VxLAN EVPN模式配置详解

VxLAN EVPN模式配置详解

VxLAN EVPN模式是VxLAN协议的一种更灵活的使用方式，通过EVPN作为控制平面，利用BGP传递控制数据（如MAC地址和ARP表），实现按需动态创建VxLAN隧道。这种模式解决了静态VxLAN隧道适用范围小的问题，使得VxLAN能够更好地支持网络虚拟化和Software Defined Networking（SDN）的思想。本文将通过一个具体的配置示例，演示如何在不同厂商的设备上实现VxLAN EVPN模式的配置。

基础路由配置和BGP(EVPN AF)

基础网络和BGP的配置逻辑在各个厂家的设备中基本一致，这里不做过多解释，直接给出配置示例。

RR(H3C vSR)

RR作为underlay的转发核心，负责将EVPN控制信息反射给其他VTEP，本身不解析VxLAN流量。

sysname RR
isis 1
 is-level level-1
 cost-style wide
 network-entity 10.0000.0090.0900.9009.00
address-family ipv4 unicast
l2vpn enable
interface LoopBack0
 ip address 9.9.9.9 255.255.255.255
 isis enable 1
interface GigabitEthernet1/0 to GigabitEthernet7/0
 port link-mode route
 ip address <x>.0.0.9 255.255.255.0
 isis enable 1
bgp 200
 router-id 9.9.9.9
 group evpn internal
 peer evpn connect-interface LoopBack0
 peer 1.1.1.1 to 7.7.7.7 group evpn
address-family l2vpn evpn
 undo policy vpn-target
 peer evpn enable
 peer evpn reflect-client

R1至R7的配置

各设备的配置逻辑基本相同，主要涉及ISIS、Loopback接口和BGP的配置。以R1为例：

sysname R1
isis 1
 is-level level-1
 cost-style wide
 network-entity 10.0000.0010.0100.1001.00
address-family ipv4 unicast
l2vpn enable
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
 isis enable 1
interface GigabitEthernet1/0
 port link-mode route
 ip address 19.0.0.1 255.255.255.0
 isis enable 1
bgp 200
 router-id 1.1.1.1
 group rr internal
 peer rr connect-interface LoopBack0
 peer 9.9.9.9 group rr
address-family l2vpn evpn
 peer rr enable

其他设备的配置类似，主要区别在于设备特有的一些配置细节。

VxLAN和EVPN实例配置

VxLAN作为一种虚拟化技术，需要兼容性以连接传统以太网网络。为此，引入了Bridge-Domain（桥接域）作为中间件。以下是各设备的配置示例。

R1(H3C vSR)

vsi aaa
 vxlan 10000
 evpn encapsulation vxlan
  route-distinguisher 1:10000
  vpn-target 10000:10000 export-extcommunity
  vpn-target 10000:10000 import-extcommunity
vsi bbb
 vxlan 20000
 evpn encapsulation vxlan
  route-distinguisher 1:20000
  vpn-target 20000:20000 export-extcommunity
  vpn-target 20000:20000 import-extcommunity

R3(Huawei NE40E)

evpn vpn-instance aaa bd-mode
 route-distinguisher 3:10000
 vpn-target 10000:10000 export-extcommunity
 vpn-target 10000:10000 import-extcommunity
bridge-domain 10000
 vxlan vni 10000 split-horizon-mode
 evpn binding vpn-instance aaa
interface Nve1
 source 3.3.3.3
 vni 10000 head-end peer-list protocol bgp
 vni 20000 head-end peer-list protocol bgp

R4(Vyos)

set interfaces vxlan vxlan10000 source-address '3.3.3.3'
set interfaces vxlan vxlan10000 vni '10000'
set protocols bgp address-family l2vpn-evpn advertise-all-vni
set protocols bgp address-family l2vpn-evpn vni 10000 rd '4:10000'
set protocols bgp address-family l2vpn-evpn vni 10000 route-target both '10000:10000'

R5(Ruijie)

vtep
 source loopback 0
vlan range 1,100,200
evpn
 vni 10000
  rd 5:10000
  route-target both 10000:10000
 vni 20000
  rd 5:20000
  route-target both 20000:20000
vxlan 10000
 extend-vlan 100
vxlan 20000
 extend-vlan 200

R6(Cisco Nexus)

nv overlay evpn
feature vn-segment-vlan-based
interface nve1
  no shutdown
  host-reachability protocol bgp
  source-interface loopback0
  member vni 10000
    ingress-replication protocol bgp
  member vni 20000
    ingress-replication protocol bgp
evpn
  vni 10000 l2
    rd 6:10000
    route-target import 10000:10000
    route-target export 10000:10000
  vni 20000 l2
    rd 6:20000
    route-target import 20000:20000
    route-target export 20000:20000

R7(Juniper vMX)

set routing-instances aaa instance-type virtual-switch
set routing-instances aaa protocols evpn encapsulation vxlan
set routing-instances aaa protocols evpn extended-vni-list 10000
set routing-instances aaa protocols evpn multicast-mode ingress-replication
set routing-instances aaa vtep-source-interface lo0.0
set routing-instances aaa bridge-domains bdaaa vlan-id 100
set routing-instances aaa bridge-domains bdaaa vxlan vni 10000
set routing-instances aaa bridge-domains bdaaa vxlan ingress-node-replication
set routing-instances aaa route-distinguisher 7:10000
set routing-instances aaa vrf-target target:10000:10000

接入配置

一般来说，接入VxLAN的方式有两种：VLAN映射和接口直接封装。

R1(H3C vSR)

interface GigabitEthernet2/0
 port link-mode route
 xconnect vsi aaa
interface GigabitEthernet3/0
 port link-mode route
 xconnect vsi bbb

R3(Huawei NE40E)

interface Ethernet1/0/1
 undo shutdown
interface Ethernet1/0/1.10000 mode l2
 encapsulation untag
 bridge-domain 10000
interface Ethernet1/0/2
 undo shutdown
interface Ethernet1/0/2.20000 mode l2
 encapsulation untag
 bridge-domain 20000

R4(Vyos)

set interfaces bridge br10000 member interface eth1
set interfaces bridge br10000 member interface vxlan10000
set interfaces bridge br20000 member interface eth2
set interfaces bridge br20000 member interface vxlan20000

R5(Ruijie)

interface GigabitEthernet 0/1
 switchport
 switchport access vlan 100
interface GigabitEthernet 0/2
 switchport
 switchport access vlan 200

R6(Cisco Nexus)

vlan 1,100,200
vlan 100
  vn-segment 10000
vlan 200
  vn-segment 20000
interface Ethernet1/2
  switchport access vlan 100
interface Ethernet1/3
  switchport access vlan 200

R7(Juniper vMX)

set interfaces ge-0/0/1 encapsulation ethernet-bridge
set interfaces ge-0/0/1 unit 0 family bridge vlan-id 100
set routing-instances aaa bridge-domains bdaaa interface ge-0/0/1.0
set interfaces ge-0/0/2 encapsulation ethernet-bridge
set interfaces ge-0/0/2 unit 0 family bridge vlan-id 200
set routing-instances bbb bridge-domains bdbbb interface ge-0/0/2.0

至此，我们演示了VxLAN EVPN模式下二层网络的配置，主要包含了基础网络配置、VTEP节点配置（EVPN实例等）、VxLAN接入配置。要点以备注的形式放在配置中。受限于篇幅，其他内容（如三层网关部署、分布式网关、组播/广播抑制、外部路由引入、VxLAN复制模式、多归等）将放到后续文章中。

参考资料

• Cisco EVPN Configuration
• Juniper EVPN Configuration
• Cisco Catalyst 9300 VXLAN Configuration