- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
00-S12500_EVI典型配置举例
本章节下载: 00-S12500_EVI典型配置举例 (273.61 KB)
目 录
本文档介绍了EVI+MDC和EVI+IRF的配置举例。
EVI(Ethernet Virtualization Interconnect,以太网虚拟化互联)是一种先进的“MAC in IP”技术,是一种基于IP核心网的二层VPN技术。它可以基于现有的服务提供商网络和企业网络,为分散的物理站点提供二层互联功能,实现虚拟机在不同站点之间的自由迁移并且无需改变站点内部和IP核心网络的路由及转发信息。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文假设您已了解EVI、MDC和IRF特性。
本地EVI边缘设备不支持作为对端数据中心的网关。
如图1所示,某公司由于用户数量急剧增加,已超过公司服务器的上限,公司网络部决定扩大数据中心规模,在两个不同的地区设立数据中心,并要求采用EVI技术实现数据中心之间VLAN1000的互连。具体要求如下:
· 两个数据中心的VLAN1000通过运营商(运营商为三层IP网络)实现二层互连;
· 不同数据中心之间的资源能动态调配和管理,数据业务和服务器能自由迁移,数据迁移过程对用户透明,并且迁移过程中不改变数据业务和服务器的IP地址(否则用户的访问流量会中断);
· 为减少项目管理和维护成本,要求采用MDC技术将公网接入设备虚拟成两台独立的设备。其中一台作为EVI的边缘设备,另一台作为EVI扩展VLAN的三层网关。
图1 EVI+MDC典型配置组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
MDCA1 |
Loop0 |
1.1.1.1/32 |
MDCB1 |
Loop0 |
2.2.2.2/32 |
|
|
Vlan-int10 |
10.1.1.1/24 |
|
Vlan-int10 |
10.1.2.1/24 |
|
MDCA2 |
Vlan-int11 |
11.1.1.1/24 |
MDCB2 |
Vlan-int11 |
11.1.2.1/24 |
|
|
Vlan-int1000 |
100.0.0.1/24 |
|
Vlan-int1000 |
100.0.0.2/24 |
· 为实现两个数据中心之间VLAN1000的二层互通,需要在MDCA1和MDCB1之间建立EVI网络,并将VLAN 1000配置成扩展VLAN;
· 为实现当数据业务和服务器在迁移过程中无需修改IP地址和网关,需要将MDCA2和MDCB2加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;
· 为实现MDCA2和MDCB2之间的VRRP协议报文能够透传,需要在MDCA1和MDCB1上配置选择性泛洪,允许VRRP的协议报文通过EVI网络传递到对端数据中心的网关。
本举例是在S12500-CMW710-R7129版本上进行配置和验证的。
· 同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;
· 同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;
· 不同的EVI网络实例不能使用相同的扩展VLAN。
· 不能使用Vlan-interface1作为EVI边缘设备的公网接口;
· EVI扩展VLAN的VLAN接口不支持作为公网出接口。
如果在动态MAC地址表项老化时间内本地EVI边缘设备没有接收到对端数据中心的报文,那么本地EVI边缘设备上的动态MAC地址表项不会主动触发学习更新,直到该表项老化被删除。此时,发给对端数据中心的报文会因为在本地EVI边缘设备的MAC地址表中找不到对应表项而被丢弃,造成流量黑洞。只有当EVI边缘设备学习ARP表项时才能同时触发更新动态MAC地址表项。
为了避免流量黑洞的产生,需要配置MAC地址表项老化时间不小于动态ARP表项老化时间。缺省情况下,S12500的动态ARP表项老化时间为25分钟,动态MAC地址表项老化时间为5分钟。因此,建议您修改动态MAC地址表项的老化时间为30分钟。
# 将Switch A划分成两个MDC,其中MDCA1直接使用缺省MDC,作为数据中心Site1的EVI边缘设备;MDCA2使用非缺省MDC,作为Site1的网关。
<SwitchA> system-view
[SwitchA] sysname MDCA1
[MDCA1] mdc MDCA2
[MDCA1-mdc-2-MDCA2] location slot 2
[MDCA1-mdc-2-MDCA2] allocate interface gigabitethernet 2/0/1 to gigabitethernet 2/0/48
[MDCA1-mdc-2-MDCA2] mdc start
[MDCA1-mdc-2-MDCA2] quit
(1) 配置MDCA1上各接口的IP地址及路由协议
# 配置MDCA1的公网接口(即EVI边缘设备的公网接口)。
[MDCA1] vlan 10
[MDCA1-vlan10] quit
[MDCA1] interface gigabitethernet 3/0/1
[MDCA1-GigabitEthernet3/0/1] port access vlan 10
[MDCA1-GigabitEthernet3/0/1] evi enable
[MDCA1-GigabitEthernet3/0/1] undo shutdown
[MDCA1-GigabitEthernet3/0/1] quit
[MDCA1] interface Vlan-interface 10
[MDCA1-Vlan-interface10] ip address 10.1.1.1 24
[MDCA1-Vlan-interface10] undo shutdown
[MDCA1-Vlan-interface10] quit
# 配置MDCA1的扩展VLAN接口。
[MDCA1] vlan 1000
[MDCA1-vlan1000] quit
[MDCA1] interface gigabitethernet 3/0/2
[MDCA1-GigabitEthernet3/0/2] port link-type trunk
[MDCA1-GigabitEthernet3/0/2] port trunk permit vlan 1000
[MDCA1-GigabitEthernet3/0/2] undo shutdown
[MDCA1-GigabitEthernet3/0/2] quit
# 创建Loopback接口,作为EVI隧道的源接口。
[MDCA1] interface LoopBack 0
[MDCA1-LoopBack0] ip address 1.1.1.1 32
[MDCA1-LoopBack0] quit
# 配置OSPF路由协议,发布公网路由。
[MDCA1] ospf 1
[MDCA1-ospf-1] area 0
[MDCA1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[MDCA1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[MDCA1-ospf-1-area-0.0.0.0] quit
[MDCA1-ospf-1] quit
(2) 配置EVI隧道
# 建立EVI隧道。
[MDCA1] interface Tunnel 1 mode evi
[MDCA1-Tunnel1] source LoopBack 0
[MDCA1-Tunnel1] evi network-id 1
[MDCA1-Tunnel1] evi neighbor-discovery server enable
[MDCA1-Tunnel1] evi-isis extend-vlan 1000
[MDCA1-Tunnel1] quit
# 配置MAC地址表项的老化时间为30分钟。
[MDCA1] mac-address timer aging 1800
# 配置ARP泛洪抑制功能,可以减少EVI隧道中ARP泛洪的次数。
[MDCA1] interface Tunnel 1 mode evi
[MDCA1-Tunnel1] evi arp-suppression enable
# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端。
[MDCA1-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
[MDCA1-Tunnel1] quit
# 登录到MDCA2,并将MDCA2的系统名称改成“MDCA2”。
[MDCA1] switchto MDCA2
<Sysname> system-view
[Sysname] sysname MDCA2
[MDCA2]
(1) 配置MDCA2上各接口的IP地址及路由协议
# 配置MDCA2的公网接口。
[MDCA2] vlan 11
[MDCA2-vlan11] quit
[MDCA2] interface Vlan-interface 11
[MDCA2-Vlan-interface11] ip address 11.1.1.1 24
[MDCA2-Vlan-interface11] undo shutdown
[MDCA2-Vlan-interface11] quit
[MDCA2] interface gigabitethernet 2/0/48
[MDCA2-GigabitEthernet2/0/48] port access vlan 11
[MDCA2-GigabitEthernet2/0/48] undo shutdown
[MDCA2-GigabitEthernet2/0/48] quit
# 配置OSPF路由协议,发布公网路由。
[MDCA2] ospf 1
[MDCA2-ospf-1] area 0
[MDCA2-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[MDCA2-ospf-1-area-0.0.0.0] quit
[MDCA2-ospf-1] quit
# 配置MDCA2为Site 1扩展VLAN1000的网关。
[MDCA2] vlan 1000
[MDCA2-vlan1000] quit
[MDCA2] interface Vlan-interface 1000
[MDCA2-Vlan-interface1000] ip address 100.0.0.1 24
[MDCA2-Vlan-interface1000] undo shutdown
[MDCA2-Vlan-interface1000] quit
[MDCA2] interface gigabitethernet 2/0/2
[MDCA2-GigabitEthernet2/0/2] port link-type trunk
[MDCA2-GigabitEthernet2/0/2] port trunk permit vlan 1000
[MDCA2-GigabitEthernet2/0/2] undo shutdown
[MDCA2-GigabitEthernet2/0/2] quit
[MDCA2] interface gigabitethernet 2/0/10
[MDCA2-GigabitEthernet2/0/10] port link-type trunk
[MDCA2-GigabitEthernet2/0/10] port trunk permit vlan 1000
[MDCA2-GigabitEthernet2/0/10] undo shutdown
[MDCA2-GigabitEthernet2/0/10] quit
(2) 配置MDCA2加入VRRP备份
# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。
[MDCA2] interface Vlan-interface 1000
[MDCA2-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254
# 为使MDCA2成为Master,配置MDCA2在备份组中的优先级为110,高于MDCB2(MDCB2的优先级采用缺省值100)。
[MDCA2-Vlan-interface1000] vrrp vrid 1 priority 110
[MDCA2-Vlan-interface1000] quit
# 将Switch B划分成两个MDC,其中MDCB1直接使用缺省MDC,作为数据中心Site2的EVI边缘设备;MDCB2使用非缺省MDC,作为Site2的网关。
<SwitchB> system-view
[SwitchB] sysname MDCB1
[MDCB1] mdc MDCB2
[MDCB1-mdc-2-MDCB2] location slot 2
[MDCB1-mdc-2-MDCB2] allocate interface gigabitethernet 2/0/1 to gigabitethernet 2/0/48
[MDCB1-mdc-2-MDCB2] mdc start
[MDCB1-mdc-2-MDCB2] quit
(1) 配置MDCB1上各接口的IP地址及路由协议
# 配置MDCB1的公网接口(即EVI边缘设备的公网接口)。
[MDCB1] vlan 10
[MDCB1-vlan10] quit
[MDCB1] interface gigabitethernet 3/0/1
[MDCB1-GigabitEthernet3/0/1] port access vlan 10
[MDCB1-GigabitEthernet3/0/1] evi enable
[MDCB1-GigabitEthernet3/0/1] undo shutdown
[MDCB1-GigabitEthernet3/0/1] quit
[MDCB1] interface Vlan-interface 10
[MDCB1-Vlan-interface10] ip address 10.1.2.1 24
[MDCB1-Vlan-interface10] undo shutdown
[MDCB1-Vlan-interface10] quit
# 配置MDCB1的扩展VLAN接口。
[MDCB1] vlan 1000
[MDCB1-vlan1000] quit
[MDCB1] interface gigabitethernet 3/0/2
[MDCB1-GigabitEthernet3/0/2] port link-type trunk
[MDCB1-GigabitEthernet3/0/2] port trunk permit vlan 1000
[MDCB1-GigabitEthernet3/0/2] undo shutdown
[MDCB1-GigabitEthernet3/0/2] quit
# 创建Loopback接口,作为EVI隧道的源接口。
[MDCB1]interface LoopBack 0
[MDCB1-LoopBack0] ip address 2.2.2.2 32
[MDCB1-LoopBack0] quit
# 配置OSPF路由协议,发布公网路由。
[MDCB1] ospf 1
[MDCB1-ospf-1] area 0
[MDCB1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[MDCB1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[MDCB1-ospf-1-area-0.0.0.0] quit
[MDCB1-ospf-1] quit
(2) 配置EVI隧道
# 建立EVI隧道。
[MDCB1] interface Tunnel 1 mode evi
[MDCB1-Tunnel1] source LoopBack 0
[MDCB1-Tunnel1] evi network-id 1
[MDCB1-Tunnel1] evi neighbor-discovery client enable 1.1.1.1
[MDCB1-Tunnel1] evi-isis extend-vlan 1000
[MDCB1-Tunnel1] quit
# 配置MAC地址表项的老化时间为30分钟。
[MDCB1] mac-address timer aging 1800
# 配置ARP泛洪抑制功能,可以减少EVI隧道中ARP泛洪的次数。
[MDCB1] interface Tunnel 1 mode evi
[MDCB1-Tunnel1] evi arp-suppression enable
# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端。
[MDCB1-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
[MDCB1-Tunnel1] quit
# 登录到MDCB2,并将MDCB2的系统名称改成“MDCB2”。
[MDCB1] switchto MDCB2
<Sysname> system-view
[Sysname] sysname MDCB2
[MDCB2]
(1) 配置MDCB2上各接口的IP地址及路由协议
# 配置MDC2的公网接口。
[MDCB2] vlan 11
[MDCB2-vlan11] quit
[MDCB2] interface Vlan-interface 11
[MDCB2-Vlan-interface11] ip address 11.1.2.1 24
[MDCB2-Vlan-interface11] undo shutdown
[MDCB2-Vlan-interface11] quit
[MDCB2] interface gigabitethernet 2/0/48
[MDCB2-GigabitEthernet2/0/48] port access vlan 11
[MDCB2-GigabitEthernet2/0/48] undo shutdown
[MDCB2-GigabitEthernet2/0/48] quit
# 配置OSPF路由协议,发布公网路由。
[MDCB2] ospf 1
[MDCB2-ospf-1] area 0
[MDCB2-ospf-1-area-0.0.0.0] network 11.1.2.0 0.0.0.255
[MDCB2-ospf-1-area-0.0.0.0] quit
[MDCB2-ospf-1] quit
# 配置MDCB2为Site 2扩展VLAN1000的网关。
[MDCB2] vlan 1000
[MDCB2-vlan1000] quit
[MDCB2] interface Vlan-interface 1000
[MDCB2-Vlan-interface1000] ip address 100.0.0.2 24
[MDCB2-Vlan-interface1000] undo shutdown
[MDCB2-Vlan-interface1000] quit
[MDCB2] interface gigabitethernet 2/0/2
[MDCB2-GigabitEthernet2/0/2] port link-type trunk
[MDCB2-GigabitEthernet2/0/2] port trunk permit vlan 1000
[MDCB2-GigabitEthernet2/0/2] undo shutdown
[MDCB2-GigabitEthernet2/0/2] quit
[MDCB2] interface gigabitethernet 2/0/10
[MDCB2-GigabitEthernet2/0/10] port link-type trunk
[MDCB2-GigabitEthernet2/0/10] port trunk permit vlan 1000
[MDCB2-GigabitEthernet2/0/10] undo shutdown
[MDCB2-GigabitEthernet2/0/10] quit
(2) 配置MDCA2加入VRRP备份组
# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。
[MDCB2] interface Vlan-interface 1000
[MDCB2-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254
[MDCB2-Vlan-interface1000] quit
将Site 1中的某台服务器(IP地址为100.0.0.100)迁移至Site 2中,从外网ping这台服务器(IP地址不变),仍然可以ping通。
C:\>ping 100.0.0.100
Pinging 100.0.0.100 with 32 bytes of data:
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Reply from 100.0.0.100: bytes=32 time=37ms TTL=128
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Ping statistics for 100.0.0.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 37ms, Average = 10ms
C:\>
· MDCA1:
#
version 7.1.034, Release 7129
#
mdc Admin id 1
#
mdc MDCA2 id 2
location slot 2
mdc start
allocate interface gigabitethernet2/0/1 to GigabitEthernet2/0/48
#
sysname MDCA1
#
mac-address timer aging 1800
#
vlan 1
#
vlan 2 to 4094
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet3/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 10
evi enable
#
interface Tunnel1 mode evi
evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
evi arp-suppression enable
evi-isis extend-vlan 1000
source LoopBack0
evi network-id 1
evi neighbor-discovery server enable
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
scheduler logfile size 16
#
user-interface vty 0 15
user-role mdc-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
· MDCA2:
#
version 7.1.034, Release 7129
#
sysname MDCA2
#
vlan 1
#
vlan 2 to 4094
#
interface NULL0
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Vlan-interface1000
ip address 100.0.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 100.0.0.254
vrrp vrid 1 priority 110
#
interface GigabitEthernet2/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
interface GigabitEthernet2/0/10
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet2/0/48
port link-mode bridge
port access vlan 10
#
ospf 1
area 0.0.0.0
network 11.1.1.1 0.0.0.255
#
scheduler logfile size 16
#
user-interface aux 1
authentication-mode none
user-role network-admin
#
user-interface con 1
user-role network-admin
idle-timeout 0 0
#
user-interface vty 0 15
user-role network-operator
#
acl number 4001
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
· MDCB1:
#
version 7.1.034, Release 7129
#
mdc Admin id 1
#
mdc MDCB2 id 2
location slot 2
mdc start
allocate interface GigabitEthernet2/0/1 to GigabitEthernet2/0/48
#
sysname MDCB1
#
mac-address timer aging 1800
#
vlan 1
#
vlan 2 to 4094
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface10
ip address 10.1.2.1 255.255.255.0
#
interface GigabitEthernet3/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 10
evi enable
#
interface Tunnel1 mode evi
evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
evi arp-suppression enable
evi-isis extend-vlan 1000
source LoopBack0
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.2.0 0.0.0.255
#
scheduler logfile size 16
#
user-interface vty 0 15
user-role mdc-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
· MDCB2:
#
version 7.1.034, Release 7129
#
sysname MDCB2
#
vlan 1
#
vlan 2 to 4094
#
interface NULL0
#
interface Vlan-interface11
ip address 11.1.2.1 255.255.255.0
#
interface Vlan-interface1000
ip address 100.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 100.0.0.254
#
interface GigabitEthernet2/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
interface GigabitEthernet2/0/10
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet2/0/48
port link-mode bridge
port access vlan 10
#
ospf 1
area 0.0.0.0
network 11.1.2.1 0.0.0.255
#
scheduler logfile size 16
#
user-interface aux 1
authentication-mode none
user-role network-admin
#
user-interface con 1
user-role network-admin
idle-timeout 0 0
#
user-interface vty 0 15
user-role network-operator
#
acl number 4001
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
如图2所示,某公司由于用户数量急剧增加,已超过公司服务器的上限,公司网络部决定扩大数据中心规模,在两个不同的地区设立数据中心,并要求采用EVI技术实现数据中心之间VLAN1000的互连。具体要求如下:
· 两个数据中心的VLAN1000通过运营商(运营商为三层IP网络)实现二层互连;
· 不同数据中心之间的资源能动态调配和管理,数据业务和服务器能自由迁移,数据迁移过程对用户透明,并且迁移过程中不改变数据业务和服务器的IP地址(否则用户的访问流量会中断);
· 为提高EVI边缘设备的可靠性,要求使用IRF技术实现边缘设备的冗余,即使一台交换机出现故障,也不会影响整个数据中心的通信。
图2 EVI+IRF典型配置组网图
|
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
|
IRF A |
Loop0 |
1.1.1.1/32 |
IRFB |
Loop0 |
2.2.2.2/32 |
|
|
Vlan-int10 |
10.1.1.1/24 |
|
Vlan-int10 |
10.1.2.1/24 |
|
CE A |
Vlan-int11 |
11.1.1.1/24 |
CE B |
Vlan-int11 |
11.1.2.1/24 |
|
|
Vlan-int1000 |
100.0.0.1/24 |
|
Vlan-int1000 |
100.0.0.2/24 |
· 为实现两个数据中心之间VLAN1000的二层互通,需要在IRF A和 IRF B之间建立EVI网络,并将VLAN 1000配置成扩展VLAN;
· 为实现当数据业务和服务器在迁移过程中无需修改IP地址和网关,需要将数据中心Site1的网关CE A和Site2的网关CE B加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;
· 为实现CE A和CE B之间的VRRP协议报文能够透传,需要在CE A和CE B上配置选择性泛洪,允许VRRP的协议报文通过EVI网络传递到对端数据中心的网关。
本举例是在S12500-CMW710-R7129版本上进行配置和验证的。
· 同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;
· 同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;
· 不同的EVI网络实例不能使用相同的扩展VLAN。
· 不能使用Vlan-interface1作为EVI边缘设备的公网接口;
· EVI扩展VLAN的VLAN接口不支持作为公网出接口。
如果在动态MAC地址表项老化时间内本地EVI边缘设备没有接收到对端数据中心的报文,那么本地EVI边缘设备上的动态MAC地址表项不会主动触发学习更新,直到该表项老化被删除。此时,发给对端数据中心的报文会因为在本地EVI边缘设备的MAC地址表中找不到对应表项而被丢弃,造成流量黑洞。只有当EVI边缘设备学习ARP表项时才能同时触发更新动态MAC地址表项。
为了避免流量黑洞的产生,需要配置MAC地址表项老化时间不小于动态ARP表项老化时间。缺省情况下,S12500的动态ARP表项老化时间为25分钟,动态MAC地址表项老化时间为5分钟。因此,建议您修改动态MAC地址表项的老化时间为30分钟。
在IRF模式下,EVI边缘设备不支持对从EVI隧道收到的报文进行出方向的策略匹配。
(1) 请参考图2进行物理连线,确保IRF物理链路连接正确
(2) 配置Switch A-1为IRF模式
# 配置Switch A-1的成员编号为1,创建IRF端口2,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。
<SwitchA-1> system-view
[SwitchA-1] irf member 1
Info: Member ID change will take effect after the member reboots and operates in IRF mode.
[SwitchA-1] irf-port 2
[SwitchA-1-irf-port2] port group interface ten-gigabitethernet 2/0/1
[SwitchA-1-irf-port2] quit
[SwitchA-1] interface ten-gigabitethernet 2/0/1
[SwitchA-1-Ten-GigabitEthernet2/0/1] undo shutdown
[SwitchA-1-Ten-GigabitEthernet2/0/1] quit
# 将当前配置保存到下次启动配置文件。
[SwitchA-1] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
# 将设备的运行模式切换到IRF模式。
[SwitchA-1] chassis convert mode irf
The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Please wait...
Saving the converted configuration file to the main board succeeded.
Slot 1:
Saving the converted configuration file succeeded.
Now rebooting, please wait...
Switch A-1重启后组成了只有一台成员设备的IRF。
(3) 配置Switch A-2为IRF模式
# 配置Switch A-2的成员编号为2,创建IRF端口1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。
<SwitchA-2> system-view
[SwitchA-2] irf member 2
Info: Member ID change will take effect after the member reboots and operates in IRF mode.
[SwitchA-2] irf-port 1
[SwitchA-2-irf-port1] port group interface ten-gigabitethernet 2/0/1
[SwitchA-2-irf-port1] quit
[SwitchA-2] interface ten-gigabitethernet 2/0/1
[SwitchA-2-Ten-GigabitEthernet2/0/1] undo shutdown
[SwitchA-2-Ten-GigabitEthernet2/0/1] quit
# 将当前配置保存到下次启动配置文件。
[SwitchA-2] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
# 将设备的运行模式切换到IRF模式。
[SwitchA-2] chassis convert mode irf
The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Please wait...
Saving the converted configuration file to the main board succeeded.
Slot 1:
Saving the converted configuration file succeeded.
Now rebooting, please wait...
交换机Swtich A-2重启后与Switch A-1形成IRF A。
(4) 配置IRF A的BFD MAD检测
# 更改IRF A的系统名称为“IRFA”,并设置IRF A域编号为1。
<SwitchA-1> system-view
[SwitchA-1] sysname IRFA
[IRFA] irf domain 1
# 创建VLAN 3,并将Switch A-1上的端口1/3/0/2和Swtich A-2上的端口2/3/0/2加入VLAN中。
[IRFA] vlan 3
[IRFA-vlan3] port gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2
[IRFA-vlan3] quit
# 创建VLAN接口3,并配置MAD IP地址。
[IRFA] interface vlan-interface 3
[IRFA-Vlan-interface3] mad bfd enable
[IRFA-Vlan-interface3] mad ip address 192.168.2.1 24 member 1
[IRFA-Vlan-interface3] mad ip address 192.168.2.2 24 member 2
[IRFA-Vlan-interface3] undo shutdown
[IRFA-Vlan-interface3] quit
# 由于BFD MAD与STP功能互斥,需要关闭接口上的STP功能。
[IRFA] interface range gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2
[IRFA-if-range] undo stp enable
[IRFA-if-range] undo shutdown
[IRFA-if-range] quit
(5) 配置IRF A上各接口的IP地址及路由协议
# 配置IRFA的公网接口(即EVI边缘设备的公网接口)。
[IRFA] vlan 10
[IRFA-vlan10] quit
[IRFA] interface Vlan-interface 10
[IRFA-Vlan-interface10] ip address 10.1.1.1 24
[IRFA-Vlan-interface10] undo shutdown
[IRFA-Vlan-interface10] quit
[IRFA] interface bridge-aggregation 1
[IRFA-Bridge-Aggregation1] link-aggregation mode dynamic
[IRFA-Bridge-Aggregation1] port access vlan 10
[IRFA-Bridge-Aggregation1] undo shutdown
[IRFA-Bridge-Aggregation1] quit
[IRFA] interface gigabitethernet 1/3/0/1
[IRFA-GigabitEthernet1/3/0/1] evi enable
[IRFA-GigabitEthernet1/3/0/1] undo shutdown
[IRFA-GigabitEthernet1/3/0/1] port link-aggregation group 1
[IRFA-GigabitEthernet1/3/0/1] quit
[IRFA] interface gigabitethernet 2/3/0/1
[IRFA-GigabitEthernet2/3/0/1] evi enable
[IRFA-GigabitEthernet2/3/0/1] undo shutdown
[IRFA-GigabitEthernet2/3/0/1] port link-aggregation group 1
[IRFA-GigabitEthernet2/3/0/1] quit
# 配置IRFA的扩展VLAN接口。
[IRFA] vlan 1000
[IRFA-vlan1000] quit
[IRFA] interface bridge-aggregation 2
[IRFA-Bridge-Aggregation2] link-aggregation mode dynamic
[IRFA-Bridge-Aggregation2] port link-type trunk
[IRFA-Bridge-Aggregation2] port trunk permit vlan 1000
[IRFA-Bridge-Aggregation2] undo shutdown
[IRFA-Bridge-Aggregation2] quit
[IRFA] interface gigabitethernet 1/4/0/1
[IRFA-GigabitEthernet1/4/0/1] port link-aggregation group 2
[IRFA-GigabitEthernet1/4/0/1] undo shutdown
[IRFA-GigabitEthernet1/4/0/1] quit
[IRFA] interface gigabitethernet 2/4/0/1
[IRFA-GigabitEthernet2/4/0/1] port link-aggregation group 2
[IRFA-GigabitEthernet2/4/0/1] undo shutdown
[IRFA-GigabitEthernet2/4/0/1] quit
# 创建Loopback接口,作为EVI隧道的源接口。
[IRFA] interface LoopBack 0
[IRFA-LoopBack0] ip address 1.1.1.1 32
[IRFA-LoopBack0] quit
# 配置OSPF路由协议,发布公网路由。
[IRFA] ospf 1
[IRFA-ospf-1] area 0
[IRFA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[IRFA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[IRFA-ospf-1-area-0.0.0.0] quit
[IRFA-ospf-1] quit
(6) 配置EVI隧道
# 建立EVI隧道。
[IRFA] interface Tunnel 1 mode evi
[IRFA-Tunnel1] source LoopBack 0
[IRFA-Tunnel1] evi network-id 1
[IRFA-Tunnel1] evi neighbor-discovery server enable
[IRFA-Tunnel1] evi-isis extend-vlan 1000
[IRFA-Tunnel1] quit
# 配置MAC地址表项的老化时间为30分钟。
[IRFA] mac-address timer aging 1800
# 配置ARP泛洪抑制功能,可以减少EVI隧道中ARP泛洪的次数。
[IRFA] interface Tunnel 1 mode evi
[IRFA-Tunnel1] evi arp-suppression enable
# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端。
[IRFA-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
[IRFA-Tunnel1] quit
(1) 配置CE A上各接口的IP地址及路由协议
# 配置CE A的公网接口。
<CEA> system-view
[CEA] vlan 11
[CEA-vlan11] quit
[CEA] interface Vlan-interface 11
[CEA-Vlan-interface11] ip address 11.1.1.1 24
[CEA-Vlan-interface11] undo shutdown
[CEA-Vlan-interface11] quit
[CEA] interface gigabitethernet 5/0/1
[CEA-GigabitEthernet5/0/1] port access vlan 11
[CEA-GigabitEthernet5/0/1] undo shutdown
[CEA-GigabitEthernet5/0/1] quit
# 配置OSPF路由协议,发布公网路由。
[CEA] ospf 1
[CEA-ospf-1] area 0
[CEA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[CEA-ospf-1-area-0.0.0.0] quit
[CEA-ospf-1] quit
# 配置CE A为Site 1扩展VLAN1000的网关。
[CEA] vlan 1000
[CEA-vlan1000] quit
[CEA] interface Vlan-interface 1000
[CEA-Vlan-interface1000] ip address 100.0.0.1 24
[CEA-Vlan-interface1000] undo shutdown
[CEA-Vlan-interface1000] quit
# 配置CE A的上行扩展VLAN接口。
[CEA] interface bridge-aggregation 2
[CEA-Bridge-Aggregation2] link-aggregation mode dynamic
[CEA-Bridge-Aggregation2] port link-type trunk
[CEA-Bridge-Aggregation2] port trunk permit vlan 1000
[CEA-Bridge-Aggregation2] quit
[CEA] interface gigabitethernet 4/0/1
[CEA-GigabitEthernet4/0/1] port link-aggregation group 2
[CEA-GigabitEthernet4/0/1] undo shutdown
[CEA-GigabitEthernet4/0/1] quit
[CEA] interface gigabitethernet 4/0/2
[CEA-GigabitEthernet4/0/2] port link-aggregation group 2
[CEA-GigabitEthernet4/0/2] undo shutdown
[CEA-GigabitEthernet4/0/2] quit
# 配置CE A的下行扩展VLAN接口。
[CEA] interface gigabitethernet 7/0/1
[CEA-GigabitEthernet7/0/1] port link-type trunk
[CEA-GigabitEthernet7/0/1] port trunk permit vlan 1000
[CEA-GigabitEthernet7/0/1] undo shutdown
[CEA] quit
(2) 配置CE A加入VRRP备份组
# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。
[CEA] interface Vlan-interface 1000
[CEA-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254
# 为使CE A成为Master,配置CE A在备份组中的优先级为110,高于CE B(CE B的优先级采用缺省值100)。
[CEA-Vlan-interface1000] vrrp vrid 1 priority 110
[CEA-Vlan-interface1000] quit
(1) 请参考图2进行物理连线,确保IRF物理链路连接正确
(2) 配置Switch B-1为IRF模式
# 配置Switch B-1的成员编号为1,创建IRF端口2,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。
<SwitchB-1> system-view
[SwitchB-1] irf member 1
Info: Member ID change will take effect after the member reboots and operates in IRF mode.
[SwitchB-1] irf-port 2
[SwitchB-1-irf-port2] port group interface ten-GigabitEthernet 2/0/1
[SwitchB-1-irf-port2] quit
[SwitchB-1] interface ten-GigabitEthernet 2/0/1
[SwitchB-1-Ten-GigabitEthernet2/0/1] undo shutdown
[SwitchB-1-Ten-GigabitEthernet2/0/1] quit
# 将当前配置保存到下次启动配置文件。
[SwitchB-1] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
# 将设备的运行模式切换到IRF模式。
[SwitchB-1] chassis convert mode irf
The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Please wait...
Saving the converted configuration file to the main board succeeded.
Slot 1:
Saving the converted configuration file succeeded.
Now rebooting, please wait...
Switch B-1重启后组成了只有一台成员设备的IRF。
(3) 配置Switch B-2为IRF模式
# 配置Switch B-2的成员编号为2,创建IRF端口1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。
<SwitchB-2> system-view
[SwitchB-2] irf member 2
Info: Member ID change will take effect after the member reboots and operates in IRF mode.
[SwitchB-2] irf-port 1
[SwitchB-2-irf-port1] port group interface ten-GigabitEthernet 2/0/1
[SwitchB-2-irf-port1] quit
[SwitchB-2] interface ten-GigabitEthernet 2/0/1
[SwitchB-2-Ten-GigabitEthernet2/0/1] undo shutdown
[SwitchB-2-Ten-GigabitEthernet2/0/1] quit
# 将当前配置保存到下次启动配置文件。
[SwitchB-2] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
# 将设备的运行模式切换到IRF模式。
[SwitchB-2] chassis convert mode irf
The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Please wait...
Saving the converted configuration file to the main board succeeded.
Slot 1:
Saving the converted configuration file succeeded.
Now rebooting, please wait...
交换机Swtich B-2重启后与Switch B-1形成IRF B。
(4) 配置IRF B的BFD MAD检测
# 更改IRF B的系统名称为“IRFB”,并设置IRF B域编号为2。
<SwitchB-1> system-view
[SwitchB-1] sysname IRFB
[IRFB] irf domain 2
# 创建VLAN 3,并将Switch B-1上的端口1/3/0/2和Swtich B-2上的端口2/3/0/2加入VLAN中。
[IRFB] vlan 3
[IRFB-vlan3] port gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2
[IRFB-vlan3] quit
# 创建VLAN接口3,并配置MAD IP地址。
[IRFB] interface vlan-interface 3
[IRFB-Vlan-interface3] mad bfd enable
[IRFB-Vlan-interface3] mad ip address 192.168.2.1 24 member 1
[IRFB-Vlan-interface3] mad ip address 192.168.2.2 24 member 2
[IRFB-Vlan-interface3] undo shutdown
[IRFB-Vlan-interface3] quit
# 由于BFD MAD与STP功能互斥,需要关闭接口上的STP功能。
[IRFB] interface range gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2
[IRFB-if-range] undo stp enable
[IRFB-if-range] undo shutdown
[IRFB-if-range] quit
(5) 配置IRF B上各接口的IP地址及路由协议
# 配置IRFB的公网接口(即EVI边缘设备的公网接口)。
[IRFB] vlan 10
[IRFB-vlan10] quit
[IRFB] interface Vlan-interface 10
[IRFB-Vlan-interface10] ip address 10.1.2.1 24
[IRFB-Vlan-interface10] undo shutdown
[IRFB-Vlan-interface10] quit
[IRFB] interface bridge-aggregation 1
[IRFB-Bridge-Aggregation1] link-aggregation mode dynamic
[IRFB-Bridge-Aggregation1] port access vlan 10
[IRFB-Bridge-Aggregation1] undo shutdown
[IRFB-Bridge-Aggregation1] quit
[IRFB] interface gigabitethernet 1/3/0/1
[IRFB-GigabitEthernet1/3/0/1] evi enable
[IRFB-GigabitEthernet1/3/0/1] undo shutdown
[IRFB-GigabitEthernet1/3/0/1] port link-aggregation group 1
[IRFB-GigabitEthernet1/3/0/1] quit
[IRFB] interface gigabitethernet 2/3/0/1
[IRFB-GigabitEthernet2/3/0/1] evi enable
[IRFB-GigabitEthernet2/3/0/1] undo shutdown
[IRFB-GigabitEthernet2/3/0/1] port link-aggregation group 1
[IRFB-GigabitEthernet2/3/0/1] quit
# 配置IRFB的扩展VLAN接口。
[IRFB] vlan 1000
[IRFB-vlan1000] quit
[IRFB] interface bridge-aggregation 2
[IRFB-Bridge-Aggregation2] link-aggregation mode dynamic
[IRFB-Bridge-Aggregation2] port link-type trunk
[IRFB-Bridge-Aggregation2] port trunk permit vlan 1000
[IRFB-Bridge-Aggregation2] undo shutdown
[IRFB-Bridge-Aggregation2] quit
[IRFB] interface gigabitethernet 1/4/0/1
[IRFB-GigabitEthernet1/4/0/1] port link-aggregation group 2
[IRFB-GigabitEthernet1/4/0/1] undo shutdown
[IRFB-GigabitEthernet1/4/0/1] quit
[IRFB] interface gigabitethernet 2/4/0/1
[IRFB-GigabitEthernet2/4/0/1] port link-aggregation group 2
[IRFB-GigabitEthernet2/4/0/1] undo shutdown
[IRFB-GigabitEthernet2/4/0/1] quit
# 创建Loopback接口,作为EVI隧道的源接口。
[IRFB] interface LoopBack 0
[IRFB-LoopBack0] ip address 2.2.2.2 32
[IRFB-LoopBack0] quit
# 配置OSPF路由协议,发布公网路由。
[IRFB] ospf 1
[IRFB-ospf-1] area 0
[IRFB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[IRFB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[IRFB-ospf-1-area-0.0.0.0] quit
[IRFB-ospf-1] quit
(6) 配置EVI隧道
# 建立EVI隧道。
[IRFB] interface Tunnel 1 mode evi
[IRFB-Tunnel1] source LoopBack 0
[IRFB-Tunnel1] evi network-id 1
[IRFB-Tunnel1] evi neighbor-discovery client enable 1.1.1.1
[IRFB-Tunnel1] evi-isis extend-vlan 1000
[IRFB-Tunnel1] quit
# 配置MAC地址表项的老化时间为30分钟。
[IRFB] mac-address timer aging 1800
# 配置ARP泛洪抑制功能,可以减少EVI隧道中ARP泛洪的次数。
[IRFB] interface Tunnel 1 mode evi
[IRFB-Tunnel1] evi arp-suppression enable
# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端。
[IRFB-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
[IRFB-Tunnel1] quit
(1) 配置CE B上各接口的IP地址及路由协议
# 配置CE B的公网接口。
<CEB> system-view
[CEB] vlan 11
[CEB-vlan11] quit
[CEB] interface vlan-interface 11
[CEB-Vlan-interface11] ip address 11.1.2.1 24
[CEB-Vlan-interface11] undo shutdown
[CEB-Vlan-interface11] quit
[CEB] interface gigabitethernet 5/0/1
[CEB-GigabitEthernet5/0/1] port access vlan 11
[CEB-GigabitEthernet5/0/1] undo shutdown
[CEB-GigabitEthernet5/0/1] quit
# 配置OSPF路由协议,发布公网路由。
[CEB] ospf 1
[CEB-ospf-1] area 0
[CEB-ospf-1-area-0.0.0.0] network 11.1.2.0 0.0.0.255
[CEB-ospf-1-area-0.0.0.0] quit
[CEB-ospf-1] quit
# 配置CE B为Site 2扩展VLAN1000的网关。
[CEB] vlan 1000
[CEB-vlan1000] quit
[CEB] interface vlan-interface 1000
[CEB-Vlan-interface1000] ip address 100.0.0.2 24
[CEB-Vlan-interface1000] undo shutdown
[CEB-Vlan-interface1000] quit
# 配置CE B的上行扩展VLAN接口。
[CEB] interface bridge-aggregation 2
[CEB-Bridge-Aggregation2] link-aggregation mode dynamic
[CEB-Bridge-Aggregation2] port link-type trunk
[CEB-Bridge-Aggregation2] port trunk permit vlan 1000
[CEB-Bridge-Aggregation2] quit
[CEB] interface gigabitethernet 4/0/1
[CEB-GigabitEthernet4/0/1] port link-aggregation group 2
[CEB-GigabitEthernet4/0/1] undo shutdown
[CEB-GigabitEthernet4/0/1] quit
[CEB] interface gigabitethernet 4/0/2
[CEB-GigabitEthernet4/0/2] port link-aggregation group 2
[CEB-GigabitEthernet4/0/2] undo shutdown
[CEB-GigabitEthernet4/0/2] quit
# 配置CE B的下行扩展VLAN接口。
[CEB] interface gigabitethernet 7/0/1
[CEB-GigabitEthernet7/0/1] port link-type trunk
[CEB-GigabitEthernet7/0/1] port trunk permit vlan 1000
[CEB-GigabitEthernet7/0/1] undo shutdown
[CEB] quit
(2) 配置CE B加入VRRP备份组
# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。
[CEB] interface vlan-interface 1000
[CEB-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254
[CEB-Vlan-interface1000] quit
将Site 1中的某台服务器(IP地址为100.0.0.100)迁移至Site 2中,从外网ping这台服务器(IP地址不变),仍然可以ping通。
C:\>ping 100.0.0.100
Pinging 100.0.0.100 with 32 bytes of data:
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Reply from 100.0.0.100: bytes=32 time=37ms TTL=128
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Ping statistics for 100.0.0.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 37ms, Average = 10ms
C:\>
· IRF A:
#
version 7.1.034, Release 7129
#
mdc Admin id 1
#
sysname IRFA
#
irf domain 1
irf mac-address persistent always
irf auto-update enable
undo irf auto-merge enable
undo irf link-delay
irf member 1 priority 1
irf member 2 priority 1
#
mac-address timer aging 1800
#
vlan 1
#
vlan 3
#
vlan 10
#
vlan 1000
#
irf-port 1/2
port group mdc 1 interface Ten-GigabitEthernet1/2/0/1
#
irf-port 2/1
port group mdc 1 interface Ten-GigabitEthernet2/2/0/1
#
stp global enable
#
interface Bridge-Aggregation1
port access vlan 10
link-aggregation mode dynamic
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 1000
link-aggregation mode dynamic
#
interface NULL0
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface3
mad bfd enable
mad ip address 192.168.2.1 255.255.255.0 member 1
mad ip address 192.168.2.2 255.255.255.0 member 2
#
interface Vlan-interface10
ip address 10.1.1.1 255.255.255.0
#
interface gigabitethernet1/3/0/1
port link-mode bridge
evi enable
port link-aggregation group 1
#
interface gigabitethernet2/3/0/1
port link-mode bridge
evi enable
port link-aggregation group 1
#
interface gigabitethernet1/3/0/2
port link-mode bridge
port access vlan 3
undo stp enable
#
interface gigabitethernet2/3/0/2
port link-mode bridge
port access vlan 3
undo stp enable
#
interface gigabitethernet1/4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface gigabitethernet2/4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/2/0/1
#
interface Tunnel1 mode evi
evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
evi arp-suppression enable
evi-isis extend-vlan 1000
source LoopBack0
evi network-id 1
evi neighbor-discovery server enable
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
scheduler logfile size 16
#
user-interface aux 1/1
authentication-mode none
user-role network-admin
#
user-interface con 1/1
user-role network-admin
#
user-interface vty 0 15
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
· CE A:
#
version 7.1.034, Release 7129
#
mdc Admin id 1
#
sysname CEA
#
telnet server enable
#
vlan 1
#
vlan 11
#
vlan 1000
#
stp global enable
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 1000
link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Vlan-interface1000
ip address 100.0.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 100.0.0.254
vrrp vrid 1 priority 110
#
interface gigabitethernet4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface gigabitethernet4/0/2
port link-mode bridge
port link-aggregation group 2
#
interface gigabitethernet5/0/1
port link-mode bridge
port access vlan 11
#
interface gigabitethernet7/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
ospf 1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
#
scheduler logfile size 16
#
user-interface aux 1
authentication-mode none
user-role network-admin
#
user-interface con 1
user-role network-admin
#
user-interface vty 0 15
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
· IRF B:
#
version 7.1.034, Release 7129
#
mdc Admin id 1
#
sysname IRFB
#
irf domain 2
irf mac-address persistent always
irf auto-update enable
undo irf auto-merge enable
undo irf link-delay
irf member 1 priority 1
irf member 2 priority 1
#
mac-address timer aging 1800
#
vlan 1
#
vlan 3
#
vlan 10
#
vlan 1000
#
irf-port 1/2
port group mdc 1 interface Ten-GigabitEthernet1/2/0/1
#
irf-port 2/1
port group mdc 1 interface Ten-GigabitEthernet2/2/0/1
#
stp global enable
#
interface Bridge-Aggregation1
port access vlan 10
link-aggregation mode dynamic
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 1000
link-aggregation mode dynamic
#
interface NULL0
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface3
mad bfd enable
mad ip address 192.168.2.1 255.255.255.0 member 1
mad ip address 192.168.2.2 255.255.255.0 member 2
#
interface Vlan-interface10
ip address 10.1.2.1 255.255.255.0
#
interface gigabitethernet1/3/0/1
port link-mode bridge
evi enable
port link-aggregation group 1
#
interface gigabitethernet2/3/0/1
port link-mode bridge
evi enable
port link-aggregation group 1
#
interface gigabitethernet1/3/0/2
port link-mode bridge
port access vlan 3
undo stp enable
#
interface gigabitethernet2/3/0/2
port link-mode bridge
port access vlan 3
undo stp enable
#
interface gigabitethernet1/4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface gigabitethernet2/4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/2/0/1
#
interface Tunnel1 mode evi
evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
evi arp-suppression enable
evi-isis extend-vlan 1000
source LoopBack0
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.2.0 0.0.0.255
#
scheduler logfile size 16
#
user-interface aux 1/1
authentication-mode none
user-role network-admin
#
user-interface con 1/1
user-role network-admin
#
user-interface vty 0 15
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
· CE B:
#
version 7.1.034, Release 7129
#
mdc Admin id 1
#
sysname CEB
#
telnet server enable
#
vlan 1
#
vlan 11
#
vlan 1000
#
stp global enable
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 1000
link-aggregation mode dynamic
#
interface NULL0
#
interface Vlan-interface11
ip address 11.1.2.1 255.255.255.0
#
interface Vlan-interface1000
ip address 100.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 100.0.0.254
#
interface gigabitethernet4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface gigabitethernet4/0/2
port link-mode bridge
port link-aggregation group 2
#
interface gigabitethernet5/0/1
port link-mode bridge
port access vlan 11
#
interface gigabitethernet7/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
ospf 1
area 0.0.0.0
network 11.1.2.0 0.0.0.255
#
scheduler logfile size 16
#
user-interface aux 1
authentication-mode none
user-role network-admin
#
user-interface con 1
user-role network-admin
#
user-interface vty 0 15
user-role network-operator
#
domain system
#
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
return
· 《H3C S12500系列路由交换机 EVI配置指导》中的“EVI”
· 《H3C S12500系列路由交换机 EVI命令参考》中的“EVI”
· 《H3C S12500系列路由交换机 基础配置指导》中的“MDC”
· 《H3C S12500系列路由交换机 基础命令参考》中的“MDC”
· 《H3C S12500系列路由交换机 IRF配置指导》中的“IRF”
· 《H3C S12500系列路由交换机 IRF命令参考》中的“IRF”
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
