其他信息
园区交换矩阵核心分布 CRB 配置
本部分显示瞻博网络 Mist 云针对使用 eBGP 的核心和分布式交换机上的 IP 交换矩阵底层的配置输出。
Mist 提供以下选项(括号中的默认值):
- BGP 本地 AS (65001)
- 环路前缀 (/24)
- 子网 (10.255.240.0/20) – 相邻层之间的点对点接口
在核心层和分布层之间的整个园区交换矩阵中,Mist 使用 ECMP 实现按数据包(Junos OS 将其定义为按流)负载平衡,并使用 BFD 在链路或节点发生故障时实现 BGP 的快速融合。
核心 1 配置
- 两个分布交换机之间的互连。
set interfaces xe-1/0/5 description evpn_downlink-to-d8539a646fc0 set interfaces xe-1/0/5 unit 0 family inet address 10.255.240.6/31 set interfaces xe-1/0/6 description evpn_downlink-to-d8539a64b5c0 set interfaces xe-1/0/6 unit 0 family inet address 10.255.240.8/31
- 环路接口和路由器 ID。
set groups top interfaces lo0 unit 0 family inet address 192.168.255.11/32 set groups top routing-options router-id 192.168.255.11
- 按数据包实现负载均衡。
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet set groups top policy-options policy-statement ecmp_policy then accept set groups top routing-options forwarding-table export ecmp_policy
- 两台分布交换机之间的 BGP 底层网络。
set protocols bgp group evpn_underlay type external set protocols bgp group evpn_underlay log-updown set protocols bgp group evpn_underlay import evpn_underlay_import set protocols bgp group evpn_underlay family inet unicast set protocols bgp group evpn_underlay authentication-key "xyz" set protocols bgp group evpn_underlay export evpn_underlay_export set protocols bgp group evpn_underlay local-as 65002 set protocols bgp group evpn_underlay multipath multiple-as set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 350 set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3 set protocols bgp group evpn_underlay neighbor 10.255.240.7 peer-as 65003 set protocols bgp group evpn_underlay neighbor 10.255.240.9 peer-as 65004 set protocols bgp graceful-restart
核心2配置
- 两个分布交换机之间的互连。
set interfaces xe-1/0/4 description evpn_downlink-to-d8539a646fc0 set interfaces xe-1/0/4 unit 0 family inet address 10.255.240.2/31 set interfaces xe-1/0/5 description evpn_downlink-to-d8539a64b5c0 set interfaces xe-1/0/5 unit 0 family inet address 10.255.240.4/31
- 环路接口和路由器 ID。
set groups top interfaces lo0 unit 0 family inet address 192.168.255.12/32 set groups top routing-options router-id 192.168.255.12
- 按数据包实现负载均衡。
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet set groups top policy-options policy-statement ecmp_policy then accept set groups top routing-options forwarding-table export ecmp_policy
- 两台分布交换机之间的 BGP 底层网络。
set protocols bgp group evpn_underlay type external set protocols bgp group evpn_underlay log-updown set protocols bgp group evpn_underlay import evpn_underlay_import set protocols bgp group evpn_underlay family inet unicast set protocols bgp group evpn_underlay authentication-key "xyz" set protocols bgp group evpn_underlay export evpn_underlay_export set protocols bgp group evpn_underlay local-as 65001 set protocols bgp group evpn_underlay multipath multiple-as set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 350 set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3 set protocols bgp group evpn_underlay neighbor 10.255.240.3 peer-as 65003 set protocols bgp group evpn_underlay neighbor 10.255.240.5 peer-as 65004 set protocols bgp graceful-restart
Dist1 配置
- 两个核心交换机之间的互连。
Core Interfaces: set interfaces xe-0/0/4 description evpn_uplink-to-f4b52ff3f400 set interfaces xe-0/0/4 unit 0 family inet address 10.255.240.3/31 set interfaces xe-0/0/5 description evpn_uplink-to-f4b52ff40400 set interfaces xe-0/0/5 unit 0 family inet address 10.255.240.7/31
- 环路接口和路由器 ID。
set groups top interfaces lo0 unit 0 family inet address 192.168.255.21/32 set groups top routing-options router-id 192.168.255.21
- 按数据包实现负载均衡。
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet set groups top policy-options policy-statement ecmp_policy then accept set groups top routing-options forwarding-table export ecmp_policy
- 两个核心交换机和两个接入交换机之间的 BGP 底层网络。
set protocols bgp group evpn_underlay type external set protocols bgp group evpn_underlay log-updown set protocols bgp group evpn_underlay import evpn_underlay_import set protocols bgp group evpn_underlay family inet unicast set protocols bgp group evpn_underlay authentication-key "xyz" set protocols bgp group evpn_underlay export evpn_underlay_export set protocols bgp group evpn_underlay local-as 65003 set protocols bgp group evpn_underlay multipath multiple-as set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 350 set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3 set protocols bgp group evpn_underlay neighbor 10.255.240.2 peer-as 65001 set protocols bgp group evpn_underlay neighbor 10.255.240.6 peer-as 65002 set protocols bgp graceful-restart
Dist2 配置
- 两个核心交换机之间的互连。
Core Interfaces: set interfaces xe-0/0/5 description evpn_uplink-to-f4b52ff3f400 set interfaces xe-0/0/5 unit 0 family inet address 10.255.240.5/31 set interfaces xe-0/0/6 description evpn_uplink-to-f4b52ff40400 set interfaces xe-0/0/6 unit 0 family inet address 10.255.240.9/31
- 环路接口和路由器 ID。
set groups top interfaces lo0 unit 0 family inet address 192.168.255.22/32 set groups top routing-options router-id 192.168.255.22
- 按数据包实现负载均衡。
set groups top policy-options policy-statement ecmp_policy then load-balance per-packet set groups top policy-options policy-statement ecmp_policy then accept set groups top routing-options forwarding-table export ecmp_policy
- 两个核心交换机和两个接入交换机之间的 BGP 底层网络。
set protocols bgp group evpn_underlay type external set protocols bgp group evpn_underlay log-updown set protocols bgp group evpn_underlay import evpn_underlay_import set protocols bgp group evpn_underlay family inet unicast set protocols bgp group evpn_underlay authentication-key "xyz" set protocols bgp group evpn_underlay export evpn_underlay_export set protocols bgp group evpn_underlay local-as 65004 set protocols bgp group evpn_underlay multipath multiple-as set protocols bgp group evpn_underlay bfd-liveness-detection minimum-interval 350 set protocols bgp group evpn_underlay bfd-liveness-detection multiplier 3 set protocols bgp group evpn_underlay neighbor 10.255.240.4 peer-as 65001 set protocols bgp group evpn_underlay neighbor 10.255.240.8 peer-as 65002 set protocols bgp graceful-restart
EVPN VXLAN 叠加网络和虚拟网络的配置
本部分显示使用 eBGP 的核心和分布式交换机上的 EVPN VXLAN 叠加网络的瞻博网络 Mist 云配置输出。
Mist 可在核心层和分布层之间使用 BFD 实现跨叠加网络的负载平衡,并在链路或节点发生故障时快速融合 BGP。
Mist 在核心层上配置 L3 IRB 接口。
Mist 支持 VXLAN 隧道、VLAN 到 VXLAN 映射以及 MP BGP 配置片段,例如分布交换机和核心交换机上的 vrf 目标。
用于流量隔离的 VRF 在核心交换机上配置。
核心 1 配置
- 两个分布交换机之间的 BGP 叠加对等互连。
set protocols bgp group evpn_overlay type external set protocols bgp group evpn_overlay multihop ttl 1 set protocols bgp group evpn_overlay multihop no-nexthop-change set protocols bgp group evpn_overlay local-address 192.168.255.11 set protocols bgp group evpn_overlay log-updown set protocols bgp group evpn_overlay family evpn signaling loops 2 set protocols bgp group evpn_overlay authentication-key "xyz" set protocols bgp group evpn_overlay local-as 65002 set protocols bgp group evpn_overlay multipath multiple-as set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000 set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3 set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic set protocols bgp group evpn_overlay neighbor 192.168.255.21 peer-as 65003 set protocols bgp group evpn_overlay neighbor 192.168.255.22 peer-as 65004
- 定义 vrf 目标和用于 VXLAN 的源环路接口的交换机选项。
set groups top routing-instances evpn_vs vtep-source-interface lo0.0 set groups top routing-instances evpn_vs route-distinguisher 192.168.255.11:1 set groups top routing-instances evpn_vs vrf-target target:65000:1
- VXLAN 封装。
set groups top routing-instances evpn_vs protocols evpn encapsulation vxlan set groups top routing-instances evpn_vs protocols evpn default-gateway no-gateway-community set groups top routing-instances evpn_vs protocols evpn extended-vni-list all
- 用于流量隔离的 VRF。
set groups top routing-instances guest-wifi instance-type vrf set groups top routing-instances guest-wifi routing-options static route 0.0.0.0/0 next-hop 10.33.33.254 set groups top routing-instances guest-wifi routing-options multipath set groups top routing-instances guest-wifi routing-options auto-export set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes advertise direct-nexthop set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes encapsulation vxlan set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes vni 15560868 set groups top routing-instances guest-wifi interface irb.1033 set groups top routing-instances guest-wifi route-distinguisher 192.168.255.11:103 set groups top routing-instances guest-wifi vrf-target target:65000:103 set groups top routing-instances guest-wifi vrf-table-label set groups top routing-instances developers instance-type vrf set groups top routing-instances developers routing-options static route 0.0.0.0/0 next-hop 10.88.88.254 set groups top routing-instances developers routing-options multipath set groups top routing-instances developers routing-options auto-export set groups top routing-instances developers protocols evpn ip-prefix-routes advertise direct-nexthop set groups top routing-instances developers protocols evpn ip-prefix-routes encapsulation vxlan set groups top routing-instances developers protocols evpn ip-prefix-routes vni 15600414 set groups top routing-instances developers interface irb.1088 set groups top routing-instances developers route-distinguisher 192.168.255.11:102 set groups top routing-instances developers vrf-target target:65000:102 set groups top routing-instances developers vrf-table-label set groups top routing-instances corp-it instance-type vrf set groups top routing-instances corp-it routing-options static route 0.0.0.0/0 next-hop 10.99.99.254 set groups top routing-instances corp-it routing-options multipath set groups top routing-instances corp-it routing-options auto-export set groups top routing-instances corp-it protocols evpn ip-prefix-routes advertise direct-nexthop set groups top routing-instances corp-it protocols evpn ip-prefix-routes encapsulation vxlan set groups top routing-instances corp-it protocols evpn ip-prefix-routes vni 11284517 set groups top routing-instances corp-it interface irb.1099 set groups top routing-instances corp-it route-distinguisher 192.168.255.11:101 set groups top routing-instances corp-it vrf-target target:65000:101 set groups top routing-instances corp-it vrf-table-label
- VLAN 到 VXLAN 的映射。
set groups top routing-instances evpn_vs vlans vlan1033 vlan-id 1033 set groups top routing-instances evpn_vs vlans vlan1033 l3-interface irb.1033 set groups top routing-instances evpn_vs vlans vlan1033 vxlan vni 11033 set groups top routing-instances evpn_vs vlans vlan1088 vlan-id 1088 set groups top routing-instances evpn_vs vlans vlan1088 l3-interface irb.1088 set groups top routing-instances evpn_vs vlans vlan1088 vxlan vni 11088 set groups top routing-instances evpn_vs vlans vlan1099 vlan-id 1099 set groups top routing-instances evpn_vs vlans vlan1099 l3-interface irb.1099 set groups top routing-instances evpn_vs vlans vlan1099 vxlan vni 11099
- 支持具有虚拟网关寻址的 L3 IRB 接口。
set interfaces irb unit 1033 proxy-macip-advertisement set interfaces irb unit 1033 virtual-gateway-accept-data set interfaces irb unit 1033 description vlan1033 set interfaces irb unit 1033 family inet mtu 9000 set interfaces irb unit 1033 family inet address 10.33.33.2/24 virtual-gateway-address 10.33.33.1 set interfaces irb unit 1088 proxy-macip-advertisement set interfaces irb unit 1088 virtual-gateway-accept-data set interfaces irb unit 1088 description vlan1088 set interfaces irb unit 1088 family inet mtu 9000 set interfaces irb unit 1088 family inet address 10.88.88.2/24 virtual-gateway-address 10.88.88.1 set interfaces irb unit 1099 proxy-macip-advertisement set interfaces irb unit 1099 virtual-gateway-accept-data set interfaces irb unit 1099 description vlan1099 set interfaces irb unit 1099 family inet mtu 9000 set interfaces irb unit 1099 family inet address 10.99.99.2/24 virtual-gateway-address 10.99.99.1
核心2配置
- 两个分布交换机之间的 BGP 叠加对等互连。
set protocols bgp group evpn_overlay type external set protocols bgp group evpn_overlay multihop ttl 1 set protocols bgp group evpn_overlay multihop no-nexthop-change set protocols bgp group evpn_overlay local-address 192.168.255.12 set protocols bgp group evpn_overlay log-updown set protocols bgp group evpn_overlay family evpn signaling loops 2 set protocols bgp group evpn_overlay authentication-key "xyz" set protocols bgp group evpn_overlay local-as 65001 set protocols bgp group evpn_overlay multipath multiple-as set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000 set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3 set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic set protocols bgp group evpn_overlay neighbor 192.168.255.21 peer-as 65003 set protocols bgp group evpn_overlay neighbor 192.168.255.22 peer-as 65004
- 定义 vrf 目标和用于 VXLAN 的源环路接口的交换机选项。
set groups top routing-instances evpn_vs vtep-source-interface lo0.0 set groups top routing-instances evpn_vs route-distinguisher 192.168.255.12:1 set groups top routing-instances evpn_vs vrf-target target:65000:1
- VXLAN 封装。
set groups top routing-instances evpn_vs protocols evpn encapsulation vxlan set groups top routing-instances evpn_vs protocols evpn default-gateway no-gateway-community set groups top routing-instances evpn_vs protocols evpn extended-vni-list all
- 用于流量隔离的 VRF。
set groups top routing-instances guest-wifi instance-type vrf set groups top routing-instances guest-wifi routing-options static route 0.0.0.0/0 next-hop 10.33.33.254 set groups top routing-instances guest-wifi routing-options multipath set groups top routing-instances guest-wifi routing-options auto-export set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes advertise direct-nexthop set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes encapsulation vxlan set groups top routing-instances guest-wifi protocols evpn ip-prefix-routes vni 15560868 set groups top routing-instances guest-wifi interface irb.1033 set groups top routing-instances guest-wifi route-distinguisher 192.168.255.12:103 set groups top routing-instances guest-wifi vrf-target target:65000:103 set groups top routing-instances guest-wifi vrf-table-label set groups top routing-instances developers instance-type vrf set groups top routing-instances developers routing-options static route 0.0.0.0/0 next-hop 10.88.88.254 set groups top routing-instances developers routing-options multipath set groups top routing-instances developers routing-options auto-export set groups top routing-instances developers protocols evpn ip-prefix-routes advertise direct-nexthop set groups top routing-instances developers protocols evpn ip-prefix-routes encapsulation vxlan set groups top routing-instances developers protocols evpn ip-prefix-routes vni 15600414 set groups top routing-instances developers interface irb.1088 set groups top routing-instances developers route-distinguisher 192.168.255.12:102 set groups top routing-instances developers vrf-target target:65000:102 set groups top routing-instances developers vrf-table-label set groups top routing-instances corp-it instance-type vrf set groups top routing-instances corp-it routing-options static route 0.0.0.0/0 next-hop 10.99.99.254 set groups top routing-instances corp-it routing-options multipath set groups top routing-instances corp-it routing-options auto-export set groups top routing-instances corp-it protocols evpn ip-prefix-routes advertise direct-nexthop set groups top routing-instances corp-it protocols evpn ip-prefix-routes encapsulation vxlan set groups top routing-instances corp-it protocols evpn ip-prefix-routes vni 11284517 set groups top routing-instances corp-it interface irb.1099 set groups top routing-instances corp-it route-distinguisher 192.168.255.12:101 set groups top routing-instances corp-it vrf-target target:65000:101 set groups top routing-instances corp-it vrf-table-label
- VLAN 到 VXLAN 的映射。
set groups top routing-instances evpn_vs vlans vlan1033 vlan-id 1033 set groups top routing-instances evpn_vs vlans vlan1033 vxlan vni 11033 set groups top routing-instances evpn_vs vlans vlan1088 vlan-id 1088 set groups top routing-instances evpn_vs vlans vlan1088 vxlan vni 11088 set groups top routing-instances evpn_vs vlans vlan1099 vlan-id 1099 set groups top routing-instances evpn_vs vlans vlan1099 vxlan vni 11099 set groups top routing-instances evpn_vs vlans vlan33 vlan-id 33 set groups top routing-instances evpn_vs vlans vlan33 l3-interface irb.33 set groups top routing-instances evpn_vs vlans vlan33 vxlan vni 10033 set groups top routing-instances evpn_vs vlans vlan99 vlan-id 99 set groups top routing-instances evpn_vs vlans vlan99 l3-interface irb.99 set groups top routing-instances evpn_vs vlans vlan99 vxlan vni 10099
- 支持具有虚拟网关寻址的 L3 IRB 接口。
set interfaces irb unit 1033 proxy-macip-advertisement set interfaces irb unit 1033 virtual-gateway-accept-data set interfaces irb unit 1033 description vlan1033 set interfaces irb unit 1033 family inet mtu 9000 set interfaces irb unit 1033 family inet address 10.33.33.2/24 virtual-gateway-address 10.33.33.1 set interfaces irb unit 1088 proxy-macip-advertisement set interfaces irb unit 1088 virtual-gateway-accept-data set interfaces irb unit 1088 description vlan1088 set interfaces irb unit 1088 family inet mtu 9000 set interfaces irb unit 1088 family inet address 10.88.88.2/24 virtual-gateway-address 10.88.88.1 set interfaces irb unit 1099 proxy-macip-advertisement set interfaces irb unit 1099 virtual-gateway-accept-data set interfaces irb unit 1099 description vlan1099 set interfaces irb unit 1099 family inet mtu 9000 set interfaces irb unit 1099 family inet address 10.99.99.2/24 virtual-gateway-address 10.99.99.1
Dist1 配置
- 两个核心交换机之间的 BGP 叠加对等互连。
set protocols bgp group evpn_overlay type external set protocols bgp group evpn_overlay multihop ttl 1 set protocols bgp group evpn_overlay multihop no-nexthop-change set protocols bgp group evpn_overlay local-address 192.168.255.21 set protocols bgp group evpn_overlay log-updown set protocols bgp group evpn_overlay family evpn signaling loops 2 set protocols bgp group evpn_overlay authentication-key "xyz" set protocols bgp group evpn_overlay local-as 65003 set protocols bgp group evpn_overlay multipath multiple-as set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000 set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3 set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic set protocols bgp group evpn_overlay neighbor 192.168.255.12 peer-as 65001 set protocols bgp group evpn_overlay neighbor 192.168.255.11 peer-as 65002
- 定义 vrf 目标和用于 VXLAN 的源环路接口的交换机选项。
set groups top switch-options vtep-source-interface lo0.0 set groups top switch-options route-distinguisher 192.168.255.21:1 set groups top switch-options vrf-target target:65000:1
- VXLAN 封装。
set groups top protocols evpn encapsulation vxlan set groups top protocols evpn default-gateway no-gateway-community set groups top protocols evpn extended-vni-list all
- VLAN 到 VXLAN 的映射。
set vlans vlan1033 vlan-id 1033 set vlans vlan1033 vxlan vni 11033 set vlans vlan1088 vlan-id 1088 set vlans vlan1088 vxlan vni 11088 set vlans vlan1099 vlan-id 1099 set vlans vlan1099 vxlan vni 11099
Dist2 配置
- 两个核心交换机之间的 BGP 叠加对等互连。
set protocols bgp group evpn_overlay type external set protocols bgp group evpn_overlay multihop ttl 1 set protocols bgp group evpn_overlay multihop no-nexthop-change set protocols bgp group evpn_overlay local-address 192.168.255.22 set protocols bgp group evpn_overlay log-updown set protocols bgp group evpn_overlay family evpn signaling loops 2 set protocols bgp group evpn_overlay authentication-key "xyz" set protocols bgp group evpn_overlay local-as 65004 set protocols bgp group evpn_overlay multipath multiple-as set protocols bgp group evpn_overlay bfd-liveness-detection minimum-interval 1000 set protocols bgp group evpn_overlay bfd-liveness-detection multiplier 3 set protocols bgp group evpn_overlay bfd-liveness-detection session-mode automatic set protocols bgp group evpn_overlay neighbor 192.168.255.12 peer-as 65001 set protocols bgp group evpn_overlay neighbor 192.168.255.11 peer-as 65002
- 定义 vrf 目标和用于 VXLAN 的源环路接口的交换机选项。
set groups top switch-options vtep-source-interface lo0.0 set groups top switch-options route-distinguisher 192.168.255.22:1 set groups top switch-options vrf-target target:65000:1
- VXLAN 封装。
set groups top protocols evpn encapsulation vxlan set groups top protocols evpn default-gateway no-gateway-community set groups top protocols evpn extended-vni-list all
- VLAN 到 VXLAN 的映射。
set vlans vlan1033 vlan-id 1033 set vlans vlan1033 vxlan vni 11033 set vlans vlan1088 vlan-id 1088 set vlans vlan1088 vxlan vni 11088 set vlans vlan1099 vlan-id 1099 set vlans vlan1099 vxlan vni 11099
在分布式交换机和接入交换机之间配置 2 层 ESI-LAG
本部分显示瞻博网络 Mist 云用于在分布式交换机和接入交换机之间启用 L2 ESI LAG 的配置输出。此 Mist 配置文件使用必要的 ESI 和 LACP 配置选项启用以太网捆绑包上的所有 VLAN。从接入交换机的角度来看,在接入层上配置的以太网捆绑包将 ESI-LAG 视为具有相同 LACP 系统 ID 的单个 MAC 地址。这样就可以在分布层和接入层之间进行负载散列,而无需 RSTP 等 L2 无环路检测协议。
Dist1 配置
- 两个核心交换机之间的 BGP 叠加对等互连。
set interfaces ae1 apply-groups crb-lag set interfaces ae1 esi 00:11:00:00:00:01:00:01:03:01 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:31:57:01 set interfaces ae1 aggregated-ether-options lacp admin-key 1 set groups crb-lag interfaces <*> mtu 9100 set groups crb-lag interfaces <*> unit 0 family ethernet-switching interface-mode trunk set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1088 set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1099 set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1033 set interfaces ge-0/0/36 description esilag-to-00cc34f3cf00 set interfaces ge-0/0/36 hold-time up 120000 set interfaces ge-0/0/36 hold-time down 1 set interfaces ge-0/0/36 ether-options 802.3ad ae1 set interfaces ge-0/0/37 description esilag-to-00cc34f3cf00 set interfaces ge-0/0/37 hold-time up 120000 set interfaces ge-0/0/37 hold-time down 1 set interfaces ge-0/0/37 ether-options 802.3ad ae0
Dist2 配置
- 两个核心交换机之间的 BGP 叠加对等互连。
set interfaces ae1 apply-groups crb-lag set interfaces ae1 esi 00:11:00:00:00:01:00:01:03:01 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:31:57:01 set interfaces ae1 aggregated-ether-options lacp admin-key 1 set groups crb-lag interfaces <*> mtu 9100 set groups crb-lag interfaces <*> unit 0 family ethernet-switching interface-mode trunk set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1088 set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1099 set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1033 set interfaces ge-0/0/36 description esilag-to-00cc34f3cf00 set interfaces ge-0/0/36 hold-time up 120000 set interfaces ge-0/0/36 hold-time down 1 set interfaces ge-0/0/36 ether-options 802.3ad ae1 set interfaces ge-0/0/37 description esilag-to-00cc34f3cf00 set interfaces ge-0/0/37 hold-time up 120000 set interfaces ge-0/0/37 hold-time down 1 set interfaces ge-0/0/37 ether-options 802.3ad ae0
访问配置
- 与新的 LACP 以太网捆绑包关联的 VLAN。
set groups crb-lag interfaces <*> mtu 9100 set groups crb-lag interfaces <*> unit 0 family ethernet-switching interface-mode trunk set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1088 set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1099 set groups crb-lag interfaces <*> unit 0 family ethernet-switching vlan members vlan1033 set interfaces ae1 apply-groups crb-lag set interfaces ae1 aggregated-ether-options lacp active set interfaces ge-0/0/36 ether-options 802.3ad ae1 set interfaces ge-0/0/37 ether-options 802.3ad ae1
在核心交换机和 SRX 系列防火墙之间配置第 2 层 ESI-LAG
本部分显示瞻博网络 Mist 云的配置输出,用于在核心交换机和 SRX 系列防火墙之间启用 L2 ESI LAG(链路聚合组)。此 Mist 配置文件使用必要的 ESI 和 LACP 配置选项启用以太网捆绑包上的所有 VLAN。从 SRX 系列防火墙的角度来看,在 SRX 系列防火墙上配置的以太网捆绑包将 ESI-LAG 视为具有相同 LACP 系统 ID 的单个 MAC 地址。这样就可以在核心防火墙和 SRX 系列防火墙之间进行负载散列,而无需 RSTP 等 L2 无环路检测协议。
图 1:支持主动-主动负载平衡
.png)
的第 2 层 ESI-LAG
的第 2 层 ESI-LAG
核心 1 配置
- 与新创建的以太网捆绑包(包括 ESI 和 LACP 配置)的接口关联。
set interfaces xe-1/0/0 hold-time up 120000 set interfaces xe-1/0/0 hold-time down 1 set interfaces xe-1/0/0 ether-options 802.3ad ae1 set interfaces xe-1/0/0 unit 0 family ethernet-switching storm-control default set interfaces ae1 apply-groups esilag set interfaces ae1 esi 00:11:00:00:00:01:00:01:02:01 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:31:57:01 set interfaces ae1 aggregated-ether-options lacp admin-key 1
核心 2 配置
- 与新创建的以太网捆绑包(包括 ESI 和 LACP 配置)的接口关联。
set interfaces xe-1/0/1 hold-time up 120000 set interfaces xe-1/0/1 hold-time down 1 set interfaces xe-1/0/1 ether-options 802.3ad ae1 set interfaces xe-1/0/1 unit 0 family ethernet-switching storm-control default set interfaces ae1 apply-groups esilag set interfaces ae1 esi 00:11:00:00:00:01:00:01:02:01 set interfaces ae1 esi all-active set interfaces ae1 aggregated-ether-options lacp active set interfaces ae1 aggregated-ether-options lacp periodic fast set interfaces ae1 aggregated-ether-options lacp system-id 00:00:00:31:57:01 set interfaces ae1 aggregated-ether-options lacp admin-key 1
SRX 系列防火墙配置
- 与新创建的以太网捆绑包和 LACP 配置的接口关联。
set interfaces ae0 apply-groups lan set interfaces ae0 flexible-vlan-tagging set interfaces ae0 mtu 9014 set interfaces ae0 aggregated-ether-options lacp active set interfaces ae0 unit 1033 description vlan1033 set interfaces ae0 unit 1033 vlan-id 1033 set interfaces ae0 unit 1033 family inet address 10.33.33.254/24 set interfaces ae0 unit 1088 description vlan1088 set interfaces ae0 unit 1088 vlan-id 1088 set interfaces ae0 unit 1088 family inet address 10.88.88.254/24 set interfaces ae0 unit 1099 description vlan1099