Procedure

1. Run system-view

   The system view is displayed.

2. Run dfs-group dfs-group-id

   A DFS group is created and its view is displayed, or the view of an existing DFS group is displayed.

3. Bind the DFS group to an IP address based on the actual scenario.

   When a device is dual-homed to PEs on an Ethernet, a VXLAN, or an IP network, bind the DFS group to an IP address. Run either of the following commands. The commands cannot be configured simultaneously.

   • Run source ip ip-address [ vpn-instance vpn-instance-name ] [ peer peer-ip-address [ udp-port port-number ] ]

     The DFS group is bound to an IPv4 address and a VPN instance.

   • Run source ipv6 ipv6-address [ vpn-instance vpn-instance-name ] [ peer peer-ipv6-address [ udp-port port-number ] ]

     The DFS group is bound to an IPv6 address and a VPN instance.

   Assume that the heartbeat IP address and UDP port number of the peer device are specified when the heartbeat IP address for communication bound to a DFS group is configured. When the configuration takes effect, the two M-LAG devices immediately start to send and receive heartbeat packets and negotiate the HB DFS master/backup status. In scenarios where enhanced DAD for secondary faults is enabled, if faults on the original DFS master device are rectified and the peer-link fault persists, the corresponding interfaces on the backup device are triggered to enter the Error-Down state based on the HB DFS master/backup status. This mechanism prevents abnormal traffic forwarding in the scenario where two master devices exist and improves device reliability.

4. (Optional) Run priority priority

   The priority of the DFS group is set.

   The priority of a DFS group is used for master/backup negotiation between two devices. A larger value indicates a higher priority of the device. The device with a higher priority is the master device.

   If the priorities of two devices are the same, the device with a smaller MAC address is the master device.

   By default, the priority of a DFS group is 100.

5. (Optional) Run m-lag up-delay value [ auto-recovery interval interval-time ]

   The delay for the M-LAG member interface to report the Up event is set.

   To ensure the revertive switching performance, the default delay for the M-LAG member interface to report the Up event is 240s, and the automatic recovery interval is not configured in scenarios such as switch restart, card reset, or peer-link fault recovery.

6. (Optional) Run set lacp system-id switch-delay { switch-delay-time | immediately }

   The delay in switching the LACP M-LAG system ID is set.

   By default, the LACP M-LAG system ID is not switched. The immediately parameter indicates that the LACP M-LAG system ID is switched immediately. When the value of the switch-delay-time parameter is 0, the LACP M-LAG system ID is not switched.

7. (Optional) Run authentication-mode hmac-sha256 password password

   The authentication mode and password of DFS group synchronization packets are configured.

   By default, the authentication mode of DFS group synchronization packets is not configured.

8. (Optional) Run dfs-master led enable

   The stack status indicator is enabled to display the DFS group master and backup status.

   By default, the stack status indicator does not display the DFS group master and backup status.

   After the stack status indicator is enabled to display the DFS group master and backup status, the stack status indicator on the DFS master device is steady on and that on the DFS backup device is off.

9. (Optional) Run dual-active detection error-down { delay delay-time | disable }

   The action of changing interfaces excluding the management interface, peer-link interface, and stack interface on the backup device to Error-Down state when the peer-link fails but the DAD heartbeat status is normal is disabled or delayed.

   By default, interfaces excluding the management interface, peer-link interface, and stack interface on the backup device change to Error-Down state when the peer-link fails but the DAD heartbeat status is normal.

   When an access device is single-homed to M-LAG master and backup devices using Layer 3 access mode, traffic forwarding on the backup device is not affected in a dual-active scenario where the peer-link fails but the DAD heartbeat status is normal. To prevent packet loss, you can run the dual-active detection error-down command to disable or delay the action of changing interfaces excluding the management interface, peer-link interface, and stack interface on the backup device to Error-Down state when the peer-link fails but the DAD heartbeat status is normal.

   When an access device is connected to M-LAG master and backup devices using M-LAG dual-homing access mode or Layer 2 access mode, you cannot disable or delay the Error-Down action.

10. (Optional) Run dual-active detection enhanced enable

    Enhanced DAD for secondary faults is enabled.

    On a dual-homing network where M-LAG is deployed, when the peer-link fails but the DAD status is normal, some interfaces on the DFS backup device enter the Error-Down state. In this case, the DFS master device continues to work. When the DFS master device cannot work because it is powered off or it restarts, the M-LAG master and backup devices cannot forward traffic.

    In this case, enhanced DAD for secondary faults can be enabled. When the peer-link fails and secondary faults occur, the DFS backup device detects the fault on the DFS master device and restores the interfaces in Error-Down state to forward traffic. This ensures nonstop transmission when secondary faults occur.

    If the peer-link fault persists after secondary faults are rectified, two master devices may exist. It is recommended that you specify the IP address of the peer device when configuring the IP address bound to the DFS group. In this case, if the peer-link fault persists after the faulty device recovers, the corresponding interfaces on the HB DFS backup device are triggered to enter the Error-Down state, preventing abnormal traffic forwarding in the scenario where two master devices exist.

11. (Optional) Run dual-active detection error-down mode routing-switch

    Logical interfaces are configured to enter the Error-Down state when the peer-link fails but the DAD status is normal in an M-LAG scenario.

    By default, logical interfaces are not triggered to enter the Error-Down state when the peer-link fails but the DAD status is normal in an M-LAG scenario. On a dual-homing TRILL network where M-LAG is deployed, when the peer-link fails but the DAD status is normal, the M-LAG interface on the backup device enters the Error-Down state. On a dual-homing Ethernet or IP network where M-LAG is deployed, when the peer-link fails but the DAD status is normal, physical interfaces except the logical interface, interface configured with m-lag unpaired-port reserved, management interface, peer-link interface, and stack interface on the backup device all enter the Error-Down state.

    On the IP or VXLAN network where M-LAG is deployed, when the dual-active detection error-down mode routing-switch command is used, only VLANIF interfaces, VBDIF interfaces, loopback interfaces, and M-LAG member interfaces are triggered to enter the Error-Down state.

    After logical interfaces are configured to change to Error-Down state when the peer-link fails but the DAD heartbeat status is normal in an M-LAG, if a faulty peer-link interface in the M-LAG recovers, the devices restore VLANIF interfaces, VBDIF interfaces, and loopback interfaces to Up state 6 seconds after DFS group pairing succeeds to ensure that ARP entry synchronization on a large number of VLANIF interfaces is normal. If a delay after which the Layer 3 protocol status of the interface changes to Up is configured, the delay after which VLANIF interfaces, VBDIF interfaces, and loopback interfaces go Up is the configured delay plus 6 seconds.

12. (Optional) Run peer-link mac-address remain enable { paired-port | unpaired-port }

    The system is configured not to trigger the local or remote M-LAG device to delete the corresponding MAC address on the peer-link interface under certain conditions.

    By default, the system triggers the local or remote M-LAG device to delete the corresponding MAC address on the peer-link interface under certain conditions.

13. (Optional) Run pim synchronize enable

    DR priority synchronization is enabled when the DR priority is changed.

    By default, DR priority synchronization is disabled when the DR priority is changed. Member devices in two M-LAG active-active systems are connected to a PIM network. The DR priority of one M-LAG is higher than that of the other M-LAG. If the M-LAG with a higher DR priority fails, the DR priority of the master device in the other M-LAG becomes higher through a new round of DR election. To ensure that multicast data packets are not lost in the entire M-LAG system, configure DR priority synchronization to increase the DR priority of the backup device in the M-LAG.

14. (Optional) Run vrrp synchronize enable

    VRRP priority synchronization is enabled when the VRRP priority is changed.

    By default, VRRP priority synchronization is disabled when the VRRP priority is changed. Two M-LAG active-active systems are configured as master and backup devices in a VRRP group, respectively. If the VRRP master device fails and cannot forward packets, the priority of the master device in the M-LAG configured as the VRRP backup device becomes higher. To prevent packet loss in the entire M-LAG system, configure VRRP priority synchronization to increase the VRRP priority of the backup device in the M-LAG.

15. Run commit

    The configuration is committed.