HCL平台实现基于BGP EVPN的VXLAN分布式（M-lag） 二层互访

环境

window10 22H2
HCL V5.10.3（开启win7兼容模式）
参考视频： B站UP主：大十字不理人

拓扑

本文参考B站视频思路，实现BGP EVPN Vxlan分布式+M-LAG 二层通信，底层IGP使用OSPF。

配置

1 基础IP配置以及IGP配置（略）

OSPF中宣告各设备的链路地址以及回环接口即可。

2 M-LAG配置

Leaf_1-1 与Leaf_1-2直接链路为G1/0/5 To g1/0/8,其中：5、6口用于keepalive链路，7、8口用于peer-link。

2.1 Leaf_1-1

#vlan 10 20#ip vpn-instance keepalive//建立vpn实例，后续给keepalive链路使用(g1/0/5 t g 1/0/6) quit#interface Bridge-Aggregation 1//创建peer-link链路(g1/0/7 t g 1/0/8) quit#interface range g1/0/7 g1/0/8 port link-aggregation group 1 quit#interface Bridge-Aggregation 1 port m-lag peer-link 1 link-aggregation mode dynamic undo port trunk peermit vlan 1 quit#interface Bridge-Aggregation 2//创建下联聚合口(g1/0/3) quit#interface g 1/0/3 port link-aggregation group 2 quit#interface Bridge-Aggregation 2 port m-lag group 2 link-aggregation mode dynamic port link-type trunk port trunk peermit vlan 10 20 undo port trunk peermit vlan 1 quit#interface ragg 1 //创建keepalive链路 quit#interface range g1/0/5 g1/0/6 port link-mode route port link-aggregation group 1 quit#interface ragg 1 ip binding vpn-instance keepalive ip address 10.10.10.1 30 link-aggregation mode dynamic quit# m-lag mad exclude interface Route-Aggregation 1# 排除keepalive聚合口 m-lag restore-delay 120# 两边一致 m-lag system-mac 0001-0001-0001 # 两边一致 m-lag system-number 1 # 两边不一致 m-lag system-priority 123# 两边一致 m-lag consistency-check disable# 禁用M-LAG的一致性检查,实验中如果不敲下联链路会自行Dowon m-lag consistency-check mode loose # 将M-LAG一致性检查设置为宽松模式 m-lag standalone enable delay 30 m-lag keepalive ip destination 10.10.10.2 source 10.10.10.1 vpn-instance keepalive#

2.2 Leaf_1-2

Leaf_1-2的聚合口配置与Leaf_1-1的一致，此处不再赘述，Leaf_1-2的m-lag配置如下：

#interface Route-Aggregation1 ip binding vpn-instance keepalive ip address 10.10.10.2 255.255.255.252 link-aggregation mode dynamic# m-lag mad exclude interface Route-Aggregation1 m-lag restore-delay 120 m-lag system-mac 0001-0001-0001 m-lag system-number 2 m-lag system-priority 123 m-lag consistency-check disable m-lag consistency-check mode loose m-lag standalone enable delay 30 m-lag keepalive ip destination 10.10.10.1 source 10.10.10.2 vpn-instance keepalive#

2.3 SW1

vlan 10#vlan 20interface Bridge-Aggregation 2 quit#interface g 1/0/7 to g 1/0/8 port link-aggregation group 2 quit#interface Bridge-Aggregation 2 link-aggregation mode dynamic port link-type trunk port trunk peermit vlan 10 20 undo port trunk peermit vlan 1 quit#

2.4 M-LAG验证

至此，M-LAG配置结束。

3 建立VXLAN隧道

3.1 配置VSI（类似华为的BD）

3.1.1 Leaf_1-1

#l2vpn enable# 使能l2vpnvxlan tunnel arp-learning disablevxlan tunnel mac-learning disable#vsi 10 vxlan 10# 二层VNI evpn encapsulation vxlan#evpn 封装类型为vxlan route-distinguisher 10:10 vpn-target 10:10 export-extcommunity vpn-target 10:10 import-extcommunity#vsi 20 vxlan 20 evpn encapsulation vxlan route-distinguisher 20:20 vpn-target 20:20 export-extcommunity vpn-target 20:20 import-extcommunity#interface Bridge-Aggregation2# 由于下联接口做了聚合，所以VTEP的几口需要在聚合口里面配置 vtep access port# 接入端口 service-instance 10# 允许vlan10通过，对应vsi 10 encapsulation s-vid 10 xconnect vsi 10 service-instance 20# # 允许vlan20通过，对应vsi 20 encapsulation s-vid 20 xconnect vsi 20#bgp 100 timer keepalive 3 hold 9 timer connect-retry 3 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack0 # address-family l2vpn evpn # 与Spine1,2建立bgp l2vpn evpn 对等体关系 peer 3.3.3.3 enable peer 4.4.4.4 enable#interface loopback 0# 用于evpn m-lag group地址， ip add 1.2.3.4 32#evpn m-lag group 1.2.3.4# 在建立vxlan隧道时，使用该地址作为vtep地址与对端建隧道,该地址也需要宣告到ospf中

Leaf_1-2的配置与Leaf_1-1的一致，此处不再赘述。

3.1.2 Leaf_2

l2vpn enable# 使能l2vpnvxlan tunnel arp-learning disablevxlan tunnel mac-learning disable#vsi 10 vxlan 10 evpn encapsulation vxlan route-distinguisher 10:10 vpn-target 10:10 export-extcommunity vpn-target 10:10 import-extcommunity#vsi 20 vxlan 20 evpn encapsulation vxlan route-distinguisher 20:20 vpn-target 20:20 export-extcommunity vpn-target 20:20 import-extcommunity#interface GigabitEthernet1/0/3 vtep access port # service-instance 10 encapsulation s-vid 10 xconnect vsi 10 # service-instance 20 encapsulation s-vid 20 xconnect vsi 20#bgp 100 timer keepalive 3 hold 9 timer connect-retry 3 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack0 peer 4.4.4.4 as-number 100 peer 4.4.4.4 connect-interface LoopBack0 # address-family l2vpn evpn peer 3.3.3.3 enable peer 4.4.4.4 enable#

3.2 配置Spine(RR)

Spine1

bgp 100 timer keepalive 3 hold 9 timer connect-retry 3 peer 5.5.5.5 as-number 100 peer 5.5.5.5 connect-interface LoopBack0 peer 6.6.6.6 as-number 100 peer 6.6.6.6 connect-interface LoopBack0 peer 15.15.15.15 as-number 100 peer 15.15.15.15 connect-interface LoopBack0 # address-family l2vpn evpn undo policy vpn-target peer 5.5.5.5 enable peer 5.5.5.5 reflect-client peer 6.6.6.6 enable peer 6.6.6.6 reflect-client peer 15.15.15.15 enable peer 15.15.15.15 reflect-client#

Spine2的配置与Spine1一致，此处不再赘述。

3.3 VXLAN隧道建立验证

3.3.1 Leaf_1-1

3.3.2 Leaf_1-2

3.3.3 Leaf_2

至此，VXLAN隧道通过BGP EVPN成功建立。

4 二层互访测试

4.1 PC_1

4.2 PC_2

至此，本案例结束，后续会基于该拓扑场景进一步实现VXLAN跨子网通信。