lzwe6xcg.png

整體規(guī)劃
本架構(gòu)是在小型企業(yè)網(wǎng)絡(luò)思路上進(jìn)行增強
https://90apt.com/2449

功能實現(xiàn)

1、easy-irf快速堆疊，配置心跳檢測
2、OSPF分區(qū)域、雙線配置雙路由、配置p2p模式、限制收發(fā)OSPF報文端口

模擬器實驗
線纜全部鏈接完成

m03grlc5.png

IP規(guī)劃

網(wǎng)段劃分 loopback 0 網(wǎng)絡(luò)核心 10.100.0.1 監(jiān)控核心 10.100.0.2 網(wǎng)絡(luò)匯聚 10.100.0.3 監(jiān)控匯聚 10.100.0.4 網(wǎng)絡(luò)核心1/0/49to監(jiān)控核心1/0/49 10.100.1.1/30 10.100.1.2/30 網(wǎng)絡(luò)核心2/0/49to監(jiān)控核心1/0/50 10.100.1.5/30 10.100.1.6/30 網(wǎng)絡(luò)核心1/0/50to網(wǎng)絡(luò)匯聚1/0/50 10.100.1.9/30 10.100.1.10/30 網(wǎng)絡(luò)核心2/0/50to網(wǎng)絡(luò)匯聚1/0/49 10.100.1.13/30 10.100.1.14/30 監(jiān)控核心1/0/51to監(jiān)控匯聚1/0/49 10.100.1.17/30 10.100.1.18/30 網(wǎng)絡(luò)配置 網(wǎng)絡(luò)核心 堆疊 1/0/53 to 2/0/53 1/0/54 to 2/0/54 心跳 1/0/48 to 2/0/48 模擬器限制，連接會死機(jī)，不進(jìn)行連接 IP地址 網(wǎng)絡(luò)匯聚 vlan102 10.100.102.1/24 監(jiān)控匯聚 vlan103 10.100.103.1/24 網(wǎng)絡(luò)主機(jī) 10.100.102.2/24 監(jiān)控主機(jī) 10.100.103.2/24 ospf區(qū)域 網(wǎng)絡(luò)核心 area0 10.100.1.0 0.0.0.3 10.100.1.4 0.0.0.3 10.100.1.8 0.0.0.3 10.100.1.12 0.0.0.3 監(jiān)控核心 area0 10.100.1.0 0.0.0.3 10.100.1.4 0.0.0.3 10.100.1.16 0.0.0.3 網(wǎng)絡(luò)匯聚 area0 10.100.1.8 0.0.0.3 10.100.1.12 0.0.0.3 area1 10.100.102.0 0.0.0.255 監(jiān)控匯聚 area0 10.100.1.16 0.0.0.3 area1 10.100.103.0 0.0.0.255

一、進(jìn)行核心堆疊
1、配置交換機(jī)名

hostname wangluo hexin

2、核心1配置

easy-irf member 1 domain 0 priority 24 irf-port1 FortyGigE 1/0/53 FortyGigE 1/0/54a 保存配置 save

3、核心2配置
第二臺核心編號重命名為2，優(yōu)先級18，低于第一臺24

easy-irf member 1 renumber 2 domain 0 priority 18 irf-port2 FortyGigE 1/0/5 3 FortyGigE 1/0/54

按提示，輸入Y重啟

4、配置堆疊心跳檢測BFD MAD
由于模擬器限制，配置完后心跳線連接會死機(jī)，因此心跳線不連接
堆疊心跳檢測BFD MAD

新建用于irf檢測的vlan，注意，后續(xù)trunk接口要阻止此VLAN通過

vlan 4094 description irf-mad qu

創(chuàng)建VPN實例，用于隔離路由路由表

ip vpn-instance mgmt route-distinguisher 1:1 qu

配置虛接口，配置心跳檢測IP，綁定VPN實例

int vlan4094 description irf-mad ip binding vpn-instance mgmt mad bfd enable mad ip address 1.0.0.1 255.255.255.252 member 1 mad ip address 1.0.0.2 255.255.255.252 member 2 qu

心跳接口配置

interface GigabitEthernet 1/0/48 description irf-mad port access vlan 4094 undo stp enable interface GigabitEthernet 2/0/48 description irf-mad port access vlan 4094 undo stp enable

5、IRF保留接口，一般用于上行三層接口，設(shè)備分裂后保持通訊

mad exclude interface Ten-GigabitEthernet 2/0/50

二、配置所有IP地址
三層交換機(jī)改名、配置loopback地址、配置IP地址、PC配置IP地址

interface Ten-GigabitEthernet1/0/49 port link-mode route combo enable fiber ip address 10.100.1.1 255.255.255.252 interface LoopBack0 ip address 10.100.0.3 255.255.255.255 [wangluo huiju-GigabitEthernet1/0/1]ping 10.100.102.2 Ping 10.100.102.2 (10.100.102.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.100.102.2: icmp_seq=0 ttl=255 time=6.212 ms 56 bytes from 10.100.102.2: icmp_seq=1 ttl=255 time=3.258 ms 56 bytes from 10.100.102.2: icmp_seq=2 ttl=255 time=3.670 ms 56 bytes from 10.100.102.2: icmp_seq=3 ttl=255 time=2.772 ms 56 bytes from 10.100.102.2: icmp_seq=4 ttl=255 time=4.012 msm03gt6rm.png

三、配置OSPF
配置OSPF之前先配置loopback地址
三層接口使能OSPF，配置為P2P模式，放在區(qū)域0

[wangluo hexin-Ten-GigabitEthernet1/0/49]dis th # interface Ten-GigabitEthernet1/0/49 port link-mode route combo enable fiber ip address 10.100.1.1 255.255.255.252 ospf network-type p2p ospf 1 area 0.0.0.0

loopback使能OSPF，放在區(qū)域0

interface LoopBack0 ip address 10.100.0.3 255.255.255.255 ospf 1 area 0.0.0.0

VLAN使能OSPF，業(yè)務(wù)網(wǎng)段放在區(qū)域1

[wangluo huiju-Vlan-interface102]dis th # interface Vlan-interface102 ip address 10.100.102.1 255.255.255.0 ospf 1 area 0.0.0.1 #

全部配置完成后，網(wǎng)絡(luò)主機(jī)可ping通監(jiān)控主機(jī)

ping 10.100.103.2 Ping 10.100.103.2 (10.100.103.2): 56 data bytes, press CTRL_C to break 56 bytes from 10.100.103.2: icmp_seq=0 ttl=251 time=18.180 ms 56 bytes from 10.100.103.2: icmp_seq=1 ttl=251 time=9.608 ms 56 bytes from 10.100.103.2: icmp_seq=2 ttl=251 time=14.053 ms 56 bytes from 10.100.103.2: icmp_seq=3 ttl=251 time=13.112 ms 56 bytes from 10.100.103.2: icmp_seq=4 ttl=251 time=12.268 ms

四、OSPF優(yōu)化
限制OSPF收發(fā)報文的端口

[wangluo hexin-ospf-1]dis th # ospf 1 silent-interface all undo silent-interface Ten-GigabitEthernet1/0/49 undo silent-interface Ten-GigabitEthernet1/0/50 undo silent-interface Ten-GigabitEthernet2/0/49 undo silent-interface Ten-GigabitEthernet2/0/50 area 0.0.0.0

五、測試
網(wǎng)絡(luò)主機(jī)ping監(jiān)控主機(jī)，在ping過程中斷掉雙線中的一條，會丟包一個，刪除多個雙線中的一條，最多會丟包4個

m03gxqii.png
m03gxvbz.png

56 bytes from 10.100.103.2: icmp_seq=519 ttl=251 time=16.112 ms 56 bytes from 10.100.103.2: icmp_seq=520 ttl=251 time=20.881 ms 56 bytes from 10.100.103.2: icmp_seq=521 ttl=251 time=15.032 ms Request time out 56 bytes from 10.100.103.2: icmp_seq=523 ttl=251 time=36.649 ms 56 bytes from 10.100.103.2: icmp_seq=524 ttl=251 time=16.727 ms 56 bytes from 10.100.103.2: icmp_seq=525 ttl=251 time=15.137 ms 56 bytes from 10.100.103.2: icmp_seq=526 ttl=251 time=17.651 ms Request time out Request time out Request time out Request time out Request time out 56 bytes from 10.100.103.2: icmp_seq=532 ttl=251 time=13.904 ms 56 bytes from 10.100.103.2: icmp_seq=533 ttl=251 time=42.994 ms 56 bytes from 10.100.103.2: icmp_seq=534 ttl=251 time=27.916 ms 56 bytes from 10.100.103.2: icmp_seq=535 ttl=251 time=14.782 ms

六、實機(jī)測試
1、實際測試BFD防分裂能力
物理機(jī)配置BFD不存在死機(jī)問題，模擬器有BUG

m03kegvs.png

當(dāng)前1為主，2為從，共連接了1/0/18 2/0/18 2/0/23，其中2/0/23配置了IRF保留接口

直接拔掉兩條堆疊線
結(jié)果，終端BFD告警，交換機(jī)接口2/0/18停止工作，僅保留接口2/0/23保持工作

%Jan 7 12:29:20:050 2021 S5560X-30F-EI_09 BFD/5/BFD_CHANGE_FSM: Sess[1.0.0.1/1.0.0.2, LD/RD:32897/32897, Interface:Vlan4094, SessType:Ctrl, LinkType:INET], Ver:1, Sta: DOWN->INIT, Diag: 0 (No Diagnostic) %Jan 7 12:29:20:055 2021 S5560X-30F-EI_09 BFD/5/BFD_CHANGE_FSM: Sess[1.0.0.1/1.0.0.2, LD/RD:32897/32897, Interface:Vlan4094, SessType:Ctrl, LinkType:INET], Ver:1, Sta: INIT->UP, Diag: 0 (No Diagnostic) %Jan 7 12:29:22:747 2021 S5560X-30F-EI_09 DEV/3/BOARD_REMOVED: Board was removed from slot 2, type is unknown.

插回堆疊線，交換機(jī)2自動重啟

2、測試堆疊切換
直接拔掉交換機(jī)1的電源線
交換機(jī)2成為主交換機(jī)繼續(xù)工作

交換機(jī)1插電
交換機(jī)1成為從交換機(jī)，交換機(jī)2保持主交換機(jī)，通訊恢復(fù)

總結(jié)
爽

作者聲明本文無利益相關(guān)，歡迎值友理性交流，和諧討論～

,