Example for Configuring VSs
Networking Requirements
As shown in Figure 2-10, SwitchA is a core switch on the network and carries multiple Layer 2 and Layer 3 services.
On the network, all services need to be processed by the main processing units (MPUs) of the physical system (PS). In such a case, when a service failure on the PS causes a failure of the PS, other services running on the PS cannot be properly forwarded. To prevent this problem, users require that Layer 2 and Layer 3 services deployed on the PS be isolated from each other to improve network security.
Configuration Roadmap
Create VS1 and VS2, and allocate physical interfaces and logical resources to them.
Configure management IP addresses and management accounts for VSs to facilitate VS management.
Procedure
- Create VSs and allocate resources to them.
# Create two VSs (VS1 and VS2) in group mode, and assign ports 40GE1/0/0 to 40GE1/0/11 to VS1 and 40GE1/0/12 to 40GE1/0/23 to VS2.
After you assign any port to a VS in group mode, the other ports that on the same group are automatically assigned to the VS. For example, ports 40GE1/0/0 to 40GE1/0/11 use the same forwarding chip. After you assign 40GE1/0/0 to VS1, ports 40GE1/0/0 to 40GE1/0/11 are automatically assigned to VS1.
When assigning physical interfaces to a VS in group mode, view interface groups on cards according to Licensing Requirements and Limitations for VSs to determine which interfaces will be assigned to this VS.
<HUAWEI> system-view [~HUAWEI] sysname SwitchA [*HUAWEI] commit [~SwitchA] admin [~SwitchA-admin] virtual-system vs1 [*SwitchA-admin-vs:vs1] port-mode group [*SwitchA-admin-vs:vs1] assign interface 40ge 1/0/0 Warning: All configurations of the interfaces will be deleted. Interfaces 40GE1/0/0-11 of the same group will be assigned. Continue? [Y/N]: y [*SwitchA-admin-vs:vs1] quit [*SwitchA-admin] commit [~SwitchA-admin] virtual-system vs2 [*SwitchA-admin-vs:vs2] port-mode group [*SwitchA-admin-vs:vs2] assign interface 40e 1/0/12 Warning: All configurations of the interfaces will be deleted. Interfaces 40GE1/0/12-23 of the same group will be assigned. Continue? [Y/N]: y [*SwitchA-admin-vs:vs2] quit [*SwitchA-admin] commit
# Create two logical resource templates (temp1 and temp2) and load the templates on VS1 and VS2 to adjust the logical resource specifications of the two VSs.
A VS will be assigned default logical resource specifications after being created. To adjust the logical resource specifications, use a logical resource template or run the resource command in the VS management view. To view the logical resource specifications of a specified VS, run the display virtual-system[ name vs-name ] verbose command.
[~SwitchA-admin] resource-template temp1 [*SwitchA-admin-template:temp1] resource vlan upper-limit 2000 [*SwitchA-admin-template:temp1] quit [*SwitchA-admin] resource-template temp2 [*SwitchA-admin-template:temp2] resource vpn-instance upper-limit 1000 [*SwitchA-admin-template:temp2] quit [*SwitchA-admin] commit [~SwitchA-admin] virtual-system vs1 [~SwitchA-admin-vs:vs1] assign resource-template temp1 [*SwitchA-admin-vs:vs1] quit [*SwitchA-admin] virtual-system vs2 [*SwitchA-admin-vs:vs2] assign resource-template temp2 [*SwitchA-admin-vs:vs2] quit [*SwitchA-admin] commit
# Check the status and assigned resources of VSs. The following example displays information about VS1.
[~SwitchA-admin] display virtual-system name vs1 verbose Name : vs1 Status : running Description : Create time : 2018-08-03 03:41:51 Port mode : group System MAC : 0019-7459-3320 Assigned slot(s) pvmb : 5 pvmb : 6 CPU(s) slot 5 : 0% Memory(s) slot 5 : 2%, 112228/3884220 (Used Kbytes/Max Kbytes) Disk(s) 5#flash:/VS_vs1: 0%, 1336/3480880 (Used Kbytes/Max Kbytes) Assigned interface(s) 40GE1/0/0, slot 1 40GE1/0/1, slot 1 40GE1/0/2, slot 1 40GE1/0/3, slot 1 40GE1/0/4, slot 1 40GE1/0/5, slot 1 40GE1/0/6, slot 1 40GE1/0/7, slot 1 40GE1/0/8, slot 1 40GE1/0/9, slot 1 40GE1/0/10, slot 1 40GE1/0/11, slot 1 Assigned resource(s) u4route : 60000(Max) m4route : 1000(Max) u6route : 16000(Max) m6route : 100(Max) vlan : 2000(Max) vpn-instance : 16384(Max) cpu : 5(weight) memory : 100(ratio-threshold) disk : 100(ratio-threshold) mpls : disable trill : disable mcast : enable - Configure management IP addresses and management accounts for VSs.
# Switch from the Admin-VS to VS1 and configure a management IP address and management account for VS1. The configuration of VS2 is the same as that of VS1 and is not provided here. For detailed configuration of management accounts, see Configuring User Login in the CloudEngine 16800 Series SwitchesConfiguration Guide - Basic Configuration.
[~SwitchA-admin] return <SwitchA> switch virtual-system vs1 <SwitchA-vs1> system-view [~SwitchA-vs1] interface MEth 0/0/0 [~SwitchA-vs1-MEth0/0/0] ip address 10.1.1.10 24 [*SwitchA-vs1-MEth0/0/0] quit [*SwitchA-vs1] user-interface vty 0 4 [*SwitchA-vs1-ui-vty0-4] authentication-mode aaa [*SwitchA-vs1-ui-vty0-4] user privilege level 3 [*SwitchA-vs1-ui-vty0-4] quit [*SwitchA-vs1] aaa [*SwitchA-vs1-aaa] local-user vs1_user password cipher VS1_password [*SwitchA-vs1-aaa] local-user vs1_user service-type telnet [*SwitchA-vs1-aaa] local-user vs1_user level 3 [*SwitchA-vs1-aaa] quit [*SwitchA-vs1] undo telnet server disable [*SwitchA-vs1] commit [~SwitchA-vs1] quit <SwitchA-vs1> quit
# Use the configured IP address, user name, and password to log in to the VSs through a remote client. The following example configures a login to VS1 from a PC.
The routes between the client and VSs must be reachable.
C:\Documents and Settings\Administrator> telnet 10.1.1.10 Username:vs1_user Password: Warning: Please change the original password. The password needs to be changed. Change now? [Y/N]: n Info: The max number of VTY users is 5, the number of current VTY users online is 1, and total number of terminal users online is 1. The current login time is 2013-03-22 19:06:41. First login successfully. <vs1> - Configure VS1 and VS2 to communicate with each other.
# Configure IP addresses for the interfaces that connect VS1 and VS2. VSs can directly communicate only when they are connected using physical ports, similar to direct communication between physical devices.
<SwitchA> switch virtual-system vs1 <SwitchA-vs1> system-view [~SwitchA-vs1] interface 40ge 1/0/1 [~SwitchA-vs1-40GE1/0/1] undo portswitch [*SwitchA-vs1-40GE1/0/1] ip address 10.10.10.1 24 [*SwitchA-vs1-40GE1/0/1] commit [~SwitchA-vs1-40GE1/0/1] return <SwitchA-vs1> quit <SwitchA> switch virtual-system vs2 <SwitchA-vs2> system-view [~SwitchA-vs2] interface 40ge 1/0/13 [~SwitchA-vs2-40GE1/0/13] undo portswitch [*SwitchA-vs2-40GE1/0/13] ip address 10.10.10.2 24 [*SwitchA-vs2-40GE1/0/13] commit [~SwitchA-vs2-40GE1/0/13] return <SwitchA-vs2> quit
# Configure VSs to ping each other. The following example pings VS2 from VS1.
<SwitchA> switch virtual-system vs1 <SwitchA-vs1> ping 10.10.10.2 PING 10.10.10.2: 56 data bytes, press CTRL_C to break Reply from 10.10.10.2: bytes=56 Sequence=1 ttl=254 time=4 ms Reply from 10.10.10.2: bytes=56 Sequence=2 ttl=254 time=10 ms Reply from 10.10.10.2: bytes=56 Sequence=3 ttl=254 time=8 ms Reply from 10.10.10.2: bytes=56 Sequence=4 ttl=254 time=4 ms Reply from 10.10.10.2: bytes=56 Sequence=5 ttl=254 time=4 ms --- 10.10.10.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/6/10 ms
Configuration File
Configuration file of SwitchA
# sysname SwitchA # admin resource-template temp1 resource vlan upper-limit 2000 resource-template temp2 resource vpn-instance upper-limit 1000 virtual-system vs1 port-mode group resource u4route upper-limit 60000 resource m4route upper-limit 1000 resource u6route upper-limit 16000 resource vlan upper-limit 2000 resource mcast enable resource vpn-instance upper-limit 16384 resource cpu weight 5 resource memory ratio-threshold 100 resource disk ratio-threshold 100 assign interface 40GE1/0/0 assign interface 40GE1/0/1 assign interface 40GE1/0/2 assign interface 40GE1/0/3 assign interface 40GE1/0/4 assign interface 40GE1/0/5 assign interface 40GE1/0/6 assign interface 40GE1/0/7 assign interface 40GE1/0/8 assign interface 40GE1/0/9 assign interface 40GE1/0/10 assign interface 40GE1/0/11 virtual-system vs2 port-mode group resource u4route upper-limit 60000 resource m4route upper-limit 1000 resource u6route upper-limit 16000 resource vlan upper-limit 4094 resource mcast enable resource vpn-instance upper-limit 1000 resource cpu weight 5 resource memory ratio-threshold 100 resource disk ratio-threshold 100 assign interface 40GE1/0/12 assign interface 40GE1/0/13 assign interface 40GE1/0/14 assign interface 40GE1/0/15 assign interface 40GE1/0/16 assign interface 40GE1/0/17 assign interface 40GE1/0/18 assign interface 40GE1/0/19 assign interface 40GE1/0/20 assign interface 40GE1/0/21 assign interface 40GE1/0/22 assign interface 40GE1/0/23 # return
Configuration file of VS1
# sysname vs1 # aaa local-user vs1_user password cipher %^%#TT4N+w]%[C+rM>)S8Ti!'p1iV@RZh(3MO7QGd96Z%^%# local-user vs1_user service-type telnet local-user vs1_user level 3 # interface MEth0/0/0 ip address 10.1.1.10 255.255.255.0 # interface 40GE1/0/1 undo portswitch ip address 10.10.10.1 255.255.255.0 # user-interface vty 0 4 authentication-mode aaa user privilege level 3 # return
Configuration file of VS2
# sysname vs2 # aaa local-user vs2_user password cipher %^%#%j]%Lv%StAqIveR"YfuS<{^%;~p*$D<&&@X/Xs(/%^%# local-user vs2_user service-type telnet local-user vs2_user level 3 # interface MEth0/0/0 ip address 10.1.1.20 255.255.255.0 # interface 40GE1/0/13 undo portswitch ip address 10.10.10.2 255.255.255.0 # user-interface vty 0 4 authentication-mode aaa user privilege level 3 # return