目录
文章目录
- 目录
- L2 vSwitch
- L2 vSwitch 操作指令集合
- MAC address
- ARP
- Bridge Domain
- 应用示例
- L2 Switching
- VLAN L2 Switcing
L2 vSwitch
VPP 实现的 VLAN 转发模型类似于 Linux Bridge,称之为 Bridge Domain。VPP 的接口模式默认为 L3 模式,将接口挂载到 Bridge Domain 之后,即可转换为 L2 模式。
VPP 可以作为一个现成的 L2 vSwitch,支持创建:
- Bridge Domains
- Ports (including tunnel ports)
- Connect ports to bridge domains
- Program ARP termination
- etc…
L2 vSwitch 操作指令集合
MAC address
# 设置接口的 MAC 地址。
set int mac address GigabitEthernet2/0/0 00:00:00:00:00:00
# 查看 L2 转发 MAC 表
show l2fib [all] | [bd_id <nn> | bd_index <nn>] [learn | add] | [raw]
# 添加 L2 转发 MAC 表记录
set l2fib add fa:16:3e:b0:a9:71 834 BondEthernet0.834
ARP
# 查看 ARP 学习表
show ip neighbor
# 设置静态 ARP
set ip neighbor GigabitEthernet2/6/0 192.168.2.2 00:0c:29:dc:96:f8
Bridge Domain
# 创建 Bridge Domain(vSwitch)
create bridge-domain 100
# 查看 Bridge Domain(vSwitch)
show bridge-domain 100 detail
# 将接口挂载到指定的 Bridge Domain(vSwitch)
set interface l2 bridge <interface> <bridge-domain-id> [bvi|uu-fwd] [shg]
# 将接口移出 Bridge Domain(vSwitch),set l3 == del l2
set interface l3 GigabitEthernet0/a/0.200
应用示例
L2 Switching
使用 VPP1 充当 L2 vSwitch 的角色。
- 在 Linux 上创建 veth pair vpp1out-vpp1host,其中 vpp1out 用于 VPP1 host-interface,vpp1host 作为 Linux Host Network Interface,配置好 IP 地址。
$ sudo ip link add name vpp1out type veth peer name vpp1host
$ sudo ip link set dev vpp1out up
$ sudo ip link set dev vpp1host up
$ sudo ip addr add 10.10.1.1/24 dev vpp1host
- 在 VPP 上创建 host-interface host-vpp1out。
vpp# create host-interface name vpp1out
host-vpp1out
vpp# show hardware
Name Idx Link Hardware
host-vpp1out 1 up host-vpp1out
Link speed: unknown
Ethernet address 02:fe:e6:fc:17:1e
Linux PACKET socket interface
...
vpp# set int state host-vpp1out up
vpp# show int
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
host-vpp1out 1 up 9000/0/0/0
local0 0 down 0/0/0/0
- 在 Linux 上创建 veth pair vpp1vpp2-vpp2vpp1,其中 vpp1vpp2 用于 VPP1 host-interface,vpp2vpp1 作为 VPP2 host-interface。
$ sudo ip link add name vpp1vpp2 type veth peer name vpp2vpp1
$ sudo ip link set dev vpp1vpp2 up
$ sudo ip link set dev vpp2vpp1 up
- 在 VPP1 上创建 host-interface host-vpp1vpp2。
vpp# create host-interface name vpp1vpp2
host-vpp1vpp2
vpp# show hardware
Name Idx Link Hardware
host-vpp1vpp2 2 up host-vpp1vpp2
Link speed: unknown
Ethernet address 02:fe:41:4e:24:6f
Linux PACKET socket interface
...
vpp# set int state host-vpp1vpp2 up
vpp# show int
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
host-vpp1out 1 up 9000/0/0/0 rx packets 8
rx bytes 560
drops 8
ip6 8
host-vpp1vpp2 2 up 9000/0/0/0
local0 0 down 0/0/0/0
- 在 VPP1 上创建 host-interface host-vpp2vpp1。
vpp# create host-interface name vpp2vpp1
host-vpp2vpp1
vpp# show hardware
Name Idx Link Hardware
host-vpp2vpp1 1 up host-vpp2vpp1
Link speed: unknown
Ethernet address 02:fe:5d:5e:17:8f
Linux PACKET socket interface
...
vpp# set int state host-vpp2vpp1 up
vpp# show int
Name Idx State MTU (L3/IP4/IP6/MPLS) Counter Count
host-vpp2vpp1 1 up 9000/0/0/0
local0 0 down 0/0/0/0
- Configure Bridge Domain on vpp1 and add host-interface to bridge domain ID 1(NOTE:bridge domain ID 0 是无效的,我们应该创建 bridge domain 1)。
vpp# show bridge-domain
no bridge-domains in use
vpp# set int l2 bridge host-vpp1out 1
vpp# set int l2 bridge host-vpp1vpp2 1
vpp# show bridge-domain 1 detail
BD-ID Index BSN Age(min) Learning U-Forwrd UU-Flood Flooding ARP-Term arp-ufwd BVI-Intf
1 1 off on on flood on off off N/A
span-l2-input l2-input-classify l2-input-feat-arc l2-policer-classify l2-input-acl vpath-input-l2 l2-ip-qos-record l2-input-vtr l2-gbp-lpm-classify gbp-src-classify gbp-null-classify l2-gbp-lpm-anon-classify gbp-learn-l2 l2-emulation l2-learn l2-rw l2-fwd gbp-fwd l2-flood l2-flood l2-output
Interface If-idx ISN SHG BVI TxFlood VLAN-Tag-Rewrite
host-vpp1out 1 1 0 - * none
host-vpp1vpp2 2 1 0 - * none
- Configure loopback interface on vpp2
vpp# create loopback interface
loop0
vpp# set int state loop0 up
vpp# set int ip address loop0 10.10.1.2/24
vpp# show inter addr
host-vpp2vpp1 (up):
local0 (dn):
loop0 (up):
L3 10.10.1.2/24
- Configure bridge domain on vpp2: Add interface loop0 as a bvi (bridge virtual interface) to bridge domain 1 and Add interface vpp2vpp1 to bridge domain 1.
vpp# set int l2 bridge loop0 1 bvi
vpp# set int l2 bridge host-vpp2vpp1 1
vpp# show bridge-domain 1 detail
BD-ID Index BSN Age(min) Learning U-Forwrd UU-Flood Flooding ARP-Term arp-ufwd BVI-Intf
1 1 off on on flood on off off loop0
span-l2-input l2-input-classify l2-input-feat-arc l2-policer-classify l2-input-acl vpath-input-l2 l2-ip-qos-record l2-input-vtr l2-gbp-lpm-classify gbp-src-classify gbp-null-classify l2-gbp-lpm-anon-classify gbp-learn-l2 l2-emulation l2-learn l2-rw l2-fwd gbp-fwd l2-flood l2-flood l2-output
Interface If-idx ISN SHG BVI TxFlood VLAN-Tag-Rewrite
loop0 2 1 0 * * none
host-vpp2vpp1 1 1 0 - * none
- Ping from host to vpp2 and vpp2 to host
$ ping 10.10.1.2
PING 10.10.1.2 (10.10.1.2) 56(84) bytes of data.
64 bytes from 10.10.1.2: icmp_seq=1 ttl=64 time=0.534 ms
- 查看 VPP1 L2 FIB(MAC 映射表):
vpp# show l2fib verbose
Mac-Address BD-Idx If-Idx BSN-ISN Age(min) static filter bvi Interface-Name
b6:36:04:ba:af:ac 1 2 0/1 - - - - host-vpp1vpp2
aa:ac:58:9d:9b:33 1 1 0/1 - - - - host-vpp1out
de:ad:00:00:00:00 1 2 0/1 - - - - host-vpp1vpp2
c2:31:59:d8:27:26 1 2 0/1 - - - - host-vpp1vpp2
L2FIB total/learned entries: 4/4 Last scan time: 0.0000e0sec Learn limit: 16777216
- 查看 VPP2 L2 FIB(MAC 映射表)和 ARP 表:
vpp# show l2fib verbose
Mac-Address BD-Idx If-Idx BSN-ISN Age(min) static filter bvi Interface-Name
b6:36:04:ba:af:ac 1 1 0/1 - - - - host-vpp2vpp1
aa:ac:58:9d:9b:33 1 1 0/1 - - - - host-vpp2vpp1
de:ad:00:00:00:00 1 2 0/0 no * - * loop0
L2FIB total/learned entries: 3/2 Last scan time: 0.0000e0sec Learn limit: 16777216
vpp# show ip neighbor
Time IP Flags Ethernet Interface
1396.0497 10.10.1.1 D aa:ac:58:9d:9b:33 loop0
VLAN L2 Switcing
- GE1 接口为 Access 模式,加入到 VLAN 10 中;
- GE2 接口为 Trunk 模式,允许 VLAN 10 和 VLAN 11 的报文通过;
- 创建 GE2 接口的 802.1q 类型子接口 GE2.10,加入到 VLAN 10 中,并修改 GE2.10 的 L2 Rewrite 类型为 pop-1(转发带单层 VLAN Tag)。
- 创建 GE2 接口的 802.1q 类型子接口 GE2.11,加入到 VLAN 11 中,并修改 GE2.11 的 L2 Rewrite 类型为 pop-1(转发带单层 VLAN Tag)。
- GE3 接口为 Access 模式,加入到 VLAN 11 中;
配置步骤:
# VLAN 10
create bridge-domain 10
set interface l2 bridge GigabitEthernet1/0/0 10
create sub-interfaces GigabitEthernet2/0/0 10 dot1q 10
set interface l2 bridge GigabitEthernet2/0/0.10 10
set interface l2 tag-rewrite GigabitEthernet2/0/0.10 pop 1
show bridge-domain 10 detail
# VLAN 11
create bridge-domain 11
set interface l2 bridge GigabitEthernet3/0/0 11
create sub-interfaces GigabitEthernet2/0/0 11 dot1q 11
set interface l2 bridge GigabitEthernet2/0/0.11 11
set interface l2 tag-rewrite GigabitEthernet2/0/0.11 pop 1
show bridge-domain 11 detail
