• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 新华三人才研学中心
  • 关于我们

15-EVPN配置举例

02-H3C_MDC+EVPN典型配置举例

本章节下载  (248.74 KB)

02-H3C_MDC+EVPN典型配置举例

H3C MDC和EVPN综合典型配置举例

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

资料版本:6W100-20190330

产品版本:Release 7577P04

 

Copyright © 2019 新华三技术有限公司 版权所有,保留一切权利。

非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。

除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。

本文档中的信息可能变动,恕不另行通知。

 



1  简介

本文档介绍MDC(Multitenant Device Context,多租户设备环境)和EVPN(Ethernet Virtual Private Network,以太网虚拟专用网络)结合使用的典型配置举例。

·              MDC是一种虚拟化技术,将一台物理设备或IRF虚拟成多台逻辑设备,每台逻辑设备称为一台MDC。

·              EVPN是一种二层VPN技术,控制平面采用MP-BGP通告EVPN路由信息,数据平面采用VXLAN封装方式转发报文。

通过MDC和EVPN结合部署的方式,可以实现在传统网络的基础上快速部署EVPN业务,满足业务扩展的需要,同时实现传统业务和EVPN业务的隔离,降低网络管理成本。

2  配置前提

本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请以设备实际情况为准。

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文档假设您已了解MDC和EVPN特性。

3  配置举例

3.1  组网需求

某公司现有网络为IP网络,通过IP网络为用户提供IPTV和OTT业务。由于业务扩展需求,该公司需要在现有网络设备的基础上部署EVPN网络。为了减少投资,该公司采用MDC和EVPN结合使用的方式快速部署EVPN网络。具体需求为:

·              Switch A和Switch B分别虚拟为两台独立的设备(SWA-MDC1、SWA-MDC2和SWB-MDC1、SWB-MDC2)。SWA-MDC2、SWB-MDC2作为EVPN网络的RR,反射BGP路由;SWA-MDC1、SWB-MDC1分别作为IPTV平台和OTT平台的网关。

·              Switch C和Switch D为分布式EVPN网关设备。

·              Switch E是与广域网连接的边界网关设备。

·              Sever 1和Sever 3属于VXLAN10,Sever 2和Sever 4属于VXLAN20。相同VXLAN之间可以二层互通;不同VXLAN之间通过分布式EVPN网关实现三层互通;VXLAN与广域网之间通过边界网关实现三层互通。

·              IPTV平台作为接收者通过Switch F接收组播源Source发出的组播信息,SWA-MDC1、SWA-MDC2、SWB-MDC2、Switch D和Switch E启用PIM协议建立组播分发树。SWA-MDC1作为IPTV平台的业务网关实现IPTV平台与外界网络互通。

·              OTT平台承载传统业务,SWB-MDC1作为OTT平台的业务网关实现OTT平台与外界网络互通。

图1 MDCEVPN结合使用组网图

 

设备

接口

IP地址

设备

接口

IP地址

SWA-MDC1

Loopback0

6.6.6.6/32

Switch D

Loopback0

4.4.4.4/32

 

Vlan-int10

17.1.1.6/24

 

Vlan-int10

14.1.1.4/24

 

Vlan-int20

18.1.1.6/24

 

Vlan-int20

13.1.1.4/24

SWA-MDC2

Loopback0

1.1.1.1/32

 

Vlan-int30

21.1.1.4/24

 

Vlan-int10

11.1.1.1/24

Switch E

Loopback0

5.5.5.5/32

 

Vlan-int20

13.1.1.1/24

 

Vlan-int10

22.1.1.5/24

 

Vlan-int30

15.1.1.1/24

 

Vlan-int20

18.1.1.5/24

SWB-MDC1

Loopback0

7.7.7.7/32

 

Vlan-int30

15.1.1.5/24

 

Vlan-int10

20.1.1.7/24

 

Vlan-int40

16.1.1.5/24

 

Vlan-int50

19.1.1.7/24

 

Vlan-int50

19.1.1.5/24

SWB-MDC2

Loopback0

2.2.2.2/32

Switch F

Loopback0

9.9.9.9/32

 

Vlan-int10

14.1.1.2/24

 

Vlan-int10

17.1.1.9/24

 

Vlan-int20

12.1.1.2/24

 

Vlan-int20

10.1.4.1/24

 

Vlan-int40

16.1.1.2/24

 

 

 

Switch C

Loopback0

3.3.3.3/32

 

 

 

 

Vlan-int10

11.1.1.3/24

 

 

 

 

Vlan-int20

12.1.1.3/24

 

 

 

 

3.2  配置思路

·              Switch A和Switch B上配置MDC将设备分别虚拟成SWA-MDC1、SWA-MDC2和SWB-MDC1、SWB-MDC2。

·              在SWA-MDC1、SWA-MDC2、SWB-MDC1、SWB-MDC2、Switch C、Switch D和Switch E上配置路由协议,使各交换机的接口IP地址(包括Loopback接口IP地址)之间路由可达。本举例以OSPF路由协议为例。

·              将Switch C和Switch D配置为分布式EVPN网关,通过VXLAN隧道实现互通。

·              在Switch C和Switch D的下行端口上配置以太网服务实例和相应的匹配规则,用来识别用户网络中的报文所属的VXLAN。

·              在SWA-MDC1、SWA-MDC2、SWB-MDC2、Switch D和Switch E启用PIM协议建立组播树。

·              将SWA-MDC1和SWB-MDC1分别配置成IPTV平台和OTT平台的网关,使IPTV平台和OTT平台可以访问外界网络。

3.3  配置步骤

3.3.1  配置Switch A和Switch B划分MDC

(1)      配置Switch A

# 在Switch A上创建SWA-MDC1。

<SwitchA> system-view

[SwitchA] mdc SWA-MDC1

It will take some time to create MDC...

MDC created successfully.

[SwitchA-mdc-2-SWA-MDC1] quit

# 取消缺省MDC对1号和2号业务板的使用权。

[SwitchA] mdc Admin

[SwitchA-mdc-1-Admin] undo location slot 1

Performing this command is equivalent to removing the card from the MDC. Continu

e? [Y/N]:y

[SwitchA-mdc-1-Admin] undo location slot 2

Performing this command is equivalent to removing the card from the MDC. Continu

e? [Y/N]:y

[SwitchA-mdc-1-Admin] quit

# 为SWA-MDC1分配接口Ten-GigabitEthernet1/0/1~Ten-GigabitEthernet1/0/24。

[SwitchA] mdc SWA-MDC1

[SwitchA-mdc-2-SWA-MDC1] allocate interface ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/24

This operation will allocate the specified interfaces and all interfaces in the

listed groups to the MDC. Continue? [Y/N]:y

Configuration of the interfaces will be lost. Continue? [Y/N]:y

Execute the location slot command in the current view to place the configuration into effect.

# 将1号业务板的使用权限分配给SWA-MDC1。

[SwitchA-mdc-2-SWA-MDC1] location slot 1

# 启动SWA-MDC1。

[SwitchA-mdc-2-SWA-MDC1] mdc start

It will take some time to start MDC...

MDC started successfully.

[SwitchA-mdc-2-SWA-MDC1] quit

# 在Switch A上创建SWA-MDC2。

[SwitchA] mdc SWA-MDC2

It will take some time to create MDC...

MDC created successfully.

# 为SWA-MDC2分配接口Ten-GigabitEthernet2/0/1~Ten-GigabitEthernet2/0/24。

[SwitchA-mdc-3-SWA-MDC2] allocate interface ten-gigabitethernet 2/0/1 to ten-gigabitethernet 2/0/24

This operation will allocate the specified interfaces and all interfaces in the

listed groups to the MDC. Continue? [Y/N]:y

Configuration of the interfaces will be lost. Continue? [Y/N]:y

Execute the location slot command in the current view to place the configuration into effect.

# 将2号业务板的使用权限分配给SWA-MDC2。

[SwitchA-mdc-3-SWA-MDC2] location slot 2

# 启动SWA-MDC2。

[SwitchA-mdc-3-SWA-MDC2] mdc start

It will take some time to start MDC...

MDC started successfully.

[SwitchA-mdc-3-SWA-MDC2] quit

(2)      配置Switch B

# 在Switch B上创建SWB-MDC1。

<SwitchB> system-view

[SwitchB] mdc SWB-MDC1

It will take some time to create MDC...

MDC created successfully.

[SwitchB-mdc-2-SWB-MDC1] quit

# 取消缺省MDC对1号和2号业务板的使用权。

[SwitchB] mdc Admin

[SwitchB-mdc-1-Admin] undo location slot 1

Performing this command is equivalent to removing the card from the MDC. Continu

e? [Y/N]:y

[SwitchB-mdc-1-Admin] undo location slot 2

Performing this command is equivalent to removing the card from the MDC. Continu

e? [Y/N]:y

[SwitchB-mdc-1-Admin] quit

# 为SWB-MDC1分配接口Ten-GigabitEthernet1/0/1~Ten-GigabitEthernet1/0/24。

[SwitchB] mdc SWB-MDC1

[SwitchB-mdc-2-SWB-MDC1] allocate interface ten-gigabitethernet 1/0/1 to ten-gigabitethernet 1/0/24

This operation will allocate the specified interfaces and all interfaces in the

listed groups to the MDC. Continue? [Y/N]:y

Configuration of the interfaces will be lost. Continue? [Y/N]:y

Execute the location slot command in the current view to place the configuration into effect.

# 将1号业务板的使用权限分配给SWB-MDC1。

[SwitchB-mdc-2-SWB-MDC1] location slot 1

# 启动SWB-MDC1。

[SwitchB-mdc-2-SWB-MDC1] mdc start

It will take some time to start MDC...

MDC started successfully.

[SwitchB-mdc-2-SWB-MDC1] quit

# 在Switch B上创建SWB-MDC2。

[SwitchB] mdc SWB-MDC2

It will take some time to create MDC...

MDC created successfully.

# 为SWB-MDC2分配接口Ten-GigabitEthernet2/0/1~Ten-GigabitEthernet2/0/24。

[SwitchB-mdc-3-SWB-MDC2] allocate interface ten-gigabitethernet 2/0/1 to ten-gigabitethernet 2/0/24

This operation will allocate the specified interfaces and all interfaces in the

listed groups to the MDC. Continue? [Y/N]:y

Configuration of the interfaces will be lost. Continue? [Y/N]:y

Execute the location slot command in the current view to place the configuration into effect.

# 将2号业务板的使用权限分配给SWB-MDC2。

[SwitchB-mdc-3-SWB-MDC2] location slot 2

# 启动SWB-MDC2。

[SwitchB-mdc-3-SWB-MDC2] mdc start

It will take some time to start MDC...

MDC started successfully.

[SwitchB-mdc-3-SWB-MDC2] quit

3.3.2  配置IPTV和OTT网络

1. 配置各设备接口的IP地址

# 在SWA-MDC1上配置接口的IP地址。

[SwitchA] switchto mdc SWA-MDC1

******************************************************************************

* Copyright (c) 2004-2017 New H3C Technologies Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

Automatic configuration is running, press CTRL_D to break or press CTRL_B to   

switch back to the default MDC.

<SWA-MDC1> system-view

[SWA-MDC1] interface loopback 0

[SWA-MDC1-Loopback0] ip address 6.6.6.6 32

[SWA-MDC1-Loopback0] quit

[SWA-MDC1] vlan 10

[SWA-MDC1-vlan10] port ten-gigabitethernet 1/0/1

[SWA-MDC1-vlan10] quit

[SWA-MDC1] interface vlan-interface 10

[SWA-MDC1-Vlan-interface10] ip address 17.1.1.6 24

[SWA-MDC1-Vlan-interface10] quit

[SWA-MDC1] vlan 20

[SWA-MDC1-vlan20] port ten-gigabitethernet 1/0/2

[SWA-MDC1-vlan20] quit

[SWA-MDC1] interface vlan-interface 20

[SWA-MDC1-Vlan-interface20] ip address 18.1.1.6 24

[SWA-MDC1-Vlan-interface20] quit

# 请参考以上方法登录其它MDC并配置其上的接口IP地址,配置步骤此处省略。

# 为各交换机设备配置接口IP地址。

[SwitchC] interface loopback 0

[SwitchC-Loopback0] ip address 3.3.3.3 32

[SwitchC-Loopback0] quit

[SwitchC] vlan 10

[SwitchC-vlan10] port ten-gigabitethernet 1/0/3

[SwitchC-vlan10] quit

[SwitchC] interface vlan-interface 10

[SwitchC-Vlan-interface10] ip address 11.1.1.3 24

[SwitchC-Vlan-interface10] quit

[SwitchC] vlan 20

[SwitchC-vlan20] port ten-gigabitethernet 1/0/4

[SwitchC-vlan20] quit

[SwitchC] interface vlan-interface 20

[SwitchC-Vlan-interface20] ip address 12.1.1.3 24

[SwitchC-Vlan-interface20] quit

# 请参考以上方法配置其它交换机上的接口IP地址,配置步骤此处省略。

2. 配置路由协议

# 在SWA-MDC1上配置OSPF发布接口所在网段的路由。

[SWA-MDC1] ospf 100 router-id 6.6.6.6

[SWA-MDC1-ospf-100] area 0

[SWA-MDC1-ospf-100-area-0.0.0.0] network 6.6.6.6 0.0.0.0

[SWA-MDC1-ospf-100-area-0.0.0.0] network 17.1.1.0 0.0.0.255

[SWA-MDC1-ospf-100-area-0.0.0.0] network 18.1.1.0 0.0.0.255

[SWA-MDC1-ospf-100-area-0.0.0.0] quit

[SWA-MDC1-ospf-100] quit

# 在SWA-MDC2上配置OSPF发布接口所在网段的路由。

[SWA-MDC2] ospf 100 router-id 1.1.1.1

[SWA-MDC2-ospf-100] area 0

[SWA-MDC2-ospf-100-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[SWA-MDC2-ospf-100-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SWA-MDC2-ospf-100-area-0.0.0.0] network 13.1.1.0 0.0.0.255

[SWA-MDC2-ospf-100-area-0.0.0.0] network 15.1.1.0 0.0.0.255

[SWA-MDC2-ospf-100-area-0.0.0.0] quit

[SWA-MDC2-ospf-100] quit

# 在SWB-MDC1上配置OSPF发布接口所在网段的路由。

[SWB-MDC1] ospf 100 router-id 7.7.7.7

[SWB-MDC1-ospf-100] area 0

[SWB-MDC1-ospf-100-area-0.0.0.0] network 7.7.7.7 0.0.0.0

[SWB-MDC1-ospf-100-area-0.0.0.0] network 19.1.1.0 0.0.0.255

[SWB-MDC1-ospf-100-area-0.0.0.0] network 20.1.1.0 0.0.0.255

[SWB-MDC1-ospf-100-area-0.0.0.0] quit

[SWB-MDC1-ospf-100] quit

# 在SWB-MDC2上配置OSPF发布接口所在网段的路由。

[SWB-MDC2] ospf 100 router-id 2.2.2.2

[SWB-MDC2-ospf-100] area 0

[SWB-MDC2-ospf-100-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[SWB-MDC2-ospf-100-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SWB-MDC2-ospf-100-area-0.0.0.0] network 14.1.1.0 0.0.0.255

[SWB-MDC2-ospf-100-area-0.0.0.0] network 16.1.1.0 0.0.0.255

[SWB-MDC2-ospf-100-area-0.0.0.0] quit

[SWB-MDC2-ospf-100] quit

# 在Switch C上配置OSPF发布接口所在网段的路由。

[SwitchC] ospf 100 router-id 3.3.3.3

[SwitchC-ospf-100] area 0

[SwitchC-ospf-100-area-0.0.0.0] network 3.3.3.3 0.0.0.0

[SwitchC-ospf-100-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[SwitchC-ospf-100-area-0.0.0.0] network 12.1.1.0 0.0.0.255

[SwitchC-ospf-100-area-0.0.0.0] quit

[SwitchC-ospf-100] quit

# 在Switch D上配置OSPF发布接口所在网段的路由。

[SwitchD] ospf 100 router-id 4.4.4.4

[SwitchD-ospf-100] area 0

[SwitchD-ospf-100-area-0.0.0.0] network 4.4.4.4 0.0.0.0

[SwitchD-ospf-100-area-0.0.0.0] network 13.1.3.0 0.0.0.255

[SwitchD-ospf-100-area-0.0.0.0] network 14.1.1.0 0.0.0.255

[SwitchD-ospf-100-area-0.0.0.0] network 21.1.1.0 0.0.0.255

[SwitchD-ospf-100-area-0.0.0.0] quit

[SwitchD-ospf-100] quit

# 在Switch E上配置OSPF发布接口所在网段的路由。

[SwitchE] ospf 100 router-id 5.5.5.5

[SwitchE-ospf-100] area 0

[SwitchE-ospf-100-area-0.0.0.0] network 5.5.5.5 0.0.0.0

[SwitchE-ospf-100-area-0.0.0.0] network 15.1.1.0 0.0.0.255

[SwitchE-ospf-100-area-0.0.0.0] network 16.1.1.0 0.0.0.255

[SwitchE-ospf-100-area-0.0.0.0] network 18.1.1.0 0.0.0.255

[SwitchE-ospf-100-area-0.0.0.0] network 19.1.1.0 0.0.0.255

[SwitchE-ospf-100-area-0.0.0.0] quit

[SwitchE-ospf-100] quit

# 在Swich F上配置OSPF发布接口所在网段的路由。

[SwitchF] ospf 100 router-id 9.9.9.9

[SwitchF-ospf-100] area 0

[SwitchF-ospf-100-area-0.0.0.0] network 9.9.9.9 0.0.0.0

[SwitchF-ospf-100-area-0.0.0.0] network 17.1.1.0 0.0.0.255

[SwitchF-ospf-100-area-0.0.0.0] quit

[SwitchF-ospf-100] quit

3. 配置组播协议

(1)      配置Switch D

# 使能IP组播路由,并在Vlan-interface10、Vlan-interface20、Vlan-interface30接口下使能PIM-SM。

[SwitchD] multicast routing

[SwitchD-mrib] quit

[SwitchD] interface vlan-interface 10

[SwitchD-Vlan-interface10] pim sm

[SwitchD-Vlan-interface10] quit

[SwitchD] interface vlan-interface 20

[SwitchD-Vlan-interface20] pim sm

[SwitchD-Vlan-interface20] quit

[SwitchD] interface vlan-interface 30

[SwitchD-Vlan-interface30] pim sm

[SwitchD-Vlan-interface30] quit

# 配置SWB-MDC2的Loopback0接口为静态RP。

[SwitchD] pim

[SwitchD-pim] static-rp 2.2.2.2

[SwitchD-pim] quit

(2)      配置SWA-MDC2

# 使能IP组播路由,并在Vlan-interface20、Vlan-interface30接口下使能PIM-SM。

<SWA-MDC2> system-view

[SWA-MDC2] multicast routing

[SWA-MDC2-mrib] quit

[SWA-MDC2] interface vlan-interface 20

[SWA-MDC2-Vlan-interface20] pim sm

[SWA-MDC2-Vlan-interface20] quit

[SWA-MDC2] interface vlan-interface 30

[SWA-MDC2-Vlan-interface30] pim sm

[SWA-MDC2-Vlan-interface30] quit

# 将SWA-MDC2的Loopback0接口地址配置为C-BSR和C-RP,并配置SWB-MDC2的Loopback0接口为静态RP。。

[SWA-MDC2] pim

[SWA-MDC2-pim] c-bsr 1.1.1.1

[SWA-MDC2-pim] c-rp 1.1.1.1

[SWA-MDC2-pim] static-rp 2.2.2.2

[SWA-MDC2-pim] quit

(3)      配置SWB-MDC2

# 使能IP组播路由,并在Vlan-interface10、Vlan-interface40接口下使能PIM-SM。

<SWB-MDC2> system-view

[SWB-MDC2] multicast routing

[SWB-MDC2-mrib] quit

[SWB-MDC2] interface vlan-interface 10

[SWB-MDC2-Vlan-interface10] pim sm

[SWB-MDC2-Vlan-interface10] quit

[SWB-MDC2] interface vlan-interface 40

[SWB-MDC2-Vlan-interface40] pim sm

[SWB-MDC2-Vlan-interface40] quit

# 配置SWB-MDC2的Loopback0接口为静态RP。

[SWB-MDC2] pim

[SWB-MDC2-pim] static-rp 2.2.2.2

[SWB-MDC2-pim] quit

(4)      配置Switch E

# 使能IP组播路由,并在Vlan-interface20、Vlan-interface30、Vlan-interface40接口下使能PIM-SM。

[SwitchE] multicast routing

[SwitchE-mrib] quit

[SwitchE] interface vlan-interface 20

[SwitchE-Vlan-interface20] pim sm

[SwitchE-Vlan-interface20] quit

[SwitchE] interface vlan-interface 30

[SwitchE-Vlan-interface30] pim sm

[SwitchE-Vlan-interface30] quit

[SwitchE] interface vlan-interface 40

[SwitchE-Vlan-interface40] pim sm

[SwitchE-Vlan-interface40] quit

# 配置SWB-MDC2的Loopback0接口为静态RP。

[SwitchE] pim

[SwitchE-pim] static-rp 2.2.2.2

[SwitchE-pim] quit

(5)      配置SWA-MDC1

# 使能IP组播路由,并在Vlan-interface10、Vlan-interface20接口下使能PIM-SM。

<SWA-MDC1> system-view

[SWA-MDC1] multicast routing

[SWA-MDC1-mrib] quit

[SWA-MDC1] interface vlan-interface 10

[SWA-MDC1-Vlan-interface10] pim sm

[SWA-MDC1-Vlan-interface10] quit

[SWA-MDC1] interface vlan-interface 20

[SWA-MDC1-Vlan-interface20] pim sm

[SWA-MDC1-Vlan-interface20] quit

# 配置SWB-MDC2的Loopback0接口为静态RP。

[SWA-MDC1] pim

[SWA-MDC1-pim] static-rp 2.2.2.2

[SWA-MDC1-pim] quit

(6)      配置Switch F

# 使能IP组播路由,在主机侧接口Vlan-int20下使能IGMP,在Vlan-int10下使能PIM-SM。

[SwitchF] multicast routing

[SwitchF-mrib] quit

[SwitchF] interface vlan-interface 10

[SwitchF-Vlan-interface10] pim sm

[SwitchF-Vlan-interface10] quit

[SwitchF] interface vlan-interface 20

[SwitchF-Vlan-interface20] igmp enable

[SwitchF-Vlan-interface20] quit

# 配置SWB-MDC2的Loopback0接口为静态RP。

[SwitchF] pim

[SwitchF-pim] static-rp 2.2.2.2

[SwitchF-pim] quit

3.3.3  配置EVPN网络

1. 创建VSI、EVPN实例和VXLAN

(1)      配置Switch C

# 开启L2VPN功能。

[SwitchC] l2vpn enable

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC] vxlan tunnel mac-learning disable

[SwitchC] vxlan tunnel arp-learning disable

# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] evpn encapsulation vxlan

[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchC-vsi-vpna-evpn-vxlan] quit

# 创建VXLAN 10。

[SwitchC-vsi-vpna] vxlan 10

[SwitchC-vsi-vpna-vxlan-10] quit

[SwitchC-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。

[SwitchC] vsi vpnb

[SwitchC-vsi-vpnb] evpn encapsulation vxlan

[SwitchC-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchC-vsi-vpnb-evpn-vxlan] vpn-target auto

[SwitchC-vsi-vpnb-evpn-vxlan] quit

# 创建VXLAN 20。

[SwitchC-vsi-vpnb] vxlan 20

[SwitchC-vsi-vpnb-vxlan-20] quit

[SwitchC-vsi-vpnb] quit

(2)      配置Switch D

# 开启L2VPN功能。

[SwitchD] l2vpn enable

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchD] vxlan tunnel mac-learning disable

[SwitchD] vxlan tunnel arp-learning disable

# 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] evpn encapsulation vxlan

[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchD-vsi-vpna-evpn-vxlan] quit

# 创建VXLAN 10。

[SwitchD-vsi-vpna] vxlan 10

[SwitchD-vsi-vpna-vxlan-10] quit

[SwitchD-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。

[SwitchD] vsi vpnb

[SwitchD-vsi-vpnb] evpn encapsulation vxlan

[SwitchD-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchD-vsi-vpnb-evpn-vxlan] vpn-target auto

[SwitchD-vsi-vpnb-evpn-vxlan] quit

# 创建VXLAN 20。

[SwitchD-vsi-vpnb] vxlan 20

[SwitchD-vsi-vpnb-vxlan-20] quit

[SwitchD-vsi-vpnb] quit

2. 配置以太网服务实例匹配用户报文,并关联VSI

(1)      配置Switch C

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 10(Sever 1)的数据帧,将该服务实例与vpna(VXLAN 10)关联。

[SwitchC] interface ten-gigabitethernet 1/0/1

[SwitchC-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10

[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] quit

[SwitchC-Ten-GigabitEthernet1/0/1] quit

# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例1000,该实例用来匹配VLAN 11(Sever 2)的数据帧,将该服务实例与vpnb(VXLAN 20)关联。

[SwitchC] interface ten-gigabitethernet 1/0/2

[SwitchC-Ten-GigabitEthernet1/0/2] service-instance 1000

[SwitchC-Ten-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 11

[SwitchC-Ten-GigabitEthernet1/0/2-srv1000] xconnect vsi vpnb

[SwitchC-Ten-GigabitEthernet1/0/2-srv1000] quit

[SwitchC-Ten-GigabitEthernet1/0/2] quit

(2)      配置Switch D

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 12(Sever 3)的数据帧,将该服务实例与vpna(VXLAN 10)关联。

[SwitchD] interface ten-gigabitethernet 1/0/1

[SwitchD-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 12

[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchD-Ten-GigabitEthernet1/0/1-srv1000] quit

[SwitchD-Ten-GigabitEthernet1/0/1] quit

# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例1000,该实例用来匹配VLAN 13(Sever 4)的数据帧,将该服务实例与vpnb(VXLAN 20)关联。

[SwitchD] interface ten-gigabitethernet 1/0/2

[SwitchD-Ten-GigabitEthernet1/0/2] service-instance 1000

[SwitchD-Ten-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 13

[SwitchD-Ten-GigabitEthernet1/0/2-srv1000] xconnect vsi vpnb

[SwitchD-Ten-GigabitEthernet1/0/2-srv1000] quit

[SwitchD-Ten-GigabitEthernet1/0/2] quit

3. 配置BGP发布EVPN路由

(1)      配置SWA-MDC2

# 配置SWA-MDC2与其它设备建立BGP连接。

<SWA-MDC2> system-view

[SWA-MDC2] bgp 100

[SWA-MDC2-bgp-default] group evpn

[SWA-MDC2-bgp-default] peer 3.3.3.3 group evpn

[SWA-MDC2-bgp-default] peer 4.4.4.4 group evpn

[SWA-MDC2-bgp-default] peer 5.5.5.5 group evpn

[SWA-MDC2-bgp-default] peer evpn as-number 100

[SWA-MDC2-bgp-default] peer evpn connect-interface loopback 0

[SWA-MDC2-bgp-default] peer 2.2.2.2 as-number 100

[SWA-MDC2-bgp-default] peer 2.2.2.2 connect-interface loopback 0

# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。

[SWA-MDC2-bgp-default] address-family l2vpn evpn

[SWA-MDC2-bgp-default-evpn] peer evpn enable

[SWA-MDC2-bgp-default-evpn] peer 2.2.2.2 enable

[SWA-MDC2-bgp-default-evpn] undo policy vpn-target

# 配置SWA-MDC2作为路由反射器。

[SWA-MDC2-bgp-default-evpn] reflector cluster-id 8.8.8.8

[SWA-MDC2-bgp-default-evpn] peer evpn reflect-client

[SWA-MDC2-bgp-default-evpn] quit

[SWA-MDC2-bgp-default] quit

(2)      配置SWB-MDC2

# 配置SWB-MDC2与其它设备建立BGP连接。

<SWB-MDC2> system-view

[SWB-MDC2] bgp 100

[SWB-MDC2-bgp-default] group evpn

[SWB-MDC2-bgp-default] peer 3.3.3.3 group evpn

[SWB-MDC2-bgp-default] peer 4.4.4.4 group evpn

[SWB-MDC2-bgp-default] peer 5.5.5.5 group evpn

[SWB-MDC2-bgp-default] peer evpn as-number 100

[SWB-MDC2-bgp-default] peer evpn connect-interface loopback 0

[SWB-MDC2-bgp-default] peer 1.1.1.1 as-number 100

[SWB-MDC2-bgp-default] peer 1.1.1.1 connect-interface loopback 0

# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。

[SWB-MDC2-bgp-default] address-family l2vpn evpn

[SWB-MDC2-bgp-default-evpn] peer evpn enable

[SWB-MDC2-bgp-default-evpn] peer 1.1.1.1 enable

[SWB-MDC2-bgp-default-evpn] undo policy vpn-target

# 配置SWB-MDC2作为路由反射器。

[SWB-MDC2-bgp-default-evpn] reflector cluster-id 8.8.8.8

[SWB-MDC2-bgp-default-evpn] peer evpn reflect-client

[SWB-MDC2-bgp-default-evpn] quit

[SWB-MDC2-bgp-default] quit

(3)      配置Switch C

# 配置SwitchC与其它设备建立BGP连接。

[SwitchC] bgp 100

[SwitchC-bgp-default] peer 1.1.1.1 as-number 100

[SwitchC-bgp-default] peer 1.1.1.1 connect-interface loopback 0

[SwitchC-bgp-default] peer 2.2.2.2 as-number 100

[SwitchC-bgp-default] peer 2.2.2.2 connect-interface loopback 0

# 配置BGP发布EVPN路由。

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer 1.1.1.1 enable

[SwitchC-bgp-default-evpn] peer 2.2.2.2 enable

(4)      配置Switch D

# 配置SwitchD与其它设备建立BGP连接。

[SwitchD] bgp 100

[SwitchD-bgp-default] peer 1.1.1.1 as-number 100

[SwitchD-bgp-default] peer 1.1.1.1 connect-interface loopback 0

[SwitchD-bgp-default] peer 2.2.2.2 as-number 100

[SwitchD-bgp-default] peer 2.2.2.2 connect-interface loopback 0

# 配置BGP发布EVPN路由。

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 1.1.1.1 enable

[SwitchD-bgp-default-evpn] peer 2.2.2.2 enable

(5)      配置Switch E

# 配置SwitchE与其它设备建立BGP连接。

[SwitchE] bgp 100

[SwitchE-bgp-default] peer 1.1.1.1 as-number 100

[SwitchE-bgp-default] peer 1.1.1.1 connect-interface loopback 0

[SwitchE-bgp-default] peer 2.2.2.2 as-number 100

[SwitchE-bgp-default] peer 2.2.2.2 connect-interface loopback 0

# 配置BGP发布EVPN路由。

[SwitchE-bgp-default] address-family l2vpn evpn

[SwitchE-bgp-default-evpn] peer 1.1.1.1 enable

[SwitchE-bgp-default-evpn] peer 2.2.2.2 enable

4. 配置分布式EVPN网关

(1)      配置Swich C

# 配置L3VNI的RD和RT。

[SwitchC] ip vpn-instance vpna

[SwitchC-vpn-instance-vpna] route-distinguisher 1:1

[SwitchC-vpn-instance-vpna] address-family ipv4

[SwitchC-vpn-ipv4-vpna] vpn-target 2:2

[SwitchC-vpn-ipv4-vpna] quit

[SwitchC-vpn-instance-vpna] address-family evpn

[SwitchC-vpn-evpn-vpna] vpn-target 1:1

[SwitchC-vpn-evpn-vpna] quit

[SwitchC-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchC] interface vsi-interface 1

[SwitchC-Vsi-interface1] ip binding vpn-instance vpna

[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchC-Vsi-interface1] mac-address 1-1-1

[SwitchC-Vsi-interface1] distributed-gateway local

[SwitchC-Vsi-interface1] local-proxy-arp enable

[SwitchC-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchC] interface vsi-interface 2

[SwitchC-Vsi-interface2] ip binding vpn-instance vpna

[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchC-Vsi-interface2] mac-address 2-2-2

[SwitchC-Vsi-interface2] distributed-gateway local

[SwitchC-Vsi-interface2] local-proxy-arp enable

[SwitchC-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchC] interface vsi-interface 3

[SwitchC-Vsi-interface3] ip binding vpn-instance vpna

[SwitchC-Vsi-interface3] l3-vni 1000

[SwitchC-Vsi-interface3] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] gateway vsi-interface 1

[SwitchC-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchC] vsi vpnb

[SwitchC-vsi-vpnb] gateway vsi-interface 2

[SwitchC-vsi-vpnb] quit

(2)      配置Swich D

# 配置L3VNI的RD和RT。

[SwitchD] ip vpn-instance vpna

[SwitchD-vpn-instance-vpna] route-distinguisher 1:1

[SwitchD-vpn-instance-vpna] address-family ipv4

[SwitchD-vpn-ipv4-vpna] vpn-target 2:2

[SwitchD-vpn-ipv4-vpna] quit

[SwitchD-vpn-instance-vpna] address-family evpn

[SwitchD-vpn-evpn-vpna] vpn-target 1:1

[SwitchD-vpn-evpn-vpna] quit

[SwitchD-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchD] interface vsi-interface 1

[SwitchD-Vsi-interface1] ip binding vpn-instance vpna

[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchD-Vsi-interface1] mac-address 1-1-1

[SwitchD-Vsi-interface1] distributed-gateway local

[SwitchD-Vsi-interface1] local-proxy-arp enable

[SwitchD-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchD] interface vsi-interface 2

[SwitchD-Vsi-interface2] ip binding vpn-instance vpna

[SwitchD-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchD-Vsi-interface2] mac-address 2-2-2

[SwitchD-Vsi-interface2] distributed-gateway local

[SwitchD-Vsi-interface2] local-proxy-arp enable

[SwitchD-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchD] interface vsi-interface 3

[SwitchD-Vsi-interface3] ip binding vpn-instance vpna

[SwitchD-Vsi-interface3] l3-vni 1000

[SwitchD-Vsi-interface3] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] gateway vsi-interface 1

[SwitchD-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchD] vsi vpnb

[SwitchD-vsi-vpnb] gateway vsi-interface 2

[SwitchD-vsi-vpnb] quit

5. 配置边界网关Switch E

# 开启L2VPN能力。

<SwitchE> system-view

[SwitchE] l2vpn enable

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchE] vxlan tunnel mac-learning disable

[SwitchE] vxlan tunnel arp-learning disable

# 配置L3VNI的RD和RT。

[SwitchE] ip vpn-instance vpna

[SwitchE-vpn-instance-vpna] route-distinguisher 1:1

[SwitchE-vpn-instance-vpna] address-family ipv4

[SwitchE-vpn-ipv4-vpna] vpn-target 2:2

[SwitchE-vpn-ipv4-vpna] quit

[SwitchE-vpn-instance-vpna] address-family evpn

[SwitchE-vpn-evpn-vpna] vpn-target 1:1

[SwitchE-vpn-evpn-vpna] quit

[SwitchE-vpn-instance-vpna] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchE] interface vsi-interface 3

[SwitchE-Vsi-interface3] ip binding vpn-instance vpna

[SwitchE-Vsi-interface3] l3-vni 1000

[SwitchE-Vsi-interface3] quit

# 配置缺省路由,下一跳为广域网中某台设备的IP地址22.1.1.100。

[SwitchE] ip route-static vpn-instance vpna 0.0.0.0 0 22.1.1.100

# 将缺省路由引入到VPN实例vpna的BGP IPv4单播路由表中。

[SwitchE] bgp 100

[SwitchE-bgp-default] ip vpn-instance vpna

[SwitchE-bgp-default-vpna] address-family ipv4 unicast

[SwitchE-bgp-default-ipv4-vpna] default-route imported

[SwitchE-bgp-default-ipv4-vpna] import-route static

[SwitchE-bgp-default-ipv4-vpna] quit

[SwitchE-bgp-default-vpna] quit

[SwitchE-bgp-default] quit

# 配置连接广域网的接口Vlan-interface10与VPN实例vpna关联。

[SwitchE] interface vlan-interface 10

[SwitchE-Vlan-interface20] ip binding vpn-instance vpna

[SwitchE-Vlan-interface20] ip address 22.1.1.5 24

[SwitchE-Vlan-interface20] quit

3.4  验证配置

3.4.1  验证MDC配置

# 以Switch A为例,查看MDC是否存在并且运转正常。此时,Switch A上应该有两台处于正常工作active状态的MDC。

[SwitchA] display mdc

ID         Name            Status

1          Admin           active

2          SWA-MDC1        active

3          SWA-MDC2        active

# 登录SWA-MDC2。

[SwitchA] switchto mdc SWA-MDC2

******************************************************************************

* Copyright (c) 2004-2018 New H3C Technologies Co., Ltd. All rights reserved.*

* Without the owner's prior written consent,                                 *

* no decompiling or reverse-engineering shall be allowed.                    *

******************************************************************************

 

<SWA-MDC2>%Mar  2 10:43:04:214 2018 SWA-MDC2 SHELL/5/SHELL_LOGIN: -MDC=3; Console logged in from con0.

# 通过命令display interface brief查看为SWA-MDC2分配的接口。

<SWA-MDC2> display interface brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP      Description

InLoop0              UP   UP(s)    --

Loop0                UP   UP(s)    1.1.1.1

MGE0/0/0             DOWN DOWN     --

NULL0                UP   UP(s)    --

REG0                 UP   --       --

Vlan10               UP   UP       11.1.1.1

Vlan20               UP   UP       13.1.1.1

Vlan30               UP   UP       15.1.1.1

 

Brief information on interfaces in bridge mode:

Link: ADM - administratively down; Stby - standby

Speed: (a) - auto

Duplex: (a)/A - auto; H - half; F - full

Type: A - access; T - trunk; H - hybrid

Interface             Link Speed   Duplex Type PVID Description

XGE2/0/1              UP   1G(a)   F      A    30

XGE2/0/2              ADM  auto    F      A    1

XGE2/0/3              UP   1G(a)   F      A    10

XGE2/0/4              UP   1G(a)   F      A    20

XGE2/0/5              ADM  auto    F      A    1

XGE2/0/6              ADM  auto    F      A    1

XGE2/0/7              ADM  auto    F      A    1

XGE2/0/8              ADM  auto    F      A    1

XGE2/0/9              ADM  auto    F      A    1

XGE2/0/10             ADM  auto    F      A    1

XGE2/0/11             ADM  auto    F      A    1

XGE2/0/12             ADM  auto    F      A    1

XGE2/0/13             ADM  auto    F      A    1

XGE2/0/14             ADM  auto    F      A    1

XGE2/0/15             ADM  auto    F      A    1

XGE2/0/16             ADM  auto    F      A    1

XGE2/0/17             ADM  auto    F      A    1

XGE2/0/18             ADM  auto    F      A    1

XGE2/0/19             ADM  auto    F      A    1

XGE2/0/20             ADM  auto    F      A    1

XGE2/0/21             ADM  auto    F      A    1

XGE2/0/22             ADM  auto    F      A    1

XGE2/0/23             ADM  auto    F      A    1

XGE2/0/24             ADM  auto    F      A    1

3.4.2  验证EVPN网络

# 以Switch C为例,在分布式EVPN网关上查看EVPN路由信息。

[SwitchC] display bgp l2vpn evpn

 

 BGP local router ID is 3.3.3.3

 Status codes: * - valid, > - best, d - dampened, h - history

               s - suppressed, S - stale, i - internal, e - external

               a - additional-path

       Origin: i - IGP, e - EGP, ? - incomplete

 

 Total number of routes from all PEs: 10

 

 Route distinguisher: 1:1(vpna)

 Total number of routes: 6

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >i [2][0][48][a21a-36c9-0806][32][10.1.1.20]/136

                        4.4.4.4         0          100        0       i

* >i [2][0][48][a21a-39de-0907][32][10.1.2.20]/136

                        4.4.4.4         0          100        0       i

* >i [5][0][0][0.0.0.0]/80

                        5.5.5.5         0          100        0       ?

*  i                    5.5.5.5         0          100        0       ?

* >  [5][0][24][10.1.1.0]/80

                        0.0.0.0         0          100        32768   i

* >  [5][0][24][10.1.2.0]/80

                        0.0.0.0         0          100        32768   i

 

 Route distinguisher: 1:10

 Total number of routes: 6

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >  [2][0][48][a21a-2df1-0606][32][10.1.1.10]/136

                        0.0.0.0         0          100        32768   i

* >i [2][0][48][a21a-36c9-0806][32][10.1.1.20]/136

                        4.4.4.4         0          100        0       i

*  i                    4.4.4.4         0          100        0       i

* >  [3][0][32][3.3.3.3]/80

                        0.0.0.0         0          100        32768   i

* >i [3][0][32][4.4.4.4]/80

                        4.4.4.4         0          100        0       i

*  i                    4.4.4.4         0          100        0       i

 

 Route distinguisher: 1:20

 Total number of routes: 6

 

     Network            NextHop         MED        LocPrf     PrefVal Path/Ogn

 

* >  [2][0][48][a21a-3300-0707][32][10.1.2.10]/136

                        0.0.0.0         0          100        32768   i

* >i [2][0][48][a21a-39de-0907][32][10.1.2.20]/136

                        4.4.4.4         0          100        0       i

*  i                    4.4.4.4         0          100        0       i

* >  [3][0][32][3.3.3.3]/80

                        0.0.0.0         0          100        32768   i

* >i [3][0][32][4.4.4.4]/80

                        4.4.4.4         0          100        0       i

*  i                    4.4.4.4         0          100        0       i

# 查看Switch C上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。

[SwitchC] display interface tunnel

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 3.3.3.3, destination 4.4.4.4

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 10 packets, 980 bytes, 0 drops

Output: 19 packets, 1520 bytes, 0 drops

 

Tunnel2

Current state: UP

Line protocol state: UP

Description: Tunnel2 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Last clearing of counters: Never

Tunnel source 3.3.3.3, destination 5.5.5.5

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops...

# 查看Switch C上的VSI虚接口信息,可以看到VSI虚接口处于up状态。

[SwitchC] display interface vsi-interface

Vsi-interface1

Current state: UP

Line protocol state: UP

Description: Vsi-interface1 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1444

Internet address: 10.1.1.1/24 (primary)

IP packet frame type: Ethernet II, hardware address: 0001-0001-0001

IPv6 packet frame type: Ethernet II, hardware address: 0001-0001-0001

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 192 packets, 18816 bytes, 0 drops

 

Vsi-interface2

Current state: UP

Line protocol state: UP

Description: Vsi-interface2 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1444

Internet address: 10.1.2.1/24 (primary)

IP packet frame type: Ethernet II, hardware address: 0002-0002-0002

IPv6 packet frame type: Ethernet II, hardware address: 0002-0002-0002

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 128 packets, 8960 bytes, 0 drops

 

Vsi-interface3

Current state: UP

Line protocol state: UP

Description: Vsi-interface3 Interface

Bandwidth: 1000000 kbps

Maximum transmission unit: 1444

Internet protocol processing: Disabled

IP packet frame type: Ethernet II, hardware address: a21a-0861-0300

IPv6 packet frame type: Ethernet II, hardware address: a21a-0861-0300

Physical: Unknown, baudrate: 1000000 kbps

Last clearing of counters: Never

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# 查看Switch C上的VSI信息,可以看到VSI内创建的VXLAN、与VXLAN关联的VXLAN隧道、与VSI关联的VSI虚接口等信息。

[SwitchC] display l2vpn vsi verbose

VSI Name: Auto_L3VNI1000_3

  VSI Index               : 2

  VSI State               : Down

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : Unlimited

  Multicast Restrain      : Unlimited

  Unknown Unicast Restrain: Unlimited

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  Gateway Interface       : VSI-interface 3

  VXLAN ID                : 1000

 

VSI Name: vpna

  VSI Index               : 0

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : Unlimited

  Broadcast Restrain      : Unlimited

  Multicast Restrain      : Unlimited

  Unknown Unicast Restrain: Unlimited

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  Gateway Interface       : VSI-interface 1

  VXLAN ID                : 10

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel1              0x5000000  UP       Auto        Disabled

  ACs:

    AC                                Link ID  State       Type

    XGE1/0/1 srv1000                  0        Up          Manual

 

VSI Name: vpnb

  VSI Index               : 1

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : -

  Broadcast Restrain      : Unlimited

  Multicast Restrain      : Unlimited

  Unknown Unicast Restrain: Unlimited

  MAC Learning            : Enabled

  MAC Table Limit         : -

  MAC Learning rate       : -

  Drop Unknown            : -

  Flooding                : Enabled

  Statistics              : Disabled

  Gateway Interface       : VSI-interface 2

  VXLAN ID                : 20

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel1              0x5000000  UP       Auto        Disabled

  ACs:

    AC                                Link ID  State       Type

    XGE1/0/2 srv1000                  0        Up          Manual

# 查看Switch C上VSI的ARP表项信息,可以看到已学习到了本地和远端虚拟机的ARP信息。

[SwitchC] display arp

  Type: S-Static   D-Dynamic   O-Openflow   R-Rule   M-Multiport  I-Invalid

IP address      MAC address    VLAN/VSI   Interface                 Aging Type

11.1.1.1        a210-9a1c-0182 10         XGE1/0/3                  240   D

12.1.1.2        a21a-01b9-0242 20         XGE1/0/5                  240   D

10.1.1.10       a21a-2df1-0606 0          XGE1/0/1                  489   D

10.1.2.10       a21a-3300-0707 1          XGE1/0/2                  414   D

4.4.4.4         a21a-0fb2-0400 2          Tunnel1                   --    R

5.5.5.5         a21a-17fd-0500 2          Tunnel2                   --    R

# 查看Switch C上VSI的EVPN ARP表项信息,可以看到已学习到了本地虚拟机的ARP信息。

[SwitchC] display evpn route arp

Flags: D - Dynamic   B - BGP      L - Local active

       G - Gateway   S - Static   M - Mapping

 

VPN instance: vpna                            Interface: Vsi-interface1

IP address      MAC address     Router MAC      VSI index   Flags

10.1.1.1        0001-0001-0001  a21a-0861-0300  0           GL

10.1.1.10       a21a-2df1-0606  a21a-0861-0300  0           DL

10.1.1.20       a21a-36c9-0806  a21a-0fb2-0400  0           B

 

VPN instance: vpna                            Interface: Vsi-interface2

IP address      MAC address     Router MAC      VSI index   Flags

10.1.2.1        0002-0002-0002  a21a-0861-0300  1           GL

10.1.2.10       a21a-3300-0707  a21a-0861-0300  1           DL

10.1.2.20       a21a-39de-0907  a21a-0fb2-0400  1           B

<SwitchC>

# 验证Sever之间可以互访且Sever可以访问广域网

Sever 1、Sever 2、Sever 3和Sever 4之间可以互访,各Sever可以访问广域网

3.4.3  验证组播网络

# 在Switch F上查看PIM-SM域中的RP信息。

[SwitchF] display pim rp-info

 BSR RP information:

   Scope: non-scoped

     Group/MaskLen: 225.1.1.0/24

       RP address               Priority  HoldTime  Uptime    Expires

       1.1.1.1                  192       180       00:51:45  00:02:22

 

Static RP information:

       RP address               ACL   Mode    Preferred

       2.2.2.2                  ----  pim-sm  No

 

[SwitchF] display pim bsr-info

 Scope: non-scoped

     State: Accept Preferred

     Bootstrap timer: 00:01:44

     Elected BSR address: 1.1.1.1

       Priority: 64

       Hash mask length: 30

       Uptime: 00:11:18

 

[SwitchF]disp pim interface

Interface           NbrCnt HelloInt   DR-Pri     DR-Address

 Vlan10             0      30         1          10.1.4.1      (local)

 Vlan20             1      30         1          1.1.1.1

# 在SWA-MDC2上查看PIM-SM域中的BSR信息。

[SWA-MDC2] display pim bsr-info

 Scope: non-scoped

     State: Elected

     Bootstrap timer: 00:01:44

     Elected BSR address: 1.1.1.1

       Priority: 64

       Hash mask length: 30

       Uptime: 00:11:18

     Candidate BSR address: 1.1.1.1

       Priority: 64

       Hash mask length: 30

# 在SWA-MDC2上查看PIM-SM域中的静态C-RP信息。

[SWA-MDC2]display pim c-rp

 Scope: non-scoped

     Group/MaskLen: 224.0.0.0/4

       C-RP address             Priority  HoldTime  Uptime    Expires

       1.1.1.1 (local)          192       150       03:01:36  00:02:29

3.5  配置文件

1. Switch A

#

mdc Admin id 1

  undo location slot 1

  undo location slot 2

#

mdc SWA-MDC1 id 2

 location slot 1

 mdc start

 allocate interface Ten-GigabitEthernet1/0/1 to Ten-GigabitEthernet 1/0/24

#

mdc SWA-MDC2 id 3

 location slot 2

 mdc start

 allocate interface Ten-GigabitEthernet 2/0/1 to Ten-GigabitEthernet 2/0/24

#

2. SWA-MDC1

#

ospf 100 router-id 6.6.6.6

 area 0.0.0.0

  network 6.6.6.6 0.0.0.0

  network 17.1.1.0 0.0.0.255

  network 18.1.1.0 0.0.0.255

#

vlan 10

#

vlan 20

#

interface LoopBack0

 ip address 6.6.6.6 255.255.255.255

#

interface Vlan-interface10

 ip address 17.1.1.6 255.255.255.0

 pim sm

#

interface Vlan-interface20

 ip address 18.1.1.6 255.255.255.0

 pim sm

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 10

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 20

#

multicast routing

#

pim

 static-rp 2.2.2.2

#

3. SWA-MDC2

#

ospf 100 router-id 1.1.1.1

 area 0.0.0.0

  network 1.1.1.1 0.0.0.0

  network 11.1.1.0 0.0.0.255

  network 13.1.1.0 0.0.0.255

  network 15.1.1.0 0.0.0.255

#

vlan 10

#

vlan 20

#

vlan 30

#

interface LoopBack0

 ip address 1.1.1.1 255.255.255.255

#

interface Vlan-interface10

 ip address 11.1.1.1 255.255.255.0

#

interface Vlan-interface20

 ip address 13.1.1.1 255.255.255.0

 pim sm

#

interface Vlan-interface30

 ip address 15.1.1.1 255.255.255.0

 pim sm

#

interface Ten-GigabitEthernet2/0/1

 port link-mode bridge

 port access vlan 30

#

interface Ten-GigabitEthernet2/0/3

 port link-mode bridge

 port access vlan 10

#

interface Ten-GigabitEthernet2/0/4

 port link-mode bridge

 port access vlan 20

#

bgp 100

 group evpn internal

 peer evpn connect-interface LoopBack0

 peer 2.2.2.2 as-number 100

 peer 2.2.2.2 connect-interface LoopBack0

 peer 3.3.3.3 group evpn

 peer 4.4.4.4 group evpn

 peer 5.5.5.5 group evpn

 #

 address-family l2vpn evpn

  reflector cluster-id 8.8.8.8

  undo policy vpn-target

  peer evpn enable

  peer evpn reflect-client

  peer 2.2.2.2 enable

#

multicast routing

#

pim

 c-bsr 1.1.1.1

 c-rp 1.1.1.1

 static-rp 2.2.2.2

#

4. Switch B

#

mdc Admin id 1

  undo location slot 1

  undo location slot 2

#

mdc SWB-MDC1 id 2

 location slot 1

 mdc start

 allocate interface Ten-GigabitEthernet1/0/1 to Ten-GigabitEthernet1/0/24

#

mdc SWB-MDC2 id 3

 location slot 2

 mdc start

allocate interface Ten-GigabitEthernet2/0/1 to Ten-GigabitEthernet2/0/24

#

5. SWB-MDC1

#

ospf 100 router-id 7.7.7.7

 area 0.0.0.0

  network 7.7.7.7 0.0.0.0

  network 19.1.1.0 0.0.0.255

  network 20.1.1.0 0.0.0.255

#

vlan 10

#

vlan 50

#

interface LoopBack0

 ip address 7.7.7.7 255.255.255.255

#

interface Vlan-interface10

 ip address 20.1.1.7 255.255.255.0

#

interface Vlan-interface50

 ip address 19.1.1.7 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 10

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 50

#

6. SWB-MDC2

#

ospf 100 router-id 2.2.2.2

 area 0.0.0.0

  network 2.2.2.2 0.0.0.0

  network 12.1.1.0 0.0.0.255

  network 14.1.1.0 0.0.0.255

  network 16.1.1.0 0.0.0.255

#

vlan 10

#

vlan 20

#

vlan 40

#

interface LoopBack0

 ip address 2.2.2.2 255.255.255.255

#

interface Vlan-interface10

 ip address 14.1.1.2 255.255.255.0

 pim sm

#

interface Vlan-interface20

 ip address 12.1.1.2 255.255.255.0

#

interface Vlan-interface40

 ip address 16.1.1.2 255.255.255.0

 pim sm

#

interface Ten-GigabitEthernet2/0/2

 port link-mode bridge

 port access vlan 40

#

interface Ten-GigabitEthernet2/0/3

 port link-mode bridge

 port access vlan 10

#

interface Ten-GigabitEthernet2/0/5

 port link-mode bridge

 port access vlan 20

#

bgp 100

 group evpn internal

 peer evpn connect-interface LoopBack0

 peer 1.1.1.1 as-number 100

 peer 1.1.1.1 connect-interface LoopBack0

 peer 3.3.3.3 group evpn

 peer 4.4.4.4 group evpn

 peer 5.5.5.5 group evpn

 #

 address-family l2vpn evpn

  reflector cluster-id 8.8.8.8

  undo policy vpn-target

  peer evpn enable

  peer evpn reflect-client

  peer 1.1.1.1 enable

#

multicast routing

#

pim

 static-rp 2.2.2.2

#

7. Switch C

#

ip vpn-instance vpna

 route-distinguisher 1:1

 #

 address-family ipv4

  vpn-target 2:2 import-extcommunity

  vpn-target 2:2 export-extcommunity

 #

 address-family evpn

  vpn-target 1:1 import-extcommunity

  vpn-target 1:1 export-extcommunity

#

 vxlan tunnel mac-learning disable

#

ospf 100 router-id 3.3.3.3

 area 0.0.0.0

  network 3.3.3.3 0.0.0.0

  network 11.1.1.0 0.0.0.255

  network 12.1.1.0 0.0.0.255

#

vlan 10

#

vlan 20

#

 l2vpn enable

 vxlan tunnel arp-learning disable

#

vsi vpna

 gateway vsi-interface 1

 vxlan 10

 evpn encapsulation vxlan

  route-distinguisher auto

  vpn-target auto export-extcommunity

  vpn-target auto import-extcommunity

#

vsi vpnb

 gateway vsi-interface 2

 vxlan 20

 evpn encapsulation vxlan

  route-distinguisher auto

  vpn-target auto export-extcommunity

  vpn-target auto import-extcommunity

#

interface LoopBack0

 ip address 3.3.3.3 255.255.255.255

#

interface Vlan-interface10

 ip address 11.1.1.3 255.255.255.0

#

interface Vlan-interface20

 ip address 12.1.1.3 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 service-instance 1000

  encapsulation s-vid 10

  xconnect vsi vpna

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 service-instance 1000

  encapsulation s-vid 11

  xconnect vsi vpnb

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port access vlan 10

#

interface Ten-GigabitEthernet1/0/4

 port link-mode bridge

 port access vlan 20

#

interface Ten-GigabitEthernet1/0/5

 port link-mode bridge

 port access vlan 20

#

interface Vsi-interface1

 ip binding vpn-instance vpna

 ip address 10.1.1.1 255.255.255.0

 mac-address 0001-0001-0001

 local-proxy-arp enable

 distributed-gateway local

#

interface Vsi-interface2

 ip binding vpn-instance vpna

 ip address 10.1.2.1 255.255.255.0

 mac-address 0002-0002-0002

 local-proxy-arp enable

 distributed-gateway local

#

interface Vsi-interface3

 ip binding vpn-instance vpna

 l3-vni 1000

#

bgp 100

 peer 1.1.1.1 as-number 100

 peer 1.1.1.1 connect-interface LoopBack0

 peer 2.2.2.2 as-number 100

 peer 2.2.2.2 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 1.1.1.1 enable

  peer 2.2.2.2 enable

 

8. Switch D

#

ip vpn-instance vpna

 route-distinguisher 1:1

 #

 address-family ipv4

  vpn-target 2:2 import-extcommunity

  vpn-target 2:2 export-extcommunity

 #

 address-family evpn

  vpn-target 1:1 import-extcommunity

  vpn-target 1:1 export-extcommunity

#

 vxlan tunnel mac-learning disable

#

ospf 100 router-id 4.4.4.4

 area 0.0.0.0

  network 4.4.4.4 0.0.0.0

  network 13.1.1.0 0.0.0.255

  network 14.1.1.0 0.0.0.255

  network 21.1.1.0 0.0.0.255

 

#

vlan 10

#

vlan 20

#

vlan 30

#

 l2vpn enable

 vxlan tunnel arp-learning disable

#

vsi vpna

 gateway vsi-interface 1

 vxlan 10

 evpn encapsulation vxlan

  route-distinguisher auto

  vpn-target auto export-extcommunity

  vpn-target auto import-extcommunity

#

vsi vpnb

 gateway vsi-interface 2

 vxlan 20

 evpn encapsulation vxlan

  route-distinguisher auto

  vpn-target auto export-extcommunity

  vpn-target auto import-extcommunity

#

interface LoopBack0

 ip address 4.4.4.4 255.255.255.255

#

interface Vlan-interface10

 ip address 14.1.1.4 255.255.255.0

 pim sm

#

interface Vlan-interface20

 ip address 13.1.1.4 255.255.255.0

 pim sm

#

interface Vlan-interface30

 ip address 21.1.1.4 255.255.255.0

 pim sm

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 service-instance 1000

  encapsulation s-vid 12

  xconnect vsi vpna

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 service-instance 1000

  encapsulation s-vid 13

  xconnect vsi vpnb

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port access vlan 10

#

interface Ten-GigabitEthernet1/0/4

 port link-mode bridge

 port access vlan 20

#

interface Ten-GigabitEthernet1/0/5

 port link-mode bridge

 port access vlan 30

#

interface Vsi-interface1

 ip binding vpn-instance vpna

 ip address 10.1.1.1 255.255.255.0

 mac-address 0001-0001-0001

 local-proxy-arp enable

 distributed-gateway local

#

interface Vsi-interface2

 ip binding vpn-instance vpna

 ip address 10.1.2.1 255.255.255.0

 mac-address 0002-0002-0002

 local-proxy-arp enable

 distributed-gateway local

#

interface Vsi-interface3

 ip binding vpn-instance vpna

 l3-vni 1000

#

bgp 100

 peer 1.1.1.1 as-number 100

 peer 1.1.1.1 connect-interface LoopBack0

 peer 2.2.2.2 as-number 100

 peer 2.2.2.2 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 1.1.1.1 enable

  peer 2.2.2.2 enable

#

multicast routing

#

pim

 static-rp 2.2.2.2

#

9. Switch E

#

ip vpn-instance vpna

 route-distinguisher 1:1

 #

 address-family ipv4

  vpn-target 2:2 import-extcommunity

  vpn-target 2:2 export-extcommunity

 #

 address-family evpn

  vpn-target 1:1 import-extcommunity

  vpn-target 1:1 export-extcommunity

#

 vxlan tunnel mac-learning disable

#

ospf 100 router-id 5.5.5.5

 area 0.0.0.0

  network 5.5.5.5 0.0.0.0

  network 15.1.1.0 0.0.0.255

  network 16.1.1.0 0.0.0.255

  network 18.1.1.0 0.0.0.255

  network 19.1.1.0 0.0.0.255

  network 22.1.1.0 0.0.0.255

#

vlan 10

#

vlan 20

#

vlan 30

#

vlan 40

#

vlan 50

#

 l2vpn enable

 vxlan tunnel arp-learning disable

#

interface LoopBack0

 ip address 5.5.5.5 255.255.255.255

#

interface Vlan-interface10

 ip binding vpn-instance vpna

 ip address 22.1.1.5 255.255.255.0

#

interface Vlan-interface20

 ip address 18.1.1.5 255.255.255.0

 pim sm

#

interface Vlan-interface30

 ip address 15.1.1.5 255.255.255.0

 pim sm

#

interface Vlan-interface40

 ip address 16.1.1.5 255.255.255.0

 pim sm

#

interface Vlan-interface50

 ip address 19.1.1.5 255.255.255.0

#

interface Ten-GigabitEthernet1/0/1

 port link-mode bridge

 port access vlan 30

#

interface Ten-GigabitEthernet1/0/2

 port link-mode bridge

 port access vlan 40

#

interface Ten-GigabitEthernet1/0/3

 port link-mode bridge

 port access vlan 10

#

interface Ten-GigabitEthernet1/0/17

 port link-mode bridge

 port access vlan 20

#

interface Ten-GigabitEthernet1/0/18

 port link-mode bridge

 port access vlan 50

#

interface Vsi-interface3

 ip binding vpn-instance vpna

 l3-vni 1000

#

bgp 100

 peer 1.1.1.1 as-number 100

 peer 1.1.1.1 connect-interface LoopBack0

 peer 2.2.2.2 as-number 100

 peer 2.2.2.2 connect-interface LoopBack0

 #

 address-family l2vpn evpn

  peer 1.1.1.1 enable

  peer 2.2.2.2 enable

 #

 ip vpn-instance vpna

  #

  address-family ipv4 unicast

   default-route imported

   import-route static

#

multicast routing

#

pim

 static-rp 2.2.2.2

#

 ip route-static vpn-instance vpna 0.0.0.0 0 22.1.1.100

10. Switch F

#

ospf 100 router-id 9.9.9.9

 area 0.0.0.0

  network 9.9.9.9 0.0.0.0

  network 17.1.1.0 0.0.0.255

#

vlan 10

#

vlan 20

#

interface LoopBack0

 ip address 9.9.9.9 255.255.255.255

#

interface Vlan-interface10

 ip address 17.1.1.9 255.255.255.0

 pim sm

#

interface Vlan-interface20

 ip address 10.1.4.1 255.255.255.0

 igmp enable

#

interface Ten-GigabitEthernet1/0/17

 port link-mode bridge

 port access vlan 20

#

interface Ten-GigabitEthernet1/0/18

 port link-mode bridge

 port access vlan 10

#

multicast routing

#

pim

 static-rp 2.2.2.2

#

4  相关资料

·              H3C S7600系列交换机 MDC配置指导-R757X

·              H3C S7600系列交换机 MDC命令参考-R757X

·              H3C S7600系列交换机 EVPN配置指导-R757X

·              H3C S7600系列交换机 EVPN命令参考-R757X

 

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

新华三官网
联系我们