华为M-Lag最佳实践
Server leaf的M-LAG配置
配置M-LAG
[~ServerLeaf1_1]
stp mode rstp
stp v-stp enable //配置V-STP方式的M-LAG
stp tc-protection //使能设备对TC类型BPDU报文的保护功能
stp bpdu-protection //使能设备的BPDU保护功能
arp ip-conflict-detect enable //使能设备的IP地址冲突检测的功能,网络虚拟化场景不需要配置
#
[~ServerLeaf1_2]
stp mode rstp
stp v-stp enable //配置V-STP方式的M-LAG
stp tc-protection
stp bpdu-protection
arp ip-conflict-detect enable
#
配置M-LAG的DFS组
[~ServerLeaf1_1]
ip vpn-instance DAD //配置DAD VPN
ipv4-family
route-distinguisher 21:14
#
interface Eth-Trunk20 //配置双主检测链路,DAD成员口在框式设备上必须跨板部署
trunkport 10GE 1/0/47 to 1/0/48
mode lacp-static
undo portswitch
ip binding vpn-instance DAD
ip address 10.254.124.2 255.255.255.0 //配置source ip地址
m-lag unpaired-port reserved
#
dfs-group 1
priority 150 //配置DFS优先级高于对端,默认是100
source ip 10.254.124.2 vpn-instance DAD peer 10.254.124.3
dual-active detection enhanced enable
#
[~ServerLeaf1_2]
ip vpn-instance DAD
ipv4-family
route-distinguisher 22:14
#
interface Eth-Trunk20
trunkport 10GE 1/0/47 to 1/0/48
mode lacp-static
undo portswitch
ip binding vpn-instance DAD
ip address 10.254.124.3 255.255.255.0
m-lag unpaired-port reserved
#
dfs-group 1
source ip 10.254.124.3 vpn-instance DAD peer 10.254.124.2
dual-active detection enhanced enable
#
配置peer-link
[~ServerLeaf1_1]
interface Eth-Trunk0 //如果是框式设备,则Peer-link成员口必须跨板部署,保证链路可靠性。如果单板速率不一致可配置lacp mixed-rate link enable来允许不同速率端口混合捆绑
trunkport 40GE 1/0/5 to 1/0/6
mode lacp-static
peer-link 1
#
[~ServerLeaf1_2]
interface Eth-Trunk0
trunkport 40GE 1/0/5 to 1/0/6
mode lacp-static
peer-link 1
#
配置业务服务器以负载分担方式接入。
[~ServerLeaf1_1]
interface eth-trunk 10
port link-type trunk
undo port trunk allow-pass vlan 1
trunkport 10ge 1/0/1
dfs-group 1 m-lag 10
mode lacp-static
stp edged-port enable //配置边缘端口
#
interface 10GE1/0/1 //服务器接入端口
storm suppression unknown-unicast 5 //配置未知单播抑制,经验值为10GE端口的5%带宽,建议业务端口都部署
storm suppression multicast packets 1000 //配置组播报文抑制,接入VXLAN的为组播业务时不可以配置,单播流量可配置,经验值为1000pps
storm suppression broadcast packets 1000 //配置广播报文抑制,经验值为1000pps,建议业务端口都部署
#
[~ServerLeaf1_2]
interface eth-trunk 10
port link-type trunk
undo port trunk allow-pass vlan 1
trunkport 10ge 1/0/1
dfs-group 1 m-lag 10
mode lacp-static
stp edged-port enable
#
interface 10GE1/0/1
storm suppression unknown-unicast 5
storm suppression multicast packets 1000
storm suppression broadcast packets 1000
#
配置服务器以主备方式接入。
[~ServerLeaf1_1]
interface 10GE1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1 //不放通VLAN1,防止成环
storm suppression unknown-unicast 5 //配置未知单播抑制,经验值为10GE端口的5%带宽,建议业务端口都部署
storm suppression multicast packets 1000 //配置组播报文抑制,接入VXLAN的为组播业务时不可以配置,单播流量可配置,经验值为1000pps
storm suppression broadcast packets 1000 //配置广播报文抑制,经验值为1000pps,建议业务端口都部署
stp edged-port enable
#
[~ServerLeaf1_2]
interface 10GE1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
storm suppression unknown-unicast 5
storm suppression multicast packets 1000
storm suppression broadcast packets 1000
stp edged-port enable
配置monitor-link关联上行接口和下行接口,避免单台设备的所有上行链路都故障时,本台设备用户侧流量无法转发。
Downlink只列出了1个端口做示例,实际部署时请根据规划补齐。
[~ServerLeaf1_1]
monitor-link group 1
port 40GE1/0/1 uplink
port 40GE1/0/2 uplink
port Eth-Trunk10 downlink 1
timer recover-time 60 //配置回切时间,防止上行故障回切丢包。
#
[~ServerLeaf1_2]
monitor-link group 1
port 40GE1/0/1 uplink
port 40GE1/0/2 uplink
port Eth-Trunk10 downlink 1
timer recover-time 60
#
配置Underlay路由(以OSPF为例)。
[~ServerLeaf1_1]
bfd //全局使能BFD功能
#
ospf 1 router-id 10.125.98.3
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 500 min-rx-interval 500 detect-multiplier 3 //配置BFD的参数为500ms*3
lsa-arrival-interval intelligent-timer 50 50 50 //设置OSPF LSA接收的时间间隔,优化收敛时间
area 0.0.0.0
network 10.125.97.20 0.0.0.3
network 10.125.97.36 0.0.0.3 //分别建立与2台Border Leaf设备的路由邻居
network 10.125.98.3 0.0.0.0
network 10.125.99.2 0.0.0.0 //发布Loopback地址;请勿发布V3版本中作为VXLAN Bypass隧道的Loopback地址
#
[~ServerLeaf1_2]
bfd
#
ospf 1 router-id 10.125.98.4
bfd all-interfaces enable
bfd all-interfaces min-tx-interval 500 min-rx-interval 500 detect-multiplier 3 //配置BFD的参数为500ms*3
lsa-arrival-interval intelligent-timer 50 50 50 //优化三层架构,两台物理设备之间多路ECMP情况的OSPF收敛时间
area 0.0.0.0
network 10.125.97.24 0.0.0.3
network 10.125.97.40 0.0.0.3
network 10.125.98.4 0.0.0.0
network 10.125.99.2 0.0.0.0
#
配置网络故障收敛性能优化
’
[~ServerLeaf1_1][~ServerLeaf1_2]
interface 40GE1/0/2
ospf peer hold-max-cost timer 300000 //所有Spine和Leaf配置OSPF邻居建立后在本地设备的LSA中保持最大开销值的时间300s,源于240s的M-LAG延迟UP时间(同时overlay路由收敛)+ 60s的设备表项同步时间
#
interface 40GE1/0/3
ospf peer hold-max-cost timer 300000
#
端口优化配置
批量配置端口CRC检测:在peer-link成员口、与Spine互联的口上必须配置。
[~ServerLeaf_1][~ServerLeaf_2]
port-group group-member 40GE 1/0/0 to 40GE 1/0/3
port crc-statistics trigger error-down
trap-threshold crc-statistics 100 interval 10
//配置备份链路的接口检测CRC错包,在接收到CRC错误报文达到告警阈值时触发接口Error-Down,保证数据传输的正确性。
批量关闭不使用的端口并调大stp cost值。
[~ServerLeaf_1][~ServerLeaf_2]
port-group group-member 10GE 1/0/10 to 10GE 1/0/48
shutdown
stp instance 0 cost 10000
配置系统定时保存配置的功能
configuration file auto-save interval 360 delay 60 cpu-limit 60
浙公网安备 33010602011771号