当前位置：首页 > news >正文

华为EVPN网关配置

news 来源：原创 2024/9/19 21:52:45

一、华为集中式EVPN网关配置

1、拓扑

设备：SW1，SW2，SW3用CE12800设备

ACC-1，ACC-2用SW5700设备

2、需求

SW2为Border设备，SW1和SW3为Edge设备 PC1属于VLAN100，PC2属于VLAN200，Border和Edge设备配置了OSPF协议，要求PC1和PC2使用集中式VXLAN技术，实现三层互访

PC1地址：172.16.10.10 网关：172.16.10.1

PC2地址：172.16.20.10 网关：172.16.20.1

3、操作

1. 基础连通性配置

SW1配置

[SW1]vlan batch 12interface GE1/0/1undo shutdownport link-type trunkport trunk allow-pass vlan 12interface Vlanif12ip address 10.0.12.1 255.255.255.0ospf network-type p2pinterface LoopBack0ip address 1.1.1.1 255.255.255.255

SW2配置

[SW2]vlan batch 12 23interface Vlanif12ip address 10.0.12.2 255.255.255.0ospf network-type p2p#interface Vlanif23ip address 10.0.23.2 255.255.255.0ospf network-type p2pinterface GE1/0/2undo shutdownport link-type trunkport trunk allow-pass vlan 12#interface GE1/0/3undo shutdownport link-type trunkport trunk allow-pass vlan 23interface LoopBack0ip address 2.2.2.2 255.255.255.255

SW3配置

[SW3]vlan batch 23interface Vlanif23ip address 10.0.23.3 255.255.255.0ospf network-type p2pinterface GE1/0/1undo shutdownport link-type trunkport trunk allow-pass vlan 23interface LoopBack0ip address 3.3.3.3 255.255.255.255

2. OSPF配置

SW1[SW1]ospf 10 router-id 10.0.1.1area 0.0.0.0network 10.0.1.1 0.0.0.0network 10.0.12.1 0.0.0.0[SW2]ospf 10 router-id 10.0.2.2area 0.0.0.0network 10.0.2.2 0.0.0.0network 10.0.12.2 0.0.0.0network 10.0.23.2 0.0.0.0[SW3]ospf 10 router-id 10.0.3.3area 0.0.0.0network 10.0.3.3 0.0.0.0network 10.0.23.3 0.0.0.0

3. 业务接入点配置

SW1上完成业务接入点的配置，创建子接口与ACC-1互通，终结VLAN100，并与BD10进行绑定。

SW3上完成业务接入点的配置，创建子接口与ACC-2互通，终结VLAN200，并与BD20进行绑定。

ACC-1与PC连接的接口配置为Access接口，PVID 100，与SW1、SW3互联的接口配置为Trunk接口，放通VLAN 100。

ACC-2与PC连接的接口配置为Access接口，PVID200，与SW1、SW3互联的接口配置为Trunk接口，放通VLAN 100。

SW1bridge-domain 10vxlan vni 10interface GE1/0/2.100 mode l2encapsulation dot1q vid 100bridge-domain 10SW3bridge-domain 20vxlan vni 20interface GE1/0/3.200 mode l2encapsulation dot1q vid 200bridge-domain 20SW2bridge-domain 10vxlan vni 10bridge-domain 20vxlan vni 20

4. 配置EVPN邻居

SW1配置

evpn-overlay enablebgp 100router-id 1.1.1.1peer 2.2.2.2 as-number 100peer 2.2.2.2 connect-interface LoopBack0#ipv4-family unicastpeer 2.2.2.2 enable#l2vpn-family evpnpolicy vpn-targetpeer 2.2.2.2 enable

SW2配置

evpn-overlay enablebgp 100router-id 2.2.2.2peer 1.1.1.1 as-number 100peer 1.1.1.1 connect-interface LoopBack1peer 3.3.3.3 as-number 100peer 3.3.3.3 connect-interface LoopBack1#ipv4-family unicastpeer 1.1.1.1 enablepeer 3.3.3.3 enable#l2vpn-family evpnpolicy vpn-targetpeer 1.1.1.1 enablepeer 3.3.3.3 enable

SW3配置

evpn-overlay enablebgp 100router-id 3.3.3.3peer 2.2.2.2 as-number 100peer 2.2.2.2 connect-interface LoopBack0#ipv4-family unicastpeer 2.2.2.2 enable#l2vpn-family evpnpolicy vpn-targetpeer 2.2.2.2 enable

5. 配置EVPN实例

SW1配置

bridge-domain 10vxlan vni 10evpnroute-distinguisher 11:1vpn-target 1:1 export-extcommunityvpn-target 1:1 import-extcommunity

SW2配置

bridge-domain 10vxlan vni 10evpnroute-distinguisher 11:1vpn-target 1:1 export-extcommunityvpn-target 1:1 import-extcommunity#bridge-domain 20vxlan vni 20evpnroute-distinguisher 12:1vpn-target 2:1 export-extcommunityvpn-target 2:1 import-extcommunity

SW3配置

bridge-domain 20vxlan vni 20evpnroute-distinguisher 12:1vpn-target 2:1 export-extcommunityvpn-target 2:1 import-extcommunity

6. 配置头端复制功能

SW1配置interface Nve1source 1.1.1.1vni 10 head-end peer-list protocol bgpSW2配置interface Nve1source 2.2.2.2vni 10 head-end peer-list protocol bgpvni 20 head-end peer-list protocol bgpSW3配置interface Nve1source 3.3.3.3vni 20 head-end peer-list protocol bgp

7. 配置接入层

ACC-1配置vlan 100interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 100interface GigabitEthernet0/0/24port link-type accessport default vlan 100ACC-2配置vlan 200interface GigabitEthernet0/0/1port link-type trunkport trunk allow-pass vlan 200interface GigabitEthernet0/0/24port link-type accessport default vlan 200

8. 配置VXLAN网关

interface Vbdif10ip address 192.168.10.1 255.255.255.0arp collect host enableinterface Vbdif20ip address 192.168.20.1 255.255.255.0arp collect host enable

4、验证

测试

二、华为 Vxlan-BGP 分布式EVPN网关配置

VXLAN分布式网关可以解决VXLAN集中式网关的转发路径不优化，三层网关ARP或ND表项规格瓶颈问题。

本文主要通过华为ENSP模拟VXLAN-BGP EVPN分布式网关配置。

1、配置思路

配置underlay网络实现互联互通
启用VXLAN功能
配置业务接入点
启用EVPN功能
配置BGP对等体
配置EVPN实例
配置头端配置列表
配置VPN实例
配置VBDIF并绑定VPN实例，配置发布路由类型
配置BGP对等体路由类型

此次环境如下：

ensp 版本1.3.00.100

ce12800 版本V200R005C10SPC607B607

virtualbox 版本5.1.26

此次拓扑如下：

2、配置CE1-CE3实现三层互通

CE1：

[ce1]ospf 1 router-id 1.1.1.1	\\配置OSPF进程1[ce1-ospf-1]area 0[ce1-ospf-1-area-0.0.0.0]quit[ce1-ospf-1]quit[ce1]interface  g1/0/0[ce1-ge1/0/0]undo shutdown[ce1-ge1/0/0]undo portswitch[ce1-ge1/0/0]ip address 192.168.12.1 255.255.255.0[ce1-ge1/0/0]ospf enable 1 area 0	\\端口加入OSPF进程[ce1-ge1/0/0]interface loopback 0 [ce1-loopback1]ip address 1.1.1.1 255.255.255.255[ce1-loopback1]ospf enable 1 area 0[ce1-loopback1]interface g1/0/1[ce1-ge1/0/1]undo shutdown[ce1-ge1/0/1]undo portswitch[ce1-ge1/0/1]ip address 192.168.13.1 255.255.255.255[ce1-ge1/0/1]ospf enable 1 area 0[ce1-ge1/0/1]quit[ce1]commit

CE2：

[ce2]ospf 1 router-id 2.2.2.2[ce2-ospf-1]area 0[ce2-ospf-1-area-0.0.0.0]quit[ce2-ospf-1]quit[ce2]interface  g1/0/0[ce2-ge1/0/0]undo shutdown[ce2-ge1/0/0]undo portswitch[ce2-ge1/0/0]ip address 192.168.12.2 255.255.255.0[ce2-ge1/0/0]ospf enable 1 area 0[ce2-ge1/0/0]interface loopback 0 [ce2-loopback1]ip address 2.2.2.2 255.255.255.255[ce2-loopback1]ospf enable 1 area 0[ce2-loopback1]quit[ce2]commit

CE3：

[ce3]ospf 1 router-id 3.3.3.3[ce3-ospf-1]area 0[ce3-ospf-1-area-0.0.0.0]quit[ce3-ospf-1]quit[ce3]interface  g1/0/0[ce3-ge1/0/0]undo shutdown[ce3-ge1/0/0]undo portswitch[ce3-ge1/0/0]ip address 192.168.13.3 255.255.255.0[ce3-ge1/0/0]ospf enable 1 area 0[ce3-ge1/0/0]interface loopback 0[ce3-loopback1]ip address 3.3.3.3 255.255.255.255[ce3-loopback1]ospf enable 1 area 0[ce3-loopback1]quit[ce3]commit

配置注意点：

1）注意交换机端口默认状态为shutdown，需要手动undo shutdown

ce3上ospf状态查看

3、配置VXLAN隧道

ip tunnel mode vxlan	\\配置隧道模式为vxlanassign forward nvo3 acl extend enable	\\使能vxlan的ACL扩展功能，以防ACL叠加失败

配置注意点：

此处模拟器不支持配置命令，实际环境还是要配置的，配置命令后交换机需要重启。

4、配置LSW1 LSW2

lsw1:

[lsw1]vlan 10[lsw1-vlan10]quit[lsw1]vlan 20[lsw1-vlan20]quit[lsw1]interface  e0/0/2[lsw1-ethernet0/0/2]port link-type access[lsw1-ethernet0/0/2]port default vlan 10[lsw1-ethernet0/0/2]interface  e0/0/3[lsw1-ethernet0/0/3]port link-type access[lsw1-ethernet0/0/3]port default vlan 20[lsw1-ethernet0/0/3]interface  e0/0/1[lsw1-ethernet0/0/1]port link-type trunk[lsw1-ethernet0/0/1]port trunk allow-pass vlan all

lsw2:

[lsw2]vlan 20[lsw2-vlan20]quit[lsw2]interface  e0/0/2[lsw2-ethernet0/0/2]port link-type access[lsw2-ethernet0/0/2]port default vlan 20[lsw2-ethernet0/0/2]interface  e0/0/1[lsw2-ethernet0/0/1]port link-type trunk[lsw2-ethernet0/0/1]port trunk allow-pass vlan all

5、配置VXLAN业务接入点

CE2：

[ce2]vlan 10[ce2-vlan10]quit[ce2]vlan 20[ce2-vlan20]quit[ce2]commit[ce2]bridge-domain 10[ce2-bd10]quit[ce2]bridge-domain 20[ce2-bd20]quit[ce2]interface g1/0/1[ce2-ge1/0/1]undo shutdown 		\\主端口默认shutdown[ce2-ge1/0/1]interface g1/0/1.1 mode l2[ce2-ge1/0/1.1]encapsulation dot1q vid 10	\\配置封装vlan10[ce2-ge1/0/1.1]bridge-domain 10	\\关联BD域[ce2-ge1/0/1.1]interface g1/0/1.2 mode l2[ce2-ge1/0/1.2]encapsulation dot1q vid 20	\\配置封装vlan20[ce2-ge1/0/1.2]bridge-domain 20	\\关联BD域[ce2-ge1/0/1.2]quit[ce2]commit

CE3：

[ce3]vlan 20[ce3-vlan20]quit[ce3]bridge-domain 20[ce3-bd20]quit[ce3]interface g1/0/1[ce3-ge1/0/1]undo shutdown[ce3-ge1/0/1]interface g1/0/1.1 mode l2[ce3-ge1/0/1.1]encapsulation dot1q vid 20[ce3-ge1/0/1.1]bridge-domain 20[ce3-ge1/0/1.1]quit[ce3]commit

6、使能EVPN作为VXLAN控制平面功能

ce1:[ce1]evpn-overlay enable[ce1]commitce2:[ce2]evpn-overlay enable[ce2]commitce3:[ce3]evpn-overlay enable[ce3]commit

7、配置BGP EVPN对等体关系

ce2:

[ce2]bgp 1[ce2-bgp]router-id 2.2.2.2[ce2-bgp]peer 3.3.3.3 as-number 1[ce2-bgp]peeer 3.3.3.3 connect-interface loopback0[ce2-bgp]l2vpn-family evpn[ce2-bgp-af-evpn]peer 3.3.3.3 enable[ce2-bgp-af-evpn]quit[ce2-bgp]quit[ce2]commit

ce3:

[ce3]bgp 1[ce3-bgp]router-id 3.3.3.3[ce3-bgp]peer 2.2.2.2 as-number 1[ce3-bgp]peeer 2.2.2.2 connect-interface 3.3.3.3[ce3-bgp]l2vpn-family evpn[ce3-bgp-af-evpn]peer 2.2.2.2 enable[ce3-bgp-af-evpn]quit[ce3-bgp]quit[ce3]commit

BGP EVPN对等体关系状态查看如下：

8、配置EVPN实例

ce2：

[ce2]bridge-domain 10[ce2-bd10]vxlan vni 1[ce2-bd10]evpn[ce2-bd10-evpn]route-distinguisher 1:1[ce2-bd10-evpn]vpn-target 1:1 both[ce2-bd10-evpn]vpn-target 1:10 export-extcommunity[ce2-bd10-evpn]quit[ce2-bd10]quit[ce2]bridge-domain 20[ce2-bd20]vxlan vni 2[ce2-bd20]evpn[ce2-bd20-evpn]route-distinguisher 1:3[ce2-bd20-evpn]vpn-target 2:2 both[ce2-bd20-evpn]vpn-target 1:10 export-extcommunity[ce2-bd20-evpn]quit[ce2-bd20]quit[ce2]commit

ce3：

[ce3]bridge-domain 20[ce3-bd20]vxlan vni 2[ce3-bd20]evpn[ce3-bd20-evpn]route-distinguisher 1:5[ce3-bd20-evpn]vpn-target 2:2[ce3-bd20-evpn]vpn-target 1:10 export-extcommunity[ce3-bd20-evpn]quit[ce3-bd20]quit[ce3]commit

9、配置头端复制列表

ce2:[ce2]interface nve1[ce2-nve1]source 2.2.2.2[ce2-nve1]vni 1 head-end peer-list protocol bgp[ce2-nve1]vni 2 head-end peer-list protocol bgp[ce2-nve1]quit[ce2]commitce3:[ce3]interface nve1[ce3-nve1]source 3.3.3.3[ce3-nve1]vni 2 head-end peer-list protocol bgp[ce3-nve1]quit[ce3]commit

10、配置VPN实例

CE2:[ce2]ip vpn-instance bd10[ce2-vpn-instance-bd10]vxlan vni 10[ce2-vpn-instance-bd10]ipv4-family[ce2-vpn-instance-bd10-af-ipv4]route-distinguisher 1:2[ce2-vpn-instance-bd10-af-ipv4]vpn-target 1:10 evpn[ce2-vpn-instance-bd10-af-ipv4]quit[ce2-vpn-instance-bd10]quit[ce2]commitCE3:[ce3]ip vpn-instance bd10[ce3-vpn-instance-bd10]vxlan vni 10[ce3-vpn-instance-bd10]ipv4-family[ce3-vpn-instance-bd10-af-ipv4]route-distinguisher 1:6[ce3-vpn-instance-bd10-af-ipv4]vpn-target 1:10 evpn[ce3-vpn-instance-bd10-af-ipv4]quit[ce3-vpn-instance-bd10]quit[ce3]commit

11、配置VBDIF绑定VPN实例

ce2：

[ce2]interface vbdif 10[ce2-vbdif10]ip binding vpn-instance bd10[ce2-vbdif10]ip address 10.1.1.254 255.255.255.0[ce2-vbdif10]vxlan anycast-gateway enable[ce2-vbdif10]arp collect host enable[ce2-vbdif10]quit[ce2]interface vbdif 20[ce2-vbdif20]ip binding vpn-instance bd10[ce2-vbdif20]ip address 10.2.2.254 255.255.255.0[ce2-vbdif20]mac-address 0000-1111-0001    \\实机使用0000-5e00-000X来做虚拟MAC[ce2-vbdif20]vxlan anycast-gateway enable[ce2-vbdif20]arp collect host enable[ce2-vbdif20]quit[ce2]commit

ce3：

[ce3]interface vbdif 20[ce3-vbdif20]ip binding vpn-instance bd10[ce3-vbdif20]ip address 10.2.2.254 255.255.255.0[ce3-vbdif20]mac-address 0000-1111-0001[ce3-vbdif20]vxlan anycast-gateway enable[ce3-vbdif20]arp collect host enable[ce3-vbdif20]quit[ce3]commit

12、配置BGP对等体发布路由类型

ce2[ce2]bgp 1[ce2-bgp]l2vpn-family evpn[ce2-bgp-af-evpn]peer 3.3.3.3 advertise irb[ce2-bgp-af-evpn]quit[ce2-bgp]quit[ce2]commitce3[ce3]bgp 1[ce3-bgp]l2vpn-family evpn[ce3-bgp-af-evpn]peer 2.2.2.2 advertise irb[ce3-bgp-af-evpn]quit[ce3-bgp]quit[ce3]commit