一、基本概念
VXLAN(Virtual eXtensible Local Area Network,虚拟扩展局域网),是由IETF定义的NVO3(Network Virtualization over Layer 3)标准技术之一,采用L2 over L4(MAC-in-UDP)的报文封装模式,将二层报文用三层协议进行封装,可实现二层网络在三层范围内进行扩展。
1、NVE 网络虚拟边缘节点,报文经过NVE封装,NVE间基于三层网络的基础建立二层虚拟网络
2、VTEP vxlan tunnel endpoints VTEP是vxlan隧道端点,封装在NVE中,用于Vxlan 报文的封装和解封装。vxlan报文的源IP为本端VTEP IP,目的IP为对端节点VTEP IP
3、VNI vxlan network identifier 网络标识,24bit.。类似于vlan id,用于区分Vxlan段,不同的vxlan段之间不能二层互通。一个VNI表示一个租户,无论此VNI下有多少个终端
4、VAP virtual access point 虚拟接入点VAP,即Vxlan 业务接入点,可以是二层子接口或是vlan。二层子接口关联广播域BD,Vlan绑定BD,实现数据报文通过BD转发
二、vxlan报文格式
1、VNI 24bit
2、vxaln port为固定4789,src port为以太网帧哈希计算
3、outer ip 中 src ip 为源VM VTEP IP,dst ip为目的VM VTEP IP
4、outer mac中 源MAC为VTEP MAC地址,目的MAC是到达目的的VTEP路径上下一跳设备的MAC地址。
三、二层互通实验
VM1和VM3、VM2和VM4分别属于同一个IP段,但是物理位置不同。通过vxlan构造一个大二层,实现不同物理位置下的同网段互通问题,可以解决IDC下VM迁移需要更换IP问题。
规划:VTEP之间OSPF,将loopback0 发布到OSPF中,VM1和VM3属于BD10,VM2和VM4属于BD20
配置:
VTEP1
#
bridge-domain 10vxlan vni 10
#
bridge-domain 20vxlan vni 20
#
interface Ethernet1/0/0undo shutdownip address 10.10.10.1 255.255.255.252
#
interface Ethernet1/0/1undo shutdown
#
interface Ethernet1/0/1.10 mode l2encapsulation untagbridge-domain 10
#
#
interface Ethernet1/0/2undo shutdown
#
interface Ethernet1/0/2.20 mode l2encapsulation untagbridge-domain 20
#
#
interface LoopBack0ip address 1.1.1.1 255.255.255.255
#
interface Nve1source 1.1.1.1vni 10 head-end peer-list 2.2.2.2vni 20 head-end peer-list 2.2.2.2
#
ospf 1 router-id 1.1.1.1area 0.0.0.0network 1.1.1.1 0.0.0.0network 10.10.10.0 0.0.0.3
#
VTEP2配置
#
bridge-domain 10vxlan vni 10
#
bridge-domain 20vxlan vni 20
#
interface Ethernet1/0/0undo shutdownip address 10.10.10.2 255.255.255.252
#
interface Ethernet1/0/1undo shutdown
#
interface Ethernet1/0/1.10 mode l2encapsulation untagbridge-domain 10
#
interface Ethernet1/0/2undo shutdown
#
interface Ethernet1/0/2.20 mode l2encapsulation untagbridge-domain 20
#
interface LoopBack0ip address 2.2.2.2 255.255.255.255
#
interface Nve1source 2.2.2.2vni 10 head-end peer-list 1.1.1.1vni 20 head-end peer-list 1.1.1.1
#
ospf 1 router-id 2.2.2.2area 0.0.0.0network 2.2.2.2 0.0.0.0network 10.10.10.0 0.0.0.3
#
查看结果:
[~VTEP1]display vxlan vni
Number of vxlan vni : 2
VNI BD-ID State
---------------------------------------
10 10 up
20 20 up
[~VTEP1]
[~VTEP1]display vxlan tunnel
Number of vxlan tunnel : 1
Tunnel ID Source Destination State Type Uptime
--------------------------------------------------------------------------------
---
4026531841 1.1.1.1 2.2.2.2 up static 00:41:43[~VTEP1]
[~VTEP1]display mac-address bridge-domain 10
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/BD/ PEVLAN CEVLAN Port/Peerip Type LSP/LSR-IDVSI/SI/EVPN MAC-Tunnel
-------------------------------------------------------------------------------
5489-983c-135e BD 10 - - 2.2.2.2 dynamic 0/-
5489-981f-6588 BD 10 - - Eth1/0/1.10 dynamic 0/-
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 2MAC address table of slot 1:
-------------------------------------------------------------------------------
MAC Address VLAN/BD/ PEVLAN CEVLAN Port/Peerip Type LSP/LSR-IDVSI/SI/EVPN MAC-Tunnel
-------------------------------------------------------------------------------
5489-983c-135e BD 10 - - 2.2.2.2 dynamic 1/-
5489-981f-6588 BD 10 - - Eth1/0/1.10 dynamic 1/-
-------------------------------------------------------------------------------
Total matching items on slot 1 displayed = 2[~VTEP1]display mac-address bridge-domain 20
MAC address table of slot 0:
-------------------------------------------------------------------------------
MAC Address VLAN/BD/ PEVLAN CEVLAN Port/Peerip Type LSP/LSR-IDVSI/SI/EVPN MAC-Tunnel
-------------------------------------------------------------------------------
5489-98ad-7cf3 BD 20 - - Eth1/0/2.20 dynamic 0/-
5489-9899-350f BD 20 - - 2.2.2.2 dynamic 0/-
-------------------------------------------------------------------------------
Total matching items on slot 0 displayed = 2MAC address table of slot 1:
-------------------------------------------------------------------------------
MAC Address VLAN/BD/ PEVLAN CEVLAN Port/Peerip Type LSP/LSR-IDVSI/SI/EVPN MAC-Tunnel
-------------------------------------------------------------------------------
5489-98ad-7cf3 BD 20 - - Eth1/0/2.20 dynamic 1/-
5489-9899-350f BD 20 - - 2.2.2.2 dynamic 1/-
-------------------------------------------------------------------------------
Total matching items on slot 1 displayed = 2[~VTEP1]
当VM1 ping VM3时,在VTEP的eth1/0/0端口抓包,可见MAC in UDP 封装
在VTEP1的eth1/0/1端口抓包,可见报文中并没有vxlan信息
