Login
- Table of Contents
-
- 05-Layer 2—LAN Switching Configuration Guide
- 00-Preface
- 01-MAC address table configuration
- 02-Ethernet link aggregation configuration
- 03-M-LAG configuration
- 04-VLAN configuration
- 05-MVRP configuration
- 06-VLAN mapping configuration
- 07-VLAN termination configuration
- 08-Loop detection configuration
- 09-Spanning tree configuration
- 10-LLDP configuration
- 11-PFC configuration
- 12-Service loopback group configuration
- 13-Layer 2 forwarding configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-M-LAG configuration | 461.28 KB |
Keepalive and failover mechanism
Configuration consistency check
M-LAG failure handling mechanisms
Mechanisms to handle concurrent peer link and keepalive link failures
Restrictions and guidelines: M-LAG configuration
Compatibility with other features
Configuring M-LAG system settings
Configuring the M-LAG system MAC address
Setting the M-LAG system number
Setting the M-LAG system priority
Setting the M-LAG role priority of the device
Enabling M-LAG standalone mode on an M-LAG member device
Configuring M-LAG keepalive settings
Restrictions and guidelines for configuring M-LAG keepalive settings
Configuring M-LAG keepalive packet parameters
Setting the M-LAG keepalive interval and timeout timer
Restrictions and guidelines for M-LAG MAD
Configuring the default M-LAG MAD action on network interfaces
Excluding an interface from the shutdown action by M-LAG MAD
Excluding all logical interfaces from the shutdown action by M-LAG MAD
Specifying interfaces to be shut down by M-LAG MAD when the M-LAG system splits
Enabling M-LAG MAD DOWN state persistence
Configuring an M-LAG interface
Specifying a Layer 2 aggregate interface or VXLAN tunnel interface as the peer-link interface
Enabling the short DRCP timeout timer on the peer-link interface or an M-LAG interface
Enabling the peer-link interface to retain MAC address entries for down single-homed devices
Assigning an M-LAG virtual IP address to an interface
Setting the mode of configuration consistency check
Disabling configuration consistency check
Setting the keepalive hold timer for identifying the cause of peer link down events
Configuring M-LAG system auto-recovery
Setting the data restoration interval
Enabling M-LAG sequence number check
Enabling M-LAG packet authentication
Verifying and maintaining M-LAG
Verifying M-LAG system configuration and running status
Displaying peer-link and M-LAG interface information
Displaying and clearing DRCPDU statistics
Displaying and clearing M-LAG troubleshooting records
Example: Configuring basic M-LAG functions
Example: Configuring Layer 3 gateways on an M-LAG system
Configuring M-LAG
About M-LAG
Multichassis Link Aggregation (M-LAG) virtualizes two physical devices into one system through multichassis link aggregation.
M-LAG network model
As shown in Figure 1, M-LAG virtualizes two devices into an M-LAG system, which connects to the remote aggregation system through a multichassis aggregate link. To the remote aggregation system, the M-LAG system is one device.
The M-LAG member devices are M-LAG peers to each other.
M-LAG defines the following interface roles for each M-LAG member device:
· M-LAG interface—Layer 2 aggregate interface connected to the remote aggregation system. M-LAG interfaces connected to the same remote aggregation system belong to one M-LAG group. In Figure 1, Bridge-Aggregation 1 on Device A and Bridge-Aggregation 2 on Device B belong to the same M-LAG group. M-LAG interfaces in an M-LAG group form a multichassis aggregate link.
· Peer-link interface—Interface connected to the M-LAG peer for internal control. Each M-LAG member device has only one peer-link interface. The peer-link interfaces of the M-LAG member devices transmit M-LAG protocol packets and data packets through the peer link established between them. An M-LAG system has only one peer link.
M-LAG member devices use a keepalive link to monitor each other's state. For more information about the keepalive mechanism, see "Keepalive and failover mechanism."
If a device is attached to only one of the M-LAG member devices in an M-LAG system, that device is a single-homed device.
Roles of M-LAG member devices
For features that require centralized traffic processing (for example, spanning tree), an M-LAG member device is assigned the primary or secondary role based on its M-LAG role priority.
The secondary M-LAG member device passes the traffic of those features to the primary M-LAG member device for processing. If the M-LAG member devices in an M-LAG system have the same M-LAG role priority, the device with the lower bridge MAC address is assigned the primary role.
DRCP
M-LAG uses H3C proprietary Distributed Relay Control Protocol (DRCP) for multichassis link aggregation. DRCP runs on the peer link and uses M-LAG control protocol data units (DRCPDUs) to advertise the M-LAG configuration out of peer-link interfaces and M-LAG interfaces.
DRCP operating mechanism
M-LAG-enabled devices use DRCPDUs for the following purposes:
· Exchange DRCPDUs through M-LAG interfaces to determine whether they can form an M-LAG system.
· Exchange DRCPDUs through peer-link interfaces to negotiate the peer link state.
DRCP timeout timers
DRCP uses a timeout mechanism to specify the amount of time that a peer-link interface or M-LAG interface must wait to receive DRCPDUs before it determines that the peer interface is down. This timeout mechanism provides the following timer options:
· Short DRCP timeout timer, which is fixed at 3 seconds. If this timer is used, the peer interface sends one DRCPDU every second.
· Long DRCP timeout timer, which is fixed at 90 seconds. If this timer is used, the peer interface sends one DRCPDU every 30 seconds.
Short DRCP timeout timer enables the M-LAG member devices to detect a peer interface down event more quickly than the long DRCP timeout timer. However this benefit is at the expense of bandwidth and system resources.
Keepalive and failover mechanism
H3C provides proprietary keepalive mechanism to detect the availability of the M-LAG member devices.
For the secondary M-LAG member device to monitor the state of the primary device, you must establish a Layer 3 keepalive link between the M-LAG member devices.
The M-LAG member devices periodically send keepalive packets over the keepalive link. If an M-LAG member device has not received keepalive packets from the peer when the keepalive timeout timer expires, it determines that the keepalive link is down. When both the keepalive link and the peer link are down, an M-LAG member device acts depending on its role.
· If its role is primary, the device retains its role as long as it has up M-LAG interfaces. If all its M-LAG interfaces are down, its role becomes None.
· If its role is secondary, the device takes over the primary role and retains the role as long as it has up M-LAG interfaces. If all its M-LAG interfaces are down, its role becomes None.
A device with the None role cannot send or receive keepalive packets. Its keepalive link stays in the down state.
If the keepalive link is down while the peer link is up, the M-LAG member devices prompt you to check for keepalive link issues.
If the keepalive link is up while the peer link is down, the M-LAG member devices elect a primary device based on the information in the keepalive packets.
MAD mechanism
M-LAG MAD
A multi-active collision occurs if the peer link goes down while the keepalive link is up. To avoid network issues, M-LAG MAD by default shuts down all network interfaces on the secondary M-LAG member device except those manually or automatically excluded. For more information about automatically excluded ports, see "List of automatically excluded interfaces."
When the peer link comes up, the secondary M-LAG member device starts a delay timer and begins to restore table entries (including MAC address entries and ARP entries) from the primary M-LAG member device. When the delay timer expires, the secondary M-LAG member device brings up all network interfaces placed in M-LAG MAD DOWN state.
M-LAG MAD DOWN state persistence
Both of the M-LAG member devices might take the primary role if both of them have M-LAG interfaces in up state after the following series of events occur:
1. The peer link goes down while the keepalive link is up. Then, M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those excluded from the shutdown action by M-LAG MAD.
2. The keepalive link also goes down. Then, the secondary M-LAG member device brings up the network interfaces in M-LAG MAD DOWN state and sets its role to primary.
M-LAG MAD DOWN state persistence helps avoid the forwarding issues that might occur in the multi-active situation that occurs because the keepalive link goes down while the peer link is down.
Device role calculation
As shown in Figure 2, the role of an M-LAG member device can be primary, secondary, or none after role calculation.
Figure 2 M-LAG role calculation process
Role calculation rules
M-LAG calculates the roles of the M-LAG member devices according to the following rules:
· The M-LAG roles are determined upon M-LAG system initialization triggered by M-LAG system setup or reboot of an M-LAG member device.
· If the peer link is up, the M-LAG member devices exchange DRCPDUs over the peer link to determine which of them to take the primary role.
· If the peer link is down while the keepalive link is up, the M-LAG member devices exchange keepalive packets over the link to determine their roles.
· If both the peer link and the keepalive link are down, an M-LAG member device takes the primary role if it has available M-LAG interfaces.
Factors in role calculation
When the peer link or keepalive link is up, the M-LAG member devices exchange the following information to determine which of them takes the primary role:
1. Status of M-LAG interfaces. An M-LAG member device takes the primary role if it has available M-LAG interfaces. This status is skipped if role calculation is performed over the peer link.
2. Device roles before calculation. If one device already has the primary role, the primary device retains its role.
3. M-LAG MAD DOWN state. If one device has not placed any network interfaces in M-LAG MAD DOWN state, it becomes the primary device.
4. Health state. The healthier device takes the primary role.
5. M-LAG role priority. The device with higher M-LAG role priority takes the primary role.
6. Bridge MAC address. The device with a lower bridge MAC address takes the primary role.
The device that has failed the election takes the secondary role.
M-LAG system setup process
As shown in Figure 3, two devices perform the following operations to form an M-LAG system:
1. Send DRCPDUs over the peer link to each other and compare the DRCPDUs to determine the M-LAG system stackability and device roles:
a. Compare the M-LAG system settings. The devices can form an M-LAG system if they have consistent M-LAG system settings.
b. Determine the device roles as described in "Device role calculation."
c. Perform configuration consistency check. For more information, see "Configuration consistency check."
2. Send keepalive packets over the keepalive link after primary M-LAG member election to verify that the peer system is operating correctly.
3. Synchronize configuration data by sending DRCPDUs over the peer link. The configuration data includes MAC address entries and ARP entries.
Figure 3 M-LAG system setup process
M-LAG standalone mode
The M-LAG member devices might both operate with the primary role to forward traffic if they have M-LAG interfaces in up state after the M-LAG system splits. M-LAG standalone mode helps avoid traffic forwarding issues in this multi-active situation by allowing only the member ports in the M-LAG interfaces on one member device to forward traffic.
The following information describes the operating mechanism of this feature.
The M-LAG member devices change to M-LAG standalone mode when they detect that both the peer link and the keepalive link are down. In addition, the secondary M-LAG member device changes its role to primary.
In M-LAG standalone mode, the LACPDUs sent out of an M-LAG interface by each M-LAG member device contain the interface-specific LACP system MAC address and LACP system priority.
The Selected state of the member ports in the M-LAG interfaces in an M-LAG group depends on their LACP system MAC address and LACP system priority. If an M-LAG interface has a lower LACP system priority value or LACP system MAC address, the member ports in that M-LAG interface become Selected to forward traffic. If those Selected ports fail, the member ports in the M-LAG interface on the other M-LAG member device become Selected to forward traffic.
|
|
NOTE: An M-LAG member device changes to M-LAG standalone mode only when it detects that both the peer link and the keepalive link are down. It does not change to M-LAG standalone mode when the peer M-LAG member device reboots. |
Configuration consistency check
During M-LAG system setup, M-LAG member devices exchange the configuration and perform configuration consistency check to verify their consistency in the following configurations:
· Type 1 configuration—Settings that affect traffic forwarding of the M-LAG system. If an inconsistency in type 1 configuration is detected, the secondary M-LAG member device shuts down its M-LAG interfaces.
· Type 2 configuration—Settings that affect only service features. If an inconsistency in type 2 configuration is detected, the secondary M-LAG member device disables the affected service features, but it does not shut down its M-LAG interfaces.
To prevent interface flapping, the M-LAG system performs configuration consistency check when half the data restoration internal elapses.
|
|
NOTE: The data restoration interval specifies the maximum amount of time for the secondary M-LAG member device to synchronize data with the primary M-LAG member device during M-LAG system setup. For more information, see "Setting the data restoration interval." |
Type 1 configuration
Type 1 configuration consistency check is performed both globally and on M-LAG interfaces. Table 1 and Table 2 show settings that type 1 configuration contains.
Table 1 Global type 1 configuration
|
Setting |
Details |
|
Link type of the peer-link interface |
Peer-link interface link type, including access, hybrid, and trunk. |
|
PVID on the peer-link interface |
PVID on the peer-link interface. |
|
Spanning tree state |
· Global spanning tree state. · VLAN-specific spanning tree state. M-LAG checks the VLAN-specific spanning tree state only when PVST is enabled. |
|
Spanning tree mode |
Spanning tree mode, including STP, RSTP, PVST, and MSTP. |
|
MST region settings |
· MST region name. · MST region revision level. · VLAN-to-MSTI mappings. |
Table 2 M-LAG interface type 1 configuration
|
Setting |
Details |
|
Aggregation mode |
Aggregation mode, including static and dynamic. |
|
Spanning tree state |
Interface-specific spanning tree state. |
|
Link type |
Interface link type, including access, hybrid, and trunk. |
|
PVID |
Interface PVID. |
Type 2 configuration
Type 2 configuration consistency check is performed both globally and on M-LAG interfaces. Table 3 and Table 4 show settings that type 2 configuration contains.
|
|
NOTE: The device displays the following global type 2 settings only when VLAN or VLAN interface configuration inconsistency exists: · VLAN interface status. · IPv4 address of a VLAN interface. · IPv6 address of a VLAN interface. · Virtual IPv4 address of the VRRP group on a VLAN interface. |
Table 3 Global type 2 configuration
|
Setting |
Details |
|
VLANs permitted by the peer-link interface |
VLANs permitted by the peer-link interface. The M-LAG system compares tagged VLANs prior to untagged VLANs. |
|
VLAN interfaces |
Up VLAN interfaces of which the VLANs contain the peer-link interface. |
|
VLAN interface status |
Whether a VLAN interface is in administratively down state. |
|
IPv4 address of a VLAN interface |
IPv4 address assigned to a VLAN interface. |
|
IPv6 address of a VLAN interface |
IPv6 address assigned to a VLAN interface. |
|
Virtual IPv4 address of the VRRP group on a VLAN interface |
Virtual IPv4 address of the VRRP group configured on a VLAN interface on the VRRP master. |
|
Global BPDU guard |
Global status of BPDU guard. |
|
MAC aging timer |
Aging timer for dynamic MAC address entries. |
|
Authentication load sharing mode for users on port security-enabled M-LAG interfaces |
This configuration item is not supported in the current version. Authentication load sharing mode for users on port security-enabled M-LAG interfaces: · Centralized—The primary M-LAG member device authenticates users. · Local—Each M-LAG member device authenticates their local users. · Odd-MAC—The local M-LAG member device authenticates odd-MAC users on all M-LAG interfaces of the M-LAG system. · Even-MAC—The local M-LAG member device authenticates even-MAC users on all M-LAG interfaces of the M-LAG system. |
|
MAC move |
Status of the MAC move feature. |
|
MAC move mode |
Port security MAC move mode: · Port—Allows an authenticated online user to move between ports on the device. · VLAN—Allows an authenticated online user to move between VLANs on a trunk or hybrid port. · All—Allows an authenticated online user to move between ports on the device or VLANs on a trunk or hybrid port. |
|
State of traffic statistics for 802.1X and MAC authentication users |
Whether traffic statistics collection is enabled globally for 802.1X and MAC authentication users. |
|
Global state of 802.1X authentication |
Whether 802.1X authentication is enabled globally. |
|
802.1X authentication method |
This configuration item is not supported in the current version. 802.1X authentication method: · Chap—Performs EAP termination and uses CHAP to communicate with the RADIUS server. · Eap—Relays EAP packets and supports any of the EAP authentication methods to communicate with the RADIUS server. · Pap—Performs EAP termination and uses PAP to communicate with the RADIUS server. |
|
MAC authentication method |
This configuration item is not supported in the current version. MAC authentication method: · Chap—CHAP authentication. · Pap—PAP authentication. |
|
VSI name |
Name of a VSI that has ACs on an M-LAG interface. |
|
VXLAN ID (VNI) |
VXLAN ID of a VSI. |
|
Gateway interface |
VSI interface associated with a VSI. |
|
VSI interface number |
Number of a VSI interface. |
|
MAC address of a VSI interface |
MAC address assigned to a VSI interface. |
|
IPv4 address of a VSI interface |
IPv4 address assigned to a VSI interface. |
|
IPv6 address of a VSI interface |
IPv6 address assigned to a VSI interface. |
|
Physical state of a VSI interface |
Physical link state of a VSI interface. |
|
Protocol state of a VSI interface |
Data link layer state of a VSI interface. |
Table 4 M-LAG interface type 2 configuration
|
Setting |
Details |
|
VLANs permitted by an M-LAG interface |
VLANs permitted by an M-LAG interface. The M-LAG system compares tagged VLANs prior to untagged VLANs. |
|
Using port speed as the prioritized criterion for reference port selection |
Whether an M-LAG interface uses port speed as the prioritized criterion for reference port selection. |
|
Ignoring port speed in setting the aggregation states of member ports |
Whether an M-LAG interface ignores port speed in setting the aggregation states of member ports. |
|
Root guard status |
Status of root guard. |
|
Port security mode |
This configuration item is not supported in the current version. Port security mode: · Autolearn. · Mac-authentication. · Mac-else-userlogin-secure. · Mac-else-userlogin-secure-ext. · Secure. · Userlogin. · Userlogin-secure. · Userlogin-secure-ext. · Userlogin-secure-or-mac. · Userlogin-secure-or-mac-ext. · Userlogin-withoui. |
|
802.1X critical VSI name |
This configuration item is not supported in the current version. Name of the 802.1X critical VSI. |
|
802.1X online user handshake |
This configuration item is not supported in the current version. Status of the 802.1X online user handshake feature. |
|
802.1X multicast trigger |
This configuration item is not supported in the current version. Status of the 802.1X multicast trigger feature. |
|
802.1X unicast trigger |
This configuration item is not supported in the current version. Status of the 802.1X unicast trigger feature. |
|
MAC authentication critical microsegment ID |
This configuration item is not supported in the current version. ID of the MAC authentication critical microsegment. |
|
MAC authentication critical VSI name |
This configuration item is not supported in the current version. Name of the MAC authentication critical VSI. |
|
MAC authentication URL user logoff |
This configuration item is not supported in the current version. Whether to log off MAC authentication users that have been assigned authorization URLs and have not passed authentication on a port when the first user is assigned to the critical microsegment. |
|
Parallel processing of MAC authentication and 802.1X authentication on a port |
This configuration item is not supported in the current version. Status of parallel processing of MAC authentication and 802.1X authentication on a port. |
|
Web authentication Auth-Fail VLAN |
This configuration item is not supported in the current version. Auth-Fail VLAN for Web authentication. |
M-LAG sequence number check
M-LAG sequence number check protects M-LAG member devices from replay attacks.
With this feature enabled, the M-LAG member devices insert a sequence number into each outgoing DRCPDU or keepalive packet and the sequence number increases by 1 for each sent packet. When receiving a DRCPDU or keepalive packet, the M-LAG member devices check its sequence number and drop the packet if the check result is either of the following:
· The sequence number of the packet is the same as that of a previously received packet.
· The sequence number of the packet is smaller than that of the most recently received packet.
M-LAG packet authentication
M-LAG packet authentication prevents DRCPDU and keepalive packet tampering from causing link flapping.
With this feature enabled, the M-LAG member devices compute a message digest by using an authentication key for each outgoing DRCPDU or keepalive packet and insert the message digest into the packet. When receiving a DRCPDU or keepalive packet, an M-LAG member device computes a message digest and compares it with the message digest in the packet. If the message digests match, the packet passes authentication. If the message digests do not match, the device drops the packet.
M-LAG failure handling mechanisms
M-LAG interface failure handling mechanism
As shown in Figure 4, Device A and Device B form an M-LAG system, to which Device C is attached through a multichassis aggregation. If traffic to Device C arrives at Device B after the M-LAG interface that connects Device B to Device C has failed, the M-LAG system forwards the traffic as follows:
1. Device B sends the traffic to Device A over the peer link.
2. Device A forwards the traffic received from the peer link to Device C.
After the faulty M-LAG interface comes up, Device B forwards traffic to Device C through the M-LAG interface.
Figure 4 M-LAG interface failure handling mechanism
Peer link failure handling mechanism
As shown in Figure 5, multi-active collision occurs if the peer link goes down while the keepalive link is up. To avoid network issues, the secondary M-LAG member device sets all network interfaces to M-LAG MAD DOWN state, except for the interfaces excluded from the shutdown action by M-LAG MAD.
In this situation, the primary M-LAG member device forwards all traffic for the M-LAG system.
When the peer-link interface comes up, the secondary M-LAG member device does not bring up the network interfaces immediately. Instead, it starts a delay timer and begins to recover data from the primary M-LAG member device. When the delay timer expires, the secondary M-LAG member device brings up all network interfaces.
Figure 5 Peer link failure handling mechanism
Device failure handling mechanism
As shown in Figure 6, when the primary M-LAG member device fails, its aggregation member links go down and cannot forward traffic. The secondary M-LAG member device takes over the primary role to forward all traffic for the M-LAG system. When the faulty device recovers, it becomes the secondary M-LAG member device.
When the secondary M-LAG member device fails, its aggregation member links go down. No role change occurs in the M-LAG system. The primary M-LAG member device forwards all traffic for the M-LAG system.
Figure 6 Device failure handling mechanism
Uplink failure handling mechanism
Uplink failure does not interrupt traffic forwarding of the M-LAG system. As shown in Figure 7, when the uplink of Device A fails, Device A passes traffic destined for the IP network to Device B for forwarding. All traffic destined for Device C will also traverse Device B.
To enable faster traffic switchover in response to an uplink failure and minimize traffic losses, configure Monitor Link to associate the M-LAG interfaces with the uplink interfaces. When the uplink interface of an M-LAG member device fails, that device shuts down its M-LAG interface for the other M-LAG member device to forward all traffic of Device C. For more information about Monitor Link, see High Availability Configuration Guide.
Figure 7 Uplink failure handling mechanism
Mechanisms to handle concurrent peer link and keepalive link failures
When both the peer link and the keepalive link are down, the M-LAG member devices handle this situation depending on your configuration.
Default failure handling mechanism
Figure 8 shows the default mechanism to handle peer link and keepalive link failures when the M-LAG standalone mode and M-LAG MAD DOWN state persistency features are not configured.
· If the peer link goes down while the keepalive link is up, the M-LAG member devices negotiate their roles over the keepalive link. M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those excluded from the shutdown action by M-LAG MAD.
· If the keepalive link goes down while the peer link is down, the secondary M-LAG member device sets its role to primary and brings up the network interfaces in M-LAG MAD DOWN state to forward traffic. In this situation, both of the M-LAG member devices might operate with the primary role to forward traffic. Forwarding errors might occur because the M-LAG member devices cannot synchronize MAC address entries over the peer link.
· If the keepalive link is down before the peer link goes down, M-LAG MAD will not place network interfaces in M-LAG MAD DOWN state. Both M-LAG member devices can operate with the primary role to forward traffic.
Figure 8 Default failure handling mechanism
Failure handling mechanism with M-LAG MAD DOWN state persistence
Figure 9 shows the mechanism to handle peer link and keepalive link failures when the M-LAG MAD DOWN state persistence feature is configured.
· If the peer link goes down while the keepalive link is up, the M-LAG member devices negotiate their roles over the keepalive link. M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those excluded from the shutdown action by M-LAG MAD.
· If the keepalive link goes down while the peer link is down, the secondary M-LAG member device sets its role to primary, but it does not bring up the network interfaces in M-LAG MAD DOWN state. Only the original primary member device can forward traffic.
· If the keepalive link is down before the peer link goes down, M-LAG MAD will not place network interfaces in M-LAG MAD DOWN state. Both M-LAG member devices can operate with the primary role to forward traffic.
Figure 9 Failure handling mechanism with M-LAG MAD DOWN state persistence
As shown in Figure 10, you can bring up the interfaces in M-LAG MAD DOWN state on the secondary M-LAG member device for it to forward traffic if the following conditions exist:
· Both the peer link and the keepalive link are down.
· The primary M-LAG member device fails or its M-LAG interface fails.
Figure 10 Bringing up the interfaces in M-LAG MAD DOWN state
Failure handling mechanism with M-LAG standalone mode
Figure 11 shows the mechanism to handle peer link and keepalive link failures when the M-LAG standalone mode feature is configured.
· If the peer link goes down while the keepalive link is up, the M-LAG member devices negotiate their roles over the keepalive link. M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those excluded from the shutdown action by M-LAG MAD.
· If the keepalive link goes down while the peer link is down, both M-LAG member devices change to M-LAG standalone mode. The secondary M-LAG member device sets its role to primary and brings up its network interfaces in M-LAG MAD DOWN state. In M-LAG standalone mode, only the aggregation member ports on one M-LAG member device can become Selected to forward traffic. For more information about how M-LAG standalone mode operates, see "M-LAG standalone mode."
· If the keepalive link is down before the peer link goes down, both M-LAG member devices change to M-LAG standalone mode.
Figure 11 Failure handling mechanism with M-LAG standalone mode
Protocols and standards
IEEE P802.1AX-REV™/D4.4c, Draft Standard for Local and Metropolitan Area Networks
Restrictions and guidelines: M-LAG configuration
M-LAG configuration
For the M-LAG member devices to be identified as one M-LAG system, you must configure the same M-LAG system MAC address and M-LAG system priority on them. You must assign different M-LAG system numbers to the M-LAG member devices.
The M-LAG interfaces in the same M-LAG group must use different LACP system MAC addresses.
As a best practice to reduce the impact of interface flapping on upper-layer services, use the link-delay command to configure the same link delay settings on the peer-link interfaces.
In an M-LAG system, two peer-link interfaces must have the same configuration for the maximum jumbo frame length.
For the M-LAG system to correctly forward traffic for single-homed devices, set the link type to trunk for the peer-link interfaces and the interfaces attached to the single-homed devices. If you fail to do so, the ND protocol packets sent to or from the single-homed devices cannot be forwarded over the peer link.
To ensure correct forwarding, delete M-LAG configuration from an M-LAG member device after it leaves its M-LAG system.
Compatibility with other features
For correct traffic forwarding, make sure the M-LAG member devices are consistent in service feature settings.
GIR
Before you change an M-LAG system back to normal mode by using the undo gir system-mode maintenance command, execute the display m-lag mad verbose command to verify that no network interfaces are in M-LAG MAD DOWN state. For information about GIR, see Fundamentals Configuration Guide.
MAC address table
If the M-LAG system has a large number of MAC address entries, set the MAC aging timer to a higher value than 20 minutes as a best practice. To set the MAC aging timer, use the mac-address timer command.
The undo mac-address command can delete the MAC address entries synchronized from the M-LAG peer.
For more information about the MAC address table, see "Configuring the MAC address table."
Ethernet link aggregation
Do not configure automatic link aggregation on an M-LAG system.
The aggregate interfaces in an S-MLAG group cannot be used as M-LAG interfaces or peer-link interfaces.
When you configure an M-LAG interface, follow these restrictions and guidelines:
· The link-aggregation selected-port maximum and link-aggregation selected-port minimum commands do not take effect on an M-LAG interface.
· If you execute the display link-aggregation verbose command for an M-LAG interface, the displayed system ID contains the M-LAG system MAC address and the M-LAG system priority.
· If the reference port is a member port of an M-LAG interface, the display link-aggregation verbose command displays the reference port on both M-LAG member devices.
For more information about Ethernet link aggregation, see "Configuring Ethernet link aggregation."
Loop detection
Member devices in an M-LAG system must have the same loop detection configuration. For information about loop detection, see "Configuring loop detection."
Spanning tree
When the spanning tree protocol is enabled for an M-LAG system, follow these restrictions and guidelines:
· Make sure the M-LAG member devices have the same spanning tree configuration. Violation of this rule might cause network flapping. The configuration includes:
¡ Global spanning tree configuration.
¡ Spanning tree configuration on the peer-link interface.
¡ Spanning tree configuration on M-LAG interfaces.
· Peer-link interfaces of the M-LAG system do not participate in spanning tree calculation.
· The M-LAG member devices still use the M-LAG system MAC address after the M-LAG system splits, which will cause spanning tree calculation issues. To avoid the issues, enable M-LAG standalone mode on the M-LAG member devices before the M-LAG system splits.
For more information about spanning tree, see "Configuring spanning tree."
Multicast
You must directly connect a Layer 2 or Layer 3 multicast-enabled M-LAG system to a multicast source or multicast receivers. You cannot place the M-LAG system in any other location.
In PIM-SSM or IPv6 PIM-SSM mode, if multicast receivers are attached only to one M-LAG member device in the M-LAG system, make sure the receivers access the M-LAG member device through VLAN interfaces.
On a cascaded M-LAG network, a Layer 3 multicast-enabled M-LAG system can cascade only to a Layer 2 multicast-enabled M-LAG system.
For more information about M-LAG for multicast, see PIM, IPv6 PIM, and IGMP Snooping configuration in IP Multicast Configuration Guide.
AAA
On an M-LAG system, you must specify a virtual IP address as the source IP address of outgoing RADIUS packets.
When RADIUS DAS is enabled, an M-LAG system does not support shutting down or rebooting the access ports for 802.1X authentication users or reauthenticating the users through CoA messages.
For more information about AAA, see Security Configuration Guide.
CFD
Do not use the MAC address of a remote MEP for CFD tests on peer-link interfaces. These tests cannot work on peer-link interfaces. For more information about CFD, see High Availability Configuration Guide.
ERPS
When configuring ERPS with M-LAG, make sure the peer-link interface is a trunk port. The peer-link interface will automatically join or leave a control VLAN as the control VLAN is created or deleted.
For information about ERPS, see High Availability Configuration Guide.
Smart Link
The M-LAG member devices in an M-LAG system must have the same Smart Link configuration.
For Smart Link to operate correctly on an M-LAG interface, do not assign the M-LAG interface and non-M-LAG interfaces to the same smart link group.
Do not assign a peer-link interface to a smart link group.
For more information about Smart Link configuration, see High Availability Configuration Guide.
VRRP
If you use M-LAG and VRRP together, make sure the keepalive hold timer is shorter than the interval at which the VRRP master sends VRRP advertisements. Violation of this restriction might cause a VRRP master/backup switchover to occur before peer link failure is confirmed. To set the interval at which the VRRP master sends VRRP advertisements, use the vrrp vrid timer advertise or vrrp ipv6 vrid timer advertise command. For more information about the commands, see High Availability Command Reference.
Mirroring
For a mirroring group, do not assign the source port to an aggregation group other than the one that accommodates the destination port, egress port, or reflector port. If the source port is in a different aggregation group than the other ports, mirrored LACPDUs will be transmitted between the aggregation groups and cause aggregate interface flapping.
VXLAN and EVPN
For information about VXLAN and EVPN restrictions, see VXLAN Configuration Guide and EVPN VXLAN configuration in EVPN Configuration Guide.
M-LAG tasks at a glance
To configure M-LAG, perform the following tasks:
1. Configuring M-LAG system settings
¡ Configuring the M-LAG system MAC address
¡ Setting the M-LAG system number
¡ Setting the M-LAG system priority
2. Setting the M-LAG role priority of the device
3. (Optional.) Enabling M-LAG standalone mode on an M-LAG member device
4. Configuring M-LAG keepalive settings
¡ Configuring M-LAG keepalive packet parameters
¡ Setting the M-LAG keepalive interval and timeout timer
¡ Configuring the default M-LAG MAD action on network interfaces
¡ Excluding an interface from the shutdown action by M-LAG MAD
¡ Excluding all logical interfaces from the shutdown action by M-LAG MAD
¡ Specifying interfaces to be shut down by M-LAG MAD when the M-LAG system splits
¡ Enabling M-LAG MAD DOWN state persistence
6. Configuring interfaces on the M-LAG system
¡ Configuring an M-LAG interface
¡ Specifying a Layer 2 aggregate interface or VXLAN tunnel interface as the peer-link interface
¡ (Optional.) Enabling the short DRCP timeout timer on the peer-link interface or an M-LAG interface
7. (Optional.) Enabling the peer-link interface to retain MAC address entries for down single-homed devices
8. (Optional.) Assigning an M-LAG virtual IP address to an interface
9. (Optional.) Configuring configuration consistency check
¡ Setting the mode of configuration consistency check
¡ Disabling configuration consistency check
Configuration consistency check might fail when you upgrade the M-LAG member devices in an M-LAG system. To prevent the M-LAG system from falsely shutting down M-LAG interfaces, you can temporarily disable configuration consistency check.
10. (Optional.) Configuring M-LAG timers
¡ (Optional.) Setting the keepalive hold timer for identifying the cause of peer link down events
¡ Configuring M-LAG system auto-recovery
¡ (Optional.) Setting the data restoration interval
11. (Optional.) Configuring M-LAG security features
¡ Enabling M-LAG sequence number check
¡ Enabling M-LAG packet authentication
Configuring M-LAG system settings
Configuring the M-LAG system MAC address
Restrictions and guidelines
The M-LAG system MAC address uniquely identifies the M-LAG system on the network. On an M-LAG system, M-LAG interfaces in the same M-LAG group must use the same LACP system MAC address. As a best practice, use the bridge MAC address of one M-LAG member device as the M-LAG system MAC address.
Changing the M-LAG system MAC address causes M-LAG system split. When you perform this task on a live network, make sure you are fully aware of its impact.
You can configure the M-LAG system MAC address on an aggregate interface only after it is configured as an M-LAG interface.
You can configure the M-LAG system MAC address globally and in aggregate interface view. The global M-LAG system MAC address takes effect on all aggregation groups. On an aggregate interface, the interface-specific M-LAG system MAC address takes precedence over the global M-LAG system MAC address.
Procedure
1. Enter system view.
system-view
2. Configure the M-LAG system MAC address.
m-lag system-mac mac-address
By default, the M-LAG system MAC address is not configured.
3. Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
4. Set the M-LAG system MAC address on the aggregate interface.
port m-lag system-mac mac-address
By default, the M-LAG system MAC address is not configured.
Setting the M-LAG system number
Restrictions and guidelines
Changing the M-LAG system number causes M-LAG system split. When you perform this task on a live network, make sure you are fully aware of its impact.
You must assign different M-LAG system numbers to the M-LAG member devices in an M-LAG system.
Procedure
1. Enter system view.
system-view
2. Set the M-LAG system number.
m-lag system-number system-number
By default, the M-LAG system number is not set.
Setting the M-LAG system priority
About this task
An M-LAG system uses its M-LAG system priority as the system LACP priority to communicate with the remote aggregation system.
Restrictions and guidelines
Changing the M-LAG system priority in system view causes M-LAG system split. When you perform this task on a live network, make sure you are fully aware of its impact.
You must configure the same M-LAG system priority for the M-LAG interfaces in the same M-LAG group.
You can configure the M-LAG system priority on an aggregate interface only after it is configured as an M-LAG interface.
You can configure the M-LAG system priority globally and in aggregate interface view. The global M-LAG system priority takes effect on all aggregation groups. On an aggregate interface, the interface-specific M-LAG system priority takes precedence over the global M-LAG system priority.
Procedure
1. Enter system view.
system-view
2. Set the M-LAG system priority.
m-lag system-priority system-priority
By default, the M-LAG system priority is 32768.
3. Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
4. Set the M-LAG system priority on the aggregate interface.
port m-lag system-priority priority
By default, the M-LAG system priority is 32768.
Setting the M-LAG role priority of the device
About this task
M-LAG assigns the primary or secondary role to an M-LAG member device based on its M-LAG role priority. The smaller the priority value, the higher the priority. If the M-LAG member devices in an M-LAG system use the same M-LAG role priority, the device with the lower bridge MAC address is assigned the primary role.
Restrictions and guidelines
To prevent a primary/secondary role switchover from causing network flapping, avoid changing the M-LAG priority assignment after the M-LAG system is established.
Procedure
1. Enter system view.
system-view
2. Set the M-LAG role priority of the device.
m-lag role priority priority-value
By default, the M-LAG role priority of the device is 32768.
Enabling M-LAG standalone mode on an M-LAG member device
About this task
Perform this task to avoid forwarding issues in the multi-active situation that might occur after both the peer link and the keepalive link go down.
M-LAG standalone mode helps avoid traffic forwarding issues in this multi-active situation by allowing only the member ports in the M-LAG interfaces on one member device to forward traffic. For more information about this mode, see "M-LAG standalone mode."
When you configure this feature, you can configure a delay to prevent an unnecessary mode change because of transient link down issues.
Restrictions and guidelines
This mode takes effect when both the peer link and the keepalive link are down. However, an M-LAG member device does not change to M-LAG standalone mode when its M-LAG peer device reboots.
As a best practice, enable M-LAG standalone mode on both M-LAG member devices.
Before you enable M-LAG standalone mode on an M-LAG member device, make sure its LACP system priority is higher than that of the remote aggregation system. This restriction ensures that the reference port is on the remote aggregation system and prevents the interfaces attached to the M-LAG system from flapping.
Procedure
1. Enter system view.
system-view
2. Enable M-LAG standalone mode.
m-lag standalone enable [ delay delay-time ]
By default, M-LAG standalone mode is disabled.
Configuring M-LAG keepalive settings
Restrictions and guidelines for configuring M-LAG keepalive settings
As a best practice, establish a dedicated direct link between M-LAG member devices as a keepalive link. Do not use the keepalive link for any other purposes. Make sure the M-LAG member devices have Layer 2 and Layer 3 connectivity to each other over the keepalive link.
Configuring M-LAG keepalive packet parameters
About this task
Perform this task to specify the parameters for sending M-LAG keepalive packets, such as its source and destination IP addresses.
The device accepts only keepalive packets that are sourced from the specified destination IP address. The keepalive link goes down if the device receives keepalive packets sourced from any other IP address.
Restrictions and guidelines
Make sure the M-LAG member devices in an M-LAG system use the same keepalive destination UDP port.
Procedure
1. Enter system view.
system-view
2. Configure M-LAG keepalive packet parameters.
m-lag keepalive { ip | ipv6 } destination { ipv4-address | ipv6-address } [ source { ipv4-address | ipv6-address } | [ udp-port udp-number | vpn-instance vpn-instance-name ] *
By default, the M-LAG keepalive packet parameters are not configured. If you do not specify a source IP address or destination UDP port when you execute this command, the IP address of the outgoing interface and UDP port 6400 are used, respectively.
Setting the M-LAG keepalive interval and timeout timer
About this task
The device sends keepalive packets at the specified interval to its M-LAG peer. If the device has not received a keepalive packet from the M-LAG peer before the keepalive timeout timer expires, the device determines that the keepalive link is down.
Restrictions and guidelines
The local M-LAG keepalive timeout timer must be two times the M-LAG keepalive interval of the peer at minimum.
Configure the same M-LAG keepalive interval on the M-LAG member devices in the M-LAG system.
Procedure
1. Enter system view.
system-view
2. Set the M-LAG keepalive interval and timeout timer.
m-lag keepalive interval interval [ timeout timeout ]
By default, the M-LAG keepalive interval is 1000 milliseconds, and the M-LAG keepalive timeout timer is 5 seconds.
Configuring M-LAG MAD
About this task
M-LAG MAD configuration methods
When you configure M-LAG MAD, use either of the following methods:
· To shut down all network interfaces on the secondary M-LAG member device except a few special-purpose interfaces that must be retained in up state:
¡ Set the default M-LAG MAD action to M-LAG MAD DOWN. For more information, see "Configuring the default M-LAG MAD action on network interfaces."
¡ Manually exclude interfaces from being shut down by M-LAG MAD, in addition to automatically included interfaces. For more information about the configuration procedure, see "Excluding an interface from the shutdown action by M-LAG MAD."
This method is applicable to most network environments.
· To have the secondary M-LAG member device retain a large number of interfaces in up state and shut down the remaining interfaces:
¡ Set the default M-LAG MAD action to NONE. For more information, see "Configuring the default M-LAG MAD action on network interfaces."
¡ Specify network interfaces that must be shut down by M-LAG MAD, in addition to the automatically included interfaces. For more information about the configuration procedure, see "Specifying interfaces to be shut down by M-LAG MAD when the M-LAG system splits."
One applicable scenario of this method is the EVPN environment in which you use a VXLAN tunnel as the peer link. In this scenario, you must retain a large number of logical interfaces (for example, VLAN, aggregate, loopback, tunnel, and VSI interfaces) in up state.
List of automatically included interfaces
M-LAG MAD will always shut down the ports in the system-configured included port list if the device acts as the secondary M-LAG member device when the M-LAG system splits.
This list contains aggregation member ports of M-LAG interfaces. To identify system-configured included ports, execute the display m-lag mad verbose command.
List of automatically excluded interfaces
M-LAG MAD will not shut down the ports in the following list when the M-LAG system splits:
· System-configured excluded port list in M-LAG MAD:
¡ Peer-link interface.
¡ Aggregation member interfaces if a Layer 2 aggregate interface is used as the peer-link interface.
¡ M-LAG interfaces.
¡ Management interfaces.
To identify these interfaces, execute the display m-lag mad verbose command.
· Network interfaces used for special purposes, including:
¡ Interfaces placed in a loopback test by using the loopback command. For more information about this command, see Ethernet interface commands in Interface Command Reference.
¡ Interfaces assigned to a service loopback group by using the port service-loopback group command. For more information about this command, see service loopback group commands in Layer 2—LAN Switching Command Reference.
¡ Interfaces assigned to remote source groups as reflector ports for traffic mirroring by using the mirroring-group reflector-port command. For more information about this command, see port mirroring commands in Network Management and Monitoring Command reference.
¡ Fiber interfaces placed in up state by using the port-up mode command. For more information about this command, see Ethernet interface commands in Interface Command Reference.
Restrictions and guidelines for M-LAG MAD
When the M-LAG system splits, M-LAG MAD by default takes the same action on an aggregate interface and its member ports. For example, if M-LAG MAD shuts down an aggregate interface, it also shuts down the member ports of the aggregate interface.
If you specify the MAD action to take on an aggregation member port by using the m-lag mad include interface or m-lag mad exclude interface command, the configuration takes precedence over the M-LAG MAD action on the aggregate interface.
Configuring the default M-LAG MAD action on network interfaces
About this task
You can configure M-LAG MAD to take either of the following default actions on network interfaces if the device acts as the secondary M-LAG member device when the M-LAG system splits:
· M-LAG MAD DOWN—M-LAG MAD will shut down all network interfaces on the secondary M-LAG member device when the M-LAG system splits, except the interfaces excluded manually or by the system.
· NONE—M-LAG MAD will not shut down any network interfaces when the M-LAG system splits, except the interfaces configured manually or by the system to be shut down by M-LAG MAD.
Restrictions and guidelines
The M-LAG MAD DOWN action will not take effect on the interfaces listed in "List of automatically excluded interfaces."
The M-LAG MAD DOWN action will always take on the interfaces listed in "List of automatically included interfaces," even if the default M-LAG MAD action is NONE.
Procedure
1. Enter system view.
system-view
2. Configure the default M-LAG MAD action to take on network interfaces on the secondary M-LAG member device when the M-LAG system splits.
m-lag mad default-action { down | none }
By default, M-LAG MAD shuts down network interfaces on the secondary M-LAG member device.
Excluding an interface from the shutdown action by M-LAG MAD
Restrictions and guidelines
You must always exclude the following interfaces from being shut down by M-LAG MAD:
· For correct keepalive detection, exclude the interfaces used for keepalive detection from the shutdown action by M-LAG MAD.
· If the peer-link interface is a tunnel interface, exclude the tunnel interface and traffic outgoing interface for the tunnel from the shutdown action by M-LAG MAD. This ensures that the M-LAG member devices can receive DRCP packets over the peer link.
· For the M-LAG member devices to synchronize ARP and ND entries, exclude the VLAN interfaces for the VLANs to which the M-LAG interfaces and peer-link interfaces belong from the shutdown action.
To view interfaces excluded from the MAD shutdown action, execute the display m-lag mad verbose command.
If you exclude an interface that is already in M-LAG MAD DOWN state from the MAD shutdown action, the interface stays in that state. It will not come up automatically.
Procedure
1. Enter system view.
system-view
2. Exclude an interface from the shutdown action by M-LAG MAD.
m-lag mad exclude interface interface-type interface-number
By default, M-LAG MAD shuts down all network interfaces when detecting a multi-active collision, except for the network interfaces automatically exccluded from the shutdown action.
Excluding all logical interfaces from the shutdown action by M-LAG MAD
About this task
When a VXLAN tunnel is used as the peer link on an EVPN M-LAG system, you must retain a large number of logical interfaces (for example, VLAN, aggregate, loopback, tunnel, and VSI interfaces) in up state. To simplify configuration, you can exclude all logical interfaces from the shutdown action by M-LAG MAD.
Restrictions and guidelines
The m-lag mad exclude interface and m-lag mad include interface commands take precedence over the m-lag mad exclude logical-interfaces command.
Procedure
1. Enter system view.
system-view
2. Exclude all logical interfaces from the shutdown action by M-LAG MAD.
m-lag mad exclude logical-interfaces
By default, M-LAG MAD shuts down all network interfaces when it detects a multi-active collision, except for the network interfaces set by the system to not shut down.
Specifying interfaces to be shut down by M-LAG MAD when the M-LAG system splits
About this task
By default, M-LAG MAD automatically shuts down the interfaces listed in "List of automatically included interfaces" if the device is the secondary M-LAG member device when the M-LAG system splits.
To specify additional interfaces to be shut down by M-LAG MAD, perform this task.
You typically perform this task when the default M-LAG MAD action is set to NONE.
Restrictions and guidelines
The M-LAG MAD DOWN action will not take effect on the interfaces listed in "List of automatically excluded interfaces."
Procedure
1. Enter system view.
system-view
2. Specify interfaces to be shut down by M-LAG MAD when the M-LAG system splits.
m-lag mad include interface interface-type interface-number
By default, the user-configured included port list does not contain any ports.
Enabling M-LAG MAD DOWN state persistence
About this task
M-LAG MAD DOWN state persistence helps avoid the multi-active situation by preventing the secondary M-LAG member device from bringing up the network interfaces in M-LAG MAD DOWN state. For more information about this feature, see "M-LAG MAD DOWN state persistence" and "Failure handling mechanism with M-LAG MAD DOWN state persistence."
You can bring up the interfaces in M-LAG MAD DOWN state on the secondary M-LAG member device to minimize traffic interruption when both of the following conditions exist:
· The primary M-LAG member device fails while the peer link is down.
· The M-LAG MAD DOWN state persists on the secondary M-LAG member device.
Procedure
1. Enter system view.
system-view
2. Enable M-LAG MAD DOWN state persistence.
m-lag mad persistent
By default, the secondary M-LAG member device brings up interfaces in M-LAG MAD DOWN state when its role changes to primary.
3. (Optional.) Bring up the interfaces in M-LAG MAD DOWN state.
m-lag mad restore
Execute this command only when both the peer link and the keepalive link are down.
Configuring an M-LAG interface
Restrictions and guidelines
The device can have multiple M-LAG interfaces. However, you can assign a Layer 2 aggregate interface to only one M-LAG group.
A Layer 2 aggregate interface cannot operate as both peer-link interface and M-LAG interface.
To improve forwarding efficiency, exclude the M-LAG interface on the secondary M-LAG device from the shutdown action by M-LAG MAD. This action enables the M-LAG interface to forward traffic immediately after a multi-active collision is removed without having to wait for the secondary M-LAG device to complete entry restoration.
Procedure
1. Enter system view.
system-view
2. Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Assign the aggregate interface to an M-LAG group.
port m-lag group group-id
Specifying a Layer 2 aggregate interface or VXLAN tunnel interface as the peer-link interface
Restrictions and guidelines
An M-LAG member device can have only one peer-link interface.
A Layer 2 aggregate interface or VXLAN tunnel interface cannot operate as both peer-link interface and M-LAG interface. Make sure the peer-link interface has higher bandwidth than the M-LAG interfaces.
Do not associate a VXLAN tunnel interface with a VXLAN if you use it as the peer-link interface. You can use a VXLAN tunnel interface as a peer-link interface only in an EVPN network. For more information about EVPN, see EVPN Configuration Guide.
When you specify an aggregate interface as a peer-link interface, the device assigns the aggregate interface as a trunk port to all VLANs if the interface uses the default VLAN settings. If not, the device does not change the VLAN settings on the interface.
The device does not change the VLAN settings on an aggregate interface when you remove its peer-link interface role.
As a best practice to reduce the impact of interface flapping on upper-layer services, execute the link-delay command on the peer-link interface. For more information about this command, see Ethernet link aggregation commands in Layer 2—LAN Switching Command Reference.
Do not use the MAC address of a remote MEP for CFD tests on peer-link interfaces. These tests cannot work on peer-link interfaces. For more information about CFD, see High Availability Configuration Guide.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter VXLAN tunnel interface view.
interface tunnel number
3. Specify the interface as the peer-link interface.
port m-lag peer-link port-id
Enabling the short DRCP timeout timer on the peer-link interface or an M-LAG interface
About this task
By default, the peer-link interface or an M-LAG interface uses the 90-second long DRCP timeout timer. To detect peer interface down events more quickly, enable the 3-second short DRCP timeout timer on the interface.
Restrictions and guidelines
To avoid traffic interruption, disable the short DRCP timeout timer before you perform the following operations:
· M-LAG process restart.
· Active/standby MTU switchover.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter VXLAN tunnel interface view.
interface tunnel number
3. Enable the short DRCP timeout timer.
m-lag drcp period short
By default, an interface uses the long DRCP timeout timer (90 seconds).
Enabling the peer-link interface to retain MAC address entries for down single-homed devices
About this task
When an M-LAG member device detects that the link to a single-homed device goes down, the peer-link interface takes the following actions:
· Deletes the MAC address entries for the single-homed device.
· Sends a message to the peer peer-link interface for it to delete the affected MAC address entries.
If the link to a single-homed device flaps constantly, the peer-link interface repeatedly deletes and adds MAC address entries for the device. This situation increases floods of unicast traffic destined for the single-homed device.
To reduce flood traffic, enable the peer-link interface to retain MAC address entries for single-homed devices. After the links to single-homed devices go down, the affected MAC address entries age out on expiration of the MAC aging timer instead of being deleted immediately. The timer is set by using the mac-address timer command. For more information about this command, see MAC address table commands in Layer 2—LAN Switching Command Reference.
Procedure
1. Enter system view.
system-view
2. Enable the peer-link interface to retain MAC address entries for single-homed devices.
m-lag peer-link mac-address hold
By default, the peer-link interface does not retain MAC address entries for single-homed devices when the devices go down.
Assigning an M-LAG virtual IP address to an interface
About this task
For an M-LAG member device to act as a RADIUS client, you must assign an M-LAG virtual IP address to an interface of the device as the source IP address of RADIUS packets. This virtual IP address must be the IP address configured by using the nas-ip command.
Configure M-LAG virtual IP addresses based on the user authentication load sharing mode set by using the port-security m-lag load-sharing-mode command.
· Centralized mode—Configure the same virtual IP address on the M-LAG member devices, and set the state of the virtual IP address to active on the primary M-LAG member device.
· Distributed mode—Configure the virtual IP addresses used for local user authentication and peer user authentication on both M-LAG member devices. On each M-LAG member device, set the state of the local virtual IP address to active, and set the state of the peer virtual IP address to standby.
Restrictions and guidelines
When you assign multiple M-LAG virtual IP addresses to an interface, follow these restrictions and guidelines:
· You can assign a maximum of two virtual IPv4 and two IPv6 addresses to an interface.
· If you configure different virtual MAC addresses for a virtual IPv4 or IPv6 address, the most recent configuration takes effect.
· You cannot configure the same virtual MAC address for multiple virtual IPv4 or IPv6 addresses.
· When you assign a virtual IPv4 or IPv6 address to VLAN interfaces, you must configure the same virtual MAC address for the virtual IPv4 or IPv6 address on both M-LAG member devices.
If you assign both virtual IPv4 and IPv6 addresses to VLAN interfaces, make sure the virtual IPv4 and IPv6 addresses that use the same virtual MAC address are in the same state on the M-LAG member devices.
Assigning an M-LAG virtual IP address to a VLAN interface
1. Enter system view.
system-view
2. Enter VLAN interface view.
interface vlan-interface interface-number
3. Assign a virtual IPv4 address to the VLAN interface.
port m-lag virtual-ip ipv4-address { mask-length | mask } [ active | standby ] [ virtual-mac mac-address ]
By default, no virtual IPv4 addresses are assigned to interfaces.
4. Assign a virtual IPv6 address to the VLAN interface.
port m-lag ipv6 virtual-ip ipv6-address { prefix-length [ active | standby ] [ virtual-mac mac-address ] | link-local }
By default, no virtual IPv6 addresses are assigned to interfaces.
Assigning an M-LAG virtual IP address to a loopback interface
1. Enter system view.
system-view
2. Enter loopback interface view.
interface loopback interface-number
3. Assign a virtual IPv4 address to the loopback interface.
port m-lag virtual-ip ipv4-address { mask-length | mask } [ active | standby ]
By default, no virtual IPv4 addresses are assigned to interfaces.
4. Assign a virtual IPv6 address to the loopback interface.
port m-lag ipv6 virtual-ip ipv6-address { prefix-length [ active | standby ] | link-local }
By default, no virtual IPv6 addresses are assigned to interfaces.
Assigning an M-LAG virtual IP address to a VSI interface
1. Enter system view.
system-view
2. Enter VSI interface view.
interface vsi-interface interface-number
3. Assign a virtual IPv4 address to the VSI interface.
port m-lag virtual-ip ipv4-address { mask-length | mask } [ active | standby ]
By default, no virtual IPv4 addresses are assigned to interfaces.
4. Assign a virtual IPv6 address to the VSI interface.
port m-lag ipv6 virtual-ip ipv6-address { prefix-length [ active | standby ] | link-local }
By default, no virtual IPv6 addresses are assigned to interfaces.
Setting the mode of configuration consistency check
About this task
The device handles configuration inconsistency depending on the mode of configuration consistency check.
· For type 1 configuration inconsistency:
¡ The device generates log messages if loose mode is enabled.
¡ The device shuts down M-LAG interfaces and generates log messages if strict mode is enabled.
· For type 2 configuration inconsistency, the device only generates log messages, whether strict or loose mode is enabled.
Procedure
1. Enter system view.
system-view
2. Set the mode of configuration consistency check.
m-lag consistency-check mode { loose | strict }
By default, configuration consistency check uses strict mode.
Disabling configuration consistency check
About this task
To ensure that the M-LAG system can operate correctly, M-LAG by default performs configuration consistency check when the M-LAG system is set up.
Configuration consistency check might fail when you upgrade the M-LAG member devices in an M-LAG system. To prevent the M-LAG system from falsely shutting down M-LAG interfaces, you can temporarily disable configuration consistency check.
Restrictions and guidelines
Make sure the M-LAG member devices use the same setting for configuration consistency check.
Procedure
1. Enter system view.
system-view
2. Disable configuration consistency check.
m-lag consistency-check disable
By default, configuration consistency check is enabled.
Setting the keepalive hold timer for identifying the cause of peer link down events
About this task
The keepalive hold timer starts when the peer link goes down. The keepalive hold timer specifies the amount of time that the device uses to identify the cause of a peer link down event.
· If the device receives keepalive packets from the M-LAG peer before the timer expires, the peer link is down because the peer link fails.
· If the device does not receive keepalive packets from the M-LAG peer before the timer expires, the peer link is down because the peer M-LAG device fails.
Procedure
1. Enter system view.
system-view
2. Set the keepalive hold timer.
m-lag keepalive hold-time value
By default, the keepalive hold timer is 3 seconds.
Configuring M-LAG system auto-recovery
About this task
If only one M-LAG member device recovers after the entire M-LAG system reboots, auto-recovery enables that member device to remove its M-LAG interfaces from the M-LAG DOWN interface list.
· If that member device has up M-LAG interfaces, it takes over the primary role when the reload delay timer expires and forwards traffic.
· If that member device does not have up M-LAG interfaces, it is stuck in the None role and does not forward traffic.
If auto-recovery is disabled, that M-LAG member device will be stuck in the None role with all its M-LAG interfaces being M-LAG DOWN after it recovers.
Restrictions and guidelines
If both M-LAG member devices recover and have up M-LAG interfaces after the entire M-LAG system reboots, active-active situation might occur if both peer link and keepalive links were down when the reload delay timer expires. If this rare situation occurs, examine the peer link and keepalive links and restore them.
To avoid incorrect role preemption, make sure the reload delay timer is longer than the amount of time required for the device to restart.
Procedure
1. Enter system view.
system-view
2. Configure M-LAG system auto-recovery.
m-lag auto-recovery reload-delay delay-value
By default, M-LAG system auto-recovery is not configured. The reload delay timer is not set.
Setting the data restoration interval
About this task
The data restoration interval specifies the maximum amount of time for the secondary M-LAG device to synchronize data with the primary M-LAG device during M-LAG system setup. Within the data restoration interval, the secondary M-LAG device sets all network interfaces to M-LAG MAD DOWN state, except for the interfaces excluded from the shutdown action by M-LAG MAD.
When the data restoration interval expires, the secondary M-LAG device brings up all network interfaces.
Restrictions and guidelines
Increase the data restoration interval as needed in the following situations:
· Avoid packet loss and forwarding failure that might occur when a large amount of data is to be synchronized between the M-LAG member devices.
· Avoid M-LAG interface flapping that might occur if type 1 configuration consistency check fails after the M-LAG interfaces come up upon expiration of the data restoration interval.
Procedure
1. Enter system view.
system-view
2. Set the data restoration interval.
m-lag restore-delay value
By default, the data restoration interval is 30 seconds.
Enabling M-LAG sequence number check
About this task
M-LAG sequence number check protects M-LAG member devices from replay attacks by examining the sequence number of M-LAG DRCP and keepalive packets.
Restrictions and guidelines
As a best practice to improve security, use M-LAG sequence number check together with M-LAG packet authentication.
After one M-LAG member device reboots, the other M-LAG member device might receive and accept the packets that were intercepted by an attacker before the reboot. As a best practice, change the authentication key after an M-LAG member device reboots.
Procedure
1. Enter system view.
system-view
2. Enable M-LAG sequence number check.
m-lag sequence enable
By default, M-LAG sequence number check is disabled.
Enabling M-LAG packet authentication
About this task
M-LAG packet authentication enhances M-LAG system security by authenticating M-LAG DRCPDU and keepalive packets.
Restrictions and guidelines
For successful authentication, configure the same authentication key for the M-LAG member devices.
Procedure
1. Enter system view.
system-view
2. Enable M-LAG packet authentication and configure an authentication key.
m-lag authentication key { simple | cipher } string
By default, M-LAG packet authentication is disabled.
Verifying and maintaining M-LAG
Verifying M-LAG system configuration and running status
Perform all display tasks in any view.
· Display the M-LAG system settings.
display m-lag system
· Display M-LAG role information.
display m-lag role
· Display information about the configuration consistency check done by M-LAG.
display m-lag consistency { type1 | type2 } { global | interface interface-type interface-number }
· Display status of the configuration consistency check done by M-LAG.
display m-lag consistency-check status
· Display M-LAG keepalive packet statistics.
display m-lag keepalive
· Display detailed M-LAG MAD information.
display m-lag mad verbose
· Display M-LAG virtual IP addresses.
display m-lag virtual-ip [ interface interface-type interface-number ]
Displaying peer-link and M-LAG interface information
Perform all display tasks in any view.
· Display brief information about the peer-link interface and M-LAG interfaces.
display m-lag summary
· Display detailed information about the peer-link interface and M-LAG interfaces.
display m-lag verbose [ interface bridge-aggregation interface-number ]
Displaying and clearing DRCPDU statistics
Display DRCPDU statistics in any view.
display m-lag drcp statistics [ interface interface-type interface-number ]
Clear DRCPDU statistics in user view.
reset m-lag drcp statistics [ interface interface-list ]
Displaying and clearing M-LAG troubleshooting records
Display M-LAG troubleshooting records in any view.
display m-lag troubleshooting [ m-lag-interface | peer-link | keepalive ] [ history ] [ count ]
Clear M-LAG troubleshooting records in user view.
reset m-lag troubleshooting history
M-LAG configuration examples
Example: Configuring basic M-LAG functions
Network configuration
As shown in Figure 12:
· To provide node redundancy for service continuity, configure M-LAG on Device A and Device B to establish a multichassis aggregate link with Device C.
· Use a Layer 3 Ethernet interface on each member device to establish a keepalive link. Manually exclude the interfaces from the MAD shutdown action performed by M-LAG.
Procedure
1. Configure Device A:
# Configure M-LAG system settings.
<DeviceA> system-view
[DeviceA] m-lag system-mac 1-1-1
[DeviceA] m-lag system-number 1
[DeviceA] m-lag system-priority 123
# Configure M-LAG keepalive packet parameters.
[DeviceA] m-lag keepalive ip destination 1.1.1.1 source 1.1.1.2
# Set the link mode of HundredGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets.
[DeviceA] interface hundredgige 1/0/5
[DeviceA-HundredGigE1/0/5] port link-mode route
[DeviceA-HundredGigE1/0/5] ip address 1.1.1.2 24
[DeviceA-HundredGigE1/0/5] quit
# Exclude the interface used for M-LAG keepalive detection (HundredGigE 1/0/5) from the shutdown action by M-LAG MAD.
[DeviceA] m-lag mad exclude interface hundredgige 1/0/5
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[DeviceA] interface bridge-aggregation 3
[DeviceA-Bridge-Aggregation3] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation3] quit
# Assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 3.
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] port link-aggregation group 3
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port link-aggregation group 3
[DeviceA-HundredGigE1/0/2] quit
# Specify Bridge-Aggregation 3 as the peer-link interface.
[DeviceA] interface bridge-aggregation 3
[DeviceA-Bridge-Aggregation3] port m-lag peer-link 1
[DeviceA-Bridge-Aggregation3] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[DeviceA] interface bridge-aggregation 4
[DeviceA-Bridge-Aggregation4] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation4] quit
# Assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 4.
[DeviceA] interface hundredgige 1/0/3
[DeviceA-HundredGigE1/0/3] port link-aggregation group 4
[DeviceA-HundredGigE1/0/3] quit
[DeviceA] interface hundredgige 1/0/4
[DeviceA-HundredGigE1/0/4] port link-aggregation group 4
[DeviceA-HundredGigE1/0/4] quit
# Assign Bridge-Aggregation 4 to M-LAG group 4.
[DeviceA] interface bridge-aggregation 4
[DeviceA-Bridge-Aggregation4] port m-lag group 4
[DeviceA-Bridge-Aggregation4] quit
2. Configure Device B:
# Configure M-LAG system settings.
<DeviceB> system-view
[DeviceB] m-lag system-mac 1-1-1
[DeviceB] m-lag system-number 2
[DeviceB] m-lag system-priority 123
# Configure M-LAG keepalive packet parameters.
[DeviceB] m-lag keepalive ip destination 1.1.1.2 source 1.1.1.1
# Set the link mode of HundredGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets.
[DeviceB] interface hundredgige 1/0/5
[DeviceB-HundredGigE1/0/5] port link-mode route
[DeviceB-HundredGigE1/0/5] ip address 1.1.1.1 24
[DeviceB-HundredGigE1/0/5] quit
# Exclude the interface used for M-LAG keepalive detection (HundredGigE 1/0/5) from the shutdown action by M-LAG MAD.
[DeviceB] m-lag mad exclude interface hundredgige 1/0/5
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation3] quit
# Assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 3.
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] port link-aggregation group 3
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port link-aggregation group 3
[DeviceB-HundredGigE1/0/2] quit
# Specify Bridge-Aggregation 3 as the peer-link interface.
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] port m-lag peer-link 1
[DeviceB-Bridge-Aggregation3] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[DeviceB] interface bridge-aggregation 4
[DeviceB-Bridge-Aggregation4] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation4] quit
# Assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 4.
[DeviceB] interface hundredgige 1/0/3
[DeviceB-HundredGigE1/0/3] port link-aggregation group 4
[DeviceB-HundredGigE1/0/3] quit
[DeviceB] interface hundredgige 1/0/4
[DeviceB-HundredGigE1/0/4] port link-aggregation group 4
[DeviceB-HundredGigE1/0/4] quit
# Assign Bridge-Aggregation 4 to M-LAG group 4.
[DeviceB] interface bridge-aggregation 4
[DeviceB-Bridge-Aggregation4] port m-lag group 4
[DeviceB-Bridge-Aggregation4] quit
3. Configure Device C:
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
<DeviceC> system-view
[DeviceC] interface bridge-aggregation 4
[DeviceC-Bridge-Aggregation4] link-aggregation mode dynamic
[DeviceC-Bridge-Aggregation4] quit
# Assign HundredGigE 1/0/1 through HundredGigE 1/0/4 to aggregation group 4.
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/4
[DeviceC-if-range] port link-aggregation group 4
[DeviceC-if-range] quit
Verifying the configuration
# Verify that the keepalive link is working correctly on Device A.
[DeviceA] display m-lag keepalive
Neighbor keepalive link status (cause): Up
Neighbor is alive for: 104 s 16 ms
Keepalive packet transmission status:
Sent: Successful
Received: Successful
Last received keepalive packet information:
Source IP address: 1.1.1.1
Time: 2019/09/11 09:21:51
Action: Accept
M-LAG keepalive parameters:
Destination IP address: 1.1.1.1
Source IP address: 1.1.1.2
Keepalive UDP port : 6400
Keepalive VPN name : N/A
Keepalive interval : 1000 ms
Keepalive timeout : 5 sec
Keepalive hold time: 3 sec
# Verify that the peer-link interface and the M-LAG interface are working correctly on Device A.
[DeviceA] display m-lag summary
Flags: A -- Aggregate interface down, B -- No peer M-LAG interface configured
C -- Configuration consistency check failed
Peer-link interface: BAGG3
Peer-link interface state (cause): UP
Keepalive link state (cause): UP
M-LAG interface information
M-LAG IF M-LAG group Local state (cause) Peer state Remaining down time(s)
BAGG4 4 UP UP -
[DeviceA] display m-lag verbose
Flags: A -- Home_Gateway, B -- Neighbor_Gateway, C -- Other_Gateway,
D -- PeerLink_Activity, E -- DRCP_Timeout, F -- Gateway_Sync,
G -- Port_Sync, H -- Expired
Peer-link interface/Peer-link interface ID: BAGG3/1
State: UP
Cause: -
Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG
Local Selected ports (index): HGE1/0/1 (260), HGE1/0/2 (261)
Peer Selected ports indexes: 260, 261
M-LAG interface/M-LAG group ID: BAGG4/4
Local M-LAG interface state: UP
Peer M-LAG interface state: UP
M-LAG group state: UP
Local M-LAG interface down cause: -
Remaining M-LAG DOWN time: -
Local M-LAG interface LACP MAC: Config=0001-0001-0001, Effective=0001-0001-0001
Peer M-LAG interface LACP MAC: Config=0001-0001-0001, Effective=0001-0001-0001
Local M-LAG interface LACP priority: Config=123, Effective=123
Peer M-LAG interface LACP priority: Config=123, Effective=123
Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG
Local Selected ports (index): HGE1/0/3 (258), HGE1/0/4 (259)
Peer Selected ports indexes: 258, 259
# Verify that all member ports of aggregation group 4 are in Selected state on Device C, which indicates a successful link aggregation between the M-LAG system and Device C.
[DeviceC] display link-aggregation verbose bridge-aggregation 4
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation4
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 2e56-cbae-0600
Local:
Port Status Priority Index Oper-Key Flag
HGE1/0/1(R) S 32768 1 1 {ACDEF}
HGE1/0/2 S 32768 2 1 {ACDEF}
HGE1/0/3 S 32768 3 1 {ACDEF}
HGE1/0/4 S 32768 4 1 {ACDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
HGE1/0/1 32768 16387 40004 0x7b , 0001-0001-0001 {ACDEF}
HGE1/0/2 32768 16388 40004 0x7b , 0001-0001-0001 {ACDEF}
HGE1/0/3 32768 32771 40004 0x7b , 0001-0001-0001 {ACDEF}
HGE1/0/4 32768 32772 40004 0x7b , 0001-0001-0001 {ACDEF}
Example: Configuring Layer 3 gateways on an M-LAG system
Network configuration
As shown in Figure 13:
· To provide node redundancy for service continuity, configure Device A and Device B as an M-LAG system to establish one multichassis aggregate link with Device C and one with Device D.
· Set up a keepalive link between HundredGigE 1/0/5 of Device A and HundredGigE 1/0/5 of Device B, and exclude the interfaces from the shutdown action by M-LAG MAD.
· Configure two VRRP groups on Device A and Device B to provide gateway services for VLAN 100 and VLAN 200. Configure Device A as the master of the VRRP groups.
Procedure
1. Configure Device A:
# Configure M-LAG system settings.
<DeviceA> system-view
[DeviceA] m-lag system-mac 1-1-1
[DeviceA] m-lag system-number 1
[DeviceA] m-lag system-priority 123
# Configure M-LAG keepalive parameters.
[DeviceA] m-lag keepalive ip destination 1.1.1.2 source 1.1.1.1
# Set the link mode of HundredGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets.
[DeviceA] interface hundredgige 1/0/5
[DeviceA-HundredGigE1/0/5] port link-mode route
[DeviceA-HundredGigE1/0/5] ip address 1.1.1.1 24
[DeviceA-HundredGigE1/0/5] quit
# Exclude the interface used for M-LAG keepalive detection (HundredGigE 1/0/5) from the shutdown action by M-LAG MAD.
[DeviceA] m-lag mad exclude interface hundredgige 1/0/5
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 125.
[DeviceA] interface bridge-aggregation 125
[DeviceA-Bridge-Aggregation125] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation125] quit
# Assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 125.
[DeviceA] interface hundredgige 1/0/3
[DeviceA-HundredGigE1/0/3] port link-aggregation group 125
[DeviceA-HundredGigE1/0/3] quit
[DeviceA] interface HundredGigE 1/0/4
[DeviceA-HundredGigE1/0/4] port link-aggregation group 125
[DeviceA-HundredGigE1/0/4] quit
# Specify Bridge-Aggregation 125 as the peer-link interface.
[DeviceA] interface bridge-aggregation 125
[DeviceA-Bridge-Aggregation125] port m-lag peer-link 1
[DeviceA-Bridge-Aggregation125] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 100, and assign it to M-LAG group 1.
[DeviceA] interface bridge-aggregation 100
[DeviceA-Bridge-Aggregation100] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation100] port m-lag group 1
[DeviceA-Bridge-Aggregation100] quit
# Assign HundredGigE 1/0/1 to aggregation group 100.
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] port link-aggregation group 100
[DeviceA-HundredGigE1/0/1] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 101, and assign it to M-LAG group 2.
[DeviceA] interface bridge-aggregation 101
[DeviceA-Bridge-Aggregation101] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation101] port m-lag group 2
[DeviceA-Bridge-Aggregation101] quit
# Assign HundredGigE 1/0/2 to aggregation group 101.
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port link-aggregation group 101
[DeviceA-HundredGigE1/0/2] quit
# Create VLAN 100 and VLAN 101.
[DeviceA] vlan 100
[DeviceA-vlan100] quit
[DeviceA] vlan 101
[DeviceA-vlan101] quit
# Set the link type of Bridge-Aggregation 100 to trunk, and assign it to VLAN 100.
[DeviceA] interface bridge-aggregation 100
[DeviceA-Bridge-Aggregation100] port link-type trunk
[DeviceA-Bridge-Aggregation100] port trunk permit vlan 100
[DeviceA-Bridge-Aggregation100] quit
# Set the link type of Bridge-Aggregation 101 to trunk, and assign it to VLAN 101.
[DeviceA] interface bridge-aggregation 101
[DeviceA-Bridge-Aggregation101] port link-type trunk
[DeviceA-Bridge-Aggregation101] port trunk permit vlan 101
[DeviceA-Bridge-Aggregation101] quit
# Create VLAN-interface 100 and VLAN-interface 101, and assign IP addresses to them.
[DeviceA] interface vlan-interface 100
[DeviceA-vlan-interface100] ip address 10.1.1.1 24
[DeviceA-vlan-interface100] quit
[DeviceA] interface vlan-interface 101
[DeviceA-vlan-interface101] ip address 20.1.1.1 24
[DeviceA-vlan-interface101] quit
# Configure OSPF.
[DeviceA] ospf
[DeviceA-ospf-1] import-route direct
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
# Create VRRP group 1 on VLAN-interface 100 and set its virtual IP address to 10.1.1.100.
[DeviceA] interface vlan-interface 100
[DeviceA-Vlan-interface100] vrrp vrid 1 virtual-ip 10.1.1.100
# Set the priority of Device A to 200 for it to become the master in VRRP group 1.
[DeviceA-Vlan-interface100] vrrp vrid 1 priority 200
[DeviceA-Vlan-interface100] quit
# Create VRRP group 2 on VLAN-interface 101 and set its virtual IP address to 20.1.1.100.
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 2 virtual-ip 20.1.1.100
# Set the priority of Device A to 200 for it to become the master in VRRP group 2.
[DeviceA-Vlan-interface101] vrrp vrid 2 priority 200
[DeviceA-Vlan-interface101] quit
2. Configure Device B:
# Configure M-LAG system settings.
<DeviceB> system-view
[DeviceB] m-lag system-mac 1-1-1
[DeviceB] m-lag system-number 2
[DeviceB] m-lag system-priority 123
# Configure M-LAG keepalive parameters.
[DeviceB] m-lag keepalive ip destination 1.1.1.1 source 1.1.1.2
# Set the link mode of HundredGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets.
[DeviceB] interface hundredgige 1/0/5
[DeviceB-HundredGigE1/0/5] port link-mode route
[DeviceB-HundredGigE1/0/5] ip address 1.1.1.2 24
[DeviceB-HundredGigE1/0/5] quit
# Exclude the interface used for M-LAG keepalive detection (HundredGigE 1/0/5) from the shutdown action by M-LAG MAD.
[DeviceB] m-lag mad exclude interface hundredgige 1/0/5
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 125.
[DeviceB] interface bridge-aggregation 125
[DeviceB-Bridge-Aggregation125] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation125] quit
# Assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 125.
[DeviceB] interface hundredgige 1/0/3
[DeviceB-HundredGigE1/0/3] port link-aggregation group 125
[DeviceB-HundredGigE1/0/3] quit
[DeviceB] interface hundredgige 1/0/4
[DeviceB-HundredGigE1/0/4] port link-aggregation group 125
[DeviceB-HundredGigE1/0/4] quit
# Specify Bridge-Aggregation 125 as the peer-link interface.
[DeviceB] interface bridge-aggregation 125
[DeviceB-Bridge-Aggregation125] port m-lag peer-link 1
[DeviceB-Bridge-Aggregation125] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 100, and assign it to M-LAG group 1.
[DeviceB] interface bridge-aggregation 100
[DeviceB-Bridge-Aggregation100] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation100] port m-lag group 1
[DeviceB-Bridge-Aggregation100] quit
# Assign HundredGigE 1/0/1 to aggregation group 100.
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] port link-aggregation group 100
[DeviceB-HundredGigE1/0/1] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 101, and assign it to M-LAG group 2.
[DeviceB] interface bridge-aggregation 101
[DeviceB-Bridge-Aggregation101] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation101] port m-lag group 2
[DeviceB-Bridge-Aggregation101] quit
# Assign HundredGigE 1/0/2 to aggregation group 101.
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port link-aggregation group 101
[DeviceB-HundredGigE1/0/2] quit
# Create VLAN 100 and VLAN 101.
[DeviceB] vlan 100
[DeviceB-vlan100] quit
[DeviceB] vlan 101
[DeviceB-vlan101] quit
# Set the link type of Bridge-Aggregation 100 to trunk, and assign it to VLAN 100.
[DeviceB] interface bridge-aggregation 100
[DeviceB-Bridge-Aggregation100] port link-type trunk
[DeviceB-Bridge-Aggregation100] port trunk permit vlan 100
[DeviceB-Bridge-Aggregation100] quit
# Set the link type of Bridge-Aggregation 101 to trunk, and assign it to VLAN 101.
[DeviceB] interface bridge-aggregation 101
[DeviceB-Bridge-Aggregation101] port link-type trunk
[DeviceB-Bridge-Aggregation101] port trunk permit vlan 101
[DeviceB-Bridge-Aggregation101] quit
# Create VLAN-interface 100 and VLAN-interface 101, and assign IP addresses to them.
[DeviceB] interface vlan-interface 100
[DeviceB-vlan-interface100] ip address 10.1.1.2 24
[DeviceB-vlan-interface100] quit
[DeviceB] interface vlan-interface 101
[DeviceB-vlan-interface101] ip address 20.1.1.2 24
[DeviceB-vlan-interface101] quit
# Configure OSPF.
[DeviceB] ospf
[DeviceB-ospf-1] import-route direct
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
# Create VRRP group 1 on VLAN-interface 100 and set its virtual IP address to 10.1.1.100.
[DeviceB] interface vlan-interface 100
[DeviceB-Vlan-interface100] vrrp vrid 1 virtual-ip 10.1.1.100
[DeviceB-Vlan-interface100] quit
# Create VRRP group 2 on VLAN-interface 101 and set its virtual IP address to 20.1.1.100.
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] vrrp vrid 2 virtual-ip 20.1.1.100
[DeviceB-Vlan-interface101] quit
3. Configure Device C:
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 100.
<DeviceC> system-view
[DeviceC] interface bridge-aggregation 100
[DeviceC-Bridge-Aggregation100] link-aggregation mode dynamic
[DeviceC-Bridge-Aggregation100] quit
# Assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 100.
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceC-if-range] port link-aggregation group 100
[DeviceC-if-range] quit
# Create VLAN 100.
[DeviceC] vlan 100
[DeviceC-vlan100] quit
# Set the link type of Bridge-Aggregation 100 to trunk, and assign it to VLAN 100.
[DeviceC] interface bridge-aggregation 100
[DeviceC-Bridge-Aggregation100] port link-type trunk
[DeviceC-Bridge-Aggregation100] port trunk permit vlan 100
[DeviceC-Bridge-Aggregation100] quit
# Set the link type of HundredGigE 1/0/3 to trunk, and assign it to VLAN 100.
[DeviceC] interface hundredgige 1/0/3
[DeviceC-HundredGigE1/0/3] port link-type trunk
[DeviceC-HundredGigE1/0/3] port trunk permit vlan 100
[DeviceC-HundredGigE1/0/3] quit
# Create VLAN-interface 100, and assign it an IP address.
[DeviceC] interface vlan-interface 100
[DeviceC-vlan-interface100] ip address 10.1.1.3 24
[DeviceC-vlan-interface100] quit
# Configure OSPF.
[DeviceC] ospf
[DeviceC-ospf-1] import-route direct
[DeviceC-ospf-1] area 0
[DeviceC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] quit
[DeviceC-ospf-1] quit
4. Configure Device D:
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 101.
<DeviceD> system-view
[DeviceD] interface bridge-aggregation 101
[DeviceD-Bridge-Aggregation101] link-aggregation mode dynamic
[DeviceD-Bridge-Aggregation101] quit
# Assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 101.
[DeviceD] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceD-if-range] port link-aggregation group 101
[DeviceD-if-range] quit
# Create VLAN 101.
[DeviceD] vlan 101
[DeviceD-vlan101] quit
# Set the link type of Bridge-Aggregation 101 to trunk, and assign it to VLAN 101.
[DeviceD] interface bridge-aggregation 101
[DeviceD-Bridge-Aggregation101] port link-type trunk
[DeviceD-Bridge-Aggregation101] port trunk permit vlan 101
[DeviceD-Bridge-Aggregation101] quit
# Set the link type of HundredGigE 1/0/3 to trunk, and assign it to VLAN 101.
[DeviceD] interface hundredgige 1/0/3
[DeviceD-HundredGigE1/0/3] port link-type trunk
[DeviceD-HundredGigE1/0/3] port trunk permit vlan 101
[DeviceD-HundredGigE1/0/3] quit
# Create VLAN-interface 101, and assign it an IP address.
[DeviceD] interface vlan-interface 101
[DeviceD-vlan-interface101] ip address 20.1.1.3 24
[DeviceD-vlan-interface101] quit
# Configure OSPF.
[DeviceD] ospf
[DeviceD-ospf-1] import-route direct
[DeviceD-ospf-1] area 0
[DeviceD-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.0] quit
[DeviceD-ospf-1] quit
Verifying the configuration
# Verify that Device C has established OSPF neighbor relationships with Device A and Device B.
[DeviceC] display ospf peer
OSPF Process 1 with Router ID 10.1.1.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
20.1.1.1 10.1.1.1 1 37 Full/DR Vlan100
20.1.1.2 10.1.1.2 1 32 Full/BDR Vlan100
# Verify that Device D has established OSPF neighbor relationships with Device A and Device B.
[DeviceD] display ospf peer
OSPF Process 1 with Router ID 20.1.1.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
20.1.1.1 20.1.1.1 1 38 Full/DR Vlan101
20.1.1.2 20.1.1.2 1 37 Full/BDR Vlan101
# Verify that Host A and Host B can ping each other. (Details not shown.)
