,Switch C、Switch D和Switch E使用S6860系列交换机。
图1 MDC和EVPN结合使用组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
SWA-MDC1 |
Loopback0 |
6.6.6.6/32 |
Switch D |
Loopback0 |
4.4.4.4/32 |
|
|
Vlan-int10 |
17.1.1.6/24 |
|
Vlan-int10 |
14.1.1.4/24 |
|
|
Vlan-int20 |
18.1.1.6/24 |
|
Vlan-int20 |
13.1.1.4/24 |
|
SWA-MDC2 |
Loopback0 |
1.1.1.1/32 |
|
Vlan-int30 |
21.1.1.4/24 |
|
|
Vlan-int10 |
11.1.1.1/24 |
Switch E |
Loopback0 |
5.5.5.5/32 |
|
|
Vlan-int20 |
13.1.1.1/24 |
|
Vlan-int10 |
22.1.1.5/24 |
|
|
Vlan-int30 |
15.1.1.1/24 |
|
Vlan-int20 |
18.1.1.5/24 |
|
SWB-MDC1 |
Loopback0 |
7.7.7.7/32 |
|
Vlan-int30 |
15.1.1.5/24 |
|
|
Vlan-int10 |
19.1.1.7/24 |
|
Vlan-int40 |
16.1.1.5/24 |
|
|
Vlan-int50 |
20.1.1.7/24 |
|
Vlan-int50 |
19.1.1.5/24 |
|
SWB-MDC2 |
Loopback0 |
2.2.2.2/32 |
Switch F |
Loopback0 |
9.9.9.9/32 |
|
|
Vlan-int10 |
14.1.1.2/24 |
|
Vlan-int10 |
17.1.1.9/24 |
|
|
Vlan-int20 |
12.1.1.2/24 |
|
Vlan-int20 |
10.1.4.1/24 |
|
|
Vlan-int40 |
16.1.1.2/24 |
|
|
|
|
Switch C |
Loopback0 |
3.3.3.3/32 |
|
|
|
|
|
Vlan-int10 |
11.1.1.3/24 |
|
|
|
|
|
Vlan-int20 |
12.1.1.3/24 |
|
|
|
· 在Switch A和Switch B上配置MDC将设备分别虚拟成SWA-MDC1、SWA-MDC2和SWB-MDC1、SWB-MDC2。
· 在SWA-MDC1、SWA-MDC2、SWB-MDC1、SWB-MDC2、Switch C、Switch D和Switch E上配置路由协议,使各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。
· 将Switch C和Switch D配置为分布式EVPN网关,通过VXLAN隧道实现互通。
· 在Switch C和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。
· 在SWA-MDC1、SWA-MDC2、SWB-MDC2、Switch D和Switch E启用PIM协议建立组播树。
· 将SWA-MDC1和SWB-MDC1分别配置成IPTV平台和OTT平台的网关,使IPTV平台和OTT平台可以访问外界网络。
本举例是在S6860-CMW710-R2612和S12500X-CMW710-R2710版本上进行配置和验证的。
为MDC分配物理接口、设置MDC的CPU权重、为MDC分配内存空间可以在启动MDC前配置也可以在启动MDC后配置。建议先做好规划,在启动MDC前配置。
· 请确保不同用户对同一个接口的操作时序,在一个用户分配或删除接口时及时通知其他用户,让其停止配置该接口,否则可能导致接口达不到用户预期的配置效果。
· 业务板上的接口是按组划分的。为MDC分配接口或将接口从MDC中删除时,需要按组分配或删除,而不能只分配或删除这组接口中的部分接口。接口的分组情况与业务板的型号有关,请以设备的提示信息为准。一个物理接口只能属于一台MDC。
· 接口只能从缺省MDC分配到非缺省MDC。如果待分配接口已被分配给非缺省MDC,则需要先将接口从该MDC中删除。
· 同一业务板上的接口可以按组分配给不同的MDC,此时,需要将该业务板也分配给这些MDC。
· 将物理接口分给MDC前,需要先执行undo location命令取消所有MDC对接口所属业务板的使用权限。将物理接口分给MDC后,需要执行location命令将该业务板分配给该MDC。
分布式EVPN网关连接IPv4站点网络时,所有网关上都需要为相同VSI虚接口配置相同的MAC地址。
EVPN网关在对报文进行三层转发时,以太网服务实例的报文匹配规则存在以下限制:
· 如果以太网服务实例上配置的报文匹配规则为encapsulation untagged,则必须使用Ethernet接入模式;否则,必须使用VLAN接入模式。
· 以太网服务实例的报文匹配规则不能配置为同时匹配内层和外层VLAN tag。
# 在Switch A上创建SWA-MDC1。
<SwitchA> system-view
[SwitchA] mdc SWA-MDC1
It will take some time to create MDC...
MDC created successfully.
[SwitchA-mdc-2-SWA-MDC1] quit
# 取消缺省MDC对1号和2号业务板的使用权。
[SwitchA] mdc Admin
[SwitchA-mdc-1-Admin] undo location slot 1
The configuration associated with the specified slot of MDC will be lost. Continue? [Y/N]:y
[SwitchA-mdc-1-Admin] undo location slot 2
The configuration associated with the specified slot of MDC will be lost. Continue? [Y/N]:y
[SwitchA-mdc-1-Admin] quit
# 为SWA-MDC1分配接口Ten-GigabitEthernet1/0/1~Ten-GigabitEthernet1/0/24。
[SwitchA] mdc SWA-MDC1
[SwitchA-mdc-2-SWA-MDC1] allocate interface ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/24
Configuration of the interfaces will be lost. Continue? [Y/N]:y
Execute the location slot command in this view to make the configuration take effect.
# 将1号业务板的使用权限分配给SWA-MDC1。
[SwitchA-mdc-2-SWA-MDC1] location slot 1
# 启动SWA-MDC1。
[SwitchA-mdc-2-SWA-MDC1] mdc start
It will take some time to start MDC...
MDC started successfully.
[SwitchA-mdc-2-SWA-MDC1] quit
# 在Switch A上创建SWA-MDC2。
[SwitchA] mdc SWA-MDC2
It will take some time to create MDC...
MDC created successfully.
# 为SWA-MDC2分配接口Ten-GigabitEthernet2/0/1~Ten-GigabitEthernet2/0/24。
[SwitchA-mdc-3-SWA-MDC2] allocate interface ten-gigabitethernet 2/0/1 to ten-gigabitethernet 2/0/24
Configuration of the interfaces will be lost. Continue? [Y/N]:y
Execute the location slot command in this view to make the configuration take effect.
# 将2号业务板的使用权限分配给SWA-MDC2。
[SwitchA-mdc-3-SWA-MDC2] location slot 2
# 启动SWA-MDC2。
[SwitchA-mdc-3-SWA-MDC2] mdc start
It will take some time to start MDC...
MDC started successfully.
[SwitchA-mdc-3-SWA-MDC2] quit
# 在Switch B上创建SWB-MDC1。
<SwitchB> system-view
[SwitchB] mdc SWB-MDC1
It will take some time to create MDC...
MDC created successfully.
[SwitchB-mdc-2-SWB-MDC1] quit
# 取消缺省MDC对1号和2号业务板的使用权。
[SwitchB] mdc Admin
[SwitchB-mdc-1-Admin] undo location slot 1
The configuration associated with the specified slot of MDC will be lost. Continue? [Y/N]:y
[SwitchB-mdc-1-Admin] undo location slot 2
The configuration associated with the specified slot of MDC will be lost. Continue? [Y/N]:y
[SwitchB-mdc-1-Admin] quit
# 为SWB-MDC1分配接口Ten-GigabitEthernet1/0/1~Ten-GigabitEthernet1/0/24。
[SwitchB] mdc SWA-MDC1
[SwitchB-mdc-2-SWB-MDC1] allocate interface ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/24
Configuration of the interfaces will be lost. Continue? [Y/N]:y
Execute the location slot command in this view to make the configuration take effect.
# 将1号业务板的使用权限分配给SWB-MDC1。
[SwitchB-mdc-2-SWB-MDC1] location slot 1
# 启动SWB-MDC1。
[SwitchB-mdc-2-SWB-MDC1] mdc start
It will take some time to start MDC...
MDC started successfully.
[SwitchB-mdc-2-SWB-MDC1] quit
# 在Switch B上创建SWB-MDC2。
[SwitchB] mdc SWB-MDC2
It will take some time to create MDC...
MDC created successfully.
# 为SWB-MDC2分配接口Ten-GigabitEthernet2/0/1~Ten-GigabitEthernet2/0/24。
[SwitchB-mdc-3-SWB-MDC2] allocate interface ten-gigabitethernet 2/0/1 to ten-gigabitethernet 2/0/24
Configuration of the interfaces will be lost. Continue? [Y/N]:y
Execute the location slot command in this view to make the configuration take effect.
# 将2号业务板的使用权限分配给SWB-MDC2。
[SwitchB-mdc-3-SWB-MDC2] location slot 2
# 启动SWB-MDC2。
[SwitchB-mdc-3-SWB-MDC2] mdc start
It will take some time to start MDC...
MDC started successfully.
[SwitchB-mdc-3-SWB-MDC2] quit
# 在SWA-MDC1上配置接口的IP地址。
[SwitchA] switchto mdc SWA-MDC1
******************************************************************************
* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
Automatic configuration is running, press CTRL_D to break or press CTRL_B to
switch back to the default MDC.
<SWA-MDC1> system-view
[SWA-MDC1] interface loopback 0
[SWA-MDC1-Loopback0] ip address 6.6.6.6 32
[SWA-MDC1-Loopback0] quit
[SWA-MDC1] vlan 10
[SWA-MDC1-vlan10] port ten-gigabitethernet 1/0/1
[SWA-MDC1-vlan10] quit
[SWA-MDC1] interface vlan-interface 10
[SWA-MDC1-Vlan-interface10] ip address 17.1.1.6 24
[SWA-MDC1-Vlan-interface10] quit
[SWA-MDC1] vlan 20
[SWA-MDC1-vlan20] port ten-gigabitethernet 1/0/2
[SWA-MDC1-vlan20] quit
[SWA-MDC1] interface vlan-interface 20
[SWA-MDC1-Vlan-interface20] ip address 18.1.1.6 24
[SWA-MDC1-Vlan-interface20] quit
# 请参考以上方法登录其它MDC并配置其上的接口IP地址,配置步骤此处省略。
# 为各交换机设备配置接口IP地址。
[SwitchC] interface loopback 0
[SwitchC-Loopback0] ip address 3.3.3.3 32
[SwitchC-Loopback0] quit
[SwitchC] vlan 10
[SwitchC-vlan10] port ten-gigabitethernet 1/0/3
[SwitchC-vlan10] quit
[SwitchC] interface vlan-interface 10
[SwitchC-Vlan-interface10] ip address 11.1.1.3 24
[SwitchC-Vlan-interface10] quit
[SwitchC] vlan 20
[SwitchC-vlan20] port ten-gigabitethernet 1/0/4
[SwitchC-vlan20] quit
[SwitchC] interface vlan-interface 20
[SwitchC-Vlan-interface20] ip address 12.1.1.3 24
[SwitchC-Vlan-interface20] quit
# 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。
# 在SWA-MDC1上配置OSPF发布接口所在网段的路由。
[SWA-MDC1] ospf 100 router-id 6.6.6.6
[SWA-MDC1-ospf-100] area 0
[SWA-MDC1-ospf-100-area-0.0.0.0] network 6.6.6.6 0.0.0.0
[SWA-MDC1-ospf-100-area-0.0.0.0] network 17.1.1.0 0.0.0.255
[SWA-MDC1-ospf-100-area-0.0.0.0] network 18.1.1.0 0.0.0.255
[SWA-MDC1-ospf-100-area-0.0.0.0] quit
[SWA-MDC1-ospf-100] quit
# 在SWA-MDC2上配置OSPF发布接口所在网段的路由。
[SWA-MDC2] ospf 100 router-id 1.1.1.1
[SWA-MDC2-ospf-100] area 0
[SWA-MDC2-ospf-100-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SWA-MDC2-ospf-100-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SWA-MDC2-ospf-100-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SWA-MDC2-ospf-100-area-0.0.0.0] network 15.1.1.0 0.0.0.255
[SWA-MDC2-ospf-100-area-0.0.0.0] quit
[SWA-MDC2-ospf-100] quit
# 在SWB-MDC1上配置OSPF发布接口所在网段的路由。
[SWB-MDC1] ospf 100 router-id 7.7.7.7
[SWB-MDC1-ospf-100] area 0
[SWB-MDC1-ospf-100-area-0.0.0.0] network 7.7.7.7 0.0.0.0
[SWB-MDC1-ospf-100-area-0.0.0.0] network 19.1.1.0 0.0.0.255
[SWB-MDC1-ospf-100-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SWB-MDC1-ospf-100-area-0.0.0.0] quit
[SWB-MDC1-ospf-100] quit
# 在SWB-MDC2上配置OSPF发布接口所在网段的路由。
[SWB-MDC2] ospf 100 router-id 2.2.2.2
[SWB-MDC2-ospf-100] area 0
[SWB-MDC2-ospf-100-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SWB-MDC2-ospf-100-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SWB-MDC2-ospf-100-area-0.0.0.0] network 14.1.1.0 0.0.0.255
[SWB-MDC2-ospf-100-area-0.0.0.0] network 16.1.1.0 0.0.0.255
[SWB-MDC2-ospf-100-area-0.0.0.0] quit
[SWB-MDC2-ospf-100] quit
# 在Switch C上配置OSPF发布接口所在网段的路由。
[SwitchC] ospf 100 router-id 3.3.3.3
[SwitchC-ospf-100] area 0
[SwitchC-ospf-100-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-100-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchC-ospf-100-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchC-ospf-100-area-0.0.0.0] quit
[SwitchC-ospf-100] quit
# 在Switch D上配置OSPF发布接口所在网段的路由。
[SwitchD] ospf 100 router-id 4.4.4.4
[SwitchD-ospf-100] area 0
[SwitchD-ospf-100-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-100-area-0.0.0.0] network 13.1.3.0 0.0.0.255
[SwitchD-ospf-100-area-0.0.0.0] network 14.1.1.0 0.0.0.255
[SwitchD-ospf-100-area-0.0.0.0] network 21.1.1.0 0.0.0.255
[SwitchD-ospf-100-area-0.0.0.0] quit
[SwitchD-ospf-100] quit
# 在Switch E上配置OSPF发布接口所在网段的路由。
[SwitchE] ospf 100 router-id 5.5.5.5
[SwitchE-ospf-100] area 0
[SwitchE-ospf-100-area-0.0.0.0] network 5.5.5.5 0.0.0.0
[SwitchE-ospf-100-area-0.0.0.0] network 15.1.1.0 0.0.0.255
[SwitchE-ospf-100-area-0.0.0.0] network 16.1.1.0 0.0.0.255
[SwitchE-ospf-100-area-0.0.0.0] network 18.1.1.0 0.0.0.255
[SwitchE-ospf-100-area-0.0.0.0] network 19.1.1.0 0.0.0.255
[SwitchE-ospf-100-area-0.0.0.0] quit
[SwitchE-ospf-100] quit
# 在Swich F上配置OSPF发布接口所在网段的路由。
[SwitchF] ospf 100 router-id 9.9.9.9
[SwitchF-ospf-100] area 0
[SwitchF-ospf-100-area-0.0.0.0] network 9.9.9.9 0.0.0.0
[SwitchF-ospf-100-area-0.0.0.0] network 17.1.1.0 0.0.0.255
[SwitchF-ospf-100-area-0.0.0.0] quit
[SwitchF-ospf-100] quit
(1) 配置Switch D
# 使能IP组播路由,并在Vlan-interface10、Vlan-interface20、Vlan-interface30接口下使能PIM-SM。
[SwitchD] multicast routing
[SwitchD-mrib] quit
[SwitchD] interface vlan-interface 10
[SwitchD-Vlan-interface10] pim sm
[SwitchD-Vlan-interface10] quit
[SwitchD] interface vlan-interface 20
[SwitchD-Vlan-interface20] pim sm
[SwitchD-Vlan-interface20] quit
[SwitchD] interface vlan-interface 30
[SwitchD-Vlan-interface30] pim sm
[SwitchD-Vlan-interface30] quit
# 配置SWB-MDC2的Loopback0接口为静态RP。
[SwitchD] pim
[SwitchD-pim] static-rp 2.2.2.2
[SwitchD-pim] quit
(2) 配置SWA-MDC2
# 使能IP组播路由,并在Vlan-interface20、Vlan-interface30接口下使能PIM-SM。
<SWA-MDC2> system-view
[SWA-MDC2] multicast routing
[SWA-MDC2-mrib] quit
[SWA-MDC2] interface vlan-interface 20
[SWA-MDC2-Vlan-interface20] pim sm
[SWA-MDC2-Vlan-interface20] quit
[SWA-MDC2] interface vlan-interface 30
[SWA-MDC2-Vlan-interface30] pim sm
[SWA-MDC2-Vlan-interface30] quit
# 将SWA-MDC2的Loopback0接口地址配置为C-BSR和C-RP,并配置SWB-MDC2的Loopback0接口为静态RP。。
[SWA-MDC2] pim
[SWA-MDC2-pim] c-bsr 1.1.1.1
[SWA-MDC2-pim] c-rp 1.1.1.1
[SWA-MDC2-pim] static-rp 2.2.2.2
[SWA-MDC2-pim] quit
(3) 配置SWB-MDC2
# 使能IP组播路由,并在Vlan-interface10、Vlan-interface40接口下使能PIM-SM。
<SWB-MDC2> system-view
[SWB-MDC2] multicast routing
[SWB-MDC2-mrib] quit
[SWB-MDC2] interface vlan-interface 10
[SWB-MDC2-Vlan-interface10] pim sm
[SWB-MDC2-Vlan-interface10] quit
[SWB-MDC2] interface vlan-interface 40
[SWB-MDC2-Vlan-interface40] pim sm
[SWB-MDC2-Vlan-interface40] quit
# 配置SWB-MDC2的Loopback0接口为静态RP。
[SWB-MDC2] pim
[SWB-MDC2-pim] static-rp 2.2.2.2
[SWB-MDC2-pim] quit
(4) 配置Switch E
# 使能IP组播路由,并在Vlan-interface20、Vlan-interface30、Vlan-interface40接口下使能PIM-SM。
[SwitchE] multicast routing
[SwitchE-mrib] quit
[SwitchE] interface vlan-interface 20
[SwitchE-Vlan-interface20] pim sm
[SwitchE-Vlan-interface20] quit
[SwitchE] interface vlan-interface 30
[SwitchE-Vlan-interface30] pim sm
[SwitchE-Vlan-interface30] quit
[SwitchE] interface vlan-interface 40
[SwitchE-Vlan-interface40] pim sm
[SwitchE-Vlan-interface40] quit
# 配置SWB-MDC2的Loopback0接口为静态RP。
[SwitchE] pim
[SwitchE-pim] static-rp 2.2.2.2
[SwitchE-pim] quit
(5) 配置SWA-MDC1
# 使能IP组播路由,并在Vlan-interface10、Vlan-interface20接口下使能PIM-SM。
<SWA-MDC1> system-view
[SWA-MDC1] multicast routing
[SWA-MDC1-mrib] quit
[SWA-MDC1] interface vlan-interface 10
[SWA-MDC1-Vlan-interface10] pim sm
[SWA-MDC1-Vlan-interface10] quit
[SWA-MDC1] interface vlan-interface 20
[SWA-MDC1-Vlan-interface20] pim sm
[SWA-MDC1-Vlan-interface20] quit
# 配置SWB-MDC2的Loopback0接口为静态RP。
[SWA-MDC1] pim
[SWA-MDC1-pim] static-rp 2.2.2.2
[SWA-MDC1-pim] quit
(6) 配置Switch F
# 使能IP组播路由,在主机侧接口Vlan-int20下使能IGMP,在Vlan-int10下使能PIM-SM。
[SwitchF] multicast routing
[SwitchF-mrib] quit
[SwitchF] interface vlan-interface 10
[SwitchF-Vlan-interface10] pim sm
[SwitchF-Vlan-interface10] quit
[SwitchF] interface vlan-interface 20
[SwitchF-Vlan-interface20] igmp enable
[SwitchF-Vlan-interface20] quit
# 配置SWB-MDC2的Loopback0接口为静态RP。
[SwitchF] pim
[SwitchF-pim] static-rp 2.2.2.2
[SwitchF-pim] quit
(1) 配置Switch C
# 开启L2VPN功能。
[SwitchC] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchC] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] evpn encapsulation vxlan
[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan-10] quit
[SwitchC-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] evpn encapsulation vxlan
[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan-20] quit
[SwitchC-vsi-vpnb] quit
(2) 配置Switch D
# 开启L2VPN功能。
[SwitchD] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchD] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchD] vxlan tunnel mac-learning disable
[SwitchD] vxlan tunnel arp-learning disable
# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] evpn encapsulation vxlan
[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpna-evpn-vxlan] quit
# 创建VXLAN 10。
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan-10] quit
[SwitchD-vsi-vpna] quit
# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] evpn encapsulation vxlan
[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchD-vsi-vpnb-evpn-vxlan] quit
# 创建VXLAN 20。
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan-20] quit
[SwitchD-vsi-vpnb] quit
(1) 配置Switch C
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 10(Sever 1)的数据帧,将该服务实例与vpna(VXLAN 10)关联。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例1000,该实例用来匹配VLAN 11(Sever 2)的数据帧,将该服务实例与vpnb(VXLAN 20)关联。
[SwitchC] interface ten-gigabitethernet 1/0/2
[SwitchC-Ten-GigabitEthernet1/0/2] service-instance 1000
[SwitchC-Ten-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 11
[SwitchC-Ten-GigabitEthernet1/0/2-srv1000] xconnect vsi vpnb
[SwitchC-Ten-GigabitEthernet1/0/2-srv1000] quit
[SwitchC-Ten-GigabitEthernet1/0/2] quit
(2) 配置Switch D
# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 12(Sever 3)的数据帧,将该服务实例与vpna(VXLAN 10)关联。
[SwitchD] interface ten-gigabitethernet 1/0/1
[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 12
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchD-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例1000,该实例用来匹配VLAN 13(Sever 4)的数据帧,将该服务实例与vpnb(VXLAN 20)关联。
[SwitchD] interface ten-gigabitethernet 1/0/2
[SwitchD-Ten-GigabitEthernet1/0/2] service-instance 1000
[SwitchD-Ten-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 13
[SwitchD-Ten-GigabitEthernet1/0/2-srv1000] xconnect vsi vpnb
[SwitchD-Ten-GigabitEthernet1/0/2-srv1000] quit
[SwitchD-Ten-GigabitEthernet1/0/2] quit
(1) 配置SWA-MDC2
# 配置SWA-MDC2与其它设备建立BGP连接。
<SWA-MDC2> system-view
[SWA-MDC2] bgp 100
[SWA-MDC2-bgp-default] group evpn
[SWA-MDC2-bgp-default] peer 3.3.3.3 group evpn
[SWA-MDC2-bgp-default] peer 4.4.4.4 group evpn
[SWA-MDC2-bgp-default] peer 5.5.5.5 group evpn
[SWA-MDC2-bgp-default] peer evpn as-number 100
[SWA-MDC2-bgp-default] peer evpn connect-interface loopback 0
[SWA-MDC2-bgp-default] peer 2.2.2.2 as-number 100
[SWA-MDC2-bgp-default] peer 2.2.2.2 connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SWA-MDC2-bgp-default] address-family l2vpn evpn
[SWA-MDC2-bgp-default-evpn] peer evpn enable
[SWA-MDC2-bgp-default-evpn] peer 2.2.2.2 enable
[SWA-MDC2-bgp-default-evpn] undo policy vpn-target
# 配置SWA-MDC2作为路由反射器。
[SWA-MDC2-bgp-default-evpn] reflector cluster-id 8.8.8.8
[SWA-MDC2-bgp-default-evpn] peer evpn reflect-client
[SWA-MDC2-bgp-default-evpn] quit
[SWA-MDC2-bgp-default] quit
(2) 配置SWB-MDC2
# 配置SWB-MDC2与其它设备建立BGP连接。
<SWB-MDC2> system-view
[SWB-MDC2] bgp 100
[SWB-MDC2-bgp-default] group evpn
[SWB-MDC2-bgp-default] peer 3.3.3.3 group evpn
[SWB-MDC2-bgp-default] peer 4.4.4.4 group evpn
[SWB-MDC2-bgp-default] peer 5.5.5.5 group evpn
[SWB-MDC2-bgp-default] peer evpn as-number 100
[SWB-MDC2-bgp-default] peer evpn connect-interface loopback 0
[SWB-MDC2-bgp-default] peer 1.1.1.1 as-number 100
[SWB-MDC2-bgp-default] peer 1.1.1.1 connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SWB-MDC2-bgp-default] address-family l2vpn evpn
[SWB-MDC2-bgp-default-evpn] peer evpn enable
[SWB-MDC2-bgp-default-evpn] peer 1.1.1.1 enable
[SWB-MDC2-bgp-default-evpn] undo policy vpn-target
# 配置SWB-MDC2作为路由反射器。
[SWB-MDC2-bgp-default-evpn] reflector cluster-id 8.8.8.8
[SWB-MDC2-bgp-default-evpn] peer evpn reflect-client
[SWB-MDC2-bgp-default-evpn] quit
[SWB-MDC2-bgp-default] quit
(3) 配置Switch C
# 配置SwitchC与其它设备建立BGP连接。
[SwitchC] bgp 100
[SwitchC-bgp-default] peer 1.1.1.1 as-number 100
[SwitchC-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchC-bgp-default] peer 2.2.2.2 as-number 100
[SwitchC-bgp-default] peer 2.2.2.2 connect-interface loopback 0
# 配置BGP发布EVPN路由。
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchC-bgp-default-evpn] peer 2.2.2.2 enable
(4) 配置Switch D
# 配置SwitchD与其它设备建立BGP连接。
[SwitchD] bgp 100
[SwitchD-bgp-default] peer 1.1.1.1 as-number 100
[SwitchD-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchD-bgp-default] peer 2.2.2.2 as-number 100
[SwitchD-bgp-default] peer 2.2.2.2 connect-interface loopback 0
# 配置BGP发布EVPN路由。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchD-bgp-default-evpn] peer 2.2.2.2 enable
(5) 配置Switch E
# 配置SwitchE与其它设备建立BGP连接。
[SwitchE] bgp 100
[SwitchE-bgp-default] peer 1.1.1.1 as-number 100
[SwitchE-bgp-default] peer 1.1.1.1 connect-interface loopback 0
[SwitchE-bgp-default] peer 2.2.2.2 as-number 100
[SwitchE-bgp-default] peer 2.2.2.2 connect-interface loopback 0
# 配置BGP发布EVPN路由。
[SwitchE-bgp-default] address-family l2vpn evpn
[SwitchE-bgp-default-evpn] peer 1.1.1.1 enable
[SwitchE-bgp-default-evpn] peer 2.2.2.2 enable
(1) 配置Swich C
# 配置L3VNI的RD和RT。
[SwitchC] ip vpn-instance vpna
[SwitchC-vpn-instance-vpna] route-distinguisher 1:1
[SwitchC-vpn-instance-vpna] address-family ipv4
[SwitchC-vpn-ipv4-vpna] vpn-target 2:2
[SwitchC-vpn-ipv4-vpna] quit
[SwitchC-vpn-instance-vpna] address-family evpn
[SwitchC-vpn-evpn-vpna] vpn-target 1:1
[SwitchC-vpn-evpn-vpna] quit
[SwitchC-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip binding vpn-instance vpna
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip binding vpn-instance vpna
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] mac-address 2-2-2
[SwitchC-Vsi-interface2] distributed-gateway local
[SwitchC-Vsi-interface2] local-proxy-arp enable
[SwitchC-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] ip binding vpn-instance vpna
[SwitchC-Vsi-interface3] l3-vni 1000
[SwitchC-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
(2) 配置Swich D
# 配置L3VNI的RD和RT。
[SwitchD] ip vpn-instance vpna
[SwitchD-vpn-instance-vpna] route-distinguisher 1:1
[SwitchD-vpn-instance-vpna] address-family ipv4
[SwitchD-vpn-ipv4-vpna] vpn-target 2:2
[SwitchD-vpn-ipv4-vpna] quit
[SwitchD-vpn-instance-vpna] address-family evpn
[SwitchD-vpn-evpn-vpna] vpn-target 1:1
[SwitchD-vpn-evpn-vpna] quit
[SwitchD-vpn-instance-vpna] quit
# 配置VSI虚接口VSI-interface1。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip binding vpn-instance vpna
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] distributed-gateway local
[SwitchD-Vsi-interface1] local-proxy-arp enable
[SwitchD-Vsi-interface1] quit
# 配置VSI虚接口VSI-interface2。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip binding vpn-instance vpna
[SwitchD-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchD-Vsi-interface2] mac-address 2-2-2
[SwitchD-Vsi-interface2] distributed-gateway local
[SwitchD-Vsi-interface2] local-proxy-arp enable
[SwitchD-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchD] interface vsi-interface 3
[SwitchD-Vsi-interface3] ip binding vpn-instance vpna
[SwitchD-Vsi-interface3] l3-vni 1000
[SwitchD-Vsi-interface3] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] gateway vsi-interface 2
[SwitchD-vsi-vpnb] quit
# 开启L2VPN能力。
<SwitchE> system-view
[SwitchE] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchE] hardware-resource vxlan border24k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchE] vxlan tunnel mac-learning disable
[SwitchE] vxlan tunnel arp-learning disable
# 配置L3VNI的RD和RT。
[SwitchE] ip vpn-instance vpna
[SwitchE-vpn-instance-vpna] route-distinguisher 1:1
[SwitchE-vpn-instance-vpna] address-family ipv4
[SwitchE-vpn-ipv4-vpna] vpn-target 2:2
[SwitchE-vpn-ipv4-vpna] quit
[SwitchE-vpn-instance-vpna] address-family evpn
[SwitchE-vpn-evpn-vpna] vpn-target 1:1
[SwitchE-vpn-evpn-vpna] quit
[SwitchE-vpn-instance-vpna] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchE] interface vsi-interface 3
[SwitchE-Vsi-interface3] ip binding vpn-instance vpna
[SwitchE-Vsi-interface3] l3-vni 1000
[SwitchE-Vsi-interface3] quit
# 配置缺省路由,下一跳为广域网中某台设备的IP地址22.1.1.100。
[SwitchE] ip route-static vpn-instance vpna 0.0.0.0 0 22.1.1.100
# 将缺省路由引入到VPN实例vpna的BGP IPv4单播路由表中。
[SwitchE] bgp 100
[SwitchE-bgp-default] ip vpn-instance vpna
[SwitchE-bgp-default-vpna] address-family ipv4 unicast
[SwitchE-bgp-default-ipv4-vpna] default-route imported
[SwitchE-bgp-default-ipv4-vpna] import-route static
[SwitchE-bgp-default-ipv4-vpna] quit
[SwitchE-bgp-default-vpna] quit
[SwitchE-bgp-default] quit
# 配置连接广域网的接口Vlan-interface10与VPN实例vpna关联。
[SwitchE] interface vlan-interface 10
[SwitchE-Vlan-interface20] ip binding vpn-instance vpna
[SwitchE-Vlan-interface20] ip address 22.1.1.5 24
[SwitchE-Vlan-interface20] quit
# 以Switch A为例,查看MDC是否存在并且运转正常。此时,Switch A上应该有两台处于正常工作active状态的MDC。
[SwitchA] display mdc
ID Name Status
1 Admin active
2 SWA-MDC1 active
3 SWA-MDC2 active
# 登录SWA-MDC2。
[SwitchA] switchto mdc SWA-MDC2
******************************************************************************
* Copyright (c) 2004-2018 New H3C Technologies Co., Ltd. All rights reserved.*
* Without the owner's prior written consent, *
* no decompiling or reverse-engineering shall be allowed. *
******************************************************************************
<SWA-MDC2>%Mar 2 10:43:04:214 2018 SWA-MDC2 SHELL/5/SHELL_LOGIN: -MDC=3; Console logged in from con0.
# 通过命令display interface brief查看为SWA-MDC2分配的接口。
<SWA-MDC2> display interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
InLoop0 UP UP(s) --
Loop0 UP UP(s) 1.1.1.1
MGE0/0/0 DOWN DOWN --
NULL0 UP UP(s) --
REG0 UP -- --
Vlan10 UP UP 11.1.1.1
Vlan20 UP UP 13.1.1.1
Vlan30 UP UP 15.1.1.1
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
XGE2/0/1 UP 1G(a) F A 30
XGE2/0/2 ADM auto F A 1
XGE2/0/3 UP 1G(a) F A 10
XGE2/0/4 UP 1G(a) F A 20
XGE2/0/5 ADM auto F A 1
XGE2/0/6 ADM auto F A 1
XGE2/0/7 ADM auto F A 1
XGE2/0/8 ADM auto F A 1
XGE2/0/9 ADM auto F A 1
XGE2/0/10 ADM auto F A 1
XGE2/0/11 ADM auto F A 1
XGE2/0/12 ADM auto F A 1
XGE2/0/13 ADM auto F A 1
XGE2/0/14 ADM auto F A 1
XGE2/0/15 ADM auto F A 1
XGE2/0/16 ADM auto F A 1
XGE2/0/17 ADM auto F A 1
XGE2/0/18 ADM auto F A 1
XGE2/0/19 ADM auto F A 1
XGE2/0/20 ADM auto F A 1
XGE2/0/21 ADM auto F A 1
XGE2/0/22 ADM auto F A 1
XGE2/0/23 ADM auto F A 1
XGE2/0/24 ADM auto F A 1
# 以Switch C为例,在分布式EVPN网关上查看EVPN路由信息。
[SwitchC] display bgp l2vpn evpn
BGP local router ID is 3.3.3.3
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 10
Route distinguisher: 1:1(vpna)
Total number of routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [2][0][48][a21a-36c9-0806][32][10.1.1.20]/136
4.4.4.4 0 100 0 i
* >i [2][0][48][a21a-39de-0907][32][10.1.2.20]/136
4.4.4.4 0 100 0 i
* >i [5][0][0][0.0.0.0]/80
5.5.5.5 0 100 0 ?
* i 5.5.5.5 0 100 0 ?
* > [5][0][24][10.1.1.0]/80
0.0.0.0 0 100 32768 i
* > [5][0][24][10.1.2.0]/80
0.0.0.0 0 100 32768 i
Route distinguisher: 1:10
Total number of routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [2][0][48][a21a-2df1-0606][32][10.1.1.10]/136
0.0.0.0 0 100 32768 i
* >i [2][0][48][a21a-36c9-0806][32][10.1.1.20]/136
4.4.4.4 0 100 0 i
* i 4.4.4.4 0 100 0 i
* > [3][0][32][3.3.3.3]/80
0.0.0.0 0 100 32768 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
* i 4.4.4.4 0 100 0 i
Route distinguisher: 1:20
Total number of routes: 6
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [2][0][48][a21a-3300-0707][32][10.1.2.10]/136
0.0.0.0 0 100 32768 i
* >i [2][0][48][a21a-39de-0907][32][10.1.2.20]/136
4.4.4.4 0 100 0 i
* i 4.4.4.4 0 100 0 i
* > [3][0][32][3.3.3.3]/80
0.0.0.0 0 100 32768 i
* >i [3][0][32][4.4.4.4]/80
4.4.4.4 0 100 0 i
* i 4.4.4.4 0 100 0 i
# 查看Switch C上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。
[SwitchC] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 10 packets, 980 bytes, 0 drops
Output: 19 packets, 1520 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 5.5.5.5
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Switch C上的VSI虚接口信息,可以看到VSI虚接口处于up状态。
[SwitchC] display interface vsi-interface
Vsi-interface1
Current state: UP
Line protocol state: UP
Description: Vsi-interface1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1444
Internet address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0001-0001-0001
IPv6 packet frame type: Ethernet II, hardware address: 0001-0001-0001
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Input (total): 0 packets, 0 bytes
Output (total): 0 packets, 0 bytes
Vsi-interface2
Current state: UP
Line protocol state: UP
Description: Vsi-interface2 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1444
Internet address: 10.1.2.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0002-0002-0002
IPv6 packet frame type: Ethernet II, hardware address: 0002-0002-0002
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Input (total): 0 packets, 0 bytes
Output (total): 0 packets, 0 bytes
Vsi-interface3
Current state: UP
Line protocol state: UP
Description: Vsi-interface3 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1444
Internet protocol processing: Disabled
IP packet frame type: Ethernet II, hardware address: a21a-0861-0300
IPv6 packet frame type: Ethernet II, hardware address: a21a-0861-0300
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Input (total): 0 packets, 0 bytes
Output (total): 0 packets, 0 bytes
# 查看Switch C上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchC] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_3
VSI Index : 2
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 1000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0 Up Manual
VSI Name: vpnb
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel0 0x5000000 UP Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/2 srv1000 0 Up Manual
# 查看Switch C上VSI的ARP表项信息,可以看到已学习到了本地和远端虚拟机的ARP信息。
[SwitchC] display arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN/VSI Interface Aging Type
11.1.1.1 a210-9a1c-0182 10 XGE1/0/3 240 D
12.1.1.2 a21a-01b9-0242 20 XGE1/0/5 240 D
10.1.1.10 a21a-2df1-0606 0 XGE1/0/1 489 D
10.1.2.10 a21a-3300-0707 1 XGE1/0/2 414 D
4.4.4.4 a21a-0fb2-0400 2 Tunnel0 -- R
5.5.5.5 a21a-17fd-0500 2 Tunnel1 -- R
# 查看Switch C上VSI的EVPN ARP表项信息,可以看到已学习到了本地虚拟机的ARP信息。
[SwitchC] display evpn route arp
Flags: D - Dynamic B - BGP L - Local active
G - Gateway S - Static M - Mapping
VPN instance: vpna Interface: Vsi-interface1
IP address MAC address Router MAC VSI index Flags
10.1.1.1 0001-0001-0001 a21a-0861-0300 0 GL
10.1.1.10 a21a-2df1-0606 a21a-0861-0300 0 DL
10.1.1.20 a21a-36c9-0806 a21a-0fb2-0400 0 B
VPN instance: vpna Interface: Vsi-interface2
IP address MAC address Router MAC VSI index Flags
10.1.2.1 0002-0002-0002 a21a-0861-0300 1 GL
10.1.2.10 a21a-3300-0707 a21a-0861-0300 1 DL
10.1.2.20 a21a-39de-0907 a21a-0fb2-0400 1 B
<SwitchC>
# 验证Sever之间可以互访且Sever可以访问广域网
Sever 1、Sever 2、Sever 3和Sever 4之间可以互访,各Sever可以访问广域网
# 在Switch F上查看PIM-SM域中的RP信息。
[SwitchF] display pim rp-info
BSR RP information:
Scope: non-scoped
Group/MaskLen: 225.1.1.0/24
RP address Priority HoldTime Uptime Expires
1.1.1.1 192 180 00:51:45 00:02:22
Static RP information:
RP address ACL Mode Preferred
2.2.2.2 ---- pim-sm No
[SwitchF] display pim bsr-info
Scope: non-scoped
State: Accept Preferred
Bootstrap timer: 00:01:44
Elected BSR address: 1.1.1.1
Priority: 64
Hash mask length: 30
Uptime: 00:11:18
[SwitchF]disp pim interface
Interface NbrCnt HelloInt DR-Pri DR-Address
Vlan10 0 30 1 10.1.4.1 (local)
Vlan20 1 30 1 1.1.1.1
# 在SWA-MDC2上查看PIM-SM域中的BSR信息。
[SWA-MDC2] display pim bsr-info
Scope: non-scoped
State: Elected
Bootstrap timer: 00:01:44
Elected BSR address: 1.1.1.1
Priority: 64
Hash mask length: 30
Uptime: 00:11:18
Candidate BSR address: 1.1.1.1
Priority: 64
Hash mask length: 30
# 在SWA-MDC2上查看PIM-SM域中的静态C-RP信息。
[SWA-MDC2]display pim c-rp
Scope: non-scoped
Group/MaskLen: 224.0.0.0/4
C-RP address Priority HoldTime Uptime Expires
1.1.1.1 (local) 192 150 03:01:36 00:02:29
· Switch A
#
mdc SWA-MDC1 id 2
mdc start
allocate interface Ten-GigabitEthernet1/0/1 to Ten-GigabitEthernet 1/0/24
#
mdc SWA-MDC2 id 3
mdc start
allocate interface Ten-GigabitEthernet 2/0/1 to Ten-GigabitEthernet 2/0/24
#
· SWA-MDC1
#
ospf 100 router-id 6.6.6.6
area 0.0.0.0
network 6.6.6.6 0.0.0.0
network 17.1.1.0 0.0.0.255
network 18.1.1.0 0.0.0.255
#
vlan 10
#
vlan 20
#
interface LoopBack0
ip address 6.6.6.6 255.255.255.255
#
interface Vlan-interface10
ip address 17.1.1.6 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 18.1.1.6 255.255.255.0
pim sm
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 20
combo enable fiber
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 10
combo enable fiber
#
multicast routing
#
pim
static-rp 2.2.2.2
#
· SWA-MDC2
#
ospf 100 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
network 15.1.1.0 0.0.0.255
#
vlan 10
#
vlan 20
#
vlan 30
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface10
ip address 11.1.1.1 255.255.255.0
#
interface Vlan-interface20
ip address 13.1.1.1 255.255.255.0
pim sm
#
interface Vlan-interface30
ip address 15.1.1.1 255.255.255.0
pim sm
#
interface Ten-GigabitEthernet2/0/1
port link-mode bridge
port access vlan 30
combo enable fiber
#
interface Ten-GigabitEthernet2/0/3
port link-mode bridge
port access vlan 10
combo enable fiber
#
interface Ten-GigabitEthernet2/0/4
port link-mode bridge
port access vlan 20
combo enable fiber
#
bgp 100
group evpn internal
peer evpn connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 group evpn
peer 4.4.4.4 group evpn
peer 5.5.5.5 group evpn
#
address-family l2vpn evpn
reflector cluster-id 8.8.8.8
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
peer 2.2.2.2 enable
#
multicast routing
#
pim
c-bsr 1.1.1.1
c-rp 1.1.1.1
static-rp 2.2.2.2
#
· Switch B
#
mdc SWB-MDC1 id 2
mdc start
allocate interface Ten-GigabitEthernet1/0/1 to Ten-GigabitEthernet1/0/24
#
mdc SWB-MDC2 id 3
mdc start
allocate interface Ten-GigabitEthernet2/0/1 to Ten-GigabitEthernet2/0/24
#
· SWB-MDC1
#
ospf 100 router-id 7.7.7.7
area 0.0.0.0
network 7.7.7.7 0.0.0.0
network 19.1.1.0 0.0.0.255
network 20.1.1.0 0.0.0.255
#
vlan 10
#
vlan 50
#
interface LoopBack0
ip address 7.7.7.7 255.255.255.255
#
interface Vlan-interface10
ip address 19.1.1.7 255.255.255.0
#
interface Vlan-interface50
ip address 20.1.1.7 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 10
combo enable fiber
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 50
combo enable fiber
#
· SWB-MDC2
#
ospf 100 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
network 14.1.1.0 0.0.0.255
network 16.1.1.0 0.0.0.255
#
vlan 10
#
vlan 20
#
vlan 40
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface10
ip address 14.1.1.2 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 12.1.1.2 255.255.255.0
#
interface Vlan-interface40
ip address 16.1.1.2 255.255.255.0
pim sm
#
interface Ten-GigabitEthernet2/0/2
port link-mode bridge
port access vlan 40
combo enable fiber
#
interface Ten-GigabitEthernet2/0/3
port link-mode bridge
port access vlan 10
combo enable fiber
#
interface Ten-GigabitEthernet2/0/5
port link-mode bridge
port access vlan 20
combo enable fiber
#
bgp 100
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 group evpn
peer 4.4.4.4 group evpn
peer 5.5.5.5 group evpn
#
address-family l2vpn evpn
reflector cluster-id 8.8.8.8
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
peer 1.1.1.1 enable
#
multicast routing
#
pim
static-rp 2.2.2.2
#
· Switch C
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 100 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
#
vlan 10
#
vlan 20
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface10
ip address 11.1.1.3 255.255.255.0
#
interface Vlan-interface20
ip address 12.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode route
combo enable fiber
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode route
combo enable fiber
xconnect vsi vpnb
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 10
combo enable fiber
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 20
combo enable fiber
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-nd enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-nd enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 1.1.1.1 enable
peer 2.2.2.2 enable
· Switch D
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 100 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 13.1.1.0 0.0.0.255
network 14.1.1.0 0.0.0.255
#
vlan 10
#
vlan 20
#
vlan 30
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface10
ip address 14.1.1.4 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 13.1.1.4 255.255.255.0
pim sm
#
interface Vlan-interface30
ip address 21.1.1.4 255.255.255.0
pim sm
#
interface Ten-GigabitEthernet1/0/1
port link-mode route
combo enable fiber
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode route
combo enable fiber
xconnect vsi vpnb
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 10
combo enable fiber
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port access vlan 20
combo enable fiber
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 30
combo enable fiber
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 1.1.1.1 enable
peer 2.2.2.2 enable
#
multicast routing
#
pim
static-rp 2.2.2.2
#
· Switch E
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 2:2 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 1:1 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 100 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 15.1.1.0 0.0.0.255
network 16.1.1.0 0.0.0.255
network 18.1.1.0 0.0.0.255
network 19.1.1.0 0.0.0.255
network 22.1.1.0 0.0.0.255
#
vlan 10
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
l2vpn enable
vxlan tunnel arp-learning disable
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface Vlan-interface10
ip address 22.1.1.5 255.255.255.0
#
interface Vlan-interface20
ip address 18.1.1.5 255.255.255.0
pim sm
#
interface Vlan-interface30
ip address 15.1.1.5 255.255.255.0
pim sm
#
interface Vlan-interface40
ip address 16.1.1.5 255.255.255.0
pim sm
#
interface Vlan-interface50
ip address 19.1.1.5 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 30
combo enable fiber
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 40
combo enable fiber
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 10
combo enable fiber
#
interface Ten-GigabitEthernet1/0/17
port link-mode bridge
port access vlan 20
combo enable fiber
#
interface Ten-GigabitEthernet1/0/18
port link-mode bridge
port access vlan 50
combo enable fiber
#
interface Vsi-interface3
ip binding vpn-instance vpna
l3-vni 1000
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 1.1.1.1 enable
peer 2.2.2.2 enable
#
ip vpn-instance vpna
#
address-family ipv4 unicast
default-route imported
import-route static
#
multicast routing
#
pim
static-rp 2.2.2.2
#
ip route-static vpn-instance vpna 0.0.0.0 0 22.1.1.100
· Switch F
#
ospf 100 router-id 9.9.9.9
area 0.0.0.0
network 9.9.9.9 0.0.0.0
network 17.1.1.0 0.0.0.255
#
vlan 10
#
vlan 20
#
interface LoopBack0
ip address 9.9.9.9 255.255.255.255
#
interface Vlan-interface10
ip address 17.1.1.9 255.255.255.0
pim sm
#
interface Vlan-interface20
ip address 10.1.4.1 255.255.255.0
igmp enable
#
interface Ten-GigabitEthernet1/0/17
port link-mode bridge
port access vlan 20
combo enable fiber
#
interface Ten-GigabitEthernet1/0/18
port link-mode bridge
port access vlan 10
combo enable fiber
#
multicast routing
#
pim
static-rp 2.2.2.2
#
· H3C S6860系列以太网交换机 EVPN配置指导-Release 26xx系列
· H3C S6860系列以太网交换机 EVPN命令参考-Release 26xx系列
· H3C S12500X-AF系列以太网交换机 MDC配置指导-Release 27xx系列
· H3C S12500X-AF系列以太网交换机 MDC命令参考-Release 27xx系列
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
