DRNI
SHA4-SER-SW001
vlan 4
interface Vlan-interface4
ip address 10.221.4.1 255.255.255.0
mac-address 0004-0004-0004
vlan 4000
description drni_keepalive
interface Vlan-interface4000
description drni_keepalive_port
ip address 1.1.1.1 255.255.255.252
drni system-mac 0001-0001-0001
drni system-number 1
drni system-priority 100
drni keepalive ip destination 1.1.1.2 source 1.1.1.1
drni mad exclude interface Vlan-interface4000
interface Bridge-Aggregation100
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
port drni intra-portal-port 1
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
port drni group 1
interface Ten-GigabitEthernet0/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface Ten-GigabitEthernet0/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
--------------------------------------------
SHA4-SER-SW002
vlan 4
interface Vlan-interface4
ip address 10.221.4.1 255.255.255.0
mac-address 0004-0004-0004
vlan 4000
description drni_keepalive
interface Vlan-interface4000
description drni_keepalive_port
ip address 1.1.1.2 255.255.255.252
drni role priority 65535
drni system-mac 0001-0001-0001
drni system-number 1
drni system-priority 100
drni keepalive ip destination 1.1.1.1 source 1.1.1.2
drni mad exclude interface Vlan-interface4000
interface Bridge-Aggregation100
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
port drni intra-portal-port 1
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
port drni group 1
interface Ten-GigabitEthernet0/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface Ten-GigabitEthernet0/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
--------------------------------------------
SHA4-SER-SW001
#其他接入设备略
interface Bridge-Aggregation40
port link-type trunk
port trunk permit vlan all
#
interface Ten-GigabitEthernet1/0/45
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 40
#
interface Ten-GigabitEthernet1/0/46
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 40
#
interface Ten-GigabitEthernet2/0/45
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 40
#
interface Ten-GigabitEthernet2/0/46
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 40
备注
DRNI双活网关组网,用双活虚地址为源ping下联服务器时,会出现部分地址ping不通的情况,正常现象。
DR系统的两端的端口LAG模式都为static。
OSPF
SHA4-SER-SW001
ospf 221 router-id 10.221.0.2
import-route direct
area 0.0.0.221
network 10.221.0.0 0.0.0.7
#
ospf 1221 router-id 10.221.0.10
import-route direct
import-route static
area 0.0.0.221
network 10.221.0.8 0.0.0.7
#
ospf 2221 router-id 10.221.3.3
default-route-advertise
import-route static
area 0.0.0.221
network 10.221.3.0 0.0.0.255
#
ospf 192 router-id 10.192.1.90
abr-summary 10.220.0.0 255.254.0.0
area 0.0.0.221
network 10.192.1.90 0.0.0.3
--------------------------------------------
#SHA4-SER-SW002
ospf 221 router-id 10.221.0.3
import-route direct
area 0.0.0.221
network 10.221.0.0 0.0.0.7
#
ospf 1221 router-id 10.221.0.11
import-route direct
area 0.0.0.221
network 10.221.0.8 0.0.0.7
#
ospf 2221 router-id 10.221.3.3
default-route-advertise
area 0.0.0.221
network 10.221.3.0 0.0.0.255
#
--------------------------------------------
SHA4-SER-SW001
#其他接入设备略
ospf 2221 router-id 10.221.3.17
area 0.0.0.221
network 10.221.3.0 0.0.0.255
PBR
SHA4-SER-SW001
acl basic 2001
rule 0 permit source 222.71.61.56 0.0.0.7
#
policy-based-route ISP_PRB permit node 10
if-match acl 2001
apply next-hop 10.221.0.9
#
acl basic 2002
rule 0 permit source 140.206.67.80 0.0.0.7
#
policy-based-route ISP_PRB permit node 20
if-match acl 2002
apply next-hop 10.221.0.1
#
int vlan 4
ip policy-based-route ISP_PRB
--------------------------------------------
SHA4-SER-SW002
acl basic 2001
rule 0 permit source 222.71.61.56 0.0.0.7
#
policy-based-route ISP_PRB permit node 10
if-match acl 2001
apply next-hop 10.221.0.9
#
acl basic 2002
rule 0 permit source 140.206.67.80 0.0.0.7
#
policy-based-route ISP_PRB permit node 20
if-match acl 2002
apply next-hop 10.221.0.1
#
int vlan 4
ip policy-based-route ISP_PRB
RP
SHA4-SER-SW001
#输出过滤
acl basic 2101
rule 0 deny source 1.1.1.0 0.0.0.3
rule permit
ospf 1221
filter-policy 2101 export
ospf 221
filter-policy 2101 export
--------------------------------------------
SHA4-SER-SW002
#输出过滤
acl basic 2101
rule 0 deny source 1.1.1.0 0.0.0.3
rule permit
ospf 2221
filter-policy 2101 export
ospf 1221
filter-policy 2101 export
ospf 221
filter-policy 2101 export
NQA+Static
SHA4-SER-SW001
nqa entry admin ping
type icmp-echo
destination ip 10.192.1.89
frequency 100
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
nqa schedule admin ping start-time now lifetime forever
track 1 nqa entry admin ping reaction 1
ip route-static 10.150.0.0 16 10.192.1.89 track 221