华为EVPN网关配置

一、华为集中式EVPN网关配置

1、拓扑

设备：SW1，SW2，SW3用CE12800设备

ACC-1，ACC-2用SW5700设备

2、需求

SW2为Border设备，SW1和SW3为Edge设备 PC1属于VLAN100，PC2属于VLAN200，Border和Edge设备配置了OSPF协议，要求PC1和PC2使用集中式VXLAN技术，实现三层互访

PC1地址：172.16.10.10 网关：172.16.10.1

PC2地址：172.16.20.10 网关：172.16.20.1

3、操作

1. 基础连通性配置

SW1配置

[SW1]vlan batch 12

interface GE1/0/1

 undo shutdown

 port link-type trunk

 port trunk allow-pass vlan 12

interface Vlanif12

 ip address 10.0.12.1 255.255.255.0

 ospf network-type p2p

interface LoopBack0

 ip address 1.1.1.1 255.255.255.255

SW2配置

[SW2]vlan batch 12 23

interface Vlanif12

 ip address 10.0.12.2 255.255.255.0

 ospf network-type p2p

#

interface Vlanif23

 ip address 10.0.23.2 255.255.255.0

 ospf network-type p2p

interface GE1/0/2

 undo shutdown

 port link-type trunk

 port trunk allow-pass vlan 12

#

interface GE1/0/3

 undo shutdown

 port link-type trunk

 port trunk allow-pass vlan 23

interface LoopBack0

 ip address 2.2.2.2 255.255.255.255

SW3配置

[SW3]vlan batch 23

interface Vlanif23

 ip address 10.0.23.3 255.255.255.0

 ospf network-type p2p

interface GE1/0/1

 undo shutdown

 port link-type trunk

 port trunk allow-pass vlan 23

interface LoopBack0

 ip address 3.3.3.3 255.255.255.255

2. OSPF配置

SW1

[SW1]

ospf 10 router-id 10.0.1.1

 area 0.0.0.0

  network 10.0.1.1 0.0.0.0

  network 10.0.12.1 0.0.0.0

[SW2]

ospf 10 router-id 10.0.2.2

 area 0.0.0.0

  network 10.0.2.2 0.0.0.0

  network 10.0.12.2 0.0.0.0

  network 10.0.23.2 0.0.0.0

[SW3]

ospf 10 router-id 10.0.3.3

 area 0.0.0.0

  network 10.0.3.3 0.0.0.0

  network 10.0.23.3 0.0.0.0

3. 业务接入点配置

SW1上完成业务接入点的配置，创建子接口与ACC-1互通，终结VLAN100，并与BD10进行绑定。

SW3上完成业务接入点的配置，创建子接口与ACC-2互通，终结VLAN200，并与BD20进行绑定。

ACC-1与PC连接的接口配置为Access接口，PVID 100，与SW1、SW3互联的接口配置为Trunk接口，放通VLAN 100。

ACC-2与PC连接的接口配置为Access接口，PVID200，与SW1、SW3互联的接口配置为Trunk接口，放通VLAN 100。

SW1

bridge-domain 10

 vxlan vni 10

interface GE1/0/2.100 mode l2

 encapsulation dot1q vid 100

 bridge-domain 10

SW3

bridge-domain 20

 vxlan vni 20

interface GE1/0/3.200 mode l2

 encapsulation dot1q vid 200

 bridge-domain 20

SW2

bridge-domain 10

 vxlan vni 10

bridge-domain 20

 vxlan vni 20

4. 配置EVPN邻居

SW1配置

evpn-overlay enable

bgp 100

 router-id 1.1.1.1

 peer 2.2.2.2 as-number 100

 peer 2.2.2.2 connect-interface LoopBack0

 #

 ipv4-family unicast

  peer 2.2.2.2 enable

 #

 l2vpn-family evpn

  policy vpn-target

  peer 2.2.2.2 enable

SW2配置

evpn-overlay enable

bgp 100

 router-id 2.2.2.2

 peer 1.1.1.1 as-number 100

 peer 1.1.1.1 connect-interface LoopBack1

 peer 3.3.3.3 as-number 100

 peer 3.3.3.3 connect-interface LoopBack1

 #

 ipv4-family unicast

  peer 1.1.1.1 enable

  peer 3.3.3.3 enable

 #

 l2vpn-family evpn

  policy vpn-target

  peer 1.1.1.1 enable

  peer 3.3.3.3 enable

SW3配置

evpn-overlay enable

bgp 100

 router-id 3.3.3.3

 peer 2.2.2.2 as-number 100

 peer 2.2.2.2 connect-interface LoopBack0

 #

 ipv4-family unicast

  peer 2.2.2.2 enable

 #

 l2vpn-family evpn

  policy vpn-target

  peer 2.2.2.2 enable

5. 配置EVPN实例

SW1配置

bridge-domain 10

 vxlan vni 10

 evpn

  route-distinguisher 11:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

SW2配置

bridge-domain 10

 vxlan vni 10

 evpn

  route-distinguisher 11:1

  vpn-target 1:1 export-extcommunity

  vpn-target 1:1 import-extcommunity

#

bridge-domain 20

 vxlan vni 20

 evpn

  route-distinguisher 12:1

  vpn-target 2:1 export-extcommunity

  vpn-target 2:1 import-extcommunity

SW3配置

bridge-domain 20

 vxlan vni 20

 evpn

  route-distinguisher 12:1

  vpn-target 2:1 export-extcommunity

  vpn-target 2:1 import-extcommunity

6. 配置头端复制功能

SW1配置

interface Nve1

 source 1.1.1.1

 vni 10 head-end peer-list protocol bgp

SW2配置

interface Nve1

 source 2.2.2.2

 vni 10 head-end peer-list protocol bgp

 vni 20 head-end peer-list protocol bgp

SW3配置

interface Nve1

 source 3.3.3.3

 vni 20 head-end peer-list protocol bgp

7. 配置接入层

ACC-1配置


vlan 100

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 100

interface GigabitEthernet0/0/24

 port link-type access

 port default vlan 100

ACC-2配置


vlan 200

interface GigabitEthernet0/0/1

 port link-type trunk

 port trunk allow-pass vlan 200

interface GigabitEthernet0/0/24

 port link-type access

 port default vlan 200

配置VXLAN网关

interface Vbdif10

ip address 192.168.10.1 255.255.255.0

arp collect host enable

interface Vbdif20

ip address 192.168.20.1 255.255.255.0

arp collect host enable

4、验证

测试

二、华为 Vxlan-BGP 分布式EVPN网关配置

VXLAN分布式网关可以解决VXLAN集中式网关的转发路径不优化，三层网关ARP或ND表项规格瓶颈问题。

本文主要通过华为ENSP模拟VXLAN-BGP EVPN分布式网关配置。

1、配置思路

配置underlay网络实现互联互通
启用VXLAN功能
配置业务接入点
启用EVPN功能
配置BGP对等体
配置EVPN实例
配置头端配置列表
配置VPN实例
配置VBDIF并绑定VPN实例，配置发布路由类型
配置BGP对等体路由类型

此次环境如下：

ensp 版本1.3.00.100

ce12800 版本V200R005C10SPC607B607

virtualbox 版本5.1.26

此次拓扑如下：

2、配置CE1-CE3实现三层互通

CE1：

[ce1]ospf 1 router-id 1.1.1.1	\\配置OSPF进程1

[ce1-ospf-1]area 0

[ce1-ospf-1-area-0.0.0.0]quit

[ce1-ospf-1]quit

[ce1]interface  g1/0/0

[ce1-ge1/0/0]undo shutdown

[ce1-ge1/0/0]undo portswitch

[ce1-ge1/0/0]ip address 192.168.12.1 255.255.255.0

[ce1-ge1/0/0]ospf enable 1 area 0	\\端口加入OSPF进程

[ce1-ge1/0/0]interface loopback 0 

[ce1-loopback1]ip address 1.1.1.1 255.255.255.255

[ce1-loopback1]ospf enable 1 area 0

[ce1-loopback1]interface g1/0/1

[ce1-ge1/0/1]undo shutdown

[ce1-ge1/0/1]undo portswitch

[ce1-ge1/0/1]ip address 192.168.13.1 255.255.255.255

[ce1-ge1/0/1]ospf enable 1 area 0

[ce1-ge1/0/1]quit

[ce1]commit

CE2：

[ce2]ospf 1 router-id 2.2.2.2

[ce2-ospf-1]area 0

[ce2-ospf-1-area-0.0.0.0]quit

[ce2-ospf-1]quit

[ce2]interface  g1/0/0

[ce2-ge1/0/0]undo shutdown

[ce2-ge1/0/0]undo portswitch

[ce2-ge1/0/0]ip address 192.168.12.2 255.255.255.0

[ce2-ge1/0/0]ospf enable 1 area 0

[ce2-ge1/0/0]interface loopback 0 

[ce2-loopback1]ip address 2.2.2.2 255.255.255.255

[ce2-loopback1]ospf enable 1 area 0

[ce2-loopback1]quit

[ce2]commit

CE3：

[ce3]ospf 1 router-id 3.3.3.3

[ce3-ospf-1]area 0

[ce3-ospf-1-area-0.0.0.0]quit

[ce3-ospf-1]quit

[ce3]interface  g1/0/0

[ce3-ge1/0/0]undo shutdown

[ce3-ge1/0/0]undo portswitch

[ce3-ge1/0/0]ip address 192.168.13.3 255.255.255.0

[ce3-ge1/0/0]ospf enable 1 area 0

[ce3-ge1/0/0]interface loopback 0

[ce3-loopback1]ip address 3.3.3.3 255.255.255.255

[ce3-loopback1]ospf enable 1 area 0

[ce3-loopback1]quit

[ce3]commit

配置注意点：

1）注意交换机端口默认状态为shutdown，需要手动undo shutdown

ce3上ospf状态查看

3、配置VXLAN隧道

ip tunnel mode vxlan	\\配置隧道模式为vxlan

assign forward nvo3 acl extend enable	\\使能vxlan的ACL扩展功能，以防ACL叠加失败

配置注意点：

此处模拟器不支持配置命令，实际环境还是要配置的，配置命令后交换机需要重启。

4、配置LSW1 LSW2

lsw1:

[lsw1]vlan 10

[lsw1-vlan10]quit

[lsw1]vlan 20

[lsw1-vlan20]quit

[lsw1]interface  e0/0/2

[lsw1-ethernet0/0/2]port link-type access

[lsw1-ethernet0/0/2]port default vlan 10

[lsw1-ethernet0/0/2]interface  e0/0/3

[lsw1-ethernet0/0/3]port link-type access

[lsw1-ethernet0/0/3]port default vlan 20

[lsw1-ethernet0/0/3]interface  e0/0/1

[lsw1-ethernet0/0/1]port link-type trunk

[lsw1-ethernet0/0/1]port trunk allow-pass vlan all

lsw2:

[lsw2]vlan 20

[lsw2-vlan20]quit

[lsw2]interface  e0/0/2

[lsw2-ethernet0/0/2]port link-type access

[lsw2-ethernet0/0/2]port default vlan 20

[lsw2-ethernet0/0/2]interface  e0/0/1

[lsw2-ethernet0/0/1]port link-type trunk

[lsw2-ethernet0/0/1]port trunk allow-pass vlan all

5、配置VXLAN业务接入点

CE2：

[ce2]vlan 10

[ce2-vlan10]quit

[ce2]vlan 20

[ce2-vlan20]quit

[ce2]commit

[ce2]bridge-domain 10

[ce2-bd10]quit

[ce2]bridge-domain 20

[ce2-bd20]quit

[ce2]interface g1/0/1

[ce2-ge1/0/1]undo shutdown 		\\主端口默认shutdown

[ce2-ge1/0/1]interface g1/0/1.1 mode l2

[ce2-ge1/0/1.1]encapsulation dot1q vid 10	\\配置封装vlan10

[ce2-ge1/0/1.1]bridge-domain 10	\\关联BD域

[ce2-ge1/0/1.1]interface g1/0/1.2 mode l2

[ce2-ge1/0/1.2]encapsulation dot1q vid 20	\\配置封装vlan20

[ce2-ge1/0/1.2]bridge-domain 20	\\关联BD域

[ce2-ge1/0/1.2]quit

[ce2]commit

CE3：

[ce3]vlan 20

[ce3-vlan20]quit

[ce3]bridge-domain 20

[ce3-bd20]quit

[ce3]interface g1/0/1

[ce3-ge1/0/1]undo shutdown

[ce3-ge1/0/1]interface g1/0/1.1 mode l2

[ce3-ge1/0/1.1]encapsulation dot1q vid 20

[ce3-ge1/0/1.1]bridge-domain 20

[ce3-ge1/0/1.1]quit

[ce3]commit

6、使能EVPN作为VXLAN控制平面功能

ce1:

[ce1]evpn-overlay enable

[ce1]commit



ce2:

[ce2]evpn-overlay enable

[ce2]commit



ce3:

[ce3]evpn-overlay enable

[ce3]commit

7、配置BGP EVPN对等体关系

ce2:

[ce2]bgp 1

[ce2-bgp]router-id 2.2.2.2

[ce2-bgp]peer 3.3.3.3 as-number 1

[ce2-bgp]peeer 3.3.3.3 connect-interface loopback0

[ce2-bgp]l2vpn-family evpn

[ce2-bgp-af-evpn]peer 3.3.3.3 enable

[ce2-bgp-af-evpn]quit

[ce2-bgp]quit

[ce2]commit

ce3:

[ce3]bgp 1

[ce3-bgp]router-id 3.3.3.3

[ce3-bgp]peer 2.2.2.2 as-number 1

[ce3-bgp]peeer 2.2.2.2 connect-interface 3.3.3.3

[ce3-bgp]l2vpn-family evpn

[ce3-bgp-af-evpn]peer 2.2.2.2 enable

[ce3-bgp-af-evpn]quit

[ce3-bgp]quit

[ce3]commit

BGP EVPN对等体关系状态查看如下：

8、配置EVPN实例

ce2：

[ce2]bridge-domain 10

[ce2-bd10]vxlan vni 1

[ce2-bd10]evpn

[ce2-bd10-evpn]route-distinguisher 1:1

[ce2-bd10-evpn]vpn-target 1:1 both

[ce2-bd10-evpn]vpn-target 1:10 export-extcommunity

[ce2-bd10-evpn]quit

[ce2-bd10]quit

[ce2]bridge-domain 20

[ce2-bd20]vxlan vni 2

[ce2-bd20]evpn

[ce2-bd20-evpn]route-distinguisher 1:3

[ce2-bd20-evpn]vpn-target 2:2 both

[ce2-bd20-evpn]vpn-target 1:10 export-extcommunity

[ce2-bd20-evpn]quit

[ce2-bd20]quit

[ce2]commit

ce3：

[ce3]bridge-domain 20

[ce3-bd20]vxlan vni 2

[ce3-bd20]evpn

[ce3-bd20-evpn]route-distinguisher 1:5

[ce3-bd20-evpn]vpn-target 2:2

[ce3-bd20-evpn]vpn-target 1:10 export-extcommunity

[ce3-bd20-evpn]quit

[ce3-bd20]quit

[ce3]commit

9、配置头端复制列表

ce2:

[ce2]interface nve1

[ce2-nve1]source 2.2.2.2

[ce2-nve1]vni 1 head-end peer-list protocol bgp

[ce2-nve1]vni 2 head-end peer-list protocol bgp

[ce2-nve1]quit

[ce2]commit



ce3:

[ce3]interface nve1

[ce3-nve1]source 3.3.3.3

[ce3-nve1]vni 2 head-end peer-list protocol bgp

[ce3-nve1]quit

[ce3]commit

10、配置VPN实例

CE2:

[ce2]ip vpn-instance bd10

[ce2-vpn-instance-bd10]vxlan vni 10

[ce2-vpn-instance-bd10]ipv4-family

[ce2-vpn-instance-bd10-af-ipv4]route-distinguisher 1:2

[ce2-vpn-instance-bd10-af-ipv4]vpn-target 1:10 evpn

[ce2-vpn-instance-bd10-af-ipv4]quit

[ce2-vpn-instance-bd10]quit

[ce2]commit



CE3:

[ce3]ip vpn-instance bd10

[ce3-vpn-instance-bd10]vxlan vni 10

[ce3-vpn-instance-bd10]ipv4-family

[ce3-vpn-instance-bd10-af-ipv4]route-distinguisher 1:6

[ce3-vpn-instance-bd10-af-ipv4]vpn-target 1:10 evpn

[ce3-vpn-instance-bd10-af-ipv4]quit

[ce3-vpn-instance-bd10]quit

[ce3]commit

11、配置VBDIF绑定VPN实例

ce2：

[ce2]interface vbdif 10

[ce2-vbdif10]ip binding vpn-instance bd10

[ce2-vbdif10]ip address 10.1.1.254 255.255.255.0

[ce2-vbdif10]vxlan anycast-gateway enable

[ce2-vbdif10]arp collect host enable

[ce2-vbdif10]quit

[ce2]interface vbdif 20

[ce2-vbdif20]ip binding vpn-instance bd10

[ce2-vbdif20]ip address 10.2.2.254 255.255.255.0

[ce2-vbdif20]mac-address 0000-1111-0001    \\实机使用0000-5e00-000X来做虚拟MAC

[ce2-vbdif20]vxlan anycast-gateway enable

[ce2-vbdif20]arp collect host enable

[ce2-vbdif20]quit

[ce2]commit

ce3：

[ce3]interface vbdif 20

[ce3-vbdif20]ip binding vpn-instance bd10

[ce3-vbdif20]ip address 10.2.2.254 255.255.255.0

[ce3-vbdif20]mac-address 0000-1111-0001

[ce3-vbdif20]vxlan anycast-gateway enable

[ce3-vbdif20]arp collect host enable

[ce3-vbdif20]quit

[ce3]commit

12、配置BGP对等体发布路由类型

ce2

[ce2]bgp 1

[ce2-bgp]l2vpn-family evpn

[ce2-bgp-af-evpn]peer 3.3.3.3 advertise irb

[ce2-bgp-af-evpn]quit

[ce2-bgp]quit

[ce2]commit



ce3

[ce3]bgp 1

[ce3-bgp]l2vpn-family evpn

[ce3-bgp-af-evpn]peer 2.2.2.2 advertise irb

[ce3-bgp-af-evpn]quit

[ce3-bgp]quit

[ce3]commit

13、状态检查

1）ce3上隧道状态查看：

2）PC3连通性测试：

3）CE2上查看主机路由信息：

4）CE3上查看主机路由信息：

以上就是完成的实验过程了。

转载：利用华为的ENSP模拟集中式EVPN实验

转载：Vxlan-BGP EVPN分布式网关配置示例