基於EVPN的服務鏈策略路由配置舉例
1.組網需求
Switch A、Switch B、Switch C為分布式EVPN網關設備,Switch D為RR,負責在交換機之間反射BGP路由。通過匹配以太網服務實例的策略路由,使Server 1發出報文先經過以太網服務實例1中的服務器處理,再發送到Server2。
2.配置步驟
1)按照圖示配置IP地址和單播路由協議。
2)配置Switch A
# 開啟L2VPN能力 [SwitchA] l2vpn enable # 關閉遠端MAC地址和遠端ARP自動學習功能。 [SwitchA] vxlan tunnel mac-learning disable [SwitchA] vxlan tunnel arp-learning disable # 在VSI實例vpna下創建EVPN實例,並配置自動生成EVPN實例的RD和RT。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] evpn encapsulation vxlan [SwitchA-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchA-vsi-vpna-evpn-vxlan] vpn-target auto # 創建VXLAN 10 [SwitchA-vsi-vpna] vxlan 10 # 配置BGP發布EVPN路由 [SwitchA] bgp 200 [SwitchA-bgp-default] peer 4.4.4.4 as-number 200 [SwitchA-bgp-default] peer 4.4.4.4 connect-interface loopback 0 [SwitchA-bgp-default] address-family l2vpn evpn [SwitchA-bgp-default-evpn] peer 4.4.4.4 enable # 創建VPN實例vpna。 [SwitchA] ip vpn-instance vpna [SwitchA-vpn-instance-vpna] route-distinguisher 1:1 [SwitchA-vpn-instance-vpna] address-family ipv4 [SwitchA-vpn-ipv4-vpna] vpn-target 2:2 [SwitchA-vpn-ipv4-vpna] quit [SwitchA-vpn-instance-vpna] address-family evpn [SwitchA-vpn-evpn-vpna] vpn-target 1:1
# 配置VSI虛接口VSI-interface1。 [SwitchA] interface vsi-interface 1 [SwitchA-Vsi-interface1] ip binding vpn-instance vpna [SwitchA-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchA-Vsi-interface1] mac-address 0001-0001-0001 [SwitchA-Vsi-interface1] local-proxy-arp enable [SwitchA-Vsi-interface1] distributed-gateway local # 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。 [SwitchA] interface vsi-interface 3 [SwitchA-Vsi-interface3] ip binding vpn-instance vpna [SwitchA-Vsi-interface3] l3-vni 1000 # 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。 [SwitchA] vsi vpna [SwitchA-vsi-vpna] gateway vsi-interface 1 # 配置VLAN接口11 [SwitchA] interface vlan-interface 11 [SwitchA-Vlan-interface11] ip address 11.1.1.1 255.255.255.0 [SwitchA-Vlan-interface11] ospf 1 area 0.0.0.0
# 配置以太網服務實例1000與VSI實例vpna關聯 [SwitchA] interface ten-gigabitethernet 1/0/1 [SwitchA-Ten-GigabitEthernet1/0/1] port link-mode bridge [SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 [SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna # 定義訪問控制列表ACL 3000,用來匹配源地址為10.1.1.10,目的地址為10.1.1.20的報文。 [SwitchA] acl advanced 3000 [SwitchA-acl-ipv4-adv-3000] rule 0 permit ip source 10.1.1.10 0 destination 10.1.1.20 # 定義0號節點,指定所有源地址為10.1.1.10,目的地址為10.1.1.20的報文的下一跳為10.1.1.11。 [SwitchA] policy-based-route aa permit node 0 [SwitchA-pbr-aa-0] if-match acl 3000 [SwitchA-pbr-aa-0] apply service-chain path-id 1 [SwitchA-pbr-aa-0] apply next-hop vpn-instance vpna 10.1.1.11 # 在VSI虛接口3上應用轉發策略路由,處理此接口接收的報文。 [SwitchA] interface vsi-interface 3 [SwitchA-Vsi-interface3] ip policy-based-route aa
3)配置Switch B
# 開啟L2VPN能力。 [SwitchB] l2vpn enable # 關閉遠端MAC地址和遠端ARP自動學習功能。 [SwitchB] vxlan tunnel mac-learning disable [SwitchB] vxlan tunnel arp-learning disable # 在VSI實例vpna下創建EVPN實例,並配置自動生成EVPN實例的RD和RT。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] evpn encapsulation vxlan [SwitchB-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchB-vsi-vpna-evpn-vxlan] vpn-target auto # 創建VXLAN 10。 [SwitchB-vsi-vpna] vxlan 10 # 配置BGP發布EVPN路由。 [SwitchB] bgp 200 [SwitchB-bgp-default] peer 4.4.4.4 as-number 200 [SwitchB-bgp-default] peer 4.4.4.4 connect-interface loopback0 [SwitchB-bgp-default] address-family l2vpn evpn [SwitchB-bgp-default-evpn] peer 4.4.4.4 enable # 創建VPN實例vpna。 [SwitchB] ip vpn-instance vpna [SwitchB-vpn-instance-vpna] route-distinguisher 1:1 [SwitchB-vpn-instance-vpna] address-family ipv4 [SwitchB-vpn-ipv4-vpna] vpn-target 2:2 [SwitchB-vpn-ipv4-vpna] quit [SwitchB-vpn-instance-vpna] address-family evpn [SwitchB-vpn-evpn-vpna] vpn-target 1:1
# 配置VSI虛接口VSI-interface1。 [SwitchB] interface vsi-interface 1 [SwitchB-Vsi-interface1] ip binding vpn-instance vpna [SwitchB-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchB-Vsi-interface1] mac-address 0001-0001-0001 [SwitchB-Vsi-interface1] local-proxy-arp enable [SwitchB-Vsi-interface1] distributed-gateway local # 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。 [SwitchB] vsi vpna [SwitchB-vsi-vpna] gateway vsi-interface 1 # 配置VSI虛接口VSI-interface3。 [SwitchB] interface vsi-interface 3 [SwitchB-Vsi-interface3] ip binding vpn-instance vpna [SwitchB-Vsi-interface3] l3-vni 1000 # 配置接口Ten-GigabitEthernet1/0/1作為AC接口。 [SwitchB] interface ten-gigabitethernet 1/0/1 [SwitchB-Ten-GigabitEthernet1/0/1] port link-mode bridge [SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000 [SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2 [SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna # 定義0號節點,指定所有服務鏈編號為1的報文的下一跳為10.1.1.11。 [SwitchB] policy-based-route aa permit node 0 [SwitchB-pbr-aa-0] if-match service-chain path-id 1 [SwitchB-pbr-aa-0] apply next-hop vpn-instance vpna 10.1.1.11 # 在VSI虛接口3上應用轉發策略路由,處理此接口接收的報文。 [SwitchB] interface vsi-interface 3 [SwitchB-Vsi-interface3] ip policy-based-route aa
4)配置Switch C
# 開啟L2VPN能力。 [SwitchC] l2vpn enable # 關閉遠端MAC地址和遠端ARP自動學習功能。 [SwitchC] vxlan tunnel mac-learning disable [SwitchC] vxlan tunnel arp-learning disable # 在VSI實例vpna下創建EVPN實例,並配置自動生成EVPN實例的RD和RT。 [SwitchC] vsi vpna [SwitchC-vsi-vpna] evpn encapsulation vxlan [SwitchC-vsi-vpna-evpn-vxlan] route-distinguisher auto [SwitchC-vsi-vpna-evpn-vxlan] vpn-target auto # 創建VXLAN 10。 [SwitchC-vsi-vpna] vxlan 10 # 配置BGP發布EVPN路由。 [SwitchC] bgp 200 [SwitchC-bgp-default] peer 4.4.4.4 as-number 200 [SwitchC-bgp-default] peer 4.4.4.4 connect-interface loopback 0 [SwitchC-bgp-default] address-family l2vpn evpn [SwitchC-bgp-default-evpn] peer 4.4.4.4 enable # 創建VPN實例vpna。 [SwitchC] ip vpn-instance vpna [SwitchC-vpn-instance-vpna] route-distinguisher 1:1 [SwitchC-vpn-instance-vpna] address-family ipv4 [SwitchC-vpn-ipv4-vpna] vpn-target 2:2 [SwitchC-vpn-ipv4-vpna] quit [SwitchC-vpn-instance-vpna] address-family evpn [SwitchC-vpn-evpn-vpna] vpn-target 1:1
# 創建VSI虛接口VSI-interface1,並為其配置IP地址,該IP地址作為VXLAN 10內虛擬機的網關地址。 [SwitchC] interface vsi-interface 1 [SwitchC-Vsi-interface1] ip binding vpn-instance vpna [SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0 [SwitchC-Vsi-interface1] mac-address 0001-0001-0001 [SwitchC-Vsi-interface1] local-proxy-arp enable [SwitchC-Vsi-interface1] distributed-gateway local # 創建VSI虛接口VSI-interface3,在該接口上配置VPN實例vpna對應的L3VNI為1000。 [SwitchC] interface vsi-interface 3 [SwitchC-Vsi-interface3] ip binding vpn-instance vpna [SwitchC-Vsi-interface3] l3-vni 1000 # 配置VXLAN 10所在的VSI實例和接口VSI-interface1關聯。 [SwitchC] vsi vpna [SwitchC-vsi-vpna] gateway vsi-interface 1 # 在接入服務器的接口Ten-GigabitEthernet1/0/1上綁定VSI。 [SwitchC] interface ten-gigabitethernet 1/0/1 [SwitchC-Ten-GigabitEthernet1/0/1] port link-mode bridge [SwitchC-Ten-GigabitEthernet1/0/1] service-instance 2000 [SwitchC-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 2 [SwitchC-Ten-GigabitEthernet1/0/1] xconnect vsi vpna
5)配置Switch D
# 配置Switch D與其他交換機建立BGP連接。 [SwitchD] bgp 200 [SwitchD-bgp-default] group evpn [SwitchD-bgp-default] peer 1.1.1.1 group evpn [SwitchD-bgp-default] peer 2.2.2.2 group evpn [SwitchD-bgp-default] peer 3.3.3.3 group evpn [SwitchD-bgp-default] peer evpn as-number 200 [SwitchD-bgp-default] peer evpn connect-interface loopback 0 # 配置BGP發布EVPN路由,並關閉BGP EVPN路由的VPN-Target過濾功能。 [SwitchD-bgp-default] address-family l2vpn evpn [SwitchD-bgp-default-evpn] peer evpn enable [SwitchD-bgp-default-evpn] undo policy vpn-target # 配置Switch D為路由反射器。 [SwitchD-bgp-default-evpn] peer evpn reflect-client # 配置VLAN接口11接口數據。 [SwitchD] interface vlan-interface 11 [SwitchD-Vlan-interface11] ip address 11.1.1.4 255.255.255.0 [SwitchD-Vlan-interface11] ospf 1 area 0.0.0.0 # 配置VLAN接口12接口數據。 [SwitchD] interface vlan-interface 12 [SwitchD-Vlan-interface12] ip address 12.1.1.4 255.255.255.0 [SwitchD-Vlan-interface12] ospf 1 area 0.0.0.0 # 配置VLAN接口13接口數據。 [SwitchD] interface Vlan-interface 13 [SwitchD-Vlan-interface13] ip address 13.1.1.4 255.255.255.0 [SwitchD-Vlan-interface13] ospf 1 area 0.0.0.0
6)這時通過抓包可以看到Server 1發出報文先經過以太網服務實例1中的服務器處理,再發送到Server2。