devbox
秋刀鱼在做梦
这个屌丝很懒,什么也没留下!
关注作者
热门标签
热门文章
当前位置:   article > 正文

华为HCIE-DCN数据中心互联学习笔记_hcie dcn

作者:秋刀鱼在做梦 | 2024-07-02 13:02:10

hcie dcn

目录

三、Segment Vxlan详细

 1、L3互通

 2、L2互通

 Ⅰ、映射VNI

 Ⅱ、局部VNI

3、L3互通实验

Ⅰ、控制面

Ⅱ、数据面

 ①、单独配置

②、共性配置

③、业务接入配置

Ⅲ、验证

4、L2互通实验-映射方式

Ⅰ、配置BD

Ⅱ、互通的RT配置

Ⅲ、互通VNI配置

Ⅴ、配置evpn-type2-2元路由

Ⅵ、NVE通道发布

Ⅶ、如果不通,排障思路

三、Segment Vxlan详细

        适用于mulit-site

 1、L3互通

 2、L2互通

 1.1在site1下的bd10,1.2在site2的bd20,1.1->1.2需要跨越两个site,不同bd

 L2要求两侧数据中心的VNI必须保持一致,因此有两种互通方式1、映射VNI,2、

 Ⅰ、映射VNI

 100和300关联,200也和300关联,在bd10下配置和300的水平分割组

 水平分割组:如果多个数据中心有环形的物理连接,由a发送给b和c的mac,要防止b发给c

  1. bd 10
  2.  vxlan vni 300 split-group sg 1
  3.  
  4. bd 10
  5.  vxlan vni 100
  6.  evpn 
  7.  rd
  8.  rt
  9.  
  10. interface nve 1
  11.  source xxxx
  12.  vni 300 head-end peer-list protocol bgp

 Ⅱ、局部VNI

 去程和回程的vni不一致

3、L3互通实验

 underlay已配置

Ⅰ、控制面

leaf1

  1. evpn-overlay enable
  2. bgp 100
  3.  router-id 1.1.1.1
  4.  peer 4.4.4.4 as-number 100
  5.  peer 4.4.4.4 connect-interface LoopBack0
  6.  #
  7.  l2vpn-family evpn
  8.   policy vpn-target
  9.   peer 4.4.4.4 enable
  10.   peer 4.4.4.4 advertise irb
  11. #

dci1

  1. evpn-overlay enable
  2. bgp 100
  3.  router-id 4.4.4.4
  4.  peer 1.1.1.1 as-number 100
  5.  peer 1.1.1.1 connect-interface LoopBack0
  6.  peer 5.5.5.5 as-number 200
  7.  peer 5.5.5.5 ebgp-max-hop 255
  8.  peer 5.5.5.5 connect-interface LoopBack0
  9.  #
  10.  ipv4-family unicast
  11.   peer 1.1.1.1 enable
  12.   peer 5.5.5.5 enable
  13.  #
  14.  l2vpn-family evpn
  15.   undo policy vpn-target
  16.   peer 1.1.1.1 enable
  17.   peer 1.1.1.1 advertise irb
  18.   peer 1.1.1.1 import reoriginate
  19.   peer 1.1.1.1 advertise route-reoriginated evpn mac-ip
  20.   peer 1.1.1.1 advertise route-reoriginated evpn ip
  21.   peer 5.5.5.5 enable
  22.   peer 5.5.5.5 advertise irb
  23.   peer 5.5.5.5 import reoriginate
  24.   peer 5.5.5.5 advertise route-reoriginated evpn mac-ip
  25.   peer 5.5.5.5 advertise route-reoriginated evpn ip
  26. #
  27. return

leaf2

  1. evpn-overlay enable
  2. bgp 200
  3.  router-id 2.2.2.2
  4.  peer 5.5.5.5 as-number 200
  5.  peer 5.5.5.5 connect-interface LoopBack0
  6.  #
  7.  ipv4-family unicast
  8.   peer 5.5.5.5 enable
  9.  #
  10.  l2vpn-family evpn
  11.   policy vpn-target
  12.   peer 5.5.5.5 enable
  13.   peer 5.5.5.5 advertise irb
  14. #

dci2

  1. evpn-overlay enable
  2. bgp 200
  3.  router-id 5.5.5.5
  4.  peer 2.2.2.2 as-number 200
  5.  peer 2.2.2.2 connect-interface LoopBack0
  6.  peer 4.4.4.4 as-number 100
  7.  peer 4.4.4.4 ebgp-max-hop 255
  8.  peer 4.4.4.4 connect-interface LoopBack0
  9.  #
  10.  ipv4-family unicast
  11.   peer 2.2.2.2 enable
  12.   peer 4.4.4.4 enable
  13.  #
  14.  l2vpn-family evpn
  15.   undo policy vpn-target
  16.   peer 2.2.2.2 enable
  17.   peer 2.2.2.2 advertise irb
  18.   peer 2.2.2.2 import reoriginate
  19.   peer 2.2.2.2 advertise route-reoriginated evpn mac-ip
  20.   peer 2.2.2.2 advertise route-reoriginated evpn ip
  21.   peer 4.4.4.4 enable
  22.   peer 4.4.4.4 advertise irb
  23.   peer 4.4.4.4 import reoriginate
  24.   peer 4.4.4.4 advertise route-reoriginated evpn mac-ip
  25.   peer 4.4.4.4 advertise route-reoriginated evpn ip
  26. #

验证:

Ⅱ、数据面

 ①、单独配置

leaf1:

  1. evpn-overlay enable
  2. #
  3. ip vpn-instance abc
  4.  ipv4-family
  5.   route-distinguisher 1:1
  6.   vpn-target 11:1 export-extcommunity evpn
  7.   vpn-target 11:1 import-extcommunity evpn
  8.  vxlan vni 3000
  9. #
  10. bridge-domain 1000
  11.  vxlan vni 5010
  12.  evpn
  13.   route-distinguisher 5010:1
  14.   vpn-target 5010:1 export-extcommunity
  15.   vpn-target 11:1 export-extcommunity
  16.   vpn-target 5010:1 import-extcommunity
  17. #
  18. interface Vbdif1000
  19.  ip binding vpn-instance abc
  20.  ip address 192.168.1.254 255.255.255.0
  21.  mac-address 0000-5e00-0108
  22.  vxlan anycast-gateway enable
  23.  arp collect host enable
  24. #
  25. interface Nve1
  26.  source 1.1.1.1
  27.  vni 5010 head-end peer-list protocol bgp
  28. #

dci1

  1. ip vpn-instance abc
  2.  ipv4-family
  3.   route-distinguisher 1:1
  4.   vpn-target 11:1 export-extcommunity evpn
  5.   vpn-target 11:1 import-extcommunity evpn
  6.  vxlan vni 3000
  7. #
  8. interface Nve1
  9.  source 4.4.4.4
  10. #

leaf2

  1. evpn-overlay enable
  2. #
  3. ip vpn-instance abc
  4.  ipv4-family
  5.   route-distinguisher 2:2
  6.   vpn-target 22:1 export-extcommunity evpn
  7.   vpn-target 22:1 import-extcommunity evpn
  8.  vxlan vni 4000
  9. #
  10. bridge-domain 2000
  11.  vxlan vni 5021
  12.  evpn
  13.   route-distinguisher 5021:1
  14.   vpn-target 5021:1 export-extcommunity
  15.   vpn-target 22:1 export-extcommunity
  16.   vpn-target 5021:1 import-extcommunity
  17. # 
  18. interface Vbdif2000
  19.  ip binding vpn-instance abc
  20.  ip address 192.168.2.254 255.255.255.0
  21.  mac-address 0000-5e00-0109
  22.  vxlan anycast-gateway enable
  23.  arp collect host enable
  24. #
  25. interface Nve1
  26.  source 2.2.2.2
  27.  vni 5021 head-end peer-list protocol bgp
  28. #

dci2

  1. ip vpn-instance abc
  2.  ipv4-family
  3.   route-distinguisher 2:2
  4.   vpn-target 22:1 export-extcommunity evpn
  5.   vpn-target 22:1 import-extcommunity evpn
  6.  vxlan vni 4000
  7. #
  8. interface Nve1
  9.  source 5.5.5.5
  10. #
②、共性配置

 dci1/dci2:

  1. ip vpn-instance abc
  2. vpn-target 1200:1 both evpn
③、业务接入配置

leaf1/leaf2

  1. # Leaf1
  2. interface GE1/0/0.100 mode l2
  3.  encapsulation dot1q vid 100
  4.  bridge-domain 1000
  5. # Leaf2
  6. interface GE1/0/0.200 mode l2
  7.  encapsulation dot1q vid 200
  8.  bridge-domain 2000

Ⅲ、验证

 ensp不支持数据面转发,记录跟随大伟老师学习的验证截图

 可以验证下查询了几次路由表

  1. # 1、ping -vpn-instance pc1 192.168.2.1
  2. # 2、icmp port-unreachable send
  3. #    trace -vpn-instance pc11 192.168.2.1
  4. # 3、dis bgp evpn all routing-table mac-route

4、L2互通实验-映射方式

同子网互通,这里仅配置192.168.1.1->192.168.1.2,配置书接L3互通

Ⅰ、配置BD

DCI1

  1. bridge-domain 1000
  2.  vxlan vni 5010
  3.  evpn
  4.   route-distinguisher 5010:1
  5.   vpn-target 5010:1 export-extcommunity
  6.   vpn-target 5010:1 import-extcommunity
  7. #

DCI2

  1. bridge-domain 1000
  2.  vxlan vni 5011
  3.  evpn
  4.   route-distinguisher 5011:1
  5.   vpn-target 5011:1 export-extcommunity
  6.   vpn-target 5011:1 import-extcommunity
  7. #

Leaf2

  1. bridge-domain 1000
  2.  vxlan vni 5011
  3.  evpn
  4.   route-distinguisher 5011:1
  5. # 22:1是给三层用的,此处可以不写
  6.   vpn-target 22:1 export-extcommunity
  7.   vpn-target 5011:1 export-extcommunity
  8.   vpn-target 5011:1 import-extcommunity
  9. #
  10. int g1/0/0.100 mode l2
  11.  bridge-domain 1000
  12.  encapslation dot1q vid 100

Ⅱ、互通的RT配置

DCI1/DCI2

  1. bridge-domain 1000
  2.  evpn 
  3. vpn-target 2000:1 both

Ⅲ、互通VNI配置

直接配置映射vni无法配置,因为bridge-domain下已经配置过了,需要现在控制面配置水平分割组,split-gourp定义本地有意义,两个DCI可以不同

DCI1

  1. bgp 100 
  2. l2vpn-family evpn
  3.   peer 5.5.5.5 split-group sg1
  4. #
  5. bridge-domain 1000
  6.  vxlan vni 5000 split-group sg1

DCI2

  1. bgp 200 
  2. l2vpn-family evpn
  3.   peer 4.4.4.4 split-group sg1
  4. #
  5. bridge-domain 1000
  6.  vxlan vni 5000 split-group sg1

Ⅴ、配置evpn-type2-2元路由

DCI1

  1. bgp 100
  2.  l2vpn-family evpn
  3.   peer 1.1.1.1 advertise route-reoriginated evpn mac
  4.   peer 5.5.5.5 advertise route-reoriginated evpn mac

DCI2

  1. bgp 200
  2.  l2vpn-family evpn
  3.   peer 2.2.2.2 advertise route-reoriginated evpn mac
  4.   peer 4.4.4.4 advertise route-reoriginated evpn mac

Ⅵ、NVE通道发布

Leaf1

  1. int nve 1
  2.  vni 5010 head-end peer-list protocol bgp

DCI1

  1. int nve 1
  2.  vni 5010 head-end peer-list protocol bgp
  3.  vni 5000 head-end peer-list protocol bgp

Leaf2

  1. int nve 1
  2.  vni 5011 head-end peer-list protocol bgp
  3.  vni 5000 head-end peer-list protocol bgp

DCI2

  1. int nve 1
  2.  vni 5011 head-end peer-list protocol bgp

Ⅶ、如果不通,排障思路

①、虚机ping测试,发送arp到接入交换机

②、查看配置是否配置正确

③、查看bgp-evpn、vxlan tunnel是否建立

  1. dis bgp evpn peer 
  2. dis vxlan tunnel

④、leaf上面执行命令,查看是否学到了对端的主机ip

dis mac-address

声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/秋刀鱼在做梦/article/detail/779732
推荐阅读
相关标签

Copyright © 2003-2013 www.wpsshop.cn 版权所有,并保留所有权利。

  

闽ICP备14008679号