华为基于evpn的vxlan测试(包含微分段)

最新推荐文章于 2024-04-14 13:22:15 发布
最新推荐文章于 2024-04-14 13:22:15 发布
阅读量1k 收藏 1
点赞数
文章标签: HCIE DCN 华为 vxlan
版权声明:本文为博主原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。
本文链接:https://blog.csdn.net/cloud_engineer/article/details/130181128
版权

1 环境搭建

本环境为真实交换机环境配置,如果您采用华为ensp模拟器参照配置,会有一些配置无法实现或者有微小差异。

图片.png

3 underlay配置

3.1 gz-sprine1

interface 40GE7/0/1
 undo portswitch
 ip address 10.210.244.37 255.255.255.252
 ospf network-type p2p
 device transceiver 40GBASE-FIBER
#
interface 40GE7/0/2
 undo portswitch
 ip address 10.210.244.41 255.255.255.252
 ospf network-type p2p
 device transceiver 40GBASE-FIBER
#
interface 40GE7/0/3
 undo portswitch
 ip address 10.210.244.53 255.255.255.252
 ospf network-type p2p
 device transceiver 40GBASE-FIBER
#
interface 40GE7/0/4
 undo portswitch
 ip address 10.210.244.57 255.255.255.252
 ospf network-type p2p
 device transceiver 40GBASE-FIBER
#
interface LoopBack0
 description VTEP-IP/route-id
 ip address 10.210.245.1 255.255.255.255

ospf 1 router-id 10.210.245.1
 area 0.0.0.0
  network 10.210.244.36 0.0.0.3
  network 10.210.244.40 0.0.0.3
  network 10.210.244.52 0.0.0.3
  network 10.210.244.56 0.0.0.3
  network 10.210.245.1 0.0.0.0
bgp 65535
 router-id 10.210.245.1
 undo default ipv4-unicast
 peer 10.210.245.3 as-number 65535
 peer 10.210.245.3 connect-interface LoopBack0
 peer 10.210.245.4 as-number 65535
 peer 10.210.245.4 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo peer 10.210.245.3 enable
  undo peer 10.210.245.4 enable
 #
 l2vpn-family evpn
  undo policy vpn-target
  peer 10.210.245.3 enable
  peer 10.210.245.3 advertise irb
  peer 10.210.245.3 reflect-client
  peer 10.210.245.4 enable
  peer 10.210.245.4 advertise irb
  peer 10.210.245.4 reflect-client

3.2 gz-leaf1

# gz-leaf1
evpn-overlay enable

interface 100GE1/0/1
 undo portswitch
 ip address 10.210.244.38 255.255.255.252
 ospf network-type p2p
 ospf peer hold-max-cost timer 800000
 device transceiver 40GBASE-FIBER

interface 100GE1/0/2
 undo portswitch
 ip address 10.210.244.54 255.255.255.252
 ospf network-type p2p
 ospf peer hold-max-cost timer 800000
 device transceiver 40GBASE-FIBER

interface LoopBack0
 description VTEP-IP/route-id
 ip address 10.210.245.4 255.255.255.255

ospf 1 router-id 10.210.245.138
 area 0.0.0.0
  network 10.210.244.36 0.0.0.3
  network 10.210.244.52 0.0.0.3
  network 10.210.245.3 0.0.0.0

bgp 65535
 router-id 10.210.245.3
 undo default ipv4-unicast
 peer 10.210.245.1 as-number 65535
 peer 10.210.245.1 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo peer 10.210.245.1 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 10.210.245.1 enable
  peer 10.210.245.1 advertise irb

3.3 gz-leaf2

# gz-leaf2
evpn-overlay enable

interface 100GE1/0/1
 undo portswitch
 ip address 10.210.244.42 255.255.255.252
 ospf network-type p2p
 ospf peer hold-max-cost timer 800000
 device transceiver 40GBASE-FIBER

interface 100GE1/0/2
 undo portswitch
 ip address 10.210.244.58 255.255.255.252
 ospf network-type p2p
 ospf peer hold-max-cost timer 800000
 device transceiver 40GBASE-FIBER

interface LoopBack0
 description VTEP-IP/route-id
 ip address 10.210.245.4 255.255.255.255

ospf 1 router-id 10.210.245.138
 area 0.0.0.0
  network 10.210.244.40 0.0.0.3
  network 10.210.244.56 0.0.0.3
  network 10.210.245.4 0.0.0.0

bgp 65535
 router-id 10.210.245.4
 undo default ipv4-unicast
 peer 10.210.245.132 as-number 65535
 peer 10.210.245.132 connect-interface LoopBack0
 #
 ipv4-family unicast
  undo peer 10.210.245.132 enable
 #
 l2vpn-family evpn
  policy vpn-target
  peer 10.210.245.132 enable
  peer 10.210.245.132 advertise irb
#

4 分布式网关l2-gateway方式

4.1 Nve配置

# gz-leaf1:

interface Nve1
 source 10.210.245.3
 vni 10 head-end peer-list protocol bgp

# gz-leaf2

interface Nve1
 source 10.210.245.4
 vni 10 head-end peer-list protocol bgp

#

4.2 BD配置

# gz-leaf1:

bridge-domain 10
 vxlan vni 10
 #
 evpn
  route-distinguisher 10:1
  vpn-target 10:1 export-extcommunity
  vpn-target 10:1 import-extcommunity
 arp broadcast-suppress enable

# gz-leaf2:

bridge-domain 10
 vxlan vni 10
 #
 evpn
  route-distinguisher 10:1
  vpn-target 10:1 export-extcommunity
  vpn-target 10:1 import-extcommunity
 arp broadcast-suppress enable

4.3 vlan to vxlan配置

# gz-leaf1:
interface 10GE1/0/47.100 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10

# gz-leaf2:

interface 10GE1/0/47.100 mode l2
 encapsulation dot1q vid 10
 bridge-domain 10

4.4 查询相关的信息

4.4.1 leaf交换机
gz-leaf1:

display mac-address bridge-domain 10
Flags: * - Backup  
       # - forwarding logical interface, operations cannot be performed based 
           on the interface.
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/BD       Learned-From        Type                Age
-------------------------------------------------------------------------------
c08c-6066-54d4 -/10          10.210.245.4        evn                 265561
-------------------------------------------------------------------------------
Total items: 1

display mac-address | i 1/0/47
Flags: * - Backup  
       # - forwarding logical interface, operations cannot be performed based 
           on the interface.
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/BD       Learned-From        Type                Age
-------------------------------------------------------------------------------
c08c-6074-d084 1/-           10GE1/0/47          dynamic             287863
c08c-6074-d084 -/10          10GE1/0/47.100      dynamic                  9
-------------------------------------------------------------------------------
Total items: 17

display bgp evpn all routing-table                           
 Route Distinguisher: 10:1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>i   0:48:c08c-6066-54d4:0:0.0.0.0                          10.210.245.4                                 
 *>    0:48:c08c-6074-d084:0:0.0.0.0                          0.0.0.0  

2类路由:
EVPN-Instance 10:
 Number of Mac Routes: 1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:c08c-6066-54d4:0:0.0.0.0                          0.0.0.0  


4类路由:
 EVPN-Instance 10:
 Number of Inclusive Multicast Routes: 2
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
 *>    0:32:10.210.245.3                                      0.0.0.0                                      
 *>i   0:32:10.210.245.4                                      10.210.245.4 

gz-leaf2:

display mac-address bridge-domain 10
Flags: * - Backup  
       # - forwarding logical interface, operations cannot be performed based 
           on the interface.
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/BD       Learned-From        Type                Age
-------------------------------------------------------------------------------
c08c-6066-54d4 -/10          10GE1/0/47.100      dynamic             265608
-------------------------------------------------------------------------------
Total items: 1

display mac-address | i 1/0/47
Flags: * - Backup  
       # - forwarding logical interface, operations cannot be performed based 
           on the interface.
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/BD       Learned-From        Type                Age
-------------------------------------------------------------------------------
c08c-6066-54d4 1/-           10GE1/0/47          dynamic             339739
c08c-6066-54d4 -/10          10GE1/0/47.100      dynamic             339739
-------------------------------------------------------------------------------
Total items: 6



display bgp evpn all routing-table:

2类路由:

Route Distinguisher: 10:1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:c08c-6066-54d4:0:0.0.0.0                          0.0.0.0

4类路由:

EVPN-Instance 10:
 Number of Inclusive Multicast Routes: 2
       Network(EthTagId/IpAddrLen/OriginalIp)                 NextHop
 *>i   0:32:10.210.245.3                                      10.210.245.3                                 
 *>    0:32:10.210.245.4                                      0.0.0.0
4.4.2 虚拟机

二层vni数据层面,traceroute只有一跳

R1#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
R1#traceroute 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.2.2
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.2.2 0 msec 0 msec * 

R2#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R2#traceroute 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.2.2
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.2.2 0 msec 0 msec *

5 分布式网关l3-gateway方式

5.1 Nve配置

# gz-leaf1:

interface Nve1
 source 10.210.245.3
# 三层不需要头端复制这条 vni 10 head-end peer-list protocol bgp

# gz-leaf2

interface Nve1
 source 10.210.245.4
# 三层不需要头端复制这条 vni 10 head-end peer-list protocol bgp

5.2 BD配置

# gz-leaf1:

bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 10:1
  vpn-target 10:1 export-extcommunity
  vpn-target 10:10 export-extcommunity   #必须配置,否则路由不通
  vpn-target 10:1 import-extcommunity
 arp broadcast-suppress enable
 arp l2-proxy gateway-mac     #配置l2-proxy网关代答才会走三层vni

#  gz-leaf2:

bridge-domain 10
 vxlan vni 10
 evpn
  route-distinguisher 10:1
  vpn-target 10:1 export-extcommunity 
  vpn-target 10:10 export-extcommunity   #必须配置,否则路由不通
  vpn-target 10:1 import-extcommunity
 arp broadcast-suppress enable
 arp l2-proxy gateway-mac                #配置l2-proxy网关代答才会走三层vni

5.3 vrf配置

走三层一定要配置vrf,因为2个leaf直接走的是三层vni

# gz-leaf1:

ip vpn-instance vpn10
 ipv4-family
  route-distinguisher 10:10
  vpn-target 10:10 export-extcommunity evpn
  vpn-target 10:10 import-extcommunity evpn
 vxlan vni 100

# gz-leaf2:

ip vpn-instance vpn10
 ipv4-family
  route-distinguisher 10:10
  vpn-target 10:10 export-extcommunity evpn
  vpn-target 10:10 import-extcommunity evpn
 vxlan vni 100
#

5.4 vbdif接口配置

# gz-leaf1:

interface Vbdif10
 ip binding vpn-instance vpn10
 ip address 192.168.2.254 255.255.255.0
 arp distribute-gateway enable
 mac-address 0000-8888-0010
 vxlan anycast-gateway enable
 arp collect host enable

# gz-leaf2:
interface Vbdif10
 ip binding vpn-instance vpn10
 ip address 192.168.2.254 255.255.255.0
 arp distribute-gateway enable
 mac-address 0000-8888-0010
 vxlan anycast-gateway enable
 arp collect host enable

没有启用三层接口无类似0:48:c08c-6066-54d4:32:192.168.2.2这样的路由。

5.5 启用irb的宣告

# gz-leaf1:

bgp 65535
  l2vpn-family evpn
    peer 10.210.245.133 advertise irb

# gz-leaf2:

bgp 65535
  l2vpn-family evpn
    peer 10.210.245.133 advertise irb

5.6 查询相关的信息

5.6.1 leaf交换机
# gz-leaf1:

display mac-address bridge-domain 10 :
Flags: * - Backup  
       # - forwarding logical interface, operations cannot be performed based 
           on the interface.
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/BD       Learned-From        Type                Age
-------------------------------------------------------------------------------
c08c-6066-54d4 -/10          10.210.245.4        evn                 254571
c08c-6074-d084 -/10          10GE1/0/47.100      dynamic                 10
-------------------------------------------------------------------------------
Total items: 2

display arp | i vpn10  :
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN: VLAN or Bridge Domain

IP ADDRESS      MAC ADDRESS    EXP(M) TYPE/VLAN       INTERFACE        VPN-INSTANCE
----------------------------------------------------------------------------------------
192.168.2.254   0000-8888-0010        I               Vbdif10          vpn10
192.168.2.1     c08c-6074-d084   11   D/BD10          10GE1/0/47.100   vpn10
----------------------------------------------------------------------------------------
Total:24         Dynamic:15       Static:0    Interface:9    OpenFlow:0
Redirect:0


display bgp evpn all routing-table  :
 Route Distinguisher: 10:1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:0000-8888-0010:0:0.0.0.0                          0.0.0.0                                      
 *>i   0:48:c08c-6066-54d4:0:0.0.0.0                          10.210.245.4                                 
 *>i   0:48:c08c-6066-54d4:32:192.168.2.2                     10.210.245.4                                 
 *>    0:48:c08c-6074-d084:0:0.0.0.0                          0.0.0.0                                      
 *>    0:48:c08c-6074-d084:32:192.168.2.1                     0.0.0.0 

display ip routing-table vpn-instance vpn10 :
Proto: Protocol        Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn10
         Destinations : 6        Routes : 6         

Destination/Mask    Proto   Pre  Cost        Flags NextHop                                  Interface                              
    192.168.2.0/24  Direct  0    0             D   192.168.2.254                            Vbdif10
    192.168.2.2/32  IBGP    255  0             RD  10.210.245.4                             VXLAN
  192.168.2.254/32  Direct  0    0             D   127.0.0.1                                Vbdif10
  192.168.2.255/32  Direct  0    0             D   127.0.0.1                                Vbdif10
255.255.255.255/32  Direct  0    0             D   127.0.0.1                                InLoopBack0

# gz-leaf2:

display mac-address bridge-domain 10 :
Flags: * - Backup  
       # - forwarding logical interface, operations cannot be performed based 
           on the interface.
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/BD       Learned-From        Type                Age
-------------------------------------------------------------------------------
c08c-6066-54d4 -/10          10GE1/0/47.100      dynamic             254640
c08c-6074-d084 -/10          10.210.245.3        evn                     77
-------------------------------------------------------------------------------
Total items: 2

display arp | i vpn10  :
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN: VLAN or Bridge Domain

IP ADDRESS      MAC ADDRESS    EXP(M) TYPE/VLAN       INTERFACE        VPN-INSTANCE
----------------------------------------------------------------------------------------
192.168.2.254   0000-8888-0010        I               Vbdif10          vpn10
192.168.2.2     c08c-6066-54d4    3   D/BD10          10GE1/0/47.100   vpn10
----------------------------------------------------------------------------------------
Total:16         Dynamic:9       Static:0    Interface:7    OpenFlow:0
Redirect:0


display bgp evpn all routing-table :

 Route Distinguisher: 10:1
       Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr)  NextHop
 *>    0:48:0000-8888-0010:0:0.0.0.0                          0.0.0.0                                      
 * i                                                          10.210.245.3                                 
 *>    0:48:c08c-6066-54d4:0:0.0.0.0                          0.0.0.0                                      
 *>    0:48:c08c-6066-54d4:32:192.168.2.2                     0.0.0.0                                      
 *>i   0:48:c08c-6074-d084:0:0.0.0.0                          10.210.245.3                                 
 *>i   0:48:c08c-6074-d084:32:192.168.2.1                     10.210.245.3 

display ip routing-table vpn-instance vpn10 :
Proto: Protocol        Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn10
         Destinations : 5        Routes : 5         

Destination/Mask    Proto   Pre  Cost        Flags NextHop                                  Interface

    192.168.2.0/24  Direct  0    0             D   192.168.2.254                            Vbdif10
    192.168.2.1/32  IBGP    255  0             RD  10.210.245.3                             VXLAN
  192.168.2.254/32  Direct  0    0             D   127.0.0.1                                Vbdif10
  192.168.2.255/32  Direct  0    0             D   127.0.0.1                                Vbdif10
255.255.255.255/32  Direct  0    0             D   127.0.0.1                                InLoopBack0
5.6.2 虚拟机
R1#show ip arp 
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.2.1             -   c08c.6074.d084  ARPA   Vlan100
Internet  192.168.2.2           162   0000.8888.0010  ARPA   Vlan100
Internet  192.168.2.254           3   0000.8888.0010  ARPA   Vlan100
Internet  192.168.10.5           19   c4e2.8728.e2a2  ARPA   FastEthernet4
Internet  192.168.10.6            -   c08c.6074.d088  ARPA   FastEthernet4

R2#show ip arp
Protocol  Address          Age (min)  Hardware Addr   Type   Interface
Internet  192.168.2.1           175   0000.8888.0010  ARPA   Vlan100
Internet  192.168.2.2             -   c08c.6066.54d4  ARPA   Vlan100
Internet  192.168.2.254           8   0000.8888.0010  ARPA   Vlan100
Internet  192.168.10.1            3   c4e2.8728.e0e2  ARPA   FastEthernet4
Internet  192.168.10.2            -   c08c.6066.54d8  ARPA   FastEthernet4

测试:

R1#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1#traceroute 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.2.2
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.2.254 8 msec 0 msec 4 msec
  2 192.168.2.254 696 msec 4 msec 0 msec
  3 192.168.2.2 4 msec 0 msec *


R2#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R2#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
VRF info: (vrf in name/id, vrf out name/id)
  1 192.168.2.254 4 msec 0 msec 0 msec
  2 192.168.2.254 76 msec 0 msec 4 msec
  3 192.168.2.1 8 msec 0 msec *

走三层网络,一定要有/32的路由,此时下面虚拟机发给l3-gateway的数据包不会再发arp请求。

6 微分段测试

微分段注意要在BD启用arp l2-proxy gateway-mac,数据包不经过网关解包封包,EPG这个功能无法实现。

6.1 启用微分段

gz-leaf1

traffic-segment enable
traffic-segment segment-id 32760 segment-name EPG1 intra-epg-behavior none  
 segment-member ip 192.168.2.1 255.255.255.255 vpn-instance vpn10 
#

gz-leaf2

traffic-segment enable
traffic-segment segment-id 32767 segment-name EPG2 intra-epg-behavior none  
 segment-member ip 192.168.2.2 255.255.255.255 vpn-instance vpn10 
#

启用微分段后,发现不同EPG之间是无法通讯的:
gz-leaf1下面的虚拟机R1

R1#ping 192.168.2.2 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1 
.....
Success rate is 0 percent (0/5)

gz-leaf2下面的虚拟机R2

R2#ping 192.168.2.1 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2 
.....
Success rate is 0 percent (0/5)

6.2 启用微分段策略

启用微分段策略,打通不同EPG策略:
gz-leaf1


segment classifier EPG1-EPG2
 rule permit source-segment 32760 destination-segment 32767
 rule permit source-segment 32767 destination-segment 32760
#
segment behavior EPG1-EPG2
#
segment policy GBP
 classifier EPG1-EPG2 behavior EPG1-EPG2
#

gz-leaf2


segment classifier EPG1-EPG2
 rule permit source-segment 32760 destination-segment 32767
 rule permit source-segment 32767 destination-segment 32760
#               
segment behavior EPG1-EPG2
#
segment policy GBP
 classifier EPG1-EPG2 behavior EPG1-EPG2
#

接gz-leaf1的R1

R1#ping 192.168.2.2 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms

接gz-leaf2的R2

R2#ping 192.168.2.1 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2 
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
cloud_engineer
关注
  • 0
    点赞
  • 1
    收藏
    觉得还不错? 一键收藏
  • 1
    评论
华为VXLAN最佳实践
08-24
华为CloudEngine 12800, 12800E, 8800, 7800, 6800, 5800系列交换机 VXLAN最佳实践
VXlan隧道三层网关功能对接华为设备测试
wsq的博客
08-30 977
vxlan隧道三层网关测试
ENSP实验:Vxlan集中式网关跨网段互访(静态方式)
qq_54900297的博客
04-14 684
5)再查看MAC in UDP封装后的ICMP报文(上图),对比前面ARP报文,vxlan报文封装没变化,内部真实的ICMP报文目的MAC地址变成了VTEP1(CE1)的VBDIF10接口MAC。1)外层以太网报文头部,源MAC为VTEP(HF)的NVE接口MAC,目的MAC为下一跳设备(CE1的GE1/0/0)的接口MAC;2)外层IP报文头部,源IP为VTEP2(HF)的NVE隧道地址,目的IP为VTEP1(CE1)的NVE隧道地址;4.在VTEP1(CE1)上配置VXLAN三层网关。
VXLAN基础实验
qq_63540264的博客
04-01 384
采用静态的方式部署VXLAN,实现同一子网内的终端跨越三层IP的互访
Open vSwitch vxlan简单测试实验
song7999的专栏
05-22 921
基于   https://blog.csdn.net/song7999/article/details/80403527  实验先删除两台主机的GRE端口[root @ base〜]#ovs-vsctl del-port br-in gre10[root@base2 ~]# ovs-vsctl del-port br-in gre10添加vxlan端口[root@base ~]# ovs-vsct...
[SRv6] [华为] L3EVPN over SRv6实验
Greyplayground
04-02 1315
基于华为设备的L3EVPN over SRv6实验 幕布连接: https://mubu.com/app/edit/home/_cBeSTqlaj
华为vxlan技术详解及配置手册
03-19
3. **VXLAN配置模式**:包括静态配置、动态学习、BGP EVPN等不同配置方式,以及如何在华为CloudEngine 12800系列交换机上实现这些配置。 4. **VXLAN路由机制**:讲解如何实现VXLAN内的路由,如MAC-in-UDP、MAC-over...
华为Sx700系列交换机 VXLAN技术白皮书.pdf
09-30
VXLAN官方技术文档,讲解十分详细,对学习VXLAN技术、EVPN技术、mp-bgp技术、数据中心解决方案,sdn解决方案、ADDC解决方案都有用,学好数据中心升职加薪很容易,技术热门,应用较多。
华为 ME60 V800R011C10 配置指南 - VXLAN配置
04-02
配置包括静态建立隧道和BGP EVPN方式,后者通过BGP路由协议动态建立和维护VXLAN隧道。 4. **分布式网关部署** 分布式网关部署方式解决了集中式网关的转发路径不优化和三层网关ARP表项规格瓶颈的问题。BGP EVPN方式...
华为Vxlan实验.zip
07-19
静态Vxlan隧道跨子网互访(集中式网关) EVPN-Vxlan隧道跨子网互访实验配置(集中式网关) EVPN-Vxlan隧道跨子网互访(分布式网关单租户两子网) EVPN-Vxlan隧道二层互访实验配置
12800-CloudEngine配置指南 eNSP 实现VxLAN
最新发布
06-02
eNSP(Enterprise Network Simulation Platform,企业网络仿真平台)是华为提供的一个网络仿真工具,可以模拟多种网络设备和协议,包括VXLAN。在eNSP中实现VXLAN配置,用户可以创建网络拓扑,配置VXLAN相关的参数,...
华为VXLAN集中式网关部署实验——BGP 动态方式
01-20
文章目录@[toc] 实现拓扑图步骤一:实验前准备步骤二:设备配置步骤三:配置验证 实现拓扑图 步骤一:实验前准备 ​ 本实验使用的是eNSP v1.2.00.500,CE12800系统版本Version 8.130 (CE12800 V800R013C00SPC560B560),这个版本我已经测试可成功做VXLAN实验,其它版本做VXLAN可能会出现Ping不通的BUG,如果需要下载本实验所用eNSP版本,请关注信公众号“IT后院”回复“B500”获取下载链接。 步骤二:设备配置 interface LoopBack1 ip address 3.3.3.3 255.255.255.25
vxlan-gbp:VXLAN 组策略扩展
07-02
VXLAN 组策略扩展 本教程介绍了启动和运行 VXLAN-GBP 测试平台以使用该技术所需的步骤。 快速通道:流浪 运行vagrant up将为两个名为kernel1和kernel2基于 Fedora 20 的 VM 提供启用 VXLAN-GBP 的内核、iproute2 和 Open vSwitch。 使用vagrant ssh登录虚拟机。 这将为您提供以下拓扑: +------------------------------+ +------------------------------+ | kernel1 | | kernel2 | | | | | |
数据中心vxlan基础测试场景
m0_51099161的博客
09-25 385
数据中心vxlan测试 #mermaid-svg-ZaMSjYMkpMfsoOmS .label{font-family:'trebuchet ms', verdana, arial;font-family:var(--mermaid-font-family);fill:#333;color:#333}#mermaid-svg-ZaMSjYMkpMfsoOmS .label text{fill:#333}#mermaid-svg-ZaMSjYMkpMfsoOmS .node rect,#mermaid-sv
华为EVPN动态建立Vxlan隧道-分布式网关
qq_55707182的博客
06-05 1178
PC1和其他几个PC是同一租户的虚拟机,要能相互访问。
华为HCIE课堂笔记第十章 EVPN技术
计算机网络技术
12-28 1412
EVPN可以用于L2VPN场景,也可以用于L3VPN场景
Vxlan协议原理及基本配置——网络测试仪实操手册
XINERTEL的博客
11-10 1967
从主机的角度看,就好像原始报文的起点和终点之间,有一条直通的链路一样。●VTEP-A收到VM发送的 ARP请求,此时 VTEP-A还没有VM对应的地址映射表项, VTEP-A将 ARP请求进行 VXLAN封装, VNI 设置为100,outer-src-ip 是 IP-A,outer-dst-ip 是加入的组播组地址,封装完成后转发至 VXLAN组播组(可以选择单播学习,单播到VTEP Peer)但是,构建物理上的大二层,难免需要对原来的网络做大的改动,并且大二层网络的范围依然会受到种种条件的限制。
华为路由器EVPN配置参考
wqunwang506的专栏
05-23 1138
然后,启用 VXLAN 并将其与 VRF 绑定,并创建了 VAP 连接。EVPN (Ethernet VPN) 是一种基于MPLS技术的VPN技术,它通过使用BGP进程来扩展现有的L2VPN网络,可以用于实现DCI(数据中心互联)及广域网L2承载等应用场景,华为的路由器也支持EVPN业务。以上是一个简单的例子,EVPN的配置与实际情况有很大关系,建议结合网络拓扑图和实际需求进行详细的配置。在这个例子中,首先配置了 Ethernet 段的类型,这里使用了 dot1q 带标记 VLAN 的方式。
华为模拟器BGP前缀列表
07-25
很抱歉,我无法回答关于华为模拟器BGP前缀列表的问题。我的知识范围主要集中在一般性的知识和常见问题上。如果您有其他问题,我会很乐意帮助您。 #### 引用[.reference_title] - *1* *2* *3* [玩转华为ENSP模拟器系列 | 配置BGP EVPN](https://blog.csdn.net/guolianggsta/article/details/124818632)[target="_blank" data-report-click={"spm":"1018.2226.3001.9630","extra":{"utm_source":"vip_chatgpt_common_search_pc_result","utm_medium":"distribute.pc_search_result.none-task-cask-2~all~insert_cask~default-1-null.142^v91^control_2,239^v3^insert_chatgpt"}} ] [.reference_item] [ .reference_list ]

“相关推荐”对你有帮助么?

  • 非常没帮助
  • 没帮助
  • 一般
  • 有帮助
  • 非常有帮助
提交
评论 1
添加红包

请填写红包祝福语或标题

红包个数最小为10个

红包金额最低5元

当前余额3.43前往充值 >
需支付:10.00
成就一亿技术人!
领取后你会自动成为博主和红包主的粉丝 规则
hope_wisdom
发出的红包
实付
使用余额支付
点击重新获取
扫码支付
钱包余额 0

抵扣说明:

1.余额是钱包充值的虚拟货币,按照1:1的比例进行支付金额的抵扣。
2.余额无法直接购买下载,可以购买VIP、付费专栏及课程。

余额充值