概念
堆叠是指将多台交换机设备通过线缆连接后组合在一起,虚拟化成一台设备,是一种横向虚拟化技术。
可靠组网
- VRRP+MSTP (传统)
- 堆叠+链路捆绑 (推荐)
各厂家堆叠技术
华为: CSS (集群交换系统,用于框式交换机)、iStack(智能栈,用于盒式交换机);两者功能相同,只是名称上差异。 思科: VSS (虚拟交换系统) H3C: IRF (智能弹性架构) 锐捷: VSU (虚拟交换单元) 注: 堆叠技术是各厂商的私有技术,用于堆叠的设备需要是相同系列的,最好是同一个型号。
HCL模拟器配置堆叠
拓扑图
sw1 配置
sysname sw1
[sw1]irf member 1 priority 5 #将sw1优先级配置为5,使其成为master
[sw1]int Ten-GigabitEthernet 1/0/49
[sw1-Ten-GigabitEthernet1/0/49]shutdown #接口需要先shutdown
# 创建irf接口1/1 , 第一个1表示memberID , 第二个1表示irf接口ID(最多为2,即一台交换机上IRF port接口最多有两个,并且irf port接口连接时必须交叉连接,如: 1/1--2/2 ; 2/1--3/2 ),只能用万兆口或40G接口;
[sw1]irf-port 1/1
[sw1-irf-port1/1]port group interface Ten-GigabitEthernet 1/0/49 # 将物理接口添加到irf接口中
[sw1]interface Ten-GigabitEthernet1/0/49
[sw1-Ten-GigabitEthernet1/0/49]undo shutdown
#保存配置
[sw1]return
<sw1>save
# 查看配置
display irf
sw2 配置
sysname sw2
[sw2]irf member 1 renumber 2 # 修改member ID号为2
Renumbering the member ID may result in configuration change or loss. Continue?[Y/N]:y
[sw2]quit
<sw2>save
The current configuration will be written to the device. Are you sure? [Y/N]:y
<sw2>reboot # member ID号修改后需要保存配置并重启才能生效
[sw2]interface Ten-GigabitEthernet 2/0/49
[sw2-Ten-GigabitEthernet2/0/49]shutdown #先将要用于堆叠的物理口shutdown
# 创建irf接口,并将物理接口加入
[sw2]irf-port 2/2
[sw2-irf-port2/2]port group interface Ten-GigabitEthernet 2/0/49
#将物理接口开启
[sw2]interface Ten-GigabitEthernet2/0/49
[sw2-Ten-GigabitEthernet2/0/49]undo shutdown
#保存配置,因为堆叠成功后,非主交换机会重启,不保存会丢失配置
[sw2]return
<sw2>save
The current configuration will be written to the device. Are you sure? [Y/N]:y
Please input the file name(*.cfg)[flash:/startup.cfg]
(To leave the existing filename unchanged, press the enter key):
flash:/startup.cfg exists, overwrite? [Y/N]:y
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
激活irf接口
sw1激活
# 激活,激活前建议拔掉堆叠连线,然后再激活irf; 以免没有成功保存,堆叠协商后备份交换机直接重启丢失配置
[sw1]irf-port-configuration active
<sw1>save # 堆叠建立完成后,建议再次保存配置
sw2 激活
[sw2]irf-port-configuration active
# 交换机2优先级较低,作为备份交换机,会自动重启,重启后变为SW1的一部分
<sw1>save # 再次保存配置
企业网堆叠架构
拓扑图
配置顺序:堆叠 --> 链路聚合 --> vlan trunk --> MAD 多主检测 --> 出口路由 --> NAT
1. 配置堆叠
sw1和sw2堆叠
- sw1配置:
irf member 1 priority 5
interface range FortyGigE 1/0/53 FortyGigE 1/0/54 # 批量配置端口,将堆叠使用的物理口shutdown
shutdown
irf-port 1 # 建立irf-port接口,将物理口加入
port group interface FortyGigE 1/0/53
port group interface FortyGigE 1/0/54
interface range FortyGigE 1/0/53 FortyGigE 1/0/54 # 将物理口启用
undo shutdown
save #保存配置
# 注:暂时不激活,待两台交换机都配置完成后才进行激活
- sw2 配置
irf member 1 renumber 2 # 修改成员编号
save #保存配置
reboot #重启生效
int range FortyGigE 2/0/53 FortyGigE 2/0/54 # 批量配置端口,将堆叠使用的物理口shutdown
shutdown
irf-port 2/2 # 建立irf-port接口,将物理口加入堆叠逻辑口
port group interface FortyGigE 2/0/53
port group interface FortyGigE 2/0/54
interface range FortyGigE 2/0/53 FortyGigE 2/0/54
undo shutdown
save
- 激活两台交换机
sw1:
irf-port-configuration active
sw2:
irf-port-configuration active
# 非主交换机激活后会自动重启,重启完成后设备名会变为主交换机的名称
sw3和sw4配置堆叠
- sw3 配置
irf domain 2 # 配置堆叠域,默认是0 ,已经再SW1/SW2使用了
irf member 1 priority 5 # 设置sw3的优先级为5,默认是1;使sw3成为主交换机
int rang FortyGigE 1/0/53 FortyGigE 1/0/54 # 将准备用于堆叠的物理口shutdown
shutdown
irf-port 1/1 #配置irf-port接口,将物理口加入堆叠逻辑接口中
port group interface FortyGigE 1/0/53
port group interface FortyGigE 1/0/54
int rang FortyGigE 1/0/53 FortyGigE 1/0/54 #物理口启用
undo shutdown
save #保存配置
- sw4 配置
irf domain 2 # 配置堆叠域,默认是0 ,已经再SW1/SW2使用了
irf member 1 renumber 2 # 修改成员编号为2
save
reboot #重启生效
interface range FortyGigE 2/0/53 FortyGigE 2/0/54
shutdow
irf-port 2/2
port group interface FortyGigE 2/0/53
port group interface FortyGigE 2/0/54
interface range FortyGigE 2/0/53 FortyGigE 2/0/54
undo shutdown
save #保存配置
- 激活
sw3:
irf-port-configuration active
sw4:
irf-port-configuration active
# 非主交换机激活后会自动重启,重启完成后设备名会变为主交换机的名称
2. 链路聚合配置
sw1 - sw3
# 二层链路聚合
sw1:
interface Bridge-Aggregation 1 # 链路接口, 对应华为的ETH-trunk
link-aggregation mode dynamic # 动态模式, 对应华为的LACP
interface range Ten-GigabitEthernet 1/0/49 Ten-GigabitEthernet 1/0/50 Ten-GigabitEthernet 2/0/49 Ten-GigabitEthernet 2/0/50
port link-aggregation group 1
sw3:
interface Bridge-Aggregation 1
link-aggregation mode dynamic
interface range Ten-GigabitEthernet 1/0/49 Ten-GigabitEthernet 1/0/50 Ten-GigabitEthernet 2/0/49 Ten-GigabitEthernet 2/0/50
port link-aggregation group 1
# 查询
dis link-aggregation verbose
dis link-aggregation summary
sw1 - sw5
# 二层链路聚合
sw1:
interface Bridge-Aggregation 2 # 链路接口2
link-aggregation mode dynamic # 动态模式, 对应华为的LACP
interface range Ten-GigabitEthernet 1/0/51 Ten-GigabitEthernet 2/0/52
port link-aggregation group 2
sw5:
interface Bridge-Aggregation 2 # 链路接口2
link-aggregation mode dynamic # 动态模式, 对应华为的LACP
interface range Ten-GigabitEthernet 1/0/51 Ten-GigabitEthernet 1/0/52
port link-aggregation group 2
sw1 - sw6
sw1:
interface Bridge-Aggregation 3
link-aggregation mode dynamic
interface range Ten-GigabitEthernet 1/0/52 Ten-GigabitEthernet 2/0/51
port link-aggregation group 3
sw6:
interface Bridge-Aggregation 3
link-aggregation mode dynamic
interface range Ten-GigabitEthernet 1/0/52 Ten-GigabitEthernet 1/0/51
port link-aggregation group 3
三层链路聚合 sw1 -- AR1
也可以不聚合,使用两条线挂两个不同网段的方案,跑ospf或静态
sw1:
interface Route-Aggregation 10
ip address 192.168.254.2 24
int range g1/0/2 g2/0/1
port link-mode route
port link-aggregation group 10
R1:
interface Route-Aggregation 10
ip address 192.168.254.1 24
interface range GigabitEthernet 0/2 GigabitEthernet 0/1
port link-aggregation group 10
3. vlan trunk 配置
sw1:
vlan 10 to 40
interface Bridge-Aggregation 1 # 进入聚合接口,配置接口类型为trunk,并允许相应vlan通行
port link-type trunk
port trunk permit vlan 10 20
interface Bridge-Aggregation 2
port link-type trunk
port trunk permit vlan 30
interface Bridge-Aggregation 3
port link-type trunk
port trunk permit vlan 40
int Vlan-interface 10 # 配置SVI接口,作为网关
ip address 192.168.10.1 24
int Vlan-interface 20
ip address 192.168.20.1 24
int Vlan-interface 30
ip address 192.168.30.1 24
int Vlan-interface 40
ip address 192.168.40.1 24
sw3:
vlan 10 to 20
interface Bridge-Aggregation 1
port link-type trunk
port trunk permit vlan 10 20
interface GigabitEthernet1/0/1
port link-type access
port access vlan 10
interface GigabitEthernet2/0/1
port link-type access
port access vlan 20
sw5:
vlan 30
interface Bridge-Aggregation 2
port link-type trunk
port trunk permit vlan 30
interface GigabitEthernet 1/0/1
port link-type access
port access vlan 30
sw6:
vlan 40
interface Bridge-Aggregation 3
port link-type trunk
port trunk permit vlan 40
interface GigabitEthernet1/0/1
port link-type access
port access vlan 40
4. MAD 多主检测配置
检测的方式有多种,如:lacp、arp、bfd 推荐使用lacp方式, (通过发送特殊的lacp组播报文检测,lacp组播报文里包含irf domain id 和 activ 主设备成员id) 注: mad检测不能再路由器聚合链路上使能,路由器不支持
检测过程
当系统检测到多active冲突后,两个冲突的IRF会进行竞选,Master成员编号小的获胜,继续正常运行,失败的IRF会转入Recovery状态,暂时不能转发业务报文。 IRF链路修复后,处于Recover状态的IRF会自动重启,从而于处于Active状态的IRF重新合并为一个IRF,原Recovery状态IRF中被强制关闭的业务接口会自动恢复。
配置
sw1
interface Bridge-Aggregation 1 # 进入聚合接口,开启mad检测 (可以在部分聚合口选配mad功能)
mad enable
# [Current domain is: 0]: 0 # 堆叠域编号,选择0,检测sw1(+sw2)
interface Bridge-Aggregation 2
mad enable
# [Current domain is: 0]: 0
interface Bridge-Aggregation 3
mad enable
# [Current domain is: 0]: 0
#查询
display mad verbose
sw3
interface Bridge-Aggregation 1
mad enable
# [Current domain is: 0]: 0 # 堆叠域编号,选择0,检测sw1(+sw2)
sw5
interface Bridge-Aggregation 2
mad enable
# [Current domain is: 0]: 0 # 堆叠域编号,选择0,检测sw1(+sw2)
sw6
interface Bridge-Aggregation 3
mad enable
# [Current domain is: 0]: 0 # 堆叠域编号,选择0,检测sw1
5. 出口路由
sw1:
ip route-static 0.0.0.0 0 192.168.254.1
AR1:
interface GigabitEthernet0/0
ip address 12.1.1.1 255.255.255.0
ip route-static 0.0.0.0 0 12.1.1.2 # 出口默认路由
ip route-static 192.168.0.0 16 192.168.254.2 # 局域网回包路由
6. NAT
AR1:
acl basic 2000 #创建访问控制列表ACL,匹配感兴趣流
rule 10 permit source 192.168.0.0 0.0.255.255
interface GigabitEthernet 0/1 #接口启用nat(easy-ip),匹配acl2000
nat outbound 2000
