示例:配置 EVPN-ETREE 服务
此示例说明如何配置 EVPN-ETREE 服务。
要求
此示例使用以下硬件和软件组件:
三个配置为提供商边缘 (PE) 路由器的 MX 系列 5G 通用路由平台。
三个客户边缘 (CE) 路由器,每个都连接到 PE 路由器。
在所有 PE 路由器上运行的 Junos OS 17.2 或更高版本。
开始之前:
配置设备接口。
在所有设备上配置 IGP,例如 OSPF。
在 PE 设备之间建立 BGP 会话。
在 PE 设备上配置 MPLS 和 LDP。
概述
EVPN-ETree 服务是一种 VPN 服务,其中每个附件电路都指定为根电路或叶线路。E-Tree 服务是一种根多点服务,仅支持核心中基于 MPLS 的 EVPN。在 EVPN E-Tree 服务中,连接的每台客户边缘设备要么是根设备,要么是叶设备。EVPN E-Tree 服务遵循以下转发规则:
枝叶只能从根地址发送或接收流量。
根可以将流量发送到另一个根或任何枝叶。
叶或根可以在单宿主模式或多宿主模式下连接到提供商边缘 (PE) 设备。
图 1: EVPN E-TREE 服务
配置
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,将命令复制并粘贴到 [edit] 层次结构级别的 CLI 中,然后从配置模式进入提交。
CE1
set interfaces xe-0/0/1 vlan-tagging set interfaces xe-0/0/1 unit 100 vlan-id 100 set interfaces xe-0/0/1 unit 100 family inet address 10.100.0.1/24
PE1
set interfaces xe-2/0/0 unit 0 family inet address 10.0.0.1/30 set interfaces xe-2/0/0 unit 0 family mpls set interfaces xe-2/1/3 unit 0 family inet address 10.0.0.5/30 set interfaces xe-2/1/3 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.0.1/32 primary set interfaces lo0 unit 0 family inet address 10.255.0.1/32 preferred set interfaces xe-2/1/1 flexible-vlan-tagging set interfaces xe-2/1/1 encapsulation flexible-ethernet-services set interfaces xe-2/1/1 unit 100 encapsulation vlan-bridge set interfaces xe-2/1/1 unit 100 vlan-id 100 set interfaces xe-2/1/1 unit 100 etree-ac-role root set routing-options router-id 10.255.0.1 set routing-options autonomous-system 65000 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group evpn local-address 10.255.0.1 set protocols bgp group evpn family evpn signaling set protocols bgp group evpn peer-as 65000 set protocols bgp group evpn local-as 65000 set protocols bgp group evpn neighbor 10.255.0.2 set protocols bgp group evpn neighbor 10.255.0.3 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols ldp interface all set protocols ldp interface fxp0.0 disable set routing-instances evpna instance-type evpn set routing-instances evpna vlan-id 100 set routing-instances evpna interface xe-2/1/1.100 set routing-instances evpna route-distinguisher 10.255.0.1:100 set routing-instances evpna vrf-target target:65000:100 set routing-instances evpna protocols evpn interface xe-2/1/1.100 set routing-instances evpna protocols evpn evpn-etree
PE2
set interfaces xe-2/1/6 unit 0 family inet address 10.0.0.2/30 set interfaces xe-2/1/6 unit 0 family mpls set interfaces xe-2/0/9 unit 0 family inet address 10.0.0.9/30 set interfaces xe-2/0/9 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.0.2/32 primary set interfaces lo0 unit 0 family inet address 10.255.0.2/32 preferred set interfaces xe-2/0/0 flexible-vlan-tagging set interfaces xe-2/0/0 encapsulation flexible-ethernet-services set interfaces xe-2/0/0 unit 100 encapsulation vlan-bridge set interfaces xe-2/0/0 unit 100 vlan-id 100 set interfaces xe-2/0/0 unit 100 etree-ac-role leaf set routing-options router-id 10.255.0.2 set routing-options autonomous-system 65000 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group evpn local-address 10.255.0.2 set protocols bgp group evpn family evpn signaling set protocols bgp group evpn peer-as 65000 set protocols bgp group evpn local-as 65000 set protocols bgp group evpn neighbor 10.255.0.1 set protocols bgp group evpn neighbor 10.255.0.3 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols ldp interface all set protocols ldp interface fxp0.0 disable set routing-instances evpna instance-type evpn set routing-instances evpna vlan-id 100 set routing-instances evpna interface xe-2/0/0.100 set routing-instances evpna route-distinguisher 10.255.0.2:100 set routing-instances evpna vrf-target target:65000:100 set routing-instances evpna protocols evpn interface xe-2/0/0.100 set routing-instances evpna protocols evpn evpn-etree
PE3
set interfaces xe-1/3/1 unit 0 family inet address 10.0.0.6/30 set interfaces xe-1/3/1 unit 0 family mpls set interfaces xe-2/1/1:1 unit 0 family inet address 10.0.0.10/30 set interfaces xe-2/1/1:1 unit 0 family mpls set interfaces lo0 unit 0 family inet address 10.255.0.3/32 primary set interfaces lo0 unit 0 family inet address 10.255.0.3/32 preferred set interfaces xe-2/1/1:0 flexible-vlan-tagging set interfaces xe-2/1/1:0 encapsulation flexible-ethernet-services set interfaces xe-2/1/1:0 unit 100 encapsulation vlan-bridge set interfaces xe-2/1/1:0 unit 100 vlan-id 100 set interfaces xe-2/1/1:0 unit 100 etree-ac-role leaf set routing-options router-id 10.255.0.3 set routing-options autonomous-system 65000 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group evpn local-address 10.255.0.3 set protocols bgp group evpn family evpn signaling set protocols bgp group evpn peer-as 65000 set protocols bgp group evpn local-as 65000 set protocols bgp group evpn neighbor 10.255.0.1 set protocols bgp group evpn neighbor 10.255.0.2 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set protocols ldp interface all set protocols ldp interface fxp0.0 disable set routing-instances evpna instance-type evpn set routing-instances evpna vlan-id 100 set routing-instances evpna interface xe-2/1/1:0.100 set routing-instances evpna route-distinguisher 10.255.0.3:100 set routing-instances evpna vrf-target target:65000:100 set routing-instances evpna protocols evpn interface xe-2/1/1:0.100 set routing-instances evpna protocols evpn evpn-etree
CE2
set interfaces xe-0/0/0 vlan-tagging set interfaces xe-0/0/0 unit 100 vlan-id 100 set interfaces xe-0/0/0 unit 100 family inet address 10.100.0.2/24
CE3
set interfaces xe-2/0/2 vlan-tagging set interfaces xe-2/0/2 unit 100 vlan-id 100 set interfaces xe-2/0/2 unit 100 family inet address 10.100.0.3/24
程序
逐步过程
以下示例要求您在配置层次结构中的各个级别上导航。有关导航 CLI 的信息,请参阅 在配置模式下使用 CLI 编辑器。
要配置路由器 PE1:
注意:
修改相应的接口名称、地址和其他参数后,对路由器 PE2 和 PE3 重复此过程。
配置路由器 PE1 接口。
[edit interfaces]user@PE1#set xe-2/0/0 unit 0 family inet address 10.0.0.1/30 user@PE1#set xe-2/0/0 unit 0 family mpls user@PE1#set xe-2/1/3 unit 0 family inet address 10.0.0.5/30 user@PE1#set xe-2/1/3 unit 0 family mpls user@PE1#set lo0 unit 0 family inet address 10.255.0.1/32 primary user@PE1#set lo0 unit 0 family inet address 10.255.0.1/32 preferred user@PE1#set xe-2/1/1 flexible-vlan-tagging user@PE1#set xe-2/1/1 encapsulation flexible-ethernet-services user@PE1#set xe-2/1/1 unit 100 encapsulation vlan-bridge user@PE1#set xe-2/1/1 unit 100 vlan-id 100将接口分配为叶接口或根接口。
user@PE1#
[edit interfaces]set xe-2/1/1 unit 100 etree-ac-role root为路由器 PE1 设置路由器 ID 和自治系统编号。
[edit routing-options]user@PE1#set routing-options router-id 10.255.0.1 user@PE1#set routing-options autonomous-system 65000在路由器 PE1 的所有接口(不包括管理接口)上启用 LDP。
[edit protocols]user@PE1# set ldp interface all user@PE1# set ldp interface fxp0.0 disable将本地和邻接地址分配给路由器 PE1 的 BGP 组,以与路由器 PE2 和 PE3 对等。
[edit protocols]user@PE1#set bgp group evpn local-address 10.255.0.1 user@PE1#set bgp group evpn neighbor 10.255.0.2 user@PE1#set bgp group evpn neighbor 10.255.0.3设置本地和对等自治系统。
user@PE1#set protocols bgp group evpn peer-as 65000 user@PE1#set protocols bgp group evpn local-as 65000
将 EVPN 信令网络层可达性信息 (NLRI) 添加到 bgp BGP 组。
[edit protocols]user@PE1#set bgp group evpn family evpn signaling在路由器 PE1 的所有接口(不包括管理接口)上配置 OSPF。
[edit protocols]user@PE1#set ospf area 0.0.0.0 interface all user@PE1#set ospf area 0.0.0.0 interface fxp0.0 disable在路由器 PE1 的所有接口(不包括管理接口)上配置 MPLS。
[edit protocols]user@PE1#set mpls interface all user@PE1#set mpls interface fxp0.0 disable配置 EVPN 路由实例。
[edit routing-instances] user@PE1# set evpna instance-type evpn
为 evpna 路由实例中的桥接域设置 VLAN 标识符。
[edit routing-instances] user@PE1# set evpna vlan-id 100
配置 evpna 路由实例的接口名称。
[edit routing-instances] user@PE1#set evpna interface xe-2/1/1.100
为 evpna 路由实例配置路由识别器。
[edit routing-instances] user@PE1#set evpna route-distinguisher 10.255.0.1:100
分配将 PE1 站点连接到 VPN 的接口名称。
[edit routing-instances] user@PE1#set evpna protocols evpn interface xe-2/1/1.100
在 PE1 上配置以太网 VPN E-TREE 服务。
[edit routing-instances] user@PE1#set evpna protocols evpn evpn-etree
为 evpna 路由实例配置 VPN 路由和转发 (VRF) 目标社区。
[edit routing-instances] user@PE1#set evpna vrf-target target:65000:100
结果
在配置模式下,输入 、 show routing-options和show routing-instances命令,show interfaces以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明,以更正配置。
user@PE1 show interfaces
xe-2/0/0 {
unit 0 {
family inet {
address 10.0.0.1/30;
}
family mpls;
}
}
xe-2/1/3 {
unit 0 {
family inet {
address 10.0.0.5/30;
}
family mpls;
}
}
lo0 {
unit 0 {
family inet {
address 10.255.0.1/32 {
primary;
preferred;
}
}
}
}
xe-2/1/1 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 100 {
encapsulation vlan-bridge;
vlan-id 100;
etree-ac-role root;
}
}
user@PE1 show routing-options router-id 10.255.0.1; autonomous-system 65000;
user@PE1 show protocols
mpls {
interface all;
interface fxp0.0 {
disable;
}
}
bgp {
group evpn {
local-address 10.255.0.1;
family evpn {
signaling;
}
peer-as 65000;
local-as 65000;
neighbor 10.255.0.2;
neighbor 10.255.0.3;
}
}
ospf {
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
ldp {
interface all;
interface fxp0.0 {
disable;
}
}
user@PE1 #show routing-instances
evpna {
instance-type evpn;
vlan-id 100;
interface xe-2/1/1.100;
route-distinguisher 10.255.0.1:100;
vrf-target target:65000:100;
protocols {
evpn {
interface xe-2/1/1.100;
evpn-etree;
}
}
}
验证
确认配置工作正常。
验证 EVPN 实例状态
目的
验证 EVPN 路由实例及其状态。
行动
在操作模式下,运行 show evpn instance extensive 命令。
user@PE1>show evpn instance extensive
Instance: __default_evpn__
Route Distinguisher: 10.255.0.1:0
Number of bridge domains: 0
Number of neighbors: 0
Instance: evpna
Route Distinguisher: 10.255.0.1:100
VLAN ID: 100
Per-instance MAC route label: 16
Etree Leaf label: 20
MAC database status Local Remote
MAC advertisements: 1 1
MAC+IP advertisements: 0 0
Default gateway MAC advertisements: 0 0
Number of local interfaces: 1 (1 up)
Interface name ESI Mode Status AC-Role
xe-2/1/1.100 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
Number of IRB interfaces: 0 (0 up)
Number of bridge domains: 1
VLAN Domain ID Intfs / up IRB intf Mode MAC sync IM route label SG sync IM core nexthop
100 1 1 Extended Enabled 30 Disabled
Number of neighbors: 2
Address MAC MAC+IP AD IM ES Leaf-label
10.255.0.2 0 0 1 1 0 20
10.255.0.3 1 0 1 1 0 20
Number of ethernet segments: 0
意义
输出提供以下信息:
EVPN 和虚拟交换机路由实例列表
每个接口的操作模式
每个路由实例的邻接方
从每个邻接方接收的不同路由数
每个路由实例上的以太网分段数
每个路由实例的 VLAN ID 和 MAC 标签
验证本地和远程 MAC 属性
目的
验证 EVPN MAC 表信息。
行动
在操作模式下,运行 show evpn mac-table 命令。
user@PE1>show evpn mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
O -OVSDB MAC, SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC, P -Pinned MAC)
Routing instance : evpn_100
Bridging domain : __evpn_100__, VLAN : 100
MAC MAC Logical NH MAC
address flags interface Index property
00:1d:b5:a2:15:2c DC 1048579 Leaf
64:87:88:5f:05:c0 DC 1048578 Leaf
a8:d0:e5:54:38:21 D xe-2/1/1.100 Root
意义
输出提供以下信息:
本地通过控制平面学习的 MAC 地址列表。
MAC 的属性,无论是在叶接口还是根接口上学习。
验证 EVPN ETREE 实例属性
目的
验证 EVPN ETREE 实例属性。
行动
在操作模式下,运行 show evpn instance evpna extensive 命令。
user@PE1>show evpn instance evpna extensive
Instance: evpna
Route Distinguisher: 10.255.0.1:100
VLAN ID: 100
Per-instance MAC route label: 16
Etree Leaf label: 20
MAC database status Local Remote
MAC advertisements: 0 0
MAC+IP advertisements: 0 0
Default gateway MAC advertisements: 0 0
Number of local interfaces: 1 (1 up)
Interface name ESI Mode Status AC-Role
xe-2/1/1.100 00:00:00:00:00:00:00:00:00:00 single-homed Up Root
Number of IRB interfaces: 0 (0 up)
Number of bridge domains: 1
VLAN Domain ID Intfs / up IRB intf Mode MAC sync IM route label SG sync IM core nexthop
100 1 1 Extended Enabled 30 Disabled
Number of neighbors: 2
Address MAC MAC+IP AD IM ES Leaf-label
10.255.0.2 0 0 1 1 0 20
10.255.0.3 0 0 1 1 0 20
Number of ethernet segments: 0
意义
输出提供以下信息:
列出特定实例“evpna”的详细信息。
列出与此路由实例及其属性(叶或根)关联的接口。
列出与此路由实例关联的网桥域。
列出接收的邻接方和路由。
验证叶节点和根节点之间的流量
目的
验证叶节点和根节点之间的流量
行动
从 CE2(叶)的操作模式,ping CE1(根),以检查流量。
user@CE2> ping 10.100.0.1 PING 10.100.0.1 (10.100.0.1): 56 data bytes 64 bytes from 10.100.0.1: icmp_seq=0 ttl=64 time=1.063 ms 64 bytes from 10.100.0.1: icmp_seq=1 ttl=64 time=1.057 ms 64 bytes from 10.100.0.1: icmp_seq=2 ttl=64 time=1.038 ms ^C --- 10.100.0.1 ping statistics --- 3 packets transmitted, 3 packets received, 0% packet loss round-trip min/avg/max/stddev = 1.038/1.053/1.063/0.011 ms
意义
输出显示 Ping 在 CE2(叶)和 CE1(根)之间成功。