示例:配置支持虚拟交换机的 EVPN
示例:配置支持虚拟交换机的 EVPN
此示例说明如何在以太网 VPN (EVPN) 部署中配置虚拟交换机。
要求
此示例使用以下硬件和软件组件:
两个 MX 系列 5G 通用路由平台,包含 MPC FPC。
两台客户边缘 (CE) 路由器。
Junos OS 14.1 或更高版本。
开始之前:
配置路由器接口。
配置 OSPF 或任何其他 IGP 协议。
配置 BGP。
配置 RSVP 或 LDP。
配置 MPLS。
概述
从 Junos OS 14.1 版开始,具有 MPC 接口的 MX 系列路由器上的以太网 VPN (EVPN) 解决方案得到了扩展,可提供虚拟交换机支持,从而支持在一个 EVPN 实例中具有独立 VLAN 和子网空间的多个租户。虚拟交换机能够使用单个 EVPN 实例通过 WAN 扩展以太网 VLAN,同时在与该实例关联的各种 VLAN 之间保持数据平面分离。单个 EVPN 实例最多可将虚拟交换机中定义的 4094 个桥接域延伸到远程站点。
为 EVPN 配置虚拟交换机时,请注意以下注意事项:
由于默认的 ARP 监管,某些不发往设备的 ARP 数据包可能会被遗漏。这可能会导致 ARP 学习和同步延迟。
清除 EVPN 的 ARP 可能会导致 ARP 表与 EVPN ARP 表不一致。要避免这种情况,请同时清除 ARP 和 EVPN ARP 表。
vlan-tag可以配置为本地交换。但是,不应通过 EVPN 云扩展带有 VLAN 标记的 VLAN。
拓扑学
图 1 展示了支持虚拟交换机的简单 EVPN 拓扑。路由器 PE1 和 PE2 是提供商边缘 (PE) 路由器,它们分别连接到一个客户边缘 (CE) 路由器(CE1 和 CE2)。
图 1:支持
虚拟交换机的 EVPN
虚拟交换机的 EVPN
配置
程序
CLI 快速配置
要快速配置此示例,请复制以下命令,将其粘贴到文本文件中,删除所有换行符,更改详细信息,以便与网络配置匹配,然后将命令复制并粘贴到层 [edit] 级的 CLI 中。
PE1型
set interfaces ge-2/0/9 unit 0 family inet address 10.0.0.1/30 set interfaces ge-2/0/9 unit 0 family mpls set interfaces ge-0/1/4 flexible-vlan-tagging set interfaces ge-0/1/4 encapsulation flexible-ethernet-services set interfaces ge-0/1/4 unit 0 family bridge interface-mode trunk set interfaces ge-0/1/4 unit 0 vlan-id-list 10 set interfaces ge-0/1/4 unit 1 family bridge interface-mode trunk set interfaces ge-0/1/4 unit 1 vlan-id-list 20 set interfaces irb unit 0 family inet address 192.168.1.1/16 set interfaces irb unit 1 family inet address 192.168.2.1/16 set interfaces lo0 unit 0 family inet address 10.255.169.37/32 set routing-options router-id 10.255.169.37 set routing-options autonomous-system 100 set routing-options forwarding-table chained-composite-next-hop ingress evpn set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set protocols mpls label-switched-path PE1-to-PE2 from 10.255.169.37 set protocols mpls label-switched-path PE1-to-PE2 to 10.255.237.18 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 10.255.169.37 set protocols bgp group ibgp family evpn signaling set protocols bgp group ibgp neighbor 10.255.237.18 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set routing-instances evpna instance-type virtual-switch set routing-instances evpna interface ge-0/1/4.0 set routing-instances evpna interface ge-0/1/4.1 set routing-instances evpna route-distinguisher 10.255.169.37:1 set routing-instances evpna vrf-target target:100:1 set routing-instances evpna protocols evpn extended-vlan-list [ 10 20 ] set routing-instances evpna bridge-domains bda domain-type bridge set routing-instances evpna bridge-domains bda vlan-id 10 set routing-instances evpna bridge-domains bda routing-interface irb.0 set routing-instances evpna bridge-domains bda bridge-options interface ge-0/1/4.0 set routing-instances evpna bridge-domains bdb domain-type bridge set routing-instances evpna bridge-domains bdb vlan-id 20 set routing-instances evpna bridge-domains bdb routing-interface irb.1 set routing-instances evpna bridge-domains bdb bridge-options interface ge-0/1/4.1 set routing-instances vrf instance-type vrf set routing-instances vrf interface irb.0 set routing-instances vrf interface irb.1 set routing-instances vrf route-distinguisher 198.51.100.1:2 set routing-instances vrf vrf-target target:100:2 set routing-instances vrf vrf-table-label
PE2
set interfaces ge-2/1/9 unit 0 family inet address 10.0.0.2/30 set interfaces ge-2/1/9 unit 0 family mpls set interfaces ge-1/2/4 flexible-vlan-tagging set interfaces ge-1/2/4 encapsulation flexible-ethernet-services set interfaces ge-1/2/4 unit 0 family bridge interface-mode trunk set interfaces ge-1/2/4 unit 0 vlan-id-list 10 set interfaces ge-1/2/4 unit 1 family bridge interface-mode trunk set interfaces ge-1/2/4 unit 1 vlan-id-list 20 set interfaces irb unit 0 family inet address 192.168.2.2/16 set interfaces irb unit 1 family inet address 192.168.2.3/16 set interfaces lo0 unit 0 family inet address 10.255.237.18/32 set routing-options router-id 10.255.237.18 set routing-options autonomous-system 100 set routing-options forwarding-table chained-composite-next-hop ingress evpn set protocols rsvp interface all set protocols rsvp interface fxp0.0 disable set protocols mpls label-switched-path PE2-to-PE1 from 10.255.237.18 set protocols mpls label-switched-path PE2-to-PE1 to 10.255.169.37 set protocols mpls interface all set protocols mpls interface fxp0.0 disable set protocols bgp group ibgp type internal set protocols bgp group ibgp local-address 10.255.237.18 set protocols bgp group ibgp family evpn signaling set protocols bgp group ibgp neighbor 10.255.169.37 set protocols ospf area 0.0.0.0 interface all set protocols ospf area 0.0.0.0 interface fxp0.0 disable set routing-instances evpna instance-type virtual-switch set routing-instances evpna interface ge-1/2/4.0 set routing-instances evpna interface ge-1/2/4.1 set routing-instances evpna route-distinguisher 10.255.237.18:1 set routing-instances evpna vrf-target target:100:1 set routing-instances evpna protocols evpn extended-vlan-list [ 10 20 ] set routing-instances evpna bridge-domains bda domain-type bridge set routing-instances evpna bridge-domains bda vlan-id 10 set routing-instances evpna bridge-domains bda routing-interface irb.0 set routing-instances evpna bridge-domains bda bridge-options interface ge-1/2/4.0 set routing-instances evpna bridge-domains bdb domain-type bridge set routing-instances evpna bridge-domains bdb vlan-id 20 set routing-instances evpna bridge-domains bdb routing-interface irb.1 set routing-instances evpna bridge-domains bdb bridge-options interface ge-1/2/4.1 set routing-instances vrf instance-type vrf set routing-instances vrf interface irb.0 set routing-instances vrf interface irb.1 set routing-instances vrf route-distinguisher 198.51.100.2:2 set routing-instances vrf vrf-target target:100:2 set routing-instances vrf vrf-table-label
分步过程
下面的示例要求您在各个配置层级中进行导航。有关 CLI 导航的信息,请参阅 在配置模式下使用 CLI 编辑器。
要配置路由器 PE1:
注意:
在修改相应的接口名称、地址和其他参数后,对路由器 PE2 重复此过程。
配置 PE1 接口。
[edit interfaces]user@PE1# set ge-2/0/9 unit 0 family inet address 10.0.0.1/30 user@PE1# set ge-2/0/9 unit 0 family mpls user@PE1# set ge-0/1/4 flexible-vlan-tagging user@PE1# set ge-0/1/4 encapsulation flexible-ethernet-services user@PE1# set ge-0/1/4 unit 0 family bridge interface-mode trunk user@PE1# set ge-0/1/4 unit 0 vlan-id-list 10 user@PE1# set ge-0/1/4 unit 1 family bridge interface-mode trunk user@PE1# set ge-0/1/4 unit 1 vlan-id-list 20 user@PE1# set irb unit 0 family inet address 192.168.1.1/16 user@PE1# set irb unit 1 family inet address 192.168.2.1/16 user@PE1# set lo0 unit 0 family inet address 10.255.169.37/32设置路由器 PE1 的路由器 ID 和自治系统编号。
[edit routing-options] user@PE1# set router-id 10.255.169.37 user@PE1# set autonomous-system 100
为 EVPN 配置链式复合下一跃点。
[edit routing-options] user@PE1# set forwarding-table chained-composite-next-hop ingress evpn
在路由器 PE1 的所有接口上启用 RSVP,管理接口除外。
[edit protocols] user@PE1# set rsvp interface all user@PE1# set rsvp interface fxp0.0 disable
为 PE1 创建标签交换路径以到达 PE2。
[edit protocols] user@PE1# set mpls label-switched-path PE1-to-PE2 from 10.255.169.37 user@PE1# set mpls label-switched-path PE1-to-PE2 to 10.255.237.18
在路由器 PE1 的所有接口上启用 MPLS,管理接口除外。
[edit protocols] user@PE1# set mpls interface all user@PE1# set mpls interface fxp0.0 disable
为路由器 PE1 配置 BGP 组。
[edit protocols] user@PE1# set bgp group ibgp type internal
将本地地址和邻居地址分配给路由器 PE1 的 ibgp BGP 组,以便与路由器 PE2 对等。
[edit protocols] user@PE1# set bgp group ibgp local-address 10.255.169.37 user@PE1# set bgp group ibgp neighbor 10.255.237.18
包括 EVPN 信令网络层可达性信息 (NLRI) 到 ibgp BGP 组。
[edit protocols] user@PE1# set bgp group ibgp family evpn signaling
在路由器 PE1 的所有接口上配置 OSPF,管理接口除外。
[edit protocols] user@PE1# set ospf area 0.0.0.0 interface all user@PE1# set ospf area 0.0.0.0 interface fxp0.0 disable
配置虚拟交换机路由实例。
[edit routing-instances] user@PE1# set evpna instance-type virtual-switch
配置 EVPNA 路由实例的接口名称。
[edit routing-instances] user@PE1# set evpna interface ge-0/1/4.0 user@PE1# set evpna interface ge-0/1/4.1
为 EVPNA 路由实例配置路由识别符。
[edit routing-instances] user@PE1# set evpna route-distinguisher 10.255.169.37:1
为 EVPNA 路由实例配置 VPN 路由和转发 (VRF) 目标社区。
[edit routing-instances] user@PE1# set evpna vrf-target target:100:1
列出要进行 EVPN 扩展的 VLAN 标识符。
[edit routing-instances] user@PE1# set evpna protocols evpn extended-vlan-list [ 10 20 ]
为 EVPNA 路由实例配置桥接域。
[edit routing-instances] user@PE1# set evpna bridge-domains bda domain-type bridge
为 bda 桥接域分配 VLAN ID。
[edit routing-instances] user@PE1# set evpna bridge-domains bda vlan-id 10
将 IRB 接口配置为 BDA 桥接域的路由接口。
[edit routing-instances] user@PE1# set evpna bridge-domains bda routing-interface irb.0
配置 bda 桥接域的接口名称。
[edit routing-instances] user@PE1# set evpna bridge-domains bda bridge-options interface ge-0/1/4.0
为 EVPNA 路由实例配置桥接域。
[edit routing-instances] user@PE1# set evpna bridge-domains bdb domain-type bridge
为 bdb 网桥域分配 VLAN ID。
[edit routing-instances] user@PE1# set evpna bridge-domains bdb vlan-id 20
将 IRB 接口配置为 BDA 桥接域的路由接口。
[edit routing-instances] user@PE1# set evpna bridge-domains bdb routing-interface irb.1
配置 bdb 桥接域的接口名称。
[edit routing-instances] user@PE1# set evpna bridge-domains bdb bridge-options interface ge-0/1/4.1
配置 VRF 路由实例。
[edit routing-instances] user@PE1# set vrf instance-type vrf
将 IRB 接口配置为 vrf 路由实例的路由接口。
[edit routing-instances] user@PE1# set vrf interface irb.0 user@PE1# set vrf interface irb.1
为 vrf 路由实例配置路由识别符。
[edit routing-instances] user@PE1# set vrf route-distinguisher 198.51.100.1:2
为 VRF 路由实例配置 VRF 目标社区。
[edit routing-instances] user@PE1# set vrf vrf-target target:100:2
为 vrf 路由实例配置 VRF 标签。
[edit routing-instances] user@PE1# set vrf vrf-table-label
结果
在配置模式下,输入show interfaces、show routing-optionsshow protocols、和show routing-instances命令,以确认您的配置。如果输出未显示预期的配置,请重复此示例中的说明以更正配置。
user@PE1# show interfaces
ge-2/0/9 {
unit 0 {
family inet {
address 10.0.0.1/30;
}
family mpls;
}
}
ge-0/1/4 {
flexible-vlan-tagging;
encapsulation flexible-ethernet-services;
unit 0 {
family bridge {
interface-mode trunk;
vlan-id-list 10;
}
}
unit 1 {
family bridge {
interface-mode trunk;
vlan-id-list 20;
}
}
}
irb {
unit 0 {
family inet {
address 192.168.1.1/16;
}
}
unit 1 {
family inet {
address 192.168.2.1/16;
}
}
}
lo0 {
unit 0 {
family inet {
address 10.255.169.37/32;
}
}
}
user@PE1# show routing-options
router-id 10.255.169.37;
autonomous-system 100;
forwarding-table {
chained-composite-next-hop {
ingress {
evpn;
}
}
}
user@PE1# show protocols
rsvp {
interface all;
interface fxp0.0 {
disable;
}
}
mpls {
label-switched-path PE1-to-PE2 {
from 10.255.169.37;
to 10.255.237.18;
}
interface all;
interface fxp0.0 {
disable;
}
}
bgp {
group ibgp {
type internal;
local-address 10.255.169.37;
family evpn {
signaling;
}
neighbor 10.255.237.18;
}
}
ospf {
area 0.0.0.0 {
interface all;
interface fxp0.0 {
disable;
}
}
}
user@PE1# show routing-instances
evpna {
instance-type virtual-switch;
interface ge-0/1/4.0;
interface ge-0/1/4.1;
route-distinguisher 10.255.169.37:1;
vrf-target target:100:1;
protocols {
evpn {
extended-vlan-list [ 10 20 ];
}
}
bridge-domains {
bda {
domain-type bridge;
vlan-id 10;
routing-interface irb.0;
bridge-options {
interface ge-0/1/4.0;
}
}
bdb {
domain-type bridge;
vlan-id 20;
routing-interface irb.1;
bridge-options {
interface ge-0/1/4.1;
}
}
}
}
vrf {
instance-type vrf;
interface irb.0;
interface irb.1;
route-distinguisher 10.255.169.37:2;
vrf-target target:100:2;
vrf-table-label;
}
验证
确认配置工作正常。
验证网桥域配置
目的
验证 EVPNA 路由实例的桥接域配置。
行动
在操作模式下,运行 show bridge domain extensive 命令。
user@PE1> show bridge domain extensive
Routing instance: evpna
Bridge domain: bda State: Active
Bridge VLAN ID: 10 EVPN extended: Yes
Interfaces:
ge-0/1/4.0
pip-10.000010000000
pip-10.feff0f000000
Total MAC count: 2
Bridge domain: bdb State: Active
Bridge VLAN ID: 20 EVPN extended: Yes
Interfaces:
ge-0/1/4.1
pip-11.010010000000
pip-11.ffff0f000000
Total MAC count: 2
意义
将显示配置的 bda 网桥域及其 bdb 关联的 VLAN ID 和接口。桥接域也通过 EVPN 进行了扩展。
验证 MAC 表路由
目的
验证在数据平面和控制平面中学习的 MAC。
行动
在操作模式下,运行 show bridge mac-table 命令。
user@PE1> show bridge mac-table
MAC flags (S -static MAC, D -dynamic MAC, L -locally learned, C -Control MAC
SE -Statistics enabled, NM -Non configured MAC, R -Remote PE MAC)
Routing instance : evpna
Bridging domain : bda, VLAN : 10
MAC MAC Logical NH RTR
address flags interface Index ID
00:00:00:aa:01:01 S ge-0/1/4.0
00:00:00:bb:01:01 DC 1048574 1048574
00:00:00:cc:01:01 DC 1048576 1048576
Bridging domain : bdb, VLAN : 20
MAC MAC Logical NH RTR
address flags interface Index ID
00:00:00:aa:02:01 S ge-0/1/4.1
00:00:00:bb:02:01 DC 1048575 1048575
00:00:00:cc:02:01 DC 1048577 1048577
意义
将显示为桥接域配置的静态 MAC。
验证网桥 EVPN 对等网关 MAC
目的
验证 EVPNA 路由实例的桥接 EVPN 对等网关 MAC。
行动
在操作模式下,运行 show bridge evpn peer-gateway-macs 命令。
user@PE1> show bridge evpn peer-gateway-macs Routing instance : evpna Bridging domain : bda, VLAN : 10 Installed GW MAC addresses: 00:23:9c:96:af:f0 a8:d0:e5:5b:02:08 Bridging domain : bdb, VLAN : 20 Installed GW MAC addresses: 00:23:9c:96:af:f0 a8:d0:e5:5b:02:08
意义
将显示 EVPNA 路由实例的 EVPN 对等方的网关 MAC。