Learning VPP: VXLAN tunnel
learning Vpp vxlan
2023-06-13 09:15:37 时间
vxlan简介
VXLAN(Virtual eXtensible Local Area Network,虚拟扩展局域网),是由IETF定义的NVO3(Network Virtualization over Layer 3)标准技术之一,是对传统VLAN协议的一种扩展。VXLAN的特点是将L2的以太帧封装到UDP报文(即L2 over L4)中,并在L3网络中传输.
vxlan报文基本格式
1、Vxlan报文基本格式
1、VXLAN Header 增加VXLAN头(8字节),其中包含24比特的VNI字段,用来定义VXLAN网络中不同的租户。此外,还包含VXLAN Flags(8比特,取值为00001000)和两个保留字段(分别为24比特和8比特)。 2、UDP Header VXLAN头和原始以太帧一起作为UDP的数据。UDP头中,目的端口号(VXLAN Port)固定为4789,源端口号(UDP Src. Port)是原始以太帧通过哈希算法计算后的值。 3、Outer IP Header 封装外层IP头。其中,源IP地址(Outer Src. IP)为源VM所属VTEP的IP地址,目的IP地址(Outer Dst. IP)为目的VM所属VTEP的IP地址。 4、Outer MAC Header 封装外层以太头。其中,源MAC地址(Src. MAC Addr.)为源VM所属VTEP的MAC地址,目的MAC地址(Dst. MAC Addr.)为到达目的VTEP的路径中下一跳设备的MAC地址。
2、vxlan帧头格式
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|R|R|R|R|I|R|R|R| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
| VXLAN Network Identifier (VNI) | Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
VXLAN Header:VXLAN协议新定义的VXLAN头,8字节 (默认使用UDP Dport 4789):
注意:当接收到vxlan报文中I未置位时,报文直接丢弃。
配置vxlan隧道
组网环境如下,实现vm1和vm2通信:
#设置vtep1接口ip地址
set interface state GigabitEthernet13/0/0 up
set interface ip address GigabitEthernet13/0/0 192.168.1.2/31
#配置vxlan隧道接口,使用vni 13
create vxlan tunnel src 192.168.1.2 dst 192.168.1.3 vni 13 decap-next l2
#创建一个二层域BD 13
create bridge-domain 13 learn 1 forward 1 uu-flood 1 flood 1 arp-term 1
#vxlan隧道加入二层域
set interface l2 bridge vxlan_tunnel0 13 1
set interface state GigabitEthernetb/0/0 up
set interface l2 bridge GigabitEthernetb/0/0 13 1
#创建loopback接口
loopback create mac 1a:2b:3c:4d:5e:8f
#loopback接口加入二层域名,并设置为bvi接口
set interface l2 bridge loop0 13 bvi
#配置loopback接口ip地址
set interface ip table loop0 0
set interface state loop0 up
set interface ip addr loop0 192.168.3.1/24
#设置路由
ip route add 192.168.3.0/24 via loop0
#添加arp表,否则不通
set bridge-domain arp entry 13 192.168.2.2 1a:2b:3c:4d:5e:7f
#内核接口ens256 和GigabitEthernetb/0/0 同一个vlan下
ifconfig ens256 192.168.3.2/24
route add -net 192.168.2.0/24 gw 192.168.3.1
vpp2
set interface state GigabitEthernet13/0/0 up
set interface ip address GigabitEthernet13/0/0 192.168.1.3/31
create vxlan tunnel src 192.168.1.3 dst 192.168.1.2 vni 13 decap-next l2
create bridge-domain 13 learn 1 forward 1 uu-flood 1 flood 1 arp-term 1
set interface l2 bridge vxlan_tunnel0 13 1
loopback create mac 1a:2b:3c:4d:5e:7f
set interface state GigabitEthernet4/0/0 up
set interface l2 bridge GigabitEthernet4/0/0 13 1
set interface l2 bridge loop0 13 bvi
set interface ip table loop0 0
set interface state loop0 up
set interface ip addr loop0 192.168.2.1/24
ip route add 192.168.3.0/24 via loop0
set bridge-domain arp entry 13 192.168.3.2 1a:2b:3c:4d:5e:8f
#内核配置
ifconfig ens256 192.168.2.2/24
route add -net 192.168.3.0/24 gw 192.168.2.1
trace流程
Vm2 ping vm1 ,分别在vpp和vpp2 抓trace流程
00:34:05:585797: dpdk-input
GigabitEthernet4/0/0 rx queue 0
buffer 0x84cf2: current data 0, length 98, buffer-pool 0, ref-count 1, totlen-nifb 0, trace handle 0x0
ext-hdr-valid
l4-cksum-computed l4-cksum-correct
PKT MBUF: port 0, nb_segs 1, pkt_len 98
buf_len 2176, data_len 98, ol_flags 0x80, data_off 128, phys_addr 0x26133d00
packet_type 0x91 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
Packet Types
RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
RTE_PTYPE_L3_IPV4_EXT_UNKNOWN (0x0090) IPv4 packet with or without extension headers
IP4: 00:0c:29:63:94:3a -> 1a:2b:3c:4d:5e:7f
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 64, length 84, checksum 0x261b dscp CS0 ecn NON_ECN
fragment id 0x8e39, flags DONT_FRAGMENT
ICMP echo_request checksum 0x1e66
00:34:05:585809: ethernet-input
frame: flags 0x1, hw-if-index 1, sw-if-index 1
IP4: 00:0c:29:63:94:3a -> 1a:2b:3c:4d:5e:7f
00:34:05:585815: l2-input
l2-input: sw_if_index 1 dst 1a:2b:3c:4d:5e:7f src 00:0c:29:63:94:3a
00:34:05:585817: l2-learn
l2-learn: sw_if_index 1 dst 1a:2b:3c:4d:5e:7f src 00:0c:29:63:94:3a bd_index 1
00:34:05:585820: l2-fwd
l2-fwd: sw_if_index 1 dst 1a:2b:3c:4d:5e:7f src 00:0c:29:63:94:3a bd_index 1 result [0x700000005, 5] static age-not bvi
00:34:05:585822: ip4-input
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 64, length 84, checksum 0x261b dscp CS0 ecn NON_ECN
fragment id 0x8e39, flags DONT_FRAGMENT
ICMP echo_request checksum 0x1e66
00:34:05:585825: ip4-lookup
fib 0 dpo-idx 4 flow hash: 0x00000000
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 64, length 84, checksum 0x261b dscp CS0 ecn NON_ECN
fragment id 0x8e39, flags DONT_FRAGMENT
ICMP echo_request checksum 0x1e66
00:34:05:585827: ip4-rewrite
tx_sw_if_index 5 dpo-idx 4 : ipv4 via 192.168.3.2 loop0: mtu:9000 next:4 1a2b3c4d5e8f1a2b3c4d5e7f0800 flow hash: 0x000
00000
00000000: 1a2b3c4d5e8f1a2b3c4d5e7f0800450000548e3940003f01271bc0a80202c0a8
00000020: 030208001e6633f400159d154e6000000000f6470500000000001011
00:34:05:585830: loop0-output
loop0
IP4: 1a:2b:3c:4d:5e:7f -> 1a:2b:3c:4d:5e:8f
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 63, length 84, checksum 0x271b dscp CS0 ecn NON_ECN
fragment id 0x8e39, flags DONT_FRAGMENT
ICMP echo_request checksum 0x1e66
00:34:05:585833: l2-input
l2-input: sw_if_index 5 dst 1a:2b:3c:4d:5e:8f src 1a:2b:3c:4d:5e:7f
00:34:05:585833: l2-fwd
l2-fwd: sw_if_index 5 dst 1a:2b:3c:4d:5e:8f src 1a:2b:3c:4d:5e:7f bd_index 1 result [0x1000000000004, 4] none
00:34:05:585834: l2-output
l2-output: sw_if_index 4 dst 1a:2b:3c:4d:5e:8f src 1a:2b:3c:4d:5e:7f data 08 00 45 00 00 54 8e 39 40 00 3f 01
00:34:05:585835: vxlan4-encap
VXLAN encap to vxlan_tunnel0 vni 13
00:34:05:585838: ip4-rewrite
tx_sw_if_index 3 dpo-idx 1 : ipv4 via 192.168.1.2 GigabitEthernet13/0/0: mtu:9000 next:3 000c29170a44000c296394300800
flow hash: 0xda4d42ae
00000000: 000c29170a44000c2963943008004500008600000000fd113a11c0a80103c0a8
00000020: 0102ae4212b5007200000800000000000d001a2b3c4d5e8f1a2b3c4d
00:34:05:585838: GigabitEthernet13/0/0-output
GigabitEthernet13/0/0
IP4: 00:0c:29:63:94:30 -> 00:0c:29:17:0a:44
UDP: 192.168.1.3 -> 192.168.1.2
tos 0x00, ttl 253, length 134, checksum 0x3a11 dscp CS0 ecn NON_ECN
fragment id 0x0000
UDP: 44610 -> 4789
length 114, checksum 0x0000
00:34:05:585839: GigabitEthernet13/0/0-tx
GigabitEthernet13/0/0 tx queue 0
buffer 0x84cf2: current data -50, length 148, buffer-pool 0, ref-count 1, totlen-nifb 0, trace handle 0x0
ext-hdr-valid
l4-cksum-computed l4-cksum-correct l2-hdr-offset 0 l3-hdr-offset 14
PKT MBUF: port 0, nb_segs 1, pkt_len 148
buf_len 2176, data_len 148, ol_flags 0x80, data_off 78, phys_addr 0x26133d00
packet_type 0x91 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
Packet Types
RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
RTE_PTYPE_L3_IPV4_EXT_UNKNOWN (0x0090) IPv4 packet with or without extension headers
IP4: 00:0c:29:63:94:30 -> 00:0c:29:17:0a:44
UDP: 192.168.1.3 -> 192.168.1.2
tos 0x00, ttl 253, length 134, checksum 0x3a11 dscp CS0 ecn NON_ECN
fragment id 0x0000
UDP: 44610 -> 4789
length 114, checksum 0x0000
vpp1 trace抓包,解封装流程
01:26:18:006400: dpdk-input
GigabitEthernet13/0/0 rx queue 0
buffer 0x84f89: current data 0, length 148, buffer-pool 0, ref-count 1, totlen-nifb 0, trace handle 0x0
ext-hdr-valid
l4-cksum-computed l4-cksum-correct
PKT MBUF: port 1, nb_segs 1, pkt_len 148
buf_len 2176, data_len 148, ol_flags 0x88, data_off 128, phys_addr 0x43b3e2c0
packet_type 0x291 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
PKT_RX_L4_CKSUM_BAD (0x0008) L4 cksum of RX pkt. is not OK
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
Packet Types
RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
RTE_PTYPE_L3_IPV4_EXT_UNKNOWN (0x0090) IPv4 packet with or without extension headers
RTE_PTYPE_L4_UDP (0x0200) UDP packet
IP4: 00:0c:29:63:94:30 -> 00:0c:29:17:0a:44
UDP: 192.168.1.3 -> 192.168.1.2
tos 0x00, ttl 253, length 134, checksum 0x3a11 dscp CS0 ecn NON_ECN
fragment id 0x0000
UDP: 44610 -> 4789
length 114, checksum 0x0000
01:26:18:006413: ethernet-input
frame: flags 0x1, hw-if-index 2, sw-if-index 2
IP4: 00:0c:29:63:94:30 -> 00:0c:29:17:0a:44
01:26:18:006423: ip4-input
UDP: 192.168.1.3 -> 192.168.1.2
tos 0x00, ttl 253, length 134, checksum 0x3a11 dscp CS0 ecn NON_ECN
fragment id 0x0000
UDP: 44610 -> 4789
length 114, checksum 0x0000
01:26:18:006426: ip4-lookup
fib 0 dpo-idx 7 flow hash: 0x00000000
UDP: 192.168.1.3 -> 192.168.1.2
tos 0x00, ttl 253, length 134, checksum 0x3a11 dscp CS0 ecn NON_ECN
fragment id 0x0000
UDP: 44610 -> 4789
length 114, checksum 0x0000
01:26:18:006429: ip4-local
UDP: 192.168.1.3 -> 192.168.1.2
tos 0x00, ttl 253, length 134, checksum 0x3a11 dscp CS0 ecn NON_ECN
fragment id 0x0000
UDP: 44610 -> 4789
length 114, checksum 0x0000
01:26:18:006431: ip4-udp-lookup
UDP: src-port 44610 dst-port 4789
01:26:18:006433: vxlan4-input
VXLAN decap from vxlan_tunnel0 vni 13 next 1 error 0
01:26:18:006435: l2-input
l2-input: sw_if_index 3 dst 1a:2b:3c:4d:5e:8f src 1a:2b:3c:4d:5e:7f
01:26:18:006438: l2-learn
l2-learn: sw_if_index 3 dst 1a:2b:3c:4d:5e:8f src 1a:2b:3c:4d:5e:7f bd_index 1
01:26:18:006441: l2-fwd
l2-fwd: sw_if_index 3 dst 1a:2b:3c:4d:5e:8f src 1a:2b:3c:4d:5e:7f bd_index 1 result [0x700000004, 4] static
age-not bvi
01:26:18:006443: ip4-input
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 63, length 84, checksum 0xb27a dscp CS0 ecn NON_ECN
fragment id 0x02da, flags DONT_FRAGMENT
ICMP echo_request checksum 0xddf1
01:26:18:006444: ip4-lookup
fib 0 dpo-idx 3 flow hash: 0x00000000
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 63, length 84, checksum 0xb27a dscp CS0 ecn NON_ECN
fragment id 0x02da, flags DONT_FRAGMENT
ICMP echo_request checksum 0xddf1
01:26:18:006444: ip4-rewrite
tx_sw_if_index 4 dpo-idx 3 : ipv4 via 192.168.3.2 loop0: mtu:9000 next:4 000c29170a4e1a2b3c4d5e8f0800 flow ha
sh: 0x00000000
00000000: 000c29170a4e1a2b3c4d5e8f08004500005402da40003e01b37ac0a80202c0a8
00000020: 03020800ddf133f4004bd3154e600000000000860500000000001011
01:26:18:006445: loop0-output
loop0
IP4: 1a:2b:3c:4d:5e:8f -> 00:0c:29:17:0a:4e
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 62, length 84, checksum 0xb37a dscp CS0 ecn NON_ECN
fragment id 0x02da, flags DONT_FRAGMENT
ICMP echo_request checksum 0xddf1
01:26:18:006449: l2-input
l2-input: sw_if_index 4 dst 00:0c:29:17:0a:4e src 1a:2b:3c:4d:5e:8f
01:26:18:006449: l2-fwd
l2-fwd: sw_if_index 4 dst 00:0c:29:17:0a:4e src 1a:2b:3c:4d:5e:8f bd_index 1 result [0x1000000000001, 1] no
ne
01:26:18:006450: l2-output
l2-output: sw_if_index 1 dst 00:0c:29:17:0a:4e src 1a:2b:3c:4d:5e:8f data 08 00 45 00 00 54 02 da 40 00 3e 01
01:26:18:006452: GigabitEthernetb/0/0-output
GigabitEthernetb/0/0
IP4: 1a:2b:3c:4d:5e:8f -> 00:0c:29:17:0a:4e
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 62, length 84, checksum 0xb37a dscp CS0 ecn NON_ECN
fragment id 0x02da, flags DONT_FRAGMENT
ICMP echo_request checksum 0xddf1
01:26:18:006453: GigabitEthernetb/0/0-tx
GigabitEthernetb/0/0 tx queue 0
buffer 0x84f89: current data 50, length 98, buffer-pool 0, ref-count 1, totlen-nifb 0, trace handle 0x0
ext-hdr-valid
l4-cksum-computed l4-cksum-correct l2-hdr-offset 50 l3-hdr-offset 14
PKT MBUF: port 1, nb_segs 1, pkt_len 98
buf_len 2176, data_len 98, ol_flags 0x88, data_off 178, phys_addr 0x43b3e2c0
packet_type 0x291 l2_len 0 l3_len 0 outer_l2_len 0 outer_l3_len 0
rss 0x0 fdir.hi 0x0 fdir.lo 0x0
Packet Offload Flags
PKT_RX_L4_CKSUM_BAD (0x0008) L4 cksum of RX pkt. is not OK
PKT_RX_IP_CKSUM_GOOD (0x0080) IP cksum of RX pkt. is valid
Packet Types
RTE_PTYPE_L2_ETHER (0x0001) Ethernet packet
RTE_PTYPE_L3_IPV4_EXT_UNKNOWN (0x0090) IPv4 packet with or without extension headers
RTE_PTYPE_L4_UDP (0x0200) UDP packet
IP4: 1a:2b:3c:4d:5e:8f -> 00:0c:29:17:0a:4e
ICMP: 192.168.2.2 -> 192.168.3.2
tos 0x00, ttl 62, length 84, checksum 0xb37a dscp CS0 ecn NON_ECN
fragment id 0x02da, flags DONT_FRAGMENT
ICMP echo_request checksum 0xddf1
总结
本文介绍介绍了vxlan的基本配置,利用VMware虚拟机搭建环境实现两台虚拟机器的网络通信。 1、在配置vm1和vm2同网段测试中,发现vpp1上arp请求报文被丢弃,并没有bd域中泛洪,导致同网段通过vxlan隧道互通测试失败。 2、当前只是配置了vm1和vm2不同网段的通信,但并符合H3c 文章解读vxlan组网模式,感觉只是当成了一个隧道,类似gre、ipsec一样。还需要再研究。
巨人的肩膀
1、华为Vxlan最全介绍 https://support.huawei.com/enterprise/zh/doc/EDOC1100087027 2、Vpp vxlan功能介绍 https://wiki.fd.io/view/VPP/Using_VPP_as_a_VXLAN_Tunnel_Terminator 3、FD.IO-VPP研究及使用五 (隧道环境搭建) https://blog.csdn.net/weixin_40815457/article/details/8652641 4、evpn-vxlan 介绍 https://www.cnblogs.com/josie-xu/p/10511302.html https://www.cnblogs.com/josie-xu/p/10516863.html 5、H3c vxlan介绍 http://www.h3c.com/cn/d_201811/1131076_30005_0.htm
相关文章
- 模仿学习(Imitation Learning)入门
- 联邦学习(Federated Learning)概述
- learning:MSS application in IPSec tunnel
- learning:vpp unix cli 处理流程1
- Learning VPP: Two instances in different namespaces
- 不要让模型死记硬背—用检索增强Prompt Learning
- learning:vpp bond(2)
- learning:vrrp vmac config
- Progressive Relation Learning for Group Activity Recognition
- Hands on Reinforcement Learning 08 Deep Q Network Advanced
- Hands on Reinforcement Learning 15 Imitation Learning
- 预告|Human-like learning 在对话机器人中的魔性运用
- Twitter 又一力作:对Few-shot learning中的优化进行建模 | ICLR 2017