CloudEngine 16800系列交换机 配置M-LAG双活接入分布式网关做DHCPv4/DHCPv6 Relay 适用于CE16800、CE6866、CE6866K、CE8851、CE8851K系列交换机V300R020C00或更高版本。
组网需求
如图,某企业客户部署了分布式网关的VXLAN网络。现需要部署DHCPv4和DHCPv6业务,以实现DHCPv4/DHCPv6 Server为用户分配IP地址。其中Leaf1、Leaf2作为VXLAN网关并部署DHCPv4/DHCPv6 Relay。Leaf3作为DHCPv4 Server。为了保证高可靠性,Leaf1和Leaf2采用M-LAG部署。
配置M-LAG双活接入分布式网关做DHCPv4/DHCPv6 Relay网络组网图
配置思路
采用如下思路配置VXLAN双活接入:1.分别在Leaf1、Leaf2、Leaf3、Spine上以BGP EVPN方式部署分布式网关VXLAN。Leaf1、Leaf2和Leaf3作为VXLAN网关。
2.配置Leaf1和Leaf2组成M-LAG系统。•分别在Leaf1和Leaf2上配置DFS Group。
将Leaf1和Leaf2之间的链路配置为peer-link。
分别在Leaf1和Leaf2上配置M-LAG成员口。
分别在Leaf1和Leaf2上配置Bypass VXLAN隧道。
3.在Leaf1、Leaf2、Leaf3上各配置一个用于DHCPv4业务和DHCPv6业务的VPN实例。
4.在Leaf1、Leaf2上配置DHCPv4 Relay和DHCPv6 Relay。Leaf3上配置DHCPv4 Server,服务器上配置DHCPv6 Server。
数据准备
为完成此配置例,需准备如下的数据:
网络中设备互连的接口IP地址。
网络中使用的路由类型是BGP。
广播域BD ID是BD 10。
VXLAN网络标识VNI ID是VNI 20。
操作步骤
1.配置M-LAG
在Leaf1和Leaf2上配置V-STP、双主检测链路、DFS Group、peer-link和M-LAG成员接口。
a.配置V-STP
# 配置Leaf1。
[~Leaf1] stp mode rstp
[*Leaf1] stp v-stp enable
[*Leaf1] stp flush disable
[*Leaf1] commit
# 配置Leaf2。
[~Leaf2] stp mode rstp
[*Leaf2] stp v-stp enable
[*Leaf2] stp flush disable
[~Leaf2] commit
b.配置DFS Group
# 配置Leaf1。该示例中使用管理网口地址,也可以通过业务网络互通,需保证DFS Group绑定的IP地址可以三层互通。
[~Leaf1] dfs-group 1
[*Leaf1-dfs-group-1] dual-active detection source ip 10.100.0.1 //绑定双主检测链路地址。
[*Leaf1-dfs-group-1] authentication-mode hmac-sha256 password Huawei@1234
[*Leaf1-dfs-group-1] priority 150
[*Leaf1-dfs-group-1] quit
[*Leaf1] commit
# 配置Leaf2。
[~Leaf2] dfs-group 1
[*Leaf2-dfs-group-1] dual-active detection source ip 10.101.0.1 //绑定双主检测链路地址。
[*Leaf2-dfs-group-1] authentication-mode hmac-sha256 password Huawei@1234
[*Leaf2-dfs-group-1] priority 120
[*Leaf2-dfs-group-1] quit
[*Leaf2] commit
c.配置peer-link
# 配置Leaf1。Peer-Link链路Eth-Trunk接口的成员口建议跨板部署,避免单板单点故障导致Peer-link故障。
[~Leaf1] interface eth-trunk 1
[*Leaf1-Eth-Trunk1] trunkport 100ge 1/0/4
[*Leaf1-Eth-Trunk1] trunkport 100ge 2/0/4
[*Leaf1-Eth-Trunk1] mode lacp-static
[*Leaf1-Eth-Trunk1] peer-link 1
[*Leaf1-Eth-Trunk1] quit
[*Leaf1] commit
# 配置Leaf2。
[~Leaf2] interface eth-trunk 1
[*Leaf2-Eth-Trunk1] trunkport 100ge 1/0/4
[*Leaf2-Eth-Trunk1] trunkport 100ge 2/0/4
[*Leaf2-Eth-Trunk1] mode lacp-static
[*Leaf2-Eth-Trunk1] peer-link 1
[*Leaf2-Eth-Trunk1] quit
[*Leaf2] commit
d.配置M-LAG成员接口
# 配置Leaf1。SwitchA上行连接Leaf1和Leaf2的端口需要绑定在一个聚合链路中且链路聚合模式需要和Leaf1和Leaf2侧的聚合模式匹配。
[~Leaf1] interface eth-trunk 10
[*Leaf1-Eth-Trunk10] trunkport 100ge 1/0/2
[*Leaf1-Eth-Trunk10] trunkport 100ge 2/0/2
[*Leaf1-Eth-Trunk10] mode lacp-static
[*Leaf1-Eth-Trunk10] dfs-group 1 m-lag 1
[*Leaf1-Eth-Trunk10] stp edged-port enable
[*Leaf1-Eth-Trunk10] quit
[*Leaf1] commit
# 配置Leaf2。
[~Leaf2] interface eth-trunk 10
[*Leaf2-Eth-Trunk10] trunkport 100ge 1/0/2
[*Leaf2-Eth-Trunk10] trunkport 100ge 2/0/2
[*Leaf2-Eth-Trunk10] mode lacp-static
[*Leaf2-Eth-Trunk10] dfs-group 1 m-lag 1
[*Leaf2-Eth-Trunk10] stp edged-port enable
[*Leaf2-Eth-Trunk10] quit
[*Leaf2] commit
2.分别在Leaf1和Leaf2上配置业务接入点
# 配置Leaf1。Leaf2配置和Leaf1类似,这里不再累述。
[~Leaf1] bridge-domain 10
[*Leaf1-bd10] quit
[*Leaf1] interface eth-Trunk 10.10 mode l2
[*Leaf1-Eth-Trunk10.1] encapsulation dot1q vid 10
[*Leaf1-Eth-Trunk10.1] bridge-domain 10
[*Leaf1-Eth-Trunk10.1] quit
[*Leaf1] interface eth-trunk 10
[*Leaf1-Eth-Trunk10] port link-type trunk
[*Leaf1-Eth-Trunk10] quit
[*Leaf1] commit
3.分别在Leaf1、Leaf2、Leaf3和Spine上使能EVPN作VXLAN控制平面功能
# 配置Leaf1。Leaf2、Leaf3和Spine的配置与Leaf1类似,此处不再赘述。
[~Leaf1] evpn-overlay enable
[*Leaf1] commit
4.配置BGP EVPN对等体关系
# 配置Leaf1。Leaf2的配置与Leaf1配置类似,这里不再赘述。
[~Leaf1] bgp 100
[*Leaf1-bgp] group spine external
[*Leaf1-bgp] peer 10.51.3.2 as-number 65001
[*Leaf1-bgp] peer 10.51.3.2 group spine
[*Leaf1-bgp] quit
[*Leaf1] interface LoopBack 0
[*Leaf1-LoopBack0] ip address 192.168.1.2 32
[*Leaf1-LoopBack0] quit
[*Leaf1] bgp 200 instance evpn
[*Leaf1-bgp-instance-evpn] peer 10.10.11.33 as-number 200
[*Leaf1-bgp-instance-evpn] peer 10.10.11.33 connect-interface LoopBack0
[*Leaf1-bgp-instance-evpn] l2vpn-family evpn
[*Leaf1-bgp-instance-evpn-af-evpn] policy vpn-target
[*Leaf1-bgp-instance-evpn-af-evpn] peer 10.10.11.33 enable
[*Leaf1-bgp-instance-evpn-af-evpn] peer 10.10.11.33 advertise irb
[*Leaf1-bgp-instance-evpn-af-evpn] peer 10.10.11.33 advertise irbv6
[*Leaf1-bgp-instance-evpn-af-evpn] quit
[*Leaf1-bgp-instance-evpn] quit
[*Leaf1] commit
# 配置Spine。Spine上建立与Leaf1、Leaf2、Leaf3之间的BGP EVPN对等体关系。
[~Spine] bgp 65001
[*Spine-bgp] group leaf external
[*Spine-bgp] peer 10.51.3.1 as-number 100
[*Spine-bgp] peer 10.51.3.1 group leaf
[*Spine-bgp] peer 10.51.1.1 as-number 100
[*Spine-bgp] peer 10.51.1.1 group leaf
[*Spine-bgp] group leaf3 external
[*Spine-bgp] peer 10.56.1.1 as-number 100
[*Spine-bgp] peer 10.56.1.1 group leaf3
[*Spine-bgp] quit
[*Spine] interface LoopBack 0
[*Spine-LoopBack0] ip address 10.10.11.33 32
[*Spine-LoopBack0] quit
[*Spine] bgp 200 instance evpn
[*Spine-bgp-instance-evpn] peer 192.168.1.2 as-number 200
[*Spine-bgp-instance-evpn] peer 192.168.1.2 connect-interface LoopBack0
[*Spine-bgp-instance-evpn] peer 192.168.1.3 as-number 200
[*Spine-bgp-instance-evpn] peer 192.168.1.3 connect-interface LoopBack0
[*Spine-bgp-instance-evpn] peer 192.168.2.2 as-number 200
[*Spine-bgp-instance-evpn] peer 192.168.2.2 connect-interface LoopBack0
[*Spine-bgp-instance-evpn] l2vpn-family evpn
[*Spine-bgp-instance-evpn-af-evpn] undo policy vpn-target
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.1.2 enable
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.1.2 advertise irb
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.1.2 advertise irbv6
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.1.2 reflect-client
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.1.3 enable
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.1.3 advertise irb
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.1.3 advertise irbv6
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.1.3 reflect-client
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.2.2 enable
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.2.2 advertise irb
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.2.2 advertise irbv6
[*Spine-bgp-instance-evpn-af-evpn] peer 192.168.2.2 reflect-client
[*Spine-bgp-instance-evpn-af-evpn] quit
[*Spine-bgp-instance-evpn] quit
[*Spine] commit
5.配置VPN和EVPN实例
# 配置Leaf1。Leaf2的配置与Leaf1配置类似,这里不再赘述。
[~Leaf1] ip vpn-instance vpn1
[*Leaf1-vpn-instance-vpn1] vxlan vni 20
[*Leaf1-vpn-instance-vpn1] ipv4-family
[*Leaf1-vpn-instance-vpn1-af-ipv4] route-distinguisher 21:85
[*Leaf1-vpn-instance-vpn1-af-ipv4] vpn-target 68:1 evpn
[*Leaf1-vpn-instance-vpn1-af-ipv4] vpn-target 68:1
[*Leaf1-vpn-instance-vpn1-af-ipv4] quit
[*Leaf1-vpn-instance-vpn1] ipv6-family
[*Leaf1-vpn-instance-vpn1-af-ipv6] route-distinguisher 21:85
[*Leaf1-vpn-instance-vpn1-af-ipv6] vpn-target 68:1 evpn
[*Leaf1-vpn-instance-vpn1-af-ipv6] vpn-target 68:1
[*Leaf1-vpn-instance-vpn1-af-ipv6] quit
[*Leaf1-vpn-instance-vpn1] quit
[*Leaf1] bridge-domain 10
[*Leaf1-bd10] vxlan vni 10
[*Leaf1-bd10] evpn
[*Leaf1-bd10-evpn] route-distinguisher 21:10
[*Leaf1-bd10-evpn] vpn-target 0:10
[*Leaf1-bd10-evpn] quit
[*Leaf1-bd10] quit
[*Leaf1] commit
# 配置Leaf3。
[~Leaf3] ip vpn-instance vpn1
[*Leaf3-vpn-instance-vpn1] vxlan vni 20
[*Leaf3-vpn-instance-vpn1] ipv4-family
[*Leaf3-vpn-instance-vpn1-af-ipv4] route-distinguisher 21:6
[*Leaf3-vpn-instance-vpn1-af-ipv4] vpn-target 68:1 evpn
[*Leaf3-vpn-instance-vpn1-af-ipv4] vpn-target 68:1
[*Leaf3-vpn-instance-vpn1-af-ipv4] quit
[*Leaf3-vpn-instance-vpn1] ipv6-family
[*Leaf3-vpn-instance-vpn1-af-ipv6] route-distinguisher 21:6
[*Leaf3-vpn-instance-vpn1-af-ipv6] vpn-target 68:1 evpn
[*Leaf3-vpn-instance-vpn1-af-ipv6] vpn-target 68:1
[*Leaf3-vpn-instance-vpn1-af-ipv6] quit
[*Leaf3-vpn-instance-vpn1] quit
[*Leaf3] commit
6.配置头端复制
由于Leaf1和Leaf2作为双活接入设备,请确保这两台设备上配置的NVE接口的IP地址和MAC地址相同。
# 配置Leaf1。Leaf2的配置与Leaf1配置类似,这里不再赘述。
[~Leaf1] interface nve1
[*Leaf1-Nve1] source 192.168.1.1
[*Leaf1-Nve1] mac-address 0000-5e00-0103
[*Leaf1-Nve1] quit
[*Leaf1] commit
# 配置Leaf3。
[~Leaf3] interface nve1
[*Leaf3-Nve1] source 192.168.2.1
[*Leaf3-Nve1] quit
[*Leaf3] commit
7.Leaf1和Leaf2配置静态Bypass VXLAN隧道
# 配置Leaf1。Leaf2的配置与Leaf1配置类似,这里不再赘述。
[~Leaf1] vlan 100
[*Leaf1-vlan100] quit
[*Leaf1] interface vlanif 100
[*Leaf1-Vlanif100] ip address 10.10.10.1 24
[*Leaf1-Vlanif100] quit
[*Leaf1] interface nve 1
[*Leaf1-Nve1] pip-source 10.10.10.1 peer 10.10.10.2 bypass
[*Leaf1-Nve1] quit
[*Leaf1] commit
8.在Leaf1、Leaf2上配置VXLAN三层网关。
# 在Leaf1上配置VXLAN三层网关。Leaf2的配置与Leaf1配置类似,这里不再赘述。
[~Leaf1] interface vbdif10
[*Leaf1-vbdif10] ip binding vpn-instance vpn1
[*Leaf1-vbdif10] ip address 10.202.0.1 255.255.0.0
[*Leaf1-vbdif10] mac-address 0000-5e00-0112
[*Leaf1-vbdif10] ipv6 enable
[*Leaf1-vbdif10] ipv6 address 2001:db8:3::1 64
[*Leaf1-vbdif10] vxlan anycast-gateway enable
[*Leaf1-vbdif10] arp collect host enable
[*Leaf1-vbdif10] ipv6 nd direct-route enable
[*Leaf1-vbdif10] ipv6 nd collect host enable
[*Leaf1-vbdif10] ipv6 nd na glean
[*Leaf1-vbdif10] quit
[*Leaf1] commit
# 配置Leaf3。
[~Leaf3] vlan batch 2030
[~Leaf3] interface vlanif2030
[*Leaf3-vlanif2030] ip binding vpn-instance vpn1
[*Leaf3-vlanif2030] ip address 10.209.0.1 255.255.0.0
[*Leaf3-vlanif2030] ipv6 enable
[*Leaf3-vlanif2030] ipv6 address 2001:db8:1::1 64
[*Leaf3-vlanif2030] quit
[*Leaf3] commit
9.在Leaf1、Leaf2、Leaf3上配置BGP对邻居发布IP前缀类型的路由。
# 配置Leaf1。Leaf2、Leaf3的配置与Leaf1配置类似,这里不再赘述。
[~Leaf1] bgp 100
[~Leaf1-bgp] ipv6-family vpn-instance vpn1
[*Leaf1-bgp-6-vpn1] default-route imported
[*Leaf1-bgp-6-vpn1] import-route static
[*Leaf1-bgp-6-vpn1] import-route direct
[*Leaf1-bgp-6-vpn1] advertise l2vpn evpn
[*Leaf1-bgp-6-vpn1] quit
[*Leaf1-bgp] ipv4-family vpn-instance vpn1
[*Leaf1-bgp-4-vpn1] default-route imported
[*Leaf1-bgp-4-vpn1] import-route static
[*Leaf1-bgp-4-vpn1] import-route direct
[*Leaf1-bgp-4-vpn1] advertise l2vpn evpn
[*Leaf1-bgp-4-vpn1] quit
[*Leaf1-bgp] quit
[*Leaf1] commit
10.在Leaf1、Leaf2、Leaf3上配置用于DHCP业务的VPN实例。
# 配置Leaf3。配置DHCPv4 Server地址池。[~Leaf3] dhcp enable
[*Leaf3] dhcp server request-packet all-interface enable
[~Leaf3] ip pool p1
[*Leaf3-ip-pool-p1] vpn-instance vpn1
[*Leaf3-ip-pool-p1] gateway-list 10.202.0.1
[*Leaf3-ip-pool-p1] network 10.202.0.0 mask 255.255.255.0
[*Leaf3-ip-pool-p1] quit
[*Leaf3] commit
11.在Leaf1、Leaf2、Leaf3、Leaf4上配置DHCP Relay。
# 配置Leaf1。Leaf2的配置与Leaf1配置类似,这里不再赘述。
[~Leaf1] interface vbdif10
[*Leaf1-Vbdif10] dhcp select relay
[*Leaf1-Vbdif10] dhcp relay information enable
[*Leaf1-Vbdif10] dhcp relay server ip 10.209.0.1 vpn-instance vpn1
[*Leaf1-Vbdif10] dhcp option82 vss-control insert enable
[*Leaf1-Vbdif10] dhcp option82 link-selection insert enable
[*Leaf1-Vbdif10] dhcp option82 server-id-override insert enable
[*Leaf1-Vbdif10] dhcp relay source-ip-address 10.202.0.1
[*Leaf1-Vbdif10] dhcp relay gateway 10.202.0.1
[*Leaf1-Vbdif10] dhcpv6 relay destination 2001:db8:1::2 vpn-instance vpn1
[*Leaf1-Vbdif10] dhcpv6 relay vss-control insert enable
[*Leaf1-Vbdif10] dhcpv6 relay source-ip-address 2001:db8:3::1
[*Leaf1-Vbdif10] quit
[*Leaf1] commit
12.配置DHCPv6服务器。
DHCPv6服务器需要满足以下条件:
•在DHCPv6服务器上配置地址池,以便服务器端分配正确的IPv6地址给客户端。
•建议配置地址池租期,提高IP地址的使用效率。
13.检查配置结果
[~Leaf1]display dhcp relay interface Vbdif 10
DHCP relay agent running information of interface Vbdif10 :
Relay select : Enable
Server IP address [00] : 10.209.0.1 VPN instance: vpn1
Gateway address in use : 10.202.0.1
Gateway switch : Disable
Link-selection insert : Enable
[~Leaf1]display dhcpv6 relay interface Vbdif 10
--------------------------------------------------------------------------------
Interface Mode Destination
--------------------------------------------------------------------------------
Vbdif10 Relay 2001:db8:1::2(VPN: vpn1)
--------------------------------------------------------------------------------
Print count : 1 Total count : 1
上述配置成功后,在Leaf1上执行display vxlan tunnel命令可查看到VXLAN隧道的信息。
[~Leaf1] display vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531844 192.168.1.1 192.168.2.1 up dynamic 02:52:23
在Leaf1和Leaf2上执行命令display dfs-group 1 m-lag,查看M-LAG的相关信息。以Leaf1显示为例。
[~Leaf1] display dfs-group 1 m-lag
* : Local node
Heart beat state : OK
Node 1 *
Dfs-Group ID : 1
Priority : 150
Dual-active Address : ip address 10.100.0.1
State : Master
Causation : -
System ID : 0052-7512-2401
SysName : Leaf1
Version : V300R020C00SPC100
Device Type : CE16800
Node 2
Dfs-Group ID : 1
Priority : 120
Dual-active Address : ip address 10.101.0.1
State : Backup
Causation : -
System ID : 0034-2354-9901
SysName : Leaf2
Version : V300R020C00SPC100
Device Type : CE16800
查看Leaf1上的M-LAG信息。
[~Leaf1] display dfs-group 1 node 1 m-lag brief
* - Local node
M-Lag ID Interface Port State Status Consistency-check
1 Eth-Trunk 10 Up active(*)-active -
Failed reason:
1 -- Relationship between vlan and port is inconsistent
2 -- STP configuration under the port is inconsistent
3 -- STP port priority configuration is inconsistent
4 -- LACP mode of M-LAG is inconsistent
5 -- M-LAG configuration is inconsistent
6 -- The number of M-LAG members is inconsistent
DHCPv4用户上线后,执行display ip pool查看分配地址池信息。
[~Leaf3] display ip pool
----------------------------------------------------------------------------
Pool name : p1
Pool number : 0
Position : Local
Status : Unlocked
Gateway : 10.202.0.1
Mask : 255.255.255.0
VPN instance : vpn1
All IP pool address statistic
Total :253
Used :1 Idle :252 Expired :0
Conflict :0 Disable :0
DHCPv6 Client可以通过DHCPv6 Relay向DHCPv6 Server申请地址,并正常上线,说明配置成功。
配置文件
•Leaf1的配置文件
#
sysname Leaf1
#
dfs-group 1
priority 150
dual-active detection source ip 10.100.0.1
authentication-mode hmac-sha256 password %@%##!!!!!!!!!"!!!!"!!!!*!!!!ezu3:r07DO7Ku*DWfTt+^*UD%1bJ-P@&BfR!!!!!!!!!!!!!!!9!!!!Tnzq>```ZV,Wo*A+db);3j[%3g1"T4!!!!!!!!!!%@%#
#
stp mode rstp
stp v-stp enable
stp flush disable
#
dhcp enable
#
evpn-overlay enable
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 21:85
vpn-target 68:1 export-extcommunity
vpn-target 68:1 export-extcommunity evpn
vpn-target 68:1 import-extcommunity
vpn-target 68:1 import-extcommunity evpn
ipv6-family
route-distinguisher 21:85
vpn-target 68:1 export-extcommunity
vpn-target 68:1 export-extcommunity evpn
vpn-target 68:1 import-extcommunity
vpn-target 68:1 import-extcommunity evpn
vxlan vni 20
#
vlan 100
#
bridge-domain 10
vxlan vni 10
#
evpn
route-distinguisher 21:10
vpn-target 0:10 export-extcommunity
vpn-target 0:10 import-extcommunity
#
interface Vbdif10
ip binding vpn-instance vpn1
ipv6 enable
ip address 10.202.0.1 255.255.0.0
ipv6 address 2001:db8:3::1/64
mac-address 0000-5e00-0112
ipv6 nd collect host enable
vxlan anycast-gateway enable
dhcp select relay
dhcp relay information enable
dhcp relay server ip 10.209.0.1 vpn-instance vpn1
dhcp option82 link-selection insert enable
dhcp option82 vss-control insert enable
dhcp option82 server-id-override insert enable
dhcpv6 relay vss-control insert enable
dhcpv6 relay source-ip-address 2001:db8:3::1
dhcp relay source-ip-address 10.202.0.1
dhcp relay gateway 10.202.0.1
dhcpv6 relay destination 2001:db8:1::2 vpn-instance vpn1
arp collect host enable
arp direct-route enable
ipv6 nd direct-route enable
ipv6 nd na glean
#
interface vlanif100
ip address 10.10.10.1 255.255.255.0
#
interface MEth0/0/0
ip address 10.100.0.1 255.255.255.0
#
interface Eth-Trunk1
mode lacp-static
peer-link 1
#
interface Eth-Trunk10
port link-type trunk
stp edged-port enable
mode lacp-static
dfs-group 1 m-lag 1
#
interface Eth-Trunk10.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
#
interface 100GE1/0/1
undo portswitch
ip address 10.51.3.1 255.255.255.0
#
interface 100GE1/0/2
eth-trunk 10
#
interface 100GE1/0/4
eth-trunk 1
#
interface 100GE2/0/2
eth-trunk 10
#
interface 100GE2/0/4
eth-trunk 1
#
interface LoopBack0
ip address 192.168.1.2 255.255.255.255
#
interface LoopBack1
ip address 192.168.1.1 255.255.255.255
#
interface Nve1
source 192.168.1.1
mac-address 0000-5e00-0103
pip-source 10.10.10.1 peer 10.10.10.2 bypass
#
bgp 100
group spine external
peer 10.51.3.2 as-number 65001
peer 10.51.3.2 group spine
#
ipv4-family unicast
import-route direct
peer spine enable
peer spine allow-as-loop
peer 10.51.3.2 enable
peer 10.51.3.2 group spine
#
ipv4-family vpn-instance vpn1
default-route imported
import-route direct
import-route static
advertise l2vpn evpn
#
ipv6-family vpn-instance vpn1
default-route imported
import-route direct
import-route static
advertise l2vpn evpn
#
bgp 200 instance evpn
peer 10.10.11.33 as-number 200
peer 10.10.11.33 connect-interface LoopBack0
#
l2vpn-family evpn
policy vpn-target
peer 10.10.11.33 enable
peer 10.10.11.33 advertise irb
peer 10.10.11.33 advertise irbv6
#
return
•Leaf2的配置文件
#
sysname Leaf2
#
dfs-group 1
priority 120
dual-active detection source ip 10.101.0.1
authentication-mode hmac-sha256 password %@%##!!!!!!!!!"!!!!"!!!!*!!!!ezu3:r07DO7Ku*DWfTt+^*UD%1bJ-P@&BfR!!!!!!!!!!!!!!!9!!!!Tnzq>```ZV,Wo*A+db);3j[%3g1"T4!!!!!!!!!!%@%#
#
stp mode rstp
stp v-stp enable
stp flush disable
#
dhcp enable
#
evpn-overlay enable
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 21:85
vpn-target 68:1 export-extcommunity
vpn-target 68:1 export-extcommunity evpn
vpn-target 68:1 import-extcommunity
vpn-target 68:1 import-extcommunity evpn
ipv6-family
route-distinguisher 21:85
vpn-target 68:1 export-extcommunity
vpn-target 68:1 export-extcommunity evpn
vpn-target 68:1 import-extcommunity
vpn-target 68:1 import-extcommunity evpn
vxlan vni 20
#
vlan 100
#
bridge-domain 10
vxlan vni 10
#
evpn
route-distinguisher 21:10
vpn-target 0:10 export-extcommunity
vpn-target 0:10 import-extcommunity
#
interface Vbdif10
ip binding vpn-instance vpn1
ipv6 enable
ip address 10.202.0.1 255.255.0.0
ipv6 address 2001:db8:3::1/64
mac-address 0000-5e00-0112
ipv6 nd collect host enable
vxlan anycast-gateway enable
dhcp select relay
dhcp relay information enable
dhcp relay server ip 10.209.0.1 vpn-instance vpn1
dhcp option82 link-selection insert enable
dhcp option82 vss-control insert enable
dhcp option82 server-id-override insert enable
dhcpv6 relay vss-control insert enable
dhcpv6 relay source-ip-address 2001:db8:3::1
dhcp relay source-ip-address 10.202.0.1
dhcp relay gateway 10.202.0.1
dhcpv6 relay destination 2001:db8:1::2 vpn-instance vpn1
arp collect host enable
arp direct-route enable
ipv6 nd direct-route enable
ipv6 nd na glean
#
interface vlanif100
ip address 10.10.10.2 255.255.255.0
#
interface MEth0/0/0
ip address 10.101.0.1 255.255.255.0
#
interface Eth-Trunk1
mode lacp-static
peer-link 1
#
interface Eth-Trunk10
port link-type trunk
stp edged-port enable
mode lacp-static
dfs-group 1 m-lag 1
#
interface Eth-Trunk10.10 mode l2
encapsulation dot1q vid 10
bridge-domain 10
#
interface 100GE1/0/1
undo portswitch
ip address 10.51.1.1 255.255.255.0
#
interface 100GE1/0/2
eth-trunk 10
#
interface 100GE1/0/4
eth-trunk 1
#
interface 100GE2/0/2
eth-trunk 10
#
interface 100GE2/0/4
eth-trunk 1
#
interface LoopBack0
ip address 192.168.1.3 255.255.255.255
#
interface LoopBack1
ip address 192.168.1.1 255.255.255.255
#
interface Nve1
source 192.168.1.1
mac-address 0000-5e00-0103
pip-source 10.10.10.2 peer 10.10.10.1 bypass
#
bgp 100
group spine external
peer 10.51.3.2 as-number 65001
peer 10.51.3.2 group spine
#
ipv4-family unicast
import-route direct
peer spine enable
peer spine allow-as-loop
peer 10.51.3.2 enable
peer 10.51.3.2 group spine
#
ipv4-family vpn-instance vpn1
default-route imported
import-route direct
import-route static
advertise l2vpn evpn
#
ipv6-family vpn-instance vpn1
default-route imported
import-route direct
import-route static
advertise l2vpn evpn
#
bgp 200 instance evpn
peer 10.10.11.33 as-number 200
peer 10.10.11.33 connect-interface LoopBack0
#
l2vpn-family evpn
policy vpn-target
peer 10.10.11.33 enable
peer 10.10.11.33 advertise irb
peer 10.10.11.33 advertise irbv6
#
return
•Leaf3的配置文件#
sysname Leaf3
#
vlan batch 2030
#
stp disable
#
dhcp enable
#
evpn-overlay enable
#
ip vpn-instance vpn1
ipv4-family
route-distinguisher 21:6
vpn-target 68:1 export-extcommunity
vpn-target 68:1 export-extcommunity evpn
vpn-target 68:1 import-extcommunity
vpn-target 68:1 import-extcommunity evpn
ipv6-family
route-distinguisher 21:6
vpn-target 68:1 export-extcommunity
vpn-target 68:1 export-extcommunity evpn
vpn-target 68:1 import-extcommunity
vpn-target 68:1 import-extcommunity evpn
vxlan vni 20
#
ip pool p1
vpn-instance vpn1
gateway-list 10.202.0.1
network 10.202.0.0 mask 255.255.255.0
#
dhcp server request-packet all-interface enable
#
interface Vlanif2030
ip binding vpn-instance vpn1
ipv6 enable
ip address 10.209.0.1 255.255.0.0
ipv6 address 2001:db8:1::1/64
#
interface 100GE1/0/1
undo portswitch
ip address 10.56.1.1 255.255.255.0
#
interface 100GE1/0/2
port default vlan 2030
#
interface LoopBack0
ip address 192.168.2.2 255.255.255.255
#
interface LoopBack1
ip address 192.168.2.1 255.255.255.255
#
interface Nve1
source 192.168.2.1
#
bgp 100
group spine external
peer 10.56.1.2 as-number 65001
peer 10.56.1.2 group spine
#
ipv4-family unicast
import-route direct
peer spine enable
peer spine allow-as-loop
peer 10.56.1.2 enable
peer 10.56.1.2 group spine
#
ipv4-family vpn-instance vpn1
default-route imported
import-route direct
import-route static
advertise l2vpn evpn
#
ipv6-family vpn-instance vpn1
default-route imported
import-route direct
import-route static
advertise l2vpn evpn
#
bgp 200 instance evpn
peer 10.10.11.12 as-number 200
peer 10.10.11.12 connect-interface LoopBack0
peer 10.10.11.33 as-number 200
peer 10.10.11.33 connect-interface LoopBack0
#
l2vpn-family evpn
policy vpn-target
peer 10.10.11.12 enable
peer 10.10.11.12 advertise irb
peer 10.10.11.12 advertise irbv6
peer 10.10.11.33 enable
peer 10.10.11.33 advertise irb
peer 10.10.11.33 advertise irbv6
#
return
•Spine的配置文件
#
sysname Spine
#
stp disable
#
evpn-overlay enable
#
dhcp server request-packet all-interface disable
#
interface 100GE1/0/1
undo portswitch
ip address 10.51.3.2 255.255.255.0
#
interface 100GE1/0/2
undo portswitch
ip address 10.51.1.2 255.255.255.0
#
interface 100GE1/0/3
undo portswitch
ip address 10.56.1.2 255.255.255.0
#
interface LoopBack0
ip address 10.10.11.33 255.255.255.255
#
bgp 65001
group leaf external
peer 10.51.1.1 as-number 100
peer 10.51.1.1 group leaf
peer 10.51.3.1 as-number 100
peer 10.51.3.1 group leaf
group leaf3 external
peer 10.56.1.1 as-number 100
peer 10.56.1.1 group leaf3
#
ipv4-family unicast
network 10.10.11.33 255.255.255.255
peer leaf enable
peer 10.51.1.1 enable
peer 10.51.1.1 group leaf
peer 10.51.3.1 enable
peer 10.51.3.1 group leaf
peer leaf3 enable
peer 10.56.1.1 enable
peer 10.56.1.1 group leaf3
#
bgp 200 instance evpn
peer 192.168.1.2 as-number 200
peer 192.168.1.2 connect-interface LoopBack0
peer 192.168.1.3 as-number 200
peer 192.168.1.3 connect-interface LoopBack0
peer 192.168.2.2 as-number 200
peer 192.168.2.2 connect-interface LoopBack0
#
l2vpn-family evpn
undo policy vpn-target
peer 192.168.1.2 enable
peer 192.168.1.2 advertise irb
peer 192.168.1.2 advertise irbv6
peer 192.168.1.2 reflect-client
peer 192.168.1.3 enable
peer 192.168.1.3 advertise irb
peer 192.168.1.3 advertise irbv6
peer 192.168.1.3 reflect-client
peer 192.168.2.2 enable
peer 192.168.2.2 advertise irb
peer 192.168.2.2 advertise irbv6
peer 192.168.2.2 reflect-client
#
return
