华为CE交换机-配置M-LAG双归接入二层网络(根桥方式)

配置M-LAG双归接入二层网络(根桥方式)

组网需求

图1所示,采用M-LAG方式将主机双归接入二层网络。由于用户对于业务的可靠性要求很高,如果主机和接入设备之间做链路聚合只能保证链路级的可靠性,接入设备发生故障时则会导致业务中断。这时用户可以采用跨设备链路聚合技术,正常工作时链路进行负载分担且任何一台设备故障对业务均没有影响,保证业务的高可靠性。由于普通以太网络中存在阻塞端口无法传输M-LAG主备设备的心跳报文,这里采用配置DFS Group绑定管理网口IP地址,保证M-LAG主备设备的心跳报文能够正常传输。

图1 配置M-LAG双归接入二层网络组网图

华为CE交换机-配置M-LAG双归接入二层网络(根桥方式)

本例中DeviceA的interface1、interface2、interface3、interface4、interface5、interface6和interface7分别代表100GE1/0/1,100GE1/0/2,100GE1/0/3,100GE1/0/4,100GE1/0/5,100GE1/0/6和MEth0/0/0。

本例中DeviceB的interface1、interface2、interface3、interface4、interface5、interface6和interface7分别代表100GE1/0/1,100GE1/0/2,100GE1/0/3,100GE1/0/4,100GE1/0/5,100GE1/0/6和MEth0/0/0。

本例中DeviceC的interface1和interface2代表100GE1/0/1和100GE1/0/2。

本例中DeviceD的interface1和interface2代表100GE1/0/1和100GE1/0/2。

华为CE交换机-配置M-LAG双归接入二层网络(根桥方式)

配置思路

  1. 将DeviceA和DeviceB配置为根桥,配置相同的桥MAC,保证M-LAG主备设备在二层网络中处于根桥地位。

  2. 分别在DeviceA和DeviceB上配置管理网口的IP地址,且保证能够三层互通,用于M-LAG主备设备间心跳报文的传输。

  3. 分别在DeviceA和DeviceB上配置M-LAG,实现服务器的双归接入。

操作步骤

  1. 将DeviceA和DeviceB配置为根桥,配置相同的桥MAC。

    华为CE交换机-配置M-LAG双归接入二层网络(根桥方式)

    如果组成M-LAG的设备下行接入的是交换设备,必须配置根保护功能。

    # 配置DeviceA。

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceA
    [*HUAWEI] commit
    [~DeviceA] stp root primary
    [*DeviceA] stp bridge-address 00e0-fc12-3458  //配置根桥的桥MAC(M-LAG主设备的MAC地址)
    [*DeviceA] interface eth-trunk 1
    [*DeviceA-Eth-Trunk1] trunkport 100ge 1/0/2
    [*DeviceA-Eth-Trunk1] trunkport 100ge 1/0/5
    [*DeviceA-Eth-Trunk1] stp edged-port enable
    [*DeviceA-Eth-Trunk1] commit
    [~DeviceA-Eth-Trunk1] quit

    # 配置DeviceB。

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceB
    [*HUAWEI] commit
    [~DeviceB] stp root primary
    [*DeviceB] stp bridge-address 00e0-fc12-3458   //配置根桥的桥MAC
    [*DeviceB] interface eth-trunk 1
    [*DeviceB-Eth-Trunk1] trunkport 100ge 1/0/2
    [*DeviceB-Eth-Trunk1] trunkport 100ge 1/0/5
    [*DeviceB-Eth-Trunk1] stp edged-port enable
    [*DeviceB-Eth-Trunk1] commit
    [~DeviceB-Eth-Trunk1] quit

     

  2. 分别配置DeviceA和DeviceB管理网口的IP地址。

    DeviceA和DeviceB管理网口需要保证能够三层互通。

     

     

    # 配置DeviceA。

    [~DeviceA] interface meth 0/0/0
    [~DeviceA-MEth0/0/0] ip address 10.1.1.1 24
    [*DeviceA-MEth0/0/0] quit
    [*DeviceA] commit

    # 配置DeviceB。

    [~DeviceB] interface meth 0/0/0
    [~DeviceB-MEth0/0/0] ip address 10.1.1.2 24
    [*DeviceB-MEth0/0/0] quit
    [*DeviceB] commit

     

  3. 分别在DeviceA和DeviceB上创建DFS并绑定管理网口的IP地址。

    # 配置DeviceA。

    [~DeviceA] dfs-group 1
    [*DeviceA-dfs-group-1] dual-active detection source ip 10.1.1.1 peer 10.1.1.2
    [*DeviceA-dfs-group-1] priority 150
    [*DeviceA-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206
    [*DeviceA-dfs-group-1] quit
    [*DeviceA] commit

    # 配置DeviceB。

    [~DeviceB] dfs-group 1
    [*DeviceB-dfs-group-1] dual-active detection source ip 10.1.1.2 peer 10.1.1.1
    [*DeviceB-dfs-group-1] priority 120
    [*DeviceB-dfs-group-1] authentication-mode hmac-sha256 password YsHsjx_202206
    [*DeviceB-dfs-group-1] quit
    [*DeviceB] commit

     

  4. 配置DeviceA和DeviceB之间的peer-link。

    # 配置DeviceA。

    [~DeviceA] interface eth-trunk 0
    [*DeviceA-Eth-Trunk0] mode lacp-static
    [*DeviceA-Eth-Trunk0] trunkport 100ge 1/0/3
    [*DeviceA-Eth-Trunk0] trunkport 100ge 1/0/4
    [*DeviceA-Eth-Trunk0] undo stp enable
    [*DeviceA-Eth-Trunk0] peer-link 1
    [*DeviceA-Eth-Trunk0] quit
    [*DeviceA] commit

    # 配置DeviceB。

    [~DeviceB] interface eth-trunk 0
    [*DeviceB-Eth-Trunk0] mode lacp-static
    [*DeviceB-Eth-Trunk0] trunkport 100ge 1/0/3
    [*DeviceB-Eth-Trunk0] trunkport 100ge 1/0/4
    [*DeviceB-Eth-Trunk0] undo stp enable
    [*DeviceB-Eth-Trunk0] peer-link 1
    [*DeviceB-Eth-Trunk0] quit
    [*DeviceB] commit

     

  5. 配置DeviceA和DeviceB连接服务器的Eth-Trunk接口加入VLAN 11并绑定DFS Group。

    服务器上行连接交换机的端口需要绑定在一个聚合链路中且链路聚合模式需要和交换机侧的聚合模式匹配,以交换机侧配置为静态LACP模式为例。

    # 配置DeviceA。

    [~DeviceA] vlan batch 11
    [*DeviceA] interface eth-trunk 1
    [*DeviceA-Eth-Trunk1] mode lacp-static
    [*DeviceA-Eth-Trunk1] port link-type access
    [*DeviceA-Eth-Trunk1] port default vlan 11
    [*DeviceA-Eth-Trunk1] dfs-group 1 m-lag 1
    [*DeviceA-Eth-Trunk1] quit
    [*DeviceA] commit

    # 配置DeviceB。

    [~DeviceB] vlan batch 11
    [*DeviceB] interface eth-trunk 1
    [*DeviceB-Eth-Trunk1] mode lacp-static
    [*DeviceB-Eth-Trunk1] port link-type access
    [*DeviceB-Eth-Trunk1] port default vlan 11
    [*DeviceB-Eth-Trunk1] dfs-group 1 m-lag 1
    [*DeviceB-Eth-Trunk1] quit
    [*DeviceB] commit

     

  6. 配置DeviceA和DeviceC之间链路以及DeviceB和DeviceD之间链路,并配置接口类型和通过的VLAN。

    # 配置DeviceA。

    [~DeviceA] interface eth-trunk 2
    [*DeviceA-Eth-Trunk2] mode lacp-static
    [*DeviceA-Eth-Trunk2] port link-type trunk
    [*DeviceA-Eth-Trunk2] port trunk allow-pass vlan 11
    [*DeviceA-Eth-Trunk2] trunkport 100ge 1/0/1
    [*DeviceA-Eth-Trunk2] trunkport 100ge 1/0/6
    [*DeviceA-Eth-Trunk2] quit
    [*DeviceA] commit

    # 配置DeviceB。

    [~DeviceB] interface eth-trunk 2
    [*DeviceB-Eth-Trunk2] mode lacp-static
    [*DeviceB-Eth-Trunk2] port link-type trunk
    [*DeviceB-Eth-Trunk2] port trunk allow-pass vlan 11
    [*DeviceB-Eth-Trunk2] trunkport 100ge 1/0/1
    [*DeviceB-Eth-Trunk2] trunkport 100ge 1/0/6
    [*DeviceB-Eth-Trunk2] quit
    [*DeviceB] commit

    # 配置DeviceC。

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceC
    [*HUAWEI] commit
    [~DeviceC] vlan batch 11
    [~DeviceC] interface eth-trunk 2
    [*DeviceC-Eth-Trunk2] mode lacp-static
    [*DeviceC-Eth-Trunk2] port link-type trunk
    [*DeviceC-Eth-Trunk2] port trunk allow-pass vlan 11
    [*DeviceC-Eth-Trunk2] trunkport 100ge 1/0/1
    [*DeviceC-Eth-Trunk2] trunkport 100ge 1/0/2
    [*DeviceC-Eth-Trunk2] quit
    [*DeviceC] commit

    # 配置DeviceD。

    <HUAWEI> system-view
    [~HUAWEI] sysname DeviceD
    [*HUAWEI] commit
    [~DeviceD] vlan batch 11
    [~DeviceD] interface eth-trunk 2
    [*DeviceD-Eth-Trunk2] mode lacp-static
    [*DeviceD-Eth-Trunk2] port link-type trunk
    [*DeviceD-Eth-Trunk2] port trunk allow-pass vlan 11
    [*DeviceD-Eth-Trunk2] trunkport 100ge 1/0/1
    [*DeviceD-Eth-Trunk2] trunkport 100ge 1/0/2
    [*DeviceD-Eth-Trunk2] quit
    [*DeviceD] commit

     

检查配置结果

# 查看DFS Group编号为1的M-LAG信息。

[~DeviceA] display dfs-group 1 m-lag
*                     : Local node
Heart beat state      : OK
Node 1 *
  Dfs-Group ID        : 1
  Priority            : 150
  Dual-active Address : 10.1.1.1
  VPN-Instance        :public net
  State               : Master
  Causation           : -
  System ID           : 00e0-fc12-3456
  SysName             : DeviceA
  Version             : V300R023C10
  Device Type         : CE16804
Node 2
  Dfs-Group ID        : 1
  Priority            : 120
  Dual-active Address : 10.1.1.2
  VPN-Instance        :public net
  State               : Backup
  Causation           : -
  System ID           : 00e0-fc12-3457
  SysName             : DeviceB
  Version             : V300R023C10
  Device Type         : CE16804

通过以上显示信息可以看到,“Heart beat state”的状态是“OK”,表明心跳状态正常;DeviceA作为Node 1,优先级为150,“State”的状态是“Master”;DeviceB作为Node 2,优先级为120,“State”的状态是“Backup”同时“Causation”的状态是“-”,表示M-LAG建立成功。

# 查看DeviceA上的M-LAG信息。

[~DeviceA] display dfs-group 1 node 1 m-lag brief
* - Local node

M-Lag ID     Interface      Port State    Status                Consistency-check
       1     Eth-Trunk 1    Up            active(*)-active      --


Failed reason:                                                                  
    1 -- Relationship between vlan and port is inconsistent                     
    2 -- STP configuration under the port is inconsistent                       
    3 -- STP port priority configuration is inconsistent                        
    4 -- LACP mode of M-LAG is inconsistent                                     
    5 -- M-LAG configuration is inconsistent                                    
    6 -- The number of M-LAG members is inconsistent
    7 -- LACP system-id of M-LAG is inconsistent
    8 -- LACP priority of M-LAG is inconsistent
    9 -- STP port edged configuration is inconsistent
    10 -- M-LAG mode configuration is inconsistent

# 查看DeviceB上的M-LAG信息。

[~DeviceB] display dfs-group 1 node 2 m-lag brief
* - Local node

M-Lag ID     Interface      Port State    Status                Consistency-check
       1     Eth-Trunk 1    Up            active-active(*)      --


Failed reason:                                                                  
    1 -- Relationship between vlan and port is inconsistent                     
    2 -- STP configuration under the port is inconsistent                       
    3 -- STP port priority configuration is inconsistent                        
    4 -- LACP mode of M-LAG is inconsistent                                     
    5 -- M-LAG configuration is inconsistent                                    
    6 -- The number of M-LAG members is inconsistent  
    7 -- LACP system-id of M-LAG is inconsistent
    8 -- LACP priority of M-LAG is inconsistent
    9 -- STP port edged configuration is inconsistent
    10 -- M-LAG mode configuration is inconsistent

通过以上显示信息可以看到,Node 1的“Port State”状态为“Up”,Node 2的“Port State”状态为“Up”,且Node 1和Node 2的M-LAG状态均为“active”,表明M-LAG的配置正确。

配置文件

  • DeviceA的配置脚本

    #
    sysname DeviceA
    #
    dfs-group 1
     priority 150
     dual-active detection source ip 10.1.1.1 peer 10.1.1.2
     authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!C+tR0CW9x*eB&pWp`t),Azgw-h\o8#4LZPD!!!!!!!!!!!!!!!9!!!!>fwJ)I0E{=:%,*,XRhbH&t0MCy_8=7!!!!!!!!!!%+%#
    #
    vlan batch 11
    #
    stp bridge-address 00e0-fc12-3458
    stp instance 0 root primary
    #
    interface MEth0/0/0
     ip address 10.1.1.1 255.255.255.0
    #
    interface Eth-Trunk0
     mode lacp-static
     stp disable
     peer-link 1
    #
    interface Eth-Trunk1
     port default vlan 11
     stp edged-port enable
     mode lacp-static
     dfs-group 1 m-lag 1
    #
    interface Eth-Trunk2
     port link-type trunk
     port trunk allow-pass vlan 11
     mode lacp-static 
    #
    interface 100GE1/0/1
     eth-trunk 2
    #
    interface 100GE1/0/2
     eth-trunk 1
    #
    interface 100GE1/0/3
     eth-trunk 0
    #
    interface 100GE1/0/4
     eth-trunk 0
    #
    interface 100GE1/0/5
     eth-trunk 1
    #
    interface 100GE1/0/6
     eth-trunk 2
    #
    return
  • DeviceB的配置脚本

    #
    sysname DeviceB
    #
    dfs-group 1
     priority 120
     dual-active detection source ip 10.1.1.2 peer 10.1.1.1
     authentication-mode hmac-sha256 password %+%##!!!!!!!!!"!!!!"!!!!*!!!!=I9f8>C{!P_bhB31@7r-=jrS8c|_"(Bn~#=!!!!!!!!!!!!!!!9!!!!kx-6@.tGA(wAt/IQXl6>[g{6YlOi9$!!!!!!!!!!%+%#
    #
    vlan batch 11
    #
    stp bridge-address 00e0-fc12-3458
    stp root primary
    #
    interface MEth0/0/0
     ip address 10.1.1.2 255.255.255.0
    #
    interface Eth-Trunk0
     mode lacp-static
     stp disable
     peer-link 1
    #
    interface Eth-Trunk1
     port default vlan 11
     stp edged-port enable
     mode lacp-static
     dfs-group 1 m-lag 1
    #
    interface Eth-Trunk2
     port link-type trunk
     port trunk allow-pass vlan 11
     mode lacp-static
    #
    interface 100GE1/0/1
     eth-trunk 2
    #
    interface 100GE1/0/2
     eth-trunk 1
    #
    interface 100GE1/0/3
     eth-trunk 0
    #
    interface 100GE1/0/4
     eth-trunk 0
    #
    interface 100GE1/0/5
     eth-trunk 1
    #
    interface 100GE1/0/6
     eth-trunk 2
    #
    return
  • DeviceC的配置脚本

    #
    sysname DeviceC
    #
    vlan batch 11
    #
    interface Eth-Trunk2
     port link-type trunk
     port trunk allow-pass vlan 11
     mode lacp-static
    #
    interface 100GE1/0/1
     eth-trunk 2
    #
    interface 100GE1/0/2
     eth-trunk 2
    #
    return
  • DeviceD的配置脚本

    #
    sysname DeviceD
    #
    vlan batch 11
    #
    interface Eth-Trunk2
     port link-type trunk
     port trunk allow-pass vlan 11
     mode lacp-static
    #
    interface 100GE1/0/1
     eth-trunk 2
    #
    interface 100GE1/0/2
     eth-trunk 2
    #
    return
上一篇 案例1 RSR20-X VPLS场景 VC无法建立
下一篇 路由器防火墙拦截?