基於EVPN的VxLAN實驗

來源 https://www.jianshu.com/p/5d2518e1dabd

參考 https://support.cloudmylab.com/portal/en/kb/articles/vxlan-lab-on-eve-ng

參考 https://www.cisco.com/c/dam/global/zh_cn/products/collateral/switches/nexus-9000-series-switches/guide-c07-734107.pdf

 

VxLAN是一種overlay技術，將二層以太網幀封裝在UDP報文里面，穿過骨干三層underlay IP網絡，VxLAN的24 bytes的VNID，使得現有的二層網絡得到了很好的擴展，尤其是在雲計算大數據時代，是主流的大二層組網方案。VxLAN有兩種實現方式：

• 基於組播的VxLAN，它是一種數據驅動式的泛洪與學習（driven flood-&-learn），沒有控制面，通過組播來傳送VxLAN BUM流量（Broadcast, Unknown Unicast and Multicast）
• 以EVPN作為控制面的VxLAN，EVPN通過MP-BGP來自動發現和認證VTEP鄰居，通過MP-BGP來通告主機MAC/IP地址

實驗拓撲：構造如下拓撲，來進行以EVPN作為控制面的VxLAN的實驗。

實驗目的：驗證同一VxLAN以及不同VxLAN中的主機可以互通。
實驗環境：本實驗使用EVE-NG來模擬，VTEP-1/2，和RR均使用NXOS，鏡像版本如下

Used images for lab: nxosv9k-7.0.3.I7.1, x4CPU, 8Gb RAM each IOL L3 15.4.2T Routers vIOS L2 15.2 Switches VPCS VMs 

實驗步驟：

第一步：完成基本配置，實現同一VxLAN下主機的互通

配置VTEP-1

VTEP-1# show running-config nv overlay evpn feature ospf feature bgp feature pim feature interface-vlan feature vn-segment-vlan-based feature nv overlay ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4 ip pim ssm range 232.0.0.0/8 vlan 1,200,210 vlan 200 vn-segment 20000 vlan 210 vn-segment 20010 interface nve1 no shutdown host-reachability protocol bgp source-interface loopback0 member vni 20000 mcast-group 230.1.1.1 member vni 20010 mcast-group 230.1.1.2 interface Ethernet1/1 switchport mode trunk switchport trunk allowed vlan 200,210 interface Ethernet1/2 no switchport ip address 20.1.1.2/24 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode no shutdown interface loopback0 ip address 100.100.100.1/32 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode router ospf 1 router-id 100.100.100.1 router bgp 100 router-id 100.100.100.1 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn neighbor 100.100.100.3 remote-as 100 update-source loopback0 address-family ipv4 unicast address-family l2vpn evpn send-community extended evpn vni 20000 l2 rd auto route-target import auto route-target export auto vni 20010 l2 rd auto route-target import auto route-target export auto VTEP-1# 

配置VTEP-2

VTEP-2# show running-config nv overlay evpn feature ospf feature bgp feature pim feature interface-vlan feature vn-segment-vlan-based feature nv overlay ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4 ip pim ssm range 232.0.0.0/8 vlan 1,200,210 vlan 200 vn-segment 20000 vlan 210 vn-segment 20010 interface nve1 no shutdown host-reachability protocol bgp source-interface loopback0 member vni 20000 mcast-group 230.1.1.1 member vni 20010 mcast-group 230.1.1.2 interface Ethernet1/1 switchport mode trunk switchport trunk allowed vlan 200,210 interface Ethernet1/2 no switchport ip address 30.1.1.2/24 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode no shutdown interface loopback0 ip address 100.100.100.2/32 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode router ospf 1 router-id 100.100.100.2 router bgp 100 router-id 100.100.100.2 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn neighbor 100.100.100.3 remote-as 100 update-source loopback0 address-family ipv4 unicast address-family l2vpn evpn send-community extended evpn vni 20000 l2 rd auto route-target import auto route-target export auto vni 20010 l2 rd auto route-target import auto route-target export auto VTEP-2# 

配置RR

RR# show running-config nv overlay evpn feature ospf feature bgp feature pim feature interface-vlan feature vn-segment-vlan-based feature nv overlay ip pim rp-address 100.100.100.3 group-list 224.0.0.0/4 ip pim ssm range 232.0.0.0/8 interface Ethernet1/1 no switchport ip address 20.1.1.1/24 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode no shutdown interface Ethernet1/2 no switchport ip address 30.1.1.1/24 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode no shutdown interface loopback0 ip address 100.100.100.3/32 ip router ospf 1 area 0.0.0.0 ip pim sparse-mode router ospf 1 router-id 100.100.100.3 router bgp 100 router-id 100.100.100.3 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn neighbor 100.100.100.1 remote-as 100 update-source loopback0 address-family ipv4 unicast address-family l2vpn evpn send-community extended route-reflector-client neighbor 100.100.100.2 remote-as 100 update-source loopback0 address-family ipv4 unicast address-family l2vpn evpn send-community extended route-reflector-client RR# 

配置Switch1

Switch1#show running-config interface GigabitEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk media-type rj45 negotiation auto ! interface GigabitEthernet0/1 switchport access vlan 200 media-type rj45 negotiation auto ! interface GigabitEthernet0/2 switchport access vlan 210 media-type rj45 negotiation auto ! Switch1# 

配置Switch2

Switch2#show running-config interface GigabitEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk media-type rj45 negotiation auto ! interface GigabitEthernet0/1 switchport access vlan 200 media-type rj45 negotiation auto ! interface GigabitEthernet0/2 switchport access vlan 210 media-type rj45 negotiation auto ! Switch2# 

VM1 Ping測試VM3

VM1> ping 192.168.1.11 84 bytes from 192.168.1.11 icmp_seq=1 ttl=64 time=35.080 ms 84 bytes from 192.168.1.11 icmp_seq=2 ttl=64 time=19.675 ms 84 bytes from 192.168.1.11 icmp_seq=3 ttl=64 time=17.657 ms 84 bytes from 192.168.1.11 icmp_seq=4 ttl=64 time=24.238 ms 84 bytes from 192.168.1.11 icmp_seq=5 ttl=64 time=16.781 ms VM1> 

VM2 Ping測試VM4

VM2> ping 172.16.1.11 84 bytes from 172.16.1.11 icmp_seq=1 ttl=64 time=47.187 ms 84 bytes from 172.16.1.11 icmp_seq=2 ttl=64 time=20.255 ms 84 bytes from 172.16.1.11 icmp_seq=3 ttl=64 time=20.980 ms 84 bytes from 172.16.1.11 icmp_seq=4 ttl=64 time=18.804 ms 84 bytes from 172.16.1.11 icmp_seq=5 ttl=64 time=26.887 ms VM2> 

查看VTEP-1的EVPN鄰居關系

VTEP-1# show bgp l2vpn evpn summary BGP summary information for VRF default, address family L2VPN EVPN BGP router identifier 100.100.100.1, local AS number 100 BGP table version is 34, L2VPN EVPN config peers 1, capable peers 1 6 network entries and 6 paths using 1128 bytes of memory BGP attribute entries [4/640], BGP AS path entries [0/0] BGP community entries [0/0], BGP clusterlist entries [1/4] Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 100.100.100.3 4 100 62 53 34 0 0 00:39:55 2 VTEP-1# 

查看VTEP-2的EVPN鄰居關系

VTEP-2# show bgp l2vpn evpn summary BGP summary information for VRF default, address family L2VPN EVPN BGP router identifier 100.100.100.2, local AS number 100 BGP table version is 34, L2VPN EVPN config peers 1, capable peers 1 6 network entries and 6 paths using 1128 bytes of memory BGP attribute entries [4/640], BGP AS path entries [0/0] BGP community entries [0/0], BGP clusterlist entries [1/4] Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 100.100.100.3 4 100 61 55 34 0 0 00:40:35 2 VTEP-2# 

查看RR的EVPN鄰居關系

RR# show bgp l2vpn evpn summary BGP summary information for VRF default, address family L2VPN EVPN BGP router identifier 100.100.100.3, local AS number 100 BGP table version is 28, L2VPN EVPN config peers 2, capable peers 2 4 network entries and 4 paths using 928 bytes of memory BGP attribute entries [2/320], BGP AS path entries [0/0] BGP community entries [0/0], BGP clusterlist entries [0/0] Neighbor V AS MsgRcvd MsgSent TblVer InQ OutQ Up/Down State/PfxRcd 100.100.100.1 4 100 60 54 28 0 0 00:40:48 2 100.100.100.2 4 100 62 51 28 0 0 00:40:57 2 RR# 

查看VTEP-1的EVPN路由更新條目

VTEP-1# show bgp l2vpn evpn BGP routing table information for VRF default, address family L2VPN EVPN BGP table version is 34, Local Router ID is 100.100.100.1 Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i njected Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100.100.100.1:32967 (L2VNI 20000) *>l[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216 100.100.100.1 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216 100.100.100.2 100 0 i Route Distinguisher: 100.100.100.1:32977 (L2VNI 20010) *>l[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216 100.100.100.1 100 32768 i *>i[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216 100.100.100.2 100 0 i Route Distinguisher: 100.100.100.2:32967 *>i[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216 100.100.100.2 100 0 i Route Distinguisher: 100.100.100.2:32977 *>i[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216 100.100.100.2 100 0 i VTEP-1# 

查看VTEP-2的EVPN路由更新條目

VTEP-2# show bgp l2vpn evpn BGP routing table information for VRF default, address family L2VPN EVPN BGP table version is 34, Local Router ID is 100.100.100.2 Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-i njected Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup Network Next Hop Metric LocPrf Weight Path Route Distinguisher: 100.100.100.1:32967 *>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216 100.100.100.1 100 0 i Route Distinguisher: 100.100.100.1:32977 *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216 100.100.100.1 100 0 i Route Distinguisher: 100.100.100.2:32967 (L2VNI 20000) *>i[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/216 100.100.100.1 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/216 100.100.100.2 100 32768 i Route Distinguisher: 100.100.100.2:32977 (L2VNI 20010) *>i[2]:[0]:[0]:[48]:[0050.7966.6807]:[0]:[0.0.0.0]/216 100.100.100.1 100 0 i *>l[2]:[0]:[0]:[48]:[0050.7966.6809]:[0]:[0.0.0.0]/216 100.100.100.2 100 32768 i VTEP-2# 

查看VTEP-1的EVPN MAC學習

VTEP-1# show l2route evpn mac all Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link (Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending (S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override (Pf):Permanently-Frozen Topology Mac Address Prod Flags Seq No Next-Hops ----------- -------------- ------ ------------- ---------- ---------------- 200 0050.7966.6806 Local L, 0 Eth1/1 200 0050.7966.6808 BGP Rcv 0 100.100.100.2 210 0050.7966.6807 Local L, 0 Eth1/1 210 0050.7966.6809 BGP Rcv 0 100.100.100.2 VTEP-1# 

查看VTEP-2的EVPN MAC學習

VTEP-2# show l2route evpn mac all Flags -(Rmac):Router MAC (Stt):Static (L):Local (R):Remote (V):vPC link (Dup):Duplicate (Spl):Split (Rcv):Recv (AD):Auto-Delete (D):Del Pending (S):Stale (C):Clear, (Ps):Peer Sync (O):Re-Originated (Nho):NH-Override (Pf):Permanently-Frozen Topology Mac Address Prod Flags Seq No Next-Hops ----------- -------------- ------ ------------- ---------- ---------------- 200 0050.7966.6806 BGP Rcv 0 100.100.100.1 200 0050.7966.6808 Local L, 0 Eth1/1 210 0050.7966.6807 BGP Rcv 0 100.100.100.1 210 0050.7966.6809 Local L, 0 Eth1/1 VTEP-2# 

重建BGP鄰居

RR# clear ip bgp *

在VTEP-1上查看BGP updates信息

VTEP-1# debug bgp updates 2017 Dec 28 01:50:12.361546 bgp: [26340] (default) UPD: [IPv4 Unicast] Starting update run for peer 100.100.100.3 (#0) 2017 Dec 28 01:50:12.361619 bgp: [26340] (default) UPD: [IPv4 Unicast] Found marker dest 0xd7a9ef64 on xmitlist for peer 100.100.100.3 (sent prefixes: 0) 2017 Dec 28 01:50:12.361694 bgp: [26340] (default) UPD: [IPv4 Unicast] Created EOR marker UPDATE msg (len 29) to peer 100.100.100.3 after sending 0 routes 2017 Dec 28 01:50:12.362218 bgp: [26340] (default) UPD: [IPv4 Unicast] (#4) Suspending update run for peer 100.100.100.3 (#0) 2017 Dec 28 01:50:12.362234 bgp: [26340] (default) UPD: [L2VPN EVPN] Continuing update run for peer 100.100.100.3 (#0) 2017 Dec 28 01:50:12.362241 bgp: [26340] (default) UPD: [L2VPN EVPN] Found marker dest 0xd7bb53be on xmitlist for peer 100.100.100.3 (sent prefixes: 0) 2017 Dec 28 01:50:12.362255 bgp: [26340] (default) UPD: [L2VPN EVPN] Created EOR marker UPDATE msg (len 29) to peer 100.100.100.3 after sending 0 routes 2017 Dec 28 01:50:12.362262 bgp: [26340] (default) UPD: [L2VPN EVPN] (#41) Suspending update run for peer 100.100.100.3 (#41) 2017 Dec 28 01:50:34.760968 bgp: [26340] (default) UPD: [L2VPN EVPN] Continuing update run for peer 100.100.100.3 (#41) 2017 Dec 28 01:50:34.761099 bgp: [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off 2017 Dec 28 01:50:34.761338 bgp: [26340] (default) UPD: 100.100.100.3 Sending attr code 1, length 1, Origin: IGP 2017 Dec 28 01:50:34.761747 bgp: [26340] (default) UPD: 100.100.100.3 Sending attr code 5, length 4, Local-pref: 100 2017 Dec 28 01:50:34.762554 bgp: [26340] (default) UPD: 100.100.100.3 Sending attr code 16, length 16, Ext-community: RT:100:20000 ENCAP:8 2017 Dec 28 01:50:34.762597 bgp: [26340] (default) UPD: 100.100.100.3 Sending attr code 14 (Mp-reach), length 44, nexthop/length: 100.100.100.1/4 2017 Dec 28 01:50:34.762665 bgp: [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 Created UPD msg (len 104) with prefix 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6806]:[0]:[0.0.0.0]/112 (Not Installed in HW) path-id 1 for peer 2017 Dec 28 01:50:34.762709 bgp: [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3: walked 0 nodes and packed 0/0 prefixes (104 bytes) 2017 Dec 28 01:50:34.763825 bgp: [26340] (default) UPD: [L2VPN EVPN] (#42) Finished update run for peer 100.100.100.3 (#42) 2017 Dec 28 01:50:35.782806 bgp: [26340] (default) UPD: Received UPDATE message from 100.100.100.3 2017 Dec 28 01:50:35.782875 bgp: [26340] (default) UPD: 100.100.100.3 parsed UPDATE message from peer, len 118 , withdraw len 0, attr len 95, nlri len 0 2017 Dec 28 01:50:35.782891 bgp: [26340] (default) UPD: Attr code 1, length 1, Origin: IGP 2017 Dec 28 01:50:35.782921 bgp: [26340] (default) UPD: Attr code 5, length 4, Local-pref: 100 2017 Dec 28 01:50:35.782942 bgp: [26340] (default) UPD: Attr code 16, length 16, Ext-community: RT:100:20000 ENCAP:8 2017 Dec 28 01:50:35.782951 bgp: [26340] (default) UPD: Attr code 9, length 4, Originator: 100.100.100.2 2017 Dec 28 01:50:35.782958 bgp: [26340] (default) UPD: Attr code 10, length 4, Cluster-list 2017 Dec 28 01:50:35.785367 bgp: [26340] (default) UPD: Peer 100.100.100.3 nexthop length in MP reach: 4 2017 Dec 28 01:50:35.785486 bgp: [26340] (default) UPD: Recvd NEXTHOP 100.100.100.2 2017 Dec 28 01:50:35.785498 bgp: [26340] (default) UPD: Attr code 14, length 44, Mp-reach 2017 Dec 28 01:50:35.785601 bgp: [26340] (default) UPD: Received ESI 0000.0000.0000.0000.0000 for route type 2 from peer 100.100.100.3 2017 Dec 28 01:50:35.785641 bgp: [26340] (default) UPD: [L2VPN EVPN] Received rd 100.100.100.2:32967 prefix [2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 from peer 100.100.100.3, origin 0, next hop 100.100.100.2, localpref 100, med 0 2017 Dec 28 01:50:35.787998 bgp: [26340] (default) UPD: [L2VPN EVPN] Starting update run for peer 100.100.100.3 (#42) 2017 Dec 28 01:50:35.788048 bgp: [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.2:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off 2017 Dec 28 01:50:35.788073 bgp: [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 100.100.100.2:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 path-id 1 not sent to peer due to: advertising peer 2017 Dec 28 01:50:35.788348 bgp: [26340] (default) UPD: [L2VPN EVPN] consider sending 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 to peer 100.100.100.3, path-id 1, best-ext is off 2017 Dec 28 01:50:35.788372 bgp: [26340] (default) UPD: [L2VPN EVPN] 100.100.100.3 100.100.100.1:32967:[2]:[0]:[0]:[48]:[0050.7966.6808]:[0]:[0.0.0.0]/112 path-id 1 not sent to peer due to: advertising peer 2017 Dec 28 01:50:35.788451 bgp: [26340] (default) UPD: [L2VPN EVPN] (#44) Finished update run for peer 100.100.100.3 (#44) VTEP-1# 

第二步：實現不同VxLAN下主機的互通

• 配置anycast-gateway-mac地址
• 針對不同租戶配置VRF
• 為VRF創建L3 VNI
• 配置anycast-gateway
• 在每個租戶VRF的address-family ipv4 unicast地址族下啟用EVPN路由通告

VTEP-1配置

fabric forwarding anycast-gateway-mac 0002.0002.0002 vlan 200,210,3900 vlan 3900 name l3-vni-vlan-for-tenant-1 vn-segment 39000 vrf context evpn-tenant-1 vni 39000 rd auto address-family ipv4 unicast route-target import 39000:39000 route-target export 39000:39000 route-target both auto evpn interface Vlan200 no shutdown vrf member evpn-tenant-1 ip address 192.168.1.254/24 fabric forwarding mode anycast-gateway interface Vlan210 no shutdown vrf member evpn-tenant-1 ip address 172.16.1.254/24 fabric forwarding mode anycast-gateway interface Vlan3900 description l3-vni-for-tenant-1-routing no shutdown vrf member evpn-tenant-1 ip address 12.1.1.1/30 fabric forwarding mode anycast-gateway router bgp 100 router-id 100.100.100.1 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn neighbor 100.100.100.3 remote-as 100 update-source loopback0 address-family ipv4 unicast address-family l2vpn evpn send-community extended vrf evpn-tenant-1 address-family ipv4 unicast advertise l2vpn evpn vrf evpn-tenant-2 address-family ipv4 unicast advertise l2vpn evpn 

VTEP-2配置

fabric forwarding anycast-gateway-mac 0002.0002.0002 vlan 200,210,3900 vlan 3900 name l3-vni-vlan-for-tenant-1 vn-segment 39000 vrf context evpn-tenant-1 vni 39000 rd auto address-family ipv4 unicast route-target import 39000:39000 route-target export 39000:39000 route-target both auto evpn interface Vlan200 no shutdown vrf member evpn-tenant-1 ip address 192.168.1.254/24 fabric forwarding mode anycast-gateway interface Vlan210 no shutdown vrf member evpn-tenant-1 ip address 172.16.1.254/24 fabric forwarding mode anycast-gateway interface Vlan3900 description l3-vni-for-tenant-1-routing no shutdown vrf member evpn-tenant-1 ip address 12.1.1.1/30 fabric forwarding mode anycast-gateway router bgp 100 router-id 100.100.100.2 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn neighbor 100.100.100.3 remote-as 100 update-source loopback0 address-family ipv4 unicast address-family l2vpn evpn send-community extended vrf evpn-tenant-1 address-family ipv4 unicast advertise l2vpn evpn vrf evpn-tenant-2 address-family ipv4 unicast advertise l2vpn evpn 

VM1> ping 192.168.1.11 84 bytes from 192.168.1.11 icmp_seq=1 ttl=64 time=21.972 ms 84 bytes from 192.168.1.11 icmp_seq=2 ttl=64 time=17.022 ms 84 bytes from 192.168.1.11 icmp_seq=3 ttl=64 time=21.564 ms 84 bytes from 192.168.1.11 icmp_seq=4 ttl=64 time=21.546 ms 84 bytes from 192.168.1.11 icmp_seq=5 ttl=64 time=17.653 ms VM1> ping 172.16.1.11 84 bytes from 172.16.1.11 icmp_seq=1 ttl=62 time=25.515 ms 84 bytes from 172.16.1.11 icmp_seq=2 ttl=62 time=33.164 ms 84 bytes from 172.16.1.11 icmp_seq=3 ttl=62 time=31.302 ms 84 bytes from 172.16.1.11 icmp_seq=4 ttl=62 time=21.556 ms 84 bytes from 172.16.1.11 icmp_seq=5 ttl=62 time=29.198 ms VM1> 

相同VxLAN間通信封裝的是L2的VNI是20000

不同VxLAN間通信封裝的是L3 VNI是39000

第三步：實現外部路由的注入

如下圖所示，WAN-R1上面向VxLAN網絡注入三條路由，8.8.8.8/32、100.0.0.0/24、100.0.1.0/24

VTEP-2配置

interface Ethernet1/3 no switchport vrf member evpn-tenant-1 ip address 40.1.1.1/24 no shutdown router bgp 100 router-id 100.100.100.2 log-neighbor-changes address-family ipv4 unicast address-family l2vpn evpn neighbor 100.100.100.3 remote-as 100 update-source loopback0 address-family ipv4 unicast address-family l2vpn evpn send-community extended vrf evpn-tenant-1 address-family ipv4 unicast network 192.168.1.0/24 advertise l2vpn evpn neighbor 40.1.1.2 remote-as 200 address-family ipv4 unicast prefix-list outbound-no-hosts out evpn vni 20000 l2 rd auto route-target import auto route-target export auto vni 20010 l2 rd auto route-target import auto route-target export auto vrf context evpn-tenant-1 rd auto address-family ipv4 unicast route-target import 39000:39000 route-target export 39000:39000 route-target both auto evpn VTEP-2# 

WAN-R1配置

！
interface Loopback100 ip address 8.8.8.8 255.255.255.255 end ! interface Ethernet0/0 ip address 40.1.1.2 255.255.255.0 end ！ router bgp 200 bgp log-neighbor-changes neighbor 40.1.1.1 remote-as 100 ! address-family ipv4 network 8.8.8.8 mask 255.255.255.255 network 100.0.0.0 mask 255.255.255.0 network 100.0.1.0 mask 255.255.255.0 neighbor 40.1.1.1 activate exit-address-family ！ ip route 100.0.0.0 255.255.255.0 Null0 ip route 100.0.1.0 255.255.255.0 Null0 ！ 

VM1 Ping測WAN-R1發布的8.8.8.8

VM1> ping 8.8.8.8 84 bytes from 8.8.8.8 icmp_seq=1 ttl=253 time=23.228 ms 84 bytes from 8.8.8.8 icmp_seq=2 ttl=253 time=22.362 ms 84 bytes from 8.8.8.8 icmp_seq=3 ttl=253 time=28.130 ms 84 bytes from 8.8.8.8 icmp_seq=4 ttl=253 time=20.304 ms 84 bytes from 8.8.8.8 icmp_seq=5 ttl=253 time=24.945 ms VM1> 

VTEP-1上面收到WAN-R1發布的路由8.8.8.8/32、100.0.0.0/24、100.0.1.0/24

VTEP-1# show ip route vrf evpn-tenant-1 IP Route Table for VRF "evpn-tenant-1" '*' denotes best ucast next-hop '**' denotes best mcast next-hop '[x/y]' denotes [preference/metric] '%<string>' in via output denotes VRF <string> 8.8.8.8/32, ubest/mbest: 1/0 *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN 12.1.1.0/30, ubest/mbest: 1/0, attached *via 12.1.1.1, Vlan3900, [0/0], 01:39:24, direct 12.1.1.1/32, ubest/mbest: 1/0, attached *via 12.1.1.1, Vlan3900, [0/0], 01:39:24, local 100.0.0.0/24, ubest/mbest: 1/0 *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN 100.0.1.0/24, ubest/mbest: 1/0 *via 100.100.100.2%default, [200/0], 00:30:39, bgp-100, internal, tag 200 (e vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN 172.16.1.0/24, ubest/mbest: 1/0, attached *via 172.16.1.254, Vlan210, [0/0], 01:39:24, direct 172.16.1.10/32, ubest/mbest: 1/0, attached *via 172.16.1.10, Vlan210, [190/0], 00:55:10, hmm 172.16.1.11/32, ubest/mbest: 1/0 *via 100.100.100.2%default, [200/0], 00:54:13, bgp-100, internal, tag 100 (e vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN 172.16.1.254/32, ubest/mbest: 1/0, attached *via 172.16.1.254, Vlan210, [0/0], 01:39:24, local 192.168.1.0/24, ubest/mbest: 1/0, attached *via 192.168.1.254, Vlan200, [0/0], 01:39:24, direct 192.168.1.10/32, ubest/mbest: 1/0, attached *via 192.168.1.10, Vlan200, [190/0], 00:55:02, hmm 192.168.1.11/32, ubest/mbest: 1/0 *via 100.100.100.2%default, [200/0], 00:01:59, bgp-100, internal, tag 100 (e vpn) segid: 39000 tunnelid: 0x64646402 encap: VXLAN 192.168.1.254/32, ubest/mbest: 1/0, attached *via 192.168.1.254, Vlan200, [0/0], 01:39:24, local VTEP-1# 

實驗總結：至此實驗目的已經全部達成。使用EVPN的VxLAN方案，先天的轉控分離更適合在SDN方案中部署，后續繼續進行VxLAN在SDN中的實驗。

 

================

 

Scenario: configure VxLAN both Flood & Learn and EVPN mode.  ( 場景：同時配置VxLAN Flood＆Learn和EVPN模式。 ) 

Premise: ( 前提：)

• You have 1 Spines and 3 Leafs. Leaf-2 and Leaf-3 are setup as vPC pairs. （ 您有1個刺和3個葉子。Leaf-2和Leaf-3設置為vPC對 ）

• The host port on Leaf-1 is in VLAN 10 and on Leaf-2 in VLAN 10 & 20  （ Leaf-1上的主機端口在VLAN 10中，而Leaf-2上的主機端口在VLAN 10和20中 ）
• vPC pair has a L2 switch connected to its member port and is passing all Vlans 10, 20 , 30. ( vPC對具有連接到其成員端口的L2交換機，並且正在通過所有Vlan 10、20、30 )

Goal: The Goal of the lab is to configure VXLAN overlay to provide reachability between SW1,SW2 and SW3 using VXLAN  ( 目標：實驗室的目標是配置VXLAN覆蓋，以使用VXLAN在SW1，SW2和SW3之間提供可達性 )

STEP1: Configure basic IP reachability between Leaf and Spine switches using OSPF routing protocol. 

( 步驟1：使用OSPF路由協議在Leaf和Spine交換機之間配置基本IP可達性。 )

STEP2: Configure multicast between Leaf and Spine. Best practice is to use bidirectional mode. We can configure anycast or phantom RP for Spine redundancy. Make sure to allow the correct group address to be used for VxLAN.

( 步驟2：在Leaf和Spine之間配置多播。最佳實踐是使用雙向模式。我們可以為Spine冗余配置任播或幻影RP。確保允許將正確的組地址用於VxLAN。 )

Note: Flood and Learn (F&L) 注意：泛洪與學習（F＆L）

As the name suggests, F&L used exactly flooding and learning procedure to learn the end hosts. F&L works in data plane.  ( 顧名思義，F＆L使用精確的泛洪和學習過程來學習最終主機。F＆L在數據平面中工作。 )

Step3:  Configure “feature nv overlay” and “feature vn-segment-vlan-based” on all Leaf switches ( 步驟3：  在所有Leaf交換機上配置“功能nv疊加”和“基於功能vn-segment-vlan” ) 

Step4: Configure Vlan and associate unique vn-segment per vlan. ( 步驟4： 配置VLAN，並為每個VLAN關聯唯一的vn段。 )

Step5: Configure “nve” interface with source interface of Loopback 0. Associate vni to nve interface and assign multicast group of which vni should be part of.

(  步驟5 ： 使用Loopback 0的源接口配置“ nve”接口。將vni與nve接口相關聯，並分配vni應該屬於其中的多播組。 )

Step6: Configure a common secondary IP on loopback for vpc peers. The nve peering will be done with secondary IP only.

( 步驟6：為vpc對等體配置通用的輔助IP環回。nve對等將僅使用輔助IP進行。 )

Step7: Configure VPC nve vlan on both vpc peers and SVI with ospf on it. Make sure to have increased cost on this link, so that it can’t be used as transit for all traffic.

( 步驟7：在vpc對等方和SVI上均配置ospf的VPC nve vlan。確保增加此鏈接的費用，以便不能將其用作所有流量的中轉站。 )

Note: In F&L, there is no configuration needed on Spine. ( 注意：在F＆L中，在Spine上不需要配置。 )

Verification: Once nve interface is configured on all the leafs, you are ready to test the connectivity. ( 驗證：在所有葉子上配置nve接口后，就可以測試連接了。 )

 

Verification: you will see (*,G) and (S,G) entry in mroute table. ( 驗證：您將在mroute表中看到（*，G）和（S，G）條目。 )

 

 

BGP EVPN:

Step1: Configure “nv overlay evpn” on all switches. ( 步驟1： 在所有交換機上配置“ nv overlay evpn”。 )

Step2: For control plane, configure BGP from Leaf to Spine with address family l2vpn evpn. ( 步驟2：對於控制平面，使用地址族l2vpn evpn配置從Leaf到Spine的BGP。 )

Verification:  ( 驗證： )

 

Step3: configure bgp in line with the interface to use bgp as a protocol for host reachability. ( 步驟3：根據接口配置bgp，以使用bgp作為主機可達性協議。 )

Step4:  Map the vni to evpn and configure RD/RT. Here we have an option configure device to automatically generated RD/RT value.

( 第四步：  中號AP的VNI到EVPN和配置RD / RT。在這里，我們有一個選項，可將設備配置為自動生成RD / RT值。 )

Verification: ( 驗證： )

Step5: Configure the spines as route-reflector Client ( 步驟5：將刺配置為路由反射器客戶端 )

This is data driven protocol, which means you will see nve peer and mac address only when there is an active traffic. ( 這是數據驅動的協議，這意味着僅當有活動流量時，您才會看到nve對等方和mac地址 )

 

Once the address is learned on leaf, BGP control plane will advertise the same to remote peers.

( 一旦在葉上學習到地址，BGP控制平面就會將其通告給遠程對等體。 )

 

 

================== End