No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 12

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuration Task Summary

Configuration Task Summary

After the basic TRILL functions are configured, a TRILL network can be constructed. If other TRILL functions are required, configure them according to reference sections.

NOTE:

In large-mac-table mode, the device does not support the TRILL function.

Table 10-5 describes the RIP configuration tasks.
Table 10-5 TRILL configuration tasks

Scenario

Description

Task

Configuring basic TRILL functions

The following functions can be configured only when the basic TRILL functions are enabled.
NOTE:

On the current CX11x&CX31x&CX710&CX91x Series switch modules, Layer 3 route forwarding cannot be performed after TRILL packets are terminated.

Configuring Basic TRILL Functions

Adjusting TRILL route selection

After the basic TRILL functions are configured, each node in the network can communicate with each other using TRILL. The unicast and multicast forwarding tables are generated through TRILL based on the LSDBs to guide the unicast and multicast traffic forwarding. However, on a large network, only the protocol mechanism cannot meet the network planning and traffic management requirements. As TRILL uses the SPF algorithm to calculate unicast and multicast routing tables, some links may be set idle due to high costs. Meanwhile, some links with low costs are too busy to load traffic and load balancing cannot be performed. This results in the network resource waste and affects the network transmission quality. Therefore, to optimize TRILL networks, route selection must be adjusted for accurate network control.

Adjusting TRILL Route Selection

Adjusting the TRILL network convergence speed

The network convergence speed determines the network quality. Although TRILL supports fast convergence, it always applies to large data center networks. A complex network slows down the convergence speed. In this situation, the network convergence speed can be manually increased.

Adjusting the TRILL Network Convergence Speed

Configuring the association between STP and TRILL

You are advised to configure the association between STP/RSTP/MSTP and TRILL on edge devices connecting TRILL networks to STP/RSTP/MSTP networks.

Configuring the Association Between STP/RSTP/MSTP and TRILL

Configuring TRILL network dual-homing through an E-Trunk

NOTICE:

To deploy the TRILL network dual-homing through an E-Trunk, ensure that all devices on the TRILL networks run the software version of DCV100R003C00 or a later version.

In a dual-homing access scenario, if the VLAN appointed forwarder (AF) or MSTP is associated with TRILL to eliminate loops, servers must connect to the TRILL network through Layer 2 access switches. This access mode also requires link redundancy backup, causing a waste of bandwidth. You can configure servers to be dual-homed to the TRILL network through E-Trunk. The servers then forward traffic simultaneously. This access mode ensures reliability and fully utilizes network bandwidth.

Configuring TRILL Network Dual-Homing Through an Eth-Trunk

Improving TRILL network security

With development of the Internet, more and more data, voice, and video information is exchanged over networks, and most of these services require high security. TRILL authentication is an encryption method based on network security requirements. It encrypts TRILL packets by adding the authentication field to the packets. When the local RB receives TRILL packets sent from a remote RB, if the authentication passwords are different from the local configuration, the local RB discards the packets to implement self-protection.

TRILL supports the following authentication modes:
  • simple: supports plain-text authentication, requires simple configuration, and applies to networks with lower security requirements.
  • MD5: supports plain-text or cipher-text authentication, requires simple configuration, and applies to networks that require short-time encryption. A single password is generated after this mode is configured, and the password can be changed only manually.
  • Keychain: provides an enhanced encryption algorithm and allows users to define a group of passwords as a password string. An encryption/decryption algorithm and a validity period are defined for each password. The keychain algorithm is complex to configure. Keychain authentication allows automatically change of a password based on the configuration. Therefore, keychain authentication is applicable to the network requiring high security.
  • hmac-sha256: uses the hmac-sha256 algorithm.
Improving TRILL Network Security
Translation
Download
Updated: 2019-08-09

Document ID: EDOC1000041694

Views: 58625

Downloads: 3621

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next