H3C之IRF典型配置舉例(BFD MAD檢測方式)

*一炁化三清*發表於2024-06-27

IRF典型配置舉例(BFD MAD檢測方式)

1、組網需求

由於網路規模迅速擴大,當前中心裝置(Device A)安全業務處理能力已經不能滿足需求,現在需要另增一臺裝置Device B,將這兩臺裝置組成一個IRF(如圖所示),並配置BFD MAD進行分裂檢測。

2、組網圖

IRF典型配置組網圖(BFD MAD檢測方式)

3、配置步驟

(1) 配置Device A
配置IRF中成員編號為1的裝置的優先順序為32。

<DeviceA> system-view
[DeviceA] irf member 1 priority 32

配置IRF埠1/2,並將它與物理埠Ten-GigabitEthernet1/0/1繫結,並儲存配置,然後啟用IRF埠下的配置。

IRF-port埠編號說明:
irf-port 1/2中,第一個數字代表的是裝置成員編號,第二個數字是介面編號。堆疊要求使用邏輯埠1對接邏輯埠2。
即,如若第一臺配置irf-port1/2,則第二臺需要是用irf-port2/1對接。如若第一臺使用irf-port1/1,則第二臺需要配置irf-port2/2。

[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/0/1
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] save
[DeviceA] irf-port-configuration active

(2) 配置Device B
將Device B的成員編號配置為2,並重啟裝置使新編號生效。

<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Warning: Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot

參照配置組網圖進行物理連線。
重新登入到裝置,配置IRF埠2/1,並將它與物理埠Ten-GigabitEthernet2/0/1繫結,並儲存配置,然後啟用IRF埠下的配置。

<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/0/1
[DeviceB-Ten-GigabitEthernet2/0/1] shutdown
[DeviceB-Ten-GigabitEthernet2/0/1] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/0/1
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/0/1
[DeviceB-Ten-GigabitEthernet2/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet2/0/1] quit
[DeviceB] save
[DeviceB] irf-port-configuration active

(3) Device A和Device B間將會進行主裝置競選,競選失敗的一方(Device B)將重啟,重啟完成後,IRF形成。
(4) 配置BFD MAD檢測
建立三層聚合介面3。

[DeviceA] interface route-aggregation 3
[DeviceA-Route-Aggregation3] quit

分別將Device A(成員編號為1)上的介面Ten-GigabitEthernet1/0/2和Device B(成員編號為2)上的介面Ten-GigabitEthernet2/0/2加入聚合組3中。

分別將裝置A和裝置B的MAD口加入一個三層聚合組

[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 3
[DeviceA-Ten-GigabitEthernet1/0/2] quit
[DeviceA] interface ten-gigabitethernet 2/0/2
[DeviceA-Ten-GigabitEthernet2/0/2] port link-aggregation group 3
[DeviceA-Ten-GigabitEthernet2/0/2] quit

開啟BFD MAD功能,並配置三層聚合介面3的MAD IP地址。

[DeviceA] interface route-aggregation 3
[DeviceA-Route-Aggregation3] mad bfd enable
[DeviceA-Route-Aggregation3] mad ip address 192.168.2.1 24 member 1
[DeviceA-Route-Aggregation3] mad ip address 192.168.2.2 24 member 2
[DeviceA-Route-Aggregation3] quit

(5) 請參考組網圖中的規劃,配置安全域和安全策略,對Intranet網路與IP network網路之間互動的報文進行安全控制。
4. 驗證配置

  • IRF鏈路正常情況下檢視相關配置
    檢視IRF相關資訊,可見IRF成功建立,且DeviceA為主裝置。
[DeviceA] display irf
MemberID    Role    Priority  CPU-Mac         Description
 *+1        Master  32        487a-da95-93b5  ---
   2        Standby 1         3897-d6a8-1b1a  ---
--------------------------------------------------
 * indicates the device is the master.
 + indicates the device through which the user logs in.
 
 The bridge MAC of the IRF is: 487a-da95-93b3
 Auto upgrade                : yes
 Mac persistent              : no
 Domain ID                   : 0

檢視BFD MAD狀態,狀態正常。

[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
  Ten-GigabitEthernet1/0/1
  Ten-GigabitEthernet2/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Route-Aggregation3
  MAD status                 : Normal
  Member ID   MAD IP address       Neighbor   MAD status
  1           192.168.2.1/24       2          Normal
  2           192.168.2.2/24       1          Normal
  • IRF鏈路異常情況下檢視相關配置
    檢視BFD MAD狀態,狀態異常,表示IRF分裂。
[DeviceA] display mad verbose
Excluded ports (user-configured):
Excluded ports (system-configured):
  Ten-GigabitEthernet1/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Route-Aggregation3
  MAD status                 : Faulty
  Member ID   MAD IP address       Neighbor   MAD status
  1           192.168.2.1/24       2          Faulty
  • 其它命令
    檢視成員1、成員2 IRF鏈路的狀態均為UP
Member 1

 IRF Port  Interface                             Status

 1         Ten-GigabitEthernet1/0/50             UP

           Ten-GigabitEthernet1/0/51             UP

 2         disable                               --

Member 2

 IRF Port  Interface                             Status

 1         disable                               --

 2         Ten-GigabitEthernet2/0/50             UP

           Ten-GigabitEthernet2/0/51             UP

檢視IRF的配置資訊

<H3C>dis irf configuration  

 MemberID NewID    IRF-Port1                     IRF-Port2

 1        1        Ten-GigabitEthernet1/0/50     disable

                   Ten-GigabitEthernet1/0/51

 2        2        disable                       Ten-GigabitEthernet2/0/50

                                                 Ten-GigabitEthernet2/0/51

檢視IRF的拓撲資訊

dis irf topology
                              Topology Info
 -------------------------------------------------------------------------
               IRF-Port1                IRF-Port2
 MemberID    Link       neighbor      Link       neighbor    Belong To
 1           DIS        ---           UP         2           00e0-fc0f-8c02
 2           UP         1             DIS        ---         00e0-fc0f-8c02

生產實用案例

SW1
[H3C]sysname sw1
[sw1]irf member 1 priority 32
[sw1]interface FortyGigE 1/0/53
[sw1-FortyGigE1/0/53]shutdown
[sw1-FortyGigE1/0/53]quit
[sw1]interface FortyGigE 1/0/54
[sw1-FortyGigE1/0/54]shutdown
[sw1-FortyGigE1/0/54]quit
[sw1]irf-port 1/2
[sw1-irf-port1/2]port group interface FortyGigE 1/0/53
[sw1-irf-port1/2]port group interface FortyGigE 1/0/54
[sw1-irf-port1/2]quit
[sw1]interface FortyGigE 1/0/53
[sw1-FortyGigE1/0/53]undo shutdown
[sw1]interface FortyGigE 1/0/54
[sw1-FortyGigE1/0/54]undo shutdown
[sw1]save
[sw1]irf-port-configuration active

SW2
[H3C]sysname sw2
[sw2]irf member 1 renumber 2
[sw2]quit
<sw2>reboot
[sw2]irf member 2 priority 31
[sw2]interface FortyGigE 2/0/53
[sw2-FortyGigE2/0/53]shutdown
[sw2-FortyGigE2/0/53]quit
[sw2]interface FortyGigE 2/0/54
[sw2-FortyGigE2/0/54]shutdown
[sw2-FortyGigE2/0/54]quit
[sw2]irf-port 2/1
[sw2-irf-port2/1]port group interface FortyGigE 2/0/53
[sw2-irf-port2/1]port group interface FortyGigE 2/0/54
[sw2]interface FortyGigE 2/0/53
[sw2-FortyGigE2/0/53]undo shutdown
[sw2]interface FortyGigE 2/0/54
[sw2-FortyGigE2/0/53]quit
[sw2-FortyGigE2/0/54]un shutdown
[sw2-FortyGigE2/0/54]quit
[sw2]irf-port-configuration active

SW1配置mad檢測
[sw1]interface Route-Aggregation 3
[sw1-Route-Aggregation3]quit
[sw1]interface Ten-GigabitEthernet1/0/50
[sw1-Ten-GigabitEthernet1/0/50]port link-aggregation group 3
[sw1-Ten-GigabitEthernet1/0/50]quit
[sw1]interface Ten-GigabitEthernet2/0/50
[sw1-Ten-GigabitEthernet2/0/50]port link-aggregation group 3
[sw1-Ten-GigabitEthernet2/0/50]quit

[sw1]interface Route-Aggregation3
[sw1-Route-Aggregation3]mad bfd enable
[sw1-Route-Aggregation3]mad ip address 1.1.1.1 30 member 1
[sw1-Route-Aggregation3]mad ip address 1.1.1.2 30 member 2
[sw1-Route-Aggregation3]quit

相關文章