利用盛科设备搭建BGP+EVPN实现VXLAN二层通道
Posted 赚钱养神兽
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了利用盛科设备搭建BGP+EVPN实现VXLAN二层通道相关的知识,希望对你有一定的参考价值。
1:拓扑图
拓扑说明,上海,深圳节点是ISP运营商的专用节点,之间有骨干专线打通,中间利用ospf,bgp及EVPN协议建立对应的邻居。
两边客户就近接入对应pop点,两个节点通过ISP提供的VXLAN 二层网络实现互通。 如果要三点之间互通,只要三点的VNI一致就行,这个实验只用两点来测试。
2:IP,VNI 设计:
上海--深圳 pop 骨干IP
上海骨干端口eth-0-39 ,IP:10.100.100.17/30 Loopback0: 10.252.252.14/32
深圳骨干端口eth-0-38 ,IP:10.100.100.18/30 Loopback0: 10.252.252.12/32
上海 Loopback0:10.252.252.14/32
深圳 Loopback0:10.252.252.12/32
上海接客户端: eth-0-1,端口配置Q-IN-Q,VLAN 900
深圳接客户端: eth-0-1, 端口配置Q-IN-Q,VLAN 901
C-上海,C-深圳客户这条专线使用的VNI号为:4009001
C-上海 IP:10.20.6.78/30
C-深圳 IP:10.20.6.77/30
3:配置部分
3.1 上海 pop底层配置
骨干接口配置:
interface eth-0-39
description 上海-深圳
no switchport
mtu 9216
vxlan uplink enable // 骨干需要开启vxlan
ip address 10.100.100.17/30
ip ospf authentication-key 8 8c1639d31407a450
ip ospf cost 120
ip ospf bfd
bfd interval mintx 300 minrx 300 multiplier 3
ospf部分配置,
router ospf 10
redistribute connected metric-type 1 route-map rf--RE-CONNECTED
area 0 authentication message-digest
router-id 10.252.252.14
network 10.100.100.17 0.0.0.0 area 0
BGP 部分配置:
router bgp 133012
bgp router-id 10.252.252.14
bgp always-compare-med
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor RSVR-VPN peer-group
neighbor RSVR-VPN remote-as 133012
neighbor RSVR-VPN update-source loopback0
neighbor 10.252.252.12 peer-group RSVR-VPN
3.2 深圳 pop底层配置
骨干接口配置:
interface eth-0-38
description 深圳-上海
no switchport
mtu 9216
vxlan uplink enable // 骨干需要开启vxlan
ip address 10.100.100.18/30
ip ospf authentication-key 8 8c1639d31407a450
ip ospf cost 120
ip ospf bfd
bfd interval mintx 300 minrx 300 multiplier 3
router ospf 10
router-id 10.252.252.12
redistribute connected metric-type 1 route-map rf--RE-CONNECTED
area 0 authentication message-digest
network 10.100.100.18 0.0.0.0 area 0
BGP +EVPN部分配置:
router bgp 133012
bgp router-id 10.252.252.12
bgp always-compare-med
no bgp default ipv4-unicast
bgp log-neighbor-changes
neighbor RSVR-VPN peer-group
neighbor RSVR-VPN remote-as 133012
neighbor RSVR-VPN update-source loopback0
neighbor 10.252.252.14 peer-group RSVR-VPN
3.3 两边设备配置客户端接口vlan及VXLAN相关配置
3.3.1 上海pop端
VLAN 配置
vlan database
vlan 901 name test
vlan 901 overlay enable //需要开启overlay功能
overlay
vlan 901 vni 4009001 // overlay 中VLAN 900关联vni 号
配置nve组
interface nve1
keep-vlan-tag enable
source 10.252.252.14
member vni 4009001 //将vni 4009001关联到nve1里面
配置EVPN
evpn
vni 4009001
rd 400:900
route-target both 400:900
router bgp 133012
address-family l2vpn evpn
retain route-target all
neighbor RSVR-VPN activate
neighbor RSVR-VPN send-community both
neighbor 10.252.252.12 activate
接C-上海客户端口配置
interface eth-0-1
description to C-上海
switchport mode dot1q-tunnel
switchport dot1q-tunnel native vlan 901
switchport dot1q-tunnel allowed vlan add 901
switchport dot1q-tunnel allowed vlan remove 1
3.3.2 深圳pop端配置
VLAN 配置
vlan database
vlan 900 name test
vlan 900 overlay enable //需要开启overlay功能
overlay
vlan 900 vni 4009001 // overlay 中VLAN 900关联vni 号
配置nve组
interface nve1
keep-vlan-tag enable
source 10.252.252.12
member vni 4009001 //将vni 4009001关联到nve1里面
配置EVPN
evpn
vni 4009001
rd 400:900
route-target import 400:900
router bgp 133012
address-family l2vpn evpn
retain route-target all
neighbor RSVR-VPN activate
neighbor RSVR-VPN send-community both
neighbor 10.252.252.14 activate
接C-深圳客户端口配置
interface eth-0-1
description to C-深圳
load-interval 30
switchport mode dot1q-tunnel
switchport dot1q-tunnel native vlan 900
switchport dot1q-tunnel allowed vlan add 1,900
switchport dot1q-tunnel allowed vlan remove 1
4:检查状态
上海:
sha-ctc1# show vlan 901
VLAN ID Name State STP ID Member ports
(u)-Untagged, (t)-Tagged
======= =============================== ======= ======= ===========
901 test ACTIVE 0 eth-0-1(u)
VxLAN: 10.252.252.14->10.252.252.12
# show bgp evpn vni 4009001 //查看evpn信息
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 400:900 (L2VNI 4009001)
*> [2]:[0]:[48]:[4c5e.0c3c.4861]:[32]:[0.0.0.0]/136 //C-上海端mac地址
10.252.252.14 32768 i
*>i[2]:[0]:[48]:[4c5e.0c3e.c01e]:[32]:[0.0.0.0]/136 //C-深圳端mac地址
10.252.252.12 100 0 i
*>i[3]:[0]:[32]:[10.252.252.12]/80
10.252.252.12 100 0 i
*> [3]:[0]:[32]:[10.252.252.14]/80
10.252.252.14 32768 i
深圳:
# szb-ctc1# show vlan 900
VLAN ID Name State STP ID Member ports
(u)-Untagged, (t)-Tagged
======= =============================== ======= ======= ===========
900 test ACTIVE 0 eth-0-1(u)
VxLAN: 10.252.252.12->10.252.252.14
# show bgp evpn vni 4009001
Status codes: s suppressed, d damped, h history, * valid, > best, i - internal,
S Stale
Origin codes: i - IGP, e - EGP, ? - incomplete
Network Next Hop Metric LocPrf Weight Path
Route Distinguisher: 400:900 (L2VNI 4009001)
*>i[2]:[0]:[48]:[4c5e.0c3c.4861]:[32]:[0.0.0.0]/136 //C-上海端mac地址
10.252.252.14 100 0 i
*> [2]:[0]:[48]:[4c5e.0c3e.c01e]:[32]:[0.0.0.0]/136 //C-深圳端mac地址
10.252.252.12 32768 i
*> [3]:[0]:[32]:[10.252.252.12]/80
10.252.252.12 32768 i
*>i[3]:[0]:[32]:[10.252.252.14]/80
10.252.252.14 100 0 i
5:测试连通性
C-上海 --> C-深圳
> ping 10.210.6.77 src-address=10.210.6.78 count=5
SEQ HOST SIZE TTL TIME STATUS
0 10.210.6.77 56 64 23ms
1 10.210.6.77 56 64 23ms
2 10.210.6.77 56 64 23ms
3 10.210.6.77 56 64 23ms
4 10.210.6.77 56 64 23ms
sent=5 received=5 packet-loss=0% min-rtt=23ms avg-rtt=23ms max-rtt=23ms
注:有那边有错误请指出,谢谢。
以上是关于利用盛科设备搭建BGP+EVPN实现VXLAN二层通道的主要内容,如果未能解决你的问题,请参考以下文章