配置在Cisco IOS XE设备的VXLAN功能
目录
简介
虚拟可扩展LAN (VXLAN)变为普遍作为数据中心互连(DCI)解决方案。VXLAN功能用于提供在Layer-3/Public路由域的第2层分机。本文讨论基本配置和故障排除在Cisco IOS XE设备。
配置和验证本文盖板两方案的部分:
- 场景A描述在三个数据中心之间的一VXLAN配置在组播模式。
- 情形B描述在两个数据中心之间的一VXLAN配置在单播模式。
先决条件
要求
Cisco 建议您了解以下主题:
- DCI重叠和组播基本的了解
使用的组件
本文档中的信息基于以下软件和硬件版本:
- ASR1004运行软件03.16.00.S
- CSR100v(VXE)运行软件3.16.03.S
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您的网络处于活动状态,请确保您了解所有命令的潜在影响。
配置
场景 A:配置在三个数据中心之间的VXLAN在组播模式
基本配置
组播模式要求单播和组播连接站点之间。此配置指南使用开放最短路径优先(OSPF)提供单播连接和双向协议独立组播(PIM)提供组播连接。
这是在所有三个数据中心的基本配置组播操作模式的:
! DC1#show run | sec ospf router ospf 1 network 1.1.1.1 0.0.0.0 area 0 network 10.10.10.4 0.0.0.3 area 0
!
PIM双向配置:
!
DC1#show run | sec pim ip pim bidir-enable ip pim send-rp-discovery scope 10 ip pim bsr-candidate Loopback1 0 ip pim rp-candidate Loopback1 group-list 10 bidir ! access-list 10 permit 239.0.0.0 0.0.0.255
!
DC1#
!
另外, PIM稀疏模式启用在所有L3接口下,包括环回:
!
DC1#show run interface lo1 Building configuration... Current configuration : 83 bytes ! interface Loopback1 ip address 1.1.1.1 255.255.255.255 ip pim sparse-mode end
并且请保证组播路由在您的设备启用,并且您参见填充的组播mroute表。
网络图
DC1(VTEP1)配置
! ! Vxlan udp port 1024 ! Interface Loopback1 ip address 1.1.1.1 255.255.255.255 ip pim sparse-mode !
定义VNI成员和成员接口在域配置下:
! bridge-domain 1 member vni 6001 member FastEthernet0/1/7 service-instance 1 !
创建网络虚拟接口(NVE)并且定义需要在广域网被扩展对其他数据中心的VNI成员:
! interface nve1 no ip address shut member vni 6001 mcast-group 239.0.0.10 ! source-interface Loopback1 !
创建在LAN接口(即连接LAN网络)的接口的服务实例覆盖特定VLAN (802.1q标记的数据流) -在这种情况下, VLAN1:
! interface FastEthernet0/1/7 no ip address negotiation auto cdp enable no shut !
在发送在重叠间的流量前删除VLAN标记,并且推送它,在回程数据流发送到VLAN后:
! service instance 1 ethernet encapsulation unagged !
DC2(VTEP2)配置
! ! Vxlan udp port 1024 ! interface Loopback1 ip address 2.2.2.2 255.255.255.255 ip pim sparse-mode ! ! bridge-domain 1 member vni 6001 member FastEthernet0/1/3 service-instance 1 ! ! interface nve1 no ip address member vni 6001 mcast-group 239.0.0.10 ! source-interface Loopback1 shut ! ! interface FastEthernet0/1/3 no ip address negotiation auto cdp enable no shut ! service instance 1 ethernet encapsulation untagged !
DC3(VTEP3)配置
! ! Vxlan udp port 1024 ! interface Loopback1 ip address 3.3.3.3 255.255.255.255 ip pim sparse-mode ! ! bridge-domain 1 member vni 6001 member GigabitEthernet2 service-instance 1 ! interface nve1 no ip address shut member vni 6001 mcast-group 239.0.0.10 ! source-interface Loopback1 ! interface gig2 no ip address negotiation auto cdp enable no shut ! service instance 1 ethernet encapsulation untagged !
情形B :配置在两个数据中心之间的VXLAN在单播模式
网络图
DC1配置
! interface nve1 no ip address member vni 6001 ! ingress replication shold be configured as peer data centers loopback IP address. ! ingress-replication 2.2.2.2 ! source-interface Loopback1 ! ! interface gig0/2/1 no ip address negotiation auto cdp enable ! service instance 1 ethernet encapsulation untagged ! ! ! bridge-domain 1 member vni 6001 member gig0/2/1 service-instance 1
DC2配置
! interface nve1 no ip address member vni 6001 ingress-replication 1.1.1.1 ! source-interface Loopback1 ! ! interface gig5 no ip address negotiation auto cdp enable ! service instance 1 ethernet encapsulation untagged ! ! bridge-domain 1 member vni 6001 member gig5 service-instance 1
验证
场景 A:配置在三个数据中心之间的VXLAN在组播模式
在您完成场景A的后配置,连接的主机在每个数据中心应该能在同一广播域内互相到达。
请使用这些命令验证配置。一些示例提供在情形B下。
Router#show nve vni Router#show nve vni interface nve1 Router#show nve interface nve1 Router#show nve interface nve1 detail Router#show nve peers
情形B :配置在两个数据中心之间的VXLAN在单播模式
在DC1 :
DC1#show nve vni Interface VNI Multicast-group VNI state nve1 6001 N/A Up DC1#show nve interface nve1 detail Interface: nve1, State: Admin Up, Oper Up Encapsulation: Vxlan source-interface: Loopback1 (primary:1.1.1.1 vrf:0) Pkts In Bytes In Pkts Out Bytes Out 60129 6593586 55067 5303698 DC1#show nve peers Interface Peer-IP VNI Peer state nve1 2.2.2.2 6000 -
在DC2 :
DC2#show nve vni
Interface VNI Multicast-group VNI state
nve1 6000 N/A Up
DC2#show nve interface nve1 detail
Interface: nve1, State: Admin Up, Oper Up Encapsulation: Vxlan
source-interface: Loopback1 (primary:2.2.2.2 vrf:0)
Pkts In Bytes In Pkts Out Bytes Out
70408 7921636 44840 3950835
DC2#show nve peers
Interface Peer-IP VNI Peer state
nve 1 1.1.1.1 6000 Up
DC2#show bridge-domain 1
Bridge-domain 1 (3 ports in all)
State: UP Mac learning: Enabled
Aging-Timer: 300 second(s)
BDI1 (up)
GigabitEthernet0/2/1 service instance 1
vni 6001
AED MAC address Policy Tag Age Pseudoport
0 7CAD.74FF.2F66 forward dynamic 281 nve1.VNI6001, VxLAN src: 1.1.1.1 dst: 2.2.2.2
0 B838.6130.DA80 forward dynamic 288 nve1.VNI6001, VxLAN src: 1.1.1.1 dst: 2.2.2.2
0 0050.56AD.1AD8 forward dynamic 157 nve1.VNI6001, VxLAN src: 1.1.1.1 dst: 2.2.2.2
故障排除
在Verify部分描述的命令提供基本故障排除步骤。当系统不工作时,这些另外的诊断可以是有用。
注意:一些这些诊断能导致增加的内存和CPU利用率。
调试诊断
#debug nve error
*Jan 4 20:00:54.993: NVE-MGR-PEER ERROR: Intf state force down successful for mcast nodes cast nodes
*Jan 4 20:00:54.993: NVE-MGR-PEER ERROR: Intf state force down successful for mcast nodes cast nodes
*Jan 4 20:00:54.995: NVE-MGR-PEER ERROR: Intf state force down successful for peer nodes eer nodes
*Jan 4 20:00:54.995: NVE-MGR-PEER ERROR: Intf state force down successful for peer nodes
#show nve log error
[01/01/70 00:04:34.130 UTC 1 3] NVE-MGR-STATE ERROR: vni 6001: error in create notification to Tunnel
[01/01/70 00:04:34.314 UTC 2 3] NVE-MGR-PEER ERROR: Intf state force up successful for mcast nodes
[01/01/70 00:04:34.326 UTC 3 3] NVE-MGR-PEER ERROR: Intf state force up successful for peer nodes
[01/01/70 01:50:59.650 UTC 4 3] NVE-MGR-PEER ERROR: Intf state force down successful for mcast nodes
[01/01/70 01:50:59.654 UTC 5 3] NVE-MGR-PEER ERROR: Intf state force down successful for peer nodes
[01/01/70 01:50:59.701 UTC 6 3] NVE-MGR-PEER ERROR: Intf state force up successful for mcast nodes
[01/01/70 01:50:59.705 UTC 7 3] NVE-MGR-PEER ERROR: Intf state force up successful for peer nodes
[01/01/70 01:54:55.166 UTC 8 61] NVE-MGR-PEER ERROR: Intf state force down successful for mcast nodes
[01/01/70 01:54:55.168 UTC 9 61] NVE-MGR-PEER ERROR: Intf state force down successful for peer nodes
[01/01/70 01:55:04.432 UTC A 3] NVE-MGR-PEER ERROR: Intf state force up successful for mcast nodes
[01/01/70 01:55:04.434 UTC B 3] NVE-MGR-PEER ERROR: Intf state force up successful for peer nodes
[01/01/70 01:55:37.670 UTC C 61] NVE-MGR-PEER ERROR: Intf state force down successful for mcast nodes
#show nve log event
[01/04/70 19:48:51.883 UTC 1DD16 68] NVE-MGR-DB: Return vni 6001 for pi_hdl[0x437C9B68]
[01/04/70 19:48:51.884 UTC 1DD17 68] NVE-MGR-DB: Return pd_hdl[0x1020010] for pi_hdl[0x437C9B68]
[01/04/70 19:48:51.884 UTC 1DD18 68] NVE-MGR-DB: Return vni 6001 for pi_hdl[0x437C9B68]
[01/04/70 19:49:01.884 UTC 1DD19 68] NVE-MGR-DB: Return pd_hdl[0x1020010] for pi_hdl[0x437C9B68]
[01/04/70 19:49:01.884 UTC 1DD1A 68] NVE-MGR-DB: Return vni 6001 for pi_hdl[0x437C9B68]
[01/04/70 19:49:01.885 UTC 1DD1B 68] NVE-MGR-DB: Return pd_hdl[0x1020010] for pi_hdl[0x437C9B68]
[01/04/70 19:49:01.885 UTC 1DD1C 68] NVE-MGR-DB: Return vni 6001 for pi_hdl[0x437C9B68]
[01/04/70 19:49:11.886 UTC 1DD1D 68] NVE-MGR-DB: Return pd_hdl[0x1020010] for pi_hdl[0x437C9B68]
[01/04/70 19:49:11.886 UTC 1DD1E 68] NVE-MGR-DB: Return vni 6001 for pi_hdl[0x437C9B68]
[01/04/70 19:49:11.887 UTC 1DD1F 68] NVE-MGR-DB: Return pd_hdl[0x1020010] for pi_hdl[0x437C9B68]
[01/04/70 19:49:11.887 UTC 1DD20 68] NVE-MGR-DB: Return vni 6001 for pi_hdl[0x437C9B68]
[01/04/70 19:49:21.884 UTC 1DD21 68] NVE-MGR-DB: Return pd_hdl[0x1020010] for pi_hdl[0x437C9B68]
嵌入式数据包捕获
是可用的在Cisco IOS XE软件的嵌入式数据包捕获(EPC)功能能为排除故障提供其他信息。
例如, VXLAN解释数据包被封装的此捕获:
EPC配置(TEST_ACL是access-list用于的过滤捕获数据) :
#monitor capture TEST access-list TEST_ACL interface gigabitEthernet0/2/0 both
#monitor capture TEST buffer size 10
#monitor capture TEST start
这是发生的数据包转储:
# show monitor capture TEST buffer dump
# monitor capture TEST export bootflash:TEST.pcap // with this command
you can export the capture in pcap format to the bootflash,
which can be downloaded and opened in wireshark.
这是解释的示例简单互联网控制消息协议(ICMP)如何在VXLAN工作。
在VXLAN发送的地址解析服务(ARP)被覆盖:
ARP响应:
ICMP请求:
ICMP答复:
另外的调试和故障排除命令
此部分描述更多一些调试和故障排除命令。
在本例中,调试的选中项目部分显示NVE接口不可能参加组播组。所以, VXLAN封装未为VNI 6002启用。这些调试结果指向组播在网络的问题。
#debug nve all
*Jan 5 06:13:55.844: NVE-MGR-DB: creating mcast node for 239.0.0.10
*Jan 5 06:13:55.846: NVE-MGR-MCAST: IGMP add for (0.0.0.0,239.0.0.10) was failure
*Jan 5 06:13:55.846: NVE-MGR-DB ERROR: Unable to join mcast core tree
*Jan 5 06:13:55.846: NVE-MGR-DB ERROR: Unable to join mcast core tree
*Jan 5 06:13:55.846: NVE-MGR-STATE ERROR: vni 6002: error in create notification to mcast
*Jan 5 06:13:55.846: NVE-MGR-STATE ERROR: vni 6002: error in create notification to mcast
*Jan 5 06:13:55.849: NVE-MGR-TUNNEL: Tunnel Endpoint 239.0.0.10 added
*Jan 5 06:13:55.849: NVE-MGR-TUNNEL: Endpoint 239.0.0.10 added
*Jan 5 06:13:55.851: NVE-MGR-EI: Notifying BD engine of VNI 6002 create
*Jan 5 06:13:55.857: NVE-MGR-DB: Return vni 6002 for pi_hdl[0x437C9B28]
*Jan 5 06:13:55.857: NVE-MGR-EI: VNI 6002: BD state changed to up, vni state to Down
这是一次将被发送VNI参加mcast组的互联网组管理协议(IGMP)成员报告:
此示例显示预计调试结果,在您配置VNI在组播模式的后NVE下,如果组播工作正如所料:
*Jan 5 06:19:20.335: NVE-MGR-DB: [IF 0x14]VNI node creation
*Jan 5 06:19:20.335: NVE-MGR-DB: VNI Node created [437C9B28]
*Jan 5 06:19:20.336: NVE-MGR-PD: VNI 6002 create notification to PD
*Jan 5 06:19:20.336: NVE-MGR-PD: VNI 6002 Create notif successful, map [pd 0x1020017] to [pi 0x437C9B28]
*Jan 5 06:19:20.336: NVE-MGR-DB: creating mcast node for 239.0.0.10
*Jan 5 06:19:20.342: NVE-MGR-MCAST: IGMP add for (0.0.0.0,239.0.0.10) was successful
*Jan 5 06:19:20.345: NVE-MGR-TUNNEL: Tunnel Endpoint 239.0.0.10 added
*Jan 5 06:19:20.345: NVE-MGR-TUNNEL: Endpoint 239.0.0.10 added
*Jan 5 06:19:20.347: NVE-MGR-EI: Notifying BD engine of VNI 6002 create
*Jan 5 06:19:20.347: NVE-MGR-DB: Return pd_hdl[0x1020017] for pi_hdl[0x437C9B28]
*Jan 5 06:19:20.347: NVE-MGR-DB: Return vni 6002 for pi_hdl[0x437C9B28]
*Jan 5 06:19:20.349: NVE-MGR-DB: Return vni state Create for pi_hdl[0x437C9B28]
*Jan 5 06:19:20.349: NVE-MGR-DB: Return vni state Create for pi_hdl[0x437C9B28]
*Jan 5 06:19:20.349: NVE-MGR-DB: Return vni 6002 for pi_hdl[0x437C9B28]
*Jan 5 06:19:20.351: NVE-MGR-EI: L2FIB query for info 0x437C9B28
*Jan 5 06:19:20.351: NVE-MGR-EI: PP up notification for bd_id 3
*Jan 5 06:19:20.351: NVE-MGR-DB: Return vni 6002 for pi_hdl[0x437C9B28]
*Jan 5 06:19:20.352: NVE-MGR-STATE: vni 6002: Notify clients of state change Create to Up
*Jan 5 06:19:20.352: NVE-MGR-DB: Return vni 6002 for pi_hdl[0x437C9B28]
*Jan 5 06:19:20.353: NVE-MGR-PD: VNI 6002 Create to Up State update to PD successful
*Jan 5 06:19:20.353: NVE-MGR-EI: VNI 6002: BD state changed to up, vni state to Up
*Jan 5 06:19:20.353: NVE-MGR-STATE: vni 6002: No state change Up
*Jan 5 06:19:20.353: NVE-MGR-STATE: vni 6002: New State as a result of create Up
相关信息
反馈