Example for configuring VXLAN for a Virtual Network in Centralized Gateway Mode (Static Mode)
Networking Requirements
- Servers scattered in different departments form a virtual network, realizing resource integration and flexible service deployment.
- A large number of VMs are deployed on each server, and VMs providing different services can communicate at Layer 3.
This example uses the interface on the LE1D2S04SEC0, LE1D2X32SEC0, LE1D2H02QEC0, or X series card as the tunnel-side interface as an example to describe the configuration.
Data Plan
Device |
VXLAN Tunnel |
BD |
VNI |
Source IP |
Peer IP |
---|---|---|---|---|---|
VTEP1 |
VTEP1—>VTEP2 |
10 |
2010 |
10.1.1.2 |
10.2.2.2 |
VTEP1—>VTEP3 |
20 |
2020 |
10.1.1.2 |
10.3.3.2 |
|
VTEP2 |
VTEP2—>VTEP1 |
10 |
2010 |
10.2.2.2 |
10.1.1.2 |
VTEP3 |
VTEP3—>VTEP1 |
20 |
2020 |
10.3.3.2 |
10.1.1.2 |
Configuration Roadmap
The configuration roadmap is as follows:
- Configure a routing protocol on VTEP1, VTEP2, and VTEP3 to ensure Layer 3 network connectivity.
- Configure a deployment mode for the VXLAN access service on VTEP2 and VTEP3, and configure a VLAN on Switch1 and Switch2.
- Configure information for VXLAN tunnel establishment on VTEP1, VTEP2, and VTEP3.
- Configure a Layer 3 VXLAN gateway on VTEP1.
Layer 3 interconnection of the campus network is the basis of the virtual network. If Layer 3 interconnection has been implemented on the live campus network, step 1 in this example can be omitted.
Procedure
- Configure a routing protocol.
# Assign IP addresses to the interfaces of VTEP2. The configurations of VTEP3 and VTEP1 are similar to the configuration of VTEP2, and are not mentioned here. When OSPF is used, the loopback address of each switch must be advertised.
<Quidway> system-view [Quidway] sysname VTEP2 [VTEP2] interface loopback 1 [VTEP2-LoopBack1] ip address 10.2.2.2 32 [VTEP2-LoopBack1] quit [VTEP2] interface gigabitethernet 1/0/1 [VTEP2-GigabitEthernet1/0/1] undo portswitch [VTEP2-GigabitEthernet1/0/1] ip address 192.168.2.1 24 [VTEP2-GigabitEthernet1/0/1] quit [VTEP2] ospf router-id 10.2.2.2 [VTEP2-ospf-1] area 0 [VTEP2-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.0 [VTEP2-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255 [VTEP2-ospf-1-area-0.0.0.0] quit [VTEP2-ospf-1] quit
# After OSPF is configured, the switches can learn the loopback interface address of each other and successfully ping each other. The following shows the ping result from VTEP2 to VTEP3.
[VTEP2] ping 10.3.3.2 PING 10.3.3.2: 56 data bytes, press CTRL_C to break Reply from 10.3.3.2: bytes=56 Sequence=1 ttl=255 time=240 ms Reply from 10.3.3.2: bytes=56 Sequence=2 ttl=255 time=5 ms Reply from 10.3.3.2: bytes=56 Sequence=3 ttl=255 time=5 ms Reply from 10.3.3.2: bytes=56 Sequence=4 ttl=255 time=14 ms Reply from 10.3.3.2: bytes=56 Sequence=5 ttl=255 time=5 ms --- 10.3.3.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 5/53/240 ms
- Configure VLAN access on Switch1 and Switch2 and configure the access point for the VXLAN service on VTEP2 and VTEP3.
# Configure VTEP2.
[VTEP2] bridge-domain 10 [VTEP2-bd10] quit [VTEP2] vcmp role silent [VTEP2] interface gigabitethernet 1/0/2 [VTEP2-GigabitEthernet1/0/2] port link-type trunk [VTEP2-GigabitEthernet1/0/2] quit [VTEP2] interface gigabitethernet 1/0/2.1 mode l2 [VTEP2-GigabitEthernet1/0/2.1] encapsulation dot1q vid 10 [VTEP2-GigabitEthernet1/0/2.1] bridge-domain 10 [VTEP2-GigabitEthernet1/0/2.1] quit
# Configure VTEP3.
[VTEP3] bridge-domain 20 [VTEP3-bd20] quit [VTEP3] vcmp role silent [VTEP3] interface gigabitethernet 1/0/2 [VTEP3-GigabitEthernet1/0/2] port link-type trunk [VTEP3-GigabitEthernet1/0/2] quit [VTEP3] interface gigabitethernet 1/0/2.1 mode l2 [VTEP3-GigabitEthernet1/0/2.1] encapsulation dot1q vid 20 [VTEP3-GigabitEthernet1/0/2.1] bridge-domain 20 [VTEP3-GigabitEthernet1/0/2.1] quit
# Configure Switch1.
<Quidway> system-view [Quidway] sysname Switch1 [Switch1] vlan 10 [Switch1-vlan10] quit [Switch1] interface gigabitethernet 1/0/2 [Switch1-GigabitEthernet1/0/2] port link-type access [Switch1-GigabitEthernet1/0/2] port default vlan 10 [Switch1-GigabitEthernet1/0/2] quit [Switch1] interface gigabitethernet 1/0/1 [Switch1-GigabitEthernet1/0/1] port link-type trunk [Switch1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch1-GigabitEthernet1/0/1] quit
# Configure Switch2.
<Quidway> system-view [Quidway] sysname Switch2 [Switch2] vlan 20 [Switch2-vlan20] quit [Switch2] interface gigabitethernet 1/0/2 [Switch2-GigabitEthernet1/0/2] port link-type access [Switch2-GigabitEthernet1/0/2] port default vlan 20 [Switch2-GigabitEthernet1/0/2] quit [Switch2] interface gigabitethernet 1/0/1 [Switch2-GigabitEthernet1/0/1] port link-type trunk [Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 20 [Switch2-GigabitEthernet1/0/1] quit
- Configure information for VXLAN tunnel establishment on VTEP2, VTEP3, and VTEP1.
# Configure VTEP2.
[VTEP2] bridge-domain 10 [VTEP2-bd10] vxlan vni 2010 [VTEP2-bd10] quit [VTEP2] interface nve 1 [VTEP2-Nve1] source 10.2.2.2 [VTEP2-Nve1] vni 2010 head-end peer-list 10.1.1.2 [VTEP2-Nve1] quit
# Configure VTEP3.
[VTEP3] bridge-domain 20 [VTEP3-bd20] vxlan vni 2020 [VTEP3-bd20] quit [VTEP3] interface nve 1 [VTEP3-Nve1] source 10.3.3.2 [VTEP3-Nve1] vni 2020 head-end peer-list 10.1.1.2 [VTEP3-Nve1] quit
# Configure VTEP1.
[VTEP1] bridge-domain 10 [VTEP1-bd10] vxlan vni 2010 [VTEP1-bd10] quit [VTEP1] bridge-domain 20 [VTEP1-bd20] vxlan vni 2020 [VTEP1-bd20] quit [VTEP1] interface nve 1 [VTEP1-Nve1] source 10.1.1.2 [VTEP1-Nve1] vni 2010 head-end peer-list 10.2.2.2 [VTEP1-Nve1] vni 2020 head-end peer-list 10.3.3.2 [VTEP1-Nve1] quit
- Configure a Layer 3 VXLAN gateway on VTEP1.
[VTEP1] interface vbdif 10 [VTEP1-Vbdif10] ip address 192.168.10.10 24 [VTEP1-Vbdif10] quit [VTEP1] interface vbdif 20 [VTEP1-Vbdif20] ip address 192.168.20.10 24 [VTEP1-Vbdif20] quit
- Verify the configuration.
# After the preceding configuration, run the display vxlan vni and display vxlan tunnel commands on VTEP1, VTEP2, and VTEP3. You can view that the VNI status is up and VXLAN tunnel information is displayed. The command output of VTEP1 is used as an example.
[VTEP1] display vxlan vni VNI BD-ID State ----------------------------------------- 2010 10 up 2020 20 up ----------------------------------------- Number of vxlan vni bound to BD is : 2 VNI VRF-ID ----------------------------------------- ----------------------------------------- Number of vxlan vni bound to VPN is : 0
[VTEP1] display vxlan tunnel Tunnel ID Source Destination State Type ---------------------------------------------------------------------------- 4026531842 10.1.1.2 10.2.2.2 up static 4026531841 10.1.1.2 10.3.3.2 up static ---------------------------------------------------------------------------- Number of vxlan tunnel : Total : 2 Static: 2 L2 dynamic: 0 L3 dynamic: 0
# After the configuration is complete, users in different network segments can communicate over VXLAN gateway. The following shows the ping result from VM1 on Server1 to VM1 on Server2.
C:\Users\VM1>ping 192.168.20.1 Pinging 192.168.20.1 with 32 bytes of data: Reply from 192.168.20.1: bytes=32 time=1ms TTL=126 Reply from 192.168.20.1: bytes=32 time=1ms TTL=126 Reply from 192.168.20.1: bytes=32 time=1ms TTL=126 Reply from 192.168.20.1: bytes=32 time=1ms TTL=126 Ping statistics for 192.168.20.1: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
Configuration Files
VTEP1 configuration file
# sysname VTEP1 # bridge-domain 10 vxlan vni 2010 bridge-domain 20 vxlan vni 2020 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.2.2 255.255.255.0 # interface GigabitEthernet1/0/2 undo portswitch ip address 192.168.3.2 255.255.255.0 # interface LoopBack1 ip address 10.1.1.2 255.255.255.255 # interface Vbdif10 ip address 192.168.10.10 255.255.255.0 # interface Vbdif20 ip address 192.168.20.10 255.255.255.0 # interface Nve1 source 10.1.1.2 vni 2010 head-end peer-list 10.2.2.2 vni 2020 head-end peer-list 10.3.3.2 # ospf 1 router-id 10.1.1.2 area 0.0.0.0 network 10.1.1.2 0.0.0.0 network 192.168.2.0 0.0.0.255 network 192.168.3.0 0.0.0.255 # return
VTEP2 configuration file
# sysname VTEP2 # vcmp role silent # bridge-domain 10 vxlan vni 2010 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.2.1 255.255.255.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface LoopBack1 ip address 10.2.2.2 255.255.255.255 # interface Nve1 source 10.2.2.2 vni 2010 head-end peer-list 10.1.1.2 # ospf 1 router-id 10.2.2.2 area 0.0.0.0 network 10.2.2.2 0.0.0.0 network 192.168.2.0 0.0.0.255 # return
VTEP3 configuration file
# sysname VTEP3 # vcmp role silent # bridge-domain 20 vxlan vni 2020 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.3.1 255.255.255.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface LoopBack1 ip address 10.3.3.2 255.255.255.255 # interface Nve1 source 10.3.3.2 vni 2020 head-end peer-list 10.1.1.2 # ospf 1 router-id 10.3.3.2 area 0.0.0.0 network 10.3.3.2 0.0.0.0 network 192.168.3.0 0.0.0.255 # return
Configuration file of Switch1
# sysname Switch1 # vlan batch 10 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 port link-type access port default vlan 10 # return
Configuration file of Switch2
# sysname Switch2 # vlan batch 20 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet1/0/2 port link-type access port default vlan 20 # return