拓扑图
如上,center为hub 节点,erge和xiaohou为spoke节点。
地址信息
- 路由器mpls
Router#show ip int b
Interface IP-Address OK? Method Status Prot ocol
GigabitEthernet0/0 101.1.1.1 YES NVRAM up up
GigabitEthernet0/1 101.1.2.1 YES NVRAM up up
GigabitEthernet0/2 101.1.3.1 YES NVRAM up up
GigabitEthernet0/3 101.1.4.1 YES NVRAM up up
- 路由器internet
Router#show ip int b
Interface IP-Address OK? Method Status Protocol
GigabitEthernet0/0 102.1.1.1 YES NVRAM up up
GigabitEthernet0/1 102.1.2.1 YES NVRAM up up
GigabitEthernet0/2 102.1.3.1 YES NVRAM up up
GigabitEthernet0/3 102.1.4.1 YES NVRAM up up
- VNF center
- e0 172.16.101.25
- e1 101.1.4.10
- e2 102.1.4.10
- e3 33.1.0.1/24
- VNF erge
- e0 172.16.101.23
- e1 101.1.2.10
- e2 102.1.3.10
- e4 33.1.1.1/24
- VNF xiaohou
- e0 172.16.101.26
- e1 101.1.3.10
- e2 102.1.2.10
- e3 33.1.2.1/24
部署过程
spoke to spoke via hub
准备
- 搭建拓扑环境
- 部署director
- 部署analytics
- 部署controller
配置思路简述
- 创建region
- 创建hub类型templates
- 创建hub类型的devices,引用上述创建的templates
- 创建spoke groups,引用上述hub device
- 创建分支的templates,指定为spoke,引用上述spoke group
- 创建分支的device,引用上述分支templates
详细配置过程
- 创建region
- 为hub创建templates
后面的配置默认即可,点击create
- 创建device,应用templates
上面的国家和坐标随便填;
WAN0口的公网地址,也可以选DHCP方式;
点击deploy,触发开局的邮件;
- 收到邮件后,初始化HUB设备:
在使用邮件开局前,建议先将vflex VNF 虚机的配置恢复出厂:
- 进入命令行,cli
- request system reset
- 等待清理配置完成,再配置管理口地址,如下:
[admin@xiaohou: ~] $ sudo vi /etc/network/interfaces
[sudo] password for admin:
# This file describes the network interfaces available on your system
# and how to activate them. For more information, see interfaces(5).
# The loopback network interface
auto lo
iface lo inet loopback
auto eth0
iface eth0 inet static
address 172.16.101.25
netmask 255.255.255.0
- 保存后,sudo ifdown eth0, ifup eth0
- 登录邮箱,复制链接,将192.168.1.1 改成172.16.101.25,浏览器打开,根据向导即可完成邮件开局,完成设备初始化
(其他设备开局的过程一致,不再赘述)
- 配置spoke groups,选择spoke网络模型
- 创建分支的templates
点击create
- 使用上面的templates创建两个分支,以分支erge为例,如下
后续过程不赘述
- 完成分支 VNF的部署后,网络顺利打通
分支通信测试
登录到vpc10, ping 33.1.0.10和33.1.2.10,均可以用。
登录erge上查看路由和sdwan隧道:
Routes for Routing instance : networktcpip-LAN-VR AFI: ipv4 SAFI: unicast
Codes: E1 - OSPF external type 1, E2 - OSPF external type 2
IA - inter area, iA - intra area,
L1 - IS-IS level-1, L2 - IS-IS level-2
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
RTI - Learnt from another routing-instance
+ - Active Route
Prot Type Dest Address/Mask Next-hop Age Interface name
---- ---- ----------------- -------- --- --------------
BGP N/A +33.1.0.0/24 10.0.0.4 00:54:09 Indirect
conn N/A +33.1.1.0/24 0.0.0.0 01:04:32 vni-0/2.0
local N/A +33.1.1.1/32 0.0.0.0 01:04:32 directly connected
BGP N/A +33.1.2.0/24 10.0.0.4 00:40:14 Indirect
admin@erge-cli> show orgs org networktcpip sd-wan brief
SITE MANAGEMENT UP CONNECTIVITY IS
SITE NAME ID IP TYPE TIME STATUS CTRLR
---------------------------------------------------------------------
controller-1 1 10.0.0.0 remote 5m:33s Connected yes
erge 102 10.0.0.6 local 6m:8s - no
hub1 101 10.0.0.4 remote 5m:33s Connected no
admin@erge-cli> show orgs org networktcpip sd-wan detail
Possible completions:
controller-1 erge hub1
可以看到erge到xiaohou的路由指向hub,且只与hub建立了隧道。 (分支上查看没有直接到另一个分支的sdwan隧道,抓包也没有看到vxlan数据包)
spoke to spoke directly
修改hub-spoke分支与分支直接通信。
- 修改spoke-gourp配置:
- recreate 分支的templates
点击右下角的recreate
- commit templates,重新部署分支devices
最好选择重启,然后等待分支部署完成。
分支通信测试
- 33.1.1.10 ping 33.1.2.1
- 抓包看到分支间直接vxlan,且在mpls和internet网络上负载
左边ping两个包,在mpls网络抓包,只看到一个包,另一个包走了internet网络;
- 登录erge上查看路由和sdwan隧道:
Routes for Routing instance : networktcpip-LAN-VR AFI: ipv4 SAFI: unicast
Codes: E1 - OSPF external type 1, E2 - OSPF external type 2
IA - inter area, iA - intra area,
L1 - IS-IS level-1, L2 - IS-IS level-2
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
RTI - Learnt from another routing-instance
+ - Active Route
Prot Type Dest Address/Mask Next-hop Age Interface name
---- ---- ----------------- -------- --- --------------
BGP N/A +33.1.0.0/24 10.0.0.4 00:26:41 Indirect
conn N/A +33.1.1.0/24 0.0.0.0 00:26:54 vni-0/2.0
local N/A +33.1.1.1/32 0.0.0.0 00:26:54 directly connected
BGP N/A 33.1.2.0/24 10.0.0.4 00:26:28 Indirect
BGP N/A +33.1.2.0/24 10.0.0.8 00:26:42 Indirect
admin@erge-cli> show orgs org networktcpip sd-wan detail xiaohou
==================================
Site Id - 107
State - Connected
Uptime - 28m:46s
Site Name - xiaohou
Site Type - branch
Chassis Id - ba1775af-278d-436c-a1f6-084e8f83788d
Global Tenant Id - 1
Management IP - 10.0.0.8
SA Available - yes
Secure Tunnel Info
Local Endpoint - 10.0.0.6
Remote Endpoint - 10.0.0.8
Plain Text Tunnel Info
Local Endpoint - 10.0.0.7
Remote Endpoint - 10.0.0.9
LINK LINK ACCESS LOCAL LINK SHAPPING MIN SHAPPING
ID FAMILY CIRCUIT IP ENCRYPTION RATE RATE TRANSPORT-DOMAINS
----------------------------------------------------------------------------------------------------------------------------
1 ipv4 mpls 101.1.3.10 optional 0 0 MPLS
2 ipv4 internet 102.1.2.10 optional 0 0 Internet
NAT Status:
LINK LINK ACCESS NAT PUBLIC PUBLIC DataPath DataPath
ID FAMILY CIRCUIT STATUS IP PORT IP PORT
------------------------------------------------------------------------------------------------------------------------------------
1 ipv4 mpls false 101.1.3.10 4790 101.1.3.10 4790
2 ipv4 internet false 102.1.2.10 4790 102.1.2.10 4790
结论
- 所有VNF节点(包括hub)都只与conroller建立BGP邻居
- 分支通过hub通信,与不通过hub的场景,差别只是在于分支间是否建立vxlan隧道。从BGP视图层面来看,差别如下:
- spokes 不通过hub
spokes通过hub
795
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
