在Cisco Nexus 9000交換機的VXLAN BGP EVPN中配置系統NVE infra-vlan

下載選項

PDF (1.2 MB)
在多種裝置上使用 Adobe Reader 檢視
ePub (1.0 MB)
在 iPhone、iPad、Android、Sony Reader 或 Windows Phone 上的各種應用程式中檢視
Mobi (Kindle) (538.0 KB)
在 Kindle 裝置或多部裝置的 Kindle 應用程式上檢視

已更新: 2020 年 4 月 29 日

文件 ID:214624

無偏見用語

本產品的文件集力求使用無偏見用語。針對本文件集的目的，無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言，或引用第三方產品的語言，因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。

關於此翻譯

思科已使用電腦和人工技術翻譯本文件，讓全世界的使用者能夠以自己的語言理解支援內容。請注意，即使是最佳機器翻譯，也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責，並建議一律查看原始英文文件（提供連結）。

簡介

本檔案介紹system nve infra-vlan命令在基於執行NX-OS作業系統的Cisco Nexus 9000交換器的虛擬可擴充LAN邊界閘道通訊協定乙太網路VPN(VXLAN BGP EVPN)網狀架構中的用途。

將Nexus 9000交換機配置為虛擬埠通道(vPC)域中的VXLAN枝葉交換機(也稱為VXLAN隧道端點(VTEP))時，必須使用介面VLAN通過vPC對等鏈路在它們之間具有備份第3層路由鄰接。此VLAN必須是交換機的本地VLAN，而不是在VXLAN交換矩陣中延伸並且屬於預設VRF（全域性路由表）。

確保system nve infra-vlan命令在具有CloudScale ASIC(Tahoe)的Nexus 9000平台上（例如Nexus 9300交換機）已到位，該交換機以EX、FX和FX2結尾，以指定VLAN可以充當上行鏈路，並使用VXLAN封裝通過vPC對等鏈路正確轉發幀。

附註：本文檔不適用於在以應用為中心的基礎設施(ACI)模式下運行並由思科應用策略基礎設施控制器(APIC)管理的Cisco Nexus 9000交換機。

必要條件

需求

思科建議您瞭解以下主題：

Nexus NX-OS軟體
VXLAN BGP EVPN

採用元件

本文中的資訊係根據以下軟體和硬體版本：

Cisco N9K-C93180YC-EX
NXOS 7.0(3)I7(6)版

本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除（預設）的組態來啟動。如果您的網路運作中，請確保您瞭解任何指令可能造成的影響。

附註：本檔案會將「枝葉交換器」、「VTEP」和「ToR」等術語互換使用。

使用案例

下一個使用案例顯示何時需要配置system nve infra-vlan命令。在所有這些配置中，分配的VLAN 777都需要定義為system nve infra-vlan命令的一部分，並用於通過vPC對等鏈路例項化第3層路由備份鄰接關係。此VLAN 777需要作為預設VRF（全域性路由表）的一部分。

附註：這些使用案例描述直接連線到Cisco Nexus 9000 VXLAN枝葉或邊界枝葉交換機的終端主機或路由器的常見場景。同樣，這些使用案例也適用於Nexus 9000枝葉交換機與終端主機或路由器之間的第2層交換機或網橋。

vPC中枝葉交換機上的孤立埠

此使用案例說明連線至vPC域中的單個Cisco Nexus 9000 VXLAN枝葉交換機部分的交換矩陣內的終端主機（主機A）。這稱為孤立埠連線。作為路由的一部分，由連線到交換矩陣中任何其他枝葉交換機的終端主機生成的流量在底層中將被兩個枝葉交換機（交換機枝葉A和交換機枝葉B）同時擁有的NVE任播IP地址(10.12.12.12)。這是為了使用等價多路徑(ECMP)路由來利用所有枝葉到主幹的上行鏈路。在此案例中，通過骨幹網後，目的地為主機A的VXLAN幀可能會雜湊到枝葉B，而枝葉B沒有與主機A的直接連線。系統沒有基礎設施VLAN，並且需要備份路由才能使流量通過vPC對等鏈路。

vPC中枝葉交換機上的上行鏈路故障

在此使用案例中，交換矩陣內的終端主機（主機A）雙宿主到vPC域中的兩台Cisco Nexus 9000 VXLAN枝葉交換機。但是，如果vPC中任何枝葉交換機上的所有上行鏈路出現故障，且可以將其與主幹交換機完全隔離，則系統需要啟用次級VLAN和備份路由才能使流量通過vPC對等鏈路，而後者現在是通向主幹的唯一可能路徑。例如，圖中顯示主機A到隔離交換機Leaf A的流量已雜湊其幀。幀現在必須經過vPC對等鏈路。

vPC中的邊界枝葉交換機

邊界枝葉交換機可以通過與外部路由器交換網路字首從VXLAN交換矩陣提供連線，它可以位於vPC中。

與外部路由器的連線可以抽象地視為與WAN的連線。

如果鏈路發生故障，連線到WAN的邊界枝葉交換機最終可能單宿主。在這種情況下，系統不需要使用超小VLAN和備份路由，流量便需要通過vPC對等鏈路，如下圖所示。

附註：在下一個示例中，除了全域性路由表中的VLAN外，租戶VRF中還必須有一個VLAN部分，該部分基於vPC對等鏈路上的邊界枝葉交換機之間使用靜態路由或路由協定來交換網路字首。填充租戶VRF路由表需要此項。

邊界枝葉交換機還可以使用靜態路由或在Tenant-VRF中例項化的路由協定，通過vPC對等鏈路通告介面環回。此流量也將通過vPC對等鏈路傳輸。

最後，連線到Border Leaf交換機的外部路由器單主目錄可以通告網路字首，在下一圖所示的網路流量路徑中需要vPC對等鏈路。

Bud節點

在Bud節點使用案例中，可以有一個基於硬體或軟體的VTEP連線到Cisco Nexus 9000 VXLAN枝葉交換機。此VTEP可以將VXLAN封裝流量傳送到枝葉交換器。必須將用於連線此硬體或軟體VTEP的VLAN新增到system nve infra-vlan命令中。

在本例中，它是VLAN 10和VLAN 777。

設定

在此案例中，枝葉A和枝葉B是vPC中的VTEP。

已選擇VLAN 777參與底層路由協定，在本例中為開放最短路徑優先(OSPF)。

在每台枝葉A和枝葉B交換機上，OSPF已通過vPC對等鏈路，在上行鏈路和它們之間與主幹交換機建立了鄰接關係。

OSPF或中間系統到中間系統(IS-IS)可以是底層中使用的路由協定。

附註：vlan 777配置部分下未配置vn-segment命令。這表示該VLAN未在VXLAN交換矩陣中延伸，並且在交換機中是本地的。

在全域性配置模式下新增system nve infra-vlan命令，並選擇vlan 777，因為它是用於底層OSPF鄰接的vlan。

附註：系統nve infra-vlan僅在具有CloudScale ASIC(Tahoe)(如Nexus 9300（以EX、FX和FX2結尾）的Nexus 9000上需要。

枝葉A
LEAF_A# show ip ospf neighbors OSPF Process ID 1 VRF default Total number of neighbors: 2 Neighbor ID Pri State Up Time Address Interface 10.255.255.254 1 FULL/ - 00:02:52 10.255.255.254 Eth1/6 10.255.255.2 1 FULL/ - 02:16:10 10.1.2.2 Vlan777 LEAF_A# LEAF_A# show running-config vlan 777 !Command: show running-config vlan 777 !Running configuration last done at: Tue Jul 16 19:45:24 2019 !Time: Tue Jul 16 19:48:46 2019 version 7.0(3)I7(6) Bios:version 07.65 vlan 777 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA LEAF_A# LEAF_A# show running-config interface vlan 777 !Command: show running-config interface Vlan777 !Running configuration last done at: Tue Jul 16 19:45:24 2019 !Time: Tue Jul 16 19:46:33 2019 version 7.0(3)I7(6) Bios:version 07.65 interface Vlan777 no shutdown no ip redirects ip address 10.1.2.1/24 no ipv6 redirects ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 LEAF_A# LEAF_A# configure terminal Enter configuration commands, one per line. End with CNTL/Z. LEAF_A(config)# system nve infra-vlans ? <1-3967> VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512) LEAF_A(config)# system nve infra-vlans 777 LEAF_A(config)#

枝葉A

LEAF_A# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.255.255.254    1 FULL/ -          00:02:52 10.255.255.254  Eth1/6 
 10.255.255.2      1 FULL/ -          02:16:10 10.1.2.2        Vlan777 
LEAF_A#


LEAF_A# show running-config vlan 777

!Command: show running-config vlan 777
!Running configuration last done at: Tue Jul 16 19:45:24 2019
!Time: Tue Jul 16 19:48:46 2019

version 7.0(3)I7(6) Bios:version 07.65 
vlan 777
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA


LEAF_A# 


LEAF_A# show running-config interface vlan 777

!Command: show running-config interface Vlan777
!Running configuration last done at: Tue Jul 16 19:45:24 2019
!Time: Tue Jul 16 19:46:33 2019

version 7.0(3)I7(6) Bios:version 07.65 

interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.1/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0

LEAF_A#


LEAF_A# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LEAF_A(config)# system nve infra-vlans ?
  <1-3967>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512)

LEAF_A(config)# system nve infra-vlans 777
LEAF_A(config)#

葉B
LEAF_B# show ip ospf neighbors OSPF Process ID 1 VRF default Total number of neighbors: 2 Neighbor ID Pri State Up Time Address Interface 10.255.255.254 1 FULL/ - 02:21:53 10.255.255.254 Eth1/5 10.255.255.1 1 FULL/ - 02:13:51 10.1.2.1 Vlan777 LEAF_B# LEAF_B# show running-config vlan 777 !Command: show running-config vlan 777 !Running configuration last done at: Tue Jul 16 18:17:29 2019 !Time: Tue Jul 16 19:49:19 2019 version 7.0(3)I7(6) Bios:version 07.65 vlan 777 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA LEAF_B# LEAF_B# sh running-config interface vlan 777 !Command: show running-config interface Vlan777 !Running configuration last done at: Tue Jul 16 18:17:29 2019 !Time: Tue Jul 16 19:48:14 2019 version 7.0(3)I7(6) Bios:version 07.65 interface Vlan777 no shutdown no ip redirects ip address 10.1.2.2/24 no ipv6 redirects ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 LEAF_B# LEAF_B# configure terminal Enter configuration commands, one per line. End with CNTL/Z. LEAF_B(config)# system nve infra-vlans ? <1-3967> VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512) LEAF_B(config)# system nve infra-vlans 777 LEAF_B(config)#

葉B

LEAF_B# show ip ospf neighbors 
 OSPF Process ID 1 VRF default
 Total number of neighbors: 2
 Neighbor ID     Pri State            Up Time  Address         Interface
 10.255.255.254    1 FULL/ -          02:21:53 10.255.255.254  Eth1/5 
 10.255.255.1      1 FULL/ -          02:13:51 10.1.2.1        Vlan777 
LEAF_B#


LEAF_B# show running-config vlan 777


!Command: show running-config vlan 777
!Running configuration last done at: Tue Jul 16 18:17:29 2019
!Time: Tue Jul 16 19:49:19 2019

version 7.0(3)I7(6) Bios:version 07.65 
vlan 777
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA


LEAF_B# 


LEAF_B# sh running-config interface vlan 777

!Command: show running-config interface Vlan777
!Running configuration last done at: Tue Jul 16 18:17:29 2019
!Time: Tue Jul 16 19:48:14 2019

version 7.0(3)I7(6) Bios:version 07.65 

interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.2/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0

LEAF_B#


LEAF_B# configure terminal
Enter configuration commands, one per line. End with CNTL/Z.
LEAF_B(config)# system nve infra-vlans ?
  <1-3967>  VLAN ID 1-4094 or range(s): 1-5, 10 or 2-5,7-19 (The range of vlans configured must not exceed 512)

LEAF_B(config)# system nve infra-vlans 777
LEAF_B(config)#

附註：不得設定多個VLAN的特定組合。例如2和514、10和522，它們相隔512。

網路圖表

組態

枝葉A
configure terminal ! hostname LEAF_A ! nv overlay evpn feature ospf feature bgp feature interface-vlan feature vn-segment-vlan-based feature nv overlay feature vpc feature lacp ! vlan 10 name VLAN_10_VRF_RED vn-segment 1000 vlan 100 name L3_VNI_VRF_RED vn-segment 10000 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA ! vpc domain 1 peer-keepalive destination 10.82.140.99 source 10.82.140.98 vrf management peer-switch peer-gateway layer3 peer-router ! interface Ethernet1/1 switchport switchport mode trunk channel-group 1 mode active no shutdown ! interface Port-Channel1 vpc peer-link no shutdown ! interface Vlan777 no shutdown no ip redirects ip address 10.1.2.1/24 no ipv6 redirects ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 ! fabric forwarding anycast-gateway-mac 000a.000b.000c ! vrf context RED vni 10000 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn ! interface Ethernet1/6 description TO SPINE no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/54 description TO HOST-A switchport switchport access vlan 10 spanning-tree port type edge no shutdown ! interface loopback0 description NVE LOOPBACK ip address 10.1.1.1/32 ip address 10.12.12.12/32 secondary ip router ospf 1 area 0.0.0.0 interface loopback1 description OSPF & BGP ID ip address 10.255.255.1/32 ip router ospf 1 area 0.0.0.0 ! interface Vlan100 no shutdown vrf member RED no ip redirects ip forward no ipv6 redirects ! interface Vlan10 no shutdown vrf member RED ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface nve1 host-reachability protocol bgp source-interface loopback0 member vni 1000 ingress-replication protocol bgp member vni 10000 associate-vrf no shutdown ! router ospf 1 router-id 10.255.255.1 ! router bgp 65535 router-id 10.255.255.1 address-family ipv4 unicast address-family l2vpn evpn neighbor 10.255.255.254 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended vrf RED address-family ipv4 unicast advertise l2vpn evpn ! evpn vni 1000 l2 rd auto route-target import auto route-target export auto ! end

枝葉A

configure terminal
!
hostname LEAF_A
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature vpc
feature lacp
!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
vpc domain 1
  peer-keepalive destination 10.82.140.99 source 10.82.140.98 vrf management
  peer-switch
  peer-gateway
  layer3 peer-router
!
interface Ethernet1/1
  switchport
  switchport mode trunk
  channel-group 1 mode active
  no shutdown
!
interface Port-Channel1
  vpc peer-link
  no shutdown
!
interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.1/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
!
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/6
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/54
  description TO HOST-A
  switchport
  switchport access vlan 10
  spanning-tree port type edge
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.1.1.1/32
  ip address 10.12.12.12/32 secondary
  ip router ospf 1 area 0.0.0.0

interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.1/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
  ip forward
  no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.1
!
router bgp 65535
  router-id 10.255.255.1
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end

葉B
configure terminal ! hostname LEAF_B ! nv overlay evpn feature ospf feature bgp feature interface-vlan feature vn-segment-vlan-based feature nv overlay feature vpc feature lacp ! vlan 10 name VLAN_10_VRF_RED vn-segment 1000 vlan 100 name L3_VNI_VRF_RED vn-segment 10000 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA ! vpc domain 1 peer-keepalive destination 10.82.140.98 source 10.82.140.99 vrf management peer-switch peer-gateway layer3 peer-router ! interface Ethernet1/1 switchport switchport mode trunk channel-group 1 mode active no shutdown ! interface Port-Channel1 vpc peer-link no shutdown ! interface Vlan777 no shutdown no ip redirects ip address 10.1.2.2/24 no ipv6 redirects ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 ! fabric forwarding anycast-gateway-mac 000a.000b.000c ! vrf context RED vni 10000 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn ! interface Ethernet1/5 description TO SPINE no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface loopback0 description NVE LOOPBACK ip address 10.2.2.2/32 ip address 10.12.12.12/32 secondary ip router ospf 1 area 0.0.0.0 interface loopback1 description OSPF & BGP ID ip address 10.255.255.2/32 ip router ospf 1 area 0.0.0.0 ! interface Vlan100 no shutdown vrf member RED no ip redirects ip forward no ipv6 redirects ! interface Vlan10 no shutdown vrf member RED ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface nve1 host-reachability protocol bgp source-interface loopback0 member vni 1000 ingress-replication protocol bgp member vni 10000 associate-vrf no shutdown ! router ospf 1 router-id 10.255.255.2 ! router bgp 65535 router-id 10.255.255.2 address-family ipv4 unicast address-family l2vpn evpn neighbor 10.255.255.254 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended vrf RED address-family ipv4 unicast advertise l2vpn evpn ! evpn vni 1000 l2 rd auto route-target import auto route-target export auto ! end

葉B

configure terminal
!
hostname LEAF_B
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay
feature vpc
feature lacp
!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
vpc domain 1
  peer-keepalive destination 10.82.140.98 source 10.82.140.99 vrf management
  peer-switch
  peer-gateway
  layer3 peer-router
!
interface Ethernet1/1
  switchport
  switchport mode trunk
  channel-group 1 mode active
  no shutdown
!
interface Port-Channel1
  vpc peer-link
  no shutdown
!
interface Vlan777
  no shutdown
  no ip redirects
  ip address 10.1.2.2/24
  no ipv6 redirects
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
!
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/5
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.2.2.2/32
  ip address 10.12.12.12/32 secondary
  ip router ospf 1 area 0.0.0.0

interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.2/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
  ip forward
  no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.2
!
router bgp 65535
  router-id 10.255.255.2
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end

枝葉C
configure terminal ! hostname LEAF_C ! nv overlay evpn feature ospf feature bgp feature interface-vlan feature vn-segment-vlan-based feature nv overlay ! vlan 10 name VLAN_10_VRF_RED vn-segment 1000 vlan 100 name L3_VNI_VRF_RED vn-segment 10000 vlan 777 name BACKUP_VLAN_ROUTING_NVE_INFRA ! fabric forwarding anycast-gateway-mac 000a.000b.000c ! vrf context RED vni 10000 rd auto address-family ipv4 unicast route-target both auto route-target both auto evpn ! interface Ethernet1/1 description TO SPINE no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/49 description TO HOST-A switchport switchport access vlan 10 spanning-tree port type edge no shutdown ! interface loopback0 description NVE LOOPBACK ip address 10.3.3.3/32 ip router ospf 1 area 0.0.0.0 ! interface loopback1 description OSPF & BGP ID ip address 10.255.255.3/32 ip router ospf 1 area 0.0.0.0 ! interface Vlan100 no shutdown vrf member RED no ip redirects ip forward no ipv6 redirects ! interface Vlan10 no shutdown vrf member RED ip address 192.168.1.1/24 fabric forwarding mode anycast-gateway ! interface nve1 host-reachability protocol bgp source-interface loopback0 member vni 1000 ingress-replication protocol bgp member vni 10000 associate-vrf no shutdown ! router ospf 1 router-id 10.255.255.3 ! router bgp 65535 router-id 10.255.255.3 address-family ipv4 unicast address-family l2vpn evpn neighbor 10.255.255.254 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended vrf RED address-family ipv4 unicast advertise l2vpn evpn ! evpn vni 1000 l2 rd auto route-target import auto route-target export auto ! end

枝葉C

configure terminal
!
hostname LEAF_C
!
nv overlay evpn
feature ospf
feature bgp
feature interface-vlan
feature vn-segment-vlan-based
feature nv overlay

!
vlan 10
  name VLAN_10_VRF_RED
  vn-segment 1000
vlan 100
  name L3_VNI_VRF_RED
  vn-segment 10000
vlan 777
  name BACKUP_VLAN_ROUTING_NVE_INFRA
!
fabric forwarding anycast-gateway-mac 000a.000b.000c
!
vrf context RED
  vni 10000
  rd auto
  address-family ipv4 unicast
    route-target both auto
    route-target both auto evpn
!
interface Ethernet1/1
  description TO SPINE
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/49
  description TO HOST-A
  switchport
  switchport access vlan 10
  spanning-tree port type edge
  no shutdown
!
interface loopback0
  description NVE LOOPBACK
  ip address 10.3.3.3/32
  ip router ospf 1 area 0.0.0.0
!
interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.3/32
  ip router ospf 1 area 0.0.0.0
!
interface Vlan100
  no shutdown
  vrf member RED
  no ip redirects
  ip forward
  no ipv6 redirects
!
interface Vlan10
  no shutdown
  vrf member RED
  ip address 192.168.1.1/24
  fabric forwarding mode anycast-gateway
!
interface nve1
  host-reachability protocol bgp
  source-interface loopback0
  member vni 1000
    ingress-replication protocol bgp
  member vni 10000 associate-vrf
  no shutdown
!
router ospf 1
  router-id 10.255.255.3
!
router bgp 65535
  router-id 10.255.255.3
  address-family ipv4 unicast
  address-family l2vpn evpn
  neighbor 10.255.255.254
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
  vrf RED
    address-family ipv4 unicast
      advertise l2vpn evpn
!
evpn
  vni 1000 l2
    rd auto
    route-target import auto
    route-target export auto
!
end

骨幹
configure terminal ! hostname SPINE ! nv overlay evpn feature ospf feature bgp feature nv overlay ! interface Ethernet1/5 description TO LEAF A no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/6 description TO LEAF B no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface Ethernet1/1 description TO LEAF C no switchport medium p2p ip unnumbered loopback1 ip ospf network point-to-point ip router ospf 1 area 0.0.0.0 no shutdown ! interface loopback1 description OSPF & BGP ID ip address 10.255.255.254/32 ip router ospf 1 area 0.0.0.0 ! router ospf 1 router-id 10.255.255.254 ! router bgp 65535 router-id 10.255.255.254 address-family ipv4 unicast address-family l2vpn evpn retain route-target all neighbor 10.255.255.1 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 10.255.255.2 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended route-reflector-client neighbor 10.255.255.3 remote-as 65535 update-source loopback1 address-family ipv4 unicast address-family l2vpn evpn send-community send-community extended route-reflector-client ! end

骨幹

configure terminal
!
hostname SPINE
!
nv overlay evpn
feature ospf
feature bgp
feature nv overlay
!
interface Ethernet1/5
  description TO LEAF A
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/6
  description TO LEAF B
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface Ethernet1/1
  description TO LEAF C
  no switchport
  medium p2p
  ip unnumbered loopback1
  ip ospf network point-to-point
  ip router ospf 1 area 0.0.0.0
  no shutdown
!
interface loopback1
  description OSPF & BGP ID
  ip address 10.255.255.254/32
  ip router ospf 1 area 0.0.0.0
!
router ospf 1
  router-id 10.255.255.254
!
router bgp 65535
  router-id 10.255.255.254
  address-family ipv4 unicast
  address-family l2vpn evpn
    retain route-target all
  neighbor 10.255.255.1
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.255.2
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
  neighbor 10.255.255.3
    remote-as 65535
    update-source loopback1
    address-family ipv4 unicast
    address-family l2vpn evpn
      send-community
      send-community extended
      route-reflector-client
!
end

驗證

運行命令show system nve infra-vlan，確保vlan顯示在Current active infra Vlan下。

枝葉A
LEAF_A# show system nve infra-vlans Currently active infra Vlans: 777 Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967 *Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together LEAF_A#

枝葉A

LEAF_A# show system nve infra-vlans 
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_A#

葉B
LEAF_B# show system nve infra-vlans Currently active infra Vlans: 777 Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967 *Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together LEAF_B#

葉B

LEAF_B# show system nve infra-vlans
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_B#

附註：第3層物理介面建議用作在交換矩陣中傳輸VXLAN流量的上行鏈路。不支援第3層子介面。要使用介面vlan傳輸VXLAN流量，請確保也使用system nve infra-vlan命令通過vPC對等鏈路標識vlan。

疑難排解

如果枝葉A交換機出現上行鏈路故障，並且不再直接連線到主幹交換機，仍可以通過作為備用上行鏈路的vPC對等鏈路上的次要VLAN實現可達性。

枝葉A
LEAF_A# show mac address-table vlan 10 Legend: * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC age - seconds since last seen,+ - primary entry using vPC Peer-Link, (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan VLAN MAC Address Type age Secure NTFY Ports ---------+-----------------+--------+---------+------+----+------------------ * 10 0000.0000.000a dynamic 0 F F Eth1/54 C 10 0000.0000.000b dynamic 0 F F nve1(10.3.3.3) G 10 00be.755b.f1b7 static - F F sup-eth1(R) G 10 4c77.6db9.a8db static - F F vPC Peer-Link(R) LEAF_A# LEAF_A# show ip route 10.3.3.3 IP Route Table for VRF "default" '' denotes best ucast next-hop '' denotes best mcast next-hop '[x/y]' denotes [preference/metric] '%<string>' in via output denotes VRF <string> 10.3.3.3/32, ubest/mbest: 1/0 via 10.1.2.2, Vlan777, [110/49], 00:01:39, ospf-1, intra LEAF_A# LEAF_A# show system nve infra-vlans Currently active infra Vlans: 777 Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967 *Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together LEAF_A#

枝葉A

LEAF_A# show mac address-table vlan 10
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*   10     0000.0000.000a   dynamic  0         F      F    Eth1/54
C   10     0000.0000.000b   dynamic  0         F      F    nve1(10.3.3.3)
G   10     00be.755b.f1b7   static   -         F      F    sup-eth1(R)
G   10     4c77.6db9.a8db   static   -         F      F    vPC Peer-Link(R)
LEAF_A#

LEAF_A# show ip route 10.3.3.3
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

10.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.2.2, Vlan777, [110/49], 00:01:39, ospf-1, intra
LEAF_A#

LEAF_A# show system nve infra-vlans 
Currently active infra Vlans: 777
Available Infra Vlans : 7-264,266-511,519-776,778-1023,1031-1288,1290-1535,1543-1800,1802-2047,2055-2312,2314-2559,2567-2824,2826-3071,3079-3336,3338-3583,3591-3848,3850-3967
*Configuration of two infra-vlans which are 512 apart is not allowed. Ex: 4, 516 are not allowed to be configured together 
LEAF_A#

由思科工程師貢獻

Hector Gustavo Serrano Gutierrez
Cisco TAC工程師