拓扑
一、Ping网关不通
- 首先确认网关有没有ARP,有不通的话,将pc重启,或者将物理接口重新undo shutdown。
- PC写了网关,如果配置没问题的情况下,能到网关地址,就算不通,正常应该是TIMEOUT超时。如果Ping回应是destination host unreachable不可达,有可能是BUG,说明网关都找不到,重启PC,或者接入SW。
二、VXLAN隧道建立问题
- EVPN建立不起来,通常Underlay网关能起来,EVPN基本没问题,有问题检查Underlay
- EVPN建立起来学习不到IRB路由条目,查看Vbdif下是否开启arp collect host enable,这个命令作用是收集主机路由信息,EVPN会将这些信息以TYPE 2路由传递给对端。
三、CE L3GW学习到路由,跨子网能通,同子网不能通
这个问题我研究了很久,最终是在bd域下加了arp broadcast-suppress enable(ARP广播抑制)与arp l2-proxy gateway-mac (L2网关代答)功能才能通,因为配置手册是不用加的,然后我针对加与不加抓包进行对比发现:
- 不加:192.168.1.1Ping192.168.1.2同网段,默认CE1收到BUM报文会找到对应L2 VNI的头端复制隧道列表,将广播报文发送到CE2,CE2收到后发现VNI是发给自己的,解封装把BUM报文发个192.168.1.2,回报同理,后续发包就为单播了,但抓包一直发送是ARP广播包,DMAC:全FFFF,对面没回复,不明白是不是BUG。
- 加ARP抑制,L2网关代答,这2条命令缺一不可,少一条都不通。
因为启用L2网关代答,DMAC是CE1网关的MAC地址,这样才通的,但我认为不需要也能通。
原因有两种情况:
- 第一:ARP抑制,代答都不启用,正常第一个包全FFFF,对端回应单播包,后续有MAC地址表就能正常转发。
- 第二:仅开启ARP抑制,第一个包为全FFFF,发送至网关,网关上有type2路由主机信息(MAC/IP/VTEP IP/VNI ID),所以会将广播转单播,直接发送到对端VTEP节点上,对端VTEP解封装找到自己MAC地址打上VLAN ID送到主机上了。
配置信息:
sysname CE1
#
device board 17 board-type CE-MPUB
device board 1 board-type CE-LPUE
#
evpn-overlay enable
#
ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 11:1 export-extcommunity evpn
vpn-target 11:1 import-extcommunity evpn
vxlan vni 10
#
bridge-domAIn 2
vxlan vni 2
evpn
route-distinguisher 1:1
vpn-target 10:1 export-extcommunity
vpn-target 11:1 export-extcommunity
vpn-target 10:1 import-extcommunity
arp broadcast-suppress enable
#
aaa
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
interface Vbdif2
ip binding vpn-instance a
ip address 192.168.1.254 255.255.255.0
arp distribute-gateway enable
arp collect host enable
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
#
interface GE1/0/0.2 mode l2
encapsulation dot1q vid 2
bridge-domain 2
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 12.1.1.1 255.255.255.0
#
interface GE1/0/2
shutdown
#
interface GE1/0/3
shutdown
#
interface GE1/0/4
shutdown
#
interface GE1/0/5
shutdown
#
interface GE1/0/6
shutdown
#
interface GE1/0/7
shutdown
#
interface GE1/0/8
shutdown
#
interface GE1/0/9
shutdown
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Nve1
source 1.1.1.1
vni 2 head-end peer-list protocol bgp
#
interface NULL0
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 12.1.1.2 as-number 100
#
ipv4-family unicast
.NETwork 1.1.1.1 255.255.255.255
peer 2.2.2.2 enable
peer 12.1.1.2 enable
#
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
sysname CE2
#
device board 17 board-type CE-MPUB
device board 1 board-type CE-LPUE
#
evpn-overlay enable
#
evpn
#
ip vpn-instance b
ipv4-family
route-distinguisher 2:2
vpn-target 11:1 export-extcommunity evpn
vpn-target 11:1 import-extcommunity evpn
vxlan vni 10
#
bridge-domain 2
vxlan vni 2
evpn
route-distinguisher 2:3
vpn-target 10:1 export-extcommunity
vpn-target 11:1 export-extcommunity
vpn-target 10:1 import-extcommunity
#
bridge-domain 3
vxlan vni 3
evpn
route-distinguisher 2:2
vpn-target 20:1 export-extcommunity
vpn-target 11:1 export-extcommunity
vpn-target 20:1 import-extcommunity
#
aaa
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
interface Vbdif2
ip binding vpn-instance b
ip address 192.168.1.254 255.255.255.0
arp distribute-gateway enable
arp collect host enable
#
interface Vbdif3
ip binding vpn-instance b
ip address 192.168.2.254 255.255.255.0
arp distribute-gateway enable
arp collect host enable
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
#
interface GE1/0/0.2 mode l2
encapsulation dot1q vid 2
bridge-domain 2
#
interface GE1/0/0.3 mode l2
encapsulation dot1q vid 3
bridge-domain 3
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 12.1.1.2 255.255.255.0
#
interface GE1/0/2
shutdown
#
interface GE1/0/3
shutdown
#
interface GE1/0/4
shutdown
#
interface GE1/0/5
shutdown
#
interface GE1/0/6
shutdown
#
interface GE1/0/7
shutdown
#
interface GE1/0/8
shutdown
#
interface GE1/0/9
shutdown
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Nve1
source 2.2.2.2
vni 2 head-end peer-list protocol bgp
vni 3 head-end peer-list protocol bgp
#
interface NULL0
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 12.1.1.1 as-number 100
#
ipv4-family unicast
network 2.2.2.2 255.255.255.255
peer 1.1.1.1 enable
peer 12.1.1.1 enable
#
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 advertise irb
#
ssh authorization-type default aaa
#
ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc
#
ssh server dh-exchange min-len 1024
#
ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc
#
user-interface con 0
查看信息:
[~CE1-bd2]dis ip rou vpn a
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : a
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 Direct 0 0 D 192.168.1.254 Vbdif2
192.168.1.2/32 IBGP 255 0 RD 2.2.2.2 VXLAN
192.168.1.254/32 Direct 0 0 D 127.0.0.1 Vbdif2
192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vbdif2
192.168.2.1/32 IBGP 255 0 RD 2.2.2.2 VXLAN
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[~CE1-bd2]dis bgp evpn al rou ma
Local AS number : 100
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Mac Routes: 6
Route Distinguisher: 1:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98fd-0378:32:192.168.1.1 0.0.0.0
*> 0:48:707b-e8ad-235d:0:0.0.0.0 0.0.0.0
Route Distinguisher: 2:2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98bc-1b5e:32:192.168.2.1 2.2.2.2
*>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2
Route Distinguisher: 2:3
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2
*>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2
EVPN-Instance 2:
Number of Mac Routes: 4
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2
*> 0:48:5489-98fd-0378:32:192.168.1.1 0.0.0.0
*>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2
*> 0:48:707b-e8ad-235d:0:0.0.0.0 0.0.0.0
EVPN-Instance __RD_1_1_1__:
Number of Mac Routes: 2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98bc-1b5e:32:192.168.2.1 2.2.2.2
*>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2
[~CE1-bd2] dis vx pe
Number of peers : 1
Vni ID Source Destination Type Out Vni ID
-------------------------------------------------------------------------------
2 1.1.1.1 2.2.2.2 dynamic 2
[~CE1-bd2]dis vx tun
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 1.1.1.1 2.2.2.2 up dynamic 00:34:16
[~CE1-bd2]dis vx vn
Number of vxlan vni : 1
VNI BD-ID State
---------------------------------------
2 2 up
[~CE1-bd2]
[~CE2]dis bgp evpn al routing-table mac-route
Local AS number : 100
BGP Local router ID is 12.1.1.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Mac Routes: 6
Route Distinguisher: 1:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1
*>i 0:48:707b-e8ad-235d:0:0.0.0.0 1.1.1.1
Route Distinguisher: 2:2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98bc-1b5e:32:192.168.2.1 0.0.0.0
*> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0
Route Distinguisher: 2:3
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98c4-6f7b:32:192.168.1.2 0.0.0.0
*> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0
EVPN-Instance 2:
Number of Mac Routes: 4
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98c4-6f7b:32:192.168.1.2 0.0.0.0
*>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1
*> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0
*>i 0:48:707b-e8ad-235d:0:0.0.0.0 1.1.1.1
EVPN-Instance 3:
Number of Mac Routes: 2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98bc-1b5e:32:192.168.2.1 0.0.0.0
*> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0
EVPN-Instance __RD_1_2_2__:
Number of Mac Routes: 1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1
[~CE2]dis vx pe
Number of peers : 1
Vni ID Source Destination Type Out Vni ID
-------------------------------------------------------------------------------
2 2.2.2.2 1.1.1.1 dynamic 2
[~CE2]dis vx tu
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 2.2.2.2 1.1.1.1 up dynamic 00:34:52
[~CE2]