VLAN_GRE_VXLAN三种协议在Linux+Vpp环境的互通

文中三种协议类型，都通过建立veth pair打通Linux和VPP环境。

1. VLAN

1.1. 创建Linux veth pair对进行配置

# 创建Linux veth pair对进行配置
ip link add ki type veth peer name vi
# vpp 接管 host interface 接口 
vppctl create host-interface name vi 
vppctl set int state host-vi up 

1.2. linux kernel创建vlan

• vlan基本介绍
• linux网卡的vlan配置

yum install -y vconfig #其他辅助工具tcpdump iproute2 net-tools 
yum install -y vconfig && modprobe 8021q
vconfig add ki 11
ip addr add 172.168.11.1/24 dev ki.11
ip link set ki up
ip link set ki.11 up
#查看vlan配置
cat /proc/net/vlan/config

1.3. vpp创建truck子接口

VPP中创建子接口默认携带VLAN TAG，其中tag号为子接口ID，也可以分别设置。

• vpp实现的单臂路由和vlan隔离
• VPP使用详解——基于VPP的VLAN配置
• vpp创建sub-interfaces

vppctl create sub-interfaces host-vi 11 
vppctl set int state host-vi.11 up 
vppctl set int ip addr host-vi.11 172.168.11.2/24 
vppctl show ip neighbor host-vi.11 
ping 172.168.11.1 source host-vi.11

#vppctl create bridge-domain 11 
#vppctl set interface 11 bridge G1.11 11
#vppctl set interface l2 tag-rewrite G1.11 pop 11 #设置host-v1.11 11转发带单层VLAN Tag
## set interface l2 tag-rewrite <interface> [disable | pop {1|2} | push {dot1q|dot1ad} <tag> <tag>]
#vppctl show bridge-domain 11 detail

• VPP 创建子接口

This command is used to add VLAN IDs to interfaces, also known as subinterfaces. The primary input to this command is the interface and subId (subinterface Id) parameters. If no additional VLAN ID is provide, the VLAN ID is assumed to be the subId. The VLAN ID and subId can be different, but this is not recommended.
create sub-interfaces - Create a subinterface to process packets with a given 802.1q VLAN ID (same value as the subId).
create sub-interfaces default - Adding the default parameter indicates that packets with VLAN IDs that do not match any other subinterfaces should be sent to this subinterface.
create sub-interfaces untagged - Adding the untagged parameter indicates that packets no VLAN IDs should be sent to this subinterface.
create sub-interfaces - - Create a range of subinterfaces to handle a range of VLAN IDs.
create sub-interfaces dot1q|dot1ad |any [exact-match] - Use this command to specify the outer VLAN ID, to either be explicit or to make the VLAN ID different from the subId.
create sub-interfaces dot1q|dot1ad |any inner-dot1q |any [exact-match] - Use this command to specify the outer VLAN ID and the inner VLAN ID.
When dot1q or dot1ad is explicitly entered, subinterfaces can be configured as either exact-match or non-exact match. Non-exact match is the CLI default. If exact-match is specified, packets must have the same number of VLAN tags as the configuration. For non-exact-match, packets must at least that number of tags. L3 (routed) interfaces must be configured as exact-match. L2 interfaces are typically configured as non-exact-match. If dot1q or dot1ad is NOT entered, then the default behavior is exact-match.

2. GRE

2.1. 创建veth pair对进行配置

# Kernel+VPP veth
echo 1 > /proc/sys/net/ipv4/ip_forward
ip link add ki type veth peer name vi
ip addr add 172.168.1.1/24 dev ki
ip link set ki up
# 接口 host interface接管
vppctl create host-interface name vi 
vppctl set int state host-vi up 
vppctl set int ip addr host-vi 172.168.1.2/24 

2.2. 创建linux vxlan隧道

# 加载gre模块
modprobe ip_gre
ip tunnel add gre1 mode gre remote 172.168.1.2 local 172.168.1.1 ttl 255
#ip tunnel add gre1 mode gre remote 172.168.1.2 local 172.168.1.1 ttl 255 key 1
ip link set gre1 up
# 添加隧道的接口地址
ip addr add 10.10.10.1 peer 10.10.10.2 dev gre1
# 设置隧道mtu值
ip link set dev gre1 mtu 2000
#systemctl stop firewalld
#开启转发源地址10.10.1.0网段的转发/sbin/iptables  -A FORWARD  -s 10.10.10.0/24 -j ACCEPT

2.3. 创建vnf gre隧道

# 端口为vxlan或者为gre隧道时，end下发配置成功
vppctl create gre tunnel src 172.168.1.2 dst 172.168.1.1 instance 1 
vppctl set int state gre1 up 
vppctl set int ip addr gre1 10.10.10.2/30
vppctl set interface mtu packet 2000 gre1 #默认9000
vppctl ping 10.10.10.1 source gre1 

## 若无法ping通，先确实是否开启ip报文转发，然后检查防火墙或iptables
# systemctl stop firewalld

3. VXLAN

3.1. 创建veth pair对进行配置

# Kernel+VPP veth
systemctl stop firewalld
echo 1 > /proc/sys/net/ipv4/ip_forward
ip link add ki type veth peer name vi
ip addr add 172.168.1.1/24 dev ki
ip link set ki up
# 接口 host interface接管
vppctl create host-interface name vi 
vppctl set int state host-vi up 
vppctl set int ip addr host-vi 172.168.1.2/24 
vppctl set interface mtu packet 1500 host-vi

3.2. 创建linux vxlan隧道

• Linux上实现VxLAN网络

# ip link add vxlan11 type vxlan
# Usage: ... vxlan id VNI
#                  [ { group | remote } IP_ADDRESS ]
#                  [ local ADDR ]
#                  [ ttl TTL ]
#                  [ tos TOS ]
#                  [ flowlabel LABEL ]
#                  [ dev PHYS_DEV ]
#                  [ dstport PORT ]
#                  [ srcport MIN MAX ]
#                  [ [no]learning ]
#                  [ [no]proxy ]
#                  [ [no]rsc ]
#                  [ [no]l2miss ]
#                  [ [no]l3miss ]
#                  [ ageing SECONDS ]
#                  [ maxaddress NUMBER ]
#                  [ [no]udpcsum ]
#                  [ [no]udp6zerocsumtx ]
#                  [ [no]udp6zerocsumrx ]
#                  [ [no]remcsumtx ] [ [no]remcsumrx ]
#                  [ [no]external ] [ gbp ] [ gpe ]
ip link add vxlan11 type vxlan id 11 dstport 4789 remote 172.168.1.2 local 172.168.1.1 dev ki # proxy 
ip link set vxlan11 up
# 查看vxlan11及其MAC配置
ip link show vxlan11
# 添加隧道的接口地址
ip addr add 10.10.10.1/24 dev vxlan11
# 设置隧道mtu值，默认即1450
ip link set dev vxlan11 mtu 1450

## 创建网桥 br1 把 vtep interface 绑定到上面, 这里因为linux默认给vxlan端口分配MAC可做2层转发，这里简化不操作
#ip link add br11 type bridge
#ip link set vxlan11 master br11
#ip link set br11 up
# 将内核接口绑定到桥上
#ip link set ki master br11
#ip link set vxlan11 master br11
#开启转发源地址10.10.1.0网段的转发/sbin/iptables  -A FORWARD  -s 10.10.10.0/24 -j ACCEPT

3.3. 创建vpp vxlan隧道

• create vxlan tunnel

# create vxlan tunnel src <local-vtep-addr> {dst <remote-vtep-addr>|group <mcast-vtep-addr> <intf-name>} vni <nn> [instance <id>] [encap-vrf-id <nn>] [decap-next [l2|node <name>]] [del]

vppctl create vxlan tunnel src 172.168.1.2 dst 172.168.1.1 vni 11 instance 11 # decap-next l2
vppctl set interface mtu packet 1450 vxlan_tunnel11 #默认9000
vppctl set int state vxlan_tunnel11 up 

# 查看vxlan配置
vppctl show vxlan tunnel
#创建VXLAN的接口默认没有MAC,需要创建桥和和bvi的loop口
vppctl show hardware-interfaces vxlan_tunnel11

## 通过手工添加VXLAN MAC无法配置
#vppctl set interface mac address vxlan_tunnel11 aa:bb:cc:dd:ee:ff
## set interface mac address: mac address change is not supported for interface index 6

# 将VXLAN端口挂在11号桥上
vppctl set interface l2 bridge vxlan_tunnel11 11
# 创建并配置loop口，挂在11号桥上
vppctl loopback create-interface instance 11
vppctl set interface state loop11 up
vppctl set interface ip address loop11 10.10.10.2/24
vppctl set interface l2 bridge loop11 11 bvi
# 查看详细配置信息
vppctl show bridge 11 detail
vppctl show hardware-interfaces loop11

# vppctl ping 10.10.10.1 source vxlan_tunnel11 
# 若无法ping通，先确实是否开启ip报文转发，然后检查防火墙或iptables
# systemctl stop firewalld

# # 设置L2配置
# set int l2 learn host-vi
# set interface l2 forward host-vi
# set interface l2 flood host-vi
# set interface l2 learn host-vi