配置交换机双归接入IP网络示例(V-STP方式推荐)
组网需求
如图4-23所示,通过配置M-LAG双归接入IP网络可以满足以下要求:
- 当一条接入链路发生故障时,流量可以快速切换到另一条链路,保证可靠性。
- 为了高效利用带宽,两条链路同时处于active状态,可实现使用负载分担的方式转发流量。
配置思路
采用如下的思路配置M-LAG双归接入IP网络:
-
在Switch上配置上行接口绑定在一个Eth-Trunk中。
-
分别在SwitchA和SwitchB上配置V-STP、DFS Group、peer-link和M-LAG接口。
-
分别在SwitchA和SwitchB上配置VLANIF接口IP地址和MAC地址,作为接入设备的双活网关。
-
分别在SwitchA、SwitchB和SwitchC上配置OSPF功能,保证三层互通。
在V-STP场景下,为防止接口因生成树协议计算结果被阻塞,可以通过配置主接口实现三层互通或者去使能IP网络侧的生成树协议。
-
分别在SwitchA和SwitchB上配置Monitor Link关联上行接口和下行接口,避免因上行链路故障导致用户侧流量无法转发而丢弃。
操作步骤
- 在Switch上配置上行接口绑定在一个Eth-Trunk中
# 配置Switch。
<HUAWEI> system-view [~HUAWEI] sysname Switch [*HUAWEI] commit [~Switch] vlan batch 11 [*Switch] interface eth-trunk 20 [*Switch-Eth-Trunk20] mode lacp-static [*Switch-Eth-Trunk20] port link-type trunk [*Switch-Eth-Trunk20] port trunk allow-pass vlan 11 [*Switch-Eth-Trunk20] trunkport 10ge 1/0/1 to 1/0/4 [*Switch-Eth-Trunk20] quit [*Switch] commit - 分别在SwitchA和SwitchB上配置V-STP、DFS Group、peer-link和M-LAG接口
# 配置SwitchA。
<HUAWEI> system-view [~HUAWEI] sysname SwitchA [*HUAWEI] commit [~SwitchA] stp mode rstp [~SwitchA]stp bridge-address 1-1-1 [*SwitchA] stp v-stp enable [*SwitchA] interface loopback 0 [*SwitchA-LoopBack0] ip address 10.1.1.1 32 [*SwitchA-LoopBack0] quit [*SwitchA] dfs-group 1 [*SwitchA-dfs-group-1] source ip 10.1.1.1 [*SwitchA-dfs-group-1] priority 150 [*SwitchA-dfs-group-1] quit [*SwitchA] interface eth-trunk 1 [*SwitchA-Eth-Trunk1] trunkport 10ge 1/0/4 [*SwitchA-Eth-Trunk1] trunkport 10ge 2/0/5 [*SwitchA-Eth-Trunk1] mode lacp-static [*SwitchA-Eth-Trunk1] peer-link 1 [*SwitchA-Eth-Trunk1] quit [*SwitchA] vlan batch 11 [*SwitchA] interface eth-trunk 10 [*SwitchA-Eth-Trunk10] mode lacp-static [*SwitchA-Eth-Trunk10] port link-type trunk [*SwitchA-Eth-Trunk10] port trunk allow-pass vlan 11 [*SwitchA-Eth-Trunk10] trunkport 10ge 1/0/2 [*SwitchA-Eth-Trunk10] trunkport 10ge 1/0/3 [*SwitchA-Eth-Trunk10] dfs-group 1 m-lag 1 [*SwitchA-Eth-Trunk10] quit [*SwitchA] commit# 配置SwitchB。
<HUAWEI> system-view [~HUAWEI] sysname SwitchB [*HUAWEI] commit [~SwitchB] stp mode rstp [~SwitchB]stp bridge-address 1-1-1 [*SwitchB] stp v-stp enable [*SwitchB] interface loopback 0 [*SwitchB-LoopBack0] ip address 10.1.1.2 32 [*SwitchB-LoopBack0] quit [*SwitchB] dfs-group 1 [*SwitchB-dfs-group-1] source ip 10.1.1.2 [*SwitchB-dfs-group-1] priority 120 [*SwitchB-dfs-group-1] quit [*SwitchB] interface eth-trunk 1 [*SwitchB-Eth-Trunk1] trunkport 10ge 1/0/4 [*SwitchB-Eth-Trunk1] trunkport 10ge 2/0/5 [*SwitchB-Eth-Trunk1] mode lacp-static [*SwitchB-Eth-Trunk1] peer-link 1 [*SwitchB-Eth-Trunk1] quit [*SwitchB] vlan batch 11 [*SwitchB] interface eth-trunk 10 [*SwitchB-Eth-Trunk10] mode lacp-static [*SwitchB-Eth-Trunk10] port link-type trunk [*SwitchB-Eth-Trunk10] port trunk allow-pass vlan 11 [*SwitchB-Eth-Trunk10] trunkport 10ge 1/0/2 [*SwitchB-Eth-Trunk10] trunkport 10ge 1/0/3 [*SwitchB-Eth-Trunk10] dfs-group 1 m-lag 1 [*SwitchB-Eth-Trunk10] quit [*SwitchB] commit - 分别在SwitchA和SwitchB上配置VLANIF接口IP地址和MAC地址,作为接入设备的双活网关
两端的虚拟IP和虚拟MAC配置要求完全一致,目的是为M-LAG提供相同的虚拟IP和虚拟MAC。
# 配置SwitchA。[~SwitchA] interface vlanif 11 [*SwitchA-Vlanif11] ip address 10.2.1.1 24 [*SwitchA-Vlanif11] mac-address 0000-5e00-0101 [*SwitchA-Vlanif11] quit [*SwitchA] commit# 配置SwitchB。[~SwitchB] interface vlanif 11 [*SwitchB-Vlanif11] ip address 10.2.1.1 24 [*SwitchB-Vlanif11] mac-address 0000-5e00-0101 [*SwitchB-Vlanif11] quit [*SwitchB] commit - 分别在SwitchA、SwitchB和SwitchC上配置OSPF功能,保证三层互通
# 配置SwitchA。
[~SwitchA] interface 10ge 1/0/1 [~SwitchA-10GE1/0/1] undo portswitch [*SwitchA-10GE1/0/1] ip address 10.3.1.1 24 [*SwitchA-10GE1/0/1] quit [*SwitchA] ospf 1 [*SwitchA-ospf-1] area 0 [*SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0 [*SwitchA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [*SwitchA-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [*SwitchA-ospf-1-area-0.0.0.0] quit [*SwitchA-ospf-1] quit [*SwitchA] commit# 配置SwitchB。[~SwitchB] interface 10ge 1/0/1 [~SwitchB-10GE1/0/1] undo portswitch [*SwitchB-10GE1/0/1] ip address 10.4.1.1 24 [*SwitchB-10GE1/0/1] quit [*SwitchB] ospf 1 [*SwitchB-ospf-1] area 0 [*SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.0 [*SwitchB-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255 [*SwitchB-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [*SwitchB-ospf-1-area-0.0.0.0] quit [*SwitchB-ospf-1] quit [*SwitchB] commit# 配置SwitchC。
<HUAWEI> system-view [~HUAWEI] sysname SwitchC [*HUAWEI] commit [~SwitchC] interface 10ge 1/0/1 [~SwitchC-10GE1/0/1] undo portswitch [*SwitchC-10GE1/0/1] ip address 10.3.1.2 24 [*SwitchC-10GE1/0/1] quit [*SwitchC] interface 10ge 1/0/2 [*SwitchC-10GE1/0/2] undo portswitch [*SwitchC-10GE1/0/2] ip address 10.4.1.2 24 [*SwitchC-10GE1/0/2] quit [*SwitchC] ospf 1 [*SwitchC-ospf-1] area 0 [*SwitchC-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255 [*SwitchC-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255 [*SwitchC-ospf-1-area-0.0.0.0] quit [*SwitchC-ospf-1] quit [*SwitchC] commit - 分别在SwitchA和SwitchB上配置Monitor Link关联上行接口和下行接口
# 配置SwitchA。
[~SwitchA] monitor-link group 1 [*SwitchA-mtlk-group1] port 10ge 1/0/1 uplink [*SwitchA-mtlk-group1] port eth-trunk 10 downlink 1 [*SwitchA-mtlk-group1] quit [*SwitchA] commit# 配置SwitchB。[~SwitchB] monitor-link group 1 [*SwitchB-mtlk-group1] port 10ge 1/0/1 uplink [*SwitchB-mtlk-group1] port eth-trunk 10 downlink 1 [*SwitchB-mtlk-group1] quit [*SwitchB] commit - 验证配置结果
执行命令display dfs-group,查看M-LAG的相关信息。
# 查看DFS Group编号为1的M-LAG信息。
[~SwitchA] display dfs-group 1 m-lag * : Local node Heart beat state : OK Node 1 * Dfs-Group ID : 1 Priority : 150 Address : ip address 10.1.1.1 State : Master Causation : - System ID : 0025-9e95-7c31 SysName : SwitchA Version : V100R006C00 Device Type : CE12800 Node 2 Dfs-Group ID : 1 Priority : 120 Address : ip address 10.1.1.2 State : Backup Causation : - System ID : 0025-9e95-7c11 SysName : SwitchB Version : V100R006C00 Device Type : CE12800# 查看SwitchA上的M-LAG信息。
[~SwitchA] display dfs-group 1 node 1 m-lag brief * - Local node M-Lag ID Interface Port State Status Consistency-check 1 Eth-Trunk 10 Up active(*)-active -- Failed reason: 1 -- Relationship between vlan and port is inconsistent 2 -- STP configuration under the port is inconsistent 3 -- STP port priority configuration is inconsistent 4 -- LACP mode of M-LAG is inconsistent 5 -- M-LAG configuration is inconsistent 6 -- The number of M-LAG members is inconsistent# 查看SwitchB上的M-LAG信息。
[~SwitchB] display dfs-group 1 node 2 m-lag brief * - Local node M-Lag ID Interface Port State Status Consistency-check 1 Eth-Trunk 10 Up active-active(*) -- Failed reason: 1 -- Relationship between vlan and port is inconsistent 2 -- STP configuration under the port is inconsistent 3 -- STP port priority configuration is inconsistent 4 -- LACP mode of M-LAG is inconsistent 5 -- M-LAG configuration is inconsistent 6 -- The number of M-LAG members is inconsistent通过以上显示信息可以看到,“Heart beat state”的状态是“OK”,表明心跳状态正常;SwitchA作为Node 1,优先级为150,“State”的状态是“Master”;SwitchB作为Node 2,优先级为120,“State”的状态是“Backup”。同时“Causation”的状态是“-”,Node 1的“Port State”状态为“Up”,Node 2的“Port State”状态为“Up”,且Node 1和Node 2的M-LAG状态均为“active”,表明M-LAG的配置正确。
配置文件
-
SwitchA的配置文件
# sysname SwitchA # dfs-group 1 priority 150 source ip 10.1.1.1 # vlan batch 11 # stp mode rstp stp bridge-address 0001-0001-0001 stp v-stp enable # interface Vlanif11 ip address 10.2.1.1 255.255.255.0 mac-address 0000-5e00-0101 # interface Eth-Trunk1 mode lacp-static peer-link 1 # interface Eth-Trunk10 port link-type trunk port trunk allow-pass vlan 11 mode lacp-static dfs-group 1 m-lag 1 # interface 10GE1/0/1 undo portswitch ip address 10.3.1.1 255.255.255.0 # interface 10GE1/0/2 eth-trunk 10 # interface 10GE1/0/3 eth-trunk 10 # interface 10GE1/0/4 eth-trunk 1 # interface 10GE2/0/5 eth-trunk 1 # interface LoopBack0 ip address 10.1.1.1 255.255.255.255 # monitor-link group 1 port 10GE1/0/1 uplink port Eth-Trunk10 downlink 1 # ospf 1 area 0.0.0.0 network 10.1.1.1 0.0.0.0 network 10.2.1.0 0.0.0.255 network 10.3.1.0 0.0.0.255 # return
-
SwitchB的配置文件
# sysname SwitchB # dfs-group 1 priority 120 source ip 10.1.1.2 # vlan batch 11 # stp mode rstp stp bridge-address 0001-0001-0001 stp v-stp enable # interface Vlanif11 ip address 10.2.1.1 255.255.255.0 mac-address 0000-5e00-0101 # interface Eth-Trunk1 mode lacp-static peer-link 1 # interface Eth-Trunk10 port link-type trunk port trunk allow-pass vlan 11 mode lacp-static dfs-group 1 m-lag 1 # interface 10GE1/0/1 undo portswitch ip address 10.4.1.1 255.255.255.0 # interface 10GE1/0/2 eth-trunk 10 # interface 10GE1/0/3 eth-trunk 10 # interface 10GE1/0/4 eth-trunk 1 # interface 10GE2/0/5 eth-trunk 1 # interface LoopBack0 ip address 10.1.1.2 255.255.255.255 # monitor-link group 1 port 10GE1/0/1 uplink port Eth-Trunk10 downlink 1 # ospf 1 area 0.0.0.0 network 10.1.1.2 0.0.0.0 network 10.2.1.0 0.0.0.255 network 10.4.1.0 0.0.0.255 # return
-
SwitchC的配置文件
# sysname SwitchC # interface 10GE1/0/1 undo portswitch ip address 10.3.1.2 255.255.255.0 # interface 10GE1/0/2 undo portswitch ip address 10.4.1.2 255.255.255.0 # ospf 1 area 0.0.0.0 network 10.3.1.0 0.0.0.255 network 10.4.1.0 0.0.0.255 # return
-
Switch的配置文件
# sysname Switch # vlan batch 11 # interface Eth-Trunk20 port link-type trunk port trunk allow-pass vlan 11 mode lacp-static # interface 10GE1/0/1 eth-trunk 20 # interface 10GE1/0/2 eth-trunk 20 # interface 10GE1/0/3 eth-trunk 20 # interface 10GE1/0/4 eth-trunk 20 # return
-
https://support.huawei.com/enterprise/zh/doc/EDOC1100138437/1fd4b9a6
分类:
网络
【推荐】编程新体验,更懂你的AI,立即体验豆包MarsCode编程助手
【推荐】抖音旗下AI助手豆包,你的智能百科全书,全免费不限次数
【推荐】轻量又高性能的 SSH 工具 IShell:AI 加持,快人一步
· 全网最简单!3分钟用满血DeepSeek R1开发一款AI智能客服,零代码轻松接入微信、公众号、小程
· .NET 10 首个预览版发布,跨平台开发与性能全面提升
· 《HelloGitHub》第 107 期
· 全程使用 AI 从 0 到 1 写了个小工具
· 从文本到图像:SSE 如何助力 AI 内容实时呈现?(Typescript篇)
2022-04-05 go切片的nil 切片、空切片与零切片(重要)
2022-04-05 如何优雅的在 Kubernetes 上实现资源配额(重要)
2022-04-05 TCP原理(三次握手四次挥手)(有这篇就够了,重要)