首頁>技術>

組網需求

園區A和園區B規劃在相同的BGP AS域(例如BGP AS 100),在園區內部配置BGP EVPN建立分散式閘道器VXLAN網路,實現同一園區ServerA-1和ServerA-2之間的互通、ServerB-1和ServerB-2之間的互通,透過在VTEP1和VTEP6之間配置BGP EVPN建立VXLAN隧道,實現園區A和園區B之間的互通(例如ServerA-1和ServerB-2之間互通)。

實驗圖配置思路

採用如下思路配置不同網段使用者透過VXLAN閘道器互通: 在園區A內部和園區B內部配置VXLAN隧道,實現園區內部互通

分別在VTEP1、VTEP2、VTEP3、VTEP6、VTEP7、VTEP8上配置路由協議,保證網路三層互通。分別在Switch4、Switch5、Switch9、Switch10上配置VLAN,管理使用者接入的VLAN部署。在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN接入業務部署方式,實現使用者接入VXLAN網路。分別在VTEP2、VTEP3、VTEP7、VTEP8上配置EVPN例項並繫結BD域。分別在VTEP1、VTEP6上配置VPN例項,在VTEP2、VTEP3、VTEP7、VTEP8上配置VPN例項並繫結VBDIF介面。分別在VTEP1與VTEP2、VTEP3之間,VTEP6與VTEP7、VTEP8之間的BGP EVPN對等體關係,實現VTEP1與VTEP2、VTEP3之間,VTEP6與VTEP7、VTEP8之間EVPN路由的接收和釋出。配置VTEP1為反射器,指定VTEP2、VTEP3為客戶端。配置VTEP6為反射器,指定VTEP7和VTEP8為客戶端。實現VTEP2和VTEP3,以及VTEP7和VTEP8之間BGP EVPN對等體的建立和EVPN路由接收和釋出。分別在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN隧道目的端地址。分別在VTEP2、VTEP3、VTEP7、VTEP8上配置VXLAN分散式閘道器。分別在VTEP1、VTEP6上配置預設路由,並引入BGP。實現園區A內的使用者同園區A外通訊時統一由VTEP1負責,園區B內的使用者同園區B外通訊時統一由VTEP6負責。在園區A、園區B之間配置VXLAN隧道,實現兩個園區之間的互通在VTEP1和VTEP6之間配置BGP EVPN對等體關係,實現VTEP1和VTEP6之間的EVPN路由的接收和釋出。在VTEP1和VTEP6上配置EVPN路由的重生成功能,實現VTEP1和VTEP6將接收到的IP字首路由重新生成,園區間透過VTEP1和VTEP6之間的VXLAN互通。配置vtep1

#

sysname vtep1

#

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 1:100

vpn-target 1:100 export-extcommunity evpn

vpn-target 10:100 export-extcommunity evpn

vpn-target 1:100 import-extcommunity evpn

vpn-target 10:100 import-extcommunity evpn

vxlan vni 100

#

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.1.2 255.255.255.0

#

interface GE1/0/2

undo portswitch

undo shutdown

ip address 192.168.2.1 255.255.255.0

#

interface GE1/0/3

undo portswitch

shutdown

ip address 192.168.6.1 255.255.255.0

#

interface LoopBack1

ip address 10.1.1.1 255.255.255.255

#

interface Nve1

source 10.1.1.1

#

interface NULL0

#

bgp 100

router-id 10.1.1.1

peer 10.2.2.2 as-number 100

peer 10.2.2.2 connect-interface LoopBack1

peer 10.3.3.3 as-number 100

peer 10.3.3.3 connect-interface LoopBack1

peer 10.6.6.6 as-number 100

peer 10.6.6.6 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.2.2.2 enable

peer 10.3.3.3 enable

peer 10.6.6.6 enable

#

ipv4-family vpn-instance vpna

default-route imported

import-route direct

import-route static

advertise l2vpn evpn

#

l2vpn-family evpn

undo policy vpn-target

peer 10.2.2.2 enable

peer 10.2.2.2 advertise irb

peer 10.2.2.2 reflect-client

peer 10.2.2.2 import reoriginate

peer 10.3.3.3 enable

peer 10.3.3.3 advertise irb

peer 10.3.3.3 reflect-client

peer 10.3.3.3 import reoriginate

peer 10.6.6.6 enable

peer 10.6.6.6 advertise route-reoriginated evpn ip

#

ospf 1 router-id 10.1.1.1

area 0.0.0.0

network 10.1.1.1 0.0.0.0

network 192.168.1.0 0.0.0.255

network 192.168.2.0 0.0.0.255

network 192.168.6.0 0.0.0.255

#

ip route-static vpn-instance vpna 0.0.0.0 0.0.0.0 NULL0

#

vtep2

sysname vtep2

#

device board 17 board-type CE-MPUB

device board 1 board-type CE-LPUE

#

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 2:100

vpn-target 1:100 export-extcommunity evpn

vpn-target 1:100 import-extcommunity evpn

vxlan vni 100

#

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 10:10

vpn-target 1:100 export-extcommunity

vpn-target 1:100 import-extcommunity

arp broadcast-suppress mismatch-discard enable

#

#

interface Vbdif10

ip binding vpn-instance vpna

ip address 192.168.10.1 255.255.255.0

arp distribute-gateway enable

mac-address 0000-2e00-0101

arp collect host enable

#

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.1.1 255.255.255.0

#

interface GE1/0/2

undo shutdown

port link-type trunk

#

interface GE1/0/2.1 mode l2

encapsulation dot1q vid 10

bridge-domain 10

#

interface LoopBack1

ip address 10.2.2.2 255.255.255.255

#

interface Nve1

source 10.2.2.2

vni 10 head-end peer-list protocol bgp

#

interface NULL0

#

bgp 100

router-id 10.2.2.2

peer 10.1.1.1 as-number 100

peer 10.1.1.1 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.1.1.1 enable

#

ipv4-family vpn-instance vpna

import-route direct

advertise l2vpn evpn

#

l2vpn-family evpn

policy vpn-target

peer 10.1.1.1 enable

peer 10.1.1.1 advertise irb

#

ospf 1 router-id 10.2.2.2

area 0.0.0.0

network 10.2.2.2 0.0.0.0

network 192.168.1.0 0.0.0.255

VTEP3

sysname vtep3

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 3:100

vpn-target 1:100 export-extcommunity evpn

vpn-target 1:100 import-extcommunity evpn

vxlan vni 100

#

bridge-domain 20

vxlan vni 20

evpn

route-distinguisher 20:20

#

interface Vbdif20

ip binding vpn-instance vpna

ip address 192.168.20.1 255.255.255.0

arp distribute-gateway enable

mac-address 0000-2e00-0102

arp collect host enable

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.2.2 255.255.255.0

#

interface GE1/0/2

undo shutdown

port link-type trunk

#

interface GE1/0/2.1 mode l2

encapsulation dot1q vid 20

bridge-domain 20

#

#

interface LoopBack1

ip address 10.3.3.3 255.255.255.255

#

interface Nve1

source 10.3.3.3

vni 20 head-end peer-list protocol bgp

#

bgp 100

router-id 10.3.3.3

peer 10.1.1.1 as-number 100

peer 10.1.1.1 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.1.1.1 enable

#

ipv4-family vpn-instance vpna

import-route direct

advertise l2vpn evpn

#

l2vpn-family evpn

policy vpn-target

peer 10.1.1.1 enable

peer 10.1.1.1 advertise irb

#

ospf 1 router-id 10.3.3.3

area 0.0.0.0

network 10.3.3.3 0.0.0.0

network 192.168.2.0 0.0.0.255

#

VTEP7

sysname vtep7

#

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 7:100

vpn-target 6:100 export-extcommunity evpn

vpn-target 6:100 import-extcommunity evpn

vxlan vni 100

#

bridge-domain 30

vxlan vni 30

evpn

route-distinguisher 30:30

vpn-target 6:100 export-extcommunity

vpn-target 6:100 import-extcommunity

arp broadcast-suppress mismatch-discard enable

#

interface Vbdif30

ip binding vpn-instance vpna

ip address 192.168.30.1 255.255.255.0

arp distribute-gateway enable

mac-address 0000-2e00-0103

arp collect host enable

#

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.3.1 255.255.255.0

#

interface GE1/0/2

undo shutdown

port link-type trunk

#

interface GE1/0/2.1 mode l2

encapsulation dot1q vid 30

bridge-domain 30

#

#

interface LoopBack1

ip address 10.7.7.7 255.255.255.255

#

interface Nve1

source 10.7.7.7

vni 30 head-end peer-list protocol bgp

#

interface NULL0

#

bgp 100

router-id 10.7.7.7

peer 10.6.6.6 as-number 100

peer 10.6.6.6 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.6.6.6 enable

#

ipv4-family vpn-instance vpna

import-route direct

advertise l2vpn evpn

#

l2vpn-family evpn

policy vpn-target

peer 10.6.6.6 enable

peer 10.6.6.6 advertise irb

#

ospf 1 router-id 10.7.7.7

area 0.0.0.0

network 10.7.7.7 0.0.0.0

network 192.168.3.0 0.0.0.255

#

VTEP8

#

sysname vtep8

evpn-overlay enable

#

ip vpn-instance vpna

ipv4-family

route-distinguisher 8:100

vpn-target 6:100 export-extcommunity evpn

vpn-target 6:100 import-extcommunity evpn

vxlan vni 100

#

bridge-domain 40

vxlan vni 40

evpn

route-distinguisher 40:40

vpn-target 6:100 export-extcommunity

vpn-target 6:100 import-extcommunity

arp broadcast-suppress mismatch-discard enable

#

#

interface Vbdif40

ip binding vpn-instance vpna

ip address 192.168.40.1 255.255.255.0

arp distribute-gateway enable

mac-address 0000-2e00-0104

arp collect host enable

#

interface MEth0/0/0

undo shutdown

#

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 192.168.4.2 255.255.255.0

#

interface GE1/0/2

undo shutdown

port link-type trunk

#

interface GE1/0/2.1 mode l2

encapsulation dot1q vid 40

bridge-domain 40

#

#

interface LoopBack1

ip address 10.8.8.8 255.255.255.255

#

interface Nve1

source 10.8.8.8

vni 40 head-end peer-list protocol bgp

#

interface NULL0

#

bgp 100

router-id 10.8.8.8

peer 10.6.6.6 as-number 100

peer 10.6.6.6 connect-interface LoopBack1

#

ipv4-family unicast

peer 10.6.6.6 enable

#

ipv4-family vpn-instance vpna

import-route direct

advertise l2vpn evpn

#

l2vpn-family evpn

policy vpn-target

peer 10.6.6.6 enable

peer 10.6.6.6 advertise irb

#

ospf 1 router-id 10.8.8.8

area 0.0.0.0

network 10.8.8.8 0.0.0.0

network 192.168.4.0 0.0.0.255

#

return

Switch9的配置檔案

sysname Switch9

#

vlan batch 30

#

interface GigabitEthernet1/0/1

port link-type trunk

port trunk allow-pass vlan 30

#

interface GigabitEthernet1/0/2

port link-type access

port default vlan 30

Switch10的配置檔案

sysname Switch10

#

vlan batch 40

#

interface GigabitEthernet1/0/1

port link-type trunk

port trunk allow-pass vlan 40

#

interface GigabitEthernet1/0/2

port link-type access

port default vlan 40

驗證園區內透過VXLAN互通的配置結果。

上述配置成功後,在VTEP2、VTEP3、VTEP7、VTEP8上執行命令display vxlan tunnel可檢視到VXLAN隧道的資訊。

執行命令display vxlan tunnel可檢視到VXLAN隧道的資訊

8
最新評論
  • BSA-TRITC(10mg/ml) TRITC-BSA 牛血清白蛋白改性標記羅丹明
  • C++11多執行緒程式設計(七)——訊號量的實現