Example for configuring VXLAN for a Virtual Network in Centralized Gateway Mode (IPv4 over IPv6, Static Mode)
Networking Requirements
An enterprise has constructed a mature campus network but does not have a dedicated data center network. All the servers of the enterprise are scattered in different departments. The enterprise wants to construct a virtual data center network over the existing campus network to meet the following requirements:
- Servers scattered in different departments form a virtual network, realizing resource integration and flexible service deployment.
- The server network is an IPv4 network, and the campus interconnection network is an IPv6 network.
- A large number of VMs are deployed on each server, and VMs providing different services can communicate at Layer 3.
Data Plan
Device |
VXLAN Tunnel |
BD |
VNI |
Source IP |
Peer IP |
|---|---|---|---|---|---|
VTEP1 |
VTEP1—>VTEP2 |
10 |
10 |
FC00::1 |
FC00::2 |
VTEP1—>VTEP3 |
20 |
20 |
FC00::1 |
FC00::3 |
|
VTEP2 |
VTEP2—>VTEP1 |
10 |
10 |
FC00::2 |
FC00::1 |
VTEP3 |
VTEP3—>VTEP1 |
20 |
20 |
FC00::3 |
FC00::1 |
Configuration Roadmap
The configuration roadmap is as follows:
- Configure a routing protocol on VTEP1, VTEP2, and VTEP3 to ensure Layer 3 network connectivity.
- Configure a deployment mode for the VXLAN access service on VTEP2 and VTEP3, and configure a VLAN on Switch1 and Switch2.
- Configure information for VXLAN tunnel establishment on VTEP1, VTEP2, and VTEP3.
- Configure a Layer 3 VXLAN gateway on VTEP1.
Layer 3 interconnection of the campus network is the basis of the virtual network. If Layer 3 interconnection has been implemented on the live campus network, step 1 in this example can be omitted.
Procedure
- Configure a routing protocol.
# Assign IP addresses to the interfaces of VTEP2. The configurations of VTEP3 and VTEP1 are similar to the configuration of VTEP2, and are not mentioned here. When OSPFv3 is used, the loopback address of each switch must be advertised.
<HUAWEI> system-view [HUAWEI] sysname VTEP2 [VTEP2] ipv6 [VTEP2] interface loopback 1 [VTEP2-LoopBack1] ipv6 enable [VTEP2-LoopBack1] ipv6 address FC00::2 128 [VTEP2-LoopBack1] quit [VTEP2] interface gigabitethernet 0/0/1 [VTEP2-GigabitEthernet0/0/1] undo portswitch [VTEP2-GigabitEthernet0/0/1] ipv6 enable [VTEP2-GigabitEthernet0/0/1] ipv6 address FC00:1::2 64 [VTEP2-GigabitEthernet0/0/1] quit [VTEP2] ospfv3 [VTEP2-ospfv3-1] router-id 0.0.0.2 [VTEP2-ospfv3-1] quit [VTEP2] interface loopback 1 [VTEP2-LoopBack1] ospfv3 1 area 0 [VTEP2-LoopBack1] quit [VTEP2] interface gigabitethernet 0/0/1 [VTEP2-GigabitEthernet0/0/1] ospfv3 1 area 0 [VTEP2-GigabitEthernet0/0/1] quit
# After OSPFv3 is configured, the switches can learn the loopback interface address of each other and successfully ping each other. The following shows the ping result from VTEP2 to VTEP3.
[VTEP2] ping ipv6 FC00::3 PING fc00::3 : 56 data bytes, press CTRL_C to break Reply from FC00::3 bytes=56 Sequence=1 hop limit=63 time = 3 ms Reply from FC00::3 bytes=56 Sequence=2 hop limit=63 time = 3 ms Reply from FC00::3 bytes=56 Sequence=3 hop limit=63 time = 5 ms Reply from FC00::3 bytes=56 Sequence=4 hop limit=63 time = 41 ms Reply from FC00::3 bytes=56 Sequence=5 hop limit=63 time = 3 ms --- fc00::3 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 3/11/41 ms - Configure VLAN access on Switch1 and Switch2 and configure the access point for the VXLAN service on VTEP2 and VTEP3.
# Configure VTEP2.
[VTEP2] bridge-domain 10 [VTEP2-bd10] quit [VTEP2] vcmp role silent [VTEP2] interface gigabitethernet 0/0/2 [VTEP2-GigabitEthernet0/0/2] port link-type trunk [VTEP2-GigabitEthernet0/0/2] quit [VTEP2] interface gigabitethernet 0/0/2.1 mode l2 [VTEP2-GigabitEthernet0/0/2.1] encapsulation dot1q vid 10 [VTEP2-GigabitEthernet0/0/2.1] bridge-domain 10 [VTEP2-GigabitEthernet0/0/2.1] quit
# Configure VTEP3.
[VTEP3] bridge-domain 20 [VTEP3-bd20] quit [VTEP3] vcmp role silent [VTEP3] interface gigabitethernet 0/0/2 [VTEP3-GigabitEthernet0/0/2] port link-type trunk [VTEP3-GigabitEthernet0/0/2] quit [VTEP3] interface gigabitethernet 0/0/2.1 mode l2 [VTEP3-GigabitEthernet0/0/2.1] encapsulation dot1q vid 20 [VTEP3-GigabitEthernet0/0/2.1] bridge-domain 20 [VTEP3-GigabitEthernet0/0/2.1] quit
# Configure Switch1.
<HUAWEI> system-view [HUAWEI] sysname Switch1 [Switch1] vlan 10 [Switch1-vlan10] quit [Switch1] interface gigabitethernet 0/0/2 [Switch1-GigabitEthernet0/0/2] port link-type access [Switch1-GigabitEthernet0/0/2] port default vlan 10 [Switch1-GigabitEthernet0/0/2] quit [Switch1] interface gigabitethernet 0/0/1 [Switch1-GigabitEthernet0/0/1] port link-type trunk [Switch1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 [Switch1-GigabitEthernet0/0/1] quit
# Configure Switch2.
<HUAWEI> system-view [HUAWEI] sysname Switch2 [Switch2] vlan 20 [Switch2-vlan20] quit [Switch2] interface gigabitethernet 0/0/2 [Switch2-GigabitEthernet0/0/2] port link-type access [Switch2-GigabitEthernet0/0/2] port default vlan 20 [Switch2-GigabitEthernet0/0/2] quit [Switch2] interface gigabitethernet 0/0/1 [Switch2-GigabitEthernet0/0/1] port link-type trunk [Switch2-GigabitEthernet0/0/1] port trunk allow-pass vlan 20 [Switch2-GigabitEthernet0/0/1] quit
- Configure information for VXLAN tunnel establishment on VTEP2, VTEP3, and VTEP1.
# Configure VTEP2.
[VTEP2] bridge-domain 10 [VTEP2-bd10] vxlan vni 10 [VTEP2-bd10] quit [VTEP2] interface nve 1 [VTEP2-Nve1] source FC00::2 [VTEP2-Nve1] vni 10 head-end peer-list FC00::1 [VTEP2-Nve1] quit
# Configure VTEP3.
[VTEP3] bridge-domain 20 [VTEP3-bd20] vxlan vni 20 [VTEP3-bd20] quit [VTEP3] interface nve 1 [VTEP3-Nve1] source FC00::3 [VTEP3-Nve1] vni 20 head-end peer-list FC00::1 [VTEP3-Nve1] quit
# Configure VTEP1.
[VTEP1] bridge-domain 10 [VTEP1-bd10] vxlan vni 10 [VTEP1-bd10] quit [VTEP1] bridge-domain 20 [VTEP1-bd20] vxlan vni 20 [VTEP1-bd20] quit [VTEP1] interface nve 1 [VTEP1-Nve1] source FC00::1 [VTEP1-Nve1] vni 10 head-end peer-list FC00::2 [VTEP1-Nve1] vni 20 head-end peer-list FC00::3 [VTEP1-Nve1] quit
- Configure a Layer 3 VXLAN gateway on VTEP1.
[VTEP1] interface vbdif 10 [VTEP1-Vbdif10] ip address 192.168.10.1 24 [VTEP1-Vbdif10] quit [VTEP1] interface vbdif 20 [VTEP1-Vbdif20] ip address 192.168.20.1 24 [VTEP1-Vbdif20] quit
- Verify the configuration.
# After the preceding configuration, run the display vxlan vni and display vxlan tunnel commands on VTEP1, VTEP2, and VTEP3. You can view that the VNI status is up and VXLAN tunnel information is displayed. The command output of VTEP1 is used as an example.
[VTEP1] display vxlan vni VNI BD-ID State ----------------------------------------- 10 10 up 20 20 up ----------------------------------------- Number of vxlan vni bound to BD is : 2 VNI VRF-ID ----------------------------------------- ----------------------------------------- Number of vxlan vni bound to VPN is : 0
[VTEP1] display vxlan tunnel Tunnel ID Source Destination State Type -------------------------------------------------------------------------------------------------------------------- 4026531841 FC00::1 FC00::2 up static 4026531842 FC00::1 FC00::3 up static -------------------------------------------------------------------------------------------------------------------- Number of vxlan tunnel : Total : 2 Static: 2 L2 dynamic: 0 L3 dynamic: 0
# After the configuration is complete, users in different network segments can communicate over VXLAN gateway. The following shows the ping result from VM1 on Server1 to VM1 on Server2.
C:\Users\VM1>ping 192.168.20.10 Pinging 192.168.20.10 with 32 bytes of data: Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Reply from 192.168.20.10: bytes=32 time=1ms TTL=126 Ping statistics for 192.168.20.10: Packets: Sent = 4, Received = 4, Lost = 0 (0% loss), Approximate round trip times in milli-seconds: Minimum = 1ms, Maximum = 1ms, Average = 1ms
Configuration Files
VTEP1 configuration file
# sysname VTEP1 # ipv6 # ospfv3 1 router-id 0.0.0.1 # bridge-domain 10 vxlan vni 10 bridge-domain 20 vxlan vni 20 # interface GigabitEthernet0/0/1 undo portswitch ipv6 enable ipv6 address FC00:1::1/64 ospfv3 1 area 0.0.0.0 # interface GigabitEthernet0/0/2 undo portswitch ipv6 enable ipv6 address FC00:2::1/64 ospfv3 1 area 0.0.0.0 # interface LoopBack1 ipv6 enable ipv6 address FC00::1/128 ospfv3 1 area 0.0.0.0 # interface Vbdif10 ip address 192.168.10.1 255.255.255.0 # interface Vbdif20 ip address 192.168.20.1 255.255.255.0 # interface Nve1 source FC00::1 vni 10 head-end peer-list FC00::2 vni 20 head-end peer-list FC00::3 # return
VTEP2 configuration file
# sysname VTEP2 # ipv6 # vcmp role silent # ospfv3 1 router-id 0.0.0.2 # bridge-domain 10 vxlan vni 10 # interface GigabitEthernet0/0/1 undo portswitch ipv6 enable ipv6 address FC00:1::2/64 ospfv3 1 area 0.0.0.0 # interface GigabitEthernet0/0/2 port link-type trunk # interface GigabitEthernet0/0/2.1 mode l2 encapsulation dot1q vid 10 bridge-domain 10 # interface LoopBack1 ipv6 enable ipv6 address FC00::2/128 ospfv3 1 area 0.0.0.0 # interface Nve1 source FC00::2 vni 10 head-end peer-list FC00::1 # return
VTEP3 configuration file
# sysname VTEP3 # ipv6 # vcmp role silent # ospfv3 1 router-id 0.0.0.2 # bridge-domain 20 vxlan vni 20 # interface GigabitEthernet0/0/1 undo portswitch ipv6 enable ipv6 address FC00:2::2/64 ospfv3 1 area 0.0.0.0 # interface GigabitEthernet0/0/2 port link-type trunk # interface GigabitEthernet0/0/2.1 mode l2 encapsulation dot1q vid 20 bridge-domain 20 # interface LoopBack1 ipv6 enable ipv6 address FC00::3/128 ospfv3 1 area 0.0.0.0 # interface Nve1 source FC00::3 vni 20 head-end peer-list FC00::1 # return
Configuration file of Switch1
# sysname Switch1 # vlan batch 10 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 # return
Configuration file of Switch2
# sysname Switch2 # vlan batch 20 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 20 # interface GigabitEthernet0/0/2 port link-type access port default vlan 20 # return