vxlan-bgp-evnp分布式网关配置案例

yenggd2025-10-09 6:05

需求分析

1、ospf实现underlay互通

2、路由控制使用evpn

3、配arp广播抑制功能,这个功能是把广播变成单播,而不是把广播干掉

4、访问外部非vxlan网络

5、两边三层vbdif中配置相同的单播mac地址实现分布式网关下就近转发不用绕行,提高网络可靠性

6、vbdif接口中绑定,把ip vpn实例中把bd和ip vpn关联起来,一个ip vpn实例可以 绑定多个bd

7、ensp有bug需要在pc上手动添加arp -s表项

8、boreder只做ip转发就行了

9、接收端看发来的export rt与自己的import rt 二层evpn值和三层ip vpn-instanace值都不相同时,才会丢掉该路由

border

router id 1.1.1.1

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.0.11.1 255.255.255.0

interface GE1/0/1

undo portswitch

undo shutdown

ip address 10.0.12.1 255.255.255.0

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

ospf 1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 10.0.11.1 0.0.0.0

network 10.0.12.1 0.0.0.0

edge1

evpn-overlay enable

router id 2.2.2.2

ip vpn-instance edge1_1020

ipv4-family

route-distinguisher 100:12

vpn-target 1020:12 export-extcommunity evpn

vpn-target 1020:12 import-extcommunity evpn

vxlan vni 1020

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 100:10

vpn-target 1020:10 export-extcommunity

vpn-target 1020:12 export-extcommunity

vpn-target 1020:10 import-extcommunity

arp broadcast-suppress enable //arp广播抑制

bridge-domain 20

vxlan vni 20

evpn

route-distinguisher 100:20

vpn-target 1020:20 export-extcommunity

vpn-target 1020:12 export-extcommunity

vpn-target 1020:20 import-extcommunity

arp broadcast-suppress enable

interface Vbdif10

ip binding vpn-instance edge1_1020

ip address 192.168.10.254 255.255.255.0 //配置网关

mac-address 707b-e8be-0010 //和edge2配置相同

arp collect host enable //开启evpn二类路由学习arp功能

interface Vbdif20

ip binding vpn-instance edge1_1020

ip address 192.168.20.254 255.255.255.0

mac-address 707b-e8be-0020

arp collect host enable

interface MEth0/0/0

undo shutdown

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.0.11.2 255.255.255.0

interface GE1/0/1

undo shutdown

interface GE1/0/1.10 mode l2

encapsulation dot1q vid 10

bridge-domain 10

interface GE1/0/1.20 mode l2

encapsulation dot1q vid 20

bridge-domain 20

interface GE1/0/2

undo portswitch

undo shutdown

ip binding vpn-instance edge1_1020

ip address 10.0.13.1 255.255.255.0

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

interface Nve1

source 2.2.2.2

vni 10 head-end peer-list protocol bgp

vni 20 head-end peer-list protocol bgp

interface NULL0

bgp 100

peer 3.3.3.3 as-number 100

peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast

peer 3.3.3.3 enable

ipv4-family vpn-instance edge1_1020

network 10.0.13.0 255.255.255.0 //发布外部路由

advertise l2vpn evpn

l2vpn-family evpn

policy vpn-target

peer 3.3.3.3 enable

peer 3.3.3.3 advertise irb

ospf 1

area 0.0.0.0

network 2.2.2.2 0.0.0.0

network 10.0.11.2 0.0.0.0

edge2

evpn-overlay enable

router id 3.3.3.3

ip vpn-instance edge2_1020

ipv4-family

route-distinguisher 200:12

vpn-target 1020:12 export-extcommunity evpn

vpn-target 1020:12 import-extcommunity evpn

vxlan vni 1020

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 200:10

vpn-target 1020:10 export-extcommunity

vpn-target 1020:12 export-extcommunity

vpn-target 1020:10 import-extcommunity

arp broadcast-suppress enable

bridge-domain 20

vxlan vni 20

evpn

route-distinguisher 200:20

vpn-target 1020:20 export-extcommunity

vpn-target 1020:12 export-extcommunity

vpn-target 1020:20 import-extcommunity

arp broadcast-suppress enable

interface Vbdif10

ip binding vpn-instance edge2_1020

ip address 192.168.10.254 255.255.255.0

mac-address 707b-e8be-0010

arp collect host enable

interface Vbdif20

ip binding vpn-instance edge2_1020

ip address 192.168.20.254 255.255.255.0

mac-address 707b-e8be-0020

arp collect host enable

interface MEth0/0/0

undo shutdown

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.0.12.2 255.255.255.0

interface GE1/0/1

undo shutdown

interface GE1/0/1.10 mode l2

encapsulation dot1q vid 10

bridge-domain 10

interface GE1/0/1.20 mode l2

encapsulation dot1q vid 20

bridge-domain 20

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

interface Nve1

source 3.3.3.3

vni 10 head-end peer-list protocol bgp

vni 20 head-end peer-list protocol bgp

interface NULL0

bgp 100

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast

peer 2.2.2.2 enable

ipv4-family vpn-instance edge2_1020

advertise l2vpn evpn

l2vpn-family evpn

policy vpn-target

peer 2.2.2.2 enable

peer 2.2.2.2 advertise irb

ospf 1

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 10.0.12.2 0.0.0.0

switch1

vlan batch 10 20

aaa

authentication-scheme default

authorization-scheme default

accounting-scheme default

domain default

domain default_admin

local-user admin password simple admin

local-user admin service-type http

interface Vlanif1

interface MEth0/0/1

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/2

port link-type access

port default vlan 10

interface GigabitEthernet0/0/3

port link-type access

port default vlan 20

switch2

vlan batch 10 20

interface GigabitEthernet0/0/1

port link-type trunk

port trunk allow-pass vlan 10 20

interface GigabitEthernet0/0/2

port link-type access

port default vlan 10

interface GigabitEthernet0/0/3

port link-type access

port default vlan 20

ar3

interface GigabitEthernet0/0/0

ip address 10.0.13.3 255.255.255.0

ip route-static 0.0.0.0 0.0.0.0 10.0.13.1

evpn邻居查看

ping网关测试

路由查看

邻居查看

pc1通pc3


pc1通pc4跨广播域

刚才手动配的mac


实例路由查看

arp广播抑制后ping 192.168.20.2捉包查看

查看学到的外部路由

pc4可以 通外部网络ar3

相关推荐
深圳市恒星物联科技有限公司1 小时前
水质流量监测仪:复合指标监测的管网智能感知设备
大数据·网络·人工智能
科技块儿2 小时前
2026年我会推荐哪些IP归属地查询网站?
网络·ip地址·ip归属地·运维工具·网络工具·实用网站·2026工具推荐
米羊1212 小时前
已有安全措施确认(中)
网络
听麟3 小时前
HarmonyOS 6.0+ 跨端智慧政务服务平台开发实战:多端协同办理与电子证照管理落地
笔记·华为·wpf·音视频·harmonyos·政务
前端世界3 小时前
从单设备到多设备协同:鸿蒙分布式计算框架原理与实战解析
华为·harmonyos
迎仔3 小时前
A-算力中心网络隔离总览:数字世界的“酒店房间“
网络
宝塔面板3 小时前
AllinSSL 一站式搞定 SSL 自动续期:永久免费,开源可自托管
网络·网络协议·ssl
csdn今天倒闭了吗3 小时前
飞牛lucky配置ipv6 ddns+ssl+反向代理
网络·网络协议·ssl
强风7943 小时前
Linux-网络层
网络
独行soc3 小时前
2026年渗透测试面试题总结-19(题目+回答)
android·网络·安全·web安全·渗透测试·安全狮
热门推荐
01GitHub 镜像站点02Claude Code + GLM4.7 避坑指南:解决 Unable to connect to Anthropic services03openclaw配置教程(linux+局域网ollama)04UV安装并设置国内源05AI 规范驱动开发“三剑客”深度对比:Spec-Kit、Kiro 与 OpenSpec 实战指南06Linux下V2Ray安装配置指南07Claude Code Skills 实用使用手册08OpenClaw Chrome扩展使用教程 - 浏览器中继控制09openclaw使用nginx反代部署过程 与disconnected (1008): pairing required解决10在Trae中使用Pencil MCP