在Cisco Nexus 9000交换机上的VXLAN BGP EVPN中配置系统内基础设施vlan

下载选项

PDF (1.2 MB)
在各种设备上使用 Adobe Reader 查看
ePub (1.0 MB)
在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上使用各种应用查看
Mobi (Kindle) (537.1 KB)
在 Kindle 设备上查看或在多个设备上使用 Kindle 应用查看

已更新: 2020 年 4 月 29 日

文档 ID:214624

非歧视性语言

此产品的文档集力求使用非歧视性语言。在本文档集中，非歧视性语言是指不隐含针对年龄、残障、性别、种族身份、族群身份、性取向、社会经济地位和交叉性的歧视的语言。由于产品软件的用户界面中使用的硬编码语言、基于 RFP 文档使用的语言或引用的第三方产品使用的语言，文档中可能无法确保完全使用非歧视性语言。深入了解思科如何使用包容性语言。

关于此翻译

思科采用人工翻译与机器翻译相结合的方式将此文档翻译成不同语言，希望全球的用户都能通过各自的语言得到支持性的内容。请注意：即使是最好的机器翻译，其准确度也不及专业翻译人员的水平。 Cisco Systems, Inc. 对于翻译的准确性不承担任何责任，并建议您总是参考英文原始文档（已提供链接）。

简介

本文档介绍基于运行NX-OS操作系统的Cisco Nexus 9000交换机的虚拟可扩展局域网边界网关协议以太网VPN(VXLAN BGP EVPN)交换矩阵中system nve infra-vlans命令的用途。

当Nexus 9000交换机在虚拟端口通道(vPC)域中配置为VXLAN枝叶交换机(也称为VXLAN隧道终端(VTEP))时，必须使用接口VLAN在vPC对等链路上在它们之间具有备份第3层路由邻接关系。此VLAN必须是交换机的本地VLAN，而不是延伸到VXLAN交换矩阵，并且属于默认VRF（全局路由表）。

确保系统nve infra-vlans命令在Nexus 9000平台上（如以EX、FX和FX2结尾的Nexus 9300交换机）上就位，以指定VLAN可以用作上行链路，并通过vXLAN封装正确转发帧PC对等链路。

注意：本文档不适用于在以应用为中心的基础设施(ACI)模式下运行并由思科应用策略基础设施控制器(APIC)管理的Cisco Nexus 9000交换机。

先决条件

要求

Cisco 建议您了解以下主题：

Nexus NX-OS软件
VXLAN BGP EVPN

使用的组件

本文档中的信息基于以下软件和硬件版本：

思科N9K-C93180YC-EX
NXOS版本7.0(3)I7(6)

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始（默认）配置。如果您的网络处于活动状态，请确保您了解所有命令的潜在影响。

注意：本文档可互换使用术语“枝叶交换机”、“VTEP”和“ToR”。

使用案例

下一个使用案例显示何时需要配置system nve infra-vlans命令。在所有这些命令中，分配的VLAN 777需要定义为system nve infra-vlans命令的一部分，并用于实例化vPC对等链路上的第3层路由备份邻接。此VLAN 777需要成为默认VRF（全局路由表）的一部分。

注意：这些使用案例描述了直接连接到Cisco Nexus 9000 VXLAN枝叶或边界枝叶交换机的终端主机或路由器的常见场景。同样，如果第2层交换机或网桥位于Nexus 9000枝叶交换机和终端主机或路由器之间，这些使用案例也适用。

vPC中枝叶交换机上的孤立端口

此使用案例描述了连接到vPC域中单个Cisco Nexus 9000 VXLAN枝叶交换机部分的交换矩阵（主机A）内的终端主机。这称为孤立端口连接。作为路由的一部分，连接到交换矩阵中任何其他枝叶交换机的终端主机生成的流量在底层中同时流向vPC中的两个枝叶交换机（交换机枝叶A和交换机枝叶B）所拥有的NVE任播IP地址(10.12.12)。这是为了利用所有枝叶到主干上行链路，同时使用等价多路径(ECMP)路由。在此场景中，在通过主干后，发往主机A的VXLAN帧可能会散列到没有直接连接到主机A的枝叶B。流量通过vPC对等链路时，系统需要使用infra-vlan和备用路由。

vPC中枝叶交换机上的上行链路故障

在此使用案例中，交换矩阵内的终端主机（主机A）双宿主到vPC域中的两个Cisco Nexus 9000 VXLAN枝叶交换机。但是，如果vPC中任何枝叶交换机上的所有上行链路都发生故障，而该枝叶交换机可以将其与主干交换机完全隔离，则需要系统内的infra-vlan和备份路由来使流量通过vPC对等链路，该链路现在是通向主干的唯一可能路径。例如，该图显示主机A的流量将其帧散列到隔离交换机枝叶A。该帧现在必须经过vPC对等链路。

vPC中的边界枝叶交换机

边界枝叶交换机可以在vPC中，通过与外部路由器交换网络前缀来从VXLAN交换矩阵提供连接。

这种与外部路由器的连接抽象地看作与WAN的连接。

如果链路发生故障，连接到WAN的边界枝叶交换机可能最终成为单宿主。在这种情况下，流量通过vPC对等链路需要系统内部基础设施vlan和备用路由，如下图所示。

注意：对于下一个示例，除全局路由表中的VLAN外，租户 — VRF中必须有VLAN部分，该部分使用静态路由或路由协议在vPC对等链路上的边界枝叶交换机之间交换网络前缀。填充租户 — VRF路由表时，必须执行此操作。

边界枝叶交换机还可以使用静态路由或在租户 — VRF中实例化的路由协议在vPC对等链路上通告接口环回。此流量也将通过vPC对等链路传输。

最后，连接到边界枝叶交换机的外部路由器单个主机可以通告网络前缀，这些前缀可能需要vPC对等链路位于网络流量路径中，如下图所示。

芽节点

在Bud节点使用案例中，可以将基于硬件或软件的VTEP连接到Cisco Nexus 9000 VXLAN枝叶交换机。此VTEP可以发送到枝叶交换机VXLAN封装的流量。必须将用于与此硬件或软件VTEP连接的VLAN添加到system nve infra-vlans命令。

在本例中，它是VLAN 10，另外是VLAN 777。

配置

在此场景中，枝叶A和枝叶B是vPC中的VTEP。

已选择VLAN 777加入底层路由协议，在本例中为开放最短路径优先(OSPF)。

在每台枝叶A和枝叶B交换机上，OSPF已通过上行链路与主干交换机以及它们之间通过vPC对等链路建立邻接关系。

OSPF或中间系统到中间系统(IS-IS)可以是底层中使用的路由协议。

注意：在vlan 777配置部分下未配置vn-segment命令。这表示VXLAN交换矩阵中没有扩展该VLAN，并且它在交换机中是本地的。

在全局配置模式下添加system nve infra-vlans命令，并选择vlan 777，因为它是用于底层OSPF邻接的vlan。

注意：系统nve infra-vlan仅在Nexus 9000上需要CloudScale ASIC(Tahoe)，如以EX、FX和FX2结尾的Nexus 9300。

枝叶A
LEAF_A# show ip ospf neighbors OSPF Process ID 1 VRF default Total number of neighbors: 2 Neighbor ID Pri State Up Time Address Interface 10.255.255.254 1 FULL/ - 00:02:52 10.255.255.254 Eth1/6 10.255.255.2 1 FULL/ - 02:16:10 10.1.2.2 Vlan777 LEAF_A# LEAF_A# show running-config vlan 777 !Command: show running-config vlan 777 !Running configuration last done at: Tue Jul 16 19:45:24 2019 !Time: Tue Jul 16 19:48:46 2019 version 7.0(3)I7(6) Bios:version 07.65 vlan 777 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA LEAF_A# LEAF_A# show running-config interface vlan 777 !Command: show running-config interface Vlan777 !Running configuration last done at: Tue Jul 16 19:45:24 2019 !Time: Tue Jul 16 19:46:33 2019 version 7.0(3)I7(6) Bios:version 07.65 interface Vlan777 no shutdown no ip redirects ip address 10.1.2.1/24 no ipv6 redirects ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 LEAF_A# LEAF_A# configure terminal Enter configuration commands, one per line. End with CNTL/Z. LEAF_A(config)# system nve infra-vlans ? <1-3967> VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512) LEAF_A(config)# system nve infra-vlans 777 LEAF_A(config)#

枝叶A

LEAF_A# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.255.255.254    1 FULL/ -          00:02:52 10.255.255.254  Eth1/6 
 10.255.255.2      1 FULL/ -          02:16:10 10.1.2.2        Vlan777 
LEAF_A#


LEAF_A# show running-config vlan 777

!Command: show running-config vlan 777
!Running configuration last done at: Tue Jul 16 19:45:24 2019
!Time: Tue Jul 16 19:48:46 2019

version 7.0(3)I7(6) Bios:version 07.65 
vlan 777
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA


LEAF_A# 


LEAF_A# show running-config interface vlan 777

!Command: show running-config interface Vlan777
!Running configuration last done at: Tue Jul 16 19:45:24 2019
!Time: Tue Jul 16 19:46:33 2019

version 7.0(3)I7(6) Bios:version 07.65 

interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.1/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0

LEAF_A#


LEAF_A# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LEAF_A(config)# system nve infra-vlans ?
  <1-3967>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512)

LEAF_A(config)# system nve infra-vlans 777
LEAF_A(config)#

枝叶B
LEAF_B# show ip ospf neighbors OSPF Process ID 1 VRF default Total number of neighbors: 2 Neighbor ID Pri State Up Time Address Interface 10.255.255.254 1 FULL/ - 02:21:53 10.255.255.254 Eth1/5 10.255.255.1 1 FULL/ - 02:13:51 10.1.2.1 Vlan777 LEAF_B# LEAF_B# show running-config vlan 777 !Command: show running-config vlan 777 !Running configuration last done at: Tue Jul 16 18:17:29 2019 !Time: Tue Jul 16 19:49:19 2019 version 7.0(3)I7(6) Bios:version 07.65 vlan 777 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA LEAF_B# LEAF_B# sh running-config interface vlan 777 !Command: show running-config interface Vlan777 !Running configuration last done at: Tue Jul 16 18:17:29 2019 !Time: Tue Jul 16 19:48:14 2019 version 7.0(3)I7(6) Bios:version 07.65 interface Vlan777 no shutdown no ip redirects ip address 10.1.2.2/24 no ipv6 redirects ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 LEAF_B# LEAF_B# configure terminal Enter configuration commands, one per line. End with CNTL/Z. LEAF_B(config)# system nve infra-vlans ? <1-3967> VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512) LEAF_B(config)# system nve infra-vlans 777 LEAF_B(config)#

枝叶B

LEAF_B# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.255.255.254    1 FULL/ -          02:21:53 10.255.255.254  Eth1/5 
 10.255.255.1      1 FULL/ -          02:13:51 10.1.2.1        Vlan777 
LEAF_B#


LEAF_B# show running-config vlan 777


!Command: show running-config vlan 777
!Running configuration last done at: Tue Jul 16 18:17:29 2019
!Time: Tue Jul 16 19:49:19 2019

version 7.0(3)I7(6) Bios:version 07.65 
vlan 777
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA


LEAF_B# 


LEAF_B# sh running-config interface vlan 777

!Command: show running-config interface Vlan777
!Running configuration last done at: Tue Jul 16 18:17:29 2019
!Time: Tue Jul 16 19:48:14 2019

version 7.0(3)I7(6) Bios:version 07.65 

interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.2/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0

LEAF_B#


LEAF_B# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LEAF_B(config)# system nve infra-vlans ?
  <1-3967>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512)

LEAF_B(config)# system nve infra-vlans 777
LEAF_B(config)#

注意：您不得配置infra-VLAN的某些组合。例如，2和514、10和522，它们分别为512。

网络图

配置

枝叶A
configure terminal ! hostname LEAF_A ! nv overlay evpn feature ospf feature bgp feature interface-vlan feature vn-segment-vlan-based feature nv overlay feature vpc feature lacp ! vlan 10 name VLAN_10_VRF_RED vn-segment 1000 vlan 100 name L3_VNI_VRF_RED vn-segment 10000 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA ! vpc domain 1 peer-keepalive destination 10.82.140.99 source 10.82.140.98 vrf management peer-switch peer-gateway layer3 peer-router ! interface Ethernet1/1 switchport switchport mode trunk channel-group 1 mode active no shutdown ! interface Port-Channel1 vpc peer-link no shutdown ! interface Vlan777 no shutdown no ip redirects ip address 10.1.2.1/24 no ipv6 redirects ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 ! fabric forwarding anycast-gateway-mac 000a.000b.000c ! vrf context RED vni 10000 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn ! interface Ethernet1/6 description TO SPINE no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/54 description TO HOST-A switchport switchport access vlan 10 spanning-tree port type edge no shutdown ! interface loopback0 description NVE LOOPBACK ip address 10.1.1.1/32 ip address 10.12.12.12/32 secondary ip router ospf 1 area 0.0.0.0 interface loopback1 description OSPF & BGP ID ip address 10.255.255.1/32 ip router ospf 1 area 0.0.0.0 ! interface Vlan100 no shutdown vrf member RED no ip redirects ip forward no ipv6 redirects ! interface Vlan10 no shutdown vrf member RED ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface nve1 host-reachability protocol bgp source-interface loopback0 member vni 1000 ingress-replication protocol bgp member vni 10000 associate-vrf no shutdown ! router ospf 1 router-id 10.255.255.1 ! router bgp 65535 router-id 10.255.255.1 address-family ipv4 unicast address-family l2vpn evpn neighbor 10.255.255.254 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended vrf RED address-family ipv4 unicast advertise l2vpn evpn ! evpn vni 1000 l2 rd auto route-target import auto route-target export auto ! end

枝叶A

configure terminal
!
hostname LEAF_A
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature vpc
feature lacp
!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
vpc domain 1
  peer-keepalive destination 10.82.140.99 source 10.82.140.98 vrf management
  peer-switch
  peer-gateway
  layer3 peer-router
!
interface Ethernet1/1
  switchport
  switchport mode trunk
  channel-group 1 mode active
  no shutdown
!
interface Port-Channel1
  vpc peer-link
  no shutdown
!
interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.1/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
!
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/6
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/54
  description TO HOST-A
  switchport
  switchport access vlan 10
  spanning-tree port type edge
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.1.1.1/32
  ip address 10.12.12.12/32 secondary
  ip router ospf 1 area 0.0.0.0

interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.1/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
  ip forward
  no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.1
!
router bgp 65535
  router-id 10.255.255.1
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end

枝叶B
configure terminal ! hostname LEAF_B ! nv overlay evpn feature ospf feature bgp feature interface-vlan feature vn-segment-vlan-based feature nv overlay feature vpc feature lacp ! vlan 10 name VLAN_10_VRF_RED vn-segment 1000 vlan 100 name L3_VNI_VRF_RED vn-segment 10000 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA ! vpc domain 1 peer-keepalive destination 10.82.140.98 source 10.82.140.99 vrf management peer-switch peer-gateway layer3 peer-router ! interface Ethernet1/1 switchport switchport mode trunk channel-group 1 mode active no shutdown ! interface Port-Channel1 vpc peer-link no shutdown ! interface Vlan777 no shutdown no ip redirects ip address 10.1.2.2/24 no ipv6 redirects ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 ! fabric forwarding anycast-gateway-mac 000a.000b.000c ! vrf context RED vni 10000 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn ! interface Ethernet1/5 description TO SPINE no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface loopback0 description NVE LOOPBACK ip address 10.2.2.2/32 ip address 10.12.12.12/32 secondary ip router ospf 1 area 0.0.0.0 interface loopback1 description OSPF & BGP ID ip address 10.255.255.2/32 ip router ospf 1 area 0.0.0.0 ! interface Vlan100 no shutdown vrf member RED no ip redirects ip forward no ipv6 redirects ! interface Vlan10 no shutdown vrf member RED ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface nve1 host-reachability protocol bgp source-interface loopback0 member vni 1000 ingress-replication protocol bgp member vni 10000 associate-vrf no shutdown ! router ospf 1 router-id 10.255.255.2 ! router bgp 65535 router-id 10.255.255.2 address-family ipv4 unicast address-family l2vpn evpn neighbor 10.255.255.254 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended vrf RED address-family ipv4 unicast advertise l2vpn evpn ! evpn vni 1000 l2 rd auto route-target import auto route-target export auto ! end

枝叶B

configure terminal
!
hostname LEAF_B
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature vpc
feature lacp
!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
vpc domain 1
  peer-keepalive destination 10.82.140.98 source 10.82.140.99 vrf management
  peer-switch
  peer-gateway
  layer3 peer-router
!
interface Ethernet1/1
  switchport
  switchport mode trunk
  channel-group 1 mode active
  no shutdown
!
interface Port-Channel1
  vpc peer-link
  no shutdown
!
interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.2/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
!
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/5
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.2.2.2/32
  ip address 10.12.12.12/32 secondary
  ip router ospf 1 area 0.0.0.0

interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.2/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
  ip forward
  no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.2
!
router bgp 65535
  router-id 10.255.255.2
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end

枝叶C
configure terminal ! hostname LEAF_C ! nv overlay evpn feature ospf feature bgp feature interface-vlan feature vn-segment-vlan-based feature nv overlay ! vlan 10 name VLAN_10_VRF_RED vn-segment 1000 vlan 100 name L3_VNI_VRF_RED vn-segment 10000 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA ! fabric forwarding anycast-gateway-mac 000a.000b.000c ! vrf context RED vni 10000 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn ! interface Ethernet1/1 description TO SPINE no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/49 description TO HOST-A switchport switchport access vlan 10 spanning-tree port type edge no shutdown ! interface loopback0 description NVE LOOPBACK ip address 10.3.3.3/32 ip router ospf 1 area 0.0.0.0 ! interface loopback1 description OSPF & BGP ID ip address 10.255.255.3/32 ip router ospf 1 area 0.0.0.0 ! interface Vlan100 no shutdown vrf member RED no ip redirects ip forward no ipv6 redirects ! interface Vlan10 no shutdown vrf member RED ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface nve1 host-reachability protocol bgp source-interface loopback0 member vni 1000 ingress-replication protocol bgp member vni 10000 associate-vrf no shutdown ! router ospf 1 router-id 10.255.255.3 ! router bgp 65535 router-id 10.255.255.3 address-family ipv4 unicast address-family l2vpn evpn neighbor 10.255.255.254 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended vrf RED address-family ipv4 unicast advertise l2vpn evpn ! evpn vni 1000 l2 rd auto route-target import auto route-target export auto ! end

枝叶C

configure terminal
!
hostname LEAF_C
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/1
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/49
  description TO HOST-A
  switchport
  switchport access vlan 10
  spanning-tree port type edge
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.3.3.3/32
  ip router ospf 1 area 0.0.0.0
!
interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.3/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
  ip forward
  no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.3
!
router bgp 65535
  router-id 10.255.255.3
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end

主干
configure terminal ! hostname SPINE ! nv overlay evpn feature ospf feature bgp feature nv overlay ! interface Ethernet1/5 description TO LEAF A no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/6 description TO LEAF B no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/1 description TO LEAF C no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface loopback1 description OSPF & BGP ID ip address 10.255.255.254/32 ip router ospf 1 area 0.0.0.0 ! router ospf 1 router-id 10.255.255.254 ! router bgp 65535 router-id 10.255.255.254 address-family ipv4 unicast address-family l2vpn evpn retain route-target all neighbor 10.255.255.1 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 10.255.255.2 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 10.255.255.3 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended route-reflector-client ! end

主干

configure terminal
!
hostname SPINE
!
nv overlay evpn
feature ospf
feature bgp
feature nv overlay
!
interface Ethernet1/5
  description TO LEAF A
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/6
  description TO LEAF B
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/1
  description TO LEAF C
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.254/32
  ip router ospf 1 area 0.0.0.0
!
router ospf 1
  router-id 10.255.255.254
!
router bgp 65535
  router-id 10.255.255.254
  address-family ipv4 unicast
  address-family l2vpn evpn
    retain route-target all
  neighbor 10.255.255.1
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.255.2
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.255.3
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
!
end

验证

运行命令show system nve infra-vlans，确保vlan显示在“当前活动的infra Vlans”下。

枝叶A
LEAF_A# show system nve infra-vlans Currently active infra Vlans: 777 Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967 *Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together LEAF_A#

枝叶A

LEAF_A# show system nve infra-vlans 
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_A#

枝叶B
LEAF_B# show system nve infra-vlans Currently active infra Vlans: 777 Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967 *Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together LEAF_B#

枝叶B

LEAF_B# show system nve infra-vlans
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_B#

注意：建议将第3层物理接口用作上行链路，以在交换矩阵中传输VXLAN流量。不支持第3层子接口。要使用接口vlan传输VXLAN流量，请确保vPC对等链路上也使用命令system nve infra-vlans来标识该vlan。

故障排除

如果LEAF A交换机遇到上行链路故障，并且它不再直接连接到SPINE交换机，则仍可以通过作为SPINE交换机备份上行链路的vPC对等链路上的infra-vlan实现连通性。

枝叶A
LEAF_A# show mac address-table vlan 10 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link, (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 10 0000.0000.000a dynamic 0 F F Eth1/54 C 10 0000.0000.000b dynamic 0 F F nve1(10.3.3.3) G 10 00be.755b.f1b7 static - F F sup-eth1(R) G 10 4c77.6db9.a8db static - F F vPC Peer-Link(R) LEAF_A# LEAF_A# show ip route 10.3.3.3 IP Route Table for VRF "default" '' denotes best ucast next-hop '' denotes best mcast next-hop '[x/y]' denotes [preference/metric] '%<string>' in via output denotes VRF <string> 10.3.3.3/32, ubest/mbest: 1/0 via 10.1.2.2, Vlan777, [110/49], 00:01:39, ospf-1, intra LEAF_A# LEAF_A# show system nve infra-vlans Currently active infra Vlans: 777 Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967 *Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together LEAF_A#

枝叶A

LEAF_A# show mac address-table vlan 10
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*   10     0000.0000.000a   dynamic  0         F      F    Eth1/54
C   10     0000.0000.000b   dynamic  0         F      F    nve1(10.3.3.3)
G   10     00be.755b.f1b7   static   -         F      F    sup-eth1(R)
G   10     4c77.6db9.a8db   static   -         F      F    vPC Peer-Link(R)
LEAF_A#

LEAF_A# show ip route 10.3.3.3
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

10.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.2.2, Vlan777, [110/49], 00:01:39, ospf-1, intra
LEAF_A#

LEAF_A# show system nve infra-vlans 
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_A#

由思科工程师提供

Hector Gustavo Serrano Gutierrez
Cisco TAC Engineer