Chapter 1 Cluster
When configuring cluster, go to these
sections for information you are interested in:
l
Cluster
Overview
l
Cluster
Configuration Task List
l
Displaying
and Maintaining Cluster Configuration
l
Cluster
Configuration Examples
A cluster contains a group of switches. Through
cluster management, you can manage multiple geographically dispersed in a
centralized way.
Cluster management is implemented through Huawei
Group Management Protocol (HGMP). HGMP version 2 (HGMPv2) is used at present.
A switch in a cluster plays one of the
following three roles:
l
Management device
l
Member device
l
Candidate device
A cluster comprises of a management device
and multiple member devices. To manage the devices in a cluster, you need only
to configure an external IP address for the management switch. Cluster
management enables you to configure and manage remote devices in batches,
reducing the workload of the network configuration. Normally, there is no need
to configure external IP addresses for member devices.
Figure 1-1 illustrates a cluster
implementation.
Figure 1-1 A cluster implementation
HGMP V2 has the following advantages:
l
It eases the configuration and management of multiple
switches: You just need to configure a public IP address for the management
device instead of for all the devices in the cluster; and then you can configure
and manage all the member devices through the management device without the
need to log onto them one by one.
l
It provides the topology discovery and display function,
which assists in monitoring and maintaining the network.
l
It allows you to configure and upgrade multiple
switches at the same time.
l
It enables you to manage your remotely devices
conveniently regardless of network topology and physical distance.
l
It saves IP address resource.
The switches in a cluster play different
roles according to their functions and status. You can specify the role a switch
plays. A switch in a cluster can also switch to other roles under specific
conditions.
As mentioned above, the three cluster roles
are management device, member device, and candidate device.
Table 1-1
Description on cluster roles
|
Role
|
Configuration
|
Function
|
|
Management device
|
Configured with a external IP address
|
l
Provides an interface for managing all the switches
in a cluster
l
Manages member devices through command
redirection, that is, it forwards the commands intended for specific member
devices.
l
Discovers neighbors, collects the information
about network topology, manages and maintains the cluster. Management device
also supports FTP server and SNMP host proxy.
l
Processes the commands issued by users through
the public network
|
|
Member device
|
Normally, a member device is not assigned
an external IP address
|
l
Members of a cluster
l
Discovers the information about its neighbors,
processes the commands forwarded by the management device, and reports log.
The member devices of a luster are under the management of the management
device.
|
|
Candidate device
|
Normally, a candidate device is not
assigned an external IP address
|
Candidate device refers to the devices
that do not belong to any clusters but are cluster-capable.
|
Figure 1-2 illustrates the state machine of cluster role.
Figure 1-2 State machine of cluster role
l
A candidate device becomes a management device
when you create a cluster on it. Note that a cluster must have one (and only
one) management device. On becoming a management device, the device collects
network topology information and tries to discover and determine candidate
devices, which can then be added to the cluster through configurations.
l
A candidate device becomes a member device after
being added to a cluster.
l
A member device becomes a candidate device after
it is removed from the cluster.
l
A management device becomes a candidate device
only after the cluster is removed.
After you create a
cluster on an S5600 switch, the switch collects the network topology
information periodically and adds the candidate switches it finds to the
cluster. The interval for a management device to collect network topology
information is determined by the NTDP timer. If you do not want the candidate switches
to be added to a cluster automatically, you can set the topology collection
interval to 0 by using the ntdp timer command. In this case, the switch
does not collect network topology information periodically.
HGMPv2 consists of the following three
protocols:
l
Neighbor Discovery Protocol (NDP)
l
Neighbor Topology Discovery Protocol (NTDP)
l
Cluster
A cluster configures and manages the devices
in it through the above three protocols.
Cluster
management involves topology information collection and the establishment/maintenance
of a cluster. Topology information collection and cluster establishment/maintenance
are independent from each other. The former, as described below, starts before
a cluster is established.
l
All devices use NDP to collect the information about
their neighbors, including software version, host name, MAC address, and port name.
l
The management device uses NTDP to collect the
information about the devices within specific hops and the topology information
about the devices. It also determines the candidate devices according to the
information collected.
l
The management device adds the candidate devices
to the cluster or removes member devices from the cluster according to the
candidate device information collected through NTDP.
I. Introduction to NDP
NDP is a protocol used to discover adjacent
devices and provide information about them. NDP operates on the data link
layer, and therefore it supports different network layer protocols.
NDP is able to discover directly connected
neighbors and provide the following neighbor information: device type,
software/hardware version, and connecting port. In addition, it may provide the
following neighbor information: device ID, port full/half duplex mode, product
version, the Boot ROM version and so on.
l
An NDP-enabled device maintains an NDP neighbor
table. Each entry in the NDP table can automatically ages out. You can also
clear the current NDP information manually to have neighbor information
collected again.
l
An NDP-enabled device regularly broadcasts NDP
packet through all its active ports. An NDP packet carries a holdtime field,
which indicates how long the receiving devices will keep the NDP packet data. The
receiving devices store the information carried in the NDP packet into the NDP
table but do not forward the NDP packet. When they receive another NDP packet,
if the information carried in the packet is different from the stored one, the
corresponding entry in the NDP table is updated, otherwise only the holdtime of
the entry is updated.
NTDP is a protocol used to collect network topology information.
NTDP provides information required for cluster management: it collects topology
information about the switches within the specified hop count, so as to provide
the information of which devices can be added to a cluster.
Based on the neighbor information stored in
the neighbor table maintained by NDP, NTDP on the management device advertises
NTDP topology collection requests to collect the NDP information of each device
in a specific network range as well as the connection information of all its
neighbors. The information collected will be used by the management device or
the network management software to implement required functions.
When a member device detects a change on
its neighbors through its NDP table, it informs the management device through
handshake packets, and the management device triggers its NTDP to perform
specific topology collection, so that its NTDP can discover topology changes
timely.
The management device collects the topology
information periodically. You can also launch an operation of topology
information collection by executing related commands. The process of topology
information collection is as follows.
l
The management device sends NTDP topology
collection requests periodically through its NTDP-enabled ports.
l
Upon receiving an NTDP topology collection request,
the device returns a NTDP topology collection response to the management device
and forwards the request to its neighbor devices through its NTDP-enable ports.
The topology collection response packet contains the information about the
local device and the NDP information about all the neighbor devices.
l
The neighbor devices perform the same operation
until the NTDP topology collection request is propagated to all the devices
within the specified hops.
When an NTDP topology collection request is
propagated in the network, it is received and forwarded by large numbers of
network devices, which may cause network congestion and the management device
busy processing of the NTDP topology collection responses. To avoid such cases,
the following methods can be used to control the NTDP topology collection
request advertisement speed.
l
Configuring the devices not to forward the NTDP
topology collection request immediately after they receive an NTDP topology
collection request. That is, configure the devices to wait for a period before
they forward the NTDP topology collection request.
l
Configuring each NTDP-enabled port on a device
to forward an NTDP topology collection request after a specific period since
the previous port on the device forwards the NTDP topology collection request.
l
To implement NTDP, you need to enable NTDP both globally
and on specific ports on the management device, and configure NTDP parameters.
l
On member/candidate devices, you only need to
enable NTDP globally and on specific ports.
l
Member and candidate devices adopt the NTDP
settings of the management device.
III. Introduction to Cluster
A cluster must have one and only one
management device. Note the following when creating a
cluster:
l
You need to designate a management device for
the cluster. The management device of a cluster is the portal of the cluster.
That is, any operations from outside the network intended for the member
devices of the cluster, such as accessing, configuring, managing, and
monitoring, can only be implemented through the management device.
l
The management device of the cluster recognizes
and controls all the member devices in the cluster, no matter where they are
located in the network and how they are connected.
l
The management device collects topology
information about all member/candidate devices to provide useful information
for you to establish the cluster.
l
By collecting NDP/NTDP information, the
management device learns network topology, so as to manage and monitor network devices.
l
Before performing any cluster-related configuration
task, you need to enable the cluster function first.
On the management device, you need to enable the cluster function
and configure cluster parameters. On the member/candidate devices, however, you
only need to enable the cluster function so that they can be managed by the
management device.
IV. Cluster maintenance
1)
Adding a candidate device to a cluster
To create a cluster, you need to determine
the device to operate as the management device first. The management device
discovers and determines candidate devices through NDP and NTDP, and adds them
to the cluster. You can also add candidate devices to a cluster manually.
After a candidate device is added to a
cluster, the management device assigns a member number and a private IP address
(used for cluster management) to it.
2)
Communications within a cluster
In a cluster, the management device maintains
the connections to the member devices through handshake packets. Figure 1-3
illustrates the state machine of the connection between the management device and
a member device.
Figure 1-3 State machine of the
connection between the management device and a member device
l
After a cluster is created and a candidate
device is added to the cluster as a member device, both the management device and
the member device store the state information of the member device and mark the
member device as Active.
l
The management device and the member devices exchange
handshake packets periodically. Note that the handshake packets exchanged keep
the states of the member devices to be Active and are not responded.
l
If the management device does not receive a
handshake packet from a member device after a period three times of the
interval to send handshake packets, it changes the state of the member device
from Active to Connect. Likewise, if a member device fails to receive a handshake
packet from the management device after a period three times of the interval to
send handshake packets, the state of the member device will also be changed
from Active to Connect.
l
If the management device receives a handshake packet
or management packet from a member device that is in Connect state within the
information holdtime, it changes the state of the member device to Active;
otherwise, it changes the state of the member device (in Connect state) to Disconnect,
in which case the management device considers the member device disconnected. Likewise,
if this member device, which is in Connect state, receives a handshake packet or
management packet from the management device within the information holdtime,
it changes its state to Active; otherwise, it changes its state to Disconnect.
l
If the connection between the management device
and a member device in Disconnect state is recovered, the member device will be
added to the cluster again. After that, the state of the member device will turn
to Active both locally and on the management device.
Besides, handshake packets are also used by
member devices to inform the management device of topology changes.
Additionally, on the management device, you
can configure the FTP server, TFTP server, logging host and SNMP host to be
shared by the whole cluster. When a member device in the cluster communicates
with an external server, the member device first transmits data to the
management device, which then forwards the data to the external server. The
management device is the default shared FTP/TFTP server for the cluster; it
serves as the shared FTP/TFTP server when no shared FTP/TFTP server is
configured for the cluster.
V. Management VLAN
Management VLAN limits the range of cluster
management. Through management VLAN configuration, the following functions can
be implemented:
l
Enabling the management packets (including NDP
packets, NTDP packets, and handshake packets) to be transmitted in the
management VLAN only, through which the management packets are isolated from other
packets and network security is improved.
l
Enabling the management device and the member
devices to communicate with each other in the management VLAN.
Cluster management requires the packets of
the management VLAN be permitted on ports connecting the management device and
the member/candidate devices. Therefore:
l
If the packets of management VLAN are not permitted
on a candidate device port connecting to the management device, the candidate
device cannot be added to the cluster. In this case, you can enable the packets
of the management VLAN to be permitted on the port through the management VLAN
auto-negotiation function.
l
Packets of the management VLAN can be exchanged
between the management device and a member device/candidate device without
carrying VLAN tags only when the default VLAN ID of both the two ports
connecting the management device and the member/candidate device is the
management VLAN. If the VLAN IDs of the both sides are not that of the
management VLAN, packets of the management VLAN need to be tagged.
l
By default, the management VLAN interface is
used as the network management interface.
l
There is only one network management interface
on a management device; any newly configured network management interface will overwrite
the old one.
VI. Tracing a device in a cluster
In practice, you need to implement the
following in a cluster sometimes:
l
Know whether there is a loop in the cluster
l
Locate which port on which switch initiates a
network attack
l
Determine the port and switch that a MAC address
corresponds to
l
Locate which switch in the cluster has a fault
l
Check whether a link in the cluster and the
devices on the link comply with the original plan
In these situations, you can use the tracemac
command to trace a device in the cluster by specifying a destination MAC
address or IP address.
The procedures are as follows:
1)
Determine whether the destination MAC address or
destination IP address is used to trace a device in the cluster
l
If you use the tracemac command to trace
the device by its MAC address, the switch will query its MAC address table
according to the MAC address and VLAN ID in the command to find out the port
connected with the downstream switch.
l
If you use the tracemac command to trace
the device by its IP address, the switch will query the corresponding ARP entry
of the IP address to find out the corresponding MAC address and VLAN ID, and
thus find out the port connected with the downstream switch.
2)
After finding out the port connected with the
downstream switch, the switch will send a multicast packet with the VLAN ID and
specified hops to the port. Upon receiving the packet, the downstream switch
compares its own MAC address with the destination MAC address carried in the
multicast packet:
l
If the two MAC addresses are the same, the
downstream switch sends a response to the switch sending the tracemac
command, indicating the success of the tracemac command.
l
If the two MAC addresses are different, the
downstream switch will query the port connected with its downstream switch
based on the MAC address and VLAN ID, and then forward the packet to its
downstream switch. If within the specified hops, a switch with the specified
destination MAC address is found, this switch sends a response to the switch
sending the tracemac command, indicating the success of the tracemac
command. If no switch with the specified destination MAC address (or IP
address) is found, the multicast packet will not be forwarded to the downstream
any more.
l
If the queried IP address has a corresponding
ARP entry, but the MAC address entry corresponding to the IP address does not
exist, the trace of the device fails.
l
To trace a specific device using the tracemac
command, make sure that all the devices passed support the tracemac
function.
l
To trace a specific device in a management VLAN
using the tracemac command, make sure that all the devices passed are
within the same management VLAN as the device to be traced.
Before configuring a cluster, you need to determine
the roles and functions the switches play. You also need to configure the
related functions, preparing for the communication between devices within the
cluster.
Complete the following tasks to configure cluster:
I. Management device configuration
task list
Complete the following tasks to configure management
device:
To reduce the risk of being attacked by malicious users against
opened socket and enhance switch security, the S5600 series Ethernet switches
provide the following functions, so that a cluster socket is opened only when
it is needed:
l
Opening UDP port 40000 (used for cluster) only when
the cluster function is implemented,
l
Closing UDP port 40000 at the same time when the
cluster function is closed.
On the management
device, the preceding functions are implemented as follows:
l
When you create a cluster by using the build
or auto-build command, UDP port 40000 is opened at the same time.
l
When you remove a cluster by using the undo build
or undo cluster enable command, UDP port 40000 is closed at the same
time.
Follow these steps
to enable NDP globally and on specific ports:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable NDP globally
|
ndp
enable
|
Required
By default, NDP is enabled globally.
|
|
Enable NDP on specified Ethernet ports
|
In system view
|
ndp
enable interface port-list
|
Use either approach.
By default, NDP is enabled on a port.
|
|
In Ethernet port view
|
Enter Ethernet port view
|
interface
interface-type interface-number
|
|
Enable NDP on the port
|
ndp
enable
|
Follow these steps
to configure NDP-related parameters:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter
system view
|
system-view
|
—
|
|
Configure
the holdtime of NDP information
|
ndp
timer aging aging-in-seconds
|
Optional
By
default, the holdtime of NDP information is 180 seconds.
|
|
Configure
the interval to send NDP packets
|
ndp
timer hello seconds
|
Optional
By
default, the interval to send NDP packets is 60 seconds.
|
Follow these steps
to enable NTDP globally and on a specific port:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable NTDP globally
|
ntdp
enable
|
Required
Enabled by default
|
|
Enter Ethernet port view
|
interface interface-type interface-number
|
—
|
|
Enable NTDP on the Ethernet port
|
ntdp enable
|
Required
Enabled by default
|
Follow these steps
to configure NTDP-related parameters:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Configure the range to collect topology
information
|
ntdp hop hop-value
|
Optional
By default, the system collects
topology information from the devices within three hops.
|
|
Configure the device forward delay of
topology collection requests
|
ntdp timer hop-delay time
|
Optional
By default, the device forward delay
is 200 ms.
|
|
Configure the port forward delay of
topology collection requests
|
ntdp timer port-delay time
|
Optional
By default, the port forward delay is
20 ms.
|
|
Configure the interval to collect topology
information periodically
|
ntdp timer interval-in-minutes
|
Optional
By default, the topology collection interval
is one minute.
|
|
Quit system view
|
quit
|
—
|
|
Launch topology information collection
manually
|
ntdp explore
|
Optional
|
Follow these steps
to enable the cluster function:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Enable the cluster function globally
|
cluster
enable
|
Required
By default, the cluster function is
enabled.
|
The establishment of a cluster and the
related configuration can be accomplished in manual mode or automatic mode, as
described below.
1)
Establishing a cluster and configuring cluster
parameters in manual mode
Follow these steps
to establish a cluster and configure cluster parameters in manual mode:
|
To do…
|
Use the command…
|
Remarks
|
|
Enter system view
|
system-view
|
—
|
|
Specify the management VLAN
|
management-vlan vlan-id
|
Required
By default, VLAN 1 is used as the
management VLAN.
|
|
Enter cluster view
|
cluster
|
—
|
|
Configure a IP address pool for the
cluster
|
ip-pool administrator-ip-address { ip-mask | ip-mask-length }
|
Required
|
|
Build a cluster
|
build
name
|
Required
name: Cluster
name.
|
|
Configure a multicast MAC address for
the cluster
|
cluster-mac H-H-H
|
Required
By default, the cluster multicast MAC
address is 0180-C200-000A.
|
|
Set the interval for the management
device to send multicast packets
|
cluster-mac syn-interval time-interval
|
Optional
By default, the interval to send
multicast packets is one minutes.
|
|
Set the holdtime of member switches
|
holdtime seconds
|
Optional
By default, the holdtime is 60
seconds.
|
|
Set the interval to send handshake
packets
|
timer interval
|
Optional
By default, the interval to send
handshake packets is 10 seconds.
|
2)
Establish a cluster in automatic mode
Follow these steps
to establish a cluster in automatic mode:
