2 实验2:基于Multicast实现Cisco VxLAN &

2020-04-16  本文已影响0人  小岳_

一、说明

二、基于Multicast实现的VxLAN实验

2.1 实验环境

工具 版本 备注
EVE-NG 2.0.3-105 模拟器
Cisco Nexus 9000v 7.0.3.I7.8 支持VxLAN的交换机,拓扑中的N9K1、N9K-2、N9K-3和N9K-4
Wireshark 3.2.2 抓包软件

2.2 实验拓扑

image.png

2.3 实验配置

2.3.1 配置Underlay三层网络

N9K-1配置:

feature ospf
router ospf n9k-1
  router-id 1.1.1.1

interface Ethernet1/1
  no switchport
  mtu 9216
  ip address 10.1.1.1/30
  ip ospf network point-to-point
  ip router ospf n9k-1 area 0.0.0.0
  no shutdown

interface Ethernet1/2
  no switchport
  mtu 9216
  ip address 10.1.1.5/30
  ip ospf network point-to-point
  ip router ospf n9k-1 area 0.0.0.0
  no shutdown

interface Ethernet1/3
  no switchport
  mtu 9216
  ip address 10.1.1.9/30
  ip ospf network point-to-point
  ip router ospf n9k-1 area 0.0.0.0
  no shutdown

interface loopback0
  ip address 1.1.1.1/32
  ip router ospf n9k-1 area 0.0.0.0

N9K-2配置:

vlan 10
feature ospf
router ospf n9k-2
  router-id 2.2.2.2

interface Ethernet1/1
  no switchport
  mtu 9216
  ip address 10.1.1.2/30
  ip ospf network point-to-point
  ip router ospf n9k-2 area 0.0.0.0
  no shutdown

interface loopback0
  ip address 2.2.2.2/32
  ip router ospf n9k-2 area 0.0.0.0

interface Ethernet1/2
  switchport access vlan 10
  spanning-tree port type edge

N9K-3配置:

vlan 10
feature ospf
router ospf n9k-3
  router-id 3.3.3.3

interface Ethernet1/1
  no switchport
  mtu 9216
  ip address 10.1.1.6/30
  ip ospf network point-to-point
  ip router ospf n9k-3 area 0.0.0.0
  no shutdown

interface loopback0
  ip address 3.3.3.3/32
  ip router ospf n9k-3 area 0.0.0.0

interface Ethernet1/2
  switchport access vlan 10
  spanning-tree port type edge

N9K-4配置:

vlan 10
feature ospf
router ospf n9k-4
  router-id 4.4.4.4

interface Ethernet1/1
  no switchport
  mtu 9216
  ip address 10.1.1.10/30
  ip ospf network point-to-point
  ip router ospf n9k-4 area 0.0.0.0
  no shutdown

interface loopback0
  ip address 4.4.4.4/32
  ip router ospf n9k-4 area 0.0.0.0

interface Ethernet1/2
  switchport access vlan 10
  spanning-tree port type edge

配置验证:
查看N9K-1 OSPF路由表:

N9K-1# show  ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

2.2.2.2/32, ubest/mbest: 1/0
    *via 10.1.1.2, Eth1/1, [110/41], 2d10h, ospf-n9k-1, intra
3.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.1.6, Eth1/2, [110/41], 2d10h, ospf-n9k-1, intra
4.4.4.4/32, ubest/mbest: 1/0
    *via 10.1.1.10, Eth1/3, [110/41], 2d10h, ospf-n9k-1, intra

查看N9K-2 OSPF路由表:

N9K-2# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

1.1.1.1/32, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/41], 2d10h, ospf-n9k-2, intra
3.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/81], 2d10h, ospf-n9k-2, intra
4.4.4.4/32, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/81], 2d10h, ospf-n9k-2, intra
10.1.1.4/30, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/80], 2d10h, ospf-n9k-2, intra
10.1.1.8/30, ubest/mbest: 1/0
    *via 10.1.1.1, Eth1/1, [110/80], 2d10h, ospf-n9k-2, intra

查看N9K-3 OSPF路由表:

N9K-3# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

1.1.1.1/32, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/41], 2d10h, ospf-n9k-3, intra
2.2.2.2/32, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/81], 2d10h, ospf-n9k-3, intra
4.4.4.4/32, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/81], 2d10h, ospf-n9k-3, intra
10.1.1.0/30, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/80], 2d10h, ospf-n9k-3, intra
10.1.1.8/30, ubest/mbest: 1/0
    *via 10.1.1.5, Eth1/1, [110/80], 2d10h, ospf-n9k-3, intra

查看N9K-4 OSPF路由表:

N9K-4# show ip route ospf
IP Route Table for VRF "default"
'*' denotes best ucast next-hop
'**' denotes best mcast next-hop
'[x/y]' denotes [preference/metric]
'%<string>' in via output denotes VRF <string>

1.1.1.1/32, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/41], 2d10h, ospf-n9k-4, intra
2.2.2.2/32, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/81], 2d10h, ospf-n9k-4, intra
3.3.3.3/32, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/81], 2d10h, ospf-n9k-4, intra
10.1.1.0/30, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/80], 2d10h, ospf-n9k-4, intra
10.1.1.4/30, ubest/mbest: 1/0
    *via 10.1.1.9, Eth1/1, [110/80], 2d10h, ospf-n9k-4, intra

2.3.2 配置Underlay Multicast网络

N9K-1配置:

feature pim
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24

interface loopback0
  ip pim sparse-mode

interface Ethernet1/1
  ip pim sparse-mode

interface Ethernet1/2
  ip pim sparse-mode

interface Ethernet1/3
  ip pim sparse-mode

N9K-2配置:

feature pim
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24

interface loopback0
  ip pim sparse-mode

interface Ethernet1/1
  ip pim sparse-mode

N9K-3配置:

feature pim
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24

interface loopback0
  ip pim sparse-mode

interface Ethernet1/1
  ip pim sparse-mode

N9K-4配置:

feature pim
ip pim rp-address 1.1.1.1 group-list 239.0.0.0/24

interface loopback0
  ip pim sparse-mode

interface Ethernet1/1
  ip pim sparse-mode

配置验证:

查看N9K-1 Multicast路由表:

N9K-1# show  ip mroute 
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 06:25:14, pim ip 
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

(*, 239.0.0.1/32), uptime: 06:11:39, pim ip 
  Incoming interface: loopback0, RPF nbr: 1.1.1.1
  Outgoing interface list: (count: 3)
    Ethernet1/1, uptime: 00:00:49, pim
    Ethernet1/2, uptime: 00:00:55, pim
    Ethernet1/3, uptime: 00:01:02, pim

(2.2.2.2/32, 239.0.0.1/32), uptime: 06:11:18, pim mrib ip 
  Incoming interface: Ethernet1/1, RPF nbr: 10.1.1.2, internal
  Outgoing interface list: (count: 3)
    Ethernet1/1, uptime: 00:00:49, pim, (RPF)
    Ethernet1/2, uptime: 00:00:55, pim
    Ethernet1/3, uptime: 00:01:02, pim

(3.3.3.3/32, 239.0.0.1/32), uptime: 06:11:06, pim mrib ip 
  Incoming interface: Ethernet1/2, RPF nbr: 10.1.1.6, internal
  Outgoing interface list: (count: 3)
    Ethernet1/1, uptime: 00:00:49, pim
    Ethernet1/2, uptime: 00:00:55, pim, (RPF)
    Ethernet1/3, uptime: 00:01:02, pim

(4.4.4.4/32, 239.0.0.1/32), uptime: 06:10:58, pim mrib ip 
  Incoming interface: Ethernet1/3, RPF nbr: 10.1.1.10, internal
  Outgoing interface list: (count: 3)
    Ethernet1/3, uptime: 00:00:39, pim, (RPF)
    Ethernet1/1, uptime: 00:00:49, pim
    Ethernet1/2, uptime: 00:00:55, pim

查看N9K-2 Multicast路由表:

N9K-2# show  ip mroute 
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 06:26:48, pim ip 
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

(*, 239.0.0.1/32), uptime: 06:13:07, ip pim nve 
  Incoming interface: Ethernet1/1, RPF nbr: 10.1.1.1
  Outgoing interface list: (count: 1)
    nve1, uptime: 00:02:16, nve

(2.2.2.2/32, 239.0.0.1/32), uptime: 06:13:07, mrib ip pim nve 
  Incoming interface: loopback0, RPF nbr: 2.2.2.2
  Outgoing interface list: (count: 1)
    Ethernet1/1, uptime: 00:02:29, pim

查看N9K-3 Multicast路由表:

N9K-3# show  ip mroute 
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 06:26:50, pim ip 
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

(*, 239.0.0.1/32), uptime: 06:13:15, ip pim nve 
  Incoming interface: Ethernet1/1, RPF nbr: 10.1.1.5
  Outgoing interface list: (count: 1)
    nve1, uptime: 00:02:36, nve

(3.3.3.3/32, 239.0.0.1/32), uptime: 06:13:15, mrib ip pim nve 
  Incoming interface: loopback0, RPF nbr: 3.3.3.3
  Outgoing interface list: (count: 1)
    Ethernet1/1, uptime: 00:02:43, pim

查看N9K-4 Multicast路由表:

N9K-4# show ip mroute 
IP Multicast Routing Table for VRF "default"

(*, 232.0.0.0/8), uptime: 06:27:20, pim ip 
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

(*, 239.0.0.1/32), uptime: 06:13:47, ip pim nve 
  Incoming interface: Ethernet1/1, RPF nbr: 10.1.1.9
  Outgoing interface list: (count: 1)
    nve1, uptime: 00:03:21, nve

(4.4.4.4/32, 239.0.0.1/32), uptime: 06:13:47, mrib ip pim nve 
  Incoming interface: loopback0, RPF nbr: 4.4.4.4
  Outgoing interface list: (count: 1)
    Ethernet1/1, uptime: 00:03:14, pim

2.3.3 配置Overlay网络

N9K-2配置:

vlan 10
  vn-segment 10010

interface nve1
  no shutdown
  source-interface loopback0
  member vni 10010
    mcast-group 239.0.0.1

N9K-3配置:

vlan 10
  vn-segment 10010

interface nve1
  no shutdown
  source-interface loopback0
  member vni 10010
    mcast-group 239.0.0.1

N9K-4配置:

vlan 10
  vn-segment 10010

interface nve1
  no shutdown
  source-interface loopback0
  member vni 10010
    mcast-group 239.0.0.1

配置验证:
查看N9K-2 NVE的VNI和Peers状态:

N9K-2# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP        
       SU - Suppress Unknown Unicast 
       Xconn - Crossconnect      
       MS-IR - Multisite Ingress Replication
 
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      10010    239.0.0.1         Up    DP   L2 [10]                 

N9K-2# show nve peers 
N9K-2#

查看N9K-3 NVE的VNI和Peers状态:

N9K-3# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP        
       SU - Suppress Unknown Unicast 
       Xconn - Crossconnect      
       MS-IR - Multisite Ingress Replication
 
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      10010    239.0.0.1         Up    DP   L2 [10]                 

N9K-3# show nve peers
N9K-3# 

查看N9K-4 NVE的VNI和Peers状态:

N9K-4# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP        
       SU - Suppress Unknown Unicast 
       Xconn - Crossconnect      
       MS-IR - Multisite Ingress Replication
 
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      10010    239.0.0.1         Up    DP   L2 [10]                 

N9K-4# show nve peers
N9K-4# 

从以上结果可看出,目前VTEP之间并没有VxLAN隧道建立。

2.4 实验验证

2.4.1 PC IP配置

PC1配置:

VPCS> show ip all
NAME   IP/MASK              GATEWAY           MAC                DNS
VPCS1  172.16.1.1/24        0.0.0.0           00:50:79:66:68:05  

PC2配置:

VPCS> show ip all 
NAME   IP/MASK              GATEWAY           MAC                DNS
VPCS1  172.16.1.2/24        0.0.0.0           00:50:79:66:68:06 

PC3配置:

VPCS> show ip all 
NAME   IP/MASK              GATEWAY           MAC                DNS
VPCS1  172.16.1.3/24        0.0.0.0           00:50:79:66:68:07  

2.4.2 触发流量

PC1触发流量:

VPCS> ping 172.16.1.2
host (172.16.1.2) not reachable

VPCS> ping 172.16.1.2
84 bytes from 172.16.1.2 icmp_seq=1 ttl=64 time=44.744 ms
84 bytes from 172.16.1.2 icmp_seq=2 ttl=64 time=49.071 ms
84 bytes from 172.16.1.2 icmp_seq=3 ttl=64 time=34.025 ms
84 bytes from 172.16.1.2 icmp_seq=4 ttl=64 time=43.254 ms
84 bytes from 172.16.1.2 icmp_seq=5 ttl=64 time=32.700 ms

VPCS> ping 172.16.1.3
84 bytes from 172.16.1.3 icmp_seq=1 ttl=64 time=45.851 ms
84 bytes from 172.16.1.3 icmp_seq=2 ttl=64 time=47.016 ms
84 bytes from 172.16.1.3 icmp_seq=3 ttl=64 time=44.488 ms
84 bytes from 172.16.1.3 icmp_seq=4 ttl=64 time=43.073 ms
84 bytes from 172.16.1.3 icmp_seq=5 ttl=64 time=65.783 ms

PC2触发流量:

VPCS> ping  172.16.1.3
host (172.16.1.3) not reachable

VPCS> ping  172.16.1.3
84 bytes from 172.16.1.3 icmp_seq=1 ttl=64 time=34.228 ms
84 bytes from 172.16.1.3 icmp_seq=2 ttl=64 time=27.838 ms
84 bytes from 172.16.1.3 icmp_seq=3 ttl=64 time=62.914 ms
84 bytes from 172.16.1.3 icmp_seq=4 ttl=64 time=47.581 ms
84 bytes from 172.16.1.3 icmp_seq=5 ttl=64 time=25.724 ms

2.4.3 检查VxLAN隧道

N9K-2 VxLAN隧道:

N9K-2# show nve peers 
Interface Peer-IP          State LearnType Uptime   Router-Mac       
--------- ---------------  ----- --------- -------- -----------------
nve1      3.3.3.3          Up    DP        00:02:30 n/a              
nve1      4.4.4.4          Up    DP        00:02:20 n/a  

N9K-3 VxLAN隧道:

N9K-3# show nve peers
Interface Peer-IP          State LearnType Uptime   Router-Mac       
--------- ---------------  ----- --------- -------- -----------------
nve1      2.2.2.2          Up    DP        00:02:42 n/a              
nve1      4.4.4.4          Up    DP        00:02:14 n/a   

N9K-4 VxLAN隧道:

N9K-4# show nve peers
Interface Peer-IP          State LearnType Uptime   Router-Mac       
--------- ---------------  ----- --------- -------- -----------------
nve1      2.2.2.2          Up    DP        00:02:55 n/a              
nve1      3.3.3.3          Up    DP        00:02:28 n/a  

从以上结果可看出,经过流量触发后,VTEP间的VxLAN隧道才会自动建立。

2.4.4 检查VxLAN MAC地址表

N9K-2 MAC地址表:

N9K-2# show system internal l2fwder mac 
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*    10    0050.7966.6805   dynamic   00:00:58   F     F     Eth1/2  
*    10    0050.7966.6806   dynamic   00:00:58   F     F  (0x47000001) nve-peer1
 3.3.3.3  
*    10    0050.7966.6807   dynamic   00:00:56   F     F  (0x47000002) nve-peer2
 4.4.4.4 

N9K-3 MAC地址表:

N9K-3# show system internal l2fwder mac 
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*    10    0050.7966.6805   dynamic   00:01:25   F     F  (0x47000001) nve-peer1
 2.2.2.2  
*    10    0050.7966.6806   dynamic   00:01:25   F     F     Eth1/2  
*    10    0050.7966.6807   dynamic   00:01:16   F     F  (0x47000002) nve-peer2
 4.4.4.4  

N9K-4 MAC地址表:

N9K-4# show system internal l2fwder mac 
Legend: 
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False, C - ControlPlane MAC
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*    10    0050.7966.6805   dynamic   00:01:28   F     F  (0x47000001) nve-peer1
 2.2.2.2  
*    10    0050.7966.6806   dynamic   00:01:19   F     F  (0x47000002) nve-peer2
 3.3.3.3  
*    10    0050.7966.6807   dynamic   00:01:27   F     F     Eth1/2  

有关MAC地址详细学习流程可参考"实验1:基于静态Ingress Replication实现Cisco VxLAN "。

2.5 报文分析

2.5.1 BUM报文分析

清空PC1的ARP表:

VPCS> arp
00:50:79:66:68:06  172.16.1.2 expires in 118 seconds 

VPCS> clear arp

VPCS> arp
arp table is empty
VPCS> 

清空PC2的ARP表:

VPCS> arp
00:50:79:66:68:05  172.16.1.1 expires in 93 seconds 

VPCS> clear arp

VPCS> arp
arp table is empty
VPCS> 

BUM报文抓包:
以ARP请求报文为例

image.png
组播转发说明:

2.5.2 单播报文分析

单播报文抓包:
以ARP回复报文为例

image.png

三、集中式网关

变更N9K-2的配置:

feature interface-vlan
vlan 20
  vn-segment 10020
interface Vlan10
  no shutdown
  ip address 172.16.1.254/24
interface Vlan20
  no shutdown
  ip address 172.16.2.254/24
interface nve1
  member vni 10020
    mcast-group 239.0.0.2

变更N9K-4的配置:

vlan 20
  vn-segment 10020
interface nve1
  no member vni 10010
  member vni 10020
    mcast-group 239.0.0.2
interface Ethernet1/2
  switchport access vlan 20

变更PC1的配置-配上网关:

VPCS> ip 172.16.1.1 255.255.255.0  172.16.1.254
Checking for duplicate address...
PC1 : 172.16.1.1 255.255.255.0 gateway 172.16.1.254

变更PC2的配置-配上网关:

VPCS> ip 172.16.1.2 255.255.255.0  172.16.1.254
Checking for duplicate address...
PC1 : 172.16.1.2 255.255.255.0 gateway 172.16.1.254

变更PC3的配置-修改IP:

VPCS> ip 172.16.2.1 255.255.255.0  172.16.2.254
Checking for duplicate address...
PC1 : 172.16.2.1 255.255.255.0 gateway 172.16.2.254

测试:
从PC3 ping PC1

VPCS> ping  172.16.1.1
84 bytes from 172.16.1.1 icmp_seq=1 ttl=63 time=44.051 ms
84 bytes from 172.16.1.1 icmp_seq=2 ttl=63 time=52.670 ms
84 bytes from 172.16.1.1 icmp_seq=3 ttl=63 time=94.949 ms
84 bytes from 172.16.1.1 icmp_seq=4 ttl=63 time=48.976 ms
84 bytes from 172.16.1.1 icmp_seq=5 ttl=63 time=50.364 ms

从PC3 ping PC2

VPCS> ping  172.16.1.2
84 bytes from 172.16.1.2 icmp_seq=1 ttl=63 time=66.403 ms
84 bytes from 172.16.1.2 icmp_seq=2 ttl=63 time=68.189 ms
84 bytes from 172.16.1.2 icmp_seq=3 ttl=63 time=67.867 ms
84 bytes from 172.16.1.2 icmp_seq=4 ttl=63 time=86.699 ms
84 bytes from 172.16.1.2 icmp_seq=5 ttl=63 time=75.751 ms

从PC2 ping PC1

VPCS> ping 172.16.1.1
84 bytes from 172.16.1.1 icmp_seq=1 ttl=64 time=41.983 ms
84 bytes from 172.16.1.1 icmp_seq=2 ttl=64 time=46.274 ms
84 bytes from 172.16.1.1 icmp_seq=3 ttl=64 time=40.682 ms
84 bytes from 172.16.1.1 icmp_seq=4 ttl=64 time=51.736 ms
84 bytes from 172.16.1.1 icmp_seq=5 ttl=64 time=44.748 ms

如果集中式网关配置完毕并检查无误后,如果不通,可尝试保存并重启N9K!

四、总结

基于Static Ingress Replications实现VxLAN优势:

基于Static Ingress Replications实现VxLAN劣势:


基于Multicast实现VxLAN优势:

基于Multicast实现VxLAN劣势:

上一篇下一篇

猜你喜欢

热点阅读