配置分布式网关部署方式的IPv6 VXLAN示例
适用产品和版本
- CE16800(除X系列单板外)、CE8800、CE6800(除CE6820H、CE6820H-K、CE6820S、CE6885-LL低时延模式外)系列产品V300R021C10或更高版本。
- 如果需要了解软件版本与交换机具体型号的配套信息,请查看硬件中心。
组网需求
如图1所示,某企业新建的数据中心网络采用分布式网关部署方式,其中Underlay基础网络为IPv6,Overlay网络为IPv4/IPv6。Leaf作为三层网关与服务器对接;Spine同时作为东西向流量的汇聚设备和网络出口网关。为了保证高可靠性,Spine、Leaf采用M-LAG部署方式。
上图中“1/0/1”为接口编号,接口速率为100GE,即“1/0/1”表示接口“100GE1/0/1”。其他接口类似。
| 设备名称 | 接口 | IP地址 | 设备名称 | 接口 | IP地址 |
|---|---|---|---|---|---|
| Spine1 | 100GE1/0/1 | 2001:db8:1:d301::1/64 | Spine2 | 100GE1/0/1 | 2001:db8:1:d305::1/64 |
| 100GE1/0/2 | 2001:db8:1:d302::1/64 | 100GE1/0/2 | 2001:db8:1:d306::1/64 | ||
| 100GE1/0/3 | 2001:db8:1:d303::1/64 | 100GE1/0/3 | 2001:db8:1:d307::1/64 | ||
| 100GE1/0/4 | 2001:db8:1:d304::1/64 | 100GE1/0/4 | 2001:db8:1:d308::1/64 | ||
| 100GE1/0/5 | IPv4: 10.1.10.1/24
IPv6: fc00:10::1/64 |
100GE1/0/5 | IPv4: 10.1.30.1/24
IPv6: fc00:30::1/64 |
||
| 100GE1/0/6 | IPv4: 10.1.20.1/24
IPv6: fc00:20::1/64 |
100GE1/0/6 | IPv4: 10.1.40.1/24
IPv6: fc00:40::1/64 |
||
| Loopback0 | 4.4.4.4/32 | Loopback0 | 5.5.5.5/32 | ||
| Loopback1 | 2001:db8:1:1301::1/128 | Loopback1 | 2001:db8:1:1301::1/128 | ||
| Loopback2 | 2001:db8:1:4301::1/128 | Loopback2 | 2001:db8:1:5301::1/128 | ||
| Loopback3 | 2001:db8:1:4302::1/128 | Loopback3 | 2001:db8:1:5302::1/128 | ||
| Leaf1 | 100GE1/0/1 | 2001:db8:1:d301::2/64 | Leaf2 | 100GE1/0/1 | 2001:db8:1:d302::2/64 |
| 100GE1/0/2 | 2001:db8:1:d305::2/64 | 100GE1/0/2 | 2001:db8:1:d306::2/64 | ||
| Loopback0 | 6.6.6.6/32 | Loopback0 | 7.7.7.7/32 | ||
| Loopback1 | 2001:db8:1:2301::1/128 | Loopback1 | 2001:db8:1:2301::1/128 | ||
| Loopback2 | 2001:db8:1:6301::1/128 | Loopback2 | 2001:db8:1:7301::1/128 | ||
| Loopback3 | 2001:db8:1:6302::1/128 | Loopback3 | 2001:db8:1:7302::1/128 | ||
| Leaf3 | 100GE1/0/1 | 2001:db8:1:d303::2/64 | Leaf4 | 100GE1/0/1 | 2001:db8:1:d304::2/64 |
| 100GE1/0/2 | 2001:db8:1:d307::2/64 | 100GE1/0/2 | 2001:db8:1:d308::2/64 | ||
| Loopback0 | 8.8.8.8/32 | Loopback0 | 9.9.9.9/32 | ||
| Loopback1 | 2001:db8:1:3301::1/128 | Loopback1 | 2001:db8:1:3301::1/128 | ||
| Loopback2 | 2001:db8:1:8301::1/128 | Loopback2 | 2001:db8:1:9301::1/128 | ||
| Loopback3 | 2001:db8:1:8302::1/128 | Loopback3 | 2001:db8:1:9302::1/128 |
配置思路
采用如下思路配置分布式网关部署方式的VXLAN网络:
- 配置路由协议,保证Underlay网络三层互通。
- 配置M-LAG,实现服务器双活接入。
- 配置BGP EVPN建立VXLAN隧道。
操作步骤
- 配置路由协议,实现Underlay网络三层互通。# 配置Leaf1。其他设备的配置与Leaf1类似,这里不再赘述,具体配置请参考配置脚本。
<HUAWEI> system-view [~HUAWEI] sysname Leaf1 [*HUAWEI] commit [~Leaf1] ospfv3 [*Leaf1-ospfv3-1] router-id 6.6.6.6 [*Leaf1-ospfv3-1] quit [*Leaf1] interface 100ge 1/0/1 [*Leaf1-100GE1/0/1] undo portswitch [*Leaf1-100GE1/0/1] ipv6 enable [*Leaf1-100GE1/0/1] ipv6 address 2001:db8:1:d301::2 64 [*Leaf1-100GE1/0/1] ospfv3 1 area 0 [*Leaf1-100GE1/0/1] ospfv3 network-type p2p [*Leaf1-100GE1/0/1] quit [*Leaf1] interface 100ge 1/0/2 [*Leaf1-100GE1/0/2] undo portswitch [*Leaf1-100GE1/0/2] ipv6 enable [*Leaf1-100GE1/0/2] ipv6 address 2001:db8:1:d305::2 64 [*Leaf1-100GE1/0/2] ospfv3 1 area 0 [*Leaf1-100GE1/0/2] ospfv3 network-type p2p [*Leaf1-100GE1/0/2] quit [*Leaf1] interface loopback 0 [*Leaf1-LoopBack0] ip address 6.6.6.6 32 [*Leaf1-LoopBack0] quit [*Leaf1] interface loopback 1 [*Leaf1-LoopBack1] ipv6 enable [*Leaf1-LoopBack1] ipv6 address 2001:db8:1:2301::1 128 [*Leaf1-LoopBack1] ospfv3 1 area 0 [*Leaf1-LoopBack1] quit [*Leaf1] interface loopback 2 [*Leaf1-LoopBack2] ipv6 enable [*Leaf1-LoopBack2] ipv6 address 2001:db8:1:6301::1 128 [*Leaf1-LoopBack2] ospfv3 1 area 0 [*Leaf1-LoopBack2] quit [*Leaf1] interface loopback 3 [*Leaf1-LoopBack3] ipv6 enable [*Leaf1-LoopBack3] ipv6 address 2001:db8:1:6302::1 128 [*Leaf1-LoopBack3] quit [*Leaf1] commit
# OSPFv3成功配置后,Leaf、Spine之间可通过OSPFv3协议发现对方的Loopback接口的IPv6地址,并能互相ping通。
- 配置Leaf组成M-LAG系统。本示例中Leaf1、Leaf2组成M-LAG系统。Leaf3、Leaf4组成M-LAG系统,具体配置与此类似,不再赘述。# 配置Leaf1。
[~Leaf1] stp mode rstp [*Leaf1] stp v-stp enable [*Leaf1] dfs-group 1 [*Leaf1-dfs-group-1] dual-active detection source ipv6 2001:DB8:1:6301::1 [*Leaf1-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206 [*Leaf1-dfs-group-1] priority 150 [*Leaf1-dfs-group-1] quit [*Leaf1] interface eth-trunk 1 [*Leaf1-Eth-Trunk1] trunkport 100ge 1/0/3 [*Leaf1-Eth-Trunk1] trunkport 100ge 1/0/4 [*Leaf1-Eth-Trunk1] mode lacp-static [*Leaf1-Eth-Trunk1] peer-link 1 [*Leaf1-Eth-Trunk1] port vlan exclude 1 [*Leaf1-Eth-Trunk1] quit [*Leaf1] interface eth-trunk 2 [*Leaf1-Eth-Trunk2] trunkport 100ge 1/0/5 [*Leaf1-Eth-Trunk2] mode lacp-static [*Leaf1-Eth-Trunk2] dfs-group 1 m-lag 1 [*Leaf1-Eth-Trunk2] stp edged-port enable [*Leaf1-Eth-Trunk2] quit [*Leaf1] interface eth-trunk 3 [*Leaf1-Eth-Trunk3] trunkport 100ge 1/0/6 [*Leaf1-Eth-Trunk3] mode lacp-static [*Leaf1-Eth-Trunk3] dfs-group 1 m-lag 2 [*Leaf1-Eth-Trunk3] stp edged-port enable [*Leaf1-Eth-Trunk3] quit [*Leaf1] commit [~Leaf1] monitor-link group 1 [*Leaf1-mtlk-group1] port 100ge 1/0/1 uplink [*Leaf1-mtlk-group1] port 100ge 1/0/2 uplink [*Leaf1-mtlk-group1] port eth-trunk 2 downlink 1 [*Leaf1-mtlk-group1] port eth-trunk 3 downlink 2 [*Leaf1-mtlk-group1] quit [*Leaf1] commit
# 配置Leaf2。
[~Leaf2] stp mode rstp [*Leaf2] stp v-stp enable [*Leaf2] dfs-group 1 [*Leaf2-dfs-group-1] dual-active detection source ipv6 2001:DB8:1:6301::1 [*Leaf2-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206 [*Leaf2-dfs-group-1] quit [*Leaf2] interface eth-trunk 1 [*Leaf2-Eth-Trunk1] trunkport 100ge 1/0/3 [*Leaf2-Eth-Trunk1] trunkport 100ge 1/0/4 [*Leaf2-Eth-Trunk1] mode lacp-static [*Leaf2-Eth-Trunk1] peer-link 1 [*Leaf2-Eth-Trunk1] port vlan exclude 1 [*Leaf2-Eth-Trunk1] quit [*Leaf2] interface eth-trunk 2 [*Leaf2-Eth-Trunk2] mode lacp-static [*Leaf2-Eth-Trunk2] trunkport 100ge 1/0/5 [*Leaf2-Eth-Trunk2] dfs-group 1 m-lag 1 [*Leaf2-Eth-Trunk2] stp edged-port enable [*Leaf2-Eth-Trunk2] quit [*Leaf2] interface eth-trunk 3 [*Leaf2-Eth-Trunk3] mode lacp-static [*Leaf2-Eth-Trunk3] trunkport 100ge 1/0/6 [*Leaf2-Eth-Trunk3] dfs-group 1 m-lag 2 [*Leaf2-Eth-Trunk3] stp edged-port enable [*Leaf2-Eth-Trunk3] quit [*Leaf2] commit [~Leaf2] monitor-link group 1 [*Leaf2-mtlk-group1] port 100ge 1/0/1 uplink [*Leaf2-mtlk-group1] port 100ge 1/0/2 uplink [*Leaf2-mtlk-group1] port eth-trunk 2 downlink 1 [*Leaf2-mtlk-group1] port eth-trunk 3 downlink 2 [*Leaf2-mtlk-group1] quit [*Leaf2] commit
- 配置Spine1、Spine2组成M-LAG系统。# 配置Spine1。
[~Spine1] stp mode rstp [*Spine1] stp v-stp enable [*Spine1] dfs-group 1 [*Spine1-dfs-group-1] dual-active detection source ipv6 2001:db8:1:4301::1 [*Spine1-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206 [*Spine1-dfs-group-1] priority 150 [*Spine1-dfs-group-1] quit [*Spine1] interface eth-trunk 1 [*Spine1-Eth-Trunk1] trunkport 100ge 1/0/7 [*Spine1-Eth-Trunk1] trunkport 100ge 1/0/8 [*Spine1-Eth-Trunk1] mode lacp-static [*Spine1-Eth-Trunk1] peer-link 1 [*Spine1-Eth-Trunk1] port vlan exclude 1 [*Spine1-Eth-Trunk1] quit [*Spine1] commit
# 配置Spine2。
[~Spine2] stp mode rstp [*Spine2] stp v-stp enable [*Spine2] dfs-group 1 [*Spine2-dfs-group-1] dual-active detection source ipv6 2001:DB8:1:5301::1 [*Spine2-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206 [*Spine2-dfs-group-1] quit [*Spine2] interface eth-trunk 1 [*Spine2-Eth-Trunk1] trunkport 100ge 1/0/7 [*Spine2-Eth-Trunk1] trunkport 100ge 1/0/8 [*Spine2-Eth-Trunk1] mode lacp-static [*Spine2-Eth-Trunk1] peer-link 1 [*Spine2-Eth-Trunk1] port vlan exclude 1 [*Spine2-Eth-Trunk1] quit [*Spine2] commit
- 配置BGP EVPN,建立VXLAN隧道。
- 配置业务接入点。# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似,这里不再赘述。
[~Leaf1] bridge-domain 10 [*Leaf1-bd10] quit [*Leaf1] bridge-domain 20 [*Leaf1-bd20] quit [*Leaf1] interface eth-trunk 2.10 mode l2 [*Leaf1-Eth-Trunk2.1] encapsulation dot1q vid 10 [*Leaf1-Eth-Trunk2.1] bridge-domain 10 [*Leaf1-Eth-Trunk2.1] quit [*Leaf1] interface eth-trunk 3.20 mode l2 [*Leaf1-Eth-Trunk3.1] encapsulation dot1q vid 20 [*Leaf1-Eth-Trunk3.1] bridge-domain 20 [*Leaf1-Eth-Trunk3.1] quit [*Leaf1] commit
- 配置BGP EVPN对等体关系。Spine1、Spine2作为路由反射器。
# 配置Spine1。Spine2的配置与Spine1类似,这里不再赘述,具体配置请参考配置脚本。
[~Spine1] evpn-overlay enable [*Spine1] bgp 100 [*Spine1-bgp] peer 2001:db8:1:6301::1 as-number 100 [*Spine1-bgp] peer 2001:db8:1:6301::1 connect-interface LoopBack2 [*Spine1-bgp] peer 2001:db8:1:7301::1 as-number 100 [*Spine1-bgp] peer 2001:db8:1:7301::1 connect-interface LoopBack2 [*Spine1-bgp] peer 2001:db8:1:8301::1 as-number 100 [*Spine1-bgp] peer 2001:db8:1:8301::1 connect-interface LoopBack2 [*Spine1-bgp] peer 2001:db8:1:9301::1 as-number 100 [*Spine1-bgp] peer 2001:db8:1:9301::1 connect-interface LoopBack2 [*Spine1-bgp] l2vpn-family evpn [*Spine1-bgp-af-evpn] peer 2001:db8:1:6301::1 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] peer 2001:db8:1:6301::1 advertise irb [*Spine1-bgp-af-evpn] peer 2001:db8:1:6301::1 advertise irbv6 [*Spine1-bgp-af-evpn] peer 2001:db8:1:6301::1 reflect-client [*Spine1-bgp-af-evpn] peer 2001:db8:1:7301::1 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] peer 2001:db8:1:7301::1 advertise irb [*Spine1-bgp-af-evpn] peer 2001:db8:1:7301::1 advertise irbv6 [*Spine1-bgp-af-evpn] peer 2001:db8:1:7301::1 reflect-client [*Spine1-bgp-af-evpn] peer 2001:db8:1:8301::1 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] peer 2001:db8:1:8301::1 advertise irb [*Spine1-bgp-af-evpn] peer 2001:db8:1:8301::1 advertise irbv6 [*Spine1-bgp-af-evpn] peer 2001:db8:1:8301::1 reflect-client [*Spine1-bgp-af-evpn] peer 2001:db8:1:9301::1 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Spine1-bgp-af-evpn] peer 2001:db8:1:9301::1 advertise irb [*Spine1-bgp-af-evpn] peer 2001:db8:1:9301::1 advertise irbv6 [*Spine1-bgp-af-evpn] peer 2001:db8:1:9301::1 reflect-client [*Spine1-bgp-af-evpn] undo policy vpn-target [*Spine1-bgp-af-evpn] quit [*Spine1-bgp] quit [*Spine1] commit
# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似,这里不再赘述,具体配置请参考配置脚本。
[~Leaf1] evpn-overlay enable [*Leaf1] bgp 100 [*Leaf1-bgp] peer 2001:db8:1:4301::1 as-number 100 [*Leaf1-bgp] peer 2001:db8:1:4301::1 connect-interface LoopBack2 [*Leaf1-bgp] peer 2001:db8:1:5301::1 as-number 100 [*Leaf1-bgp] peer 2001:db8:1:5301::1 connect-interface LoopBack2 [*Leaf1-bgp] l2vpn-family evpn [*Leaf1-bgp-af-evpn] peer 2001:db8:1:4301::1 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Leaf1-bgp-af-evpn] peer 2001:db8:1:4301::1 advertise irb [*Leaf1-bgp-af-evpn] peer 2001:db8:1:4301::1 advertise irbv6 [*Leaf1-bgp-af-evpn] peer 2001:db8:1:5301::1 enable Warning: This operation will reset the peer session. Continue? [Y/N]: y [*Leaf1-bgp-af-evpn] peer 2001:db8:1:5301::1 advertise irb [*Leaf1-bgp-af-evpn] peer 2001:db8:1:5301::1 advertise irbv6 [*Leaf1-bgp-af-evpn] quit [*Leaf1-bgp] quit [*Leaf1] commit
- 配置VPN实例及EVPN实例。
# 配置Spine1。Spine2的配置与Spine1类似,这里不再赘述,具体配置请参考配置脚本。
[~Spine1] ip vpn-instance vpn1 [*Spine1-vpn-instance-vpn1] vxlan vni 5000 [*Spine1-vpn-instance-vpn1] ipv4-family [*Spine1-vpn-instance-vpn1-af-ipv4] route-distinguisher 4.4.4.4:1 [*Spine1-vpn-instance-vpn1-af-ipv4] vpn-target 0:1 evpn [*Spine1-vpn-instance-vpn1-af-ipv4] quit [*Spine1-vpn-instance-vpn1] ipv6-family [*Spine1-vpn-instance-vpn1-af-ipv6] route-distinguisher 4.4.4.4:1 [*Spine1-vpn-instance-vpn1-af-ipv6] vpn-target 0:1 evpn [*Spine1-vpn-instance-vpn1-af-ipv6] quit [*Spine1-vpn-instance-vpn1] quit [*Spine1] bgp 100 [*Spine1-bgp] ipv4-family vpn-instance vpn1 [*Spine1-bgp-vpn1] import-route static [*Spine1-bgp-vpn1] advertise l2vpn evpn [*Spine1-bgp-vpn1] quit [*Spine1-bgp] ipv6-family vpn-instance vpn1 [*Spine1-bgp-6-vpn1] import-route static [*Spine1-bgp-6-vpn1] advertise l2vpn evpn [*Spine1-bgp-6-vpn1] quit [*Spine1-bgp] quit [*Spine1] interface nve 1 //配置NVE [*Spine1-Nve1] source 2001:db8:1:1301::1 //Spine1和Spine2作为M-LAG双活系统,这两台设备上配置的NVE接口的IP地址和MAC地址需要相同 [*Spine1-Nve1] mac-address 0000-5e00-0101 [*Spine1-Nve1] quit [*Spine1] commit
# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似,这里不再赘述,具体配置请参考配置脚本。
[~Leaf1] ip vpn-instance vpn1 [*Leaf1-vpn-instance-vpn1] vxlan vni 5000 [*Leaf1-vpn-instance-vpn1] ipv4-family [*Leaf1-vpn-instance-vpn1-af-ipv4] route-distinguisher 6.6.6.6:1 [*Leaf1-vpn-instance-vpn1-af-ipv4] vpn-target 0:1 evpn [*Leaf1-vpn-instance-vpn1-af-ipv4] quit [*Leaf1-vpn-instance-vpn1] ipv6-family [*Leaf1-vpn-instance-vpn1-af-ipv6] route-distinguisher 6.6.6.6:1 [*Leaf1-vpn-instance-vpn1-af-ipv6] vpn-target 0:1 evpn [*Leaf1-vpn-instance-vpn1-af-ipv6] quit [*Leaf1-vpn-instance-vpn1] quit [*Leaf1] bridge-domain 10 [*Leaf1-bd10] vxlan vni 10 [*Leaf1-bd10] evpn [*Leaf1-bd10-evpn] route-distinguisher 6.6.6.6:10 [*Leaf1-bd10-evpn] vpn-target 0:10 [*Leaf1-bd10-evpn] vpn-target 0:1 export-extcommunity [*Leaf1-bd10-evpn] quit [*Leaf1-bd10] quit [*Leaf1] bridge-domain 20 [*Leaf1-bd20] vxlan vni 20 [*Leaf1-bd20] evpn [*Leaf1-bd20-evpn] route-distinguisher 6.6.6.6:20 [*Leaf1-bd20-evpn] vpn-target 0:20 [*Leaf1-bd20-evpn] vpn-target 0:1 export-extcommunity [*Leaf1-bd20-evpn] quit [*Leaf1-bd20] quit [*Leaf1] bgp 100 [*Leaf1-bgp] ipv4-family vpn-instance vpn1 [*Leaf1-bgp-vpn1] import-route direct [*Leaf1-bgp-vpn1] advertise l2vpn evpn [*Leaf1-bgp-vpn1] quit [*Leaf1-bgp] ipv6-family vpn-instance vpn1 [*Leaf1-bgp-6-vpn1] import-route direct [*Leaf1-bgp-6-vpn1] advertise l2vpn evpn [*Leaf1-bgp-6-vpn1] quit [*Leaf1-bgp] quit [*Leaf1] interface nve 1 //配置NVE [*Leaf1-Nve1] source 2001:db8:1:2301::1 //Leaf1和Leaf2作为M-LAG双活系统,这两台设备上配置的NVE接口的IP地址和MAC地址需要相同 [*Leaf1-Nve1] mac-address 0000-5e00-0102 [*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp [*Leaf1-Nve1] vni 20 head-end peer-list protocol bgp [*Leaf1-Nve1] quit [*Leaf1] commit
- 在Leaf1、Leaf2、Leaf3、Leaf4上配置三层网关。
# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似,这里不再赘述,具体配置请参考配置脚本。
[~Leaf1] interface vbdif 10 [*Leaf1-Vbdif10] ip binding vpn-instance vpn1 [*Leaf1-Vbdif10] ip address 10.1.1.1 24 //Leaf1和Leaf2作为M-LAG双活系统,这两台设备上配置的VBDIF接口的IP地址和MAC地址需要相同 [*Leaf1-Vbdif10] ipv6 enable [*Leaf1-Vbdif10] ipv6 address fc00:1::1 64 [*Leaf1-Vbdif10] mac-address 0000-5e00-0105 [*Leaf1-Vbdif10] vxlan anycast-gateway enable [*Leaf1-Vbdif10] arp collect host enable [*Leaf1-Vbdif10] ipv6 nd collect host enable [*Leaf1-Vbdif10] quit [*Leaf1] interface vbdif 20 [*Leaf1-Vbdif20] ip binding vpn-instance vpn1 [*Leaf1-Vbdif20] ip address 10.1.2.1 24 [*Leaf1-Vbdif20] ipv6 enable [*Leaf1-Vbdif20] ipv6 address fc00:2::1 64 [*Leaf1-Vbdif20] mac-address 0000-5e00-0106 [*Leaf1-Vbdif20] vxlan anycast-gateway enable [*Leaf1-Vbdif20] arp collect host enable [*Leaf1-Vbdif20] ipv6 nd collect host enable [*Leaf1-Vbdif20] quit [*Leaf1] commit
- 配置业务接入点。# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似,这里不再赘述。
- 在M-LAG设备中配置静态Bypass VXLAN隧道。在M-LAG双归接入VXLAN的场景中,当下行一条链路发生故障时,业务流量需绕行M-LAG设备之间的Peer-link链路。因此,在该场景下M-LAG设备之间必须配置静态Bypass VXLAN隧道,将绕行的业务流量引导至Peer-link链路上。
下面以Leaf1和Leaf2配置为例,Spine1、Spine2、Leaf3、Leaf4的配置与之类似,这里不再赘述,具体配置请参考配置脚本。
# 配置Leaf1。
[~Leaf1] vlan 100 //本VLAN不能划分给其他业务使用,本例中以100举例 [*Leaf1-vlan100] quit [*Leaf1] interface vlanif 100 [*Leaf1-Vlanif100] reserved for vxlan bypass //指定peer-link接口上VLANIF的IPv6地址只给Bypass VXLAN隧道使用 [*Leaf1-Vlanif100] ipv6 enable [*Leaf1-Vlanif100] ipv6 address 2001:db8:2::1 64 //配置静态Bypass VXLAN隧道的源端IPv6地址 [*Leaf1-Vlanif100] ospfv3 1 area 0 [*Leaf1-Vlanif100] quit [*Leaf1] ipv6 route-static 2001:db8:1:7302::1 128 2001:db8:2::2 preference 1 //配置静态路由,打通Bypass VXLAN隧道 [*Leaf1] interface nve 1 [*Leaf1-Nve1] pip-source 2001:db8:1:6302::1 peer 2001:db8:1:7302::1 bypass //创建静态Bypass VXLAN隧道,指定源端地址和对端地址 [*Leaf1-Nve1] quit [*Leaf1] commit# 配置Leaf2。
[~Leaf2] vlan 100 [*Leaf2-vlan100] quit [*Leaf2] interface vlanif 100 [*Leaf2-Vlanif100] reserved for vxlan bypass [*Leaf2-Vlanif100] ipv6 address 2001:db8:2::2 64 [*Leaf2-Vlanif100] ospfv3 1 area 0 [*Leaf2-Vlanif100] quit [*Leaf2] ip route-static 2001:db8:1:6302::1 128 2001:db8:2::1 preference 1 [*Leaf2] interface nve 1 [*Leaf2-Nve1] pip-source 2001:db8:1:7302::1 peer 2001:db8:1:6302::1 bypass [*Leaf2-Nve1] quit [*Leaf2] commit - 在Spine1、Spine2上配置静态路由,实现南、北向流量互通。# 配置Spine1。Spine2的配置与Spine1类似,这里不再赘述,具体配置请参考配置脚本。
[~Spine1] interface 100ge 1/0/5 [~Spine1-100GE1/0/5] undo portswitch [*Spine1-100GE1/0/5] ip address 10.1.10.1 24 [*Spine1-100GE1/0/5] ipv6 enable [*Spine1-100GE1/0/5] ipv6 address fc00:10::1 64 [*Spine1-100GE1/0/5] quit [~Spine1] interface 100ge 1/0/6 [~Spine1-100GE1/0/6] undo portswitch [~Spine1-100GE1/0/6] ip address 10.1.20.1 24 [~Spine1-100GE1/0/6] ipv6 enable [*Spine1-100GE1/0/6] ipv6 address fc00:20::1 64 [*Spine1-100GE1/0/6] quit [*Spine1] ip route-static 0.0.0.0 0.0.0.0 10.1.10.2 //至公网PE的IPv4静态路由 [*Spine1] ip route-static 0.0.0.0 0.0.0.0 10.1.20.2 [*Spine1] ip route-static 10.1.1.0 24 vpn-instance vpn1 //至服务器网段的IPv4静态路由,下一跳为VPN实例 [*Spine1] ip route-static 10.1.2.0 24 vpn-instance vpn1 [*Spine1] ip route-static 10.1.3.0 24 vpn-instance vpn1 [*Spine1] ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 public //VPN实例的IPv4静态路由,下一跳为公网实例 [*Spine1] ipv6 route-static :: 0 fc00:10::2 //至公网PE的IPv6静态路由 [*Spine1] ipv6 route-static :: 0 fc00:20::2 [*Spine1] ipv6 route-static fc00:1:: 64 vpn-instance vpn1 //至服务器网段的IPv6静态路由,下一跳为VPN实例 [*Spine1] ipv6 route-static fc00:2:: 64 vpn-instance vpn1 [*Spine1] ipv6 route-static fc00:3:: 64 vpn-instance vpn1 [*Spine1] ipv6 route-static vpn-instance vpn1 :: 0 public //VPN实例的IPv6静态路由,下一跳为公网实例 [*Spine1] commit
验证配置结果
上述配置成功后,执行display vxlan tunnel命令可查看到VXLAN隧道的信息。以Spine1显示为例。
[~Spine1] display vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 2001:db8:1:1301::1 2001:db8:1:2301::1 up dynamic 0035h21m
4026531842 2001:db8:1:1301::1 2001:db8:1:3301::1 up dynamic 0036h21m
配置完成后,服务器之间可以相互通信。
配置脚本
- Spine1的配置脚本
# sysname Spine1 # dfs-group 1 authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%# dual-active detection source ipv6 2001:db8:1:4301::1 priority 150 # stp mode rstp stp v-stp enable # evpn-overlay enable # ip vpn-instance vpn1 ipv4-family route-distinguisher 4.4.4.4:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn ipv6-family route-distinguisher 4.4.4.4:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn vxlan vni 5000 # VLAN 100 # ospfv3 1 router-id 4.4.4.4 area 0.0.0.0 # interface Vlanif100 ipv6 enable ipv6 address 2001:db8:1::1/64 ospfv3 1 area 0.0.0.0 reserved for vxlan bypass # interface Eth-Trunk1 mode lacp-static peer-link 1 port vlan exclude 1 # interface 100GE1/0/1 undo portswitch ipv6 enable ipv6 address 2001:db8:1:D301::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/2 undo portswitch ipv6 enable ipv6 address 2001:db8:1:D302::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/3 undo portswitch ipv6 enable ipv6 address 2001:db8:1:D303::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/4 undo portswitch ipv6 enable ipv6 address 2001:db8:1:D304::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/5 undo portswitch ipv6 enable ip address 10.1.10.1 255.255.255.0 ipv6 address FC00:10::1/64 # interface 100GE1/0/6 undo portswitch ipv6 enable ip address 10.1.20.1 255.255.255.0 ipv6 address FC00:20::1/64 # interface 100GE1/0/7 eth-trunk 1 # interface 100GE1/0/8 eth-trunk 1 # interface LoopBack0 ip address 4.4.4.4 255.255.255.255 # interface LoopBack1 ipv6 enable ipv6 address 2001:db8:1:1301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack2 ipv6 enable ipv6 address 2001:db8:1:4301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack3 ipv6 enable ipv6 address 2001:db8:1:4302::1/128 # interface Nve1 source 2001:DB8:1:1301::1 pip-source 2001:db8:1:4302::1 peer 2001:db8:1:5302::1 bypass mac-address 0000-5e00-0101 # bgp 100 peer 2001:DB8:1:6301::1 as-number 100 peer 2001:DB8:1:6301::1 connect-interface LoopBack2 peer 2001:DB8:1:7301::1 as-number 100 peer 2001:DB8:1:7301::1 connect-interface LoopBack2 peer 2001:DB8:1:8301::1 as-number 100 peer 2001:DB8:1:8301::1 connect-interface LoopBack2 peer 2001:DB8:1:9301::1 as-number 100 peer 2001:DB8:1:9301::1 connect-interface LoopBack2 # ipv4-family unicast # ipv4-family vpn-instance vpn1 import-route static advertise l2vpn evpn # ipv6-family vpn-instance vpn1 import-route static advertise l2vpn evpn # l2vpn-family evpn undo policy vpn-target peer 2001:DB8:1:6301::1 enable peer 2001:DB8:1:6301::1 advertise irb peer 2001:DB8:1:6301::1 advertise irbv6 peer 2001:DB8:1:6301::1 reflect-client peer 2001:DB8:1:7301::1 enable peer 2001:DB8:1:7301::1 advertise irb peer 2001:DB8:1:7301::1 advertise irbv6 peer 2001:DB8:1:7301::1 reflect-client peer 2001:DB8:1:8301::1 enable peer 2001:DB8:1:8301::1 advertise irb peer 2001:DB8:1:8301::1 advertise irbv6 peer 2001:DB8:1:8301::1 reflect-client peer 2001:DB8:1:9301::1 enable peer 2001:DB8:1:9301::1 advertise irb peer 2001:DB8:1:9301::1 advertise irbv6 peer 2001:DB8:1:9301::1 reflect-client # ip route-static 0.0.0.0 0.0.0.0 10.1.10.2 ip route-static 0.0.0.0 0.0.0.0 10.1.20.2 ip route-static 10.1.1.0 255.255.255.0 vpn-instance vpn1 ip route-static 10.1.2.0 255.255.255.0 vpn-instance vpn1 ip route-static 10.1.3.0 255.255.255.0 vpn-instance vpn1 ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 public # ipv6 route-static 2001:db8:1:5302::1 128 2001:db8:1::2 preference 1 ipv6 route-static :: 0 FC00:10::2 ipv6 route-static :: 0 FC00:20::2 ipv6 route-static FC00:1:: 64 vpn-instance vpn1 ipv6 route-static FC00:2:: 64 vpn-instance vpn1 ipv6 route-static FC00:3:: 64 vpn-instance vpn1 ipv6 route-static vpn-instance vpn1 :: 0 public # return - Spine2的配置文件
# sysname Spine2 # dfs-group 1 authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%# dual-active detection source ipv6 2001:DB8:1:5301::1 # stp mode rstp stp v-stp enable # evpn-overlay enable # ip vpn-instance vpn1 ipv4-family route-distinguisher 5.5.5.5:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn ipv6-family route-distinguisher 5.5.5.5:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn vxlan vni 5000 # VLAN 100 # ospfv3 1 router-id 5.5.5.5 area 0.0.0.0 # interface Vlanif100 ipv6 enable ipv6 address 2001:db8:1::2/64 ospfv3 1 area 0.0.0.0 reserved for vxlan bypass # interface Eth-Trunk1 mode lacp-static peer-link 1 port vlan exclude 1 # interface 100GE1/0/1 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D305::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/2 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D306::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/3 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D307::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/4 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D308::1/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/5 undo portswitch ipv6 enable ip address 10.1.30.1 255.255.255.0 ipv6 address FC00:30::1/64 # interface 100GE1/0/6 undo portswitch ipv6 enable ip address 10.1.40.1 255.255.255.0 ipv6 address FC00:40::1/64 # interface 100GE1/0/7 eth-trunk 1 # interface 100GE1/0/8 eth-trunk 1 # interface LoopBack0 ip address 5.5.5.5 255.255.255.255 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:1:1301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack2 ipv6 enable ipv6 address 2001:DB8:1:5301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack3 ipv6 enable ipv6 address 2001:db8:1:5302::1/128 # interface Nve1 source 2001:DB8:1:1301::1 pip-source 2001:db8:1:5302::1 peer 2001:db8:1:4302::1 bypass mac-address 0000-5e00-0101 # bgp 100 peer 2001:DB8:1:6301::1 as-number 100 peer 2001:DB8:1:6301::1 connect-interface LoopBack2 peer 2001:DB8:1:7301::1 as-number 100 peer 2001:DB8:1:7301::1 connect-interface LoopBack2 peer 2001:DB8:1:8301::1 as-number 100 peer 2001:DB8:1:8301::1 connect-interface LoopBack2 peer 2001:DB8:1:9301::1 as-number 100 peer 2001:DB8:1:9301::1 connect-interface LoopBack2 # ipv4-family unicast # ipv4-family vpn-instance vpn1 import-route static advertise l2vpn evpn # ipv6-family vpn-instance vpn1 import-route static advertise l2vpn evpn # l2vpn-family evpn undo policy vpn-target peer 2001:DB8:1:6301::1 enable peer 2001:DB8:1:6301::1 advertise irb peer 2001:DB8:1:6301::1 advertise irbv6 peer 2001:DB8:1:6301::1 reflect-client peer 2001:DB8:1:7301::1 enable peer 2001:DB8:1:7301::1 advertise irb peer 2001:DB8:1:7301::1 advertise irbv6 peer 2001:DB8:1:7301::1 reflect-client peer 2001:DB8:1:8301::1 enable peer 2001:DB8:1:8301::1 advertise irb peer 2001:DB8:1:8301::1 advertise irbv6 peer 2001:DB8:1:8301::1 reflect-client peer 2001:DB8:1:9301::1 enable peer 2001:DB8:1:9301::1 advertise irb peer 2001:DB8:1:9301::1 advertise irbv6 peer 2001:DB8:1:9301::1 reflect-client # ip route-static 0.0.0.0 0.0.0.0 10.1.30.2 ip route-static 0.0.0.0 0.0.0.0 10.1.40.2 ip route-static 10.1.1.0 255.255.255.0 vpn-instance vpn1 ip route-static 10.1.2.0 255.255.255.0 vpn-instance vpn1 ip route-static 10.1.3.0 255.255.255.0 vpn-instance vpn1 ip route-static vpn-instance vpn1 0.0.0.0 0.0.0.0 public # ipv6 route-static 2001:db8:1:4302::1 128 2001:db8:1::1 preference 1 ipv6 route-static :: 0 FC00:30::2 ipv6 route-static :: 0 FC00:40::2 ipv6 route-static FC00:1:: 64 vpn-instance vpn1 ipv6 route-static FC00:2:: 64 vpn-instance vpn1 ipv6 route-static FC00:3:: 64 vpn-instance vpn1 ipv6 route-static vpn-instance vpn1 :: 0 public # return - Leaf1的配置脚本
# sysname Leaf1 # dfs-group 1 authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%# dual-active detection source ipv6 2001:DB8:1:6301::1 priority 150 # stp mode rstp stp v-stp enable # evpn-overlay enable # ip vpn-instance vpn1 ipv4-family route-distinguisher 6.6.6.6:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn ipv6-family route-distinguisher 6.6.6.6:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn vxlan vni 5000 # VLAN 100 # bridge-domain 10 vxlan vni 10 evpn route-distinguisher 6.6.6.6:10 vpn-target 0:10 export-extcommunity vpn-target 0:1 export-extcommunity vpn-target 0:10 import-extcommunity # bridge-domain 20 vxlan vni 20 evpn route-distinguisher 6.6.6.6:20 vpn-target 0:20 export-extcommunity vpn-target 0:1 export-extcommunity vpn-target 0:20 import-extcommunity # ospfv3 1 router-id 6.6.6.6 area 0.0.0.0 # interface Vbdif10 ip binding vpn-instance vpn1 ipv6 enable ip address 10.1.1.1 255.255.255.0 ipv6 address FC00:1::1/64 mac-address 0000-5e00-0105 ipv6 nd collect host enable vxlan anycast-gateway enable arp collect host enable # interface Vbdif20 ip binding vpn-instance vpn1 ipv6 enable ip address 10.1.2.1 255.255.255.0 ipv6 address FC00:2::1/64 mac-address 0000-5e00-0106 ipv6 nd collect host enable vxlan anycast-gateway enable arp collect host enable # interface Vlanif100 ipv6 enable ipv6 address 2001:db8:2::1/64 ospfv3 1 area 0.0.0.0 reserved for vxlan bypass # interface Eth-Trunk1 mode lacp-static peer-link 1 port vlan exclude 1 # interface Eth-Trunk2 stp edged-port enable mode lacp-static dfs-group 1 m-lag 1 # interface Eth-Trunk2.10 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface Eth-Trunk3 stp edged-port enable mode lacp-static dfs-group 1 m-lag 2 # interface Eth-Trunk3.20 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface 100GE1/0/1 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D301::2/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/2 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D305::2/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/3 eth-trunk 1 # interface 100GE1/0/4 eth-trunk 1 # interface 100GE1/0/5 eth-trunk 2 # interface 100GE1/0/6 eth-trunk 3 # interface LoopBack0 ip address 6.6.6.6 255.255.255.255 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:1:2301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack2 ipv6 enable ip address 6.6.6.6 255.255.255.255 ipv6 address 2001:DB8:1:6301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack3 ipv6 enable ipv6 address 2001:db8:1:6302::1/128 # interface Nve1 source 2001:DB8:1:2301::1 pip-source 2001:db8:1:6302::1 peer 2001:db8:1:7302::1 bypass vni 10 head-end peer-list protocol bgp vni 20 head-end peer-list protocol bgp mac-address 0000-5e00-0102 # monitor-link group 1 port 100GE1/0/1 uplink port 100GE1/0/2 uplink port Eth-Trunk2 downlink 1 port Eth-Trunk3 downlink 2 # bgp 100 peer 2001:DB8:1:4301::1 as-number 100 peer 2001:DB8:1:4301::1 connect-interface LoopBack2 peer 2001:DB8:1:5301::1 as-number 100 peer 2001:DB8:1:5301::1 connect-interface LoopBack2 # ipv4-family unicast # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # l2vpn-family evpn policy vpn-target peer 2001:DB8:1:4301::1 enable peer 2001:DB8:1:4301::1 advertise irb peer 2001:DB8:1:4301::1 advertise irbv6 peer 2001:DB8:1:5301::1 enable peer 2001:DB8:1:5301::1 advertise irb peer 2001:DB8:1:5301::1 advertise irbv6 # ipv6 route-static 2001:db8:1:7302::1 128 2001:db8:2::2 preference 1 # return - Leaf2的配置脚本
# sysname Leaf2 # dfs-group 1 authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%# dual-active detection source ipv6 2001:DB8:1:7301::1 # stp mode rstp stp v-stp enable # evpn-overlay enable # ip vpn-instance vpn1 ipv4-family route-distinguisher 7.7.7.7:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn ipv6-family route-distinguisher 7.7.7.7:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn vxlan vni 5000 # VLAN 100 # bridge-domain 10 vxlan vni 10 evpn route-distinguisher 7.7.7.7:10 vpn-target 0:10 export-extcommunity vpn-target 0:1 export-extcommunity vpn-target 0:10 import-extcommunity # bridge-domain 20 vxlan vni 20 evpn route-distinguisher 7.7.7.7:20 vpn-target 0:20 export-extcommunity vpn-target 0:1 export-extcommunity vpn-target 0:20 import-extcommunity # ospfv3 1 router-id 7.7.7.7 area 0.0.0.0 # interface Vbdif10 ip binding vpn-instance vpn1 ipv6 enable ip address 10.1.1.1 255.255.255.0 ipv6 address FC00:1::1/64 mac-address 0000-5e00-0105 ipv6 nd collect host enable vxlan anycast-gateway enable arp collect host enable # interface Vbdif20 ip binding vpn-instance vpn1 ipv6 enable ip address 10.1.2.1 255.255.255.0 ipv6 address FC00:2::1/64 mac-address 0000-5e00-0106 ipv6 nd collect host enable vxlan anycast-gateway enable arp collect host enable # interface Vlanif100 ipv6 enable ipv6 address 2001:db8:2::2/64 ospfv3 1 area 0.0.0.0 reserved for vxlan bypass # interface Eth-Trunk1 mode lacp-static peer-link 1 port vlan exclude 1 # interface Eth-Trunk2 stp edged-port enable mode lacp-static dfs-group 1 m-lag 1 # interface Eth-Trunk2.10 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface Eth-Trunk3 stp edged-port enable mode lacp-static dfs-group 1 m-lag 2 # interface Eth-Trunk3.20 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface 100GE1/0/1 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D302::2/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/2 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D306::2/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/3 eth-trunk 1 # interface 100GE1/0/4 eth-trunk 1 # interface 100GE1/0/5 eth-trunk 2 # interface 100GE1/0/6 eth-trunk 3 # interface LoopBack0 ip address 7.7.7.7 255.255.255.255 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:1:2301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack2 ipv6 enable ipv6 address 2001:DB8:1:7301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack3 ipv6 enable ipv6 address 2001:db8:1:7302::1/128 # interface Nve1 source 2001:DB8:1:2301::1 pip-source 2001:db8:1:7302::1 peer 2001:db8:1:6302::1 bypass vni 10 head-end peer-list protocol bgp vni 20 head-end peer-list protocol bgp mac-address 0000-5e00-0102 # monitor-link group 1 port 100GE1/0/1 uplink port 100GE1/0/2 uplink port Eth-Trunk2 downlink 1 port Eth-Trunk3 downlink 2 # bgp 100 peer 2001:DB8:1:4301::1 as-number 100 peer 2001:DB8:1:4301::1 connect-interface LoopBack2 peer 2001:DB8:1:5301::1 as-number 100 peer 2001:DB8:1:5301::1 connect-interface LoopBack2 # ipv4-family unicast # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # l2vpn-family evpn policy vpn-target peer 2001:DB8:1:4301::1 enable peer 2001:DB8:1:4301::1 advertise irb peer 2001:DB8:1:4301::1 advertise irbv6 peer 2001:DB8:1:5301::1 enable peer 2001:DB8:1:5301::1 advertise irb peer 2001:DB8:1:5301::1 advertise irbv6 # ipv6 route-static 2001:db8:1:6302::1 128 2001:db8:2::1 preference 1 # return - Leaf3的配置脚本
# sysname Leaf3 # dfs-group 1 authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%# dual-active detection source ipv6 2001:DB8:1:8301::1 priority 150 # stp mode rstp stp v-stp enable # evpn-overlay enable # ip vpn-instance vpn1 ipv4-family route-distinguisher 8.8.8.8:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn ipv6-family route-distinguisher 8.8.8.8:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn vxlan vni 5000 # VLAN 100 # bridge-domain 20 vxlan vni 20 evpn route-distinguisher 8.8.8.8:20 vpn-target 0:20 export-extcommunity vpn-target 0:1 export-extcommunity vpn-target 0:20 import-extcommunity # bridge-domain 30 vxlan vni 30 evpn route-distinguisher 8.8.8.8:30 vpn-target 0:30 export-extcommunity vpn-target 0:1 export-extcommunity vpn-target 0:30 import-extcommunity # ospfv3 1 router-id 8.8.8.8 area 0.0.0.0 # interface Vbdif20 ip binding vpn-instance vpn1 ipv6 enable ip address 10.1.2.1 255.255.255.0 ipv6 address FC00:2::1/64 mac-address 0000-5e00-0106 ipv6 nd collect host enable vxlan anycast-gateway enable arp collect host enable # interface Vbdif30 ip binding vpn-instance vpn1 ipv6 enable ip address 10.1.3.1 255.255.255.0 ipv6 address FC00:3::1/64 mac-address 0000-5e00-0107 ipv6 nd collect host enable vxlan anycast-gateway enable arp collect host enable # interface Vlanif100 ipv6 enable ipv6 address 2001:db8:3::1/64 ospfv3 1 area 0.0.0.0 reserved for vxlan bypass # interface Eth-Trunk1 mode lacp-static peer-link 1 port vlan exclude 1 # interface Eth-Trunk2 stp edged-port enable mode lacp-static dfs-group 1 m-lag 1 # interface Eth-Trunk2.20 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface Eth-Trunk3 stp edged-port enable mode lacp-static dfs-group 1 m-lag 2 # interface Eth-Trunk3.30 mode l2 encapsulation dot1q vid 30 bridge-domain 30 # interface 100GE1/0/1 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D303::2/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/2 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D307::2/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/3 eth-trunk 1 # interface 100GE1/0/4 eth-trunk 1 # interface 100GE1/0/5 eth-trunk 2 # interface 100GE1/0/6 eth-trunk 3 # interface LoopBack0 ip address 8.8.8.8 255.255.255.255 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:1:3301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack2 ipv6 enable ipv6 address 2001:DB8:1:8301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack3 ipv6 enable ipv6 address 2001:db8:1:8302::1/128 # interface Nve1 source 2001:DB8:1:3301::1 pip-source 2001:db8:1:8302::1 peer 2001:db8:1:9302::1 bypass vni 20 head-end peer-list protocol bgp vni 30 head-end peer-list protocol bgp mac-address 0000-5e00-0103 # monitor-link group 1 port 100GE1/0/1 uplink port 100GE1/0/2 uplink port Eth-Trunk2 downlink 1 port Eth-Trunk3 downlink 2 # bgp 100 peer 2001:DB8:1:4301::1 as-number 100 peer 2001:DB8:1:4301::1 connect-interface LoopBack2 peer 2001:DB8:1:5301::1 as-number 100 peer 2001:DB8:1:5301::1 connect-interface LoopBack2 # ipv4-family unicast # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # l2vpn-family evpn policy vpn-target peer 2001:DB8:1:4301::1 enable peer 2001:DB8:1:4301::1 advertise irb peer 2001:DB8:1:4301::1 advertise irbv6 peer 2001:DB8:1:5301::1 enable peer 2001:DB8:1:5301::1 advertise irb peer 2001:DB8:1:5301::1 advertise irbv6 # ipv6 route-static 2001:db8:1:9302::1 128 2001:db8:3::2 preference 1 # return - Leaf4的配置脚本
# sysname Leaf4 # dfs-group 1 authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgwh\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%# dual-active detection source ipv6 2001:DB8:1:9301::1 # stp mode rstp stp v-stp enable # evpn-overlay enable # ip vpn-instance vpn1 ipv4-family route-distinguisher 9.9.9.9:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn ipv6-family route-distinguisher 9.9.9.9:1 vpn-target 0:1 export-extcommunity evpn vpn-target 0:1 import-extcommunity evpn vxlan vni 5000 # VLAN 100 # bridge-domain 20 vxlan vni 20 evpn route-distinguisher 9.9.9.9:20 vpn-target 0:20 export-extcommunity vpn-target 0:1 export-extcommunity vpn-target 0:20 import-extcommunity # bridge-domain 30 vxlan vni 30 evpn route-distinguisher 9.9.9.9:30 vpn-target 0:30 export-extcommunity vpn-target 0:1 export-extcommunity vpn-target 0:30 import-extcommunity # ospfv3 1 router-id 9.9.9.9 area 0.0.0.0 # interface Vbdif20 ip binding vpn-instance vpn1 ipv6 enable ip address 10.1.2.1 255.255.255.0 ipv6 address FC00:2::1/64 mac-address 0000-5e00-0106 ipv6 nd collect host enable vxlan anycast-gateway enable arp collect host enable # interface Vbdif30 ip binding vpn-instance vpn1 ipv6 enable ip address 10.1.3.1 255.255.255.0 ipv6 address FC00:3::1/64 mac-address 0000-5e00-0107 ipv6 nd collect host enable vxlan anycast-gateway enable arp collect host enable # interface Vlanif100 ipv6 enable ipv6 address 2001:db8:3::2/64 ospfv3 1 area 0.0.0.0 reserved for vxlan bypass # interface Eth-Trunk1 mode lacp-static peer-link 1 port vlan exclude 1 # interface Eth-Trunk2 stp edged-port enable mode lacp-static dfs-group 1 m-lag 1 # interface Eth-Trunk2.20 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface Eth-Trunk3 stp edged-port enable mode lacp-static dfs-group 1 m-lag 2 # interface Eth-Trunk3.30 mode l2 encapsulation dot1q vid 30 bridge-domain 30 # interface 100GE1/0/1 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D304::2/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/2 undo portswitch ipv6 enable ipv6 address 2001:DB8:1:D308::2/64 ospfv3 1 area 0.0.0.0 ospfv3 network-type p2p # interface 100GE1/0/3 eth-trunk 1 # interface 100GE1/0/4 eth-trunk 1 # interface 100GE1/0/5 eth-trunk 2 # interface 100GE1/0/6 eth-trunk 3 # interface LoopBack0 ip address 9.9.9.9 255.255.255.255 # interface LoopBack1 ipv6 enable ipv6 address 2001:DB8:1:3301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack2 ipv6 enable ipv6 address 2001:DB8:1:9301::1/128 ospfv3 1 area 0.0.0.0 # interface LoopBack3 ipv6 enable ipv6 address 2001:db8:1:9302::1/128 # interface Nve1 source 2001:DB8:1:3301::1 pip-source 2001:db8:1:9302::1 peer 2001:db8:1:8302::1 bypass vni 20 head-end peer-list protocol bgp vni 30 head-end peer-list protocol bgp mac-address 0000-5e00-0103 # monitor-link group 1 port 100GE1/0/1 uplink port 100GE1/0/2 uplink port Eth-Trunk2 downlink 1 port Eth-Trunk3 downlink 2 # bgp 100 peer 2001:DB8:1:4301::1 as-number 100 peer 2001:DB8:1:4301::1 connect-interface LoopBack2 peer 2001:DB8:1:5301::1 as-number 100 peer 2001:DB8:1:5301::1 connect-interface LoopBack2 # ipv4-family unicast # ipv4-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # l2vpn-family evpn policy vpn-target peer 2001:DB8:1:4301::1 enable peer 2001:DB8:1:4301::1 advertise irb peer 2001:DB8:1:4301::1 advertise irbv6 peer 2001:DB8:1:5301::1 enable peer 2001:DB8:1:5301::1 advertise irb peer 2001:DB8:1:5301::1 advertise irbv6 # ipv6 route-static 2001:db8:1:8302::1 128 2001:db8:3::1 preference 1 # return
版权声明:
作者:SE_YT
链接:https://www.cnesa.cn/2787.html
来源:CNESA
文章版权归作者所有,未经允许请勿转载。
THE END
0
二维码
打赏
海报
配置分布式网关部署方式的IPv6 VXLAN示例
适用产品和版本
CE16800(除X系列单板外)、CE8800、CE6800(除CE6820H、CE6820H-K、CE6820S、CE6885-LL低时延模式外)系列产品V300R021C10或更高版本。
如果需要了解软件版本与交换机具体型号的配套信息,请查看硬件中心。
组网需求
如图1所示,某企业新建的数据中心网络采用分布式网关部署方式,其中Underlay基础网络为IPv6,Overlay网络为IPv4/IPv6。Leaf作为三层网关与服务器对接;Spine同时作为东西向流量的汇聚设备和网络出口网关。为了保证高可靠性,Spine、Leaf采用M-LAG部署方式。
图1 分布式网关部署方式的VXLAN网络示意图
上图中“1/0/1”为接口编号,接口速率为100GE,即“1/0/1”表示接口“100GE1/0/1”。其他接口类似。
表1 接口地址表
设备名称
接口
IP地址
设备名称
接口
IP地址
Spine1
100GE1/0/1
2001:db8:1:d301::1/64
Spine2
100GE1/0/1
2001:db8:1:d305::1/64
100GE1/0/2
2001:db8:1:d302::1/64
100GE1/0/2
2001:db8:1:d306::1/64
100GE1/0/3
2001:db8:1:d303::1/64
100GE1/0/3
2001:db8:1:d307::1/64
100GE1/0/4
2001:db8:1:d304::1/64
100GE1/0/4
2001:db8:1:d308::1/64
100GE1/0/5
IPv4: 10.1.10.1/24
IPv6: fc00:10::1/64
100GE1/0/5
IPv4: 10.1.30.1/24
IPv6: fc00:30::1/64
100GE1/0/6
IPv4: 10.1.20.1/24
IPv6: fc00:20::1/64
100GE1/0/6
IPv4: 10.1.40.1/24
IPv6: fc00:40::1/64
Loopback0
4.4.4.4/32
Loopback0
5.5.5.5/32
Loopback1
2001:db8:1:1301::1/128
Loopback1
2001:db8:1:1301::1/128
Loopback2
2001:db8:1:4301::1/128
Loopback2
2001:db8:1:5301::1/128
Loopback3
2001:db8:1:4302::1/128
Loopback3
2001:db8:1:5302::1/128
Leaf1
100GE1/0/1
2001:db8:1:d301::2/64
Leaf2
100GE1/0/1
2001:db8:1:d302::2/64
100GE1/0/2
2001:db8:1……
共有 0 条评论