交换机 : Cisco Nexus 9000 Series Switches

配置VXLAN

2015 年 8 月 28 日 - 机器翻译
其他版本: PDFpdf | 英语 (2015 年 7 月 10 日) | 反馈

简介

本文提供高水平概述虚拟可扩展LAN (VXLAN)和验证命令和输出按照的一些配置示例。

贡献由Al布耐恩特, Cisco TAC工程师。

先决条件

要求

Cisco 建议您了解以下主题:

  • 组播路由概念例如聚合点(RP)和平台独立组播(PIM)。
  • 虚拟端口信道(vPC)概念。

本文假设, IP路由和组播路由在VXLAN配置之前设立了。

使用的组件

本文档中的信息基于以下软件和硬件版本:

  • 连结9396s作为vPC虚拟隧道终点(VTEPs)该运行7.0(3)I1(1b)
  • 连结运行版本6.0(2)U5(1)的3172

本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。

背景信息

术语

VXLAN (虚拟可扩展LAN) -提供以太网层2网络服务和一样VLAN执行今天的技术,但是与延伸性和较大适应性。

VNID (Vxlan网络标识) -定义了广播域的24个位分段ID。可互换与“VXLAN分段ID”。

VTEP (虚拟隧道终点) -这是执行封装和解封装的设备。

NVE (网络虚拟接口) -逻辑接口封装和解封装发生的地方。

什么是VXLAN ?

  • VXLAN是允许重叠Layer2的技术(L2)网络第3层(L3)强调与使用所有IP路由协议。
  • 它使用MAC在UDP封装。

VXLAN解决三主要问题:

  • 16M VNIs (广播域)与传统VLAN提供的4K。
  • 允许任何地方在IP网络将延伸的L2。
  • 优化泛滥。

为什么VXLAN ?

  • VLAN可扩展性- VXLAN对24 BITS扩大L2分段ID字段,潜在准许16在同一网络的百万唯一L2分段。
  • L2在L3边界的分段弹性- VXLAN封装在IP UDP报头的一L2帧,允许L2在路由器边界间的邻接。
  • 杠杆作用在传输网络组播为了模拟广播、未知单播和组播的扩散行为在L2分段。
  • 有效利用等价多路径(ECMP)为了达到在传输网络的最佳路径使用情况。

配置

注意:使用命令查找工具仅限注册用户)可获取有关本部分所使用命令的详细信息。

网络图

配置

这些配置是特定对配置的VXLAN部分。注意9396-A和B在vpc domain,而3172-A不是。这些配置假设全双工可接通性对所有L3接口在有您的选择路由协议的拓扑里。开放最短路径优先(OSPF)用于此示例。它也假设组播路由在这些同样L3接口设立了。

3172-A

feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay

vlan 10
  vn-segment 160010
vlan 20
  vn-segment 160020

interface nve1
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1
  no shutdown
 
interface Ethernet1/3
  no switchport
  ip address 192.168.1.10/30
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode

interface loopback1
  ip address 192.168.2.5/32
  ip router ospf 2 area 0.0.0.0
  ip pim sparse-mode
 

 

9396-A

注意:当vPCs使用作为VTEPs时,回环接口的第二IP使用并且共享在两对等体之间。这是两对等体如何代表作为单个VTEP给远程NVE对等体。

feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay

ip pim rp-address 192.168.1.100 group-list 224.0.0.0/4

vlan 1,10,20
vlan 10
  vn-segment 160010
vlan 20
  vn-segment 160020

vpc domain 1
  peer-switch
  peer-keepalive destination 10.122.140.99
  peer-gateway

interface port-channel1
  switchport mode trunk
  spanning-tree port type network
  vpc peer-link

interface port-channel48
  switchport mode trunk
  vpc 48 

interface nve1
  mtu 9216
  no shutdown
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1

interface Ethernet1/7
  no switchport
  ip address 192.168.1.2/30
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
  no shutdown
 
interface loopback1
  ip address 192.168.2.2/32
  ip address 192.168.2.1/32 secondary
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode

9396-B

注意:当vPCs使用作为VTEPs时,回环接口的第二IP使用并且共享在两对等体之间。这是两对等体如何代表作为单个VTEP给远程NVE对等体。

feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay

ip pim rp-address 192.168.1.100 group-list 224.0.0.0/4

vlan 1,10,20
vlan 10
  vn-segment 160010
vlan 20
  vn-segment 160020
 
vpc domain 1
  peer-switch
  peer-keepalive destination 10.122.140.98
  peer-gateway

interface port-channel1
  switchport mode trunk
  spanning-tree port type network
  vpc peer-link

interface port-channel48
  switchport mode trunk
  vpc 48

interface nve1
  mtu 9216
  no shutdown
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1
    
interface Ethernet1/7
  no switchport
  ip address 192.168.1.6/30
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode
  no shutdown
 
interface loopback1
  ip address 192.168.2.3/32
  ip address 192.168.2.1/32 secondary
  ip router ospf 1 area 0.0.0.0
  ip pim sparse-mode

验证

使用本部分可确认配置能否正常运行。

命令输出解释程序工具仅限注册用户)支持某些 show 命令。请使用Output Interpreter Tool为了查看show命令输出分析

  • 显示nve对等体<---您为此将看不到所有输出从重叠的两边,直到流量被初始化
  • 显示nve vni
  • show run接口nve1
  • 显示nve内部平台接口的详细信息(仅9K)
  • show mac address-table
  • show ip mroute详细信息

示例输出

这些输出在稳定状态。VTEP对等体互相发现,并且流量通过在两个在encap和decap方向之间。

3172-A

3172-A# show nve peers
Interface          Peer-IP           Peer-State
----------------   ---------------   -------------
nve1               192.168.2.1        Up         

3712-A# show nve vni
Interface          VNI        Multicast-group   VNI State
----------------   --------   ---------------   ---------
nve1               160010     231.1.1.1         Up  
nve1               160020     231.1.1.1         Up            

3172-A# show run interface nve1

!Command: show running-config interface nve1
!Time: Sat Apr 25 15:09:13 2015

version 6.0(2)U5(1)

interface nve1
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1
  no shutdown

3172-A# show nve internal platform interface detail

3172-A# show mac address-table vlan 10
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since first seen,+ - primary entry using vPC Peer-Link
   VLAN     MAC Address      Type      age     Secure NTFY   Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
* 10       0000.1111.1111    dynamic   5030       F    F  Eth1/48
* 10       0000.2222.2222    dynamic   5010       F    F  nve1(192.168.2.1)

3172-A# show ip mroute detail
IP Multicast Routing Table for VRF "default"

Total number of routes: 3
Total number of (*,G) routes: 1
Total number of (S,G) routes: 1
Total number of (*,G-prefix) routes: 1

(*, 231.1.1.1/32), uptime: 3w3d, static(1) pim(0) ip(0)
  Stats: 15/1539 [Packets/Bytes], 0.000   bps
  Incoming interface: Ethernet1/3, RPF nbr: 192.168.1.9, uptime: 1w0d
  Outgoing interface list: (count: 1)
    loopback1, uptime: 3w3d, static

(192.168.2.5/32, 231.1.1.1/32), uptime: 3w3d, ip(0) mrib(1) pim(1)
  Stats: 142751/9136064 [Packets/Bytes], 34.133  bps
  Incoming interface: loopback1, RPF nbr: 192.168.2.5, uptime: 3w3d
  Outgoing interface list: (count: 2)
    Ethernet1/3, uptime: 1w0d, pim
    loopback1, uptime: 3w3d, mrib, (RPF)

(*, 232.0.0.0/8), uptime: 3w3d, pim(0) ip(0)
  Stats: 0/0 [Packets/Bytes], 0.000   bps
  Incoming interface: Null, RPF nbr: 0.0.0.0, uptime: 3w3d
  Outgoing interface list: (count: 0)

9396-A

9396-A# show nve peers
Interface Peer-IP          State LearnType Uptime   Router-Mac       
--------- ---------------  ----- --------- -------- -----------------
nve1      192.168.2.5      Up    DP        2d20h    n/a              

9396-A# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP
       
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      160010   231.1.1.1         Up    DP   L2 [10]    
nve1      160020   231.1.1.1         Up    DP   L2 [20]                              

9396-A# show run interface nve1

!Command: show running-config interface nve1
!Time: Sat Apr 25 15:20:45 2015

version 7.0(3)I1(1a)

interface nve1
  mtu 9216
  no shutdown
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1

9396-A# show nve internal platform interface detail
Printing details of all NVE Interfaces
|======|=========================|===============|===============|=====|=====|
|Intf  |State                    |PriIP          |SecIP          |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1  |UP                       |192.168.2.2    |192.168.2.1    |2    |1    |
|======|=========================|===============|===============|=====|=====|

SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|
|Sw BD |Vni   |State                    |Intf  |Type|Vrf-ID|
|======|======|=========================|======|====|======|
|10    |160010|UP                       |nve1  |DP  |0     
|20    |160020|UP                       |nve1  |DP  |0     
|======|======|=========================|======|====|======|
Peers of interface nve1:
============================================

peer_ip: 192.168.2.5, peer_id: 1, state: UP MAC-learning: Enabled
active_swbds:
add_pending_swbds:
rem_pending_swbds:

9396-A# show mac address-table vlan 10
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
+   10     0000.1111.1111   dynamic  0         F      F    nve1(192.168.2.5)
*   10     0000.2222.2222   dynamic  0         F      F    Po48
G    -     7c0e.ceca.f177   static   -         F      F    sup-eth1(R)

9396-A# show ip mroute detail
IP Multicast Routing Table for VRF "default"

Total number of routes: 4
Total number of (*,G) routes: 1
Total number of (S,G) routes: 2
Total number of (*,G-prefix) routes: 1

(*, 231.1.1.1/32), uptime: 2d21h, nve(1) ip(0) pim(0)
  Data Created: No
  Stats: 1/64 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.1
  Outgoing interface list: (count: 1)
    nve1, uptime: 2d21h, nve

(192.168.2.1/32, 231.1.1.1/32), uptime: 2d21h, nve(0) ip(0) mrib(0) pim(0)
  Data Created: Yes
  VXLAN Flags
    VXLAN Encap
  Stats: 1/51 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: loopback1, RPF nbr: 192.168.2.1
  Outgoing interface list: (count: 0)

(192.168.2.5/32, 231.1.1.1/32), uptime: 2d21h, ip(0) mrib(0) nve(1) pim(0)
  Data Created: Yes
  Stats: 16474/1370086 [Packets/Bytes], 13.600  bps
  Stats: Active Flow
  Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.1
  Outgoing interface list: (count: 1)
    nve1, uptime: 2d21h, nve

(*, 232.0.0.0/8), uptime: 2d21h, pim(0) ip(0)
  Data Created: No
  Stats: 0/0 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

9396-A# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1   
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success
Per-vlan consistency status       : success                       
Type-2 consistency status         : success
vPC role                          : secondary                     
Number of vPCs configured         : 1   
Peer Gateway                      : Enabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po1    up     1,10,20                                               

vPC status
----------------------------------------------------------------------
id   Port   Status Consistency Reason                     Active vlans
--   ----   ------ ----------- ------                     ------------
48   Po48   up     success     success                    1,10

9396-B

9396-B# show nve peers 
Interface Peer-IP          State LearnType Uptime   Router-Mac       
--------- ---------------  ----- --------- -------- -----------------
nve1      192.168.2.5      Up    DP        1w0d     n/a              

9396-B# show nve vni
Codes: CP - Control Plane        DP - Data Plane          
       UC - Unconfigured         SA - Suppress ARP
       
Interface VNI      Multicast-group   State Mode Type [BD/VRF]      Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1      160010   231.1.1.1         Up    DP   L2 [10]  
nve1      160020   231.1.1.1         Up    DP   L2 [20]                                

9396-B# show run interface nve1

!Command: show running-config interface nve1
!Time: Sat Apr 25 15:23:25 2015

version 7.0(3)I1(1b)

interface nve1
  mtu 9216
  no shutdown
  source-interface loopback1
  member vni 160010 mcast-group 231.1.1.1
  member vni 160020 mcast-group 231.1.1.1
 
9396-B# show nve internal platform interface detail
Printing details of all NVE Interfaces
|======|=========================|===============|===============|=====|=====|
|Intf  |State                    |PriIP          |SecIP          |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1  |UP                       |192.168.2.3    |192.168.2.1    |2    |1    |
|======|=========================|===============|===============|=====|=====|

SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|
|Sw BD |Vni   |State                    |Intf  |Type|Vrf-ID|
|======|======|=========================|======|====|======|
|10    |160010|UP                       |nve1  |DP  |0     
|20    |160020|UP                       |nve1  |DP  |0     
|======|======|=========================|======|====|======|
Peers of interface nve1:
============================================

peer_ip: 192.168.2.5, peer_id: 1, state: UP MAC-learning: Enabled
active_swbds:
add_pending_swbds:
rem_pending_swbds:

9396-B# show mac address-table vlan 10
Legend:
        * - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
        age - seconds since last seen,+ - primary entry using vPC Peer-Link,
        (T) - True, (F) - False
   VLAN     MAC Address      Type      age     Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
*   10     0000.1111.1111   dynamic  0         F      F    nve1(192.168.2.5)
+   10     0000.2222.2222   dynamic  0         F      F    Po48
G    -     58f3.9ca3.64dd   static   -         F      F    sup-eth1(R)

9396-B# show ip mroute detail
IP Multicast Routing Table for VRF "default"

Total number of routes: 4
Total number of (*,G) routes: 1
Total number of (S,G) routes: 2
Total number of (*,G-prefix) routes: 1

(*, 231.1.1.1/32), uptime: 2w1d, nve(1) ip(0) pim(0)
  Data Created: No
  VXLAN Flags
    VXLAN Decap
  VPC Flags
    RPF-Source Forwarder
  Stats: 1/64 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.5
  Outgoing interface list: (count: 1)
    nve1, uptime: 2w1d, nve

(192.168.2.1/32, 231.1.1.1/32), uptime: 2w1d, nve(0) ip(0) mrib(0) pim(1)
  Data Created: Yes
  VXLAN Flags
    VXLAN Encap
  VPC Flags
    RPF-Source Forwarder
  Stats: 5/511 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: loopback1, RPF nbr: 192.168.2.1
  Outgoing interface list: (count: 1)
    Ethernet1/7, uptime: 1w0d, pim

(192.168.2.5/32, 231.1.1.1/32), uptime: 2w1d, ip(0) mrib(0) pim(0) nve(1)
  Data Created: Yes
  VXLAN Flags
    VXLAN Decap
  VPC Flags
    RPF-Source Forwarder
  Stats: 86621/7241564 [Packets/Bytes], 13.600  bps
  Stats: Active Flow
  Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.5
  Outgoing interface list: (count: 1)
    nve1, uptime: 2w1d, nve

(*, 232.0.0.0/8), uptime: 2w1d, pim(0) ip(0)
  Data Created: No
  Stats: 0/0 [Packets/Bytes], 0.000   bps
  Stats: Inactive Flow
  Incoming interface: Null, RPF nbr: 0.0.0.0
  Outgoing interface list: (count: 0)

9396-B# show vpc
Legend:
                (*) - local vPC is down, forwarding via vPC peer-link

vPC domain id                     : 1   
Peer status                       : peer adjacency formed ok      
vPC keep-alive status             : peer is alive                 
Configuration consistency status  : success
Per-vlan consistency status       : success                       
Type-2 consistency status         : success
vPC role                          : primary                       
Number of vPCs configured         : 1   
Peer Gateway                      : Enabled
Dual-active excluded VLANs        : -
Graceful Consistency Check        : Enabled
Auto-recovery status              : Disabled

vPC Peer-link status
---------------------------------------------------------------------
id   Port   Status Active vlans    
--   ----   ------ --------------------------------------------------
1    Po1    up     1,10,20                                               

vPC status
----------------------------------------------------------------------
id   Port   Status Consistency Reason                     Active vlans
--   ----   ------ ----------- ------                     ------------
48   Po48   up     success     success                    1,10

VXLAN数据包捕获

数据包捕获(PCAP)是从上一个拓扑并且包含OSPF hello、PIM加入/登记和VXLAN封装的数据流在网络图中显示的toplogy。您将注意某互联网控制消息协议(ICMP)标志例如‘无响应’。这归结于在RP完成的监控会话的本质。

监控会话包括接口Eth4/17-18和Eth4/20,因此它投掷Wireshark一些。重要信息是格式和标志。

注意:封装数据包(二赖子或者已知单播)从VTEP环回IP来源被注定对远程VTEP环回IP。这是在所有vPC VTEPs的附属环回IP。

二赖子流量将被注定给mcast组。

单播流量将被注定对远程VTEP环回IP。

VXLAN PCAP

故障排除

目前没有针对此配置的故障排除信息。

相关信息


相关的思科支持社区讨论

思科支持社区是您提问、解答问题、分享建议以及与工作伙伴协作的论坛。


Document ID: 118978