Blog Brocade Japan

設定ガイド:レイヤ3 VCS

by Fukuo Miyamoto on ‎11-17-2015 06:10 PM - last edited on ‎04-25-2016 01:39 AM by aokuhara (3,790 Views)

Brocade VDX 6700スイッチシリーズは高性能、かつ超低レイテンシ・ワイヤスピード性能の10ギガビット・イーサネット(GbE)固定構成スイッチです。Brocade VCSファブリック・テクノロジを組み込んだVDX スイッチは、様々な形態のToR(トップ・オブ・ラック)のファブリック展開に理想的なプラットフォームです。

ここではVCSを中心に、レイヤ2およびレイヤ3のトラフィックを最適化する構成を紹介します。

 

レイヤ3 VCS構成図

 

本構成の特長

 

  • VCS内でレイヤ3トラフィックを折り返し
    • 上位CORE L2/3スイッチによるレイヤ3トラフィックを折り返しを回避
    • サーバ/ストレージ間トラフィックは、VCS内の広帯域で処理
    • Cut-Through転送により、VCS内は低遅延
  • 上位レイヤ3 COREスイッチは、InternetへのGateway
    • コアとユーザ収容用にOSPFエリアを分離(コア:Area0・ユーザ:Area2)
    • 各ユーザ用にVRRP-eインスタンスを作成
    • 各ユーザ用のアドレスは集約してBGPでInternetへ広告
  • Ethernet Fabricのエッジは、Copper対応のVDX6710
    • vLAG構成するVDX機器同士は直結不要(直結しても可)
    • vLAG配下のSwitch/ServerトラフィックをActive/Activeで処理
    • RJ45のCopper対応ポートにより、1Gポートx48は、SFP不要

 

   レイヤ2/3スイッチ基本設定ガイド(PDF)はこちら »

 

関連リンク

 

 

1.BGP

図:BGP

 

 ▼CORE-1

interface ethernet 1/5
 port-name INTERNET_NewLine1
 enable
 ip address 100.0.0.2/30
!
router bgp
 local-as 100
 timers  keep-alive 10  hold-time 30
 neighbor iBGP_RT peer-group
 neighbor iBGP_RT remote-as 100
 neighbor iBGP_RT description iBGP_Router
 neighbor iBGP_RT next-hop-self
 neighbor iBGP_RT password 2 XXXXX
 neighbor iBGP_RT update-source loopback 1
 neighbor iBGP_RT soft-reconfiguration inbound
 neighbor 10.10.10.2 peer-group iBGP_RT
 neighbor 10.10.10.2 description CORE-2
 neighbor 100.0.0.1 remote-as 200
 neighbor 100.0.0.1 description INTERNET_NewLine1
 neighbor 100.0.0.1 password 2 XXXXX
 neighbor 100.0.0.1 remove-private-as
 neighbor 100.0.0.1 soft-reconfiguration inbound
 
 address-family ipv4 unicast
 network 30.0.32.0/22
 network 30.0.48.0/22
 neighbor 100.0.0.1 route-map in SET_Attribute_from_INTERNET
 neighbor 100.0.0.1 route-map out SET_Attribute_to_INTERNET
 exit-address-family

 

 ▼CORE-2

interface ethernet 1/5
 port-name INTERNET_NewLine2
 enable
 ip address 100.0.0.6/30
!
router bgp
 local-as 100
 timers  keep-alive 10  hold-time 30
 neighbor iBGP_RT peer-group
 neighbor iBGP_RT remote-as 100
 neighbor iBGP_RT description iBGP_Router
 neighbor iBGP_RT next-hop-self
 neighbor iBGP_RT password 2 XXXXX
 neighbor iBGP_RT update-source loopback 1
 neighbor iBGP_RT soft-reconfiguration inbound
 neighbor 10.10.10.1 peer-group iBGP_RT
 neighbor 10.10.10.1 description CORE-2
 neighbor 100.0.0.5 remote-as 200
 neighbor 100.0.0.5 description INTERNET_NewLine2
 neighbor 100.0.0.5 password 2 XXXXX
 neighbor 100.0.0.5 remove-private-as
 neighbor 100.0.0.5 soft-reconfiguration inbound
 
 address-family ipv4 unicast
 network 30.0.32.0/22
 network 30.0.48.0/22
 neighbor 100.0.0.5 route-map in SET_Attribute_from_INTERNET
 neighbor 100.0.0.5 route-map out SET_Attribute_to_INTERNET
 exit-address-family

 

2.OSPF/VRRP-e

 

図:OSPF (1)

 

OSPF
 
max-metricでブラックホール発生を回避
 
 ▼CORE-1 
interface loopback 1
 ip ospf area 0
 ip address 10.10.10.1/32
!
router ospf
 area 0 
 default-information-originate metric 100 metric-type type2
 max-metric router-lsa on-startup wait-for-bgp external-lsa summary-lsa te-lsa 
 log all
!
vlan 1001 name 10.0.0.0/30 
 tagged ethe 1/7 to 1/8 
 router-interface ve 1
!
vlan 1051 name 10.0.0.100/30 
 untagged ethe 1/1 
 router-interface ve 2
!
vlan 1052 name 10.0.0.104/30 
 untagged ethe 1/2 
 router-interface ve 3
!
interface ethernet 1/1
 port-name VDX-1 TenGi1/0/21
 enable
 no route-only
!
interface ethernet 1/2
 port-name VDX-2 TenGi2/0/21
 enable
 no route-only

!
interface ve 1
 port-name CORE-2 ve1
 ip ospf area 0
 ip ospf cost 50
 ip ospf md5-authentication key-id 5 key 0 XXXXX
 ip ospf auth-change-wait-time 0
 ip ospf network point-to-point
 ip address 10.0.0.1/30
 no ip redirect
!
interface ve 2
 port-name CORE-1 ve2
 ip ospf area 0
 ip ospf cost 100
 ip ospf md5-authentication key-id 5 key 0 XXXXX
 ip ospf auth-change-wait-time 0
 ip ospf network point-to-point
 ip address 10.0.0.101/30
 no ip redirect
!
interface ve 3
 port-name CORE-1 ve3
 ip ospf area 0
 ip ospf cost 100
 ip ospf md5-authentication key-id 5 key 0 XXXXX
 ip ospf auth-change-wait-time 0
 ip ospf network point-to-point
 ip address 10.0.0.105/30
 no ip redirect

 

 ▼CORE-2 

interface loopback 1
 ip ospf area 0
 ip address 10.10.10.2/32
!
router ospf
 area 0 
 default-information-originate metric 100 metric-type type2
 max-metric router-lsa on-startup wait-for-bgp external-lsa summary-lsa te-lsa 
 log all
!
vlan 1001 name 10.0.0.0/30 
 tagged ethe 1/7 to 1/8 
 router-interface ve 1
!
vlan 1053 name 10.0.0.108/30 
 untagged ethe 1/1 
 router-interface ve 2
!
vlan 1054 name 10.0.0.112/30 
 untagged ethe 1/2 
 router-interface ve 3
!
interface ethernet 1/1
 port-name VDX-1 TenGi1/0/22
 enable
 no route-only
!
interface ethernet 1/2
 port-name VDX-2 TenGi2/0/22
 enable
 no route-only

!
interface ve 1
 port-name CORE-1 ve1
 ip ospf area 0
 ip ospf cost 50
 ip ospf md5-authentication key-id 5 key 0 XXXXX
 ip ospf auth-change-wait-time 0
 ip ospf network point-to-point
 ip address 10.0.0.2/30
 no ip redirect
!
interface ve 2
 port-name CORE-2 ve2
 ip ospf area 0
 ip ospf cost 100
 ip ospf md5-authentication key-id 5 key 0 XXXXX
 ip ospf auth-change-wait-time 0
 ip ospf network point-to-point
 ip address 10.0.0.109/30
 no ip redirect
!
interface ve 3
 port-name CORE-2 ve3
 ip ospf area 0
 ip ospf cost 100
 ip ospf md5-authentication key-id 5 key 0 XXXXX
 ip ospf auth-change-wait-time 0
 ip ospf network point-to-point
 ip address 10.0.0.113/30
 no ip redirect

 

OSPFプロセスとVeは、rbridge-id 配下で設定

 

 ▼VDX-1

interface Vlan 1003
 description 10.0.0.4/30
!
interface Vlan 1051
 description 10.0.0.100/30
!
interface Vlan 1053
 description 10.0.0.108/30
!
rbridge-id 1
 router ospf
  area 0
  area 2
  area 2 range 30.30.48.0 255.255.252.0 advertise
!
 interface Ve 1003
  ip ospf area 0
  ip ospf md5-authentication key-activation-wait-time 0
  ip ospf md5-authentication key-id 5 key 0 XXXXX
  ip ospf cost 50
  ip ospf network point-to-point
  ip mtu 1500
  ip proxy-arp
  ip address 10.0.0.5/30
  no shutdown
 ! 
 interface Ve 1051
  ip ospf area 0
  ip ospf md5-authentication key-activation-wait-time 0
  ip ospf md5-authentication key-id 5 key 0 XXXXX
  ip ospf cost 100
  ip ospf network point-to-point
  ip mtu 1500
  ip proxy-arp
  ip address 10.0.0.102/30
  no shutdown
 !
 interface Ve 1053
  ip ospf area 0
  ip ospf md5-authentication key-activation-wait-time 0
  ip ospf md5-authentication key-id 5 key 0 XXXXX
  ip ospf cost 100
  ip ospf network point-to-point
  ip mtu 1500
  ip proxy-arp
  ip address 10.0.0.110/30
  no shutdown

!
interface TenGigabitEthernet 1/0/21
 description CORE-1 1/1
 fabric isl enable
 fabric trunk enable
 switchport
 switchport mode access
 switchport access vlan 1051
 no shutdown
!
interface TenGigabitEthernet 1/0/22
 description CORE-2 1/1
 fabric isl enable
 fabric trunk enable
 switchport
 switchport mode access
 switchport access vlan 1053
 no shutdown

 

 ▼VDX-2

interface Vlan 1003
 description 10.0.0.4/30
!
interface Vlan 1052
 description 10.0.0.104/30
!
interface Vlan 1054
 description 10.0.0.112/30
!
rbridge-id 2
 router ospf
  area 0
  area 2
  area 2 range 30.30.48.0 255.255.252.0 advertise
 !
 interface Ve 1003
  ip ospf area 0
  ip ospf md5-authentication key-activation-wait-time 0
  ip ospf md5-authentication key-id 5 key 0 XXXXX
  ip ospf cost 50
  ip ospf network point-to-point
  ip mtu 1500
  ip proxy-arp
  ip address 10.0.0.6/30
  no shutdown
 ! 
interface Ve 1052
  ip ospf area 0
  ip ospf md5-authentication key-activation-wait-time 0
  ip ospf md5-authentication key-id 5 key 0 XXXXX
  ip ospf cost 100
  ip ospf network point-to-point
  ip mtu 1500
  ip proxy-arp
  ip address 10.5.5.106/30
  no shutdown
 !
 interface Ve 1054
  ip ospf area 0
  ip ospf md5-authentication key-activation-wait-time 0
  ip ospf md5-authentication key-id 5 key 0 XXXXX
  ip ospf cost 100
  ip ospf network point-to-point
  ip mtu 1500
  ip proxy-arp
  ip address 10.5.5.114/30
  no shutdown

!
interface TenGigabitEthernet 2/0/21
 description CORE-1 1/2
 fabric isl enable
 fabric trunk enable
 switchport
 switchport mode access
 switchport access vlan 1052
 no shutdown
!
interface TenGigabitEthernet 2/0/22
 description CORE-2 1/2
 fabric isl enable
 fabric trunk enable
 switchport
 switchport mode access
 switchport access vlan 1054
 no shutdown

 

OSPF/VRRP-e

 

図:OSPF (2)

 

各ユーザ毎(/27単位)にVRRP-eインスタンスを作成

 

▼VDX-1

!
interface Vlan 1500
 description 30.30.48.0/27
!
rbridge-id 1
!
 protocol vrrp
!
 interface Ve 1500
  ip ospf area 2
  ip ospf passive
  ip mtu 1500
  ip proxy-arp
  ip address 30.30.48.2/27
  no shutdown
  vrrp-extended-group 1
   virtual-ip 30.30.48.1
   enable
   preempt-mode
   priority 105
   short-path-forwarding

 

▼VDX-2

!
interface Vlan 1500
 description 30.30.48.0/27
!
rbridge-id 2
!
 protocol vrrp
!
 interface Ve 1500
  ip ospf area 2
  ip ospf passive
  ip mtu 1500
  ip proxy-arp
  ip address 30.30.48.3/27
  no shutdown
  vrrp-extended-group 1
   virtual-ip 30.30.48.1
   enable
   preempt-mode
   short-path-forwarding

 

 

3.レイヤ2/3 VCS

 

Management Cluster (MC)モードより、ロジカル・シャーシ管理を実現

 

図:VCAS

 

ISL Trunking

 

設定不要、つなぐだけでISLとTrunkを構成

 

▼VDX-1

interface TenGigabitEthernet 1/0/23
 description VDX-2 TenGE2/0/23
 fabric isl enable                             
 fabric trunk enable                           デフォルト設定
 no shutdown                                   
!
interface TenGigabitEthernet 1/0/24
 description VDX-2 TenGE2/0/24
 fabric isl enable                             
 fabric trunk enable                           デフォルト設定
 no shutdown                                   

 

 ▼VDX-2

interface TenGigabitEthernet 1/0/23
 description VDX-1 TenGE1/0/23
 fabric isl enable                            
 fabric trunk enable                          デフォルト設定
 no shutdown                                  
!
interface TenGigabitEthernet 1/0/24
 description VDX-1 TenGE1/0/24
 fabric isl enable                            
 fabric trunk enable                          デフォルト設定
 no shutdown                                  

 

4.vLAG

 

図:vLAG

設定はEdge Portのみ

 

▼VDX-3

!
interface Port-channel 1
 vlag ignore-split
 speed 1000
 switchport
 switchport mode access
 switchport access vlan 100
 spanning-tree shutdown
 no shutdown
!
interface TenGigabitEthernet 3/0/1
 fabric isl enable
 fabric trunk enable
 channel-group 1 mode active type standard
 lacp timeout long
 no shutdown

▼VDX-4

!
interface Port-channel 1
 vlag ignore-split
 speed 1000
 switchport
 switchport mode access
 switchport access vlan 100
 spanning-tree shutdown
 no shutdown
!
interface TenGigabitEthernet 4/0/1
 fabric isl enable
 fabric trunk enable
 channel-group 1 mode active type standard
 lacp timeout long
 no shutdown

▼ICX-1

vlan 100 by port
 untagged ethe 1/1/1 to 1/1/2 
!
interface ethernet 1/1/1
 link-aggregate configure key 10100
 link-aggregate active
!
interface ethernet 1/1/2
 link-aggregate configure key 10100
 link-aggregate active

 

*IPアドレスは架空のものを使用しています。
*構成は実際と異なる場合があります。