收藏
下载资源

OTV介绍和原理

上传人:鲁** 文档编号:570008158 上传时间:2024-08-01 格式:PPT 页数:80 大小:3.76MB
返回 下载 相关 举报
OTV介绍和原理_第1页
第1页 / 共80页
OTV介绍和原理_第2页
第2页 / 共80页
OTV介绍和原理_第3页
第3页 / 共80页
OTV介绍和原理_第4页
第4页 / 共80页
OTV介绍和原理_第5页
第5页 / 共80页
点击查看更多>>
资源描述

《OTV介绍和原理》由会员分享,可在线阅读,更多相关《OTV介绍和原理(80页珍藏版)》请在金锄头文库上搜索。

1、 2010 Cisco and/or its affiliates. All rights reserved.Cisco PublicPresentation_ID1Overlay Transport Virtualization 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-20492主要内容主要内容多数据中心带来的挑战OTV 工作原理控制平面和数据平面故障隔离多归属移动性L2组播转发QoS路径优化分布层部署OTV 2011 Cisco and/or its affiliates. All r

2、ights reserved.Cisco PublicBRKDCT-20493分布式数据中心分布式数据中心构建数据中心云多数据中心负载分担 为用户提供就近的服务最优化的全局计算资源池促进业务的可持续发展构建分布式数据中心的目标 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-20494传统的数据中心二的数据中心二层组网模型网模型EoMPLSVPLSDark Fiber 2011 Cisco and/or its affiliates. All rights reserved.Cisco Publi

3、cBRKDCT-20495泛泛洪洪问题x2Site ASite BSite CMAC 1 propagationMAC 1传统二层VPN技术依赖广播泛洪来进行MAC地址学习泛洪机制导致所有的广播转发报文扩散到所有的DC,在二层环境上造成环路我们的目标提供二层的DC间互联,同时防止如未知单播等广播 传播机制报文报文泛洪到所有的站点从而控制一个站点失效时对全局的影响以及保持DC间二层环境的良好弹性 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-20496PW的的维护在进行二层地址学习之前必须要在所有

4、的站点间都建立PW隧道隧道数量和站点数之间是平方效应,对于N个数据中心,需要建立N*(N-1)/2条隧道,建立和删除都很复杂广播和组播跨站点转发的复制效应大大降低了线路利用率我们的目标 提供一个点到云的连接方式,优化带宽使用降低线路带宽费用和维护人力成本 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-20497多多归属属L2 SiteL2 SiteL2 VPNActiveActive需要一种附加的机制来支持多归属组网STP经常被用在跨站点间避免环路,这样当站点增加时很难进行管理 当某个站点出现问

5、题时,会影响到其他站点的网络我们的目标 能够自动探测到多归属的组网,不需要在站点间使用STP,同时形成一种更高效的负载均衡的机制 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-20498Overlay Transport Virtualization (OTV)OVOverlay - A solution that is independent of the infrastructure technology and services, flexible over various inter-c

6、onnect facilitiesTransport - Transporting services for layer 2 and layer 3 Ethernet and IP trafficVirtualization - Provides virtual stateless multi-access connections, which are virtualized and partitioned into VPNs, VRFs, VLANsTOTV 可以在任何的传输架构之上构建可灵活扩展的二层网络 2011 Cisco and/or its affiliates. All righ

7、ts reserved.Cisco PublicBRKDCT-20499OTV 改改变DC互互连游游戏规则 基于泛洪机制的地址学习 基于控制平面的地址学习使用控制协议来发布MAC地址和宣告可达性DC间手工建立PW(虚线路)隧道 动态封装不再需要手工配置MPLS虚线路提供优化的报文近目的测的复制机制减少DC间物理链路的利用率复杂的多归属部署 自动多归属部署能够在同一site内存在多台活动设备时,提供对同一VLAN流量负载均衡的Multi-home解决方案。STP只部署在site内部,不需要跨site传播 2011 Cisco and/or its affiliates. All rights r

8、eserved.Cisco PublicBRKDCT-204910主要内容主要内容多数据中心带来的挑战OTV 工作原理控制平面和数据平面控制平面和数据平面故障隔离多归属移动性L2组播转发QoS路径优化分布层部署OTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204911Overlay Transport VirtualizationOTV is a “MAC in IP” technique to extend Layer 2 domains OVER ANY TRANSPORT 协议学习

9、本地环路避免故障边界保护站点流量隔离自动化多归属动态封装无需维护虚链路状态优化的组播复制多点互连点到云模型First platform to support OTV!Nexus 7000 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204912L2L3Transport Infrastructure*OTVOTVOTVOTV技技术名名词解解释: “Edge Device”Edge Device指执行所有OTV功能的设备Edge Device可以根据组网情况部署在汇聚层或者核心层每个数据中心站点

10、可以有多个OTV Edge Device(多归属组网)OTV Edge DeviceOTV Edge Device 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204913L2L3Transport InfrastructureOTVOTVOTVOTV技技术名名词解解释: “Internal Interfaces”Internal Interface是Edge Device连接数据中心站点内部的接口Internal Interface都是标准的二层接口,不需要进行OTV相关配置这些接口通常会被

11、配置为二层trunk接口,承载多个需要通过OTV在站点间扩展访问的Vlan。OTV Internal Interface=OTV Internal InterfacesOTV Internal Interfaces 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204914L2L3Transport InfrastructureOTVOTVOTVOTV技技术名名词解解释: “Join Interface”Join Interface是Edge Device连接互联核心网络的边缘端口 Join I

12、nterface通常是一个点到点连接方式的可路由接口 Join Interface可以是一个单纯的物理接口,也可以是一个聚合接口 Join Interface通常是物理上行到OTV网络的接口OTV Join InterfaceOTV Join Interface 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204915技技术名名词解解释: “Overlay Interface”Overlay Interface是一个虚拟的接口,所有OTV的相关配置都在上面完成 Overlay Interfac

13、e是个支持组播的多路访问逻辑接口 Overlay Interface用来将站点内部二层报文封装成IP单播或组播报文发给互联核心L2L3Transport InfrastructureOTVOTVOTVOTVOverlay InterfaceOverlay Interface 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204916OTV 数据平面数据平面:站点内部数据流站点内部数据流OTVOTVOTVOTVOTVOTVOTVOTVMAC TABLEVLANMACIF100MAC 1Eth 21

14、00MAC 2Eth 1Layer 2Lookup 2West SiteMAC 1EastSiteMAC 2MAC 1 MAC 2TransportInfrastructure 11.根据目的MAC进行二层寻址2.查找到MAC 2 对应Eth1接口3.报文被从Eth1接口转发 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204917TransportInfrastructureOTV 数据平面数据平面: 站点站点间数据流数据流OTVOTVOTVOTVOTVOTVOTVOTVMAC TABLEV

15、LANMACIF100MAC 1Eth 2100MAC 2Eth 1100MAC 3IP B100MAC 4IP BMAC 1 MAC 3IP A IP BMAC 1 MAC 3MAC TABLEVLANMACIF100MAC 1IP A100MAC 2IP A100MAC 3Eth 3100MAC 4Eth 4Layer 2Lookup 6IP A IP BMAC 1 MAC 3MAC 1 MAC 3Layer 2Lookup 2Encap 3Decap 5MAC 1 MAC 3West SiteMAC 1MAC 3EastSite 4 7IP AIP B 11.根据目的MAC进行二层寻址2

16、.查找到MAC 3 对应IP B转发,ED(Edge Device)对原始报文进行封装3.互联核心转发报文到site East的ED4.Site East的ED接收报文并解封装5.对原始报文根据目的MAC进行二层寻址6.找到对应本地出接口进行转发 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204918OTV 增加了共42字节的外部封装外部封装中包含一个8字节的OTV Shim,里面携带了overlay的一些信息(vlan,overlay number等)原始报文中的802.1Q字段内容被提取

17、出来, VLAN ID封装到OTV Shim中。OTV 数据平面数据平面Encapsulation20B + 8B + 14B* = 42 Bytes of total overhead 6B6B2B20B8BDMACSMACEther TypeIP HeaderPayload4BCRCOTV Shim802.1QDMACSMACEtherType802.1QVLAN ID, Overlay#14B*Original L2 FrameL2 Header802.1Q header removed 2011 Cisco and/or its affiliates. All rights reser

18、ved.Cisco PublicBRKDCT-204919WestOTVOTV构建构建MAC地址表地址表OTV控制平面OTV 控制平面提供MAC可达性(通过控制平面报文学习)当OTV配置后,MAC学习即启动在后台默默运行不需要特殊的协议配置 ISIS作为控制协议运行于Edge Device间,当然一切都是自动的,不需要进行ISIS的任何相关配置 IP AIP BIP CEastSouthMAC AddressesAdvertisementsOTVOTVOTVOTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco Publi

19、cBRKDCT-204920OTV 控制平面控制平面邻居居发现和建立和建立邻接关系接关系在向异中心宣告MAC地址之前Edge Device需要: 发现对方互相间建立邻居关系可以在原有的DCI基础架构之上建立邻接关系:基于组播基于单播技术优势: OTV 可以借助现有DCI间基础架构的任何优点如组播、快速重路由、等价路由等 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204921OTV 控制平面控制平面邻居发现 (基于组播核心网)最终效果 仿真一个链路层多路访问组播环境 本地链路邻居发现 通过组播

20、组维护邻接关系 一个单独的update报文可以被组播组发送到多个邻居机制 Edge Devices以主机角色加入互联核心的ASM/Bidir组播组中 OTV hello和update封装进IP报文发送到组播组中 Edge Devices既是组播源又是接收者WestOTVOTVOTV Control PlaneIP AEastOTVOTVOTV Control PlaneIP BMulticast-enableTransport 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204922WestO

21、TVOTVSouthEastOTVOTVOTVOTVOTV Control PlaneOTV Control PlaneOTV Control PlaneIP AIP BIP CEncapDecapDecapOTV 控制平面控制平面邻居发现(基于组播核心网)OTV Hello OTV HelloOTV HelloIGMP Join GIGMP Join GIGMP Join GMulticast state for group G established throughout transport Transport natively replicates multicast to all OI

22、FsAll edge devices join OTV control-group G123456677IP A GOTV Hello IP A GOTV Hello IP A GOTV HelloOTV HelloIP A GOTV HelloOTV HelloIP A GOTV HelloNeighborIP AddrWestIP ANeighborIP AddrWestIP ANeighborIP AddrMulticast-enabled Transport 2011 Cisco and/or its affiliates. All rights reserved.Cisco Publ

23、icBRKDCT-204923SouthEastWestOTVOTVOTVOTVOTVOTVOTV Control PlaneOTV Control PlaneOTV Control PlaneIP AIP BIP CDecapDecapEncapOTV控制平面控制平面 邻居居发现(基于组播核心网)OTV Hello IP C GOTV Hello IP C GOTV Hello IP C GOTV Hello OTV Hello OTV Hello OTV Hello IP C GOTV Hello OTV Hello IP C GOTV Hello NeighborIP AddrWestI

24、P ANeighborIP AddrWestIP ASouthIP CNeighborIP AddrSouthIP C1234455Bidirectional adjacency formedThe South Site creates its hello with Wests addressin the TLVMulticast-enabled Transport 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204924SouthEastWestOTVOTVOTVOTVOTVOTVVLANM

25、ACIF 100MAC AIP A 100MAC BIP A 100MAC CIP AVLANMACIF 100MAC AIP A 100MAC BIP A 100MAC CIP AVLANMACIF 100MAC Ae1/1 100MAC Be1/1 100MAC Ce1/1VLANMACIF 100MAC Ae1/1 100MAC Be1/1 100MAC Ce1/1OTV控制平面控制平面MAC宣告宣告(基于组播核心网)Update AVLANMACIF 100MAC AIP A 100MAC BIP A 100MAC CIP AVLANMACIF 100MAC AIP A 100MAC

26、BIP A 100MAC CIP ANew MACs learned in OTV VLANCraft OTV update with new MACsIP A GUpdate AUpdate AUpdate AIP A GUpdate AIP A GUpdate AUpdate AIP A GUpdate AUpdate AIP A GUpdate AEncapDecapDecap12345566VLANMACIF 100MAC AIP A 100MAC BIP A 100MAC CIP A77Add MACs learned through OTVAdd MACs learned thro

27、ugh OTVMAC TableMAC TableMAC TableMulticast-enabled Transport 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204925OTV控制平面控制平面MAC宣告(基于组播核心网)当Edge Device学习到一个新的MAC地址,OTV控制平面会连带着其关联VLAN ID和IP下一跳一起向外通告IP下一跳就是Edge Device与互联核心相连的接口IP(或者loopback接口地址)一条OTV update中可以包含多个MAC对应多个的VLA

28、N通过封装成组播报文在组播组中复制转发,每条update都会到达所有邻居 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204926OTV扩展了互联核心网络的组播支持能力互联核心支持OTV的组播组需求一个ASM/Bidir组播组用来进行邻居发现邻接维护和交换MAC地址信息一个SSM Group用来在互联核心网络传播站点内部组播数据报文核心网中的核心网中的组播播组 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicB

29、RKDCT-204927OTVOTV千言万千言万语道不尽,一个道不尽,一个单播向播向东流流建立OTV单播通信OTVOTVMAC 1ED1ED2MAC 2(MAC 1, e1/1)(MAC 1, IP A)( MAC 2, IP B )123cp4cp3dp4dpMAC 257cp8cp67dp8dp1 Server 1 sends a broadcast ARP for MAC 22 ARP broadcast is received by ED1, which learns MAC 1 on its internal interface3cp ED1 advertises MAC 1 in

30、an OTV Update sent via the multicast control group4cp ED2 receives the update and stores MAC1 in MAC table, next-hop is ED13dp ED1 encapsulates broadcast in the core IP multicast group so all the EDs in the overlay receive it4dp ED2 decapsulates the frame and forwards the ARP broadcast request into

31、the site5 Server 2 receives the ARP and replies with a unicast ARP reply to MAC 16 ED2 learns MAC 2 on its internal interface7cp ED2 advertises MAC 2 in IS-IS LSP sent via the multicast control group8cp ED1 receives the update and stores MAC2 in MAC table, next-hop is ED27dp ED2 knows that MAC 1 is

32、reachable via IP A so encapsulates the packet and sends it unicast to ED1s IP address (IP A)8dp Core delivers packet to ED1, ED1 decapsulates and forwards it into the site to MAC 1Control PlaneData PlaneIPAIPB 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204928OTV 控制平面控制平

33、面命令行查看dc1-agg-7k1#show otv adjacency Overlay Adjacency databaseOverlay-Interface Overlay100 :HostnameSystem-IDDestAddrUpTimeAdj-Statedc2-agg-7k1001b.54c2.efc220.11.23.215:08:53UPdc1-agg-7k2001b.54c2.e1c320.12.23.215:43:27UPdc2-agg-7k2001b.54c2.e14220.22.23.214:49:11UPdc1-agg-7k1#showotvrouteOTVUnica

34、stMACRoutingTableForOverlay100VLANMAC-AddressMetricUptimeOwnerNext-hop(s)-20010000.0c07.ac0113d15hsiteEthernet1/120010000.1641.d70e13d15hsiteEthernet1/220010000.49f3.88ff422d22hoverlaydc2-agg-7k120010000.49f3.8900422d22hoverlaydc2-agg-7k2查看OTV Edge Devices的邻接关系:OTV MAC表项:Remote Site MACLocal Site MA

35、C 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204929WestOTVOTV配置配置基于组播核心网的OTVOTV仅需很少的配置便可完成IP AIP BIP CEastSouthOTVOTVOTVOTVfeatureotvotvsite-vlan99interfaceOverlay1descriptionWEST-DCotvjoin-interfacee1/1otvcontrol-group239.1.1.1otvdata-group232.192.1.0/24otvextend-vlan1

36、00-150featureotvotvsite-vlan99interfaceOverlay1descriptionEAST-DCotvjoin-interfacee1/1.10otvcontrol-group239.1.1.1otvdata-group232.192.1.0/24otvextend-vlan100-150featureotvotvsite-vlan99interfaceOverlay1descriptionSOUTH-DCotvjoin-interfacePo16otvcontrol-group239.1.1.1otvdata-group232.192.1.0/24otvex

37、tend-vlan100-150 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204930OTV 控制平面控制平面邻居发现 (基于单播核心网)最终结果邻居发现通过邻接服务器(AS)自动完成交互信令需复制到所有邻居数据流在源段复制机制Edge Devices (EDs) 注册到一台“Adjacency Server” EDEDs 从AS收到全部的邻居信息OTV hellos 和 updates 通过IP封装单播到所有邻居WestOTVOTVOTV Control PlaneIP AEastOTV

38、OTVOTV Control PlaneIP BUnicast-only Transport2到3个站点间OTV互连的理想选择如果是数量较多的站点互连,基于组播的OTV是最佳选择 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204931OTV 控制平面控制平面邻居发现 (基于单播核心网)OTV通过“邻接服务器”支持单播核心网邻接服务器本身就是OTV的边缘设备发布每个边缘设备的IP地址到所有其他边缘设备 (OTV neighbor list oNL)IP ASite 1Site 2Site 3S

39、ite 4Site 5Unicast-OnlyTransportIP BIP CIP DIP EAdjacency Server ModeSite2, IP BSite3, IP CSite4, IP DSite5, IP EoNLoNLoNLoNLoNLSite 1, IP ASite 2, IP BSite 3, IP CSite 4, IP DSite 5, IP E 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204932Unicast-OnlyTransportEastSouthOT

40、VOTVOTV Control PlaneOTV Control PlaneOTV Control PlaneOTVOTVOTVOTVIP AIP BIP COTV 控制平面控制平面邻居发现 (基于单播核心网)WestEncap 3OTV Hello 1The West Site sends a “hello”oNLSouth , IP CEast , IP B 2Head-EndReplicationOTV Hello IP A IP COTV HelloIP A IP BOTV Hello 2011 Cisco and/or its affiliates. All rights reser

41、ved.Cisco PublicBRKDCT-204933OTV控制平面控制平面MAC地址学习(基于单播核心网)每当Edge Device学习到一个新的MAC地址,OTV控制平面会连带着其关联VLAN ID和IP下一跳一起向外通告IP下一跳就是Edge Device与互联核心相连的接口IP 一条OTV update中可以包含多个MAC对应多个的VLAN 每个update需要为Overlay的所有ED都创建一份CoreIP AIP BWestEast3 New MACs are learned on VLAN 100Vlan 100MAC A Vlan 100MAC BVlan 100MAC C

42、IP CSouth-EastVLANMACIF100MAC AIP A100MAC BIP A100MAC CIP A4OTV update is replicated at the head-endOTV UpdateOTVUpdate3OTVUpdate32VLANMACIF100MAC AIP A100MAC BIP A100MAC CIP A43 New MACs are learned on VLAN 1001oNL East, IP B Sout-East, IP C 2011 Cisco and/or its affiliates. All rights reserved.Cis

43、co PublicBRKDCT-204934WestOTVOTV配置配置基于单播核心网的OTV建立DC互联如此简单IP AIP BIP CEastSouthOTVOTVOTVOTVfeatureotvotvsite-vlan99interfaceOverlay1descriptionWEST-DCotvjoin-interfacee1/1otvadjacency-serverlocalotvextend-vlan100-150featureotvotvsite-vlan99interfaceOverlay1descriptionEAST-DCotvjoin-interfacee1/1.10ot

44、vadjacency-server10.1.1.1otvextend-vlan100-150featureotvotvsite-vlan99interfaceOverlay1descriptionSOUTH-DCotvjoin-interfacePo16otvadjacency-server10.1.1.1otvextend-vlan100-150 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204935主要内容主要内容多数据中心带来的挑战OTV 工作原理控制平面和数据平面故障故障隔离隔离多归

45、属移动性L2组播转发QoS路径优化分布层部署OTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204936L2L3OTVOTVOTVOTVSpanning Tree 和和OTVOTV不影响站点内部的STP拓扑设计,只负责站点间数据传输每个站点维护自己的STP domain,尽管都处在一个大二层域中,但各个站点的STP相互隔离各自独立。OTV启动后此特性自动运行,不需要额外配置每个Edge Device都只在internal interface收发BPDU报文The BPDUsstop her

46、eThe BPDUsstop here 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204937L2L3OTVOTVOTVOTV未未知知单播播和和 OTVDC间不再有未知单播风暴OTV不通过在overlay泛洪来学习MAC地址不需要通过overlay转发未知单播未知单播到达Edge Device后不会被转发到Overlay,此特性不需要额外的配置上述机制基于假设终端(如server)连接到网络时不处于静默或单向通信运行模式MAC TABLEVLANMACIF100MAC 1Eth1100MAC

47、 2IP B-MAC 1 MAC 3No MAC 3 in theMAC Table 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204938指定未知单播泛洪指定未知单播泛洪MSFT集群使用单向MAC地址强制泛洪给集群成员(NLBS)通过使用“listen-only”MAC地址来确保泛洪和防止地址学习OTV可以有选择性的泛洪流量到指定的MAC地址,来确保上述少量特殊应用的运行也可以泛洪到指定的站点 2011 Cisco and/or its affiliates. All rights res

48、erved.Cisco PublicBRKDCT-204939控制控制ARP流量流量 ARP 邻居发现(ND) 缓存OTV Edge Device通过侦听ARP Reply报文来建立与维护一个ARP缓存表项最初始的ARP请求会被广播到所有站点,后续的相关ARP请求站点内部的Edge Device会根据ARP缓存表项进行回复,不再被广播到其他站点OTV Edege Device由此可以代表远端主机为本地的ARP请求做应答通过上述机制可以有效减少跨站点间的ARP流量TransportNetworkOTVOTVOTVOTVARP CacheMAC 1IP AMAC 2IP BARP reply 2F

49、irst ARP request (IP A) 1Snoop & cache ARP reply 3Subsequent ARP requests (IP A) 4ARP reply on behalf of remote server (IP A) 5 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204940主要内容主要内容多数据中心带来的挑战OTV 工作原理控制平面和数据平面故障隔离多多归属属移动性L2组播转发QoS路径优化分布层部署OTV 2011 Cisco and/or its af

50、filiates. All rights reserved.Cisco PublicBRKDCT-204941OTV 自自动化多化多归属属支持不依支持不依赖与任何附加与任何附加协议和配置的全自和配置的全自动多多归属探属探测发现OTV Edge Devices 通过“otv site-vlan”发现同一站点内所有其它Edge Device在同一站点多个Edge Device选举出一台作为 Authoritative Edge Device (AED) 作为VLAN扩展Edge Device(AED的选举结果是基于vlan的)AED负责:该VLAN的MAC地址发布该VLAN流量在站点间的转发OTV

51、OTVOTVOTVInternal peering for AED electionAED 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204942OTV 和多和多归属属Edge Devices间的VLAN划分同一个站点内的多台Edge Device分别作为不同VLAN的AED多台Edge Device间VLAN的划分是基于内部算法实现(目前是不可配置的) 在一个双归属的站点内In a dual-homed site:Lower IS-IS System-ID (Ordinal 0) = EV

52、EN VLANsHigher IS-IS System-ID (Ordinal 1) = ODD VLANs计划在今后提供这种VLAN划分的可配置化OTV-ED#show otv siteSiteAdjacencyInformation(Site-VLAN:1999)(*-thisdevice)Overlay100Site-LocalAdjacencies(Count:2)HostnameSystem-IDOrdinal-dc2a-agg-7k2-otv001b.54c2.e1420*dc2a-agg-7k1-otv0022.5579.0f421OTVOTVOTVOTVInternal pee

53、ring for AED electionAEDODD VLANsAEDEVEN VLANs 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204943OTV 自自动多多归属属AED和广播处理广播/组播报文在站点内部会到达所有的ED广播/组播报文只会在AED的overlay被复制发送给所有的其他站点ED只有远端站点的AED会将从overlay收到的广播/组播报文转发到站点内部CoreOTVOTVOTVOTVOTVOTVAEDAEDBcast pktBroadcaststops hereBroad

54、caststops hereOTVOTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204944OTV 自自动多多归属属OTV Edge Devices使用vPC在内部端口使用vPC时,同一VLAN的流量可能会被转发到多个Edge Device。流量通过vPC的peer-link从非此VLAN的AED的设备转发到AED,然后又AED进行转发CoreOTVOTVOTVOTVAEDAEDMAC TABLEVLANMACIF100MAC 1IP AIP BIP AIP BOTVOTVOTVOTVv

55、PC 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204945主要内容主要内容多数据中心带来的挑战OTV 工作原理控制平面和数据平面故障隔离多归属移移动性性L2组播转发QoS路径优化分布层部署OTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204946OTV and MAC 迁移迁移OTVOTVAEDAEDOTVOTVOTVOTVOTVOTVMAC XMAC XMAC XVM MovesM

56、AC XOTVOTVMAC XMAC XAEDOTVOTVWestWestEastOTVOTVOTVOTVEast 1Server originates a Gratuitous ARP (GARP) frameAED advertises MAC X with a metric of zeroMAC XAED detects MAC X is now localMAC XMAC XMAC XESXMAC XESXESXESXMAC XMAC X 2.3 2.2 2.1 2011 Cisco and/or its affiliates. All rights reserved.Cisco Pu

57、blicBRKDCT-204947OTVOTVAEDOTVOTVWestAEDMAC XAEDOTVOTVOTVOTVEastMAC XAED in site East forwards the GARP broadcast frame across the overlayAEDMAC XMAC XMAC XESXAED in site West forwards the GARP into the site and the L2 switches update their CAM tablesESXMAC XMAC XOTV and MAC 迁移迁移MAC XAEDOTVOTVOTVOTVW

58、estAEDOTVOTVOTVOTVMAC XMAC XEastMAC XMAC XESXESXMAC XMAC XEDs in site West see MAC X advertisement with a better metric from site East and change them to remote MAC address. 2.4 3.1 3.2MAC X 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204948主要内容主要内容多数据中心带来的挑战OTV 工作原理控制平面

59、和数据平面故障隔离多归属移动性L2组播播转发QoS路径优化分布层部署OTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204949站点站点间二二层组播播转发 OTV优化了站点间组播传输.三个步骤:1.自动把站点内的组播映射到核心网内的一个指定的组播范围(SSM组播组)2.在OTV Edge Devices创建组播状态3.组播在站点间传输 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-20495

60、0S1OTVOTVOTVOTVIP AIP BWestEastMcast Stream 1Gs 站点本地的组播组,可以理解为应用组播组Gd 互联核心网络传输使用的组播组,可以理解为运营商提供的 OTV需要互联核心通过SSM来传输组播数据,Gd即为SSM Group OTV的Edge Device不需要和互联核心网络设备跑PIM等组播协议The site multicast groups are mapped to a SSM group range in the coreEach (Si,Gsi) maps to a different SSM group in round-robin fas

61、hionS1 Gs1IP CSouthOTVOTVThe Mapping is communicated to the other EDs 3Mapping to a Delivery Group 2Multicast-enabled Transport组播流量播流量 第一步 组播组映射Mcast Group MappingSite GroupCore GroupGs1Gd1S2S2 Gs2 4Mcast Group MappingSite GroupCore GroupGs1Gd1Gs2Gd2 2011 Cisco and/or its affiliates. All rights rese

62、rved.Cisco PublicBRKDCT-204951OTVOTVReceiver (for GS1) OTVOTVIP AIP BWestEastOIL-ListGroupIFGs1 Gd1Overlay Client IGMP snoop 2Client IGMP report to join Gs1 1IGMPv3 report to join (IP A, Gd1) , the SSM group in the Core. 3.2Receive GM-Update Update OIL 4SSM Tree for Gd From Right to Left1.East site的

63、“Gs”组播组接收者发送IGMP reports给Edge Device加入组播组2.ED监听此IGMP reports但不进行转发3.通过监听IGMP report,ED做两件事: 1. 通过Group-Membership Update (GM-Update)向其他ED通告此接收者 2. 发送IGMPv3 report给互联核心,加入对应SSM Gd组。4. 当接收到GM-Updaet时,源ED会增加overlay接口到组播转发表中It is important to clarify that the edge devices join the core multicast groups

64、as hosts, not as routers!GM-Update 3.1Multicast-enabled Transport组播流量播流量第二步 创建组播状态S1S1 Gs1S2S2 Gs2Receiver (for GS2) OIL-ListGroupIFGs1 Gd1Overlay Gs2 Gd2Overlay 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204952Receiver (for Gs2)Receiver (for Gs1)OTVOTVIP AIP BWestEastI

65、P CReceiver (for Gs1)SouthOTVOTVEncap 2IP A Gd1s1 Gs1TransportReplication 3IP A Gd1S1 Gs1IP A Gd1S1 Gs1 4 4IP A Gd1S1 Gs1S1 Gs1S1 Gs1Decap 5Decap 5Multicast-enabled Transport组播流量播流量第三步 组播流量转发S1S1 Gs1S2OTVOTVOIF-ListGroupIFGs1 Gd1Overlay Lookup 11.组播数据报文IP_DA 为Gs 到达ED,查找组播转发表项出接口为Overlay接口2.根据Gs-Gd的对

66、应关系封装组播报文外层IP_DA为Gd发到互联核心网络.3. 互联核心复制转发组播数据4. 其他site的ED收到此Gd组播报文5. ED解封装组播报文在Gs组内转发 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204953核心网中的核心网中的组播播组interfaceOverlay1otvjoin-interfacee1/1otvcontrol-group239.1.1.1otvdata-group232.192.1.0/24otvextend-vlan100-150OTV扩展了核心网络的组

67、播支持能力互联核心支持OTV的组播组需求1.一个ASM/Bidir组播组用来进行邻居发现邻接维护和交换MAC地址信息2.一个SSM Group range用来在互联核心网络传播站点内部组播数据报文 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-2049541.接收者发送IGMP 加入组播组 Gs12.ED监听此IGMP reports但不进行转发3.通过GM-Update 向所有异地站点OTV邻居发送4.远端OTV Edge Device储存该组播组映射OTVOTVReceiver (for G

68、s1) OTVOTVIP AIP BWestEastClient IGMP snoop 2Client IGMP report to join Gs1 1Unicast Only Transport基于基于单播核心网的播核心网的OTV组播播转发使用控制平面更新组播接收信息SouthOTVOTVData Group Mapping TableVLANGroupOTV ED100Gs1IP BReceive Update and add the info in the oNL table 4GM-Updates to all OTV devices 3Receive Update and add

69、the info in the oNL table 4 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204955Receiver (for Gs1)OTVOTVIP AIP BWestEastIP CSouthOTVOTVIP_AIP_Bs1 Gs1S1 Gs1Decap 3Decap 3Unicast OnlyTransportS1S1 Gs1OTVOTVData Group Mapping TableVLANGroupOTV ED100Gs1IP B, IP CLookup 1基于基于单播

70、核心播核心网的网的组播播转发L2组播流量转发IP_AIP_Cs1 Gs1NorthOTVOTVReceiver (for Gs1)S1 Gs1IP D 2Head-EndReplication 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204956主要内容主要内容多数据中心带来的挑战OTV 工作原理控制平面和数据平面故障隔离多归属移动性L2组播转发QoS路径优化分布层部署OTV 2011 Cisco and/or its affiliates. All rights reserved.Cis

71、co PublicBRKDCT-204957On encapsulation:CoS bits (802.1p) copied to the OTV shim headerIf IP traffic: The original (inner) DSCP value is also copied to “outer” DSCPOn de-capsulation:CoS value is recovered from the OTV shim and added to the 802.1Q headerOriginal CoS and DSCP are both preservedOTV Cont

72、rol Traffic is statically marked at CoS = 6/DSCP = 48IP (optional)802.1QOverlay802.1Q802.1QETHERTYPEETHERTYPE0x8100CoS802.1pCFIVLANIDDMACSMAC802.1QETHERTYPEETHERTYPE0x8100CoS802.1pCFIVLANIDDMACSMACOTV ShimIP (optional)OTVOriginal FrameIP (optional)OuterDSCPInnerDSCPInnerDSCPOTVOTVEncapDecapOTVOTVOTV

73、中的中的Qos流量标记 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204958主要内容主要内容多数据中心带来的挑战OTV 工作原理控制平面和数据平面故障隔离多归属移动性L2组播转发QoS路径路径优化化分布层部署OTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204959转发路径路径优化化Server-ServerEgress Routing Localization: Server-Cl

74、ientEgress Routing Localization: Server-Client数据中心二层扩展带来了新的路径优化挑战挑战集中在服务器网关和路由发布上HypervisorHypervisorIngress Routing Localization: Clients-Server 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204960出方向路径优化挑战出方向路径优化挑战出方向的流量转发(如Server-Client或Server-Server)要依赖于服务器网关所在位置大二层网络结

75、构中,会在多个site存在多个IP网关候选者,因此需要使用FHRP/HSRP技术目标:确保站点本地的服务器出方向流量走本地网关设备转发确保二层网络延伸时,每个站点内部都有自己的活动网关 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204961出方向路径优化出方向路径优化OTV解决方案解决方案在所有的site配置相同的HSRP组,提供相同的网关MAC地址每个site都伪装自己拥有唯一的网关,提供最优的本地出方向转发路径在站点之间过滤掉HSRP hello报文,可以限制站点间的网关相互影响ED会拦

76、截ARP请求,以确保本地服务器收到的是本地活动网关的应答 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204962二层扩展后的出方向第一跳路由二层扩展后的出方向第一跳路由HSRPActiveHSRPStandbyHSRPListenHSRPListenHSRP HellosVLAN20VLAN10 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204963二层扩展后的出方向第一跳路由二层扩展后的

77、出方向第一跳路由HSRPActiveHSRPStandbyHSRPListenHSRPListenARPreplyARP forHSRP VIPVLAN20VLAN10 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204964二层扩展后的出方向第一跳路由二层扩展后的出方向第一跳路由HSRPActiveHSRPStandbyHSRPListenHSRPListenVLAN20VLAN10Packet fromVlan 10 to Vlan 20DMAC = DGWRoutingPacket fr

78、omVlan 10 to Vlan 20DMAC = Host Vlan 20 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204965HSRPActiveHSRPStandbyARP forHSRP VIPARPreplyHSRP Filtering本地化第一跳路由本地化第一跳路由在所有的site配置相同的HSRP组,提供相同的网关MAC地址每个site都伪装自己拥有唯一的网关,提供最优的本地出方向转发路径在站点之间过滤掉HSRP hello报文,可以限制站点间的网关相互影响ED会拦截ARP

79、请求,以确保本地服务器收到的是本地活动网关的应答HSRPActiveHSRPStandbyHSRP HellosHSRP HellosVLAN20VLAN10 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204966Challenge同一子网分布在多个站点子网路由不可能非常明细路由表不能及时反映服务器位置的迁移流量可能被转发到错误的站点基于DNS的应用(如WEB)通过ACE/GSS完成DNS地址翻译基于路由的应用(如外联业务)主机路由嵌入LISP入方向路由入方向路由优化化WestEastIng

80、ress Traffic Localization: Client to Server TrafficDCI LAN ExtensionHypervisorHypervisor 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204967基于基于DNS的入方向路径的入方向路径优化化Option 1 ACE探测VM的迁移Layer 3WANISP AISP BAccessAggAccessVM= 10.1.1.100Default GW = 10.1.1.1Data Center AData Cen

81、ter BVLAN A144.254.1.100KAL-AP Changes AppIP144.254.200.100VIP = 144.254.200.100VIP = 144.254.1.100SNATSNATKAL-AP on VIPKAL-AP on VIPL2 Links (GE or 10GE)L3 Links (GE or 10GE) 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204968Layer 3 CoreIntranetAccessAggAggDC ADC BVLAN

82、APublic NetworkIS 10.1.1.100 OK?144.254.100.0/24Backup for Data Center A144.254.100.0/25 & 144.254.100.128/25App VM= 10.1.1.100Default GW = 10.1.1.1144.254.100.100/32 is advertised into L3 using RHI基于基于DNS的入方向路径的入方向路径优化化ACE探测后路由注入RHIThe VM moves.Probe to 10.1.1.100 is now OK 2011 Cisco and/or its af

83、filiates. All rights reserved.Cisco PublicBRKDCT-204969144.254.1.100Layer 3 WANVM= 10.1.1.100Default GW = 10.1.1.1VLAN APublic NetworkMAC movedChange the IP144.254.200.100AccessAggISP AData Center A144.254.1.100144.254.200.100AccessAggISP BData Center B基于基于DNS的入方向路径的入方向路径优化化Option 2 Vcenter在VM迁移时通知G

84、SS 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204970AccessAggVM= 10.10.10.1Default GW = 10.10.10.100ISP AISP BAccessAggData Center ALAN ExtensionPrefix(EID)Route Locator (RLOC)10.10.10.1A, B10.10.10.2A, B10.10.10.5C, D10.10.10.6C, DIngress Tunnel Router (ITR)Moved to C,

85、 DDecap 3IP_DA = 10.10.10.1 1ETR基于路由的入方向基于路由的入方向优化化LISPABCD IP_DA = BIP_DA = 10.10.10.1IP_DA = 10.10.10.1 4 5Decap 7 IP_DA = CIP_DA = 10.10.10.1 6Encap 2Data Center BETRVM= 10.10.10.1Default GW = 10.10.10.100IP_DA = 10.10.10.1VM IP Address 10.10.10.1 2011 Cisco and/or its affiliates. All rights rese

86、rved.Cisco PublicBRKDCT-204971入方向路径优化入方向路径优化Locator-ID Separation Protocol(LISP)以IP地址作为站点的标识路由聚焦于站点之间的互联,不是主机地址的可达性建立IP地址对应站点的Directory字典表项IP地址寻址时通过查字典的方式寻找对应site流量以IPinIP的封装方式在站点间传输字典是一个分布式可汇总的数据库 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204972入方向路径优化入方向路径优化Locator-I

87、D Separation Protocol(LISP)Host IP=End-point IDRouter IP=Router Locator1.ITR查字典得到目的地址EID对应的RLOC2.ITR进行IPinIP封装,将报文送到对应的RLOC3.ETR接收并解封装流量更精细化的主机路由管理,可以允许同一子网IP分布到不同的site当主机进行迁移时,只改变响应字典表项即可各站点只维护本地的EID路由,核心网络不需要维护EID路由 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204973主要内

88、容主要内容多数据中心带来的挑战OTV 工作原理控制平面和数据平面故障隔离多归属移动性L2组播转发QoS路径优化分布分布层部署部署OTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204974在分布在分布层部署部署OTV在任何位置均可部署OTV主要的选择:核心层部署OTV(比较少,当前数据中心核心到汇聚基本都是3层连接)分布层部署OTV (最为常见)For more details on Deployment Models see: BRKDCT-3060OTV Edge DeviceL2L3

89、Transport Infrastructure OTV OTVOTVOTV 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204975主要原主要原则: 当前基于Nexus的OTV部署要求SVI和OTV部署在不同的设备上。基于N7K使用单独的VDC作为OTV Edge Device是最为普遍的选择:使用一个单独的VDC完成OTV使用一个VDC作为分布层VDC提供SVI接入AggregationOTVOTVVDCVDCOTVOTVVDCVDCL2L3OTV 和和 SVI 分离分离 2011 Cis

90、co and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204976两种部署模型:OTV 同上行旁挂部署OTV独立上行部署Join InterfaceInternal InterfaceOTV Appliance on a Stick OTVOTVVDCVDCCommon Uplinksfor Layer3 and DCIL2L3SVIsInline OTV ApplianceUplinks to the Layer3 TransportDedicatedUplink for DCIOTVOTVVDCVDCL2L3SVI

91、s两种部署方式对于OTV的功能实现没有区别独立上行部署方式需要有单独的OTV上行线路至核心网OTV 和和 SVI 分离分离VDC 模型 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204977AggregationCoreAccess分布分布层部署部署OTV DC核心为纯三层 STP 和未知单播域按POD隔离OTV实现DC间和DC内的二层扩展OTV部署在三层边界VPCOTV OTV VDCVDCOTV OTV VDCVDCVPCOTV OTV VDCVDCOTV OTV VDCVDCSVIsS

92、VIsSVIsSVIsRecommended for Greenfield Join InterfaceInternal InterfaceVirtual OverlayInterface 2010 Cisco and/or its affiliates. All rights reserved.Cisco PublicPresentation_ID78结论 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204979OTV: LAN extension made easyOTV解决的现实问题可以在任意链路类型上传输(IP, MPLS)站点失效不影响其它站点各站点独立的STP域优化的带宽利用(没有头端复制)自动化多归属端到端的环路防止优良的扩展性站点, VLAN, MAC地址操作简单 South Data CenterNorthDataCenterFault DomainFault DomainFault DomainFault DomainOTVOnly 5 CLIcommands 2011 Cisco and/or its affiliates. All rights reserved.Cisco PublicBRKDCT-204980

展开阅读全文
相关资源
正为您匹配相似的精品文档
相关搜索

最新文档


当前位置:首页 > 资格认证/考试 > 自考

电脑版 |金锄头文库版权所有
经营许可证:蜀ICP备13022795号 | 川公网安备 51140202000112号