VXLAN Multi-Site部署

1. 實驗?zāi)康?/h1>
部署MP-BGP EVPN based VXLAN Multi-Site，了解Anycast BGW的工作原理

2. 實驗環(huán)境拓?fù)?/h1>
本實驗采用BGWs on Spine模型

image

image

3. 實驗步驟

3.1 設(shè)備配置

由于設(shè)備太占內(nèi)存隅肥，Site1和Site2都只開啟1個BGW雅采。

3.1.1 BGW1-SP1上配置Internal OSPF Underlay


config t

feature ospf

feature pim

router ospf 90

router-id 10.100.100.21

 exit

interface loopback 0

 ip address 10.100.100.21/32 tag 54321

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

exit

interface loopback 1

 ip address 10.200.200.21/32 tag 54321

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

exit

interface loopback 100

 ip address 10.111.111.1/32 tag 54321

 ip router ospf 90 area 0

 no shutdown

exit

interface e1/7

 no switchport

 mtu 9216

 ip address 10.1.1.34/30

 ip ospf network point-to-point

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

exit

ip pim rp-address 10.100.100.21 group-list 239.0.0.0/8

3.1.2 BGW1-SP1上配置Internal iBGP overlay


config t

feature bgp

feature nv overlay

nv overlay evpn

evpn multisite border-gateway 111

 delay-restore time 300

 exit

interface e1/7

 evpn multisite fabric-tracking

 exit

interface nve1

 host-reachability protocol bgp

 source-interface loopback 1

 multisite border-gateway interface loopback 100

 no shutdown

 exit

router bgp 65501

 router-id 10.100.100.21

 neighbor 10.100.100.11

 remote-as 65501

  update-source loopback 0

  address-family l2vpn evpn

   send-community both

   exit

3.1.3 BGW1-SP1上配置External eBGP Underlay


config t

interface e1/1

 no switchport

 mtu 9216

 ip address 10.52.21.1/30 tag 54321

 evpn multisite dci-tracking

 no shutdown

 exit

route-map RMAP-REDIST-DIRECT permit 10

 match tag 54321

 exit

router bgp 65501

 address-family ipv4 unicast

  redistribute direct route-map RMAP-REDIST-DIRECT

  maximum-path 4

 neighbor 10.52.21.2

  remote-as 65036

  update-source e1/1

  address-family ipv4 unicast

   end

3.1.4 BGW1-SP1上配置External eBGP Overlay


config t

router bgp 65501

 neighbor 10.52.52.52

 remote-as 65036

  update-source loopback 0

  ebgp-multihop 5

  peer-type fabric-external

  address-family l2vpn evpn

   send-community both

   rewrite-evpn-rt-asn

   end

3.1.5 RS（eBGP RR）配置


config t

interface e1/1

 no switchport

 mtu 9216

 ip address 10.52.21.2/30

 no shutdown

exit

interface e1/3

 no switchport

 mtu 9216

 ip address 20.52.21.2/30

 no shutdown

 exit

interface loopback0

 ip address 10.52.52.52/32

 no shutdown

 exit

interface loopback1

 ip address 20.52.52.52/32

 no shutdown

 exit

feature bgp

nv overlay evpn

route-map UNCHANGED permit 10

 set ip next-hop unchanged

exit

router bgp 65036

 address-family ipv4 unicast

 network 10.52.52.52 mask 255.255.255.255

 network 20.52.52.52 mask 255.255.255.255

 address-family l2vpn evpn

 retain route-target all

 neighbor 10.52.21.1

 remote-as 65501

 update-source e1/1

 address-family ipv4 unicast

  exit

 neighbor 20.52.21.1

  remote-as 65502

  update-source e1/3

  address-family ipv4 unicast

  exit

 neighbor 10.100.100.21

  remote-as 65501

  update-source loopback0

  ebgp-multihop 5

 address-family l2vpn evpn

  send-community both

  route-map UNCHANGED out

  rewrite-evpn-rt-asn

 neighbor 20.100.100.21

  remote-as 65502

  update-source loopback1

  ebgp-multihop 5

  address-family l2vpn evpn

   send-community both

   route-map UNCHANGED out

   rewrite-evpn-rt-asn

   end

3.1.6 BGW1-SP1上配置L3 Extension


config t

feature vn-segment-vlan-based

feature interface-vlan

vlan 2003

 vn-segment 50001

 exit

vrf context BLUE

 vni 50001

 rd auto

 address-family ipv4 unicast

  route-target both auto

  route-target both auto evpn

  exit

interface vlan 2003

 mtu 9216

 vrf member BLUE

 no ip redirect

 ip forward

 no shutdown

 exit

interface nve1

 member vni 50001 associate-vrf

 exit

3.1.7 BGW1-SP1上配置L2 Extension

由于Selevtive advertisement功能默認(rèn)開啟，所以再BGW上沒有定義的L2 extension训挡，即使從RS中接收到相應(yīng)的來vpn evpn條目更新筹裕，也無法發(fā)送給內(nèi)部的BGP鄰居抖僵。


config t

vlan 10

 vn-segment 30010

 exit

vlan 20

 vn-segment 30020

 exit

interface nve1

member vni 30010

  multisite ingress-replication

  mcast-group 239.1.1.0

  exit

member vni 30020

  multisite ingress-replication

  mcast-group 239.2.2.0

  exit

exit

evpn

vni 30010 l2

  rd auto

  route-targe both auto

  exit

vni 30020 l2

  rd auto

  route-targe both auto

  exit

exit

3.1.8 可選配置BUM traffic enforcement

config t

evpn storm-control broadcast level 0-100

evpn storm-control multicast level 0-100

evpn storm-control unicast level 0-100

end

補充：

image

3.1.9 Site1-LEAF1上完成MP-BGP EVPN的配置

Leaf和BGW不同晋渺，本地沒有的VLAN镰绎，就不需要配置對應(yīng)的L2 EVPN。


config t

feature interface-vlan

feature ospf

feature pim

feature bgp

feature nv overlay

feature vn-segment-vlan-based

nv overlay evpn

router ospf 90

 router-id 10.100.100.11

 exit

interface loopback0

 ip address 10.100.100.11/32

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

 exit

interface loopback1

 ip address 10.200.200.11/32

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

 exit

interface e1/1

 no switchport

 mtu 9216

 ip address 10.1.1.33/30

 ip ospf network point-to-point

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

 exit

ip pim rp-address 10.100.100.21 group-list 239.0.0.0/8

vlan 2003

 vn-segment 50001

 exit

vrf context BLUE

 vni 50001

 rd auto

 address-family ipv4 unicast

  route-target both auto

  route-target both auto evpn

  exit

 exit

interface vlan 2003

 mtu 9216

 vrf member BLUE

 no ip redirect

 no shutdown

 ip forward

 exit

vlan 10

 vn-segment 30010

 exit

evpn

 vni 30010 l2

 rd auto

 route-target both auto

 exit

exit

interface nve1

 host-reachability protoco1 bgp

 source-interface loopback1

 member vni 50001 associate-vrf

  exit

 member vni 30010

  mcast-group 239.1.1.0

  exit

no shutdown

exit

fabric forwarding anycast-gateway-mac 0002.0002.0002

router bgp 65501

 router-id 10.100.100.11

 address-family ipv4 unicast

  exit

 address-family l2vpn evpn

 exit

 neighbor 10.100.100.21

  remote-as 65501

  update-source loopback0

  address-family l2vpn evpn

   send-community

   exit

exit

 vrf BLUE

  address-family ipv4 unicast

  exit

interface vlan 10

 vrf member BLUE

 ip address 192.168.10.1/24

 fabric forwarding mode anycast-gateway

 no shutdown

 exit

interface e1/3

 switchport

 switch mode access

 switch access vlan 10

 no shutdown

end

3.1.10 Switch1配置


vlan 10

 exit

interface vlan 10

 ip address 192.168.10.101 255.255.255.0

 no shutdown

exit

interface gigabitEthernet 0/0

 switch mode access

 switch access vlan 10

exit

ip route 0.0.0.0 0.0.0.0 192.168.10.1

3.2 Site1配置檢查

BGW1-SP1

show nve interface nve1 detail

image

show nve multisite dci-links

show nve multisite fabric-links

image

show nve ethernet-segment

image

show bgp l2vpn evpn route-type 4

image

show nve vni

show nve peer

image

show bgp ipv4 unicast summary

show bgp l2vpn evpn summary

image

Site1-Leaf1

show nve vni

show nve peer

image

show bgp l2vpn evpn

image

3.3 Site2配置參考

3.3.1 BGW2-SP1的配置


config t

feature ospf

feature pim

router ospf 90

router-id 20.100.100.21

 exit

interface loopback 0

 ip address 20.100.100.21/32 tag 54321

 ip router osp 90 area 0

 ip pim sparse-mode

 no shutdown

exit

interface loopback1

 ip address 20.200.200.21/32 tag 54321

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

 exit

interface loopback100

 ip address 20.111.111.1/32 tag 54321

 ip router ospf 90 area 0

 no shutdown

 exit

interface e1/7

 no switchport

 mtu 9216

 ip address 20.1.1.34/30

 ip ospf network point-to-point

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

 exit

ip pim rp-address 20.100.100.21 group-list 239.0.0.0/8

feature bgp

feature nv overlay

nv overlay evpn

evpn multisite border-gateway 222

 delay-restore time 300

 exit

interface e1/7

 evpn multisite fabric-tracking

 exit

interface nve1

 host-reachability protoco1 bgp

 source-interface loopback1

 multisite border-gateway interface loopback100

 no shutdown

 exit

router bgp 65502

 neighbor 20.100.100.11

 remote-as 65502

 update-source loopback0

 address-family l2vpn evpn

  send-community

  exit

interface e1/1

 no switchport

 mtu 9216

 ip address 20.52.21.1/30 tag 54321

 evpn multisite dci-tracking

 no shutdown

exit

route-map RMAP-REDIST-DIRECT permit 10

 match tag 54321

 exit

router bgp 65502

 router-id 20.100.100.21

 address-family ipv4 unicast

  redistribute direct route-map RMAP-REDIST-DIRECT

  maximum-path 4

neighbor 20.52.21.2

  remote-as 65036

  update-source e1/1

  address-family ipv4 unicast

  exit

exit

router bgp 65502

neighbor 20.52.52.52

  remote-as 65036

  update-source loopback0

  ebgp-multihop 5

  peer-type fabric-external

  address-family l2vpn evpn

  send-community both

  rewrite-evpn-rt-asn

  exit

  exit

exit

feature vn-segment-vlan-based

feature interface-vlan

vlan 2003

 vn-segment 50001

 exit

vrf context BLUE

 vni 50001

 rd auto

address-family ipv4 unicast

  route-target both auto

  route-target both auto evpn

  exit

exit

interface vlan 2003

 mtu 9216

 vrf member BLUE

 no ip redirect

 no shutdown

 ip forward

 exit

interface nve1

 member vni 50001 associate-vrf

 exit

vlan 10

 vn-segment 30010

 exit

vlan 20

 vn-segment 30020

 exit

interface nve1

 member vni 30010

  multisite ingress-replication

  mcast-group 239.1.1.0

  exit

member vni 30020

  multisite ingress-replication

  mcast-group 239.2.2.0

  exit

exit

evpn

vni 30010 l2

  rd auto

  route-target both auto

  exit

vni 30020 l2

  rd auto

  route-targe both auto

  exit

exit

注意：

BGW2-SP1上檢查配置vpn multisite border-gateway 222木西，若誤配為111畴栖，則最后路由分發(fā)和轉(zhuǎn)載沒有問題，但是回PING不同八千。并將誤配修改為正確后吗讶，還需要重啟BGW2-SP1才能往前有效，通過Switch能夠互相PING通恋捆。

3.3.2 Site2-Leaf1的配置


config t

feature interface-vlan

feature ospf

feature pim

feature bgp

feature nv overlay

feature vn-segment-vlan-based

nv overlay evpn

router ospf 90

 router-id 20.100.100.11

 exit

 interface loopback0

 ip addres 20.100.10.11/32

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

 exit

interface loopback1

 ip address 20.200.200.11/32

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

 exit

interface e1/1

 no switchport

 mtu 9216

 ip address 20.1.1.33/30

 ip ospf network point-to-point

 ip router ospf 90 area 0

 ip pim sparse-mode

 no shutdown

 exit

ip pim rp-address 20.100.100.21 group-list 239.0.0.0/8

vlan 2003

 vn-segment 50001

 exit

vrf context BLUE

 vni 50001

 rd auto

 address-family ipv4 unicast

  route-target both auto

  route-target both auto evpn

  exit

interface vlan 2003

 mtu 9216

 vrf member BLUE

 no ip redirect

 ip forward

 no shutdown

 exit

vlan 10

 vn-segment 30010

 exit

vlan 20

 vn-segment 30020

 exit

evpn

vni 30010 l2

  rd auto

  route-target both auto

  exit

vni 30020 l2

  rd auto

  route-target both auto

  exit

exit

interface nve1

 host-reachability protocol bgp

 source-interface loopback1

 member vni 50001 associate-vrf

 exit

 member vni 30010

  mcast-group 239.1.1.0

  exit

 member vni 30020

  mcast-group 239.1.1.0

  exit

 no shutdown

 exit

fabri forwarding anycast-gateway-mac 0002.0002.0002

router bgp 65502

 router-id 20.100.100.11

 address-family ipv4 unicast

  exit

 address-family l2vpn evpn

  exit

 neighbor 20.100.100.21

  remote-as 65502

  update-source loopback0

 address-family l2vpn evpn

  send-community both

  exit

exit

 vrf BLUE

  address-family ipv4 unicast

  exit

interface vlan 10

 vrf member BLUE

  ip address 192.168.10.1/24

  fabric forwarding mode anycast-gateway

  no shutdown

  exit

exit

interface vlan 20

 vrf member BLUE

  ip addres 192.168.20.1/24

  fabric forwarding mode anycast-gateway

  no shutdown

  exit

interface e1/3

 switch

 switch mode access

 switch access vlan 10

 no shutdown

 exit

interface e1/4

 switch

 switch mode access

 switch access vlan 20

 no shutdown

 end

3.3.3 Switch2配置


vlan 10

 exit

interface vlan 10

ip address 192.168.10.102 255.255.255.0

 no shutdown

 exit

interface gigabitEthernet 0/0

 switch mode access

 switch access vlan 10

 exit

ip route 0.0.0.0 0.0.0.0 192.168.10.1

3.3.4 Switch3配置


vlan 20

 exit

interface vlan 20

 ip address 192.168.20.102 255.255.255.0

 no shutdown

 exit

interface gigabitEthernet 0/0

 switch mode access

 switch access vlan 10

 exit

ip route 0.0.0.0 0.0.0.0 192.168.20.1

4. Site1與Site2互通檢查

通過Site1 Switch1（192.168.10.101）PING Site2 Switch2（192.168.10.102）和Switch3 （192.168.20.102）照皆，測試子網(wǎng)Bridging和跨子網(wǎng)Routing

image

通過Site2 Switch2（192.168.10.102）PING Site2 Switch3 （192.168.20.102），測試跨子網(wǎng)Routing

image

檢查Site2-Leaf1上的VRF路由

image

檢查Site1-Leaf1上的VRF路由

image

檢查RS上的完整L2VPN EVPN條目

image

最后編輯于：2021.01.05 03:09:01

?著作權(quán)歸作者所有,轉(zhuǎn)載或內(nèi)容合作請聯(lián)系作者

人面猴
序言：七十年代末沸停，一起剝皮案震驚了整個濱河市纵寝，隨后出現(xiàn)的幾起案子，更是在濱河造成了極大的恐慌星立，老刑警劉巖，帶你破解...
沈念sama閱讀 219,270評論 6贊 508
死咒
序言：濱河連續(xù)發(fā)生了三起死亡事件葬凳，死亡現(xiàn)場離奇詭異绰垂，居然都是意外死亡，警方通過查閱死者的電腦和手機火焰，發(fā)現(xiàn)死者居然都...
沈念sama閱讀 93,489評論 3贊 395
救了他兩次的神仙讓他今天三更去死
文/潘曉璐我一進(jìn)店門劲装，熙熙樓的掌柜王于貴愁眉苦臉地迎上來，“玉大人昌简，你說我怎么就攤上這事占业。” “怎么了纯赎？”我有些...
開封第一講書人閱讀 165,630評論 0贊 356
道士緝兇錄：失蹤的賣姜人
文/不壞的土叔我叫張陵谦疾，是天一觀的道長。經(jīng)常有香客問我犬金，道長念恍，這世上最難降的妖魔是什么六剥？我笑而不...
開封第一講書人閱讀 58,906評論 1贊 295
?港島之戀（遺憾婚禮）
正文為了忘掉前任，我火速辦了婚禮峰伙，結(jié)果婚禮上疗疟，老公的妹妹穿的比我還像新娘。我一直安慰自己瞳氓，他們只是感情好策彤，可當(dāng)我...
茶點故事閱讀 67,928評論 6贊 392
惡毒庶女頂嫁案：這布局不是一般人想出來的
文/花漫我一把揭開白布。她就那樣靜靜地躺著匣摘，像睡著了一般店诗。火紅的嫁衣襯著肌膚如雪。梳的紋絲不亂的頭發(fā)上恋沃，一...
開封第一講書人閱讀 51,718評論 1贊 305
城市分裂傳說
那天必搞，我揣著相機與錄音，去河邊找鬼囊咏。笑死恕洲，一個胖子當(dāng)著我的面吹牛，可吹牛的內(nèi)容都是我干的梅割。我是一名探鬼主播霜第，決...
沈念sama閱讀 40,442評論 3贊 420
雙鴛鴦連環(huán)套：你想象不到人心有多黑
文/蒼蘭香墨我猛地睜開眼，長吁一口氣：“原來是場噩夢啊……” “哼户辞！你這毒婦竟也來了泌类？” 一聲冷哼從身側(cè)響起，我...
開封第一講書人閱讀 39,345評論 0贊 276
萬榮殺人案實錄
序言：老撾萬榮一對情侶失蹤底燎，失蹤者是張志新（化名）和其女友劉穎刃榨，沒想到半個月后，有當(dāng)?shù)厝嗽跇淞掷锇l(fā)現(xiàn)了一具尸體双仍，經(jīng)...
沈念sama閱讀 45,802評論 1贊 317
?護(hù)林員之死
正文獨居荒郊野嶺守林人離奇死亡枢希，尸身上長有42處帶血的膿包…… 初始之章·張勛以下內(nèi)容為張勛視角年9月15日...
茶點故事閱讀 37,984評論 3贊 337
?白月光啟示錄
正文我和宋清朗相戀三年，在試婚紗的時候發(fā)現(xiàn)自己被綠了朱沃。大學(xué)時的朋友給我發(fā)了我未婚夫和他白月光在一起吃飯的照片苞轿。...
茶點故事閱讀 40,117評論 1贊 351
活死人
序言：一個原本活蹦亂跳的男人離奇死亡，死狀恐怖逗物，靈堂內(nèi)的尸體忽然破棺而出搬卒，到底是詐尸還是另有隱情，我是刑警寧澤翎卓，帶...
沈念sama閱讀 35,810評論 5贊 346
?日本核電站爆炸內(nèi)幕
正文年R本政府宣布契邀，位于F島的核電站，受9級特大地震影響失暴，放射性物質(zhì)發(fā)生泄漏蹂安。R本人自食惡果不足惜椭迎，卻給世界環(huán)境...
茶點故事閱讀 41,462評論 3贊 331
男人毒藥：我在死后第九天來索命
文/蒙蒙一、第九天我趴在偏房一處隱蔽的房頂上張望田盈。院中可真熱鬧畜号，春花似錦、人聲如沸允瞧。這莊子的主人今日做“春日...
開封第一講書人閱讀 32,011評論 0贊 22
一樁弒父案，背后竟有這般陰謀
文/蒼蘭香墨我抬頭看了看天上的太陽述暂。三九已至痹升，卻和暖如春，著一層夾襖步出監(jiān)牢的瞬間畦韭，已是汗流浹背疼蛾。一陣腳步聲響...
開封第一講書人閱讀 33,139評論 1贊 272
情欲美人皮
我被黑心中介騙來泰國打工，沒想到剛下飛機就差點兒被人妖公主榨干…… 1. 我叫王不留艺配，地道東北人察郁。一個月前我還...
沈念sama閱讀 48,377評論 3贊 373
代替公主和親
正文我出身青樓，卻偏偏與公主長得像转唉，于是被迫代替她去往敵國和親皮钠。傳聞我的和親對象是個殘疾皇子，可洞房花燭夜當(dāng)晚...
茶點故事閱讀 45,060評論 2贊 355

VXLAN Multi-Site部署

1. 實驗?zāi)康?/h1> 部署MP-BGP EVPN based VXLAN Multi-Site，了解Anycast BGW的工作原理

2. 實驗環(huán)境拓?fù)?/h1> 本實驗采用BGWs on Spine模型 image image

3. 實驗步驟

3.1 設(shè)備配置

3.1.1 BGW1-SP1上配置Internal OSPF Underlay

3.1.2 BGW1-SP1上配置Internal iBGP overlay

3.1.3 BGW1-SP1上配置External eBGP Underlay

3.1.4 BGW1-SP1上配置External eBGP Overlay

3.1.5 RS（eBGP RR）配置

3.1.6 BGW1-SP1上配置L3 Extension

3.1.7 BGW1-SP1上配置L2 Extension

3.1.8 可選配置BUM traffic enforcement

3.1.9 Site1-LEAF1上完成MP-BGP EVPN的配置

3.1.10 Switch1配置

3.2 Site1配置檢查

3.3 Site2配置參考

3.3.1 BGW2-SP1的配置

3.3.2 Site2-Leaf1的配置

3.3.3 Switch2配置

3.3.4 Switch3配置

4. Site1與Site2互通檢查

推薦閱讀更多精彩內(nèi)容

1. 實驗?zāi)康?/h1>
部署MP-BGP EVPN based VXLAN Multi-Site，了解Anycast BGW的工作原理

2. 實驗環(huán)境拓?fù)?/h1>
本實驗采用BGWs on Spine模型

image

image