配置MSTP+VRRP组合组网
组网需求
如图1所示,主机通过DeviceC接入网络,DeviceC通过双上行连接DeviceA和DeviceB来接入Internet。由于接入备份的需要,用户部署了冗余链路。冗余备份链路的存在导致出现环网,可能会引起广播风暴和MAC地址表项被破坏。用户希望在存在冗余备份链路的同时消除网络中的环路,在一条上行链路断开的时候,流量能切换到另外一条上行链路转发,还能合理利用网络带宽。
此时可以在网络中部署MSTP解决环路问题。MSTP可阻塞二层网络中的冗余链路,将网络修剪成树状,达到消除环路的目的。同时在DeviceA和DeviceB上配置VRRP,HostA以DeviceA为默认网关接入Internet,DeviceB作为备份网关;HostB以DeviceB为默认网关接入Internet,DeviceA作为备份网关,以实现可靠性及流量的负载分担。
本例中interface1、interface2、interface3和interface4分别代表100GE1/0/1、100GE1/0/2、100GE1/0/3和100GE1/0/4。
|
设备 |
接口 |
对应的VLANIF |
IP地址 |
|---|---|---|---|
|
DeviceA |
interface1和interface2 |
VLANIF2 |
10.1.2.102/24 |
|
interface1和interface2 |
VLANIF3 |
10.1.3.102/24 |
|
|
interface3 |
VLANIF4 |
10.1.4.102/24 |
|
|
DeviceB |
interface1和interface2 |
VLANIF2 |
10.1.2.103/24 |
|
interface1和interface2 |
VLANIF3 |
10.1.3.103/24 |
|
|
interface3 |
VLANIF5 |
10.1.5.103/24 |
操作步骤
- 配置处于环网中的设备的二层转发功能
-
在设备DeviceA、DeviceB、DeviceC上创建VLAN2~3
# 在DeviceA上创建VLAN2~3。
[~DeviceA] vlan batch 2 to 3 [*DeviceA] commit
# 在DeviceB上创建VLAN2~3。
[~DeviceB] vlan batch 2 to 3 [*DeviceB] commit
# 在DeviceC上创建VLAN2~3。
[~DeviceC] vlan batch 2 to 3 [*DeviceC] commit
-
# 将DeviceA端口100GE1/0/1加入VLAN。
[~DeviceA] interface 100ge1/0/1 [~DeviceA-100GE1/0/1] portswitch [~DeviceA-100GE1/0/1] port link-type trunk [*DeviceA-100GE1/0/1] port trunk allow-pass vlan 2 to 3 [*DeviceA-100GE1/0/1] quit [*DeviceA] commit
# 将DeviceA端口100GE1/0/2加入VLAN。
[~DeviceA] interface 100ge1/0/2 [~DeviceA-100GE1/0/2] portswitch [*DeviceA-100GE1/0/2] port link-type trunk [*DeviceA-100GE1/0/2] port trunk allow-pass vlan 2 to 3 [*DeviceA-100GE1/0/2] quit [*DeviceA] commit
# 将DeviceB端口100GE1/0/1加入VLAN。
[~DeviceB] interface 100ge1/0/1 [~DeviceB-100GE1/0/1] portswitch [~DeviceB-100GE1/0/1] port link-type trunk [*DeviceB-100GE1/0/1] port trunk allow-pass vlan 2 to 3 [*DeviceB-100GE1/0/1] quit [*DeviceB] commit
# 将DeviceB端口100GE1/0/2加入VLAN。
[~DeviceB] interface 100ge1/0/2 [~DeviceB-100GE1/0/2] portswitch [*DeviceB-100GE1/0/2] port link-type trunk [*DeviceB-100GE1/0/2] port trunk allow-pass vlan 2 to 3 [*DeviceB-100GE1/0/2] quit [*DeviceB] commit
# 将DeviceC端口100GE1/0/1加入VLAN。
[~DeviceC] interface 100ge1/0/1 [~DeviceC-100GE1/0/1] portswitch [~DeviceC-100GE1/0/1] port link-type trunk [*DeviceC-100GE1/0/1] port trunk allow-pass vlan 2 to 3 [*DeviceC-100GE1/0/1] quit [*DeviceC] commit
# 将DeviceC端口100GE1/0/2加入VLAN。
[~DeviceC] interface 100ge1/0/2 [~DeviceC-100GE1/0/2] portswitch [~DeviceC-100GE1/0/2] port link-type access [*DeviceC-100GE1/0/2] port defualt vlan 2 [*DeviceC-100GE1/0/2] quit [*DeviceC] commit
# 将DeviceC端口100GE1/0/3加入VLAN。
[~DeviceC] interface 100ge1/0/3 [~DeviceC-100GE1/0/3] portswitch [~DeviceC-100GE1/0/3] port link-type access [*DeviceC-100GE1/0/3] port defualt vlan 3 [*DeviceC-100GE1/0/3] quit [*DeviceC] commit
# 将DeviceC端口100GE1/0/4加入VLAN。
[~DeviceC] interface 100ge1/0/4 [~DeviceC-100GE1/0/4] portswitch [~DeviceC-100GE1/0/4] port link-type trunk [*DeviceC-100GE1/0/4] port trunk allow-pass vlan 2 to 3 [*DeviceC-100GE1/0/4] quit [*DeviceC] commit
-
- 配置MSTP基本功能
-
配置DeviceA、DeviceB、DeviceC到域名为RG1的域内,创建实例MSTI1和实例MSTI2
# 配置DeviceA的MST域。
<HUAWEI> system-view [~HUAWEI] sysname DeviceA [*HUAWEI] commit [~DeviceA] stp region-configuration [*DeviceA-mst-region] region-name RG1 [*DeviceA-mst-region] instance 1 vlan 2 [*DeviceA-mst-region] instance 2 vlan 3 [*DeviceA-mst-region] quit [*DeviceA] commit
# 配置DeviceB的MST域。
<HUAWEI> system-view [~HUAWEI] sysname DeviceB [*HUAWEI] commit [~DeviceB] stp region-configuration [*DeviceB-mst-region] region-name RG1 [*DeviceB-mst-region] instance 1 vlan 2 [*DeviceB-mst-region] instance 2 vlan 3 [*DeviceB-mst-region] quit [*DeviceB] commit
# 配置DeviceC的MST域。
<HUAWEI> system-view [~HUAWEI] sysname DeviceC [*HUAWEI] commit [~DeviceC] stp region-configuration [*DeviceC-mst-region] region-name RG1 [*DeviceC-mst-region] instance 1 vlan 2 [*DeviceC-mst-region] instance 2 vlan 3 [*DeviceC-mst-region] quit [*DeviceC] commit
-
-
# 配置DeviceA为MSTI1的根桥。
[~DeviceA] stp instance 1 root primary [*DeviceA] commit
# 配置DeviceB为MSTI1的备份根桥。
[~DeviceB] stp instance 1 root secondary [*DeviceB] commit
-
# 配置DeviceB为MSTI2的根桥。
[~DeviceB] stp instance 2 root primary [*DeviceB] commit
# 配置DeviceA为MSTI2的备份根桥。
[~DeviceA] stp instance 2 root secondary [*DeviceA] commit
-
-
配置实例MSTI1和MSTI2中将要被阻塞端口的路径开销值大于缺省值
# 配置DeviceA的端口路径开销计算方法为华为计算方法。
[~DeviceA] stp pathcost-standard legacy [*DeviceA] commit
# 配置DeviceB的端口路径开销计算方法为华为计算方法。
[~DeviceB] stp pathcost-standard legacy [*DeviceB] commit
# 配置DeviceC的端口路径开销计算方法为华为计算方法,将端口100GE1/0/1在实例MSTI2中的路径开销值配置为20000,将端口100GE1/0/4在实例MSTI1中的路径开销值配置为20000。
[~DeviceC] stp pathcost-standard legacy [*DeviceC] commit [~DeviceC] interface 100ge1/0/1 [*DeviceC-100GE1/0/1] stp instance 2 cost 20000 [*DeviceC-100GE1/0/1] quit [*DeviceC] interface 100ge1/0/4 [*DeviceC-100GE1/0/4] stp instance 1 cost 20000 [*DeviceC-100GE1/0/4] quit [*DeviceC] commit
-
-
# 在DeviceA上启动MSTP。
[~DeviceA] stp enable [*DeviceA] commit
# 在DeviceB上启动MSTP。
[~DeviceB] stp enable [*DeviceB] commit
# 在DeviceC上启动MSTP。
[~DeviceC] stp enable [*DeviceC] commit
-
# 配置DeviceC端口的100GE1/0/2和100GE1/0/3为边缘端口。
[~DeviceC] interface 100ge1/0/2 [*DeviceC-100GE1/0/2] stp edged-port enable [*DeviceC-100GE1/0/2] quit [*DeviceC] interface 100ge1/0/3 [*DeviceC-100GE1/0/3] stp edged-port enable [*DeviceC-100GE1/0/3] quit [*DeviceC] commit
(可选)配置DeviceC的BPDU保护功能。
[~DeviceC] stp bpdu-protection [*DeviceC] commit
-
# 配置DeviceA端口100GE1/0/3为边缘端口。
[~DeviceA] interface 100ge1/0/3 [~DeviceA-100GE1/0/3] stp edged-port enable [*DeviceA-100GE1/0/3] quit [*DeviceA] commit
(可选)配置DeviceA的BPDU保护功能。
[~DeviceA] stp bpdu-protection [*DeviceA] commit
# 配置DeviceB端口100GE1/0/3为边缘端口。
[~DeviceB] interface 100ge1/0/3 [~DeviceB-100GE1/0/3] stp edged-port enable [*DeviceB-100GE1/0/3] quit [*DeviceB] commit
(可选)配置DeviceB的BPDU保护功能。
[~DeviceB] stp bpdu-protection [*DeviceB] commit
如果与边缘端口相连的是使能了STP功能的网络设备,配置BPDU保护功能后,如果边缘端口收到BPDU报文,边缘端口将会被shutdown,边缘端口属性不变。
-
-
- 配置保护功能,如在各实例的根桥设备的指定端口配置根保护功能
# 在DeviceA端口100GE1/0/1上启动根保护。
[~DeviceA] interface 100ge1/0/1 [*DeviceA-100GE1/0/1] stp root-protection [*DeviceA-100GE1/0/1] quit [*DeviceA] commit
# 在DeviceB端口100GE1/0/1上启动根保护。
[~DeviceB] interface 100ge1/0/1 [*DeviceB-100GE1/0/1] stp root-protection [*DeviceB-100GE1/0/1] quit [*DeviceB] commit
- 验证配置结果
经过以上配置,在网络计算稳定后,执行以下操作,验证配置结果。
本配置举例以实例1和实例2为例,因此不用关注实例0中端口的状态。
# 在DeviceA上执行display stp brief命令,查看端口状态和端口的保护类型,结果如下:
[~DeviceA] display stp brief MSTID Port Role STP State Protection 0 100GE1/0/1 DESI FORWARDING ROOT 0 100GE1/0/2 DESI FORWARDING NONE 1 100GE1/0/1 DESI FORWARDING ROOT 1 100GE1/0/2 DESI FORWARDING NONE 2 100GE1/0/1 DESI FORWARDING ROOT 2 100GE1/0/2 ROOT FORWARDING NONE
在MSTI1中,由于DeviceA是根桥,DeviceA的端口100GE1/0/1和100GE1/0/2成为指定端口。在MSTI2中,DeviceA的端口100GE1/0/1成为指定端口,端口100GE1/0/2成为根端口。
# 在DeviceB上执行display stp brief命令,结果如下:
[~DeviceB] display stp brief MSTID Port Role STP State Protection 0 100GE1/0/1 DESI FORWARDING ROOT 0 100GE1/0/2 ROOT FORWARDING NONE 1 100GE1/0/1 DESI FORWARDING ROOT 1 100GE1/0/2 ROOT FORWARDING NONE 2 100GE1/0/1 DESI FORWARDING ROOT 2 100GE1/0/2 DESI FORWARDING NONE
在MSTI2中,由于DeviceB是根桥,端口100GE1/0/1和100GE1/0/2在MSTI2中成为指定端口。在MSTI1中,DeviceB的端口100GE1/0/1成为指定端口,端口100GE1/0/2成为根端口。
# 在DeviceC上执行display stp interface brief命令,结果如下:
[~DeviceC] display stp interface 100ge1/0/1 brief MSTID Port Role STP State Protection 0 100GE1/0/1 ROOT FORWARDING NONE 1 100GE1/0/1 ROOT FORWARDING NONE 2 100GE1/0/1 ALTE DISCARDING NONE
[~DeviceC] display stp interface 100ge1/0/4 brief MSTID Port Role STP State Protection 0 100GE1/0/4 ALTE DISCARDING NONE 1 100GE1/0/4 ALTE DISCARDING NONE 2 100GE1/0/4 ROOT FORWARDING NONE
DeviceC的端口100GE1/0/1在MSTI1中为根端口,在MSTI2中被阻塞。DeviceC的另一个端口100GE1/0/4,在MSTI1中被阻塞,在MSTI2中为根端口。
- 配置设备间的网络互连
# 配置设备各端口的IP地址,以DeviceA为例。DeviceB的配置与DeviceA类似,详见配置文件。
[~DeviceA] vlan batch 4 [*DeviceA] interface 100ge1/0/3 [*DeviceA-100GE1/0/3] port link-type trunk [*DeviceA-100GE1/0/3] port trunk allow-pass vlan 4 [*DeviceA-100GE1/0/3] quit [*DeviceA] interface vlanif 2 [*DeviceA-Vlanif2] ip address 10.1.2.102 24 [*DeviceA-Vlanif2] quit [*DeviceA] interface vlanif 3 [*DeviceA-Vlanif3] ip address 10.1.3.102 24 [*DeviceA-Vlanif3] quit [*DeviceA] interface vlanif 4 [*DeviceA-Vlanif4] ip address 10.1.4.102 24 [*DeviceA-Vlanif4] quit [*DeviceA] commit
# 配置DeviceA、DeviceB和Network间采用OSPF协议进行互连。以DeviceA为例,DeviceB的配置与DeviceA类似,详见配置文件。
[~DeviceA] ospf 1 [*DeviceA-ospf-1] area 0 [*DeviceA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255 [*DeviceA-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [*DeviceA-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255 [*DeviceA-ospf-1-area-0.0.0.0] quit [*DeviceA-ospf-1] quit [*DeviceA] commit
- 配置VRRP备份组
# 在DeviceA和DeviceB上创建VRRP备份组1,配置DeviceA的优先级为120,抢占延时为20秒,作为Master设备。
[~DeviceA] interface vlanif 2 [~DeviceA-Vlanif2] vrrp vrid 1 virtual-ip 10.1.2.100 [*DeviceA-Vlanif2] vrrp vrid 1 priority 120 [*DeviceA-Vlanif2] vrrp vrid 1 preempt timer delay 20 [*DeviceA-Vlanif2] quit [*DeviceA] commit
# DeviceB的优先级为缺省值,作为Backup设备。
[~DeviceB] interface vlanif 2 [~DeviceB-Vlanif2] vrrp vrid 1 virtual-ip 10.1.2.100 [*DeviceB-Vlanif2] quit [*DeviceB] commit
# 在DeviceA和DeviceB上创建VRRP备份组2,配置DeviceB的优先级为120,抢占延时为20秒,作为Master设备。
[~DeviceB] interface vlanif 3 [~DeviceB-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100 [*DeviceB-Vlanif3] vrrp vrid 2 priority 120 [*DeviceB-Vlanif3] vrrp vrid 2 preempt timer delay 20 [*DeviceB-Vlanif3] quit [*DeviceB] commit
# DeviceA的优先级为缺省值,作为Backup设备。
[~DeviceA] interface vlanif 3 [~DeviceA-Vlanif3] vrrp vrid 2 virtual-ip 10.1.3.100 [*DeviceA-Vlanif3] quit [*DeviceA] commit
# 配置主机HostA的缺省网关为备份组1的虚拟IP地址10.1.2.100,配置主机HostB的缺省网关为备份组2的虚拟IP地址10.1.3.100。
- 验证配置结果
# 完成上述配置后,在DeviceA上执行display vrrp命令,可以看到DeviceA在备份组1中作为Master设备,在备份组2中作为Backup设备。
[~DeviceA] display vrrp Vlanif2 | Virtual Router 1 State : Master Virtual IP : 10.1.2.100 Master IP : 10.1.2.102 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 00e0-fc12-3456 Check TTL : YES Config type : normal-vrrp Backup-forward : disabled Create time : 2021-05-11 11:39:18 Last change time : 2021-05-26 11:38:58 Vlanif3 | Virtual Router 2 State : Backup Virtual IP : 10.1.3.100 Master IP : 10.1.3.103 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 00e0-fc12-3457 Check TTL : YES Config type : normal-vrrp Backup-forward : disabled Create time : 2021-05-11 11:40:18 Last change time : 2021-05-26 11:48:58
# 在DeviceB上执行display vrrp命令,可以看到DeviceB在备份组1中作为Backup设备,在备份组2中作为Master设备。
[~DeviceB] display vrrp Vlanif2 | Virtual Router 1 State : Backup Virtual IP : 10.1.2.100 Master IP : 10.1.2.102 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 00e0-fc12-3456 Check TTL : YES Config type : normal-vrrp Backup-forward : disabled Create time : 2021-05-11 11:39:18 Last change time : 2021-05-26 11:38:58 Vlanif3 | Virtual Router 2 State : Master Virtual IP : 10.1.3.100 Master IP : 10.1.3.103 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 00e0-fc12-3457 Check TTL : YES Config type : normal-vrrp Backup-forward : disabled Create time : 2021-05-11 11:40:18 Last change time : 2021-05-26 11:48:58
配置脚本
-
# sysname DeviceA # vlan batch 2 to 4 # stp instance 1 root primary stp instance 2 root secondary stp bpdu-protection stp pathcost-standard legacy # stp region-configuration region-name RG1 instance 1 vlan 2 instance 2 vlan 3 # interface Vlanif2 ip address 10.1.2.102 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.2.100 vrrp vrid 1 priority 120 vrrp vrid 1 preempt timer delay 20 # interface Vlanif3 ip address 10.1.3.102 255.255.255.0 vrrp vrid 2 virtual-ip 10.1.3.100 # interface Vlanif4 ip address 10.1.4.102 255.255.255.0 # interface 100GE1/0/1 port link-type trunk port trunk allow-pass vlan 2 to 3 stp root-protection # interface 100GE1/0/2 port link-type trunk port trunk allow-pass vlan 2 to 3 # interface 100GE1/0/3 port link-type trunk port trunk allow-pass vlan 4 stp edged-port enable # ospf 1 area 0.0.0.0 network 10.1.2.0 0.0.0.255 network 10.1.3.0 0.0.0.255 network 10.1.4.0 0.0.0.255 # return
-
# sysname DeviceB # vlan batch 2 to 3 5 # stp instance 1 root secondary stp instance 2 root primary stp bpdu-protection stp pathcost-standard legacy # stp region-configuration region-name RG1 instance 1 vlan 2 instance 2 vlan 3 # interface Vlanif2 ip address 10.1.2.103 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.2.100 # interface Vlanif3 ip address 10.1.3.103 255.255.255.0 vrrp vrid 2 virtual-ip 10.1.3.100 vrrp vrid 2 priority 120 vrrp vrid 2 preempt timer delay 20 # interface Vlanif5 ip address 10.1.5.103 255.255.255.0 # interface 100GE1/0/1 port link-type trunk port trunk allow-pass vlan 2 to 3 stp root-protection # interface 100GE1/0/2 port link-type trunk port trunk allow-pass vlan 2 to 3 # interface 100GE1/0/3 port link-type trunk port trunk allow-pass vlan 5 stp edged-port enable # ospf 1 area 0.0.0.0 network 10.1.2.0 0.0.0.255 network 10.1.3.0 0.0.0.255 network 10.1.5.0 0.0.0.255 # return
-
# sysname DeviceC # vlan batch 2 to 3 # stp bpdu-protection stp pathcost-standard legacy # stp region-configuration region-name RG1 instance 1 vlan 2 instance 2 vlan 3 # interface 100GE1/0/1 port link-type trunk port trunk allow-pass vlan 2 to 3 stp instance 2 cost 20000 # interface 100GE1/0/2 port link-type access port default vlan 2 stp edged-port enable # interface 100GE1/0/3 port link-type access port default vlan 3 stp edged-port enable # interface 100GE1/0/4 port link-type trunk port trunk allow-pass vlan 2 to 3 stp instance 1 cost 20000 # return