实验拓扑基础配置同实验一,增加border设备和out-net设备,border设备underlay配置ospf同vxlan网络中其他设备互通,overlay配置bgp evpn作为通往外部网络的网关,out-net设备模拟外部网络,通告路由到vxlan区域。
实验拓扑:
VXLAN分布式网关3.png
实验目的:
- PC1和PC2的网关网段路由192.168.20.0/24可以通过EBGP通搞给外部网络out-net,从而使外部网络能到达vxlan网络;
- 因为PC1 和 PC2 采用分布式网关,只通告192.168.20.0/24网段路由不能正确的路由数据到相应的主机,因此还需要将PC1和PC2的主机路由通告给外部网络out-net;
- 外部网络out-net将192.168.50.0/24网段路由通过BGP通告给leaf1 和 leaf2 ,从而使leaf1 和leaf2 的主机PC1 和PC2能够访问外部网络;
配置思路和规划:
1、配置border under网络,和现有vxlan网络under互通;
2、配置leaf1 和leaf2 分别和border 建立BGP evpn对等体,用于通告网段和主机路由;
3、验证border和leaf1 、leaf2的 evpn对等体成功建立
4、在border 上配置nve接口,用于建立vxlan隧道;
5、在border 上配置ip vpn-instance evpn-out ,RD为100:30,evpn vpn-traget import 为10:31,用于接受PC1 PC2的主机路由和网关网段路由;
6、在leaf1 和leaf 2 的 vpn-instance 下配置evpn vpn-traget export为10:31;
7、在bgp ipv4-family 的对应vpn实例中将vpn实例绑定的直连路由导入BGP,并配置将导入的路由向bgp evpn对等体通告;
8、验证bgp evpn实例已经学习到了导入的直连路由;
9、配置border和out-net之间的EBGP,用来相互通告路由;
10、验证out-net设备已经收到了vxlan20的网关网段路由192.168.20.0/24
11、在leaf节点vbdif20网关节点开启arp 直连路由功能,用来通告主机路由;
12、验证evpn实例已经通过三层vpn实例学习到主机路由;
13、在border 的vpn-instance evpn-out 上配置evpn vpn-traget export 为10:100,用于发送自己接收的out-net路由给leaf1和leaf2;
14、在out-net上通告192.168.50.0/24段路由到BGP协议;
15、查看leaf1 leaf2 vpn实例路由和evpn路由,看是否已经收到相关路由;
配置:
- 配置underlay网络,只配置border,其他参考实验一:
[~border]
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface GE1/0/3
undo portswitch
undo shutdown
ip address 192.168.14.4 255.255.255.0
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 192.168.14.0 0.0.0.255
#
return
- 配置leaf1 leaf2 和border的bgp evpn
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ipv4-family vpn-instance evpn-out
advertise l2vpn evpn
peer 192.168.45.5 as-number 200
#
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irb
#
<leaf1>
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ipv4-family vpn-instance evpn20
import-route direct
advertise l2vpn evpn
#
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irb
peer 4.4.4.4 enable
peer 4.4.4.4 advertise irb
#
return
<leaf2>
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
peer 2.2.2.2 enable
peer 4.4.4.4 enable
#
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
peer 4.4.4.4 enable
peer 4.4.4.4 advertise irb
#
return
- 验证border和leaf的bgp evpn对等体关系:
<border>display bgp evpn peer
BGP local router ID : 192.168.14.4
Local AS number : 100
Total number of peers : 2
Peers in established state : 2
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
2.2.2.2 4 100 209 190 0 02:38:26 Established 2
3.3.3.3 4 100 190 190 0 02:38:27 Established 0
可以看到对等体关系已经建立:
- 在boder配置nve,leaf 导入直连路由并向evpn对等体通告:
<border>
#
interface Nve1
source 4.4.4.4
#
<border>
ip vpn-instance evpn-out
ipv4-family
route-distinguisher 100:30
vpn-target 10:31 import-extcommunity evpn
vxlan vni 100
#
return
<leaf1>
#
ip vpn-instance evpn20
ipv4-family
route-distinguisher 60:20
vpn-target 10:31 export-extcommunity evpn
vpn-target 10:30 import-extcommunity evpn
vxlan vni 60
#
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
ipv4-family unicast
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
ipv4-family vpn-instance evpn20
import-route direct-----------------------导入vpn实例直连路由
advertise l2vpn evpn--------------------将vpn实例下的路由向evpn对等体通告
#
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irb
peer 4.4.4.4 enable
peer 4.4.4.4 advertise irb
#
interface Vbdif20
ip binding vpn-instance evpn20
ip address 192.168.20.1 255.255.255.0
mac-address 0000-5e00-0001
vxlan anycast-gateway enable
arp collect host enable
#
return
- 查看网段路由是否已经通告给了evpn实例和net-out
<leaf1>display bgp evpn vpn-instance __RD_1_60_20__ routing-table prefix-route
BGP Local router ID is 192.168.12.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN-Instance __RD_1_60_20__:
Number of Ip Prefix Routes: 3
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*> 0:192.168.20.0:24 0.0.0.0---------------产生于自身的直连网段路由
*> 0:192.168.20.1:32 0.0.0.0
<border>display bgp evpn vpn-instance __RD_1_100_30__ routing-table prefix-route
BGP Local router ID is 192.168.14.4
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN-Instance __RD_1_100_30__:
Number of Ip Prefix Routes: 3
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*>i 0:192.168.20.0:24 2.2.2.2
*> 0:192.168.50.0:24 4.4.4.4
*>i 0:192.168.20.1:32 2.2.2.2
<border> display ip routing-table vpn-instance evpn-out
Proto: Protocol Pre: Preferencee __RD_1_100_30__ routing-table prefix-route
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : evpn-out
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.20.0/24 IBGP 255 0 RD 2.2.2.2 VXLAN
192.168.20.1/32 IBGP 255 0 RD 2.2.2.2 VXLAN
192.168.45.0/24 Direct 0 0 D 192.168.45.4 Vbdif200
192.168.45.4/32 Direct 0 0 D 127.0.0.1 Vbdif200
192.168.45.255/32 Direct 0 0 D 127.0.0.1 Vbdif200
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
可以看到border 已经学习到了192.168.20.0/24的路由,并且下一跳出口为vxlan
- 在borderr上查看vxlan隧道的建立:
<border>display vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531842 4.4.4.4 2.2.2.2 up dynamic 02:25:43
可以看到border已经和leaf建立了vxlan隧道
- 配置border 和net-out的ebgp邻居关系,实质相互通告路由,然后在border上将才弄个EBGP学习到的路由向evpn对等体通告,从而使leaf能够学习到192.168.50.0/24网段的路由:
/* 配置同net-out对接的网络接口和bd*/
<border>
#
bridge-domain 200
vxlan vni 200
#
interface GE1/0/0
undo shutdown
port link-type trunk
#
interface GE1/0/0.1 mode l2
encapsulation dot1q vid 200
bridge-domain 200
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
#
ipv4-family unicast
peer 2.2.2.2 enable
peer 3.3.3.3 enable
#
ipv4-family vpn-instance evpn-out-------在vpn实例中向evpn对等体通告自己学习来的路由
advertise l2vpn evpn
peer 192.168.45.5 as-number 200
#
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irb
#
ip vpn-instance evpn-out------------------配置vpn实例
ipv4-family
route-distinguisher 100:30
vpn-target 10:100 export-extcommunity evpn------配置路由导出时携带的vpn-target
vpn-target 10:31 import-extcommunity evpn
vxlan vni 100
#
interface Vbdif200
ip binding vpn-instance evpn-out
ip address 192.168.45.4 255.255.255.0
#
return
<leaf1>
ip vpn-instance evpn20
ipv4-family
route-distinguisher 60:20
vpn-target 10:31 export-extcommunity evpn
vpn-target 10:30 import-extcommunity evpn
vpn-target 10:100 import-extcommunity evpn------------------接受border通告的路由vpn-target
vxlan vni 60
#
return
- 查看border学习到的bgp路由
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : evpn-out
Destinations : 7 Routes : 7
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.20.0/24 IBGP 255 0 RD 2.2.2.2 VXLAN
192.168.20.1/32 IBGP 255 0 RD 2.2.2.2 VXLAN
192.168.45.0/24 Direct 0 0 D 192.168.45.4 Vbdif200
192.168.45.4/32 Direct 0 0 D 127.0.0.1 Vbdif200
192.168.45.255/32 Direct 0 0 D 127.0.0.1 Vbdif200
192.168.50.0/24 EBGP 255 0 RD 192.168.45.5 Vbdif200-------通过EBGP邻居学些到
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 查看BGP将EBGP路由通过evpn对等体通告给leaf
<leaf1>display ip routing-table vpn-instance evpn20
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : evpn20
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.20.0/24 Direct 0 0 D 192.168.20.1 Vbdif20
192.168.20.1/32 Direct 0 0 D 127.0.0.1 Vbdif20
192.168.20.255/32 Direct 0 0 D 127.0.0.1 Vbdif20
192.168.50.0/24 IBGP 255 0 RD 4.4.4.4 VXLAN---vpn实例中已经有外部网段路由
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<leaf1>display bgp evpn vpn-instance __RD_1_60_20__ routing-table prefix-route
BGP Local router ID is 192.168.12.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN-Instance __RD_1_60_20__:
Number of Ip Prefix Routes: 3
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*> 0:192.168.20.0:24 0.0.0.0
*>i 0:192.168.50.0:24 4.4.4.4---------------网段路由已经在evpn实例中,类型为前缀类型路由
*> 0:192.168.20.1:32 0.0.0.0
<leaf1>
- 查看外部路由详细信息:
<leaf1>display bgp evpn vpn-instance __RD_1_60_20__ routing-table prefix-route 0:192.168.50.0:24
BGP local router ID : 192.168.12.2
Local AS number : 100
EVPN-Instance __RD_1_60_20__:
Number of Ip Prefix Routes: 1
BGP routing table entry information of 0:192.168.50.0:24:
Route Distinguisher: 100:30
Remote-Cross route
Label information (Received/Applied): 100/NULL--------------border evpn-out实例的vni
From: 4.4.4.4 (192.168.14.4) --------------------------------------学习到此对的evpn对等体
Route Duration: 0d02h39m53s
Relay Tunnel Out-Interface: VXLAN
Original nexthop: 4.4.4.4--------------------------------------路由下一跳属性
Qos information : 0x0
Ext-Community: RT <10 : 100>, Tunnel Type <VxLan>, Router's MAC <707b-e817-0423>------------border evpn-out实例的export evpn-target
AS-path 200, origin igp, MED 0, localpref 100, pref-val 0, valid, internal, best, select, pre 255
Route Type: 5 (Ip Prefix Route)
Ethernet Tag ID: 0, IP Prefix/Len: 192.168.50.0/24, ESI: -------携带的前缀路由0000.0000.0000.0000.0000, GW IP Address: 0.0.0.0
Not advertised to any peer yet
- 目前为止out-net并没有收到主机的主机路由,开启arp 直连路由功能,将主机路由通告给外部网络
[~leaf1-Vbdif20]display this
#
interface Vbdif20
ip binding vpn-instance evpn20
ip address 192.168.20.1 255.255.255.0
mac-address 0000-5e00-0001
vxlan anycast-gateway enable
arp collect host enable
arp direct-route enable----------------------------arp到直连路由
#
- 查看leaf1 vpn实例是否已经有自己的直连路由:
<leaf1>display ip routing-table vpn-instance evpn20
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : evpn20
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.20.0/24 Direct 0 0 D 192.168.20.1 Vbdif20
192.168.20.1/32 Direct 0 0 D 127.0.0.1 Vbdif20
192.168.20.10/32 Direct 0 0 0.0.0.0 Vbdif20-------已经存在自己的直连路由,下一跳接口为网关接口
192.168.20.255/32 Direct 0 0 D 127.0.0.1 Vbdif20
192.168.50.0/24 IBGP 255 0 RD 4.4.4.4 VXLAN
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 因为已经在leaf1 bgp ipv4 family的vpn实例中重分发了直连路由,并且配置了向evpn对等体通告,查看border是否已经收到直连路由:
<border>display ip routing-table vpn-instance evpn-out
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : evpn-out
Destinations : 8 Routes : 8
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.20.0/24 IBGP 255 0 RD 2.2.2.2 VXLAN
192.168.20.1/32 IBGP 255 0 RD 2.2.2.2 VXLAN
192.168.20.10/32 IBGP 255 0 RD 2.2.2.2 VXLAN----已经有IBGP路由,下一跳为vxlan
192.168.45.0/24 Direct 0 0 D 192.168.45.4 Vbdif200
192.168.45.4/32 Direct 0 0 D 127.0.0.1 Vbdif200
192.168.45.255/32 Direct 0 0 D 127.0.0.1 Vbdif200
192.168.50.0/24 EBGP 255 0 RD 192.168.45.5 Vbdif200
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
<border>display bgp evpn vpn-instance __RD_1_100_30__ routing-table prefix-route
BGP Local router ID is 192.168.14.4
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN-Instance __RD_1_100_30__:
Number of Ip Prefix Routes: 4
Network(EthTagId/IpPrefix/IpPrefixLen) NextHop
*>i 0:192.168.20.0:24 2.2.2.2
*> 0:192.168.50.0:24 4.4.4.4
*>i 0:192.168.20.1:32 2.2.2.2
*>i 0:192.168.20.10:32 2.2.2.2---------------evpn路由也已经学习到
<border>
- 在外部网络net-out查看是否通过EBGP邻居学习到了主机路由:
[~net-out]display ip routing-table
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.20.0/24 EBGP 255 0 RD 192.168.45.4 Vlanif200
192.168.20.1/32 EBGP 255 0 RD 192.168.45.4 Vlanif200
192.168.20.10/32 EBGP 255 0 RD 192.168.45.4 Vlanif200-----已经学习到了来自leaf的主机路由
192.168.45.0/24 Direct 0 0 D 192.168.45.5 Vlanif200
192.168.45.5/32 Direct 0 0 D 127.0.0.1 Vlanif200
192.168.45.255/32 Direct 0 0 D 127.0.0.1 Vlanif200
192.168.50.0/24 Direct 0 0 D 192.168.50.1 LoopBack0
192.168.50.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
192.168.50.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
谢谢!!
