利用盛科设备搭建BGP+EVPN实现VXLAN二层通道
source link: https://blog.51cto.com/Gzy90/5333973
Go to the source link to view the article. You can view the picture content, updated content and better typesetting reading experience. If the link is broken, please click the button below to view the snapshot at that time.
利用盛科设备搭建BGP+EVPN实现VXLAN二层通道
原创1:拓扑图
拓扑说明,上海,深圳节点是ISP运营商的专用节点,之间有骨干专线打通,中间利用ospf,bgp及EVPN协议建立对应的邻居。
两边客户就近接入对应pop点,两个节点通过ISP提供的VXLAN 二层网络实现互通。 如果要三点之间互通,只要三点的VNI一致就行,这个实验只用两点来测试。
2:IP,VNI 设计:
上海--深圳 pop 骨干IP
上海骨干端口eth-0-39 ,IP:10.100.100.17/30 Loopback0: 10.252.252.14/32
深圳骨干端口eth-0-38 ,IP:10.100.100.18/30 Loopback0: 10.252.252.12/32
上海 Loopback0:10.252.252.14/32
深圳 Loopback0:10.252.252.12/32
上海接客户端: eth-0-1,端口配置Q-IN-Q,VLAN 900
深圳接客户端: eth-0-1, 端口配置Q-IN-Q,VLAN 901
C-上海,C-深圳客户这条专线使用的VNI号为:4009001
C-上海 IP:10.20.6.78/30
C-深圳 IP:10.20.6.77/30
3:配置部分
3.1 上海 pop底层配置
骨干接口配置:
interface eth-0-39
description 上海-深圳
no switchport
mtu 9216
vxlan uplink enable // 骨干需要开启vxlan
ip address 10.100.100.17/30
ip ospf authentication-key 8 8c1639d31407a450
ip ospf cost 120
ip ospf bfd
bfd interval mintx 300 minrx 300 multiplier 3
ospf部分配置,
router ospf 10
redistribute connected metric-type 1 route-map rf--RE-CONNECTED
area 0 authentication message-digest
router-id 10.252.252.14
network 10.100.100.17 0.0.0.0 area 0
BGP 部分配置:
router bgp 133012
bgp router-id 10.252.252.14
bgp always-compare-med
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor RSVR-VPN peer-group
neighbor RSVR-VPN remote-as 133012
neighbor RSVR-VPN update-source loopback0
neighbor 10.252.252.12 peer-group RSVR-VPN
3.2 深圳 pop底层配置
骨干接口配置:
interface eth-0-38
description 深圳-上海
no switchport
mtu 9216
vxlan uplink enable // 骨干需要开启vxlan
ip address 10.100.100.18/30
ip ospf authentication-key 8 8c1639d31407a450
ip ospf cost 120
ip ospf bfd
bfd interval mintx 300 minrx 300 multiplier 3
router ospf 10
router-id 10.252.252.12
redistribute connected metric-type 1 route-map rf--RE-CONNECTED
area 0 authentication message-digest
network 10.100.100.18 0.0.0.0 area 0
BGP +EVPN部分配置:
router bgp 133012
bgp router-id 10.252.252.12
bgp always-compare-med
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor RSVR-VPN peer-group
neighbor RSVR-VPN remote-as 133012
neighbor RSVR-VPN update-source loopback0
neighbor 10.252.252.14 peer-group RSVR-VPN
3.3 两边设备配置客户端接口vlan及VXLAN相关配置
3.3.1 上海pop端
VLAN 配置
vlan database
vlan 901 name test
vlan 901 overlay enable //需要开启overlay功能
overlay
vlan 901 vni 4009001 // overlay 中VLAN 900关联vni 号
配置nve组
interface nve1
keep-vlan-tag enable
source 10.252.252.14
member vni 4009001 //将vni 4009001关联到nve1里面
配置EVPN
vni 4009001
rd 400:900
route-target both 400:900
router bgp 133012
address-family l2vpn evpn
retain route-target all
neighbor RSVR-VPN activate
neighbor RSVR-VPN send-community both
neighbor 10.252.252.12 activate
接C-上海客户端口配置
interface eth-0-1
description to C-上海
switchport mode dot1q-tunnel
switchport dot1q-tunnel native vlan 901
switchport dot1q-tunnel allowed vlan add 901
switchport dot1q-tunnel allowed vlan remove 1
3.3.2 深圳pop端配置
VLAN 配置
vlan database
vlan 900 name test
vlan 900 overlay enable //需要开启overlay功能
overlay
vlan 900 vni 4009001 // overlay 中VLAN 900关联vni 号
配置nve组
interface nve1
keep-vlan-tag enable
source 10.252.252.12
member vni 4009001 //将vni 4009001关联到nve1里面
配置EVPN
vni 4009001
rd 400:900
route-target import 400:900
router bgp 133012
address-family l2vpn evpn
retain route-target all
neighbor RSVR-VPN activate
neighbor RSVR-VPN send-community both
neighbor 10.252.252.14 activate
接C-深圳客户端口配置
interface eth-0-1
description to C-深圳
load-interval 30
switchport mode dot1q-tunnel
switchport dot1q-tunnel native vlan 900
switchport dot1q-tunnel allowed vlan add 1,900
switchport dot1q-tunnel allowed vlan remove 1
4:检查状态
sha-ctc1# show vlan 901
VLAN ID Name State STP ID Member ports
(u)-Untagged, (t)-Tagged
======= =============================== ======= ======= ===========
901 test ACTIVE 0 eth-0-1(u)
VxLAN: 10.252.252.14->10.252.252.12
# show bgp evpn vni 4009001 //查看evpn信息
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 400:900 (L2VNI 4009001)
*> [2]:[0]:[48]:[4c5e.0c3c.4861]:[32]:[0.0.0.0]/136 //C-上海端mac地址
10.252.252.14 32768 i
*>i[2]:[0]:[48]:[4c5e.0c3e.c01e]:[32]:[0.0.0.0]/136 //C-深圳端mac地址
10.252.252.12 100 0 i
*>i[3]:[0]:[32]:[10.252.252.12]/80
10.252.252.12 100 0 i
*> [3]:[0]:[32]:[10.252.252.14]/80
10.252.252.14 32768 i
# szb-ctc1# show vlan 900
VLAN ID Name State STP ID Member ports
(u)-Untagged, (t)-Tagged
======= =============================== ======= ======= ===========
900 test ACTIVE 0 eth-0-1(u)
VxLAN: 10.252.252.12->10.252.252.14
# show bgp evpn vni 4009001
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 400:900 (L2VNI 4009001)
*>i[2]:[0]:[48]:[4c5e.0c3c.4861]:[32]:[0.0.0.0]/136 //C-上海端mac地址
10.252.252.14 100 0 i
*> [2]:[0]:[48]:[4c5e.0c3e.c01e]:[32]:[0.0.0.0]/136 //C-深圳端mac地址
10.252.252.12 32768 i
*> [3]:[0]:[32]:[10.252.252.12]/80
10.252.252.12 32768 i
*>i[3]:[0]:[32]:[10.252.252.14]/80
10.252.252.14 100 0 i
5:测试连通性
C-上海 --> C-深圳
> ping 10.210.6.77 src-address=10.210.6.78 count=5
SEQ HOST SIZE TTL TIME STATUS
0 10.210.6.77 56 64 23ms
1 10.210.6.77 56 64 23ms
2 10.210.6.77 56 64 23ms
3 10.210.6.77 56 64 23ms
4 10.210.6.77 56 64 23ms
sent=5 received=5 packet-loss=0% min-rtt=23ms avg-rtt=23ms max-rtt=23ms
注:有那边有错误请指出,谢谢。
Recommend
About Joyk
Aggregate valuable and interesting links.
Joyk means Joy of geeK