配置VRRP与BFD联动功能
组网需求
为了提高链路可靠性,通常会将用户网关通过双归属的方式接入上层网络,并在双归属网络上通过部署VRRP协议实现链路主备链路协商和切换。
当链路出现故障时,VRRP通告报文协商需要一定的协商周期。为了实现链路故障时快速切换,可以在链路中部署BFD链路检测机制,并配置VRRP监视BFD会话,实现当主用接口或者链路出现Down时,备用设备迅速切换为Master,承担网络流量。
如图1所示:
现要求,当DeviceA发生故障、或者DeviceA与DeviceB之间的链路发生故障时,VRRP备份组主备切换的时间不超过1秒钟,以实现承载网的快速收敛。此种情况下,由于BFD会话能够快速监控和检测网络中的链路,因此可以配置VRRP备份组监视BFD会话功能。
配置注意事项
DeviceA的接口100GE1/0/1和DeviceB的接口100GE1/0/1的IP地址必须在相同的网段内。
为了提升安全性,在配置该示例时推荐配置VRRP安全策略,详细配置方式请参见“举例:配置VRRP主备备份”。
操作步骤
- 配置BFD会话。
<HUAWEI> system-view [~HUAWEI] sysname DeviceA [*HUAWEI] commit [~DeviceA] bfd [~DeviceA-bfd] quit [~DeviceA] interface 100ge 1/0/1 [~DeviceA-100GE1/0/1] undo portswitch [*DeviceA-100GE1/0/1] ip address 10.1.1.1 24 [*DeviceA-100GE1/0/1] quit [*DeviceA] bfd trackbfd bind peer-ip 10.1.1.2 interface 100ge 1/0/1 [*DeviceA-bfd-session-trackbfd] discriminator local 1 [*DeviceA-bfd-session-trackbfd] discriminator remote 2 [*DeviceA-bfd-session-trackbfd] quit [*DeviceA] commit
# 配置DeviceB。
<HUAWEI> system-view [~HUAWEI] sysname DeviceB [*HUAWEI] commit [~DeviceB] bfd [~DeviceB-bfd] quit [~DeviceB] interface 100ge 1/0/1 [~DeviceB-100GE1/0/1] undo portswitch [*DeviceB-100GE1/0/1] ip address 10.1.1.2 24 [*DeviceB-100GE1/0/1] quit [*DeviceB] bfd trackbfd bind peer-ip 10.1.1.1 interface 100ge 1/0/1 [*DeviceB-bfd-session-trackbfd] discriminator local 2 [*DeviceB-bfd-session-trackbfd] discriminator remote 1 [*DeviceB-bfd-session-trackbfd] quit [*DeviceB] commit
配置完成后,在DeviceA和DeviceB上执行display bfd session all命令,可以看到建立了一个BFD会话,且状态为Up。以DeviceA的显示结果为例。
[~DeviceA] display bfd session all S: Static session D: Dynamic session IP: IP session IF: Single-hop session PEER: Multi-hop session AUTO: Automatically negotiated session VXLAN: VXLAN session (w): State in WTR (*): State is invalid Total UP/DOWN Session Number : 1/0 ------------------------------------------------------------------------------ Local Remote PeerIpAddr State Type InterfaceName ------------------------------------------------------------------------------ 1 2 10.1.1.2 Up S_IP_IF 100GE1/0/1 ------------------------------------------------------------------------------ - 配置VRRP备份组1。
# 在DeviceA上配置VRRP备份组1,并配置DeviceA在该备份组中的优先级为120,确保DeviceA为Master设备。
[~DeviceA] interface 100ge 1/0/1 [~DeviceA-100GE1/0/1] vrrp vrid 1 virtual-ip 10.1.1.111 [*DeviceA-100GE1/0/1] vrrp vrid 1 priority 120 [*DeviceA-100GE1/0/1] quit [*DeviceA] commit
# 在DeviceB上配置VRRP备份组1,DeviceB在该备份组中使用缺省优先级,确保DeviceB为Backup设备。
[~DeviceB] interface 100ge 1/0/1 [~DeviceB-100GE1/0/1] vrrp vrid 1 virtual-ip 10.1.1.111 [*DeviceB-100GE1/0/1] quit [*DeviceB] commit
配置完成后,在DeviceA和DeviceB上执行display vrrp verbose命令,可以看到DeviceA在备份组中的状态为Master,DeviceB在备份组中的状态为Backup。
[~DeviceA] display vrrp verbose 100GE1/0/1 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 0s Remain : -- Hold Multiplier : 4 TimerRun : 1s TimerConfig : 1s Auth Type : NONE Virtual MAC : 00-e0-fc-12-78-90 Check TTL : YES Config Type : Normal Create Time : 2020-12-29 05:41:23 Last Change Time : 2020-12-29 05:41:33[~DeviceB] display vrrp verbose 100GE1/0/1 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.111 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0s Remain : -- Hold Multiplier : 4 TimerRun : 1s TimerConfig : 1s Auth Type : NONE Virtual MAC : 00-e0-fc-12-78-90 Check TTL : YES Config Type : Normal Create Time : 2020-12-29 05:41:23 Last Change Time : 2020-12-29 05:41:33 - 在DeviceB上配置VRRP备份组监视BFD会话。
[~DeviceB] interface 100ge 1/0/1 [~DeviceB-100GE1/0/1] vrrp vrid 1 track bfd 2 increase 40 [*DeviceB-100GE1/0/1] quit [*DeviceB] commit
配置完成后,在DeviceB上执行display vrrp verbose命令,可以看到被监视的BFD会话及其状态。
[~DeviceB] display vrrp verbose 100GE1/0/1 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.111 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0s Remain : -- Hold Multiplier : 4 TimerRun : 1s TimerConfig : 1s Auth Type : NONE Virtual MAC : 00-e0-fc-12-78-90 Check TTL : YES Config Type : Normal Track BFD : 2 Priority Increased : 40 BFD-Session State : UP Create Time : 2020-12-29 05:41:23 Last Change Time : 2020-12-29 05:41:33
检查配置结果
# 对DeviceA的100ge 1/0/1接口执行shutdown操作,模拟链路故障。
[~DeviceA] interface 100ge 1/0/1 [~DeviceA-100GE1/0/1] shutdown [*DeviceA-100GE1/0/1] quit [*DeviceA] commit
在DeviceA上查看VRRP备份组状态信息,可以看到备份组的状态为Initialize。
[~DeviceA] display vrrp verbose
100GE1/0/1 | Virtual Router 1
State : Initialize
Virtual IP : 10.1.1.111
Master IP : 0.0.0.0
PriorityRun : 0
PriorityConfig : 120
MasterPriority : 0
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 4
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 00-e0-fc-12-78-90
Check TTL : YES
Config Type : Normal
Create Time : 2020-12-29 05:41:23
Last Change Time : 2020-12-29 05:41:33
在DeviceB上查看VRRP备份组状态信息,可以看到此时BFD会话的状态为Down,DeviceB的优先级增加40,此时备份组的状态为Master。
[~DeviceB] display vrrp verbose
100GE1/0/1 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.2
PriorityRun : 140
PriorityConfig : 100
MasterPriority : 140
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 4
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 00-e0-fc-12-78-90
Check TTL : YES
Config Type : Normal
Track BFD : 2
Priority Increased :40
BFD-Session State : DOWN
Create Time : 2020-12-29 05:41:23
Last Change Time : 2020-12-29 05:41:33
配置脚本
-
# sysname DeviceA # bfd # interface 100GE1/0/1 undo portswitch ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120 # bfd trackbfd bind peer-ip 10.1.1.2 interface 100GE1/0/1 discriminator local 1 discriminator remote 2 # return
-
# sysname DeviceB # bfd # interface 100GE1/0/1 undo portswitch ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 track bfd 2 increase 40 # bfd trackbfd bind peer-ip 10.1.1.1 interface 100GE1/0/1 discriminator local 2 discriminator remote 1 # return