1. Summary of general technology of three-tier architecture
The gateway serves as the central exit of a broadcast domain; the root bridge of the spanning tree is also the center of a tree and the gathering point of traffic; if the two are allocated to different devices, it will cause a waste of network communication resources, so it is strongly recommended that both On the same device.
1. Link aggregation
1) If the VLAN-based or packet-based STP protocol is used to work in a three-layer architecture, it will cause higher requirements for the link bandwidth between the aggregation layers when communicating between VLANs or groups. It can be through the Ethernet channel (cisco), Ethernet Relay Eth-Trunk (Huawei) technology to solve the channel technology. The logical integration of multiple interfaces into one interface to achieve the effect of bandwidth superposition;
configuration requirements:
1. The opposite end of the channel must be the same device;
2. All channels The physical interfaces should have the same speed, duplex mode, same type, and the same vlan permission list
[sw1]interface Eth-Trunk 0 Create a channel interface
[sw1-Eth-Trunk0]q
[sw1]interface GigabitEthernet 0/0/1 Add the physical interface to the channel
[sw1-GigabitEthernet0/0/1]eth-trunk 0
[sw1-GigabitEthernet0/0/1]int g0/0/2
[sw1-GigabitEthernet0/0/2]eth-trunk 0
[sw1-Eth-Trunk0]load-balance ? 基于流的选择
dst-ip According to destination IP hash arithmetic
dst-mac According to destination MAC hash arithmetic
src-dst-ip According to source/destination IP hash arithmetic
src-dst-mac According to source/destination MAC hash arithmetic
src-ip According to source IP hash arithmetic
src-mac According to source MAC hash arithmetic
[sw1-Eth-Trunk0]load-balance {ip | packet-all} Modify flow-based or packet-based
Note: Huawei equipment, then the device configuration enters the eth-trunk port to modify;
2) Layer 3 channels: All physical links that become channels must first be Layer 3 interfaces. The meaning is to logically combine multiple interfaces that need to be configured with ip addresses into one interface. Configure one ip to
configure:
[sw1]interface Eth- Trunk 0
[sw1-Eth-Trunk0]undo portswitch Switch to layer 3 interface
[sw1-Eth-Trunk0]ip add 192.168.1.1 255.255.255.0 Configure ip address
[sw1]interface GigabitEthernet 0/0/1 Add a physical interface to the channel
[sw1-GigabitEthernet0/0/1]eth-trunk 0
[sw1-GigabitEthernet0/0/1]int g0/0/2
[sw1-GigabitEthernet0/ 0/2]eth-trunk 0
2. Manage vlan
The physical interface of the Layer 2 switch cannot be configured with an IP address normally; therefore, there is an SVI (switched virtual interface); the interface can be configured with an ip address, and there is a MAC address in the field; it is used to remotely log in to the device; the interface is in vlan1 by default, so vlan1 is There is
only one svi in the default management VLAN Layer 2 switch. The default is in VLAN 1. When transferring to other
VLANs , the previous VLANIF interface will be automatically closed. The Layer 3 switch supports multiple svi interfaces, and all svi can coexist
[ Huawei]interface Vlanif 2
[Huawei-Vlanif2]ip address 192.168.2.1 24
If other network segment devices need to access svi, the switch must define a gateway address or a default route, otherwise it cannot reply;
[Huawei]ip route-static 0.0 .0.0 0.0.0.0 192.168.2.254
3. Three-layer switch
Ordinary Layer 2 switches have the functions of Layer 3 router devices. Standard Layer 3 switches do not have the nat function, and can only be used as aggregation layer devices. They cannot be the core layer to connect to the Internet.
By default, Cisco and Huawei's Layer 3 switches are owned by Cisco and Huawei. The physical interface is a Layer 2 interface; the interface of a Layer
3 switch can be modified to a Layer 3 function
Cisco命令
Switch(config)#interface fastEthernet 0/1
Switch(config-if)#no switchport
Switch(config-if)#ip address 192.168.1.254 255.255.255.0
华为命令
[sw1]interface GigabitEthernet 0/0/10
[sw1-GigabitEthernet0/0/10]undo portswitch
[sw1-GigabitEthernet0/0/10]ip address 192.168.1.1 24
Note: Huawei's Layer 3 switches have Layer 3 routing function by default, but Cisco needs to manually enable
Switch(config)#ip routing.
Remember: The biggest significance of Layer 3 devices is that you can also use SVI interfaces as routing interfaces
Switch(config)#interface vlan 2
Switch(config-if)#ip address 192.168.4.254 255.255.255.0
Note: The conditions for the dual-up of the svi interface: 1) A VLAN is created on the interface, and there is a dual-up interface (divided into) inside the VLAN or a dual-up Trunk on the switch allows the VLAN to pass
Fourth, gateway redundancy
VRRP: Virtual Routing Redundancy Protocol-a public protocol, the principle is the same as HSRP.
Differences: 1. Multiple devices; 2. Only the master sends hello; 3. You can use the ip address of the physical interface as the gateway address; 4. Preemption is enabled by default; 5. Hold time 3s;
VRRP can have multiple Layer 3 devices in a group, including a master and multiple backups;
a virtual IP (which can be a real interface IP) and a virtual MAC are generated normally, and a virtual MAC
is checked every 1s by default to check whether the master is active. 224.0.0.18 TTL =1 hold time = 3s
Election rules: First priority, default 100, great advantage; then interface IP address, great advantage;
features: fast switching speed; can make the gateway's IP and MAC addresses not change; gateway switching is transparent to the host; it can be implemented Uplink tracking
In the gateway redundancy technology, ICMP redirection is invalid; therefore, when the uplink is DOWN. The gateway will not switch.
Uplink tracking can be defined-this configuration must take effect when preemption is enabled, and the priority value difference between the two devices is less than the down value; if there are multiple uplinks or downlinks locally, it is recommended to configure uplink tracking The sum of the down values of is greater than the difference of the priority values-when all the uplinks are all DOWN, the backup device can be preempted; when the downlink is mostly DOWN, the backup link can be preempted.
Configuration:
Note: Normally, due to the existence of spanning tree in the three-layer architecture, the load sharing method may be due to the different location of the root bridges of different VLANs, causing partial link blockage, making load sharing cumbersome; therefore, it is only recommended to use the router directly as When the gateway is used, load sharing is used.