MSTP+VRRP组网应用Monitor Link调整流量路径问题

发布时间:  2015-12-02 浏览次数:  459 下载次数:  0
问题描述

该客户的组网如下图所示:

 

1)SW1SW2SW3二层防环使用MSTP,其中:

192.168.10.1/24 对应Instance 1, 此时SW1master

192.168.20.1/24 对应instance 2,此时SW2master

2)SW1SW2Router动态路由协议为OSPF

3)在SW1SW2 OSPF进程上引入直连路由的时候,使用route-policy(if-match不同的vlanif,设置不同的cost值)使得192.168.1.1访问192.168.10.1的路径为PC3routerSW1SW3PC1,192.168.1.1访问192.168.20.1的路径为PC3routerSW2SW3PC2.

4)在不同路径访问过程中(以PC3访问PC1为例),当SW1GE0/0/21断开后,流量总是要经过SW1SW2GE0/0/20互联接口(由于SW1SW2SW3MSTP协议将SW3GE0/0/24设置为阻塞端口)其中,SW3对应instance1(vlan 10)阻塞端口为GE0/0/24;instance2(vlan 20)阻塞端口为GE0/0/23。

切换后的实际流量如下图红线所示,而客户的需求是切换后的流量为蓝色:




解决方案

分析:由于SW1SW2RouterOSPF协议,在线路正常的情况下,根据不同的cost值,进行选路,实现SW1SW2设备的流量负载分担,该局点流量走红色的线路的主要原因是MSTPSW3GE0/0/24端口阻塞掉。

解决办法:

Step1:若改动MSTP,会影响组网整体的流量,而且当网络恢复正常后不能进行正常切换,不建议执行;

Step2:使用Monitor Link。将SW1的GE0/0/21GE0/0/23加入Monitor Link,此时GE0/0/21Uplink,GE0/0/23downlink,若Uplink 的状态为down,此时downlink的状态也变为down,实现了流量按客户定制化需求的走向(上图蓝线);

PC3tracert的结果为:

SW1的主要配置如下:

<SW1>dis current-configuration

#

sysname SW1

#

vlan batch 10 20 201 203

#

stp instance 1 root primary

stp instance 2 root secondary

#

 

stp region-configuration

 region-name huawei

 instance 1 vlan 10

 instance 2 vlan 20

 active region-configuration

#

interface Vlanif10

 ip address 192.168.10.253 255.255.255.0

 vrrp vrid 10 virtual-ip 192.168.10.254

 vrrp vrid 10 priority 120

 vrrp vrid 10 track interface GigabitEthernet0/0/21 reduced 80

#

interface Vlanif20

 ip address 192.168.20.252 255.255.255.0

 vrrp vrid 20 virtual-ip 192.168.20.254

#

interface Vlanif201

 ip address 192.168.201.1 255.255.255.0

#

interface Vlanif203

 ip address 192.168.203.1 255.255.255.0

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

 port link-type trunk

 port trunk allow-pass vlan 10 20 203

#

interface GigabitEthernet0/0/21

 shutdown

 port link-type access

 port default vlan 201

#

interface GigabitEthernet0/0/22

#

interface GigabitEthernet0/0/23

 shutdown

 port link-type trunk

 port trunk allow-pass vlan 10 20

#

interface GigabitEthernet0/0/24

#

monitor-link group 1

 port GigabitEthernet0/0/21 uplink

 port GigabitEthernet0/0/23 downlink 1

#

ospf 1 router-id 192.168.255.11

 import-route direct route-policy vlanif10and20

 area 0.0.0.0

  network 192.168.201.0 0.0.0.255

  network 192.168.203.0 0.0.0.255

#

route-policy vlanif10and20 permit node 10

 if-match interface Vlanif10

 apply cost 10

#

route-policy vlanif10and20 permit node 20

 if-match interface Vlanif20

 apply cost 20

#

snmp-agent

snmp-agent local-engineid 800007DB034C1FCC62BFC3

snmp-agent sys-info version v3

#

user-interface con 0

user-interface vty 0 4

#

Return

 

SW2的主要配置如下:

 

<SW2>dis current-configuration

#

sysname SW2

#

vlan batch 10 20 202 to 203

#

stp instance 1 root secondary

stp instance 2 root primary

#

stp region-configuration

 region-name huawei

 instance 1 vlan 10

 instance 2 vlan 20

 active region-configuration

#

drop-profile default

#

interface Vlanif10

 ip address 192.168.10.252 255.255.255.0

 vrrp vrid 10 virtual-ip 192.168.10.254

#

interface Vlanif20

 ip address 192.168.20.253 255.255.255.0

 vrrp vrid 20 virtual-ip 192.168.20.254

 vrrp vrid 20 priority 120

 vrrp vrid 20 track interface GigabitEthernet0/0/21

#

interface Vlanif202

 ip address 192.168.202.1 255.255.255.0

#

interface Vlanif203

 ip address 192.168.203.2 255.255.255.0

#

interface GigabitEthernet0/0/17

#

interface GigabitEthernet0/0/18

#

interface GigabitEthernet0/0/19

#

interface GigabitEthernet0/0/20

 port link-type trunk

 port trunk allow-pass vlan 10 20 203

#

interface GigabitEthernet0/0/21

 port link-type access

 port default vlan 202

#

interface GigabitEthernet0/0/22

#

interface GigabitEthernet0/0/23

#

interface GigabitEthernet0/0/24

 port link-type trunk

 port trunk allow-pass vlan 10 20

#

interface NULL0

#

ospf 1 router-id 192.168.255.12

 import-route direct route-policy vlanif10and20

 area 0.0.0.0

  network 192.168.202.0 0.0.0.255

  network 192.168.203.0 0.0.0.255

#

route-policy vlanif10and20 permit node 10

 if-match interface Vlanif10

 apply cost 20

#

route-policy vlanif10and20 permit node 20

 if-match interface Vlanif20

 apply cost 10

#

user-interface con 0

user-interface vty 0 4

#

return

 

Router的主要配置如下:

[Router]dis current-configuration
#
sysname Router

#
wlan ac-global carrier id other ac id 0
#
set cpu-usage threshold 80 restore 75
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
local-user admin service-type http
#
firewall zone Local
priority 15
#
interface GigabitEthernet0/0/0
ip address 192.168.201.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 192.168.202.2 255.255.255.0
#
interface GigabitEthernet0/0/2
ip address 192.168.1.254 255.255.255.0
#
interface NULL0
#
ospf 1 router-id 192.168.255.1
area 0.0.0.0
  network 192.168.1.0 0.0.0.255
  network 192.168.201.0 0.0.0.255
  network 192.168.202.0 0.0.0.255
#
user-interface con 0
authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

 

 

 

 

 

 

 

 

 

END