- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
01-MC-NAT典型配置舉例
本章節下載: 01-MC-NAT典型配置舉例 (262.27 KB)
目 錄
本文檔介紹了MC-NAT(Multicast Network Address Transform,組播網絡地址轉換)的配置舉例。
MC-NAT是通過控製器下發Openflow流表和組表,控製從來自公網源端設備的流量按需轉發到私網不同的終端上。並且在轉發報文之前,根據組表將報文的IP、port、vlan和mac修改為與私網終端匹配的值。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。本文檔中所有配置舉例中使用的控製器均為OVS(Open vSwitch,開放虛擬交換機)控製器。
本文假設您已了解MC-NAT特性。
如圖1所示,交換機SwitchA從Internet接收到來自視頻源端Source 1的流量。現要求通過OVS控製器下發Openflow流表和Group Table來實現:
· 將從VLAN 4081收到的Source 1發送的公網報文地址轉換成私網地址,並按不同主機IP修改報文的目的IP、目的MAC和目的UDP端口;
· 將轉換後的報文分別發送給私網主機Host A和Host B。
圖1 MC-NAT基本功能配置舉例組網圖
|
設備名 |
MAC |
IP |
UDP |
|
Source 1 |
00:02:fc:00:22:2b |
11.110.5.100 |
6457 |
|
Host A |
00:e0:4c:68:0e:d4 |
192.168.4.2 |
4488 |
|
Host B |
00:50:56:c0:00:08 |
192.168.5.2 |
2356 |
· 為了使Openflow實例與控製器建立連接,需要配置交換機與控製器之間路由可達,本例中以網管口作為與OVS控製器通信的接口。
· 為了使組播流量能讓終端接收到,需要通過控製器下發Group Table,匹配從Source1收到的報文,並修改報文的VLAN ID、目的IP、目的MAC和目的UDP端口,從XGE1/0/4和XGE1/0/5端口發出。
表1 適用產品及版本
|
產品 |
軟件版本 |
|
S12500G-AF係列交換機 |
Release 7639P01及以上版本 |
|
S10500X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-XS係列交換機 |
Release 7639P01及以上版本 |
|
S7600E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500X-X係列交換機 |
Release 7639P01及以上版本 |
|
S10500係列交換機 |
Release 7639P01及以上版本 |
|
S7600-X係列交換機 |
Release 7639P01及以上版本 |
|
S12500-S係列交換機 |
Release 7639P01及以上版本 |
|
S7500E-X係列交換機 |
Release 7639P01及以上版本 |
|
S7500E係列交換機 |
不支持 |
|
S7500X係列交換機 |
不支持 |
|
S7600係列交換機 |
不支持 |
|
S7000ET係列交換機 |
不支持 |
# 創建VLAN,並將對應的以太網接口加入VLAN。
<SwitchA> system-view
[SwitchA] vlan 4 5 4081
[SwitchA] interface ten-gigabitethernet 1/0/1
[SwitchA-Ten-GigabitEthernet1/0/1] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/1] port trunk permit vlan 4081
[SwitchA-Ten-GigabitEthernet1/0/1] quit
[SwitchA] interface ten-gigabitethernet 1/0/4
[SwitchA-Ten-GigabitEthernet1/0/4] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/4] port trunk permit vlan 4
[SwitchA-Ten-GigabitEthernet1/0/4] quit
[SwitchA] interface ten-gigabitethernet 1/0/5
[SwitchA-Ten-GigabitEthernet1/0/5] port link-type trunk
[SwitchA-Ten-GigabitEthernet1/0/5] port trunk permit vlan 5
[SwitchA-Ten-GigabitEthernet1/0/5] quit
# 配置M-GigabitEthernet 0/0/0接口地址用戶和控製器建立連接。
[SwitchA] interface M-GigabitEthernet 0/0/0
[SwitchA-M-GigabitEthernet0/0/0] ip address 172.16.147.136 255.255.0.0
[SwitchA-M-GigabitEthernet0/0/0] quit
# 創建OpenFlow全局實例。
[SwitchA] openflow instance 1
[SwitchA-of-inst-1] classification global
# 配置控製器0的IP地址並激活實例。
[SwitchA-of-inst-1] controller 0 address ip 172.16.147.101
[SwitchA-of-inst-1] active instance
[SwitchA-of-inst-1] quit
# 在控製器上創建組表group1,指定出端口1為XGE1/0/4,修改VLANID為4、目的IP為192.168.4.2、目的MAC為00:e0:4c:68:0e:d4、目的UDP端口為4488;指定出端口2為XGE1/0/5,修改VLANID為5、目的IP為192.168.5.2、目的MAC為00:50:56:c0:00:08、目的UDP端口為2356。
[root@openflowvm:~/controller0]# ./ovs-appctl send_group_str 'command(add),type(
all),group_id(1),bucket(actions(output(742),set_field(vlan_vid(4+1)),set_field(eth_dst(00:e0:4c:68:0e:d4)),set_field(ipv4_dst(192.168.4.2)),set_field(udp_dst(4488)))),bucket(actions(output(743),set_field(vlan_vid(5+1)),set_field(eth_dst(00:50:56:c0:00:08)),set_field(ipv4_dst(192.168.5.2)),set_field(udp_dst(2356))))'
22:46:56|tcp:172.16.147.136:4425: sent (Success): OFPT_GROUP_MOD (xid:31, len:16
0)
22:46:56|OFPT_GROUP_MOD (xid:31)
# Group_Mod
|- command = add
|- type = all
|- group_id = 1
|- bucket
|- weight = 0
|- watch_port = any
|- watch_group = any
|- actions
|- output,742 [max_len = 128]
|- set_field,vlan_vid,4+1
|- set_field,eth_dst,00:e0:4c:68:0e:d4
|- set_field,ipv4_dst,192.168.4.2
|- set_field,udp_dst,4488
|- bucket
|- weight = 0
|- watch_port = any
|- watch_group = any
|- actions
|- output,743 [max_len = 128]
|- set_field,vlan_vid,5+1
|- set_field,eth_dst,00:50:56:c0:00:08
|- set_field,ipv4_dst,192.168.5.2
|- set_field,udp_dst,2356
[root@openflowvm:~/controller0]#
# 將匹配入端口為XGE1/0/1、VLANID為4081、源IP為10.110.5.100、源MAC為00:02:fc:00:22:2b、源UDP端口為6457的報文,執行組表group1的動作。
[root@openflowvm:~/controller0]# ./ovs-appctl send_flow_str 'command(add),table_
id(0),priority(1),match(in_port(739),vlan_vid(4081+1),eth_src(00:02:fc:00:22:2b),eth_type(0x800),ipv4_src(10.110.5.100),ip_proto(17),udp_src(6457)),instruction(write_actions(group(1)))'
23:08:24|tcp:172.16.147.136:4425: sent (Success): OFPT_FLOW_MOD (xid:35, len:120
)
23:08:24|OFPT_FLOW_MOD (xid:35)
# Flow_Mod (48)
|- cookie = 0x0000000000000000
|- cookie_mask = 0x0000000000000000
|- table_id = 0
|- command = add
|- idle_timeout = 0
|- hard_timeout = 0
|- priority = 1
|- buffer_id = no_buffer
|- out_port = any
|- out_group = any
|- flags = 0
|- match
|- in_port,739
|- vlan_vid,4081+1
|- eth_src,00:02:fc:00:22:2b
|- eth_type,0x0800
|- ipv4_src,10.110.5.100
|- ip_proto,17
|- udp_src,6457
|- instructions
|- write_actions
|- group,1
[root@openflowvm:~/controller0]#
在Switch A上進行驗證。
# 查看Switch A上Group流表的信息。
[SwitchA] display openflow instance 1 group
Instance 1 group table information:
Group count: 1
Group entry 1:
Type: All, byte count: 0, packet count: 0
Bucket 1 information:
Action count 2, watch port: any, watch group: any
Byte count 0, packet count 0
Set field:
Ethernet destination MAC address: 00e0-4c68-0ed4
VLAN ID: 4
IPv4 destination address: 192.168.4.2
UDP destination port: 4488
Output interface: XGE1/0/4
Bucket 2 information:
Action count 2, watch port: any, watch group: any
Byte count 0, packet count 0
Set field:
Ethernet destination MAC address: 0050-56c0-0008
VLAN ID: 5
IPv4 destination address: 192.168.5.2
UDP destination port: 2356
Output interface: XGE1/0/5
Referenced information:
Count: 1
Flow table: 0
Flow entry: 1
以上信息表明,Group1指定出端口1為XGE1/0/4,指定出端口2為XGE1/0/5,將報文的相關字段修改為與其端口對應的字段。
[SwitchA] display openflow instance 1 flow
Instance 1 flow table information:
Table 0 information:
Table type: Extensibility, flow entry count: 1, total flow entry count: 2
MissRule (default) flow entry information:
cookie: 0x0, priority: 0, hard time: 0, idle time: 0, flags: reset_counts,
byte count: 383689, packet count: 3330
Create time:19:07:20 01/06/2019, Last modified time:19:07:20 01/06/2019
Match information: any
Instruction information:
Write actions:
Drop
Flow entry 1 information:
cookie: 0x0, priority: 1, hard time: 0, idle time: 0, flags: none,
byte count: 0, packet count: 0
Create time:19:30:33 01/06/2019, Last modified time:19:30:33 01/06/2019
Match information:
Input interface: XGE1/0/1
Ethernet source MAC address: 0002-fc00-222b
Ethernet source MAC address mask: ffff-ffff-ffff
Ethernet type: 0x0800
VLAN ID: 4081, mask: 0xfff
IP protocol: 17
IPv4 source address: 10.110.5.100, mask: 255.255.255.255
UDP source port: 6457, mask: 0xffff
Instruction information:
Write actions:
Group: 1
以上信息表明匹配入端口為XGE1/0/1、VLANID為4081、源IP為10.110.5.100、源MAC為0002-fc00-222b 和源UDP端口為6457的報文執行了group1的動作。
· Switch A:
#
interface M-GigabitEthernet0/0/0
ip address 172.16.147.136 255.255.0.0
#
openflow instance 1
classification global
controller 0 address ip 172.16.147.101
active instance
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4081
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 4
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 5
#
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
