一、拓扑
描述:
CE1 上的 VRF A 上开启用户A 的 vlan 10、20网关,CE2 的 VRF A 上开启用户 A 的 vlan 20、30 的网关
要求:
全域互访
二、配置思路:
1、网络侧配置 underlayer 底层互通
1)CE1、2 配置 IGP,让 loo0 互通
2)CE1、2 建立 BGP EVPN 邻居,建立 EVPN 路由传输通道(全局要先开启 evpn-overlay enable)
2、配置 overlayer 上层互通
1)网络侧:
a、配置 BD,配二层 vni 号,在 EVPN 地址族下分配 RD、RT
b、配置 VRF,配三层 vni 号,配置 evpn 地址族下的 RD、RT
c、配 VBDIF 三层网关,关联 VRF
d、配 NVE 接口,为 leaf 之间开通 vxlan 隧道,方法:头端复制,对端列表以 BGP 协议动态生成
e、由于 CE1 和 CE2 都有 BD 20,在两个 leaf 的 vbdif 20上,配置相同的 MAC 地址,开启任播网关功能:vxlan anycast-gateway enable
2)用户侧:
a、配置 VAP 接口,接入租户的二、三层 vlan 网络
3、此时架构完成,在 PC 端测试不通,还需要完成以下几点:
1)要产生 IRB 路由,并通告给对端:
a、产生:在 vbdif 下,收集 arp 主机路由:arp collect host enable
b、通告:在 BGP 的 l2vpn-family evpn 下,通告出去:peer x.x.x.x advertise irb
2)IRB 路由接收:
为了让 IRB 路由能够进入到对端的 EVPN 路由表中,需要把三层 VRF 的 ERT 写入到本端的 BD EVPN 的 ERT中,同时补完 IRB 路由(加上三层 vni),方法:两出一进,两个 ERT,一个 IRT
三、详细配置:
CE1:
evpn-overlay enable
#
ip vpn-instance A
ipv4-family
route-distinguisher 1:1
vpn-target 1:1 export-extcommunity evpn
vpn-target 1:1 import-extcommunity evpn
vxlan vni 1000
#
bridge-domain 10
vxlan vni 5010
evpn
route-distinguisher 5010:1
vpn-target 5010:1 export-extcommunity
vpn-target 1:1 export-extcommunity
vpn-target 5010:1 import-extcommunity
#
bridge-domain 20
vxlan vni 5020
evpn
route-distinguisher 5020:1
vpn-target 5010:1 export-extcommunity
vpn-target 1:1 export-extcommunity
vpn-target 5010:1 import-extcommunity
#
interface Vbdif10
ip binding vpn-instance A
ip address 10.1.1.254 255.255.255.0
arp collect host enable
#
interface Vbdif20
ip binding vpn-instance A
ip address 10.2.2.254 255.255.255.0
mac-address 0001-0001-0001
vxlan anycast-gateway enable
arp collect host enable
#
interface GE1/0/0.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
#
interface GE1/0/0.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 10.1.12.1 255.255.255.252
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Nve1
source 1.1.1.1
vni 5010 head-end peer-list protocol bgp
vni 5020 head-end peer-list protocol bgp
#
bgp 12
router-id 1.1.1.1
undo default ipv4-unicast
peer 2.2.2.2 as-number 12
peer 2.2.2.2 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 2.2.2.2 enable
#
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.12.0 0.0.0.3
#
CE2:
evpn-overlay enable
#
ip vpn-instance A
ipv4-family
route-distinguisher 2:2
vpn-target 1:1 export-extcommunity evpn
vpn-target 1:1 import-extcommunity evpn
vxlan vni 1000
#
bridge-domain 20
vxlan vni 5020
evpn
route-distinguisher 5020:2
vpn-target 1:1 export-extcommunity
vpn-target 5010:1 export-extcommunity
vpn-target 5010:1 import-extcommunity
#
bridge-domain 30
vxlan vni 5030
evpn
route-distinguisher 5030:2
vpn-target 1:1 export-extcommunity
vpn-target 5010:1 export-extcommunity
vpn-target 5010:1 import-extcommunity
#
interface Vbdif20
ip binding vpn-instance A
ip address 10.2.2.254 255.255.255.0
mac-address 0001-0001-0001
vxlan anycast-gateway enable
arp collect host enable
#
interface Vbdif30
ip binding vpn-instance A
ip address 10.3.3.254 255.255.255.0
arp collect host enable
#
interface GE1/0/0.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
#
interface GE1/0/0.30 mode l2
encapsulation dot1q vid 30
bridge-domain 30
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 10.1.12.2 255.255.255.252
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Nve1
source 2.2.2.2
vni 5020 head-end peer-list protocol bgp
vni 5030 head-end peer-list protocol bgp
#
bgp 12
router-id 2.2.2.2
undo default ipv4-unicast
peer 1.1.1.1 as-number 12
peer 1.1.1.1 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 1.1.1.1 enable
#
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 advertise irb
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.12.0 0.0.0.255
#
四、验证:
1、查看 bgp evpn 邻居关系是否建立:
