vxlan报文 wireshark_配置 VXLAN
简介
本文档简要概述虚拟可扩展局域网 (VXLAN),并提供了几个配置示例以及验证命令和输出。
Cisco 建议您了解以下主题:
组播路由概念,例如交汇点 (RP) 和平台无关组播 (PIM)。
虚拟端口通道 (vPC) 概念。
本文档假设,在配置 VXLAN 前已建立 IP 路由和组播路由。
使用的组件
本文档中的信息基于以下软件和硬件版本:
运行版本 7.0(3)I1(1b) 的 Nexus 9396 系列用作 vPC 虚拟隧道终端 (VTEP)
运行版本 6.0(2)U5(1) 的 Nexus 3172
已安装 LAN_ENTERPRISE_SERVICES_PKG 许可证
本文档中的信息都是基于特定实验室环境中的设备编写的。本文档中使用的所有设备最初均采用原始(默认)配置。如果您使用的是真实网络,请确保您已经了解所有命令的潜在影响。
背景信息
术语
VXLAN(虚拟可扩展局域网)- 该技术提供与当前 VLAN 相同的以太网第 2 层网络服务,但其可扩展性和灵活性更为出色。
VNID(VXLAN 网络标识符)- 用于定义广播域的 24 位网段 ID。可与“VXLAN 网段 ID”互换。
VTEP(虚拟隧道终端)- 这是执行封装和解封的设备。
NVE(网络虚拟接口)- 执行封装和解封所在的逻辑接口。
什么是 VXLAN?
VXLAN 是一种可以使用任何 IP 路由协议在第 3 层 (L3) 底层网络上重叠第 2 层 (L2) 网络的技术。
它使用 MAC-in-UDP 封装(将 MAC 封装到 UDP 中)。
VXLAN 解决了三个主要问题:
支持 1600 万个 VNI(广播域),而传统 VLAN 仅提供 4000 个。
允许在 IP 网络中的任意位置扩展第 2 层网络。
泛洪功能经过优化。
为什么实施 VXLAN?
VLAN 可扩展性 - VXLAN 可将第 2 层网段 ID 字段扩展到 24 位,最多可在同一个网络上支持 1600 万个唯一的第 2 层网段。
第 3 层边界上的第 2 层网段弹性 - VXLAN 将第 2 层帧封装在 IP UDP 报头中,因此第 2 层邻接关系可以跨路由器边界。
在传输网络中利用组播,以便模拟第 2 层网段中的广播、未知单播和组播泛洪行为。
利用等价多路径 (ECMP),以通过传输网络实现最佳路径使用情况。
配置
网络图
配置
这些配置是 VXLAN 配置部分的特定配置。请注意,9396-A 和 B 在 vPC 域中,而 3172-A 不在。这些配置假设,通过您选择的路由协议,可以完全访问拓扑中的所有第 3 层接口。本示例中使用的是开放最短路径优先 (OSPF)。此外还假设,已在这些相同的第 3 层接口上建立组播路由。
3172-A
feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay
vlan 10
vn-segment 160010
vlan 20
vn-segment 160020
interface nve1
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
no shutdown
interface Ethernet1/3
no switchport
ip address 192.168.1.10/30
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
interface loopback1
ip address 192.168.2.5/32
ip router ospf 2 area 0.0.0.0
ip pim sparse-mode
9396-A
Note:当 vPC 用作 VTEP 时,在两个对等体之间使用并共享环回接口的辅助 IP。两个对等体通过此方式向远程 NVE 对等体表示自己是一个 VTEP。
feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay
ip pim rp-address 192.168.1.100 group-list 224.0.0.0/4
vlan 1,10,20
vlan 10
vn-segment 160010
vlan 20
vn-segment 160020
vpc domain 1
peer-switch
peer-keepalive destination 10.122.140.99
peer-gateway
interface port-channel1
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel48
switchport mode trunk
vpc 48
interface nve1
mtu 9216
no shutdown
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
interface Ethernet1/7
no switchport
ip address 192.168.1.2/30
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback1
ip address 192.168.2.2/32
ip address 192.168.2.1/32 secondary
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
9396-B
Note:当 vPC 用作 VTEP 时,在两个对等体之间使用并共享环回接口的辅助 IP。两个对等体通过此方式向远程 NVE 对等体表示自己是一个 VTEP。
feature ospf
feature pim
feature vn-segment-vlan-based
feature nv overlay
ip pim rp-address 192.168.1.100 group-list 224.0.0.0/4
vlan 1,10,20
vlan 10
vn-segment 160010
vlan 20
vn-segment 160020
vpc domain 1
peer-switch
peer-keepalive destination 10.122.140.98
peer-gateway
interface port-channel1
switchport mode trunk
spanning-tree port type network
vpc peer-link
interface port-channel48
switchport mode trunk
vpc 48
interface nve1
mtu 9216
no shutdown
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
interface Ethernet1/7
no switchport
ip address 192.168.1.6/30
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
no shutdown
interface loopback1
ip address 192.168.2.3/32
ip address 192.168.2.1/32 secondary
ip router ospf 1 area 0.0.0.0
ip pim sparse-mode
使用本部分可确认配置能否正常运行。
思科 CLI 分析器(仅适用于注册客户)支持某些 show 命令。要查看对 show 命令输出的分析,请使用思科 CLI 分析器。
show nve peers
show nve vni
show run interface nve1
show nve internal platform interface detail(仅 9K)
show mac address-table
show ip mroute detail
输出示例
这些输出都处于稳定状态。VTEP 对等体已发现彼此,且二者间已在封装和解封两个方向传输流量。
3172-A
3172-A# show nve peers
Interface Peer-IP Peer-State
---------------- --------------- -------------
nve1 192.168.2.1 Up
3712-A# show nve vni
Interface VNI Multicast-group VNI State
---------------- -------- --------------- ---------
nve1 160010 231.1.1.1 Up
nve1 160020 231.1.1.1 Up
3172-A# show run interface nve1
!Command: show running-config interface nve1
!Time: Sat Apr 25 15:09:13 2015
version 6.0(2)U5(1)
interface nve1
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
no shutdown
3172-A# show nve internal platform interface detail
3172-A# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since first seen,+ - primary entry using vPC Peer-Link
VLAN MAC Address Type age Secure NTFY Ports/SWID.SSID.LID
---------+-----------------+--------+---------+------+----+------------------
* 10 0000.1111.1111 dynamic 5030 F F Eth1/48
* 10 0000.2222.2222 dynamic 5010 F F nve1(192.168.2.1)
3172-A# show ip mroute detail
IP Multicast Routing Table for VRF "default"
Total number of routes: 3
Total number of (*,G) routes: 1
Total number of (S,G) routes: 1
Total number of (*,G-prefix) routes: 1
(*, 231.1.1.1/32), uptime: 3w3d, static(1) pim(0) ip(0)
Stats: 15/1539 [Packets/Bytes], 0.000 bps
Incoming interface: Ethernet1/3, RPF nbr: 192.168.1.9, uptime: 1w0d
Outgoing interface list: (count: 1)
loopback1, uptime: 3w3d, static
(192.168.2.5/32, 231.1.1.1/32), uptime: 3w3d, ip(0) mrib(1) pim(1)
Stats: 142751/9136064 [Packets/Bytes], 34.133 bps
Incoming interface: loopback1, RPF nbr: 192.168.2.5, uptime: 3w3d
Outgoing interface list: (count: 2)
Ethernet1/3, uptime: 1w0d, pim
loopback1, uptime: 3w3d, mrib, (RPF)
(*, 232.0.0.0/8), uptime: 3w3d, pim(0) ip(0)
Stats: 0/0 [Packets/Bytes], 0.000 bps
Incoming interface: Null, RPF nbr: 0.0.0.0, uptime: 3w3d
Outgoing interface list: (count: 0)
9396-A
9396-A# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 192.168.2.5 Up DP 2d20h n/a
9396-A# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 160010 231.1.1.1 Up DP L2 [10]
nve1 160020 231.1.1.1 Up DP L2 [20]
9396-A# show run interface nve1
!Command: show running-config interface nve1
!Time: Sat Apr 25 15:20:45 2015
version 7.0(3)I1(1a)
interface nve1
mtu 9216
no shutdown
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
9396-A# show nve internal platform interface detail
Printing details of all NVE Interfaces
|======|=========================|===============|===============|=====|=====|
|Intf |State |PriIP |SecIP |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1 |UP |192.168.2.2 |192.168.2.1 |2 |1 |
|======|=========================|===============|===============|=====|=====|
SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|
|Sw BD |Vni |State |Intf |Type|Vrf-ID|
|======|======|=========================|======|====|======|
|10 |160010|UP |nve1 |DP |0
|20 |160020|UP |nve1 |DP |0
|======|======|=========================|======|====|======|
Peers of interface nve1:
============================================
peer_ip: 192.168.2.5, peer_id: 1, state: UP MAC-learning: Enabled
active_swbds:
add_pending_swbds:
rem_pending_swbds:
9396-A# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
+ 10 0000.1111.1111 dynamic 0 F F nve1(192.168.2.5)
* 10 0000.2222.2222 dynamic 0 F F Po48
G - 7c0e.ceca.f177 static - F F sup-eth1(R)
9396-A# show ip mroute detail
IP Multicast Routing Table for VRF "default"
Total number of routes: 4
Total number of (*,G) routes: 1
Total number of (S,G) routes: 2
Total number of (*,G-prefix) routes: 1
(*, 231.1.1.1/32), uptime: 2d21h, nve(1) ip(0) pim(0)
Data Created: No
Stats: 1/64 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.1
Outgoing interface list: (count: 1)
nve1, uptime: 2d21h, nve
(192.168.2.1/32, 231.1.1.1/32), uptime: 2d21h, nve(0) ip(0) mrib(0) pim(0)
Data Created: Yes
VXLAN Flags
VXLAN Encap
Stats: 1/51 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: loopback1, RPF nbr: 192.168.2.1
Outgoing interface list: (count: 0)
(192.168.2.5/32, 231.1.1.1/32), uptime: 2d21h, ip(0) mrib(0) nve(1) pim(0)
Data Created: Yes
Stats: 16474/1370086 [Packets/Bytes], 13.600 bps
Stats: Active Flow
Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.1
Outgoing interface list: (count: 1)
nve1, uptime: 2d21h, nve
(*, 232.0.0.0/8), uptime: 2d21h, pim(0) ip(0)
Data Created: No
Stats: 0/0 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Null, RPF nbr: 0.0.0.0
Outgoing interface list: (count: 0)
9396-A# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : secondary
Number of vPCs configured : 1
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 1,10,20
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
48 Po48 up success success 1,10
9396-B
9396-B# show nve peers
Interface Peer-IP State LearnType Uptime Router-Mac
--------- --------------- ----- --------- -------- -----------------
nve1 192.168.2.5 Up DP 1w0d n/a
9396-B# show nve vni
Codes: CP - Control Plane DP - Data Plane
UC - Unconfigured SA - Suppress ARP
Interface VNI Multicast-group State Mode Type [BD/VRF] Flags
--------- -------- ----------------- ----- ---- ------------------ -----
nve1 160010 231.1.1.1 Up DP L2 [10]
nve1 160020 231.1.1.1 Up DP L2 [20]
9396-B# show run interface nve1
!Command: show running-config interface nve1
!Time: Sat Apr 25 15:23:25 2015
version 7.0(3)I1(1b)
interface nve1
mtu 9216
no shutdown
source-interface loopback1
member vni 160010 mcast-group 231.1.1.1
member vni 160020 mcast-group 231.1.1.1
9396-B# show nve internal platform interface detail
Printing details of all NVE Interfaces
|======|=========================|===============|===============|=====|=====|
|Intf |State |PriIP |SecIP |Vnis |Peers|
|======|=========================|===============|===============|=====|=====|
|nve1 |UP |192.168.2.3 |192.168.2.1 |2 |1 |
|======|=========================|===============|===============|=====|=====|
SW_BD/VNIs of interface nve1:
================================================
|======|======|=========================|======|====|======|
|Sw BD |Vni |State |Intf |Type|Vrf-ID|
|======|======|=========================|======|====|======|
|10 |160010|UP |nve1 |DP |0
|20 |160020|UP |nve1 |DP |0
|======|======|=========================|======|====|======|
Peers of interface nve1:
============================================
peer_ip: 192.168.2.5, peer_id: 1, state: UP MAC-learning: Enabled
active_swbds:
add_pending_swbds:
rem_pending_swbds:
9396-B# show mac address-table vlan 10
Legend:
* - primary entry, G - Gateway MAC, (R) - Routed MAC, O - Overlay MAC
age - seconds since last seen,+ - primary entry using vPC Peer-Link,
(T) - True, (F) - False
VLAN MAC Address Type age Secure NTFY Ports
---------+-----------------+--------+---------+------+----+------------------
* 10 0000.1111.1111 dynamic 0 F F nve1(192.168.2.5)
+ 10 0000.2222.2222 dynamic 0 F F Po48
G - 58f3.9ca3.64dd static - F F sup-eth1(R)
9396-B# show ip mroute detail
IP Multicast Routing Table for VRF "default"
Total number of routes: 4
Total number of (*,G) routes: 1
Total number of (S,G) routes: 2
Total number of (*,G-prefix) routes: 1
(*, 231.1.1.1/32), uptime: 2w1d, nve(1) ip(0) pim(0)
Data Created: No
VXLAN Flags
VXLAN Decap
VPC Flags
RPF-Source Forwarder
Stats: 1/64 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.5
Outgoing interface list: (count: 1)
nve1, uptime: 2w1d, nve
(192.168.2.1/32, 231.1.1.1/32), uptime: 2w1d, nve(0) ip(0) mrib(0) pim(1)
Data Created: Yes
VXLAN Flags
VXLAN Encap
VPC Flags
RPF-Source Forwarder
Stats: 5/511 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: loopback1, RPF nbr: 192.168.2.1
Outgoing interface list: (count: 1)
Ethernet1/7, uptime: 1w0d, pim
(192.168.2.5/32, 231.1.1.1/32), uptime: 2w1d, ip(0) mrib(0) pim(0) nve(1)
Data Created: Yes
VXLAN Flags
VXLAN Decap
VPC Flags
RPF-Source Forwarder
Stats: 86621/7241564 [Packets/Bytes], 13.600 bps
Stats: Active Flow
Incoming interface: Ethernet1/7, RPF nbr: 192.168.1.5
Outgoing interface list: (count: 1)
nve1, uptime: 2w1d, nve
(*, 232.0.0.0/8), uptime: 2w1d, pim(0) ip(0)
Data Created: No
Stats: 0/0 [Packets/Bytes], 0.000 bps
Stats: Inactive Flow
Incoming interface: Null, RPF nbr: 0.0.0.0
Outgoing interface list: (count: 0)
9396-B# show vpc
Legend:
(*) - local vPC is down, forwarding via vPC peer-link
vPC domain id : 1
Peer status : peer adjacency formed ok
vPC keep-alive status : peer is alive
Configuration consistency status : success
Per-vlan consistency status : success
Type-2 consistency status : success
vPC role : primary
Number of vPCs configured : 1
Peer Gateway : Enabled
Dual-active excluded VLANs : -
Graceful Consistency Check : Enabled
Auto-recovery status : Disabled
vPC Peer-link status
---------------------------------------------------------------------
id Port Status Active vlans
-- ---- ------ --------------------------------------------------
1 Po1 up 1,10,20
vPC status
----------------------------------------------------------------------
id Port Status Consistency Reason Active vlans
-- ---- ------ ----------- ------ ------------
48 Po48 up success success 1,10
VXLAN 数据包捕获
数据包捕获 (PCAP) 来自上一个拓扑,并包括网络图中所示拓扑的 OSPF hello 数据包、PIM 加入/注册消息和 VXLAN 封装流量。您将注意到一些互联网控制消息协议 (ICMP) 标记,例如“no response”。这是因为 RP 上完成的监控会话的性质而造成的。
监控会话包括接口 Eth4/17-18 和 Eth4/20,因此它会抛出一些 Wireshark。重要的信息是格式和标记。
Note:所有封装数据包(BUM 或称已知单播)均来自远程 VTEP 环回 IP 并发往远程 VTEP 环回 IP。这是任何 vPC VTEP 上的辅助环回 IP。
BUM(广播,未知单播、组播)流量将发往组播组。
单播流量将发往远程 VTEP 环回 IP。
目前没有针对此配置的故障排除信息。
相关信息