Login
- Table of Contents
-
- 05-Layer 2—LAN Switching Configuration Guide
- 00-Preface
- 01-MAC address table configuration
- 02-Ethernet link aggregation configuration
- 03-M-LAG configuration
- 04-Port isolation configuration
- 05-VLAN configuration
- 06-QinQ configuration
- 07-Loop detection configuration
- 08-Spanning tree configuration
- 09-LLDP configuration
- 10-PFC configuration
- 11-Service loopback group configuration
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 03-M-LAG configuration | 553.81 KB |
Keepalive and failover mechanism
Configuration consistency check
M-LAG failure handling mechanisms
Mechanisms to handle concurrent peer link and keepalive link failures
Restrictions and guidelines: M-LAG configuration
Compatibility with other features
Configuring M-LAG system settings
Configuring the M-LAG system MAC address
Setting the M-LAG system number
Setting the M-LAG system priority
Setting the M-LAG role priority of the device
Enabling M-LAG standalone mode on an M-LAG member device
Configuring M-LAG keepalive settings
Configuring M-LAG keepalive packet parameters
Setting the M-LAG keepalive interval and timeout timer
Restrictions and guidelines for M-LAG MAD
Configuring the default M-LAG MAD action on network interfaces
Excluding an interface from the shutdown action by M-LAG MAD
Excluding all logical interfaces from the shutdown action by M-LAG MAD
Specifying interfaces to be shut down by M-LAG MAD when the M-LAG system splits
Enabling M-LAG MAD DOWN state persistence
Configuring an M-LAG interface
Specifying a Layer 2 aggregate interface or VXLAN tunnel interface as the peer-link interface
Enabling the short DRCP timeout timer on the peer-link interface or an M-LAG interface
Enabling the peer-link interface to retain MAC address entries for down single-homed devices
Assigning an M-LAG virtual IP address to an interface
Setting the mode of configuration consistency check
Disabling configuration consistency check
Configuring M-LAG system auto-recovery
Setting the data restoration interval
Enabling M-LAG sequence number check
Enabling M-LAG packet authentication
Verifying and maintaining M-LAG
Verifying M-LAG system configuration and running status
Displaying M-LAG interface information
Displaying and clearing DRCPDU statistics
Displaying and clearing M-LAG troubleshooting records
Example: Configuring basic M-LAG functions
Example: Configuring Layer 3 gateways on an M-LAG system
Configuring M-LAG
About M-LAG
Multichassis Link Aggregation (M-LAG) virtualizes two physical devices into one system through multichassis link aggregation.
M-LAG network model
As shown in Figure 1, M-LAG virtualizes two devices into an M-LAG system, which connects to the remote aggregation system through a multichassis aggregate link. To the remote aggregation system, the M-LAG system is one device.
The M-LAG member devices are M-LAG peers to each other. M-LAG defines the following interface roles for each M-LAG member device:
· M-LAG interface—Layer 2 aggregate interface connected to the remote aggregation system. M-LAG interfaces connected to the same remote aggregation system belong to one M-LAG group. In Figure 1, Bridge-Aggregation 1 on Device A and Bridge-Aggregation 2 on Device B belong to the same M-LAG group. M-LAG interfaces in an M-LAG group form a multichassis aggregate link.
· Peer-link interface—Interface connected to the M-LAG peer for internal control. Each M-LAG member device has only one peer-link interface. The peer-link interfaces of the M-LAG member devices transmit M-LAG protocol packets through the peer link established between them. An M-LAG system has only one peer link.
M-LAG member devices use a keepalive link to monitor each other's state. For more information about the keepalive mechanism, see "Keepalive and failover mechanism."
If a device is attached to only one of the M-LAG member devices in an M-LAG system, that device is a single-homed device.
DRCP
M-LAG uses H3C proprietary Distributed Relay Control Protocol (DRCP) for multichassis link aggregation. DRCP runs on the peer link and uses distributed relay control protocol data units (DRCPDUs) to advertise the M-LAG configuration out of peer-link interfaces and M-LAG interfaces.
DRCP operating mechanism
M-LAG-enabled devices use DRCPDUs for the following purposes:
· Exchange DRCPDUs through M-LAG interfaces to determine whether they can form an M-LAG system.
· Exchange DRCPDUs through peer-link interfaces to negotiate the peer link state.
DRCP timeout timers
DRCP uses a timeout mechanism to specify the amount of time that an peer-link interface or M-LAG interface must wait to receive DRCPDUs before it determines that the peer interface is down. This timeout mechanism provides the following timer options:
· Short DRCP timeout timer, which is fixed at 3 seconds. If this timer is used, the peer interface sends one DRCPDU every second.
· Long DRCP timeout timer, which is fixed at 90 seconds. If this timer is used, the peer interface sends one DRCPDU every 30 seconds.
Short DRCP timeout timer enables the M-LAG member devices to detect a peer interface down event more quickly than the long DRCP timeout timer. However this benefit is at the expense of bandwidth and system resources.
Keepalive and failover mechanism
For the secondary M-LAG device to monitor the state of the primary device, you must establish a Layer 3 keepalive link between the M-LAG member devices.
The M-LAG member devices periodically send keepalive packets over the keepalive link. If an M-LAG member device has not received keepalive packets from the peer when the keepalive timeout timer expires, it determines that the keepalive link is down. When both the keepalive link and the peer link are down, an M-LAG member device acts depending on its role.
· If its role is primary, the device retains its role as long as it has up M-LAG interfaces. If all its M-LAG interfaces are down, its role becomes None.
· If its role is secondary, the device takes over the primary role and retains the role as long as it has up M-LAG interfaces. If all its M-LAG interfaces are down, its role becomes None.
A device with the None role cannot send or receive keepalive packets. Its keepalive link stays in the down state.
If the keepalive link is down while the peer link is up, the M-LAG member devices prompt you to check for keepalive link issues.
If the keepalive link is up while the peer link is down, the M-LAG member devices elect a primary device based on the information in the keepalive packets.
MAD mechanism
M-LAG MAD
A multi-active collision occurs if the peer link goes down while the keepalive link is up. To avoid network issues, M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those manually or automatically excluded.
When the peer link comes up, the secondary M-LAG member device starts a delay timer and begins to restore table entries (including MAC address entries and ARP entries) from the primary M-LAG member device. When the delay timer expires, the secondary M-LAG member device brings up all network interfaces placed in M-LAG MAD DOWN state.
M-LAG MAD DOWN state persistence
Both of the M-LAG member devices might take the primary role if both of them have M-LAG interfaces in up state after the following series of events occur:
1. The peer link goes down while the keepalive link is up. Then, M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those excluded from the shutdown action by M-LAG MAD.
2. The keepalive link also goes down. Then, the secondary M-LAG member device brings up the network interfaces in M-LAG MAD DOWN state and sets its role to primary.
M-LAG MAD DOWN state persistence helps avoid the forwarding issues that might occur in the multi-active situation that occurs because the keepalive link goes down while the peer link is down.
To prevent packet loss after the peer link recovers from a link fault, the secondary member device should try to synchronize entries (such as the MAC address entries and ARP entries) within the data restoration interval. Subsequently, interfaces in M-LAG MAD DOWN state on the device will restore to up.
Device role calculation
As shown in Figure 2, the role of an M-LAG member device can be primary, secondary, or none after role calculation.
Figure 2 M-LAG role calculation process
Role calculation rules
M-LAG calculates the roles of the M-LAG member devices according to the following rules:
· The M-LAG roles are determined upon M-LAG system initialization triggered by M-LAG system setup or reboot of an M-LAG member device.
· If the peer link is up, the M-LAG member devices exchange DRCPDUs over the peer link to determine which of them to take the primary role.
· If the peer link is down while the keepalive link is up, the M-LAG member devices exchange keepalive packets over the link to determine their roles.
· If both the peer link and the keepalive link are down, an M-LAG member device takes the primary role if it has available M-LAG interfaces.
Factors in role calculation
When the peer link or keepalive link is up, the M-LAG member devices exchange the following information to determine which of them takes the primary role:
1. Status of M-LAG interfaces. An M-LAG member device takes the primary role if it has available M-LAG interfaces. This status is skipped if role calculation is performed over the peer link.
2. Device roles before calculation. If one device already has the primary role, the primary device retains its role.
3. M-LAG MAD DOWN state. If one device has not placed any network interfaces in M-LAG MAD DOWN state, it becomes the primary device.
4. Health state. The healthier device takes the primary role.
To view the health state of the device, execute the display system health command. The smaller the health state value, the healthier the device is. The health state value is 0 if the device is running without faults. For more information about the display system health command, see device management commands in Fundamentals Command Reference.
5. M-LAG role priority. The device with higher M-LAG role priority takes the primary role.
6. Bridge MAC address. The device with a lower bridge MAC address takes the primary role.
The device that has failed the election takes the secondary role.
M-LAG system setup process
As shown in Figure 3, two devices perform the following operations to form an M-LAG system:
1. Send DRCPDUs over the peer link to each other and compare the DRCPDUs to determine the M-LAG system stackability and device roles:
a. Compare the M-LAG system settings. The devices can form an M-LAG system if they have the same M-LAG system MAC address and system priority and different M-LAG system numbers.
b. Determine the device roles as described in "Device role calculation."
c. Perform configuration consistency check. For more information, see "M-LAG standalone mode."
2. Send keepalive packets over the keepalive link after primary M-LAG member election to verify that the peer system is operating correctly.
3. Synchronize configuration data by sending DRCPDUs over the peer link. The configuration data includes MAC address entries and ARP entries.
Figure 3 M-LAG system setup process
M-LAG standalone mode
The M-LAG member devices might both operate with the primary role to forward traffic if they have M-LAG interfaces in up state after the M-LAG system splits. M-LAG standalone mode helps avoid traffic forwarding issues in this multi-active situation by allowing only the member ports in the M-LAG interfaces on one member device to forward traffic.
The following information describes the operating mechanism of this feature.
The M-LAG member devices change to M-LAG standalone mode when they detect that both the peer link and the keepalive link are down. In addition, the secondary M-LAG member device changes its role to primary.
In M-LAG standalone mode, the LACPDUs sent out of an M-LAG interface by each M-LAG member device contain the interface-specific LACP system MAC address and LACP system priority.
The Selected state of the member ports in the M-LAG interfaces in an M-LAG group depends on their LACP system MAC address and LACP system priority. If an M-LAG interface has a lower LACP system priority value or LACP system MAC address, the member ports in that M-LAG interface become Selected to forward traffic. If those Selected ports fail, the member ports in the M-LAG interface on the other M-LAG member device become Selected to forward traffic.
|
|
NOTE: An M-LAG member device changes to M-LAG standalone mode only when it detects that both the peer link and the keepalive link are down. It does not change to M-LAG standalone mode when the peer M-LAG member device reboots. |
Configuration consistency check
During M-LAG system setup, M-LAG member devices exchange the configuration and perform configuration consistency check to verify their consistency in the following configurations:
· Type 1 configuration—Settings that affect traffic forwarding of the M-LAG system. If an inconsistency in type 1 configuration is detected, the secondary M-LAG device shuts down its M-LAG interfaces.
· Type 2 configuration—Settings that affect only service features. If an inconsistency in type 2 configuration is detected, the secondary M-LAG device disables the affected service features, but it does not shut down its M-LAG interfaces.
To prevent interface flapping, the M-LAG system performs configuration consistency check when half the data restoration interval elapses.
|
|
NOTE: The data restoration interval specifies the maximum amount of time for the secondary M-LAG device to synchronize data with the primary M-LAG device during M-LAG system setup. For more information, see "Setting the data restoration interval." |
Type 1 configuration
Type 1 configuration consistency check is performed both globally and on M-LAG interfaces. Table 1 and Table 2 show settings that type 1 configuration contains.
Table 1 Global type 1 configuration
|
Setting |
Details |
|
Peer-link interface link type |
Peer-link interface link type, including access, hybrid, and trunk. |
|
PVID on the peer-link interface |
PVID on the peer-link interface. |
|
Spanning tree state |
· Global spanning tree state. · VLAN-specific spanning tree state. M-LAG checks the VLAN-specific spanning tree state only when PVST is enabled. |
|
Spanning tree mode |
Spanning tree mode, including STP, RSTP, PVST, and MSTP. |
|
MST region settings |
· MST region name. · MST region revision level. · VLAN-to-MSTI mappings. |
Table 2 M-LAG interface type 1 configuration
|
Setting |
Details |
|
Aggregation mode |
Aggregation mode, including static and dynamic. |
|
Spanning tree state |
Interface-specific spanning tree state. |
|
Link type |
Interface link type, including access, hybrid, and trunk. |
|
PVID |
Interface PVID. |
Type 2 configuration
Type 2 configuration consistency check is performed both globally and on M-LAG interfaces. Table 3 and Table 4 show settings that type 2 configuration contains.
Table 3 Global type 2 configuration
|
Setting |
Details |
|
VLANs permitted by the peer-link interface |
VLANs permitted by the peer-link interface. The M-LAG system compares tagged VLANs prior to untagged VLANs. |
|
VLAN interfaces |
Up VLAN interfaces of which the VLANs contain the peer-link interface. |
|
VLAN interface status |
Whether a VLAN interface is in administratively down state. |
|
IPv4 address of a VLAN interface |
IPv4 address assigned to a VLAN interface. |
|
IPv6 address of a VLAN interface |
IPv6 address assigned to a VLAN interface. |
|
Virtual IPv4 address of the VRRP group on a VLAN interface |
Virtual IPv4 address of the VRRP group configured on a VLAN interface of the VRRP master. |
|
Global BPDU guard |
Global status of BPDU guard. |
|
MAC aging timer |
Aging timer for dynamic MAC address entries. |
|
VSI name |
Name of a VSI that has ACs on an M-LAG interface. |
|
VXLAN ID |
VXLAN ID of a VSI. |
|
Gateway interface |
VSI interface associated with a VSI. |
|
VSI interface number |
Number of a VSI interface. |
|
MAC address of a VSI interface |
MAC address assigned to a VSI interface. |
|
IPv4 address of a VSI interface |
IPv4 address assigned to a VSI interface. |
|
IPv6 address of a VSI interface |
IPv6 address assigned to a VSI interface. |
|
Physical state of a VSI interface |
Physical link state of a VSI interface. |
|
Protocol state of a VSI interface |
Data link layer state of a VSI interface. |
The device displays the following global type 2 settings only when VLAN or VLAN interface configuration inconsistency exists:
· VLAN interface status.
· IPv4 address of a VLAN interface.
· IPv6 address of a VLAN interface.
· Virtual IPv4 address of the VRRP group on a VLAN interface.
Table 4 M-LAG interface type 2 configuration
|
Setting |
Details |
|
VLANs permitted by an M-LAG interface |
VLANs permitted by an M-LAG interface. The M-LAG system compares tagged VLANs prior to untagged VLANs. |
|
Using port speed as the prioritized criterion for reference port selection |
Whether an M-LAG interface uses port speed as the prioritized criterion for reference port selection. |
|
Ignoring port speed in setting the aggregation states of member ports |
Whether an M-LAG interface ignores port speed in setting the aggregation states of member ports. |
|
Root guard status |
Status of root guard. |
M-LAG sequence number check
M-LAG sequence number check protects M-LAG member devices from replay attacks.
With this feature enabled, the M-LAG member devices insert a sequence number into each outgoing DRCPDU or keepalive packet and the sequence number increases by 1 for each sent packet. When receiving a DRCPDU or keepalive packet, the M-LAG member devices check its sequence number and drop the packet if the check result is either of the following:
· The sequence number of the packet is the same as that of a previously received packet.
· The sequence number of the packet is smaller than that of the most recently received packet.
M-LAG packet authentication
M-LAG packet authentication prevents DRCPDU and keepalive packet tampering from causing link flapping.
With this feature enabled, the M-LAG member devices compute a message digest by using an authentication key for each outgoing DRCPDU or keepalive packet and insert the message digest into the packet. When receiving a DRCPDU or keepalive packet, an M-LAG member device computes a message digest and compares it with the message digest in the packet. If the message digests match, the packet passes authentication. If the message digests do not match, the device drops the packet.
M-LAG failure handling mechanisms
M-LAG interface failure handling mechanism
As shown in Figure 4, Device A and Device B form an M-LAG system, to which Device C is attached through a multichassis aggregation. If traffic to Device C arrives at Device B after the M-LAG interface connected Device B to Device C has failed, the M-LAG system forwards the traffic as follows:
1. Device B sends the traffic to Device A over the peer link.
2. Device A forwards the downlink traffic received from the peer link to Device C.
After the faulty M-LAG interface comes up, Device B forwards traffic to Device C through the M-LAG interface.
Figure 4 M-LAG interface failure handling mechanism
Peer link failure handling mechanism
As shown in Figure 5, multi-active collision occurs if the peer link goes down while the keepalive link is up. To avoid network issues, the secondary M-LAG device sets all network interfaces to M-LAG MAD DOWN state, except for interfaces excluded from the shutdown action by M-LAG MAD.
In this situation, the primary M-LAG device forwards all traffic for the M-LAG system.
When the peer-link interface comes up, the secondary M-LAG device does not bring up the network interfaces immediately. Instead, it starts a delay timer and begins to recover data from the primary M-LAG device. When the delay timer expires, the secondary M-LAG device brings up all network interfaces.
Figure 5 peer link failure handling mechanism
Device failure handling mechanism
As shown in Figure 6, when the primary M-LAG device fails, the secondary M-LAG device takes over the primary role to forward all traffic for the M-LAG system. When the faulty device recovers, it becomes the secondary M-LAG device.
When the secondary M-LAG device fails, the primary M-LAG device forwards all traffic for the M-LAG system.
Figure 6 Device failure handling mechanism
Uplink failure handling mechanism
Uplink failure does not interrupt traffic forwarding of the M-LAG system. As shown in Figure 7, when the uplink of Device A fails, Device A passes traffic destined for the IP network to Device B for forwarding.
To enable faster traffic switchover in response to an uplink failure and minimize traffic losses, configure Monitor Link to associate the M-LAG interfaces with the uplink interfaces. When the uplink interface of an M-LAG member device fails, that device shuts down its M-LAG interface for the other M-LAG member device to forward all traffic of Device C. For more information about Monitor Link, see High Availability Configuration Guide.
Figure 7 Uplink failure handling mechanism
Mechanisms to handle concurrent peer link and keepalive link failures
When both the peer link and the keepalive link are down, the M-LAG member devices handle this situation depending on your configuration.
Default failure handling mechanism
Figure 8 shows the default mechanism to handle peer link and keepalive link failures when the M-LAG standalone mode and M-LAG MAD DOWN state persistency features are not configured.
· If the peer link goes down while the keepalive link is up, the M-LAG member devices negotiate their roles over the keepalive link. M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those excluded from the shutdown action by M-LAG MAD.
· If the keepalive link goes down while the peer link is down, the secondary M-LAG member device sets its role to primary and brings up the network interfaces in M-LAG MAD DOWN state to forward traffic. In this situation, both of the M-LAG member devices might operate with the primary role to forward traffic. Forwarding errors might occur because the M-LAG member devices cannot synchronize MAC address entries over the peer link.
· If the keepalive link is down before the peer link goes down, M-LAG MAD will not place network interfaces in M-LAG MAD DOWN state. Both M-LAG member devices can operate with the primary role to forward traffic.
Figure 8 Default failure handling mechanism
Failure handling mechanism with M-LAG MAD DOWN state persistence
Figure 9 shows the mechanism to handle peer link and keepalive link failures when the M-LAG MAD DOWN state persistence feature is configured.
· If the peer link goes down while the keepalive link is up, the M-LAG member devices negotiate their roles over the keepalive link. M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those excluded from the shutdown action by M-LAG MAD.
· If the keepalive link goes down while the peer link is down, the secondary M-LAG member device sets its role to primary, but it does not bring up the network interfaces in M-LAG MAD DOWN state. Only the original primary member device can forward traffic.
· If the keepalive link is down before the peer link goes down, M-LAG MAD will not place network interfaces in M-LAG MAD DOWN state. Both M-LAG member devices can operate with the primary role to forward traffic.
Figure 9 Failure handling mechanism with M-LAG MAD DOWN state persistence
As shown in Figure 10, you can bring up the interfaces in M-LAG MAD DOWN state on the secondary M-LAG member device for it to forward traffic if the following conditions exist:
· Both the peer link and the keepalive link are down.
· The primary M-LAG member device fails or its M-LAG interface fails.
Figure 10 Bringing up the interfaces in M-LAG MAD DOWN state
Failure handling mechanism with M-LAG standalone mode
Figure 11 shows the mechanism to handle peer link and keepalive link failures when the M-LAG standalone mode feature is configured.
· If the peer link goes down while the keepalive link is up, the M-LAG member devices negotiate their roles over the keepalive link. M-LAG MAD shuts down all network interfaces on the secondary M-LAG member device except those excluded from the shutdown action by M-LAG MAD.
· If the keepalive link goes down while the peer link is down, both M-LAG member devices change to M-LAG standalone mode. The secondary M-LAG member device sets its role to primary and brings up its network interfaces in M-LAG MAD DOWN state. In M-LAG standalone mode, only the aggregation member ports on one M-LAG member device can become Selected to forward traffic. For more information about how M-LAG standalone mode operates, see "M-LAG standalone mode."
· If the keepalive link is down before the peer link goes down, both M-LAG member devices change to M-LAG standalone mode.
Figure 11 Failure handling mechanism with M-LAG standalone mode
Protocols and standards
IEEE P802.1AX-REV™/D4.4c, Draft Standard for Local and Metropolitan Area Networks
Restrictions and guidelines: M-LAG configuration
M-LAG configuration
For the M-LAG member devices to be identified as one M-LAG system, you must configure the same M-LAG system MAC address and M-LAG system priority on them. You must assign different M-LAG system numbers to the M-LAG member devices.
Do not configure the same LACP system MAC address for the M-LAG interfaces in the same M-LAG group.
As a best practice to reduce the impact of interface flapping on upper-layer services, use the link-delay command to configure the same link delay settings on the peer-link interfaces.
To prevent data synchronization failure, you must set the same maximum jumbo frame length on the peer-link interfaces of the M-LAG member devices.
For the M-LAG system to correctly forward traffic for single-homed devices, set the link type to trunk for the peer-link interfaces and the interfaces attached to the single-homed devices. If you fail to do so, the ND protocol packets sent to or from the single-homed devices cannot be forwarded over the peer link.
To ensure correct forwarding, delete M-LAG configuration from an M-LAG member device if it leaves its M-LAG system.
As a best practice, establish a directly connected physical link between the M-LAG member devices as the keepalive link and use this link for the sole purpose of keepalive detection. When the keepalive link uses the IP address of a VLAN interface, do not assign the peer-link interface to the VLAN corresponding to the VLAN interface. If you do that, the keepalive mechanism might fail.
Compatibility with other features
MAC address table
If the M-LAG system has a large number of MAC address entries, set the MAC aging timer to a higher value than 20 minutes as a best practice. To set the MAC aging timer, use the mac-address timer command.
For more information about the MAC address table, see "Configuring the MAC address table."
Ethernet interface
On an M-LAG network, you cannot execute the storm-constrain command to configure storm control for unknown unicast traffic. For more information about this feature, see Ethernet interface configuration in Interface Configuration Guide.
Ethernet link aggregation
Do not configure automatic link aggregation on an M-LAG system.
The aggregate interfaces in an S-MLAG group cannot be used as M-LAG interfaces or peer-link interfaces.
When you configure an M-LAG interface, follow these restrictions and guidelines:
· The link-aggregation selected-port maximum and link-aggregation selected-port minimum commands do not take effect on an M-LAG interface.
· If you execute the display link-aggregation verbose command for an M-LAG interface, the displayed system ID contains the M-LAG system MAC address and the M-LAG system priority.
· If the reference port is a member port of an M-LAG interface, the display link-aggregation verbose command displays the reference port on both M-LAG member devices.
For more information about Ethernet link aggregation, see "Configuring Ethernet link aggregation."
Loop detection
Member devices in an M-LAG system must have the same loop detection configuration. For information about loop detection, see "Configuring loop detection."
Spanning tree
When the spanning tree protocol is enabled for an M-LAG system, follow these restrictions and guidelines:
· Make sure the M-LAG member devices have the same spanning tree configuration. Violation of this rule might cause network flapping. The configuration includes:
¡ Global spanning tree configuration.
¡ Spanning tree configuration on the peer-link interface.
¡ Spanning tree configuration on M-LAG interfaces.
· Peer-link interfaces of the M-LAG system do not participate in spanning tree calculation.
· The M-LAG member devices still use the M-LAG system MAC address after the M-LAG system splits, which will cause spanning tree calculation issues. To avoid the issues, enable M-LAG standalone mode on the M-LAG member devices before the M-LAG system splits.
For more information about spanning tree, see "Configuring spanning tree."
AAA
On an M-LAG system, you must specify a virtual IP address as the source IP address of outgoing RADIUS packets.
When RADIUS DAE is enabled, an M-LAG system does not support shutting down or rebooting the access ports for 802.1X authentication users or reauthenticating the users through CoA messages.
For more information about AAA, see Security Configuration Guide.
Mirroring
For a mirroring group, do not assign the source port to an aggregation group other than the one that accommodates the destination port, egress port, or reflector port. If the source port is in a different aggregation group than the other ports, mirrored LACPDUs will be transmitted between the aggregation groups and cause aggregate interface flapping.
VXLAN and EVPN
For information about VXLAN and EVPN restrictions, see VXLAN Configuration Guide and EVPN VXLAN configuration in EVPN Configuration Guide.
PFC
For M-LAG to operate normally, do not configure PFC on the peer-link interfaces as a best practice. For more information about PFC, see PFC configuration in Layer 2—LAN Switching Configuration Guide.
Support for DRNI commands
The M-LAG feature was named DRNI in earlier software versions. For compatibility with earlier software versions, the device supports both M-LAG and DRNI commands.
Table 5 Difference between M-LAG and DRNI commands
|
Feature name |
Keywords |
Example |
|
M-LAG |
m-lag, mlag, peer-link |
m-lag system-number system-number As a best practice, use M-LAG commands. |
|
DRNI |
drni, drmac, ipp |
drni system-number system-number To use configuration files created from an earlier software version, use DRNI commands. The system recognizes only the complete syntaxes of DRNI commands. It does not support displaying available keywords and arguments in response to a question mark (?) or automatically completing the last keyword or argument in response to the Tab key. If you execute a DRNI command, the system converts it into the corresponding M-LAG command and saves the M-LAG command in the configuration file. |
M-LAG and DRNI commands do not differ in the configuration method or functionality.
M-LAG tasks at a glance
To configure M-LAG, perform the following tasks:
1. Configuring M-LAG system settings
¡ Configuring the M-LAG system MAC address
¡ Setting the M-LAG system number
¡ Setting the M-LAG system priority
2. Setting the M-LAG role priority of the device
3. (Optional.) Enabling M-LAG standalone mode on an M-LAG member device
4. Configuring M-LAG keepalive settings
¡ Configuring M-LAG keepalive packet parameters
¡ Setting the M-LAG keepalive interval and timeout timer
¡ Configuring the default M-LAG MAD action on network interfaces
¡ Excluding an interface from the shutdown action by M-LAG MAD
¡ Excluding all logical interfaces from the shutdown action by M-LAG MAD
¡ Specifying interfaces to be shut down by M-LAG MAD when the M-LAG system splits
¡ Enabling M-LAG MAD DOWN state persistence
6. Configuring M-LAG interfaces:
¡ Configuring an M-LAG interface
¡ Specifying a Layer 2 aggregate interface or VXLAN tunnel interface as the peer-link interface
¡ (Optional.) Enabling the short DRCP timeout timer on the peer-link interface or an M-LAG interface
7. (Optional.) Enabling the peer-link interface to retain MAC address entries for down single-homed devices
8. (Optional.) Assigning an M-LAG virtual IP address to an interface
9. (Optional.) Configuring configuration consistency check
¡ Setting the mode of configuration consistency check
¡ Disabling configuration consistency check
Configuration consistency check might fail when you upgrade the M-LAG member devices in an M-LAG system. To prevent the M-LAG system from falsely shutting down M-LAG interfaces, you can temporarily disable configuration consistency check.
10. (Optional.) Configuring M-LAG timers
¡ Configuring M-LAG system auto-recovery
¡ (Optional.) Setting the data restoration interval
11. (Optional.) Configuring M-LAG security features
¡ Enabling M-LAG sequence number check
¡ Enabling M-LAG packet authentication
Configuring M-LAG system settings
Configuring the M-LAG system MAC address
Restrictions and guidelines
The M-LAG system MAC address uniquely identifies the M-LAG system on the network. On an M-LAG system, M-LAG interfaces in the same M-LAG group must use the same LACP system MAC address. As a best practice, use the bridge MAC address of one M-LAG member device as the M-LAG system MAC address.
Changing the M-LAG system MAC address causes M-LAG system split. When you perform this task on a live network, make sure you are fully aware of its impact.
You can configure the M-LAG system MAC address on an aggregate interface only after it is configured as an M-LAG interface.
You can configure the M-LAG system MAC address globally and in aggregate interface view. The global M-LAG system MAC address takes effect on all aggregation groups. On an aggregate interface, the interface-specific M-LAG system MAC address takes precedence over the global M-LAG system MAC address.
Procedure
1. Enter system view.
system-view
2. Configure the M-LAG system MAC address.
m-lag system-mac mac-address
By default, the M-LAG system MAC address is not configured.
3. Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
4. Set the M-LAG system MAC address on the aggregate interface.
port m-lag system-mac mac-address
By default, the M-LAG system MAC address is not configured.
Setting the M-LAG system number
Restrictions and guidelines
Changing the M-LAG system number causes M-LAG system split. When you perform this task on a live network, make sure you are fully aware of its impact.
You must assign different M-LAG system numbers to the M-LAG member devices in an M-LAG system.
Procedure
1. Enter system view.
system-view
2. Set the M-LAG system number.
m-lag system-number system-number
By default, the M-LAG system number is not set.
Setting the M-LAG system priority
About this task
An M-LAG system uses its M-LAG system priority as the system LACP priority to communicate with the remote aggregation system.
Restrictions and guidelines
Changing the M-LAG system priority in system view causes M-LAG system split. When you perform this task on a live network, make sure you are fully aware of its impact.
You must configure the same M-LAG system priority for the M-LAG interfaces in the same M-LAG group.
You can configure the M-LAG system priority on an aggregate interface only after it is configured as an M-LAG interface.
You can configure the M-LAG system priority globally and in aggregate interface view. The global M-LAG system priority takes effect on all aggregation groups. On an aggregate interface, the interface-specific M-LAG system priority takes precedence over the global M-LAG system priority.
Procedure
1. Enter system view.
system-view
2. Set the M-LAG system priority.
m-lag system-priority system-priority
By default, the M-LAG system priority is 32768.
3. Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
4. Set the M-LAG system priority on the aggregate interface.
port m-lag system-priority priority
By default, the M-LAG system priority is 32768.
Setting the M-LAG role priority of the device
About this task
M-LAG assigns the primary or secondary role to an M-LAG member device based on its M-LAG role priority. The smaller the priority value, the higher the priority. If the M-LAG member devices in an M-LAG system use the same M-LAG role priority, the device with the lower bridge MAC address is assigned the primary role.
Restrictions and guidelines
To prevent a primary/secondary role switchover from causing network flapping, avoid changing the M-LAG priority assignment after the M-LAG system is established.
Procedure
1. Enter system view.
system-view
2. Set the M-LAG role priority of the device.
m-lag role priority priority-value
By default, the M-LAG role priority of the device is 32768.
Enabling M-LAG standalone mode on an M-LAG member device
About this task
Perform this task to avoid forwarding issues in the multi-active situation that might occur after both the peer link and the keepalive link are down.
M-LAG standalone mode helps avoid traffic forwarding issues in this multi-active situation by allowing only the member ports in the M-LAG interfaces on one member device to forward traffic. For more information about this mode, see "M-LAG standalone mode."
When you configure this feature, you can configure a delay to prevent an unnecessary mode change because of transient link down issues.
Restrictions and guidelines
As a best practice, enable M-LAG standalone mode on both M-LAG member devices.
If the MAC address of an M-LAG system does not correspond to any actual MAC address on any M-LAG member device, and the M-LAG interface contains multiple aggregation member ports, enabling the M-LAG standalone mode might cause the aggregation member ports of the M-LAG interface to flap. Make sure you are fully aware of the impact of this feature when you use it on a live network.
In a single-level network, before you enable M-LAG standalone mode on an M-LAG member device, make sure its LACP system priority is higher than that of the remote aggregation system. This restriction ensures that the reference port is on the remote aggregation system and prevents the interfaces attached to the M-LAG system from flapping.
Procedure
1. Enter system view.
system-view
2. Enable M-LAG standalone mode.
m-lag standalone enable [ delay delay-time ]
By default, M-LAG standalone mode is disabled.
Configuring M-LAG keepalive settings
Restrictions and guidelines
As a best practice, establish a separate direct connection between M-LAG devices as the Keepalive link, which must not be shared with other links. Make sure the link is available at both Layer 2 and Layer 3.
Configuring M-LAG keepalive packet parameters
About this task
Perform this task to specify the parameters for sending M-LAG keepalive packets, such as its source and destination IP addresses.
The device accepts only keepalive packets that are sourced from the specified destination IP address. The keepalive link goes down if the device receives keepalive packets sourced from any other IP address.
Restrictions and guidelines
Make sure the M-LAG member devices in an M-LAG system use the same keepalive destination UDP port.
Procedure
1. Enter system view.
system-view
2. Configure M-LAG keepalive packet parameters.
m-lag keepalive { ip | ipv6 } destination { ipv4-address | ipv6-address } [ source { ipv4-address | ipv6-address } | [ udp-port udp-number | vpn-instance vpn-instance-name ] *
By default, the M-LAG keepalive packet parameters are not configured. If you do not specify a source IP address or destination UDP port when you execute this command, the IP address of the outgoing interface and UDP port 6400 are used, respectively.
Setting the M-LAG keepalive interval and timeout timer
About this task
The device sends keepalive packets at the specified interval to its M-LAG peer. If the device has not received a keepalive packet from the M-LAG peer before the keepalive timeout timer expires, the device determines that the keepalive link is down.
Restrictions and guidelines
The local M-LAG keepalive timeout timer must be two times the M-LAG keepalive interval of the peer at minimum.
Configure the same M-LAG keepalive interval on the M-LAG member devices in the M-LAG system.
Procedure
1. Enter system view.
system-view
2. Set the M-LAG keepalive interval and timeout timer.
m-lag keepalive interval interval [ timeout timeout ]
By default, the M-LAG keepalive interval is 1000 milliseconds, and the M-LAG keepalive timeout timer is 5 seconds.
Configuring M-LAG MAD
About this task
M-LAG MAD configuration methods
When you configure M-LAG MAD, use either of the following methods:
· To shut down all network interfaces on the secondary M-LAG member device except a few special-purpose interfaces that must be retained in up state:
¡ Set the default M-LAG MAD action to M-LAG MAD DOWN. For more information, see "Configuring the default M-LAG MAD action on network interfaces."
¡ Exclude interfaces from being shut down by M-LAG MAD. For more information, see "Excluding an interface from the shutdown action by M-LAG MAD."
This method is applicable to most network environments.
· To have the secondary M-LAG member device retain a large number of interfaces in up state and shut down the remaining interfaces:
¡ Set the default M-LAG MAD action to NONE. For more information, see "Configuring the default M-LAG MAD action on network interfaces."
¡ Specify network interfaces that must be shut down by M-LAG MAD. For more information, see "Specifying interfaces to be shut down by M-LAG MAD when the M-LAG system splits."
One applicable scenario of this method is the EVPN environment in which you use a VXLAN tunnel as the peer link. In this scenario, you must retain a large number of logical interfaces (for example, VLAN, aggregate, loopback, tunnel, and VSI interfaces) in up state.
List of automatically included interfaces
M-LAG MAD will always shut down the ports in the system-configured included port list if the device acts as the secondary M-LAG member device when the M-LAG system splits.
This list contains aggregation member ports of M-LAG interfaces. To identify system-configured included ports, execute the display m-lag mad verbose command.
List of automatically excluded interfaces
M-LAG MAD will not shut down the ports in the following list when the M-LAG system splits:
· System-configured excluded port list in M-LAG MAD:
¡ Peer-link interface.
¡ Aggregation member interfaces if a Layer 2 aggregate interface is used as the peer-link interface.
¡ M-LAG interfaces.
¡ Management interfaces.
To identify these interfaces, execute the display m-lag mad verbose command.
· Network interfaces used for special purposes, including:
¡ Interfaces placed in a loopback test by using the loopback command.
¡ Interfaces in a service loopback group.
¡ Interfaces in a mirroring group.
¡ Interfaces forced to stay up by using the port-up mode command.
Restrictions and guidelines for M-LAG MAD
When the M-LAG system splits, M-LAG MAD takes the same action on an aggregate interface and its member ports. For example, if M-LAG MAD shuts down an aggregate interface, it also shuts down the member ports of the aggregate interface.
If you specify an aggregation member port in the m-lag mad include interface or m-lag mad exclude interface command, the configuration takes precedence over the M-LAG MAD action on the aggregate interface.
Configuring the default M-LAG MAD action on network interfaces
About this task
You can configure M-LAG MAD to take either of the following default actions on network interfaces if the device acts as the secondary M-LAG member device when the M-LAG system splits:
· M-LAG MAD DOWN—M-LAG MAD will shut down all network interfaces on the secondary M-LAG member device when the M-LAG system splits, except the interfaces excluded manually or by the system.
· NONE—M-LAG MAD will not shut down any network interfaces when the M-LAG system splits, except the interfaces configured manually or by the system to be shut down by M-LAG MAD.
Restrictions and guidelines
The M-LAG MAD DOWN action will not take effect on the interfaces listed in "List of automatically excluded interfaces."
The M-LAG MAD DOWN action will always take on the interfaces listed in "List of automatically included interfaces," even if the default M-LAG MAD action is NONE.
Procedure
1. Enter system view.
system-view
2. Configure the default M-LAG MAD action to take on network interfaces on the secondary M-LAG member device when the M-LAG system splits.
m-lag mad default-action { down | none }
By default, M-LAG MAD shuts down network interfaces on the secondary M-LAG member device.
Excluding an interface from the shutdown action by M-LAG MAD
Restrictions and guidelines
Follow these restrictions and guidelines when you exclude interfaces from the shutdown action by M-LAG MAD:
· For correct keepalive detection, you must exclude the interfaces used for keepalive detection from the shutdown action by M-LAG MAD.
· If the peer-link interface is a tunnel interface, you must exclude the traffic outgoing interface for the tunnel from the shutdown action by M-LAG MAD.
· For M-LAG member devices to synchronize ARP entries, you must exclude the VLAN interfaces of the VLANs to which the M-LAG interfaces and peer-link interfaces belong from the shutdown action.
To view interfaces excluded from the MAD shutdown action, see the Excluded ports (user-configured) field in the output from the display m-lag mad verbose command.
If you exclude an interface that is already in M-LAG MAD DOWN state from the MAD shutdown action, the interface stays in that state. It will not come up automatically.
Procedure
1. Enter system view.
system-view
2. Exclude an interface from the shutdown action by M-LAG MAD.
m-lag mad exclude interface interface-type interface-number
By default, M-LAG MAD shuts down all network interfaces when detecting a multi-active collision, except for the network interfaces set by the system to not shut down.
Excluding all logical interfaces from the shutdown action by M-LAG MAD
About this task
When a VXLAN tunnel is used as the peer link on an EVPN M-LAG system, you must retain a large number of logical interfaces (for example, VLAN, aggregate, loopback, tunnel, and VSI interfaces) in up state. To simplify configuration, you can exclude all logical interfaces from the shutdown action by M-LAG MAD.
Restrictions and guidelines
The m-lag mad exclude interface and m-lag mad include interface commands take precedence over the m-lag mad exclude logical-interfaces command.
Procedure
1. Enter system view.
system-view
2. Exclude all logical interfaces from the shutdown action by M-LAG MAD.
m-lag mad exclude logical-interfaces
By default, M-LAG MAD shuts down all network interfaces when it detects a multi-active collision, except for the network interfaces set by the system to not shut down.
Specifying interfaces to be shut down by M-LAG MAD when the M-LAG system splits
About this task
By default, M-LAG MAD automatically shuts down the interfaces listed in "List of automatically included interfaces" if the device is the secondary M-LAG member device when the M-LAG system splits.
To specify additional interfaces to be shut down by M-LAG MAD, perform this task.
You typically perform this task when the default M-LAG MAD action is set to NONE.
Restrictions and guidelines
The M-LAG MAD DOWN action will not take effect on the interfaces listed in "List of automatically excluded interfaces."
Procedure
1. Enter system view.
system-view
2. Specify interfaces to be shut down by M-LAG MAD when the M-LAG system splits.
m-lag mad include interface interface-type interface-number
By default, the user-configured included port list does not contain any ports.
Enabling M-LAG MAD DOWN state persistence
About this task
M-LAG MAD DOWN state persistence helps avoid the multi-active situation by preventing the secondary M-LAG member device from bringing up the network interfaces in M-LAG MAD DOWN state. For more information about this feature, see "M-LAG MAD DOWN state persistence" and "Failure handling mechanism with M-LAG MAD DOWN state persistence."
You can bring up the interfaces in M-LAG MAD DOWN state on the secondary M-LAG member device for it to forward traffic if the following conditions exist:
· The primary M-LAG member device fails while the peer link is down.
· The M-LAG MAD DOWN state persists on the secondary M-LAG member device.
To prevent packet loss after the peer link recovers from a link fault, the secondary member device should try to synchronize entries (such as the MAC address entries and ARP entries) within the data restoration interval. Subsequently, interfaces in M-LAG MAD DOWN state on the device will restore to up.
Procedure
1. Enter system view.
system-view
2. Enable M-LAG MAD DOWN state persistence.
m-lag mad persistent
By default, the secondary M-LAG member device brings up interfaces in M-LAG MAD DOWN state when its role changes to primary.
3. (Optional.) Bring up the interfaces in M-LAG MAD DOWN state.
m-lag mad restore
Execute this command only when both the peer link and the keepalive link are down.
Configuring an M-LAG interface
Restrictions and guidelines
The device can have multiple M-LAG interfaces. However, you can assign a Layer 2 aggregate interface to only one M-LAG group.
A Layer 2 aggregate interface cannot operate as both peer-link interface and M-LAG interface.
To improve forwarding efficiency, exclude the M-LAG interface on the secondary M-LAG device from the shutdown action by M-LAG MAD. This action enables the M-LAG interface to forward traffic immediately after a multi-active collision is removed without having to wait for the secondary M-LAG device to complete entry restoration.
Procedure
1. Enter system view.
system-view
2. Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
3. Assign the aggregate interface to an M-LAG group.
port m-lag group group-id
Specifying a Layer 2 aggregate interface or VXLAN tunnel interface as the peer-link interface
Restrictions and guidelines
An M-LAG member device can have only one peer-link interface. A Layer 2 aggregate interface or VXLAN tunnel interface cannot operate as both peer-link interface and M-LAG interface. Make sure the bandwidth of the peer-link interface is higher than that of an M-LAG interface.
Do not associate a VXLAN tunnel interface with a VXLAN if you use it as the peer-link interface. You can use a VXLAN tunnel interface as an peer-link interface only in an EVPN network. For more information about EVPN, see EVPN Configuration Guide.
If you specify an aggregate interface as an peer-link interface, the device assigns the aggregate interface as a trunk port to all VLANs when the interface uses the default VLAN settings. If not, the device does not change the VLAN settings of the interface.
The device does not change the VLAN settings of an aggregate interface when you remove its peer-link interface role.
As a best practice to reduce the impact of interface flapping on upper-layer services, execute the link-delay command on the peer-link interface. For more information about this command, see Ethernet link aggregation commands in Layer 2—LAN Switching Command Reference.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter VXLAN tunnel interface view.
interface tunnel number
3. Specify the interface as the peer-link interface.
port m-lag peer-link port-id
Enabling the short DRCP timeout timer on the peer-link interface or an M-LAG interface
About this task
By default, the peer-link interface or an M-LAG interface uses the 90-second long DRCP timeout timer. To detect peer interface down events more quickly, enable the 3-second short DRCP timeout timer on the interface.
Restrictions and guidelines
To avoid traffic interruption, disable the short DRCP timeout timer before you perform M-LAG process restart.
Procedure
1. Enter system view.
system-view
2. Enter interface view.
¡ Enter Layer 2 aggregate interface view.
interface bridge-aggregation interface-number
¡ Enter VXLAN tunnel interface view.
interface tunnel number
3. Enable the short DRCP timeout timer.
m-lag drcp period short
By default, an interface uses the long DRCP timeout timer (90 seconds).
Enabling the peer-link interface to retain MAC address entries for down single-homed devices
About this task
When an M-LAG member device detects that the link to a single-homed device goes down, the peer-link interface takes the following actions:
· Deletes the MAC address entries for the single-homed device.
· Sends a message to the peer peer-link interface for it to delete the affected MAC address entries.
If the link to a single-homed device flaps constantly, the peer-link interface repeatedly deletes and adds MAC address entries for the device. This situation increases floods of unicast traffic destined for the single-homed device.
To reduce flood traffic, enable the peer-link interface to retain MAC address entries for single-homed devices. After the links to single-homed devices go down, the affected MAC address entries age out on expiration of the MAC aging timer instead of being deleted immediately. The timer is set by using the mac-address timer command. For more information about this command, see MAC address table commands in Layer 2—LAN Switching Command Reference.
Procedure
1. Enter system view.
system-view
2. Enable the peer-link interface to retain MAC address entries for single-homed devices.
m-lag peer-link mac-address hold
By default, the peer-link interface does not retain MAC address entries for single-homed devices when the devices go down.
Assigning an M-LAG virtual IP address to an interface
About this task
For an M-LAG member device to act as a RADIUS client, you must assign an M-LAG virtual IPv6 address to an interface of the device as the source IP address of RADIUS packets. The virtual IP address must be the IP address configured by using the nas-ip command.
Configure M-LAG virtual IP addresses based on the user authentication load sharing mode set by using the port-security m-lag load-sharing-mode command.
· Centralized mode—Configure the same virtual IP address on the M-LAG member devices, and set the state of the virtual IP address to active on the primary M-LAG member device.
· Distributed mode—Configure the virtual IP addresses used for local user authentication and peer user authentication on both M-LAG member devices. On each M-LAG member device, set the state of the local virtual IP address to active, and set the state of the peer virtual IP address to standby.
Restrictions and guidelines
When you assign multiple M-LAG virtual IP addresses to an interface, follow these restrictions and guidelines:
· You can assign a maximum of two virtual IPv4 or IPv6 addresses to an interface.
· If you configure different virtual MAC addresses for a virtual IPv4 or IPv6 address, the most recent configuration takes effect.
· You cannot configure the same virtual MAC address for multiple virtual IPv4 or IPv6 addresses.
· When you assign a virtual IPv4 or IPv6 address to VLAN interfaces, you must configure the same virtual MAC address for the virtual IPv4 or IPv6 address on both M-LAG member devices.
If you assign both virtual IPv4 and IPv6 addresses to VLAN interfaces, make sure the virtual IPv4 and IPv6 addresses that use the same virtual MAC address are in the same state on the M-LAG member devices.
Assigning an M-LAG virtual IP address to a VLAN interface
1. Enter system view.
system-view
2. Enter VLAN interface view.
interface vlan-interface interface-number
3. Assign a virtual IPv4 address to the VLAN interface.
port m-lag virtual-ip ipv4-address { mask-length | mask } [ active | standby ] virtual-mac mac-address
By default, no virtual IPv4 addresses are assigned to interfaces.
4. Assign a virtual IPv6 address to the VLAN interface.
port m-lag ipv6 virtual-ip ipv6-address prefix-length [ active | standby ] virtual-mac mac-address
By default, no virtual IPv6 addresses are assigned to interfaces.
Assigning an M-LAG virtual IP address to a loopback interface
1. Enter system view.
system-view
2. Enter loopback interface view.
interface loopback interface-number
3. Assign a virtual IPv4 address to the loopback interface.
port m-lag virtual-ip ipv4-address { mask-length | mask } [ active | standby ]
By default, no virtual IPv4 addresses are assigned to interfaces.
4. Assign a virtual IPv6 address to the loopback interface.
port m-lag ipv6 virtual-ip ipv6-address prefix-length [ active | standby ]
By default, no virtual IPv6 addresses are assigned to interfaces.
Setting the mode of configuration consistency check
About this task
The device handles configuration inconsistency depending on the mode of configuration consistency check.
· For type 1 configuration inconsistency:
¡ The device generates log messages if loose mode is enabled.
¡ The device shuts down M-LAG interfaces and generates log messages if strict mode is enabled.
· For type 2 configuration inconsistency, the device only generates log messages, whether strict or loose mode is enabled.
Procedure
1. Enter system view.
system-view
2. Set the mode of configuration consistency check.
m-lag consistency-check mode { loose | strict }
By default, configuration consistency check uses strict mode.
Disabling configuration consistency check
About this task
To ensure that the M-LAG system can operate correctly, M-LAG by default performs configuration consistency check when the M-LAG system is set up.
Configuration consistency check might fail when you upgrade the M-LAG member devices in an M-LAG system. To prevent the M-LAG system from falsely shutting down M-LAG interfaces, you can temporarily disable configuration consistency check.
Restrictions and guidelines
Make sure the M-LAG member devices use the same setting for configuration consistency check.
Procedure
1. Enter system view.
system-view
2. Disable configuration consistency check.
m-lag consistency-check disable
By default, configuration consistency check is enabled.
Configuring M-LAG system auto-recovery
About this task
If only one M-LAG member device recovers after the entire M-LAG system reboots, auto-recovery enables that member device to remove its M-LAG interfaces from the M-LAG DOWN interface list.
· If that member device has up M-LAG interfaces, it takes over the primary role when the reload delay timer expires and forwards traffic.
· If that member device does not have up M-LAG interfaces, it is stuck in the None role and does not forward traffic.
If auto-recovery is disabled, that M-LAG member device will be stuck in the None role with all its M-LAG interfaces being M-LAG DOWN after it recovers.
Restrictions and guidelines
If both M-LAG member devices recover and have up M-LAG interfaces after the entire M-LAG system reboots, active-active situation might occur if both peer link and keepalive links were down when the reload delay timer expires. If this rare situation occurs, examine the peer link and keepalive links and restore them.
To avoid incorrect role preemption, make sure the reload delay timer is longer than the amount of time required for the device to restart.
Procedure
1. Enter system view.
system-view
2. Configure M-LAG system auto-recovery.
m-lag auto-recovery reload-delay delay-value
By default, M-LAG system auto-recovery is not configured. The reload delay timer is not set.
Setting the data restoration interval
About this task
The data restoration interval specifies the maximum amount of time for the secondary M-LAG device to synchronize data with the primary M-LAG device during M-LAG system setup. Within the data restoration interval, the secondary M-LAG device sets all network interfaces to M-LAG MAD DOWN state, except for interfaces excluded from the shutdown action by M-LAG MAD.
When the data restoration interval expires, the secondary M-LAG device brings up all network interfaces.
Restrictions and guidelines
Increase the data restoration interval as needed in the following situations:
· Avoid packet loss and forwarding failure that might occur when the amount of data is large.
· Avoid M-LAG interface flapping that might occur if type 1 configuration consistency check fails after the M-LAG interfaces come up upon expiration of the data restoration interval.
Procedure
1. Enter system view.
system-view
2. Set the data restoration interval.
m-lag restore-delay value
By default, the data restoration interval is 30 seconds.
Enabling M-LAG sequence number check
Restrictions and guidelines
As a best practice to improve security, use M-LAG sequence number check together with M-LAG packet authentication.
After one M-LAG member device reboots, the other M-LAG member device might receive and accept the packets that were intercepted by an attacker before the reboot. As a best practice, change the authentication key after an M-LAG member device reboots.
Procedure
1. Enter system view.
system-view
2. Enable M-LAG sequence number check.
m-lag sequence enable
By default, M-LAG sequence number check is disabled.
Enabling M-LAG packet authentication
Restrictions and guidelines
For successful authentication, configure the same authentication key for the M-LAG member devices.
Procedure
1. Enter system view.
system-view
2. Enable M-LAG packet authentication and configure an authentication key.
m-lag authentication key { simple | cipher } string
By default, M-LAG packet authentication is disabled.
Verifying and maintaining M-LAG
Verifying M-LAG system configuration and running status
Perform all display tasks in any view.
· Display the M-LAG system settings.
display m-lag system
· Display M-LAG role information.
display m-lag role
· Display information about the configuration consistency check done by M-LAG.
display m-lag consistency { type1 | type2 } { global | interface interface-type interface-number }
· Display status of the configuration consistency check done by M-LAG.
display m-lag consistency-check status
· Display M-LAG keepalive packet statistics.
display m-lag keepalive
· Display detailed M-LAG MAD information.
display m-lag mad verbose
· Display M-LAG virtual IP addresses.
display m-lag virtual-ip [ interface interface-type interface-number ]
Displaying M-LAG interface information
Perform all display tasks in any view.
· Display brief information about the peer-link interface and M-LAG interfaces.
display m-lag summary
· Display detailed information about the peer-link interface and M-LAG interfaces.
display m-lag verbose [ interface bridge-aggregation interface-number ]
Displaying and clearing DRCPDU statistics
Display DRCPDU statistics in any view.
display m-lag drcp statistics [ interface interface-type interface-number ]
Clear DRCPDU statistics in user view.
reset m-lag drcp statistics [ interface interface-list ]
Displaying and clearing M-LAG troubleshooting records
Display M-LAG troubleshooting records in any view.
display m-lag troubleshooting [ m-lag-interface | peer-link | keepalive ] [ history ] [ count ]
Clear M-LAG troubleshooting records in user view.
reset m-lag troubleshooting history
M-LAG configuration examples
Example: Configuring basic M-LAG functions
Network configuration
As shown in Figure 12, configure M-LAG on Device A and Device B to establish a multichassis aggregate link with Device C.
Procedure
1. Configure Device A:
# Configure M-LAG system settings.
<DeviceA> system-view
[DeviceA] m-lag system-mac 1-1-1
[DeviceA] m-lag system-number 1
[DeviceA] m-lag system-priority 123
# Configure M-LAG keepalive packet parameters.
[DeviceA] m-lag keepalive ip destination 1.1.1.1 source 1.1.1.2
# Set the link mode of HundredGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets.
[DeviceA] interface hundredgige 1/0/5
[DeviceA-HundredGigE1/0/5] port link-mode route
[DeviceA-HundredGigE1/0/5] ip address 1.1.1.2 24
[DeviceA-HundredGigE1/0/5] quit
# Exclude the interface used for M-LAG keepalive detection (HundredGigE 1/0/5) from the shutdown action by M-LAG MAD.
[DeviceA] m-lag mad exclude interface hundredgige 1/0/5
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[DeviceA] interface bridge-aggregation 3
[DeviceA-Bridge-Aggregation3] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation3] quit
# Assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 3.
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] port link-aggregation group 3
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port link-aggregation group 3
[DeviceA-HundredGigE1/0/2] quit
# Specify Bridge-Aggregation 3 as the peer-link interface.
[DeviceA] interface bridge-aggregation 3
[DeviceA-Bridge-Aggregation3] port m-lag peer-link 1
[DeviceA-Bridge-Aggregation3] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[DeviceA] interface bridge-aggregation 4
[DeviceA-Bridge-Aggregation4] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation4] quit
# Assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 4.
[DeviceA] interface hundredgige 1/0/3
[DeviceA-HundredGigE1/0/3] port link-aggregation group 4
[DeviceA-HundredGigE1/0/3] quit
[DeviceA] interface hundredgige 1/0/4
[DeviceA-HundredGigE1/0/4] port link-aggregation group 4
[DeviceA-HundredGigE1/0/4] quit
# Assign Bridge-Aggregation 4 to M-LAG group 4.
[DeviceA] interface bridge-aggregation 4
[DeviceA-Bridge-Aggregation4] port m-lag group 4
[DeviceA-Bridge-Aggregation4] quit
2. Configure Device B:
# Configure M-LAG system settings.
<DeviceB> system-view
[DeviceB] m-lag system-mac 1-1-1
[DeviceB] m-lag system-number 2
[DeviceB] m-lag system-priority 123
# Configure M-LAG keepalive packet parameters.
[DeviceB] m-lag keepalive ip destination 1.1.1.2 source 1.1.1.1
# Set the link mode of HundredGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets.
[DeviceB] interface hundredgige 1/0/5
[DeviceB-HundredGigE1/0/5] port link-mode route
[DeviceB-HundredGigE1/0/5] ip address 1.1.1.1 24
[DeviceB-HundredGigE1/0/5] quit
# Exclude the interface used for M-LAG keepalive detection (HundredGigE 1/0/5) from the shutdown action by M-LAG MAD.
[DeviceB] m-lag mad exclude interface hundredgige 1/0/5
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 3.
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation3] quit
# Assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 3.
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] port link-aggregation group 3
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port link-aggregation group 3
[DeviceB-HundredGigE1/0/2] quit
# Specify Bridge-Aggregation 3 as the peer-link interface.
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] port m-lag peer-link 1
[DeviceB-Bridge-Aggregation3] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
[DeviceB] interface bridge-aggregation 4
[DeviceB-Bridge-Aggregation4] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation4] quit
# Assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 4.
[DeviceB] interface hundredgige 1/0/3
[DeviceB-HundredGigE1/0/3] port link-aggregation group 4
[DeviceB-HundredGigE1/0/3] quit
[DeviceB] interface hundredgige 1/0/4
[DeviceB-HundredGigE1/0/4] port link-aggregation group 4
[DeviceB-HundredGigE1/0/4] quit
# Assign Bridge-Aggregation 4 to M-LAG group 4.
[DeviceB] interface bridge-aggregation 4
[DeviceB-Bridge-Aggregation4] port m-lag group 4
[DeviceB-Bridge-Aggregation4] quit
3. Configure Device C:
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 4.
<DeviceC> system-view
[DeviceC] interface bridge-aggregation 4
[DeviceC-Bridge-Aggregation4] link-aggregation mode dynamic
[DeviceC-Bridge-Aggregation4] quit
# Assign HundredGigE 1/0/1 through HundredGigE 1/0/4 to aggregation group 4.
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/4
[DeviceC-if-range] port link-aggregation group 4
[DeviceC-if-range] quit
Verifying the configuration
# Verify that the keepalive link is working correctly on Device A.
[DeviceA] display m-lag keepalive
Neighbor keepalive link status (cause): Up
Neighbor is alive for: 104 s 16 ms
Keepalive packet transmission status:
Sent: Successful
Received: Successful
Last received keepalive packet information:
Source IP address: 1.1.1.1
Time: 2019/09/11 09:21:51
Action: Accept
Distributed relay keepalive parameters:
Destination IP address: 1.1.1.1
Source IP address: 1.1.1.2
Keepalive UDP port : 6400
Keepalive VPN name : N/A
Keepalive interval : 1000 ms
Keepalive timeout : 5 sec
Keepalive hold time: 3 sec
# Verify that the peer-link interface and the M-LAG interface are working correctly on Device A.
[DeviceA] display m-lag summary
Flags: A -- Aggregate interface down, B -- No peer M-LAG interface configured
C -- Configuration consistency check failed
Peer-link interface: BAGG3
Peer-link interface state (cause): UP
Keepalive link state (cause): UP
M-LAG interface information
M-LAG IF M-LAG group Local state (cause) Peer state Remaining down time (s)
BAGG4 4 UP UP -
[DeviceA] display m-lag verbose
Flags: A -- Home_Gateway, B -- Neighbor_Gateway, C -- Other_Gateway,
D -- peer-link interface_Activity, E -- DRCP_Timeout, F -- Gateway_Sync,
G -- Port_Sync, H -- Expired
Peer-link interface/Peer-link interface ID: BAGG3/1
State: UP
Cause: -
Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG
Local Selected ports (index): HGE1/0/1 (260), HGE1/0/2 (261)
Peer Selected ports indexes: 260, 261
M-LAG interface/M-LAG group ID: BAGG4/4
Local M-LAG interface state: UP
Peer M-LAG interface state: UP
M-LAG group state: UP
Local M-LAG interface down cause: -
Remaining M-LAG DOWN time: -
Local M-LAG interface LACP MAC: Config=0001-0001-0001, Effective=0001-0001-0001
Peer M-LAG interface LACP MAC: Config=0001-0001-0001, Effective=0001-0001-0001
Local M-LAG interface LACP priority: Config=123, Effective=123
Peer M-LAG interface LACP priority: Config=123, Effective=123
Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG
Local Selected ports (index): HGE1/0/3 (258), HGE1/0/4 (259)
Peer Selected ports indexes: 258, 259
# Verify that all member ports of aggregation group 4 are in Selected state on Device C, which indicates a successful link aggregation between the M-LAG system and Device C.
[DeviceC] display link-aggregation verbose bridge-aggregation 4
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port Status: S -- Selected, U -- Unselected, I -- Individual
Port: A -- Auto port, M -- Management port, R -- Reference port
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation4
Creation Mode: Manual
Aggregation Mode: Dynamic
Loadsharing Type: Shar
Management VLANs: None
System ID: 0x8000, 2e56-cbae-0600
Local:
Port Status Priority Index Oper-Key Flag
HGE1/0/1(R) S 32768 1 1 {ACDEF}
HGE1/0/2 S 32768 2 1 {ACDEF}
HGE1/0/3 S 32768 3 1 {ACDEF}
HGE1/0/4 S 32768 4 1 {ACDEF}
Remote:
Actor Priority Index Oper-Key SystemID Flag
HGE1/0/1 32768 16387 40004 0x7b , 0001-0001-0001 {ACDEF}
HGE1/0/2 32768 16388 40004 0x7b , 0001-0001-0001 {ACDEF}
HGE1/0/3 32768 32771 40004 0x7b , 0001-0001-0001 {ACDEF}
HGE1/0/4 32768 32772 40004 0x7b , 0001-0001-0001 {ACDEF}
Example: Configuring Layer 3 gateways on an M-LAG system
Network configuration
As shown in Figure 13:
· Configure Device A and Device B as an M-LAG system to establish one multichassis aggregate link with Device C and one with Device D.
· Set up a keepalive link between HundredGigE 1/0/5 of Device A and HundredGigE 1/0/5 of Device B, and exclude the interfaces from the shutdown action by M-LAG MAD.
· Configure two VRRP groups on Device A and Device B to provide gateway services for VLAN 100 and VLAN 200. Configure Device A as the master of the VRRP groups.
Procedure
1. Configure Device A:
# Configure M-LAG system settings.
<DeviceA> system-view
[DeviceA] m-lag system-mac 1-1-1
[DeviceA] m-lag system-number 1
[DeviceA] m-lag system-priority 123
# Configure M-LAG keepalive parameters.
[DeviceA] m-lag keepalive ip destination 1.1.1.2 source 1.1.1.1
# Set the link mode of HundredGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets.
[DeviceA] interface hundredgige 1/0/5
[DeviceA-HundredGigE1/0/5] port link-mode route
[DeviceA-HundredGigE1/0/5] ip address 1.1.1.1 24
[DeviceA-HundredGigE1/0/5] quit
# Exclude the interface used for M-LAG keepalive detection (HundredGigE 1/0/5) from the shutdown action by M-LAG MAD.
[DeviceA] m-lag mad exclude interface hundredgige 1/0/5
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 125, and specify it as the peer-link interface.
[DeviceA] interface bridge-aggregation 125
[DeviceA-Bridge-Aggregation125] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation125] port m-lag peer-link 1
[DeviceA-Bridge-Aggregation125] quit
# Assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 125.
[DeviceA] interface hundredgige 1/0/3
[DeviceA-HundredGigE1/0/3] port link-aggregation group 125
[DeviceA-HundredGigE1/0/3] quit
[DeviceA] interface HundredGigE 1/0/4
[DeviceA-HundredGigE1/0/4] port link-aggregation group 125
[DeviceA-HundredGigE1/0/4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 100, and assign it to M-LAG group 1.
[DeviceA] interface bridge-aggregation 100
[DeviceA-Bridge-Aggregation100] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation100] port m-lag group 1
[DeviceA-Bridge-Aggregation100] quit
# Assign HundredGigE 1/0/1 to aggregation group 100.
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] port link-aggregation group 100
[DeviceA-HundredGigE1/0/1] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 101, and assign it to M-LAG group 2.
[DeviceA] interface bridge-aggregation 101
[DeviceA-Bridge-Aggregation101] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation101] port m-lag group 2
[DeviceA-Bridge-Aggregation101] quit
# Assign HundredGigE 1/0/2 to aggregation group 101.
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port link-aggregation group 101
[DeviceA-HundredGigE1/0/2] quit
# Create VLAN 100 and VLAN 101.
[DeviceA] vlan 100
[DeviceA-vlan100] quit
[DeviceA] vlan 101
[DeviceA-vlan101] quit
# Set the link type of Bridge-Aggregation 100 to trunk, and assign it to VLAN 100.
[DeviceA] interface bridge-aggregation 100
[DeviceA-Bridge-Aggregation100] port link-type trunk
[DeviceA-Bridge-Aggregation100] port trunk permit vlan 100
[DeviceA-Bridge-Aggregation100] quit
# Set the link type of Bridge-Aggregation 101 to trunk, and assign it to VLAN 101.
[DeviceA] interface bridge-aggregation 101
[DeviceA-Bridge-Aggregation101] port link-type trunk
[DeviceA-Bridge-Aggregation101] port trunk permit vlan 101
[DeviceA-Bridge-Aggregation101] quit
# Set the link type of Bridge-Aggregation 125 to trunk, and assign it to VLAN 100 and VLAN 101.
[DeviceA] interface bridge-aggregation 125
[DeviceA-Bridge-Aggregation125] port link-type trunk
[DeviceA-Bridge-Aggregation125] port trunk permit vlan 100 101
[DeviceA-Bridge-Aggregation125] quit
# Create VLAN-interface 100 and VLAN-interface 101, and assign IP addresses to them.
[DeviceA] interface vlan-interface 100
[DeviceA-vlan-interface100] ip address 10.1.1.1 24
[DeviceA-vlan-interface100] quit
[DeviceA] interface vlan-interface 101
[DeviceA-vlan-interface101] ip address 20.1.1.1 24
[DeviceA-vlan-interface101] quit
# Configure OSPF.
[DeviceA] ospf
[DeviceA-ospf-1] import-route direct
[DeviceA-ospf-1] area 0
[DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[DeviceA-ospf-1-area-0.0.0.0] quit
[DeviceA-ospf-1] quit
# Create VRRP group 1 on VLAN-interface 100 and set its virtual IP address to 10.1.1.100.
[DeviceA] interface vlan-interface 100
[DeviceA-Vlan-interface100] vrrp vrid 1 virtual-ip 10.1.1.100
# Set the priority of Device A to 200 for it to become the master in VRRP group 1, so it has the same role in the M-LAG system.
[DeviceA-Vlan-interface100] vrrp vrid 1 priority 200
[DeviceA-Vlan-interface100] quit
# Create VRRP group 2 on VLAN-interface 101 and set its virtual IP address to 20.1.1.100.
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 2 virtual-ip 20.1.1.100
# Set the priority of Device A to 200 for it to become the master in VRRP group 2, so it has the same role in the M-LAG system.
[DeviceA-Vlan-interface101] vrrp vrid 2 priority 200
[DeviceA-Vlan-interface101] quit
2. Configure Device B:
# Configure M-LAG system settings.
<DeviceB> system-view
[DeviceB] m-lag system-mac 1-1-1
[DeviceB] m-lag system-number 2
[DeviceB] m-lag system-priority 123
# Configure M-LAG keepalive parameters.
[DeviceB] m-lag keepalive ip destination 1.1.1.1 source 1.1.1.2
# Set the link mode of HundredGigE 1/0/5 to Layer 3, and assign the interface an IP address. The IP address will be used as the source IP address of keepalive packets.
[DeviceB] interface hundredgige 1/0/5
[DeviceB-HundredGigE1/0/5] port link-mode route
[DeviceB-HundredGigE1/0/5] ip address 1.1.1.2 24
[DeviceB-HundredGigE1/0/5] quit
# Exclude the interface used for M-LAG keepalive detection (HundredGigE 1/0/5) from the shutdown action by M-LAG MAD.
[DeviceB] m-lag mad exclude interface hundredgige 1/0/5
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 125, and specify it as the peer-link interface.
[DeviceB] interface bridge-aggregation 125
[DeviceB-Bridge-Aggregation125] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation125] port m-lag peer-link 1
[DeviceB-Bridge-Aggregation125] quit
# Assign HundredGigE 1/0/3 and HundredGigE 1/0/4 to aggregation group 125.
[DeviceB] interface hundredgige 1/0/3
[DeviceB-HundredGigE1/0/3] port link-aggregation group 125
[DeviceB-HundredGigE1/0/3] quit
[DeviceB] interface hundredgige 1/0/4
[DeviceB-HundredGigE1/0/4] port link-aggregation group 125
[DeviceB-HundredGigE1/0/4] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 100, and assign it to M-LAG group 1.
[DeviceB] interface bridge-aggregation 100
[DeviceB-Bridge-Aggregation100] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation100] port m-lag group 1
[DeviceB-Bridge-Aggregation100] quit
# Assign HundredGigE 1/0/1 to aggregation group 100.
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] port link-aggregation group 100
[DeviceB-HundredGigE1/0/1] quit
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 101, and assign it to M-LAG group 2.
[DeviceB] interface bridge-aggregation 101
[DeviceB-Bridge-Aggregation101] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation101] port m-lag group 2
[DeviceB-Bridge-Aggregation101] quit
# Assign HundredGigE 1/0/2 to aggregation group 101.
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port link-aggregation group 101
[DeviceB-HundredGigE1/0/2] quit
# Create VLAN 100 and VLAN 101.
[DeviceB] vlan 100
[DeviceB-vlan100] quit
[DeviceB] vlan 101
[DeviceB-vlan101] quit
# Set the link type of Bridge-Aggregation 100 to trunk, and assign it to VLAN 100.
[DeviceB] interface bridge-aggregation 100
[DeviceB-Bridge-Aggregation100] port link-type trunk
[DeviceB-Bridge-Aggregation100] port trunk permit vlan 100
[DeviceB-Bridge-Aggregation100] quit
# Set the link type of Bridge-Aggregation 101 to trunk, and assign it to VLAN 101.
[DeviceB] interface bridge-aggregation 101
[DeviceB-Bridge-Aggregation101] port link-type trunk
[DeviceB-Bridge-Aggregation101] port trunk permit vlan 101
[DeviceB-Bridge-Aggregation101] quit
# Set the link type of Bridge-Aggregation 125 to trunk, and assign it to VLAN 100 and VLAN 101.
[DeviceB] interface bridge-aggregation 125
[DeviceB-Bridge-Aggregation125] port link-type trunk
[DeviceB-Bridge-Aggregation125] port trunk permit vlan 100 101
[DeviceB-Bridge-Aggregation125] quit
# Create VLAN-interface 100 and VLAN-interface 101, and assign IP addresses to them.
[DeviceB] interface vlan-interface 100
[DeviceB-vlan-interface100] ip address 10.1.1.2 24
[DeviceB-vlan-interface100] quit
[DeviceB] interface vlan-interface 101
[DeviceB-vlan-interface101] ip address 20.1.1.2 24
[DeviceB-vlan-interface101] quit
# Configure OSPF.
[DeviceB] ospf
[DeviceB-ospf-1] import-route direct
[DeviceB-ospf-1] area 0
[DeviceB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[DeviceB-ospf-1-area-0.0.0.0] quit
[DeviceB-ospf-1] quit
# Create VRRP group 1 on VLAN-interface 100 and set its virtual IP address to 10.1.1.100.
[DeviceB] interface vlan-interface 100
[DeviceB-Vlan-interface100] vrrp vrid 1 virtual-ip 10.1.1.100
[DeviceB-Vlan-interface100] quit
# Create VRRP group 2 on VLAN-interface 101 and set its virtual IP address to 20.1.1.100.
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] vrrp vrid 2 virtual-ip 20.1.1.100
[DeviceB-Vlan-interface101] quit
3. Configure Device C:
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 100.
<DeviceC> system-view
[DeviceC] interface bridge-aggregation 100
[DeviceC-Bridge-Aggregation100] link-aggregation mode dynamic
[DeviceC-Bridge-Aggregation100] quit
# Assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 100.
[DeviceC] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceC-if-range] port link-aggregation group 100
[DeviceC-if-range] quit
# Create VLAN 100.
[DeviceC] vlan 100
[DeviceC-vlan100] quit
# Set the link type of Bridge-Aggregation 100 to trunk, and assign it to VLAN 100.
[DeviceC] interface bridge-aggregation 100
[DeviceC-Bridge-Aggregation100] port link-type trunk
[DeviceC-Bridge-Aggregation100] port trunk permit vlan 100
[DeviceC-Bridge-Aggregation100] quit
# Set the link type of HundredGigE 1/0/3 to trunk, and assign it to VLAN 100.
[DeviceC] interface hundredgige 1/0/3
[DeviceC-HundredGigE1/0/3] port link-type trunk
[DeviceC-HundredGigE1/0/3] port trunk permit vlan 100
[DeviceC-HundredGigE1/0/3] quit
# Create VLAN-interface 100, and assign it an IP address.
[DeviceC] interface vlan-interface 100
[DeviceC-vlan-interface100] ip address 10.1.1.3 24
[DeviceC-vlan-interface100] quit
# Configure OSPF.
[DeviceC] ospf
[DeviceC-ospf-1] import-route direct
[DeviceC-ospf-1] area 0
[DeviceC-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[DeviceC-ospf-1-area-0.0.0.0] quit
[DeviceC-ospf-1] quit
4. Configure Device D:
# Create Layer 2 dynamic aggregate interface Bridge-Aggregation 101.
<DeviceD> system-view
[DeviceD] interface bridge-aggregation 101
[DeviceD-Bridge-Aggregation101] link-aggregation mode dynamic
[DeviceD-Bridge-Aggregation101] quit
# Assign HundredGigE 1/0/1 and HundredGigE 1/0/2 to aggregation group 101.
[DeviceD] interface range hundredgige 1/0/1 to hundredgige 1/0/2
[DeviceD-if-range] port link-aggregation group 101
[DeviceD-if-range] quit
# Create VLAN 101.
[DeviceD] vlan 101
[DeviceD-vlan101] quit
# Set the link type of Bridge-Aggregation 101 to trunk, and assign it to VLAN 101.
[DeviceD] interface bridge-aggregation 101
[DeviceD-Bridge-Aggregation101] port link-type trunk
[DeviceD-Bridge-Aggregation101] port trunk permit vlan 101
[DeviceD-Bridge-Aggregation101] quit
# Set the link type of HundredGigE 1/0/3 to trunk, and assign it to VLAN 101.
[DeviceD] interface hundredgige 1/0/3
[DeviceD-HundredGigE1/0/3] port link-type trunk
[DeviceD-HundredGigE1/0/3] port trunk permit vlan 101
[DeviceD-HundredGigE1/0/3] quit
# Create VLAN-interface 101, and assign it an IP address.
[DeviceD] interface vlan-interface 101
[DeviceD-vlan-interface101] ip address 20.1.1.3 24
[DeviceD-vlan-interface101] quit
# Configure OSPF.
[DeviceD] ospf
[DeviceD-ospf-1] import-route direct
[DeviceD-ospf-1] area 0
[DeviceD-ospf-1-area-0.0.0.0] network 20.1.1.0 0.0.0.255
[DeviceD-ospf-1-area-0.0.0.0] quit
[DeviceD-ospf-1] quit
Verifying the configuration
# Verify that Device C has established OSPF neighbor relationships with Device A and Device B.
[DeviceC] display ospf peer
OSPF Process 1 with Router ID 10.1.1.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
20.1.1.1 10.1.1.1 1 37 Full/DR Vlan100
20.1.1.2 10.1.1.2 1 32 Full/BDR Vlan100
# Verify that Device D has established OSPF neighbor relationships with Device A and Device B.
[DeviceD] display ospf peer
OSPF Process 1 with Router ID 20.1.1.3
Neighbor Brief Information
Area: 0.0.0.0
Router ID Address Pri Dead-Time State Interface
20.1.1.1 20.1.1.1 1 38 Full/DR Vlan101
20.1.1.2 20.1.1.2 1 37 Full/BDR Vlan101
# Verify that Host A and Host B can ping each other. (Details not shown.)
