核心内容摘要
沈樵在七旬老农中最经典5句话:智慧之语,道尽人生况味
前言在现代数据中心和园区网络的高可靠性设计中M-LAGMultichassis Link Aggregation Group跨设备链路聚合组已经成为主流技术。
它允许将两台物理交换机虚拟成一台逻辑交换机从而实现跨设备的链路聚合。
本文将基于ENSP Pro模拟器演示如何配置 M-LAG 双归接入三层网络。
为了防止二层环路并优化拓扑我们将采用V-STP虚拟生成树机制确保 M-LAG 组在下游设备看来是一个单一的 STP 根桥。
功能实现高可靠性当一条接入链路或一台汇聚设备故障时流量快速切换业务不中断。
负载分担接入侧的链路均处于 Active 状态流量基于哈希算法在链路上负载分担。
三层网关M-LAG 设备作为接入层的网关Gateway处理南北向流量。
拓扑信息
1 组网拓扑核心交换机 (CSW
模拟核心层运行 OSPF通过 Loopback 口模拟外部网络。
M-LAG 设备 (SwitchA SwitchB)模拟汇聚层双活网关运行 OSPF 上行配置 V-STP 保证二层无环。
接入设备 (Access
模拟接入层通过 Eth-Trunk 双归接入 M-LAG 系统。
服务器 (Serv1 Serv
位于 VLAN 11网关指向 M-LAG 的虚拟 IP。
2 关键配置参数表设备接口/参数配置详情备注CSW1GE1/0/1IP:
10.
3.
2/24连接 SwitchAGE1/0/2IP:
10.
4.
2/24连接 SwitchBLoopback0IP:
3.
3.
3/32模拟外网测试地址SwitchAMEth0/0/0IP:
10.
200.
1/24DAD (Keepalive) 检测链路Eth-Trunk 1Peer-Link成员口: GE1/0/1, GE1/0/2Eth-Trunk 10M-LAG 成员口成员口: GE1/0/4, GE1/0/5GE1/0/6IP:
10.
3.
1/24上行连接 CSW1Vlanif 11IP:
10.
2.
1/24业务网关 (配置虚拟MAC)SwitchBMEth0/0/0IP:
10.
200.
2/24DAD (Keepalive) 检测链路Eth-Trunk 1Peer-Link成员口: GE1/0/1, GE1/0/2Eth-Trunk 10M-LAG 成员口成员口: GE1/0/4, GE1/0/5GE1/0/6IP:
10.
4.
1/24上行连接 CSW1Vlanif 11IP:
10.
2.
1/24业务网关 (配置虚拟MAC)Access1Eth-Trunk 20上行聚合成员口: GE1/0/1-
组网需求与配置思路
1 组网需求M-LAG双归接入SwitchA与SwitchB组成M-LAG系统Access1通过双活链路接入。
V-STP防环在M-LAG系统上通过V-STP功能将两台设备模拟成一台逻辑根桥避免接入侧端口被STP阻塞。
双活网关SwitchA与SwitchB配置相同的IP和MAC作为下行设备的网关。
Monitor Link联动关联上行接口连接核心路由与下行M-LAG接口。
当上行链路故障时自动关闭下行接口触发流量切换到对端M-LAG设备防止流量丢弃。
三层互通使用OSPF且上行区域Area 0与下行网关区域Area 1分离。
2 配置思路接入层Access1配置普通Eth-Trunk绑定上行接口。
汇聚层SwitchA/B基础配置V-STP、创建DFS Group配置认证与绑定管理口IP、配置Peer-Link。
汇聚层SwitchA/B网关配置VLANIF接口IP及虚拟MAC地址。
核心层SwitchA/B/CSW1配置OSPF。
上行链路划入Area 0下行业务网段划入Area 1。
可靠性SwitchA/B配置Monitor Link关联上行物理口与下行Eth-Trunk。
操作步骤详解第一步配置接入层设备 (Access
接入设备只需将上行端口加入聚合组无需感知M-LAG的存在。
Access1 配置:[Access1]vlan batch11[Access1]int Eth-Trunk20[Access1-Eth-Trunk20]mode lacp-static[Access1-Eth-Trunk20]port link-type trunk[Access1-Eth-Trunk20]port trunk allow-pass vlan11[Access1-Eth-Trunk20]trunkport ge1/0/1 to1/0/4[Access1-Eth-Trunk20]第二步配置 M-LAG 基础与 V-STP (SwitchA SwitchB)配置STP模式、开启V-STP、DFS Group认证及心跳、Peer-Link。
SwitchA 配置:# 开启 V-STP[SwitchA]stp mode rstp[SwitchA]stp v-stpenable# 配置 DAD 检测口[SwitchA]interface meth0/0/0[SwitchA-MEth0/0/0]ipaddress
10.
200.
124# 配置 DFS Group (含认证)[SwitchA]dfs-group1[SwitchA-dfs-group-1]dual-active detectionsourceip
10.
200.
1 peer
10.
200.
2[SwitchA-dfs-group-1]priority150# 主设备优先级高# 配置 Peer-Link (Eth-Trunk
[SwitchA]interface eth-trunk1[SwitchA-Eth-Trunk1]trunkport GE1/0/1[SwitchA-Eth-Trunk1]trunkport GE1/0/2[SwitchA-Eth-Trunk1]mode lacp-static[SwitchA-Eth-Trunk1]peer-link1[SwitchA-Eth-Trunk1]port vlan exclude1# 最佳实践剔除VLAN 1SwitchB 配置:# 开启 V-STP[SwitchB]stp mode rstp[SwitchB]stp v-stpenable# 配置 DAD 检测口[SwitchB]interface meth0/0/0[SwitchB-MEth0/0/0]ipaddress
10.
200.
224# 配置 DFS Group[SwitchB]dfs-group1[SwitchB-dfs-group-1]dual-active detectionsourceip
10.
200.
2 peer
10.
200.
1[SwitchB-dfs-group-1]priority120# 备设备优先级低# 配置 Peer-Link[SwitchB]interface eth-trunk1[SwitchB-Eth-Trunk1]trunkport GE1/0/1[SwitchB-Eth-Trunk1]trunkport GE1/0/2[SwitchB-Eth-Trunk1]mode lacp-static[SwitchB-Eth-Trunk1]peer-link1[SwitchB-Eth-Trunk1]port vlan exclude1第三步配置 M-LAG 成员接口与业务网关配置下行接口 Eth-Trunk 10并配置分布式网关 VLANIF 11。
SwitchA 配置:# 配置 M-LAG 成员口[SwitchA]vlan batch11[SwitchA]interface eth-trunk10[SwitchA-Eth-Trunk10]mode lacp-static[SwitchA-Eth-Trunk10]port link-type trunk[SwitchA-Eth-Trunk10]port trunk allow-pass vlan11[SwitchA-Eth-Trunk10]trunkport GE1/0/4[SwitchA-Eth-Trunk10]trunkport GE1/0/5[SwitchA-Eth-Trunk10]dfs-group1m-lag1# 配置双活网关[SwitchA]interface vlanif11[SwitchA-Vlanif10]ipaddress
10.
2.
124[SwitchA-Vlanif10]mac-address
e
# 虚拟MACSwitchB 配置:# 配置 M-LAG 成员口[SwitchB]vlan batch11[SwitchB]interface eth-trunk10[SwitchB-Eth-Trunk10]mode lacp-static[SwitchB-Eth-Trunk10]port link-type trunk[SwitchB-Eth-Trunk10]port trunk allow-pass vlan11[SwitchB-Eth-Trunk10]trunkport GE1/0/4[SwitchB-Eth-Trunk10]trunkport GE1/0/5[SwitchB-Eth-Trunk10]dfs-group1m-lag1# 配置双活网关 (参数需与A完全一致)[SwitchB]interface vlanif11[SwitchB-Vlanif10]ipaddress
10.
2.
124[SwitchB-Vlanif10]mac-address
e
第四步配置三层 OSPF 互通注意区分区域上行互联使用Area 0下行网关网段使用Area 1。
CSW1 配置:[CSW1]interface LoopBack0[CSW1-LoopBack0]ipaddress
3.
3.
332[CSW1]interface GE1/0/1[CSW1-GE1/0/1]undo portswitch[CSW1-GE1/0/1]ipaddress
10.
3.
224# 连接SwitchA[CSW1]interface GE1/0/2[CSW1-GE1/0/2]undo portswitch[CSW1-GE1/0/2]ipaddress
10.
4.
224# 连接SwitchB[CSW1]ospf1router-id
3.
3.
3[CSW1-ospf-1]area
0.
0.
0[CSW1-ospf-1-area-
0.
0.
0]network
3.
3.
3.
30.
0.
0[CSW1-ospf-1-area-
0.
0.
0]network
10.
3.
1.
00.
0.
255# 涵盖互联段[CSW1-ospf-1-area-
0.
0.
0]network
10.
4.
1.
00.
0.
255# 涵盖互联段SwitchA OSPF 配置:[SwitchA]interface GE1/0/6[SwitchA-GE1/0/6]undo portswitch[SwitchA-GE1/0/6]ipaddress
10.
3.
124[SwitchA]ospf1router-id
1.
1.
1[SwitchA-ospf-1]area
0.
0.
0[SwitchA-ospf-1-area-
0.
0.
0]network
10.
3.
1.
00.
0.
255# 上行互联[SwitchA-ospf-1]area
0.
0.
1[SwitchA-ospf-1-area-
0.
0.
1]network
10.
2.
1.
00.
0.
255# 下行网关SwitchB OSPF 配置:[SwitchB]interface GE1/0/6[SwitchB-GE1/0/6]undo portswitch[SwitchB-GE1/0/6]ipaddress
10.
4.
124[SwitchB]ospf1router-id
2.
2.
2[SwitchB-ospf-1]area
0.
0.
0[SwitchB-ospf-1-area-
0.
0.
0]network
10.
4.
1.
00.
0.
255# 上行互联[SwitchB-ospf-1]area
0.
0.
1[SwitchB-ospf-1-area-
0.
0.
1]network
10.
2.
1.
00.
0.
255# 下行网关第五步配置 Monitor Link (SwitchA SwitchB)这是关键的一步。
将上行接口GE1/0/6定义为uplink下行 Eth-Trunk 10 定义为downlink。
当上行 GE 口 Down 时自动强制 Eth-Trunk 10 Down迫使流量走 SwitchB。
SwitchA 配置:[SwitchA]monitor-link group1[SwitchA-mtlk-group1]port GE1/0/6 uplink[SwitchA-mtlk-group1]port eth-trunk10downlink1SwitchB 配置:[SwitchB]monitor-link group1[SwitchB-mtlk-group1]port GE1/0/6 uplink[SwitchB-mtlk-group1]port eth-trunk10downlink
结果验证
1 检查 M-LAG 状态在 SwitchA 上执行[SwitchA]dis dfs-group1m-lag *:LocalnodeHeart beat state:OK Node1* Dfs-Group ID:1Priority:150Dual-active Address:
10.
200.
1 VPN-Instance:public net State:Master Causation:- System ID:fae8-d2bf-0011 SysName:SwitchA Version:V600R024C10SPC500 Device Type:LSW Node2Dfs-Group ID:1Priority:120Dual-active Address:
10.
200.
2 VPN-Instance:public net State:Backup Causation:- System ID:fae8-d2bf-0021 SysName:SwitchB Version:V600R024C10SPC500 Device Type:LSW[SwitchA]Heart beat state:OKNode State:MasterCausation:-(建立成功)在 SwitchA 上查看详细接口状态[SwitchA]dis dfs-group1node1m-lag brief * - LocalnodeM-Lag ID Interface Mode Port State Status Consistency-check1Eth-Trunk10active-active Up active(*)-active -- Failed reason:1-- Relationship between vlan and port is inconsistent2-- STP configuration under the port is inconsistent3-- STP port priority configuration is inconsistent4-- LACP mode of M-LAG is inconsistent5-- M-LAG configuration is inconsistent6-- The number of M-LAG members is inconsistent7-- LACP system-id of M-LAG is inconsistent8-- LACP priority of M-LAG is inconsistent9-- STP port edged configuration is inconsistent10-- M-LAG mode configuration is inconsistent11-- VCMP configuration on the port is inconsistent12-- LINK-TYPE configuration on the port is inconsistent[SwitchA]Local Status:activeRemote Status:activePort State:Up
2 检查 OSPF 路由在 CSW1 上查看路由表应能看到去往
10.
2.
0/24的路由有两条负载分担[CSW1]disiprouting-table
10.
2.
0 Proto: Protocol Pre: Preference Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route ------------------------------------------------------------------------------ Routing Table:_public_ Summary Count:2Destination/Mask Proto Pre Cost Flags NextHop Interface
10.
2.
0/24 OSPF102D
10.
4.
1 GE1/0/2 OSPF102D
10.
3.
1 GE1/0/1[CSW1]
3 Monitor Link 测试在 SwitchA 上手动 Shutdown 上行接口 GE1/0/6。
[SwitchA-GE1/0/6]shutdown查看 SwitchA 的 Eth-Trunk 10 状态应自动变为 DownMonitor Link 生效。
[SwitchA]dis int eth-trunk10Eth-Trunk10 current state:ERROR DOWN(monitor-link)(ifindex:
Line protocol current state:DOWN Description: Switch Port, PVID:1, TPID:8100(Hex), Hash Arithmetic:src-dst-ip, Maximal BW:2Gbps, Current BW:0Mbps, The Maximum Frame Length is9216Internet protocol processing:disabled IP Sending Frames Format is PKTFMT_ETHNT_2, Hardware address is fae8-d2bf-0011 Current system time:
:01:16 Physical is ETH_TRUNK Last300seconds input rate253bits/sec,0packets/sec Last300seconds output rate434bits/sec,0packets/sec Input:4966packets,671255 bytes10unicast,2205 broadcast,2751 multicast0errors,0 drops Output:12311 packets,1315104 bytes10unicast,2205 broadcast,10096 multicast0errors,0 drops Last300seconds input utility rate:
00% Last300seconds output utility rate:
00% ---------------------------------------------------------- PortName Status Weight ---------------------------------------------------------- GE1/0/4 DOWN1GE1/0/5 DOWN1---------------------------------------------------------- The Number of PortsinTrunk:2The Number of Up PortsinTrunk:0[SwitchA]Access1 的流量应无损切换至 SwitchB 的链路。
关键配置SwitchAsysname SwitchA stp mode rstp stp v-stpenable#dfs-group1priority150dual-active detectionsourceip
10.
200.
1 peer
10.
200.
2#vlan batch11#interface MEth0/0/0ipaddress
10.
200.
1.
1255.
255.
2
0#interface Eth-Trunk1 mode lacp-static peer-link1port vlan exclude1trunkport GE1/0/1 trunkport GE1/0/2#interface Eth-Trunk10 port link-type trunk port trunk allow-pass vlan11mode lacp-static dfs-group1m-lag1trunkport GE1/0/4 trunkport GE1/0/5#interface Vlanif11ipaddress
10.
2.
1.
1255.
255.
2
0 mac-address
e
#interface GE1/0/6 undo portswitchipaddress
10.
3.
1.
1255.
255.
2
0#monitor-link group1port GE1/0/6 uplink port Eth-Trunk10 downlink1#ospf1router-id
1.
1.
1 area
0.
0.
0 network
10.
3.
1.
00.
0.
255 area
0.
0.
1 network
10.
2.
1.
00.
0.
255SwitchBsysname SwitchB stp mode rstp stp v-stpenable#dfs-group1priority120dual-active detectionsourceip
10.
200.
2 peer
10.
200.
1#vlan batch11#interface MEth0/0/0ipaddress
10.
200.
1.
2255.
255.
2
0#interface Eth-Trunk1 mode lacp-static peer-link1port vlan exclude1trunkport GE1/0/1 trunkport GE1/0/2#interface Eth-Trunk10 port link-type trunk port trunk allow-pass vlan11mode lacp-static dfs-group1m-lag1trunkport GE1/0/4 trunkport GE1/0/5#interface Vlanif11ipaddress
10.
2.
1.
1255.
255.
2
0 mac-address
e
#interface GE1/0/6 undo portswitchipaddress
10.
4.
1.
0255.
255.
2
0#monitor-link group1port GE1/0/6 uplink port Eth-Trunk10 downlink1#ospf1router-id
2.
2.
2 area
0.
0.
0 network
10.
4.
1.
00.
0.
255 area
0.
0.
1 network
10.
2.
1.
00.
0.