Link Aggregation---Multiple physical interfaces can be bundled into one logical interface, that is, N physical links can be aggregated into one logical link. The effect of increasing the bandwidth can be achieved without upgrading the hardware.
We call logical links, aggregated links, and ETH-TRUNK links in Huawei equipment (this technology is designed for Ethernet technology). We call each physical link a member link; we call the aggregated logical interface an aggregated interface, which is called an ETH-trunk interface in Huawei equipment, and the previous physical interface is called a member interface.
Requirements for Link Aggregation Technology:
1. All physical interfaces of the channel should have the same transmission rate, duplex mode, and the same type (ACCESS or TRUNK) including the allowed list and PVID of the interface.
2. The opposite end of the channel must be the same device.
configuration
1. Create an aggregation interface
[sw2]interfaceEth-Trunk 0
[sw2-Eth-Trunk0]
2. Divide the physical interface into the aggregation interface
[sw2-Eth-Trunk]trunkport GigabitEthermet 0/0/1 0/0/2
[sw1]jinterfaceEthernet 0/0/1 ---You can also directly enter the physical interface and divide it into the corresponding aggregation interface
[sw1-Ethernet0/0/1]eth-trunk 0
Note: In order to ensure that the aggregated interface state machine configurations are the same, Huawei devices have made the following restrictions
1. Before aggregation, all interfaces cannot perform any configuration operations
2. After aggregation, all operations are performed on the aggregated interface, not on the physical interface.
The aggregated links of Huawei devices use flow-based load balancing by default. ---Huawei devices distinguish different data flows by source IP and destination IP by default
[sw2-Eth-Trunk1]load-balance ? ---You can modify the judgment method of data flow
dst-ip According to destination lP hash arithmetic
dst-mac According to destination MAC hash arithmetic
src-dst-ip According to source/destination lP hash arithmetic
src-dst-mac According to source/ destination MAC hash arithmetic
src-ip According to source lP hash arithmetic
src-mac According to source MAC hash arithmetic
[r1-Eth-Trunk0]undo portswitch ---- change the layer 2 interface to the layer 3 interface
[r1-Eth-Trunk0]
VRRP --- Virtual Router Redundancy Protocol
There are currently two versions of VRRP---VRRPV2---lPV4---Huawei devices use VRRPV2 by default
--- VRRPv3 ---IPv6
There is a concept of group in VRRP---put all the routers (not necessarily only two devices, but also multiple devices) that need to work together into the same VRRP group. In order to distinguish different VRRP groups, we need to design a VRID for each group---8-bit binary structure---a VRRP group needs a virtual gateway, and this gateway needs to be configured with a virtual IP address---1, which must It has to be specified manually. 2. It must be configured in the same network segment as the IP address of the physical gateway interface. ---And a virtual MAC address will be automatically generated. ---- 0000 -5e00 - 01xx---The last 8 binary bits use the VRID of this group to identify.
The working process of VRRP:
If the gateway interface is configured to activate VRRP, all gateway interfaces will send vRRP data packets to carry out the election of the master-standby relationship. The larger one is elected as the master, and the rest of the devices are backup. If the priorities are the same, compare the IP addresses of the interfaces, and the one with the larger IP address is the master.) After the election, only the master will periodically send VRRP packets (the sending cycle defaults to 1S), the other backup devices only listen, if they do not receive the VRRP data packet sent by the master within 3.6S (3×period time+offset time (256-priority)/256), it will be determined that the master is invalid, and the Rerun the election.
[r2-GigabitEthemet0/0/0]vrrp vrid 10 virtual-ip 192.168.1.254----interface activates VRRP
The gateway devices that need to work together need to be placed in the same VRRP group, and the VRID must be configured the same. In Huawei devices, the virtual IP can use the IP address of the physical interface. The effect is that the interface device is directly identified as the master, and the priority is set to 255.
[r3-GigabitEthernet 0/0/0]display vrrp---View VRRP configuration information
Preempt : YES ---- VRRP protocol is preemptive mode enabled by default, but only valid for the wired level
[r3-GigabitEthermet0/0/0]vrrp vrid 10 priority 110---modify the priority
[r3-GigabitEthemet0/0/0]vrrp vrid 10 track interface GigabitEthernet 0/0/1 reduced 50 --- Uplink tracking. If a traced interface fails, the corresponding action will be performed. The current action is to reduce the priority by 50. (If there is no action behind, the default priority will be reduced by 10)
IPv6
IANA --- Internet Assigned Numbers Organization
IPv6 address --- 128-bit binary
1. "Unlimited" address space: Because the IPV6 address is composed of 128-bit binary, the number of addresses is very large.
2. Hierarchical address structure: The so-called hierarchical address structure actually means that the address allocation is more reasonable and more conducive to summarization. Mainly done by the IANA organization
3. Plug and play: SLAAC --- stateless address automatic configuration --- only needs to have a gateway device, and an IPV6 address will be automatically issued.
4. Simplify the header of the message:
TOS --- service type --- Traffic Class --- traffic classification
TTL---time to live---HOP Limit---hop limit
Protocol---protocol---next header---next header
Name change, more accurate description
Flow Label --- flow label --- can be used to distinguish and mark different traffic, which is convenient for Qos. It is not enabled at present.
The deleted part (simplified part) --- the header length --- is mainly because the following option field is also deleted, causing the IPV6 packet header to change from a variable-length header to a fixed-length header, which supports hardware processing
---Checksum----Because when encapsulating the protocol at each level, there will be a checksum to ensure the integrity of the data, but in fact it only needs to be checked once, so it can be deleted completely.
5. Ensure the integrity of the end-to-end network: In the IPV4 network, the integrity of the end-to-end network is destroyed due to the existence of NAT technology, and in IPV6, because there are enough addresses, there is no need to run NAT technology, so you can guarantee its integrity.
6. Security enhancement: In PV6, in order to ensure the security of data transmission, a set of IPSEC (Internet Protocol Security Protocol) system is specially designed. Of course, IPV4 can also use IPSEC to ensure security.
7. Enhanced Qos features: mainly reflected in the addition of the flow label field, which is more convenient to complete Qos, but it has not yet been enabled.
IPV6 address
--- 128-bit binary----take hexadecimal
2001: 0123: 0000: 4560: 0000: 0000: 000o: 001A --- preferred format A = a
Ways to compress the format:
1. The leading O of each segment can be omitted. If a segment is all 0, at least one should be reserved, and the trailing O cannot be omitted; 2001: 123: 0:4560: 0: 0: 0: 1A
2. If there are one or more whole paragraphs with all O, you can use "::" to express, but there can only be at most one "..." in the compressed format of the entire IPV6 address
2001:123: 0: 4560: : 1A----compressed format
Embedded IPV4 address format --- the first 96 bits are expressed in IPV6 dotted hexadecimal, and the last 32 bits are expressed in IPV4 dotted decimal
: : 192.168.1.1
In the IPV6 address, it is also necessary to distinguish between the network bit and the host bit. The network bit is called the network prefix in IPv6, and the host bit is called the interface identifier in IPV6.
In the IPv6 address, the subnet mask is also required to identify the network prefix, but only the abbreviated format 2001:1 /64 is used ---- The default mask length of the IPV6 address is 64 bits
The generation method of IPV6 address interface identification:
1. Manual configuration
2. Automatic generation of EUI-64 rules --- 1. Insert FFFE 16-bit binary at the 25th part of the interface MAC address.
2. Invert the seventh bit in the generated 64-bit binary
02e0:fcFF:FE64:5980
[r1-GigabitEthemet0/O/O]ipv6 address 2002:.64 eui-64 ---Automatically generate interface identifiers through EUI-64 rules
-----IPV6 address supports multi-homing. (One interface can be configured with multiple IPV6 addresses)----One interface of Huawei equipment can be configured with multiple IPV6 addresses of different network segments.
3. The device randomly generates an interface ID
IPV6 address classification
Unicast address, multicast address, anycast address --- anycast address also marks a group, but the destination address of a data packet is an anycast address, and the effect is that it will be sent to all devices in the group in the sense of local routing on the nearest target.
Note: There is no broadcast address in the IPv6 address, directly use the multicast address instead
Classification of unicast addresses:
1, GUA address---global unicast address
Equivalent to the public network address in IPV4
2000: /3 ----2000:0000:0000:0000:0000:0000:0000:0000 --3FFFFFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF
2001::/16 ---- The GUA address of IPV6 obtained commercially
2002:./16 ---- used for 6to4 tunneling
2. ULA address---unique local address
Equivalent to the private network address in IPV4
This part of the address cannot appear in the public network routing of IPv6, and because there are enough IPv6 addresses, the uniqueness of its private network address can be guaranteed.
FCOO:: /7---- 1111110 0
FD:: /8---The currently used address segment
FC: /8---Currently not enabled
3, LLA address --- local link address
This address is very important in the IPv6 system. As long as the interface can be configured with an lPv6 address, a link-local address will be automatically configured.
FE80::/10 --- FE80::/64--- When the prefix is fixed, the interface identifier will be automatically generated according to the rules of EUI-64.
Because IPv6 addresses support multi-homing, there may be multiple IPv6 addresses on an interface. When the dynamic routing protocol calculates the path and writes the next hop, only one of them is selected to write. The general address may be changed, resulting in instability. Therefore, Dynamic routing protocols generally use the link-local address of the interface as the next hop
multicast address
FF:: /8
RIPV2---224.0.0.9---FFO2:9----33:33:00:00:00:o9
OSPF--- 224.0.0.5,224.0.0.6---- FFO2::5,FFO2::6 ---- 33: 33: 00: 00: 00:05,---- 33: 33:00: 00: 00: 06
224.0.0.1----for all nodes with IP address interface--- FF02:1---- 33:33:00:00:o0:01
224.0.0.2----for all routing devices---FF02:2----33: 33: 00: 00: 00: 02
FFO2---the prefix of the local link multicast in IPV6----will correspond to a multicast MAC address----33:33+32 (the last 32 bits of the IPV6 address)
Among the multicast addresses of IPV6, there is another type of multicast address---requested node multicast---after an interface is configured with an IPV6 address, it will automatically join the requested node multicast group --- FF02:1:FF ---The first 104 bits are fixed, and the last 24 bits are the last 24 bits of the IPV6 address
2001::1 ---- FFO2::1 :FF00:1 ----33:33:ff00:1
1, ::--- is equivalent to 0.0.0.0 in IPV4, 1, can represent no address (DHCPV6) 2, can represent all addresses (default)
2, ::1 --- Equivalent to 127.0.0.1 in IPV4
IPV6 configuration
ICMPV6 protocol --- Under the IPV6 system, the ICMPV6 protocol can not only realize the functions under IPV4, but also integrate multiple important functions
It integrates the NDP protocol (Neighbor Discovery Protocol)----equivalent to the ARP protocol in IPV4.
He can implement the SLAAC mechanism ---- NDP protocol
He can implement the Path-MTu discovery mechanism----PMTUD---find the smallest MTU---in IPV6, after the route is generated, it will send an ICMPV6 message to detect the smallest MTU (PMTU) in the target network segment, and then , when sending packets, fragment them directly according to the minimum MTU value.
ICMPV6 --- ECHO REQUEST --- type: 128
ECHO REPIY ----type:129
Before an interface officially sends IPv6 packets, it will go through three stages:
1. Obtain IPV6 address----1. Global unicast address (GUA address)
1. Manual configuration;
2. Stateless auto-provisioning (NDP) --- No server is required, only a gateway needs to exist, and it has an lPV6 address, then the connected terminal equipment will obtain an IPV6 address.
Router Solicitation Message (RS) --- type ---133 --- Terminal device access needs an IPV6 address, then send this message to find the gateway device
Router advertisement message (RA) --- type --- 134 ---The gateway device will reply the RA message, which will contain the network prefix.
Note: In addition to the above request methods, the gateway device can also periodically issue its own network prefix. Huawei devices disable this function by default. But note that stateless auto-configuration will not deliver additional information such as DNS, so it is generally used for large-volume IoT devices that do not require Internet access. Of course, stateless autoconfiguration can also be combined with stateful autoconfiguration.
3. Stateful auto-configuration (DHCPv6) 2. Link-local address (LLA)
2. DAD --- address conflict detection
3. Address resolution stage
Both phases 2 and 3 are completed by the NDP protocol in PV6.
Neighbor Solicitation message ---- NS --- type: 135 --- equivalent to ARP request message
Neighbor Advertisement Message ---- NA --- type: 136 --- Equivalent to ARP Reply Message
ARP --- request message --- SIP: own IP; DIP: requestee IP
NDP---NS----SIP: own IP; DIP: requested node multicast
The response messages are the same, and they are all replied in the form of unicast.
IPv6 address configuration
[r1]ipv6 ---- Activate IPv6 globally, only after activation, the device will forward IPV6 packets
[r1-GigabitEthemet0/O/0]ipv6 enable --- Only by executing this command can the interface be configured with an IPV6 address
[r1-GigabitEthermet0/O/0]ipv6 address 12:1 64---configure IPV6 address
[r1]display ipv6 interface brief ---Check the IPV6 address configuration
Static routing configuration
[r1]ipv6 route-static 2:.64 12:2
[r1]display ipv6 routing-table --- View IPV6 routing table
[r1]ping ipv6 3::3 --- ping
RIPNG configuration
[r1]ripng ---Start the RIPNG process
[r1-GigabitEthermet0/0/0]ripng 1 enable --- declared in the interface
OSPFV3 configuration
[r1]ospfv3 1 --- start the process
[r1-ospfv3-1]
[r1-ospfv3-1]router-id 1.1.1.1----placement RID
[r1-GigabitEthemet0/0/0] ospfv3 1 area0 --- declared in area
MP-BGP configuration
[r1]bgp 1
[ri1-bgp]router-id 1.1.1.1
[r1-bgplpeer 2::2 as-number 1
[ri1-bgp]peer 2::2 connect-interface LoopBack o
[r1-bgp]ipv6-family
[r1-bgp-of-ipv6]peer 2:2 enable
[r1]display bgp ipv6 peer ---View IPV6 neighbor list
[r1-bgp-af-ipv6]network 1::64 --- publish route
[r1]display bgp ipv6 routing-table ---View IPV6 BGP table
Transition between IPV4 and IPV6
1. Implemented through GRE tunnel
1. You must know the public IPV4 address of the peer
2. There must be a route to the IPV6 network segment of the other party
2. 6to4 tunnel
There is also an address in IPv6---IPV4 compatible address
2002::/16 ----used for 6to4 tunnels---these are reserved for IPV4 compatible addresses
12.0.0.1 --- 00001100 00000000 00000000 00000001
2002:0CO0:0001: : /48
[r1-LoopBackO]jipv6address 2002:c00:1::164
[r1]int t 0/O/0
[r1-Tunnel0/O/0]ipv6 enable
[r1-Tunnel0/O/0]ipv6 address 2002:c00:1:11 64
[ri-Tunnel0/0/0]tunnel-protocol ipv6-ipv4 6to4
[r1-Tunnel0/0/0jsource 12.0.0.1
23.0.0.2--- 00010111.00000000.00000000.00000010
2002:1700:2:./48
[r3]ipv6 route-static 2002::16 Tunnel 0/O/0 ---Add summary route
3. Dual stack