Network Security Internet Technology Development Database Servers Mobile Phone Android Software Apple Software Computer Software News IT Information

In addition to Weibo, there is also WeChat

Please pay attention

WeChat public account

Shulou

On the forwarding Test of smart,monitor link under Link aggregation

2025-01-16 Update From: SLTechnology News&Howtos shulou NAV: SLTechnology News&Howtos > Network Security >

Share

Shulou(Shulou.com)06/01 Report--

On the forwarding Test of smart,monitor link under Link aggregation

We're going to start messing around again this time. I'm asking for trouble. After all, I'm still bored.

This experiment mainly involves the following aspects:

1. Application of gvrp:

2. Configuration of Smart Link and Monitor Link

3. Link aggregation

First review a wave of basic knowledge: GVRP:

GVRP (GARP VLAN Registration Protocol) GARP VLAN Registration Protocol

GARP (Generic Attribute Registration Protocol Universal attribute Registration Protocol)

It allows switches to exchange VLAN configuration information with each other and dynamically create and manage VLAN, which can be used to dynamically propagate VLAN information by configuring VLAN on a small number of switches.

The manually configured VLAN becomes a static VLAN. The VLAN created by the GVRP protocol is called dynamic VLAN

Three registration modes for GVRP:

Nomal mode: allows interfaces to register dynamically, log out of vlan, and propagate static vlan information

Fixed mode: disable dynamic registration of interfaces, log out of vlan, and only propagate static vlan information

Forbidden mode: this API is prohibited from dynamically registering and unregistering VLAN. Do not transmit any VLAN information other than VLAN1.

Smart Link and Monitor Link

In order to improve the reliability of the network, the double homing method is usually adopted to organize the network.

Under normal circumstances, only one of the two uplinks in the network is connected. The other is in a blocking state, thus preventing loop problems. When the active link fails, the traffic will quickly switch to the standby link in millisecond. When the original primary link resumes, it will remain blocked and not preempted, thus maintaining the stability of the network.

Monitor link is used to extend the scope of link backups for smart link

The downlink is synchronized by monitoring the uplink of the upstream device. Uplink failures reaching upstream devices are quickly communicated to downlink devices, triggering smart link of downstream devices

Active and standby link handover to prevent network failure due to uplink failure for a long time

Configure Eth-Trunk

1 load sharing

2 improve reliability, when a member interface fails, the traffic will switch to its available link

(3) increase the bandwidth. The total bandwidth is the sum of the bandwidth of each member interface.

Eth-Trunk working mode can be divided into two kinds.

one. Manual load sharing mode: you need to manually create a link aggregation combination and configure multiple excuses to add to the created Eth-Trunk

two. Static LACP mode: this mode chooses the active interface independently after negotiating Eth-Trunk parameters through LACP protocol

Experimental mode:

First of all, this is the basic diagram of our experiment, and this diagram does not set many tricks. (for example, vlan will not be set). In this figure, we expect to set up link aggregation between LSW1 and LSW2 and LSW3; then we configure the interface state using gvrp; (although I like to configure it manually, it seems to add vlan again) and then set Smart Link on LSW4 so that it can switch quickly Then set the corresponding Monitor Link on LSW2 and LSW3 to do a detection function, so that when there is a problem in the downlink, it can notify the uplink to switch quickly.

Fill in the picture here first, which is what I understand as the principle of smart link and monitor link; then we will configure it like this;

(we won't talk about spanning tree here, because the default is that I know everything.)

Step 1: let's start with link aggregation:

Use PC1pingPC3 before we do link aggregation. Take a look at the path of message transmission.

When we do a simple packet capture, we will find the link of Datagram transmission; from LSW1- > LSW2- > LSW3, but before the link aggregation, we find that these three paths will be sent out on the non-blocking port according to the spanning tree protocol, and the spanning tree will not explain too much.

But I found a more interesting thing:

When I didn't do anything to LSW1:

Its stp is like this.

1. When I choose to set LSW1's e0swap to 5-port shutdown (this port is the port on which the data is forwarded), the data will only time out for a very short period of time: and then return to normal immediately

(it is estimated that it will take less than a second)

There is no eth0/0/5 in LSW1 at this time, but immediately (the point is right now! ) the root port becomes eth0/0/6

2. Then I put the link of shutdown back to normal again * (undo shutdown), and he stopped forwarding messages! A little aloof.

3. Then I took a quick look at stp brief (spanning Tree Protocol) and found that eth0/0/5 appeared immediately. Then it becomes the root port again, there is nothing wrong with it, it is still in the forwarding state, but the message just times out all the time. It's just that the ping doesn't work; the author says it's embarrassing.

Up to now, it has been 3 minutes and 4 minutes. Pc1 is still timed out; on second thought, it seems to have exceeded the delay time of the stp timer. So it shouldn't be the link congestion caused by the spanning tree recalculation, but just when I was about to give up, Nima, it got through again. Hit me in the face, (but to be honest, it's been too long. )

5. Based on my own principle of boredom, I still have to figure out why!

Just like the previous practice, first shutdown the switch LSW1 to forward the data on the port, at this time the message is not running on E5. But run on the new Jingen port E6.

We can find that after our shutdown port E5, the message runs happily on E6!

At this time, I turned on e0swap 5 again (undo shutdown).

We found that both of them had moved at this time! None of the packets are forwarded from here; what is sent at this time is all stp configuration information; but there is no problem with spanning Tree Protocol; however, it just does not forward.

So we grabbed the packet: the link between the switch and the host:

There is a message for a ping request from pc1 to pc3; but there is no reply

Therefore, I still do not find that there is a problem: first leave the problem here, I am very sad!

However, I found that as long as you restart pc1's ping, you can ping again.

* * *

All right, let's start with DSP (he), he (da).

* * *

Step 1: link aggregation first:

[LSW1] interface Eth-Trunk1 establishes eth-trunk1 interface on LSW1 [LSW1-Eth-Trunk1] mode manual load-balance is set to manual load sharing mode [LSW1-Ethernet0/0/1] eth-trunk1 adds three ports to eth-trunk1 interface [LSW1-Ethernet0/0/5] eth-trunk1 [LSW1-Ethernet0/0/6] eth-trunk1 [LSW1] display eth-trunk1 Use this command to query the port [LSW1] display interface Eth-Trunk 1 under the eth-trunk interface to view the information of the eth-Trunk interfaces of S1 and S2.

The following two pictures are views of the corresponding information using these two commands:

[LSW1] display eth-trunk 1

[LSW1] display interface Eth-Trunk 1

Aggregate the links between LSW1 and LSW2 and LSW3

If there is only one end of the aggregation, the communication will not be possible and will return:

All links are aggregated: as shown in the following figure:

Now there is a small problem: if the links are aggregated, how will the packets be forwarded on the aggregation link?

From the current point of view, when the link aggregation is carried out, the message will only run on E0UniGUP 5. Did not achieve load balancing.

But when I shutdown E5, and then on undo shutdown E5, the recovery speed at PC1pingPC3 is faster than when I didn't do link aggregation before; it's about 15s.

Because from the figure above, we can see that there is only one delay, which means it can only be RSTP or MSTP, not stp, because STP needs to go through twice the FWDLY; from deenergizing to forwarding, while rstp and mstp only need to go through twice the fwdly.

Step 2: discover how data is sent over the tunnel where the link is aggregated

When we use PC1pingPC3, we find by grabbing the package:

We found that:

[1] Link aggregation has been done between LSW1 and LSW2, and between LSW2 and LSW3, but it is found that the sending links of request and reply messages between LSW1 and LSW2 are different, but the sending links of request and reply messages between LSW1 and LSW2 are the same, so after link aggregation, there is an uneven distribution of link traffic.

Baidu to the answer: load sharing is based on certain characteristics with hash routing, default is based on SIP, DIP, only when there are many data streams, you can see the effect of load sharing, a flow must only choose one path

So after the link aggregation, the data will not be sent according to the port of the stp spanning tree, but according to an algorithm, let this go first, and finish the latter first.

Step 3: configure LACP link aggregation:

Because manual mode has been configured before, if you need to change the state, you need to cancel it all.

So I used the new topology diagram directly.

There is a problem with one of the two links, and the other backup link immediately replaces the problematic link. How to ensure that the two links work?

Open all links:

[LSW1-Eth-Trunk1] mode lacp---GigabitEthernet0//] eth-trunk-- trunk-- Eth-Trunk1] max active-linknumber-GigabitEthernet0//] lacp priority-GigabitEthernet0//] lacp priority sets two links with a priority of 100 in order to make sure that the two links are active

By setting. G0Accord 1 and g0Accord 2 become active. When the current active link goes wrong, G0UniUniP5 becomes the active link, but if it is disconnected, it will not return to active state.

When the number of interfaces exceeds the maximum load threshold, the remaining interfaces will not forward traffic.

Step 4: configure Smart Link

What Smart link should pay attention to is that stp needs to be closed.

In order to improve the reliability of the network, the double homing method is usually adopted to organize the network.

Under normal circumstances, only one of the two uplinks in the Smart link network is connected. The other is in a blocking state, thus preventing loop problems. When the active link fails, the traffic will quickly switch to the standby link in millisecond. When the original primary link resumes, it will remain blocked and not preempted, thus maintaining the stability of the network.

Monitor link is used to extend the scope of link backups for smart link

The downlink is synchronized by monitoring the uplink of the upstream device. Uplink failures reaching upstream devices are quickly communicated to downlink devices, triggering smart link of downstream devices

Active and standby link handover to prevent network failure due to uplink failure for a long time

[1] cancel stp first:

[LSW1] undo stp enable[LSW1] stp disable

At such times, routing loops appear. When I use pc1pingpc3 and grab any link, I will find that the messages in it are growing exponentially, and I can't get through ping.

[2] then set smart link

[LSW1] smart-link group1 creates only link groups [LSW1-smlk-group1] smart-link enable on LSW1 to open smart links

Suddenly found that the port can not be added, the hint is: the port is already running under stp. So it's no use shutting down stp on LSW. You still have to go into each port and stop the stp protocol.

1234567 [LSW1-Eth-Trunk1] stp disable [LSW1-smlk-group1] port Eth-Trunk1 master sets eth-trunk as the primary [LSW1-smlk-group1] port Ethernet 0Accord 2 slave sets Eth0/0/2 as secondary [LSW1] display smart-link group1 to view the active and standby status of smart-link

[3] configure the failback feature

When there is a problem with the primary interface, the backup interface changes to active status. When the original primary interface is restored, the primary interface will not automatically fail back to active.

The failback feature needs to be configured manually

[LSW1-smlk-group1] restore enable (automatically becomes active when the primary interface is restored)

Step 5: configure Monitor Link, which is used to extend the scope of link backup for smart link

[LSW2] monitor-link group1 creates monitor-link packet 1 [LSW2-mtlk-group1] port Eth-Trunk 1 uplink Settings Uplink [LSW2-mtlk-group1] port Eth-Trunk 2 downlink Settings Downlink

Then ping. Found timeout! But I felt that there was nothing wrong with the configuration, so I grabbed a bag and had a look:

According to this posture, am I poisoned by the legendary broadcast storm? ~

As a result, I went to Baidu and found the problem:

What I have configured is the local interface of LSW2, which is obviously wrong.

Should be configured with uplink port or downlink port, that is, the opposite port!

So do it again, even though the configuration on my LSW2 has been canceled. But ping is still different because there are still broadcast storms on the link. So I just turned it off, rebooted it, and I was happy.

But I found that it should not be caused by the above problem, because the link aggregation is done, so I set both the local end and the remote end to the same name; so the problem is not here.

Possible reasons:

1. I didn't configure LSW3 in the same way before, which caused a link storm.

2. After I configured my LSW2, the broadcast storm already exists in the loop. So it is possible that the loop storm caused the message to fail to reach its destination correctly, and I only unilaterally think that it is a problem of configuration.

3. It is possible that I made a mistake in this place:

Here I marked the place with a × × line; I got rid of the back 1 when I was cheap. But after removing it, you will not be able to communicate with ping successfully. And after the correct configuration, there is still this 1; so I think the last one may be bigger, indicating that we should not be cheap in the future.

Final step: configure gvrp

It's time to configure vlan again. It means that you are very upset.

First of all: set the port type to access; and set VLAN10 to the interface between the host and the switch.

The interface between the switch and the switch sets the port type to trunk; and sets it to all pass.

Don't write how to configure it.

[1] the LSW1 and LSW4 at the exit (that is, the switch connected to the external host) are configured as shown in the following figure:

[2] set all the interfaces interconnected between switches to trunk and set them to pass through

[3] the GVRP function is enabled on all switches, and the GVRP function is also enabled under the interconnected interfaces of all switches.

The default mode for gvrp registration is Normal mode

[LSW1] gvrp sets gvrp on switch [LSW1-Eth-Trunk1] gvrp sets gvrp [LSW1-GigabitEthernet0/0/2] gvrp on aggregation link (trunk) sets gvrp [error] [LSW1-Ethernet0/0/3] gvrp on normal port (trunk) attempts to set on access port Set gvrp [error report] Info: Not a trunk port Can't specify gvrp!

But because what I set up is very simple vlan. So we can't see the good effect. After all, this diagram is mainly produced for link aggregation.

But in the end, I can get through to ping.

[feeling] but I personally feel that this GVRP does not have a very real effect. GVRP is a dynamic ancestral book, perhaps because my topology diagram is too small; but I always feel that using the dynamic registration mode takes a lot of time to adapt to the requirements needed for dynamic configuration; at present, it is not very convenient; maybe I haven't learned enough and haven't mastered the essence yet.

2017.3.15 by:tea

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.

Views: 0

*The comments in the above article only represent the author's personal views and do not represent the views and positions of this website. If you have more insights, please feel free to contribute and share.

Share To

Network Security

Wechat

© 2024 shulou.com SLNews company. All rights reserved.

12
Report