• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 新华三人才研学中心
  • 关于我们

12-EVI配置举例

目录

01-H3C_EVI典型配置举例

本章节下载 01-H3C_EVI典型配置举例  (461.56 KB)

01-H3C_EVI典型配置举例

H3C EVI配置举例

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

资料版本:6W100-20200330

产品版本:Release 7585P05

 

Copyright © 2020 新华三技术有限公司 版权所有,保留一切权利。

非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。

除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。

本文档中的信息可能变动,恕不另行通知。



1? 简介

本文档介绍了通过MDC实现EVI边缘设备与网关分离和通过IRF实现EVI边缘设备的冗余备份的配置举例。

EVI(Ethernet Virtualization Interconnect,以太网虚拟化互联)是一种基于“MAC in IP”的二层VPN技术,它可以基于现有服务提供商或企业的IP网络,为分散的物理站点提供二层互联功能。虚拟机能在不同站点之间自由迁移。

2? 配置前提

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文假设您已了解EVI、MDC和IRF特性。

3? 使用限制

·     本地EVI边缘设备不能作为对端数据中心的网关。

·     EVI和MDC特性需要安装配套的License。License分为园区网License和数据中心License两大类,其中数据中心License支持EVI和MDC特性;园区网License仅支持MDC特性。

4? 通过MDC实现EVI边缘设备与网关分离配置举例

4.1? 组网需求

图1所示,某公司由于用户数量急剧增加,公司网络部决定扩大数据中心规模,在两个不同的地区设立数据中心,并要求采用EVI技术实现数据中心之间的二层互通。具体要求如下:

·     数据中心之间VLAN 1000的业务流量通过运营商网络的三层IP网络实现二层互通;

·     不同数据中心之间的资源能动态调配和管理,数据业务和服务器能自由迁移,数据迁移过程对用户透明,并且迁移过程中不改变数据业务和服务器的IP地址(否则用户的访问流量会中断);

·     为减少项目管理和维护成本,要求采用MDC技术将公网接入设备虚拟成两台独立的设备。其中一台作为EVI的边缘设备,另一台作为EVI扩展VLAN的三层网关。

图1 通过MDC实现EVI边缘设备与网关分离配置组网图

设备

接口

IP地址

设备

接口

IP地址

MDCA1

Loop0

1.1.1.1/32

MDCB1

Loop0

2.2.2.2/32

 

Vlan-int10

10.1.1.1/24

 

Vlan-int10

10.1.2.1/24

MDCA2

Vlan-int11

11.1.1.1/24

MDCB2

Vlan-int11

11.1.2.1/24

 

Vlan-int1000

100.0.0.1/24

 

Vlan-int1000

100.0.0.2/24

 

4.2? 配置思路

·     为实现两个数据中心之间VLAN 1000的二层互通,需要在MDCA1和MDCB1之间建立EVI网络,并将VLAN 1000配置成扩展VLAN;

·     为实现当数据业务和服务器在迁移过程中无需修改网关地址,需要将MDCA2和MDCB2加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;

·     为实现MDCA2和MDCB2之间的VRRP协议报文能够透传,需要在MDCA1和MDCB1上配置选择性泛洪,允许VRRP的协议报文通过EVI网络传递到对端数据中心的网关。

4.3? 配置注意事项

4.3.1? 配置EVI网络实例和扩展VLAN的注意事项

·     同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;

·     同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;

·     不同的EVI网络实例不能使用相同的扩展VLAN。

4.3.2? 配置EVI边缘设备公网接口的注意事项

·     不能使用Vlan-interface1作为EVI边缘设备的公网接口;

·     EVI扩展VLAN的VLAN接口不支持作为公网出接口。

4.3.3? 配置MDC的注意事项

MDCA1与MDCA2之间的物理线路以及MDCB1和MDCB2之间的物理线路需要在MDC划分完成后才能进行连接,否则可能会引起环路。

4.4? 配置步骤

4.4.1? Swtich A的配置

1. 划分MDC

# 将Switch A划分成两个MDC,其中MDCA1直接使用缺省MDC,作为数据中心Site1的EVI边缘设备;MDCA2使用非缺省MDC,作为Site1的网关。

<SwitchA> system-view

[SwitchA] sysname MDCA1

[MDCA1] mdc Admin

[MDCA1-mdc-1-Admin] undo location slot 2

[MDCA1-mdc-1-Admin] quit

[MDCA1] mdc MDCA2

[MDCA1-mdc-2-MDCA2] allocate interface gigabitethernet 2/0/1 to gigabitethernet 2/0/48

[MDCA1-mdc-2-MDCA2] location slot 2

[MDCA1-mdc-2-MDCA2] mdc start

[MDCA1-mdc-2-MDCA2] quit

2. 配置MDCA1

(1)     配置MDCA1上各接口的IP地址及路由协议

# 配置MDCA1公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet3/0/1允许VLAN 10通过。

[MDCA1] vlan 10

[MDCA1-vlan10] quit

[MDCA1] interface gigabitethernet 3/0/1

[MDCA1-GigabitEthernet3/0/1] port access vlan 10

[MDCA1-GigabitEthernet3/0/1] undo shutdown

[MDCA1-GigabitEthernet3/0/1] quit

[MDCA1] interface vlan-interface 10

[MDCA1-Vlan-interface10] ip address 10.1.1.1 24

[MDCA1-Vlan-interface10] undo shutdown

[MDCA1-Vlan-interface10] quit

# 创建VLAN 1000,并配置GigabitEthernet3/0/2允许VLAN 1000通过。

[MDCA1] vlan 1000

[MDCA1-vlan1000] quit

[MDCA1] interface gigabitethernet 3/0/2

[MDCA1-GigabitEthernet3/0/2] port link-type trunk

[MDCA1-GigabitEthernet3/0/2] port trunk permit vlan 1000

[MDCA1-GigabitEthernet3/0/2] undo shutdown

[MDCA1-GigabitEthernet3/0/2] quit

# 创建LoopBack接口,作为EVI隧道的源接口。

[MDCA1] interface loopback 0

[MDCA1-LoopBack0] ip address 1.1.1.1 32

[MDCA1-LoopBack0] quit

# 配置OSPF路由协议,发布公网路由。

[MDCA1] ospf 1

[MDCA1-ospf-1] area 0

[MDCA1-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[MDCA1-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[MDCA1-ospf-1-area-0.0.0.0] quit

[MDCA1-ospf-1] quit

(2)     配置EVI隧道

# 建立EVI隧道。

[MDCA1] interface Tunnel 1 mode evi

# 配置Tunnel1接口的源端地址为LoopBack0。

[MDCA1-Tunnel1] source loopback 0

# 配置Tunnel1接口的Network ID。

[MDCA1-Tunnel1] evi network-id 1

# 使能Tunnel1接口的ENDS功能。

[MDCA1-Tunnel1] evi neighbor-discovery server enable

# 配置Tunnel1接口的扩展VLAN

[MDCA1-Tunnel1] evi extend-vlan 1000

# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。

[MDCA1-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

[MDCA1-Tunnel1] quit

# 在接入EVI网络的物理接口GigabitEthernet3/0/1上开启EVI功能,同时关闭接口上的STP功能。

[MDCA1] interface gigabitethernet 3/0/1

[MDCA1-GigabitEthernet3/0/1] evi enable

[MDCA1-GigabitEthernet3/0/1] undo stp enable

[MDCA1-GigabitEthernet3/0/1] quit

3. 配置网关MDCA2

# 登录到MDCA2,并将MDCA2的系统名称改成“MDCA2”。

[MDCA1] switchto MDCA2

<Sysname> system-view

[Sysname] sysname MDCA2

[MDCA2]

(1)     配置MDCA2上各接口的IP地址及路由协议

# 配置MDCA2的公网接口。

[MDCA2] vlan 11

[MDCA2-vlan11] quit

[MDCA2] interface vlan-interface 11

[MDCA2-Vlan-interface11] ip address 11.1.1.1 24

[MDCA2-Vlan-interface11] undo shutdown

[MDCA2-Vlan-interface11] quit

[MDCA2] interface gigabitethernet 2/0/48

[MDCA2-GigabitEthernet2/0/48] port access vlan 11

[MDCA2-GigabitEthernet2/0/48] undo shutdown

[MDCA2-GigabitEthernet2/0/48] quit

# 配置OSPF路由协议,发布公网路由。

[MDCA2] ospf 1

[MDCA2-ospf-1] area 0

[MDCA2-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[MDCA2-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255

[MDCA2-ospf-1-area-0.0.0.0] quit

[MDCA2-ospf-1] quit

# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。

[MDCA2] vlan 1000

[MDCA2-vlan1000] quit

[MDCA2] interface vlan-interface 1000

[MDCA2-Vlan-interface1000] ip address 100.0.0.1 24

[MDCA2-Vlan-interface1000] undo shutdown

[MDCA2-Vlan-interface1000] quit

# 配置接口GigabitEthernet2/0/2和GigabitEthernet2/0/10允许VLAN 1000通过

[MDCA2] interface gigabitethernet 2/0/2

[MDCA2-GigabitEthernet2/0/2] port link-type trunk

[MDCA2-GigabitEthernet2/0/2] port trunk permit vlan 1000

[MDCA2-GigabitEthernet2/0/2] undo shutdown

[MDCA2-GigabitEthernet2/0/2] quit

[MDCA2] interface gigabitethernet 2/0/10

[MDCA2-GigabitEthernet2/0/10] port link-type trunk

[MDCA2-GigabitEthernet2/0/10] port trunk permit vlan 1000

[MDCA2-GigabitEthernet2/0/10] undo shutdown

[MDCA2-GigabitEthernet2/0/10] quit

(2)     配置MDCA2加入VRRP备份组

# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。

[MDCA2] interface vlan-interface 1000

[MDCA2-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254

# 为使MDCA2成为Master,配置MDCA2在备份组中的优先级为110,高于MDCB2采用的缺省优先级100。

[MDCA2-Vlan-interface1000] vrrp vrid 1 priority 110

[MDCA2-Vlan-interface1000] quit

4.4.2? Swtich B的配置

1. 划分MDC

# 将Switch B划分成两个MDC,其中MDCB1直接使用缺省MDC,作为数据中心Site2的EVI边缘设备;MDCB2使用非缺省MDC,作为Site2的网关。

<SwitchB> system-view

[SwitchB] sysname MDCB1

[MDCB1] mdc Admin

[MDCB1-mdc-1-Admin] undo location slot 2

[MDCB1-mdc-1-Admin] quit

[MDCB1] mdc MDCB2

[MDCB1-mdc-2-MDCB2] allocate interface gigabitethernet 2/0/1 to gigabitethernet 2/0/48

[MDCB1-mdc-2-MDCB2] location slot 2

[MDCB1-mdc-2-MDCB2] mdc start

[MDCB1-mdc-2-MDCB2] quit

2. 配置MDCB1

(1)     配置MDCB1上各接口的IP地址及路由协议

?# 配置MDCB1公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet3/0/1允许VLAN 10通过。

[MDCB1] vlan 10

[MDCB1-vlan10] quit

[MDCB1] interface gigabitethernet 3/0/1

[MDCB1-GigabitEthernet3/0/1] port access vlan 10

[MDCB1-GigabitEthernet3/0/1] undo shutdown

[MDCB1-GigabitEthernet3/0/1] quit

[MDCB1] interface vlan-interface 10

[MDCB1-Vlan-interface10] ip address 10.1.2.1 24

[MDCB1-Vlan-interface10] undo shutdown

[MDCB1-Vlan-interface10] quit

# 创建VLAN 1000,并配置GigabitEthernet3/0/2允许VLAN 1000通过。

[MDCB1] vlan 1000

[MDCB1-vlan1000] quit

[MDCB1] interface gigabitethernet 3/0/2

[MDCB1-GigabitEthernet3/0/2] port link-type trunk

[MDCB1-GigabitEthernet3/0/2] port trunk permit vlan 1000

[MDCB1-GigabitEthernet3/0/2] undo shutdown

[MDCB1-GigabitEthernet3/0/2] quit

# 创建Loopback接口,作为EVI隧道的源接口。

[MDCB1]interface loopback 0

[MDCB1-LoopBack0] ip address 2.2.2.2 32

[MDCB1-LoopBack0] quit

# 配置OSPF路由协议,发布公网路由。

[MDCB1] ospf 1

[MDCB1-ospf-1] area 0

[MDCB1-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[MDCB1-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[MDCB1-ospf-1-area-0.0.0.0] quit

[MDCB1-ospf-1] quit

(2)     配置EVI隧道

# 建立EVI隧道。

[MDCB1] interface Tunnel 1 mode evi

# 配置Tunnel1接口的源端地址为LoopBack0。

[MDCB1-Tunnel1] source loopback 0

# 配置Tunnel1接口的Network ID。

[MDCB1-Tunnel1] evi network-id 1

# 使能Tunnel1接口的ENDC功能,该ENDC对应的ENDSMDCA1

[MDCB1-Tunnel1] evi neighbor-discovery client enable 1.1.1.1

# 配置Tunnel1接口的扩展VLAN

[MDCB1-Tunnel1] evi extend-vlan 1000

# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。

[MDCB1-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

[MDCB1-Tunnel1] quit

# 在接入EVI网络的物理接口GigabitEthernet3/0/1上开启EVI功能,同时关闭接口上的STP功能。

[MDCB1] interface gigabitethernet 3/0/1

[MDCB1-GigabitEthernet3/0/1] evi enable

[MDCB1-GigabitEthernet3/0/1] undo stp enable

[MDCB1-GigabitEthernet3/0/1] quit

3. 配置网关MDCB2

# 登录到MDCB2,并将MDCB2的系统名称改成“MDCB2”。

[MDCB1] switchto MDCB2

<Sysname> system-view

[Sysname] sysname MDCB2

[MDCB2]

(1)     配置MDCB2上各接口的IP地址及路由协议

# 配置MDC2的公网接口。

[MDCB2] vlan 11

[MDCB2-vlan11] quit

[MDCB2] interface vlan-interface 11

[MDCB2-Vlan-interface11] ip address 11.1.2.1 24

[MDCB2-Vlan-interface11] undo shutdown

[MDCB2-Vlan-interface11] quit

[MDCB2] interface gigabitethernet 2/0/48

[MDCB2-GigabitEthernet2/0/48] port access vlan 11

[MDCB2-GigabitEthernet2/0/48] undo shutdown

[MDCB2-GigabitEthernet2/0/48] quit

# 配置OSPF路由协议,发布公网路由。

[MDCB2] ospf 1

[MDCB2-ospf-1] area 0

[MDCB2-ospf-1-area-0.0.0.0] network 11.1.2.0 0.0.0.255

[MDCB2-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255

[MDCB2-ospf-1-area-0.0.0.0] quit

[MDCB2-ospf-1] quit

# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。

[MDCB2] vlan 1000

[MDCB2-vlan1000] quit

[MDCB2] interface vlan-interface 1000

[MDCB2-Vlan-interface1000] ip address 100.0.0.2 24

[MDCB2-Vlan-interface1000] undo shutdown

[MDCB2-Vlan-interface1000] quit

# 配置接口GigabitEthernet2/0/2和GigabitEthernet2/0/10允许VLAN 1000通过

[MDCB2] interface gigabitethernet 2/0/2

[MDCB2-GigabitEthernet2/0/2] port link-type trunk

[MDCB2-GigabitEthernet2/0/2] port trunk permit vlan 1000

[MDCB2-GigabitEthernet2/0/2] undo shutdown

[MDCB2-GigabitEthernet2/0/2] quit

[MDCB2] interface gigabitethernet 2/0/10

[MDCB2-GigabitEthernet2/0/10] port link-type trunk

[MDCB2-GigabitEthernet2/0/10] port trunk permit vlan 1000

[MDCB2-GigabitEthernet2/0/10] undo shutdown

[MDCB2-GigabitEthernet2/0/10] quit

(2)     配置MDCA2加入VRRP备份组

# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。

[MDCB2] interface vlan-interface 1000

[MDCB2-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254

[MDCB2-Vlan-interface1000] quit

4.5? 验证配置

将Site 1中的某台服务器(IP地址为100.0.0.100,网关地址为100.0.0.254)迁移至Site 2中,从外网ping这台服务器(IP地址不变),仍然可以ping通。

C:\>ping 100.0.0.100

 

Pinging 100.0.0.100 with 32 bytes of data:

 

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

Reply from 100.0.0.100: bytes=32 time=37ms TTL=128

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

 

Ping statistics for 100.0.0.100:

??? Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

??? Minimum = 1ms, Maximum = 37ms, Average = 10ms

 

C:\>

4.6? 配置文件

·     MDCA1:

#

mdc Admin id 1

?undo location slot 2

#

mdc MDCA2 id 2

?location slot 2

?mdc start

?allocate interface gigabitethernet2/0/1 to GigabitEthernet2/0/48

#

?sysname MDCA1

#

vlan 1

#

vlan 10

#

vlan 1000

#

interface LoopBack0

?ip address 1.1.1.1 255.255.255.255

#

interface Vlan-interface10

?ip address 10.1.1.1 255.255.255.0

#

interface GigabitEthernet3/0/2

?port link-mode bridge

?port link-type trunk

?port trunk permit vlan 1 1000

#

interface GigabitEthernet3/0/1

?port link-mode bridge

?port access vlan 10

?undo stp enable

?evi enable

#

interface Tunnel1 mode evi

?evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

?evi extend-vlan 1000

?source LoopBack0

?evi network-id 1

?evi neighbor-discovery server enable

#

ospf 1

?area 0.0.0.0

? network 1.1.1.1 0.0.0.0

? network 10.1.1.0 0.0.0.255

#

return

·     MDCA2:

#

?sysname MDCA2

#

vlan 1

#

vlan 11

#

vlan 1000

#

interface Vlan-interface11

?ip address 11.1.1.1 255.255.255.0

#

interface Vlan-interface1000

?ip address 100.0.0.1 255.255.255.0

?vrrp vrid 1 virtual-ip 100.0.0.254

?vrrp vrid 1 priority 110

#

interface GigabitEthernet2/0/1

?port link-mode bridge

?port link-type trunk

?port trunk permit vlan 1 1000

#

interface GigabitEthernet2/0/10

?port link-mode bridge

?port link-type trunk

?port trunk permit vlan all

#

interface GigabitEthernet2/0/48

?port link-mode bridge

?port access vlan 10

#

ospf 1

?area 0.0.0.0

? network 11.1.1.1 0.0.0.255

? network 100.0.0.0 0.0.0.255

#

return

·     MDCB1:

#

mdc Admin id 1

?undo location slot 2

#

mdc MDCB2 id 2

?location slot 2

?mdc start

?allocate interface GigabitEthernet2/0/1 to GigabitEthernet2/0/48

#

?sysname MDCB1

#

vlan 1

#

vlan 10

#

vlan 1000

#

interface LoopBack0

?ip address 2.2.2.2 255.255.255.255

#

interface Vlan-interface10

?ip address 10.1.2.1 255.255.255.0

#

interface GigabitEthernet3/0/2

?port link-mode bridge

?port link-type trunk

?port trunk permit vlan 1 1000

#

interface GigabitEthernet3/0/1

?port link-mode bridge

?port access vlan 10

?undo stp enable

?evi enable

#

interface Tunnel1 mode evi

?evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

?evi extend-vlan 1000

?source LoopBack0

?evi network-id 1

?evi neighbor-discovery client enable 1.1.1.1

#

ospf 1

?area 0.0.0.0

? network 2.2.2.2 0.0.0.0

? network 10.1.2.0 0.0.0.255

#

return

·     MDCB2:

#

?version 7.1.045, Release 7328

#

?sysname MDCB2

#

vlan 1

#

vlan 11

#

vlan 1000

#

interface Vlan-interface11

?ip address 11.1.2.1 255.255.255.0

#

interface Vlan-interface1000

?ip address 100.0.0.2 255.255.255.0

?vrrp vrid 1 virtual-ip 100.0.0.254

#

interface GigabitEthernet2/0/1

?port link-mode bridge

?port link-type trunk

?port trunk permit vlan 1 1000

#

interface GigabitEthernet2/0/10

?port link-mode bridge

?port link-type trunk

?port trunk permit vlan all

#

interface GigabitEthernet2/0/48

?port link-mode bridge

?port access vlan 10

#

ospf 1

?area 0.0.0.0

? network 11.1.2.1 0.0.0.255

? network 100.0.0.0 0.0.0.255

#

return

5? 通过IRF实现EVI边缘设备的冗余备份配置举例

5.1? 组网需求

图2所示,某公司由于用户数量急剧增加,公司网络部决定扩大数据中心规模,在两个不同的地区设立数据中心,并要求采用EVI技术实现数据中心的二层互通。具体要求如下:

·     数据中心之间VLAN 1000的业务流量通过运营商网络的三层IP网络实现二层互通;

·     不同数据中心之间的资源能动态调配和管理,数据业务和服务器能自由迁移,数据迁移过程对用户透明,并且迁移过程中不改变数据业务和服务器的IP地址(否则用户的访问流量会中断);

·     为提高EVI边缘设备的可靠性,要求使用IRF技术实现边缘设备的冗余,即使一台交换机出现故障,也不会影响整个数据中心的通信。

图2 通过IRF实现EVI边缘设备的冗余备份配置组网图

设备

接口

IP地址

设备

接口

IP地址

IRF A

Loop0

1.1.1.1/32

IRFB

Loop0

2.2.2.2/32

 

Vlan-int10

10.1.1.1/24

 

Vlan-int10

10.1.2.1/24

CE A

Vlan-int11

11.1.1.1/24

CE B

Vlan-int11

11.1.2.1/24

 

Vlan-int1000

100.0.0.1/24

 

Vlan-int1000

100.0.0.2/24

 

5.2? 配置思路

·     为实现两个数据中心之间VLAN 1000的二层互通,需要在IRF A和 IRF B之间建立EVI网络,并将VLAN 1000配置成扩展VLAN;

·     为实现当数据业务和服务器在迁移过程中无需修改网关地址,需要将数据中心Site1的网关CE A和Site2的网关CE B加入同一个VRRP备份组,两个数据中心使用同一个虚拟网关;

·     为实现CE A和CE B之间的VRRP协议报文能够透传,需要在IRF A和IRF B上配置选择性泛洪,允许VRRP的协议报文通过EVI网络传递到对端数据中心的网关。

·     为提供IRF链路的可靠性,需要分别在IRF上下行的链路上配置链路聚合功能。

5.3? 配置注意事项

1. 配置EVI网络实例和扩展VLAN的注意事项

·     同一个EVI网络实例中,所有的边缘设备必须配置相同的Netwok ID。但是,同一台边缘设备上的不同Tunnel接口必须配置不同的Netwok ID;

·     同一个EVI网络实例中的所有边缘设备上配置的扩展VLAN必须一致,否则可能会引起扩展VLAN中的数据泄露;

·     不同的EVI网络实例不能使用相同的扩展VLAN。

2. 配置EVI边缘设备公网接口的注意事项

·     不能使用Vlan-interface1作为EVI边缘设备的公网接口;

·     EVI扩展VLAN的VLAN接口不支持作为公网出接口。

5.4? 配置步骤

5.4.1? IRF A的配置

(1)     请参考图2进行物理连线,确保IRF物理链路连接正确

(2)     配置Switch A-1为IRF模式

# 配置Switch A-1的成员编号为1,创建IRF端口2,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。

<SwitchA-1> system-view

[SwitchA-1] irf member 1

[SwitchA-1] irf-port 2

[SwitchA-1-irf-port2] port group interface ten-gigabitethernet 2/0/1

[SwitchA-1-irf-port2] quit

[SwitchA-1] interface ten-gigabitethernet 2/0/1

[SwitchA-1-Ten-GigabitEthernet2/0/1] undo shutdown

[SwitchA-1-Ten-GigabitEthernet2/0/1] quit

# 将当前配置保存到下次启动配置文件。

[SwitchA-1] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# 将设备的运行模式切换到IRF模式。

[SwitchA-1] chassis convert mode irf

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y

Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y

?Please wait...

?Saving the converted configuration file to the main board succeeded.

Slot 1:

?Saving the converted configuration file succeeded.

?Now rebooting, please wait...

Switch A-1重启后组成了只有一台成员设备的IRF。

(3)     配置Switch A-2为IRF模式

# 配置Switch A-2的成员编号为2,创建IRF端口1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。

<SwitchA-2> system-view

[SwitchA-2] irf member 2

[SwitchA-2] irf-port 1

[SwitchA-2-irf-port1] port group interface ten-gigabitethernet 2/0/1

[SwitchA-2-irf-port1] quit

[SwitchA-2] interface ten-gigabitethernet 2/0/1

[SwitchA-2-Ten-GigabitEthernet2/0/1] undo shutdown

[SwitchA-2-Ten-GigabitEthernet2/0/1] quit

# 将当前配置保存到下次启动配置文件。

[SwitchA-2] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# 将设备的运行模式切换到IRF模式。

[SwitchA-2] chassis convert mode irf

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y

Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y

?Please wait...

?Saving the converted configuration file to the main board succeeded.

Slot 1:

?Saving the converted configuration file succeeded.

?Now rebooting, please wait...

交换机Swtich A-2重启后与Switch A-1形成IRF A。

(4)     配置IRF A的BFD MAD检测

# 更改IRF A的系统名称为“IRFA”,并设置IRF A域编号为1。

<SwitchA-1> system-view

[SwitchA-1] sysname IRFA

[IRFA] irf domain 1

# 创建VLAN 3,并将Switch A-1上的端口GigabitEthernet1/3/0/2和Swtich A-2上的端口GigabitEthernet2/3/0/2加入VLAN中。

[IRFA] vlan 3

[IRFA-vlan3] port gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2

[IRFA-vlan3] quit

# 创建VLAN接口3,并配置MAD IP地址。

[IRFA] interface vlan-interface 3

[IRFA-Vlan-interface3] mad bfd enable

[IRFA-Vlan-interface3] mad ip address 192.168.2.1 24 member 1

[IRFA-Vlan-interface3] mad ip address 192.168.2.2 24 member 2

[IRFA-Vlan-interface3] undo shutdown

[IRFA-Vlan-interface3] quit

# 由于BFD MAD与STP功能互斥,需要关闭接口上的STP功能。

[IRFA] interface range gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2

[IRFA-if-range] undo stp enable

[IRFA-if-range] undo shutdown

[IRFA-if-range] quit

(5)     配置IRF A上各接口的IP地址及路由协议

# 配置IRF A公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet1/3/0/1和GigabitEthernet2/3/0/1允许VLAN 10通过。

[IRFA] vlan 10

[IRFA-vlan10] quit

[IRFA] interface vlan-interface 10

[IRFA-Vlan-interface10] ip address 10.1.1.1 24

[IRFA-Vlan-interface10] undo shutdown

[IRFA-Vlan-interface10] quit

[IRFA] interface bridge-aggregation 1

[IRFA-Bridge-Aggregation1] link-aggregation mode dynamic

[IRFA-Bridge-Aggregation1] port access vlan 10

[IRFA-Bridge-Aggregation1] undo shutdown

[IRFA-Bridge-Aggregation1] quit

[IRFA] interface gigabitethernet 1/3/0/1

[IRFA-GigabitEthernet1/3/0/1] undo shutdown

[IRFA-GigabitEthernet1/3/0/1] port link-aggregation group 1

[IRFA-GigabitEthernet1/3/0/1] quit

[IRFA] interface gigabitethernet 2/3/0/1

[IRFA-GigabitEthernet2/3/0/1] undo shutdown

[IRFA-GigabitEthernet2/3/0/1] port link-aggregation group 1

[IRFA-GigabitEthernet2/3/0/1] quit

# 创建VLAN 1000。

[IRFA] vlan 1000

[IRFA-vlan1000] quit

# 创建连接公网的聚合组,编号为2,允许VLAN 1000通过。

[IRFA] interface bridge-aggregation 2

[IRFA-Bridge-Aggregation2] link-aggregation mode dynamic

[IRFA-Bridge-Aggregation2] port link-type trunk

[IRFA-Bridge-Aggregation2] port trunk permit vlan 1000

[IRFA-Bridge-Aggregation2] undo shutdown

[IRFA-Bridge-Aggregation2] quit

# 配置接口GigabitEthernet1/4/0/1和GigabitEthernet2/4/0/1加入聚合组2。

[IRFA] interface gigabitethernet 1/4/0/1

[IRFA-GigabitEthernet1/4/0/1] port link-aggregation group 2

[IRFA-GigabitEthernet1/4/0/1] undo shutdown

[IRFA-GigabitEthernet1/4/0/1] quit

[IRFA] interface gigabitethernet 2/4/0/1

[IRFA-GigabitEthernet2/4/0/1] port link-aggregation group 2

[IRFA-GigabitEthernet2/4/0/1] undo shutdown

[IRFA-GigabitEthernet2/4/0/1] quit

# 创建Loopback接口,作为EVI隧道的源接口。

[IRFA] interface loopback 0

[IRFA-LoopBack0] ip address 1.1.1.1 32

[IRFA-LoopBack0] quit

# 配置OSPF路由协议,发布公网路由。

[IRFA] ospf 1

[IRFA-ospf-1] area 0

[IRFA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255

[IRFA-ospf-1-area-0.0.0.0] network 1.1.1.1 0.0.0.0

[IRFA-ospf-1-area-0.0.0.0] quit

[IRFA-ospf-1] quit

(6)     配置EVI隧道

# 建立EVI隧道。

[IRFA] interface Tunnel 1 mode evi

# 配置Tunnel1接口的源端地址为LoopBack0。

[IRFA-Tunnel1] source loopback 0

# 配置Tunnel1接口的Network ID。

[IRFA-Tunnel1] evi network-id 1

# 使能Tunnel1接口的ENDS功能。

[IRFA-Tunnel1] evi neighbor-discovery server enable

# 配置Tunnel1接口的扩展VLAN

[IRFA-Tunnel1] evi extend-vlan 1000

# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。

[IRFA-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

[IRFA-Tunnel1] quit

# 在接入EVI网络的物理接口GigabitEthernet1/3/0/1GigabitEthernet2/3/0/1上开启EVI功能,同时关闭接口上的STP功能。

[IRFA] interface gigabitethernet 1/3/0/1

[IRFA-GigabitEthernet1/3/0/1] evi enable

[IRFA-GigabitEthernet1/3/0/1] undo stp enable

[IRFA-GigabitEthernet1/3/0/1] quit

[IRFA] interface gigabitethernet 2/3/0/1

[IRFA-GigabitEthernet2/3/0/1] evi enable

[IRFA-GigabitEthernet2/3/0/1] undo stp enable

[IRFA-GigabitEthernet2/3/0/1] quit

5.4.2? 配置网关CE A

(1)     配置CE A上各接口的IP地址及路由协议

# 配置CE A的公网接口。

<CEA> system-view

[CEA] vlan 11

[CEA-vlan11] quit

[CEA] interface vlan-interface 11

[CEA-Vlan-interface11] ip address 11.1.1.1 24

[CEA-Vlan-interface11] undo shutdown

[CEA-Vlan-interface11] quit

[CEA] interface gigabitethernet 5/0/1

[CEA-GigabitEthernet5/0/1] port access vlan 11

[CEA-GigabitEthernet5/0/1] undo shutdown

[CEA-GigabitEthernet5/0/1] quit

# 配置OSPF路由协议,发布公网路由。

[CEA] ospf 1

[CEA-ospf-1] area 0

[CEA-ospf-1-area-0.0.0.0] network 11.1.1.0 0.0.0.255

[CEA-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255

[CEA-ospf-1-area-0.0.0.0] quit

[CEA-ospf-1] quit

# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。

[CEA] vlan 1000

[CEA-vlan1000] quit

[CEA] interface vlan-interface 1000

[CEA-Vlan-interface1000] ip address 100.0.0.1 24

[CEA-Vlan-interface1000] undo shutdown

[CEA-Vlan-interface1000] quit

# 配置CE A与IRF A相连的接口允许VLAN 1000通过。

[CEA] interface bridge-aggregation 2

[CEA-Bridge-Aggregation2] link-aggregation mode dynamic

[CEA-Bridge-Aggregation2] port link-type trunk

[CEA-Bridge-Aggregation2] port trunk permit vlan 1000

[CEA-Bridge-Aggregation2] quit

[CEA] interface gigabitethernet 4/0/1

[CEA-GigabitEthernet4/0/1] port link-aggregation group 2

[CEA-GigabitEthernet4/0/1] undo shutdown

[CEA-GigabitEthernet4/0/1] quit

[CEA] interface gigabitethernet 4/0/2

[CEA-GigabitEthernet4/0/2] port link-aggregation group 2

[CEA-GigabitEthernet4/0/2] undo shutdown

[CEA-GigabitEthernet4/0/2] quit

# 配置CE A与数据中心相连的接口允许VLAN 1000通过。

[CEA] interface gigabitethernet 7/0/1

[CEA-GigabitEthernet7/0/1] port link-type trunk

[CEA-GigabitEthernet7/0/1] port trunk permit vlan 1000

[CEA-GigabitEthernet7/0/1] undo shutdown

[CEA] quit

(2)     配置CE A加入VRRP备份组

# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。

[CEA] interface vlan-interface 1000

[CEA-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254

# 为使CE A成为Master,配置CE A在备份组中的优先级为110,高于CE B采用的缺省优先级100。

[CEA-Vlan-interface1000] vrrp vrid 1 priority 110

[CEA-Vlan-interface1000] quit

5.4.3? IRF B的配置

(1)     请参考图2进行物理连线,确保IRF物理链路连接正确

(2)     配置Switch B-1为IRF模式

# 配置Switch B-1的成员编号为1,创建IRF端口2,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。

<SwitchB-1> system-view

[SwitchB-1] irf member 1.

[SwitchB-1] irf-port 2

[SwitchB-1-irf-port2] port group interface ten-GigabitEthernet 2/0/1

[SwitchB-1-irf-port2] quit

[SwitchB-1] interface ten-GigabitEthernet 2/0/1

[SwitchB-1-Ten-GigabitEthernet2/0/1] undo shutdown

[SwitchB-1-Ten-GigabitEthernet2/0/1] quit

# 将当前配置保存到下次启动配置文件。

[SwitchB-1] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# 将设备的运行模式切换到IRF模式。

[SwitchB-1] chassis convert mode irf

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y

Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y

?Please wait...

?Saving the converted configuration file to the main board succeeded.

Slot 1:

?Saving the converted configuration file succeeded.

?Now rebooting, please wait...

Switch B-1重启后组成了只有一台成员设备的IRF。

(3)     配置Switch B-2为IRF模式

# 配置Switch B-2的成员编号为2,创建IRF端口1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定。

<SwitchB-2> system-view

[SwitchB-2] irf member 2

[SwitchB-2] irf-port 1

[SwitchB-2-irf-port1] port group interface ten-GigabitEthernet 2/0/1

[SwitchB-2-irf-port1] quit

[SwitchB-2] interface ten-GigabitEthernet 2/0/1

[SwitchB-2-Ten-GigabitEthernet2/0/1] undo shutdown

[SwitchB-2-Ten-GigabitEthernet2/0/1] quit

# 将当前配置保存到下次启动配置文件。

[SwitchB-2] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[flash:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

flash:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# 将设备的运行模式切换到IRF模式。

[SwitchB-2] chassis convert mode irf

The device will switch to IRF mode and reboot. You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y

Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y

?Please wait...

?Saving the converted configuration file to the main board succeeded.

Slot 1:

?Saving the converted configuration file succeeded.

?Now rebooting, please wait...

交换机Swtich B-2重启后与Switch B-1形成IRF B。

(4)     配置IRF B的BFD MAD检测

# 更改IRF B的系统名称为“IRFB”,并设置IRF B域编号为2。

<SwitchB-1> system-view

[SwitchB-1] sysname IRFB

[IRFB] irf domain 2

# 创建VLAN 3,并将Switch B-1上的端口GigabitEthernet1/3/0/2和Swtich B-2上的端口GigabitEthernet2/3/0/2加入VLAN中。

[IRFB] vlan 3

[IRFB-vlan3] port gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2

[IRFB-vlan3] quit

# 创建VLAN接口3,并配置MAD IP地址。

[IRFB] interface vlan-interface 3

[IRFB-Vlan-interface3] mad bfd enable

[IRFB-Vlan-interface3] mad ip address 192.168.2.1 24 member 1

[IRFB-Vlan-interface3] mad ip address 192.168.2.2 24 member 2

[IRFB-Vlan-interface3] undo shutdown

[IRFB-Vlan-interface3] quit

# 由于BFD MAD与STP功能互斥,需要关闭接口上的STP功能。

[IRFB] interface range gigabitethernet 1/3/0/2 gigabitethernet 2/3/0/2

[IRFB-if-range] undo stp enable

[IRFB-if-range] undo shutdown

[IRFB-if-range] quit

(5)     配置IRF B上各接口的IP地址及路由协议

# 配置IRF B公网接口(即EVI边缘设备的公网接口)的IP地址,并配置GigabitEthernet1/3/0/1和GigabitEthernet2/3/0/1允许VLAN 10通过。

[IRFB] vlan 10

[IRFB-vlan10] quit

[IRFB] interface vlan-interface 10

[IRFB-Vlan-interface10] ip address 10.1.2.1 24

[IRFB-Vlan-interface10] undo shutdown

[IRFB-Vlan-interface10] quit

[IRFB] interface bridge-aggregation 1

[IRFB-Bridge-Aggregation1] link-aggregation mode dynamic

[IRFB-Bridge-Aggregation1] port access vlan 10

[IRFB-Bridge-Aggregation1] undo shutdown

[IRFB-Bridge-Aggregation1] quit

[IRFB] interface gigabitethernet 1/3/0/1

[IRFB-GigabitEthernet1/3/0/1] undo shutdown

[IRFB-GigabitEthernet1/3/0/1] port link-aggregation group 1

[IRFB-GigabitEthernet1/3/0/1] quit

[IRFB] interface gigabitethernet 2/3/0/1

[IRFB-GigabitEthernet2/3/0/1] undo shutdown

[IRFB-GigabitEthernet2/3/0/1] port link-aggregation group 1

[IRFB-GigabitEthernet2/3/0/1] quit

# 创建VLAN 1000。

[IRFB] vlan 1000

[IRFB-vlan1000] quit

# 创建连接公网的聚合组,编号为2,允许VLAN 1000通过。

[IRFB] interface bridge-aggregation 2

[IRFB-Bridge-Aggregation2] link-aggregation mode dynamic

[IRFB-Bridge-Aggregation2] port link-type trunk

[IRFB-Bridge-Aggregation2] port trunk permit vlan 1000

[IRFB-Bridge-Aggregation2] undo shutdown

[IRFB-Bridge-Aggregation2] quit

# 配置接口GigabitEthernet1/4/0/1和GigabitEthernet2/4/0/1加入聚合组2。

[IRFB] interface gigabitethernet 1/4/0/1

[IRFB-GigabitEthernet1/4/0/1] port link-aggregation group 2

[IRFB-GigabitEthernet1/4/0/1] undo shutdown

[IRFB-GigabitEthernet1/4/0/1] quit

[IRFB] interface gigabitethernet 2/4/0/1

[IRFB-GigabitEthernet2/4/0/1] port link-aggregation group 2

[IRFB-GigabitEthernet2/4/0/1] undo shutdown

[IRFB-GigabitEthernet2/4/0/1] quit

# 创建Loopback接口,作为EVI隧道的源接口。

[IRFB] interface loopback 0

[IRFB-LoopBack0] ip address 2.2.2.2 32

[IRFB-LoopBack0] quit

# 配置OSPF路由协议,发布公网路由。

[IRFB] ospf 1

[IRFB-ospf-1] area 0

[IRFB-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255

[IRFB-ospf-1-area-0.0.0.0] network 2.2.2.2 0.0.0.0

[IRFB-ospf-1-area-0.0.0.0] quit

[IRFB-ospf-1] quit

(6)     配置EVI隧道

# 建立EVI隧道。

[IRFB] interface Tunnel 1 mode evi

# 配置Tunnel1接口的源端地址为LoopBack0。

[IRFB-Tunnel1] source loopback 0

# 配置Tunnel1接口的Network ID。

[IRFB-Tunnel1] evi network-id 1

# 使能Tunnel1接口的ENDC功能,该ENDC对应的ENDSIRF A

[IRFB-Tunnel1] evi neighbor-discovery client enable 1.1.1.1

# 配置Tunnel1接口的扩展VLAN

[IRFB-Tunnel1] evi extend-vlan 1000

# 配置选择性泛洪,使VRRP协议报文可以通过EVI隧道透传到对端,VRRP协议报文的MAC地址为0100-5e00-0012。

[IRFB-Tunnel1] evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

[IRFB-Tunnel1] quit

# 在接入EVI网络的物理接口GigabitEthernet1/3/0/1GigabitEthernet2/3/0/1上开启EVI功能,同时关闭接口上的STP功能。

[IRFB] interface gigabitethernet 1/3/0/1

[IRFB-GigabitEthernet1/3/0/1] evi enable

[IRFB-GigabitEthernet1/3/0/1] undo stp enable

[IRFB-GigabitEthernet1/3/0/1] quit

[IRFB] interface gigabitethernet 2/3/0/1

[IRFB-GigabitEthernet2/3/0/1] evi enable

[IRFB-GigabitEthernet2/3/0/1] undo stp enable

[IRFB-GigabitEthernet2/3/0/1] quit

5.4.4? 配置网关CE B

(1)     配置CE B上各接口的IP地址及路由协议

# 配置CE B的公网接口。

<CEB> system-view

[CEB] vlan 11

[CEB-vlan11] quit

[CEB] interface vlan-interface 11

[CEB-Vlan-interface11] ip address 11.1.2.1 24

[CEB-Vlan-interface11] undo shutdown

[CEB-Vlan-interface11] quit

[CEB] interface gigabitethernet 5/0/1

[CEB-GigabitEthernet5/0/1] port access vlan 11

[CEB-GigabitEthernet5/0/1] undo shutdown

[CEB-GigabitEthernet5/0/1] quit

# 配置OSPF路由协议,发布公网路由。

[CEB] ospf 1

[CEB-ospf-1] area 0

[CEB-ospf-1-area-0.0.0.0] network 11.1.2.0 0.0.0.255

[CEB-ospf-1-area-0.0.0.0] network 100.0.0.0 0.0.0.255

[CEB-ospf-1-area-0.0.0.0] quit

[CEB-ospf-1] quit

# 创建VLAN 1000,并配置接口Vlan-interface1000的IP地址。

[CEB] vlan 1000

[CEB-vlan1000] quit

[CEB] interface vlan-interface 1000

[CEB-Vlan-interface1000] ip address 100.0.0.2 24

[CEB-Vlan-interface1000] undo shutdown

[CEB-Vlan-interface1000] quit

# 配置CE B与IRF B相连的接口允许VLAN 1000通过。

[CEB] interface bridge-aggregation 2

[CEB-Bridge-Aggregation2] link-aggregation mode dynamic

[CEB-Bridge-Aggregation2] port link-type trunk

[CEB-Bridge-Aggregation2] port trunk permit vlan 1000

[CEB-Bridge-Aggregation2] quit

[CEB] interface gigabitethernet 4/0/1

[CEB-GigabitEthernet4/0/1] port link-aggregation group 2

[CEB-GigabitEthernet4/0/1] undo shutdown

[CEB-GigabitEthernet4/0/1] quit

[CEB] interface gigabitethernet 4/0/2

[CEB-GigabitEthernet4/0/2] port link-aggregation group 2

[CEB-GigabitEthernet4/0/2] undo shutdown

[CEB-GigabitEthernet4/0/2] quit

# 配置CE B与数据中心相连的接口允许VLAN 1000通过。

[CEB] interface gigabitethernet 7/0/1

[CEB-GigabitEthernet7/0/1] port link-type trunk

[CEB-GigabitEthernet7/0/1] port trunk permit vlan 1000

[CEB-GigabitEthernet7/0/1] undo shutdown

[CEB] quit

(2)     配置CE B加入VRRP备份组

# 创建VRRP备份组1,使用虚拟IP地址100.0.0.254。

[CEB] interface vlan-interface 1000

[CEB-Vlan-interface1000] vrrp vrid 1 virtual-ip 100.0.0.254

[CEB-Vlan-interface1000] quit

5.5? 验证配置

将Site 1中的某台服务器(IP地址为100.0.0.100,网关地址为100.0.0.254)迁移至Site 2中,从外网ping这台服务器(IP地址不变),仍然可以ping通。

C:\>ping 100.0.0.100

 

Pinging 100.0.0.100 with 32 bytes of data:

 

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

Reply from 100.0.0.100: bytes=32 time=37ms TTL=128

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

Reply from 100.0.0.100: bytes=32 time=1ms TTL=128

 

Ping statistics for 100.0.0.100:

??? Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),

Approximate round trip times in milli-seconds:

??? Minimum = 1ms, Maximum = 37ms, Average = 10ms

 

C:\>

 

5.6? 配置文件

·     IRF A:

#

?sysname IRFA

#

vlan 1

#

vlan 3

#

vlan 10

#

vlan 1000

#

irf-port 1/2

?port group mdc 1 interface Ten-GigabitEthernet1/2/0/1

#

irf-port 2/1

?port group mdc 1 interface Ten-GigabitEthernet2/2/0/1

#

interface Bridge-Aggregation1

?port access vlan 10

?link-aggregation mode dynamic

#

interface Bridge-Aggregation2

?port link-type trunk

?port trunk permit vlan 1 1000

?link-aggregation mode dynamic

#

interface LoopBack0

?ip address 1.1.1.1 255.255.255.255

#

interface Vlan-interface3

?mad bfd enable

?mad ip address 192.168.2.1 255.255.255.0 member 1

?mad ip address 192.168.2.2 255.255.255.0 member 2

#

interface Vlan-interface10

?ip address 10.1.1.1 255.255.255.0

#

interface GigabitEthernet1/3/0/1

?port link-mode bridge

?port access vlan 10

?undo stp enable

?evi enable

?port link-aggregation group 1

#

interface GigabitEthernet2/3/0/1

?port link-mode bridge

?port access vlan 10

?undo stp enable

?evi enable

?port link-aggregation group 1

#

interface GigabitEthernet1/3/0/2

?port link-mode bridge

?port access vlan 3

?undo stp enable

#

interface GigabitEthernet2/3/0/2

?port link-mode bridge

?port access vlan 3

?undo stp enable

#

interface GigabitEthernet1/4/0/1

?port link-mode bridge

?port link-aggregation group 2

#

interface GigabitEthernet2/4/0/1

?port link-mode bridge

?port link-aggregation group 2

#

interface Ten-GigabitEthernet1/2/0/1

#

interface Tunnel1 mode evi

?evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

?evi extend-vlan 1000

?source LoopBack0

?evi network-id 1

?evi neighbor-discovery server enable

#

ospf 1

?area 0.0.0.0

? network 1.1.1.1 0.0.0.0

? network 10.1.1.0 0.0.0.255

#

return

·     CE A:

#

?sysname CEA

#

vlan 1

#

vlan 11

#

vlan 1000

#

interface Bridge-Aggregation2

?port link-type trunk

?port trunk permit vlan 1 1000

?link-aggregation mode dynamic

#

interface Vlan-interface11

?ip address 11.1.1.1 255.255.255.0

#

interface Vlan-interface1000

?ip address 100.0.0.1 255.255.255.0

?vrrp vrid 1 virtual-ip 100.0.0.254

?vrrp vrid 1 priority 110

#

interface GigabitEthernet4/0/1

?port link-mode bridge

?port link-aggregation group 2

#

interface GigabitEthernet4/0/2

?port link-mode bridge

?port link-aggregation group 2

#

interface GigabitEthernet5/0/1

?port link-mode bridge

?port access vlan 11

#

interface GigabitEthernet7/0/1

?port link-mode bridge

?port link-type trunk

?port trunk permit vlan 1 1000

#

ospf 1

?area 0.0.0.0

? network 11.1.1.0 0.0.0.255

? network 100.0.0.0 0.0.0.255

#

return

·     IRF B:

#

?sysname IRFB

#

vlan 1

#

vlan 3

#

vlan 10

#

vlan 1000

#

irf-port 1/2

?port group mdc 1 interface Ten-GigabitEthernet1/2/0/1

#

irf-port 2/1

?port group mdc 1 interface Ten-GigabitEthernet2/2/0/1

#

interface Bridge-Aggregation1

?port access vlan 10

?link-aggregation mode dynamic

#

interface Bridge-Aggregation2

?port link-type trunk

?port trunk permit vlan 1 1000

?link-aggregation mode dynamic

#

interface LoopBack0

?ip address 2.2.2.2 255.255.255.255

#

interface Vlan-interface3

?mad bfd enable

?mad ip address 192.168.2.1 255.255.255.0 member 1

?mad ip address 192.168.2.2 255.255.255.0 member 2

#

interface Vlan-interface10

?ip address 10.1.2.1 255.255.255.0

#

interface GigabitEthernet1/3/0/1

?port link-mode bridge

?port access vlan 10

?undo stp enable

?evi enable

?port link-aggregation group 1

#

interface GigabitEthernet2/3/0/1

?port link-mode bridge

?port access vlan 10

?undo stp enable

?evi enable

?port link-aggregation group 1

#

interface GigabitEthernet1/3/0/2

?port link-mode bridge

?port access vlan 3

?undo stp enable

#

interface GigabitEthernet2/3/0/2

?port link-mode bridge

?port access vlan 3

?undo stp enable

#

interface GigabitEthernet1/4/0/1

?port link-mode bridge

?port link-aggregation group 2

#

interface GigabitEthernet2/4/0/1

?port link-mode bridge

?port link-aggregation group 2

#

interface Ten-GigabitEthernet1/2/0/1

#

interface Tunnel1 mode evi

?evi selective-flooding mac-address 0100-5e00-0012 vlan 1000

?evi extend-vlan 1000

?source LoopBack0

?evi network-id 1

?evi neighbor-discovery client enable 1.1.1.1

#

ospf 1

?area 0.0.0.0

? network 2.2.2.2 0.0.0.0

? network 10.1.2.0 0.0.0.255

#

return

·     CE B:

#

?sysname CEB

#

vlan 1

#

vlan 11

#

vlan 1000

#

?stp global enable

#

interface Bridge-Aggregation2

?port link-type trunk

?port trunk permit vlan 1 1000

?link-aggregation mode dynamic

#

interface Vlan-interface11

?ip address 11.1.2.1 255.255.255.0

#

interface Vlan-interface1000

?ip address 100.0.0.2 255.255.255.0

?vrrp vrid 1 virtual-ip 100.0.0.254

#

interface GigabitEthernet4/0/1

?port link-mode bridge

?port link-aggregation group 2

#

interface GigabitEthernet4/0/2

?port link-mode bridge

?port link-aggregation group 2

#

interface GigabitEthernet5/0/1

?port link-mode bridge

?port access vlan 11

#

interface GigabitEthernet7/0/1

?port link-mode bridge

?port link-type trunk

?port trunk permit vlan 1 1000

#

ospf 1

?area 0.0.0.0

? network 11.1.2.0 0.0.0.255

? network 100.0.0.0 0.0.0.255

#

Return

6? 相关资料

·     H3C S7600系列交换机 EVI配置指导-R758X

·     H3C S7600系列交换机 EVI命令参考-R758X

·     H3C S7600系列交换机 虚拟化技术配置指导-R758X

·     H3C S7600系列交换机 虚拟化技术命令参考-R758X

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

新华三官网
联系我们