[Partage d'initiés] Transmission transparente de protocole couche 2 QinQ

publié il y a  2019-2-7 12:28:58Dernière réponse jul. 14, 2019 08:16:36 106 1 0 0
  F-coins comme récompense: 0 (Non résolu)
This post was last edited by AmiraSaid at 2019-02-07 12:32.

 

Bonjour,

L'échange de Cisco Core avec Huawei gear n'est pas une tâche facile. Habituellement, un échange commence avec le coeur et vous allez plus tard pour la branche. Vous avez encore besoin d'assurer la communication pour des protocoles privés ou une instance privée de STP pendant que vous venez avec de nouveaux éléments de réseau dans le réseau central. Ce sera un défi de garder les domaines STP LANs connectés et nécessaires de passer des paquets PVST + privés sur le nouveau réseau central.

Je voudrais partager un moyen facile de passer des paquets privés sur  le réseau central multifournisseurs : La transmission transparente de protocole couche 2 basée sur QinQ.

La transmission transparente de protocole de couche 2 peut transmettre de manière transparente des paquets de protocole de couche 2 provenant du réseau utilisateur pour le réseau ISP. Ceci traite de la problème d’identité du réseau. La procédure est la suivante :

-Après réception des paquets de protocole de couche 2 envoyés à partir de CE1, PE1 remplace l'adresse MAC de destination avec une adresse MAC de multidiffusion spécifiée. Puis PE1 transmet les paquets sur le réseau ISP.

-Les paquets de protocole de couche 2 sont envoyés à PE2. PE2 rétablit l'adresse MAC de destination originale des paquets, et envoie les paquets à CE2.

Pour rendre la communication LAN privée, nous utiliserons la technologie 802.1Q-in-802.1Q (QinQ). Dans ce cas, des trames provenant des étiquettes privées de VLAN peuvent être transmises de manière transparente sur le réseau public. Une trame transmise sur le réseau central a deux étiquettes 802.1Q (une pour le réseau public et l'autre pour le réseau privé), c'est-à-dire 802.1Q-in-802.1Q (QinQ)

 

Topologie:

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3b79edabc.PNG

 

 

Configuration :

 

PE1 (S7706)

 

#                                                                              

vlan batch 10 100                                                           

#                                                                              

stp disable                                                                     

#                                                                              

l2protocol-tunnel pvst+ group-mac 0100-0ccd-cdd0                               

#                                                                                                                          

interface GigabitEthernet2/0/0                                                 

 port link-type dot1q-tunnel                                                   

 port default vlan 100                                                                                                                            

 l2protocol-tunnel pvst+ vlan 100                                              

 l2protocol-tunnel stp vlan 100                                                

#                                                                              

interface GigabitEthernet2/0/1                                                 

 port hybrid tagged vlan 100                                                   

#

 

PE2 (ME3400)

 

!                                                                              

vlan 10 100     

!                                                                                                                            

interface FastEthernet0/15                                                     

 port-type nni                                                                  

 switchport trunk allowed vlan 100                                             

 switchport mode trunk                                                         

 duplex full                                                                   

!                                                                               

interface FastEthernet0/16                                                     

 port-type nni                                                                 

 switchport access vlan 100                                                    

 switchport mode dot1q-tunnel                                                  

 duplex full                                                                   

 l2protocol-tunnel stp                                                          

!

 

 

#                                                                              

vlan batch 100                                              

#                                                                             

stp disable                                                                    

#                                                                             

interface GigabitEthernet1/0/2                                                  

 port hybrid tagged vlan 100                                                   

#                                                                                                                                                

interface GigabitEthernet1/0/4                                                 

 port hybrid tagged vlan 100                                                   

#

 

 

CE1(ME3600X)

 

!                                                                              

spanning-tree mode pvst                                                        

spanning-tree loopguard default                                                

spanning-tree extend system-id                                                                                                                                                                     

!                                                                              

vlan 10                                                                                     

!                                                                                                                                                                                                           

interface GigabitEthernet0/21                                                   

 port-type nni                                                                 

 switchport trunk allowed vlan 10                                              

 switchport mode trunk                                                          

 duplex full                                                                   

!

 

 

CE2   SWITCH(C2960G)

 

!                                                                              

spanning-tree mode pvst                                                         

spanning-tree extend system-id                                                                                              

!                                                                                                              

vlan 10                                                              

!                                                                                                                                                                                                                                                                                      

interface GigabitEthernet0/6                                                   

 switchport trunk allowed vlan 10                                               

 switchport mode trunk                                                         

!

 

Résultats :

 

1. CE2 est le pont racine (root bridge) lorsque CE1 et CE2 sont configurés avec la même priorité ;

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3f1512ff4.PNG

 

 

2.Le port désigné de CE2 envoie un paquet BPDU et le port racine de CE1 a reçu les paquets BPDU comme normaux ;

            https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d284f124.PNG

           https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d4fa9779.PNG

 

 

3. Changeons la priorité de CE1 à 0, et voir si elle deviendra le pont racine, prouvant que les BPDU passent de manière transparente sur le réseau.

 

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d9a87aa6.PNG

 

4. Le port désigné de CE1 envoie des paquets BPDU et le port racine de CE2 recevant des paquets BPDU comme normaux ;

 

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3e316a795.PNG

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3e6fc682f.PNG

 

 

  • x
  • Standard:

Réponses en vedette
Gladiator
Admin publié il y a 2019-7-14 08:16:36 Utile(0) Utile(0)

Configuration :

 

PE1 (S7706)

 

#                                                                              

vlan batch 10 100                                                           

#                                                                              

stp disable                                                                     

#                                                                              

l2protocol-tunnel pvst+ group-mac 0100-0ccd-cdd0                               

#                                                                                                                          

interface GigabitEthernet2/0/0                                                 

 port link-type dot1q-tunnel                                                   

 port default vlan 100                                                                                                                            

 l2protocol-tunnel pvst+ vlan 100                                              

 l2protocol-tunnel stp vlan 100                                                

#                                                                              

interface GigabitEthernet2/0/1                                                 

 port hybrid tagged vlan 100                                                   

#

 

PE2 (ME3400) 

 

!                                                                              

vlan 10 100     

!                                                                                                                            

interface FastEthernet0/15                                                     

 port-type nni                                                                  

 switchport trunk allowed vlan 100                                             

 switchport mode trunk                                                         

 duplex full                                                                   

!                                                                               

interface FastEthernet0/16                                                     

 port-type nni                                                                 

 switchport access vlan 100                                                    

 switchport mode dot1q-tunnel                                                  

 duplex full                                                                   

 l2protocol-tunnel stp                                                          

!

 

 

#                                                                              

vlan batch 100                                              

#                                                                             

stp disable                                                                    

#                                                                             

interface GigabitEthernet1/0/2                                                  

 port hybrid tagged vlan 100                                                   

#                                                                                                                                                

interface GigabitEthernet1/0/4                                                 

 port hybrid tagged vlan 100                                                   

#

 

 

CE1(ME3600X)

 

!                                                                              

spanning-tree mode pvst                                                        

spanning-tree loopguard default                                                

spanning-tree extend system-id                                                                                                                                                                     

!                                                                              

vlan 10                                                                                     

!                                                                                                                                                                                                           

interface GigabitEthernet0/21                                                   

 port-type nni                                                                 

 switchport trunk allowed vlan 10                                              

 switchport mode trunk                                                          

 duplex full                                                                   

!

 

 

CE2   SWITCH(C2960G)

 

!                                                                              

spanning-tree mode pvst                                                         

spanning-tree extend system-id                                                                                              

!                                                                                                              

vlan 10                                                              

!                                                                                                                                                                                                                                                                                      

interface GigabitEthernet0/6                                                   

 switchport trunk allowed vlan 10                                               

 switchport mode trunk                                                         

!

 

Résultats :

 

1. CE2 est le pont racine (root bridge) lorsque CE1 et CE2 sont configurés avec la même priorité ;

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3f1512ff4.PNG

 

 

2.Le port désigné de CE2 envoie un paquet BPDU et le port racine de CE1 a reçu les paquets BPDU comme normaux ;

            https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d284f124.PNG

           https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d4fa9779.PNG

 

 

3. Changeons la priorité de CE1 à 0, et voir si elle deviendra le pont racine, prouvant que les BPDU passent de manière transparente sur le réseau.

 

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d9a87aa6.PNG

 

4. Le port désigné de CE1 envoie des paquets BPDU et le port racine de CE2 recevant des paquets BPDU comme normaux ;

 

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3e316a795.PNG

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3e6fc682f.PNG

  • x
  • Standard:

Toutes les réponses
Gladiator
Gladiator Admin publié il y a 2019-7-14 08:16:36 Utile(0) Utile(0)

Configuration :

 

PE1 (S7706)

 

#                                                                              

vlan batch 10 100                                                           

#                                                                              

stp disable                                                                     

#                                                                              

l2protocol-tunnel pvst+ group-mac 0100-0ccd-cdd0                               

#                                                                                                                          

interface GigabitEthernet2/0/0                                                 

 port link-type dot1q-tunnel                                                   

 port default vlan 100                                                                                                                            

 l2protocol-tunnel pvst+ vlan 100                                              

 l2protocol-tunnel stp vlan 100                                                

#                                                                              

interface GigabitEthernet2/0/1                                                 

 port hybrid tagged vlan 100                                                   

#

 

PE2 (ME3400) 

 

!                                                                              

vlan 10 100     

!                                                                                                                            

interface FastEthernet0/15                                                     

 port-type nni                                                                  

 switchport trunk allowed vlan 100                                             

 switchport mode trunk                                                         

 duplex full                                                                   

!                                                                               

interface FastEthernet0/16                                                     

 port-type nni                                                                 

 switchport access vlan 100                                                    

 switchport mode dot1q-tunnel                                                  

 duplex full                                                                   

 l2protocol-tunnel stp                                                          

!

 

 

#                                                                              

vlan batch 100                                              

#                                                                             

stp disable                                                                    

#                                                                             

interface GigabitEthernet1/0/2                                                  

 port hybrid tagged vlan 100                                                   

#                                                                                                                                                

interface GigabitEthernet1/0/4                                                 

 port hybrid tagged vlan 100                                                   

#

 

 

CE1(ME3600X)

 

!                                                                              

spanning-tree mode pvst                                                        

spanning-tree loopguard default                                                

spanning-tree extend system-id                                                                                                                                                                     

!                                                                              

vlan 10                                                                                     

!                                                                                                                                                                                                           

interface GigabitEthernet0/21                                                   

 port-type nni                                                                 

 switchport trunk allowed vlan 10                                              

 switchport mode trunk                                                          

 duplex full                                                                   

!

 

 

CE2   SWITCH(C2960G)

 

!                                                                              

spanning-tree mode pvst                                                         

spanning-tree extend system-id                                                                                              

!                                                                                                              

vlan 10                                                              

!                                                                                                                                                                                                                                                                                      

interface GigabitEthernet0/6                                                   

 switchport trunk allowed vlan 10                                               

 switchport mode trunk                                                         

!

 

Résultats :

 

1. CE2 est le pont racine (root bridge) lorsque CE1 et CE2 sont configurés avec la même priorité ;

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3f1512ff4.PNG

 

 

2.Le port désigné de CE2 envoie un paquet BPDU et le port racine de CE1 a reçu les paquets BPDU comme normaux ;

            https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d284f124.PNG

           https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d4fa9779.PNG

 

 

3. Changeons la priorité de CE1 à 0, et voir si elle deviendra le pont racine, prouvant que les BPDU passent de manière transparente sur le réseau.

 

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3d9a87aa6.PNG

 

4. Le port désigné de CE1 envoie des paquets BPDU et le port racine de CE2 recevant des paquets BPDU comme normaux ;

 

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3e316a795.PNG

https://forum.huawei.com/enterprise/en/data/attachment/forum/dm/ecommunity/uploads/2014/0428/01/535d3e6fc682f.PNG

  • x
  • Standard:

Responder

envoyer
Connectez-vous pour répondre. Se connecter | Enregistrer

Remarque Remarque : Afin de protéger vos droits et intérêts légitimes, ceux de la communauté et des tiers, ne divulguez aucun contenu qui pourrait présenter des risques juridiques pour toutes les parties. Le contenu interdit comprend, sans toutefois s'y limiter, le contenu politiquement sensible, le contenu lié à la pornographie, aux jeux d'argent, à l'abus et au trafic de drogues, le contenu qui peut divulguer ou enfreindre la propriété intellectuelle d'autrui, y compris les secrets professionnels, les marques commerciales, les droits d'auteur et les brevets, ainsi que la vie privée personnelle. Ne partagez pas votre nom d'utilisateur ou votre mot de passe avec d'autres personnes. Toutes les opérations effectuées à partir de votre compte seront considérées comme vos propres actions, et toutes les conséquences en découlant vous seront imputées. Pour plus de détails, voir « Politique de confidentialité ».
Si le bouton de la pièce-jointe n'est pas disponible, mettez à jour Adobe Flash Player à la dernière version.
Connectez-vous pour participer à la communication et au partage

Connectez-vous pour participer à la communication et au partage

S'identifier