current position:Home>18 days (link aggregation of configuration, the working process of the VRRP, IPV6 configuration)

18 days (link aggregation of configuration, the working process of the VRRP, IPV6 configuration)

2022-08-06 08:29:26Stay-true

第十八天

2022828:32

链路聚合 --- Can be more than one physical interface bundled into a logical interface,即将N条物理链路聚合为一条逻辑链路.Can under the condition of not to upgrade hardware,To achieve the effect of increase bandwidth.

We will be logical link,Known as aggregation link,In huawei equipment is calledETH-TRUNK链路(This technology is designed for Ethernet technology).We will each physical link called the member link;We will polymerization after logical interface called polymerization interface,In huawei equipment is calledETH-TRUNK接口,Before physical interfaces are known as members of the interface.

Link aggregation technology requirements of:

1,Channel all physical interfaces should have the same transmission rate,双工模式,相同的类型(ACCESS或者TRUNK)Including the interface put through the list of allowed andPVID.

2,通道的对端必须是同一台设备.

配置

1,创建聚合接口

[sw2]interface Eth-Trunk 0 [sw2-Eth-Trunk0]

2,The physical interface to polymerization in the interface

[sw2-Eth-Trunk0]trunkport GigabitEthernet 0/0/1 0/0/2

[sw1]interface Ethernet 0/0/1 --- May also directly into the physical interface,将其划入到对应的聚合接口中

[sw1-Ethernet0/0/1]eth-trunk 0

注意:Huawei equipment to ensure that the aggregation of interface state machine configuration are the same,做了如下限制1,在聚合之前,All interface can't for any configuration operation

2,聚合之后,All operations in aggregate interface operation,Not in the physical interface to operate

Huawei equipment of the default aggregation link used is based on the flow of load sharing. --- Huawei equipment default through sourceIP和目标IPTo distinguish between different data flow

[sw2-Eth-Trunk1]load-balance ? --- Can modify the data flow of judgment way

dst-ip According to destination IP hash arithmetic

dst-mac According to destination MAC hash arithmetic

src-dst-ip According to source/destination IP hash arithmetic

src-dst-mac According to source/destination MAC hash arithmetic src-ip According to source IP hash arithmetic

src-mac According to source MAC hash arithmetic

[r1-Eth-Trunk0]undo portswitch 将二层接口改为三层接口

[r1-Eth-Trunk0]

VRRP --- 虚拟路由器冗余协议

VRRP目前存在两个版本 --- VRRP V2 --- IPV4 --- 华为设备默认使用的是VRRP V2

--- VRRP V3 --- IPV6

在VRRP中存在一个组的概念 --- The router will all need to work together(Does not have only two devices,Also there can be multiple devices),放到同一个VRRP组中.为了区分不同的VRRP组,We need to give each group to design aVRID --- 8位二进制构成 --- 一个VRRPGroup need a virtual gateway,The gateway need to configure a virtualIP地址 --- 1,Must be manually specify,2,Must and physical gateway interfaceIP Address configuration in the same network segment. --- And will automatically generate a virtualMAC地址. 0000 -

5e00 - 01XX 最后8A binary using the groupVRID来标识.

VRRP的工作过程:

The gateway interface configuration activationVRRP,Are all gateway interface will sendVRRP的数据包,进行主备关系选举,

(先比较优先级,8位二进制构成,取值范围为1 - 255,默认值为100;The big priority was elected as the main,The rest of the equipment for backup.如果优先级相同,则比较接口的IP地址,IP地址大的为

主.)选举结束后,Only the Lord will periodically sendVRRP数据包(发送周期默认为1S),The rest of the backup device only listen,若在3.6S(3 X 周期时间 + 偏移时间(256 - 优先级)/ 256)Not received within the Lord sentVRRP数据包,Will determine the main failure,An election will return.

[r2-GigabitEthernet0/0/0]vrrp vrid 10 virtual-ip 192.168.1.254 接口激活VRRP

Need gateway device needs to work on the sameVRRP组中,则VRIDYou must configure the same.

在华为设备中,虚拟的IP可以使用物理接口的IP地址,The effect is the interface device directly identified primarily,优先级设置为255.

[r3-GigabitEthernet0/0/0]display vrrp 查看VRRP的配置信息

Preempt : YES VRRPAgreement is open to grab mode by default,But only for cable level effective

[r3-GigabitEthernet0/0/0]vrrp vrid 10 priority 110 修改优先级

[r3-GigabitEthernet0/0/0]vrrp vrid 10 track interface GigabitEthernet 0/0/1 reduced 50 上

Track line link.If the track interface failure,Will perform the corresponding action.The action is reducing priority50.(If later don't drive for,The default priority reduction10)

IPV6

IANA 因特网地址分配组织

IPV6地址 --- 128位二进制

1,“无限”的地址空间:因为IPV6地址由128位二进制构成,So the number of addresses is very much.

2,层次化的地址结构:The so-called hierarchical address structure is refers to the allocation more reasonable,More conducive to summarize.主要由IANA组织来完成.

3,即插即用:SLAAC --- 无状态地址自动配置 --- Just need to have gateway equipment,Will be automatically issued aIPV6地址.

4,Simplifies the head of a message:

TOS --- 服务类型 --- Traffic Class --- 流量分类TTL --- 生存时间 --- HOP Limit --- 跳数限制Protocol --- 协议 --- next header --- 下一个头部

名称变化,Description more accurate

Flow Label --- 流标签 --- Can be used to distinguish and mark the different flow,便于做Qos,There is no enabled.

删除的部分(Simplify part) --- 头部长度 --- Mainly because of the following options field also been deleted, 导致IPV6Baotou from a variable-length header into fixed-length head,Support hardware processing.

--- 校验和 For all levels of protocol encapsulation,There are checking

And to ensure the integrity of the data,But you only need to check a can,所以,Can completely remove.

 

 

5,Ensure the integrity of the end-to-end network:在IPV4网络当中,因为NAT技术的存在,Lead to damage to end-to-end network integrity,而IPV6Because the address in enough,不需要运行NAT技术,所以,Can ensure its integrity.

6,安全性增强:在IPV6中,为了保证数据传输的安全性,专门设计了一套IPSEC(因特网协议安全协议)体系,当然,目前IPV4也可以使用IPSEC来保证安全.

7,增强Qos特性:Mainly reflected in the increased flow label field,More convenient to completeQos,但是,目前尚未启用.

IPV6地址

--- 128位二进制 冒分16进制

2001:0123:0000:4560:0000:0000:0000:001A 首选格式

A = a

The way a compressed format:

1,每一段前导0可以省略,If a is all0,则至少保留1个,拖尾的0不能省略;

2001:123:0:4560:0:0:0:1A

2,If there is one or more of the whole period of all0的情况,可以使用“::”来表示,但整个IPV6There can be at most in compressed format address1个"::"

2001:123:0:4560::1A 压缩格式

内嵌IPV4地址格式 --- 前96位用IPV6At points of hexadecimal to say,后32位按照IPV4点分十进制来表示

::192.168.1.1

在IPV6地址中,Also need to distinguish between network and host bits,Network inIPV6Referred to as network prefix,The host inIPV6Is known as the interface identifier in.

在IPV6A subnet mask address also need for network prefix logo,But only use the short format2001::1 /64 IPV6Address of the default mask of length64位

IPV6The generation of address interface identification method: 1,手工配置

2,EUI-64规则自动生成 --- 1,在接口MAC地址的第25开始,插入 FFFE 16位二进制.

2,将生成的64位2进制中的第7位取反

02e0:fcFF:FE64:5980

[r1-GigabitEthernet0/0/0]ipv6 address 2002:: 64 eui-64 --- 通过EUI-64Rules automatically generated interface id

----- IPV6地址支持多宿主.(一个接口可以配置多个IPV6地址) Huawei equipment one by one

Mouth can configure multiple different segment ofIPV6地址.3,Equipment randomly generated interfaceID

IPV6地址分类

单播地址,组播地址,任播地址 As a multicast address is also calibrate a group,但是,A packet his eye

The address is as a multicast address,Effect is all the equipment will be sent to the group in recent target distance local routing sense.

注意:在IPV6Address does not exist in the broadcast address,Directly using the multicast address instead of

The classification of the unicast address:

1,GUA地址 全球单播地址

相当于IPV4中的公网地址

2000:: /3 ---- 2000:0000:0000:0000:0000:0000:0000:0000 --

3FFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF:FFFF

2001:: /16 The current commercial to getIPV6的GUA地址

2002:: /16 针对6to4隧道使用的

2,ULA地址 唯一本地地址

相当于IPV4中的私网地址

This section addresses can't appear in theIPV6The public route,并且,因为IPV6地址足够多,So the private network address can guarantee uniqueness.

FC00:: /7 1111110 0

FD:: /8 Currently used addresses

FC:: /8 No is not enabled

3,LLA地址 本地链路地址

这个地址在IPV6In the system is very important,As long as the interface can be configuredIPV6地址,, which will automatically configure a local link address.

FE80:: /10 --- FE80:: /64 The prefix fixed,Will automatically according toEUI-64的规则生成

接口标识.

因为IPV6Supports multiple host address,所以,An interface may be moreIPV6地址,In dynamic routing protocols to calculate the path to write down a jump,Select only one of them to write,Generally the address may be changed,导致不稳定,所以,Dynamic routing protocols generally use the local link address of the interface for the next dance.

组播地址

FF:: /8

RIPV2 --- 224.0.0.9  --- FF02::9 33:33:00:00:00:09

OSPF --- 224.0.0.5,224.0.0.6 ---- FF02::5,FF02::6 33:33:00:00:00:

05, ---- 33:33:00:00:00:06

224.0.0.1 ---- For all haveIPThe address of the interface node --- FF02::1 33:33:00:00:

00:01

224.0.0.2 ---- For all the routing device --- FF02::2 33:33:00:00:00:02

FF02 --- IPV6Local link of multicast prefixes ---- Would correspond to a multicastMAC地址 33:33 +

32(IPV6地址的后32位)

在IPV6The multicast address,There is a multicast address --- 被请求节点组播 An interface configurationIPV6地

After the address,Automatically add to the requested node multicast group --- FF02::1:FF 前104位固定,后24位为

IPV6地址的后24位

2001::1  ---- FF02::1:FF00:1 33:33:ff00:1

1,:: --- 等同于IPV4中的0.0.0.0,1,可以代表没有地址(DHCPV6)2,可以代表所有地址(缺省)

2,::1 相当于IPV4中的127.0.0.1

IPV6的配置

ICMPV6协议 --- 在IPV6体系下,ICMPV6Agreement in addition to being able to realizeIPV4Under the function of the f,Also integrate multiple important function.

He integratedNDP协议(邻居发现协议) 相当于是IPV4当中的ARP协议.

他可以实现SLAAC机制 NDP协议

他可以实现Path-MTU发现机制 ---- PMTUD --- Find the smallestMTU 在IPV6中,The routing was born

成后,会发送ICMPV6Message to detect minimum to reach its target segmentMTU(PMTU),之后,Send packets directly according to the smallestMTUValue to shard.

ICMPV6 --- ECHO REQUEST type:128

ECHO REPIY type:129

An interface officially sendIPV6报文之前,将会经历三个阶段: 1,获取IPV6地址 1,全球单播地址(GUA地址)

1,手工配置;

2,无状态自动配置(NDP) 不需要服务器,只需要存

In a gateway,And he has aIPV6地址,The access terminal equipment will receive aIPV6地址.

路由器请求报文(RS) --- type --- 133 终端设备

Access toIPV6Address is to send the packet to find gateway device

路由器通告报文(RA) --- type --- 134 网关设备

将回复RA报文,It will contain the network prefix.

注意:In addition to the above request method f,Can also make issued their own network gateway device cycle prefix,Turn this feature off huawei equipment default.但注意,Stateless autoconfiguration won't issuedDNS等额外信息, 所以,Generally for mass,Don't need the Internet Internet devices to use.当然,Stateless autoconfiguration also can be used in conjunction and stateful automatic configuration.

3,有状态自动配置(DHCPV6)

2,本地链路地址(LLA)

2,DAD 地址冲突检测

3,地址解析阶段

2,3阶段在IPV6中都由NDP协议来完成.

邻居请求报文 ---- NS --- type:135 相当于ARP请求报文

Neighbors announcement message ---- NA --- type:136 相当于ARP应答报文

ARP --- 请求报文 SIP:自己IP;DIP:被请求者IP

NDP --- NS SIP:自己IP;DIP:被请求节点组播

Reply message is the same,Are the forms of unicast reply.

IPV6地址配置

[r1]ipv6 全局激活IPV6,Only after the activation,The device will forwardIPV6报文

[r1-GigabitEthernet0/0/0]ipv6 enable 只有执行这个命令,The interface can be configuredIPV6地址

[r1-GigabitEthernet0/0/0]ipv6 address 12::1 64 配置IPV6地址

[r1]display ipv6 interface brief 查看IPV6地址配置情况

静态路由配置

[r1]ipv6 route-static 2:: 64 12::2

[r1]display ipv6 routing-table 查看IPV6路由表

[r1]ping ipv6 3::3 ping

RIPNG配置

[r1]ripng 启动RIPNG进程

[r1-GigabitEthernet0/0/0]ripng 1 enable In the interface declaration

OSPFV3配置

[r1]ospfv3 1 启动进程

[r1-ospfv3-1]

[r1-ospfv3-1]router-id 1.1.1.1 配置RID

[r1-GigabitEthernet0/0/0]ospfv3 1 area 0 In area declare

MP-BGP配置

[r1]bgp 1

[r1-bgp]router-id 1.1.1.1

[r1-bgp]peer 2::2 as-number 1

[r1-bgp]peer 2::2 connect-interface LoopBack 0

[r1-bgp]ipv6-family

[r1-bgp-af-ipv6]peer 2::2 enable

[r1]display bgp ipv6 peer 查看IPV6邻居表

[r1-bgp-af-ipv6]network 1:: 64 发布路由

[r1]display bgp ipv6 routing-table 查看IPV6BGP表

IPV4和IPV6的过渡

1,通过GRE隧道来实现

1,Must know about DuanGong netIPV4地址

2,Must have arrived at each otherIPV6网段的路由

2,6to4隧道

在IPV6There is a kind of address --- IPV4兼容地址

2002:: /16 ---- 针对6to4隧道使用的 --- 这些都是给IPV4Reserved by compatible address

12.0.0.1 --- 00001100 00000000 00000000 00000001

2002:0C00:0001:: /48

[r1-LoopBack0]ipv6 address 2002:c00:1::1 64 [r1]int t 0/0/0

[r1-Tunnel0/0/0]ipv6 enable

[r1-Tunnel0/0/0]ipv6 address 2002:c00:1:1::1 64 [r1-Tunnel0/0/0]tunnel-protocol ipv6-ipv4 6to4 [r1-Tunnel0/0/0]source 12.0.0.1

23.0.0.2 --- 00010111.00000000.00000000.00000010

2002:1700:2:: /48

[r3]ipv6 route-static 2002:: 16 Tunnel 0/0/0 --- Add the summary route3,双栈

copyright notice
author[Stay-true],Please bring the original link to reprint, thank you.
https://en.chowdera.com/2022/218/202208060818182135.html

Random recommended