- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
62-VXLAN典型配置舉例
本章節下載: 62-VXLAN典型配置舉例 (399.21 KB)
資料版本:6W100-20190628
Copyright © 2019 bobty下载软件 版權所有,保留一切權利。
非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。
除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。
本文檔中的信息可能變動,恕不另行通知。
本文檔介紹VXLAN(Virtual eXtensible LAN,可擴展虛擬局域網絡)的典型配置案例。VXLAN是基於IP網絡、采用“MAC in UDP”封裝形式的二層VPN技術。VXLAN可以基於已有的服務提供商或企業IP網絡,為分散的物理站點提供二層互聯,並能夠為不同的租戶提供業務隔離。VXLAN主要應用於數據中心網絡。
本文檔不嚴格與具體軟、硬件版本對應,如果使用過程中與產品實際情況有差異,請以設備實際情況為準。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解VXLAN特性。
VXLAN功能受設備的工作模式限製,在使用VXLAN功能前,請在係統視圖下使用“system-working-mode standard”命令將設備設置為標準模式。需要注意的是,使用該命令修改設備的工作模式時,需要保存設備當前配置文件,然後重啟設備後才能生效。
當設備作為VXLAN IP網關時,需要配置VXLAN隧道工作在三層轉發模式。當設備作為VTEP時,VXLAN隧道工作在二層轉發模式、三層轉發模式均可。
VTEP通過廣播流量學習遠端MAC地址,因此,不要執行flooding disable命令開啟VSI的泛洪抑製功能。
VXLAN IP網關下不能級聯另一個VXLAN IP網關。
VXLAN IP網關容易受到外網發起的網絡掃描攻擊。在SDN組網下,建議合理配置arp send-rate值,以較少VXLAN IP網關發送的ARP泛洪流量。VXLAN IP網關上的VXLAN隧道數目與arp send-rate值的乘積不要超過4000。
Switch A、Switch B、Switch C為與服務器連接的VTEP設備。虛擬機VM 1、VM 2和VM 3同屬於VXLAN 10。通過VXLAN實現不同站點間的二層互聯,確保虛擬機在站點之間進行遷移時用戶的訪問流量不會中斷。
圖1 VXLAN二層轉發配置組網圖
· 在IP核心網絡上配置路由協議,使得各交換機的接口IP地址(包括Loopback接口IP地址)之間路由可達。本舉例以OSPF路由協議為例。
· 在Switch A、Switch B和Switch C之間建立VXLAN隧道,並將VXLAN隧道與VXLAN關聯,以便將虛擬機發送的二層報文封裝為IP報文後在IP核心網絡上轉發。
· 在Switch A和Switch B的下行端口上配置以太網服務實例和相應的匹配規則,用來識別用戶網絡中的報文所屬的VXLAN。
本舉例是在S6890 CMW710-R2712版本上進行配置和驗證的。
在VTEP上需要執行undo vxlan ip-forwarding命令,配置VXLAN隧道工作在二層轉發模式。
缺省情況下,本設備的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
# 配置Switch A的接口IP地址。
<SwitchA> system-view
[SwitchA] vlan 11
[SwitchA-vlan11] port ten-gigabitethernet 1/0/2
[SwitchA-vlan11] quit
[SwitchA] interface vlan-interface 11
[SwitchA-Vlan-interface11] ip address 11.1.1.1 24
[SwitchA-Vlan-interface11] quit
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
# 請參考以上方法配置其它設備上的接口IP地址,配置步驟這裏省略。
# 在Switch A上配置OSPF發布接口所在網段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 在Switch B上配置OSPF發布接口所在網段的路由。
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 在Switch C上配置OSPF發布接口所在網段的路由。
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 在Switch D上配置OSPF發布接口所在網段的路由。
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 開啟L2VPN功能。
[SwitchA] l2vpn enable
# 配置VXLAN隧道工作在二層轉發模式。
[SwitchA] undo vxlan ip-forwarding
# 創建VXLAN 10。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan10] quit
[SwitchA-vsi-vpna] quit
# 開啟L2VPN功能。
[SwitchB] l2vpn enable
# 配置VXLAN隧道工作在二層轉發模式。
[SwitchB] undo vxlan ip-forwarding
# 創建VXLAN 10。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan10] quit
[SwitchB-vsi-vpna] quit
# 開啟L2VPN功能。
[SwitchC] l2vpn enable
# 配置VXLAN隧道工作在二層轉發模式。
[SwitchC] undo vxlan ip-forwarding
# 創建VXLAN 10。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan10] quit
[SwitchC-vsi-vpna] quit
# 在Switch A上創建到達Switch B和Switch C的VXLAN隧道Tunnel1和Tunnel2。
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] quit
[SwitchA] interface tunnel 2 mode vxlan
[SwitchA-Tunnel2] source 1.1.1.1
[SwitchA-Tunnel2] destination 3.3.3.3
[SwitchA-Tunnel2] quit
# 在Switch B上創建到達Switch A和Switch C的VXLAN隧道Tunnel1和Tunnel2。
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1
[SwitchB-Tunnel1] quit
[SwitchB] interface tunnel 2 mode vxlan
[SwitchB-Tunnel2] source 2.2.2.2
[SwitchB-Tunnel2] destination 3.3.3.3
[SwitchB-Tunnel2] quit
# 在Switch C上創建到達Switch A和Switch B的VXLAN隧道Tunnel1和Tunnel2。
[SwitchC] interface tunnel 1 mode vxlan
[SwitchC-Tunnel1] source 3.3.3.3
[SwitchC-Tunnel1] destination 1.1.1.1
[SwitchC-Tunnel1] quit
[SwitchC] interface tunnel 2 mode vxlan
[SwitchC-Tunnel2] source 3.3.3.3
[SwitchC-Tunnel2] destination 2.2.2.2
[SwitchC-Tunnel2] quit
# 在Switch A上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan10] tunnel 1
[SwitchA-vsi-vpna-vxlan10] tunnel 2
[SwitchA-vsi-vpna-vxlan10] quit
[SwitchA-vsi-vpna] quit
# 在Switch B上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan10] tunnel 1
[SwitchB-vsi-vpna-vxlan10] tunnel 2
[SwitchB-vsi-vpna-vxlan10] quit
[SwitchB-vsi-vpna] quit
# 在Switch C上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10關聯。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan10] tunnel 1
[SwitchC-vsi-vpna-vxlan10] tunnel 2
[SwitchC-vsi-vpna-vxlan10] quit
[SwitchC-vsi-vpna] quit
# 在Switch A的接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2(VM 1)的數據幀,將該服務實例與vpna(VXLAN 10)關聯。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 在Switch B的接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2(VM 2)的數據幀,將該服務實例與vpna(VXLAN 10)關聯。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 在Switch C的接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 2(VM 3)的數據幀,將該服務實例與vpna(VXLAN 10)關聯。
[SwitchC] interface ten-gigabitethernet 1/0/1
[SwitchC-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 2
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchC-Ten-GigabitEthernet1/0/1-srv1000] quit
[SwitchC-Ten-GigabitEthernet1/0/1] quit
# 以Switch A為例,查看Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態。
[SwitchA] display interface tunnel
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 以Switch A為例,查看VSI信息,可以看到與VXLAN關聯的VXLAN隧道、與VSI關聯的以太網服務實例均處於up狀態。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0 Up Manual
# 虛擬機VM 1、VM 2、VM 3之間可以互相ping通。
# 以Switch A為例,查看VSI的MAC地址表項信息,可以看到已學習到的MAC地址信息。
[SwitchA] display l2vpn mac-address
MAC Address State VSI Name Link ID/Name Aging
cc3e-5f9c-6cdb Dynamic vpna Tunnel1 Aging
cc3e-5f9c-23dc Dynamic vpna Tunnel2 Aging
--- 2 mac address(es) found ---
· Switch A
#
undo vxlan ip-forwarding
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 11.1.1.0 0.0.0.255
#
vlan 2
#
vlan 12
#
l2vpn enable
#
vsi vpna
vxlan 10
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 11
#
interface Tunnel1 mode vxlan
source 1.1.1.1
destination 2.2.2.2
#
interface Tunnel2 mode vxlan
source 1.1.1.1
destination 3.3.3.3
#
return
· Switch B
#
undo vxlan ip-forwarding
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 12.1.1.0 0.0.0.255
#
vlan 2
#
vlan 11
#
l2vpn enable
#
vsi vpna
vxlan 10
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface12
ip address 12.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Tunnel1 mode vxlan
source 2.2.2.2
destination 1.1.1.1
#
interface Tunnel2 mode vxlan
source 2.2.2.2
destination 3.3.3.3
#
return
· Switch C
#
undo vxlan ip-forwarding
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 13.1.1.0 0.0.0.255
#
vlan 2
#
vlan 13
#
l2vpn enable
#
vsi vpna
vxlan 10
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface13
ip address 13.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 1000
encapsulation s-vid 2
xconnect vsi vpna
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 13
#
interface Tunnel1 mode vxlan
source 3.3.3.3
destination 1.1.1.1
#
interface Tunnel2 mode vxlan
source 3.3.3.3
destination 2.2.2.2
#
return
· Switch D
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 11.1.1.0 0.0.0.255
network 12.1.1.0 0.0.0.255
network 13.1.1.0 0.0.0.255
#
vlan 11
#
vlan 12
#
vlan 13
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface11
ip address 11.1.1.4 255.255.255.0
#
interface Vlan-interface12
ip address 12.1.1.4 255.255.255.0
#
interface Vlan-interface13
ip address 13.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 11
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 12
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 13
#
return
如圖2所示,虛擬機VM 1、VM 3屬於VXLAN 10,VM 2和VM 4屬於VXLAN 20。Switch A、Switch B為與服務器連接的VTEP設備,Switch C為與廣域網連接的集中式VXLAN IP網關設備。通過VXLAN實現不同站點間的二層互聯,並通過集中式VXLAN IP網關實現不同VXLAN之間、VXLAN與廣域網之間的三層互聯。
圖2 集中式VXLAN IP網關配置組網圖
· 在IP核心網絡上配置路由協議,使得各交換機的接口IP地址(包括Loopback接口IP地址)之間路由可達。本舉例以OSPF路由協議為例。
· 在Switch A、Switch B和Switch C之間建立VXLAN隧道,並將VXLAN隧道與VXLAN關聯,以便將虛擬機發送的二層報文封裝為IP報文後在IP核心網絡上轉發。
· 在Switch A和Switch B的下行端口上配置以太網服務實例和相應的匹配規則,用來識別用戶網絡中的報文所屬的VXLAN。
· 在集中式VXLAN IP網關Switch C上為每個VXLAN分別創建一個VSI虛接口,為其配置IP地址,該地址作為各自VXLAN內虛擬機的網關地址;在Switch C上配置路由協議將VSI虛接口、Vlan-interface100所在網段路由發布到L3 network,以便L3 network內的節點具有到達虛擬機的路由,本舉例以OSPF路由協議為例。
本舉例是在S6890 CMW710-R2712版本上進行配置和驗證的。
缺省情況下,本設備的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
# 配置Switch A的接口IP地址。
<SwitchA> system-view
[SwitchA] vlan 20
[SwitchA-vlan20] port ten-gigabitethernet 1/0/2
[SwitchA-vlan20] quit
[SwitchA] interface vlan-interface 20
[SwitchA-Vlan-interface20] ip address 20.1.1.1 24
[SwitchA-Vlan-interface20] quit
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
# 請參考以上方法配置其它設備上的接口IP地址,配置步驟這裏省略。
# 在Switch A上配置OSPF發布接口所在網段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 在Switch B上配置OSPF發布接口所在網段的路由。
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 在Switch C上配置OSPF發布接口所在網段的路由。
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 在Switch D上配置OSPF發布接口所在網段的路由。
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 開啟L2VPN功能。
[SwitchA] l2vpn enable
# 配置VXLAN隧道工作在二層轉發模式。
[SwitchA] undo vxlan ip-forwarding
# 創建VXLAN 10和VXLAN 20。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan10] quit
[SwitchA-vsi-vpna] quit
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan10] quit
[SwitchA-vsi-vpnb] quit
# 開啟L2VPN功能。
[SwitchB] l2vpn enable
# 配置VXLAN隧道工作在二層轉發模式。
[SwitchB] undo vxlan ip-forwarding
# 創建VXLAN 10和VXLAN 20。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan10] quit
[SwitchB-vsi-vpna] quit
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan10] quit
[SwitchB-vsi-vpnb] quit
# 開啟L2VPN功能。
[SwitchC] l2vpn enable
# 創建VXLAN 10和VXLAN 20。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan10] quit
[SwitchC-vsi-vpna] quit
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan10] quit
[SwitchC-vsi-vpnb] quit
# 在Switch A上創建到達Switch B和Switch C的VXLAN隧道Tunnel1和Tunnel2。
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 2.2.2.2
[SwitchA-Tunnel1] quit
[SwitchA] interface tunnel 2 mode vxlan
[SwitchA-Tunnel2] source 1.1.1.1
[SwitchA-Tunnel2] destination 3.3.3.3
[SwitchA-Tunnel2] quit
# 在Switch B上創建到達Switch A和Switch C的VXLAN隧道Tunnel1和Tunnel2。
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 1.1.1.1
[SwitchB-Tunnel1] quit
[SwitchB] interface tunnel 2 mode vxlan
[SwitchB-Tunnel2] source 2.2.2.2
[SwitchB-Tunnel2] destination 3.3.3.3
[SwitchB-Tunnel2] quit
# 在Switch C上創建到達Switch A和Switch B的VXLAN隧道Tunnel1和Tunnel2。
[SwitchC] interface tunnel 1 mode vxlan
[SwitchC-Tunnel1] source 3.3.3.3
[SwitchC-Tunnel1] destination 1.1.1.1
[SwitchC-Tunnel1] quit
[SwitchC] interface tunnel 2 mode vxlan
[SwitchC-Tunnel2] source 3.3.3.3
[SwitchC-Tunnel2] destination 2.2.2.2
[SwitchC-Tunnel2] quit
# 在Switch A上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10、VXLAN 20關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan10] tunnel 1
[SwitchA-vsi-vpna-vxlan10] tunnel 2
[SwitchA-vsi-vpna-vxlan10] quit
[SwitchA-vsi-vpna] quit
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan20] tunnel 1
[SwitchA-vsi-vpnb-vxlan20] tunnel 2
[SwitchA-vsi-vpnb-vxlan20] quit
[SwitchA-vsi-vpnb] quit
# 在Switch B上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10、VXLAN 20關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan10] tunnel 1
[SwitchB-vsi-vpna-vxlan10] tunnel 2
[SwitchB-vsi-vpna-vxlan10] quit
[SwitchB-vsi-vpna] quit
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan20] tunnel 1
[SwitchB-vsi-vpnb-vxlan20] tunnel 2
[SwitchB-vsi-vpnb-vxlan20] quit
[SwitchB-vsi-vpnb] quit
# 在Switch C上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10、VXLAN 20關聯。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan10] tunnel 1
[SwitchC-vsi-vpna-vxlan10] tunnel 2
[SwitchC-vsi-vpna-vxlan10] quit
[SwitchC-vsi-vpna] quit
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan20] tunnel 1
[SwitchC-vsi-vpnb-vxlan20] tunnel 2
[SwitchC-vsi-vpnb-vxlan20] quit
[SwitchC-vsi-vpnb] quit
# 在接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 10(VM 1)的數據幀,將該服務實例與vpna(VXLAN 10)關聯。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接口Ten-GigabitEthernet1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 11(VM 2)的數據幀,將該服務實例與vpnb(VXLAN 20)關聯。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 11
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 12(VM 3)的數據幀,將該服務實例與vpna(VXLAN 10)關聯。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 12
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接口Ten-GigabitEthernet1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 13(VM 4)的數據幀,將該服務實例與vpnb(VXLAN 20)關聯。
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 13
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 創建VSI虛接口VSI-interface1,並為其配置IP地址,該IP地址作為VXLAN 10內虛擬機的網關地址。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] quit
# 配置VXLAN 10所在的VSI實例與接口VSI-interface1關聯。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 創建VSI虛接口VSI-interface2,並為其配置IP地址,該IP地址作為VXLAN 20內虛擬機的網關地址。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] quit
# 配置VXLAN 20所在的VSI實例與接口VSI-interface2關聯。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
# 配置OSPF發布VSI虛接口、Vlan-interface100接口所在網段的路由。
[SwitchC] ospf 2 router-id 3.3.3.3
[SwitchC-ospf-2] area 0
[SwitchC-ospf-2-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchC-ospf-2-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchC-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[SwitchC-ospf-2-area-0.0.0.0] quit
[SwitchC-ospf-2] quit
# 以Switch A為例,在VTEP上查看Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態。
[SwitchA] display interface tunnel
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 在集中式VXLAN IP網關Switch C上,查看Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態。
[SwitchC] display interface tunnel
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 3.3.3.3, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 在Switch C上,查看VSI虛接口信息,可以看到VSI虛接口處於up狀態。
[SwitchC] display interface vsi-interface
Vsi-interface1
Current state: UP
Line protocol state: UP
Description: Vsi-interface1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet Address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0000-fc00-458d
IPv6 packet frame type: Ethernet II, hardware address: 0000-fc00-458d
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Vsi-interface2
Current state: UP
Line protocol state: UP
Description: Vsi-interface2 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet Address: 10.1.2.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0000-fc00-458d
IPv6 packet frame type: Ethernet II, hardware address: 0000-fc00-458d
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 以Switch A為例,在VTEP上查看VSI信息,可以看到VSI內創建的VXLAN、與VXLAN關聯的VXLAN隧道、與VSI關聯的以太網服務實例等信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0 Up Manual
VSI Name: vpnb
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv2000 0 Up Manual
# 在Switch C上查看VSI信息,可以看到VSI內創建的VXLAN、與VXLAN關聯的VXLAN隧道、與VSI關聯的VSI虛接口等信息。
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flooding proxy
Tunnel1 0x5000002 Up Manual Disabled
Tunnel2 0x5000003 Up Manual Disabled
VSI Name: vpnb
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flooding proxy
Tunnel1 0x5000002 Up Manual Disabled
Tunnel2 0x5000003 Up Manual Disabled
# 虛擬機VM 1、VM 2、VM3、VM4之間均可以互訪,且可以ping通100.1.1.1。
# 查看Switch C上VSI的ARP表項信息,可以看到已學習到了虛擬機的ARP信息。
[SwitchC] display arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN/VSI Interface/Link ID Aging Type
10.1.1.11 0000-1234-0001 N/A Tunnel1 20 D
10.1.1.12 0000-1234-0002 N/A Tunnel2 19 D
# 查看Switch C上FIB表項信息,可以看到已學習到了虛擬機的轉發表項信息。
[SwitchC] display fib 10.1.1.11
Destination count: 1 FIB entry count: 1
Flag:
U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
10.1.1.11/32 10.1.1.11 UH Vsi1 Null
· Switch A
#
undo vxlan ip-forwarding
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 20.1.1.0 0.0.0.255
#
vlan 20
#
l2vpn enable
#
vsi vpna
vxlan 10
tunnel 1
tunnel 2
#
vsi vpnb
vxlan 20
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface20
ip address 20.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 1000
encapsulation s-vid 10
xconnect vsi vpna
service-instance 2000
encapsulation s-vid 11
xconnect vsi vpnb
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 20
#
interface Tunnel1 mode vxlan
source 1.1.1.1
destination 2.2.2.2
#
interface Tunnel2 mode vxlan
source 1.1.1.1
destination 3.3.3.3
· Switch B
#
undo vxlan ip-forwarding
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 30.1.1.0 0.0.0.255
#
vlan 30
#
l2vpn enable
#
vsi vpna
vxlan 10
tunnel 1
tunnel 2
#
vsi vpnb
vxlan 20
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface30
ip address 30.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 1000
encapsulation s-vid 12
xconnect vsi vpna
service-instance 2000
encapsulation s-vid 13
xconnect vsi vpnb
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 30
#
interface Tunnel1 mode vxlan
source 2.2.2.2
destination 1.1.1.1
#
interface Tunnel2 mode vxlan
source 2.2.2.2
destination 3.3.3.3
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 40.1.1.0 0.0.0.255
#
ospf 2 router-id 3.3.3.3
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 100.1.1.0 0.0.0.255
#
vlan 40
#
vlan 100
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
tunnel 1
tunnel 2
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Vlan-interface40
ip address 40.1.1.3 255.255.255.0
#
interface Vlan-interface100
ip address 100.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 40
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 100
#
interface Vsi-interface1
ip address 10.1.1.1 255.255.255.0
#
interface Vsi-interface2
ip address 10.1.2.1 255.255.255.0
#
interface Tunnel1 mode vxlan
source 3.3.3.3
destination 1.1.1.1
#
interface Tunnel2 mode vxlan
source 3.3.3.3
destination 2.2.2.2
#
return
· Switch D
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
#
vlan 20
#
vlan 30
#
vlan 40
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface Vlan-interface20
ip address 20.1.1.4 255.255.255.0
#
interface Vlan-interface30
ip address 30.1.1.4 255.255.255.0
#
interface Vlan-interface40
ip address 40.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 20
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 30
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 40
#
return
Switch A、Switch B為與服務器連接的VTEP設備,Switch C和Switch D為與廣域網連接的集中式VXLAN IP網關設備。虛擬機VM 1、VM 3屬於VXLAN 10,虛擬機VM 2、VM 4屬於VXLAN 20。通過VXLAN IP網關保護組實現Switch C和Switch D能夠同時對虛擬機的跨網絡報文進行三層轉發,同時實現網關設備的備份。
圖3 集中式VXLAN IP網關保護組配置組網圖
· 在IP核心網絡上配置路由協議,使得各交換機的接口IP地址(包括Loopback接口IP地址)之間路由可達。本舉例以OSPF路由協議為例。
· 在Switch A、Switch B、Switch C和Switch D之間建立VXLAN隧道,並將VXLAN隧道與VXLAN關聯,以便將虛擬機發送的二層報文封裝為IP報文後在IP核心網絡上轉發。
· 在Switch A和Switch B的下行端口上配置以太網服務實例和相應的匹配規則,用來識別用戶網絡中的報文所屬的VXLAN。
· 在集中式VXLAN IP網關Switch C和Switch D上為每個VXLAN分別創建一個VSI虛接口,並為其配置IP地址,該地址作為各自VXLAN內虛擬機的網關地址;在Switch C和Switch D上配置路由協議將VSI虛接口、Vlan-interface100所在網段路由發布到L3 network,以便L3 network內的節點具有到達虛擬機的路由,本舉例以OSPF路由協議為例。
· 將Switch C和Switch D加入集中式VXLAN IP網關保護組,實現網關設備的備份。
本舉例是在S6890 CMW710-R2712版本上進行配置和驗證的。
· 集中式VXLAN IP網關保護組的所有成員設備上必須創建相同的VSI虛接口,並為該接口配置相同的IP地址和MAC地址。
· VSI虛接口上配置的MAC地址隻用於應答ARP請求。網關對報文進行三層轉發時,報文的源MAC地址替換為設備的橋MAC地址,而不是VSI虛接口上配置的MAC地址。因此,為了避免虛擬機上的ARP表項超時老化,需要配置VSI虛接口定時發送免費ARP報文。
· 保護組中的每台成員設備上都要執行vtep group group-ip member local member-ip命令。member-ip為當前設備的成員地址,該地址必須是設備上已經存在的IP地址,並且需要通過路由協議發布到IP網絡。
· 保護組中的每台成員設備上都要執行vtep group group-ip member remote member-ip&<1-8>命令,且執行該命令時必須輸入保護組中所有其它成員設備的成員地址。
· 同一個保護組中不同成員設備的成員地址不能相同。
缺省情況下,本設備的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
# 配置Switch A的接口IP地址。
<SwitchA> system-view
[SwitchA] vlan 20
[SwitchA-vlan20] port ten-gigabitethernet 1/0/2
[SwitchA-vlan20] quit
[SwitchA] interface vlan-interface 20
[SwitchA-Vlan-interface20] ip address 20.1.1.1 24
[SwitchA-Vlan-interface20] quit
[SwitchA] interface loopback 0
[SwitchA-LoopBack0] ip address 1.1.1.1 32
# 請參考以上方法配置其它設備上的接口IP地址,配置步驟這裏省略。
# 在Switch A上配置OSPF發布接口所在網段的路由。
[SwitchA] ospf 1 router-id 1.1.1.1
[SwitchA-ospf-1] area 0
[SwitchA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[SwitchA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchA-ospf-1-area-0.0.0.0] quit
[SwitchA-ospf-1] quit
# 在Switch B上配置OSPF發布接口所在網段的路由。
[SwitchB] ospf 1 router-id 2.2.2.2
[SwitchB-ospf-1] area 0
[SwitchB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[SwitchB-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchB-ospf-1-area-0.0.0.0] quit
[SwitchB-ospf-1] quit
# 在Switch C上配置OSPF發布接口所在網段的路由。
[SwitchC] ospf 1 router-id 3.3.3.3
[SwitchC-ospf-1] area 0
[SwitchC-ospf-1-area-0.0.0.0] network 3.3.3.3 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 8.8.8.8 0.0.0.0
[SwitchC-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[SwitchC-ospf-1-area-0.0.0.0] quit
[SwitchC-ospf-1] quit
# 在Switch D上配置OSPF發布接口所在網段的路由。
[SwitchD] ospf 1 router-id 4.4.4.4
[SwitchD-ospf-1] area 0
[SwitchD-ospf-1-area-0.0.0.0] network 4.4.4.4 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 8.8.8.8 0.0.0.0
[SwitchD-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255
[SwitchD-ospf-1-area-0.0.0.0] quit
[SwitchD-ospf-1] quit
# 在Switch E上配置OSPF發布接口所在網段的路由。
[SwitchE] ospf 1 router-id 5.5.5.5
[SwitchE-ospf-1] area 0
[SwitchE-ospf-1-area-0.0.0.0] network 5.5.5.5 0.0.0.0
[SwitchE-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[SwitchE-ospf-1-area-0.0.0.0] network 30.1.1.0 0.0.0.255
[SwitchE-ospf-1-area-0.0.0.0] network 40.1.1.0 0.0.0.255
[SwitchE-ospf-1-area-0.0.0.0] network 50.1.1.0 0.0.0.255
[SwitchE-ospf-1-area-0.0.0.0] quit
[SwitchE-ospf-1] quit
# 開啟L2VPN功能。
[SwitchA] l2vpn enable
# 配置VXLAN隧道工作在二層轉發模式。
[SwitchA] undo vxlan ip-forwarding
# 創建VXLAN 10和VXLAN 20。
[SwitchA] l2vpn enable
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan10] quit
[SwitchA-vsi-vpna] quit
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan10] quit
[SwitchA-vsi-vpnb] quit
# 開啟L2VPN功能。
[SwitchB] l2vpn enable
# 配置VXLAN隧道工作在二層轉發模式。
[SwitchB] undo vxlan ip-forwarding
# 創建VXLAN 10和VXLAN 20。
[SwitchB] l2vpn enable
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan10] quit
[SwitchB-vsi-vpna] quit
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan10] quit
[SwitchB-vsi-vpnb] quit
# 開啟L2VPN功能。
[SwitchC] l2vpn enable
# 創建VXLAN 10和VXLAN 20。
[SwitchC] l2vpn enable
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan10] quit
[SwitchC-vsi-vpna] quit
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan10] quit
[SwitchC-vsi-vpnb] quit
# 開啟L2VPN功能。
[SwitchD] l2vpn enable
# 創建VXLAN 10和VXLAN 20。
[SwitchD] l2vpn enable
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan10] quit
[SwitchD-vsi-vpna] quit
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan10] quit
[SwitchD-vsi-vpnb] quit
# 在Switch A和VXLAN IP保護組之間建立VXLAN隧道Tunnel1,隧道的目的端地址為保護組的VTEP IP(8.8.8.8)。
[SwitchA] interface tunnel 1 mode vxlan
[SwitchA-Tunnel1] source 1.1.1.1
[SwitchA-Tunnel1] destination 8.8.8.8
[SwitchA-Tunnel1] quit
# 創建到達Switch B的VXLAN隧道Tunnel2。
[SwitchA] interface tunnel 2 mode vxlan
[SwitchA-Tunnel2] source 1.1.1.1
[SwitchA-Tunnel2] destination 2.2.2.2
[SwitchA-Tunnel2] quit
# 在Switch B和VXLAN IP保護組之間建立VXLAN隧道Tunnel1,隧道的目的端地址為保護組的VTEP IP(8.8.8.8)。
[SwitchB] interface tunnel 1 mode vxlan
[SwitchB-Tunnel1] source 2.2.2.2
[SwitchB-Tunnel1] destination 8.8.8.8
[SwitchB-Tunnel1] quit
# 創建到達Switch A的VXLAN隧道Tunnel2。
[SwitchB] interface tunnel 2 mode vxlan
[SwitchB-Tunnel2] source 2.2.2.2
[SwitchB-Tunnel2] destination 1.1.1.1
[SwitchB-Tunnel2] quit
# 創建VXLAN IP保護組到達Switch A和Switch B的VXLAN隧道Tunnel1和Tunnel2,隧道的源端地址為保護組的VTEP IP(8.8.8.8)。
[SwitchC] interface tunnel 1 mode vxlan
[SwitchC-Tunnel1] source 8.8.8.8
[SwitchC-Tunnel1] destination 1.1.1.1
[SwitchC-Tunnel1] quit
[SwitchC] interface tunnel 2 mode vxlan
[SwitchC-Tunnel2] source 8.8.8.8
[SwitchC-Tunnel2] destination 2.2.2.2
[SwitchC-Tunnel2] quit
# 創建VXLAN IP保護組到達Switch A和Switch B的VXLAN隧道Tunnel1和Tunnel2,隧道的源端地址為保護組的VTEP IP(8.8.8.8)。
[SwitchD] interface tunnel 1 mode vxlan
[SwitchD-Tunnel1] source 8.8.8.8
[SwitchD-Tunnel1] destination 1.1.1.1
[SwitchD-Tunnel1] quit
[SwitchD] interface tunnel 2 mode vxlan
[SwitchD-Tunnel2] source 8.8.8.8
[SwitchD-Tunnel2] destination 2.2.2.2
[SwitchD-Tunnel2] quit
# 在Switch A上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10、VXLAN 20關聯。
[SwitchA] vsi vpna
[SwitchA-vsi-vpna] vxlan 10
[SwitchA-vsi-vpna-vxlan10] tunnel 1
[SwitchA-vsi-vpna-vxlan10] tunnel 2
[SwitchA-vsi-vpna-vxlan10] quit
[SwitchA-vsi-vpna] quit
[SwitchA] vsi vpnb
[SwitchA-vsi-vpnb] vxlan 20
[SwitchA-vsi-vpnb-vxlan20] tunnel 1
[SwitchA-vsi-vpnb-vxlan20] tunnel 2
[SwitchA-vsi-vpnb-vxlan20] quit
[SwitchA-vsi-vpnb] quit
# 在Switch B上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10、VXLAN 20關聯。
[SwitchB] vsi vpna
[SwitchB-vsi-vpna] vxlan 10
[SwitchB-vsi-vpna-vxlan10] tunnel 1
[SwitchB-vsi-vpna-vxlan10] tunnel 2
[SwitchB-vsi-vpna-vxlan10] quit
[SwitchB-vsi-vpna] quit
[SwitchB] vsi vpnb
[SwitchB-vsi-vpnb] vxlan 20
[SwitchB-vsi-vpnb-vxlan20] tunnel 1
[SwitchB-vsi-vpnb-vxlan20] tunnel 2
[SwitchB-vsi-vpnb-vxlan20] quit
[SwitchB-vsi-vpnb] quit
# 在Switch C上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10、VXLAN 20關聯。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] vxlan 10
[SwitchC-vsi-vpna-vxlan10] tunnel 1
[SwitchC-vsi-vpna-vxlan10] tunnel 2
[SwitchC-vsi-vpna-vxlan10] quit
[SwitchC-vsi-vpna] quit
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] vxlan 20
[SwitchC-vsi-vpnb-vxlan20] tunnel 1
[SwitchC-vsi-vpnb-vxlan20] tunnel 2
[SwitchC-vsi-vpnb-vxlan20] quit
[SwitchC-vsi-vpnb] quit
# 在Switch D上將VXLAN隧道Tunnel1和Tunnel2均與VXLAN 10、VXLAN 20關聯。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] vxlan 10
[SwitchD-vsi-vpna-vxlan10] tunnel 1
[SwitchD-vsi-vpna-vxlan10] tunnel 2
[SwitchD-vsi-vpna-vxlan10] quit
[SwitchD-vsi-vpna] quit
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] vxlan 20
[SwitchD-vsi-vpnb-vxlan20] tunnel 1
[SwitchD-vsi-vpnb-vxlan20] tunnel 2
[SwitchD-vsi-vpnb-vxlan20] quit
[SwitchD-vsi-vpnb] quit
# 在接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 10(VM 1)的數據幀,將該服務實例與vpna(VXLAN 10)關聯。
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 10
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchA-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接口Ten-GigabitEthernet1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 11(VM 2)的數據幀,將該服務實例與vpnb(VXLAN 20)關聯。
[SwitchA-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 11
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchA-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchA-Ten-GigabitEthernet1/0/1] quit
# 在接口Ten-GigabitEthernet1/0/1上創建以太網服務實例1000,該實例用來匹配VLAN 12(VM 3)的數據幀,將該服務實例與vpna(VXLAN 10)關聯。
[SwitchB] interface ten-gigabitethernet 1/0/1
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 1000
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] encapsulation s-vid 12
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] xconnect vsi vpna
[SwitchB-Ten-GigabitEthernet1/0/1-srv1000] quit
# 在接口Ten-GigabitEthernet1/0/1上創建以太網服務實例2000,該實例用來匹配VLAN 13(VM 4)的數據幀,將該服務實例與vpnb(VXLAN 20)關聯。
[SwitchB-Ten-GigabitEthernet1/0/1] service-instance 2000
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] encapsulation s-vid 13
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] xconnect vsi vpnb
[SwitchB-Ten-GigabitEthernet1/0/1-srv2000] quit
[SwitchB-Ten-GigabitEthernet1/0/1] quit
# 創建VSI虛接口VSI-interface1,為其配置IP地址,該IP地址作為VXLAN 10內虛擬機的網關地址,指定該接口的MAC地址,並配置該接口定時發送免費ARP報文。
[SwitchC] interface vsi-interface 1
[SwitchC-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchC-Vsi-interface1] mac-address 1-1-1
[SwitchC-Vsi-interface1] arp send-gratuitous-arp interval 200000
[SwitchC-Vsi-interface1] quit
# 配置VXLAN 10所在的VSI實例與接口VSI-interface1關聯。
[SwitchC] vsi vpna
[SwitchC-vsi-vpna] gateway vsi-interface 1
[SwitchC-vsi-vpna] quit
# 創建VSI虛接口VSI-interface2,為其配置IP地址,該IP地址作為VXLAN 20內虛擬機的網關地址,指定該接口的MAC地址,並配置該接口定時發送免費ARP報文。
[SwitchC] interface vsi-interface 2
[SwitchC-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchC-Vsi-interface2] mac-address 2-2-2
[SwitchC-Vsi-interface2] arp send-gratuitous-arp interval 200000
[SwitchC-Vsi-interface2] quit
# 配置VXLAN 20所在的VSI實例與接口VSI-interface2關聯。
[SwitchC] vsi vpnb
[SwitchC-vsi-vpnb] gateway vsi-interface 2
[SwitchC-vsi-vpnb] quit
# 配置OSPF發布VSI虛接口、Vlan-interface100接口所在網段的路由。
[SwitchC] ospf 2 router-id 3.3.3.3
[SwitchC-ospf-2] area 0
[SwitchC-ospf-2-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchC-ospf-2-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchC-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[SwitchC-ospf-2-area-0.0.0.0] quit
[SwitchC-ospf-2] quit
# 創建VSI虛接口VSI-interface1,為其配置IP地址,該IP地址作為VXLAN 10內虛擬機的網關地址,指定該接口的MAC地址,並配置該接口定時發送免費ARP報文。
[SwitchD] interface vsi-interface 1
[SwitchD-Vsi-interface1] ip address 10.1.1.1 255.255.255.0
[SwitchD-Vsi-interface1] mac-address 1-1-1
[SwitchD-Vsi-interface1] arp send-gratuitous-arp interval 200000
[SwitchD-Vsi-interface1] quit
# 配置VXLAN 10所在的VSI實例與接口VSI-interface1關聯。
[SwitchD] vsi vpna
[SwitchD-vsi-vpna] gateway vsi-interface 1
[SwitchD-vsi-vpna] quit
# 創建VSI虛接口VSI-interface2,為其配置IP地址,該IP地址作為VXLAN 20內虛擬機的網關地址,指定該接口的MAC地址,並配置該接口定時發送免費ARP報文。
[SwitchD] interface vsi-interface 2
[SwitchD-Vsi-interface2] ip address 10.1.2.1 255.255.255.0
[SwitchD-Vsi-interface2] mac-address 2-2-2
[SwitchD-Vsi-interface2] arp send-gratuitous-arp interval 200000
[SwitchD-Vsi-interface2] quit
# 配置VXLAN 20所在的VSI實例與接口VSI-interface2關聯。
[SwitchD] vsi vpnb
[SwitchD-vsi-vpnb] gateway vsi-interface 2
[SwitchD-vsi-vpnb] quit
# 配置OSPF發布VSI虛接口、Vlan-interface100接口所在網段的路由。
[SwitchD] ospf 2 router-id 4.4.4.4
[SwitchD-ospf-2] area 0
[SwitchD-ospf-2-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[SwitchD-ospf-2-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[SwitchD-ospf-2-area-0.0.0.0] network 100.1.1.0 0.0.0.255
[SwitchD-ospf-2-area-0.0.0.0] quit
[SwitchD-ospf-2] quit
# 指定VXLAN IP網關保護組及其成員。
[SwitchA] vtep group 8.8.8.8 member remote 3.3.3.3 4.4.4.4
# 指定VXLAN IP網關保護組及其成員。
[SwitchB] vtep group 8.8.8.8 member remote 3.3.3.3 4.4.4.4
# 配置VXLAN IP網關保護組,並配置本地成員地址。
[SwitchC] vtep group 8.8.8.8 member local 3.3.3.3
# 配置VXLAN IP網關保護組的其它成員地址。
[SwitchC] vtep group 8.8.8.8 member remote 4.4.4.4
# 配置VXLAN IP網關保護組,並配置本地成員地址。
[SwitchD] vtep group 8.8.8.8 member local 4.4.4.4
# 配置VXLAN IP網關保護組的其它成員地址。
[SwitchD] vtep group 8.8.8.8 member remote 3.3.3.3
# 以Switch A為例,在VTEP上查看Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態。其中,Tunnel1和Tunnel2為手工創建的VXLAN隧道,Tunne3和Tunnel4為VTEP與VXLAN IP網關保護組成員設備之間自動建立的VXLAN隧道。
[SwitchA] display interface tunnel
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 8.8.8.8
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel3
Current state: UP
Line protocol state: UP
Description: Tunnel3 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 3.3.3.3
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel4
Current state: UP
Line protocol state: UP
Description: Tunnel4 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 1.1.1.1, destination 4.4.4.4
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 以Switch C為例,在集中式VXLAN IP網關上查看Tunnel接口信息,可以看到VXLAN模式的Tunnel接口處於up狀態。
[SwitchC] display interface tunnel
Tunnel1
Current state: UP
Line protocol state: UP
Description: Tunnel1 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 8.8.8.8, destination 1.1.1.1
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Tunnel2
Current state: UP
Line protocol state: UP
Description: Tunnel2 Interface
Bandwidth: 64 kbps
Maximum transmission unit: 1464
Internet protocol processing: Disabled
Last clearing of counters: Never
Tunnel source 8.8.8.8, destination 2.2.2.2
Tunnel protocol/transport UDP_VXLAN/IP
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 以Switch C為例,在集中式VXLAN IP網關上查看VSI虛接口信息,可以看到VSI虛接口處於up狀態。
[SwitchC] display interface vsi-interface
Vsi-interface1
Current state: UP
Line protocol state: UP
Description: Vsi-interface1 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet Address: 10.1.1.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0001-0001-0001
IPv6 packet frame type: Ethernet II, hardware address: 0001-0001-0001
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
Vsi-interface2
Current state: UP
Line protocol state: UP
Description: Vsi-interface2 Interface
Bandwidth: 1000000 kbps
Maximum transmission unit: 1500
Internet Address: 10.1.2.1/24 (primary)
IP packet frame type: Ethernet II, hardware address: 0002-0002-0002
IPv6 packet frame type: Ethernet II, hardware address: 0002-0002-0002
Physical: Unknown, baudrate: 1000000 kbps
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 以Switch A為例,在VTEP上查看VSI信息,可以看到VSI內創建的VXLAN、與VXLAN關聯的VXLAN隧道、與VSI關聯的以太網服務實例等信息。
[SwitchA] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
Tunnel3 0x5000003 Up Auto Disabled
Tunnel4 0x5000004 Up Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv1000 0 Up Manual
VSI Name: vpnb
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flood proxy
Tunnel1 0x5000001 Up Manual Disabled
Tunnel2 0x5000002 Up Manual Disabled
Tunnel3 0x5000003 Up Auto Disabled
Tunnel4 0x5000004 Up Auto Disabled
ACs:
AC Link ID State Type
XGE1/0/1 srv2000 0 Up Manual
# 以Switch C為例,在集中式VXLAN IP網關上查看VSI信息,可以看到VSI內創建的VXLAN、與VXLAN關聯的VXLAN隧道、與VSI關聯的VSI虛接口等信息。
[SwitchC] display l2vpn vsi verbose
VSI Name: vpna
VSI Index : 0
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway interface : VSI-interface 1
VXLAN ID : 10
Tunnels:
Tunnel Name Link ID State Type Flooding proxy
Tunnel1 0x5000002 Up Manual Disabled
Tunnel2 0x5000003 Up Manual Disabled
VSI Name: vpnb
VSI Index : 1
VSI State : Up
MTU : 1500
Bandwidth : Unlimited
Broadcast Restrain : Unlimited
Multicast Restrain : Unlimited
Unknown Unicast Restrain: Unlimited
MAC Learning : Enabled
MAC Table Limit : -
MAC Learning rate : -
Drop Unknown : -
Flooding : Enabled
Statistics : Disabled
Gateway interface : VSI-interface 2
VXLAN ID : 20
Tunnels:
Tunnel Name Link ID State Type Flooding proxy
Tunnel1 0x5000002 Up Manual Disabled
Tunnel2 0x5000003 Up Manual Disabled
# 虛擬機VM 1、VM 2、VM3、VM4之間均可以互訪,且可以ping通100.1.1.0/24網段內的地址。
# 在Switch C上查看VSI的ARP表項信息,可以看到已學習到了虛擬機的ARP信息。
[SwitchC] display arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN/VSI Interface/Link ID Aging Type
10.1.1.11 0000-1234-0001 N/A Tunnel1 20 D
10.1.1.12 0000-1234-0002 N/A Tunnel2 19 D
# 在Switch C上查看FIB表項信息,可以看到已學習到了虛擬機的轉發表項信息。
[SwitchC] display fib 10.1.1.11
Destination count: 1 FIB entry count: 1
Flag:
U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
10.1.1.11/32 10.1.1.11 UH Vsi1 Null
# 在Switch D上查看VSI的ARP表項信息和FIB表項信息,可以看到該信息與Switch C上的信息一致。
[SwitchD] display arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address VLAN/VSI Interface/Link ID Aging Type
10.1.1.11 0000-1234-0001 N/A Tunnel1 20 D
10.1.1.12 0000-1234-0002 N/A Tunnel2 19 D
[SwitchD] display fib 10.1.1.11
Destination count: 1 FIB entry count: 1
Flag:
U:Useable G:Gateway H:Host B:Blackhole D:Dynamic S:Static
R:Relay F:FRR
Destination/Mask Nexthop Flag OutInterface/Token Label
10.1.1.11/32 10.1.1.11 UH Vsi1 Null
· Switch A
#
undo vxlan ip-forwarding
#
ospf 1 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 20.1.1.0 0.0.0.255
#
vlan 20
#
l2vpn enable
#
vsi vpna
vxlan 10
tunnel 1
tunnel 2
#
vsi vpnb
vxlan 20
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface20
ip address 20.1.1.1 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 1000
encapsulation s-vid 10
xconnect vsi vpna
service-instance 2000
encapsulation s-vid 11
xconnect vsi vpnb
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 20
#
interface Tunnel1 mode vxlan
source 1.1.1.1
destination 8.8.8.8
#
interface Tunnel2 mode vxlan
source 1.1.1.1
destination 2.2.2.2
#
vtep group 8.8.8.8 member remote 3.3.3.3 4.4.4.4
#
· Switch B
#
undo vxlan ip-forwarding
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 30.1.1.0 0.0.0.255
#
vlan 30
#
l2vpn enable
#
vsi vpna
vxlan 10
tunnel 1
tunnel 2
#
vsi vpnb
vxlan 20
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface30
ip address 30.1.1.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
service-instance 1000
encapsulation s-vid 12
xconnect vsi vpna
service-instance 2000
encapsulation s-vid 13
xconnect vsi vpnb
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 30
#
interface Tunnel1 mode vxlan
source 2.2.2.2
destination 8.8.8.8
#
interface Tunnel2 mode vxlan
source 2.2.2.2
destination 1.1.1.1
#
vtep group 8.8.8.8 member remote 3.3.3.3 4.4.4.4
#
· Switch C
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 8.8.8.8 0.0.0.0
network 40.1.1.0 0.0.0.255
#
ospf 2 router-id 3.3.3.3
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 100.1.1.0 0.0.0.255
#
vlan 40
#
vlan 100
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
tunnel 1
tunnel 2
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface LoopBack1
ip address 8.8.8.8 255.255.255.255
#
interface Vlan-interface40
ip address 40.1.1.3 255.255.255.0
#
interface Vlan-interface100
ip address 100.1.1.3 255.255.255.0
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 40
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 100
#
interface Vsi-interface1
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
arp send-gratuitous-arp interval 200000
#
interface Vsi-interface2
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
arp send-gratuitous-arp interval 200000
#
interface Tunnel1 mode vxlan
source 8.8.8.8
destination 1.1.1.1
#
interface Tunnel2 mode vxlan
source 8.8.8.8
destination 2.2.2.2
#
vtep group 8.8.8.8 member local 3.3.3.3
#
vtep group 8.8.8.8 member remote 4.4.4.4
#
return
· Switch D
#
ospf 1 router-id 4.4.4.4
area 0.0.0.0
network 4.4.4.4 0.0.0.0
network 8.8.8.8 0.0.0.0
network 50.1.1.0 0.0.0.255
#
ospf 2 router-id 4.4.4.4
area 0.0.0.0
network 10.1.1.0 0.0.0.255
network 10.1.2.0 0.0.0.255
network 100.1.1.0 0.0.0.255
#
vlan 50
#
vlan 100
#
l2vpn enable
#
vsi vpna
gateway vsi-interface 1
vxlan 10
tunnel 1
tunnel 2
#
vsi vpnb
gateway vsi-interface 2
vxlan 20
tunnel 1
tunnel 2
#
interface LoopBack0
ip address 4.4.4.4 255.255.255.255
#
interface LoopBack1
ip address 8.8.8.8 255.255.255.255
#
interface Vlan-interface50
ip address 50.1.1.4 255.255.255.0
#
interface Vlan-interface100
ip address 100.1.1.4 255.255.255.0
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 50
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 100
#
interface Vsi-interface1
ip address 10.1.1.1 255.255.255.0
mac-address 0001-0001-0001
arp send-gratuitous-arp interval 200000
#
interface Vsi-interface2
ip address 10.1.2.1 255.255.255.0
mac-address 0002-0002-0002
arp send-gratuitous-arp interval 200000
#
interface Tunnel1 mode vxlan
source 8.8.8.8
destination 1.1.1.1
#
interface Tunnel2 mode vxlan
source 8.8.8.8
destination 2.2.2.2
#
vtep group 8.8.8.8 member local 4.4.4.4
#
vtep group 8.8.8.8 member remote 3.3.3.3
#
return
· Switch E
#
ospf 1 router-id 5.5.5.5
area 0.0.0.0
network 5.5.5.5 0.0.0.0
network 20.1.1.0 0.0.0.255
network 30.1.1.0 0.0.0.255
network 40.1.1.0 0.0.0.255
network 50.1.1.0 0.0.0.255
#
vlan 20
#
vlan 30
#
vlan 40
#
vlan 50
#
interface LoopBack0
ip address 5.5.5.5 255.255.255.255
#
interface Vlan-interface20
ip address 20.1.1.5 255.255.255.0
#
interface Vlan-interface30
ip address 30.1.1.5 255.255.255.0
#
interface Vlan-interface40
ip address 40.1.1.5 255.255.255.0
#
interface Vlan-interface50
ip address 50.1.1.5 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 20
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 30
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 40
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port access vlan 50
#
return
· H3C S6890係列交換機 VXLAN配置指導(R27xx)
· H3C S6890係列交換機 VXLAN命令參考(R27xx)
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
