• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 关于我们

18-EVPN配置指导

目录

04-组播VXLAN配置

本章节下载 04-组播VXLAN配置  (1.22 MB)

04-组播VXLAN配置

  录

1 组播VXLAN概述

1.1 组播VXLAN配置限制和指导

1.2 组播VXLAN工作模式

1.3 入方向复制模式组播VXLAN

1.3.1 典型组网

1.3.2 工作机制

1.4 MDT模式组播VXLAN

1.4.1 技术优点

1.4.2 典型组网

1.4.3 基本概念

1.4.4 MP-BGP扩展

1.4.5 自动建立和关联MVXLAN隧道

1.4.6 创建Default-MDT

1.4.7 基于Default-MDT的传输

1.4.8 Data-MDT切换

1.4.9 组播VXLAN支持M-LAG

1.4.10 跨数据中心三层组播互通

1.4.11 跨数据中心三层组播互通支持多ED

2 配置入方向复制模式组播VXLAN

2.1 入方向复制模式组播VXLAN配置限制和指导

2.2 入方向复制模式组播VXLAN配置任务简介

2.3 使能VPN实例的IP组播路由

2.4 创建MVXLAN实例

2.5 配置分布式DR接口

2.6 入方向复制模式组播VXLAN典型配置举例

2.6.1 入方向复制模式组播VXLAN基本配置举例

3 配置MDT模式组播VXLAN

3.1 MDT模式组播VXLAN配置限制和指导

3.2 MDT模式组播VXLAN配置任务简介

3.3 使能VPN实例的IP组播路由

3.4 创建MVXLAN实例

3.5 配置Default-Group

3.6 指定MVXLAN源接口

3.7 配置Data-MDT切换参数

3.8 配置分布式DR接口

3.9 配置跨VPN组播转发路由选路策略

3.10 配置组播VXLAN支持M-LAG

3.11 配置跨数据中心三层组播互通

3.11.1 功能简介

3.11.2 配置限制和指导

3.11.3 配置DC间的ED

3.11.4 配置DC内的VTEP

3.12 配置跨数据中心三层组播互通支持多ED

3.13 MDT模式组播VXLAN显示和维护

3.14 MDT模式组播VXLAN典型配置举例

3.14.1 相同VPN内MVXLAN三层组播互通配置举例

3.14.2 对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)

3.14.3 非对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)

3.14.4 存在公网接收者跨VPN组网MVXLAN三层组播互通配置举例

3.14.5 组播VXLAN支持M-LAG配置举例(直连模式peer-link链路)

3.14.6 双DC跨数据中心三层组播互通配置举例(不同DC相同L3VNI)

3.14.7 三DC之间使用相同专属VPN进行映射配置举例

3.14.8 三DC之间使用不同专属VPN进行映射举例

 


1 组播VXLAN概述

MVXLAN(Multicast VXLAN,组播VXLAN)是一种在VXLAN或EVPN VXLAN网络中进行组播业务传输的技术,实现了点到多点的高效数据传递。

 

1.1  组播VXLAN配置限制和指导

1. 硬件限制

配置MVXLAN时,用户侧、公网侧端口必须位于以下接口板:

·     FD系列接口板

·     FE系列接口板

·     SG系列接口板

用户侧端口所属VLAN的报文不支持直接往VXLAN公网进行三层组播转发。

LSQM1SRP4Y06A0主控上的业务端口不支持配置组播VXLAN功能。

2. 软件限制

目前,MVXLAN仅支持IPv4 Underlay网络,不支持IPv6 Underlay网络。

目前,MVXLAN仅支持IPv4 Underlay网络,不支持IPv6 Underlay网络。

在组播VXLAN PIM SSM组网场景中,核心层设备(Spine)不能同时作为Leaf设备连接组播用户,关于Spine和Leaf的详细介绍,请参见“EVPN配置指导”中的“EVPN VXLAN和数据中心互联配置”。

在MVXLAN网络中配置AC与VSI关联时:

·     不支持Ethernet接入模式。相关命令为xconnect vsi,请参见“VXLAN命令参考”中的“VXLAN”。

·     AC不支持同时匹配外层VLAN标签和内层VLAN标签(encapsulation s-vid { vlan-id | vlan-id-list } c-vid { vlan-id-list | all })。

1.2  组播VXLAN工作模式

目前,组播VXLAN支持两种工作模式:

·     入方向复制模式:实现在VXLAN网络中传输不同VPN实例的组播流量。

·     MDT(Multicast Distribution Tree,组播分发树)模式:实现在EVPN VXLAN网络中传输组播流量。

1.3  入方向复制模式组播VXLAN

1.3.1  典型组网

入方向复制模式组播VXLAN的典型组网如图1-1所示。Border设备与VTEP设备之间手工建立VXLAN隧道,并与VXLAN关联。组播源连接到Border,组播接收者连接到VTEP。Border接收到组播源发送的组播流量后,能够区分流量所属的VPN,并在对应的VPN内通过VXLAN隧道将组播流量转发到远端VTEP。VTEP再将组播流量转发给组播接收者。

图1-1 入方向复制模式组播VXLAN典型组网

 

1.3.2  工作机制

入方向复制模式组播VXLAN组网中,Border和VTEP上需要进行如下组播相关配置:

·     在Border上创建VSI虚接口,将该接口与VPN实例绑定,并在该接口上开启IGMP功能。

·     将Border连接组播源的接口与VPN实例绑定。

·     Border和VTEP上,均需要在VSI视图下开启IGMP snooping功能。

入方向复制模式组播VXLAN的组播表项学习过程为:

(1)     在Border的VSI虚接口上开启IGMP功能后,该接口将在其关联的VXLAN内广播发送IGMP查询报文。

(2)     VTEP从VXLAN隧道上接收到IGMP查询报文后,将VXLAN隧道接口设置为IGMP snooping的路由器端口。VTEP解封装报文,并将其发送给本地主机。

(3)     如果本地存在组播接收者,则接收者回复IGMP成员关系报告报文。

(4)     VTEP将接收到IGMP成员关系报告报文的AC设置为IGMP snooping的成员端口,并通过路由器端口(VXLAN隧道接口)将该报文封装后发送给Border。

(5)     Border从VXLAN隧道上接收到IGMP成员关系报告报文后,将该VXLAN隧道接口设置为IGMP snooping的成员端口。

完成组播表项学习后,组播流量将按照表项进行转发:

(1)     Border接收到组播流量后,判断流量接收接口所属的VPN实例,在该VPN实例内查表转发组播流量。

(2)     如果组播流量的出接口为VSI虚接口,则在该VSI虚接口对应VXLAN内查找IGMP snooping成员端口(VXLAN隧道接口),通过这些VXLAN隧道接口将组播流量转发给连接组播接收者的远端VTEP。

(3)     VTEP从VXLAN隧道上接收到组播流量后,解封装该报文,并将其通过IGMP snooping成员端口转发给相应的组播接收者。

1.4  MDT模式组播VXLAN

MDT模式即在公网上建立以组播源所在的VTEP为根,组播接收者所在的VTEP为叶的组播分发树,通过单向MVXLAN隧道在公网中沿组播分发树转发组播流量,实现组播流量的最优路径转发。

1.4.1  技术优点

MDT模式组播VXLAN具有如下优点:

·     按需转发组播流量:使用BGP EVPN路由和PIM协议搭建组播分发树、控制接收者加入或离开组播组,实现按需转发组播流量。

·     不同VXLAN之间可以转发组播流量:通过部署分布式EVPN网关,实现组播流量跨VXLAN的三层转发。

1.4.2  典型组网

图1-2所示,VTEP均为分布式EVPN网关,VTEP间建立MVXLAN隧道。VTEP上创建MVXLAN实例指导组播流量转发,通过本地AC和MVXLAN隧道分别将组播流量转发至本地接收者和远端VTEP。有关VTEP、VSI、VXLAN的详细介绍,请参见“VXLAN配置指导”中的“VXLAN”。有关EVPN的详细介绍,请参见“EVPN配置指导”中的“EVPN”。

图1-2 MDT模式MVXLAN典型组网

 

1.4.3  基本概念

·     MDT:建立在属于同一MVXLAN内所有VTEP间的组播分发树,包括Default-MDT和Data-MDT两种。

·     Default-Group(默认组):每个MVXLAN在公网上分配一个独立的组播组,称为Default-Group。它是MVXLAN在公网上的唯一标志,用来在公网上建立MVXLAN所对应的Default-MDT。无论私网组播报文属于哪个组播组,VTEP都统一将其封装为普通的公网组播数据报文,并以Default-Group作为其所属的公网组播组。

·     Default-MDT(Default-Multicast Distribution Tree,默认组播分发树):以Default-Group为组地址的MDT,称为Default-MDT。MVXLAN使用Default-Group唯一标识一棵Default-MDT。在该MVXLAN中传输的所有私网组播报文,无论从哪个VTEP进入公网,都经由此Default-MDT转发。Default-MDT是在配置完成后自动生成的,在公网中将会一直存在,而不论公网或私网中有没有实际的组播业务。

·     Data-Group(数据组):当组播流量通过指定ACL规则的过滤时,入口VTEP会为其分配一个独立的组播组,称为Data-Group,并通知其它VTEP使用该组播组在公网内转发该组播数据流量。一个MVXLAN唯一确定一个Data-Group范围以便进行Data-MDT切换。在进行Data-MDT切换时,从Data-Group范围中选取一个被引用最少的地址,从VTEP进入公网、通过指定ACL规则过滤的私网组播报文将使用该地址进行封装。

·     Data-MDT(Data-Multicast Distribution Tree,数据组播分发树):以Data-Group为组地址的MDT,称为Data-MDT。下游存在接收者的VTEP加入Data-Group,形成一棵Data-MDT,入口VTEP使用Data-MDT在公网中转发封装后的私网组播数据。

1.4.4  MP-BGP扩展

为了支持MVXLAN,MP-BGP在EVPN地址族新增了如下EVPN路由用于创建MDT:

·     Supplementary Broadcast Domain Selective Multicast Ethernet Tag Route:增强型广播域选择性组播以太网标签路由,也叫SBD-SMET路由,包含私网组播源地址和组播组地址信息,用于接收者侧的VTEP通告希望接收某个(*,G)或(S,G)的组播流量。该路由携带VPN实例下配置的RD和VPN实例IPv4地址族下配置的Export target。

·     Selective Provider Multicast Service Interface Route:选择性组播业务接口路由,也叫S-PMSI A-D路由,包含私网组播源地址、私网组播组地址、Default-Group或Data-Group地址及MVXLAN源接口地址。主要用于:

¡     组播源侧VTEP与其所有BGP邻居间建立Default-MDT。

¡     Default-MDT向Data-MDT切换。

该路由携带VPN实例下配置的RD和VPN实例IPv4地址族下配置的Export target。

1.4.5  自动建立和关联MVXLAN隧道

在MVXLAN网络中,VTEP间会自动创建源为MVXLAN下指定的源接口地址,组地址为Default-Group或Data-Group地址的MVXLAN隧道用于转发三层组播流量。该MVXLAN隧道是由组播源端VTEP指向组播接收者所在VTEP的单向MVXLAN隧道。MVXLAN创建后会自动与MVXLAN实例关联。

1.4.6  创建Default-MDT

公网中运行的组播路由协议可以是PIM-SM或PIM-SSM。在这两种情况下,创建Default-MDT的过程是相同的,且Default-MDT都具有以下特点:

·     网络中所有属于同一个MVXLAN的VTEP都加入该MVXLAN的Default-MDT。

·     所有属于某MVXLAN的私网组播报文进入公网后,均沿该MVXLAN的Default-MDT向各VTEP转发,无论VTEP所连接的Site中是否存在接收者。

图1-3 PIM-SM网络中创建MDT

 

图1-3所示,公网中运行PIM-SM,VTEP 1、VTEP 2和VTEP 3都运行MVXLAN。以VTEP 1下的站点作为组播源为例,Default-MDT的创建过程如下:

(1)     VTEP 1向VTEP 2和VTEP 3发送携带(*,*)信息的S-PMSI A-D路由给所有BGP邻居,开始创建Default-MDT。

(2)     VTEP 2和VTEP 3收到S-PMSI A-D路由后,路由中携带的(*,*)信息会触发VTEP 2和VTEP 3加入组播组,即VTEP 2和VTEP 3根据路由的PMSI Tunnel属性中的组播源和组播组信息(源为VTEP 1上MVXLAN隧道源接口的IP地址,组地址为VTEP 1上配置的Default-group)发送公网PIM加入信息,并在公网沿途建立组播表项,形成以VTEP 1为根,以VTEP 2和VTEP 3为叶的SPT,此SPT就是Default-MDT。

1.4.7  基于Default-MDT的传输

当Default-MDT创建完成后,组播源即可通过Default-MDT将私网组播数据发送给各Site中的接收者。私网组播数据在本地VTEP上进行VXLAN封装并沿Default-MDT传输,在远端VTEP上解封装并继续在私网内传输。

图1-4 组播数据报文的传输过程

 

图1-4所示,网络中运行PIM-SM,属于Site 2的私网组播组G(225.1.1.1)的接收者(Receiver)与VTEP 2相连;属于Site 1的组播源(Source)向G发送组播数据;用于公网组播数据转发的Default-Group为239.1.1.1。私网组播数据跨越公网进行传输的过程如下:

(1)     Source发送私网组播数据(192.1.1.1,225.1.1.1)到VTEP 1。

(2)     VTEP 1上根据组播报文,在VPN实例中创建(192.1.1.1,225.1.1.1)组播转发表。如果此时Receiver已经向VTEP 2发送IGMP加入信息,VTEP 2会向VTEP 1发送携带(*,G)的SBD-SMET路由,VTEP 1根据路由中的信息对组播报文进行VXLAN封装(外层源地址为MVXLAN的源接口地址,外层组地址为Default-group地址)沿已经创建好的Default-MDT将VXLAN报文发送至所有远端VTEP;如果此时没有接收者,则丢弃组播报文。

(3)     VTEP 2收到报文后,解封装VXLAN报文,还原私网组播报文,查找组播转发表将组播报文发送至本地Receiver。至此跨越公网网络的私网组播数据传输完成。

(4)     VTEP 3收到报文后,解封装VXLAN报文,还原私网组播报文,发现本地没有接收者,会将组播报文丢弃。

1.4.8  Data-MDT切换

说明

Data-MDT和Default-MDT都是同一个MVXLAN中的转发隧道。Default-MDT由Default-Group唯一确定;Data-MDT则由Data-Group唯一确定。每个Default-Group关联一组Data-Group范围。

 

1. 由Default-MDT向Data-MDT切换

在公网中通过Default-MDT传送组播数据时,组播报文被传输到支持同一VPN实例的所有VTEP上,无论该VTEP所连接的Site内是否存在接收者。当私网中组播数据的传输数据比较大时,可能在公网中造成数据的泛滥。这样既浪费网络带宽,又增加了VTEP的处理负担。

为了解决上述问题,MDT模式的MVXLAN支持在连接私网组播接收者和私网组播源的VTEP之间建立专用的Data-MDT,并将组播数据流从Default-MDT切换到Data-MDT,实现按需进行组播数据转发,避免组播流量在公网中泛滥。

Default-MDT向Data-MDT切换的过程如下:

(1)     私网组播数据通过了ACL规则的过滤时,发起从Default-MDT向Data-MDT的切换。

(2)     源端VTEP从配置的Data-Group范围中选取一个引用次数最少的Data-Group地址,并将其通过S-PMSI A-D路由发送至远端VTEP,该路由中包含私网组播源地址、私网组播组地址、源端VTEP上MVXLAN源接口地址、Data-Group地址。

(3)     远端VTEP收到S-PMSI A-D路由消息后,检查本地是否有私网组播流量的接收者:如果有,则回复加入信息加入以组播源所在的VTEP为根的Data-MDT;如果没有,则将该消息缓存起来,等待有接收者时直接回复加入信息加入Data-MDT。

(4)     当组播源端的VTEP发送S-PMSI A-D路由信息一定时间后,该VTEP会停止使用Default-Group地址对私网组播数据进行封装,并改用Data-Group地址进行封装,组播数据沿Data-MDT向下分发。

(5)     Default-MDT切换到Data-MDT之后,当某下游VTEP不再连接接收者时,可以通过发送PIM剪枝消息退出Data-MDT。

2. 由Data-MDT向Default-MDT反向切换

当私网组播数据切换到Data-MDT之后,由于情况变化导致其不满足切换条件时,组播源所在的VTEP会把此私网组播数据从Data-MDT反向切换回Default-MDT,反向切换的过程与Default-MDT切换为Data-MDT相同,此处不再赘述。只要满足如下条件之一,VTEP就会进行反向切换:

·     更改Data-Group范围后,用于私网组播数据封装的Data-Group不在新的范围之内。

·     控制私网组播数据由Default-MDT向Data-MDT切换的ACL规则发生了变化,私网组播数据不能通过新ACL规则的过滤。

1.4.9  组播VXLAN支持M-LAG

说明

目前,本功能仅支持站点网络和Underlay网络同为IPv4网络。

 

1. 功能简介

组播VXLAN利用M-LAG将两台物理设备连接起来虚拟成一台设备,避免设备单点故障对网络造成影响,从而提高组播VXLAN网络的可靠性。M-LAG的详细介绍,请参见“二层技术-以太网交换配置指导”中的“M-LAG”。

图1-5所示,在组播VXLAN组网中,VTEP和Border设备均支持M-LAG,且作为M-LAG设备的VTEP和Border设备均可以连接组播源和组播接收者。

图1-5 组播VXLAN支持M-LAG组网

 

2. 工作机制

组播VXLAN支持M-LAG通过peer-link链路在组成DR(Distributed Relay,分布式聚合)系统的成员设备间同步组播流量和组播接收者加入请求(IGMP成员关系报告报文或者PIM加入报文),使成员设备上的组播源和组播接收者信息保持一致,形成设备级备份。当一台成员设备发生故障(设备故障、上下行链路故障等)时,组播流量可以由另一台成员设备进行转发,从而避免组播流量转发中断。

图1-5所示,以VTEP 1和VTEP 2组成的M-LAG系统为例,组播VXLAN支持M-LAG的工作机制为:

(1)     VTEP 1和VTEP 2通过M-LAG虚拟成一台设备,拥有相同的虚拟地址,并与其他设备建立以虚拟地址为组播源地址、相同的Default-group为目的地址的MVXLAN隧道。

(2)     VTEP 1从Agg2接口接收到组播接收者发送的加入请求后,通过peer-link链路将加入请求同步到VTEP 2。

(3)     VTEP 1和VTEP 2均根据加入请求建立相应的组播转发表项,并向组播源侧VTEP发送SBD-SMET路由。

(4)     VTEP 1从Agg1接口接收到组播源发送的组播流量后,通过peer-link链路将组播流量转发至VTEP 2。

(5)     组播流量在VTEP 1和VTEP 2之间采用奇偶原则进行负载分担,即M-LAG系统编号为奇数的成员设备转发组播组地址为奇数的流量,M-LAG系统编号为偶数的成员设备转发组播组地址为偶数的流量。当一台设备发生故障时,另一台设备可以接替其工作,避免流量转发中断。

(6)     如果私网组播数据满足Data-group切换条件,则需要由Default-group向Data-group切换。在组播VXLAN支持M-LAG组网中,M-LAG的主设备(假设为VTEP 1)负责选取Data-group,进行Default-group向Data-group的切换,并通过SBD-SMET路由将选取的Data-group通告给VTEP 2。VTEP 2接收到SBD-SMET路由后,如果路由中通告的Data-group在本地配置的Data-Group范围内,则VTEP 2使用相同的Data-group;否则,VTEP 2自行选择Data-Group。VTEP 2未接收到SBD-SMET路由时,VTEP 1和VTEP 2独立选取Data-group。

1.4.10  跨数据中心三层组播互通

1. 技术优点

MDT模式组播VXLAN跨DC(Data Center,数据中心)三层组播互通具有如下优点:

·     按需转发组播流量:通过BGP EVPN路由感知DC外是否存在组播接收者,以此来控制ED是否将组播流量经VXLAN-DCI隧道转发至其他DC,实现按需转发组播流量。

·     不同DC使用不同L3VNI时也能互通:通过在ED上将不同DC的L3VNI映射为相同的L3VNI,或不同DC间的L3VNI相互映射,可以实现DC间相同VPN内不同L3VNI组播流量的互通。

2. 工作机制

图1-6 跨数据中心三层组播互通典型组网

 

图1-6所示,跨数据中心三层组播互通组网中,ED之间需要建立VXLAN-DCI隧道,组播流量通过该隧道在数据中心之间转发。

ED从对端ED接收到SBD-SMET路由和S-PMSI A-D路由后,需要进行如下处理:

·     SMET路由:ED根据路由的下一跳地址查找VXLAN-DCI隧道,该隧道接口作为组播流量的出接口,以便将DC内的组播流量通过该隧道转发给对端ED。

·     S-PMSI A-D路由:ED将该路由的PMSI Tunnel属性中的组播源地址修改为本地ED的MVXLAN源接口地址,以便在DC内建立以该ED为组播源的Default-MDT或Data-MDT。

DC内ED和VTEP之间的BGP EVPN路由发布和MVXLAN隧道建立过程与非跨数据中心组网完全相同。

完成BGP EVPN路由发布和VXLAN/MVXLAN隧道建立后,跨数据中心三层组播流量的转发过程为:

(2)     VTEP 1接收到组播源发送的组播流量后,识别流量所属的VPN,并在对应的VPN内通过组播隧道将流量转发给本DC内的VTEP 2和ED 1。

(3)     VTEP 2将组播流量转发给其下的组播接收者;ED 1将组播流量经VXLAN-DCI隧道转发给DC 2内的ED 2。

(4)     ED 2通过组播隧道将组播流量转发给VTEP 3,VTEP 3再将组播流量转发给组播接收者。

3. L3VNI映射

不同DC中的相同用户VPN使用不同L3VNI时,为了实现相同用户VPN内三层组播流量的跨数据中心互通,需要在ED进行如下处理:

·     创建一个专属的VPN实例。

·     对L3VNI进行映射,并使用映射的L3VNI与该VPN实例关联。ED上的L3VNI映射方式包括如下几种:

¡     将不同DC的L3VNI映射为相同的L3VNI,该L3VNI称为中间L3VNI。例如,DC 1内使用L3VNI 1、DC 2内使用L3VNI 2时,在DC 1内的ED 1上将L3VNI 1映射为中间L3VNI 12,在DC 2的ED 2内将L3VNI 2映射为中间L3VNI 12。

¡     不同DC的L3VNI互相映射。例如,DC 1内使用L3VNI 10、DC 2内使用L3VNI 20时,在DC 1内的ED 1上将L3VNI 10映射为L3VNI 20,在DC 2的ED 2内将L3VNI 20映射为L3VNI 10。

·     在VTEP和ED之间、不同DC的ED之间进行S-PMSI和SMET路由重生成,修改路由中的RD、RT和L3VNI。

图1-7 L3VNI映射示意图

 

图1-7所示,DC 1的L3VNI为1,DC 2的L3VNI为2,使用中间L3VNI 12进行L3VNI映射。在该组网中,ED上路由重生成及组播转发表项建立的过程为:

(2)     在VTEP 3上配置Default-Group之后,VTEP 3会主动发送携带(*,*)的S-PMSI路由,携带的L3VNI为2。

(3)     ED 2收到该S-PMSI路由(DC内)后,将其添加到用户VPN和专属VPN,在专属VPN内进行路由重生成,即替换S-PMSI中RD、RT和L3VNI(L3VNI替换为12)信息,并发送给ED 1。

(4)     ED 1收到重生成的S-PMSI路由(DC外,L3VNI为12)后,将其添加到用户VPN和专属VPN,在用户VPN内进行路由重生成,即替换S-PMSI中RD、RT和L3VNI(L3VNI替换为1)信息,并发送给VTEP 1和VTEP 2。

(5)     Recevier 3发送组播组G的IGMP Report报文后,VTEP 3上会生成(*,G)的组播表项,并主动发送(*,G)的SMET路由。

(6)     ED 2收到该SMET路由(DC内)后,将其添加到用户VPN和专属VPN,在专属VPN内对其进行重生成,即替换SMET中的RD等信息,发送给ED 1。同时,ED 2在用户VPN内生成(*,G)组播表项。

(7)     ED 1收到重生成的SMET路由(DC外)后,将其添加到户VPN和专属VPN,在用户VPN内对其进行重生成,发送给VTEP 1和VTEP 2。同时,ED 1在专属VPN内生成(*,G)组播表项,出接口为VSI接口。

(8)     VTEP 1和VTEP 2收到重生成的SMET路由(DC内)后,将其添加到用户VPN,并生成(*,G)组播表项。

(9)     组播流量到达VTEP 1上后,VTEP 1会主动发送封装Default-group并携带(S,G)组播源信息的S-PMSI路由。

(10)     ED 1收到携带(S,G)的S-PMSI路由(DC内),对路由进行重生成。同时,ED 1会在用户VPN内生成(S,G)的组播表项,出接口为专属VPN;专属VPN内也会生成(S,G)的组播表项,入接口为用户VPN,出接口为VSI接口,该VSI接口对应的出端口为VXLAN-DCI 隧道接口。即,流量从用户VPN进入后,通过专属VPN内的VSI接口(VXLAN-DCI隧道接口)发送出去,到达ED 2。

(11)     ED 2收到携带(S,G)的S-PMSI路由(DC外),对路由进行重生成。同时,ED 2会在专属VPN内生成(S,G)的组播表项,入接口为VSI接口,出接口为用户VPN;用户VPN内也会生成(S,G)的组播表项,入接口为专属VPN,出接口为MTunnel口。即,流量从专属VPN进入后,通过用户VPN内的MTunnel组播隧道转发至VTEP 3。

1.4.11  跨数据中心三层组播互通支持多ED

在跨数据中心三层组播互通组网中,为了提高ED的可靠性,避免单点故障,在数据中心的边缘可以部署多台ED设备与其他数据中心互联。这些ED设备使用相同的虚拟IP地址,虚拟成一台ED设备,并采用虚拟IP地址与VTEP、远端ED建立VXLAN隧道,以实现ED的冗余备份和负载分担。

图1-8 跨数据中心三层组播互通支持多ED典型组网

 

图1-8所示,跨数据中心三层组播互通支持多ED组网中,BGP EVPN路由发布和VXLAN/MVXLAN隧道建立过程与跨数据中心三层组播互通组网基本相同。所不同的是:

·     多ED(ED 1和ED 2)使用虚拟IP地址与远端ED(ED 3)建立VXLAN-DCI隧道。

·     ED 3接收到来自DC 1的SMET路由或S-PMSI A-D路由后,将路由的下一跳修改为多ED的虚拟IP地址。

·     ED不会加入同一个数据中心的其他ED的MVXLAN隧道。

完成BGP EVPN路由发布和VXLAN/MVXLAN隧道建立后,跨数据中心三层组播流量的转发过程为:

(1)     VTEP 1接收到组播源发送的组播流量后,识别流量所属的VPN,并在对应的VPN内通过组播隧道将流量转发给本DC内的VTEP、ED 1和ED2。

(2)     本DC内的其他VTEP将组播流量转发给其下的组播接收者。ED 1和ED 2根据一定的原则从中选取一台设备将组播流量经VXLAN-DCI隧道转发给DC 2内的ED 3。

(3)     远端ED(ED 3)通过组播隧道将组播流量转发给VTEP 2,VTEP 2再将组播流量转发给组播接收者。


2 配置入方向复制模式组播VXLAN

2.1  入方向复制模式组播VXLAN配置限制和指导

入方向复制模式组播VXLAN组网中,组播源只能连接到Border设备的VLAN接口。Border设备上用作AC的接口不能作为连接组播源接口。VXLAN DCI组网不支持入方向复制功能。

开启VSI虚接口的组播相关功能前,必须先配置VSI虚接口的主IP地址。

2.2  入方向复制模式组播VXLAN配置任务简介

入方向复制模式组播VXLAN配置任务如下:

(1)     配置VXLAN

a.     创建VSI和VXLAN

b.     配置VXLAN隧道

c.     手工关联VXLAN与VXLAN隧道

d.     建立数据帧与VSI的关联

有关VXLAN的配置方法,请参见“VXLAN配置指导”中的“VXLAN”。

(2)     配置IGMP和IGMP Snooping

a.     在Border上使能VSI虚接口的IGMP功能

b.     在Border和VTEP上使能VSI的IGMP Snooping

有关IGMP和IGMP Snooping的配置方法,请参见“IP组播配置指导”中的“IGMP”和“IGMP Snooping”。

(3)     配置VPN实例

a.     创建VPN实例

b.     在Border上配置VSI虚接口和连接组播源的接口关联VPN实例

有关VPN实例的配置方法,请参见“MPLS配置指导”中的“MPLS L3VPN”。

(4)     配置MVXLAN

a.     使能VPN实例的IP组播路由

b.     创建MVXLAN实例

c.     配置分布式DR接口

VTEP作为分布式VXLAN IP网关时,必须执行本配置。

2.3  使能VPN实例的IP组播路由

操作

命令

说明

进入系统视图

system-view

-

使能VPN实例中的组播路由,并进入该VPN实例的MRIB视图

multicast routing vpn-instance instance-name

缺省情况下,VPN实例的IP组播路由处于关闭状态

本命令的具体介绍请参见“IP组播命令参考”中的“组播路由与转发”

 

2.4  创建MVXLAN实例

1. 功能简介

可以在VTEP上创建一个或多个入方向复制模式MVXLAN实例,以便为公网或不同的VPN实例提供服务。

2. 创建VPN实例的MVXLAN

操作

命令

说明

进入系统视图

system-view

-

创建MVXLAN实例,并进入MVXLAN视图

multicast-vpn vxlan vpn-instance instance-name mode ingress-replication

-

创建MVXLAN IPv4地址族,并进入该地址族视图

address-family ipv4

-

 

3. 创建公网实例的MVXLAN

操作

命令

说明

进入系统视图

system-view

-

创建MVXLAN实例,并进入MVXLAN视图

multicast-vpn vxlan public-instance mode ingress-replication

-

创建MVXLAN IPv4地址族,并进入该地址族视图

address-family ipv4

-

 

2.5  配置分布式DR接口

1. 功能简介

在分布式网关组网中运行组播业务时,需要在分布式网关的VSI虚接口上执行本命令将VSI虚接口配置为分布式DR(Designated Router,指定路由器)接口,从而强制指定自己为DR,以便将组播流量转发至本地站点。

2. 配置步骤

操作

命令

说明

进入系统视图

system-view

-

进入VSI虚接口视图

interface vsi-interface interface-number

-

将VSI虚接口配置为分布式DR接口

pim distributed-dr

缺省情况下,VSI虚接口不是分布式DR接口,本命令的详细介绍,请参见“IP组播命令参考”中的“PIM”。

 

2.6  入方向复制模式组播VXLAN典型配置举例

2.6.1  入方向复制模式组播VXLAN基本配置举例

1. 组网需求

边界网关Border连接外部网络,组播源连接到Border。VTEP 1作为集中式VXLAN IP网关,本地存在组播接收者。VTEP 2同样连接着组播接收者。通过入方向复制模式组播VXLAN,实现组播流量在VXLAN网络中的转发。

2. 组网图

图2-1 入方向复制模式组播VXLAN配置组网图

3. 配置步骤

(1)     配置IP地址和单播路由协议

配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保路由器之间路由可达。

(2)     配置Border

# 开启L2VPN能力,并使能IGMP snooping。

<Border> system-view

[Border] l2vpn enable

[Border] igmp-snooping

[Border-igmp-snooping] quit

# 在Border和VTEP之间建立VXLAN隧道。

[Border] interface tunnel 1 mode vxlan

[Border-Tunnel1] source 2.2.2.2

[Border-Tunnel1] destination 1.1.1.1

[Border-Tunnel1] quit

[Border] interface tunnel 2 mode vxlan

[Border-Tunnel2] source 2.2.2.2

[Border-Tunnel2] destination 3.3.3.3

[Border-Tunnel2] quit

# 创建VSI实例vpna和VXLAN 10,并使能VSI的IGMP snooping。

[Border] vsi vpna

[Border-vsi-vpna] igmp-snooping enable

[Border-vsi-vpna] vxlan 10

# 配置Tunnel1、Tunnel2与VXLAN 10关联

[Border-vsi-vpna-vxlan-10] tunnel 1

[Border-vsi-vpna-vxlan-10] tunnel 2

[Border-vsi-vpna-vxlan-10] quit

[Border-vsi-vpna] quit

# 创建VPN实例vpna。

[Border] ip vpn-instance vpna

[Border-vpn-instance-vpna] quit

# 使能IP组播路由。

[Border] multicast routing vpn-instance vpna

[Border-mrib] quit

# 创建VSI虚接口,将其与VPN实例vpna绑定,并在其上使能IGMP。

[Border] interface vsi-interface vsi 1

[Border-Vsi-interface] ip binding vpn-instance vpna

[Border-Vsi-interface] ip address 100.1.1.2 255.255.255.0

[Border-Vsi-interface] igmp enable

[Border-Vsi-interface] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[VTEP1] vsi vpna

[VTEP1-vsi-vpna] gateway vsi-interface 1

[VTEP1-vsi-vpna] quit

# 配置连接组播源的接口Vlan-interface30与vpn实例vpna关联,并在该接口上开启PIM SM。

[Border] interface vlan-interface 30

[Border-Vlan-interface30] ip binding vpn-instance vpna

[Border-Vlan-interface30] ip address 100.2.2.2 255.255.255.0

[Border-Vlan-interface30] pim sm

[Border-Vlan-interface30] quit

# 创建VPN实例vpna的入方向复制模式MVXLAN,进入MVXLAN IPv4地址族视图。

[Border] multicast-vpn vxlan vpn-instance vpna mode ingress-replication

[Border-mvxlan-vpna] address-family ipv4

(3)     配置VTEP 1

# 开启L2VPN能力,并使能IGMP snooping。

<VTEP1> system-view

[VTEP1] l2vpn enable

[VTEP1] igmp-snooping

[VTEP1-igmp-snooping] quit

# 在VTEP 1和Border之间建立VXLAN隧道。

[VTEP1] interface tunnel 2 mode vxlan

[VTEP1-Tunnel2] source 1.1.1.1

[VTEP1-Tunnel2] destination 2.2.2.2

[VTEP1-Tunnel2] quit

# 创建VSI实例vpna和VXLAN 10,并使能VSI的IGMP snooping。

[VTEP1] vsi vpna

[VTEP1-vsi-vpna] igmp-snooping enable

[VTEP1-vsi-vpna] vxlan 10

# 配置Tunnel2与VXLAN10关联。

[VTEP1-vsi-vpna-vxlan-10] tunnel 2

[VTEP1-vsi-vpna-vxlan-10] quit

[VTEP1-vsi-vpna] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧,并将以太网服务实例与VSI实例vpna关联。

[VTEP1] interface ten-gigabitethernet 1/0/1

[VTEP1-Ten-GigabitEthernet1/0/1] port link-type trunk

[VTEP1-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2

[VTEP1-Ten-GigabitEthernet1/0/1] service-instance 1000

[VTEP1-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

[VTEP1-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[VTEP1-Ten-GigabitEthernet1/0/1-srv1000] quit

[VTEP1-Ten-GigabitEthernet1/0/1] quit

[VTEP1] interface ten-gigabitethernet 1/0/2

[VTEP1-Ten-GigabitEthernet1/0/2] port link-type trunk

[VTEP1-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2

[VTEP1-Ten-GigabitEthernet1/0/2] service-instance 1000

[VTEP1-Ten-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 2

[VTEP1-Ten-GigabitEthernet1/0/2-srv1000] xconnect vsi vpna

[VTEP1-Ten-GigabitEthernet1/0/2-srv1000] quit

[VTEP1-Ten-GigabitEthernet1/0/2] quit

(4)     配置VTEP 2

# 开启L2VPN能力,并使能IGMP snooping。

<VTEP2> system-view

[VTEP2] l2vpn enable

[VTEP2] igmp-snooping

[VTEP2-igmp-snooping] quit

# 在VTEP 2和Border之间建立VXLAN隧道。

[VTEP2] interface tunnel 2 mode vxlan

[VTEP2-Tunnel2] source 3.3.3.3

[VTEP2-Tunnel2] destination 2.2.2.2

[VTEP2-Tunnel2] quit

# 创建VSI实例vpna和VXLAN 10,并使能VSI的IGMP snooping。

[VTEP2] vsi vpna

[VTEP2-vsi-vpna] igmp-snooping enable

[VTEP2-vsi-vpna] vxlan 10

# 配置Tunnel2与VXLAN10关联。

[VTEP2-vsi-vpna-vxlan-10] tunnel 2

[VTEP2-vsi-vpna-vxlan-10] quit

[VTEP2-vsi-vpna] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧,并将以太网服务实例与VSI实例vpna关联。

[VTEP2] interface ten-gigabitethernet 1/0/1

[VTEP2-Ten-GigabitEthernet1/0/1] port link-type trunk

[VTEP2-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2

[VTEP2-Ten-GigabitEthernet1/0/1] service-instance 1000

[VTEP2-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

[VTEP2-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[VTEP2-Ten-GigabitEthernet1/0/1-srv1000] quit

[VTEP2-Ten-GigabitEthernet1/0/1] quit

[VTEP2] interface ten-gigabitethernet 1/0/2

[VTEP2-Ten-GigabitEthernet1/0/2] port link-type trunk

[VTEP2-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2

[VTEP2-Ten-GigabitEthernet1/0/2] service-instance 1000

[VTEP2-Ten-GigabitEthernet1/0/2-srv1000] encapsulation s-vid 2

[VTEP2-Ten-GigabitEthernet1/0/2-srv1000] xconnect vsi vpna

[VTEP2-Ten-GigabitEthernet1/0/2-srv1000] quit

[VTEP2-Ten-GigabitEthernet1/0/2] quit

4. 验证配置

(1)     验证Border设备

# 查看Border上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态。

[Border] display interface tunnel 1

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel2 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 2.2.2.2, destination 1.1.1.1

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# 查看Border上的VSI虚接口信息,可以看到VSI虚接口处于up状态。

[Border] display interface vsi-interface brief

Brief information on interfaces in route mode:

Link: ADM - administratively down; Stby - standby

Protocol: (s) - spoofing

Interface            Link Protocol Primary IP        Description

Vsi1                  UP    UP        10.1.1.1

# 查看Border上的组播路由表项,可以看到VSI虚接口作为组播路由表项的出接口。

[Border] display pim vpn-instance vpna routing-table

Total 17 (*, G) entries; 18 (S, G) entries

(10.1.2.99, 225.0.1.1)

     RP: 10.1.2.88 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT 2MVPN

     UpTime: 21:24:27

     Upstream interface: Vlan-interface30

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vsi-interface1

             Protocol: pim-sm, UpTime: 07:08:26, Expires: -

(2)     验证VTEP设备

# 查看VTEP 1上的IGMP snooping组播组信息,可以看到AC侧接口为成员端口。

[VTEP1] display igmp-snooping group

Total 1 entries.

VSI vpna: Total 1 entries.

  (0.0.0.0, 225.0.1.1)

    Host ports (1 in total):

      XGE1/0/1 (Link ID 0)                        (00:04:20)

      XGE1/0/2 (Link ID 1)                        (00:04:20)

# 查看VTEP 1上的IGMP snooping路由器端口信息,可以看到Tunnel接口为路由器端口。

[VTEP1] display igmp-snooping router-port

VSI vpna:

  Router ports (1 in total):

    Tun2 (VXLAN ID 10)                            (00:03:23)

(3)     组播接收者可以接收到组播源发送的数据。

 


3 配置MDT模式组播VXLAN

3.1  MDT模式组播VXLAN配置限制和指导

目前,不支持组播源和组播接收者接入ED设备,不支持组播源在DC内或跨DC迁移。

3.2  MDT模式组播VXLAN配置任务简介

MDT模式组播VXLAN配置任务如下:

(1)     配置EVPN

¡     创建VSI和VXLAN

¡     配置AC与VSI关联

¡     配置EVPN实例

¡     配置BGP发布EVPN路由

¡     配置分布式EVPN网关

有关EVPN的配置方法,请参见“EVPN配置指导”中的“EVPN”。

(2)     配置IGMP和IGMP Snooping

¡     使能VSI虚接口的IGMP功能

¡     使能IGMP Snooping

¡     配置IGMP Snooping Proxy

有关IGMP和IGMP Snooping的配置方法,请参见“IP组播配置指导”中的“IGMP”和“IGMP Snooping”。

(3)     VTEP公网侧接口配置PIM协议

请至少选择其中一项任务进行配置:

¡     配置PIM-SM

¡     配置PIM-SSM

有关PIM协议的配置方法,请参见“IP组播配置指导”中的“PIM”。

(4)     配置MVXLAN

¡     使能VPN实例的IP组播路由

¡     创建MVXLAN

¡     配置Default-Group

¡     指定MVXLAN源接口

¡     配置Data-MDT切换参数

¡     配置分布式DR接口

¡     (可选)配置跨VPN组播转发路由选路策略

¡     (可选)配置组播VXLAN

¡     (可选)配置跨数据中心三层组播互通

¡     (可选)配置跨数据中心三层组播互通支持多ED

3.3  使能VPN实例的IP组播路由

操作

命令

说明

进入系统视图

system-view

-

使能VPN实例中的组播路由,并进入该VPN实例的MRIB视图

multicast routing vpn-instance instance-name

缺省情况下,VPN实例的IP组播路由处于关闭状态

本命令的具体介绍请参见“IP组播命令参考”中的“组播路由与转发”

 

3.4  创建MVXLAN实例

1. 功能简介

可以在VTEP上创建一个或多个MDT模式MVXLAN实例为不同的VPN或公网实例提供服务。

2. 配置限制和指导

当组播源和组播接收者通过不同的VTEP(或Border)接入时,不支持通过公网实例的MVXLAN实现组播流量互通。

3. 创建VPN实例的MVXLAN

操作

命令

说明

进入系统视图

system-view

-

创建MVXLAN实例,并进入MVXLAN视图

multicast-vpn vxlan vpn-instance instance-name mode mdt

 

 

4. 创建公网实例的MVXLAN

操作

命令

说明

进入系统视图

system-view

-

创建MVXLAN实例,并进入MVXLAN视图

multicast-vpn vxlan public-instance mode mdt

-

 

3.5  配置Default-Group

1. 功能简介

VTEP在对私网组播报文进行VXLAN封装时,使用Default-Group作为报文外层目的地址。

2. 配置限制和指导

不同MVXLAN实例的Default-Group地址不能相同,且Default-Group地址不能与Data-Group地址相同。

3. 配置步骤

操作

命令

说明

进入系统视图

system-view

-

进入MVXLAN视图

multicast-vpn vxlan vpn-instance instance-name mode mdt

-

创建MVXLAN IPv4地址族,并进入该地址族视图

address-family ipv4

-

指定Default-Group

default-group group-address

本命令指定的组播组地址、source命令指定的源IP地址不能与VXLAN视图下group命令指定的组播地址和组播报文源IP地址同时相同

 

3.6  指定MVXLAN源接口

1. 功能简介

VTEP在封装私网组播报文时使用MVXLAN的源接口的IP地址作为外层源地址。

2. 配置限制和指导

同一台设备上所有MVXLAN实例使用的MVXLAN源接口必须一致。

MVXLAN源接口必须与建立BGP对等体时所使用的源接口相同,否则将无法获取正确的路由信息。

3. 配置步骤

操作

命令

说明

进入系统视图

system-view

-

进入MVXLAN视图

multicast-vpn vxlan vpn-instance instance-name mode mdt

-

进入MVXLAN地址族视图

address-family ipv4

-

指定MVXLAN源接口

source interface-type interface-number

缺省情况下,未指定MVXLAN源接口

data-group命令(或default-group命令)指定的组播组地址、本命令指定的源IP地址不能与VXLAN视图下group命令指定的组播地址和组播报文源IP地址同时相同

 

3.7  配置Data-MDT切换参数

1. 功能简介

为了减少公网流量泛滥,节约带宽,可将Default-MDT切换为Data-MDT,实现组播流量按需转发。满足切换条件的组播流量不会立即切换到Data-MDT,而是等待一段延迟时间后再进行切换,以避免组播数据流量在Default-MDT与Data-MDT之间进行频繁切换。

2. 配置限制和指导

同一台设备上,一个MVXLAN的Data-group范围不能包含任何其他MVXLAN的Default-group,也不能与其他任何MVXLAN的Data-group范围重叠。

所有VPN实例共用Data-Group资源,所以不建议在单个VPN实例内把Data-Group的范围配置的过大,否则会导致其他VPN实例无可用Data-Group。

3. 配置步骤

操作

命令

说明

进入系统视图

system-view

-

进入MVXLAN视图

multicast-vpn vxlan vpn-instance instance-name mode mdt

-

进入MVXLAN地址族视图

address-family ipv4

-

配置Data-Group的范围和切换条件

data-group group-address { mask-length | mask } [ acl acl-number | name acl-name ]

缺省情况下,不存在Data-Group的范围,不会向Data-MDT进行切换

本命令指定的组播组地址、source命令指定的源IP地址不能与VXLAN视图下group命令指定的组播地址和组播报文源IP地址同时相同

配置由Default-MDT向Data-MDT切换的延迟时间

data-delay delay

缺省情况下,由Default-MDT向Data-MDT切换的延迟时间为3秒

 

3.8  配置分布式DR接口

1. 功能简介

在EVPN组网中运行组播业务时,需要在分布式EVPN网关的VSI虚接口上执行本命令将VSI虚接口配置为分布式DR(Designated Router,指定路由器)接口,从而强制指定自己为DR,用于将组播流量转发至本地站点。

2. 配置步骤

操作

命令

说明

进入系统视图

system-view

-

进入VSI虚接口视图

interface vsi-interface interface-number

-

将VSI虚接口配置为分布式DR接口

pim distributed-dr

缺省情况下,VSI虚接口不是分布式DR接口。本命令的详细介绍,请参见“IP组播命令参考”中的“PIM”。

 

3.9  配置跨VPN组播转发路由选路策略

1. 功能简介

执行本配置后,可以将某VPN实例的接收者的加入信息通过其它VPN实例发送至组播源,从而实现组播源和组播接收者位于不同的VPN网络之间的组播转发。

跨VPN组播转发路由的RPF选路策略分为:

·     基于L3VNI的RPF选路策略:即根据L3VNI判断是否进行跨VPN组播转发。

在组播源侧VTEP上配置该策略时,VTEP根据组播源所在VPN实例的L3VNI、组播源地址、组播组地址查找匹配的RPF选路策略。如果存在匹配的策略,则根据该RPF策略将组播流量引入到指定的VPN实例。

在组播接收者侧VTEP上配置该策略时,跨VPN组播转发机制为:

a.     组播源侧VTEP接收到组播源发送的组播报文后,为组播报文添加VXLAN头,VXLAN头中携带组播源所在VPN实例的L3VNI。

b.     组播接收者侧VTEP接收到VXLAN封装的组播报文后,如果该报文的L3VNI、组播源地址、组播组地址匹配了RPF选路策略,则根据该RPF策略将组播流量引入到指定的VPN实例。

·     基于VPN实例的RPF选路策略:即根据VPN实例判断是否进行跨VPN组播转发。

在组播源侧VTEP上配置该策略时,VTEP根据组播源所属的VPN实例、组播源地址、组播组地址查找匹配的RPF选路策略。如果存在匹配的策略,则根据该RPF策略将组播流量引入到指定的VPN实例。

在组播接收者侧VTEP上配置该策略时,跨VPN组播转发机制为:

c.     组播源侧VTEP接收到组播源发送的组播报文后,为组播报文添加VXLAN头,VXLAN头中携带组播源所在VPN实例的L3VNI。

d.     组播接收者侧VTEP接收到VXLAN封装的组播报文后,在本地查找L3VNI对应的VPN实例,如果L3VNI对应的VPN实例、组播源地址、组播组地址匹配了RPF选路策略,则根据该RPF策略将组播流量引入到指定的VPN实例。

跨VPN组网环境分为:

·     非对称跨VPN组网:组播接收者侧VTEP上不存在组播源所在的VPN实例。

该组网方式支持的跨VPN组播转发路由选路策略类型与选路策略配置的位置有关:

¡     在组播源侧VTEP上,既可以配置基于L3VNI的选路策略,也可以配置基于VPN实例的选路策略。

¡     在组播接收者侧VTEP上,只能配置基于L3VNI的选路策略。

·     对称跨VPN组网:组播接收者侧VTEP上存在组播源所在的VPN实例。

在这种组网中,组播源侧VTEP和组播接收者侧VTEP上,均可以配置基于L3VNI的选路策略和基于VPN实例的选路策略。

如果VTEP连接的部分组播接收者属于公网,则无论是对称跨VPN组网还是非对称跨VPN组网,都不能在RPF选路策略中指定l3-vni vxlan-id参数和vpn-instance vpn-instance-name参数。组播接收者侧VTEP上,为了实现在公网内转发组播流量的同时,将该流量引入到另一个VPN实例,需要配置与公网实例关联的L3VNI(假设为vxlan-id1),并在需要引入流量的VPN实例下配置未指定L3VNI和VPN实例的RPF选路策略(假设为policy-a)。组播接收者侧VTEP接收到L3VNI为vxlan-id1的组播报文后,如果该报文与RPF选路策略policy-a匹配,则会在公网和指定VPN实例内转发组播流量。

2. 推荐配置

源VPN和接收者VPN必须运行相同的PIM模式,目前支持PIM-SM和PIM-SSM。

采用PIM-SM模式时,推荐使用下面的方式配置跨VPN选路策略:

·     只指定组播源方式:该方式下,必须配置两条选路策略,一条以服务于有跨VPN需求的组播组的RP地址作为源地址,一条以源VPN里的组播源作为源地址。如果存在多个有跨VPN需求的组播组,则推荐单独配置RP服务于这些组播组,同时需要将此RP配置为跨VPN组播路由的RPF选路策略的组播源地址。

·     只指定组播组方式:只需要配置一条指定源VPN中组播组地址的选路策略。

采用PIM-SSM方式时,推荐使用下面的方式配置跨VPN选路策略:一条同时指定源VPN内组播源地址和组播组地址的选路策略。

3. 配置限制和指导

暂不支持通过基于L3VNI(指定l3-vni vxlan-id参数)的RPF选路策略将VSI虚接口接收到的公网组播流量(组播源所属的VSI与公网实例关联)引流到接收者VPN。

源VPN和接收者VPN必须运行相同的PIM模式,目前支持PIM-SM和PIM-SSM。

只支持一次跨VPN组播转发,接收者VPN不能同时作为源VPN,即配置VPN a引入VPN b中流量的跨VPN选路策略后,不能再配置VPN b引入VPN a中流量的跨VPN选路策略。

对于同一个组播源、组播组地址,不能同时配置基于L3VNI(指定l3-vni vxlan-id参数)和基于VPN实例的(指定vpn-instance vpn-instance-name参数)的选路策略。具体要求为:

·     采用PIM-SM模式时,对于同一个组播组地址,只能配置一条指定l3-vni vxlan-id参数或vpn-instance vpn-instance-name参数的选路策略。

·     采用PIM-SSM方式时,对于同一个组播源和组播组地址,只能配置一条指定l3-vni vxlan-id参数或vpn-instance vpn-instance-name参数的选路策略。

在一个接收者VPN(multicast routing [ vpn-instance vpn-instance-name ]命令指定的VPN)内,来自同一个源VPN的所有组播流量必须配置相同方式的选路策略,不能为不同组播源、组播组地址配置不同方式的选路策略。

如果在接收者VPN中配置了跨VPN的IPv4组播路由的RPF选路策略,且该策略只指定了组播组地址,那么该VPN原先相同的VPN实例的组播流量转发将中断。

不同跨VPN策略的组播源地址和组播组地址范围不能完全相同,但是可以有重叠。若对于同一个(S,G)表项,存在多条匹配的选路策略,则按照最长匹配进行选择:

·     选择组地址掩码匹配最长的选路策略。

·     如果组地址掩码相同,则选择源地址掩码匹配最长的选路策略。

4. 配置步骤

操作

命令

说明

进入系统视图

system-view

-

进入MRIB实例视图

multicast routing [ vpn-instance vpn-instance-name ]

-

配置VPN的IPv4组播路由的RPF路策略

multicast extranet select-rpf [l3-vni vxlan-id | vpn-instance vpn-instance-name ] { source source-address { mask | mask-length } | group group-address { mask | mask-length } } *

-

 

3.10  配置组播VXLAN支持M-LAG

1. 功能简介

在两台VTEP(或Border)设备上均指定采用源接口的地址作为M-LAG系统的虚拟地址,并为VTEP(或Border)设备配置相同的源接口地址后,这两台设备将虚拟成为一台设备。该设备采用虚拟地址作为组播源地址与远端设备建立MVXLAN隧道,从而避免设备单点故障对网络造成影响。

2. 配置限制和指导

设备上需要同时使能二层组播和三层组播功能,组播VXLAN支持M-LAG功能才能生效。

组播VXLAN支持M-LAG功能不能应用在如下场景:

·     暂不支持单挂AC(AC仅连接到M-LAG系统中的一台成员设备)接入。

·     仅支持直连模式peer-link链路,暂不支持隧道模式peer-link链路。

·     VTEP设备之间、VTEP与Border设备之间暂不支持采用M-LAG方式聚合接入。

pim sm组网场景下组播VXLAN支持M-LAG功能,仅支持根据组播目的地址、基于奇偶原则在成员设备之间进行组播流量的负载分担,不支持基于组播源地址进行负载分担。

采用M-LAG将两台VTEP(或Border)设备虚拟成一台设备时,有如下限制:

·     两台M-LAG设备对接Boarder或其他VTEP的网络侧接口建议使用三层路由口,如果采用VLAN接口对接Boarder或其他VTEP,则需要保证这两台设备上的VLAN接口不同。

·     如果在任一M-LAG设备上采用VLAN接口作为公网口,则另一M-LAG设备上不能创建该VLAN,或者peer-link链路不能透传该VLAN报文,否则可能导致流量转发失败。例如,在设备A上创建了vlan-interface 3,则与设备A组成M-LAG的另一设备B上不能创建VLAN 3,或者设备A和B之间的peer-link链路不能透传VLAN 3。

当peer-link链路发生故障时,M-LAG系统中的成员设备会将MVXLAN隧道的源地址由虚拟地址转换为各自的本地地址,且不再进行Data-group切换,只沿Default-group转发流量。此时,成员设备之间不再进行组播流量的负载分担,成员设备转发所有接收到的组播流量。当peer-link链路恢复后,MVXLAN隧道的源地址由本地地址切换为虚拟地址,满足条件的情况下会进行Data-group切换。此时,成员设备之间会进行组播流量的负载分担。

本配置与系统视图下的EVPN支持M-LAG配置之间存在如下关系:

·     执行本配置的同时,需要执行evpn m-lag group命令开启EVPN支持M-LAG功能并配置虚拟VTEP/ED地址,且该地址必须与MVXLAN源接口的地址相同。

·     既可以通过MVXLAN地址族视图下的m-lag local命令配置本地和远端的IP地址,该配置仅对当前MVXLAN网络生效。也可以在系统视图下通过evpn m-lag local命令配置本地和远端的IP地址,该配置对所有MVXLAN网络生效。如果同时执行二者,则对于某一个MVXLAN网络,以该MVXLAN网络对应MVXLAN地址族视图下的配置为准。

3. 配置步骤

操作

命令

说明

进入系统视图

system-view

-

全局配置组成M-LAG系统的本地IP地址和远端IP地址

multicast-vpn vxlan m-lag local local-ipv4-address remote remote-ipv4-address

缺省情况下,未全局指定组成M-LAG系统的本地IP地址和远端IP地址

进入MVXLAN视图

multicast-vpn vxlan vpn-instance instance-name mode mdt

-

进入MVXLAN地址族视图

address-family ipv4

-

配置组成M-LAG系统的本地IP地址和远端IP地址

m-lag local local-ipv4-address remote remote-ipv4-address

缺省情况下,未指定组成M-LAG系统的本地IP地址和远端IP地址

指定MVXLAN源接口,并指定虚拟地址为源接口的地址

source interface-type interface-number evpn-m-lag-group

缺省情况下,未指定MVXLAN源接口

 

3.11  配置跨数据中心三层组播互通

3.11.1  功能简介

跨数据中心三层组播互通组网中,不仅需要在VTEP和ED上完成MDT模式组播VXLAN的相关配置,还需要执行本配置,以便实现三层组播流量通过ED跨数据中心转发。

3.11.2  配置限制和指导

不支持组播源和组播接收者直接连接在ED设备上。

暂不支持组播源跨DC迁移。

通过BGP EVPN路由动态创建VXLAN-DCI隧道时,需要在ED间互连的三层接口上通过dci enable命令开启DCI功能。ED间手工创建VXLAN-DCI隧道时,不能在ED间互连的三层接口上开启DCI功能。

MDT模式组播VXLAN跨数据中心三层组播互通组网中,如果使用专属VPN进行L3VNI映射,则不同专属VPN实例的RT属性不能有交叉,即一个专属VPN实例的Export RT不能同时与其他专属VPN实例的Import RT匹配,以保证每个专属VPN之间路由完全隔离。

3.11.3  配置DC间的ED

操作

命令

说明

进入系统视图

system-view

-

进入MVXLAN视图

multicast-vpn vxlan vpn-instance instance-name mode mdt

-

进入MVXLAN地址族视图

address-family ipv4

-

开启组播DCI功能

dci enable

缺省情况下,组播DCI功能处于关闭状态

退回系统视图

quit
quit

 

进入BGP实例视图

bgp as-number [ instance instance-name ]

 

进入BGP EVPN地址族视图

address-family l2vpn evpn

 

(可选)配置从对等体/对等体组接收到BGP EVPN路由后,修改路由中的信息

peer { group-name | ipv4-address [ mask-length ] } re-originated [ smet | s-pmsi ] [ replace-rt ]

缺省情况下,不修改从对等体/对等体组接收到的EVPN路由的信息

不同DC内相同VPN使用不同的L3VNI时,需要执行本命令

本命令的详细介绍,请参见“EVPN命令参考”中的“EVPN”

 

3.11.4  配置DC内的VTEP

操作

命令

说明

进入系统视图

system-view

-

进入MVXLAN视图

multicast-vpn vxlan vpn-instance instance-name mode mdt

-

进入MVXLAN地址族视图

address-family ipv4

-

配置通过S-PMSI路由通告激活组播源信息

s-pmsi advertise source-active

缺省情况下,不会通过S-PMSI路由通告激活组播源信息

配置本命令后,VTEP接收到组播流量时,会发送携带组播流量所属(S,G)的S-PMSI路由。通过该路由,VTEP和ED可以确认组播源位于DC内还是DC外

 

3.12  配置跨数据中心三层组播互通支持多ED

1. 功能简介

跨数据中心三层组播互通组网中,通过配置本功能在一个数据中心中部署多台ED,可以提高ED设备的可靠性,避免单点故障。

当多台ED中的一台ED故障时,其余ED可以接管该ED的流量。ED故障恢复后,需要通告BGP EVPN路由,触发重新建立组播转发表项,该ED才可以正常转发组播报文。如果在组播转发表项建立前将流量回切到该ED,则会导致组播流量转发中断。因此,需要在所有ED上均配置回切延迟时间,确保某个ED故障恢复后,其余ED等待延迟时间再回切流量,以避免流量转发中断。

2. 配置限制和指导

为了避免组播流量转发失败,需要在VTEP上执行vxlan default-decapsulation命令开启缺省解封装指定IPv4 VXLAN报文的功能,或在VTEP上手工创建到达同一数据中心的各个ED设备真实IP地址的VXLAN隧道。

同一个数据中心的多台ED之间需要BGP路由互通,且ED之间不能配置BGP路由重生成。

不能在同一DC的ED之间转发S-PMSI A-D路由和SMET路由。由于BGP的部署方式(如,同一DC内的ED之间建立全连接),使得ED之间可能会转发BGP路由时,需要在ED上配置路由策略,限制ED将从其他BGP对等体接收到的S-PMSI A-D路由和SMET路由发送给本DC的其他ED。

系统视图和MVXLAN地址族视图下均可以配置ED的回切延迟时间。系统视图的配置对所有MVXLAN网络都有效,而MVXLAN地址族视图的配置只对当前MVXLAN网络有效。对于一个MVXLAN网络来说,优先采用对应MVXLAN地址族视图的配置,只有MVXLAN地址族视图下未进行配置时,才采用系统视图的配置。

3. 配置准备

执行本配置前,需要完成跨数据中心三层组播互通相关配置,详细介绍请参见“3.11  配置跨数据中心三层组播互通”。

4. 配置步骤

操作

命令

说明

进入系统视图

system-view

-

配置ED设备的虚拟IP地址

evpn edge group group-ipv4

缺省情况下,未配置ED设备的虚拟IP地址

跨数据中心三层组播互通支持多ED组网中,在ED设备上配置属于同一个数据中心的其他ED设备的IP地址

multicast-vpn vxlan edge remote remote-ipv4-address

缺省情况下,跨数据中心三层组播互通支持多ED组网中,未在ED设备上指定其它ED设备的IP地址

全局配置ED的回切延迟时间

multicast-vpn vxlan dci switch-delay delay-time

缺省情况下,ED的回切延迟时间为10秒

进入MVXLAN IPv4地址族视图

address-family ipv4

-

配置ED的回切延迟时间

dci switch-delay delay-time

缺省情况下,以系统视图下multicast-vpn vxlan dci switch-delay命令全局配置的ED回切延迟时间为准

 

3.13  MDT模式组播VXLAN显示和维护

在完成上述配置后,在任意视图下执行display命令可以显示配置后的MDT模式组播VXLAN的运行情况,通过查看显示信息验证配置的效果。

表3-1 MDT模式组播VXLAN显示和维护

操作

命令

显示MVXLAN接收报文中的Data-Group信息

display multicast-vpn vxlan { vpn-instance instance-name | public-instance } data-group receive [ brief | [ active | group group-address | sender source-address | vpn-source-address [ mask { mask-length | mask } ] | vpn-group-address [ mask { mask-length | mask } ] ] * ]

显示MVXLAN发送报文中的Data-Group信息

display multicast-vpn vxlan { vpn-instance instance-name | public-instance } data-group send [ group group-address | vpn-source-address [ mask { mask-length | mask } ] | vpn-group-address [ mask { mask-length | mask } ] ] *

显示MVXLAN报文的Default-Group的信息

display multicast-vpn vxlan [ vpn-instance instance-name | public-instance ] default-group { local | remote }

 

3.14  MDT模式组播VXLAN典型配置举例

3.14.1  相同VPN内MVXLAN三层组播互通配置举例

1. 组网需求

Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。

Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。

虚拟机VM 1为组播源,其余VM为组播接收者,VM1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。VM 2、VM 3和VM 4均可通过分布式EVPN接收组播组225.0.0.0的组播流量。

2. 组网图

图3-1 相同VPN内MVXLAN三层组播互通配置举例

 

3. 配置步骤

(1)     配置IP地址和单播路由协议

# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)

# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)

(2)     配置Switch A

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchA> system-view

[SwitchA] l2vpn enable

[SwitchA] multicast routing

[SwitchA-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchA] igmp-snooping

[SwitchA-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# 创建VLAN接口11并进入视图。

[SwitchA] vlan 11

[SwitchA-vlan11] quit

[SwitchA] interface vlan-interface 11

# 在接口Vlan-interface 11上使能PIM-SM。

[SwitchA-Vlan-interface11] pim sm

[SwitchA-Vlan-interface11] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpna] igmp-snooping enable

[SwitchA-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例。

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] evpn encapsulation vxlan

[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpnb-evpn-vxlan] quit

# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpnb] igmp-snooping enable

[SwitchA-vsi-vpnb] igmp-snooping proxy enable

# 创建VXLAN 20。

[SwitchA-vsi-vpnb] vxlan 20

[SwitchA-vsi-vpnb-vxlan-20] quit

[SwitchA-vsi-vpnb] quit

# 配置BGP发布EVPN路由。

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 4.4.4.4 as-number 200

[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

# 创建VLAN 2。

[SwitchA] vlan 2

[SwitchA-vlan2] quit

# 创建VLAN 3。

[SwitchA] vlan 3

[SwitchA-vlan3] quit

# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

# 配置以太网服务实例1000与VSI实例vpna关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3

# 配置以太网服务实例2000与VSI实例vpnb关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# 配置VPN实例vpna的RD和RT。

[SwitchA] ip vpn-instance vpna

[SwitchA-vpn-instance-vpna] route-distinguisher 1:1

[SwitchA-vpn-instance-vpna] address-family ipv4

[SwitchA-vpn-ipv4-vpna] vpn-target 1:1

[SwitchA-vpn-ipv4-vpna] quit

[SwitchA-vpn-instance-vpna] address-family evpn

[SwitchA-vpn-evpn-vpna] vpn-target 1:1

[SwitchA-vpn-evpn-vpna] quit

[SwitchA-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpna

[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vsi-interface1] pim sm

[SwitchA-Vsi-interface1] pim distributed-dr

[SwitchA-Vsi-interface1] mac-address 1-1-1

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] local-proxy-arp enable

[SwitchA-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip binding vpn-instance vpna

[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchA-Vsi-interface2] igmp enable

[SwitchA-Vsi-interface2] mac-address 2-2-2

[SwitchA-Vsi-interface2] distributed-gateway local

[SwitchA-Vsi-interface2] local-proxy-arp enable

[SwitchA-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000

[SwitchA] interface vsi-interface 3

[SwitchA-Vsi-interface3] ip binding vpn-instance vpna

[SwitchA-Vsi-interface3] l3-vni 1000

[SwitchA-Vsi-interface3] pim sm

[SwitchA-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchA] multicast routing vpn-instance vpna

[SwitchA-mrib-vpna] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchA-mvxlan-vpna] address-family ipv4

[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchA-mvxlan-vpna-ipv4] source loopback 0

[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 24

[SwitchA-mvxlan-vpna-ipv4] quit

[SwitchA-mvxlan-vpna] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchA] interface loopback 1

[SwitchA-LoopBack1] ip binding vpn-instance vpna

[SwitchA-LoopBack1] ip address 12.12.12.12 32

[SwitchA-LoopBack1] pim sm

[SwitchA-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP

[SwitchA] pim vpn-instance vpna

[SwitchA-pim-vpna] c-bsr 12.12.12.12

[SwitchA-pim-vpna] c-rp 12.12.12.12

[SwitchA-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] gateway vsi-interface 2

[SwitchA-vsi-vpnb] quit

(3)     配置Switch B

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchB> system-view

[SwitchB] l2vpn enable

[SwitchB] multicast routing

[SwitchB-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# 创建VLAN接口12并进入视图。

[SwitchB] vlan 12

[SwitchB-vlan12] quit 

[SwitchB] interface vlan-interface 12

# 在接口Vlan-interface 12上配置PIM-SM。

[SwitchB-Vlan-interface12] pim sm

[SwitchB-Vlan-interface12] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpna] igmp-snooping enable

[SwitchB-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例。

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] evpn encapsulation vxlan

[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpnb-evpn-vxlan] quit

# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpnb] igmp-snooping enable

[SwitchB-vsi-vpnb] igmp-snooping proxy enable

# 创建VXLAN 20。

[SwitchB-vsi-vpnb] vxlan 20

[SwitchB-vsi-vpnb-vxlan-20] quit

[SwitchB-vsi-vpnb] quit

# 配置BGP发布EVPN路由。

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 4.4.4.4 as-number 200

[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

# 创建VLAN 2。

[SwitchB] vlan 2

[SwitchB-vlan2] quit

# 创建VLAN 3。

[SwitchB] vlan 3

[SwitchB-vlan3] quit

# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。

[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

# 配置以太网服务实例1000与VSI实例vpna关联。

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。

[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 2000

[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3

# 配置以太网服务实例2000与VSI实例vpnb关联。

[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb

[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] quit

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# 配置VPN实例vpna的RD和RT。

[SwitchB] ip vpn-instance vpna

[SwitchB-vpn-instance-vpna] route-distinguisher 1:1

[SwitchB-vpn-instance-vpna] address-family ipv4

[SwitchB-vpn-ipv4-vpna] vpn-target 1:1

[SwitchB-vpn-ipv4-vpna] quit

[SwitchB-vpn-instance-vpna] address-family evpn

[SwitchB-vpn-evpn-vpna] vpn-target 1:1

[SwitchB-vpn-evpn-vpna] quit

[SwitchB-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpna

[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchB-Vsi-interface1] igmp enable

[SwitchB-Vsi-interface1] mac-address 1-1-1

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] local-proxy-arp enable

[SwitchB-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpna

[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchB-Vsi-interface2] igmp enable

[SwitchB-Vsi-interface2] mac-address 2-2-2

[SwitchB-Vsi-interface2] distributed-gateway local

[SwitchB-Vsi-interface2] local-proxy-arp enable

[SwitchB-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchB] interface vsi-interface 3

[SwitchB-Vsi-interface3] ip binding vpn-instance vpna

[SwitchB-Vsi-interface3] l3-vni 1000

[SwitchB-Vsi-interface3] pim sm

[SwitchB-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpna

[SwitchB-mrib-vpna] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchB-mvxlan-vpna] address-family ipv4

[SwitchB-mvxlan-vpna-ipv4] source loopback 0

[SwitchB-mvxlan-vpna-ipv4] quit

[SwitchB-mvxlan-vpna] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchB] interface loopback 1

[SwitchB-LoopBack1] ip binding vpn-instance vpna

[SwitchB-LoopBack1] ip address 12.12.12.12 32

[SwitchB-LoopBack1] pim sm

[SwitchB-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP

[SwitchB] pim vpn-instance vpna

[SwitchB-pim-vpna] c-bsr 12.12.12.12

[SwitchB-pim-vpna] c-rp 12.12.12.12

[SwitchB-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] gateway vsi-interface 2

[SwitchB-vsi-vpnb] quit

(4)     配置Switch C

# 开启L2VPN能力,使能IP组播路由。

<SwitchC> system-view

[SwitchC] l2vpn enable

[SwitchC] multicast routing

[SwitchC-mrib] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC] vxlan tunnel mac-learning disable

[SwitchC] vxlan tunnel arp-learning disable

# 创建VLAN接口13并进入视图。

[SwitchC] vlan 13

[SwitchC-vlan13] quit

[SwitchC] interface vlan-interface 13

# 在接口Vlan-interface 13上使能PIM-SM。

[SwitchC-Vlan-interface13] pim sm

[SwitchC-Vlan-interface13] quit

# 配置BGP发布EVPN路由。

[SwitchC] bgp 200

[SwitchC-bgp-default] peer 4.4.4.4 as-number 200

[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

# 配置VPN实例vpna的RD和RT。

[SwitchC] ip vpn-instance vpna

[SwitchC-vpn-instance-vpna] route-distinguisher 1:1

[SwitchC-vpn-instance-vpna] address-family ipv4

[SwitchC-vpn-ipv4-vpna] vpn-target 1:1

[SwitchC-vpn-ipv4-vpna] quit

[SwitchC-vpn-instance-vpna] address-family evpn

[SwitchC-vpn-evpn-vpna] vpn-target 1:1

[SwitchC-vpn-evpn-vpna] quit

[SwitchC-vpn-instance-vpna] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchC] interface vsi-interface 3

[SwitchC-Vsi-interface3] ip binding vpn-instance vpna

[SwitchC-Vsi-interface3] l3-vni 1000

[SwitchC-Vsi-interface3] pim sm

[SwitchC-Vsi-interface3] quit

# 使能VPN实例vpna中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpna

[SwitchC-mrib-vpna] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchC-mvxlan-vpna] address-family ipv4

[SwitchC-mvxlan-vpna-ipv4] source loopback 0

[SwitchC-mvxlan-vpna-ipv4] quit

[SwitchC-mvxlan-vpna] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack1] ip binding vpn-instance vpna

[SwitchC-LoopBack1] ip address 12.12.12.12 32

[SwitchC-LoopBack1] pim sm

[SwitchC-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP

[SwitchC] pim vpn-instance vpna

[SwitchC-pim-vpna] c-bsr 12.12.12.12

[SwitchC-pim-vpna] c-rp 12.12.12.12

[SwitchC-pim-vpna] quit

# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。

[SwitchC] ip route-static vpn-instance vpna 0.0.0.0 0 20.1.1.100

# 将缺省路由引入到VPN实例vpna的BGP IPv4单播路由表中。

[SwitchC] bgp 200

[SwitchC-bgp-default] ip vpn-instance vpna

[SwitchC-bgp-default-vpna] address-family ipv4 unicast

[SwitchC-bgp-default-ipv4-vpna] default-route imported

[SwitchC-bgp-default-ipv4-vpna] import-route static

[SwitchC-bgp-default-ipv4-vpna] quit

[SwitchC-bgp-default-vpna] quit

[SwitchC-bgp-default] quit

# 配置连接广域网的接口Ten-GigabitEthernet1/0/2与VPN实例vpna关联。

[SwitchC] interface ten-gigabitethernet 1/0/2

[SwitchC-Ten-GigabitEthernet1/0/2] ip binding vpn-instance vpna

[SwitchC-Ten-GigabitEthernet1/0/2] ip address 20.1.1.3 24

[SwitchC-Ten-GigabitEthernet1/0/2] pim sm

[SwitchC-Ten-GigabitEthernet1/0/2] quit

# 创建VLAN 20,并进入VLAN视图。

[SwitchC] vlan 20

[SwitchC-vlan20] quit

# 配置连接广域网的接口Vlan-interface20与VPN实例vpna关联。

[SwitchC] interface vlan-interface 20

[SwitchC-Vlan-interface20] ip binding vpn-instance vpna

[SwitchC-Vlan-interface20] ip address 20.1.1.3 24

[SwitchC-Vlan-interface20] pim sm

[SwitchC-Vlan-interface20] quit

(5)     配置Switch D

# 使能IP组播路由。

<SwitchD> system-view

[SwitchD] multicast routing

[SwitchD-mrib] quit

# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP

[SwitchD] pim

[SwitchD-pim] c-bsr 4.4.4.4

[SwitchD-pim] c-rp 4.4.4.4

[SwitchD-pim] quit

# 在接口Vlan-interface11上使能PIM-SM。

[SwitchD] interface vlan-interface11

[SwitchD-Vlan-interface11] pim sm

[SwitchD-Vlan-interface11] quit

# 在接口Vlan-interface12上使能PIM-SM。

[SwitchD] interface vlan-interface12

[SwitchD-Vlan-interface12] pim sm

[SwitchD-Vlan-interface12] quit

# 在接口Vlan-interface13上使能PIM-SM。

[SwitchD] interface vlan-interface13

[SwitchD-Vlan-interface13] pim sm

[SwitchD-Vlan-interface13] quit

# 配置Switch D与其他交换机建立BGP连接。

[SwitchD] bgp 200

[SwitchD-bgp-default] group evpn

[SwitchD-bgp-default] peer 1.1.1.1 group evpn

[SwitchD-bgp-default] peer 2.2.2.2 group evpn

[SwitchD-bgp-default] peer 3.3.3.3 group evpn

[SwitchD-bgp-default] peer evpn as-number 200

[SwitchD-bgp-default] peer evpn connect-interface loopback 0

# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer evpn enable

[SwitchD-bgp-default-evpn] undo policy vpn-target

# 配置Switch D为路由反射器。

[SwitchD-bgp-default-evpn] peer evpn reflect-client

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

4. 验证配置

(1)     查看Switch A的组播路由信息。

# 查看Swich A上VPN实例vpna的组播路由信息。

<SwitchA> display pim vpn-instance vpna routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 (*, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 02:57:31

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 02:57:31, Expires: -

 

(10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN

     UpTime: 04:44:08

     Upstream interface: Vsi-interface1

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel1

             Protocol: MD, UpTime: 02:00:27, Expires: -

# 查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

 Total 0 (*, G) entries; 2 (S, G) entries

 

(1.1.1.1, 236.0.0.1)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 02:09:52

     Upstream interface: MTunnel0 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 01:16:34, Expires: 00:03:10

 

(1.1.1.1, 239.0.1.0)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 02:08:52

     Upstream interface: MTunnel1 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 01:15:34, Expires: 00:03:11

(2)     查看Switch B的组播路由信息。

# 查看Switch B的VPN实例vpna的组播路由信息。

<SwitchB> display pim vpn-instance vpna routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: WC 

     UpTime: 05:04:06

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vsi-interface1

             Protocol: igmp, UpTime: 05:04:06, Expires: -

 

 (10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ FROMVXLAN

     UpTime: 01:57:12 

     Upstream interface: MVXLAN-UPE0 (0.0.0.0) 

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1 

         1: Vsi-interface1

             Protocol: pim-sm, UpTime: 01:57:12, Expires: -

# 查看Switch B公网的路由信息。

<SwitchB> display pim routing-table

Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:59:46

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.4 

         RPF prime neighbor: 12.1.1.4

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:59:46, Expires: -

 

(1.1.1.1, 239.0.1.0)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT ACT

     UpTime: 01:58:46

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.4 

         RPF prime neighbor: 12.1.1.4

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:58:46, Expires: -

3.14.2  对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)

1. 组网需求

Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。

Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。

虚拟机VM 1为组播源,其余VM为组播接收者。VM 1、VM 2和VM 3属于VPN实例vpna,VM 4属于VPN实例vpnb。VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。

2. 组网图

图3-2 对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)

 

3. 配置思路

组播接收者侧VTEP上存在组播源所在的VPN实例,该组网为对称跨VPN组网。在该组网中,组播源侧VTEP和组播接收者侧VTEP上相同VPN的RT必须相同,且只需要在与源VPN相同的VPN实例内配置组播VXLAN。

在对称跨VPN组网中,跨VPN组播转发路由的RPF选路策略既可以配置组播源侧VTEP上,也可以配置在组播接收者侧VTEP上。在组播接收者侧VTEP上,既可以配置基于L3VNI的选路策略,也可以配置基于VPN实例的选路策略。本举例仅以组播接收者侧VTEP上配置基于L3VNI的选路策略为例。

4. 配置步骤

 

(1)     配置IP地址和单播路由协议

# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)

# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)

(2)     配置Switch A

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchA> system-view

[SwitchA] l2vpn enable

[SwitchA] multicast routing

[SwitchA-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchA] igmp-snooping

[SwitchA-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# 创建VLAN接口11并进入视图。

[SwitchA] vlan 11

[SwitchA-vlan11] quit

[SwitchA] interface vlan-interface 11

# 在接口Vlan-interface 11上使能PIM-SM。

[SwitchA-Vlan-interface11] pim sm

[SwitchA-Vlan-interface11] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchA-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpna] igmp-snooping enable

[SwitchA-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例。

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] evpn encapsulation vxlan

[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchA-vsi-vpnb-evpn-vxlan] quit

# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpnb] igmp-snooping enable

[SwitchA-vsi-vpnb] igmp-snooping proxy enable

# 创建VXLAN 20。

[SwitchA-vsi-vpnb] vxlan 20

[SwitchA-vsi-vpnb-vxlan-20] quit

[SwitchA-vsi-vpnb] quit

# 配置BGP发布EVPN路由

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 4.4.4.4 as-number 200

[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

# 创建VLAN 2。

[SwitchA] vlan 2

[SwitchA-vlan2] quit

# 创建VLAN 3。

[SwitchA] vlan 3

[SwitchA-vlan3] quit

# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

# 配置以太网服务实例1000与VSI实例vpna关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3

# 配置以太网服务实例2000与VSI实例vpnb关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# 配置VPN实例vpna的RD和RT。

[SwitchA] ip vpn-instance vpna

[SwitchA-vpn-instance-vpna] route-distinguisher 1:1

[SwitchA-vpn-instance-vpna] address-family ipv4

[SwitchA-vpn-ipv4-vpna] vpn-target 1:1

[SwitchA-vpn-ipv4-vpna] quit

[SwitchA-vpn-instance-vpna] address-family evpn

[SwitchA-vpn-evpn-vpna] vpn-target 1:1

[SwitchA-vpn-evpn-vpna] quit

[SwitchA-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpna

[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vsi-interface1] pim sm

[SwitchA-Vsi-interface1] pim distributed-dr

[SwitchA-Vsi-interface1] mac-address 1-1-1

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] local-proxy-arp enable

[SwitchA-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip binding vpn-instance vpna

[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchA-Vsi-interface2] igmp enable

[SwitchA-Vsi-interface2] mac-address 2-2-2

[SwitchA-Vsi-interface2] distributed-gateway local

[SwitchA-Vsi-interface2] local-proxy-arp enable

[SwitchA-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000

[SwitchA] interface vsi-interface 3

[SwitchA-Vsi-interface3] ip binding vpn-instance vpna

[SwitchA-Vsi-interface3] l3-vni 1000

[SwitchA-Vsi-interface3] pim sm

[SwitchA-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchA] multicast routing vpn-instance vpna

[SwitchA-mrib-vpna] quit

# 创建VPN实例vpna的MVXLAN,并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchA-mvxlan-vpna] address-family ipv4

[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchA-mvxlan-vpna-ipv4] source loopback 0

[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 25

[SwitchA-mvxlan-vpna-ipv4] quit

[SwitchA-mvxlan-vpna] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchA] interface loopback 1

[SwitchA-LoopBack1] ip binding vpn-instance vpna

[SwitchA-LoopBack1] ip address 12.12.12.12 32

[SwitchA-LoopBack1] pim sm

[SwitchA-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP

[SwitchA] pim vpn-instance vpna

[SwitchA-pim-vpna] c-bsr 12.12.12.12

[SwitchA-pim-vpna] c-rp 12.12.12.12

[SwitchA-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] gateway vsi-interface 2

[SwitchA-vsi-vpnb] quit

(3)     配置Switch B

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchB> system-view

[SwitchB] l2vpn enable

[SwitchB] multicast routing

[SwitchB-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# 创建VLAN接口12并进入视图。

[SwitchB] vlan 12

[SwitchB-vlan12] quit 

[SwitchB] interface vlan-interface 12

# 在接口Vlan-interface 12上配置PIM-SM。

 [SwitchB-Vlan-interface12] pim sm

[SwitchB-Vlan-interface12] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchB-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpnc内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpna] igmp-snooping enable

[SwitchB-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例。

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] evpn encapsulation vxlan

[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchB-vsi-vpnb-evpn-vxlan] quit

# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpnb] igmp-snooping enable

[SwitchB-vsi-vpnb] igmp-snooping proxy enable

# 创建VXLAN 20。

[SwitchB-vsi-vpnb] vxlan 20

[SwitchB-vsi-vpnb-vxlan-20] quit

[SwitchB-vsi-vpnb] quit

# 配置BGP发布EVPN路由

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 4.4.4.4 as-number 200

[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

# 创建VLAN 2。

[SwitchB] vlan 2

[SwitchB-vlan2] quit

# 创建VLAN 3。

[SwitchB] vlan 3

[SwitchB-vlan3] quit

# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2通过。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000]encapsulation s-vid 2

# 配置以太网服务实例1000与VSI实例vpna关联。

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit

# 配置端口Ten-GigabitEthernet1/0/2为Trunk端口,允许VLAN 3通过。

[SwitchA] interface ten-gigabitethernet 1/0/2

[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3

# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。

[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3

# 配置以太网服务实例2000与VSI实例vpnb关联。

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit

[SwitchB-Ten-GigabitEthernet1/0/2] quit

# 配置VPN实例vpna的RD和RT。

[SwitchB] ip vpn-instance vpna

[SwitchB-vpn-instance-vpna] route-distinguisher 1:1

[SwitchB-vpn-instance-vpna] address-family ipv4

[SwitchB-vpn-ipv4-vpna] vpn-target 1:1

[SwitchB-vpn-ipv4-vpna] quit

[SwitchB-vpn-instance-vpna] address-family evpn

[SwitchB-vpn-evpn-vpna] vpn-target 1:1

[SwitchB-vpn-evpn-vpna] quit

[SwitchB-vpn-instance-vpna] quit

# 配置VPN实例vpnb的RD和RT。

[SwitchB] ip vpn-instance vpnb

[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2

[SwitchB-vpn-instance-vpnb] address-family ipv4

[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1

[SwitchB-vpn-ipv4-vpnb] quit

[SwitchB-vpn-instance-vpnb] address-family evpn

[SwitchB-vpn-evpn-vpnb] vpn-target 1:1

[SwitchB-vpn-evpn-vpnb] quit

[SwitchB-vpn-instance-vpnb] quit

# 配置VSI虚接口VSI-interface1。

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpna

[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchB-Vsi-interface1] igmp enable

[SwitchB-Vsi-interface1] mac-address 1-1-1

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] local-proxy-arp enable

[SwitchB-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb

[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchB-Vsi-interface2] igmp enable

[SwitchB-Vsi-interface2] mac-address 2-2-2

[SwitchB-Vsi-interface2] distributed-gateway local

[SwitchB-Vsi-interface2] local-proxy-arp enable

[SwitchB-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchB] interface vsi-interface 3

[SwitchB-Vsi-interface3] ip binding vpn-instance vpna

[SwitchB-Vsi-interface3] l3-vni 1000

[SwitchB-Vsi-interface3] pim sm

[SwitchB-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpna

[SwitchB-mrib-vpna] quit

# 使能VPN实例vpnb的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpnb

[SwitchB-mrib-vpnb] quit

# 创建VPN实例vpna的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchB-mvxlan-vpna] address-family ipv4

[SwitchB-mvxlan-vpna-ipv4] source loopback 0

[SwitchB-mvxlan-vpna-ipv4] quit

[SwitchB-mvxlan-vpna] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchB] interface loopback 1

[SwitchB-LoopBack1] ip binding vpn-instance vpna

[SwitchB-LoopBack1] ip address 12.12.12.12 32

[SwitchB-LoopBack1] pim sm

[SwitchB-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpna的C-BSR和C-RP

[SwitchB] pim vpn-instance vpna

[SwitchB-pim-vpna] c-bsr 12.12.12.12

[SwitchB-pim-vpna] c-rp 12.12.12.12

[SwitchB-pim-vpna] quit

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchB] interface loopback 2

[SwitchB-LoopBack2] ip binding vpn-instance vpnb

[SwitchB-LoopBack2] ip address 13.13.13.13 32

[SwitchB-LoopBack2] pim sm

[SwitchB-LoopBack2] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为VPN实例vpnb的C-BSR和C-RP

[SwitchB] pim vpn-instance vpnb

[SwitchB-pim-vpnb] c-bsr 13.13.13.13

[SwitchB-pim-vpnb] c-rp 13.13.13.13

[SwitchB-pim-vpnb] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] gateway vsi-interface 2

[SwitchB-vsi-vpnb] quit

# 配置跨VPN策略,将VPN实例vpna的流量引入到VPN实例vpnb中。

[SwitchB] multicast routing vpn-instance vpnb

[SwitchB-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16

(4)     配置Switch C

# 开启L2VPN能力,使能IP组播路由。

<SwitchC> system-view

[SwitchC] l2vpn enable

[SwitchC] multicast routing

[SwitchC-mrib] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC] vxlan tunnel mac-learning disable

[SwitchC] vxlan tunnel arp-learning disable

# 创建VLAN接口13并进入视图。

[SwitchC] vlan 13

[SwitchC-vlan13] quit

[SwitchC] interface vlan-interface 13

# 在接口Vlan-interface 13上使能PIM-SM。

[SwitchC-Vlan-interface13] pim sm

[SwitchC-Vlan-interface13] quit

# 配置BGP发布EVPN路由。

[SwitchC] bgp 200

[SwitchC-bgp-default] peer 4.4.4.4 as-number 200

[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

# 配置VPN实例vpna的RD和RT。

[SwitchC] ip vpn-instance vpna

[SwitchC-vpn-instance-vpna] route-distinguisher 1:1

[SwitchC-vpn-instance-vpna] address-family ipv4

[SwitchC-vpn-ipv4-vpna] vpn-target 1:1

[SwitchC-vpn-ipv4-vpna] quit

[SwitchC-vpn-instance-vpna] address-family evpn

[SwitchC-vpn-evpn-vpna] vpn-target 1:1

[SwitchC-vpn-evpn-vpna] quit

[SwitchC-vpn-instance-vpna] quit

# 配置VPN实例vpnb的RD和RT。

[SwitchC] ip vpn-instance vpnb

[SwitchC-vpn-instance-vpnb] route-distinguisher 2:2

[SwitchC-vpn-instance-vpnb] address-family ipv4

[SwitchC-vpn-ipv4-vpnb] vpn-target 1:1

[SwitchC-vpn-ipv4-vpnb] quit

[SwitchC-vpn-instance-vpnb] address-family evpn

[SwitchC-vpn-evpn-vpnb] vpn-target 1:1

[SwitchC-vpn-evpn-vpnb] quit

[SwitchC-vpn-instance-vpnb] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchC] interface vsi-interface 3

[SwitchC-Vsi-interface3] ip binding vpn-instance vpna

[SwitchC-Vsi-interface3] l3-vni 1000

[SwitchC-Vsi-interface3] pim sm

[SwitchC-Vsi-interface3] quit

# 使能VPN实例vpna中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpna

[SwitchC-mrib-vpna] quit

# 使能VPN实例vpnb中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpnb

[SwitchC-mrib-vpnb] quit

# 创建VPN实例vpna的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchC-mvxlan-vpna] address-family ipv4

[SwitchC-mvxlan-vpna-ipv4] source loopback 0

[SwitchC-mvxlan-vpna-ipv4] quit

[SwitchC-mvxlan-vpna] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack1] ip binding vpn-instance vpna

[SwitchC-LoopBack1] ip address 12.12.12.12 32

[SwitchC-LoopBack1] pim sm

[SwitchC-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpna的C-BSR和C-RP

[SwitchC] pim vpn-instance vpna

[SwitchC-pim-vpna] c-bsr 12.12.12.12

[SwitchC-pim-vpna] c-rp 12.12.12.12

[SwitchC-pim-vpna] quit

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchC] interface loopback 2

[SwitchC-LoopBack2] ip binding vpn-instance vpnb

[SwitchC-LoopBack2] ip address 13.13.13.13 32

[SwitchC-LoopBack2] pim sm

[SwitchC-LoopBack2] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为VPN实例vpnb的C-BSR和C-RP

[SwitchC] pim vpn-instance vpnb

[SwitchC-pim-vpnb] c-bsr 13.13.13.13

[SwitchC-pim-vpnb] c-rp 13.13.13.13

[SwitchC-pim-vpnb] quit

# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。

[SwitchC] ip route-static vpn-instance vpnb 0.0.0.0 0 20.1.1.100

# 将缺省路由引入到VPN实例vpnb的BGP IPv4单播路由表中。

[SwitchC] bgp 200

[SwitchC-bgp-default] ip vpn-instance vpnb

[SwitchC-bgp-default-vpnb] address-family ipv4 unicast

[SwitchC-bgp-default-ipv4-vpnb] default-route imported

[SwitchC-bgp-default-ipv4-vpnb] import-route static

[SwitchC-bgp-default-ipv4-vpnb] quit

[SwitchC-bgp-default-vpnb] quit

[SwitchC-bgp-default] quit

# 创建VLAN接口20并进入视图。

[SwitchC] vlan 20

[SwitchC-vlan20] quit

# 配置连接广域网的接口Vlan-interface 20与VPN实例vpnb关联。

[SwitchC] interface vlan-interface 20

[SwitchC-Vlan-interface20] ip binding vpn-instance vpnb

[SwitchC-Vlan-interface20] ip address 20.1.1.3 24

[SwitchC-Vlan-interface20] pim sm

[SwitchC-Vlan-interface20] quit

# 配置跨VPN策略将VPN实例vpna的流量转发到VPN实例vpnb中。

[SwitchC] multicast routing vpn-instance vpnb

[SwitchC-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16

(5)     配置Switch D

# 使能IP组播路由。

<SwitchD> system-view

[SwitchD] multicast routing

[SwitchD-mrib] quit

# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP

[SwitchD] pim

[SwitchD-pim] c-bsr 4.4.4.4

[SwitchD-pim] c-rp 4.4.4.4

[SwitchD-pim] quit

# 在接口Vlan-interface11上使能PIM-SM。

[SwitchD] interface vlan-interface11

[SwitchD-Vlan-interface11] pim sm

[SwitchD-Vlan-interface11] quit

# 在接口Vlan-interface12上使能PIM-SM。

[SwitchD] interface vlan-interface12

[SwitchD-Vlan-interface12] pim sm

[SwitchD-Vlan-interface12] quit

# 在接口Vlan-interface13上使能PIM-SM。

[SwitchD] interface vlan-interface13

[SwitchD-Vlan-interface13] pim sm

[SwitchD-Vlan-interface13] quit

# 配置Switch D与其他交换机建立BGP连接。

[SwitchD] bgp 200

[SwitchD-bgp-default] group evpn

[SwitchD-bgp-default] peer 1.1.1.1 group evpn

[SwitchD-bgp-default] peer 2.2.2.2 group evpn

[SwitchD-bgp-default] peer 3.3.3.3 group evpn

[SwitchD-bgp-default] peer evpn as-number 200

[SwitchD-bgp-default] peer evpn connect-interface loopback 0

# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer evpn enable

[SwitchD-bgp-default-evpn] undo policy vpn-target

# 配置Switch D为路由反射器。

[SwitchD-bgp-default-evpn] peer evpn reflect-client

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

5. 验证配置

(1)     查看Switch A的组播路由信息。

# 查看Swich A上VPN实例vpna的组播路由信息。

<SwitchA> display pim vpn-instance vpna routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 (*, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 03:01:20

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 02:57:31, Expires: -

2: Vsi-interface2

             Protocol: igmp, UpTime: 03:01:22, Expires: -

 

(10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN

     UpTime: 03:01:20

     Upstream interface: Vsi-interface1

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel1

             Protocol: MD, UpTime: 02:56:31, Expires: -

2: Vsi-interface2

             Protocol: igmp, UpTime: 03:01:22, Expires: -

# 查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

 Total 0 (*, G) entries; 2 (S, G) entries

 

(1.1.1.1, 236.0.0.1)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 04:09:52

     Upstream interface: MTunnel0 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 04:09:40, Expires: 00:03:10

 

(1.1.1.1, 239.0.1.0)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 03:00:20

     Upstream interface: MTunnel1 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 03:00:20, Expires: 00:03:11

(2)     查看Switch B的组播路由信息。

# 查看Switch B的VPN实例vpna的组播路由信息。

<SwitchB> display pim vpn-instance vpna routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: WC 

     UpTime: 03:01:20

     Upstream interface: Register-Tunnel0    

         Upstream neighbor: NULL

         RPF prime neighbor: NULL 

     Downstream interface information: 

     Total number of downstream interfaces: 2

         1: Extranet (VPN: vpnb)

             Protocol: MD, UpTime: 03:01:20, Expires: -

2: Vsi-interface1

             Protocol: igmp, UpTime: 03:01:20, Expires: -

 

 (10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT ACT FROMVXLAN 

     UpTime: 03:00:20 

     Upstream interface: MVXLAN-UPE0 (0.0.0.0) 

Upstream neighbor: NULL

        RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 2 

         1: Extranet (VPN: vpnb)

             Protocol: MD, UpTime: 03:00:20, Expires: -

2: Vsi-interface1

             Protocol: pim-sm, UpTime: 03:00:20, Expires: -

# 查看Switch B的VPN实例vpnb的组播路由信息。

<SwitchB> display pim vpn-instance vpnb routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.0)

     RP: 13.13.13.13 (local)

     Protocol: pim-sm, Flag: WC 

     UpTime: 03:01:20

     Upstream interface: Extranet (VPN: vpna, l3-vni: 1000)

         Upstream neighbor: 127.0.0.1

         RPF prime neighbor: 127.0.0.1

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vsi-interface2

             Protocol: igmp, UpTime: 05:04:11, Expires: -

 

 (10.1.1.10, 225.0.0.0)

     RP: 13.13.13.13 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN

     UpTime: 03:00:20 

     Upstream interface: Extranet (VPN: vpna, l3-vni: 1000) 

         Upstream neighbor: 127.0.0.1

         RPF prime neighbor: 127.0.0.1

     Downstream interface information: 

     Total number of downstream interfaces: 1 

         1: Vsi-interface2

             Protocol: pim-sm, UpTime: 03:00:20, Expires: -

# 查看Switch B公网的路由信息。

<SwitchB> display pim routing-table

Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT

     UpTime: 04:09:00

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.4 

         RPF prime neighbor: 12.1.1.4

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 04:09:40, Expires: -

 

(1.1.1.1, 239.0.1.0)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT ACT 2MVPN

     UpTime: 03:00:20 

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.4 

         RPF prime neighbor: 12.1.1.4

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 03:00:20, Expires: -

3.14.3  非对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)

1. 组网需求

Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。

Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。

虚拟机VM 1为组播源,其余VM为组播接收者。VM 1和VM 2属于VPN实例vpna,VM 3属于VPN实例vpnb,VM 4属于VPN实例vpnc。VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。

2. 组网图

图3-3 非对称跨VPN组网MVXLAN三层组播互通配置举例(接收者侧配置策略)

 

3. 配置思路

组播接收者侧VTEP上不存在组播源所在的VPN实例,该组网为非对称跨VPN组网。在该组网中,组播接收者侧VTEP上组播接收者所在VPN实例的RT必须和组播源侧VTEP上组播源所在VPN实例的RT相同。

在非对称跨VPN组网中,跨VPN组播转发路由的RPF选路策略既可以配置组播源侧VTEP上,也可以配置在组播接收者侧VTEP上。在组播接收者侧VTEP上,仅可以配置基于L3VNI的选路策略。本举例仅以组播接收者侧VTEP上配置基于L3VNI的选路策略为例。

4. 配置步骤

 

(1)     配置IP地址和单播路由协议

# 在VM 1和VM 3上指定网关地址为10.1.1.1;在VM 2和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)

# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)

(2)     配置Switch A

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchA> system-view

[SwitchA] l2vpn enable

[SwitchA] multicast routing

[SwitchA-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchA] igmp-snooping

[SwitchA-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# 创建VLAN接口11并进入视图。

[SwitchA] vlan 11

[SwitchA-vlan11] quit

[SwitchA] interface vlan-interface 11

# 在接口Vlan-interface 11上使能PIM-SM。

[SwitchA-Vlan-interface11] pim sm

[SwitchA-Vlan-interface11] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchA-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpna] igmp-snooping enable

[SwitchA-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例。

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] evpn encapsulation vxlan

[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchA-vsi-vpnb-evpn-vxlan] quit

# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpnb] igmp-snooping enable

[SwitchA-vsi-vpnb] igmp-snooping proxy enable

# 创建VXLAN 20。

[SwitchA-vsi-vpnb] vxlan 20

[SwitchA-vsi-vpnb-vxlan-20] quit

[SwitchA-vsi-vpnb] quit

# 配置BGP发布EVPN路由

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 4.4.4.4 as-number 200

[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

# 创建VLAN 2。

[SwitchA] vlan 2

[SwitchA-vlan2] quit

# 创建VLAN 3。

[SwitchA] vlan 3

[SwitchA-vlan3] quit

# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

# 配置以太网服务实例1000与VSI实例vpna关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3

# 配置以太网服务实例2000与VSI实例vpnb关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# 配置VPN实例vpna的RD和RT。

[SwitchA] ip vpn-instance vpna

[SwitchA-vpn-instance-vpna] route-distinguisher 1:1

[SwitchA-vpn-instance-vpna] address-family ipv4

[SwitchA-vpn-ipv4-vpna] vpn-target 1:1

[SwitchA-vpn-ipv4-vpna] quit

[SwitchA-vpn-instance-vpna] address-family evpn

[SwitchA-vpn-evpn-vpna] vpn-target 1:1

[SwitchA-vpn-evpn-vpna] quit

[SwitchA-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpna

[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vsi-interface1] pim sm

[SwitchA-Vsi-interface1] pim distributed-dr

[SwitchA-Vsi-interface1] mac-address 1-1-1

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] local-proxy-arp enable

[SwitchA-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip binding vpn-instance vpna

[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchA-Vsi-interface2] igmp enable

[SwitchA-Vsi-interface2] mac-address 2-2-2

[SwitchA-Vsi-interface2] distributed-gateway local

[SwitchA-Vsi-interface2] local-proxy-arp enable

[SwitchA-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000

[SwitchA] interface vsi-interface 3

[SwitchA-Vsi-interface3] ip binding vpn-instance vpna

[SwitchA-Vsi-interface3] l3-vni 1000

[SwitchA-Vsi-interface3] pim sm

[SwitchA-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchA] multicast routing vpn-instance vpna

[SwitchA-mrib-vpna] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchA-mvxlan-vpna] address-family ipv4

[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchA-mvxlan-vpna-ipv4] source loopback 0

[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 25

[SwitchA-mvxlan-vpna-ipv4] quit

[SwitchA-mvxlan-vpna] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchA] interface loopback 1

[SwitchA-LoopBack1] ip binding vpn-instance vpna

[SwitchA-LoopBack1] ip address 12.12.12.12 32

[SwitchA-LoopBack1] pim sm

[SwitchA-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP

[SwitchA] pim vpn-instance vpna

[SwitchA-pim-vpna] c-bsr 12.12.12.12

[SwitchA-pim-vpna] c-rp 12.12.12.12

[SwitchA-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] gateway vsi-interface 2

[SwitchA-vsi-vpnb] quit

(3)     配置Switch B

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchB> system-view

[SwitchB] l2vpn enable

[SwitchB] multicast routing

[SwitchB-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# 创建VLAN接口12并进入视图。

[SwitchB] vlan 12

[SwitchB-vlan12] quit 

[SwitchB] interface vlan-interface 12

# 在接口Vlan-interface 12上配置PIM-SM。

[SwitchB-Vlan-interface12] pim sm

[SwitchB-Vlan-interface12] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchB-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpna] igmp-snooping enable

[SwitchB-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例。

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] evpn encapsulation vxlan

[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchB-vsi-vpnb-evpn-vxlan] quit

# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpnb] igmp-snooping enable

[SwitchB-vsi-vpnb] igmp-snooping proxy enable

# 创建VXLAN 20。

[SwitchB-vsi-vpnb] vxlan 20

[SwitchB-vsi-vpnb-vxlan-20] quit

[SwitchB-vsi-vpnb] quit

# 配置BGP发布EVPN路由

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 4.4.4.4 as-number 200

[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

# 创建VLAN 2。

[SwitchB] vlan 2

[SwitchB-vlan2] quit

# 创建VLAN 3。

[SwitchB] vlan 3

[SwitchB-vlan3] quit

# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2通过。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000]encapsulation s-vid 2

# 配置以太网服务实例1000与VSI实例vpna关联。

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit

# 配置端口Ten-GigabitEthernet1/0/2为Trunk端口,允许VLAN 3通过。

[SwitchA] interface ten-gigabitethernet 1/0/2

[SwitchA-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3

# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。

[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3

# 配置以太网服务实例2000与VSI实例vpnb关联。

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit

[SwitchB-Ten-GigabitEthernet1/0/2] quit

# 配置VPN实例vpnb的RD和RT。

[SwitchB] ip vpn-instance vpnb

[SwitchB-vpn-instance-vpnb] route-distinguisher 2:2

[SwitchB-vpn-instance-vpnb] address-family ipv4

[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1

[SwitchB-vpn-ipv4-vpnb] quit

[SwitchB-vpn-instance-vpnb] address-family evpn

[SwitchB-vpn-evpn-vpnb] vpn-target 1:1

[SwitchB-vpn-evpn-vpnb] quit

[SwitchB-vpn-instance-vpnb] quit

# 配置VPN实例vpnc的RD和RT。

[SwitchB] ip vpn-instance vpnc

[SwitchB-vpn-instance-vpnc] route-distinguisher 3:3

[SwitchB-vpn-instance-vpnc] address-family ipv4

[SwitchB-vpn-ipv4-vpnc] vpn-target 1:1

[SwitchB-vpn-ipv4-vpnc] quit

[SwitchB-vpn-instance-vpnc] address-family evpn

[SwitchB-vpn-evpn-vpnc] vpn-target 1:1

[SwitchB-vpn-evpn-vpnc] quit

[SwitchB-vpn-instance-vpnc] quit

# 配置VSI虚接口VSI-interface1。

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpnb

[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchB-Vsi-interface1] igmp enable

[SwitchB-Vsi-interface1] mac-address 1-1-1

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] local-proxy-arp enable

[SwitchB-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpnc

[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchB-Vsi-interface2] igmp enable

[SwitchB-Vsi-interface2] mac-address 2-2-2

[SwitchB-Vsi-interface2] distributed-gateway local

[SwitchB-Vsi-interface2] local-proxy-arp enable

[SwitchB-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置公网实例对应的L3VNI为1000。

[SwitchB] interface vsi-interface 3

[SwitchB-Vsi-interface3] l3-vni 1000

[SwitchB-Vsi-interface3] pim sm

[SwitchB-Vsi-interface3] quit

# 使能VPN实例vpnb的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpnb

[SwitchB-mrib-vpnb] quit

# 使能VPN实例vpnc的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpnc

[SwitchB-mrib-vpnc] quit

# 创建VPN实例vpnb的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt

[SwitchB-mvxlan-vpnb] address-family ipv4

[SwitchB-mvxlan-vpnb-ipv4] source loopback 0

[SwitchB-mvxlan-vpnb-ipv4] quit

[SwitchB-mvxlan-vpnb] quit

# 创建VPN实例vpnc的MVXLAN,并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchB] multicast-vpn vxlan vpn-instance vpnc mode mdt

[SwitchB-mvxlan-vpnc] address-family ipv4

[SwitchB-mvxlan-vpnc-ipv4] source loopback 0

[SwitchB-mvxlan-vpnc-ipv4] quit

[SwitchB-mvxlan-vpnc] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchB] interface loopback 1

[SwitchB-LoopBack1] ip binding vpn-instance vpnb

[SwitchB-LoopBack1] ip address 12.12.12.12 32

[SwitchB-LoopBack1] pim sm

[SwitchB-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpnb的C-BSR和C-RP

[SwitchB] pim vpn-instance vpnb

[SwitchB-pim-vpnb] c-bsr 12.12.12.12

[SwitchB-pim-vpnb] c-rp 12.12.12.12

[SwitchB-pim-vpnb] quit

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchB] interface loopback 2

[SwitchB-LoopBack2] ip binding vpn-instance vpnc

[SwitchB-LoopBack2] ip address 13.13.13.13 32

[SwitchB-LoopBack2] pim sm

[SwitchB-LoopBack2] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为VPN实例vpnc的C-BSR和C-RP

[SwitchB] pim vpn-instance vpnc

[SwitchB-pim-vpnc] c-bsr 13.13.13.13

[SwitchB-pim-vpnc] c-rp 13.13.13.13

[SwitchB-pim-vpnc] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] gateway vsi-interface 2

[SwitchB-vsi-vpnb] quit

# 配置跨VPN策略,将源VPN实例vpna的流量引入到接收者VPN实例vpnb和vpnc中。

[SwitchB] multicast routing vpn-instance vpnb

[SwitchB-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16

[SwitchB] multicast routing vpn-instance vpnc

[SwitchB-mrib-vpnc] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16

(4)     配置Switch C

# 开启L2VPN能力,使能IP组播路由。

<SwitchC> system-view

[SwitchC] l2vpn enable

[SwitchC] multicast routing

[SwitchC-mrib] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC] vxlan tunnel mac-learning disable

[SwitchC] vxlan tunnel arp-learning disable

# 创建VLAN接口13并进入视图。

[SwitchC] vlan 13

[SwitchC-vlan13] quit

[SwitchC] interface vlan-interface 13

# 在接口Vlan-interface 13上使能PIM-SM。

[SwitchC-Vlan-interface13] pim sm

[SwitchC-Vlan-interface13] quit

# 配置BGP发布EVPN路由。

[SwitchC] bgp 200

[SwitchC-bgp-default] peer 4.4.4.4 as-number 200

[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

# 配置VPN实例vpnb的RD和RT。

[SwitchC] ip vpn-instance vpnb

[SwitchC-vpn-instance-vpnb] route-distinguisher 1:1

[SwitchC-vpn-instance-vpnb] address-family ipv4

[SwitchC-vpn-ipv4-vpnb] vpn-target 1:1

[SwitchC-vpn-ipv4-vpnb] quit

[SwitchC-vpn-instance-vpnb] address-family evpn

[SwitchC-vpn-evpn-vpnb] vpn-target 1:1

[SwitchC-vpn-evpn-vpnb] quit

[SwitchC-vpn-instance-vpnb] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置公网实例对应的L3VNI为1000。

[SwitchC] interface vsi-interface 3

[SwitchC-Vsi-interface3] l3-vni 1000

[SwitchC-Vsi-interface3] pim sm

[SwitchC-Vsi-interface3] quit

# 使能VPN实例vpnb中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpnb

[SwitchC-mrib-vpnb] quit

# 创建VPN实例vpnb的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchC] multicast-vpn vxlan vpn-instance vpnb mode mdt

[SwitchC-mvxlan-vpnb] address-family ipv4

[SwitchC-mvxlan-vpnb-ipv4] source loopback 0

[SwitchC-mvxlan-vpnb-ipv4] quit

[SwitchC-mvxlan-vpnb] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack1] ip binding vpn-instance vpnb

[SwitchC-LoopBack1] ip address 12.12.12.12 32

[SwitchC-LoopBack1] pim sm

[SwitchC-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpnb的C-BSR和C-RP

[SwitchC] pim vpn-instance vpnb

[SwitchC-pim-vpnb] c-bsr 12.12.12.12

[SwitchC-pim-vpnb] c-rp 12.12.12.12

[SwitchC-pim-vpnb] quit

# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。

[SwitchC] ip route-static vpn-instance vpnb 0.0.0.0 0 20.1.1.100

# 将缺省路由引入到VPN实例vpnb的BGP IPv4单播路由表中。

[SwitchC] bgp 200

[SwitchC-bgp-default] ip vpn-instance vpnb

[SwitchC-bgp-default-vpnb] address-family ipv4 unicast

[SwitchC-bgp-default-ipv4-vpnb] default-route imported

[SwitchC-bgp-default-ipv4-vpnb] import-route static

[SwitchC-bgp-default-ipv4-vpnb] quit

[SwitchC-bgp-default-vpnb] quit

[SwitchC-bgp-default] quit

# 创建VLAN接口20并进入视图。

[SwitchC] vlan 20

[SwitchC-vlan20] quit

# 配置连接广域网的接口Vlan-interface 20与VPN实例vpnb关联。

[SwitchC] interface vlan-interface 20

[SwitchC-Vlan-interface20] ip binding vpn-instance vpnb

[SwitchC-Vlan-interface20] ip address 20.1.1.3 24

[SwitchC-Vlan-interface20] pim sm

[SwitchC-Vlan-interface20] quit

# 配置跨VPN策略将VPN实例vpna的流量转发到VPN实例vpnb中。

[SwitchC] multicast routing vpn-instance vpnb

[SwitchC-mrib-vpnb] multicast extranet select-rpf l3-vni 1000 group 225.0.0.0 16

(5)     配置Switch D

# 使能IP组播路由。

<SwitchD> system-view

[SwitchD] multicast routing

[SwitchD-mrib] quit

# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP

[SwitchD] pim

[SwitchD-pim] c-bsr 4.4.4.4

[SwitchD-pim] c-rp 4.4.4.4

[SwitchD-pim] quit

# 在接口Vlan-interface11上使能PIM-SM。

[SwitchD] interface vlan-interface11

[SwitchD-Vlan-interface11] pim sm

[SwitchD-Vlan-interface11] quit

# 在接口Vlan-interface12上使能PIM-SM。

[SwitchD] interface vlan-interface12

[SwitchD-Vlan-interface12] pim sm

[SwitchD-Vlan-interface12] quit

# 在接口Vlan-interface13上使能PIM-SM。

[SwitchD] interface vlan-interface13

[SwitchD-Vlan-interface13] pim sm

[SwitchD-Vlan-interface13] quit

# 配置Switch D与其他交换机建立BGP连接。

[SwitchD] bgp 200

[SwitchD-bgp-default] group evpn

[SwitchD-bgp-default] peer 1.1.1.1 group evpn

[SwitchD-bgp-default] peer 2.2.2.2 group evpn

[SwitchD-bgp-default] peer 3.3.3.3 group evpn

[SwitchD-bgp-default] peer evpn as-number 200

[SwitchD-bgp-default] peer evpn connect-interface loopback 0

# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer evpn enable

[SwitchD-bgp-default-evpn] undo policy vpn-target

# 配置Switch D为路由反射器。

[SwitchD-bgp-default-evpn] peer evpn reflect-client

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

5. 验证配置

(1)     查看Switch A的组播路由信息。

# 查看Swich A上VPN实例vpna的组播路由信息。

<SwitchA> display pim vpn-instance vpna routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 (*, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 02:57:31

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 02:56:31, Expires: -

2: Vsi-interface2

             Protocol: igmp, UpTime: 02:57:31, Expires: -

 

(10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN

     UpTime: 02:56:31

     Upstream interface: Vsi-interface1

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel1

             Protocol: MD, UpTime: 02:56:21, Expires: -

2: Vsi-interface2

             Protocol: igmp, UpTime: 02:56:31, Expires: -

# 查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

 Total 0 (*, G) entries; 2 (S, G) entries

 

(1.1.1.1, 236.0.0.1)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 03:09:52

     Upstream interface: MTunnel0 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 03:08:52, Expires: 00:03:10

 

(1.1.1.1, 239.0.1.0)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 02:55:31

     Upstream interface: MTunnel1 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 02:55:20, Expires: 00:03:11

(2)     查看Switch B的组播路由信息。

# 查看Switch B的VPN实例vpnb的组播路由信息。

<SwitchB> display pim vpn-instance vpnb routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: WC 

     UpTime: 02:56:32

     Upstream interface: Extranet (public instance, l3-vni: 1000)

         Upstream neighbor: 127.0.0.1 

         RPF prime neighbor: 127.0.0.1 

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vsi-interface1

             Protocol: igmp, UpTime: 02:56:32, Expires: -

 

 (10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN 

     UpTime: 02:55:20

     Upstream interface: Extranet (public instance, l3-vni: 1000)

Upstream neighbor: 127.0.0.1

        RPF prime neighbor: 127.0.0.1

     Downstream interface information: 

     Total number of downstream interfaces: 1 

         1: Vsi-interface1

             Protocol: pim-sm, UpTime: 02:55:20, Expires: -

# 查看Switch B的VPN实例vpnc的组播路由信息。

<SwitchB> display pim vpn-instance vpnc routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.0)

     RP: 13.13.13.13 (local)

     Protocol: pim-sm, Flag: WC 

     UpTime: 02:56:32

     Upstream interface: Extranet (public instance, l3-vni: 1000)

         Upstream neighbor: 127.0.0.1 

         RPF prime neighbor: 127.0.0.1 

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vsi-interface2

             Protocol: igmp, UpTime: 02:56:32, Expires: -

 

 (10.1.1.10, 225.0.0.0)

     RP: 13.13.13.13 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN 

     UpTime: 02:55:20 

     Upstream interface: Extranet (public instance, l3-vni: 1000) 

Upstream neighbor: 127.0.0.1

        RPF prime neighbor: 127.0.0.1

     Downstream interface information: 

     Total number of downstream interfaces: 1 

         1: Vsi-interface2

             Protocol: pim-sm, UpTime: 02:55:20, Expires: -

# 查看Switch B公网的路由信息。

<SwitchB> display pim routing-table

Total 0 (*, G) entries; 2 (S, G) entries

(1.1.1.1, 236.0.0.1)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT

     UpTime: 03:08:52

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.4 

         RPF prime neighbor: 12.1.1.4

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 03:08:52, Expires: -

 

(1.1.1.1, 239.0.1.0)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT ACT 2MVPN 

     UpTime: 02:55:31

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.4 

         RPF prime neighbor: 12.1.1.4

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 02:55:31, Expires: -

3.14.4  存在公网接收者跨VPN组网MVXLAN三层组播互通配置举例

1. 组网需求

Switch A和Switch B为分布式EVPN网关设备;Switch C为与广域网连接的边界网关设备;Switch D为RR,负责在交换机之间反射BGP路由。

Switch A、Switch B、Switch C和Switch D的公网接口均配置PIM-SM,Switch A、Switch B和Switch C使能IGMP Snooping功能,用于建立组播转发表项。

虚拟机VM 1为组播源,其余VM为组播接收者。VM 1和VM 2属于VPN实例vpna,VM 3属于公网,VM 4属于VPN实例vpnb。VM 1和VM 3属于VXLAN 10;VM 2和VM 4属于VXLAN 20。

2. 组网图

图3-4 存在公网接收者跨VPN组网MVXLAN三层组播互通配置举例

 

3. 配置思路

组播接收者侧VTEP上只有公网加入,不需要配置跨VPN策略,需要配置公网实例的MVXLAN配置。

接收者侧VTEP上如果同时存在公网加入和其他私网加入,公网加入不需要配置跨VPN策略,但是私网加入必须配置不带l3-vni参数和vpn-instance参数的跨VPN策略。这种组网可以配置公网实例的MVXLAN配置或者私网实例的MVXLAN配置。

4. 配置步骤

 

(1)     配置IP地址和单播路由协议

# 在VM 1和VM 2上指定网关地址为10.1.1.1;在VM 3和VM 4上指定网关地址为10.1.2.1。(具体配置过程略)

# 配置各接口的IP地址和子网掩码;在IP核心网络内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)

(2)     配置Switch A

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchA> system-view

[SwitchA] l2vpn enable

[SwitchA] multicast routing

[SwitchA-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchA] igmp-snooping

[SwitchA-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# 创建VLAN接口11并进入视图。

[SwitchA] vlan 11

[SwitchA-vlan11] quit

[SwitchA] interface vlan-interface 11

# 在接口Vlan-interface 11上使能PIM-SM。

[SwitchA-Vlan-interface11] pim sm

[SwitchA-Vlan-interface11] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchA-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpna] igmp-snooping enable

[SwitchA-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例。

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] evpn encapsulation vxlan

[SwitchA-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchA-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchA-vsi-vpnb-evpn-vxlan] quit

# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpnb] igmp-snooping enable

[SwitchA-vsi-vpnb] igmp-snooping proxy enable

# 创建VXLAN 20。

[SwitchA-vsi-vpnb] vxlan 20

[SwitchA-vsi-vpnb-vxlan-20] quit

[SwitchA-vsi-vpnb] quit

# 配置BGP发布EVPN路由

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 4.4.4.4 as-number 200

[SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

# 创建VLAN 2。

[SwitchA] vlan 2

[SwitchA-vlan2] quit

# 创建VLAN 3。

[SwitchA] vlan 3

[SwitchA-vlan3] quit

# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2、3通过。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2 3

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2

# 配置以太网服务实例1000与VSI实例vpna关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 3

# 配置以太网服务实例2000与VSI实例vpnb关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb

[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# 配置VPN实例vpna的RD和RT。

[SwitchA] ip vpn-instance vpna

[SwitchA-vpn-instance-vpna] route-distinguisher 1:1

[SwitchA-vpn-instance-vpna] address-family ipv4

[SwitchA-vpn-ipv4-vpna] vpn-target 1:1

[SwitchA-vpn-ipv4-vpna] quit

[SwitchA-vpn-instance-vpna] address-family evpn

[SwitchA-vpn-evpn-vpna] vpn-target 1:1

[SwitchA-vpn-evpn-vpna] quit

[SwitchA-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpna

[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vsi-interface1] pim sm

[SwitchA-Vsi-interface1] pim distributed-dr

[SwitchA-Vsi-interface1] mac-address 1-1-1

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] local-proxy-arp enable

[SwitchA-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip binding vpn-instance vpna

[SwitchA-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchA-Vsi-interface2] igmp enable

[SwitchA-Vsi-interface2] mac-address 2-2-2

[SwitchA-Vsi-interface2] distributed-gateway local

[SwitchA-Vsi-interface2] local-proxy-arp enable

[SwitchA-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000

[SwitchA] interface vsi-interface 3

[SwitchA-Vsi-interface3] ip binding vpn-instance vpna

[SwitchA-Vsi-interface3] l3-vni 1000

[SwitchA-Vsi-interface3] pim sm

[SwitchA-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchA] multicast routing vpn-instance vpna

[SwitchA-mrib-vpna] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchA-mvxlan-vpna] address-family ipv4

[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchA-mvxlan-vpna-ipv4] source loopback 0

[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.1.0 25

[SwitchA-mvxlan-vpna-ipv4] quit

[SwitchA-mvxlan-vpna] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchA] interface loopback 1

[SwitchA-LoopBack1] ip binding vpn-instance vpna

[SwitchA-LoopBack1] ip address 12.12.12.12 32

[SwitchA-LoopBack1] pim sm

[SwitchA-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为VPN实例vpna的C-BSR和C-RP。

[SwitchA] pim vpn-instance vpna

[SwitchA-pim-vpna] c-bsr 12.12.12.12

[SwitchA-pim-vpna] c-rp 12.12.12.12

[SwitchA-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchA] vsi vpnb

[SwitchA-vsi-vpnb] gateway vsi-interface 2

[SwitchA-vsi-vpnb] quit

(3)     配置Switch B

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchB> system-view

[SwitchB] l2vpn enable

[SwitchB] multicast routing

[SwitchB-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# 创建VLAN接口12并进入视图。

[SwitchB] vlan 12

[SwitchB-vlan12] quit 

[SwitchB] interface vlan-interface 12

# 在接口Vlan-interface 12上配置PIM-SM。

[SwitchB-Vlan-interface12] pim sm

[SwitchB-Vlan-interface12] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchB-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpna] igmp-snooping enable

[SwitchB-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# 在VSI实例vpnb下创建EVPN实例。

[SwitchB] vsi vpnb

[SwitchB-vsi-vpnb] evpn encapsulation vxlan

[SwitchB-vsi-vpnb-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto export-extcommunity

[SwitchB-vsi-vpnb-evpn-vxlan] vpn-target auto import-extcommunity

[SwitchB-vsi-vpnb-evpn-vxlan] quit

# 在VSI实例vpnb内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpnb] igmp-snooping enable

[SwitchB-vsi-vpnb] igmp-snooping proxy enable

# 创建VXLAN 20。

[SwitchB-vsi-vpnb] vxlan 20

[SwitchB-vsi-vpnb-vxlan-20] quit

[SwitchB-vsi-vpnb] quit

# 配置BGP发布EVPN路由

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 4.4.4.4 as-number 200

[SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

# 创建VLAN 2。

[SwitchB] vlan 2

[SwitchB-vlan2] quit

# 创建VLAN 3。

[SwitchB] vlan 3

[SwitchB-vlan3] quit

# 配置端口Ten-GigabitEthernet1/0/1为Trunk端口,允许VLAN 2通过。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 2

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例1000,该实例用来匹配VLAN 2的数据帧。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000]encapsulation s-vid 2

# 配置以太网服务实例1000与VSI实例vpna关联。

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna

[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit

# 配置端口Ten-GigabitEthernet1/0/2为Trunk端口,允许VLAN 3通过。

[SwitchB] interface ten-gigabitethernet 1/0/2

[SwitchB-Ten-GigabitEthernet1/0/2] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 3

# 在接口Ten-GigabitEthernet1/0/2上创建以太网服务实例2000,该实例用来匹配VLAN 3的数据帧。

[SwitchB-Ten-GigabitEthernet1/0/2] service-instance 2000

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] encapsulation s-vid 3

# 配置以太网服务实例2000与VSI实例vpnb关联。

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] xconnect vsi vpnb

[SwitchB-Ten-GigabitEthernet1/0/2-srv2000] quit

[SwitchB-Ten-GigabitEthernet1/0/2] quit

# 配置VPN实例vpnb 的L3VNI的RD和RT。

[SwitchB] ip vpn-instance vpnb

[SwitchB-vpn-instance-vpnb] route-distinguisher 1:1

[SwitchB-vpn-instance-vpnb] address-family ipv4

[SwitchB-vpn-ipv4-vpnb] vpn-target 1:1

[SwitchB-vpn-ipv4-vpnb] quit

[SwitchB-vpn-instance-vpnb] address-family evpn

[SwitchB-vpn-evpn-vpnb] vpn-target 1:1

[SwitchB-vpn-evpn-vpnb] quit

[SwitchB-vpn-instance-vpnb] quit

# 配置公网实例的RD和RT。

[SwitchB] ip public-instance

[SwitchB-public-instance] route-distinguisher 2:2

[SwitchB-public-instance] address-family ipv4

[SwitchB-public-instance-ipv4] vpn-target 1:1

[SwitchB-public-instance-ipv4] quit

[SwitchB-public-instance] address-family evpn

[SwitchB-public-instance-evpn] vpn-target 1:1

[SwitchB-public-instance-evpn] quit

[SwitchB-public-instance] quit

# 配置VSI虚接口VSI-interface1。

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchB-Vsi-interface1] igmp enable

[SwitchB-Vsi-interface1] mac-address 1-1-1

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] local-proxy-arp enable

[SwitchB-Vsi-interface1] quit

# 配置VSI虚接口VSI-interface2。

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpnb

[SwitchB-Vsi-interface2] ip address 10.1.2.1 255.255.255.0

[SwitchB-Vsi-interface2] igmp enable

[SwitchB-Vsi-interface2] mac-address 2-2-2

[SwitchB-Vsi-interface2] distributed-gateway local

[SwitchB-Vsi-interface2] local-proxy-arp enable

[SwitchB-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface4,在该接口上配置公网实例对应的L3VNI为1000。

[SwitchB] interface vsi-interface 4

[SwitchB-Vsi-interface4] l3-vni 1000

[SwitchB-Vsi-interface4] pim sm

[SwitchB-Vsi-interface4] quit

# 使能VPN实例vpnb的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpnb

[SwitchB-mrib-vpnb] quit

# 创建VPN实例vpnb的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchB] multicast-vpn vxlan vpn-instance vpnb mode mdt

[SwitchB-mvxlan-vpnb] address-family ipv4

[SwitchB-mvxlan-vpnb-ipv4] source loopback 0

[SwitchB-mvxlan-vpnb-ipv4] quit

[SwitchB-mvxlan-vpnb] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchB] interface loopback 1

[SwitchB-LoopBack1] ip binding vpn-instance vpnb

[SwitchB-LoopBack1] ip address 12.12.12.12 32

[SwitchB-LoopBack1] pim sm

[SwitchB-LoopBack1] quit

# 进入VPN实例vpnb的PIM视图,并将接口LoopBack1配置为VPN实例vpnb的C-BSR和C-RP,并配置C-RP策略。

[SwitchB] pim vpn-instance vpnb

[SwitchB-pim-vpnb] c-bsr 12.12.12.12

[SwitchB-pim-vpnb] c-rp 12.12.12.12

[SwitchB-pim-vpnb] quit

 

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchB] interface loopback 2

[SwitchB-LoopBack2] ip address 13.13.13.13 32

[SwitchB-LoopBack2] pim sm

[SwitchB-LoopBack2] quit

# 创建一个编号为2000的IPv4基本ACL,并进入其视图。仅允许来自225.0.0.0/8网段的报文通过,而拒绝来自所有其它网段的报文通过。

[SwitchB-acl-ipv4-basic-2000] acl basic 2000

[SwitchB-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255

[SwitchB-acl-ipv4-basic-2000] quit

# 进入公网实例的PIM视图,并将接口LoopBack2配置为公网实例的C-BSR和C-RP,并配置C-RP策略。

[SwitchB] pim

[SwitchB-pim] c-bsr 13.13.13.13

[SwitchB-pim] c-rp 13.13.13.13 group-policy 2000

[SwitchB-pim] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchB] vsi vpnc

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

# 配置VXLAN 20所在的VSI实例和接口VSI-interface2关联。

[SwitchB] vsi vpnc

[SwitchB-vsi-vpnb] gateway vsi-interface 2

[SwitchB-vsi-vpnb] quit

# 在VPN实例vpnb中配置跨VPN策略,将流量引入到公网和VPN实例vpnb中。

[SwitchB] multicast routing vpn-instance vpnb

[SwitchB-mrib-vpnb] multicast extranet select-rpf group 225.0.0.0 16

(4)     配置Switch C

# 开启L2VPN能力,使能IP组播路由。

<SwitchC> system-view

[SwitchC] l2vpn enable

[SwitchC] multicast routing

[SwitchC-mrib] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC] vxlan tunnel mac-learning disable

[SwitchC] vxlan tunnel arp-learning disable

# 创建VLAN接口13并进入视图。

[SwitchC] vlan 13

[SwitchC-vlan13] quit

[SwitchC] interface vlan-interface 13

# 在接口Vlan-interface 13上使能PIM-SM。

[SwitchC-Vlan-interface13] pim sm

[SwitchC-Vlan-interface13] quit

# 配置BGP发布EVPN路由。

[SwitchC] bgp 200

[SwitchC-bgp-default] peer 4.4.4.4 as-number 200

[SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

# 配置公网实例的RD和RT。

[SwitchC] ip public-instance

[SwitchC-public-instance] route-distinguisher 1:1

[SwitchC-public-instance] address-family ipv4

[SwitchC-public-instance] vpn-target 1:1

[SwitchC-public-instance] quit

[SwitchC-public-instance] address-family evpn

[SwitchC-public-instance] vpn-target 1:1

[SwitchC-public-instance] quit

[SwitchC-public-instance] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置公网实例对应的L3VNI为1000。

[SwitchC] interface vsi-interface 3

[SwitchC-Vsi-interface3] l3-vni 1000

[SwitchC-Vsi-interface3] pim sm

[SwitchC-Vsi-interface3] quit

# 创建公网实例的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchC] multicast-vpn vxlan public-instance mode mdt

[SwitchC-mvxlan-public-instance] address-family ipv4

[SwitchC-mvxlan-public-instance-ipv4] source loopback 0

[SwitchC-mvxlan-public-instance-ipv4] quit

[SwitchC-mvxlan-public-instance] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack1] ip address 12.12.12.12 32

[SwitchC-LoopBack1] pim sm

[SwitchC-LoopBack1] quit

# 创建一个编号为2000的IPv4基本ACL,并进入其视图。仅允许来自225.0.0.0/8网段的报文通过,而拒绝来自所有其它网段的报文通过。

[SwitchC-acl-ipv4-basic-2000] acl basic 2000

[SwitchC-acl-ipv4-basic-2000] rule permit source 225.0.0.0 0.255.255.255

[SwitchC-acl-ipv4-basic-2000] qui

# 进入公网实例的PIM视图,并将接口LoopBack1配置为公网实例的C-BSR和C-RP

[SwitchC] pim

[SwitchC-pim] c-bsr 12.12.12.12

[SwitchC-pim] c-rp 12.12.12.12 group-policy 2000

[SwitchC-pim] quit

# 配置缺省路由,下一跳为广域网中某台设备的IP地址20.1.1.100。

[SwitchC] ip route-static 0.0.0.0 0 20.1.1.100

# 将缺省路由引入到公网实例的BGP IPv4单播路由表中。

[SwitchC] bgp 200

[SwitchC-bgp-default] address-family ipv4 unicast

[SwitchC-bgp-default-ipv4] default-route imported

[SwitchC-bgp-default-ipv4] import-route static

[SwitchC-bgp-default-ipv4] quit

[SwitchC-bgp-default] quit

# 创建VLAN接口20并进入视图。

[SwitchC] vlan 20

[SwitchC-vlan20] quit

# 配置连接广域网的接口Vlan-interface 20与公网实例关联。

[SwitchC] interface vlan-interface 20

[SwitchC-Vlan-interface20] ip address 20.1.1.3 24

[SwitchC-Vlan-interface20] pim sm

[SwitchC-Vlan-interface20] quit

(5)     配置Switch D

# 使能IP组播路由。

<SwitchD> system-view

[SwitchD] multicast routing

[SwitchD-mrib] quit

# 进入公网实例的PIM视图,并将接口LoopBack0配置为公网的C-BSR和C-RP

[SwitchD] pim

[SwitchD-pim] c-bsr 4.4.4.4

[SwitchD-pim] c-rp 4.4.4.4

[SwitchD-pim] quit

# 在接口Vlan-interface11上使能PIM-SM。

[SwitchD] interface vlan-interface11

[SwitchD-Vlan-interface11] pim sm

[SwitchD-Vlan-interface11] quit

# 在接口Vlan-interface12上使能PIM-SM。

[SwitchD] interface vlan-interface12

[SwitchD-Vlan-interface12] pim sm

[SwitchD-Vlan-interface12] quit

# 在接口Vlan-interface13上使能PIM-SM。

[SwitchD] interface vlan-interface13

[SwitchD-Vlan-interface13] pim sm

[SwitchD-Vlan-interface13] quit

# 配置Switch D与其他交换机建立BGP连接。

[SwitchD] bgp 200

[SwitchD-bgp-default] group evpn

[SwitchD-bgp-default] peer 1.1.1.1 group evpn

[SwitchD-bgp-default] peer 2.2.2.2 group evpn

[SwitchD-bgp-default] peer 3.3.3.3 group evpn

[SwitchD-bgp-default] peer evpn as-number 200

[SwitchD-bgp-default] peer evpn connect-interface loopback 0

# 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer evpn enable

[SwitchD-bgp-default-evpn] undo policy vpn-target

# 配置Switch D为路由反射器。

[SwitchD-bgp-default-evpn] peer evpn reflect-client

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

5. 验证配置

(1)     查看Switch A的组播路由信息。

# 查看Swich A上VPN实例vpna的组播路由信息。

<SwitchA> display pim vpn-instance vpna routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 (*, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 02:57:31

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 02:57:31, Expires: -

 

(10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN

     UpTime: 02:56:31

     Upstream interface: Vsi-interface1

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel1

             Protocol: MD, UpTime: 02:56:31, Expires: -

# 查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

 Total 0 (*, G) entries; 2 (S, G) entries

 

(1.1.1.1, 236.0.0.1)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 03:09:52

     Upstream interface: MTunnel0 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 03:09:50, Expires: 00:03:10

 

(1.1.1.1, 239.0.1.0)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 02:55:31

     Upstream interface: MTunnel1 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 02:55:28, Expires: 00:03:11

(2)     查看Switch B的组播路由信息。

# 查看Switch B的VPN实例vpnb的组播路由信息。

<SwitchB> display pim vpn-instance vpnb routing-table

Total 1 (*, G) entries; 1 (S, G) entries

(*, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: WC 

     UpTime: 02:56:35

     Upstream interface: Extranet (public instance)

         Upstream neighbor: 127.0.0.1 

         RPF prime neighbor: 127.0.0.1 

     Downstream interface information: 

     Total number of downstream interfaces: 11: Vsi-interface2

             Protocol: igmp, UpTime: 02:56:35, Expires: -

 

 (10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN 

     UpTime: 02:56:31 

     Upstream interface: Extranet (public instance)

Upstream neighbor: 127.0.0.1

         RPF prime neighbor: 127.0.0.1

     Downstream interface information: 

     Total number of downstream interfaces: 1  1: Vsi-interface2

             Protocol: igmp, UpTime: 02:56:31, Expires: -

# 查看Switch B公网的路由信息。

<SwitchB> display pim routing-table

Total 1 (*, G) entries; 3 (S, G) entries

(*, 225.0.0.0)

     RP: 13.13.13.13 (local)

     Protocol: pim-sm, Flag: WC 

     UpTime: 02:56:31

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL 

     Downstream interface information: 

     Total number of downstream interfaces: 2

       1: Vsi-interface 1

             Protocol: igmp, UpTime: 02:56:31, Expires: -

         2: Extranet (VPN: vpnb)

             Protocol: MD, UpTime: 02:56:31, Expires: -

 

 (10.1.1.10, 225.0.0.0)

     RP: 12.12.12.12 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ 2MVPN 

     UpTime: 02:56:30 

     Upstream interface: MVXLAN-UPE0 (0.0.0.0)

Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1 

         1: Vsi-interface 1

             Protocol: igmp, UpTime: 02:56:31, Expires: -

         2: Extranet (VPN: vpnb)

             Protocol: MD, UpTime: 02:56:31, Expires: -

 

(1.1.1.1, 236.0.0.1)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT

     UpTime: 03:00:46

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.4 

         RPF prime neighbor: 12.1.1.4

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 03:00:46, Expires: -

 

(1.1.1.1, 239.0.1.0)

     RP: 4.4.4.4

     Protocol: pim-sm, Flag: SPT ACT 2MVPN 

     UpTime: 02:56:31

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.4 

         RPF prime neighbor: 12.1.1.4

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 02:56:31, Expires: -

3.14.5  组播VXLAN支持M-LAG配置举例(直连模式peer-link链路)

1. 组网需求

在组播VXLAN组网中,连接组播源和组播接收者的分布式EVPN网关、Border上均配置M-LAG,以提高网络的可靠性。具体需求如下:

·     Switch A和Switch B连接组播源Source 1。采用M-LAG将Switch A和Switch B虚拟成一台设备,作为分布式EVPN网关。

·     Switch C和Switch D连接组播接收者Receiver 1。采用M-LAG将Switch C和Switch D虚拟成一台设备,作为分布式EVPN网关。

·     Switch E和Switch F连接组播接收者Receiver 2。采用M-LAG将Switch E和Switch F虚拟成一台设备,作为与广域网连接的边界网关设备Border,同时作为反射器在交换机之间反射路由。

·     所有M-LAG系统均采用直连模式peer-link链路。

·     各台设备上均使能IGMP Snooping功能,用于建立组播转发表项。

·     在各设备的公网接口上配置PIM-SM。

·     组播源Source 1、组播接收者Receiver 1、组播接收者Receiver 2均属于VXLAN 10。Receiver 1和Receiver 2可以接收Source 1发送的组播流量。

2. 组网图

图3-5 组播VXLAN支持M-LAG组网图

设备

接口

IP地址

设备

接口

IP地址

Switch A

Loop0

1.1.1.1/32

Switch B

Loop0

2.2.2.2/32

 

Loop1

1.2.3.4/32

 

Loop1

1.2.3.4/32

 

Loop2

1.2.3.4/32

 

Loop2

1.2.3.4/32

 

Vlan-int2

192.168.1.1/24

 

Vlan-int2

192.168.1.2/24

 

Vlan-int3

30.1.1.1/24

 

Vlan-int5

50.1.1.2/24

 

Vlan-int4

40.1.1.1/24

 

Vlan-int6

60.1.1.2/24

Switch C

Loop0

3.3.3.3/32

Switch D

Loop0

4.4.4.4/32

 

Loop1

1.2.3.6/32

 

Loop1

1.2.3.6/32

 

Loop2

1.2.3.6/32

 

Loop2

1.2.3.6/32

 

Vlan-int7

70.1.1.3/24

 

Vlan-int9

90.1.1.4/24

 

Vlan-int8

80.1.1.3/24

 

Vlan-int10

100.1.1.4/24

 

Vlan-int12

192.168.3.1/24

 

Vlan-int12

192.168.3.2/24

Switch E

Loop0

5.5.5.5/32

Switch F

Loop0

6.6.6.6/32

 

Loop1

1.2.3.5/32

 

Loop1

1.2.3.5/32

 

Loop2

1.2.3.5/32

 

Loop2

1.2.3.5/32

 

Vlan-int3

30.1.1.5/24

 

Vlan-int4

40.1.1.6/24

 

Vlan-int5

50.1.1.5/24

 

Vlan-int6

60.1.1.6/24

 

Vlan-int7

70.1.1.5/24

 

Vlan-int8

80.1.1.6/24

 

Vlan-int9

90.1.1.5/24

 

Vlan-int10

100.1.1.6/24

 

Vlan-int11

192.168.4.1/24

 

Vlan-int11

192.168.4.2/24

 

3. 配置步骤

 

(1)     配置IP地址和单播路由协议

# 配置各接口的IP地址和子网掩码。(具体配置过程略)

# 在IP核心网络内配置OSPF协议,发布各接口IP地址(包括Loopback接口的IP地址)对应网段的路由,确保设备之间路由可达。(具体配置过程略)

(2)     配置Switch A

# 开启L2VPN能力。

<SwitchA> system-view

[SwitchA] l2vpn enable

# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。

[SwitchA] evpn m-lag group 1.2.3.4

# 配置组成M-LAG系统的本地和远端VTEP的IPv4地址。

[SwitchA] evpn m-lag local 1.1.1.1 remote 2.2.2.2

# 使能IP组播路由。

[SwitchA] multicast routing

[SwitchA-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchA] igmp-snooping

[SwitchA-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# 在VSI实例vpna下创建EVPN实例。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpna] igmp-snooping enable

[SwitchA-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchA-vsi-vpna] vxlan 10

[SwitchA-vsi-vpna-vxlan-10] quit

[SwitchA-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchA] bgp 200

[SwitchA-bgp-default] peer 5.5.5.5 as-number 200

[SwitchA-bgp-default] peer 5.5.5.5 connect-interface loopback 0

[SwitchA-bgp-default] peer 6.6.6.6 as-number 200

[SwitchA-bgp-default] peer 6.6.6.6 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 5.5.5.5 enable

[SwitchA-bgp-default-evpn] peer 6.6.6.6 enable

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

# 配置VPN实例vpna的RD和RT。

[SwitchA] ip vpn-instance vpna

[SwitchA-vpn-instance-vpna] route-distinguisher 1:1

[SwitchA-vpn-instance-vpna] address-family ipv4

[SwitchA-vpn-ipv4-vpna] vpn-target 2:2

[SwitchA-vpn-ipv4-vpna] quit

[SwitchA-vpn-instance-vpna] address-family evpn

[SwitchA-vpn-evpn-vpna] vpn-target 1:1

[SwitchA-vpn-evpn-vpna] quit

[SwitchA-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpna

[SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchA-Vsi-interface1] pim sm

[SwitchA-Vsi-interface1] igmp enable

[SwitchA-Vsi-interface1] pim distributed-dr

[SwitchA-Vsi-interface1] mac-address 1-1-1

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] local-proxy-arp enable

[SwitchA-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchA] interface vsi-interface 3

[SwitchA-Vsi-interface3] ip binding vpn-instance vpna

[SwitchA-Vsi-interface3] l3-vni 1000

[SwitchA-Vsi-interface3] pim sm

[SwitchA-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchA] multicast routing vpn-instance vpna

[SwitchA-mrib-vpna] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchA] interface loopback 0

[SwitchA-LoopBack0] ip address 1.1.1.1 32

[SwitchA-LoopBack0] pim sm

[SwitchA-LoopBack0] ospf 1 area 0

[SwitchA-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchA] interface loopback 1

[SwitchA-LoopBack1] ip address 1.2.3.4 32

[SwitchA-LoopBack1] pim sm

[SwitchA-LoopBack1] ospf 1 area 0

[SwitchA-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBcak2接口。

[SwitchA] interface loopback 2

[SwitchA-LoopBack2] ip binding vpn-instance vpna

[SwitchA-LoopBack2] ip address 1.2.3.4 32

[SwitchA-LoopBack2] pim sm

[SwitchA-LoopBack2] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchA] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchA-mvxlan-vpna] address-family ipv4

[SwitchA-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchA-mvxlan-vpna-ipv4] source loopback 1 evpn-m-lag-group

[SwitchA-mvxlan-vpna-ipv4] data-group 239.0.0.1 24

[SwitchA-mvxlan-vpna-ipv4] quit

[SwitchA-mvxlan-vpna] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchA] pim vpn-instance vpna

[SwitchA-pim-vpna] c-bsr 1.2.3.4

[SwitchA-pim-vpna] c-rp 1.2.3.4

[SwitchA-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

# 创建DR聚合口。

[SwitchA] interface bridge-aggregation 21

[SwitchA-Bridge-Aggregation21] port link-type trunk

[SwitchA-Bridge-Aggregation21] port trunk permit vlan 1 20 to 29 [SwitchA-Bridge-Aggregation21] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation21] port m-lag group 1

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchA-Bridge-Aggregation21] service-instance 100

[SwitchA-Bridge-Aggregation21-srv100] encapsulation s-vid 21

[SwitchA-Bridge-Aggregation21-srv100] xconnect vsi vpna

[SwitchA-Bridge-Aggregation21-srv100] quit

# 将二层以太网接口加入DR聚合口。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-aggregation group 1

[SwitchA-Ten-GigabitEthernet1/0/1] quit

# 配置以太网链路聚合接口作为peer-link链路。

[SwitchA] interface bridge-aggregation 9

[SwitchA-Bridge-Aggregation9] port link-type trunk

[SwitchA-Bridge-Aggregation9] port trunk permit vlan all

[SwitchA-Bridge-Aggregation9] link-aggregation mode dynamic

[SwitchA-Bridge-Aggregation9] port m-lag peer-link 1

[SwitchA-Bridge-Aggregation9] quit

# 将二层以太网接口加入peer-link链路聚合口。

[SwitchA] interface ten-gigabitethernet 1/0/2

[SwitchA-Ten-GigabitEthernet1/0/2] port link-aggregation group 9

[SwitchA-Ten-GigabitEthernet1/0/2] quit

# 将keeplive链路配置为M-LAG保留接口。

[SwitchA] m-lag mad exclude interface ten-gigabitethernet 1/0/3

# 配置M-LAG系统。

[SwitchA] m-lag restore-delay 180

[SwitchA] m-lag system-mac 1-1-1

[SwitchA] m-lag system-number 1

[SwitchA] m-lag system-priority 10

[SwitchA] m-lag keepalive ip destination 192.168.1.2 source 192.168.1.1

(3)     配置Switch B

# 开启L2VPN能力。

<SwitchB> system-view

[SwitchB] l2vpn enable

# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.4。

[SwitchB] evpn m-lag group 1.2.3.4

#配置组成M-LAG系统的本地和远端VTEP的IPv4地址。

[SwitchB] evpn m-lag local 2.2.2.2 remote 1.1.1.1

# 使能IP组播路由。

[SwitchB] multicast routing

[SwitchB-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# 在VSI实例vpna下创建EVPN实例。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpna] igmp-snooping enable

[SwitchB-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchB-vsi-vpna] vxlan 10

[SwitchB-vsi-vpna-vxlan-10] quit

[SwitchB-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchB] bgp 200

[SwitchB-bgp-default] peer 5.5.5.5 as-number 200

[SwitchB-bgp-default] peer 5.5.5.5 connect-interface loopback 0

[SwitchB-bgp-default] peer 6.6.6.6 as-number 200

[SwitchB-bgp-default] peer 6.6.6.6 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 5.5.5.5 enable

[SwitchB-bgp-default-evpn] peer 6.6.6.6 enable

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

# 配置VPN实例vpna的RD和RT。

[SwitchB] ip vpn-instance vpna

[SwitchB-vpn-instance-vpna] route-distinguisher 1:1

[SwitchB-vpn-instance-vpna] address-family ipv4

[SwitchB-vpn-ipv4-vpna] vpn-target 2:2

[SwitchB-vpn-ipv4-vpna] quit

[SwitchB-vpn-instance-vpna] address-family evpn

[SwitchB-vpn-evpn-vpna] vpn-target 1:1

[SwitchB-vpn-evpn-vpna] quit

[SwitchB-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpna

[SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchB-Vsi-interface1] pim sm

[SwitchB-Vsi-interface1] igmp enable

[SwitchB-Vsi-interface1] pim distributed-dr

[SwitchB-Vsi-interface1] mac-address 1-1-1

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] local-proxy-arp enable

[SwitchB-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchB] interface vsi-interface 3

[SwitchB-Vsi-interface3] ip binding vpn-instance vpna

[SwitchB-Vsi-interface3] l3-vni 1000

[SwitchB-Vsi-interface3] pim sm

[SwitchB-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpna

[SwitchB-mrib-vpna] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchB] interface loopback 0

[SwitchB-LoopBack0] ip address 2.2.2.2 32

[SwitchB-LoopBack0] pim sm

[SwitchB-LoopBack0] ospf 1 area 0

[SwitchB-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchB] interface loopback 1

[SwitchB-LoopBack1] ip address 1.2.3.4 32

[SwitchB-LoopBack1] pim sm

[SwitchB-LoopBack1] ospf 1 area 0

[SwitchB-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBcak2接口。

[SwitchB] interface loopback 2

[SwitchB-LoopBack2] ip binding vpn-instance vpna

[SwitchB-LoopBack2] ip address 1.2.3.4 32

[SwitchB-LoopBack2] pim sm

[SwitchB-LoopBack2] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchB] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchB-mvxlan-vpna] address-family ipv4

[SwitchB-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchB-mvxlan-vpna-ipv4] source loopback 1 evpn-m-lag-group

[SwitchB-mvxlan-vpna-ipv4] data-group 239.0.0.1 24

[SwitchB-mvxlan-vpna-ipv4] quit

[SwitchB-mvxlan-vpna] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchB] pim vpn-instance vpna

[SwitchB-pim-vpna] c-bsr 1.2.3.4

[SwitchB-pim-vpna] c-rp 1.2.3.4

[SwitchB-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

# 创建DR聚合口。

[SwitchB] interface bridge-aggregation 21

[SwitchB-Bridge-Aggregation21] port link-type trunk

[SwitchB-Bridge-Aggregation21] port trunk permit vlan 1 20 to 29

[SwitchB-Bridge-Aggregation21] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation21] port m-lag group 1

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchB-Bridge-Aggregation21] service-instance 100

[SwitchB-Bridge-Aggregation21-srv100] encapsulation s-vid 21

[SwitchB-Bridge-Aggregation21-srv100] xconnect vsi vpna

[SwitchB-Bridge-Aggregation21-srv100] quit

# 将二层以太网接口加入DR聚合口。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-aggregation group 1

[SwitchB-Ten-GigabitEthernet1/0/1] quit

# 配置以太网聚合接口作为peer-link链路。

[SwitchB] interface bridge-aggregation 9

[SwitchB-Bridge-Aggregation9] port link-type trunk

[SwitchB-Bridge-Aggregation9] port trunk permit vlan all

[SwitchB-Bridge-Aggregation9] link-aggregation mode dynamic

[SwitchB-Bridge-Aggregation9] port m-lag peer-link 1

[SwitchB-Bridge-Aggregation9] quit

# 将二层以太网接口加入peer-link链路聚合口。

[SwitchB] interface ten-gigabitethernet 1/0/2

[SwitchB-Ten-GigabitEthernet1/0/2] port link-aggregation group 9

[SwitchB-Ten-GigabitEthernet1/0/2] quit

# 将keeplive链路配置为M-LAG保留接口。

[SwitchB] m-lag mad exclude interface ten-gigabitethernet 1/0/3

# 配置M-LAG系统。

[SwitchB] m-lag restore-delay 180

[SwitchB] m-lag system-mac 1-1-1

[SwitchB] m-lag system-number 2

[SwitchB] m-lag system-priority 10

[SwitchB] m-lag keepalive ip destination 192.168.1.1 source 192.168.1.2

(4)     配置Switch C

# 开启L2VPN能力。

<SwitchC> system-view

[SwitchC] l2vpn enable

# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.6。

[SwitchC] evpn m-lag group 1.2.3.6

#配置组成M-LAG系统的本地和远端VTEP的IPv4地址。

[SwitchC] evpn m-lag local 3.3.3.3 remote 4.4.4.4

# 使能IP组播路由。

[SwitchC] multicast routing

[SwitchC-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchC] igmp-snooping

[SwitchC-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC] vxlan tunnel mac-learning disable

[SwitchC] vxlan tunnel arp-learning disable

# 在VSI实例vpna下创建EVPN实例。

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] evpn encapsulation vxlan

[SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchC-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchC-vsi-vpna] igmp-snooping enable

[SwitchC-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchC-vsi-vpna] vxlan 10

[SwitchC-vsi-vpna-vxlan-10] quit

[SwitchC-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchC] bgp 200

[SwitchC-bgp-default] peer 6.6.6.6 as-number 200

[SwitchC-bgp-default] peer 6.6.6.6 connect-interface loopback 0

[SwitchC-bgp-default] peer 5.5.5.5 as-number 200

[SwitchC-bgp-default] peer 5.5.5.5 connect-interface loopback 0

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer 6.6.6.6 enable

[SwitchC-bgp-default-evpn] peer 5.5.5.5 enable

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

# 配置VPN实例vpna的RD和RT。

[SwitchC] ip vpn-instance vpna

[SwitchC-vpn-instance-vpna] route-distinguisher 1:1

[SwitchC-vpn-instance-vpna] address-family ipv4

[SwitchC-vpn-ipv4-vpna] vpn-target 2:2

[SwitchC-vpn-ipv4-vpna] quit

[SwitchC-vpn-instance-vpna] address-family evpn

[SwitchC-vpn-evpn-vpna] vpn-target 1:1

[SwitchC-vpn-evpn-vpna] quit

[SwitchC-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchC] interface vsi-interface 1

[SwitchC-Vsi-interface1] ip binding vpn-instance vpna

[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchC-Vsi-interface1] pim sm

[SwitchC-Vsi-interface1] igmp enable

[SwitchC-Vsi-interface1] pim distributed-dr

[SwitchC-Vsi-interface1] mac-address 1-1-1

[SwitchC-Vsi-interface1] distributed-gateway local

[SwitchC-Vsi-interface1] local-proxy-arp enable

[SwitchC-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchC] interface vsi-interface 3

[SwitchC-Vsi-interface3] ip binding vpn-instance vpna

[SwitchC-Vsi-interface3] l3-vni 1000

[SwitchC-Vsi-interface3] pim sm

[SwitchC-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchC] multicast routing vpn-instance vpna

[SwitchC-mrib-vpna] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchC] interface loopback 0

[SwitchC-LoopBack0] ip address 3.3.3.3 32

[SwitchC-LoopBack0] pim sm

[SwitchC-LoopBack0] ospf 1 area 0

[SwitchC-LoopBack1] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack1] ip address 1.2.3.6 32

[SwitchC-LoopBack1] pim sm

[SwitchC-LoopBack1] ospf 1 area 0

[SwitchC-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBcak2接口。

[SwitchB] interface loopback 2

[SwitchC-LoopBack2] ip binding vpn-instance vpna

[SwitchC-LoopBack2] ip address 1.2.3.6 255.255.255.255

[SwitchC-LoopBack2] pim sm

[SwitchC-LoopBack2] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchC] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchC-mvxlan-vpna] address-family ipv4

[SwitchC-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchC-mvxlan-vpna-ipv4] source loopback 1 evpn-m-lag-group

[SwitchC-mvxlan-vpna-ipv4] data-group 239.0.1.0 24

[SwitchC-mvxlan-vpna-ipv4] m-lag local 3.3.3.3 remote 4.4.4.4

[SwitchC-mvxlan-vpna-ipv4] quit

[SwitchC-mvxlan-vpna] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP

[SwitchC] pim vpn-instance vpna

[SwitchC-pim-vpna] c-bsr 1.2.3.6

[SwitchC-pim-vpna] c-rp 1.2.3.6

[SwitchC-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchC] vsi vpna

[SwitchC-vsi-vpna] gateway vsi-interface 1

[SwitchC-vsi-vpna] quit

# 创建DR聚合口。

[SwitchC] interface bridge-aggregation 17

[SwitchC-Bridge-Aggregation17] port link-type trunk

[SwitchC-Bridge-Aggregation17] port trunk permit vlan 2

[SwitchC-Bridge-Aggregation17] link-aggregation mode dynamic

[SwitchC-Bridge-Aggregation17] port m-lag group 17

# 配置以太网服务实例20与VSI实例vpna关联。

[SwitchC-Bridge-Aggregation17] service-instance 20

[SwitchC-Bridge-Aggregation17-srv20] encapsulation s-vid 2

[SwitchC-Bridge-Aggregation17-srv20] xconnect vsi vpna

[SwitchC-Bridge-Aggregation17-srv20] quit

# 将二层以太网接口加入DR聚合口。

[SwitchC]interface ten-gigabitethernet 1/0/1

[SwitchC-Ten-GigabitEthernet1/0/1] port link-aggregation group 17

[SwitchC-Ten-GigabitEthernet1/0/1] quit

# 配置以太网聚合接口作为peer-link链路。

[SwitchC] interface bridge-aggregation 9

[SwitchC-Bridge-Aggregation9] link-aggregation mode dynamic

[SwitchC-Bridge-Aggregation9] port m-lag peer-link 1

[SwitchC-Bridge-Aggregation9] quit

# 将二层以太网接口加入peer-link链路聚合口。

[SwitchC] interface ten-gigabitethernet 1/0/2

[SwitchC-Ten-GigabitEthernet1/0/2] port link-aggregation group 9

# 将keeplive链路配置为M-LAG保留接口。

[SwitchC] m-lag mad exclude interface ten-gigabitethernet 1/0/3

# 配置M-LAG系统。

[SwitchC] m-lag restore-delay 180

[SwitchC] m-lag system-mac 2-2-2

[SwitchC] m-lag system-number 1

[SwitchC] m-lag system-priority 10

[SwitchC] m-lag keepalive ip destination 192.168.3.2 source 192.168.3.1

# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。

[SwitchC] interface bridge-aggregation 17

[SwitchC-Bridge-Aggregation17] port link-type trunk

[SwitchC-Bridge-Aggregation17] undo port trunk permit vlan 1

[SwitchC-Bridge-Aggregation17] port trunk permit vlan 20 to 29

[SwitchC-Bridge-Aggregation17] quit

# 配置peer-link接口为Trunk端口,允许所有的VLAN通过。

[SwitchC] interface bridge-aggregation 9

[SwitchC-Bridge-Aggregation9] port link-type trunk

[SwitchC-Bridge-Aggregation9] undo port trunk permit vlan 1

[SwitchC-Bridge-Aggregation9] port trunk permit vlan all

[SwitchC-Bridge-Aggregation9] quit

(5)     配置Switch D

# 开启L2VPN能力。

<SwitchD> system-view

[SwitchD] l2vpn enable

# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.6。

[SwitchD] evpn m-lag group 1.2.3.6

#配置组成M-LAG系统的本地和远端VTEP的IPv4地址。

[SwitchD] evpn m-lag local 4.4.4.4 remote 3.3.3.3

# 使能IP组播路由。

[SwitchD] multicast routing

[SwitchD-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchD] igmp-snooping

[SwitchD-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchD] vxlan tunnel mac-learning disable

[SwitchD] vxlan tunnel arp-learning disable

# 在VSI实例vpna下创建EVPN实例。

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] evpn encapsulation vxlan

[SwitchD-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchD-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchD-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchD-vsi-vpna] igmp-snooping enable

[SwitchD-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchD-vsi-vpna] vxlan 10

[SwitchD-vsi-vpna-vxlan-10] quit

[SwitchD-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchD] bgp 200

[SwitchD-bgp-default] peer 6.6.6.6 as-number 200

[SwitchD-bgp-default] peer 6.6.6.6 connect-interface loopback 0

[SwitchD-bgp-default] peer 5.5.5.5 as-number 200

[SwitchD-bgp-default] peer 5.5.5.5 connect-interface loopback 0

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 6.6.6.6 enable

[SwitchD-bgp-default-evpn] peer 5.5.5.5 enable

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

# 配置VPN实例vpna的RD和RT。

[SwitchD] ip vpn-instance vpna

[SwitchD-vpn-instance-vpna] route-distinguisher 1:1

[SwitchD-vpn-instance-vpna] address-family ipv4

[SwitchD-vpn-ipv4-vpna] vpn-target 2:2

[SwitchD-vpn-ipv4-vpna] quit

[SwitchD-vpn-instance-vpna] address-family evpn

[SwitchD-vpn-evpn-vpna] vpn-target 1:1

[SwitchD-vpn-evpn-vpna] quit

[SwitchD-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchD] interface vsi-interface 1

[SwitchD-Vsi-interface1] ip binding vpn-instance vpna

[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchD-Vsi-interface1] pim sm

[SwitchD-Vsi-interface1] igmp enable

[SwitchD-Vsi-interface1] pim distributed-dr

[SwitchD-Vsi-interface1] mac-address 1-1-1

[SwitchD-Vsi-interface1] distributed-gateway local

[SwitchD-Vsi-interface1] local-proxy-arp enable

[SwitchD-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchD] interface vsi-interface 3

[SwitchD-Vsi-interface3] ip binding vpn-instance vpna

[SwitchD-Vsi-interface3] l3-vni 1000

[SwitchD-Vsi-interface3] pim sm

[SwitchD-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchD] multicast routing vpn-instance vpna

[SwitchD-mrib-vpna] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchD] interface loopback 0

[SwitchD-LoopBack0] ip address 4.4.4.4 32

[SwitchD-LoopBack0] pim sm

[SwitchD-LoopBack0] ospf 1 area 0

[SwitchD-LoopBack1] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchD] interface loopback 1

[SwitchD-LoopBack1] ip address 1.2.3.6 32

[SwitchD-LoopBack1] pim sm

[SwitchD-LoopBack1] ospf 1 area 0

[SwitchD-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBcak2接口。

[SwitchD] interface loopback 2

[SwitchD-LoopBack2] ip binding vpn-instance vpna

[SwitchD-LoopBack2] ip address 1.2.3.6 255.255.255.255

[SwitchD-LoopBack2] pim sm

[SwitchD-LoopBack2] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchD] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchD-mvxlan-vpna] address-family ipv4

[SwitchD-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchD-mvxlan-vpna-ipv4] source loopback 1 evpn-m-lag-group

[SwitchD-mvxlan-vpna-ipv4] data-group 239.0.1.0 24

[SwitchD-mvxlan-vpna-ipv4] m-lag local 4.4.4.4 remote 3.3.3.3

[SwitchD-mvxlan-vpna-ipv4] quit

[SwitchD-mvxlan-vpna] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP

[SwitchD] pim vpn-instance vpna

[SwitchD-pim-vpna] c-bsr 1.2.3.6

[SwitchD-pim-vpna] c-rp 1.2.3.6

[SwitchD-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchD] vsi vpna

[SwitchD-vsi-vpna] gateway vsi-interface 1

[SwitchD-vsi-vpna] quit

# 创建DR聚合口。

[SwitchD] interface bridge-aggregation 17

[SwitchD-Bridge-Aggregation17] port link-type trunk

[SwitchD-Bridge-Aggregation17] port trunk permit vlan 2

[SwitchD-Bridge-Aggregation17] link-aggregation mode dynamic

[SwitchD-Bridge-Aggregation17] port m-lag group 17

# 配置以太网服务实例20与VSI实例vpna关联。

[SwitchD-Bridge-Aggregation17] service-instance 20

[SwitchD-Bridge-Aggregation17-srv20] encapsulation s-vid 2

[SwitchD-Bridge-Aggregation17-srv20] xconnect vsi vpna

[SwitchD-Bridge-Aggregation17-srv20] quit

# 将二层以太网接口加入DR聚合口。

[SwitchD] interface ten-gigabitethernet 1/0/1

[SwitchD-Ten-GigabitEthernet1/0/1] port link-aggregation group 17

[SwitchD-Ten-GigabitEthernet1/0/1] quit

# 配置以太网聚合接口作为peer-link链路。

 [SwitchD] interface bridge-aggregation 9

[SwitchD-Bridge-Aggregation9] link-aggregation mode dynamic

[SwitchD-Bridge-Aggregation9] port m-lag peer-link 1

[SwitchD-Bridge-Aggregation9] quit

# 将二层以太网接口加入peer-link链路聚合口。

[SwitchD] interface ten-gigabitethernet 1/0/2

[SwitchD-Ten-GigabitEthernet1/0/2] port link-aggregation group 9

# 将keeplive链路配置为M-LAG保留接口。

[SwitchD] m-lag mad exclude interface ten-gigabitethernet 1/0/3

# 配置M-LAG系统。

[SwitchD] m-lag restore-delay 180

[SwitchD] m-lag system-mac 2-2-2

[SwitchD] m-lag system-number 2

[SwitchD] m-lag system-priority 10

[SwitchD] m-lag keepalive ip destination 192.168.3.1 source 192.168.3.2

# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。

[SwitchD] interface bridge-aggregation 17

[SwitchD-Bridge-Aggregation17] port link-type trunk

[SwitchD-Bridge-Aggregation17] undo port trunk permit vlan 1

[SwitchD-Bridge-Aggregation17] port trunk permit vlan 20 to 29

[SwitchD-Bridge-Aggregation17] quit

# 配置peer-link接口为Trunk端口,允许所有的VLAN通过。

[SwitchD] interface bridge-aggregation 9

[SwitchD-Bridge-Aggregation9] port link-type trunk

[SwitchD-Bridge-Aggregation9] undo port trunk permit vlan 1

[SwitchD-Bridge-Aggregation9] port trunk permit vlan all

[SwitchD-Bridge-Aggregation9] quit

(6)     配置Switch E

# 开启L2VPN能力。

<SwitchE> system-view

[SwitchE] l2vpn enable

# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.5。

[SwitchE] evpn m-lag group 1.2.3.5

# 配置组成M-LAG系统的本地和远端VTEP的IPv4地址。

[SwitchE] evpn m-lag local 5.5.5.5 remote 6.6.6.6

# 使能IP组播路由。

[SwitchE] multicast routing

[SwitchE-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchE] igmp-snooping

[SwitchE-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchE] vxlan tunnel mac-learning disable

[SwitchE] vxlan tunnel arp-learning disable

# 在VSI实例vpna下创建EVPN实例。

[SwitchE] vsi vpna

[SwitchE-vsi-vpna] evpn encapsulation vxlan

[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchE-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchE-vsi-vpna] igmp-snooping enable

[SwitchE-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchE-vsi-vpna] vxlan 10

[SwitchE-vsi-vpna-vxlan-10] quit

[SwitchE-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchE] bgp 200

[SwitchE-bgp-default] non-stop-routing

[SwitchE-bgp-default] group evpn internal

[SwitchE-bgp-default] peer evpn connect-interface loopback 0

[SwitchE-bgp-default] peer 1.1.1.1 group evpn

[SwitchE-bgp-default] peer 2.2.2.2 group evpn

[SwitchE-bgp-default] peer 3.3.3.3 group evpn

[SwitchE-bgp-default] peer 4.4.4.4 group evpn

[SwitchE-bgp-default] peer 6.6.6.6 group evpn

[SwitchE-bgp-default] address-family l2vpn evpn

[SwitchE-bgp-default-evpn] undo policy vpn-target

[SwitchE-bgp-default-evpn] peer evpn enable

[SwitchE-bgp-default-evpn] peer evpn next-hop-local

[SwitchE-bgp-default-evpn] peer evpn reflect-client

[SwitchE-bgp-default-evpn] quit

[SwitchE-bgp-default] quit

# 配置VPN实例vpna的RD和RT。

[SwitchE] ip vpn-instance vpna

[SwitchE-vpn-instance-vpna] route-distinguisher 1:1

[SwitchE-vpn-instance-vpna] address-family ipv4

[SwitchE-vpn-ipv4-vpna] vpn-target 2:2

[SwitchE-vpn-ipv4-vpna] quit

[SwitchE-vpn-instance-vpna] address-family evpn

[SwitchE-vpn-evpn-vpna] vpn-target 1:1

[SwitchE-vpn-evpn-vpna] quit

[SwitchE-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchE] interface vsi-interface 1

[SwitchE-Vsi-interface1] ip binding vpn-instance vpna

[SwitchE-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchE-Vsi-interface1] pim sm

[SwitchE-Vsi-interface1] igmp enable

[SwitchE-Vsi-interface1] pim distributed-dr

[SwitchE-Vsi-interface1] mac-address 1-1-1

[SwitchE-Vsi-interface1] distributed-gateway local

[SwitchE-Vsi-interface1] local-proxy-arp enable

[SwitchE-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。

[SwitchE] interface vsi-interface 3

[SwitchE-Vsi-interface3] ip binding vpn-instance vpna

[SwitchE-Vsi-interface3] l3-vni 1000

[SwitchE-Vsi-interface3] pim sm

[SwitchE-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchE] multicast routing vpn-instance vpna

[SwitchE-mrib-vpna] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchE] interface loopback 0

[SwitchE-LoopBack0] ip address 5.5.5.5 32

[SwitchE-LoopBack0] ospf 1 area 0

[SwitchE-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchE] interface loopback 1

[SwitchE-LoopBack1] ip address 1.2.3.5 32

[SwitchE-LoopBack1] ospf 1 area 0

[SwitchE-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBcak2接口。

[SwitchE] interface loopback 2

[SwitchE-LoopBack2] ip binding vpn-instance vpna

[SwitchE-LoopBack2] ip address 1.2.3.5 255.255.255.255

[SwitchE-LoopBack2] pim sm

[SwitchE-LoopBack2] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchE] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchE-mvxlan-vpna] address-family ipv4

[SwitchE-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchE-mvxlan-vpna-ipv4] source loopback 1 evpn-m-lag-group

[SwitchE-mvxlan-vpna-ipv4] data-group 239.0.0.1 24

[SwitchE-mvxlan-vpna-ipv4] quit

[SwitchE-mvxlan-vpna] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchE] pim vpn-instance vpna

[SwitchE-pim-vpna] c-bsr 1.2.3.5

[SwitchE-pim-vpna] c-rp 1.2.3.5

[SwitchE-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchE] vsi vpna

[SwitchE-vsi-vpna] gateway vsi-interface 1

[SwitchE-vsi-vpna] quit

# 创建DR聚合口。

[SwitchE] interface bridge-aggregation 17

[SwitchE-Bridge-Aggregation17] port link-type trunk

[SwitchE-Bridge-Aggregation17] port trunk permit vlan 2

[SwitchE-Bridge-Aggregation17] link-aggregation mode dynamic

[SwitchE-Bridge-Aggregation17] port m-lag group 17

# 配置以太网服务实例20与VSI实例vpna关联。

[SwitchE-Bridge-Aggregation17] service-instance 20

[SwitchE-Bridge-Aggregation17-srv20] encapsulation s-vid 2

[SwitchE-Bridge-Aggregation17-srv20] xconnect vsi vpna

[SwitchE-Bridge-Aggregation17-srv20] quit

# 将二层以太网接口加入DR聚合口。

[SwitchE]interface ten-gigabitethernet 1/0/1

[SwitchE-Ten-GigabitEthernet1/0/1] port link-aggregation group 17

[SwitchE-Ten-GigabitEthernet1/0/1] quit

# 配置以太网聚合接口作为peer-link链路。

[SwitchE] interface bridge-aggregation 9

[SwitchE-Bridge-Aggregation9] port link-type trunk

[SwitchE-Bridge-Aggregation9] port trunk permit vlan all

[SwitchE-Bridge-Aggregation9] link-aggregation mode dynamic

[SwitchE-Bridge-Aggregation9] port m-lag peer-link 1

[SwitchE-Bridge-Aggregation9] quit

# 将二层以太网接口加入peer-link链路聚合口。

[SwitchE] interface ten-gigabitethernet 1/0/2

[SwitchE-Ten-GigabitEthernet1/0/2] port link-aggregation group 9

[SwitchE-Ten-GigabitEthernet1/0/2] quit

# 将keeplive链路配置为M-LAG保留接口。

[SwitchE] m-lag mad exclude interface ten-gigabitethernet 1/0/3

# 配置M-LAG系统。

[SwitchE] m-lag restore-delay 180

[SwitchE] m-lag system-mac 2-2-2

[SwitchE] m-lag system-number 1

[SwitchE] m-lag system-priority 10

[SwitchE] m-lag keepalive ip destination 192.168.4.2 source 192.168.4.1

# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。

[SwitchE] interface bridge-aggregation 17

[SwitchE-Bridge-Aggregation17] port link-type trunk

[SwitchE-Bridge-Aggregation17] undo port trunk permit vlan 1

[SwitchE-Bridge-Aggregation17] port trunk permit vlan 20 to 29

[SwitchE-Bridge-Aggregation17] quit

# 配置peer-link接口为Trunk端口,允许所有的VLAN通过。

[SwitchE] interface bridge-aggregation 9

[SwitchE-Bridge-Aggregation9] port link-type trunk

[SwitchE-Bridge-Aggregation9] undo port trunk permit vlan 1

[SwitchE-Bridge-Aggregation9] port trunk permit vlan all

[SwitchE-Bridge-Aggregation9] quit

(7)     配置Switch F

# 开启L2VPN能力。

<SwitchF> system-view

[SwitchF] l2vpn enable

# 开启EVPN支持M-LAG功能,并配置虚拟VTEP地址为1.2.3.5。

[SwitchF] evpn m-lag group 1.2.3.5

#配置组成M-LAG系统的本地和远端VTEP的IPv4地址。

[SwitchF] evpn m-lag local 6.6.6.6 remote 5.5.5.5

# 使能IP组播路由。

[SwitchF] multicast routing

[SwitchF-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchF] igmp-snooping

[SwitchF-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchF] vxlan tunnel mac-learning disable

[SwitchF] vxlan tunnel arp-learning disable

# 在VSI实例vpna下创建EVPN实例。

[SwitchF] vsi vpna

[SwitchF-vsi-vpna] evpn encapsulation vxlan

[SwitchF-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchF-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchF-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchF-vsi-vpna] igmp-snooping enable

[SwitchF-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 10。

[SwitchF-vsi-vpna] vxlan 10

[SwitchF-vsi-vpna-vxlan-10] quit

[SwitchF-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchF] bgp 200

[SwitchF-bgp-default] non-stop-routing

[SwitchF-bgp-default] group evpn internal

[SwitchF-bgp-default] peer evpn connect-interface LoopBack0

[SwitchF-bgp-default] peer 1.1.1.1 group evpn

[SwitchF-bgp-default] peer 2.2.2.2 group evpn

[SwitchF-bgp-default] peer 3.3.3.3 group evpn

[SwitchF-bgp-default] peer 4.4.4.4 group evpn

[SwitchF-bgp-default] peer 5.5.5.5 group evpn

[SwitchF-bgp-default] address-family l2vpn evpn

[SwitchF-bgp-default-evpn] undo policy vpn-target

[SwitchF-bgp-default-evpn] peer evpn enable

[SwitchF-bgp-default-evpn] peer evpn next-hop-local

[SwitchF-bgp-default-evpn] peer evpn reflect-client

[SwitchF-bgp-default-evpn] quit

[SwitchF-bgp-default] quit

# 配置VPN实例vpna的RD和RT。

[SwitchF] ip vpn-instance vpna

[SwitchF-vpn-instance-vpna] route-distinguisher 1:1

[SwitchF-vpn-instance-vpna] address-family ipv4

[SwitchF-vpn-ipv4-vpna] vpn-target 2:2

[SwitchF-vpn-ipv4-vpna] quit

[SwitchF-vpn-instance-vpna] address-family evpn

[SwitchF-vpn-evpn-vpna] vpn-target 1:1

[SwitchF-vpn-evpn-vpna] quit

[SwitchF-vpn-instance-vpna] quit

# 配置VSI虚接口VSI-interface1。

[SwitchF] interface vsi-interface 1

[SwitchF-Vsi-interface1] ip binding vpn-instance vpna

[SwitchF-Vsi-interface1] ip address 10.1.1.1 255.255.255.0

[SwitchF-Vsi-interface1] pim sm

[SwitchF-Vsi-interface1] igmp enable

[SwitchF-Vsi-interface1] pim distributed-dr

[SwitchF-Vsi-interface1] mac-address 1-1-1

[SwitchF-Vsi-interface1] distributed-gateway local

[SwitchF-Vsi-interface1] local-proxy-arp enable

[SwitchF-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000

[SwitchF] interface vsi-interface 3

[SwitchF-Vsi-interface3] ip binding vpn-instance vpna

[SwitchF-Vsi-interface3] l3-vni 1000

[SwitchF-Vsi-interface3] pim sm

[SwitchF-Vsi-interface3] quit

# 使能VPN实例vpna的IP组播路由功能。

[SwitchF] multicast routing vpn-instance vpna

[SwitchF-mrib-vpna] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchF] interface loopback 0

[SwitchF-LoopBack0] ip address 6.6.6.6 32

[SwitchF-LoopBack0] ospf 1 area 0

[SwitchF-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchF] interface loopback 1

[SwitchF-LoopBack1] ip address 1.2.3.5 32

[SwitchF-LoopBack1] ospf 1 area 0

[SwitchF-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBcak2接口。

[SwitchF] interface loopback 2

[SwitchF-LoopBack2] ip binding vpn-instance vpna

[SwitchF-LoopBack2] ip address 1.2.3.5 255.255.255.255

[SwitchF-LoopBack2] pim sm

[SwitchF-LoopBack2] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围。

[SwitchF] multicast-vpn vxlan vpn-instance vpna mode mdt

[SwitchF-mvxlan-vpna] address-family ipv4

[SwitchF-mvxlan-vpna-ipv4] default-group 236.0.0.1

[SwitchF-mvxlan-vpna-ipv4] source loopback 1 evpn-m-lag-group

[SwitchF-mvxlan-vpna-ipv4] data-group 239.0.0.1 24

[SwitchF-mvxlan-vpna-ipv4] quit

[SwitchF-mvxlan-vpna] quit

# 进入VPN实例的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchF] pim vpn-instance vpna

[SwitchF-pim-vpna] c-bsr 1.2.3.5

[SwitchF-pim-vpna] c-rp 1.2.3.5

[SwitchF-pim-vpna] quit

# 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。

[SwitchF] vsi vpna

[SwitchF-vsi-vpna] gateway vsi-interface 1

[SwitchF-vsi-vpna] quit

# 创建DR聚合口。

[SwitchF] interface bridge-aggregation 17

[SwitchF-Bridge-Aggregation17] port link-type trunk

[SwitchF-Bridge-Aggregation17] port trunk permit vlan 2

[SwitchF-Bridge-Aggregation17] link-aggregation mode dynamic

[SwitchF-Bridge-Aggregation17] port m-lag group 17

# 配置以太网服务实例20与VSI实例vpna关联。

[SwitchF-Bridge-Aggregation17] service-instance 20

[SwitchF-Bridge-Aggregation17-srv20] encapsulation s-vid 2

[SwitchF-Bridge-Aggregation17-srv20] xconnect vsi vpna

[SwitchF-Bridge-Aggregation17-srv20] quit

# 将二层以太网接口加入DR聚合口。

[SwitchF] interface ten-gigabitethernet 1/0/1

[SwitchF-Ten-GigabitEthernet1/0/1] port link-aggregation group 17

[SwitchF-Ten-GigabitEthernet1/0/1] quit

# 配置以太网聚合接口作为peer-link链路。

[SwitchF] interface bridge-aggregation 9

[SwitchF-Bridge-Aggregation9] port link-type trunk

[SwitchF-Bridge-Aggregation9] port trunk permit vlan all

[SwitchF-Bridge-Aggregation9] link-aggregation mode dynamic

[SwitchF-Bridge-Aggregation9] port m-lag peer-link 1

[SwitchF-Bridge-Aggregation9] quit

# 将二层以太网接口加入peer-link链路聚合口。

[SwitchF] interface ten-gigabitethernet 1/0/2

[SwitchF-Ten-GigabitEthernet1/0/2] port link-aggregation group 9

[SwitchF-Ten-GigabitEthernet1/0/2] quit

# 将keeplive链路配置为M-LAG保留接口。

[SwitchF] m-lag mad exclude interface ten-gigabitethernet 1/0/3

# 配置M-LAG系统。

[SwitchF] m-lag restore-delay 180

[SwitchF] m-lag system-mac 2-2-2

[SwitchF] m-lag system-number 2

[SwitchF] m-lag system-priority 10

[SwitchF] m-lag keepalive ip destination 192.168.4.1 source 192.168.4.2

# 配置端口Bridge-Aggregation17为Trunk端口,允许VLAN 20~29通过。

[SwitchF] interface bridge-aggregation 17

[SwitchF-Bridge-Aggregation17] port link-type trunk

[SwitchF-Bridge-Aggregation17] undo port trunk permit vlan 1

[SwitchF-Bridge-Aggregation17] port trunk permit vlan 20 to 29

[SwitchF-Bridge-Aggregation17] quit

# 配置peer-link接口为Trunk端口,允许所有的VLAN通过。

[SwitchF] interface bridge-aggregation 9

[SwitchF-Bridge-Aggregation9] port link-type trunk

[SwitchF-Bridge-Aggregation9] undo port trunk permit vlan 1

[SwitchF-Bridge-Aggregation9] port trunk permit vlan all

[SwitchF-Bridge-Aggregation9] quit

4. 验证配置

(1)     查看Switch A的VXLAN隧道和VSI信息

# 查看Switch A上的Tunnel接口信息,可以看到VXLAN模式的Tunnel接口处于up状态,并已采用虚拟VTEP地址建立VXLAN隧道。

[SwitchA] display interface tunnel

Tunnel0

Current state: UP

Line protocol state: UP

Description: Tunnel0 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 6.6.6.6

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

 

Tunnel1

Current state: UP

Line protocol state: UP

Description: Tunnel1 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.1.1.1, destination 2.2.2.2

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 1159 packets, 176556 bytes, 0 drops

Output: 1176 packets, 178121 bytes, 0 drops

 

Tunnel2

Current state: UP

Line protocol state: UP

Description: Tunnel2 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 3.3.3.3

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 0 packets, 0 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

 

Tunnel3

Current state: UP

Line protocol state: UP

Description: Tunnel3 Interface

Bandwidth: 64 kbps

Maximum transmission unit: 1464

Internet protocol processing: Disabled

Output queue - Urgent queuing: Size/Length/Discards 0/100/0

Output queue - Protocol queuing: Size/Length/Discards 0/500/0

Output queue - FIFO queuing: Size/Length/Discards 0/75/0

Last clearing of counters: Never

Tunnel source 1.2.3.4, destination 1.2.3.6

Tunnel protocol/transport UDP_VXLAN/IP

Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec

Input: 8 packets, 480 bytes, 0 drops

Output: 0 packets, 0 bytes, 0 drops

# 查看Switch A上的VSI信息,可以看到Switch A自动创建了VXLAN隧道,并将其与VSI关联。

[SwitchA] display l2vpn vsi verbose

VSI Name: vpna

  VSI Index               : 0

  VSI State               : Up

  MTU                     : 1500

  Bandwidth               : Unlimited

  Broadcast Restrain      : Unlimited

  Multicast Restrain      : Unlimited

  Unknown Unicast Restrain: Unlimited

  MAC Learning            : Enabled

  MAC Table Limit         : Unlimited

  MAC Learning rate       : Unlimited

  Drop Unknown            : Disabled

  Flooding                : Enabled

  Statistics              : Disabled

  Gateway Interface       : VSI-interface 1

  VXLAN ID                : 10

  Tunnels:

    Tunnel Name          Link ID    State    Type        Flood proxy

    Tunnel0               0x5000000  UP       Auto        Disabled

    Tunnel1               0x5000001  UP       Auto        Disabled

    Tunnel2               0x5000002  UP       Auto        Disabled

    Tunnel3               0x5000003  UP       Auto        Disabled

  ACs:

    AC                                 Link ID    State       Type

    BAGG17 srv20                     0           Up           Manual

(2)     查看Switch A的组播路由信息

# peer-link链路未故障时,查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

 Total 0 (*, G) entries; 2 (S, G) entries

 

 (1.2.3.4, 236.0.0.1)

     RP: 5.5.5.5

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 03:59:50

     Upstream interface: MTunnel0 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Register-Tunnel0

             Protocol: pim-sm, UpTime: 03:38:17, Expires: -

 

 (1.2.3.6, 236.0.0.1)

     RP: 5.5.5.5

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:18:49

     Upstream interface: Vlan-interface11

         Upstream neighbor: 11.1.1.11

         RPF prime neighbor: 11.1.1.11

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE1

             Protocol: MD, UpTime: 01:18:49, Expires: -

# 两个M-LAG系统的peer-link链路均故障时,查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

Total 0 (*, G) entries; 4 (S, G) entries

 

(1.1.1.1, 236.0.0.1)

     RP: 5.5.5.5

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 00:02:12

     Upstream interface: MTunnel0 (VPN: vpna)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 00:02:11, Expires: 00:03:19

 

 (2.2.2.2, 236.0.0.1)

     RP: 5.5.5.5

     Protocol: pim-sm, Flag: SPT

     UpTime: 00:01:04

     Upstream interface: Vlan-interface11

         Upstream neighbor: 11.1.1.11

         RPF prime neighbor: 11.1.1.11

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 00:01:04, Expires: -

 

 (3.3.3.3, 236.0.0.1)

     RP: 5.5.5.5

     Protocol: pim-sm, Flag: SPT

     UpTime: 00:01:36

     Upstream interface: Vlan-interface11

         Upstream neighbor: 11.1.1.11

         RPF prime neighbor: 11.1.1.11

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 00:01:36, Expires: -

 

 (6.6.6.6, 236.0.0.1)

     RP: 5.5.5.5

     Protocol: pim-sm, Flag: SPT

     UpTime: 00:00:32

     Upstream interface: Vlan-interface11

         Upstream neighbor: 11.1.1.11

         RPF prime neighbor: 11.1.1.11

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 00:00:32, Expires: -

(3)     查看Switch E的组播路由信息。

# peer-link链路未故障时,查看Switch E的公网组播路由信息。

<SwitchE> display pim routing-table

Total 0 (*, G) entries; 2 (S, G) entries

 

 (1.2.3.4, 236.0.0.1)

     RP: 5.5.5.5 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN

     UpTime: 04:11:32

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.2

         RPF prime neighbor: 12.1.1.2

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface13

             Protocol: pim-sm, UpTime: 01:33:53, Expires: 00:02:40

         2: Vlan-interface14

             Protocol: pim-sm, UpTime: 01:31:35, Expires: 00:02:40

 

 (1.2.3.6, 236.0.0.1)

     RP: 5.5.5.5 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN

     UpTime: 01:34:02

     Upstream interface: Vlan-interface14

         Upstream neighbor: 14.1.1.4

         RPF prime neighbor: 14.1.1.4

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 01:30:50, Expires: 00:02:40

         2: Vlan-interface12

             Protocol: pim-sm, UpTime: 01:30:50, Expires: 00:02:41-

# 两个M-LAG系统的peer-link链路均故障时,查看Switch E的公网组播路由信息。

<SwitchE> display pim routing-table

Total 0 (*, G) entries; 2 (S, G) entries

 

(1.1.1.1, 236.0.0.1)

     RP: 5.5.5.5 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN

     UpTime: 00:04:00

     Upstream interface: Vlan-interface11

         Upstream neighbor: 11.1.1.1

         RPF prime neighbor: 11.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 3

         1: Vlan-interface12

             Protocol: pim-sm, UpTime: 00:02:51, Expires: 00:02:39

         2: Vlan-interface13

             Protocol: pim-sm, UpTime: 00:03:59, Expires: 00:03:06

         3: Vlan-interface14

             Protocol: pim-sm, UpTime: 00:03:59, Expires: 00:03:10

 

(2.2.2.2, 236.0.0.1)

     RP: 5.5.5.5 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN

     UpTime: 00:02:52

     Upstream interface: Vlan-interface12

         Upstream neighbor: 12.1.1.2

         RPF prime neighbor: 12.1.1.2

     Downstream interface information:

     Total number of downstream interfaces: 3

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:02:38

         2: Vlan-interface13

             Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:02:39

         3: Vlan-interface14

             Protocol: pim-sm, UpTime: 00:02:52, Expires: 00:03:10

 

 (3.3.3.3, 236.0.0.1)

     RP: 5.5.5.5 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN

     UpTime: 00:03:25

     Upstream interface: Vlan-interface13

         Upstream neighbor: 13.1.1.3

         RPF prime neighbor: 13.1.1.3

     Downstream interface information:

     Total number of downstream interfaces: 3

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 00:03:24, Expires: 00:03:06

         2: Vlan-interface12

             Protocol: pim-sm, UpTime: 00:03:24, Expires: 00:02:38

         3: Vlan-interface14

             Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10

 

 (6.6.6.6, 236.0.0.1)

     RP: 5.5.5.5 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP ACT 2MVPN

     UpTime: 00:02:20

     Upstream interface: Vlan-interface14

         Upstream neighbor: 14.1.1.4

         RPF prime neighbor: 14.1.1.4

     Downstream interface information:

     Total number of downstream interfaces: 3

         1: Vlan-interface11

             Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10

         2: Vlan-interface12

             Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:10

         3: Vlan-interface13

             Protocol: pim-sm, UpTime: 00:02:20, Expires: 00:03:11

3.14.6  双DC跨数据中心三层组播互通配置举例(不同DC相同L3VNI)

1. 组网需求

Switch A、Switch B为DC 1的Leaf层设备,用于用户的接入。Switch C为DC 1的边缘设备,用于DC间的互联。Switch E为DC 2的Leaf层设备,用于用户的接入;Switch D为DC 2的边缘设备,用于DC间的互联。DC 1和DC 2内均使用L3VNI 1000。

Switch A~Switch E连接DC内设备的公网接口上均配置PIM-SM,Switch E上使能IGMP Snooping功能,用于建立组播转发表项。连接DC外设备的公网接口不需要使能PIM-SM。

Switch A连接组播源,Switch B和Switch E连接组播接收者,组播接收者可接收组播组225.0.0.1的组播流量。

2. 组网图

图3-6 双DC跨数据中心三层组播互通配置组网图(不同DC相同L3VNI)

3. 配置步骤

(1)     配置IP地址、单播路由协议和PIM SM协议

# 在Source上指定网关地址为192.168.10.1;在Receiver 1上指定网关地址为192.168.20.1;在Receiver 2上指定网关地址为192.168.40.1。(具体配置过程略)

# 配置各接口的IP地址和子网掩码;在DC内配置OSPF协议,确保DC内的路由器之间路由可达。(具体配置过程略)

# 在DC内设备间相连的VLAN接口上使能PIM SM。ED间相连的VLAN接口上不能使能PIM SM。如果ED间的接口上已使能了PIM SM功能,则需要执行pim bsr-boundary命令将ED配置为BSR的服务边界。(具体配置过程略)

(2)     配置Switch A

# 开启L2VPN能力,使能IP组播路由功能,创建VLAN11。

<SwitchA> system-view

[SwitchA] l2vpn enable

[SwitchA] multicast routing

[SwitchA-mrib] quit

[SwitchA] vlan 11

[SwitchA-vlan11] quit

# 开启设备的IGMP Snooping功能。

[SwitchA] igmp-snooping

[SwitchA-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchA] interface loopback 0

[SwitchA-LoopBack0] ip address 1.1.1.1 32

[SwitchA-LoopBack0] pim sm

[SwitchA-LoopBack0] ospf 1 area 0.0.0.0

[SwitchA-LoopBack0] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpna] igmp-snooping enable

[SwitchA-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 11。

[SwitchA-vsi-vpna] vxlan 11

[SwitchA-vsi-vpna-vxlan-11] quit

[SwitchA-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchA] bgp 100

[SwitchA-bgp-default] peer 77.77.77.77 as-number 100

[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 11的数据帧。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 11

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置L3VNI的RD和RT。

[SwitchA] ip vpn-instance vpn1

[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1

[SwitchA-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity

[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity

[SwitchA-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0

[SwitchA-Vsi-interface1] pim sm

[SwitchA-Vsi-interface1] igmp enable

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchA-Vsi-interface2] l3-vni 1000

[SwitchA-Vsi-interface2] pim sm

[SwitchA-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchA] multicast routing vpn-instance vpn1

[SwitchA-mrib-vpn1] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。

[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchA-mvxlan-vpn1] address-family ipv4

[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchA-mvxlan-vpn1-ipv4] source loopback 0

[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active

[SwitchA-mvxlan-vpn1-ipv4] quit

[SwitchA-mvxlan-vpn1] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchA] interface loopback 1

[SwitchA-LoopBack1] ip binding vpn-instance vpn1

[SwitchA-LoopBack1] ip address 1.1.1.1 32

[SwitchA-LoopBack1] pim sm

[SwitchA-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchA] pim vpn-instance vpn1

[SwitchA-pim-vpn1] c-bsr 1.1.1.1

[SwitchA-pim-vpn1] c-rp 1.1.1.1

[SwitchA-pim-vpn1] quit

# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

(3)     配置Switch B

# 开启L2VPN能力,使能IP组播路由功能,创建VLAN12。

<SwitchB> system-view

[SwitchB] l2vpn enable

[SwitchB] multicast routing

[SwitchB-mrib] quit

[SwitchB] vlan 12

[SwitchB-vlan12] quit

# 开启设备的IGMP Snooping功能。

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchB] interface loopback 0

[SwitchB-LoopBack0] ip address 2.2.2.2 32

[SwitchB-LoopBack0] pim sm

[SwitchB-LoopBack0] ospf 1 area 0.0.0.0

[SwitchB-LoopBack0] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpna] igmp-snooping enable

[SwitchB-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 12。

[SwitchB-vsi-vpna] vxlan 12

[SwitchB-vsi-vpna-vxlan-12] quit

[SwitchB-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchB] bgp 100

[SwitchB-bgp-default] peer 77.77.77.77 as-number 100

[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 12的数据帧。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 12

[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 12

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchB] ip vpn-instance vpn1

[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2

[SwitchB-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity

[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity

[SwitchB-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0

[SwitchB-Vsi-interface1] pim sm

[SwitchB-Vsi-interface1] igmp enable

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchB-Vsi-interface2] l3-vni 1000

[SwitchB-Vsi-interface2] pim sm

[SwitchB-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpn1

[SwitchB-mrib-vpn1] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源功能。

[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchB-mvxlan-vpn1] address-family ipv4

[SwitchB-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchB-mvxlan-vpn1-ipv4] source loopback 0

[SwitchB-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchB-mvxlan-vpn1-ipv4] s-pmsi advertise source-active

[SwitchB-mvxlan-vpn1-ipv4] quit

[SwitchB-mvxlan-vpn1] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchB] interface loopback 1

[SwitchB-LoopBack1] ip binding vpn-instance vpn1

[SwitchB-LoopBack1] ip address 2.2.2.2 32

[SwitchB-LoopBack1] pim sm

[SwitchB-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP

[SwitchB] pim vpn-instance vpn1

[SwitchB-pim-vpn1] c-bsr 2.2.2.2

[SwitchB-pim-vpn1] c-rp 2.2.2.2

[SwitchB-pim-vpn1] quit

# 配置VXLAN 12所在的VSI实例和接口VSI-interface1关联。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

(4)     配置Switch C

# 开启L2VPN能力,使能IP组播路由功能,启动RIP进程。

<SwitchC> system-view

[SwitchC] l2vpn enable

[SwitchC] multicast routing

[SwitchC-mrib] quit

[SwitchC] rip 1

[SwitchC-rip-1] quit

# 开启IGMP Snooping功能。

[SwitchC] igmp-snooping

[SwitchC-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC]vxlan tunnel mac-learning disable

[SwitchC]vxlan tunnel arp-learning disable

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchC] interface loopback 0

[SwitchC-LoopBack0] ip address 77.77.77.77 32

[SwitchC-LoopBack0] pim sm

[SwitchC-LoopBack0] rip 1 enable

[SwitchC-LoopBack0] ospf 1 area 0.0.0.0

[SwitchC-LoopBack0] quit

# 在与外部ED连接的物理口上配置RIP路由协议,并开启DCI功能。

[SwitchC] interface vlan-interface 70

[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0

[SwitchC-Vlan-interface70] rip 1 enable

[SwitchC-Vlan-interface70] dci enable

# 配置BGP发布EVPN路由,Switch C作为反射器。

[SwitchC] bgp 100

[SwitchC-bgp-default] group group1 internal

[SwitchC-bgp-default] peer group1 connect-interface loopback 0

[SwitchC-bgp-default] peer 1.1.1.1 group group1

[SwitchC-bgp-default] peer 2.2.2.2 group group1

[SwitchC-bgp-default] peer 88.88.88.88 as-number 200

[SwitchC-bgp-default] peer 88.88.88.88 connect-interface LoopBack0

[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer group1 enable

[SwitchC-bgp-default-evpn] peer group1 next-hop-local

[SwitchC-bgp-default-evpn] peer group1 reflect-client

[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable

[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

# 配置VPN实例的RD和RT。

[SwitchC] ip vpn-instance vpn1

[SwitchC-vpn-instance-vpn1] route-distinguisher 1:3

[SwitchC-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity

[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity

[SwitchC-vpn-instance-vpn1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。

[SwitchC] interface vsi-interface 2

[SwitchC-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchC-Vsi-interface2] l3-vni 1000

[SwitchC-Vsi-interface2] pim sm

[SwitchC-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchC] multicast routing vpn-instance vpn1

[SwitchC-mrib-vpn1] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。

[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchC-mvxlan-vpn1] address-family ipv4

[SwitchC-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchC-mvxlan-vpn1-ipv4] source loopback 0

[SwitchC-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchC-mvxlan-vpn1-ipv4] dci enable

[SwitchC-mvxlan-vpn1-ipv4] quit

[SwitchC-mvxlan-vpn1] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack1] ip binding vpn-instance vpn1

[SwitchC-LoopBack1] ip address 77.77.77.77 32

[SwitchC-LoopBack1] pim sm

[SwitchC-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchC] pim vpn-instance vpn1

[SwitchC-pim-vpn1] c-bsr 77.77.77.77

[SwitchC-pim-vpn1] c-rp 77.77.77.77

[SwitchC-pim-vpn1] quit

(5)     配置Switch D

# 开启L2VPN能力,使能IP组播路由功能,开启RIP进程。

<SwitchD> system-view

[SwitchD] l2vpn enable

[SwitchD] multicast routing

[SwitchD-mrib] quit

[SwitchD] rip 1

[SwitchD-rip-1] quit

# 开启IGMP Snooping功能。

[SwitchD] igmp-snooping

[SwitchD-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchD]vxlan tunnel mac-learning disable

[SwitchD]vxlan tunnel arp-learning disable

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchD] interface loopback 0

[SwitchD-LoopBack0] ip address 88.88.88.88 32

[SwitchD-LoopBack0] pim sm

[SwitchD-LoopBack0] rip 1 enable

[SwitchD-LoopBack0] ospf 1 area 0.0.0.0

[SwitchD-LoopBack0] quit

# 在与外部ED连接的物理口上配置RIP路由协议,并开启DCI功能。

[SwitchD] interface vlan-interface 70

[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0

[SwitchD-Vlan-interface70] rip 1 enable

[SwitchD-Vlan-interface70] dci enable

# 配置BGP发布EVPN路由。

[SwitchD] bgp 200

[SwitchD-bgp-default] peer 4.4.4.4 as-number 200

[SwitchD-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchD-bgp-default] peer 77.77.77.77 as-number 100

[SwitchD-bgp-default] peer 77.77.77.77 connect-interface loopback 0

[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local

[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

# 配置VPN实例的RD和RT。

[SwitchD] ip vpn-instance vpn1

[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1

[SwitchD-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity

[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity

[SwitchD-vpn-instance-vpn1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。

[SwitchD] interface vsi-interface 2

[SwitchD-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchD-Vsi-interface2] l3-vni 1000

[SwitchD-Vsi-interface2] pim sm

[SwitchD-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchD] multicast routing vpn-instance vpn1

[SwitchD-mrib-vpn1] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,并开启组播DCI功能。

[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchD-mvxlan-vpn1] address-family ipv4

[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchD-mvxlan-vpn1-ipv4] source loopback 0

[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchD-mvxlan-vpn1-ipv4] dci enable

[SwitchD-mvxlan-vpn1-ipv4] quit

[SwitchD-mvxlan-vpn1] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchD] interface loopback 1

[SwitchD-LoopBack1] ip binding vpn-instance vpn1

[SwitchD-LoopBack1] ip address 88.88.88.88 32

[SwitchD-LoopBack1] pim sm

[SwitchD-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchD] pim vpn-instance vpn1

[SwitchD-pim-vpn1] c-bsr 88.88.88.88

[SwitchD-pim-vpn1] c-rp 88.88.88.88

[SwitchD-pim-vpn1] quit

(6)     配置Switch E

# 开启L2VPN能力,使能IP组播路由功能,创建VLAN 21。

<SwitchE> system-view

[SwitchE] l2vpn enable

[SwitchE] multicast routing

[SwitchE-mrib] quit

[SwitchE] vlan 21

[SwitchE-vlan21] quit

# 开启IGMP Snooping功能。

[SwitchE] igmp-snooping

[SwitchE-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchE] vxlan tunnel mac-learning disable

[SwitchE] vxlan tunnel arp-learning disable

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchE] interface loopback 0

[SwitchE-LoopBack0] ip address 4.4.4.4 32

[SwitchE-LoopBack0] pim sm

[SwitchE-LoopBack0] ospf 1 area 0.0.0.0

[SwitchE-LoopBack0] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchE] vsi vpna

[SwitchE-vsi-vpna] evpn encapsulation vxlan

[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchE-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchE-vsi-vpna] igmp-snooping enable

[SwitchE-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 21。

[SwitchE-vsi-vpna] vxlan 21

[SwitchE-vsi-vpna-vxlan-21] quit

[SwitchE-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchE] bgp 200

[SwitchE-bgp-default] peer 88.88.88.88 as-number 200

[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0

[SwitchE-bgp-default] address-family l2vpn evpn

[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable

[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local

[SwitchE-bgp-default-evpn] quit

[SwitchE-bgp-default] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 21的数据帧。

[SwitchE] interface ten-gigabitethernet 1/0/1

[SwitchE-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchE-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 21

[SwitchE-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 21

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchE] ip vpn-instance vpn1

[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3

[SwitchE-vpn-instance-vpn1] vpn-target 10:10 20:20 30:30 import-extcommunity

[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity

[SwitchE-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchE] interface vsi-interface 1

[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0

[SwitchE-Vsi-interface1] pim sm

[SwitchE-Vsi-interface1] igmp enable

[SwitchE-Vsi-interface1] distributed-gateway local

[SwitchE-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1000。

[SwitchE] interface vsi-interface 2

[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchE-Vsi-interface2] l3-vni 1000

[SwitchE-Vsi-interface2] pim sm

[SwitchE-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchE] multicast routing vpn-instance vpn1

[SwitchE-mrib-vpn1] quit

# 创建VPN实例vpna的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由发布组播源信息。

[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchE-mvxlan-vpn1] address-family ipv4

[SwitchE-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchE-mvxlan-vpn1-ipv4] source loopback 0

[SwitchE-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchE-mvxlan-vpn1-ipv4] s-pmsi advertise source-active

[SwitchE-mvxlan-vpn1-ipv4] quit

[SwitchE-mvxlan-vpn1] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchE] interface loopback 1

[SwitchE-LoopBack1] ip binding vpn-instance vpn1

[SwitchE-LoopBack1] ip address 4.4.4.4 32

[SwitchE-LoopBack1] pim sm

[SwitchE-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP

[SwitchE] pim vpn-instance vpn1

[SwitchE-pim-vpn1] c-bsr 4.4.4.4

[SwitchE-pim-vpn1] c-rp 4.4.4.4

[SwitchE-pim-vpn1] quit

# 配置VXLAN 21所在的VSI实例和接口VSI-interface1关联。

[SwitchE] vsi vpna

[SwitchE-vsi-vpna] gateway vsi-interface 1

[SwitchE-vsi-vpna] quit

4. 验证配置

Source发送组播流量(192.168.10.2, 225.0.0.1)。Receiver 1和Receiver 2加入组225.0.0.1,可以接收到组播流量。各设备上的组播路由信息如下所示。

(1)     查看Leaf层设备上的组播路由信息。(以Switch A为例,Switch B和Switch E的显示信息与此类似)

# 查看Switch A上VPN实例vpn1的组播路由信息。

<SwitchA> display pim vpn-instance vpn1 routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 

 (*, 225.0.0.1)

     RP: 1.1.1.1 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 01:19:10

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 01:19:10, Expires: -

 

 (192.168.10.2, 225.0.0.1)

     RP: 1.1.1.1 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN

     UpTime: 03:27:40

     Upstream interface: Vsi-interface1

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel1

             Protocol: MD, UpTime: 01:19:06, Expires: -

# 查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

 Total 0 (*, G) entries; 4 (S, G) entries

 

 (1.1.1.1, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 03:43:30

     Upstream interface: MTunnel0 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:19:18, Expires: 00:03:15

 

 (2.2.2.2, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:18:42

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.2

         RPF prime neighbor: 11.1.1.2

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:18:42, Expires: -

 

 (77.77.77.77, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:19:16

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.2

         RPF prime neighbor: 11.1.1.2

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:19:16, Expires: -

 

 (1.1.1.1, 239.1.1.0)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 01:19:16

     Upstream interface: MTunnel1 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:19:01, Expires: 00:02:30

(2)     查看ED上的组播路由信息。(以Switch C为例,Switch D的显示信息与此类似)

# 查看Switch C的VPN实例vpn1的组播路由信息。

<SwitchC> display pim vpn-instance vpn1 routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 

 (*, 225.0.0.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 01:18:39

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vsi-interface2

             Protocol: MD, UpTime: 01:18:39, Expires: -

         2: MTunnel0

             Protocol: MD, UpTime: 01:18:05, Expires: -

 

 (192.168.10.2, 225.0.0.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN

     UpTime: 01:18:39

     Upstream interface: MVXLAN-UPE0 (0.0.0.0)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vsi-interface2

             Protocol: MD, UpTime: 01:18:39, Expires: -

# 查看Switch C公网的组播路由信息。

<SwitchC> display pim routing-table

 Total 0 (*, G) entries; 4 (S, G) entries

 

 (1.1.1.1, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:18:46

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.1

         RPF prime neighbor: 11.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:18:44, Expires: -

 

 (2.2.2.2, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:18:11

     Upstream interface: Vlan-interface20

         Upstream neighbor: 12.1.1.1

         RPF prime neighbor: 12.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:15

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:18:11, Expires: -

 

 (77.77.77.77, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 01:19:30

     Upstream interface: MTunnel0 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:18:44, Expires: 00:02:42

         2: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17

 

 (1.1.1.1, 239.1.1.0)

     RP: NULL

     Protocol: pim-sm, Flag: SPT ACT 2MVPN

     UpTime: 01:18:46

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.1

         RPF prime neighbor: 11.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:18:11, Expires: 00:03:17

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:18:30, Expires: -

# 查看Switch C上IGMP Snooping通过EVPN学习到的组播组信息。

<SwitchC> display igmp-snooping evpn-group

Total 2 entries.

 

VSI Auto_L3VNI1000_2: Total 2 entries.

  (0.0.0.0, 225.0.0.1)

    Host ports (1 in total):

      Tun0 (VXLAN ID 1000)

  (192.168.10.2, 225.0.0.1)

    Host ports (1 in total):

      Tun0 (VXLAN ID 1000)

3.14.7  三DC之间使用相同专属VPN进行映射配置举例

1. 组网需求

Switch A、Switch B为DC 1的Leaf层设备,用于用户的接入。Switch C为DC 1的边缘设备,用于DC间的互联。Switch E为DC 2的Leaf层设备,用于用户的接入;Switch D为DC 2的边缘设备,用于DC间的互联。Switch G为DC 3的Leaf层设备,用于用户的接入;Switch F为DC 3的边缘设备,用于DC间的互联。

Switch A、Switch B、Switch E和Switch G的公网接口上均配置PIM-SM,Switch B、Switch E和Switch G上使能IGMP Snooping功能,用于建立组播转发表项。

Switch A连接组播源,Switch B、Switch E和Switch G连接组播接收者。组播源和组播接收者都属于vpn1,且组播接收者均可接收组播组225.0.1.1的组播流量。

DC 1内,vpn1对应的L3VNI为1001;DC 2内vpn1对应的L3VNI为1002;DC 3内vpn1对应的L3VNI为1003。在Switch C、Switch D和Switch F上使用相同的专属VPN(vpn2),对应的L3VNI为1000,使组播源发送的组播流量经专属VPN vpn2转发至其他DC,进而到达其他DC的组播接收者。

2. 组网图

图3-7 三DC之间使用相同专属VPN进行映射配置组网图

3. 配置步骤

(1)     配置IP地址、单播路由协议和PIM SM协议

# 在组播源上指定网关地址为192.168.10.1;在Receiver 1上指定网关地址为192.168.20.1;在Receiver 2上指定网关地址为192.168.40.1;在Receiver 3上指定网关地址为192.168.60.1。(具体配置过程略)

# 配置各接口的IP地址和子网掩码;在DC内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)

# 在DC内设备间相连的VLAN接口上使能PIM SM。ED间相连的VLAN接口上不能使能PIM SM。如果ED间的接口上已使能了PIM SM功能,则需要执行pim bsr-boundary命令将ED配置为BSR的服务边界。(具体配置过程略)

(2)     配置Switch A

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchA> system-view

[SwitchA] l2vpn enable

[SwitchA] multicast routing

[SwitchA-mrib] quit

# 开启IGMP Snooping功能。

[SwitchA] igmp-snooping

[SwitchA-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# 创建VLAN 11,并进入VLAN视图。

[SwitchA] vlan 11

[SwitchA-vlan11] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpna] igmp-snooping enable

[SwitchA-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 11。

[SwitchA-vsi-vpna] vxlan 11

[SwitchA-vsi-vpna-vxlan-11] quit

[SwitchA-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchA] bgp 100

[SwitchA-bgp-default] peer 77.77.77.77 as-number 100

[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 11的数据帧。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 11

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchA] ip vpn-instance vpn1

[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1

[SwitchA-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity

[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity

[SwitchA-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0

[SwitchA-Vsi-interface1] pim sm

[SwitchA-Vsi-interface1] igmp enable

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1001。

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1

[SwitchA-Vsi-interface3] l3-vni 1001

[SwitchA-Vsi-interface3] pim sm

[SwitchA-Vsi-interface3] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchA] multicast routing vpn-instance vpn1

[SwitchA-mrib-vpn1] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由通告激活组播源信息。

[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchA-mvxlan-vpn1] address-family ipv4

[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchA-mvxlan-vpn1-ipv4] source loopback 0

[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active

[SwitchA-mvxlan-vpn1-ipv4] quit

[SwitchA-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchA] interface loopback 0

[SwitchA-LoopBack0] ip address 1.1.1.1 32

[SwitchA-LoopBack0] pim sm

[SwitchA-LoopBack0] ospf 1 area 0.0.0.0

[SwitchA-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchA] interface loopback 1

[SwitchA-LoopBack1] ip binding vpn-instance vpn1

[SwitchA-LoopBack1] ip address 1.1.1.1 32

[SwitchA-LoopBack1] pim sm

[SwitchA-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchA] pim vpn-instance vpn1

[SwitchA-pim-vpn1] c-bsr 1.1.1.1

[SwitchA-pim-vpn1] c-rp 1.1.1.1

[SwitchA-pim-vpn1] quit

# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

(3)     配置Switch B

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchB> system-view

[SwitchB] l2vpn enable

[SwitchB] multicast routing

[SwitchB-mrib] quit

# 开启设备的IGMP Snooping功能。

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# 创建VLAN 12,并进入VLAN视图。

[SwitchB] vlan 12

[SwitchB-vlan12] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpna] igmp-snooping enable

[SwitchB-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 12。

[SwitchB-vsi-vpna] vxlan 12

[SwitchB-vsi-vpna-vxlan-12] quit

[SwitchB-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchB] bgp 100

[SwitchB-bgp-default] peer 77.77.77.77 as-number 100

[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 12的数据帧。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 12

[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 12

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchB] ip vpn-instance vpn1

[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2

[SwitchB-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity

[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity

[SwitchB-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0

[SwitchB-Vsi-interface1] igmp enable

[SwitchB-Vsi-interface1] pim sm

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1001。

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchB-Vsi-interface2] l3-vni 1001

[SwitchB-Vsi-interface2] pim sm

[SwitchB-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpn1

[SwitchB-mrib-vpn1] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchB-mvxlan-vpn1] address-family ipv4

[SwitchB-mvxlan-vpn1-ipv4] source loopback 0

[SwitchB-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchB-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchB-mvxlan-vpn1-ipv4] quit

[SwitchB-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchB] interface loopback 0

[SwitchB-LoopBack0] ip address 2.2.2.2 32

[SwitchB-LoopBack0] pim sm

[SwitchB-LoopBack0] ospf 1 area 0.0.0.0

[SwitchB-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchB] interface loopback 1

[SwitchB-LoopBack1] ip binding vpn-instance vpn1

[SwitchB-LoopBack1] ip address 2.2.2.2 32

[SwitchB-LoopBack1] pim sm

[SwitchB-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP

[SwitchB] pim vpn-instance vpn1

[SwitchB-pim-vpn1] c-bsr 2.2.2.2

[SwitchB-pim-vpn1] c-rp 2.2.2.2

[SwitchB-pim-vpn1] quit

# 配置VXLAN 12所在的VSI实例和接口VSI-interface1关联。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

(4)     配置Switch C

# 开启L2VPN能力,使能IP组播路由。

<SwitchC> system-view

[SwitchC] l2vpn enable

[SwitchC] multicast routing

[SwitchC-mrib] quit

# 开启IGMP Snooping功能。

[SwitchC] igmp-snooping

[SwitchC-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC] vxlan tunnel mac-learning disable

[SwitchC] vxlan tunnel arp-learning disable

# 配置路由策略,使Switch C收到来自于Switch D的SMET路由和S-PMSI路由后,不将该路由转发给Switch F;并且,Switch C收到来自于Switch F的SMET路由和S-PMSI路由后,不将该路由转发给Switch D。

[SwitchC] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32

[SwitchC] ip prefix-list 8 index 10 permit 99.99.99.99 32

[SwitchC] ip prefix-list 9 index 10 permit 88.88.88.88 32

[SwitchC] route-policy 8 deny node 0

[SwitchC-route-policy-8-0] if-match ip route-source prefix-list 8

[SwitchC-route-policy-8-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi

[SwitchC-route-policy-8-0] quit

[SwitchC] route-policy 8 permit node 1

[SwitchC-route-policy-8-1] if-match ip route-source prefix-list 1

[SwitchC-route-policy-8-1] quit

[SwitchC] route-policy 9 deny node 0

[SwitchC-route-policy-9-0] if-match ip route-source prefix-list 9

[SwitchC-route-policy-9-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi

[SwitchC-route-policy-9-0] quit

[SwitchC] route-policy 9 permit node 1

[SwitchC-route-policy-9-1] if-match ip route-source prefix-list 1

[SwitchC-route-policy-9-1] quit

# 配置BGP发布EVPN路由,Switch C作为反射器。

[SwitchC] bgp 100

[SwitchC-bgp-default] group group1 internal

[SwitchC-bgp-default] peer group1 connect-interface loopback 0

[SwitchC-bgp-default] peer 1.1.1.1 group group1

[SwitchC-bgp-default] peer 2.2.2.2 group group1

[SwitchC-bgp-default] peer 88.88.88.88 as-number 200

[SwitchC-bgp-default] peer 88.88.88.88 connect-interface loopback 0

[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64

[SwitchC-bgp-default] peer 99.99.99.99 as-number 300

[SwitchC-bgp-default] peer 99.99.99.99 connect-interface loopback 0

[SwitchC-bgp-default] peer 99.99.99.99 ebgp-max-hop 64

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer group1 enable

[SwitchC-bgp-default-evpn] peer group1 next-hop-local

[SwitchC-bgp-default-evpn] peer group1 reflect-client

[SwitchC-bgp-default-evpn] peer group1 re-originated replace-rt

[SwitchC-bgp-default-evpn] peer group1 re-originated mac-ip replace-rt

[SwitchC-bgp-default-evpn] peer group1 re-originated imet replace-rt

[SwitchC-bgp-default-evpn] peer group1 advertise original-route

[SwitchC-bgp-default-evpn] peer group1 re-originated smet replace-rt

[SwitchC-bgp-default-evpn] peer group1 re-originated s-pmsi replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable

[SwitchC-bgp-default-evpn] peer 88.88.88.88 route-policy 8 export

[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 enable

[SwitchC-bgp-default-evpn] peer 99.99.99.99 route-policy 9 export

[SwitchC-bgp-default-evpn] peer 99.99.99.99 router-mac-local

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

# 配置用户VPN的RD和RT。

[SwitchC] ip vpn-instance vpn1

[SwitchC-vpn-instance-vpn1] route-distinguisher 1:3

[SwitchC-vpn-instance-vpn1] vpn-target 10:10 200:200 300:300 import-extcommunity

[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity [SwitchC-vpn-instance-vpn1] quit

# 配置专属VPN的RD和RT。

[SwitchC] ip vpn-instance vpn2

[SwitchC-vpn-instance-vpn2] route-distinguisher 1:13

[SwitchC-vpn-instance-vpn2] vpn-target 10:10 200:200 300:300 import-extcommunity

[SwitchC-vpn-instance-vpn2] vpn-target 100:100 export-extcommunity [SwitchC-vpn-instance-vpn2] quit

# 创建VSI虚接口VSI-interface1,在该接口上配置VPN实例vpn1对应的L3VNI为1001。

[SwitchC] interface vsi-interface 1

[SwitchC-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchC-Vsi-interface1] l3-vni 1001

[SwitchC-Vsi-interface1] pim sm

[SwitchC-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn2对应的L3VNI为1000。

[SwitchC] interface vsi-interface 2

[SwitchC-Vsi-interface2] ip binding vpn-instance vpn2

[SwitchC-Vsi-interface2] l3-vni 1000

[SwitchC-Vsi-interface2] pim sm

[SwitchC-Vsi-interface2] quit

# 使能VPN实例vpn1中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpn1

[SwitchC-mrib-vpn1] quit

# 使能VPN实例vpn2中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpn2

[SwitchC-mrib-vpn2] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口,并开启组播DCI功能。

[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchC-mvxlan-vpn1] address-family ipv4

[SwitchC-mvxlan-vpn1-ipv4] source loopback 0

[SwitchC-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchC-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchC-mvxlan-vpn1-ipv4] dci enable

[SwitchC-mvxlan-vpn1-ipv4] quit

[SwitchC-mvxlan-vpn1] quit

# 配置ED间的互连接口Vlan-interface70。

[SwitchC] interface vlan-interface 70

[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0

[SwitchC-Vlan-interface70] ospf 1 area 0.0.0.0

[SwitchC-Vlan-interface70] dci enable

[SwitchC-Vlan-interface70] quit

# 配置ED间的互连接口Vlan-interface90。

[SwitchC] interface vlan-interface 90

[SwitchC-Vlan-interface90] ip address 79.1.1.1 255.255.255.0

[SwitchC-Vlan-interface90] ospf 1 area 0.0.0.0

[SwitchC-Vlan-interface90] dci enable

[SwitchC-Vlan-interface90] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchC] interface loopback 0

[SwitchC-LoopBack0] ip address 77.77.77.77 32

[SwitchC-LoopBack0] pim sm

[SwitchC-LoopBack0] ospf 1 area 0.0.0.0

[SwitchC-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack1] ip binding vpn-instance vpn1

[SwitchC-LoopBack1] ip address 77.77.77.77 32

[SwitchC-LoopBack1] pim sm

[SwitchC-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchC] interface loopback 2

[SwitchC-LoopBack2] ip binding vpn-instance vpn2

[SwitchC-LoopBack2] ip address 77.77.77.77 32

[SwitchC-LoopBack2] pim sm

[SwitchC-LoopBack2] quit

# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchC] pim vpn-instance vpn1

[SwitchC-pim-vpn1] c-bsr 77.77.77.77

[SwitchC-pim-vpn1] c-rp 77.77.77.77

[SwitchC-pim-vpn1] quit

 进入VPN实例vpn2的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchC] pim vpn-instance vpn2

[SwitchC-pim-vpn2] c-bsr 77.77.77.77

[SwitchC-pim-vpn2] c-rp 77.77.77.77

[SwitchC-pim-vpn2] quit

(5)     配置Switch D

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchD> system-view

[SwitchD] l2vpn enable

[SwitchD] multicast routing

[SwitchD-mrib] quit

# 开启IGMP Snooping功能。

[SwitchD] igmp-snooping

[SwitchD-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchD] vxlan tunnel mac-learning disable

[SwitchD] vxlan tunnel arp-learning disable

# 配置路由策略,使Switch D收到来自于Switch C的SMET路由和S-PMSI路由后,不将该路由转发给Switch F;并且,Switch D收到来自于Switch F的SMET路由和S-PMSI路由后,不将该路由转发给Switch C。

[SwitchD] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32

[SwitchD] ip prefix-list 7 index 10 permit 99.99.99.99 32

[SwitchD] ip prefix-list 9 index 10 permit 77.77.77.77 32

[SwitchD] route-policy 7 deny node 0

[SwitchD-route-policy-7-0] if-match ip route-source prefix-list 7

[SwitchD-route-policy-7-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi

[SwitchD-route-policy-7-0] quit

[SwitchD] route-policy 7 permit node 1

[SwitchD-route-policy-7-1] if-match ip route-source prefix-list 1

[SwitchD-route-policy-7-1] quit

[SwitchD] route-policy 9 deny node 0

[SwitchD-route-policy-9-0] if-match ip route-source prefix-list 9

[SwitchD-route-policy-9-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi

[SwitchD-route-policy-9-0] quit

[SwitchD] route-policy 9 permit node 1

[SwitchD-route-policy-9-1] if-match ip route-source prefix-list 1

[SwitchD-route-policy-9-1] quit

# 配置BGP发布EVPN路由。

[SwitchD] bgp 200

[SwitchD-bgp-default] peer 4.4.4.4 as-number 200

[SwitchD-bgp-default] peer 4.4.4.4 connect-interface LoopBack0

[SwitchD-bgp-default] peer 77.77.77.77 as-number 100

[SwitchD-bgp-default] peer 77.77.77.77 connect-interface LoopBack0

[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64

[SwitchD-bgp-default] peer 99.99.99.99 as-number 300

[SwitchD-bgp-default] peer 99.99.99.99 connect-interface LoopBack0

[SwitchD-bgp-default] peer 99.99.99.99 ebgp-max-hop 64

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated replace-rt

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated mac-ip replace-rt

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated imet replace-rt

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated smet replace-rt

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated s-pmsi replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchD-bgp-default-evpn] peer 77.77.77.77 route-policy 7 export

[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 enable

[SwitchD-bgp-default-evpn] peer 99.99.99.99 route-policy 9 export

[SwitchD-bgp-default-evpn] peer 99.99.99.99 router-mac-local

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

# 配置用户VPN的RD和RT。

[SwitchD] ip vpn-instance vpn1

[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1

[SwitchD-vpn-instance-vpn1] vpn-target 20:20 100:100 300:300 import-extcommunity

[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity [SwitchD-vpn-instance-vpn1] quit

# 配置专属VPN的RD和RT。

[SwitchD] ip vpn-instance vpn2

[SwitchD-vpn-instance-vpn2] route-distinguisher 2:11

[SwitchD-vpn-instance-vpn2] vpn-target 20:20 100:100 300:300 import-extcommunity

[SwitchD-vpn-instance-vpn2] vpn-target 200:200 export-extcommunity [SwitchD-vpn-instance-vpn2] quit

# 创建VSI虚接口VSI-interface1,在该接口上配置VPN实例vpn1对应的L3VNI为1002。

[SwitchD] interface vsi-interface 1

[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchD-Vsi-interface1] l3-vni 1002

[SwitchD-Vsi-interface1] pim sm

[SwitchD-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn2对应的L3VNI为1000。

[SwitchD] interface vsi-interface 2

[SwitchD-Vsi-interface2] ip binding vpn-instance vpn2

[SwitchD-Vsi-interface2] l3-vni 1000

[SwitchD-Vsi-interface2] pim sm

[SwitchD-Vsi-interface2] quit

# 使能VPN实例vpn1中的IP组播路由。

[SwitchD] multicast routing vpn-instance vpn1

[SwitchD-mrib-vpn1] quit

# 使能VPN实例vpn2中的IP组播路由。

[SwitchD] multicast routing vpn-instance vpn2

[SwitchD-mrib-vpn2] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口,并开启组播DCI功能。

[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchD-mvxlan-vpn1] address-family ipv4

[SwitchD-mvxlan-vpn1-ipv4] source loopback 0

[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchD-mvxlan-vpn1-ipv4] dci enable

[SwitchD-mvxlan-vpn1-ipv4] quit

[SwitchD-mvxlan-vpn1] quit

# 配置ED间的互连接口Vlan-interface70。

[SwitchD] interface vlan-interface 70

[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0

[SwitchD-Vlan-interface70] ospf 1 area 0.0.0.0

[SwitchD-Vlan-interface70] dci enable

[SwitchD-Vlan-interface70] quit

# 配置ED间的互连接口Vlan-interface80。

[SwitchD] interface vlan-interface 80

[SwitchD-Vlan-interface80] ip address 89.1.1.1 255.255.255.0

[SwitchD-Vlan-interface80] ospf 1 area 0.0.0.0

[SwitchD-Vlan-interface80] dci enable

[SwitchD-Vlan-interface80] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchD] interface loopback 0

[SwitchD-LoopBack0] ip address 88.88.88.88 32

[SwitchD-LoopBack0] ospf 1 area 0.0.0.0

[SwitchD-LoopBack0] pim sm

[SwitchD-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchD] interface loopback 1

[SwitchD-LoopBack1] ip binding vpn-instance vpn1

[SwitchD-LoopBack1] ip address 88.88.88.88 32

[SwitchD-LoopBack1] pim sm

[SwitchD-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchD] interface loopback 2

[SwitchD-LoopBack2] ip binding vpn-instance vpn2

[SwitchD-LoopBack2] ip address 88.88.88.88 32

[SwitchD-LoopBack2] pim sm

[SwitchD-LoopBack2] quit

# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchD] pim vpn-instance vpn1

[SwitchD-pim-vpn1] c-bsr 88.88.88.88

[SwitchD-pim-vpn1] c-rp 88.88.88.88

[SwitchD-pim-vpn1] quit

# 进入VPN实例vpn2的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchD] pim vpn-instance vpn2

[SwitchD-pim-vpn2] c-bsr 88.88.88.88

[SwitchD-pim-vpn2] c-rp 88.88.88.88

[SwitchD-pim-vpn2] quit

(6)     配置Switch E

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchE> system-view

[SwitchE] l2vpn enable

[SwitchE] multicast routing

[SwitchE-mrib] quit

# 开启IGMP Snooping功能。

[SwitchE] igmp-snooping

[SwitchE-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchE] vxlan tunnel mac-learning disable

[SwitchE] vxlan tunnel arp-learning disable

# 创建VLAN 21,并进入VLAN视图。

[SwitchE] vlan 21

[SwitchE-vlan12] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchE] vsi vpna

[SwitchE-vsi-vpna] evpn encapsulation vxlan

[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchE-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchE-vsi-vpna] igmp-snooping enable

[SwitchE-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 21。

[SwitchE-vsi-vpna] vxlan 21

[SwitchE-vsi-vpna-vxlan-21] quit

[SwitchE-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchE] bgp 200

[SwitchE-bgp-default] peer 88.88.88.88 as-number 200

[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0

[SwitchE-bgp-default] address-family l2vpn evpn

[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable

[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local

[SwitchE-bgp-default-evpn] quit

[SwitchE-bgp-default] quit

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 21的数据帧。

[SwitchE] interface ten-gigabitethernet 1/0/1

[SwitchE-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchE-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 21

[SwitchE-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 21

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN的RD和RT。

[SwitchE] ip vpn-instance vpn1

[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3

[SwitchE-vpn-instance-vpn1] vpn-target 20:20 import-extcommunity

[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity

[SwitchE-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchE] interface vsi-interface 1

[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0

[SwitchE-Vsi-interface1] igmp enable

[SwitchE-Vsi-interface1] pim sm

[SwitchE-Vsi-interface1] distributed-gateway local

[SwitchE-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1002。

[SwitchE] interface vsi-interface 2

[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchE-Vsi-interface2] l3-vni 1002

[SwitchE-Vsi-interface2] pim sm

[SwitchE-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchE] multicast routing vpn-instance vpn1

[SwitchE-mrib-vpn1] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchE-mvxlan-vpn1] address-family ipv4

[SwitchE-mvxlan-vpn1-ipv4] source loopback 0

[SwitchE-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchE-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchE-mvxlan-vpn1-ipv4] quit

[SwitchE-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchE] interface loopback 0

[SwitchE-LoopBack0] ip address 4.4.4.4 32

[SwitchE-LoopBack0] ospf 1 area 0.0.0.0

[SwitchE-LoopBack0] pim sm

[SwitchE-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchE] interface loopback 1

[SwitchE-LoopBack1] ip binding vpn-instance vpn1

[SwitchE-LoopBack1] ip address 4.4.4.4 32

[SwitchE-LoopBack1] pim sm

[SwitchE-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchE] pim vpn-instance vpn1

[SwitchE-pim-vpn1] c-bsr 4.4.4.4

[SwitchE-pim-vpn1] c-rp 4.4.4.4

[SwitchE-pim-vpn1] quit

# 配置VXLAN 21所在的VSI实例和接口VSI-interface1关联。

[SwitchE] vsi vpna

[SwitchE-vsi-vpna] gateway vsi-interface 1

[SwitchE-vsi-vpna] quit

(7)     配置Switch F

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchF> system-view

[SwitchF] l2vpn enable

[SwitchF] multicast routing

[SwitchF-mrib] quit

# 开启IGMP Snooping功能。

[SwitchF] igmp-snooping

[SwitchF-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchF] vxlan tunnel mac-learning disable

[SwitchF] vxlan tunnel arp-learning disable

# 配置路由策略,使Switch F收到来自于Switch C的SMET路由和S-PMSI路由后,不将该路由转发给Switch D;并且,Switch F收到来自于Switch D的SMET路由和S-PMSI路由后,不将该路由转发给Switch C。

[SwitchF] ip prefix-list 1 index 10 permit 0.0.0.0 0 less-equal 32

[SwitchF] ip prefix-list 7 index 10 permit 88.88.88.88 32

[SwitchF] ip prefix-list 8 index 10 permit 77.77.77.77 32

[SwitchF] route-policy 7 deny node 0

[SwitchF-route-policy-7-0] if-match ip route-source prefix-list 7

[SwitchF-route-policy-7-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi

[SwitchF-route-policy-7-0] quit

[SwitchF] route-policy 7 permit node 1

[SwitchF-route-policy-7-1] if-match ip route-source prefix-list 1

[SwitchF-route-policy-7-1] quit

[SwitchF] route-policy 8 deny node 0

[SwitchF-route-policy-8-0] if-match ip route-source prefix-list 8

[SwitchF-route-policy-8-0] if-match route-type bgp-evpn-smet bgp-evpn-s-pmsi

[SwitchF-route-policy-8-0] quit

[SwitchF] route-policy 8 permit node 1

[SwitchF-route-policy-8-1] if-match ip route-source prefix-list 1

[SwitchF-route-policy-8-1] quit

# 配置BGP发布EVPN路由。

[SwitchF] bgp 300

[SwitchF-bgp-default] peer 6.6.6.6 as-number 300

[SwitchF-bgp-default] peer 6.6.6.6 connect-interface LoopBack0

[SwitchF-bgp-default] peer 77.77.77.77 as-number 100

[SwitchF-bgp-default] peer 77.77.77.77 connect-interface LoopBack0

[SwitchF-bgp-default] peer 77.77.77.77 ebgp-max-hop 64

[SwitchF-bgp-default] peer 88.88.88.88 as-number 200

[SwitchF-bgp-default] peer 88.88.88.88 connect-interface LoopBack0

[SwitchF-bgp-default] peer 88.88.88.88 ebgp-max-hop 64

[SwitchF-bgp-default] address-family l2vpn evpn

[SwitchF-bgp-default-evpn] peer 6.6.6.6 enable

[SwitchF-bgp-default-evpn] peer 6.6.6.6 next-hop-local

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated replace-rt

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated mac-ip replace-rt

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated imet replace-rt

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated smet replace-rt

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated s-pmsi replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchF-bgp-default-evpn] peer 77.77.77.77 route-policy 7 export

[SwitchF-bgp-default-evpn] peer 77.77.77.77 router-mac-local

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 enable

[SwitchF-bgp-default-evpn] peer 88.88.88.88 route-policy 8 export

[SwitchF-bgp-default-evpn] peer 88.88.88.88 router-mac-local

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt

[SwitchF-bgp-default-evpn] quit

[SwitchF-bgp-default] quit

# 配置用户VPN的RD和RT。

[SwitchF] ip vpn-instance vpn1

[SwitchF-vpn-instance-vpn1] route-distinguisher 3:1

[SwitchF-vpn-instance-vpn1] vpn-target 30:30 100:100 200:200 import-extcommunity

[SwitchF-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity [SwitchF-vpn-instance-vpn1] quit

# 配置专属VPN的RD和RT。

[SwitchF] ip vpn-instance vpn2

[SwitchF-vpn-instance-vpn2] route-distinguisher 3:11

[SwitchF-vpn-instance-vpn2] vpn-target 30:30 100:100 200:200 import-extcommunity

[SwitchF-vpn-instance-vpn2] vpn-target 300:300 export-extcommunity [SwitchF-vpn-instance-vpn2] quit

# 创建VSI虚接口VSI-interface1,在该接口上配置VPN实例vpn1对应的L3VNI为1003。

[SwitchF] interface vsi-interface 1

[SwitchF-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchF-Vsi-interface1] l3-vni 1003

[SwitchF-Vsi-interface1] pim sm

[SwitchF-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn2对应的L3VNI为1000。

[SwitchF] interface vsi-interface 2

[SwitchF-Vsi-interface2] ip binding vpn-instance vpn2

[SwitchF-Vsi-interface2] l3-vni 1000

[SwitchF-Vsi-interface2] pim sm

[SwitchF-Vsi-interface2] quit

# 使能VPN实例vpn1中的IP组播路由。

[SwitchF] multicast routing vpn-instance vpn1

[SwitchF-mrib-vpn1] quit

# 使能VPN实例vpn2中的IP组播路由。

[SwitchF] multicast routing vpn-instance vpn2

[SwitchF-mrib-vpn2] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口,开启组播DCI功能。

[SwitchF] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchF-mvxlan-vpn1] address-family ipv4

[SwitchF-mvxlan-vpn1-ipv4] source loopback 0

[SwitchF-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchF-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchF-mvxlan-vpn1-ipv4] dci enable

[SwitchF-mvxlan-vpn1-ipv4] quit

[SwitchF-mvxlan-vpn1] quit

# 配置ED间的互连接口Vlan-interface80。

[SwitchF] interface vlan-interface 80

[SwitchF-Vlan-interface80] ip address 89.1.1.2 255.255.255.0

[SwitchF-Vlan-interface80] ospf 1 area 0.0.0.0

[SwitchF-Vlan-interface80] dci enable

[SwitchF-Vlan-interface80] quit

# 配置ED间的互连接口Vlan-interface90。

[SwitchF] interface vlan-interface 90

[SwitchF-Vlan-interface90] ip address 79.1.1.2 255.255.255.0

[SwitchF-Vlan-interface90] ospf 1 area 0.0.0.0

[SwitchF-Vlan-interface90] dci enable

[SwitchF-Vlan-interface90] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchF] interface loopback 0

[SwitchF-LoopBack0] ip address 99.99.99.99 32

[SwitchF-LoopBack0] ospf 1 area 0.0.0.0

[SwitchF-LoopBack0] pim sm

[SwitchF-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchF] interface loopback 1

[SwitchF-LoopBack1] ip binding vpn-instance vpn1

[SwitchF-LoopBack1] ip address 99.99.99.99 32

[SwitchF-LoopBack1] pim sm

[SwitchF-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchF] interface loopback 2

[SwitchF-LoopBack2] ip binding vpn-instance vpn2

[SwitchF-LoopBack2] ip address 99.99.99.99 32

[SwitchF-LoopBack2] pim sm

[SwitchF-LoopBack2] quit

# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchF] pim vpn-instance vpn1

[SwitchF-pim-vpn1] c-bsr 99.99.99.99

[SwitchF-pim-vpn1] c-rp 99.99.99.99

[SwitchF-pim-vpn1] quit

# 进入VPN实例vpn2的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchF] pim vpn-instance vpn2

[SwitchF-pim-vpn2] c-bsr 99.99.99.99

[SwitchF-pim-vpn2] c-rp 99.99.99.99

[SwitchF-pim-vpn2] quit

(8)     配置Switch G

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchG> system-view

[SwitchG] l2vpn enable

[SwitchG] multicast routing

[SwitchG-mrib] quit

# 开启IGMP Snooping功能。

[SwitchG] igmp-snooping

[SwitchG-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchG] vxlan tunnel mac-learning disable

[SwitchG] vxlan tunnel arp-learning disable

# 创建VLAN 31,并进入VLAN视图。

[SwitchG] vlan 31

[SwitchG-vlan31] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchG] vsi vpna

[SwitchG-vsi-vpna] evpn encapsulation vxlan

[SwitchG-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchG-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchG-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchG-vsi-vpna] igmp-snooping enable

[SwitchG-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 31。

[SwitchG-vsi-vpna] vxlan 31

[SwitchG-vsi-vpna-vxlan-31] quit

[SwitchG-vsi-vpna] quit

# 配置BGP发布EVPN路由

[SwitchG] bgp 300

[SwitchG-bgp-default] peer 99.99.99.99 as-number 300

[SwitchG-bgp-default] peer 99.99.99.99 connect-interface loopback 0

[SwitchG-bgp-default] address-family l2vpn evpn

[SwitchG-bgp-default-evpn] peer 99.99.99.99 enable

[SwitchG-bgp-default-evpn] peer 99.99.99.99 next-hop-local

[SwitchG-bgp-default-evpn] quit

[SwitchG-bgp-default] quit

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 31的数据帧。

[SwitchG] interface ten-gigabitethernet 1/0/1

[SwitchG-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchG-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 31

[SwitchG-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchG-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 31

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchG-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchG-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchG] ip vpn-instance vpn1

[SwitchG-vpn-instance-vpn1] route-distinguisher 3:2

[SwitchG-vpn-instance-vpn1] vpn-target 30:30 import-extcommunity

[SwitchG-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity

[SwitchG-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchG] interface vsi-interface 1

[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchG-Vsi-interface1] ip address 192.168.60.1 255.255.255.0

[SwitchG-Vsi-interface1] igmp enable

[SwitchG-Vsi-interface1] pim sm

[SwitchG-Vsi-interface1] distributed-gateway local

[SwitchG-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1002。

[SwitchG] interface vsi-interface 2

[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchG-Vsi-interface2] l3-vni 1003

[SwitchG-Vsi-interface2] pim sm

[SwitchG-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchG] multicast routing vpn-instance vpn1

[SwitchG-mrib-vpn1] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchG] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchG-mvxlan-vpn1] address-family ipv4

[SwitchG-mvxlan-vpn1-ipv4] source loopback 0

[SwitchG-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchG-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchG-mvxlan-vpn1-ipv4] quit

[SwitchG-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchG] interface loopback 0

[SwitchG-LoopBack0] ip address 6.6.6.6 32

[SwitchG-LoopBack0] ospf 1 area 0.0.0.0

[SwitchG-LoopBack0] pim sm

[SwitchG-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchG] interface loopback 1

[SwitchG-LoopBack1] ip binding vpn-instance vpn1

[SwitchG-LoopBack1] ip address 6.6.6.6 32

[SwitchG-LoopBack1] pim sm

[SwitchG-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchG] pim vpn-instance vpn1

[SwitchG-pim-vpn1] c-bsr 6.6.6.6

[SwitchG-pim-vpn1] c-rp 6.6.6.6

[SwitchG-pim-vpn1] quit

# 配置VXLAN 21所在的VSI实例和接口VSI-interface1关联。

[SwitchG] vsi vpna

[SwitchG-vsi-vpna] gateway vsi-interface 1

[SwitchG-vsi-vpna] quit

4. 验证配置

(1)     查看Leaf层设备上的组播路由信息。(以Switch A为例,Switch B、Switch E和Switch G的显示信息与此类似)

# 查看Swich A上VPN实例vpn1的组播路由信息。

<SwitchA> display pim vpn-instance vpn routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 (*, 225.0.1.1)

     RP: 1.1.1.1 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 02:57:31

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 02:57:31, Expires: -

 

(192.168.10.10, 225.0.1.1)

     RP: 1.1.1.1 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN

     UpTime: 04:44:08

     Upstream interface: Vsi-interface1

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel1

             Protocol: MD, UpTime: 02:00:27, Expires: -

# 查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

 Total 0 (*, G) entries; 4 (S, G) entries

 

(1.1.1.1, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 01:08:58

     Upstream interface: MTunnel0 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:08:06, Expires: 00:03:26

 

(2.2.2.2, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:07:53

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.2

         RPF prime neighbor: 11.1.1.2

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:07:53, Expires: -

 

(77.77.77.77, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:08:06

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.2

         RPF prime neighbor: 11.1.1.2

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:08:06, Expires: -

 

(1.1.1.1, 239.1.1.0)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 01:07:53

     Upstream interface: MTunnel1 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:07:53, Expires: 00:02:39

(2)     查看ED上的组播路由信息。(以Switch C为例,Switch D和Switch F的显示信息与此类似)

# 查看Switch C的VPN实例vpn1的组播路由信息。

<SwitchC> display  pim vpn-instance vpn1 routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 

 (*, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 01:29:29

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 01:29:29, Expires: -

 

 (192.168.10.10, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN

     UpTime: 01:29:42

     Upstream interface: MVXLAN-UPE0 (0.0.0.0)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Extranet (VPN: vpn2)

             Protocol: MD, UpTime: 01:29:37, Expires: -

# 查看Switch C的VPN实例vpn2的组播路由信息。

<SwitchC> display  pim vpn-instance vpn2 routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 

 (*, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: WC

     UpTime: 01:39:28

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vsi-interface3

             Protocol: MD, UpTime: 01:39:28, Expires: -

 

 (192.168.10.10, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT

     UpTime: 01:39:24

     Upstream interface: Extranet (VPN: vpn1)

         Upstream neighbor: 127.0.0.1

         RPF prime neighbor: 127.0.0.1

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vsi-interface3

             Protocol: MD, UpTime: 01:39:24, Expires: -

# 查看Switch C的公网组播路由信息。

<SwitchC> display pim routing-table

 Total 0 (*, G) entries; 4 (S, G) entries

 

 (1.1.1.1, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:29:21

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.1

         RPF prime neighbor: 11.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:29:21, Expires: -

 

 (2.2.2.2, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:29:08

     Upstream interface: Vlan-interface20

         Upstream neighbor: 12.1.1.1

         RPF prime neighbor: 12.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:20

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:29:08, Expires: -

 

 (77.77.77.77, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 01:30:55

     Upstream interface: MTunnel0 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:29:21, Expires: 00:03:07

         2: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25

 

 (1.1.1.1, 239.1.1.0)

     RP: NULL

     Protocol: pim-sm, Flag: SPT ACT 2MVPN

     UpTime: 01:29:08

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.1

         RPF prime neighbor: 11.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:29:08, Expires: -

3.14.8  三DC之间使用不同专属VPN进行映射举例

1. 组网需求

Switch A、Switch B为DC 1的Leaf层设备,用于用户的接入。Switch C为DC 1的边缘设备,用于DC间的互联。Switch E为DC 2的Leaf层设备,用于用户的接入;Switch D为DC 2的边缘设备,用于DC间的互联。Switch G为DC 3的Leaf层设备,用于用户的接入;Switch F为DC 3的边缘设备,用于DC间的互联。

Switch A、Switch B、Switch E和Switch G的公网接口上均配置PIM-SM,Switch B、Switch E和Switch G上使能IGMP Snooping功能,用于建立组播转发表项。

Switch A连接组播源,Switch B、Switch E和Switch G连接组播接收者。组播源和组播接收者都属于vpn1,且组播接收者均可接收组播组225.0.1.1的组播流量。

DC 1内,vpn1对应的L3VNI为1001;DC 2内vpn1对应的L3VNI为1002;DC 3内vpn1对应的L3VNI为1003。为了实现不同L3VNI的互通,需要配置专属VPN:

·     在Switch C和Switch D上使用专属VPN vpn2,对应的L3VNI为1122,使组播源发送的组播流量在Switch C上经专属VPN vpn2转发至Switch D,进而到达Receiver 2。

·     在Switch C和Switch F上使用专属VPN vpn4,对应的L3VNI为1133,使组播源发送的组播流量在Switch C经专属VPN vpn4转发至Switch F,进而到达Receiver 3。

2. 组网图

图3-8 三DC之间使用不同专属VPN进行映射配置组网图

3. 配置步骤

(1)     配置IP地址、单播路由协议和pim sm协议

# 在组播源上指定网关地址为192.168.10.1;在Receiver 1上指定网关地址为192.168.20.1;在Receiver 2上指定网关地址为192.168.40.1;在Receiver 3上指定网关地址为192.168.60.1。(具体配置过程略)

# 配置各接口的IP地址和子网掩码;在DC内配置OSPF协议,确保交换机之间路由可达。(具体配置过程略)

# 在DC内设备间相连的VLAN接口上使能PIM SM。ED间相连的VLAN接口上不能使能PIM SM。如果ED间的接口上已使能了PIM SM功能,则需要执行pim bsr-boundary命令将ED配置为BSR的服务边界。(具体配置过程略)

(2)     配置Switch A

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchA> system-view

[SwitchA] l2vpn enable

[SwitchA] multicast routing

[SwitchA-mrib] quit

[SwitchA] multicast routing vpn-instance vpn1

[SwitchA-mrib-vpn1] quit

# 开启IGMP Snooping功能。

[SwitchA] igmp-snooping

[SwitchA-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchA] vxlan tunnel mac-learning disable

[SwitchA] vxlan tunnel arp-learning disable

# 创建VLAN 11,并进入VLAN视图。

[SwitchA] vlan 11

[SwitchA-vlan11] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] evpn encapsulation vxlan

[SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchA-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchA-vsi-vpna] igmp-snooping enable

[SwitchA-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 11。

[SwitchA-vsi-vpna] vxlan 11

[SwitchA-vsi-vpna-vxlan-11] quit

[SwitchA-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchA] bgp 100

[SwitchA-bgp-default] peer 77.77.77.77 as-number 100

[SwitchA-bgp-default] peer 77.77.77.77 connect-interface loopback 0

[SwitchA-bgp-default] address-family l2vpn evpn

[SwitchA-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchA-bgp-default-evpn] peer 77.77.77.77 next-hop-local

[SwitchA-bgp-default-evpn] quit

[SwitchA-bgp-default] quit

# 在接入服务器的接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 11的数据帧。

[SwitchA] interface ten-gigabitethernet 1/0/1

[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 11

[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 11

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchA-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchA] ip vpn-instance vpn1

[SwitchA-vpn-instance-vpn1] route-distinguisher 1:1

[SwitchA-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity

[SwitchA-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity

[SwitchA-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchA] interface vsi-interface 1

[SwitchA-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchA-Vsi-interface1] ip address 192.168.10.1 255.255.255.0

[SwitchA-Vsi-interface1] pim sm

[SwitchA-Vsi-interface1] igmp enable

[SwitchA-Vsi-interface1] distributed-gateway local

[SwitchA-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1001。

[SwitchA] interface vsi-interface 2

[SwitchA-Vsi-interface3] ip binding vpn-instance vpn1

[SwitchA-Vsi-interface3] l3-vni 1001

[SwitchA-Vsi-interface3] pim sm

[SwitchA-Vsi-interface3] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchA] multicast routing vpn-instance vpn1

[SwitchA-mrib-vpn1] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定Default-Group、MVXLAN源接口和Data-Group范围,配置通过S-PMSI路由通告激活组播源信息。

[SwitchA] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchA-mvxlan-vpn1] address-family ipv4

[SwitchA-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchA-mvxlan-vpn1-ipv4] source loopback 0

[SwitchA-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchA-mvxlan-vpn1-ipv4] s-pmsi advertise source-active

[SwitchA-mvxlan-vpn1-ipv4] quit

[SwitchA-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchA] interface loopback 0

[SwitchA-LoopBack0] ip address 1.1.1.1 32

[SwitchA-LoopBack0] pim sm

[SwitchA-LoopBack0] ospf 1 area 0.0.0.0

[SwitchA-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBcak1接口。

[SwitchA] interface loopback 1

[SwitchA-LoopBack1] ip binding vpn-instance vpn1

[SwitchA-LoopBack1] ip address 1.1.1.1 32

[SwitchA-LoopBack1] pim sm

[SwitchA-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchA] pim vpn-instance vpn1

[SwitchA-pim-vpn1] c-bsr 1.1.1.1

[SwitchA-pim-vpn1] c-rp 1.1.1.1

[SwitchA-pim-vpn1] quit

# 配置VXLAN 11所在的VSI实例和接口VSI-interface1关联。

[SwitchA] vsi vpna

[SwitchA-vsi-vpna] gateway vsi-interface 1

[SwitchA-vsi-vpna] quit

(3)     配置Switch B

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchB> system-view

[SwitchB] l2vpn enable

[SwitchB] multicast routing

[SwitchB-mrib] quit

# 开启IGMP Snooping功能。

[SwitchB] igmp-snooping

[SwitchB-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchB] vxlan tunnel mac-learning disable

[SwitchB] vxlan tunnel arp-learning disable

# 创建VLAN 12,并进入VLAN视图。

[SwitchB] vlan 12

[SwitchB-vlan12] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] evpn encapsulation vxlan

[SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchB-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchB-vsi-vpna] igmp-snooping enable

[SwitchB-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 12。

[SwitchB-vsi-vpna] vxlan 12

[SwitchB-vsi-vpna-vxlan-12] quit

[SwitchB-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchB] bgp 100

[SwitchB-bgp-default] peer 77.77.77.77 as-number 100

[SwitchB-bgp-default] peer 77.77.77.77 connect-interface loopback 0

[SwitchB-bgp-default] address-family l2vpn evpn

[SwitchB-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchB-bgp-default-evpn] peer 77.77.77.77 next-hop-local

[SwitchB-bgp-default-evpn] quit

[SwitchB-bgp-default] quit

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 12的数据帧。

[SwitchB] interface ten-gigabitethernet 1/0/1

[SwitchB-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchB-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 12

[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 12

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchB-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchB] ip vpn-instance vpn1

[SwitchB-vpn-instance-vpn1] route-distinguisher 1:2

[SwitchB-vpn-instance-vpn1] vpn-target 10:10 import-extcommunity

[SwitchB-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity

[SwitchB-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchB] interface vsi-interface 1

[SwitchB-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchB-Vsi-interface1] ip address 192.168.20.1 255.255.255.0

[SwitchB-Vsi-interface1] igmp enable

[SwitchB-Vsi-interface1] pim sm

[SwitchB-Vsi-interface1] distributed-gateway local

[SwitchB-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1001。

[SwitchB] interface vsi-interface 2

[SwitchB-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchB-Vsi-interface2] l3-vni 1001

[SwitchB-Vsi-interface2] pim sm

[SwitchB-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchB] multicast routing vpn-instance vpn1

[SwitchB-mrib-vpn1] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchB] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchB-mvxlan-vpn1] address-family ipv4

[SwitchB-mvxlan-vpn1-ipv4] source loopback 0

[SwitchB-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchB-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchB-mvxlan-vpn1-ipv4] quit

[SwitchB-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBcak0接口。

[SwitchB] interface loopback 0

[SwitchB-LoopBack0] ip address 2.2.2.2 32

[SwitchB-LoopBack0] pim sm

[SwitchB-LoopBack0] ospf 1 area 0.0.0.0

[SwitchB-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchB] interface loopback 1

[SwitchB-LoopBack1] ip binding vpn-instance vpn1

[SwitchB-LoopBack1] ip address 2.2.2.2 32

[SwitchB-LoopBack1] pim sm

[SwitchB-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchB] pim vpn-instance vpn1

[SwitchB-pim-vpn1] c-bsr 2.2.2.2

[SwitchB-pim-vpn1] c-rp 2.2.2.2

[SwitchB-pim-vpn1] quit

# 配置VXLAN 12所在的VSI实例和接口VSI-interface1关联。

[SwitchB] vsi vpna

[SwitchB-vsi-vpna] gateway vsi-interface 1

[SwitchB-vsi-vpna] quit

(4)     配置Switch C

# 开启L2VPN能力,使能IP组播路由。

<SwitchC> system-view

[SwitchC] l2vpn enable

[SwitchC] multicast routing

[SwitchC-mrib] quit

# 开启IGMP Snooping功能。

[SwitchC] igmp-snooping

[SwitchC-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchC] vxlan tunnel mac-learning disable

[SwitchC] vxlan tunnel arp-learning disable

# 配置BGP发布EVPN路由,Switch C作为反射器。

[SwitchC] bgp 100

[SwitchC-bgp-default] group group1 internal

[SwitchC-bgp-default] peer group1 connect-interface LoopBack0

[SwitchC-bgp-default] peer 1.1.1.1 group group1

[SwitchC-bgp-default] peer 2.2.2.2 group group1

[SwitchC-bgp-default] peer 88.88.88.88 as-number 200

[SwitchC-bgp-default] peer 88.88.88.88 connect-interface LoopBack0

[SwitchC-bgp-default] peer 88.88.88.88 ebgp-max-hop 64

[SwitchC-bgp-default] peer 99.99.99.99 as-number 300

[SwitchC-bgp-default] peer 99.99.99.99 connect-interface LoopBack0

[SwitchC-bgp-default] peer 99.99.99.99 ebgp-max-hop 64

[SwitchC-bgp-default] address-family l2vpn evpn

[SwitchC-bgp-default-evpn] peer group1 enable

[SwitchC-bgp-default-evpn] peer group1 next-hop-local

[SwitchC-bgp-default-evpn] peer group1 reflect-client

[SwitchC-bgp-default-evpn] peer group1 re-originated replace-rt

[SwitchC-bgp-default-evpn] peer group1 re-originated mac-ip replace-rt

[SwitchC-bgp-default-evpn] peer group1 re-originated imet replace-rt

[SwitchC-bgp-default-evpn] peer group1 advertise original-route

[SwitchC-bgp-default-evpn] peer group1 re-originated smet replace-rt

[SwitchC-bgp-default-evpn] peer group1 re-originated s-pmsi replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 enable

[SwitchC-bgp-default-evpn] peer 88.88.88.88 router-mac-local

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt

[SwitchC-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 enable

[SwitchC-bgp-default-evpn] peer 99.99.99.99 router-mac-local

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt

[SwitchC-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt

[SwitchC-bgp-default-evpn] quit

[SwitchC-bgp-default] quit

# 配置用户VPN的RD和RT。

[SwitchC] ip vpn-instance vpn1

[SwitchC-vpn-instance-vpn1] route-distinguisher 1:1

[SwitchC-vpn-instance-vpn1] vpn-target 10:10 200:200 3000:3000 import-extcommunity

[SwitchC-vpn-instance-vpn1] vpn-target 10:10 export-extcommunity [SwitchC-vpn-instance-vpn1] quit

# 配置专属VPN vpn2的RD和RT。

[SwitchC] ip vpn-instance vpn2

[SwitchC-vpn-instance-vpn2] route-distinguisher 1:11

[SwitchC-vpn-instance-vpn2] vpn-target 10:10 200:200 import-extcommunity

[SwitchC-vpn-instance-vpn2] vpn-target 100:100 export-extcommunity [SwitchC-vpn-instance-vpn2] quit

# 配置专属VPN vpn4的RD和RT。

[SwitchC] ip vpn-instance vpn4

[SwitchC-vpn-instance-vpn4] route-distinguisher 1:111

[SwitchC-vpn-instance-vpn4] vpn-target 10:10 3000:3000 import-extcommunity

[SwitchC-vpn-instance-vpn4] vpn-target 1000:1000 export-extcommunity [SwitchC-vpn-instance-vpn4] quit

# 创建VSI虚接口VSI-interface1,在该接口上配置VPN实例vpn1对应的L3VNI为1001。

[SwitchC] interface vsi-interface 1

[SwitchC-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchC-Vsi-interface1] l3-vni 1001

[SwitchC-Vsi-interface1] pim sm

[SwitchC-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn2对应的L3VNI为1122。

[SwitchC] interface vsi-interface 2

[SwitchC-Vsi-interface2] ip binding vpn-instance vpn2

[SwitchC-Vsi-interface2] l3-vni 1122

[SwitchC-Vsi-interface2] pim sm

[SwitchC-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface4,在该接口上配置VPN实例vpn4对应的L3VNI为1133。

[SwitchC] interface vsi-interface 4

[SwitchC-Vsi-interface4] ip binding vpn-instance vpn4

[SwitchC-Vsi-interface4] l3-vni 1133

[SwitchC-Vsi-interface4] pim sm

[SwitchC-Vsi-interface4] quit

# 使能VPN实例vpn1中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpn1

[SwitchC-mrib-vpn1] quit

# 使能VPN实例vpn2中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpn2

[SwitchC-mrib-vpn2] quit

# 使能VPN实例vpn4中的IP组播路由。

[SwitchC] multicast routing vpn-instance vpn4

[SwitchC-mrib-vpn4] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口,并开启组播DCI功能。

[SwitchC] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchC-mvxlan-vpn1] address-family ipv4

[SwitchC-mvxlan-vpn1-ipv4] source loopback 0

[SwitchC-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchC-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchC-mvxlan-vpn1-ipv4] dci enable

[SwitchC-mvxlan-vpn1-ipv4] quit

[SwitchC-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack0] ip address 77.77.77.77 32

[SwitchC-LoopBack0] ospf 1 area 0.0.0.0

[SwitchC-LoopBack0] pim sm

[SwitchC-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchC] interface loopback 1

[SwitchC-LoopBack1] ip binding vpn-instance vpn1

[SwitchC-LoopBack1] ip address 77.77.77.77 32

[SwitchC-LoopBack1] pim sm

[SwitchC-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchC] interface loopback 2

[SwitchC-LoopBack2] ip binding vpn-instance vpn2

[SwitchC-LoopBack2] ip address 77.77.77.77 32

[SwitchC-LoopBack2] pim sm

[SwitchC-LoopBack2] quit

# 创建接口LoopBack4,并配置LoopBack4接口。

[SwitchC] interface loopback 4

[SwitchC-LoopBack4] ip binding vpn-instance vpn4

[SwitchC-LoopBack4] ip address 77.77.77.77 32

[SwitchC-LoopBack4] pim sm

[SwitchC-LoopBack4] quit

# 配置ED间的互连接口Vlan-interface70。

[SwitchC] interface vlan-interface 70

[SwitchC-Vlan-interface70] ip address 78.1.1.1 255.255.255.0

[SwitchC-Vlan-interface70] ospf 1 area 0.0.0.0

[SwitchC-Vlan-interface70] dci enable

[SwitchC-Vlan-interface70] quit

# 配置ED间的互连接口Vlan-interface90。

[SwitchC] interface vlan-interface 90

[SwitchC-Vlan-interface90] ip address 79.1.1.1 255.255.255.0

[SwitchC-Vlan-interface90] ospf 1 area 0.0.0.0

[SwitchC-Vlan-interface90] dci enable

[SwitchC-Vlan-interface90] quit

# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchC] pim vpn-instance vpn1

[SwitchC-pim-vpn1] c-bsr 77.77.77.77

[SwitchC-pim-vpn1] c-rp 77.77.77.77

[SwitchC-pim-vpn1] quit

#进入VPN实例vpn2的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchC] pim vpn-instance vpn2

[SwitchC-pim-vpn2] c-bsr 77.77.77.77

[SwitchC-pim-vpn2] c-rp 77.77.77.77

[SwitchC-pim-vpn2] quit

#进入VPN实例vpn4的PIM视图,并将接口LoopBack4配置为本地的C-BSR和C-RP。

[SwitchC] pim vpn-instance vpn4

[SwitchC-pim-vpn4] c-bsr 77.77.77.77

[SwitchC-pim-vpn4] c-rp 77.77.77.77

[SwitchC-pim-vpn4] quit

(5)     配置Switch D

# 开启L2VPN能力,使能IP组播路由。

<SwitchD> system-view

[SwitchD] l2vpn enable

[SwitchD] multicast routing

[SwitchD-mrib] quit

# 开启IGMP Snooping功能。

[SwitchD] igmp-snooping

[SwitchD-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchD] vxlan tunnel mac-learning disable

[SwitchD] vxlan tunnel arp-learning disable

# 配置BGP发布EVPN路由。

[SwitchD] bgp 200

[SwitchD-bgp-default] peer 4.4.4.4 as-number 200

[SwitchD-bgp-default] peer 4.4.4.4 connect-interface loopback 0

[SwitchD-bgp-default] peer 77.77.77.77 as-number 100

[SwitchD-bgp-default] peer 77.77.77.77 connect-interface loopback 0

[SwitchD-bgp-default] peer 77.77.77.77 ebgp-max-hop 64

[SwitchD-bgp-default] peer 99.99.99.99 as-number 300

[SwitchD-bgp-default] peer 99.99.99.99 connect-interface loopback 0

[SwitchD-bgp-default] peer 99.99.99.99 ebgp-max-hop 64

[SwitchD-bgp-default] address-family l2vpn evpn

[SwitchD-bgp-default-evpn] peer 4.4.4.4 enable

[SwitchD-bgp-default-evpn] peer 4.4.4.4 next-hop-local

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated replace-rt

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated mac-ip replace-rt

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated imet replace-rt

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated smet replace-rt

[SwitchD-bgp-default-evpn] peer 4.4.4.4 re-originated s-pmsi replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchD-bgp-default-evpn] peer 77.77.77.77 router-mac-local

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt

[SwitchD-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 enable

[SwitchD-bgp-default-evpn] peer 99.99.99.99 router-mac-local

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated mac-ip replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated imet replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated smet replace-rt

[SwitchD-bgp-default-evpn] peer 99.99.99.99 re-originated s-pmsi replace-rt

[SwitchD-bgp-default-evpn] quit

[SwitchD-bgp-default] quit

# 配置用户VPN的RD和RT。

[SwitchD] ip vpn-instance vpn1

[SwitchD-vpn-instance-vpn1] route-distinguisher 2:1

[SwitchD-vpn-instance-vpn1] vpn-target 20:20 100:100 300:300 import-extcommunity

[SwitchD-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity [SwitchD-vpn-instance-vpn1] quit

# 配置专属VPN vpn2的RD和RT。

[SwitchD] ip vpn-instance vpn2

[SwitchD-vpn-instance-vpn2] route-distinguisher 2:11

[SwitchD-vpn-instance-vpn2] vpn-target 20:20 100:100 import-extcommunity

[SwitchD-vpn-instance-vpn2] vpn-target 200:200 export-extcommunity [SwitchD-vpn-instance-vpn2] quit

# 配置专属VPN vpn3的RD和RT。

[SwitchD] ip vpn-instance vpn3

[SwitchD-vpn-instance-vpn3] route-distinguisher 2:111

[SwitchD-vpn-instance-vpn3] vpn-target 20:20 300:300 import-extcommunity

[SwitchD-vpn-instance-vpn3] vpn-target 2000:2000 export-extcommunity [SwitchD-vpn-instance-vpn3] quit

# 创建VSI虚接口VSI-interface1,在该接口上配置VPN实例vpn1对应的L3VNI为1002。

[SwitchD] interface vsi-interface 1

[SwitchD-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchD-Vsi-interface1] l3-vni 1002

[SwitchD-Vsi-interface1] pim sm

[SwitchD-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn2对应的L3VNI为1122。

[SwitchD] interface vsi-interface 2

[SwitchD-Vsi-interface2] ip binding vpn-instance vpn2

[SwitchD-Vsi-interface2] l3-vni 1122

[SwitchD-Vsi-interface2] pim sm

[SwitchD-Vsi-interface2] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpn3对应的L3VNI为2233。

[SwitchD] interface vsi-interface 3

[SwitchD-Vsi-interface3] ip binding vpn-instance vpn3

[SwitchD-Vsi-interface3] l3-vni 2233

[SwitchD-Vsi-interface3] pim sm

[SwitchD-Vsi-interface3] quit

# 使能VPN实例vpn1中的IP组播路由。

[SwitchD] multicast routing vpn-instance vpn1

[SwitchD-mrib-vpn1] quit

# 使能VPN实例vpn2中的IP组播路由。

[SwitchD] multicast routing vpn-instance vpn2

[SwitchD-mrib-vpn2] quit

# 使能VPN实例vpn3中的IP组播路由。

[SwitchD] multicast routing vpn-instance vpn3

[SwitchD-mrib-vpn3] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口,开启组播DCI功能。

[SwitchD] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchD-mvxlan-vpn1] address-family ipv4

[SwitchD-mvxlan-vpn1-ipv4] source loopback 0

[SwitchD-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchD-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchD-mvxlan-vpn1-ipv4] dci enable

[SwitchD-mvxlan-vpn1-ipv4] quit

[SwitchD-mvxlan-vpn1] quit

# 配置ED间的互连接口Vlan-interface70。

[SwitchD] interface vlan-interface 70

[SwitchD-Vlan-interface70] ip address 78.1.1.2 255.255.255.0

[SwitchD-Vlan-interface70] ospf 1 area 0.0.0.0

[SwitchD-Vlan-interface70] dci enable

[SwitchD-Vlan-interface70] quit

# 配置ED间的互连接口Vlan-interface80。

[SwitchD] interface vlan-interface 80

[SwitchD-Vlan-interface80] ip address 89.1.1.1 255.255.255.0

[SwitchD-Vlan-interface80] ospf 1 area 0.0.0.0

[SwitchD-Vlan-interface80] dci enable

[SwitchD-Vlan-interface80] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchD] interface loopback 0

[SwitchD-LoopBack0] ip address 88.88.88.88 32

[SwitchD-LoopBack0] ospf 1 area 0.0.0.0

[SwitchD-LoopBack0] pim sm

[SwitchD-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchD] interface loopback 1

[SwitchD-LoopBack1] ip binding vpn-instance vpn1

[SwitchD-LoopBack1] ip address 88.88.88.88 32

[SwitchD-LoopBack1] pim sm

[SwitchD-LoopBack1] quit

# 创建接口LoopBack2,并配置LoopBack2接口。

[SwitchD] interface loopback 2

[SwitchD-LoopBack2] ip binding vpn-instance vpn2

[SwitchD-LoopBack2] ip address 88.88.88.88 32

[SwitchD-LoopBack2] pim sm

[SwitchD-LoopBack2] quit

# 创建接口LoopBack3,并配置LoopBack3接口。

[SwitchD] interface loopback 3

[SwitchD-LoopBack3] ip binding vpn-instance vpn3

[SwitchD-LoopBack3] ip address 88.88.88.88 32

[SwitchD-LoopBack3] pim sm

[SwitchD-LoopBack3] quit

# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchD] pim vpn-instance vpn1

[SwitchD-pim-vpn1] c-bsr 88.88.88.88

[SwitchD-pim-vpn1] c-rp 88.88.88.88

[SwitchD-pim-vpn1] quit

# 进入VPN实例vpn2的PIM视图,并将接口LoopBack2配置为本地的C-BSR和C-RP。

[SwitchD] pim vpn-instance vpn2

[SwitchD-pim-vpn2] c-bsr 88.88.88.88

[SwitchD-pim-vpn2] c-rp 88.88.88.88

[SwitchD-pim-vpn2] quit

# 进入VPN实例vpn3的PIM视图,并将接口LoopBack3配置为本地的C-BSR和C-RP。

[SwitchD] pim vpn-instance vpn3

[SwitchD-pim-vpn3] c-bsr 88.88.88.88

[SwitchD-pim-vpn3] c-rp 88.88.88.88

[SwitchD-pim-vpn3] quit

(6)     配置Switch E

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchE> system-view

[SwitchE] l2vpn enable

[SwitchE] multicast routing

[SwitchE-mrib] quit

# 开启IGMP Snooping功能。

[SwitchE] igmp-snooping

[SwitchE-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchE] vxlan tunnel mac-learning disable

[SwitchE] vxlan tunnel arp-learning disable

# 创建VLAN 21,并进入VLAN视图。

[SwitchE] vlan 21

[SwitchE-vlan12] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchE] vsi vpna

[SwitchE-vsi-vpna] evpn encapsulation vxlan

[SwitchE-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchE-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchE-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchE-vsi-vpna] igmp-snooping enable

[SwitchE-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 21。

[SwitchE-vsi-vpna] vxlan 21

[SwitchE-vsi-vpna-vxlan-21] quit

[SwitchE-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchE] bgp 200

[SwitchE-bgp-default] peer 88.88.88.88 as-number 200

[SwitchE-bgp-default] peer 88.88.88.88 connect-interface loopback 0

[SwitchE-bgp-default] address-family l2vpn evpn

[SwitchE-bgp-default-evpn] peer 88.88.88.88 enable

[SwitchE-bgp-default-evpn] peer 88.88.88.88 next-hop-local

[SwitchE-bgp-default-evpn] quit

[SwitchE-bgp-default] quit

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 21的数据帧。

[SwitchE] interface ten-gigabitethernet 1/0/1

[SwitchE-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchE-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 21

[SwitchE-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 21

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchE-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchE] ip vpn-instance vpn1

[SwitchE-vpn-instance-vpn1] route-distinguisher 2:3

[SwitchE-vpn-instance-vpn1] vpn-target 20:20 import-extcommunity

[SwitchE-vpn-instance-vpn1] vpn-target 20:20 export-extcommunity

[SwitchE-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchE] interface vsi-interface 1

[SwitchE-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchE-Vsi-interface1] ip address 192.168.40.1 255.255.255.0

[SwitchE-Vsi-interface1] igmp enable

[SwitchE-Vsi-interface1] pim sm

[SwitchE-Vsi-interface1] distributed-gateway local

[SwitchE-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1002。

[SwitchE] interface vsi-interface 2

[SwitchE-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchE-Vsi-interface2] l3-vni 1002

[SwitchE-Vsi-interface2] pim sm

[SwitchE-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchE] multicast routing vpn-instance vpn1

[SwitchE-mrib-vpn1] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchE] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchE-mvxlan-vpn1] address-family ipv4

[SwitchE-mvxlan-vpn1-ipv4] source loopback 0

[SwitchE-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchE-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchE-mvxlan-vpn1-ipv4] quit

[SwitchE-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchE] interface loopback 0

[SwitchE-LoopBack0] ip address 4.4.4.4 32

[SwitchE-LoopBack0] ospf 1 area 0.0.0.0

[SwitchE-LoopBack0] pim sm

[SwitchE-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchE] interface loopback 1

[SwitchE-LoopBack1] ip binding vpn-instance vpn1

[SwitchE-LoopBack1] ip address 4.4.4.4 32

[SwitchE-LoopBack1] pim sm

[SwitchE-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchE] pim vpn-instance vpn1

[SwitchE-pim-vpn1] c-bsr 4.4.4.4

[SwitchE-pim-vpn1] c-rp 4.4.4.4

[SwitchE-pim-vpn1] quit

# 配置VXLAN 21所在的VSI实例和接口VSI-interface1关联。

[SwitchE] vsi vpna

[SwitchE-vsi-vpna] gateway vsi-interface 1

[SwitchE-vsi-vpna] quit

(7)     配置Switch F

# 开启L2VPN能力,使能IP组播路由。

<SwitchF> system-view

[SwitchF] l2vpn enable

[SwitchF] multicast routing

[SwitchF-mrib] quit

# 开启IGMP Snooping功能。

[SwitchF] igmp-snooping

[SwitchF-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchF] vxlan tunnel mac-learning disable

[SwitchF] vxlan tunnel arp-learning disable

# 配置BGP发布EVPN路由。

[SwitchF] bgp 300

[SwitchF-bgp-default] peer 6.6.6.6 as-number 300

[SwitchF-bgp-default] peer 6.6.6.6 connect-interface LoopBack0

[SwitchF-bgp-default] peer 77.77.77.77 as-number 100

[SwitchF-bgp-default] peer 77.77.77.77 connect-interface LoopBack0

[SwitchF-bgp-default] peer 77.77.77.77 ebgp-max-hop 64

[SwitchF-bgp-default] peer 88.88.88.88 as-number 200

[SwitchF-bgp-default] peer 88.88.88.88 connect-interface LoopBack0

[SwitchF-bgp-default] peer 88.88.88.88 ebgp-max-hop 64

[SwitchF-bgp-default] address-family l2vpn evpn

[SwitchF-bgp-default-evpn] peer 6.6.6.6 enable

[SwitchF-bgp-default-evpn] peer 6.6.6.6 next-hop-local

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated replace-rt

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated mac-ip replace-rt

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated imet replace-rt

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated smet replace-rt

[SwitchF-bgp-default-evpn] peer 6.6.6.6 re-originated s-pmsi replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 enable

[SwitchF-bgp-default-evpn] peer 77.77.77.77 router-mac-local

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated mac-ip replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated imet replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated smet replace-rt

[SwitchF-bgp-default-evpn] peer 77.77.77.77 re-originated s-pmsi replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 enable

[SwitchF-bgp-default-evpn] peer 88.88.88.88 router-mac-local

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated mac-ip replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated imet replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated smet replace-rt

[SwitchF-bgp-default-evpn] peer 88.88.88.88 re-originated s-pmsi replace-rt

[SwitchF-bgp-default-evpn] quit

[SwitchF-bgp-default] quit

# 配置用户VPN的RD和RT。

[SwitchF] ip vpn-instance vpn1

[SwitchF-vpn-instance-vpn1] route-distinguisher 3:1

[SwitchF-vpn-instance-vpn1] vpn-target 30:30 1000:1000 2000:2000 import-extcommunity

[SwitchF-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity [SwitchF-vpn-instance-vpn1] quit

# 配置专属VPN vpn3的RD和RT。

[SwitchF] ip vpn-instance vpn3

[SwitchF-vpn-instance-vpn3] route-distinguisher 3:11

[SwitchF-vpn-instance-vpn3] vpn-target 30:30 2000:2000 import-extcommunity

[SwitchF-vpn-instance-vpn3] vpn-target 300:300 export-extcommunity [SwitchF-vpn-instance-vpn3] quit

# 配置专属VPN vpn4的RD和RT。

[SwitchF] ip vpn-instance vpn4

[SwitchF-vpn-instance-vpn4] route-distinguisher 3:111

[SwitchF-vpn-instance-vpn4] vpn-target 30:30 1000:1000 import-extcommunity

[SwitchF-vpn-instance-vpn4] vpn-target 3000:3000 export-extcommunity [SwitchF-vpn-instance-vpn4] quit

# 创建VSI虚接口VSI-interface1,在该接口上配置VPN实例vpn1对应的L3VNI为1003。

[SwitchF] interface vsi-interface 1

[SwitchF-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchF-Vsi-interface1] l3-vni 1003

[SwitchF-Vsi-interface1] pim sm

[SwitchF-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpn3对应的L3VNI为2233。

[SwitchF] interface vsi-interface 3

[SwitchF-Vsi-interface3] ip binding vpn-instance vpn3

[SwitchF-Vsi-interface3] l3-vni 2233

[SwitchF-Vsi-interface3] pim sm

[SwitchF-Vsi-interface3] quit

# 创建VSI虚接口VSI-interface4,在该接口上配置VPN实例vpn4对应的L3VNI为1133。

[SwitchF] interface vsi-interface 4

[SwitchF-Vsi-interface4] ip binding vpn-instance vpn4

[SwitchF-Vsi-interface4] l3-vni 1133

[SwitchF-Vsi-interface4] pim sm

[SwitchF-Vsi-interface4] quit

# 使能VPN实例vpn1中的IP组播路由。

[SwitchF] multicast routing vpn-instance vpn1

[SwitchF-mrib-vpn1] quit

# 使能VPN实例vpn2中的IP组播路由。

[SwitchF] multicast routing vpn-instance vpn3

[SwitchF-mrib-vpn3] quit

# 使能VPN实例vpn4中的IP组播路由。

[SwitchF] multicast routing vpn-instance vpn4

[SwitchF-mrib-vpn4] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口,开启组播DCI功能。

[SwitchF] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchF-mvxlan-vpn1] address-family ipv4

[SwitchF-mvxlan-vpn1-ipv4] source loopback 0

[SwitchF-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchF-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchF-mvxlan-vpn1-ipv4] dci enable

[SwitchF-mvxlan-vpn1-ipv4] quit

[SwitchF-mvxlan-vpn1] quit

# 配置ED间的互连接口Vlan-interface80。

[SwitchF] interface vlan-interface 80

[SwitchF-Vlan-interface80] ip address 89.1.1.2 255.255.255.0

[SwitchF-Vlan-interface80] ospf 1 area 0.0.0.0

[SwitchF-Vlan-interface80] dci enable

[SwitchF-Vlan-interface80] quit

# 配置ED间的互连接口Vlan-interface90。

[SwitchF] interface vlan-interface 90

[SwitchF-Vlan-interface90] ip address 79.1.1.2 255.255.255.0

[SwitchF-Vlan-interface90] ospf 1 area 0.0.0.0

[SwitchF-Vlan-interface90] dci enable

[SwitchF-Vlan-interface90] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchF] interface loopback 0

[SwitchF-LoopBack0] ip address 99.99.99.99 32

[SwitchF-LoopBack0] ospf 1 area 0.0.0.0

[SwitchF-LoopBack0] pim sm

[SwitchF-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchF] interface loopback 1

[SwitchF-LoopBack1] ip binding vpn-instance vpn1

[SwitchF-LoopBack1] ip address 99.99.99.99 32

[SwitchF-LoopBack1] pim sm

[SwitchF-LoopBack1] quit

# 创建接口LoopBack3,并配置LoopBack3接口。

[SwitchF] interface loopback 3

[SwitchF-LoopBack3] ip binding vpn-instance vpn3

[SwitchF-LoopBack3] ip address 99.99.99.99 32

[SwitchF-LoopBack3] pim sm

[SwitchF-LoopBack3] quit

# 创建接口LoopBack4,并配置LoopBack4接口。

[SwitchF] interface loopback 4

[SwitchF-LoopBack4] ip binding vpn-instance vpn4

[SwitchF-LoopBack4] ip address 99.99.99.99 32

[SwitchF-LoopBack4] pim sm

[SwitchF-LoopBack4] quit

# 进入VPN实例vpn1的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchF] pim vpn-instance vpn1

[SwitchF-pim-vpn1] c-bsr 99.99.99.99

[SwitchF-pim-vpn1] c-rp 99.99.99.99

[SwitchF-pim-vpn1] quit

# 进入VPN实例vpn3的PIM视图,并将接口LoopBack3配置为本地的C-BSR和C-RP。

[SwitchF] pim vpn-instance vpn3

[SwitchF-pim-vpn3] c-bsr 99.99.99.99

[SwitchF-pim-vpn3] c-rp 99.99.99.99

[SwitchF-pim-vpn3] quit

# 进入VPN实例vpn4的PIM视图,并将接口LoopBack4配置为本地的C-BSR和C-RP。

[SwitchF] pim vpn-instance vpn4

[SwitchF-pim-vpn4] c-bsr 99.99.99.99

[SwitchF-pim-vpn4] c-rp 99.99.99.99

[SwitchF-pim-vpn4] quit

(8)     配置Switch G

# 开启L2VPN能力,使能IP组播路由功能。

<SwitchG> system-view

[SwitchG] l2vpn enable

[SwitchG] multicast routing

[SwitchG-mrib] quit

# 开启IGMP Snooping功能。

[SwitchG] igmp-snooping

[SwitchG-igmp-snooping] quit

# 关闭远端MAC地址和远端ARP自动学习功能。

[SwitchG] vxlan tunnel mac-learning disable

[SwitchG] vxlan tunnel arp-learning disable

# 创建VLAN 31,并进入VLAN视图。

[SwitchG] vlan 31

[SwitchG-vlan31] quit

# 在VSI实例vpna下创建EVPN实例。

[SwitchG] vsi vpna

[SwitchG-vsi-vpna] evpn encapsulation vxlan

[SwitchG-vsi-vpna-evpn-vxlan] route-distinguisher auto

[SwitchG-vsi-vpna-evpn-vxlan] vpn-target auto

[SwitchG-vsi-vpna-evpn-vxlan] quit

# 在VSI实例vpna内使能IGMP Snooping和IGMP Snooping proxy功能。

[SwitchG-vsi-vpna] igmp-snooping enable

[SwitchG-vsi-vpna] igmp-snooping proxy enable

# 创建VXLAN 31。

[SwitchG-vsi-vpna] vxlan 31

[SwitchG-vsi-vpna-vxlan-31] quit

[SwitchG-vsi-vpna] quit

# 配置BGP发布EVPN路由。

[SwitchG] bgp 300

[SwitchG-bgp-default] peer 99.99.99.99 as-number 300

[SwitchG-bgp-default] peer 99.99.99.99 connect-interface loopback 0

[SwitchG-bgp-default] address-family l2vpn evpn

[SwitchG-bgp-default-evpn] peer 99.99.99.99 enable

[SwitchG-bgp-default-evpn] peer 99.99.99.99 next-hop-local

[SwitchG-bgp-default-evpn] quit

[SwitchG-bgp-default] quit

# 在接口Ten-GigabitEthernet1/0/1上创建以太网服务实例100,该实例用来匹配VLAN 31的数据帧。

[SwitchG] interface ten-gigabitethernet 1/0/1

[SwitchG-Ten-GigabitEthernet1/0/1] port link-type trunk

[SwitchG-Ten-GigabitEthernet1/0/1] port trunk permit vlan 1 31

[SwitchG-Ten-GigabitEthernet1/0/1] service-instance 100

[SwitchG-Ten-GigabitEthernet1/0/1-srv100] encapsulation s-vid 31

# 配置以太网服务实例100与VSI实例vpna关联。

[SwitchG-Ten-GigabitEthernet1/0/1-srv100] xconnect vsi vpna

[SwitchG-Ten-GigabitEthernet1/0/1-srv100] quit

# 配置VPN实例的RD和RT。

[SwitchG] ip vpn-instance vpn1

[SwitchG-vpn-instance-vpn1] route-distinguisher 3:2

[SwitchG-vpn-instance-vpn1] vpn-target 30:30 import-extcommunity

[SwitchG-vpn-instance-vpn1] vpn-target 30:30 export-extcommunity

[SwitchG-vpn-instance-vpn1] quit

# 配置VSI虚接口VSI-interface1。

[SwitchG] interface vsi-interface 1

[SwitchG-Vsi-interface1] ip binding vpn-instance vpn1

[SwitchG-Vsi-interface1] ip address 192.168.60.1 255.255.255.0

[SwitchG-Vsi-interface1] igmp enable

[SwitchG-Vsi-interface1] pim sm

[SwitchG-Vsi-interface1] distributed-gateway local

[SwitchG-Vsi-interface1] quit

# 创建VSI虚接口VSI-interface2,在该接口上配置VPN实例vpn1对应的L3VNI为1002。

[SwitchG] interface vsi-interface 2

[SwitchG-Vsi-interface2] ip binding vpn-instance vpn1

[SwitchG-Vsi-interface2] l3-vni 1003

[SwitchG-Vsi-interface2] pim sm

[SwitchG-Vsi-interface2] quit

# 使能VPN实例vpn1的IP组播路由功能。

[SwitchG] multicast routing vpn-instance vpn1

[SwitchG-mrib-vpn1] quit

# 创建VPN实例vpn1的MVXLAN并进入MVXLAN IPv4地址族视图,指定MVXLAN源接口。

[SwitchG] multicast-vpn vxlan vpn-instance vpn1 mode mdt

[SwitchG-mvxlan-vpn1] address-family ipv4

[SwitchG-mvxlan-vpn1-ipv4] source loopback 0

[SwitchG-mvxlan-vpn1-ipv4] default-group 239.0.0.1

[SwitchG-mvxlan-vpn1-ipv4] data-group 239.1.1.0 24

[SwitchG-mvxlan-vpn1-ipv4] quit

[SwitchG-mvxlan-vpn1] quit

# 创建接口LoopBack0,并配置LoopBack0接口。

[SwitchG] interface loopback 0

[SwitchG-LoopBack0] ip address 6.6.6.6 32

[SwitchG-LoopBack0] ospf 1 area 0.0.0.0

[SwitchG-LoopBack0] pim sm

[SwitchG-LoopBack0] quit

# 创建接口LoopBack1,并配置LoopBack1接口。

[SwitchG] interface loopback 1

[SwitchG-LoopBack1] ip binding vpn-instance vpn1

[SwitchG-LoopBack1] ip address 6.6.6.6 32

[SwitchG-LoopBack1] pim sm

[SwitchG-LoopBack1] quit

# 进入VPN实例的PIM视图,并将接口LoopBack1配置为本地的C-BSR和C-RP。

[SwitchG] pim vpn-instance vpn1

[SwitchG-pim-vpn1] c-bsr 6.6.6.6

[SwitchG-pim-vpn1] c-rp 6.6.6.6

[SwitchG-pim-vpn1] quit

# 配置VXLAN 21所在的VSI实例和接口VSI-interface1关联。

[SwitchG] vsi vpna

[SwitchG-vsi-vpna] gateway vsi-interface 1

[SwitchG-vsi-vpna] quit

4. 验证配置

(1)     查看Leaf层设备上的组播路由信息。(以Switch A为例,Switch B、Switch E和Switch G的显示信息与此类似)

# 查看Swich A上VPN实例vpn1的组播路由信息。

<SwitchA> display pim vpn-instance vpn routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 (*, 225.0.1.1)

     RP: 1.1.1.1 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 02:57:31

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information: 

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 02:57:31, Expires: -

 

(192.168.10.10, 225.0.1.1)

     RP: 1.1.1.1 (local)

     Protocol: pim-sm, Flag: SPT 2MSDP LOC ACT SQ RC 2MVPN

     UpTime: 04:44:08

     Upstream interface: Vsi-interface1

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel1

             Protocol: MD, UpTime: 02:00:27, Expires: -

# 查看Switch A的公网组播路由信息。

<SwitchA> display pim routing-table

 Total 0 (*, G) entries; 4 (S, G) entries

 

(1.1.1.1, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 01:08:58

     Upstream interface: MTunnel0 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:08:06, Expires: 00:03:26

 

(2.2.2.2, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:07:53

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.2

         RPF prime neighbor: 11.1.1.2

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:07:53, Expires: -

 

(77.77.77.77, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:08:06

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.2

         RPF prime neighbor: 11.1.1.2

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:08:06, Expires: -

 

(1.1.1.1, 239.1.1.0)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 01:07:53

     Upstream interface: MTunnel1 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:07:53, Expires: 00:02:39

 

(2)     查看ED上的组播路由信息。(以Switch C为例,Switch D和Switch F的显示信息与此类似)

# 查看Switch C的VPN实例vpn1的组播路由信息。

<SwitchC> display pim vpn-instance vpn1 routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 

 (*, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: WC RC

     UpTime: 01:09:14

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: MTunnel0

             Protocol: MD, UpTime: 01:09:14, Expires: -

 

 (192.168.10.10, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT 2MVPN FROMVXLAN

     UpTime: 00:58:36

     Upstream interface: MVXLAN-UPE0 (0.0.0.0)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Extranet (VPN: vpn2)

             Protocol: MD, UpTime: 00:58:36, Expires: -

         2: Extranet (VPN: vpn4)

             Protocol: MD, UpTime: 00:58:36, Expires: -

# 查看Switch C的VPN实例vpn2的组播路由信息。

<SwitchC> display  pim vpn-instance vpn2 routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 

 (*, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: WC

     UpTime: 01:39:28

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vsi-interface3

             Protocol: MD, UpTime: 01:39:28, Expires: -

 

 (192.168.10.10, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT

     UpTime: 01:39:24

     Upstream interface: Extranet (VPN: vpn1)

         Upstream neighbor: 127.0.0.1

         RPF prime neighbor: 127.0.0.1

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vsi-interface3

             Protocol: MD, UpTime: 01:39:24, Expires: -

# 查看Switch C的VPN实例vpn4的组播路由信息。

<SwitchC> display pim vpn-instance vpn4 routing-table

 Total 1 (*, G) entries; 1 (S, G) entries

 

 (*, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: WC

     UpTime: 01:04:54

     Upstream interface: Register-Tunnel0

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vsi-interface4

             Protocol: MD, UpTime: 01:04:54, Expires: -

 

 (192.168.10.10, 225.0.1.1)

     RP: 77.77.77.77 (local)

     Protocol: pim-sm, Flag: SPT ACT RQ SRC-ACT

     UpTime: 01:00:09

     Upstream interface: Extranet (VPN: vpn1)

         Upstream neighbor: 127.0.0.1

         RPF prime neighbor: 127.0.0.1

     Downstream interface information:

     Total number of downstream interfaces: 1

         1: Vsi-interface4

             Protocol: MD, UpTime: 01:00:09, Expires: -

# 查看Switch C的公网组播路由信息。

<SwitchC> display pim routing-table

 Total 0 (*, G) entries; 4 (S, G) entries

 

 (1.1.1.1, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:29:21

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.1

         RPF prime neighbor: 11.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:29:21, Expires: -

 

 (2.2.2.2, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT

     UpTime: 01:29:08

     Upstream interface: Vlan-interface20

         Upstream neighbor: 12.1.1.1

         RPF prime neighbor: 12.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:20

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:29:08, Expires: -

 

 (77.77.77.77, 239.0.0.1)

     RP: NULL

     Protocol: pim-sm, Flag: SPT LOC VXLAN_L3

     UpTime: 01:30:55

     Upstream interface: MTunnel0 (VPN: vpn1)

         Upstream neighbor: NULL

         RPF prime neighbor: NULL

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface10

             Protocol: pim-sm, UpTime: 01:29:21, Expires: 00:03:07

         2: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25

 

 (1.1.1.1, 239.1.1.0)

     RP: NULL

     Protocol: pim-sm, Flag: SPT ACT 2MVPN

     UpTime: 01:29:08

     Upstream interface: Vlan-interface10

         Upstream neighbor: 11.1.1.1

         RPF prime neighbor: 11.1.1.1

     Downstream interface information:

     Total number of downstream interfaces: 2

         1: Vlan-interface20

             Protocol: pim-sm, UpTime: 01:29:07, Expires: 00:03:25

         2: MVXLAN-UPE0

             Protocol: MD, UpTime: 01:29:08, Expires: -

 

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

新华三官网
联系我们