思科数据中心VPC+EVPN遇到问题。
本帖最后由 cfplzjc 于 2023-1-6 12:07 编辑1、拓扑:如下图所示,某数据中心存在2个租户,分别为vpna和vpnb,底层underlay通过ospf宣告lp0和lp1路由,其中lp0用于router-id,lp1用于vtep,全网的AS号为100,采用VPC+EVPN方式实现pc二层互访及pc访问外网(ISP的lp0模拟公网的地址),这里的应用负载均衡SLB暂时没有参与路由转发。
问题:VPC虚拟端口通道一直提示全局参数校验不通过,N9K启动经常丢失interface nve配置(重新启动又会好),Spine无法正常反射路由,哪位思科大神帮忙看看是什么问题造成,在此先谢过。
这里全部参考华为的配置,对思科的配置进行对齐翻译,难免有遗漏,欢迎各位指出。
HuaweiCisco
M-LAG配置命令对比
#stp mode rstpstp v-stp enable#interface GE1/0/1undo portswitchip address192.168.11.1 255.255.255.252m-lagunpaired-port reserved#dfs-group 1priority 150source ip 192.168.11.1 peer 192.168.11.2consistency-check enable mode loosedual-activedetection enhanced enable
!
feature lacp
feature vpc
!
interfaceEthernet1/1
no switchport
ip address 192.168.11.1/30
no shutdown
!
vpc domain 10
peer-switch
peer-gateway
role priority 100
system-priority 200
peer-keepalive destination 192.168.11.2source 192.168.11.1
#interface Eth-Trunk0 peer-linkdescriptionPeer-linkmodelacp-staticpeer-link 1
#interface Eth-Trunk1 M-LAG description M-LAGportmodelacp-staticdfs-group 1 m-lag1!
interfaceport-channel1 peer-link
description Peer-link
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
vpc peer-link
!
interfaceport-channel2 M-LAG
description M-LAG port
switchport mode trunk
switchport trunk allowed vlan 10
vpc 2
M-LAG查询命令对比
dis dfs-group 1 m-lagbrief
show vpc
dis eth-trunkverbose
show port-channelsummary
BGP EVPN配置命令对比
#assign forward layer-3 resource large-overlay#evpn-overlay enable!
nv overlay evpn
feature ospf
feature bgp
feature fabricforwarding
feature interface-vlan
featurevn-segment-vlan-based
feature nv overlay
#
bridge-domain 10
vxlan vni 10
#
evpn
route-distinguisher 12:111
vpn-target 0:1 export-extcommunity
vpn-target 1:1 export-extcommunity
vpn-target 0:1 import-extcommunity
arp broadcast-suppress enable#interfaceEth-Trunk1.1 mode l2
encapsulation dot1q vid 10
bridge-domain 10!
vlan 10
vn-segment 10
!
evpn
vni 10 l2
rd auto
route-target import auto
route-target export auto
!
interfaceEthernet1/3
description TO HOST1 - VL10
switchport access vlan 10
mtu 9216
#ip vpn-instance vpna ipv4-family route-distinguisher 1:1vpn-target 1:2export-extcommunityvpn-target 1:2export-extcommunity evpnvpn-target 1:1import-extcommunityvpn-target 1:1import-extcommunity evpnvxlan vni 100
#
interface Vbdif10
ip binding vpn-instance vpna
ip address 192.168.1.1 255.255.255.0
mac-address 0000-5e00-0102
vxlan anycast-gateway enable
arp collect host enable
!-----------------创建三层需要用到的vlan
vlan 100
vn-segment 100
!-----------------三层vrf及三层VNI
vrf context vpna
vni 100
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
!------------------三层网关interface Vlan10
no shutdownmtu 9216vrf member vpnaip address 192.168.1.1/24fabricforwarding mode anycast-gateway!-----------------三层vlan绑L3VNI
interface Vlan100
description vpna vl100 L3VNI
no shutdown
mtu 9216
vrf member vpna
ip forward
#
interfaceloopback0
des for router-id
ip address 1.1.1.1 32
#
interface loopack1
des for vtep
ip address 10.1.1.1 32
#
interface Nve1
source 10.1.1.1
vni 10 head-end peer-list protocol bgp
mac-address 0000-5e00-0111
#ospf 100 router-id 1.1.1.1 area 0.0.0.0network 1.1.1.10.0.0.0network 10.1.1.10.0.0.0!
interfaceloopback0
description RID
ip address 1.1.1.1/32
iprouter ospf 100 area 0.0.0.0
!
interfaceloopback0
description VTEP
ip address 10.1.1.1/32
iprouter ospf 100 area 0.0.0.0
!
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 10
suppress-arp
member vni 100 associate-vrf
!
fabric forwardinganycast-gateway-mac 0000.dc01.dc01
!
router ospf 100
router-id 1.1.1.1
passive-interface default
#bgp 100router-id 1.1.1.1undo defaultipv4-unicastpeer 11.1.1.1as-number 100peer 11.1.1.1description to SP1peer 11.1.1.1connect-interface LoopBack0 # ipv4-familyvpn-instance vpnadefault-routeimportedimport-routestatimaximumload-balancing 32advertisel2vpn evpn # l2vpn-familyevpnpolicyvpn-targetpeer 11.1.1.1enablepeer 11.1.1.1 advertise irb
!
router bgp 100
router-id 1.1.1.1
neighbor 11.1.1.1
remote-as 100
description to SP1
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
vrf vpna
address-family ipv4 unicast
advertise l2vpn evpn
BGP EVPN查询命令对比
dis bridge-domain10
dis bgp evpn peer
show bgp l2vpnevpn summary
dis vxlan tunnel
show nve peers
dis bgp evpn routing-table mac-route/inclusive-route/prefix-routeshow bgp l2vpn evpn route-type 1/2/3/4/5/6
dis mac-addressbridge-domain xx
show macaddress-table vni 10
2、配置命令:
!hostname ISP!interface Loopback0 ip address 88.1.1.1 255.255.255.255!interface GigabitEthernet0/0 no ip address! interface GigabitEthernet0/0.1 encapsulation dot1Q 10 ip address172.16.0.1 255.255.255.252 ip ospf network point-to-point!interface GigabitEthernet0/0.2 encapsulation dot1Q 20 ip address172.16.1.1 255.255.255.252 ip ospf network point-to-point!interface GigabitEthernet0/1 no ip address!interface GigabitEthernet0/1.1 encapsulation dot1Q 10 ip address172.16.0.5 255.255.255.252 ip ospf network point-to-point!interface GigabitEthernet0/1.2 encapsulation dot1Q 20 ip address172.16.1.5 255.255.255.252 ip ospf network point-to-point!router ospf 10 router-id 88.1.1.1 network 88.1.1.1 0.0.0.0 area 0 network 172.16.0.1 0.0.0.0 area 0 network 172.16.0.5 0.0.0.0 area 0! router ospf 20 router-id 88.1.1.2 network 88.1.1.10.0.0.0 area 0 network 172.16.1.1 0.0.0.0 area 0 network 172.16.1.5 0.0.0.0 area 0 ------------------------------------------------------------------------------------------------------!hostname Border_Avdc Border_Aid 1limit-resource vlan minimum 16 maximum 4094limit-resource vrf minimum 2 maximum 4096limit-resource port-channel minimum 0 maximum511limit-resource u4route-mem minimum 248maximum 248limit-resource u6route-mem minimum 96 maximum96limit-resource m4route-mem minimum 58 maximum58limit-resource m6route-mem minimum 8 maximum8!feature telnetcfs eth distributenv overlay evpnfeature ospffeature bgpfeature fabric forwardingfeature interface-vlanfeature vn-segment-vlan-basedfeature lacpfeature vpcfeature nvoverlay!hardware access-listtcam region racl 512hardware access-listtcam region arp-ether 256!no password strength-checkusername admin password 5 admin role network-admin!ip access-list gw_vpna10 permit ip any 192.168.1.0/24 ip access-list gw_vpnb10 permit ip any 192.168.2.0/24 ip access-list vpna10 permit ip 192.168.1.0/24 any ip access-list vpnb10 permit ip 192.168.2.0/24 any !fabric forwarding anycast-gateway-mac 0000.dc01.dc01ip route 0.0.0.0/0 172.16.11.2 vrf vpnaip route 0.0.0.0/0 172.16.21.2 vrf vpnbip route 192.168.1.0/24 172.16.12.2 vrf gw_vpnaip route 192.168.2.0/24 172.16.22.2 vrf gw_vpnb!vlan1,11-12,21-22,100-101,200-201vlan 11name vpnavn-segment 10vlan 12name gw_vpnavn-segment 12vlan 21name vpnbvn-segment 20vlan 22name gw_vpnbvn-segment 22vlan 100name vpna_l3vnivn-segment 100vlan 101name gw_vpna_l3vnivn-segment 101vlan 200name vpnb_l3vnivn-segment 200vlan 201name gw_vpnb_l3vnivn-segment 201!evpnvni 10 l2 rd auto route-target import auto route-target export autovni 12 l2 rd auto route-target import auto route-target export autovni 20 l2 rd auto route-target import auto route-target export autovni 22 l2 rd auto route-target import auto route-target export auto!route-map gw_vpna permit 10match ip address prefix-list gw_vpna route-map gw_vpnb permit 10match ip address prefix-list gw_vpnb route-map vpna permit 10match ip address prefix-list vpna route-map vpnb permit 10match ip address prefix-list vpnb!vrf contextgw_vpnavni 101rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf contextgw_vpnbvni 201rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf context heatvrf context vpnavni 100rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf context vpnbvni 200rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvpc domain 100peer-switchrole priority 100system-priority 100peer-keepalive destination 192.16.1.2 source192.16.1.1 vrf heatpeer-gateway!interface Vlan11no shutdownmtu 9216vrf member vpnaip address 172.16.11.1/24fabric forwarding mode anycast-gateway!interface Vlan12no shutdownmtu 9216vrf member gw_vpnaip address 172.16.12.1/24fabric forwarding mode anycast-gateway!interface Vlan21no shutdownmtu 9216vrf member vpnbip address 172.16.21.1/24fabric forwarding mode anycast-gateway!interface Vlan22no shutdownmtu 9216vrf member gw_vpnbip address 172.16.22.1/24fabric forwarding mode anycast-gateway!interface Vlan100description vpna_l3vnino shutdownmtu 9216vrf member vpnaip forward!interface Vlan101description gw_vpna_l3vnino shutdownmtu 9216vrf member vpnaip forward!interface Vlan200description vpnb_l3vnino shutdownmtu 9216vrf member vpnbip forward!interface Vlan201description gw_vpnb_l3vnino shutdownmtu 9216vrf member gw_vpnb!interface port-channel6switchport mode trunkswitchport trunk allowed vlan 11vpc 6!interface port-channel7switchport mode trunkswitchport trunk allowed vlan 21vpc 7!interface port-channel8switchport mode trunkswitchport trunk allowed vlan 13vpc 8!interface port-channel9switchport mode trunkswitchport trunk allowed vlan 23vpc 9!interface port-channel100switchport mode trunkspanning-tree port type networkvpc peer-link!interface Ethernet1/1no switchportno shutdown!interface Ethernet1/1.1encapsulation dot1q 10vrf member gw_vpnaip address 172.16.0.2/30ip ospf network point-to-pointip router ospf 10 area 0.0.0.0!interface Ethernet1/1.2encapsulation dot1q 20vrf member gw_vpnbip address 172.16.1.2/30ip ospf network point-to-pointip router ospf 20 area 0.0.0.0!interface Ethernet1/2switchport mode trunkchannel-group 100 mode active!interface Ethernet1/3no switchportmtu 9216vrf member heatip address 192.16.1.1/30no shutdown!interface Ethernet1/4no switchportno shutdown!interface Ethernet1/4.1encapsulation dot1q 100vrf member gw_vpnaip address 172.16.0.101/30ip ospf cost 100ip ospf network point-to-pointip router ospf 10 area 0.0.0.0!interface Ethernet1/4.2encapsulation dot1q 200vrf member gw_vpnbip address 172.16.1.101/30ip ospf cost 100ip ospf network point-to-pointip router ospf 20 area 0.0.0.0!interface Ethernet1/5description to spine1no switchportmtu 9216ip address 172.16.2.2/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/6switchport mode trunkswitchport trunk allowed vlan 11channel-group 6 mode active!interface Ethernet1/7switchport mode trunkswitchport trunk allowed vlan 21channel-group 7 mode active!interface Ethernet1/8switchport mode trunkswitchport trunk allowed vlan 13channel-group 8 mode active!interface Ethernet1/9switchport mode trunkswitchport trunk allowed vlan 23channel-group 9 mode active!interface nve1no shutdownhost-reachability protocol bgpsource-interface loopback1member vni 10 suppress-arpmember vni 12 suppress-arpmember vni 20 suppress-arpmember vni 22 suppress-arpmember vni 100 associate-vrfmember vni 101 associate-vrfmember vni 200 associate-vrfmember vni 201 associate-vrf!interface loopback0description for router-idip address 1.1.1.1/32ip router ospf 100 area 0.0.0.0!interface loopback1description for vtepip address 10.1.1.1/32ip router ospf 100 area 0.0.0.0!router ospf 10router-id 1.1.1.1vrf gw_vpnarouter ospf 100router-id 1.1.1.1router ospf 20router-id 1.1.1.1vrf gw_vpnbrouter bgp 100router-id 1.1.1.1neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extendedvrf gw_vpna address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map gw_vpnavrf gw_vpnb address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map gw_vpnbvrf vpna address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map vpnavrf vpnb address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map vpnb -----------------------------------------------------------------------------------------------!hostname Border_Bvdc Border_Bid 1limit-resource vlan minimum 16 maximum 4094limit-resource vrf minimum 2 maximum 4096limit-resource port-channel minimum 0 maximum511limit-resource u4route-mem minimum 248maximum 248limit-resource u6route-mem minimum 96 maximum96limit-resource m4route-mem minimum 58 maximum58limit-resource m6route-mem minimum 8 maximum8!feature telnetcfs eth distributenv overlay evpnfeature ospffeature bgpfeature fabric forwardingfeature interface-vlanfeature vn-segment-vlan-basedfeature lacpfeature vpcfeature nv overlay!hardware access-listtcam region racl 512hardware access-listtcamregion arp-ether 256!no password strength-checkusername admin password 5 admin role network-admin!ip access-list gw_vpna10 permit ip any 192.168.1.0/24 ip access-list gw_vpnb10 permit ip any 192.168.2.0/24 ip access-list vpna10 permit ip 192.168.1.0/24 any ip access-list vpnb10 permit ip 192.168.2.0/24 any !fabric forwarding anycast-gateway-mac 0000.dc01.dc01ip route 0.0.0.0/0 172.16.11.2 vrf vpnaip route 0.0.0.0/0 172.16.21.2 vrf vpnbip route 192.168.1.0/24172.16.12.2 vrf gw_vpnaip route192.168.2.0/24 172.16.22.2 vrf gw_vpnb!vlan1,11-12,21-22,100-101,200-201vlan 11name vpnavn-segment 10vlan 12name gw_vpnavn-segment 12vlan 21name vpnbvn-segment 20vlan 22name gw_vpnbvn-segment 22vlan 100name vpna_l3vnivn-segment 100vlan 101name gw_vpna_l3vnivn-segment 101vlan 200name vpnb_l3vnivn-segment 200vlan 201name gw_vpnb_l3vnivn-segment 201!evpnvni 10 l2 rd auto route-target import auto route-target export autovni 12 l2 rd auto route-target import auto route-target export autovni 20 l2 rd auto route-target import auto route-target export autovni 22 l2 rd auto route-target import auto route-target export auto!route-map gw_vpna permit 10match ip address prefix-list gw_vpna route-map gw_vpnb permit 10match ip address prefix-list gw_vpnb route-map vpna permit 10match ip address prefix-list vpna route-map vpnb permit 10match ip address prefix-list vpnb !vrf context gw_vpnavni 101rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf context gw_vpnbvni 201rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf context heatvrf context vpnavni 100rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf context vpnbvni 200rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvpc domain 100peer-switchrole priority 100system-priority 100peer-keepalive destination 192.16.1.1 source192.16.1.2 vrf heatpeer-gateway!interface Vlan11no shutdownmtu 9216vrf member vpnaip address 172.16.11.1/24fabric forwarding mode anycast-gateway!interface Vlan12no shutdownmtu 9216vrf member gw_vpnaip address 172.16.12.1/24fabric forwarding mode anycast-gateway!interface Vlan21no shutdownmtu 9216vrf member vpnbip address 172.16.21.1/24fabric forwarding mode anycast-gateway!interface Vlan22no shutdownmtu 9216vrf member gw_vpnbip address 172.16.22.1/24fabric forwarding mode anycast-gateway!interface Vlan100description vpna_l3vnino shutdownmtu 9216vrf member vpnaip forward!interface Vlan101description gw_vpna_l3vnino shutdownmtu 9216vrf member vpnaip forward!interface Vlan200description vpnb_l3vnino shutdownmtu 9216vrf member vpnbip forward!interface Vlan201description gw_vpnb_l3vnino shutdownmtu 9216vrf member vpnbip forward!interface port-channel6switchport mode trunkswitchport trunk allowed vlan 11vpc 6!interface port-channel7switchport mode trunkswitchport trunk allowed vlan 21vpc 7!interface port-channel8switchport mode trunkswitchport trunk allowed vlan 13vpc 8!interface port-channel9switchport mode trunkswitchport trunk allowed vlan 23vpc 9!interface port-channel100switchport mode trunkspanning-tree port type networkvpc peer-link!interface Ethernet1/1no switchportno shutdown!interface Ethernet1/1.1encapsulation dot1q 10vrf member gw_vpnaip address 172.16.0.6/30ip ospf network point-to-pointip router ospf 10 area 0.0.0.0!interface Ethernet1/1.2encapsulation dot1q 20vrf member gw_vpnbip address 172.16.1.6/30ip ospf network point-to-pointip router ospf 20 area 0.0.0.0!interface Ethernet1/2switchport mode trunkchannel-group 100 mode active!interface Ethernet1/3no switchportmtu 9216vrf member heatip address 192.16.1.2/30no shutdown!interface Ethernet1/4no switchportno shutdown!interface Ethernet1/4.1encapsulation dot1q 100vrf member gw_vpnaip address 172.16.0.102/30ip ospf cost 100ip ospf network point-to-pointip router ospf 10 area 0.0.0.0!interface Ethernet1/4.2encapsulation dot1q 200vrf member gw_vpnbip address 172.16.1.102/30ip ospf cost 100ip ospf network point-to-pointip router ospf 20 area 0.0.0.0!interface Ethernet1/5description to spine1no switchportmtu 9216ip address 172.16.2.6/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/6switchport mode trunkswitchport trunk allowed vlan 11channel-group 6 mode active!interfaceEthernet1/7switchport mode trunkswitchport trunk allowed vlan 21channel-group 7 mode active!interface Ethernet1/8switchport mode trunkswitchport trunk allowed vlan 13channel-group 8 mode active!interface Ethernet1/9switchport mode trunkswitchport trunk allowed vlan 23channel-group 9 mode active!interface nve1no shutdownhost-reachability protocol bgpsource-interface loopback1member vni 10 suppress-arpmember vni 12 suppress-arpmember vni 20 suppress-arpmember vni 22 suppress-arpmember vni 100 associate-vrfmember vni 101 associate-vrfmember vni 200 associate-vrfmember vni 201 associate-vrf!interface loopback0description for router-idip address 1.1.1.2/32ip router ospf 100 area 0.0.0.0!interface loopback1description for vtepip address 10.1.1.1/32ip router ospf 100 area 0.0.0.0!router ospf 10router-id 1.1.1.2vrf gw_vpnarouter ospf 100router-id 1.1.1.2router ospf 20router-id 1.1.1.2vrf gw_vpnbrouter bgp 100router-id 1.1.1.2neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extendedvrf gw_vpna address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map gw_vpnavrf gw_vpnb address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map gw_vpnbvrf vpna address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map vpnavrf vpnb address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map vpnb ---------------------------------------------------------------------------------!hostname FWA!interface Ethernet0 channel-group1 mode active no nameif no security-level no ip address!interface Ethernet1 channel-group1 mode active no nameif no security-level no ip address!interface Port-channel1 no nameif no security-level no ip address!interface Port-channel1.1 vlan 11 nameif inside security-level 100 ip address 172.16.11.2 255.255.255.252 !interface Port-channel1.2 vlan 12 nameif outside security-level 0 ip address 172.16.12.2 255.255.255.252!access-list ping extended permit icmp any any!access-group ping in interface insideaccess-group ping in interface outside!route outside 0.0.0.0 0.0.0.0 172.16.12.1 1 route inside192.168.1.0 255.255.255.0 172.16.11.1 1 ----------------------------------------------------------------------------------------!hostname FWB!interface Ethernet0 channel-group1 mode active no nameif no security-level no ip address!interface Ethernet1 channel-group1 mode active no nameif no security-level no ip address!interface Port-channel1 no nameif no security-level no ip address!interface Port-channel1.1 vlan 21 nameif inside security-level 100 ip address 172.16.21.2 255.255.255.252 !interface Port-channel1.2 vlan 22 nameif outside security-level 0 ip address 172.16.22.2 255.255.255.252!access-list ping extended permit icmp any any !access-group ping in interface insideaccess-group ping in interface outside!route outside 0.0.0.0 0.0.0.0 172.16.22.1 1 route inside 192.168.2.0 255.255.255.0 172.16.21.1 1 -------------------------------------------------------------------------------------------------!hostname Spine1vdc Spine1 id1limit-resource vlan minimum 16 maximum 4094limit-resource vrf minimum 2 maximum 4096limit-resource port-channel minimum 0 maximum511limit-resource u4route-mem minimum 248maximum 248limit-resource u6route-mem minimum 96 maximum96limit-resource m4route-mem minimum 58 maximum58limit-resource m6route-mem minimum 8 maximum8!feature telnetcfs eth distributenv overlay evpnfeature ospffeature bgpfeature interface-vlan!no password strength-checkusername admin password 5 admin role network-admin!interface Ethernet1/1description to BL_Ano switchportmtu 9216ip address 172.16.2.1/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/2description to BL_Bno switchportmtu 9216ip address 172.16.2.5/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/3description to SL1Ano switchportmtu 9216ip address 172.16.2.9/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/4description to SL1Bno switchportmtu 9216ip address 172.16.2.13/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/5description to SL2Ano switchportmtu 9216ip address 172.16.2.17/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/6description to SL2Bno switchportmtu 9216ip address 172.16.2.21/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface loopback0description for router-idip address 2.1.1.1/32ip router ospf 100 area 0.0.0.0!router ospf 100router-id 2.1.1.1router bgp 100router-id 2.1.1.1neighbor 1.1.1.1 remote-as 100 description to BLA update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-clientneighbor 1.1.1.2 remote-as 100 description to BLB update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-clientneighbor 3.1.1.1 remote-as 100 description to Leaf1A update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-clientneighbor 3.1.1.2 remote-as 100 description to Leaf1B update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-clientneighbor 4.1.1.1 remote-as 100 description to Leaf2A update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-clientneighbor 4.1.1.2 remote-as 100 description to Leaf2B update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-client -----------------------------------------------------------------------------!hostname Leaf1Avdc Leaf1A id1limit-resource vlan minimum 16 maximum 4094limit-resource vrf minimum 2 maximum 4096limit-resource port-channel minimum 0 maximum511limit-resource u4route-mem minimum 248maximum 248limit-resource u6route-mem minimum 96 maximum96limit-resource m4route-mem minimum 58 maximum58limit-resource m6route-mem minimum 8 maximum8!feature telnetcfs eth distributenv overlay evpnfeature ospffeature bgpfeature fabricforwardingfeature interface-vlanfeature vn-segment-vlan-basedfeature lacpfeature vpcfeature nv overlay!hardware access-listtcam region racl 512hardware access-listtcam region arp-ether 256!no password strength-checkusername admin password 5 admin role network-admin!fabric forwarding anycast-gateway-mac 0000.dc01.dc01vlan1,10,20,100,200vlan 10name vpnavn-segment 10vlan 20name vpnbvn-segment 20vlan 100name vpna_l3vnivn-segment 100vlan 200name vpnb_l3vnivn-segment 200!evpnvni 10 l2 rd auto route-target import auto route-target export autovni 20 l2 rd auto route-target import auto route-target export auto!vrf context heatvrf context vpnavni 100rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf context vpnbvni 200rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvpc domain 100peer-switchrole priority 100system-priority 100peer-keepalive destination 192.16.2.2 source192.16.2.1 vrf heatpeer-gateway!interface Vlan10no shutdownmtu 9216vrf member vpnaip address 192.168.1.1/24fabric forwarding mode anycast-gateway!interface Vlan20no shutdownmtu 9216vrf member vpnbip address 192.168.2.1/24fabric forwarding mode anycast-gateway!interface Vlan100description vpna_l3vnino shutdownmtu 9216vrf member vpnaip forward!interface Vlan200description vpnb_l3vnino shutdownmtu 9216vrf member vpnbip forward!interface port-channel4switchport mode trunkswitchport trunk allowed vlan 10,20vpc 4!interface port-channel100switchport mode trunkspanning-tree port type networkvpc peer-link!interface Ethernet1/1description to spine1no switchportmtu 9216ip address 172.16.2.10/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/2switchport mode trunkchannel-group 100 mode active!interface Ethernet1/3no switchportmtu 9216vrf member heatip address 192.16.2.1/30no shutdown!interface Ethernet1/4switchport mode trunkswitchport trunk allowed vlan 10,20channel-group 4 mode active!interface nve1no shutdownhost-reachability protocol bgpsource-interface loopback1member vni 10 suppress-arpmember vni 20 suppress-arpmember vni 100 associate-vrfmember vni 200 associate-vr!interface loopback0description for router-idip address 3.1.1.1/32ip router ospf 100 area 0.0.0.0!interface loopback1description for vtepip address 10.3.3.3/32ip router ospf 100 area 0.0.0.0!router ospf 100router-id 3.1.1.1router bgp 100router-id 3.1.1.1neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extendedvrf vpna address-family ipv4 unicast advertise l2vpn evpnvrf vpnb address-family ipv4 unicast advertise l2vpn evpn -------------------------------------------------------------------------------------------!hostname Leaf1Bvdc Leaf1B id1limit-resource vlan minimum 16 maximum 4094limit-resource vrf minimum 2 maximum 4096limit-resource port-channel minimum 0 maximum511limit-resource u4route-mem minimum 248maximum 248limit-resource u6route-mem minimum 96 maximum96limit-resource m4route-mem minimum 58 maximum58limit-resource m6route-mem minimum 8 maximum8!feature telnetcfs eth distributenv overlay evpnfeature ospffeature bgpfeature fabric forwardingfeature interface-vlanfeature vn-segment-vlan-basedfeature lacpfeature vpcfeature nv overlay!hardware access-listtcam region racl 512hardware access-listtcam region arp-ether 256!no password strength-checkusername adminpassword 5 admin role network-admin!fabric forwarding anycast-gateway-mac 0000.dc01.dc01vlan1,10,20,100,200vlan 10name vpnavn-segment 10vlan 20name vpnbvn-segment 20vlan 100name vpna_l3vnivn-segment 100vlan 200name vpnb_l3vnivn-segment 200!evpnvni 10 l2 rd auto route-target import auto route-target export autovni 20 l2 rd auto route-target import auto route-target export auto!vrf context heatvrf context vpnavni 100rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf context vpnbvni 200rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvpc domain 100peer-switchrole priority 200system-priority 100peer-keepalive destination 192.16.2.1 source192.16.2.2 vrf heatpeer-gateway!interface Vlan10no shutdownmtu 9216vrf member vpnaip address 192.168.1.1/24fabric forwarding mode anycast-gateway!interface Vlan20no shutdownmtu 9216vrf member vpnbip address 192.168.2.1/24fabric forwarding mode anycast-gateway!interface Vlan100description vpna_l3vnino shutdownmtu 9216vrf member vpnaip forward!interface Vlan200description vpnb_l3vnino shutdownmtu 9216vrf member vpnbip forward!interface port-channel4switchport mode trunkswitchport trunk allowed vlan 10,20vpc 4!interface port-channel100switchport mode trunkspanning-tree port type networkvpc peer-link!interface Ethernet1/1description to spine1no switchportmtu 9216ip address 172.16.2.14/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/2switchport mode trunkchannel-group 100 mode active!interface Ethernet1/3no switchportmtu 9216vrf member heatip address 192.16.2.2/30no shutdown!interface Ethernet1/4switchport mode trunkswitchport trunk allowed vlan 10,20channel-group 4 mode active!interface nve1no shutdownhost-reachability protocol bgpsource-interface loopback1member vni 10 suppress-arpmember vni 20 suppress-arpmember vni 100 associate-vrfmember vni 200 associate-vr!interface loopback0description for router-idip address 3.1.1.2/32ip router ospf 100 area 0.0.0.0!interface loopback1description for vtepip address 10.3.3.3/32ip router ospf 100 area 0.0.0.0!router ospf 100router-id 3.1.1.2router bgp 100router-id 3.1.1.2neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extendedvrf vpna address-family ipv4 unicast advertise l2vpn evpnvrf vpnb address-family ipv4 unicast advertise l2vpn evpn --------------------------------------------------------------------------------------------!hostname SWA!vlan 10,20!interface Port-channel1 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk!interface GigabitEthernet0/0 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto channel-group1 mode active!interface GigabitEthernet0/1 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto channel-group1 mode active!interface GigabitEthernet0/2 switchport access vlan 10 switchport mode access negotiation auto!interface GigabitEthernet0/3 switchport access vlan 20 switchport mode access negotiation auto -----------------------------------------------------------------------------------------!hostname Leaf2Avdc Leaf2A id1limit-resource vlan minimum 16 maximum 4094limit-resource vrf minimum 2 maximum 4096limit-resource port-channel minimum 0 maximum511limit-resource u4route-mem minimum 248maximum 248limit-resource u6route-mem minimum 96 maximum96limit-resource m4route-mem minimum 58 maximum58limit-resource m6route-mem minimum 8 maximum8!feature telnetcfs eth distributenv overlay evpnfeature ospffeature bgpfeature fabric forwardingfeature interface-vlanfeature vn-segment-vlan-basedfeature lacpfeature vpcfeature nv overlay!hardware access-listtcam region racl 512hardware access-listtcam region arp-ether 256!no password strength-checkusername admin password 5 admin role network-admin!fabric forwarding anycast-gateway-mac 0000.dc01.dc01vlan1,10,20,100,200vlan 10name vpnavn-segment 10vlan 20name vpnbvn-segment 20vlan 100name vpna_l3vnivn-segment 100vlan 200name vpnb_l3vnivn-segment 200!evpnvni 10 l2 rd auto route-target import auto route-target export autovni 20 l2 rd auto route-target import auto route-target export auto!vrf context heatvrf context vpnavni 100rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf context vpnbvni 200rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvpc domain 100peer-switchrole priority 100system-priority 100peer-keepalive destination 192.16.3.2 source192.16.3.1 vrf heatpeer-gateway!interface Vlan10no shutdownmtu 9216vrf member vpnaip address 192.168.1.1/24fabric forwarding mode anycast-gateway!interface Vlan20no shutdownmtu 9216vrf member vpnbip address 192.168.2.1/24fabric forwarding mode anycast-gateway!interface Vlan100description vpna_l3vnino shutdownmtu 9216vrf member vpnaip forward!interface Vlan200description vpnb_l3vnino shutdownmtu 9216vrf member vpnbip forward!interface port-channel4switchport mode trunkswitchport trunk allowed vlan 10,20vpc 4!interface port-channel100switchport mode trunkspanning-tree port type networkvpc peer-link!interface Ethernet1/1description to spine1no switchportmtu 9216ip address 172.16.2.18/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/2switchport mode trunkchannel-group 100 mode active!interface Ethernet1/3no switchportmtu 9216vrf member heatip address 192.16.3.1/30no shutdown!interface Ethernet1/4switchport mode trunkswitchport trunk allowed vlan 10,20channel-group 4 mode active!interface nve1no shutdownhost-reachability protocol bgpsource-interface loopback1member vni 10 suppress-arpmember vni 20 suppress-arpmember vni 100 associate-vrfmember vni 200 associate-vr!interface loopback0description for router-idip address 4.1.1.1/32ip router ospf 100 area 0.0.0.0!interface loopback1description for vtepip address 10.4.4.4/32ip router ospf 100 area 0.0.0.0!router ospf 100router-id 4.1.1.1router bgp 100router-id 4.1.1.1neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extendedvrf vpna address-family ipv4 unicast advertise l2vpn evpnvrf vpnb address-family ipv4 unicast advertise l2vpn evpn ---------------------------------------------------------------------------------------!hostname Leaf2Bvdc Leaf2B id1limit-resource vlan minimum 16 maximum 4094limit-resource vrf minimum 2 maximum 4096limit-resource port-channel minimum 0 maximum511limit-resource u4route-mem minimum 248maximum 248limit-resource u6route-mem minimum 96 maximum96limit-resource m4route-mem minimum 58 maximum58limit-resource m6route-mem minimum 8 maximum8!feature telnetcfs eth distributenv overlay evpnfeature ospffeature bgpfeature fabric forwardingfeature interface-vlanfeature vn-segment-vlan-basedfeature lacpfeature vpcfeature nv overlay!hardware access-listtcam region racl 512hardware access-listtcam region arp-ether 256!no password strength-checkusername admin password 5 admin role network-admin!fabric forwarding anycast-gateway-mac 0000.dc01.dc01vlan1,10,20,100,200vlan 10name vpnavn-segment 10vlan 20name vpnbvn-segment 20vlan 100name vpna_l3vnivn-segment 100vlan 200name vpnb_l3vnivn-segment 200!evpnvni 10 l2 rd auto route-target import auto route-target export autovni 20 l2 rd auto route-target import auto route-target export auto!vrf context heatvrf context vpnavni 100rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvrf contextvpnbvni 200rd autoaddress-family ipv4 unicast route-target both auto route-target both auto evpnvpc domain 100peer-switchrole priority 200system-priority 100peer-keepalive destination 192.16.3.1 source192.16.3.2 vrf heatpeer-gateway!interface Vlan10no shutdownmtu 9216vrf member vpnaip address 192.168.1.1/24fabric forwarding mode anycast-gateway!interface Vlan20no shutdownmtu 9216vrf member vpnbip address 192.168.2.1/24fabric forwarding mode anycast-gateway!interface Vlan100description vpna_l3vnino shutdownmtu 9216vrf member vpnaip forward!interface Vlan200description vpnb_l3vnino shutdownmtu 9216vrf member vpnbip forward!interface port-channel4switchport mode trunkswitchport trunk allowed vlan 10,20vpc 4!interface port-channel100switchport mode trunkspanning-tree port type networkvpc peer-link!interface Ethernet1/1description to spine1no switchportmtu 9216ip address 172.16.2.22/30ip ospf network point-to-pointip router ospf 100 area 0.0.0.0no shutdown!interface Ethernet1/2switchport mode trunkchannel-group 100 mode active!interface Ethernet1/3no switchportmtu 9216vrf member heatip address 192.16.3.2/30no shutdown!interface Ethernet1/4switchport mode trunkswitchport trunk allowed vlan 10,20channel-group 4 mode active!interface nve1no shutdownhost-reachability protocol bgpsource-interface loopback1member vni 10 suppress-arpmember vni 20 suppress-arpmember vni 100 associate-vrfmember vni 200 associate-vr!interface loopback0description for router-idip address 4.1.1.2/32ip router ospf 100 area 0.0.0.0!interface loopback1description for vtepip address 10.4.4.4/32ip router ospf 100 area 0.0.0.0!router ospf 100router-id 4.1.1.2router bgp 100router-id 4.1.1.2neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extendedvrf vpna address-family ipv4 unicast advertise l2vpn evpnvrf vpnb address-family ipv4 unicast advertise l2vpn evpn --------------------------------------------------------------------------!hostname SWB!vlan 10,20!interface Port-channel1 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk!interface GigabitEthernet0/0 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto channel-group1 mode active!interface GigabitEthernet0/1 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto channel-group1 mode active!interface GigabitEthernet0/2 switchport access vlan 10 switchport mode accessnegotiation auto
3、实验结果
(1)ISP无法和BL_A、BL_B建立OSPF邻居,已排查硬件原因,CPU偶尔冲高,但稳定在80左右
(2)spine和Leaf(Border Leaf、Server Leaf)的OSPF邻居、EVPN邻居正常建立
(3)VPC验证,总是提示全局参数校验失败,但检查又没发现一次一行
(4)Leaf2A下的192.168.1.20/32的主机路由,无法经spine反射给Leaf1A,vxlan隧道无法建立
(5)保存配置各种失败,只好手敲备份了。。。
本帖最后由 cfplzjc 于 2023-1-5 22:24 编辑
这个网站编辑器太难用(从word复制过来的,部分空格给省略掉),大家将就着看。:(,ISP路由和SW交换机使用vIOS-router和vIOS-swtich,数据中心交换机使用N9K-9300。FW使用ASA915
N9K配置evpn+vpc有bug,建议不要配置vpc了,我记得我只成功过一两次,后面加vpc后loopback接口莫名其妙的down了 爱笑的眼睛 发表于 2023-1-10 10:50
N9K配置evpn+vpc有bug,建议不要配置vpc了,我记得我只成功过一两次,后面加vpc后loopback接口莫名其妙的do ...
多谢,回头用EVPN单独测试一下。 爱笑的眼睛 发表于 2023-1-10 10:50
N9K配置evpn+vpc有bug,建议不要配置vpc了,我记得我只成功过一两次,后面加vpc后loopback接口莫名其妙的do ...
我也遇到这个问题,来论坛里找答案,不知道为什么,孤立的 那台9k,loopback 会down
缓缓华为的ce12800试试呢 猪一枚 发表于 2023-10-30 17:37
缓缓华为的ce12800试试呢
别提这茬,就来气,华为CE12800的分布式EVPN二层通信有问题,M-LAG不支持。所以才想用思科验证一些原理。 猪一枚 发表于 2023-10-30 17:37
缓缓华为的ce12800试试呢
不够我已经找到问题源了,思科的N9K是用组播建vxlan隧道,不同于华为华三的type 3建vxlan隧道。
页:
[1]