华为交换机vxlan分布式网关实验一

vxlan evpn分布式网关相同子网和跨子网互通实验

相同子网互通实验:

配置步骤:
  • 组网拓扑:


    分布式网关同子网互通.png
  • 配置underlay网络,保证undlay网络互通;
spine underlay配置
#
interface GE1/0/0
 undo portswitch
 undo shutdown
 ip address 192.168.12.1 255.255.255.0
#
interface GE1/0/1
 undo portswitch
 undo shutdown
 ip address 192.168.13.1 255.255.255.0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
#
ospf 1 router-id 1.1.1.1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 192.168.12.0 0.0.0.255
  network 192.168.13.0 0.0.0.255
#
leaf1 underlay网络配置
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255
#
interface GE1/0/0
 undo portswitch
 undo shutdown
 ip address 192.168.12.2 255.255.255.0
#
leaf2 underlay网络配置
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
#
interface GE1/0/1
 undo portswitch
 undo shutdown
 ip address 192.168.13.3 255.255.255.0
#
  • 配置bgp evpn对等体,用来通告evpn路由vtep的自动发现和vxlan隧道的建立;
配置前leaf必须全局开启evpn-overlay  enable ,才能在BGP中配置 l2vpn-family evpn
leaf1 overlay配置
#
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack0
 #
 ipv4-family unicast
  peer 3.3.3.3 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 3.3.3.3 enable
  peer 3.3.3.3 advertise irb
#
leaf2 overlay 配置
bgp 100
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack0
 #
 ipv4-family unicast
  peer 2.2.2.2 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 2.2.2.2 enable
  peer 2.2.2.2 advertise irb
#
  • 验证evpn对等体已经建立:
[~leaf1]display  bgp  evpn  peer  
 BGP local router ID        : 192.168.12.2
 Local AS number            : 100
 Total number of peers      : 1
 Peers in established state : 1

  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
  3.3.3.3         4         100       33       35     0 00:23:28 Established        1
  • 配置bd和evpn实例:
[leaf1]
#
bridge-domain 20
 vxlan vni 20
 evpn
  route-distinguisher 0:20
  vpn-target 20:20 export-extcommunity
  vpn-target 20:20 import-extcommunity
 arp broadcast-suppress enable
#
[leaf2]
#
bridge-domain 20
 vxlan vni 20
 evpn
  route-distinguisher 1:20
  vpn-target 20:20 export-extcommunity
  vpn-target 20:20 import-extcommunity
 arp broadcast-suppress enable
#
  • 配置vtep地址,用来建立vxlan隧道:
[leaf1] 
#
interface Nve1
 source 2.2.2.2
 vni 20 head-end peer-list protocol bgp
#
[leaf2]
#
interface Nve1
 source 3.3.3.3
 vni 20 head-end peer-list protocol bgp
#
  • 验证,同子网互通场景下,配置完nve接口后,本端VTEP EVPN实例会向对端EVPN实例通告type3类型的路由,type3主要用来vtep自动发现和vxlan隧道自动建立,因此此时vxlan隧道已经建立成功,如下:
查看vxlan隧道建立情况:
[~leaf1]display  vxlan  tunnel    
Number of vxlan tunnel : 1
Tunnel ID   Source                Destination           State  Type     Uptime
-----------------------------------------------------------------------------------
4026531841  2.2.2.2               3.3.3.3               up     dynamic  00:20:24  
查看type3类型路由:
[~leaf1]display  bgp  evpn  vpn-instance  20 routing-table inclusive-route  0:32:3.3.3.3


 BGP local router ID : 192.168.12.2
 Local AS number : 100

   EVPN-Instance 20:
  
 Number of Inclusive Multicast Routes: 1
 BGP routing table entry information of 0:32:3.3.3.3:
 Route Distinguisher: 1:20----------------------------------------------------evpn实例路由区分器
 Remote-Cross route
 Label information (Received/Applied): 20/NULL      -------------------type3携带bd下的二层vni
 From: 3.3.3.3 (3.3.3.3) ------------------------------------------------------接收路由的evpn对等体
 Route Duration: 0d00h25m38s-------------------------------------------路由学习到的时间
 Relay Tunnel Out-Interface: VXLAN
 Original nexthop: 3.3.3.3---------------------------------------------------路由下一跳属性
 Qos information : 0x0
 Ext-Community: RT <20 : 20>, Tunnel Type <VxLan>----------------vpn-taget
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
 PMSI: Flags 0, Ingress Replication, Label 0:0:0(20), Tunnel Identifier:3.3.3.3----vni和vtep地址
 Route Type: 3 (Inclusive Multicast Route)------路由类型为type3
 Ethernet Tag ID: 0, Originator IP:3.3.3.3/32----------起源者属性,路由的起源router-id
 Not advertised to any peer yet
  • 配置业务接口,验证同子网互通
leaf1
interface GE1/0/2
 undo shutdown
#
interface GE1/0/2.1 mode l2
 encapsulation untag
 bridge-domain 20
#
return
leaf2
interface GE1/0/2
 undo shutdown
#
interface GE1/0/2.1 mode l2
 encapsulation untag
  bridge-domain 20
#
  • 连通性和结果验证
PC>ipconfig

Link local IPv6 address...........: fe80::5689:98ff:fe98:6dda
IPv6 address......................: :: / 128
IPv6 gateway......................: ::
IPv4 address......................: 192.168.20.10
Subnet mask.......................: 255.255.255.0
Gateway...........................: 192.168.20.1
Physical address..................: 54-89-98-98-6D-DA
DNS server........................:

PC>ping 192.168.20.20

Ping 192.168.20.20: 32 data bytes, Press Ctrl_C to break
From 192.168.20.20: bytes=32 seq=1 ttl=128 time=16 ms
From 192.168.20.20: bytes=32 seq=2 ttl=128 time=15 ms
From 192.168.20.20: bytes=32 seq=3 ttl=128 time=32 ms
From 192.168.20.20: bytes=32 seq=4 ttl=128 time=15 ms
From 192.168.20.20: bytes=32 seq=5 ttl=128 time=32 ms

--- 192.168.20.20 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 15/22/32 ms
可以看到同网段互通不需要网关就可以互通
查看mac/ip路由:
~leaf1]display  bgp  evpn  vpn-instance  20 routing-table mac-route 
 BGP Local router ID is 192.168.12.2
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


   EVPN-Instance 20:
  
 Number of Mac Routes: 1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>i   0:48:0000-5e00-0001:0:0.0.0.0                          3.3.3.3
此时只有对端网关的mac/ip路由,因为同网段通信arp请求在主机之间,vtep没有配置网关地址,不能学习arp,因此没有主机mac/ip路由。

不同子网互通实验:

配置步骤:
  • 组网拓扑:
    拓扑在保持以上实验的同时增加pc3 网段192.168.30.0/24, vxlan网关为leaf2设备上的vbdif30 。实验目的为目的为PC3192.168.30.30 能够ping通PC1192.168.20.10:


  • 在leaf2增加bd30
#
bridge-domain 30
 vxlan vni 30
 evpn
  route-distinguisher 1:30
  vpn-target 30:30 export-extcommunity
  vpn-target 10:30 export-extcommunity
  vpn-target 30:30 import-extcommunity
#
  • 分别在leaf1 和leaf2 配置网关地址:
<leaf1>
#
interface Vbdif20
 ip address 192.168.20.1 255.255.255.0
 mac-address 0000-5e00-0001
 vxlan anycast-gateway enable
 arp collect host enable
#
<leaf2>
#
interface Vbdif30
 ip address 192.168.30.1 255.255.255.0
 mac-address 0000-5e00-0002
 vxlan anycast-gateway enable
 arp collect host enable
#
  • 分别在leaf1 和 leaf2 配置l3vpn实例用来交叉接受不通网段的路由:
<leaf1>
#
ip vpn-instance evpn20
 ipv4-family
  route-distinguisher 60:20
  vpn-target 10:30 import-extcommunity evpn
 vxlan vni 60
#
return
<leaf2>
#
ip vpn-instance evpn30
 ipv4-family
  route-distinguisher 40:30
  vpn-target 10:30 import-extcommunity evpn
  vpn-target 20:20 import-extcommunity evpn
 vxlan vni 50
#
return

leaf1 bd 20 下 export vpn-target 20:20 必须和leaf2 vpn-instance evpn30 的vpn-target 20:20 import-extcommunity evpn对应;
leaf2 bd 30 下export vpn-target 10:30 必须和leaf1 vpn-instance evpn20 的vpn-target 10:30 import-extcommunity evpn对应

  • 将vpdif接口绑定到对应的l3vpn实例下面,用来保存各自网关的mac/ip路由
<leaf1>
#
interface Vbdif20
 ip binding vpn-instance evpn20
<leaf2>
#
interface Vbdif30
 ip binding vpn-instance evpn30
  • 在各自的网关vpn实例下分别ping pc1 和 pc3 ,然后查看arp表项和evpn表项:
在leaf1 查看arp表象,已经有192.168.20.10   5489-9898-6dda  
<leaf1>display  arp 
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN:VLAN or Bridge Domain

IP ADDRESS      MAC ADDRESS    EXP(M) TYPE/VLAN       INTERFACE        VPN-INSTANCE
----------------------------------------------------------------------------------------
192.168.12.2    3850-1902-0100        I               GE1/0/0          
192.168.12.1    3850-1901-0100   12   D               GE1/0/0          
192.168.20.1    0000-5e00-0001        I               Vbdif20          evpn20
192.168.20.10   5489-9898-6dda    2   D/BD20          GE1/0/2.1        evpn20
----------------------------------------------------------------------------------------

然后在leaf2 查看,是否已经通过evpn学习到了mac/ip路由
<leaf2>display  bgp  evpn  vpn-instance __RD_1_40_30__  routing-table  mac-route 
 BGP Local router ID is 192.168.20.1
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


   EVPN-Instance __RD_1_40_30__:
  
 Number of Mac Routes: 1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>i   0:48:5489-9898-6dda:32:192.168.20.10                   2.2.2.2--------已经学习到的路由,

在leaf2 vpn实例下查看路由表项目:
Proto: Protocol        Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : evpn30
         Destinations : 5        Routes : 5         

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

  192.168.20.10/32  IBGP    255  0             RD  2.2.2.2         VXLAN------已经有IBGP主机路由,下一跳接口为vxlan
   192.168.30.0/24  Direct  0    0             D   192.168.30.1    Vbdif30
   192.168.30.1/32  Direct  0    0             D   127.0.0.1       Vbdif30
 192.168.30.255/32  Direct  0    0             D   127.0.0.1       Vbdif30
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

查看mac/ip路由详细信息:
<leaf2>display  bgp  evpn  vpn-instance __RD_1_40_30__  routing-table  mac-route 0:48:5489-9898-6dda:32:192.168.20.10


 BGP local router ID : 192.168.20.1
 Local AS number : 100

   EVPN-Instance __RD_1_40_30__:
  
 Number of Mac Routes: 1
 BGP routing table entry information of 0:48:5489-9898-6dda:32:192.168.20.10:----路由条目信息
 Route Distinguisher: 0:20----evpn实例的RD
 Remote-Cross route
 Label information (Received/Applied): 20 60/NULL-----二层vni和三层vni
 From: 2.2.2.2 (192.168.12.2) ---------------------------------路由来自于那个对等体
 Route Duration: 0d00h42m30s------------------------------路由已经学习到的时间
 Relay Tunnel Out-Interface: VXLAN
 Original nexthop: 2.2.2.2--------------------------------------路由下一跳属性
 Qos information : 0x0
 Ext-Community: RT <20 : 20>, Tunnel Type <VxLan>, Router's MAC <707b-e8af-4e9f>------------------扩展团体属性为vpn-target 和对端nve接口的mac地址
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
 Route Type: 2 (MAC Advertisement Route) --------路由类型为type2
 Ethernet Tag ID: 0, MAC Address/Len: 5489-9898-6dda/48, IP Address/Len: 192.168.20.10/32, ESI:0000.0000.0000.0000.0000 ----type2路由类型携带的mac/ip
 Not advertised to any peer yet
  • 在leaf1 清除arp表项,查看leaf2 是否还有路由:
<leaf1>reset arp all 
<leaf1>display arp   
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN:VLAN or Bridge Domain

IP ADDRESS      MAC ADDRESS    EXP(M) TYPE/VLAN       INTERFACE        VPN-INSTANCE
----------------------------------------------------------------------------------------
192.168.12.2    3850-1902-0100        I               GE1/0/0          
192.168.12.1    3850-1901-0100   20   D               GE1/0/0          
192.168.20.1    0000-5e00-0001        I               Vbdif20          evpn20
----------------------------------------------------------------------------------------
Total:3         Dynamic:1       Static:0    Interface:2    OpenFlow:0
Redirect:0
<leaf1>
<leaf2>display  bgp  evpn  vpn-instance __RD_1_40_30__  routing-table  mac-route 
<leaf2>
可以看到已经没有mac/ip路由,说明evpn路由表象来自于arp表项。

在刚开始的同子网实验中,因为没有配置网关,因此vtep之间没有通告主机的mac/ip路由,现在已经有了网关,看leaf1和leaf2是否已经相互通告了各自主机PC1和PC2的mac/ip路由

<leaf2>display  bgp  evpn  vpn-instance 20 routing-table mac-route 
 BGP Local router ID is 192.168.20.1
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


   EVPN-Instance 20:
  
 Number of Mac Routes: 3
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:0000-5e00-0001:0:0.0.0.0                          0.0.0.0
 * i                                                          2.2.2.2
 *>i   0:48:5489-9898-6dda:32:192.168.20.10                   2.2.2.2
<leaf1>display  bgp  evpn  vpn-instance 20 routing-table  mac-route 
 BGP Local router ID is 192.168.12.2
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete


   EVPN-Instance 20:
  
 Number of Mac Routes: 4
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:0000-5e00-0001:0:0.0.0.0                          0.0.0.0
 * i                                                          3.3.3.3
 *>i   0:48:0000-5e00-0002:0:0.0.0.0                          3.3.3.3
 *>    0:48:5489-9898-6dda:32:192.168.20.10                   0.0.0.0

可以看到leaf2已经学习到了PC1的mac/ip路由信息

原理总结

待续。。。。。

最后编辑于
©著作权归作者所有,转载或内容合作请联系作者
  • 序言:七十年代末,一起剥皮案震惊了整个滨河市,随后出现的几起案子,更是在滨河造成了极大的恐慌,老刑警刘岩,带你破解...
    沈念sama阅读 216,039评论 6 498
  • 序言:滨河连续发生了三起死亡事件,死亡现场离奇诡异,居然都是意外死亡,警方通过查阅死者的电脑和手机,发现死者居然都...
    沈念sama阅读 92,223评论 3 392
  • 文/潘晓璐 我一进店门,熙熙楼的掌柜王于贵愁眉苦脸地迎上来,“玉大人,你说我怎么就摊上这事。” “怎么了?”我有些...
    开封第一讲书人阅读 161,916评论 0 351
  • 文/不坏的土叔 我叫张陵,是天一观的道长。 经常有香客问我,道长,这世上最难降的妖魔是什么? 我笑而不...
    开封第一讲书人阅读 58,009评论 1 291
  • 正文 为了忘掉前任,我火速办了婚礼,结果婚礼上,老公的妹妹穿的比我还像新娘。我一直安慰自己,他们只是感情好,可当我...
    茶点故事阅读 67,030评论 6 388
  • 文/花漫 我一把揭开白布。 她就那样静静地躺着,像睡着了一般。 火红的嫁衣衬着肌肤如雪。 梳的纹丝不乱的头发上,一...
    开封第一讲书人阅读 51,011评论 1 295
  • 那天,我揣着相机与录音,去河边找鬼。 笑死,一个胖子当着我的面吹牛,可吹牛的内容都是我干的。 我是一名探鬼主播,决...
    沈念sama阅读 39,934评论 3 416
  • 文/苍兰香墨 我猛地睁开眼,长吁一口气:“原来是场噩梦啊……” “哼!你这毒妇竟也来了?” 一声冷哼从身侧响起,我...
    开封第一讲书人阅读 38,754评论 0 271
  • 序言:老挝万荣一对情侣失踪,失踪者是张志新(化名)和其女友刘颖,没想到半个月后,有当地人在树林里发现了一具尸体,经...
    沈念sama阅读 45,202评论 1 309
  • 正文 独居荒郊野岭守林人离奇死亡,尸身上长有42处带血的脓包…… 初始之章·张勋 以下内容为张勋视角 年9月15日...
    茶点故事阅读 37,433评论 2 331
  • 正文 我和宋清朗相恋三年,在试婚纱的时候发现自己被绿了。 大学时的朋友给我发了我未婚夫和他白月光在一起吃饭的照片。...
    茶点故事阅读 39,590评论 1 346
  • 序言:一个原本活蹦乱跳的男人离奇死亡,死状恐怖,灵堂内的尸体忽然破棺而出,到底是诈尸还是另有隐情,我是刑警宁泽,带...
    沈念sama阅读 35,321评论 5 342
  • 正文 年R本政府宣布,位于F岛的核电站,受9级特大地震影响,放射性物质发生泄漏。R本人自食恶果不足惜,却给世界环境...
    茶点故事阅读 40,917评论 3 325
  • 文/蒙蒙 一、第九天 我趴在偏房一处隐蔽的房顶上张望。 院中可真热闹,春花似锦、人声如沸。这庄子的主人今日做“春日...
    开封第一讲书人阅读 31,568评论 0 21
  • 文/苍兰香墨 我抬头看了看天上的太阳。三九已至,却和暖如春,着一层夹袄步出监牢的瞬间,已是汗流浃背。 一阵脚步声响...
    开封第一讲书人阅读 32,738评论 1 268
  • 我被黑心中介骗来泰国打工, 没想到刚下飞机就差点儿被人妖公主榨干…… 1. 我叫王不留,地道东北人。 一个月前我还...
    沈念sama阅读 47,583评论 2 368
  • 正文 我出身青楼,却偏偏与公主长得像,于是被迫代替她去往敌国和亲。 传闻我的和亲对象是个残疾皇子,可洞房花烛夜当晚...
    茶点故事阅读 44,482评论 2 352