- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
29-H3C VSR1000虚拟路由器EVI典型配置举例
本章节下载: 29-H3C VSR1000虚拟路由器EVI典型配置举例 (288.11 KB)
H3C VSR1000虚拟路由器EVI典型配置举例
|
Copyright © 2014 杭州华三通信技术有限公司 版权所有,保留一切权利。 非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部, 并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。 |
|
目 录
本文档介绍单归属EVI、EVI多实例和EVI网关(GW)与边缘设备(ED)共存的典型配置举例。
EVI(Ethernet Virtualization Interconnect,以太网虚拟化互联)是一种基于“MAC in IP”的二层VPN技术,它可以基于现有服务提供商或企业的IP网络,为分散的物理站点提供二层互联功能。虚拟机能在不同站点之间自由迁移。
本文档不严格与具体软件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解EVI特性。
· 如果是VMware虚拟平台上安装的VSR,请将VSR GE2/0所连接的虚拟交换机端口组的混杂模式打开并配置VLAN为4095(允许所有VLAN),防止虚拟交换机过滤报文。如果是KVM平台,GE2/0使用Bridge方式即可。
· 如果VSR使用ESS 0301以及之后的版本,请在使用EVI特性前,安装Comware V7, Data Center Interconnection的Feature License。如果不安装license,会有部分EVI命令不可配置。
· VSR的VF网卡暂时不支持EVI特性,请考虑在其他虚拟网卡类型进行验证。
· 同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;
· 同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;
· 不同的EVI网络实例不能使用相同的扩展VLAN。
· 不能使用Vlan-interface1作为EVI边缘设备的公网接口;
· EVI扩展VLAN的VLAN接口不支持作为公网出接口。
如果在动态MAC地址表项老化时间内本地EVI边缘设备没有接收到对端数据中心的报文,那么本地EVI边缘设备上的动态MAC地址表项不会主动触发学习更新,直到该表项老化被删除。此时,发给对端数据中心的报文会因为在本地EVI边缘设备的MAC地址表中找不到对应表项而被丢弃,造成流量黑洞。只有当EVI边缘设备学习ARP表项时才能同时触发更新动态MAC地址表项。
为了避免流量黑洞的产生,需要配置MAC地址表项老化时间不小于动态ARP表项老化时间。缺省情况下,VSR的动态ARP表项老化时间为20分钟,动态MAC地址表项老化时间为5分钟。因此,建议您修改动态MAC地址表项的老化时间为30分钟。
· Router A、Router B、Router C分别为Site 1、Site 2、Site 3的边缘设备,各站点间通过IP网络互连。
· 为了使虚拟机在站点之间进行迁移时用户的访问流量不中断,通过EVI技术实现站点间的二层互联。Router A、Router B、Router C属于同一EVI网络实例,其对应的Network ID为1,扩展VLAN为VLAN 21~VLAN 100。Router A为ENDS,Router B和Router C为ENDC。
· 某业务在站点Site 1和Site 2使用的VLAN不一致,分别为VLAN 80和VLAN 21,通过配置VLAN映射功能实现该业务的跨站点互通。
· 通过绑定路由策略使得Router A只向其它站点发布VLAN 21~VLAN 90的MAC地址信息。
图1 单归属EVI网络组网图
本举例是在E0301版本上进行配置和验证的。
下面仅给出EVI相关的配置步骤。除此之外,在各站点间还要配置路由协议使之互通,配置步骤略。
# 配置站点ID。
[RouterA] evi site-id 1
# 创建VLAN 21~100。
[RouterA] vlan 21 to 100
# 将接口GigabitEthernet2/0切换为二层接口,配置端口为Trunk端口,并允许VLAN 21~100通过。
[RouterA] interface gigabitethernet 2/0
[RouterA-GigabitEthernet2/0] port link-mode bridge
[RouterA-GigabitEthernet2/0] port link-type trunk
[RouterA-GigabitEthernet2/0] port trunk permit vlan 21 to 100
[RouterA-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterA] interface gigabitethernet3/0
[RouterA-GigabitEthernet3/0] ip address 1.1.1.1 24
[RouterA-GigabitEthernet3/0] quit
# 创建模式为IPv4 EVI隧道的接口Tunnel0。
[RouterA] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址为GigabitEthernet3/0的IP地址。
[RouterA-Tunnel0] source 1.1.1.1
# 配置Tunnel0接口的keepalive探测周期和重试次数。
[RouterA-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterA-Tunnel0] evi network-id 1
# 配置Tunnel0接口的扩展VLAN。
[RouterA-Tunnel0] evi extend-vlan 21 to 100
# 使能Tunnel0接口的ENDS功能。
[RouterA-Tunnel0] evi neighbor-discovery server enable
# 配置Tunnel0接口的VLAN 80与站点2的VLAN 21进行映射。
[RouterA-Tunnel0] evi vlan-mapping 80 translated 21 site 2
[RouterA-Tunnel0] quit
# 配置EVI IS-IS进程绑定路由策略EVI-Filter,允许VLAN 21~VLAN 90的MAC地址信息发布。
[RouterA] route-policy EVI-Filter permit node 10
[RouterA-route-policy-EVI-Filter-10] if-match vlan 21 to 90
[RouterA-route-policy-EVI-Filter-10] quit
[RouterA] evi-isis 0
[RouterA-evi-isis-0] filter-policy EVI-Filter
[RouterA-evi-isis-0] quit
# 配置站点ID。
[RouterB] evi site-id 2
# 创建VLAN 21~100。
[RouterB] vlan 21 to 100
# 将接口GigabitEthernet2/0切换为二层接口,配置端口为Trunk端口,并允许VLAN 21~100通过。
[RouterB] interface gigabitethernet 2/0
[RouterB-GigabitEthernet2/0] port link-mode bridge
[RouterB-GigabitEthernet2/0] port link-type trunk
[RouterB-GigabitEthernet2/0] port trunk permit vlan 21 to 100
[RouterB-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterB] interface gigabitethernet3/0
[RouterB-GigabitEthernet3/0] ip address 1.1.2.1 24
[RouterB-GigabitEthernet3/0] quit
# 创建模式为IPv4 EVI隧道的接口Tunnel0。
[RouterB] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址为GigabitEthernet3/0的IP地址。
[RouterB-Tunnel0] source 1.1.2.1
# 配置Tunnel0接口的keepalive探测周期和重试次数。
[RouterB-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterB-Tunnel0] evi network-id 1
# 配置Tunnel0接口的扩展VLAN。
[RouterB-Tunnel0] evi extend-vlan 21 to 100
# 使能Tunnel0接口的ENDC功能,该ENDC对应的ENDS为Router A。
[RouterB-Tunnel0] evi neighbor-discovery client enable 1.1.1.1
# 配置Tunnel0接口的VLAN 21与站点1的VLAN 80进行映射。
[RouterB-Tunnel0] evi vlan-mapping 21 translated 80 site 1
[RouterB-Tunnel0] quit
# 配置站点ID。
[RouterC] evi site-id 3
# 创建VLAN 21~100。
[RouterC] vlan 21 to 100
# 将接口GigabitEthernet2/0切换为二层接口,配置端口为Trunk端口,并允许VLAN 21~100通过。
[RouterC] interface gigabitethernet 2/0
[RouterC-GigabitEthernet2/0] port link-mode bridge
[RouterC-GigabitEthernet2/0] port link-type trunk
[RouterC-GigabitEthernet2/0] port trunk permit vlan 21 to 100
[RouterC-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterC] interface gigabitethernet 3/0
[RouterC-GigabitEthernet3/0] ip address 1.1.3.1 24
[RouterC-GigabitEthernet3/0] quit
# 创建模式为IPv4 EVI隧道的接口Tunnel0。
[RouterC] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址为GigabitEthernet3/0的IP地址。
[RouterC-Tunnel0] source 1.1.3.1
# 配置Tunnel0接口的keepalive探测周期和重试次数。
[RouterC-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterC-Tunnel0] evi network-id 1
# 配置Tunnel0接口的扩展VLAN。
[RouterC-Tunnel0] evi extend-vlan 21 to 100
# 使能Tunnel0接口的ENDC功能,该ENDC对应的ENDS为Router A。
[RouterC-Tunnel0] evi neighbor-discovery client enable 1.1.1.1
[RouterC-Tunnel0] quit
# 查看Router A上的EVI Tunnel的接口信息。
[RouterA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.1.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router A上的EVI-Link的接口信息。
[RouterA] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.1.1 1.1.2.1
EVI-Link1 UP 1.1.1.1 1.1.3.1
# 查看Router A上的ENDS的运行信息。
[RouterA] display evi neighbor-discovery server summary
Interface Local Address Network ID Auth Members
Tunnel0 1.1.1.1 1 disabled 3
# 查看Router A上的ENDC的运行信息。
[RouterA] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.1.1 1.1.1.1 1 15 disabled E
# 查看Router A上ENDS学到的成员信息。
[RouterA] display evi neighbor-discovery server member
Interface: Tunnel0 Network ID: 1
IP Address: 1.1.1.1
Client Address System ID Expire Created Time
1.1.1.1 000F-0001-0001 25 2014/01/01 00:00:43
1.1.2.1 000F-0001-0002 15 2014/01/01 01:00:46
1.1.3.1 000F-0001-0003 20 2014/01/01 01:02:13
# 查看Router A上ENDC学到的邻居信息。
[RouterA] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.1.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.2.1 000F-0001-0002 2014/01/01 12:12:12 13 Up
1.1.3.1 000F-0001-0003 2014/01/01 12:12:12 12 Up
# 查看Router A上的VLAN映射信息。
[RouterA] display evi vlan-mapping
VLAN mappings for EVI IS-IS(0)
Local-VID Peer-ID Remote-VID Interface Remote-site
80 000F.0001.0002 21 EVI-Link0 2
# 查看Router A上的本地动态MAC地址信息,VLAN 100的MAC地址已被路由策略过滤。
[RouterA] display evi isis local-mac dynamic
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 100
MAC address: 0001-0100-0001 (Filtered)
MAC address: 0001-0100-0002 (Filtered)
MAC address: 0001-0100-0003 (Filtered)
VLAN ID: 80
MAC address: 0001-0080-0001
MAC address: 0001-0080-0002
MAC address: 0001-0080-0003
# 查看Router A上的远端MAC地址信息,Router B上VLAN 100的MAC地址未经过路由策略过滤,Router A可以收到Router B上VLAN 100的远端MAC地址信息;Router B上VLAN 21的远端MAC地址已被VLAN映射为本地VLAN 80的MAC地址。
[RouterA] display evi isis remote-mac
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 80
MAC address: 0002-0021-0001
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0021-0002
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0021-0003
Interface: EVI-Link0
Flags: 0x2
VLAN ID: 100
MAC address: 0002-0100-0001
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0100-0002
Interface: EVI-Link0
Flags: 0x2
MAC address: 0002-0100-0003
Interface: EVI-Link0
Flags: 0x2
# 查看Router B上的EVI Tunnel的接口信息。
[RouterB] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.2.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router B上的EVI-Link的接口信息。
[RouterB] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.2.1 1.1.1.1
EVI-Link1 UP 1.1.2.1 1.1.3.1
# 查看Router B上的ENDC的运行信息。
[RouterB] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.2.1 1.1.1.1 1 15 disabled E
# 查看Router B上ENDC学到的邻居信息。
[RouterB] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.2.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.1.1 000F-0001-0001 2014/01/01 12:12:12 13 Up
1.1.3.1 000F-0001-0003 2014/01/01 12:12:12 13 Up
# 查看Router B上的VLAN映射信息。
[RouterB] display evi vlan-mapping
VLAN mappings for EVI IS-IS(0)
Local-VID Peer-ID Remote-VID Interface Remote-site
21 000F.0001.0001 80 EVI-Link0 1
# 查看Router B上的本地动态MAC地址信息,VLAN 100的MAC地址未被路由策略过滤。
[RouterB] display evi isis local-mac dynamic
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 100
MAC address: 0002-0100-0001
MAC address: 0002-0100-0002
MAC address: 0002-0100-0003
VLAN ID: 21
MAC address: 0002-0021-0001
MAC address: 0002-0021-0002
MAC address: 0002-0021-0003
# 查看Router B上的远端MAC地址信息,Router A上VLAN 100的MAC地址信息已被路由策略过滤而不发布,Router B未收到Router A上VLAN 100的远端MAC地址信息;Router A上 VLAN 80的远端MAC地址已被VLAN映射为本地VLAN 21的MAC地址。
[RouterB] display evi isis remote-mac
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 21
MAC address: 0001-0080-0001
Interface: EVI-Link0
Flags: 0x2
MAC address: 0001-0080-0002
Interface: EVI-Link0
Flags: 0x2
MAC address: 0001-0080-0003
Interface: EVI-Link0
Flags: 0x2
# 查看Router C上的EVI Tunnel的接口信息。
[RouterC] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.3.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router C上的EVI-Link的接口信息。
[RouterC] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.3.1 1.1.1.1
EVI-Link1 UP 1.1.3.1 1.1.2.1
# 查看Router C上的ENDC的运行信息。
[RouterC] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.3.1 1.1.1.1 1 15 disabled E
# 查看Router C上ENDC学到的邻居信息。
[RouterC] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.3.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.1.1 000F-0001-0001 2014/01/01 12:12:12 13 Up
1.1.2.1 000F-0000-0002 2014/01/01 12:12:12 13 Up
# 查看Router C上的远端MAC地址信息,Router A上VLAN 100的MAC地址信息已被路由策略过滤,Router C未收到Router A上VLAN 100的远端MAC地址信息,Router B上VLAN 100的MAC地址未经过路由策略过滤,Router C可以收到Router B上VLAN 100的远端MAC地址信息;Router A上VLAN 80的远端MAC地址和Router B上VLAN 21的远端MAC地址在Router C上未经过VLAN映射。
[RouterC] display evi isis remote-mac
Process ID: 0
Tunnel interface: Tunnel0
VLAN ID: 21
MAC address: 0002-0021-0001
Interface: EVI-Link1
Flags: 0x0
MAC address: 0002-0021-0002
Interface: EVI-Link1
Flags: 0x0
MAC address: 0002-0021-0003
Interface: EVI-Link1
Flags: 0x0
VLAN ID: 80
MAC address: 0001-0080-0001
Interface: EVI-Link0
Flags: 0x0
MAC address: 0001-0080-0002
Interface: EVI-Link0
Flags: 0x0
MAC address: 0001-0080-0003
Interface: EVI-Link0
Flags: 0x0
VLAN ID: 100
MAC address: 0002-0100-0001
Interface: EVI-Link1
Flags: 0x2
MAC address: 0002-0100-0002
Interface: EVI-Link1
Flags: 0x2
MAC address: 0002-0100-0003
Interface: EVI-Link1
Flags: 0x2
Site 1、Site 2、Site 3内的用户主机之间可以相互ping通。
· Router A:
#
vlan 21 to 100
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.1.1 255.255.255.0
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 21 to 100
#
interface Tunnel0 mode evi
evi extend-vlan 21 to 100
evi vlan-mapping 80 translated 21 site 2
source 1.1.1.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery server enable
#
route-policy EVI-Filter permit node 10
if-match vlan 21 to 90
#
evi-isis 0
filter-policy EVI-Filter
#
evi site-id 1
#
· Router B :
#
vlan 21 to 100
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.2.1 255.255.255.0
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 21 to 100
#
interface Tunnel0 mode evi
evi extend-vlan 21 to 100
evi vlan-mapping 21 translated 80 site 1
source 1.1.2.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
evi site-id 2
#
· Router C :
#
vlan 21 to 100
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.3.1 255.255.255.0
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 21 to 100
#
interface Tunnel0 mode evi
evi extend-vlan 21 to 100
source 1.1.3.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
evi site-id 3
#
如图2所示,五个站点之间形成三个EVI网络实例,不同的EVI网络实例实现部署了不同业务的VLAN在不同站点之间的扩展:
· EVI网络实例1承载VLAN 100和VLAN 101的数据库业务,需要扩展的站点为Site 2、Site 3、Site 4。
· EVI网络实例2承载VLAN 4000的网管流量,需要扩展的站点为Site 1、Site 2、Site 3、Site 4、Site 5。
· EVI网络实例3承载VLAN 50~VLAN 80的Web业务,需要扩展的站点为Site 1和Site 4。
在所有EVI网络实例中,站点Site 4的边缘设备作为ENDS,其它站点的边缘设备作为ENDC。
图2 EVI多实例组网图
本举例是在E0301版本上进行配置和验证的。
下面仅给出EVI相关的配置步骤。除此之外,在各站点间还要配置路由协议使之互通,配置步骤略。
# 配置站点ID。
[Site4] evi site-id 4
# 创建Site 4的 VLAN。
[Site4] vlan 100 to 101
[Site4] vlan 50 to 80
[Site4] vlan 4000
[Site4-vlan4000] quit
# 将接口GigabitEthernet2/0切换为二层接口,配置端口为Trunk端口,并允许VLAN 100~101、4000、50~80通过。
[Site4] interface gigabitethernet 2/0
[Site4-GigabitEthernet2/0] port link-mode bridge
[Site4-GigabitEthernet2/0] port link-type trunk
[Site4-GigabitEthernet2/0] port trunk permit vlan 100 to 101
[Site4-GigabitEthernet2/0] port trunk permit vlan 4000
[Site4-GigabitEthernet2/0] port trunk permit vlan 50 to 80
[Site4-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[Site4] interface gigabitethernet 3/0
[Site4-GigabitEthernet3/0] ip address 172.16.4.1 16
[Site4-GigabitEthernet3/0] quit
# 配置数据库业务实例。
[Site4] interface tunnel 101 mode evi
[Site4-Tunnel101] source 172.16.4.1
[Site4-Tunnel101] evi network-id 1
[Site4-Tunnel101] evi extend-vlan 100 101
[Site4-Tunnel101] evi neighbor-discovery server enable
[Site4-Tunnel101] quit
# 配置网管实例。
[Site4] interface tunnel 102 mode evi
[Site4-Tunnel102] source 172.16.4.1
[Site4-Tunnel102] evi network-id 2
[Site4-Tunnel102] evi extend-vlan 4000
[Site4-Tunnel102] evi neighbor-discovery server enable
[Site4-Tunnel102] quit
# 配置Web业务实例。
[Site4] interface tunnel 103 mode evi
[Site4-Tunnel103] source 172.16.4.1
[Site4-Tunnel103] evi network-id 3
[Site4-Tunnel103] evi extend-vlan 50 to 80
[Site4-Tunnel103] evi neighbor-discovery server enable
[Site4-Tunnel103] quit
其它Site作为ENDC,配置内容类似,在此不一一赘述。下面仅给出Site 1上的配置:
# 配置站点ID。
[Site1] evi site-id 1
# 创建Site 1的 VLAN。
[Site1] vlan 50 to 80
[Site1] vlan 4000
[Site1-vlan4000] quit
# 将接口GigabitEthernet2/0切换为二层接口,配置端口为Trunk端口,并允许VLAN 4000、50~80通过。
[Site1] interface gigabitethernet 2/0
[Site1-GigabitEthernet2/0] port link-mode bridge
[Site1-GigabitEthernet2/0] port link-type trunk
[Site1-GigabitEthernet2/0] port trunk permit vlan 4000
[Site1-GigabitEthernet2/0] port trunk permit vlan 50 to 80
[Site1-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[Site1] interface gigabitethernet3/0
[Site1-GigabitEthernet3/0] ip address 172.16.1.1 16
[Site1-GigabitEthernet3/0] quit
# 配置网管实例。
[Site1] interface tunnel 102 mode evi
[Site1-Tunnel102] source 172.16.1.1
[Site1-Tunnel102] evi network-id 2
[Site1-Tunnel102] evi extend-vlan 4000
[Site1-Tunnel102] evi neighbor-discovery client enable 172.16.4.1
[Site1-Tunnel102] quit
# 配置Web业务实例。
[Site1] interface tunnel 103 mode evi
[Site1-Tunnel103] source 172.16.1.1
[Site1-Tunnel103] evi network-id 3
[Site1-Tunnel103] evi extend-vlan 50 to 80
[Site1-Tunnel103] evi neighbor-discovery client enable 172.16.4.1
[Site1-Tunnel103] quit
# 显示Site 4上ENDS学到的所有成员信息。
[Site4] display evi neighbor-discovery server member
Interface: Tunnel101 Network ID: 1
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.2.1 000F-0001-0002 25 2014/01/01 00:00:43
172.16.3.1 000F-0001-0003 15 2014/01/01 01:00:46
172.16.4.1 000F-0001-0004 20 2014/01/01 01:02:13
Interface: Tunnel102 Network ID: 2
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.1.1 000F-0001-0001 19 2014/01/01 00:19:31
172.16.2.1 000F-0001-0002 25 2014/01/01 00:00:43
172.16.3.1 000F-0001-0003 15 2014/01/01 01:00:46
172.16.4.1 000F-0001-0004 20 2014/01/01 01:02:13
172.16.5.1 000F-0001-0005 18 2014/01/01 01:04:32
Interface: Tunnel103 Network ID: 3
IP Address: 172.16.4.1
Client Address System ID Expire Created Time
172.16.1.1 000F-0001-0001 19 2014/01/01 00:19:31
172.16.4.1 000F-0001-0004 20 2014/01/01 01:02:13
· Site 4:
#
vlan 50 to 80
#
vlan 100 to 101
#
vlan 4000
#
interface GigabitEthernet3/0
port link-mode route
ip address 172.16.4.1 255.255.0.0
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 50 to 80 100 to 101 4000
#
interface Tunnel101 mode evi
evi extend-vlan 100 to 101
source 172.16.4.1
evi network-id 1
evi neighbor-discovery server enable
#
interface Tunnel102 mode evi
evi extend-vlan 4000
source 172.16.4.1
evi network-id 2
evi neighbor-discovery server enable
#
interface Tunnel103 mode evi
evi extend-vlan 50 to 80
source 172.16.4.1
evi network-id 3
evi neighbor-discovery server enable
#
evi site-id 4
#
· 其它Site:
其它Site作为ENDC,配置文件类似,在此不一一赘述。下面仅给出Site 1的配置文件:
#
vlan 50 to 80
#
vlan 4000
#
interface GigabitEthernet3/0
port link-mode route
ip address 172.16.1.1 255.255.0.0
evi enable
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 50 to 80 4000
#
interface Tunnel102 mode evi
evi extend-vlan 4000
source 172.16.1.1
evi network-id 2
evi neighbor-discovery client enable 172.16.4.1
#
interface Tunnel103 mode evi
evi extend-vlan 50 to 80
source 172.16.1.1
evi network-id 3
evi neighbor-discovery client enable 172.16.4.1
#
evi site-id 1
#
如图3所示,两个站点之间形成1个EVI网络实例:
· Router A、Router B分别为Site 1、Site 2的边缘设备,两个站点间通过IP网络互连,两个站点之间VLAN 101的业务流量通过运营商网络的三层IP网络实现二层互通;
· RouterA做为Site1的网关、RouterB做为Site2的网关,Site1或Site2中的用户可以通过该网关访问Internet。
图3 EVI网关(GW)与边缘设备(ED)共存组网图
· 为实现两个数据中心之间VLAN 101的二层互通,需要在Router A和Router B之间建立EVI网络,并将VLAN 101配置成扩展VLAN;
· 为实现当数据业务和服务器在迁移过程中无需修改网关地址,需要将Router A和Router B加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;
· RouterA和RouterB上分别做nat配置,使得站点内的用户可以访问Internet。
本举例是在E0301版本上进行配置和验证的。
下面仅给出EVI以及网关部分相关的配置步骤。除此之外,在各站点间还要配置路由协议使之互通,配置步骤略。
# 配置站点ID。
<RouterA> system-view
[RouterA] evi site-id 1
# 创建VLAN 101。
[RouterA] vlan 101
[RouterA-vlan101] quit
# 将接口GigabitEthernet2/0切换为二层接口,配置端口为Trunk端口,并允许VLAN 101通过。
[RouterA] interface gigabitethernet 2/0
[RouterA-GigabitEthernet2/0] port link-mode bridge
[RouterA-GigabitEthernet2/0] port link-type trunk
[RouterA-GigabitEthernet2/0] port trunk permit vlan 101
[RouterA-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterA] interface gigabitethernet3/0
[RouterA-GigabitEthernet3/0] ip address 1.1.1.1 24
[RouterA-GigabitEthernet3/0] quit
# 创建模式为IPv4 EVI隧道的接口Tunnel0。
[RouterA] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址为GigabitEthernet3/0的IP地址。
[RouterA-Tunnel0] source 1.1.1.1
# 配置Tunnel0接口的keepalive探测周期和重试次数。
[RouterA-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterA-Tunnel0] evi network-id 1
# 配置Tunnel0接口的扩展VLAN。
[RouterA-Tunnel0] evi extend-vlan 101
# 使能Tunnel0接口的ENDS功能。
[RouterA-Tunnel0] evi neighbor-discovery server enable
[RouterA-Tunnel0] quit
# 配置接口Vlan-interface101的IP地址。
[RouterA] interface vlan-interface 101
[RouterA-Vlan-interface101] ip address 100.0.0.1 24
#创建VRRP组101,配置VRRP备份组101的虚拟IP地址为100.0.0.254。
[RouterA-Vlan-interface101] vrrp vrid 101 virtual-ip 100.0.0.254
[RouterA-Vlan-interface101] quit
#在Tunnel0接口的源端口GigabitEthernet3/0配置地址转换。
[RouterA] interface gigabitethernet3/0
[RouterA-GigabitEthernet3/0] nat outbound
[RouterA-GigabitEthernet3/0] quit
# 配置站点ID。
<RouterB> system-view
[RouterB] evi site-id 2
# 创建VLAN 101。
[RouterB] vlan 101
[RouterB-vlan101] quit
# 将接口GigabitEthernet2/0切换为二层接口,配置端口为Trunk端口,并允许VLAN 101通过。
[RouterB] interface gigabitethernet 2/0
[RouterB-GigabitEthernet2/0] port link-mode bridge
[RouterB-GigabitEthernet2/0] port link-type trunk
[RouterB-GigabitEthernet2/0] port trunk permit vlan 101
[RouterB-GigabitEthernet2/0] quit
# 配置接口GigabitEthernet3/0的IP地址。
[RouterB] interface gigabitethernet3/0
[RouterB-GigabitEthernet3/0] ip address 1.1.2.1 24
[RouterB-GigabitEthernet3/0] quit
# 创建模式为IPv4 EVI隧道的接口Tunnel0。
[RouterB] interface tunnel 0 mode evi
# 配置Tunnel0接口的源端地址为GigabitEthernet3/0的IP地址。
[RouterB-Tunnel0] source 1.1.2.1
# 配置Tunnel0接口的keepalive探测周期和重试次数。
[RouterB-Tunnel0] keepalive 20 2
# 配置Tunnel0接口的Network ID。
[RouterB-Tunnel0] evi network-id 1
# 配置Tunnel0接口的扩展VLAN。
[RouterB-Tunnel0] evi extend-vlan 101
# 使能Tunnel0接口的ENDC功能,该ENDC对应的ENDS为Router A。
[RouterB-Tunnel0] evi neighbor-discovery client enable 1.1.1.1
[RouterB-Tunnel0] quit
# 配置接口Vlan-interface101的IP地址。
[RouterB] interface vlan-interface 101
[RouterB-Vlan-interface101] ip address 100.0.0.2 24
# 创建VRRP组101,配置VRRP备份组101的虚拟IP地址为100.0.0.254。
[RouterB-Vlan-interface101] vrrp vrid 101 virtual-ip 100.0.0.254
[RouterB-Vlan-interface101] quit
# 在Tunnel0接口的源端口GigabitEthernet3/0配置地址转换。
[RouterB] interface gigabitethernet3/0
[RouterB-GigabitEthernet3/0] nat outbound
[RouterB-GigabitEthernet3/0] quit
(1) 验证Router A
# 查看Router A上的EVI Tunnel的接口信息。
[RouterA] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.1.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router A上的EVI-Link的接口信息。
[RouterA] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.1.1 1.1.2.1
# 查看Router A上的ENDS的运行信息。
[RouterA] display evi neighbor-discovery server summary
Interface Local Address Network ID Auth Members
Tunnel0 1.1.1.1 1 disabled 2
# 查看Router A上的ENDC的运行信息。
[RouterA] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.1.1 1.1.1.1 1 15 disabled E
# 查看Router A上ENDS学到的成员信息。
[RouterA] display evi neighbor-discovery server member
Interface: Tunnel0 Network ID: 1
IP Address: 1.1.1.1
Client Address System ID Expire Created Time
1.1.1.1 000F-0001-0001 25 2014/01/01 00:00:43
1.1.2.1 000F-0001-0002 15 2014/01/01 01:00:46
# 查看Router A上ENDC学到的邻居信息。
[RouterA] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.1.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.2.1 000F-0001-0002 2014/01/01 12:12:12 13 Up
# 显示全部IPv4 VRRP备份组的详细信息。
[RouterA] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 101 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 100.0.0.254
Virtual MAC : 0000-5e00-0165
Master IP : 100.0.0.1
(2) 验证Router B
# 查看Router B上的EVI Tunnel的接口信息。
[RouterB] display interface tunnel 0
Tunnel0
Current state: UP
Line protocol state: UP
Description: Tunnel0 Interface
Bandwidth: 64kbps
Maximum Transmit Unit: 64000
Internet protocol processing: disabled
Tunnel source 1.1.2.1
Tunnel keepalive enabled, Period(20 s), Retries(2)
Network ID 1
Tunnel protocol/transport GRE_EVI/IP
Output queue - Urgent queuing: Size/Length/Discards 0/100/0
Output queue - Protocol queuing: Size/Length/Discards 0/500/0
Output queue - FIFO queuing: Size/Length/Discards 0/75/0
Last clearing of counters: Never
Last 300 seconds input rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Last 300 seconds output rate: 0 bytes/sec, 0 bits/sec, 0 packets/sec
Input: 0 packets, 0 bytes, 0 drops
Output: 0 packets, 0 bytes, 0 drops
# 查看Router B上的EVI-Link的接口信息。
[RouterB] display evi link interface tunnel 0
Interface Status Source Destination
EVI-Link0 UP 1.1.2.1 1.1.1.1
# 查看Router B上的ENDC的运行信息。
[RouterB] display evi neighbor-discovery client summary
Status: I-Init E-Establish P-Probe
Interface Local Address Server Address Network ID Reg Auth Status
Tunnel0 1.1.2.1 1.1.1.1 1 15 disabled E
# 查看Router B上ENDC学到的邻居信息。
[RouterB] display evi neighbor-discovery client member
Interface: Tunnel0 Network ID: 1
Local Address: 1.1.2.1
Server Address: 1.1.1.1
Neighbor System ID Created Time Expire Status
1.1.1.1 000F-0001-0001 2014/01/01 12:12:12 13 Up
# 显示全部IPv4 VRRP备份组的详细信息。
[RouterB] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 101 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 100.0.0.254
Virtual MAC : 0000-5e00-0165
Master IP : 100.0.0.2
(3) 验证互通
Site1中或Site2中设备可以通过网关访问外网;Site1与Site2中的主机可以互通。
· Router A:
#
Vlan 101
#
interface Vlan-interface101
ip address 100.0.0.1 255.255.255.0
vrrp vrid 101 virtual-ip 100.0.0.254
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.1.1 255.255.255.0
nat outbound
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 101
#
interface Tunnel0 mode evi
evi extend-vlan 101
source 1.1.1.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery server enable
#
evi site-id 1
#
· Router B :
#
vlan 101
#
interface Vlan-interface101
ip address 100.0.0.2 255.255.255.0
vrrp vrid 101 virtual-ip 100.0.0.254
#
interface GigabitEthernet3/0
port link-mode route
ip address 1.1.2.1 255.255.255.0
nat outbound
#
interface GigabitEthernet2/0
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 101
#
interface Tunnel0 mode evi
evi extend-vlan 101
source 1.1.2.1
keepalive 20 2
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
evi site-id 2
#
· 《H3C VSR1000虚拟路由器配置指导》中的“EVI配置指导”
· 《H3C VSR1000虚拟路由器命令参考》中的“EVI命令参考”
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
