标签:quit isis EVdPdNd 示例 SR PE1 PE2 3.3 evpn
组网需求
如图1所示,为了实现通过骨干网使不同Site间相互通信,可以在网络中配置EVPN,实现二层流量业务的传输。当Site之间为同一子网时,各个PE设备上创建EVPN实例,存储EVPN路由,匹配MAC信息进行二层转发。本例中PE之间将使用SR-MPLS BE隧道承载业务流量的传输。
图1 配置EVPN VPLS over SR-MPLS BE组网图
配置思路
-
配置接口IP地址。
-
配置IGP实现PE1、PE2以及P设备之间的两两互通。
-
配置骨干网上的SR-MPLS BE隧道。
-
配置PE上的EVPN实例。
-
配置PE上的EVPN源地址。
-
配置PE与CE相连的二层以太子接口。
-
配置并应用隧道策略,使EVPN可以迭代SR-MPLS BE隧道。
-
配置PE间的BGP EVPN对等体关系。
-
配置CE与PE之间相互通信。
操作步骤
1. 按图1配置PE和P设备之间的接口地址
# 配置PE1。
<HUAWEI> system-view
[~HUAWEI] sysname PE1
[*HUAWEI] commit
[~PE1] interface loopback 1
[*PE1-LoopBack1] ip address 1.1.1.1 32
[*PE1-LoopBack1] quit
[*PE1] interface gigabitethernet2/0/0
[*PE1-GigabitEthernet2/0/0] ip address 10.1.1.1 24
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置P。
<HUAWEI> system-view
[~HUAWEI] sysname P
[*HUAWEI] commit
[~P] interface loopback 1
[*P-LoopBack1] ip address 2.2.2.2 32
[*P-LoopBack1] quit
[*P] interface gigabitethernet1/0/0
[*P-GigabitEthernet1/0/0] ip address 10.1.1.2 24
[*P-GigabitEthernet1/0/0] quit
[*P] interface gigabitethernet2/0/0
[*P-GigabitEthernet2/0/0] ip address 10.2.1.1 24
[*P-GigabitEthernet2/0/0] quit
[*P] commit# 配置PE2。
<HUAWEI> system-view
[~HUAWEI] sysname PE2
[*HUAWEI] commit
[~PE2] interface loopback 1
[*PE2-LoopBack1] ip address 3.3.3.3 32
[*PE2-LoopBack1] quit
[*PE2] interface gigabitethernet2/0/0
[*PE2-GigabitEthernet2/0/0] ip address 10.2.1.2 24
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit2. 配置IGP实现PE1、PE2以及P设备之间的互通。本例中IGP使用IS-IS为例进行说明
# 配置PE1。
[~PE1] isis 1
[*PE1-isis-1] is-level level-2
[*PE1-isis-1] network-entity 00.1111.1111.1111.00
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis enable 1
[*PE1-LoopBack1] quit
[*PE1] interface GigabitEthernet 2/0/0
[*PE1-GigabitEthernet2/0/0] isis enable 1
[*PE1-GigabitEthernet2/0/0] quit
[*PE1] commit# 配置P。
[~P] isis 1
[*P-isis-1] is-level level-2
[*P-isis-1] network-entity 00.1111.1111.2222.00
[*P-isis-1] quit
[*P] interface loopback 1
[*P-LoopBack1] isis enable 1
[*P-LoopBack1] quit
[*P] interface GigabitEthernet 1/0/0
[*P-GigabitEthernet1/0/0] isis enable 1
[*P-GigabitEthernet1/0/0] quit
[*P] interface GigabitEthernet 2/0/0
[*P-GigabitEthernet2/0/0] isis enable 1
[*P-GigabitEthernet2/0/0] quit
[*P] commit# 配置PE2。
[~PE2] isis 1
[*PE2-isis-1] is-level level-2
[*PE2-isis-1] network-entity 00.1111.1111.3333.00
[*PE2-isis-1] quit
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis enable 1
[*PE2-LoopBack1] quit
[*PE2] interface GigabitEthernet 2/0/0
[*PE2-GigabitEthernet2/0/0] isis enable 1
[*PE2-GigabitEthernet2/0/0] quit
[*PE2] commit配置完成后,PE1、PE2和P之间应能建立IS-IS邻居关系,执行display isis peer命令可以看到邻居状态为Up。执行display ip routing-table命令可以看到PE之间学习到对方的Loopback1路由。
以PE1的显示为例:
[~PE1] display isis peer
Peer information for ISIS(1)
System Id Interface Circuit Id State HoldTime Type PRI
--------------------------------------------------------------------------------
1111.1111.2222 GE2/0/0 1111.1111.2222.01 Up 8s L2 64
Total Peer(s): 1
[~PE1] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
2.2.2.2/32 ISIS-L2 15 10 D 10.1.1.2 GigabitEthernet2/0/0
3.3.3.3/32 ISIS-L2 15 20 D 10.1.1.2 GigabitEthernet2/0/0
10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet2/0/0
10.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
10.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet2/0/0
10.2.1.0/24 ISIS-L2 15 20 D 10.1.1.2 GigabitEthernet2/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack03. (可选)在骨干网上配置MPLS基本能力
当接口下使能IS-IS功能后,接口自动使能MPLS能力,所以也可以忽略此步骤。
# 配置PE1。
[~PE1] mpls lsr-id 1.1.1.1
[*PE1] mpls
[*PE1-mpls] commit
[~PE1-mpls] quit# 配置P。
[~P] mpls lsr-id 2.2.2.2
[*P] mpls
[*P-mpls] commit
[~P-mpls] quit# 配置PE2。
[~PE2] mpls lsr-id 3.3.3.3
[*PE2] mpls
[*PE2-mpls] commit
[~PE2-mpls] quit4. 配置骨干网上的SR-MPLS BE隧道
# 配置PE1。
[~PE1] segment-routing
[*PE1-segment-routing] quit
[*PE1] isis 1
[*PE1-isis-1] cost-style wide
[*PE1-isis-1] segment-routing mpls
[*PE1-isis-1] segment-routing global-block 153616 153800
[*PE1-isis-1] quit
[*PE1] interface loopback 1
[*PE1-LoopBack1] isis prefix-sid absolute 153700
[*PE1-LoopBack1] quit
[*PE1] commit# 配置P。
[~P] segment-routing
[*P-segment-routing] quit
[*P] isis 1
[*P-isis-1] cost-style wide
[*P-isis-1] segment-routing mpls
[*P-isis-1] segment-routing global-block 153616 153800
[*P-isis-1] quit
[*P] interface loopback 1
[*P-LoopBack1] isis prefix-sid absolute 153710
[*P-LoopBack1] quit
[*P] commit# 配置PE2。
[~PE2] segment-routing
[*PE2-segment-routing] quit
[*PE2] isis 1
[*PE2-isis-1] cost-style wide
[*PE2-isis-1] segment-routing mpls
[*PE2-isis-1] segment-routing global-block 153616 153800
[*PE2-isis-1] quit
[*PE2] interface loopback 1
[*PE2-LoopBack1] isis prefix-sid absolute 153720
[*PE2-LoopBack1] quit
[*PE2] commit# 配置完成后,在PE设备上执行display tunnel-info all命令,可以看到SR LSP已建立。以PE1的显示为例。
[~PE1] display tunnel-info all
Tunnel ID Type Destination Status
----------------------------------------------------------------------------------------
0x000000002900000004 srbe-lsp 2.2.2.2 UP
0x000000002900000005 srbe-lsp 3.3.3.3 UP # 在PE1上使用Ping检测SR LSP连通性,例如:
[~PE1] ping lsp segment-routing ip 3.3.3.3 32 version draft2
LSP PING FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 : 100 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=100 Sequence=1 time=6 ms
Reply from 3.3.3.3: bytes=100 Sequence=2 time=3 ms
Reply from 3.3.3.3: bytes=100 Sequence=3 time=3 ms
Reply from 3.3.3.3: bytes=100 Sequence=4 time=3 ms
Reply from 3.3.3.3: bytes=100 Sequence=5 time=3 ms
--- FEC: SEGMENT ROUTING IPV4 PREFIX 3.3.3.3/32 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/3/6 ms 5. 配置PE上的EVPN实例
# 配置PE1。
[~PE1] evpn vpn-instance evrf1
[*PE1-evpn-instance-evrf1] route-distinguisher 100:1
[*PE1-evpn-instance-evrf1] vpn-target 1:1
[*PE1-evpn-instance-evrf1] quit
[*PE1] commit# 配置PE2。
[~PE2] evpn vpn-instance evrf1
[*PE2-evpn-instance-evrf1] route-distinguisher 200:1
[*PE2-evpn-instance-evrf1] vpn-target 1:1
[*PE2-evpn-instance-evrf1] quit
[*PE2] commit6. 配置PE上的EVPN源地址
# 配置PE1。
[~PE1] evpn source-address 1.1.1.1
[*PE1] commit# 配置PE2。
[~PE2] evpn source-address 3.3.3.3
[*PE2] commit7. 配置PE与CE相连的二层以太子接口
# 配置PE1。
[~PE1] interface GigabitEthernet 1/0/0
[*PE1-Gigabitethernet1/0/0] undo shutdown
[*PE1-Gigabitethernet1/0/0] quit
[*PE1] interface GigabitEthernet 1/0/0.1
[*PE1-GigabitEthernet 1/0/0.1] vlan-type dot1q 10
[*PE1-GigabitEthernet 1/0/0.1] evpn binding vpn-instance evrf1
[*PE1-GigabitEthernet 1/0/0.1] quit
[*PE1] commit# 配置PE2。
[~PE2] interface GigabitEthernet 1/0/0
[*PE2-Gigabitethernet1/0/0] undo shutdown
[*PE2-Gigabitethernet1/0/0] quit
[*PE2] interface GigabitEthernet 1/0/0.1
[*PE2-GigabitEthernet 1/0/0.1] vlan-type dot1q 10
[*PE2-GigabitEthernet 1/0/0.1] evpn binding vpn-instance evrf1
[*PE2-GigabitEthernet 1/0/0.1] quit
[*PE2] commit8. 配置并应用隧道策略,使EVPN可以迭代SR-MPLS BE隧道
# 配置PE1。
[~PE1] tunnel-policy srbe
[*PE1-tunnel-policy-srbe] tunnel select-seq sr-lsp load-balance-number 1
[*PE1-tunnel-policy-srbe] quit
[*PE1] evpn vpn-instance evrf1
[*PE1-evpn-instance-evrf1] tnl-policy srbe
[*PE1-evpn-instance-evrf1] quit
[*PE1] commit# 配置PE2。
[~PE2] tunnel-policy srbe
[*PE2-tunnel-policy-srbe] tunnel select-seq sr-lsp load-balance-number 1
[*PE2-tunnel-policy-srbe] quit
[*PE2] evpn vpn-instance evrf1
[*PE2-evpn-instance-evrf1] tnl-policy srbe
[*PE2-evpn-instance-evrf1] quit
[*PE2] commit9. 配置PE间的BGP EVPN对等体关系
# 配置PE1。
[~PE1] bgp 100
[*PE1-bgp] peer 3.3.3.3 as-number 100
[*PE1-bgp] peer 3.3.3.3 connect-interface loopback 1
[*PE1-bgp] l2vpn-family evpn
[*PE1-bgp-af-evpn] peer 3.3.3.3 enable
[*PE1-bgp-af-evpn] quit
[*PE1-bgp] quit
[*PE1] commit# 配置PE2。
[~PE2] bgp 100
[*PE2-bgp] peer 1.1.1.1 as-number 100
[*PE2-bgp] peer 1.1.1.1 connect-interface loopback 1
[*PE2-bgp] l2vpn-family evpn
[*PE2-bgp-af-evpn] peer 1.1.1.1 enable
[*PE2-bgp-af-evpn] quit
[*PE2-bgp] quit
[*PE2] commit配置完成后,执行display bgp evpn peer命令,可以看到PE间的BGP对等体关系已建立,并达到Established状态。以PE1为例:
[~PE1] display bgp evpn peer
BGP local router ID : 10.1.1.1
Local AS number : 100
Total number of peers : 1 Peers in established state : 1
Peer V AS MsgRcvd MsgSent OutQ Up/Down State PrefRcv
3.3.3.3 4 100 43 44 0 00:34:03 Established 1 10. 配置CE与PE之间相互通信
# 配置CE1。
[~CE1] interface GigabitEthernet 1/0/0.1
[*CE1-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE1-GigabitEthernet1/0/0.1] ip address 172.16.1.1 24
[*CE1-GigabitEthernet1/0/0.1] quit
[*CE1] commit# 配置CE2。
[~CE2] interface GigabitEthernet 1/0/0.1
[*CE2-GigabitEthernet1/0/0.1] vlan-type dot1q 10
[*CE2-GigabitEthernet1/0/0.1] ip address 172.16.1.2 24
[*CE2-GigabitEthernet1/0/0.1] quit
[*CE2] commit11. 检查配置结果
在PE设备上执行display bgp evpn all routing-table命令,可以看到远端PE发来的EVPN路由。以PE1为例:
[~PE1] display bgp evpn all routing-table
Local AS number : 100
BGP Local router ID is 10.1.1.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Mac Routes: 2
Route Distinguisher: 100:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:00e0-fc21-0302:0:0.0.0.0 0.0.0.0
Route Distinguisher: 200:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:00e0-fc61-0300:0:0.0.0.0 3.3.3.3
EVPN-Instance evrf1:
Number of Mac Routes: 2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:00e0-fc21-0302:0:0.0.0.0 0.0.0.0
*>i 0:48:00e0-fc61-0300:0:0.0.0.0 3.3.3.3
EVPN address family:
Number of Inclusive Multicast Routes: 2
Route Distinguisher: 100:1
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:1.1.1.1 127.0.0.1
Route Distinguisher: 200:1
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*>i 0:32:3.3.3.3 3.3.3.3
EVPN-Instance evrf1:
Number of Inclusive Multicast Routes: 2
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:1.1.1.1 127.0.0.1
*>i 0:32:3.3.3.3 3.3.3.3 在PE1上执行命令display bgp evpn all routing-table mac-route 0:48:00e0-fc61-0300:0:0.0.0.0查看MAC Route的详细信息。
[~PE1] display bgp evpn all routing-table mac-route 0:48:00e0-fc61-0300:0:0.0.0.0
BGP local router ID : 10.1.1.1
Local AS number : 100
Total routes of Route Distinguisher(200:1): 1
BGP routing table entry information of 0:48:00e0-fc61-0300:0:0.0.0.0:
Label information (Received/Applied): 48123/NULL
From: 3.3.3.3 (10.2.1.2)
Route Duration: 0d00h01m32s
Relay IP Nexthop: 10.1.1.2
Relay IP Out-Interface: Ethernet3/0/0
Relay Tunnel Out-Interface: Ethernet3/0/0
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc61-0300/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet
EVPN-Instance evrf1:
Number of Mac Routes: 1
BGP routing table entry information of 0:48:00e0-fc61-0300:0:0.0.0.0:
Route Distinguisher: 200:1
Remote-Cross route
Label information (Received/Applied): 48123/NULL
From: 3.3.3.3 (10.2.1.2)
Route Duration: 0d00h01m31s
Relay Tunnel Out-Interface: Ethernet3/0/0
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
Route Type: 2 (MAC Advertisement Route)
Ethernet Tag ID: 0, MAC Address/Len: 00e0-fc61-0300/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
Not advertised to any peer yet 在PE1上执行命令display bgp evpn all routing-table inclusive-route 0:32:3.3.3.3查看Inclusive Multicast Route的详细信息。
[~PE1] display bgp evpn all routing-table inclusive-route 0:32:3.3.3.3
BGP local router ID : 10.1.1.1
Local AS number : 100
Total routes of Route Distinguisher(200:1): 1
BGP routing table entry information of 0:32:3.3.3.3:
Label information (Received/Applied): 48124/NULL
From: 3.3.3.3 (10.2.1.2)
Route Duration: 0d00h02m21s
Relay IP Nexthop: 10.1.1.2
Relay IP Out-Interface: GigabitEthernet2/0/0
Relay Tunnel Out-Interface: GigabitEthernet2/0/0
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
PMSI: Flags 0, Ingress Replication, Label 0:0:0(48124), Tunnel Identifier:3.3.3.3
Route Type: 3 (Inclusive Multicast Route)
Ethernet Tag ID: 0, Originator IP:3.3.3.3/32
Not advertised to any peer yet
EVPN-Instance evrf1:
Number of Inclusive Multicast Routes: 1
BGP routing table entry information of 0:32:3.3.3.3:
Route Distinguisher: 200:1
Remote-Cross route
Label information (Received/Applied): 48124/NULL
From: 3.3.3.3 (10.2.1.2)
Route Duration: 0d00h02m21s
Relay Tunnel Out-Interface: GigabitEthernet2/0/0
Original nexthop: 3.3.3.3
Qos information : 0x0
Ext-Community: RT <1 : 1>
AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 20
PMSI: Flags 0, Ingress Replication, Label 0:0:0(48124), Tunnel Identifier:3.3.3.3
Route Type: 3 (Inclusive Multicast Route)
Ethernet Tag ID: 0, Originator IP:3.3.3.3/32
Not advertised to any peer yet在CE上执行ping命令,同一VPN的CE能够相互Ping通,例如:
[~CE1] ping 172.16.1.2
PING 172.16.1.2: 56 data bytes, press CTRL_C to break
Reply from 172.16.1.2: bytes=56 Sequence=1 ttl=255 time=7 ms
Reply from 172.16.1.2: bytes=56 Sequence=2 ttl=255 time=10 ms
Reply from 172.16.1.2: bytes=56 Sequence=3 ttl=255 time=6 ms
Reply from 172.16.1.2: bytes=56 Sequence=4 ttl=255 time=2 ms
Reply from 172.16.1.2: bytes=56 Sequence=5 ttl=255 time=5 ms
--- 172.16.1.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 2/6/10 ms标签:quit,isis,EVdPdNd,示例,SR,PE1,PE2,3.3,evpn 来源: https://blog.csdn.net/guolianggsta/article/details/122632929
本站声明: 1. iCode9 技术分享网(下文简称本站)提供的所有内容,仅供技术学习、探讨和分享; 2. 关于本站的所有留言、评论、转载及引用,纯属内容发起人的个人观点,与本站观点和立场无关; 3. 关于本站的所有言论和文字,纯属内容发起人的个人观点,与本站观点和立场无关; 4. 本站文章均是网友提供,不完全保证技术分享内容的完整性、准确性、时效性、风险性和版权归属;如您发现该文章侵犯了您的权益,可联系我们第一时间进行删除; 5. 本站为非盈利性的个人网站,所有内容不会用来进行牟利,也不会利用任何形式的广告来间接获益,纯粹是为了广大技术爱好者提供技术内容和技术思想的分享性交流网站。