本文继续上一篇文章实验拓扑进行扩展实现VXLAN跨子网互访。【传送门】拓扑本文先实现VXLAN跨子网通信再实现与外部传统IPv4网络通信。1 配置VXLAN跨子网通信本拓扑中已开启的设备沿用之前二层通信的配置这里不再进行赘述。1.1 在所有Leaf下配置下列内容。#ip vpn-instance vpn1 route-distinguisher1000:1000#address-family evpn# 进入evpn地址族视图vpn-target1000:1000import-extcommunity# 该RT用于发送2类主机路由IRBvpn-target1000:1000export-extcommunity#interfaceVsi-interface10 ip binding vpn-instance vpn1 ip address192.168.10.254255.255.255.0mac-address11-11-11distributed-gateway local# 接口使能VXLAN 分布式网关local-proxy-arp enable#interfaceVsi-interface20 ip binding vpn-instance vpn1 ip address192.168.20.254255.255.255.0mac-address22-22-22distributed-gateway local local-proxy-arp enable#vsi10gateway vsi-interface10# 关联VXLAN L3网关接口#vsi20gateway vsi-interface20# 关联VXLAN L3网关接口#interfaceVsi-interface8191# 配置3层VNIip binding vpn-instance vpn1 l3-vni1000##下列配置在Leaf_1-1、Leaf_1-2中配置m-lag mad excludeinterfaceVsi-interface10m-lag mad excludeinterfaceVsi-interface20m-lag mad excludeinterfaceVsi-interface8191所有Leaf配置相应设置后VXLAN跨子网通信此时已经实现。同子网访问使用的是vsi中的L2VNI进行主机MAC通告。本实验场景是VXLAN分布式网关要进行跨子网访问时需要携带L3VNI即vsi8191中设置的L3 VNI因为VSI8191接口绑定了ipv4 vpn实例该接口用于通告主机IP路由双方Leaf可以学习到对端设备下的主机IP路由。所以两端Leaf的VPN实例中evpn的vpn-target值需要对应。1.2 leaf_1-1配置验证Leaf_1-1dis bgp l2vpn evpn route-type mac-ip7e4c-46ce-0c06 verbose# 查看192.168.20.1的Type2路由详细信息BGPlocal routerIDis5.5.5.5Status codes:*-valid,-best,d-dampened,h-history s-suppressed,S-stale,i-internal,e-external a-additional-path Origin:i-IGP,e-EGP,?-incomplete Route distinguisher:20:20Total number of routes:1Paths:1available,1bestBGProuting table information of[2][0][48][7e4c-46ce-0c06][32][192.168.20.1]/136:Imported route.Original nexthop:1.2.3.4OutLabel:NULLExt-Community:RT:20:20,RT:1000:1000,Encapsulation Type:VXLAN,RoutersMAC:7e4a-c642-0600RxPathID:0x0TxPathID:0x0Org-validation:ValidAS-path:(null)Origin:igp Attribute value:MED0,localpref100,pref-val32768State:valid,local,bestIPprecedence:N/AQoS localID:N/ATraffic index:N/AEVPNroute type:MAC/IPadvertisement routeESI:0000.0000.0000.0000.0000Ethernet tagID:0MACaddress:7e4c-46ce-0c06IPaddress:192.168.20.1/32MPLSlabel1:20# L2VNIMPLSlabel2:1000# L3VNILeaf_1-1Leaf_1-1dis bgp l2vpn evpn route-type ip-prefix192.168.20.0verbose# 查看Type5路由信息BGPlocal routerIDis5.5.5.5Status codes:*-valid,-best,d-dampened,h-history s-suppressed,S-stale,i-internal,e-external a-additional-path Origin:i-IGP,e-EGP,?-incomplete Route distinguisher:1000:1000(vpn1)Total number of routes:1Paths:1available,1bestBGProuting table information of[5][0][24][192.168.20.0]/80:Imported route.Original nexthop:1.2.3.4OutLabel:NULLExt-Community:Encapsulation Type:VXLAN,DefaultGateWay,RoutersMAC:7e4a-c642-0600RxPathID:0x0TxPathID:0x0Org-validation:ValidAS-path:(null)Origin:igp Attribute value:MED0,localpref100,pref-val32768State:valid,local,bestIPprecedence:N/AQoS localID:N/ATraffic index:N/AEVPNroute type:IPprefix advertisement routeESI:0000.0000.0000.0000.0000Ethernet tagID:0IPprefix:192.168.20.0/24Gateway address:0.0.0.0MPLSlabel:1000# 只携带L3VNILeaf_1-11.3 跨子网通信验证1.3.1 PC_1 Ping 测试1.3.2 PC_3 Ping 测试2 配置与传统IPv4网络通信2.1 配置未开启设备的IPBorder1、2上与Spine1、2建立OSPF邻居关系略2.2 Border1、2上建立IPv4 vpn-instance 并使能ipv4、evpn地址族Leaf上也要使能ipv4地址族所有Border、Leaf上配置相同下面以Border1为例ip vpn-instance vpn1 route-distinguisher1000:1000#address-family ipv4 vpn-target1000:1000import-extcommunity vpn-target1000:1000export-extcommunity#address-family evpn vpn-target1000:1000import-extcommunity vpn-target1000:1000export-extcommunity#interfaceGigabitEthernet0/0# Border与CE连接的接口需绑入VPN1port link-mode route combo enable copper ip address10.1.1.2255.255.255.0#上述address-family ipv4中的VPN-Target用于传递Type5路由ipv4地址族中的RT要与EVPN地址族中的对应这样来自EVPN的路由可以传递到VPN实例的IPv4中从而实现与传统IPv4网络的互访。2.3 Border1、2与Sping1、2之间建立BGP L2vpn EVPN对等体关系2.3.1 Border1#l2vpn enable vxlan tunnel mac-learning disable vxlan tunnel arp-learning disable#bgp100timer keepalive3hold9timer connect-retry3peer3.3.3.3as-number100peer3.3.3.3connect-interfaceLoopBack0peer4.4.4.4as-number100peer4.4.4.4connect-interfaceLoopBack0#address-family l2vpn evpn peer3.3.3.3enable peer4.4.4.4enable#Border2配置与Border1的一致这里不再赘述。2.3.2 Spine1bgp100timer keepalive3hold9timer connect-retry3peer1.1.1.1as-number100peer1.1.1.1connect-interfaceLoopBack0peer2.2.2.2as-number100peer2.2.2.2connect-interfaceLoopBack0#address-family l2vpn evpn undo policy vpn-target peer1.1.1.1enable peer1.1.1.1reflect-client peer2.2.2.2enable peer2.2.2.2reflect-client#Spine2配置与Spine的一致这里不再赘述2.3.3 Border L2VPN EVPN 对等体建立情况2.4 Border1、2上创建L3vniinterfaceVsi-interface8191 ip binding vpn-instance vpn1 l3-vni1000#此时Border与Leaf之间的VXLAN隧道通过vsi8191自动建立Border1、2上此时能学习到对应的EVPN路由且通过type5路由将EVPN路由传入到IPv4 VPN-Instance vpn1路由表中。但此时Leaf设备上的ipv4 vpn-instance vpn1中还没有学习到外部路由100.100.100.1/32因为还没有在Border设备上进行引入2.5 CE与Border之间创建静态路由2.5.1 CE#ip route-static192.168.10.02410.1.1.2ip route-static192.168.10.02410.1.2.2preference80ip route-static192.168.20.02410.1.1.2ip route-static192.168.20.02410.1.2.2preference80#2.5.2 Border# Border1ip route-staticvpn-instance vpn1100.100.100.13210.1.1.1## Border2ip route-staticvpn-instance vpn1100.100.100.13210.1.2.12.6 Border中在bgp ipv4 vpn-instance中引入静态路由#bgp100ip vpn-instance vpn1#address-family ipv4 unicastdefault-route imported import-routestatic#此时Leaf设备上便可以学习到对应的外部路由2.6.1 Leaf_1-1 RoutesLeaf_1-1dis bgp l2vpn evpn route-type ip-prefix100.100.100.1verboseBGPlocal routerIDis5.5.5.5Status codes:*-valid,-best,d-dampened,h-history s-suppressed,S-stale,i-internal,e-external a-additional-path Origin:i-IGP,e-EGP,?-incomplete Total number of routes from all PEs:2Route distinguisher:1000:1000(vpn1)Total number of routes:2Paths:2available,1bestBGProuting table information of[5][0][32][100.100.100.1]/80:From:3.3.3.3(3.3.3.3)Rely nexthop:10.1.7.1Original nexthop:1.1.1.1OutLabel:NULLExt-Community:RT:1000:1000,Encapsulation Type:VXLAN,RoutersMAC:7e49-2049-0200RxPathID:0x0TxPathID:0x0AS-path:(null)Origin:incomplete Attribute value:MED0,localpref100,pref-val0State:valid,internal,best Originator:1.1.1.1Clusterlist:3.3.3.3IPprecedence:N/AQoS localID:N/ATraffic index:N/AEVPNroute type:IPprefix advertisement routeESI:0000.0000.0000.0000.0000Ethernet tagID:0IPprefix:100.100.100.1/32Gateway address:0.0.0.0MPLSlabel:1000Re-orignination:Disabled From:4.4.4.4(4.4.4.4)Rely nexthop:10.1.7.1Original nexthop:1.1.1.1OutLabel:NULLExt-Community:RT:1000:1000,Encapsulation Type:VXLAN,Router’sMAC:7e49-2049-0200RxPathID:0x0TxPathID:0xffffffffAS-path:(null)Origin:incomplete Attribute value:MED0,localpref100,pref-val0State:valid,internal Originator:1.1.1.1Clusterlist:4.4.4.4IPprecedence:N/AQoS localID:N/ATraffic index:N/AEVPNroute type:IPprefix advertisement routeESI:0000.0000.0000.0000.0000Ethernet tagID:0IPprefix:100.100.100.1/32Gateway address:0.0.0.0MPLSlabel:1000Re-orignination:DisabledLeaf_1-12.6.2 Leaf_1-2 Routes2.6.3 Leaf_2 Routes3 访问测试3.1 PC_13.2 PC_23.3 PC_33.4 PC_4至此本案例所有配置已完成本次实验过程比较顺利模拟器没有出现什么故障。详细的知识点可以访问上一篇中提到的【B站视频】