segment方案解决VXLAN分布式网关DCI间互联

segment概念:

segment方案是在需要互联的两个DCI间建立3条VXLAN隧道实现两个DCI间的二层和三层间互通需求,常用于大型的DCI间互联,无需考虑两个DCI内的VXLAN参数规划的不同,其中二层互通可以采用映射VNI或局部VNI的方式进行解决,华为推荐映射VNI方式。

实验拓扑

segment方案解决VXLAN分布式网关DCI间互联_第1张图片1、地址编码如图所示,underlay选用OSPF跑通底层互联地址以及环回口地址;

2、AS内采用IBGP EVPN传输EVPN路由,AS间采用EBGP EVPN传递DCI间的EVPN路由。

配置

leaf1

e-overlay enable                                            //开启EVPN支持能力

bridge-domain 1000                                          //配置BD域
 vxlan vni 5010
 e
  route-distinguisher 1:1
  -target 5010:1 export-extcommunity
  -target 11:1 export-extcommunity
  -target 5010:1 import-extcommunity
  -target 11:1 import-extcommunity

interface GE1/0/8.100 mode l2                            //配置业务接入点
 encapsulation dot1q vid 100
 bridge-domain 1000

ip -instance A                                                        //配置VRF
 ipv4-family
  route-distinguisher 11:11
  -target 11:1 export-extcommunity e
  -target 11:1 import-extcommunity e
 vxlan vni 3000

interface Vbdif1000                                                 //配置分布式网关
 ip binding -instance A
 ip address 192.168.1.254 255.255.255.0
 mac-address 0000-5e00-0011
 vxlan anycast-gateway enable
 arp collect host enable

bgp 100                                                                         //配置BGP EVPN
 router-id 11.11.11.11
 undo default ipv4-unicast
 peer 22.22.22.22 as-number 100
 peer 22.22.22.22 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo peer 22.22.22.22 enable
 #
 l2-family e
  policy -target
  peer 22.22.22.22 enable
  peer 22.22.22.22 advertise irb

 #

interface Nve1                                    //配置NVE接口
 source 1.1.1.1
 vni 5010 head-end peer-list protocol bgp

spine1

e-overlay enable

bgp 100                                                                     //配置BGP EVNP 作为RR反射路由
 router-id 22.22.22.22
 undo default ipv4-unicast
 peer 11.11.11.11 as-number 100
 peer 11.11.11.11 connect-interface LoopBack1
 peer 33.33.33.33 as-number 100
 peer 33.33.33.33 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo peer 11.11.11.11 enable
  undo peer 33.33.33.33 enable
 #
 l2-family e
  undo policy -target
  peer 11.11.11.11 enable
  peer 11.11.11.11 advertise irb
  peer 11.11.11.11 reflect-client
  peer 33.33.33.33 enable
  peer 33.33.33.33 advertise irb

  peer 33.33.33.33 reflect-client

dci1 

e-overlay enable  

ip -instance A                                            //配置VRF 绑定VXLAN VNI 进行调用
 ipv4-family
  route-distinguisher 33:33
  -target 11:1 export-extcommunity e
  -target 10:10 export-extcommunity e
  -target 11:1 import-extcommunity e
  -target 10:10 import-extcommunity e
 vxlan vni 3000

bridge-domain 1000                          //配置BD域  并配置水平分割功能 映射VNI实现二层互通
 vxlan vni 5000 split-group sg1
 vxlan vni 5010
 e
  route-distinguisher 3:3
  -target 5010:1 export-extcommunity
  -target 50:50 export-extcommunity
  -target 5010:1 import-extcommunity
  -target 50:50 import-extcommunity

bgp 100                                            //配置BGP EVPN 实现路由重生功能
 router-id 33.33.33.33
 undo default ipv4-unicast
 peer 22.22.22.22 as-number 100
 peer 22.22.22.22 connect-interface LoopBack1
 peer 44.44.44.44 as-number 200
 peer 44.44.44.44 ebgp-max-hop 255
 peer 44.44.44.44 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo peer 22.22.22.22 enable
  undo peer 44.44.44.44 enable
 #
 l2-family e
  policy -target
  peer 22.22.22.22 enable
  peer 22.22.22.22 advertise irb
  peer 22.22.22.22 import reoriginate
  peer 22.22.22.22 advertise route-reoriginated e mac-ip
  peer 22.22.22.22 advertise route-reoriginated e mac
  peer 22.22.22.22 advertise route-reoriginated e ip
  peer 44.44.44.44 enable
  peer 44.44.44.44 advertise irb
  peer 44.44.44.44 split-group sg1
  peer 44.44.44.44 import reoriginate
  peer 44.44.44.44 advertise route-reoriginated e mac-ip
  peer 44.44.44.44 advertise route-reoriginated e mac
  peer 44.44.44.44 advertise route-reoriginated e ip
#

interface Nve1                                                  //配置NVE接口
 source 4.4.4.4
 vni 5000 head-end peer-list protocol bgp
 vni 5011 head-end peer-list protocol bgp

dci2

e-overlay enable  

ip -instance B                              //配置VRF
 ipv4-family
  route-distinguisher 44:44
  -target 22:2 export-extcommunity e
  -target 10:10 export-extcommunity e
  -target 22:2 import-extcommunity e
  -target 10:10 import-extcommunity e
 vxlan vni 4000
#
bridge-domain 1000                            //配置BD域
 vxlan vni 5000 split-group sg1
 vxlan vni 5011
 e
  route-distinguisher 444:444
  -target 5011:1 export-extcommunity
  -target 50:50 export-extcommunity
  -target 5011:1 import-extcommunity
  -target 50:50 import-extcommunity

bgp 200                            //BGP配置,与dci1同理
 router-id 44.44.44.44
 undo default ipv4-unicast
 peer 33.33.33.33 as-number 100
 peer 33.33.33.33 ebgp-max-hop 255
 peer 33.33.33.33 connect-interface LoopBack1
 peer 55.55.55.55 as-number 200
 peer 55.55.55.55 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo peer 33.33.33.33 enable
  undo peer 55.55.55.55 enable
 #
 l2-family e
  policy -target
  peer 33.33.33.33 enable
  peer 33.33.33.33 advertise irb
  peer 33.33.33.33 split-group sg1
  peer 33.33.33.33 import reoriginate
  peer 33.33.33.33 advertise route-reoriginated e mac-ip
  peer 33.33.33.33 advertise route-reoriginated e mac
  peer 33.33.33.33 advertise route-reoriginated e ip
  peer 55.55.55.55 enable
  peer 55.55.55.55 advertise irb
  peer 55.55.55.55 import reoriginate
  peer 55.55.55.55 advertise route-reoriginated e mac-ip
  peer 55.55.55.55 advertise route-reoriginated e mac
  peer 55.55.55.55 advertise route-reoriginated e ip
#

spine2

e-overlay enable  

bgp 200
 router-id 55.55.55.55
 undo default ipv4-unicast
 peer 44.44.44.44 as-number 200
 peer 44.44.44.44 connect-interface LoopBack1
 peer 66.66.66.66 as-number 200
 peer 66.66.66.66 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo peer 44.44.44.44 enable
  undo peer 66.66.66.66 enable
 #
 l2-family e
  undo policy -target
  peer 44.44.44.44 enable
  peer 44.44.44.44 advertise irb
  peer 44.44.44.44 reflect-client
  peer 66.66.66.66 enable
  peer 66.66.66.66 advertise irb
  peer 66.66.66.66 reflect-client
#

leaf2

e-overlay enable

bridge-domain 1000                       //BD域配置
 vxlan vni 5011
 e
  route-distinguisher 20:20
  -target 5011:1 export-extcommunity
  -target 11:11 export-extcommunity
  -target 5011:1 import-extcommunity
  -target 11:11 import-extcommunity
#
bridge-domain 2000
 vxlan vni 5020
 e
  route-distinguisher 6:6
  -target 5020:1 export-extcommunity
  -target 22:2 export-extcommunity
  -target 5020:1 import-extcommunity
  -target 22:2 import-extcommunity

interface GE1/0/8.100 mode l2              //业务接入点配置
 encapsulation dot1q vid 100
 bridge-domain 1000
#
interface GE1/0/8.200 mode l2
 encapsulation dot1q vid 200
 bridge-domain 2000

ip -instance A                       //VRF配置
 ipv4-family
  route-distinguisher 202:202
  -target 11:11 export-extcommunity e
  -target 11:11 import-extcommunity e
 vxlan vni 3001
#
ip -instance B
 ipv4-family
  route-distinguisher 66:66
  -target 22:2 export-extcommunity e
  -target 22:2 import-extcommunity e
 vxlan vni 4000
#

interface Vbdif1000                       //分部式网关配置
 ip binding -instance A
 ip address 192.168.1.254 255.255.255.0
 mac-address 0000-5e00-0011
 vxlan anycast-gateway enable
 arp collect host enable
#
interface Vbdif2000
 ip binding -instance B
 ip address 192.168.2.254 255.255.255.0
 mac-address 0000-5e00-0066
 vxlan anycast-gateway enable
 arp collect host enable
#

bgp 200                       //BGP配置
 router-id 66.66.66.66
 undo default ipv4-unicast
 peer 55.55.55.55 as-number 200
 peer 55.55.55.55 connect-interface LoopBack1
 #
 ipv4-family unicast
  undo peer 55.55.55.55 enable
 #
 l2-family e
  policy -target
  peer 55.55.55.55 enable
  peer 55.55.55.55 advertise irb

状态查看

e邻居状态

在spine1上查看

segment方案解决VXLAN分布式网关DCI间互联_第2张图片

在dci1上查看

segment方案解决VXLAN分布式网关DCI间互联_第3张图片

EVPN路由查看

在leaf1上:

segment方案解决VXLAN分布式网关DCI间互联_第4张图片segment方案解决VXLAN分布式网关DCI间互联_第5张图片

注意ENSP模拟器有BUG是不产生type2 的MAC路由的所以二层互通是无法在ENSP进行模拟的

segment方案解决VXLAN分布式网关DCI间互联_第6张图片

segment方案解决VXLAN分布式网关DCI间互联_第7张图片

可以看到PC1的主机MAC为54-89-98-63-13-6D,本地的MAC表中可以看到,但是并未进入到EVPN路由中进行传输,真机测试后是正常进入的。

测试

在PC1上Ping测试PC2

segment方案解决VXLAN分布式网关DCI间互联_第8张图片

你可能感兴趣的:(分布式VXLAN,segment,DCI间互联,数据中心)