配置VXLAN泛洪並使用組播核心學習
目錄
簡介
本檔案介紹如何透過IPv4多點傳送傳輸設定和驗證虛擬可擴充區域網路(VXLAN)泛洪和學習模式。
必要條件
需求
思科建議您瞭解基本IP多點傳送。
採用元件
本檔案中的資訊是根據Nexus平台。
本文中的資訊是根據特定實驗室環境內的裝置所建立。文中使用到的所有裝置皆從已清除(預設)的組態來啟動。如果您的網路運作中,請確保您瞭解任何指令可能造成的影響。
背景資訊
VXLAN的用途是提供與VLAN相同的乙太網路第2層網路服務。VXLAN使用UDP封包封裝MAC位址,此封包使得第2層封包得以透過第3層網路傳輸。因此,它基本上是UDP內MAC報頭。
VXLAN引入一個8位元組的VXLAN標頭,其中包括24位元VXLAN網路識別碼(VNID)和幾個保留位元。VXLAN標頭與原始乙太網路訊框一起進入UDP負載。24位VNID用於識別第2層網段並在網段之間保持第2層隔離。在VNID中的全部24位元中,VXLAN可支援1600萬個LAN區段。從而解決了VLAN的侷限性問題。沒有VxLAN,您只能擁有4094個VLAN,隨著需求的增加,現代網路需要更多的VLAN,而VXLAN是解決此問題的解決方案。
由於它使用乙太網幀來封裝資料包,因此乙太網屬性需要保持完整,如廣播、未知的單點傳播和多點傳播。為了解決這些型別的流量,使用組播。本檔案將說明VXLAN泛洪和學習。名稱表示它泛洪資料包並學習遠端終端。這表示資料平面並非一直處於開啟狀態,只要流量資料平面建立完畢,而MAC位址到期時,資料平面就會到期。
VXLAN的封包格式
如圖所示,原始幀封裝在VXLAN報頭中,VNID為24位,VXLAN報頭為8位元組。該報頭進一步封裝在UDP報頭中,外部報頭是IP報頭。
來源IP位址是封裝虛擬終端端點(VTEP)的IP,且目的地IP可以是多點傳送或單點傳播。VXLAN使用VXLAN通道端點(VTEP)裝置將租戶的終端裝置對應到VXLAN區段,以便執行VXLAN封裝和解除封裝。每個VTEP有兩個介面:一個是本地LAN網段上的交換機介面,用於支援通過橋接進行的本地終端通訊;另一個是到傳輸IP網路的IP介面。
遠端VTEP探索
當主機開始傳送流量時,遵循的流程如下所述。此時,VTEP不知道遠端主機的MAC地址。
- 終端站向遠端站傳送位址解析通訊協定(ARP)封包。
- 封包會到達VTEP-A,且由於VTEP-A不知道VTEP-B,因此會將該封包封裝在VXLAN標頭中。它將組播IP地址用作目標IP地址。由於所有VTEP都使用同一個組播地址,因此所有組播都加入同一個組播組。
- 此封包會到達所有VTEP並將其解除封裝,如此一來,遠端VTEP便可得知其他VTEP。由於解除封裝的VTEP具有VNID,因此會在已設定相同VNID的VLAN中轉送。
- 現在,遠端傳送ARP回覆封包,並到達VTEP-B,因為現在VTEP-B知道VTEP-A,所以它再次封裝原始訊框,但現在目的地IP位址是VTEP-B,而且是單點傳播IP位址。
- ARP回復到達VTEP-A,現在VTEP-A可以獲知VTEP-B並與VTEP-B形成鄰居關係。
如圖所示,主機H1屬於VLAN 10,封裝在VNID中10000。 如下圖所示,使用H1的SMAC和使用H2的DMAC封裝在VNI 1000中,源IP和目標IP可以是本部分所述的組播或單播。
設定
網路圖表
- 9396-A和9396-B是視為VTEP-1的VPC對等路由器
- 9396-C是VTEP-2
- 圖中有兩台位於VLAN 10中的主機,即10.10.10.1和10.10.10.2
- 將VLAN 10與VNID一起使用作為10010
- 230.1.1.1用作組播組
若要在Nexus上啟用VXLAN,需要啟用此功能。
9396-A組態
!
feature vn-segment-vlan-based
feature nv overlay
!
vlan 10
vn-segment 10010 ------> 10010 is VNID
!
interface nve1
no shutdown
source-interface loopback0
member vni 10010 mcast-group 230.1.1.1
!
interface eth1/2
!
ip pim sparse-mode
!
interface loopback0
ip address 10.1.1.1/32
ip address 10.1.1.10/32 secondary
ip router ospf 9k area 0.0.0.0
ip pim sparse-mode
!
!
feature vpc
!
vpc domain 1
peer-switch
peer-keepalive destination 10.31.113.41 source 10.31.113.40
peer-gateway
!
interface port-channel1
vpc peer-link
!
interface port-channel112
vpc 112
!
9396-B組態
!
vlan 10
vn-segment 10010 ------> 10010 is VNID
!
interface nve1
no shutdown
source-interface loopback0
member vni 10010 mcast-group 230.1.1.1
!
interface eth1/2
ip pim sparse-mode
!
interface loopback0
ip address 10.1.1.2/32
ip address 10.1.1.10/32 secondary
ip router ospf 9k area 0.0.0.0
ip pim sparse-mode
!
feature vpc
!
vpc domain 1
peer-switch
peer-keepalive destination 10.31.113.40 source 10.31.113.41
peer-gateway
!
interface port-channel1
vpc peer-link
!
interface port-channel112
vpc 112
!
9508-A組態
feature pim
ip pim rp-address 10.1.1.5 group-list 224.0.0.0/4
ip pim ssm range 232.0.0.0/8
interface loopback0
ip pim sparse-mode
interface Ethernet5/2
ip pim sparse-mode
interface Ethernet5/3
ip pim sparse-mode
interface Ethernet5/4
ip pim sparse-mode
9396-C配置
!
vlan 10
vn-segment 10010
!
interface loopback0
ip address 10.1.1.3/32
ip router ospf 9k area 0.0.0.0
ip pim sparse-mode
!
interface nve1
no shutdown
source-interface loopback0
member vni 10010 mcast-group 230.1.1.1
!
int eth1/2
ip pim sparse-mode
!
驗證
使用本節內容,確認您的組態是否正常運作。
到目前為止,主機尚未開始傳送資料包流。由於9396-A是VPC保持裝置,因此它從輔助IP地址發起流量,並充當組播流的源IP地址。
9396-A# sh nve interface
Interface: nve1, State: Up, encapsulation: VXLAN
VPC Capability: VPC-VIP-Only [notified]
Local Router MAC: d8b1.9076.9053
Host Learning Mode: Data-Plane
Source-Interface: loopback0 (primary: 10.1.1.1, secondary: 10.1.1.10)
9396-A# sh ip mroute 230.1.1.1
IP Multicast Routing Table for VRF "default"
(*, 230.1.1.1/32), uptime: 01:09:34, ip pim nve
Incoming interface: Ethernet1/2, RPF nbr: 192.168.10.2
Outgoing interface list: (count: 1)
nve1, uptime: 00:11:20, nve
(10.1.1.3/32, 230.1.1.1/32), uptime: 00:12:19, ip mrib pim nve
Incoming interface: Ethernet1/2, RPF nbr: 192.168.10.2
Outgoing interface list: (count: 1)
nve1, uptime: 00:11:20, nve
(10.1.1.10/32, 230.1.1.1/32), uptime: 00:11:20, nve ip mrib pim
Incoming interface: loopback0, RPF nbr: 10.1.1.10
Outgoing interface list: (count: 1)
Ethernet1/2, uptime: 00:11:20, pim
在*,G條目nve介面中填充傳出介面清單(OIL)。 如下圖所示,10.1.1.10是組播流的源,而nve介面是面向eth1/2的組播流的最後一個跳路由器,該組播流是外發介面。
由於不存在來自主機的流量,因此沒有nve對等體:
9396-A# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 10 8c60.4f93.5ffc dynamic 0 F F Po112 >> This mac is for host 10.10.10.1
9396-A# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
此輸出顯示vPC輸出必須顯示的樣子:
9396-A# sh vpc brief
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
Delay-restore status : Timer is off.(timeout = 30s)
Delay-restore SVI status : Timer is off.(timeout = 10s)
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 1-10
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
112 Po112 up success success 1-10
9396-A# sh vpc consistency-parameters global
Legend:
Type 1 : vPC will be suspended in case of mismatch
Name Type Local Value Peer Value
------------- ---- ---------------------- -----------------------
Vlan to Vn-segment Map 1 1 Relevant Map(s) 1 Relevant Map(s)
STP Mode 1 Rapid-PVST Rapid-PVST
STP Disabled 1 None None
STP MST Region Name 1 "" ""
STP MST Region Revision 1 0 0
STP MST Region Instance to 1
VLAN Mapping
STP Loopguard 1 Disabled Disabled
STP Bridge Assurance 1 Enabled Enabled
STP Port Type, Edge 1 Normal, Disabled, Normal, Disabled,
BPDUFilter, Edge BPDUGuard Disabled Disabled
STP MST Simulate PVST 1 Enabled Enabled
Nve Admin State, Src Admin 1 Up, Up, 10.1.1.10, DP Up, Up, 10.1.1.10, DP
State, Secondary IP, Host
Reach Mode
Nve Vni Configuration 1 10010 10010
Nve encap Configuration 1 vxlan vxlan
Interface-vlan admin up 2
Interface-vlan routing 2 1 1
capability
Allowed VLANs - 1-10 1-10
Local suspended VLANs - - -
9508-A
由於9508-A路由是核心路由器,因此它不瞭解VXLAN,它只瞭解mroute條目,如下所示:
9508-A# sh ip mroute 230.1.1.1
IP Multicast Routing Table for VRF "default"
(*, 230.1.1.1/32), uptime: 01:30:06, pim ip
Incoming interface: loopback0, RPF nbr: 10.1.1.5, uptime: 01:30:06
Outgoing interface list: (count: 3)
Ethernet5/3, uptime: 00:14:11, pim
Ethernet5/2, uptime: 00:14:31, pim
Ethernet5/4, uptime: 00:16:22, pim
(10.1.1.3/32, 230.1.1.1/32), uptime: 00:15:44, pim mrib ip
Incoming interface: Ethernet5/4, RPF nbr: 192.168.10.10, uptime: 00:15:44, internal
Outgoing interface list: (count: 2)
Ethernet5/3, uptime: 00:14:11, pim
Ethernet5/2, uptime: 00:14:31, pim
(10.1.1.10/32, 230.1.1.1/32), uptime: 00:14:31, pim mrib ip
Incoming interface: Ethernet5/2, RPF nbr: 192.168.10.1, uptime: 00:14:31, internal
Outgoing interface list: (count: 1)
Ethernet5/4, uptime: 00:14:31, pim
9396-C
9396-C# show ip mroute
IP Multicast Routing Table for VRF "default"
(*, 230.1.1.1/32), uptime: 01:07:34, ip pim nve
Incoming interface: Ethernet1/2, RPF nbr: 192.168.10.9
Outgoing interface list: (count: 1)
nve1, uptime: 00:10:38, nve
(10.1.1.3/32, 230.1.1.1/32), uptime: 00:10:38, nve ip mrib pim
Incoming interface: loopback0, RPF nbr: 10.1.1.3
Outgoing interface list: (count: 1)
Ethernet1/2, uptime: 00:09:49, pim
(10.1.1.10/32, 230.1.1.1/32), uptime: 00:08:05, ip mrib pim nve
Incoming interface: Ethernet1/2, RPF nbr: 192.168.10.9
Outgoing interface list: (count: 1)
nve1, uptime: 00:08:05, nve
對等體之間的流量開始後的狀態
一旦主機1(即10.10.10.1)開始向10.10.10.2 NVE對等點傳送流量:
9396-A# sh mac address-table dynamic
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 10 8c60.4f93.5ffc dynamic 0 F F Po112
+ 10 8c60.4f93.647c dynamic 0 F F nve1(10.1.1.3)
9396-A# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 10.1.1.3 Up DP 00:00:14 n/a
9396-A# sh nve peers detail
Details of nve Peers:
----------------------------------------
Peer-Ip: 10.1.1.3
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:04:49
Router-Mac : n/a
Peer First VNI : 10010
Time since Create : 00:04:49
Configured VNIs : 10010
Provision State : add-complete
Route-Update : Yes
Peer Flags : None
Learnt CP VNIs : --
Peer-ifindex-resp : Yes
----------------------------------------
9396-A sh nve vni 10010 detail
VNI: 10010
NVE-Interface : nve1
Mcast-Addr : 230.1.1.1
VNI State : Up
Mode : data-plane
VNI Type : L2 [10]
VNI Flags :
Provision State : add-complete
Vlan-BD : 10
SVI State : n/a
9396-A# sh nve internal vni 10010
VNI 10010
Ready-State : Ready [L2-vni-flood-learn-ready]
同樣地,在9396-C NVE對等點必須啟動:
9396-C# show mac address-table dynamic
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 10 8c60.4f93.5ffc dynamic 0 F F nve1(10.1.1.10)
* 10 8c60.4f93.647c dynamic 0 F F Eth1/13
9396-C# sh nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 10.1.1.10 Up DP 00:08:28 n/a
9396-C# sh nve peers detail
Details of nve Peers:
----------------------------------------
Peer-Ip: 10.1.1.10
NVE Interface : nve1
Peer State : Up
Peer Uptime : 00:08:32
Router-Mac : n/a
Peer First VNI : 10010
Time since Create : 00:08:32
Configured VNIs : 10010
Provision State : add-complete
Route-Update : Yes
Peer Flags : None
Learnt CP VNIs : --
Peer-ifindex-resp : Yes
----------------------------------------
9396-C sh nve vni 10010 detail
VNI: 10010
NVE-Interface : nve1
Mcast-Addr : 230.1.1.1
VNI State : Up
Mode : data-plane
VNI Type : L2 [10]
VNI Flags :
Provision State : add-complete
Vlan-BD : 10
SVI State : n/a
9396-C# sh nve internal vni 10010
VNI 10010
Ready-State : Ready [L2-vni-flood-learn-ready]
如圖所示,NVE對等體基於資料平面學習,它使用泛洪和學習機制。如果MAC地址超時,則nve對等體會關閉。
疑難排解
目前尚無適用於此組態的具體疑難排解資訊。
意見