国家 / 地区

H3C 路由器MSTP链路智能检测解决方案(V7)-6W100

手册下载

H3C 路由器MSTP链路智能检测解决方案(V7

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

资料版本:6W100-20170519

 

Copyright © 2017 新华三技术有限公司 版权所有,保留一切权利。

非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,

并不得以任何形式传播。本文档中的信息可能变动,恕不另行通知。

H3C_彩色.emf

 



前言

1.1  客户原始需求

应用组网基于MSTPMulti-Service Transfer Platform,多业务传输平台),当MSTP网络中间链路发生故障,需要设备:

·     能够检测到链路故障,并使指向该接口的路由失效。

·     能够向网管服务器通报接口关闭的的告警消息,并且在网管服务器上可以查看该接口的状态变为down

·     提供简单的命令行配置。

1.2  客户需求分析

1所示,Router ARouter D 之间存在两条链路,其中Router ARouter B之间通过电信的MSTP网络连接,Router ARouter C之间通过联通的MSTP网络连接,路由器之间通过路由协议(如OSPF协议)实现网络互联。

双上行MSTP网络运行时,用户可能会遇到如下问题:

·     当运营商内部MSTP网络出现故障时,由于用户设备接口感知不到该链路故障,流量依旧按照原路径转发,导致这些流量在运营商网络内部被丢弃。

·     当发生上述故障时,在网管服务器上无法实时显示故障链路。

图1 双上行MSTP网络示意图

 

1.3  MSTP链路智能检测

根据需求分析,中低端路由器产品提供MSTP链路智能检测解决方案。

当一条MSTP网络发生故障时,中低端路由器产品能够实现:

·     设备能够检测到链路故障,接口状态变为down,停止数据流量转发。

·     数据流量能够快速切换到另外一条MSTP网络上。

·     设备向网管服务器通报接口down的告警消息,用户在网管服务器上能够查看该接口的状态变为down

·     当故障链路恢复正常时,数据流量能够自动换回原链路。

·     提供简单的命令行配置。

解决方案

为了实现MSTP链路智能检测功能,中低端路由器产品提供了两类解决方案:

·     BFD for interface解决方案

·     DLDP解决方案

2.1  BFD for interface解决方案

2.1.1  方案原理

BFDBidirectional Forwarding Detection,双向转发检测)是一个通用的、标准化的、介质无关和协议无关的快速故障检测机制,用于检测IP网络中链路的连通状况,保证设备之间能够快速检测到通信故障,以便能够及时采取措施,保证业务持续运行。

BFD for interface解决方案通过设备与BFD联动,创建直连IPV4 CTRL会话,实现基于接口的up/down的链路故障快速检测,同时将数据流量快速切换到正常链路。

因为配置BFD for interface的接口可能没有IP地址,所以使能BFD for interface时需要手工指定源IP地址,目的地址固定使用组播IP 224.0.0.184

2.1.2  配置举例

1. 组网需求

2所示,Host AHost B之间存在两条可达链路,其中一条为默认链路,另一条为备用链路。

Router ARouter B之间的电信MSTP网络发生故障时,设备能够检测到故障;

·     故障发生时,设备接口down,同时向网管服务器发送接口的状态变为downTrap消息。

·     故障发生时,数据流量在备用链路上转发。

·     故障修复后,数据流量切换回默认链路转发。

图2 BFD for interface解决方案典型配置组网图

 

设备

接口

IP地址

设备

接口

IP地址

Router A

GE2/0/0

12.1.1.1/24

Router C

GE2/0/1

13.1.1.3/24

 

GE2/0/1

13.1.1.1/24

 

GE2/0/2

23.1.1.3/24

 

GE2/0/2

10.1.1.1/24

Host A

 

10.1.1.2/24

Router B

GE2/0/0

12.1.1.2/24

Host B

 

20.1.1.2/24

 

GE2/0/1

23.1.1.2/24

网管服务器

 

20.1.1.254/24

 

GE2/0/2

20.1.1.1/24

 

 

 

 

2. 配置思路

·     所有路由器设备配置IGP路由协议,保证Host AHost B之间存在两条可达链路,且默认链路为电信MSTP网络,备用链路为联通MSTP网络。

·     当电信链路故障时流量可以自动切换到备用链路转发。

·     Router ARouter B相连的接口上,配置BFD会话。

·     配置接收SNMP告警信息的网管服务器。

3. 配置步骤

(1)     配置Router A

# 配置OSPF路由协议,为保证更快的收敛速度,配置快速重路由。

<RouterA> system-view                                                           

[RouterA] ospf 1 router-id 1.1.1.1                                               

[RouterA-ospf-1] fast-reroute lfa                                               

[RouterA-ospf-1] area 0.0.0.0                                                   

[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255                        

[RouterA-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255                        

[RouterA-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255                        

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# 创建检测接口状态的BFD会话,配置报文认证和BFD控制报文的时间间隔。

[RouterA] interface GigabitEthernet2/0/0                                        

[RouterA-GigabitEthernet2/0/0] bfd min-transmit-interval 10                     

[RouterA-GigabitEthernet2/0/0] bfd min-receive-interval 10                      

[RouterA-GigabitEthernet2/0/0] bfd detect-multiplier 3                          

[RouterA-GigabitEthernet2/0/0] bfd detect-interface source-ip 12.1.1.1          

[RouterB-GigabitEthernet2/0/0] bfd authentication-mode md5 1 plain bfdtest      

[RouterA-GigabitEthernet2/0/0] quit

# 配置接收SNMP告警信息的网管服务器。

[RouterA] snmp-agent                                                            

[RouterA] snmp-agent community write private                                    

[RouterA] snmp-agent community read public                                      

[RouterA] snmp-agent sys-info version v2c                                       

[RouterA] snmp-agent target-host trap address udp-domain 20.1.1.254 params securityname public v2c                                                            

(2)     配置Router B

# 配置OSPF路由协议,为保证更快的收敛速度,配置快速重路由。

<RouterB> system-view                                                           

[RouterB] ospf 1 router-id 2.2.2.2                                               

[RouterB-ospf-1] fast-reroute lfa                                               

[RouterB-ospf-1] area 0.0.0.0                                                   

[RouterB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255                        

[RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255                        

[RouterB-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255                        

[RouterB-ospf-1-area-0.0.0.0] quit                                              

[RouterA-ospf-1] quit

# 创建检测接口状态的BFD会话,配置报文认证和BFD控制报文的时间间隔。

[RouterB]interface GigabitEthernet2/0/0                                        

[RouterB-GigabitEthernet2/0/0]bfd min-transmit-interval 10                     

[RouterB-GigabitEthernet2/0/0]bfd min-receive-interval 10                      

[RouterB-GigabitEthernet2/0/0]bfd detect-multiplier 3                          

[RouterB-GigabitEthernet2/0/0]bfd detect-interface source-ip 12.1.1.2          

[RouterB-GigabitEthernet2/0/0]bfd authentication-mode md5 1 plain bfdtest      

[RouterB-GigabitEthernet2/0/0]quit                                 

# 配置接收SNMP告警信息的网管服务器。

[RouterB]snmp-agent                                                            

[RouterB]snmp-agent community write private                                     

[RouterB]snmp-agent community read public                                      

[RouterB]snmp-agent sys-info version v2c                                       

[RouterB]snmp-agent target-host trap address udp-domain 20.1.1.254 params securityname public v2c                                                           

(3)     配置Router C

# 配置OSPF路由协议,为保证更快的收敛速度,配置快速重路由。

<RouterC> system-view                                                           

[RouterC] ospf 1 router-id 3.3.3.3                                              

[RouterC-ospf-1] fast-reroute lfa                                               

[RouterC-ospf-1] area 0.0.0.0                                                   

[RouterC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255                        

[RouterC-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255                        

[RouterC-ospf-1-area-0.0.0.0] quit                                              

[RouterA-ospf-1] quit

2.1.3  验证配置

# Router A上查看BFD会话信息。

<RouterA> display bfd session                                                   

 Total Session Num: 1     Up Session Num: 1     Init Mode: Active              

                                                                                

 IPv4 Session Working Under Ctrl Mode:                                         

                                                                               

 LD/RD          SourceAddr      DestAddr        State    Holdtime    Interface 

 3073/3073      12.1.1.1        224.0.0.184     Up       29ms        GE2/0/0   

<RouterA>

# Router ARouter B之间模拟链路故障,设备能够检测到故障,且自动关闭端口。

<RouterA> %May 12 15:21:06:739 2017 RouterA BFD/5/BFD_CHANGE_FSM: Sess[12.1.1.1/2

24.0.0.184, LD/RD:3073/3073, Interface:GE2/0/0, SessType:Ctrl, LinkType:INET], V

er:1, Sta: UP->DOWN, Diag: 1                                                   

%May 12 15:21:06:744 2017 RouterA IFNET/5/LINK_UPDOWN: Line protocol state on th

e interface GigabitEthernet2/0/0 changed to down.                               

%May 12 15:21:06:747 2017 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 12.1.1.2(

GigabitEthernet2/0/0) changed from FULL to DOWN.                               

                                                                               

# 查看接口状态。

<RouterA> display interface GigabitEthernet 2/0/0                               

GigabitEthernet2/0/0                                                           

Current state: UP                                                              

Line protocol state: DOWN(BFD)                                                 

Description: GigabitEthernet2/0/0 Interface                                    

Bandwidth: 1000000 kbps                                                        

Maximum transmission unit: 1500                                                

Internet address: 12.1.1.1/24 (primary)                                        

IP packet frame type: Ethernet II, hardware address: 00ef-a550-d660            

IPv6 packet frame type: Ethernet II, hardware address: 00ef-a550-d660          

Media type: Twisted pair, loopback: Not set, promiscuous mode: Not set         

1000Mbps-speed mode, full-duplex mode                                           

Link speed type is autonegotiation, link duplex type is autonegotiation        

Flow-control: Disabled                                                         

Port priority: 0                                                                

Output queue - Urgent queuing: Size/Length/Discards 0/100/0                    

Output queue - Protocol queuing: Size/Length/Discards 0/500/0                  

Output queue - FIFO queuing: Size/Length/Discards 0/75/0                        

Last link flapping: 1 days 5 hours 41 minutes                                  

Last clearing of counters: 16:36:02 Thu 05/11/2017                             

 Last 300 second input: 100 packets/sec 7008 bytes/sec 0%                      

 Last 300 second output: 84560 packets/sec 10817987 bytes/sec 10%              

 Input (total):  1698525 packets, 118929188 bytes                              

          - unicasts, - broadcasts, - multicasts, - pauses                     

 Input (normal):  1698525 packets, - bytes                                     

          109 unicasts, 12 broadcasts, 1698404 multicasts, 0 pauses            

 Input:  0 input errors, 0 runts, 0 giants, - throttles                        

          0 CRC, - frame, - overruns, 0 aborts                                 

          - ignored, - parity errors                                           

 Output (total): 1421467922 packets, 181845641150 bytes                        

          - unicasts, - broadcasts, - multicasts, - pauses                     

 Output (normal): 1421467922 packets, - bytes                                  

          1419704507 unicasts, 12 broadcasts, 1763403 multicasts, 0 pauses     

 Output: 0 output errors, - underruns, - buffer failures                       

          0 aborts, 0 deferred, 0 collisions, 0 late collisions                

          - lost carrier, - no carrier                                         

                                                                                

<RouterA>    

 

# iMC网管服务器上可以看到端口状态为down

 

# 同时网管服务器能收到接口变为downTrap消息。

 

2.2  DLDP解决方案

2.2.1  方案原理

DLDPDevice Link Detection Protocol,设备链路检测协议)是我司私有二层协议,运行于以太网接口,能够监控链路状态,检测链路连接是否正确,链路两端的报文是否正常交互。

DLDP解决方案基于DLDP协议,当发现单向链路时,DLDP会根据用户配置自动关闭或由用户手工关闭相关接口,从而防止网络问题的发生。

2.2.2  配置举例

1. 组网需求

3所示,Host AHost B之间存在两条可达链路,其中一条为默认链路,另一条为备用链路。当Router ARouter B之间的电信MSTP网络发生故障时,设备能够检测到故障;

·     故障发生时,设备接口down,同时向网管服务器发送接口的状态变为downTrap消息。

·     故障发生时,数据流量在备用链路上转发。

·     故障修复后,数据流量切换回到默认链路转发。

图3 DLDP解决方案典型配置组网网

设备

接口

IP地址

设备

接口

IP地址

Router A

GE2/0/0

12.1.1.1/24

Router C

GE20/1

13.1.1.3/24

 

GE2/0/1

13.1.1.1/24

 

GE20/2

23.1.1.3/24

 

GE2/0/2

10.1.1.1/24

Host A

 

10.1.1.2/24

Router B

GE2/0/0

12.1.1.2/24

Host B

 

20.1.1.2/24

 

GE2/0/1

23.1.1.2/24

网管服务器

 

20.1.1.254/24

 

GE2/0/2

20.1.1.1/24

 

 

 

 

2. 配置思路

·     所有路由器设备配置IGP路由协议,保证Host AHost B之间存在两条可达链路,且默认链路为电信MSTP链路,备用链路为联通MSTP链路。

·     当电信链路故障时,流量可以切换到备用链路转发。

·     Router ARouter B全局及相连的接口上使能DLDP

·     配置接收SNMP告警信息的网管服务器。

3. 配置步骤

(1)     配置Router A

# 配置OSPF路由协议,为保证更快的收敛速度,配置快速重路由。

<RouterA> system-view                                                           

[RouterA] ospf 1 router-id 1.1.1.1                                              

[RouterA-ospf-1] fast-reroute lfa                                               

[RouterA-ospf-1] area 0.0.0.0                                                   

[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255                        

[RouterA-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255                        

[RouterA-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255                        

[RouterA-ospf-1-area-0.0.0.0] quit

[RouterA-ospf-1] quit

# 全局及相连的接口上使能DLDP,配置报文认证和Advertisement报文的发送间隔。

[RouterA] dldp global enable                                                    

[RouterA] dldp interval 1                                                       

[RouterA] dldp authentication-mode md5                                          

[RouterA] dldp authentication-password simple dldptest                          

[RouterA] interface GigabitEthernet 2/0/0                                       

[RouterA-GigabitEthernet2/0/0] dldp enable                                      

[RouterA-GigabitEthernet2/0/0] quit

# 配置接收SNMP告警信息的网管服务器。

[RouterA] snmp-agent                                                             

[RouterA] snmp-agent community write private                                    

[RouterA] snmp-agent community read public                                      

[RouterA] snmp-agent sys-info version v2c                                       

[RouterA] snmp-agent target-host trap address udp-domain 20.1.1.254 params securityname public v2c                                                           

(2)     配置Router B

# 配置OSPF路由协议,为保证更快的收敛速度,配置快速重路由。

<RouterB> system-view                                                           

[RouterB] ospf 1 router-id 2.2.2.2                                              

[RouterB-ospf-1] fast-reroute lfa                                                

[RouterB-ospf-1] area 0.0.0.0                                                   

[RouterB-ospf-1-area-0.0.0.0] network 12.1.1.0 0.0.0.255                        

[RouterB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255                        

[RouterB-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255                        

[RouterB-ospf-1-area-0.0.0.0] quit                                              

[RouterA-ospf-1] quit

# 全局及相连的接口使能DLDP,配置报文认证和Advertisement报文的发送间隔。

[RouterB] dldp global enable                                                    

[RouterB] dldp interval 1                                                       

[RouterB] dldp authentication-mode md5                                          

[RouterB] dldp authentication-password simple dldptest                          

[RouterB] interface GigabitEthernet 2/0/0                                       

[RouterB-GigabitEthernet2/0/0] dldp enable                                      

[RouterB-GigabitEthernet2/0/0] quit                                 

# 配置接收SNMP告警信息的网管服务器。

[RouterB] snmp-agent                                                            

[RouterB] snmp-agent community write private                                    

[RouterB] snmp-agent community read public                                      

[RouterB] snmp-agent sys-info version v2c                                       

[RouterB] snmp-agent target-host trap address udp-domain 20.1.1.254 params securityname public v2c                                                            

(3)     配置Router C

# 配置OSPF路由协议,为保证更快的收敛速度,配置快速重路由。

<RouterC> system-view                                                           

[RouterC] ospf 1 router-id 3.3.3.3                                              

[RouterC-ospf-1] fast-reroute lfa                                               

[RouterC-ospf-1] area 0.0.0.0                                                   

[RouterC-ospf-1-area-0.0.0.0] network 13.1.1.0 0.0.0.255                        

[RouterC-ospf-1-area-0.0.0.0] network 23.1.1.0 0.0.0.255                        

[RouterC-ospf-1-area-0.0.0.0] quit                                              

[RouterA-ospf-1] quit

2.2.3  验证配置

# 查看Router ADLDP的全局配置信息和所有接口上的DLDP信息。

<RouterA> display dldp                                                          

 DLDP global status: Enabled                                                   

 DLDP advertisement interval: 1s                                               

 DLDP authentication-mode: MD5                                                  

 DLDP authentication-password: ******                                          

 DLDP unidirectional-shutdown mode: Auto                                       

 DLDP delaydown-timer value: 1s                                                 

 Number of enabled ports: 1                                                    

                                                                               

Interface GigabitEthernet2/0/0                                                  

 DLDP port state: Bidirectional                                                

 Number of the port's neighbors: 1                                             

  Neighbor MAC address: 000a-5660-0006                                          

  Neighbor port index: 2177                                                    

  Neighbor state: Confirmed                                                    

  Neighbor aged time: 2s                                                       

                                                                               

以上信息表明,接口GigabitEthernet2/0/0上的DLDP接口状态为Bidirectional,说明这个接口所在的链路处于双通状态。

# RouterARouterB之间模拟链路故障,DLDP能够检测到故障,且自动关闭端口。

<RouterA> %May 15 10:44:23:207 2017 RouterA DLDP/5/DLDP_NEIGHBOR_AGED: -Slot=2; A

 neighbor on interface GigabitEthernet2/0/0 was deleted because the neighbor was

 aged. The neighbor's system MAC is 000a-5660-0006, and the port index is 2177.

%May 15 10:44:23:208 2017 RouterA DLDP/3/DLDP_LINK_UNIDIRECTIONAL: -Slot=2; DLDP

 detected a unidirectional link on interface GigabitEthernet2/0/0. DLDP automati

cally blocked the interface.                                                   

%May 15 10:44:24:202 2017 RouterA IFNET/5/LINK_UPDOWN: Line protocol state on th

e interface GigabitEthernet2/0/0 changed to down.                              

%May 15 10:44:24:205 2017 RouterA OSPF/5/OSPF_NBR_CHG: OSPF 1 Neighbor 12.1.1.2(

GigabitEthernet2/0/0) changed from FULL to DOWN.                               

                                                       

# 查看接口状态。

<RouterA> display interface GigabitEthernet 2/0/0                               

GigabitEthernet2/0/0                                                           

Current state: UP                                                               

Line protocol state: DOWN(DLDP)                                                

Description: GigabitEthernet2/0/0 Interface                                    

Bandwidth: 1000000 kbps                                                         

Maximum transmission unit: 1500                                                

Internet address: 12.1.1.1/24 (primary)                                        

IP packet frame type: Ethernet II, hardware address: 00ef-a550-d660            

IPv6 packet frame type: Ethernet II, hardware address: 00ef-a550-d660          

Media type: Twisted pair, loopback: Not set, promiscuous mode: Not set         

1000Mbps-speed mode, full-duplex mode                                          

Link speed type is autonegotiation, link duplex type is autonegotiation        

Flow-control: Disabled                                                         

Port priority: 0                                                               

Output queue - Urgent queuing: Size/Length/Discards 0/100/0                    

Output queue - Protocol queuing: Size/Length/Discards 0/500/0                  

Output queue - FIFO queuing: Size/Length/Discards 0/75/0                       

Last link flapping: 0 hours 2 minutes 57 seconds                               

Last clearing of counters: 10:43:57 Mon 05/15/2017                             

 Last 300 second input: 0 packets/sec 0 bytes/sec 0%                           

 Last 300 second output: 0 packets/sec 0 bytes/sec 0%                          

 Input (total):  15 packets, 1262 bytes                                        

          - unicasts, - broadcasts, - multicasts, - pauses                     

 Input (normal):  15 packets, - bytes                                          

          0 unicasts, 0 broadcasts, 15 multicasts, 0 pauses                    

 Input:  0 input errors, 0 runts, 0 giants, - throttles                         

          0 CRC, - frame, - overruns, 0 aborts                                 

          - ignored, - parity errors                                           

 Output (total): 2265125 packets, 289932516 bytes                               

          - unicasts, - broadcasts, - multicasts, - pauses                     

 Output (normal): 2265125 packets, - bytes                                     

          2265044 unicasts, 0 broadcasts, 81 multicasts, 0 pauses              

 Output: 0 output errors, - underruns, - buffer failures                       

          0 aborts, 0 deferred, 0 collisions, 0 late collisions                

          - lost carrier, - no carrier                                         

                                                                                

<RouterA>                                                                      

 

# iMC网管服务器上也可以看到端口状态为DOWN

 

# 同时网管服务器能收到DLDP单通和接口DOWNTrap消息:

 

方案对比分析

目前BFD for interface方案和DLDP方案均能满足客户需求,对比分析如下1

表1 方案对比分析

方案差异

BFD for interface

DLDP

是否支持单端检测

不支持,MSTP链路两端的设备需要同时配置BFD,不能单端工作

不支持,MSTP链路两端的设备需要同时配置DLDP,不能单端工作

是否支持认证

支持,认证模式包含md5sha1m-md5m-sha1simple

支持,认证模式包含md5simple

是否标准协议

否,设备兼容华为

否,DLDPH3C私有协议

支持的接口类型

三层以太网接口、三层以太网子接口、VLAN虚接口

三层以太网接口

最快收敛时间

50ms

13s