View
1.264
Download
1
Category
Preview:
Citation preview
HP/H3C Advanced Enterprise Networking
Intelligent Resilient Framework (IRF)—Operation and Configuration
2010
1
� Section 1 IRF Principle and Implementation
� Section 2 Basic Configuration of the IRF
� Section 3 IRF Maintenance
� Section 4 Split Stack Detection
Contents
Daisy Chain
IRFv2: Members, Roles and Topology
Master Slave Slave Slave
IRF-port 1 IRF-port 2 IRF-port 1 IRF-port 2 IRF-port 1 IRF-port 2
Ring Master Slave
Slave Slave
IRF-port 1 IRF-port 2
IRF-port 1IRF-port 2
IRF-port 1 IRF-port 2
IRF-port 2 IRF-port 1
IRFv2 — IRF Connections
• IRFv2 systems are connected using any 10 GbE interface:– CX4
– SFP+
– XFP
– XENPAK
• Inexpensive Local Connection cables are available for CX4, SPF+ and XFP ports.
1
Basic Concept - UNIT ID
• UNIT ID identifies the unit/switch uniquely in the IRF Fabric.
• Auto numbering: The default Unit ID need not be con figured by the user and the Unit ID can be automatically allocated through the fabric cable connection.
• Manual numbering: In some special cases, the Unit I D can be manually modified through the command line.
Stringconnection
Ringconnection
4 3
1 2
1 2 3 4
1
Basic Concept - Master/Slave
• The Master Unit is elected from the Fabric to accom plish important operations (such as routing delivery).
• Slave: Other Units except Master.
• The Unit with the highest priority number is the ma ster.
1 2
4 3
Master Slave
Slave Slave
IRF Merge: Master Election
1. The current master wins, even if a new member has a higher priority. (When a new member is added, IRF merge does not happen.)
2. A member with a higher priority wins.
3. A member with the longest system up-time wins. (The precision of the system up-time is ten minutes.)
4. A member with the lowest bridge MAC address wins.
3Com Confidential
7
1
Basic Concept – IRF-Port
• Each unit has a logical IRF-Port defined
• Physical interfaces are placed into the logical IRF -Port
• IRF-Ports connect from Port 1 to Port 2 from device to device
1
Downlink portconnectsthe uplink port
1 2
2 1 2
3 1 2
1
Basic Concept – System Events
• IRF system events indicate the global events that p ossibly occur in the IRF, which need be processed by each Unit and m odule to ensure that the IRF can normally run upon these events.
• Simple system events include Unit Up and Unit Down
• Complicated system events include Join, Leave, Merg e and Split
• These events can basically describe all the changes in IRF.
1 2
4 3
Master Slave
Slave Slave
1
Basic Concept - Merge
• Merge: Two IRF systems are merged to form a new IRF system.
• Re-numbering may be caused in the case of auto numb ering.
• Two Masters will compete to gain a new Master.
• Configuration comparison: Units configured differen tly from the Unit with the highest priority number will be restarted.
1 2
4 3
Slave Slave
Master Master
merge
IRFv2 — Feature Comparison Summary
Feature3Com 4800G
H3CS5500-EIH3C S5800
H3C S5820X3Com S7900E
H3C S7500E
Max Nr. of 10GbE ports per IRF Port 2 4 8
Display command for IRF ports No Yes Yes
IRF port traffic statistics No Yes Yes
IRF Split Detection (MAD) Yes Yes Yes
Auto member id change
(when member id collision happens)
Yes No No
1
� Section 1 IRF Principle and Implementation
� Section 2 Basic Configuration of the IRF
� Section 3 IRF Maintenance
� Section 4 Split Stack Detection
Contents
1
IRF Principle and Implementation – Configuration
• All configurations are divided into global configur ation and local configuration.
• Global configuration includes layer 3 interface, IP address, routing protocol and security feature. It is efficient in t he whole Fabric.
• Local configuration mainly includes the port parame ters and it is efficient in a local Unit only.
• One Fabric ensures that the global configurations a re identical when the system is running.
How to implement it?
1. Begin with as minimal of a configuration as poss ible to ensure the global configurations are identical.
2. The global configuration will be broadcast to ea ch Unit for synchronous execution and the local configuration will be sent to the relevant Unit for execution.
1
IRF Principle and Implementation – Configuration Com parison
• Begin with a minimal configuration on all devices. Preferred to reset saved-configuration and reboot prior to starting.
• Configuration comparison will be performed at of system start, new Unit joining or merge.
• The Unit with the highest priority serves as the reference in the configuration comparison. All other devices are re-written except for the local port and IRF configuration.
Fabric configuration
Global configuration
Local allocation
Global configuration
Fabric configuration
Global configuration
Local allocation
Global configuration
UNIT1 UNIT2
Basic Configuration Steps
1. On the chassis-based switches, convert them to IRF-mode
2. Choose a switch to be the master switch
3. Assign a high IRF priority to the master and ensure its Member ID is 1.
4. Assign a different Member ID to each one of the other switches in the IRF group and reboot them.
5. Shut down all the physical ports that will be used for the IRF connectivity.
6. Assign the physical ports to the IRF logical interface
7. Enable the physical ports used with IRF
(cont.)
3Com Confidential
15
Basic Configuration Steps (cont.)
8. Save the configuration of each device and turn them off.
9. Physically connect the IRF links to build the IRF fabric.• (See the next slide for connection guidelines)
10. Turn on the unit that needs to be the master (Member-id=1)• Wait until the boot process is complete before turning on the next
device. This will guarantee that this unit will become the master.
11. Repeat the process for each member (turn on and wait). This step is called “device insertion”. Always turn on a device connected to other devices that are already up and running.
3Com Confidential
16
IRF Connections
3Com Confidential
17
• IRF Port Numbering– Syntax: irf-port x/y
• X is the member number
• Y is the logical port number
– Logical Ports• IRF logical port 1 of one device must be connected to IRF logical port 2 of
the next device
• Connecting IRF-ports of the same logical number will prevent the devices to recognize each other as members of the same IRF group
• IRF Configuration Example:
MasterMember 1
SlaveMember 2
SlaveMember 3
irf-port 1/1
irf-port 2/2
irf-port 2/1
irf-port 3/2
irf-port 3/1irf-port 1/2
1
IRF Configuration – Master 1 (Step 1)
On Chassis Systems, you must first enable IRF mode (only applies to the 7500E and higher—not the 5820x and 5500-EI):
[H3C] chassis convert mode irf
This command will convert the device to IRF mode and the device will reboot. Are you sure? [Y/N] y
The device reboots automatically to switch its operating mode.
(To reverse this command enter the undo chassis convert mode command)
1
IRF Configuration – Master 1 (Steps 2 and 3)
Assign the IRF Priority of the switch and save the configuration:
[H3C] irf member 1 priority 32
Where priority can be an integer value from 1 to 32, 1 being the lowest 32 being the highest priority.
Highest priority take precedence over a lower priority.
[H3C] save
1
IRF Configuration – Master 1 (Step 5)
Shutdown the ports that are to operate as IRF-Ports:
[H3C] interface TenGigabitEthernet 1/3/0/25
[H3C-Ten-GigabitEthernet1/3/0/25] shutdown
[H3C-Ten-GigabitEthernet1/3/0/25] quit
[H3C] interface TenGigabitEthernet 1/3/0/26
[H3C-Ten-GigabitEthernet1/3/0/25] shutdown
[H3C-Ten-GigabitEthernet1/3/0/25] quit
Notice the extra number in the interface designation. The first number (1/) is the Chassis ID (member number) associated by IRF.
1
IRF Configuration – Master 1 (Step 6)
Assign the ports to their respective IRF-Port:
[H3C] irf-port 1/2
[H3C-irf-port 1/2] port group interface
TenGigabitEthernet 1/3/0/25
[H3C-irf-port 1/2] port group interface
TenGigabitEthernet 1/3/0/26
[H3C-irf-port 1/2] quit
Note: This is Logical IRF-Port #2. This port MUST be connected to another System 2’s logical port #1
1
IRF Configuration – Master 1 (Step 7 and 8)
Re-activate the assigned ports:
[H3C] interface TenGigabitEthernet 1/3/0/25
[H3C-Ten-GigabitEthernet1/3/0/25] undo shutdown
[H3C] interface TenGigabitEthernet 1/3/0/26
[H3C-Ten-GigabitEthernet1/3/0/25] undo shutdown
[H3C-Ten-GigabitEthernet1/3/0/25] quit
[H3C] irf-port-configuration active
%May 5 23:18:40:124 2010 H3C STM/4/MERGE:
IRF merge occurs and the IRF system does not needto reboot.
[H3C] save
1
IRF Configuration – Slave 2 (Step 1)
On Chassis Systems, you must first enable IRF mode:
[H3C] chassis convert mode irf
This command will convert the device to IRF mode and the device will reboot. Are you sure? [Y/N] y
• The device reboots automatically to switch its operating mode.
• A configuration register is set to indicate IRF mode
• To reverse this command enter the undo chassis convert modecommand
1
IRF Configuration – Slave 2 (Steps 2, 3, and 4)
Renumber the unit to the second IRF device:
[H3C] irf member 1 renumber 2
Warning: Renumbering the switch number may result in configuration change or loss. Continue? [Y/N]: y
[H3C] quit
<H3C> reboot
You can validate the IRF unit number using the display irf command.
Note: The member number on the 7500 and higher series can be 1 to 4. Today you CANNOT assign a S7510E as unit number 4 and if you set a 7506E to unit 4, the last two card slots will NOT operate!!!
1
IRF Configuration – Slave 2 (Step 5)
Shutdown the ports that are to operate as IRF-Ports:
[H3C] interface TenGigabitEthernet 2/3/0/25
[H3C-Ten-GigabitEthernet2/3/0/25] shutdown
[H3C-Ten-GigabitEthernet2/3/0/25] quit
[H3C] interface TenGigabitEthernet 2/3/0/26
[H3C-Ten-GigabitEthernet2/3/0/25] shutdown
[H3C-Ten-GigabitEthernet2/3/0/25] quit
Notice the extra number in the interface designation (2/). This is the Chassis ID (member number) associated by IRF.
1
IRF Configuration – Slave 2 (Step 6)
Assign the ports to their respective IRF-Port:
[H3C] irf-port 2/1
[H3C-irf-port 2/1] port group interface
TenGigabitEthernet 2/3/0/25
[H3C-irf-port 2/1] port group interface
TenGigabitEthernet 2/3/0/26
[H3C-irf-port 2/1] quit
This places both ports into the Logical IRF-Port of 2/1
Note: that this is Logical IRF-Port #1. This port MUST be connected to another switch’s logical port #2
1
IRF Configuration – Slave 2 (Step 7 and 8)
Re-activate the assigned ports and save the configuration:
[H3C] interface TenGigabitEthernet 1/3/0/25
[H3C-Ten-GigabitEthernet1/3/0/25] undo shutdown
[H3C] interface ten-gigabitethernet 1/3/0/26
[H3C-Ten-GigabitEthernet1/3/0/25] undo shutdown
[H3C-Ten-GigabitEthernet1/3/0/25] quit
[H3C] irf-port-configuration active
%May 5 23:16:57:541 2010 H3C STM/4/MERGE:
IRF merge occurs and the IRF system needs a reboot.
[H3C] save
[H3C] quit
<H3C> reboot
1
IRF Configuration Completion
• When you connect the two switches together:– Chassis switches - The unit with the lowest priority should request at
the command line to be rebooted
– Stackable switches – The unit with the lowest priority will automatically be rebooted!!!
• Once the unit(s) come back up, they will be in full IRF mode. This can be validated with the display irf command
1
� Section 1 IRF Principle and Implementation
� Section 2 Basic Configuration of the IRF
� Section 3 IRF Maintenance
� Section 4 Split Stack Detection
Contents
1
IRF Troubleshooting
Operation Command
Display the information of the whole Fabric
display irf
Display the Fabric topology management information
display irf topology
Display the IRF configuration display irf configuration
1
display irf configuration
[H3C] display irf configuration
MemberID NewID IRF-Port1 IRF-Port21 1 Ten-GigabitEthernet1/2/0/1 disable
Ten-GigabitEthernet1/2/0/2 2 2 disable Ten-GigabitEthernet2/2/0/1
Ten-GigabitEthernet2/2/0/2
1
display irf
<H3C> display irfSwitch Slot Role Priority CPU-Mac*+1 0 Master 1 00e0-fc0a-15e02 1 Slave 1 00e0-fc0f-8c02
--------------------------------------------------
* indicates the device is the master.+ indicates the device through which the user logs in.The Bridge MAC of the IRF is: 000f-e26a-58edAuto upgrade : noMac persistent : alwaysLink-delay timer : 0 msDomain ID : 30
1
display irf topology
<H3C> display irf topologyTopology Info
------------------------------------------------------------------------IRF-Port1 IRF-Port2
Switch Link neighbor Link neighbor Belong To1 DIS -- UP 2 00e0-fc0a-15e02 UP 1 DIS -- 00e0-fc0a-15e0
1
� Section 1 IRF Principle and Implementation
� Section 2 Basic Configuration of the IRF
� Section 3 IRF Maintenance
� Section 4 Split Stack Detection
Contents
1
Basic Concept – Split Stack• Split: One IRF Fabric is split into one or several IRF systems due to
disconnection of its internal links.
• Each new IRF system will elect its own new Master.
• Layer 2 and layer 3 protocol conflicts probably will occur upon the split.
1 2
4 3
Slave Slave
Master Master
SwitchMAD
IRF Split Stack Problems
3Com Confidential
36
Broken IRF Link
Master!
ForwardingPort!
Master!
• Layer-2:
• STP loops
• Duplicate switch MAC addresses
• Possible duplicate forwarding of frames
• Layer-3:
• Duplicate IP addresses
• Possible duplicate packets—both routers forwarding packets
ForwardingPort!
Multi-Active Detection (MAD): Split Detection Proto cols
• MAD using LACP:– Uses a distributed Bridge Aggregation interface connected to a 3rd
device to exchange MAD information (only supported by H3C devices)
– To support this function LACP has been extended with MAD specific TLV fields.
• MAD using BFD:– a special VLAN with ports in each member must be configured
– and each member device must be configured with an MAD IP address. These addresses are invisible for the rest of the network and no routing interface can be attached to an MAD/BFD enabled VLAN.
• Recommendation: Use BOTH!
3Com Confidential
37
MAD: Collision Handling and Failure Recovery
• Collision Handling– The part that contains the device with the lowest member-id remains
in Normal state and the other goes into Recovery state.
– The ports of a device in recovery state become blocked.
– The administrator can exclude some ports from becoming blocked.
• Failure Recovery– When the IRF link is back online, the IRF system detects that the IRF-
ports are up and triggers the Recovery process.
– During the recovery, the part of the IRF that was in recovery state is rebooted to be re-inserted into the IRF.
3Com Confidential
38
MAD and LACP Process
3Com Confidential
39
Broken IRF Link
Device in Recovery state
BlockedPort
Device in Normal state
• Requirements:
• IRF link is separate from LACP link
• Switches are directly connected on LACP link
• LACP link can be used for normal data functions
• When the two masters see each other on the LACP link and the IRF link is down
• The lowest member ID goes into a Normal state
• The other member goes into a Recovery state
• The Recovery member disables its other ports until the stack is re-merged
LACPLink
1
IRF Configuration – Enable LACP MAD
To enable MAD over LACP:[H3C]interface bridge-aggregation 2
[H3C-Bridge-Aggregation2] link-aggregation mode dynamic
[H3C-Bridge-Aggregation2] mad enable
[H3C-Bridge-Aggregation2] quit
Add ports 1/3/0/2 and 2/3/0/2 to the aggregation interface and they are dedicated to the LACP MAD detection for Switch One and Switch Two.
[H3C] interface gigabitethernet 1/3/0/2
[H3C-GigabitEthernet1/3/0/2] port link-aggregation group 2
[H3C-GigabitEthernet1/3/0/2] quit
[H3C] interface gigabitethernet 2/3/0/2
[H3C-GigabitEthernet2/3/0/2] port link-aggregation group 2
1
1 2
4 3Slave Slave
Master Master
SwitchMAD
MAD and BFD Process
3Com Confidential
41
Broken IRF Link
Device in Recovery state
BlockedLayer-3
processing
Device in Normal state
• Requirements:
• Used when an intermediate layer-3 device is between the two IRF switches
• BFD is used via a layer-3 link (UDP connection)
• When the two masters see each other on the BFD UDP connection and the IRF link is down
• The lowest member ID goes into a Normal state
• The other member goes into a Recovery state
• The Recovery member stops processing layer-3 traffic
IntermediateLayer-3Device
BFD TCPLink
1
IRF Configuration – Enable BFD MAD
[H3C] vlan 3
[H3C-vlan3] port gigabitethernet 1/3/0/1
[H3C-vlan3] port gigabitethernet 2/3/0/1
[H3C-vlan3] quit
Create VLAN-interface 3 and configure the MAD IP address for the interface.
[H3C] interface vlan-interface 3
[H3C-Vlan-interface3] mad bfd enable
[H3C-Vlan-interface3] mad ip add 192.168.2.1 24 chassis 1
[H3C-Vlan-interface3] mad ip add 192.168.2.2 24 chassis 2
[H3C-Vlan-interface3] quit
1 2
4 3Slave Slave
Master MasterMAD
1
display mad
<H3C> display madMAD LACP enabled.MAD BFD enabled.# Display the detailed MAD configuration.
<H3C> display mad verboseCurrent MAD status: DetectExcluded ports(configurable):GigabitEthernet 2/1/0/2GigabitEthernet 2/1/0/3
Excluded ports(can not be configured):Ten-GigabitEthernet1/2/0/25Ten-GigabitEthernet2/2/0/26
MAD enabled aggregation port:Bridge-Aggregation2
MAD BFD enabled interface:Vlan-interface10mad ip address 10.0.0.2 255.255.0.0 chassis 1mad ip address 10.0.0.3 255.255.0.0 chassis 2
Recommended