【sdwan实验】versa邮件开局

拓扑图

如上，北向交换机（net-north）连管理网络，可以上外网。
南向交换机（net-south）用于director和analytics连接到sdwan contoller。

虚拟管理地址和VPN的虚地址段为10.0.0.0/8，均为协议自动分配。
以上组网，主要验证分支开局，将业务网络打通（33.1.1.0/24->33.1.2.0/24）

部署环境准备

1. 部署director：https://www.networktcpip.com/post/versa-sd-wan-director-notes-2
2. 部署analytics：https://www.networktcpip.com/post/versa-sd-wan-analytics-notes-3
3. 部署controller：https://www.networktcpip.com/post/versa-sd-wan-controller-notes-4
4. 创建分支模板：https://www.networktcpip.com/post/versa-sd-wan-flexvnf-notes-5

（只执行到创建分支模板，后面的章节会详细说明邮件开局）

邮件开局

1. 初始化分支的versaflexVNF

登录上去（admin/versa123），cli进入命令行，request system reset，等待恢复到出厂配置

2. 配置versaflexVNF的管理口（后续需要使用浏览器登录VNF的管理界面）

[admin@versa-flexvnf: ~] $ sudo vi /etc/network/interfaces
[sudo] password for admin:
 # This file describes the network interfaces available on your system
 # and how to activate them. For more information, see interfaces(5).

 # The loopback network interface
 auto lo
 iface lo inet loopback
 auto eth0
 iface eth0 inet static

    address 172.16.101.34
    netmask 255.255.255.0

"/etc/network/interfaces" 11L, 288C written
[admin@versa-flexvnf: ~] $ sudo ifdown eth0
[admin@versa-flexvnf: ~] $ sudo ifup eth0
[admin@versa-flexvnf: ~] $ ifconfig
eth0      Link encap:Ethernet  HWaddr 50:00:00:08:00:00
          inet addr:172.16.101.34  Bcast:172.16.101.255  Mask:255.255.255.0
          inet6 addr: fe80::5200:ff:fe08:0/64 Scope:Link
          UP BROADCAST RUNNING MULTICAST  MTU:1500  Metric:1
          RX packets:468972 errors:0 dropped:7 overruns:0 frame:0
          TX packets:450 errors:0 dropped:0 overruns:0 carrier:0
          collisions:0 txqueuelen:1000
          RX bytes:31524015 (31.5 MB)  TX bytes:147636 (147.6 KB)

3. director管理界面，创建device

上面是制定VNF分支的wan口地址，如果有dhcp，直接选DHCP v4也可以。

4. deploy 执行完后，我们就能收到一封邮件

5. 复制上面的链接，将IP地址改成改分支VNF的管理地址，在浏览器中打开，点击开始后，会一步步执行：

开局过程中建立隧道的数据包见附录。

6. 成功后，VNF设备会重启

7. 管理界面上appliances上显示分支条目：

8. 测试业务连通性： VPC4 -> VPC5
   

问题

从分支yb到分支pl是如何通的？

• 33.1.1.10 ping 33.1.2.10：ping大包抓包看到，yb到pl是直接通过vxlan隧道通的：

• 登录yb上查看路由：

# 查询到LAN路由 （指向BGP邻居10.0.0.6）

Routes for Routing instance : networktcpip-LAN-VR  AFI: ipv4  SAFI: unicast

Codes: E1 - OSPF external type 1, E2 - OSPF external type 2
IA - inter area, iA - intra area,
L1 - IS-IS level-1, L2 - IS-IS level-2
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
RTI - Learnt from another routing-instance
+ - Active Route

Prot   Type  Dest Address/Mask   Next-hop        Age      Interface name
----   ----  -----------------   --------        ---      --------------
conn   N/A  +33.1.1.0/24         0.0.0.0         01:27:27 vni-0/1.0
local  N/A  +33.1.1.1/32         0.0.0.0         01:27:28 directly connected
BGP    N/A  +33.1.2.0/24         10.0.0.6        00:41:17 Indirect


# 到10.0.0.6的转发查询： （SDWANR N/A  +10.0.0.6/32         0.0.0.0         00:41:16 Indirect）

Routes for Routing instance : networktcpip-Control-VR  AFI: ipv4  SAFI: unicast

Codes: E1 - OSPF external type 1, E2 - OSPF external type 2
IA - inter area, iA - intra area,
L1 - IS-IS level-1, L2 - IS-IS level-2
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
RTI - Learnt from another routing-instance
+ - Active Route

Prot   Type  Dest Address/Mask   Next-hop        Age      Interface name
----   ----  -----------------   --------        ---      --------------
BGP    N/A  +0.0.0.0/0           10.0.0.0        01:26:37 ptvi513
SDWAN  N/A  +10.0.0.0/32         0.0.0.0         01:27:17 ptvi513
BGP    N/A   10.0.0.0/32         10.0.0.0        01:27:14 ptvi513
SDWANR N/A  +10.0.0.1/32         0.0.0.0         01:27:27 Indirect
BGP    N/A   10.0.0.1/32         10.0.0.0        01:27:14 ptvi513
local  N/A  +10.0.0.4/32         0.0.0.0         01:27:58 directly connected
local  N/A  +10.0.0.5/32         0.0.0.0         01:27:58 directly connected
SDWANR N/A  +10.0.0.6/32         0.0.0.0         00:41:16 Indirect
BGP    N/A   10.0.0.6/32         10.0.0.0        00:41:18 ptvi513
SDWANR N/A  +10.0.0.7/32         0.0.0.0         00:41:16 Indirect
BGP    N/A  +100.1.1.0/24        10.0.0.0        01:27:14 ptvi513

查看sdwan相关信息

admin@yb-cli> show orgs org networktcpip sd-wan detail pl

==================================

Site Id            -   102
State              -   Connected
Uptime             -   1h:22m:57s
Site Name          -   pl
Site Type          -   branch
Chassis Id         -   sni-pl-102
Global Tenant Id   -   1
Management IP      -   10.0.0.6
SA Available       -   yes

Secure Tunnel Info
   Local Endpoint  -   10.0.0.4
   Remote Endpoint -   10.0.0.6
Plain Text Tunnel Info
   Local Endpoint  -   10.0.0.5
   Remote Endpoint -   10.0.0.7

 LINK      LINK         ACCESS                                   LOCAL        LINK  SHAPPING  MIN SHAPPING
   ID    FAMILY        CIRCUIT                                      IP  ENCRYPTION      RATE          RATE        TRANSPORT-DOMAINS
----------------------------------------------------------------------------------------------------------------------------
    1      ipv4           ISP1                             103.1.1.100    optional         0             0  Internet

 NAT Status:

 LINK      LINK         ACCESS     NAT                                  PUBLIC    PUBLIC                                DataPath  DataPath
   ID    FAMILY        CIRCUIT  STATUS                                      IP      PORT                                      IP      PORT
------------------------------------------------------------------------------------------------------------------------------------
    1      ipv4           ISP1   false                             103.1.1.100      4790                             103.1.1.100      4790

推测：

1. 开局后，两个branch和controller建立IPsec隧道
2. 通过隧道，分支分别与controller建立起BGP邻居
3. BGP传递路由后，branch之间建立sdwan隧道，branch之间的lan通信，之间走两者间的vxlan隧道

附录

1. 开局过程中的数据包：

链接：https://pan.baidu.com/s/1O5BhV-trlQFIt6SQfGjOpA 提取码：1nnk

2. 网络打通后，controller上路由表

Routes for Routing instance : ISP1-Transport-VR  AFI: ipv4  SAFI: unicast

Codes: E1 - OSPF external type 1, E2 - OSPF external type 2
IA - inter area, iA - intra area,
L1 - IS-IS level-1, L2 - IS-IS level-2
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
RTI - Learnt from another routing-instance
+ - Active Route

Prot   Type  Dest Address/Mask   Next-hop        Age      Interface name
----   ----  -----------------   --------        ---      --------------
static N/A  +0.0.0.0/0           101.1.1.1       02:36:22 vni-0/1.0
conn   N/A  +101.1.1.0/24        0.0.0.0         02:36:18 vni-0/1.0
local  N/A  +101.1.1.2/32        0.0.0.0         02:36:18 directly connected


Routes for Routing instance : networktcpip-Control-VR  AFI: ipv4  SAFI: unicast

Codes: E1 - OSPF external type 1, E2 - OSPF external type 2
IA - inter area, iA - intra area,
L1 - IS-IS level-1, L2 - IS-IS level-2
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
RTI - Learnt from another routing-instance
+ - Active Route

Prot   Type  Dest Address/Mask   Next-hop        Age      Interface name
----   ----  -----------------   --------        ---      --------------
static N/A  +0.0.0.0/0           0.0.0.0         02:36:22 Indirect
local  N/A  +10.0.0.0/32         0.0.0.0         02:36:22 directly connected
local  N/A  +10.0.0.1/32         0.0.0.0         02:36:22 directly connected
SDWAN  N/A  +10.0.0.4/32         0.0.0.0         01:18:18 Indirect
SDWANR N/A  +10.0.0.5/32         0.0.0.0         01:18:28 Indirect
SDWAN  N/A  +10.0.0.6/32         0.0.0.0         00:32:20 Indirect
SDWANR N/A  +10.0.0.7/32         0.0.0.0         00:32:30 Indirect
static N/A  +10.0.0.128/25       0.0.0.0         02:36:24 Indirect
conn   N/A  +100.1.1.0/24        0.0.0.0         02:27:18 vni-0/0.0
local  N/A  +100.1.1.7/32        0.0.0.0         02:27:18 directly connected
conn   N/A  +169.254.0.2/31      0.0.0.0         02:36:22 tvi-0/602.0
local  N/A  +169.254.0.2/32      0.0.0.0         02:36:22 directly connected