ENSPLAB笔记：配置VXLAN（集中式网关/静态部署VXLAN）

最新推荐文章于 2025-04-06 07:37:27 发布

googleccsdn

最新推荐文章于 2025-04-06 07:37:27 发布

阅读量2.3k

点赞数 10

分类专栏： ENSP wireshark 文章标签：笔记 wireshark 网络网络协议

本文链接：https://blog.youkuaiyun.com/googleccsdn/article/details/143026776

版权

ENSP 同时被 2 个专栏收录

11 篇文章

订阅专栏

wireshark

7 篇文章

订阅专栏

1、实验目的

初步了解Spine/Leaf架构及VXLAN工作机制。

2、实验环境

2.1 实验拓扑

2.2 配置数据

(1)服务器配置数据：

	ip address	gateway	vlan
Serv1	172.16.1.0/24	172.16.1.1	10
Serv2	10.10.10.10/24	10.10.10.1	20
Serv3	172.16.1.20/24	172.16.1.1	30
Serv4	11.11.11.20/24	11.11.11.1	40

(2)ASW1配置数据：

划分vlan10/20，和Leaf1 Trunk连接

(3)ASW2配置数据：

划分vlan30/40，和Leaf2 Trunk连接

(4)Leaf1/Leaf2/Spine1/BL1配置数据：

	Lo0(ospf rid)	Lo10(vtep address)	VID/BD/VNI对应关系
			VID	BD	L2VNI
Spine1	1.1.1.1
Leaf1	2.2.2.2	20.20.20.20	10	100	8000
Leaf1	2.2.2.2	20.20.20.20	20	200	9000
Leaf2	3.3.3.3	30.30.30.30	30	300	8000
Leaf2	3.3.3.3	30.30.30.30	40	400	9010
BL1	4.4.4.4	40.40.40.40		500	9000
BL1	4.4.4.4	40.40.40.40		600	9010

Spine1和Leaf1/Leaf2/BL1互联端口地址：192.168.x.x/24

2.3 设备型号

名称	功能	ENSP型号	ENSP版本
Spine1	Spine节点	CE12800	V200R005C10
Leaf1/Leaf2	Server Leaf节点	CE12800	V200R005C10
BL1	Border Leaf节点	CE12800	V200R005C10
ASW1	接入交换机	S3700	V200R001C00
ASW2	接入交换机	S3700	V200R001C00
Serv1~4	服务器	PC

ensp版本：

3、实验内容

1、按照实验环境进行组网。
2、基础配置：Spine1/Leaf1/Leaf2/BL1配置OSPF，相互能学习到Loopback地址。
3、在Leaf1、Leaf2配置VXLAN，使得相同网段服务器Serv1和Serv3能相互Ping通。
4、在BL1配置集中式网关，使得不同网段服务器Serv2和Serv4能相互Ping通。
5、通过命令、Wireshark抓包查看VXLAN工作状态。

4、配置步骤

4.1 基础配置

（1）配置Serv1/Serv2/Serv3/Serv4 IP地址/网关。

（2）配置ASW1、ASW2,端口划分vlan，配置和Leaf1/Leaf2的Trunk连接。

（3）配置Spine1/Leaf1/Leaf2/BL1的loopback地址，互联地址，配置OSPF，使得Loopback10地址（即VTEP地址）可达。

Leaf1 OSPF配置：

ospf 1 router-id 2.2.2.2

area 0.0.0.0

network 20.20.20.20 0.0.0.0

network 192.168.12.2 0.0.0.0

4.2 配置业务接入点

分别在Leaf1/Leaf2配置业务接入点。

Leaf1配置：

bridge-domain 100

bridge-domain 200

interface GE1/0/1

undo shutdown

interface GE1/0/1.1 mode l2

encapsulation dot1q vid 10

bridge-domain 100

interface GE1/0/1.2 mode l2

encapsulation dot1q vid 20

bridge-domain 200

BD(bridge-domain)表示本地设备的一个二层环境。

vlan在这里只是业务接入侧的一个概念。

vlan的流量匹配到BD，BD再和vxlan的vni匹配。

4.3 配置VXLAN

Leaf1 VXLAN配置，静态配置vxlan peer：

bridge-domain 100

vxlan vni 8000

bridge-domain 200

vxlan vni 9000

interface Nve1

source 20.20.20.20

vni 8000 head-end peer-list 30.30.30.30 (简单理解：在30.30.30.30也有vni 8000)

vni 9000 head-end peer-list 40.40.40.40

Leaf2 VXLAN配置：

bridge-domain 300

vxlan vni 8000

bridge-domain 400

vxlan vni 9010

interface Nve1

source 30.30.30.30

vni 8000 head-end peer-list 20.20.20.20

vni 9010 head-end peer-list 40.40.40.40

BL1 VXLAN配置：

bridge-domain 500

vxlan vni 9000

bridge-domain 600

vxlan vni 9010

interface Nve1

source 40.40.40.40

vni 9000 head-end peer-list 20.20.20.20

vni 9010 head-end peer-list 30.30.30.30

interface Nve1

这条命令进入名为Nve1的网络虚拟化边缘接口（NVE）的配置模式。NVE接口是用于VXLAN隧道的接口。

source 20.20.20.20

这条命令配置了NVE接口的源IP地址，即隧道的本地端点地址（VTEP地址）。

vni 8000 head-end peer-list 30.30.30.30

vni 8000指定了VNI编号为8000的VXLAN网络。
head-end表示该NVE是VXLAN隧道的头部节点，负责处理VXLAN隧道的建立和维护。
peer-list 30.30.30.30指定了头端复制地址，处理BUM流量。

4.4 配置VXLAN三层网关（集中式网关）

BL1配置vxlan三层网关（集中式网关）

interface Vbdif500

ip address 10.10.10.1 255.255.255.0

interface Vbdif600

ip address 11.11.11.1 255.255.255.0

5、结果验证

5.1 相同网段ping

Serv1和Serv3能相互Ping通。

如果ping不通，可以重新配置Leaf2的业务接入点：

[Leaf2]int g1/0/1.3
[Leaf2-GE1/0/1.3]undo bridge-do
[Leaf2-GE1/0/1.3]undo bridge-domain
[Leaf2-GE1/0/1.3]bridge
[Leaf2-GE1/0/1.3]bridge-domain 300
[Leaf2-GE1/0/1.3]

5.2 不同网段ping

通过BL1上配置的集中式网关，Serv2和Serv4能相互Ping通。

首先Serv1 ping自己的网关，Serv2 ping自己的网关，能ping通后，Serv1 ping Serv2

5.3 Wireshar抓包

Wireshark抓包，分析vxlan格式。实验过程中也可以通过wireshark进行排障。

5.3.1 ARP

arp request:

Frame 5: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface -, id 0
Ethernet II, Src: 38:67:e3:02:01:00, Dst: 38:67:e3:03:01:00
    Destination: 38:67:e3:03:01:00
    Source: 38:67:e3:02:01:00
    Type: IPv4 (0x0800)
    [Stream index: 4]
Internet Protocol Version 4, Src: 20.20.20.20, Dst: 30.30.30.30
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 96
    Identification: 0x0000 (0)
    000. .... = Flags: 0x0
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 254
    Protocol: UDP (17)
    Header Checksum: 0x5829 [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 20.20.20.20
    Destination Address: 30.30.30.30
    [Stream index: 2]
User Datagram Protocol, Src Port: 4789, Dst Port: 4789
    Source Port: 4789
    Destination Port: 4789
    Length: 76
    Checksum: 0x0000 [zero-value ignored]
    [Stream index: 0]
    [Stream Packet Number: 1]
    [Timestamps]
    UDP payload (68 bytes)
Virtual eXtensible Local Area Network
    Flags: 0x0800, VXLAN Network ID (VNI)
    Group Policy ID: 0
    VXLAN Network Identifier (VNI): 8000
    Reserved: 0
Ethernet II, Src: 54:89:98:8e:0b:a1, Dst: ff:ff:ff:ff:ff:ff
    Destination: ff:ff:ff:ff:ff:ff
    Source: 54:89:98:8e:0b:a1
    Type: ARP (0x0806)
    [Stream index: 5]
    Padding: 000000000000000000000000000000000000
Address Resolution Protocol (request)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: request (1)
    Sender MAC address: 54:89:98:8e:0b:a1
    Sender IP address: 172.16.1.10
    Target MAC address: ff:ff:ff:ff:ff:ff
    Target IP address: 172.16.1.20

arp reply:

Frame 6: 110 bytes on wire (880 bits), 110 bytes captured (880 bits) on interface -, id 0
Ethernet II, Src: 38:67:e3:03:01:00, Dst: 38:67:e3:02:01:00
    Destination: 38:67:e3:02:01:00
    Source: 38:67:e3:03:01:00
    Type: IPv4 (0x0800)
    [Stream index: 4]
Internet Protocol Version 4, Src: 30.30.30.30, Dst: 20.20.20.20
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 96
    Identification: 0x0000 (0)
    000. .... = Flags: 0x0
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 253
    Protocol: UDP (17)
    Header Checksum: 0x5929 [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 30.30.30.30
    Destination Address: 20.20.20.20
    [Stream index: 2]
User Datagram Protocol, Src Port: 4789, Dst Port: 4789
    Source Port: 4789
    Destination Port: 4789
    Length: 76
    Checksum: 0x0000 [zero-value ignored]
    [Stream index: 0]
    [Stream Packet Number: 2]
    [Timestamps]
    UDP payload (68 bytes)
Virtual eXtensible Local Area Network
    Flags: 0x0800, VXLAN Network ID (VNI)
    Group Policy ID: 0
    VXLAN Network Identifier (VNI): 8000
    Reserved: 0
Ethernet II, Src: 54:89:98:46:6b:ff, Dst: 54:89:98:8e:0b:a1
    Destination: 54:89:98:8e:0b:a1
    Source: 54:89:98:46:6b:ff
    Type: ARP (0x0806)
    [Stream index: 6]
    Padding: 000000000000000000000000000000000000
Address Resolution Protocol (reply)
    Hardware type: Ethernet (1)
    Protocol type: IPv4 (0x0800)
    Hardware size: 6
    Protocol size: 4
    Opcode: reply (2)
    Sender MAC address: 54:89:98:46:6b:ff
    Sender IP address: 172.16.1.20
    Target MAC address: 54:89:98:8e:0b:a1
    Target IP address: 172.16.1.10

5.3.2 ICMP

Frame 7: 124 bytes on wire (992 bits), 124 bytes captured (992 bits) on interface -, id 0
Ethernet II, Src: 38:67:e3:02:01:00, Dst: 38:67:e3:03:01:00
    Destination: 38:67:e3:03:01:00
    Source: 38:67:e3:02:01:00
    Type: IPv4 (0x0800)
    [Stream index: 4]
Internet Protocol Version 4, Src: 20.20.20.20, Dst: 30.30.30.30
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 110
    Identification: 0x0000 (0)
    000. .... = Flags: 0x0
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 254
    Protocol: UDP (17)
    Header Checksum: 0x581b [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 20.20.20.20
    Destination Address: 30.30.30.30
    [Stream index: 2]
User Datagram Protocol, Src Port: 4789, Dst Port: 4789
    Source Port: 4789
    Destination Port: 4789
    Length: 90
    Checksum: 0x0000 [zero-value ignored]
    [Stream index: 0]
    [Stream Packet Number: 3]
    [Timestamps]
    UDP payload (82 bytes)
Virtual eXtensible Local Area Network
    Flags: 0x0800, VXLAN Network ID (VNI)
    Group Policy ID: 0
    VXLAN Network Identifier (VNI): 8000
    Reserved: 0
Ethernet II, Src: 54:89:98:8e:0b:a1, Dst: 54:89:98:46:6b:ff
    Destination: 54:89:98:46:6b:ff
    Source: 54:89:98:8e:0b:a1
    Type: IPv4 (0x0800)
    [Stream index: 6]
Internet Protocol Version 4, Src: 172.16.1.10, Dst: 172.16.1.20
    0100 .... = Version: 4
    .... 0101 = Header Length: 20 bytes (5)
    Differentiated Services Field: 0x00 (DSCP: CS0, ECN: Not-ECT)
    Total Length: 60
    Identification: 0xa146 (41286)
    010. .... = Flags: 0x2, Don't fragment
    ...0 0000 0000 0000 = Fragment Offset: 0
    Time to Live: 128
    Protocol: ICMP (1)
    Header Checksum: 0xff3b [validation disabled]
    [Header checksum status: Unverified]
    Source Address: 172.16.1.10
    Destination Address: 172.16.1.20
    [Stream index: 3]
Internet Control Message Protocol
    Type: 8 (Echo (ping) request)
    Code: 0
    Checksum: 0x3fdc [correct]
    [Checksum Status: Good]
    Identifier (BE): 18081 (0x46a1)
    Identifier (LE): 41286 (0xa146)
    Sequence Number (BE): 1 (0x0001)
    Sequence Number (LE): 256 (0x0100)
    [Response frame: 8]
    Data (32 bytes)
        Data: 08090a0b0c0d0e0f101112131415161718191a1b1c1d1e1f2021222324252627
        [Length: 32]

5.4 检查vlan状态

5.4.1 dis vxlan peer/dis vxlan tunnel

[Leaf1]dis vxlan peer
Number of peers : 2
Vni ID    Source                  Destination            Type      Out Vni ID
-------------------------------------------------------------------------------
8000      20.20.20.20             30.30.30.30            static    8000       
9000      20.20.20.20             40.40.40.40            static    9000       
[Leaf1]

[Leaf1]dis vxlan tunnel
Number of vxlan tunnel : 2
Tunnel ID   Source                Destination           State  Type     Uptime
-----------------------------------------------------------------------------------
4026531841  20.20.20.20           30.30.30.30           up     static   02:06:04  
4026531842  20.20.20.20           40.40.40.40           up     static   02:06:04  
[Leaf1]

vxlan peer主要用于BUM流量发送：
  ┌──────────────────┬───────────┬──────────────────┐
  │      BUM         │ vxlan/vni │ vtep ip address  │
  └──────────────────┴───────────┴──────────────────┘

vxlan peer主要用于处理BUM流量。有同一L2VNI的VTEP之间建立peer，用于该二层环境的BUM流量发送。
vxlan tunnel主要用于vxlan封装。VTEP之间分别建立tunnel，和具体vni无关。

5.4.2 dis mac-address bridge-domain

查看BD二层地址学习情况。

[Leaf1]dis mac-address bridge-domain 100
Flags: * - Backup  
BD   : bridge-domain   Age : dynamic MAC learned time in seconds
-------------------------------------------------------------------------------
MAC Address    VLAN/VSI/BD   Learned-From        Type                Age
-------------------------------------------------------------------------------
5489-988e-0ba1 -/-/100       GE1/0/1.1           dynamic               -
5489-9846-6bff -/-/100       30.30.30.30         dynamic               -
5489-988e-0ba1 -/-/100       GE1/0/1.1           dynamic               -
5489-9846-6bff -/-/100       30.30.30.30         dynamic               -
-------------------------------------------------------------------------------
Total items: 4
[Leaf1]