【實驗】vxlan的靜態配置

、

 

1.IGP （underlay 網絡）

2、VAP 虛擬接入點

　　BD --VNI 綁定

　　L2--BD 綁定

3、手工靜態方式 創建vxlan

4、傳統接入交換機配置

 

 

 

 

1、【配置underlay 網絡】OSPF互聯

 

【Spine】

ospf 1 router-id 3.3.3.3

area 0.0.0.0 //創建區域0 等同於 area 0 否則接口下 ospf enable area 0 沒有意義

 

interface GE1/0/0

undo portswitch

undo shutdown //CE交換機默認管理down

ip address 10.1.13.3 255.255.255.0

ospf enable 1 area 0.0.0.0 //兩個含義 接口啟動ospf 把接口放進ospf 區域0 等同ospf enable a 0

 

 

interface GE1/0/1

undo portswitch

undo shutdown

ip address 10.1.23.3 255.255.255.0

ospf enable 1 area 0.0.0.0

 

 

interface LoopBack0

description vtep

ip address 3.3.3.3 255.255.255.255

ospf enable 1 area 0.0.0.0

 

 

 

【leaf-1】

 

ospf 1 router-id 1.1.1.1

area 0.0.0.0

 

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.1.13.1 255.255.255.0

ospf enable 1 area 0.0.0.0

 

 

interface LoopBack0

description vtep

ip address 1.1.1.1 255.255.255.255

ospf enable 1 area 0.0.0.0

 

 

【leaf-2】

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.1.23.2 255.255.255.0

ospf enable 1 area 0.0.0.0

 

interface LoopBack0

description vtep

ip address 2.2.2.2 255.255.255.255

ospf enable 1 area 0.0.0.0

 

 

 

【驗證】

[leaf-2]dis ospf int

OSPF Process 1 with Router ID 2.2.2.2

 

Area: 0.0.0.0 MPLS TE not enabled

 

Interface IP Address Type State Cost Pri

GE1/0/0 10.1.23.2 Broadcast DR 1 1

Loop0 2.2.2.2 P2P P-2-P 0 1

 

 

 

 

[spine]dis ospf peer bri

OSPF Process 1 with Router ID 3.3.3.3

Peer Statistic Information

Total number of peer(s): 2

Peer(s) in full state: 2

-----------------------------------------------------------------------------

Area Id Interface Neighbor id State

0.0.0.0 GE1/0/0 1.1.1.1 Full

0.0.0.0 GE1/0/1 2.2.2.2 Full

 

 

【測試】

[leaf-1]ping -a 1.1.1.1 3.3.3.3

PING 3.3.3.3: 56 data bytes, press CTRL_C to break

Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time=9 ms

Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time=4 ms

Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time=4 ms

Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time=4 ms

Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=255 time=3 ms

 

--- 3.3.3.3 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 3/4/9 ms

 

[leaf-1]ping -a 1.1.1.1 2.2.2.2

PING 2.2.2.2: 56 data bytes, press CTRL_C to break

Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=254 time=15 ms

Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=254 time=9 ms

Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=254 time=11 ms

Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=254 time=7 ms

Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=254 time=8 ms

 

--- 2.2.2.2 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 7/10/15 ms

 

 

2-1、業務接入點實施 創建橋接域 VAP 虛擬接入點 也叫業務接入點

橋接域的本質是vni

【leaf-1】

interface GE1/0/2

description conn2access

undo shutdown //保證連接接入網絡的接口開啟

 

 

[leaf-1]bridge-domain 10 //創建橋橋接域10

[leaf-1-bd10]vxlan vni 10 //配置vxlan的vni標記 橋接域與vni映射 綁定

 

【leaf-2】

interface GE1/0/2

description conn2access

undo shutdown

 

 

[leaf-2]bridge-domain 20

[leaf-2-bd20]vxlan vni 20

Info: Please disable dynamic ARP learning when the controller is used to deliver ARP entries.

 

[leaf-2-bd20]dis this

#

bridge-domain 20

vxlan vni 10

 

 

 

【驗證】

[leaf-2]dis bridge-domain

The total number of bridge-domains is : 1

--------------------------------------------------------------------------------

MAC_LRN: MAC learning; STAT: Statistics; SPLIT: Split-horizon;

BC: Broadcast; MC: Unknown multicast; UC: Unknown unicast;

*down: Administratively down; FWD: Forward; DSD: Discard;

--------------------------------------------------------------------------------

 

BDID State MAC-LRN STAT BC MC UC SPLIT Description

--------------------------------------------------------------------------------

20 down enable disable FWD FWD FWD disable //BUM 廣播 組播 單播

 

橋接域的主要作用是 vni的一個表現形式

 

 

 

 

2-2、橋接域綁定子接口

[leaf-2]int ge 1/0/2.10 mode l2 //創建二層子接口用於和BD綁定(BD和VNI映射 即二層子接口和VNI綁定)

[leaf-2-GE1/0/2.10]encapsulation dot1q vid 10 //dot1q 在封裝vxlan之前先拿掉vlan tag(解耦 即vlan不在有意義) 此處VID為發出的幀tag 從原來的vlan報文轉變為vxlan報文 看報文格式

[leaf-1-GE1/0/2.10]bridge-domain 10 //BD 域與子接口綁定 以便方便攜帶tag10的幀可以通過子接口轉發 后續 BD和VNI結合

 

 

 

 

【leaf-2】

[leaf-2]int ge 1/0/2.20 mo l2

[leaf-2-GE1/0/2.20]encapsulation dot1q vid 10 //在遠端的交換機 出子接口時 打上vlanID

[leaf-2-GE1/0/2.20]bridge-domain 20

 

 

 

一個子接口唯一的屬於一個橋接域 一個橋接域對應一個vni

 

 

 

3、創建vxlan隧道 創建NVE邏輯接口

 

【leaf-1】

interface Nve1 //創建邏輯接口NVE1 即vxlan隧道 NVE的兩端數字不一致也可以也可以是2

source 1.1.1.1 //配置vtep的源地址

vni 10 head-end peer-list 2.2.2.2 //注意兩側nve的vni的ID相同 目的為2.2.2.2

vni 20 head-end peer-list 2.2.2.2 //多配置的 可忽略

vni 20 head-end peer-list 4.4.4.4 //多配置的 可忽略

#

return

 

 

【leaf-2】

interface Nve1

source 2.2.2.2

vni 10 head-end peer-list 1.1.1.1

#

 

 

 

 

[leaf-2]dis vxlan vni

Number of vxlan vni : 1

VNI BD-ID State

---------------------------------------

10 20 up //查看vxlan vni 信息 可以看到綁定BD ID

 

 

[leaf-2]dis vxlan tunnel

Number of vxlan tunnel : 1

Tunnel ID Source Destination State Type Uptime

-----------------------------------------------------------------------------------

4026531841 2.2.2.2 1.1.1.1 up static 00:05:58 //查看vxlan隧道

 

 

4、接入交換機設置 普通trunk和access設置

 

 

【SW1】

[sw1-GigabitEthernet0/0/2]dis this

#

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10

 

 

interface GigabitEthernet0/0/10

port link-type access

port default vlan 10

stp edged-port enable

 

【SW2】

 

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10

 

 

interface GigabitEthernet0/0/10

port link-type access

port default vlan 10

 

 

 

 

 

重啟后可能出現不通

ensp保存配置后重啟，VXLAN不通，把子接口下的bd刪掉再配下就好了！！！

 

 

 

 

[leaf-2]dis mac-address //查看設備的MAC地址

Flags: * - Backup

BD : bridge-domain Age : dynamic MAC learned time in seconds

-------------------------------------------------------------------------------

MAC Address VLAN/VSI/BD Learned-From Type Age

-------------------------------------------------------------------------------

5489-9851-37c4 -/-/20 1.1.1.1 dynamic -

5489-980b-3a62 -/-/20 GE1/0/2.20 dynamic -

5489-9851-37c4 -/-/20 1.1.1.1 dynamic -

5489-980b-3a62 -/-/20 GE1/0/2.20 dynamic -

-------------------------------------------------------------------------------

Total items: 4

[leaf-2]

 

 

 

[leaf-1]dis mac-address

Flags: * - Backup

BD : bridge-domain Age : dynamic MAC learned time in seconds

-------------------------------------------------------------------------------

MAC Address VLAN/VSI/BD Learned-From Type Age

-------------------------------------------------------------------------------

5489-9851-37c4 -/-/10 GE1/0/2.10 dynamic -

5489-980b-3a62 -/-/10 2.2.2.2 dynamic -

5489-9851-37c4 -/-/10 GE1/0/2.10 dynamic -

5489-980b-3a62 -/-/10 2.2.2.2 dynamic -

-------------------------------------------------------------------------------

 

[leaf-1]dis arp

ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect

EXP: Expire-time VLAN:VLAN or Bridge Domain

 

IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE

----------------------------------------------------------------------------------------

10.1.13.1 384f-c901-0100 I GE1/0/0 //接口的 IP和MAC地址

10.1.13.3 384f-c902-0100 20 D GE1/0/0

----------------------------------------------------------------------------------------

Total:2 Dynamic:1 Static:0 Interface:1 OpenFlow:0

Redirect:0

 

 

 

[leaf-2]dis arp

ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect

EXP: Expire-time VLAN:VLAN or Bridge Domain

 

IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE

----------------------------------------------------------------------------------------

10.1.23.2 384f-c903-0101 I GE1/0/1

10.1.23.3 384f-c902-0101 19 D GE1/0/1

----------------------------------------------------------------------------------------

Total:2 Dynamic:1 Static:0 Interface:1 OpenFl

 

 

 

 

vxlan隧道測試

[spine]nqa vxlanecho enable udp-port 6000

[leaf-1]nqa vxlanecho enable udp-port 6000

[leaf-2]nqa vxlanecho enable udp-port 6000

 

 

 

[leaf-1]ping vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 6000

PING VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break

Reply from 2.2.2.2: bytes=40 Sequence=1 time=142 ms

Reply from 2.2.2.2: bytes=40 Sequence=2 time=11 ms

Reply from 2.2.2.2: bytes=40 Sequence=3 time=10 ms

Reply from 2.2.2.2: bytes=40 Sequence=4 time=9 ms

Reply from 2.2.2.2: bytes=40 Sequence=5 time=10 ms

 

--ping vxlan statistics--

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 9/36/142 ms

 

[leaf-1]tracert vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 600

TRACERT VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break

TTL Replier Time Ingress Port Egress Port

1 10.1.13.3 9 ms unknown unknown

2 Request time out

3 Request time out

[leaf-1]tracert vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 6000

TRACERT VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break

TTL Replier Time Ingress Port Egress Port

1 10.1.13.3 6 ms unknown unknown

2 2.2.2.2 10 ms GE1/0/1 --