Configuring DAD
Context
Dual-active detection (DAD) can detect a dual-master condition after a stack splits.
It is recommended that you configure DAD for a stack to minimize the impact of a stack split on services.
In Table 1-7, multiple DAD modes are available to meet different networking requirements.
Task |
Description |
|---|---|
If stack member switches have idle ports, you can configure DAD in direct mode on the ports. The ports are then exclusively used for DAD and cannot forward data traffic. |
|
You can configure DAD in relay mode for a stack when an inter-device Eth-Trunk is established in the stack. To use this detection mode, configure DAD in relay mode on the inter-device Eth-Trunk and enable the DAD relay function on the relay agent. Unlike the direct mode on service ports, the relay mode does not require exclusive ports or affect service packet forwarding on the Eth-Trunk. |
|
When all stack member switches connect to a management network through their management interfaces, DAD can be implemented using the management interfaces. This mode does not occupy additional ports and does not require a DAD relay agent. |
|
Stack ports can be used for DAD. This detection mode uses stack links as DAD links and does not require additional ports. |
|
After the DAD detects a stack split, member switches compete to determine their active/recovery states. The member switch that fails in the competition shuts down all its service ports to prevent network flapping caused by MAC or IP address flapping. If some ports only transparently transmit packets, they do not affect network operation in a dual-active condition. If you want to retain services on these ports, specify the ports as excluded ports. These ports will not be shut down when a dual-active condition occurs. |
|
After a stack in which DAD has been configured splits, the management interface of the switch that fails the DAD competition is shut down. The management interface is not a reserved interface by default. You can log in to this switch only through the console interface instead of the management interface. If the backup IP address is configured for a stack member switch and the switch fails the DAD competition, enable the management interface and switch the IP address to the backup IP address to prevent conflict with the management IP addresses of other switches. You can then remotely log in to the switch to locate and rectify faults. Management interfaces of all member switches must be connected to the management network. Otherwise, after the stack splits, users cannot log in to the switches using their backup IP address. |
|
After the stack in which DAD has been configured splits, the switch that wins the competition retains in Active state and works normally. The other switch that fails in the competition turns to the Recovery state and shuts down all its service ports except the excluded ones. Services on the shutdown ports are interrupted. If the switch in Active state fails or is removed from the network before the stack recovers, you can restore shutdown ports on the switch in Recovery state. Then the switch takes over services on the faulty switch to minimize impact on services. Do not perform this operation if the switch in active state is working normally. Otherwise, a dual-active condition will occur again and service ports will be shut down, causing port flapping. |
In a stack, DAD in direct mode on service ports and DAD in relay mode on an Eth-Trunk are mutually exclusive and cannot be configured simultaneously. DAD in direct mode on service ports, DAD on stack ports, and DAD on management ports can be configured simultaneously. DAD in relay mode on an Eth-Trunk, DAD on stack ports, and DAD on management ports can be configured simultaneously.
You can configure a maximum of four direct detection links to ensure reliable DAD detection. A dual-active condition can be detected as long as one of the direct detection links is working normally.
You can configure DAD relay on a maximum of four Eth-Trunk interfaces to ensure reliable DAD detection. A dual-active condition can be detected as long as one of the Eth-Trunk interfaces is working normally.
- A dual-active conflict will not be detected among the switches that do not support stack setup.
To implement DAD through management interfaces, ensure that IP addresses are configured for management interfaces. After member switches set up a stack, only one management interface MEth0/0/0/0 is displayed for the stack. You only need to configure an IP address for this management interface.
When DAD is implemented through management interfaces, a dual-active situation is detected if different stacks have management interfaces connected to the same management network and have the same stack domain ID and management IP address configured. As a result, ports on the low-priority device will become Error-Down. To prevent this problem, ensure that stacks connected to the same management network have different stack domain IDs and management IP addresses.
- You are advised not to use DAD configured on management interfaces because the detection period is long. DAD in direct mode on service ports or DAD in relay mode on an Eth-Trunk interface is recommended.
Procedure
- Configure DAD.
Configure DAD in direct mode using service ports.
Run the system-view command to enter the system view.
Run the interface interface-type interface-number command to enter the interface view.
Run the dual-active detect mode direct command to enable DAD in direct mode on the service port.
By default, DAD in direct mode is disabled on an interface.
After DAD in direct mode is configured on a service port, the interface is blocked. The interface then processes only bridge protocol data units (BPDUs) and does not forward service packets.
After DAD in direct mode is configured on a service port, you are advised to disable STP on the port (STP is enabled by default) to prevent the port status change from causing the STP status change.
The direct detection links can also be connected through an intermediate device. DAD packets are BPDUs, so the intermediate device must be configured to transparently transmit BPDUs. For details on the configuration method, see Configuring Interface-based Layer 2 Protocol Tunneling in the Ethernet Switching Configuration Guide.
Run the commit command to commit the configuration.
Configure DAD in relay mode using Eth-Trunk.
Configure the stack.
Run the system-view command to enter the system view.
Run the interface eth-trunk trunk-id command to enter the Eth-Trunk interface view.
Run the dual-active detect mode relay command to configure DAD in relay mode on the Eth-Trunk interface.
By default, DAD in relay mode is not configured on an Eth-Trunk interface.
Run the commit command to commit the configuration.
Configure the relay agent.
Run the system-view command to enter the system view.
Run the interface eth-trunk trunk-id command to enter the Eth-Trunk interface view.
Run the dual-active proxy command to enable the DAD relay function on the Eth-Trunk interface.
By default, the DAD relay function is disabled on an Eth-Trunk interface.
Run the commit command to commit the configuration.
Configure DAD through management interfaces.
Run the system-view command to enter the system view.
Run the interface meth 0/0/0/0 command to enter the management interface view.
Run the dual-active detect enable command to enable DAD on the management interface.
By default, DAD is disabled on a management interface.
Run the commit command to commit the configuration.
Configure DAD through stack ports.
Run the system-view command to enter the system view.
Run the interface stack-port member-id/port-id command to enter the stack port view.
Run the dual-active detect mode direct command to enable DAD on the stack port.
By default, DAD is disabled on a stack port.
Run the commit command to commit the configuration.
- (Optional) Specify excluded ports.
- (Optional) Set a backup IP address for a member switch.
- Set a backup IPv4 address for the stack member switch.
- Run the dual-active backup ip address ipv4-address { mask | mask-length } member { member-id | all } command to set a backup IPv4 address for the stack member switch.
Run the dual-active backup ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length | ipv6-address link-local } [ cga ] member { member-id | all } command to set a backup IPv6 address for the stack member switch.
Before configuring an IPv6 address, run the ipv6 enable command in the management interface view to enable the IPv6 function on the management interface.
By default, no backup IP address is set for a stack member switch.
The configured backup IP address cannot be the same as the IP address of the stack management interface.
The backup IP address does not take effect until a stack splits. You can log in to a stack member using the backup IP address only after the stack splits.
- Set a backup IPv4 address for the stack member switch.
- (Optional) Restore shutdown ports.
- Run the dual-active restore command to restore the ports that have been shut down by DAD.
Do not perform this operation if the switch in active state is working normally. Otherwise, a dual-active condition will occur again and service ports will be shut down, causing port flapping.
- Run the dual-active restore command to restore the ports that have been shut down by DAD.
Verifying the Configuration
Run the display dual-active [ proxy ] command to check the DAD configuration.
Follow-up Procedure
<HUAWEI> display interface 10ge 1/1/0/1
10GE1/1/0/1 current state : ERROR DOWN(dual-active-fault-event) (ifindex: 12)
Line protocol current state : DOWN
......
After ports enter the Error-Down state, you need to rectify the link fault leading to the stack split. After the link fault is rectified, the multiple stacks will be merged, the switches that fail in DAD competition will restart automatically, and service ports in Error-Down state will recover automatically after the switches restart.