Three-tier network architecture
Core layer: router
convergence layer: layer three switch
access layer: layer two switch, PC end
Ethernet Channel Technology (Intermediate Ethernet Technology)
The three-layer switch has both routing and switching functions. The three roles of the root bridge, gateway, and aggregation layer overlap, and are generally assumed by the aggregation layer three switches. Therefore, the bandwidth between Layer 3 switches is relatively high. When multiple links are used to connect Layer 3 switches, the interface will be blocked by STP. Therefore, it is necessary to use Ethernet channel technology (Cisco equipment) or Ethernet trunk technology Eth-Trunk (Huawei equipment) to connect the switches to The multiple interfaces between them are logically integrated into one interface to realize the effect of bandwidth superposition.
Examples:
Topology:
Configuration prerequisites:
①The opposite end of the channel must be the same device;
②All interfaces of the channel should have the same speed, type, duplex mode and the same VLAN allowable list.
Specific configuration:
[SW1] [SW2] Same configuration
interface Eth-Trunk 0 //Create a channel interface
q
interface g0/0/1
eth-trunk 0 //Add the physical connection GE 0/0/1 to the channel interface
interface g0 /0/2
eth-trunk 0 //GE 0/0/2 the same
View the interface list:
In VLAN 1 G0/0/1 interface and G0/0/2 interface are also combined as Eth-Trunk 0:
In the subsequent configuration, most of the interface configuration cannot be G0/0/1 and G0/ 0/2 are configured separately, and Eth-Trunk 0 needs to be configured because they logically and become the same interface. Cisco device command is channel-group? mode on.
Layer 2 network channel
Load sharing
Different traffic is transmitted based on different links.
Different from load balancing, the same traffic is transmitted based on different links.
配置命令:
[sw1-Eth-Trunk0]load-balance ? //基于流的选择
dst-ip According to destination IP hash arithmetic
dst-mac According to destination MAC hash arithmetic
src-dst-ip According to source/destination IP hash arithmetic
src-dst-mac According to source/destination MAC hash arithmetic
src-ip According to source IP hash arithmetic
src-mac According to source MAC hash arithmetic //推荐基于源MAC
[sw1-Eth-Trunk0]load-balance {ip | packet-all} //Modify based on flow or packet
Three-tier channel
All physical links that become channels must first become Layer 3 interfaces. The meaning of Layer 3 channels is to logically combine multiple interfaces that require IP addresses into one interface and configure one IP address.
Configuration command:
[SW]int Eth-Trunk 0
[SW-Eth-Trunk 0]undo portswitch //Switch to Layer 3 interface
[SW-Eth-Trunk 0]ip ad 192.168.1.1 24 //IP
[SW]port -group group-member g0/0/1 to g0/0/2
[SW-Port-Group]eth-trunk 0
Management VLAN (SVI)
The access layer switch, that is, the second layer switch, generally has an SVI (switch virtual) interface, which is burned with a MAC address and can be configured with an IP address. Conventional Layer 2 switches only have one SVI interface, and Layer 3 switches support multiple SVI interfaces, and all SVIs can coexist.
Examples:
Huawei equipment configuration
Topology:
Configuration:
(1) Enable the SVI interface on SW1:
[SW1]
display ip interface brief
//You can see that there is an interface named Vlanif1 at the bottom of the interface list. This interface is the SVI interface and is in VLAN1 by default:
interface Vlanif1
ip address 192.168.1.1 24
(2) Assign an IP to PC1:
[PC1]
Manually assign an IP address to PC1:
At this point, PC1 can already ping the SVI interface of SW1:
(3) Open Telnet on SW1:
[SW1]
aaa //open aaa Authentication
local-user a privilege level 15 password cipher huawei //Add user password
local-user a service-type telnet //Specify user service type
q
user-interface vty 0 4 //Enter the vty line to call
authentication-mode aaa //Authentication Mode aaa
(4) Remote login SW1 test (Huawei's ordinary PC does not support remote login). Here, Router is used instead of PC:
Cisco device configuration
Topology:
Configuration:
(1) Enable the SVI interface on SW1:
[SW1]
enable
show ip interface brief
//You can see that there is an interface named Vlan1 at the bottom of the interface list, which is the SVI interface and is in VLAN 1 by default :
Configure terminal //Enter the configuration mode
interface vlan1 //Enter the Vlan1 interface
ip address 192.168.1.1 255.255.255.0 //Assign an IP address to the Vlan1 interface
no shutdown //Turn on the interface
(2) Configure IP for PC0:
[PC0]
Manually configure IP address for PC0:
At this point, PC0 can already ping the SVI interface of SW1:
(3) Enable Telnet on SW1:
[SW1]
interface terminal
username a privilege 15 secret cisco //Add account password
line vty 0 4 //Enter the vty line and call
login local //Log in locally
Remotely log in to SW1 on PC0:
[PC0]
Modify the VLAN where the SVI is located
When you need to change the VLAN where the SVI is located, you only need to directly create the corresponding VLAN interface. Generally, a Layer 2 switch creates a new VLAN interface (SVI interface), and the old SVI interface will be automatically closed, because the Layer 2 switch only allows one SVI to exist.
If other network segment devices need to access the SVI interface, you need to define a gateway or write a default route on the SVI interface, otherwise the data will never go back.
Configuration command:
Cisco switch: ip default gateway 192.168.2.254
Huawei LSW: ip route-static 0.0.0.0 0.0.0.0 192.168.2.254
Writing the default is the same as defining the gateway.
Layer 3 switch
The three-layer switch plays the role of router and switch at the convergence layer, and has different functions in different situations.
Examples:
Topology:
Configuration:
Set the interface on the Layer 3 switch to Layer 3 interface:
[SW1]
enable
configure terminal
int f0/1
no switchport //Layer 2 interface becomes Layer 3 interface
ip ad 192.168.1.254 255.255.255.0 //Give The interface is equipped with an IP address
end
int f0/2
no switchport //Layer 2 interface becomes a Layer 3 interface
ip ad 192.168.2.254 255.255.255.0 //Assign an IP address to the interface
end
ip routing //Enable the routing function of the Layer 3 switch
end
show ip route
//You can view the routing table:
you can still ping through the two PCs after configuring different network segment IP addresses, because at this time the three-layer switch has the routing function:
so the three-layer switch also solves the problem of more sub-arm routing Defects of the interface.
Gateway redundancy
HSRP protocol (Cisco proprietary)
Hot backup routing protocol, working principle: two devices at the convergence layer as a gateway form an HSRP group, the active and standby devices keep each other alive, and a virtual MAC address and IP address are used as the gateway of the access layer device. When the main device is working normally, in addition to its own real IP and MAC, it also has a virtual IP and MAC, acting as an access layer device gateway. When the main device fails, the backup device inherits the virtual IP and MAC and continues to act as a gateway for the access layer device. The access layer device only needs to define the virtual IP as the gateway, which is not affected by the change of the gateway device.
VRRP protocol (public)
The virtual routing redundancy protocol works the same as the HSRP protocol.
Difference (improvement in HSRP)
①Support multiple devices;
②Only the master device sends a keep-alive packet (Hello), and the multicast update (224.0.0.18, TTL=1) cycle is 1s;
③The IP address of the physical interface can be used as the gateway, that is, it is no longer virtual out IP, only MAC is virtualized, but the physical interface must be the master at this time (the priority is changed to the maximum value of 255), otherwise the master and backup devices will return ARP to the access layer device at the same time
;
④Preemption is enabled by default; ⑤Hold time is 3s, fast switching speed;
⑥Support uplink tracking, when the main device downlink is disconnected, it will automatically switch to the backup device, but when the uplink is disconnected, because the virtual gateway redundancy technology is used IP address, ICMP redirection fails, so when the uplink is disconnected, the gateway will still not switch. At this time, you can define uplink tracking (provided that preemption is enabled and the priority difference between the two devices is less than the down value). When the uplink of the main device is disconnected, the main device will automatically lower the priority (the master will give the gateway to the backup). ). If there are multiple uplinks or downlinks locally, it is recommended that the sum of the reduced values during configuration is slightly larger than the priority difference. When all the uplinks are disconnected, the backup device is allowed to preempt the gateway, and most of the downlinks are disconnected When, give up the gateway.
Election rules
After the primary device fails, multiple backup devices are elected. The priority is first compared. The default value is 100, whichever is larger is better; then compare the interface IP addresses, whichever is larger is better.
Instance
Topology:
Specific configuration:
(1) Three-layer IP:
【R1】
int lo 0
ip ad 1.1.1.1 24
int g0/0/0
ip ad 12.1.1.1 24
int g0/0/1
ip ad 23.1.1.1 24
【R2】
int g0/0/0
ip ad 12.1.1.2 24
int g0/0/1
ip ad 10.1.1.1 24
【R3】
int g0/0/0
ip ad 23.1.1.2 24
int g0/0/1
ip ad 10.1.1.3 twenty four
(2) R1-3 runs the dynamic routing protocol OSPF
[R1]
ospf 1 router-id 1.1.1.1
area 0
network 1.1.1.1 0.0.0.0
network 12.1.1.1 0.0.0.0
network 23.1.1.1 0.0.0.0
[R2]
ospf 1 router-id 2.2.2.2
area 0
network 12.1.1.2 0.0.0.0
network 10.1.1.1 0.0.0.0
[R3]
ospf 1 router-id 3.3.3.3
area 0
network 23.1.1.2 0.0.0.0
network 10.1.1.3 0.0.0.0
(3) Turn on VRRP:
[R2] [R3] Same configuration
int g0/0/1
vrrp vrid 1 virtual-ip 10.1.1.254 //VRRP group name is 1, virtual IP address 10.1.1.254, MAC address will be automatically generated
display vrrp //View vrrp: It is
found that when the priority is 100 by default, the election method should be that the G0/0/1 interface of R3 with the larger IP address preempts the master, but because R2 G0/0/1 is the first Configure VRRP, so the interface of R2 grabs the master first.
(4) Enable uplink tracking:
[R2] [R3] Same configuration
int g0/0/1
vrrp vrid 1 track interface g0/0/0 reduce 10 //When the uplink is disconnected, the priority of the device is reduced by 10 (Default value), that is, from 100 to 90, it gives up the gateway
Result test:
At this time, PC1 can ping through 1.1.1.1 and shut down the G0/0/1 interface of R2 in the middle, and the path will be automatically restored after a period of time:
Load sharing mode:
Load sharing mode is not commonly used, and it is not suitable for three Layer architecture, because the normal three-layer architecture has a spanning tree, the position of the root bridge under different VLANs is different, some interfaces are blocked, and the load sharing mode may cause the access layer to access the gateway detour, which becomes a cumbersome. Therefore, it is recommended to consider the load sharing method when directly using the router as the gateway.