- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
77-EVPN公私网互通典型配置举例
本章节下载: 77-EVPN公私网互通典型配置举例 (189.96 KB)
H3C S6860产品EVPN公私网互通典型配置举例
Copyright © 2018 新华三技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。
除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。
本文档中的信息可能变动,恕不另行通知。
本文档介绍EVPN(Ethernet Virtual Private Network,以太网虚拟专用网络)的公私网互通功能的典型配置举例。
EVPN是一种二层VPN技术,控制平面采用MP-BGP通告EVPN路由信息,数据平面采用VXLAN封装方式转发报文。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解EVPN特性。
EVPN网关从AC接收到报文后,如果EVPN网关对报文进行三层转发,则不管报文接收接口上是否配置qos trust dscp命令,设备都信任IP报文自带的DSCP优先级,以此优先级进行优先级映射;如果对报文进行二层转发,则只有在报文接收接口上配置了qos trust dscp命令,设备才会信任IP报文自带的DSCP优先级。
同一个EVPN网关上建议配置相同的VSI虚接口的MAC地址,避免流量转发不通。
在分布式EVPN网关设备上,如果开启了ARP泛洪抑制功能,并在VSI虚接口上开启了本地代理ARP功能,则只有本地代理ARP功能生效。建议不要在分布式EVPN网关设备上同时开启这两个功能。
二层聚合接口及其成员端口上均可以手工创建以太网服务实例,并将以太网服务实例与VSI关联。成员端口上的以太网服务实例处于Down状态。只有成员端口退出二层聚合组后,该端口上的以太网服务实例才能Up。
二层以太网接口/二层聚合接口上某个以太网服务实例的匹配规则为encapsulation untagged时,则该二层以太网接口上不能通过QoS策略配置Nest功能。有关Nest功能的详细介绍请参见“ACL和QoS配置指导”中的“QoS”。
Switch A、Switch B、Switch C为分布式EVPN网关设备;Switch D为RR,负责在交换机之间反射BGP路由。
虚拟机VM 1属于VXLAN 10、位于VPN实例vpna;VM 2属于VXLAN 20、位于VPN实例vpnb;VM 3属于VXLAN 30、位于公网实例。通过EVPN分布式网关和公私网互通配置,保证VM 1和VM 2之间互通(私网之间互通),VM 2不能访问VM 3,VM 1和VM 3之间互通(公私网互通)。
图1 IPv4 EVPN公私网互通配置组网图
· 在交换机上配置路由协议,使各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。
· 配置Switch C作为路由反射器在Switch A、Switch B、Switch D之间反射路由。
· 在Switch A和Switch B上配置分布式EVPN网关和VPN实例,使网关之间通过BGP EVPN路由实现自动发现邻居、自动建立/关联VXLAN隧道、通告MAC/IP的可达性等,以便虚拟机之间通过VPN实例实现三层互通。
· 在Switch C上配置分布式EVPN网关和公网实例,实现与Switch A和Switch B上VPN实例的互通。
· 在Switch A、Switch B和Switch C的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
EVPN网关在对报文进行三层转发时,以太网服务实例的报文匹配规则和接入模式只能配置为:
· 匹配不带VLAN Tag的报文(encapsulation untagged),且必须使用Ethernet接入模式。
· 仅匹配外层VLAN Tag(encapsulation s-vid { vlan-id [ only-tagged ] | vlan-id-list }),且必须使用VLAN接入模式。
# 在Switch A上配置各接口的IP地址。
[SwitchA] vlan 11
[SwitchA-vlan11] quit
[SwitchA] interface ten-gigabitEthernet 1/0/2
[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 11
[SwitchA-Ten-GigabitEthernet1/0/2] undo shutdown
[SwitchA-Ten-GigabitEthernet1/0/2] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] undo shutdown
[SwitchA-Vlan-interface11] quit
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
[SwitchA-LoopBack0] undo shutdown
[SwitchA-LoopBack0] quit
# 请参考以上方法配置其它设备上的接口IP地址,配置步骤这里省略。
# 在VM 1、VM 2和VM 3上分别指定网关地址为10.1.1.1、10.1.2.1、10.1.3.1。(具体配置过程略)
# 配置OSPF发布接口所在网段的路由。
[SwitchA] ospf 1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchB> system-view
[SwitchB] ospf 1
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchC> system-view
[SwitchC] ospf 1
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 配置OSPF发布接口所在网段的路由。
<SwitchD> system-view
[SwitchD] ospf 1
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 开启L2VPN功能。
[SwitchA] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchA] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchA] vxlan tunnel mac-learning disable
[SwitchA] vxlan tunnel arp-learning disable
# 创建VSI实例vpna和VXLAN 10。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan-10] quit
# 在VSI实例vpna下创建EVPN实例。
[SwitchA-vsi-vpna] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto
[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto
[SwitchA-vsi-vpna-evpn-vxlan] quit
[SwitchA-vsi-vpna] quit
# 开启L2VPN功能。
[SwitchB] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchB] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchB] vxlan tunnel mac-learning disable
[SwitchB] vxlan tunnel arp-learning disable
# 创建VSI实例vpnb和VXLAN 20。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan-10] quit
# 在VSI实例vpnb下创建EVPN实例。
[SwitchB-vsi-vpnb] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto
[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto
[SwitchB-vsi-vpnb-evpn-vxlan] quit
[SwitchB-vsi-vpnb] quit
# 开启L2VPN能力。
<SwitchC> system-view
[SwitchC] l2vpn enable
# 配置VXLAN的硬件资源模式(该配置需要保存并重启设备才能生效,重启设备的具体配置步骤这里省略)。
[SwitchC] hardware-resource vxlan l3gw8k
# 关闭远端MAC地址和远端ARP自动学习功能。
[SwitchC] vxlan tunnel mac-learning disable
[SwitchC] vxlan tunnel arp-learning disable
# 创建VSI实例vpnc和VXLAN 30。
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] vxlan 30
[SwitchC-vsi-vpnc-vxlan-30] quit
[SwitchC-vsi-vpnc] quit
# 在VSI实例vpnc下创建EVPN实例。
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] evpn encapsulation vxlan
# 配置自动生成EVPN实例的RD和RT。
[SwitchC-vsi-vpnc-evpn-vxlan] route-distinguisher auto
[SwitchC-vsi-vpnc-evpn-vxlan] vpn-target auto
[SwitchC-vsi-vpnc-evpn-vxlan] quit
[SwitchC-vsi-vpnc] quit
# 配置L3 VNI的RD和RT。
[SwitchA] ip vpn-instance vpna
[SwitchA-vpn-instance-vpna] route-distinguisher 1:1
[SwitchA-vpn-instance-vpna] address-family ipv4
[SwitchA-vpn-ipv4-vpna] vpn-target 1:1
[SwitchA-vpn-ipv4-vpna] vpn-target 2:2 import-extcommunity
[SwitchA-vpn-ipv4-vpna] vpn-target 3:3 import-extcommunity
[SwitchA-vpn-ipv4-vpna] quit
[SwitchA-vpn-instance-vpna] address-family evpn
[SwitchA-vpn-evpn-vpna] vpn-target 1:1
[SwitchA-vpn-evpn-vpna] vpn-target 2:2 import-extcommunity
[SwitchA-vpn-evpn-vpna] vpn-target 3:3 import-extcommunity
[SwitchA-vpn-evpn-vpna] quit
[SwitchA-vpn-instance-vpna] quit
# 创建并配置VSI虚接口VSI-interface1。
[SwitchA] interface vsi-interface 1
[SwitchA-Vsi-interface1] ip binding vpn-instance vpna
[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchA-Vsi-interface1] distributed-gateway local
[SwitchA-Vsi-interface1] local-proxy-arp enable
[SwitchA-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpna对应的L3VNI为1000。
[SwitchA] interface vsi-interface 2
[SwitchA-Vsi-interface2] ip binding vpn-instance vpna
[SwitchA-Vsi-interface2] l3-vni 1000
[SwitchA-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置L3VNI为2000,用来匹配从Switch B接收的路由。
[SwitchA] interface vsi-interface 3
[SwitchA-Vsi-interface3] l3-vni 2000
[SwitchA-Vsi-interface3] quit
# 创建VSI虚接口VSI-interface4,在该接口上配置L3VNI为3000,用来匹配从Switch C接收的路由。
[SwitchA] interface vsi-interface 4
[SwitchA-Vsi-interface4] l3-vni 3000
[SwitchA-Vsi-interface4] quit
# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] gateway vsi-interface 1
[SwitchA-vsi-vpna] quit
# 配置L3 VNI的RD和RT。
[SwitchB] ip vpn-instance vpnb
[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2
[SwitchB-vpn-instance-vpnb] address-family ipv4
[SwitchB-vpn-ipv4-vpnb] vpn-target 2:2
[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-ipv4-vpnb] quit
[SwitchB-vpn-instance-vpnb] address-family evpn
[SwitchB-vpn-evpn-vpnb] vpn-target 2:2
[SwitchB-vpn-evpn-vpnb] vpn-target 1:1 import-extcommunity
[SwitchB-vpn-evpn-vpnb] quit
[SwitchB-vpn-instance-vpnb] quit
# 创建并配置VSI虚接口VSI-interface1。
[SwitchB] interface vsi-interface 1
[SwitchB-Vsi-interface1] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface1] ip address 10.1.2.1 255.255.255.0
[SwitchB-Vsi-interface1] distributed-gateway local
[SwitchB-Vsi-interface1] local-proxy-arp enable
[SwitchB-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置L3VNI为1000,用来匹配从Switch A接收的路由。
[SwitchB] interface vsi-interface 2
[SwitchB-Vsi-interface2] l3-vni 1000
[SwitchB-Vsi-interface2] qui
# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpnb对应的L3VNI为2000。
[SwitchB] interface vsi-interface 3
[SwitchB-Vsi-interface3] ip binding vpn-instance vpnb
[SwitchB-Vsi-interface3] l3-vni 2000
[SwitchB-Vsi-interface3] quit
# 创建VSI虚接口VSI-interface4,在该接口上配置L3VNI为3000,用来匹配从Switch C接收的路由。
[SwitchA] interface vsi-interface 4
[SwitchA-Vsi-interface4] l3-vni 3000
[SwitchA-Vsi-interface4] quit
# 配置VXLAN 20所在的VSI实例和接口VSI-interface1关联。
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] gateway vsi-interface 1
[SwitchB-vsi-vpnb] quit
# 配置公网实例的RD和RT,配置公网实例对应的L3VNI为3000。
[SwitchC] ip public-instance
[SwitchC-public-instance] route-distinguisher 3:3
[SwitchC-public-instance] l3-vni 3000
[SwitchC-public-instance] address-family ipv4
[SwitchC-public-instance-ipv4] vpn-target 3:3
[SwitchC-public-instance-ipv4] vpn-target 1:1 import-extcommunity
[SwitchC-public-instance-ipv4] quit
[SwitchC-public-instance] address-family evpn
[SwitchC-public-instance-evpn]vpn-target 3:3
[SwitchC-public-instance-evpn] vpn-target 1:1 import-extcommunity
[SwitchC-public-instance-evpn] quit
[SwitchC-public-instance] quit
# 创建并配置VSI虚接口VSI-interface1。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.3.1 255.255.255.0
[SwitchC-Vsi-interface1] distributed-gateway local
[SwitchC-Vsi-interface1] local-proxy-arp enable
[SwitchC-Vsi-interface1] quit
# 创建VSI虚接口VSI-interface2,在该接口上配置L3VNI为1000,用来匹配从Switch A接收的路由。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] l3-vni 1000
[SwitchC-Vsi-interface2] quit
# 创建VSI虚接口VSI-interface3,在该接口上配置L3VNI为2000,用来匹配从Switch B接收的路由。
[SwitchC] interface vsi-interface 3
[SwitchC-Vsi-interface3] l3-vni 2000
[SwitchC-Vsi-interface3] quit
# 创建VSI虚接口VSI-interface4,在该接口上配置公网实例对应的L3VNI为3000。
[SwitchC] interface vsi-interface 4
[SwitchC-Vsi-interface4] l3-vni 3000
[SwitchC-Vsi-interface4] quit
# 配置VXLAN 30所在的VSI实例和接口VSI-interface1关联。
[SwitchC] vsi vpnc
[SwitchC-vsi-vpnc] gateway vsi-interface 1
[SwitchC-vsi-vpnc] quit
# 配置BGP发布EVPN路由
[SwitchA] bgp 200
[SwitchA-bgp-default] peer 4.4.4.4 as-number 200
[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchA-bgp-default] address-family l2vpn evpn
[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchA-bgp-default-evpn] quit
[SwitchA-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchB] bgp 200
[SwitchB-bgp-default] peer 4.4.4.4 as-number 200
[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchB-bgp-default] address-family l2vpn evpn
[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchB-bgp-default-evpn] quit
[SwitchB-bgp-default] quit
# 配置BGP发布EVPN路由。
[SwitchC] bgp 200
[SwitchC-bgp-default] peer 4.4.4.4 as-number 200
[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0
[SwitchC-bgp-default] address-family ipv4 unicast
[SwitchC-bgp-default-ipv4]quit
[SwitchC-bgp-default] address-family l2vpn evpn
[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable
[SwitchC-bgp-default-evpn] quit
[SwitchC-bgp-default] quit
# 配置Switch D与其他交换机建立BGP连接。
<SwitchD> system-view
[SwitchD] bgp 200
[SwitchD-bgp-default] group evpn
[SwitchD-bgp-default] peer 1.1.1.1 group evpn
[SwitchD-bgp-default] peer 2.2.2.2 group evpn
[SwitchD-bgp-default] peer 3.3.3.3 group evpn
[SwitchD-bgp-default] peer evpn as-number 200
[SwitchD-bgp-default] peer evpn connect-interface loopback 0
# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。
[SwitchD-bgp-default] address-family l2vpn evpn
[SwitchD-bgp-default-evpn] peer evpn enable
[SwitchD-bgp-default-evpn] undo policy vpn-target
# 配置Switch D为路由反射器。
[SwitchD-bgp-default-evpn] peer evpn reflect-client
[SwitchD-bgp-default-evpn] quit
[SwitchD-bgp-default] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 1的数据帧。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 1
# 配置以太网服务实例1000与VSI实例vpna关联。
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
# 配置以太网服务实例1000与VSI实例vpnb关联。
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 3的数据帧。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 3
# 配置以太网服务实例1000与VSI实例vpnc关联。
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpnc
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchC-Ten-GigabitEthernet1/0/1] quit
(1) 验证分布式EVPN网关设备Switch A
# 查看Switch A上的EVPN路由信息,可以看到Switch A发送了网关的IP前缀路由、各VSI的IMET路由、带主机MAC的MAC路由和带主机ARP的MAC/IP发布路由,并接收到Switch B,Switch C发出的网关的IP前缀路由和MAC/IP发布路由。
[SwitchA] display bgp l2vpn evpn
BGP local router ID is 1.1.1.1
Status codes: * - valid, > - best, d - dampened, h - history,
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 9
Route distinguisher: 1:1(vpna)
Total number of routes: 3
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [2][0][48][582e-d6b2-0906][32][10.1.2.10]/136
2.2.2.2 0 100 0 i
* >i [2][0][48][9a50-488c-1106][32][10.1.3.10]/136
3.3.3.3 0 100 0 i
* > [5][0][24][10.1.1.0]/80
0.0.0.0 0 100 32768 i
Route distinguisher: 1:10
Total number of routes: 2
Network NextHop MED LocPrf PrefVal Path/Ogn
* > [2][0][48][582e-aaec-0806][32][10.1.1.10]/136
0.0.0.0 0 100 32768 i
* > [3][0][32][1.1.1.1]/80
0.0.0.0 0 100 32768 i
Route distinguisher: 1:20
Total number of routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [2][0][48][582e-d6b2-0906][32][10.1.2.10]/136
2.2.2.2 0 100 0 i
Route distinguisher: 1:30
Total number of routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [2][0][48][9a50-488c-1106][32][10.1.3.10]/136
3.3.3.3 0 100 0 i
Route distinguisher: 2:2
Total number of routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [5][0][24][10.1.2.0]/80
2.2.2.2 0 100 0 i
Route distinguisher: 3:3
Total number of routes: 1
Network NextHop MED LocPrf PrefVal Path/Ogn
* >i [5][0][24][10.1.3.0]/80
3.3.3.3 0 100 0 i
# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。
[SwitchA] display interface tunnel
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 15 packets, 1470 bytes, 0 drops
Output: 15 packets, 1470 bytes, 0 drops
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 22 packets, 2156 bytes, 0 drops
Output: 23 packets, 2254 bytes, 0 drops
# 查看Switch A上的VSI虚接口信息,可以看到VSI虚接口处于up状态。
[SwitchA] display interface vsi-interface
Vsi-interface1
Current state: UP
Line protocol state: UP
Description: Vsi-interface1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1444
Internet address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600
IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Input (total): 0 packets, 0 bytes
Output (total): 2625 packets, 138432 bytes
Vsi-interface2
Current state: UP
Line protocol state: UP
Description: Vsi-interface2 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1444
Internet protocol processing: Disabled
IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600
IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Input (total): 0 packets, 0 bytes
Output (total): 0 packets, 0 bytes
Vsi-interface3
Current state: UP
Line protocol state: UP
Description: Vsi-interface3 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1444
Internet protocol processing: Disabled
IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600
IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Input (total): 0 packets, 0 bytes
Output (total): 0 packets, 0 bytes
Vsi-interface4
Current state: UP
Line protocol state: UP
Description: Vsi-interface4 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1444
Internet protocol processing: Disabled
IP packet frame type: Ethernet II, hardware address: 582e-81f2-0600
IPv6 packet frame type: Ethernet II, hardware address: 582e-81f2-0600
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Input (total): 0 packets, 0 bytes
Output (total): 0 packets, 0 bytes
# 查看Switch A上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: Auto_L3VNI1000_2
VSI Index : 1
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 2
VXLAN ID : 1000
VSI Name: Auto_L3VNI2000_3
VSI Index : 2
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 3
VXLAN ID : 2000
VSI Name: Auto_L3VNI3000_4
VSI Index : 3
VSI State : Down
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 4
VXLAN ID : 3000
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway Interface : VSI-interface 1
VXLAN ID : 10
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0 Up Manual
# 查看Switch A上VSI的ARP表项信息,可以看到已学习到了本地虚拟机的ARP信息和BGP EVPN路由下一跳地址的ARP信息。
[SwitchA] display arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN/VSI Interface/Link ID Aging Type
10.1.1.10 582e-aaec-0806 0 0 10 D
11.1.1.4 582c-1385-0517 -- Vlan11 14 D
2.2.2.2 582e-8ba6-0700 2 Tunnel0 -- R
3.3.3.3 9a51-95ba-1000 3 Tunnel1 -- R
(2) 验证主机之间互访
VM 1和VM 2、VM 1和VM 3之间可以互访,VM 2和VM 3不能互访。
· Switch A
#
sysname SwitchA
#
ip vpn-instance vpna
route-distinguisher 1:1
#
address-family ipv4
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 1:1 export-extcommunity
#
address-family evpn
vpn-target 1:1 2:2 3:3 import-extcommunity
vpn-target 1:1 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.1.1.0 0.0.0.255
#
vlan 11
#
vlan 1
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 1
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 11
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.1.1 255.255.255.0
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
ip binding vpn-instance vpna
l3-vni 1000
#
interface Vsi-interface3
l3-vni 2000
#
interface Vsi-interface4
l3-vni 3000
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 4.4.4.4 enable
#
Return
· Switch B
#
sysname SwitchB
#
ip vpn-instance vpnb
route-distinguisher 2:2
#
address-family ipv4
vpn-target 2:2 1:1 import-extcommunity
vpn-target 2:2 export-extcommunity
#
address-family evpn
vpn-target 2:2 1:1 import-extcommunity
vpn-target 2:2 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
vlan 12
#
vlan 2
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpnb
gateway vsi-interface 1
vxlan 20
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpnb
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 2 12
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.2.1 255.255.255.0
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
l3-vni 1000
#
interface Vsi-interface3
ip binding vpn-instance vpnb
l3-vni 2000
#
interface Vsi-interface4
l3-vni 3000
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 4.4.4.4 enable
#
return
· Switch C
#
sysname SwitchC
#
ip public-instance
route-distinguisher 3:3
#
address-family ipv4
vpn-target 3:3 1:1 import-extcommunity
vpn-target 3:3 export-extcommunity
#
address-family evpn
vpn-target 3:3 1:1 import-extcommunity
vpn-target 3:3 export-extcommunity
#
vxlan tunnel mac-learning disable
#
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 13.1.1.0 0.0.0.255
#
vlan 13
#
vlan 3
#
l2vpn enable
vxlan tunnel arp-learning disable
#
vsi vpnc
gateway vsi-interface 1
vxlan 30
evpn encapsulation vxlan
route-distinguisher auto
vpn-target auto export-extcommunity
vpn-target auto import-extcommunity
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
#
service-instance 1000
encapsulation s-vid 3
xconnect vsi vpnc
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 3 13
#
interface Vsi-interface1
ip binding vpn-instance vpna
ip address 10.1.3.1 255.255.255.0
local-proxy-arp enable
distributed-gateway local
#
interface Vsi-interface2
l3-vni 1000
#
interface Vsi-interface3
l3-vni 2000
#
interface Vsi-interface4
l3-vni 3000
#
bgp 200
peer 4.4.4.4 as-number 200
peer 4.4.4.4 connect-interface LoopBack0
#
address-family ipv4
peer 4.4.4.4 enable
#
address-family l2vpn evpn
peer 4.4.4.4 enable
#
return
· Switch D
#
sysname SwitchD
#
ospf 1
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11
#
vlan 12
#
vlan 13
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.1 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan 13
#
bgp 200
group evpn internal
peer evpn connect-interface LoopBack0
peer 1.1.1.1 group evpn
peer 2.2.2.2 group evpn
peer 3.3.3.3 group evpn
#
address-family l2vpn evpn
undo policy vpn-target
peer evpn enable
peer evpn reflect-client
#
return
· H3C S6860系列以太网交换机 EVPN配置指导-Release 26xx系列
· H3C S6860系列以太网交换机 EVPN命令参考-Release 26xx系列
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
