五十八、配置VXLAN不同子网互访（集中式网关）实验组网

1、网络拓扑图

2、实验目的

通过OSPFv2的配置令设备leaf1、spine与leaf2相互联通，构建基于IPv4的underlay网络，PC1与PC2属于不同网段且不同VLAN的用户；通过在三台设备上配置VXLAN隧道，实现两台客户端主机跨网段之间的互访，VXLAN网关集中在spine上

3、实验配置

leaf1：

<leaf1>display current-configuration  

!Software Version V200R005C10SPC607B607

!Last configuration was updated at 2024-01-11 11:45:14+00:00

!Last configuration was saved at 2024-01-11 12:19:32+00:00

#

sysname leaf1

#

device board 17 board-type CE-MPUB

device board 1 board-type CE-LPUE

#

bridge-domain 10 #创建本地桥接域，把两个域桥接在一起

vxlan vni 1000 #创建VXLAN，其VNI编号为1000 

#

aaa

#

authentication-scheme default

#

authorization-scheme default

#

accounting-scheme default

#

domain default

#

domain default_admin

#

interface MEth0/0/0

undo shutdown

#

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.1.1.1 255.255.255.0

#

interface GE1/0/1

undo shutdown

#

interface GE1/0/1.10 mode l2

encapsulation dot1q vid 10

bridge-domain 10

#

interface GE1/0/2

shutdown

#

interface GE1/0/3

shutdown

#

interface GE1/0/4

shutdown

#

interface GE1/0/5

shutdown

#

interface GE1/0/6

shutdown

#

interface GE1/0/7

shutdown

#

interface GE1/0/8

shutdown

#

interface GE1/0/9

shutdown

#

interface LoopBack0

ip address 1.1.1.1 255.255.255.255

#

interface Nve1#创建并进入NVE接口 

source 1.1.1.1#指定VTEP接口 

vni 1000 head-end peer-list 2.2.2.2 #在VNI 1000下指定对端NVE设备的VTEP地址 

#

interface NULL0

#

ospf 100 router-id 1.1.1.1

area 0.0.0.0

 network 1.1.1.1 0.0.0.0

 network 10.1.1.0 0.0.0.255

#

ssh authorization-type default aaa

#

ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_

cbc aes128_cbc 3des_cbc

#

ssh server dh-exchange min-len 1024

#

ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_

cbc aes128_cbc 3des_cbc

#

user-interface con 0

#

vm-manager

#

return

<leaf1> 

spine:

<spine>display current-configuration  

!Software Version V200R005C10SPC607B607

!Last configuration was updated at 2024-01-11 11:40:22+00:00

!Last configuration was saved at 2024-01-11 12:19:23+00:00

#

sysname spine

#

device board 17 board-type CE-MPUB

device board 1 board-type CE-LPUE

#

bridge-domain 10

vxlan vni 1000

#

bridge-domain 20

vxlan vni 2000

#

aaa

#

authentication-scheme default

#

authorization-scheme default

#

accounting-scheme default

#

domain default

#

domain default_admin

#

interface Vbdif10

ip address 192.168.1.1 255.255.255.0

#

interface Vbdif20

ip address 172.16.1.1 255.255.255.0

#

interface MEth0/0/0

undo shutdown

#

interface GE1/0/0

undo portswitch

undo shutdown

ip address 10.1.1.2 255.255.255.0

#

interface GE1/0/1

undo portswitch

undo shutdown

ip address 20.1.1.1 255.255.255.0

#

interface GE1/0/2

shutdown

#

interface GE1/0/3

shutdown

#

interface GE1/0/4

shutdown

#

interface GE1/0/5

shutdown

#

interface GE1/0/6

shutdown

#

interface GE1/0/7

shutdown

#

interface GE1/0/8

shutdown

#

interface GE1/0/9

shutdown

#

interface LoopBack0

ip address 2.2.2.2 255.255.255.255

#

interface Nve1

source 2.2.2.2

vni 1000 head-end peer-list 1.1.1.1

vni 2000 head-end peer-list 3.3.3.3

#

interface NULL0

#

ospf 100 router-id 2.2.2.2

area 0.0.0.0

 network 2.2.2.2 0.0.0.0

 network 10.1.1.0 0.0.0.255

 network 20.1.1.0 0.0.0.255

#

ssh authorization-type default aaa

#

ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_

cbc aes128_cbc 3des_cbc

#

ssh server dh-exchange min-len 1024

#

ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_

cbc aes128_cbc 3des_cbc

#

user-interface con 0

#

vm-manager

#

return

<spine>

leaf2:

<leaf2>display current-configuration  

!Software Version V200R005C10SPC607B607

!Last configuration was updated at 2024-01-11 11:37:19+00:00

!Last configuration was saved at 2024-01-11 12:19:50+00:00

#

sysname leaf2

#

device board 17 board-type CE-MPUB

device board 1 board-type CE-LPUE

#

bridge-domain 20

vxlan vni 2000

#

aaa

#

authentication-scheme default

#

authorization-scheme default

#

accounting-scheme default

#

domain default

#

domain default_admin

#

interface MEth0/0/0

undo shutdown

#

interface GE1/0/0

undo portswitch

undo shutdown

ip address 20.1.1.2 255.255.255.0

#

interface GE1/0/1

undo shutdown

#

interface GE1/0/1.20 mode l2

encapsulation dot1q vid 20

bridge-domain 20

#

interface GE1/0/2

shutdown

#

interface GE1/0/3

shutdown

#

interface GE1/0/4

shutdown

#

interface GE1/0/5

shutdown

#

interface GE1/0/6

shutdown

#

interface GE1/0/7

shutdown

#

interface GE1/0/8

shutdown

#

interface GE1/0/9

shutdown

#

interface LoopBack0

ip address 3.3.3.3 255.255.255.255

#

interface Nve1

source 3.3.3.3

vni 2000 head-end peer-list 2.2.2.2

#

interface NULL0

#

ospf 100 router-id 3.3.3.3

area 0.0.0.0

 network 3.3.3.3 0.0.0.0

 network 20.1.1.0 0.0.0.255

#

ssh authorization-type default aaa

#

ssh server cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_

cbc aes128_cbc 3des_cbc

#

ssh server dh-exchange min-len 1024

#

ssh client cipher aes256_gcm aes128_gcm aes256_ctr aes192_ctr aes128_ctr aes256_

cbc aes128_cbc 3des_cbc

#

user-interface con 0

#

vm-manager

#

return

<leaf2>

4、实验分析

工作原理：

PC1与PC2通信，内层PC1查找网关，外层NVE1隧道，vtep之间通信（vtep1-1.1.1.1与vtep2-2.2.2.2）

以下同理

5、实验结果

两台主机正常通信