评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置VXLAN构建集中式网关部署方式的虚拟网络示例(IPv4 over IPv6,静态方式)
组网需求
企业已经建成比较成熟的园区网络,但是没有专用的数据中心网络,所有的服务器分布在不同的部门,并且不具备集中放置的条件。现在用户希望在已有园区网络上构建一个虚拟网络,需求如下:
- 将散落在不同部门的服务器构建成一个虚拟网络,实现资源整合和业务灵活部署。
- 服务器网络为IPv4网络,园区互联网络为IPv6网络。
- 各服务器上部署着大量的VM,不同业务的服务器之间需要实现三层互通。
数据准备
表1-15 部署VXLAN隧道相关数据
设备 |
VXLAN隧道 |
BD |
VNI |
Source IP |
Peer IP |
|---|---|---|---|---|---|
VTEP1 |
VTEP1—>VTEP2 |
10 |
10 |
FC00::1 |
FC00::2 |
VTEP1—>VTEP3 |
20 |
20 |
FC00::1 |
FC00::3 |
|
VTEP2 |
VTEP2—>VTEP1 |
10 |
10 |
FC00::2 |
FC00::1 |
VTEP3 |
VTEP3—>VTEP1 |
20 |
20 |
FC00::3 |
FC00::1 |
配置思路
采用如下思路配置不同网段用户通过VXLAN网关互通:
- 分别在VTEP1、VTEP2、VTEP3上配置路由协议,保证网络三层互通。
- 分别在VTEP1、VTEP2、VTEP3上配置VXLAN接入业务部署方式,在Switch1、Switch2上配置VLAN。
- 分别在VTEP1、VTEP2、VTEP3上配置VXLAN隧道。
- 在VTEP1上配置VXLAN三层网关。
园区网络的三层互通是构建虚拟网络的基础条件,现网中,如果园区网络已经实现三层网络的互通,那么该举例中的步骤1可以省略。
操作步骤
- 配置路由协议
# 配置VTEP2各接口IP地址。VTEP3和VTEP1的配置与VTEP2类似,这里不再赘述。配置OSPFv3时,注意需要发布设备上的Loopback接口地址。
<HUAWEI> system-view [HUAWEI] sysname VTEP2 [VTEP2] ipv6 [VTEP2] interface loopback 1 [VTEP2-LoopBack1] ipv6 enable [VTEP2-LoopBack1] ipv6 address FC00::2 128 [VTEP2-LoopBack1] quit [VTEP2] interface gigabitethernet 1/0/1 [VTEP2-GigabitEthernet1/0/1] undo portswitch [VTEP2-GigabitEthernet1/0/1] ipv6 enable [VTEP2-GigabitEthernet1/0/1] ipv6 address FC00:1::2 64 [VTEP2-GigabitEthernet1/0/1] quit [VTEP2] ospfv3 [VTEP2-ospfv3-1] router-id 0.0.0.2 [VTEP2-ospfv3-1] quit [VTEP2] interface loopback 1 [VTEP2-LoopBack1] ospfv3 1 area 0 [VTEP2-LoopBack1] quit [VTEP2] interface gigabitethernet 1/0/1 [VTEP2-GigabitEthernet1/0/1] ospfv3 1 area 0 [VTEP2-GigabitEthernet1/0/1] quit
# OSPFv3成功配置后,VTEP之间可通过OSPFv3协议发现对方Loopback接口的IP地址,并能互相ping通。以VTEP2 ping VTEP3的显示为例。
[VTEP2] ping ipv6 FC00::3 PING fc00::3 : 56 data bytes, press CTRL_C to break Reply from FC00::3 bytes=56 Sequence=1 hop limit=63 time = 3 ms Reply from FC00::3 bytes=56 Sequence=2 hop limit=63 time = 3 ms Reply from FC00::3 bytes=56 Sequence=3 hop limit=63 time = 5 ms Reply from FC00::3 bytes=56 Sequence=4 hop limit=63 time = 41 ms Reply from FC00::3 bytes=56 Sequence=5 hop limit=63 time = 3 ms --- fc00::3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/11/41 ms - 分别在VTEP2、VTEP3上配置业务接入点,在Switch1、Switch2上配置VLAN
# 配置VTEP2。
[VTEP2] bridge-domain 10 [VTEP2-bd10] quit [VTEP2] vcmp role silent [VTEP2] interface gigabitethernet 1/0/2 [VTEP2-GigabitEthernet1/0/2] port link-type trunk [VTEP2-GigabitEthernet1/0/2] quit [VTEP2] interface gigabitethernet 1/0/2.1 mode l2 [VTEP2-GigabitEthernet1/0/2.1] encapsulation dot1q vid 10 [VTEP2-GigabitEthernet1/0/2.1] bridge-domain 10 [VTEP2-GigabitEthernet1/0/2.1] quit
# 配置VTEP3。
[VTEP3] bridge-domain 20 [VTEP3-bd20] quit [VTEP3] vcmp role silent [VTEP3] interface gigabitethernet 1/0/2 [VTEP3-GigabitEthernet1/0/2] port link-type trunk [VTEP3-GigabitEthernet1/0/2] quit [VTEP3] interface gigabitethernet 1/0/2.1 mode l2 [VTEP3-GigabitEthernet1/0/2.1] encapsulation dot1q vid 20 [VTEP3-GigabitEthernet1/0/2.1] bridge-domain 20 [VTEP3-GigabitEthernet1/0/2.1] quit
# 配置Switch1。
<HUAWEI> system-view [HUAWEI] sysname Switch1 [Switch1] vlan 10 [Switch1-vlan10] quit [Switch1] interface gigabitethernet 1/0/2 [Switch1-GigabitEthernet1/0/2] port link-type access [Switch1-GigabitEthernet1/0/2] port default vlan 10 [Switch1-GigabitEthernet1/0/2] quit [Switch1] interface gigabitethernet 1/0/1 [Switch1-GigabitEthernet1/0/1] port link-type trunk [Switch1-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 [Switch1-GigabitEthernet1/0/1] quit
# 配置Switch2。
<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2] vlan 20 [Switch2-vlan20] quit [Switch2] interface gigabitethernet 1/0/2 [Switch2-GigabitEthernet1/0/2] port link-type access [Switch2-GigabitEthernet1/0/2] port default vlan 20 [Switch2-GigabitEthernet1/0/2] quit [Switch2] interface gigabitethernet 1/0/1 [Switch2-GigabitEthernet1/0/1] port link-type trunk [Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 20 [Switch2-GigabitEthernet1/0/1] quit
- 分别在VTEP2、VTEP3、VTEP1上配置VXLAN隧道
# 配置VTEP2。
[VTEP2] bridge-domain 10 [VTEP2-bd10] vxlan vni 10 [VTEP2-bd10] quit [VTEP2] interface nve 1 [VTEP2-Nve1] source FC00::2 [VTEP2-Nve1] vni 10 head-end peer-list FC00::1 [VTEP2-Nve1] quit
# 配置VTEP3。
[VTEP3] bridge-domain 20 [VTEP3-bd20] vxlan vni 20 [VTEP3-bd20] quit [VTEP3] interface nve 1 [VTEP3-Nve1] source FC00::3 [VTEP3-Nve1] vni 20 head-end peer-list FC00::1 [VTEP3-Nve1] quit
# 配置VTEP1。
[VTEP1] bridge-domain 10 [VTEP1-bd10] vxlan vni 10 [VTEP1-bd10] quit [VTEP1] bridge-domain 20 [VTEP1-bd20] vxlan vni 20 [VTEP1-bd20] quit [VTEP1] interface nve 1 [VTEP1-Nve1] source FC00::1 [VTEP1-Nve1] vni 10 head-end peer-list FC00::2 [VTEP1-Nve1] vni 20 head-end peer-list FC00::3 [VTEP1-Nve1] quit
- 在VTEP1上配置VXLAN三层网关
[VTEP1] interface vbdif 10 [VTEP1-Vbdif10] ip address 192.168.10.1 24 [VTEP1-Vbdif10] quit [VTEP1] interface vbdif 20 [VTEP1-Vbdif20] ip address 192.168.20.1 24 [VTEP1-Vbdif20] quit
- 验证配置结果
# 上述配置成功后,在VTEP1、VTEP2、VTEP3上执行命令display vxlan vni可查看到VNI的状态是Up;执行命令display vxlan tunnel可查看到VXLAN隧道的信息。以VTEP1显示为例。
[VTEP1] display vxlan vni VNI BD-ID State ----------------------------------------- 10 10 up 20 20 up ----------------------------------------- Number of vxlan vni bound to BD is : 2 VNI VRF-ID ----------------------------------------- ----------------------------------------- Number of vxlan vni bound to VPN is : 0
[VTEP1] display vxlan tunnel Tunnel ID Source Destination State Type -------------------------------------------------------------------------------------------------------------------- 4026531841 FC00::1 FC00::2 up static 4026531842 FC00::1 FC00::3 up static -------------------------------------------------------------------------------------------------------------------- Number of vxlan tunnel : Total : 2 Static: 2 L2 dynamic: 0 L3 dynamic: 0
# 配置完成后,不同网段用户通过VXLAN网关可以互通。以服务器1上的VM1 ping服务器2上的VM1的显示为例。
C:\Users\VM1>ping 192.168.20.10 Pinging 192.168.20.10 with 32 bytes of data: Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Ping statistics for 192.168.20.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
配置文件
VTEP1的配置文件
# sysname VTEP1 # ipv6 # ospfv3 1 router-id 0.0.0.1 # bridge-domain 10 vxlan vni 10 bridge-domain 20 vxlan vni 20 # interface GigabitEthernet1/0/1 undo portswitch ipv6 enable ipv6 address FC00:1::1/64 ospfv3 1 area 0.0.0.0 # interface GigabitEthernet1/0/2 undo portswitch ipv6 enable ipv6 address FC00:2::1/64 ospfv3 1 area 0.0.0.0 # interface LoopBack1 ipv6 enable ipv6 address FC00::1/128 ospfv3 1 area 0.0.0.0 # interface Vbdif10 ip address 192.168.10.1 255.255.255.0 # interface Vbdif20 ip address 192.168.20.1 255.255.255.0 # interface Nve1 source FC00::1 vni 10 head-end peer-list FC00::2 vni 20 head-end peer-list FC00::3 # return
VTEP2的配置文件
# sysname VTEP2 # ipv6 # vcmp role silent # ospfv3 1 router-id 0.0.0.1 # bridge-domain 10 vxlan vni 10 # interface GigabitEthernet1/0/1 undo portswitch ipv6 enable ipv6 address FC00:1::2/64 ospfv3 1 area 0.0.0.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface LoopBack1 ipv6 enable ipv6 address FC00::2/128 ospfv3 1 area 0.0.0.0 # interface Nve1 source FC00::2 vni 10 head-end peer-list FC00::1 # return
VTEP3的配置文件
# sysname VTEP3 # ipv6 # vcmp role silent # ospfv3 1 router-id 0.0.0.1 # bridge-domain 20 vxlan vni 20 # interface GigabitEthernet1/0/1 undo portswitch ipv6 enable ipv6 address FC00:2::2/64 ospfv3 1 area 0.0.0.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface LoopBack1 ipv6 enable ipv6 address FC00::3/128 ospfv3 1 area 0.0.0.0 # interface Nve1 source FC00::3 vni 20 head-end peer-list FC00::1 # return
Switch1的配置文件
# sysname Switch1 # vlan batch 10 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet1/0/2 port link-type access port default vlan 10 # return
Switch2的配置文件
# sysname Switch2 # vlan batch 20 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet1/0/2 port link-type access port default vlan 20 # return
