在这篇博客中,小编要和读者聊聊有关MSTP——多生成树的问题,这是网络维护人员经常要接触,读者可能知道,在MSTP(IEEE 802.1s)产生之前有STP(IEEE 802.1d)、和RSTP(IEEE 802.1w)的存在,这三种技术都很好的保证了局域网通信的质量,但是目前企业使用MSTP居多,之所以会出现这种局面,是因为传统的生成树存在诸多问题
图1-1
1.STP和RSTP,在网络中进行生成树计算的时候都没有考虑到VLAN的情况
2.传统生成树的计算结果可能会导致VLAN之间通信的链路被阻断
3.例如上图中的switchA和switchC之间的链路被阻断
MSTP引出区域和实例的概念,很好的解决了传统生成树协议无法解决的问题
1.Instance:一台交换机的一个或多个Vlan的集合
2.因为很多Vlan采用一个Vlan实例,可实现预期的负载均衡
3.交换机只运行二个实例,减少交换机系统的资源
图2-1
4.MST region:有着相同instance 配置的交换机组成的域,运行独立的生成树(IST,internal spanning-tree)
图2-2
5.MST region的划分
- MST配置名称(name):最长可用32 个字节长的字符串来标识MSTP region。
- MST revision number:用一个16bit 长的修正值来标识MSTP region。
- MST instance—vlan 的对应表:每台交换机都最多可以新增64 个instance,instance 0 是强制存在的,用户还可以按需要分配1-4094 个vlan 属于不同的instance(0-64),未分配的vlan 缺省就属于instance 0
- Instance 0 所对应的生成树称之为CIST(Common Instance Spanning Tree)
- 同一个MST区域的交换机的以上配置属性必须相同
以下小编列出配置华为MST域的指令,如图3-1所示:
图3-1
设定根桥指令,如图3-2所示
图3-2
设定根桥优先级
图3-3
设定备份根桥指令,如图3-4所示
图3-4
MSTP运行模式配置
图3-5
接下来,小编用一个综合性的案例做详细的说明
实验拓扑如图4-1
图4-1
Sw-1配置
<sw-1>dis cu
#
sysname sw-1
#
vlan batch 10 20 30 40 //批量创建VLAN
#
stp instance 1 root primary //设置实例1的根桥是SW1
stp instance 2 root secondary //设置实例2的备份根桥是SW1
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration //配置区域
region-name zzu //区域名为zzu
revision-level 1 //区域的修订号
instance 1 vlan 10 20 //实例1绑定vlan10,vlan20
instance 2 vlan 30 40 //实例2绑定vlan30,vlan40
active region-configuration //激活区域
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
e-trunk 1
#
interface Eth-Trunk1 //添加聚合端口
#
interface Ethernet0/0/1
port link-type trunk //设置trunk链路
port trunk allow-pass vlan 2 to 4094 //允许所有vlan通过
#
interface Ethernet0/0/2 //设置trunk链路
port link-type trunk
port trunk allow-pass vlan 2 to 4094 //允许所有vlan通过
interface Ethernet0/0/21
eth-trunk 1 //加入聚合端口
#
interface Ethernet0/0/22
eth-trunk 1 //加入聚合端口
Sw-2配置
<sw-2>dis cu
#
sysname sw-2
#
vlan batch 10 20 30 40 //批量添加vlan
#
stp instance 1 root secondary //设置sw2为实例1的备份根桥
stp instance 2 root primary //设置sw2为实例2的根桥
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration //配置区域
region-name zzu //区域名为zzu
revision-level 1 //区域的修订号
instance 1 vlan 10 20 //实例1绑定vlan10,vlan20
instance 2 vlan 30 40 //实例2绑定vlan30,vlan40
active region-configuration //激活区域
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Eth-Trunk1 //添加聚合端口
#
interface Ethernet0/0/1
port link-type trunk //设置trunk链路
port trunk allow-pass vlan 2 to 4094 //允许所有vlan通过
#
interface Ethernet0/0/2 //设置trunk链路
port link-type trunk
port trunk allow-pass vlan 2 to 4094 //允许所有vlan通过
interface Ethernet0/0/21
eth-trunk 1 //加入聚合端口
#
interface Ethernet0/0/22
eth-trunk 1 //加入聚合端口
sw-3配置
<sw-3>dis cu
#
sysname sw-3
#
vlan batch 10 20 30 40
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name zzu
revision-level 1
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
sw-4配置
<sw-4>dis cu
#
sysname sw-4
#
vlan batch 10 20 30 40
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name zzu
revision-level 1
instance 1 vlan 10 20
instance 2 vlan 30 40
active region-configuration
#
drop-profile default
#
aaa
authentication-scheme default
authorization-scheme default
accounting-scheme default
domain default
domain default_admin
local-user admin password simple admin
local-user admin service-type http
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
实验目的:
将vlan10,vlan20的根交换机设置为sw-1,将vlan30,vlan40 的根交换机设置为sw-2
验证结果
Sw-1的stp及instance信息
<sw-1>dis stp br
MSTID Port Role STP State Protection
0 Ethernet0/0/1 DESI FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
0 Eth-Trunk1 DESI FORWARDING NONE
1 Ethernet0/0/1 DESI FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
2 Ethernet0/0/1 ROOT FORWARDING NONE
2 Ethernet0/0/2 ALTE DISCARDING NONE
<sw-1>dis stp in 1 br
MSTID Port Role STP State Protection
1 Ethernet0/0/1 DESI FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
<sw-1>dis stp in 2 br
MSTID Port Role STP State Protection
2 Ethernet0/0/1 ROOT FORWARDING NONE
2 Ethernet0/0/2 ALTE DISCARDING NONE
Sw-2的stp及instance信息
<sw-2>dis stp br
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ALTE DISCARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
0 Eth-Trunk1 ROOT FORWARDING NONE
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 ALTE DISCARDING NONE
2 Ethernet0/0/1 DESI FORWARDING NONE
2 Ethernet0/0/2 DESI FORWARDING NONE
<sw-2>dis stp in 1 br
MSTID Port Role STP State Protection
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 ALTE DISCARDING NONE
<sw-2>dis stp in 2 br
MSTID Port Role STP State Protection
2 Ethernet0/0/1 DESI FORWARDING NONE
2 Ethernet0/0/2 DESI FORWARDING NONE
Sw-3的stp及instance信息
<sw-3>dis stp br
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ROOT FORWARDING NONE
0 Ethernet0/0/2 DESI FORWARDING NONE
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
2 Ethernet0/0/1 DESI FORWARDING NONE
2 Ethernet0/0/2 ROOT FORWARDING NONE
<sw-3>dis stp in 1 br
MSTID Port Role STP State Protection
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
<sw-3>dis stp in 2 br
MSTID Port Role STP State Protection
2 Ethernet0/0/1 DESI FORWARDING NONE
2 Ethernet0/0/2 ROOT FORWARDING NONE
Sw-4的stp及instance信息
<sw-4>dis stp br
MSTID Port Role STP State Protection
0 Ethernet0/0/1 ROOT FORWARDING NONE
0 Ethernet0/0/2 ALTE DISCARDING NONE
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
2 Ethernet0/0/1 DESI FORWARDING NONE
2 Ethernet0/0/2 ROOT FORWARDING NONE
<sw-4>dis stp in 1 br
MSTID Port Role STP State Protection
1 Ethernet0/0/1 ROOT FORWARDING NONE
1 Ethernet0/0/2 DESI FORWARDING NONE
<sw-4>dis stp in 2 br
MSTID Port Role STP State Protection
2 Ethernet0/0/1 DESI FORWARDING NONE
2 Ethernet0/0/2 ROOT FORWARDING NONE
整体的实验结果就是这个样子,当然最重要的是读者要理解MSTP提出的区域和实例的概念,理论如果清楚了实验就不麻烦了,有啥问题请及时联系小编哈,走起。。。。。。