H3C之IRF典型配置举例（BFD MAD检测方式）

IRF典型配置举例（BFD MAD检测方式）

1、组网需求

由于网络规模迅速扩大，当前中心设备（Device A）安全业务处理能力已经不能满足需求，现在需要另增一台设备Device B，将这两台设备组成一个IRF（如图所示），并配置BFD MAD进行分裂检测。

2、组网图

IRF典型配置组网图（BFD MAD检测方式）

3、配置步骤

(1)  配置Device A
配置IRF中成员编号为1的设备的优先级为32。

<DeviceA> system-view
[DeviceA] irf member 1 priority 32

配置IRF端口1/2，并将它与物理端口Ten-GigabitEthernet1/0/1绑定，并保存配置，然后激活IRF端口下的配置。

IRF-port端口编号说明：
irf-port 1/2中，第一个数字代表的是设备成员编号，第二个数字是接口编号。堆叠要求使用逻辑端口1对接逻辑端口2。
即，如若第一台配置irf-port1/2，则第二台需要是用irf-port2/1对接。如若第一台使用irf-port1/1，则第二台需要配置irf-port2/2。

[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] irf-port 1/2
[DeviceA-irf-port1/2] port group interface ten-gigabitethernet 1/0/1
[DeviceA-irf-port1/2] quit
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] undo shutdown
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] save
[DeviceA] irf-port-configuration active

(2)  配置Device B
将Device B的成员编号配置为2，并重启设备使新编号生效。

<DeviceB> system-view
[DeviceB] irf member 1 renumber 2
Warning: Renumbering the member ID may result in configuration change or loss. Continue? [Y/N]:y
[DeviceB] quit
<DeviceB> reboot

参照配置组网图进行物理连线。
重新登录到设备，配置IRF端口2/1，并将它与物理端口Ten-GigabitEthernet2/0/1绑定，并保存配置，然后激活IRF端口下的配置。

<DeviceB> system-view
[DeviceB] interface ten-gigabitethernet 2/0/1
[DeviceB-Ten-GigabitEthernet2/0/1] shutdown
[DeviceB-Ten-GigabitEthernet2/0/1] quit
[DeviceB] irf-port 2/1
[DeviceB-irf-port2/1] port group interface ten-gigabitethernet 2/0/1
[DeviceB-irf-port2/1] quit
[DeviceB] interface ten-gigabitethernet 2/0/1
[DeviceB-Ten-GigabitEthernet2/0/1] undo shutdown
[DeviceB-Ten-GigabitEthernet2/0/1] quit
[DeviceB] save
[DeviceB] irf-port-configuration active

(3)  Device A和Device B间将会进行主设备竞选，竞选失败的一方（Device B）将重启，重启完成后，IRF形成。
(4)  配置BFD MAD检测
创建三层聚合接口3。

[DeviceA] interface route-aggregation 3
[DeviceA-Route-Aggregation3] quit

分别将Device A（成员编号为1）上的接口Ten-GigabitEthernet1/0/2和Device B（成员编号为2）上的接口Ten-GigabitEthernet2/0/2加入聚合组3中。

分别将设备A和设备B的MAD口加入一个三层聚合组

[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 3
[DeviceA-Ten-GigabitEthernet1/0/2] quit
[DeviceA] interface ten-gigabitethernet 2/0/2
[DeviceA-Ten-GigabitEthernet2/0/2] port link-aggregation group 3
[DeviceA-Ten-GigabitEthernet2/0/2] quit

开启BFD MAD功能，并配置三层聚合接口3的MAD IP地址。

[DeviceA] interface route-aggregation 3
[DeviceA-Route-Aggregation3] mad bfd enable
[DeviceA-Route-Aggregation3] mad ip address 192.168.2.1 24 member 1
[DeviceA-Route-Aggregation3] mad ip address 192.168.2.2 24 member 2
[DeviceA-Route-Aggregation3] quit

(5) 请参考组网图中的规划，配置安全域和安全策略，对Intranet网络与IP network网络之间交互的报文进行安全控制。
4. 验证配置

• IRF链路正常情况下查看相关配置
  查看IRF相关信息，可见IRF成功建立，且DeviceA为主设备。

[DeviceA] display irf
MemberID    Role    Priority  CPU-Mac         Description
 *+1        Master  32        487a-da95-93b5  ---
   2        Standby 1         3897-d6a8-1b1a  ---
--------------------------------------------------
 * indicates the device is the master.
 + indicates the device through which the user logs in.
 
 The bridge MAC of the IRF is: 487a-da95-93b3
 Auto upgrade                : yes
 Mac persistent              : no
 Domain ID                   : 0

查看BFD MAD状态，状态正常。

[DeviceA] display mad verbose
Multi-active recovery state: No
Excluded ports (user-configured):
Excluded ports (system-configured):
  Ten-GigabitEthernet1/0/1
  Ten-GigabitEthernet2/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Route-Aggregation3
  MAD status                 : Normal
  Member ID   MAD IP address       Neighbor   MAD status
  1           192.168.2.1/24       2          Normal
  2           192.168.2.2/24       1          Normal

• IRF链路异常情况下查看相关配置
  查看BFD MAD状态，状态异常，表示IRF分裂。

[DeviceA] display mad verbose
Excluded ports (user-configured):
Excluded ports (system-configured):
  Ten-GigabitEthernet1/0/1
MAD ARP disabled.
MAD ND disabled.
MAD LACP disabled.
MAD BFD enabled interface: Route-Aggregation3
  MAD status                 : Faulty
  Member ID   MAD IP address       Neighbor   MAD status
  1           192.168.2.1/24       2          Faulty

• 其它命令
  查看成员1、成员2 IRF链路的状态均为UP

Member 1IRF Port  Interface                             Status1         Ten-GigabitEthernet1/0/50             UPTen-GigabitEthernet1/0/51             UP2         disable                               --Member 2IRF Port  Interface                             Status1         disable                               --2         Ten-GigabitEthernet2/0/50             UPTen-GigabitEthernet2/0/51             UP

查看IRF的配置信息

<H3C>dis irf configuration  MemberID NewID    IRF-Port1                     IRF-Port21        1        Ten-GigabitEthernet1/0/50     disableTen-GigabitEthernet1/0/512        2        disable                       Ten-GigabitEthernet2/0/50Ten-GigabitEthernet2/0/51

查看IRF的拓扑信息

dis irf topologyTopology Info-------------------------------------------------------------------------IRF-Port1                IRF-Port2MemberID    Link       neighbor      Link       neighbor    Belong To1           DIS        ---           UP         2           00e0-fc0f-8c022           UP         1             DIS        ---         00e0-fc0f-8c02

生产实用案例

SW1
[H3C]sysname sw1
[sw1]irf member 1 priority 32
[sw1]interface FortyGigE 1/0/53
[sw1-FortyGigE1/0/53]shutdown
[sw1-FortyGigE1/0/53]quit
[sw1]interface FortyGigE 1/0/54
[sw1-FortyGigE1/0/54]shutdown
[sw1-FortyGigE1/0/54]quit
[sw1]irf-port 1/2
[sw1-irf-port1/2]port group interface FortyGigE 1/0/53
[sw1-irf-port1/2]port group interface FortyGigE 1/0/54
[sw1-irf-port1/2]quit
[sw1]interface FortyGigE 1/0/53
[sw1-FortyGigE1/0/53]undo shutdown
[sw1]interface FortyGigE 1/0/54
[sw1-FortyGigE1/0/54]undo shutdown
[sw1]save
[sw1]irf-port-configuration activeSW2
[H3C]sysname sw2
[sw2]irf member 1 renumber 2
[sw2]quit
<sw2>reboot
[sw2]irf member 2 priority 31
[sw2]interface FortyGigE 2/0/53
[sw2-FortyGigE2/0/53]shutdown
[sw2-FortyGigE2/0/53]quit
[sw2]interface FortyGigE 2/0/54
[sw2-FortyGigE2/0/54]shutdown
[sw2-FortyGigE2/0/54]quit
[sw2]irf-port 2/1
[sw2-irf-port2/1]port group interface FortyGigE 2/0/53
[sw2-irf-port2/1]port group interface FortyGigE 2/0/54
[sw2]interface FortyGigE 2/0/53
[sw2-FortyGigE2/0/53]undo shutdown
[sw2]interface FortyGigE 2/0/54
[sw2-FortyGigE2/0/53]quit
[sw2-FortyGigE2/0/54]un shutdown
[sw2-FortyGigE2/0/54]quit
[sw2]irf-port-configuration activeSW1配置mad检测
[sw1]interface Route-Aggregation 3
[sw1-Route-Aggregation3]quit
[sw1]interface Ten-GigabitEthernet1/0/50
[sw1-Ten-GigabitEthernet1/0/50]port link-aggregation group 3
[sw1-Ten-GigabitEthernet1/0/50]quit
[sw1]interface Ten-GigabitEthernet2/0/50
[sw1-Ten-GigabitEthernet2/0/50]port link-aggregation group 3
[sw1-Ten-GigabitEthernet2/0/50]quit[sw1]interface Route-Aggregation3
[sw1-Route-Aggregation3]mad bfd enable
[sw1-Route-Aggregation3]mad ip address 1.1.1.1 30 member 1
[sw1-Route-Aggregation3]mad ip address 1.1.1.2 30 member 2
[sw1-Route-Aggregation3]quit