华为evpn vxlan分布式网关配置

两边的RD和RT设计的核心思想是：

考虑怎么样把对端发过来的的evpn export二层RT，必须和接收端的三层RT import及本端的evpn import二层匹同时配上。

RT随便配置要全网唯一

三层vni值两边要一样

ce1

sysname edag1

evpn-overlay enable //开启支持evpn功能

ip vpn-instance edge //三层vpn实例，可以被多个vn绑定

ipv4-family

route-distinguisher 8888:12 //三层RD和RT配置

vpn-target 1020:12 export-extcommunity evpn

vpn-target 1020:12 import-extcommunity evpn

vxlan vni 9999 //三层vni和对端保持一致

bridge-domain 10 //evpn 二层实例

vxlan vni 10 //关联vni

evpn //evpn 二层RD和RT配置

route-distinguisher 10:1

vpn-target 10:10 export-extcommunity

vpn-target 1020:12 export-extcommunity

vpn-target 10:10 import-extcommunity

arp broadcast-suppress enable //arp广播抑制功能开启

bridge-domain 20

vxlan vni 20

evpn

route-distinguisher 20:1

vpn-target 20:20 export-extcommunity

vpn-target 1020:12 export-extcommunity

vpn-target 20:20 import-extcommunity

arp broadcast-suppress enable

interface Vbdif10

ip binding vpn-instance edge //绑定三层vpn实例

ip address 192.168.0.1 255.255.255.0

mac-address 707b-e8be-0010 //随便配置，只要保证是单播mac并且两边一样

arp collect host enable //开启二类evpn路由生成功能

interface Vbdif20

ip binding vpn-instance edge

ip address 192.168.20.1 255.255.255.0

mac-address 707b-e8be-0020

arp collect host enable

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.0.12.1 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GE1/0/1.10 mode l2

encapsulation dot1q vid 10

bridge-domain 10

interface GE1/0/1.20 mode l2

encapsulation dot1q vid 20

bridge-domain 20

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

ospf enable 1 area 0.0.0.0

interface LoopBack1 //模拟非vxlan网络接入vxlan

ip binding vpn-instance edge //绑定相同的三层vpn实例

ip address 123.0.0.1 255.255.255.0

interface Nve1

source 1.1.1.1

vni 10 head-end peer-list protocol bgp //头端复制列表用bgp生成

vni 20 head-end peer-list protocol bgp

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast

peer 3.3.3.3 enable

ipv4-family vpn-instance edge

network 123.0.0.0 255.255.255.0 //发布非vxlan路由

advertise l2vpn evpn //开启vpn实例向evpn实例发布IP路由功能

l2vpn-family evpn

policy vpn-target

peer 3.3.3.3 enable

peer 3.3.3.3 advertise irb //开启IRB路由传递功能

ospf 1

area 0.0.0.0

ce2

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.0.12.2 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GE1/0/1

undo portswitch

undo shutdown

ip address 10.0.23.2 255.255.255.0

ospf enable 1 area 0.0.0.0

ospf 1

area 0.0.0.0

ce3

sysname edag2

evpn-overlay enable

ip vpn-instance edge

ipv4-family

route-distinguisher 7777:12

vpn-target 1020:12 export-extcommunity evpn

vpn-target 1020:12 import-extcommunity evpn

vxlan vni 9999

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 10:2

vpn-target 10:10 export-extcommunity

vpn-target 1020:12 export-extcommunity

vpn-target 10:10 import-extcommunity

arp broadcast-suppress enable

bridge-domain 20

vxlan vni 20

evpn

route-distinguisher 20:2

vpn-target 20:20 export-extcommunity

vpn-target 1020:12 export-extcommunity

vpn-target 20:20 import-extcommunity

arp broadcast-suppress enable

interface Vbdif10

ip binding vpn-instance edge

ip address 192.168.0.1 255.255.255.0

mac-address 707b-e8be-0010

arp collect host enable

interface Vbdif20

ip binding vpn-instance edge

ip address 192.168.20.1 255.255.255.0

mac-address 707b-e8be-0020

arp collect host enable

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.0.23.3 255.255.255.0

ospf enable 1 area 0.0.0.0

interface GE1/0/1.10 mode l2

encapsulation dot1q vid 10

bridge-domain 10

interface GE1/0/1.20 mode l2

encapsulation dot1q vid 20

bridge-domain 20

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

ospf enable 1 area 0.0.0.0

interface Nve1

source 3.3.3.3

vni 10 head-end peer-list protocol bgp

vni 20 head-end peer-list protocol bgp

bgp 100

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack0

ipv4-family unicast

peer 1.1.1.1 enable

ipv4-family vpn-instance edge

advertise l2vpn evpn

l2vpn-family evpn

policy vpn-target

peer 1.1.1.1 enable

peer 1.1.1.1 advertise irb

ospf 1

area 0.0.0.0

lsw1

vlan batch 10 20

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/2

port link-type access

port default vlan 10

interface GigabitEthernet0/0/3

port link-type access

port default vlan 20

lsw2

vlan batch 10 20

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/2

port link-type access

port default vlan 10

interface GigabitEthernet0/0/3

port link-type access

port default vlan 20

查看

edag1\]dddis bgp evpn all routing-table \[edag1\]dis bgp evpn all routing-table inclusive-route 0:32:3.3.3.3 看三类路由 \[edag1\] dis vxlan tunnel \[edag1\]dis vxlan peer \[edag1\]dis mac-address \[edag1\]dis arp vpn-instance edge \[edag1\]dis mac-address bridge-domain 10 \[edag1\]dis bgp evpn vpn-instance 10 routing-table mac-route 看二类路由 \[edag1\]dis bgp evpn vpn-instance 10 routing-table mac-route 0:48:5489-9832-7a68:32:192.168.0.10 看明细路由 \[edag1\]dis ip routing-table vpn-instance edge 查看vpn实例路由表 \[edag1\]dis bgp vpnv4 vpn-instance edge routing-table 192.168.20.20 看vpn实例的vpnv4路由 \[edag1\]dis arp broadcast-suppress user bridge-domain 10 arp广播抑制查看 \[edag2\]dis ip routing-table vpn-instance edge 查看对端vxlan以外的5类路由学到的网络 \[edag2\]dis bgp evpn all routing-table prefix-route 查看5类路由 \[edag2\]dis bgp evpn all routing-table prefix-route 0:123.0.0.0:24 查看5类路由明细