拓撲
一、Ping網關不通
- 首先確認網關有沒有ARP,有不通的話,將pc重啟,或者將物理接口重新undo shutdown。
- PC寫了網關,如果配置沒問題的情況下,能到網關地址,就算不通,正常應該是TIMEOUT超時。如果Ping回應是destination host unreachable不可達,有可能是BUG,說明網關都找不到,重啟PC,或者接入SW。
二、VXLAN隧道建立問題
- EVPN建立不起來,通常Underlay網關能起來,EVPN基本沒問題,有問題檢查Underlay
- EVPN建立起來學習不到IRB路由條目,查看Vbdif下是否開啟arp collect host enable,這個命令作用是收集主機路由信息,EVPN會將這些信息以TYPE 2路由傳遞給對端。
三、CE L3GW學習到路由,跨子網能通,同子網不能通
這個問題我研究了很久,最終是在bd域下加了arp broadcast-suppress enable(ARP廣播抑制)與arp l2-proxy gateway-mac (L2網關代答)功能才能通,因為配置手冊是不用加的,然后我針對加與不加抓包進行對比發現:
- 不加:192.168.1.1Ping192.168.1.2同網段,默認CE1收到BUM報文會找到對應L2 VNI的頭端復制隧道列表,將廣播報文發送到CE2,CE2收到后發現VNI是發給自己的,解封裝把BUM報文發個192.168.1.2,回報同理,后續發包就為單播了,但抓包一直發送是ARP廣播包,DMAC:全FFFF,對面沒回復,不明白是不是BUG。
- 加ARP抑制,L2網關代答,這2條命令缺一不可,少一條都不通。
因為啟用L2網關代答,DMAC是CE1網關的MAC地址,這樣才通的,但我認為不需要也能通。
原因有兩種情況:
- 第一:ARP抑制,代答都不啟用,正常第一個包全FFFF,對端回應單播包,后續有MAC地址表就能正常轉發。
- 第二:僅開啟ARP抑制,第一個包為全FFFF,發送至網關,網關上有type2路由主機信息(MAC/IP/VTEP IP/VNI ID),所以會將廣播轉單播,直接發送到對端VTEP節點上,對端VTEP解封裝找到自己MAC地址打上VLAN ID送到主機上了。
配置信息:
sysname CE1
#
device board 17 board-type CE-MPUB
device board 1 board-type CE-LPUE
#
evpn-overlay enable
#
ip vpn-instance a
ipv4-family
route-distinguisher 1:1
vpn-target 11:1 export-extcommunity evpn
vpn-target 11:1 import-extcommunity evpn
vxlan vni 10
#
bridge-domain 2
vxlan vni 2
evpn
route-distinguisher 1:1
vpn-target 10:1 export-extcommunity
vpn-target 11:1 export-extcommunity
vpn-target 10:1 import-extcommunity
arp broadcast-suppress enable
#
aaa
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
interface Vbdif2
ip binding vpn-instance a
ip address 192.168.1.254 255.255.255.0
arp distribute-gateway enable
arp collect host enable
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
#
interface GE1/0/0.2 mode l2
encapsulation dot1q vid 2
bridge-domain 2
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 12.1.1.1 255.255.255.0
#
interface GE1/0/2
shutdown
#
interface GE1/0/3
shutdown
#
interface GE1/0/4
shutdown
#
interface GE1/0/5
shutdown
#
interface GE1/0/6
shutdown
#
interface GE1/0/7
shutdown
#
interface GE1/0/8
shutdown
#
interface GE1/0/9
shutdown
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Nve1
source 1.1.1.1
vni 2 head-end peer-list protocol bgp
#
interface NULL0
#
bgp 100
peer 2.2.2.2 as-number 100
peer 2.2.2.2 connect-interface LoopBack0
peer 12.1.1.2 as-number 100
#
ipv4-family unicast
.NETwork 1.1.1.1 255.255.255.255
peer 2.2.2.2 enable
peer 12.1.1.2 enable
#
l2vpn-family evpn
policy vpn-target
peer 2.2.2.2 enable
peer 2.2.2.2 advertise irb
sysname CE2
#
device board 17 board-type CE-MPUB
device board 1 board-type CE-LPUE
#
evpn-overlay enable
#
evpn
#
ip vpn-instance b
ipv4-family
route-distinguisher 2:2
vpn-target 11:1 export-extcommunity evpn
vpn-target 11:1 import-extcommunity evpn
vxlan vni 10
#
bridge-domain 2
vxlan vni 2
evpn
route-distinguisher 2:3
vpn-target 10:1 export-extcommunity
vpn-target 11:1 export-extcommunity
vpn-target 10:1 import-extcommunity
#
bridge-domain 3
vxlan vni 3
evpn
route-distinguisher 2:2
vpn-target 20:1 export-extcommunity
vpn-target 11:1 export-extcommunity
vpn-target 20:1 import-extcommunity
#
aaa
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
interface Vbdif2
ip binding vpn-instance b
ip address 192.168.1.254 255.255.255.0
arp distribute-gateway enable
arp collect host enable
#
interface Vbdif3
ip binding vpn-instance b
ip address 192.168.2.254 255.255.255.0
arp distribute-gateway enable
arp collect host enable
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
#
interface GE1/0/0.2 mode l2
encapsulation dot1q vid 2
bridge-domain 2
#
interface GE1/0/0.3 mode l2
encapsulation dot1q vid 3
bridge-domain 3
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 12.1.1.2 255.255.255.0
#
interface GE1/0/2
shutdown
#
interface GE1/0/3
shutdown
#
interface GE1/0/4
shutdown
#
interface GE1/0/5
shutdown
#
interface GE1/0/6
shutdown
#
interface GE1/0/7
shutdown
#
interface GE1/0/8
shutdown
#
interface GE1/0/9
shutdown
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Nve1
source 2.2.2.2
vni 2 head-end peer-list protocol bgp
vni 3 head-end peer-list protocol bgp
#
interface NULL0
#
bgp 100
peer 1.1.1.1 as-number 100
peer 1.1.1.1 connect-interface LoopBack0
peer 12.1.1.1 as-number 100
#
ipv4-family unicast
network 2.2.2.2 255.255.255.255
peer 1.1.1.1 enable
peer 12.1.1.1 enable
#
l2vpn-family evpn
policy vpn-target
peer 1.1.1.1 enable
peer 1.1.1.1 advertise irb
#
ssh authorization-type default aaa
#
ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc
#
ssh server dh-exchange min-len 1024
#
ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_cbc aes128_cbc 3des_cbc
#
user-interface con 0
查看信息:
[~CE1-bd2]dis ip rou vpn a
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : a
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.1.0/24 Direct 0 0 D 192.168.1.254 Vbdif2
192.168.1.2/32 IBGP 255 0 RD 2.2.2.2 VXLAN
192.168.1.254/32 Direct 0 0 D 127.0.0.1 Vbdif2
192.168.1.255/32 Direct 0 0 D 127.0.0.1 Vbdif2
192.168.2.1/32 IBGP 255 0 RD 2.2.2.2 VXLAN
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[~CE1-bd2]dis bgp evpn al rou ma
Local AS number : 100
BGP Local router ID is 12.1.1.1
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Mac Routes: 6
Route Distinguisher: 1:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98fd-0378:32:192.168.1.1 0.0.0.0
*> 0:48:707b-e8ad-235d:0:0.0.0.0 0.0.0.0
Route Distinguisher: 2:2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98bc-1b5e:32:192.168.2.1 2.2.2.2
*>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2
Route Distinguisher: 2:3
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2
*>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2
EVPN-Instance 2:
Number of Mac Routes: 4
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2
*> 0:48:5489-98fd-0378:32:192.168.1.1 0.0.0.0
*>i 0:48:707b-e837-2581:0:0.0.0.0 2.2.2.2
*> 0:48:707b-e8ad-235d:0:0.0.0.0 0.0.0.0
EVPN-Instance __RD_1_1_1__:
Number of Mac Routes: 2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98bc-1b5e:32:192.168.2.1 2.2.2.2
*>i 0:48:5489-98c4-6f7b:32:192.168.1.2 2.2.2.2
[~CE1-bd2] dis vx pe
Number of peers : 1
Vni ID Source Destination Type Out Vni ID
-------------------------------------------------------------------------------
2 1.1.1.1 2.2.2.2 dynamic 2
[~CE1-bd2]dis vx tun
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 1.1.1.1 2.2.2.2 up dynamic 00:34:16
[~CE1-bd2]dis vx vn
Number of vxlan vni : 1
VNI BD-ID State
---------------------------------------
2 2 up
[~CE1-bd2]
[~CE2]dis bgp evpn al routing-table mac-route
Local AS number : 100
BGP Local router ID is 12.1.1.2
Status codes: * - valid, > - best, d - damped, x - best external, a - add path,
h - history, i - internal, s - suppressed, S - Stale
Origin : i - IGP, e - EGP, ? - incomplete
EVPN address family:
Number of Mac Routes: 6
Route Distinguisher: 1:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1
*>i 0:48:707b-e8ad-235d:0:0.0.0.0 1.1.1.1
Route Distinguisher: 2:2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98bc-1b5e:32:192.168.2.1 0.0.0.0
*> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0
Route Distinguisher: 2:3
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98c4-6f7b:32:192.168.1.2 0.0.0.0
*> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0
EVPN-Instance 2:
Number of Mac Routes: 4
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98c4-6f7b:32:192.168.1.2 0.0.0.0
*>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1
*> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0
*>i 0:48:707b-e8ad-235d:0:0.0.0.0 1.1.1.1
EVPN-Instance 3:
Number of Mac Routes: 2
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:5489-98bc-1b5e:32:192.168.2.1 0.0.0.0
*> 0:48:707b-e837-2581:0:0.0.0.0 0.0.0.0
EVPN-Instance __RD_1_2_2__:
Number of Mac Routes: 1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:5489-98fd-0378:32:192.168.1.1 1.1.1.1
[~CE2]dis vx pe
Number of peers : 1
Vni ID Source Destination Type Out Vni ID
-------------------------------------------------------------------------------
2 2.2.2.2 1.1.1.1 dynamic 2
[~CE2]dis vx tu
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 2.2.2.2 1.1.1.1 up dynamic 00:34:52
[~CE2]
