奶爸熊大

large picture of the cover

H3C S6800 EVPN分布式VXLAN IP网关典型配置

功能需求

PC1、PC2、PC3 和 PC4 模拟不同站点的主机;
PC1 和 PC3 与 PC2 和 PC4 处在不同VXLAN;
SW1 和 SW3 作为分布式 EVPN VXLAN 网关设备;
SW2 作为RR设备负责反射BGP路由;
通过配置分布式EVPN网关实现不同VXLAN之间的三层互通;

拓扑图

vxlan_evpn.png

配置步骤

配置 PC 地址

PC1:
vlan 10
vxlan 100
10.1.1.1/24
GW: 10.1.1.254/24

PC2:
vlan 20
vxlan 200
20.1.1.1/24
GW: 20.1.1.254/24

PC3:
vlan 20
vxlan 200
20.1.1.2/24
GW: 20.1.1.254/24

PC4:
vlan 10
vxlan 100
10.1.1.2/24
GW: 10.1.1.254/24

配置 SW1 交换机

# 步骤一:配置VXLAN的硬件资源模式(需重启设备生效)。
<H3C> system-view
[H3C] hardware-resource vxlan l3gw8k

# 步骤二:配置VLAN 10、13, PC1 连接端口属于VLAN10,PC3 连接端口属于VLAN20,SW1 与 SW2 互联口属于VLAN13

[H3C] vlan 10
[H3C-vlan10]port GigabitEthernet1/0/1 
[H3C-vlan10]quit

[H3C] vlan 20
[H3C-vlan20]port GigabitEthernet1/0/2
[H3C-vlan20]quit

[H3C] vlan 13
[H3C-vlan13]port FortyGigE1/0/53
[H3C-vlan13]quit

# 步骤三:创建Loopback 1接口

[H3C]interface LoopBack 0
[H3C-LoopBack0]ip address 1.1.1.1 32

# 步骤四:创建vlan13虚接口

[H3C]interface Vlan-interface 13
[H3C-Vlan-interface13]ip address 13.1.1.1 30

# 步骤五:配置OSPF,使得设备之间IP可达

[H3C]ospf 1 router-id 1.1.1.1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.3
[H3C-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0

# 步骤六:开启L2VPN功能

[H3C] l2vpn enable

# 步骤七:关闭远端MAC地址和远端ARP自动学习功能

[H3C] vxlan tunnel mac-learning disable
[H3C] vxlan tunnel arp-learning disable

# 步骤八:创建VSI,并进入VSI视图(这里1和2即创建的VSI名称),并分别关联VXLAN100和200

[H3C]vsi 1
[H3C-vsi-1]vxlan 100
[H3C-vsi-1-vxlan-100]quit
[H3C-vsi-1]quit

[H3C]vsi 2
[H3C-vsi-2]vxlan 200
[H3C-vsi-2-vxlan-200]quit
[H3C-vsi-2]quit

# 步骤九:在VSI实例1下创建EVPN实例,并配置自动生成EVPN实例的RD和RT

[H3C] vsi 1
[H3C-vsi-1] evpn encapsulation vxlan
[H3C-vsi-1-evpn-vxlan] route-distinguisher auto
[H3C-vsi-1-evpn-vxlan] vpn-target auto
[H3C-vsi-1-evpn-vxlan] quit

# 步骤十:在VSI实例2下创建EVPN实例,并配置自动生成EVPN实例的RD和RT

[H3C] vsi 2
[H3C-vsi-2] evpn encapsulation vxlan
[H3C-vsi-2-evpn-vxlan] route-distinguisher auto
[H3C-vsi-2-evpn-vxlan] vpn-target auto
[H3C-vsi-2-evpn-vxlan] quit

步骤十一:配置BGP发布EVPN路由

[H3C]bgp 100
[H3C-bgp-default] peer 2.2.2.2 as-number 100
[H3C-bgp-default] peer 2.2.2.2 connect-interface LoopBack0
[H3C-bgp-default]address-family l2vpn evpn
[H3C-bgp-default-evpn]peer 2.2.2.2 enable

步骤十二:创建以太网服务实例1及配置封装模式,并使其与VSI关联

[H3C]interface GigabitEthernet1/0/1
[H3C-GigabitEthernet1/0/1]service-instance 1
[H3C-GigabitEthernet1/0/1-srv1]encapsulation s-vid 10
[H3C-GigabitEthernet1/0/1-srv1]xconnect vsi 1

[H3C]interface GigabitEthernet1/0/2
[H3C-GigabitEthernet1/0/2]service-instance 1
[H3C-GigabitEthernet1/0/2-srv1]encapsulation s-vid 20
[H3C-GigabitEthernet1/0/2-srv1]xconnect vsi 2


步骤十三: 配置L3VNI的RD和RT

[H3C] ip vpn-instance 1
[H3C-vpn-instance-1] route-distinguisher 1:1
[H3C-vpn-instance-1] address-family ipv4
[H3C-vpn-ipv4-1] vpn-target 2:2
[H3C-vpn-ipv4-1] quit

[H3C-vpn-instance-1] address-family evpn
[H3C-vpn-evpn-1] vpn-target 1:1
[H3C-vpn-evpn-1] quit

[H3C-vpn-instance-1] quit

步骤十四:创建VSI虚接口VSI-interface1,并为其配置IP地址和MAC地址,该IP地址作为VXLAN 100内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。

[H3C]interface Vsi-interface 1
[H3C-Vsi-interface1] ip binding vpn-instance 1
[H3C-Vsi-interface1]ip address 10.1.1.254 24
[H3C-Vsi-interface1] mac-address 0001-0001-0001
[H3C-Vsi-interface1] local-proxy-arp enable 
[H3C-Vsi-interface1] distributed-gateway local
[H3C-Vsi-interface1] quit

步骤十五:创建VSI虚接口VSI-interface2,并为其配置IP地址和MAC地址,该IP地址作为VXLAN 200内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。

[H3C]interface Vsi-interface 2
[H3C-Vsi-interface2] ip binding vpn-instance 1
[H3C-Vsi-interface2]ip address 20.1.1.254 24
[H3C-Vsi-interface2] mac-address 0002-0002-0002
[H3C-Vsi-interface2] local-proxy-arp enable 
[H3C-Vsi-interface2] distributed-gateway local
[H3C-Vsi-interface2] quit

步骤十六:创建VSI虚接口VSI-interface3,在该接口上配置VPN实例1对应的L3VNI为1

[H3C]interface Vsi-interface 3
[H3C-Vsi-interface3] ip binding vpn-instance 1
[H3C-Vsi-interface3] l3-vni 1
[H3C-Vsi-interface3]quit

步骤十七:配置VXLAN 100所在的VSI实例和接口VSI-interface1关联。

[H3C]vsi 1
[H3C-vsi-1]gateway vsi-interface 1

步骤十八:配置VXLAN 200所在的VSI实例和接口VSI-interface2关联。

[H3C]vsi 2
[H3C-vsi-2]gateway vsi-interface 2

配置 SW3 交换机

步骤一:配置VXLAN的硬件资源模式(需重启设备生效)。

<H3C> system-view
[H3C] hardware-resource vxlan l3gw8k

步骤二:配置VLAN 10、20、23,PC2 连接端口属于VLAN20,PC4 连接端口属于VLAN10,SW2 与 SW3 互联口属于vlan 23

<H3C> system-view
[H3C] vlan 10
[H3C-vlan10]port GigabitEthernet1/0/2
[H3C-vlan10]quit

[H3C] vlan 20
[H3C-vlan20]port GigabitEthernet1/0/1
[H3C-vlan20]quit

[H3C] vlan 23
[H3C-vlan23]port FortyGigE 1/0/54
[H3C-vlan23]quit

步骤三:创建loopback0 接口

[H3C]interface LoopBack 0
[H3C-LoopBack0]ip address 3.3.3.3 32

步骤四:创建VLAN23虚接口

[H3C]interface Vlan-interface 23
[H3C-Vlan-interface23]ip address 23.1.1.1 30

步骤五:配置OSPF,使得两台设备之间IP可达

[H3C]ospf 1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.3
[H3C-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

步骤六:开启L2VPN功能

[H3C] l2vpn enable

步骤七:关闭远端MAC地址和远端ARP自动学习功能

[H3C] vxlan tunnel mac-learning disable
[H3C] vxlan tunnel arp-learning disable

步骤八:创建VSI,并进入VSI视图(这里1和2即创建的VSI名称),并分别关联VXLAN100和200

[H3C]vsi 1
[H3C-vsi-1]vxlan 100
[H3C-vsi-1-vxlan-100]quit
[H3C-vsi-1]quit

[H3C]vsi 2
[H3C-vsi-2]vxlan 200
[H3C-vsi-2-vxlan-200]quit
[H3C-vsi-2]quit

步骤九:在VSI实例1下创建EVPN实例,并配置自动生成EVPN实例的RD和RT

[H3C] vsi 1
[H3C-vsi-1] evpn encapsulation vxlan
[H3C-vsi-1-evpn-vxlan] route-distinguisher auto
[H3C-vsi-1-evpn-vxlan] vpn-target auto
[H3C-vsi-1-evpn-vxlan] quit

步骤十:在VSI实例2下创建EVPN实例,并配置自动生成EVPN实例的RD和RT

[H3C] vsi 2
[H3C-vsi-2] evpn encapsulation vxlan
[H3C-vsi-2-evpn-vxlan] route-distinguisher auto
[H3C-vsi-2-evpn-vxlan] vpn-target auto
[H3C-vsi-2-evpn-vxlan] quit

步骤十一:配置BGP发布EVPN路由

[H3C]bgp 100
[H3C-bgp-default] peer 3.3.3.3 as-number 100
[H3C-bgp-default] peer 3.3.3.3 connect-interface LoopBack0
[H3C-bgp-default]address-family l2vpn evpn
[H3C-bgp-default-evpn]peer 3.3.3.3 enable

步骤十二:创建以太网服务实例2及配置封装模式,并使其与VSI关联

[H3C]interface GigabitEthernet1/0/1
[H3C-GigabitEthernet1/0/1]service-instance 1
[H3C-GigabitEthernet1/0/1-srv1]encapsulation s-vid 20
[H3C-GigabitEthernet1/0/1-srv1]xconnect vsi 2

[H3C]interface GigabitEthernet1/0/2
[H3C-GigabitEthernet1/0/2]service-instance 1
[H3C-GigabitEthernet1/0/2-srv1]encapsulation s-vid 10
[H3C-GigabitEthernet1/0/2-srv1]xconnect vsi 1

步骤十三: 配置L3VNI的RD和RT

[H3C] ip vpn-instance 1
[H3C-vpn-instance-1] route-distinguisher 1:1
[H3C-vpn-instance-1] address-family ipv4
[H3C-vpn-ipv4-1] vpn-target 2:2
[H3C-vpn-ipv4-1] quit

[H3C-vpn-instance-1] address-family evpn
[H3C-vpn-evpn-1] vpn-target 1:1
[H3C-vpn-evpn-1] quit

[H3C-vpn-instance-1] quit

步骤十四:创建VSI虚接口VSI-interface1,并为其配置IP地址和MAC地址,该IP地址作为VXLAN 100内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。

[H3C]interface Vsi-interface 1
[H3C-Vsi-interface1] ip binding vpn-instance 1
[H3C-Vsi-interface1]ip address 10.1.1.254 24
[H3C-Vsi-interface1] mac-address 0001-0001-0001
[H3C-Vsi-interface1] local-proxy-arp enable 
[H3C-Vsi-interface1] distributed-gateway local
[H3C-Vsi-interface1] quit

步骤十五:创建VSI虚接口VSI-interface2,并为其配置IP地址和MAC地址,该IP地址作为VXLAN 200内主机的网关地址,指定该VSI虚接口为分布式本地网关接口,并开启本地代理ARP功能。

[H3C]interface Vsi-interface 2
[H3C-Vsi-interface2] ip binding vpn-instance 1
[H3C-Vsi-interface2]ip address 20.1.1.254 24
[H3C-Vsi-interface2] mac-address 0002-0002-0002
[H3C-Vsi-interface2] local-proxy-arp enable 
[H3C-Vsi-interface2] distributed-gateway local
[H3C-Vsi-interface2] quit

步骤十六:创建VSI虚接口VSI-interface3,在该接口上配置VPN实例1对应的L3VNI为1

[H3C]interface Vsi-interface 3
[H3C-Vsi-interface3] ip binding vpn-instance 1
[H3C-Vsi-interface3] l3-vni 1
[H3C-Vsi-interface3]quit

步骤十七:配置VXLAN 100所在的VSI实例和接口VSI-interface1关联。

[H3C]vsi 1
[H3C-vsi-1]gateway vsi-interface 1

步骤十八:配置VXLAN 200所在的VSI实例和接口VSI-interface2关联。

[H3C]vsi 2
[H3C-vsi-2]gateway vsi-interface 2

配置 SW2 交换机

步骤一:配置VLAN 13、23,SW2 与 SW1 互联口属于vlan 13、SW2 与 SW3 互联口属于vlan 23

[H3C] vlan 13
[H3C-vlan13]port FortyGigE 1/0/53
[H3C-vlan13]quit

[H3C] vlan 23
[H3C-vlan23]port FortyGigE 1/0/54
[H3C-vlan23]quit

步骤二:创建loopback1 接口

[H3C]interface LoopBack 0
[H3C-LoopBack1]ip address 2.2.2.2 32

步骤三:创建vlan13、VLAN23虚接口

[H3C]interface Vlan-interface 13
[H3C-Vlan-interface13]ip address 13.1.1.2 30

[H3C]interface Vlan-interface 23
[H3C-Vlan-interface23]ip address 23.1.1.2 30

步骤四:配置OSPF,使得两台设备之间IP可达

[H3C]ospf 1
[H3C-ospf-1]area 0
[H3C-ospf-1-area-0.0.0.0]network 23.1.1.0 0.0.0.3
[H3C-ospf-1-area-0.0.0.0]network 13.1.1.0 0.0.0.3
[H3C-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0

步骤五: 配置BGP分别与 SW1、SW3 建立BGP连接

[H3C] bgp 100
[H3C-bgp-default] group evpn internal
[H3C-bgp-default] peer evpn connect-interface LoopBack0
[H3C-bgp-default] peer 1.1.1.1 group evpn
[H3C-bgp-default] peer 3.3.3.3 group evpn
[H3C-bgp-default] address-family l2vpn evpn
[H3C-bgp-default-evpn]undo policy vpn-target
[H3C-bgp-default-evpn]peer evpn enable

步骤六:配置 SW2 为路由反射器

[H3C-bgp-default-evpn]peer evpn reflect-client
[H3C-bgp-default-evpn]quit
[H3C-bgp-default]quit
site logo

Hi,Friend

© 2025 奶爸熊大