Shulou(Shulou.com)06/01 Report--

1. Overview

IRF (Intelligent Resilient Framework) is a software virtualization technology independently developed by H3C. Its core idea is to connect multiple devices together through IRF physical ports, configure them as necessary, and virtualize them into a "distributed device." Understanding stack helps us understand it faster

2, working principle

IRF is divided into four stages: physical connection, information collection between devices through IRF ports, election of master/standby relationship, and IRF self-maintenance. Just know the rules of the election and the mechanism of division, other information does not need to go into depth. If necessary, you can debug IRF information separately.

Election rules: According to the priority of IRF, the election is carried out. The Priority value is MASTER, and the priority value is SLAVE.

Split mechanism: (1)IRF split is divided into two cases, the host or standby machine down, then OK directly replace the new equipment.

(2)If the IRF link or port is down, the IRF heartbeat line (MAD detection) is required between the active and standby to exchange IRF information with each other. To avoid layer 2 confusion, IRF is to keep the standby machine completely down.

3. Common nouns

IRF merge, IRF split, IRF port, IRF role, IRF active standby

4. IRF Configuration Example

(1) Configure A machine as MASTER

#Set member number and priority

irf mem 1 pri 4

#Shutdown XGE1/2/1,XGE1/2/2 by shutting down ports that need to be added to irf-ports. and join the corresponding IRF group.

interface Ten-GigabitEthernet1/2/1

shut

interface Ten-GigabitEthernet1/2/2

shut

irf-port 1/1

des IRF_PORT_1

port group interface Ten-GigabitEthernet1/2/1

port group interface Ten-GigabitEthernet1/2/2

#Important step, activate IRF, many people will ignore this command.

irf-port configuration active

#Save configuration

save

(2) Configure B machine as SLAVE

#Set member number and priority,H3C devices default to mem1, retu needs to be mem2.

irf mem 1 retu 2

irf mem 2 pri 3

#Shut down the ports that need to be added to irf-port, shutdown XGE2/2/1,XGE2/2/2. and join the corresponding IRF group.

interface Ten-GigabitEthernet2/2/1

shut

interface Ten-GigabitEthernet2/2/2

shut

irf-port 2/2

des IRF_PORT_2

port group interface Ten-GigabitEthernet2/2/1

port group interface Ten-GigabitEthernet2/2/2

#Important step to activate IRF

irf-port configuration active

#Save configuration

save

(3) A, B machine merger

#undo shut physical ports of irf-port group A and B and save configuration.

#Cross connect LC jumper as shown, slave device will restart. IRF consolidation takes time and a prompt appears.

wait a moment。

System is busy with warm backup, please wait ...

# display information View IRF consolidation

[fy302-5500-sw1]dis irf configuration

MemberID NewID IRF-Port1 IRF-Port2

1 1 Ten-GigabitEthernet1/2/1 disable

Ten-GigabitEthernet1/2/2

2 2 disable Ten-GigabitEthernet2/2/1

Ten-GigabitEthernet2/2/2

#Share an onboard MAC address

[fy302-5500-sw1]dis irf topology

Topology Info

-------------------------------------------------------------------------

IRF-Port1 IRF-Port2

Switch Link neighbor Link neighbor Belong To

2 DIS -- UP 1 5cdd-70cf-01ea

1 UP 2 DIS -- 5cdd-70cf-01ea

#View Primary/Backup Relationship

[fy302-5500-sw1]dis irf

Switch Role Priority CPU-Mac Description

*+1 Master 4 5cdd-70cf-01ea -----

2 Slave 3 5cdd-70cf-196a -----

--------------------------------------------------

* indicates the device is the master.

+ indicates the device through which the user logs in.

The Bridge MAC of the IRF is: 5cdd-70cf-01b7

Auto upgrade : yes

Mac persistent : always

Domain ID : 3025500581

5. IRF detection mechanism

Both core and access are IRF devices and uplink via TRUNK. The core equipment is generally 10508 series for H3C and S5500 series for access to H3C.

Dual IRF device interconnection requires IRF detection mechanism to prevent problems from affecting the network after splitting. MAC detection mechanism described here

An IRF link failure causes one IRF to become two new IRFs. These two IRFs have the same IP address and other three-layer configurations.

Address conflicts arise, causing the fault to spread in the network. To improve system availability, we need a mechanism when IRF splits,

It can detect multiple IRFs simultaneously existing in the network, and carry out corresponding processing to reduce the impact of IRF splitting on services as much as possible.

(1) Link Aggregation Control Protocol (LACP) transmits IRF detection packets through LACP

(2) BFD (Bidirectional Forwarding Detection) is configured separately for IRF collision detection.

(3) Topological examples

In the case of the above figure, the access and core equipment A and B are all IRF merged through the 10 Gigabit port. In this environment, there are two groups of IRF. According to the official statement of H3C, configuring MAD detection requires establishing different IRF domains, otherwise it will cause abnormal detection, which may affect network services.

(4) MAD detection configuration

#After successful core device merger, perform MAD detection configuration as follows.

irf domain 201512900 //number set as needed

irf mac-address persistent always

irf auto-update enable

undo irf link-delay

irf member 1 priority 4

irf member 2 priority 3

#After successful merging of access devices, MAD detection configuration is performed as follows.

irf domain 201512900 //number set as needed

irf mac-address persistent always

irf auto-update enable

undo irf link-delay

irf member 1 priority 4

irf member 2 priority 3

Note: The domain cannot be the same.

(5) BFD detection configuration

For customers with strict network requirements, the use of private network addresses needs to be reported. Here BFD only does heartbeat, not uplink, broadcast, and anything else. We need to find a physical port separately in A and B machines as a heartbeat port, and connect the ordinary network cable. Note: mad detection port spanning tree to undo off.

BFD Private VLAN VLAN 2000

2. BFD connection cable uses network cable

3. BFD private address A, B machine address 192.168.10.1 192.168.10.2/24

#Core equipment configuration is as follows

vlan 2000

description BFD_MAD

quit

interface Vlan-interface2000

description BFD_MAD

mad bfd enable

mad ip address 192.168.10.1 255.255.255.252 member 1

mad ip address 192.168.10.2 255.255.255.252 member 2

quit

interface GigabitEthernet1/0/48

port link-mode bridge

description description BFD_LINK-MASTER

port access vlan 2000

stp disable

interface GigabitEthernet2/0/48

description description BFD_LINK-Slave

port access vlan 2000

stp disable

quit

#Access configuration is the same as above, omitted here.

Note: MAD detection and BFD detection do not conflict and can exist simultaneously.

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.