H3C-DRNI-DC双活网关架构

最新推荐文章于 2024-04-18 10:55:06 发布

期待未来的男孩

最新推荐文章于 2024-04-18 10:55:06 发布

阅读量818

点赞数 1

分类专栏：路由交换文章标签：网络服务器运维

本文链接：https://blog.csdn.net/u012391293/article/details/127062387

版权

路由交换专栏收录该内容

76 篇文章 12 订阅

订阅专栏

在这里插入图片描述

DRNI

SHA4-SER-SW001
vlan 4

interface Vlan-interface4
 ip address 10.221.4.1 255.255.255.0
 mac-address 0004-0004-0004
 
vlan 4000
 description drni_keepalive
 
interface Vlan-interface4000
 description drni_keepalive_port
 ip address 1.1.1.1 255.255.255.252

 drni system-mac 0001-0001-0001
 drni system-number 1
 drni system-priority 100
 drni keepalive ip destination 1.1.1.2 source 1.1.1.1
 drni mad exclude interface Vlan-interface4000
  
 interface Bridge-Aggregation100
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
 port drni intra-portal-port 1
 
 
 interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan all
 port drni group 1
 
 interface Ten-GigabitEthernet0/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 1
#
interface Ten-GigabitEthernet0/0/2
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 1
--------------------------------------------   
SHA4-SER-SW002
vlan 4
interface Vlan-interface4
 ip address 10.221.4.1 255.255.255.0
 mac-address 0004-0004-0004

vlan 4000
 description drni_keepalive
 
interface Vlan-interface4000
 description drni_keepalive_port
 ip address 1.1.1.2 255.255.255.252
 
 drni role priority 65535
 drni system-mac 0001-0001-0001
 drni system-number 1
 drni system-priority 100
 drni keepalive ip destination 1.1.1.1 source 1.1.1.2
 drni mad exclude interface Vlan-interface4000
  
 interface Bridge-Aggregation100
 port link-type trunk
 port trunk permit vlan all
 link-aggregation mode dynamic
 port drni intra-portal-port 1
 
 interface Bridge-Aggregation1
 port link-type trunk
 port trunk permit vlan all
 port drni group 1
 
 interface Ten-GigabitEthernet0/0/1
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 1
#
interface Ten-GigabitEthernet0/0/2
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 1
--------------------------------------------  
SHA4-SER-SW001 
#其他接入设备略
interface Bridge-Aggregation40
 port link-type trunk
 port trunk permit vlan all 
 #
 interface Ten-GigabitEthernet1/0/45
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 40
#
interface Ten-GigabitEthernet1/0/46
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 40
#
interface Ten-GigabitEthernet2/0/45
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 40
#
interface Ten-GigabitEthernet2/0/46
 port link-mode bridge
 port link-type trunk
 port trunk permit vlan all
 port link-aggregation group 40

备注

DRNI双活网关组网，用双活虚地址为源ping下联服务器时，会出现部分地址ping不通的情况,正常现象。

DR系统的两端的端口LAG模式都为static。

OSPF

SHA4-SER-SW001

ospf 221 router-id 10.221.0.2
 import-route direct
 area 0.0.0.221
  network 10.221.0.0 0.0.0.7
#
ospf 1221 router-id 10.221.0.10
 import-route direct
 import-route static
 area 0.0.0.221
  network 10.221.0.8 0.0.0.7
#
ospf 2221 router-id 10.221.3.3
 default-route-advertise
 import-route static
 area 0.0.0.221
  network 10.221.3.0 0.0.0.255
#
ospf 192 router-id 10.192.1.90
 abr-summary 10.220.0.0 255.254.0.0
 area 0.0.0.221
  network 10.192.1.90 0.0.0.3
  
--------------------------------------------  
#SHA4-SER-SW002

ospf 221 router-id 10.221.0.3
 import-route direct
 area 0.0.0.221
  network 10.221.0.0 0.0.0.7
#
ospf 1221 router-id 10.221.0.11
 import-route direct
 area 0.0.0.221
  network 10.221.0.8 0.0.0.7
#
ospf 2221 router-id 10.221.3.3
 default-route-advertise
 area 0.0.0.221
  network 10.221.3.0 0.0.0.255
#

--------------------------------------------
SHA4-SER-SW001
#其他接入设备略
ospf 2221 router-id 10.221.3.17
 area 0.0.0.221
  network 10.221.3.0 0.0.0.255

PBR

SHA4-SER-SW001

acl basic 2001
rule 0 permit source 222.71.61.56 0.0.0.7
#
policy-based-route ISP_PRB permit node 10
if-match acl 2001
apply next-hop 10.221.0.9
#
acl basic 2002
rule 0 permit source 140.206.67.80 0.0.0.7
#
policy-based-route ISP_PRB permit node 20
if-match acl 2002
apply next-hop 10.221.0.1
#
int vlan 4
ip policy-based-route ISP_PRB

--------------------------------------------
SHA4-SER-SW002
acl basic 2001
rule 0 permit source 222.71.61.56 0.0.0.7
#
policy-based-route ISP_PRB permit node 10
if-match acl 2001
apply next-hop 10.221.0.9
#
acl basic 2002
rule 0 permit source 140.206.67.80 0.0.0.7
#
policy-based-route ISP_PRB permit node 20
if-match acl 2002
apply next-hop 10.221.0.1
#
int vlan 4
ip policy-based-route ISP_PRB

RP

SHA4-SER-SW001
#输出过滤
acl basic 2101
rule 0 deny source 1.1.1.0 0.0.0.3
rule permit

ospf 1221
filter-policy 2101 export

ospf 221
filter-policy 2101 export


--------------------------------------------

SHA4-SER-SW002
#输出过滤
acl basic 2101
rule 0 deny source 1.1.1.0 0.0.0.3
rule permit
ospf 2221
filter-policy 2101 export

ospf 1221
filter-policy 2101 export

ospf 221
filter-policy 2101 export

NQA+Static

SHA4-SER-SW001

nqa entry admin ping
 type icmp-echo
  destination ip 10.192.1.89
  frequency 100
  reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#              
 nqa schedule admin ping start-time now lifetime forever 

 track 1 nqa entry admin ping reaction 1

 ip route-static 10.150.0.0 16 10.192.1.89 track 221