文中三种协议类型,都通过建立veth pair打通Linux和VPP环境。
1. VLAN
1.1. 创建Linux veth pair对进行配置
|
1 2 3 4 5 |
# 创建Linux veth pair对进行配置 ip link add ki type veth peer name vi # vpp 接管 host interface 接口 vppctl create host-interface name vi vppctl set int state host-vi up |
1.2. linux kernel创建vlan
|
1 2 3 4 5 6 7 8 |
yum install -y vconfig #其他辅助工具tcpdump iproute2 net-tools yum install -y vconfig && modprobe 8021q vconfig add ki 11 ip addr add 172.168.11.1/24 dev ki.11 ip link set ki up ip link set ki.11 up #查看vlan配置 cat /proc/net/vlan/config |
1.3. vpp创建truck子接口
VPP中创建子接口默认携带VLAN TAG,其中tag号为子接口ID,也可以分别设置。
|
1 2 3 4 5 6 7 8 9 10 11 |
vppctl create sub-interfaces host-vi 11 vppctl set int state host-vi.11 up vppctl set int ip addr host-vi.11 172.168.11.2/24 vppctl show ip neighbor host-vi.11 ping 172.168.11.1 source host-vi.11 #vppctl create bridge-domain 11 #vppctl set interface 11 bridge G1.11 11 #vppctl set interface l2 tag-rewrite G1.11 pop 11 #设置host-v1.11 11转发带单层VLAN Tag ## set interface l2 tag-rewrite <interface> [disable | pop {1|2} | push {dot1q|dot1ad} <tag> <tag>] #vppctl show bridge-domain 11 detail |
- VPP 创建子接口
This command is used to add VLAN IDs to interfaces, also known as subinterfaces. The primary input to this command is the interface and subId (subinterface Id) parameters. If no additional VLAN ID is provide, the VLAN ID is assumed to be the subId. The VLAN ID and subId can be different, but this is not recommended.
create sub-interfaces- Create a subinterface to process packets with a given 802.1q VLAN ID (same value as the subId).
create sub-interfaces- Adding the default parameter indicates that packets with VLAN IDs that do not match any other subinterfaces should be sent to this subinterface. default
create sub-interfaces- Adding the untagged parameter indicates that packets no VLAN IDs should be sent to this subinterface. untagged
create sub-interfaces- Create a range of subinterfaces to handle a range of VLAN IDs. -
create sub-interfaces- Use this command to specify the outer VLAN ID, to either be explicit or to make the VLAN ID different from the subId. dot1q|dot1ad |any [exact-match]
create sub-interfaces- Use this command to specify the outer VLAN ID and the inner VLAN ID. dot1q|dot1ad |any inner-dot1q |any [exact-match]
When dot1q or dot1ad is explicitly entered, subinterfaces can be configured as either exact-match or non-exact match. Non-exact match is the CLI default. If exact-match is specified, packets must have the same number of VLAN tags as the configuration. For non-exact-match, packets must at least that number of tags. L3 (routed) interfaces must be configured as exact-match. L2 interfaces are typically configured as non-exact-match. If dot1q or dot1ad is NOT entered, then the default behavior is exact-match.
2. GRE
2.1. 创建veth pair对进行配置
|
1 2 3 4 5 6 7 8 9 |
# Kernel+VPP veth echo 1 > /proc/sys/net/ipv4/ip_forward ip link add ki type veth peer name vi ip addr add 172.168.1.1/24 dev ki ip link set ki up # 接口 host interface接管 vppctl create host-interface name vi vppctl set int state host-vi up vppctl set int ip addr host-vi 172.168.1.2/24 |
2.2. 创建linux vxlan隧道
|
1 2 3 4 5 6 7 8 9 10 11 |
# 加载gre模块 modprobe ip_gre ip tunnel add gre1 mode gre remote 172.168.1.2 local 172.168.1.1 ttl 255 #ip tunnel add gre1 mode gre remote 172.168.1.2 local 172.168.1.1 ttl 255 key 1 ip link set gre1 up # 添加隧道的接口地址 ip addr add 10.10.10.1 peer 10.10.10.2 dev gre1 # 设置隧道mtu值 ip link set dev gre1 mtu 2000 #systemctl stop firewalld #开启转发源地址10.10.1.0网段的转发/sbin/iptables -A FORWARD -s 10.10.10.0/24 -j ACCEPT |
2.3. 创建vnf gre隧道
|
1 2 3 4 5 6 7 8 9 |
# 端口为vxlan或者为gre隧道时,end下发配置成功 vppctl create gre tunnel src 172.168.1.2 dst 172.168.1.1 instance 1 vppctl set int state gre1 up vppctl set int ip addr gre1 10.10.10.2/30 vppctl set interface mtu packet 2000 gre1 #默认9000 vppctl ping 10.10.10.1 source gre1 ## 若无法ping通,先确实是否开启ip报文转发,然后检查防火墙或iptables # systemctl stop firewalld |
3. VXLAN
3.1. 创建veth pair对进行配置
|
1 2 3 4 5 6 7 8 9 10 11 |
# Kernel+VPP veth systemctl stop firewalld echo 1 > /proc/sys/net/ipv4/ip_forward ip link add ki type veth peer name vi ip addr add 172.168.1.1/24 dev ki ip link set ki up # 接口 host interface接管 vppctl create host-interface name vi vppctl set int state host-vi up vppctl set int ip addr host-vi 172.168.1.2/24 vppctl set interface mtu packet 1500 host-vi |
3.2. 创建linux vxlan隧道
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 |
# ip link add vxlan11 type vxlan # Usage: ... vxlan id VNI # [ { group | remote } IP_ADDRESS ] # [ local ADDR ] # [ ttl TTL ] # [ tos TOS ] # [ flowlabel LABEL ] # [ dev PHYS_DEV ] # [ dstport PORT ] # [ srcport MIN MAX ] # [ [no]learning ] # [ [no]proxy ] # [ [no]rsc ] # [ [no]l2miss ] # [ [no]l3miss ] # [ ageing SECONDS ] # [ maxaddress NUMBER ] # [ [no]udpcsum ] # [ [no]udp6zerocsumtx ] # [ [no]udp6zerocsumrx ] # [ [no]remcsumtx ] [ [no]remcsumrx ] # [ [no]external ] [ gbp ] [ gpe ] ip link add vxlan11 type vxlan id 11 dstport 4789 remote 172.168.1.2 local 172.168.1.1 dev ki # proxy ip link set vxlan11 up # 查看vxlan11及其MAC配置 ip link show vxlan11 # 添加隧道的接口地址 ip addr add 10.10.10.1/24 dev vxlan11 # 设置隧道mtu值,默认即1450 ip link set dev vxlan11 mtu 1450 ## 创建网桥 br1 把 vtep interface 绑定到上面, 这里因为linux默认给vxlan端口分配MAC可做2层转发,这里简化不操作 #ip link add br11 type bridge #ip link set vxlan11 master br11 #ip link set br11 up # 将内核接口绑定到桥上 #ip link set ki master br11 #ip link set vxlan11 master br11 #开启转发源地址10.10.1.0网段的转发/sbin/iptables -A FORWARD -s 10.10.10.0/24 -j ACCEPT |
3.3. 创建vpp vxlan隧道
|
1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 |
# create vxlan tunnel src <local-vtep-addr> {dst <remote-vtep-addr>|group <mcast-vtep-addr> <intf-name>} vni <nn> [instance <id>] [encap-vrf-id <nn>] [decap-next [l2|node <name>]] [del] vppctl create vxlan tunnel src 172.168.1.2 dst 172.168.1.1 vni 11 instance 11 # decap-next l2 vppctl set interface mtu packet 1450 vxlan_tunnel11 #默认9000 vppctl set int state vxlan_tunnel11 up # 查看vxlan配置 vppctl show vxlan tunnel #创建VXLAN的接口默认没有MAC,需要创建桥和和bvi的loop口 vppctl show hardware-interfaces vxlan_tunnel11 ## 通过手工添加VXLAN MAC无法配置 #vppctl set interface mac address vxlan_tunnel11 aa:bb:cc:dd:ee:ff ## set interface mac address: mac address change is not supported for interface index 6 # 将VXLAN端口挂在11号桥上 vppctl set interface l2 bridge vxlan_tunnel11 11 # 创建并配置loop口,挂在11号桥上 vppctl loopback create-interface instance 11 vppctl set interface state loop11 up vppctl set interface ip address loop11 10.10.10.2/24 vppctl set interface l2 bridge loop11 11 bvi # 查看详细配置信息 vppctl show bridge 11 detail vppctl show hardware-interfaces loop11 # vppctl ping 10.10.10.1 source vxlan_tunnel11 # 若无法ping通,先确实是否开启ip报文转发,然后检查防火墙或iptables # systemctl stop firewalld # # 设置L2配置 # set int l2 learn host-vi # set interface l2 forward host-vi # set interface l2 flood host-vi # set interface l2 learn host-vi |
微信赞赏
支付宝赞赏