热门标签
热门文章
- 1在github上如何下载某个子文件夹_github 怎么下载子目录
- 2CentOS7(Linux)详细安装教程(手把手图文详解版)_centos7安装教程_linux centos 7
- 3数据库概念结构设计-设计步骤、设计方法、集成中去除冲突和冗余_数据库结构化设计步骤
- 4计算机网络【UDP和TCP首部字段详解】_数据包中什么字段指名这是一个udp
- 5【大数据技术原理与应用(概念、存储、处理、分析与应用)】第1章-大数据概述习题与知识点回顾_大数据技术原理与应用--概念、存储、处理、分析与应用
- 6AI降重技术:chatgpt降重工具在学术写作中的创新应用
- 7IKEv1报文交互简析_ike中prf
- 8井字棋(C语言实现,可运行玩耍,自行编写)_井字棋c语言代码
- 9模型资源导入Unity 3D中注意的问题_模之屋下载的动作怎么导入unity
- 10tkinter入门(9)--布局管理器(pack,grid,place)_tk pack 两个组件并排
当前位置: article > 正文
华为基于evpn的vxlan测试(包含微分段)_华为交换机支持微分段
作者:我家小花儿 | 2024-07-02 13:01:42
赞
踩
华为交换机支持微分段
1 环境搭建
本环境为真实交换机环境配置,如果您采用华为ensp模拟器参照配置,会有一些配置无法实现或者有微小差异。
3 underlay配置
3.1 gz-sprine1
interface 40GE7/0/1
undo portswitch
ip address 10.210.244.37 255.255.255.252
ospf network-type p2p
device transceiver 40GBASE-FIBER
#
interface 40GE7/0/2
undo portswitch
ip address 10.210.244.41 255.255.255.252
ospf network-type p2p
device transceiver 40GBASE-FIBER
#
interface 40GE7/0/3
undo portswitch
ip address 10.210.244.53 255.255.255.252
ospf network-type p2p
device transceiver 40GBASE-FIBER
#
interface 40GE7/0/4
undo portswitch
ip address 10.210.244.57 255.255.255.252
ospf network-type p2p
device transceiver 40GBASE-FIBER
#
interface LoopBack0
description VTEP-IP/route-id
ip address 10.210.245.1 255.255.255.255
ospf 1 router-id 10.210.245.1
area 0.0.0.0
network 10.210.244.36 0.0.0.3
network 10.210.244.40 0.0.0.3
network 10.210.244.52 0.0.0.3
network 10.210.244.56 0.0.0.3
network 10.210.245.1 0.0.0.0
bgp 65535
router-id 10.210.245.1
undo default ipv4-unicast
peer 10.210.245.3 as-number 65535
peer 10.210.245.3 connect-interface LoopBack0
peer 10.210.245.4 as-number 65535
peer 10.210.245.4 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 10.210.245.3 enable
undo peer 10.210.245.4 enable
#
l2vpn-family evpn
undo policy vpn-target
peer 10.210.245.3 enable
peer 10.210.245.3 advertise irb
peer 10.210.245.3 reflect-client
peer 10.210.245.4 enable
peer 10.210.245.4 advertise irb
peer 10.210.245.4 reflect-client
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
3.2 gz-leaf1
# gz-leaf1
evpn-overlay enable
interface 100GE1/0/1
undo portswitch
ip address 10.210.244.38 255.255.255.252
ospf network-type p2p
ospf peer hold-max-cost timer 800000
device transceiver 40GBASE-FIBER
interface 100GE1/0/2
undo portswitch
ip address 10.210.244.54 255.255.255.252
ospf network-type p2p
ospf peer hold-max-cost timer 800000
device transceiver 40GBASE-FIBER
interface LoopBack0
description VTEP-IP/route-id
ip address 10.210.245.4 255.255.255.255
ospf 1 router-id 10.210.245.138
area 0.0.0.0
network 10.210.244.36 0.0.0.3
network 10.210.244.52 0.0.0.3
network 10.210.245.3 0.0.0.0
bgp 65535
router-id 10.210.245.3
undo default ipv4-unicast
peer 10.210.245.1 as-number 65535
peer 10.210.245.1 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 10.210.245.1 enable
#
l2vpn-family evpn
policy vpn-target
peer 10.210.245.1 enable
peer 10.210.245.1 advertise irb
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
3.3 gz-leaf2
# gz-leaf2
evpn-overlay enable
interface 100GE1/0/1
undo portswitch
ip address 10.210.244.42 255.255.255.252
ospf network-type p2p
ospf peer hold-max-cost timer 800000
device transceiver 40GBASE-FIBER
interface 100GE1/0/2
undo portswitch
ip address 10.210.244.58 255.255.255.252
ospf network-type p2p
ospf peer hold-max-cost timer 800000
device transceiver 40GBASE-FIBER
interface LoopBack0
description VTEP-IP/route-id
ip address 10.210.245.4 255.255.255.255
ospf 1 router-id 10.210.245.138
area 0.0.0.0
network 10.210.244.40 0.0.0.3
network 10.210.244.56 0.0.0.3
network 10.210.245.4 0.0.0.0
bgp 65535
router-id 10.210.245.4
undo default ipv4-unicast
peer 10.210.245.132 as-number 65535
peer 10.210.245.132 connect-interface LoopBack0
#
ipv4-family unicast
undo peer 10.210.245.132 enable
#
l2vpn-family evpn
policy vpn-target
peer 10.210.245.132 enable
peer 10.210.245.132 advertise irb
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
4 分布式网关l2-gateway方式
4.1 Nve配置
# gz-leaf1:
interface Nve1
source 10.210.245.3
vni 10 head-end peer-list protocol bgp
# gz-leaf2
interface Nve1
source 10.210.245.4
vni 10 head-end peer-list protocol bgp
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
4.2 BD配置
# gz-leaf1:
bridge-domain 10
vxlan vni 10
#
evpn
route-distinguisher 10:1
vpn-target 10:1 export-extcommunity
vpn-target 10:1 import-extcommunity
arp broadcast-suppress enable
# gz-leaf2:
bridge-domain 10
vxlan vni 10
#
evpn
route-distinguisher 10:1
vpn-target 10:1 export-extcommunity
vpn-target 10:1 import-extcommunity
arp broadcast-suppress enable
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
4.3 vlan to vxlan配置
# gz-leaf1:
interface 10GE1/0/47.100 mode l2
encapsulation dot1q vid 10
bridge-domain 10
# gz-leaf2:
interface 10GE1/0/47.100 mode l2
encapsulation dot1q vid 10
bridge-domain 10
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
4.4 查询相关的信息
4.4.1 leaf交换机
gz-leaf1:
display mac-address bridge-domain 10
Flags: * - Backup
# - forwarding logical interface, operations cannot be performed based
on the interface.
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/BD Learned-From Type Age
-------------------------------------------------------------------------------
c08c-6066-54d4 -/10 10.210.245.4 evn 265561
-------------------------------------------------------------------------------
Total items: 1
display mac-address | i 1/0/47
Flags: * - Backup
# - forwarding logical interface, operations cannot be performed based
on the interface.
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/BD Learned-From Type Age
-------------------------------------------------------------------------------
c08c-6074-d084 1/- 10GE1/0/47 dynamic 287863
c08c-6074-d084 -/10 10GE1/0/47.100 dynamic 9
-------------------------------------------------------------------------------
Total items: 17
display bgp evpn all routing-table
Route Distinguisher: 10:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*>i 0:48:c08c-6066-54d4:0:0.0.0.0 10.210.245.4
*> 0:48:c08c-6074-d084:0:0.0.0.0 0.0.0.0
2类路由:
EVPN-Instance 10:
Number of Mac Routes: 1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:c08c-6066-54d4:0:0.0.0.0 0.0.0.0
4类路由:
EVPN-Instance 10:
Number of Inclusive Multicast Routes: 2
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*> 0:32:10.210.245.3 0.0.0.0
*>i 0:32:10.210.245.4 10.210.245.4
gz-leaf2:
display mac-address bridge-domain 10
Flags: * - Backup
# - forwarding logical interface, operations cannot be performed based
on the interface.
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/BD Learned-From Type Age
-------------------------------------------------------------------------------
c08c-6066-54d4 -/10 10GE1/0/47.100 dynamic 265608
-------------------------------------------------------------------------------
Total items: 1
display mac-address | i 1/0/47
Flags: * - Backup
# - forwarding logical interface, operations cannot be performed based
on the interface.
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/BD Learned-From Type Age
-------------------------------------------------------------------------------
c08c-6066-54d4 1/- 10GE1/0/47 dynamic 339739
c08c-6066-54d4 -/10 10GE1/0/47.100 dynamic 339739
-------------------------------------------------------------------------------
Total items: 6
display bgp evpn all routing-table:
2类路由:
Route Distinguisher: 10:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:c08c-6066-54d4:0:0.0.0.0 0.0.0.0
4类路由:
EVPN-Instance 10:
Number of Inclusive Multicast Routes: 2
Network(EthTagId/IpAddrLen/OriginalIp) NextHop
*>i 0:32:10.210.245.3 10.210.245.3
*> 0:32:10.210.245.4 0.0.0.0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
4.4.2 虚拟机
二层vni数据层面,traceroute只有一跳
R1#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 1/1/1 ms
R1#traceroute 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.2.2
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.2.2 0 msec 0 msec *
R2#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/2/4 ms
R2#traceroute 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.2.2
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.2.2 0 msec 0 msec *
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
5 分布式网关l3-gateway方式
5.1 Nve配置
# gz-leaf1:
interface Nve1
source 10.210.245.3
# 三层不需要头端复制这条 vni 10 head-end peer-list protocol bgp
# gz-leaf2
interface Nve1
source 10.210.245.4
# 三层不需要头端复制这条 vni 10 head-end peer-list protocol bgp
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
5.2 BD配置
# gz-leaf1:
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:1
vpn-target 10:1 export-extcommunity
vpn-target 10:10 export-extcommunity #必须配置,否则路由不通
vpn-target 10:1 import-extcommunity
arp broadcast-suppress enable
arp l2-proxy gateway-mac #配置l2-proxy网关代答才会走三层vni
# gz-leaf2:
bridge-domain 10
vxlan vni 10
evpn
route-distinguisher 10:1
vpn-target 10:1 export-extcommunity
vpn-target 10:10 export-extcommunity #必须配置,否则路由不通
vpn-target 10:1 import-extcommunity
arp broadcast-suppress enable
arp l2-proxy gateway-mac #配置l2-proxy网关代答才会走三层vni
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
5.3 vrf配置
走三层一定要配置vrf,因为2个leaf直接走的是三层vni
# gz-leaf1:
ip vpn-instance vpn10
ipv4-family
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity evpn
vpn-target 10:10 import-extcommunity evpn
vxlan vni 100
# gz-leaf2:
ip vpn-instance vpn10
ipv4-family
route-distinguisher 10:10
vpn-target 10:10 export-extcommunity evpn
vpn-target 10:10 import-extcommunity evpn
vxlan vni 100
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
5.4 vbdif接口配置
# gz-leaf1:
interface Vbdif10
ip binding vpn-instance vpn10
ip address 192.168.2.254 255.255.255.0
arp distribute-gateway enable
mac-address 0000-8888-0010
vxlan anycast-gateway enable
arp collect host enable
# gz-leaf2:
interface Vbdif10
ip binding vpn-instance vpn10
ip address 192.168.2.254 255.255.255.0
arp distribute-gateway enable
mac-address 0000-8888-0010
vxlan anycast-gateway enable
arp collect host enable
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
没有启用三层接口无类似0:48:c08c-6066-54d4:32:192.168.2.2这样的路由。
5.5 启用irb的宣告
# gz-leaf1:
bgp 65535
l2vpn-family evpn
peer 10.210.245.133 advertise irb
# gz-leaf2:
bgp 65535
l2vpn-family evpn
peer 10.210.245.133 advertise irb
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
5.6 查询相关的信息
5.6.1 leaf交换机
# gz-leaf1:
display mac-address bridge-domain 10 :
Flags: * - Backup
# - forwarding logical interface, operations cannot be performed based
on the interface.
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/BD Learned-From Type Age
-------------------------------------------------------------------------------
c08c-6066-54d4 -/10 10.210.245.4 evn 254571
c08c-6074-d084 -/10 10GE1/0/47.100 dynamic 10
-------------------------------------------------------------------------------
Total items: 2
display arp | i vpn10 :
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN: VLAN or Bridge Domain
IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE
----------------------------------------------------------------------------------------
192.168.2.254 0000-8888-0010 I Vbdif10 vpn10
192.168.2.1 c08c-6074-d084 11 D/BD10 10GE1/0/47.100 vpn10
----------------------------------------------------------------------------------------
Total:24 Dynamic:15 Static:0 Interface:9 OpenFlow:0
Redirect:0
display bgp evpn all routing-table :
Route Distinguisher: 10:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:0000-8888-0010:0:0.0.0.0 0.0.0.0
*>i 0:48:c08c-6066-54d4:0:0.0.0.0 10.210.245.4
*>i 0:48:c08c-6066-54d4:32:192.168.2.2 10.210.245.4
*> 0:48:c08c-6074-d084:0:0.0.0.0 0.0.0.0
*> 0:48:c08c-6074-d084:32:192.168.2.1 0.0.0.0
display ip routing-table vpn-instance vpn10 :
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn10
Destinations : 6 Routes : 6
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.2.0/24 Direct 0 0 D 192.168.2.254 Vbdif10
192.168.2.2/32 IBGP 255 0 RD 10.210.245.4 VXLAN
192.168.2.254/32 Direct 0 0 D 127.0.0.1 Vbdif10
192.168.2.255/32 Direct 0 0 D 127.0.0.1 Vbdif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
# gz-leaf2:
display mac-address bridge-domain 10 :
Flags: * - Backup
# - forwarding logical interface, operations cannot be performed based
on the interface.
BD : bridge-domain Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address VLAN/BD Learned-From Type Age
-------------------------------------------------------------------------------
c08c-6066-54d4 -/10 10GE1/0/47.100 dynamic 254640
c08c-6074-d084 -/10 10.210.245.3 evn 77
-------------------------------------------------------------------------------
Total items: 2
display arp | i vpn10 :
ARP Entry Types: D - Dynamic, S - Static, I - Interface, O - OpenFlow, RD - Redirect
EXP: Expire-time VLAN: VLAN or Bridge Domain
IP ADDRESS MAC ADDRESS EXP(M) TYPE/VLAN INTERFACE VPN-INSTANCE
----------------------------------------------------------------------------------------
192.168.2.254 0000-8888-0010 I Vbdif10 vpn10
192.168.2.2 c08c-6066-54d4 3 D/BD10 10GE1/0/47.100 vpn10
----------------------------------------------------------------------------------------
Total:16 Dynamic:9 Static:0 Interface:7 OpenFlow:0
Redirect:0
display bgp evpn all routing-table :
Route Distinguisher: 10:1
Network(EthTagId/MacAddrLen/MacAddr/IpAddrLen/IpAddr) NextHop
*> 0:48:0000-8888-0010:0:0.0.0.0 0.0.0.0
* i 10.210.245.3
*> 0:48:c08c-6066-54d4:0:0.0.0.0 0.0.0.0
*> 0:48:c08c-6066-54d4:32:192.168.2.2 0.0.0.0
*>i 0:48:c08c-6074-d084:0:0.0.0.0 10.210.245.3
*>i 0:48:c08c-6074-d084:32:192.168.2.1 10.210.245.3
display ip routing-table vpn-instance vpn10 :
Proto: Protocol Pre: Preference
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : vpn10
Destinations : 5 Routes : 5
Destination/Mask Proto Pre Cost Flags NextHop Interface
192.168.2.0/24 Direct 0 0 D 192.168.2.254 Vbdif10
192.168.2.1/32 IBGP 255 0 RD 10.210.245.3 VXLAN
192.168.2.254/32 Direct 0 0 D 127.0.0.1 Vbdif10
192.168.2.255/32 Direct 0 0 D 127.0.0.1 Vbdif10
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
- 27
- 28
- 29
- 30
- 31
- 32
- 33
- 34
- 35
- 36
- 37
- 38
- 39
- 40
- 41
- 42
- 43
- 44
- 45
- 46
- 47
- 48
- 49
- 50
- 51
- 52
- 53
- 54
- 55
- 56
- 57
- 58
- 59
- 60
- 61
- 62
- 63
- 64
- 65
- 66
- 67
- 68
- 69
- 70
- 71
- 72
- 73
- 74
- 75
- 76
- 77
- 78
- 79
- 80
- 81
- 82
- 83
- 84
- 85
- 86
- 87
- 88
- 89
- 90
- 91
- 92
- 93
- 94
- 95
- 96
- 97
- 98
- 99
- 100
- 101
- 102
- 103
- 104
- 105
5.6.2 虚拟机
R1#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.2.1 - c08c.6074.d084 ARPA Vlan100
Internet 192.168.2.2 162 0000.8888.0010 ARPA Vlan100
Internet 192.168.2.254 3 0000.8888.0010 ARPA Vlan100
Internet 192.168.10.5 19 c4e2.8728.e2a2 ARPA FastEthernet4
Internet 192.168.10.6 - c08c.6074.d088 ARPA FastEthernet4
R2#show ip arp
Protocol Address Age (min) Hardware Addr Type Interface
Internet 192.168.2.1 175 0000.8888.0010 ARPA Vlan100
Internet 192.168.2.2 - c08c.6066.54d4 ARPA Vlan100
Internet 192.168.2.254 8 0000.8888.0010 ARPA Vlan100
Internet 192.168.10.1 3 c4e2.8728.e0e2 ARPA FastEthernet4
Internet 192.168.10.2 - c08c.6066.54d8 ARPA FastEthernet4
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
测试:
R1#ping 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R1#traceroute 192.168.2.2
Type escape sequence to abort.
Tracing the route to 192.168.2.2
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.2.254 8 msec 0 msec 4 msec
2 192.168.2.254 696 msec 4 msec 0 msec
3 192.168.2.2 4 msec 0 msec *
R2#ping 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
R2#traceroute 192.168.2.1
Type escape sequence to abort.
Tracing the route to 192.168.2.1
VRF info: (vrf in name/id, vrf out name/id)
1 192.168.2.254 4 msec 0 msec 0 msec
2 192.168.2.254 76 msec 0 msec 4 msec
3 192.168.2.1 8 msec 0 msec *
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
- 12
- 13
- 14
- 15
- 16
- 17
- 18
- 19
- 20
- 21
- 22
- 23
- 24
- 25
- 26
走三层网络,一定要有/32的路由,此时下面虚拟机发给l3-gateway的数据包不会再发arp请求。
6 微分段测试
微分段注意要在BD启用arp l2-proxy gateway-mac,数据包不经过网关解包封包,EPG这个功能无法实现。
6.1 启用微分段
gz-leaf1
traffic-segment enable
traffic-segment segment-id 32760 segment-name EPG1 intra-epg-behavior none
segment-member ip 192.168.2.1 255.255.255.255 vpn-instance vpn10
#
- 1
- 2
- 3
- 4
gz-leaf2
traffic-segment enable
traffic-segment segment-id 32767 segment-name EPG2 intra-epg-behavior none
segment-member ip 192.168.2.2 255.255.255.255 vpn-instance vpn10
#
- 1
- 2
- 3
- 4
启用微分段后,发现不同EPG之间是无法通讯的:
gz-leaf1下面的虚拟机R1
R1#ping 192.168.2.2 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
.....
Success rate is 0 percent (0/5)
- 1
- 2
- 3
- 4
- 5
- 6
gz-leaf2下面的虚拟机R2
R2#ping 192.168.2.1 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
.....
Success rate is 0 percent (0/5)
- 1
- 2
- 3
- 4
- 5
- 6
6.2 启用微分段策略
启用微分段策略,打通不同EPG策略:
gz-leaf1
segment classifier EPG1-EPG2
rule permit source-segment 32760 destination-segment 32767
rule permit source-segment 32767 destination-segment 32760
#
segment behavior EPG1-EPG2
#
segment policy GBP
classifier EPG1-EPG2 behavior EPG1-EPG2
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
gz-leaf2
segment classifier EPG1-EPG2
rule permit source-segment 32760 destination-segment 32767
rule permit source-segment 32767 destination-segment 32760
#
segment behavior EPG1-EPG2
#
segment policy GBP
classifier EPG1-EPG2 behavior EPG1-EPG2
#
- 1
- 2
- 3
- 4
- 5
- 6
- 7
- 8
- 9
- 10
- 11
接gz-leaf1的R1
R1#ping 192.168.2.2 source 192.168.2.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.2, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 ms
- 1
- 2
- 3
- 4
- 5
- 6
接gz-leaf2的R2
R2#ping 192.168.2.1 source 192.168.2.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.2.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.2.2
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/4 ms
- 1
- 2
- 3
- 4
- 5
- 6
声明:本文内容由网友自发贡献,不代表【wpsshop博客】立场,版权归原作者所有,本站不承担相应法律责任。如您发现有侵权的内容,请联系我们。转载请注明出处:https://www.wpsshop.cn/w/我家小花儿/article/detail/779730
推荐阅读
="ld"> ="left"> [详细] 赞
踩
相关标签
