- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
29-H3C VSR1000虛擬路由器EVI典型配置舉例
本章節下載: 29-H3C VSR1000虛擬路由器EVI典型配置舉例 (288.11 KB)
H3C VSR1000虛擬路由器EVI典型配置舉例
|
Copyright © 2014 杭州華三通信技術有限公司 版權所有,保留一切權利。 非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部, 並不得以任何形式傳播。本文檔中的信息可能變動,恕不另行通知。 |
|
目 錄
本文檔介紹單歸屬EVI、EVI多實例和EVI網關(GW)與邊緣設備(ED)共存的典型配置舉例。
EVI(Ethernet Virtualization Interconnect,以太網虛擬化互聯)是一種基於“MAC in IP”的二層VPN技術,它可以基於現有服務提供商或企業的IP網絡,為分散的物理站點提供二層互聯功能。虛擬機能在不同站點之間自由遷移。
本文檔不嚴格與具體軟件版本對應,如果使用過程中與產品實際情況有差異,請參考相關產品手冊,或以設備實際情況為準。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解EVI特性。
· 如果是VMware虛擬平台上安裝的VSR,請將VSR GE2/0所連接的虛擬交換機端口組的混雜模式打開並配置VLAN為4095(允許所有VLAN),防止虛擬交換機過濾報文。如果是KVM平台,GE2/0使用Bridge方式即可。
· 如果VSR使用ESS 0301以及之後的版本,請在使用EVI特性前,安裝Comware V7, Data Center Interconnection的Feature License。如果不安裝license,會有部分EVI命令不可配置。
· VSR的VF網卡暫時不支持EVI特性,請考慮在其他虛擬網卡類型進行驗證。
· 同一個EVI網絡實例中,所有的邊緣設備必須配置相同的Netwok ID。但是,同一台邊緣設備上的不同Tunnel接口必須配置不同的Netwok ID;
· 同一個EVI網絡實例中的所有邊緣設備上配置的擴展VLAN必須一致,否則可能會引起擴展VLAN中的數據泄露;
· 不同的EVI網絡實例不能使用相同的擴展VLAN。
· 不能使用Vlan-interface1作為EVI邊緣設備的公網接口;
· EVI擴展VLAN的VLAN接口不支持作為公網出接口。
如果在動態MAC地址表項老化時間內本地EVI邊緣設備沒有接收到對端數據中心的報文,那麼本地EVI邊緣設備上的動態MAC地址表項不會主動觸發學習更新,直到該表項老化被刪除。此時,發給對端數據中心的報文會因為在本地EVI邊緣設備的MAC地址表中找不到對應表項而被丟棄,造成流量黑洞。隻有當EVI邊緣設備學習ARP表項時才能同時觸發更新動態MAC地址表項。
為了避免流量黑洞的產生,需要配置MAC地址表項老化時間不小於動態ARP表項老化時間。缺省情況下,VSR的動態ARP表項老化時間為20分鍾,動態MAC地址表項老化時間為5分鍾。因此,建議您修改動態MAC地址表項的老化時間為30分鍾。
· Router A、Router B、Router C分別為Site 1、Site 2、Site 3的邊緣設備,各站點間通過IP網絡互連。
· 為了使虛擬機在站點之間進行遷移時用戶的訪問流量不中斷,通過EVI技術實現站點間的二層互聯。Router A、Router B、Router C屬於同一EVI網絡實例,其對應的Network ID為1,擴展VLAN為VLAN 21~VLAN 100。Router A為ENDS,Router B和Router C為ENDC。
· 某業務在站點Site 1和Site 2使用的VLAN不一致,分別為VLAN 80和VLAN 21,通過配置VLAN映射功能實現該業務的跨站點互通。
· 通過綁定路由策略使得Router A隻向其它站點發布VLAN 21~VLAN 90的MAC地址信息。
圖1 單歸屬EVI網絡組網圖
本舉例是在E0301版本上進行配置和驗證的。
下麵僅給出EVI相關的配置步驟。除此之外,在各站點間還要配置路由協議使之互通,配置步驟略。
# 配置站點ID。
[RouterA] evi site-id 1
# 創建VLAN 21~100。
[RouterA] vlan 21 to 100
# 將接口GigabitEthernet2/0切換為二層接口,配置端口為Trunk端口,並允許VLAN 21~100通過。
[RouterA] interface gigabitethernet 2/0
[RouterA-GigabitEthernet2/0] port link-mode bridge
[RouterA-GigabitEthernet2/0] port link-type trunk
[RouterA-GigabitEthernet2/0] port trunk permit vlan 21 to 100
[RouterA-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterA] interface gigabitethernet3/0
[RouterA-GigabitEthernet3/0] ip address 1.1.1.1 24
[RouterA-GigabitEthernet3/0] quit
# 創建模式為IPv4 EVI隧道的接口Tunnel0。
[RouterA] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址為GigabitEthernet3/0的IP地址。
[RouterA-Tunnel0] source 1.1.1.1
# 配置Tunnel0接口的keepalive探測周期和重試次數。
[RouterA-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterA-Tunnel0] evi network-id 1
# 配置Tunnel0接口的擴展VLAN。
[RouterA-Tunnel0] evi extend-vlan 21 to 100
# 使能Tunnel0接口的ENDS功能。
[RouterA-Tunnel0] evi neighbor-discovery server enable
# 配置Tunnel0接口的VLAN 80與站點2的VLAN 21進行映射。
[RouterA-Tunnel0] evi vlan-mapping 80 translated 21 site 2
[RouterA-Tunnel0] quit
# 配置EVI IS-IS進程綁定路由策略EVI-Filter,允許VLAN 21~VLAN 90的MAC地址信息發布。
[RouterA] route-policy EVI-Filter permit node 10
[RouterA-route-policy-EVI-Filter-10] if-match vlan 21 to 90
[RouterA-route-policy-EVI-Filter-10] quit
[RouterA] evi-isis 0
[RouterA-evi-isis-0] filter-policy EVI-Filter
[RouterA-evi-isis-0] quit
# 配置站點ID。
[RouterB] evi site-id 2
# 創建VLAN 21~100。
[RouterB] vlan 21 to 100
# 將接口GigabitEthernet2/0切換為二層接口,配置端口為Trunk端口,並允許VLAN 21~100通過。
[RouterB] interface gigabitethernet 2/0
[RouterB-GigabitEthernet2/0] port link-mode bridge
[RouterB-GigabitEthernet2/0] port link-type trunk
[RouterB-GigabitEthernet2/0] port trunk permit vlan 21 to 100
[RouterB-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterB] interface gigabitethernet3/0
[RouterB-GigabitEthernet3/0] ip address 1.1.2.1 24
[RouterB-GigabitEthernet3/0] quit
# 創建模式為IPv4 EVI隧道的接口Tunnel0。
[RouterB] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址為GigabitEthernet3/0的IP地址。
[RouterB-Tunnel0] source 1.1.2.1
# 配置Tunnel0接口的keepalive探測周期和重試次數。
[RouterB-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterB-Tunnel0] evi network-id 1
# 配置Tunnel0接口的擴展VLAN。
[RouterB-Tunnel0] evi extend-vlan 21 to 100
# 使能Tunnel0接口的ENDC功能,該ENDC對應的ENDS為Router A。
[RouterB-Tunnel0] evi neighbor-discovery client enable 1.1.1.1
# 配置Tunnel0接口的VLAN 21與站點1的VLAN 80進行映射。
[RouterB-Tunnel0] evi vlan-mapping 21 translated 80 site 1
[RouterB-Tunnel0] quit
# 配置站點ID。
[RouterC] evi site-id 3
# 創建VLAN 21~100。
[RouterC] vlan 21 to 100
# 將接口GigabitEthernet2/0切換為二層接口,配置端口為Trunk端口,並允許VLAN 21~100通過。
[RouterC] interface gigabitethernet 2/0
[RouterC-GigabitEthernet2/0] port link-mode bridge
[RouterC-GigabitEthernet2/0] port link-type trunk
[RouterC-GigabitEthernet2/0] port trunk permit vlan 21 to 100
[RouterC-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterC] interface gigabitethernet 3/0
[RouterC-GigabitEthernet3/0] ip address 1.1.3.1 24
[RouterC-GigabitEthernet3/0] quit
# 創建模式為IPv4 EVI隧道的接口Tunnel0。
[RouterC] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址為GigabitEthernet3/0的IP地址。
[RouterC-Tunnel0] source 1.1.3.1
# 配置Tunnel0接口的keepalive探測周期和重試次數。
[RouterC-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterC-Tunnel0] evi network-id 1
# 配置Tunnel0接口的擴展VLAN。
[RouterC-Tunnel0] evi extend-vlan 21 to 100
# 使能Tunnel0接口的ENDC功能,該ENDC對應的ENDS為Router A。
[RouterC-Tunnel0] evi neighbor-discovery client enable 1.1.1.1
[RouterC-Tunnel0] quit
# 查看Router A上的EVI Tunnel的接口信息。
[RouterA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.1.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router A上的EVI-Link的接口信息。
[RouterA] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.1.1 1.1.2.1
EVI-Link1 UP 1.1.1.1 1.1.3.1
# 查看Router A上的ENDS的運行信息。
[RouterA] display evi neighbor-discovery server summary
Interface Local Address Network ID Auth Members
Tunnel0 1.1.1.1 1 disabled 3
# 查看Router A上的ENDC的運行信息。
[RouterA] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.1.1 1.1.1.1 1 15 disabled E
# 查看Router A上ENDS學到的成員信息。
[RouterA] display evi neighbor-discovery server member
Interface: Tunnel0 Network ID: 1
IP Address: 1.1.1.1
Client Address System ID Expire Created Time
1.1.1.1 000F-0001-0001 25 2014/01/01 00:00:43
1.1.2.1 000F-0001-0002 15 2014/01/01 01:00:46
1.1.3.1 000F-0001-0003 20 2014/01/01 01:02:13
# 查看Router A上ENDC學到的鄰居信息。
[RouterA] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.1.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.2.1 000F-0001-0002 2014/01/01 12:12:12 13 Up
1.1.3.1 000F-0001-0003 2014/01/01 12:12:12 12 Up
# 查看Router A上的VLAN映射信息。
[RouterA] display evi vlan-mapping
VLAN mappings for EVI IS-IS(0)
Local-VID Peer-ID Remote-VID Interface Remote-site
80 000F.0001.0002 21 EVI-Link0 2
# 查看Router A上的本地動態MAC地址信息,VLAN 100的MAC地址已被路由策略過濾。
[RouterA] display evi isis local-mac dynamic
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 100
MAC address: 0001-0100-0001 (Filtered)
MAC address: 0001-0100-0002 (Filtered)
MAC address: 0001-0100-0003 (Filtered)
VLAN ID: 80
MAC address: 0001-0080-0001
MAC address: 0001-0080-0002
MAC address: 0001-0080-0003
# 查看Router A上的遠端MAC地址信息,Router B上VLAN 100的MAC地址未經過路由策略過濾,Router A可以收到Router B上VLAN 100的遠端MAC地址信息;Router B上VLAN 21的遠端MAC地址已被VLAN映射為本地VLAN 80的MAC地址。
[RouterA] display evi isis remote-mac
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 80
MAC address: 0002-0021-0001
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0021-0002
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0021-0003
Interface: EVI-Link0
Flags: 0x2
VLAN ID: 100
MAC address: 0002-0100-0001
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0100-0002
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0100-0003
Interface: EVI-Link0
Flags: 0x2
# 查看Router B上的EVI Tunnel的接口信息。
[RouterB] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.2.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router B上的EVI-Link的接口信息。
[RouterB] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.2.1 1.1.1.1
EVI-Link1 UP 1.1.2.1 1.1.3.1
# 查看Router B上的ENDC的運行信息。
[RouterB] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.2.1 1.1.1.1 1 15 disabled E
# 查看Router B上ENDC學到的鄰居信息。
[RouterB] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.2.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.1.1 000F-0001-0001 2014/01/01 12:12:12 13 Up
1.1.3.1 000F-0001-0003 2014/01/01 12:12:12 13 Up
# 查看Router B上的VLAN映射信息。
[RouterB] display evi vlan-mapping
VLAN mappings for EVI IS-IS(0)
Local-VID Peer-ID Remote-VID Interface Remote-site
21 000F.0001.0001 80 EVI-Link0 1
# 查看Router B上的本地動態MAC地址信息,VLAN 100的MAC地址未被路由策略過濾。
[RouterB] display evi isis local-mac dynamic
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 100
MAC address: 0002-0100-0001
MAC address: 0002-0100-0002
MAC address: 0002-0100-0003
VLAN ID: 21
MAC address: 0002-0021-0001
MAC address: 0002-0021-0002
MAC address: 0002-0021-0003
# 查看Router B上的遠端MAC地址信息,Router A上VLAN 100的MAC地址信息已被路由策略過濾而不發布,Router B未收到Router A上VLAN 100的遠端MAC地址信息;Router A上 VLAN 80的遠端MAC地址已被VLAN映射為本地VLAN 21的MAC地址。
[RouterB] display evi isis remote-mac
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 21
MAC address: 0001-0080-0001
Interface: EVI-Link0
Flags: 0x2
MAC address: 0001-0080-0002
Interface: EVI-Link0
Flags: 0x2
MAC address: 0001-0080-0003
Interface: EVI-Link0
Flags: 0x2
# 查看Router C上的EVI Tunnel的接口信息。
[RouterC] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.3.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router C上的EVI-Link的接口信息。
[RouterC] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.3.1 1.1.1.1
EVI-Link1 UP 1.1.3.1 1.1.2.1
# 查看Router C上的ENDC的運行信息。
[RouterC] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.3.1 1.1.1.1 1 15 disabled E
# 查看Router C上ENDC學到的鄰居信息。
[RouterC] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.3.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.1.1 000F-0001-0001 2014/01/01 12:12:12 13 Up
1.1.2.1 000F-0000-0002 2014/01/01 12:12:12 13 Up
# 查看Router C上的遠端MAC地址信息,Router A上VLAN 100的MAC地址信息已被路由策略過濾,Router C未收到Router A上VLAN 100的遠端MAC地址信息,Router B上VLAN 100的MAC地址未經過路由策略過濾,Router C可以收到Router B上VLAN 100的遠端MAC地址信息;Router A上VLAN 80的遠端MAC地址和Router B上VLAN 21的遠端MAC地址在Router C上未經過VLAN映射。
[RouterC] display evi isis remote-mac
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 21
MAC address: 0002-0021-0001
Interface: EVI-Link1
Flags: 0x0
MAC address: 0002-0021-0002
Interface: EVI-Link1
Flags: 0x0
MAC address: 0002-0021-0003
Interface: EVI-Link1
Flags: 0x0
VLAN ID: 80
MAC address: 0001-0080-0001
Interface: EVI-Link0
Flags: 0x0
MAC address: 0001-0080-0002
Interface: EVI-Link0
Flags: 0x0
MAC address: 0001-0080-0003
Interface: EVI-Link0
Flags: 0x0
VLAN ID: 100
MAC address: 0002-0100-0001
Interface: EVI-Link1
Flags: 0x2
MAC address: 0002-0100-0002
Interface: EVI-Link1
Flags: 0x2
MAC address: 0002-0100-0003
Interface: EVI-Link1
Flags: 0x2
Site 1、Site 2、Site 3內的用戶主機之間可以相互ping通。
· Router A:
#
vlan 21 to 100
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 21 to 100
#
interface Tunnel0 mode evi
evi extend-vlan 21 to 100
evi vlan-mapping 80 translated 21 site 2
source 1.1.1.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery server enable
#
route-policy EVI-Filter permit node 10
if-match vlan 21 to 90
#
evi-isis 0
filter-policy EVI-Filter
#
evi site-id 1
#
· Router B :
#
vlan 21 to 100
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 21 to 100
#
interface Tunnel0 mode evi
evi extend-vlan 21 to 100
evi vlan-mapping 21 translated 80 site 1
source 1.1.2.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
evi site-id 2
#
· Router C :
#
vlan 21 to 100
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.3.1 255.255.255.0
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 21 to 100
#
interface Tunnel0 mode evi
evi extend-vlan 21 to 100
source 1.1.3.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
evi site-id 3
#
如圖2所示,五個站點之間形成三個EVI網絡實例,不同的EVI網絡實例實現部署了不同業務的VLAN在不同站點之間的擴展:
· EVI網絡實例1承載VLAN 100和VLAN 101的數據庫業務,需要擴展的站點為Site 2、Site 3、Site 4。
· EVI網絡實例2承載VLAN 4000的網管流量,需要擴展的站點為Site 1、Site 2、Site 3、Site 4、Site 5。
· EVI網絡實例3承載VLAN 50~VLAN 80的Web業務,需要擴展的站點為Site 1和Site 4。
在所有EVI網絡實例中,站點Site 4的邊緣設備作為ENDS,其它站點的邊緣設備作為ENDC。
圖2 EVI多實例組網圖
本舉例是在E0301版本上進行配置和驗證的。
下麵僅給出EVI相關的配置步驟。除此之外,在各站點間還要配置路由協議使之互通,配置步驟略。
# 配置站點ID。
[Site4] evi site-id 4
# 創建Site 4的 VLAN。
[Site4] vlan 100 to 101
[Site4] vlan 50 to 80
[Site4] vlan 4000
[Site4-vlan4000] quit
# 將接口GigabitEthernet2/0切換為二層接口,配置端口為Trunk端口,並允許VLAN 100~101、4000、50~80通過。
[Site4] interface gigabitethernet 2/0
[Site4-GigabitEthernet2/0] port link-mode bridge
[Site4-GigabitEthernet2/0] port link-type trunk
[Site4-GigabitEthernet2/0] port trunk permit vlan 100 to 101
[Site4-GigabitEthernet2/0] port trunk permit vlan 4000
[Site4-GigabitEthernet2/0] port trunk permit vlan 50 to 80
[Site4-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[Site4] interface gigabitethernet 3/0
[Site4-GigabitEthernet3/0] ip address 172.16.4.1 16
[Site4-GigabitEthernet3/0] quit
# 配置數據庫業務實例。
[Site4] interface tunnel 101 mode evi
[Site4-Tunnel101] source 172.16.4.1
[Site4-Tunnel101] evi network-id 1
[Site4-Tunnel101] evi extend-vlan 100 101
[Site4-Tunnel101] evi neighbor-discovery server enable
[Site4-Tunnel101] quit
# 配置網管實例。
[Site4] interface tunnel 102 mode evi
[Site4-Tunnel102] source 172.16.4.1
[Site4-Tunnel102] evi network-id 2
[Site4-Tunnel102] evi extend-vlan 4000
[Site4-Tunnel102] evi neighbor-discovery server enable
[Site4-Tunnel102] quit
# 配置Web業務實例。
[Site4] interface tunnel 103 mode evi
[Site4-Tunnel103] source 172.16.4.1
[Site4-Tunnel103] evi network-id 3
[Site4-Tunnel103] evi extend-vlan 50 to 80
[Site4-Tunnel103] evi neighbor-discovery server enable
[Site4-Tunnel103] quit
其它Site作為ENDC,配置內容類似,在此不一一贅述。下麵僅給出Site 1上的配置:
# 配置站點ID。
[Site1] evi site-id 1
# 創建Site 1的 VLAN。
[Site1] vlan 50 to 80
[Site1] vlan 4000
[Site1-vlan4000] quit
# 將接口GigabitEthernet2/0切換為二層接口,配置端口為Trunk端口,並允許VLAN 4000、50~80通過。
[Site1] interface gigabitethernet 2/0
[Site1-GigabitEthernet2/0] port link-mode bridge
[Site1-GigabitEthernet2/0] port link-type trunk
[Site1-GigabitEthernet2/0] port trunk permit vlan 4000
[Site1-GigabitEthernet2/0] port trunk permit vlan 50 to 80
[Site1-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[Site1] interface gigabitethernet3/0
[Site1-GigabitEthernet3/0] ip address 172.16.1.1 16
[Site1-GigabitEthernet3/0] quit
# 配置網管實例。
[Site1] interface tunnel 102 mode evi
[Site1-Tunnel102] source 172.16.1.1
[Site1-Tunnel102] evi network-id 2
[Site1-Tunnel102] evi extend-vlan 4000
[Site1-Tunnel102] evi neighbor-discovery client enable 172.16.4.1
[Site1-Tunnel102] quit
# 配置Web業務實例。
[Site1] interface tunnel 103 mode evi
[Site1-Tunnel103] source 172.16.1.1
[Site1-Tunnel103] evi network-id 3
[Site1-Tunnel103] evi extend-vlan 50 to 80
[Site1-Tunnel103] evi neighbor-discovery client enable 172.16.4.1
[Site1-Tunnel103] quit
# 顯示Site 4上ENDS學到的所有成員信息。
[Site4] display evi neighbor-discovery server member
Interface: Tunnel101 Network ID: 1
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.2.1 000F-0001-0002 25 2014/01/01 00:00:43
172.16.3.1 000F-0001-0003 15 2014/01/01 01:00:46
172.16.4.1 000F-0001-0004 20 2014/01/01 01:02:13
Interface: Tunnel102 Network ID: 2
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.1.1 000F-0001-0001 19 2014/01/01 00:19:31
172.16.2.1 000F-0001-0002 25 2014/01/01 00:00:43
172.16.3.1 000F-0001-0003 15 2014/01/01 01:00:46
172.16.4.1 000F-0001-0004 20 2014/01/01 01:02:13
172.16.5.1 000F-0001-0005 18 2014/01/01 01:04:32
Interface: Tunnel103 Network ID: 3
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.1.1 000F-0001-0001 19 2014/01/01 00:19:31
172.16.4.1 000F-0001-0004 20 2014/01/01 01:02:13
· Site 4:
#
vlan 50 to 80
#
vlan 100 to 101
#
vlan 4000
#
interface GigabitEthernet3/0
port link-mode route
ip address 172.16.4.1 255.255.0.0
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 50 to 80 100 to 101 4000
#
interface Tunnel101 mode evi
evi extend-vlan 100 to 101
source 172.16.4.1
evi network-id 1
evi neighbor-discovery server enable
#
interface Tunnel102 mode evi
evi extend-vlan 4000
source 172.16.4.1
evi network-id 2
evi neighbor-discovery server enable
#
interface Tunnel103 mode evi
evi extend-vlan 50 to 80
source 172.16.4.1
evi network-id 3
evi neighbor-discovery server enable
#
evi site-id 4
#
· 其它Site:
其它Site作為ENDC,配置文件類似,在此不一一贅述。下麵僅給出Site 1的配置文件:
#
vlan 50 to 80
#
vlan 4000
#
interface GigabitEthernet3/0
port link-mode route
ip address 172.16.1.1 255.255.0.0
evi enable
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 50 to 80 4000
#
interface Tunnel102 mode evi
evi extend-vlan 4000
source 172.16.1.1
evi network-id 2
evi neighbor-discovery client enable 172.16.4.1
#
interface Tunnel103 mode evi
evi extend-vlan 50 to 80
source 172.16.1.1
evi network-id 3
evi neighbor-discovery client enable 172.16.4.1
#
evi site-id 1
#
如圖3所示,兩個站點之間形成1個EVI網絡實例:
· Router A、Router B分別為Site 1、Site 2的邊緣設備,兩個站點間通過IP網絡互連,兩個站點之間VLAN 101的業務流量通過運營商網絡的三層IP網絡實現二層互通;
· RouterA做為Site1的網關、RouterB做為Site2的網關,Site1或Site2中的用戶可以通過該網關訪問Internet。
圖3 EVI網關(GW)與邊緣設備(ED)共存組網圖
· 為實現兩個數據中心之間VLAN 101的二層互通,需要在Router A和Router B之間建立EVI網絡,並將VLAN 101配置成擴展VLAN;
· 為實現當數據業務和服務器在遷移過程中無需修改網關地址,需要將Router A和Router B加入同一個VRRP備份組,兩個數據中心使用同一個虛擬網關;
· RouterA和RouterB上分別做nat配置,使得站點內的用戶可以訪問Internet。
本舉例是在E0301版本上進行配置和驗證的。
下麵僅給出EVI以及網關部分相關的配置步驟。除此之外,在各站點間還要配置路由協議使之互通,配置步驟略。
# 配置站點ID。
<RouterA> system-view
[RouterA] evi site-id 1
# 創建VLAN 101。
[RouterA] vlan 101
[RouterA-vlan101] quit
# 將接口GigabitEthernet2/0切換為二層接口,配置端口為Trunk端口,並允許VLAN 101通過。
[RouterA] interface gigabitethernet 2/0
[RouterA-GigabitEthernet2/0] port link-mode bridge
[RouterA-GigabitEthernet2/0] port link-type trunk
[RouterA-GigabitEthernet2/0] port trunk permit vlan 101
[RouterA-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterA] interface gigabitethernet3/0
[RouterA-GigabitEthernet3/0] ip address 1.1.1.1 24
[RouterA-GigabitEthernet3/0] quit
# 創建模式為IPv4 EVI隧道的接口Tunnel0。
[RouterA] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址為GigabitEthernet3/0的IP地址。
[RouterA-Tunnel0] source 1.1.1.1
# 配置Tunnel0接口的keepalive探測周期和重試次數。
[RouterA-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterA-Tunnel0] evi network-id 1
# 配置Tunnel0接口的擴展VLAN。
[RouterA-Tunnel0] evi extend-vlan 101
# 使能Tunnel0接口的ENDS功能。
[RouterA-Tunnel0] evi neighbor-discovery server enable
[RouterA-Tunnel0] quit
# 配置接口Vlan-interface101的IP地址。
[RouterA] interface vlan-interface 101
[RouterA-Vlan-interface101] ip address 100.0.0.1 24
#創建VRRP組101,配置VRRP備份組101的虛擬IP地址為100.0.0.254。
[RouterA-Vlan-interface101] vrrp vrid 101 virtual-ip 100.0.0.254
[RouterA-Vlan-interface101] quit
#在Tunnel0接口的源端口GigabitEthernet3/0配置地址轉換。
[RouterA] interface gigabitethernet3/0
[RouterA-GigabitEthernet3/0] nat outbound
[RouterA-GigabitEthernet3/0] quit
# 配置站點ID。
<RouterB> system-view
[RouterB] evi site-id 2
# 創建VLAN 101。
[RouterB] vlan 101
[RouterB-vlan101] quit
# 將接口GigabitEthernet2/0切換為二層接口,配置端口為Trunk端口,並允許VLAN 101通過。
[RouterB] interface gigabitethernet 2/0
[RouterB-GigabitEthernet2/0] port link-mode bridge
[RouterB-GigabitEthernet2/0] port link-type trunk
[RouterB-GigabitEthernet2/0] port trunk permit vlan 101
[RouterB-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterB] interface gigabitethernet3/0
[RouterB-GigabitEthernet3/0] ip address 1.1.2.1 24
[RouterB-GigabitEthernet3/0] quit
# 創建模式為IPv4 EVI隧道的接口Tunnel0。
[RouterB] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址為GigabitEthernet3/0的IP地址。
[RouterB-Tunnel0] source 1.1.2.1
# 配置Tunnel0接口的keepalive探測周期和重試次數。
[RouterB-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterB-Tunnel0] evi network-id 1
# 配置Tunnel0接口的擴展VLAN。
[RouterB-Tunnel0] evi extend-vlan 101
# 使能Tunnel0接口的ENDC功能,該ENDC對應的ENDS為Router A。
[RouterB-Tunnel0] evi neighbor-discovery client enable 1.1.1.1
[RouterB-Tunnel0] quit
# 配置接口Vlan-interface101的IP地址。
[RouterB] interface vlan-interface 101
[RouterB-Vlan-interface101] ip address 100.0.0.2 24
# 創建VRRP組101,配置VRRP備份組101的虛擬IP地址為100.0.0.254。
[RouterB-Vlan-interface101] vrrp vrid 101 virtual-ip 100.0.0.254
[RouterB-Vlan-interface101] quit
# 在Tunnel0接口的源端口GigabitEthernet3/0配置地址轉換。
[RouterB] interface gigabitethernet3/0
[RouterB-GigabitEthernet3/0] nat outbound
[RouterB-GigabitEthernet3/0] quit
(1) 驗證Router A
# 查看Router A上的EVI Tunnel的接口信息。
[RouterA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.1.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router A上的EVI-Link的接口信息。
[RouterA] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.1.1 1.1.2.1
# 查看Router A上的ENDS的運行信息。
[RouterA] display evi neighbor-discovery server summary
Interface Local Address Network ID Auth Members
Tunnel0 1.1.1.1 1 disabled 2
# 查看Router A上的ENDC的運行信息。
[RouterA] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.1.1 1.1.1.1 1 15 disabled E
# 查看Router A上ENDS學到的成員信息。
[RouterA] display evi neighbor-discovery server member
Interface: Tunnel0 Network ID: 1
IP Address: 1.1.1.1
Client Address System ID Expire Created Time
1.1.1.1 000F-0001-0001 25 2014/01/01 00:00:43
1.1.2.1 000F-0001-0002 15 2014/01/01 01:00:46
# 查看Router A上ENDC學到的鄰居信息。
[RouterA] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.1.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.2.1 000F-0001-0002 2014/01/01 12:12:12 13 Up
# 顯示全部IPv4 VRRP備份組的詳細信息。
[RouterA] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 101 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 100.0.0.254
Virtual MAC : 0000-5e00-0165
Master IP : 100.0.0.1
(2) 驗證Router B
# 查看Router B上的EVI Tunnel的接口信息。
[RouterB] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.2.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router B上的EVI-Link的接口信息。
[RouterB] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.2.1 1.1.1.1
# 查看Router B上的ENDC的運行信息。
[RouterB] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.2.1 1.1.1.1 1 15 disabled E
# 查看Router B上ENDC學到的鄰居信息。
[RouterB] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.2.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.1.1 000F-0001-0001 2014/01/01 12:12:12 13 Up
# 顯示全部IPv4 VRRP備份組的詳細信息。
[RouterB] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 101 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 100.0.0.254
Virtual MAC : 0000-5e00-0165
Master IP : 100.0.0.2
(3) 驗證互通
Site1中或Site2中設備可以通過網關訪問外網;Site1與Site2中的主機可以互通。
· Router A:
#
Vlan 101
#
interface Vlan-interface101
ip address 100.0.0.1 255.255.255.0
vrrp vrid 101 virtual-ip 100.0.0.254
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.1.1 255.255.255.0
nat outbound
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 101
#
interface Tunnel0 mode evi
evi extend-vlan 101
source 1.1.1.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery server enable
#
evi site-id 1
#
· Router B :
#
vlan 101
#
interface Vlan-interface101
ip address 100.0.0.2 255.255.255.0
vrrp vrid 101 virtual-ip 100.0.0.254
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.2.1 255.255.255.0
nat outbound
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 101
#
interface Tunnel0 mode evi
evi extend-vlan 101
source 1.1.2.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
evi site-id 2
#
· 《H3C VSR1000虛擬路由器配置指導》中的“EVI配置指導”
· 《H3C VSR1000虛擬路由器命令參考》中的“EVI命令參考”
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
