华为CE交换机-配置通过端到端VXLAN实现DCI互联

2026年 4月 10日 交换机 SE_YT

配置通过端到端VXLAN实现DCI互联

组网需求

图1所示,某企业在不同的数据中心中都拥有自己的VM,服务器1内的VMa1属于VLAN 10,服务器2内的VMb2属于VLAN 20,且位于不同网段。现需要通过VXLAN分布式网关,在数据中心A的Leaf1和数据中心B的Leaf4上配置BGP EVPN协议创建VXLAN隧道,实现数据中心A内VMa1和数据中心B内VMb2之间端到端的互相通信。

图1 配置端到端VXLAN组网图

华为CE交换机-配置通过端到端VXLAN实现DCI互联

本例中interface1、interface2和interface3分别代表100GE1/0/1、100GE1/0/2、100GE1/0/3。

华为CE交换机-配置通过端到端VXLAN实现DCI互联

表1 接口的IP地址

设备

接口

IP地址

设备

接口

IP地址

Device1

100GE1/0/1

192.168.50.1/24

Device2

100GE1/0/1

192.168.60.1/24

100GE1/0/2

192.168.1.1/24

100GE1/0/2

192.168.1.2/24

LoopBack0

1.1.1.1/32

LoopBack0

2.2.2.2/32

Spine1

100GE1/0/1

192.168.10.1/24

Spine2

100GE1/0/1

192.168.30.1/24

100GE1/0/2

192.168.20.1/24

100GE1/0/2

192.168.40.1/24

LoopBack0

3.3.3.3/32

LoopBack0

4.4.4.4/32

Leaf1

100GE1/0/1

192.168.10.2/24

Leaf4

100GE1/0/1

192.168.40.2/24

100GE1/0/2

-

100GE1/0/2

-

LoopBack0

5.5.5.5/32

LoopBack0

8.8.8.8/32

Leaf2

100GE1/0/1

192.168.20.2/24

Leaf3

100GE1/0/1

192.168.30.2/24

100GE1/0/3

192.168.50.2/24

100GE1/0/3

192.168.60.2/24

LoopBack0

6.6.6.6/32

LoopBack0

7.7.7.7/32

配置思路

采用如下的思路配置端到端VXLAN:

  1. 配置各节点接口的IP地址。

  2. 配置路由协议,实现各节点之间的互通。

  3. 配置VXLAN业务接入点。

  4. 配置VXLAN隧道。
  5. 配置VXLAN三层网关。
  6. 配置VXLAN网关之间发布的路由类型。

操作步骤

  1. 配置各节点接口的IP地址。 

    # 配置Device1。其他设备的配置过程与Device1类似,在此不再赘述,具体请参考配置脚本。

    <HUAWEI> system-view
[~HUAWEI] sysname Device1
[*HUAWEI] commit
[~Device1] interface loopback 0
[*Device1-LoopBack0] ip address 1.1.1.1 32
[*Device1-LoopBack0] quit
[*Device1] interface 100ge 1/0/1
[*Device1-100GE1/0/1] undo portswitch
[*Device1-100GE1/0/1] ip address 192.168.50.1 24
[*Device1-100GE1/0/1] quit
[*Device1] interface 100ge 1/0/2
[*Device1-100GE1/0/2] undo portswitch
[*Device1-100GE1/0/2] ip address 192.168.1.1 24
[*Device1-100GE1/0/2] quit
[*Device1] commit

     

  2. 在数据中心内配置OSPF,在数据中心间配置BGP,实现路由互通。 

    # 配置Device1。Device2的配置过程与Device1类似,在此不再赘述,具体请参考配置脚本。

    [~Device1] bgp 10
[*Device1-bgp] peer 192.168.1.2 as-number 10
[*Device1-bgp] peer 192.168.50.2 as-number 20
[*Device1-bgp] ipv4-family unicast
[*Device1-bgp-af-ipv4] peer 192.168.1.2 enable
[*Device1-bgp-af-ipv4] peer 192.168.1.2 next-hop-local
[*Device1-bgp-af-ipv4] peer 192.168.50.2 enable
[*Device1-bgp-af-ipv4] quit
[*Device1-bgp] quit
[*Device1] commit

    # 配置Spine1。Spine2的配置过程与Spine1类似,在此不再赘述,具体请参考配置脚本。

    <HUAWEI> system-view
[~HUAWEI] sysname Spine1
[*HUAWEI] commit
[~Spine1] ospf 1
[*Spine1-ospf-1] area 0
[*Spine1-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[*Spine1-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255
[*Spine1-ospf-1-area-0.0.0.0] network 192.168.20.0 0.0.0.255
[*Spine1-ospf-1-area-0.0.0.0] quit
[*Spine1-ospf-1] quit
[*Spine1] commit

    # 配置Leaf1。Leaf4的配置过程与Leaf1类似,在此不再赘述,具体请参考配置脚本。

    <HUAWEI> system-view
[~HUAWEI] sysname Leaf1
[*HUAWEI] commit
[~Leaf1] ospf 1
[*Leaf1-ospf-1] area 0
[*Leaf1-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0
[*Leaf1-ospf-1-area-0.0.0.0] network 192.168.10.0 0.0.0.255
[*Leaf1-ospf-1-area-0.0.0.0] quit
[*Leaf1-ospf-1] quit
[*Leaf1] commit

     

     

    # 配置Leaf2。Leaf3的配置过程与Leaf2类似,在此不再赘述,具体请参考配置脚本。

    <HUAWEI> system-view
[~HUAWEI] sysname Leaf2
[*HUAWEI] commit
[~Leaf2] ospf 1
[*Leaf2-ospf-1] import-route bgp
[*Leaf2-ospf-1] area 0
[*Leaf2-ospf-1-area-0.0.0.0] network 6.6.6.6 0.0.0.0
[*Leaf2-ospf-1-area-0.0.0.0] network 192.168.20.0 0.0.0.255
[*Leaf2-ospf-1-area-0.0.0.0] quit
[*Leaf2-ospf-1] quit
[*Leaf2] commit
[~Leaf2] bgp 20
[*Leaf2-bgp] peer 192.168.50.1 as-number 10
[*Leaf2-bgp] ipv4-family unicast
[*Leaf2-bgp-af-ipv4] network 5.5.5.5 255.255.255.255
[*Leaf2-bgp-af-ipv4] network 6.6.6.6 255.255.255.255
[*Leaf2-bgp-af-ipv4] peer 192.168.50.1 enable
[*Leaf2-bgp-af-ipv4] quit
[*Leaf2-bgp] quit
[*Leaf2] commit

     

  3. 配置VXLAN业务接入点。 

    # 配置Leaf1。

    [~Leaf1] bridge-domain 10
[*Leaf1-bd10] quit
[*Leaf1] interface 100GE 1/0/2.1 mode l2
[*Leaf1-100GE1/0/2.1] encapsulation dot1q vid 10
[*Leaf1-100GE1/0/2.1] bridge-domain 10
[*Leaf1-100GE1/0/2.1] quit
[*Leaf1] commit

    Leaf4的配置过程与Leaf1类似,在此不再赘述,具体请参考配置脚本。

     

  4. 配置VXLAN隧道。
    1. 在Leaf1、Leaf2、Leaf3和Leaf4上使能EVPN作为VXLAN控制平面。 

      # 配置Leaf1。

      [~Leaf1] evpn-overlay enable
[*Leaf1] commit

      Leaf2、Leaf3和Leaf4的配置过程与Leaf1类似,在此不再赘述,具体请参考配置脚本。

       

    2. 在Leaf1和Leaf2之间、在Leaf3和Leaf4之间配置IBGP EVPN对等体关系。 

      # 配置Leaf1。

      [~Leaf1] bgp 100 instance evpn1
[*Leaf1-bgp-instance-evpn1] peer 6.6.6.6 as-number 100
[*Leaf1-bgp-instance-evpn1] peer 6.6.6.6 connect-interface LoopBack 0
[*Leaf1-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf1-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf1-bgp-instance-evpn1-af-evpn] quit
[*Leaf1-bgp-instance-evpn1] quit
[*Leaf1] commit

      # 配置Leaf2。

      [~Leaf2] bgp 100 instance evpn1
[*Leaf2-bgp-instance-evpn1] peer 5.5.5.5 as-number 100
[*Leaf2-bgp-instance-evpn1] peer 5.5.5.5 connect-interface LoopBack 0
[*Leaf2-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 5.5.5.5 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 5.5.5.5 next-hop-invariable
[*Leaf2-bgp-instance-evpn1-af-evpn] quit
[*Leaf2-bgp-instance-evpn1] quit
[*Leaf2] commit

      # 配置Leaf3。

      [~Leaf3] bgp 200 instance evpn1
[*Leaf3-bgp-instance-evpn1] peer 8.8.8.8 as-number 200
[*Leaf3-bgp-instance-evpn1] peer 8.8.8.8 connect-interface LoopBack 0
[*Leaf3-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf3-bgp-instance-evpn1-af-evpn] peer 8.8.8.8 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf3-bgp-instance-evpn1-af-evpn] peer 8.8.8.8 next-hop-invariable
[*Leaf3-bgp-instance-evpn1-af-evpn] quit
[*Leaf3-bgp-instance-evpn1] quit
[*Leaf3] commit

      # 配置Leaf4。

      [~Leaf4] bgp 200 instance evpn1
[*Leaf4-bgp-instance-evpn1] peer 7.7.7.7 as-number 200
[*Leaf4-bgp-instance-evpn1] peer 7.7.7.7 connect-interface LoopBack 0
[*Leaf4-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf4-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf4-bgp-instance-evpn1-af-evpn] quit
[*Leaf4-bgp-instance-evpn1] quit
[*Leaf4] commit

       

    3. 在Leaf2和Leaf3之间配置EBGP EVPN对等体关系。 

      # 配置Leaf2。

      [~Leaf2] bgp 100 instance evpn1
[*Leaf2-bgp-instance-evpn1] peer 7.7.7.7 as-number 200
[*Leaf2-bgp-instance-evpn1] peer 7.7.7.7 connect-interface LoopBack 0
[*Leaf2-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf2-bgp-instance-evpn1-af-evpn] undo policy vpn-target
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 next-hop-invariable
[*Leaf2-bgp-instance-evpn1-af-evpn] quit
[*Leaf2-bgp-instance-evpn1] quit
[*Leaf2] commit

      # 配置Leaf3。

      [~Leaf3] bgp 200 instance evpn1
[*Leaf3-bgp-instance-evpn1] peer 6.6.6.6 as-number 100
[*Leaf3-bgp-instance-evpn1] peer 6.6.6.6 connect-interface LoopBack0
[*Leaf3-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf3-bgp-instance-evpn1-af-evpn] undo policy vpn-target
[*Leaf3-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf3-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 next-hop-invariable
[*Leaf3-bgp-instance-evpn1-af-evpn] quit
[*Leaf3-bgp-instance-evpn1] quit
[*Leaf3] commit

       

    4. 配置EVPN实例。 

      # 配置Leaf1。

      [~Leaf1] ip vpn-instance vpn1
[*Leaf1-vpn-instance-vpn1] vxlan vni 5010
[*Leaf1-vpn-instance-vpn1] ipv4-family
[*Leaf1-vpn-instance-vpn1-af-ipv4] route-distinguisher 20:1
[*Leaf1-vpn-instance-vpn1-af-ipv4] vpn-target 100:5010 evpn
[*Leaf1-vpn-instance-vpn1-af-ipv4] quit
[*Leaf1-vpn-instance-vpn1] quit
[*Leaf1] bridge-domain 10
[*Leaf1-bd10] vxlan vni 10
[*Leaf1-bd10] evpn
[*Leaf1-bd10-evpn] route-distinguisher 10:1
[*Leaf1-bd10-evpn] vpn-target 100:10
[*Leaf1-bd10-evpn] vpn-target 100:5010 export-extcommunity
[*Leaf1-bd10-evpn] quit
[*Leaf1-bd10] quit
[*Leaf1] commit

      Leaf4的配置过程与Leaf1类似,在此不再赘述,具体请参考配置脚本。

       

    5. 在Leaf上使能头端复制功能。 

      # 在配置Leaf1。

      [~Leaf1] interface nve 1
[*Leaf1-Nve1] source 5.5.5.5
[*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp
[*Leaf1-Nve1] quit
[*Leaf1] commit

      Leaf4的配置过程与Leaf1类似,在此不再赘述,具体请参考配置脚本。

       

  5. 配置VXLAN三层网关。 

    # 配置Leaf1。

    [~Leaf1] interface vbdif 10
[*Leaf1-Vbdif10] ip binding vpn-instance vpn1
[*Leaf1-Vbdif10] ip address 10.1.1.1 24
[*Leaf1-Vbdif10] arp collect host enable
[*Leaf1-Vbdif10] vxlan anycast-gateway enable
[*Leaf1-Vbdif10] quit
[*Leaf1] commit

    Leaf4的配置过程与Leaf1类似,在此不再赘述,具体请参考配置脚本。

     

  6. 配置VXLAN网关之间发布的路由类型。 

    # 配置Leaf1。

    [~Leaf1] bgp 100 instance evpn1
[*Leaf1-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf1-bgp-instance-evpn1-af-evpn] peer 6.6.6.6 advertise irb
[*Leaf1-bgp-instance-evpn1-af-evpn] quit
[*Leaf1-bgp-instance-evpn1] quit
[*Leaf1] commit

    # 配置Leaf2。

    [~Leaf2] bgp 100 instance evpn1
[*Leaf2-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 5.5.5.5 advertise irb
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 7.7.7.7 advertise irb
[*Leaf2-bgp-instance-evpn1-af-evpn] quit
[*Leaf2-bgp-instance-evpn1] quit
[*Leaf2] commit

    Leaf4的配置过程与Leaf1类似,Leaf3的配置过程与Leaf2类似,在此不再赘述,具体请参考配置脚本。

     

检查配置结果

上述配置成功后,在Leaf上执行display vxlan tunnel命令,可以看到建立的VXLAN隧道信息。以Leaf1的显示为例:

[~Leaf1] display vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID   Source                Destination           State  Type     Uptime
-----------------------------------------------------------------------------------
4026531842  5.5.5.5               8.8.8.8               up     dynamic  00:10:16

配置完成后,VMa1和VMb2之间可以互相通信。

配置脚本

  • Spine1的配置文件

    #
sysname Spine1
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.10.1 255.255.255.0
#
interface 100GE1/0/2
 undo portswitch
 ip address 192.168.20.1 255.255.255.0
#
interface LoopBack0
 ip address 3.3.3.3 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 192.168.10.0 0.0.0.255
  network 192.168.20.0 0.0.0.255
#
return

  • Leaf1的配置文件

    #
sysname Leaf1
#
evpn-overlay enable
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 20:1
  vpn-target 100:5010 export-extcommunity evpn
  vpn-target 100:5010 import-extcommunity evpn
 vxlan vni 5010
#
bridge-domain 10
 vxlan vni 10
 #
 evpn
  route-distinguisher 10:1
  vpn-target 100:10 export-extcommunity
  vpn-target 100:5010 export-extcommunity
  vpn-target 100:10 import-extcommunity
#
interface Vbdif10
 ip binding vpn-instance vpn1
 ip address 10.1.1.1 255.255.255.0
 vxlan anycast-gateway enable
 arp collect host enable
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.10.2 255.255.255.0
#
interface 100GE1/0/2.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface LoopBack0
 ip address 5.5.5.5 255.255.255.255
#
interface Nve1
 source 5.5.5.5
 vni 10 head-end peer-list protocol bgp
#
bgp 100 instance evpn1
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack0
 #
 l2vpn-family evpn
  policy vpn-target
  peer 6.6.6.6 enable
  peer 6.6.6.6 advertise irb
#
ospf 1
 area 0.0.0.0
  network 5.5.5.5 0.0.0.0
  network 192.168.10.0 0.0.0.255
#
return

  • Leaf2的配置文件

    #
sysname Leaf2
#
evpn-overlay enable
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.20.2 255.255.255.0
#
interface 100GE1/0/3
 undo portswitch
 ip address 192.168.50.2 255.255.255.0
#
interface LoopBack0
 ip address 6.6.6.6 255.255.255.255
#
bgp 20
 peer 192.168.50.1 as-number 10
 #
 ipv4-family unicast
  network 5.5.5.5 255.255.255.255
  network 6.6.6.6 255.255.255.255
  peer 192.168.50.1 enable
#
bgp 100 instance evpn1
 peer 5.5.5.5 as-number 100
 peer 5.5.5.5 connect-interface LoopBack0
 peer 7.7.7.7 as-number 200
 peer 7.7.7.7 connect-interface LoopBack0
 #
 l2vpn-family evpn
  undo policy vpn-target
  peer 5.5.5.5 enable
  peer 5.5.5.5 advertise irb
  peer 5.5.5.5 next-hop-invariable
  peer 7.7.7.7 enable
  peer 7.7.7.7 advertise irb
  peer 7.7.7.7 next-hop-invariable
#
ospf 1
 import-route bgp
 area 0.0.0.0
  network 6.6.6.6 0.0.0.0
  network 192.168.20.0 0.0.0.255
#
return

  • Spine2的配置文件

    #
sysname Spine2
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.30.1 255.255.255.0
#
interface 100GE1/0/2
 undo portswitch
 ip address 192.168.40.1 255.255.255.0
#
interface LoopBack0
 ip address 4.4.4.4 255.255.255.255
#
ospf 1
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 192.168.30.0 0.0.0.255
  network 192.168.40.0 0.0.0.255
#
return

  • Leaf3的配置文件

    #
sysname Leaf3
#
evpn-overlay enable
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.30.2 255.255.255.0
#
interface 100GE1/0/3
 undo portswitch
 ip address 192.168.60.2 255.255.255.0
#
interface LoopBack0
 ip address 7.7.7.7 255.255.255.255
#
bgp 30
 peer 192.168.60.1 as-number 10
 #
 ipv4-family unicast
  network 7.7.7.7 255.255.255.255
  network 8.8.8.8 255.255.255.255
  peer 192.168.60.1 enable
#
bgp 200 instance evpn1
 peer 6.6.6.6 as-number 100
 peer 6.6.6.6 connect-interface LoopBack0
 peer 8.8.8.8 as-number 200
 peer 8.8.8.8 connect-interface LoopBack0
 #
 l2vpn-family evpn
  undo policy vpn-target
  peer 6.6.6.6 enable
  peer 6.6.6.6 advertise irb
  peer 6.6.6.6 next-hop-invariable
  peer 8.8.8.8 enable
  peer 8.8.8.8 advertise irb
  peer 8.8.8.8 next-hop-invariable
#
ospf 1
 import-route bgp
 area 0.0.0.0
  network 7.7.7.7 0.0.0.0
  network 192.168.30.0 0.0.0.255
#
return

  • Leaf4的配置文件

    #
sysname Leaf4
#
evpn-overlay enable
#
ip vpn-instance vpn1
 ipv4-family
  route-distinguisher 20:4
  vpn-target 100:5010 export-extcommunity evpn
  vpn-target 100:5010 import-extcommunity evpn
 vxlan vni 5010
#
bridge-domain 20
 vxlan vni 20
 #
 evpn
  route-distinguisher 10:4
  vpn-target 100:20 export-extcommunity
  vpn-target 100:5010 export-extcommunity
  vpn-target 100:20 import-extcommunity
#
interface Vbdif20
 ip binding vpn-instance vpn1
 ip address 10.2.1.1 255.255.255.0
 vxlan anycast-gateway enable
 arp collect host enable
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.40.2 255.255.255.0
#
interface 100GE1/0/2.1 mode l2
 encapsulation dot1q vid 20
 bridge-domain 20
#
interface LoopBack0
 ip address 8.8.8.8 255.255.255.255
#
interface Nve1
 source 8.8.8.8
 vni 20 head-end peer-list protocol bgp
#
bgp 200 instance evpn1
 peer 7.7.7.7 as-number 200
 peer 7.7.7.7 connect-interface LoopBack0
 #
 l2vpn-family evpn
  policy vpn-target
  peer 7.7.7.7 enable
  peer 7.7.7.7 advertise irb
#
ospf 1
 area 0.0.0.0
  network 8.8.8.8 0.0.0.0
  network 192.168.40.0 0.0.0.255
#
return

  • Device1的配置文件

    #
sysname Device1
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.50.1 255.255.255.0
#
interface 100GE1/0/2
 undo portswitch
 ip address 192.168.1.1 255.255.255.0
#
interface LoopBack0
 ip address 1.1.1.1 255.255.255.255
#
bgp 10
 peer 192.168.1.2 as-number 10
 peer 192.168.50.2 as-number 20
 #
 ipv4-family unicast
  peer 192.168.1.2 enable
  peer 192.168.1.2 next-hop-local
  peer 192.168.50.2 enable
#
return

  • Device2的配置文件

    #
sysname Device2
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.60.1 255.255.255.0
#
interface 100GE1/0/2
 undo portswitch
 ip address 192.168.1.2 255.255.255.0
#
interface LoopBack0
 ip address 2.2.2.2 255.255.255.255
#
bgp 10
 peer 192.168.1.1 as-number 10
 peer 192.168.60.2 as-number 30
 #
 ipv4-family unicast
  peer 192.168.1.1 enable
  peer 192.168.1.1 next-hop-local
  peer 192.168.60.2 enable
#
return
版权声明:
作者:SE_YT
链接:https://www.cnesa.cn/11134.html
文章版权归作者所有,未经允许请勿转载。
上一篇 外网通过映射后的IP或域名访问端口映射不通
下一篇 文档数据库替换:MongoDB兼容性与国产化适配解决方案