华为NE40E路由器实验配置示例 | 配置EVdPdNd VPLS over SR-MPLS BE示例(普通EVdPdNd实例)

组网需求

图1所示,为了实现通过骨干网使不同Site间相互通信,可以在网络中配置EVPN,实现二层流量业务的传输。当Site之间为同一子网时,各个PE设备上创建EVPN实例,存储EVPN路由,匹配MAC信息进行二层转发。本例中PE之间将使用SR-MPLS BE隧道承载业务流量的传输。

图1 配置EVPN VPLS over SR-MPLS BE组网图

华为NE40E路由器实验配置示例 | 配置EVdPdNd VPLS over SR-MPLS BE示例(普通EVdPdNd实例)

配置思路

  1. 配置接口IP地址。

  2. 配置IGP实现PE1、PE2以及P设备之间的两两互通。

  3. 配置骨干网上的SR-MPLS BE隧道。

  4. 配置PE上的EVPN实例。

  5. 配置PE上的EVPN源地址。

  6. 配置PE与CE相连的二层以太子接口。

  7. 配置并应用隧道策略,使EVPN可以迭代SR-MPLS BE隧道。

  8. 配置PE间的BGP EVPN对等体关系。

  9. 配置CE与PE之间相互通信。

操作步骤

1. 按图1配置PE和P设备之间的接口地址

# 配置PE1。

<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback 1
[*PE1-LoopBack1] ip address 1.1.1.1 32
[*PE1-LoopBack1] quit
[*PE1] interface gigabitethernet2/0/0
[*PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit

# 配置P。

<HUAWEI> system-view
[~HUAWEI] sysname P
[*HUAWEI] commit
[~P] interface loopback 1
[*P-LoopBack1] ip address 2.2.2.2 32
[*P-LoopBack1] quit
[*P] interface gigabitethernet1/0/0
[*P-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet2/0/0
[*P-GigabitEthernet2/0/0] ip address 10.2.1.1 24
[*P-GigabitEthernet2/0/0] quit
[*P] commit

# 配置PE2。

<HUAWEI> system-view
[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] interface loopback 1
[*PE2-LoopBack1] ip address 3.3.3.3 32
[*PE2-LoopBack1] quit
[*PE2] interface gigabitethernet2/0/0
[*PE2-GigabitEthernet2/0/0] ip address 10.2.1.2 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit

2. 配置IGP实现PE1、PE2以及P设备之间的互通。本例中IGP使用IS-IS为例进行说明

# 配置PE1。

[~PE1] isis 1
[*PE1-isis-1] is-level level-2
[*PE1-isis-1] network-entity 00.1111.1111.1111.00
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis enable 1
[*PE1-LoopBack1] quit
[*PE1] interface GigabitEthernet 2/0/0
[*PE1-GigabitEthernet2/0/0] isis enable 1
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit

# 配置P。

[~P] isis 1
[*P-isis-1] is-level level-2
[*P-isis-1] network-entity 00.1111.1111.2222.00
[*P-isis-1] quit
[*P] interface loopback 1
[*P-LoopBack1] isis enable 1
[*P-LoopBack1] quit
[*P] interface GigabitEthernet 1/0/0
[*P-GigabitEthernet1/0/0] isis enable 1
[*P-GigabitEthernet1/0/0] quit
[*P] interface GigabitEthernet 2/0/0
[*P-GigabitEthernet2/0/0] isis enable 1
[*P-GigabitEthernet2/0/0] quit
[*P] commit

# 配置PE2。

[~PE2] isis 1
[*PE2-isis-1] is-level level-2
[*PE2-isis-1] network-entity 00.1111.1111.3333.00
[*PE2-isis-1] quit
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis enable 1
[*PE2-LoopBack1] quit
[*PE2] interface GigabitEthernet 2/0/0
[*PE2-GigabitEthernet2/0/0] isis enable 1
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit

配置完成后,PE1、PE2和P之间应能建立IS-IS邻居关系,执行display isis peer命令可以看到邻居状态为Up。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。

以PE1的显示为例:

[~PE1] display isis peer
                          Peer information for ISIS(1)
                         
  System Id     Interface          Circuit Id        State HoldTime Type     PRI
--------------------------------------------------------------------------------
1111.1111.2222  GE2/0/0            1111.1111.2222.01  Up   8s       L2       64 

Total Peer(s): 1
[~PE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
         Destinations : 11       Routes : 11        

Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface

        1.1.1.1/32  Direct  0    0             D   127.0.0.1       LoopBack1
        2.2.2.2/32  ISIS-L2 15   10            D   10.1.1.2        GigabitEthernet2/0/0
        3.3.3.3/32  ISIS-L2 15   20            D   10.1.1.2        GigabitEthernet2/0/0
       10.1.1.0/24  Direct  0    0             D   10.1.1.1        GigabitEthernet2/0/0
       10.1.1.1/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
     10.1.1.255/32  Direct  0    0             D   127.0.0.1       GigabitEthernet2/0/0
       10.2.1.0/24  ISIS-L2 15   20            D   10.1.1.2        GigabitEthernet2/0/0
      127.0.0.0/8   Direct  0    0             D   127.0.0.1       InLoopBack0
      127.0.0.1/32  Direct  0    0             D   127.0.0.1       InLoopBack0
127.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0

3. (可选)在骨干网上配置MPLS基本能力

当接口下使能IS-IS功能后,接口自动使能MPLS能力,所以也可以忽略此步骤。

# 配置PE1。

[~PE1] mpls lsr-id 1.1.1.1
[*PE1] mpls
[*PE1-mpls] commit
[~PE1-mpls] quit

# 配置P。

[~P] mpls lsr-id 2.2.2.2
[*P] mpls
[*P-mpls] commit
[~P-mpls] quit

# 配置PE2。

[~PE2] mpls lsr-id 3.3.3.3
[*PE2] mpls
[*PE2-mpls] commit
[~PE2-mpls] quit

4. 配置骨干网上的SR-MPLS BE隧道

# 配置PE1。

[~PE1] segment-routing
[*PE1-segment-routing] quit
[*PE1] isis 1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] segment-routing mpls
[*PE1-isis-1] segment-routing global-block 153616 153800
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis prefix-sid absolute 153700
[*PE1-LoopBack1] quit
[*PE1] commit

# 配置P。

[~P] segment-routing
[*P-segment-routing] quit
[*P] isis 1
[*P-isis-1] cost-style wide
[*P-isis-1] segment-routing mpls
[*P-isis-1] segment-routing global-block 153616 153800
[*P-isis-1] quit
[*P] interface loopback 1
[*P-LoopBack1] isis prefix-sid absolute 153710
[*P-LoopBack1] quit
[*P] commit

# 配置PE2。

[~PE2] segment-routing
[*PE2-segment-routing] quit
[*PE2] isis 1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] segment-routing mpls
[*PE2-isis-1] segment-routing global-block 153616 153800
[*PE2-isis-1] quit
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis prefix-sid absolute 153720
[*PE2-LoopBack1] quit
[*PE2] commit

# 配置完成后,在PE设备上执行display tunnel-info all命令,可以看到SR LSP已建立。以PE1的显示为例。

[~PE1] display tunnel-info all
Tunnel ID            Type                Destination                             Status              
---------------------------------------------------------------------------------------- 
0x000000002900000004 srbe-lsp            2.2.2.2                                 UP             
0x000000002900000005 srbe-lsp            3.3.3.3                                 UP 

# 在PE1上使用Ping检测SR LSP连通性,例如:

[~PE1] ping lsp segment-routing ip 3.3.3.3 32 version draft2                                                                         
  LSP PING FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 : 100  data bytes, press CTRL_C to break      
    Reply from 3.3.3.3: bytes=100 Sequence=1 time=6 ms                               
    Reply from 3.3.3.3: bytes=100 Sequence=2 time=3 ms                                 
    Reply from 3.3.3.3: bytes=100 Sequence=3 time=3 ms                                      
    Reply from 3.3.3.3: bytes=100 Sequence=4 time=3 ms                                        
    Reply from 3.3.3.3: bytes=100 Sequence=5 time=3 ms                                             

  --- FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 ping statistics ---                 
    5 packet(s) transmitted                                                              
    5 packet(s) received   
    0.00% packet loss 
    round-trip min/avg/max = 3/3/6 ms 

5. 配置PE上的EVPN实例

# 配置PE1。

[~PE1] evpn vpn-instance evrf1
[*PE1-evpn-instance-evrf1] route-distinguisher 100:1
[*PE1-evpn-instance-evrf1] vpn-target 1:1
[*PE1-evpn-instance-evrf1] quit
[*PE1] commit

# 配置PE2。

[~PE2] evpn vpn-instance evrf1
[*PE2-evpn-instance-evrf1] route-distinguisher 200:1
[*PE2-evpn-instance-evrf1] vpn-target 1:1
[*PE2-evpn-instance-evrf1] quit
[*PE2] commit

6. 配置PE上的EVPN源地址

# 配置PE1。

[~PE1] evpn source-address 1.1.1.1
[*PE1] commit

# 配置PE2。

[~PE2] evpn source-address 3.3.3.3
[*PE2] commit

7. 配置PE与CE相连的二层以太子接口

# 配置PE1。

[~PE1] interface GigabitEthernet 1/0/0
[*PE1-Gigabitethernet1/0/0] undo shutdown
[*PE1-Gigabitethernet1/0/0] quit
[*PE1] interface GigabitEthernet 1/0/0.1
[*PE1-GigabitEthernet 1/0/0.1] vlan-type dot1q 10
[*PE1-GigabitEthernet 1/0/0.1] evpn binding vpn-instance evrf1
[*PE1-GigabitEthernet 1/0/0.1] quit
[*PE1] commit

# 配置PE2。

[~PE2] interface GigabitEthernet 1/0/0
[*PE2-Gigabitethernet1/0/0] undo shutdown
[*PE2-Gigabitethernet1/0/0] quit
[*PE2] interface GigabitEthernet 1/0/0.1
[*PE2-GigabitEthernet 1/0/0.1] vlan-type dot1q 10
[*PE2-GigabitEthernet 1/0/0.1] evpn binding vpn-instance evrf1
[*PE2-GigabitEthernet 1/0/0.1] quit
[*PE2] commit

8. 配置并应用隧道策略,使EVPN可以迭代SR-MPLS BE隧道

# 配置PE1。

[~PE1] tunnel-policy srbe
[*PE1-tunnel-policy-srbe] tunnel select-seq sr-lsp load-balance-number 1 
[*PE1-tunnel-policy-srbe] quit
[*PE1] evpn vpn-instance evrf1
[*PE1-evpn-instance-evrf1] tnl-policy srbe
[*PE1-evpn-instance-evrf1] quit
[*PE1] commit

# 配置PE2。

[~PE2] tunnel-policy srbe
[*PE2-tunnel-policy-srbe] tunnel select-seq sr-lsp load-balance-number 1 
[*PE2-tunnel-policy-srbe] quit
[*PE2] evpn vpn-instance evrf1
[*PE2-evpn-instance-evrf1] tnl-policy srbe
[*PE2-evpn-instance-evrf1] quit
[*PE2] commit

9. 配置PE间的BGP EVPN对等体关系

# 配置PE1。

[~PE1] bgp 100
[*PE1-bgp] peer 3.3.3.3 as-number 100
[*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 3.3.3.3 enable
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] commit

# 配置PE2。

[~PE2] bgp 100
[*PE2-bgp] peer 1.1.1.1 as-number 100
[*PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 1.1.1.1 enable
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] commit

配置完成后,执行display bgp evpn peer命令,可以看到PE间的BGP对等体关系已建立,并达到Established状态。以PE1为例:

[~PE1] display bgp evpn peer

 BGP local router ID : 10.1.1.1                                                           
 Local AS number : 100                                                                    
 Total number of peers : 1                 Peers in established state : 1                           

  Peer                             V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv        
  3.3.3.3                          4         100       43       44     0 00:34:03 Established        1 

10. 配置CE与PE之间相互通信

# 配置CE1。

[~CE1] interface GigabitEthernet 1/0/0.1
[*CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE1-GigabitEthernet1/0/0.1] ip address 172.16.1.1 24
[*CE1-GigabitEthernet1/0/0.1] quit
[*CE1] commit

# 配置CE2。

[~CE2] interface GigabitEthernet 1/0/0.1
[*CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE2-GigabitEthernet1/0/0.1] ip address 172.16.1.2 24
[*CE2-GigabitEthernet1/0/0.1] quit
[*CE2] commit

11. 检查配置结果

在PE设备上执行display bgp evpn all routing-table命令,可以看到远端PE发来的EVPN路由。以PE1为例:

[~PE1] display bgp evpn all routing-table

 Local AS number : 100     

 BGP Local router ID is 10.1.1.1       
 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,               
               h - history,  i - internal, s - suppressed, S - Stale  
               Origin : i - IGP, e - EGP, ? - incomplete        


 EVPN address family:      
 Number of Mac Routes: 2   
 Route Distinguisher: 100:1            
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop 
 *>    0:48:00e0-fc21-0302:0:0.0.0.0                          0.0.0.0 
 Route Distinguisher: 200:1            
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop 
 *>i   0:48:00e0-fc61-0300:0:0.0.0.0                          3.3.3.3 


 EVPN-Instance evrf1:      
 Number of Mac Routes: 2   
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop   
 *>    0:48:00e0-fc21-0302:0:0.0.0.0                          0.0.0.0 
 *>i   0:48:00e0-fc61-0300:0:0.0.0.0                          3.3.3.3 

 EVPN address family:      
 Number of Inclusive Multicast Routes: 2                        
 Route Distinguisher: 100:1            
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop 
 *>    0:32:1.1.1.1                                           127.0.0.1                        
 Route Distinguisher: 200:1            
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop 
 *>i   0:32:3.3.3.3                                           3.3.3.3 


 EVPN-Instance evrf1:      
 Number of Inclusive Multicast Routes: 2                        
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop 
 *>    0:32:1.1.1.1                                           127.0.0.1                        
 *>i   0:32:3.3.3.3                                           3.3.3.3 

在PE1上执行命令display bgp evpn all routing-table mac-route 0:48:00e0-fc61-0300:0:0.0.0.0查看MAC Route的详细信息。

[~PE1] display bgp evpn all routing-table mac-route 0:48:00e0-fc61-0300:0:0.0.0.0 

 BGP local router ID : 10.1.1.1        
 Local AS number : 100     
 Total routes of Route Distinguisher(200:1): 1                  
 BGP routing table entry information of 0:48:00e0-fc61-0300:0:0.0.0.0:                         
 Label information (Received/Applied): 48123/NULL               
 From: 3.3.3.3 (10.2.1.2)  
 Route Duration: 0d00h01m32s           
 Relay IP Nexthop: 10.1.1.2            
 Relay IP Out-Interface: Ethernet3/0/0 
 Relay Tunnel Out-Interface: Ethernet3/0/0                      
 Original nexthop: 3.3.3.3 
 Qos information : 0x0     
 Ext-Community: RT <1 : 1> 
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20    
 Route Type: 2 (MAC Advertisement Route)                        
 Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc61-0300/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000    
 Not advertised to any peer yet        



 EVPN-Instance evrf1:  
 Number of Mac Routes: 1   
 BGP routing table entry information of 0:48:00e0-fc61-0300:0:0.0.0.0:                         
 Route Distinguisher: 200:1            
 Remote-Cross route        
 Label information (Received/Applied): 48123/NULL               
 From: 3.3.3.3 (10.2.1.2)  
 Route Duration: 0d00h01m31s           
 Relay Tunnel Out-Interface: Ethernet3/0/0                      
 Original nexthop: 3.3.3.3 
 Qos information : 0x0     
 Ext-Community: RT <1 : 1> 
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20    
 Route Type: 2 (MAC Advertisement Route)                        
 Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc61-0300/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000      
 Not advertised to any peer yet 

在PE1上执行命令display bgp evpn all routing-table inclusive-route 0:32:3.3.3.3查看Inclusive Multicast Route的详细信息。

[~PE1] display bgp evpn all routing-table inclusive-route 0:32:3.3.3.3

 BGP local router ID : 10.1.1.1        
 Local AS number : 100     
 Total routes of Route Distinguisher(200:1): 1                  
 BGP routing table entry information of 0:32:3.3.3.3:           
 Label information (Received/Applied): 48124/NULL               
 From: 3.3.3.3 (10.2.1.2)  
 Route Duration: 0d00h02m21s           
 Relay IP Nexthop: 10.1.1.2            
 Relay IP Out-Interface: GigabitEthernet2/0/0 
 Relay Tunnel Out-Interface: GigabitEthernet2/0/0                      
 Original nexthop: 3.3.3.3 
 Qos information : 0x0     
 Ext-Community: RT <1 : 1> 
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20 
 PMSI: Flags 0, Ingress Replication, Label 0:0:0(48124), Tunnel Identifier:3.3.3.3 
 Route Type: 3 (Inclusive Multicast Route)                      
 Ethernet Tag ID: 0, Originator IP:3.3.3.3/32                   
 Not advertised to any peer yet        



 EVPN-Instance evrf1:      
 Number of Inclusive Multicast Routes: 1                        
 BGP routing table entry information of 0:32:3.3.3.3:           
 Route Distinguisher: 200:1            
 Remote-Cross route        
 Label information (Received/Applied): 48124/NULL               
 From: 3.3.3.3 (10.2.1.2)  
 Route Duration: 0d00h02m21s           
 Relay Tunnel Out-Interface: GigabitEthernet2/0/0                      
 Original nexthop: 3.3.3.3 
 Qos information : 0x0     
 Ext-Community: RT <1 : 1> 
 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20   
 PMSI: Flags 0, Ingress Replication, Label 0:0:0(48124), Tunnel Identifier:3.3.3.3
 Route Type: 3 (Inclusive Multicast Route)                      
 Ethernet Tag ID: 0, Originator IP:3.3.3.3/32                   
 Not advertised to any peer yet

在CE上执行ping命令,同一VPN的CE能够相互Ping通,例如:

[~CE1] ping 172.16.1.2                                     
  PING 172.16.1.2: 56  data bytes, press CTRL_C to break                                   
    Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=7 ms 
    Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms 
    Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=6 ms                           
    Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms                           
    Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=5 ms                           

  --- 172.16.1.2 ping statistics ---              
    5 packet(s) transmitted 
    5 packet(s) received    
    0.00% packet loss       
    round-trip min/avg/max = 2/6/10 ms

上一篇:Android中定时器的3种实现方法


下一篇:ISIS协议