配置分布式网关部署方式的IPv4 VXLAN示例

适用产品和版本

• CE16800（除X系列单板外）、CE8800、CE6800（除CE6820H、CE6820H-K、CE6820S、CE6885-LL低时延模式外）系列产品V300R020C00或更高版本。
• 如果需要了解软件版本与交换机具体型号的配套信息，请查看硬件中心。

组网需求

如图1所示，某企业新建的数据中心网络采用分布式网关部署方式，其中Underlay基础网络为IPv4，Overlay网络为IPv4/IPv6。Leaf作为三层网关与服务器对接；Spine同时作为东西向流量的汇聚设备和网络出口网关。为了保证高可靠性，Spine、Leaf采用M-LAG部署方式。

图1 分布式网关部署方式的VXLAN网络示意图

上图中“1/0/1”为接口编号，接口速率为100GE，即“1/0/1”表示接口“100GE1/0/1”。其他接口类似。

配置思路

操作步骤

1. 配置路由协议，实现Underlay网络三层互通。# 配置Leaf1。其他设备的配置与Leaf1类似，这里不再赘述，具体配置请参考配置脚本。

   <HUAWEI> system-view
   [~HUAWEI] sysname Leaf1
   [*HUAWEI] commit
   [~Leaf1] interface 100ge 1/0/1
   [~Leaf1-100GE1/0/1] undo portswitch
   [*Leaf1-100GE1/0/1] ip address 192.168.1.2 24
   [*Leaf1-100GE1/0/1] ospf network-type p2p
   [*Leaf1-100GE1/0/1] quit
   [*Leaf1] interface 100ge 1/0/2
   [*Leaf1-100GE1/0/2] undo portswitch
   [*Leaf1-100GE1/0/2] ip address 192.168.5.2 24
   [*Leaf1-100GE1/0/2] ospf network-type p2p
   [*Leaf1-100GE1/0/2] quit
   [*Leaf1] interface loopback 0
   [*Leaf1-LoopBack0] ip address 6.6.6.6 32
   [*Leaf1-LoopBack0] quit
   [*Leaf1] interface loopback 1
   [*Leaf1-LoopBack1] ip address 2.2.2.2 32
   [*Leaf1-LoopBack1] quit
   [*Leaf1] ospf
   [*Leaf1-ospf-1] area 0
   [*Leaf1-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255
   [*Leaf1-ospf-1-area-0.0.0.0] network 192.168.5.0 0.0.0.255
   [*Leaf1-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0
   [*Leaf1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
   [*Leaf1-ospf-1-area-0.0.0.0] quit
   [*Leaf1-ospf-1] quit
   [*Leaf1] commit

   # OSPF成功配置后，Leaf、Spine之间可通过OSPF协议发现对方的Loopback接口的地址，并能互相ping通。

2. 配置Leaf组成M-LAG系统。本示例中Leaf1、Leaf2组成M-LAG系统，Leaf3、Leaf4组成M-LAG系统，具体配置与此类似，不再赘述。# 配置Leaf1。

   [~Leaf1] stp mode rstp
   [*Leaf1] stp v-stp enable
   [*Leaf1] dfs-group 1
   [*Leaf1-dfs-group-1] dual-active detection source ip 6.6.6.6
   [*Leaf1-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206
   [*Leaf1-dfs-group-1] priority 150
   [*Leaf1-dfs-group-1] quit
   [*Leaf1] interface eth-trunk 1
   [*Leaf1-Eth-Trunk1] trunkport 100ge 1/0/3
   [*Leaf1-Eth-Trunk1] trunkport 100ge 1/0/4
   [*Leaf1-Eth-Trunk1] mode lacp-static
   [*Leaf1-Eth-Trunk1] peer-link 1
   [*Leaf1-Eth-Trunk1] port vlan exclude 1
   [*Leaf1-Eth-Trunk1] quit
   [*Leaf1] interface eth-trunk 2
   [*Leaf1-Eth-Trunk2] trunkport 100ge 1/0/5
   [*Leaf1-Eth-Trunk2] mode lacp-static
   [*Leaf1-Eth-Trunk2] dfs-group 1 m-lag 1
   [*Leaf1-Eth-Trunk2] stp edged-port enable
   [*Leaf1-Eth-Trunk2] quit
   [*Leaf1] interface eth-trunk 3
   [*Leaf1-Eth-Trunk3] trunkport 100ge 1/0/6
   [*Leaf1-Eth-Trunk3] mode lacp-static
   [*Leaf1-Eth-Trunk3] dfs-group 1 m-lag 2
   [*Leaf1-Eth-Trunk3] stp edged-port enable
   [*Leaf1-Eth-Trunk3] quit
   [*Leaf1] commit
   [~Leaf1] monitor-link group 1
   [*Leaf1-mtlk-group1] port 100ge 1/0/1 uplink
   [*Leaf1-mtlk-group1] port 100ge 1/0/2 uplink
   [*Leaf1-mtlk-group1] port eth-trunk 2 downlink 1
   [*Leaf1-mtlk-group1] port eth-trunk 3 downlink 2
   [*Leaf1-mtlk-group1] quit
   [*Leaf1] commit

   # 配置Leaf2。

   [~Leaf2] stp mode rstp
   [*Leaf2] stp v-stp enable
   [*Leaf2] dfs-group 1
   [*Leaf2-dfs-group-1] dual-active detection source ip 7.7.7.7
   [*Leaf2-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206
   [*Leaf2-dfs-group-1] quit
   [*Leaf2] interface eth-trunk 1
   [*Leaf2-Eth-Trunk1] trunkport 100ge 1/0/3
   [*Leaf2-Eth-Trunk1] trunkport 100ge 1/0/4
   [*Leaf2-Eth-Trunk1] mode lacp-static
   [*Leaf2-Eth-Trunk1] peer-link 1
   [*Leaf2-Eth-Trunk1] port vlan exclude 1
   [*Leaf2-Eth-Trunk1] quit
   [*Leaf2] interface eth-trunk 2
   [*Leaf2-Eth-Trunk2] mode lacp-static
   [*Leaf2-Eth-Trunk2] trunkport 100ge 1/0/5
   [*Leaf2-Eth-Trunk2] dfs-group 1 m-lag 1
   [*Leaf2-Eth-Trunk2] stp edged-port enable
   [*Leaf2-Eth-Trunk2] quit
   [*Leaf2] interface eth-trunk 3
   [*Leaf2-Eth-Trunk3] mode lacp-static
   [*Leaf2-Eth-Trunk3] trunkport 100ge 1/0/6
   [*Leaf2-Eth-Trunk3] dfs-group 1 m-lag 2
   [*Leaf2-Eth-Trunk3] stp edged-port enable
   [*Leaf2-Eth-Trunk3] quit
   [*Leaf2] commit
   [~Leaf2] monitor-link group 1
   [*Leaf2-mtlk-group1] port 100ge 1/0/1 uplink
   [*Leaf2-mtlk-group1] port 100ge 1/0/2 uplink
   [*Leaf2-mtlk-group1] port eth-trunk 2 downlink 1
   [*Leaf2-mtlk-group1] port eth-trunk 3 downlink 2
   [*Leaf2-mtlk-group1] quit
   [*Leaf2] commit

3. 配置Spine1、Spine2组成M-LAG系统。# 配置Spine1。

   [~Spine1] stp mode rstp
   [*Spine1] stp v-stp enable
   [*Spine1] dfs-group 1
   [*Spine1-dfs-group-1] dual-active detection source ip 4.4.4.4
   [*Spine1-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206
   [*Spine1-dfs-group-1] priority 150
   [*Spine1-dfs-group-1] quit
   [*Spine1] interface eth-trunk 1
   [*Spine1-Eth-Trunk1] trunkport 100ge 1/0/7
   [*Spine1-Eth-Trunk1] trunkport 100ge 1/0/8
   [*Spine1-Eth-Trunk1] mode lacp-static
   [*Spine1-Eth-Trunk1] peer-link 1
   [*Spine1-Eth-Trunk1] port vlan exclude 1
   [*Spine1-Eth-Trunk1] quit
   [*Spine1] commit

   #配置Spine2。

   [~Spine2] stp mode rstp
   [*Spine2] stp v-stp enable
   [*Spine2] dfs-group 1
   [*Spine2-dfs-group-1] dual-active detection source ip 5.5.5.5
   [*Spine2-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206
   [*Spine2-dfs-group-1] quit
   [*Spine2] interface eth-trunk 1
   [*Spine2-Eth-Trunk1] trunkport 100ge 1/0/7
   [*Spine2-Eth-Trunk1] trunkport 100ge 1/0/8
   [*Spine2-Eth-Trunk1] mode lacp-static
   [*Spine2-Eth-Trunk1] peer-link 1
   [*Spine2-Eth-Trunk1] port vlan exclude 1
   [*Spine2-Eth-Trunk1] quit
   [*Spine2] commit

4. 配置BGP EVPN，建立VXLAN隧道。
   1. 配置业务接入点。# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述。

      [~Leaf1] bridge-domain 10
      [*Leaf1-bd10] quit
      [*Leaf1] bridge-domain 20
      [*Leaf1-bd20] quit
      [*Leaf1] interface eth-trunk 2.10 mode l2
      [*Leaf1-Eth-Trunk2.1] encapsulation dot1q vid 10
      [*Leaf1-Eth-Trunk2.1] bridge-domain 10
      [*Leaf1-Eth-Trunk2.1] quit
      [*Leaf1] interface eth-trunk 3.20 mode l2
      [*Leaf1-Eth-Trunk3.1] encapsulation dot1q vid 20
      [*Leaf1-Eth-Trunk3.1] bridge-domain 20
      [*Leaf1-Eth-Trunk3.1] quit
      [*Leaf1] commit

   2. 配置BGP EVPN对等体关系。Spine1、Spine2作为路由反射器。
      # 配置Spine1。Spine2的配置与Spine1类似，这里不再赘述，具体配置请参考配置脚本。

      [~Spine1] evpn-overlay enable
      [*Spine1] bgp 100
      [*Spine1-bgp] peer 6.6.6.6 as-number 100
      [*Spine1-bgp] peer 6.6.6.6 connect-interface LoopBack0
      [*Spine1-bgp] peer 7.7.7.7 as-number 100
      [*Spine1-bgp] peer 7.7.7.7 connect-interface LoopBack0
      [*Spine1-bgp] peer 8.8.8.8 as-number 100
      [*Spine1-bgp] peer 8.8.8.8 connect-interface LoopBack0
      [*Spine1-bgp] peer 9.9.9.9 as-number 100
      [*Spine1-bgp] peer 9.9.9.9 connect-interface LoopBack0
      [*Spine1-bgp] l2vpn-family evpn
      [*Spine1-bgp-af-evpn] peer 6.6.6.6 enable
      Warning: This operation will reset the peer session. Continue? [Y/N]: y
      [*Spine1-bgp-af-evpn] peer 6.6.6.6 advertise irb
      [*Spine1-bgp-af-evpn] peer 6.6.6.6 advertise irbv6
      [*Spine1-bgp-af-evpn] peer 6.6.6.6 reflect-client
      [*Spine1-bgp-af-evpn] peer 7.7.7.7 enable
      Warning: This operation will reset the peer session. Continue? [Y/N]: y
      [*Spine1-bgp-af-evpn] peer 7.7.7.7 advertise irb
      [*Spine1-bgp-af-evpn] peer 7.7.7.7 advertise irbv6
      [*Spine1-bgp-af-evpn] peer 7.7.7.7 reflect-client
      [*Spine1-bgp-af-evpn] peer 8.8.8.8 enable
      Warning: This operation will reset the peer session. Continue? [Y/N]: y
      [*Spine1-bgp-af-evpn] peer 8.8.8.8 advertise irb
      [*Spine1-bgp-af-evpn] peer 8.8.8.8 advertise irbv6
      [*Spine1-bgp-af-evpn] peer 8.8.8.8 reflect-client
      [*Spine1-bgp-af-evpn] peer 9.9.9.9 enable
      Warning: This operation will reset the peer session. Continue? [Y/N]: y
      [*Spine1-bgp-af-evpn] peer 9.9.9.9 advertise irb
      [*Spine1-bgp-af-evpn] peer 9.9.9.9 advertise irbv6
      [*Spine1-bgp-af-evpn] peer 9.9.9.9 reflect-client
      [*Spine1-bgp-af-evpn] undo policy vpn-target
      [*Spine1-bgp-af-evpn] quit
      [*Spine1-bgp] quit
      [*Spine1] commit

      # 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述，具体配置请参考配置脚本。

      [~Leaf1] evpn-overlay enable
      [*Leaf1] bgp 100
      [*Leaf1-bgp] peer 4.4.4.4 as-number 100
      [*Leaf1-bgp] peer 4.4.4.4 connect-interface LoopBack0
      [*Leaf1-bgp] peer 5.5.5.5 as-number 100
      [*Leaf1-bgp] peer 5.5.5.5 connect-interface LoopBack0
      [*Leaf1-bgp] l2vpn-family evpn
      [*Leaf1-bgp-af-evpn] peer 4.4.4.4 enable
      Warning: This operation will reset the peer session. Continue? [Y/N]: y
      [*Leaf1-bgp-af-evpn] peer 4.4.4.4 advertise irb
      [*Leaf1-bgp-af-evpn] peer 4.4.4.4 advertise irbv6
      [*Leaf1-bgp-af-evpn] peer 5.5.5.5 enable
      Warning: This operation will reset the peer session. Continue? [Y/N]: y
      [*Leaf1-bgp-af-evpn] peer 5.5.5.5 advertise irb
      [*Leaf1-bgp-af-evpn] peer 5.5.5.5 advertise irbv6
      [*Leaf1-bgp-af-evpn] quit
      [*Leaf1-bgp] quit
      [*Leaf1] commit

   3. 配置VPN实例及EVPN实例。
      # 配置Spine1。Spine2的配置与Spine1类似，这里不再赘述，具体配置请参考配置脚本。

      [~Spine1] ip vpn-instance vpn1
      [*Spine1-vpn-instance-vpn1] vxlan vni 5000
      [*Spine1-vpn-instance-vpn1] ipv4-family
      [*Spine1-vpn-instance-vpn1-af-ipv4] route-distinguisher 4.4.4.4:1
      [*Spine1-vpn-instance-vpn1-af-ipv4] vpn-target 0:1 evpn
      [*Spine1-vpn-instance-vpn1-af-ipv4] quit
      [*Spine1-vpn-instance-vpn1] ipv6-family
      [*Spine1-vpn-instance-vpn1-af-ipv6] route-distinguisher 4.4.4.4:1
      [*Spine1-vpn-instance-vpn1-af-ipv6] vpn-target 0:1 evpn
      [*Spine1-vpn-instance-vpn1-af-ipv6] quit
      [*Spine1-vpn-instance-vpn1] quit
      [*Spine1] bgp 100
      [*Spine1-bgp] ipv4-family vpn-instance vpn1
      [*Spine1-bgp-vpn1] import-route static
      [*Spine1-bgp-vpn1] advertise l2vpn evpn
      [*Spine1-bgp-vpn1] quit
      [*Spine1-bgp] ipv6-family vpn-instance vpn1
      [*Spine1-bgp-6-vpn1] import-route static
      [*Spine1-bgp-6-vpn1] advertise l2vpn evpn
      [*Spine1-bgp-6-vpn1] quit
      [*Spine1-bgp] quit
      [*Spine1] interface nve 1   //配置NVE
      [*Spine1-Nve1] source 1.1.1.1   //Spine1和Spine2作为M-LAG双活系统，这两台设备上配置的NVE接口的IP地址和MAC地址需要相同
      [*Spine1-Nve1] mac-address 00e0-fc00-0101
      [*Spine1-Nve1] quit
      [*Spine1] commit

      # 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述，具体配置请参考配置脚本。

      [~Leaf1] ip vpn-instance vpn1
      [*Leaf1-vpn-instance-vpn1] vxlan vni 5000
      [*Leaf1-vpn-instance-vpn1] ipv4-family
      [*Leaf1-vpn-instance-vpn1-af-ipv4] route-distinguisher 6.6.6.6:1
      [*Leaf1-vpn-instance-vpn1-af-ipv4] vpn-target 0:1 evpn
      [*Leaf1-vpn-instance-vpn1-af-ipv4] quit
      [*Leaf1-vpn-instance-vpn1] ipv6-family
      [*Leaf1-vpn-instance-vpn1-af-ipv6] route-distinguisher 6.6.6.6:1
      [*Leaf1-vpn-instance-vpn1-af-ipv6] vpn-target 0:1 evpn
      [*Leaf1-vpn-instance-vpn1-af-ipv6] quit
      [*Leaf1-vpn-instance-vpn1] quit
      [*Leaf1] bridge-domain 10
      [*Leaf1-bd10] vxlan vni 10
      [*Leaf1-bd10] evpn
      [*Leaf1-bd10-evpn] route-distinguisher 6.6.6.6:10
      [*Leaf1-bd10-evpn] vpn-target 0:10
      [*Leaf1-bd10-evpn] vpn-target 0:1 export-extcommunity
      [*Leaf1-bd10-evpn] quit
      [*Leaf1-bd10] quit
      [*Leaf1] bridge-domain 20
      [*Leaf1-bd20] vxlan vni 20
      [*Leaf1-bd20] evpn
      [*Leaf1-bd20-evpn] route-distinguisher 6.6.6.6:20
      [*Leaf1-bd20-evpn] vpn-target 0:20
      [*Leaf1-bd20-evpn] vpn-target 0:1 export-extcommunity
      [*Leaf1-bd20-evpn] quit
      [*Leaf1-bd20] quit
      [*Leaf1] bgp 100
      [*Leaf1-bgp] ipv4-family vpn-instance vpn1
      [*Leaf1-bgp-vpn1] import-route direct
      [*Leaf1-bgp-vpn1] advertise l2vpn evpn
      [*Leaf1-bgp-vpn1] quit
      [*Leaf1-bgp] ipv6-family vpn-instance vpn1
      [*Leaf1-bgp-6-vpn1] import-route direct
      [*Leaf1-bgp-6-vpn1] advertise l2vpn evpn
      [*Leaf1-bgp-6-vpn1] quit
      [*Leaf1-bgp] quit
      [*Leaf1] interface nve 1       //配置NVE
      [*Leaf1-Nve1] source 2.2.2.2   //Leaf1和Leaf2作为M-LAG双活系统，这两台设备上配置的NVE接口的IP地址和MAC地址需要相同
      [*Leaf1-Nve1] mac-address 00e0-fc00-0102
      [*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp
      [*Leaf1-Nve1] vni 20 head-end peer-list protocol bgp
      [*Leaf1-Nve1] quit
      [*Leaf1] commit

   4. 在Leaf1、Leaf2、Leaf3、Leaf4上配置三层网关。
      # 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述，具体配置请参考配置脚本。

      [~Leaf1] interface vbdif 10
      [*Leaf1-Vbdif10] ip binding vpn-instance vpn1
      [*Leaf1-Vbdif10] ip address 10.1.1.1 24   //Leaf1和Leaf2作为M-LAG双活系统，这两台设备上配置的VBDIF接口的IP地址和MAC地址需要相同
      [*Leaf1-Vbdif10] ipv6 enable
      [*Leaf1-Vbdif10] ipv6 address fc00:1::1 64
      [*Leaf1-Vbdif10] mac-address 00e0-fc00-0105
      [*Leaf1-Vbdif10] vxlan anycast-gateway enable
      [*Leaf1-Vbdif10] arp collect host enable
      [*Leaf1-Vbdif10] arp broadcast-detect enable
      [*Leaf1-Vbdif10] ipv6 nd collect host enable
      [*Leaf1-Vbdif10] ipv6 nd na glean
      [*Leaf1-Vbdif10] quit
      [*Leaf1] interface vbdif 20
      [*Leaf1-Vbdif20] ip binding vpn-instance vpn1
      [*Leaf1-Vbdif20] ip address 10.1.2.1 24
      [*Leaf1-Vbdif20] ipv6 enable
      [*Leaf1-Vbdif20] ipv6 address fc00:2::1 64
      [*Leaf1-Vbdif20] mac-address 00e0-fc00-0106
      [*Leaf1-Vbdif20] vxlan anycast-gateway enable
      [*Leaf1-Vbdif20] arp collect host enable
      [*Leaf1-Vbdif20] arp broadcast-detect enable
      [*Leaf1-Vbdif20] ipv6 nd collect host enable
      [*Leaf1-Vbdif20] ipv6 nd na glean
      [*Leaf1-Vbdif20] quit
      [*Leaf1] commit

5. 在M-LAG设备中配置静态Bypass VXLAN隧道。在M-LAG双归接入VXLAN的场景中，当下行一条链路发生故障时，业务流量需绕行M-LAG设备之间的Peer-link链路。因此，在该场景下M-LAG设备之间必须配置静态Bypass VXLAN隧道，将绕行的业务流量引导至Peer-link链路上。

   下面以Leaf1和Leaf2配置为例，Spine1、Spine2、Leaf3、Leaf4的配置与之类似，这里不再赘述，具体配置请参考配置脚本。

   # 配置Leaf1。

   [~Leaf1] vlan 100   //本VLAN不能划分给其他业务使用，本例中以100举例
   [*Leaf1-vlan100] quit
   [*Leaf1] interface vlanif 100
   [*Leaf1-Vlanif100] reserved for vxlan bypass   //指定peer-link接口上VLANIF的IPv4地址只给Bypass VXLAN隧道使用
   [*Leaf1-Vlanif100] ip address 10.2.2.1 30   //配置静态Bypass VXLAN隧道的源端IPv4地址
   [*Leaf1-Vlanif100] quit
   [*Leaf1] ip route-static 13.13.13.13 32 10.2.2.2 preference 1   //配置静态路由，打通Bypass VXLAN隧道
   [*Leaf1] interface nve 1
   [*Leaf1-Nve1] pip-source 12.12.12.12 peer 13.13.13.13 bypass   //创建静态Bypass VXLAN隧道，指定源端地址和对端地址
   [*Leaf1-Nve1] quit
   [*Leaf1] commit

   # 配置Leaf2。

   [~Leaf2] vlan 100
   [*Leaf2-vlan100] quit
   [*Leaf2] interface vlanif 100
   [*Leaf2-Vlanif100] reserved for vxlan bypass
   [*Leaf2-Vlanif100] ip address 10.2.2.2 30
   [*Leaf2-Vlanif100] quit
   [*Leaf2] ip route-static 12.12.12.12 32 10.2.2.1 preference 1
   [*Leaf2] interface nve 1
   [*Leaf2-Nve1] pip-source 13.13.13.13 peer 12.12.12.12 bypass
   [*Leaf2-Nve1] quit
   [*Leaf2] commit

6. 在Spine1、Spine2上配置静态路由，实现南、北向流量互通。# 配置Spine1。Spine2的配置与Spine1类似，这里不再赘述，具体配置请参考配置脚本。

   [~Spine1] interface 100ge 1/0/5
   [~Spine1-100GE1/0/5] undo portswitch
   [*Spine1-100GE1/0/5] ip address 10.1.10.1 24
   [*Spine1-100GE1/0/5] ipv6 enable
   [*Spine1-100GE1/0/5] ipv6 address fc00:10::1 64
   [*Spine1-100GE1/0/5] quit
   [~Spine1] interface 100ge 1/0/6
   [~Spine1-100GE1/0/6] undo portswitch
   [~Spine1-100GE1/0/6] ip address 10.1.20.1 24
   [~Spine1-100GE1/0/6] ipv6 enable
   [*Spine1-100GE1/0/6] ipv6 address fc00:20::1 64
   [*Spine1-100GE1/0/6] quit
   [*Spine1] ip route-static 0.0.0.0 0.0.0.0 10.1.10.2   //至公网PE的IPv4静态路由
   [*Spine1] ip route-static 0.0.0.0 0.0.0.0 10.1.20.2
   [*Spine1] ip route-static 10.1.1.0 24 vpn-instance vpn1   //至服务器网段的IPv4静态路由，下一跳为VPN实例
   [*Spine1] ip route-static 10.1.2.0 24 vpn-instance vpn1
   [*Spine1] ip route-static 10.1.3.0 24 vpn-instance vpn1
   [*Spine1] ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 public   //VPN实例的IPv4静态路由，下一跳为公网实例
   [*Spine1] ipv6 route-static :: 0 fc00:10::2   //至公网PE的IPv6静态路由
   [*Spine1] ipv6 route-static :: 0 fc00:20::2
   [*Spine1] ipv6 route-static fc00:1:: 64 vpn-instance vpn1   //至服务器网段的IPv6静态路由，下一跳为VPN实例
   [*Spine1] ipv6 route-static fc00:2:: 64 vpn-instance vpn1
   [*Spine1] ipv6 route-static fc00:3:: 64 vpn-instance vpn1
   [*Spine1] ipv6 route-static vpn-instance vpn1 :: 0 public   //VPN实例的IPv6静态路由，下一跳为公网实例
   [*Spine1] commit

检查配置结果

上述配置成功后，执行display vxlan tunnel命令可查看到VXLAN隧道的信息。以Spine1显示为例。

[~Spine1] display vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID   Source                Destination           State  Type     Uptime
-----------------------------------------------------------------------------------
4026531841  1.1.1.1               2.2.2.2               up     dynamic  0035h21m
4026531842  1.1.1.1               3.3.3.3               up     dynamic  0036h21m

配置完成后，服务器之间可以相互通信。

配置脚本

• Spine1的配置脚本

  #
  sysname Spine1
  #
  dfs-group 1
   priority 150
   authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%#
   dual-active detection source ip 4.4.4.4
  #
  vlan 100
  #
  stp mode rstp
  stp v-stp enable
  #
  evpn-overlay enable
  #
  ip vpn-instance vpn1
   ipv4-family
    route-distinguisher 4.4.4.4:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   ipv6-family
    route-distinguisher 4.4.4.4:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   vxlan vni 5000
  #
  interface Vlanif100
   ip address 10.1.1.1 255.255.255.252
   reserved for vxlan bypass
  #
  interface Eth-Trunk1
   mode lacp-static
   peer-link 1
   port vlan exclude 1
  #
  interface 100GE1/0/1
   undo portswitch
   ip address 192.168.1.1 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/2
   undo portswitch
   ip address 192.168.2.1 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/3
   undo portswitch
   ip address 192.168.3.1 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/4
   undo portswitch
   ip address 192.168.4.1 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/5
   undo portswitch
   ipv6 enable
   ip address 10.1.10.1 255.255.255.0
   ipv6 address FC00:10::1/64
  #
  interface 100GE1/0/6
   undo portswitch
   ipv6 enable
   ip address 10.1.20.1 255.255.255.0 
   ipv6 address FC00:20::1/64
  #
  interface 100GE1/0/7
   eth-trunk 1
  #
  interface 100GE1/0/8
   eth-trunk 1
  #
  interface LoopBack0
   ip address 4.4.4.4 255.255.255.255
  #
  interface LoopBack1
   ip address 1.1.1.1 255.255.255.255
  #
  interface LoopBack2
   ip address 10.10.10.10 255.255.255.255
  #
  interface Nve1
   source 1.1.1.1
   pip-source 10.10.10.10 peer 11.11.11.11 bypass
   mac-address 00e0-fc00-0101
  #
  bgp 100
   peer 6.6.6.6 as-number 100
   peer 6.6.6.6 connect-interface LoopBack0
   peer 7.7.7.7 as-number 100
   peer 7.7.7.7 connect-interface LoopBack0
   peer 8.8.8.8 as-number 100
   peer 8.8.8.8 connect-interface LoopBack0
   peer 9.9.9.9 as-number 100
   peer 9.9.9.9 connect-interface LoopBack0
   #
   ipv4-family unicast
    peer 6.6.6.6 enable
    peer 7.7.7.7 enable
    peer 8.8.8.8 enable
    peer 9.9.9.9 enable
   #
   ipv4-family vpn-instance vpn1
    import-route static
    advertise l2vpn evpn
   #
   ipv6-family vpn-instance vpn1
    import-route static
    advertise l2vpn evpn
   #
   l2vpn-family evpn
    undo policy vpn-target
    peer 6.6.6.6 enable
    peer 6.6.6.6 advertise irb
    peer 6.6.6.6 advertise irbv6
    peer 6.6.6.6 reflect-client
    peer 7.7.7.7 enable
    peer 7.7.7.7 advertise irb
    peer 7.7.7.7 advertise irbv6
    peer 7.7.7.7 reflect-client
    peer 8.8.8.8 enable
    peer 8.8.8.8 advertise irb
    peer 8.8.8.8 advertise irbv6
    peer 8.8.8.8 reflect-client
    peer 9.9.9.9 enable
    peer 9.9.9.9 advertise irb
    peer 9.9.9.9 advertise irbv6
    peer 9.9.9.9 reflect-client
  #
  ospf 1
   area 0.0.0.0
    network 1.1.1.1 0.0.0.0
    network 4.4.4.4 0.0.0.0
    network 192.168.1.0 0.0.0.255
    network 192.168.2.0 0.0.0.255
    network 192.168.3.0 0.0.0.255
    network 192.168.4.0 0.0.0.255
  #
  ip route-static 0.0.0.0 0.0.0.0 10.1.10.2
  ip route-static 0.0.0.0 0.0.0.0 10.1.20.2
  ip route-static 10.1.1.0 255.255.255.0 vpn-instance vpn1
  ip route-static 10.1.2.0 255.255.255.0 vpn-instance vpn1
  ip route-static 10.1.3.0 255.255.255.0 vpn-instance vpn1
  ip route-static 11.11.11.11 32 10.1.1.2 preference 1
  ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 public
  #
  ipv6 route-static :: 0 FC00:10::2
  ipv6 route-static :: 0 FC00:20::2
  ipv6 route-static FC00:1:: 64 vpn-instance vpn1
  ipv6 route-static FC00:2:: 64 vpn-instance vpn1
  ipv6 route-static FC00:3:: 64 vpn-instance vpn1
  ipv6 route-static vpn-instance vpn1 :: 0 public
  #
  return

• Spine2的配置脚本

  #
  sysname Spine2
  #
  dfs-group 1
   authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%#
   dual-active detection source ip 5.5.5.5
  #
  vlan 100
  #
  stp mode rstp
  stp v-stp enable
  #
  evpn-overlay enable
  #
  ip vpn-instance vpn1
   ipv4-family
    route-distinguisher 5.5.5.5:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   ipv6-family
    route-distinguisher 5.5.5.5:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   vxlan vni 5000
  #
  interface Vlanif100
   ip address 10.1.1.2 255.255.255.252
   reserved for vxlan bypass
  #
  interface Eth-Trunk1
   mode lacp-static
   peer-link 1
   port vlan exclude 1
  #
  interface 100GE1/0/1
   undo portswitch
   ip address 192.168.5.1 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/2
   undo portswitch
   ip address 192.168.6.1 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/3
   undo portswitch
   ip address 192.168.7.1 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/4
   undo portswitch
   ip address 192.168.8.1 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/5
   undo portswitch
   ipv6 enable
   ip address 10.1.30.1 255.255.255.0
   ipv6 address FC00:30::1/64
  #
  interface 100GE1/0/6
   undo portswitch
   ipv6 enable
   ip address 10.1.40.1 255.255.255.0
   ipv6 address FC00:40::1/64
  #
  interface 100GE1/0/7
   eth-trunk 1
  #
  interface 100GE1/0/8
   eth-trunk 1
  #
  interface LoopBack0
   ip address 5.5.5.5 255.255.255.255
  #
  interface LoopBack1
   ip address 1.1.1.1 255.255.255.255
  #
  interface LoopBack2
   ip address 11.11.11.11 255.255.255.255
  #
  interface Nve1
   source 1.1.1.1
   pip-source 11.11.11.11 peer 10.10.10.10 bypass
   mac-address 00e0-fc00-0101
  #
  bgp 100
   peer 6.6.6.6 as-number 100
   peer 6.6.6.6 connect-interface LoopBack0
   peer 7.7.7.7 as-number 100
   peer 7.7.7.7 connect-interface LoopBack0
   peer 8.8.8.8 as-number 100
   peer 8.8.8.8 connect-interface LoopBack0
   peer 9.9.9.9 as-number 100
   peer 9.9.9.9 connect-interface LoopBack0
   #
   ipv4-family unicast  
    peer 6.6.6.6 enable
    peer 7.7.7.7 enable
    peer 8.8.8.8 enable
    peer 9.9.9.9 enable
   #
   ipv4-family vpn-instance vpn1
    import-route static
    advertise l2vpn evpn
   #
   ipv6-family vpn-instance vpn1
    import-route static
    advertise l2vpn evpn
   #
   l2vpn-family evpn
    undo policy vpn-target
    peer 6.6.6.6 enable
    peer 6.6.6.6 advertise irb
    peer 6.6.6.6 advertise irbv6
    peer 6.6.6.6 reflect-client
    peer 7.7.7.7 enable
    peer 7.7.7.7 advertise irb
    peer 7.7.7.7 advertise irbv6
    peer 7.7.7.7 reflect-client
    peer 8.8.8.8 enable
    peer 8.8.8.8 advertise irb
    peer 8.8.8.8 advertise irbv6
    peer 8.8.8.8 reflect-client
    peer 9.9.9.9 enable
    peer 9.9.9.9 advertise irb
    peer 9.9.9.9 advertise irbv6
    peer 9.9.9.9 reflect-client
  #
  ospf 1
   area 0.0.0.0
    network 1.1.1.1 0.0.0.0
    network 5.5.5.5 0.0.0.0
    network 192.168.5.0 0.0.0.255
    network 192.168.6.0 0.0.0.255
    network 192.168.7.0 0.0.0.255
    network 192.168.8.0 0.0.0.255
  #
  ip route-static 0.0.0.0 0.0.0.0 10.1.30.2
  ip route-static 0.0.0.0 0.0.0.0 10.1.40.2
  ip route-static 10.1.1.0 255.255.255.0 vpn-instance vpn1
  ip route-static 10.1.2.0 255.255.255.0 vpn-instance vpn1
  ip route-static 10.1.3.0 255.255.255.0 vpn-instance vpn1
  ip route-static 10.10.10.10 32 10.1.1.1 preference 1
  ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 public
  #
  ipv6 route-static :: 0 FC00:30::2
  ipv6 route-static :: 0 FC00:40::2
  ipv6 route-static FC00:1:: 64 vpn-instance vpn1
  ipv6 route-static FC00:2:: 64 vpn-instance vpn1
  ipv6 route-static FC00:3:: 64 vpn-instance vpn1
  ipv6 route-static vpn-instance vpn1 :: 0 public
  #
  return

• Leaf1的配置脚本

  #
  sysname Leaf1
  #
  dfs-group 1
   priority 150
   authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%#
   dual-active detection source ip 6.6.6.6
  #
  vlan 100
  #
  stp mode rstp
  stp v-stp enable
  #
  evpn-overlay enable
  #
  ip vpn-instance vpn1
   ipv4-family
    route-distinguisher 6.6.6.6:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   ipv6-family
    route-distinguisher 6.6.6.6:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   vxlan vni 5000
  #
  bridge-domain 10
   vxlan vni 10
   evpn
    route-distinguisher 6.6.6.6:10
    vpn-target 0:10 export-extcommunity
    vpn-target 0:1 export-extcommunity
    vpn-target 0:10 import-extcommunity
  #
  bridge-domain 20
   vxlan vni 20
   evpn
    route-distinguisher 6.6.6.6:20
    vpn-target 0:20 export-extcommunity
    vpn-target 0:1 export-extcommunity
    vpn-target 0:20 import-extcommunity
  #
  interface Vbdif10
   ip binding vpn-instance vpn1
   ipv6 enable
   ip address 10.1.1.1 255.255.255.0
   ipv6 address FC00:1::1/64
   arp broadcast-detect enable
   mac-address 00e0-fc00-0105
   ipv6 nd collect host enable
   ipv6 nd na glean
   vxlan anycast-gateway enable
   arp collect host enable
  #
  interface Vbdif20
   ip binding vpn-instance vpn1
   ipv6 enable
   ip address 10.1.2.1 255.255.255.0
   ipv6 address FC00:2::1/64
   arp broadcast-detect enable
   mac-address 00e0-fc00-0106
   ipv6 nd collect host enable
   ipv6 nd na glean
   vxlan anycast-gateway enable
   arp collect host enable
  #
  interface Vlanif100
   ip address 10.2.2.1 255.255.255.252
   reserved for vxlan bypass
  #
  interface Eth-Trunk1
   mode lacp-static
   peer-link 1
   port vlan exclude 1
  # 
  interface Eth-Trunk2
   stp edged-port enable
   mode lacp-static
   dfs-group 1 m-lag 1
  # 
  interface Eth-Trunk2.10 mode l2
   encapsulation dot1q vid 10
   bridge-domain 10
  # 
  interface Eth-Trunk3
   stp edged-port enable
   mode lacp-static
   dfs-group 1 m-lag 2
  # 
  interface Eth-Trunk3.20 mode l2
   encapsulation dot1q vid 20
   bridge-domain 20
  #
  interface 100GE1/0/1
   undo portswitch
   ip address 192.168.1.2 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/2
   undo portswitch
   ip address 192.168.5.2 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/3
   eth-trunk 1
  #
  interface 100GE1/0/4
   eth-trunk 1
  #
  interface 100GE1/0/5
   eth-trunk 2
  #
  interface 100GE1/0/6
   eth-trunk 3
  #
  interface LoopBack0
   ip address 6.6.6.6 255.255.255.255
  #
  interface LoopBack1
   ip address 2.2.2.2 255.255.255.255
  #
  interface LoopBack2
   ip address 12.12.12.12 255.255.255.255
  #
  interface Nve1
   source 2.2.2.2
   pip-source 12.12.12.12 peer 13.13.13.13 bypass
   vni 10 head-end peer-list protocol bgp
   vni 20 head-end peer-list protocol bgp
   mac-address 00e0-fc00-0102
  #
  monitor-link group 1
   port 100GE1/0/1 uplink
   port 100GE1/0/2 uplink
   port Eth-Trunk2 downlink 1
   port Eth-Trunk3 downlink 2
  #
  bgp 100 
   peer 4.4.4.4 as-number 100
   peer 4.4.4.4 connect-interface LoopBack0
   peer 5.5.5.5 as-number 100
   peer 5.5.5.5 connect-interface LoopBack0
   #
   ipv4-family unicast
    peer 4.4.4.4 enable
    peer 5.5.5.5 enable
   #
   ipv4-family vpn-instance vpn1
    import-route direct
    advertise l2vpn evpn
   #
   ipv6-family vpn-instance vpn1
    import-route direct
    advertise l2vpn evpn
   #
   l2vpn-family evpn
    policy vpn-target
    peer 4.4.4.4 enable
    peer 4.4.4.4 advertise irb
    peer 4.4.4.4 advertise irbv6
    peer 5.5.5.5 enable
    peer 5.5.5.5 advertise irb
    peer 5.5.5.5 advertise irbv6
   #
  ospf 1
   area 0.0.0.0
    network 2.2.2.2 0.0.0.0
    network 6.6.6.6 0.0.0.0
    network 192.168.1.0 0.0.0.255
    network 192.168.5.0 0.0.0.255
  #
  ip route-static 13.13.13.13 32 10.2.2.2 preference 1
  #
  return

• Leaf2的配置脚本

  #
  sysname Leaf2
  #
  dfs-group 1
   authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%#
   dual-active detection source ip 7.7.7.7
  #
  vlan 100
  #
  stp mode rstp
  stp v-stp enable
  #
  evpn-overlay enable
  #
  ip vpn-instance vpn1
   ipv4-family
    route-distinguisher 7.7.7.7:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   ipv6-family
    route-distinguisher 7.7.7.7:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   vxlan vni 5000
  #
  bridge-domain 10
   vxlan vni 10
   evpn
    route-distinguisher 7.7.7.7:10
    vpn-target 0:10 export-extcommunity
    vpn-target 0:1 export-extcommunity
    vpn-target 0:10 import-extcommunity
  #
  bridge-domain 20
   vxlan vni 20
   evpn
    route-distinguisher 7.7.7.7:20
    vpn-target 0:20 export-extcommunity
    vpn-target 0:1 export-extcommunity
    vpn-target 0:20 import-extcommunity
  #
  interface Vbdif10
   ip binding vpn-instance vpn1
   ipv6 enable
   ip address 10.1.1.1 255.255.255.0
   ipv6 address FC00:1::1/64
   arp broadcast-detect enable
   mac-address 00e0-fc00-0105
   ipv6 nd collect host enable
   ipv6 nd na glean
   vxlan anycast-gateway enable
   arp collect host enable
  #
  interface Vbdif20
   ip binding vpn-instance vpn1
   ipv6 enable
   ipv6 address FC00:2::1/64
   ip address 10.1.2.1 255.255.255.0
   arp broadcast-detect enable
   mac-address 00e0-fc00-0106
   ipv6 nd collect host enable
   ipv6 nd na glean
   vxlan anycast-gateway enable
   arp collect host enable
  #
  interface Vlanif100
   ip address 10.2.2.2 255.255.255.252
   reserved for vxlan bypass
  #
  interface Eth-Trunk1
   mode lacp-static
   peer-link 1
   port vlan exclude 1
  # 
  interface Eth-Trunk2
   stp edged-port enable
   mode lacp-static
   dfs-group 1 m-lag 1
  # 
  interface Eth-Trunk2.10 mode l2
   encapsulation dot1q vid 10
   bridge-domain 10
  # 
  interface Eth-Trunk3
   stp edged-port enable
   mode lacp-static
   dfs-group 1 m-lag 2
  # 
  interface Eth-Trunk3.20 mode l2
   encapsulation dot1q vid 20
   bridge-domain 20
  #
  interface 100GE1/0/1
   undo portswitch
   ip address 192.168.2.2 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/2
   undo portswitch
   ip address 192.168.6.2 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/3
   eth-trunk 1
  #
  interface 100GE1/0/4
   eth-trunk 1
  #
  interface 100GE1/0/5
   eth-trunk 2
  #
  interface 100GE1/0/6
   eth-trunk 3
  #
  interface LoopBack0
   ip address 7.7.7.7 255.255.255.255
  #
  interface LoopBack1
   ip address 2.2.2.2 255.255.255.255
  #
  interface LoopBack2
   ip address 13.13.13.13 255.255.255.255
  #
  interface Nve1
   source 2.2.2.2
   pip-source 13.13.13.13 peer 12.12.12.12 bypass
   vni 10 head-end peer-list protocol bgp
   vni 20 head-end peer-list protocol bgp
   mac-address 00e0-fc00-0102
  #
  monitor-link group 1
   port 100GE1/0/1 uplink
   port 100GE1/0/2 uplink
   port Eth-Trunk2 downlink 1
   port Eth-Trunk3 downlink 2
  #
  bgp 100 
   peer 4.4.4.4 as-number 100
   peer 4.4.4.4 connect-interface LoopBack0
   peer 5.5.5.5 as-number 100
   peer 5.5.5.5 connect-interface LoopBack0
   #
   ipv4-family unicast
    peer 4.4.4.4 enable
    peer 5.5.5.5 enable
   #
   ipv4-family vpn-instance vpn1
    import-route direct
    advertise l2vpn evpn
   #
   ipv6-family vpn-instance vpn1
    import-route direct
    advertise l2vpn evpn
   #
   l2vpn-family evpn
    policy vpn-target
    peer 4.4.4.4 enable
    peer 4.4.4.4 advertise irb
    peer 4.4.4.4 advertise irbv6
    peer 5.5.5.5 enable
    peer 5.5.5.5 advertise irb
    peer 5.5.5.5 advertise irbv6
  #
  ospf 1
   area 0.0.0.0
    network 2.2.2.2 0.0.0.0
    network 7.7.7.7 0.0.0.0
    network 192.168.2.0 0.0.0.255
    network 192.168.6.0 0.0.0.255
  #
  ip route-static 12.12.12.12 32 10.2.2.1 preference 1
  return

• Leaf3的配置脚本

  #
  sysname Leaf3
  #
  dfs-group 1
   priority 150
   authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%#
   dual-active detection source ip 8.8.8.8
  #
  vlan 100
  #
  stp mode rstp
  stp v-stp enable
  #
  evpn-overlay enable
  #
  ip vpn-instance vpn1
   ipv4-family
    route-distinguisher 8.8.8.8:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   ipv6-family
    route-distinguisher 8.8.8.8:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   vxlan vni 5000
  #
  bridge-domain 20
   vxlan vni 20
   evpn
    route-distinguisher 8.8.8.8:20
    vpn-target 0:20 export-extcommunity
    vpn-target 0:1 export-extcommunity
    vpn-target 0:20 import-extcommunity
  #
  bridge-domain 30
   vxlan vni 30
   evpn
    route-distinguisher 8.8.8.8:30
    vpn-target 0:30 export-extcommunity
    vpn-target 0:1 export-extcommunity
    vpn-target 0:30 import-extcommunity
  #
  interface Vbdif20
   ip binding vpn-instance vpn1
   ipv6 enable
   ipv6 address FC00:2::1/64
   ip address 10.1.2.1 255.255.255.0
   arp broadcast-detect enable
   mac-address 00e0-fc00-0106
   ipv6 nd collect host enable
   ipv6 nd na glean
   vxlan anycast-gateway enable
   arp collect host enable
  #
  interface Vbdif30
   ip binding vpn-instance vpn1
   ipv6 enable
   ip address 10.1.3.1 255.255.255.0
   ipv6 address FC00:3::1/64
   arp broadcast-detect enable
   mac-address 00e0-fc00-0107
   ipv6 nd collect host enable
   ipv6 nd na glean
   vxlan anycast-gateway enable
   arp collect host enable
  #
  interface Vlanif100
   ip address 10.3.3.1 255.255.255.252
   reserved for vxlan bypass
  #
  interface Eth-Trunk1
   mode lacp-static
   peer-link 1
   port vlan exclude 1
  # 
  interface Eth-Trunk2
   stp edged-port enable
   mode lacp-static
   dfs-group 1 m-lag 1
  # 
  interface Eth-Trunk2.20 mode l2
   encapsulation dot1q vid 20
   bridge-domain 20
  # 
  interface Eth-Trunk3
   stp edged-port enable
   mode lacp-static
   dfs-group 1 m-lag 2
  # 
  interface Eth-Trunk3.30 mode l2
   encapsulation dot1q vid 30
   bridge-domain 30
  #
  interface 100GE1/0/1
   undo portswitch
   ip address 192.168.3.2 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/2
   undo portswitch
   ip address 192.168.7.2 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/3
   eth-trunk 1
  #
  interface 100GE1/0/4
   eth-trunk 1
  #
  interface 100GE1/0/5
   eth-trunk 2
  #
  interface 100GE1/0/6
   eth-trunk 3
  #
  interface LoopBack0
   ip address 8.8.8.8 255.255.255.255
  #
  interface LoopBack1
   ip address 3.3.3.3 255.255.255.255
  #
  interface LoopBack2
   ip address 14.14.14.14 255.255.255.255
  #
  interface Nve1
   source 3.3.3.3
   pip-source 14.14.14.14 peer 15.15.15.15 bypass
   vni 20 head-end peer-list protocol bgp
   vni 30 head-end peer-list protocol bgp
   mac-address 00e0-fc00-0103
  #
  monitor-link group 1
   port 100GE1/0/1 uplink
   port 100GE1/0/2 uplink
   port Eth-Trunk2 downlink 1
   port Eth-Trunk3 downlink 2
  #
  bgp 100 
   peer 4.4.4.4 as-number 100
   peer 4.4.4.4 connect-interface LoopBack0
   peer 5.5.5.5 as-number 100
   peer 5.5.5.5 connect-interface LoopBack0
   #
   ipv4-family unicast
    peer 4.4.4.4 enable
    peer 5.5.5.5 enable
   #
   ipv6-family vpn-instance vpn1
    import-route direct
    advertise l2vpn evpn
   #
   ipv6-family vpn-instance vpn1
    import-route direct
    advertise l2vpn evpn
   #
   l2vpn-family evpn
    policy vpn-target
    peer 4.4.4.4 enable
    peer 4.4.4.4 advertise irb
    peer 4.4.4.4 advertise irbv6
    peer 5.5.5.5 enable
    peer 5.5.5.5 advertise irb
    peer 5.5.5.5 advertise irbv6
   #
  ospf 1
   area 0.0.0.0
    network 3.3.3.3 0.0.0.0
    network 8.8.8.8 0.0.0.0
    network 192.168.3.0 0.0.0.255
    network 192.168.7.0 0.0.0.255
  #
  ip route-static 15.15.15.15 32 10.3.3.2 preference 1
  return

• Leaf4的配置脚本

  #
  sysname Leaf4
  #
  dfs-group 1
   authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%#
   dual-active detection source ip 9.9.9.9
  #
  vlan 100
  #
  stp mode rstp
  stp v-stp enable
  #
  evpn-overlay enable
  #
  ip vpn-instance vpn1
   ipv4-family
    route-distinguisher 9.9.9.9:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   ipv6-family
    route-distinguisher 9.9.9.9:1
    vpn-target 0:1 export-extcommunity evpn
    vpn-target 0:1 import-extcommunity evpn
   vxlan vni 5000
  #
  bridge-domain 20
   vxlan vni 20
   evpn
    route-distinguisher 9.9.9.9:20
    vpn-target 0:20 export-extcommunity
    vpn-target 0:1 export-extcommunity
    vpn-target 0:20 import-extcommunity
  #
  bridge-domain 30
   vxlan vni 30
   evpn
    route-distinguisher 9.9.9.9:30
    vpn-target 0:30 export-extcommunity
    vpn-target 0:1 export-extcommunity
    vpn-target 0:30 import-extcommunity
  #
  interface Vbdif20
   ip binding vpn-instance vpn1
   ipv6 enable
   ip address 10.1.2.1 255.255.255.0
   ipv6 address FC00:2::1/64
   arp broadcast-detect enable
   mac-address 00e0-fc00-0106
   ipv6 nd collect host enable
   ipv6 nd na glean
   vxlan anycast-gateway enable
   arp collect host enable
  #
  interface Vbdif30
   ip binding vpn-instance vpn1
   ipv6 enable
   ip address 10.1.3.1 255.255.255.0
   ipv6 address FC00:3::1/64
   arp broadcast-detect enable
   mac-address 00e0-fc00-0107
   ipv6 nd collect host enable
   ipv6 nd na glean
   vxlan anycast-gateway enable
   arp collect host enable
  #
  interface Vlanif100
   ip address 10.3.3.2 255.255.255.252
   reserved for vxlan bypass
  #
  interface Eth-Trunk1
   mode lacp-static
   peer-link 1
   port vlan exclude 1
  # 
  interface Eth-Trunk2
   stp edged-port enable
   mode lacp-static
   dfs-group 1 m-lag 1
  # 
  interface Eth-Trunk2.20 mode l2
   encapsulation dot1q vid 20
   bridge-domain 20
  # 
  interface Eth-Trunk3
   stp edged-port enable
   mode lacp-static
   dfs-group 1 m-lag 2
  # 
  interface Eth-Trunk3.30 mode l2
   encapsulation dot1q vid 30
   bridge-domain 30
  #
  interface 100GE1/0/1
   undo portswitch
   ip address 192.168.4.2 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/2
   undo portswitch
   ip address 192.168.8.2 255.255.255.0
   ospf network-type p2p
  #
  interface 100GE1/0/3
   eth-trunk 1
  #
  interface 100GE1/0/4
   eth-trunk 1
  #
  interface 100GE1/0/5
   eth-trunk 2
  #
  interface 100GE1/0/6
   eth-trunk 3
  #
  interface LoopBack0
   ip address 9.9.9.9 255.255.255.255
  #
  interface LoopBack1
   ip address 3.3.3.3 255.255.255.255
  #
  interface LoopBack2
   ip address 15.15.15.15 255.255.255.255
  #
  interface Nve1
   source 3.3.3.3 
   pip-source 15.15.15.15 peer 14.14.14.14 bypass
   vni 20 head-end peer-list protocol bgp
   vni 30 head-end peer-list protocol bgp
   mac-address 00e0-fc00-0103
  #
  monitor-link group 1
   port 100GE1/0/1 uplink
   port 100GE1/0/2 uplink
   port Eth-Trunk2 downlink 1
   port Eth-Trunk3 downlink 2
  #
  bgp 100 
   peer 4.4.4.4 as-number 100
   peer 4.4.4.4 connect-interface LoopBack0
   peer 5.5.5.5 as-number 100
   peer 5.5.5.5 connect-interface LoopBack0
   #
   ipv4-family unicast
    peer 4.4.4.4 enable
    peer 5.5.5.5 enable
   #
   ipv4-family vpn-instance vpn1
    import-route direct
    advertise l2vpn evpn
   #
   ipv6-family vpn-instance vpn1
    import-route direct
    advertise l2vpn evpn
   #
   l2vpn-family evpn
    policy vpn-target
    peer 4.4.4.4 enable
    peer 4.4.4.4 advertise irb
    peer 4.4.4.4 advertise irbv6
    peer 5.5.5.5 enable
    peer 5.5.5.5 advertise irb
    peer 5.5.5.5 advertise irbv6
  #
  ospf 1
   area 0.0.0.0
    network 3.3.3.3 0.0.0.0
    network 9.9.9.9 0.0.0.0
    network 192.168.4.0 0.0.0.255
    network 192.168.8.0 0.0.0.255
  #
  ip route-static 14.14.14.14 32 10.3.3.1 preference 1
  return