H3C VXLAN EVPN DCI互联同租户三层访问

上张贴CrossGrave发表回复

场景说明:同一个租户在两个DC内拥有不同vxlan,地址也不一样,需要进行三层业务互访。

DCI-Leaf配置:

#
sysname DCI-Leaf-1
#
ip vpn-instance A //配置租户VRF
route-distinguisher 1:5000
vpn-target 1:5000 import-extcommunity
vpn-target 1:5000 export-extcommunity
#
address-family evpn
vpn-target 1:5000 import-extcommunity
vpn-target 1:5000 export-extcommunity
#
ospf 1
area 0.0.0.0
network 1.1.1.2 0.0.0.0
network 10.0.11.0 0.0.0.3
#
l2vpn enable
#
vsi vxlan10010 //配置本DC内租户的VXLAN信息,用于建立与分布式网关(Leaf)隧道使用
vxlan 10010
evpn encapsulation vxlan
route-distinguisher 10:10010
vpn-target 10:10010 export-extcommunity
vpn-target 10:10010 import-extcommunity
#
interface LoopBack0 //VTEP地址
ip address 1.1.1.2 255.255.255.255
#
interface FortyGigE1/0/53
port link-mode route
ip address 10.0.11.1 255.255.255.252
#
interface FortyGigE1/0/54
port link-mode route
ip address 10.0.12.1 255.255.255.252
dci enable //做DCI互联的接口需要开启,用于BGP EVPN自动建立隧道
#
interface Vsi-interface5000
ip binding vpn-instance A
l3-vni 5000 //绑定租户L3 VNI
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 2.2.2.2 as-number 200
peer 2.2.2.2 connect-interface LoopBack0
peer 2.2.2.2 ebgp-max-hop 2
#
address-family l2vpn evpn
undo policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 next-hop-local //由于从eBGP学习的路由通告给iBGP不会修改下一跳,因此要将修改下一跳为本端DCI-Leaf,可以通过将对端DCI-Leaf的VTEP地址发布到本端Underlay层中解决(不建议)
peer 1.1.1.1 reflect-client
peer 2.2.2.2 enable
peer 2.2.2.2 router-mac-local //配置通告给对端DCI-Leaf的时候修改MAC地址为本端DCI-Leaf的MAC地址
#
ip route-static 2.2.2.2 32 10.0.12.2 //配置与对端DCI-Leaf通讯的,可以是任何协议
#
return
# sysname DCI-Leaf-1 # ip vpn-instance A //配置租户VRF route-distinguisher 1:5000 vpn-target 1:5000 import-extcommunity vpn-target 1:5000 export-extcommunity # address-family evpn vpn-target 1:5000 import-extcommunity vpn-target 1:5000 export-extcommunity # ospf 1 area 0.0.0.0 network 1.1.1.2 0.0.0.0 network 10.0.11.0 0.0.0.3 # l2vpn enable # vsi vxlan10010 //配置本DC内租户的VXLAN信息,用于建立与分布式网关(Leaf)隧道使用 vxlan 10010 evpn encapsulation vxlan route-distinguisher 10:10010 vpn-target 10:10010 export-extcommunity vpn-target 10:10010 import-extcommunity # interface LoopBack0 //VTEP地址 ip address 1.1.1.2 255.255.255.255 # interface FortyGigE1/0/53 port link-mode route ip address 10.0.11.1 255.255.255.252 # interface FortyGigE1/0/54 port link-mode route ip address 10.0.12.1 255.255.255.252 dci enable //做DCI互联的接口需要开启,用于BGP EVPN自动建立隧道 # interface Vsi-interface5000 ip binding vpn-instance A l3-vni 5000 //绑定租户L3 VNI # bgp 100 peer 1.1.1.1 as-number 100 peer 1.1.1.1 connect-interface LoopBack0 peer 2.2.2.2 as-number 200 peer 2.2.2.2 connect-interface LoopBack0 peer 2.2.2.2 ebgp-max-hop 2 # address-family l2vpn evpn undo policy vpn-target peer 1.1.1.1 enable peer 1.1.1.1 next-hop-local //由于从eBGP学习的路由通告给iBGP不会修改下一跳,因此要将修改下一跳为本端DCI-Leaf,可以通过将对端DCI-Leaf的VTEP地址发布到本端Underlay层中解决(不建议) peer 1.1.1.1 reflect-client peer 2.2.2.2 enable peer 2.2.2.2 router-mac-local //配置通告给对端DCI-Leaf的时候修改MAC地址为本端DCI-Leaf的MAC地址 # ip route-static 2.2.2.2 32 10.0.12.2 //配置与对端DCI-Leaf通讯的,可以是任何协议 # return
#
 sysname DCI-Leaf-1
#
ip vpn-instance A  //配置租户VRF
 route-distinguisher 1:5000
 vpn-target 1:5000 import-extcommunity
 vpn-target 1:5000 export-extcommunity
 #
 address-family evpn
  vpn-target 1:5000 import-extcommunity
  vpn-target 1:5000 export-extcommunity
#
ospf 1
 area 0.0.0.0
  network 1.1.1.2 0.0.0.0
  network 10.0.11.0 0.0.0.3
#
 l2vpn enable
#
vsi vxlan10010 //配置本DC内租户的VXLAN信息,用于建立与分布式网关(Leaf)隧道使用
 vxlan 10010
 evpn encapsulation vxlan
  route-distinguisher 10:10010
  vpn-target 10:10010 export-extcommunity
  vpn-target 10:10010 import-extcommunity
#
interface LoopBack0 //VTEP地址
 ip address 1.1.1.2 255.255.255.255
#
interface FortyGigE1/0/53
 port link-mode route
 ip address 10.0.11.1 255.255.255.252
#
interface FortyGigE1/0/54
 port link-mode route
 ip address 10.0.12.1 255.255.255.252
 dci enable //做DCI互联的接口需要开启,用于BGP EVPN自动建立隧道
#
interface Vsi-interface5000
 ip binding vpn-instance A
 l3-vni 5000 //绑定租户L3 VNI
#
bgp 100
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack0
 peer 2.2.2.2 as-number 200
 peer 2.2.2.2 connect-interface LoopBack0
 peer 2.2.2.2 ebgp-max-hop 2
 #
 address-family l2vpn evpn
  undo policy vpn-target
  peer 1.1.1.1 enable
  peer 1.1.1.1 next-hop-local  //由于从eBGP学习的路由通告给iBGP不会修改下一跳,因此要将修改下一跳为本端DCI-Leaf,可以通过将对端DCI-Leaf的VTEP地址发布到本端Underlay层中解决(不建议)
  peer 1.1.1.1 reflect-client
  peer 2.2.2.2 enable
  peer 2.2.2.2 router-mac-local //配置通告给对端DCI-Leaf的时候修改MAC地址为本端DCI-Leaf的MAC地址
#
 ip route-static 2.2.2.2 32 10.0.12.2 //配置与对端DCI-Leaf通讯的,可以是任何协议
#
return

实验结果:

DCI-Leaf之间通讯抓包:

Leaf-1上看到的BGP EVPN路由:

Leaf-1的路由表:

可以看到Leaf-1的租户路由表中,192.168.20.1下一跳是1.1.1.2(本DC的DCI-Leaf)

发表评论

您的电子邮箱地址不会被公开。

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据