segment方案解决VXLAN分布式网关DCI间互联

segment概念：

segment方案是在需要互联的两个DCI间建立3条VXLAN隧道实现两个DCI间的二层和三层间互通需求，常用于大型的DCI间互联，无需考虑两个DCI内的VXLAN参数规划的不同，其中二层互通可以采用映射VNI或局部VNI的方式进行解决，华为推荐映射VNI方式。

实验拓扑

1、地址编码如图所示，underlay选用OSPF跑通底层互联地址以及环回口地址；

2、AS内采用IBGP EVPN传输EVPN路由，AS间采用EBGP EVPN传递DCI间的EVPN路由。

配置

leaf1

evpn-overlay enable //开启EVPN支持能力

bridge-domain 1000 //配置BD域
vxlan vni 5010
evpn
route-distinguisher 1:1
vpn-target 5010:1 export-extcommunity
vpn-target 11:1 export-extcommunity
vpn-target 5010:1 import-extcommunity
vpn-target 11:1 import-extcommunity

interface GE1/0/8.100 mode l2 //配置业务接入点
encapsulation dot1q vid 100
bridge-domain 1000

ip vpn-instance A //配置VRF
ipv4-family
route-distinguisher 11:11
vpn-target 11:1 export-extcommunity evpn
vpn-target 11:1 import-extcommunity evpn
vxlan vni 3000

interface Vbdif1000 //配置分布式网关
ip binding vpn-instance A
ip address 192.168.1.254 255.255.255.0
mac-address 0000-5e00-0011
vxlan anycast-gateway enable
arp collect host enable

bgp 100 //配置BGP EVPN
router-id 11.11.11.11
undo default ipv4-unicast
peer 22.22.22.22 as-number 100
peer 22.22.22.22 connect-interface LoopBack1
#
ipv4-family unicast
undo peer 22.22.22.22 enable
#
l2vpn-family evpn
policy vpn-target
peer 22.22.22.22 enable
peer 22.22.22.22 advertise irb

#

interface Nve1 //配置NVE接口
source 1.1.1.1
vni 5010 head-end peer-list protocol bgp

spine1

evpn-overlay enable

bgp 100 //配置BGP EVNP 作为RR反射路由
router-id 22.22.22.22
undo default ipv4-unicast
peer 11.11.11.11 as-number 100
peer 11.11.11.11 connect-interface LoopBack1
peer 33.33.33.33 as-number 100
peer 33.33.33.33 connect-interface LoopBack1
#
ipv4-family unicast
undo peer 11.11.11.11 enable
undo peer 33.33.33.33 enable
#
l2vpn-family evpn
undo policy vpn-target
peer 11.11.11.11 enable
peer 11.11.11.11 advertise irb
peer 11.11.11.11 reflect-client
peer 33.33.33.33 enable
peer 33.33.33.33 advertise irb

peer 33.33.33.33 reflect-client

dci1

evpn-overlay enable

ip vpn-instance A //配置VRF 绑定VXLAN VNI 进行调用
ipv4-family
route-distinguisher 33:33
vpn-target 11:1 export-extcommunity evpn
vpn-target 10:10 export-extcommunity evpn
vpn-target 11:1 import-extcommunity evpn
vpn-target 10:10 import-extcommunity evpn
vxlan vni 3000

bridge-domain 1000 //配置BD域并配置水平分割功能映射VNI实现二层互通
vxlan vni 5000 split-group sg1
vxlan vni 5010
evpn
route-distinguisher 3:3
vpn-target 5010:1 export-extcommunity
vpn-target 50:50 export-extcommunity
vpn-target 5010:1 import-extcommunity
vpn-target 50:50 import-extcommunity

bgp 100 //配置BGP EVPN 实现路由重生功能
router-id 33.33.33.33
undo default ipv4-unicast
peer 22.22.22.22 as-number 100
peer 22.22.22.22 connect-interface LoopBack1
peer 44.44.44.44 as-number 200
peer 44.44.44.44 ebgp-max-hop 255
peer 44.44.44.44 connect-interface LoopBack1
#
ipv4-family unicast
undo peer 22.22.22.22 enable
undo peer 44.44.44.44 enable
#
l2vpn-family evpn
policy vpn-target
peer 22.22.22.22 enable
peer 22.22.22.22 advertise irb
peer 22.22.22.22 import reoriginate
peer 22.22.22.22 advertise route-reoriginated evpn mac-ip
peer 22.22.22.22 advertise route-reoriginated evpn mac
peer 22.22.22.22 advertise route-reoriginated evpn ip
peer 44.44.44.44 enable
peer 44.44.44.44 advertise irb
peer 44.44.44.44 split-group sg1
peer 44.44.44.44 import reoriginate
peer 44.44.44.44 advertise route-reoriginated evpn mac-ip
peer 44.44.44.44 advertise route-reoriginated evpn mac
peer 44.44.44.44 advertise route-reoriginated evpn ip
#

interface Nve1 //配置NVE接口
source 4.4.4.4
vni 5000 head-end peer-list protocol bgp
vni 5011 head-end peer-list protocol bgp

dci2

evpn-overlay enable

ip vpn-instance B //配置VRF
ipv4-family
route-distinguisher 44:44
vpn-target 22:2 export-extcommunity evpn
vpn-target 10:10 export-extcommunity evpn
vpn-target 22:2 import-extcommunity evpn
vpn-target 10:10 import-extcommunity evpn
vxlan vni 4000
#
bridge-domain 1000 //配置BD域
vxlan vni 5000 split-group sg1
vxlan vni 5011
evpn
route-distinguisher 444:444
vpn-target 5011:1 export-extcommunity
vpn-target 50:50 export-extcommunity
vpn-target 5011:1 import-extcommunity
vpn-target 50:50 import-extcommunity

bgp 200 //BGP配置，与dci1同理
router-id 44.44.44.44
undo default ipv4-unicast
peer 33.33.33.33 as-number 100
peer 33.33.33.33 ebgp-max-hop 255
peer 33.33.33.33 connect-interface LoopBack1
peer 55.55.55.55 as-number 200
peer 55.55.55.55 connect-interface LoopBack1
#
ipv4-family unicast
undo peer 33.33.33.33 enable
undo peer 55.55.55.55 enable
#
l2vpn-family evpn
policy vpn-target
peer 33.33.33.33 enable
peer 33.33.33.33 advertise irb
peer 33.33.33.33 split-group sg1
peer 33.33.33.33 import reoriginate
peer 33.33.33.33 advertise route-reoriginated evpn mac-ip
peer 33.33.33.33 advertise route-reoriginated evpn mac
peer 33.33.33.33 advertise route-reoriginated evpn ip
peer 55.55.55.55 enable
peer 55.55.55.55 advertise irb
peer 55.55.55.55 import reoriginate
peer 55.55.55.55 advertise route-reoriginated evpn mac-ip
peer 55.55.55.55 advertise route-reoriginated evpn mac
peer 55.55.55.55 advertise route-reoriginated evpn ip
#

spine2

evpn-overlay enable

bgp 200
router-id 55.55.55.55
undo default ipv4-unicast
peer 44.44.44.44 as-number 200
peer 44.44.44.44 connect-interface LoopBack1
peer 66.66.66.66 as-number 200
peer 66.66.66.66 connect-interface LoopBack1
#
ipv4-family unicast
undo peer 44.44.44.44 enable
undo peer 66.66.66.66 enable
#
l2vpn-family evpn
undo policy vpn-target
peer 44.44.44.44 enable
peer 44.44.44.44 advertise irb
peer 44.44.44.44 reflect-client
peer 66.66.66.66 enable
peer 66.66.66.66 advertise irb
peer 66.66.66.66 reflect-client
#

leaf2

evpn-overlay enable

bridge-domain 1000 //BD域配置
vxlan vni 5011
evpn
route-distinguisher 20:20
vpn-target 5011:1 export-extcommunity
vpn-target 11:11 export-extcommunity
vpn-target 5011:1 import-extcommunity
vpn-target 11:11 import-extcommunity
#
bridge-domain 2000
vxlan vni 5020
evpn
route-distinguisher 6:6
vpn-target 5020:1 export-extcommunity
vpn-target 22:2 export-extcommunity
vpn-target 5020:1 import-extcommunity
vpn-target 22:2 import-extcommunity

interface GE1/0/8.100 mode l2 //业务接入点配置
encapsulation dot1q vid 100
bridge-domain 1000
#
interface GE1/0/8.200 mode l2
encapsulation dot1q vid 200
bridge-domain 2000

ip vpn-instance A //VRF配置
ipv4-family
route-distinguisher 202:202
vpn-target 11:11 export-extcommunity evpn
vpn-target 11:11 import-extcommunity evpn
vxlan vni 3001
#
ip vpn-instance B
ipv4-family
route-distinguisher 66:66
vpn-target 22:2 export-extcommunity evpn
vpn-target 22:2 import-extcommunity evpn
vxlan vni 4000
#

interface Vbdif1000 //分部式网关配置
ip binding vpn-instance A
ip address 192.168.1.254 255.255.255.0
mac-address 0000-5e00-0011
vxlan anycast-gateway enable
arp collect host enable
#
interface Vbdif2000
ip binding vpn-instance B
ip address 192.168.2.254 255.255.255.0
mac-address 0000-5e00-0066
vxlan anycast-gateway enable
arp collect host enable
#

bgp 200 //BGP配置
router-id 66.66.66.66
undo default ipv4-unicast
peer 55.55.55.55 as-number 200
peer 55.55.55.55 connect-interface LoopBack1
#
ipv4-family unicast
undo peer 55.55.55.55 enable
#
l2vpn-family evpn
policy vpn-target
peer 55.55.55.55 enable
peer 55.55.55.55 advertise irb

状态查看

evpn邻居状态

在spine1上查看

在dci1上查看

EVPN路由查看

在leaf1上：

注意ENSP模拟器有BUG是不产生type2 的MAC路由的所以二层互通是无法在ENSP进行模拟的

可以看到PC1的主机MAC为54-89-98-63-13-6D，本地的MAC表中可以看到，但是并未进入到EVPN路由中进行传输，真机测试后是正常进入的。

测试

在PC1上Ping测试PC2

相关阅读:
C# 基类中的虚函数调用基类的虚函数执行的是派生类实现的对应函数吗
spring01
第3章业务功能开发（创建mybatis的逆向工程）
Docker清理
虚拟机信息巡检脚本
2022-11-11 C++并发编程( 四十一 )
nvm使用的注意事项和常用命令。
算法为屠龙刀，设计模式为倚天剑
常见的实时操作系统（RTOS）(嵌入式和物联网操作系统)介绍
C++ -- 学习系列 static 关键字的使用

原文地址：https://blog.csdn.net/weixin_45457085/article/details/133706628