玩转华为ENSP模拟器系列 | 配置私网接入普通EVdPdNd E-Lan示例

Posted COCOgsta

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了玩转华为ENSP模拟器系列 | 配置私网接入普通EVdPdNd E-Lan示例相关的知识,希望对你有一定的参考价值。

素材来源:华为路由器配置指南

一边学习一边整理试验笔记,并与大家分享,侵权即删,谢谢支持!

附上汇总贴:玩转华为ENSP模拟器系列 | 合集_COCOgsta的博客-CSDN博客_ensp实验大全

目标

配置私网接入普通EVPN E-Lan实现二层网路互联。

组网需求

如图1所示:Site1和Site2内为二层网络,为了实现通过骨干网使不同Site间相互通信,可以在网络中配置EVPN功能。其中各个PE设备上创建EVPN实例用于存储CE或远端PE发来的EVPN路由,RR设备将配置成路由反射器,用于反射EVPN路由。为了更高效的传输流量,将PE1和PE2都配置成多活跃模式,形成负载分担功能。

配置思路

  • 在骨干网上配置IGP实现各个PE以及RR设备之间的互通。
  • 在骨干网上配置MPLS基本能力和MPLS LDP,建立MPLS LSP。
  • 配置PE上的EVPN实例。
  • 配置PE上的源地址。
  • 配置PE上与CE相连的接口绑定EVPN实例。
  • 配置各个PE与CE接口上的ESI。
  • 配置RR与PE间的BGP EVPN对等体关系,并在RR上指定各个PE为其反射器的客户机。
  • 配置PE1和PE2的冗余模式。
  • 配置CE与PE之间相互通信。
  • 配置PE1和PE2上接入侧接口联动BFD会话,提升接入链路故障时的DF切换速度。

操作步骤

  1. 按图1配置PE和RR的各接口地址,具体配置请参见配置文件
  2. 在骨干网上配置IGP实现各个PE以及RR设备之间的互通。本例中IGP为OSPF为例进行说明

配置PE1

PE1:
ospf 1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 10.1.1.0 0.0.0.255

配置PE2

PE2:
ospf 1
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 10.2.1.0 0.0.0.255

配置PE3

PE3:
ospf 1
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 10.3.1.0 0.0.0.255

配置RR

RR:
ospf 1
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 10.1.1.0 0.0.0.255
  network 10.2.1.0 0.0.0.255
  network 10.3.1.0 0.0.0.255

配置完成后,PE1、PE2、PE3和RR之间应能建立OSPF邻居关系,执行display ospf peer命令可以看到邻居状态为Full。执行display ip routing-table命令可以看到PE和RR之间学习到对方的Loopback1路由。

以PE1的显示为例:

[~PE1-ospf-1]DIS OSPF PEER
(M) Indicates MADJ neighbor
          OSPF Process 1 with Router ID 1.1.1.1
                Neighbors
 Area 0.0.0.0 interface 10.1.1.1 (Eth1/0/1)'s neighbors
 Router ID: 3.3.3.3              Address: 10.1.1.2         
   State: Full           Mode:Nbr is Master     Priority: 1
   DR: 10.1.1.1          BDR: 10.1.1.2          MTU: 0
   Dead timer due in  37  sec
   Retrans timer interval: 5
   Neighbor is up for 00h00m48s
   Neighbor Up Time : 2020-08-05 14:40:38
   Authentication Sequence: [ 0 ]
[~PE1-ospf-1]DIS IP ROUTING
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole
 route
------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 12       Routes : 12        
Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
        1.1.1.1/32  Direct  0    0             D   127.0.0.1       LoopBack1
        3.3.3.3/32  OSPF    10   1             D   10.1.1.2        Ethernet1/0/1
        4.4.4.4/32  OSPF    10   2             D   10.1.1.2        Ethernet1/0/1
       10.1.1.0/24  Direct  0    0             D   10.1.1.1        Ethernet1/0/1
       10.1.1.1/32  Direct  0    0             D   127.0.0.1       Ethernet1/0/1
     10.1.1.255/32  Direct  0    0             D   127.0.0.1       Ethernet1/0/1
       10.2.1.0/24  OSPF    10   2             D   10.1.1.2        Ethernet1/0/1
       10.3.1.0/24  OSPF    10   2             D   10.1.1.2        Ethernet1/0/1
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
[~PE1-ospf-1]
  1. 在MPLS骨干网上配置MPLS基本能力和MPLS LDP,建立LDP LSP

配置PE1

PE1:
mpls lsr-id 1.1.1.1
mpls
mpls ldp
interface Ethernet1/0/1
 mpls
 mpls ldp

配置PE2

PE2:
mpls lsr-id 2.2.2.2
mpls
mpls ldp
interface Ethernet1/0/0
 mpls
 mpls ldp

配置RR

RR:
mpls lsr-id 3.3.3.3
mpls
mpls ldp
interface Ethernet1/0/1
 mpls
 mpls ldp
 dcn
interface Ethernet1/0/0
 mpls
 mpls ldp
interface Ethernet1/0/2
 mpls
 mpls ldp

配置PE3

PE3:
mpls lsr-id 4.4.4.4
mpls
mpls ldp
interface Ethernet1/0/0
 mpls
 mpls ldp

上述配置完成后,PE1、PE2、PE3和RR之间应能建立LDP会话,执行display mpls ldp session命令可以看到显示结果中Status项为“Operational”。执行display mpls ldp lsp命令,可以看到LDP LSP的建立情况。

以PE1的显示为例:

[~PE1-Ethernet1/0/1]dis mpls ldp session 
 LDP Session(s) in Public Network
 Codes: LAM(Label Advertisement Mode), SsnAge Unit(DDDD:HH:MM)
 An asterisk (*) before a session means the session is being deleted.
 --------------------------------------------------------------------------
 PeerID             Status      LAM  SsnRole  SsnAge       KASent/Rcv
 --------------------------------------------------------------------------
 3.3.3.3:0          Operational DU   Passive  0000:00:03   16/16
 --------------------------------------------------------------------------
 TOTAL: 1 Session(s) Found.
[~PE1-Ethernet1/0/1]dis mpls ldp lsp
 LDP LSP Information
 -------------------------------------------------------------------------------
 Flag after Out IF: (I) - RLFA Iterated LSP, (I*) - Normal and RLFA Iterated LSP
 -------------------------------------------------------------------------------
 DestAddress/Mask   In/OutLabel    UpstreamPeer    NextHop          OutInterface
 -------------------------------------------------------------------------------
 1.1.1.1/32         3/NULL         3.3.3.3         127.0.0.1        Loop1
*1.1.1.1/32         Liberal/48120                  DS/3.3.3.3       
 3.3.3.3/32         NULL/3         -               10.1.1.2         Eth1/0/1
 3.3.3.3/32         48120/3        3.3.3.3         10.1.1.2         Eth1/0/1
 4.4.4.4/32         NULL/48121     -               10.1.1.2         Eth1/0/1
 4.4.4.4/32         48121/48121    3.3.3.3         10.1.1.2         Eth1/0/1
 -------------------------------------------------------------------------------
 TOTAL: 5 Normal LSP(s) Found.
 TOTAL: 1 Liberal LSP(s) Found.
 TOTAL: 0 FRR LSP(s) Found.
 An asterisk (*) before an LSP means the LSP is not established
 An asterisk (*) before a Label means the USCB or DSCB is stale
 An asterisk (*) before an UpstreamPeer means the session is stale
 An asterisk (*) before a DS means the session is stale
 An asterisk (*) before a NextHop means the LSP is FRR LSP
[~PE1-Ethernet1/0/1]
  1. 配置PE上的EVPN实例

配置PE1

PE1:
evpn vpn-instance evpna
 route-distinguisher 100:1
 vpn-target 1:1 export-extcommunity
 vpn-target 1:1 import-extcommunity

配置PE2

PE2:
evpn vpn-instance evpna
 route-distinguisher 200:1
 vpn-target 1:1 export-extcommunity
 vpn-target 1:1 import-extcommunity

配置PE3

PE3:
evpn vpn-instance vpna
 route-distinguisher 300:1
 vpn-target 1:1 export-extcommunity
 vpn-target 1:1 import-extcommunity
  1. 配置PE1上的源地址

配置PE1

PE1:
evpn source-address 1.1.1.1

配置PE2

PE2:
evpn source-address 2.2.2.2

配置PE3

PE3:
evpn source-address 4.4.4.4
  1. 配置PE1和PE2上连接CE的接口的ESI(本例使用动态生成ESI的配置方法,配置静态ESI的方法请参见配置ESI)。

配置PE1。

PE1:
lacp e-trunk system-id 00e0-fc00-0000
lacp e-trunk priority 1
e-trunk 1
 priority 10
 peer-address 2.2.2.2 source-address 1.1.1.1
interface Eth-Trunk10
 mode lacp-static
 e-trunk 1

配置PE2。

PE2:
lacp e-trunk system-id 00e0-fc00-0000
lacp e-trunk priority 1
e-trunk 1
 priority 20
 peer-address 1.1.1.1 source-address 2.2.2.2
interface Eth-Trunk10
 mode lacp-static
 e-trunk 1
  1. 配置PE上与CE相连的接口绑定EVPN实例。

配置PE1。

PE1:
interface Eth-Trunk10
 e-trunk mode force-master
 evpn binding vpn-instance evpna
interface Ethernet1/0/0
 eth-trunk 10

配置PE2。

PE2:
interface Eth-Trunk10
 e-trunk mode force-master
 evpn binding vpn-instance evpna
interface Ethernet1/0/1
 eth-trunk 10

配置PE3。

PE3:
interface Ethernet1/0/1
 evpn binding vpn-instance evpna
  1. 配置RR与PE间的BGP EVPN对等体关系,并在RR上指定各个PE为其反射器的客户机

配置PE1。

PE1:
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack1
 l2vpn-family evpn
  peer 3.3.3.3 enable

配置PE2。

PE2:
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack1
 l2vpn-family evpn
  peer 3.3.3.3 enable

配置PE3。

PE3:
bgp 100
 peer 3.3.3.3 as-number 100
 peer 3.3.3.3 connect-interface LoopBack1
 l2vpn-family evpn
  peer 3.3.3.3 enable

配置RR。

RR:
bgp 100
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack1
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack1
 peer 4.4.4.4 as-number 100
 peer 4.4.4.4 connect-interface LoopBack1
 l2vpn-family evpn
  peer 1.1.1.1 enable
  peer 1.1.1.1 reflect-client
  peer 2.2.2.2 enable
  peer 2.2.2.2 reflect-client
  peer 4.4.4.4 enable
  peer 4.4.4.4 reflect-client

配置完成后,在RR上执行display bgp evpn peer命令,可以看到RR与PE间BGP对等体关系已建立,并达到Established状态。

[~RR-Ethernet1/0/2]dis bgp evpn peer
 BGP local router ID : 10.2.1.2
 Local AS number : 100
 Total number of peers : 3                 Peers in established state : 3
  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  Pr
efRcv
  1.1.1.1         4         100       23       26     0 00:15:58 Established    
    1
  2.2.2.2         4         100       10       12     0 00:05:04 Established    
    1
  4.4.4.4         4         100        5        8     0 00:00:06 Established    
    1
[~RR-Ethernet1/0/2]
  1. 配置CE与PE之间互相通信

配置CE1。

CE1:
interface Eth-Trunk1
 portswitch
 port trunk allow-pass vlan 10
 mode lacp-static
interface Ethernet1/0/0
 eth-trunk 1
interface Ethernet1/0/1
 eth-trunk 1

配置CE2。

CE2:
interface Eth-Trunk1
 portswitch
 port default vlan 10
interface Ethernet1/0/0
 eth-trunk 1
  1. 配置PE1和PE2上接入侧接口联动BFD会话,提升接入链路故障时的DF切换速度

配置PE1。

PE1:
bfd
bfd bfd1 bind peer-ip 2.2.2.2 track-interface interface Eth-Trunk10
 discriminator local 10
 discriminator remote 20
interface Eth-Trunk10
 es track bfd bfd1

配置PE2。

PE2:
bfd
bfd bfd1 bind peer-ip 1.1.1.1 track-interface interface Eth-Trunk10
 discriminator local 20
 discriminator remote 10
interface Eth-Trunk10
 es track bfd bfd1
  1. 检查配置结果

在PE3设备上执行display bgp evpn all routing-table mac-route命令,可以看到去往CE1的MAC/IP地址通告路由。

[~PE3-Ethernet1/0/1]dis bgp evpn all routing-table mac-route 
 Local AS number : 100
 BGP Local router ID is 10.3.1.2
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
               h - history,  i - internal, s - suppressed, S - Stale
               Origin : i - IGP, e - EGP, ? - incomplete
 
 EVPN address family:
 Number of Mac Routes: 2
 Route Distinguisher: 200:1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>i   0:48:5489-981a-51c7:0:0.0.0.0                          2.2.2.2
 Route Distinguisher: 300:1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:5489-9834-62d1:0:0.0.0.0                          0.0.0.0
    
 EVPN-Instance evpna:
 Number of Mac Routes: 2
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>i   0:48:5489-981a-51c7:0:0.0.0.0                          2.2.2.2
 *>    0:48:5489-9834-62d1:0:0.0.0.0                          0.0.0.0
[~PE3-Ethernet1/0/1]

在PE3设备上执行display bgp evpn all routing-table mac-route mac-route命令,可以看到去往CE1的MAC/IP地址通告路由形成了负载分担。

<PE3>dis bgp evpn all routing-table mac-route 0:48:5489-981a-51c7:0:0.0.0.0
 BGP local router ID : 10.3.1.2
 Local AS number : 100
 Total routes of Route Distinguisher(200:1): 1
 BGP routing table entry information of 0:48:5489-981a-51c7:0:0.0.0.0:
 Label information (Received/Applied): 48060/NULL
 From: 3.3.3.3 (10.2.1.2) 
 Route Duration: 0d00h00m31s
 Relay IP Nexthop: 10.3.1.1
 Relay Tunnel Out-Interface: LDP LSP
 Original nexthop: 2.2.2.2
 Qos information : 0x0
 Ext-Community: RT <1 : 1>
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 2
 Originator: 10.2.1.1
 Cluster list: 10.2.1.2
 Route Type: 2 (MAC Advertisement Route)
 Ethernet Tag ID: 0, MAC Address/Len: 5489-981a-51c7/48, IP Address/Len: 0.0.0.0/0, ESI:0170.7be8.161b.aa01.2100
 Not advertised to any peer yet
 
    
 EVPN-Instance evpna:
 Number of Mac Routes: 1
 BGP routing table entry information of 0:48:5489-981a-51c7:0:0.0.0.0:
 Route Distinguisher: 200:1
 Remote-Cross route
 Label information (Received/Applied): 48060/NULL
 From: 3.3.3.3 (10.2.1.2) 
 Route Duration: 0d00h00m32s
 Relay Tunnel Out-Interface: LDP LSP
 Original nexthop: 2.2.2.2
 Qos information : 0x0
 Ext-Community: RT <1 : 1>
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 2
 Originator: 10.2.1.1
 Cluster list: 10.2.1.2
 Route Type: 2 (MAC Advertisement Route)
 Ethernet Tag ID: 0, MAC Address/Len: 5489-981a-51c7/48, IP Address/Len: 0.0.0.0/0, ESI:0170.7be8.161b.aa01.2100
 Not advertised to any peer yet
 
<PE3>

 

以上是关于玩转华为ENSP模拟器系列 | 配置私网接入普通EVdPdNd E-Lan示例的主要内容,如果未能解决你的问题,请参考以下文章

玩转华为ENSP模拟器系列 | 配置动态VPWS接入VPLS示例

玩转华为ENSP模拟器系列 | 配置PE与接入侧设备间路由交换

玩转华为ENSP模拟器系列 | 配置基于iBGP的PE和接入设备间路由交换

玩转华为ENSP模拟器系列 | 配置普通NTP对等体模式示例

玩转华为ENSP模拟器系列 | 配置纯动态VPWS交换示例

玩转华为ENSP模拟器系列 | 接入用户采用Windows7客户端通过IKEv2方式接入总部VdPdNd(采用证书认证方式)