Link aggregation and VRRP link aggregation

In order to ensure the stability of our corporate network, it is not enough to back up the equipment. We also need to back up our links. Avoid a link failure, causing the network to be unable to communicate normally.

But because of the existence of STP (Layer 2 link), no matter how many backup links you add, you will eventually retain only one. Although this is also a kind of backup, the backup resources cannot be used under normal circumstances. , resulting in low link utilization.

Therefore, we hope to increase link utilization and bandwidth while backing up link resources. Link aggregation technology can be used here .

Ethernet link aggregation Eth-Trunk: referred to as link aggregation, by bundling multiple physical interfaces into a logical interface, the purpose of increasing link bandwidth can be achieved without hardware upgrades.

basic terminology

1. Liüik Aggregation Group (LAG): A logical link formed by bundling several links together. Each aggregation group uniquely corresponds to a logical interface, which is also called a link aggregation interface or an Eth-Trunk interface .

2. Member interfaces and member links : Each physical interface that makes up an Eth-Trunk interface is called a member interface . The link corresponding to a member interface is called a member link .

3. Aggregation mode : Depending on whether LACP (Link Aggregation Control Protocol) is turned on or not, link aggregation can be divided into manual mode and LACP mode .

4. Active interfaces and active links: Active interfaces are also called selected interfaces and are member interfaces that participate in data forwarding. The link corresponding to the active interface is called an active link (Active link)

5. Inactive interfaces and inactive links: Also called unselected interfaces, they are member interfaces that do not participate in forwarding data. The link corresponding to the inactive interface is called an inactive link.

Configure the conditions for link aggregation

1. In order for the link aggregation interface to work normally, the peer interfaces of all member interfaces in the local link aggregation interface must be ensured:

(1) Belong to the same device

(2) Join the same link aggregation interface

(3) Huawei equipment requires that the member interfaces added to the aggregation interface must have the same speed, duplex mode, and the same interface type, including the VLAN running list and PMID allowed by the interface. ( The configuration cannot exist before configuration, and it is configured on the aggregation port after aggregation .)

manual mode

1. Manual mode: The establishment of Eth-Trunk and the addition of member interfaces are manually configured, and LACP is not used for negotiation between the two systems.

2. Under normal circumstances, all links are active links. In this mode, all active links participate in data forwarding and share the traffic equally. If an active link fails, the link aggregation group automatically switches to the remaining active links. Share the traffic evenly. --- The load sharing mode here is optional .

3. When one of the devices at both ends of the aggregation does not support the LACP protocol, you can use manual mode.

Load sharing

1. Eth-trunk supports load balancing based on the IP address or MAC address of packets. Different modes (valid locally, valid for outbound packets) can be configured to distribute data flows to different member interfaces.

2. Common patterns include: source IP, source MAC, destination IP, destination MAC, source and destination IP, and source and destination MAC.

3. In actual business, users need to choose and configure appropriate load sharing methods based on business traffic characteristics. The more frequently a certain parameter in business traffic changes, the easier it is to achieve load balancing by choosing a load sharing method related to this parameter.

Manual mode configuration

1. Create a link aggregation group

[sw1]interface Eth-Trunk 0 Create channel interface

[sw1-Eth-Trunk0]q

[sw1]interface GigabitEthernet 0/0/1 Add the physical interface to the channel

[sw1-GigabitEthernet0/0/1]eth-trunk 0 //[LSW1-Eth-Trunk1]trunkport GigabitEthernet 0/0/1 This also works

[sw1-GigabitEthernet0/0/1]int g0/0/2

[sw1-GigabitEthernet0/0/2]eth-trunk 0

[sw1-Eth-Trunk0]load-balance ? Flow-based selection

dst-ip According to destination IP hash arithmetic

dst-mac According to destination MAC hash arithmetic

src-dst-ip According to source/destination IP hash arithmetic

src-dst-mac According to source/destination MAC hash arithmetic

src-ip According to source IP hash arithmetic

src-mac According to source MAC hash arithmetic

[sw1-Eth-Trunk0]load-balance { ip | packet-all } Modify flow-based or packet-based

Note: For Huawei equipment, the configuration of the equipment can be modified later on through the eth-trunk port;

LACP mode

1.LAC is Link Aggregation Control Protocol, which is the abbreviation of Link Aggregation Control Protocol.

2. LACP mode: A link aggregation mode using the LACP protocol. Devices interact through Link Aggregation Control Protocol Data Unit (L.ACPDU), and protocol negotiation ensures that the opposite end is a member interface of the same device and the same aggregate interface.

3. The LACR.DU message contains device priority, MAC address, interface priority, interface number, etc.

4. In LACP mode, the number of active interfaces selected by the devices at both ends must be consistent, otherwise the link aggregation group cannot be established. At this time, one end can be made the active end, and the other end (passive end) selects the active interface based on the active end.

5. Determine the active end through the system LACP priority. The smaller the value, the higher the priority.

6. After the active end is selected, both ends will select the active interface based on the interface priority of the active end. The interface with a higher priority will be selected as the active interface first. The smaller the interface LACP priority value, the higher the priority.

7. LACP mode supports configuring the maximum number of active interfaces. When the number of member interfaces exceeds the maximum number of active interfaces, the better interface will be selected as the active interface by comparing the interface priority and interface number, and the rest will become backup ports (inactive interfaces). ), and the corresponding links become active links and inactive links respectively. The switch will only send and receive packets from active interfaces.

8. When a link failure occurs in an active link, a link with the highest priority (comparison of interface priority and interface number) can be found from the inactive link to replace the failed link, so that the overall bandwidth does not change. Uninterrupted forwarding of business.

Active link election

LACP mode configuration

[LSW1] interface eth-trunk 1 //Create an Eth-Trunk interface and enter the Eth-Trunk interface view.

[LSW1-Eth-Trunk1] mode lacp-static //Configure the link aggregation mode to lacp

[LSW1]int g0/0/1

[LSW1-GigabitEthernet0/0/1] eth-trunk 1

[LSW1]int g0/0/2

[LSW1-GigabitEthernet0/0/2] eth-trunk 1

[LSW1]int g0/0/3

[LSW1-GigabitEthernet0/0/3] eth-trunk 1

[LSW1]int g0/0/4

[LSW1-GigabitEthernet0/0/4] eth-trunk 1

[LSW2]int g0/0/1

[LSW2-GigabitEthernet0/0/1] eth-trunk 1

[LSW2]int g0/0/2

[LSW2-GigabitEthernet0/0/2] eth-trunk 1

[LSW2]int g0/0/3

[LSW2-GigabitEthernet0/0/3] eth-trunk 1

[LSW2]int g0/0/4

[LSW2-GigabitEthernet0/0/4] eth-trunk 1

[LSW1] interface eth-trunk 1

[LSW1-Eth-Trunk1] [Huawei-Eth-Trunk1]max active-linknumber 2 //The maximum number of active interfaces is 2

VRRP

VRRP (Virtual Router Redundancy Protocol ) can not only realize gateway backup, but also solve the problem of conflicts between multiple gateways, thus improving network reliability .

1. User terminals in the LAN usually access the external network by configuring a default gateway. If the default gateway device fails, the traffic of all user terminals accessing the external network will be interrupted. Single points of failure can be solved by deploying multiple gateways, but conflicts between multiple gateways need to be resolved.

2. Problems faced by a single gateway

Once the port is down, it will be gone.

3. When the gateway Router fails, the hosts in this network segment that use this device as the gateway cannot communicate with the Internet.

VRRP---by combining several routing devices to form a virtual "routing device", a certain mechanism is used to ensure that when the host's next-hop routing device fails, the business is switched to the backup routing device in a timely manner, thereby maintaining communication. continuity and reliability.

Basic concepts of VRRP

1. VRRP router : Router running VRRP protocol, such as R1 and R2. VRRP is configured on the router's interface, and it also works based on the interface.

2.VRID : A VRRP group consists of multiple routers (interfaces) that work together and are identified by the same VRID (VirtualRouter identifier). Routers belonging to the same VRRP group exchange VRRP protocol messages and generate a virtual "router". Only one Master router can appear in a VRRP group.

3. Virtual router : VRRP abstracts a virtual "router" (Virtual Router) for each group. This router is not a real physical device, but a logical device virtualized by VRRP. A VRRP group will only generate one virtual router.

4. Virtual IP address and virtual MAC address : The virtual router has its own IP2 address and MAC address. The IP address is specified by the network administrator when configuring VRRP. A virtual router can have one or more P addresses. Normally The user uses this address as the gateway address. The format of the virtual MAC address is "0000-5eo0-01xx", where xx is the VRID.

5. Master router : The Master router "takes the task of packet forwarding in a VRRP group. In each VRRP group, only the Master router will respond to the ARP Request for the virtual IP address. The Master router will periodically Send VRRP messages continuously to notify the Backup routers in the same VRRP group about its survival status.

6.Backup router : Also known as backup router. The Backup router will listen to the VRRP messages sent by the Master router in real time, and it is ready to take over the work of the Master router at any time.

7.Priority : The priority value is the basis for electing the Master router and the Backup router. The priority range is 0-255. The larger the value, the higher the priority. If the values are equal, the size of the interface P address is compared, and the larger one takes precedence.

VRRP timer

During the working process of VRRP protocol, VRRP defines two timers:

1.ADVER_INTERVAL timer: The time period for the Master to send VRRP notification messages. The default value is 1 second .

2.MASTER_DOWN timer: After the Backup device times out when listening to this timer, it will change to the Master state.

The MASTER_DOWN timer calculation formula is as follows:

(1) MASTER_DOWN = (3*ADMER._INTERVAL) + Skew_time (offset time)

(2) Among them, Skew_Time= (256-Priority) /256

VRRP master and backup election

Primary and secondary election process when VRRP priorities are not equal

1. The MRRP priority of R1's interface is 200, and the VRRP priority of R2's interface is 100. After the two devices complete initialization, they first switch to the Backup state.

2. R1 and R2 switch from Backup to Master state according to the timeout of their respective MASTER_DOWN timers, so R1 switches to Master state faster than R2.

3. R1 and R2 perform Master election by sending VRRP messages to each other. The one with higher priority is elected as the Master device, so R1 is elected as the Master router.

4. After R1 is elected as the Master router, it immediately sends free ARP packets to notify the virtual MAC address to the devices and hosts connected to it.

Active and standby election process when MRRP priorities are equal

1. The MRRP priorities of the GEO/0/0 interfaces of R1 and R2 are both 200. After the two devices complete initialization, they first switch to the Backup state.

2. Since the priorities are the same, after the MASTER_DOWN timers of R1 and R2 expire, they will switch from the Backup state to the Master state at the same time.

3. R1 and R2 exchange VRRP messages with the same priority and elect the Master router by comparing the interface I address. Since the interface IP address of R2 is greater than the interface P address of R1, R2 is elected as the Master router.

4. After R2 is elected as the Master router, it immediately sends free ARP packets to notify the virtual MAC address to the devices and hosts connected to it.

When the router interface is configured as the IP address owner of VRRP (the interface P address is the same as Virtual P), the router does not need to wait for any timer to expire and can directly switch to the Master state.

1. The VRRP priorities of the GEO/0/0 interfaces of R1 and R2 adopt the default configuration (default is 100), but the IP address of the GEO/O/0 interface of R1 is the same as the VirtualP address.

2. The GEO/0/0 interface of R1 directly switches to the Master state, and R1 becomes the Master router.

VRRP active/standby switchover

1. Under normal circumstances, the Master device is responsible for forwarding user packets. As shown in the figure, all user traffic reaches the Internet through R1.

2. When R1 fails, the network will re-elect the VRRP master and backup devices, as shown in the figure. At this time, R2 will become the new Master device and be responsible for forwarding user packets.

3. When R1 recovers from the fault, the network will re-elect the VRRP master and backup devices. Since R1 has a higher priority than R2, R1 becomes the new Master device again and is responsible for forwarding user packets.

VRRP preemption mode (Preempt Mode):

1. Preemption mode (activated by default) : If the Backup router activates the preemption function,

Then when it finds that the priority of the Master router is lower than itself, it will immediately switch to the Master state and become the new Master router.

2. Non-preemption mode : If the Backup router does not activate the preemption function, even if it finds that the Master router has a lower priority than itself, it can only remain in the Backup state until the Master router fails.

VRRP monitors uplink ports

1. If the user does not configure VRRP to monitor the uplink port, when the uplink interface or link of the Master device R1 in the VRRP backup group fails, the VRRP backup group cannot detect it and the Master cannot forward traffic to the outside. However, since the master/backup switch does not occur, a traffic black hole occurs.

Combined application of VRRP and MSTP

1. MSTP is an instance of mapping one or more VLANs to a spanning tree. Several VLANs share a spanning tree, and MSTP can achieve load balancing.

2. VRRP configuration gateway can flexibly switch automatically according to changes in network topology, improving network reliability. 3.VRRP+MSTP can achieve load sharing while ensuring network redundancy backup.

Basic configuration of VRRP

[R2-GigabitEthernet0/0/1]vrrp vrid 1 virtual-ip 192.168.1.254 //Assign virtual ip

[R2-GigabitEthernet0/0/1]vrrp vrid 1 priority 120 //Give priority

Both routers need to be configured, but the second one has a smaller priority.

[R2-GigabitEthernet0/0/1] vrrp vrid 1 track interface GigabitEthernet0/0/0 reduced 30 //If the upstream port (0/0/0) is found to be blocked, the priority of (0/0/1) will be reduced by 30