网络微分段架构设计指南
Leaf2 3
EPG分组 EPG1
EP3
EPG成员 192.168.1.1/32+VRF1
4
外部网络 192.168.2.1/32
DIP:192.168.2.1 SIP:192.168.1.1
Payload
DIP:Leaf2-NVE SIP:Leaf1-NVE
VxLAN VNI SEPG
Payload
Virus Server4
VLAN VNI10
VLAN VNI20
VLAN VNI30
EP
EP
EP
Segment1
EP
EP
EP
Segment2
EP
EP
EP
Sement3
传统分段
VLAN VNI10
VLAN VNI20
VLAN VNI30
EP
EP
EP
EP
EP
EP
EP
EP
EP
Segment1
Segment2
Leaf1
DIP:10:1:2::2/64 SIP:10:1:1::2/64
Payload
1
EP1 10:1:1::2/64
Spine
VxLAN Network
2
EPG分组 EPG成员
EPG2
10:1:2::2/64+VRF2
EPG策略
EPG1->EPG2 Permit Leaf2 3
网络微分段架构设计指南
技术创新,变革未来
VLAN 10
Web Server
DB Server
Web Server
DB Server
Security ZoneA
Department1
Department2
Department1
Department2
Server1
VLAN 10
Server2
Server3
EPG分组 EPG成员
EPG1
192.168.1.1/32
EPG2
192.168.2.1/32
EPG策略
EPG1->EPG2 Permit
Spine Leaf1
Leaf2
Server1 192.168.1.1/32
Server2 192.168.2.1/32
Server3
Spine
EPG分组 EPG1
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|
VxLAN Network Identifier
| Reserved |
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
EP2-HTTP 192.168.1.2/24
EP3-HTTP 172.16.10.1/24
EP4-HTTP 172.16.11.1/24
EPG1
EP1 VLAN10
EP2 VLAN10
EP3 VLAN10
EP4 VLAN10
EPG2
EP1 VLAN20
EP2 VLAN20
EP3 VLAN20
EP4 VLAN20
Destination EPG
1
2
3
012345678901234567890123456789012
+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
|G|0|0|0|1|0|0|0|0|0|0|0|0|0|0|0| Reserved(Group Policy ID) |
3
EPG成员 160.160.1.1/32+VRF1
EPG分组 EPG成员
EPG2
161.161.1.1/32+VRF1
EPG策略
EPG1->EPG2 Permit
Leaf2
4 DIP:161.161.1.1
SIP:160.160.1.1
Payload
EP3
EP2
161.161.1.1/32
Spine
EPG1
DB Server
DB Server
DB Server
DB Server
EPG2
Web Server
Web Server
Web Server
Web Server
外网
BorderLeaf ServerLeaf
VxLAN Network SPINE
ServerLeaf
DC-2 Fabric-GW
VxLAN VNI SEPG
Payload
Leaf1
DIP:192.168.2.1 SIP:192.168.1.1
Pห้องสมุดไป่ตู้yload
1
EP1 192.168.1.1/32
Spine
VxLAN Network
2
EPG分组 EPG成员
EPG2
192.168.2.1/32+VRF2
EPG策略
EPG1->EPG2 Permit
Leaf2
3
EPG策略
EPG1->EPG2 Permit
EPG分组 EPG成员
EPG1
160.160::1/64+VRF1
DIP:161.161::1/64 4
SIP:160.160::1/64
Payload
EP3
EP2
161.161::1/64
DIP:Leaf2-NVE SIP:Leaf1-NVE
DIP:Leaf2-NVE SIP:Leaf1-NVE
VxLAN VNI SEPG
Payload
Leaf1
DIP:161.161::1/64 SIP:160.160::1/64
Payload
1
EP1 160.160::1/64
EPG分组 EPG成员
VxLAN Network
2
EPG2
161.161::1/64+VRF1
EPG成员 192.168.1.1/32
Leaf1
VxLAN Tunnel
Leaf2
EPG分组 EPG成员
EPG2
192.168.2.1/32
EPG策略
EPG1->EPG2 Permit
Server1 192.168.1.1/32
Server2 192.168.2.1/32
Server3
EPG
EP1-HTTP 192.168.1.1/24
ServerLeaf
DIP:Leaf2-NVE SIP:Leaf1-NVE
VxLAN VNI SEPG
Payload
Leaf1
DIP:161.161.1.1 SIP:160.160.1.1
Payload
1
EP1 160.160.1.1/32
Spine
VxLAN Network
2
EPG分组 EPG1
Sement3
微分段
子网
宿主机名称
虚拟机名称
离散IP
MAC地址
其他属性
Source EPG
Policy rule set White List
Policy rules
Classifier
Action
TCP&Port、UDP&Port、IP Permit
子网
宿主机名称
虚拟机名称
离散IP
MAC地址
其他属性
