Table of contents
Related basic concepts involved in VSU
Principles of VSU Packet Forwarding
Related basic concepts involved in VSU
Domain ID
Domain ID is the identifier of VSU, which is used to distinguish different VSUs
Only when the Domain IDs of the two switches are the same can they form a VSU
The range is 1~255, the default is 100
A network can have multiple domains
Device number (Switch ID)
Switch ID is the member number of the switch in the VSU
In stand-alone mode, the number of the interface adopts a two-dimensional format, "slot number/interface number" (for example, GigabitEthernet 1/3)
In the VSU mode, the numbering of the interface adopts a three-dimensional model, "member number/slot number/interface number" (for example, GigabitEthernet 1/1/3); therefore, we need to ensure that the member number is unique in a VSU domain
The range is 1~8, the default is 1
device priority
Device priority is used to elect the active and standby roles
The higher the device priority, the greater the possibility of being elected as the master device (but not necessarily elected as the master device)
The range is 1~255, the default is 100
Equipment Priority Classification
The device priority is divided into configuration priority and operation priority;
Configuration priority: the priority configured during VSU operation
Running priority: The configuration priority saved in the configuration file at startup (it will not change during the running of the VSU, and will only be changed after the configuration priority is modified and saved and restarted after the VSU device is restarted)
VSL (Virtual Switched Link)
VSL is a special aggregation link for transmitting control information and data flow information between devices of the VSU system
A VSL port exists in the form of an aggregated port group, which is a logical port
Add physical ports to VSL ports, these physical ports are called VSL member ports
A VSL member port can be a stack port, an Ethernet port, or an optical port. The specific ports that can be used as VSL member ports depend on the model of the device.
Different member ports use different connection media
The stack port is a member port: special stack cables are required to connect
The Ethernet interface is a member port: use a crossover cable to connect to the VSL port
Optical port as a member port: connect through optical module + optical fiber connection
VSU General Limitations
1. 40G one-to-four ports does not support VSL link
2. It is forbidden to use copper cable group VSU for high-end chassis equipment
3. The VSL port does not support the rate adaptation of the port, and only supports the maximum capacity rate of the port to take effect. For example, the 10-Gigabit port can only use the 10-Gigabit optical module for networking, and cannot use the Gigabit optical module to adapt to Gigabit to form a VSL chain. road
4. The interface rates at both ends of the VSL link must be the same
2 working modes of VSU
Standalone mode (standalone)
That is, the device does not have VSU enabled (the default is this mode)
VSU mode
To build a VSU, the working mode of the device must be switched to VSU mode
For a VSU system that supports using a stack port as a VSL member port, if the system recognizes a stack port during startup, it will automatically activate to the VSU mode
3 device roles of VSU
Each device in the VSU becomes a member device, and member devices are divided into three roles according to their functions:
Active master device
Perform data forwarding and manage the entire VSU system
Standby slave device
It works as a backup device of Active, and only forwards data (when Active fails, Standby will automatically upgrade to Active to take over the work of the original Active)
Candidate device
It works as a standby device of Standby, and only forwards data (when Standby fails, the system will automatically elect a new Standby from Candidate to take over the work of the original Standby; when the Active fails, the Standby is automatically upgraded to Active to take over the work of the original Active) , the system will automatically elect a new Standby from the Candidate to take over the work of the original Standby)
4 device states of VSU
Ok state
The device VSU is functioning normally and is in a final stable state
Recovery recovery status
When the VSU system splits and BFD or link aggregation detection is configured, the standby device will be in this state
When two split VSU systems are merged, the side that lost the election will also be briefly in this state
In this state, the system will close all physical ports except the VSL port and the exception ports specified by the administrator.
Leave status
This state only exists during a device restart
Isolate isolated state
When the member numbers of the VSU members are the same, the VSU with lower priority will be in the Isolate state
At this time, the VSL link is Down
Split and Merger of VSU
VSU split
After the VSU reaches the OK state, member devices cannot communicate with each other due to a VSL link failure.
One VSU becomes two VSUs
VSU merged
For two stable VSUs, if their Domain IDs are the same, they can be merged into one VSU by adding a VSL connection between the two VSUs. This process is called VSU merging
VSU establishment process
VSL detection
After the member device starts up, it recognizes the physical port as a VSL port according to the configured VSL information, and starts VSL detection
VSL detection is mainly to detect the VSL connection relationship of directly connected devices. When the VSL status changes to Up, the device can start topology discovery.
topology discovery
Each device in the VSU collects the topology relationship of the entire VSU by exchanging VSU Hello packets with other member devices in the topology.
The VSU Hello message carries topology information, including the local member number, device priority, MAC address information, and VSU port connection relationship.
Each member will flood the topology with Hello packets on the VSL interface in the UP state. After receiving the Hello packets, other members will forward the packets from the non-ingress VSL interfaces in the UP state. Flooding, each member device can learn the entire topology information.
After the device collects topology information, it starts role election
VSU role election
The election rules for the Active role are as follows:
The host that finishes booting first takes precedence
The device with the highest priority is given priority
Smaller MAC address is preferred
The election rules for the Standby role are as follows:
The host that finishes booting second takes precedence
The device with the highest priority is given priority
Smaller MAC address is preferred
Precautions
1. The startup sequence of member devices may affect the election of the host; even if the priority of the hot-join device is higher than that of the currently running VSU system host and slave, the system will not switch between the master and slave roles (so VSU supports hot join)
2. Some member devices may not join the VSU system in time due to slow startup (currently, the VSU system converges directly if no neighbor is found within 5 minutes); in this case, the member device will perform hot join processing, Even if the priority is higher than that of the currently running VSU system host, the system will not switch roles
DAD
Currently, BFD and aggregation ports are supported for DAD
A dual-host detection link needs to be established between the two switches. When the VSL is disconnected, the two switches start to send detection packets through the dual-host detection link. Indicates that the peer end is still running normally, and there are two hosts
On the third layer, any virtual interface (Vlan interface, loop interface, etc.) of the two VSUs has the same configuration, which will cause IP address conflicts in the network.
BFD-based detection
Extended BFD is used for BFD detection, and dual-device detection cannot be configured through the existing BFD configuration and display commands.
The dual-active detection ports of BFD must be Layer 3 routing ports (Layer 2 ports, Layer 3 AP ports-link aggregation ports, and Layer 3 SVI ports-Vlanif ports cannot be used as BFD detection ports)
When the user converts the DAD port from a Layer 3 routing port to another type of port mode, the BFD DAD configuration will be automatically cleared
When two or more devices establish a VSU, if you want to completely prevent the occurrence of dual hosts, you need to interconnect the switches to do BFD detection.
Based on aggregation port detection
The detection based on the aggregation port needs to be configured on the cross-device service aggregation port, and the peripheral devices must be able to forward private detection packets.
When two or more devices establish a VSU, it is recommended to use this mode for dual-active detection; (it must be ensured that the downlink access switch is a Ruijie device)
Principles of VSU Packet Forwarding
Each member device of the VSU device has complete Layer 2/Layer 3 forwarding capabilities
For a Layer 3 packet, no matter how many member devices it passes through in the VSU system, the number of hops is only increased by 1
VSU gives priority to local forwarding (same as Huawei local forwarding)
If a member switch receives a known unicast frame and needs to forward it to the aggregation port, it will preferentially select the member port of the aggregation port on the device, which can reduce the traffic flowing through the VSL
VSL is mainly used to transmit control packets. If too many data packets occupy the bandwidth of VSL and cause VSL congestion, the transmission of control packets will be affected.
If the link status of the aggregation port on all member ports of the device is DOWN, then the known unicast frame can only be forwarded to another chassis through VSL, and then forwarded out
For unknown unicast frames, multicast frames, and broadcast frames, priority local forwarding cannot be achieved, and load balancing can only be performed among all member ports of the stack
On devices with software version 11X, the local priority forwarding mode is used by default;
Through the no switch virtual aggregateport-lff enable command, the local priority forwarding feature of the AP port can be converted to cross-device traffic balancing
The no switch virtual ecmp-lff enable command can change the ECMP traffic mode from local preferential forwarding to cross-device traffic balancing.
VSU command configuration
Configure VSUs
Configure the Domain ID of the VSU (the Domain IDs of the same VSU must be the same)
switch virtual domain 1
switch 1 #Configure the member number (the member numbers of different devices must be inconsistent)
switch 1 priority 200 #configure device priority
Configure a VSL virtual link (vsl group number can only be 1 or 2)
vsl-aggregateport 1 (the command of some software versions is vsl-port, no need to configure the VSL group number)
port-member interface port 1 #Configure port 1 as a VSL member port
port-member interface port 2 #Configure port 2 as a VSL member port
Configure the working mode of the device as VSU
switch convert mode virtual
After the VSL link is up, change the working mode of the device; at this time, the device will restart, and it takes about 10 minutes for the VSU to be established.
Check whether the main and backup of the VSU are consistent with what we think
Note that VSU management must be performed on the main device
Show switch virtual #View the status of the main and backup devices of the VSU
Show ver slots #Check whether all line cards of the master and slave have been identified
Configuring DAD
Configure BFD-based DAD (both are configured on the master device, taking two DADs as an example)
Configure routing port
Interface g1/1/1 # g member number/slot number/interface number
no switchport #Configure this interface as a routing port
Interface g2/1/1 # g member number/slot number/interface number
no switchport
Enable the BFD detection switch of the VSU
Switch virtual domain 1
dual-active detection bfd #Configure dual active detection as BFD mode
dual-active pair interface g1/1/1 interface g2/1/1 #Configure a pair of routing ports as BFD detection ports
dual-active exclude interface g1/1/2 #Specify an exception port (generally configure the uplink routing port as an exception port)
dual-active exclude interface g2/1/2
Configure DAD based on aggregation ports (configure on the master device, take three DADs as an example)
Create an aggregation port (add the interconnected ports of stacking devices and access switches to this aggregation port)
Interface aggregateport 1
Interface g1/1/1
port-group 1 mode active
Interface g2/1/1
port-group 1 mode active
Interface g3/1/1
port-group 1 mode active
Enable the aggregation port detection switch of the VSU
Switch virtual domain 1
dual-active detection aggregateport #Configure dual-active detection as aggregate port mode
dual-active interface aggregateport 1 #Configure dual-active detection through aggregate port 1
Enable the proxy of the aggregation port on the access switch
Interface aggregateport 1
dad relay enable
Interface g1/0
port-group mode active
At this time, you can enable the GR function of the IGP protocol as needed.
During active/standby switchover of the VSU , dynamic routing protocols such as OSPF may be re-established, resulting in network termination or data flow path switching
After the GR function is configured, it can ensure that the forwarding layer can continue to guide data forwarding during the protocol restart/device active/standby switchover process, and ensure that the neighbor establishment and route calculation at the control layer will not affect the functions of the forwarding layer.
Explanation of GR technology and NSR technology
Adjacent device configuration helper (Ruijie device is enabled by default)
OSPF:
router ospf 1
graceful-restart
ISIS:
router isis 1
graceful-restart
BGP:
router bgp 1
bgp graceful-restart
LDP:
mpls router ldp
graceful-restart