实验topo
EVPN-TOPO.png
说明:
版本:
juniper@vMX-1# run show version
Hostname: vMX-1
Model: vmx
Junos: 14.1R1.10
......
vMX网卡对应关系
网卡1 RE
网卡2 RE
网卡3 ge-0/0/0
网卡4 ge-0/0/1
.
.
.
网卡10 ge-0/0/7
logical-system不支持EVPN(也就是只能在全局路由器下的routing-instance 才能用EVPN),所以这里跑了两台vMX,两台的ge-0/0/3桥接在一起(也就是两台vmx的第6块网卡桥接到一个VMnet上)。分别把两台的ge-0/0/1.100放入evpn instance 里面(全局路由器ge-0/0/1使用vlan-tagging),在这之前需要把各自vMX的ge-0/0/1和ge-0/0/2桥接在一起(把vMX1的ge-0/0/1和ge-0/0/2桥接在VMnetA,vMX2的ge-0/0/1和ge-0/0/2桥接在VMnetB)。两台vMX分别分出一个logical-system,放入接口ge-0/0/1.100来模拟用户。
vMX1的配置
logical-systems {
r1 {
interfaces {
ge-0/0/2 {
unit 100 {
vlan-id 100;
family inet {
address 192.168.14.1/24;
}
}
}
}
}
interfaces {
ge-0/0/1 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 100 {
encapsulation vlan-bridge;
vlan-id 100;
}
}
ge-0/0/2 {
vlan-tagging;
}
ge-0/0/3 {
unit 0 {
family inet {
address 192.168.23.2/24;
}
family mpls;
}
}
ge-0/0/7 {
unit 0 {
family inet {
address 172.16.33.100/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 2.2.2.2/32;
}
}
}
}
routing-options {
autonomous-system 65000;
}
protocols {
mpls {
interface ge-0/0/3.0;
}
bgp {
group internal {
type internal;
local-address 2.2.2.2;
family inet-vpn {
unicast;
}
family evpn {
signaling;
}
neighbor 3.3.3.3;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ge-0/0/3.0;
}
}
ldp {
interface ge-0/0/3.0;
}
}
routing-instances {
EVPN100 {
instance-type evpn;
vlan-id 100;
interface ge-0/0/1.100;
route-distinguisher 2.2.2.2:1;
vrf-target target:1:1;
protocols {
evpn;
}
}
}
vMX2的配置
logical-systems {
r4 {
interfaces {
ge-0/0/2 {
unit 100 {
vlan-id 100;
family inet {
address 192.168.14.4/24;
}
}
}
}
}
interfaces {
ge-0/0/1 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 100 {
encapsulation vlan-bridge;
vlan-id 100;
}
}
ge-0/0/2 {
vlan-tagging;
}
ge-0/0/3 {
unit 0 {
family inet {
address 192.168.23.3/24;
}
family mpls;
}
}
ge-0/0/7 {
unit 0 {
family inet {
address 172.16.33.200/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 3.3.3.3/32;
}
}
}
}
routing-options {
autonomous-system 65000;
}
protocols {
mpls {
interface ge-0/0/3.0;
}
bgp {
group internal {
type internal;
local-address 3.3.3.3;
family inet-vpn {
unicast;
}
family evpn {
signaling;
}
neighbor 2.2.2.2;
}
}
ospf {
area 0.0.0.0 {
interface lo0.0 {
passive;
}
interface ge-0/0/3.0;
}
}
ldp {
interface ge-0/0/3.0;
}
}
routing-instances {
EVPN100 {
instance-type evpn;
vlan-id 100;
interface ge-0/0/1.100;
route-distinguisher 2.2.2.2:1;
vrf-target target:1:1;
protocols {
evpn;
}
}
}
查看路由表vMX1
juniper@vMX-1> show route table EVPN100.evpn.0
EVPN100.evpn.0: 4 destinations, 4 routes (4 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2:2.2.2.2:1::100::00:05:86:71:05:02/304
*[EVPN/170] 00:06:45
Indirect
2:2.2.2.2:1::100::00:05:86:71:b2:02/304
*[BGP/170] 00:05:27, localpref 100, from 3.3.3.3
AS path: I, validation-state: unverified
> to 192.168.23.3 via ge-0/0/3.0
3:2.2.2.2:1::100::2.2.2.2/304
*[EVPN/170] 00:06:53
Indirect
3:2.2.2.2:1::100::3.3.3.3/304
*[BGP/170] 00:05:27, localpref 100, from 3.3.3.3
AS path: I, validation-state: unverified
> to 192.168.23.3 via ge-0/0/3.0
##########
juniper@vMX-1> show route table bgp.evpn.0
bgp.evpn.0: 2 destinations, 2 routes (2 active, 0 holddown, 0 hidden)
+ = Active Route, - = Last Active, * = Both
2:2.2.2.2:1::100::00:05:86:71:b2:02/304
*[BGP/170] 00:06:59, localpref 100, from 3.3.3.3
AS path: I, validation-state: unverified
> to 192.168.23.3 via ge-0/0/3.0
3:2.2.2.2:1::100::3.3.3.3/304
*[BGP/170] 00:06:59, localpref 100, from 3.3.3.3
AS path: I, validation-state: unverified
> to 192.168.23.3 via ge-0/0/3.0
在vrf EVPN100中junos会默认导入两条策略
juniper@vMX-1> show route instance EVPN100 extensive
EVPN100:
Router ID: 0.0.0.0
State: Active
Interfaces:
ge-0/0/1.100
Route-distinguisher: 2.2.2.2:1
Vrf-import: [ __vrf-import-EVPN100-internal__ ]
Vrf-export: [ __vrf-export-EVPN100-internal__ ]
Vrf-import-target: [ target:1:1 ]
Vrf-export-target: [ target:1:1 ]
Fast-reroute-priority: low
Tables:
EVPN100.evpn.0 : 0 routes (0 active, 0 holddown, 0 hidden)
EVPN100.evpn.0 : 4 routes (4 active, 0 holddown, 0 hidden)
###########
juniper@vMX-1> show policy ?
Possible completions:
<[Enter]> Execute this command
<policy> Name of policy
__vrf-export-EVPN100-internal__
__vrf-import-EVPN100-internal__
conditions Show conditions used by policy
damping Show state of route flap damping
fabric Internal fabric state
logical-system Name of logical system, or 'all'
| Pipe through a command
############
juniper@vMX-1> show policy __vrf-export-EVPN100-internal__
Policy __vrf-export-EVPN100-internal__:
Term unnamed:
then community + __vrf-community-EVPN100-common-internal__ [target:1:1 ] accept
############
juniper@vMX-1> show policy __vrf-import-EVPN100-internal__
Policy __vrf-import-EVPN100-internal__:
Term unnamed:
from community __vrf-community-EVPN100-common-internal__ [target:1:1 ]
then accept
Term unnamed:
then reject
连通性测试
juniper@vMX-1# run ping 192.168.14.4 logical-system r1 source 192.168.14.1 rapid
PING 192.168.14.4 (192.168.14.4): 56 data bytes
!!!!!
--- 192.168.14.4 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max/stddev = 3.391/5.797/8.227/1.836 ms
###########
juniper@vMX-1# run show arp logical-system r1 no-resolve
MAC Address Address Interface Flags
00:05:86:71:b2:02 192.168.14.4 ge-0/0/2.100 none
###########
juniper@vMX-1# run show evpn instance EVPN100 extensive
Instance: EVPN100
Route Distinguisher: 2.2.2.2:1
VLAN ID: 100
Per-instance MAC route label: 299776
Per-instance multicast route label: 299792
MAC database status Local Remote
Total MAC addresses: 1 1
Default gateway MAC addresses: 0 0
Number of local interfaces: 1 (1 up)
Interface name ESI Mode SH label
ge-0/0/1.100 00:00:00:00:00:00:00:00:00:00 single-homed
Number of IRB interfaces: 0 (0 up)
Number of neighbors: 1
3.3.3.3
Received routes
MAC address advertisement: 1
MAC+IP address advertisement: 0
Inclusive multicast: 1
Ethernet auto-discovery: 0
Number of ethernet segments: 0
vMX1的ge-0/0/3.0 接口抓包
Fution和VMware workstations上对应的VMnet接口其实就是一个HUB,想要对ge-0/0/3.0接口的包,只需要抓ge-0/0/3桥接的虚拟接口。
抓包截图如下:
EVPN-pac.png
vMX 各接口MAC地址:
juniper@vMX-1# run show interfaces ge-0/0/1 | match "Current address"
Current address: 00:05:86:71:05:01, Hardware address: 00:05:86:71:05:01
[edit]
juniper@vMX-1# run show interfaces ge-0/0/2 | match "Current address"
Current address: 00:05:86:71:05:02, Hardware address: 00:05:86:71:05:02
[edit]
juniper@vMX-1# run show interfaces ge-0/0/3 | match "Current address"
Current address: 00:05:86:71:05:03, Hardware address: 00:05:86:71:05:03
[edit]
vMX2各接口MAC地址:
juniper@vMX-2# run show interfaces ge-0/0/1 | match "Current address"
Current address: 00:05:86:71:b2:01, Hardware address: 00:05:86:71:b2:01
[edit]
juniper@vMX-2# run show interfaces ge-0/0/2 | match "Current address"
Current address: 00:05:86:71:b2:02, Hardware address: 00:05:86:71:b2:02
[edit]
juniper@vMX-2# run show interfaces ge-0/0/3 | match "Current address"
Current address: 00:05:86:71:b2:03, Hardware address: 00:05:86:71:b2:03
[edit]
网友评论