segment方案解决VXLAN分布式网关DCI间互联

segment概念：

segment方案是在需要互联的两个DCI间建立3条VXLAN隧道实现两个DCI间的二层和三层间互通需求，常用于大型的DCI间互联，无需考虑两个DCI内的VXLAN参数规划的不同，其中二层互通可以采用映射VNI或局部VNI的方式进行解决，华为推荐映射VNI方式。

实验拓扑

1、地址编码如图所示，underlay选用OSPF跑通底层互联地址以及环回口地址；

2、AS内采用IBGP EVPN传输EVPN路由，AS间采用EBGP EVPN传递DCI间的EVPN路由。

配置

leaf1

evpn-overlay enable //开启EVPN支持能力

bridge-domain 1000 //配置BD域

vxlan vni 5010

evpn

route-distinguisher 1:1

vpn-target 5010:1 export-extcommunity

vpn-target 11:1 export-extcommunity

vpn-target 5010:1 import-extcommunity

vpn-target 11:1 import-extcommunity

interface GE1/0/8.100 mode l2 //配置业务接入点

encapsulation dot1q vid 100

bridge-domain 1000

ip vpn-instance A //配置VRF

ipv4-family

route-distinguisher 11:11

vpn-target 11:1 export-extcommunity evpn

vpn-target 11:1 import-extcommunity evpn

vxlan vni 3000

interface Vbdif1000 //配置分布式网关

ip binding vpn-instance A

ip address 192.168.1.254 255.255.255.0

mac-address 0000-5e00-0011

vxlan anycast-gateway enable

arp collect host enable
bgp 100 //配置BGP EVPN

router-id 11.11.11.11

undo default ipv4-unicast

peer 22.22.22.22 as-number 100

peer 22.22.22.22 connect-interface LoopBack1

ipv4-family unicast

undo peer 22.22.22.22 enable

l2vpn-family evpn

policy vpn-target

peer 22.22.22.22 enable

peer 22.22.22.22 advertise irb

interface Nve1 //配置NVE接口

source 1.1.1.1

vni 5010 head-end peer-list protocol bgp

spine1

evpn-overlay enable

bgp 100 //配置BGP EVNP 作为RR反射路由

router-id 22.22.22.22

undo default ipv4-unicast

peer 11.11.11.11 as-number 100

peer 11.11.11.11 connect-interface LoopBack1

peer 33.33.33.33 as-number 100

peer 33.33.33.33 connect-interface LoopBack1

ipv4-family unicast

undo peer 11.11.11.11 enable

undo peer 33.33.33.33 enable

l2vpn-family evpn

undo policy vpn-target

peer 11.11.11.11 enable

peer 11.11.11.11 advertise irb

peer 11.11.11.11 reflect-client

peer 33.33.33.33 enable

peer 33.33.33.33 advertise irb

peer 33.33.33.33 reflect-client

dci1

evpn-overlay enable

ip vpn-instance A //配置VRF 绑定VXLAN VNI 进行调用

ipv4-family

route-distinguisher 33:33

vpn-target 11:1 export-extcommunity evpn

vpn-target 10:10 export-extcommunity evpn

vpn-target 11:1 import-extcommunity evpn

vpn-target 10:10 import-extcommunity evpn

vxlan vni 3000

bridge-domain 1000 //配置BD域 并配置水平分割功能 映射VNI实现二层互通

vxlan vni 5000 split-group sg1

vxlan vni 5010

evpn

route-distinguisher 3:3

vpn-target 5010:1 export-extcommunity

vpn-target 50:50 export-extcommunity

vpn-target 5010:1 import-extcommunity

vpn-target 50:50 import-extcommunity
bgp 100 //配置BGP EVPN 实现路由重生功能

router-id 33.33.33.33

undo default ipv4-unicast

peer 22.22.22.22 as-number 100

peer 22.22.22.22 connect-interface LoopBack1

peer 44.44.44.44 as-number 200

peer 44.44.44.44 ebgp-max-hop 255

peer 44.44.44.44 connect-interface LoopBack1

ipv4-family unicast

undo peer 22.22.22.22 enable

undo peer 44.44.44.44 enable

l2vpn-family evpn

policy vpn-target

peer 22.22.22.22 enable

peer 22.22.22.22 advertise irb

peer 22.22.22.22 import reoriginate

peer 22.22.22.22 advertise route-reoriginated evpn mac-ip

peer 22.22.22.22 advertise route-reoriginated evpn mac

peer 22.22.22.22 advertise route-reoriginated evpn ip

peer 44.44.44.44 enable

peer 44.44.44.44 advertise irb

peer 44.44.44.44 split-group sg1

peer 44.44.44.44 import reoriginate

peer 44.44.44.44 advertise route-reoriginated evpn mac-ip

peer 44.44.44.44 advertise route-reoriginated evpn mac

peer 44.44.44.44 advertise route-reoriginated evpn ip

interface Nve1 //配置NVE接口

source 4.4.4.4

vni 5000 head-end peer-list protocol bgp

vni 5011 head-end peer-list protocol bgp

dci2

evpn-overlay enable

ip vpn-instance B //配置VRF

ipv4-family

route-distinguisher 44:44

vpn-target 22:2 export-extcommunity evpn

vpn-target 10:10 export-extcommunity evpn

vpn-target 22:2 import-extcommunity evpn

vpn-target 10:10 import-extcommunity evpn

vxlan vni 4000

bridge-domain 1000 //配置BD域

vxlan vni 5000 split-group sg1

vxlan vni 5011

evpn

route-distinguisher 444:444

vpn-target 5011:1 export-extcommunity

vpn-target 50:50 export-extcommunity

vpn-target 5011:1 import-extcommunity

vpn-target 50:50 import-extcommunity
bgp 200 //BGP配置，与dci1同理

router-id 44.44.44.44

undo default ipv4-unicast

peer 33.33.33.33 as-number 100

peer 33.33.33.33 ebgp-max-hop 255

peer 33.33.33.33 connect-interface LoopBack1

peer 55.55.55.55 as-number 200

peer 55.55.55.55 connect-interface LoopBack1

ipv4-family unicast

undo peer 33.33.33.33 enable

undo peer 55.55.55.55 enable

l2vpn-family evpn

policy vpn-target

peer 33.33.33.33 enable

peer 33.33.33.33 advertise irb

peer 33.33.33.33 split-group sg1

peer 33.33.33.33 import reoriginate

peer 33.33.33.33 advertise route-reoriginated evpn mac-ip

peer 33.33.33.33 advertise route-reoriginated evpn mac

peer 33.33.33.33 advertise route-reoriginated evpn ip

peer 55.55.55.55 enable

peer 55.55.55.55 advertise irb

peer 55.55.55.55 import reoriginate

peer 55.55.55.55 advertise route-reoriginated evpn mac-ip

peer 55.55.55.55 advertise route-reoriginated evpn mac

peer 55.55.55.55 advertise route-reoriginated evpn ip

spine2

evpn-overlay enable

bgp 200

router-id 55.55.55.55

undo default ipv4-unicast

peer 44.44.44.44 as-number 200

peer 44.44.44.44 connect-interface LoopBack1

peer 66.66.66.66 as-number 200

peer 66.66.66.66 connect-interface LoopBack1

ipv4-family unicast

undo peer 44.44.44.44 enable

undo peer 66.66.66.66 enable

l2vpn-family evpn

undo policy vpn-target

peer 44.44.44.44 enable

peer 44.44.44.44 advertise irb

peer 44.44.44.44 reflect-client

peer 66.66.66.66 enable

peer 66.66.66.66 advertise irb

peer 66.66.66.66 reflect-client

leaf2

evpn-overlay enable

bridge-domain 1000 //BD域配置

vxlan vni 5011

evpn

route-distinguisher 20:20

vpn-target 5011:1 export-extcommunity

vpn-target 11:11 export-extcommunity

vpn-target 5011:1 import-extcommunity

vpn-target 11:11 import-extcommunity

bridge-domain 2000

vxlan vni 5020

evpn

route-distinguisher 6:6

vpn-target 5020:1 export-extcommunity

vpn-target 22:2 export-extcommunity

vpn-target 5020:1 import-extcommunity

vpn-target 22:2 import-extcommunity

interface GE1/0/8.100 mode l2 //业务接入点配置

encapsulation dot1q vid 100

bridge-domain 1000

interface GE1/0/8.200 mode l2

encapsulation dot1q vid 200

bridge-domain 2000

ip vpn-instance A //VRF配置

ipv4-family

route-distinguisher 202:202

vpn-target 11:11 export-extcommunity evpn

vpn-target 11:11 import-extcommunity evpn

vxlan vni 3001

ip vpn-instance B

ipv4-family

route-distinguisher 66:66

vpn-target 22:2 export-extcommunity evpn

vpn-target 22:2 import-extcommunity evpn

vxlan vni 4000

interface Vbdif1000 //分部式网关配置

ip binding vpn-instance A

ip address 192.168.1.254 255.255.255.0

mac-address 0000-5e00-0011

vxlan anycast-gateway enable

arp collect host enable

interface Vbdif2000

ip binding vpn-instance B

ip address 192.168.2.254 255.255.255.0

mac-address 0000-5e00-0066

vxlan anycast-gateway enable

arp collect host enable

bgp 200 //BGP配置

router-id 66.66.66.66

undo default ipv4-unicast

peer 55.55.55.55 as-number 200

peer 55.55.55.55 connect-interface LoopBack1

ipv4-family unicast

undo peer 55.55.55.55 enable

l2vpn-family evpn

policy vpn-target

peer 55.55.55.55 enable

peer 55.55.55.55 advertise irb

状态查看

evpn邻居状态

在spine1上查看

在dci1上查看

EVPN路由查看

在leaf1上：

注意ENSP模拟器有BUG是不产生type2 的MAC路由的所以二层互通是无法在ENSP进行模拟的

可以看到PC1的主机MAC为54-89-98-63-13-6D，本地的MAC表中可以看到，但是并未进入到EVPN路由中进行传输，真机测试后是正常进入的。

测试

在PC1上Ping测试PC2