【实验】vxlan的静态配置

 

1.IGP (underlay 网络)

2、VAP 虚拟接入点

  BD --VNI 绑定

  L2--BD 绑定

3、手工静态方式 创建vxlan

4、传统接入交换机配置

 

 

 

 

1、【配置underlay 网络】OSPF互联

 

【Spine】

ospf 1 router-id 3.3.3.3

area 0.0.0.0 //创建区域0 等同于 area 0 否则接口下 ospf enable area 0 没有意义

 

interface GE1/0/0

undo portswitch

undo shutdown //CE交换机默认管理down

ip address 10.1.13.3 255.255.255.0

ospf enable 1 area 0.0.0.0 //两个含义 接口启动ospf 把接口放进ospf 区域0 等同ospf enable a 0

 

 

interface GE1/0/1

undo portswitch

undo shutdown

ip address 10.1.23.3 255.255.255.0

ospf enable 1 area 0.0.0.0

 

 

interface LoopBack0

description vtep

ip address 3.3.3.3 255.255.255.255

ospf enable 1 area 0.0.0.0

 

 

 

【leaf-1】

 

ospf 1 router-id 1.1.1.1

area 0.0.0.0

 

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.1.13.1 255.255.255.0

ospf enable 1 area 0.0.0.0

 

 

interface LoopBack0

description vtep

ip address 1.1.1.1 255.255.255.255

ospf enable 1 area 0.0.0.0

 

 

【leaf-2】

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.1.23.2 255.255.255.0

ospf enable 1 area 0.0.0.0

 

interface LoopBack0

description vtep

ip address 2.2.2.2 255.255.255.255

ospf enable 1 area 0.0.0.0

 

 

 

【验证】

[leaf-2]dis ospf int

OSPF Process 1 with Router ID 2.2.2.2

 

Area: 0.0.0.0 MPLS TE not enabled

 

Interface IP Address Type State Cost Pri

GE1/0/0 10.1.23.2 Broadcast DR 1 1

Loop0 2.2.2.2 P2P P-2-P 0 1

 

 

 

 

[spine]dis ospf peer bri

OSPF Process 1 with Router ID 3.3.3.3

Peer Statistic Information

Total number of peer(s): 2

Peer(s) in full state: 2

-----------------------------------------------------------------------------

Area Id Interface Neighbor id State

0.0.0.0 GE1/0/0 1.1.1.1 Full

0.0.0.0 GE1/0/1 2.2.2.2 Full

 

 

【测试】

[leaf-1]ping -a 1.1.1.1 3.3.3.3

PING 3.3.3.3: 56 data bytes, press CTRL_C to break

Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time=9 ms

Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time=4 ms

Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time=4 ms

Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time=4 ms

Reply from 3.3.3.3: bytes=56 Sequence=5 ttl=255 time=3 ms

 

--- 3.3.3.3 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 3/4/9 ms

 

[leaf-1]ping -a 1.1.1.1 2.2.2.2

PING 2.2.2.2: 56 data bytes, press CTRL_C to break

Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=254 time=15 ms

Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=254 time=9 ms

Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=254 time=11 ms

Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=254 time=7 ms

Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=254 time=8 ms

 

--- 2.2.2.2 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 7/10/15 ms

 

 

2-1、业务接入点实施 创建桥接域 VAP 虚拟接入点 也叫业务接入点

桥接域的本质是vni

【leaf-1】

interface GE1/0/2

description conn2access

undo shutdown //保证连接接入网络的接口开启

 

 

[leaf-1]bridge-domain 10 //创建桥桥接域10

[leaf-1-bd10]vxlan vni 10 //配置vxlan的vni标记 桥接域与vni映射 绑定

 

【leaf-2】

interface GE1/0/2

description conn2access

undo shutdown

 

 

[leaf-2]bridge-domain 20

[leaf-2-bd20]vxlan vni 20

Info: Please disable dynamic ARP learning when the controller is used to deliver ARP entries.

 

[leaf-2-bd20]dis this

#

bridge-domain 20

vxlan vni 10

 

 

 

【验证】

[leaf-2]dis bridge-domain

The total number of bridge-domains is : 1

--------------------------------------------------------------------------------

MAC_LRN: MAC learning; STAT: Statistics; SPLIT: Split-horizon;

BC: Broadcast; MC: Unknown multicast; UC: Unknown unicast;

*down: Administratively down; FWD: Forward; DSD: Discard;

--------------------------------------------------------------------------------

 

BDID State MAC-LRN STAT BC MC UC SPLIT Description

--------------------------------------------------------------------------------

20 down enable disable FWD FWD FWD disable //BUM 广播 组播 单播

 

桥接域的主要作用是 vni的一个表现形式

 

 

 

 

2-2、桥接域绑定子接口

[leaf-2]int ge 1/0/2.10 mode l2 //创建二层子接口用于和BD绑定(BD和VNI映射 即二层子接口和VNI绑定)

[leaf-2-GE1/0/2.10]encapsulation dot1q vid 10 //dot1q 在封装vxlan之前先拿掉vlan tag(解耦 即vlan不在有意义) 此处VID为发出的帧tag 从原来的vlan报文转变为vxlan报文 看报文格式

[leaf-1-GE1/0/2.10]bridge-domain 10 //BD 域与子接口绑定 以便方便携带tag10的帧可以通过子接口转发 后续 BD和VNI结合

 

 

 

 

【leaf-2】

[leaf-2]int ge 1/0/2.20 mo l2

[leaf-2-GE1/0/2.20]encapsulation dot1q vid 10 //在远端的交换机 出子接口时 打上vlanID

[leaf-2-GE1/0/2.20]bridge-domain 20

 

 

 

一个子接口唯一的属于一个桥接域 一个桥接域对应一个vni

 

 

 

3、创建vxlan隧道 创建NVE逻辑接口

 

【leaf-1】

interface Nve1 //创建逻辑接口NVE1 即vxlan隧道 NVE的两端数字不一致也可以也可以是2

source 1.1.1.1 //配置vtep的源地址

vni 10 head-end peer-list 2.2.2.2 //注意两侧nve的vni的ID相同 目的为2.2.2.2

vni 20 head-end peer-list 2.2.2.2 //多配置的 可忽略

vni 20 head-end peer-list 4.4.4.4 //多配置的 可忽略

#

return

 

 

【leaf-2】

interface Nve1

source 2.2.2.2

vni 10 head-end peer-list 1.1.1.1

#

 

 

 

 

[leaf-2]dis vxlan vni

Number of vxlan vni : 1

VNI BD-ID State

---------------------------------------

10 20 up //查看vxlan vni 信息 可以看到绑定BD ID

 

 

[leaf-2]dis vxlan tunnel

Number of vxlan tunnel : 1

Tunnel ID Source Destination State Type Uptime

-----------------------------------------------------------------------------------

4026531841 2.2.2.2 1.1.1.1 up static 00:05:58 //查看vxlan隧道

 

 

4、接入交换机设置 普通trunk和access设置

 

 

【SW1】

[sw1-GigabitEthernet0/0/2]dis this

#

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10

 

 

interface GigabitEthernet0/0/10

port link-type access

port default vlan 10

stp edged-port enable

 

【SW2】

 

interface GigabitEthernet0/0/2

port link-type trunk

port trunk allow-pass vlan 10

 

 

interface GigabitEthernet0/0/10

port link-type access

port default vlan 10

 

 

 

 

 

重启后可能出现不通

ensp保存配置后重启,VXLAN不通,把子接口下的bd删掉再配下就好了!!!

 

 

 

 

[leaf-2]dis mac-address //查看设备的MAC地址

Flags: * - Backup

BD : bridge-domain Age : dynamic MAC learned time in seconds

-------------------------------------------------------------------------------

MAC Address VLAN/VSI/BD Learned-From Type Age

-------------------------------------------------------------------------------

5489-9851-37c4 -/-/20 1.1.1.1 dynamic -

5489-980b-3a62 -/-/20 GE1/0/2.20 dynamic -

5489-9851-37c4 -/-/20 1.1.1.1 dynamic -

5489-980b-3a62 -/-/20 GE1/0/2.20 dynamic -

-------------------------------------------------------------------------------

Total items: 4

[leaf-2]

 

 

 

[leaf-1]dis mac-address

Flags: * - Backup

BD : bridge-domain Age : dynamic MAC learned time in seconds

-------------------------------------------------------------------------------

MAC Address VLAN/VSI/BD Learned-From Type Age

-------------------------------------------------------------------------------

5489-9851-37c4 -/-/10 GE1/0/2.10 dynamic -

5489-980b-3a62 -/-/10 2.2.2.2 dynamic -

5489-9851-37c4 -/-/10 GE1/0/2.10 dynamic -

5489-980b-3a62 -/-/10 2.2.2.2 dynamic -

-------------------------------------------------------------------------------

 

[leaf-1]dis arp

ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect

EXP: Expire-time VLAN:VLAN or Bridge Domain

 

IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE

----------------------------------------------------------------------------------------

10.1.13.1 384f-c901-0100 I GE1/0/0 //接口的 IP和MAC地址

10.1.13.3 384f-c902-0100 20 D GE1/0/0

----------------------------------------------------------------------------------------

Total:2 Dynamic:1 Static:0 Interface:1 OpenFlow:0

Redirect:0

 

 

 

[leaf-2]dis arp

ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect

EXP: Expire-time VLAN:VLAN or Bridge Domain

 

IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE

----------------------------------------------------------------------------------------

10.1.23.2 384f-c903-0101 I GE1/0/1

10.1.23.3 384f-c902-0101 19 D GE1/0/1

----------------------------------------------------------------------------------------

Total:2 Dynamic:1 Static:0 Interface:1 OpenFl

 

 

 

 

vxlan隧道测试

[spine]nqa vxlanecho enable udp-port 6000

[leaf-1]nqa vxlanecho enable udp-port 6000

[leaf-2]nqa vxlanecho enable udp-port 6000

 

 

 

[leaf-1]ping vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 6000

PING VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break

Reply from 2.2.2.2: bytes=40 Sequence=1 time=142 ms

Reply from 2.2.2.2: bytes=40 Sequence=2 time=11 ms

Reply from 2.2.2.2: bytes=40 Sequence=3 time=10 ms

Reply from 2.2.2.2: bytes=40 Sequence=4 time=9 ms

Reply from 2.2.2.2: bytes=40 Sequence=5 time=10 ms

 

--ping vxlan statistics--

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 9/36/142 ms

 

[leaf-1]tracert vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 600

TRACERT VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break

TTL Replier Time Ingress Port Egress Port

1 10.1.13.3 9 ms unknown unknown

2 Request time out

3 Request time out

[leaf-1]tracert vxlan vni 10 source 1.1.1.1 peer 2.2.2.2 udp-port 6000

TRACERT VXLAN: vni 10 source 1.1.1.1 peer 2.2.2.2, press CTRL_C to break

TTL Replier Time Ingress Port Egress Port

1 10.1.13.3 6 ms unknown unknown

2 2.2.2.2 10 ms GE1/0/1 --

 

posted @ 2020-09-10 00:12  yy50567893  阅读(2045)  评论(0编辑  收藏  举报