目录

1、实验目的

2、实验环境

实验拓扑

数据准备

服务器配置数据

vSwitch配置数据

Leaf1/Leaf2/Leaf3/Spine1/Spine2配置数据

EVPN相关配置数据

3、配置文件

4、配置步骤

4.1 基础配置

4.2 配置业务接入点

4.3 配置BGP EVPN Peer

4.4 配置VPN实例和EVPN实例

4.5 使能头端复制功能

4.6 配置VXLAN三层网关

4.7 配置BGP对邻居发布IRB路由

4.8 配置BGP对邻居发布IP前缀路由

4.9 其他配置

5、结果验证

5.1 检查EVPN Peer是否正常建立

5.2 查看EVPN路由

5.2.1 Leaf1初始bgp evpn路由信息

5.2.2 Type 3路由

5.2.3 Type 5路由

5.2.4 Type 2路由

5.3、同网段,不同Leaf服务器Ping测试

5.4、不同网段,同一Leaf下服务器Ping测试

5.5、不同网段,不同Leaf下服务器Ping

5.6、模拟外部和服务器之间Ping

5.7、arp广播抑制和代答


1、实验目的

了解分布式网关以及BGP EVPN工作机制。

2、实验环境

实验拓扑

VXLAN分布式网关的IP一样和不一样 vxlan分布式网关mac_VPN

ENSP软件版本:V100R003C00SPC100,CE12800软件版本: Version 8.180 (CE12800 V200R005C10SPC607B607),该版本可在模拟器上完美支持VXLAN。

  1. 按照实验环境进行组网。
  2. 基础配置:配置OSPF,相互能学习到Loopback地址。
  3. 完成BGP EVPN配置和分布式网关相关配置。
  4. 服务器vm1能Ping通vm3。
  5. vm2能Ping通vm3
  6. vm1、vm2、vm3能Ping通R1地址177.1.1.1。
  7. 检查VXLAN/EVPN/路由状态。

数据准备

服务器配置数据


名称

IP地址

网关

VLAN编号

VM-1

192.168.1.1/24

192.168.1.254

10

VM-2

192.168.2.1/24

192.168.2.254

20

VM-3

192.168.1.2/24

192.168.1.254

30


vSwitch配置数据


vSwitch-1

划分vlan10/20,和Leaf1 Trunk连接

vSwitch-2

划分vlan30,和Leaf2 Acess连接


Leaf1/Leaf2/Leaf3/Spine1/Spine2配置数据


设备

LoopBack0

(Router-ID)

LoopBack10

(VTEP IP)

VID

BD

L2VNI

Leaf-1

10.1.1.1

20.1.1.1

10

10

10




20

20

20

Leaf-2

10.1.1.2

20.1.1.2

30

10

10

Leaf-3

10.1.1.3

20.1.1.3




Spine-1

10.1.1.4





Spine-2

10.1.1.5






本实验场景,Spine不做vxlan封装,只是三层转发,不需要VTEP地址。Leaf3没有业务接入点,不需配置二层vxlan/bridge domain。

互联端口地址:10.1.xy.x or y/24。

EVPN相关配置数据



BD

L2VNI

RD

RT

L3VNI

RD

RT

Leaf-1

10

10

10:1

10:1

1000:1(ert)

100

100:1

100:1

1000:1(evpn)


20

20

20:1

20:1

1000:1(ert)




Leaf-2

10

10

10:1

10:1

1000:1(ert)

100

100:1

100:1

1000:1(evpn)

Leaf-3





100

100:1

100:1

1000:1(evpn)


Leaf-3没有L2VPN配置,只是通过L3VNI和Leaf1/Leaf2进行通信。

3、配置文件

详见ENSP工程文件

4、配置步骤

4.1 基础配置

  • 配置vm1/vm2/vm3IP地址/网关;
  • 配置vSwitch-1,端口划分vlan,配置和Leaf1的Trunk连接,vSwitch-2端口划分vlan30,和Leaf2 Acess连接;
a. vSwitch-1配置如下:
			#
			interface Ethernet0/0/1
			 port link-type trunk
			 port trunk allow-pass vlan 10 20
			#
			interface Ethernet0/0/2
			 port link-type access
			 port default vlan 10
			#
			interface Ethernet0/0/3
			 port link-type access
			 port default vlan 20
			#
b. vSwitch-2配置如下:
			interface Ethernet0/0/1
			 port link-type access
			 port default vlan 30
			#
			interface Ethernet0/0/2
			 port link-type access
			 port default vlan 30
  • 配置Spine1/Leaf1/Leaf2/Leaf3的loopback地址,互联地址,配置OSPF,使得Loopback地址可达。
a. Spine-1配置如下:
			sysname Spine-1
			#
			interface GE1/0/0
			 undo portswitch
			 undo shutdown
			 ip address 10.1.45.4 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/1
			 undo portswitch
			 undo shutdown
			 ip address 10.1.14.4 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/2
			 undo portswitch
			 undo shutdown
			 ip address 10.1.24.4 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/3
			 undo portswitch
			 undo shutdown
			 ip address 10.1.34.4 255.255.255.0
			 ospf network-type p2p
			#
			interface LoopBack0
			 ip address 10.1.1.4 255.255.255.255
			#
			ospf 1 router-id 10.1.1.4
			 area 0.0.0.0
			  network 10.1.1.4 0.0.0.0
			  network 10.1.14.4 0.0.0.0
			  network 10.1.24.4 0.0.0.0
			  network 10.1.34.4 0.0.0.0
			  network 10.1.45.4 0.0.0.0
			#
			
b. Spine-2配置如下:
			sysname Spine-2
			#
			interface GE1/0/0
			 undo portswitch
			 undo shutdown
			 ip address 10.1.45.5 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/1
			 undo portswitch
			 undo shutdown
			 ip address 10.1.15.5 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/2
			 undo portswitch
			 undo shutdown
			 ip address 10.1.25.5 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/3
			 undo portswitch
			 undo shutdown
			 ip address 10.1.35.5 255.255.255.0
			 ospf network-type p2p
			#
			interface LoopBack0
			 ip address 10.1.1.5 255.255.255.255
			#
			ospf 1 router-id 10.1.1.5
			 area 0.0.0.0
			  network 10.1.1.5 0.0.0.0
			  network 10.1.15.5 0.0.0.0
			  network 10.1.25.5 0.0.0.0
			  network 10.1.35.5 0.0.0.0
			  network 10.1.45.5 0.0.0.0
			#
			
c. Leaf-1配置如下:
			sysname Leaf-1
			#
			interface GE1/0/0
			 undo portswitch
			 undo shutdown
			 ip address 10.1.14.1 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/2
			 undo portswitch
			 undo shutdown
			 ip address 10.1.15.1 255.255.255.0
			 ospf network-type p2p
			#
			interface LoopBack0
			 ip address 10.1.1.1 255.255.255.255
			#
			interface LoopBack1
			 ip address 20.1.1.1 255.255.255.255
			#
			ospf 1 router-id 10.1.1.1
			 area 0.0.0.0
			  network 10.1.1.1 0.0.0.0
			  network 10.1.14.1 0.0.0.0
			  network 10.1.15.1 0.0.0.0
			  network 20.1.1.1 0.0.0.0
			#
d. Leaf-2配置如下:
			sysname Leaf-2
			#
			interface GE1/0/0
			 undo portswitch
			 undo shutdown
			 ip address 10.1.24.2 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/2
			 undo portswitch
			 undo shutdown
			 ip address 10.1.25.2 255.255.255.0
			 ospf network-type p2p
			#
			interface LoopBack0
			 ip address 10.1.1.2 255.255.255.255
			#
			interface LoopBack1
			 ip address 20.1.1.2 255.255.255.255
			#
			ospf 1 router-id 10.1.1.2
			 area 0.0.0.0
			  network 10.1.1.2 0.0.0.0
			  network 10.1.24.2 0.0.0.0
			  network 10.1.25.2 0.0.0.0
			  network 20.1.1.2 0.0.0.0
			#
e. Leaf-3配置如下:
			sysname Leaf-3
			#
			interface GE1/0/0
			 undo portswitch
			 undo shutdown
			 ip address 10.1.34.3 255.255.255.0
			 ospf network-type p2p
			#
			interface GE1/0/2
			 undo portswitch
			 undo shutdown
			 ip address 10.1.35.3 255.255.255.0
			 ospf network-type p2p
			#
			interface LoopBack0
			 ip address 10.1.1.3 255.255.255.255
			#
			interface LoopBack1
			 ip address 20.1.1.3 255.255.255.255
			#
			ospf 1 router-id 10.1.1.3
			 area 0.0.0.0
			  network 10.1.1.3 0.0.0.0
			  network 10.1.34.3 0.0.0.0
			  network 10.1.35.3 0.0.0.0
			  network 20.1.1.3 0.0.0.0

4.2 配置业务接入点

分别在Leaf1/Leaf2配置业务接入点。

1) Leaf1配置:
		#
		bridge-domain 10
		#
		bridge-domain 20
		#
		interface GE1/0/1
		 undo shutdown
		#
		interface GE1/0/1.10 mode l2
		 encapsulation dot1q vid 10
		 bridge-domain 10
		#
		interface GE1/0/1.20 mode l2
		 encapsulation dot1q vid 20
		 bridge-domain 20
		#
2) Leaf2配置:
		bridge-domain 20
		#
		interface GE1/0/1
		 undo shutdown
		#
		interface GE1/0/1.20 mode l2
		 encapsulation untag
		 bridge-domain 20

4.3 配置BGP EVPN Peer

1) Spine1(RR)配置:
		#
		evpn-overlay enable
		#
		bgp 100
		 router-id 10.1.1.4
		 peer 10.1.1.1 as-number 100
		 peer 10.1.1.1 connect-interface LoopBack0
		 peer 10.1.1.2 as-number 100
		 peer 10.1.1.2 connect-interface LoopBack0
		 peer 10.1.1.3 as-number 100
		 peer 10.1.1.3 connect-interface LoopBack0
		 peer 10.1.1.5 as-number 100
		 peer 10.1.1.5 connect-interface LoopBack0
		 #
		 ipv4-family unicast
		  undo peer 10.1.1.1 enable
		  undo peer 10.1.1.2 enable
		  undo peer 10.1.1.3 enable
		  undo peer 10.1.1.5 enable
		 #
		 l2vpn-family evpn
		  undo policy vpn-target
		  peer 10.1.1.1 enable
		  peer 10.1.1.1 reflect-client
		  peer 10.1.1.2 enable
		  peer 10.1.1.2 reflect-client
		  peer 10.1.1.3 enable
		  peer 10.1.1.3 reflect-client
		  peer 10.1.1.5 enable
		  peer 10.1.1.5 reflect-client
		#
2) Spine2(RR)配置:
		#
		evpn-overlay enable
		#
		bgp 100
		 router-id 10.1.1.5
		 peer 10.1.1.1 as-number 100
		 peer 10.1.1.1 connect-interface LoopBack0
		 peer 10.1.1.2 as-number 100
		 peer 10.1.1.2 connect-interface LoopBack0
		 peer 10.1.1.3 as-number 100
		 peer 10.1.1.3 connect-interface LoopBack0
		 peer 10.1.1.4 as-number 100
		 peer 10.1.1.4 connect-interface LoopBack0
		 #
		 ipv4-family unicast
		  undo peer 10.1.1.1 enable
		  undo peer 10.1.1.2 enable
		  undo peer 10.1.1.3 enable
		  undo peer 10.1.1.4 enable
		 #
		 l2vpn-family evpn
		  undo policy vpn-target
		  peer 10.1.1.1 enable
		  peer 10.1.1.1 reflect-client
		  peer 10.1.1.2 enable
		  peer 10.1.1.2 reflect-client
		  peer 10.1.1.3 enable
		  peer 10.1.1.3 reflect-client
		  peer 10.1.1.4 enable
		  peer 10.1.1.4 reflect-client
		#
3) Leaf1 BGP EVPN配置:
		#
		evpn-overlay enable
		#
		bgp 100
		 router-id 10.1.1.1
		 peer 10.1.1.4 as-number 100
		 peer 10.1.1.4 connect-interface LoopBack0
		 peer 10.1.1.5 as-number 100
		 peer 10.1.1.5 connect-interface LoopBack0
		 #
		 ipv4-family unicast
		  undo peer 10.1.1.4 enable
		  undo peer 10.1.1.5 enable
		 #
		 l2vpn-family evpn
		  policy vpn-target
		  peer 10.1.1.4 enable
		  peer 10.1.1.5 enable
		#
4) Leaf2 BGP EVPN配置:
		#
		evpn-overlay enable
		#
		bgp 100
		 router-id 10.1.1.2
		 peer 10.1.1.4 as-number 100
		 peer 10.1.1.4 connect-interface LoopBack0
		 peer 10.1.1.5 as-number 100
		 peer 10.1.1.5 connect-interface LoopBack0
		 #
		 ipv4-family unicast
		  undo peer 10.1.1.4 enable
		  undo peer 10.1.1.5 enable
		 #
		 l2vpn-family evpn
		  policy vpn-target
		  peer 10.1.1.4 enable
		  peer 10.1.1.5 enable
		#
5) Leaf3 BGP EVPN配置:
		#
		evpn-overlay enable
		#
		bgp 100
		 router-id 10.1.1.3
		 peer 10.1.1.4 as-number 100
		 peer 10.1.1.4 connect-interface LoopBack0
		 peer 10.1.1.5 as-number 100
		 peer 10.1.1.5 connect-interface LoopBack0
		 #
		 ipv4-family unicast
		  undo peer 10.1.1.4 enable
		  undo peer 10.1.1.5 enable
		 #
		 l2vpn-family evpn
		  policy vpn-target
		  peer 10.1.1.4 enable
		  peer 10.1.1.5 enable
		#

Undo policy vpn-target
缺省情况下,PE对收到的VPNv4路由进行VPN-target过滤。通过过滤的路由会被加入到路由表中,没有通过过滤的路由将被丢弃。因此,如果PE没有配置VPN实例,或者VPN实例没有配置VPN-Target,则PE丢弃所有收到的VPNv4路由。
Spine1/2(RR)不配置VPN实例,但是RR需要保存所有EVPN路由信息,以通告给对端Leaf。这种情况下,RR应接收所有的EVPN路由信息,不对它们进行VPN-Target过滤。

4.4 配置VPN实例和EVPN实例


Leaf1配置,Leaf2/Leaf3类似,其中Leaf3没有配置bridge-domain,所以没有evpn实例:

1) Leaf1配置VPN实例和EVPN实例,如下:
		ip vpn-instance vpn1
		 ipv4-family
		  route-distinguisher 100:1
		  vpn-target 100:1 export-extcommunity
		  vpn-target 1000:1 export-extcommunity evpn
		  vpn-target 100:1 import-extcommunity
		  vpn-target 1000:1 import-extcommunity evpn
		 vxlan vni 100
		#
		bridge-domain 10
		 vxlan vni 10
		 evpn 
		  route-distinguisher 10:1
		  vpn-target 10:1 export-extcommunity
		  vpn-target 1000:1 export-extcommunity
		  vpn-target 10:1 import-extcommunity
		#
		bridge-domain 20
		 vxlan vni 20
		 evpn 
		  route-distinguisher 20:1
		  vpn-target 20:1 export-extcommunity
		  vpn-target 1000:1 export-extcommunity
		  vpn-target 20:1 import-extcommunity
		#
2) Leaf2配置VPN实例和EVPN实例,如下:
		ip vpn-instance vpn1
		 ipv4-family
		  route-distinguisher 100:1
		  vpn-target 100:1 export-extcommunity
		  vpn-target 1000:1 export-extcommunity evpn
		  vpn-target 100:1 import-extcommunity
		  vpn-target 1000:1 import-extcommunity evpn
		 vxlan vni 100
		#
		bridge-domain 10
		 vxlan vni 10
		 evpn 
		  route-distinguisher 10:1
		  vpn-target 10:1 export-extcommunity
		  vpn-target 1000:1 export-extcommunity
		  vpn-target 10:1 import-extcommunity
		#
		bridge-domain 20
		 vxlan vni 20
		 evpn 
		  route-distinguisher 20:1
		  vpn-target 20:1 export-extcommunity
		  vpn-target 1000:1 export-extcommunity
		  vpn-target 20:1 import-extcommunity
		#
3) Leaf3配置VPN实例,如下:
		ip vpn-instance vpn1
		 ipv4-family
		  route-distinguisher 100:1
		  vpn-target 100:1 export-extcommunity
		  vpn-target 1000:1 export-extcommunity evpn
		  vpn-target 100:1 import-extcommunity
		  vpn-target 1000:1 import-extcommunity evpn
		 vxlan vni 100

 L3VPN(ip vpn-instance)下配置vpn-target 1000:1 export-extcommunity evpn,主要对该L3VPN产生的ip prefix,在生成BGP Update——Type5类EVPN路由时,通过MPBGP EVPN传输时,携带RT:1000:1,用于远端L3VPN过滤接收该前缀路由。

 L2VPN(evpn)下配置vpn-target 1000:1 export-extcommunity,主要对evpn产生的Type2类EVPN路由,即mac/ip信息,提取其中的ip信息(32位主机路由),通过MPBGP EVPN传输时,携带RT:1000:1,用于远端L3VPN过滤接收该主机路由。

4.5 使能头端复制功能

1) Leaf1配置,如下:
		interface Nve1
		 source 20.1.1.1
		 vni 10 head-end peer-list protocol bgp
		 vni 20 head-end peer-list protocol bgp
		#
2) Leaf2配置,如下:
		interface Nve1
		 source 20.1.1.2
		 vni 10 head-end peer-list protocol bgp
		 vni 20 head-end peer-list protocol bgp
		#
3) Leaf3配置,如下:
		interface Nve1
		 source 20.1.1.3
只需要配置NVE端口,指定源地址即可,无需配置头端复制(没有BUM traffic)。

配置vni 10 head-end peer-list protocol bgp后,会生成BGP Update——Type3类EVPN路由(inclusive multicast route),携带vni10和VTEP地址为20.1.1.1,告诉其他VTEP,自己是对应VNI(即L2VNI)的成员,远端收到后,判断路由可达则建立VXLAN隧道,同时会把该VTEP接入到自己对应VNI的头端复制列表中(用于BUM流量的发送)。

通过dis vxlan peer查看vni对应的头端复制列表。

4.6 配置VXLAN三层网关

1) Leaf1配置如下:
		interface Vbdif10
		 ip binding vpn-instance vpn1
		 ip address 192.168.1.254 255.255.255.0
		 mac-address 0001-0001-0001
		 vxlan anycast-gateway enable
		 arp collect host enable
		#
		interface Vbdif20
		 ip binding vpn-instance vpn1
		 ip address 192.168.2.254 255.255.255.0
		 mac-address 0002-0002-0002
		 vxlan anycast-gateway enable
		 arp collect host enable
		#
2) Leaf2配置如下:
		interface Vbdif10
		 ip binding vpn-instance vpn1
		 ip address 192.168.1.254 255.255.255.0
		 mac-address 0001-0001-0001
		 vxlan anycast-gateway enable
		 arp collect host enable
		#
		interface Vbdif20
		 ip binding vpn-instance vpn1
		 ip address 192.168.2.254 255.255.255.0
		 mac-address 0002-0002-0002
		 vxlan anycast-gateway enable
		 arp collect host enable

配置说明:

vxlan anycast-gateway enable

当用户希望网关作为分布式网关,并且需要网关只学习用户侧主机发送的ARP、ND或DHCP报文时,可以执行该命令。使能分布式网关功能之后:

网关只处理收到的用户侧主机发送的ARP、ND或DHCP报文,并生成主机路由。

网关删除已经学到的网络侧的ARP、ND或DHCP报文,同时删除相应的主机路由。

arp collect host enable

使三层网关能够获取主机信息表。

在配置分布式网关部署方式的VXLAN(BGP EVPN方式)场景中,当VXLAN网关之间发布的路由类型为IRB时,需配置arp collect host enable命令,用来发布主机路由。

4.7 配置BGP对邻居发布IRB路由

Leaf1/Leaf2类似,配置向邻居发布:

1) Leaf1配置如下:
		bgp 100
		 l2vpn-family evpn
		  peer 10.1.1.4 advertise irb 
		  peer 10.1.1.5 advertise irb
		#
2) Leaf2配置如下:
		bgp 100
		 l2vpn-family evpn
		  peer 10.1.1.4 advertise irb
		  peer 10.1.1.5 advertise irb
		#
3) Spnie1配置如下:bgp 100
		 l2vpn-family evpn
		  undo policy vpn-target
		  peer 10.1.1.1 advertise irb
		  peer 10.1.1.2 advertise irb
		  peer 10.1.1.3 advertise irb
		  peer 10.1.1.5 advertise irb
4) Spnie2配置如下:
		bgp 100
		 l2vpn-family evpn
		  undo policy vpn-target
		  peer 10.1.1.1 advertise irb
		  peer 10.1.1.2 advertise irb
		  peer 10.1.1.3 advertise irb
          peer 10.1.1.4 advertise irb

Spine设备作为RR,也需要使能对等体发布irb路由功能,否则irb路由经过反射器后不会再给客户。

4.8 配置BGP对邻居发布IP前缀路由

只有在如下两种场景中,Leaf节点可发布网段路由:

Leaf节点连接的网段在整个VXLAN网络中是唯一的,而且有效的主机明细路由数量较大,此时可发布主机IP所在的网段路由,从而减轻Leaf节点上路由存储的压力。

VXLAN网络中的主机需要访问外部网络,此时Leaf节点可在VXLAN网络中发布其连接的外部网段路由,从而使其他Leaf节点学习到去往外部网络的路由。

Leaf3配置IP前缀路由发布,如下:

bgp 100

 ipv4-family vpn-instance vpn1

  import-route ospf 2

  advertise l2vpn evpn

 #

advertise l2vpn evpn

//让vpn-instance的三层路由通过bgp evpn传递

Leaf1和Leaf2上可使用import-route命令发布前缀路由,将192.168.1.0/24和192.168.2.0/24的ip vpn实例路由转换成evpn的tpye-5类型发布出去。但是若使用了该命令之后,由于leaf1和Leaf2上面都承载了192.168.1.0/24和192.168.2.0/24的网段,Leaf3在根据BGP选路原则选路的时候默认均只会选择Leaf1发送的前缀路由。而且这样在实际传输过程中可能会出现未知问题,故Leaf1和Leaf2发布IRB路由即可,同时终端在入网之后应用协议进程自身会交互报文,顾不用担心Leaf1和Leaf2作为网关设备无法收集到VM1、VM2和VM3的IRB路由信息。

若Leaf1和Leaf2发布了关于192.168.1.0/24的前缀信息,那么当Leaf3上访问192.168.1.3(该地址实际没有被VM使用),则Leaf3还是会通过L3 VXLAN隧道传递给Leaf1或者Leaf2,造成网络没必要的流量负担,而使用IRB路由可以避免该问题的出现。

另外若Leaf3下R1上的有主动访问192.168.1.1的需求,则需要结合实际情况判断是否在Leaf1上发布IP前缀路由,因为IBR是结合ARP表项信息收集的32位主机路由,倘若192.168.1.1的ARP表项超时,则Leaf3关于192.168.1.1的32位IRB路由也会消失,这种场景下会出现无法访问192.168.1.1。

4.9 其他配置

配置R1和Leaf3互联和路由:

1) R1配置:
		sysname R1
		#
		interface GigabitEthernet0/0/1
		 ip address 10.1.36.6 255.255.255.0
		#
		interface LoopBack0
		 ip address 177.1.1.1 255.255.255.255
		#
		ospf 1 router-id 10.1.36.6
		 area 0.0.0.0
		  network 177.1.1.1 0.0.0.0
		  network 10.1.36.6 0.0.0.0
		#
2) Leaf3配置:
		interface GE1/0/1
		 undo portswitch
		 undo shutdown
		 ip binding vpn-instance vpn1
		 ip address 10.1.36.3 255.255.255.0
		#
		ospf 2 router-id 10.1.36.3 vpn-instance vpn1
		 import-route bgp
		 area 0.0.0.0
		  network 10.1.36.3 0.0.0.0
		#

5、结果验证

5.1 检查EVPN Peer是否正常建立

在Spine上检查BGP EVPN的邻居状态,如下:
	[~Spine-1]display bgp evpn peer 
	 BGP local router ID        : 10.1.1.4
	 Local AS number            : 100
	 Total number of peers      : 4
	 Peers in established state : 3
	
	  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
	  10.1.1.1        4         100       11       15     0 00:00:59 Established       10
	  10.1.1.2        4         100       10       15     0 00:01:01 Established        8
	  10.1.1.3        4         100        5       12     0 00:00:58 Established        2
	  10.1.1.5        4         100        0        0     0 01:31:30      Active        0

5.2 查看EVPN路由

5.2.1 Leaf1初始bgp evpn路由信息
1) 在Leaf1上查看BGP EVPN邻居状态,如下:
		[~Leaf-1]display bgp evpn peer 
		 BGP local router ID        : 10.1.1.1
		 Local AS number            : 100
		 Total number of peers      : 2
		 Peers in established state : 1
		
		  Peer            V          AS  MsgRcvd  MsgSent  OutQ  Up/Down       State  PrefRcv
		  10.1.1.4        4         100       20       15     0 00:05:34 Established        5
		  10.1.1.5        4         100        0        0     0 01:33:55      Active        0
2) 此时查看Leaf1的全局路由信息,如下:
		[~Leaf-1]display ip routing-table vpn-instance vpn1 
		Proto: Protocol        Pre: Preference
		Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
		------------------------------------------------------------------------------
		Routing Table : vpn1
		         Destinations : 10       Routes : 10        
		
		Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
		
		      10.1.36.0/24  IBGP    255  2             RD  20.1.1.3        VXLAN
		      177.1.1.1/32  IBGP    255  2             RD  20.1.1.3        VXLAN    //type5的IP前缀路由
		    192.168.1.0/24  Direct  0    0             D   192.168.1.254   Vbdif10
		    192.168.1.2/32  IBGP    255  0             RD  20.1.1.2        VXLAN    //type2的IRB路由
		  192.168.1.254/32  Direct  0    0             D   127.0.0.1       Vbdif10
		  192.168.1.255/32  Direct  0    0             D   127.0.0.1       Vbdif10
		    192.168.2.0/24  Direct  0    0             D   192.168.2.254   Vbdif20
		  192.168.2.254/32  Direct  0    0             D   127.0.0.1       Vbdif20
		  192.168.2.255/32  Direct  0    0             D   127.0.0.1       Vbdif20
		255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
3) 查看Leaf1的EVPN路由信息,如下:
		[~Leaf-1]display bgp evpn all routing-table 
		 Local AS number : 100
		
		 BGP Local router ID is 10.1.1.1
		 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
		               h - history,  i - internal, s - suppressed, S - Stale
		               Origin : i - IGP, e - EGP, ? - incomplete
		
		  
		 EVPN address family:
		  Number of Mac Routes: 4
		 Route Distinguisher: 10:1
		       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
		 *>    0:48:0001-0001-0001:0:0.0.0.0                          0.0.0.0         
		 *>    0:48:5489-9805-6139:32:192.168.1.1                     0.0.0.0         
		 Route Distinguisher: 20:1
		       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
		 *>    0:48:0002-0002-0002:0:0.0.0.0                          0.0.0.0         
		 *>    0:48:5489-9897-18ac:32:192.168.2.1                     0.0.0.0         
		
		   EVPN-Instance 10:
		  
		 Number of Mac Routes: 2
		       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
		 *>    0:48:0001-0001-0001:0:0.0.0.0                          0.0.0.0         
		 *>    0:48:5489-9805-6139:32:192.168.1.1                     0.0.0.0         
		
		   EVPN-Instance 20:
		  
		 Number of Mac Routes: 2
		       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
		 *>    0:48:0002-0002-0002:0:0.0.0.0                          0.0.0.0         
		 *>    0:48:5489-9897-18ac:32:192.168.2.1                     0.0.0.0         
		  
		 EVPN address family:
		  Number of Inclusive Multicast Routes: 4
		 Route Distinguisher: 10:1
		       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
		 *>    0:32:20.1.1.1                                          0.0.0.0         
		 *>i   0:32:20.1.1.2                                          20.1.1.2        
		 Route Distinguisher: 20:1
		       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
		 *>    0:32:20.1.1.1                                          0.0.0.0         
		 *>i   0:32:20.1.1.2                                          20.1.1.2        
		
		   EVPN-Instance 10:
		  
		 Number of Inclusive Multicast Routes: 2
		       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
		 *>    0:32:20.1.1.1                                          0.0.0.0         
		 *>i   0:32:20.1.1.2                                          20.1.1.2        
		
		   EVPN-Instance 20:
		  
		 Number of Inclusive Multicast Routes: 2
		       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
		 *>    0:32:20.1.1.1                                          0.0.0.0         
		 *>i   0:32:20.1.1.2                                          20.1.1.2        
		  
		 EVPN address family:
		  Number of Ip Prefix Routes: 2
		 Route Distinguisher: 100:1
		       Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
		 *>i   0:10.1.36.0:24                                         20.1.1.3        
		 *>i   0:177.1.1.1:32                                         20.1.1.3        
		
		   EVPN-Instance __vni100__:
		  
		 Number of Ip Prefix Routes: 2
		       Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
		 *>i   0:10.1.36.0:24                                         20.1.1.3        
		 *>i   0:177.1.1.1:32                                         20.1.1.3 
	4条type3路由,分别为Leaf1和Leaf2关于VNI10和20产生的。
	4条type2路由,2条mac路由,2条由arp路由;
	2条type5路由,为Leaf3引入的ospf路由;
4) 2条type5路由,由L3VPN注入进来的:
		[~Leaf-1]display bgp vpnv4 all routing-table 
		 BGP Local router ID is 10.1.1.1
		 Status codes: * - valid, > - best, d - damped, h - history,
		               i - internal, s - suppressed, S - Stale
		 Origin      : i - IGP, e - EGP, ? - incomplete
		
		
		 Total number of routes from all PE: 4
		 Route Distinguisher: 100:1
		
		        Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
		 *>     192.168.1.0        0.0.0.0         0                     0       ?
		 *>     192.168.1.254/32   0.0.0.0         0                     0       ?
		 *>     192.168.2.0        0.0.0.0         0                     0       ?
		 *>     192.168.2.254/32   0.0.0.0         0                     0       ?
		
		 VPN-Instance vpn1, Router ID 10.1.1.1:
		 Total Number of Routes: 4
		        Network            NextHop        MED        LocPrf    PrefVal Path/Ogn
		 *>     192.168.1.0        0.0.0.0         0                     0       ?
		 *>     192.168.1.254/32   0.0.0.0         0                     0       ?
		 *>     192.168.2.0        0.0.0.0         0                     0       ?
		 *>     192.168.2.254/32   0.0.0.0         0                     0       ?
		具体查看一条前缀路由(比如:0:192.168.1.0:24)的注入方式,可以看到此路由是“Imported route.":
			[~Leaf-1]display bgp evpn all routing-table  prefix-route 0:177.1.1.1:32
			
			
			 BGP local router ID : 10.1.1.1
			 Local AS number : 100
			
			 Total routes of Route Distinguisher(100:1): 1
			 BGP routing table entry information of 0:177.1.1.1:32:
			 Label information (Received/Applied): 100/NULL
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d00h18m18s
			 Relay IP Nexthop: 10.1.14.4
			 Relay Tunnel Out-Interface: 
			 Original nexthop: 20.1.1.3
			 Qos information : 0x0            
			 Ext-Community:RT <100 : 1>, RT <1000 : 1>, OSPF DOMAIN ID <0.0.0.0 : 0>, OSPF ROUTER ID <10.1.36.3 : 0>, OSPF RT <0.0.0.0 : 0 : 1>, Tunnel Type <VxLan(8)>, Router's MAC <707b-e8e6-5d85>
			 AS-path Nil, origin incomplete, MED 2, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 2
			 Originator: 10.1.1.3
			 Cluster list: 10.1.1.4
			 Route Type: 5 (Ip Prefix Route)
			 Ethernet Tag ID: 0, IP Prefix/Len: 177.1.1.1/32, ESI: 0000.0000.0000.0000.0000, GW IP Address: 0.0.0.0
			 Not advertised to any peer yet
			 
			
			   EVPN-Instance __vni100__:
			  
			 Number of Ip Prefix Routes: 1
			 BGP routing table entry information of 0:177.1.1.1:32:
			 Route Distinguisher: 100:1
			 Remote-Cross route
			 Label information (Received/Applied): 100/NULL
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d00h18m18s
			 Relay Tunnel Out-Interface: VXLAN
			 Original nexthop: 20.1.1.3
			 Qos information : 0x0            
			 Ext-Community:RT <100 : 1>, RT <1000 : 1>, OSPF DOMAIN ID <0.0.0.0 : 0>, OSPF ROUTER ID <10.1.36.3 : 0>, OSPF RT <0.0.0.0 : 0 : 1>, Tunnel Type <VxLan(8)>, Router's MAC <707b-e8e6-5d85>
			 AS-path Nil, origin incomplete, MED 2, localpref 100, pref-val 0, valid, internal, best, select, pre 255
			 Originator: 10.1.1.3
			 Cluster list: 10.1.1.4
			 Route Type: 5 (Ip Prefix Route)
			 Ethernet Tag ID: 0, IP Prefix/Len: 177.1.1.1/32, ESI: 0000.0000.0000.0000.0000, GW IP Address: 0.0.0.0
			 Not advertised to any peer yet
5) 在Leaf1上,Leaf1连接Spine1的端口抓包,查看BGP update信息。
5.2.2 Type 3路由

首先在Leaf1和Leaf2之间建立BGP EVPN对等体。然后,在Leaf1和Leaf2上分别创建二层广播域,并在二层广播域下配置关联的二层VNI。接下来在二层广播域下创建EVPN实例,配置本端EVPN实例的RD、出方向VPN-Target(ERT)、入方向VPN-Target(IRT)。在配置完本端VTEP IP地址后,Leaf1和Leaf2会生成BGPEVPN路由并发送给对端,该路由携带本端EVPN实例的出方向VPN-Target和BGPEVPN协议新定义的Type3路由即Inclusive Multicast路由。其中,Inclusive Multicast路由如下图所示,由前缀和PMSI属性组成,VTEP IP地址存放在前缀的Originating Router's IP Address字段中,二层VNI存放在PMSI属性的MPLSLabel字段中。VTEP IP地址同时也放在下一跳属性中。

VXLAN分布式网关的IP一样和不一样 vxlan分布式网关mac_VXLAN分布式网关的IP一样和不一样_02

a. Leaf1发给Spine1的bgp update type3抓包信息:
		Frame 483: 510 bytes on wire (4080 bits), 510 bytes captured (4080 bits) on interface 0
		Ethernet II, Src: 4e:01:00:11:01:00 (4e:01:00:11:01:00), Dst: 4e:01:00:41:01:01 (4e:01:00:41:01:01)
		Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.4
		Transmission Control Protocol, Src Port: 50046, Dst Port: 179, Seq: 65, Ack: 65, Len: 456
		Border Gateway Protocol - UPDATE Message
		    Marker: ffffffffffffffffffffffffffffffff
		    Length: 108
		    Type: UPDATE Message (2)
		    Withdrawn Routes Length: 0
		    Total Path Attribute Length: 85
		    Path attributes
		        Path Attribute - ORIGIN: INCOMPLETE
		        Path Attribute - AS_PATH: empty
		        Path Attribute - LOCAL_PREF: 100
		        Path Attribute - EXTENDED_COMMUNITIES
		            Flags: 0xc0, Optional, Transitive: Optional, Transitive, Complete
		            Type Code: EXTENDED_COMMUNITIES (16)
		            Length: 24
		            Carried extended communities: (3 communities)
		                Community Transitive Two-Octet AS Route Target: 10:1
		                Community Transitive Two-Octet AS Route Target: 1000:1
		                Community Transitive Opaque Encapsulation: VXLAN Encapsulation
		        Path Attribute - PMSI_TUNNEL_ATTRIBUTE
		            Flags: 0xc0, Optional, Transitive: Optional, Transitive, Complete
		            Type Code: PMSI_TUNNEL_ATTRIBUTE (22)
		            Length: 9
		            Flags: 0
		            Tunnel Type: Ingress Replication (6)
		            0000 0000 0000 0000 0000 .... = MPLS Label: 0//十六进制a转换为十进制为10,即L2VNI为10.
																
		            Tunnel ID: tunnel end point -> 20.1.1.1
		                Tunnel type ingress replication IP end point: 20.1.1.1
		        Path Attribute - MP_REACH_NLRI
		            Flags: 0x90, Optional, Length: Optional, Non-transitive, Complete, Extended Length
		            Type Code: MP_REACH_NLRI (14)
		            Length: 28
		            Address family identifier (AFI): Layer-2 VPN (25)
		            Subsequent address family identifier (SAFI): EVPN (70)
		            Next hop network address (4 bytes) //VTEP IP地址同时也放在下一跳属性中,即20.1.1.1
																
		            Number of Subnetwork points of attachment (SNPA): 0
		            Network layer reachability information (19 bytes)
		                EVPN NLRI: Inclusive Multicast Route
		                    AFI: Inclusive Multicast Route (3)
		                    Length: 17
		                    Route Distinguisher: 0000000a00000001 (10:1)
		                    Ethernet Tag ID: 0
		                    IP Address Length: 32
		                    IPv4 address: 20.1.1.1 //Originating Router's IP Address为20.1.1.1
		Border Gateway Protocol - UPDATE Message
		Border Gateway Protocol - UPDATE Message
		    Marker: ffffffffffffffffffffffffffffffff
		    Length: 108
		    Type: UPDATE Message (2)
		    Withdrawn Routes Length: 0
		    Total Path Attribute Length: 85
		    Path attributes
		        Path Attribute - ORIGIN: INCOMPLETE
		        Path Attribute - AS_PATH: empty
		        Path Attribute - LOCAL_PREF: 100
		        Path Attribute - EXTENDED_COMMUNITIES
		            Flags: 0xc0, Optional, Transitive: Optional, Transitive, Complete
		            Type Code: EXTENDED_COMMUNITIES (16)
		            Length: 24
		            Carried extended communities: (3 communities)
		                Community Transitive Two-Octet AS Route Target: 20:1
		                Community Transitive Two-Octet AS Route Target: 1000:1
		                Community Transitive Opaque Encapsulation: VXLAN Encapsulation
		        Path Attribute - PMSI_TUNNEL_ATTRIBUTE
		            Flags: 0xc0, Optional, Transitive: Optional, Transitive, Complete
		            Type Code: PMSI_TUNNEL_ATTRIBUTE (22)
		            Length: 9
		            Flags: 0
		            Tunnel Type: Ingress Replication (6)
		            0000 0000 0000 0000 0001 .... = MPLS Label: 1 //十六进制14转换为十进制20,即L2VNI为20
																	
		            Tunnel ID: tunnel end point -> 20.1.1.1
		                Tunnel type ingress replication IP end point: 20.1.1.1
		        Path Attribute - MP_REACH_NLRI
		            Flags: 0x90, Optional, Length: Optional, Non-transitive, Complete, Extended Length
		            Type Code: MP_REACH_NLRI (14)
		            Length: 28
		            Address family identifier (AFI): Layer-2 VPN (25)
		            Subsequent address family identifier (SAFI): EVPN (70)
		            Next hop network address (4 bytes)
		            Number of Subnetwork points of attachment (SNPA): 0
		            Network layer reachability information (19 bytes)
		                EVPN NLRI: Inclusive Multicast Route
		                    AFI: Inclusive Multicast Route (3)
		                    Length: 17
		                    Route Distinguisher: 0000001400000001 (20:1)
		                    Ethernet Tag ID: 0
		                    IP Address Length: 32
		                    IPv4 address: 20.1.1.1 //Originating Router's IP Address为20.1.1.1
		Border Gateway Protocol - UPDATE Message
b. Spine1发给Leaf1的bgp update type3抓包信息:
			Frame 487: 1012 bytes on wire (8096 bits), 1012 bytes captured (8096 bits) on interface 0
			Ethernet II, Src: 4e:01:00:41:01:01 (4e:01:00:41:01:01), Dst: 4e:01:00:11:01:00 (4e:01:00:11:01:00)
			Internet Protocol Version 4, Src: 10.1.1.4, Dst: 10.1.1.1
			Transmission Control Protocol, Src Port: 179, Dst Port: 50046, Seq: 577, Ack: 551, Len: 958
			Border Gateway Protocol - UPDATE Message
			Border Gateway Protocol - UPDATE Message
			    Marker: ffffffffffffffffffffffffffffffff
			    Length: 122
			    Type: UPDATE Message (2)
			    Withdrawn Routes Length: 0
			    Total Path Attribute Length: 99
			    Path attributes
			        Path Attribute - ORIGIN: INCOMPLETE
			        Path Attribute - AS_PATH: empty
			        Path Attribute - LOCAL_PREF: 100
			        Path Attribute - ORIGINATOR_ID: 10.1.1.2 
			        Path Attribute - CLUSTER_LIST: 10.1.1.4
			        Path Attribute - EXTENDED_COMMUNITIES
			            Flags: 0xc0, Optional, Transitive: Optional, Transitive, Complete
			            Type Code: EXTENDED_COMMUNITIES (16)
			            Length: 24
			            Carried extended communities: (3 communities)
			                Community Transitive Two-Octet AS Route Target: 10:1
			                Community Transitive Two-Octet AS Route Target: 1000:1
			                Community Transitive Opaque Encapsulation: VXLAN Encapsulation
			        Path Attribute - PMSI_TUNNEL_ATTRIBUTE
			        Path Attribute - MP_REACH_NLRI
			            Flags: 0x90, Optional, Length: Optional, Non-transitive, Complete, Extended Length
			            Type Code: MP_REACH_NLRI (14)
			            Length: 28
			            Address family identifier (AFI): Layer-2 VPN (25)
			            Subsequent address family identifier (SAFI): EVPN (70)
			            Next hop network address (4 bytes)
			            Number of Subnetwork points of attachment (SNPA): 0
			            Network layer reachability information (19 bytes)
			                EVPN NLRI: Inclusive Multicast Route
			                    AFI: Inclusive Multicast Route (3)
			                    Length: 17
			                    Route Distinguisher: 0000000a00000001 (10:1)
			                    Ethernet Tag ID: 0
			                    IP Address Length: 32
			                    IPv4 address: 20.1.1.2
			Border Gateway Protocol - UPDATE Message
			Border Gateway Protocol - UPDATE Message
			Border Gateway Protocol - UPDATE Message
			    Marker: ffffffffffffffffffffffffffffffff
			    Length: 122
			    Type: UPDATE Message (2)
			    Withdrawn Routes Length: 0
			    Total Path Attribute Length: 99
			    Path attributes
			        Path Attribute - ORIGIN: INCOMPLETE
			        Path Attribute - AS_PATH: empty
			        Path Attribute - LOCAL_PREF: 100
			        Path Attribute - ORIGINATOR_ID: 10.1.1.2 
			        Path Attribute - CLUSTER_LIST: 10.1.1.4
			        Path Attribute - EXTENDED_COMMUNITIES
			        Path Attribute - PMSI_TUNNEL_ATTRIBUTE
			        Path Attribute - MP_REACH_NLRI
			Border Gateway Protocol - UPDATE Message
			Border Gateway Protocol - UPDATE Message
			
			这个type3路由就是Leaf2产生的,vni 10/20触发产生。
c. 在Leaf1查看bgp evpn type3路由信息:
			[~Leaf-1]display  bgp evpn  all routing-table inclusive-route 
			 Local AS number : 100
			
			 BGP Local router ID is 10.1.1.1
			 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
			               h - history,  i - internal, s - suppressed, S - Stale
			               Origin : i - IGP, e - EGP, ? - incomplete
			
			  
			 EVPN address family:
			  Number of Inclusive Multicast Routes: 4
			 Route Distinguisher: 10:1
			       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
			 *>    0:32:20.1.1.1                                          0.0.0.0         
			 *>i   0:32:20.1.1.2                                          20.1.1.2        
			 Route Distinguisher: 20:1
			       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
			 *>    0:32:20.1.1.1                                          0.0.0.0         
			 *>i   0:32:20.1.1.2                                          20.1.1.2        
			
			   EVPN-Instance 10:
			  
			 Number of Inclusive Multicast Routes: 2
			       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
			 *>    0:32:20.1.1.1                                          0.0.0.0         
			 *>i   0:32:20.1.1.2                                          20.1.1.2        
			
			   EVPN-Instance 20:
			  
			 Number of Inclusive Multicast Routes: 2
			       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
			 *>    0:32:20.1.1.1                                          0.0.0.0         
			 *>i   0:32:20.1.1.2                                          20.1.1.2        
			[~Leaf-1]
			一共4条type3路由,2条为Leaf1关于EVPN-Instance 10和EVPN-Instance 20产生的,如上紫色标记部分,2条为Leaf2关于EVPN-Instance 10和EVPN-Instance 20产生的,如上红色标记部分;
			查看具体的type3路由的命令:[~Leaf-1]display  bgp evpn  all routing-table inclusive-route  0:32:20.1.1.1

Leaf1和Leaf2在收到对端发来的BGP EVPN路由后,首先检查该路由携带的EVPN实例的出方向VPN-Target,如果与本端EVPN实例的入方向VPN-Target相等,则接收该路由,否则丢弃该路由。在接收该路由后,Leaf1和Leaf2将获取其中携带的对端VTEP IP地址(从下一跳属性获取)和二层VNI,如果对端VTEP IP地址是三层路由可达的,则建立一条到对端的VXLAN隧道;同时,本端会创建一个基于VNI的头端复制表并将对端VTEP IP地址加入其中,用于后续BUM报文转发。

a. 查看Leaf1 vxlan peer建立:
			[~Leaf-1]display vxlan peer 
			Number of peers : 2
			Vni ID    Source             Destination       Type
			--------------------------------------------------------------
			10        20.1.1.1           20.1.1.2          dynamic           
			20        20.1.1.1           20.1.1.2          dynamic 
			type是动态的,通过bgp evpn协议建立的。
			这就是头端复制列表。
b. 查看Leaf1 vxla隧道,Leaf1和Leaf2、Leaf3都建立了vxlan tunnel:
			[~Leaf-1]display vxlan tunnel 
			Number of vxlan tunnel : 2
			Tunnel ID   Source           Destination      State  Type
			--------------------------------------------------------------
			4026531843  20.1.1.1         20.1.1.2         up     dynamic 
			4026531844  20.1.1.1         20.1.1.3         up     dynamic 
			注意由于Leaf3没有配置L2VNI,所以Leaf1和Leaf3之间没有BUM流量的头端复制列表(就是没有vxlan peer)。
			可以理解tunnel主要用于单播流量迭代到tunnel上(进行vxlan封装)。
			关于和Leaf3的VXLAN隧道其实是通过tpye5类路由建立的L3隧道。实际抓包并没有发现Leaf3产生的type3类路由。

VPN-Target是一种BGP扩展团体属性,一个EVPN实例可以配置出方向和入方向两类VPN Target,两端EVPN实例的VPN-Target要相互匹配(即本端EVPN实例配置的出方向VPN-target值需要与对端EVPN实例配置的入方向VPN-target值相等),才能相互交换EVPN路由,否则VXLAN隧道无法建立成功。如果仅有一端匹配成功可以接收路由,则此端设备上可以建立通往另一端设备的隧道,但是无法传输数据报文,因为另一端设备在收到报文后,将会检查本端是否有通往对端的VXLAN隧道,如果没有的话,将会丢弃报文。

5.2.3 Type 5路由

Spine1发送给Leaf1的bgp update type5的抓包信息(实际实验环境中为Leaf3产生):

Frame 31: 768 bytes on wire (6144 bits), 768 bytes captured (6144 bits) on interface 0
Ethernet II, Src: 4e:01:00:11:01:01 (4e:01:00:11:01:01), Dst: 4e:01:00:21:01:00 (4e:01:00:21:01:00)
Internet Protocol Version 4, Src: 10.1.1.4, Dst: 10.1.1.1
Transmission Control Protocol, Src Port: 179, Dst Port: 65055, Seq: 65, Ack: 65, Len: 714
Border Gateway Protocol - UPDATE Message
Border Gateway Protocol - UPDATE Message
[Malformed Packet: BGP]
    [Expert Info (Error/Malformed): Malformed Packet (Exception occurred)]
Border Gateway Protocol - UPDATE Message
Border Gateway Protocol - UPDATE Message
[Malformed Packet: BGP]
Border Gateway Protocol - UPDATE Message
    Marker: ffffffffffffffffffffffffffffffff
    Length: 202
    Type: UPDATE Message (2)
    Withdrawn Routes Length: 0
    Total Path Attribute Length: 179
    Path attributes
        Path Attribute - ORIGIN: INCOMPLETE
        Path Attribute - AS_PATH: empty
        Path Attribute - MULTI_EXIT_DISC: 2
        Path Attribute - LOCAL_PREF: 100
        Path Attribute - ORIGINATOR_ID: 10.1.1.3 
        Path Attribute - CLUSTER_LIST: 10.1.1.4
        Path Attribute - EXTENDED_COMMUNITIES
            Flags: 0xc0, Optional, Transitive, Complete
            Type Code: EXTENDED_COMMUNITIES (16)
            Length: 56
            Carried extended communities: (7 communities)
                Route Target: 100:1 [Transitive 2-Octet AS-Specific]   //Leaf3上vpn-target 100:1 export-extcommunity
                Route Target: 1000:1 [Transitive 2-Octet AS-Specific]  //Leaf3上 vpn-target 1000:1 export-extcommunity evpn
                OSPF Domain Identifier: 0:0 [Transitive 2-Octet AS-Specific]
                OSPF Router ID: 10.1.36.3:0 [Transitive IPv4-Address-Specific]
                OSPF Route Type: Area: 0.0.0.0, Type: Router [Transitive Opaque]
                Encapsulation: VXLAN Encapsulation [Transitive Opaque]
                Unknown subtype 0x03: 0x707b 0xe8e6 0x5d85 [Transitive EVPN] //Router's MAC,Leaf3上VTEP的MAC地址707b-08e6-5db5,即20.1.1.3
        Path Attribute - MP_REACH_NLRI
            Flags: 0x90, Optional, Extended-Length, Non-transitive, Complete
            Type Code: MP_REACH_NLRI (14)
            Length: 81
            Address family identifier (AFI): Layer-2 VPN (25)
            Subsequent address family identifier (SAFI): EVPN (70)
            Next hop network address (4 bytes) //该处可能是wireshark版本问题,该字段没有直接显示,但是实际上为Leaf3 VETP的IP地址,且为十六进制格式。
												
                                                //Laef1收到该tpye5类型的信息,看到Leaf3的VTEP地址,判断路由可达,故建立VXLAN隧道。
            Number of Subnetwork points of attachment (SNPA): 0
            Network layer reachability information (72 bytes)
                EVPN NLRI: IP Prefix route
                    Route Type: IP Prefix route (5)
                    Length: 34
                    Route Distinguisher: 0000006400000001 (100:1)
                    ESI: 00:00:00:00:00:00:00:00:00:00
                    Ethernet Tag ID: 0
                    IP prefix length: 24
                    IPv4 address: 10.1.36.0
                    IPv4 Gateway address: 0.0.0.0
                    MPLS Label Stack: 6, (BOGUS: Bottom of Stack NOT set!)
                        MPLS Label: 1006,//该处可能为wireshark版本问题,该字段没有直接显示,但实际为L3 VNI的值,且为十六进制格式。
											
                                           //转换为十进制后值为100,即Leaf1结合Leaf3的VTEP地址,建立L3的VXLAN隧道。
                EVPN NLRI: IP Prefix route
                    Route Type: IP Prefix route (5)
                    Length: 34
                    Route Distinguisher: 0000006400000001 (100:1)
                    ESI: 00:00:00:00:00:00:00:00:00:00
                    Ethernet Tag ID: 0
                    IP prefix length: 32
                    IPv4 address: 177.1.1.1
                    IPv4 Gateway address: 0.0.0.0
                    MPLS Label Stack: 6, (BOGUS: Bottom of Stack NOT set!)
                        MPLS Label: 1006,
		
说明:
type5携带L3VPN的export RT值:100:1和1000:1(evpn);
type5只携带L3VNI:100;
Type5携带Next hop network address,即为Leaf3的VTEP的IP地址;
type5携带Router’s MAC ,即为Leaf3的NVE(VTEP)端口mac地址:
		<Leaf-3>display interface Nve1
		Nve1 current state : UP (ifindex: 17)
		Line protocol current state : UP 
		Description: 
		IP Sending Frames' Format is PKTFMT_ETHNT_2, Hardware address is 707b-e8e6-5d85
Tpye5作为前缀路由不携带携带L2VNI,通过普通IP VPN实例的RT值100:1匹配本地的IP VPN实例,然后生成路由条目。

若leaf1和leaf2也发布了直连192.168.1.0/24和192.168.2.0/24的IP前缀路由,则针对这两个网段,组成分布式网关,彼此发送相同的192.168.1.0/24和192.168.2.0/24的路由。具体信息这里不做展示。

Leaf1查看bgp evpn type5的路由表:

<Leaf-1>display bgp evpn all routing-table prefix-route 
		 Local AS number : 100
		
		 BGP Local router ID is 10.1.1.1
		 Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
		               h - history,  i - internal, s - suppressed, S - Stale
		               Origin : i - IGP, e - EGP, ? - incomplete
		
		  
		 EVPN address family:
		  Number of Ip Prefix Routes: 2
		 Route Distinguisher: 100:1
		       Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
		 *>i   0:10.1.36.0:24                                         20.1.1.3        
		 *>i   0:177.1.1.1:32                                         20.1.1.3        
		
		   EVPN-Instance __vni100__:
		  
		 Number of Ip Prefix Routes: 2
		       Network(EthTagId/IpPrefix/IpPrefixLen)                 NextHop
		 *>i   0:10.1.36.0:24                                         20.1.1.3        
		 *>i   0:177.1.1.1:32                                         20.1.1.3

查看具体的bgp evpn type5路由信息,如0:177.1.1.1:32:

<Leaf-1>display bgp evpn all routing-table prefix-route  0:177.1.1.1:32
		
		
		 BGP local router ID : 10.1.1.1
		 Local AS number : 100
		
		 Total routes of Route Distinguisher(100:1): 1
		 BGP routing table entry information of 0:177.1.1.1:32:
		 Label information (Received/Applied): 100/NULL
		 From: 10.1.1.4 (10.1.1.4) 
		 Route Duration: 0d00h24m23s
		 Relay IP Nexthop: 10.1.14.4
		 Relay Tunnel Out-Interface: 
		 Original nexthop: 20.1.1.3
		 Qos information : 0x0            
		 Ext-Community:RT <100 : 1>, RT <1000 : 1>, OSPF DOMAIN ID <0.0.0.0 : 0>, OSPF ROUTER ID <10.1.36.3 : 0>, OSPF RT <0.0.0.0 : 0 : 1>, Tunnel Type <VxLan(8)>, Router's MAC <707b-e8e6-5d85>
		 AS-path Nil, origin incomplete, MED 2, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 2
		 Originator: 10.1.1.3
		 Cluster list: 10.1.1.4
		 Route Type: 5 (Ip Prefix Route)
		 Ethernet Tag ID: 0, IP Prefix/Len: 177.1.1.1/32, ESI: 0000.0000.0000.0000.0000, GW IP Address: 0.0.0.0
		 Not advertised to any peer yet
		 
		
		   EVPN-Instance __vni100__:
		  
		 Number of Ip Prefix Routes: 1
		 BGP routing table entry information of 0:177.1.1.1:32:
		 Route Distinguisher: 100:1
		 Remote-Cross route
		 Label information (Received/Applied): 100/NULL
		 From: 10.1.1.4 (10.1.1.4) 
		 Route Duration: 0d00h24m23s
		 Relay Tunnel Out-Interface: VXLAN
		 Original nexthop: 20.1.1.3
		 Qos information : 0x0            
		 Ext-Community:RT <100 : 1>, RT <1000 : 1>, OSPF DOMAIN ID <0.0.0.0 : 0>, OSPF ROUTER ID <10.1.36.3 : 0>, OSPF RT <0.0.0.0 : 0 : 1>, Tunnel Type <VxLan(8)>, Router's MAC <707b-e8e6-5d85>
		 AS-path Nil, origin incomplete, MED 2, localpref 100, pref-val 0, valid, internal, best, select, pre 255
		 Originator: 10.1.1.3
		 Cluster list: 10.1.1.4
		 Route Type: 5 (Ip Prefix Route)
		 Ethernet Tag ID: 0, IP Prefix/Len: 177.1.1.1/32, ESI: 0000.0000.0000.0000.0000, GW IP Address: 0.0.0.0
		 Not advertised to any peer yet
	去往Leaf3的177.1.1.1/32的路由,下一跳为vtep地址20.1.1.3,vxlan封装。

查看路由关联隧道信息:

<Leaf-1>display ip  routing-table vpn-instance vpn1  177.1.1.1 verbose 
		Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
		------------------------------------------------------------------------------
		Routing Table : vpn1
		Summary Count : 1
		
		Destination: 177.1.1.1/32        
		     Protocol: IBGP            Process ID: 0              
		   Preference: 255                   Cost: 2              
		      NextHop: 20.1.1.3         Neighbour: 0.0.0.0        
		        State: Active Adv Relied      Age: 00h29m42s           
		          Tag: 0                 Priority: low            
		        Label: NULL               QoSInfo: 0x0           
		   IndirectID: 0xAB00009C    
		 RelayNextHop: 0.0.0.0          Interface: VXLAN
		     TunnelID: 0x0000000027f000000e Flags: RD  
		
		<Leaf-1>display tunnel all 
		Tunnel ID                     Type                Destination         Status
		-----------------------------------------------------------------------------
		0x0000000027f000000d          vxlan_nvo3          20.1.1.2            UP  
		0x0000000027f000000e          vxlan_nvo3          20.1.1.3            Up
5.2.4 Type 2路由

type2路由分三种:mac route, arp route, irb route。如下所示:

leaf1发给spine1的mac路由抓包:

mac路由抓包:
		Frame 28: 510 bytes on wire (4080 bits), 510 bytes captured (4080 bits) on interface 0
		Ethernet II, Src: 4e:01:00:21:01:00 (4e:01:00:21:01:00), Dst: 4e:01:00:11:01:01 (4e:01:00:11:01:01)
		Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.4
		Transmission Control Protocol, Src Port: 65056, Dst Port: 179, Seq: 65, Ack: 65, Len: 456
		Border Gateway Protocol - UPDATE Message
		Border Gateway Protocol - UPDATE Message
		    Marker: ffffffffffffffffffffffffffffffff
		    Length: 120
		    Type: UPDATE Message (2)
		    Withdrawn Routes Length: 0
		    Total Path Attribute Length: 97
		    Path attributes
		        Path Attribute - ORIGIN: INCOMPLETE
		        Path Attribute - AS_PATH: empty
		        Path Attribute - LOCAL_PREF: 100
		        Path Attribute - EXTENDED_COMMUNITIES
		            Flags: 0xc0, Optional, Transitive, Complete
		            Type Code: EXTENDED_COMMUNITIES (16)
		            Length: 32
		            Carried extended communities: (4 communities)
		                Route Target: 10:1 [Transitive 2-Octet AS-Specific]
		                Route Target: 1000:1 [Transitive 2-Octet AS-Specific]
		                Encapsulation: VXLAN Encapsulation [Transitive Opaque]
		                MAC Mobility: Sticky MAC [Transitive EVPN]
		        Path Attribute - MP_REACH_NLRI
		            Flags: 0x90, Optional, Extended-Length, Non-transitive, Complete
		            Type Code: MP_REACH_NLRI (14)
		            Length: 44
		            Address family identifier (AFI): Layer-2 VPN (25)
		            Subsequent address family identifier (SAFI): EVPN (70)
		            Next hop network address (4 bytes)
		            Number of Subnetwork points of attachment (SNPA): 0
		            Network layer reachability information (35 bytes)
		                EVPN NLRI: MAC Advertisement Route
		                    Route Type: MAC Advertisement Route (2)
		                    Length: 33
		                    Route Distinguisher: 0000000a00000001 (10:1)
		                    ESI: 00:00:00:00:00:00:00:00:00:00
		                    Ethernet Tag ID: 0
		                    MAC Address Length: 48
		                    MAC Address: EquipTra_01:00:01 (00:01:00:01:00:01)
		                    IP Address Length: 0
		                    IP Address: NOT INCLUDED
		                        [Expert Info (Note/Protocol): IP Address: NOT INCLUDED]
a. 这是一条mac route,发送的mac地址为启用了分布式网关的int vbdif 10端口的mac地址:另外该处MP_REACH_NLRI并没有携带L2VNI值,Leaf2收到之后通过对比其携带的RT值(10:1和1000:1),发现其中10:1和本地BD10对应的EVPN实例iRT相同,则将该路由放置在对应的EVPN实例中,且打上L2VNI。如下所示:
			[~Leaf-2]display bgp evpn all routing-table  mac 0:48:0001-0001-0001:0:0.0.0.0
			
			
			 BGP local router ID : 10.1.1.2
			 Local AS number : 100
			
			 Total routes of Route Distinguisher(10:1): 2
			 BGP routing table entry information of 0:48:0001-0001-0001:0:0.0.0.0:
			 Label information (Received/Applied): 10/NULL
			 From: 0.0.0.0 (0.0.0.0) 
			 Route Duration: 0d04h04m10s
			 Direct Out-interface:  
			 Original nexthop: 20.1.1.2
			 Qos information : 0x0            
			 Ext-Community:RT <10 : 1>, RT <1000 : 1>, Tunnel Type <VxLan(8)>, Mac Mobility <flag:1 seq:0 res:0>
			 AS-path Nil, origin incomplete, pref-val 0, valid, local, best, select, pre 255
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 0001-0001-0001/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
			 Advertised to such 1 peers:
			    10.1.1.4
			
			 BGP routing table entry information of 0:48:0001-0001-0001:0:0.0.0.0:
			 Label information (Received/Applied): 10/NULL
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d01h04m10s
			 Relay IP Nexthop: 10.1.24.4
			 Relay Tunnel Out-Interface: 
			 Original nexthop: 20.1.1.1
			 Qos information : 0x0            
			 Ext-Community:RT <10 : 1>, RT <1000 : 1>, Tunnel Type <VxLan(8)>, Mac Mobility <flag:1 seq:0 res:0>
			 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, pre 255, IGP cost 2, not preferred for route type
			 Originator: 10.1.1.1
			 Cluster list: 10.1.1.4
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 0001-0001-0001/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
			 Not advertised to any peer yet
			 
			
			   EVPN-Instance 10:
			  
			 Number of Mac Routes: 2
			 BGP routing table entry information of 0:48:0001-0001-0001:0:0.0.0.0:
			 Route Distinguisher: 10:1
			 Label information (Received/Applied): 10/NULL
			 From: 0.0.0.0 (0.0.0.0) 
			 Route Duration: 0d04h04m12s
			 Direct Out-interface:  
			 Original nexthop: 20.1.1.2
			 Qos information : 0x0            
			 Ext-Community:Tunnel Type <VxLan(8)>, Mac Mobility <flag:1 seq:0 res:0>
			 AS-path Nil, origin incomplete, pref-val 0, valid, local, best, select, pre 255
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 0001-0001-0001/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
			 Not advertised to any peer yet
			 
			 BGP routing table entry information of 0:48:0001-0001-0001:0:0.0.0.0:
			 Route Distinguisher: 10:1
			 Remote-Cross route
			 Label information (Received/Applied): 10/NULL
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d01h04m12s
			 Relay Tunnel Out-Interface: VXLAN
			 Original nexthop: 20.1.1.1
			 Qos information : 0x0            
			 Ext-Community:RT <10 : 1>, RT <1000 : 1>, Tunnel Type <VxLan(8)>, Mac Mobility <flag:1 seq:0 res:0>
			 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, pre 255, not preferred for mac mobility
			 Originator: 10.1.1.1
			 Cluster list: 10.1.1.4
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 0001-0001-0001/48, IP Address/Len: 0.0.0.0/0, ESI:0000.0000.0000.0000.0000
			 Not advertised to any peer yet
b. Leaf1发送的mac route,经过spine反射之后交给leaf2,由于分布式网关场景下leaf1和Lea2leaf2的网关地址和mac地址都一直,因此Leaf2有0001:0001:0001的mac route,本地优先。

arp route 在分布式对称转发场景中不会产生,原因在于配置过程中指定了向BGP EVPN邻居发送的路由类型为IRB路由,如peer 10.1.1.4 advertise irb。

leaf1发给spine1的irb路由抓包:

irb路由抓包:
Frame 30: 764 bytes on wire (6112 bits), 764 bytes captured (6112 bits) on interface 0
		Ethernet II, Src: 4e:01:00:21:01:00 (4e:01:00:21:01:00), Dst: 4e:01:00:11:01:01 (4e:01:00:11:01:01)
		Internet Protocol Version 4, Src: 10.1.1.1, Dst: 10.1.1.4
		Transmission Control Protocol, Src Port: 65055, Dst Port: 179, Seq: 65, Ack: 65, Len: 710
		Border Gateway Protocol - UPDATE Message
		Border Gateway Protocol - UPDATE Message
		[Malformed Packet: BGP]
		Border Gateway Protocol - UPDATE Message
		    Marker: ffffffffffffffffffffffffffffffff
		    Length: 127
		    Type: UPDATE Message (2)
		    Withdrawn Routes Length: 0
		    Total Path Attribute Length: 104
		    Path attributes
		        Path Attribute - ORIGIN: INCOMPLETE
		        Path Attribute - AS_PATH: empty
		        Path Attribute - LOCAL_PREF: 100
		        Path Attribute - EXTENDED_COMMUNITIES
		            Flags: 0xc0, Optional, Transitive, Complete
		            Type Code: EXTENDED_COMMUNITIES (16)
		            Length: 32
		            Carried extended communities: (4 communities)
		                Route Target: 10:1 [Transitive 2-Octet AS-Specific]
		                Route Target: 1000:1 [Transitive 2-Octet AS-Specific]
		                Encapsulation: VXLAN Encapsulation [Transitive Opaque]
		                Unknown subtype 0x03: 0x707b 0xe80d 0x0337 [Transitive EVPN] //
		        Path Attribute - MP_REACH_NLRI
		            Flags: 0x90, Optional, Extended-Length, Non-transitive, Complete
		            Type Code: MP_REACH_NLRI (14)
		            Length: 51
		            Address family identifier (AFI): Layer-2 VPN (25)
		            Subsequent address family identifier (SAFI): EVPN (70)
		            Next hop network address (4 bytes)
		            Number of Subnetwork points of attachment (SNPA): 0
		            Network layer reachability information (42 bytes)
		                EVPN NLRI: MAC Advertisement Route
		                    Route Type: MAC Advertisement Route (2)
		                    Length: 40
		                    Route Distinguisher: 0000000a00000001 (10:1)
		                    ESI: 00:00:00:00:00:00:00:00:00:00
		                    Ethernet Tag ID: 0
		                    MAC Address Length: 48
		                    MAC Address: HuaweiTe_05:61:39 (54:89:98:05:61:39)
		                    IP Address Length: 32
		                    IPv4 address: 192.168.1.1
		[Malformed Packet: BGP]
		Border Gateway Protocol - UPDATE Message
		Border Gateway Protocol - UPDATE Message
		[Malformed Packet: BGP]
		Border Gateway Protocol - UPDATE Message
		[Malformed Packet: BGP]
		a. 这是一条ibr route,发送的mac地址为leaf1下挂的vm1的IP和MAC信息,其vm1在向外通信的时候,网关根据arp信息生成irb路由;
		b. Leaf1根据网关配置的arp collect host enable命令来实现arp信息收集,然后生成ibr路由;
		c. Leaf1发送的ibr route,经过spine反射之后交给leaf2,同mac route一样该处MP_REACH_NLRI并没有携带L2VNI值,Leaf2收到之后通过对比其携带的RT值(10:1和1000:1),发现其中10:1和本地BD10对应的EVPN实例iRT相同,则将该路由放置在对应的EVPN实例中,且本地打上L2VNI值,同时发现1000:1和本地IP VPN实例的iRT相同,则将该路由放置在对应的IP VPN实例中,且本地打上L3VNI值。
		d. Tpye2中arp和irb区别在于,ibr携带L2VNI、L3VNI以及Router's MAC,但是抓包过程中发现并没有携带L2VNI和L3VNI信息,该处实际不影响本地路由接收,原因如步骤c中所述。具体信息如下:
[~Leaf-2]display bgp evpn all routing-table  mac-route   0:48:5489-9805-6139:32:192.168.1.1
			
			
			 BGP local router ID : 10.1.1.2
			 Local AS number : 100
			
			 Total routes of Route Distinguisher(10:1): 1
			 BGP routing table entry information of 0:48:5489-9805-6139:32:192.168.1.1:
			 Label information (Received/Applied): 10 100/NULL
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d00h00m15s
			 Relay IP Nexthop: 10.1.24.4
			 Relay Tunnel Out-Interface: 
			 Original nexthop: 20.1.1.1
			 Qos information : 0x0            
			 Ext-Community:RT <10 : 1>, RT <1000 : 1>, Tunnel Type <VxLan(8)>, Router's MAC <707b-e80d-0337>
			 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255, IGP cost 2
			 Originator: 10.1.1.1
			 Cluster list: 10.1.1.4
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 5489-9805-6139/48, IP Address/Len: 192.168.1.1/32, ESI:0000.0000.0000.0000.0000
			 Not advertised to any peer yet
			 
			
			   EVPN-Instance 10:
			  
			 Number of Mac Routes: 1
			 BGP routing table entry information of 0:48:5489-9805-6139:32:192.168.1.1:
			 Route Distinguisher: 10:1
			 Remote-Cross route
			 Label information (Received/Applied): 10 100/NULL    //10为L2VNI ,100为L3VNI
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d00h00m15s
			 Relay Tunnel Out-Interface: VXLAN
			 Original nexthop: 20.1.1.1
			 Qos information : 0x0            
			 Ext-Community:RT <10 : 1>, RT <1000 : 1>, Tunnel Type <VxLan(8)>, Router's MAC <707b-e80d-0337>
			 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
			 Originator: 10.1.1.1
			 Cluster list: 10.1.1.4
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 5489-9805-6139/48, IP Address/Len: 192.168.1.1/32, ESI:0000.0000.0000.0000.0000
			 Not advertised to any peer yet
			 
			
			   EVPN-Instance __vni100__:
			  
			 Number of Mac Routes: 1
			 BGP routing table entry information of 0:48:5489-9805-6139:32:192.168.1.1:
			 Route Distinguisher: 10:1
			 Remote-Cross route
			 Label information (Received/Applied): 10 100/NULL
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d00h00m16s
			 Relay Tunnel Out-Interface: VXLAN
			 Original nexthop: 20.1.1.1
			 Qos information : 0x0            
			 Ext-Community:RT <10 : 1>, RT <1000 : 1>, Tunnel Type <VxLan(8)>, Router's MAC <707b-e80d-0337>
			 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
			 Originator: 10.1.1.1
			 Cluster list: 10.1.1.4
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 5489-9805-6139/48, IP Address/Len: 192.168.1.1/32, ESI:0000.0000.0000.0000.0000
             Not advertised to any peer yet

5.3、同网段,不同Leaf服务器Ping测试

执行操作:192.168.1.1Ping 192.168.1.2,并在Leaf1连Spine1端口抓包,其来回路径为VM1-vSwitch1-Leaf1-Spine1-Leaf2-vSwtich2-VM3

vm1首次和vm3通信,发送arp报文学习vm3的mac地址;

Leaf1通过原mac学习到vm1的MAC地址、BDID(二层广播域标识)和报文入接口的对应关系,并在本地MAC表中生成vm1的MAC表项,其出接口为GE1/0/1.10。

[~Leaf-1]display mac-address dynamic 
		Flags: * - Backup  
		BD   : bridge-domain   Age : dynamic MAC learned time in seconds
		-------------------------------------------------------------------------------
		MAC Address    VLAN/VSI/BD   Learned-From        Type                Age
		-------------------------------------------------------------------------------
		5489-9805-6139 -/-/10        GE1/0/1.10          dynamic               -
		-------------------------------------------------------------------------------
		Total items: 1
		[~Leaf-1]

Leaf1上VTEP根据对应的二层广播域获取对应VNI10的头端复制隧道列表,依据获取的隧道列表进行报文复制,并进行VXLAN封装。然后将封装后的报文从出接口转发出去。

a. Leaf1关于VNI10的头端复制隧道列表如下:
		[~Leaf-1]display vxlan peer 
		Number of peers : 2
		Vni ID    Source                  Destination            Type      Out Vni ID
		-------------------------------------------------------------------------------
		10        20.1.1.1                20.1.1.2               dynamic   10         
		20        20.1.1.1                20.1.1.2               dynamic   20         
		[~Leaf-1]
b. 封装报文信息如下:
		Frame 346: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0
		Ethernet II, Src: 38:42:a9:01:01:00 (38:42:a9:01:01:00), Dst: 38:42:a9:04:01:01 (38:42:a9:04:01:01)
		Internet Protocol Version 4, Src: 20.1.1.1, Dst: 20.1.1.2
		User Datagram Protocol, Src Port: 4789, Dst Port: 4789
		Virtual eXtensible Local Area Network
		    Flags: 0x0800, VXLAN Network ID (VNI)
		    Group Policy ID: 0
		    VXLAN Network Identifier (VNI): 10
		    Reserved: 0
		Ethernet II, Src: HuaweiTe_05:61:39 (54:89:98:05:61:39), Dst: Broadcast (ff:ff:ff:ff:ff:ff)
		Address Resolution Protocol (request)

Leaf2上VTEP收到VXLAN报文后,根据UDP目的端口号、源/目的IP地址、VNI判断VXLAN报文的合法有效性。然后依据VNI获取对应的二层广播域,进行VXLAN解封装,获取内层二层报文。同时学习到vm1的MAC地址、BDID(二层广播域标识)和报文入VTEP的对应关系,形成mac转发表,如下:

[~Leaf-2-GE1/0/1.20]display mac-address dynamic 
		Flags: * - Backup  
		BD   : bridge-domain   Age : dynamic MAC learned time in seconds
		-------------------------------------------------------------------------------
		MAC Address    VLAN/VSI/BD   Learned-From        Type                Age
		-------------------------------------------------------------------------------
		5489-9805-6139 -/-/10        20.1.1.1            dynamic               -
		-------------------------------------------------------------------------------

Leaf2检查内层二层报文的目的MAC,发现是BUM MAC,在对应的二层广播域内的非VXLAN隧道侧进行广播处理,即:Leaf2分别从本地MAC表中找到非VXLAN隧道侧的所有出接口(GE1/0/1.20)和封装信息,为报文添加VLAN Tag30,转发给对应的终端vm3。

vm3收到该arp报文解封装之后,发现是请求自己的mac地址,则通过单播的方式响应arp报文,单播的目的mac地址为5489-9805-6139。

Leaf2收到该arp应答报文后,通过原mac学习到vm1的MAC地址、BDID(二层广播域标识)和报文入接口的对应关系,并在本地MAC表中生成vm1的MAC表项,其出接口为GE1/0/1.20。

<Leaf-2>display mac-address dynamic 
		Flags: * - Backup  
		BD   : bridge-domain   Age : dynamic MAC learned time in seconds
		-------------------------------------------------------------------------------
		MAC Address    VLAN/VSI/BD   Learned-From        Type                Age
		-------------------------------------------------------------------------------
		5489-9805-6139 -/-/10        20.1.1.1            dynamic               -
		5489-988b-4f15 -/-/10        GE1/0/1.20          dynamic               -
		-------------------------------------------------------------------------------
        Total items: 2

Leaf2同时查看mac表项,发现目的mac地址出接口为20.1.1.1,且VNI为10,随即查看VXLAN隧道信息进行封装。

a. Leaf2的VXLAN隧道信息如下:
		<Leaf-2>display vxlan tunnel 
		Number of vxlan tunnel : 2
		Tunnel ID   Source                Destination           State  Type     Uptime
		--------------------------------------------------------------------------------
		---
		4026531841  20.1.1.2              20.1.1.3              up     dynamic  00:41:53
		  
		4026531842  20.1.1.2              20.1.1.1              up     dynamic  00:41:51
		  
		<Leaf-2>
b. 封装报文信息如下:
		Frame 347: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface 0
		Ethernet II, Src: 38:42:a9:04:01:01 (38:42:a9:04:01:01), Dst: 38:42:a9:01:01:00 (38:42:a9:01:01:00)
		Internet Protocol Version 4, Src: 20.1.1.2, Dst: 20.1.1.1
		User Datagram Protocol, Src Port: 4789, Dst Port: 4789
		Virtual eXtensible Local Area Network
		    Flags: 0x0800, VXLAN Network ID (VNI)
		    Group Policy ID: 0
		    VXLAN Network Identifier (VNI): 10
		    Reserved: 0
		Ethernet II, Src: HuaweiTe_8b:4f:15 (54:89:98:8b:4f:15), Dst: HuaweiTe_05:61:39 (54:89:98:05:61:39)
		Address Resolution Protocol (reply)

Leaf1上VTEP收到VXLAN报文后,根据UDP目的端口号、源/目的IP地址、VNI判断VXLAN报文的合法有效性。然后依据VNI获取对应的二层广播域,进行VXLAN解封装,获取内层二层报文。同时学习到vm3的MAC地址、BDID(二层广播域标识)和报文入VTEP的对应关系,形成mac转发表,如下:

[~Leaf-1]display mac-address dynamic 
		Flags: * - Backup  
		BD   : bridge-domain   Age : dynamic MAC learned time in seconds
		-------------------------------------------------------------------------------
		MAC Address    VLAN/VSI/BD   Learned-From        Type                Age
		-------------------------------------------------------------------------------
		5489-988b-4f15 -/-/10        20.1.1.2            dynamic               -
		5489-9805-6139 -/-/10        GE1/0/1.10          dynamic               -
		-------------------------------------------------------------------------------
		Total items: 2

Leaf2检查内层二层报文的目的MAC,发现是单播MAC,查看mac表项,找到出接口(GE1/0/1.10)和封装信息,为报文添加VLAN Tag30,转发给对应的终端vm1。

vm1收到arp应答报文后学习到vm3的mac地址后完成报文封装。

Leaf1收到后查看mac表项,发现目的mac地址的出接口为20.1.1.2,且VNI为10,随即查看VXLAN隧道信息进行封装。

报文封装:
        Frame 348: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) on interface 0
		Ethernet II, Src: 38:42:a9:01:01:00 (38:42:a9:01:01:00), Dst: 38:42:a9:04:01:01 (38:42:a9:04:01:01)
		Internet Protocol Version 4, Src: 20.1.1.1, Dst: 20.1.1.2
		User Datagram Protocol, Src Port: 4789, Dst Port: 4789
		Virtual eXtensible Local Area Network
		    Flags: 0x0800, VXLAN Network ID (VNI)
		    Group Policy ID: 0
		    VXLAN Network Identifier (VNI): 10
		    Reserved: 0
		Ethernet II, Src: HuaweiTe_05:61:39 (54:89:98:05:61:39), Dst: HuaweiTe_8b:4f:15 (54:89:98:8b:4f:15)
		Internet Protocol Version 4, Src: 192.168.1.1, Dst: 192.168.1.2
        Internet Control Message Protocol

Leaf2上VTEP收到VXLAN报文后,根据UDP目的端口号、源/目的IP地址、VNI判断VXLAN报文的合法有效性。然后依据VNI获取对应的二层广播域,进行VXLAN解封装,获取内层icmp request 报文,根据目的mac地址查到mac表项,即从Leaf2的VNI10 对应的GE1/0/1.20接口转发出去。

vm3收到icmp request报文后随即回复icmp reply报文,其仍然是单播转发,其过程同icmp request类似。

需要注意,在ibr对称型分布式网关场景中,二层通信没有BGP EVPN没有相关mac的学习信息。同网段通信,完全依靠数据平面arp完成,控制平面的BGP EVPN没有触发任何动作(没有update,没有mac学习)。因为同网段通信,并不解析网关地址,所以没有触发bgp evpn控制平面学习。

5.4、不同网段,同一Leaf下服务器Ping测试

执行操作:192.168.1.1 Ping 192.168.2.1,并在Leaf1连Spine1端口抓包,其来回路径为VM1-vSwitch1-Leaf1-vSwtich2-VM2

该过程同集中转发场景中三层互访一至,也和传统的单臂路由场景类似。

5.5、不同网段,不同Leaf下服务器Ping

执行操作:192.168.2.1 Ping 192.168.1.2,并在Leaf1连Spine1端口抓包,其来回路径为VM2-vSwitch1-Leaf1-Leaf2-vSwtich2-VM3

Leaf1收到来自vm2的报文,检测到报文的目的MAC是网关接口MAC,判断该报文需要进行三层转发。

Leaf1根据报文的入接口找到对应的二层广播域,然后找到绑定该广播域VBDIF接口的L3VPN实例。根据报文的目的IP地址,查找该L3VPN实例下的路由表,获取该路由对应的三层VNI,以及下一跳地址。再根据出接口是VXLAN隧道,判断需要进行VXLAN封装:

a. 根据tpye2-ibr路由学习到192.168.1.2/32位路由,如下:
			[~Leaf-1]display ip routing-table vpn-instance vpn1 
			Proto: Protocol        Pre: Preference
			Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole
			 route
			------------------------------------------------------------------------------
			Routing Table : vpn1
			         Destinations : 10       Routes : 10        
			
			Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
			
			      10.1.36.0/24  IBGP    255  2             RD  20.1.1.3        VXLAN
			      177.1.1.1/32  IBGP    255  2             RD  20.1.1.3        VXLAN
			    192.168.1.0/24  Direct  0    0             D   192.168.1.254   Vbdif10
			    192.168.1.2/32  IBGP    255  0             RD  20.1.1.2        VXLAN    //该路由条目有irb路由
			  192.168.1.254/32  Direct  0    0             D   127.0.0.1       Vbdif10
			  192.168.1.255/32  Direct  0    0             D   127.0.0.1       Vbdif10
			    192.168.2.0/24  Direct  0    0             D   192.168.2.254   Vbdif20
			  192.168.2.254/32  Direct  0    0             D   127.0.0.1       Vbdif20
			  192.168.2.255/32  Direct  0    0             D   127.0.0.1       Vbdif20
			255.255.255.255/32  Direct  0    0             D   127.0.0.1       InLoopBack0
b. Leaf1关于192.168.1.2/32路由的详细信息如下:
			[~Leaf-1]display ip routing-table vpn-instance vpn1 192.168.1.2 verbose 
			Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole
			 route
			------------------------------------------------------------------------------
			Routing Table : vpn1
			Summary Count : 1
			
			Destination: 192.168.1.2/32      
			     Protocol: IBGP               Process ID: 0              
			   Preference: 255                      Cost: 0              
			      NextHop: 20.1.1.2            Neighbour: 10.1.1.4
			        State: Active Adv Relied         Age: 00h02m17s           
			          Tag: 0                    Priority: low            
			        Label: NULL                  QoSInfo: 0x0           
			   IndirectID: 0x1000080            Instance:                                 
			 RelayNextHop: 0.0.0.0             Interface: VXLAN
			     TunnelID: 0x0000000027f0000001 Flags: RD 
c. Leaf1上关于192.168.1.2/32的EVPN路由如下:
			[~Leaf-1]display bgp evpn all routing-table mac-route 0:48:5489-988b-4f15:32:192.168.1.2
			
			
			   EVPN-Instance __RD_1_100_1__:
			  
			 Number of Mac Routes: 1
			 BGP routing table entry information of 0:48:5489-988b-4f15:32:192.168.1.2:
			 Route Distinguisher: 10:1
			 Remote-Cross route
			 Label information (Received/Applied): 10 100/NULL
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d00h17m49s
			 Relay Tunnel Out-Interface: VXLAN
			 Original nexthop: 20.1.1.2
			 Qos information : 0x0
			 Ext-Community: RT <10 : 1>, RT <1000 : 1>, Tunnel Type <VxLan>, Router's MAC <707b-e85f-46d1>
			 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
			 Originator: 10.1.1.2
			 Cluster list: 10.1.1.4
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 5489-988b-4f15/48, IP Address/Len: 192.168.1.2/32, ESI:0000.0000.0000.0000.0000
			 Not advertised to any peer yet
d. Leaf1关于VXLAN隧道信息如下:
			[~Leaf-1] display tunnel all 
			Tunnel ID            Type                Destination                            
			 Status
			--------------------------------------------------------------------------------
			--------
			0x0000000027f0000001 vxlan_nvo3          20.1.1.2                               
			 UP  
			0x0000000027f0000002 vxlan_nvo3          20.1.1.3                               
			 UP  
	根据VXLAN隧道的目的IP和源IP地址,获取对应的MAC地址,并将内层目的MAC和源MAC替换。
		a. 内层源MAC地址为vm2网关地址192.168.2.254(IP VPN实例入口)接口的mac地址,即0002-0002-0002;
		b. 内网目的MAC地址为Leaf2上VTEP的mac地址,该MAC地址通过irb路由中Router's MAC 携带。
	将三层VNI封装到报文中。
	外层封装VXLAN隧道的目的IP和源IP地址,源MAC地址为Leaf1的出接口MAC地址,目的MAC地址为网络下一跳的MAC地址。

报文封装如下

报文封装
        Frame 2084: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) on interface 0
		Ethernet II, Src: 38:42:a9:01:01:00 (38:42:a9:01:01:00), Dst: 38:42:a9:04:01:01 (38:42:a9:04:01:01)
		Internet Protocol Version 4, Src: 20.1.1.1, Dst: 20.1.1.2
		User Datagram Protocol, Src Port: 4789, Dst Port: 4789
		Virtual eXtensible Local Area Network
		    Flags: 0x0800, VXLAN Network ID (VNI)
		    Group Policy ID: 0
		    VXLAN Network Identifier (VNI): 100
		    Reserved: 0
		Ethernet II, Src: NetSys_02:00:02 (00:02:00:02:00:02), Dst: HuaweiTe_5f:46:d1 (70:7b:e8:5f:46:d1)  
		    Destination: HuaweiTe_5f:46:d1 (70:7b:e8:5f:46:d1)
		    Source: NetSys_02:00:02 (00:02:00:02:00:02)
		    Type: IPv4 (0x0800)
		Internet Protocol Version 4, Src: 192.168.2.1, Dst: 192.168.1.2
		Internet Control Message Protocol

封装后的报文根据外层MAC和IP信息在IP网络中传输,送达Leaf2。

Leaf2收到VXLAN报文后进行解封装,检测到报文外层的目的MAC是自己的MAC地址,判断该报文需要进行三层转发,进行外层解封装,后发现内层的目的MAC是自己VTEP的MAC地址,继续解封装;

Leaf2根据报文携带的三层VNI找到对应的L3VPN实例,查找该L3VPN实例下的路由表,发现192.1681.2所在的网段路由获取报文的下一跳是网关接口地址,然后进行ARP迭代,将目的MAC地址替换为VM3的MAC地址,源MAC地址替换为Leaf2的网关地址为192.168.1.254的MAC地址,转发给vm3。

vm3给vm2回复的报文转发流程类似。

5.6、模拟外部和服务器之间Ping

Leaf3配置IP前缀路由发布,因此R1上177.1.1.1/32位路由条目通过bgp evpn type 5 prefix-route update, 携带如下信息:
 

a. type5携带L3VPN的export RT值:100:1和1000:1(evpn);
b. type5只携带L3VNI:100;
c. Type5携带Next hop network address,即为Leaf3的VTEP的IP地址;
d. type5携带Router’s MAC ,即为Leaf3的NVE(VTEP)端口mac地址:
具体报文和路由信息详见章节5.2.3。

Leaf1和2配置对邻居发布IRB路由,因此Leaf1和Leaf2通过ARP信息收集的主机信息(Leaf1上192.168.1.1/32和192.168.2.1/32;Leaf2上192.1681.2/32)会通过bgp evpn type 2 irb update,以Leaf1为例携带信息如下:

a.type2携带EVPN实例的export RT值:10:1和1000:1
b.type2不携带L2 VNI和L3VNI  //该处和资料有出入,可能是模拟器软件版本原因,但是实际不影响对端路由接收,分析详见章节5.2.4
c.Type2携带Next hop network address,即为Leaf1的VTEP的IP地址;
d.Type2携带Router’s MAC ,即为Leaf1的NVE(VTEP)端口mac地址:

Leaf2根据该路由信息用于不用网段,不同Leaf下互访(即192.168.1.2和192.168.1.1之间),Leaf3根据该路由信息用于外部和服务器之间互访。以177.1.1.1 ping 192.168.1.1为例具体流程如下:

a. R1产生icmp request报文,如下:
			Frame 4: 98 bytes on wire (784 bits), 98 bytes captured (784 bits) on interface 0
			Ethernet II, Src: HuaweiTe_dc:48:25 (54:89:98:dc:48:25), Dst: 38:42:a9:03:01:01 (38:42:a9:03:01:01)
			Internet Protocol Version 4, Src: 177.1.1.1, Dst: 192.168.1.1
			Internet Control Message Protocol
b. Leaf3从接口GE1/0/1接口收到该icmp request,匹配至IP VPN实例中,查找路由信息如下:
			<Leaf-3>display ip routing-table vpn-instance  vpn1 192.168.1.1
			Proto: Protocol        Pre: Preference
			Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
			------------------------------------------------------------------------------
			Routing Table : vpn1
			Summary Count : 1
			
			Destination/Mask    Proto   Pre  Cost        Flags NextHop         Interface
			
			    192.168.1.1/32  IBGP    255  0             RD  20.1.1.1        VXLAN
			
			<Leaf-3>display ip routing-table vpn-instance  vpn1 192.168.1.1 verbose 
			Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
			------------------------------------------------------------------------------
			Routing Table : vpn1
			Summary Count : 1
			
			Destination: 192.168.1.1/32      
			     Protocol: IBGP               Process ID: 0              
			   Preference: 255                      Cost: 0              
			      NextHop: 20.1.1.1            Neighbour: 10.1.1.4
			        State: Active Adv Relied         Age: 00h23m24s           
			          Tag: 0                    Priority: low            
			        Label: NULL                  QoSInfo: 0x0           
			   IndirectID: 0x1000072            Instance:                                 
			 RelayNextHop: 0.0.0.0             Interface: VXLAN
			     TunnelID: 0x0000000027f0000004 Flags: RD             
			<Leaf-3>
			<Leaf-3>display tunnel all 
			Tunnel ID            Type                Destination                             Status
			----------------------------------------------------------------------------------------
			0x0000000027f0000002 vxlan_nvo3          20.1.1.2                                UP  
			0x0000000027f0000004 vxlan_nvo3          20.1.1.1                                UP 
			<Leaf-3>display bgp evpn all routing-table mac-route 0:48:5489-9805-6139:32:192.168.1.1 
			
			   EVPN-Instance __RD_1_100_1__:
			                
			 Number of Mac Routes: 1
			 BGP routing table entry information of 0:48:5489-9805-6139:32:192.168.1.1:
			 Route Distinguisher: 10:1
			 Remote-Cross route
			 Label information (Received/Applied): 10 100/NULL
			 From: 10.1.1.4 (10.1.1.4) 
			 Route Duration: 0d00h21m43s
			 Relay Tunnel Out-Interface: VXLAN
			 Original nexthop: 20.1.1.1
			 Qos information : 0x0
			 Ext-Community: RT <10 : 1>, RT <1000 : 1>, Tunnel Type <VxLan>, Router's MAC <707b-e80d-0337>
			 AS-path Nil, origin incomplete, localpref 100, pref-val 0, valid, internal, best, select, pre 255
			 Originator: 10.1.1.1
			 Cluster list: 10.1.1.4
			 Route Type: 2 (MAC Advertisement Route)
			 Ethernet Tag ID: 0, MAC Address/Len: 5489-9805-6139/48, IP Address/Len: 192.168.1.1/32, ESI:0000.0000.0000.0000.0000
			 Not advertised to any peer yet
c. Leaf3匹配路由,进行VXLAN封装:
		根据VXLAN隧道的目的IP和源IP地址,获取对应的MAC地址,并将内层目的MAC和源MAC替换。
			i.内层源MAC地址为GE1/0/1(IP VPN实例入口)接口的mac地址,即38:42:a9:03:01:01;
			ii.内网目的MAC地址为Leaf1上VTEP的mac地址,该MAC地址通过irb路由中Router's MAC 携带。
		将三层VNI封装到报文中。
		外层封装VXLAN隧道的目的IP和源IP地址,源MAC地址为Leaf1的出接口MAC地址,目的MAC地址为网络下一跳的MAC地址。
d. 报文封装如下:
			Frame 3306: 148 bytes on wire (1184 bits), 148 bytes captured (1184 bits) on interface 0
			Ethernet II, Src: 38:42:a9:04:01:01 (38:42:a9:04:01:01), Dst: 38:42:a9:01:01:00 (38:42:a9:01:01:00)
			Internet Protocol Version 4, Src: 20.1.1.3, Dst: 20.1.1.1
			User Datagram Protocol, Src Port: 4789, Dst Port: 4789
			Virtual eXtensible Local Area Network
			    Flags: 0x0800, VXLAN Network ID (VNI)
			    Group Policy ID: 0
			    VXLAN Network Identifier (VNI): 100
			    Reserved: 0
			Ethernet II, Src: 38:42:a9:03:01:01 (38:42:a9:03:01:01), Dst: HuaweiTe_0d:03:37 (70:7b:e8:0d:03:37)
			Internet Protocol Version 4, Src: 177.1.1.1, Dst: 192.168.1.1
Internet Control Message Protocol

封装后的报文根据外层MAC和IP信息在IP网络中传输,送达Leaf1。

Leaf1收到VXLAN报文后进行解封装,检测到报文外层的目的MAC是自己的MAC地址,判断该报文需要进行三层转发,进行外层解封装,后发现内层的目的MAC是自己VTEP的MAC地址,继续解封装;

Leaf1根据报文携带的三层VNI找到对应的L3VPN实例,查找该L3VPN实例下的路由表,发现192.168.1.1所在的网段路由获取报文的下一跳是网关接口地址,然后进行ARP迭代,将目的MAC地址替换为VM1的MAC地址,源MAC地址替换为Leaf1的网关地址为192.168.1.254的MAC地址,转发给vm1。

vm1给R1回复的报文转发流程类似。

5.7、arp广播抑制和代答

arp广播抑制,作用域L2和L3网关。

在终端租户初次互通过程中,终端租户会发送ARP广播请求报文,而ARP请求报文会在二层网络内广播。为了抑制ARP广播请求报文给网络带来的广播风暴,可在VXLAN二层网关设备上使能ARP广播抑制功能。但是,ARP广播抑制功能的实现依赖于三层网关上的主机信息表(包括主机IP地址、MAC地址、VTEP地址和VNI ID,主机信息表通过arp collect host enable获取)。

a. 配置如下:
	在bridge-domain下配置arp broadcast-suppress,使能ARP广播抑制功能。
	Leaf1和Leaf2上类似,如下:
		bridge-domain 10
		  arp broadcast-suppress enable
		#
		bridge-domain 20
		  arp broadcast-suppress enable
		#
b. 结果验证:
	vm1访问vm3同网段,不同leaf互访,leaf1收到vm1发送的arp报文后,会根据irb路由信息进行arp广播抑制,如下:
		Frame 6: 114 bytes on wire (912 bits), 114 bytes captured (912 bits) on interface 0
		Ethernet II, Src: 38:42:a9:03:01:00 (38:42:a9:03:01:00), Dst: 38:42:a9:02:01:01 (38:42:a9:02:01:01)
		Internet Protocol Version 4, Src: 20.1.1.1, Dst: 20.1.1.2
		User Datagram Protocol, Src Port: 4789, Dst Port: 4789
		Virtual eXtensible Local Area Network
		    Flags: 0x0800, VXLAN Network ID (VNI)
		    Group Policy ID: 0
		    VXLAN Network Identifier (VNI): 10
		    Reserved: 0
		Ethernet II, Src: HuaweiTe_05:61:39 (54:89:98:05:61:39), Dst: HuaweiTe_8b:4f:15 (54:89:98:8b:4f:15)
		    Destination: HuaweiTe_8b:4f:15 (54:89:98:8b:4f:15)
		    Source: HuaweiTe_05:61:39 (54:89:98:05:61:39)
		    Type: 802.1Q Virtual LAN (0x8100)
		802.1Q Virtual LAN, PRI: 6, DEI: 0, ID: 10
		Address Resolution Protocol (request)

arp proxy/arp 代答,作用与L2网关。

arp l2-proxy enable  ----BD下配置二层代答功能,可以配合arp collect host一起使用,即三层网关通过arp收集通过BGP EVPN更新至二层网关,二层网关收到arp请求报文后判断是否进行代答处理。

ARP二层代理是一种有效分散ARP报文处理压力的方法,其核心思想是隔离ARP广播域,对接收到的ARP请求报文尽量进行本地优先代答。执行arp l2-proxy enable命令使能ARP二层代理功能之后,设备在收到ARP报文时,会先查看自己能否获取到该ARP请求报文的目的用户的信息,如果能够获取就直接进行ARP代答,否则按照原先的转发流程转发该报文。

已经配置了VBDIF接口的Leaf上无法使能该功能。