工程名称
配置和验证华三设备上的M-LAG 组网 IPv4 双活网关
需求:
SW1和SW2组成M-LAG系统;R7和R8是外联出口设备;SW4和SW5组成堆叠
VLAN10、VLAN20、VLAN30的SVI接口均在M-LAG系统;M-LAG系统与外联出口设备运行ospf协议;M-LAG系统与下联设备配置链路聚合,最终实现PC和Server的上行访问流量负载均衡。
配置思路
- SW1和SW2配置VLAN接口10,20,30作为IPv4双活网关
- SW1和SW2在VLAN接口10,20,30配置相同的IPv4地址和MAC地址,以便用户均可通过该网关访问外部网络。
- 配置SW1和SW2通过VLAN接口101实现三层互通。如果SW1或SW2与上行设备的链路故障,报文可以通过路由绕行到对端M-LAG设备处理
- 同级M-LAG设备的m-lag system-mac应配置为相同
实验步骤:
配置接口互联地址
- 互联IP地址配置格式(R7–R8, 78.1.1.7/24 – 78.1.1.8/24)
- M-LAG 设备和上行设备配置loopback 0 环回接口地址,格式(1.1.1.1/32)
- M-LAG的keepalive接口地址使用三层聚合(g 1/0/47和g1/0/48)
# sw1
sys
sysn SW1
int l 0
ip add 1.1.1.1 32
int g 1/0/21
p link-m r
y
ip add 17.1.1.1 24
ospf net p2p
qu
int g 1/0/22
p link-m r
y
ip add 18.1.1.1 24
ospf net p2p
# sw2
sys
sysn SW2
int l 0
ip add 2.2.2.2 32
int g 1/0/21
p link-m r
y
ip add 28.1.1.2 24
ospf net p2p
qu
int g 1/0/22
p link-m r
y
ip add 27.1.1.2 24
ospf net p2p
# R7
sys
sysn R7
int l 0
ip add 7.7.7.7 32
int g 0/1
ip add 17.1.1.7 24
ospf net p2p
int g 5/0
ip add 27.1.1.7 24
ospf net p2p
int g 0/2
ip add 78.1.1.7 24
ospf net p2p
# R8
sys
sysn R8
int l 0
ip add 8.8.8.8 32
int g 0/2
ip add 78.1.1.8 24
ospf net p2p
int g 5/0
ip add 18.1.1.8 24
ospf net p2p
int g 0/1
ip add 28.1.1.8 24
ospf net p2p
配置SW1和SW2的M-LAG(参数在拓扑图中)
# SW1
# 配置M-LAG系统MAC地址
m-lag system-mac 1-1-1
y
m-lag system-number 1
y
m-lag system-priority 12345
y
# 开启M-LAG设备独立工作模式
m-lag standalone enable
# 配置Keepalive报文的目的IPv4地址和源IPv4地址
m-lag keepalive ip destination 12.1.1.2 source 12.1.1.1
# 配置Keepalive报文的源IPv4地址
int route 1
ip add 12.1.1.1 24
# 将keepalive物理接口接口划入三层聚合口1
int ran g 1/0/47 g 1/0/48
p link-m route
y
port link-agg group 1
# 配置keepalive所在三层聚合接口为保留接口
m-lag mad exclude interface Route-Aggregation 1
# 配置聚合口用作peer-link接口
int bri 1
link-a mode dy
qu
# 将peer-link物理接口接口划入二层聚合口1
int ran ten 1/0/51 ten 1/0/52
port link-agg group 1
qu
# 配置聚合口1为peer-link接口
int bri 1
port m-lag peer-link 1
qu
# 配置M-LAG延迟恢复时间,以便提供充足的时间进行表项同步
m-lag restore-delay 300
# 关闭M-LAG配置一致性检查。
m-lag consistency-check disable
# SW2
#
m-lag system-mac 0001-0001-0001
y
m-lag system-number 2
y
m-lag system-priority 12345
y
m-lag standalone enable
# 配置Keepalive报文的目的IPv4地址和源IPv4地址
m-lag keepalive ip destination 12.1.1.1 source 12.1.1.2
# 配置keepalive IP地址
int route 1
ip add 12.1.1.2 24
#
int ran g 1/0/47 g 1/0/48
p link-m route
y
port link-agg group 1
#
m-lag mad exclude interface Route-Aggregation 1
# 配置聚合口用作peer-link接口
int bri 1
link-a mode dy
int ran ten 1/0/51 ten 1/0/52
port link-agg group 1
qu
int bri 1
port m-lag peer-link 1
qu
m-lag restore-delay 300
m-lag consistency-check disable
#
配置完成以上步骤后,使用命令查看m-lag状态,显示如下内容标识m-lag正常。可使用命令dis m-lag system和dis m-lag verbose 查看更详细信息
[SW1]dis m-lag summary
Flags: A -- Aggregate interface down, B -- No peer M-LAG interface configured
C -- Configuration consistency check failed
Peer-link interface: BAGG1
Peer-link interface state (cause): UP
Keepalive link state (cause): UP
[SW1]
配置M-LAG 设备与下行设备之间链路聚合
# SW1
# 创建vlan10,20,30,101
vlan 10 20 30 101
# 创建二层聚合口11(与SW3互联),lacp动态聚合模式
int bri 11
link-agg mode dy
# 创建二层聚合口12(与SW4,SW5互联),lacp动态聚合模式
int bri 12
link-agg mode dy
# 将物理接口划入聚合口11(与SW3互联)
int g 1/0/11
port link-agg grou 11
qu
# 将物理接口划入聚合口12(与SW4,SW5互联)
int ran g 1/0/1 g 1/0/2
port link-agg grou 12
qu
# 配置聚合口11 Trunk模式,放行vlan
int bri 11
p l t
p t per vlan 10 20
# 配置LACP优先级,使得peer-link链路和Keepalive链路都故障时M-LAG系统只选中高优先级成员口转发报文
port lacp system-priority 100
p m-lag group 11
qu
# 配置聚合口12 Trunk模式,放行vlan
int bri 12
p l t
p t per vlan 30
# 配置LACP优先级,使得peer-link链路和Keepalive链路都故障时M-LAG系统只选中高优先级成员口转发报文
port lacp system-priority 100
p m-lag group 12
# 配置聚合口1(peerlink) Trunk模式,放行vlan
int bri 1
p l t
p t per vlan all
# SW2
vlan 10 20 30 101
int bri 11
link-agg mode dy
int bri 12
link-agg mode dy
int g 1/0/11
port link-agg grou 11
qu
int ran g 1/0/1 g 1/0/2
port link-agg grou 12
qu
int bri 11
p l t
p t per vlan 10 20
port lacp system-priority 101
p m-lag group 11
qu
int bri 12
p l t
p t per vlan 30
port lacp system-priority 101
p m-lag group 12
int bri 1
p l t
p t per vlan all
# SW2上的单挂设备
int g 1/0/31
p acc vlan 30
qu
配置VLANIF网关地址、M-LAG 互联地址
# SW1 SW2 配置一致部分
# 配置vlan10,20,30 SVI接口地址,mac-add
int vlan 10
ip add 192.168.10.254 24
mac-add 1-1-10
qu
int vlan 20
ip add 192.168.20.254 24
mac-add 1-1-20
qu
int vlan 30
ip add 192.168.30.254 24
mac-add 1-1-30
qu
#
-----------------------------------------------
# SW1 M-LAG设备之间三层互通
int vlan 101
ip add 192.168.101.1 30
qu
# SW2 M-LAG设备之间三层互通
int vlan 101
ip add 192.168.101.2 30
qu
#
-----------------------------------------------
# SW1 SW2 配置vlanif接口为保留接口
m-lag mad exclude interface Vlan-interface 10
m-lag mad exclude interface Vlan-interface 20
m-lag mad exclude interface Vlan-interface 30
m-lag mad exclude interface Vlan-interface 101
配置下行设备的堆叠,VLAN,链路聚合
# SW3
vlan 10 20
int bri 1
link-agg mode dy
int ran g 1/0/1 g 1/0/2
port link-agg group 1
int bri 1
p l t
p t per vlan 10 20
qu
int g 1/0/11
p l t
p t per vlan 10 20
#
-----------------------------------------------
# SW6
vlan 10
vlan 20
int g 1/0/1
p l t
p t per vlan 10 20
qu
int g 1/0/11
p l a
p acc vlan 10
qu
int g 1/0/12
p l a
p acc vlan 20
qu
# SW4
# 1、配置成员编号,默认设备都是1,不用改
# irf member 1
# 2、设置优先级,优先级大的选举为Master角色
irf member 1 priority 16
# 3、shutdown IRF物理端口
int FortyGigE 1/0/54
shutdown
# 4、创建IRF接口并与IRF物理接口绑定,[IRF编号 / 端口编号第一位]
irf-port 1/1
port group interface FortyGigE 1/0/54
# 5、 undo shutdown IRF物理端口
int FortyGigE 1/0/54
undo shutdown
# 6、保存当前配置。
save force
# 7、激活IRF端口下的配置,激活IRF端口会引起IRF合并,被选为从设备的成员设备重启。(模拟器从设备不会重启,需要再验证!!!)
# 这一步骤,待从设备配置完成后再执行
irf-port-configuration active
#
reboot
# SW5
# 1、配置成员编号,默认设备都是1,从设备改成2或3
irf member 1 renumber 2
y
# 2、设置优先级,优先级大的选举为Master角色,从设备改小
irf member 1 priority 8
# 3、shutdown IRF物理端口
int FortyGigE 1/0/54
shutdown
# 4、创建IRF接口并与IRF物理接口绑定,[IRF编号 / 端口编号第一位]
irf-port 1/2
port group interface FortyGigE 1/0/54
# 5、 undo shutdown IRF物理端口
int FortyGigE 1/0/54
undo shutdown
# 6、保存当前配置。
save force
# 7、激活IRF端口下的配置,激活IRF端口会引起IRF合并,被选为从设备的成员设备重启。
# 先返回主设备执行命令
irf-port-configuration active
#
reboot
# IRF-BFD
# 使用三层聚合接口进行BFD MAD检测配置
int Route-Aggregation 1024
#
int ran g 1/0/48 g 2/0/48
port link-mode route
port link-aggregation group 1024
#
int Route-Aggregation 1024
description IRF-BFD
mad bfd enable
mad ip add 1.1.1.1 30 member 1
mad ip add 1.1.1.2 30 member 2
#
-----------------------------------------------
# 配置vlan,聚合链路
vlan 30
int bri 1
link-agg mode dy
qu
int ran g 1/0/1 g 1/0/2 g 2/0/1 g 2/0/2
port link-agg grou 1
qu
int bri 1
p l t
p t per vlan 30
qu
int bri 2
link-agg mode dy
qu
int ran g 1/0/11 g 2/0/11
port link-agg grou 2
qu
int bri 2
p l a
p acc vlan 30
配置 M-LAG 设备与上行设备之间的OSPF协议
# SW1
ospf 100 router 1.1.1.1
silen vlan 10
silen vlan 20
silen vlan 30
area 0
net 1.1.1.1 0.0.0.0
net 17.1.1.1 0.0.0.0
net 18.1.1.1 0.0.0.0
net 192.168.10.254 0.0.0.0
net 192.168.20.254 0.0.0.0
net 192.168.30.254 0.0.0.0
net 192.168.101.1 0.0.0.0
qu
int ran g 1/0/21 g 1/0/22 vlan 101
ospf net p2p
#
# SW2
ospf 100 router 2.2.2.2
silen vlan 10
silen vlan 20
silen vlan 30
area 0
net 2.2.2.2 0.0.0.0
net 27.1.1.2 0.0.0.0
net 28.1.1.2 0.0.0.0
net 192.168.10.254 0.0.0.0
net 192.168.20.254 0.0.0.0
net 192.168.30.254 0.0.0.0
net 192.168.101.2 0.0.0.0
qu
int ran g 1/0/21 g 1/0/22 vlan 101
ospf net p2p
#
# R7
ospf 100 router 7.7.7.7
area 0
net 7.7.7.7 0.0.0.0
net 17.1.1.7 0.0.0.0
net 27.1.1.7 0.0.0.0
net 78.1.1.7 0.0.0.0
qu
int ran g 0/1 g 0/2 g 5/0
ospf net p2p
#
# R8
ospf 100 router 8.8.8.8
area 0
net 8.8.8.8 0.0.0.0
net 18.1.1.8 0.0.0.0
net 28.1.1.8 0.0.0.0
net 78.1.1.8 0.0.0.0
qu
int ran g 0/1 g 0/2 g 5/0
ospf net p2p
#
测试结果:
M-LAG系统状态正常
# 显示M-LAG系统的接口摘要信息。
[SW1]dis m-lag summary
Flags: A -- Aggregate interface down, B -- No peer M-LAG interface configured
C -- Configuration consistency check failed
Peer-link interface: BAGG1
Peer-link interface state (cause): UP
Keepalive link state (cause): UP
M-LAG interface information
M-LAG IF M-LAG group Local state (cause) Peer state Remaining down time(s)
BAGG11 11 UP UP -
BAGG12 12 UP UP -
[SW1]
# 显示M-LAG系统Keepalive报文的信息。
[SW1]dis m-lag keepalive
Neighbor keepalive link status (cause): Up
Neighbor is alive for: 674 s 800 ms
Keepalive packet transmission status:
Sent: Successful
Received: Successful
Last received keepalive packet information:
Source IP address: 12.1.1.2
Time: 2025/03/20 23:35:33
Action: Accept
M-LAG keepalive parameters:
Destination IP address: 12.1.1.2
Source IP address: 12.1.1.1
Keepalive UDP port : 6400
Keepalive VPN name : N/A
Keepalive interval : 1000 ms
Keepalive timeout : 5 sec
Keepalive hold time: 3 sec
[SW1]
# 显示M-LAG系统信息
[SW1]dis m-lag system
System information
Local system number: 1 Peer system number: 2
Local system MAC: 0001-0001-0001 Peer system MAC: 0001-0001-0001
Local system priority: 12345 Peer system priority: 12345
Local bridge MAC: 6e32-12f2-0300 Peer bridge MAC: 6e32-1893-0400
Local effective role: Primary Peer effective role: Secondary
Health level: 0
Standalone mode on split: Enabled
In standalone mode: No
System timer information
Timer State Value (s) Remaining time (s)
Auto recovery Disabled - -
Restore delay Disabled 300 -
Consistency-check delay Disabled 150 -
Standalone delay Disabled 0 -
Role to None delay Disabled 60 -
[SW1]
# 显示M-LAG系统的接口详细信息
[SW1]dis m-lag verbose
Flags: A -- Home_Gateway, B -- Neighbor_Gateway, C -- Other_Gateway,
D -- PeerLink_Activity, E -- DRCP_Timeout, F -- Gateway_Sync,
G -- Port_Sync, H -- Expired
Peer-link interface/Peer-link interface ID: BAGG1/1
State: UP
Cause: -
Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG
Local Selected ports (index): XGE1/0/51 (52), XGE1/0/52 (53)
Peer Selected ports indexes: 52, 53
Reserved VLANs: -
M-LAG interface/M-LAG group ID: BAGG11/11
Local M-LAG interface state: UP
Peer M-LAG interface state: UP
M-LAG group state: UP
Local M-LAG interface down cause: -
Remaining M-LAG DOWN time: -
Local M-LAG interface LACP MAC: Config=N/A, Effective=0001-0001-0001
Peer M-LAG interface LACP MAC: Config=N/A, Effective=0001-0001-0001
Local M-LAG interface LACP priority: Config=32768, Effective=12345
Peer M-LAG interface LACP priority: Config=32768, Effective=12345
Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG
Local Selected ports (index): GE1/0/11 (12)
Peer Selected ports indexes: 12
M-LAG interface/M-LAG group ID: BAGG12/12
Local M-LAG interface state: UP
Peer M-LAG interface state: UP
M-LAG group state: UP
Local M-LAG interface down cause: -
Remaining M-LAG DOWN time: -
Local M-LAG interface LACP MAC: Config=N/A, Effective=0001-0001-0001
Peer M-LAG interface LACP MAC: Config=N/A, Effective=0001-0001-0001
Local M-LAG interface LACP priority: Config=32768, Effective=12345
Peer M-LAG interface LACP priority: Config=32768, Effective=12345
Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG
Local Selected ports (index): GE1/0/1 (2), GE1/0/2 (3)
Peer Selected ports indexes: 2, 3
[SW1]
路由协议正常
# 查看SW1上OSPF邻居信息。
[SW1]dis ospf peer
OSPF Process 100 with Router ID 1.1.1.1
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
7.7.7.7 17.1.1.7 1 33 Full/ - GE1/0/21
8.8.8.8 18.1.1.8 1 38 Full/ - GE1/0/22
2.2.2.2 192.168.101.2 1 35 Full/ - Vlan101
[SW1]
# 查看SW2上OSPF邻居信息。
[SW2]dis ospf peer
OSPF Process 100 with Router ID 2.2.2.2
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
8.8.8.8 28.1.1.8 1 39 Full/ - GE1/0/21
7.7.7.7 27.1.1.7 1 33 Full/ - GE1/0/22
1.1.1.1 192.168.101.1 1 37 Full/ - Vlan101
[SW2]
# 查看R7上OSPF邻居信息。
[R7]dis ospf peer
OSPF Process 100 with Router ID 7.7.7.7
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
1.1.1.1 17.1.1.1 1 37 Full/ - GE0/1
8.8.8.8 78.1.1.8 1 32 Full/ - GE0/2
2.2.2.2 27.1.1.2 1 35 Full/ - GE5/0
[R7]
PC_1 连通性测试
<H3C>ping -c 2 192.168.20.1
Ping 192.168.20.1 (192.168.20.1): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.20.1: icmp_seq=0 ttl=254 time=8.381 ms
56 bytes from 192.168.20.1: icmp_seq=1 ttl=254 time=8.440 ms
--- Ping statistics for 192.168.20.1 ---
2 packet(s) transmitted, 2 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 8.381/8.411/8.440/0.029 ms
<H3C>%Mar 20 23:40:36:632 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.20.1: 2 packet(s) transmitted, 2 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 8.381/8.411/8.440/0.029 ms.
ping -c 2 192.168.30.2
Ping 192.168.30.2 (192.168.30.2): 56 data bytes, press CTRL_C to break
56 bytes from 192.168.30.2: icmp_seq=0 ttl=254 time=7.895 ms
56 bytes from 192.168.30.2: icmp_seq=1 ttl=254 time=6.496 ms
--- Ping statistics for 192.168.30.2 ---
2 packet(s) transmitted, 2 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 6.496/7.196/7.895/0.699 ms
<H3C>%Mar 20 23:41:20:108 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 192.168.30.2: 2 packet(s) transmitted, 2 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 6.496/7.196/7.895/0.699 ms.
ping -c 2 7.7.7.7
Ping 7.7.7.7 (7.7.7.7): 56 data bytes, press CTRL_C to break
56 bytes from 7.7.7.7: icmp_seq=0 ttl=254 time=6.826 ms
56 bytes from 7.7.7.7: icmp_seq=1 ttl=254 time=5.240 ms
--- Ping statistics for 7.7.7.7 ---
2 packet(s) transmitted, 2 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 5.240/6.033/6.826/0.793 ms
<H3C>%Mar 20 23:41:26:639 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 7.7.7.7: 2 packet(s) transmitted, 2 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 5.240/6.033/6.826/0.793 ms.
ping -c 2 8.8.8.8
Ping 8.8.8.8 (8.8.8.8): 56 data bytes, press CTRL_C to break
56 bytes from 8.8.8.8: icmp_seq=0 ttl=254 time=18.216 ms
56 bytes from 8.8.8.8: icmp_seq=1 ttl=254 time=7.013 ms
--- Ping statistics for 8.8.8.8 ---
2 packet(s) transmitted, 2 packet(s) received, 0.0% packet loss
round-trip min/avg/max/std-dev = 7.013/12.615/18.216/5.601 ms
<H3C>%Mar 20 23:41:31:509 2025 H3C PING/6/PING_STATISTICS: Ping statistics for 8.8.8.8: 2 packet(s) transmitted, 2 packet(s) received, 0.0% packet loss, round-trip min/avg/max/std-dev = 7.013/12.615/18.216/5.601 ms.
<H3C>
SW1或SW2的上行接口故障时,PC仍然可以与R7通信
- PC_1 ping 7.7.7.7 ,手动shutdownSW1的上联接口,观察现象
- PC_2 ping 7.7.7.7 ,手动shutdownSW1的上联接口,观察现象
PC_1和PC_2执行:ping -r -c 10000 7.7.7.7
[SW1]int ran g 1/0/21 g 1/0/22
[SW1-if-range]shut
观察发现PC_2 出现一个icmp request 超时,而PC_1正常不出现超时现象(一开始负载均衡走的SW2)
SW1和SW2的peerlink链路故障时,PC仍然可以与R8通信
手动关闭peerlink物理接口,观察PC_1和PC_2访问网络
PC_1和PC_2执行:ping -r -c 10000 8.8.8.8
[SW1]int ran ten 1/0/51 ten 1/0/52
[SW1-if-range]shut
说明:
- M-LAG设备与下行设备之间建动态路由协议的问题:仅设备/服务器和M-LAG设备存在建立路由邻居的需求时需要配置(官方废话)
- port m-lag virtual-ip,配置接口的M-LAG虚拟IPv4地址;作用OSPF使用接口的从IP地址建立邻居关系
- m-lag consistency-check disable ,理论上要开这个,但是不知是否是HCL模拟器的原因,开启后M-LAG有问题
- 一致性检查功能的关闭的使用场景:当M-LAG系统中两台设备因为版本升级等原因,导致设备配置不一致。此时,为了避免因配置一致性检查而关闭M-LAG组接口,可以通过 disable命令关闭分布式聚合配置一致性检查,保证M-LAG组接口正常工作
- M-LAG保留接口:peerlink链路故障但是keepalive链路正常,从设备上除保留接口外其他接口处于MAD DWON状态;主设备上的m-lag组接口为up,从设备上的m-lag组接口处于down,保证所有流量经过主设备转发;一旦peerlink链路恢复,延迟默认30秒后自动恢复
- 主设备故障,从设备升级为主设备;主设备再次恢复,变为从设备,不会自动进行 倒换。
- m-lag standalone enable ,M-LAG系统分裂后设备独立工作功能开启,配合lacp优先级,保障设备上的单挂设备通信
- Server_2的openwrt安装bond软件包出错,无法配置网卡bond