配置M-LAG双归接入二层网络(根桥方式)
组网需求
如图1所示,采用M-LAG方式将主机双归接入二层网络。由于用户对于业务的可靠性要求很高,如果主机和接入设备之间做链路聚合只能保证链路级的可靠性,接入设备发生故障时则会导致业务中断。这时用户可以采用跨设备链路聚合技术,正常工作时链路进行负载分担且任何一台设备故障对业务均没有影响,保证业务的高可靠性。由于普通以太网络中存在阻塞端口无法传输M-LAG主备设备的心跳报文,这里采用配置DFS Group绑定管理网口IP地址,保证M-LAG主备设备的心跳报文能够正常传输。

本例中DeviceA的interface1、interface2、interface3、interface4、interface5、interface6和interface7分别代表100GE1/0/1,100GE1/0/2,100GE1/0/3,100GE1/0/4,100GE1/0/5,100GE1/0/6和MEth0/0/0。
本例中DeviceB的interface1、interface2、interface3、interface4、interface5、interface6和interface7分别代表100GE1/0/1,100GE1/0/2,100GE1/0/3,100GE1/0/4,100GE1/0/5,100GE1/0/6和MEth0/0/0。
本例中DeviceC的interface1和interface2代表100GE1/0/1和100GE1/0/2。
本例中DeviceD的interface1和interface2代表100GE1/0/1和100GE1/0/2。

操作步骤
- 将DeviceA和DeviceB配置为根桥,配置相同的桥MAC。

如果组成M-LAG的设备下行接入的是交换设备,必须配置根保护功能。
# 配置DeviceA。
<HUAWEI> system-view [~HUAWEI] sysname DeviceA [*HUAWEI] commit [~DeviceA] stp root primary [*DeviceA] stp bridge-address 00e0-fc12-3458 //配置根桥的桥MAC(M-LAG主设备的MAC地址) [*DeviceA] interface eth-trunk 1 [*DeviceA-Eth-Trunk1] trunkport 100ge 1/0/2 [*DeviceA-Eth-Trunk1] trunkport 100ge 1/0/5 [*DeviceA-Eth-Trunk1] stp edged-port enable [*DeviceA-Eth-Trunk1] commit [~DeviceA-Eth-Trunk1] quit
# 配置DeviceB。
<HUAWEI> system-view [~HUAWEI] sysname DeviceB [*HUAWEI] commit [~DeviceB] stp root primary [*DeviceB] stp bridge-address 00e0-fc12-3458 //配置根桥的桥MAC [*DeviceB] interface eth-trunk 1 [*DeviceB-Eth-Trunk1] trunkport 100ge 1/0/2 [*DeviceB-Eth-Trunk1] trunkport 100ge 1/0/5 [*DeviceB-Eth-Trunk1] stp edged-port enable [*DeviceB-Eth-Trunk1] commit [~DeviceB-Eth-Trunk1] quit
- 分别配置DeviceA和DeviceB管理网口的IP地址。
DeviceA和DeviceB管理网口需要保证能够三层互通。
# 配置DeviceA。
[~DeviceA] interface meth 0/0/0 [~DeviceA-MEth0/0/0] ip address 10.1.1.1 24 [*DeviceA-MEth0/0/0] quit [*DeviceA] commit
# 配置DeviceB。
[~DeviceB] interface meth 0/0/0 [~DeviceB-MEth0/0/0] ip address 10.1.1.2 24 [*DeviceB-MEth0/0/0] quit [*DeviceB] commit
- 分别在DeviceA和DeviceB上创建DFS并绑定管理网口的IP地址。
# 配置DeviceA。
[~DeviceA] dfs-group 1 [*DeviceA-dfs-group-1] dual-active detection source ip 10.1.1.1 peer 10.1.1.2 [*DeviceA-dfs-group-1] priority 150 [*DeviceA-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206 [*DeviceA-dfs-group-1] quit [*DeviceA] commit
# 配置DeviceB。
[~DeviceB] dfs-group 1 [*DeviceB-dfs-group-1] dual-active detection source ip 10.1.1.2 peer 10.1.1.1 [*DeviceB-dfs-group-1] priority 120 [*DeviceB-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206 [*DeviceB-dfs-group-1] quit [*DeviceB] commit
- 配置DeviceA和DeviceB之间的peer-link。
# 配置DeviceA。
[~DeviceA] interface eth-trunk 0 [*DeviceA-Eth-Trunk0] mode lacp-static [*DeviceA-Eth-Trunk0] trunkport 100ge 1/0/3 [*DeviceA-Eth-Trunk0] trunkport 100ge 1/0/4 [*DeviceA-Eth-Trunk0] undo stp enable [*DeviceA-Eth-Trunk0] peer-link 1 [*DeviceA-Eth-Trunk0] quit [*DeviceA] commit
# 配置DeviceB。
[~DeviceB] interface eth-trunk 0 [*DeviceB-Eth-Trunk0] mode lacp-static [*DeviceB-Eth-Trunk0] trunkport 100ge 1/0/3 [*DeviceB-Eth-Trunk0] trunkport 100ge 1/0/4 [*DeviceB-Eth-Trunk0] undo stp enable [*DeviceB-Eth-Trunk0] peer-link 1 [*DeviceB-Eth-Trunk0] quit [*DeviceB] commit
- 配置DeviceA和DeviceB连接服务器的Eth-Trunk接口加入VLAN 11并绑定DFS Group。
服务器上行连接交换机的端口需要绑定在一个聚合链路中且链路聚合模式需要和交换机侧的聚合模式匹配,以交换机侧配置为静态LACP模式为例。
# 配置DeviceA。
[~DeviceA] vlan batch 11 [*DeviceA] interface eth-trunk 1 [*DeviceA-Eth-Trunk1] mode lacp-static [*DeviceA-Eth-Trunk1] port link-type access [*DeviceA-Eth-Trunk1] port default vlan 11 [*DeviceA-Eth-Trunk1] dfs-group 1 m-lag 1 [*DeviceA-Eth-Trunk1] quit [*DeviceA] commit
# 配置DeviceB。
[~DeviceB] vlan batch 11 [*DeviceB] interface eth-trunk 1 [*DeviceB-Eth-Trunk1] mode lacp-static [*DeviceB-Eth-Trunk1] port link-type access [*DeviceB-Eth-Trunk1] port default vlan 11 [*DeviceB-Eth-Trunk1] dfs-group 1 m-lag 1 [*DeviceB-Eth-Trunk1] quit [*DeviceB] commit
- 配置DeviceA和DeviceC之间链路以及DeviceB和DeviceD之间链路,并配置接口类型和通过的VLAN。
# 配置DeviceA。
[~DeviceA] interface eth-trunk 2 [*DeviceA-Eth-Trunk2] mode lacp-static [*DeviceA-Eth-Trunk2] port link-type trunk [*DeviceA-Eth-Trunk2] port trunk allow-pass vlan 11 [*DeviceA-Eth-Trunk2] trunkport 100ge 1/0/1 [*DeviceA-Eth-Trunk2] trunkport 100ge 1/0/6 [*DeviceA-Eth-Trunk2] quit [*DeviceA] commit
# 配置DeviceB。
[~DeviceB] interface eth-trunk 2 [*DeviceB-Eth-Trunk2] mode lacp-static [*DeviceB-Eth-Trunk2] port link-type trunk [*DeviceB-Eth-Trunk2] port trunk allow-pass vlan 11 [*DeviceB-Eth-Trunk2] trunkport 100ge 1/0/1 [*DeviceB-Eth-Trunk2] trunkport 100ge 1/0/6 [*DeviceB-Eth-Trunk2] quit [*DeviceB] commit
# 配置DeviceC。
<HUAWEI> system-view [~HUAWEI] sysname DeviceC [*HUAWEI] commit [~DeviceC] vlan batch 11 [~DeviceC] interface eth-trunk 2 [*DeviceC-Eth-Trunk2] mode lacp-static [*DeviceC-Eth-Trunk2] port link-type trunk [*DeviceC-Eth-Trunk2] port trunk allow-pass vlan 11 [*DeviceC-Eth-Trunk2] trunkport 100ge 1/0/1 [*DeviceC-Eth-Trunk2] trunkport 100ge 1/0/2 [*DeviceC-Eth-Trunk2] quit [*DeviceC] commit
# 配置DeviceD。
<HUAWEI> system-view [~HUAWEI] sysname DeviceD [*HUAWEI] commit [~DeviceD] vlan batch 11 [~DeviceD] interface eth-trunk 2 [*DeviceD-Eth-Trunk2] mode lacp-static [*DeviceD-Eth-Trunk2] port link-type trunk [*DeviceD-Eth-Trunk2] port trunk allow-pass vlan 11 [*DeviceD-Eth-Trunk2] trunkport 100ge 1/0/1 [*DeviceD-Eth-Trunk2] trunkport 100ge 1/0/2 [*DeviceD-Eth-Trunk2] quit [*DeviceD] commit
检查配置结果
# 查看DFS Group编号为1的M-LAG信息。
[~DeviceA] display dfs-group 1 m-lag * : Local node Heart beat state : OK Node 1 * Dfs-Group ID : 1 Priority : 150 Dual-active Address : 10.1.1.1 VPN-Instance :public net State : Master Causation : - System ID : 00e0-fc12-3456 SysName : DeviceA Version : V300R023C10 Device Type : CE16804 Node 2 Dfs-Group ID : 1 Priority : 120 Dual-active Address : 10.1.1.2 VPN-Instance :public net State : Backup Causation : - System ID : 00e0-fc12-3457 SysName : DeviceB Version : V300R023C10 Device Type : CE16804
通过以上显示信息可以看到,“Heart beat state”的状态是“OK”,表明心跳状态正常;DeviceA作为Node 1,优先级为150,“State”的状态是“Master”;DeviceB作为Node 2,优先级为120,“State”的状态是“Backup”同时“Causation”的状态是“-”,表示M-LAG建立成功。
# 查看DeviceA上的M-LAG信息。
[~DeviceA] display dfs-group 1 node 1 m-lag brief
* - Local node
M-Lag ID Interface Port State Status Consistency-check
1 Eth-Trunk 1 Up active(*)-active --
Failed reason:
1 -- Relationship between vlan and port is inconsistent
2 -- STP configuration under the port is inconsistent
3 -- STP port priority configuration is inconsistent
4 -- LACP mode of M-LAG is inconsistent
5 -- M-LAG configuration is inconsistent
6 -- The number of M-LAG members is inconsistent
7 -- LACP system-id of M-LAG is inconsistent
8 -- LACP priority of M-LAG is inconsistent
9 -- STP port edged configuration is inconsistent
10 -- M-LAG mode configuration is inconsistent
# 查看DeviceB上的M-LAG信息。
[~DeviceB] display dfs-group 1 node 2 m-lag brief
* - Local node
M-Lag ID Interface Port State Status Consistency-check
1 Eth-Trunk 1 Up active-active(*) --
Failed reason:
1 -- Relationship between vlan and port is inconsistent
2 -- STP configuration under the port is inconsistent
3 -- STP port priority configuration is inconsistent
4 -- LACP mode of M-LAG is inconsistent
5 -- M-LAG configuration is inconsistent
6 -- The number of M-LAG members is inconsistent
7 -- LACP system-id of M-LAG is inconsistent
8 -- LACP priority of M-LAG is inconsistent
9 -- STP port edged configuration is inconsistent
10 -- M-LAG mode configuration is inconsistent
通过以上显示信息可以看到,Node 1的“Port State”状态为“Up”,Node 2的“Port State”状态为“Up”,且Node 1和Node 2的M-LAG状态均为“active”,表明M-LAG的配置正确。
配置文件
-
# sysname DeviceA # dfs-group 1 priority 150 dual-active detection source ip 10.1.1.1 peer 10.1.1.2 authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgw-h\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%# # vlan batch 11 # stp bridge-address 00e0-fc12-3458 stp instance 0 root primary # interface MEth0/0/0 ip address 10.1.1.1 255.255.255.0 # interface Eth-Trunk0 mode lacp-static stp disable peer-link 1 # interface Eth-Trunk1 port default vlan 11 stp edged-port enable mode lacp-static dfs-group 1 m-lag 1 # interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 11 mode lacp-static # interface 100GE1/0/1 eth-trunk 2 # interface 100GE1/0/2 eth-trunk 1 # interface 100GE1/0/3 eth-trunk 0 # interface 100GE1/0/4 eth-trunk 0 # interface 100GE1/0/5 eth-trunk 1 # interface 100GE1/0/6 eth-trunk 2 # return -
# sysname DeviceB # dfs-group 1 priority 120 dual-active detection source ip 10.1.1.2 peer 10.1.1.1 authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!=I9f8>C{!P_bhB31@7r-=jrS8c|_"(Bn~#=!!!!!!!!!!!!!!!9!!!!kx-6@.tGA(wAt/IQXl6>[g{6YlOi9$!!!!!!!!!!%+%# # vlan batch 11 # stp bridge-address 00e0-fc12-3458 stp root primary # interface MEth0/0/0 ip address 10.1.1.2 255.255.255.0 # interface Eth-Trunk0 mode lacp-static stp disable peer-link 1 # interface Eth-Trunk1 port default vlan 11 stp edged-port enable mode lacp-static dfs-group 1 m-lag 1 # interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 11 mode lacp-static # interface 100GE1/0/1 eth-trunk 2 # interface 100GE1/0/2 eth-trunk 1 # interface 100GE1/0/3 eth-trunk 0 # interface 100GE1/0/4 eth-trunk 0 # interface 100GE1/0/5 eth-trunk 1 # interface 100GE1/0/6 eth-trunk 2 # return -
# sysname DeviceC # vlan batch 11 # interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 11 mode lacp-static # interface 100GE1/0/1 eth-trunk 2 # interface 100GE1/0/2 eth-trunk 2 # return
-
# sysname DeviceD # vlan batch 11 # interface Eth-Trunk2 port link-type trunk port trunk allow-pass vlan 11 mode lacp-static # interface 100GE1/0/1 eth-trunk 2 # interface 100GE1/0/2 eth-trunk 2 # return