Cisco and Centec 建立MC_LAG

原创

赚钱养神兽 2021-07-09 14:28:17 博主文章分类：网络兵器谱之思科篇 ©著作权

文章标签 MC-LAG 文章分类 网络安全

©著作权归作者所有：来自51CTO博客作者赚钱养神兽的原创作品，谢绝转载，否则将追究法律责任

背景

Cisco 跟Centec建立MC-LAG 测试,并验证倒换测试情况

测试环境拓扑

测试环境拓扑说明

ASR-1,ASR-2 分别在不同的两个POP，跟CENTEC-1,CENTEC-2建立MC-LAG,并且ASR-1,CENTEC-1 为主用，ASR-2,CENTEC-2 为备的。
CENTEC-1接一根线到ASR-11,CENTEC-2接一根线到ASR-12。
ASR-3，分别与ASR-1,ASR-2建立X-connect 两层隧道通道，然后下挂客户A端。
ASR-13，分别与ASR-11,ASR-12建立X-connect 两层隧道通道，然后下挂客户Z端。
ASR-1,ASR-2,ASR-3之间跑ospf协议,ASR-11,ASR-12,ASR-13之间跑ospf+MPLS+BGP协议（现有骨干网情况）

测试环境涉及的IP地址

ASR-1
- loopback0 ：1.1.1.1/32
- te0/0/0 20.20.20.1/30
- te0/0/1 10.200.13.1/30
ASR-2
- loopback0 ：2.2.2.2/32
- te0/0/0 20.20.20.2/30
- te0/0/1 10.200.23.1/30
ASR-3
- loopback0 ：3.3.3.3/32
- te0/0/0 10.200.23.2/30
- te0/0/1 10.200.13.2/30
ASR-11 loopback0 ：10.255.255.154/32
ASR-12 loopback0 ：10.255.255.155/32
ASR-13 loopback0 ：10.255.255.155/32

配置

ASR涉及配置

ASR-1 配置

port-channel mc-lag

!

redundancy

mode sso

interchassis group 1000

monitor peer bfd

member ip 20.20.20.2

mlacp node-id 0

!

pseudowire-class pw-class-VLAN-XCONNECT-Test

encapsulation l2tpv3

interworking ethernet

status peer topology dual-homed

ip local interface Loopback0

ip tos value 128

!

interface TenGigabitEthernet0/1/0

description MC-Lag Trunk (CENTEC-1,eth-0-40; 01Jul2021)

mtu 9216

no ip address

lacp rate fast

channel-group 1 mode active

!

interface Port-channel1

description Test MC-LAG (CENTEC-1,agg1; 01Jul2021)

mtu 9216

no ip address

lacp fast-switchover

lacp max-bundle 1

mlacp interchassis group 1000

!

interface Loopback0

ip address 1.1.1.1 255.255.255.255

!

interface Port-channel1.1000

description MC-LAG VLAN 1000 test

encapsulation dot1Q 1000

no ip redirects

no ip proxy-arp

xconnect 3.3.3.3 4000001000 encapsulation l2tpv3 pw-class pw-class-VLAN-XCONNECT-Test

!

interface TenGigabitEthernet0/0/0

description Peer-Link Trunk (ASR-2,t0/0/0; 01Jul2021)

mtu 9216

ip address 20.20.20.1 255.255.255.252

mpls ip

!

interface TenGigabitEthernet0/0/1

description VLAN Trunk (ASR-3,t0/0/1; 01Jul2021)

mtu 9216

ip address 10.200.13.1 255.255.255.252

mpls ip

!

router ospf 10

router-id 1.1.1.1

network 1.1.1.1 0.0.0.0 area 0

network 10.200.13.1 0.0.0.0 area 0

network 20.20.20.1 0.0.0.0 area 0
ASR-2 配置

port-channel mc-lag

!

redundancy

mode sso

interchassis group 1000

monitor peer bfd

member ip 20.20.20.1

mlacp node-id 1

!

interface TenGigabitEthernet0/1/0

description MC-Lag Trunk (CTC2,eth-0-40; 01Jul2021)

mtu 9216

no ip address

lacp rate fast

channel-group 1 mode active

!

interface Port-channel1

description Test Mc-LAG (CENTEC-2,agg1; 01Jul2021)

mtu 9216

no ip address

lacp fast-switchover

mlacp interchassis group 1000

!

pseudowire-class pw-class-VLAN-XCONNECT-Test

encapsulation l2tpv3

interworking ethernet

status peer topology dual-homed

ip local interface Loopback0

ip tos value 128

!

interface Loopback0

ip address 2.2.2.2 255.255.255.255

!

interface Port-channel1.1000

description description MC-LAG VLAN 1000 Backup test

encapsulation dot1Q 1000

no ip redirects

no ip proxy-arp

xconnect 3.3.3.3 4000001000 encapsulation l2tpv3 pw-class pw-class-VLAN-XCONNECT-Test

!

interface TenGigabitEthernet0/0/0

description Peer-Link Trunk (ASR-2,t0/0/0; 01Jul2021)

mtu 9216

ip address 20.20.20.2 255.255.255.252

mpls ip

!

interface TenGigabitEthernet0/0/1

description VLAN Trunk (ASR-3,t0/0/0; 01Jul2021)

mtu 9216

ip address 10.200.23.1 255.255.255.252

mpls ip

!

router ospf 10

router-id 2.2.2.2

network 2.2.2.2 0.0.0.0 area 0

network 10.200.23.1 0.0.0.0 area 0

network 20.20.20.2 0.0.0.0 area 0
R3 配置：

pseudowire-class pw-class-VLAN-XCONNECT-Test

encapsulation l2tpv3

interworking ethernet

status peer topology dual-homed

ip local interface Loopback0

ip tos value 128

!

interface Loopback0

ip address 3.3.3.3 255.255.255.255

!

interface TenGigabitEthernet0/0/0

description VLAN Trunk (R2,t0/0/1; 01Jul2021)

mtu 9216

ip address 10.200.23.2 255.255.255.252

mpls ip

!

interface TenGigabitEthernet0/0/1

description VLAN Trunk (R1,t0/0/1; 01Jul2021)

mtu 9216

ip address 10.200.13.2 255.255.255.252

mpls ip

!

interface GigabitEthernet0/0/4

description VLAN Trunk (客户端A)

mtu 9216

no ip address

negotiation auto

!

interface GigabitEthernet0/0/4.1000

encapsulation dot1Q 1000

no ip redirects

no ip proxy-arp

xconnect 1.1.1.1 4000001000 encapsulation l2tpv3 pw-class pw-class-VLAN-XCONNECT-Test

backup peer 2.2.2.2 4000001000 pw-class pw-class-VLAN-XCONNECT-Test
ASR-11,ASR-12,ASR-13 建立的X-Connect隧道的配置跟ASR-1,ASR-2,ASR-3一样
盛科交换机配置
- - CENTEC-1配置：
    
    vlan database
    
    vlan 1000 name test
    
    !
    
    interface eth-0-40
    
    description MC-Lag Trunk (ASR-1,t0/1/0; 01Jul2021)
    
    switchport mode trunk
    
    switchport trunk allowed vlan add 1000
    
    channel-group 1 mode active
    
    lacp port-priority 10 //接口优先级保证为主，越低越优先，cisco设备接口下的lacp值并不生效
    
    lacp timeout short
    
    !
    
    interface eth-0-25
    
    description Peer-Link (CTC2.eth-0-25; 01Jul2021)
    
    switchport mode trunk
    
    switchport trunk allowed vlan all //设置Peer-link 接口需要透传所有的VLAN
    
    spanning-tree port disable //设置Peer-link 接口需要关闭生成树协议
    
    !
    
    interface eth-0-24
    
    description VLAN Trunk (ASR-111,t0/1/0; 02Jul2021)
    
    switchport mode trunk
    
    switchport trunk allowed vlan add 1000
    
    ！
    
    interface agg1
    
    switchport mode trunk
    
    switchport trunk allowed vlan add 1000
    
    mlag 1 //将接口加入到mlag id 为1中，只有聚合口才能加入到mlag id中
  - CENTEC-2配置：
    
    vlan database
    
    vlan 1000 name test
    
    !
    
    interface eth-0-40
    
    description MC-Lag Trunk (ASR-2,t0/1/0; 01Jul2021)
    
    switchport mode trunk
    
    switchport trunk allowed vlan add 1000
    
    channel-group 1 mode active
    
    lacp timeout short
    
    !
    
    interface eth-0-25
    
    description Peer-Link (CENTEC-2.eth-0-25; 01Jul2021)
    
    switchport mode trunk
    
    switchport trunk allowed vlan all //设置Peer-link 接口需要透传所有的VLAN
    
    spanning-tree port disable //设置Peer-link 接口需要关闭生成树协议
    
    !
    
    interface eth-0-24
    
    description VLAN Trunk (ASR-12,t0/1/0; 02Jul2021)
    
    switchport mode trunk
    
    switchport trunk allowed vlan add 1000
    
    ！
    
    interface agg1
    
    switchport mode trunk
    
    switchport trunk allowed vlan add 1000
    
    mlag 1 //将接口加入到mlag id 为1中，只有聚合口才能加入到mlag id中
    
    !
    
    interface vlan4000 //设置Peer-link ip 并且在同一个网段内，不可为loopback地址
    
    ip address 10.10.10.2/30
    
    !
    
    mlag configuration
    
    peer-link eth-0-25 //设置Peer-link 接口
    
    peer-address 10.10.10.2 //设置mlag peer
    
    timers mlag 1 5 //设置mlag peer keeplive 时间为1 holdtime时间为5，holdtime时间不能小于4倍的keeplive时间
    
    exit
    
    !
验证和测试
MC-LAG 主备情况
- - ASR-1,CENTEC-1 为主，ASR-2,CENTEC-2为备
  - ASR-11#show lacp multi-chassis port-channel 1
    
    Interface Port-channel1
    
    Local Configuration:
    
    Address: 7cad.4f42.1f40
    
    Channel Group: 1
    
    State: Active
    
    LAG State: Up
    
    Priority: 32783
    
    Inactive Links: 0
    
    Total Active Links: 1
    
    Bundled: 1
    
    Selected: 1
    
    Standby: 0
    
    Unselected: 0
    
    Peer Configuration:
    
    Interface: Port-channel1
    
    Address: a03d.6eba.57c0
    
    Channel Group: 1
    
    State: Standby
    
    LAG State: Up
    
    Priority: 32784
    
    Inactive Links: 0
    
    Total Active Links: 1
    
    Bundled: 0
    
    Selected: 0
    
    Standby: 1
    
    Unselected: 0
    
    ASR-1#show etherchannel summary
    
    Flags: D - down P/bndl - bundled in port-channel
    
    I - stand-alone s/susp - suspended
    
    H - Hot-standby (LACP only)
    
    R - Layer3 S - Layer2
    
    U - in use f - failed to allocate aggregator
    
    M - not in use, minimum links not met
    
    u - unsuitable for bundling
    
    w - waiting to be aggregated
    
    d - default port
    
    Number of channel-groups in use: 1
    
    Number of aggregators: 1
    
    Group Port-channel Protocol Ports
    
    ------+-------------+-----------+-----------------------------------------------
    
    1 Po1(RU) LACP Te0/1/0(bndl-act)
    
    CENTEC-1# show mlag interface
    
    mlagid local-if local-state remote-state
    
    1 agg1 up down
    
    CENTEC-1# show mlag peer
    
    MLAG neighbor is 10.10.10.2, MLAG version 1
    
    MLAG state = Established, up for 23:03:54
    
    Last read 00:00:30, hold time is 240, keepalive interval is 60 seconds
    
    Configured hold time is 5, keepalive interval is 1 seconds
    
    Received 1734 messages,Sent 1961 messages
    
    Open : received 1, sent 2
    
    KAlive : received 1603, sent 1603
    
    Fdb sync : received 103, sent 328
    
    Failover : received 20, sent 21
    
    Conf : received 1, sent 1
    
    Syspri : received 1, sent 1
    
    Peer fdb : received 5, sent 5
    
    Connections established 1; dropped 0
    
    Local host: 10.10.10.1, Local port: 61000
    
    Foreign host: 10.10.10.2, Foreign port: 61001
    
    remote_sysid: 001e.0822.9b1c
    
    CENTEC-1# show mlag 这个命令只是查看盛科内部主备情况，不做为两者MC-LAG主备的判断条件，这个主备是通过mac地址大master，mlag系统使用lacp system-id 用的是master设备的
    
    MLAG configuration:
    
    -----------------
    
    role : Master
    
    local_sysid : 001e.0822.9c48
    
    remote_sysid : 001e.0822.9b1c
    
    mlag_sysid : 001e.0822.9c48
    
    local_syspri : 32768
    
    remote_syspri: 32768
    
    mlag_syspri : 32768
    
    peer-link : eth-0-25
    
    peer conf : Yes
    
    reload-delay : Auto(300s)
    
    ASR-2#show lacp multi-chassis port-channel 1
    
    Interface Port-channel1
    
    Local Configuration:
    
    Address: a03d.6eba.57c0
    
    Channel Group: 1
    
    State: Standby
    
    LAG State: Up
    
    Priority: 32784
    
    Inactive Links: 0
    
    Total Active Links: 1
    
    Bundled: 0
    
    Selected: 0
    
    Standby: 1
    
    Unselected: 0
    
    Peer Configuration:
    
    Interface: Port-channel1
    
    Address: 7cad.4f42.1f40
    
    Channel Group: 1
    
    State: Active
    
    LAG State: Up
    
    Priority: 32783
    
    Inactive Links: 0
    
    Total Active Links: 1
    
    Bundled: 1
    
    Selected: 1
    
    Standby: 0
    
    Unselected: 0
    
    ASR-2#show etherchannel summary
    
    Flags: D - down P/bndl - bundled in port-channel
    
    I - stand-alone s/susp - suspended
    
    H - Hot-standby (LACP only)
    
    R - Layer3 S - Layer2
    
    U - in use f - failed to allocate aggregator
    
    M - not in use, minimum links not met
    
    u - unsuitable for bundling
    
    w - waiting to be aggregated
    
    d - default port
    
    Number of channel-groups in use: 1
    
    Number of aggregators: 1
    
    Group Port-channel Protocol Ports
    
    ------+-------------+-----------+-----------------------------------------------
    
    1 Po1(RU) LACP Te0/1/0(bndl-sby)
    
    RU - L3 port-channel UP State
    
    SU - L2 port-channel UP state
    
    P/bndl - Bundled
    
    S/susp - Suspended
    
    CENTEC-2# show mlag interface
    
    mlagid local-if local-state remote-state
    
    1 agg1 down up
    
    CENTEC-2# show mlag peer
    
    MLAG neighbor is 10.10.10.1, MLAG version 1
    
    MLAG state = Established, up for 23:12:07
    
    Last read 00:00:51, hold time is 240, keepalive interval is 60 seconds
    
    Configured hold time is 5, keepalive interval is 1 seconds
    
    Received 1969 messages,Sent 1745 messages
    
    Open : received 1, sent 1
    
    KAlive : received 1612, sent 1612
    
    Fdb sync : received 328, sent 105
    
    Failover : received 21, sent 20
    
    Conf : received 1, sent 1
    
    Syspri : received 1, sent 1
    
    Peer fdb : received 5, sent 5
    
    Connections established 1; dropped 0
    
    Local host: 10.10.10.2, Local port: 61001
    
    Foreign host: 10.10.10.1, Foreign port: 61000
    
    remote_sysid: 001e.0822.9c48
    
    CENTEC-2# show mlag 这个命令只是查看盛科内部主备情况，不做为两者MC-LAG主备的判断条件
    
    MLAG configuration:
    
    -----------------
    
    role : Slave
    
    local_sysid : 001e.0822.9b1c
    
    remote_sysid : 001e.0822.9c48
    
    mlag_sysid : 001e.0822.9c48
    
    local_syspri : 32768
    
    remote_syspri: 32768
    
    mlag_syspri : 32768
    
    peer-link : eth-0-25
    
    peer conf : Yes
    
    reload-delay : Auto(300s)
测试连通性

正常情况下
- - 客户端Z#ping vrf vrf-test-02 192.168.12.2 source 192.168.12.1 re 100
    
    Type escape sequence to abort.
    
    Sending 100, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
    
    Packet sent with a source address of 192.168.12.1
    
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    
    Success rate is 100 percent (100/100), round-trip min/avg/max = 104/106/240 ms
    
    #ping vrf vrf--test-02 192.168.12.2 source 192.168.12.1 re 100 size 1998 df-bit //客户A端设备最大mtu1998
    
    Type escape sequence to abort.
    
    Sending 100, 1998-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
    
    Packet sent with a source address of 192.168.12.1
    
    Packet sent with the DF bit set
    
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    
    !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
    
    Success rate is 100 percent (100/100), round-trip min/avg/max = 104/107/184 ms
故障切换
- 1:模拟将ASR-1跟CENTEC-1之间的端口关掉，切到备线测试连通性
  
  客户端Z#ping vrf vrf-test-02 192.168.12.2 source 192.168.12.1 re 3000
  
  Type escape sequence to abort.
  
  Sending 3000, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
  
  Packet sent with a source address of 192.168.12.1
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  !!!!!!!!!!!!!!!!!!!!!..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  Success rate is 99 percent (847/849), round-trip min/avg/max = 104/105/120 ms
  
  MC-LAG状态：
  
  ASR-1#show lacp multi-chassis port-channel 1
  
  Interface Port-channel1
  
  Local Configuration:
  
  Address: 7cad.4f42.1f40
  
  Channel Group: 1
  
  State: Down
  
  LAG State: Failed
  
  Fail Flags: 0x2
  
  Priority: 32789
  
  Inactive Links: 1
  
  Total Active Links: 0
  
  Bundled: 0
  
  Selected: 0
  
  Standby: 0
  
  Unselected: 0
  
  Peer Configuration:
  
  Interface: Port-channel1
  
  Address: a03d.6eba.57c0
  
  Channel Group: 1
  
  State: Active
  
  LAG State: Up
  
  Priority: 32788
  
  Inactive Links: 0
  
  Total Active Links: 1
  
  Bundled: 1
  
  Selected: 1
  
  Standby: 0
  
  Unselected: 0
  
  CENTEC-1# show mlag interface
  
  mlagid local-if local-state remote-state
  
  1 agg1 down up
  
  R2#show lacp multi-chassis port-channel 1
  
  Interface Port-channel1
  
  Local Configuration:
  
  Address: a03d.6eba.57c0
  
  Channel Group: 1
  
  State: Active
  
  LAG State: Up
  
  Priority: 32788
  
  Inactive Links: 0
  
  Total Active Links: 1
  
  Bundled: 1
  
  Selected: 1
  
  Standby: 0
  
  Unselected: 0
  
  Peer Configuration:
  
  Interface: Port-channel1
  
  Address: 7cad.4f42.1f40
  
  Channel Group: 1
  
  State: Down
  
  LAG State: Up
  
  Priority: 32789
  
  Inactive Links: 1
  
  Total Active Links: 0
  
  Bundled: 0
  
  Selected: 0
  
  Standby: 0
  
  Unselected: 0
  
  CTC2# show mlag interface
  
  mlagid local-if local-state remote-state
  
  1 agg1 up down
  
  2:主线恢复，切回去，大概丢一个包：
  
  客户端Z#ping vrf vrf--test-02 192.168.12.2 source 192.168.12.1 re 3000
  
  Type escape sequence to abort.
  
  Sending 3000, 100-byte ICMP Echos to 192.168.12.2, timeout is 2 seconds:
  
  Packet sent with a source address of 192.168.12.1
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.!!!!!!!!!!!!!!!!!!!!!!
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
  
  Success rate is 99 percent (1456/1457), round-trip min/avg/max = 104/105/240 ms