评分并提供意见反馈 :
华为采用机器翻译与人工审校相结合的方式将此文档翻译成不同语言,希望能帮助您更容易理解此文档的内容。 请注意:即使是最好的机器翻译,其准确度也不及专业翻译人员的水平。 华为对于翻译的准确性不承担任何责任,并建议您参考英文文档(已提供链接)。
配置VXLAN构建分布式网关部署方式的虚拟网络示例(IPv6 over IPv4,BGP EVPN方式)
组网需求
企业已经建成比较成熟的园区网络,但是没有专用的数据中心网络,所有的服务器分布在不同的部门,并且不具备集中放置的条件。现在用户希望在已有园区网络上构建一个虚拟网络,需求如下:
- 将散落在不同部门的服务器构建成一个虚拟网络,实现资源整合和业务灵活部署。
- 服务器网络为IPv6网络,园区内互联网络为IPv4网络。
- 各服务器上部署着大量的VM,相同网段的服务器之间实现二层互通,不同网段的服务器之间实现三层互通。
- VXLAN三层网关下移到VXLAN接入设备,在VXLAN接入设备上使用分布式网关,优化转发路径。
- 核心设备负责园区内VXLAN网络同外界的通信。
本举例中VXLAN隧道侧接口以X系列单板为例。
数据准备
表1-16 配置BGP EVPN相关数据
设备 |
EVPN实例 |
RD值 |
BD |
VNI |
Router id |
Peer IP |
|---|---|---|---|---|---|---|
VTEP1 |
- |
- |
- |
- |
10.1.1.1 |
10.2.2.2 10.3.3.3 |
VTEP2 |
evpn10:
|
1:10 |
10 |
10 |
10.2.2.2 |
10.1.1.1 10.3.3.3 |
evpn20:
|
1:20 |
20 |
20 |
10.2.2.2 |
10.1.1.1 10.3.3.3 |
|
VTEP3 |
evpn10:
|
2:10 |
10 |
10 |
10.3.3.3 |
10.1.1.1 10.2.2.2 |
evpn20:
|
2:20 |
20 |
20 |
10.3.3.3 |
10.1.1.1 10.2.2.2 |
表1-17 配置VPN实例相关数据
设备 |
接口 |
VPN实例 |
VNI |
RD值 |
|---|---|---|---|---|
VTEP1 |
- |
vpn1:
|
100 |
1:100 |
VTEP2 |
VBDIF 10 |
vpn1:
|
100 |
2:100 |
VBDIF 20 |
||||
VTEP3 |
VBDIF 10 |
vpn1:
|
100 |
3:100 |
VBDIF 20 |
图1-69 EVPN实例同VPN实例RT交叉示意图
![]()
配置思路
采用如下思路配置不同网段用户通过VXLAN网关互通:
- 分别在VTEP1、VTEP2、VTEP3上配置路由协议,保证网络三层互通。
- 分别在VTEP2、VTEP3上配置VXLAN接入业务部署方式,在Switch2、Switch3上配置VLAN。
- 分别在VTEP2、VTEP3上配置EVPN实例并绑定BD域。
- 在VTEP1、VTEP2、VTEP3上配置VPN实例,并在VTEP2、VTEP3配置VPN实例绑定VBDIF接口。
- 分别在VTEP1、VTEP2、VTEP3之间配置的BGP EVPN对等体关系。
- 分别在VTEP1、VTEP2、VTEP3上配置VXLAN隧道。
- 分别在VTEP2、VTEP3上配置VXLAN分布式网关。
- 在VTEP1上配置缺省路由,并引入BGP。VTEP1负责园区内的用户同园区外的通信。
园区网络的三层互通是构建虚拟网络的基础条件,现网中,如果园区网络已经实现三层网络的互通,那么该举例中的步骤1可以省略。
操作步骤
- 配置路由协议
# 配置VTEP2各接口IP地址。VTEP1和VTEP3的配置与VTEP2类似,这里不再赘述。配置OSPF时,注意需要发布设备上的32位Loopback接口地址。
<HUAWEI> system-view [HUAWEI] sysname VTEP2 [VTEP2] interface loopback 1 [VTEP2-LoopBack1] ip address 10.2.2.2 32 [VTEP2-LoopBack1] quit [VTEP2] interface gigabitethernet 1/0/1 [VTEP2-GigabitEthernet1/0/1] undo portswitch [VTEP2-GigabitEthernet1/0/1] ip address 192.168.1.1 24 [VTEP2-GigabitEthernet1/0/1] quit [VTEP2] ospf router-id 10.2.2.2 [VTEP2-ospf-1] area 0 [VTEP2-ospf-1-area-0.0.0.0] network 10.2.2.2 0.0.0.0 [VTEP2-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [VTEP2-ospf-1-area-0.0.0.0] quit [VTEP2-ospf-1] quit
# OSPF成功配置后,VTEP1、VTEP2和VTEP3之间可通过OSPF协议发现对方Loopback接口的IP地址,并能互相ping通。以VTEP2 ping VTEP3的显示为例。
[VTEP2] ping 10.3.3.3 PING 10.3.3.3: 56 data bytes, press CTRL_C to break Reply from 10.3.3.3: bytes=56 Sequence=1 ttl=253 time=240 ms Reply from 10.3.3.3: bytes=56 Sequence=2 ttl=253 time=5 ms Reply from 10.3.3.3: bytes=56 Sequence=3 ttl=253 time=5 ms Reply from 10.3.3.3: bytes=56 Sequence=4 ttl=253 time=14 ms Reply from 10.3.3.3: bytes=56 Sequence=5 ttl=253 time=5 ms --- 10.3.3.3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 5/53/240 ms - 分别在Switch2、Switch3上进行VLAN接入的配置,在VTEP2、VTEP3上配置VXLAN业务接入点
# 配置Switch2。
<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2] vlan batch 10 20 [Switch2] interface gigabitethernet 1/0/2 [Switch2-GigabitEthernet1/0/2] port link-type access [Switch2-GigabitEthernet1/0/2] port default vlan 10 [Switch2-GigabitEthernet1/0/2] quit [Switch2] interface gigabitethernet 1/0/3 [Switch2-GigabitEthernet1/0/3] port link-type access [Switch2-GigabitEthernet1/0/3] port default vlan 20 [Switch2-GigabitEthernet1/0/3] quit [Switch2] interface gigabitethernet 1/0/1 [Switch2-GigabitEthernet1/0/1] port link-type trunk [Switch2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20 [Switch2-GigabitEthernet1/0/1] quit
# 配置Switch3。
<HUAWEI> system-view [HUAWEI] sysname Switch3 [Switch3] vlan batch 10 20 [Switch3] interface gigabitethernet 1/0/2 [Switch3-GigabitEthernet1/0/2] port link-type access [Switch3-GigabitEthernet1/0/2] port default vlan 10 [Switch3-GigabitEthernet1/0/2] quit [Switch3] interface gigabitethernet 1/0/3 [Switch3-GigabitEthernet1/0/3] port link-type access [Switch3-GigabitEthernet1/0/3] port default vlan 20 [Switch3-GigabitEthernet1/0/3] quit [Switch3] interface gigabitethernet 1/0/1 [Switch3-GigabitEthernet1/0/1] port link-type trunk [Switch3-GigabitEthernet1/0/1] port trunk allow-pass vlan 10 20 [Switch3-GigabitEthernet1/0/1] quit
# 配置VTEP2。
[VTEP2] bridge-domain 10 [VTEP2-bd10] quit [VTEP2] vcmp role silent [VTEP2] interface gigabitethernet 1/0/2 [VTEP2-GigabitEthernet1/0/2] port link-type trunk [VTEP2-GigabitEthernet1/0/2] quit [VTEP2] interface gigabitethernet 1/0/2.1 mode l2 [VTEP2-GigabitEthernet1/0/2.1] encapsulation dot1q vid 10 [VTEP2-GigabitEthernet1/0/2.1] bridge-domain 10 [VTEP2-GigabitEthernet1/0/2.1] quit [VTEP2] bridge-domain 20 [VTEP2-bd20] quit [VTEP2] interface gigabitethernet 1/0/2.2 mode l2 [VTEP2-GigabitEthernet1/0/2.2] encapsulation dot1q vid 20 [VTEP2-GigabitEthernet1/0/2.2] bridge-domain 20 [VTEP2-GigabitEthernet1/0/2.2] quit
# 配置VTEP3。
[VTEP3] bridge-domain 10 [VTEP3-bd10] quit [VTEP3] vcmp role silent [VTEP3] interface gigabitethernet 1/0/2 [VTEP3-GigabitEthernet1/0/2] port link-type trunk [VTEP3-GigabitEthernet1/0/2] quit [VTEP3] interface gigabitethernet 1/0/2.1 mode l2 [VTEP3-GigabitEthernet1/0/2.1] encapsulation dot1q vid 10 [VTEP3-GigabitEthernet1/0/2.1] bridge-domain 10 [VTEP3-GigabitEthernet1/0/2.1] quit [VTEP3] bridge-domain 20 [VTEP3-bd20] quit [VTEP3] interface gigabitethernet 1/0/2.2 mode l2 [VTEP3-GigabitEthernet1/0/2.2] encapsulation dot1q vid 20 [VTEP3-GigabitEthernet1/0/2.2] bridge-domain 20 [VTEP3-GigabitEthernet1/0/2.2] quit
- 分别在VTEP2、VTEP3上配置EVPN实例并绑定BD域
# 配置VTEP2。
[VTEP2] evpn vpn-instance evpn10 bd-mode [VTEP2-evpn-instance-evpn10] route-distinguisher 1:10 [VTEP2-evpn-instance-evpn10] vpn-target 10:1 both [VTEP2-evpn-instance-evpn10] vpn-target 1:100 export-extcommunity [VTEP2-evpn-instance-evpn10] quit [VTEP2] bridge-domain 10 [VTEP2-bd10] vxlan vni 10 [VTEP2-bd10] evpn binding vpn-instance evpn10 [VTEP2-bd10] quit [VTEP2] evpn vpn-instance evpn20 bd-mode [VTEP2-evpn-instance-evpn20] route-distinguisher 1:20 [VTEP2-evpn-instance-evpn20] vpn-target 20:1 both [VTEP2-evpn-instance-evpn20] vpn-target 1:100 export-extcommunity [VTEP2-evpn-instance-evpn20] quit [VTEP2] bridge-domain 20 [VTEP2-bd20] vxlan vni 20 [VTEP2-bd20] evpn binding vpn-instance evpn20 [VTEP2-bd20] quit
# 配置VTEP3。
[VTEP3] evpn vpn-instance evpn10 bd-mode [VTEP3-evpn-instance-evpn10] route-distinguisher 2:10 [VTEP3-evpn-instance-evpn10] vpn-target 10:1 both [VTEP3-evpn-instance-evpn10] vpn-target 1:100 export-extcommunity [VTEP3-evpn-instance-evpn10] quit [VTEP3] bridge-domain 10 [VTEP3-bd10] vxlan vni 10 [VTEP3-bd10] evpn binding vpn-instance evpn10 [VTEP3-bd10] quit [VTEP3] evpn vpn-instance evpn20 bd-mode [VTEP3-evpn-instance-evpn20] route-distinguisher 2:20 [VTEP3-evpn-instance-evpn20] vpn-target 20:1 both [VTEP3-evpn-instance-evpn20] vpn-target 1:100 export-extcommunity [VTEP3-evpn-instance-evpn20] quit [VTEP3] bridge-domain 20 [VTEP3-bd20] vxlan vni 20 [VTEP3-bd20] evpn binding vpn-instance evpn20 [VTEP3-bd20] quit
- 在VTEP1、VTEP2、VTEP3上配置VPN实例,并在VTEP2、VTEP3配置VPN实例绑定VBDIF接口
# 配置VTEP1。
[VTEP1] ip vpn-instance vpn1 [VTEP1-vpn-instance-vpn1] ipv6-family [VTEP1-vpn-instance-vpn1-af-ipv6] route-distinguisher 1:100 [VTEP1-vpn-instance-vpn1-af-ipv6] vpn-target 1:100 both evpn [VTEP1-vpn-instance-vpn1-af-ipv6] quit [VTEP1-vpn-instance-vpn1] vxlan vni 100 [VTEP1-vpn-instance-vpn1] quit
# 配置VTEP2。
[VTEP2] ip vpn-instance vpn1 [VTEP2-vpn-instance-vpn1] ipv6-family [VTEP2-vpn-instance-vpn1-af-ipv6] route-distinguisher 2:100 [VTEP2-vpn-instance-vpn1-af-ipv6] vpn-target 1:100 both evpn [VTEP2-vpn-instance-vpn1-af-ipv6] quit [VTEP2-vpn-instance-vpn1] vxlan vni 100 [VTEP2-vpn-instance-vpn1] quit [VTEP2] interface vbdif 10 [VTEP2-Vbdif10] ip binding vpn-instance vpn1 [VTEP2-Vbdif10] quit [VTEP2] interface vbdif 20 [VTEP2-Vbdif20] ip binding vpn-instance vpn1 [VTEP2-Vbdif20] quit
# 配置VTEP3。
[VTEP3] ip vpn-instance vpn1 [VTEP3-vpn-instance-vpn1] ipv6-family [VTEP3-vpn-instance-vpn1-af-ipv6] route-distinguisher 3:100 [VTEP3-vpn-instance-vpn1-af-ipv6] vpn-target 1:100 both evpn [VTEP3-vpn-instance-vpn1-af-ipv6] quit [VTEP3-vpn-instance-vpn1] vxlan vni 100 [VTEP3-vpn-instance-vpn1] quit [VTEP3] interface vbdif 10 [VTEP3-Vbdif10] ip binding vpn-instance vpn1 [VTEP3-Vbdif10] quit [VTEP3] interface vbdif 20 [VTEP3-Vbdif20] ip binding vpn-instance vpn1 [VTEP3-Vbdif20] quit
- 配置VTEP1、VTEP2、VTEP3之间的BGP EVPN对等体关系
# 配置VTEP1。
[VTEP1] bgp 100 [VTEP1-bgp] router-id 10.1.1.1 [VTEP1-bgp] peer 10.2.2.2 as-number 100 [VTEP1-bgp] peer 10.2.2.2 connect-interface LoopBack1 [VTEP1-bgp] peer 10.3.3.3 as-number 100 [VTEP1-bgp] peer 10.3.3.3 connect-interface LoopBack1 [VTEP1-bgp] l2vpn-family evpn [VTEP1-bgp-af-evpn] peer 10.2.2.2 enable [VTEP1-bgp-af-evpn] peer 10.2.2.2 advertise irbv6 [VTEP1-bgp-af-evpn] peer 10.3.3.3 enable [VTEP1-bgp-af-evpn] peer 10.3.3.3 advertise irbv6 [VTEP1-bgp-af-evpn] quit [VTEP1-bgp] ipv6-family vpn-instance vpn1 [VTEP1-bgp-vpn1] advertise l2vpn evpn [VTEP1-bgp-vpn1] import-route direct [VTEP1-bgp-vpn1] quit [VTEP1-bgp] quit
# 配置VTEP2。
[VTEP2] bgp 100 [VTEP2-bgp] router-id 10.2.2.2 [VTEP2-bgp] peer 10.1.1.1 as-number 100 [VTEP2-bgp] peer 10.1.1.1 connect-interface LoopBack1 [VTEP2-bgp] peer 10.3.3.3 as-number 100 [VTEP2-bgp] peer 10.3.3.3 connect-interface LoopBack1 [VTEP2-bgp] l2vpn-family evpn [VTEP2-bgp-af-evpn] peer 10.1.1.1 enable [VTEP2-bgp-af-evpn] peer 10.1.1.1 advertise irbv6 [VTEP2-bgp-af-evpn] peer 10.3.3.3 enable [VTEP2-bgp-af-evpn] peer 10.3.3.3 advertise irbv6 [VTEP2-bgp-af-evpn] quit [VTEP2-bgp] ipv6-family vpn-instance vpn1 [VTEP2-bgp-vpn1] advertise l2vpn evpn [VTEP2-bgp-vpn1] import-route direct [VTEP2-bgp-vpn1] quit [VTEP2-bgp] quit
# 配置VTEP3。
[VTEP3] bgp 100 [VTEP3-bgp] router-id 10.3.3.3 [VTEP3-bgp] peer 10.1.1.1 as-number 100 [VTEP3-bgp] peer 10.1.1.1 connect-interface LoopBack1 [VTEP3-bgp] peer 10.2.2.2 as-number 100 [VTEP3-bgp] peer 10.2.2.2 connect-interface LoopBack1 [VTEP3-bgp] l2vpn-family evpn [VTEP3-bgp-af-evpn] peer 10.1.1.1 enable [VTEP3-bgp-af-evpn] peer 10.1.1.1 advertise irbv6 [VTEP3-bgp-af-evpn] peer 10.2.2.2 enable [VTEP3-bgp-af-evpn] peer 10.2.2.2 advertise irbv6 [VTEP3-bgp-af-evpn] quit [VTEP3-bgp] ipv6-family vpn-instance vpn1 [VTEP3-bgp-vpn1] advertise l2vpn evpn [VTEP3-bgp-vpn1] import-route direct [VTEP3-bgp-vpn1] quit [VTEP3-bgp] quit
- 在VTEP1、VTEP2、VTEP3上配置VXLAN隧道
# 配置VTEP1。
[VTEP1] interface nve 1 [VTEP1-Nve1] source 10.1.1.1 [VTEP1-Nve1] quit
# 配置VTEP2。
[VTEP2] interface nve 1 [VTEP2-Nve1] source 10.2.2.2 [VTEP2-Nve1] vni 10 head-end peer-list protocol bgp [VTEP2-Nve1] vni 20 head-end peer-list protocol bgp [VTEP2-Nve1] quit
# 配置VTEP3。
[VTEP3] interface nve 1 [VTEP3-Nve1] source 10.3.3.3 [VTEP3-Nve1] vni 10 head-end peer-list protocol bgp [VTEP3-Nve1] vni 20 head-end peer-list protocol bgp [VTEP3-Nve1] quit
- 在VTEP2、VTEP3上配置VXLAN分布式网关
# 配置VTEP2。
[VTEP2] ipv6 [VTEP2] interface vbdif 10 [VTEP2-Vbdif10] ipv6 enable [VTEP2-Vbdif10] ipv6 address fc00:1::1 64 [VTEP2-Vbdif10] ipv6 nd distribute-gateway enable [VTEP2-Vbdif10] ipv6 nd collect host enable [VTEP2-Vbdif10] mac-address 0000-5e00-0101 [VTEP2-Vbdif10] quit [VTEP2] interface vbdif 20 [VTEP2-Vbdif20] ipv6 enable [VTEP2-Vbdif20] ipv6 address fc00:2::1 64 [VTEP2-Vbdif20] ipv6 nd distribute-gateway enable [VTEP2-Vbdif20] ipv6 nd collect host enable [VTEP2-Vbdif20] mac-address 0000-5e00-0102 [VTEP2-Vbdif20] quit
# 配置VTEP3。
[VTEP3] ipv6 [VTEP3] interface vbdif 10 [VTEP3-Vbdif10] ipv6 enable [VTEP3-Vbdif10] ipv6 address fc00:1::1 64 [VTEP3-Vbdif10] ipv6 nd distribute-gateway enable [VTEP3-Vbdif10] ipv6 nd collect host enable [VTEP3-Vbdif10] mac-address 0000-5e00-0101 [VTEP3-Vbdif10] quit [VTEP3] interface vbdif 20 [VTEP3-Vbdif20] ipv6 enable [VTEP3-Vbdif20] ipv6 address fc00:2::1 64 [VTEP3-Vbdif20] ipv6 nd distribute-gateway enable [VTEP3-Vbdif20] ipv6 nd collect host enable [VTEP3-Vbdif20] mac-address 0000-5e00-0102 [VTEP3-Vbdif20] quit
- 在VTEP1配置缺省路由,并引入BGP
# 配置VTEP1。
[VTEP1] ipv6 [VTEP1] ipv6 route-static vpn-instance vpn1 :: 0 NULL0 [VTEP1] bgp 100 [VTEP1-bgp] ipv6-family vpn-instance vpn1 [VTEP1-bgp6-vpn1] import-route static [VTEP1-bgp6-vpn1] default-route imported [VTEP1-bgp6-vpn1] quit [VTEP1-bgp] quit
- 验证配置结果
# 上述配置成功后,在VTEP1、VTEP2、VTEP3上执行命令display vxlan vni可查看到VNI的状态是Up;执行命令display vxlan tunnel可查看到VXLAN隧道的信息。以VTEP2显示为例。
[VTEP2] display vxlan vni VNI BD-ID State ----------------------------------------- 10 10 up 20 20 up ----------------------------------------- Number of vxlan vni bound to BD is : 2 VNI VRF-ID ----------------------------------------- 100 1 ----------------------------------------- Number of vxlan vni bound to VPN is : 1
[VTEP2] display vxlan tunnel Tunnel ID Source Destination State Type -------------------------------------------------------------------------------------------------------------------- 4026531841 10.2.2.2 10.3.3.3 up l2 dynamic 1 10.2.2.2 10.1.1.1 up l3 dynamic 2 10.2.2.2 10.3.3.3 up l3 dynamic -------------------------------------------------------------------------------------------------------------------- Number of vxlan tunnel : Total : 3 Static: 0 L2 dynamic: 1 L3 dynamic: 2
# 配置完成后,相同网段用户之间可以二层互通。以Server1上的VM1 ping Server3上的VM1的显示为例。
C:\Users\VM1>ping fc00:1::3 PING fc00:1::3 : 56 data bytes, press CTRL_C to break Reply from fc00:1::3 bytes=56 Sequence=1 hop limit=63 time = 4 ms Reply from fc00:1::3 bytes=56 Sequence=2 hop limit=63 time = 4 ms Reply from fc00:1::3 bytes=56 Sequence=3 hop limit=63 time = 5 ms Reply from fc00:1::3 bytes=56 Sequence=4 hop limit=63 time = 4 ms Reply from fc00:1::3 bytes=56 Sequence=5 hop limit=63 time = 4 ms --- fc00:1::3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/5 ms# 不同网段用户之间可以三层互通。以Server1上的VM1 ping Server4上的VM1的显示为例。
C:\Users\VM1>ping fc00:2::3 PING fc00:2::3 : 56 data bytes, press CTRL_C to break Reply from FC00:2::3 bytes=56 Sequence=1 hop limit=63 time = 4 ms Reply from FC00:2::3 bytes=56 Sequence=2 hop limit=63 time = 4 ms Reply from FC00:2::3 bytes=56 Sequence=3 hop limit=63 time = 5 ms Reply from FC00:2::3 bytes=56 Sequence=4 hop limit=63 time = 4 ms Reply from FC00:2::3 bytes=56 Sequence=5 hop limit=63 time = 4 ms --- fc00:2::3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 4/4/5 ms - 验证虚拟机迁移结果
以Server1上的VM1(IP地址:FC00:1::2)迁移到Server3为例,比对迁移前后VTEP2和VTEP3的ND表项,以及迁移前后VTEP1的路由表来验证迁移结果。
迁移前:
# 查看VTEP1上VPN实例vpn1的路由表。
[VTEP1] display ipv6 routing-table vpn-instance vpn1 Routing Table : vpn1 Destinations : 7 Routes : 7 Destination : :: PrefixLength : 0 NextHop : :: Preference : 60 Cost : 0 Protocol : Static RelayNextHop : :: TunnelID : 0x0 Interface : NULL0 Flags : D Destination : FC00:1:: PrefixLength : 64 NextHop : ::FFFF:10.2.2.2 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x2 Interface : VXLAN Flags : RD Destination : FC00:1::2 PrefixLength : 128 NextHop : ::FFFF:10.2.2.2 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x2 Interface : VXLAN Flags : RD Destination : FC00:1::3 PrefixLength : 128 NextHop : ::FFFF:10.3.3.3 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x1 Interface : VXLAN Flags : RD Destination : FC00:2:: PrefixLength : 64 NextHop : ::FFFF:10.2.2.2 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x2 Interface : VXLAN Flags : RD Destination : FC00:2::2 PrefixLength : 128 NextHop : ::FFFF:10.2.2.2 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x2 Interface : VXLAN Flags : RD Destination : FC00:2::3 PrefixLength : 128 NextHop : ::FFFF:10.3.3.3 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x1 Interface : VXLAN Flags : RD
# 查看VTEP2上VPN实例vpn1的ND表。
[VTEP2] display ipv6 neighbors vpn-instance vpn1 ----------------------------------------------------------------------------- IPv6 Address : FC00:1::2 Link-layer : 2cab-0098-15db State : STALE Interface : GE1/0/2.1 Age : 00h01m04s VLAN : 10 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 10 IPv6 Address : FE80::2EAB:FF:FE98:15DB Link-layer : 2cab-0098-15db State : STALE Interface : GE1/0/2.1 Age : 00h01m53s VLAN : 10 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 10 IPv6 Address : FC00:2::2 Link-layer : 2cab-0098-15d6 State : STALE Interface : GE1/0/2.2 Age : 00h01m47s VLAN : 20 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 20 IPv6 Address : FE80::2EAB:FF:FE98:15D6 Link-layer : 2cab-0098-15d6 State : STALE Interface : GE1/0/2.2 Age : 00h01m49s VLAN : 20 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 20 ----------------------------------------------------------------------------- Total: 4 Dynamic: 4 Static: 0
# 查看VTEP3上VPN实例vpn1的ND表。
[VTEP3] display ipv6 neighbors vpn-instance vpn1 ----------------------------------------------------------------------------- IPv6 Address : FC00:1::3 Link-layer : 000b-099d-eb3b State : STALE Interface : GE1/0/2.1 Age : 00h01m44s VLAN : 10 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 10 IPv6 Address : FE80::20B:9FF:FE9D:EB3B Link-layer : 000b-099d-eb3b State : STALE Interface : GE1/0/2.1 Age : 00h07m19s VLAN : 10 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 10 IPv6 Address : FC00:2::3 Link-layer : 000b-099d-fb3b State : STALE Interface : GE1/0/2.2 Age : 00h02m33s VLAN : 20 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 20 IPv6 Address : FE80::20B:9FF:FE9D:FB3B Link-layer : 000b-099d-fb3b State : STALE Interface : GE1/0/2.2 Age : 00h02m35s VLAN : 20 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 20 ----------------------------------------------------------------------------- Total: 4 Dynamic: 4 Static: 0
迁移后:
# 查看VTEP1上VPN实例vpn1的路由表。
[VTEP1] display ipv6 routing-table vpn-instance vpn1 Routing Table : vpn1 Destinations : 7 Routes : 7 Destination : :: PrefixLength : 0 NextHop : :: Preference : 60 Cost : 0 Protocol : Static RelayNextHop : :: TunnelID : 0x0 Interface : NULL0 Flags : D Destination : FC00:1:: PrefixLength : 64 NextHop : ::FFFF:10.2.2.2 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x2 Interface : VXLAN Flags : RD Destination : FC00:1::2 PrefixLength : 128 NextHop : ::FFFF:10.3.3.3 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x1 Interface : VXLAN Flags : RD Destination : FC00:1::3 PrefixLength : 128 NextHop : ::FFFF:10.3.3.3 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x1 Interface : VXLAN Flags : RD Destination : FC00:2:: PrefixLength : 64 NextHop : ::FFFF:10.2.2.2 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x2 Interface : VXLAN Flags : RD Destination : FC00:2::2 PrefixLength : 128 NextHop : ::FFFF:10.2.2.2 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x2 Interface : VXLAN Flags : RD Destination : FC00:2::3 PrefixLength : 128 NextHop : ::FFFF:10.3.3.3 Preference : 255 Cost : 0 Protocol : IBGP RelayNextHop : ::FFFF:0.0.0.0 TunnelID : 0x1 Interface : VXLAN Flags : RD
# 查看VTEP2上VPN实例vpn1的ND表。
[VTEP2] display ipv6 neighbors vpn-instance vpn1 ----------------------------------------------------------------------------- IPv6 Address : FC00:2::2 Link-layer : 2cab-0098-15d6 State : STALE Interface : GE1/0/2.2 Age : 00h11m34s VLAN : 20 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 20 IPv6 Address : FE80::2EAB:FF:FE98:15D6 Link-layer : 2cab-0098-15d6 State : STALE Interface : GE1/0/2.2 Age : 00h11m36s VLAN : 20 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 20 ----------------------------------------------------------------------------- Total: 2 Dynamic: 2 Static: 0
# 查看VTEP3上VPN实例vpn1的ND表。
[VTEP3] display ipv6 neighbors vpn-instance vpn1 ----------------------------------------------------------------------------- IPv6 Address : FC00:1::2 Link-layer : 0487-ea01-0506 State : STALE Interface : GE1/0/2.1 Age : 00h15m49s VLAN : 10 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 10 IPv6 Address : FE80::687:EAFF:FE01:506 Link-layer : 0487-ea01-0506 State : REACH Interface : GE1/0/2.1 Age : 00h00m16s VLAN : 10 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 10 IPv6 Address : FC00:1::3 Link-layer : 000b-099d-eb3b State : STALE Interface : GE1/0/2.1 Age : 00h11m25s VLAN : 10 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 10 IPv6 Address : FE80::20B:9FF:FE9D:EB3B Link-layer : 000b-099d-eb3b State : STALE Interface : GE1/0/2.1 Age : 00h17m00s VLAN : 10 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 10 IPv6 Address : FC00:2::3 Link-layer : 000b-099d-fb3b State : STALE Interface : GE1/0/2.2 Age : 00h12m17s VLAN : 20 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 20 IPv6 Address : FE80::20B:9FF:FE9D:FB3B Link-layer : 000b-099d-fb3b State : STALE Interface : GE1/0/2.2 Age : 00h12m19s VLAN : 20 CEVLAN: - VPN name : vpn1 Is Router: TRUE Bridge-domain: 20 ----------------------------------------------------------------------------- Total: 6 Dynamic: 6 Static: 0
通过对比查看迁移前后VTEP2和VTEP3的ND表项,以及迁移前后VTEP1的路由表,可以发现迁移后虚拟机在VTEP2的ND表项被删除,并被VTEP3重新获得,VTEP1关于虚拟机的主机路由也从VTEP2切换到VTEP3,保证了迁移后网络的互通。
配置文件
VTEP1的配置文件
# sysname VTEP1 # ipv6 # ip vpn-instance vpn1 ipv6-family route-distinguisher 1:100 vpn-target 1:100 export-extcommunity evpn vpn-target 1:100 import-extcommunity evpn vxlan vni 100 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.1.2 255.255.255.0 # interface GigabitEthernet1/0/2 undo portswitch ip address 192.168.2.1 255.255.255.0 # interface LoopBack1 ip address 10.1.1.1 255.255.255.255 # interface Nve1 source 10.1.1.1 # bgp 100 router-id 10.1.1.1 peer 10.2.2.2 as-number 100 peer 10.2.2.2 connect-interface LoopBack1 peer 10.3.3.3 as-number 100 peer 10.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization default-route imported import-route direct import-route static peer 10.2.2.2 enable peer 10.3.3.3 enable # l2vpn-family evpn policy vpn-target peer 10.2.2.2 enable peer 10.2.2.2 advertise irbv6 peer 10.3.3.3 enable peer 10.3.3.3 advertise irbv6 # ipv6-family vpn-instance vpn1 default-route imported import-route direct import-route static advertise l2vpn evpn # ospf 1 router-id 10.1.1.1 area 0.0.0.0 network 10.1.1.1 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 # ipv6 route-static vpn-instance vpn1 :: 0 NULL0 # return
VTEP2的配置文件
# sysname VTEP2 # ipv6 # vcmp role silent # ip vpn-instance vpn1 ipv6-family route-distinguisher 2:100 vpn-target 1:100 export-extcommunity evpn vpn-target 1:100 import-extcommunity evpn vxlan vni 100 # evpn vpn-instance evpn10 bd-mode route-distinguisher 1:10 vpn-target 1:100 10:1 export-extcommunity vpn-target 10:1 import-extcommunity # evpn vpn-instance evpn20 bd-mode route-distinguisher 1:20 vpn-target 1:100 20:1 export-extcommunity vpn-target 20:1 import-extcommunity # bridge-domain 10 vxlan vni 10 evpn binding vpn-instance evpn10 bridge-domain 20 vxlan vni 20 evpn binding vpn-instance evpn20 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.1.1 255.255.255.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface GigabitEthernet1/0/2.2 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface LoopBack1 ip address 10.2.2.2 255.255.255.255 # interface Vbdif10 mac-address 0000-5e00-0101 ip binding vpn-instance vpn1 ipv6 enable ipv6 address FC00:1::1/64 ipv6 nd collect host enable ipv6 nd distribute-gateway enable # interface Vbdif20 mac-address 0000-5e00-0102 ip binding vpn-instance vpn1 ipv6 enable ipv6 address FC00:2::1/64 ipv6 nd collect host enable ipv6 nd distribute-gateway enable # interface Nve1 source 10.2.2.2 vni 10 head-end peer-list protocol bgp vni 20 head-end peer-list protocol bgp # bgp 100 router-id 10.2.2.2 peer 10.1.1.1 as-number 100 peer 10.1.1.1 connect-interface LoopBack1 peer 10.3.3.3 as-number 100 peer 10.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 10.1.1.1 enable peer 10.3.3.3 enable # l2vpn-family evpn policy vpn-target peer 10.1.1.1 enable peer 10.1.1.1 advertise irbv6 peer 10.3.3.3 enable peer 10.3.3.3 advertise irbv6 # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ospf 1 router-id 10.2.2.2 area 0.0.0.0 network 10.2.2.2 0.0.0.0 network 192.168.1.0 0.0.0.255 # return
VTEP3的配置文件
# sysname VTEP3 # ipv6 # vcmp role silent # ip vpn-instance vpn1 ipv6-family route-distinguisher 3:100 vpn-target 1:100 export-extcommunity evpn vpn-target 1:100 import-extcommunity evpn vxlan vni 100 # evpn vpn-instance evpn10 bd-mode route-distinguisher 2:10 vpn-target 1:100 10:1 export-extcommunity vpn-target 10:1 import-extcommunity # evpn vpn-instance evpn20 bd-mode route-distinguisher 2:20 vpn-target 1:100 20:1 export-extcommunity vpn-target 20:1 import-extcommunity # bridge-domain 10 vxlan vni 10 evpn binding vpn-instance evpn10 bridge-domain 20 vxlan vni 20 evpn binding vpn-instance evpn20 # interface GigabitEthernet1/0/1 undo portswitch ip address 192.168.2.2 255.255.255.0 # interface GigabitEthernet1/0/2 port link-type trunk # interface GigabitEthernet1/0/2.1 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface GigabitEthernet1/0/2.2 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface LoopBack1 ip address 10.3.3.3 255.255.255.255 # interface Vbdif10 mac-address 0000-5e00-0101 ip binding vpn-instance vpn1 ipv6 enable ipv6 address FC00:1::1/64 ipv6 nd collect host enable ipv6 nd distribute-gateway enable # interface Vbdif20 mac-address 0000-5e00-0102 ip binding vpn-instance vpn1 ipv6 enable ipv6 address FC00:2::1/64 ipv6 nd collect host enable ipv6 nd distribute-gateway enable # interface Nve1 source 10.3.3.3 vni 10 head-end peer-list protocol bgp vni 20 head-end peer-list protocol bgp # bgp 100 router-id 10.3.3.3 peer 10.1.1.1 as-number 100 peer 10.1.1.1 connect-interface LoopBack1 peer 10.2.2.2 as-number 100 peer 10.2.2.2 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 10.1.1.1 enable peer 10.2.2.2 enable # l2vpn-family evpn policy vpn-target peer 10.1.1.1 enable peer 10.1.1.1 advertise irbv6 peer 10.2.2.2 enable peer 10.2.2.2 advertise irbv6 # ipv6-family vpn-instance vpn1 import-route direct advertise l2vpn evpn # ospf 1 router-id 10.3.3.3 area 0.0.0.0 network 10.3.3.3 0.0.0.0 network 192.168.2.0 0.0.0.255 # return
Switch2的配置文件
# sysname Switch2 # vlan batch 10 20 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 10 20 # interface GigabitEthernet1/0/2 port link-type access port default vlan 10 # interface GigabitEthernet1/0/3 port link-type access port default vlan 20 # return
Switch3的配置文件
# sysname Switch3 # vlan batch 10 20 # interface GigabitEthernet1/0/1 port link-type trunk port trunk allow-pass vlan 10 20 # interface GigabitEthernet1/0/2 port link-type access port default vlan 10 # interface GigabitEthernet1/0/3 port link-type access port default vlan 20 # return
