华为CE交换机-配置Segment VXLAN实现二层互通(映射VNI模式)

2026年 4月 16日 中间件 SE_YT

配置Segment VXLAN实现二层互通(映射VNI模式)

组网需求

图1所示,在数据中心A和数据中心B内部分别配置BGP EVPN方式建立VXLAN隧道,通过在Leaf2和Leaf3之间配置BGP EVPN方式建立VXLAN隧道。当VM1和VM2之间需要通信时,需要实现数据中心A和数据中心B之间的二层互通。本例中,数据中心A内部的VXLAN隧道采用的VNI是10,数据中心B内部的VXLAN隧道采用的VNI是20,此时,在Leaf2和Leaf3上配置到达对端的VXLAN隧道时,需要配置Segment VXLAN功能进行VNI的转换。

图1 配置Segment VXLAN实现二层互通组网图

华为CE交换机-配置Segment VXLAN实现二层互通(映射VNI模式)

本例中interface1、interface2分别代表100GE1/0/1、100GE1/0/2。

华为CE交换机-配置Segment VXLAN实现二层互通(映射VNI模式)

表1 接口的IP地址

设备

接口

IP地址

设备

接口

IP地址

Spine1

100GE1/0/1

192.168.10.1/24

Spine2

100GE1/0/1

192.168.30.1/24

100GE1/0/2

192.168.20.1/24

100GE1/0/2

192.168.40.1/24

Leaf1

100GE1/0/1

192.168.10.2/24

Leaf4

100GE1/0/1

192.168.40.2/24

100GE1/0/2

-

100GE1/0/2

-

LoopBack1

1.1.1.1/32

LoopBack1

4.4.4.4/32

Leaf2

100GE1/0/1

192.168.20.2/24

Leaf3

100GE1/0/1

192.168.30.2/24

100GE1/0/2

192.168.50.1/24

100GE1/0/2

192.168.50.2/24

LoopBack1

2.2.2.2/32

LoopBack1

3.3.3.3/32

配置思路

采用如下的思路配置Segment VXLAN实现二层互通(VNI映射模式):

  1. 配置各节点IP地址。

  2. 配置路由协议实现各节点之间的互通。

  3. 在数据中心A和数据中心B内配置BGP EVPN方式建立VXLAN隧道。

  4. 在Leaf2和Leaf3上配置EBGP EVPN方式建立数据中心之间的VXLAN隧道。

  5. 在Leaf2和Leaf3上配置Segment VXLAN。

操作步骤

  1. 配置各设备接口IP地址 

    图1分别配置所有设备上的接口IP地址。

     

  2. 配置路由协议 

    在数据中心内配置IGP,本示例使用OSPF。在数据中心间配置EBGP。详细配置方法请参考配置脚本。

     

  3. 数据中心A和数据中心B内配置BGP EVPN方式建立VXLAN隧道
    1. 在Leaf1和Leaf4上配置业务接入点 

      # 配置Leaf1。Leaf4的配置与Leaf1类似,这里不再赘述。

      <Leaf1> system-view
[~Leaf1] bridge-domain 10
[*Leaf1-bd10] quit
[*Leaf1] interface 100ge 1/0/2.1 mode l2
[*Leaf1-100GE1/0/2.1] encapsulation dot1q vid 10
[*Leaf1-100GE1/0/2.1] bridge-domain 10
[*Leaf1-100GE1/0/2.1] quit
[*Leaf1] commit

       

    2. 在各Leaf上使能EVPN作VXLAN控制平面功能 

      # 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似,这里不再赘述。

      [~Leaf1] evpn-overlay enable
[*Leaf1] commit

       

    3. 在数据中心A的Leaf1和Leaf2之间、数据中心B的Leaf3和Leaf4之间配置BGP EVPN对等体关系 

      # 在Leaf1上配置BGP EVPN对等体关系。Leaf2、Leaf3、Leaf4的配置与Leaf1类似,这里不再赘述。

      [~Leaf1] bgp 100 instance evpn1
[*Leaf1-bgp-instance-evpn1] peer 2.2.2.2 as-number 100
[*Leaf1-bgp-instance-evpn1] peer 2.2.2.2 connect-interface LoopBack1
[*Leaf1-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf1-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf1-bgp-instance-evpn1-af-evpn] quit
[*Leaf1-bgp-instance-evpn1] quit
[*Leaf1] commit

       

    4. 在Leaf1和Leaf4上配置EVPN实例 

      # 配置Leaf1。Leaf4的配置与Leaf1类似,这里不再赘述。

      [~Leaf1] bridge-domain 10
[~Leaf1-bd10] vxlan vni 10
[*Leaf1-bd10] evpn
[*Leaf1-bd10-evpn] route-distinguisher 10:1
[*Leaf1-bd10-evpn] vpn-target 300:30
[*Leaf1-bd10-evpn] quit
[*Leaf1-bd10] quit
[*Leaf1] commit

       

    5. 在各Leaf上使能头端复制功能 

      # 配置Leaf1。Leaf2、Leaf3、Leaf4的配置与Leaf1类似,这里不再赘述。

      [~Leaf1] interface nve 1
[*Leaf1-Nve1] source 1.1.1.1
[*Leaf1-Nve1] vni 10 head-end peer-list protocol bgp
[*Leaf1-Nve1] quit
[*Leaf1] commit

       

  4. 在Leaf2和Leaf3之间配置EBGP EVPN对等体关系 

    # 配置Leaf2。

    [~Leaf2] bgp 100 instance evpn1
[*Leaf2-bgp-instance-evpn1] peer 3.3.3.3 as-number 200
[*Leaf2-bgp-instance-evpn1] peer 3.3.3.3 connect-interface LoopBack1
[*Leaf2-bgp-instance-evpn1] peer 3.3.3.3 ebgp-max-hop 255
[*Leaf2-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf2-bgp-instance-evpn1-af-evpn] quit
[*Leaf2-bgp-instance-evpn1] quit
[*Leaf2] commit

    # 配置Leaf3。

    [~Leaf3] bgp 200 instance evpn1
[*Leaf3-bgp-instance-evpn1] peer 2.2.2.2 as-number 100
[*Leaf3-bgp-instance-evpn1] peer 2.2.2.2 connect-interface LoopBack1
[*Leaf3-bgp-instance-evpn1] peer 2.2.2.2 ebgp-max-hop 255
[*Leaf3-bgp-instance-evpn1] l2vpn-family evpn
[*Leaf3-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 enable
Warning: This operation will reset the peer session. Continue? [Y/N]: y
[*Leaf3-bgp-instance-evpn1-af-evpn] quit
[*Leaf3-bgp-instance-evpn1] quit
[*Leaf3] commit

     

  5. 在Leaf2和Leaf3上配置Segment VXLAN功能
    1. 配置BGP EVPN对等体所属的水平分割组 

      # 配置Leaf2。

      [~Leaf2] evpn
[*Leaf2-evpn] irb-reoriginated without-split-group disable
[*Leaf2-evpn] l3-reoriginate different-split-group
[*Leaf2-evpn] mac-duplication
[*Leaf2-evpn-mac-dup] quit
[*Leaf2-evpn] quit
[*Leaf2] bgp 100 instance evpn1
[~Leaf2-bgp-instance-evpn1] l2vpn-family evpn
[~Leaf2-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 split-group sg1
[*Leaf2-bgp-instance-evpn1-af-evpn] commit

      # 配置Leaf3。

      [~Leaf3] evpn
[*Leaf3-evpn] irb-reoriginated without-split-group disable
[*Leaf3-evpn] l3-reoriginate different-split-group
[*Leaf3-evpn] mac-duplication
[*Leaf3-evpn-mac-dup] quit
[*Leaf3-evpn] quit
[*Leaf3] bgp 200 instance evpn1
[~Leaf3-bgp-instance-evpn1] l2vpn-family evpn
[~Leaf3-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 split-group sg1
[*Leaf3-bgp-instance-evpn1-af-evpn] commit

       

    2. 配置EVPN路由中的MAC路由的重生成功能 

      # 配置Leaf2。

      [~Leaf2-bgp-instance-evpn1-af-evpn] peer 1.1.1.1 import reoriginate
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 1.1.1.1 advertise route-reoriginated evpn mac
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 import reoriginate
[*Leaf2-bgp-instance-evpn1-af-evpn] peer 3.3.3.3 advertise route-reoriginated evpn mac
[*Leaf2-bgp-instance-evpn1-af-evpn] quit
[*Leaf2-bgp-instance-evpn1] quit
[*Leaf2] commit

      # 配置Leaf3。

      [~Leaf3-bgp-instance-evpn1-af-evpn] peer 4.4.4.4 import reoriginate
[*Leaf3-bgp-instance-evpn1-af-evpn] peer 4.4.4.4 advertise route-reoriginated evpn mac
[*Leaf3-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 import reoriginate
[*Leaf3-bgp-instance-evpn1-af-evpn] peer 2.2.2.2 advertise route-reoriginated evpn mac
[*Leaf3-bgp-instance-evpn1-af-evpn] quit
[*Leaf3-bgp-instance-evpn1] quit
[*Leaf3] commit

       

    3. 配置关联BD的映射VNI,并指定该映射VNI所属的水平分割组 

      # 配置Leaf2。

      [~Leaf2] bridge-domain 10
[~Leaf2-bd10] vxlan vni 30 split-group sg1
[*Leaf2-bd10] quit
[*Leaf2] commit

      # 配置Leaf3。

      [~Leaf3] bridge-domain 10
[~Leaf3-bd10] vxlan vni 30 split-group sg1
[*Leaf3-bd10] quit
[*Leaf3] commit

       

  6. 在Leaf2和Leaf3上配置EVPN实例 

    # 配置Leaf2。

    [~Leaf2] bridge-domain 10
[~Leaf2-bd10] vxlan vni 10
[*Leaf2-bd10] evpn
[*Leaf2-bd10-evpn] route-distinguisher 10:2
[*Leaf2-bd10-evpn] vpn-target 300:30
[*Leaf2-bd10-evpn] quit
[*Leaf2-bd10] quit
[*Leaf2] commit

    # 配置Leaf3。

    [~Leaf3] bridge-domain 10
[~Leaf3-bd10] vxlan vni 20
[*Leaf3-bd10] evpn
[*Leaf3-bd10-evpn] route-distinguisher 10:3
[*Leaf3-bd10-evpn] vpn-target 300:30
[*Leaf3-bd10-evpn] quit
[*Leaf3-bd10] quit
[*Leaf3] commit

     

  7. 在Leaf2和Leaf3上配置映射VNI的头端复制功能 

    # 配置Leaf2。

    [~Leaf2] interface nve 1
[*Leaf2-Nve1] vni 30 head-end peer-list protocol bgp
[*Leaf2-Nve1] quit
[*Leaf2] commit

    # 配置Leaf3。

    [~Leaf3] interface nve 1
[*Leaf3-Nve1] vni 30 head-end peer-list protocol bgp
[*Leaf3-Nve1] quit
[*Leaf3] commit

     

检查配置结果

上述配置成功后,在Leaf上执行display vxlan tunnel命令可查看到VXLAN隧道的信息;执行display vxlan peer命令可查看到VXLAN的邻居信息。以Leaf2显示为例。

[~Leaf2] display vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID   Source                Destination           State  Type     Uptime
-----------------------------------------------------------------------------------
4026531924  2.2.2.2               1.1.1.1               up     dynamic  00:39:19
4026531925  2.2.2.2               3.3.3.3               up     dynamic  00:39:09
[~Leaf2] display vxlan peer
Number of peers : 2
Vni ID    Source                  Destination            Type      Out Vni ID    Creation Mode
----------------------------------------------------------------------------------------------
10        2.2.2.2                 1.1.1.1                dynamic   10            implicit
30        2.2.2.2                 3.3.3.3                dynamic   30            implicit

配置完成后,VM1和VM2之间可以二层互通。

配置脚本

  • Spine1的配置文件

    #
sysname Spine1
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.10.1 255.255.255.0
#
interface 100GE1/0/2
 undo portswitch
 ip address 192.168.20.1 255.255.255.0
#
ospf 1
 area 0.0.0.0
  network 192.168.10.0 0.0.0.255
  network 192.168.20.0 0.0.0.255
#
return

  • Leaf1的配置文件

    #
sysname Leaf1
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 10
 #
 evpn
  route-distinguisher 10:1
  vpn-target 300:30 export-extcommunity
  vpn-target 300:30 import-extcommunity
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.10.2 255.255.255.0
#
interface 100GE1/0/2.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface LoopBack1
 ip address 1.1.1.1 255.255.255.255
#
interface Nve1
 source 1.1.1.1
 vni 10 head-end peer-list protocol bgp
#
bgp 100 instance evpn1
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 connect-interface LoopBack1
 #
 l2vpn-family evpn
  policy vpn-target
  peer 2.2.2.2 enable
#
ospf 1
 area 0.0.0.0
  network 1.1.1.1 0.0.0.0
  network 192.168.10.0 0.0.0.255
#
return

  • Leaf2的配置文件

    #
sysname Leaf2
#                                                                                                                                   
evpn                                                                                                                                
 irb-reoriginated without-split-group disable 
 l3-reoriginate different-split-group 
 mac-duplication
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 10
 vxlan vni 30 split-group sg1
 #
 evpn
  route-distinguisher 10:2
  vpn-target 300:30 export-extcommunity
  vpn-target 300:30 import-extcommunity
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.20.2 255.255.255.0
#
interface 100GE1/0/2
 undo portswitch
 ip address 192.168.50.1 255.255.255.0
#
interface LoopBack1
 ip address 2.2.2.2 255.255.255.255
#
interface Nve1
 source 2.2.2.2
 vni 10 head-end peer-list protocol bgp
 vni 30 head-end peer-list protocol bgp
#
bgp 10
 peer 192.168.50.2 as-number 20
 #
 ipv4-family unicast
  network 2.2.2.2 255.255.255.255
  peer 192.168.50.2 enable
#
bgp 100 instance evpn1
 peer 1.1.1.1 as-number 100
 peer 1.1.1.1 connect-interface LoopBack1
 peer 3.3.3.3 as-number 200
 peer 3.3.3.3 ebgp-max-hop 255
 peer 3.3.3.3 connect-interface LoopBack1
 #
 l2vpn-family evpn
  policy vpn-target
  peer 1.1.1.1 enable
  peer 1.1.1.1 import reoriginate
  peer 1.1.1.1 advertise route-reoriginated evpn mac
  peer 3.3.3.3 enable
  peer 3.3.3.3 split-group sg1
  peer 3.3.3.3 import reoriginate
  peer 3.3.3.3 advertise route-reoriginated evpn mac
#
ospf 1
 area 0.0.0.0
  network 2.2.2.2 0.0.0.0
  network 192.168.20.0 0.0.0.255
#
return

  • Spine2的配置文件

    #
sysname Spine2
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.30.1 255.255.255.0
#
interface 100GE1/0/2
 undo portswitch
 ip address 192.168.40.1 255.255.255.0
#
ospf 1
 area 0.0.0.0
  network 192.168.30.0 0.0.0.255
  network 192.168.40.0 0.0.0.255
#
return

  • Leaf3的配置文件

    #
sysname Leaf3
#                                                                                                                                   
evpn                                                                                                                                
 irb-reoriginated without-split-group disable 
 l3-reoriginate different-split-group 
 mac-duplication
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 20
 vxlan vni 30 split-group sg1
 #
 evpn
  route-distinguisher 10:3
  vpn-target 300:30 export-extcommunity
  vpn-target 300:30 import-extcommunity
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.30.2 255.255.255.0
#
interface 100GE1/0/2
 undo portswitch
 ip address 192.168.50.2 255.255.255.0
#
interface LoopBack1
 ip address 3.3.3.3 255.255.255.255
#
interface Nve1
 source 3.3.3.3
 vni 20 head-end peer-list protocol bgp
 vni 30 head-end peer-list protocol bgp
#
bgp 20
 peer 192.168.50.1 as-number 10
 #
 ipv4-family unicast
  network 3.3.3.3 255.255.255.255
  peer 192.168.50.1 enable
#
bgp 200 instance evpn1
 peer 2.2.2.2 as-number 100
 peer 2.2.2.2 ebgp-max-hop 255
 peer 2.2.2.2 connect-interface LoopBack1
 peer 4.4.4.4 as-number 200
 peer 4.4.4.4 connect-interface LoopBack1
 #
 l2vpn-family evpn
  policy vpn-target
  peer 2.2.2.2 enable
  peer 2.2.2.2 split-group sg1
  peer 2.2.2.2 import reoriginate
  peer 2.2.2.2 advertise route-reoriginated evpn mac
  peer 4.4.4.4 enable
  peer 4.4.4.4 import reoriginate
  peer 4.4.4.4 advertise route-reoriginated evpn mac
#
ospf 1
 area 0.0.0.0
  network 3.3.3.3 0.0.0.0
  network 192.168.30.0 0.0.0.255
#
return

  • Leaf4的配置文件

    #
sysname Leaf4
#
evpn-overlay enable
#
bridge-domain 10
 vxlan vni 20
 #
 evpn
  route-distinguisher 10:4
  vpn-target 300:30 export-extcommunity
  vpn-target 300:30 import-extcommunity
#
interface 100GE1/0/1
 undo portswitch
 ip address 192.168.40.2 255.255.255.0
#
interface 100GE1/0/2.1 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10
#
interface LoopBack1
 ip address 4.4.4.4 255.255.255.255
#
interface Nve1
 source 4.4.4.4
 vni 20 head-end peer-list protocol bgp
#
bgp 200 instance evpn1
 peer 3.3.3.3 as-number 200
 peer 3.3.3.3 connect-interface LoopBack1
 #
 l2vpn-family evpn
  policy vpn-target
  peer 3.3.3.3 enable
#
ospf 1
 area 0.0.0.0
  network 4.4.4.4 0.0.0.0
  network 192.168.40.0 0.0.0.255
#
return
版权声明:
作者:SE_YT
链接:https://www.cnesa.cn/11138.html
文章版权归作者所有,未经允许请勿转载。
上一篇 案例1 RSR20X-28路由器IPSEC VPN偶发业务不通,1小时后恢复
下一篇 在Apache服务器上配置虚拟主机