VXLAN配置案例
VXLAN(虚拟可扩展局域网)- 该技术提供与当前 VLAN 相同的以太网第 2 层网络服务,但其可扩展性和灵活性更为出色。
VNID(VXLAN 网络标识符)- 用于定义广播域的 24 位网段 ID。可与“VXLAN 网段 ID”互换。
VTEP(虚拟隧道终端)- 这是执行封装和解封的设备。
NVE(网络虚拟接口)- 执行封装和解封所在的逻辑接口。
什么是 VXLAN?
VXLAN 是一种可以使用任何 IP 路由协议在第 3 层 (L3) 底层网络上重叠第 2 层 (L2) 网络的技术。
它使用 MAC-in-UDP 封装(将 MAC 封装到 UDP 中)。
VXLAN 解决了三个主要问题:
支持 1600 万个 VNI(广播域),而传统 VLAN 仅提供 4000 个。
允许在 IP 网络中的任意位置扩展第 2 层网络。
泛洪功能经过优化。
为什么实施 VXLAN?
VLAN 可扩展性 - VXLAN 可将第 2 层网段 ID 字段扩展到 24 位,最多可在同一个网络上支持 1600 万个唯一的第 2 层网段。
第 3 层边界上的第 2 层网段弹性 - VXLAN 将第 2 层帧封装在 IP UDP 报头中,因此第 2 层邻接关系可以跨路由器边界。
在传输网络中利用组播,以便模拟第 2 层网段中的广播、未知单播和组播泛洪行为。
利用等价多路径 (ECMP),以通过传输网络实现最佳路径使用情况。
配置
这些配置是 VXLAN 配置部分的特定配置。请注意,9396-A 和 B 在 vPC 域中,而 3172-A 不在。这些配置假设,通过您选择的路由协议,可以完全访问拓扑中的所有第 3 层接口。本示例中使用的是开放最短路径优先 (OSPF)。此外还假设,已在这些相同的第 3 层接口上建立组播路由。
3172-A========================================
feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay
vlan 10
vn-segment 160010
vlan 20
vn-segment 160020
interface nve1
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
no shutdown
interface Ethernet1/3
no switchport
ip address 192.168.1.10/30
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
interface loopback1
ip address 192.168.2.5/32
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
9396-A===================================================
Note:当 vPC 用作 VTEP 时,在两个对等体之间使用并共享环回接口的辅助 IP。两个对等体通过此方式向远程 NVE 对等体表示自己是一个 VTEP。
feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay
ip pim rp-address 192.168.1.100 group-list 224.0.0.0/4
vlan 1,10,20
vlan 10
vn-segment 160010
vlan 20
vn-segment 160020
vpc domain 1
peer-switch
peer-keepalive destination 10.122.140.99
peer-gateway
interface port-channel1
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel48
switchport mode trunk
vpc 48
interface nve1
mtu 9216
no shutdown
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
interface Ethernet1/7
no switchport
ip address 192.168.1.2/30
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback1
ip address 192.168.2.2/32
ip address 192.168.2.1/32 secondary
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
9396-B====================================
Note:当 vPC 用作 VTEP 时,在两个对等体之间使用并共享环回接口的辅助 IP。两个对等体通过此方式向远程 NVE 对等体表示自己是一个 VTEP。
feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay
ip pim rp-address 192.168.1.100 group-list 224.0.0.0/4
vlan 1,10,20
vlan 10
vn-segment 160010
vlan 20
vn-segment 160020
vpc domain 1
peer-switch
peer-keepalive destination 10.122.140.98
peer-gateway
interface port-channel1
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel48
switchport mode trunk
vpc 48
interface nve1
mtu 9216
no shutdown
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
interface Ethernet1/7
no switchport
ip address 192.168.1.6/30
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback1
ip address 192.168.2.3/32
ip address 192.168.2.1/32 secondary
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
Verify
Use this section to confirm that your configuration works properly.
思科 CLI 分析器(仅适用于注册客户)支持某些 show 命令。要查看对 show 命令输出的分析,请使用思科 CLI 分析器。
show nve peers <---在重叠网络两侧都发起流量之前,您不会看到此命令的任何输出
show nve vni
show run interface nve1
show nve internal platform interface detail(仅 9K)
show mac address-table
show ip mroute detail
输出示例
这些输出都处于稳定状态。VTEP 对等体已发现彼此,且二者间已在封装和解封两个方向传输流量。
3172-A
3172-A# show nve peers
Interface Peer-IP Peer-State
---------------- --------------- -------------
nve1 192.168.2.1 Up
3712-A# show nve vni
Interface VNI Multicast-group VNI State
---------------- -------- --------------- ---------
nve1 160010 231.1.1.1 Up
nve1 160020 231.1.1.1 Up
3172-A# show run interface nve1
!Command: show running-config interface nve1
!Time: Sat Apr 25 15:09:13 2015
version 6.0(2)U5(1)
interface nve1
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
no shutdown
3172-A# show nve internal platform interface detail
3172-A# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since first seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
* 10 0000.1111.1111 dynamic 5030 F F Eth1/48
* 10 0000.2222.2222 dynamic 5010 F F nve1(192.168.2.1)
3172-A# show ip mroute detail
IP Multicast Routing Table for VRF "default"
Total number of routes: 3
Total number of (*,G) routes: 1
Total number of (S,G) routes: 1
Total number of (*,G-prefix) routes: 1
(*, 231.1.1.1/32), uptime: 3w3d, static(1) pim(0) ip(0)
Stats: 15/1539 [Packets/Bytes], 0.000 bps
Incoming interface: Ethernet1/3, RPF nbr: 192.168.1.9, uptime: 1w0d
Outgoing interface list: (count: 1)
loopback1, uptime: 3w3d, static
(192.168.2.5/32, 231.1.1.1/32), uptime: 3w3d, ip(0) mrib(1) pim(1)
Stats: 142751/9136064 [Packets/Bytes], 34.133 bps
Incoming interface: loopback1, RPF nbr: 192.168.2.5, uptime: 3w3d
Outgoing interface list: (count: 2)
Ethernet1/3, uptime: 1w0d, pim
loopback1, uptime: 3w3d, mrib, (RPF)
(*, 232.0.0.0/8), uptime: 3w3d, pim(0) ip(0)
Stats: 0/0 [Packets/Bytes], 0.000 bps
Incoming interface: Null, RPF nbr: 0.0.0.0, uptime: 3w3d
Outgoing interface list: (count: 0)
9396-A
9396-A# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 192.168.2.5 Up DP 2d20h n/a
9396-A# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 160010 231.1.1.1 Up DP L2 [10]
nve1 160020 231.1.1.1 Up DP L2 [20]
9396-A# show run interface nve1
!Command: show running-config interface nve1
!Time: Sat Apr 25 15:20:45 2015
version 7.0(3)I1(1a)
interface nve1
mtu 9216
no shutdown
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
9396-A# show nve internal platform interface detail
Printing details of all NVE Interfaces
|======|=========================|===============|===============|=====|=====|
|Intf |State |PriIP |SecIP |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1 |UP |192.168.2.2 |192.168.2.1 |2 |1 |
|======|=========================|===============|===============|=====|=====|
SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|
|Sw BD |Vni |State |Intf |Type|Vrf-ID|
|======|======|=========================|======|====|======|
|10 |160010|UP |nve1 |DP |0
|20 |160020|UP |nve1 |DP |0
|======|======|=========================|======|====|======|
Peers of interface nve1:
============================================
peer_ip: 192.168.2.5, peer_id: 1, state: UP MAC-learning: Enabled
active_swbds:
add_pending_swbds:
rem_pending_swbds:
9396-A# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
+ 10 0000.1111.1111 dynamic 0 F F nve1(192.168.2.5)
* 10 0000.2222.2222 dynamic 0 F F Po48
G - 7c0e.ceca.f177 static - F F sup-eth1(R)
9396-A# show ip mroute detail
IP Multicast Routing Table for VRF "default"
Total number of routes: 4
Total number of (*,G) routes: 1
Total number of (S,G) routes: 2
Total number of (*,G-prefix) routes: 1
(*, 231.1.1.1/32), uptime: 2d21h, nve(1) ip(0) pim(0)
Data Created: No
Stats: 1/64 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.1
Outgoing interface list: (count: 1)
nve1, uptime: 2d21h, nve
(192.168.2.1/32, 231.1.1.1/32), uptime: 2d21h, nve(0) ip(0) mrib(0) pim(0)
Data Created: Yes
VXLAN Flags
VXLAN Encap
Stats: 1/51 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: loopback1, RPF nbr: 192.168.2.1
Outgoing interface list: (count: 0)
(192.168.2.5/32, 231.1.1.1/32), uptime: 2d21h, ip(0) mrib(0) nve(1) pim(0)
Data Created: Yes
Stats: 16474/1370086 [Packets/Bytes], 13.600 bps
Stats: Active Flow
Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.1
Outgoing interface list: (count: 1)
nve1, uptime: 2d21h, nve
(*, 232.0.0.0/8), uptime: 2d21h, pim(0) ip(0)
Data Created: No
Stats: 0/0 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Null, RPF nbr: 0.0.0.0
Outgoing interface list: (count: 0)
9396-A# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 1,10,20
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
48 Po48 up success success 1,10
9396-B
9396-B# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 192.168.2.5 Up DP 1w0d n/a
9396-B# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 160010 231.1.1.1 Up DP L2 [10]
nve1 160020 231.1.1.1 Up DP L2 [20]
9396-B# show run interface nve1
!Command: show running-config interface nve1
!Time: Sat Apr 25 15:23:25 2015
version 7.0(3)I1(1b)
interface nve1
mtu 9216
no shutdown
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
9396-B# show nve internal platform interface detail
Printing details of all NVE Interfaces
|======|=========================|===============|===============|=====|=====|
|Intf |State |PriIP |SecIP |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1 |UP |192.168.2.3 |192.168.2.1 |2 |1 |
|======|=========================|===============|===============|=====|=====|
SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|
|Sw BD |Vni |State |Intf |Type|Vrf-ID|
|======|======|=========================|======|====|======|
|10 |160010|UP |nve1 |DP |0
|20 |160020|UP |nve1 |DP |0
|======|======|=========================|======|====|======|
Peers of interface nve1:
============================================
peer_ip: 192.168.2.5, peer_id: 1, state: UP MAC-learning: Enabled
active_swbds:
add_pending_swbds:
rem_pending_swbds:
9396-B# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 10 0000.1111.1111 dynamic 0 F F nve1(192.168.2.5)
+ 10 0000.2222.2222 dynamic 0 F F Po48
G - 58f3.9ca3.64dd static - F F sup-eth1(R)
9396-B# show ip mroute detail
IP Multicast Routing Table for VRF "default"
Total number of routes: 4
Total number of (*,G) routes: 1
Total number of (S,G) routes: 2
Total number of (*,G-prefix) routes: 1
(*, 231.1.1.1/32), uptime: 2w1d, nve(1) ip(0) pim(0)
Data Created: No
VXLAN Flags
VXLAN Decap
VPC Flags
RPF-Source Forwarder
Stats: 1/64 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.5
Outgoing interface list: (count: 1)
nve1, uptime: 2w1d, nve
(192.168.2.1/32, 231.1.1.1/32), uptime: 2w1d, nve(0) ip(0) mrib(0) pim(1)
Data Created: Yes
VXLAN Flags
VXLAN Encap
VPC Flags
RPF-Source Forwarder
Stats: 5/511 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: loopback1, RPF nbr: 192.168.2.1
Outgoing interface list: (count: 1)
Ethernet1/7, uptime: 1w0d, pim
(192.168.2.5/32, 231.1.1.1/32), uptime: 2w1d, ip(0) mrib(0) pim(0) nve(1)
Data Created: Yes
VXLAN Flags
VXLAN Decap
VPC Flags
RPF-Source Forwarder
Stats: 86621/7241564 [Packets/Bytes], 13.600 bps
Stats: Active Flow
Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.5
Outgoing interface list: (count: 1)
nve1, uptime: 2w1d, nve
(*, 232.0.0.0/8), uptime: 2w1d, pim(0) ip(0)
Data Created: No
Stats: 0/0 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Null, RPF nbr: 0.0.0.0
Outgoing interface list: (count: 0)
9396-B# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 1,10,20
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
48 Po48 up success success 1,10
VXLAN 数据包捕获
数据包捕获 (PCAP) 来自上一个拓扑,并包括网络图中所示拓扑的 OSPF hello 数据包、PIM 加入/注册消息和 VXLAN 封装流量。您将注意到一些互联网控制消息协议 (ICMP) 标记,例如“no response”。这是因为 RP 上完成的监控会话的性质而造成的。
监控会话包括接口 Eth4/17-18 和 Eth4/20,因此它会抛出一些 Wireshark。重要的信息是格式和标记。
Note:所有封装数据包(BUM 或称已知单播)均来自远程 VTEP 环回 IP 并发往远程 VTEP 环回 IP。这是任何 vPC VTEP 上的辅助环回 IP。
BUM(广播,未知单播、组播)流量将发往组播组。
单播流量将发往远程 VTEP 环回 IP。