Tungsten Fabric SDN — DCI 互联操作实践
Posted 范桂飓
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了Tungsten Fabric SDN — DCI 互联操作实践相关的知识,希望对你有一定的参考价值。
目录
文章目录
L3VPN 类型
网络拓扑
第 1 段 Red Overlay:将 VN 扩展到 Site1 的 vMX
预配置部分
- 手动完成部分。
# 设置 VCP hostname。
set system host-name vmx01
# 设置 root SSH 登陆密码。
set system services ssh root-login allow
set system root-authentication encrypted-password "$6$CB6erd7z$eMvN2eCAj7xa0cY/D3OMuO.8TG3y5DYXgnxYAs/DKrUfcgWzL1FEOTOnlGcefx.ul9ZUn08VtKzfEzxqW3ak60"
# 设置开启 NERCONF SSH 功能。
set system services netconf ssh
set system services netconf traceoptions file nc
set system services netconf traceoptions flag all
# 设置开启增强 IP 网络功能。
# Doc - https://www.juniper.net/documentation/us/en/software/junos/virtual-chassis-mx/topics/task/virtual-chassis-mx-series-enhanced-ip.html
set chassis network-services enhanced-ip
# 设置开启 Dynamic Tunnels 功能。
set chassis fpc 0 pic 0 tunnel-services
# 设置 VCP Management Network Interface/IP。
set interfaces fxp0 unit 0 family inet address 10.33.70.4/24
# 设置 IP Fabric Subnet Interface/IP。
set interfaces ge-0/0/0 unit 0 family inet address 172.17.100.162/24
# 设置 External Network Interface/IP。
set interfaces ge-0/0/1 unit 0 family inet address 192.168.70.20/24
# 设置 Overlay Tunnel Endpoint Interface/IP。
# NOTE:建议使用 lo 环回接口同时作用于控制面和数据面。
set interfaces lo0 unit 0 family inet address 1.1.1.1/32
- Device Manager 完成部分。
############################### BGP 控制面
# SDNGW 具有一个全局唯一的 ASN,与 Control Node ASN 64512 不同,将使用 E-BGP 配置。
set groups __contrail__ routing-options autonomous-system 100
set groups __contrail__ routing-options router-id 1.1.1.1
set groups __contrail__ routing-options route-distinguisher-id 1.1.1.1
# type internal,当 Control Node 和 SDNGW 位于相同的 AS 中时,将使用 I-BGP 配置。
set groups __contrail__ protocols bgp group _contrail_asn-100 type internal # 类型为内部
set groups __contrail__ protocols bgp group _contrail_asn-100 local-address 1.1.1.1 # 本地地址
set groups __contrail__ protocols bgp group _contrail_asn-100 hold-time 90
set groups __contrail__ protocols bgp group _contrail_asn-100 family inet-vpn unicast # L3VPN BGP Family
set groups __contrail__ protocols bgp group _contrail_asn-100 family route-target # ROUTE TARGET BGP Family
set groups __contrail__ protocols bgp group _contrail_asn-100 export _contrail_ibgp_export_policy # 导出策略,声明发布的 VPN-IPv4 Routes 通告路由需要改变 BGP 的下一跳。
set groups __contrail__ policy-options policy-statement _contrail_ibgp_export_policy term inet-vpn from family inet-vpn
set groups __contrail__ policy-options policy-statement _contrail_ibgp_export_policy term inet-vpn then next-hop self
# type external,当 Control Node 和 SDNGW 位于不同的 AS 中时,将使用 E-BGP 配置。
set groups __contrail__ protocols bgp group _contrail_asn-100-external type external # 类型为外部
set groups __contrail__ protocols bgp group _contrail_asn-100-external multihop # 会话为多跳
set groups __contrail__ protocols bgp group _contrail_asn-100-external local-address 1.1.1.1 # 本地地址
set groups __contrail__ protocols bgp group _contrail_asn-100-external hold-time 90
set groups __contrail__ protocols bgp group _contrail_asn-100-external family inet-vpn unicast # L3VPN BGP Family
set groups __contrail__ protocols bgp group _contrail_asn-100-external family route-target # ROUTE TARGET BGP Family
set groups __contrail__ protocols bgp group _contrail_asn-100-external neighbor 172.17.100.160 peer-as 64512 # 对等 AS
############################### MPLSoGRE 数据面
# source-address 1.1.1.1 <== GRE ==> destination-networks 172.17.100.160/32
set groups __contrail__ routing-options dynamic-tunnels _contrail_asn-100 source-address 1.1.1.1
set groups __contrail__ routing-options dynamic-tunnels _contrail_asn-100 gre
set groups __contrail__ routing-options dynamic-tunnels _contrail_asn-100 destination-networks 172.17.100.0/24
set groups __contrail__ routing-options dynamic-tunnels _contrail_asn-100 destination-networks 172.17.100.160/32
动态配置部分
下述配置均为 Device Manager 完成。
# NOTE:当 Routes 需要从 SDNGW VRF 发布到 Control Node 时,需要添加 Policy Options 来附加 Community 封装属性。
# target:64512:8000005 表示 {Route Target}:{Control Node ASN}:{Target Value}
set groups __contrail__ policy-options community _contrail_target_64512_8000005 members target:64512:8000005
set groups __contrail__ policy-options community _contrail_target_100_100 members target:100:100
# L2 Routes Import
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l2-6-import term t1 from community _contrail_target_64512_8000005
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l2-6-import term t1 from community _contrail_target_100_100
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l2-6-import term t1 then accept
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l2-6-import then reject
# L2 Routes Export,导出策略,声明发布的 VPN-IPv4 Routes 通告路由需要添加指定的 Community。
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l2-6-export term t1 then community add _contrail_target_64512_8000005
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l2-6-export term t1 then community add _contrail_target_100_100
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l2-6-export term t1 then accept
# L3 Routes Import
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l3-6-import term t1 from community _contrail_target_64512_8000005
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l3-6-import term t1 from community _contrail_target_100_100
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l3-6-import term t1 then accept
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l3-6-import then reject
# L3 Routes Export
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l3-6-export term t1 then community add _contrail_target_64512_8000005
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l3-6-export term t1 then community add _contrail_target_100_100
set groups __contrail__ policy-options policy-statement _contrail_red-vn-l3-6-export term t1 then accept
# L2 VRF
set groups __contrail__ routing-instances _contrail_red-vn-l2-6 instance-type virtual-switch
set groups __contrail__ routing-instances _contrail_red-vn-l2-6 vrf-import _contrail_red-vn-l2-6-import
set groups __contrail__ routing-instances _contrail_red-vn-l2-6 vrf-export _contrail_red-vn-l2-6-export
# L3 VRF
set groups __contrail__ routing-instances _contrail_red-vn-l3-6 routing-options static route 192.168.1.0/24 discard
set groups __contrail__ routing-instances _contrail_red-vn-l3-6 routing-options auto-export family inet unicast
set groups __contrail__ routing-instances _contrail_red-vn-l3-6 instance-type vrf
set groups __contrail__ routing-instances _contrail_red-vn-l3-6 interface irb.6
set groups __contrail__ routing-instances _contrail_red-vn-l3-6 vrf-import _contrail_red-vn-l3-6-import
set groups __contrail__ routing-instances _contrail_red-vn-l3-6 vrf-export _contrail_red-vn-l3-6-export
set groups __contrail__ routing-instances _contrail_red-vn-l3-6 vrf-table-label
第 2 段 Blue Overlay:将 Site1 和 Site2 的 vMX 进行 DCI 互联
Site1
下述配置均为手动完成。
set policy-options policy-statement DCI-EVPN-T5-EXPORT term STATIC from protocol static
set policy-options policy-statement DCI-EVPN-T5-EXPORT term STATIC then accept
set policy-options policy-statement send-evpn term 1 from protocol evpn
set policy-options policy-statement send-evpn term 1 then next-hop self
set policy-options policy-statement send-evpn term 1 then accept
set routing-instances DCI routing-options static route 192.168.1.0/24 discard
set routing-instances DCI protocols evpn ip-prefix-routes advertise direct-nexthop
set routing-instances DCI protocols evpn ip-prefix-routes encapsulation vxlan
set routing-instances DCI protocols evpn ip-prefix-routes vni 100
set routing-instances DCI protocols evpn ip-prefix-routes export DCI-EVPN-T5-EXPORT
set routing-instances DCI instance-type vrf
set routing-instances DCI route-distinguisher 1.1.1.1:100
set routing-instances DCI vrf-target target:100:100
set routing-instances DCI vrf-table-label
set routing-options static route 2.2.2.2/32 next-hop 192.168.70.21
set protocols bgp group DCI type internal
set protocols bgp group DCI local-address 1.1.1.1
set protocols bgp group DCI family evpn signaling
set protocols bgp group DCI export send-evpn
set protocols bgp group DCI local-as 100
set protocols bgp group DCI neighbor 2.2.2.2
set protocols bgp group DCI vpn-apply-export
Site2
下述配置均为手动完成。
set policy-options policy-statement DCI-EVPN-T5-EXPORT term STATIC from protocol static
set policy-options policy-statement DCI-EVPN-T5-EXPORT term STATIC then accept
set policy-options policy-statement send-evpn term 1 from protocol evpn
set policy-options policy-statement send-evpn term 1 then next-hop self
set policy-options policy-statement send-evpn term 1 then accept
set routing-instances DCI routing-options static route 192.168.2.0/24 discard
set routing-instances DCI protocols evpn ip-prefix-routes advertise direct-nexthop
set routing-instances DCI protocols evpn ip-prefix-routes encapsulation vxlan
set routing-instances DCI protocols evpn ip-prefix-routes vni 100
set routing-instances DCI protocols evpn ip-prefix-routes export DCI-EVPN-T5-EXPORT
set routing-instances DCI instance-type vrf
set routing-instances DCI route-distinguisher 2.2.2.2:100
set routing-instances DCI vrf-target target:100:100
set routing-instances DCI vrf-table-label
set routing-options static route 1.1.1.1/32 next-hop 192.168.70.20
set protocols bgp group DCI type internal
set protocols bgp group DCI local-address 2.2.2.2
set protocols bgp group DCI family evpn signaling
set protocols bgp group DCI export send-evpn
set protocols bgp group DCI local-as 100
set protocols bgp group DCI neighbor 1.1.1.1
set protocols bgp group DCI vpn-apply-export
第 3 段 Green Overlay:将 VN 扩展到 Site2 的 vMX
预配置部分
- 手动完成部分。
set system host-name vmx02
set system services ssh root-login allow
set system root-authentication encrypted-password "$6$s8bUq1OS$BxhUz7.5R0yZMbF1C4alxB7d052dn1h3Ts4V4cQ4RnIi2aLrciQ8WQ1yPNGfrSEJMCKrw4bdcuVWlmmedwb5y/"
set system services netconf ssh
set system services netconf traceoptions file nc
set system services netconf traceoptions flag all
set chassis network-services enhanced-ip
set chassis fpc 0 pic 0 tunnel-services
set interfaces fxp0 unit 0 family inet address 10.33.70.14/24
set interfaces ge-0/0/0 unit 0 family inet address 172.17.200.162/24
set interfaces ge-0/0/1 unit 0 family inet address 192.168.70.21/24
set interfaces lo0 unit 0 family inet address 2.2.2.2/32
- Device Manager 完成部分。
set groups __contrail__ protocols bgp group _contrail_asn-100 type internal
set groups __contrail__ protocols bgp group _contrail_asn-100 local-address 2.2.2.2
set groups __contrail__ protocols bgp group _contrail_asn-100 hold-time 90
set groups __contrail__ protocols bgp group _contrail_asn-100 family inet-vpn unicast
set groups __contrail__ protocols bgp group _contrail_asn-100 family route-target
set groups __contrail__ protocols bgp group _contrail_asn-100 export _contrail_ibgp_export_policy
set groups __contrail__ policy-options policy-statement _contrail_ibgp_export_policy term inet-vpn from family inet-vpn
set groups __contrail__ policy-options policy-statement _contrail_ibgp_export_policy term inet-vpn then next-hop self
set groups __contrail__ protocols bgp group _contrail_asn-100-external type external
set groups __contrail__ protocols bgp group _contrail_asn-100-external multihop
set groups __contrail__ protocols bgp group _contrail_asn-100-external local-address 2.2.2.2
set groups __contrail__ protocols bgp group _contrail_asn-100-external hold-time 90
set groups __contrail__ protocols bgp group _contrail_asn-100-external family inet-vpn unicast
set groups __contrail__ protocols bgp group _contrail_asn-100-external family route-target
set groups __contrail__ protocols bgp group _contrail_asn-100-external neighbor 172.17.200.160 peer-as 64513
set groups __contrail__ routing-options autonomous-system 100
set groups __contrail__ routing-options router-id 2.2.2.2
set groups __contrail__ routing-options route-distinguisher-id 2.2.2.2
set groups __contrail__ routing-options dynamic-tunnels _contrail_asn-100 source-address 2.2.2.2
set groups __contrail__ routing-options dynamic-tunnels _contrail_asn-100 gre
set groups __contrail__ routing-options dynamic-tunnels _contrail_asn-100 destination-networks 172.17.200.0/24
set groups __contrail__ routing-options dynamic-tunnels _contrail_asn-100 destination-networks 172.17.200.160/32
动态配置部分
下属配置可通过 Device Manager 完成。
set groups __contrail__ policy-options community _contrail_target_64513_8000007 members target:64513:8000007
set groups __contrail__ policy-options community _contrail_target_100_100 members target:100:100
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l2-8-export term t1 then community add _contrail_target_100_100
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l2-8-export term t1 then community add _contrail_target_64513_8000007
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l2-8-export term t1 then accept
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l2-8-import term t1 from community _contrail_target_100_100
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l2-8-import term t1 from community _contrail_target_64513_8000007
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l2-8-import term t1 then accept
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l2-8-import then reject
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l3-8-export term t1 then community add _contrail_target_100_100
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l3-8-export term t1 then community add _contrail_target_64513_8000007
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l3-8-export term t1 then accept
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l3-8-import term t1 from community _contrail_target_100_100
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l3-8-import term t1 from community _contrail_target_64513_8000007
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l3-8-import term t1 then accept
set groups __contrail__ policy-options policy-statement _contrail_green-vn-l3-8-import then reject
set groups __contrail__ routing-instances _contrail_green-vn-l2-8 instance-type virtual-switch
set groups __contrail__ routing-instances _contrail_green-vn-l2-8 vrf-import _contrail_green-vn-l2-8-import
set groups __contrail__ routing-instances _contrail_green-vn-l2-8 vrf-export _contrail_green-vn-l2-8-export
set groups __contrail__ routing-instances _contrail_green-vn-l3-8 routing-options static route 192.168.2.0/24 discard
set groups __contrail__ routing-instances _contrail_green-vn-l3-8 routing-options auto-export family inet unicast
set groups __contrail__ routing-instances _contrail_green-vn-l3-8 instance-type vrf
set groups __contrail__ routing-instances _contrail_green-vn-l3-8 interface irb.8
set groups __contrail__ routing-instances _contrail_green-vn-l3-8 vrf-import _contrail_green-vn-l3-8-import
set groups __contrail__ routing-instances _contrail_green-vn-l3-8 vrf-export _contrail_green-vn-l3-8-export
set groups __contrail__ routing-instances _contrail_green-vn-l3-8 vrf-table-label
L2VPN 类型
待续。
以上是关于Tungsten Fabric SDN — DCI 互联操作实践的主要内容,如果未能解决你的问题,请参考以下文章