H3C Access Controllers
IRF Setup with Members Not Directly Connected
Configuration Examples

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

 

Contents

Introduction· 1

Prerequisites· 1

Example: Setting up a two-member IRF fabric with members not directly connected  1

Network configuration· 1

Restrictions and guidelines· 2

IRF setup requirements· 2

Feature configuration and compatibility on an IRF fabric· 3

IRF fabric tuning and maintenance· 3

Procedures· 3

Configuring AC 1· 3

Configuring AC 2· 4

Configuring the IRF fabric· 5

Configuring Switch· 5

Verifying the configuration· 6

Configuration files· 7

Related documentation· 9

 

Introduction

The following information provides an example for setting up a two-member IRF fabric with members not directly connected.

The Intelligent Resilient Framework (IRF) technology is proprietary to H3C. This technology is a true stacking technology that creates a large virtual stack called IRF fabric from multiple devices to provide data center class availability and scalability. IRF offers processing power, interaction, unified management, and uninterrupted maintenance of multiple devices.

Prerequisites

	NOTE: Support for this configuration example varies by device model and version.

 

The following information applies to Comware-based access controllers and access points. Procedures and information in the examples might be slightly different depending on the software or hardware version of the access controllers and access points.

The configuration examples were created and verified in a lab environment, and all the devices were started with the factory default configuration. When you are working on a live network, make sure you understand the potential impact of every command on your network.

The following information is provided based on the assumption that you have basic knowledge of IRF and Ethernet link aggregation.

Example: Setting up a two-member IRF fabric with members not directly connected

Network configuration

As shown in Figure 1, use AC 1 and AC 2 to set up an IRF fabric. The IRF network interfaces of the ACs are connected through a Layer 2 switch.

Figure 1 Network diagram

 

Restrictions and guidelines

To ensure successful setup and maintenance of the IRF fabric, read the following information carefully.

IRF setup requirements

IRF fabric size

At the time of this writing, an IRF fabric can contain a maximum of two ACs.

Software version requirements

Make sure all IRF member devices run the same software image version.

To add a device of a different software version to the IRF fabric, make sure the software auto-update feature is enabled on the device for software synchronization.

By default, the software auto-update feature for IRF is enabled. To verify that the feature is enabled, execute the display irf command and then examine the Auto upgrade field. If the feature is disabled, use the irf auto-update enable command to enable it.

IRF connection requirements

To build a two-member IRF fabric, you can connect two devices directly or indirectly through a switch.

IRF physical interface restrictions

When you use 100Base-FX/1000Base-X SFP ports or 10GBase-R SFP+ ports to establish IRF links, follow these guidelines:

·     Do not use 100Base-FX/1000Base-X SFP ports with 100M transceiver modules.

·     Do not use 10GBase-R SFP+ ports with 1G transceiver modules.

IRF port binding requirements

You can create only one IRF port on an AC. The IRF port is named irf-port n, where n is the IRF member ID of the AC.

When you bind physical interfaces to an IRF port, follow these restrictions and guidelines:

·     The physical interfaces bound to an IRF port must be the same in speed.

·     An IRF port can contain hybrid (control & data) channels, separate control and data channels, but not both. If you have bound a physical interface to the IRF port as a hybrid channel, you cannot bind additional physical interfaces to the IRF port as separate control or data channels. Conversely, if you have bound a physical interface to the IRF port as a separate data or control channel, you cannot bound additional physical interfaces as hybrid channels to the IRF port.

After you bind physical interfaces to the IRF port on an AC, you must save the configuration, and then restart the AC or activate the IRF port settings for the bindings to take effect.

Other configuration requirements

Make sure the following requirements are met:

 

Item	Requirements
Ethernet link aggregation	·     On the switch, you must configure the aggregate interfaces connected to IRF network interfaces to operate in static mode. If you configure the aggregate interfaces to operate in dynamic mode, the switch might get stuck and the IRF fabric might even split. ·     On the switch, you must configure the aggregate interfaces used for LACP MAD to operate in dynamic mode.
Spanning tree feature	·     On the IRF members—To avoid service interruption, disable the spanning tree feature on the IRF members when LACP MAD is used. ·     On the switch—To avoid service interruption, disable the spanning tree feature on the physical ports used for IRF services.
IRF member ID	Assign a unique member ID to each member device. The member ID assigned to a device takes effect after the device restarts.
Topo-domain ID	Assign the same topo-domain ID and MAD domain ID to all member devices.

 

Configure Layer 2 dynamic aggregate interfaces to transmit service packets only after you have established the IRF fabric.

IRF merge guidelines

If the IRF fabrics to be merged use the same bridge MAC address, you must change the bridge MAC address of one fabric.

To merge split IRF fabrics, make sure the IRF configuration on their member devices has not changed after the split.

Feature configuration and compatibility on an IRF fabric

To avoid service interference, isolate service packets from IRF packets at Layer 2.

If a multicard link aggregation is established between the IRF fabric and a switch, do not configure per-packet load sharing on the link aggregation at the switch end.

NAT is not supported on an IRF fabric.

IRF fabric tuning and maintenance

You cannot bring down an IRF link by shutting down the network interface on the IRF standby device side if that link is the only control channel in up state on the device. To bring down the IRF link, execute the shutdown command to shut down the network interface on the master device side for the link.

Before you can remove a network interface from an IRF port while multiple correctly operating IRF links are present, you must execute the shutdown command to shut that network interface down.

To change the IRF member ID of a device, execute the irf member renumber command on the device, and then restart the device for the change to take effect. To avoid MAD failures or service interruption, make sure the new member ID is unique among all IRF members.

All members in an IRF fabric use the same MAD domain ID. To change the MAD domain ID, execute the irf domain command on the master device. Make sure the new MAD domain ID is unique among all IRF fabrics present on the network for correct IRF split detection.

Procedures

Configuring AC 1

# Assign Ten-GigabitEthernet 1/0/25 to the IRF port.

<AC1> system-view

[AC1] irf-port 1

[AC1-irf-port1] port group interface ten-gigabitethernet 1/0/25

[AC1-irf-port1] quit

# Specify the member priority as 2. AC 1 will be the master device.

[AC1] irf member 1 priority 2

# Save the configuration.

[AC1] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[cfa0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# Activate the IRF port configuration.

[AC1] irf-port-configuration active

Configuring AC 2

# Change the IRF member ID to 2.

<AC2> system-view

[AC2] irf member 1 renumber 2

Renumbering the member ID may result in configuration change or loss. Continue?[

Y/N]:y

[AC2] quit

# Reboot the AC for the new member ID to take effect.

<AC2> reboot

Start to check configuration with next startup configuration file, please wait..

.......DONE!

Current configuration may be lost after the reboot, save current configuration?

[Y/N]:y

Please input the file name(*.cfg)[cfa0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

cfa0:/startup.cfg exists, overwrite? [Y/N]:y

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

This command will reboot the device. Continue? [Y/N]:y

Now rebooting, please wait...

# Assign Ten-GigabitEthernet 2/0/25 to the IRF port.

<AC2> system-view

[AC2] irf-port 2

[AC2-irf-port2] port group interface ten-gigabitethernet 2/0/25

[AC2-irf-port2] quit

# Save the configuration.

[AC2] save

The current configuration will be written to the device. Are you sure? [Y/N]:y

Please input the file name(*.cfg)[cfa0:/startup.cfg]

(To leave the existing filename unchanged, press the enter key):

Validating file. Please wait...

Saved the current configuration to mainboard device successfully.

# Activate the IRF port configuration.

[AC2] irf-port-configuration active

AC 1 and AC 2 perform master election. AC 2 fails the master election and reboots to form an IRF fabric with AC 1.

Configuring the IRF fabric

# Change the name of the IRF fabric to IRF.

<AC1> system-view

[AC1] system-name IRF

# Configure descriptions for AC 1 and AC 2, respectively.

[IRF] irf member 1 description AC 1

[IRF] irf member 2 description AC 2

# Create Layer 2 aggregate interface Bridge-Aggregation 1, and configure the aggregation group of the aggregate interface to operate in dynamic mode.

[IRF] interface bridge-aggregation 1

[IRF-Bridge-Aggregation1] link-aggregation mode dynamic

# Enable LACP MAD on Bridge-Aggregation 1.

[IRF-Bridge-Aggregation1] mad enable

[IRF-Bridge-Aggregation1] quit

# Enable link-aggregation traffic redirection.

[IRF] link-aggregation lacp traffic-redirect-notification enable

# Assign GigabitEthernet 1/0/1 to aggregation group 1.

[IRF] interface gigabitethernet 1/0/1

[IRF-GigabitEthernet1/0/1] port link-aggregation group 1

[IRF-GigabitEthernet1/0/1] quit

# Assign GigabitEthernet 2/0/1 to aggregation group 1.

[IRF] interface gigabitethernet 2/0/1

[IRF-GigabitEthernet2/0/1] port link-aggregation group 1

[IRF-GigabitEthernet2/0/1] quit

Configuring Switch

1.     Configure links for interfaces connected to the IRF network interfaces:

# Create VLAN 400 and assign the network interfaces on IRF links to the VLAN.

<Switch> system-view

[Switch] vlan 400

[Switch-vlan400] port ten-gigabitethernet 1/0/25

[Switch-vlan400] port ten-gigabitethernet 1/0/26

[Switch-vlan400] quit

# Disable the spanning tree feature on Ten-GigabitEthernet 1/0/25 and Ten-GigabitEthernet 1/0/26.

[Switch] interface ten-gigabitethernet 1/0/25

[Switch-Ten-GigabitEthernet1/0/25] undo stp enable

[Switch-Ten-GigabitEthernet1/0/25] quit

[Switch] interface ten-gigabitethernet 1/0/26

[Switch-Ten-GigabitEthernet1/0/26] undo stp enable

[Switch-Ten-GigabitEthernet1/0/26] quit

2.     Configure links used for transmitting service packets and LACP MAD packets between the switch and IRF fabric:

# Create Layer 2 aggregate interface Bridge-Aggregation 1, and configure the aggregation group of the aggregate interface to operate in dynamic mode.

[Switch] interface bridge-aggregation 1

[Switch-Bridge-Aggregation1] link-aggregation mode dynamic

[Switch-Bridge-Aggregation1] quit

# Assign GigabitEthernet 1/0/1 to aggregation group 1.

[Switch] interface gigabitethernet 1/0/1

[Switch-GigabitEthernet1/0/1] port link-aggregation group 1

[Switch-GigabitEthernet1/0/1] quit

# Assign GigabitEthernet 1/0/2 to aggregation group 1.

[Switch] interface gigabitethernet 1/0/2

[Switch-GigabitEthernet1/0/2] port link-aggregation group 1

[Switch-GigabitEthernet1/0/2] quit

3.     Enable link-aggregation traffic redirection.

[Switch] link-aggregation lacp traffic-redirect-notification enable

Verifying the configuration

# Display IRF information. Verify that AC 1 is the master device.

[IRF] display irf

Member ID    Role    Priority  CPU MAC         Description

   *1        Master  2         50da-0051-2608  AC 1

   +2        Standby 1         50da-0051-2670  AC 2

--------------------------------------------------

The asterisk (*) indicates the master.

The plus sign (+) indicates the device through which you are logged in.

The right angle bracket (>) indicates the device's stack capability is disabled.

 

Bridge MAC of the IRF: 50da-0051-2608

Auto upgrade         : Enabled

MAC persistence      : 6 min

Topo-domain ID       : 0

Auto merge           : Enabled

# Display IRF link information. Verify that the IRF network interfaces on both member devices are up.

[IRF] display irf link

Member ID   Member Interfaces                   Status

1           XGE1/0/25(ctrl&data)                Up

2           XGE2/0/25(ctrl&data)                Up

# On the IRF fabric, display detailed information about aggregation groups. Verify that GigabitEthernet 1/0/1 and GigabitEthernet 2/0/1 are in aggregation group 1 and are in Selected state.

[IRF] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected, I -- Individual

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: Shar

System ID: 0x8000, 50da-0051-2608

Local:

  Port             Status  Priority Oper-Key  Flag

--------------------------------------------------------------------------------

  GE1/0/1          S       32768    1         {ACDEF}

  GE2/0/1          S       32768    1         {ACDEF}

Remote:

  Actor            Partner Priority Oper-Key  SystemID               Flag

--------------------------------------------------------------------------------

  GE1/0/1          1       32768    1         0x8000, 3897-d633-f3c6 {ACDEF}

  GE2/0/1          2       32768    1         0x8000, 3897-d633-f3c6 {ACDEF}

# On the switch, display detailed information about aggregation groups. Verify that GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 are in aggregation group 1 and are in Selected state.

[Switch] display link-aggregation verbose

Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing

Port Status: S -- Selected, U -- Unselected,

             I -- Individual, * -- Management port

Flags:  A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,

        D -- Synchronization, E -- Collecting, F -- Distributing,

        G -- Defaulted, H -- Expired

 

Aggregate Interface: Bridge-Aggregation1

Aggregation Mode: Dynamic

Loadsharing Type: Shar

Management VLAN : None

System ID: 0x8000, 3897-d633-f3c6

Local:

  Port             Status  Priority Oper-Key  Flag

--------------------------------------------------------------------------------

  GE1/0/1          S       32768    1         {ACDEF}

  GE1/0/2          S       32768    1         {ACDEF}

Remote:

  Actor            Partner Priority Oper-Key  SystemID               Flag

--------------------------------------------------------------------------------

  GE1/0/1          2       32768    1         0x8000, 50da-0051-2608 {ACDEF}

  GE1/0/2          31      32768    1         0x8000, 50da-0051-2608 {ACDEF}

Configuration files

·     IRF fabric:

#

 sysname IRF

#

 irf mac-address persistent timer

 irf auto-update enable

 irf auto-merge enable

 irf member 1 priority 2

 irf member 2 priority 1

 irf member 1 description AC 1

 irf member 2 description AC 2

#

 link-aggregation lacp traffic-redirect-notification enable

#

irf-port 1

 port group interface Ten-GigabitEthernet1/0/25

#

irf-port 2

 port group interface Ten-GigabitEthernet2/0/25

#

interface Bridge-Aggregation1

 link-aggregation mode dynamic

 mad enable

#

interface GigabitEthernet1/0/1

 port link-aggregation group 1

#

interface GigabitEthernet2/0/1

 port link-aggregation group 1

#

·     Switch:

#

 link-aggregation lacp traffic-redirect-notification enable

#

vlan 400

#

interface Bridge-Aggregation1

 link-aggregation mode dynamic

#

interface GigabitEthernet1/0/1

 port link-aggregation group 1

#

interface GigabitEthernet1/0/2

 port link-aggregation group 1

#

interface Ten-GigabitEthernet1/0/25

 port access vlan 400

 undo stp enable

#

interface Ten-GigabitEthernet1/0/26

 port access vlan 400

 undo stp enable

#

Related documentation

·     High Availability Configuration Guide in H3C Access Controllers Configuration Guides

·     High Availability Command Reference in H3C Access Controllers Command References

·     Network Connectivity Configuration Guide in H3C Access Controllers Configuration Guides

·     Network Connectivity Command Reference in H3C Access Controllers Command References