适用产品和版本

CE12800E（安装FD-X系列单板）、CE8800、CE7800、CE6800（除CE6875EI、CE6870EI、CE6880EI、CE6850EI、CE6810EI、CE6810LI外）系列产品V200R003C00或更高版本。

组网需求

如图1-17所示，在数据中心A和数据中心B内部分别配置BGP EVPN方式建立VXLAN隧道，通过在Leaf2和Leaf3之间配置BGP EVPN方式建立VXLAN隧道。当VM1和VM2之间需要通信时，需要实现数据中心A和数据中心B之间的二层互通。本例中，数据中心A内部的VXLAN隧道采用的VNI是10，数据中心B内部的VXLAN隧道采用的VNI是20，此时，在Leaf2和Leaf3上配置到达对端的VXLAN隧道时，需要配置Segment VXLAN功能进行VNI的转换。

图1-17 配置Segment VXLAN实现二层互通组网图

配置思路

采用如下的思路配置Segment VXLAN实现二层互通：

配置各节点IP地址。

配置路由协议实现各节点之间的互通。

在数据中心A和数据中心B内配置BGP EVPN方式建立VXLAN隧道。

在Leaf2和Leaf3上配置EBGP EVPN方式建立数据中心之间的VXLAN隧道。

在Leaf2和Leaf3上配置Segment VXLAN。

数据准备

为完成此配置例，需准备如下的数据：

VM所属的VLAN ID。

广播域BD ID。

数据中心A和数据中心B内部关联BD的VNI ID。

数据中心A和数据中心B所属的AS号。

Leaf2和Leaf3所属的水平分割组名称。

操作步骤

配置各节点接口的IP地址及路由协议

具体配置过程略，配置结果请参考配置文件。

配置路由协议

在数据中心内配置IGP，本示例使用OSPF。在数据中心间配置EBGP。

具体配置过程略，配置结果请参考配置文件。

数据中心A和数据中心B内配置BGP EVPN方式建立VXLAN隧道

在Leaf1和Leaf4上配置业务接入点

# 配置Leaf1。Leaf4的配置与Leaf1类似，这里不再赘述。

system-view

[~Leaf1] bridge-domain 10

[*Leaf1-bd10] quit

[*Leaf1] interface 10ge 1/0/2.1 mode l2

[*Leaf1-10GE1/0/2.1] encapsulation dot1q vid 10

[*Leaf1-10GE1/0/2.1] bridge-domain 10

[*Leaf1-10GE1/0/2.1] quit

[*Leaf1] commit

在各Leaf上使能EVPN作VXLAN控制平面功能

# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述。

[~Leaf1] evpn-overlay enable

[*Leaf1] commit

在数据中心A的Leaf1和Leaf2之间、数据中心B的Leaf3和Leaf4之间配置BGP EVPN对等体关系

# 在Leaf1上配置BGP EVPN对等体关系。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述。

[~Leaf1] bgp 100 instance evpn1

[*Leaf1-bgp-instance-evpn1] peer 2.2.2.2 as-number 100

[*Leaf1-bgp-instance-evpn1] peer 2.2.2.2 connect-interface LoopBack1

[*Leaf1-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf1-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 enable

[*Leaf1-bgp-instance-evpn1-af-evpn] quit

[*Leaf1-bgp-instance-evpn1] quit

[*Leaf1] commit

在各Leaf上配置EVPN实例

# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述。

[~Leaf1] bridge-domain 10

[~Leaf1-bd10] vxlan vni 10

[*Leaf1-bd10] evpn

[*Leaf1-bd10-evpn] route-distinguisher 10:1

[*Leaf1-bd10-evpn] vpn-target 11:1

[*Leaf1-bd10-evpn] quit

[*Leaf1-bd10] quit

[*Leaf1] commit

在各Leaf上使能头端复制功能

# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述。

[~Leaf1] interface nve 1

[*Leaf1-Nve1] source 1.1.1.1

[*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp

[*Leaf1-Nve1] quit

[*Leaf1] commit

在Leaf2和Leaf3上配置EBGP EVPN方式建立数据中心之间的VXLAN隧道

# 配置Leaf2。

[~Leaf2] bgp 100 instance evpn1

[*Leaf2-bgp-instance-evpn1] peer 3.3.3.3 as-number 200

[*Leaf2-bgp-instance-evpn1] peer 3.3.3.3 connect-interface LoopBack1

[*Leaf2-bgp-instance-evpn1] peer 3.3.3.3 ebgp-max-hop 255

[*Leaf2-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 enable

[*Leaf2-bgp-instance-evpn1-af-evpn] quit

[*Leaf2-bgp-instance-evpn1] quit

[*Leaf2] commit

# 配置Leaf3。

[~Leaf3] bgp 200 instance evpn1

[*Leaf3-bgp-instance-evpn1] peer 2.2.2.2 as-number 100

[*Leaf3-bgp-instance-evpn1] peer 2.2.2.2 connect-interface LoopBack1

[*Leaf3-bgp-instance-evpn1] peer 2.2.2.2 ebgp-max-hop 255

[*Leaf3-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 enable

[*Leaf3-bgp-instance-evpn1-af-evpn] quit

[*Leaf3-bgp-instance-evpn1] quit

[*Leaf3] commit

在Leaf2和Leaf3上配置Segment VXLAN功能

配置BGP EVPN对等体所属的水平分割组

# 配置Leaf2。

[~Leaf2] bgp 100 instance evpn1

[~Leaf2-bgp-instance-evpn1] l2vpn-family evpn

[~Leaf2-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 split-group sg1

[*Leaf2-bgp-instance-evpn1-af-evpn] commit

# 配置Leaf3。

[~Leaf3] bgp 200 instance evpn1

[~Leaf3-bgp-instance-evpn1] l2vpn-family evpn

[~Leaf3-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 split-group sg1

[*Leaf3-bgp-instance-evpn1-af-evpn] commit

配置EVPN路由中的MAC路由的重生成功能

# 配置Leaf2。

[~Leaf2-bgp-instance-evpn1-af-evpn] peer 1.1.1.1 import reoriginate

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 1.1.1.1 advertise route-reoriginated evpn mac

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 import reoriginate

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 advertise route-reoriginated evpn mac

[*Leaf2-bgp-instance-evpn1-af-evpn] quit

[*Leaf2-bgp-instance-evpn1] quit

[*Leaf2] commit

# 配置Leaf3。

[~Leaf3-bgp-instance-evpn1-af-evpn] peer 4.4.4.4 import reoriginate

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 4.4.4.4 advertise route-reoriginated evpn mac

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 import reoriginate

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 advertise route-reoriginated evpn mac

[*Leaf3-bgp-instance-evpn1-af-evpn] quit

[*Leaf3-bgp-instance-evpn1] quit

[*Leaf3] commit

验证配置结果

上述配置成功后，在Leaf上执行display vxlan tunnel命令可查看到VXLAN隧道的信息；执行display vxlan peer命令可查看到VXLAN的邻居信息。以Leaf2显示为例。

[~Leaf2] display vxlan tunnel

Number of vxlan tunnel : 2

Tunnel ID Source Destination State Type Uptime

-----------------------------------------------------------------------------------

4026531924 2.2.2.2 1.1.1.1 up dynamic 00:39:19

4026531925 2.2.2.2 3.3.3.3 up dynamic 00:39:09

[~Leaf2] display vxlan peer

Number of peers : 2

Vni ID Source Destination Type Out Vni ID

-------------------------------------------------------------------------------

10 2.2.2.2 1.1.1.1 dynamic 10

10 2.2.2.2 3.3.3.3 dynamic 20

配置完成后，VM1和VM2之间可以二层互通。

配置文件

Spine1的配置文件

#

sysname Spine1

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.10.1 255.255.255.0

#

interface 10GE1/0/2

undo portswitch

ip address 192.168.20.1 255.255.255.0

#

ospf 1

area 0.0.0.0

network 192.168.10.0 0.0.0.255

network 192.168.20.0 0.0.0.255

#

return

Leaf1的配置文件

#

sysname Leaf1

#

evpn-overlay enable

#

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 10:1

vpn-target 11:1 export-extcommunity

vpn-target 11:1 import-extcommunity

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.10.2 255.255.255.0

#

interface 10GE1/0/2.1 mode l2

encapsulation dot1q vid 10

bridge-domain 10

#

interface LoopBack1

ip address 1.1.1.1 255.255.255.255

#

interface Nve1

source 1.1.1.1

vni 10 head-end peer-list protocol bgp

#

bgp 100 instance evpn1

peer 2.2.2.2 as-number 100

peer 2.2.2.2 connect-interface LoopBack1

#

l2vpn-family evpn

policy vpn-target

peer 2.2.2.2 enable

#

ospf 1

area 0.0.0.0

network 1.1.1.1 0.0.0.0

network 192.168.10.0 0.0.0.255

#

return

Leaf2的配置文件

#

sysname Leaf2

#

evpn-overlay enable

#

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 20:1

vpn-target 11:1 export-extcommunity

vpn-target 11:1 import-extcommunity

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.20.2 255.255.255.0

#

interface 10GE1/0/2

undo portswitch

ip address 192.168.50.1 255.255.255.0

#

interface LoopBack1

ip address 2.2.2.2 255.255.255.255

#

interface Nve1

source 2.2.2.2

vni 10 head-end peer-list protocol bgp

#

bgp 10

peer 192.168.50.2 as-number 20

#

ipv4-family unicast

network 2.2.2.2 255.255.255.255

peer 192.168.50.2 enable

#

bgp 100 instance evpn1

peer 1.1.1.1 as-number 100

peer 1.1.1.1 connect-interface LoopBack1

peer 3.3.3.3 as-number 200

peer 3.3.3.3 ebgp-max-hop 255

peer 3.3.3.3 connect-interface LoopBack1

#

l2vpn-family evpn

policy vpn-target

peer 1.1.1.1 enable

peer 1.1.1.1 import reoriginate

peer 1.1.1.1 advertise route-reoriginated evpn mac

peer 3.3.3.3 enable

peer 3.3.3.3 split-group sg1

peer 3.3.3.3 import reoriginate

peer 3.3.3.3 advertise route-reoriginated evpn mac

#

ospf 1

area 0.0.0.0

network 2.2.2.2 0.0.0.0

network 192.168.20.0 0.0.0.255

#

return

Spine2的配置文件

#

sysname Spine2

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.30.1 255.255.255.0

#

interface 10GE1/0/2

undo portswitch

ip address 192.168.40.1 255.255.255.0

#

ospf 1

area 0.0.0.0

network 192.168.30.0 0.0.0.255

network 192.168.40.0 0.0.0.255

#

return

Leaf3的配置文件

#

sysname Leaf3

#

evpn-overlay enable

#

bridge-domain 10

vxlan vni 20

evpn

route-distinguisher 30:1

vpn-target 11:1 export-extcommunity

vpn-target 11:1 import-extcommunity

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.30.2 255.255.255.0

#

interface 10GE1/0/2

undo portswitch

ip address 192.168.50.2 255.255.255.0

#

interface LoopBack1

ip address 2.2.2.2 255.255.255.255

#

interface Nve1

source 3.3.3.3

vni 20 head-end peer-list protocol bgp

#

bgp 20

peer 192.168.50.1 as-number 10

#

ipv4-family unicast

network 3.3.3.3 255.255.255.255

peer 192.168.50.1 enable

#

bgp 200 instance evpn1

peer 2.2.2.2 as-number 100

peer 2.2.2.2 ebgp-max-hop 255

peer 2.2.2.2 connect-interface LoopBack1

peer 4.4.4.4 as-number 200

peer 4.4.4.4 connect-interface LoopBack1

#

l2vpn-family evpn

policy vpn-target

peer 2.2.2.2 enable

peer 2.2.2.2 split-group sg1

peer 2.2.2.2 import reoriginate

peer 2.2.2.2 advertise route-reoriginated evpn mac

peer 4.4.4.4 enable

peer 4.4.4.4 import reoriginate

peer 4.4.4.4 advertise route-reoriginated evpn mac

#

ospf 1

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 192.168.30.0 0.0.0.255

#

return

Leaf4的配置文件

#

sysname Leaf4

#

evpn-overlay enable

#

bridge-domain 10

vxlan vni 20

evpn

route-distinguisher 40:1

vpn-target 11:1 export-extcommunity

vpn-target 11:1 import-extcommunity

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.40.2 255.255.255.0

#

interface 10GE1/0/2.1 mode l2

encapsulation dot1q vid 10

bridge-domain 10

#

interface LoopBack1

ip address 4.4.4.4 255.255.255.255

#

interface Nve1

source 4.4.4.4

vni 20 head-end peer-list protocol bgp

#

bgp 200 instance evpn1

peer 3.3.3.3 as-number 200

peer 3.3.3.3 connect-interface LoopBack1

#

l2vpn-family evpn

policy vpn-target

peer 3.3.3.3 enable

#

ospf 1

area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 192.168.40.0 0.0.0.255

#

return