Cet article est destiné à vous familiariser avec le processus d'introduction de commutateurs de troisième niveau dans l'infrastructure réseau existante et s'adresse principalement aux administrateurs réseau et aux ingénieurs. Il parle de la configuration d'une pile de deux commutateurs Cisco 3850 et de leur utilisation pour organiser un routage du trafic plus efficace et tolérant aux pannes entre les réseaux internes.
introduction
Après la publication du troisième article , qui traitait de la configuration du routage interne et externe à l'aide de routeurs virtuels VyOS, il a été déclaré dans les commentaires que le schéma de réseau ci-dessus est incorrect, car il ne peut pas faire face à un flux important de trafic, et aussi à ce qui existe déjà . l'infrastructure de travail pour transférer la L3 vers d'autres équipements peut être problématique.
, – , , , .
, , , "" , , , , , , . , , , , .
, .
VyOS 2 vCPU 1 Gb vRAM, 20 () , 220 .
:
BGP full view , VyOS, «».
, - , VyOS 40-50%, , - .
, :
, , , - . , , :
, - , / - . , , , - , - .
– , , .
:
- Cisco 2960RX;
- ~20-30 ;
- , ;
- .
, VyOS, . , , , , , .
, VyOS , , - . , VyOS – vCPU vRAM, , .
, ( - – ) Cisco 3850, - - . , , , .
, – vCPU. - Cisco 3850 – . , 1 / 10 / Cisco 3850 , 480 /, 10 / , .
, , , , Cisco 3850. , , .
, L3, , – . , .
, , , :
- Cisco 3850
- Cisco 3850
- Cisco 2960R Cisco 3850
- PBR
- VyOS' Cisco 3850
- OSPF
Cisco 3850
1
source-based PBR
– L3, VLAN34 VLAN35, , – 172.16.3.0/24.
:
- VLAN17 – 172.20.1.0/24, (IPMI, management)
- VLAN30 – 172.16.1.0/24, «» , VyOS1, VyOS2 Provider-1
- VLAN31 – 172.16.2.0/24, «» , VyOS2, VyOS1 Provider-2
- VLAN32 – 172.20.32.0/23, – PROD
- VLAN34 – 172.20.34.0/24, – DEV
- VLAN35 – 172.20.35.0/24, – DMZ
- VLAN36 – 172.16.10.8/30, «» P2P , Provider-1 Provider-3
- VLAN37 – 172.16.10.12/30, «» P2P , Provider-2 Provider-3
- VLAN38 – 172.16.3.0/24, «» ,
- VLAN40 – 172.20.40.0/23, – TEST
2
destination-based OSPF
L3, VLAN34 VLAN35 , VLAN33 VyOS L3. , – 172.16.3.0/24.
:
- VLAN17 – 172.20.1.0/24, (IPMI, management)
- VLAN30 – 172.16.1.0/24, «» , VyOS1, VyOS2 Provider-1
- VLAN31 – 172.16.2.0/24, «» , VyOS2, VyOS1 Provider-2
- VLAN32 – 172.20.32.0/23, – PROD
- VLAN33 – 172.20.133.0/24, VyOS2, VyOS1 3850
- VLAN34 – 172.20.34.0/24, – DEV
- VLAN35 – 172.20.35.0/24, – DMZ
- VLAN36 – 172.16.10.8/30, «» P2P , Provider-1 Provider-3
- VLAN37 – 172.16.10.12/30, «» P2P , Provider-2 Provider-3
- VLAN38 – 172.16.3.0/24, «» ,
- VLAN40 – 172.20.40.0/23, – TEST-
, oVirt – VLAN33, VLAN34, VLAN35, CentOS 7 x86/64 1810 Minimal ( ):
- test-IM34 – 1 Gb RAM, 1 CPU, 10 Gb HDD
- VLAN34, IP – 172.20.34.239/24, Gateway – 172.20.34.1
- test-IM35 – 1 Gb RAM, 1 CPU, 10 Gb HDD
- VLAN35, IP – 172.20.35.239/24, Gateway – 172.20.35.1
, , IP .
VyOS VLAN34 VLAN35, vrrp HAIP .
VyOS1set interfaces ethernet eth5 address '172.20.34.253/24'
set interfaces ethernet eth5 description 'VLAN34'
set interfaces ethernet eth6 address '172.20.35.253/24'
set interfaces ethernet eth6 description 'VLAN35'
set high-availability vrrp group haip-4 vrid 40
set high-availability vrrp group haip-4 interface eth5
set high-availability vrrp group haip-4 virtual-address 172.20.34.1/24
set high-availability vrrp group haip-4 priority '200'
set high-availability vrrp group haip-4 authentication type 'plaintext-password'
set high-availability vrrp group haip-4 authentication password 'b65495f9'
set high-availability vrrp group haip-4 preempt 2
set high-availability vrrp group haip-4 advertise-interval '1'
set high-availability vrrp group haip-5 vrid 40
set high-availability vrrp group haip-5 interface eth6
set high-availability vrrp group haip-5 virtual-address 172.20.35.1/24
set high-availability vrrp group haip-5 priority '200'
set high-availability vrrp group haip-5 authentication type 'plaintext-password'
set high-availability vrrp group haip-5 authentication password 'b65495f9'
set high-availability vrrp group haip-5 preempt 2
set high-availability vrrp group haip-5 advertise-interval '1'
commit
VyOS2set interfaces ethernet eth5 address '172.20.34.254/24'
set interfaces ethernet eth5 description 'VLAN34'
set interfaces ethernet eth6 address '172.20.35.254/24'
set interfaces ethernet eth6 description 'VLAN35'
set high-availability vrrp group haip-4 vrid 40
set high-availability vrrp group haip-4 interface eth5
set high-availability vrrp group haip-4 virtual-address 172.20.34.1/24
set high-availability vrrp group haip-4 priority '199'
set high-availability vrrp group haip-4 authentication type 'plaintext-password'
set high-availability vrrp group haip-4 authentication password 'b65495f9'
set high-availability vrrp group haip-4 preempt 2
set high-availability vrrp group haip-4 advertise-interval '1'
set high-availability vrrp group haip-5 vrid 40
set high-availability vrrp group haip-5 interface eth6
set high-availability vrrp group haip-5 virtual-address 172.20.35.1/24
set high-availability vrrp group haip-5 priority '199'
set high-availability vrrp group haip-5 authentication type 'plaintext-password'
set high-availability vrrp group haip-5 authentication password 'b65495f9'
set high-availability vrrp group haip-5 preempt 2
set high-availability vrrp group haip-5 advertise-interval '1'
commit
Cisco 3850
, Cisco 3850, , – WS-C3850-24T-E, 24 x 1 GE, 350 W no PoE, 4 x 1 GE, 2 x 10 GE, :
Cisco 3850
1) , .
, StackWise StackPower, – Catalyst 3850 Switch Getting Started Guide.
, StackWise StackPower , :
, L3, . PBR (policy based routing), IP Services.
,- LAN Base
;
;
: ACL, 802.1x, DHCP snooping, DAI, IPSG;
: Ingress policing, AutoQoS, Trust Boundary, DSCP mapping. - IP Base
;
;
;
;
Mobility controller Flexible NetFlow ( 3650/3850);
StackPower EEM. - IP Services
;
(PBR, EIGRP, OSPF, BGP, VRF-lite ..);
;
;
Mobility controller Flexible NetFlow ( 3650/3850);
StackPower, EEM, IPSLA.
2) 3850 .
, , :
USB RJ-45 , : 9600 baud, 8 data bits, no parity, 1 stop bit, no flow control.
Windows, Putty, Linux, minicom.
, :
,sh ver | beg Switch Ports Model
Switch Ports Model SW Version SW Image Mode
------ ----- ----- ---------- ---------- ----
* 1 32 WS-C3850-24T 16.6.7 CAT3K_CAA-UNIVERSALK9 INSTALL
2 32 WS-C3850-24T 16.6.7 CAT3K_CAA-UNIVERSALK9 INSTALL
sh license right-to-use
Slot# License Name Type Period left
----------------------------------------------------
1 ipservices Permanent Lifetime
----------------------------------------------------
License Level on Reboot: ipservices
Slot# License Name Type Period left
----------------------------------------------------
2 ipservices Permanent Lifetime
----------------------------------------------------
License Level on Reboot: ipservices
enable
switch 1 priority 15
switch 2 priority 14
conf t
hostname 3850-stack
no ip domain-lookup
no service pad
service timestamps debug datetime msec
service timestamps log datetime localtime show-timezone msec
no service password-encryption
service sequence-numbers
logging buffered 16384
stack-mac persistent timer 0
stack-power stack Powerstack-1
mode redundant
clock timezone MSK 3
vtp mode transparent
ip subnet-zero
spanning-tree mode rapid-pvst
spanning-tree etherchannel guard misconfig
spanning-tree extend system-id
spanning-tree vlan 1,17,30-40 root primary
spanning-tree loopguard default
port-channel load-balance src-dst-ip
errdisable recovery cause bpduguard
errdisable recovery cause loopback
errdisable recovery interval 60
line con 0
session-timeout 60
exec-timeout 60 0
logging synchronous
line vty 5 15
session-timeout 60
exec-timeout 60 0
logging synchronous
ip http server
ip http secure-server
exit
wr mem
reload
,3850-stack>enable
3850-stack#show switch detail
Switch/Stack Mac Address : b090.7ebd. - Local Mac Address
Mac persistency wait time: Indefinite
H/W Current
Switch# Role Mac Address Priority Version State
-------------------------------------------------------------------------------------
*1 Active b090.7ebd. 15 V02 Ready
2 Standby b090.7ef3. 14 V02 Ready
Stack Port Status Neighbors
Switch# Port 1 Port 2 Port 1 Port 2
--------------------------------------------------------
1 OK OK 2 2
2 OK OK 1 1
3850-stack#show switch stack-ring speed
Stack Ring Speed : 480G
Stack Ring Configuration: Full
Stack Ring Protocol : StackWise
3850-stack#show switch stack-ports
Switch# Port1 Port2
----------------------------
1 OK OK
2 OK OK
3850-stack#show switch neighbors
Switch # Port 1 Port 2
-------- ------ ------
1 2 2
2 1 1
3850-stack#show stack-power
Power Stack Stack Stack Total Rsvd Alloc Sw_Avail Num Num
Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS
-------------------- ------ ------- ------ ------ ------ ------ ----- ----
Powerstack-1 SP-R Ring 1400 380 460 560 2 4
3850-stack#show stack-power detail
Power Stack Stack Stack Total Rsvd Alloc Sw_Avail Num Num
Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS
-------------------- ------ ------- ------ ------ ------ ------ ----- ----
Powerstack-1 SP-R Ring 1400 380 460 560 2 4
Power stack name: Powerstack-1
Stack mode: Redundant
Stack topology: Ring
Switch 1:
Power budget: 230
Power allocated: 230
Low port priority value: 21
High port priority value: 12
Switch priority value: 3
Port 1 status: Connected
Port 2 status: Connected
Neighbor on port 1: Switch 2 - b090.7ef3.
Neighbor on port 2: Switch 2 - b090.7ef3.
Switch 2:
Power budget: 230
Power allocated: 230
Low port priority value: 22
High port priority value: 13
Switch priority value: 4
Port 1 status: Connected
Port 2 status: Connected
Neighbor on port 1: Switch 1 - b090.7ebd.
Neighbor on port 2: Switch 1 - b090.7ebd.
3850-stack#show stack-power neighbors
Power Stack Stack Stack Total Rsvd Alloc Sw_Avail Num Num
Name Mode Topolgy Pwr(W) Pwr(W) Pwr(W) Pwr(W) SW PS
-------------------- ------ ------- ------ ------ ------ ------ ----- ----
Powerstack-1 SP-R Ring 1400 380 460 560 2 4
Power Stack Port 1 Port 1 Port 2 Port 2
SW Name Status Neighbor SW:MAC Status Neighbor SW:MAC
-- -------------------- ------ ---------------- ------ ----------------
1 Powerstack-1 Conn 2:b090.7ef3. Conn 2:b090.7ef3.
2 Powerstack-1 Conn 1:b090.7ebd. Conn 1:b090.7ebd.
3850-stack#sh env all
Switch 1 FAN 1 is OK
Switch 1 FAN 2 is OK
Switch 1 FAN 3 is OK
FAN PS-1 is OK
FAN PS-2 is OK
Switch 2 FAN 1 is OK
Switch 2 FAN 2 is OK
Switch 2 FAN 3 is OK
FAN PS-1 is OK
FAN PS-2 is OK
Switch 1: SYSTEM TEMPERATURE is OK
Inlet Temperature Value: 20 Degree Celsius
Temperature State: GREEN
Yellow Threshold : 46 Degree Celsius
Red Threshold : 56 Degree Celsius
Hotspot Temperature Value: 39 Degree Celsius
Temperature State: GREEN
Yellow Threshold : 105 Degree Celsius
Red Threshold : 125 Degree Celsius
Switch 2: SYSTEM TEMPERATURE is OK
Inlet Temperature Value: 20 Degree Celsius
Temperature State: GREEN
Yellow Threshold : 46 Degree Celsius
Red Threshold : 56 Degree Celsius
Hotspot Temperature Value: 38 Degree Celsius
Temperature State: GREEN
Yellow Threshold : 105 Degree Celsius
Red Threshold : 125 Degree Celsius
SW PID Serial# Status Sys Pwr PoE Pwr Watts
-- ------------------ ---------- ---------- ------- ------- -----
1A PWR-C1-350WAC ART2244F8 OK Good Good 350
1B PWR-C1-350WAC ART2248FL OK Good Good 350
2A PWR-C1-350WAC ART2244F9 OK Good Good 350
2B PWR-C1-350WAC ART2248FL OK Good Good 350
, - VLAN', ssh, IP , ..enable
conf t
vlan 17
name 172.20.1.0/24
vlan 32
name 172.20.32.0/23
vlan 33
vlan 34
name 172.20.34.0/24
vlan 35
name 172.20.35.0/24
vlan 36
vlan 37
vlan 38
vlan 39
vlan 40
name 172.20.40.0/23
interface Vlan1
no ip address
shutdown
exit
interface vlan 17
ip address 172.20.1.2 255.255.255.0
crypto key generate rsa
ip ssh version 2
ip ssh time-out 90
line vty 0 4
session-timeout 60
exec-timeout 60 0
privilege level 15
logging synchronous
transport input ssh
line vty 5 15
session-timeout 60
exec-timeout 60 0
privilege level 15
logging synchronous
transport input ssh
snmp-server community Public RO
snmp-server location Moscow, Russia
aaa new-model
aaa authentication login default local
username cisco privilege 15 secret mysecretpassword
enable secret myenablepassword
service password-encryption
ntp server 85.21.78.8 prefer
ntp server 89.221.207.113
ntp server 185.22.60.71
ntp server 192.36.143.130
ntp server 185.209.85.222
exit
wr mem
Cisco 3850 .
Cisco 2960R Cisco 3850
L2 Cisco 2960R Cisco 3850, - , Etherchannel:
2960X Gi1/0/42 <-> 3850-stack Gi1/0/21
2960X Gi2/0/42 <-> 3850-stack Gi1/0/23
2960X Gi1/0/44 <-> 3850-stack Gi2/0/21
2960X Gi2/0/44 <-> 3850-stack Gi2/0/23
Etherchannel Cisco 2960Renable
conf t
interface Port-channel 9
description Channel->3850-stack
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
spanning-tree link-type point-to-point
interface GigabitEthernet1/0/44
shut
description Channel -> 3850-stack Gi1/0/21
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
spanning-tree link-type point-to-point
channel-group 9 mode active
interface GigabitEthernet1/0/48
shut
description Channel -> 3850-stack Gi2/0/21
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
spanning-tree link-type point-to-point
channel-group 9 mode active
interface GigabitEthernet2/0/44
shut
description Channel -> 3850-stack Gi1/0/23
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
spanning-tree link-type point-to-point
channel-group 9 mode active
interface GigabitEthernet2/0/48
shut
description Channel -> 3850-stack Gi2/0/23
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
spanning-tree link-type point-to-point
channel-group 9 mode active
exit
wr mem
Etherchannel Cisco 3850enable
conf t
interface Port-channel 2
description Channel -> 2960X-stack1
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
spanning-tree link-type point-to-point
interface GigabitEthernet1/0/21
description Channel -> 2960X-stack1 Gi1/0/44
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
channel-group 2 mode active
no shut
interface GigabitEthernet1/0/23
description Channel -> 2960X-stack1 Gi2/0/44
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
channel-group 2 mode active
no shut
interface GigabitEthernet2/0/21
description Channel -> 2960X-stack1 Gi1/0/48
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
channel-group 2 mode active
no shut
interface GigabitEthernet2/0/23
description Channel -> 2960X-stack1 Gi2/0/48
switchport trunk allowed vlan 1,17,30-40
switchport mode trunk
channel-group 2 mode active
no shut
exit
wr mem
, Etherchannel 2960 3850-stack3850-stack#sh etherchannel summary | beg Po2
Flags: D - down P - bundled in port-channel
I - stand-alone s - suspended
H - Hot-standby (LACP only)
R - Layer3 S - Layer2
U - in use f - failed to allocate aggregator
M - not in use, minimum links not met
u - unsuitable for bundling
w - waiting to be aggregated
d - default port
A - formed by Auto LAG
2 Po2(SU) LACP Gi1/0/21(P) Gi1/0/23(P) Gi2/0/21(P)
Gi2/0/23(P)
3850-stack#show lacp internal | beg Channel group 2
Flags: S - Device is requesting Slow LACPDUs
F - Device is requesting Fast LACPDUs
A - Device is in Active mode P - Device is in Passive mode
Channel group 2
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Gi1/0/21 SA bndl 32768 0x2 0x2 0x116 0x3D
Gi1/0/23 SA bndl 32768 0x2 0x2 0x118 0x3D
Gi2/0/21 SA bndl 32768 0x2 0x2 0x216 0x3D
Gi2/0/23 SA bndl 32768 0x2 0x2 0x218 0x3D
- , :
sh logging
, Etherchanel , Cisco 3850 , , VyOS IP 172.20.1.2 ssh.
, .
1
destination-based , .. , , 3- . ( ) , .
VyOS:
, , . , - VyOS.
2
source-based , .. , , , , . VyOS , Cisco 3850 PBR (policy based routing). , Cisco 3850, VyOS.
PBR (policy based routing)
:
VLAN' Cisco 3850, SVI (Switch Virtual Interface)enable
conf t
ip routing
interface Vlan17
ip address 172.20.1.2 255.255.255.0
interface Vlan32
ip address 172.20.32.2 255.255.254.0
interface Vlan34
ip address 172.20.34.2 255.255.255.0
interface Vlan35
ip address 172.20.35.2 255.255.255.0
interface Vlan40
ip address 172.20.40.2 255.255.254.0
exit
wr mem
, SVI, . , PBR (policy-based routing).
DisclaimerPBR , , , 3850 . , , 3850, , PBR, :
- 3850, VyOS ;
- 3850 VyOS, HAIP vrrp.
:
- , PBR ;
- , , - overhead' .
- , , ;
- - , , .
,
disclaimer' , , PBR 3850. , , , OSPF.
PBR Cisco 3850,enable
conf t
ip access-list extended Access_to_External
permit ip any 0.0.0.0 127.255.255.255
permit ip any 128.0.0.0 31.255.255.255
permit ip any 160.0.0.0 7.255.255.255
permit ip any 168.0.0.0 3.255.255.255
permit ip any 172.0.0.0 0.15.255.255
permit ip any 172.16.0.0 0.3.255.255
permit ip any 172.20.0.0 0.0.0.255
permit ip any 172.20.2.0 0.0.1.255
permit ip any 172.20.4.0 0.0.3.255
permit ip any 172.20.8.0 0.0.7.255
permit ip any 172.20.16.0 0.0.15.255
permit ip any 172.20.36.0 0.0.3.255
permit ip any 172.20.42.0 0.0.1.255
permit ip any 172.20.44.0 0.0.3.255
permit ip any 172.20.48.0 0.0.15.255
permit ip any 172.20.64.0 0.0.63.255
permit ip any 172.20.128.0 0.0.127.255
permit ip any 172.21.0.0 0.0.255.255
permit ip any 172.22.0.0 0.1.255.255
permit ip any 172.24.0.0 0.7.255.255
permit ip any 172.32.0.0 0.31.255.255
permit ip any 172.64.0.0 0.63.255.255
permit ip any 172.128.0.0 0.127.255.255
permit ip any 173.0.0.0 0.255.255.255
permit ip any 174.0.0.0 1.255.255.255
permit ip any 176.0.0.0 15.255.255.255
permit ip any 192.0.0.0 31.255.255.255
route-map VLAN17PBR permit 10
match ip address Access_to_External
set ip next-hop 172.20.1.1
route-map VLAN32PBR permit 10
match ip address Access_to_External
set ip next-hop 172.20.32.1
route-map VLAN34PBR permit 10
match ip address Access_to_External
set ip next-hop 172.20.34.1
route-map VLAN35PBR permit 10
match ip address Access_to_External
set ip next-hop 172.20.35.1
route-map VLAN40PBR permit 10
match ip address Access_to_External
set ip next-hop 172.20.40.1
interface Vlan17
ip policy route-map VLAN17PBR
ip route-cache policy
interface Vlan32
ip policy route-map VLAN32PBR
ip route-cache policy
interface Vlan34
ip policy route-map VLAN34PBR
ip route-cache policy
interface Vlan35
ip policy route-map VLAN35PBR
ip route-cache policy
interface Vlan40
ip policy route-map VLAN40PBR
ip route-cache policy
exit
wr mem
, Access_to_External, :
172.20.1.0/24
172.20.32.0/23
172.20.34.0/24
172.20.35.0/24
172.20.40.0/23
, SVI, , .
, , , SVI Cisco 3850, , .
, Cisco 3850, , , ACL, PBR, QoS ., :
3850-stack#show platform hardware fed switch active fwd-asic resource tcam utilization
CAM Utilization for ASIC [0]
Table Max Values Used Values
--------------------------------------------------------------------------------
Unicast MAC addresses 32768/512 429/22
L3 Multicast entries 4096/512 0/7
L2 Multicast entries 4096/512 0/9
Directly or indirectly connected routes 16384/7168 477/23
QoS Access Control Entries 2560 86
Security Access Control Entries 3072 133
Netflow ACEs 768 15
Policy Based Routing ACEs 1024 134
Flow SPAN ACEs 512 5
Output Flow SPAN ACEs 512 8
Control Plane Entries 512 208
Tunnels 256 17
Lisp Instance Mapping Entries 256 3
Input Security Associations 256 4
Output Security Associations and Policies 256 5
SGT_DGT 4096/512 0/1
CLIENT_LE 4096/256 0/0
INPUT_GROUP_LE 6144 0
OUTPUT_GROUP_LE 6144 0
Macsec SPD 256 2
L3, .. ACL SVI (), PBR, SVI. , :
sh processes | inc CPU
sh processes cpu sort | exclude 0.00
sh processes cpu history
sh ip route summary
sh memory summary
sh route-map ( , )
, , , , – Troubleshooting TechNotes.
, Cisco 3850, Zabbix. .
VyOS' Cisco 3850
, , , , 172.20..1 172.20..2 – , .
, , , , , Ansible, ssh.
, IP SVI isco 3850 HAIP , VyOS.
isco 3850, , IP VLAN 17, 32, 34, 35, 40 ( 172.20.1.1, 172.20.32.1, 172.20.34.1, 172.20.35.1, 172.20.40.1) VyOS isco 3850.
, 172.20.1.2, 172.20.32.2, 172.20.34.2, 172.20.35.2, 172.20.40.2 isco 3850 VyOS.
, – 172.20.1.0/24, VLAN 17, .
, IP 172.20.1.1 VyOS isco 3850, VLAN17.
3850en
conf t
interface Vlan17
no ip address 172.20.1.2 255.255.255.0
no ip route-cache policy
no ip policy route-map VLAN17PBR
shut
exit
no route-map VLAN17PBR
VyOS1/2configure
delete high-availability vrrp group haip-1 virtual-address '172.20.1.1/24'
set high-availability vrrp group haip-1 virtual-address '172.20.1.2/24'
commit
3850route-map VLAN17PBR permit 10
match ip address Access_to_External
set ip next-hop 172.20.1.2
interface Vlan17
ip address 172.20.1.1 255.255.255.0
ip route-cache policy
ip policy route-map VLAN17PBR
no shut
exit
wr mem
, , 10-15 VLAN 17, 172.20.1.1, isco 3850.
– 172.20.32.2, 172.20.34.2, 172.20.35.2 172.20.40.2 isco 3850, VyOS. , , , – isco 3850. , , – isco 3850, VyOS , . , - , , .
isco 3850 , , , VyOS, , 172.20.1.0/24 VLAN 17:
VyOS1/2configure
delete high-availability vrrp group haip-1 virtual-address '172.20.1.2/24'
set high-availability vrrp group haip-1 virtual-address '172.20.1.1/24'
commit
, VyOS, , isco 3850.
, – , - . . , - , , , , , , .
, 4 ( ) Vmware vSphere Enterprise Plus, Vcenter Server Standard, 4 ( ) – Veeam B&R Enterprise. , , , , , 44.000 USD VMware 10.000 USD Veeam ( ).
, , , , ( , ).
, , IT – , . , , , .
IT , oVirt, :
, , , . Iaa , , .
oVirt/RHEV Iaa, Terraform, Ansible.
, , Terraform Ansible, Cobbler, .
IT , , , - , ..
, , DevOps, Iaa, oVirt / VMware vSphere.
P.S.
- , , .
, , / PBR Cisco 3850 (.. source-based ), "" , destination-based .
, , , :
OSPF
Cisco 3850
– Chapter: Configuring IP Unicast Routing
PBR, :
- route-map' : VLAN17, VLAN32, VLAN34, VLAN35, VLAN40
- route-map': VLAN17PBR, VLAN32PBR, VLAN34PBR, VLAN35PBR, VLAN40PBR
- access-list Access_to_External
- VyOS OSPF, VLAN33, .
Cisco 3850interface Vlan33
ip address 172.20.133.1 255.255.255.0
ip ospf dead-interval 4
ip ospf hello-interval 1
ip ospf priority 100
interface Loopback0
ip address 10.1.1.3 255.255.255.255
router ospf 1
router-id 10.1.1.3
network 10.1.1.3 255.255.255.255 area 0.0.0.0
network 172.20.133.0 0.0.0.255 area 0.0.0.0
network 172.20.1.0 0.0.0.255 area 0.0.0.0
network 172.20.32.0 0.0.1.255 area 0.0.0.0
network 172.20.34.0 0.0.0.255 area 0.0.0.0
network 172.20.35.0 0.0.0.255 area 0.0.0.0
network 172.20.40.0 0.0.1.255 area 0.0.0.0
log-adjacency-changes
passive-interface default
no passive-interface Vlan33
VyOS
— OSPF VyOS
Cisco 3850 PBR, :
- vrrp ;
- , VLAN32, VLAN34, VLAN35, VLAN40;
- : VLAN17, VLAN32, VLAN34, VLAN35, VLAN40;
- oVirt;
- Cisco 3850 OSPF, eth0, VLAN33, .
VyOS1set interfaces loopback lo address '10.1.1.1/32'
set interfaces ethernet eth0 address '172.20.133.253/24'
set interfaces ethernet eth0 description 'VLAN33'
set interfaces ethernet eth0 ip ospf dead-interval '4'
set interfaces ethernet eth0 ip ospf hello-interval '1'
set interfaces ethernet eth0 ip ospf priority '1'
set interfaces ethernet eth0 ip ospf retransmit-interval '5'
set interfaces ethernet eth0 ip ospf transmit-delay '1'
set protocols ospf area 0.0.0.0 network '172.20.133.0/24'
set protocols ospf area 0.0.0.0 network '10.1.1.1/32'
set protocols ospf default-information originate metric '10'
set protocols ospf default-information originate metric-type '2'
set protocols ospf log-adjacency-changes
set protocols ospf neighbor 172.20.133.1 poll-interval '5'
set protocols ospf neighbor 172.20.133.1 priority '1'
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id '10.1.1.1'
set protocols ospf passive-interface 'default'
set protocols ospf passive-interface-exclude 'eth0'
set protocols ospf redistribute static metric '5'
set protocols ospf redistribute static metric-type '2'
VyOS2set interfaces loopback lo address '10.1.1.2/32'
set interfaces ethernet eth0 address '172.20.133.254/24'
set interfaces ethernet eth0 description 'VLAN33'
set interfaces ethernet eth0 ip ospf dead-interval '4'
set interfaces ethernet eth0 ip ospf hello-interval '1'
set interfaces ethernet eth0 ip ospf priority '1'
set interfaces ethernet eth0 ip ospf retransmit-interval '5'
set interfaces ethernet eth0 ip ospf transmit-delay '1'
set protocols ospf area 0.0.0.0 network '172.20.133.0/24'
set protocols ospf area 0.0.0.0 network '10.1.1.2/32'
set protocols ospf default-information originate metric '20'
set protocols ospf default-information originate metric-type '2'
set protocols ospf log-adjacency-changes
set protocols ospf neighbor 172.20.133.1 poll-interval '5'
set protocols ospf neighbor 172.20.133.1 priority '1'
set protocols ospf parameters abr-type 'cisco'
set protocols ospf parameters router-id '10.1.1.2'
set protocols ospf passive-interface 'default'
set protocols ospf passive-interface-exclude 'eth0'
set protocols ospf redistribute static metric '10'
set protocols ospf redistribute static metric-type '1'
OSPF, :
sh ip ospf interface
sh ip ospf neighbor
show ip ospf
show ip route
show ip route ospf