美文网首页思科ACIHCIP
基于EVPN的VxLAN实验

基于EVPN的VxLAN实验

作者: 王力_9541 | 来源:发表于2017-12-28 09:57 被阅读51次

    VxLAN是一种overlay技术,将二层以太网帧封装在UDP报文里面,穿过骨干三层underlay IP网络,VxLAN的24 bytes的VNID,使得现有的二层网络得到了很好的扩展,尤其是在云计算大数据时代,是主流的大二层组网方案。VxLAN有两种实现方式:

    • 基于组播的VxLAN,它是一种数据驱动式的泛洪与学习(driven flood-&-learn),没有控制面,通过组播来传送VxLAN BUM流量(Broadcast, Unknown Unicast and Multicast)
    • 以EVPN作为控制面的VxLAN,EVPN通过MP-BGP来自动发现和认证VTEP邻居,通过MP-BGP来通告主机MAC/IP地址
    image.png

    实验拓扑:构造如下拓扑,来进行以EVPN作为控制面的VxLAN的实验。

    EVPN VXLAN.png

    实验目的:验证同一VxLAN以及不同VxLAN中的主机可以互通。
    实验环境:本实验使用EVE-NG来模拟,VTEP-1/2,和RR均使用NXOS,镜像版本如下

    Used images for lab:
    nxosv9k-7.0.3.I7.1, x4CPU, 8Gb RAM each
    IOL L3 15.4.2T Routers
    vIOS L2 15.2 Switches
    VPCS VMs
    

    实验步骤:

    第一步:完成基本配置,实现同一VxLAN下主机的互通

    配置VTEP-1

    VTEP-1# show running-config
    
    nv overlay evpn
    feature ospf
    feature bgp
    feature pim
    feature interface-vlan
    feature vn-segment-vlan-based
    feature nv overlay
    
    ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
    ip pim ssm range 232.0.0.0/8
    vlan 1,200,210
    vlan 200
      vn-segment 20000
    vlan 210
      vn-segment 20010
    
    interface nve1
      no shutdown
      host-reachability protocol bgp
      source-interface loopback0
      member vni 20000
        mcast-group 230.1.1.1
      member vni 20010
        mcast-group 230.1.1.2
    
    interface Ethernet1/1
      switchport mode trunk
      switchport trunk allowed vlan 200,210
    
    interface Ethernet1/2
      no switchport
      ip address 20.1.1.2/24
      ip router ospf 1 area 0.0.0.0
      ip pim sparse-mode
      no shutdown
    
      interface loopback0
      ip address 100.100.100.1/32
      ip router ospf 1 area 0.0.0.0
      ip pim sparse-mode
    
    router ospf 1
      router-id 100.100.100.1
      
    router bgp 100
      router-id 100.100.100.1
      log-neighbor-changes
      address-family ipv4 unicast
      address-family l2vpn evpn
      neighbor 100.100.100.3
        remote-as 100
        update-source loopback0
        address-family ipv4 unicast
        address-family l2vpn evpn
          send-community extended
    evpn
      vni 20000 l2
        rd auto
        route-target import auto
        route-target export auto
      vni 20010 l2
        rd auto
        route-target import auto
        route-target export auto
    
    
    VTEP-1#
    

    配置VTEP-2

    VTEP-2# show running-config
    
    nv overlay evpn
    feature ospf
    feature bgp
    feature pim
    feature interface-vlan
    feature vn-segment-vlan-based
    feature nv overlay
    
    ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
    ip pim ssm range 232.0.0.0/8
    vlan 1,200,210
    vlan 200
      vn-segment 20000
    vlan 210
      vn-segment 20010
    
    interface nve1
      no shutdown
      host-reachability protocol bgp
      source-interface loopback0
      member vni 20000
        mcast-group 230.1.1.1
      member vni 20010
        mcast-group 230.1.1.2
    
    interface Ethernet1/1
      switchport mode trunk
      switchport trunk allowed vlan 200,210
    
    interface Ethernet1/2
      no switchport
      ip address 30.1.1.2/24
      ip router ospf 1 area 0.0.0.0
      ip pim sparse-mode
      no shutdown
    
    interface loopback0
      ip address 100.100.100.2/32
      ip router ospf 1 area 0.0.0.0
      ip pim sparse-mode
    
    router ospf 1
      router-id 100.100.100.2
    router bgp 100
      router-id 100.100.100.2
      log-neighbor-changes
      address-family ipv4 unicast
      address-family l2vpn evpn
      neighbor 100.100.100.3
        remote-as 100
        update-source loopback0
        address-family ipv4 unicast
        address-family l2vpn evpn
          send-community extended
    evpn
      vni 20000 l2
        rd auto
        route-target import auto
        route-target export auto
      vni 20010 l2
        rd auto
        route-target import auto
        route-target export auto
    
    
    VTEP-2#
    

    配置RR

    RR# show running-config
    
    nv overlay evpn
    feature ospf
    feature bgp
    feature pim
    feature interface-vlan
    feature vn-segment-vlan-based
    feature nv overlay
    
    ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
    ip pim ssm range 232.0.0.0/8
    
    interface Ethernet1/1
      no switchport
      ip address 20.1.1.1/24
      ip router ospf 1 area 0.0.0.0
      ip pim sparse-mode
      no shutdown
    
    interface Ethernet1/2
      no switchport
      ip address 30.1.1.1/24
      ip router ospf 1 area 0.0.0.0
      ip pim sparse-mode
      no shutdown
    
    interface loopback0
      ip address 100.100.100.3/32
      ip router ospf 1 area 0.0.0.0
      ip pim sparse-mode
    
    router ospf 1
      router-id 100.100.100.3
    router bgp 100
      router-id 100.100.100.3
      log-neighbor-changes
      address-family ipv4 unicast
      address-family l2vpn evpn
      neighbor 100.100.100.1
        remote-as 100
        update-source loopback0
        address-family ipv4 unicast
        address-family l2vpn evpn
          send-community extended
          route-reflector-client
      neighbor 100.100.100.2
        remote-as 100
        update-source loopback0
        address-family ipv4 unicast
        address-family l2vpn evpn
          send-community extended
          route-reflector-client
    
    
    RR#
    

    配置Switch1

    Switch1#show running-config
    
    interface GigabitEthernet0/0
     switchport trunk encapsulation dot1q
     switchport mode trunk
     media-type rj45
     negotiation auto
    !
    interface GigabitEthernet0/1
     switchport access vlan 200
     media-type rj45
     negotiation auto
    !
    interface GigabitEthernet0/2
     switchport access vlan 210
     media-type rj45
     negotiation auto
    !
    
    Switch1#
    

    配置Switch2

    Switch2#show running-config
    
    interface GigabitEthernet0/0
     switchport trunk encapsulation dot1q
     switchport mode trunk
     media-type rj45
     negotiation auto
    !
    interface GigabitEthernet0/1
     switchport access vlan 200
     media-type rj45
     negotiation auto
    !
    interface GigabitEthernet0/2
     switchport access vlan 210
     media-type rj45
     negotiation auto
    !
    
    Switch2#
    

    VM1 Ping测试VM3

    VM1> ping 192.168.1.11
    
    84 bytes from 192.168.1.11 icmp_seq=1 ttl=64 time=35.080 ms
    84 bytes from 192.168.1.11 icmp_seq=2 ttl=64 time=19.675 ms
    84 bytes from 192.168.1.11 icmp_seq=3 ttl=64 time=17.657 ms
    84 bytes from 192.168.1.11 icmp_seq=4 ttl=64 time=24.238 ms
    84 bytes from 192.168.1.11 icmp_seq=5 ttl=64 time=16.781 ms
    
    VM1>
    

    VM2 Ping测试VM4

    VM2> ping 172.16.1.11
    
    84 bytes from 172.16.1.11 icmp_seq=1 ttl=64 time=47.187 ms
    84 bytes from 172.16.1.11 icmp_seq=2 ttl=64 time=20.255 ms
    84 bytes from 172.16.1.11 icmp_seq=3 ttl=64 time=20.980 ms
    84 bytes from 172.16.1.11 icmp_seq=4 ttl=64 time=18.804 ms
    84 bytes from 172.16.1.11 icmp_seq=5 ttl=64 time=26.887 ms
    
    VM2>
    

    查看VTEP-1的EVPN邻居关系

    VTEP-1# show bgp l2vpn evpn summary
    BGP summary information for VRF default, address family L2VPN EVPN
    BGP router identifier 100.100.100.1, local AS number 100
    BGP table version is 34, L2VPN EVPN config peers 1, capable peers 1
    6 network entries and 6 paths using 1128 bytes of memory
    BGP attribute entries [4/640], BGP AS path entries [0/0]
    BGP community entries [0/0], BGP clusterlist entries [1/4]
    
    Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
    100.100.100.3   4   100      62      53       34    0    0 00:39:55 2
    VTEP-1#
    

    查看VTEP-2的EVPN邻居关系

    VTEP-2# show bgp l2vpn evpn summary
    BGP summary information for VRF default, address family L2VPN EVPN
    BGP router identifier 100.100.100.2, local AS number 100
    BGP table version is 34, L2VPN EVPN config peers 1, capable peers 1
    6 network entries and 6 paths using 1128 bytes of memory
    BGP attribute entries [4/640], BGP AS path entries [0/0]
    BGP community entries [0/0], BGP clusterlist entries [1/4]
    
    Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
    100.100.100.3   4   100      61      55       34    0    0 00:40:35 2
    VTEP-2#
    

    查看RR的EVPN邻居关系

    RR# show bgp l2vpn evpn summary
    BGP summary information for VRF default, address family L2VPN EVPN
    BGP router identifier 100.100.100.3, local AS number 100
    BGP table version is 28, L2VPN EVPN config peers 2, capable peers 2
    4 network entries and 4 paths using 928 bytes of memory
    BGP attribute entries [2/320], BGP AS path entries [0/0]
    BGP community entries [0/0], BGP clusterlist entries [0/0]
    
    Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
    100.100.100.1   4   100      60      54       28    0    0 00:40:48 2
    100.100.100.2   4   100      62      51       28    0    0 00:40:57 2
    RR#
    

    查看VTEP-1的EVPN路由更新条目

    VTEP-1# show bgp l2vpn evpn
    BGP routing table information for VRF default, address family L2VPN EVPN
    BGP table version is 34, Local Router ID is 100.100.100.1
    Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
    Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
    njected
    Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
    
       Network            Next Hop            Metric     LocPrf     Weight Path
    Route Distinguisher: 100.100.100.1:32967    (L2VNI 20000)
    *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
                          100.100.100.1                     100      32768 i
    *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
                          100.100.100.2                     100          0 i
    
    Route Distinguisher: 100.100.100.1:32977    (L2VNI 20010)
    *>l[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
                          100.100.100.1                     100      32768 i
    *>i[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
                          100.100.100.2                     100          0 i
    
    Route Distinguisher: 100.100.100.2:32967
    *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
                          100.100.100.2                     100          0 i
    
    Route Distinguisher: 100.100.100.2:32977
    *>i[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
                          100.100.100.2                     100          0 i
    
    VTEP-1#
    

    查看VTEP-2的EVPN路由更新条目

    VTEP-2# show bgp l2vpn evpn
    BGP routing table information for VRF default, address family L2VPN EVPN
    BGP table version is 34, Local Router ID is 100.100.100.2
    Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
    Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
    njected
    Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup
    
       Network            Next Hop            Metric     LocPrf     Weight Path
    Route Distinguisher: 100.100.100.1:32967
    *>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
                          100.100.100.1                     100          0 i
    
    Route Distinguisher: 100.100.100.1:32977
    *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
                          100.100.100.1                     100          0 i
    
    Route Distinguisher: 100.100.100.2:32967    (L2VNI 20000)
    *>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
                          100.100.100.1                     100          0 i
    *>l[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
                          100.100.100.2                     100      32768 i
    
    Route Distinguisher: 100.100.100.2:32977    (L2VNI 20010)
    *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
                          100.100.100.1                     100          0 i
    *>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
                          100.100.100.2                     100      32768 i
    
    VTEP-2#
    

    查看VTEP-1的EVPN MAC学习

    VTEP-1# show l2route evpn mac all
    
    Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link
    (Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending
    (S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override
    (Pf):Permanently-Frozen
    
    Topology    Mac Address    Prod   Flags         Seq No     Next-Hops
    ----------- -------------- ------ ------------- ---------- ----------------
    200         0050.7966.6806 Local  L,            0          Eth1/1
    200         0050.7966.6808 BGP    Rcv           0          100.100.100.2
    210         0050.7966.6807 Local  L,            0          Eth1/1
    210         0050.7966.6809 BGP    Rcv           0          100.100.100.2
    VTEP-1#
    

    查看VTEP-2的EVPN MAC学习

    VTEP-2# show l2route evpn mac all
    
    Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link
    (Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending
    (S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override
    (Pf):Permanently-Frozen
    
    Topology    Mac Address    Prod   Flags         Seq No     Next-Hops
    ----------- -------------- ------ ------------- ---------- ----------------
    200         0050.7966.6806 BGP    Rcv           0          100.100.100.1
    200         0050.7966.6808 Local  L,            0          Eth1/1
    210         0050.7966.6807 BGP    Rcv           0          100.100.100.1
    210         0050.7966.6809 Local  L,            0          Eth1/1
    VTEP-2#
    

    重建BGP邻居

    RR# clear ip bgp *
    

    在VTEP-1上查看BGP updates信息

    VTEP-1# debug bgp updates
    2017 Dec 28 01:50:12.361546 bgp:  [26340] (default) UPD: [IPv4 Unicast] Starting update run for peer 100.100.100.3 (#0)
    2017 Dec 28 01:50:12.361619 bgp:  [26340] (default) UPD: [IPv4 Unicast] Found marker dest 0xd7a9ef64 on xmitlist for peer 100.100.100.3 (sent prefixes: 0)
    2017 Dec 28 01:50:12.361694 bgp:  [26340] (default) UPD: [IPv4 Unicast] Created EOR marker UPDATE msg (len 29) to peer 100.100.100.3 after sending 0 routes
    2017 Dec 28 01:50:12.362218 bgp:  [26340] (default) UPD: [IPv4 Unicast] (#4) Suspending update run for peer 100.100.100.3 (#0)
    2017 Dec 28 01:50:12.362234 bgp:  [26340] (default) UPD: [L2VPN EVPN] Continuing update run for peer 100.100.100.3 (#0)
    2017 Dec 28 01:50:12.362241 bgp:  [26340] (default) UPD: [L2VPN EVPN] Found marker dest 0xd7bb53be on xmitlist for peer 100.100.100.3 (sent prefixes: 0)
    2017 Dec 28 01:50:12.362255 bgp:  [26340] (default) UPD: [L2VPN EVPN] Created EOR marker UPDATE msg (len 29) to peer 100.100.100.3 after sending 0 routes
    2017 Dec 28 01:50:12.362262 bgp:  [26340] (default) UPD: [L2VPN EVPN] (#41) Suspending update run for peer 100.100.100.3 (#41)
    2017 Dec 28 01:50:34.760968 bgp:  [26340] (default) UPD: [L2VPN EVPN] Continuing update run for peer 100.100.100.3 (#41)
    2017 Dec 28 01:50:34.761099 bgp:  [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off
    2017 Dec 28 01:50:34.761338 bgp:  [26340] (default) UPD: 100.100.100.3 Sending attr code 1, length 1, Origin: IGP
    2017 Dec 28 01:50:34.761747 bgp:  [26340] (default) UPD: 100.100.100.3 Sending attr code 5, length 4, Local-pref: 100
    2017 Dec 28 01:50:34.762554 bgp:  [26340] (default) UPD: 100.100.100.3 Sending attr code 16, length 16, Ext-community: RT:100:20000 ENCAP:8
    2017 Dec 28 01:50:34.762597 bgp:  [26340] (default) UPD: 100.100.100.3 Sending attr code 14 (Mp-reach), length 44, nexthop/length: 100.100.100.1/4
    2017 Dec 28 01:50:34.762665 bgp:  [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 Created UPD msg (len 104) with prefix 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 (Not Installed in HW) path-id 1 for peer
    2017 Dec 28 01:50:34.762709 bgp:  [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3: walked 0 nodes and packed 0/0 prefixes (104 bytes)
    2017 Dec 28 01:50:34.763825 bgp:  [26340] (default) UPD: [L2VPN EVPN] (#42) Finished update run for peer 100.100.100.3 (#42)
    2017 Dec 28 01:50:35.782806 bgp:  [26340] (default) UPD: Received UPDATE message from 100.100.100.3
    2017 Dec 28 01:50:35.782875 bgp:  [26340] (default) UPD: 100.100.100.3 parsed UPDATE message from peer, len 118 , withdraw len 0, attr len 95, nlri len 0
    2017 Dec 28 01:50:35.782891 bgp:  [26340] (default) UPD: Attr code 1, length 1, Origin: IGP
    2017 Dec 28 01:50:35.782921 bgp:  [26340] (default) UPD: Attr code 5, length 4, Local-pref: 100
    2017 Dec 28 01:50:35.782942 bgp:  [26340] (default) UPD: Attr code 16, length 16, Ext-community: RT:100:20000 ENCAP:8
    2017 Dec 28 01:50:35.782951 bgp:  [26340] (default) UPD: Attr code 9, length 4, Originator: 100.100.100.2
    2017 Dec 28 01:50:35.782958 bgp:  [26340] (default) UPD: Attr code 10, length 4, Cluster-list
    2017 Dec 28 01:50:35.785367 bgp:  [26340] (default) UPD: Peer 100.100.100.3 nexthop length in MP reach: 4
    2017 Dec 28 01:50:35.785486 bgp:  [26340] (default) UPD: Recvd NEXTHOP 100.100.100.2
    2017 Dec 28 01:50:35.785498 bgp:  [26340] (default) UPD: Attr code 14, length 44, Mp-reach
    2017 Dec 28 01:50:35.785601 bgp:  [26340] (default) UPD: Received ESI 0000.0000.0000.0000.0000 for route type 2 from peer 100.100.100.3
    2017 Dec 28 01:50:35.785641 bgp:  [26340] (default) UPD: [L2VPN EVPN] Received rd 100.100.100.2:32967 prefix [2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 from peer 100.100.100.3, origin 0, next hop 100.100.100.2, localpref 100, med 0
    2017 Dec 28 01:50:35.787998 bgp:  [26340] (default) UPD: [L2VPN EVPN] Starting update run for peer 100.100.100.3 (#42)
    2017 Dec 28 01:50:35.788048 bgp:  [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.2:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off
    2017 Dec 28 01:50:35.788073 bgp:  [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 100.100.100.2:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 path-id 1 not sent to peer due to: advertising peer
    2017 Dec 28 01:50:35.788348 bgp:  [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off
    2017 Dec 28 01:50:35.788372 bgp:  [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 path-id 1 not sent to peer due to: advertising peer
    2017 Dec 28 01:50:35.788451 bgp:  [26340] (default) UPD: [L2VPN EVPN] (#44) Finished update run for peer 100.100.100.3 (#44)
    
    VTEP-1#
    

    第二步:实现不同VxLAN下主机的互通

    • 配置anycast-gateway-mac地址
    • 针对不同租户配置VRF
    • 为VRF创建L3 VNI
    • 配置anycast-gateway
    • 在每个租户VRF的address-family ipv4 unicast地址族下启用EVPN路由通告
    image.png

    VTEP-1配置

    fabric forwarding anycast-gateway-mac 0002.0002.0002
    
    vlan 200,210,3900
    vlan 3900
      name l3-vni-vlan-for-tenant-1
      vn-segment 39000
    
    vrf context evpn-tenant-1
      vni 39000
      rd auto
      address-family ipv4 unicast
        route-target import 39000:39000
        route-target export 39000:39000
        route-target both auto evpn
    
    interface Vlan200
      no shutdown
      vrf member evpn-tenant-1
      ip address 192.168.1.254/24
      fabric forwarding mode anycast-gateway
    
    interface Vlan210
      no shutdown
      vrf member evpn-tenant-1
      ip address 172.16.1.254/24
      fabric forwarding mode anycast-gateway
    
    interface Vlan3900
      description l3-vni-for-tenant-1-routing
      no shutdown
      vrf member evpn-tenant-1
      ip address 12.1.1.1/30
      fabric forwarding mode anycast-gateway
    
    router bgp 100
      router-id 100.100.100.1
      log-neighbor-changes
      address-family ipv4 unicast
      address-family l2vpn evpn
      neighbor 100.100.100.3
        remote-as 100
        update-source loopback0
        address-family ipv4 unicast
        address-family l2vpn evpn
          send-community extended
      vrf evpn-tenant-1
        address-family ipv4 unicast
          advertise l2vpn evpn
      vrf evpn-tenant-2
        address-family ipv4 unicast
          advertise l2vpn evpn
    

    VTEP-2配置

    fabric forwarding anycast-gateway-mac 0002.0002.0002
    
    vlan 200,210,3900
    vlan 3900
      name l3-vni-vlan-for-tenant-1
      vn-segment 39000
    
    vrf context evpn-tenant-1
      vni 39000
      rd auto
      address-family ipv4 unicast
        route-target import 39000:39000
        route-target export 39000:39000
        route-target both auto evpn
    
    interface Vlan200
      no shutdown
      vrf member evpn-tenant-1
      ip address 192.168.1.254/24
      fabric forwarding mode anycast-gateway
    
    interface Vlan210
      no shutdown
      vrf member evpn-tenant-1
      ip address 172.16.1.254/24
      fabric forwarding mode anycast-gateway
    
    interface Vlan3900
      description l3-vni-for-tenant-1-routing
      no shutdown
      vrf member evpn-tenant-1
      ip address 12.1.1.1/30
      fabric forwarding mode anycast-gateway
    
    router bgp 100
      router-id 100.100.100.2
      log-neighbor-changes
      address-family ipv4 unicast
      address-family l2vpn evpn
      neighbor 100.100.100.3
        remote-as 100
        update-source loopback0
        address-family ipv4 unicast
        address-family l2vpn evpn
          send-community extended
      vrf evpn-tenant-1
        address-family ipv4 unicast
          advertise l2vpn evpn
      vrf evpn-tenant-2
        address-family ipv4 unicast
          advertise l2vpn evpn
    
    VM1> ping 192.168.1.11
    
    84 bytes from 192.168.1.11 icmp_seq=1 ttl=64 time=21.972 ms
    84 bytes from 192.168.1.11 icmp_seq=2 ttl=64 time=17.022 ms
    84 bytes from 192.168.1.11 icmp_seq=3 ttl=64 time=21.564 ms
    84 bytes from 192.168.1.11 icmp_seq=4 ttl=64 time=21.546 ms
    84 bytes from 192.168.1.11 icmp_seq=5 ttl=64 time=17.653 ms
    
    VM1> ping 172.16.1.11
    
    84 bytes from 172.16.1.11 icmp_seq=1 ttl=62 time=25.515 ms
    84 bytes from 172.16.1.11 icmp_seq=2 ttl=62 time=33.164 ms
    84 bytes from 172.16.1.11 icmp_seq=3 ttl=62 time=31.302 ms
    84 bytes from 172.16.1.11 icmp_seq=4 ttl=62 time=21.556 ms
    84 bytes from 172.16.1.11 icmp_seq=5 ttl=62 time=29.198 ms
    
    VM1>
    

    相同VxLAN间通信封装的是L2的VNI是20000

    image.png

    不同VxLAN间通信封装的是L3 VNI是39000

    image.png

    第三步:实现外部路由的注入

    如下图所示,WAN-R1上面向VxLAN网络注入三条路由,8.8.8.8/32、100.0.0.0/24、100.0.1.0/24

    image.png

    VTEP-2配置

    interface Ethernet1/3
      no switchport
      vrf member evpn-tenant-1
      ip address 40.1.1.1/24
      no shutdown
    
    router bgp 100
      router-id 100.100.100.2
      log-neighbor-changes
      address-family ipv4 unicast
      address-family l2vpn evpn
      neighbor 100.100.100.3
        remote-as 100
        update-source loopback0
        address-family ipv4 unicast
        address-family l2vpn evpn
          send-community extended
      vrf evpn-tenant-1
        address-family ipv4 unicast
          network 192.168.1.0/24
          advertise l2vpn evpn
        neighbor 40.1.1.2
          remote-as 200
          address-family ipv4 unicast
            prefix-list outbound-no-hosts out
    evpn
      vni 20000 l2
        rd auto
        route-target import auto
        route-target export auto
      vni 20010 l2
        rd auto
        route-target import auto
        route-target export auto
    vrf context evpn-tenant-1
      rd auto
      address-family ipv4 unicast
        route-target import 39000:39000
        route-target export 39000:39000
        route-target both auto evpn
    
    VTEP-2# 
    

    WAN-R1配置

    !
    interface Loopback100
     ip address 8.8.8.8 255.255.255.255
    end
    !
    interface Ethernet0/0
     ip address 40.1.1.2 255.255.255.0
    end
    !
    router bgp 200
     bgp log-neighbor-changes
     neighbor 40.1.1.1 remote-as 100
     !
     address-family ipv4
      network 8.8.8.8 mask 255.255.255.255
      network 100.0.0.0 mask 255.255.255.0
      network 100.0.1.0 mask 255.255.255.0
      neighbor 40.1.1.1 activate
     exit-address-family
    !
    ip route 100.0.0.0 255.255.255.0 Null0
    ip route 100.0.1.0 255.255.255.0 Null0
    !
    

    VM1 Ping测WAN-R1发布的8.8.8.8

    VM1> ping 8.8.8.8
    
    84 bytes from 8.8.8.8 icmp_seq=1 ttl=253 time=23.228 ms
    84 bytes from 8.8.8.8 icmp_seq=2 ttl=253 time=22.362 ms
    84 bytes from 8.8.8.8 icmp_seq=3 ttl=253 time=28.130 ms
    84 bytes from 8.8.8.8 icmp_seq=4 ttl=253 time=20.304 ms
    84 bytes from 8.8.8.8 icmp_seq=5 ttl=253 time=24.945 ms
    
    VM1>
    

    VTEP-1上面收到WAN-R1发布的路由8.8.8.8/32、100.0.0.0/24、100.0.1.0/24

    VTEP-1# show ip route vrf evpn-tenant-1
    IP Route Table for VRF "evpn-tenant-1"
    '*' denotes best ucast next-hop
    '**' denotes best mcast next-hop
    '[x/y]' denotes [preference/metric]
    '%<string>' in via output denotes VRF <string>
    
    8.8.8.8/32, ubest/mbest: 1/0
        *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
    vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
    
    12.1.1.0/30, ubest/mbest: 1/0, attached
        *via 12.1.1.1, Vlan3900, [0/0], 01:39:24, direct
    12.1.1.1/32, ubest/mbest: 1/0, attached
        *via 12.1.1.1, Vlan3900, [0/0], 01:39:24, local
    100.0.0.0/24, ubest/mbest: 1/0
        *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
    vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
    
    100.0.1.0/24, ubest/mbest: 1/0
        *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
    vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
    
    172.16.1.0/24, ubest/mbest: 1/0, attached
        *via 172.16.1.254, Vlan210, [0/0], 01:39:24, direct
    172.16.1.10/32, ubest/mbest: 1/0, attached
        *via 172.16.1.10, Vlan210, [190/0], 00:55:10, hmm
    172.16.1.11/32, ubest/mbest: 1/0
        *via 100.100.100.2%default, [200/0], 00:54:13, bgp-100, internal, tag 100 (e
    vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
    
    172.16.1.254/32, ubest/mbest: 1/0, attached
        *via 172.16.1.254, Vlan210, [0/0], 01:39:24, local
    192.168.1.0/24, ubest/mbest: 1/0, attached
        *via 192.168.1.254, Vlan200, [0/0], 01:39:24, direct
    192.168.1.10/32, ubest/mbest: 1/0, attached
        *via 192.168.1.10, Vlan200, [190/0], 00:55:02, hmm
    192.168.1.11/32, ubest/mbest: 1/0
        *via 100.100.100.2%default, [200/0], 00:01:59, bgp-100, internal, tag 100 (e
    vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN
    
    192.168.1.254/32, ubest/mbest: 1/0, attached
        *via 192.168.1.254, Vlan200, [0/0], 01:39:24, local
    
    VTEP-1#
    

    实验总结:至此实验目的已经全部达成。使用EVPN的VxLAN方案,先天的转控分离更适合在SDN方案中部署,后续继续进行VxLAN在SDN中的实验。

    相关文章

      网友评论

      • 对的人_53db:感谢作者的详细实验过程,学到了很多东西。不过在“第二步:实现不同VxLAN下主机的互通” 中要在两个VTEP上的nve1上加上“member vni 39000 associate-vrf” 才可以通。
      • 无聊_卡网速:第一步和你一模一样的配置,核对了好几次死活不通,show nve peers没有结果,sh bgp l2vpn evpn summary结果State/PfxRcd是0,没学到,VM的mac地址学上来了但就是不通
      • moguizhang_daye:请问看配置只有一个vrf 为什么在bgp中又会有两个vrf呢?

      本文标题:基于EVPN的VxLAN实验

      本文链接:https://www.haomeiwen.com/subject/eudmgxtx.html