00-H3C_S12500_EVI典型配置举例
本章节下载: 00-H3C_S12500_EVI典型配置举例 (285.27 KB)
目 录
本文档介绍了通过MDC实现EVI边缘设备与网关分离和通过IRF实现EVI边缘设备的冗余备份的配置举例。
EVI(Ethernet Virtualization Interconnect,以太网虚拟化互联)是一种基于“MAC in IP”的二层VPN技术,它可以基于现有服务提供商或企业的IP网络,为分散的物理站点提供二层互联功能。虚拟机能在不同站点之间自由迁移。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文假设您已了解EVI、MDC和IRF特性。
· 本地EVI边缘设备不能作为对端数据中心的网关。
· EVI和MDC特性需要安装配套的License。License分为园区网License和数据中心License两大类,其中数据中心License支持EVI和MDC特性;园区网License仅支持MDC特性。
如图1所示,某公司由于用户数量急剧增加,公司网络部决定扩大数据中心规模,在两个不同的地区设立数据中心,并要求采用EVI技术实现数据中心之间的二层互通。具体要求如下:
· 数据中心之间VLAN 1000的业务流量通过运营商网络的三层IP网络实现二层互通;
· 不同数据中心之间的资源能动态调配和管理,数据业务和服务器能自由迁移,数据迁移过程对用户透明,并且迁移过程中不改变数据业务和服务器的IP地址(否则用户的访问流量会中断);
· 为减少项目管理和维护成本,要求采用MDC技术将公网接入设备虚拟成两台独立的设备。其中一台作为EVI的边缘设备,另一台作为EVI扩展VLAN的三层网关。
图1 通过MDC实现EVI边缘设备与网关分离配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
MDCA1 |
Loop0 |
1.1.1.1/32 |
MDCB1 |
Loop0 |
2.2.2.2/32 |
|
Vlan-int10 |
10.1.1.1/24 |
|
Vlan-int10 |
10.1.2.1/24 |
MDCA2 |
Vlan-int11 |
11.1.1.1/24 |
MDCB2 |
Vlan-int11 |
11.1.2.1/24 |
|
Vlan-int1000 |
100.0.0.1/24 |
|
Vlan-int1000 |
100.0.0.2/24 |
· 为实现两个数据中心之间VLAN 1000的二层互通,需要在MDCA1和MDCB1之间建立EVI网络,并将VLAN 1000配置成扩展VLAN;
· 为实现当数据业务和服务器在迁移过程中无需修改网关地址,需要将MDCA2和MDCB2加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;
· 为实现MDCA2和MDCB2之间的VRRP协议报文能够透传,需要在MDCA1和MDCB1上配置选择性泛洪,允许VRRP的协议报文通过EVI网络传递到对端数据中心的网关。
本举例是在S12500-CMW710-R7328P02版本上进行配置和验证的。
· 同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;
· 同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;
· 不同的EVI网络实例不能使用相同的扩展VLAN。
· 不能使用Vlan-interface1作为EVI边缘设备的公网接口;
· EVI扩展VLAN的VLAN接口不支持作为公网出接口。
如果在动态MAC地址表项老化时间内本地EVI边缘设备没有接收到对端数据中心的报文,那么本地EVI边缘设备上的动态MAC地址表项不会主动触发学习更新,直到该表项老化被删除。此时,发给对端数据中心的报文会因为在本地EVI边缘设备的MAC地址表中找不到对应表项而被丢弃,造成流量黑洞。只有当EVI边缘设备学习ARP表项时才能同时触发更新动态MAC地址表项。
为了避免流量黑洞的产生,需要配置MAC地址表项老化时间不小于动态ARP表项老化时间。缺省情况下,S12500的动态ARP表项老化时间为25分钟,动态MAC地址表项老化时间为5分钟。因此,建议您修改动态MAC地址表项的老化时间为30分钟。
MDCA1与MDCA2之间的物理线路以及MDCB1和MDCB2之间的物理线路需要在MDC划分完成后才能进行连接,否则可能会引起环路。
# 将Switch A划分成两个MDC,其中MDCA1直接使用缺省MDC,作为数据中心Site1的EVI边缘设备;MDCA2使用非缺省MDC,作为Site1的网关。
<SwitchA> system-view
[SwitchA] sysname MDCA1
[MDCA1] mdc MDCA2
[MDCA1-mdc-2-MDCA2] location slot 2
[MDCA1-mdc-2-MDCA2] allocate interface gigabitethernet 2/0/1 to gigabitethernet 2/0/48
[MDCA1-mdc-2-MDCA2] mdc start
[MDCA1-mdc-2-MDCA2] quit
(1) 配置MDCA1上各接口的IP地址及路由协议
# 配置MDCA1公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet3/0/1允许VLAN 10通过。
[MDCA1] vlan 10
[MDCA1-vlan10] quit
[MDCA1] interface gigabitethernet 3/0/1
[MDCA1-GigabitEthernet3/0/1] port access vlan 10
[MDCA1-GigabitEthernet3/0/1] undo shutdown
[MDCA1-GigabitEthernet3/0/1] quit
[MDCA1] interface vlan-interface 10
[MDCA1-Vlan-interface10] ip address 10.1.1.1 24
[MDCA1-Vlan-interface10] undo shutdown
[MDCA1-Vlan-interface10] quit
# 创建VLAN 1000,并配置GigabitEthernet3/0/2允许VLAN 1000通过。
[MDCA1] vlan 1000
[MDCA1-vlan1000] quit
[MDCA1] interface gigabitethernet 3/0/2
[MDCA1-GigabitEthernet3/0/2] port link-type trunk
[MDCA1-GigabitEthernet3/0/2] port trunk permit vlan 1000
[MDCA1-GigabitEthernet3/0/2] undo shutdown
[MDCA1-GigabitEthernet3/0/2] quit
# 创建LoopBack接口,作为EVI隧道的源接口。
[MDCA1] interface loopback 0
[MDCA1-LoopBack0] ip address 1.1.1.1 32
[MDCA1-LoopBack0] quit
# 配置OSPF路由协议,发布公网路由。
[MDCA1] ospf 1
[MDCA1-ospf-1] area 0
[MDCA1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[MDCA1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[MDCA1-ospf-1-area-0.0.0.0] quit
[MDCA1-ospf-1] quit
(2) 配置EVI隧道
# 建立EVI隧道。
[MDCA1] interface Tunnel 1 mode evi
# 配置Tunnel1接口的源端地址为LoopBack0。
[MDCA1-Tunnel1] source loopback 0
# 配置Tunnel1接口的Network ID。
[MDCA1-Tunnel1] evi network-id 1
# 使能Tunnel1接口的ENDS功能。
[MDCA1-Tunnel1] evi neighbor-discovery server enable
# 配置Tunnel1接口的扩展VLAN。
[MDCA1-Tunnel1] evi extend-vlan 1000
# 配置ARP泛洪抑制功能,以减少EVI隧道中ARP泛洪的次数。
[MDCA1-Tunnel1] evi arp-suppression enable
# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。
[MDCA1-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
[MDCA1-Tunnel1] quit
# 配置MAC地址表项的老化时间为30分钟。
[MDCA1] mac-address timer aging 1800
# 在接入EVI网络的物理接口GigabitEthernet3/0/1上开启EVI功能,同时关闭接口上的STP功能。
[MDCA1] interface gigabitethernet 3/0/1
[MDCA1-GigabitEthernet3/0/1] evi enable
[MDCA1-GigabitEthernet3/0/1] undo stp enable
[MDCA1-GigabitEthernet3/0/1] quit
# 登录到MDCA2,并将MDCA2的系统名称改成“MDCA2”。
[MDCA1] switchto MDCA2
<Sysname> system-view
[Sysname] sysname MDCA2
[MDCA2]
(1) 配置MDCA2上各接口的IP地址及路由协议
# 配置MDCA2的公网接口。
[MDCA2] vlan 11
[MDCA2-vlan11] quit
[MDCA2] interface vlan-interface 11
[MDCA2-Vlan-interface11] ip address 11.1.1.1 24
[MDCA2-Vlan-interface11] undo shutdown
[MDCA2-Vlan-interface11] quit
[MDCA2] interface gigabitethernet 2/0/48
[MDCA2-GigabitEthernet2/0/48] port access vlan 11
[MDCA2-GigabitEthernet2/0/48] undo shutdown
[MDCA2-GigabitEthernet2/0/48] quit
# 配置OSPF路由协议,发布公网路由。
[MDCA2] ospf 1
[MDCA2-ospf-1] area 0
[MDCA2-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[MDCA2-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255
[MDCA2-ospf-1-area-0.0.0.0] quit
[MDCA2-ospf-1] quit
# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。
[MDCA2] vlan 1000
[MDCA2-vlan1000] quit
[MDCA2] interface vlan-interface 1000
[MDCA2-Vlan-interface1000] ip address 100.0.0.1 24
[MDCA2-Vlan-interface1000] undo shutdown
[MDCA2-Vlan-interface1000] quit
# 配置接口GigabitEthernet2/0/2和GigabitEthernet2/0/10允许VLAN 1000通过
[MDCA2] interface gigabitethernet 2/0/2
[MDCA2-GigabitEthernet2/0/2] port link-type trunk
[MDCA2-GigabitEthernet2/0/2] port trunk permit vlan 1000
[MDCA2-GigabitEthernet2/0/2] undo shutdown
[MDCA2-GigabitEthernet2/0/2] quit
[MDCA2] interface gigabitethernet 2/0/10
[MDCA2-GigabitEthernet2/0/10] port link-type trunk
[MDCA2-GigabitEthernet2/0/10] port trunk permit vlan 1000
[MDCA2-GigabitEthernet2/0/10] undo shutdown
[MDCA2-GigabitEthernet2/0/10] quit
(2) 配置MDCA2加入VRRP备份组
# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。
[MDCA2] interface vlan-interface 1000
[MDCA2-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254
# 为使MDCA2成为Master,配置MDCA2在备份组中的优先级为110,高于MDCB2采用的缺省优先级100。
[MDCA2-Vlan-interface1000] vrrp vrid 1 priority 110
[MDCA2-Vlan-interface1000] quit
# 将Switch B划分成两个MDC,其中MDCB1直接使用缺省MDC,作为数据中心Site2的EVI边缘设备;MDCB2使用非缺省MDC,作为Site2的网关。
<SwitchB> system-view
[SwitchB] sysname MDCB1
[MDCB1] mdc MDCB2
[MDCB1-mdc-2-MDCB2] location slot 2
[MDCB1-mdc-2-MDCB2] allocate interface gigabitethernet 2/0/1 to gigabitethernet 2/0/48
[MDCB1-mdc-2-MDCB2] mdc start
[MDCB1-mdc-2-MDCB2] quit
(1) 配置MDCB1上各接口的IP地址及路由协议
# 配置MDCB1公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet3/0/1允许VLAN 10通过。
[MDCB1] vlan 10
[MDCB1-vlan10] quit
[MDCB1] interface gigabitethernet 3/0/1
[MDCB1-GigabitEthernet3/0/1] port access vlan 10
[MDCB1-GigabitEthernet3/0/1] undo shutdown
[MDCB1-GigabitEthernet3/0/1] quit
[MDCB1] interface vlan-interface 10
[MDCB1-Vlan-interface10] ip address 10.1.2.1 24
[MDCB1-Vlan-interface10] undo shutdown
[MDCB1-Vlan-interface10] quit
# 创建VLAN 1000,并配置GigabitEthernet3/0/2允许VLAN 1000通过。
[MDCB1] vlan 1000
[MDCB1-vlan1000] quit
[MDCB1] interface gigabitethernet 3/0/2
[MDCB1-GigabitEthernet3/0/2] port link-type trunk
[MDCB1-GigabitEthernet3/0/2] port trunk permit vlan 1000
[MDCB1-GigabitEthernet3/0/2] undo shutdown
[MDCB1-GigabitEthernet3/0/2] quit
# 创建Loopback接口,作为EVI隧道的源接口。
[MDCB1]interface loopback 0
[MDCB1-LoopBack0] ip address 2.2.2.2 32
[MDCB1-LoopBack0] quit
# 配置OSPF路由协议,发布公网路由。
[MDCB1] ospf 1
[MDCB1-ospf-1] area 0
[MDCB1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[MDCB1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[MDCB1-ospf-1-area-0.0.0.0] quit
[MDCB1-ospf-1] quit
(2) 配置EVI隧道
# 建立EVI隧道。
[MDCB1] interface Tunnel 1 mode evi
# 配置Tunnel1接口的源端地址为LoopBack0。
[MDCB1-Tunnel1] source loopback 0
# 配置Tunnel1接口的Network ID。
[MDCB1-Tunnel1] evi network-id 1
# 使能Tunnel1接口的ENDC功能,该ENDC对应的ENDS为MDCA1。
[MDCB1-Tunnel1] evi neighbor-discovery client enable 1.1.1.1
# 配置Tunnel1接口的扩展VLAN。
[MDCB1-Tunnel1] evi extend-vlan 1000
# 配置ARP泛洪抑制功能,以减少EVI隧道中ARP泛洪的次数。
[MDCB1-Tunnel1] evi arp-suppression enable
# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。
[MDCB1-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
[MDCB1-Tunnel1] quit
# 配置MAC地址表项的老化时间为30分钟。
[MDCB1] mac-address timer aging 1800
# 在接入EVI网络的物理接口GigabitEthernet3/0/1上开启EVI功能,同时关闭接口上的STP功能。
[MDCB1] interface gigabitethernet 3/0/1
[MDCB1-GigabitEthernet3/0/1] evi enable
[MDCB1-GigabitEthernet3/0/1] undo stp enable
[MDCB1-GigabitEthernet3/0/1] quit
# 登录到MDCB2,并将MDCB2的系统名称改成“MDCB2”。
[MDCB1] switchto MDCB2
<Sysname> system-view
[Sysname] sysname MDCB2
[MDCB2]
(1) 配置MDCB2上各接口的IP地址及路由协议
# 配置MDC2的公网接口。
[MDCB2] vlan 11
[MDCB2-vlan11] quit
[MDCB2] interface vlan-interface 11
[MDCB2-Vlan-interface11] ip address 11.1.2.1 24
[MDCB2-Vlan-interface11] undo shutdown
[MDCB2-Vlan-interface11] quit
[MDCB2] interface gigabitethernet 2/0/48
[MDCB2-GigabitEthernet2/0/48] port access vlan 11
[MDCB2-GigabitEthernet2/0/48] undo shutdown
[MDCB2-GigabitEthernet2/0/48] quit
# 配置OSPF路由协议,发布公网路由。
[MDCB2] ospf 1
[MDCB2-ospf-1] area 0
[MDCB2-ospf-1-area-0.0.0.0] network 11.1.2.0 0.0.0.255
[MDCB2-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255
[MDCB2-ospf-1-area-0.0.0.0] quit
[MDCB2-ospf-1] quit
# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。
[MDCB2] vlan 1000
[MDCB2-vlan1000] quit
[MDCB2] interface vlan-interface 1000
[MDCB2-Vlan-interface1000] ip address 100.0.0.2 24
[MDCB2-Vlan-interface1000] undo shutdown
[MDCB2-Vlan-interface1000] quit
# 配置接口GigabitEthernet2/0/2和GigabitEthernet2/0/10允许VLAN 1000通过
[MDCB2] interface gigabitethernet 2/0/2
[MDCB2-GigabitEthernet2/0/2] port link-type trunk
[MDCB2-GigabitEthernet2/0/2] port trunk permit vlan 1000
[MDCB2-GigabitEthernet2/0/2] undo shutdown
[MDCB2-GigabitEthernet2/0/2] quit
[MDCB2] interface gigabitethernet 2/0/10
[MDCB2-GigabitEthernet2/0/10] port link-type trunk
[MDCB2-GigabitEthernet2/0/10] port trunk permit vlan 1000
[MDCB2-GigabitEthernet2/0/10] undo shutdown
[MDCB2-GigabitEthernet2/0/10] quit
(2) 配置MDCA2加入VRRP备份组
# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。
[MDCB2] interface vlan-interface 1000
[MDCB2-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254
[MDCB2-Vlan-interface1000] quit
将Site 1中的某台服务器(IP地址为100.0.0.100,网关地址为100.0.0.254)迁移至Site 2中,从外网ping这台服务器(IP地址不变),仍然可以ping通。
C:\>ping 100.0.0.100
Pinging 100.0.0.100 with 32 bytes of data:
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Reply from 100.0.0.100: bytes=32 time=37ms TTL=128
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Ping statistics for 100.0.0.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 37ms, Average = 10ms
C:\>
· MDCA1:
#
mdc Admin id 1
#
mdc MDCA2 id 2
location slot 2
mdc start
allocate interface gigabitethernet2/0/1 to GigabitEthernet2/0/48
#
sysname MDCA1
#
mac-address timer aging 1800
#
vlan 1
#
vlan 10
#
vlan 1000
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet3/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 10
undo stp enable
evi enable
#
interface Tunnel1 mode evi
evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
evi arp-suppression enable
evi extend-vlan 1000
source LoopBack0
evi network-id 1
evi neighbor-discovery server enable
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
· MDCA2:
#
sysname MDCA2
#
vlan 1
#
vlan 11
#
vlan 1000
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Vlan-interface1000
ip address 100.0.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 100.0.0.254
vrrp vrid 1 priority 110
#
interface GigabitEthernet2/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
interface GigabitEthernet2/0/10
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet2/0/48
port link-mode bridge
port access vlan 10
#
ospf 1
area 0.0.0.0
network 11.1.1.1 0.0.0.255
network 100.0.0.0 0.0.0.255
#
return
· MDCB1:
#
mdc Admin id 1
#
mdc MDCB2 id 2
location slot 2
mdc start
allocate interface GigabitEthernet2/0/1 to GigabitEthernet2/0/48
#
sysname MDCB1
#
mac-address timer aging 1800
#
vlan 1
#
vlan 10
#
vlan 1000
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface10
ip address 10.1.2.1 255.255.255.0
#
interface GigabitEthernet3/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 10
undo stp enable
evi enable
#
interface Tunnel1 mode evi
evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
evi arp-suppression enable
evi extend-vlan 1000
source LoopBack0
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.2.0 0.0.0.255
#
return
· MDCB2:
#
version 7.1.045, Release 7328
#
sysname MDCB2
#
vlan 1
#
vlan 11
#
vlan 1000
#
interface Vlan-interface11
ip address 11.1.2.1 255.255.255.0
#
interface Vlan-interface1000
ip address 100.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 100.0.0.254
#
interface GigabitEthernet2/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
interface GigabitEthernet2/0/10
port link-mode bridge
port link-type trunk
port trunk permit vlan all
#
interface GigabitEthernet2/0/48
port link-mode bridge
port access vlan 10
#
ospf 1
area 0.0.0.0
network 11.1.2.1 0.0.0.255
network 100.0.0.0 0.0.0.255
#
return
如图2所示,某公司由于用户数量急剧增加,公司网络部决定扩大数据中心规模,在两个不同的地区设立数据中心,并要求采用EVI技术实现数据中心的二层互通。具体要求如下:
· 数据中心之间VLAN 1000的业务流量通过运营商网络的三层IP网络实现二层互通;
· 不同数据中心之间的资源能动态调配和管理,数据业务和服务器能自由迁移,数据迁移过程对用户透明,并且迁移过程中不改变数据业务和服务器的IP地址(否则用户的访问流量会中断);
· 为提高EVI边缘设备的可靠性,要求使用IRF技术实现边缘设备的冗余,即使一台交换机出现故障,也不会影响整个数据中心的通信。
图2 通过IRF实现EVI边缘设备的冗余备份配置组网图
设备 |
接口 |
IP地址 |
设备 |
接口 |
IP地址 |
IRF A |
Loop0 |
1.1.1.1/32 |
IRFB |
Loop0 |
2.2.2.2/32 |
|
Vlan-int10 |
10.1.1.1/24 |
|
Vlan-int10 |
10.1.2.1/24 |
CE A |
Vlan-int11 |
11.1.1.1/24 |
CE B |
Vlan-int11 |
11.1.2.1/24 |
|
Vlan-int1000 |
100.0.0.1/24 |
|
Vlan-int1000 |
100.0.0.2/24 |
· 为实现两个数据中心之间VLAN 1000的二层互通,需要在IRF A和 IRF B之间建立EVI网络,并将VLAN 1000配置成扩展VLAN;
· 为实现当数据业务和服务器在迁移过程中无需修改网关地址,需要将数据中心Site1的网关CE A和Site2的网关CE B加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;
· 为实现CE A和CE B之间的VRRP协议报文能够透传,需要在IRF A和IRF B上配置选择性泛洪,允许VRRP的协议报文通过EVI网络传递到对端数据中心的网关。
· 为提供IRF链路的可靠性,需要分别在IRF上下行的链路上配置链路聚合功能。
本举例是在S12500-CMW710-R7328版本上进行配置和验证的。
· 同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;
· 同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;
· 不同的EVI网络实例不能使用相同的扩展VLAN。
· 不能使用Vlan-interface1作为EVI边缘设备的公网接口;
· EVI扩展VLAN的VLAN接口不支持作为公网出接口。
如果在动态MAC地址表项老化时间内本地EVI边缘设备没有接收到对端数据中心的报文,那么本地EVI边缘设备上的动态MAC地址表项不会主动触发学习更新,直到该表项老化被删除。此时,发给对端数据中心的报文会因为在本地EVI边缘设备的MAC地址表中找不到对应表项而被丢弃,造成流量黑洞。只有当EVI边缘设备学习ARP表项时才能同时触发更新动态MAC地址表项。
为了避免流量黑洞的产生,需要配置MAC地址表项老化时间不小于动态ARP表项老化时间。缺省情况下,S12500的动态ARP表项老化时间为25分钟,动态MAC地址表项老化时间为5分钟。因此,建议您修改动态MAC地址表项的老化时间为30分钟。
在IRF模式下,EVI边缘设备不支持对从EVI隧道收到的报文进行出方向的策略匹配。
(1) 请参考图2进行物理连线,确保IRF物理链路连接正确
(2) 配置Switch A-1为IRF模式
# 配置Switch A-1的成员编号为1,创建IRF端口2,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。
<SwitchA-1> system-view
[SwitchA-1] irf member 1
[SwitchA-1] irf-port 2
[SwitchA-1-irf-port2] port group interface ten-gigabitethernet 2/0/1
[SwitchA-1-irf-port2] quit
[SwitchA-1] interface ten-gigabitethernet 2/0/1
[SwitchA-1-Ten-GigabitEthernet2/0/1] undo shutdown
[SwitchA-1-Ten-GigabitEthernet2/0/1] quit
# 将当前配置保存到下次启动配置文件。
[SwitchA-1] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
# 将设备的运行模式切换到IRF模式。
[SwitchA-1] chassis convert mode irf
The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Please wait...
Saving the converted configuration file to the main board succeeded.
Slot 1:
Saving the converted configuration file succeeded.
Now rebooting, please wait...
Switch A-1重启后组成了只有一台成员设备的IRF。
(3) 配置Switch A-2为IRF模式
# 配置Switch A-2的成员编号为2,创建IRF端口1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。
<SwitchA-2> system-view
[SwitchA-2] irf member 2
[SwitchA-2] irf-port 1
[SwitchA-2-irf-port1] port group interface ten-gigabitethernet 2/0/1
[SwitchA-2-irf-port1] quit
[SwitchA-2] interface ten-gigabitethernet 2/0/1
[SwitchA-2-Ten-GigabitEthernet2/0/1] undo shutdown
[SwitchA-2-Ten-GigabitEthernet2/0/1] quit
# 将当前配置保存到下次启动配置文件。
[SwitchA-2] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
# 将设备的运行模式切换到IRF模式。
[SwitchA-2] chassis convert mode irf
The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Please wait...
Saving the converted configuration file to the main board succeeded.
Slot 1:
Saving the converted configuration file succeeded.
Now rebooting, please wait...
交换机Swtich A-2重启后与Switch A-1形成IRF A。
(4) 配置IRF A的BFD MAD检测
# 更改IRF A的系统名称为“IRFA”,并设置IRF A域编号为1。
<SwitchA-1> system-view
[SwitchA-1] sysname IRFA
[IRFA] irf domain 1
# 创建VLAN 3,并将Switch A-1上的端口GigabitEthernet1/3/0/2和Swtich A-2上的端口GigabitEthernet2/3/0/2加入VLAN中。
[IRFA] vlan 3
[IRFA-vlan3] port gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2
[IRFA-vlan3] quit
# 创建VLAN接口3,并配置MAD IP地址。
[IRFA] interface vlan-interface 3
[IRFA-Vlan-interface3] mad bfd enable
[IRFA-Vlan-interface3] mad ip address 192.168.2.1 24 member 1
[IRFA-Vlan-interface3] mad ip address 192.168.2.2 24 member 2
[IRFA-Vlan-interface3] undo shutdown
[IRFA-Vlan-interface3] quit
# 由于BFD MAD与STP功能互斥,需要关闭接口上的STP功能。
[IRFA] interface range gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2
[IRFA-if-range] undo stp enable
[IRFA-if-range] undo shutdown
[IRFA-if-range] quit
(5) 配置IRF A上各接口的IP地址及路由协议
# 配置IRF A公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet1/3/0/1和GigabitEthernet2/3/0/1允许VLAN 10通过。
[IRFA] vlan 10
[IRFA-vlan10] quit
[IRFA] interface vlan-interface 10
[IRFA-Vlan-interface10] ip address 10.1.1.1 24
[IRFA-Vlan-interface10] undo shutdown
[IRFA-Vlan-interface10] quit
[IRFA] interface bridge-aggregation 1
[IRFA-Bridge-Aggregation1] link-aggregation mode dynamic
[IRFA-Bridge-Aggregation1] port access vlan 10
[IRFA-Bridge-Aggregation1] undo shutdown
[IRFA-Bridge-Aggregation1] quit
[IRFA] interface gigabitethernet 1/3/0/1
[IRFA-GigabitEthernet1/3/0/1] undo shutdown
[IRFA-GigabitEthernet1/3/0/1] port link-aggregation group 1
[IRFA-GigabitEthernet1/3/0/1] quit
[IRFA] interface gigabitethernet 2/3/0/1
[IRFA-GigabitEthernet2/3/0/1] undo shutdown
[IRFA-GigabitEthernet2/3/0/1] port link-aggregation group 1
[IRFA-GigabitEthernet2/3/0/1] quit
# 创建VLAN 1000。
[IRFA] vlan 1000
[IRFA-vlan1000] quit
# 创建连接公网的聚合组,编号为2,允许VLAN 1000通过。
[IRFA] interface bridge-aggregation 2
[IRFA-Bridge-Aggregation2] link-aggregation mode dynamic
[IRFA-Bridge-Aggregation2] port link-type trunk
[IRFA-Bridge-Aggregation2] port trunk permit vlan 1000
[IRFA-Bridge-Aggregation2] undo shutdown
[IRFA-Bridge-Aggregation2] quit
# 配置接口GigabitEthernet1/4/0/1和GigabitEthernet2/4/0/1加入聚合组2。
[IRFA] interface gigabitethernet 1/4/0/1
[IRFA-GigabitEthernet1/4/0/1] port link-aggregation group 2
[IRFA-GigabitEthernet1/4/0/1] undo shutdown
[IRFA-GigabitEthernet1/4/0/1] quit
[IRFA] interface gigabitethernet 2/4/0/1
[IRFA-GigabitEthernet2/4/0/1] port link-aggregation group 2
[IRFA-GigabitEthernet2/4/0/1] undo shutdown
[IRFA-GigabitEthernet2/4/0/1] quit
# 创建Loopback接口,作为EVI隧道的源接口。
[IRFA] interface loopback 0
[IRFA-LoopBack0] ip address 1.1.1.1 32
[IRFA-LoopBack0] quit
# 配置OSPF路由协议,发布公网路由。
[IRFA] ospf 1
[IRFA-ospf-1] area 0
[IRFA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[IRFA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0
[IRFA-ospf-1-area-0.0.0.0] quit
[IRFA-ospf-1] quit
(6) 配置EVI隧道
# 建立EVI隧道。
[IRFA] interface Tunnel 1 mode evi
# 配置Tunnel1接口的源端地址为LoopBack0。
[IRFA-Tunnel1] source loopback 0
# 配置Tunnel1接口的Network ID。
[IRFA-Tunnel1] evi network-id 1
# 使能Tunnel1接口的ENDS功能。
[IRFA-Tunnel1] evi neighbor-discovery server enable
# 配置Tunnel1接口的扩展VLAN。
[IRFA-Tunnel1] evi extend-vlan 1000
# 配置ARP泛洪抑制功能,以减少EVI隧道中ARP泛洪的次数。
[IRFA-Tunnel1] evi arp-suppression enable
# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。
[IRFA-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
[IRFA-Tunnel1] quit
# 配置MAC地址表项的老化时间为30分钟。
[IRFA] mac-address timer aging 1800
# 在接入EVI网络的物理接口GigabitEthernet1/3/0/1和GigabitEthernet2/3/0/1上开启EVI功能,同时关闭接口上的STP功能。
[IRFA] interface gigabitethernet 1/3/0/1
[IRFA-GigabitEthernet1/3/0/1] evi enable
[IRFA-GigabitEthernet1/3/0/1] undo stp enable
[IRFA-GigabitEthernet1/3/0/1] quit
[IRFA] interface gigabitethernet 2/3/0/1
[IRFA-GigabitEthernet2/3/0/1] evi enable
[IRFA-GigabitEthernet2/3/0/1] undo stp enable
[IRFA-GigabitEthernet2/3/0/1] quit
(1) 配置CE A上各接口的IP地址及路由协议
# 配置CE A的公网接口。
<CEA> system-view
[CEA] vlan 11
[CEA-vlan11] quit
[CEA] interface vlan-interface 11
[CEA-Vlan-interface11] ip address 11.1.1.1 24
[CEA-Vlan-interface11] undo shutdown
[CEA-Vlan-interface11] quit
[CEA] interface gigabitethernet 5/0/1
[CEA-GigabitEthernet5/0/1] port access vlan 11
[CEA-GigabitEthernet5/0/1] undo shutdown
[CEA-GigabitEthernet5/0/1] quit
# 配置OSPF路由协议,发布公网路由。
[CEA] ospf 1
[CEA-ospf-1] area 0
[CEA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255
[CEA-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255
[CEA-ospf-1-area-0.0.0.0] quit
[CEA-ospf-1] quit
# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。
[CEA] vlan 1000
[CEA-vlan1000] quit
[CEA] interface vlan-interface 1000
[CEA-Vlan-interface1000] ip address 100.0.0.1 24
[CEA-Vlan-interface1000] undo shutdown
[CEA-Vlan-interface1000] quit
# 配置CE A与IRF A相连的接口允许VLAN 1000通过。
[CEA] interface bridge-aggregation 2
[CEA-Bridge-Aggregation2] link-aggregation mode dynamic
[CEA-Bridge-Aggregation2] port link-type trunk
[CEA-Bridge-Aggregation2] port trunk permit vlan 1000
[CEA-Bridge-Aggregation2] quit
[CEA] interface gigabitethernet 4/0/1
[CEA-GigabitEthernet4/0/1] port link-aggregation group 2
[CEA-GigabitEthernet4/0/1] undo shutdown
[CEA-GigabitEthernet4/0/1] quit
[CEA] interface gigabitethernet 4/0/2
[CEA-GigabitEthernet4/0/2] port link-aggregation group 2
[CEA-GigabitEthernet4/0/2] undo shutdown
[CEA-GigabitEthernet4/0/2] quit
# 配置CE A与数据中心相连的接口允许VLAN 1000通过。
[CEA] interface gigabitethernet 7/0/1
[CEA-GigabitEthernet7/0/1] port link-type trunk
[CEA-GigabitEthernet7/0/1] port trunk permit vlan 1000
[CEA-GigabitEthernet7/0/1] undo shutdown
[CEA] quit
(2) 配置CE A加入VRRP备份组
# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。
[CEA] interface vlan-interface 1000
[CEA-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254
# 为使CE A成为Master,配置CE A在备份组中的优先级为110,高于CE B采用的缺省优先级100。
[CEA-Vlan-interface1000] vrrp vrid 1 priority 110
[CEA-Vlan-interface1000] quit
(1) 请参考图2进行物理连线,确保IRF物理链路连接正确
(2) 配置Switch B-1为IRF模式
# 配置Switch B-1的成员编号为1,创建IRF端口2,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。
<SwitchB-1> system-view
[SwitchB-1] irf member 1.
[SwitchB-1] irf-port 2
[SwitchB-1-irf-port2] port group interface ten-GigabitEthernet 2/0/1
[SwitchB-1-irf-port2] quit
[SwitchB-1] interface ten-GigabitEthernet 2/0/1
[SwitchB-1-Ten-GigabitEthernet2/0/1] undo shutdown
[SwitchB-1-Ten-GigabitEthernet2/0/1] quit
# 将当前配置保存到下次启动配置文件。
[SwitchB-1] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
# 将设备的运行模式切换到IRF模式。
[SwitchB-1] chassis convert mode irf
The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Please wait...
Saving the converted configuration file to the main board succeeded.
Slot 1:
Saving the converted configuration file succeeded.
Now rebooting, please wait...
Switch B-1重启后组成了只有一台成员设备的IRF。
(3) 配置Switch B-2为IRF模式
# 配置Switch B-2的成员编号为2,创建IRF端口1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。
<SwitchB-2> system-view
[SwitchB-2] irf member 2
[SwitchB-2] irf-port 1
[SwitchB-2-irf-port1] port group interface ten-GigabitEthernet 2/0/1
[SwitchB-2-irf-port1] quit
[SwitchB-2] interface ten-GigabitEthernet 2/0/1
[SwitchB-2-Ten-GigabitEthernet2/0/1] undo shutdown
[SwitchB-2-Ten-GigabitEthernet2/0/1] quit
# 将当前配置保存到下次启动配置文件。
[SwitchB-2] save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
# 将设备的运行模式切换到IRF模式。
[SwitchB-2] chassis convert mode irf
The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Please wait...
Saving the converted configuration file to the main board succeeded.
Slot 1:
Saving the converted configuration file succeeded.
Now rebooting, please wait...
交换机Swtich B-2重启后与Switch B-1形成IRF B。
(4) 配置IRF B的BFD MAD检测
# 更改IRF B的系统名称为“IRFB”,并设置IRF B域编号为2。
<SwitchB-1> system-view
[SwitchB-1] sysname IRFB
[IRFB] irf domain 2
# 创建VLAN 3,并将Switch B-1上的端口GigabitEthernet1/3/0/2和Swtich B-2上的端口GigabitEthernet2/3/0/2加入VLAN中。
[IRFB] vlan 3
[IRFB-vlan3] port gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2
[IRFB-vlan3] quit
# 创建VLAN接口3,并配置MAD IP地址。
[IRFB] interface vlan-interface 3
[IRFB-Vlan-interface3] mad bfd enable
[IRFB-Vlan-interface3] mad ip address 192.168.2.1 24 member 1
[IRFB-Vlan-interface3] mad ip address 192.168.2.2 24 member 2
[IRFB-Vlan-interface3] undo shutdown
[IRFB-Vlan-interface3] quit
# 由于BFD MAD与STP功能互斥,需要关闭接口上的STP功能。
[IRFB] interface range gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2
[IRFB-if-range] undo stp enable
[IRFB-if-range] undo shutdown
[IRFB-if-range] quit
(5) 配置IRF B上各接口的IP地址及路由协议
# 配置IRF B公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet1/3/0/1和GigabitEthernet2/3/0/1允许VLAN 10通过。
[IRFB] vlan 10
[IRFB-vlan10] quit
[IRFB] interface vlan-interface 10
[IRFB-Vlan-interface10] ip address 10.1.2.1 24
[IRFB-Vlan-interface10] undo shutdown
[IRFB-Vlan-interface10] quit
[IRFB] interface bridge-aggregation 1
[IRFB-Bridge-Aggregation1] link-aggregation mode dynamic
[IRFB-Bridge-Aggregation1] port access vlan 10
[IRFB-Bridge-Aggregation1] undo shutdown
[IRFB-Bridge-Aggregation1] quit
[IRFB] interface gigabitethernet 1/3/0/1
[IRFB-GigabitEthernet1/3/0/1] undo shutdown
[IRFB-GigabitEthernet1/3/0/1] port link-aggregation group 1
[IRFB-GigabitEthernet1/3/0/1] quit
[IRFB] interface gigabitethernet 2/3/0/1
[IRFB-GigabitEthernet2/3/0/1] undo shutdown
[IRFB-GigabitEthernet2/3/0/1] port link-aggregation group 1
[IRFB-GigabitEthernet2/3/0/1] quit
# 创建VLAN 1000。
[IRFB] vlan 1000
[IRFB-vlan1000] quit
# 创建连接公网的聚合组,编号为2,允许VLAN 1000通过。
[IRFB] interface bridge-aggregation 2
[IRFB-Bridge-Aggregation2] link-aggregation mode dynamic
[IRFB-Bridge-Aggregation2] port link-type trunk
[IRFB-Bridge-Aggregation2] port trunk permit vlan 1000
[IRFB-Bridge-Aggregation2] undo shutdown
[IRFB-Bridge-Aggregation2] quit
# 配置接口GigabitEthernet1/4/0/1和GigabitEthernet2/4/0/1加入聚合组2。
[IRFB] interface gigabitethernet 1/4/0/1
[IRFB-GigabitEthernet1/4/0/1] port link-aggregation group 2
[IRFB-GigabitEthernet1/4/0/1] undo shutdown
[IRFB-GigabitEthernet1/4/0/1] quit
[IRFB] interface gigabitethernet 2/4/0/1
[IRFB-GigabitEthernet2/4/0/1] port link-aggregation group 2
[IRFB-GigabitEthernet2/4/0/1] undo shutdown
[IRFB-GigabitEthernet2/4/0/1] quit
# 创建Loopback接口,作为EVI隧道的源接口。
[IRFB] interface loopback 0
[IRFB-LoopBack0] ip address 2.2.2.2 32
[IRFB-LoopBack0] quit
# 配置OSPF路由协议,发布公网路由。
[IRFB] ospf 1
[IRFB-ospf-1] area 0
[IRFB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255
[IRFB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0
[IRFB-ospf-1-area-0.0.0.0] quit
[IRFB-ospf-1] quit
(6) 配置EVI隧道
# 建立EVI隧道。
[IRFB] interface Tunnel 1 mode evi
# 配置Tunnel1接口的源端地址为LoopBack0。
[IRFB-Tunnel1] source loopback 0
# 配置Tunnel1接口的Network ID。
[IRFB-Tunnel1] evi network-id 1
# 使能Tunnel1接口的ENDC功能,该ENDC对应的ENDS为IRF A。
[IRFB-Tunnel1] evi neighbor-discovery client enable 1.1.1.1
# 配置Tunnel1接口的扩展VLAN。
[IRFB-Tunnel1] evi extend-vlan 1000
# 配置ARP泛洪抑制功能,以减少EVI隧道中ARP泛洪的次数。
[IRFB-Tunnel1] evi arp-suppression enable
# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。
[IRFB-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
[IRFB-Tunnel1] quit
# 配置MAC地址表项的老化时间为30分钟。
[IRFB] mac-address timer aging 1800
# 在接入EVI网络的物理接口GigabitEthernet1/3/0/1和GigabitEthernet2/3/0/1上开启EVI功能,同时关闭接口上的STP功能。
[IRFB] interface gigabitethernet 1/3/0/1
[IRFB-GigabitEthernet1/3/0/1] evi enable
[IRFB-GigabitEthernet1/3/0/1] undo stp enable
[IRFB-GigabitEthernet1/3/0/1] quit
[IRFB] interface gigabitethernet 2/3/0/1
[IRFB-GigabitEthernet2/3/0/1] evi enable
[IRFB-GigabitEthernet2/3/0/1] undo stp enable
[IRFB-GigabitEthernet2/3/0/1] quit
(1) 配置CE B上各接口的IP地址及路由协议
# 配置CE B的公网接口。
<CEB> system-view
[CEB] vlan 11
[CEB-vlan11] quit
[CEB] interface vlan-interface 11
[CEB-Vlan-interface11] ip address 11.1.2.1 24
[CEB-Vlan-interface11] undo shutdown
[CEB-Vlan-interface11] quit
[CEB] interface gigabitethernet 5/0/1
[CEB-GigabitEthernet5/0/1] port access vlan 11
[CEB-GigabitEthernet5/0/1] undo shutdown
[CEB-GigabitEthernet5/0/1] quit
# 配置OSPF路由协议,发布公网路由。
[CEB] ospf 1
[CEB-ospf-1] area 0
[CEB-ospf-1-area-0.0.0.0] network 11.1.2.0 0.0.0.255
[CEB-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255
[CEB-ospf-1-area-0.0.0.0] quit
[CEB-ospf-1] quit
# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。
[CEB] vlan 1000
[CEB-vlan1000] quit
[CEB] interface vlan-interface 1000
[CEB-Vlan-interface1000] ip address 100.0.0.2 24
[CEB-Vlan-interface1000] undo shutdown
[CEB-Vlan-interface1000] quit
# 配置CE B与IRF B相连的接口允许VLAN 1000通过。
[CEB] interface bridge-aggregation 2
[CEB-Bridge-Aggregation2] link-aggregation mode dynamic
[CEB-Bridge-Aggregation2] port link-type trunk
[CEB-Bridge-Aggregation2] port trunk permit vlan 1000
[CEB-Bridge-Aggregation2] quit
[CEB] interface gigabitethernet 4/0/1
[CEB-GigabitEthernet4/0/1] port link-aggregation group 2
[CEB-GigabitEthernet4/0/1] undo shutdown
[CEB-GigabitEthernet4/0/1] quit
[CEB] interface gigabitethernet 4/0/2
[CEB-GigabitEthernet4/0/2] port link-aggregation group 2
[CEB-GigabitEthernet4/0/2] undo shutdown
[CEB-GigabitEthernet4/0/2] quit
# 配置CE B与数据中心相连的接口允许VLAN 1000通过。
[CEB] interface gigabitethernet 7/0/1
[CEB-GigabitEthernet7/0/1] port link-type trunk
[CEB-GigabitEthernet7/0/1] port trunk permit vlan 1000
[CEB-GigabitEthernet7/0/1] undo shutdown
[CEB] quit
(2) 配置CE B加入VRRP备份组
# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。
[CEB] interface vlan-interface 1000
[CEB-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254
[CEB-Vlan-interface1000] quit
将Site 1中的某台服务器(IP地址为100.0.0.100,网关地址为100.0.0.254)迁移至Site 2中,从外网ping这台服务器(IP地址不变),仍然可以ping通。
C:\>ping 100.0.0.100
Pinging 100.0.0.100 with 32 bytes of data:
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Reply from 100.0.0.100: bytes=32 time=37ms TTL=128
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Reply from 100.0.0.100: bytes=32 time=1ms TTL=128
Ping statistics for 100.0.0.100:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 1ms, Maximum = 37ms, Average = 10ms
C:\>
· IRF A:
#
sysname IRFA
#
mac-address timer aging 1800
#
vlan 1
#
vlan 3
#
vlan 10
#
vlan 1000
#
irf-port 1/2
port group mdc 1 interface Ten-GigabitEthernet1/2/0/1
#
irf-port 2/1
port group mdc 1 interface Ten-GigabitEthernet2/2/0/1
#
interface Bridge-Aggregation1
port access vlan 10
link-aggregation mode dynamic
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 1000
link-aggregation mode dynamic
#
interface LoopBack0
ip address 1.1.1.1 255.255.255.255
#
interface Vlan-interface3
mad bfd enable
mad ip address 192.168.2.1 255.255.255.0 member 1
mad ip address 192.168.2.2 255.255.255.0 member 2
#
interface Vlan-interface10
ip address 10.1.1.1 255.255.255.0
#
interface GigabitEthernet1/3/0/1
port link-mode bridge
port access vlan 10
undo stp enable
evi enable
port link-aggregation group 1
#
interface GigabitEthernet2/3/0/1
port link-mode bridge
port access vlan 10
undo stp enable
evi enable
port link-aggregation group 1
#
interface GigabitEthernet1/3/0/2
port link-mode bridge
port access vlan 3
undo stp enable
#
interface GigabitEthernet2/3/0/2
port link-mode bridge
port access vlan 3
undo stp enable
#
interface GigabitEthernet1/4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface GigabitEthernet2/4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/2/0/1
#
interface Tunnel1 mode evi
evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
evi arp-suppression enable
evi extend-vlan 1000
source LoopBack0
evi network-id 1
evi neighbor-discovery server enable
#
ospf 1
area 0.0.0.0
network 1.1.1.1 0.0.0.0
network 10.1.1.0 0.0.0.255
#
return
· CE A:
#
sysname CEA
#
vlan 1
#
vlan 11
#
vlan 1000
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 1000
link-aggregation mode dynamic
#
interface Vlan-interface11
ip address 11.1.1.1 255.255.255.0
#
interface Vlan-interface1000
ip address 100.0.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 100.0.0.254
vrrp vrid 1 priority 110
#
interface GigabitEthernet4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface GigabitEthernet4/0/2
port link-mode bridge
port link-aggregation group 2
#
interface GigabitEthernet5/0/1
port link-mode bridge
port access vlan 11
#
interface GigabitEthernet7/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
ospf 1
area 0.0.0.0
network 11.1.1.0 0.0.0.255
network 100.0.0.0 0.0.0.255
#
return
· IRF B:
#
sysname IRFB
#
mac-address timer aging 1800
#
vlan 1
#
vlan 3
#
vlan 10
#
vlan 1000
#
irf-port 1/2
port group mdc 1 interface Ten-GigabitEthernet1/2/0/1
#
irf-port 2/1
port group mdc 1 interface Ten-GigabitEthernet2/2/0/1
#
interface Bridge-Aggregation1
port access vlan 10
link-aggregation mode dynamic
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 1000
link-aggregation mode dynamic
#
interface LoopBack0
ip address 2.2.2.2 255.255.255.255
#
interface Vlan-interface3
mad bfd enable
mad ip address 192.168.2.1 255.255.255.0 member 1
mad ip address 192.168.2.2 255.255.255.0 member 2
#
interface Vlan-interface10
ip address 10.1.2.1 255.255.255.0
#
interface GigabitEthernet1/3/0/1
port link-mode bridge
port access vlan 10
undo stp enable
evi enable
port link-aggregation group 1
#
interface GigabitEthernet2/3/0/1
port link-mode bridge
port access vlan 10
undo stp enable
evi enable
port link-aggregation group 1
#
interface GigabitEthernet1/3/0/2
port link-mode bridge
port access vlan 3
undo stp enable
#
interface GigabitEthernet2/3/0/2
port link-mode bridge
port access vlan 3
undo stp enable
#
interface GigabitEthernet1/4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface GigabitEthernet2/4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/2/0/1
#
interface Tunnel1 mode evi
evi selective-flooding mac-address 0100-5e00-0012 vlan 1000
evi arp-suppression enable
evi extend-vlan 1000
source LoopBack0
evi network-id 1
evi neighbor-discovery client enable 1.1.1.1
#
ospf 1
area 0.0.0.0
network 2.2.2.2 0.0.0.0
network 10.1.2.0 0.0.0.255
#
return
· CE B:
#
sysname CEB
#
vlan 1
#
vlan 11
#
vlan 1000
#
stp global enable
#
interface Bridge-Aggregation2
port link-type trunk
port trunk permit vlan 1 1000
link-aggregation mode dynamic
#
interface Vlan-interface11
ip address 11.1.2.1 255.255.255.0
#
interface Vlan-interface1000
ip address 100.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 100.0.0.254
#
interface GigabitEthernet4/0/1
port link-mode bridge
port link-aggregation group 2
#
interface GigabitEthernet4/0/2
port link-mode bridge
port link-aggregation group 2
#
interface GigabitEthernet5/0/1
port link-mode bridge
port access vlan 11
#
interface GigabitEthernet7/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan 1 1000
#
ospf 1
area 0.0.0.0
network 11.1.2.0 0.0.0.255
network 100.0.0.0 0.0.0.255
#
return
· H3C S12500系列路由交换机 EVI配置指导-Release 7328
· H3C S12500系列路由交换机 EVI命令参考-Release 7328
· H3C S12500系列路由交换机 虚拟化技术配置指导-Release 7328
· H3C S12500系列路由交换机 虚拟化技术命令参考-Release 7328
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!