网络拓扑拓扑图显示实验环境为16G内存的主机。上面使用vmware运行三台虚拟机,运行系统为ubuntu-19.04。这三个虚拟机以仅主机模式连接。spine、leaf1、leaf2设备都是ubuntu-19.04。FRR程序正在它们上运行。host1、host2、host3和host4是网络命名空间。underlay网络采用两层模型(限于实验条件)。整个实验是一个按比例缩小的数据中心脊叶模型。Leaf2还需要作为边界网关,使用默认路由向公网发送流量,同时作为防火墙(这里只进行了nat)。Leaf作为边界和vtep功能细节图实验功能说明整个数据中心有一个租户,使用vni:100作为租户的l3vni租户使用三个子网。1.1.1.0/24子网有两个虚拟机分布在两个vteps下,使用10作为l2vni。2.2.2.0/24和3.3.3.0/24都只有一台虚拟机。5.5.5.0/24作为中继子网连接default-vrf和evpn-vrf。整个实验需要实现租户内所有主机的互通,主机可以同时访问公网。(暂时无法从公网访问虚拟机,需要申请floating-ip,申请公网IP后,可以在default-vrf做1:1nat,实现互访。)主干配置bgpevpn配置路由器bgp7677bgp路由器-id192.168.59.130bgpbestpathas-路径多路径放松邻居结构对等组邻居结构远程作为外部邻居192.168.59.128对等组结构邻居192.168.59.129对等组结构!address-familyl2vpnevpnneighborfabricactivateexit-address-family!leaf1configurationinterfaceconfiguration#启用转发sudosysctl-wnet.ipv4.ip_forward=1sudosysctl-p#Addhost1sudoipnetnsaddhost1sudoiplinkaddveth1typevethpeernameeth0netnshost1sudoipnetnsexechost1iplinksetloupsudoipnetnsexechost1iplinkseteth0upsudoipnetnsexechost1ipaddradd1.1.1.1/24deveth0sudoipnetnsexechost1iprouteadddefaultvia1.1.1.254deveth0sudolinkiplinkaddbr10typebridgeaddsudovxlan10typevxlanid10local192.168.59.128dstport4789nolearningsudoiplinksetbr10upsudoiplinksetveth1upsudoip链接集vxlan10upsudoiplinksetveth1masterbr10sudoiplinksetvxlan10masterbr10sudoipaddradd1.1.1.254/24devbr10sudoiplinksetdevbr10address00:00:01:02:03:10#分布式二层网关,mac需要保持一致#addhost2sudoipnetnsaddhost2sudoiplinkaddveth2typevethpeernameeth0netnshost2sudoipnetnsexechost2iplinksetloupsudoipnetnsexechost2iplinkseteth0upsudoipnetnsexechost2ipnetaddr添加sudo2/24devethnsexechost2iprouteadddefaultvia2.2.2.254deveth0sudoiplinkaddbr20typebridgesudoiplinksetbr20upsudoiplinksetveth2upsudoiplinksetveth2masterbr20sudoipaddradd2.2.2.254/24devnibr10#添加为,l3vnisudoiplinkaddbr100typebridgesudoiplinkaddvxlan100typevxlanid100local192.168.59.128dstport4789nolearningsudoiplinksetbr100upsudoiplinksetvxlan100upsudoiplinksetvxlan100masterbr100#sudoipaddradd5.5.5.254/24dev记住br100,作为l3vni的svi接口不能配置IP,否则不会安装type-5路由sudoiplinksetdevbr100address00:00:01:02:03:04#这个是由mac#添加vrfsudoiplinkaddevpn-vrftypevrftable100sudoiplinksetevpn-vrfupsudoiplinksetbr100masterevpn-vrfsudoiplinksetbr10masterevpn-vrfsudoiplinksetbr20masterevpn-vrfbgpevpn配置vrfevpn-vrfvni100exit-vrf!routerbgp7675bgprouter-id192.168.59.128bgpbestpathas-pathmultipath-relaxneighborfabricpeer-groupneighborfabricremote-asexternalneighbor192.168.59.130peer-groupfabric!地址系列l2vpnevpn邻居结构激活广告-all-vni出口地址系列!路由器bgp7675vrfevpn-vrf!地址系列ipv4单播网络2.2.2.0/24出口地址系列!address-familyl2vpnevpnadvertiseipv4unicastexit-address-family!注:vrfevpn-vrfvni100exit-vrf这一段指示指示指示指定了一个l3vnirouterbgp7675vrfevpn-vrf!address-familyl2vpnevpnadvertiseipv4unicastexit-address-family!这一段指示advertiseipv4unicast表示公告RT-5路由。切记:l3vni对应的svi一定不要添加IP地址,否则type5路由无法正确下载内核。leaf2配置接口配置#启动转发sudosysctl-wnet.ipv4.ip_forward=1sudosysctl-p#添加host3sudoipnetnsaddhost3sudoiplinkaddveth3typevethpeernameeth0netnshost3sudoipnetnsexechost3iplinksetloupsudonetnsexechost3iplinkseteth0upsudoipnetnsexechost3ipaddradd3.3.3.3/24deveth0sudoipnetnsexechost3iprouteadddefaultvia3.3.3.254deveth0#添加网桥,将veth3接入网桥sudoiplinkaddbr30typebridgesudoiplinksetbr30upsudoiplinksetveth3upsudoiplinksetveth3masterbr30sudoipaddradd3.3.3.254/24devbr30#添加host4sudoipnetnsaddhost4sudoiplinkaddveth4typevethpeernameeth0netnshost4sudoipnetnsexechost4ip链接设置loupsudoipnetnsexechost4ip链接设置eth0upsudoipnetnsexechost4ipaddradd1.1.1.2/24deveth0sudoipnetnsexechost4iprouteadddefaultvia1.1.1.254deveth0sudoiplinkaddbr40typebridgesudoiplinkaddvxlan10typevxlanid10local192.168.59.129dstport4789nolearningsudoiplinksetvxlan10upsudoiplinksetvxlan10masterbr40sudoiplinksetbr40upsudoiplinksetveth4upsudoiplinksetveth4masterbr40sudoipaddradd1.1.1.254/24devbr40sudoiplinksetdevbr40add:102:03:10#分布式二层网关,mac需要保持一致#Addvni100asl3vnisudoiplinkaddbr100typebridgesudoiplinkaddvxlan100typevxlanid100local192.168.59.129dstport4789nolearningsudoiplinksetbr100upsudoiplinksetvxlan100upsudoiplinksetvxlan100masterbr100#sudoipaddradd5.5.5.253/24devbr100切记不要添加IP地址,否则type5路由无法正确下载内核sudoiplinksetdevbr100address00:00:01:02:03:05#这是rmac,即路由mac#addvrfsudoiplinkaddevpn-vrftypevrftable100sudoiplinksetevpn-vrfupsudoiplinksetbr100masterevpn-vrfsudoiplinksetbr30masterevpn-vrfsudoiplinksetbr40masterevpn-vrf#访问外网#添加vtep接口连接evpn-vrf到默认vrfsudoiplinkaddext1typevethpeernameexsudoiplinksetext1upsudoiplinksetextup#Whereext1在evpn-vrf中,分机默认sudoiplinksetext1masterevpn-vrf#使用5.5.5.0/24网段作为中继网段sudoipaddradd5.5.5.253/24devext1sudoipaddradd5.5.5.254/24devext#添加default在evpnRouting中,默认允许流量访问公网。该网段为所有租户共享,由管理员分配。不能冲突netsudonftaddtablenatsudonftaddchainnatprerouting{typenathookpreroutingpriority0\;}sudonftaddchainnatpostrouting{typenathookpostroutingpriority100\;}sudonft添加规则natpostroutingoifnameext1添加计数器伪装sudonftnatpostroutingoifnameens33countermasqueradebgpevpn配置vrfevpn-vrfvni100exit-vrf!routerbgp7676bgprouter-id192.168.59.129bgpbestpathas-pathmultipath-relax邻居结构对等组邻居结构远程作为外部邻居192.168。59.130同行组面料!地址系列l2vpnevpn邻居结构激活广告所有vni出口地址系列!路由器bgp7676vrfevpn-vrf!地址族ipv4unicast网络3.3.3.0/24网络0.0.0.0/0出口地址系列!address-familyl2vpnevpnadvertiseipv4unicastexit-address-family!查看bgp信息leaf1查看由信息ubuntu#showbgpl2vpnevpnBGPtableversionis7,localrouterIDis192.168.59.128Statuscodes:ssuppressed,ddamped,h历史,*有效,>最佳,i-内部来源代码:i-IGP,e-EGP,?-不完整的网络下一跳度量LocPrf权重PathRoute区分器:ip2.2.2.254:2*>[5]:[0]:[24]:[2.2.2.0]192.168.59.128032768iRoute区分器:ip5.5.5.253:2*>[5]:[0]:[0]:[0.0.0.0]192.168.59.129076777676i*>[5]:[0]:[24]:[3.3.3.0]192.168.59.129076777676iRoute标识符:ip192.168.59.128:3*>[2]:[0]:[48]:[46:48:a2:5e:e2:2f]192.168.59.12832768i*>[2]:[0]:[48]:[46:48:a2:5e:e2:2f]:[32]:[1.1.1.1]192.168.59.12832768i*>[3]:[0]:[32]:[192.168.59.128]192.168.59.12832768iRoute识别器:ip192.168.59.129:3*>[3]:[0]:[32]:[192.168.59.129]192.168.59.129076777676iDisplayed7outof7totalprefixesubuntu#leaf2查看路由信息ubuntu#showbgpl2vpnevpnBGP表版本为9,本地路由器ID是192.168.59.129状态代码:s抑制,d阻尼,h历史,*有效,>最佳,i-内部来源代码:i-IGP,e-EGP,?-不完整的网络下一跳度量LocPrf权重PathRoute区分器:ip2.2.2.254:2*>[5]:[0]:[24]:[2.2.2.0]192.168.59.128076777675iRoute区分器:ip5.5.5.253:2*>[5]:[0]:[0]:[0.0.0.0]192.168.59.129032768i*>[5]:[0]:[24]:[3.3.3.0]192.168.59.129032768iRoute标识符:ip192.168.59.128:3*>[2]:[0]:[48]:[46:48:a2:5e:e2:2f]192.168.59.128076777675i*>[2]:[0]:[48]:[46:48:a2:5e:e2:2f]:[32]:[1.1.1.1]192.168.59.128076777675i*>[3]:[0]:[32]:[192.168.59.128]192.168.59.128076777675iRoute标识符:ip192.168.59.129:3*>[3]:[0]:[32]:[192.168.59.129]192.168.59.1689iDisplayed总共7个prefixesubuntu中的7个#
