大家好,欢迎来到IT知识分享网。
!接上文,同样的去掉了敏感信息,这是一台典型的数据中心汇聚层交换机,型号是arista 7050QX-32 32个40G端口交换机
DC-91.1#show run
! Command: show running-config
! device: WenZhou-DC-91.1 (DCS-7050QX-32, EOS-4.20.12.1M)
!
! boot system flash:/EOS-4.20.12.1M.swi
!40G端口默认模式是拆分模式
transceiver qsfp default-mode 4x10G
!设置日志
logging buffered
logging trap debugging
logging facility local0
logging source-interface Vlan2
!这里设置了DNS服务器地址,注意这里使用了 vrf default !
hostname DC-91.1
ip domain lookup source-interface Vlan2
ip name-server vrf default 114.114.114.114
ip name-server vrf default 8.8.8.8
ip domain-name ABC.com
!配置NTP,使用了域名形式的NTP服务器地址,它的好处是可以对NTP服务器做查询的负载均衡(相对于IP形式),劣势是在查询前需要先做DNS解析
ntp source Vlan2
ntp server 0.pool.ntp.org
ntp server 1.pool.ntp.org
ntp server pool.ntp.org
!配置SNMP,这里同时配置了snmpv2c和v3
snmp-server engineID local localid12345
snmp-server view iso-view iso included
snmp-server community mima123 ro
snmp-server group managev3group v3 priv read iso-view
snmp-server user username123 managev3group v3 localized locallizedid auth md5 md5charsetxxxxxxx priv des descodexxxxxx
snmp-server host 101.101.101.101 version 3 priv privcharset
snmp-server enable traps
no snmp-server enable traps snmp authentication
!配置MST
spanning-tree mode mstp
spanning-tree mst 0 priority 4096
!
spanning-tree mst configuration
name namecharset
!
no aaa root
!创建本地2个用户
username user123 secret sha512 sha512codedcharset
username username1 privilege 15 secret sha512 sha512codedchaset2
!设置时区
clock timezone PRC
!创建VLAN VLAN2是业务网段,VLAN202是管理网段,默认情况下没做限制,2个网段可以互访。
vlan 2
name YEWU
!
vlan 202
name IPMI-Network
!上联汇集端口是3层端口并且注意它使用的掩码是/31 说明默认打开了ip classless 。这个口是和核心直连端口,将要和核心跑EBGP协议
interface Port-Channel1
description UPLink_4.254
no switchport
ip address 172.20.0.255/31
bfd interval 200 min_rx 200 multiplier 3
ipv6 address fc00::172:19:255:255/127
!下联接入交换机的是二层的聚合端口,仔细看
interface Port-Channel2
description DownLink_91.2
switchport trunk allowed vlan 2,202
switchport mode trunk
!
interface Port-Channel3
description DownLink_91.3
switchport trunk allowed vlan 2,202
switchport mode trunk
!
interface Port-Channel4
description DownLink_91.4
switchport trunk allowed vlan 2,202
switchport mode trunk
!
interface Port-Channel5
description DownLink_91.5
switchport trunk allowed vlan 2,202
switchport mode trunk
!
interface Port-Channel6
description DownLink_91.6
switchport trunk allowed vlan 2,202
switchport mode trunk
!从这里开始开始把端口加入到下联接入交换机的端口聚合组。注意这里它的端口模式是4个10G端口默认,所以需要做speed forced 40gfull 再和接入交换机互联
interface Ethernet1/1
description DownLink_91.2
speed forced 40gfull
channel-group 2 mode active
!底下3个端口是1口40G接口的的子接口,不用管它
interface Ethernet1/2
switchport access vlan 2
!
interface Ethernet1/3
switchport access vlan 2
!
interface Ethernet1/4
switchport access vlan 2
!
interface Ethernet2/1
description DownLink_91.2
speed forced 40gfull
channel-group 2 mode active
!
interface Ethernet2/2
switchport access vlan 2
!
interface Ethernet2/3
switchport access vlan 2
!
interface Ethernet2/4
switchport access vlan 2
!
interface Ethernet3/1
description DownLink_91.2
speed forced 40gfull
channel-group 2 mode active
!
interface Ethernet3/2
switchport access vlan 2
!
interface Ethernet3/3
switchport access vlan 2
!
interface Ethernet3/4
switchport access vlan 2
!
interface Ethernet4/1
description DownLink_91.2
speed forced 40gfull
channel-group 2 mode active
!
interface Ethernet4/2
switchport access vlan 2
!
interface Ethernet4/3
switchport access vlan 2
!
interface Ethernet4/4
switchport access vlan 2
!
interface Ethernet5/1
description DownLink_91.3
speed forced 40gfull
channel-group 3 mode active
!
interface Ethernet5/2
switchport access vlan 2
!
interface Ethernet5/3
switchport access vlan 2
!
interface Ethernet5/4
switchport access vlan 2
!
interface Ethernet6/1
description DownLink_91.3
speed forced 40gfull
channel-group 3 mode active
!
interface Ethernet6/2
switchport access vlan 2
!
interface Ethernet6/3
switchport access vlan 2
!
interface Ethernet6/4
switchport access vlan 2
!
interface Ethernet7/1
description DownLink_91.3
speed forced 40gfull
channel-group 3 mode active
!
interface Ethernet7/2
switchport access vlan 2
!
interface Ethernet7/3
switchport access vlan 2
!
interface Ethernet7/4
switchport access vlan 2
!
interface Ethernet8/1
description DownLink_91.3
speed forced 40gfull
channel-group 3 mode active
!
interface Ethernet8/2
switchport access vlan 2
!
interface Ethernet8/3
switchport access vlan 2
!
interface Ethernet8/4
switchport access vlan 2
!
interface Ethernet9/1
description DownLink_91.4
speed forced 40gfull
channel-group 4 mode active
!
interface Ethernet9/2
switchport access vlan 2
!
interface Ethernet9/3
switchport access vlan 2
!
interface Ethernet9/4
switchport access vlan 2
!
interface Ethernet10/1
description DownLink_91.4
speed forced 40gfull
channel-group 4 mode active
!
interface Ethernet10/2
switchport access vlan 2
!
interface Ethernet10/3
switchport access vlan 2
!
interface Ethernet10/4
switchport access vlan 2
!
interface Ethernet11/1
description DownLink_91.4
speed forced 40gfull
channel-group 4 mode active
!
interface Ethernet11/2
switchport access vlan 2
!
interface Ethernet11/3
switchport access vlan 2
!
interface Ethernet11/4
switchport access vlan 2
!
interface Ethernet12/1
description DownLink_91.4
speed forced 40gfull
channel-group 4 mode active
!
interface Ethernet12/2
switchport access vlan 2
!
interface Ethernet12/3
switchport access vlan 2
!
interface Ethernet12/4
switchport access vlan 2
!
interface Ethernet13/1
description DownLink_91.5
speed forced 40gfull
channel-group 5 mode active
!
interface Ethernet13/2
switchport access vlan 2
!
interface Ethernet13/3
switchport access vlan 2
!
interface Ethernet13/4
switchport access vlan 2
!
interface Ethernet14/1
description DownLink_91.5
speed forced 40gfull
channel-group 5 mode active
!
interface Ethernet14/2
switchport access vlan 2
!
interface Ethernet14/3
switchport access vlan 2
!
interface Ethernet14/4
switchport access vlan 2
!
interface Ethernet15/1
description DownLink_91.5
speed forced 40gfull
channel-group 5 mode active
!
interface Ethernet15/2
switchport access vlan 2
!
interface Ethernet15/3
switchport access vlan 2
!
interface Ethernet15/4
switchport access vlan 2
!
interface Ethernet16/1
description DownLink_91.5
speed forced 40gfull
channel-group 5 mode active
!
interface Ethernet16/2
switchport access vlan 2
!
interface Ethernet16/3
switchport access vlan 2
!
interface Ethernet16/4
switchport access vlan 2
!
interface Ethernet17/1
description DownLink_91.6
channel-group 6 mode active
!
interface Ethernet17/2
description DownLink_91.6
channel-group 6 mode active
!
interface Ethernet17/3
description DownLink_91.6
channel-group 6 mode active
!
interface Ethernet17/4
description DownLink_91.6
channel-group 6 mode active
!这里开始的端口未做任何配置
interface Ethernet18/1
switchport access vlan 2
!
interface Ethernet18/2
switchport access vlan 2
!
interface Ethernet18/3
switchport access vlan 2
!
interface Ethernet18/4
switchport access vlan 2
!
interface Ethernet19/1
switchport access vlan 2
!
interface Ethernet19/2
switchport access vlan 2
!
interface Ethernet19/3
switchport access vlan 2
!
interface Ethernet19/4
switchport access vlan 2
!
interface Ethernet20/1
switchport access vlan 2
!
interface Ethernet20/2
switchport access vlan 2
!
interface Ethernet20/3
switchport access vlan 2
!
interface Ethernet20/4
switchport access vlan 2
!
interface Ethernet21/1
switchport access vlan 2
!
interface Ethernet21/2
switchport access vlan 2
!
interface Ethernet21/3
switchport access vlan 2
!
interface Ethernet21/4
switchport access vlan 2
!
interface Ethernet22/1
switchport access vlan 2
!
interface Ethernet22/2
switchport access vlan 2
!
interface Ethernet22/3
switchport access vlan 2
!
interface Ethernet22/4
switchport access vlan 2
!
interface Ethernet23/1
switchport access vlan 2
!
interface Ethernet23/2
switchport access vlan 2
!
interface Ethernet23/3
switchport access vlan 2
!
interface Ethernet23/4
switchport access vlan 2
!
interface Ethernet24/1
switchport access vlan 2
!
interface Ethernet24/2
switchport access vlan 2
!
interface Ethernet24/3
switchport access vlan 2
!
interface Ethernet24/4
switchport access vlan 2
! 40G的25-32 一共8个40G端口做上联3层口,加入到端口汇聚组1 有意思的是 这句命令应该是多余的 :switchport access vlan 2
interface Ethernet25
description UPLink_4.254
switchport access vlan 2
no switchport
channel-group 1 mode active
!
interface Ethernet26
description UPLink_4.254
switchport access vlan 2
no switchport
channel-group 1 mode active
!
interface Ethernet27
description UPLink_4.254
switchport access vlan 2
no switchport
channel-group 1 mode active
!
interface Ethernet28
description UPLink_4.254
switchport access vlan 2
no switchport
channel-group 1 mode active
!
interface Ethernet29
description UPLink_4.254
switchport access vlan 2
no switchport
channel-group 1 mode active
!
interface Ethernet30
description UPLink_4.254
switchport access vlan 2
no switchport
channel-group 1 mode active
!
interface Ethernet31
description UPLink_4.254
switchport access vlan 2
no switchport
channel-group 1 mode active
!
interface Ethernet32
description UPLink_4.254
switchport access vlan 2
no switchport
channel-group 1 mode active
!
interface Management1
!这里做vlan2 的网关,也就是底下服务器的网关,注意它在这里调整了默认的OSPF hello 和 hold-time定时器(减小了定时器间隔默认是60s 180s ),由于是MA网络,这里把网关所在的交换机端口角色设置为DR。最后运行了pim sparse-mode组播路由协议。
interface Vlan2
description CDN-Network
ip address C.D.91.1/24
ip ospf dead-interval 12
ip ospf hello-interval 3
ip ospf priority 255
ip pim sparse-mode
!起默认路由,将所有出口流量丢给核心 .254 是对端核心3层聚合组IP
ip route 0.0.0.0/0 Port-Channel1 172.20.0.254
!
ipv6 route ::/0 Port-Channel1 fc00::172:19:255:254
!打开IPV4 单播和组播功能
ip routing
!
ip multicast-routing
!写ip prefix-list,它们会被后面的route-map调用
ip prefix-list LOCAL-ALL seq 91 permit C.D.91.0/24
ip prefix-list PERMIT-24-Edge-Server seq 10 permit C.D.91.0/24
ip prefix-list PERMIT-ALL seq 5 permit 0.0.0.0/0 le 32
!打开IPV6 单播
ipv6 unicast-routing
!写ROUTE-MAP1 第一句不匹配所有源自本地服务器路由,这个route-map未看到被后面调用,所以它不生效
route-map UPLink_Core1_IN deny 25
match ip address prefix-list LOCAL-ALL
!第二句匹配其他所有路由
route-map UPLink_Core1_IN permit 999
match ip address prefix-list PERMIT-ALL
!再写route-map2 匹配源自本地服务器路由,并将其属性修改为igp,它将在后面重分布OSPF后被调用,配置后面没有写出来
route-map UPLink_Core1_OUT permit 20
match ip address prefix-list PERMIT-24-Edge-Server
set origin igp
!和核心起EBGP路由协议(AS号不同),打开负载均衡 maximum-paths 10,打开graceful-restart ,打开bgp always-compare-med。和核心的3层聚合组端口172.20.0.254建立EBGP邻居关系,必须的语句加粗了
router bgp 65011
router-id C.D.91.1
bgp default ipv6-unicast
graceful-restart restart-time 300
graceful-restart
no bgp enforce-first-as
bgp always-compare-med
maximum-paths 10
no bgp additional-paths send any
neighbor 172.20.0.254 remote-as 65000
neighbor 172.20.0.254 fall-over bfd
neighbor 172.20.0.254 description UPLink-Core1
neighbor 172.20.0.254 allowas-in 3
neighbor 172.20.0.254 send-community
neighbor 172.20.0.254 maximum-routes 0
!
ipv6 router ospf 1
router-id C.D.91.1
!和底下服务器跑ospf协议
router ospf 1
router-id C.D.91.1
network C.D.91.0/24 area 0.0.0.0
max-lsa 12000
graceful-restart
!设置远程登录方式为ssh和telnet(临时)
management ssh
hostkey server rsa
!
management telnet
no shutdown
!
end
基础配置做完了,但是还没有把底下服务器的路由宣告进BGP进程,可以选择直接在地址族下直接宣告网段C.D.91.0/24,或者使用重分布将 OSPF 1 的路由重分布进BGP进程,并且调用之前写的ROUTE-MAP将路由的起源属性修改为igp,这样的结果就更加准确(因为底下服务器可能并没有使用完/24网段的地址);可以很明显的看到服务器的2层网关设置在汇聚层交换机上。接入层交换机跑纯2层,这是由数据中心业务性质决定的。但是企业组网可能会把3层下沉到接入层,减小2层广播和STP,环路;具体业务应用不同,网络架构也不尽相同。
免责声明:本站所有文章内容,图片,视频等均是来源于用户投稿和互联网及文摘转载整编而成,不代表本站观点,不承担相关法律责任。其著作权各归其原作者或其出版社所有。如发现本站有涉嫌抄袭侵权/违法违规的内容,侵犯到您的权益,请在线联系站长,一经查实,本站将立刻删除。 本文来自网络,若有侵权,请联系删除,如若转载,请注明出处:https://haidsoft.com/152112.html
