实验二 EVPN+VXLAN 分布式网关
实验二 EVPN+VXLAN 分布式网关
运维小路
发布于 2024-11-01 20:15:51
发布于 2024-11-01 20:15:51
代码可运行
运行总次数:0
代码可运行
实验目的
通过evpn + vxlan 自动建立隧道,实现不同资源池的租户三层互通。
实验环境
华三HCL 模拟器,两台6850(sw1,sw2)当做RR(路由反射器),两台6850(sw3,sw4)当做VXLAN网关,两台5820(sw5,sw6)当做终端接入
拓扑如下:
配置步骤
1、SW1,SW2,SW3,SW4 之间配置通过ospf 互联
2、SW3,SW4 分别与SW1,SW2 建立BGP EVPN 邻居
3、配置VSI,并关联VXLAN ID
4、配置三层VSI接口,配置网关,并关联到vsi中
5、配置SW3,SW4,SW5,SW6接入交换机端口
6、测试PC二层互通,三层互通
步骤1 SW1,SW2,SW3,SW4 之间配置通过ospf 互联 配置如下
sysname sw1
int lo 0
ip add 1.1.1.1 32
quit
int gi 1/0/1
port link-mode route
y
ip add 172.13.1.1 24
quit
int gi 1/0/2
port link-mode route
y
ip add 172.14.1.1 24
quit
ospf 1 router-id 1.1.1.1
area 0
network 172.13.1.1 0.0.0.0
network 172.14.1.1 0.0.0.0
network 1.1.1.1 0.0.0.0
quit
sw2
sysname sw2
int lo 0
ip add 2.2.2.2 32
quit
int gi 1/0/1
port link-mode route
y
ip add 172.24.1.1 24
quit
int gi 1/0/2
port link-mode route
y
ip add 172.23.1.1 24
quit
ospf 1 router-id 2.2.2.2
area 0
network 172.24.1.1 0.0.0.0
network 172.23.1.1 0.0.0.0
network 2.2.2.2 0.0.0.0
quit
sw3
sysname sw3
int lo 0
ip add 3.3.3.3 32
quit
int gi 1/0/1
port link-mode route
y
ip add 172.13.1.2 24
quit
int gi 1/0/2
port link-mode route
y
ip add 172.23.1.2 24
quit
ospf 1 router-id 3.3.3.3
area 0
network 172.13.1.2 0.0.0.0
network 172.23.1.2 0.0.0.0
network 3.3.3.3 0.0.0.0
quit
sw4
sysname sw4
int lo 0
ip add 4.4.4.4 32
quit
int gi 1/0/1
port link-mode route
y
ip add 172.24.1.2 24
quit
int gi 1/0/2
port link-mode route
y
ip add 172.14.1.2 24
quit
ospf 1 router-id 4.4.4.4
area 0
network 172.14.1.2 0.0.0.0
network 172.24.1.2 0.0.0.0
network 4.4.4.4 0.0.0.0
quitOSPF 状态
步骤2 SW3,SW4 分别与SW1,SW2 建立BGP EVPN 邻居
sw1
bgp 100
peer 3.3.3.3 as 100
peer 3.3.3.3 con lo 0
peer 4.4.4.4 as 100
peer 4.4.4.4 con lo 0
address-family l2vpn evpn
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
undo policy vpn-target
quit
sw2
bgp 100
peer 3.3.3.3 as 100
peer 3.3.3.3 con lo 0
peer 4.4.4.4 as 100
peer 4.4.4.4 con lo 0
address-family l2vpn evpn
peer 3.3.3.3 enable
peer 3.3.3.3 reflect-client
peer 4.4.4.4 enable
peer 4.4.4.4 reflect-client
undo policy vpn-target
quit
sw3
bgp 100
peer 1.1.1.1 as 100
peer 1.1.1.1 con lo 0
peer 2.2.2.2 as 100
peer 2.2.2.2 con lo 0
address-l2vpn evpn
peer 1.1.1.1 enable
peer 2.2.2.2 enable
quit
sw4
bgp 100
peer 1.1.1.1 as 100
peer 1.1.1.1 con lo 0
peer 2.2.2.2 as 100
peer 2.2.2.2 con lo 0
address-family l2vpn evpn
peer 1.1.1.1 enable
peer 2.2.2.2 enable
EVPN 状态
步骤3 配置VSI,并关联VXLAN ID
sw3/sw4 配置相同
l2vpn enable
vxlan tun mac-lea disable
vxlan tun arp-lear disable
vsi vpna
vxlan 10
quit
evpn enc vxlan
route-dis 10:10
vpn-target 10:10
vsi vpnb
vxlan 20
quit
evpn enc vxlan
route-dis 20:20
vpn-target 20:20VXLAN 隧道状态
步骤4 配置三层VSI接口,配置网关,并关联到vsi中
sw3/sw4 配置相同
ip vpn-instance l3vpna
route-dis 100:100
address-family ipv4
vpn-target 1:1
address-family evpn
vpn-target 2:2
int vsi-interface 1
ip binding vpn-instance l3vpna
ip add 172.16.1.254 255.255.255.0
mac-address 1-1-1
distributed-gateway local
local-proxy-arp enable
quit
int vsi-interface 2
ip binding vpn-instance l3vpna
ip add 172.16.2.254 255.255.255.0
mac-address 2-2-2
distributed-gateway local
local-proxy-arp enable
quit
int vsi-interface 3
ip binding vpn-instance l3vpna
l3-vni 1000 // 关联三层VNI
quit
vsi vpna
gateway vsi-interface 1
quit
vsi vpnb
gateway vsi-interface 2
quitvsi 三层接口状态
步骤5 配置SW3,SW4,SW5,SW6接入交换机端口
sw3/sw4
vlan 10
vlan 20
int gi 1/0/3
port link-type trunk
port trunk permit vlan all
vtep access port
service-instance 10
encapsulation s-vid 10
xconnect vsi vpna
service-instance 20
encapsulation s-vid 20
xconnect vsi vpnb
sw5 /sw6
vlan 10
vlan 20
int gi 1/0/3
port link-type trunk
port trunk permit vlan all
quit
int gi 1/0/1
port link-type access
port access vlan 10
quit
int gi 1/0/2
port link-type access
port access vlan 20
quit
步骤6 测试PC二层互通,三层互通
二层互通
三层互通
以上 ,二层三层都能ping 通,实现相同vlan 的租户二层互通,不同vlan的租户三层互通。
本文参与 腾讯云自媒体同步曝光计划,分享自微信公众号。
原始发表:2024-10-07,如有侵权请联系 cloudcommunity@tencent.com 删除
评论
登录后参与评论
推荐阅读
腾讯云开发者
