 這個實驗,模擬很多次了,每次都有問題, 如論壇朋友討論一樣, 要不網關不通,要不能拼通對端網關PING不通主機,等等。這個是我做分布式實驗出來的配置,大家可以使用。 另外總結一些問題給大家:前提配置得正確 一、Ping網關不通 1、首先確認網關有沒有ARP,有不通的話,將pc重啟,或者將物理接口重新undo shutdown。 2、PC寫了網關,如果配置沒問題的情況下,能到網關地址,就算不通,正常應該是TIMEOUT超時。如果Ping回應是destination host unreachable不可達,有可能是BUG,說明網關都找不到,重啟PC,或者接入SW。 二、VXLAN隧道建立問題 1、EVPN建立不起來,通常Underlay網關能起來,EVPN基本沒問題,有問題檢查Underlay 2、EVPN建立起來學習不到IRB路由條目,查看Vbdif下是否開啟arp collect host enable,這個命令作用是收集主機路由信息,EVPN會將這些信息以TYPE 2路由傳遞給對端。 三、CE L3GW學習到路由,跨子網能通,同子網不能通 這個問題我研究了很久,最終是在bd域下加了arp broadcast-suppress enable(ARP廣播抑制)與arp l2-proxy gateway-mac (L2網關代答)功能才能通,因為配置手冊是不用加的,然后我針對加與不加抓包進行對比發現: 1、不加:192.168.1.1Ping192.168.1.2同網段,默認CE1收到BUM報文會找到對應L2 VNI的頭端復制隧道列表,將廣播報文發送到CE2,CE2收到后發現VNI是發給自己的,解封裝把BUM報文發個192.168.1.2,回報同理,后續發包就為單播了,但抓包一直發送是ARP廣播包,DMAC:全FFFF,對面沒回復,不明白是不是BUG。  2、加ARP抑制,L2網關代答,這2條命令缺一不可,少一條都不通。 因為啟用L2網關代答,DMAC是CE1網關的MAC地址,這樣才通的,但我認為不需要也能通。  原因有兩種情況: 第一:ARP抑制,代答都不啟用,正常第一個包全FFFF,對端回應單播包,后續有MAC地址表就能正常轉發。 第二:僅開啟ARP抑制,第一個包為全FFFF,發送至網關,網關上有type2路由主機信息(MAC/IP/VTEP IP/VNI ID),所以會將廣播轉單播,直接發送到對端VTEP節點上,對端VTEP解封裝找到自己MAC地址打上VLAN ID送到主機上了。 配置信息: sysname CE1 # device board 17 board-type CE-MPUB device board 1 board-type CE-LPUE # evpn-overlay enable # ip vpn-instance a ipv4-family route-distinguisher 1:1 vpn-target 11:1 export-extcommunity evpn vpn-target 11:1 import-extcommunity evpn vxlan vni 10 # bridge-domain 2 vxlan vni 2 evpn route-distinguisher 1:1 vpn-target 10:1 export-extcommunity vpn-target 11:1 export-extcommunity vpn-target 10:1 import-extcommunity arp broadcast-suppress enable # aaa # authentication-scheme default # authorization-scheme default # accounting-scheme default # domain default # domain default_admin # interface Vbdif2 ip binding vpn-instance a ip address 192.168.1.254 255.255.255.0 arp distribute-gateway enable arp collect host enable # interface MEth0/0/0 undo shutdown # interface GE1/0/0 undo shutdown # interface GE1/0/0.2 mode l2 encapsulation dot1q vid 2 bridge-domain 2 # interface GE1/0/1 undo portswitch undo shutdown ip address 12.1.1.1 255.255.255.0 # interface GE1/0/2 shutdown # interface GE1/0/3 shutdown # interface GE1/0/4 shutdown # interface GE1/0/5 shutdown # interface GE1/0/6 shutdown # interface GE1/0/7 shutdown # interface GE1/0/8 shutdown # interface GE1/0/9 shutdown # interface LoopBack0 ip address 1.1.1.1 255.255.255.255 # interface Nve1 source 1.1.1.1 vni 2 head-end peer-list protocol bgp # interface NULL0 # bgp 100 peer 2.2.2.2 as-number 100 peer 2.2.2.2 connect-interface LoopBack0 peer 12.1.1.2 as-number 100 # ipv4-family unicast network 1.1.1.1 255.255.255.255 peer 2.2.2.2 enable peer 12.1.1.2 enable # l2vpn-family evpn policy vpn-target peer 2.2.2.2 enable peer 2.2.2.2 advertise irb sysname CE2 # device board 17 board-type CE-MPUB device board 1 board-type CE-LPUE # evpn-overlay enable # evpn # ip vpn-instance b ipv4-family route-distinguisher 2:2 vpn-target 11:1 export-extcommunity evpn vpn-target 11:1 import-extcommunity evpn vxlan vni 10 # bridge-domain 2 vxlan vni 2 evpn route-distinguisher 2:3 vpn-target 10:1 export-extcommunity vpn-target 11:1 export-extcommunity vpn-target 10:1 import-extcommunity # bridge-domain 3 vxlan vni 3 evpn route-distinguisher 2:2 vpn-target 20:1 export-extcommunity vpn-target 11:1 export-extcommunity vpn-target 20:1 import-extcommunity # aaa # authentication-scheme default # authorization-scheme default # accounting-scheme default # domain default # domain default_admin # interface Vbdif2 ip binding vpn-instance b ip address 192.168.1.254 255.255.255.0 arp distribute-gateway enable arp collect host enable # interface Vbdif3 ip binding vpn-instance b ip address 192.168.2.254 255.255.255.0 arp distribute-gateway enable arp collect host enable # interface MEth0/0/0 undo shutdown # interface GE1/0/0 undo shutdown # interface GE1/0/0.2 mode l2 encapsulation dot1q vid 2 bridge-domain 2 # interface GE1/0/0.3 mode l2 encapsulation dot1q vid 3 bridge-domain 3 # interface GE1/0/1 undo portswitch undo shutdown ip address 12.1.1.2 255.255.255.0 # interface GE1/0/2 shutdown # interface GE1/0/3 shutdown # interface GE1/0/4 shutdown # interface GE1/0/5 shutdown # interface GE1/0/6 shutdown # interface GE1/0/7 shutdown # interface GE1/0/8 shutdown # interface GE1/0/9 shutdown # interface LoopBack0 ip address 2.2.2.2 255.255.255.255 # interface Nve1 source 2.2.2.2 vni 2 head-end peer-list protocol bgp vni 3 head-end peer-list protocol bgp # interface NULL0 # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 peer 12.1.1.1 as-number 100 # ipv4-family unicast network 2.2.2.2 255.255.255.255 peer 1.1.1.1 enable peer 12.1.1.1 enable # l2vpn-family evpn policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 advertise irb # ssh authorization-type default aaa # ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc # ssh server dh-exchange min-len 1024 # ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc # user-interface con 0 查看信息: [~CE1-bd2]dis ip rou vpn a Proto: Protocol Pre: Preference Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Table : a Destinations : 6 Routes : 6 Destination/Mask Proto Pre Cost Flags NextHop Interface 192.168.1.0/24 Direct 0 0 D 192.168.1.254 Vbdif2 192.168.1.2/32 IBGP 255 0 RD 2.2.2.2 VXLAN 192.168.1.254/32 Direct 0 0 D 127.0.0.1 Vbdif2 192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vbdif2 192.168.2.1/32 IBGP 255 0 RD 2.2.2.2 VXLAN 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 [~CE1-bd2]dis bgp evpn al rou ma Local AS number : 100 BGP Local router ID is 12.1.1.1 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete EVPN address family: Number of Mac Routes: 6 Route Distinguisher: 1:1 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98fd-0378:32:192.168.1.1 0.0.0.0 *> 0:48:707b-e8ad-235d:0:0.0.0.0 0.0.0.0 Route Distinguisher: 2:2 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98bc-1b5e:32:192.168.2.1 2.2.2.2 *>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2 Route Distinguisher: 2:3 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2 *>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2 EVPN-Instance 2: Number of Mac Routes: 4 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2 *> 0:48:5489-98fd-0378:32:192.168.1.1 0.0.0.0 *>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2 *> 0:48:707b-e8ad-235d:0:0.0.0.0 0.0.0.0 EVPN-Instance __RD_1_1_1__: Number of Mac Routes: 2 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98bc-1b5e:32:192.168.2.1 2.2.2.2 *>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2 [~CE1-bd2] dis vx pe Number of peers : 1 Vni ID Source Destination Type Out Vni ID ------------------------------------------------------------------------------- 2 1.1.1.1 2.2.2.2 dynamic 2 [~CE1-bd2]dis vx tun Number of vxlan tunnel : 1 Tunnel ID Source Destination State Type Uptime ----------------------------------------------------------------------------------- 4026531841 1.1.1.1 2.2.2.2 up dynamic 00:34:16 [~CE1-bd2]dis vx vn Number of vxlan vni : 1 VNI BD-ID State --------------------------------------- 2 2 up [~CE1-bd2] [~CE2]dis bgp evpn al routing-table mac-route Local AS number : 100 BGP Local router ID is 12.1.1.2 Status codes: * - valid, > - best, d - damped, x - best external, a - add path, h - history, i - internal, s - suppressed, S - Stale Origin : i - IGP, e - EGP, ? - incomplete EVPN address family: Number of Mac Routes: 6 Route Distinguisher: 1:1 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1 *>i 0:48:707b-e8ad-235d:0:0.0.0.0 1.1.1.1 Route Distinguisher: 2:2 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98bc-1b5e:32:192.168.2.1 0.0.0.0 *> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0 Route Distinguisher: 2:3 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98c4-6f7b:32:192.168.1.2 0.0.0.0 *> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0 EVPN-Instance 2: Number of Mac Routes: 4 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98c4-6f7b:32:192.168.1.2 0.0.0.0 *>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1 *> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0 *>i 0:48:707b-e8ad-235d:0:0.0.0.0 1.1.1.1 EVPN-Instance 3: Number of Mac Routes: 2 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *> 0:48:5489-98bc-1b5e:32:192.168.2.1 0.0.0.0 *> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0 EVPN-Instance __RD_1_2_2__: Number of Mac Routes: 1 Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop *>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1 [~CE2]dis vx pe Number of peers : 1 Vni ID Source Destination Type Out Vni ID ------------------------------------------------------------------------------- 2 2.2.2.2 1.1.1.1 dynamic 2 [~CE2]dis vx tu Number of vxlan tunnel : 1 Tunnel ID Source Destination State Type Uptime ----------------------------------------------------------------------------------- 4026531841 2.2.2.2 1.1.1.1 up dynamic 00:34:52 [~CE2] 以上都是用ENSP模擬自己總結出來的,有些問題可能是BUG,歡迎大家一起來討論! |
ENSP模擬VXLAN EVPN分布式網關
免責聲明!
本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。