Network topology:
Experimental requirements:
Use evpn to establish a vxlan tunnel between edge1 and edge2, and the edge device acts as the gateway of the terminal. Realize that PC1 and PC2 can communicate with each other. Border, as the reflector of the evpn of edge1, is responsible for the transfer of evpn routes and data forwarding.
Experimental steps:
Step 1: Configure the underlay network and the switching device connected to the terminal
Basic VLAN configuration of S1 and S2
S1:
vlan 10
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10S2:
vlan batch 20
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 20
interface GigabitEthernet0/0/3
port link-type access
port default vlan 20Stalls:
ospf 1
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.12.0 0.0.0.255
network 10.0.23.0 0.0.0.255edge1:
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.12.0 0.0.0.255edge2:
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.0.23.0 0.0.0.255Step 2: Configure the BD domain of the edge node, and bind the vni to the BD domain.
Edge1:
bridge-domain 10
vxlan vni 10edge2:
bridge-domain 20
vxlan vni 20Step 3: Edge configures sub-interfaces and binds different sub-interfaces to different BD domains
Edge1:
interface GE1/0/1
undo shutdown //默认情况下物理接口为down
interface GE1/0/1.10 mode l2 //配置子接口为2层子接口
encapsulation dot1q vid 10 //配置子接口能够处理vlan10的数据
bridge-domain 10//将子接口绑定BD域edge2:
interface GE1/0/1
undo shutdown
interface GE1/0/1.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20Step 5: Configure the neighbor relationship of EVPN
Border:
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0l2vpn-family evpn
undo policy vpn-target //关闭RT检查,由于border 设备并不创建vpn实例,只需要传递evpn的路由信息,需要关闭RT检查,否则将不接收edge设备传递过来的路由信息
peer 1.1.1.1 enable
peer 1.1.1.1 advertise irb
peer 1.1.1.1 reflect-client
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
peer 2.2.2.2 reflect-clientedge1:
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enablebgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enableedge2:
bgp 100
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
l2vpn-family evpn
policy vpn-target
peer 3.3.3.3 enable
peer 3.3.3.3 advertise irbView the evpn neighbor relationship of bgp:
Step 6: Configure the Evpn instance of the BD domain, and configure the RD and RT values
Edge1:
bridge-domain 10
vxlan vni 10 //二层VNI
evpn
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity //RT 10:10用于两端mac route(type2路由的发布和接收)
vpn-target 11:1 export-extcommunity //RT11:1与三层vpn实例的入方向RT对应,主要用于生成vpn实例的全局主机路由
vpn-target 10:10 import-extcommunityedge2:
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 10:11
vpn-target 10:10 export-extcommunity
vpn-target 11:1 export-extcommunity
vpn-target 10:10 import-extcommunityStep 7: Configure ip vpn instance
Edge1:
i
p vpn-instance 1
ipv4-family
route-distinguisher 10:10
vpn-target 11:1 evpn //与BD域的evpn实例出方向RT一致,当设备收到type 2的路由时,如果RT与ip vpn实例的入方向RT一致,则收集其中的arp信息,生成主机路由,并且放在vpn实例路由表中
vxlan vni 1000// 配置三层VNI,用于指定设备收到流量后将数据发往哪一个vpn实例,然后查表转发,主要用于业务隔离edge2:
ip vpn-instance 1
ipv4-family
route-distinguisher 10:10
vpn-target 11:1 evpn
vxlan vni 1000// 配置三层VNI,用于指定设备收到流量后将数据发往哪一个vpn实例,然后查表转发Step 8: Create a VBDIF interface as a gateway for end devices
Edge1:
interface Vbdif10
ip binding vpn-instance 1 //绑定到ip vpn实例1中
ip address 192.168.1.254 255.255.255.0
vxlan anycast-gateway enable //配置此接口为vxlan的多播网关,仅学习主机端的arp信息,不学习网络端的arp信息
arp collect host enable//收集主机的arp信息,即主机上线后,发送的arp信息,将被构建成type2的路由发布给对端edge2:
interface Vbdif20
ip binding vpn-instance 1
ip address 172.16.1.254 255.255.255.0
vxlan anycast-gateway enable
arp collect host enableStep 9: Configure the NVE interface and use evpn to automatically create a vxlan tunnel
Edge1:
interface Nve1
source 1.1.1.1
vni 10 head-end peer-list protocol bgpedge2:
interface Nve1
source 2.2.2.2
vni 20 head-end peer-list protocol bgpView the establishment of the vxlan tunnel
Step 10: Use the host to access the gateway to generate type2 host routing information
View the bgp evpn routing table of edge1
At this time, PC2 also accesses the gateway, and checks the evpn routing table of bgp again
View the details of the arp routing information of PC2
View the routing table of bgp vpn instance 1 of edge1, you can find that the routing information of 172.16.1.1/32 is generated
View the global vpn instance routing table, when the gateway receives the destination ip to 172.16.1.1/32, it will iterate to the vxlan tunnel
PC1 accesses PC2. (Use a PC to access the gateway before testing, and make sure that there are type2 arp information of two PCs on the gateway.
View packet capture results
