示例:在 EX9200 交换机上配置带有 IRB 解决方案的 EVPN
此示例说明如何在以太网 VPN (EVPN) 部署中配置集成路由和桥接 (IRB) 解决方案。
要求
此示例使用以下硬件和软件组件:
两台配置为 PE 路由器的 EX9200 交换机
在所有 PE 路由器上运行的 Junos OS 14.2 或更高版本
准备工作:
配置交换机接口。
配置 OSPF 或任何其他 IGP 协议。
配置 BGP。
配置 LDP。
配置 MPLS。
概述
在 EVPN 解决方案中,可以在特定 EVPN 实例中定义多个 VLAN,并且一个或多个 EVPN 实例可以与单个第 3 层 VPN VRF 关联。通常,系统会为每个数据中心租户分配一个唯一的第 3 层 VPN 虚拟路由转发 (VRF),尽管租户可以包含一个或多个 EVPN 实例或每个 EVPN 实例的 VLAN。
为了支持这种灵活性和可扩展性因素,EVPN 解决方案支持 EX9200 交换机上的 IRB 接口,以实现最佳的第 2 层和第 3 层转发以及虚拟机移动性。IRB 接口在每个已配置的 VLAN 上配置,包括 EVPN 实例的默认 VLAN。
IRB 是在单个节点内执行第 2 层交换和第 3 层路由的能力,从而避免子网间流量的额外跃点。EVPN IRB 解决方案通过使用网关 MAC 和 IP 同步消除了默认网关问题,并通过为租户 VRF 中的虚拟机 (VM) 创建 IP 主机路由,避免了第 3 层互通的三角路由问题。
配置
程序
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改与您的网络配置匹配所需的任何详细信息,然后将命令复制并粘贴到层次结构级别的 CLI [edit]
中。
CE1
set interfaces ge-1/1/7 vlan-tagging set interfaces ge-1/1/7 unit 0 vlan-id 10 set interfaces ge-1/1/7 unit 0 family inet address 10.0.0.1/24 set routing-options static route 198.51.100.0/24 next-hop 10.0.0.251
PE1
set interfaces ge-1/0/8 unit 0 family inet address 192.0.2.1/24 set interfaces ge-1/0/8 unit 0 family mpls set interfaces ge-1/1/8 flexible-vlan-tagging set interfaces ge-1/1/8 encapsulation flexible-ethernet-services set interfaces ge-1/1/8 unit 0 encapsulation vlan-bridge set interfaces ge-1/1/8 unit 0 vlan-id 10 set interfaces irb unit 0 family inet address 10.0.0.251/24 set interfaces lo0 unit 0 family inet address 203.0.113.1/32 set routing-options router-id 203.0.113.1 set routing-options autonomous-system 100 set routing-options forwarding-table chained-composite-next-hop ingress evpn set protocols ldp interface all set protocols ldp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 203.0.113.1 set protocols bgp group ibgp family evpn signaling set protocols bgp group ibgp neighbor 203.0.113.2 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set routing-instances evpna instance-type evpn set routing-instances evpna vlan-id 10 set routing-instances evpna interface ge-1/1/8.0 set routing-instances evpna l3-interface irb.0 set routing-instances evpna route-distinguisher 203.0.113.1:100 set routing-instances evpna vrf-target target:100:100 set routing-instances evpna protocols evpn interface ge-1/1/8.0 set routing-instances vrf instance-type vrf set routing-instances vrf interface irb.0 set routing-instances vrf route-distinguisher 203.0.113.1:300 set routing-instances vrf vrf-target target:100:300 set routing-instances vrf vrf-table-label
PE2
set interfaces ge-2/0/8 unit 0 family inet address 192.0.2.2/24 set interfaces ge-2/0/8 unit 0 family mpls set interfaces ge-2/1/8 flexible-vlan-tagging set interfaces ge-2/1/8 encapsulation flexible-ethernet-services set interfaces ge-2/1/8 unit 0 encapsulation vlan-bridge set interfaces ge-2/1/8 unit 0 vlan-id 20 set interfaces irb unit 0 family inet address 198.51.100.251/24 set interfaces lo0 unit 0 family inet address 203.0.113.2/32 set routing-options router-id 203.0.113.2 set routing-options autonomous-system 100 set routing-options forwarding-table chained-composite-next-hop ingress evpn set protocols ldp interface all set protocols ldp interface fxp0.0 disable set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 203.0.113.2 set protocols bgp group ibgp family evpn signaling set protocols bgp group ibgp neighbor 203.0.113.1 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set routing-instances evpna instance-type evpn set routing-instances evpna vlan-id 20 set routing-instances evpna interface ge-2/1/8.0 set routing-instances evpna l3-interface irb.0 set routing-instances evpna route-distinguisher 203.0.113.2:100 set routing-instances evpna vrf-target target:200:100 set routing-instances evpna protocols evpn interface ge-2/1/8.0 set routing-instances vrf instance-type vrf set routing-instances vrf interface irb.0 set routing-instances vrf route-distinguisher 203.0.113.2:300 set routing-instances vrf vrf-target target:200:300 set routing-instances vrf vrf-table-label
CE2
set interfaces ge-2/1/7 unit 0 vlan-id 20 set interfaces ge-2/1/7 unit 0 family inet address 198.51.100.2/24 set routing-options static route 10.0.0.0/24 next-hop 198.51.100.251
分步过程
以下示例要求您在配置层次结构中导航各个级别。有关导航 CLI 的信息,请参阅 在配置模式下使用 CLI 编辑器。
要配置路由器 PE1:
修改相应的接口名称、地址和其他参数后,对路由器 PE2 重复此过程。
配置路由器 PE1 接口。
[edit interfaces]
user@PE1# set ge-1/0/8 unit 0 family inet address 192.0.2.1/24 user@PE1# set ge-1/0/8 unit 0 family mpls user@PE1# set ge-1/1/8 flexible-vlan-tagging user@PE1# set ge-1/1/8 encapsulation flexible-ethernet-services user@PE1# set ge-1/1/8 unit 0 encapsulation vlan-bridge user@PE1# set ge-1/1/8 unit 0 vlan-id 10 user@PE1# set irb unit 0 family inet address 10.0.0.251/24 user@PE1# set lo0 unit 0 family inet address 203.0.113.1/32设置路由器 PE1 的路由器 ID 和自治系统编号。
[edit routing-options]
user@PE1# set router-id 203.0.113.1 user@PE1# set autonomous-system 100为 EVPN 配置链式复合下一跃点。
[edit routing-options]
user@PE1# set forwarding-table chained-composite-next-hop ingress evpn在路由器 PE1 的所有接口上启用 LDP,管理接口除外。
[edit protocols]
user@PE1# set ldp interface all user@PE1# set ldp interface fxp0.0 disable在路由器 PE1 的所有接口上启用 MPLS,管理接口除外。
[edit protocols]
user@PE1# set mpls interface all user@PE1# set mpls mpls interface fxp0.0 disable为路由器 PE1 配置 BGP 组。
[edit protocols]
user@PE1# set bgp group ibgp type internal将本地和邻居地址分配给 ibgp BGP 组,以便路由器 PE1 与路由器 PE2 对等。
[edit protocols]
user@PE1# set bgp group ibgp local-address 203.0.113.1 user@PE1# set bgp group ibgp neighbor 203.0.113.2将 EVPN 信令网络层可达性信息 (NLRI) 包含在 ibgp BGP 组。
[edit protocols]
user@PE1# set bgp group ibgp family evpn signaling在路由器 PE1 的所有接口(管理接口除外)上配置 OSPF。
[edit protocols]
user@PE1# set ospf area 0.0.0.0 interface all user@PE1# set ospf area 0.0.0.0 interface fxp0.0 disable配置 EVPN 路由实例。
[edit routing-instances] user@PE1# set evpna instance-type evpn
设置 evpna 路由实例中桥接域的 VLAN 标识符。
[edit routing-instances] user@PE1# set evpna vlan-id 10
配置 evpna 路由实例的接口名称。
[edit routing-instances] user@PE1# set evpna interface ge-1/1/8.0
将 IRB 接口配置为 evpna 路由实例的路由接口。
[edit routing-instances] user@PE1# set evpna l3-interface irb.0
为 evpna 路由实例配置路由识别符。
[edit routing-instances] user@PE1# set evpna route-distinguisher 203.0.113.1:100
为 evpna 路由实例配置 VPN 路由和转发 (VRF) 目标社区。
[edit routing-instances] user@PE1# set evpna vrf-target target:100:100
分配将 PE1 站点连接到 VPN 的接口名称。
[edit routing-instances] user@PE1# set evpna protocols evpn interface ge-1/1/8.0
配置 VRF 路由实例。
[edit routing-instances] user@PE1# set vrf instance-type vrf
将 IRB 接口配置为 vrf 路由实例的路由接口。
[edit routing-instances] user@PE1# set vrf interface irb.0
配置 vrf 路由实例的路由识别符。
[edit routing-instances] user@PE1# set vrf route-distinguisher 203.0.113.1:300
配置 VRF 路由实例的 VRF 标签。
[edit routing-instances] user@PE1# set vrf vrf-table-label
结果
在配置模式下,输入 show interfaces
、 show routing-options
、 show protocols
和 show routing-instances
命令来确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明以更正配置。
user@PE1# show interfaces
ge-1/0/8 {
unit 0 {
family inet {
address 192.0.2.1/24;
}
family mpls;
}
}
ge-1/1/8 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
encapsulation vlan-bridge;
vlan-id 10;
}
}
irb {
unit 0 {
family inet {
address 10.0.0.251/24;
}
}
}
lo0 {
unit 0 {
family inet {
address 203.0.113.1/32 {
}
}
}
}
user@PE1# show routing-options
router-id 203.0.113.1;
autonomous-system 100;
forwarding-table {
chained-composite-next-hop {
ingress {
evpn;
}
}
}
user@PE1# show protocols
ldp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
interface all;
interface fxp0.0 {
disable;
}
}
bgp {
group ibgp {
type internal;
local-address 203.0.113.1;
family evpn {
signaling;
}
neighbor 203.0.113.2;
}
}
ospf {
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
user@PE1# show routing-instances
evpna {
instance-type evpn;
vlan-id 10;
interface ge-1/1/8.0;
l3-interface irb.0;
route-distinguisher 203.0.113.1:100;
vrf-target target:100:100;
protocols {
evpn {
interface ge-1/1/8.0;
}
}
}
vrf {
instance-type vrf;
interface irb.0;
route-distinguisher 203.0.113.1:300;
vrf-target target:100:300;
vrf-table-label;
}
验证
确认配置工作正常。
验证本地 IRB MAC
目的
验证是否已从 L2ALD 获知本地 IRB MAC。
行动
在路由器 PE1 上,确定本地 IRB 接口的 MAC 地址。
在操作模式下,运行 show interfaces irb extensive | match "Current address"
命令。
user@PE1> show interfaces irb extensive | match "Current address" Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
在操作模式下,运行 show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10"
命令。
user@PE1> show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10" 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10/384 (1 entry, 1 announced) TSI: Page 0 idx 0, (group PE type Internal) Type 1 val 0x2736568 (adv_entry) Advertised metrics: Flags: Nexthop Change Nexthop: Self Localpref: 100 AS path: [100] I Communities: target:100:100 evpn-default-gateway Path 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10 Vector len 4. Val: 0 *EVPN Preference: 170 Next hop type: Indirect Address: 0x26f8354 Next-hop reference count: 6 Protocol next hop: 10.255.0.1 Indirect next hop: 0x0 - INH Session ID: 0x0 State: <Active Int Ext> Age: 23:29:08 Validation State: unverified Task: evpna-evpn Announcement bits (1): 1-BGP_RT_Background AS path: I Communities: evpn-default-gateway Route Label: 299776
意义
本地 IRB 接口的仅 MAC 路由显示在路由器 PE1 上的 EVPN 实例路由表中,从 EVPN 学习并使用默认网关扩展社区进行标记。
验证远程 IRB MAC
目的
验证是否已从 BGP 获知远程 IRB MAC。
行动
在路由器 PE1 上,确定本地 IRB 接口的 MAC 地址。
在操作模式下,运行 show interfaces irb extensive | match "Current address"
命令。
user@PE1> show interfaces irb extensive | match "Current address" Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
在路由器 PE2 上,验证是否已获知远程 IRB MAC。
在操作模式下,运行 show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10"
命令。
user@PE2> show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10" 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10/384 (1 entry, 1 announced) *BGP Preference: 170/-101 Route Distinguisher: 2.91.223.24:100 Next hop type: Indirect Address: 0x26f8d6c Next-hop reference count: 10 Source: 10.255.0.1 Protocol next hop: 10.255.0.1 Indirect next hop: 0x2 no-forward INH Session ID: 0x0 State: <Secondary Active Int Ext> Local AS: 100 Peer AS: 100 Age: 23:22:17 Metric2: 1 Validation State: unverified Task: BGP_100.10.255.0.1 Announcement bits (1): 0-evpna-evpn AS path: I Communities: target:100:100 evpn-default-gateway Import Accepted Route Label: 299776 Localpref: 100 Router ID: 10.255.0.1 Primary Routing Table bgp.evpn.0 Indirect next hops: 1 Protocol next hop: 10.255.0.1 Metric: 1 Indirect next hop: 0x2 no-forward INH Session ID: 0x0 Indirect path forwarding next hops: 1 Next hop type: Router Next hop: 1.0.0.1 via ge-1/0/8.0 Session Id: 0x1 10.255.0.1/32 Originating RIB: inet.3 Metric: 1 Node path count: 1 Forwarding nexthops: 1 Nexthop: 1.0.0.1 via ge-1/0/8.0
意义
远程 IRB 接口的仅 MAC 路由显示在路由器 PE2 上的 EVPN 实例路由表中,从 BGP 获知并使用默认网关扩展社区进行标记。
验证本地 IRB IP
目的
验证 RPD 是否在本地获知本地 IRB IP。
行动
在路由器 PE1 上,确定本地 IRB 接口的 MAC 和 IP 地址。
在操作模式下,运行 show interfaces irb extensive | match "Current address"
命令。
user@PE1> show interfaces irb extensive | match "Current address" Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
在操作模式下,运行 show interfaces irb.0 terse | match inet
命令。
user@PE1> show interfaces irb.0 terse | match inet irb.0 up up inet 10.0.0.251/24
在操作模式下,运行 show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251"
命令。
user@PE2> show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251" 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251/384 (1 entry, 1 announced) TSI: Page 0 idx 0, (group PE type Internal) Type 1 val 0x27365a0 (adv_entry) Advertised metrics: Flags: Nexthop Change Nexthop: Self Localpref: 100 AS path: [100] I Communities: target:100:100 evpn-default-gateway Path 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251 Vector len 4. Val: 0 *EVPN Preference: 170 <<<<< Next hop type: Indirect Address: 0x26f8354 Next-hop reference count: 6 Protocol next hop: 10.255.0.1 Indirect next hop: 0x0 - INH Session ID: 0x0 State: <Active Int Ext> Age: 23:48:46 Validation State: unverified Task: evpna-evpn Announcement bits (1): 1-BGP_RT_Background AS path: I Communities: evpn-default-gateway Route Label: 299776
意义
本地 IRB 接口的 MAC 加 IP 路由显示在路由器 PE1 上的 EVPN 实例路由表中,从 EVPN 获知并使用默认网关扩展社区进行标记。
验证远程 IRB IP
目的
验证是否已从 BGP 获知远程 IRB IP。
行动
在路由器 PE1 上,确定本地 IRB 接口的 MAC 和 IP 地址。
在操作模式下,运行 show interfaces irb extensive | match "Current address"
命令。
user@PE1> show interfaces irb extensive | match "Current address" Current address: a8:d0:e5:54:0d:10, Hardware address: a8:d0:e5:54:0d:10
在操作模式下,运行 show interfaces irb.0 terse | match inet
命令。
user@PE1> show interfaces irb.0 terse | match inet irb.0 up up inet 10.0.0.251/24
在路由器 PE2 上,验证是否已获知远程 IRB IP。
在操作模式下,运行 show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251"
命令。
user@PE2> show route table evpna.evpn.0 extensive | find "a8:d0:e5:54:0d:10::10.0.0.251" 2:10.255.0.1:100::0::100::a8:d0:e5:54:0d:10::10.0.0.251/384 (1 entry, 1 announced) *BGP Preference: 170/-101 Route Distinguisher: 2.91.223.216:100 Next hop type: Indirect Address: 0x26f8d6c Next-hop reference count: 10 Source: 10.255.0.1 Protocol next hop: 10.255.0.1 Indirect next hop: 0x2 no-forward INH Session ID: 0x0 State: <Secondary Active Int Ext> Local AS: 100 Peer AS: 100 Age: 23:56:36 Metric2: 1 Validation State: unverified Task: BGP_100.10.255.0.1 Announcement bits (1): 0-evpna-evpn AS path: I Communities: target:100:100 evpn-default-gateway Import Accepted Route Label: 299776 Localpref: 100 Router ID: 10.255.0.1 Primary Routing Table bgp.evpn.0 Indirect next hops: 1 Protocol next hop: 10.255.0.1 Metric: 1 Indirect next hop: 0x2 no-forward INH Session ID: 0x0 Indirect path forwarding next hops: 1 Next hop type: Router Next hop: 1.0.0.1 via ge-1/0/8.0 Session Id: 0x1 10.255.0.1/32 Originating RIB: inet.3 Metric: 1 Node path count: 1 Forwarding nexthops: 1 Nexthop: 1.0.0.1 via ge-1/0/8.0
意义
远程 IRB 接口的 MAC 加 IP 路由显示在路由器 PE2 上的 EVPN 实例路由表中,并使用默认网关扩展社区进行标记。
验证 CE-CE 子网间转发
目的
验证路由器 CE1 和 CE2 之间的子网间转发。
行动
在操作模式下,运行 show route table inet.0
命令。
user@CE1> show route table inet.0 inet.0: 3 destinations, 3 routes (3 active, 0 holddown, 0 hidden) + = Active Route, - = Last Active, * = Both 0.0.0.0/0 *[Static/5] 00:15:09 > to 10.0.0.251 via ge-1/1/7.0 10.0.0.0/24 *[Direct/0] 1d 23:24:30 > via ge-1/1/7.0 10.0.0.1/32 *[Local/0] 1d 23:24:38 Local via ge-1/1/7.0
在操作模式下,运行 ping
命令。
user@CE1> ping 198.51.100.2 interval 0.1 count 10 PING 198.51.100.2 (20.0.0.2): 56 data bytes 64 bytes from 198.51.100.2: icmp_seq=0 ttl=63 time=0.919 ms 64 bytes from 198.51.100.2: icmp_seq=1 ttl=63 time=0.727 ms 64 bytes from 198.51.100.2: icmp_seq=2 ttl=63 time=0.671 ms 64 bytes from 198.51.100.2: icmp_seq=3 ttl=63 time=0.671 ms 64 bytes from 198.51.100.2: icmp_seq=4 ttl=63 time=0.666 ms 64 bytes from 198.51.100.2: icmp_seq=5 ttl=63 time=0.704 ms 64 bytes from 198.51.100.2: icmp_seq=6 ttl=63 time=0.763 ms 64 bytes from 198.51.100.2: icmp_seq=7 ttl=63 time=0.750 ms 64 bytes from 198.51.100.2: icmp_seq=8 ttl=63 time=12.967 ms 64 bytes from 198.51.100.2: icmp_seq=9 ttl=63 time=0.752 ms --- 198.51.100.2 ping statistics --- 10 packets transmitted, 10 packets received, 0% packet loss round-trip min/avg/max/stddev = 0.666/1.959/12.967/3.670 ms
意义
从路由器 CE1 到路由器 CE2 的 ping 成功。