场景说明:传统组网,交换机1、交换机2组成M-lag系统,与交换机3形成跨设备链路聚合,并且作为网关、根桥。这种技术H3C之前叫做DRNI,目前新版系统中已经改名为M-lag。
交换机1配置:
# sysname A-H1 # ip vpn-instance Keepalive //配置Keepalive使用的VRF,非必要,建议将Keepalive独立出来,除非复用三层逃生,逃生可以考虑子接口 # vlan 1 # stp instance 0 root primary stp global enable # interface Bridge-Aggregation11 //配置与SW3的跨设备聚合口 link-aggregation mode dynamic port m-lag group 11 # interface Bridge-Aggregation1024 //配置Peer-link接口 port link-type trunk port trunk permit vlan all link-aggregation mode dynamic port m-lag peer-link 1 //配置了该命令后,Peer-link接口会自动变为trunk然后允许所有vlan通过 # interface Route-Aggregation1024 //配置Keepalive接口,可以是三层单接口,建议采用聚合口,增加冗余性 ip binding vpn-instance Keepalive ip address 1.1.1.1 255.255.255.252 link-aggregation mode dynamic # interface Vlan-interface1 //配置双活网关 ip address 192.168.10.254 255.255.255.0 mac-address 7e20-ab68-0100 //双活网关中,同一个网关MAC地址必须一致 ipv6 address 240E::FFFF:FFFF/96 # interface GigabitEthernet1/0/1 port link-mode bridge combo enable fiber port link-aggregation group 11 # interface FortyGigE1/0/53 port link-mode bridge port link-type trunk port trunk permit vlan all port link-aggregation group 1024 # interface FortyGigE1/0/54 port link-mode bridge port link-type trunk port trunk permit vlan all port link-aggregation group 1024 # interface Ten-GigabitEthernet1/0/51 port link-mode route combo enable fiber port link-aggregation group 1024 # interface Ten-GigabitEthernet1/0/52 port link-mode route combo enable fiber port link-aggregation group 1024 # m-lag mad exclude interface Route-Aggregation1024 //配置M-LAG的Peer-link链路中断后,Keepalive链路为非阻断场景,如果不配置,则会造成二次故障场景产生,当故障设备恢复后会导致M-lag系统来回震荡。 m-lag restore-delay 180 //当M-lag系统分裂后,重新恢复,备机会等待180s才会将业务接口UP,避免转发黑洞 m-lag system-mac 7e20-ab68-0100 //配置M-lag系统的全局MAC,主要用于LACP的system-id和stp的桥ID m-lag system-number 1 //配置m-lag系统中的角色,主设备配置为1,备设备配置为2 m-lag system-priority 4096 //配置m-lag中LACP的优先级 m-lag standalone enable delay 600 //开启DR设备独立工作功能,仅Peer-link和Keeaplive同时故障时生效,故障后,设备会形成双主,但是与其他设备组成的M-LAG接口lacp会采用独立的system-id与对端进行lacp协商,最终只会有一台设备协商成功,防止了故障场景的转发问题。 m-lag keepalive ip destination 1.1.1.2 source 1.1.1.1 vpn-instance Keepalive //配置keepalive链路并指定相关的vpn-instance # return
故障场景测试:关闭Peer-link链路模拟链路故障
结论:当Peer-link故障后,MAD功能触发,将M-LAG备系统的业务接口全部关闭防止双主场景出现。
故障场景测试:当Peer-link链路和Keepalive链路同时故障
结论:可以看到M-LAG独立工作模式生效,两台设备恢复了自身的system-id,导致交换机3仅能与其中一台设备进行聚合,流量会转发给M-LAG主设备,但是这种场景仅限于二层场景,如果M-LAG系统上联的设备是三层并且是负载场景,那么依旧会有流量转发到M-LAG备设备从而造成转发黑洞的产生。
故障场景:Keepalive链路故障
结论:当仅有Keepalive故障的场景时,不会影响系统转发,功能依旧正常,但是没有避免m-lag分裂后的故障处理了。
2台核心交换机m-lag配置后
每个核心交换机一个物理端口列入到 二层聚合口中
聚合口port m-lag group 1 设置这个 和下联接入的 聚合口是down呢?
如果是动态链路聚合,需要考虑两端配置是否正确连线是否正确,对于下联交换机如果是M-LAG或堆叠也需要查看聚合结果是否正确。
如果是非LACP聚合,则需要查看本设备的M-LAG配置是否正确了,比如DRNI中的system-mac是否一致。
M-LAG跨设备链路聚合
2根线M-LAG 到一台二层交换机二层聚合之后 只能1G速率吗?不是2G吗?
下面配置之后核心A设备到接入的聚合up了
但是另外一台核心B设备到接入的聚合还是down
之前确实 核心做了 动态聚合 接入没做动态引起的 上述回复确实帮到我解决了问题感谢。
主交换机配置
配置M-LAG:
[Core-A]m-lag system-mac 1-1-1
Changing the system MAC address might flap the peer link and cause M-LAG system setup failure. Continue? [Y/N]:y
[Core-A]m-lag system-number 1
Changing the system number might flap the peer link and cause M-LAG system setup failure. Continue? [Y/N]:y
[Core-A]m-lag system-priority 123
Changing the system priority might flap the peer link and cause M-LAG system setup failure. Continue? [Y/N]:y
[Core-A]m-lag restore-delay 180
[Core-A]m-lag keepalive ip destination 1.1.1.1 source 1.1.1.2
配置M-LAG的Keeplive三层动态聚合口:
[Core-A]interface Route-Aggregation 1
[Core-A-Route-Aggregation1]description ##M-LAG(Keeplive)Ragg##
[Core-A-Route-Aggregation1]link-aggregation mode dynamic
[Core-A-Route-Aggregation1]ip address 1.1.1.2 255.255.255.252
[Core-A-Route-Aggregation1]quit
[Core-A]interface range GigabitEthernet 1/0/47 GigabitEthernet 1/0/48
[Core-A-if-range]port link-mode route
[Core-A-if-range]port link-aggregation group 1
[Core-A-if-range]quit
[Core-A]interface GigabitEthernet 1/0/47
[Core-A-GigabitEthernet1/0/47]description ##Link-Core-B(G1/0/47)##
[Core-A-GigabitEthernet1/0/47]quit
[Core-A]interface GigabitEthernet 1/0/48
[Core-A-GigabitEthernet1/0/48]description ##Link-Core-B(G1/0/48)##
[Core-A-GigabitEthernet1/0/48]quit
[Core-A]m-lag mad exclude interface Route-Aggregation 1
配置M-LAG的peer-link二层动态聚合口:
[Core-A]interface Bridge-Aggregation 1
[Core-A-Bridge-Aggregation1]description ##Peer-Link##
[Core-A-Bridge-Aggregation1]link-aggregation mode dynamic
[Core-A-Bridge-Aggregation1]quit
[Core-A]interface range FortyGigE 1/0/53 FortyGigE 1/0/54
[Core-A-if-range]port link-aggregation group 1
[Core-A-if-range]quit
[Core-A]interface Bridge-Aggregation 1
[Core-A-Bridge-Aggregation1]port m-lag peer-link 1
[Core-A-Bridge-Aggregation1]undo port trunk permit vlan 1
[Core-A-Bridge-Aggregation1]port trunk permit vlan 2 to 4094
[Core-A-Bridge-Aggregation1]quit
[Core-A]interface FortyGigE 1/0/53
[Core-A-FortyGigE1/0/53]description ##Link-Core-B(FG1/0/53)##
[Core-A-FortyGigE1/0/53]quit
[Core-A]interface FortyGigE 1/0/54
[Core-A-FortyGigE1/0/54]description ##Link-Core-B(FG1/0/54)##
[Core-A-FortyGigE1/0/54]quit
[Core-A]save f
从交换机配置
配置M-LAG:
[Core-B]m-lag system-mac 1-1-1
Changing the system MAC address might flap the peer link and cause M-LAG system setup failure. Continue? [Y/N]:y
[Core-B]m-lag system-number 2
Changing the system number might flap the peer link and cause M-LAG system setup failure. Continue? [Y/N]:y
[Core-B]m-lag system-priority 123
Changing the system priority might flap the peer link and cause M-LAG system setup failure. Continue? [Y/N]:y
[Core-B]m-lag restore-delay 180
[Core-B]m-lag keepalive ip destination 1.1.1.2 source 1.1.1.1
配置M-LAG的Keeplive三层动态聚合口:
[Core-B]interface Route-Aggregation 1
[Core-B-Route-Aggregation1]description ##M-LAG(Keeplive)Ragg##
[Core-B-Route-Aggregation1]link-aggregation mode dynamic
[Core-B-Route-Aggregation1]ip address 1.1.1.1 255.255.255.252
[Core-B-Route-Aggregation1]quit
[Core-B]interface range GigabitEthernet 1/0/47 GigabitEthernet 1/0/48
[Core-B-if-range]port link-mode route
[Core-B-if-range]port link-aggregation group 1
[Core-B-if-range]quit
[Core-B]interface GigabitEthernet 1/0/47
[Core-B-GigabitEthernet1/0/47]description ##Link-Core-A(G1/0/47)##
[Core-B-GigabitEthernet1/0/47]quit
[Core-B]interface GigabitEthernet 1/0/48
[Core-B-GigabitEthernet1/0/48]description ##Link-Core-A(G1/0/48)##
[Core-B-GigabitEthernet1/0/48]quit
[Core-B]m-lag mad exclude interface Route-Aggregation 1
配置M-LAG的peer-link二层动态聚合口:
[Core-B]interface Bridge-Aggregation 1
[Core-B-Bridge-Aggregation1]description ##Peer-Link##
[Core-B-Bridge-Aggregation1]link-aggregation mode dynamic
[Core-B-Bridge-Aggregation1]quit
[Core-B]interface range FortyGigE 1/0/53 FortyGigE 1/0/54
[Core-B-if-range]port link-aggregation group 1
[Core-B-if-range]quit
[Core-B]interface Bridge-Aggregation 1
[Core-B-Bridge-Aggregation1]port m-lag peer-link 1
[Core-B-Bridge-Aggregation1]undo port trunk permit vlan 1
[Core-B-Bridge-Aggregation1]port trunk permit vlan 2 to 4094
[Core-B-Bridge-Aggregation1]quit
[Core-B]interface FortyGigE 1/0/53
[Core-B-FortyGigE1/0/53]description ##Link-Core-A(FG1/0/53)##
[Core-B-FortyGigE1/0/53]quit
[Core-B]interface FortyGigE 1/0/54
[Core-B-FortyGigE1/0/54]description ##Link-Core-A(FG1/0/54)##
[Core-B-FortyGigE1/0/54]quit
[Core-B]save f
查看M-LAG命令:
[Core-A]display m-lag keepalive
[Core-A]display m-lag summary
[Core-A]display m-lag mad verbose
主交换机配置下联交换机M-LAG口:
[Core-A]interface Bridge-Aggregation 2
[Core-A-Bridge-Aggregation2]description ##Link-L2-01(M-LAG)##
[Core-A-Bridge-Aggregation2]link-aggregation mode dynamic
[Core-A-Bridge-Aggregation2]quit
[Core-A]interface GigabitEthernet 1/0/1
[Core-A-GigabitEthernet1/0/1]description ##Link-L2-01(G1/0/47)##
[Core-A-GigabitEthernet1/0/1]port link-aggregation group 2
[Core-A-GigabitEthernet1/0/1]quit
[Core-A]interface Bridge-Aggregation 2
[Core-A-Bridge-Aggregation2]port link-type trunk
[Core-A-Bridge-Aggregation2]undo port trunk permit vlan 1
[Core-A-Bridge-Aggregation2]port trunk permit vlan 2 to 4094
[Core-A-Bridge-Aggregation2]port m-lag group 1
[Core-A-Bridge-Aggregation2]quit
[Core-A]save f
从交换机配置下联交换机M-LAG口:
[Core-B]interface Bridge-Aggregation 2
[Core-B-Bridge-Aggregation2]description ##Link-L2-01(M-LAG)##
[Core-B-Bridge-Aggregation2]link-aggregation mode dynamic
[Core-B-Bridge-Aggregation2]quit
[Core-B]interface GigabitEthernet 1/0/1
[Core-B-GigabitEthernet1/0/1]description ##Link-L2-01(G1/0/48)##
[Core-B-GigabitEthernet1/0/1]port link-aggregation group 2
[Core-B-GigabitEthernet1/0/1]quit
[Core-B]interface Bridge-Aggregation 2
[Core-B-Bridge-Aggregation2]port link-type trunk
[Core-B-Bridge-Aggregation2]undo port trunk permit vlan 1
[Core-B-Bridge-Aggregation2]port trunk permit vlan 2 to 4094
[Core-B-Bridge-Aggregation2]port m-lag group 1
[Core-B-Bridge-Aggregation2]quit
[Core-B]save f
接入交换机配置:
[L2-01]interface Bridge-Aggregation 1
[L2-01-Bridge-Aggregation1]description ##Link-Core(M-LAG)##
[L2-01-Bridge-Aggregation1]port link-type trunk
[L2-01-Bridge-Aggregation1]undo port trunk permit vlan 1
[L2-01-Bridge-Aggregation1]port trunk permit vlan 2 to 4094
[L2-01-Bridge-Aggregation1]link-aggregation mode dynamic
[L2-01-Bridge-Aggregation1]quit
[L2-01]interface GigabitEthernet 1/0/47
[L2-01-GigabitEthernet1/0/47]description ##Link-Core-A(G1/0/1)##
[L2-01-GigabitEthernet1/0/47]port link-aggregation group 1
[L2-01-GigabitEthernet1/0/47]quit
[L2-01]interface GigabitEthernet 1/0/48
[L2-01-GigabitEthernet1/0/48]description ##Link-Core-B(G1/0/1)##
[L2-01-GigabitEthernet1/0/48]port link-aggregation group 1
[L2-01-GigabitEthernet1/0/48]quit
找到问题了 是模拟器的bug
华三HCL模拟器有BUG:
由于5.7版本中的6850交换机对应的comware分支存在取消,导致在配置m-lag的时候会有一致性检查不通过的情况
规避方法:
两台成员设备peer-link接口下配置jumboframe enable 1552
* 全部配置之后设置此项尽可
收到,非常感谢分享经验
配置出来有问题。
没问题的
两台设备关机之启动一台设备情况下网络是不通的。
该设备处于None角色所有M-LAG接口处于M-LAG DOWN状态
需要在配置:
m-lag auto-recovery reload-delay 240
收到,非常感谢
如果不配 m-lag role priority,设备是不是要按照mac地址来选择主备,或者下电主设备,让备成为主
设备角色优先级用于两台设备间进行主从协商,值越小优先级越高,优先级高的为主设备。
如果优先级相同,那么比较两台设备的桥MAC地址,桥MAC地址较小的为主设备
设备手册里面这样说的