HCL_一个小实验的思路

Jan 21st 21 H3C Cloud Lab 7 minutes read (About 1019 words)

This is an article that was created 1337 days ago, and the information may have evolved or changed.

实验说明：

设备互联线路，IP 地址、路由协议、可靠性等配置自定义

实验效果：

PC_1 网段流量经R1出互联网
PC_2 网段流量经R2出互联网
当任意互联网线路故障后，全部流量走另一线路出互联网

解决思路：

设备互联，IP地址规划如图

Core_SW1、Core_SW2 做堆叠，F1/0/53 to F1/0/54堆叠口，Ten 1/0/50为 BFD 检测线

<Core_SW1>dis irf
MemberID    Role    Priority  CPU-Mac         Description
 *+1        Master  15        72f0-e201-0504  ---
   2        Standby 10        72f0-e6bc-0604  ---
--------------------------------------------------
 * indicates the device is the master.
 + indicates the device through which the user logs in.
 <Core_SW1>dis irf topology 
                              Topology Info
 -------------------------------------------------------------------------
               IRF-Port1                IRF-Port2          
 MemberID    Link       neighbor      Link       neighbor    Belong To
 1           DIS        ---           UP         2           72f0-e201-0504
 2           UP         1             DIS        ---         72f0-e201-0504

核心交换机 Core_SW 与 R1, R2 之间启用三层聚合链路

<Core_SW1>dis link-aggregation summary 
Aggregation Interface Type: 
BAGG -- Bridge-Aggregation, BLAGG -- Blade-Aggregation, RAGG -- Route-Aggregation, SCH-B -- Schannel-Bundle 
Aggregation Mode: S -- Static, D -- Dynamic 
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor System ID: 0x8000, 72f0-e201-0500

AGG        AGG   Partner ID              Selected  Unselected  Individual  Share
Interface  Mode                          Ports     Ports       Ports       Type 
--------------------------------------------------------------------------------
BAGG3      S     None                    2         0           0           Shar 
RAGG1      S     None                    2         0           0           Shar 
RAGG2      S     None                    2         0           0           Shar 
<Core_SW1>dis ip int b
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description 
GE1/0/1                  up       up       --              --
GE1/0/2                  up       up       --              --
GE2/0/1                  up       up       --              --
GE2/0/2                  up       up       --              --
MGE0/0/0                 down     down     --              --
RAGG1                    up       up       10.1.1.1        --
RAGG2                    up       up       10.1.1.5        --
Vlan10                   up       up       192.168.10.254  --
Vlan20                   up       up       192.168.20.254  --

<R1>dis link-aggregation verbose 
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing 
Port: A -- Auto
Port Status: S -- Selected, U -- Unselected, I -- Individual 
Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, 
        D -- Synchronization, E -- Collecting, F -- Distributing,  
        G -- Defaulted, H -- Expired

Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
  Port             Status  Priority Oper-Key
--------------------------------------------------------------------------------
  GE0/1            S       32768    1         
  GE0/2            S       32768    1         
<R1>dis ip int b
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description 
GE0/0                    up       up       101.1.1.1       --
GE0/1                    up       up       --              --
GE0/2                    up       up       --              --
GE5/0                    down     down     --              --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
RAGG1                    up       up       10.1.1.2        --
Ser1/0                   down     down     --              --
Ser2/0                   down     down     --              --
Ser3/0                   down     down     --              --
Ser4/0                   down     down     --              --

<R2>dis link-aggregation verbose 
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing 
Port: A -- Auto
Port Status: S -- Selected, U -- Unselected, I -- Individual 
Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, 
        D -- Synchronization, E -- Collecting, F -- Distributing,  
        G -- Defaulted, H -- Expired

Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
  Port             Status  Priority Oper-Key
--------------------------------------------------------------------------------
  GE0/1            S       32768    1         
  GE0/2            S       32768    1         
<R2>dis ip int b
*down: administratively down
(s): spoofing  (l): loopback
Interface                Physical Protocol IP Address      Description 
GE0/0                    up       up       201.1.1.1       --
GE0/1                    up       up       --              --
GE0/2                    up       up       --              --
GE5/0                    down     down     --              --
GE5/1                    down     down     --              --
GE6/0                    down     down     --              --
GE6/1                    down     down     --              --
RAGG1                    up       up       10.1.1.6        --
Ser1/0                   down     down     --              --
Ser2/0                   down     down     --              --
Ser3/0                   down     down     --              --
Ser4/0                   down     down     --              --

核心交换机 Core_SW 与 SW3 之间启用二层聚合链路

<SW3>dis link-aggregation verbose 
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing 
Port: A -- Auto
Port Status: S -- Selected, U -- Unselected, I -- Individual 
Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation, 
        D -- Synchronization, E -- Collecting, F -- Distributing,  
        G -- Defaulted, H -- Expired

Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
  Port             Status  Priority Oper-Key
--------------------------------------------------------------------------------
  GE1/0/1          S       32768    1         
  GE1/0/2          S       32768    1

核心交换机 Core_SW 配置静态路由；R1、R2 配置默认路由下一跳指向 ISP 设备地址、配置回程静态路由指向 Core_SW 三层聚合接口地址

<Core_SW1>dis cur | inc route
policy-based-route vlan20nexthop permit node 1
 ip policy-based-route vlan20nexthop
 port link-mode route
 port link-mode route
 port link-mode route
 port link-mode route
 ip route-static 0.0.0.0 0 10.1.1.2 track 2
 ip route-static 0.0.0.0 0 10.1.1.6 preference 80

<R1>dis ip routing-table pro static 

Summary count : 3

Static Routing table status : <Active>
Summary count : 3

Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/0          Static  60  0           101.1.1.2       GE0/0
192.168.10.0/24    Static  60  0           10.1.1.1        RAGG1
192.168.20.0/24    Static  60  0           10.1.1.1        RAGG1

Static Routing table status : <Inactive>
Summary count : 0

<R2>dis ip routing-table pro static 

Summary count : 3

Static Routing table status : <Active>
Summary count : 3

Destination/Mask   Proto   Pre Cost        NextHop         Interface
0.0.0.0/0          Static  60  0           201.1.1.2       GE0/0
192.168.10.0/24    Static  60  0           10.1.1.5        RAGG1
192.168.20.0/24    Static  60  0           10.1.1.5        RAGG1

Static Routing table status : <Inactive>
Summary count : 0

核心交换机 Core_SW 配置 NQA，检测 ISP_1, ISP_2 可达性，关联 Track 与静态路由、策略路由联动

#
nqa entry admin isp_1_test
 type icmp-echo
  destination ip 101.1.1.2
  frequency 2000
  history-record enable
  history-record number 5
  next-hop ip 10.1.1.2
  probe count 5
  probe timeout 1000
  reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
  source ip 10.1.1.1
#
nqa entry admin isp_2_test
 type icmp-echo
  destination ip 201.1.1.2
  frequency 2000
  history-record enable
  history-record number 5
  next-hop ip 10.1.1.6
  probe count 5
  probe timeout 1000
  reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
  source ip 10.1.1.5
#
 nqa schedule admin isp_1_test start-time now lifetime forever
 nqa schedule admin isp_2_test start-time now lifetime forever

1
2
3

track 1 nqa entry admin isp_2_test reaction 1
#
track 2 nqa entry admin isp_1_test reaction 1

#
 ip route-static 0.0.0.0 0 10.1.1.2 track 2
 ip route-static 0.0.0.0 0 10.1.1.6 preference 80
#

#
policy-based-route vlan20nexthop permit node 1
 if-match acl 3001
 apply next-hop 10.1.1.6 track 1
#

#
acl advanced 3001
 rule 5 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 10 permit ip source 192.168.20.0 0.0.0.255
#

ISP 网络设备配置 OSPF

<ISP_NETWORK>dis ip routing-table  protocol ospf

Summary count : 5

OSPF Routing table status : <Active>
Summary count : 2

Destination/Mask   Proto   Pre Cost        NextHop         Interface
101.1.1.0/30       O_INTRA 10  2           101.1.1.5       GE0/1
201.1.1.0/30       O_INTRA 10  2           201.1.1.5       GE0/2

OSPF Routing table status : <Inactive>
Summary count : 3

Destination/Mask   Proto   Pre Cost        NextHop         Interface
1.2.3.4/32         O_INTRA 10  0           0.0.0.0         Loop0
101.1.1.4/30       O_INTRA 10  1           0.0.0.0         GE0/1
201.1.1.4/30       O_INTRA 10  1           0.0.0.0         GE0/2

#H3C Cloud Lab

HCL_一个小实验的思路

实验效果：

解决思路：

Your browser is out-of-date!