碼上快樂

相關內容    簡體    繁體

vrf+vxlan實現不同子網間通信

本文轉載自   查看原文   2020-03-28 14:27   1325    evpn

 

 

 

兩端的br40不能設置ip,否則影響vrf中的路由

 學習了用frrouting 實現l3 gateway可以實現不同子網的通信。現在動手動配置neigh表、vrf策略路由表、fdb表來實現實現不同子網間通信

 

 10.10.18.214節點

 1、在在vetp 10.10.18.214 給對端vetp 10.10.18.213設置neigh,因為4.4.4.254網關會發arp請求,請求
10.10.18.213的mac,而且添加的mac 00:00:01:02:03:08 是vetp 10.10.18.213上br40的mac
 ip n add 10.10.18.213 dev br40 lladdr 00:00:01:02:03:08 nud perm

[root@evpn2 ~]# ip n show vrf vrf-green
4.4.4.3 dev br30 lladdr 96:43:7c:c4:79:8e STALE
10.10.18.213 dev br40 lladdr 00:00:01:02:03:08 PERMANENT
fe80::9443:7cff:fec4:798e dev br30 lladdr 96:43:7c:c4:79:8e STALE

 2、ip netns exec host3 ping 5.5.5.213 時發送arp請求,同樣在netns host3添加neigh項

[root@evpn2 ~]# ip netns exec host3 ip n
4.4.4.254 dev eth0 lladdr 26:01:66:a5:9c:cc STALE
4.4.4.1 dev eth0 FAILED
5.5.5.213 dev eth0 lladdr 32:e3:6a:fe:8b:55 PERMANENT

這里5.5.5.213的mac可以不是5.5.5.213的真實mac,用vetp 10.10.18.214上br40的mac也行
 3、設置fdb bridge fdb append to 00:00:01:02:03:08 dev vxlan40 dst 10.10.18.213
 [root@evpn2 ~]# bridge fdb show | grep 00:00:01:02:03:08
00:00:01:02:03:08 dev dev vxlan40 dst 10.10.18.213 self permanent 4、添加路由 5.5.5.213 via 10.10.18.213 dev br40 proto bgp metric 20 onlink

[root@evpn2 ~]# ip route show vrf vrf-green
4.4.4.0/24 dev br30 proto kernel scope link src 4.4.4.254
5.5.5.213 via 10.10.18.213 dev br40 proto bgp metric 20 onlink 

 

 

  10.10.18.213節點上

設置4.4.4.3 的neigh項
[root@evpn213 ~]# ip netns exec host3  ip n
4.4.4.3 dev eth0 lladdr 00:00:01:02:03:08 PERMANENT
5.5.5.1 dev eth0 lladdr a2:fd:cb:4f:71:41 STALE
設置10.10.18.214 的neigh項
[root@evpn213 ~]# ip n show vrf vrf-green
5.5.5.213 dev br30 lladdr 32:e3:6a:fe:8b:55 PERMANENT
10.10.18.214 dev br40 lladdr 00:00:01:02:03:09 PERMANENT
添加路由
[root@evpn213 ~]# ip r show vrf vrf-green
4.4.4.3 via 10.10.18.214 dev br40 onlink 
5.5.5.0/24 dev br30 proto kernel scope link src 5.5.5.1
添加fdb項
[root@evpn213 ~]# bridge fdb show | grep vxlan40
02:63:4b:80:0d:25 dev dev vxlan40 vlan 1 master br40 permanent
02:63:4b:80:0d:25 dev dev vxlan40 master br40 permanent
00:00:01:02:03:09 dev dev vxlan40 dst 10.10.18.214 self permanent

 一開始把fdb項配到了master br40上導致,報文總是發不出去

 
[root@evpn213 ~]# bridge fdb show | grep 00:00:01:02:03:09
00:00:01:02:03:09 dev dev br40 vlan 1 master br40 permanent
00:00:01:02:03:09 dev dev br40 master br40 permanent
00:00:01:02:03:09 dev dev vxlan40 dst 10.10.18.214 self permanent
[root@evpn213 ~]# bridge fdb del 00:00:01:02:03:09 dev br40

 

 10.10.18.214節點上執行ping

[root@evpn2 ~]# ip netns exec host3 ping 5.5.5.213
PING 5.5.5.213 (5.5.5.213) 56(84) bytes of data.
64 bytes from 5.5.5.213: icmp_seq=1 ttl=62 time=0.575 ms
64 bytes from 5.5.5.213: icmp_seq=2 ttl=62 time=0.514 ms
64 bytes from 5.5.5.213: icmp_seq=3 ttl=62 time=0.530 ms
64 bytes from 5.5.5.213: icmp_seq=4 ttl=62 time=0.566 ms
^C

 

 10.10.18.213節點上執行tcpdump

[root@evpn213 ~]# tcpdump -i vxlan40  -eennvv dst host 4.4.4.3
tcpdump: listening on vxlan40, link-type EN10MB (Ethernet), capture size 262144 bytes
14:21:52.986497 00:00:01:02:03:08 > 00:00:01:02:03:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 61601, offset 0, flags [none], proto ICMP (1), length 84)
    5.5.5.213 > 4.4.4.3: ICMP echo reply, id 10643, seq 1, length 64
14:21:54.044733 00:00:01:02:03:08 > 00:00:01:02:03:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 61673, offset 0, flags [none], proto ICMP (1), length 84)
    5.5.5.213 > 4.4.4.3: ICMP echo reply, id 10643, seq 2, length 64
14:21:55.084773 00:00:01:02:03:08 > 00:00:01:02:03:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 61696, offset 0, flags [none], proto ICMP (1), length 84)
    5.5.5.213 > 4.4.4.3: ICMP echo reply, id 10643, seq 3, length 64
14:21:56.124749 00:00:01:02:03:08 > 00:00:01:02:03:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 61743, offset 0, flags [none], proto ICMP (1), length 84)
    5.5.5.213 > 4.4.4.3: ICMP echo reply, id 10643, seq 4, length 64
14:21:57.164776 00:00:01:02:03:08 > 00:00:01:02:03:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 61784, offset 0, flags [none], proto ICMP (1), length 84)
    5.5.5.213 > 4.4.4.3: ICMP echo reply, id 10643, seq 5, length 64
^C
5 packets captured
5 packets received by filter
0 packets dropped by kernel


[root@evpn213 ~]# tcpdump -i enp1s0 -eennvv dst port 4789
tcpdump: listening on enp1s0, link-type EN10MB (Ethernet), capture size 262144 bytes
14:23:42.204802 fa:16:3e:c1:8f:98 > fa:16:3e:a3:27:66, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 3744, offset 0, flags [none], proto UDP (17), length 134)
10.10.18.214.53381 > 10.10.18.213.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 40
00:00:01:02:03:09 > 00:00:01:02:03:08, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 11410, offset 0, flags [DF], proto ICMP (1), length 84)
4.4.4.3 > 5.5.5.213: ICMP echo request, id 10643, seq 106, length 64
14:23:42.204885 fa:16:3e:a3:27:66 > fa:16:3e:c1:8f:98, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 40091, offset 0, flags [none], proto UDP (17), length 134)
10.10.18.213.40576 > 10.10.18.214.4789: [bad udp cksum 0x3a42 -> 0xd400!] VXLAN, flags [I] (0x08), vni 40
00:00:01:02:03:08 > 00:00:01:02:03:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 1546, offset 0, flags [none], proto ICMP (1), length 84)
5.5.5.213 > 4.4.4.3: ICMP echo reply, id 10643, seq 106, length 64
14:23:43.244787 fa:16:3e:c1:8f:98 > fa:16:3e:a3:27:66, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 3767, offset 0, flags [none], proto UDP (17), length 134)
10.10.18.214.53381 > 10.10.18.213.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 40
00:00:01:02:03:09 > 00:00:01:02:03:08, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 11508, offset 0, flags [DF], proto ICMP (1), length 84)
4.4.4.3 > 5.5.5.213: ICMP echo request, id 10643, seq 107, length 64
14:23:43.244860 fa:16:3e:a3:27:66 > fa:16:3e:c1:8f:98, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 40123, offset 0, flags [none], proto UDP (17), length 134)
10.10.18.213.40576 > 10.10.18.214.4789: [bad udp cksum 0x3a42 -> 0xd400!] VXLAN, flags [I] (0x08), vni 40
00:00:01:02:03:08 > 00:00:01:02:03:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 1603, offset 0, flags [none], proto ICMP (1), length 84)
5.5.5.213 > 4.4.4.3: ICMP echo reply, id 10643, seq 107, length 64
14:23:44.284854 fa:16:3e:c1:8f:98 > fa:16:3e:a3:27:66, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 3790, offset 0, flags [none], proto UDP (17), length 134)
10.10.18.214.53381 > 10.10.18.213.4789: [udp sum ok] VXLAN, flags [I] (0x08), vni 40
00:00:01:02:03:09 > 00:00:01:02:03:08, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 11583, offset 0, flags [DF], proto ICMP (1), length 84)
4.4.4.3 > 5.5.5.213: ICMP echo request, id 10643, seq 108, length 64
14:23:44.284937 fa:16:3e:a3:27:66 > fa:16:3e:c1:8f:98, ethertype IPv4 (0x0800), length 148: (tos 0x0, ttl 64, id 40146, offset 0, flags [none], proto UDP (17), length 134)
10.10.18.213.40576 > 10.10.18.214.4789: [bad udp cksum 0x3a42 -> 0xd400!] VXLAN, flags [I] (0x08), vni 40
00:00:01:02:03:08 > 00:00:01:02:03:09, ethertype IPv4 (0x0800), length 98: (tos 0x0, ttl 63, id 1670, offset 0, flags [none], proto ICMP (1), length 84)
5.5.5.213 > 4.4.4.3: ICMP echo reply, id 10643, seq 108, length 64
^C
6 packets captured
6 packets received by filter
0 packets dropped by kernel

 


免責聲明!

本站轉載的文章為個人學習借鑒使用,本站對版權不負任何法律責任。如果侵犯了您的隱私權益,請聯系本站郵箱yoyou2525@163.com刪除。



猜您在找 vxlan+ vrf + evpn + frrouting與外網通信(三) vxlan+ vrf + evpn + frrouting(一) 不同局域網間的ssh通信 動態維護FDB表項實現VXLAN通信 VXLAN學習之路-結合VRF在Linux中實踐VXLAN網絡 ovs流表機制(四)用vxlan實現同網段通信 通信子網和資源子網 ovs流表機制(四)用vxlan實現不同節點的vm通信--流表learn OVS+VXLAN實現兩個宿主機上的VM間的通信 P256 VRF實現解讀
 
粵ICP備18138465號   © 2018-2025 CODEPRJ.COM