分布式对称网关spine配置bgpevpn配置routerbgp7677bgprouter-id192.168.59.130bgpbestpathas-pathmultipath-relaxneighborfabricpeer-groupneighborfabricremote-as外部邻居192.168.59.128对等组结构邻居192.168.59.129对等组结构!地址系列l2vpnevpn邻居结构激活出口地址系列!leaf1和host1配置界面配置#!root权限下bash#enableforwardsysctl-wnet.ipv4.ip_forward=1sysctl-p#addhost1ipnetnsaddhost1iplinkaddveth1typevethpeernameeth0netnshost1ipnetnsexechost1iplinksetloupipnetnsexechost1iplinkseteth0upipnetnsexechost1ipaddradd2.2.2.2/24deveth0ipnetnsexechost1iprouteadddefaultvia2.2.2.254deveth0iplinkaddbr10typebridgeiplinkaddvxlan10typevxlanid10local192.168.59.128dstportveiplink10setnolearningbrip1upiplinksetvxlan10upiplinksetveth1masterbr10iplinksetvxlan10masterbr10iplinksetdevbr10address00:00:01:02:03:10ipaddradd2.2.2.254/24devbr10#addl3vniiplinkaddbr100typebridgeiplinkaddvxlan100typevxlanid100local192.168.59.128dstport4789nolearningiplinksetbr100upiplinksetvxlan100upiplinksetvxlan100masterbr100iplinksetdevbr100address00:00:01:02:03:04#addvrfiplink添加evpn-vrftypevrftable100iplinksetevpn-vrfupiplinksetbr100masterevpn-vrfiplinksetbr10masterevpn-vrfbgpevpn配置vrfevpn-vrfvni100exit-vrf!routerbgp7675bgprouter-id192.168.59.128bgpbestpathas-pathmultipath-relaxneighborfabricpeer-groupneighborfabricremote-asexternal邻居192.168.59.130对等组结构!地址系列l2vpnevpn邻居结构激活广告-all-vni出口地址系列!路由器bgp7675vrfevpn-vrf!address-familyl2vpnevpnadvertiseipv4unicastexit-address-family!linevty!end注:vrfevpn-vrfvni100exit-vrf这一段指令表示指定了一个l3vnirouterbgp7675vrfevpn-vrf!地址系列l2vpnevpn通告ipv4单播出口地址系列!这条命令advertiseipv4unicast意思是通告RT-5路由leaf2和host2配置接口配置#在root权限下配置#!/bin/bash#enableforwardsysctl-wnet.ipv4.ip_forward=1sysctl-p#addhost2ipnetnsaddhost2iplinkaddveth2typevethpeernameeth0netnshost2ipnetnsexechost2iplinksetloupipnetnsexechost2iplinkseteth0upipnetnsexechost2ipaddradd1.1.1.1/24deveth0ipnetnsexechost2iprouteadddefaultvia1.1.1.254deveth0#addbr20iplinkaddbr20typebridgeip链接setbr20upiplinksetveth2upiplinksetveth2masterbr20ipaddradd1.1.1.254/24devbr20#addhost3ipnetnsaddhost3iplink添加veth3typevethpeernameeth0netnshost3ipnetnsexechost3iplinksetloupipnetnsexechost3iplinkseteth0upipnetnsexechost3ipaddradd2.2.2.3/24deveth0ipnetnsexechost3iprouteadddefaultvia2.2.2.254deveth0iplinkaddbr30typebridgeiplinkaddvxlan10typevxlanid10local192.168.59.129dstport4789nolearningip链接集vxlan10upiplinksetvxlan10masterbr30iplinksetbr30upiplinksetveth3upiplinksetveth3masterbr30ipaddradd2.2.2.254/24devbr30iplinksetdevbr30address00:00:01:02:03:10#addl3vniiplinkaddbr100typebridgeiplinkaddvxlan100类型vxlanid100local192.168.59.129dstport4789nolearningiplinksetbr100upiplinksetvxlan100upiplinksetvxlan100masterbr100iplinksetdevbr100address00:00:01:02:03:05#addvrfiplinkaddevpn-vrftypevrftable100iplinksetevpn-vrfupiplinksetbr100masterevpn-vrfiplinksetbr20masterevpn-vrfiplinksetbr30masterevpn-vrfbgpevpn配置vrfevpn-vrfvni100exit-vrf!routerbgp7676bgprouter-id192.168。59.129bgp最佳路径作为路径多路径放松邻居结构对等组邻居结构远程作为外部邻居192.168.59.130对等组结构!地址系列l2vpnevpn邻居结构激活广告-all-vni出口地址系列!路由器bgp7676vrfevpn-vrf!地址系列l2vpnevpn通告ipv4单播退出地址-family!linevty!end查看bgp信息在host3上pinghost1:root@3cfbe6f4301d:/#ipnetnsexechost3ping2.2.2.2-c1PING2.2.2.2(2.2.2.2):56databytes64bytesfrom2.2.2.2:icmp_seq=0ttl=64time=0.095ms---2.2.2.2pingstatistics---1packetstransmitted,1packetsreceived,0%packetlossround-tripmin/avg/max/stddev=0.095/0.095/0.095/0.000msroot@3cfbe6f4301d:/#leaf1查看路由信息70cf8caaa686#showipbgpl2vpnevpnBGPtableversionis30,localrouterIDis192.168.59.128Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,i-internalOrigin代码:i-IGP,e-EGP,?-不完整的网络下一跃点度量LocPrf权重路径路由区分器:ip192.168.59.128:3*>[2]:[0]:[48]:[06:20:e4:53:a6:8a]192.168.59.12832768i*>[2]:[0]:[48]:[06:20:e4:53:a6:8a]:[32]:[2.2.2.2]192.168.59.12832768i*>[3]:[0]:[32]:[192.168.59.128]192.168.59.12832768iRoute标识符:ip192.168.59.129:3*>[2]:[0]:[48]:[4e:3b:63:e3:19:5e]192.168.59.129076777676i*>[2]:[0]:[48]:[4e:3b:63:e3:19:5e]:[32]:[2.2.2.3]192.168.59.129076777676i*>[3]:[0]:[32]:[192.168.59.129]192.168.59.129076777676iDisplayed6outof6totalprefixes70cf8caaa686#查看内部路由信息70cf8caaa686#showiproutevrf-kernelevCodesn-connected,R-RIP,O-OSPF,I-IS-IS,B-BGP,E-EIGRP,N-NHRP,T-Table,v-VNC,V-VNC-Direct,A-Babel,D-SHARP,F-PBR,f-OpenFabric,>-选定路由,*-FIB路由,q-排队路由,r-拒绝路由VRFevpn-vrf:C>*2.2.2.0/24直接连接,br10,02:35:07B>*2.2.2.3/32[20/0]通过192.168.59.129,br100onlink,00:12:4570cf8caaa686#leaf2查看路由信息3cfbe6f4301d#showipbgpl2vpnevpnBGPtableversionis40,localrouterIDis192.168.59.129Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,i-internalOrigincodes:i-IGP,e-EGP,?-不完整的网络下一跳度量LocPrf权重路径路由区分器:ip192.168.59.128:3*>[2]:[0]:[48]:[06:20:e4:53:a6:8a]192.168.59.128076777675i*>[2]:[0]:[48]:[06:20:e4:53:a6:8a]:[32]:[2.2.2.2]192.168.59.128076777675i*>[3]:[0]:[32]:[192.168.59.128]192.168.59.128076777675iRoute标识符:ip192.168.59.129:3*>[2]:[0]:[48]:[4e:3b:63:e3:19:5e]192.168.59.12932768i*>[2]:[0]:[48]:[4e:3b:63:e3:19:5e]:[32]:[2.2.2.3]192.168。59.12932768i*>[3]:[0]:[32]:[192.168.59.129]192.168.59.12932768iDisplayed6outof6totalprefixes3cfbe6f4301d#查看内核路由信息3cfbe6f4301d#showiproutevrfevpn-vrfCodes:K-kernelroute,R-R-IPstated,O-OSPF,I-IS-IS,B-BGP,E-EIGRP,N-NHRP,T-表,v-VNC,V-VNC-Direct,A-Babel,D-SHARP,F-PBR,f-OpenFabric,>-已选择route,*-FIBroute,q-queuedroute,r-rejectedrouteVRFevpn-vrf:C>*1.1.1.0/24直连,br20,01:50:19C>*2.2.2.0/24直连,br30,01:50:19B>*2.2.2.2/32[20/0]via192.168.59.128,br100onlink,00:14:223cfbe6f4301d#由上可知bgp-evpn是host1的准确主机路由安装用于数据包捕获分析。在对称模式下,type-2路由将承载两个vni。邻居收到路由后会在vni所在的路由表中安装相应的fdb表项,同时安装准确的路由表。物品。注意上面routermac的扩展团体属性,就是路由mac。安装精确路由时,会为nexthop安装一个neighborentry,mac地址为mac。网段路由目前host2无法ping通host1,因为host1所在的vtep没有1.1.1.0/24的路由。这时host2所在的vtep需要发布网段路由。使用网络命令发出:routerbgp7676vrfevpn-vrf!地址系列ipv4单播网络1.1.1.0/24出口地址系列!值得注意的是地址族上下文是ipv4,不是evpn。这个不太好理解。也可以使用redistributeconnected命令来发布,它会发布所有直连网段路由。leaf01查看evpn路由信息70cf8caaa686#showipbgpl2vpnevpnBGPtableversionis7,localrouterIDis192.168.59.128Statuscodes:ssuppressed,ddamped,hhistory,*valid,>best,i-internalOrigincodes:i-IGP,e-EGP,?-不完整的网络下一跳度量LocPrf权重PathRoute区分器:ip2.2.2.254:2*>[5]:[0]:[24]:[1.1.1.0]192.168.59.129076777676iRoute区分器:ip192.168.59.128:3*>[2]:[0]:[48]:[06:20:e4:53:a6:8a]192.168.59.12832768i*>[2]:[0]:[48]:[06:20:e4:53:a6:8a]:[32]:[2.2.2.2]192.168.59.12832768i*>[3]:[0]:[32]:[192.168.59.128]192.168.59.12832768iRoute标识符:ip192.168.59.129:3*>[2]:[0]:[48]:[4e:3b:63:e3:19:5e]192.168.59.129076777676i*>[2]:[0]:[48]:[4e:3b:63:e3:19:5e]:[32]:[2.2.2.3]192.168.59.129076777676i*>[3]:[0]:[32]:[192.168.59.129]192.168。59.129076777676iDisplayed7outof7totalprefixes70cf8caaa686#可以看到多了一条type-5routehost1ping1.1.1.1root@70cf8caaa686:/#ipnetnsexechost1ping1.1.1.1-c1PING1.1.1.1(1.1.1.1):56databytes64bytesfrom1.1.1.1:icmp_seq=0ttl=62time=0.133ms---1.1.1.1pingstatistics---1packetstransmitted,1packetsreceived,0%packetlossround-tripmin/avg/max/stddev=0.133/0.133/0.133/0.000msroot@70cf8caaa686:/#抓包分析以上数据包为type-5前缀路由数据包,该数据包对应的网段路由模型为Interface-lessIP-VRF到IP-VRF。route携带router-macextendedcommunity,即host2所在vtep上br100的mac地址。host1所在的vtep封装数据包时,内部目的MAC会使用这个MAC。综上所述,在分布式对称模型中,跨网段路由时,无论目标是精确路由还是网段路由,无论本地是否有目的网段vni,报文都使用l3vni封装,和fdb用于同一网段转发,vni是本网段的vni。
