EVPN 集中式网关
![![[EVPN集中式网关.png]]](https://i-blog.csdnimg.cn/direct/7e4a35a32d1845fba551a868e2ad8873.png)
配置思路
- VTEP1、VTEP2只作为二层网关,VTEP3作为三层网关
- 保证底层underlay网络互通,可以使用OSPF、ISIS、静态等
- 配置BD域,配置EVPN实例,配置NVE
- 配置VTEP底下接口
- 为建立vni隧道,需要Type3路由(自动发现VTEP,建立隧道、头端复制列表)->配置BGP EVPN
- 但是无法传递主机路由–>VBDIF开启主机路由收集功能(下发32位的主机地址)–>开启Type2路由通告功能(因为没有用到三层VNI,只需要IP地址、MAC地址、二层VNI,所以不需要通告irb路由通告arp路由即可)
配置命令
!!!版本号
CE12800 V800R013C00SPC560B560
VTEP1(二层网关):
sysname VTEP1
evpn-overlay enable 开启EVPN功能
bridge-domain 10 设置BD域,配置vni,配置EVPN实例
vxlan vni 10
evpn
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
bridge-domain 20 设置BD域,配置vni,配置EVPN实例
vxlan vni 20
evpn
route-distinguisher 20:20
vpn-target 20:20 export-extcommunity
vpn-target 20:20 import-extcommunity
interface GE1/0/0
undo shutdown
interface GE1/0/0.10 mode l2 二层子接口配置业务接入,关联BD域
encapsulation dot1q vid 10
bridge-domain 10
interface GE1/0/0.20 mode l2 二层子接口配置业务接入,关联BD域
encapsulation dot1q vid 20
bridge-domain 20
interface GE1/0/1
undo portswitch 关闭二层接口模式
undo shutdown
ip address 10.0.10.1 255.255.255.0
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
interface Nve1 创建NVE接口
source 1.1.1.1
vni 10 head-end peer-list protocol bgp 动态头端复制列表,通过BGP感知
vni 20 head-end peer-list protocol bgp
bgp 100 配置VTEP的BGP互联,在EVPN地址族下配置地址族功能开启、arp通告
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
peer 2.2.2.2 enable
peer 3.3.3.3 enable
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise arp
peer 3.3.3.3 enable
peer 3.3.3.3 advertise arp
ospf 1 router-id 1.1.1.1 底层underlay互联
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.0.10.0 0.0.0.255
VTEP2(二层网关):
sysname VTEP2
evpn-overlay enable
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:11
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:22
vpn-target 20:20 export-extcommunity
vpn-target 20:20 import-extcommunity
interface GE1/0/0
undo shutdown
interface GE1/0/0.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
interface GE1/0/0.20 mode l2
encapsulation dot1q vid 20
bridge-domain 20
interface GE1/0/1
undo portswitch
undo shutdown
ip address 10.0.11.2 255.255.255.0
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
interface Nve1
source 2.2.2.2
vni 10 head-end peer-list protocol bgp
vni 20 head-end peer-list protocol bgp
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 3.3.3.3 as-number 100
peer 3.3.3.3 connect-interface LoopBack0
ipv4-family unicast
peer 1.1.1.1 enable
peer 3.3.3.3 enable
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 advertise arp
peer 3.3.3.3 enable
peer 3.3.3.3 advertise arp
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.0 0.0.0.255
network 10.0.11.0 0.0.0.255
VTEP3(三层网关):
sysname VTEP3
evpn-overlay enable
ip vpn-instance a 配置租户,当前配置只考虑同一租户
ipv4-family
route-distinguisher 100:100
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:12
vpn-target 10:10 export-extcommunity
vpn-target 10:10 import-extcommunity
bridge-domain 20
vxlan vni 20
evpn
route-distinguisher 20:21
vpn-target 20:20 export-extcommunity
vpn-target 20:20 import-extcommunity
interface Vbdif10 配置VBDIF接口,配置主机地址收集功能
ip binding vpn-instance a
ip address 192.168.1.254 255.255.255.0
arp collect host enable
interface Vbdif20 配置VBDIF接口,配置主机地址收集功能
ip binding vpn-instance a
ip address 192.168.2.254 255.255.255.0
arp collect host enable
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.0.12.3 255.255.255.0
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
interface Nve1
source 3.3.3.3
vni 10 head-end peer-list protocol bgp
vni 20 head-end peer-list protocol bgp
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
ipv4-family unicast
peer 1.1.1.1 enable
peer 2.2.2.2 enable
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 advertise arp
peer 2.2.2.2 enable
peer 2.2.2.2 advertise arp
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 10.0.12.0 0.0.0.255
检查命令:
vxlan隧道
![![[Pasted image 20260505214108.png]]](https://i-blog.csdnimg.cn/direct/3f774d332fdc484091d15fbd7de84c85.png)
![![[Pasted image 20260505214134.png]]![[Pasted image 20260505214159.png]]](https://i-blog.csdnimg.cn/direct/5eec8db9459440a38e9b7ba2198445f4.png)
EVPN关系建立
![![[Pasted image 20260505214250.png]]](https://i-blog.csdnimg.cn/direct/100dd213e38e48c4aa386a2787f15258.png)
EVPN路由
![![[Pasted image 20260505214354.png]]](https://i-blog.csdnimg.cn/direct/2e36bedf365e4e90ab7403de8653fbd9.png)
Type3路由(自动发现VTEP、建立VNI隧道、头端复制列表)![![[Pasted image 20260505214501.png]]](https://i-blog.csdnimg.cn/direct/51f0d2672beb4b44a480ac655f064cb3.png)
详细信息![![[Pasted image 20260505214705.png]]](https://i-blog.csdnimg.cn/direct/bf0d257971344b1d85c2dcd5f03667ec.png)
Type2(MAC、IP、二层vni、三层vni)![![[Pasted image 20260505214756.png]]](https://i-blog.csdnimg.cn/direct/85204d60db904cd788d81636dd78e145.png)
AtomGit 是由开放原子开源基金会联合 CSDN 等生态伙伴共同推出的新一代开源与人工智能协作平台。平台坚持“开放、中立、公益”的理念,把代码托管、模型共享、数据集托管、智能体开发体验和算力服务整合在一起,为开发者提供从开发、训练到部署的一站式体验。
更多推荐
12
0- 0
已为社区贡献1条内容
所有评论(0)