【实验】vxlan的静态配置
、
1.IGP (underlay 网络)
2、VAP 虚拟接入点
BD --VNI 绑定
L2--BD 绑定
3、手工静态方式 创建vxlan
4、传统接入交换机配置
1、【配置underlay 网络】OSPF互联
【Spine】
ospf 1 router-id 3.3.3.3
area 0.0.0.0 //创建区域0 等同于 area 0 否则接口下 ospf enable area 0 没有意义
interface GE1/0/0
undo portswitch
undo shutdown //CE交换机默认管理down
ip address 10.1.13.3 255.255.255.0
ospf enable 1 area 0.0.0.0 //两个含义 接口启动ospf 把接口放进ospf 区域0 等同ospf enable a 0
interface GE1/0/1
undo portswitch
undo shutdown
ip address 10.1.23.3 255.255.255.0
ospf enable 1 area 0.0.0.0
interface LoopBack0
description vtep
ip address 3.3.3.3 255.255.255.255
ospf enable 1 area 0.0.0.0
【leaf-1】
ospf 1 router-id 1.1.1.1
area 0.0.0.0
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.1.13.1 255.255.255.0
ospf enable 1 area 0.0.0.0
interface LoopBack0
description vtep
ip address 1.1.1.1 255.255.255.255
ospf enable 1 area 0.0.0.0
【leaf-2】
interface GE1/0/0
undo portswitch
undo shutdown
ip address 10.1.23.2 255.255.255.0
ospf enable 1 area 0.0.0.0
interface LoopBack0
description vtep
ip address 2.2.2.2 255.255.255.255
ospf enable 1 area 0.0.0.0
【验证】
[leaf-2]dis ospf int
OSPF Process 1 with Router ID 2.2.2.2
Area: 0.0.0.0 MPLS TE not enabled
Interface IP Address Type State Cost Pri
GE1/0/0 10.1.23.2 Broadcast DR 1 1
Loop0 2.2.2.2 P2P P-2-P 0 1
[spine]dis ospf peer bri
OSPF Process 1 with Router ID 3.3.3.3
Peer Statistic Information
Total number of peer(s): 2
Peer(s) in full state: 2
-----------------------------------------------------------------------------
Area Id Interface Neighbor id State
0.0.0.0 GE1/0/0 1.1.1.1 Full
0.0.0.0 GE1/0/1 2.2.2.2 Full
【测试】
[leaf-1]ping -a 1.1.1.1 3.3.3.3
PING 3.3.3.3: 56 data bytes, press CTRL_C to break
Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time=9 ms
Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time=4 ms
Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time=4 ms
Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time=4 ms
Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=255 time=3 ms
--- 3.3.3.3 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 3/4/9 ms
[leaf-1]ping -a 1.1.1.1 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=254 time=15 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=254 time=9 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=254 time=11 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=254 time=7 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=254 time=8 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 7/10/15 ms
2-1、业务接入点实施 创建桥接域 VAP 虚拟接入点 也叫业务接入点
桥接域的本质是vni
【leaf-1】
interface GE1/0/2
description conn2access
undo shutdown //保证连接接入网络的接口开启
[leaf-1]bridge-domain 10 //创建桥桥接域10
[leaf-1-bd10]vxlan vni 10 //配置vxlan的vni标记 桥接域与vni映射 绑定
【leaf-2】
interface GE1/0/2
description conn2access
undo shutdown
[leaf-2]bridge-domain 20
[leaf-2-bd20]vxlan vni 20
Info: Please disable dynamic ARP learning when the controller is used to deliver ARP entries.
[leaf-2-bd20]dis this
#
bridge-domain 20
vxlan vni 10
【验证】
[leaf-2]dis bridge-domain
The total number of bridge-domains is : 1
--------------------------------------------------------------------------------
MAC_LRN: MAC learning; STAT: Statistics; SPLIT: Split-horizon;
BC: Broadcast; MC: Unknown multicast; UC: Unknown unicast;
*down: Administratively down; FWD: Forward; DSD: Discard;
--------------------------------------------------------------------------------
BDID State MAC-LRN STAT BC MC UC SPLIT Description
--------------------------------------------------------------------------------
20 down enable disable FWD FWD FWD disable //BUM 广播 组播 单播
桥接域的主要作用是 vni的一个表现形式
2-2、桥接域绑定子接口
[leaf-2]int ge 1/0/2.10 mode l2 //创建二层子接口用于和BD绑定(BD和VNI映射 即二层子接口和VNI绑定)
[leaf-2-GE1/0/2.10]encapsulation dot1q vid 10 //dot1q 在封装vxlan之前先拿掉vlan tag(解耦 即vlan不在有意义) 此处VID为发出的帧tag 从原来的vlan报文转变为vxlan报文 看报文格式
[leaf-1-GE1/0/2.10]bridge-domain 10 //BD 域与子接口绑定 以便方便携带tag10的帧可以通过子接口转发 后续 BD和VNI结合
【leaf-2】
[leaf-2]int ge 1/0/2.20 mo l2
[leaf-2-GE1/0/2.20]encapsulation dot1q vid 10 //在远端的交换机 出子接口时 打上vlanID
[leaf-2-GE1/0/2.20]bridge-domain 20
一个子接口唯一的属于一个桥接域 一个桥接域对应一个vni
3、创建vxlan隧道 创建NVE逻辑接口
【leaf-1】
interface Nve1 //创建逻辑接口NVE1 即vxlan隧道 NVE的两端数字不一致也可以也可以是2
source 1.1.1.1 //配置vtep的源地址
vni 10 head-end peer-list 2.2.2.2 //注意两侧nve的vni的ID相同 目的为2.2.2.2
vni 20 head-end peer-list 2.2.2.2 //多配置的 可忽略
vni 20 head-end peer-list 4.4.4.4 //多配置的 可忽略
#
return
【leaf-2】
interface Nve1
source 2.2.2.2
vni 10 head-end peer-list 1.1.1.1
#
[leaf-2]dis vxlan vni
Number of vxlan vni : 1
VNI BD-ID State
---------------------------------------
10 20 up //查看vxlan vni 信息 可以看到绑定BD ID
[leaf-2]dis vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
-----------------------------------------------------------------------------------
4026531841 2.2.2.2 1.1.1.1 up static 00:05:58 //查看vxlan隧道
4、接入交换机设置 普通trunk和access设置
【SW1】
[sw1-GigabitEthernet0/0/2]dis this
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
interface GigabitEthernet0/0/10
port link-type access
port default vlan 10
stp edged-port enable
【SW2】
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10
interface GigabitEthernet0/0/10
port link-type access
port default vlan 10
重启后可能出现不通
ensp保存配置后重启,VXLAN不通,把子接口下的bd删掉再配下就好了!!!
[leaf-2]dis mac-address //查看设备的MAC地址
Flags: * - Backup
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/VSI/BD Learned-From Type Age
-------------------------------------------------------------------------------
5489-9851-37c4 -/-/20 1.1.1.1 dynamic -
5489-980b-3a62 -/-/20 GE1/0/2.20 dynamic -
5489-9851-37c4 -/-/20 1.1.1.1 dynamic -
5489-980b-3a62 -/-/20 GE1/0/2.20 dynamic -
-------------------------------------------------------------------------------
Total items: 4
[leaf-2]
[leaf-1]dis mac-address
Flags: * - Backup
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/VSI/BD Learned-From Type Age
-------------------------------------------------------------------------------
5489-9851-37c4 -/-/10 GE1/0/2.10 dynamic -
5489-980b-3a62 -/-/10 2.2.2.2 dynamic -
5489-9851-37c4 -/-/10 GE1/0/2.10 dynamic -
5489-980b-3a62 -/-/10 2.2.2.2 dynamic -
-------------------------------------------------------------------------------
[leaf-1]dis arp
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN:VLAN or Bridge Domain
IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE
----------------------------------------------------------------------------------------
10.1.13.1 384f-c901-0100 I GE1/0/0 //接口的 IP和MAC地址
10.1.13.3 384f-c902-0100 20 D GE1/0/0
----------------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1 OpenFlow:0
Redirect:0
[leaf-2]dis arp
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN:VLAN or Bridge Domain
IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE
----------------------------------------------------------------------------------------
10.1.23.2 384f-c903-0101 I GE1/0/1
10.1.23.3 384f-c902-0101 19 D GE1/0/1
----------------------------------------------------------------------------------------
Total:2 Dynamic:1 Static:0 Interface:1 OpenFl
vxlan隧道测试
[spine]nqa vxlanecho enable udp-port 6000
[leaf-1]nqa vxlanecho enable udp-port 6000
[leaf-2]nqa vxlanecho enable udp-port 6000
[leaf-1]ping vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 6000
PING VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break
Reply from 2.2.2.2: bytes=40 Sequence=1 time=142 ms
Reply from 2.2.2.2: bytes=40 Sequence=2 time=11 ms
Reply from 2.2.2.2: bytes=40 Sequence=3 time=10 ms
Reply from 2.2.2.2: bytes=40 Sequence=4 time=9 ms
Reply from 2.2.2.2: bytes=40 Sequence=5 time=10 ms
--ping vxlan statistics--
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 9/36/142 ms
[leaf-1]tracert vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 600
TRACERT VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break
TTL Replier Time Ingress Port Egress Port
1 10.1.13.3 9 ms unknown unknown
2 Request time out
3 Request time out
[leaf-1]tracert vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 6000
TRACERT VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break
TTL Replier Time Ingress Port Egress Port
1 10.1.13.3 6 ms unknown unknown
2 2.2.2.2 10 ms GE1/0/1 --