组网及说明
NQA实验
问题描述
通过NQA的检测,检测上行网络是否正常,当上行网络出现故障时,能告知VRRP、MSTP进行主备的切换。
过程分析
SW1为接入交换机,负责VLAN 10 、VLAN 20的接入
SW2为核心交换机,负责提供VLAN 10、VLAN20的网关,根据负载均衡的需求,在SW2交换机中,VLAN 10为MSTP主根,VLAN 20为备根。SW2交换机在网络正常的情况下主要走VLAN10的流量。在SW2中配置NQA检测,监控上行端口当发生故障时VLAN 10可快速切换到SW3交换机。
SW3为核心交换机,负责提供VLAN 10、VLAN20的网关,根据负载均衡的需求,在SW3交换机中,VLAN 20为MSTP主根,VLAN10为备根。SW3交换机在网络正常的情况下主要走VLAN10的流量。在SW3中配置NQA检测,监控上行端口当发生故障时VLAN 20可快速切换到SW2交换机。
R1为核心路由器,负责将业务路由高速转发到下一个网络中。
配置过程:
SW1:
<code>[H3C]sysname SW1
[SW1]vlan 10
[SW1-vlan10]qu
[SW1]vlan 20
[SW1-vlan20]qu
[SW1]int ran gi 1/0/1 to gi 1/0/2
[SW1-if-range]po li tr
[SW1-if-range]undo po tr pe vlan 1
[SW1-if-range]po tr pe vlan 10 20
[SW1-if-range]quit
[SW1]int gi 1/0/3
[SW1-GigabitEthernet1/0/3]po li acc
[SW1-GigabitEthernet1/0/3]po acc vl 10
[SW1-GigabitEthernet1/0/3]quit
[SW1]/<code>
SW2:
<code>[H3C]sysname SW2
[SW2]vlan 10
[SW2-vlan10]quit
[SW2]vlan 20
[SW2-vlan20]quit
[SW2]int ran gi 1/0/2 to gi 1/0/3
[SW2-if-range]po li tr
[SW2-if-range]undo po tr pe vlan 1
[SW2-if-range]po tr pe vlan 10 20
[SW2-if-range]quit
[SW2]int gi 1/0/1
[SW2-GigabitEthernet1/0/1]port link-mode route
[SW2-GigabitEthernet1/0/1]ip address 10.0.0.1 30
[SW2-GigabitEthernet1/0/1]undo shutdown
[SW2-GigabitEthernet1/0/1]quit/<code>
NQA配置
<code>[SW2]nqa agent enable
[SW2]nqa entry weijianing ninglihua
[SW2-nqa-weijianing-ninglihua]type icmp-echo
[SW2-nqa-weijianing-ninglihua-icmp-echo]source int GigabitEthernet 1/0/1
[SW2-nqa-weijianing-ninglihua-icmp-echo]destination ip 10.0.0.2
[SW2-nqa-weijianing-ninglihua-icmp-echo]frequency 100000
[SW2-nqa-weijianing-ninglihua-icmp-echo]probe timeout 30
[SW2-nqa-weijianing-ninglihua-icmp-echo]next-hop 10.0.0.2
[SW2-nqa-weijianing-ninglihua-icmp-echo] history-record enable
[SW2-nqa-weijianing-ninglihua-icmp-echo]history-record number 50
[SW2-nqa-weijianing-ninglihua-icmp-echo]probe count 10
[SW2-nqa-weijianing-ninglihua-icmp-echo]probe timeout 30
[SW2-nqa-weijianing-ninglihua-icmp-echo]reaction 1 checked-element probe-fail threshold-type consecutive 1 action-type trigger-only
[SW2-nqa-weijianing-ninglihua-icmp-echo]route-option bypass-route
[SW2]track 1 nqa entry weijianing ninglihua reaction 1
[SW2]nqa schedule weijianing ninglihua start-time now lifetime forever
#
[SW2]int vlan 10
[SW2-Vlan-interface10]ip address 192.168.10.252 24
[SW2-Vlan-interface10]vrrp vrid 1 vi
[SW2-Vlan-interface10]vrrp vrid 1 virtual-ip 192.168.10.254
[SW2-Vlan-interface10]vrrp vrid 1 priority 120
[SW2-Vlan-interface10]vrrp vrid 1 preempt-mode
[SW2-Vlan-interface10]vrrp vrid 1 track 1 priority reduced 30
[SW2]int vlan 20
[SW2-Vlan-interface20]ip address 192.168.20.252 24
[SW2-Vlan-interface20]vrrp vrid 2 virtual-ip 192.168.20.254/<code>
MSTP配置
<code>[SW2]stp glo enable
[SW2]stp mode mstp
[SW2]stp region-configuration
[SW2-mst-region]region-name weijianing.com
[SW2-mst-region]instance 1 vlan 10
[SW2-mst-region]instance 2 vlan 20
[SW2-mst-region]active region-configuration
[SW2]stp instance 1 root primary
[SW2]stp instance 2 root secondary
#
[SW2] int lo 0
[SW2-LoopBack0]ip add 1.1.1.1 32
[SW2-LoopBack0]undo shutdown
[SW2-LoopBack0]quit
[SW2]router id 1.1.1.1
[SW2]
[SW2]ospf 1
[SW2-ospf-1]silent-interface Vlan-interface 10
[SW2-ospf-1]silent-interface Vlan-interface 20
[SW2-ospf-1]area 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 10.0.0.1 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]net[SW2-ospf-1-area-0.0.0.0]network 1.1.1.1 0.0.0.0
[SW2-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[SW2-ospf-1-area-0.0.0.0]quit
[SW2-ospf-1]quit
[SW2]/<code>
SW3:
<code>[SW3]vlan 10
[SW3-vlan10]quit
[SW3]vlan 20
[SW3-vlan20]quit
[SW3]int ran gi 1/0/2 to gi 1/0/3
[SW3-if-range]po li tr
[SW3-if-range]undo po tr pe vlan 1
[SW3-if-range]po tr pe vlan 10 20
[SW3-if-range]quit
[SW3]
[SW3]int gi 1/0/1
[SW3-GigabitEthernet1/0/1]port link-mode route
[SW3-GigabitEthernet1/0/1]ip address 10.0.0.5 30
[SW3-GigabitEthernet1/0/1]undo shutdown
[SW3-GigabitEthernet1/0/1]quit
[SW3]/<code>
NQS配置:
<code>[SW3]nqa agent enable
[SW3]nqa entry weijianing ninglihua
[SW3-nqa-weijianing-ninglihua]type icmp-echo
[SW3-nqa-weijianing-ninglihua-icmp-echo]source int gi 1/0/1
[SW3-nqa-weijianing-ninglihua-icmp-echo]destination ip 10.0.0.6
[SW3-nqa-weijianing-ninglihua-icmp-echo]next-hop 10.0.0.6
[SW3-nqa-weijianing-ninglihua-icmp-echo]frequency 100000
[SW3-nqa-weijianing-ninglihua-icmp-echo] history-record enable
[SW3-nqa-weijianing-ninglihua-icmp-echo]history-record number 50
[SW3-nqa-weijianing-ninglihua-icmp-echo]probe count 10
[SW3-nqa-weijianing-ninglihua-icmp-echo]probe timeout 30
[SW3-nqa-weijianing-ninglihua-icmp-echo]reaction 1 checked-element probe-fail threshold-type consecutive 1 action-type trigger-only
[SW3-nqa-weijianing-ninglihua-icmp-echo]route-option bypass-route
[SW3]track 1 nqa entry weijianing ninglihua reaction 1
#
[SW3]int vlan 10
[SW3-Vlan-interface10]ip address 192.168.10.253 24
[SW3-Vlan-interface10]vrrp vrid 1 virtual-ip 192.168.10.254
[SW3-Vlan-interface10]quit
[SW3]
[SW3]int vlan 20
[SW3-Vlan-interface20]ip address 192.168.20.253 24
[SW3-Vlan-interface20]vrrp vrid 2 vi
[SW3-Vlan-interface20]vrrp vrid 2 virtual-ip 192.168.20.254
[SW3-Vlan-interface20]vrrp vrid 2 priority 120
[SW3-Vlan-interface20]vrrp vrid 2 preempt-mode
[SW3-Vlan-interface20]vrrp vrid 2 track 1 priority reduced 30
[SW3-Vlan-interface20]quit
[SW3]
[SW3]stp region-configuration
[SW3-mst-region]region-name weijianing.com
[SW3-mst-region]instance 1 vlan 10
[SW3-mst-region]instance 2 vlan 20
[SW3-mst-region]active region-configuration
[SW3-mst-region]quit
[SW3]stp instance 1 root secondary
[SW3]stp instance 2 root primary
[SW3]int LoopBack 0
[SW3-LoopBack0]ip add 2.2.2.2 32
[SW3-LoopBack0]undo shut
[SW3-LoopBack0]quit
[SW3]router id 2.2.2.2
[SW3]
[SW3]ospf 1
[SW3-ospf-1]silent-interface Vlan-interface 10
[SW3-ospf-1]silent-interface Vlan-interface 20
[SW3-ospf-1]area 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]network 10.0.0.5 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]network 2.2.2.2 0.0.0.0
[SW3-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[SW3-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[SW3-ospf-1-area-0.0.0.0]quit
[SW3-ospf-1]quit
[SW3]
[SW3]nqa schedule weijianing ninglihua start-time now lifetime forever/<code>
R1:
<code>[H3C]sysname R1
[R1]int lo 0
[R1-LoopBack0]ip add 3.3.3.3 32
[R1-LoopBack0]undo shut
[R1-LoopBack0]quit
[R1]router id 3.3.3.3
[R1]int gi 0/0
[R1-GigabitEthernet0/0]ip add 10.0.0.2 30
[R1-GigabitEthernet0/0]undo shut
[R1-GigabitEthernet0/0]quit
[R1]int gi 0/1
[R1-GigabitEthernet0/1]ip add 10.0.0.6 30
[R1-GigabitEthernet0/1]undo shutdown
[R1-GigabitEthernet0/1]quit
[R1]
[R1]ospf 1
[R1-ospf-1]ar
[R1-ospf-1]area 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.0.0.2 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 10.0.0.6 0.0.0.0
[R1-ospf-1-area-0.0.0.0]network 3.3.3.3 0.0.0.0
[R1-ospf-1-area-0.0.0.0]quit
[R1]/<code>
心得体会:
- 在拥有负载均衡和设备冗余的网络环境中,NQA的可选参数配置建议保持一致,特别是frequency检测的频率。
- 建议开启NQA历史记录功能,这样可以更好的确认NQA是否已经开始运行并监控。
- 在拥有路由冗余、设备冗余、VRRP的环境中,一定要开启route-option bypass-route,这样当路由发生故障时,也可以更好的触发TRACK
- 在NQA配置指向目的地址时一定要正确区分description和destination这两个单词,由于这两个单词在配置时会优先出现description,可能会导致没有配置目的地址而启动NQA失败
- 当主链路DOWN时,从主设备切换到备设备需要丢包13-14个才可恢复业务。
- 当主链路恢复时,业务可以从备用设备切换回到主设备(VRRP也可切换)且不丢包。
分享到:
閱讀更多 思恆科技 的文章
