本帖最后由 cfplzjc 于 2023-1-6 12:07 编辑
1、拓扑:如下图所示,某数据中心存在2个租户,分别为vpna和vpnb,底层underlay通过ospf宣告lp0和lp1路由,其中lp0用于router-id,lp1用于vtep,全网的AS号为100,采用VPC+EVPN方式实现pc二层互访及pc访问外网(ISP的lp0模拟公网的地址),这里的应用负载均衡SLB暂时没有参与路由转发。
问题:VPC虚拟端口通道一直提示全局参数校验不通过,N9K启动经常丢失interface nve配置(重新启动又会好),Spine无法正常反射路由,哪位思科大神帮忙看看是什么问题造成,在此先谢过。
这里全部参考华为的配置,对思科的配置进行对齐翻译,难免有遗漏,欢迎各位指出。
Huawei | Cisco | M-LAG配置命令对比 | # stp mode rstp stp v-stp enable # interface GE1/0/1 undo portswitch ip address 192.168.11.1 255.255.255.252 m-lag unpaired-port reserved # dfs-group 1 priority 150 source ip 192.168.11.1 peer 192.168.11.2 consistency-check enable mode loose dual-active detection enhanced enable
| !
feature lacp
feature vpc
!
interface Ethernet1/1
no switchport
ip address 192.168.11.1/30
no shutdown
!
vpc domain 10
peer-switch
peer-gateway
role priority 100
system-priority 200
peer-keepalive destination 192.168.11.2 source 192.168.11.1 | | # interface Eth-Trunk0 peer-link description Peer-link mode lacp-static peer-link 1
# interface Eth-Trunk1 M-LAG description M-LAG port mode lacp-static dfs-group 1 m-lag 1 | !
interface port-channel1 peer-link
description Peer-link
switchport mode trunk
switchport trunk allowed vlan 10
spanning-tree port type network
vpc peer-link
!
interface port-channel2 M-LAG
description M-LAG port
switchport mode trunk
switchport trunk allowed vlan 10
vpc 2 | M-LAG查询命令对比 | dis dfs-group 1 m-lag brief
| show vpc
| dis eth-trunk verbose
| show port-channel summary
| BGP EVPN配置命令对比 |
# assign forward layer-3 resource large-overlay # evpn-overlay enable | !
nv overlay evpn
feature ospf
feature bgp
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
| #
bridge-domain 10
vxlan vni 10
#
evpn
route-distinguisher 12:111
vpn-target 0:1 export-extcommunity
vpn-target 1:1 export-extcommunity
vpn-target 0:1 import-extcommunity
arp broadcast-suppress enable # interface Eth-Trunk1.1 mode l2
encapsulation dot1q vid 10
bridge-domain 10 | !
vlan 10
vn-segment 10
!
evpn
vni 10 l2
rd auto
route-target import auto
route-target export auto
!
interface Ethernet1/3
description TO HOST1 - VL10
switchport access vlan 10
mtu 9216
|
# ip vpn-instance vpna ipv4-family route-distinguisher 1:1 vpn-target 1:2 export-extcommunity vpn-target 1:2 export-extcommunity evpn vpn-target 1:1 import-extcommunity vpn-target 1:1 import-extcommunity evpn vxlan vni 100
#
interface Vbdif10
ip binding vpn-instance vpna
ip address 192.168.1.1 255.255.255.0
mac-address 0000-5e00-0102
vxlan anycast-gateway enable
arp collect host enable
| !-----------------创建三层需要用到的vlan
vlan 100
vn-segment 100
!-----------------三层vrf及三层VNI
vrf context vpna
vni 100
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
!------------------三层网关 interface Vlan10
no shutdown mtu 9216 vrf member vpna ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway !-----------------三层vlan绑L3VNI
interface Vlan100
description vpna vl100 L3VNI
no shutdown
mtu 9216
vrf member vpna
ip forward | #
interface loopback0
des for router-id
ip address 1.1.1.1 32
#
interface loopack1
des for vtep
ip address 10.1.1.1 32
#
interface Nve1
source 10.1.1.1
vni 10 head-end peer-list protocol bgp
mac-address 0000-5e00-0111
# ospf 100 router-id 1.1.1.1 area 0.0.0.0 network 1.1.1.1 0.0.0.0 network 10.1.1.1 0.0.0.0 | !
interface loopback0
description RID
ip address 1.1.1.1/32
ip router ospf 100 area 0.0.0.0
!
interface loopback0
description VTEP
ip address 10.1.1.1/32
ip router ospf 100 area 0.0.0.0
!
interface nve1
no shutdown
host-reachability protocol bgp
source-interface loopback0
member vni 10
suppress-arp
member vni 100 associate-vrf
!
fabric forwarding anycast-gateway-mac 0000.dc01.dc01
!
router ospf 100
router-id 1.1.1.1
passive-interface default
| # bgp 100 router-id 1.1.1.1 undo default ipv4-unicast peer 11.1.1.1 as-number 100 peer 11.1.1.1 description to SP1 peer 11.1.1.1 connect-interface LoopBack0 # ipv4-family vpn-instance vpna default-route imported import-route stati maximum load-balancing 32 advertise l2vpn evpn # l2vpn-family evpn policy vpn-target peer 11.1.1.1 enable peer 11.1.1.1 advertise irb
| !
router bgp 100
router-id 1.1.1.1
neighbor 11.1.1.1
remote-as 100
description to SP1
update-source loopback0
address-family l2vpn evpn
send-community
send-community extended
vrf vpna
address-family ipv4 unicast
advertise l2vpn evpn
| BGP EVPN查询命令对比 | dis bridge-domain 10
|
| dis bgp evpn peer
| show bgp l2vpn evpn summary
| dis vxlan tunnel
| show nve peers
| dis bgp evpn routing-table mac-route/inclusive-route/prefix-route | show bgp l2vpn evpn route-type 1/2/3/4/5/6 | dis mac-address bridge-domain xx
| show mac address-table vni 10
|
2、配置命令:
! hostname ISP ! interface Loopback0 ip address 88.1.1.1 255.255.255.255 ! interface GigabitEthernet0/0 no ip address ! interface GigabitEthernet0/0.1 encapsulation dot1Q 10 ip address172.16.0.1 255.255.255.252 ip ospf network point-to-point ! interface GigabitEthernet0/0.2 encapsulation dot1Q 20 ip address172.16.1.1 255.255.255.252 ip ospf network point-to-point ! interface GigabitEthernet0/1 no ip address ! interface GigabitEthernet0/1.1 encapsulation dot1Q 10 ip address172.16.0.5 255.255.255.252 ip ospf network point-to-point ! interface GigabitEthernet0/1.2 encapsulation dot1Q 20 ip address172.16.1.5 255.255.255.252 ip ospf network point-to-point ! router ospf 10 router-id 88.1.1.1 network 88.1.1.1 0.0.0.0 area 0 network 172.16.0.1 0.0.0.0 area 0 network 172.16.0.5 0.0.0.0 area 0 ! router ospf 20 router-id 88.1.1.2 network 88.1.1.10.0.0.0 area 0 network 172.16.1.1 0.0.0.0 area 0 network 172.16.1.5 0.0.0.0 area 0 ------------------------------------------------------------------------------------------------------ ! hostname Border_A vdc Border_Aid 1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum511 limit-resource u4route-mem minimum 248maximum 248 limit-resource u6route-mem minimum 96 maximum96 limit-resource m4route-mem minimum 58 maximum58 limit-resource m6route-mem minimum 8 maximum8 ! feature telnet cfs eth distribute nv overlay evpn feature ospf feature bgp feature fabric forwarding feature interface-vlan feature vn-segment-vlan-based feature lacp feature vpc feature nvoverlay ! hardware access-listtcam region racl 512 hardware access-listtcam region arp-ether 256 ! no password strength-check username admin password 5 admin role network-admin ! ip access-list gw_vpna 10 permit ip any 192.168.1.0/24 ip access-list gw_vpnb 10 permit ip any 192.168.2.0/24 ip access-list vpna 10 permit ip 192.168.1.0/24 any ip access-list vpnb 10 permit ip 192.168.2.0/24 any ! fabric forwarding anycast-gateway-mac 0000.dc01.dc01 ip route 0.0.0.0/0 172.16.11.2 vrf vpna ip route 0.0.0.0/0 172.16.21.2 vrf vpnb ip route 192.168.1.0/24 172.16.12.2 vrf gw_vpna ip route 192.168.2.0/24 172.16.22.2 vrf gw_vpnb ! vlan1,11-12,21-22,100-101,200-201 vlan 11 name vpna vn-segment 10 vlan 12 name gw_vpna vn-segment 12 vlan 21 name vpnb vn-segment 20 vlan 22 name gw_vpnb vn-segment 22 vlan 100 name vpna_l3vni vn-segment 100 vlan 101 name gw_vpna_l3vni vn-segment 101 vlan 200 name vpnb_l3vni vn-segment 200 vlan 201 name gw_vpnb_l3vni vn-segment 201 ! evpn vni 10 l2 rd auto route-target import auto route-target export auto vni 12 l2 rd auto route-target import auto route-target export auto vni 20 l2 rd auto route-target import auto route-target export auto vni 22 l2 rd auto route-target import auto route-target export auto ! route-map gw_vpna permit 10 match ip address prefix-list gw_vpna route-map gw_vpnb permit 10 match ip address prefix-list gw_vpnb route-map vpna permit 10 match ip address prefix-list vpna route-map vpnb permit 10 match ip address prefix-list vpnb ! vrf contextgw_vpna vni 101 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf contextgw_vpnb vni 201 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf context heat vrf context vpna vni 100 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf context vpnb vni 200 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vpc domain 100 peer-switch role priority 100 system-priority 100 peer-keepalive destination 192.16.1.2 source192.16.1.1 vrf heat peer-gateway ! interface Vlan11 no shutdown mtu 9216 vrf member vpna ip address 172.16.11.1/24 fabric forwarding mode anycast-gateway ! interface Vlan12 no shutdown mtu 9216 vrf member gw_vpna ip address 172.16.12.1/24 fabric forwarding mode anycast-gateway ! interface Vlan21 no shutdown mtu 9216 vrf member vpnb ip address 172.16.21.1/24 fabric forwarding mode anycast-gateway ! interface Vlan22 no shutdown mtu 9216 vrf member gw_vpnb ip address 172.16.22.1/24 fabric forwarding mode anycast-gateway ! interface Vlan100 description vpna_l3vni no shutdown mtu 9216 vrf member vpna ip forward ! interface Vlan101 description gw_vpna_l3vni no shutdown mtu 9216 vrf member vpna ip forward ! interface Vlan200 description vpnb_l3vni no shutdown mtu 9216 vrf member vpnb ip forward ! interface Vlan201 description gw_vpnb_l3vni no shutdown mtu 9216 vrf member gw_vpnb ! interface port-channel6 switchport mode trunk switchport trunk allowed vlan 11 vpc 6 ! interface port-channel7 switchport mode trunk switchport trunk allowed vlan 21 vpc 7 ! interface port-channel8 switchport mode trunk switchport trunk allowed vlan 13 vpc 8 ! interface port-channel9 switchport mode trunk switchport trunk allowed vlan 23 vpc 9 ! interface port-channel100 switchport mode trunk spanning-tree port type network vpc peer-link ! interface Ethernet1/1 no switchport no shutdown ! interface Ethernet1/1.1 encapsulation dot1q 10 vrf member gw_vpna ip address 172.16.0.2/30 ip ospf network point-to-point ip router ospf 10 area 0.0.0.0 ! interface Ethernet1/1.2 encapsulation dot1q 20 vrf member gw_vpnb ip address 172.16.1.2/30 ip ospf network point-to-point ip router ospf 20 area 0.0.0.0 ! interface Ethernet1/2 switchport mode trunk channel-group 100 mode active ! interface Ethernet1/3 no switchport mtu 9216 vrf member heat ip address 192.16.1.1/30 no shutdown ! interface Ethernet1/4 no switchport no shutdown ! interface Ethernet1/4.1 encapsulation dot1q 100 vrf member gw_vpna ip address 172.16.0.101/30 ip ospf cost 100 ip ospf network point-to-point ip router ospf 10 area 0.0.0.0 ! interface Ethernet1/4.2 encapsulation dot1q 200 vrf member gw_vpnb ip address 172.16.1.101/30 ip ospf cost 100 ip ospf network point-to-point ip router ospf 20 area 0.0.0.0 ! interface Ethernet1/5 description to spine1 no switchport mtu 9216 ip address 172.16.2.2/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/6 switchport mode trunk switchport trunk allowed vlan 11 channel-group 6 mode active ! interface Ethernet1/7 switchport mode trunk switchport trunk allowed vlan 21 channel-group 7 mode active ! interface Ethernet1/8 switchport mode trunk switchport trunk allowed vlan 13 channel-group 8 mode active ! interface Ethernet1/9 switchport mode trunk switchport trunk allowed vlan 23 channel-group 9 mode active ! interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 member vni 10 suppress-arp member vni 12 suppress-arp member vni 20 suppress-arp member vni 22 suppress-arp member vni 100 associate-vrf member vni 101 associate-vrf member vni 200 associate-vrf member vni 201 associate-vrf ! interface loopback0 description for router-id ip address 1.1.1.1/32 ip router ospf 100 area 0.0.0.0 ! interface loopback1 description for vtep ip address 10.1.1.1/32 ip router ospf 100 area 0.0.0.0 ! router ospf 10 router-id 1.1.1.1 vrf gw_vpna router ospf 100 router-id 1.1.1.1 router ospf 20 router-id 1.1.1.1 vrf gw_vpnb router bgp 100 router-id 1.1.1.1 neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extended vrf gw_vpna address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map gw_vpna vrf gw_vpnb address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map gw_vpnb vrf vpna address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map vpna vrf vpnb address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map vpnb ----------------------------------------------------------------------------------------------- ! hostname Border_B vdc Border_Bid 1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum511 limit-resource u4route-mem minimum 248maximum 248 limit-resource u6route-mem minimum 96 maximum96 limit-resource m4route-mem minimum 58 maximum58 limit-resource m6route-mem minimum 8 maximum8 ! feature telnet cfs eth distribute nv overlay evpn feature ospf feature bgp feature fabric forwarding feature interface-vlan feature vn-segment-vlan-based feature lacp feature vpc feature nv overlay ! hardware access-listtcam region racl 512 hardware access-listtcamregion arp-ether 256 ! no password strength-check username admin password 5 admin role network-admin ! ip access-list gw_vpna 10 permit ip any 192.168.1.0/24 ip access-list gw_vpnb 10 permit ip any 192.168.2.0/24 ip access-list vpna 10 permit ip 192.168.1.0/24 any ip access-list vpnb 10 permit ip 192.168.2.0/24 any ! fabric forwarding anycast-gateway-mac 0000.dc01.dc01 ip route 0.0.0.0/0 172.16.11.2 vrf vpna ip route 0.0.0.0/0 172.16.21.2 vrf vpnb ip route 192.168.1.0/24172.16.12.2 vrf gw_vpna ip route192.168.2.0/24 172.16.22.2 vrf gw_vpnb ! vlan1,11-12,21-22,100-101,200-201 vlan 11 name vpna vn-segment 10 vlan 12 name gw_vpna vn-segment 12 vlan 21 name vpnb vn-segment 20 vlan 22 name gw_vpnb vn-segment 22 vlan 100 name vpna_l3vni vn-segment 100 vlan 101 name gw_vpna_l3vni vn-segment 101 vlan 200 name vpnb_l3vni vn-segment 200 vlan 201 name gw_vpnb_l3vni vn-segment 201 ! evpn vni 10 l2 rd auto route-target import auto route-target export auto vni 12 l2 rd auto route-target import auto route-target export auto vni 20 l2 rd auto route-target import auto route-target export auto vni 22 l2 rd auto route-target import auto route-target export auto ! route-map gw_vpna permit 10 match ip address prefix-list gw_vpna route-map gw_vpnb permit 10 match ip address prefix-list gw_vpnb route-map vpna permit 10 match ip address prefix-list vpna route-map vpnb permit 10 match ip address prefix-list vpnb ! vrf context gw_vpna vni 101 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf context gw_vpnb vni 201 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf context heat vrf context vpna vni 100 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf context vpnb vni 200 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vpc domain 100 peer-switch role priority 100 system-priority 100 peer-keepalive destination 192.16.1.1 source192.16.1.2 vrf heat peer-gateway ! interface Vlan11 no shutdown mtu 9216 vrf member vpna ip address 172.16.11.1/24 fabric forwarding mode anycast-gateway ! interface Vlan12 no shutdown mtu 9216 vrf member gw_vpna ip address 172.16.12.1/24 fabric forwarding mode anycast-gateway ! interface Vlan21 no shutdown mtu 9216 vrf member vpnb ip address 172.16.21.1/24 fabric forwarding mode anycast-gateway ! interface Vlan22 no shutdown mtu 9216 vrf member gw_vpnb ip address 172.16.22.1/24 fabric forwarding mode anycast-gateway ! interface Vlan100 description vpna_l3vni no shutdown mtu 9216 vrf member vpna ip forward ! interface Vlan101 description gw_vpna_l3vni no shutdown mtu 9216 vrf member vpna ip forward ! interface Vlan200 description vpnb_l3vni no shutdown mtu 9216 vrf member vpnb ip forward ! interface Vlan201 description gw_vpnb_l3vni no shutdown mtu 9216 vrf member vpnb ip forward ! interface port-channel6 switchport mode trunk switchport trunk allowed vlan 11 vpc 6 ! interface port-channel7 switchport mode trunk switchport trunk allowed vlan 21 vpc 7 ! interface port-channel8 switchport mode trunk switchport trunk allowed vlan 13 vpc 8 ! interface port-channel9 switchport mode trunk switchport trunk allowed vlan 23 vpc 9 ! interface port-channel100 switchport mode trunk spanning-tree port type network vpc peer-link ! interface Ethernet1/1 no switchport no shutdown ! interface Ethernet1/1.1 encapsulation dot1q 10 vrf member gw_vpna ip address 172.16.0.6/30 ip ospf network point-to-point ip router ospf 10 area 0.0.0.0 ! interface Ethernet1/1.2 encapsulation dot1q 20 vrf member gw_vpnb ip address 172.16.1.6/30 ip ospf network point-to-point ip router ospf 20 area 0.0.0.0 ! interface Ethernet1/2 switchport mode trunk channel-group 100 mode active ! interface Ethernet1/3 no switchport mtu 9216 vrf member heat ip address 192.16.1.2/30 no shutdown ! interface Ethernet1/4 no switchport no shutdown ! interface Ethernet1/4.1 encapsulation dot1q 100 vrf member gw_vpna ip address 172.16.0.102/30 ip ospf cost 100 ip ospf network point-to-point ip router ospf 10 area 0.0.0.0 ! interface Ethernet1/4.2 encapsulation dot1q 200 vrf member gw_vpnb ip address 172.16.1.102/30 ip ospf cost 100 ip ospf network point-to-point ip router ospf 20 area 0.0.0.0 ! interface Ethernet1/5 description to spine1 no switchport mtu 9216 ip address 172.16.2.6/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/6 switchport mode trunk switchport trunk allowed vlan 11 channel-group 6 mode active ! interfaceEthernet1/7 switchport mode trunk switchport trunk allowed vlan 21 channel-group 7 mode active ! interface Ethernet1/8 switchport mode trunk switchport trunk allowed vlan 13 channel-group 8 mode active ! interface Ethernet1/9 switchport mode trunk switchport trunk allowed vlan 23 channel-group 9 mode active ! interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 member vni 10 suppress-arp member vni 12 suppress-arp member vni 20 suppress-arp member vni 22 suppress-arp member vni 100 associate-vrf member vni 101 associate-vrf member vni 200 associate-vrf member vni 201 associate-vrf ! interface loopback0 description for router-id ip address 1.1.1.2/32 ip router ospf 100 area 0.0.0.0 ! interface loopback1 description for vtep ip address 10.1.1.1/32 ip router ospf 100 area 0.0.0.0 ! router ospf 10 router-id 1.1.1.2 vrf gw_vpna router ospf 100 router-id 1.1.1.2 router ospf 20 router-id 1.1.1.2 vrf gw_vpnb router bgp 100 router-id 1.1.1.2 neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extended vrf gw_vpna address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map gw_vpna vrf gw_vpnb address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map gw_vpnb vrf vpna address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map vpna vrf vpnb address-family ipv4 unicast advertise l2vpn evpn redistribute static route-map vpnb --------------------------------------------------------------------------------- ! hostname FWA ! interface Ethernet0 channel-group1 mode active no nameif no security-level no ip address ! interface Ethernet1 channel-group1 mode active no nameif no security-level no ip address ! interface Port-channel1 no nameif no security-level no ip address ! interface Port-channel1.1 vlan 11 nameif inside security-level 100 ip address 172.16.11.2 255.255.255.252 ! interface Port-channel1.2 vlan 12 nameif outside security-level 0 ip address 172.16.12.2 255.255.255.252 ! access-list ping extended permit icmp any any ! access-group ping in interface inside access-group ping in interface outside ! route outside 0.0.0.0 0.0.0.0 172.16.12.1 1 route inside192.168.1.0 255.255.255.0 172.16.11.1 1 ---------------------------------------------------------------------------------------- ! hostname FWB ! interface Ethernet0 channel-group1 mode active no nameif no security-level no ip address ! interface Ethernet1 channel-group1 mode active no nameif no security-level no ip address ! interface Port-channel1 no nameif no security-level no ip address ! interface Port-channel1.1 vlan 21 nameif inside security-level 100 ip address 172.16.21.2 255.255.255.252 ! interface Port-channel1.2 vlan 22 nameif outside security-level 0 ip address 172.16.22.2 255.255.255.252 ! access-list ping extended permit icmp any any ! access-group ping in interface inside access-group ping in interface outside ! route outside 0.0.0.0 0.0.0.0 172.16.22.1 1 route inside 192.168.2.0 255.255.255.0 172.16.21.1 1 ------------------------------------------------------------------------------------------------- ! hostname Spine1 vdc Spine1 id1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum511 limit-resource u4route-mem minimum 248maximum 248 limit-resource u6route-mem minimum 96 maximum96 limit-resource m4route-mem minimum 58 maximum58 limit-resource m6route-mem minimum 8 maximum8 ! feature telnet cfs eth distribute nv overlay evpn feature ospf feature bgp feature interface-vlan ! no password strength-check username admin password 5 admin role network-admin ! interface Ethernet1/1 description to BL_A no switchport mtu 9216 ip address 172.16.2.1/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/2 description to BL_B no switchport mtu 9216 ip address 172.16.2.5/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/3 description to SL1A no switchport mtu 9216 ip address 172.16.2.9/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/4 description to SL1B no switchport mtu 9216 ip address 172.16.2.13/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/5 description to SL2A no switchport mtu 9216 ip address 172.16.2.17/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/6 description to SL2B no switchport mtu 9216 ip address 172.16.2.21/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface loopback0 description for router-id ip address 2.1.1.1/32 ip router ospf 100 area 0.0.0.0 ! router ospf 100 router-id 2.1.1.1 router bgp 100 router-id 2.1.1.1 neighbor 1.1.1.1 remote-as 100 description to BLA update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 1.1.1.2 remote-as 100 description to BLB update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 3.1.1.1 remote-as 100 description to Leaf1A update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 3.1.1.2 remote-as 100 description to Leaf1B update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 4.1.1.1 remote-as 100 description to Leaf2A update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 4.1.1.2 remote-as 100 description to Leaf2B update-source loopback0 address-family l2vpn evpn send-community send-community extended route-reflector-client ----------------------------------------------------------------------------- ! hostname Leaf1A vdc Leaf1A id1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum511 limit-resource u4route-mem minimum 248maximum 248 limit-resource u6route-mem minimum 96 maximum96 limit-resource m4route-mem minimum 58 maximum58 limit-resource m6route-mem minimum 8 maximum8 ! feature telnet cfs eth distribute nv overlay evpn feature ospf feature bgp feature fabricforwarding feature interface-vlan feature vn-segment-vlan-based feature lacp feature vpc feature nv overlay ! hardware access-listtcam region racl 512 hardware access-listtcam region arp-ether 256 ! no password strength-check username admin password 5 admin role network-admin ! fabric forwarding anycast-gateway-mac 0000.dc01.dc01 vlan1,10,20,100,200 vlan 10 name vpna vn-segment 10 vlan 20 name vpnb vn-segment 20 vlan 100 name vpna_l3vni vn-segment 100 vlan 200 name vpnb_l3vni vn-segment 200 ! evpn vni 10 l2 rd auto route-target import auto route-target export auto vni 20 l2 rd auto route-target import auto route-target export auto ! vrf context heat vrf context vpna vni 100 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf context vpnb vni 200 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vpc domain 100 peer-switch role priority 100 system-priority 100 peer-keepalive destination 192.16.2.2 source192.16.2.1 vrf heat peer-gateway ! interface Vlan10 no shutdown mtu 9216 vrf member vpna ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface Vlan20 no shutdown mtu 9216 vrf member vpnb ip address 192.168.2.1/24 fabric forwarding mode anycast-gateway ! interface Vlan100 description vpna_l3vni no shutdown mtu 9216 vrf member vpna ip forward ! interface Vlan200 description vpnb_l3vni no shutdown mtu 9216 vrf member vpnb ip forward ! interface port-channel4 switchport mode trunk switchport trunk allowed vlan 10,20 vpc 4 ! interface port-channel100 switchport mode trunk spanning-tree port type network vpc peer-link ! interface Ethernet1/1 description to spine1 no switchport mtu 9216 ip address 172.16.2.10/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/2 switchport mode trunk channel-group 100 mode active ! interface Ethernet1/3 no switchport mtu 9216 vrf member heat ip address 192.16.2.1/30 no shutdown ! interface Ethernet1/4 switchport mode trunk switchport trunk allowed vlan 10,20 channel-group 4 mode active ! interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 member vni 10 suppress-arp member vni 20 suppress-arp member vni 100 associate-vrf member vni 200 associate-vr ! interface loopback0 description for router-id ip address 3.1.1.1/32 ip router ospf 100 area 0.0.0.0 ! interface loopback1 description for vtep ip address 10.3.3.3/32 ip router ospf 100 area 0.0.0.0 ! router ospf 100 router-id 3.1.1.1 router bgp 100 router-id 3.1.1.1 neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extended vrf vpna address-family ipv4 unicast advertise l2vpn evpn vrf vpnb address-family ipv4 unicast advertise l2vpn evpn ------------------------------------------------------------------------------------------- ! hostname Leaf1B vdc Leaf1B id1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum511 limit-resource u4route-mem minimum 248maximum 248 limit-resource u6route-mem minimum 96 maximum96 limit-resource m4route-mem minimum 58 maximum58 limit-resource m6route-mem minimum 8 maximum8 ! feature telnet cfs eth distribute nv overlay evpn feature ospf feature bgp feature fabric forwarding feature interface-vlan feature vn-segment-vlan-based feature lacp feature vpc feature nv overlay ! hardware access-listtcam region racl 512 hardware access-listtcam region arp-ether 256 ! no password strength-check username adminpassword 5 admin role network-admin ! fabric forwarding anycast-gateway-mac 0000.dc01.dc01 vlan1,10,20,100,200 vlan 10 name vpna vn-segment 10 vlan 20 name vpnb vn-segment 20 vlan 100 name vpna_l3vni vn-segment 100 vlan 200 name vpnb_l3vni vn-segment 200 ! evpn vni 10 l2 rd auto route-target import auto route-target export auto vni 20 l2 rd auto route-target import auto route-target export auto ! vrf context heat vrf context vpna vni 100 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf context vpnb vni 200 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vpc domain 100 peer-switch role priority 200 system-priority 100 peer-keepalive destination 192.16.2.1 source192.16.2.2 vrf heat peer-gateway ! interface Vlan10 no shutdown mtu 9216 vrf member vpna ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface Vlan20 no shutdown mtu 9216 vrf member vpnb ip address 192.168.2.1/24 fabric forwarding mode anycast-gateway ! interface Vlan100 description vpna_l3vni no shutdown mtu 9216 vrf member vpna ip forward ! interface Vlan200 description vpnb_l3vni no shutdown mtu 9216 vrf member vpnb ip forward ! interface port-channel4 switchport mode trunk switchport trunk allowed vlan 10,20 vpc 4 ! interface port-channel100 switchport mode trunk spanning-tree port type network vpc peer-link ! interface Ethernet1/1 description to spine1 no switchport mtu 9216 ip address 172.16.2.14/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/2 switchport mode trunk channel-group 100 mode active ! interface Ethernet1/3 no switchport mtu 9216 vrf member heat ip address 192.16.2.2/30 no shutdown ! interface Ethernet1/4 switchport mode trunk switchport trunk allowed vlan 10,20 channel-group 4 mode active ! interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 member vni 10 suppress-arp member vni 20 suppress-arp member vni 100 associate-vrf member vni 200 associate-vr ! interface loopback0 description for router-id ip address 3.1.1.2/32 ip router ospf 100 area 0.0.0.0 ! interface loopback1 description for vtep ip address 10.3.3.3/32 ip router ospf 100 area 0.0.0.0 ! router ospf 100 router-id 3.1.1.2 router bgp 100 router-id 3.1.1.2 neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extended vrf vpna address-family ipv4 unicast advertise l2vpn evpn vrf vpnb address-family ipv4 unicast advertise l2vpn evpn -------------------------------------------------------------------------------------------- ! hostname SWA ! vlan 10,20 ! interface Port-channel1 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/0 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto channel-group1 mode active ! interface GigabitEthernet0/1 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto channel-group1 mode active ! interface GigabitEthernet0/2 switchport access vlan 10 switchport mode access negotiation auto ! interface GigabitEthernet0/3 switchport access vlan 20 switchport mode access negotiation auto ----------------------------------------------------------------------------------------- ! hostname Leaf2A vdc Leaf2A id1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum511 limit-resource u4route-mem minimum 248maximum 248 limit-resource u6route-mem minimum 96 maximum96 limit-resource m4route-mem minimum 58 maximum58 limit-resource m6route-mem minimum 8 maximum8 ! feature telnet cfs eth distribute nv overlay evpn feature ospf feature bgp feature fabric forwarding feature interface-vlan feature vn-segment-vlan-based feature lacp feature vpc feature nv overlay ! hardware access-listtcam region racl 512 hardware access-listtcam region arp-ether 256 ! no password strength-check username admin password 5 admin role network-admin ! fabric forwarding anycast-gateway-mac 0000.dc01.dc01 vlan1,10,20,100,200 vlan 10 name vpna vn-segment 10 vlan 20 name vpnb vn-segment 20 vlan 100 name vpna_l3vni vn-segment 100 vlan 200 name vpnb_l3vni vn-segment 200 ! evpn vni 10 l2 rd auto route-target import auto route-target export auto vni 20 l2 rd auto route-target import auto route-target export auto ! vrf context heat vrf context vpna vni 100 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf context vpnb vni 200 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vpc domain 100 peer-switch role priority 100 system-priority 100 peer-keepalive destination 192.16.3.2 source192.16.3.1 vrf heat peer-gateway ! interface Vlan10 no shutdown mtu 9216 vrf member vpna ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface Vlan20 no shutdown mtu 9216 vrf member vpnb ip address 192.168.2.1/24 fabric forwarding mode anycast-gateway ! interface Vlan100 description vpna_l3vni no shutdown mtu 9216 vrf member vpna ip forward ! interface Vlan200 description vpnb_l3vni no shutdown mtu 9216 vrf member vpnb ip forward ! interface port-channel4 switchport mode trunk switchport trunk allowed vlan 10,20 vpc 4 ! interface port-channel100 switchport mode trunk spanning-tree port type network vpc peer-link ! interface Ethernet1/1 description to spine1 no switchport mtu 9216 ip address 172.16.2.18/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/2 switchport mode trunk channel-group 100 mode active ! interface Ethernet1/3 no switchport mtu 9216 vrf member heat ip address 192.16.3.1/30 no shutdown ! interface Ethernet1/4 switchport mode trunk switchport trunk allowed vlan 10,20 channel-group 4 mode active ! interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 member vni 10 suppress-arp member vni 20 suppress-arp member vni 100 associate-vrf member vni 200 associate-vr ! interface loopback0 description for router-id ip address 4.1.1.1/32 ip router ospf 100 area 0.0.0.0 ! interface loopback1 description for vtep ip address 10.4.4.4/32 ip router ospf 100 area 0.0.0.0 ! router ospf 100 router-id 4.1.1.1 router bgp 100 router-id 4.1.1.1 neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extended vrf vpna address-family ipv4 unicast advertise l2vpn evpn vrf vpnb address-family ipv4 unicast advertise l2vpn evpn --------------------------------------------------------------------------------------- ! hostname Leaf2B vdc Leaf2B id1 limit-resource vlan minimum 16 maximum 4094 limit-resource vrf minimum 2 maximum 4096 limit-resource port-channel minimum 0 maximum511 limit-resource u4route-mem minimum 248maximum 248 limit-resource u6route-mem minimum 96 maximum96 limit-resource m4route-mem minimum 58 maximum58 limit-resource m6route-mem minimum 8 maximum8 ! feature telnet cfs eth distribute nv overlay evpn feature ospf feature bgp feature fabric forwarding feature interface-vlan feature vn-segment-vlan-based feature lacp feature vpc feature nv overlay ! hardware access-listtcam region racl 512 hardware access-listtcam region arp-ether 256 ! no password strength-check username admin password 5 admin role network-admin ! fabric forwarding anycast-gateway-mac 0000.dc01.dc01 vlan1,10,20,100,200 vlan 10 name vpna vn-segment 10 vlan 20 name vpnb vn-segment 20 vlan 100 name vpna_l3vni vn-segment 100 vlan 200 name vpnb_l3vni vn-segment 200 ! evpn vni 10 l2 rd auto route-target import auto route-target export auto vni 20 l2 rd auto route-target import auto route-target export auto ! vrf context heat vrf context vpna vni 100 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vrf contextvpnb vni 200 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn vpc domain 100 peer-switch role priority 200 system-priority 100 peer-keepalive destination 192.16.3.1 source192.16.3.2 vrf heat peer-gateway ! interface Vlan10 no shutdown mtu 9216 vrf member vpna ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface Vlan20 no shutdown mtu 9216 vrf member vpnb ip address 192.168.2.1/24 fabric forwarding mode anycast-gateway ! interface Vlan100 description vpna_l3vni no shutdown mtu 9216 vrf member vpna ip forward ! interface Vlan200 description vpnb_l3vni no shutdown mtu 9216 vrf member vpnb ip forward ! interface port-channel4 switchport mode trunk switchport trunk allowed vlan 10,20 vpc 4 ! interface port-channel100 switchport mode trunk spanning-tree port type network vpc peer-link ! interface Ethernet1/1 description to spine1 no switchport mtu 9216 ip address 172.16.2.22/30 ip ospf network point-to-point ip router ospf 100 area 0.0.0.0 no shutdown ! interface Ethernet1/2 switchport mode trunk channel-group 100 mode active ! interface Ethernet1/3 no switchport mtu 9216 vrf member heat ip address 192.16.3.2/30 no shutdown ! interface Ethernet1/4 switchport mode trunk switchport trunk allowed vlan 10,20 channel-group 4 mode active ! interface nve1 no shutdown host-reachability protocol bgp source-interface loopback1 member vni 10 suppress-arp member vni 20 suppress-arp member vni 100 associate-vrf member vni 200 associate-vr ! interface loopback0 description for router-id ip address 4.1.1.2/32 ip router ospf 100 area 0.0.0.0 ! interface loopback1 description for vtep ip address 10.4.4.4/32 ip router ospf 100 area 0.0.0.0 ! router ospf 100 router-id 4.1.1.2 router bgp 100 router-id 4.1.1.2 neighbor 2.1.1.1 remote-as 100 description to spine1 update-source loopback0 address-family l2vpn evpn send-community send-community extended vrf vpna address-family ipv4 unicast advertise l2vpn evpn vrf vpnb address-family ipv4 unicast advertise l2vpn evpn -------------------------------------------------------------------------- ! hostname SWB ! vlan 10,20 ! interface Port-channel1 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk ! interface GigabitEthernet0/0 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto channel-group1 mode active ! interface GigabitEthernet0/1 switchport trunk allowed vlan 10,20 switchport trunk encapsulation dot1q switchport mode trunk negotiation auto channel-group1 mode active ! interface GigabitEthernet0/2 switchport access vlan 10 switchport mode access negotiation auto
3、实验结果
(1)ISP无法和BL_A、BL_B建立OSPF邻居,已排查硬件原因,CPU偶尔冲高,但稳定在80左右
(2)spine和Leaf(Border Leaf、Server Leaf)的OSPF邻居、EVPN邻居正常建立
(3)VPC验证,总是提示全局参数校验失败,但检查又没发现一次一行
(4)Leaf2A下的192.168.1.20/32的主机路由,无法经spine反射给Leaf1A,vxlan隧道无法建立
(5)保存配置各种失败,只好手敲备份了。。。
_Exports_unetlab_export-20230105-135514.zip
(5.56 KB, 下载次数: 15)
| 
楼主
,ISP路由和SW交换机使用vIOS-router和vIOS-swtich,数据中心交换机使用N9K-9300。FW使用ASA915
发表于 2023-1-10 10:50:13
