vxlan集中式网关实验案例

在这里插入图片描述

Underlay通过OSPF互联，Overlay通过BGP EVPN建立隧道

Leaf1和Leaf2分别与Spine建立IBGP邻居关系，Spine作为路由反射器RR

Leaf1，Leaf2和Spine分别使用lo b接口地址作为VTEP地址和BGP EVPN源地址

Leaf1的VTEP地址为1.1.1.1/32
Leaf2的VTEP地址为2.2.2.2/32
Spine的VTEP地址为3.3.3.3/32

Vlan10的子网范围为192.168.10.0/24，网关地址为192.168.10.1
Vlan20的子网范围为192.168.20.0/24，网关地址为192.168.20.1
网关部署在spine上

Vlan10子网对应的VNI为10
Vlan20子网对应的VNI为20

双方Vlan20子网设备（PC2和PC3）能够直接通过Leaf1和Leaf2建立的VXLAN隧道通信

vlan10中的pc可以ping通vlan 20中的pc，vlan10和20的网关都在最上面核心上面。

spine配置：

evpn-overlay enable

bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:3
vpn-target 10:3 export-extcommunity
vpn-target 10:1 import-extcommunity

bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:3
vpn-target 20:3 export-extcommunity
vpn-target 20:2 import-extcommunity

interface Vbdif10
ip address 192.168.10.1 255.255.255.0

interface Vbdif20
ip address 192.168.20.1 255.255.255.0

interface MEth0/0/0
undo shutdown

interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.12.1 255.255.255.0
ospf network-type p2p

interface GE1/0/1
undo portswitch
undo shutdown
ip address 10.0.13.1 255.255.255.0
ospf network-type p2p

interface LoopBack0
ip address 3.3.3.3 255.255.255.255

interface Nve1
source 3.3.3.3
vni 10 head-end peer-list protocol bgp
vni 20 head-end peer-list protocol bgp

interface NULL0

bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0

ipv4-family unicast
undo peer 1.1.1.1 enable
undo peer 2.2.2.2 enable

l2vpn-family evpn
undo policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client

ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.12.1 0.0.0.0
network 10.0.13.1 0.0.0.0

leaf1节点配置：

evpn-overlay enable

bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:1
vpn-target 10:1 export-extcommunity
vpn-target 10:3 import-extcommunity

bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:1
vpn-target 20:1 export-extcommunity
vpn-target 20:2 import-extcommunity

interface MEth0/0/0
undo shutdown

interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.12.2 255.255.255.0
ospf network-type p2p

interface GE1/0/1
undo shutdown

interface GE1/0/1.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10

interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20

interface LoopBack0
ip address 1.1.1.1 255.255.255.255

interface Nve1
source 1.1.1.1
vni 10 head-end peer-list protocol bgp
vni 20 head-end peer-list protocol bgp

interface NULL0

bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast
undo peer 3.3.3.3 enable

l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable

ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.12.2 0.0.0.0

leaf2节点配置：

evpn-overlay enable

bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:2
vpn-target 20:2 export-extcommunity
vpn-target 20:3 import-extcommunity
vpn-target 20:1 import-extcommunity

interface MEth0/0/0
undo shutdown

interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.13.3 255.255.255.0
ospf network-type p2p

interface GE1/0/1
undo shutdown

interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20

interface LoopBack0
ip address 2.2.2.2 255.255.255.255

interface Nve1
source 2.2.2.2
vni 20 head-end peer-list protocol bgp

interface NULL0

bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0

ipv4-family unicast
undo peer 3.3.3.3 enable

l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable

ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.13.3 0.0.0.0

查看双方vxlan隧道建立
在这里插入图片描述

在这里插入图片描述

pc1和网关及其它vlan通信测试ping测试
注意：因为ENSP存在BUG，当一个bridge-domain下存在2个import方向的RT值时，无法正常工作，所以我们需要在Leaf2上删除掉同子网通信的IRT值再测试才行，把红色那条先undo掉再测试
在这里插入图片描述