两组Juniper数据核心通过配置MC-LAG实现防止环路的出现

一、背景

   有两组数据核心交换机部署在两个不同的网络机房,目前状态为单模光纤三层网络互连,但是业务部门提出了一个新的网络需求,要把建三个网段、网关启用在A座机房的核心交换机上,C座机房也要使用这三个网段,幸好在同一个园区,可以再部署两根单模光纤,通过打通二层网络的方式实现,如果两个机房在异地就只能通过vpls的方式实现了。

二、网络拓扑

MC-LAG及RTG在数据中心网络中的应用_第1张图片


        A座核心交换机是两台Juniper的EX9200系列的核心交换机组成的VRRP,C座核心是两台Juniper的


EX9200系列的核心交换机组成的VRRP,新添加的三个网段的网关配置在A座核心上,如果没有配置mc-lag,四台核心组成了环路,通过配置mc-lag,实现防环机制。在汇聚层上由于双线分别上联两台核心交换机,也有环路出现,这儿可以使用Juniper自带的防环配置RTG,而不采用生成树协议。RTG的使用比MC-LAG要简单,但是只有一端为单台设备时才能使用,因此两组核心之间不能使用RTG配置进行防环。

三、配置

1、在A核心交换机上

(1)在主机上

set vlans vlan452 vlan-id 452

set vlans vlan452 l3-interface irb.452

set vlans vlan452 description "XinXiFaBu-VLAN"

set interfaces irb unit 452 family inet address x.x.152.60/26

set interfaces irb unit 452 family inet address x.x.152.60/26 vrrp-group 63 virtual-address x.x.152.62

set interfaces irb unit 452 family inet address x.x.152.60/26 vrrp-group 63 priority 150

set interfaces irb unit 452 family inet address x.x.152.60/26 vrrp-group 63 preempt

set interfaces irb unit 452 family inet address x.x.152.60/26 vrrp-group 63 accept-data

set vlans vlan652 vlan-id 652

set vlans vlan652 l3-interface irb.652

set vlans vlan652 description "HuLianHuTong-VLAN"

set interfaces irb unit 652 family inet address x.x.152.92/27 vrrp-group 64 virtual-address x.x.152.94

set interfaces irb unit 652 family inet address x.x.152.92/27 vrrp-group 64 priority 150

set interfaces irb unit 652 family inet address x.x.152.92/27 vrrp-group 64 preempt

set interfaces irb unit 652 family inet address x.x.152.92/27 vrrp-group 64 accept-data

set vlans vlan752 vlan-id 752

set vlans vlan752 l3-interface irb.752

set vlans vlan752 description "LuBo-VLAN"

set interfaces irb unit 752 family inet address x.x.152.252/25 vrrp-group 65 virtual-address x.x.152.254

set interfaces irb unit 752 family inet address x.x.152.252/25 vrrp-group 65 priority 150

set interfaces irb unit 752 family inet address x.x.152.252/25 vrrp-group 65 preempt

set interfaces irb unit 752 family inet address x.x.152.252/25 vrrp-group 65 accept-data


set protocols iccp peer x.x.x.18 redundancy-group-id-list 4    // 指向A组的备核心

set interfaces ge-3/0/9 ether-options 802.3ad ae4

set interfaces ge-3/0/9 description "To xxx-EX92xx-1_ge-5/0/9"  // 指向C组的主核心

set interfaces ae4 vlan-tagging

set interfaces ae4 unit 0 family ethernet-switching interface-mode trunk

set interfaces ae4 unit 0 family ethernet-switching vlan members 452   //新添加的三个网段

set interfaces ae4 unit 0 family ethernet-switching vlan members 652

set interfaces ae4 unit 0 family ethernet-switching vlan members 752  

set interfaces ae4 description "To xxx-EX92xx-1-ae1"

set interfaces ae4 aggregated-ether-options lacp active

set interfaces ae4 aggregated-ether-options lacp periodic fast

set interfaces ae4 aggregated-ether-options lacp system-id 00:01:02:03:04:07

set interfaces ae4 aggregated-ether-options lacp admin-key 4

set interfaces ae4 aggregated-ether-options mc-ae mc-ae-id 4

set interfaces ae4 aggregated-ether-options mc-ae redundancy-group 4

set interfaces ae4 aggregated-ether-options mc-ae chassis-id 0

set interfaces ae4 aggregated-ether-options mc-ae mode active-standby

set interfaces ae4 aggregated-ether-options mc-ae status-control active

set interfaces ae4 aggregated-ether-options mc-ae switchover-mode revertive

(2)在备机上

set vlans vlan452 vlan-id 452

set vlans vlan452 l3-interface irb.452

set vlans vlan452 description "XinXiFaBu-VLAN"

set interfaces irb unit 452 family inet address x.x.152.61/26 vrrp-group 63 virtual-address x.x.152.62

set interfaces irb unit 452 family inet address x.x.152.61/26 vrrp-group 63 priority 100

set interfaces irb unit 452 family inet address x.x.152.61/26 vrrp-group 63 accept-data


set vlans vlan652 vlan-id 652

set vlans vlan652 l3-interface irb.652

set vlans vlan652 description "HuLianHuTong-VLAN"

set interfaces irb unit 652 family inet address x.x.152.93/27 vrrp-group 64 virtual-address x.x.152.94

set interfaces irb unit 652 family inet address x.x.152.93/27 vrrp-group 64 priority 100

set interfaces irb unit 652 family inet address x.x.152.93/27 vrrp-group 64 accept-data


set vlans vlan752 vlan-id 752

set vlans vlan752 l3-interface irb.752

set vlans vlan752 description "LuBo-VLAN"

set interfaces irb unit 752 family inet address x.x.152.253/25

set interfaces irb unit 752 family inet address x.x.152.253/25 vrrp-group 65 virtual-address x.x.152.254

set interfaces irb unit 752 family inet address x.x.152.253/25 vrrp-group 65 priority 100

set interfaces irb unit 752 family inet address x.x.152.253/25 vrrp-group 65 accept-data


set protocols iccp peer x.x.x.17 redundancy-group-id-list 4  // 指向A组的主核心


set interfaces ge-3/0/9 description "To xx-C-x-EX92xx-2_ge-5/0/9"   // 指向C组的备核心

set interfaces ge-3/0/9 ether-options 802.3ad ae4

set interfaces ae4 description "To xx-C-EX92xx-2-ae1"

set interfaces ae4 vlan-tagging

set interfaces ae4 unit 0 family ethernet-switching interface-mode trunk

set interfaces ae4 unit 0 family ethernet-switching vlan members 452

set interfaces ae4 unit 0 family ethernet-switching vlan members 652

set interfaces ae4 unit 0 family ethernet-switching vlan members 752 

set interfaces ae4 aggregated-ether-options lacp active

set interfaces ae4 aggregated-ether-options lacp periodic fast

set interfaces ae4 aggregated-ether-options lacp system-id 00:01:02:03:04:07

set interfaces ae4 aggregated-ether-options lacp admin-key 4

set interfaces ae4 aggregated-ether-options mc-ae mc-ae-id 4

set interfaces ae4 aggregated-ether-options mc-ae redundancy-group 4

set interfaces ae4 aggregated-ether-options mc-ae chassis-id 1        

set interfaces ae4 aggregated-ether-options mc-ae mode active-standby

set interfaces ae4 aggregated-ether-options mc-ae status-control standby


2、在C核心交换机上

set interfaces ae1 vlan-tagging

set interfaces ae1 aggregated-ether-options lacp active

set interfaces ae1 aggregated-ether-options lacp periodic fast


3、在汇聚层上

set ethernet-switching-options redundant-trunk-group group RTG-1 interface ge-0/1/0.0 primary

set ethernet-switching-options redundant-trunk-group group RTG-1 interface ge-0/1/1.0

set ethernet-switching-options storm-control interface all