通过BGP EVPN方式动态建立VXLAN隧道实现

  • A+
所属分类:SDN 网络

组网需求

如下图的组网图所示,Router1为企业分支网关,Router2为企业总部网关,由于分支与总部之间用户的业务需求不同,则将其规划为不同网段。企业分支的PC_1与总部的PC_2终端用户所属VLAN ID分别为VLAN 10、VLAN 20。现企业希望通过分支与总部之间通过BGP EVPN方式动态建立VXLAN隧道实现用户间互通。

通过BGP EVPN方式动态建立VXLAN隧道实现

通过VXLAN三层网关通信组网图

配置思路

采用如下思路配置不同网段用户通过BGP EVPN方式动态建立VXLAN隧道实现互通:

  1. 分别在Router1、Router2、Router3上配置路由协议,保证网络三层互通。
  2. 分别在Router1、Router2上配置VXLAN接入业务选择部署方式。
  3. 配置BGP EVPN对等体关系。
  4. 在Router1和Router2上配置源端VTEP的IP地址。
  5. 在Router1和Router2上配置VPN实例。
  6. 在Router1和Router2上配置三层网关。
  7. 在Router1与Router2之间配置BGP对邻居发布IP前缀类型的路由。

操作步骤

  1. 配置路由协议。

配置Router1。Router2和Router3的配置与Router1类似,这里不再赘述。配置OSPF时,需要发布设备上的32位Loopback接口地址。

<Huawei> system-view
[Huawei] sysname Router1
[Router1] interface loopback 1
[Router1-LoopBack1] ip address 10.1.1.2 32
[Router1-LoopBack1] quit
[Router1] interface ethernet 2/0/0
[Router1-Ethernet2/0/0] undo portswitch
[Router1-Ethernet2/0/0] ip address 192.168.2.1 24
[Router1-Ethernet2/0/0] quit
[Router1] ospf
[Router1-ospf-1] area 0
[Router1-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.0
[Router1-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255
[Router1-ospf-1-area-0.0.0.0] quit
[Router1-ospf-1] quit

OSPF成功配置后,Router之间可通过OSPF协议发现对方的Loopback接口的IP地址,并能互相ping通。以Router1 ping Router2的显示为例。

[Router1] ping 10.2.2.2
  PING 10.2.2.2: 56  data bytes, press CTRL_C to break                     
    Reply from 10.2.2.2: bytes=56 Sequence=1 ttl=255 time=1 ms             
    Reply from 10.2.2.2: bytes=56 Sequence=2 ttl=255 time=5 ms             
    Reply from 10.2.2.2: bytes=56 Sequence=3 ttl=255 time=5 ms             
    Reply from 10.2.2.2: bytes=56 Sequence=4 ttl=255 time=2 ms             
    Reply from 10.2.2.2: bytes=56 Sequence=5 ttl=255 time=2 ms             
                                                                                
  --- 10.2.2.2 ping statistics ---                                         
    5 packet(s) transmitted                                                     
    5 packet(s) received                                                        
    0.00% packet loss                                                           
    round-trip min/avg/max = 1/3/5 ms                                           
  1. 分别在Router1、Router2上配置业务接入点。

配置Router1。Router2的配置与Router1类似,这里不再赘述。

[Router1] bridge-domain 10
[Router1-bd10] quit
[Router1] interface ethernet 2/0/1.1 mode l2
[Router1-Ethernet2/0/1.1] encapsulation dot1q vid 10
[Router1-Ethernet2/0/1.1] bridge-domain 10
[Router1-Ethernet2/0/1.1] quit
  1. 配置BGP EVPN对等体关系。

在Router1配置BGP EVPN对等体关系。Router2的配置与Router1类似,这里不再赘述。

[Router1] bgp 100
[Router1-bgp] peer 10.3.3.2 as-number 100
[Router1-bgp] peer 10.3.3.2 connect-interface LoopBack1
[Router1-bgp] l2vpn-family evpn
[Router1-bgp-af-evpn] peer 10.3.3.2 enable
[Router1-bgp-af-evpn] quit
[Router1-bgp] quit
[Router1] interface nve 1
[Router1-Nve1] source 10.1.1.2
[Router1-Nve1] quit
  1. 在Router1和Router2上配置VPN实例。

配置Router1。Router2的配置与Router1类似,这里不再赘述。

[Router1] ip vpn-instance vpn1
[Router1-vpn-instance-vpn1] ipv4-family
[Router1-vpn-instance-vpn1-af-ipv4] route-distinguisher 100:1
[Router1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1 evpn
[Router1-vpn-instance-vpn1-af-ipv4] quit
[Router1-vpn-instance-vpn1] vxlan vni 5010
[Router1-vpn-instance-vpn1] quit
[Router1] bridge-domain 10
[Router1-bd10] vxlan vni 2010
[Router1-bd10] quit
  1. 在Router1和Router2上配置VXLAN三层网关并绑定VPN实例。

配置Router1。Router2的配置与Router1类似,这里不再赘述。

[Router1] interface vbdif 10
[Router1-Vbdif10] ip binding vpn-instance vpn1
[Router1-Vbdif10] ip address 192.168.10.10 24
[Router1-Vbdif10] quit
  1. 在Router1与Router2之间配置BGP对邻居发布IP前缀类型的路由。

配置Router1。Router2的配置与Router1类似,这里不再赘述。

[Router1] bgp 100
[Router1-bgp] ipv4-family vpn-instance vpn1
[Router1-bgp-vpn1] import-route direct
[Router1-bgp-vpn1] advertise l2vpn evpn
[Router1-bgp-vpn1] quit
[Router1-bgp] quit
  1. 验证配置结果。

上述配置成功后,在Router1、Router2上执行命令display vxlan tunnel可查看到VXLAN隧道的信息。以Router1的显示为例。

[Router3] display vxlan tunnel
 Tunnel ID       Source              Destination         State     Type         
 ----------------------------------------------------------------------------   
 4026531842      10.1.1.2            10.2.2.2            up        dynamic      
  ----------------------------------------------------------------------------   
 Number of vxlan tunnel : 2  

配置文件

  • Router1的配置文件
#
sysname Router1
#                                                                               
ip vpn-instance vpn1                                                            
 ipv4-family                                                                    
  route-distinguisher 100:1                                                    
  vpn-target 1:1 export-extcommunity evpn                                       
  vpn-target 1:1 import-extcommunity evpn                                       
 vxlan vni 5010                                                                 
#
bridge-domain 10                                                                
 vxlan vni 2010
#                                                                               
interface Ethernet2/0/0                                                         
 undo portswitch                                                                
 ip address 192.168.2.1 255.255.255.0                                           
#                                                                               
interface Ethernet2/0/1.1 mode l2                                               
 encapsulation dot1q vid 10                                                     
 bridge-domain 10
#                                                                               
interface LoopBack1                                                             
 ip address 10.1.1.2 255.255.255.255  
#                                                                               
interface Vbdif10                                                               
 ip binding vpn-instance vpn1                                                   
 ip address 192.168.10.10 255.255.255.0                                         
#                                                                               
interface Nve1                                                                  
 source 10.1.1.2                                                                 
#                                                                               
bgp 100                                                                         
 peer 10.2.2.2 as-number 100                                                     
 peer 10.2.2.2 connect-interface LoopBack1                                       
 #                                                                              
 ipv4-family unicast                                                            
  undo synchronization                                                          
  peer 10.2.2.2 enable                                                           
 #                                                                              
 l2vpn-family evpn                                                              
  policy vpn-target                                                             
  peer 10.2.2.2 enable                                                           
 #                                                                              
 ipv4-family vpn-instance vpn1                                                  
  import-route direct                                                           
  advertise l2vpn evpn                                                          
#  
ospf 1                                                                          
 area 0.0.0.0                                                                   
  network 10.1.1.2 0.0.0.0                                                       
  network 192.168.2.0 0.0.0.255 
#                                                                               
return 
  • Router2的配置文件
#
sysname Router2
#                                                                               
ip vpn-instance vpn1                                                            
 ipv4-family                                                                    
  route-distinguisher 100:1                                                    
  vpn-target 1:1 export-extcommunity evpn                                       
  vpn-target 1:1 import-extcommunity evpn                                       
 vxlan vni 5020                                                                 
#
bridge-domain 20                                                                
 vxlan vni 2020
#                                                                               
interface Ethernet2/0/0                                                         
 undo portswitch                                                                
 ip address 192.168.3.1 255.255.255.0                                           
#                                                                               
interface Ethernet2/0/1.1 mode l2                                               
 encapsulation dot1q vid 20                                                     
 bridge-domain 20
#                                                                               
interface LoopBack1                                                             
 ip address 10.2.2.2 255.255.255.255  
#                                                                               
interface Vbdif20                                                               
 ip binding vpn-instance vpn1                                                   
 ip address 192.168.20.10 255.255.255.0                                         
#                                                                               
interface Nve1                                                                  
 source 10.2.2.2                                                                 
#                                                                               
bgp 100                                                                         
 peer 10.1.1.2 as-number 100                                                     
 peer 10.1.1.2 connect-interface LoopBack1                                       
 #                                                                              
 ipv4-family unicast                                                            
  undo synchronization                                                          
  peer 10.1.1.2 enable                                                           
 #                                                                              
 l2vpn-family evpn                                                              
  policy vpn-target                                                             
  peer 10.1.1.2 enable                                                           
 #                                                                              
 ipv4-family vpn-instance vpn1                                                  
  import-route direct                                                           
  advertise l2vpn evpn                                                          
#  
ospf 1                                                                          
 area 0.0.0.0                                                                   
  network 10.2.2.2 0.0.0.0                                                       
  network 192.168.3.0 0.0.0.255 
#                                                                               
return 
Router3的配置文件

#
sysname Router3
#                                                                               
interface Ethernet2/0/1                              
 undo portswitch                                                                
 ip address 192.168.2.2 255.255.255.0                                           
#                                                                               
interface Ethernet2/0/2                              
 undo portswitch                                                                
 ip address 192.168.3.2 255.255.255.0                                           
#                                                                               
interface LoopBack1                                                             
 ip address 10.3.3.2 255.255.255.255  
#  
ospf 1                                                                          
 area 0.0.0.0                                                                   
  network 10.3.3.2 0.0.0.0                                                       
  network 192.168.2.0 0.0.0.255 
  network 192.168.3.0 0.0.0.255 
#                                                                               
return 

原文:华为官网技术支持:EVPN配置举例

  • 我的微信
  • 欢迎大家,与我交流,非诚勿扰谢谢
  • weinxin
  • 奕知伴解 微信公众号
  • 扫一扫关注,从此不迷路。
  • weinxin
刘銮奕

发表评论

:?: :razz: :sad: :evil: :!: :smile: :oops: :grin: :eek: :shock: :???: :cool: :lol: :mad: :twisted: :roll: :wink: :idea: :arrow: :neutral: :cry: :mrgreen: