适用产品和版本

CE12800、CE12800E、CE8800、CE7800、CE6800（除CE6850EI、CE6810EI、CE6810LI外）系列产品V200R002C50或更高版本。

组网需求

如图1-15所示，数据中心A和数据中心B规划在不同的BGP AS域，在数据中心内部配置BGP EVPN协议创建分布式网关VXLAN隧道，实现同一数据中心VMa1和VMa2之间的互通、VMb1和VMb2之间的互相通信，通过在Leaf2和Leaf3之间配置BGP EVPN协议创建VXLAN隧道，实现数据中心A和数据中心B之间的互相通信（例如VMa1和VMb2之间互相通信）。

图1-15 配置跨AS的Segment VXLAN组网图

表1-10 接口的IP地址

配置思路

采用如下的思路配置跨AS的Segment VXLAN：

配置各节点IP地址。

配置路由实现各节点之间的互通。

在数据中心A和数据中心B内配置BGP EVPN协议创建分布式网关VXLAN隧道。

在Leaf2和Leaf3上配置BGP EVPN协议创建VXLAN隧道。

数据准备

为完成此配置例，需准备如下的数据：

VM所属的VLAN ID。

广播域BD ID。

VXLAN网络标示VNI和VPN实例下VXLAN网络标识VNI ID。

操作步骤

配置各节点接口的IP地址及Loopback接口的地址

配置各接口的IP地址和掩码，具体配置过程请参考配置文件。

配置路由协议

在数据中心内配置IGP，本示例使用OSPF。在数据中心间配置BGP。

具体配置过程请参考配置文件。

配置VXLAN隧道模式并使能VXLAN的ACL扩展功能（仅CE12800、CE6870EI、CE6875EI设备需要配置此步骤）

# 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述。

[~Leaf1] ip tunnel mode vxlan

[*Leaf1] assign forward nvo3 acl extend enable

[*Leaf1] commit

说明：

配置VXLAN隧道模式、使能VXLAN的ACL扩展功能后，需要保存配置并重启设备才能生效，您可以选择立即重启或完成所有配置后再重启。

数据中心A和数据中心B内配置BGP EVPN协议创建VXLAN隧道

在Leaf上配置业务接入点

# 配置Leaf1。

[~Leaf1] bridge-domain 10

[*Leaf1-bd10] quit

[*Leaf1] interface 10GE1/0/2.1 mode l2

[*Leaf1-10GE1/0/2.1] encapsulation dot1q vid 10

[*Leaf1-10GE1/0/2.1] bridge-domain 10

[*Leaf1-10GE1/0/2.1] quit

[*Leaf1] commit

Leaf2、Leaf3、Leaf4的配置与Leaf1配置类似，这里不再赘述。具体配置过程略，请参考配置文件。

在Leaf上使能EVPN作VXLAN控制平面功能

# 配置Leaf1。

[~Leaf1] evpn-overlay enable

[*Leaf1] commit

Leaf2、Leaf3、Leaf4的配置与Leaf1配置类似，这里不再赘述。具体配置过程略，请参考配置文件。

在数据中心A的Leaf1和Leaf2之间、数据中心B的Leaf3和Leaf4之间配置IBGP EVPN对等体关系

# 在Leaf1上配置IBGP EVPN对等体关系

[~Leaf1] bgp 100 instance evpn1

[*Leaf1-bgp-instance-evpn1] peer 6.6.6.6 as-number 100

[*Leaf1-bgp-instance-evpn1] peer 6.6.6.6 connect-interface LoopBack 1

[*Leaf1-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf1-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 enable

[*Leaf1-bgp-instance-evpn1-af-evpn] quit

[*Leaf1-bgp-instance-evpn1] quit

[*Leaf1] commit

Leaf2、Leaf3、Leaf4的配置与Leaf1配置类似，这里不再赘述。具体配置过程略，请参考配置文件。

在Leaf上配置VPN实例和EVPN实例

# 配置Leaf1。

[~Leaf1] ip vpn-instance vpn1

[*Leaf1-vpn-instance-vpn1] vxlan vni 5010

[*Leaf1-vpn-instance-vpn1] ipv4-family

[*Leaf1-vpn-instance-vpn1-af-ipv4] route-distinguisher 11:11

[*Leaf1-vpn-instance-vpn1-af-ipv4] vpn-target 1:1

[*Leaf1-vpn-instance-vpn1-af-ipv4] vpn-target 11:1 evpn

[*Leaf1-vpn-instance-vpn1-af-ipv4] quit

[*Leaf1-vpn-instance-vpn1] quit

[*Leaf1] bridge-domain 10

[*Leaf1-bd10] vxlan vni 10

[*Leaf1-bd10] evpn

[*Leaf1-bd10-evpn] route-distinguisher 10:1

[*Leaf1-bd10-evpn] vpn-target 10:1

[*Leaf1-bd10-evpn] vpn-target 11:1 export-extcommunity

[*Leaf1-bd10-evpn] quit

[*Leaf1-bd10] quit

[*Leaf1] commit

Leaf2、Leaf3、Leaf4的配置与Leaf1配置类似，这里不再赘述。具体配置过程略，请参考配置文件。

在Leaf上使能头端复制功能

# 在配置Leaf1。

[~Leaf1] interface nve 1

[*Leaf1-Nve1] source 5.5.5.5

[*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp

[*Leaf1-Nve1] quit

[*Leaf1] commit

Leaf2、Leaf3、Leaf4上的配置与Leaf1配置类似，这里不再赘述。具体配置过程略，请参考配置文件。

在Leaf上配置VXLAN三层网关

# 在Leaf1上配置业务环回接口。Leaf2、Leaf3、Leaf4的配置与Leaf1类似，这里不再赘述。（CE12800、CE12800E、CE6855HI、CE6856HI、CE6865EI、CE6870EI、CE6875EI、CE6880EI、CE7855EI不需要配置此步骤）。

[~Leaf1] interface eth-trunk 2

[*Leaf1-Eth-Trunk2] service type tunnel

[*Leaf1-Eth-Trunk2] quit

[*Leaf1] interface 10ge 1/0/5

[*Leaf1-10GE1/0/5] eth-trunk 2

[*Leaf1-10GE1/0/5] quit

[*Leaf1] commit

说明：

成员接口必须是空闲的、没有承载业务的物理接口，对物理接口的状态无要求。

请保证业务环回Eth-Trunk接口的带宽至少是VXLAN三层网关流量所占带宽的两倍。例如：如果用户侧通过VXLAN网络上送到网关的流量为10Gbps，则需要将两个10GE接口加入到业务环回的Eth-Trunk接口中作为其物理成员口。

# 配置Leaf1。

[~Leaf1] interface vbdif10

[*Leaf1-Vbdif10] ip binding vpn-instance vpn1

[*Leaf1-Vbdif10] ip address 10.10.1.1 24

[*Leaf1-Vbdif10] vxlan anycast-gateway enable

[*Leaf1-Vbdif10] arp collect host enable

[*Leaf1-Vbdif10] quit

[*Leaf1] commit

Leaf2、Leaf3、Leaf4上的配置与Leaf1配置类似，这里不再赘述。具体配置过程略，请参考配置文件。

数据中心A的Leaf1和Leaf2之间、数据中心B的Leaf3和Leaf4之间发布IRB类型的路由

# 配置Leaf1。

[~Leaf1] bgp 100 instance evpn1

[*Leaf1-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf1-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 advertise irb

[*Leaf1-bgp-instance-evpn1-af-evpn] quit

[*Leaf1-bgp-instance-evpn1] quit

[*Leaf1] commit

# 配置Leaf2。

[~Leaf2] bgp 100 instance evpn1

[*Leaf2-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 5.5.5.5 advertise irb

[*Leaf2-bgp-instance-evpn1-af-evpn] quit

[*Leaf2-bgp-instance-evpn1] quit

[*Leaf2] commit

Leaf4的配置与Leaf1的配置类似，Leaf3的配置与Leaf2的配置类似，这里不再赘述。具体配置过程略，请参考配置文件。

配置完成后，在Leaf上执行display vxlan tunnel命令，可以看到建立的VXLAN隧道信息。以Leaf1的显示为例：

[~Leaf1] display vxlan tunnel

Number of vxlan tunnel : 1

Tunnel ID Source Destination State Type Uptime

-----------------------------------------------------------------------------------

4026531841 5.5.5.5 6.6.6.6 up dynamic 0035h21m

在Leaf2和Leaf3上配置BGP EVPN协议创建VXLAN隧道

在各数据中心Leaf上配置EBGP EVPN对等体关系

说明：

由于Leaf2和Leaf3上存在VPN实例和EVPN实例，因此在Leaf2和Leaf3上配置仅需要配置EBGP EVPN对等体，保证IP路由可达即可。同时需要保证Leaf2、Leaf3上VPN实例和EVPN实例有相互匹配的RT值。

# 配置Leaf2。

[~Leaf2] bgp 100 instance evpn1

[*Leaf2-bgp-instance-evpn1] peer 7.7.7.7 as-number 200

[*Leaf2-bgp-instance-evpn1] peer 7.7.7.7 ebgp-max-hop 255

[*Leaf2-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 enable

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 advertise irb

[*Leaf2-bgp-instance-evpn1-af-evpn] quit

[*Leaf2-bgp-instance-evpn1] quit

[*Leaf2] commit

# 配置Leaf3。

[~Leaf3] bgp 200 instance evpn1

[*Leaf3-bgp-instance-evpn1] peer 6.6.6.6 as-number 100

[*Leaf3-bgp-instance-evpn1] peer 6.6.6.6 ebgp-max-hop 255

[*Leaf3-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 enable

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 advertise irb

[*Leaf3-bgp-instance-evpn1-af-evpn] quit

[*Leaf3-bgp-instance-evpn1] quit

[*Leaf3] commit

配置EVPN路由中的IRB路由、IP前缀路由的重生成功能

# 配置Leaf2。

[~Leaf2] bgp 100 instance evpn1

[*Leaf2-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 5.5.5.5 import reoriginate

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 5.5.5.5 advertise route-reoriginated evpn mac-ip

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 5.5.5.5 advertise route-reoriginated evpn ip

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 import reoriginate

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 advertise route-reoriginated evpn mac-ip

[*Leaf2-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 advertise route-reoriginated evpn ip

[*Leaf2-bgp-instance-evpn1-af-evpn] quit

[*Leaf2-bgp-instance-evpn1] quit

[*Leaf2] commit

# 配置Leaf3。

[~Leaf3] bgp 200 instance evpn1

[*Leaf3-bgp-instance-evpn1] l2vpn-family evpn

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 8.8.8.8 import reoriginate

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 8.8.8.8 advertise route-reoriginated evpn mac-ip

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 8.8.8.8 advertise route-reoriginated evpn ip

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 import reoriginate

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 advertise route-reoriginated evpn mac-ip

[*Leaf3-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 advertise route-reoriginated evpn ip

[*Leaf3-bgp-instance-evpn1-af-evpn] quit

[*Leaf3-bgp-instance-evpn1] quit

[*Leaf3] commit

验证配置结果

在Leaf上执行display vxlan tunnel命令，可以看到建立的VXLAN隧道信息。以Leaf2的显示为例：

[~Leaf2] display vxlan tunnel

Number of vxlan tunnel : 2

Tunnel ID Source Destination State Type Uptime

-----------------------------------------------------------------------------------

4026531841 6.6.6.6 5.5.5.5 up dynamic 0035h21m

4026531842 6.6.6.6 7.7.7.7 up dynamic 0035h25m

配置完成后，VMa1和VMb2之间可以互相通信。

配置文件

配置文件以CE12800交换机为例。

Spine1的配置文件

#

sysname Spine1

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.10.1 255.255.255.0

#

interface 10GE1/0/2

undo portswitch

ip address 192.168.20.1 255.255.255.0

#

interface LoopBack1

ip address 3.3.3.3 255.255.255.255

#

ospf 1

area 0.0.0.0

network 3.3.3.3 0.0.0.0

network 192.168.10.0 0.0.0.255

network 192.168.20.0 0.0.0.255

#

return

Leaf1的配置文件

#

sysname Leaf1

#

assign forward nvo3 acl extend enable

#

evpn-overlay enable

#

ip vpn-instance vpn1

ipv4-family

route-distinguisher 11:11

vpn-target 1:1 export-extcommunity

vpn-target 11:1 export-extcommunity evpn

vpn-target 1:1 import-extcommunity

vpn-target 11:1 import-extcommunity evpn

vxlan vni 5010

#

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 10:1

vpn-target 10:1 export-extcommunity

vpn-target 11:1 export-extcommunity

vpn-target 10:1 import-extcommunity

#

interface Vbdif10

ip binding vpn-instance vpn1

ip address 10.10.1.1 255.255.255.0

vxlan anycast-gateway enable

arp collect host enable

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.10.2 255.255.255.0

#

interface 10GE1/0/2.1 mode l2

encapsulation dot1q vid 10

bridge-domain 10

#

interface LoopBack1

ip address 5.5.5.5 255.255.255.255

#

interface Nve1

source 5.5.5.5

vni 10 head-end peer-list protocol bgp

#

bgp 100 instance evpn1

peer 6.6.6.6 as-number 100

peer 6.6.6.6 connect-interface LoopBack1

#

l2vpn-family evpn

policy vpn-target

peer 6.6.6.6 enable

peer 6.6.6.6 advertise irb

#

ospf 1

area 0.0.0.0

network 5.5.5.5 0.0.0.0

network 192.168.10.0 0.0.0.255

#

return

Leaf2的配置文件

#

sysname Leaf2

#

assign forward nvo3 acl extend enable

#

evpn-overlay enable

#

ip vpn-instance vpn1

ipv4-family

route-distinguisher 11:12

vpn-target 1:2 export-extcommunity

vpn-target 11:1 export-extcommunity evpn

vpn-target 33:3 export-extcommunity evpn

vpn-target 1:2 import-extcommunity

vpn-target 11:1 import-extcommunity evpn

vpn-target 33:3 import-extcommunity evpn

vxlan vni 5020

#

bridge-domain 20

vxlan vni 20

evpn

route-distinguisher 10:2

vpn-target 20:1 export-extcommunity

vpn-target 11:1 export-extcommunity

vpn-target 33:3 export-extcommunity

vpn-target 20:1 import-extcommunity

#

interface Vbdif20

ip binding vpn-instance vpn1

ip address 10.20.1.1 255.255.255.0

vxlan anycast-gateway enable

arp collect host enable

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.20.2 255.255.255.0

#

interface 10GE1/0/2.1 mode l2

encapsulation dot1q vid 20

bridge-domain 20

#

interface 10GE1/0/3

undo portswitch

ip address 192.168.50.2 255.255.255.0

#

interface LoopBack1

ip address 6.6.6.6 255.255.255.255

#

interface Nve1

source 6.6.6.6

vni 20 head-end peer-list protocol bgp

#

bgp 20

peer 192.168.50.1 as-number 10

#

ipv4-family unicast

network 6.6.6.6 255.255.255.255

peer 192.168.50.1 enable

#

bgp 100 instance evpn1

peer 5.5.5.5 as-number 100

peer 5.5.5.5 connect-interface LoopBack1

peer 7.7.7.7 as-number 200

peer 7.7.7.7 ebgp-max-hop 255

peer 7.7.7.7 connect-interface LoopBack1

#

l2vpn-family evpn

policy vpn-target

peer 5.5.5.5 enable

peer 5.5.5.5 advertise irb

peer 5.5.5.5 import reoriginate

peer 5.5.5.5 advertise route-reoriginated evpn mac-ip

peer 5.5.5.5 advertise route-reoriginated evpn ip

peer 7.7.7.7 enable

peer 7.7.7.7 advertise irb

peer 7.7.7.7 import reoriginate

peer 7.7.7.7 advertise route-reoriginated evpn mac-ip

peer 7.7.7.7 advertise route-reoriginated evpn ip

#

ospf 1

area 0.0.0.0

network 6.6.6.6 0.0.0.0

network 192.168.20.0 0.0.0.255

#

return

Spine2的配置文件

#

sysname Spine2

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.30.1 255.255.255.0

#

interface 10GE1/0/2

undo portswitch

ip address 192.168.40.1 255.255.255.0

#

interface LoopBack1

ip address 4.4.4.4 255.255.255.255

#

ospf 1

area 0.0.0.0

network 4.4.4.4 0.0.0.0

network 192.168.30.0 0.0.0.255

network 192.168.40.0 0.0.0.255

#

return

Leaf3的配置文件

#

sysname Leaf3

#

assign forward nvo3 acl extend enable

#

evpn-overlay enable

#

ip vpn-instance vpn1

ipv4-family

route-distinguisher 11:13

vpn-target 1:3 export-extcommunity

vpn-target 22:2 export-extcommunity evpn

vpn-target 33:3 export-extcommunity evpn

vpn-target 1:3 import-extcommunity

vpn-target 22:2 import-extcommunity evpn

vpn-target 33:3 import-extcommunity evpn

vxlan vni 5010

#

bridge-domain 10

vxlan vni 10

evpn

route-distinguisher 10:3

vpn-target 30:1 export-extcommunity

vpn-target 22:2 export-extcommunity

vpn-target 33:3 export-extcommunity

vpn-target 30:1 import-extcommunity

#

interface Vbdif10

ip binding vpn-instance vpn1

ip address 10.30.1.1 255.255.255.0

vxlan anycast-gateway enable

arp collect host enable

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.30.2 255.255.255.0

#

interface 10GE1/0/2.1 mode l2

encapsulation dot1q vid 10

bridge-domain 10

#

interface 10GE1/0/3

undo portswitch

ip address 192.168.60.2 255.255.255.0

#

interface LoopBack1

ip address 7.7.7.7 255.255.255.255

#

interface Nve1

source 7.7.7.7

vni 10 head-end peer-list protocol bgp

#

bgp 30

peer 192.168.60.1 as-number 10

#

ipv4-family unicast

network 7.7.7.7 255.255.255.255

peer 192.168.60.1 enable

#

bgp 200 instance evpn1

peer 6.6.6.6 as-number 100

peer 6.6.6.6 ebgp-max-hop 255

peer 6.6.6.6 connect-interface LoopBack1

peer 8.8.8.8 as-number 200

peer 8.8.8.8 connect-interface LoopBack1

#

l2vpn-family evpn

policy vpn-target

peer 6.6.6.6 enable

peer 6.6.6.6 advertise irb

peer 6.6.6.6 import reoriginate

peer 6.6.6.6 advertise route-reoriginated evpn mac-ip

peer 6.6.6.6 advertise route-reoriginated evpn mac

peer 8.8.8.8 enable

peer 8.8.8.8 advertise irb

peer 8.8.8.8 import reoriginate

peer 8.8.8.8 advertise route-reoriginated evpn mac-ip

peer 8.8.8.8 advertise route-reoriginated evpn mac

#

ospf 1

area 0.0.0.0

network 7.7.7.7 0.0.0.0

network 192.168.30.0 0.0.0.255

#

return

Leaf4的配置文件

#

sysname Leaf4

#

assign forward nvo3 acl extend enable

#

evpn-overlay enable

#

ip vpn-instance vpn1

ipv4-family

route-distinguisher 11:14

vpn-target 1:4 export-extcommunity

vpn-target 22:2 export-extcommunity evpn

vpn-target 1:4 import-extcommunity

vpn-target 22:2 import-extcommunity evpn

vxlan vni 5020

#

bridge-domain 20

vxlan vni 20

evpn

route-distinguisher 10:4

vpn-target 40:1 export-extcommunity

vpn-target 22:2 export-extcommunity

vpn-target 40:1 import-extcommunity

#

interface Vbdif20

ip binding vpn-instance vpn1

ip address 10.40.1.1 255.255.255.0

vxlan anycast-gateway enable

arp collect host enable

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.40.2 255.255.255.0

#

interface 10GE1/0/2.1 mode l2

encapsulation dot1q vid 20

bridge-domain 20

#

interface LoopBack1

ip address 8.8.8.8 255.255.255.255

#

interface Nve1

source 8.8.8.8

vni 20 head-end peer-list protocol bgp

#

bgp 200 instance evpn1

peer 7.7.7.7 as-number 200

peer 7.7.7.7 connect-interface LoopBack1

#

l2vpn-family evpn

policy vpn-target

peer 7.7.7.7 enable

peer 7.7.7.7 advertise irb

#

ospf 1

area 0.0.0.0

network 8.8.8.8 0.0.0.0

network 192.168.40.0 0.0.0.255

#

return

Device1的配置文件

#

sysname Device1

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.50.1 255.255.255.0

#

interface 10GE1/0/2

undo portswitch

ip address 192.168.1.1 255.255.255.0

#

interface LoopBack1

ip address 1.1.1.1 255.255.255.255

#

bgp 10

peer 192.168.1.2 as-number 10

peer 192.168.50.2 as-number 20

#

ipv4-family unicast

peer 192.168.1.2 enable

peer 192.168.1.2 next-hop-local

peer 192.168.50.2 enable

#

return

Device2的配置文件

#

sysname Device2

#

interface 10GE1/0/1

undo portswitch

ip address 192.168.60.1 255.255.255.0

#

interface 10GE1/0/2

undo portswitch

ip address 192.168.1.2 255.255.255.0

#

interface LoopBack1

ip address 2.2.2.2 255.255.255.255

#

bgp 10

peer 192.168.1.1 as-number 10

peer 192.168.60.2 as-number 30

#

ipv4-family unicast

peer 192.168.1.1 enable

peer 192.168.1.1 next-hop-local

peer 192.168.60.2 enable

#

return