需求分析
1、ospf实现underlay互通
2、路由控制使用evpn
3、配arp广播抑制功能,这个功能是把广播变成单播,而不是把广播干掉
4、访问外部非vxlan网络
5、两边三层vbdif中配置相同的单播mac地址实现分布式网关下就近转发不用绕行,提高网络可靠性
6、vbdif接口中绑定,把ip vpn实例中把bd和ip vpn关联起来,一个ip vpn实例可以 绑定多个bd
7、ensp有bug需要在pc上手动添加arp -s表项
8、boreder只做ip转发就行了
9、接收端看发来的export rt与自己的import rt 二层evpn值和三层ip vpn-instanace值都不相同时,才会丢掉该路由
border
router id 1.1.1.1
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.11.1 255.255.255.0
interface GE1/0/1
undo portswitch
undo shutdown
ip address 10.0.12.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.11.1 0.0.0.0
network 10.0.12.1 0.0.0.0
edge1
evpn-overlay enable
router id 2.2.2.2
ip vpn-instance edge1_1020
ipv4-family
route-distinguisher 100:12
vpn-target 1020:12 export-extcommunity evpn
vpn-target 1020:12 import-extcommunity evpn
vxlan vni 1020
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 100:10
vpn-target 1020:10 export-extcommunity
vpn-target 1020:12 export-extcommunity
vpn-target 1020:10 import-extcommunity
arp broadcast-suppress enable //arp广播抑制
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 100:20
vpn-target 1020:20 export-extcommunity
vpn-target 1020:12 export-extcommunity
vpn-target 1020:20 import-extcommunity
arp broadcast-suppress enable
interface Vbdif10
ip binding vpn-instance edge1_1020
ip address 192.168.10.254 255.255.255.0 //配置网关
mac-address 707b-e8be-0010 //和edge2配置相同
arp collect host enable //开启evpn二类路由学习arp功能
interface Vbdif20
ip binding vpn-instance edge1_1020
ip address 192.168.20.254 255.255.255.0
mac-address 707b-e8be-0020
arp collect host enable
interface MEth0/0/0
undo shutdown
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.11.2 255.255.255.0
interface GE1/0/1
undo shutdown
interface GE1/0/1.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
interface GE1/0/2
undo portswitch
undo shutdown
ip binding vpn-instance edge1_1020
ip address 10.0.13.1 255.255.255.0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
interface Nve1
source 2.2.2.2
vni 10 head-end peer-list protocol bgp
vni 20 head-end peer-list protocol bgp
interface NULL0
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
peer 3.3.3.3 enable
ipv4-family vpn-instance edge1_1020
network 10.0.13.0 255.255.255.0 //发布外部路由
advertise l2vpn evpn
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irb
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.11.2 0.0.0.0
edge2
evpn-overlay enable
router id 3.3.3.3
ip vpn-instance edge2_1020
ipv4-family
route-distinguisher 200:12
vpn-target 1020:12 export-extcommunity evpn
vpn-target 1020:12 import-extcommunity evpn
vxlan vni 1020
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 200:10
vpn-target 1020:10 export-extcommunity
vpn-target 1020:12 export-extcommunity
vpn-target 1020:10 import-extcommunity
arp broadcast-suppress enable
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 200:20
vpn-target 1020:20 export-extcommunity
vpn-target 1020:12 export-extcommunity
vpn-target 1020:20 import-extcommunity
arp broadcast-suppress enable
interface Vbdif10
ip binding vpn-instance edge2_1020
ip address 192.168.10.254 255.255.255.0
mac-address 707b-e8be-0010
arp collect host enable
interface Vbdif20
ip binding vpn-instance edge2_1020
ip address 192.168.20.254 255.255.255.0
mac-address 707b-e8be-0020
arp collect host enable
interface MEth0/0/0
undo shutdown
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.12.2 255.255.255.0
interface GE1/0/1
undo shutdown
interface GE1/0/1.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
interface Nve1
source 3.3.3.3
vni 10 head-end peer-list protocol bgp
vni 20 head-end peer-list protocol bgp
interface NULL0
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
ipv4-family unicast
peer 2.2.2.2 enable
ipv4-family vpn-instance edge2_1020
advertise l2vpn evpn
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.12.2 0.0.0.0
switch1
vlan batch 10 20
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
interface Vlanif1
interface MEth0/0/1
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
switch2
vlan batch 10 20
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20
ar3
interface GigabitEthernet0/0/0
ip address 10.0.13.3 255.255.255.0
ip route-static 0.0.0.0 0.0.0.0 10.0.13.1
evpn邻居查看
ping网关测试
路由查看
邻居查看
pc1通pc3
pc1通pc4跨广播域
刚才手动配的mac
实例路由查看
arp广播抑制后ping 192.168.20.2捉包查看
查看学到的外部路由
pc4可以 通外部网络ar3
