基于EVPN的服务链策略路由配置举例
1.组网需求
Switch A、Switch B、Switch C为分布式EVPN网关设备,Switch D为RR,负责在交换机之间反射BGP路由。通过匹配以太网服务实例的策略路由,使Server 1发出报文先经过以太网服务实例1中的服务器处理,再发送到Server2。
2.配置步骤
1)按照图示配置IP地址和单播路由协议。
2)配置Switch A
# 开启L2VPN能力 [SwitchA] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchA] vxlan tunnel mac-learning disable [SwitchA] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] evpn encapsulation vxlan [SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto # 创建VXLAN 10 [SwitchA-vsi-vpna] vxlan 10 # 配置BGP发布EVPN路由 [SwitchA] bgp 200 [SwitchA-bgp-default] peer 4.4.4.4 as-number 200 [SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0 [SwitchA-bgp-default] address-family l2vpn evpn [SwitchA-bgp-default-evpn] peer 4.4.4.4 enable # 创建VPN实例vpna。 [SwitchA] ip vpn-instance vpna [SwitchA-vpn-instance-vpna] route-distinguisher 1:1 [SwitchA-vpn-instance-vpna] address-family ipv4 [SwitchA-vpn-ipv4-vpna] vpn-target 2:2 [SwitchA-vpn-ipv4-vpna] quit [SwitchA-vpn-instance-vpna] address-family evpn [SwitchA-vpn-evpn-vpna] vpn-target 1:1
# 配置VSI虚接口VSI-interface1。 [SwitchA] interface vsi-interface 1 [SwitchA-Vsi-interface1] ip binding vpn-instance vpna [SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vsi-interface1] mac-address 0001-0001-0001 [SwitchA-Vsi-interface1] local-proxy-arp enable [SwitchA-Vsi-interface1] distributed-gateway local # 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。 [SwitchA] interface vsi-interface 3 [SwitchA-Vsi-interface3] ip binding vpn-instance vpna [SwitchA-Vsi-interface3] l3-vni 1000 # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] gateway vsi-interface 1 # 配置VLAN接口11 [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] ip address 11.1.1.1 255.255.255.0 [SwitchA-Vlan-interface11] ospf 1 area 0.0.0.0
# 配置以太网服务实例1000与VSI实例vpna关联 [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] port link-mode bridge [SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna # 定义访问控制列表ACL 3000,用来匹配源地址为10.1.1.10,目的地址为10.1.1.20的报文。 [SwitchA] acl advanced 3000 [SwitchA-acl-ipv4-adv-3000] rule 0 permit ip source 10.1.1.10 0 destination 10.1.1.20 # 定义0号节点,指定所有源地址为10.1.1.10,目的地址为10.1.1.20的报文的下一跳为10.1.1.11。 [SwitchA] policy-based-route aa permit node 0 [SwitchA-pbr-aa-0] if-match acl 3000 [SwitchA-pbr-aa-0] apply service-chain path-id 1 [SwitchA-pbr-aa-0] apply next-hop vpn-instance vpna 10.1.1.11 # 在VSI虚接口3上应用转发策略路由,处理此接口接收的报文。 [SwitchA] interface vsi-interface 3 [SwitchA-Vsi-interface3] ip policy-based-route aa
3)配置Switch B
# 开启L2VPN能力。 [SwitchB] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchB] vxlan tunnel mac-learning disable [SwitchB] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] evpn encapsulation vxlan [SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto # 创建VXLAN 10。 [SwitchB-vsi-vpna] vxlan 10 # 配置BGP发布EVPN路由。 [SwitchB] bgp 200 [SwitchB-bgp-default] peer 4.4.4.4 as-number 200 [SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback0 [SwitchB-bgp-default] address-family l2vpn evpn [SwitchB-bgp-default-evpn] peer 4.4.4.4 enable # 创建VPN实例vpna。 [SwitchB] ip vpn-instance vpna [SwitchB-vpn-instance-vpna] route-distinguisher 1:1 [SwitchB-vpn-instance-vpna] address-family ipv4 [SwitchB-vpn-ipv4-vpna] vpn-target 2:2 [SwitchB-vpn-ipv4-vpna] quit [SwitchB-vpn-instance-vpna] address-family evpn [SwitchB-vpn-evpn-vpna] vpn-target 1:1
# 配置VSI虚接口VSI-interface1。 [SwitchB] interface vsi-interface 1 [SwitchB-Vsi-interface1] ip binding vpn-instance vpna [SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchB-Vsi-interface1] mac-address 0001-0001-0001 [SwitchB-Vsi-interface1] local-proxy-arp enable [SwitchB-Vsi-interface1] distributed-gateway local # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] gateway vsi-interface 1 # 配置VSI虚接口VSI-interface3。 [SwitchB] interface vsi-interface 3 [SwitchB-Vsi-interface3] ip binding vpn-instance vpna [SwitchB-Vsi-interface3] l3-vni 1000 # 配置接口Ten-GigabitEthernet1/0/1作为AC接口。 [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] port link-mode bridge [SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 [SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna # 定义0号节点,指定所有服务链编号为1的报文的下一跳为10.1.1.11。 [SwitchB] policy-based-route aa permit node 0 [SwitchB-pbr-aa-0] if-match service-chain path-id 1 [SwitchB-pbr-aa-0] apply next-hop vpn-instance vpna 10.1.1.11 # 在VSI虚接口3上应用转发策略路由,处理此接口接收的报文。 [SwitchB] interface vsi-interface 3 [SwitchB-Vsi-interface3] ip policy-based-route aa
4)配置Switch C
# 开启L2VPN能力。 [SwitchC] l2vpn enable # 关闭远端MAC地址和远端ARP自动学习功能。 [SwitchC] vxlan tunnel mac-learning disable [SwitchC] vxlan tunnel arp-learning disable # 在VSI实例vpna下创建EVPN实例,并配置自动生成EVPN实例的RD和RT。 [SwitchC] vsi vpna [SwitchC-vsi-vpna] evpn encapsulation vxlan [SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto # 创建VXLAN 10。 [SwitchC-vsi-vpna] vxlan 10 # 配置BGP发布EVPN路由。 [SwitchC] bgp 200 [SwitchC-bgp-default] peer 4.4.4.4 as-number 200 [SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0 [SwitchC-bgp-default] address-family l2vpn evpn [SwitchC-bgp-default-evpn] peer 4.4.4.4 enable # 创建VPN实例vpna。 [SwitchC] ip vpn-instance vpna [SwitchC-vpn-instance-vpna] route-distinguisher 1:1 [SwitchC-vpn-instance-vpna] address-family ipv4 [SwitchC-vpn-ipv4-vpna] vpn-target 2:2 [SwitchC-vpn-ipv4-vpna] quit [SwitchC-vpn-instance-vpna] address-family evpn [SwitchC-vpn-evpn-vpna] vpn-target 1:1
# 创建VSI虚接口VSI-interface1,并为其配置IP地址,该IP地址作为VXLAN 10内虚拟机的网关地址。 [SwitchC] interface vsi-interface 1 [SwitchC-Vsi-interface1] ip binding vpn-instance vpna [SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchC-Vsi-interface1] mac-address 0001-0001-0001 [SwitchC-Vsi-interface1] local-proxy-arp enable [SwitchC-Vsi-interface1] distributed-gateway local # 创建VSI虚接口VSI-interface3,在该接口上配置VPN实例vpna对应的L3VNI为1000。 [SwitchC] interface vsi-interface 3 [SwitchC-Vsi-interface3] ip binding vpn-instance vpna [SwitchC-Vsi-interface3] l3-vni 1000 # 配置VXLAN 10所在的VSI实例和接口VSI-interface1关联。 [SwitchC] vsi vpna [SwitchC-vsi-vpna] gateway vsi-interface 1 # 在接入服务器的接口Ten-GigabitEthernet1/0/1上绑定VSI。 [SwitchC] interface ten-gigabitethernet 1/0/1 [SwitchC-Ten-GigabitEthernet1/0/1] port link-mode bridge [SwitchC-Ten-GigabitEthernet1/0/1] service-instance 2000 [SwitchC-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 2 [SwitchC-Ten-GigabitEthernet1/0/1] xconnect vsi vpna
5)配置Switch D
# 配置Switch D与其他交换机建立BGP连接。 [SwitchD] bgp 200 [SwitchD-bgp-default] group evpn [SwitchD-bgp-default] peer 1.1.1.1 group evpn [SwitchD-bgp-default] peer 2.2.2.2 group evpn [SwitchD-bgp-default] peer 3.3.3.3 group evpn [SwitchD-bgp-default] peer evpn as-number 200 [SwitchD-bgp-default] peer evpn connect-interface loopback 0 # 配置BGP发布EVPN路由,并关闭BGP EVPN路由的VPN-Target过滤功能。 [SwitchD-bgp-default] address-family l2vpn evpn [SwitchD-bgp-default-evpn] peer evpn enable [SwitchD-bgp-default-evpn] undo policy vpn-target # 配置Switch D为路由反射器。 [SwitchD-bgp-default-evpn] peer evpn reflect-client # 配置VLAN接口11接口数据。 [SwitchD] interface vlan-interface 11 [SwitchD-Vlan-interface11] ip address 11.1.1.4 255.255.255.0 [SwitchD-Vlan-interface11] ospf 1 area 0.0.0.0 # 配置VLAN接口12接口数据。 [SwitchD] interface vlan-interface 12 [SwitchD-Vlan-interface12] ip address 12.1.1.4 255.255.255.0 [SwitchD-Vlan-interface12] ospf 1 area 0.0.0.0 # 配置VLAN接口13接口数据。 [SwitchD] interface Vlan-interface 13 [SwitchD-Vlan-interface13] ip address 13.1.1.4 255.255.255.0 [SwitchD-Vlan-interface13] ospf 1 area 0.0.0.0
6)这时通过抓包可以看到Server 1发出报文先经过以太网服务实例1中的服务器处理,再发送到Server2。
看看天上,于是我去了满是风雪的地方
