组网及说明
组网简化如下:
配置步骤
FW部分配置:
|
|
FW1 |
FW2 |
|
RBM部分 |
# remote-backup group data-channel interface Route-Aggregation64 local-ip 192.60.12.1 remote-ip 192.60.12.2 device-role primary # |
# remote-backup group data-channel interface Route-Aggregation64 local-ip 192.60.12.2 remote-ip 192.60.12.1 device-role secondary # |
|
VRRP部分 |
# interface Route-Aggregation1.10 ip address 10.16.1.1 255.255.255.0 vrrp vrid 101 virtual-ip 100.16.1.10 255.255.255.0 active vlan-type dot1q vid 101 # |
# interface Route-Aggregation1.10 ip address 10.16.1.2 255.255.255.0 vrrp vrid 101 virtual-ip 100.16.1.10 255.255.255.0 standby vlan-type dot1q vid 101 #
|
Border配置vlan对接,配置
#
interface Bridge-Aggregation11
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101
link-aggregation mode dynamic
#
interface Bridge-Aggregation12
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101
link-aggregation mode dynamic
#
interface Vlan-interface101
ip address 100.16.1.3 255.255.255.0
#
配置关键点
配置要点:
1. Border使用vlan接口对接,并在vlan-if接口下配置IP地址。
2. FW配置VRRP虚拟地址时候配置掩码参数,并保持和对端设备掩码一致。mask:表示IPv4地址的掩码,点分十进制格式。不指定mask和mask-length时,缺省使用32位掩码。
3. 在子接口下配置VRRP时需要先配置vlan终结命令(vlan-type dot1q vid xxx),再配置VRRP。防止VRRP震荡。详情可以参考:某局点RBM结合VRRP组网下新增配置导致RBM状态切换典型分析
验证:
在FW1上查看学习到的ARP信息,包括FW2接口地址(10.16.1.2)以及Border上vlan-if地址对应的ARP:
RBM_P<FW_01>disp arp
Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid
IP address MAC address VLAN/VSI name Interface/Link ID Aging Type
10.16.1.2 3c8c-40be-9b5e -- RAGG1.10 17 D
100.16.1.3 b0f9-63b3-c46e -- RAGG1.10 16 D
在FW2上查看学习到的ARP信息,只有FW1接口地址(10.16.1.1)对应的ARP信息:
RBM_S<FW_02>disp arp
Type: S-Static D-Dynamic O-Openflow R-Rule I-Invalid
IP address MAC address VLAN/VSI name Interface/Link ID Aging Type
10.16.1.1 9c06-1bff-3143 -- RAGG1.10 14 D
在Border上查看ARP表项,可以学到FW VRRP虚拟地址ARP,且对应的MAC为虚拟地址对应的MAC,从FW1互联的接口所学。
<Border>disp arp
Type: S-Static D-Dynamic O-Openflow R-Rule M-Multiport I-Invalid
IP address MAC address SVLAN/VSI Interface/Link ID Aging Type
100.16.1.10 0000-5e00-0165 101 BAGG11 10 D
通过查看ARP信息可以明确,RBM结合VRRP场景下支持VRRP虚拟地址和接口地址不在同一网段,VRRP协商详情如下:
RBM_P<FW_01>disp vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
RBM control channel is established
VRRP active group status : Master
VRRP standby group status: Master
Total number of virtual routers : 1
Interface Route-Aggregation1.10
VRID (group) : 101 (Active) Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : Not supported
Version : 3
Virtual IP : 100.16.1.10/24
Virtual MAC : 0000-5e00-0165
Master IP : 10.16.1.1
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作