本配置适用于应用驱动园区 DR2000 ADCAM 7.3(E0506H02)版本
1.指定设备为LEAF设备
vcf-fabric role leaf
2.创建VLAN1和VLAN4094,并创建管理地址。VLAN1为管理网段,VLAN4094为SDN下发策略网段。
vlan 1 vlan 4094 int vlan1 ip add xxx.xxx.xxx.xxx
3.配置vlan三层虚接口,用于和SPINE互通。此处规划使用vlan4089
vlan 4089 description LEAF互通 int vlan4089 ip add xxx.xxx.xxx.xxx 30
4.配置LOOKBACK接口,作为router id
int lookback0 ip add xxx.xxx.xxx.xxx 32
5.配置OSPF
ospf 1 graceful-restart ietf area 0.0.0.0 network xxx.xxx.xxx.xxx 0.0.0.0 network xxx.xxx.xxx.xxx 0.0.0.0
6.配置BGP EVPN
bgp 100 graceful-restart router-id xxx.xxx.xxx.xxx peer xxx.xxx.xxx.xxx as-number 100 peer xxx.xxx.xxx.xxx connect-interface LoopBack0 address-family l2vpn evpn peer xxx.xxx.xxx.xxx enable
7.使能L2VPN
l2vpn enable
8.配置vpn-default、VSI vxlan4094、VSI虚接口IP地址以及L3 VNI,并在下行AC口(连接Access设备的接口)上配置服务实例(绑定vsi vxlan4094),用完成控制通道的连通。
# ip vpn-instance vpn-default route-distinguisher 1:1 vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # address-family evpn vpn-target 1:1 import-extcommunity vpn-target 1:1 export-extcommunity # # 配置vsi虚接口4094的IP地址。 interface Vsi-interface4094 ip binding vpn-instance vpn-default ip address xxx.xxx.xxx.xxx xxx.xxx.xxx.xxx local-proxy-arp enable # # 配置三层转发用的vsi接口以及L3 VNI # ip address unnumbered 命令用来配置本接口借用指定接口的IP地址,当vpn-default下创建安全组时,三层转发指定发送报文的源ip为vsi4094的接口ip interface Vsi-interface4092 ip binding vpn-instance vpn-default ip address unnumbered interface Vsi-interface 4094 l3-vni 4092 # 配置vsi vxlan4094实例 # vsi vsi4094 gateway vsi-interface 4094 vxlan 4094 evpn encapsulation vxlan mac-advertising disable route-distinguisher auto vpn-target auto export-extcommunity vpn-target auto import-extcommunity dhcp snooping trust tunnel #
8.配置LLDP,用于确定拓扑关系
lldp global enable
9.配置STP
# stp instance 0 root secondary undo stp vlan 2 to 4094 enable stp mode pvst stp global enable #
10.配置SNMP、NETCONF
# 配置SNMP,下面的配置为默认配置,SNMP团体字根据实际情况配置 snmp-agent snmp-agent community write private snmp-agent community read public snmp-agent sys-info version all snmp-agent packet max-size 4096 # #NETCONF配置 netconf soap http enable netconf soap https enable #
11.配置本地用户local-user h3c,为后续Director连接设备时使用。
# Director中的需要设置的NETCONF参数与此处设置的用户名、密码相同 local-user h3c class manage // h3c为创建的用户名 password simple h3c // h3c为设置的密码 service-type ftp service-type telnet http https ssh authorization-attribute user-role network-admin authorization-attribute user-role network-operator #
12.配置telnet用户名密码(此处可在初始配置,如具体telnet连通功能可不配置)
# Director中的需要设置的Telent参数与此处设置的用户名、密码相同 # 若Director中不设置Telent密码,该处可以不用设置 telnet server enable # line vty 0 63 authentication-mode scheme user-role network-admin user-role network-operator # 设置Telent的用户名、密码为admin、admin local-user admin class manage password simple admin service-type telnet http https ssh authorization-attribute user-role network-admin authorization-attribute user-role network-operator #
13.检查配置
上述配置完成后,分别检查配置成功情况。包括vsi-interface 4092,4094接口up
[s75exs]dis int Vsi-interface brief
Brief information on interfaces in route mode:
Link: ADM - administratively down; Stby - standby
Protocol: (s) - spoofing
Interface Link Protocol Primary IP Description
Vsi4092 UP UP --
Vsi4094 UP UP 110.0.5.110
[s75exs]dis l2vpn vsi
Total number of VSIs: 2, 1 up, 1 down, 0 admin down
VSI Name VSI Index MTU State
4094 0 1500 Up
Auto_L3VNI4092_4092 1 1500 Down //自动生成
14.关闭vxlan tunnel的mac地址学习和arp学习
#关闭vxlan tunnel的arp学习 vxlan tunnel arp-learning disable # # 关闭vxlan tunnel的mac地址学习 vxlan tunnel mac-learning disable #
15.开启远端同步arp表项不下驱动功能
#为节约硬件资源,EVPN远端arp同步过来的表项,默认不下驱动硬件,有流量触发的时候才下发 #目前只有S5560设备支持 ip forwarding-conversational-learning #流量停止,硬件表项老化删除的默认老化时间为60分钟,通过以下命令可以进行设置 [S5560X]ip forwarding-conversational-learning aging ? INTEGER<60-1440> Aging time in (minutes) [S5560X]
16.SPINE设备配置
在已经存在的环境中,添加LEAF结点只需要配置BGP100即可。
bgp 100 peer 30.0.0.17 as-number 100 peer 30.0.0.17 connect-interface LoopBack0 address-family l2vpn evpn peer 30.0.0.17 enable peer 30.0.0.17 reflect-client
17.将LEAF的下行接口配置为TRUNK
18.配置完毕
评论区