1、VxLAN拓扑图
2、配置步骤
2.1 名词解释
VNl【VirtualNetworkInstance 虚拟网络实例】:类似于vlan实例,表征着一种服务(service)(VNI(VXLAN Network Identifier,VXLAN 网络标识符),VNI是一种类似于VLAN ID的用户标识,一个VNI代表了一个租户,属于不同VNI的虚拟机之间不能直接进行二层通信。VXLAN报文封装时,给VNI分配了24比特的长度空间,使其可以支持海量租户的隔离)
VNID【Virtual Networkldentifier虚拟网络标识符】:类似于vlan id
NVE【Network Virtualization Edge 网络虚拟边界】:启VxLAN的设备
VTEP VxLAN TunnelEnd-Point|VxLAN隧道终点):VxLAN网络中的NVE以VTEP来进行标识的,使用ip地址进行表示;两个VTEP可以确定一条VxLAN隧道,VTEP间的这条VxLAN隧道将被两个NVE间的所有VNIVNI所公有(VTEP(VXLAN Tunnel Endpoints,VXLAN隧道端点)是VXLAN网络的边缘设备,是VXLAN隧道的起点和终点,VXLAN对用户原始数据帧的封装和解封装均在VTEP上进行。)
2.2配置步骤
1)BD域:VXLAN中的“同一大二层域”,就类似于传统网络中VLAN(虚拟局域网)的概念,叫做Bridge-Domain,简称BD。BD域用于桥接不同的二层网络,不同的BD是通过VNI来区分的,BD与VNI是1:1的映射关系。
bridge-domain 10 //表示创建一个“大二层广播域”BD,其编号为10
vxlan vni 5000 //表示在BD 10下,指定与之关联的VNI为5000
#
<HUAWEI> display vxlan vni
Number of vxlan vni : 1
VNI BD-ID State
---------------------------------------
5000 10 up
BD与VNI是绑定关系,将交换机上不同的二层接口划分到BD域下,就能确定报文要经过的VXLAN隧道。
2)将不同的二层接口(Vlan)划分到不同的BD下,实现VM通过进入不同的Vxlan隧道。
interface 10GE1/0/1.1 mode l2 //创建二层子接口10GE1/0/1.1
encapsulation dot1q vid 10 //只允许携带VLAN Tag 10的报文进入VXLAN隧道
bridge-domain 10 //指定报文进入的是BD 10
#
interface 10GE1/0/1.2 mode l2 //创建二层子接口10GE1/0/1.2
encapsulation untag //只允许不携带VLAN Tag的报文进入VXLAN隧道
bridge-domain 20 //指定报文进入的是BD 20
#
3)VxLAN隧道建立
interface Nve1 //创建逻辑接口NVE 1
source 1.1.1.1 //配置源VTEP的IP地址(推荐使用Loopback接口的IP地址)
vni 5000 head-end peer-list 2.2.2.2
vni 5000 head-end peer-list 2.2.2.3
#
<HUAWEI> display vxlan vni 5000 verbose
BD ID : 10
State : up
NVE : 288
Source Address : 1.1.1.1
Source IPv6 Address : -
UDP Port : 4789
BUM Mode : head-end
Group Address : -
Peer List : 2.2.2.2 2.2.2.3
IPv6 Peer List : -
3、详细配置
CE2:
[ce2]display current-configuration
!Software Version V200R005C10SPC607B607
!Last configuration was updated at 2024-07-31 18:30:28+00:00
!Last configuration was saved at 2024-07-31 17:55:59+00:00
#
sysname ce2
#
device board 17 board-type CE-MPUB
device board 1 board-type CE-LPUE
#
bridge-domain 10
vxlan vni 5000
#
aaa
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
#
interface GE1/0/0.1 mode l2
encapsulation dot1q vid 10
bridge-domain 10
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 20.1.1.2 255.255.255.0
#
interface GE1/0/2
shutdown
#
interface GE1/0/3
shutdown
#
interface GE1/0/4
shutdown
#
interface GE1/0/5
shutdown
#
interface GE1/0/6
shutdown
#
interface GE1/0/7
shutdown
#
interface GE1/0/8
shutdown
#
interface GE1/0/9
shutdown
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Nve1
source 1.1.1.1
vni 5000 head-end peer-list 3.3.3.3
#
interface NULL0
#
ospf 100 router-id 1.1.1.1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 20.1.1.0 0.0.0.255
#
ssh authorization-type default aaa
#
ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_
cbc aes128_cbc 3des_cbc
#
ssh server dh-exchange min-len 1024
#
ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_
cbc aes128_cbc 3des_cbc
#
user-interface con 0
#
vm-manager
#
return
[ce2]
CE3:
[ce3]display current-configuration
!Software Version V200R005C10SPC607B607
!Last configuration was updated at 2024-07-31 18:31:14+00:00
!Last configuration was saved at 2024-07-31 17:28:00+00:00
#
sysname ce3
#
device board 17 board-type CE-MPUB
device board 1 board-type CE-LPUE
#
bridge-domain 10
//表示创建一个“大二层广播域”BD,其编号为10
vxlan vni 5000
//表示在BD 10下,指定与之关联的VNI为5000
#
aaa
#
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
domain default_admin
#
interface MEth0/0/0
undo shutdown
#
interface GE1/0/0
undo shutdown
#
interface GE1/0/0.1 mode l2
//创建二层子接口10GE1/0/1.1
encapsulation dot1q vid 20
//只允许携带VLAN Tag 10的报文进入VXLAN隧道
bridge-domain 10
//指定报文进入的是BD 10
#
interface GE1/0/1
undo portswitch
undo shutdown
ip address 30.1.1.2 255.255.255.0
#
interface GE1/0/2
shutdown
#
interface GE1/0/3
shutdown
#
interface GE1/0/4
shutdown
#
interface GE1/0/5
shutdown
#
interface GE1/0/6
shutdown
#
interface GE1/0/7
shutdown
#
interface GE1/0/8
shutdown
#
interface GE1/0/9
shutdown
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
interface Nve1
source 3.3.3.3
vni 5000 head-end peer-list 1.1.1.1
#
interface NULL0
#
ospf 100 router-id 3.3.3.3
area 0.0.0.0
network 3.3.3.3 0.0.0.0
network 30.1.1.0 0.0.0.255
#
ssh authorization-type default aaa
#
ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_
cbc aes128_cbc 3des_cbc
#
ssh server dh-exchange min-len 1024
#
ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_
cbc aes128_cbc 3des_cbc
#
user-interface con 0
#
vm-manager
#
return
[ce3]