VXLAN配置案例

VXLAN(虚拟可扩展局域网)- 该技术提供与当前 VLAN 相同的以太网第 2 层网络服务,但其可扩展性和灵活性更为出色。

VNID(VXLAN 网络标识符)- 用于定义广播域的 24 位网段 ID。可与“VXLAN 网段 ID”互换。

VTEP(虚拟隧道终端)- 这是执行封装和解封的设备。

NVE(网络虚拟接口)- 执行封装和解封所在的逻辑接口。

什么是 VXLAN?
    VXLAN 是一种可以使用任何 IP 路由协议在第 3 层 (L3) 底层网络上重叠第 2 层 (L2) 网络的技术。
    它使用 MAC-in-UDP 封装(将 MAC 封装到 UDP 中)。

VXLAN 解决了三个主要问题:
    支持 1600 万个 VNI(广播域),而传统 VLAN 仅提供 4000 个。
    允许在 IP 网络中的任意位置扩展第 2 层网络。
    泛洪功能经过优化。

为什么实施 VXLAN?
    VLAN 可扩展性 - VXLAN 可将第 2 层网段 ID 字段扩展到 24 位,最多可在同一个网络上支持 1600 万个唯一的第 2 层网段。
    第 3 层边界上的第 2 层网段弹性 - VXLAN 将第 2 层帧封装在 IP UDP 报头中,因此第 2 层邻接关系可以跨路由器边界。
    在传输网络中利用组播,以便模拟第 2 层网段中的广播、未知单播和组播泛洪行为。
    利用等价多路径 (ECMP),以通过传输网络实现最佳路径使用情况。


配置
    这些配置是 VXLAN 配置部分的特定配置。请注意,9396-A 和 B 在 vPC 域中,而 3172-A 不在。这些配置假设,通过您选择的路由协议,可以完全访问拓扑中的所有第 3 层接口。本示例中使用的是开放最短路径优先 (OSPF)。此外还假设,已在这些相同的第 3 层接口上建立组播路由。

3172-A========================================
feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay

vlan 10
  vn-segment 160010
vlan 20
  vn-segment 160020

interface nve1
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1
  no shutdown
  
interface Ethernet1/3
  no switchport
  ip address 192.168.1.10/30
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode

interface loopback1
  ip address 192.168.2.5/32
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode

9396-A===================================================
Note:当 vPC 用作 VTEP 时,在两个对等体之间使用并共享环回接口的辅助 IP。两个对等体通过此方式向远程 NVE 对等体表示自己是一个 VTEP。

feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay

ip pim rp-address 192.168.1.100 group-list 224.0.0.0/4

vlan 1,10,20
vlan 10
  vn-segment 160010
vlan 20
  vn-segment 160020

vpc domain 1
  peer-switch
  peer-keepalive destination 10.122.140.99
  peer-gateway

interface port-channel1
  switchport mode trunk
  spanning-tree port type network
  vpc peer-link

interface port-channel48
  switchport mode trunk
  vpc 48  

interface nve1
  mtu 9216
  no shutdown
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1

interface Ethernet1/7
  no switchport
  ip address 192.168.1.2/30
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
  no shutdown
  
interface loopback1
  ip address 192.168.2.2/32
  ip address 192.168.2.1/32 secondary
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode

9396-B====================================
Note:当 vPC 用作 VTEP 时,在两个对等体之间使用并共享环回接口的辅助 IP。两个对等体通过此方式向远程 NVE 对等体表示自己是一个 VTEP。

feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay

ip pim rp-address 192.168.1.100 group-list 224.0.0.0/4

vlan 1,10,20
vlan 10
  vn-segment 160010
vlan 20
  vn-segment 160020
  
vpc domain 1
  peer-switch
  peer-keepalive destination 10.122.140.98
  peer-gateway

interface port-channel1
  switchport mode trunk
  spanning-tree port type network
  vpc peer-link

interface port-channel48
  switchport mode trunk
  vpc 48
 
interface nve1
  mtu 9216
  no shutdown
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1
    
interface Ethernet1/7
  no switchport
  ip address 192.168.1.6/30
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
  no shutdown
  
interface loopback1
  ip address 192.168.2.3/32
  ip address 192.168.2.1/32 secondary
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
Verify
Use this section to confirm that your configuration works properly.

思科 CLI 分析器(仅适用于注册客户)支持某些 show 命令。要查看对 show 命令输出的分析,请使用思科 CLI 分析器。

show nve peers <---在重叠网络两侧都发起流量之前,您不会看到此命令的任何输出
show nve vni
show run interface nve1
show nve internal platform interface detail(仅 9K)
show mac address-table
show ip mroute detail
输出示例
这些输出都处于稳定状态。VTEP 对等体已发现彼此,且二者间已在封装和解封两个方向传输流量。

3172-A
3172-A# show nve peers
Interface          Peer-IP           Peer-State
----------------   ---------------   -------------
nve1               192.168.2.1        Up         

3712-A# show nve vni
Interface          VNI        Multicast-group   VNI State
----------------   --------   ---------------   ---------
nve1               160010     231.1.1.1         Up  
nve1               160020     231.1.1.1         Up            

3172-A# show run interface nve1

!Command: show running-config interface nve1
!Time: Sat Apr 25 15:09:13 2015

version 6.0(2)U5(1)

interface nve1
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1
  no shutdown

3172-A# show nve internal platform interface detail

3172-A# show mac address-table vlan 10
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since first seen,+ - primary entry using vPC Peer-Link
   VLAN     MAC Address      Type      age     Secure NTFY   Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
* 10       0000.1111.1111    dynamic   5030       F    F  Eth1/48
* 10       0000.2222.2222    dynamic   5010       F    F  nve1(192.168.2.1)

3172-A# show ip mroute detail 
IP Multicast Routing Table for VRF "default"

Total number of routes: 3
Total number of (*,G) routes: 1
Total number of (S,G) routes: 1
Total number of (*,G-prefix) routes: 1

(*, 231.1.1.1/32), uptime: 3w3d, static(1) pim(0) ip(0) 
  Stats: 15/1539 [Packets/Bytes], 0.000   bps
  Incoming interface: Ethernet1/3, RPF nbr: 192.168.1.9, uptime: 1w0d
  Outgoing interface list: (count: 1)
    loopback1, uptime: 3w3d, static

(192.168.2.5/32, 231.1.1.1/32), uptime: 3w3d, ip(0) mrib(1) pim(1) 
  Stats: 142751/9136064 [Packets/Bytes], 34.133  bps
  Incoming interface: loopback1, RPF nbr: 192.168.2.5, uptime: 3w3d
  Outgoing interface list: (count: 2)
    Ethernet1/3, uptime: 1w0d, pim
    loopback1, uptime: 3w3d, mrib, (RPF)

(*, 232.0.0.0/8), uptime: 3w3d, pim(0) ip(0) 
  Stats: 0/0 [Packets/Bytes], 0.000   bps
  Incoming interface: Null, RPF nbr: 0.0.0.0, uptime: 3w3d
  Outgoing interface list: (count: 0)
9396-A
9396-A# show nve peers
Interface Peer-IP          State LearnType Uptime   Router-Mac       
--------- ---------------  ----- --------- -------- -----------------
nve1      192.168.2.5      Up    DP        2d20h    n/a              

9396-A# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP
       
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      160010   231.1.1.1         Up    DP   L2 [10]    
nve1      160020   231.1.1.1         Up    DP   L2 [20]                              

9396-A# show run interface nve1

!Command: show running-config interface nve1
!Time: Sat Apr 25 15:20:45 2015

version 7.0(3)I1(1a)

interface nve1
  mtu 9216
  no shutdown
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1

9396-A# show nve internal platform interface detail 
Printing details of all NVE Interfaces
|======|=========================|===============|===============|=====|=====|
|Intf  |State                    |PriIP          |SecIP          |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1  |UP                       |192.168.2.2    |192.168.2.1    |2    |1    |
|======|=========================|===============|===============|=====|=====|

SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|
|Sw BD |Vni   |State                    |Intf  |Type|Vrf-ID|
|======|======|=========================|======|====|======|
|10    |160010|UP                       |nve1  |DP  |0     
|20    |160020|UP                       |nve1  |DP  |0     
|======|======|=========================|======|====|======|
Peers of interface nve1:
============================================

peer_ip: 192.168.2.5, peer_id: 1, state: UP MAC-learning: Enabled
active_swbds: 
add_pending_swbds: 
rem_pending_swbds:

9396-A# show mac address-table vlan 10
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
+   10     0000.1111.1111   dynamic  0         F      F    nve1(192.168.2.5)
*   10     0000.2222.2222   dynamic  0         F      F    Po48
G    -     7c0e.ceca.f177   static   -         F      F    sup-eth1(R)

9396-A# show ip mroute detail 
IP Multicast Routing Table for VRF "default"

Total number of routes: 4
Total number of (*,G) routes: 1
Total number of (S,G) routes: 2
Total number of (*,G-prefix) routes: 1

(*, 231.1.1.1/32), uptime: 2d21h, nve(1) ip(0) pim(0) 
  Data Created: No
  Stats: 1/64 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.1
  Outgoing interface list: (count: 1)
    nve1, uptime: 2d21h, nve

(192.168.2.1/32, 231.1.1.1/32), uptime: 2d21h, nve(0) ip(0) mrib(0) pim(0) 
  Data Created: Yes
  VXLAN Flags
    VXLAN Encap
  Stats: 1/51 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: loopback1, RPF nbr: 192.168.2.1
  Outgoing interface list: (count: 0)

(192.168.2.5/32, 231.1.1.1/32), uptime: 2d21h, ip(0) mrib(0) nve(1) pim(0) 
  Data Created: Yes
  Stats: 16474/1370086 [Packets/Bytes], 13.600  bps
  Stats: Active Flow
  Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.1
  Outgoing interface list: (count: 1)
    nve1, uptime: 2d21h, nve

(*, 232.0.0.0/8), uptime: 2d21h, pim(0) ip(0) 
  Data Created: No
  Stats: 0/0 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

9396-A# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1   
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : secondary                     
Number of vPCs configured         : 1   
Peer Gateway                      : Enabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po1    up     1,10,20                                                

vPC status
----------------------------------------------------------------------
id   Port   Status Consistency Reason                     Active vlans
--   ----   ------ ----------- ------                     ------------
48   Po48   up     success     success                    1,10
9396-B
9396-B# show nve peers 
Interface Peer-IP          State LearnType Uptime   Router-Mac       
--------- ---------------  ----- --------- -------- -----------------
nve1      192.168.2.5      Up    DP        1w0d     n/a              

9396-B# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP
       
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      160010   231.1.1.1         Up    DP   L2 [10]  
nve1      160020   231.1.1.1         Up    DP   L2 [20]                                

9396-B# show run interface nve1

!Command: show running-config interface nve1
!Time: Sat Apr 25 15:23:25 2015

version 7.0(3)I1(1b)

interface nve1
  mtu 9216
  no shutdown
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1
  
9396-B# show nve internal platform interface detail
Printing details of all NVE Interfaces
|======|=========================|===============|===============|=====|=====|
|Intf  |State                    |PriIP          |SecIP          |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1  |UP                       |192.168.2.3    |192.168.2.1    |2    |1    |
|======|=========================|===============|===============|=====|=====|

SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|
|Sw BD |Vni   |State                    |Intf  |Type|Vrf-ID|
|======|======|=========================|======|====|======|
|10    |160010|UP                       |nve1  |DP  |0     
|20    |160020|UP                       |nve1  |DP  |0     
|======|======|=========================|======|====|======|
Peers of interface nve1:
============================================

peer_ip: 192.168.2.5, peer_id: 1, state: UP MAC-learning: Enabled
active_swbds: 
add_pending_swbds: 
rem_pending_swbds: 

9396-B# show mac address-table vlan 10
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*   10     0000.1111.1111   dynamic  0         F      F    nve1(192.168.2.5)
+   10     0000.2222.2222   dynamic  0         F      F    Po48
G    -     58f3.9ca3.64dd   static   -         F      F    sup-eth1(R)

9396-B# show ip mroute detail 
IP Multicast Routing Table for VRF "default"

Total number of routes: 4
Total number of (*,G) routes: 1
Total number of (S,G) routes: 2
Total number of (*,G-prefix) routes: 1

(*, 231.1.1.1/32), uptime: 2w1d, nve(1) ip(0) pim(0) 
  Data Created: No
  VXLAN Flags
    VXLAN Decap
  VPC Flags
    RPF-Source Forwarder
  Stats: 1/64 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.5
  Outgoing interface list: (count: 1)
    nve1, uptime: 2w1d, nve

(192.168.2.1/32, 231.1.1.1/32), uptime: 2w1d, nve(0) ip(0) mrib(0) pim(1) 
  Data Created: Yes
  VXLAN Flags
    VXLAN Encap
  VPC Flags
    RPF-Source Forwarder
  Stats: 5/511 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: loopback1, RPF nbr: 192.168.2.1
  Outgoing interface list: (count: 1)
    Ethernet1/7, uptime: 1w0d, pim

(192.168.2.5/32, 231.1.1.1/32), uptime: 2w1d, ip(0) mrib(0) pim(0) nve(1) 
  Data Created: Yes
  VXLAN Flags
    VXLAN Decap
  VPC Flags
    RPF-Source Forwarder
  Stats: 86621/7241564 [Packets/Bytes], 13.600  bps
  Stats: Active Flow
  Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.5
  Outgoing interface list: (count: 1)
    nve1, uptime: 2w1d, nve

(*, 232.0.0.0/8), uptime: 2w1d, pim(0) ip(0) 
  Data Created: No
  Stats: 0/0 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

9396-B# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1   
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success 
Per-vlan consistency status       : success                       
Type-2 consistency status         : success 
vPC role                          : primary                       
Number of vPCs configured         : 1   
Peer Gateway                      : Enabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po1    up     1,10,20                                                

vPC status
----------------------------------------------------------------------
id   Port   Status Consistency Reason                     Active vlans
--   ----   ------ ----------- ------                     ------------
48   Po48   up     success     success                    1,10
VXLAN 数据包捕获
数据包捕获 (PCAP) 来自上一个拓扑,并包括网络图中所示拓扑的 OSPF hello 数据包、PIM 加入/注册消息和 VXLAN 封装流量。您将注意到一些互联网控制消息协议 (ICMP) 标记,例如“no response”。这是因为 RP 上完成的监控会话的性质而造成的。

监控会话包括接口 Eth4/17-18 和 Eth4/20,因此它会抛出一些 Wireshark。重要的信息是格式和标记。

Note:所有封装数据包(BUM 或称已知单播)均来自远程 VTEP 环回 IP 并发往远程 VTEP 环回 IP。这是任何 vPC VTEP 上的辅助环回 IP。

BUM(广播,未知单播、组播)流量将发往组播组。

单播流量将发往远程 VTEP 环回 IP。


 

posted @ 2020-04-09 13:07  cyrusxx  阅读(707)  评论(0编辑  收藏  举报