1. Applicable scenarios
1. MSTP eliminates loops: Eliminate possible network communication loops in the network by blocking redundant links. If there are loops in the network that are not cut, it will cause broadcast storms and the network will be paralyzed.
2. MSTP link redundancy backup: When the current active path fails, activate the redundant backup link to restore network connectivity.
3. MSTP implements load balancing of different instances + active/standby backup: Multiple spanning tree MSTP can utilize redundant links, and different spanning trees run different vlan business data.
4. The VRRP virtual routing redundancy protocol realizes the load balancing of active and standby devices + vlan: when the main device fails, the backup device is activated to become the main device. Load balancing + equipment failure redundancy.
5. DHCP service simplifies manual configuration of ip: assign ip addresses to user terminals, and use virtual ip as the gateway of user terminals. When the physical link fails or the physical device fails, the user terminal equipment does not need to modify any configuration. It still maintains the continuity of the business and realizes the requirement of network reliability.
6. Eth-trunk link aggregation increases bandwidth + load balancing + link redundancy: on the backbone link, the bandwidth of the bundled channel can be increased to achieve load balancing. When one of the bundled links fails, other links are normal , but also to ensure that the business is not interrupted.
7. BFD detects the link status of the layer-3 network to improve network reliability: the link status automatically adjusts the priority according to the link status, so that the network traffic is switched from the faulty link to the normal layer-3 link, ensuring that the data service packet is not discarded , even if the Layer 3 link fails, the user will not be aware of it, improving the reliability of the network.
2. Principle and Topology
(1) MSTP is born for load balancing
MSTP is developed on the basis of RSTP, and RSTP is improved on the basis of STP to achieve rapid network topology convergence. However, RSTP and STP still have the same defect: because all VLANs in the LAN share a spanning tree, it is impossible to achieve load balancing of data traffic between VLANs. After the link is blocked, it will not carry any traffic, resulting in waste of bandwidth. Packets of some VLANs may not be forwarded.
MSTP is compatible with STP and RSTP, which can quickly converge, and provides multiple redundant paths for data forwarding, and realizes VLAN data load balancing during data forwarding.
MSTP divides a switching network into multiple domains, and multiple spanning trees are formed in each domain, and the spanning trees are independent of each other. Each spanning tree is called a multiple spanning tree instance MSTI (Multiple Spanning Tree Instance), and each domain is called an MST domain (MST Region: Multiple Spanning Tree Region)
(2) Port roles of MSTP Multiple Spanning Tree Protocol
(3) Topology diagram of this example
3. Configuration process
(1) Configure basic network commands to get through the network
1. Configure Eth-trunk link aggregation to bundle multiple Ethernet physical links into one logical link, so as to increase link bandwidth. At the same time, these bundled links can effectively improve link reliability through mutual dynamic backup.
LSW1: #
System-view # Enter the system view
interface Eth-Trunk1 # Create link aggregation interface Eth-trunk 1
description to LSW2-ETH-trunk-1 # Describe the link aggregation interface connected to LSW2 at the peer end port
link-type trunk #Configure the link aggregation port to trunk mode
port trunk allow-pass vlan 10 20 30 40 200 #Configure the vlan allowed by the link aggregation port
interface GigabitEthernet0/0/5 #Configure G0/0/5 interface
description to LSW2_eth-trunk1-g0/0/5 #Description G0/0/5 interface belongs to the link aggregation of LSW2 eth
-trunk 1 #Set G0/0/5 The interface is added to the link aggregation group
interface GigabitEthernet0/0/6 #Configure G0/0/6 interface
description to LSW2_eth-trunk1-g0/0/6 #Description G0/0/6 interface belongs to the link aggregation of LSW2
eth-trunk 1 #Set G0/0/6 The interface is added to the link aggregation group
LSW2: #
System-view # Enter the system view
interface Eth-Trunk1 # Create link aggregation interface Eth-trunk 1
description to LSW1-ETH-trunk-1 # Describe the link aggregation interface connected to LSW2 at the peer end port
link-type trunk #Configure the link aggregation port to trunk mode
port trunk allow-pass vlan 10 20 30 40 200 #Configure the vlan allowed by the link aggregation port
interface GigabitEthernet0/0/5 #Configure G0/0/5 interface
description to LSW1_eth-trunk1-g0/0/5 #Description G0/0/5 interface belongs to the link aggregation of LSW2 eth
-trunk 1 #Set G0/0/5 The interface is added to the link aggregation group
interface GigabitEthernet0/0/6 #Configure G0/0/6 interface
description to LSW1_eth-trunk1-g0/0/6 #Description G0/0/6 interface belongs to the link aggregation of LSW2
eth-trunk 1 #Set G0/0/6 The interface is added to the link aggregation group
2. View the configured Eth-trunk link aggregation
(1) View the Eth-trunk link aggregation on LSW1:
(2) View Eth-trunk link aggregation on LSW2
3. Get through the network configuration:
(1) LSW1:
System-view #Enter the system view
sysname LSW1 #Configure the name of the switch as LSW1 to distinguish other switches
dhcp enable #Enable the DHCP function of the switch
vlan batch 10 20 30 40 200 #Create vlan 10 20 30 40 200
interface GigabitEthernet0/0/1 #Configure G0/0/1 interface
description to LSW3_G0/0/1 #Describe the peer end of G0/0/1 interface connected to G0/0/1
port link-type of LSW3 trunk #Configure G0/0/1 interface as trunk trunk mode
port trunk allow-pass vlan 10 200 #Configure G0/0/1 interface to allow passing vlan 10 200
interface GigabitEthernet0/0/2 #Configure G0/0/2 interface
description to LSW4_G0/0/1 #Describe the peer end of G0/0/2 interface connected to G0/0/1 of LSW4 port
link-type trunk #Configure G0/ The 0/2 interface is trunk mode
port trunk allow-pass vlan 20 200 #Configure the vlan 20 200 that the G0/0/2 interface allows to pass
interface GigabitEthernet0/0/3 #Configure G0/0/3 interface
description to LSW5-G0/0/1 #Describe the peer end of G0/0/3 interface connected to G0/0/1 of LSW5
port link-type trunk #Configuration G0/0/3 interface is trunk trunk mode
port trunk allow-pass vlan 30 200 #Configure the vlan 30 200 that G0/0/3 interface allows to pass
interface GigabitEthernet0/0/4 #Configure G0/0/4 interface
description to LSW6-G0/0/1 #Describe the peer end of G0/0/4 interface connected to G0/0/1 of LSW6
port link-type trunk #Configuration G0/0/4 interface is trunk trunk mode
port trunk allow-pass vlan 40 200 #Configure the vlan 40 200 allowed by G0/0/4 interface
interface Vlanif200 #Create valn 200
ip address 172.16.1.2 255.255.255.0 #Configure ip address and subnet mask for vlan 200
dhcp select relay #Open vlan 200's dhcp
relay dhcp relay server-ip 172.16.1.1 #Specify DHCP relay The server ip address
interface GigabitEthernet0/0/7 #Configure the G0/0/7 interface
port link-type access #Configure the G0/0/7 interface to access mode
port default vlan 200 #Configure the vlans that the G0/0/7 interface allows to pass 200
ospf 1 #Configure OSPF routing protocol
area 0.0.0.0 #Enter area 0.0.0.0
network 172.16.1.0 0.0.0.255 #Configure ospf area 0 network ip and reverse mask
area 0.0.0.1 #Enter area 0.0.0.1
network 192.168 .0.0 0.0.255.255 #Configure ospf area 1 network ip and reverse mask
(2) LSW2:
System-view #Enter the system view
sysname LSW2 #Configure the name of the switch as LSW2 to distinguish it from other switches
dhcp enable #Enable the DHCP function of the switch
vlan batch 10 20 30 40 200 #Create vlan 10 20 30 40 200
interface GigabitEthernet0/0/1 #Configure G0/0/1 interface
description to LSW4-G0/0/2 #Describe the peer end of G0/0/1 interface connected to G0/0/2
port link-type trunk of LSW4 #Configure G0 /0/1 interface is trunk mode
port trunk allow-pass vlan 20 200 #Configure the vlan 20 200 that G0/0/1 interface allows to pass
interface GigabitEthernet0/0/2 #Configure the G0/0/2 interface
description to LSW3-G 0/0/2 #Describe the peer end of the G0/0/2 interface connected to the G0/0/2 port of LSW3
port link-type trunk # Configure the G0/0/2 interface as the trunk trunk mode
port trunk allow-pass vlan 10 200 #Configure the vlan 10 200 that the G0/0/2 interface allows to pass
interface GigabitEthernet0/0/3 #Configure G0/0/3 interface
description to LSW5-G0/0/2 #Describe the peer end of G0/0/3 interface connected to G0/0/2 of LSW5
port link-type trunk #Configuration G0/0/3 interface is trunk trunk mode
port trunk allow-pass vlan 30 200 #Configure the vlan 30 200 that G0/0/3 interface allows to pass
interface GigabitEthernet0/0/4 #Configure G0/0/4 interface
description to LSW6-G0/0/2 #Describe the peer end of G0/0/4 interface connected to G0/0/2
port link-type trunk of LSW6 #Configuration G0/0/4 interface is trunk trunk mode
port trunk allow-pass vlan 40 200 #Configure the vlan 40 200 allowed by G0/0/4 interface
interface Vlanif200 #Create valn 200
ip address 172.16.2.2 255.255.255.0 #Configure ip address and subnet mask for vlan 200
dhcp select relay #Open the dhcp relay of vlan 200 dhcp
relay server-ip 172.16.2.1 ##Specify in DHCP The following server ip address
interface GigabitEthernet0/0/7 #Configure the G0/0/7 interface
port link-type access #Configure the G0/0/7 interface to access mode
port default vlan 200 #Configure the vlans allowed by G0/0/7 200
ospf 1 #Configure OSPF routing protocol
area 0.0.0.0 #Enter area 0.0.0.0
network 172.16.2.0 0.0.0.255 #Configure ospf area 0 network ip and reverse mask
area 0.0.0.2 #Enter area 0.0.0.2
network 192.168 .0.0 0.0.255.255 #Configure the area 2 network ip and reverse mask of ospf
(3) LSW3: #
System-view #Enter the system view
sysname LSW3 #Configure the name of the switch as LSW3
vlan batch 10 200 #Create vlan 10 200
interface GigabitEthernet0/0/1 #Configure G0/0/1 interface
description to LSW1_G0/0/1 #Describe the peer end of G0/0/1 interface connected to G0/0/1 of LSW1
port link-type trunk #Configure the G0/0/1 interface as trunk trunk mode
port trunk allow-pass vlan 10 200 #Configure the vlan 10 200 allowed by the G0/0/1 interface
interface GigabitEthernet0/0/2 #Configure G0/0/2 interface
description to LSW2_G0/0/2 #Describe the peer end of G0/0/2 interface connected to G0/0/2 port
link-type trunk of LSW2 #Configure G0/ The 0/2 interface is trunk mode
port trunk allow-pass vlan 10 200 #Configure the vlan 10 200 that the G0/0/2 interface allows to pass
interface Ethernet0/0/1 #Configure e0/0/1 interface
port link-type access #Configure e0/0/1 interface as access mode
port default vlan 10 #Configure e0/0/1 to allow vlan 10
(4) LSW4 : #
System-view #Enter the system view
sysname LSW4 #Configure the name of the switch as LSW4
vlan batch 20 200 #Create vlan 20 200
interface GigabitEthernet0/0/1 #Configure G0/0/1 interface
description to LSW1_G0/0/2 #Describe the peer end of G0/0/1 interface connected to G0/0/2 of LSW1
port link-type trunk #Configure the G0/0/1 interface as trunk trunk mode
port trunk allow-pass vlan 20 200 #Configure the vlan 20 200 allowed by the G0/0/1 interface
interface GigabitEthernet0/0/2 #Configure G0/0/2 interface
description to LSW2_G0/0/1 #Describe the peer end of G0/0/2 interface connected to G0/0/1 of LSW2 port
link-type trunk #Configure G0/ The 0/2 interface is trunk mode
port trunk allow-pass vlan 20 200 #Configure the vlan 20 200 that the G0/0/2 interface allows to pass
interface Ethernet0/0/1 #Configure e0/0/1 interface
port link-type access #Configure e0/0/1 interface as access mode
port default vlan 20 #Configure e0/0/1 to allow passing vlan 20
(5) LSW5 : #
System-view #Enter the system view
sysname LSW5 #Configure the name of the switch as LSW5
vlan batch 30 200 #Create vlan 30 200
interface GigabitEthernet0/0/1 #Configure G0/0/1 interface
description to LSW1_G0/0/3 #Describe the peer end of G0/0/1 interface connected to G0/0/3 of LSW1
port link-type trunk #Configure G0/0/1 interface as trunk trunk mode
port trunk allow-pass vlan 30 200 #Configure G0/0/1 interface to allow passing vlan 30 200
interface GigabitEthernet0/0/2 #Configure G0/0/2 interface
description to LSW2_G0/0/3 #Describe the peer end of G0/0/2 interface connected to G0/0/3 of LSW2 port
link-type trunk #Configure G0/ The 0/2 interface is trunk mode
port trunk allow-pass vlan 30 200 #Configure the vlan 30 200 that the G0/0/2 interface allows to pass
interface Ethernet0/0/1 #Configure e0/0/1 interface
port link-type access #Configure e0/0/1 interface to access mode
port default vlan 30 #Configure e0/0/1 interface to allow passing vlan 30
(6) LSW6:
System-view #Enter the system view
sysname LSW6 #Configure the name of the switch as LSW6
vlan batch 40 200 #Create vlan 40 200
interface GigabitEthernet0/0/1 #Configure G0/0/1 interface
description to LSW1_G 0/0/4 #Describe the peer end of G0/0/1 interface connected to G0/0/ of LSW1 4
port link-type trunk #Configure the G0/0/1 interface as trunk trunk mode
port trunk allow-pass vlan 40 200 #Configure the vlan 40 200 allowed by the G0/0/1 interface
interface GigabitEthernet0/0/2 #Configure G0/0/2 interface
description to LSW2_G0/0/4 #Describe the peer end of G0/0/2 interface connected to G0/0/4 of LSW2 port
link-type trunk #Configure G0/ The 0/2 interface is trunk mode
port trunk allow-pass vlan 40 200 #Configure the vlan 40 200 that the G0/0/2 interface allows to pass
interface Ethernet0/0/1 #Configure e0/0/1 interface
port link-type access #Configure e0/0/1 interface as access mode
port default vlan 40 #Configure e0/0/1 interface to allow passing vlan 40
(2) Configure VRRP
Virtual Router Redundancy Protocol VRRP (Virtual Router Redundancy Protocol) combines several devices with routing functions to form a virtual routing device (two Layer 3 switches are used in this example), and the IP address of the virtual routing device (in this example) Use 254 of each class C network segment as the virtual ip) as the user's default gateway to communicate with the external network. When a gateway device fails, the VRRP mechanism can elect a new gateway device to undertake data traffic, thereby ensuring reliable communication of the network.
1. Plan vlan ip and vrrp virtual ip, preemption rules: 253 of each network segment is the vlan address of the first VRRP device, 252 of each network segment is the vlan address of the second VRRP device, and 253 of each network segment is the vlan address of the second VRRP device. 254 is the ip address of the virtual routing device, that is, the gateway ip address of each PC corresponding to the network segment.
(1) vlan 10 on LSW1: 192.168.10.253/24 vrid 1 virtual ip: 192.168.10.254
vlan 20 on LSW1: 192.168.20.253/24 vrid 2 virtual ip: 192.168.20.254
vlan30 on LSW1: 192.168.30.253/ 24 vrid 3 virtual ip: 192.168.30.254
vlan 40 on LSW1: 192.168.40.253/24 vrid 4 virtual ip: 192.168.40.254
(2) vlan 10 on LSW2: 192.168.10.252/24 vrid 1 virt ual ip: 192.168.10.254
vlan 20 on LSW2: 192.168.20.252/24 vrid 2 virtual ip: 192.168.20.254
vlan30 on LSW2: 192.168.30.252/24 vrid 3 virtual ip: 192.168.30.254
vlan 40 on LSW2: 192.168.40.252/24 vrid 4 virtual ip: 192.168.40.254
Ensure that each vlan has only one virtual VRRP ip address, As the gateway of this network segment, no matter which link fails or one of LSW1 and LSW2 fails, the client network can operate normally.
(3) VRRP priority planning
vlan 10 and vlan 20 on LSW1 have a priority of 120, and ensure that they are master VRRP; vlan 30 and vlan 40 on LSW1 have a priority of 80, and ensure that they are backup VRRP.
vlan 10 and vlan 20 on LSW2 have a priority of 80, and ensure VRRP for the backup; vlan 30 and vlan 40 on LSW2 have a priority of 120, and ensure that they are the master VRRP.
(4) In order to avoid the failure of a link with poor contact, the backup VRRP quickly preempts the master VRRP, and the actual master VRRP can still work occasionally, resulting in a VRRP preemption loop, which will cause network shocks. Configure the preemption delay to be 20 seconds later. That is, when the link failure is confirmed after 20 seconds, the standby VRRP preempts the active VRRP to avoid network shock caused by cyclic preemption.
2. Configure VRRP
LSW1:
System-view #Enter system view
interface Vlanif10 #Configure valn 10
ip address 192.168.10.253 255.255.255.0 #Configure ip address and subnet mask for vlan 10
vrrp vrid 1 virtual-ip 192.168.10.254 #Configure the virtual ip address of vrrp group 1
vrrp vrid 1 priority 120 #Configure the priority of vrrp group 1 to 120
vrrp vrid 1 preempt-mode timer delay 20 #Configure vrrp group 1 after failure 20 seconds to preempt
interface Vlanif20 #Configure valn 10
ip address 192.168.20.253 255.255.255.0 #Configure ip address and subnet mask for vlan 20
vrrp vrid 2 virtual-ip 192.168.20.254 #Configure the virtual ip address of vrrp group 2
vrrp vrid 2 priority 120 # Configure the priority of vrrp group 2 to be 120
vrrp vrid 2 preempt-mode timer delay 20 #Configure vrrp group 2 to preempt after 20 seconds after a failure
interface Vlanif30 #Configure valn 30
ip address 192.168.30.253 255.255.255.0 #Configure ip address and subnet mask for vlan 30
vrrp vrid 3 virtual-ip 192.168.30.254 #Configure the virtual ip address of vrrp group 3
vrrp vrid 3 priority 80 # Configure the priority of vrrp group 3 to be 80
vrrp vrid 3 preempt-mode timer delay 20 #Configure vrrp group 3 to preempt after 20 seconds after a failure
interface Vlanif40 #Configure valn 40
ip address 192.168.40.253 255.255.255.0 #Configure ip address and subnet mask for vlan 40
vrrp vrid 4 virtual-ip 192.168.40.254 #Configure the virtual ip address of vrrp group 4
vrrp vrid 4 priority 80 # Configure the priority of vrrp group 4 to be 120
vrrp vrid 4 preempt-mode timer delay 20 #Configure vrrp group 4 to preempt after 20 seconds after a failure
LSW2:#
System-view #Enter system view
interface Vlanif10 #Configure valn 10
ip address 192.168.10.252 255.255.255.0 #Configure ip address and subnet mask for vlan 10
vrrp vrid 1 virtual-ip 192.168.10.254 #Configure vrrp group 1 vrrp vrid
1 priority 80 #Configure the priority of vrrp group 1 to be 80
vrrp vrid 1 preempt-mode timer delay 20 #Configure vrrp group 1 to preempt after 20 seconds after a failure
interface Vlanif20 #Configure valn 20
ip address 192.168.20.252 255.255.255.0 #Configure ip address and subnet mask for vlan 20
vrrp vrid 2 virtual-ip 192.168.20.254 #Configure the virtual ip address of vrrp group 2
vrrp vrid 2 priority 80 # Configure the priority of vrrp group 2 to be 80
vrrp vrid 2 preempt-mode timer delay 20 #Configure vrrp group 2 to preempt after 20 seconds after a failure
interface Vlanif30 #Configure valn 30
ip address 192.168.30.252 255.255.255.0 #Configure ip address and subnet mask for vlan 30
vrrp vrid 3 virtual-ip 192.168.30.254 #Configure the virtual ip address of vrrp group 3
vrrp vrid 3 priority 120 # Configure the priority of vrrp group 3 to be 120
vrrp vrid 3 preempt-mode timer delay 20 #Configure vrrp group 3 to preempt after 20 seconds after a failure
interface Vlanif40 #Configure valn 40
ip address 192.168.40.252 255.255.255.0 #Configure ip address and subnet mask for vlan 40
vrrp vrid 4 virtual-ip 192.168.40.254 #Configure the virtual ip address of vrrp group 4
vrrp vrid 4 priority 120 # Configure the priority of vrrp group 4 to be 120
vrrp vrid 4 preempt-mode timer delay 20 #Configure vrrp group 4 to preempt after 20 seconds after a failure
3. View the configured VRRP results
(3) Configure MSTP
1. Configure vlan 10 and vlan 20 for primary forwarding, and vlan 30 and vlan 40 for standby forwarding
LSW1:
System-view #Enter system view
stp instance 1 root primary #Spanning tree protocol instance 1 adopts primary primary
stp instance 2 root secondary #Spanning tree protocol Example 2 uses secondary
stp pathcost-standard legacy #Spanning tree protocol uses Huawei algorithm
stp region-configuration #Configure multiple spanning tree protocol MSTP
region-name MSTP1 #Configure multiple spanning tree protocol name as MSTP1
revision-level 1 #Configure spanning tree protocol Level
instance 1 vlan 10 20 #Associate vlan 10 and vlan 20 with instance 1 of the spanning tree protocol
instance 2 vlan 30 40 #Associate vlan 30 and vlan 40 with instance 2 of the spanning tree protocol
active region-configuration #Activate multiple generation Tree protocol
interface GigabitEthernet0/0/3 #Configure G0/0/3 interface
description to LSW5-G0/0/1 #Describe the opposite end of the interface to G0/0/1 port of LSW5
port link-type trunk #G0/ Interface 0/1 is configured as trunk trunk mode
port trunk allow-pass vlan 30 200 #Configure the vlan 30 and 200 that G0/0/1 allows to pass.
stp instance 2 port priority 160 #Configure the priority of instance 2 on the G0/0/1 port as 160
stp instance 2 cost 200000 # Configure the STP cost of port G0/0/1 to be 200000
interface GigabitEthernet0/0/4 #Configure G0/0/4 interface
description to LSW6-G0/0/1 #Describe the opposite end of the interface to the G0/0/1 port of LSW6 port
link-type trunk #G0/0/ The 4 interface is configured as trunk trunk mode
port trunk allow-pass vlan 40 200 #Configure the vlan 40 and 200 that G0/0/4 allows to pass through
stp instance 2 port priority 160 #Configure the priority of instance 2 on the G0/0/4 port as 160
stp instance 2 cost 200000 #Configure the STP cost of port G0/0/4 to be 200000
2. Configure vlan 10 and vlan 20 for standby forwarding, and vlan 30 and vlan 40 for primary forwarding
LSW2:
System-view #Enter system view
stp instance 1 root secondary #Spanning tree protocol instance 1 adopts primary primary
stp instance 2 root primary #Spanning tree protocol Example 2 uses secondary
stp pathcost-standard legacy #Spanning tree protocol uses Huawei algorithm
stp region-configuration #Configure multiple spanning tree protocol MSTP
region-name MSTP1 #Configure multiple spanning tree protocol name as MSTP1
revision-level 1 #Configure spanning tree protocol Level
instance 1 vlan 10 20 #Associate vlan 10 and vlan 20 with instance 1 of the spanning tree protocol
instance 2 vlan 30 40 #Associate vlan 30 and vlan 40 with instance 2 of the spanning tree protocol
active region-configuration #Activate multiple generation tree protocol
3. Configure the MSTP multiple spanning tree protocol
LSW3 of vlan 10:
System-view
stp pathcost-standard legacy #Spanning tree protocol adopts Huawei algorithm
stp region-configuration #Configure multiple spanning tree protocol MSTP
region-name MSTP1 #Configure multiple spanning tree protocol name For MSTP1
revision-level 1 #Configure the level of spanning tree protocol
instance 1 vlan 10 20 #Associate vlan 10 and vlan 20 with instance 1 of spanning tree protocol
instance 2 vlan 30 40 #Associate vlan 30 and vlan 40 with spanning tree protocol Instance 2 associated
active region-configuration #Activate Multiple Spanning Tree Protocol
4. Configure the MSTP multiple spanning tree protocol
LSW4 of vlan 20:
System-view #Enter system view
stp pathcost-standard legacy #Spanning tree protocol adopts Huawei algorithm
stp region-configuration #Configure multiple spanning tree protocol MSTP
region-name MSTP1 #Configure multiple The name of the spanning tree protocol is MSTP1
revision-level 1 #Configure the level of the spanning tree protocol
instance 1 vlan 10 20 #Associate vlan 10 and vlan 20 with instance 1 of the spanning tree protocol
instance 2 vlan 30 40 #Associate vlan 30 and vlan 40 with Instance 2 of the spanning tree protocol is associated with
active region-configuration #Activate multiple spanning tree protocols
5. Configure the MSTP multiple spanning tree protocol
LSW5 of vlan 30:
System-view #Enter the system view
stp pathcost-standard legacy #Spanning tree protocol adopts Huawei algorithm
stp region-configuration #Configure multiple spanning tree protocol MSTP
region-name MSTP1 #Configure multiple The name of the spanning tree protocol is MSTP1
revision-level 1 #Configure the level of the spanning tree protocol
instance 1 vlan 10 20 #Associate vlan 10 and vlan 20 with instance 1 of the spanning tree protocol
instance 2 vlan 30 40 #Associate vlan 30 and vlan 40 with Instance 2 of the spanning tree protocol is associated with
active region-configuration #Activate multiple spanning tree protocols
6. Configure the MSTP multiple spanning tree protocol
LSW6 of vlan 40:
System-view #Enter system view
stp pathcost-standard legacy #Spanning tree protocol adopts Huawei algorithm
stp region-configuration #Configure multiple spanning tree protocol MSTP
region-name MSTP1 #Configure multiple The name of the spanning tree protocol is MSTP1
revision-level 1 #Configure the level of the spanning tree protocol
instance 1 vlan 10 20 #Associate vlan 10 and vlan 20 with instance 1 of the spanning tree protocol
instance 2 vlan 30 40 #Associate vlan 30 and vlan 40 with Instance 2 of the spanning tree protocol is associated with
active region-configuration #Activate multiple spanning tree protocols
(4) Configuring DHCP
1. Configure the DHCP address pool AR1 on the router :
System-view #Enter the system view
Sysname AR1 #Name the router as AR1
router id 1.1.1.1 #Configure the router id of the ospf protocol
dhcp enable #Enable the DHCP service
ip pool vlan10 #Configure the address pool vlan10
gateway-list 192.168.10.254 #Specify the gateway ip address of the address pool vlan10
network 192.168.10.0 mask 255.255.255.0 #Specify the network range of the address pool
excluded-ip-address 192.168.10.252 192.168. 10.253# The address pool excludes the ip address of vlan 10 configured on LSW1 and LSW2, so as to prevent the ip address dynamically assigned to the user terminal by the DHCP service from conflicting with the ip configured on LSW1 or LSW2
ip pool vlan20 #Configure the address pool vlan20
gateway-list 192.168.20.254 #Specify the gateway ip address of the address pool vlan20
network 192.168.20.0 mask 255.255.255.0 #Specify the network range of the address pool
excluded-ip-address 192.168.20.252 192.168. 20.253# The address pool excludes the ip address of vlan 20 configured on LSW1 and LSW2, so as to prevent the ip address dynamically assigned to the user terminal by the DHCP service from conflicting with the ip configured on LSW1 or LSW2
ip pool vlan30 #Configure the address pool vlan20
gateway-list 192.168.30.254 #Specify the gateway ip address of the address pool vlan20
network 192.168.30.0 mask 255.255.255.0 #Specify the network range of the address pool
excluded-ip-address 192.168.30.252 192.168. 30.253# The address pool excludes the ip address of vlan 20 configured on LSW1 and LSW2, so as to prevent the ip address dynamically assigned to the user terminal by the DHCP service from conflicting with the ip configured on LSW1 or LSW2
ip pool vlan40 #Configure the address pool vlan40
gateway-list 192.168.40.254 #Specify the gateway ip address of the address pool vlan40
network 192.168.40.0 mask 255.255.255.0 #Specify the network range of the address pool
excluded-ip-address 192.168.40.252 192.168. 40.253# The address pool excludes the ip address of vlan 40 configured on LSW1 and LSW2, so as to prevent the ip address dynamically assigned to the user terminal by the DHCP service from conflicting with the ip configured on LSW1 or LSW2
interface GigabitEthernet0/0/1 #Configure G0/0/1 interface
ip address 172.16.1.1 255.255.255.0 #Configure G0/0/1 interface ip address
dhcp select global #Configure G0/0/1 interface to enable DHCP global mode
interface GigabitEthernet0/0/2 #Configure G0/0/2 interface
ip address 172.16.2.1 255.255.255.0 #Configure G0/0/2 interface ip address
dhcp select global #Configure G0/0/2 interface to enable DHCP global mode
ospf 1 # #Configure OSPF routing protocol
area 0.0.0.0 #Enter area 0.0.0.0
network 172.16.1.0 0.0.0.255 #Configure ospf area 0 network ip and reverse mask
network 172.16.2.0 0.0.0.255 #Configure ospf area 0 network ip and reverse mask
2. Configure DHCP relay System-view on LSW1
#Enter system view
dhcp enable #Enable DHCP service function
interface Vlanif10 #Configure vlan 10
ip address 192.168.10.253 255.255.255.0 #Configure for vlan 10 ip address and subnet mask
dhcp select relay #Enable dhcp relay on vlan 10
dhcp relay server-ip 172.16.1.1 #Specify the DHCP relay server ip address of vlan 10
interface Vlanif20 #Configure vlan 20
ip address 192.168.20.253 255.255.255.0 #Configure ip address and subnet mask for vlan 20
dhcp select relay #Enable dhcp relay on vlan 20 dhcp
relay server-ip 172.16.1.1 #Specify vlan 20 DHCP relay server ip address
interface Vlanif30 #Configure vlan 30
ip address 192.168.30.253 255.255.255.0 #Configure ip address and subnet mask for vlan 30
dhcp select relay #Enable dhcp relay on vlan 30 dhcp
relay server-ip 172.16.1.1 #Specify vlan 30 DHCP relay server ip address
interface Vlanif40 #Configure vlan 40
ip address 192.168.40.253 255.255.255.0 #Configure ip address and subnet mask for vlan 40
dhcp select relay #Enable dhcp relay on vlan 40 dhcp
relay server-ip 172.16.1.1 #Specify vlan 40 DHCP relay server ip address
interface Vlanif200 #Configure vlan 200
ip address 172.16.1.2 255.255.255.0 #Configure ip address and subnet mask for
vlan 200 dhcp select relay #Enable dhcp relay on vlan 200
dhcp relay server-ip 172.16.1.1 #Specify vlan 200 DHCP relay server ip address
3. Configure DHCP relay System-view on LSW2
#Enter system view
dhcp enable #Enable DHCP service function
interface Vlanif10 #Configure vlan 10
ip address 192.168.10.252 255.255.255.0 #Configure ip address and subnet mask
dhcp for vlan 10 select relay #Enable dhcp relay on vlan 10 dhcp
relay server-ip 172.16.2.1 #Specify the DHCP relay server ip address of vlan 10
interface Vlanif20 #Configure vlan 20
ip address 192.168.20.252 255.255.255.0 #Configure ip address and subnet mask for vlan 20
dhcp select relay #Enable dhcp relay on vlan 20
dhcp relay server-ip 172.16.2.1 #Specify vlan 20 DHCP relay server ip address
interface Vlanif30 #Configure vlan30
ip address 192.168.30.252 255.255.255.0 #Configure ip address and subnet mask for vlan 30
dhcp select relay #Enable dhcp relay on vlan 30 dhcp
relay server-ip 172.16.2.1 #Specify vlan 30 DHCP relay server ip address
interface Vlanif40 #Configure vlan 40
ip address 192.168.40.252 255.255.255.0 #Configure ip address and subnet mask for vlan 40
dhcp select relay #Enable dhcp relay on vlan 40 dhcp
relay server-ip 172.16.2.1 #Specify vlan 40 DHCP relay server ip address
(5) Configure BFD link detection:
1. Configuration on AR1 router:
System-view #Enter system view
Bfd #Enable bfd link status detection function
bfd 1 bind peer-ip 172.16.1.2 interface GigabitEthernet0/0/1 source-ip 172.16.1.1 #Configure bfd session 1 Bind the ip address of the peer end with the outgoing interface of the local end and the source ip address of the local end
discriminator local 10 #Configure the identity of the local end as 10
discriminator remote 20 #Configure the identity of the peer end as 20
commit #Execute immediately
bfd 2 bind peer-ip 172.16.2.2 interface GigabitEthernet0/0/2 source-ip 172.16.2.1 #Configure bfd session 2 to bind the ip address of the peer, and the outgoing interface of the local end and the source ip address of the local end discriminator local 30 #Configure
this The identification of the end is 30
discriminator remote 40 #Configure the identification of the other end as 40
commit #Execute immediately
2. Configuration of LSW1 switch
System-view #Enter system view
Bfd #Enable bfd link status detection function
bfd 1 bind peer-ip 172.16.1.1 interface Vlanif200 source-ip 172.16.1.2 #Configure bfd session 1 to bind the peer’s ip address , and the outgoing interface of the local end and the source ip address of the local end
discriminator local 20 #Configure the identity of the local end as 20
discriminator remote 10 #Configure the identity of the peer end as 10
commit #Execute interface Vlanif10 immediately
#Configure vlan 10
vrrp vrid 1 track bfd-session 20 reduced 50 #Configure vrrp running in vlan 10 to call bfd session 20. When the BFD session detects a link failure in the layer 3 network, reduce the priority of vrrp to 50, that is, the configured 120-50=70, lower than the peer The priority of vrrp is 80, so that the peer can switch from the backup state to the master state.
interface Vlanif20 #Configure vlan 20
vrrp vrid 2 track bfd-session 20 reduced 50 #Configure vrrp running in vlan 20 to call bfd session 20. When the BFD session detects a link failure in the layer-3 network, reduce the priority of vrrp to 50 , that is, the configured 120-50=70, which is lower than the peer vrrp priority 80, so that the peer can switch from the backup state to the master state.
3. Configuration of LSW2 switch
System-view #Enter system view
Bfd #Enable bfd link status detection function
bfd 2 bind peer-ip 172.16.2.1 interface Vlanif200 source-ip 172.16.2.2 #Configure bfd session 2 to bind the peer’s ip address , and the outgoing interface of the local end and the source ip address of the local end
discriminator local 40 #Configure the identity of the local end to 30
discriminator remote 30 #Configure the identity of the peer end to 40
commit #Immediately execute
interface Vlanif30 #Configure vlan 30
vrrp vrid 3 priority 120 #Configure vlan The priority of vrrp group 3 in 30 is 120
vrrp vrid 3 track bfd-session 40 reduced 50 #Configure vrrp running in vlan 30 to call bfd session 40, when the BFD session detects a link failure in the layer-3 network, reduce vrrp The priority of 50, that is, the configured 120-50=70, is lower than the priority 80 of the peer vrrp, so that the peer can switch from the backup state to the master state.
interface Vlanif40 #Configure vlan 40
vrrp vrid 4 priority 120 #Configure the priority of vrrp group 4 in vlan 40 to 120
vrrp vrid 4 track bfd-session 40 reduced 50 #Configure vrrp running in vlan 40 to call bfd session 40, when BFD After the session detects a link failure in the layer-3 network, the priority of vrrp is reduced to 50, that is, the configured 120-50=70, which is lower than the priority of 80 of the peer vrrp, so that the peer can switch from the backup state to the master state.
4. Verification results
1. PC1 192.168.10.251/24 of vlan 10 accesses router interface 172.16.2.1/24
(1) When accessing pc1 of vlan 10, access from the predetermined main link, as shown in the figure below:
(2) Check the IP address obtained by the PC and verify the DHCP service
(3) When pc1 of vlan 10 accesses from the predetermined main link, the packet capture at the G0/0/1 and G0/0/7 interfaces of LSW1 is as follows:
The VRRP packet in the above figure is used to generate the configuration that PC1 will automatically switch to the backup link if the upper-layer main link fails when it accesses the upper-layer main link.
The OSPF packet in the above figure is used to establish the neighbor adjacency relationship between the switch LSW1 and the router AR1, and establish a layer-3 routing access link so that different network segments can access each other. 
The BFD packet in the above figure is the BFD session established between LSW1 and AR1. When this link fails, when VRRP invokes the BFD session, the level of VRRP is lowered to 50, so that the backup link of VRRP becomes the main link road. The command is as follows:
interface Vlanif10
vrrp vrid 1 track bfd-session 20 reduced 50
Note: If no BFD session is configured, PC1 will not be able to detect the link failure between LSW1 and AR1 when accessing the upper-layer network, so PC1 will not be able to access networks other than the router.
2. After PC1 (192.168.10.251) of vlan 10 accesses the router 172.162.1, when the Layer 2 network in the main link fails, PC1 will first find the gateway 192.168.10.254. 192.168.10.254 is the virtual router in vrrp vrid 1. ip, even after the physical link of the second layer is disconnected, the gateway of the virtual ip can be found from LSW2, so at this time, PC1 accesses the upper network through LSW2 (
1) Disconnect the physical connection of the G0/0/1 interface on LSW3, Capture packets on the G0/0/2 interface of LSW2 as shown below:
(2) At this time, the LSW1 device is not broken. In the vrrp group, it is still the PC1 master device of vlan 10, so after the data packet travels from PC1 to LSW2, it does not directly reach the router's 172.16. .1.1, and then to 172.16.2.1.
At this time, when we capture packets on the G 0/0/1 interface of AR1, we can get verification, as shown in the following figure:
3. The device on the main link fails. PC1 (192.168.10.251) of vlan 10 accesses the router 172.162.1. After the main VRRP device LSW1 in this main link fails, LSW2 waits for 20 seconds, and the standby VRRP preempts to become the main VRRP , make the backup link take effect, you can see the change of VRRP in VLAN 10 from Master to backup on LSW1.
(1) When the main VRRP device LSW1 is normal, the vlan 10 vrrp status of LSW2 is backup, as shown in the following figure:
When all devices and links are normal, the vrrp status of vlan 30 and vlan 40 on LSW2 is master, which is consistent with the previously planned load balancing, as shown in the following figure:
(2) After the main vrrp device LSW1 fails, look at the vrrp corresponding to vlan 10 to preempt from the backup to the master main vrrp, as shown in the following figure:
(3) Look at the flow direction from pc1 of vlan10 to the interface 172.16.2.1 of the router, capture packets on the G0/0/7 interface of LSW2, and obtain the gateway path through the tracert 172.16.2.1 command, as shown in the figure below:
4. First look at the vlan 30 in the normal state, and the settings of PC3
(1) The PC is set to DHCP mode, and obtains the ip address from the DHCP server. The VRRP configured on LSW2 is the master vrrp of vlan 30. , so the network traffic goes from LSW5 to LSW2, as shown in the figure below:
(2) IP address planning in the network segment:
192.168.30.254 /24 has been assigned to this network segment as the virtual routing ip, that is, the gateway ip of this network segment.
192.168.30.253 /24 has been assigned to vlan 30 of LSW1 to maintain the operation of VRRP.
192.168.30.252 /24 has been assigned to vlan 30 of LSW2 to maintain the operation of VRRP.
Therefore, this network segment can be allocated to the address pool used by user terminals, 192.168.30.0 /24, in fact the largest is 251, as shown in the following figure:
When configuring an address pool on AR1, the three IP addresses 192.168.30.252, 192.168.30.253, and 192.168.30.254 need to be excluded from the address pool; otherwise, IP conflicts will occur.
Note: The rest of the network segments can be deduced in the same way.
(3) When all devices and links are operating normally, the pc3 network traffic direction in vlan 30 is as shown in the figure below:
After capturing the packet from the G0/0/2 interface of the AR1 router in the above figure, there is an icmp ping command to return the packet. Therefore, the traffic is sent to AR1 through LSW2, and then AR1 returns the data packet to LSW2, and then returns to PC3 through LSW5.
5. After testing the failure of the Layer 2 link of vlan 30, the network runs normally.
(1) Analyze the instance 2 of the MSTP spanning tree protocol, and pay attention to the change of the root port, as shown in the figure below:
(2) Test the network traffic path from PC3 of vlan 30 to 172.16.1.1 of router AR1.
Through the packet capture analysis on the G0/0/7 interface of LSW1 and LSW2, it can be seen that the request of the ping packet is sent from the G0/0/7 interface of LSW2 to the router AR1. At the same time, the G0/0/7 port of LSW1 received the replay response of the ping packet, so at this time, the network traffic is not the principle of source-in and source-out, and the request is forwarded according to the priority of MSTP+VRRP. The response replay is based on the shortest path first principle of the OSPF protocol.
(3) Now we check the working status of the OSPF protocol as follows:
(4) By executing the tracert 172.16.1.1 command on PC3, trace the route from vlan 30 to the router interface 172.16.1.1, and verify the flow direction of the request packet again, as shown in the following figure:
6. When the layer 3 network link from AR1 to LSW2 fails, the test network of vlan 30 is running normally, as shown in the figure below:
As can be seen from the figure above, the request packets and response packets of the network traffic go through the same link, that is, source-in and source-out.
7. After testing the failure of the LSW2 device, the network from vlan30 to the router is running normally
(1) On PC3, the response of the target can be obtained by using ping 172.16.1.1, tracert 172.16.1.1, and ipconfig /renew, as shown in the figure below:
(2) Check the vrrp status on LSW1 at this time, vlan 10, vlan 20, vlan 30, and vlan 40 are all in master status, as shown in the figure below. (When LSW2 is working normally, only vlan 10 and vlan 20 are in the master state on LSW1 to achieve load balancing of network traffic.)
本文结合了MSTP多生成树协议,采用了实例1(负责vlan 10与vlan 20的流量)与实例2(负责vlan 30与vlan 40的流量)实现了网络流量的负载均衡;
VRRP虚拟路由冗余协议实现了设备故障后的冗余;
DHCP服务给用户终端分配ip地址,同时将虚拟的ip作为用户终端的网关,当物理链路故障或物理设备故障后,用户终端设备不需要修改任何配置的情况下,仍然保持了业务的连续性,实现了网络可靠性的需求;
采用了Eth-trunk链路聚合技术,将2条物理链路捆绑成为1条逻辑链路,既能增加带宽,又可增强可靠性,其中1条物理链路断开后,仍有1条能继续工作,确保网络业务不中断。
还采用了BFD的三层链路检测,当用户终端感知不到三层网络链路故障时,照常转发的数据包,不会因缓存记录保存过之前的三层网络路径因故障而断开,会自动切换到好的链路上,进一步确保了三层网络的可靠性。
本文结束,不足之处敬请批评指正!