• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 新华三人才研学中心
  • 关于我们

12-EVI配置举例

目录

00-H3C_S12500_EVI典型配置举例

本章节下载 00-H3C_S12500_EVI典型配置举例  (285.27 KB)

docurl=/cn/Service/Document_Software/Document_Center/Switches/Catalog/S12500/S12500/Configure/Typical_Configuration_Example/H3C_S12500-R7328P02-6W100/12/201411/845422_30005_0.htm

00-H3C_S12500_EVI典型配置举例


1  简介

本文档介绍了通过MDC实现EVI边缘设备与网关分离和通过IRF实现EVI边缘设备的冗余备份的配置举例。

EVI(Ethernet Virtualization Interconnect,以太网虚拟化互联)是一种基于“MAC in IP”的二层VPN技术,它可以基于现有服务提供商或企业的IP网络,为分散的物理站点提供二层互联功能。虚拟机能在不同站点之间自由迁移。

2  配置前提

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文假设您已了解EVI、MDC和IRF特性。

3  使用限制

·     本地EVI边缘设备不能作为对端数据中心的网关。

·     EVI和MDC特性需要安装配套的License。License分为园区网License和数据中心License两大类,其中数据中心License支持EVI和MDC特性;园区网License仅支持MDC特性。

4  通过MDC实现EVI边缘设备与网关分离配置举例

4.1  组网需求

图1所示,某公司由于用户数量急剧增加,公司网络部决定扩大数据中心规模,在两个不同的地区设立数据中心,并要求采用EVI技术实现数据中心之间的二层互通。具体要求如下:

·     数据中心之间VLAN 1000的业务流量通过运营商网络的三层IP网络实现二层互通;

·     不同数据中心之间的资源能动态调配和管理,数据业务和服务器能自由迁移,数据迁移过程对用户透明,并且迁移过程中不改变数据业务和服务器的IP地址(否则用户的访问流量会中断);

·     为减少项目管理和维护成本,要求采用MDC技术将公网接入设备虚拟成两台独立的设备。其中一台作为EVI的边缘设备,另一台作为EVI扩展VLAN的三层网关。

图1 通过MDC实现EVI边缘设备与网关分离配置组网图

设备

接口

IP地址

设备

接口

IP地址

MDCA1

Loop0

1.1.1.1/32

MDCB1

Loop0

2.2.2.2/32

 

Vlan-int10

10.1.1.1/24

 

Vlan-int10

10.1.2.1/24

MDCA2

Vlan-int11

11.1.1.1/24

MDCB2

Vlan-int11

11.1.2.1/24

 

Vlan-int1000

100.0.0.1/24

 

Vlan-int1000

100.0.0.2/24

 

4.2  配置思路

·     为实现两个数据中心之间VLAN 1000的二层互通,需要在MDCA1和MDCB1之间建立EVI网络,并将VLAN 1000配置成扩展VLAN;

·     为实现当数据业务和服务器在迁移过程中无需修改网关地址,需要将MDCA2和MDCB2加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;

·     为实现MDCA2和MDCB2之间的VRRP协议报文能够透传,需要在MDCA1和MDCB1上配置选择性泛洪,允许VRRP的协议报文通过EVI网络传递到对端数据中心的网关。

4.3  使用版本

本举例是在S12500-CMW710-R7328P02版本上进行配置和验证的。

4.4  配置注意事项

4.4.1  配置EVI网络实例和扩展VLAN的注意事项

·     同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;

·     同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;

·     不同的EVI网络实例不能使用相同的扩展VLAN。

4.4.2  配置EVI边缘设备公网接口的注意事项

·     不能使用Vlan-interface1作为EVI边缘设备的公网接口;

·     EVI扩展VLAN的VLAN接口不支持作为公网出接口。

4.4.3  配置动态MAC地址表项老化时间的注意事项

如果在动态MAC地址表项老化时间内本地EVI边缘设备没有接收到对端数据中心的报文,那么本地EVI边缘设备上的动态MAC地址表项不会主动触发学习更新,直到该表项老化被删除。此时,发给对端数据中心的报文会因为在本地EVI边缘设备的MAC地址表中找不到对应表项而被丢弃,造成流量黑洞。只有当EVI边缘设备学习ARP表项时才能同时触发更新动态MAC地址表项。

为了避免流量黑洞的产生,需要配置MAC地址表项老化时间不小于动态ARP表项老化时间。缺省情况下,S12500的动态ARP表项老化时间为25分钟,动态MAC地址表项老化时间为5分钟。因此,建议您修改动态MAC地址表项的老化时间为30分钟。

4.4.4  配置MDC的注意事项

MDCA1与MDCA2之间的物理线路以及MDCB1和MDCB2之间的物理线路需要在MDC划分完成后才能进行连接,否则可能会引起环路。

4.5  配置步骤

4.5.1  Swtich A的配置

1. 划分MDC

# 将Switch A划分成两个MDC,其中MDCA1直接使用缺省MDC,作为数据中心Site1的EVI边缘设备;MDCA2使用非缺省MDC,作为Site1的网关。

<SwitchA> system-view

[SwitchA] sysname MDCA1

[MDCA1] mdc MDCA2

[MDCA1-mdc-2-MDCA2] location slot 2

[MDCA1-mdc-2-MDCA2] allocate interface gigabitethernet 2/0/1 to gigabitethernet 2/0/48

[MDCA1-mdc-2-MDCA2] mdc start

[MDCA1-mdc-2-MDCA2] quit

2. 配置MDCA1

(1)     配置MDCA1上各接口的IP地址及路由协议

# 配置MDCA1公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet3/0/1允许VLAN 10通过。

[MDCA1] vlan 10

[MDCA1-vlan10] quit

[MDCA1] interface gigabitethernet 3/0/1

[MDCA1-GigabitEthernet3/0/1] port access vlan 10

[MDCA1-GigabitEthernet3/0/1] undo shutdown

[MDCA1-GigabitEthernet3/0/1] quit

[MDCA1] interface vlan-interface 10

[MDCA1-Vlan-interface10] ip address 10.1.1.1 24

[MDCA1-Vlan-interface10] undo shutdown

[MDCA1-Vlan-interface10] quit

# 创建VLAN 1000,并配置GigabitEthernet3/0/2允许VLAN 1000通过。

[MDCA1] vlan 1000

[MDCA1-vlan1000] quit

[MDCA1] interface gigabitethernet 3/0/2

[MDCA1-GigabitEthernet3/0/2] port link-type trunk

[MDCA1-GigabitEthernet3/0/2] port trunk permit vlan 1000

[MDCA1-GigabitEthernet3/0/2] undo shutdown

[MDCA1-GigabitEthernet3/0/2] quit

# 创建LoopBack接口,作为EVI隧道的源接口。

[MDCA1] interface loopback 0

[MDCA1-LoopBack0] ip address 1.1.1.1 32

[MDCA1-LoopBack0] quit

# 配置OSPF路由协议,发布公网路由。

[MDCA1] ospf 1

[MDCA1-ospf-1] area 0

[MDCA1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[MDCA1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[MDCA1-ospf-1-area-0.0.0.0] quit

[MDCA1-ospf-1] quit

(2)     配置EVI隧道

# 建立EVI隧道。

[MDCA1] interface Tunnel 1 mode evi

# 配置Tunnel1接口的源端地址为LoopBack0。

[MDCA1-Tunnel1] source loopback 0

# 配置Tunnel1接口的Network ID。

[MDCA1-Tunnel1] evi network-id 1

# 使能Tunnel1接口的ENDS功能。

[MDCA1-Tunnel1] evi neighbor-discovery server enable

# 配置Tunnel1接口的扩展VLAN

[MDCA1-Tunnel1] evi extend-vlan 1000

# 配置ARP泛洪抑制功能,以减少EVI隧道中ARP泛洪的次数。

[MDCA1-Tunnel1] evi arp-suppression enable

# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。

[MDCA1-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

[MDCA1-Tunnel1] quit

# 配置MAC地址表项的老化时间为30分钟。

[MDCA1] mac-address timer aging 1800

# 在接入EVI网络的物理接口GigabitEthernet3/0/1上开启EVI功能,同时关闭接口上的STP功能。

[MDCA1] interface gigabitethernet 3/0/1

[MDCA1-GigabitEthernet3/0/1] evi enable

[MDCA1-GigabitEthernet3/0/1] undo stp enable

[MDCA1-GigabitEthernet3/0/1] quit

3. 配置网关MDCA2

# 登录到MDCA2,并将MDCA2的系统名称改成“MDCA2”。

[MDCA1] switchto MDCA2

<Sysname> system-view

[Sysname] sysname MDCA2

[MDCA2]

(1)     配置MDCA2上各接口的IP地址及路由协议

# 配置MDCA2的公网接口。

[MDCA2] vlan 11

[MDCA2-vlan11] quit

[MDCA2] interface vlan-interface 11

[MDCA2-Vlan-interface11] ip address 11.1.1.1 24

[MDCA2-Vlan-interface11] undo shutdown

[MDCA2-Vlan-interface11] quit

[MDCA2] interface gigabitethernet 2/0/48

[MDCA2-GigabitEthernet2/0/48] port access vlan 11

[MDCA2-GigabitEthernet2/0/48] undo shutdown

[MDCA2-GigabitEthernet2/0/48] quit

# 配置OSPF路由协议,发布公网路由。

[MDCA2] ospf 1

[MDCA2-ospf-1] area 0

[MDCA2-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[MDCA2-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255

[MDCA2-ospf-1-area-0.0.0.0] quit

[MDCA2-ospf-1] quit

# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。

[MDCA2] vlan 1000

[MDCA2-vlan1000] quit

[MDCA2] interface vlan-interface 1000

[MDCA2-Vlan-interface1000] ip address 100.0.0.1 24

[MDCA2-Vlan-interface1000] undo shutdown

[MDCA2-Vlan-interface1000] quit

# 配置接口GigabitEthernet2/0/2和GigabitEthernet2/0/10允许VLAN 1000通过

[MDCA2] interface gigabitethernet 2/0/2

[MDCA2-GigabitEthernet2/0/2] port link-type trunk

[MDCA2-GigabitEthernet2/0/2] port trunk permit vlan 1000

[MDCA2-GigabitEthernet2/0/2] undo shutdown

[MDCA2-GigabitEthernet2/0/2] quit

[MDCA2] interface gigabitethernet 2/0/10

[MDCA2-GigabitEthernet2/0/10] port link-type trunk

[MDCA2-GigabitEthernet2/0/10] port trunk permit vlan 1000

[MDCA2-GigabitEthernet2/0/10] undo shutdown

[MDCA2-GigabitEthernet2/0/10] quit

(2)     配置MDCA2加入VRRP备份组

# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。

[MDCA2] interface vlan-interface 1000

[MDCA2-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254

# 为使MDCA2成为Master,配置MDCA2在备份组中的优先级为110,高于MDCB2采用的缺省优先级100。

[MDCA2-Vlan-interface1000] vrrp vrid 1 priority 110

[MDCA2-Vlan-interface1000] quit

4.5.2  Swtich B的配置

1. 划分MDC

# 将Switch B划分成两个MDC,其中MDCB1直接使用缺省MDC,作为数据中心Site2的EVI边缘设备;MDCB2使用非缺省MDC,作为Site2的网关。

<SwitchB> system-view

[SwitchB] sysname MDCB1

[MDCB1] mdc MDCB2

[MDCB1-mdc-2-MDCB2] location slot 2

[MDCB1-mdc-2-MDCB2] allocate interface gigabitethernet 2/0/1 to gigabitethernet 2/0/48

[MDCB1-mdc-2-MDCB2] mdc start

[MDCB1-mdc-2-MDCB2] quit

2. 配置MDCB1

(1)     配置MDCB1上各接口的IP地址及路由协议

 # 配置MDCB1公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet3/0/1允许VLAN 10通过。

[MDCB1] vlan 10

[MDCB1-vlan10] quit

[MDCB1] interface gigabitethernet 3/0/1

[MDCB1-GigabitEthernet3/0/1] port access vlan 10

[MDCB1-GigabitEthernet3/0/1] undo shutdown

[MDCB1-GigabitEthernet3/0/1] quit

[MDCB1] interface vlan-interface 10

[MDCB1-Vlan-interface10] ip address 10.1.2.1 24

[MDCB1-Vlan-interface10] undo shutdown

[MDCB1-Vlan-interface10] quit

# 创建VLAN 1000,并配置GigabitEthernet3/0/2允许VLAN 1000通过。

[MDCB1] vlan 1000

[MDCB1-vlan1000] quit

[MDCB1] interface gigabitethernet 3/0/2

[MDCB1-GigabitEthernet3/0/2] port link-type trunk

[MDCB1-GigabitEthernet3/0/2] port trunk permit vlan 1000

[MDCB1-GigabitEthernet3/0/2] undo shutdown

[MDCB1-GigabitEthernet3/0/2] quit

# 创建Loopback接口,作为EVI隧道的源接口。

[MDCB1]interface loopback 0

[MDCB1-LoopBack0] ip address 2.2.2.2 32

[MDCB1-LoopBack0] quit

# 配置OSPF路由协议,发布公网路由。

[MDCB1] ospf 1

[MDCB1-ospf-1] area 0

[MDCB1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[MDCB1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[MDCB1-ospf-1-area-0.0.0.0] quit

[MDCB1-ospf-1] quit

(2)     配置EVI隧道

# 建立EVI隧道。

[MDCB1] interface Tunnel 1 mode evi

# 配置Tunnel1接口的源端地址为LoopBack0。

[MDCB1-Tunnel1] source loopback 0

# 配置Tunnel1接口的Network ID。

[MDCB1-Tunnel1] evi network-id 1

# 使能Tunnel1接口的ENDC功能,该ENDC对应的ENDSMDCA1

[MDCB1-Tunnel1] evi neighbor-discovery client enable 1.1.1.1

# 配置Tunnel1接口的扩展VLAN

[MDCB1-Tunnel1] evi extend-vlan 1000

# 配置ARP泛洪抑制功能,以减少EVI隧道中ARP泛洪的次数。

[MDCB1-Tunnel1] evi arp-suppression enable

# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。

[MDCB1-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

[MDCB1-Tunnel1] quit

# 配置MAC地址表项的老化时间为30分钟。

[MDCB1] mac-address timer aging 1800

# 在接入EVI网络的物理接口GigabitEthernet3/0/1上开启EVI功能,同时关闭接口上的STP功能。

[MDCB1] interface gigabitethernet 3/0/1

[MDCB1-GigabitEthernet3/0/1] evi enable

[MDCB1-GigabitEthernet3/0/1] undo stp enable

[MDCB1-GigabitEthernet3/0/1] quit

3. 配置网关MDCB2

# 登录到MDCB2,并将MDCB2的系统名称改成“MDCB2”。

[MDCB1] switchto MDCB2

<Sysname> system-view

[Sysname] sysname MDCB2

[MDCB2]

(1)     配置MDCB2上各接口的IP地址及路由协议

# 配置MDC2的公网接口。

[MDCB2] vlan 11

[MDCB2-vlan11] quit

[MDCB2] interface vlan-interface 11

[MDCB2-Vlan-interface11] ip address 11.1.2.1 24

[MDCB2-Vlan-interface11] undo shutdown

[MDCB2-Vlan-interface11] quit

[MDCB2] interface gigabitethernet 2/0/48

[MDCB2-GigabitEthernet2/0/48] port access vlan 11

[MDCB2-GigabitEthernet2/0/48] undo shutdown

[MDCB2-GigabitEthernet2/0/48] quit

# 配置OSPF路由协议,发布公网路由。

[MDCB2] ospf 1

[MDCB2-ospf-1] area 0

[MDCB2-ospf-1-area-0.0.0.0] network 11.1.2.0 0.0.0.255

[MDCB2-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255

[MDCB2-ospf-1-area-0.0.0.0] quit

[MDCB2-ospf-1] quit

# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。

[MDCB2] vlan 1000

[MDCB2-vlan1000] quit

[MDCB2] interface vlan-interface 1000

[MDCB2-Vlan-interface1000] ip address 100.0.0.2 24

[MDCB2-Vlan-interface1000] undo shutdown

[MDCB2-Vlan-interface1000] quit

# 配置接口GigabitEthernet2/0/2和GigabitEthernet2/0/10允许VLAN 1000通过

[MDCB2] interface gigabitethernet 2/0/2

[MDCB2-GigabitEthernet2/0/2] port link-type trunk

[MDCB2-GigabitEthernet2/0/2] port trunk permit vlan 1000

[MDCB2-GigabitEthernet2/0/2] undo shutdown

[MDCB2-GigabitEthernet2/0/2] quit

[MDCB2] interface gigabitethernet 2/0/10

[MDCB2-GigabitEthernet2/0/10] port link-type trunk

[MDCB2-GigabitEthernet2/0/10] port trunk permit vlan 1000

[MDCB2-GigabitEthernet2/0/10] undo shutdown

[MDCB2-GigabitEthernet2/0/10] quit

(2)     配置MDCA2加入VRRP备份组

# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。

[MDCB2] interface vlan-interface 1000

[MDCB2-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254

[MDCB2-Vlan-interface1000] quit

4.6  验证配置

将Site 1中的某台服务器(IP地址为100.0.0.100,网关地址为100.0.0.254)迁移至Site 2中,从外网ping这台服务器(IP地址不变),仍然可以ping通。

C:\>ping 100.0.0.100

 

Pinging 100.0.0.100 with 32 bytes of data:

 

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

Reply from 100.0.0.100: bytes=32 time=37ms TTL=128

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

 

Ping statistics for 100.0.0.100:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 1ms, Maximum = 37ms, Average = 10ms

 

C:\>

4.7  配置文件

·     MDCA1:

#

mdc Admin id 1

#

mdc MDCA2 id 2

 location slot 2

 mdc start

 allocate interface gigabitethernet2/0/1 to GigabitEthernet2/0/48

#

 sysname MDCA1

#

 mac-address timer aging 1800

#

vlan 1

#

vlan 10

#

vlan 1000

#

interface LoopBack0

 ip address 1.1.1.1 255.255.255.255

#

interface Vlan-interface10

 ip address 10.1.1.1 255.255.255.0

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 10

 undo stp enable

 evi enable

#

interface Tunnel1 mode evi

 evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

 evi arp-suppression enable

 evi extend-vlan 1000

 source LoopBack0

 evi network-id 1

 evi neighbor-discovery server enable

#

ospf 1

 area 0.0.0.0

  network 1.1.1.1 0.0.0.0

  network 10.1.1.0 0.0.0.255

#

return

·     MDCA2:

#

 sysname MDCA2

#

vlan 1

#

vlan 11

#

vlan 1000

#

interface Vlan-interface11

 ip address 11.1.1.1 255.255.255.0

#

interface Vlan-interface1000

 ip address 100.0.0.1 255.255.255.0

 vrrp vrid 1 virtual-ip 100.0.0.254

 vrrp vrid 1 priority 110

#

interface GigabitEthernet2/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

interface GigabitEthernet2/0/10

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan all

#

interface GigabitEthernet2/0/48

 port link-mode bridge

 port access vlan 10

#

ospf 1

 area 0.0.0.0

  network 11.1.1.1 0.0.0.255

  network 100.0.0.0 0.0.0.255

#

return

·     MDCB1:

#

mdc Admin id 1

#

mdc MDCB2 id 2

 location slot 2

 mdc start

 allocate interface GigabitEthernet2/0/1 to GigabitEthernet2/0/48

#

 sysname MDCB1

#

 mac-address timer aging 1800

#

vlan 1

#

vlan 10

#

vlan 1000

#

interface LoopBack0

 ip address 2.2.2.2 255.255.255.255

#

interface Vlan-interface10

 ip address 10.1.2.1 255.255.255.0

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 10

 undo stp enable

 evi enable

#

interface Tunnel1 mode evi

 evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

 evi arp-suppression enable

 evi extend-vlan 1000

 source LoopBack0

 evi network-id 1

 evi neighbor-discovery client enable 1.1.1.1

#

ospf 1

 area 0.0.0.0

  network 2.2.2.2 0.0.0.0

  network 10.1.2.0 0.0.0.255

#

return

·     MDCB2:

#

 version 7.1.045, Release 7328

#

 sysname MDCB2

#

vlan 1

#

vlan 11

#

vlan 1000

#

interface Vlan-interface11

 ip address 11.1.2.1 255.255.255.0

#

interface Vlan-interface1000

 ip address 100.0.0.2 255.255.255.0

 vrrp vrid 1 virtual-ip 100.0.0.254

#

interface GigabitEthernet2/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

interface GigabitEthernet2/0/10

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan all

#

interface GigabitEthernet2/0/48

 port link-mode bridge

 port access vlan 10

#

ospf 1

 area 0.0.0.0

  network 11.1.2.1 0.0.0.255

  network 100.0.0.0 0.0.0.255

#

return

5  通过IRF实现EVI边缘设备的冗余备份配置举例

5.1  组网需求

图2所示,某公司由于用户数量急剧增加,公司网络部决定扩大数据中心规模,在两个不同的地区设立数据中心,并要求采用EVI技术实现数据中心的二层互通。具体要求如下:

·     数据中心之间VLAN 1000的业务流量通过运营商网络的三层IP网络实现二层互通;

·     不同数据中心之间的资源能动态调配和管理,数据业务和服务器能自由迁移,数据迁移过程对用户透明,并且迁移过程中不改变数据业务和服务器的IP地址(否则用户的访问流量会中断);

·     为提高EVI边缘设备的可靠性,要求使用IRF技术实现边缘设备的冗余,即使一台交换机出现故障,也不会影响整个数据中心的通信。

图2 通过IRF实现EVI边缘设备的冗余备份配置组网图

设备

接口

IP地址

设备

接口

IP地址

IRF A

Loop0

1.1.1.1/32

IRFB

Loop0

2.2.2.2/32

 

Vlan-int10

10.1.1.1/24

 

Vlan-int10

10.1.2.1/24

CE A

Vlan-int11

11.1.1.1/24

CE B

Vlan-int11

11.1.2.1/24

 

Vlan-int1000

100.0.0.1/24

 

Vlan-int1000

100.0.0.2/24

 

5.2  配置思路

·     为实现两个数据中心之间VLAN 1000的二层互通,需要在IRF A和 IRF B之间建立EVI网络,并将VLAN 1000配置成扩展VLAN;

·     为实现当数据业务和服务器在迁移过程中无需修改网关地址,需要将数据中心Site1的网关CE A和Site2的网关CE B加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;

·     为实现CE A和CE B之间的VRRP协议报文能够透传,需要在IRF A和IRF B上配置选择性泛洪,允许VRRP的协议报文通过EVI网络传递到对端数据中心的网关。

·     为提供IRF链路的可靠性,需要分别在IRF上下行的链路上配置链路聚合功能。

5.3  使用版本

本举例是在S12500-CMW710-R7328版本上进行配置和验证的。

5.4  配置注意事项

1. 配置EVI网络实例和扩展VLAN的注意事项

·     同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;

·     同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;

·     不同的EVI网络实例不能使用相同的扩展VLAN。

2. 配置EVI边缘设备公网接口的注意事项

·     不能使用Vlan-interface1作为EVI边缘设备的公网接口;

·     EVI扩展VLAN的VLAN接口不支持作为公网出接口。

3. 配置动态MAC地址表项老化时间的注意事项

如果在动态MAC地址表项老化时间内本地EVI边缘设备没有接收到对端数据中心的报文,那么本地EVI边缘设备上的动态MAC地址表项不会主动触发学习更新,直到该表项老化被删除。此时,发给对端数据中心的报文会因为在本地EVI边缘设备的MAC地址表中找不到对应表项而被丢弃,造成流量黑洞。只有当EVI边缘设备学习ARP表项时才能同时触发更新动态MAC地址表项。

为了避免流量黑洞的产生,需要配置MAC地址表项老化时间不小于动态ARP表项老化时间。缺省情况下,S12500的动态ARP表项老化时间为25分钟,动态MAC地址表项老化时间为5分钟。因此,建议您修改动态MAC地址表项的老化时间为30分钟。

4. IRF相关的注意事项

在IRF模式下,EVI边缘设备不支持对从EVI隧道收到的报文进行出方向的策略匹配。

5.5  配置步骤

5.5.1  IRF A的配置

(1)     请参考图2进行物理连线,确保IRF物理链路连接正确

(2)     配置Switch A-1为IRF模式

# 配置Switch A-1的成员编号为1,创建IRF端口2,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。

<SwitchA-1> system-view

[SwitchA-1] irf member 1

[SwitchA-1] irf-port 2

[SwitchA-1-irf-port2] port group interface ten-gigabitethernet 2/0/1

[SwitchA-1-irf-port2] quit

[SwitchA-1] interface ten-gigabitethernet 2/0/1

[SwitchA-1-Ten-GigabitEthernet2/0/1] undo shutdown

[SwitchA-1-Ten-GigabitEthernet2/0/1] quit

# 将当前配置保存到下次启动配置文件。

[SwitchA-1] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# 将设备的运行模式切换到IRF模式。

[SwitchA-1] chassis convert mode irf

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y

Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y

 Please wait...

 Saving the converted configuration file to the main board succeeded.

Slot 1:

 Saving the converted configuration file succeeded.

 Now rebooting, please wait...

Switch A-1重启后组成了只有一台成员设备的IRF。

(3)     配置Switch A-2为IRF模式

# 配置Switch A-2的成员编号为2,创建IRF端口1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。

<SwitchA-2> system-view

[SwitchA-2] irf member 2

[SwitchA-2] irf-port 1

[SwitchA-2-irf-port1] port group interface ten-gigabitethernet 2/0/1

[SwitchA-2-irf-port1] quit

[SwitchA-2] interface ten-gigabitethernet 2/0/1

[SwitchA-2-Ten-GigabitEthernet2/0/1] undo shutdown

[SwitchA-2-Ten-GigabitEthernet2/0/1] quit

# 将当前配置保存到下次启动配置文件。

[SwitchA-2] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# 将设备的运行模式切换到IRF模式。

[SwitchA-2] chassis convert mode irf

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y

Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y

 Please wait...

 Saving the converted configuration file to the main board succeeded.

Slot 1:

 Saving the converted configuration file succeeded.

 Now rebooting, please wait...

交换机Swtich A-2重启后与Switch A-1形成IRF A。

(4)     配置IRF A的BFD MAD检测

# 更改IRF A的系统名称为“IRFA”,并设置IRF A域编号为1。

<SwitchA-1> system-view

[SwitchA-1] sysname IRFA

[IRFA] irf domain 1

# 创建VLAN 3,并将Switch A-1上的端口GigabitEthernet1/3/0/2和Swtich A-2上的端口GigabitEthernet2/3/0/2加入VLAN中。

[IRFA] vlan 3

[IRFA-vlan3] port gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2

[IRFA-vlan3] quit

# 创建VLAN接口3,并配置MAD IP地址。

[IRFA] interface vlan-interface 3

[IRFA-Vlan-interface3] mad bfd enable

[IRFA-Vlan-interface3] mad ip address 192.168.2.1 24 member 1

[IRFA-Vlan-interface3] mad ip address 192.168.2.2 24 member 2

[IRFA-Vlan-interface3] undo shutdown

[IRFA-Vlan-interface3] quit

# 由于BFD MAD与STP功能互斥,需要关闭接口上的STP功能。

[IRFA] interface range gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2

[IRFA-if-range] undo stp enable

[IRFA-if-range] undo shutdown

[IRFA-if-range] quit

(5)     配置IRF A上各接口的IP地址及路由协议

# 配置IRF A公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet1/3/0/1和GigabitEthernet2/3/0/1允许VLAN 10通过。

[IRFA] vlan 10

[IRFA-vlan10] quit

[IRFA] interface vlan-interface 10

[IRFA-Vlan-interface10] ip address 10.1.1.1 24

[IRFA-Vlan-interface10] undo shutdown

[IRFA-Vlan-interface10] quit

[IRFA] interface bridge-aggregation 1

[IRFA-Bridge-Aggregation1] link-aggregation mode dynamic

[IRFA-Bridge-Aggregation1] port access vlan 10

[IRFA-Bridge-Aggregation1] undo shutdown

[IRFA-Bridge-Aggregation1] quit

[IRFA] interface gigabitethernet 1/3/0/1

[IRFA-GigabitEthernet1/3/0/1] undo shutdown

[IRFA-GigabitEthernet1/3/0/1] port link-aggregation group 1

[IRFA-GigabitEthernet1/3/0/1] quit

[IRFA] interface gigabitethernet 2/3/0/1

[IRFA-GigabitEthernet2/3/0/1] undo shutdown

[IRFA-GigabitEthernet2/3/0/1] port link-aggregation group 1

[IRFA-GigabitEthernet2/3/0/1] quit

# 创建VLAN 1000。

[IRFA] vlan 1000

[IRFA-vlan1000] quit

# 创建连接公网的聚合组,编号为2,允许VLAN 1000通过。

[IRFA] interface bridge-aggregation 2

[IRFA-Bridge-Aggregation2] link-aggregation mode dynamic

[IRFA-Bridge-Aggregation2] port link-type trunk

[IRFA-Bridge-Aggregation2] port trunk permit vlan 1000

[IRFA-Bridge-Aggregation2] undo shutdown

[IRFA-Bridge-Aggregation2] quit

# 配置接口GigabitEthernet1/4/0/1和GigabitEthernet2/4/0/1加入聚合组2。

[IRFA] interface gigabitethernet 1/4/0/1

[IRFA-GigabitEthernet1/4/0/1] port link-aggregation group 2

[IRFA-GigabitEthernet1/4/0/1] undo shutdown

[IRFA-GigabitEthernet1/4/0/1] quit

[IRFA] interface gigabitethernet 2/4/0/1

[IRFA-GigabitEthernet2/4/0/1] port link-aggregation group 2

[IRFA-GigabitEthernet2/4/0/1] undo shutdown

[IRFA-GigabitEthernet2/4/0/1] quit

# 创建Loopback接口,作为EVI隧道的源接口。

[IRFA] interface loopback 0

[IRFA-LoopBack0] ip address 1.1.1.1 32

[IRFA-LoopBack0] quit

# 配置OSPF路由协议,发布公网路由。

[IRFA] ospf 1

[IRFA-ospf-1] area 0

[IRFA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[IRFA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[IRFA-ospf-1-area-0.0.0.0] quit

[IRFA-ospf-1] quit

(6)     配置EVI隧道

# 建立EVI隧道。

[IRFA] interface Tunnel 1 mode evi

# 配置Tunnel1接口的源端地址为LoopBack0。

[IRFA-Tunnel1] source loopback 0

# 配置Tunnel1接口的Network ID。

[IRFA-Tunnel1] evi network-id 1

# 使能Tunnel1接口的ENDS功能。

[IRFA-Tunnel1] evi neighbor-discovery server enable

# 配置Tunnel1接口的扩展VLAN

[IRFA-Tunnel1] evi extend-vlan 1000

# 配置ARP泛洪抑制功能,以减少EVI隧道中ARP泛洪的次数。

[IRFA-Tunnel1] evi arp-suppression enable

# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。

[IRFA-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

[IRFA-Tunnel1] quit

# 配置MAC地址表项的老化时间为30分钟。

[IRFA] mac-address timer aging 1800

# 在接入EVI网络的物理接口GigabitEthernet1/3/0/1GigabitEthernet2/3/0/1上开启EVI功能,同时关闭接口上的STP功能。

[IRFA] interface gigabitethernet 1/3/0/1

[IRFA-GigabitEthernet1/3/0/1] evi enable

[IRFA-GigabitEthernet1/3/0/1] undo stp enable

[IRFA-GigabitEthernet1/3/0/1] quit

[IRFA] interface gigabitethernet 2/3/0/1

[IRFA-GigabitEthernet2/3/0/1] evi enable

[IRFA-GigabitEthernet2/3/0/1] undo stp enable

[IRFA-GigabitEthernet2/3/0/1] quit

5.5.2  配置网关CE A

(1)     配置CE A上各接口的IP地址及路由协议

# 配置CE A的公网接口。

<CEA> system-view

[CEA] vlan 11

[CEA-vlan11] quit

[CEA] interface vlan-interface 11

[CEA-Vlan-interface11] ip address 11.1.1.1 24

[CEA-Vlan-interface11] undo shutdown

[CEA-Vlan-interface11] quit

[CEA] interface gigabitethernet 5/0/1

[CEA-GigabitEthernet5/0/1] port access vlan 11

[CEA-GigabitEthernet5/0/1] undo shutdown

[CEA-GigabitEthernet5/0/1] quit

# 配置OSPF路由协议,发布公网路由。

[CEA] ospf 1

[CEA-ospf-1] area 0

[CEA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[CEA-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255

[CEA-ospf-1-area-0.0.0.0] quit

[CEA-ospf-1] quit

# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。

[CEA] vlan 1000

[CEA-vlan1000] quit

[CEA] interface vlan-interface 1000

[CEA-Vlan-interface1000] ip address 100.0.0.1 24

[CEA-Vlan-interface1000] undo shutdown

[CEA-Vlan-interface1000] quit

# 配置CE A与IRF A相连的接口允许VLAN 1000通过。

[CEA] interface bridge-aggregation 2

[CEA-Bridge-Aggregation2] link-aggregation mode dynamic

[CEA-Bridge-Aggregation2] port link-type trunk

[CEA-Bridge-Aggregation2] port trunk permit vlan 1000

[CEA-Bridge-Aggregation2] quit

[CEA] interface gigabitethernet 4/0/1

[CEA-GigabitEthernet4/0/1] port link-aggregation group 2

[CEA-GigabitEthernet4/0/1] undo shutdown

[CEA-GigabitEthernet4/0/1] quit

[CEA] interface gigabitethernet 4/0/2

[CEA-GigabitEthernet4/0/2] port link-aggregation group 2

[CEA-GigabitEthernet4/0/2] undo shutdown

[CEA-GigabitEthernet4/0/2] quit

# 配置CE A与数据中心相连的接口允许VLAN 1000通过。

[CEA] interface gigabitethernet 7/0/1

[CEA-GigabitEthernet7/0/1] port link-type trunk

[CEA-GigabitEthernet7/0/1] port trunk permit vlan 1000

[CEA-GigabitEthernet7/0/1] undo shutdown

[CEA] quit

(2)     配置CE A加入VRRP备份组

# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。

[CEA] interface vlan-interface 1000

[CEA-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254

# 为使CE A成为Master,配置CE A在备份组中的优先级为110,高于CE B采用的缺省优先级100。

[CEA-Vlan-interface1000] vrrp vrid 1 priority 110

[CEA-Vlan-interface1000] quit

5.5.3  IRF B的配置

(1)     请参考图2进行物理连线,确保IRF物理链路连接正确

(2)     配置Switch B-1为IRF模式

# 配置Switch B-1的成员编号为1,创建IRF端口2,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。

<SwitchB-1> system-view

[SwitchB-1] irf member 1.

[SwitchB-1] irf-port 2

[SwitchB-1-irf-port2] port group interface ten-GigabitEthernet 2/0/1

[SwitchB-1-irf-port2] quit

[SwitchB-1] interface ten-GigabitEthernet 2/0/1

[SwitchB-1-Ten-GigabitEthernet2/0/1] undo shutdown

[SwitchB-1-Ten-GigabitEthernet2/0/1] quit

# 将当前配置保存到下次启动配置文件。

[SwitchB-1] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# 将设备的运行模式切换到IRF模式。

[SwitchB-1] chassis convert mode irf

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y

Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y

 Please wait...

 Saving the converted configuration file to the main board succeeded.

Slot 1:

 Saving the converted configuration file succeeded.

 Now rebooting, please wait...

Switch B-1重启后组成了只有一台成员设备的IRF。

(3)     配置Switch B-2为IRF模式

# 配置Switch B-2的成员编号为2,创建IRF端口1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。

<SwitchB-2> system-view

[SwitchB-2] irf member 2

[SwitchB-2] irf-port 1

[SwitchB-2-irf-port1] port group interface ten-GigabitEthernet 2/0/1

[SwitchB-2-irf-port1] quit

[SwitchB-2] interface ten-GigabitEthernet 2/0/1

[SwitchB-2-Ten-GigabitEthernet2/0/1] undo shutdown

[SwitchB-2-Ten-GigabitEthernet2/0/1] quit

# 将当前配置保存到下次启动配置文件。

[SwitchB-2] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# 将设备的运行模式切换到IRF模式。

[SwitchB-2] chassis convert mode irf

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y

Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y

 Please wait...

 Saving the converted configuration file to the main board succeeded.

Slot 1:

 Saving the converted configuration file succeeded.

 Now rebooting, please wait...

交换机Swtich B-2重启后与Switch B-1形成IRF B。

(4)     配置IRF B的BFD MAD检测

# 更改IRF B的系统名称为“IRFB”,并设置IRF B域编号为2。

<SwitchB-1> system-view

[SwitchB-1] sysname IRFB

[IRFB] irf domain 2

# 创建VLAN 3,并将Switch B-1上的端口GigabitEthernet1/3/0/2和Swtich B-2上的端口GigabitEthernet2/3/0/2加入VLAN中。

[IRFB] vlan 3

[IRFB-vlan3] port gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2

[IRFB-vlan3] quit

# 创建VLAN接口3,并配置MAD IP地址。

[IRFB] interface vlan-interface 3

[IRFB-Vlan-interface3] mad bfd enable

[IRFB-Vlan-interface3] mad ip address 192.168.2.1 24 member 1

[IRFB-Vlan-interface3] mad ip address 192.168.2.2 24 member 2

[IRFB-Vlan-interface3] undo shutdown

[IRFB-Vlan-interface3] quit

# 由于BFD MAD与STP功能互斥,需要关闭接口上的STP功能。

[IRFB] interface range gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2

[IRFB-if-range] undo stp enable

[IRFB-if-range] undo shutdown

[IRFB-if-range] quit

(5)     配置IRF B上各接口的IP地址及路由协议

# 配置IRF B公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet1/3/0/1和GigabitEthernet2/3/0/1允许VLAN 10通过。

[IRFB] vlan 10

[IRFB-vlan10] quit

[IRFB] interface vlan-interface 10

[IRFB-Vlan-interface10] ip address 10.1.2.1 24

[IRFB-Vlan-interface10] undo shutdown

[IRFB-Vlan-interface10] quit

[IRFB] interface bridge-aggregation 1

[IRFB-Bridge-Aggregation1] link-aggregation mode dynamic

[IRFB-Bridge-Aggregation1] port access vlan 10

[IRFB-Bridge-Aggregation1] undo shutdown

[IRFB-Bridge-Aggregation1] quit

[IRFB] interface gigabitethernet 1/3/0/1

[IRFB-GigabitEthernet1/3/0/1] undo shutdown

[IRFB-GigabitEthernet1/3/0/1] port link-aggregation group 1

[IRFB-GigabitEthernet1/3/0/1] quit

[IRFB] interface gigabitethernet 2/3/0/1

[IRFB-GigabitEthernet2/3/0/1] undo shutdown

[IRFB-GigabitEthernet2/3/0/1] port link-aggregation group 1

[IRFB-GigabitEthernet2/3/0/1] quit

# 创建VLAN 1000。

[IRFB] vlan 1000

[IRFB-vlan1000] quit

# 创建连接公网的聚合组,编号为2,允许VLAN 1000通过。

[IRFB] interface bridge-aggregation 2

[IRFB-Bridge-Aggregation2] link-aggregation mode dynamic

[IRFB-Bridge-Aggregation2] port link-type trunk

[IRFB-Bridge-Aggregation2] port trunk permit vlan 1000

[IRFB-Bridge-Aggregation2] undo shutdown

[IRFB-Bridge-Aggregation2] quit

# 配置接口GigabitEthernet1/4/0/1和GigabitEthernet2/4/0/1加入聚合组2。

[IRFB] interface gigabitethernet 1/4/0/1

[IRFB-GigabitEthernet1/4/0/1] port link-aggregation group 2

[IRFB-GigabitEthernet1/4/0/1] undo shutdown

[IRFB-GigabitEthernet1/4/0/1] quit

[IRFB] interface gigabitethernet 2/4/0/1

[IRFB-GigabitEthernet2/4/0/1] port link-aggregation group 2

[IRFB-GigabitEthernet2/4/0/1] undo shutdown

[IRFB-GigabitEthernet2/4/0/1] quit

# 创建Loopback接口,作为EVI隧道的源接口。

[IRFB] interface loopback 0

[IRFB-LoopBack0] ip address 2.2.2.2 32

[IRFB-LoopBack0] quit

# 配置OSPF路由协议,发布公网路由。

[IRFB] ospf 1

[IRFB-ospf-1] area 0

[IRFB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[IRFB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[IRFB-ospf-1-area-0.0.0.0] quit

[IRFB-ospf-1] quit

(6)     配置EVI隧道

# 建立EVI隧道。

[IRFB] interface Tunnel 1 mode evi

# 配置Tunnel1接口的源端地址为LoopBack0。

[IRFB-Tunnel1] source loopback 0

# 配置Tunnel1接口的Network ID。

[IRFB-Tunnel1] evi network-id 1

# 使能Tunnel1接口的ENDC功能,该ENDC对应的ENDSIRF A

[IRFB-Tunnel1] evi neighbor-discovery client enable 1.1.1.1

# 配置Tunnel1接口的扩展VLAN

[IRFB-Tunnel1] evi extend-vlan 1000

# 配置ARP泛洪抑制功能,以减少EVI隧道中ARP泛洪的次数。

[IRFB-Tunnel1] evi arp-suppression enable

# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。

[IRFB-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

[IRFB-Tunnel1] quit

# 配置MAC地址表项的老化时间为30分钟。

[IRFB] mac-address timer aging 1800

# 在接入EVI网络的物理接口GigabitEthernet1/3/0/1GigabitEthernet2/3/0/1上开启EVI功能,同时关闭接口上的STP功能。

[IRFB] interface gigabitethernet 1/3/0/1

[IRFB-GigabitEthernet1/3/0/1] evi enable

[IRFB-GigabitEthernet1/3/0/1] undo stp enable

[IRFB-GigabitEthernet1/3/0/1] quit

[IRFB] interface gigabitethernet 2/3/0/1

[IRFB-GigabitEthernet2/3/0/1] evi enable

[IRFB-GigabitEthernet2/3/0/1] undo stp enable

[IRFB-GigabitEthernet2/3/0/1] quit

5.5.4  配置网关CE B

(1)     配置CE B上各接口的IP地址及路由协议

# 配置CE B的公网接口。

<CEB> system-view

[CEB] vlan 11

[CEB-vlan11] quit

[CEB] interface vlan-interface 11

[CEB-Vlan-interface11] ip address 11.1.2.1 24

[CEB-Vlan-interface11] undo shutdown

[CEB-Vlan-interface11] quit

[CEB] interface gigabitethernet 5/0/1

[CEB-GigabitEthernet5/0/1] port access vlan 11

[CEB-GigabitEthernet5/0/1] undo shutdown

[CEB-GigabitEthernet5/0/1] quit

# 配置OSPF路由协议,发布公网路由。

[CEB] ospf 1

[CEB-ospf-1] area 0

[CEB-ospf-1-area-0.0.0.0] network 11.1.2.0 0.0.0.255

[CEB-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255

[CEB-ospf-1-area-0.0.0.0] quit

[CEB-ospf-1] quit

# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。

[CEB] vlan 1000

[CEB-vlan1000] quit

[CEB] interface vlan-interface 1000

[CEB-Vlan-interface1000] ip address 100.0.0.2 24

[CEB-Vlan-interface1000] undo shutdown

[CEB-Vlan-interface1000] quit

# 配置CE B与IRF B相连的接口允许VLAN 1000通过。

[CEB] interface bridge-aggregation 2

[CEB-Bridge-Aggregation2] link-aggregation mode dynamic

[CEB-Bridge-Aggregation2] port link-type trunk

[CEB-Bridge-Aggregation2] port trunk permit vlan 1000

[CEB-Bridge-Aggregation2] quit

[CEB] interface gigabitethernet 4/0/1

[CEB-GigabitEthernet4/0/1] port link-aggregation group 2

[CEB-GigabitEthernet4/0/1] undo shutdown

[CEB-GigabitEthernet4/0/1] quit

[CEB] interface gigabitethernet 4/0/2

[CEB-GigabitEthernet4/0/2] port link-aggregation group 2

[CEB-GigabitEthernet4/0/2] undo shutdown

[CEB-GigabitEthernet4/0/2] quit

# 配置CE B与数据中心相连的接口允许VLAN 1000通过。

[CEB] interface gigabitethernet 7/0/1

[CEB-GigabitEthernet7/0/1] port link-type trunk

[CEB-GigabitEthernet7/0/1] port trunk permit vlan 1000

[CEB-GigabitEthernet7/0/1] undo shutdown

[CEB] quit

(2)     配置CE B加入VRRP备份组

# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。

[CEB] interface vlan-interface 1000

[CEB-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254

[CEB-Vlan-interface1000] quit

5.6  验证配置

将Site 1中的某台服务器(IP地址为100.0.0.100,网关地址为100.0.0.254)迁移至Site 2中,从外网ping这台服务器(IP地址不变),仍然可以ping通。

C:\>ping 100.0.0.100

 

Pinging 100.0.0.100 with 32 bytes of data:

 

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

Reply from 100.0.0.100: bytes=32 time=37ms TTL=128

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

 

Ping statistics for 100.0.0.100:

    Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

    Minimum = 1ms, Maximum = 37ms, Average = 10ms

 

C:\>

 

5.7  配置文件

·     IRF A:

#

 sysname IRFA

#

 mac-address timer aging 1800

#

vlan 1

#

vlan 3

#

vlan 10

#

vlan 1000

#

irf-port 1/2

 port group mdc 1 interface Ten-GigabitEthernet1/2/0/1

#

irf-port 2/1

 port group mdc 1 interface Ten-GigabitEthernet2/2/0/1

#

interface Bridge-Aggregation1

 port access vlan 10

 link-aggregation mode dynamic

#

interface Bridge-Aggregation2

 port link-type trunk

 port trunk permit vlan 1 1000

 link-aggregation mode dynamic

#

interface LoopBack0

 ip address 1.1.1.1 255.255.255.255

#

interface Vlan-interface3

 mad bfd enable

 mad ip address 192.168.2.1 255.255.255.0 member 1

 mad ip address 192.168.2.2 255.255.255.0 member 2

#

interface Vlan-interface10

 ip address 10.1.1.1 255.255.255.0

#

interface GigabitEthernet1/3/0/1

 port link-mode bridge

 port access vlan 10

 undo stp enable

 evi enable

 port link-aggregation group 1

#

interface GigabitEthernet2/3/0/1

 port link-mode bridge

 port access vlan 10

 undo stp enable

 evi enable

 port link-aggregation group 1

#

interface GigabitEthernet1/3/0/2

 port link-mode bridge

 port access vlan 3

 undo stp enable

#

interface GigabitEthernet2/3/0/2

 port link-mode bridge

 port access vlan 3

 undo stp enable

#

interface GigabitEthernet1/4/0/1

 port link-mode bridge

 port link-aggregation group 2

#

interface GigabitEthernet2/4/0/1

 port link-mode bridge

 port link-aggregation group 2

#

interface Ten-GigabitEthernet1/2/0/1

#

interface Tunnel1 mode evi

 evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

 evi arp-suppression enable

 evi extend-vlan 1000

 source LoopBack0

 evi network-id 1

 evi neighbor-discovery server enable

#

ospf 1

 area 0.0.0.0

  network 1.1.1.1 0.0.0.0

  network 10.1.1.0 0.0.0.255

#

return

·     CE A:

#

 sysname CEA

#

vlan 1

#

vlan 11

#

vlan 1000

#

interface Bridge-Aggregation2

 port link-type trunk

 port trunk permit vlan 1 1000

 link-aggregation mode dynamic

#

interface Vlan-interface11

 ip address 11.1.1.1 255.255.255.0

#

interface Vlan-interface1000

 ip address 100.0.0.1 255.255.255.0

 vrrp vrid 1 virtual-ip 100.0.0.254

 vrrp vrid 1 priority 110

#

interface GigabitEthernet4/0/1

 port link-mode bridge

 port link-aggregation group 2

#

interface GigabitEthernet4/0/2

 port link-mode bridge

 port link-aggregation group 2

#

interface GigabitEthernet5/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet7/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

ospf 1

 area 0.0.0.0

  network 11.1.1.0 0.0.0.255

  network 100.0.0.0 0.0.0.255

#

return

·     IRF B:

#

 sysname IRFB

#

 mac-address timer aging 1800

#

vlan 1

#

vlan 3

#

vlan 10

#

vlan 1000

#

irf-port 1/2

 port group mdc 1 interface Ten-GigabitEthernet1/2/0/1

#

irf-port 2/1

 port group mdc 1 interface Ten-GigabitEthernet2/2/0/1

#

interface Bridge-Aggregation1

 port access vlan 10

 link-aggregation mode dynamic

#

interface Bridge-Aggregation2

 port link-type trunk

 port trunk permit vlan 1 1000

 link-aggregation mode dynamic

#

interface LoopBack0

 ip address 2.2.2.2 255.255.255.255

#

interface Vlan-interface3

 mad bfd enable

 mad ip address 192.168.2.1 255.255.255.0 member 1

 mad ip address 192.168.2.2 255.255.255.0 member 2

#

interface Vlan-interface10

 ip address 10.1.2.1 255.255.255.0

#

interface GigabitEthernet1/3/0/1

 port link-mode bridge

 port access vlan 10

 undo stp enable

 evi enable

 port link-aggregation group 1

#

interface GigabitEthernet2/3/0/1

 port link-mode bridge

 port access vlan 10

 undo stp enable

 evi enable

 port link-aggregation group 1

#

interface GigabitEthernet1/3/0/2

 port link-mode bridge

 port access vlan 3

 undo stp enable

#

interface GigabitEthernet2/3/0/2

 port link-mode bridge

 port access vlan 3

 undo stp enable

#

interface GigabitEthernet1/4/0/1

 port link-mode bridge

 port link-aggregation group 2

#

interface GigabitEthernet2/4/0/1

 port link-mode bridge

 port link-aggregation group 2

#

interface Ten-GigabitEthernet1/2/0/1

#

interface Tunnel1 mode evi

 evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

 evi arp-suppression enable

 evi extend-vlan 1000

 source LoopBack0

 evi network-id 1

 evi neighbor-discovery client enable 1.1.1.1

#

ospf 1

 area 0.0.0.0

  network 2.2.2.2 0.0.0.0

  network 10.1.2.0 0.0.0.255

#

return

·     CE B:

#

 sysname CEB

#

vlan 1

#

vlan 11

#

vlan 1000

#

 stp global enable

#

interface Bridge-Aggregation2

 port link-type trunk

 port trunk permit vlan 1 1000

 link-aggregation mode dynamic

#

interface Vlan-interface11

 ip address 11.1.2.1 255.255.255.0

#

interface Vlan-interface1000

 ip address 100.0.0.2 255.255.255.0

 vrrp vrid 1 virtual-ip 100.0.0.254

#

interface GigabitEthernet4/0/1

 port link-mode bridge

 port link-aggregation group 2

#

interface GigabitEthernet4/0/2

 port link-mode bridge

 port link-aggregation group 2

#

interface GigabitEthernet5/0/1

 port link-mode bridge

 port access vlan 11

#

interface GigabitEthernet7/0/1

 port link-mode bridge

 port link-type trunk

 port trunk permit vlan 1 1000

#

ospf 1

 area 0.0.0.0

  network 11.1.2.0 0.0.0.255

  network 100.0.0.0 0.0.0.255

#

return

6  相关资料

·     H3C S12500系列路由交换机 EVI配置指导-Release 7328

·     H3C S12500系列路由交换机 EVI命令参考-Release 7328

·     H3C S12500系列路由交换机 虚拟化技术配置指导-Release 7328

·     H3C S12500系列路由交换机 虚拟化技术命令参考-Release 7328

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

新华三官网
联系我们