Shulou(Shulou.com)06/01 Report--

Preface

With the rapid popularization and in-depth application of the network, a variety of value-added services have been widely deployed on the network, and the network bandwidth is also growing exponentially. A short-term interruption of the network may affect a large number of services and cause heavy losses. As the service bearer of the basic network, its high availability (High Availablity,HA) has increasingly become the focus of attention. For equipment providers or solution providers, whether they can provide end-to-end high-availability network solutions is not only a reflection of the manufacturer's technical strength, but also the key to survive in the fierce competition in the future.

How to define a high availability network

So how do you measure the availability of a network? First of all, a high availability network cannot fail frequently, as long as a failure occurs, even a short interruption will affect the business operation, especially in the current timely and packet loss and delay-sensitive services. this is especially true when services such as voice and video are widely deployed on the network. Second, high-availability networks should recover quickly, even if they fail. If a network does not fail once a year, but a failure takes hours or even days to recover, then the network is not a highly available network. In fact, fewer failures and short fault recovery time basically summarize the characteristics of high availability networks. In the actual network, the version quality of software and hardware is limited, and the network failure and service interruption caused by various human and non-technical factors can not be avoided. For this reason, it is important to develop technologies that allow the network to recover quickly from failures. In fact, if the network can always recover without interrupting (most) business, it can even be considered trouble-free for most users in terms of their business experience.

Overall plan (5 aspects)

1. Server clustering (windows linux Firewall)

two。 Routing Node (HSRP VRRP)

3. Line (lan:stp wan: [backup Technology])

4. Disk (raid raid1 raid5 raid6 raid10)

5. Network card (bond)

The specific steps and process of implementing the plan:

Scenario 2.vrrp

VRRP is the virtual router redundancy protocol. Virtual Router redundancy Protocol (VRRP) is a selection protocol that dynamically assigns the responsibility of a virtual router to one of the VRRP routers on the local area network. The VRRP router that controls the IP address of the virtual router is called the master router and is responsible for forwarding packets to these virtual IP addresses. Once the primary router is unavailable, this selection process provides a dynamic failover mechanism, which allows the IP address of the virtual router to be the default first-hop router for the end host. The advantage of using VRRP is that there is a higher availability of default paths without the need to configure dynamic routing or route discovery protocols on each end host. VRRP packets are encapsulated and sent in IP packets.

VRRP topology diagram

Required equipment:

Quidway R2621 3

Quidway S2403H-EI 2

4 mainframes

Specific steps:

SW1 configuration

System-view

System View: return to User View with Ctrl+Z.

[Quidway] sys

[Quidway] sysname SW1

[SW1] vlan 10

[SW1-vlan10] port e1/0/10

[SW1-vlan10] vlan 20

[SW1-vlan20] port e1/0/20

[SW1-vlan20] int e1/0/1

[SW1-Ethernet1/0/1] port link-type trunk

[SW1-Ethernet1/0/1] port trunk permit vlan all

Please wait... Done.

[SW1-Ethernet1/0/1] dis vlan

The following VLANs exist:

1 (default), 10, 20

[SW1-Ethernet1/0/1] int e1/0/24

[SW1-Ethernet1/0/24] port link-type trunk

[SW1-Ethernet1/0/24] port trunk permit vlan all

Please wait... Done.

SW2 configuration

System-view

System View: return to User View with Ctrl+Z.

[Quidway] sysname SW2

[SW2] vlan 10

[SW2-vlan10] port e1/0/10

[SW2-vlan10] vlan 20

[SW2-vlan20] port e1/0/20

[SW2-vlan20] int e1/0/1

[SW2-Ethernet1/0/1] port link-type trunk

[SW2-Ethernet1/0/1] port trunk permit vlan all

Please wait... Done.

[SW2-Ethernet1/0/1] int e1/0/24

[SW2-Ethernet1/0/24] port link-type trunk

[SW2-Ethernet1/0/24] port trunk permit vlan all

Please wait... Done.

R3 configuration

[Router] sysname R3

[R3] int e0

[R3-Ethernet0] ip add 3.3.3.3 24

[R3-Ethernet0] loopback

[R3-Ethernet0] int s0

[R3-Serial0] ip add 1.1.1.2 24

[R3-Serial0] shut

[R3-Serial0] undo shut

[R3-Serial0] int s1

[R3-Serial1] ip add 1.1.2.2 24

[R3-Serial1] shut

[R3-Serial1] undo shut

R1 configuration

[Router] sysname R1

[R1] int s0

[R1-Serial0] ip add 1.1.1.1 24

[R1-Serial0] shut

[R1-Serial0] undo shut

[R1-Serial0] int e0.1

[R1-Ethernet0.1] vlan-type dot1q vid 10

[R1-Ethernet0.1] ip add 192.168.10.1 24

[R1-Ethernet0.1] int e0.2

[R1-Ethernet0.2] vlan-type dot1q vid 20

[R1-Ethernet0.2] ip add 192.168.20.1 24

[R1-Ethernet0.2] quit

[R1] ip route-static 0.0.0.0 0.0.0.0 1.1.1.2

[R1] ping 3.3.3.3

PING 3.3.3.3: 56 data bytes, press CTRL_C to break

Reply from 3.3.3.3: bytes=56 Sequence=0 ttl=255 time = 25 ms

Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time = 26 ms

Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time = 25 ms

Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time = 25 ms

Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time = 25 ms

-3.3.3.3 ping statistics-

5 packets transmitted

5 packets received

0.005% packet loss

Round-trip min/avg/max = 25-25-26 ms

[R1] acl 2000 match-order auto

[R1-acl-2000] rule permit source any

Rule has been added to normal packet-filtering rules

[R1-acl-2000] quit

[R1] nat address-group 1.1.1.4 1.1.1.6 add

[R1] int s0

[R1-Serial0] nat outbound 2000 address-group add

[R1-Serial0] quit

[R1] vrrp ping-enable

Ping vrrp enable

[R1] int e0.1

[R1-Ethernet0.1] vrrp vrid 10 virtual-ip 192.168.10.254

[R1-Ethernet0.1] vrrp vrid 10 priority 120

[R1-Ethernet0.1] vrrp vrid 10 track s0 reduced 30

[R1-Ethernet0.1] int e0.2

[R1-Ethernet0.2] vrrp vrid 20 virtual-ip 192.168.20.254

[R1-Ethernet0.2] quit

R2 configuration

[Router] sysname R2

[R2] int s1

[R2-Serial1] ip add 1.1.2.1 24

[R2-Serial1] shut

[R2-Serial1] undo shut

[R2-Serial1] int e0.1

[R2-Ethernet0.1] vlan-type dot1q vid 10

[R2-Ethernet0.1] ip add 192.168.10.2 24

[R2-Ethernet0.1] int e0.2

[R2-Ethernet0.2] vlan-type dot1q vid 20

[R2-Ethernet0.2] ip add 192.168.20.2 24

[R2-Ethernet0.2] quit

[R2] ip route-static 0.0.0.0 0.0.0.0 1.1.2.2

[R2] acl 2000 m a

[R2-acl-2000] rule permit source any

Rule has been added to normal packet-filtering rules

[R2-acl-2000] quit

[R2] nat address-group 1.1.2.4 1.1.2.6 add

[R2] int s1

[R2-Serial1] nat outbound 2000 address-group add

[R2-Serial1] quit

[R2] vrrp ping-enable

Ping vrrp enable

[R2] int e0.1

[R2-Ethernet0.1] vrrp vrid 10 virtual-ip 192.168.10.254

[R2-Ethernet0.1] int e0.2

[R2-Ethernet0.2] vrrp vrid 20 virtual-ip 192.168.20.254

[R2-Ethernet0.2] vrrp vrid 20 priority 120

[R2-Ethernet0.2] vrrp vrid 20 track s1 reduced 30

[R2-Ethernet0.2] quit

[R2] ping 3.3.3.3

PING 3.3.3.3: 56 data bytes, press CTRL_C to break

Reply from 3.3.3.3: bytes=56 Sequence=0 ttl=255 time = 25 ms

Reply from 3.3.3.3: bytes=56 Sequence=1 ttl=255 time = 25 ms

Reply from 3.3.3.3: bytes=56 Sequence=2 ttl=255 time = 25 ms

Reply from 3.3.3.3: bytes=56 Sequence=3 ttl=255 time = 26 ms

Reply from 3.3.3.3: bytes=56 Sequence=4 ttl=255 time = 25 ms

-3.3.3.3 ping statistics-

5 packets transmitted

5 packets received

0.005% packet loss

Round-trip min/avg/max = 25-25-26 ms

[R2] dis vrrp

Ethernet0.2 | Virtual Router 20

State: Master

Virtual IP: 192.168.20.254

Priority: 120

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Track IF: Serial1 Priority reduced: 30

Ethernet0.1 | Virtual Router 10

State: Backup

Virtual IP: 192.168.10.254

Priority: 100

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Fault simulation 1, telecommunication network failure.

[R2] int s1

[R2-Serial1] shut / / simulated telecom network failure

% Interface Serial1 is down

[R2-Serial1] dis vrrp

Ethernet0.2 | Virtual Router 20

State: Backup

Virtual IP: 192.168.20.254

Priority: 90

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Track IF: Serial1 Priority reduced: 30

Ethernet0.1 | Virtual Router 10

State: Backup

Virtual IP: 192.168.10.254

Priority: 100

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

[R1] dis vrrp

Ethernet0.2 | Virtual Router 20

State: Master

Virtual IP: 192.168.20.254

Priority: 100

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Ethernet0.1 | Virtual Router 10

State: Master

Virtual IP: 192.168.10.254

Priority: 120

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Track IF: Serial0 Priority reduced: 30

Four hosts are working normally.

Fault simulation 2, Netcom network failure.

[R1] int s0

[R1-Serial0] shut / / simulate network failure

% Interface Serial0 is shut down

[R2] int s1

[R2-Serial1] undo shut / / restore telecom network

% Interface Serial1 is reset

[R2-Serial1]

: 41:31: Interface Serial1 is UP

[R2-Serial1] dis vrrp

Ethernet0.2 | Virtual Router 20

State: Master

Virtual IP: 192.168.20.254

Priority: 120

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Track IF: Serial1 Priority reduced: 30

Ethernet0.1 | Virtual Router 10

State: Master

Virtual IP: 192.168.10.254

Priority: 100

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

[R1] dis vrrp

Ethernet0.2 | Virtual Router 20

State: Backup

Virtual IP: 192.168.20.254

Priority: 100

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Ethernet0.1 | Virtual Router 10

State: Backup

Virtual IP: 192.168.10.254

Priority: 90

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Track IF: Serial0 Priority reduced: 30

Four hosts are working normally.

Fault simulation 3, the sub-port failed.

[R1] int s0

[R1-Serial0] undo shut / / restore Netcom network

% Interface Serial0 is reset

[R1-Serial0]

: 43:07: Interface Serial0 is UP

[R1-Serial0] quit

[R1] int e0.1

[R1-Ethernet0.1] shut / / simulated sub-port failure

% Interface Ethernet0.1 is shut down

[R1-Ethernet0.1]

: 43:30: Line protocol ip on the interface Ethernet0.1 is DOWN

[R1-Ethernet0.1] dis vrrp

Ethernet0.2 | Virtual Router 20

State: Backup

Virtual IP: 192.168.20.254

Priority: 100

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Ethernet0.1 | Virtual Router 10

State: Initialize

Virtual IP: 192.168.10.254

Priority: 120

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Track IF: Serial0 Priority reduced: 30

[R2] dis vrrp

Ethernet0.2 | Virtual Router 20

State: Master

Virtual IP: 192.168.20.254

Priority: 120

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

Track IF: Serial1 Priority reduced: 30

Ethernet0.1 | Virtual Router 10

State: Master

Virtual IP: 192.168.10.254

Priority: 100

Preempt: YES Delay Time: 0

Timer: 1

Auth Type: NO

The 4 hosts are still working properly.

Option 3-1:stp and Link aggregation

STP (Spanning Tree Protocol) is an acronym for spanning Tree Protocol. This protocol can be used to establish a tree topology in the network, eliminate the loops in the network, and achieve path redundancy through certain methods, but not necessarily. The main application of spanning Tree Protocol is to avoid single point of failure and network loopback in LAN, and to solve the problem of "broadcast storm" in ring Ethernet networks. in a sense, it is a kind of network protection technology. circular connections caused by errors or accidents can be eliminated. However, due to the limitations of the protocol mechanism, the STP topology converges slowly, when the network topology changes, spanning tree protocol needs 50-52 seconds to complete topology convergence; and can not provide load balancing function, when there is a loop in the network, spanning tree protocol simply Block the loop, so that the link can not forward data packets, a waste of network resources. Link aggregation solves these two shortcomings. Link aggregation combines two or more data channels into a single channel, which appears as a single logical link with higher bandwidth.

Topological graph

Required equipment:

Quidway S2403H-EI 2

Specific steps:

SW1 configuration

System-view

System View: return to User View with Ctrl+Z.

[Quidway] sysname SW1

[SW1] stp enable

[SW1] dis stp

-[CIST Global Info] [Mode MSTP]-

CIST Bridge: 32768.000f-e274-4920

Bridge Times: Hello 2s MaxAge 20s FwDly 15s MaxHop 20

CIST Root/ERPC: 32768.000f-e274-4920 / 0

CIST RegRoot/IRPC: 32768.000f-e274-4920 / 0

CIST RootPortId: 0.0

BPDU-Protection: disabled

TC-Protection: enabled / Threshold=6

Bridge Config

Digest Snooping: disabled

TC or TCN received: 0

Time since last TC: 0 days 0h:1m:20s

[SW1] dis stp brief

MSTID Port Role STP State Protection

0 Ethernet1/0/22 DESI FORWARDING NONE

0 Ethernet1/0/24 BACK DISCARDING NONE

[SW1] link-aggregation group 1 mode manual

[SW1] int e1/0/22

[SW1-Ethernet1/0/22] port link-aggregation group 1

[SW1-Ethernet1/0/22] dis link-aggregation summary

[SW1-Ethernet1/0/22] int e1/0/24

[SW1-Ethernet1/0/24] port link-aggregation group 1

Aggregation Group Type:D-Dynamic, S-Static, M-Manual

Loadsharing Type: Shar-Loadsharing, NonS-Non-Loadsharing

Actor ID: 0x8000, 000f-e274-4920

AL AL Partner ID Select Unselect Share Master

ID Type Ports Ports Type Port

1 M none 1 0 NonS Ethernet1/0/22

SW2 configuration

System-view

System View: return to User View with Ctrl+Z.

[Quidway] sysname SW2

[SW2] stp enable

[SW2] dis stp

-[CIST Global Info] [Mode MSTP]-

CIST Bridge: 32768.000f-e242-8a41

Bridge Times: Hello 2s MaxAge 20s FwDly 15s MaxHop 20

CIST Root/ERPC: 32768.000f-e242-8a41 / 0

CIST RegRoot/IRPC: 32768.000f-e242-8a41 / 0

CIST RootPortId: 0.0

BPDU-Protection: disabled

TC-Protection: enabled / Threshold=6

Bridge Config

Digest Snooping: disabled

TC or TCN received: 0

Time since last TC: 0 days 0h:4m:5s

[SW2] link-aggregation group 1 mode manual

[SW2] int e1/0/22

[SW2-Ethernet1/0/22] port link-aggregation group 1

[SW2-Ethernet1/0/22] int e1/0/24

[SW2-Ethernet1/0/24] port link-aggregation group 1

[SW2-Ethernet1/0/24] dis link-aggregation summary

Aggregation Group Type:D-Dynamic, S-Static, M-Manual

Loadsharing Type: Shar-Loadsharing, NonS-Non-Loadsharing

Actor ID: 0x8000, 000f-e242-8a41

AL AL Partner ID Select Unselect Share Master

ID Type Ports Ports Type Port

1 M none 2 0 Shar Ethernet1/0/22

Scheme 4.raid (tested under CentOS6.4)

Disk array (Redundant Arrays of Independent Disks,RAID) means "cheap and redundant disk array". The principle is to use the array method to make the disk group, with the design of scattered arrangement of data to improve the security of the data. Disk array is composed of many cheaper disks into a disk group with huge capacity, which uses the addition effect produced by individual disks to provide data to improve the performance of the entire disk system. Using this technology, the data is cut into many sections and stored on each hard disk. The disk array can also use the concept of parity check (Parity Check) to still read the data when any hard disk in the array fails, and when the data is reconstructed, the data will be calculated and re-placed into the new hard disk.

The mdadm command uses the

-- create (or its abbreviation-C) parameter to create a new display and use the identification information of some important arrays as metadata that can be written in the specified range of each underlying device

-- level (or its abbreviation-l) indicates the RAID level of the array

-- chunk (or its abbreviation-c) indicates the size of each stripe unit, which is in KB. The default is 64KB. The size configuration of the stripe unit has a great impact on the read-write performance of the array under different loads.

-- raid-devices (or its abbreviation-n) indicates the number of active devices in the array

-- spare-devices (or its abbreviation-x) indicates the number of hot spares in the array. Once a disk in the array fails, the MD kernel driver automatically adds the hot spare disk to the array, and then reconstructs the data on the lost disk to the hot spare disk.

-- verbose (or its abbreviation-v): shows the details of the process

-- fail (or its abbreviation-f): simulates a failure

Raid1

RAID1 achieves data redundancy through disk data mirroring, producing data backed up by each other on pairs of independent disks. When the original data is busy, the data can be read directly from the mirrored copy, so RAID1 can improve read performance. RAID1 has the highest unit cost of the disk array, but provides high data security and availability. When a disk fails, the system can automatically switch to the mirrored disk to read and write without the need to reorganize the failed data.

[root@localhost] # mdadm-Cv / dev/md0-l 1-n 2 / dev/sdb / dev/sdc-x 1 / dev/sdd

Continue creating array? Y

[root@localhost] # mkfs-t ext3 / dev/md0

[root@localhost ~] # mkdir / mnt/raid1

[root@localhost ~] # mount / dev/md0 / mnt/raid1/

[root@localhost] # df-h

/ dev/md0 5.0G 139m 4.6G 3% / mnt/raid1

[root@localhost ~] # cd / mnt/raid1/

[root@localhost raid1] # cp-r / usr/share/*. /

^ C

[root@localhost mnt] # du-sh raid1/

97Mraid1/

[root@localhost mnt] # vi / etc/fstab

/ dev/md0 / mnt/raid1 auto defaults 0 0

[root@localhost mnt] # mount-a

[root@localhost mnt] # cd raid1/

[root@localhost raid1] # cat / proc/mdstat

Personalities: [raid1]

Md0: active raid1 sdd [2] (S) sdc [1] sdb [0]

5238720 blocks super 1.2 [2/2] [UU]

Unused devices:

[root@localhost] # mdadm-- detail-- scan / dev/md0

[root@localhost] # mdadm / dev/md0-f / dev/sdb

Mdadm: set / dev/sdb faulty in / dev/md0

[root@localhost ~] # cat / proc/mdstat

Personalities: [raid1]

Md0: active raid1 sdd [2] sdc [1] sdb [0] (F)

5238720 blocks super 1.2 [2/2] [UU]

Unused devices:

[root@localhost] # mdadm-- detail-- scan / dev/md0

[root@localhost ~] # mdadm-- detail-- scan > / etc/mdadm.conf

Raid5

RAID 5 is a storage solution that combines storage performance, data security, and storage costs. RAID 5 can be understood as a compromise between RAID 0 and RAID 1. RAID 5 can provide data security for the system, but the degree of protection is lower than that of Mirror and the utilization of disk space is higher than Mirror. RAID 5 has a data read speed similar to that of RAID 0, but with one more parity information, and writing data is slightly slower than writing to a single disk. At the same time, because multiple data correspond to a parity information, the disk space utilization of RAID 5 is higher than that of RAID 1, and the storage cost is relatively low.

[root@localhost ~] # fdisk-l

[root@localhost] # mdadm-Cv / dev/md0-l 5-n 3 / dev/sdb / dev/sdc / dev/sdd-x 1 / dev/sde

Continue creating array? Y

[root@localhost ~] # cat / proc/mdstat

Personalities: [raid6] [raid5] [raid4]

Md0: active raid5 sdd [4] sde [3] (S) sdc [1] sdb [0]

10476544 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/3] [UUU]

Unused devices:

[root@localhost] # mdadm-- detail-- scan

Number Major Minor RaidDevice State

0 8 16 0 active sync / dev/sdb

1 8 32 1 active sync / dev/sdc

48 48 2 active sync / dev/sdd

3 8 64-spare / dev/sde

[root@localhost] # mkfs-t ext3 / dev/md0

[root@localhost ~] # mkdir / mnt/raid5

[root@localhost ~] # mount / dev/md0 / mnt/raid5

[root@localhost ~] # vi / etc/fstab

/ dev/md0 / mnt/raid5 auto defaults 0 0

[root@localhost ~] # mdadm-- detail-- scan > / etc/mdadm.conf

[root@localhost ~] # cat / etc/mdadm.conf

ARRAY / dev/md0 metadata=1.2 spares=1 name=localhost.localdomain:0 UUID=52a024d4:76260d6f:9eeac1e5:f4a7d0d9

[root@localhost ~] # cat / proc/mdstat

Personalities: [raid6] [raid5] [raid4]

Md0: active raid5 sdd [4] sde [3] (S) sdc [1] sdb [0]

10476544 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/3] [UUU]

Unused devices:

[root@localhost] # mdadm-- detail-- scan / dev/md0

Number Major Minor RaidDevice State

0 8 16 0 active sync / dev/sdb

1 8 32 1 active sync / dev/sdc

48 48 2 active sync / dev/sdd

3 8 64-spare / dev/sde

[root@localhost] # mdadm / dev/md0-f / dev/sdb

Mdadm: set / dev/sdb faulty in / dev/md0

[root@localhost ~] # cat / proc/mdstat

Personalities: [raid6] [raid5] [raid4]

Md0: active raid5 sdd [4] sde [3] sdc [1] sdb [0] (F)

10476544 blocks super 1.2 level 5, 512k chunk, algorithm 2 [3/3] [UUU]

Unused devices:

[root@localhost] # mdadm-- detail-- scan / dev/md0

Number Major Minor RaidDevice State

3 8 64 0 active sync / dev/sde

1 8 32 1 active sync / dev/sdc

48 48 2 active sync / dev/sdd

0 8 16-faulty spare / dev/sdb

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.