H3C VXLAN 集中式网关配置

上张贴CrossGrave发表回复

场景说明:一个简单的VXLAN集中式网关的配置,拥有两个租户分别为租户A和租户B,租户A=VLAN10,租户B=VLAN20,配置如下:

Leaf配置:

sysname Leaf-1 
vxlan tunnel mac-learning disable //通过BGP EVPN的2类路由可以学到远端的MAC,因此关闭隧道学习MAC
mac-address mac-move fast-update //为了保证转发不中断,当发现MAC迁移后立即更新ARP表项
l2vpn enable //开启二层VPN功能

vlan 10
 description Tenant_A
vlan 20
 description Tenant_B

vsi vxlan10010 //配置VSI和二层的VRF
 vxlan 10010
 evpn encapsulation vxlan
  route-distinguisher 1:10010
  vpn-target 1:10010 export-extcommunity
  vpn-target 1:10010 import-extcommunity
vsi vxlan10020
 vxlan 10020
 evpn encapsulation vxlan
  route-distinguisher 1:10020
  vpn-target 1:10020 export-extcommunity
  vpn-target 1:10020 import-extcommunity

isis 1
 is-level level-2
 cost-style wide
 is-name Leaf-1
 network-entity 49.0001.0010.0100.1002.00

bgp 100
 router-id 1.1.1.2
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack1
 address-family l2vpn evpn
  peer 1.1.1.1 enable

interface LoopBack 1
 ip address 1.1.1.2 255.255.255.255
 isis enable 1
 isis circuit-level level-2
 isis circuit-type p2p
interface FortyGigE0/0/49
 port link-mode route
 ip address 10.0.12.2 255.255.255.252
 isis enable 1
 isis circuit-level level-2
 isis circuit-type p2p


interface Ten-GigabitEthernet1/0/1
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
 stp edged-port
 stp port bpdu-protection enable
 service-instance 10 //配置服务实例,收到带有vlan10 tag的数据帧关联到vsi/vxlan10010中
  encapsulation s-vid 10
  xconnect vsi vxlan10010
 service-instance 20
  encapsulation s-vid 20
  xconnect vsi vxlan10020
interface Ten-GigabitEthernet1/0/2
 port link-mode bridge
 port link-type trunk
 undo port trunk permit vlan 1
 port trunk permit vlan 10 20
 stp edged-port
 stp port bpdu-protection enable
 service-instance 10
  encapsulation s-vid 10
  xconnect vsi vxlan10010
 service-instance 20
  encapsulation s-vid 20
  xconnect vsi vxlan10020

Spine配置:

sysname Spine
vxlan tunnel mac-learning disable

ip vpn-instance Tenant_A
  route-distinguisher 10:10010
 address-family ipv4
  vpn-target 11:10010 import-extcommunity
  vpn-target 11:10010 export-extcommunity
 address-family evpn
  vpn-target 10:10010 import-extcommunity
  vpn-target 10:10010 export-extcommunity
ip vpn-instance Tenant_B
  route-distinguisher 10:10020
 address-family ipv4
  vpn-target 11:10020 import-extcommunity
  vpn-target 11:10020 export-extcommunity
 address-family evpn
  vpn-target 10:10020 import-extcommunity
  vpn-target 10:10020 export-extcommunity

interface Vsi-interface10
 ip binding vpn-instance Tenant_A
 ip address 192.168.10.254 255.255.255.0
interface Vsi-interface20
 ip binding vpn-instance Tenant_B
 ip address 192.168.20.254 255.255.255.0
vsi vxlan10010
 description Tenant_A
 gateway vsi-interface 10
 statistics enable
 vxlan 10010
 evpn encapsulation vxlan
  route-distinguisher 1:10010
  vpn-target 1:10010 export-extcommunity
  vpn-target 1:10010 import-extcommunity
vsi vxlan10020
 description Tenant_B
 gateway vsi-interface 20
 statistics enable
 vxlan 10020
 evpn encapsulation vxlan
  route-distinguisher 1:10020
  vpn-target 1:10020 export-extcommunity
  vpn-target 1:10020 import-extcommunity

interface LoopBack1
 ip address 1.1.1.1 255.255.255.255
 isis enable 1
 isis circuit-level level-2
 isis circuit-type p2p
interface FortyGigE0/0/1
 port link-mode route
 ip address 10.0.12.1 255.255.255.252
 isis enable 1
 isis circuit-level level-2
 isis circuit-type p2p
interface FortyGigE0/0/2
 port link-mode route
 ip address 10.0.13.1 255.255.255.252
 isis enable 1
 isis circuit-level level-2
 isis circuit-type p2p

isis 1
 is-level level-2
 cost-style wide
 is-name Leaf-1
 network-entity 49.0001.0010.0100.1001.00

bgp 100
 router-id 1.1.1.1
 peer 1.1.1.2 as-number 100
 peer 1.1.1.2 connect-interface LoopBack1
 peer 1.1.1.3 as-number 100
 peer 1.1.1.3 connect-interface LoopBack1
 address-family l2vpn evpn
  peer 1.1.1.2 enable
  peer 1.1.1.3 enable

发表评论

您的电子邮箱地址不会被公开。

此站点使用Akismet来减少垃圾评论。了解我们如何处理您的评论数据