本文继续上一篇文章实验拓扑进行扩展,实现VXLAN跨子网互访。【传送门】
拓扑
本文先实现VXLAN跨子网通信,再实现与外部传统IPv4网络通信。
1 配置VXLAN跨子网通信
本拓扑中已开启的设备沿用之前二层通信的配置,这里不再进行赘述。
1.1 在所有Leaf下配置下列内容。
#
ip vpn-instance vpn1
route-distinguisher 1000:1000
#
address-family evpn # 进入evpn地址族视图
vpn-target 1000:1000 import-extcommunity # 该RT用于发送2类主机路由(IRB)
vpn-target 1000:1000 export-extcommunity
#
interface Vsi-interface10
ip binding vpn-instance vpn1
ip address 192.168.10.254 255.255.255.0
mac-address 11-11-11
distributed-gateway local # 接口使能VXLAN 分布式网关
local-proxy-arp enable
#
interface Vsi-interface20
ip binding vpn-instance vpn1
ip address 192.168.20.254 255.255.255.0
mac-address 22-22-22
distributed-gateway local
local-proxy-arp enable
#
vsi 10
gateway vsi-interface 10 # 关联VXLAN L3网关接口
#
vsi 20
gateway vsi-interface 20 # 关联VXLAN L3网关接口
#
interface Vsi-interface 8191 # 配置3层VNI
ip binding vpn-instance vpn1
l3-vni 1000
#
#下列配置在Leaf_1-1、Leaf_1-2中配置
m-lag mad exclude interface Vsi-interface 10
m-lag mad exclude interface Vsi-interface 20
m-lag mad exclude interface Vsi-interface 8191
所有Leaf配置相应设置后,VXLAN跨子网通信此时已经实现。
同子网访问使用的是vsi中的L2VNI进行主机MAC通告。本实验场景是VXLAN分布式网关,要进行跨子网访问时,需要携带L3VNI,即vsi8191中设置的L3 VNI,因为VSI8191接口绑定了ipv4 vpn实例,该接口用于通告主机IP路由,双方Leaf可以学习到对端设备下的主机IP路由。所以两端Leaf的VPN实例中evpn的vpn-target值需要对应。
1.2 leaf_1-1配置验证
<Leaf_1-1>dis bgp l2vpn evpn route-type mac-ip 7e4c-46ce-0c06 verbose # 查看192.168.20.1的Type2路由详细信息
BGP local router ID is 5.5.5.5
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Route distinguisher: 20:20
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [2][0][48][7e4c-46ce-0c06][32][192.168.20.1]/136:
Imported route.
Original nexthop: 1.2.3.4
OutLabel : NULL
Ext-Community : <RT: 20:20>, <RT: 1000:1000>, <Encapsulation Type: VXLAN>, <
Router's MAC: 7e4a-c642-0600>
RxPathID : 0x0
TxPathID : 0x0
Org-validation : Valid
AS-path : (null)
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 32768
State : valid, local, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
EVPN route type : MAC/IP advertisement route
ESI : 0000.0000.0000.0000.0000
Ethernet tag ID : 0
MAC address : 7e4c-46ce-0c06
IP address : 192.168.20.1/32
MPLS label1 : 20 # L2VNI
MPLS label2 : 1000 # L3VNI
<Leaf_1-1>
<Leaf_1-1>dis bgp l2vpn evpn route-type ip-prefix 192.168.20.0 verbose # 查看Type5路由信息
BGP local router ID is 5.5.5.5
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Route distinguisher: 1000:1000(vpn1)
Total number of routes: 1
Paths: 1 available, 1 best
BGP routing table information of [5][0][24][192.168.20.0]/80:
Imported route.
Original nexthop: 1.2.3.4
OutLabel : NULL
Ext-Community : <Encapsulation Type: VXLAN>, <Default GateWay>, <Router's MA
C: 7e4a-c642-0600>
RxPathID : 0x0
TxPathID : 0x0
Org-validation : Valid
AS-path : (null)
Origin : igp
Attribute value : MED 0, localpref 100, pref-val 32768
State : valid, local, best
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
EVPN route type : IP prefix advertisement route
ESI : 0000.0000.0000.0000.0000
Ethernet tag ID : 0
IP prefix : 192.168.20.0/24
Gateway address : 0.0.0.0
MPLS label : 1000 # 只携带L3VNI
<Leaf_1-1>
1.3 跨子网通信验证
1.3.1 PC_1 Ping 测试
1.3.2 PC_3 Ping 测试
2 配置与传统IPv4网络通信
2.1 配置未开启设备的IP,Border1、2上与Spine1、2建立OSPF邻居关系(略)
2.2 Border1、2上建立IPv4 vpn-instance 并使能ipv4、evpn地址族(Leaf上也要使能ipv4地址族)
所有Border、Leaf上配置相同,下面以Border1为例
ip vpn-instance vpn1
route-distinguisher 1000:1000
#
address-family ipv4
vpn-target 1000:1000 import-extcommunity
vpn-target 1000:1000 export-extcommunity
#
address-family evpn
vpn-target 1000:1000 import-extcommunity
vpn-target 1000:1000 export-extcommunity
#
interface GigabitEthernet0/0 # Border与CE连接的接口需绑入VPN1
port link-mode route
combo enable copper
ip address 10.1.1.2 255.255.255.0
#
上述address-family ipv4中的VPN-Target用于传递Type5路由,ipv4地址族中的RT要与EVPN地址族中的对应,这样来自EVPN的路由可以传递到VPN实例的IPv4中,从而实现与传统IPv4网络的互访。
2.3 Border1、2与Sping1、2之间建立BGP L2vpn EVPN对等体关系
2.3.1 Border1
#
l2vpn enable
vxlan tunnel mac-learning disable
vxlan tunnel arp-learning disable
#
bgp 100
timer keepalive 3 hold 9
timer connect-retry 3
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
peer 4.4.4.4 as-number 100
peer 4.4.4.4 connect-interface LoopBack0
#
address-family l2vpn evpn
peer 3.3.3.3 enable
peer 4.4.4.4 enable
#
Border2配置与Border1的一致,这里不再赘述。
2.3.2 Spine1
bgp 100
timer keepalive 3 hold 9
timer connect-retry 3
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
#
address-family l2vpn evpn
undo policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 reflect-client
peer 2.2.2.2 enable
peer 2.2.2.2 reflect-client
#
Spine2配置与Spine的一致,这里不再赘述
2.3.3 Border L2VPN EVPN 对等体建立情况
2.4 Border1、2上创建L3vni
interface Vsi-interface8191
ip binding vpn-instance vpn1
l3-vni 1000
#
此时,Border与Leaf之间的VXLAN隧道通过vsi8191自动建立:
Border1、2上此时能学习到对应的EVPN路由,且通过type5路由将EVPN路由传入到IPv4 VPN-Instance vpn1路由表中。
但此时,Leaf设备上的ipv4 vpn-instance vpn1中还没有学习到外部路由(100.100.100.1/32),因为还没有在Border设备上进行引入:
2.5 CE与Border之间创建静态路由
2.5.1 CE
#
ip route-static 192.168.10.0 24 10.1.1.2
ip route-static 192.168.10.0 24 10.1.2.2 preference 80
ip route-static 192.168.20.0 24 10.1.1.2
ip route-static 192.168.20.0 24 10.1.2.2 preference 80
#
2.5.2 Border
# Border1
ip route-static vpn-instance vpn1 100.100.100.1 32 10.1.1.1
#
# Border2
ip route-static vpn-instance vpn1 100.100.100.1 32 10.1.2.1
2.6 Border中在bgp ipv4 vpn-instance中引入静态路由
#
bgp 100
ip vpn-instance vpn1
#
address-family ipv4 unicast
default-route imported
import-route static
#
此时,Leaf设备上便可以学习到对应的外部路由:
2.6.1 Leaf_1-1 Routes
<Leaf_1-1>dis bgp l2vpn evpn route-type ip-prefix 100.100.100.1 verbose
BGP local router ID is 5.5.5.5
Status codes: * - valid, > - best, d - dampened, h - history
s - suppressed, S - stale, i - internal, e - external
a - additional-path
Origin: i - IGP, e - EGP, ? - incomplete
Total number of routes from all PEs: 2
Route distinguisher: 1000:1000(vpn1)
Total number of routes: 2
Paths: 2 available, 1 best
BGP routing table information of [5][0][32][100.100.100.1]/80:
From : 3.3.3.3 (3.3.3.3)
Rely nexthop : 10.1.7.1
Original nexthop: 1.1.1.1
OutLabel : NULL
Ext-Community : <RT: 1000:1000>, <Encapsulation Type: VXLAN>, <Router's MAC:
7e49-2049-0200>
RxPathID : 0x0
TxPathID : 0x0
AS-path : (null)
Origin : incomplete
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal, best
Originator : 1.1.1.1
Cluster list : 3.3.3.3
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
EVPN route type : IP prefix advertisement route
ESI : 0000.0000.0000.0000.0000
Ethernet tag ID : 0
IP prefix : 100.100.100.1/32
Gateway address : 0.0.0.0
MPLS label : 1000
Re-orignination : Disabled
From : 4.4.4.4 (4.4.4.4)
Rely nexthop : 10.1.7.1
Original nexthop: 1.1.1.1
OutLabel : NULL
Ext-Community : <RT: 1000:1000>, <Encapsulation Type: VXLAN>, <Router’s MAC:
7e49-2049-0200>
RxPathID : 0x0
TxPathID : 0xffffffff
AS-path : (null)
Origin : incomplete
Attribute value : MED 0, localpref 100, pref-val 0
State : valid, internal
Originator : 1.1.1.1
Cluster list : 4.4.4.4
IP precedence : N/A
QoS local ID : N/A
Traffic index : N/A
EVPN route type : IP prefix advertisement route
ESI : 0000.0000.0000.0000.0000
Ethernet tag ID : 0
IP prefix : 100.100.100.1/32
Gateway address : 0.0.0.0
MPLS label : 1000
Re-orignination : Disabled
<Leaf_1-1>
2.6.2 Leaf_1-2 Routes
2.6.3 Leaf_2 Routes
3 访问测试
3.1 PC_1
3.2 PC_2
3.3 PC_3
3.4 PC_4
至此,本案例所有配置已完成,本次实验过程比较顺利,模拟器没有出现什么故障。
详细的知识点可以访问上一篇中提到的【B站视频】