常规配置

irf member xx renumber xx

irf member xx priority xx

irf-port 1/1

port group interface Ten-GigabitEthernet 1/0/50

irf-port-confguration active

BFD MAD

三、实验拓扑

华三bgp与bfd联动 华三irf bfd配置_网络

四、配置需求
核心设备SWA和SWB配置IRF,为了防止万一IRF链路故障导致IRF分裂、网络中存在两个配置冲突的IRF,需要启用MAD检测功能,采用BFD MAD检测方式来监测IRF的状态,IRF分裂后,通过分裂检测机制IRF会检测到网络中存在其它处于Active状态,冲突处理会让Master成员编号最小的IRF继续正常工作,其它IRF会迁移到Recovery状态(表示IRF处于禁用状态),并关闭Recovery状态IRF中所有成员设备上除保留端口以外的其它所有物理端口。
五、配置步骤
1. SWA、SWB IRF配置irf详细配置可以翻看历史公众号,此处不再赘述。
2. 创建VLAN 10,并将SWA上的G1/0/1和SWB上的Gi2/0/1加入VLAN10中

[H3C]vlan 10
[H3C-vlan10]port GigabitEthernet 1/0/1
[H3C-vlan10]port GigabitEthernet 2/0/1
[H3C-vlan10]quit

3. 创建VLAN接口10,并配置MAD IP地址

[H3C]interface Vlan-interface 10
[H3C-Vlan-interface10]mad bfd enable
[H3C-Vlan-interface10]mad ip address 10.1.1.1 30 member 1
[H3C-Vlan-interface10]mad ip address 10.1.1.2 30 member 2
[H3C-Vlan-interface10]quit

4. 因为BFD MAD和生成树功能互斥,所以在GigabitEthernet1/0/1和GigabitEthernet2/0/1上关闭生成树协议

[H3C]interface g 1/0/1
[H3C-GigabitEthernet1/0/1]undo stp enable
[H3C-GigabitEthernet1/0/1]interface g 2/0/1
[H3C-GigabitEthernet2/0/1]undo stp enable
[H3C-GigabitEthernet2/0/1]quit

5. 保存配置

[H3C]sa f
Validating file. Please wait...
Saved the current configuration to mainboard device successfully.
Slot 2:
Save next configuration file successfully.

LACP MAD

1. 组网需求

由于公司业务量激增,网络规模迅速扩大,当前中心设备(Device A)安全业务处理能力已经不能满足需求,现在需要另增一台设备Device B,将这两台设备组成一个IRF(如图1-14所示)。由于IRF到中间设备Device C有跨成员设备的聚合链路,且Device C为支持LACP协议的H3C设备,我们配置LACP MAD进行分裂检测。

2. 组网图

图1-14 IRF典型配置组网图(LACP MAD检测方式)

华三bgp与bfd联动 华三irf bfd配置_网络_02

原理简述

其实就是在聚合口上面传递的LACP报文中附加传递一些其他的TLV参数,使得对端可以知晓是否产生了分裂,当分裂后两端的交换机发出的LACP报文中的TLV会携带master memberID,因为分裂后都认为自己是master ,所以两端会产生master memberID的冲突,只有小的memberID才会继续开放端口进行数据传输,大的memberID的交换机就会被端口阻塞,不进行业务转发

3. 配置步骤

(1)      搭建IRF(Device A上的配置)

# 配置IRF中成员编号为1的设备的优先级为32。

<DeviceA> system-view
[DeviceA] irf member 1 priority 32

# 配置IRF端口1/2,并将它与物理端口Ten-GigabitEthernet1/0/1绑定,并保存配置,然后激活IRF端口下的配置。

[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/0/1
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] save
[DeviceA] irf-port-configuration active

(2)      搭建IRF(Device B上的配置)

# 将Device B的成员编号配置为2,并重启设备使新编号生效。

<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Warning: Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot

# 参照配置组网图进行物理连线。

# 重新登录到设备,配置IRF端口2/1,将它与物理端口Ten-GigabitEthernet2/0/1绑定,并保存配置,然后激活IRF端口下的配置。

<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/0/1
[DeviceB-Ten-GigabitEthernet2/0/1] shutdown
[DeviceB-Ten-GigabitEthernet2/0/1] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/0/1
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/0/1
[DeviceB-Ten-GigabitEthernet2/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet2/0/1] quit
[DeviceB] save
[DeviceB] irf-port-configuration active

(3)      Device A和Device B间将会进行主设备竞选,竞选失败的一方(Device B)将重启,重启完成后,IRF形成。登录IRF主设备Device A。

(4)      配置LACP MAD检测(IRF上的配置)

# 设置IRF域编号为1。

[DeviceA] irf domain 1

# 创建一个动态聚合接口,配置IP地址并开启LACP MAD检测功能。

[DeviceA] interface route-aggregation 2
[DeviceA-Route-Aggregation2] ip address 192.168.1.1 24
[DeviceA-Route-Aggregation2] link-aggregation mode dynamic
[DeviceA-Route-Aggregation2] mad enable  //只要在聚合口上面开启这个功能即可
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 1]:
The assigned domain ID is: 1
MAD LACP only enable on dynamic aggregation interface.
[DeviceA-Route-Aggregation2] quit

# 在聚合接口中添加成员端口Ten-GigabitEthernet1/0/2和Ten-GigabitEthernet2/0/2,用于Device A和Device B实现LACP MAD检测。

[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/0/2] quit
[DeviceA] interface ten-gigabitethernet 2/0/2
[DeviceA-Ten-GigabitEthernet2/0/2] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet2/0/2] quit

(5)      请参考组网图中的规划,配置安全域和安全策略,对Intranet网络与IP network网络之间交互的报文进行安全控制。

(6)      配置LACP MAD检测(中间设备Device C上的配置)




· Device C作为中间设备来转发、处理LACP协议报文,协助Device A和Device B进行多Active检测。从节约成本的角度考虑,使用一台支持LACP协议扩展功能的设备即可。

· 如果中间设备是一个IRF系统,则必须通过配置确保其IRF域编号与被检测的IRF系统不同。


# 创建一个动态聚合接口,配置IP地址并开启LACP MAD检测功能。
<DeviceC> system-view
[DeviceC] interface route-aggregation 2
[DeviceC-Route-Aggregation2] link-aggregation mode dynamic
[DeviceC-Route-Aggregation2] ip address 192.168.1.2 24
[DeviceC-Route-Aggregation2] quit
# 在聚合接口中添加成员端口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2,用于帮助LACP MAD检测。
[DeviceC] interface ten-gigabitethernet 1/0/1
[DeviceC-Ten-GigabitEthernet1/0/1] port link-aggregation group 2
[DeviceC-Ten-GigabitEthernet1/0/1] quit
[DeviceC] interface ten-gigabitethernet 1/0/2
[DeviceC-Ten-GigabitEthernet1/0/2] port link-aggregation group 2
[DeviceC-Ten-GigabitEthernet1/0/2] quit