组网需求
如图1所示,为了实现通过骨干网使不同Site间相互通信,可以在网络中配置EVPN,实现二层流量业务的传输。当Site之间为同一子网时,各个PE设备上创建EVPN实例,存储EVPN路由,匹配MAC信息进行二层转发。本例中PE之间将使用SR-MPLS BE隧道承载业务流量的传输。
图1 配置EVPN VPLS over SR-MPLS BE组网图
配置思路
-
配置接口IP地址。
-
配置IGP实现PE1、PE2以及P设备之间的两两互通。
-
配置骨干网上的SR-MPLS BE隧道。
-
配置PE上的EVPN实例。
-
配置PE上的EVPN源地址。
-
配置PE与CE相连的二层以太子接口。
-
配置并应用隧道策略,使EVPN可以迭代SR-MPLS BE隧道。
-
配置PE间的BGP EVPN对等体关系。
-
配置CE与PE之间相互通信。
操作步骤
1. 按图1配置PE和P设备之间的接口地址
# 配置PE1。
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback 1
[*PE1-LoopBack1] ip address 1.1.1.1 32
[*PE1-LoopBack1] quit
[*PE1] interface gigabitethernet2/0/0
[*PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit
# 配置P。
<HUAWEI> system-view
[~HUAWEI] sysname P
[*HUAWEI] commit
[~P] interface loopback 1
[*P-LoopBack1] ip address 2.2.2.2 32
[*P-LoopBack1] quit
[*P] interface gigabitethernet1/0/0
[*P-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet2/0/0
[*P-GigabitEthernet2/0/0] ip address 10.2.1.1 24
[*P-GigabitEthernet2/0/0] quit
[*P] commit
# 配置PE2。
<HUAWEI> system-view
[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] interface loopback 1
[*PE2-LoopBack1] ip address 3.3.3.3 32
[*PE2-LoopBack1] quit
[*PE2] interface gigabitethernet2/0/0
[*PE2-GigabitEthernet2/0/0] ip address 10.2.1.2 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit
2. 配置IGP实现PE1、PE2以及P设备之间的互通。本例中IGP使用IS-IS为例进行说明
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-2
[*PE1-isis-1] network-entity 00.1111.1111.1111.00
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis enable 1
[*PE1-LoopBack1] quit
[*PE1] interface GigabitEthernet 2/0/0
[*PE1-GigabitEthernet2/0/0] isis enable 1
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit
# 配置P。
[~P] isis 1
[*P-isis-1] is-level level-2
[*P-isis-1] network-entity 00.1111.1111.2222.00
[*P-isis-1] quit
[*P] interface loopback 1
[*P-LoopBack1] isis enable 1
[*P-LoopBack1] quit
[*P] interface GigabitEthernet 1/0/0
[*P-GigabitEthernet1/0/0] isis enable 1
[*P-GigabitEthernet1/0/0] quit
[*P] interface GigabitEthernet 2/0/0
[*P-GigabitEthernet2/0/0] isis enable 1
[*P-GigabitEthernet2/0/0] quit
[*P] commit
# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-2
[*PE2-isis-1] network-entity 00.1111.1111.3333.00
[*PE2-isis-1] quit
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis enable 1
[*PE2-LoopBack1] quit
[*PE2] interface GigabitEthernet 2/0/0
[*PE2-GigabitEthernet2/0/0] isis enable 1
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit
配置完成后,PE1、PE2和P之间应能建立IS-IS邻居关系,执行display isis peer命令可以看到邻居状态为Up。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。
以PE1的显示为例:
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
1111.1111.2222 GE2/0/0 1111.1111.2222.01 Up 8s L2 64
Total Peer(s): 1
[~PE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
2.2.2.2/32 ISIS-L2 15 10 D 10.1.1.2 GigabitEthernet2/0/0
3.3.3.3/32 ISIS-L2 15 20 D 10.1.1.2 GigabitEthernet2/0/0
10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet2/0/0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
10.2.1.0/24 ISIS-L2 15 20 D 10.1.1.2 GigabitEthernet2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
3. (可选)在骨干网上配置MPLS基本能力
当接口下使能IS-IS功能后,接口自动使能MPLS能力,所以也可以忽略此步骤。
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.1
[*PE1] mpls
[*PE1-mpls] commit
[~PE1-mpls] quit
# 配置P。
[~P] mpls lsr-id 2.2.2.2
[*P] mpls
[*P-mpls] commit
[~P-mpls] quit
# 配置PE2。
[~PE2] mpls lsr-id 3.3.3.3
[*PE2] mpls
[*PE2-mpls] commit
[~PE2-mpls] quit
4. 配置骨干网上的SR-MPLS BE隧道
# 配置PE1。
[~PE1] segment-routing
[*PE1-segment-routing] quit
[*PE1] isis 1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] segment-routing mpls
[*PE1-isis-1] segment-routing global-block 153616 153800
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis prefix-sid absolute 153700
[*PE1-LoopBack1] quit
[*PE1] commit
# 配置P。
[~P] segment-routing
[*P-segment-routing] quit
[*P] isis 1
[*P-isis-1] cost-style wide
[*P-isis-1] segment-routing mpls
[*P-isis-1] segment-routing global-block 153616 153800
[*P-isis-1] quit
[*P] interface loopback 1
[*P-LoopBack1] isis prefix-sid absolute 153710
[*P-LoopBack1] quit
[*P] commit
# 配置PE2。
[~PE2] segment-routing
[*PE2-segment-routing] quit
[*PE2] isis 1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] segment-routing mpls
[*PE2-isis-1] segment-routing global-block 153616 153800
[*PE2-isis-1] quit
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis prefix-sid absolute 153720
[*PE2-LoopBack1] quit
[*PE2] commit
# 配置完成后,在PE设备上执行display tunnel-info all命令,可以看到SR LSP已建立。以PE1的显示为例。
[~PE1] display tunnel-info all
Tunnel ID Type Destination Status
----------------------------------------------------------------------------------------
0x000000002900000004 srbe-lsp 2.2.2.2 UP
0x000000002900000005 srbe-lsp 3.3.3.3 UP
# 在PE1上使用Ping检测SR LSP连通性,例如:
[~PE1] ping lsp segment-routing ip 3.3.3.3 32 version draft2
LSP PING FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 : 100 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=100 Sequence=1 time=6 ms
Reply from 3.3.3.3: bytes=100 Sequence=2 time=3 ms
Reply from 3.3.3.3: bytes=100 Sequence=3 time=3 ms
Reply from 3.3.3.3: bytes=100 Sequence=4 time=3 ms
Reply from 3.3.3.3: bytes=100 Sequence=5 time=3 ms
--- FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/6 ms
5. 配置PE上的EVPN实例
# 配置PE1。
[~PE1] evpn vpn-instance evrf1 bd-mode
[*PE1-evpn-instance-evrf1] route-distinguisher 100:1
[*PE1-evpn-instance-evrf1] vpn-target 1:1
[*PE1-evpn-instance-evrf1] quit
[*PE1] bridge-domain 10
[*PE1-bd10] evpn binding vpn-instance evrf1
[*PE1-bd10] quit
[*PE1] commit
# 配置PE2。
[~PE2] evpn vpn-instance evrf1 bd-mode
[*PE2-evpn-instance-evrf1] route-distinguisher 200:1
[*PE2-evpn-instance-evrf1] vpn-target 1:1
[*PE2-evpn-instance-evrf1] quit
[*PE2] bridge-domain 10
[*PE2-bd10] evpn binding vpn-instance evrf1
[*PE2-bd10] quit
[*PE2] commit
6. 配置PE上的EVPN源地址
# 配置PE1。
[~PE1] evpn source-address 1.1.1.1
[*PE1] commit
# 配置PE2。
[~PE2] evpn source-address 3.3.3.3
[*PE2] commit
7. 配置PE与CE相连的二层以太子接口
# 配置PE1。
[~PE1] interface GigabitEthernet 1/0/0
[*PE1-Gigabitethernet1/0/0] undo shutdown
[*PE1-Gigabitethernet1/0/0] quit
[*PE1] interface GigabitEthernet 1/0/0.1 mode l2
[*PE1-GigabitEthernet 1/0/0.1] encapsulation dot1q vid 10
[*PE1-GigabitEthernet 1/0/0.1] rewrite pop single
[*PE1-GigabitEthernet 1/0/0.1] bridge-domain 10
[*PE1-GigabitEthernet 1/0/0.1] quit
[*PE1] commit
# 配置PE2。
[~PE2] interface GigabitEthernet 1/0/0
[*PE2-Gigabitethernet1/0/0] undo shutdown
[*PE2-Gigabitethernet1/0/0] quit
[*PE2] interface GigabitEthernet 1/0/0.1 mode l2
[*PE2-GigabitEthernet 1/0/0.1] encapsulation dot1q vid 10
[*PE2-GigabitEthernet 1/0/0.1] rewrite pop single
[*PE2-GigabitEthernet 1/0/0.1] bridge-domain 10
[*PE2-GigabitEthernet 1/0/0.1] quit
[*PE2] commit
8. 配置并应用隧道策略,使EVPN可以迭代SR-MPLS BE隧道
# 配置PE1。
[~PE1] tunnel-policy srbe
[*PE1-tunnel-policy-srbe] tunnel select-seq sr-lsp load-balance-number 1
[*PE1-tunnel-policy-srbe] quit
[*PE1] evpn vpn-instance evrf1 bd-mode
[*PE1-evpn-instance-evrf1] tnl-policy srbe
[*PE1-evpn-instance-evrf1] quit
[*PE1] commit
# 配置PE2。
[~PE2] tunnel-policy srbe
[*PE2-tunnel-policy-srbe] tunnel select-seq sr-lsp load-balance-number 1
[*PE2-tunnel-policy-srbe] quit
[*PE2] evpn vpn-instance evrf1 bd-mode
[*PE2-evpn-instance-evrf1] tnl-policy srbe
[*PE2-evpn-instance-evrf1] quit
[*PE2] commit
9. 配置PE间的BGP EVPN对等体关系
# 配置PE1。
[~PE1] bgp 100
[*PE1-bgp] peer 3.3.3.3 as-number 100
[*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 3.3.3.3 enable
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] commit
# 配置PE2。
[~PE2] bgp 100
[*PE2-bgp] peer 1.1.1.1 as-number 100
[*PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 1.1.1.1 enable
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] commit
配置完成后,执行display bgp evpn peer命令,可以看到PE间的BGP对等体关系已建立,并达到Established状态。以PE1为例:
[~PE1] display bgp evpn peer
BGP local router ID : 10.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.3 4 100 43 44 0 00:34:03 Established 1
10. 配置CE与PE之间相互通信
# 配置CE1。
[~CE1] interface GigabitEthernet 1/0/0.1
[*CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE1-GigabitEthernet1/0/0.1] ip address 172.16.1.1 24
[*CE1-GigabitEthernet1/0/0.1] quit
[*CE1] commit
# 配置CE2。
[~CE2] interface GigabitEthernet 1/0/0.1
[*CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE2-GigabitEthernet1/0/0.1] ip address 172.16.1.2 24
[*CE2-GigabitEthernet1/0/0.1] quit
[*CE2] commit
11. 检查配置结果
在PE设备上执行display bgp evpn all routing-table命令,可以看到远端PE发来的EVPN路由。以PE1为例:
[~PE1] display bgp evpn all routing-table
Local AS number : 100
BGP Local router ID is 10.1.1.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Mac Routes: 2
Route Distinguisher: 100:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:00e0-fc21-0302:0:0.0.0.0 0.0.0.0
Route Distinguisher: 200:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:00e0-fc61-0300:0:0.0.0.0 3.3.3.3
EVPN-Instance evrf1:
Number of Mac Routes: 2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
Number of Mac Routes: 2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:00e0-fc21-0302:0:0.0.0.0 0.0.0.0
*>i 0:48:00e0-fc61-0300:0:0.0.0.0 3.3.3.3
EVPN address family:
Number of Inclusive Multicast Routes: 2
Route Distinguisher: 100:1
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:1.1.1.1 127.0.0.1
Route Distinguisher: 200:1
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*>i 0:32:3.3.3.3 3.3.3.3
EVPN-Instance evrf1:
Number of Inclusive Multicast Routes: 2
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:1.1.1.1 127.0.0.1
*>i 0:32:3.3.3.3 3.3.3.3
在PE1上执行命令display bgp evpn all routing-table mac-route 0:48:00e0-fc61-0300:0:0.0.0.0查看MAC Route的详细信息。
[~PE1] display bgp evpn all routing-table mac-route 0:48:00e0-fc61-0300:0:0.0.0.0
BGP local router ID : 10.1.1.1
Local AS number : 100
Total routes of Route Distinguisher(200:1): 1
BGP routing table entry information of 0:48:00e0-fc61-0300:0:0.0.0.0:
Label information (Received/Applied): 48090/NULL
From: 3.3.3.3 (10.2.1.2)
Route Duration: 0d00h03m20s
Relay IP Nexthop: 10.1.1.2
Relay IP Out-Interface: GigabitEthernet2/0/0
Relay Tunnel Out-Interface: GigabitEthernet2/0/0
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc61-0300/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
EVPN-Instance evrf1:
Number of Mac Routes: 1
BGP routing table entry information of 0:48:00e0-fc61-0300:0:0.0.0.0:
Route Distinguisher: 200:1
Remote-Cross route
Label information (Received/Applied): 48090/NULL
From: 3.3.3.3 (10.2.1.2)
Route Duration: 0d00h03m21s
Relay Tunnel Out-Interface: GigabitEthernet2/0/0
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc61-0300/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
在PE1上执行命令display bgp evpn all routing-table inclusive-route 0:32:3.3.3.3查看Inclusive Multicast Route的详细信息。
[~PE1] display bgp evpn all routing-table inclusive-route 0:32:3.3.3.3
BGP local router ID : 10.1.1.1
Local AS number : 100
Total routes of Route Distinguisher(200:1): 1
BGP routing table entry information of 0:32:3.3.3.3:
Label information (Received/Applied): 48123/NULL
From: 3.3.3.3 (3.3.3.3)
Route Duration: 0d01h33m44s
Relay IP Nexthop: 10.1.1.2
Relay IP Out-Interface: GigabitEthernet2/0/0
Relay Tunnel Out-Interface: GigabitEthernet2/0/0
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
PMSI: Flags 0, Ingress Replication, Label 0:0:0(48123), Tunnel Identifier:3.3.3.3
Route Type: 3 (Inclusive Multicast Route)
Ethernet Tag ID: 0, Originator IP:3.3.3.3/32
Not advertised to any peer yet
EVPN-Instance evrf1:
Number of Inclusive Multicast Routes: 1
BGP routing table entry information of 0:32:3.3.3.3:
Route Distinguisher: 200:1
Remote-Cross route
Label information (Received/Applied): 48123/NULL
From: 3.3.3.3 (3.3.3.3)
Route Duration: 0d01h33m44s
Relay Tunnel Out-Interface: GigabitEthernet2/0/0
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
PMSI: Flags 0, Ingress Replication, Label 0:0:0(48123), Tunnel Identifier:3.3.3.3
Route Type: 3 (Inclusive Multicast Route)
Ethernet Tag ID: 0, Originator IP:3.3.3.3/32
Not advertised to any peer yet
在CE上执行ping命令,同一VPN的CE能够相互Ping通,例如:
[~CE1] ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=7 ms
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=6 ms
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=5 ms
--- 172.16.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/6/10 ms