H3C S6800 EVPN分布式VXLAN IP网关典型配置.docx
《H3C S6800 EVPN分布式VXLAN IP网关典型配置.docx》由会员分享,可在线阅读,更多相关《H3C S6800 EVPN分布式VXLAN IP网关典型配置.docx(18页珍藏版)》请在冰豆网上搜索。
H3CS6800EVPN分布式VXLANIP网关典型配置
功能需求
· PCA、PCB分别模拟不同站点的主机;
· PCA和PCB处在不同VXLAN;
· S6800A和S6800B作为分布式EVPNVXLAN网关设备;
· S6800C作为RR设备负责反射BGP路由;
· 通过配置分布式EVPN网关实现不同VXLAN之间的三层互通;
组网信息及描述
配置步骤
1、配置PC的IP地址
分别配置PCA和PCBIP地址为10.1.1.1与20.1.1.1其网关分别是10.1.1.254/24、20.1.1.254/24、30.1.1.254/24
2、配置S6800A交换机
步骤一:
配置VXLAN的硬件资源模式(需重启设备生效)。
system-view
[H3C]hardware-resourcevxlanl3gw8k
步骤二:
配置VLAN10、13,PCA连接端口属于VLAN10,S6800A与S6800C互联口属于VLAN13
[H3C]vlan10
[H3C-vlan10]quit
[H3C]vlan13
[H3C-vlan13]quit
[H3C]interfaceTen-GigabitEthernet1/0/10
[H3C-Ten-GigabitEthernet1/0/10]portaccessvlan10
[H3C]interfaceTen-GigabitEthernet1/0/2
[H3C-Ten-GigabitEthernet1/0/2]portaccessvlan13
步骤三:
创建Loopback1接口
[H3C]interfaceLoopBack1
[H3C-LoopBack1]ipaddress1.1.1.132
步骤四:
创建vlan13虚接口
[H3C]interfaceVlan-interface13
[H3C-Vlan-interface13]ipaddress13.1.1.130
步骤五:
配置OSPF,使得设备之间IP可达
[H3C]ospf1
[H3C-ospf-1]area0
[H3C-ospf-1-area-0.0.0.0]network13.1.1.00.0.0.3
[H3C-ospf-1-area-0.0.0.0]network1.1.1.10.0.0.0
步骤六:
开启L2VPN功能
[H3C]l2vpnenable
步骤七:
关闭远端MAC地址和远端ARP自动学习功能
[H3C]vxlantunnelmac-learningdisable
[H3C]vxlantunnelarp-learningdisable
步骤八:
创建VSI,并进入VSI视图(这里1和2即创建的VSI名称),并分别关联VXLAN100和200
[H3C]vsi1
[H3C-vsi-1]vxlan100
[H3C-vsi-1-vxlan-100]quit
[H3C-vsi-1]quit
[H3C]vsi2
[H3C-vsi-2]vxlan200
[H3C-vsi-2-vxlan-200]quit
[H3C-vsi-2]quit
步骤九:
在VSI实例1下创建EVPN实例,并配置自动生成EVPN实例的RD和RT
[H3C]vsi1
[H3C-vsi-1]evpnencapsulationvxlan
[H3C-vsi-1-evpn-vxlan]route-distinguisherauto
[H3C-vsi-1-evpn-vxlan]vpn-targetauto
[H3C-vsi-1-evpn-vxlan]quit
步骤十:
在VSI实例2下创建EVPN实例,并配置自动生成EVPN实例的RD和RT
[H3C]vsi2
[H3C-vsi-2]evpnencapsulationvxlan
[H3C-vsi-2-evpn-vxlan]route-distinguisherauto
[H3C-vsi-2-evpn-vxlan]vpn-targetauto
[H3C-vsi-2-evpn-vxlan]quit
步骤十一:
配置BGP发布EVPN路由
[H3C]bgp100
[H3C-bgp-default]peer3.3.3.3as-number100
[H3C-bgp-default]peer3.3.3.3connect-interfaceLoopBack1
[H3C-bgp-default]address-familyl2vpnevpn
[H3C-bgp-default-evpn]peer3.3.3.3enable
步骤十二:
创建以太网服务实例1及配置封装模式,并使其与VSI关联
[H3C]interfaceTen-GigabitEthernet1/0/10
[H3C-Ten-GigabitEthernet1/0/10]service-instance1
[H3C-Ten-GigabitEthernet1/0/10-srv1]encapsulations-vid10
[H3C-Ten-GigabitEthernet1/0/10-srv1]xconnectvsi1
步骤十三:
配置L3VNI的RD和RT
[H3C]ipvpn-instance1
[H3C-vpn-instance-1]route-distinguisher1:
1
[H3C-vpn-instance-1]address-familyipv4
[H3C-vpn-ipv4-1]vpn-target2:
2
[H3C-vpn-ipv4-1]quit
[H3C-vpn-instance-1]address-familyevpn
[H3C-vpn-evpn-1]vpn-target1:
1
[H3C-vpn-evpn-1]quit
[H3C-vpn-instance-1]quit
步骤十四:
创建VSI虚接口VSI-interface1,并为其配置IP地址和MAC地址,该IP地址作为VXLAN100内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[H3C]interfaceVsi-interface1
[H3C-Vsi-interface1]ipbindingvpn-instance1
[H3C-Vsi-interface1]ipaddress10.1.1.25424
[H3C-Vsi-interface1]mac-address0001-0001-0001
[H3C-Vsi-interface1]local-proxy-arpenable
[H3C-Vsi-interface1]distributed-gatewaylocal
[H3C-Vsi-interface1]quit
步骤十五:
创建VSI虚接口VSI-interface2,并为其配置IP地址和MAC地址,该IP地址作为VXLAN200内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[H3C]interfaceVsi-interface2
[H3C-Vsi-interface2]ipbindingvpn-instance1
[H3C-Vsi-interface2]ipaddress20.1.1.25424
[H3C-Vsi-interface2]mac-address0002-0002-0002
[H3C-Vsi-interface2]local-proxy-arpenable
[H3C-Vsi-interface2]distributed-gatewaylocal
[H3C-Vsi-interface2]quit
步骤十六:
创建VSI虚接口VSI-interface3,在该接口上配置VPN实例1对应的L3VNI为1
[H3C]interfaceVsi-interface3
[H3C-Vsi-interface3]ipbindingvpn-instance1
[H3C-Vsi-interface3]l3-vni1
[H3C-Vsi-interface3]quit
步骤十七:
配置VXLAN100所在的VSI实例和接口VSI-interface1关联。
[H3C]vsi1
[H3C-vsi-1]gatewayvsi-interface1
步骤十八:
配置VXLAN200所在的VSI实例和接口VSI-interface2关联。
[H3C]vsi2
[H3C-vsi-2]gatewayvsi-interface2
3、配置S6800B交换机
步骤一:
配置VXLAN的硬件资源模式(需重启设备生效)。
system-view
[H3C]hardware-resourcevxlanl3gw8k
步骤二:
配置VLAN20、23,PCB连接端口属于VLAN20,S6800B与S6800C互联口属于vlan23
system-view
[H3C]vlan20
[H3C-vlan20]quit
[H3C]vlan23
[H3C-vlan123]quit
[H3C]interfaceTen-GigabitEthernet1/0/20
[H3C-Ten-GigabitEthernet1/0/20]portaccessvlan20
[H3C]interfaceTen-GigabitEthernet1/0/3
[H3C-Ten-GigabitEthernet1/0/3]portaccessvlan23
步骤三:
创建loopback1接口
[H3C]interfaceLoopBack1
[H3C-LoopBack1]ipaddress2.2.2.232
步骤四:
创建VLAN23虚接口
[H3C]interfaceVlan-interface23
[H3C-Vlan-interface23]ipaddress23.1.1.130
步骤五:
配置OSPF,使得两台设备之间IP可达
[H3C]ospf1
[H3C-ospf-1]area0
[H3C-ospf-1-area-0.0.0.0]network23.1.1.00.0.0.3
[H3C-ospf-1-area-0.0.0.0]network2.2.2.20.0.0.0
步骤六:
开启L2VPN功能
[H3C]l2vpnenable
步骤七:
关闭远端MAC地址和远端ARP自动学习功能
[H3C]vxlantunnelmac-learningdisable
[H3C]vxlantunnelarp-learningdisable
步骤八:
创建VSI,并进入VSI视图(这里1和2即创建的VSI名称),并分别关联VXLAN100和200
[H3C]vsi1
[H3C-vsi-1]vxlan100
[H3C-vsi-1-vxlan-100]quit
[H3C-vsi-1]quit
[H3C]vsi2
[H3C-vsi-2]vxlan200
[H3C-vsi-2-vxlan-200]quit
[H3C-vsi-2]quit
步骤九:
在VSI实例1下创建EVPN实例,并配置自动生成EVPN实例的RD和RT
[H3C]vsi1
[H3C-vsi-1]evpnencapsulationvxlan
[H3C-vsi-1-evpn-vxlan]route-distinguisherauto
[H3C-vsi-1-evpn-vxlan]vpn-targetauto
[H3C-vsi-1-evpn-vxlan]quit
步骤十:
在VSI实例2下创建EVPN实例,并配置自动生成EVPN实例的RD和RT
[H3C]vsi2
[H3C-vsi-2]evpnencapsulationvxlan
[H3C-vsi-2-evpn-vxlan]route-distinguisherauto
[H3C-vsi-2-evpn-vxlan]vpn-targetauto
[H3C-vsi-2-evpn-vxlan]quit
步骤十一:
配置BGP发布EVPN路由
[H3C]bgp100
[H3C-bgp-default]peer3.3.3.3as-number100
[H3C-bgp-default]peer3.3.3.3connect-interfaceLoopBack1
[H3C-bgp-default]address-familyl2vpnevpn
[H3C-bgp-default-evpn]peer3.3.3.3enable
步骤十二:
创建以太网服务实例2及配置封装模式,并使其与VSI关联
[H3C]interfaceTen-GigabitEthernet1/0/20
[H3C-Ten-GigabitEthernet1/0/20]service-instance1
[H3C-Ten-GigabitEthernet1/0/20-srv1]encapsulations-vid20
[H3C-Ten-GigabitEthernet1/0/20-srv1]xconnectvsi2
步骤十三:
配置L3VNI的RD和RT
[H3C]ipvpn-instance1
[H3C-vpn-instance-1]route-distinguisher1:
1
[H3C-vpn-instance-1]address-familyipv4
[H3C-vpn-ipv4-1]vpn-target2:
2
[H3C-vpn-ipv4-1]quit
[H3C-vpn-instance-1]address-familyevpn
[H3C-vpn-evpn-1]vpn-target1:
1
[H3C-vpn-evpn-1]quit
[H3C-vpn-instance-1]quit
步骤十四:
创建VSI虚接口VSI-interface1,并为其配置IP地址和MAC地址,该IP地址作为VXLAN100内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[H3C]interfaceVsi-interface1
[H3C-Vsi-interface1]ipbindingvpn-instance1
[H3C-Vsi-interface1]ipaddress10.1.1.25424
[H3C-Vsi-interface1]mac-address0001-0001-0001
[H3C-Vsi-interface1]local-proxy-arpenable
[H3C-Vsi-interface1]distributed-gatewaylocal
[H3C-Vsi-interface1]quit
步骤十五:
创建VSI虚接口VSI-interface2,并为其配置IP地址和MAC地址,该IP地址作为VXLAN200内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。
[H3C]interfaceVsi-interface2
[H3C-Vsi-interface2]ipbindingvpn-instance1
[H3C-Vsi-interface2]ipaddress20.1.1.25424
[H3C-Vsi-interface2]mac-address0002-0002-0002
[H3C-Vsi-interface2]local-proxy-arpenable
[H3C-Vsi-interface2]distributed-gatewaylocal
[H3C-Vsi-interface2]quit
步骤十六:
创建VSI虚接口VSI-interface3,在该接口上配置VPN实例1对应的L3VNI为1
[H3C]interfaceVsi-interface3
[H3C-Vsi-interface3]ipbindingvpn-instance1
[H3C-Vsi-interface3]l3-vni1
[H3C-Vsi-interface3]quit
步骤十七:
配置VXLAN100所在的VSI实例和接口VSI-interface1关联。
[H3C]vsi1
[H3C-vsi-1]gatewayvsi-interface1
步骤十八:
配置VXLAN200所在的VSI实例和接口VSI-interface2关联。
[H3C]vsi2
[H3C-vsi-2]gatewayvsi-interface2
4、配置S6800C交换机
步骤一:
配置VLAN13、23,S6800C与S6800A互联口属于vlan13、S6800C与S6800B互联口属于vlan23
[H3C]vlan13
[H3C-vlan13]quit
[H3C]vlan23
[H3C-vlan23]quit
[H3C]interfaceTen-GigabitEthernet1/0/2
[H3C-Ten-GigabitEthernet1/0/2]portaccessvlan13
[H3C]interfaceTen-GigabitEthernet1/0/3
[H3C-Ten-GigabitEthernet1/0/3]portaccessvlan23
步骤二:
创建loopback1接口
[H3C]interfaceLoopBack1
[H3C-LoopBack1]ipaddress3.3.3.332
步骤三:
创建vlan13、VLAN23虚接口
[H3C]interfaceVlan-interface13
[H3C-Vlan-interface13]ipaddress13.1.1.230
[H3C]interfaceVlan-interface23
[H3C-Vlan-interface23]ipaddress23.1.1.230
步骤四:
配置OSPF,使得两台设备之间IP可达
[H3C]ospf1
[H3C-ospf-1]area0
[H3C-ospf-1-area-0.0.0.0]network23.1.1.00.0.0.3
[H3C-ospf-1-area-0.0.0.0]network13.1.1.00.0.0.3
[H3C-ospf-1-area-0.0.0.0]network3.3.3.30.0.0.0
步骤五:
配置BGP分别与S6800A、S6800B建立BGP连接
[H3C]bgp100
[H3C-bgp-default]groupevpninternal
[H3C-bgp-default]peerevpnconnect-interfaceLoopBack1
[H3C-bgp-default]peer1.1.1.1groupevpn
[H3C-bgp-default]peer2.2.2.2groupevpn
[H3C-bgp-default]address-familyl2vpnevpn
[H3C-bgp-default-evpn]undopolicyvpn-target
[H3C-bgp-default-evpn]peerevpnenable
步骤六:
配置S6800C为路由反射器
[H3C-bgp-default-evpn]peerevpnreflect-client
[H3C-bgp-default-evpn]quit
[H3C-bgp-default]quit
5、配置完成后的结果检验
步骤一:
查看设备Tunnel接口状态及信息
displayinterfaceTunnel
Tunnel0
Currentstate:
UP
Lineprotocolstate:
UP
Description:
Tunnel0Interface
Bandwidth:
64kbps
Maximumtransmissionunit:
1464
Internetprotocolprocessing:
Disabled
Lastclearingofcounters:
Never
Tunnelsource1.1.1.1,destination2.2.2.2
Tunnelprotocol/transportUDP_VXLAN/IP
Last300secondsinputrate:
0bytes/sec,0bits/sec,0packets/sec
Last300secondsoutputrate:
0bytes/sec,0bits/sec,0packets/sec
Input:
12packets,684bytes,0drops
Output:
41packets,2370bytes,0drops
步骤二:
查看设备VSI虚接口信息
displayinterfaceVsi-interface
Vsi-interface1
Currentstate:
UP
Lineprotocolstate:
UP
Description:
Vsi-interface1Interface
Bandwidth:
1000000kbps
Maximumtransmissionunit:
1500
Internetaddress:
10.1.1.254/24(primary)
IPpacketframetype:
EthernetII,hardwareaddress:
0001-0001-0001
IPv6packetframetype:
EthernetII,hardwareaddress:
0001-0001-0001
Physical:
Unknown,baudrate:
1000000kbps
Lastclearingofcounters:
Never
Last300secondsinputrate:
0bytes/sec,0bits/sec,0packets/sec
Last300secondsoutputrate:
0bytes/sec,0bits/sec,0packets/sec
Input:
0packets,0bytes,0drops
Output:
221376packets,16128896bytes,0drops
Vsi-interface2
Currentstate:
UP
Lineprotocolstate:
UP
Description:
Vsi-interface2In
升级会员 