华为M-Lag最佳实践

Server leaf的M-LAG配置

配置M-LAG

[~ServerLeaf1_1] 

 stp mode rstp

stp v-stp enable   //配置V-STP方式的M-LAG

stp tc-protection   //使能设备对TC类型BPDU报文的保护功能

stp bpdu-protection   //使能设备的BPDU保护功能

arp ip-conflict-detect enable   //使能设备的IP地址冲突检测的功能，网络虚拟化场景不需要配置

# 

[~ServerLeaf1_2] 
 stp mode rstp
 stp v-stp enable   //配置V-STP方式的M-LAG
 stp tc-protection              
 stp bpdu-protection           
 arp ip-conflict-detect enable  
 # 
 

配置M-LAG的DFS组

[~ServerLeaf1_1] 
ip vpn-instance DAD   //配置DAD VPN
 ipv4-family
  route-distinguisher 21:14
#


interface Eth-Trunk20   //配置双主检测链路，DAD成员口在框式设备上必须跨板部署
 trunkport 10GE 1/0/47 to 1/0/48
 mode lacp-static 
 undo portswitch
 ip binding vpn-instance DAD
 ip address 10.254.124.2 255.255.255.0   //配置source ip地址
 m-lag unpaired-port reserved
#
dfs-group 1 
 priority 150    //配置DFS优先级高于对端，默认是100 
 source ip 10.254.124.2 vpn-instance DAD peer 10.254.124.3   
 dual-active detection enhanced enable
#
 [~ServerLeaf1_2] 
ip vpn-instance DAD
 ipv4-family
  route-distinguisher 22:14
#
interface Eth-Trunk20
 trunkport 10GE 1/0/47 to 1/0/48
 mode lacp-static 
 undo portswitch
 ip binding vpn-instance DAD
 ip address 10.254.124.3 255.255.255.0
 m-lag unpaired-port reserved
# 
dfs-group 1 
 source ip 10.254.124.3 vpn-instance DAD peer 10.254.124.2   
 dual-active detection enhanced enable
#

配置peer-link

[~ServerLeaf1_1] 
 interface Eth-Trunk0   //如果是框式设备，则Peer-link成员口必须跨板部署，保证链路可靠性。如果单板速率不一致可配置lacp mixed-rate link enable来允许不同速率端口混合捆绑
  trunkport 40GE 1/0/5 to 1/0/6 
  mode lacp-static 
  peer-link 1 
 #
[~ServerLeaf1_2] 
 interface Eth-Trunk0 
  trunkport 40GE 1/0/5 to 1/0/6 
  mode lacp-static 
  peer-link 1 
 #

配置业务服务器以负载分担方式接入。

[~ServerLeaf1_1]
interface eth-trunk 10
port link-type trunk
undo port trunk allow-pass vlan 1
trunkport 10ge 1/0/1
dfs-group 1 m-lag 10
mode lacp-static
stp edged-port enable //配置边缘端口

interface 10GE1/0/1 //服务器接入端口
storm suppression unknown-unicast 5 //配置未知单播抑制，经验值为10GE端口的5%带宽，建议业务端口都部署
storm suppression multicast packets 1000 //配置组播报文抑制，接入VXLAN的为组播业务时不可以配置，单播流量可配置，经验值为1000pps
storm suppression broadcast packets 1000 //配置广播报文抑制，经验值为1000pps，建议业务端口都部署

[~ServerLeaf1_2]
interface eth-trunk 10
port link-type trunk
undo port trunk allow-pass vlan 1
trunkport 10ge 1/0/1
dfs-group 1 m-lag 10
mode lacp-static
stp edged-port enable

interface 10GE1/0/1
storm suppression unknown-unicast 5
storm suppression multicast packets 1000
storm suppression broadcast packets 1000

# 配置服务器以主备方式接入。

[~ServerLeaf1_1]
interface 10GE1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1 //不放通VLAN1，防止成环
storm suppression unknown-unicast 5 //配置未知单播抑制，经验值为10GE端口的5%带宽，建议业务端口都部署
storm suppression multicast packets 1000 //配置组播报文抑制，接入VXLAN的为组播业务时不可以配置，单播流量可配置，经验值为1000pps
storm suppression broadcast packets 1000 //配置广播报文抑制，经验值为1000pps，建议业务端口都部署
stp edged-port enable

[~ServerLeaf1_2]
interface 10GE1/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
storm suppression unknown-unicast 5
storm suppression multicast packets 1000
storm suppression broadcast packets 1000
stp edged-port enable

# 配置monitor-link关联上行接口和下行接口，避免单台设备的所有上行链路都故障时，本台设备用户侧流量无法转发。
Downlink只列出了1个端口做示例，实际部署时请根据规划补齐。

[~ServerLeaf1_1]
monitor-link group 1
port 40GE1/0/1 uplink
port 40GE1/0/2 uplink
port Eth-Trunk10 downlink 1
timer recover-time 60 //配置回切时间，防止上行故障回切丢包。

[~ServerLeaf1_2]
monitor-link group 1
port 40GE1/0/1 uplink
port 40GE1/0/2 uplink
port Eth-Trunk10 downlink 1
timer recover-time 60

# 配置Underlay路由（以OSPF为例）。

[~ServerLeaf1_1] 
 bfd            //全局使能BFD功能
 #
 ospf 1 router-id 10.125.98.3 
  bfd all-interfaces enable
  bfd all-interfaces min-tx-interval 500 min-rx-interval 500 detect-multiplier 3   //配置BFD的参数为500ms*3
  lsa-arrival-interval intelligent-timer 50 50 50   //设置OSPF LSA接收的时间间隔，优化收敛时间
  area 0.0.0.0 
   network 10.125.97.20 0.0.0.3 
   network 10.125.97.36 0.0.0.3   //分别建立与2台Border Leaf设备的路由邻居
   network 10.125.98.3 0.0.0.0 
   network 10.125.99.2 0.0.0.0   //发布Loopback地址；请勿发布V3版本中作为VXLAN Bypass隧道的Loopback地址
 # 
[~ServerLeaf1_2] 
 bfd            
 #
 ospf 1 router-id 10.125.98.4 
  bfd all-interfaces enable
  bfd all-interfaces min-tx-interval 500 min-rx-interval 500 detect-multiplier 3   //配置BFD的参数为500ms*3
  lsa-arrival-interval intelligent-timer 50 50 50   //优化三层架构，两台物理设备之间多路ECMP情况的OSPF收敛时间
  area 0.0.0.0 
   network 10.125.97.24 0.0.0.3 
   network 10.125.97.40 0.0.0.3 
   network 10.125.98.4 0.0.0.0 
   network 10.125.99.2 0.0.0.0 
 # 

配置网络故障收敛性能优化

[~ServerLeaf1_1][~ServerLeaf1_2]
 interface 40GE1/0/2   
  ospf peer hold-max-cost timer 300000    //所有Spine和Leaf配置OSPF邻居建立后在本地设备的LSA中保持最大开销值的时间300s，源于240s的M-LAG延迟UP时间（同时overlay路由收敛）+ 60s的设备表项同步时间

#
 interface 40GE1/0/3  
  ospf peer hold-max-cost timer 300000    
#

端口优化配置

批量配置端口CRC检测：在peer-link成员口、与Spine互联的口上必须配置。

[~ServerLeaf_1][~ServerLeaf_2]
port-group group-member 40GE 1/0/0 to 40GE 1/0/3
  port crc-statistics trigger error-down
  trap-threshold crc-statistics 100 interval 10 

//配置备份链路的接口检测CRC错包，在接收到CRC错误报文达到告警阈值时触发接口Error-Down，保证数据传输的正确性。

批量关闭不使用的端口并调大stp cost值。

[~ServerLeaf_1][~ServerLeaf_2]
port-group group-member 10GE 1/0/10 to 10GE 1/0/48
  shutdown
  stp instance 0 cost 10000

配置系统定时保存配置的功能

configuration file auto-save interval 360 delay 60 cpu-limit 60