Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-IRF configuration | 651.27 KB |
Contents
File system naming conventions
Multi-active handling procedure
Restrictions and guidelines: IRF configuration
Support for Web-based configuration
Hardware compatibility with IRF
Candidate IRF physical interfaces
Transceiver modules selection for IRF
IRF physical interface configuration restrictions and guidelines
Feature compatibility and configuration restrictions with IRF
Licensing requirements for IRF
Configuration rollback restrictions
Assigning a member ID to each IRF member device
Specifying a priority for each member device
Binding physical interfaces to IRF ports
Saving configuration to the next-startup configuration file
Connecting IRF physical interfaces
Setting the operating mode to IRF mode
Restrictions and guidelines for MAD configuration
Excluding interfaces from the shutdown action upon detection of multi-active collision
Optimizing IRF settings for an IRF fabric
Changing the member ID of a member device
Changing the priority of a member device
Adding physical interfaces to an IRF port
Bulk-configuring basic IRF settings for a member device
Configuring a member device description
Configuring IRF link load sharing mode
Configuring the IRF bridge MAC address
Enabling software auto-update for software image synchronization
Setting the IRF link down report delay
Removing an expansion interface card that has IRF physical interfaces
Replacing an expansion interface card that has IRF physical interfaces
Display and maintenance commands for IRF
Example: Configuring an LACP MAD-enabled IRF fabric
Configuring a BFD MAD-enabled IRF fabric
Configuring an ARP MAD-enabled IRF fabric
Configuring an ND MAD-enabled IRF fabric
IRF hot backup configuration examples
Example: Configuring an IRF hot backup system in active/standby mode with one redundancy group
Example: Configuring an IRF hot backup system in dual-active mode with two redundancy groups
Configuring an IRF fabric
About IRF
The Intelligent Resilient Framework (IRF) technology virtualizes multiple physical devices at the same layer into one virtual fabric to provide data center class availability and scalability. IRF virtualization technology offers processing power, interaction, unified management, and uninterrupted maintenance of multiple devices.
IRF network model
Figure 1 shows an IRF fabric that has two devices, which appear as a single node to the upper-layer and lower-layer devices.
Figure 1 IRF application scenario
As shown in Figure 2, Device A and Device B form a two-chassis IRF fabric. The fabric has four MPUs (one active and three standbys), and two times the number of interface cards that a single device provides. The IRF fabric manages the physical and software resources of Device A and Device B in a centralized manner.
Figure 2 Two-chassis IRF fabric implementation schematic diagram
IRF benefits
IRF provides the following benefits:
· Simplified topology and easy management—An IRF fabric appears as one node and is accessible at a single IP address on the network. You can use this IP address to log in at any member device to manage all the members of the IRF fabric. In addition, you do not need to run the spanning tree feature among the IRF members.
· 1:N redundancy—In an IRF fabric, one member acts as the master to manage and control the entire IRF fabric. All the other members process services while backing up the master. When the master fails, all the other member devices elect a new master from among them to take over without interrupting services.
· IRF link aggregation—You can assign several physical links between neighboring members to their IRF ports to create a load-balanced aggregate IRF connection with redundancy.
· Multichassis link aggregation—You can use the Ethernet link aggregation feature to aggregate the physical links between the IRF fabric and its upstream or downstream devices across the IRF members.
· Network scalability and resiliency—Processing capacity of an IRF fabric equals the total processing capacities of all the members. You can increase ports, network bandwidth, and processing capacity of an IRF fabric simply by adding member devices without changing the network topology.
Basic concepts
Operating mode
The device operates in one of the following modes:
· Standalone mode—The device cannot form an IRF fabric with other devices.
· IRF mode—The device can form an IRF fabric with other devices.
IRF member roles
IRF uses two member roles: master and standby (called subordinate throughout the documentation).
When devices form an IRF fabric, they elect a master to manage and control the IRF fabric, and all the other devices back up the master. When the master device fails, the other devices automatically elect a new master. For more information about master election, see "Master election."
IRF member ID
An IRF fabric uses member IDs to uniquely identify and manage its members. This member ID information is included as the first part of interface numbers and file paths to uniquely identify interfaces and files in an IRF fabric. Two devices cannot form an IRF fabric if they use the same member ID. A device cannot join an IRF fabric if its member ID has been used in the fabric.
MPU roles
Each IRF member device has one or two MPUs. The following are MPU roles:
|
Role |
Description |
|
Master MPU |
Active MPU of the master device. It is also called the global active MPU. You configure and manage the entire IRF fabric at the CLI of the global active MPU. |
|
Active MPU |
Active MPU on each member device. An active MPU performs the following tasks: · Manages the local device, including synchronizing configuration with the local standby MPU, processing protocol packets, and creating and maintaining route entries. · Processes IRF-related events, such as master election and topology collection. |
|
Standby MPU |
For the master MPU, all other MPUs are standby MPUs, including active MPUs on subordinate devices. If a member device has two MPUs, the MPU backing up the local active MPU is the local standby MPU from the perspective of the member device. |
Member priority
Member priority determines the possibility of a member device to be elected the master. A member with higher priority is more likely to be elected the master.
IRF port
An IRF port is a logical interface that connects IRF member devices. Every IRF-capable device has two IRF ports.
Mode conversion-capable devices:
In standalone mode, the IRF ports are named IRF-port 1 and IRF-port 2.
In IRF mode, the IRF ports are named IRF-port n/1 and IRF-port n/2, where n is the member ID of the device. The two IRF ports are referred to as IRF-port 1 and IRF-port 2.
To use an IRF port, you must bind a minimum of one physical interface to it. The physical interfaces assigned to an IRF port automatically form an aggregate IRF link. An IRF port goes down when all its IRF physical interfaces are down.
IRF physical interface
IRF physical interfaces connect IRF member devices and must be bound to an IRF port. They forward traffic between member devices, including IRF protocol packets and data packets that must travel across IRF member devices.
IRF split
IRF split occurs when an IRF fabric breaks up into multiple IRF fabrics because of IRF link failures, as shown in Figure 3. The split IRF fabrics operate with the same IP address. IRF split causes routing and forwarding problems on the network. To quickly detect a multi-active collision, configure a minimum of one MAD mechanism (see "Configuring MAD").
IRF merge
IRF merge occurs when two split IRF fabrics reunite or when two independent IRF fabrics are united, as shown in Figure 4.
MAD
An IRF link failure causes an IRF fabric to split in two IRF fabrics operating with the same Layer 3 settings, including the same IP address. To avoid IP address collision and network problems, IRF uses multi-active detection (MAD) mechanisms to detect the presence of multiple identical IRF fabrics, handle collisions, and recover from faults.
IRF domain ID
One IRF fabric forms one IRF domain. IRF uses IRF domain IDs to uniquely identify IRF fabrics and prevent IRF fabrics from interfering with one another.
As shown in Figure 5, IRF fabric 1 contains Device A and Device B, and IRF fabric 2 contains Device C and Device D. Both fabrics use the LACP aggregate links between them for MAD. When a member device receives an extended LACPDU for MAD, it checks the domain ID to determine whether the packet is from the local IRF fabric. Then, the member device can handle the packet correctly.
Figure 5 A network that contains two IRF domains
IRF network topology
An IRF fabric can use a daisy-chain topology, as shown in Figure 6.
|
|
IMPORTANT: No relay devices are allowed between IRF member devices. |
Master election
Master election occurs each time the IRF fabric topology changes in the following situations:
· The IRF fabric is established.
· The master device fails or is removed.
· The IRF fabric splits.
· Independent IRF fabrics merge.
|
|
NOTE: Master election does not occur when split IRF fabrics merge. For information about the master device of the merged IRF fabric, see "Failure recovery." |
Master election selects a master in descending order:
1. Current master, even if a new member has higher priority.
When an IRF fabric is being formed, all members consider themselves as the master. This rule is skipped.
2. Member with higher priority.
3. Member with the longest system uptime.
Two members are considered to start up at the same time if the difference between their startup times is equal to or less than 10 minutes. For these members, the next tiebreaker applies.
4. Member with the lowest CPU MAC address.
For the setup of a new IRF fabric, the subordinate devices must reboot to complete the setup after the master election.
For an IRF merge, devices must reboot if they are in the IRF fabric that fails the master election.
Interface naming conventions
In standalone mode:
A physical interface is numbered in the slot-number/subslot-number/interface-index format.
For example, set the link type of GigabitEthernet 1/0/1 to trunk, as follows:
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] port link-type trunk
In IRF mode:
A physical interface is numbered in the chassis-number/slot-number/subslot-number/interface-index format. The chassis-number argument represents the IRF member ID.
For example, GigabitEthernet 1/2/0/1 represents the first port in slot 2 on member device 1. Set its link type to trunk, as follows:
<Sysname> system-view
[Sysname] interface gigabitethernet 1/2/0/1
[Sysname-GigabitEthernet1/2/0/1] port link-type trunk
File system naming conventions
In standalone mode, you can use the storage device name to access the file system of the active MPU. To access the file system of the standby MPU, use the name in the slotslot-number#storage-device-name format.
On a multichassis IRF fabric, you can use the storage device name to access the file system of the global active MPU. To access the file system of a global standby MPU, use the name in the chassismember-ID#slotslot-number#storage-device-name format.
For more information about storage device naming conventions, see Fundamentals Configuration Guide.
For example:
· To create and access the test folder under the root directory of the flash memory on the global active MPU:
<Master> mkdir test
Creating directory flash:/test... Done.
<Master> cd test
<Master> dir
Directory of flash:/test
The directory is empty.
524288 KB total (29832 KB free)
· To create and access the test folder under the root directory of the flash memory in slot 0 on member device 1:
<Master> mkdir chassis1#slot0#flash:/test
Creating directory chassis1#slot0#flash:/test... Done.
<Master> cd chassis1#slot0#flash:/test
<Master> dir
Directory of chassis1#slot0#flash:/test
The directory is empty.
524288 KB total (128812 KB free)
Configuration synchronization
IRF uses a strict running-configuration synchronization mechanism. In an IRF fabric, all MPUs obtain and run the running configuration of the global active MPU. Configuration changes are automatically propagated from the global active MPU to the remaining MPUs. The configuration files of these MPUs are retained, but the files do not take effect. The subordinate devices use their own startup configuration files on their respective local active MPU only after these devices are removed from the IRF fabric.
As a best practice, back up the next-startup configuration file on a device before adding the device to an IRF fabric as a subordinate.
A subordinate device's next-startup configuration file might be overwritten if the master and the subordinate use the same file name for their next-startup configuration files. You can use the backup file to restore the original configuration after removing the subordinate from the IRF fabric.
For more information about configuration management, see Fundamentals Configuration Guide.
Multi-active handling procedure
The multi-active handling procedure includes detection, collision handling, and failure recovery.
Detection
IRF provides MAD mechanisms by extending LACP, BFD, ARP, and IPv6 ND to detect multi-active collisions. As a best practice, configure a minimum of one MAD mechanism on an IRF fabric. For more information about the MAD mechanisms and their application scenarios, see "MAD mechanisms."
For information about LACP, see Ethernet link aggregation in Layer 2—LAN Switching Configuration Guide. For information about BFD, see Network Management and Monitoring Configuration Guide. For information about ARP, see Layer 3—IP Services Configuration Guide. For information about ND, see IPv6 basics in Layer 3—IP Services Configuration Guide.
Collision handling
When MAD detects a multi-active collision, it sets all IRF fabrics except one to the Recovery state. The fabric that is not placed in Recovery state can continue to forward traffic. The Recovery-state IRF fabrics are inactive and cannot forward traffic.
LACP MAD and BFD MAD use the following process to handle a multi-active collision:
1. Compare the number of members in each fabric.
2. Set all fabrics to the Recovery state except the one that has the most members.
3. Compare the member IDs of the masters if all IRF fabrics have the same number of members.
4. Set all fabrics to the Recovery state except the one that has the lowest numbered master.
5. Shut down all common network interfaces in the Recovery-state fabrics except for the following interfaces:
¡ Interfaces automatically excluded from being shut down by the system.
¡ Interfaces specified by using the mad exclude interface command.
ARP MAD and ND MAD use the following process to handle a multi-active collision:
1. Compare the member IDs of the masters in the IRF fabrics.
2. Set all fabrics to the Recovery state except the one that has the lowest numbered master.
3. Take the same action on the network interfaces in Recovery-state fabrics as LACP MAD and BFD MAD.
Failure recovery
To merge two split IRF fabrics, first repair the failed IRF link and remove the IRF link failure.
After the failed IRF link between two split IRF fabrics is recovered, log in to the inactive IRF fabric to reboot its member devices if the system requires you to do so. After these member devices join the active IRF fabric as subordinate devices, the IRF merge is complete, as shown in Figure 7. The network interfaces that have been shut down by MAD automatically restore their original state.
|
|
CAUTION: If you inadvertently reboot the active IRF fabric after the failed IRF link recovers, its member devices will join the inactive IRF fabric with their network interfaces being shut down by MAD. To restore the original states of the network interfaces in the merged IRF fabric, use the mad restore command. |
|
|
NOTE: If the IRF auto-merge feature is enabled, the inactive IRF member devices will automatically reboot after the failed IRF link recovers and a manual reboot is typically not required. |
Figure 7 Recovering the IRF fabric
If the active IRF fabric fails before the IRF link is recovered (see Figure 8), use the mad restore command on the inactive IRF fabric to recover the inactive IRF fabric. This command brings up all network interfaces that were shut down by MAD. After the IRF link is repaired, merge the two parts into a unified IRF fabric.
Figure 8 Active IRF fabric fails before the IRF link is recovered
MAD mechanisms
IRF provides MAD mechanisms by extending LACP, BFD, ARP, and IPv6 ND.
Table 1 compares the MAD mechanisms and their application scenarios.
Table 1 Comparison of MAD mechanisms
|
MAD mechanism |
Advantages |
Disadvantages |
Application scenarios |
|
· Detection speed is fast. · Runs on existing aggregate links without requiring MAD-dedicated physical links or Layer 3 interfaces. |
Requires an intermediate device that supports extended LACP for MAD. |
Link aggregation is used between the IRF fabric and its upstream or downstream device. |
|
|
· Detection speed is fast. · Intermediate device, if used, can come from any vendor. |
Requires MAD dedicated physical links and Layer 3 interfaces, which cannot be used for transmitting user traffic. |
· No special requirements for network scenarios. · If no intermediate device is used, this mechanism is only suitable for IRF fabrics that have only two members that are geographically close to one another. |
|
|
· No intermediate device is required. · Intermediate device, if used, can come from any vendor. · Does not require MAD dedicated ports. |
· Detection speed is slower than BFD MAD and LACP MAD. · The spanning tree feature must be enabled. |
Spanning tree-enabled non-link aggregation IPv4 network scenarios. |
|
|
· No intermediate device is required. · Intermediate device, if used, can come from any vendor. · Does not require MAD dedicated ports. |
· Detection speed is slower than BFD MAD and LACP MAD. · The spanning tree feature must be enabled. |
Spanning tree-enabled non-link aggregation IPv6 network scenarios. |
LACP MAD
As shown in Figure 9, LACP MAD has the following requirements:
· Every IRF member must have a link with an intermediate device.
· All the links form a dynamic link aggregation group.
· The intermediate device must be a device that supports extended LACP for MAD.
The IRF member devices send extended LACPDUs that convey a domain ID and an active ID (the member ID of the master). The intermediate device transparently forwards the extended LACPDUs received from one member device to all the other member devices.
· If the domain IDs and active IDs sent by all the member devices are the same, the IRF fabric is integrated.
· If the extended LACPDUs convey the same domain ID but different active IDs, a split has occurred. LACP MAD handles this situation as described in "Collision handling."
BFD MAD
BFD MAD detects multi-active collisions by using BFD.
You can use common Ethernet ports for BFD MAD.
If common Ethernet ports are used, BFD MAD has the following requirements:
· If an intermediate device is used, each member device must have a BFD MAD link to the intermediate device. If no intermediate device is used, all member devices must have a BFD MAD link to each other. As a best practice, use an intermediate device to connect IRF member devices if the IRF fabric has more than two member devices. A full mesh of IRF members might cause broadcast loops.
Assign ports on BFD MAD links to the same Layer 3 aggregate interface. Assign each member device a MAD IP address on the Layer 3 aggregate interface.
The BFD MAD links and Layer 3 aggregate interface must be dedicated. Do not use the BFD MAD links or Layer 3 aggregate interface for any other purposes.
When you use a Layer 3 aggregate interface for BFD MAD, make sure its member ports do not exceed the maximum number of Selected ports allowed for an aggregation group. If the number of member ports exceeds the maximum number of Selected ports, some member ports cannot become Selected. BFD MAD will be unable to work correctly and its state will change to Faulty. For more information about setting the maximum number of Selected ports for an aggregation group, see Ethernet link aggregation in Layer 2—LAN Switching Configuration Guide.
|
|
NOTE: The MAD addresses identify the member devices and must belong to the same subnet. |
Figure 10 shows a typical BFD MAD scenario that uses an intermediate device. On the intermediate device, assign the ports on the BFD MAD links to the same VLAN.
Figure 11 shows a typical BFD MAD scenario that does not use an intermediate device.
With BFD MAD, the master attempts to establish BFD sessions with other member devices by using its MAD IP address as the source IP address.
· If the IRF fabric is integrated, only the MAD IP address of the master takes effect. The master cannot establish a BFD session with any other member. If you execute the display bfd session command, the state of the BFD sessions is Down.
· When the IRF fabric splits, the IP addresses of the masters in the split IRF fabrics take effect. The masters can establish a BFD session. If you execute the display bfd session command, the state of the BFD session between the two devices is Up.
Figure 10 BFD MAD scenario with an intermediate device
Figure 11 BFD MAD scenario without an intermediate device
ARP MAD
ARP MAD detects multi-active collisions by using extended ARP packets that convey the IRF domain ID and the active ID (the member ID of the master).
ARP MAD can work with or without an intermediate device. Make sure the following requirements are met:
· If an intermediate device is used, connect each IRF member device to the intermediate device, as shown in Figure 12. Run the spanning tree feature between the IRF fabric and the intermediate device. In this situation, data links can be used.
· If no intermediate device is used, connect each IRF member device to all other member devices. In this situation, IRF links cannot be used for ARP MAD.
Each IRF member compares the domain ID and the active ID (the member ID of the master) in incoming extended ARP packets with its domain ID and active ID.
· If the domain IDs are different, the extended ARP packet is from a different IRF fabric. The device does not continue to process the packet with the MAD mechanism.
· If the domain IDs are the same, the device compares the active IDs.
¡ If the active IDs are different, the IRF fabric has split.
¡ If the active IDs are the same, the IRF fabric is integrated.
ND MAD
ND MAD detects multi-active collisions by using NS packets to transmit the IRF domain ID and the active ID (the member ID of the master).
You can set up ND MAD links between neighbor IRF member devices or between each IRF member device and an intermediate device (see Figure 13). If an intermediate device is used, you must also run the spanning tree protocol between the IRF fabric and the intermediate device.
Each IRF member device compares the domain ID and the active ID (the member ID of the master) in incoming NS packets with its domain ID and active ID.
· If the domain IDs are different, the NS packet is from a different IRF fabric. The device does not continue to process the packet with the MAD mechanism.
· If the domain IDs are the same, the device compares the active IDs.
¡ If the active IDs are different, the IRF fabric has split.
¡ If the active IDs are the same, the IRF fabric is integrated.
Restrictions and guidelines: IRF configuration
Support for Web-based configuration
You can configure only basic IRF settings from the Web interface. To configure IRF parameters not available on the Web interface, access the CLI.
Hardware compatibility with IRF
The device can form an IRF fabric only with devices of the same model. The cards in the slots numbered the same between member chassis must be the same type.
Software requirements for IRF
All IRF member devices must run the same software image version. Make sure the software auto-update feature is enabled on all member devices.
IRF fabric size
An IRF fabric can contain a maximum of two member devices.
Candidate IRF physical interfaces
As a best practice, use high-speed ports as IRF physical interfaces.
To use a port as an IRF physical interface, use the port group interface command to bind the port to an IRF port.
Do not use the following ports as IRF physical interfaces:
· Console ports.
· Management ports, unless otherwise stated. The interface type identifier for management ports is M-GigabitEthernet. The port identifier for a management port has a suffix of "MGMT" on the panel.
· A port marked with Bypass on the panel or a port that has been assigned by default or manually to a bridge instance enabled with security service bypass.
· 100-GE ports on the NSQM1CGQ20 module.
· 100-GE ports on the NSQ1CGC2SE0 module.
Transceiver modules selection for IRF
The device supports pluggable interface modules. You can select interface modules depending on the types of interfaces on the device. The device supports the following interface modules:
· XFP modules at 10 Gbps.
· SFP+ modules at 10 Gbps.
· QSPF+ modules.
· CFP modules at 100 Gbps.
· QSFP28 modules.
For more information about the transceiver modules and DAC cables, see the device installation guide and H3C Transceiver Modules User Guide.
|
|
NOTE: The transceiver modules and DAC cables available for the device are subject to change over time. For the most up-to-date list of transceiver modules and DAC cables, contact your H3C sales representative. |
IRF port connection
When you connect two neighboring IRF members, follow these restrictions and guidelines:
· You must connect the physical interfaces of IRF-port 1 on one member to the physical interfaces of IRF-port 2 on the other.
· For high availability, bind multiple physical interfaces to an IRF port.
· No relay devices are allowed between neighboring members.
Figure 14 Connecting IRF physical interfaces
IRF physical interface configuration restrictions and guidelines
Command configuration restrictions
On a physical interface bound to an IRF port, you can execute only the following commands:
· Interface commands, including:
¡ description.
¡ flow-interval.
¡ shutdown.
For more information about these commands, see Ethernet interface configuration in Interface Command Reference.
· The itu-channel command for setting the ITU channel number for a transceiver module. For more information about this command, see device management commands in Fundamentals Command Reference.
· LLDP commands, including:
¡ lldp admin-status.
¡ lldp check-change-interval.
¡ lldp enable.
¡ lldp encapsulation snap.
¡ lldp notification remote-change enable.
¡ lldp tlv-enable.
For more information about these commands, see Layer 2—LAN Switching Command Reference.
· The mirroring-group reflector-port command, which specifies the physical interface as a reflector port for remote mirroring. For more information about this command, see port mirroring in Network Management and Monitoring Command Reference.
|
|
IMPORTANT: Do not execute the mirroring-group reflector-port command on an IRF physical interface if that interface is the only member interface of an IRF port. Doing so will split the IRF fabric, because this command also removes the binding of the physical interface and IRF port. |
Suppressing SNMP notifications of packet drops on IRF physical interfaces
Before an IRF member device forwards a packet, it examines its forwarding path in the IRF fabric for a loop. If a loop exists, the device discards the packet on the source interface of the looped path. This loop elimination mechanism will drop a large number of broadcast packets on the IRF physical interfaces.
To suppress SNMP notifications of packet drops that do not require attention, do not monitor packet forwarding on the IRF physical interfaces.
Feature compatibility and configuration restrictions with IRF
System operating mode
To form an IRF fabric, all member devices must work in the same system operating mode. To set the system operating mode, use the system-working-mode command. For more information about the system operating mode, see device management in Fundamentals Configuration Guide.
Context
Make sure IRF physical interfaces and MAD VLANs belong to the default context. Assign physical interfaces to contexts and then configure MAD.
If the IRF fabric splits, do not change the context settings on any IRF member devices before they reunite.
Before you use the undo context command to delete a context, remove the IRF port bindings for the IRF physical interfaces on the context and save the configuration. To identify the physical interfaces bound to IRF ports, use the display irf link command.
Except for the commands in Table 2, all IRF commands are available only on the default context.
Table 2 IRF commands available on both default and non-default contexts
|
Command category |
Commands |
|
Display commands |
display irf link display mad |
|
MAD commands |
mad arp enable mad enable mad nd enable mad exclude interface |
For more information about contexts, see "Configuring contexts."
Routing settings
To form an IRF fabric, all member devices must use the same settings for the following routing features:
· ECMP mode (set by using the ecmp mode command).
· Support for IPv6 routes with prefixes longer than 64 bits.
For more information about the routing features, see basic IP routing configuration in Layer 3—IP Routing Configuration Guide.
ACL
To form an IRF fabric, all member devices in the IRF fabric must have the same settings for the ACL hardware mode. For more information about hardware-based ACLs, see ACL and QoS Configuration Guide.
Licensing requirements for IRF
For a license-based feature to run correctly on an IRF fabric, make sure the licenses installed for the feature on all member devices are the same. For more information about feature licensing, see Fundamentals Configuration Guide.
Configuration rollback restrictions
The configuration rollback feature cannot roll back the following IRF settings:
· Member device description (set by using the irf member description command).
· Member device priority (set by using the irf member priority command).
· IRF physical interface and IRF port bindings (set by using the port group interface command).
For more information about the configuration rollback feature, see configuration file management in Fundamentals Configuration Guide.
IRF tasks at a glance
To configure IRF, perform the following tasks:
a. Assigning a member ID to each IRF member device
b. (Optional.) Specifying a priority for each member device
c. Binding physical interfaces to IRF ports
d. Saving configuration to the next-startup configuration file
e. Connecting IRF physical interfaces
f. Setting the operating mode to IRF mode
Configure a minimum of one MAD mechanism on an IRF fabric.
¡ Excluding interfaces from the shutdown action upon detection of multi-active collision
This feature excludes an interface from the shutdown action for management or other special purposes when an IRF fabric transits to the Recovery state.
3. (Optional.) Optimizing IRF settings for an IRF fabric
¡ Changing the member ID of a member device
Changing member IDs in an IRF fabric can void member ID-related configuration and cause unexpected problems. Make sure you understand the impact on your live network before you change member IDs.
¡ Changing the priority of a member device
¡ Adding physical interfaces to an IRF port
¡ Bulk-configuring basic IRF settings for a member device
You can configure member IDs, priorities, domain ID, IRF physical interfaces separately or in bulk.
When two IRF fabrics merge, this feature enables the IRF fabric that failed the master election to automatically reboot all its member devices to complete the merge.
¡ Configuring a member device description
¡ Configuring IRF link load sharing mode
¡ Configuring the IRF bridge MAC address
¡ Enabling software auto-update for software image synchronization
This feature automatically synchronizes the current software images of the global active MPU to devices or MPUs that are attempting to join the IRF fabric.
¡ Setting the IRF link down report delay
Planning the IRF fabric setup
Consider the following items when you plan an IRF fabric:
· Hardware compatibility and restrictions.
· IRF fabric size.
· Master device.
· Member ID and priority assignment scheme.
· Fabric topology and cabling scheme.
· IRF physical interfaces.
Setting up an IRF fabric
Assigning a member ID to each IRF member device
About this task
Assign a unique IRF member ID to a device before changing the device's operating mode to IRF. If you do not assign a member ID to the device, the device automatically uses the member ID of 1 after the mode changes to IRF.
The member ID assigned to the device is saved in both active and standby MPUs. The standby MPU might store a different member ID than the active MPU after an MPU replacement. For consistency, the system updates the member ID in the active MPU automatically to the standby MPU when the difference is detected.
Procedure
1. Enter system view.
system-view
2. Assign an IRF member ID to the device.
irf member member-id
By default, the device operates in standalone mode and does not have an IRF member ID.
Specifying a priority for each member device
About this task
IRF member priority represents the possibility for a device to be elected the master in an IRF fabric. A larger priority value indicates a higher priority.
Procedure
1. Enter system view.
system-view
2. Specify a priority for the device in standalone mode.
irf priority priority
The default IRF member priority is 1.
Binding physical interfaces to IRF ports
About this task
In standalone mode, IRF port binding operations do not affect the current configuration of the interface. However, when the operating mode changes to IRF mode, the default configuration is restored on the physical interface.
Procedure
1. Enter system view.
system-view
2. Enter IRF port view in standalone mode.
irf-port irf-port-number
3. Bind a physical interface to the IRF port.
port group interface interface-type interface-number
By default, no physical interfaces are bound to an IRF port.
Repeat this step to assign multiple physical interfaces to the IRF port.
Saving configuration to the next-startup configuration file
About this task
Save the running configuration before converting to the IRF mode. The mode change requires a reboot, which causes all unsaved settings to be lost.
Procedure
To save the running configuration to the next-startup configuration file, execute the following command in any view:
save
For more information about this command, see configuration file management in Fundamentals Command Reference.
Connecting IRF physical interfaces
Follow the restrictions in "IRF port connection" to connect IRF physical interfaces as well as based on the topology and cabling scheme.
Setting the operating mode to IRF mode
About this task
By default, the device operates in standalone mode. To assign the device to an IRF fabric, you must change its operating mode to IRF mode.
After you change the operating mode, the device automatically reboots for the change to take effect.
During the reboot, you may choose to have the system automatically convert the startup configuration file. Automatic configuration conversion prevents slot- or interface-related settings from becoming invalid. For example, the system adds member ID information to interface numbers and file paths in IRF mode.
Restrictions and guidelines
Upon an operating mode change, the system automatically converts interface names by adding or deleting the first number segment (the member ID) in the interface number. When performing this task, the system converts every string in a valid interface name format without identifying whether or not they are interface names. To avoid undesirable configuration changes that result from false modification, do not name any objects except interfaces in a valid interface name format.
If a string (except the string configured by using the description command) matches a valid interface name, the system converts that string. For example, if a VLAN exists with a name of GigabitEthernet1/0/7 in standalone mode, the VLAN name will change to GigabitEthernetn/1/0/7 in IRF mode. The n argument represents the IRF member ID.
Prerequisites
Before you change the operating mode, verify that a unique IRF member ID has been assigned to the device.
Procedure
1. Enter system view.
system-view
2. Set the operating mode to IRF mode.
chassis convert mode irf
The default operating mode is standalone mode.
IRF generates packets on a device in IRF mode even if the device does not form an IRF fabric with any other devices. To conserve system resources, set a device to standalone mode after removing it from an IRF fabric. To restore the standalone mode, use the undo chassis convert mode command.
Accessing the IRF fabric
The following methods are available for accessing an IRF fabric:
· Local login—Log in through the console port of any member device.
· Remote login—Log in at a Layer 3 interface on any member device by using methods including Telnet and SNMP.
The IRF fabric appears as one device after it is formed. When you log in to an IRF fabric, you are placed at the CLI of the global active MPU, regardless of at which member device you are logged in. You configure and manage all IRF members at the CLI of the global active MPU. All settings you have made are automatically propagated to the IRF members.
For more information, see login configuration in Fundamentals Configuration Guide.
Configuring MAD
Restrictions and guidelines for MAD configuration
VLAN interface compatibility
Do not configure MAD on VLAN interfaces.
MAD mechanism compatibility
As a best practice, configure a minimum of one MAD mechanism on an IRF fabric for prompt IRF split detection. Because MAD mechanisms use different collision handling processes, follow these restrictions and guidelines when you configure multiple MAD mechanisms on an IRF fabric:
· Do not configure LACP MAD together with ARP MAD or ND MAD.
· Do not configure BFD MAD together with ARP MAD or ND MAD.
Assigning IRF domain IDs
An IRF fabric has only one IRF domain ID.
You can change the IRF domain ID by using the following commands: irf domain, mad enable, mad arp enable, or mad nd enable. The IRF domain IDs configured by using these commands overwrite each other.
If you change the IRF domain ID in one context, the IRF domain IDs in all other contexts change automatically. The irf domain command is available only on the default context. The mad enable, mad arp enable, and mad nd enable commands are available on any contexts.
If LACP MAD, ARP MAD, or ND MAD runs between two IRF fabrics, assign each fabric a unique IRF domain ID. (For BFD MAD, this task is optional.)
Actions on interfaces shut down by MAD
To prevent a multi-active collision from causing network issues, avoid using the undo shutdown command to bring up the interfaces shut down by a MAD mechanism on a Recovery-state IRF fabric.
Configuring LACP MAD
1. Enter system view.
system-view
2. Assign a domain ID to the IRF fabric.
irf domain domain-id
The default IRF domain ID is 0.
|
|
CAUTION: Changing the IRF domain ID of an IRF member device will remove that member device from the IRF fabric. This member device will be unable to exchange IRF protocol packets with the remaining member devices in the IRF fabric. |
3. Create an aggregate interface and enter aggregate interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
Perform this step also on the intermediate device.
4. Configure the aggregation group to operate in dynamic aggregation mode.
link-aggregation mode dynamic
By default, an aggregation group operates in static aggregation mode.
LACP MAD takes effect only on dynamic aggregate interfaces.
Perform this step also on the intermediate device.
5. Enable LACP MAD.
mad enable
By default, LACP MAD is disabled.
6. Return to system view.
quit
7. Enter Ethernet interface view or interface range view.
¡ Enter Ethernet interface view.
interface interface-type interface-number
¡ Enter interface range view. Choose one of the following commands:
interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24>
interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]
To assign a range of ports to the aggregation group, enter interface range view.
To assign one port to the aggregation group, enter Ethernet interface view.
8. Assign the Ethernet port or the range of Ethernet ports to the specified aggregation group.
port link-aggregation group group-id
Multichassis link aggregation is allowed.
Perform this step also on the intermediate device.
Configuring BFD MAD
Configuring BFD MAD on a Layer 3 aggregate interface
1. Enter system view.
system-view
2. (Optional.) Assign a domain ID to the IRF fabric.
irf domain domain-id
By default, the domain ID of an IRF fabric is 0.
|
|
CAUTION: Changing the IRF domain ID of an IRF member device will remove that member device from the IRF fabric. This member device will be unable to exchange IRF protocol packets with the remaining member devices in the IRF fabric. |
3. Create a Layer 3 aggregate interface for BFD MAD.
interface route-aggregation interface-number
4. Return to system view.
quit
5. Enter interface view or interface range view.
¡ Enter Ethernet interface view.
interface interface-type interface-number
¡ Enter interface range view. Choose one of the following commands:
interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24>
interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]
To assign a range of ports to the aggregation group for the aggregate interface, enter interface range view.
To assign one port to the aggregation group for the aggregate interface, enter Ethernet interface view.
6. Assign the port or the range of ports to the aggregation group for the aggregate interface.
port link-aggregation group number
7. Return to system view.
quit
8. Enter Layer 3 aggregate interface view.
interface route-aggregation interface-number
9. Enable BFD MAD.
mad bfd enable
By default, BFD MAD is disabled.
10. Assign a MAD IP address to a member device on the Layer 3 aggregate interface.
mad ip address ip-address { mask | mask-length } member member-id
By default, no MAD IP addresses are configured on aggregate interfaces.
Repeat this step to assign a MAD IP address to each member device on the aggregate interface.
Configuring ARP MAD
Restrictions and guidelines
As a best practice, use the following procedure to set up ARP MAD:
1. Choose an ARP MAD link scheme as described in "ARP MAD."
2. Configure ARP MAD.
3. Connect the ARP MAD links if you are not using existing data links as ARP MAD links.
When you configure ARP MAD, follow these restrictions and guidelines:
|
Category |
Restrictions and guidelines |
|
ARP MAD VLAN |
· Do not enable ARP MAD on VLAN-interface 1. · If you are using an intermediate device, perform the following tasks: ¡ On the IRF fabric and the intermediate device, create a VLAN for ARP MAD. ¡ On the IRF fabric and the intermediate device, assign the ports of ARP MAD links to the ARP MAD VLAN. ¡ On the IRF fabric, create a VLAN interface for the ARP MAD VLAN. · Do not use the ARP MAD VLAN for any other purposes. |
|
ARP MAD and feature configuration |
If an intermediate device is used, make sure the following requirements are met: · Run the spanning tree feature between the IRF fabric and the intermediate device to ensure that there is only one ARP MAD link in forwarding state. For more information about the spanning tree feature and its configuration, see Layer 2—LAN Switching Configuration Guide. · Enable the IRF fabric to change its bridge MAC address as soon as the address owner leaves. · If the intermediate device is also an IRF fabric, assign the two IRF fabrics different domain IDs for correct split detection. |
Procedure
1. Enter system view.
system-view
2. Assign a domain ID to the IRF fabric.
irf domain domain-id
The default IRF domain ID is 0.
|
|
CAUTION: Changing the IRF domain ID of an IRF member device will remove that member device from the IRF fabric. This member device will be unable to exchange IRF protocol packets with the remaining member devices in the IRF fabric. |
3. Configure the IRF bridge MAC address to change as soon as the address owner leaves.
undo irf mac-address persistent
By default, the IRF bridge MAC address does not change after the address owner leaves.
4. Create a VLAN dedicated to ARP MAD.
vlan vlan-id
By default, only VLAN 1 exists.
5. Return to system view.
quit
6. Enter Ethernet interface view or interface range view.
¡ Enter Ethernet interface view.
interface interface-type interface-number
¡ Enter interface range view. Choose one of the following commands:
interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24>
interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]
To assign a range of ports to the ARP MAD VLAN, enter interface range view.
To assign one port to the ARP MAD VLAN, enter Ethernet interface view.
7. Assign the port or the range of ports to the ARP MAD VLAN.
¡ Assign the ports to the VLAN as access ports.
port access vlan vlan-id
¡ Assign the ports to the VLAN as trunk ports.
port trunk permit vlan vlan-id
¡ Assign the ports to the VLAN as hybrid ports.
port hybrid vlan vlan-id { tagged | untagged }
The link type of ARP MAD ports can be access, trunk, or hybrid.
The default link type of a port is access.
8. Return to system view.
quit
9. Enter VLAN interface view.
interface vlan-interface vlan-interface-id
10. Assign the interface an IP address.
ip address ip-address { mask | mask-length }
By default, no IP addresses are assigned to any VLAN interfaces.
11. Enable ARP MAD.
mad arp enable
By default, ARP MAD is disabled.
Configuring ND MAD
Restrictions and guidelines
When you use ND MAD, follow these guidelines:
· If an intermediate device is used, you can use common data links as ND MAD links. If no intermediate device is used, set up dedicated ND MAD links between IRF member devices.
· If an intermediate device is used, make sure the following requirements are met:
¡ Run the spanning tree feature between the IRF fabric and the intermediate device. Make sure there is only one ND MAD link in forwarding state. For more information about the spanning tree feature and its configuration, see Layer 2—LAN Switching Configuration Guide.
¡ Enable the IRF fabric to change its bridge MAC address as soon as the address owner leaves.
¡ If the intermediate device is also an IRF fabric, assign the two IRF fabrics different domain IDs for correct split detection.
Procedure
1. Enter system view.
system-view
2. Assign a domain ID to the IRF fabric.
irf domain domain-id
The default IRF domain ID is 0.
|
|
CAUTION: Changing the IRF domain ID of an IRF member device will remove that member device from the IRF fabric. This member device will be unable to exchange IRF protocol packets with the remaining member devices in the IRF fabric. |
3. Configure the IRF bridge MAC address to change as soon as the address owner leaves.
undo irf mac-address persistent
By default, the IRF bridge MAC address does not change after the address owner leaves.
4. Create a VLAN dedicated to ND MAD.
vlan vlan-id
By default, only VLAN 1 exists.
Do not configure ND MAD on VLAN-interface 1.
Do not use the VLAN configured for ND MAD for any other purposes.
Perform this task also on the intermediate device (if any).
5. Return to system view.
quit
6. Enter Ethernet interface view or interface range view.
¡ Enter Ethernet interface view.
interface interface-type interface-number
¡ Enter interface range view. Choose one of the following commands:
interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24>
interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]
To assign a range of ports to the ND MAD VLAN, enter interface range view.
To assign one port to the ND MAD VLAN, enter Ethernet interface view.
7. Assign the port or the range of ports to the ND MAD VLAN.
¡ Assign the ports to the VLAN as access ports.
port access vlan vlan-id
¡ Assign the ports to the VLAN as trunk ports.
port trunk permit vlan vlan-id
¡ Assign the ports to the VLAN as hybrid ports.
port hybrid vlan vlan-id { tagged | untagged }
The link type of ND MAD ports can be access, trunk, or hybrid.
The default link type of a port is access.
Perform this task also on the intermediate device (if any).
8. Return to system view.
quit
9. Enter VLAN interface view.
interface vlan-interface vlan-interface-id
10. Assign the interface an IPv6 address.
ipv6 address { ipv6-address/prefix-length | ipv6-address prefix-length }
By default, no IPv6 addresses are assigned to any VLAN interfaces.
11. Enable ND MAD.
mad nd enable
By default, ND MAD is disabled.
Excluding interfaces from the shutdown action upon detection of multi-active collision
About this task
When an IRF fabric transits to the Recovery state, the system automatically excludes the following network interfaces from being shut down:
· IRF physical interfaces.
· Member interfaces of an aggregate interface if the aggregate interface is excluded from being shut down.
You can exclude a network interface from the shutdown action for management or other special purposes. For example:
· Exclude a port from the shutdown action so you can Telnet to the port for managing the device.
· Exclude a VLAN interface and its Layer 2 ports from the shutdown action so you can log in through the VLAN interface.
Restrictions and guidelines
If the Layer 2 ports of a VLAN interface are distributed on multiple member devices, the exclusion operation might introduce IP collision risks. The VLAN interface might be up on both active and inactive IRF fabrics.
Procedure
1. Enter system view.
system-view
2. Configure a network interface to not shut down when the IRF fabric transits to the Recovery state.
mad exclude interface interface-type interface-number
By default, all network interfaces on a Recovery-state IRF fabric are shut down, except for the network interfaces automatically excluded by the system.
Recovering an IRF fabric
About this task
For split IRF fabrics, if the active IRF fabric fails before the IRF link is recovered, perform this task on the inactive IRF fabric to recover the inactive IRF fabric. The manual recovery operation brings up all interfaces that were shut down by MAD on the inactive IRF fabric.
Procedure
1. Enter system view.
system-view
2. Recover the inactive IRF fabric.
mad restore
Optimizing IRF settings for an IRF fabric
Changing the member ID of a member device
Restrictions and guidelines
|
|
CAUTION: In IRF mode, an IRF member ID change can invalidate member ID-related settings and cause data loss. Make sure you fully understand its impact on your live network. |
The new member ID takes effect at reboot. After the device reboots, the settings on all member ID-related physical resources (including common physical network interfaces) are removed, regardless of whether you have saved the configuration.
Procedure
1. Enter system view.
system-view
2. Change the member ID of a member device.
irf member member-id renumber new-member-id
By default, the device uses the member ID that is set in standalone mode.
3. Save the running configuration.
save [ safely ] [ force ]
4. Return to user view.
quit
5. Reboot the member device.
reboot chassis chassis-number
The chassis-number must be the same as the member-id specified in the irf member member-id renumber new-member-id command.
Changing the priority of a member device
About this task
You can change the priority of a member device so it can be elected the master in the next master election.
A change to member priority can affect the master re-election result. However, it does not cause an immediate master re-election.
Procedure
1. Enter system view.
system-view
2. Specify a priority for a member of an IRF fabric.
irf member member-id priority priority
The default IRF member priority is 1.
Adding physical interfaces to an IRF port
Restrictions and guidelines
Make sure the IRF physical interfaces of an IRF port use the same binding mode. In IRF mode, IRF physical interfaces of an IRF port cannot be configured to use different binding modes.
Procedure
1. Enter system view.
system-view
2. Enter Ethernet interface view or interface range view.
¡ Enter Ethernet interface view.
interface interface-type interface-number
¡ Enter interface range view. Choose one of the following commands:
interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24>
interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]
To shut down one IRF physical interface, enter its interface view.
To shut down a range of IRF physical interfaces, enter interface range view.
3. Shut down the physical interfaces.
shutdown
By default, a physical interface is not administratively down.
If you cannot shut down a physical interface, follow the system instruction to shut down its peer interface.
4. Return to system view.
quit
5. Enter IRF port view.
irf-port member-id/irf-port-number
6. Bind each physical interface to the IRF port.
port group interface interface-type interface-number
By default, no physical interfaces are bound to an IRF port.
Repeat this step to assign multiple physical interfaces to the IRF port.
7. Return to system view.
quit
8. Enter Ethernet interface view or interface range view.
¡ Enter Ethernet interface view.
interface interface-type interface-number
¡ Enter interface range view. Choose one of the following commands:
interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24>
interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]
9. Bring up the physical interfaces.
undo shutdown
10. Return to system view.
quit
11. Save the running configuration.
save
Activating IRF port settings causes IRF merge and reboot. To avoid data loss, save the running configuration to the startup configuration file before you perform the operation.
12. Activate the configuration on the IRF port.
irf-port-configuration active
After this step is performed, the state of the IRF port changes to UP. The member devices elect a master, and the subordinate device reboots automatically.
After the IRF fabric is formed, you can add physical interfaces to an IRF port (in UP state) without repeating this step.
Bulk-configuring basic IRF settings for a member device
About this task
Use the easy IRF feature to bulk-configure basic IRF settings for a device in IRF mode, including the member ID, domain ID, priority, and IRF port bindings.
The easy IRF feature provides the following configuration methods:
· Interactive method—Enter the easy-irf command without parameters. The system will guide you to set the parameters step by step.
· Non-interactive method—Enter the easy-irf command with parameters.
As a best practice, use the interactive method if you are new to IRF.
Restrictions and guidelines
|
|
CAUTION: · Use caution when you change the member ID of an IRF member device. An IRF member ID uniquely identifies a device in an IRF fabric. An IRF member ID change can invalidate member ID-related settings, including interface and file path settings, and cause data loss. Make sure you fully understand its impact on the live network. · The member device reboots immediately after you specify a new member ID for it. Make sure you are aware of the impact of this operation on the network. |
If you execute the easy-irf command multiple times, the following settings take effect:
· The most recent settings for the member ID, domain ID, and priority.
· IRF port bindings added through repeated executions of the command. To remove an IRF physical interface from an IRF port, you must use the undo port group interface command in IRF port view.
If you specify IRF physical interfaces by using the interactive method, you must also follow these restrictions and guidelines:
· Do not enter spaces between the interface type and interface number.
· Use a comma (,) to separate two physical interfaces. No spaces are allowed between interfaces.
Procedure
1. Enter system view.
system-view
2. Bulk-configure basic IRF settings for the device.
easy-irf [ member member-id [ renumber new-member-id ] domain domain-id [ priority priority ] [ irf-port1 interface-list1 ] [ irf-port2 interface-list2 ] ]
Make sure the new member ID is unique in the IRF fabric to which the device will be added.
Enabling IRF auto-merge
About this task
When two IRF fabrics merge, you must reboot the member devices in the IRF fabric that fails in the master election. The auto-merge feature enables the IRF fabric to automatically reboot all its member devices to complete the merge.
If this feature is disabled, you must manually reboot the devices that failed the master election to complete the merge.
Procedure
1. Enter system view.
system-view
2. Enable IRF auto-merge.
irf auto-merge enable
By default, this feature is enabled.
Configuring a member device description
1. Enter system view.
system-view
2. Configure a description for a member device.
irf member member-id description text
By default, no member device description is configured.
Configuring IRF link load sharing mode
About this task
On an IRF port, traffic is balanced across its physical links.
You can configure the IRF port to distribute traffic based on any combination of the following criteria:
· IP addresses.
· MAC addresses.
· Incoming port.
The system displays an error message if a criteria combination is not supported.
The criteria can also be packet types, such as Layer 2, IPv4, and IPv6.
Restrictions and guidelines for configuring IRF link load sharing mode
Configure the IRF link load sharing mode for IRF links in system view or IRF port view:
· In system view, the configuration is global and takes effect on all IRF ports.
· In IRF port view, the configuration is port specific and takes effect only on the specified IRF port.
An IRF port preferentially uses the port-specific load sharing mode. If no port-specific load sharing mode is available, the IRF port uses the global load sharing mode.
Before you configure a port-specific load sharing mode, make sure you have bound a minimum of one physical interface to the IRF port.
Configuring the global load sharing mode
1. Enter system view.
system-view
2. Configure the global IRF link load sharing mode.
irf-port global load-sharing mode { destination-ip | destination-mac | ingress-port | source-ip | source-mac } *
The default for this command varies by interface module model.
As a best practice, use the default settings for this command. To change the link load sharing mode, please contact the H3C Support.
If you execute this command multiple times, the most recent configuration takes effect.
Configuring a port-specific load sharing mode
1. Enter system view.
system-view
2. Enter IRF port view.
irf-port member-id/irf-port-number
3. Configure the port-specific load sharing mode.
irf-port load-sharing mode { destination-ip | destination-mac | ingress-port | source-ip | source-mac } *
The default for this command varies by interface module model.
As a best practice, use the default settings for this command. To change the link load sharing mode, please contact the H3C Support.
If you execute this command multiple times, the most recent configuration takes effect.
Configuring the IRF bridge MAC address
About this task
The bridge MAC address of a system must be unique on a switched LAN. IRF bridge MAC address identifies an IRF fabric by Layer 2 protocols (for example, LACP) on a switched LAN.
By default, an IRF fabric uses the bridge MAC address of the master as the IRF bridge MAC address. After the master leaves, the IRF bridge MAC address persists for a period of time or permanently depending on the IRF bridge MAC persistence setting. When the IRF bridge MAC persistence timer expires, the IRF fabric uses the bridge MAC address of the current master as the IRF bridge MAC address.
If IRF fabric merge occurs, IRF determines the IRF bridge MAC address of the merged IRF fabric as follows:
1. When IRF fabrics merge, IRF ignores the IRF bridge MAC addresses and checks the bridge MAC address of each member device in the IRF fabrics. IRF merge fails if any two member devices have the same bridge MAC address.
2. After IRF fabrics merge, the merged IRF fabric uses the bridge MAC address of the merging IRF fabric that won the master election as the IRF bridge MAC address.
Restrictions and guidelines
|
|
CAUTION: The bridge MAC address change causes transient traffic disruption. |
When you configure IRF bridge MAC persistence, follow these restrictions and guidelines:
· If ARP MAD or ND MAD is used with the spanning tree feature, you must disable IRF bridge MAC persistence by using the undo irf mac-address persistent command.
· If the IRF fabric has multichassis aggregate links, do not use the undo irf mac-address persistent command. Use of this command might cause traffic disruption.
Configuring IRF bridge MAC persistence
1. Enter system view.
system-view
2. Configure IRF bridge MAC persistence.
¡ Retain the bridge MAC address permanently even if the address owner has left the fabric.
irf mac-address persistent always
¡ Retain the bridge MAC address for 6 minutes after the address owner leaves the fabric.
irf mac-address persistent timer
¡ Change the bridge MAC address as soon as the address owner leaves the fabric.
undo irf mac-address persistent
By default, the IRF bridge MAC address does not change after the address owner leaves.
The irf mac-address persistent timer command avoids unnecessary bridge MAC address changes caused by device reboot, transient link failure, or purposeful link disconnection.
Enabling software auto-update for software image synchronization
About this task
The software auto-update feature automatically propagates the software images of the global active MPU to all other MPUs (including new devices) in the IRF fabric.
To join an IRF fabric, an MPU must use the same software images as the global active MPU in the fabric.
When you add an MPU to the IRF fabric, software auto-update compares the startup software images of the MPU with the current software images of the IRF global active MPU. If the two sets of images are different, the MPU automatically performs the following operations:
1. Downloads the current software images of the global active MPU.
2. Sets the downloaded images as the main startup software images.
3. Reboots with the new software images to rejoin the IRF fabric.
You must manually update the new MPU with the software images running on the IRF fabric if software auto-update is disabled.
|
|
NOTE: Use this feature in IRF mode. To synchronize software from the active MPU to the standby MPU in standalone mode, use the undo version check ignore and version auto-update enable commands. For more information about these commands, see Fundamentals Configuration Guide. |
Restrictions and guidelines
To ensure a successful software auto-update in a multi-user environment, prevent anyone from rebooting or swapping member devices or MPUs during the auto-update process. To inform administrators of the auto-update status, configure the information center to output the status messages to configuration terminals (see Network Management and Monitoring Configuration Guide).
Make sure the MPU you are adding to the IRF fabric has sufficient storage space for the new software images.
If sufficient storage space is not available, the MPU automatically deletes the current software images. If the reclaimed space is still insufficient, the MPU cannot complete the auto-update. You must reboot the device that holds the MPU, and then access the BootWare menu to delete files.
Procedure
1. Enter system view.
system-view
2. Enable software auto-update.
irf auto-update enable
By default, software auto-update is enabled.
Setting the IRF link down report delay
About this task
To prevent frequent IRF splits and merges during link flapping, configure the IRF ports to delay reporting link down events.
An IRF port does not report a link down event to the IRF fabric immediately after its link changes from up to down. If the IRF link state is still down when the delay is reached, the port reports the change to the IRF fabric.
IRF ports do not delay link up events. They report the link up event immediately after the IRF link comes up.
Restrictions and guidelines
Make sure the IRF link down report delay is shorter than the heartbeat or hello timeout settings of upper-layer protocols (for example, OSPF). If the report delay is longer than the timeout setting of a protocol, unnecessary recalculations might occur.
Set the delay to 0 seconds in the following situations:
· The IRF fabric requires a fast master/subordinate or IRF link switchover.
The BFD feature is used.
· You want to shut down an IRF physical interface or reboot an IRF member device. (After you complete the operation, reconfigure the delay depending on the network condition.)
Procedure
1. Enter system view.
system-view
2. Set the IRF link down report delay.
irf link-delay interval
By default, the IRF link down report delay is 4 seconds.
Removing an expansion interface card that has IRF physical interfaces
To remove an expansion interface card that provides IRF physical interfaces:
1. Perform one of the following tasks to eliminate temporary packet loss:
¡ Remove cables from the IRF physical interfaces on the card.
¡ Shut down the IRF physical interfaces on the card by using the shutdown command.
2. Remove the card.
Replacing an expansion interface card that has IRF physical interfaces
Replacing the old card with a different model replacement card
1. Shut down the IRF physical interfaces on the old card by using the shutdown command.
2. Remove the IRF port bindings that contain the physical interfaces.
3. Remove the old card, and then install the replacement card.
4. Verify that the replacement card has been correctly installed by using the display device command.
5. Reconfigure the IRF port bindings, as described in "Adding physical interfaces to an IRF port."
6. Activate the IRF port settings by using the irf-port-configuration active command.
You can skip this step if the IRF port is in UP state when you add bindings.
Replacing the old card with the same model replacement card
1. Shut down the IRF physical interfaces on the old card by using the shutdown command.
2. Remove the old card, and then install the replacement card.
3. Verify that the replacement card has been correctly installed by using the display device command.
Bring up the physical interfaces by using the undo shutdown command after the interface card completes startup.
Display and maintenance commands for IRF
Execute display commands in any view.
|
Task |
Command |
|
Display information about all IRF members. |
display irf |
|
Display the IRF fabric topology. |
display irf topology |
|
Display IRF link information. |
display irf link |
|
Display IRF configuration. |
display irf configuration |
|
Display the load sharing mode for IRF links. |
display irf-port load-sharing mode [ irf-port [ member-id/irf-port-number ] ] |
|
Display MAD configuration. |
display mad [ verbose ] |
IRF configuration examples
The IRF configuration examples show how to set up IRF fabrics that use different MAD mechanisms.
Example: Configuring an LACP MAD-enabled IRF fabric
Network configuration
As shown in Figure 15, set up a two-member IRF fabric at the access layer of the network.
Configure LACP MAD on the multimember aggregation to Device C, which supports extended LACP.
Procedure
1. Configure Device A:
# Enable IRF mode. The device automatically reboots for the mode change to take effect. Save the running configuration to the next-startup configuration file at the prompt. If IRF mode has been enabled, the device only displays that the device is already in IRF mode when you execute the chassis convert mode irf command.
<DeviceA> system-view
[DeviceA] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member priority of the device to 32.
<DeviceA> system-view
[DeviceA] irf member 1 priority 32
# Bind Ten-GigabitEthernet 1/5/0/1 to IRF port 1/2, and save the configuration.
[DeviceA] interface ten-gigabitethernet 1/5/0/1
[DeviceA-Ten-GigabitEthernet1/5/0/1] shutdown
[DeviceA-Ten-GigabitEthernet1/5/0/1] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/5/0/1
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/5/0/1
[DeviceA-Ten-GigabitEthernet1/5/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/5/0/1] quit
[DeviceA] save
# Activate the IRF port configuration.
[DeviceA] irf-port-configuration active
2. Configure Device B:
# Enable IRF mode. The device automatically reboots for the mode change to take effect. Save the running configuration to the next-startup configuration file at the prompt. If IRF mode has been enabled, the device only displays that the device is already in IRF mode when you execute the chassis convert mode irf command.
<DeviceB> system-view
[DeviceB] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member ID of Device B to 2, and reboot the device to have the change take effect.
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Warning: Renumbering the device number may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# Connect Device B to Device A, as shown in Figure 15.
# Log in to Device B. (Details not shown.)
# Bind Ten-GigabitEthernet 2/5/0/1 to IRF port 2/1, and save the configuration.
<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/5/0/1
[DeviceB-Ten-GigabitEthernet2/5/0/1] shutdown
[DeviceB-Ten-GigabitEthernet2/5/0/1] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/5/0/1
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/5/0/1
[DeviceB-Ten-GigabitEthernet2/5/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet2/5/0/1] quit
[DeviceB] save
# Activate the IRF port configuration.
[DeviceB] irf-port-configuration active
The two devices perform master election, and the one that has lost the election reboots to form an IRF fabric with the master. In this example, Device B reboots.
3. Re-log in to the IRF fabric. (Details not shown.)
4. Configure LACP MAD on the IRF fabric:
# Set the domain ID of the IRF fabric to 1.
[DeviceA] irf domain 1
# Create a dynamic aggregate interface, assign it an IP address, and enable LACP MAD.
[DeviceA] interface route-aggregation 2
[DeviceA-Route-Aggregation2] ip address 192.168.1.1 24
[DeviceA-Route-Aggregation2] link-aggregation mode dynamic
[DeviceA-Route-Aggregation2] mad enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 1]:
The assigned domain ID is: 1
MAD LACP only enable on dynamic aggregation interface.
[DeviceA-Route-Aggregation2] quit
# Assign Ten-GigabitEthernet 1/4/0/1 and Ten-GigabitEthernet 2/4/0/1 to the aggregate interface.
[DeviceA] interface ten-gigabitethernet 1/4/0/1
[DeviceA-Ten-GigabitEthernet1/4/0/1] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/4/0/1] quit
[DeviceA] interface ten-gigabitethernet 2/4/0/1
[DeviceA-Ten-GigabitEthernet2/4/0/1] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet2/4/0/1] quit
5. Configure security zones and an inter-zone security policy to control traffic between the Intranet and the IP network, as shown in the network diagram. (Details not shown.)
6. Configure Device C as the intermediate device:
|
|
CAUTION: If the intermediate device is also an IRF fabric, assign the two IRF fabrics different domain IDs for correct split detection. False detection causes IRF split. |
# Create a dynamic aggregate interface and assign an IP address to it.
<DeviceC> system-view
[DeviceC] interface route-aggregation 2
[DeviceC-Route-Aggregation2] link-aggregation mode dynamic
[DeviceC-Route-Aggregation2] ip address 192.168.1.2 24
[DeviceC-Route-Aggregation2] quit
# Assign Ten-GigabitEthernet 1/5/0/1 and Ten-GigabitEthernet 1/4/0/1 to the aggregate interface.
[DeviceC] interface ten-gigabitethernet 1/5/0/1
[DeviceC-Ten-GigabitEthernet1/5/0/1] port link-aggregation group 2
[DeviceC-Ten-GigabitEthernet1/5/0/1] quit
[DeviceC] interface ten-gigabitethernet 1/4/0/1
[DeviceC-Ten-GigabitEthernet1/4/0/1] port link-aggregation group 2
[DeviceC-Ten-GigabitEthernet1/4/0/1] quit
Verifying the configuration
# Display IRF fabric information to verify that the IRF fabric has been set up and Device A is the master.
[DeviceA] display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 32 487a-da95-93b5 ---
2 Standby 1 3897-d6a8-1b1a ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The bridge MAC of the IRF is: 487a-da95-93b3
Auto upgrade : yes
Mac persistent : no
Domain ID : 1
# Display detailed MAD information to verify that LACP MAD is operating correctly.
[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
Ten-GigabitEthernet1/5/0/1
Ten-GigabitEthernet2/5/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP enabled interface: Route-Aggregation2
MAD status : Normal
Member ID Port MAD status
1 Ten-GigabitEthernet1/4/0/1 Normal
2 Ten-GigabitEthernet2/4/0/1 Normal
MAD BFD disabled.
# Split the IRF fabric and verify that LACP MAD state changes to Faulty.
[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
Ten-GigabitEthernet1/5/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP enabled interface: Route-Aggregation2
MAD status : Faulty
Member ID Port MAD status
1 Ten-GigabitEthernet1/4/0/1 Faulty
MAD BFD disabled.
# Verify that all network interfaces on Device B except for the IRF physical interface are shut down. (Details not shown.)
Configuring a BFD MAD-enabled IRF fabric
Network configuration
As shown in Figure 16, set up an IRF fabric at the distribution layer of the enterprise network. Configure BFD MAD in the IRF fabric and set up BFD MAD links between the member devices.
Procedure
1. Configure Device A:
# Enable IRF mode. The device automatically reboots for the mode change to take effect. Save the running configuration to the next-startup configuration file at the prompt. If IRF mode has been enabled, the device only displays that the device is already in IRF mode when you execute the chassis convert mode irf command.
<DeviceA> system-view
[DeviceA] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member priority of the device to 32.
<DeviceA> system-view
[DeviceA] irf member 1 priority 32
# Bind Ten-GigabitEthernet 1/5/0/1 to IRF port 1/2, and save the configuration.
[DeviceA] interface ten-gigabitethernet 1/5/0/1
[DeviceA-Ten-GigabitEthernet1/5/0/1] shutdown
[DeviceA-Ten-GigabitEthernet1/5/0/1] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/5/0/1
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/5/0/1
[DeviceA-Ten-GigabitEthernet1/5/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/5/0/1] quit
[DeviceA] save
# Activate the IRF port configuration.
[DeviceA] irf-port-configuration active
2. Configure Device B:
# Enable IRF mode. The device automatically reboots for the mode change to take effect. Save the running configuration to the next-startup configuration file at the prompt. If IRF mode has been enabled, the device only displays that the device is already in IRF mode when you execute the chassis convert mode irf command.
<DeviceB> system-view
[DeviceB] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member ID of Device B to 2, and reboot the device to have the change take effect.
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Warning: Renumbering the device number may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# Connect Device B to Device A, as shown in Figure 16.
# Log in to Device B. (Details not shown.)
# Bind Ten-GigabitEthernet 2/5/0/1 to IRF port 2/1 and save the configuration.
<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/5/0/1
[DeviceB-Ten-GigabitEthernet2/5/0/1] shutdown
[DeviceB-Ten-GigabitEthernet2/5/0/1] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/5/0/1
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/5/0/1
[DeviceB-Ten-GigabitEthernet2/5/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet2/5/0/1] quit
[DeviceB] save
# Activate the IRF port configuration.
[DeviceB] irf-port-configuration active
The two devices perform master election, and the one that has lost the election reboots to form an IRF fabric with the master. In this example, Device B reboots.
3. Configure BFD MAD:
# Create Layer 3 aggregate interface 3.
[DeviceA] interface route-aggregation 3
[DeviceA-Route-Aggregation3] quit
# Assign Ten-GigabitEthernet 1/4/0/1 on Device A and Ten-GigabitEthernet 2/4/0/1 on Device B to aggregation group 3.
[DeviceA] interface ten-gigabitethernet 1/4/0/1
[DeviceA-Ten-GigabitEthernet1/4/0/1] port link-aggregation group 3
[DeviceA-Ten-GigabitEthernet1/4/0/1] quit
[DeviceA] interface ten-gigabitethernet 2/4/0/1
[DeviceA-Ten-GigabitEthernet2/4/0/1] port link-aggregation group 3
[DeviceA-Ten-GigabitEthernet2/4/0/1] quit
# Enable BFD MAD on Layer 3 aggregate interface 3 and assign a MAD IP address to each member device on the aggregate interface.
[DeviceA] interface route-aggregation 3
[DeviceA-Route-Aggregation3] mad bfd enable
[DeviceA-Route-Aggregation3] mad ip address 192.168.2.1 24 member 1
[DeviceA-Route-Aggregation3] mad ip address 192.168.2.2 24 member 2
[DeviceA-Route-Aggregation3] quit
4. Configure security zones and an inter-zone security policy to control traffic between the Intranet and the IP network, as shown in the network diagram. (Details not shown.)
Verifying the configuration
# Display IRF fabric information to verify that the IRF fabric has been set up and Device A is the master.
[DeviceA] display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 32 487a-da95-93b5 ---
2 Standby 1 3897-d6a8-1b1a ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The bridge MAC of the IRF is: 487a-da95-93b3
Auto upgrade : yes
Mac persistent : no
Domain ID : 0
# Display detailed MAD information to verify that BFD MAD is operating correctly.
[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
Ten-GigabitEthernet1/5/0/1
Ten-GigabitEthernet2/5/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Route-Aggregation3
MAD status : Normal
Member ID MAD IP address Neighbor MAD status
1 192.168.2.1/24 2 Normal
2 192.168.2.2/24 1 Normal
# Split the IRF fabric and verify that BFD MAD state changes to Faulty.
[DeviceA] display mad verbose
Excluded ports (user-configured):
Excluded ports (system-configured):
Ten-GigabitEthernet1/5/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Route-Aggregation3
MAD status : Faulty
Member ID MAD IP address Neighbor MAD status
1 192.168.2.1/24 2 Faulty
# Verify that all network interfaces on Device B except for the IRF physical interface are shut down. (Details not shown.)
Configuring an ARP MAD-enabled IRF fabric
Network configuration
As shown in Figure 17, set up an IRF fabric in the enterprise network.
· Configure ARP MAD in the IRF fabric and use the links connected to Device C to transmit ARP MAD packets.
· To prevent loops, run the spanning tree feature between Device C and the IRF fabric.
Procedure
1. Configure Device A:
# Enable IRF mode. The device automatically reboots for the mode change to take effect. Save the running configuration to the next-startup configuration file at the prompt. If IRF mode has been enabled, the device only displays that the device is already in IRF mode when you execute the chassis convert mode irf command.
<DeviceA> system-view
[DeviceA] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member priority of the device to 32.
<DeviceA> system-view
[DeviceA] irf member 1 priority 32
# Bind Ten-GigabitEthernet 1/5/0/1 to IRF port 1/2, and save the configuration.
<DeviceA> system-view
[DeviceA] interface ten-gigabitethernet 1/5/0/1
[DeviceA-Ten-GigabitEthernet1/5/0/1] shutdown
[DeviceA-Ten-GigabitEthernet1/5/0/1] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/5/0/1
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/5/0/1
[DeviceA-Ten-GigabitEthernet1/5/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/5/0/1] quit
[DeviceA] save
# Activate the IRF port configuration.
[DeviceA] irf-port-configuration active
2. Configure Device B:
# Enable IRF mode. The device automatically reboots for the mode change to take effect. Save the running configuration to the next-startup configuration file at the prompt. If IRF mode has been enabled, the device only displays that the device is already in IRF mode when you execute the chassis convert mode irf command.
<DeviceB> system-view
[DeviceB] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member ID of Device B to 2, and reboot the device to have the change take effect.
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Warning: Renumbering the device number may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# Connect Device B to Device A, as shown in Figure 17.
# Log in to Device B. (Details not shown.)
# Bind Ten-GigabitEthernet 2/5/0/1 to IRF port 2/1 and save the configuration.
<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/5/0/1
[DeviceB-Ten-GigabitEthernet2/5/0/1] shutdown
[DeviceB-Ten-GigabitEthernet2/5/0/1] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/5/0/1
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/5/0/1
[DeviceB-Ten-GigabitEthernet2/5/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet2/5/0/1] quit
[DeviceB] save
# Activate the IRF port configuration.
[DeviceB] irf-port-configuration active
The two devices perform master election, and the one that has lost the election reboots to form an IRF fabric with the master. In this example, Device B reboots.
3. Configure ARP MAD on the IRF fabric:
# Enable the spanning tree feature globally, and map the ARP MAD VLAN to MSTI 1 in the MST region.
[DeviceA] stp global enable
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name arpmad
[DeviceA-mst-region] instance 1 vlan 3
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Configure the IRF fabric to change its bridge MAC address as soon as the address owner leaves.
[DeviceA] undo irf mac-address persistent
# Set the domain ID of the IRF fabric to 1.
[DeviceA] irf domain 1
# Create VLAN 3, and add Ten-GigabitEthernet 1/4/0/1 on Device A and Ten-GigabitEthernet 2/4/0/1 on Device B to VLAN 3.
[DeviceA] vlan 3
[DeviceA-vlan3] quit
[DeviceA] interface ten-gigabitethernet 1/4/0/1
[DeviceA-Ten-GigabitEthernet1/4/0/1] port link-mode bridge
[DeviceA-Ten-GigabitEthernet1/4/0/1] port access vlan 3
[DeviceA-Ten-GigabitEthernet1/4/0/1] quit
[DeviceA] interface ten-gigabitethernet 2/4/0/1
[DeviceA-Ten-GigabitEthernet2/4/0/1] port link-mode bridge
[DeviceA-Ten-GigabitEthernet2/4/0/1] port access vlan 3
[DeviceA-Ten-GigabitEthernet2/4/0/1] quit
# Create VLAN-interface 3, assign it an IP address, and enable ARP MAD on the interface.
[DeviceA] interface vlan-interface 3
[DeviceA-Vlan-interface3] ip address 192.168.2.1 24
[DeviceA-Vlan-interface3] mad arp enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 1]:
The assigned domain ID is: 1
4. Configure security zones and an inter-zone security policy to control traffic between the Intranet and the IP network, as shown in the network diagram. (Details not shown.)
5. Configure Device C as the intermediate device:
|
|
CAUTION: If the intermediate device is also an IRF fabric, assign the two IRF fabrics different domain IDs for correct split detection. False detection causes IRF split. |
# Enable the spanning tree feature globally, and map the ARP MAD VLAN to MSTI 1 in the MST region.
<DeviceC> system-view
[DeviceC] stp global enable
[DeviceC] stp region-configuration
[DeviceC-mst-region] region-name arpmad
[DeviceC-mst-region] instance 1 vlan 3
[DeviceC-mst-region] active region-configuration
[DeviceC-mst-region] quit
# Create VLAN 3, and add ports Ten-GigabitEthernet 1/5/0/1 and Ten-GigabitEthernet 1/4/0/1 to VLAN 3 to forward ARP MAD packets.
[DeviceC] vlan 3
[DeviceC-vlan3] port ten-gigabitethernet 1/5/0/1 ten-gigabitethernet 1/4/0/1
[DeviceC-vlan3] quit
Verifying the configuration
# Display IRF fabric information to verify that the IRF fabric has been set up and Device A is the master.
[DeviceA] display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 32 487a-da95-93b5 ---
2 Standby 1 3897-d6a8-1b1a ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The bridge MAC of the IRF is: 487a-da95-93b3
Auto upgrade : yes
Mac persistent : no
Domain ID : 1
# Display detailed MAD information to verify ARP MAD configuration.
[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
Ten-GigabitEthernet1/5/0/1
Ten-GigabitEthernet2/5/0/1
MAD ARP enabled interface:
Vlan-interface3
MAD ND disabled.
MAD LACP disabled.
MAD BFD disabled.
# Split the IRF fabric and verify that the IRF physical interface on Device B is not displayed as a port excluded from the MAD shutdown action.
[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
Ten-GigabitEthernet1/5/0/1
MAD ARP enabled interface:
Vlan-interface3
MAD ND disabled.
MAD LACP disabled.
MAD BFD disabled.
# Verify that all network interfaces on Device B except for the IRF physical interface are shut down. (Details not shown.)
Configuring an ND MAD-enabled IRF fabric
Network configuration
As shown in Figure 18, set up an IRF fabric in the IPv6 enterprise network.
· Configure ND MAD in the IRF fabric and use the links connected to Device C for transmitting ND MAD packets.
· To prevent loops, run the spanning tree feature between Device C and the IRF fabric.
Procedure
1. Configure Device A:
# Enable IRF mode. The device automatically reboots for the mode change to take effect. Save the running configuration to the next-startup configuration file at the prompt. If IRF mode has been enabled, the device only displays that the device is already in IRF mode when you execute the chassis convert mode irf command.
<DeviceA> system-view
[DeviceA] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member priority of the device to 32.
<DeviceA> system-view
[DeviceA] irf member 1 priority 32
# Bind Ten-GigabitEthernet 1/5/0/1 to IRF port 1/2 and save the configuration.
[DeviceA] interface ten-gigabitethernet 1/5/0/1
[DeviceA-Ten-GigabitEthernet1/5/0/1] shutdown
[DeviceA-Ten-GigabitEthernet1/5/0/1] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/5/0/1
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/5/0/1
[DeviceA-Ten-GigabitEthernet1/5/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/5/0/1] quit
[DeviceA] save
# Activate the IRF port configuration.
[DeviceA] irf-port-configuration active
2. Configure Device B:
# Enable IRF mode. The device automatically reboots for the mode change to take effect. Save the running configuration to the next-startup configuration file at the prompt. If IRF mode has been enabled, the device only displays that the device is already in IRF mode when you execute the chassis convert mode irf command.
<DeviceB> system-view
[DeviceB] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member ID of Device B to 2, and reboot the device to have the change take effect.
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Warning: Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# Connect Device B to Device A, as shown in Figure 18.
# Log in to Device B. (Details not shown.)
# Bind Ten-GigabitEthernet 2/5/0/1 to IRF port 2/1, and save the configuration.
<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/5/0/1
[DeviceB-Ten-GigabitEthernet2/5/0/1] shutdown
[DeviceB-Ten-GigabitEthernet2/5/0/1] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/5/0/1
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/5/0/1
[DeviceB-Ten-GigabitEthernet2/5/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet2/5/0/1] quit
[DeviceB] save
# Activate the IRF port configuration.
[DeviceB] irf-port-configuration active
The two devices perform master election, and the one that has lost the election reboots to form an IRF fabric with the master. In this example, Device B reboots.
3. Configure ND MAD on the IRF fabric:
# Enable the spanning tree feature globally, and map the ND MAD VLAN to MSTI 1 in the MST region.
[DeviceA] stp global enable
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name ndmad
[DeviceA-mst-region] instance 1 vlan 3
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
# Configure the IRF fabric to change its bridge MAC address as soon as the address owner leaves.
[DeviceA] undo irf mac-address persistent
# Set the domain ID of the IRF fabric to 1.
[DeviceA] irf domain 1
# Create VLAN 3, and add Ten-GigabitEthernet 1/4/0/1 on Device A and Ten-GigabitEthernet 2/4/0/1 on Device B to VLAN 3.
[DeviceA] vlan 3
[DeviceA-vlan3] quit
[DeviceA] interface ten-gigabitethernet 1/4/0/1
[DeviceA-Ten-GigabitEthernet1/4/0/1] port link-mode bridge
[DeviceA-Ten-GigabitEthernet1/4/0/1] port access vlan 3
[DeviceA-Ten-GigabitEthernet1/4/0/1] quit
[DeviceA] interface ten-gigabitethernet 2/4/0/1
[DeviceA-Ten-GigabitEthernet2/4/0/1] port link-mode bridge
[DeviceA-Ten-GigabitEthernet2/4/0/1] port access vlan 3
[DeviceA-Ten-GigabitEthernet2/4/0/1] quit
# Create VLAN-interface 3, assign it an IPv6 address, and enable ND MAD on the interface.
[DeviceA] interface vlan-interface 3
[DeviceA-Vlan-interface3] ipv6 address 2001::1 64
[DeviceA-Vlan-interface3] mad nd enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 1]:
The assigned domain ID is: 1
4. Configure security zones and an inter-zone security policy to control traffic between the Intranet and the IP network, as shown in the network diagram. (Details not shown.)
5. Configure Device C as the intermediate device:
|
|
CAUTION: If the intermediate device is also an IRF fabric, assign the two IRF fabrics different domain IDs for correct split detection. False detection causes IRF split. |
# Enable the spanning tree feature globally, and map the ND MAD VLAN to MSTI 1 in the MST region.
<DeviceC> system-view
[DeviceC] stp global enable
[DeviceC] stp region-configuration
[DeviceC-mst-region] region-name ndmad
[DeviceC-mst-region] instance 1 vlan 3
[DeviceC-mst-region] active region-configuration
[DeviceC-mst-region] quit
# Create VLAN 3, and add Ten-GigabitEthernet 1/5/0/1 and Ten-GigabitEthernet 1/4/0/1 to VLAN 3 to forward ND MAD packets.
[DeviceC] vlan 3
[DeviceC-vlan3] port ten-gigabitethernet 1/5/0/1 ten-gigabitethernet 1/4/0/1
[DeviceC-vlan3] quit
Verifying the configuration
# Display IRF fabric information to verify that the IRF fabric has been set up and Device A is the master.
[DeviceA] display irf
MemberID Role Priority CPU-Mac Description
*+1 Master 32 487a-da95-93b5 ---
2 Standby 1 3897-d6a8-1b1a ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
The bridge MAC of the IRF is: 487a-da95-93b3
Auto upgrade : yes
Mac persistent : no
Domain ID : 1
# Display detailed MAD information to verify ND MAD configuration.
[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
Ten-GigabitEthernet1/5/0/1
Ten-GigabitEthernet2/5/0/1
MAD ARP disabled.
MAD ND enabled interface:
Vlan-interface3
MAD LACP disabled.
MAD BFD disabled.
# Split the IRF fabric and verify that the IRF physical interface on Device B is not displayed as a port excluded from the MAD shutdown action.
[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
Ten-GigabitEthernet1/5/0/1
MAD ARP disabled.
MAD ND enabled interface:
Vlan-interface3
MAD LACP disabled.
MAD BFD disabled.
# Verify that all network interfaces on Device B except for the IRF physical interface are shut down. (Details not shown.)
IRF hot backup configuration examples
Example: Configuring an IRF hot backup system in active/standby mode with one redundancy group
Network configuration
As shown in Figure 19, set up an IRF hot backup system at the border between the Internet and the internal network of an enterprise to ensure service continuity.
· Configure the hot backup system to operate in active/standby mode.
· Configure Device A and Device B as the primary device and the secondary device, respectively.
Procedure
1. Configure IRF:
¡ Configure Device A:
# Enable IRF mode.
<DeviceA> system-view
[DeviceA] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Bind Ten-GigabitEthernet 1/3/0/25 to IRF-port 1/2 and save the configuration.
<DeviceA> system-view
[DeviceA] interface Ten-GigabitEthernet 1/3/0/25
[DeviceA-Ten-GigabitEthernet1/3/0/25] shutdown
[DeviceA-Ten-GigabitEthernet1/3/0/25] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/3/0/25
You must perform the following tasks for a successful IRF setup:
Save the configuration after completing IRF configuration.
Execute the "irf-port-configuration active" command to activate the IRF ports.
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/3/0/25
[DeviceA-Ten-GigabitEthernet1/3/0/25] undo shutdown
[DeviceA-Ten-GigabitEthernet1/3/0/25] quit
[DeviceA] save
[DeviceA] irf-port-configuration active
# Change the member priority of Device A to 2 for it to be elected as the master.
[DeviceA] irf member 1 priority 2
# Activate the IRF port configuration.
[DeviceA] irf-port-configuration active
¡ Configure Device B:
# Enable IRF mode.
<DeviceB> system-view
[DeviceB] chassis convert mode irf
You are recommended to save the current running configuration and specify the configuration file for the next startup. Continue? [Y/N]:y
Do you want to convert the content of the next startup configuration file flash:/startup.cfg to make it available in IRF mode? [Y/N]:y
Now rebooting, please wait...
# Change the member ID of Device B to 2, and reboot the device to have the change take effect.
<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot
# Connect Device B to Device A, as shown in Figure 19.
# Log in to Device B. (Details not shown.)
# Bind Ten-GigabitEthernet 2/3/0/25 to IRF port 2/1, and save the configuration.
<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/3/0/25
[DeviceB-Ten-GigabitEthernet2/3/0/25] shutdown
[DeviceB-Ten-GigabitEthernet2/3/0/25] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/3/0/25
You must perform the following tasks for a successful IRF setup:
Save the configuration after completing IRF configuration.
Execute the "irf-port-configuration active" command to activate the IRF ports.
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/3/0/25
[DeviceB-Ten-GigabitEthernet2/3/0/25] undo shutdown
[DeviceB-Ten-GigabitEthernet2/3/0/25] quit
[DeviceB] save
# Activate the IRF port configuration.
[DeviceB] irf-port-configuration active
The two devices perform master election, and the one that has lost the election reboots to form an IRF fabric with the master. In this example, Device B reboots.
2. Configure Track to monitor the status of the uplink and downlink interfaces of the IRF fabric.
<DeviceA> system-view
[DeviceA] track 1 interface gigabitethernet 1/4/0/1
[DeviceA-track-1] quit
[DeviceA] track 2 interface gigabitethernet 1/4/0/2
[DeviceA-track-2] quit
[DeviceA] track 3 interface gigabitethernet 2/4/0/1
[DeviceA-track-3] quit
[DeviceA] track 4 interface gigabitethernet 2/4/0/2
[DeviceA-track-4] quit
3. Configure Reth interfaces:
# Configure Reth 11.
[DeviceA] interface reth 11
[DeviceA-Reth11] member interface gigabitethernet 1/4/0/1 priority 100
[DeviceA-Reth11] member interface gigabitethernet 2/4/0/1 priority 80
[DeviceA-Reth11] ip address 51.1.1.2 255.255.255.0
[DeviceA-Reth11] quit
# Configure Reth 12.
[DeviceA] interface reth 12
[DeviceA-Reth12] member interface gigabitethernet 1/4/0/2 priority 100
[DeviceA-Reth12] member interface gigabitethernet 2/4/0/2 priority 80
[DeviceA-Reth12] ip address 52.1.1.2 255.255.255.0
[DeviceA-Reth12] quit
4. Configure a failover group.
[DeviceA] failover group group1
[DeviceA-failover-group-group1] bind chassis 1 slot 5 cpu 1 primary
[DeviceA-failover-group-group1] bind chassis 2 slot 5 cpu 1 secondary
[DeviceA-failover-group-group1] quit
5. Configure a redundancy group:
# Create redundancy group a.
[DeviceA] redundancy group a
# Assign Reth 11 and Reth 12 to redundancy group a.
[DeviceA-redundancy-group-a] member interface reth 11
[DeviceA-redundancy-group-a] member interface reth 12
# Assign failover group group1 to redundancy group a.
[DeviceA-redundancy-group-a] member failover group group1
# Bind Node 1 to Device A, set the priority of the node to 20, and associate track entries 1 and 2 with the node.
[DeviceA-redundancy-group-a] node 1
[DeviceA-redundancy-group-a-node1] bind chassis 1
[DeviceA-redundancy-group-a-node1] priority 20
[DeviceA-redundancy-group-a-node1] track 1 interface gigabitethernet 1/4/0/1
[DeviceA-redundancy-group-a-node1] track 2 interface gigabitethernet 1/4/0/2
[DeviceA-redundancy-group-a-node1] quit
# Bind Node 2 to Device B, set the priority of the node to 10, and associate track entries 3 and 4 with the node.
[DeviceA-redundancy-group-a] node 2
[DeviceA-redundancy-group-a-node2] bind chassis 2
[DeviceA-redundancy-group-a-node2] priority 10
[DeviceA-redundancy-group-a-node2] track 3 interface gigabitethernet 2/4/0/1
[DeviceA-redundancy-group-a-node2] track 4 interface gigabitethernet 2/4/0/2
[DeviceA-redundancy-group-a-node2] quit
[DeviceA-redundancy-group-a] quit
6. Enable session synchronization.
[DeviceA] session synchronization enable
7. Enable session active/standby mode.
[DeviceA] undo session dual-active enable
8. Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)
9. Assign Reth 11 to security zone Untrust, and assign Reth 12 to security zone Trust. (Details not shown.)
10. Configure Switch A:
|
|
NOTE: The following information provides only the summary procedure to configure Switch A. |
¡ Create VLAN 10 and VLAN 11.
¡ Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to operate at Layer 2, and assign them to VLAN 11 as access interfaces.
¡ Configure GigabitEthernet 1/0/3 to operate at Layer 2, and assign it to VLAN 10 as an access interface.
¡ Assign 51.1.1.1/24 and 2.1.1.1/24 to VLAN-interface 11 and VLAN-interface 10, respectively.
¡ Specify 51.1.1.2 (IP address of Reth 11) as the next hop of the route to the internal network, and specify 2.1.1.2 (an IP address on the router) as the next hop of the route to the Internet.
11. Configure Switch B:
|
|
NOTE: The following information provides only the summary procedure to configure Switch B. |
¡ Create VLAN 12 and VLAN 20.
¡ Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to operate at Layer 2, and assign them to VLAN 12 as access interfaces.
¡ Configure GigabitEthernet 1/0/3 to operate at Layer 2, and assign it to VLAN 20 as an access interface.
¡ Assign 52.1.1.1/24 and 10.1.1.1/24 to VLAN-interface 12 and VLAN-interface 20.
¡ Specify 52.1.1.2 (IP address of Reth 12) as the next hop of the route to the Internet.
12. On the host, specify 10.1.1.1 (IP address of VLAN-interface 20 on Switch B) as the default gateway.
Verifying the configuration
# Verify that Device A is the high-priority node in the redundancy group and the member interfaces on both nodes are up when Device A and Device B are operating correctly.
[DeviceA] display redundancy group a
Redundancy group a (ID 1):
Node ID Chassis Priority Status Track weight
1 Chassis1 20 Primary 255
2 Chassis2 10 Secondary 255
Preempt delay time remained : 0 min
Preempt delay timer setting : 60 min
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth11 Reth12
Member failover groups:
Group1
Node 1:
Track info:
Track Status Reduced weight Interface
1 Positive 255 GE1/4/0/1
2 Positive 255 GE1/4/0/2
Node 2:
Track info:
Track Status Reduced weight Interface
3 Positive 255 GE2/4/0/1
4 Positive 255 GE2/4/0/2
# Shut down GigabitEthernet 1/4/0/2 on Device A and verify that Device B takes over to forward traffic.
[DeviceA] interface gigabitethernet 1/4/0/2
[DeviceA-GigabitEthernet1/4/0/2] shutdown
[DeviceA-GigabitEthernet1/4/0/2] display redundancy group a
Redundancy group a (ID 1):
Node ID Chassis Priority Status Track weight
1 Chassis1 20 Secondary -255
2 Chassis2 10 Primary 255
Preempt delay time remained : 0 min
Preempt delay timer setting : 1 min
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth11 Reth12
Member failover groups:
Group1
Node 1:
Track info:
Track Status Reduced weight Interface
1 Negative 255 GE1/4/0/1
2 Negative(Faulty) 255 GE1/4/0/2
Node 2:
Track info:
Track Status Reduced weight Interface
3 Positive 255 GE2/4/0/1
4 Positive 255 GE2/4/0/2
Example: Configuring an IRF hot backup system in dual-active mode with two redundancy groups
Network configuration
As shown in Figure 20, set up an IRF hot backup system at the border between the Internet and the internal network of an enterprise to ensure service continuity.
· Configure the hot backup system to operate in dual-active mode.
· Configure Device A and Device B to process the traffic of Host A and Host B, respectively.
Procedure
1. Configure IRF as described in "Example: Configuring an IRF hot backup system in active/standby mode with one redundancy group."
2. Configure Layer 3 Ethernet subinterfaces to terminate the outermost VLAN ID of packets.
<DeviceA> system-view
[DeviceA] interface gigabitethernet 1/4/0/1.11
[DeviceA-GigabitEthernet1/4/0/1.11] vlan-type dot1q vid 11
[DeviceA] interface gigabitethernet 1/4/0/1.21
[DeviceA-GigabitEthernet1/4/0/1.21] vlan-type dot1q vid 21
[DeviceA] interface gigabitethernet 1/4/0/2.12
[DeviceA-GigabitEthernet1/4/0/2.12] vlan-type dot1q vid 12
[DeviceA] interface gigabitethernet 1/4/0/2.22
[DeviceA-GigabitEthernet1/4/0/2.22] vlan-type dot1q vid 22
[DeviceA] interface gigabitethernet 2/4/0/1.11
[DeviceA-GigabitEthernet2/4/0/1.11] vlan-type dot1q vid 11
[DeviceA] interface gigabitethernet 2/4/0/1.21
[DeviceA-GigabitEthernet2/4/0/1.21] vlan-type dot1q vid 21
[DeviceA] interface gigabitethernet 2/4/0/2.12
[DeviceA-GigabitEthernet2/4/0/2.12] vlan-type dot1q vid 12
[DeviceA] interface gigabitethernet 2/4/0/2.22
[DeviceA-GigabitEthernet2/4/0/2.22] vlan-type dot1q vid 22
[DeviceA-GigabitEthernet2/4/0/2.22] quit
3. Configure Track to monitor the status of the uplink and downlink subinterfaces of the IRF fabric.
[DeviceA] track 1 interface gigabitethernet 1/4/0/1.11
[DeviceA-track-1] quit
[DeviceA] track 2 interface gigabitethernet 1/4/0/1.21
[DeviceA-track-2] quit
[DeviceA] track 3 interface gigabitethernet 1/4/0/2.12
[DeviceA-track-3] quit
[DeviceA] track 4 interface gigabitethernet 1/4/0/2.22
[DeviceA-track-4] quit
[DeviceA] track 5 interface gigabitethernet 2/4/0/1.11
[DeviceA-track-5] quit
[DeviceA] track 6 interface gigabitethernet 2/4/0/1.21
[DeviceA-track-6] quit
[DeviceA] track 7 interface gigabitethernet 2/4/0/2.12
[DeviceA-track-7] quit
[DeviceA] track 8 interface gigabitethernet 2/4/0/2.22
[DeviceA-track-8] quit
4. Configure Reth interfaces:
# Configure Reth 11.
[DeviceA] interface reth 11
[DeviceA-Reth11] member interface gigabitethernet 1/4/0/1.11 priority 100
[DeviceA-Reth11] member interface gigabitethernet 2/4/0/1.11 priority 80
[DeviceA-Reth11] ip address 51.1.1.2 255.255.255.0
[DeviceA-Reth11] quit
# Configure Reth 12.
[DeviceA] interface reth 12
[DeviceA-Reth12] member interface gigabitethernet 1/4/0/2.12 priority 100
[DeviceA-Reth12] member interface gigabitethernet 2/4/0/2.12 priority 80
[DeviceA-Reth12] ip address 52.1.1.2 255.255.255.0
[DeviceA-Reth12] quit
# Configure Reth 21.
[DeviceA] interface reth 21
[DeviceA-Reth21] member interface gigabitethernet 1/4/0/1.21 priority 80
[DeviceA-Reth21] member interface gigabitethernet 2/4/0/1.21 priority 100
[DeviceA-Reth21] ip address 61.1.1.2 255.255.255.0
[DeviceA-Reth21] quit
# Configure Reth 22.
[DeviceA] interface reth 22
[DeviceA-Reth22] member interface gigabitethernet 1/4/0/2.22 priority 80
[DeviceA-Reth22] member interface gigabitethernet 2/4/0/2.22 priority 100
[DeviceA-Reth22] ip address 62.1.1.2 255.255.255.0
[DeviceA-Reth22] quit
5. Configure failover groups:
# Configure failover group group1.
[DeviceA] failover group group1
[DeviceA-failover-group-group1] bind chassis 1 slot 5 cpu 1 primary
[DeviceA-failover-group-group1] bind chassis 2 slot 5 cpu 1 secondary
[DeviceA-failover-group-group1] quit
# Configure failover group group2.
[DeviceA] failover group group2
[DeviceA-failover-group-group2] bind chassis 1 slot 5 cpu 1 secondary
[DeviceA-failover-group-group2] bind chassis 2 slot 5 cpu 1 primary
[DeviceA-failover-group-group2] quit
6. Configure redundancy groups:
# Create redundancy group a.
[DeviceA] redundancy group a
# Assign Reth 11 and Reth 12 to redundancy group a.
[DeviceA-redundancy-group-a] member interface reth 11
[DeviceA-redundancy-group-a] member interface reth 12
# Assign failover group group1 to redundancy group a.
[DeviceA-redundancy-group-a] member failover group group1
# Bind Node 1 to Device A, set the priority of the node to 20, and associate track entries 1 and 3 with the node.
[DeviceA-redundancy-group-a] node 1
[DeviceA-redundancy-group-a-node1] bind chassis 1
[DeviceA-redundancy-group-a-node1] priority 20
[DeviceA-redundancy-group-a-node1] track 1 interface gigabitethernet 1/4/0/1.11
[DeviceA-redundancy-group-a-node1] track 3 interface gigabitethernet 1/4/0/2.12
[DeviceA-redundancy-group-a-node1] quit
# Bind Node 2 to Device B, set the priority of the node to 10, and associate track entries 5 and 7 with the node.
[DeviceA-redundancy-group-a] node 2
[DeviceA-redundancy-group-a-node2] bind chassis 2
[DeviceA-redundancy-group-a-node2] priority 10
[DeviceA-redundancy-group-a-node2] track 5 interface gigabitethernet 2/4/0/1.11
[DeviceA-redundancy-group-a-node2] track 7 interface gigabitethernet 2/4/0/2.12
[DeviceA-redundancy-group-a-node2] quit
[DeviceA-redundancy-group-a] quit
# Create redundancy group b.
[DeviceA] redundancy group b
# Assign Reth 21 and Reth 22 to redundancy group b.
[DeviceA-redundancy-group-b] member interface reth 21
[DeviceA-redundancy-group-b] member interface reth 22
# Assign failover group group2 to redundancy group b.
[DeviceA-redundancy-group-b] member failover group group2
# Bind Node 1 to Device A, set the priority of the node to 10, and associate track entries 2 and 4 with the node.
[DeviceA-redundancy-group-b] node 1
[DeviceA-redundancy-group-b-node1] bind chassis 1
[DeviceA-redundancy-group-b-node1] priority 10
[DeviceA-redundancy-group-b-node1] track 2 interface gigabitethernet 1/4/0/1.21
[DeviceA-redundancy-group-b-node1] track 4 interface gigabitethernet 1/4/0/2.22
[DeviceA-redundancy-group-b-node1] quit
# Bind Node 2 to Device B, set the priority of the node to 20, and associate track entries 6 and 8 with the node.
[DeviceA-redundancy-group-b] node 2
[DeviceA-redundancy-group-b-node2] bind chassis 2
[DeviceA-redundancy-group-b-node2] priority 20
[DeviceA-redundancy-group-b-node2] track 6 interface gigabitethernet 2/4/0/1.21
[DeviceA-redundancy-group-b-node2] track 8 interface gigabitethernet 2/4/0/2.22
[DeviceA-redundancy-group-b-node2] quit
[DeviceA-redundancy-group-b] quit
7. Enable session synchronization.
[DeviceA] session synchronization enable
8. Enable session dual-active mode.
[DeviceA] session dual-active enable
9. Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)
10. Assign Reth 11 and Reth 21 to security zone Untrust, and assign Reth 12 and Reth 22 to security zone Trust. (Details not shown.)
11. Configure the static routes to the external network. Specify the next hop of the route to 10.1.1.0/24 as 52.1.1.1(IP address of VLAN-interface 12 on Switch B). Specify the next hop of the route to 10.10.1.0/24 as 62.1.1.1 (IP address of VLAN-interface 22 on Switch B).
[DeviceA] ip route-static 10.1.1.0 24 52.1.1.1
[DeviceA] ip route-static 10.10.1.0 24 62.1.1.1
12. Configure PBR policies for the traffic sent from the internal network to reach the Internet.
# Configure ACL 2000 to permit the packets from 10.1.1.0/24.
[DeviceA] acl basic 2000
[DeviceA-acl-ipv4-basic-2000] rule 10 permit source 10.1.1.0 0.0.0.255
[DeviceA-acl-ipv4-basic-2000] quit
# Configure ACL 2001 to permit the packets from 10.10.1.0/24.
[DeviceA] acl basic 2001
[DeviceA-acl-ipv4-basic-2001] rule 10 permit source 10.10.1.0 0.0.0.255
[DeviceA-acl-ipv4-basic-2001] quit
# Configure PBR policy aaa to specify 51.1.1.1 (IP address of VLAN-interface 11 on Switch A) as the next hop for the packets from 10.1.1.0/24.
[DeviceA] policy-based-route aaa permit node 0
[DeviceA-pbr-aaa-0] if-match acl 2000
[DeviceA-pbr-aaa-0] apply next-hop 51.1.1.1
[DeviceA-pbr-aaa-0] quit
# Configure PBR policy bbb to specify 61.1.1.1 (IP address of VLAN-interface 21 on Switch B) as the next hop for the packets from 10.10.1.0/24.
[DeviceA] policy-based-route bbb permit node 0
[DeviceA-pbr-bbb-0] if-match acl 2001
[DeviceA-pbr-bbb-0] apply next-hop 61.1.1.1
[DeviceA-pbr-bbb-0] quit
# Apply PBR policy aaa to Reth 12 for Device A to forward the traffic sent from 10.1.1.0/24 to the Internet.
[DeviceA] interface reth 12
[DeviceA-Reth12] ip policy-based-route aaa
[DeviceA-Reth12] quit
# Apply PBR policy bbb to Reth 22 for Device B to forward the traffic sent from 10.10.1.0/24 to the Internet.
[DeviceA] interface reth 22
[DeviceA-Reth22] ip policy-based-route bbb
[DeviceA-Reth22] quit
13. Configure Switch A:
|
|
NOTE: The following information provides only the summary procedure to configure Switch A. |
a. Create VLAN 10, VLAN 11, and VLAN 21.
b. Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to operate at Layer 2, and assign them to VLAN 11 and VLAN 21 as trunk interfaces.
c. Configure GigabitEthernet 1/0/3 to operate at Layer 2, and assign it to VLAN 10 as an access interface.
d. Assign 51.1.1.1/24, 61.1.1.1/24, and 2.1.1.1/24 to VLAN-interface 11, VLAN-interface 21, and VLAN-interface 10, respectively.
e. Configure routes as follows:
- Specify 51.1.1.2 (IP address of Reth 11) as the next hop of the route to 10.1.1.0/24.
- Specify 61.1.1.2 (IP address of Reth 21) as the next hop of the route to 10.10.1.0/24.
- Specify 2.1.1.2 (IP address of the peer interface of VLAN-interface 10) as the next hop of the route to the Internet.
14. Configure Switch B:
|
|
NOTE: The following information provides only the summary procedure to configure Switch B. |
a. Create VLAN 12, VLAN 20, VLAN 22, and VLAN 30.
b. Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 to operate at Layer 2, and assign them to VLAN 12 and VLAN 22 as trunk interfaces.
c. Configure GigabitEthernet 1/0/3 to operate at Layer 2, and assign it to VLAN 20 as an access interface.
d. Configure GigabitEthernet 1/0/4 to operate at Layer 2, and assign it to VLAN 30 as an access interface.
e. Assign 52.1.1.1/24, 62.1.1.1/24, 10.1.1.1/24, and 10.10.1.1/24 to VLAN-interface 12, VLAN-interface 22, VLAN-interface 20, and VLAN-interface 30, respectively.
f. Configure PBR policies as follows:
- Specify 52.1.1.2 (IP address of Reth 12) as the next hop for the packets from 10.1.1.0/24.
- Specify 62.1.1.2 (IP address of Reth 22) as the next hop for the packets from 10.10.1.0/24.
15. On Host A, specify 10.1.1.1 (IP address of VLAN-interface 20 on Switch B) as the default gateway. On Host B, specify 10.10.1.1 (IP address of VLAN-interface 30 on Switch B) as the default gateway.
Verifying the configuration
1. Verify the configuration when both Device A and Device B are operating correctly.
# Verify that Device A is the high-priority node in redundancy group a and the member interfaces on both nodes are up.
[DeviceA] display redundancy group a
Redundancy group a (ID 2):
Node ID Chassis Priority Status Track weight
1 Chassis1 20 Primary 255
2 Chassis2 10 Secondary 255
Preempt delay time remained : 0 sec
Preempt delay timer setting : 60 sec
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth11 Reth12
Member failover groups:
Group1
Node 1:
Track info:
Track Status Reduced weight Interface
1 Positive 255 GE1/4/0/1.11
3 Positive 255 GE1/4/0/2.12
Node 2:
Track info:
Track Status Reduced weight Interface
5 Positive 255 GE2/4/0/1.11
7 Positive 255 GE2/4/0/2.12
# Verify that Device B is the high-priority node in redundancy group b and the member interfaces on both nodes are up.
[DeviceA] display redundancy group b
Redundancy group b (ID 3):
Node ID Chassis Priority Status Track weight
1 Chassis1 10 Secondary 255
2 Chassis2 20 Primary 255
Preempt delay time remained : 0 sec
Preempt delay timer setting : 60 sec
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth21 Reth22
Member failover groups:
Group2
Node 1:
Track info:
Track Status Reduced weight Interface
2 Positive 255 GE1/4/0/1.21
4 Positive 255 GE1/4/0/2.22
Node 2:
Track info:
Track Status Reduced weight Interface
6 Positive 255 GE2/4/0/1.21
8 Positive 255 GE2/4/0/2.22
2. Verify the configuration when Device A is down.
# Shut down GigabitEthernet 1/4/0/2 on Device A.
[DeviceA] interface gigabitethernet 1/4/0/2
[DeviceA-GigabitEthernet1/4/0/2] shutdown
# Verify that Device B takes over to forward traffic in redundancy group a.
[DeviceA-GigabitEthernet1/4/0/2] display redundancy group a
Redundancy group a (ID 2):
Node ID Chassis Priority Status Track weight
1 Chassis1 20 Secondary -255
2 Chassis2 10 Primary 255
Preempt delay time remained : 0 sec
Preempt delay timer setting : 60 sec
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth11 Reth12
Member failover groups:
Group1
Node 1:
Track info:
Track Status Reduced weight Interface
1 Negative 255 GE1/4/0/1.11
3 Negative(Faulty) 255 GE1/4/0/2.12
Node 2:
Track info:
Track Status Reduced weight Interface
5 Positive 255 GE2/4/0/1.11
7 Positive 255 GE2/4/0/2.12
# Verify that Device B is the high-priority node in redundancy group b and the member interfaces on Node 2 are up.
[DeviceA-GigabitEthernet1/4/0/2] display redundancy group b
Redundancy group b (ID 3):
Node ID Chassis Priority Status Track weight
1 Chassis1 10 Secondary 0
2 Chassis2 20 Primary 255
Preempt delay time remained : 0 sec
Preempt delay timer setting : 60 sec
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth21 Reth22
Member failover groups:
Group2
Node 1:
Track info:
Track Status Reduced weight Interface
2 Positive 255 GE1/4/0/1.21
4 Negative 255 GE1/4/0/2.22
Node 2:
Track info:
Track Status Reduced weight Interface
6 Positive 255 GE2/4/0/1.21
8 Positive 255 GE2/4/0/2.22
