使用路由伺服器配置Nexus EVPN-VXLAN多站點

下載選項

  • PDF     (411.8 KB)
    在多種裝置上使用 Adobe Reader 檢視
已更新: 2025 年 7 月 24 日
文件 ID:223286

無偏見用語

本產品的文件集力求使用無偏見用語。針對本文件集的目的,無偏見係定義為未根據年齡、身心障礙、性別、種族身分、民族身分、性別傾向、社會經濟地位及交織性表示歧視的用語。由於本產品軟體使用者介面中硬式編碼的語言、根據 RFP 文件使用的語言,或引用第三方產品的語言,因此本文件中可能會出現例外狀況。深入瞭解思科如何使用包容性用語。

關於此翻譯

思科已使用電腦和人工技術翻譯本文件,讓全世界的使用者能夠以自己的語言理解支援內容。請注意,即使是最佳機器翻譯,也不如專業譯者翻譯的內容準確。Cisco Systems, Inc. 對這些翻譯的準確度概不負責,並建議一律查看原始英文文件(提供連結)。

    簡介

    本文檔介紹如何在具有路由伺服器整合的Cisco Nexus 9000交換機上配置和驗證EVPN/VXLAN多站點環境。

    必要條件

    需求

    思科建議您瞭解以下主題:

    • 多重協定標籤交換(MPLS)第3層VPN
    • 多重通訊協定邊界閘道通訊協定(MP-BGP)
    • 乙太網路VPN/虛擬可擴充LAN(EVPN/VXLAN)

    採用元件

    本文中的資訊係根據以下軟體和硬體版本:

    • Cisco Nexus 9000系列交換機(實驗室環境中使用的特定型號)
    • 提供的示例中配置的軟體和硬體版本

    本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。

    背景資訊

    資料中心是一個資源池,其中包含計算能力、儲存和必要的應用程式,以支援任何業務環境。

    正確規劃資料中心基礎設施設計至關重要。本文檔介紹醫院網路等關鍵要求,以及如何滿足或超過這些要求。

    現代IT基礎設施和資料中心部署需要高可用性(HA)、以更快的速度擴展的能力,以及始終保持的高效能。

    在資料中心設計/架構領域探討的一些重要需求包括:

    • 埠密度通過交換矩陣擴展器(FEX)得到改善。
    • 通過硬件虛擬化(UCS)提高了計算容量。
    • 通過埠通道提高了接入層上行鏈路頻寬。
    • 機箱級冗餘由vPC改進。
    • 軟體定義網路(SDN)交換矩陣通過以應用為中心的基礎設施(ACI)進行了改進 — 可在交換矩陣中自動進行底層和重疊。
    • 通過資料中心網路管理器(DCNM)改進了新服務的快速部署和支援。
    • 通過暗光纖或波長服務提高了長距離應用的頻寬需求。

    地理冗餘和擴展是擴展資料中心環境的重要屬性。多站點VXLAN/EVPN有助於提供更好的資料中心互聯(DCI)解決方案。

    外部連線包括資料中心與網路其餘部分的連線:到Internet、WAN或園區。為外部連線提供的所有選項都具有多租戶感知功能,並側重於到外部網路域的第3層(L3)傳輸。

    EVPN是下一代多合一VPN解決方案。它不僅能完成許多其他的VPN技術,而且效能更佳。功能包括:

    • 與舊網路整合。
    • 選擇性廣告/擴展:僅擴展第2層(L2) — 使用第2類路由的特定VLAN/子網。僅擴展L3 — 具有第5類路由的特定第3層域。
    • 使用型別4路由自動發現冗餘組。
    • 混疊、大量提取地址、水準分割(SH)多尋的(MH)指示和1類路由。
    • 使用第3類路由自動發現多點傳送通道端點和多點傳送(MCAST)通道型別。

    其他優勢:

    • 跨資料中心和雲的工作負載平衡。
    • 主動應對干擾 — 降低即將到來的颶風和洪水等災害的風險。
    • 資料中心維護和遷移 — 計畫在一段時間內發生的事件,並與舊網路整合。
    • 備份和災難恢復即服務(aaS)。

    設定

    網路圖表

    作者要填充的佔位符內容

    站點1枝葉1配置

    這是站點1枝葉1的配置。每個命令都啟用關鍵功能並配置EVPN-VXLAN多站點操作所需的介面、VRF、VLAN和路由協定。

    feature nxapi
cfs ipv4 distribute
nv overlay evpn
feature ospf
feature bgp
feature pim
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature vpc
feature nv overlay
fabric forwarding anycast-gateway-mac 0000.1111.2222
ip pim rp-address 10.102.0.2 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
ip igmp snooping vxlan
vlan 1,100,200,300-350,2001
vlan 100
vn-segment 4000100
vlan 200
vn-segment 4000200
vlan 301
vn-segment 4000301
vlan 302
vn-segment 4000302
vlan 303
vn-segment 4000303
vlan 350
name L3-VNI
vn-segment 4000999
vlan 2001
vn-segment 4000502
vrf context L3VNI4000999
vni 4000999
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context vrf_1
vni 4000501
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context vrf_2
vni 4000502
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vpc domain 100
peer-switch
peer-keepalive destination 10.197.214.54 source 10.197.214.53
virtual peer-link destination 10.102.1.9 source 10.102.1.8 dscp 56
delay restore 150
peer-gateway
ip arp synchronize
interface Vlan100
no shutdown
mtu 9216
vrf member vrf_2
no ip redirects
ip address 192.168.100.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan200
no shutdown
mtu 9216
vrf member vrf_2
no ip redirects
ip address 192.168.200.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan301
no shutdown
mtu 9216
vrf member vrf_1
no ip redirects
ip address 172.16.11.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan302
no shutdown
mtu 9216
vrf member vrf_1
no ip redirects
ip address 172.16.12.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan303
no shutdown
mtu 9216
vrf member vrf_1
no ip redirects
ip address 172.16.13.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan2001
no shutdown
mtu 9000
vrf member vrf_2
no ip redirects
ip forward
ipv6 address use-link-local-only
no ipv6 redirects
interface port-channel10
switchport
switchport mode trunk
switchport trunk allowed vlan 100,200,300-350,2001
spanning-tree port type network
vpc peer-link
interface port-channel100
switchport
switchport mode trunk
switchport trunk allowed vlan 100,200
mtu 9216
vpc 100
interface nve1
no shutdown
host-reachability protocol bgp
advertise virtual-rmac
source-interface loopback1
member vni 4000100
suppress-arp
mcast-group 231.0.0.1
member vni 4000200
suppress-arp
mcast-group 231.0.0.2
member vni 4000502
associate-vrf
interface Ethernet1/1
switchport
switchport mode trunk
switchport trunk allowed vlan 100,200
mtu 9216
channel-group 100
no shutdown
interface Ethernet1/2
mtu 9216
port-type fabric
medium p2p
ip address 192.168.17.12/24
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback0
ip address 10.102.0.5/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
interface loopback1
ip address 10.102.1.8/32
ip address 10.201.201.201/32 secondary
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
router ospf 100
router-id 10.102.0.5
router bgp 100
router-id 10.102.0.5
log-neighbor-changes
address-family l2vpn evpn
advertise-pip
neighbor 10.102.0.2
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family ipv6 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.102.0.3
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family ipv6 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
evpn
vni 4000100 l2
rd auto
route-target import auto
route-target export auto
vni 4000200 l2
rd auto
route-target import auto
route-target export auto
vni 4000301 l2
rd auto
route-target import auto
route-target export auto
vni 4000302 l2
rd auto
route-target import auto
route-target export auto
vni 4000303 l2
rd auto
route-target import auto
route-target export auto

    站點1枝葉2配置

    feature nxapi
feature sftp-server
cfs ipv4 distribute
nv overlay evpn
feature ospf
feature bgp
feature pim
feature fabric forwarding
feature interface-vlan
feature vn-segment-vlan-based
feature lacp
feature vpc
feature nv overlay
fabric forwarding anycast-gateway-mac 0000.1111.2222
ip pim rp-address 10.102.0.2 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
vlan 1,100,200,300-350,2001
vlan 100
vn-segment 4000100
vlan 200
vn-segment 4000200
vlan 301
vn-segment 4000301
vlan 302
vn-segment 4000302
vlan 303
vn-segment 4000303
vlan 350
name L3-VNI
vn-segment 4000999
vlan 2001
vn-segment 4000502
vrf context L3VNI4000999
vni 4000999
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context vrf_1
vni 4000501
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vrf context vrf_2
vni 4000502
rd auto
address-family ipv4 unicast
route-target both auto
route-target both auto evpn
vpc domain 100
peer-switch
peer-keepalive destination 10.197.214.53 source 10.197.214.54
virtual peer-link destination 10.102.1.8 source 10.102.1.9 dscp 56
delay restore 150
peer-gateway
ip arp synchronize
interface Vlan100
no shutdown
mtu 9216
vrf member vrf_2
no ip redirects
ip address 192.168.100.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan200
no shutdown
mtu 9216
vrf member vrf_2
no ip redirects
ip address 192.168.200.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan301
no shutdown
mtu 9216
vrf member vrf_1
no ip redirects
ip address 172.16.11.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan302
no shutdown
mtu 9216
vrf member vrf_1
no ip redirects
ip address 172.16.12.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan303
no shutdown
mtu 9216
vrf member vrf_1
no ip redirects
ip address 172.16.13.254/24
no ipv6 redirects
fabric forwarding mode anycast-gateway
interface Vlan2001
no shutdown
mtu 9000
vrf member vrf_2
no ip redirects
ip forward
ipv6 address use-link-local-only
no ipv6 redirects
interface port-channel10
switchport
switchport mode trunk
switchport trunk allowed vlan 100,200,300-350,2001
spanning-tree port type network
vpc peer-link
interface port-channel100
switchport
switchport mode trunk
switchport trunk allowed vlan 100,200
mtu 9216
vpc 100
interface nve1
no shutdown
host-reachability protocol bgp
advertise virtual-rmac
source-interface loopback1
member vni 4000100
suppress-arp
mcast-group 231.0.0.1
member vni 4000200
suppress-arp
mcast-group 231.0.0.2
member vni 4000502
associate-vrf
interface Ethernet1/1
switchport
switchport mode trunk
switchport trunk allowed vlan 100,200
mtu 9216
channel-group 100
no shutdown
interface Ethernet1/2
mtu 9216
port-type fabric
medium p2p
ip address 192.168.18.12/24
ip ospf network point-to-point
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback0
ip address 10.102.0.8/32
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
interface loopback1
ip address 10.102.1.9/32
ip address 10.201.201.201/32 secondary
ip router ospf 100 area 0.0.0.0
ip pim sparse-mode
icam monitor scale
router ospf 100
router-id 10.102.0.8
router bgp 100
router-id 10.102.0.8
log-neighbor-changes
address-family l2vpn evpn
advertise-pip
neighbor 10.102.0.2
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family ipv6 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
neighbor 10.102.0.3
remote-as 100
update-source loopback0
address-family ipv4 unicast
address-family ipv6 unicast
send-community
send-community extended
address-family l2vpn evpn
send-community
send-community extended
evpn
vni 4000100 l2
rd auto
route-target import auto
route-target export auto
vni 4000200 l2
rd auto
route-target import auto
route-target export auto
vni 4000301 l2
rd auto
route-target import auto
route-target export auto
vni 4000302 l2
rd auto
route-target import auto
route-target export auto
vni 4000303 l2
rd auto
route-target import auto
route-target export auto

    為了文檔簡潔和可讀性,源內容中包含其他裝置的完整配置,可以在此處引用。每個配置遵循與以上相同的詳細結構,啟用所需功能,定義VLAN、VNI、VRF、介面和路由協定,並根據每個裝置的角色配置NVE、BGP EVPN和多站點邊界網關引數。

    驗證

    本節提供確認EVPN-VXLAN多站點配置是否正常運行的驗證步驟和示例輸出。

    步驟 1:使用Ping檢驗端到端連線

    Host2# ping 192.168.200.103
PING 192.168.200.103 (192.168.200.103): 56 data bytes
64 bytes from 192.168.200.103: icmp_seq=0 ttl=254 time=1.21 ms
64 bytes from 192.168.200.103: icmp_seq=1 ttl=254 time=0.627 ms
64 bytes from 192.168.200.103: icmp_seq=2 ttl=254 time=0.74 ms
64 bytes from 192.168.200.103: icmp_seq=3 ttl=254 time=0.737 ms
64 bytes from 192.168.200.103: icmp_seq=4 ttl=254 time=0.542 ms
--- 192.168.200.103 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.542/0.771/1.21 ms

    步驟 2:通過其他Ping檢驗第2層和第3層可達性

    Host2# ping 192.168.100.103
PING 192.168.100.103 (192.168.100.103): 56 data bytes
64 bytes from 192.168.100.103: icmp_seq=0 ttl=254 time=1.195 ms
64 bytes from 192.168.100.103: icmp_seq=1 ttl=254 time=0.613 ms
64 bytes from 192.168.100.103: icmp_seq=2 ttl=254 time=0.575 ms
64 bytes from 192.168.100.103: icmp_seq=3 ttl=254 time=0.522 ms
64 bytes from 192.168.100.103: icmp_seq=4 ttl=254 time=0.534 ms
--- 192.168.100.103 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.522/0.687/1.195 ms

    Host2# ping 192.168.100.100
PING 192.168.100.100 (192.168.100.100): 56 data bytes
64 bytes from 192.168.100.100: icmp_seq=0 ttl=254 time=1.029 ms
64 bytes from 192.168.100.100: icmp_seq=1 ttl=254 time=0.561 ms
64 bytes from 192.168.100.100: icmp_seq=2 ttl=254 time=0.579 ms
64 bytes from 192.168.100.100: icmp_seq=3 ttl=254 time=0.511 ms
64 bytes from 192.168.100.100: icmp_seq=4 ttl=254 time=0.496 ms
--- 192.168.100.100 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.496/0.635/1.029 ms

    HOST_3(config)# ping 192.168.100.100
PING 192.168.100.100 (192.168.100.100): 56 data bytes
64 bytes from 192.168.100.100: icmp_seq=0 ttl=254 time=1.319 ms
64 bytes from 192.168.100.100: icmp_seq=1 ttl=254 time=0.77 ms
64 bytes from 192.168.100.100: icmp_seq=2 ttl=254 time=0.505 ms
64 bytes from 192.168.100.100: icmp_seq=3 ttl=254 time=0.542 ms
64 bytes from 192.168.100.100: icmp_seq=4 ttl=254 time=0.486 ms
--- 192.168.100.100 ping statistics ---
5 packets transmitted, 5 packets received, 0.00% packet loss
round-trip min/avg/max = 0.486/0.724/1.319 ms

    步驟 3:檢驗ARP表

    device# show ip arp
Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies 
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface

IP ARP Table for context default
Total number of entries: 8
Flags

    步驟 4:驗證MAC地址表

    device# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,
+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan

VLAN    MAC Address       Type    age     Secure  NTFY    Ports
---------+-----------------+--------+---------+------+----+------------------

    步驟 5:驗證BGP EVPN路由

    device# show bgp l2vpn evpn
BGP routing table information for VRF default, address family L2VPN EVPN
BGP table version is 3291, Local Router ID is 10.102.0.5
Status: s-suppressed, x-deleted, S-stale, d-dampened, h-history, *-valid, >-best
Path type: i-internal, e-external, c-confed, l-local, a-aggregate, r-redist, I-inject
Origin codes: i - IGP, e - EGP, ? - incomplete, | - multipath, & - backup, 2 - best2
Network Next Hop Metric LocPrf Weight Path
*>i[2]:[0]:[0]:[48]:[6c8b.d3fe.df3b]:[32]:[192.168.100.104]/27 210. 100. 100. 1 100 0 300 200 i
...

    步驟 6:驗證vPC狀態

    device# show vpc brief
Legend:(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id    : 100
Peer status      : peer adjacency formed ok
vPC keep-alive status  : peer is alive 
Configuration consistency status : success
Per-vlan consistency status      : success 
Type-2 consistency status        : success
vPC role        : secondary
Number of vPCs configured       : 1
Peer Gateway   : Enabled
Dual-active excluded VLANs      : - 
Graceful Consistency Check      : Enabled 
Auto-recovery status            : Disabled
Delay-restore status            : Timer is off.(timeout = 150s) 
Delay-restore SVI status        : Timer is off.(timeout = 10s) 
Delay-restore Orphan-port status: Timer is off.(timeout = 0s) 
Operational Layer3 Peer-router  : Disabled
Virtual-peerlink mode           : Enabled 
vPC Peer-link status
id  Port    Status Active vlans
1   Po10    up     100,200,300-350,2001
vPC status
Id  Port    Status Consistency Reason   Active vlans
100 Po100   up     success    success   100,200

    疑難排解

    本節提供對EVPN-VXLAN多站點配置進行故障排除的命令和方法。

    步驟 1:檢驗ARP表

    device# show ip arp
Flags: * - Adjacencies learnt on non-active FHRP router
+ - Adjacencies synced via CFSoE
# - Adjacencies Throttled for Glean
CP - Added via L2RIB, Control plane Adjacencies 
PS - Added via L2RIB, Peer Sync
RO - Re-Originated Peer Sync Entry
D - Static Adjacencies attached to down interface

IP ARP Table for context default
Total number of entries: 8
Flags

    步驟 2:驗證MAC地址表

    device# show mac address-table
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,
+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False, C - ControlPlane MAC, ~ - vsan

VLAN    MAC Address       Type    age     Secure  NTFY    Ports
---------+-----------------+--------+---------+------+----+------------------

    步驟 3:驗證BGP EVPN

    device# show bgp l2vpn evpn

    步驟 4:驗證vPC狀態

    device# show vpc brief

    步驟 5:使用Cisco CLI Analyzer

    Cisco CLI Analyzer(僅供已註冊客戶使用)支援某些 show 指令。使用 Cisco CLI Analyzer 檢視 show 指令輸出的分析。

    相關資訊

    修訂記錄

    修訂 發佈日期 意見
    1.0
    24-Jul-2025
    初始版本
    TAC Authored

    由思科工程師貢獻

    • TAC工程師

    這份文件是否有所幫助?

    Feedback意見

    讓思科協助您

    本文件適用於這些產品