基于EVPN的VxLAN实验

基于EVPN的VxLAN实验

来源 https://www.jianshu.com/p/5d2518e1dabd

参考 https://support.cloudmylab.com/portal/en/kb/articles/vxlan-lab-on-eve-ng

参考 https://www.cisco.com/c/dam/global/zh_cn/products/collateral/switches/nexus-9000-series-switches/guide-c07-734107.pdf

 

VxLAN是一种overlay技术，将二层以太网帧封装在UDP报文里面，穿过骨干三层underlay IP网络，VxLAN的24 bytes的VNID，使得现有的二层网络得到了很好的扩展，尤其是在云计算大数据时代，是主流的大二层组网方案。VxLAN有两种实现方式：

• 基于组播的VxLAN，它是一种数据驱动式的泛洪与学习（driven flood-&-learn），没有控制面，通过组播来传送VxLAN BUM流量（Broadcast, Unknown Unicast and Multicast）
• 以EVPN作为控制面的VxLAN，EVPN通过MP-BGP来自动发现和认证VTEP邻居，通过MP-BGP来通告主机MAC/IP地址

实验拓扑：构造如下拓扑，来进行以EVPN作为控制面的VxLAN的实验。

实验目的：验证同一VxLAN以及不同VxLAN中的主机可以互通。
实验环境：本实验使用EVE-NG来模拟，VTEP-1/2，和RR均使用NXOS，镜像版本如下

Used images for lab:
nxosv9k-7.0.3.I7.1, x4CPU, 8Gb RAM each
IOL L3 15.4.2T Routers
vIOS L2 15.2 Switches
VPCS VMs

实验步骤：

第一步：完成基本配置，实现同一VxLAN下主机的互通

配置VTEP-1

VTEP-1# show running-config

nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,200,210
vlan 200
  vn-segment 20000
vlan 210
  vn-segment 20010

interface nve1
  no shutdown
  host-reachability protocol bgp
  source-interface loopback0
  member vni 20000
    mcast-group 230.1.1.1
  member vni 20010
    mcast-group 230.1.1.2

interface Ethernet1/1
  switchport mode trunk
  switchport trunk allowed vlan 200,210

interface Ethernet1/2
  no switchport
  ip address 20.1.1.2/24
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
  no shutdown

  interface loopback0
  ip address 100.100.100.1/32
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode

router ospf 1
  router-id 100.100.100.1
  
router bgp 100
  router-id 100.100.100.1
  log-neighbor-changes
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 100.100.100.3
    remote-as 100
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community extended
evpn
  vni 20000 l2
    rd auto
    route-target import auto
    route-target export auto
  vni 20010 l2
    rd auto
    route-target import auto
    route-target export auto


VTEP-1#

配置VTEP-2

VTEP-2# show running-config

nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,200,210
vlan 200
  vn-segment 20000
vlan 210
  vn-segment 20010

interface nve1
  no shutdown
  host-reachability protocol bgp
  source-interface loopback0
  member vni 20000
    mcast-group 230.1.1.1
  member vni 20010
    mcast-group 230.1.1.2

interface Ethernet1/1
  switchport mode trunk
  switchport trunk allowed vlan 200,210

interface Ethernet1/2
  no switchport
  ip address 30.1.1.2/24
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
  no shutdown

interface loopback0
  ip address 100.100.100.2/32
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode

router ospf 1
  router-id 100.100.100.2
router bgp 100
  router-id 100.100.100.2
  log-neighbor-changes
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 100.100.100.3
    remote-as 100
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community extended
evpn
  vni 20000 l2
    rd auto
    route-target import auto
    route-target export auto
  vni 20010 l2
    rd auto
    route-target import auto
    route-target export auto


VTEP-2#

配置RR

RR# show running-config

nv overlay evpn
feature ospf
feature bgp
feature pim
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8

interface Ethernet1/1
  no switchport
  ip address 20.1.1.1/24
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
  no shutdown

interface Ethernet1/2
  no switchport
  ip address 30.1.1.1/24
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
  no shutdown

interface loopback0
  ip address 100.100.100.3/32
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode

router ospf 1
  router-id 100.100.100.3
router bgp 100
  router-id 100.100.100.3
  log-neighbor-changes
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 100.100.100.1
    remote-as 100
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community extended
      route-reflector-client
  neighbor 100.100.100.2
    remote-as 100
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community extended
      route-reflector-client


RR#

配置Switch1

Switch1#show running-config

interface GigabitEthernet0/0
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport access vlan 200
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 switchport access vlan 210
 media-type rj45
 negotiation auto
!

Switch1#

配置Switch2

Switch2#show running-config

interface GigabitEthernet0/0
 switchport trunk encapsulation dot1q
 switchport mode trunk
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/1
 switchport access vlan 200
 media-type rj45
 negotiation auto
!
interface GigabitEthernet0/2
 switchport access vlan 210
 media-type rj45
 negotiation auto
!

Switch2#

VM1 Ping测试VM3

VM1> ping 192.168.1.11

84 bytes from 192.168.1.11 icmp_seq=1 ttl=64 time=35.080 ms
84 bytes from 192.168.1.11 icmp_seq=2 ttl=64 time=19.675 ms
84 bytes from 192.168.1.11 icmp_seq=3 ttl=64 time=17.657 ms
84 bytes from 192.168.1.11 icmp_seq=4 ttl=64 time=24.238 ms
84 bytes from 192.168.1.11 icmp_seq=5 ttl=64 time=16.781 ms

VM1>

VM2 Ping测试VM4

VM2> ping 172.16.1.11

84 bytes from 172.16.1.11 icmp_seq=1 ttl=64 time=47.187 ms
84 bytes from 172.16.1.11 icmp_seq=2 ttl=64 time=20.255 ms
84 bytes from 172.16.1.11 icmp_seq=3 ttl=64 time=20.980 ms
84 bytes from 172.16.1.11 icmp_seq=4 ttl=64 time=18.804 ms
84 bytes from 172.16.1.11 icmp_seq=5 ttl=64 time=26.887 ms

VM2>

查看VTEP-1的EVPN邻居关系

VTEP-1# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 100.100.100.1, local AS number 100
BGP table version is 34, L2VPN EVPN config peers 1, capable peers 1
6 network entries and 6 paths using 1128 bytes of memory
BGP attribute entries [4/640], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [1/4]

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
100.100.100.3   4   100      62      53       34    0    0 00:39:55 2
VTEP-1#

查看VTEP-2的EVPN邻居关系

VTEP-2# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 100.100.100.2, local AS number 100
BGP table version is 34, L2VPN EVPN config peers 1, capable peers 1
6 network entries and 6 paths using 1128 bytes of memory
BGP attribute entries [4/640], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [1/4]

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
100.100.100.3   4   100      61      55       34    0    0 00:40:35 2
VTEP-2#

查看RR的EVPN邻居关系

RR# show bgp l2vpn evpn summary
BGP summary information for VRF default, address family L2VPN EVPN
BGP router identifier 100.100.100.3, local AS number 100
BGP table version is 28, L2VPN EVPN config peers 2, capable peers 2
4 network entries and 4 paths using 928 bytes of memory
BGP attribute entries [2/320], BGP AS path entries [0/0]
BGP community entries [0/0], BGP clusterlist entries [0/0]

Neighbor        V    AS MsgRcvd MsgSent   TblVer  InQ OutQ Up/Down  State/PfxRcd
100.100.100.1   4   100      60      54       28    0    0 00:40:48 2
100.100.100.2   4   100      62      51       28    0    0 00:40:57 2
RR#

查看VTEP-1的EVPN路由更新条目

VTEP-1# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 34, Local Router ID is 100.100.100.1
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 100.100.100.1:32967    (L2VNI 20000)
*>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
                      100.100.100.1                     100      32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
                      100.100.100.2                     100          0 i

Route Distinguisher: 100.100.100.1:32977    (L2VNI 20010)
*>l[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
                      100.100.100.1                     100      32768 i
*>i[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
                      100.100.100.2                     100          0 i

Route Distinguisher: 100.100.100.2:32967
*>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
                      100.100.100.2                     100          0 i

Route Distinguisher: 100.100.100.2:32977
*>i[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
                      100.100.100.2                     100          0 i

VTEP-1#

查看VTEP-2的EVPN路由更新条目

VTEP-2# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 34, Local Router ID is 100.100.100.2
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i
njected
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup

   Network            Next Hop            Metric     LocPrf     Weight Path
Route Distinguisher: 100.100.100.1:32967
*>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
                      100.100.100.1                     100          0 i

Route Distinguisher: 100.100.100.1:32977
*>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
                      100.100.100.1                     100          0 i

Route Distinguisher: 100.100.100.2:32967    (L2VNI 20000)
*>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216
                      100.100.100.1                     100          0 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216
                      100.100.100.2                     100      32768 i

Route Distinguisher: 100.100.100.2:32977    (L2VNI 20010)
*>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216
                      100.100.100.1                     100          0 i
*>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216
                      100.100.100.2                     100      32768 i

VTEP-2#

查看VTEP-1的EVPN MAC学习

VTEP-1# show l2route evpn mac all

Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link
(Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending
(S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override
(Pf):Permanently-Frozen

Topology    Mac Address    Prod   Flags         Seq No     Next-Hops
----------- -------------- ------ ------------- ---------- ----------------
200         0050.7966.6806 Local  L,            0          Eth1/1
200         0050.7966.6808 BGP    Rcv           0          100.100.100.2
210         0050.7966.6807 Local  L,            0          Eth1/1
210         0050.7966.6809 BGP    Rcv           0          100.100.100.2
VTEP-1#

查看VTEP-2的EVPN MAC学习

VTEP-2# show l2route evpn mac all

Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link
(Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending
(S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override
(Pf):Permanently-Frozen

Topology    Mac Address    Prod   Flags         Seq No     Next-Hops
----------- -------------- ------ ------------- ---------- ----------------
200         0050.7966.6806 BGP    Rcv           0          100.100.100.1
200         0050.7966.6808 Local  L,            0          Eth1/1
210         0050.7966.6807 BGP    Rcv           0          100.100.100.1
210         0050.7966.6809 Local  L,            0          Eth1/1
VTEP-2#

重建BGP邻居

RR# clear ip bgp *

在VTEP-1上查看BGP updates信息

VTEP-1# debug bgp updates
2017 Dec 28 01:50:12.361546 bgp:  [26340] (default) UPD: [IPv4 Unicast] Starting update run for peer 100.100.100.3 (#0)
2017 Dec 28 01:50:12.361619 bgp:  [26340] (default) UPD: [IPv4 Unicast] Found marker dest 0xd7a9ef64 on xmitlist for peer 100.100.100.3 (sent prefixes: 0)
2017 Dec 28 01:50:12.361694 bgp:  [26340] (default) UPD: [IPv4 Unicast] Created EOR marker UPDATE msg (len 29) to peer 100.100.100.3 after sending 0 routes
2017 Dec 28 01:50:12.362218 bgp:  [26340] (default) UPD: [IPv4 Unicast] (#4) Suspending update run for peer 100.100.100.3 (#0)
2017 Dec 28 01:50:12.362234 bgp:  [26340] (default) UPD: [L2VPN EVPN] Continuing update run for peer 100.100.100.3 (#0)
2017 Dec 28 01:50:12.362241 bgp:  [26340] (default) UPD: [L2VPN EVPN] Found marker dest 0xd7bb53be on xmitlist for peer 100.100.100.3 (sent prefixes: 0)
2017 Dec 28 01:50:12.362255 bgp:  [26340] (default) UPD: [L2VPN EVPN] Created EOR marker UPDATE msg (len 29) to peer 100.100.100.3 after sending 0 routes
2017 Dec 28 01:50:12.362262 bgp:  [26340] (default) UPD: [L2VPN EVPN] (#41) Suspending update run for peer 100.100.100.3 (#41)
2017 Dec 28 01:50:34.760968 bgp:  [26340] (default) UPD: [L2VPN EVPN] Continuing update run for peer 100.100.100.3 (#41)
2017 Dec 28 01:50:34.761099 bgp:  [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off
2017 Dec 28 01:50:34.761338 bgp:  [26340] (default) UPD: 100.100.100.3 Sending attr code 1, length 1, Origin: IGP
2017 Dec 28 01:50:34.761747 bgp:  [26340] (default) UPD: 100.100.100.3 Sending attr code 5, length 4, Local-pref: 100
2017 Dec 28 01:50:34.762554 bgp:  [26340] (default) UPD: 100.100.100.3 Sending attr code 16, length 16, Ext-community: RT:100:20000 ENCAP:8
2017 Dec 28 01:50:34.762597 bgp:  [26340] (default) UPD: 100.100.100.3 Sending attr code 14 (Mp-reach), length 44, nexthop/length: 100.100.100.1/4
2017 Dec 28 01:50:34.762665 bgp:  [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 Created UPD msg (len 104) with prefix 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 (Not Installed in HW) path-id 1 for peer
2017 Dec 28 01:50:34.762709 bgp:  [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3: walked 0 nodes and packed 0/0 prefixes (104 bytes)
2017 Dec 28 01:50:34.763825 bgp:  [26340] (default) UPD: [L2VPN EVPN] (#42) Finished update run for peer 100.100.100.3 (#42)
2017 Dec 28 01:50:35.782806 bgp:  [26340] (default) UPD: Received UPDATE message from 100.100.100.3
2017 Dec 28 01:50:35.782875 bgp:  [26340] (default) UPD: 100.100.100.3 parsed UPDATE message from peer, len 118 , withdraw len 0, attr len 95, nlri len 0
2017 Dec 28 01:50:35.782891 bgp:  [26340] (default) UPD: Attr code 1, length 1, Origin: IGP
2017 Dec 28 01:50:35.782921 bgp:  [26340] (default) UPD: Attr code 5, length 4, Local-pref: 100
2017 Dec 28 01:50:35.782942 bgp:  [26340] (default) UPD: Attr code 16, length 16, Ext-community: RT:100:20000 ENCAP:8
2017 Dec 28 01:50:35.782951 bgp:  [26340] (default) UPD: Attr code 9, length 4, Originator: 100.100.100.2
2017 Dec 28 01:50:35.782958 bgp:  [26340] (default) UPD: Attr code 10, length 4, Cluster-list
2017 Dec 28 01:50:35.785367 bgp:  [26340] (default) UPD: Peer 100.100.100.3 nexthop length in MP reach: 4
2017 Dec 28 01:50:35.785486 bgp:  [26340] (default) UPD: Recvd NEXTHOP 100.100.100.2
2017 Dec 28 01:50:35.785498 bgp:  [26340] (default) UPD: Attr code 14, length 44, Mp-reach
2017 Dec 28 01:50:35.785601 bgp:  [26340] (default) UPD: Received ESI 0000.0000.0000.0000.0000 for route type 2 from peer 100.100.100.3
2017 Dec 28 01:50:35.785641 bgp:  [26340] (default) UPD: [L2VPN EVPN] Received rd 100.100.100.2:32967 prefix [2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 from peer 100.100.100.3, origin 0, next hop 100.100.100.2, localpref 100, med 0
2017 Dec 28 01:50:35.787998 bgp:  [26340] (default) UPD: [L2VPN EVPN] Starting update run for peer 100.100.100.3 (#42)
2017 Dec 28 01:50:35.788048 bgp:  [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.2:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off
2017 Dec 28 01:50:35.788073 bgp:  [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 100.100.100.2:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 path-id 1 not sent to peer due to: advertising peer
2017 Dec 28 01:50:35.788348 bgp:  [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off
2017 Dec 28 01:50:35.788372 bgp:  [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 path-id 1 not sent to peer due to: advertising peer
2017 Dec 28 01:50:35.788451 bgp:  [26340] (default) UPD: [L2VPN EVPN] (#44) Finished update run for peer 100.100.100.3 (#44)

VTEP-1#

第二步：实现不同VxLAN下主机的互通

• 配置anycast-gateway-mac地址
• 针对不同租户配置VRF
• 为VRF创建L3 VNI
• 配置anycast-gateway
• 在每个租户VRF的address-family ipv4 unicast地址族下启用EVPN路由通告

VTEP-1配置

fabric forwarding anycast-gateway-mac 0002.0002.0002

vlan 200,210,3900
vlan 3900
  name l3-vni-vlan-for-tenant-1
  vn-segment 39000

vrf context evpn-tenant-1
  vni 39000
  rd auto
  address-family ipv4 unicast
    route-target import 39000:39000
    route-target export 39000:39000
    route-target both auto evpn

interface Vlan200
  no shutdown
  vrf member evpn-tenant-1
  ip address 192.168.1.254/24
  fabric forwarding mode anycast-gateway

interface Vlan210
  no shutdown
  vrf member evpn-tenant-1
  ip address 172.16.1.254/24
  fabric forwarding mode anycast-gateway

interface Vlan3900
  description l3-vni-for-tenant-1-routing
  no shutdown
  vrf member evpn-tenant-1
  ip address 12.1.1.1/30
  fabric forwarding mode anycast-gateway

router bgp 100
  router-id 100.100.100.1
  log-neighbor-changes
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 100.100.100.3
    remote-as 100
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community extended
  vrf evpn-tenant-1
    address-family ipv4 unicast
      advertise l2vpn evpn
  vrf evpn-tenant-2
    address-family ipv4 unicast
      advertise l2vpn evpn

VTEP-2配置

fabric forwarding anycast-gateway-mac 0002.0002.0002

vlan 200,210,3900
vlan 3900
  name l3-vni-vlan-for-tenant-1
  vn-segment 39000

vrf context evpn-tenant-1
  vni 39000
  rd auto
  address-family ipv4 unicast
    route-target import 39000:39000
    route-target export 39000:39000
    route-target both auto evpn

interface Vlan200
  no shutdown
  vrf member evpn-tenant-1
  ip address 192.168.1.254/24
  fabric forwarding mode anycast-gateway

interface Vlan210
  no shutdown
  vrf member evpn-tenant-1
  ip address 172.16.1.254/24
  fabric forwarding mode anycast-gateway

interface Vlan3900
  description l3-vni-for-tenant-1-routing
  no shutdown
  vrf member evpn-tenant-1
  ip address 12.1.1.1/30
  fabric forwarding mode anycast-gateway

router bgp 100
  router-id 100.100.100.2
  log-neighbor-changes
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 100.100.100.3
    remote-as 100
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community extended
  vrf evpn-tenant-1
    address-family ipv4 unicast
      advertise l2vpn evpn
  vrf evpn-tenant-2
    address-family ipv4 unicast
      advertise l2vpn evpn

VM1> ping 192.168.1.11

84 bytes from 192.168.1.11 icmp_seq=1 ttl=64 time=21.972 ms
84 bytes from 192.168.1.11 icmp_seq=2 ttl=64 time=17.022 ms
84 bytes from 192.168.1.11 icmp_seq=3 ttl=64 time=21.564 ms
84 bytes from 192.168.1.11 icmp_seq=4 ttl=64 time=21.546 ms
84 bytes from 192.168.1.11 icmp_seq=5 ttl=64 time=17.653 ms

VM1> ping 172.16.1.11

84 bytes from 172.16.1.11 icmp_seq=1 ttl=62 time=25.515 ms
84 bytes from 172.16.1.11 icmp_seq=2 ttl=62 time=33.164 ms
84 bytes from 172.16.1.11 icmp_seq=3 ttl=62 time=31.302 ms
84 bytes from 172.16.1.11 icmp_seq=4 ttl=62 time=21.556 ms
84 bytes from 172.16.1.11 icmp_seq=5 ttl=62 time=29.198 ms

VM1>

相同VxLAN间通信封装的是L2的VNI是20000

不同VxLAN间通信封装的是L3 VNI是39000

第三步：实现外部路由的注入

如下图所示，WAN-R1上面向VxLAN网络注入三条路由，8.8.8.8/32、100.0.0.0/24、100.0.1.0/24

VTEP-2配置

interface Ethernet1/3
  no switchport
  vrf member evpn-tenant-1
  ip address 40.1.1.1/24
  no shutdown

router bgp 100
  router-id 100.100.100.2
  log-neighbor-changes
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 100.100.100.3
    remote-as 100
    update-source loopback0
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community extended
  vrf evpn-tenant-1
    address-family ipv4 unicast
      network 192.168.1.0/24
      advertise l2vpn evpn
    neighbor 40.1.1.2
      remote-as 200
      address-family ipv4 unicast
        prefix-list outbound-no-hosts out
evpn
  vni 20000 l2
    rd auto
    route-target import auto
    route-target export auto
  vni 20010 l2
    rd auto
    route-target import auto
    route-target export auto
vrf context evpn-tenant-1
  rd auto
  address-family ipv4 unicast
    route-target import 39000:39000
    route-target export 39000:39000
    route-target both auto evpn

VTEP-2# 

WAN-R1配置

！
interface Loopback100
 ip address 8.8.8.8 255.255.255.255
end
!
interface Ethernet0/0
 ip address 40.1.1.2 255.255.255.0
end
！
router bgp 200
 bgp log-neighbor-changes
 neighbor 40.1.1.1 remote-as 100
 !
 address-family ipv4
  network 8.8.8.8 mask 255.255.255.255
  network 100.0.0.0 mask 255.255.255.0
  network 100.0.1.0 mask 255.255.255.0
  neighbor 40.1.1.1 activate
 exit-address-family
！
ip route 100.0.0.0 255.255.255.0 Null0
ip route 100.0.1.0 255.255.255.0 Null0
！

VM1 Ping测WAN-R1发布的8.8.8.8

VM1> ping 8.8.8.8

84 bytes from 8.8.8.8 icmp_seq=1 ttl=253 time=23.228 ms
84 bytes from 8.8.8.8 icmp_seq=2 ttl=253 time=22.362 ms
84 bytes from 8.8.8.8 icmp_seq=3 ttl=253 time=28.130 ms
84 bytes from 8.8.8.8 icmp_seq=4 ttl=253 time=20.304 ms
84 bytes from 8.8.8.8 icmp_seq=5 ttl=253 time=24.945 ms

VM1>

VTEP-1上面收到WAN-R1发布的路由8.8.8.8/32、100.0.0.0/24、100.0.1.0/24

VTEP-1# show ip route vrf evpn-tenant-1
IP Route Table for VRF "evpn-tenant-1"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

8.8.8.8/32, ubest/mbest: 1/0
    *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN

12.1.1.0/30, ubest/mbest: 1/0, attached
    *via 12.1.1.1, Vlan3900, [0/0], 01:39:24, direct
12.1.1.1/32, ubest/mbest: 1/0, attached
    *via 12.1.1.1, Vlan3900, [0/0], 01:39:24, local
100.0.0.0/24, ubest/mbest: 1/0
    *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN

100.0.1.0/24, ubest/mbest: 1/0
    *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN

172.16.1.0/24, ubest/mbest: 1/0, attached
    *via 172.16.1.254, Vlan210, [0/0], 01:39:24, direct
172.16.1.10/32, ubest/mbest: 1/0, attached
    *via 172.16.1.10, Vlan210, [190/0], 00:55:10, hmm
172.16.1.11/32, ubest/mbest: 1/0
    *via 100.100.100.2%default, [200/0], 00:54:13, bgp-100, internal, tag 100 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN

172.16.1.254/32, ubest/mbest: 1/0, attached
    *via 172.16.1.254, Vlan210, [0/0], 01:39:24, local
192.168.1.0/24, ubest/mbest: 1/0, attached
    *via 192.168.1.254, Vlan200, [0/0], 01:39:24, direct
192.168.1.10/32, ubest/mbest: 1/0, attached
    *via 192.168.1.10, Vlan200, [190/0], 00:55:02, hmm
192.168.1.11/32, ubest/mbest: 1/0
    *via 100.100.100.2%default, [200/0], 00:01:59, bgp-100, internal, tag 100 (e
vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN

192.168.1.254/32, ubest/mbest: 1/0, attached
    *via 192.168.1.254, Vlan200, [0/0], 01:39:24, local

VTEP-1#

实验总结：至此实验目的已经全部达成。使用EVPN的VxLAN方案，先天的转控分离更适合在SDN方案中部署，后续继续进行VxLAN在SDN中的实验。

 

================

 

Scenario: configure VxLAN both Flood & Learn and EVPN mode.  ( 场景：同时配置VxLAN Flood＆Learn和EVPN模式。 ) 

Premise: ( 前提：)

• You have 1 Spines and 3 Leafs. Leaf-2 and Leaf-3 are setup as vPC pairs. （ 您有1个刺和3个叶子。Leaf-2和Leaf-3设置为vPC对 ）

• The host port on Leaf-1 is in VLAN 10 and on Leaf-2 in VLAN 10 & 20  （ Leaf-1上的主机端口在VLAN 10中，而Leaf-2上的主机端口在VLAN 10和20中 ）
• vPC pair has a L2 switch connected to its member port and is passing all Vlans 10, 20 , 30. ( vPC对具有连接到其成员端口的L2交换机，并且正在通过所有Vlan 10、20、30 )

Goal: The Goal of the lab is to configure VXLAN overlay to provide reachability between SW1,SW2 and SW3 using VXLAN  ( 目标：实验室的目标是配置VXLAN覆盖，以使用VXLAN在SW1，SW2和SW3之间提供可达性 )

STEP1: Configure basic IP reachability between Leaf and Spine switches using OSPF routing protocol. 

( 步骤1：使用OSPF路由协议在Leaf和Spine交换机之间配置基本IP可达性。 )

STEP2: Configure multicast between Leaf and Spine. Best practice is to use bidirectional mode. We can configure anycast or phantom RP for Spine redundancy. Make sure to allow the correct group address to be used for VxLAN.

( 步骤2：在Leaf和Spine之间配置多播。最佳实践是使用双向模式。我们可以为Spine冗余配置任播或幻影RP。确保允许将正确的组地址用于VxLAN。 )

Note: Flood and Learn (F&L) 注意：泛洪与学习（F＆L）

As the name suggests, F&L used exactly flooding and learning procedure to learn the end hosts. F&L works in data plane.  ( 顾名思义，F＆L使用精确的泛洪和学习过程来学习最终主机。F＆L在数据平面中工作。 )

Step3:  Configure “feature nv overlay” and “feature vn-segment-vlan-based” on all Leaf switches ( 步骤3：  在所有Leaf交换机上配置“功能nv叠加”和“基于功能vn-segment-vlan” ) 

Step4: Configure Vlan and associate unique vn-segment per vlan. ( 步骤4： 配置VLAN，并为每个VLAN关联唯一的vn段。 )

Step5: Configure “nve” interface with source interface of Loopback 0. Associate vni to nve interface and assign multicast group of which vni should be part of.

( 步骤5：使用Loopback 0的源接口配置“ nve”接口。将vni与nve接口相关联，并分配vni应该属于其中的多播组。 )

Step6: Configure a common secondary IP on loopback for vpc peers. The nve peering will be done with secondary IP only.

( 步骤6：为vpc对等体配置通用的辅助IP环回。nve对等将仅使用辅助IP进行。 )

Step7: Configure VPC nve vlan on both vpc peers and SVI with ospf on it. Make sure to have increased cost on this link, so that it can’t be used as transit for all traffic.

( 步骤7：在vpc对等方和SVI上均配置ospf的VPC nve vlan。确保增加此链接的费用，以便不能将其用作所有流量的中转站。 )

Note: In F&L, there is no configuration needed on Spine. ( 注意：在F＆L中，在Spine上不需要配置。 )

Verification: Once nve interface is configured on all the leafs, you are ready to test the connectivity. ( 验证：在所有叶子上配置nve接口后，就可以测试连接了。 )

 

Verification: you will see (*,G) and (S,G) entry in mroute table. ( 验证：您将在mroute表中看到（*，G）和（S，G）条目。 )

 

 

BGP EVPN:

Step1: Configure “nv overlay evpn” on all switches. ( 步骤1： 在所有交换机上配置“ nv overlay evpn”。 )

Step2: For control plane, configure BGP from Leaf to Spine with address family l2vpn evpn. ( 步骤2：对于控制平面，使用地址族l2vpn evpn配置从Leaf到Spine的BGP。 )

Verification:  ( 验证： )

 

Step3: configure bgp in line with the interface to use bgp as a protocol for host reachability. ( 步骤3：根据接口配置bgp，以使用bgp作为主机可达性协议。 )

Step4:  Map the vni to evpn and configure RD/RT. Here we have an option configure device to automatically generated RD/RT value.

( 第四步：  中号AP的VNI到EVPN和配置RD / RT。在这里，我们有一个选项，可将设备配置为自动生成RD / RT值。 )

Verification: ( 验证： )

Step5: Configure the spines as route-reflector Client ( 步骤5：将刺配置为路由反射器客户端 )

This is data driven protocol, which means you will see nve peer and mac address only when there is an active traffic. ( 这是数据驱动的协议，这意味着仅当有活动流量时，您才会看到nve对等方和mac地址 )

 

Once the address is learned on leaf, BGP control plane will advertise the same to remote peers.

( 一旦在叶上学习到地址，BGP控制平面就会将其通告给远程对等体。 )

 

 

================== End