H3C之IRF典型配置举例(BFD MAD检测方式)

IRF典型配置举例(BFD MAD检测方式)

1、组网需求

由于网络规模迅速扩大,当前中心设备(Device A)安全业务处理能力已经不能满足需求,现在需要另增一台设备Device B,将这两台设备组成一个IRF(如图所示),并配置BFD MAD进行分裂检测。

2、组网图

IRF典型配置组网图(BFD MAD检测方式)

3、配置步骤

(1)  配置Device A
配置IRF中成员编号为1的设备的优先级为32。

<DeviceA> system-view
[DeviceA] irf member 1 priority 32

配置IRF端口1/2,并将它与物理端口Ten-GigabitEthernet1/0/1绑定,并保存配置,然后激活IRF端口下的配置。

IRF-port端口编号说明:
irf-port 1/2中,第一个数字代表的是设备成员编号,第二个数字是接口编号。堆叠要求使用逻辑端口1对接逻辑端口2。
即,如若第一台配置irf-port1/2,则第二台需要是用irf-port2/1对接。如若第一台使用irf-port1/1,则第二台需要配置irf-port2/2。

[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/0/1
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] save
[DeviceA] irf-port-configuration active

(2)  配置Device B
将Device B的成员编号配置为2,并重启设备使新编号生效。

<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Warning: Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot

参照配置组网图进行物理连线。
重新登录到设备,配置IRF端口2/1,并将它与物理端口Ten-GigabitEthernet2/0/1绑定,并保存配置,然后激活IRF端口下的配置。

<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/0/1
[DeviceB-Ten-GigabitEthernet2/0/1] shutdown
[DeviceB-Ten-GigabitEthernet2/0/1] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/0/1
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/0/1
[DeviceB-Ten-GigabitEthernet2/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet2/0/1] quit
[DeviceB] save
[DeviceB] irf-port-configuration active

(3)  Device A和Device B间将会进行主设备竞选,竞选失败的一方(Device B)将重启,重启完成后,IRF形成。
(4)  配置BFD MAD检测
创建三层聚合接口3。

[DeviceA] interface route-aggregation 3
[DeviceA-Route-Aggregation3] quit

分别将Device A(成员编号为1)上的接口Ten-GigabitEthernet1/0/2和Device B(成员编号为2)上的接口Ten-GigabitEthernet2/0/2加入聚合组3中。

分别将设备A和设备B的MAD口加入一个三层聚合组

[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 3
[DeviceA-Ten-GigabitEthernet1/0/2] quit
[DeviceA] interface ten-gigabitethernet 2/0/2
[DeviceA-Ten-GigabitEthernet2/0/2] port link-aggregation group 3
[DeviceA-Ten-GigabitEthernet2/0/2] quit

开启BFD MAD功能,并配置三层聚合接口3的MAD IP地址。

[DeviceA] interface route-aggregation 3
[DeviceA-Route-Aggregation3] mad bfd enable
[DeviceA-Route-Aggregation3] mad ip address 192.168.2.1 24 member 1
[DeviceA-Route-Aggregation3] mad ip address 192.168.2.2 24 member 2
[DeviceA-Route-Aggregation3] quit

(5) 请参考组网图中的规划,配置安全域和安全策略,对Intranet网络与IP network网络之间交互的报文进行安全控制。
4. 验证配置

  • IRF链路正常情况下查看相关配置
    查看IRF相关信息,可见IRF成功建立,且DeviceA为主设备。
[DeviceA] display irf
MemberID    Role    Priority  CPU-Mac         Description
 *+1        Master  32        487a-da95-93b5  ---
   2        Standby 1         3897-d6a8-1b1a  ---
--------------------------------------------------
 * indicates the device is the master.
 + indicates the device through which the user logs in.
 
 The bridge MAC of the IRF is: 487a-da95-93b3
 Auto upgrade                : yes
 Mac persistent              : no
 Domain ID                   : 0

查看BFD MAD状态,状态正常。

[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
  Ten-GigabitEthernet1/0/1
  Ten-GigabitEthernet2/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Route-Aggregation3
  MAD status                 : Normal
  Member ID   MAD IP address       Neighbor   MAD status
  1           192.168.2.1/24       2          Normal
  2           192.168.2.2/24       1          Normal
  • IRF链路异常情况下查看相关配置
    查看BFD MAD状态,状态异常,表示IRF分裂。
[DeviceA] display mad verbose
Excluded ports (user-configured):
Excluded ports (system-configured):
  Ten-GigabitEthernet1/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Route-Aggregation3
  MAD status                 : Faulty
  Member ID   MAD IP address       Neighbor   MAD status
  1           192.168.2.1/24       2          Faulty
  • 其它命令
    查看成员1、成员2 IRF链路的状态均为UP
<H3C>dis irf link
Member 1

 IRF Port  Interface                             Status

 1         Ten-GigabitEthernet1/0/50             UP

           Ten-GigabitEthernet1/0/51             UP

 2         disable                               --

Member 2

 IRF Port  Interface                             Status

 1         disable                               --

 2         Ten-GigabitEthernet2/0/50             UP

           Ten-GigabitEthernet2/0/51             UP

查看IRF的配置信息

<H3C>dis irf configuration  

 MemberID NewID    IRF-Port1                     IRF-Port2

 1        1        Ten-GigabitEthernet1/0/50     disable

                   Ten-GigabitEthernet1/0/51

 2        2        disable                       Ten-GigabitEthernet2/0/50

                                                 Ten-GigabitEthernet2/0/51

查看IRF的拓扑信息

dis irf topology
                              Topology Info
 -------------------------------------------------------------------------
               IRF-Port1                IRF-Port2
 MemberID    Link       neighbor      Link       neighbor    Belong To
 1           DIS        ---           UP         2           00e0-fc0f-8c02
 2           UP         1             DIS        ---         00e0-fc0f-8c02

生产实用案例

SW1
[H3C]sysname sw1
[sw1]irf member 1 priority 32
[sw1]interface FortyGigE 1/0/53
[sw1-FortyGigE1/0/53]shutdown
[sw1-FortyGigE1/0/53]quit
[sw1]interface FortyGigE 1/0/54
[sw1-FortyGigE1/0/54]shutdown
[sw1-FortyGigE1/0/54]quit
[sw1]irf-port 1/2
[sw1-irf-port1/2]port group interface FortyGigE 1/0/53
[sw1-irf-port1/2]port group interface FortyGigE 1/0/54
[sw1-irf-port1/2]quit
[sw1]interface FortyGigE 1/0/53
[sw1-FortyGigE1/0/53]undo shutdown
[sw1]interface FortyGigE 1/0/54
[sw1-FortyGigE1/0/54]undo shutdown
[sw1]save
[sw1]irf-port-configuration active

SW2
[H3C]sysname sw2
[sw2]irf member 1 renumber 2
[sw2]quit
<sw2>reboot
[sw2]irf member 2 priority 31
[sw2]interface FortyGigE 2/0/53
[sw2-FortyGigE2/0/53]shutdown
[sw2-FortyGigE2/0/53]quit
[sw2]interface FortyGigE 2/0/54
[sw2-FortyGigE2/0/54]shutdown
[sw2-FortyGigE2/0/54]quit
[sw2]irf-port 2/1
[sw2-irf-port2/1]port group interface FortyGigE 2/0/53
[sw2-irf-port2/1]port group interface FortyGigE 2/0/54
[sw2]interface FortyGigE 2/0/53
[sw2-FortyGigE2/0/53]undo shutdown
[sw2]interface FortyGigE 2/0/54
[sw2-FortyGigE2/0/53]quit
[sw2-FortyGigE2/0/54]un shutdown
[sw2-FortyGigE2/0/54]quit
[sw2]irf-port-configuration active

SW1配置mad检测
[sw1]interface Route-Aggregation 3
[sw1-Route-Aggregation3]quit
[sw1]interface Ten-GigabitEthernet1/0/50
[sw1-Ten-GigabitEthernet1/0/50]port link-aggregation group 3
[sw1-Ten-GigabitEthernet1/0/50]quit
[sw1]interface Ten-GigabitEthernet2/0/50
[sw1-Ten-GigabitEthernet2/0/50]port link-aggregation group 3
[sw1-Ten-GigabitEthernet2/0/50]quit

[sw1]interface Route-Aggregation3
[sw1-Route-Aggregation3]mad bfd enable
[sw1-Route-Aggregation3]mad ip address 1.1.1.1 30 member 1
[sw1-Route-Aggregation3]mad ip address 1.1.1.2 30 member 2
[sw1-Route-Aggregation3]quit
posted @ 2024-06-27 21:37  *一炁化三清*  阅读(766)  评论(0编辑  收藏  举报