 这个实验,模拟很多次了,每次都有问题, 如论坛朋友讨论一样, 要不网关不通,要不能拼通对端网关PING不通主机,等等。这个是我做分布式实验出来的配置,大家可以使用。 另外总结一些问题给大家:前提配置得正确 一、Ping网关不通 1、首先确认网关有没有ARP,有不通的话,将pc重启,或者将物理接口重新undo shutdown。 2、PC写了网关,如果配置没问题的情况下,能到网关地址,就算不通,正常应该是TIMEOUT超时。如果Ping回应是destination host unreachable不可达,有可能是BUG,说明网关都找不到,重启PC,或者接入SW。 二、VXLAN隧道建立问题 1、EVPN建立不起来,通常Underlay网关能起来,EVPN基本没问题,有问题检查Underlay 2、EVPN建立起来学习不到IRB路由条目,查看Vbdif下是否开启arp collect host enable,这个命令作用是收集主机路由信息,EVPN会将这些信息以TYPE 2路由传递给对端。 三、CE L3GW学习到路由,跨子网能通,同子网不能通 这个问题我研究了很久,最终是在bd域下加了arp broadcast-suppress enable(ARP广播抑制)与arp l2-proxy gateway-mac (L2网关代答)功能才能通,因为配置手册是不用加的,然后我针对加与不加抓包进行对比发现: 1、不加:192.168.1.1Ping192.168.1.2同网段,默认CE1收到BUM报文会找到对应L2 VNI的头端复制隧道列表,将广播报文发送到CE2,CE2收到后发现VNI是发给自己的,解封装把BUM报文发个192.168.1.2,回报同理,后续发包就为单播了,但抓包一直发送是ARP广播包,DMAC:全FFFF,对面没回复,不明白是不是BUG。  2、加ARP抑制,L2网关代答,这2条命令缺一不可,少一条都不通。 因为启用L2网关代答,DMAC是CE1网关的MAC地址,这样才通的,但我认为不需要也能通。  原因有两种情况: 第一:ARP抑制,代答都不启用,正常第一个包全FFFF,对端回应单播包,后续有MAC地址表就能正常转发。 第二:仅开启ARP抑制,第一个包为全FFFF,发送至网关,网关上有type2路由主机信息(MAC/IP/VTEP IP/VNI ID),所以会将广播转单播,直接发送到对端VTEP节点上,对端VTEP解封装找到自己MAC地址打上VLAN ID送到主机上了。 配置信息: sysname CE1 # device board 17 board-type CE-MPUB device board 1 board-type CE-LPUE # evpn-overlay enable # ip vpn-instance a ipv4-family route-distinguisher 1:1 vpn-target 11:1 export-extcommunity evpn vpn-target 11:1 import-extcommunity evpn vxlan vni 10 # bridge-domain 2 vxlan vni 2 evpn route-distinguisher 1:1 vpn-target 10:1 export-extcommunity vpn-target 11:1 export-extcommunity vpn-target 10:1 import-extcommunity arp broadcast-suppress enable # aaa # authentication-scheme default # authorization-scheme default # accounting-scheme default # domain default # domain default_admin # interface Vbdif2 ip binding vpn-instance a ip address 192.168.1.254 255.255.255.0 arp distribute-gateway enable arp collect host enable # interface MEth0/0/0 undo shutdown # interface GE1/0/0 undo shutdown # interface GE1/0/0.2 mode l2 encapsulation dot1q vid 2 bridge-domain 2 # interface GE1/0/1 undo portswitch undo shutdown ip address 12.1.1.1 255.255.255.0 # interface GE1/0/2 shutdown # interface GE1/0/3 shutdown # interface GE1/0/4 shutdown # interface GE1/0/5 shutdown # interface GE1/0/6 shutdown # interface GE1/0/7 shutdown # interface GE1/0/8 shutdown # interface GE1/0/9 shutdown # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface Nve1 source 1.1.1.1 vni 2 head-end peer-list protocol bgp # interface NULL0 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 peer 12.1.1.2 as-number 100 # ipv4-family unicast network 1.1.1.1 255.255.255.255 peer 2.2.2.2 enable peer 12.1.1.2 enable # l2vpn-family evpn policy vpn-target peer 2.2.2.2 enable peer 2.2.2.2 advertise irb sysname CE2 # device board 17 board-type CE-MPUB device board 1 board-type CE-LPUE # evpn-overlay enable # evpn # ip vpn-instance b ipv4-family route-distinguisher 2:2 vpn-target 11:1 export-extcommunity evpn vpn-target 11:1 import-extcommunity evpn vxlan vni 10 # bridge-domain 2 vxlan vni 2 evpn route-distinguisher 2:3 vpn-target 10:1 export-extcommunity vpn-target 11:1 export-extcommunity vpn-target 10:1 import-extcommunity # bridge-domain 3 vxlan vni 3 evpn route-distinguisher 2:2 vpn-target 20:1 export-extcommunity vpn-target 11:1 export-extcommunity vpn-target 20:1 import-extcommunity # aaa # authentication-scheme default # authorization-scheme default # accounting-scheme default # domain default # domain default_admin # interface Vbdif2 ip binding vpn-instance b ip address 192.168.1.254 255.255.255.0 arp distribute-gateway enable arp collect host enable # interface Vbdif3 ip binding vpn-instance b ip address 192.168.2.254 255.255.255.0 arp distribute-gateway enable arp collect host enable # interface MEth0/0/0 undo shutdown # interface GE1/0/0 undo shutdown # interface GE1/0/0.2 mode l2 encapsulation dot1q vid 2 bridge-domain 2 # interface GE1/0/0.3 mode l2 encapsulation dot1q vid 3 bridge-domain 3 # interface GE1/0/1 undo portswitch undo shutdown ip address 12.1.1.2 255.255.255.0 # interface GE1/0/2 shutdown # interface GE1/0/3 shutdown # interface GE1/0/4 shutdown # interface GE1/0/5 shutdown # interface GE1/0/6 shutdown # interface GE1/0/7 shutdown # interface GE1/0/8 shutdown # interface GE1/0/9 shutdown # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface Nve1 source 2.2.2.2 vni 2 head-end peer-list protocol bgp vni 3 head-end peer-list protocol bgp # interface NULL0 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 peer 12.1.1.1 as-number 100 # ipv4-family unicast network 2.2.2.2 255.255.255.255 peer 1.1.1.1 enable peer 12.1.1.1 enable # l2vpn-family evpn policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 advertise irb # ssh authorization-type default aaa # ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc # ssh server dh-exchange min-len 1024 # ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc # user-interface con 0 查看信息: [~CE1-bd2]dis ip rou vpn a Proto: Protocol Pre: Preference Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Table : a Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 192.168.1.0/24 Direct 0 0 D 192.168.1.254 Vbdif2 192.168.1.2/32 IBGP 255 0 RD 2.2.2.2 VXLAN 192.168.1.254/32 Direct 0 0 D 127.0.0.1 Vbdif2 192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vbdif2 192.168.2.1/32 IBGP 255 0 RD 2.2.2.2 VXLAN 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [~CE1-bd2]dis bgp evpn al rou ma Local AS number : 100 BGP Local router ID is 12.1.1.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete EVPN address family: Number of Mac Routes: 6 Route Distinguisher: 1:1 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98fd-0378:32:192.168.1.1 0.0.0.0 *> 0:48:707b-e8ad-235d:0:0.0.0.0 0.0.0.0 Route Distinguisher: 2:2 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98bc-1b5e:32:192.168.2.1 2.2.2.2 *>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2 Route Distinguisher: 2:3 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2 *>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2 EVPN-Instance 2: Number of Mac Routes: 4 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2 *> 0:48:5489-98fd-0378:32:192.168.1.1 0.0.0.0 *>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2 *> 0:48:707b-e8ad-235d:0:0.0.0.0 0.0.0.0 EVPN-Instance __RD_1_1_1__: Number of Mac Routes: 2 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98bc-1b5e:32:192.168.2.1 2.2.2.2 *>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2 [~CE1-bd2] dis vx pe Number of peers : 1 Vni ID Source Destination Type Out Vni ID ------------------------------------------------------------------------------- 2 1.1.1.1 2.2.2.2 dynamic 2 [~CE1-bd2]dis vx tun Number of vxlan tunnel : 1 Tunnel ID Source Destination State Type Uptime ----------------------------------------------------------------------------------- 4026531841 1.1.1.1 2.2.2.2 up dynamic 00:34:16 [~CE1-bd2]dis vx vn Number of vxlan vni : 1 VNI BD-ID State --------------------------------------- 2 2 up [~CE1-bd2] [~CE2]dis bgp evpn al routing-table mac-route Local AS number : 100 BGP Local router ID is 12.1.1.2 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete EVPN address family: Number of Mac Routes: 6 Route Distinguisher: 1:1 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1 *>i 0:48:707b-e8ad-235d:0:0.0.0.0 1.1.1.1 Route Distinguisher: 2:2 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98bc-1b5e:32:192.168.2.1 0.0.0.0 *> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0 Route Distinguisher: 2:3 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98c4-6f7b:32:192.168.1.2 0.0.0.0 *> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0 EVPN-Instance 2: Number of Mac Routes: 4 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98c4-6f7b:32:192.168.1.2 0.0.0.0 *>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1 *> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0 *>i 0:48:707b-e8ad-235d:0:0.0.0.0 1.1.1.1 EVPN-Instance 3: Number of Mac Routes: 2 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98bc-1b5e:32:192.168.2.1 0.0.0.0 *> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0 EVPN-Instance __RD_1_2_2__: Number of Mac Routes: 1 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1 [~CE2]dis vx pe Number of peers : 1 Vni ID Source Destination Type Out Vni ID ------------------------------------------------------------------------------- 2 2.2.2.2 1.1.1.1 dynamic 2 [~CE2]dis vx tu Number of vxlan tunnel : 1 Tunnel ID Source Destination State Type Uptime ----------------------------------------------------------------------------------- 4026531841 2.2.2.2 1.1.1.1 up dynamic 00:34:52 [~CE2] 以上都是用ENSP模拟自己总结出来的,有些问题可能是BUG,欢迎大家一起来讨论! |
ENSP模拟VXLAN EVPN分布式网关
免责声明!
本站转载的文章为个人学习借鉴使用,本站对版权不负任何法律责任。如果侵犯了您的隐私权益,请联系本站邮箱yoyou2525@163.com删除。