Professional Documents
Culture Documents
01 04 M LAG Configuration
01 04 M LAG Configuration
Switches
Configuration Guide - Ethernet Switching 4 M-LAG Configuration
4 M-LAG Configuration
M-LAG
Purpose
As an inter-device link aggregation technology, M-LAG increases link bandwidth,
improves link reliability, and implements load balancing. It has the following
advantages:
● High reliability
M-LAG protects link reliability for entire devices.
● Simplified network and configuration
M-LAG is a horizontal virtualization technology that virtualizes two dual-
homed devices into one device. M-LAG prevents loops on a Layer 2 network
and implements redundancy. M-LAG greatly simplifies the network and
configuration.
● Independent upgrade
Two devices can be upgraded independently. This prevents service interruption
when either device is upgrading.
Reference
● M-LAG Best Practices: CloudEngine Series Switches M-LAG Technical Topics
● Video: CloudEngine Series Switch M-LAG Feature Introduction
Network
Dual-Active
Detection
Packets
peer-link
SwitchA SwitchB
M-LAG
M-LAG M-LAG
member member
interface interface
Switch
Dual-active
system
DFS master device The device is configured with M-LAG and is in master
state. It is also called the M-LAG master device.
DFS backup device The device is configured with M-LAG and is in backup
state. It is also called the M-LAG backup device.
NOTE
A DFS group consists of a master device and a backup device.
Under normal circumstances, both the master and backup
devices forward service traffic and their forwarding behaviors
are the same. The master and backup devices have different
forwarding behaviors only when a fault occurs.
Concept Description
Dual-Active Detection A DAD link is used for M-LAG master and backup
(DAD) link devices to exchange DAD packets at Layer 3.
NOTE
Under normal circumstances, the DAD link does not
participate in any traffic forwarding behaviors in the M-LAG. It
is only used to detect whether two master devices exist when
a fault occurs. The DAD link can be an external link, for
example, if the M-LAG is connected to an IP network and the
two member devices can communicate through the IP
network, the link that enables communication between the
member devices can function as the DAD link. An independent
link that provides Layer 3 reachability can also be configured
as the DAD link, for example, a link between management
interfaces of the member devices can function as the DAD
link.
HB DFS master device The device negotiates to the master state through the
heartbeat link.
NOTE
Under normal circumstances, the HB DFS master/backup
status negotiation through heartbeat packets does not affect
traffic forwarding behaviors in the M-LAG. It is used only in
secondary fault rectification scenarios. If faults on the original
DFS master device are rectified and the peer-link fault persists,
the corresponding interfaces on the backup device are
triggered to enter the Error-Down state based on the HB DFS
master/backup status. This mechanism prevents abnormal
traffic forwarding in the scenario where two master devices
exist and improves device reliability.
HB DFS backup device The device negotiates to the backup state through the
heartbeat link.
NOTE
Under normal circumstances, the HB DFS master/backup
status negotiation through heartbeat packets does not affect
traffic forwarding behaviors in the M-LAG. It is used only in
secondary fault rectification scenarios. If faults on the original
DFS master device are rectified and the peer-link fault persists,
the corresponding interfaces on the backup device are
triggered to enter the Error-Down state based on the HB DFS
master/backup status. This mechanism prevents abnormal
traffic forwarding in the scenario where two master devices
exist and improves device reliability.
Concept Description
Network
DAD link
SwitchA SwitchB
peer-link
M-LAG establishment
A DFS group consists of a master device and a backup device. Under normal
circumstances, both the master and backup devices forward service traffic and their
forwarding behaviors are the same. The master and backup devices have different
forwarding behaviors only when a fault occurs.
3. Master/backup negotiation of M-LAG member interfaces
After DFS group master/backup negotiation is successful, the two devices
send M-LAG device information packets carrying configuration information of
M-LAG member interfaces to each other through the peer-link. After member
interface information is synchronized, master and backup M-LAG member
interfaces are determined.
When the local and remote member interfaces synchronize information, the
interface that changes from Down to Up first becomes the master M-LAG
member interface, and the other interface becomes the backup M-LAG
member interface. By default, revertive switching is not performed between
the master and backup interfaces. That is, if the device where the original
master M-LAG member interface resides recovers from a failure, the original
backup interface that becomes the master interface remains in master state,
and the original master interface that recovers from a failure is still in backup
state. The master/backup negotiation mechanism of M-LAG member
interfaces differs from that of the DFS group.
NOTE
The master and backup M-LAG member interfaces have different forwarding behaviors
only when the M-LAG forwards multicast traffic.
4. DAD
After M-LAG master and backup devices are negotiated, the two devices send
M-LAG DAD packets at an interval of 1s through the DAD link. If a device
detects that the peer-link fails, it sends three DAD packets at an interval of
100 ms to accelerate detection. If both devices can receive packets from each
other, the dual-active system starts to work.
Under normal circumstances, the DAD link does not participate in any traffic
forwarding behaviors in the M-LAG. It is only used to detect whether two
master devices exist when the DFS group pairing or peer-link fails. Therefore,
the M-LAG still works properly even if DAD fails. The DAD link can be an
external link, for example, if the M-LAG is connected to an IP network and
the two member devices can communicate through the IP network, the link
that enables communication between the member devices can function as the
DAD link. An independent link that provides Layer 3 reachability can also be
configured as the DAD link, for example, a link between management
interfaces of the member devices can function as the DAD link.
– The DAD link is deployed between management interfaces. Management
interface IP addresses bound to the DFS group must be reachable to each
other, and VPN instances are bound to management interfaces to ensure
that DAD packets and service packets are separated.
– The DAD link is deployed on a service network, and the IP address bound
to the DFS group must be reachable at Layer 3. If peer-link interfaces
establish a routing neighbor relationship, DAD packets on the service
network are transmitted through the peer-link using the optimal route. If
the peer-link fails, DAD packets are transmitted to the remote device
through the suboptimal path during route convergence, and the DAD
time is 0.5s or 1s longer.
NOTE
In V200R005C10 and later versions, two devices send DAD packets at the specified
interval immediately after the heartbeat link is Up. In secondary fault rectification
scenarios where enhanced DAD for secondary faults is enabled, faults on the original
DFS master or backup device are rectified and the peer-link fault persists. If the local
and remote devices' IP addresses are bound to the DFS group, M-LAG devices
negotiate the HB DFS master/backup status based on the DFS information carried in
DAD packets, and the corresponding interfaces on the HB DFS backup device are
triggered to enter the Error-Down state, preventing abnormal traffic forwarding in the
scenario where two master devices exist.
5. M-LAG information synchronization
When working properly, the two devices send M-LAG synchronization packets
through the peer-link to synchronize information with each other in real time.
M-LAG synchronization packets include MAC address entries, ARP entries, STP
and VRRP packets information. The devices also send the status of M-LAG
member interfaces. In this way, traffic forwarding is not affected when any
device fails, ensuring that normal services are not interrupted.
NOTE
For the CE6870EI, CE6875EI, and CE5880EI, after a VLANIF or VBDIF interface is
configured on an M-LAG member device, the real MAC address of the VLANIF or
VBDIF interface is synchronized to the peer device through the M-LAG synchronization
channel and delivered as a dynamic MAC address.
Type Description
ND ND packet synchronization
Type Description
Ethernet
Network
DAD link
peer-link
Unidirectional Blocked
isolation interface
Unidirectional isolation in the M-LAG loop prevention mechanism takes effect for
Layer 2 traffic (including unicast, multicast, and broadcast traffic) and Layer 3
multicast traffic, and does not take effect for Layer 3 unicast traffic.If the access device
is single-homed to the M-LAG, the M-LAG does not deliver the unidirectional isolation
configuration of the corresponding M-LAG member interface.
● If the access device is single-homed to the M-LAG, the M-LAG does not
deliver the unidirectional isolation configuration of the corresponding M-LAG
member interface.
Implementation Principles
In Figure 4-5, a device is dual-homed to an M-LAG. M-LAG devices deliver the
global ACL configuration in the following sequence:
● Rule 1: Layer 3 unicast packets with a peer-link interface as the source
interface and an M-LAG member interface as the destination interface are
allowed to pass through.
● Rule 2: All packets with a peer-link interface as the source interface and an
M-LAG member interface as the destination interface are rejected.
M-LAG devices use the ACL rule group to implement unidirectional isolation
between peer-link interfaces and M-LAG member interfaces. Flooding traffic such
as broadcast traffic from a peer-link interface to an M-LAG member interface is
isolated. When an M-LAG device detects that the local M-LAG member interface is
in Down state, the device sends M-LAG synchronization packets through the peer-
link to instruct the remote device to revoke the automatically delivered
unidirectional isolation ACL rule group of the corresponding M-LAG member
interface.
peer-link
Broadcast Unidirectional
traffic isolation
Whether BPDU
protection is enabled
LACP mode
VBDIF interface
configuration
● BD ID
● IPv4 address
● IPv6 address
● VRRP4 group
● MAC address
● Status
NOTE
The device only checks the
virtual MAC address by
default.
For the IPv6 address and
VRRP4 configuration, the
consistency check only
take effect when the
VBDIF interface is up. If the
VBDIF interface is down,
the preceding
configurations do not take
effect on the interface.
VLANIF interface
configuration
● VLAN ID
● IPv4 address
● IPv6 address
● VRRP4 group
● VRRP6 group
● MAC address
● Status
NOTE
The device only checks the
virtual MAC address by
default.
For the IPv6 address and
VRRP4 configuration, the
consistency check only
take effect when the
VLANIF interface is up. If
the VLANIF interface is
down, the preceding
configurations do not take
effect on the interface.
Parameters
Number of member
interfaces of the Eth-
Trunk to which an M-
LAG member interface
belongs
NOTE
Only the numbers of
member interfaces of Eth-
Trunks are compared. The
physical Up/Down status
or bandwidth of member
interfaces is not checked.
For north-south unicast traffic from the M-LAG access side, M-LAG member
devices forward the traffic together after receiving it from the access device
through aggregated links in load balancing mode. M-LAG master and backup
devices forward received north-south unicast traffic to the network side based on
the routing table.
For east-west unicast traffic, when the M-LAG dual-active system is set up and
there is no single-homing interface, Layer 2 traffic is preferentially forwarded
through the local M-LAG device, and Layer 3 traffic is forwarded through dual-
active gateways. Layer 2 and Layer 3 east-west unicast traffic is not forwarded
through the peer-link and is directly forwarded to corresponding member
interfaces by M-LAG master and backup devices.
Network
DAD link
Peer-link
Ethernet Ethernet
Network Network
Ethernet Ethernet
Network Network
NOTE
In versions earlier than V200R003C00, only the M-LAG device where the master M-
LAG member interface resides forwards multicast traffic to the multicast group
member. In V200R003C00 and later versions, both devices where the master and
backup M-LAG member interfaces reside can forward multicast traffic to the multicast
group member to implement load balancing. If the two M-LAG devices run different
versions, the multicast traffic forwarding rule is subject to the device running the
earlier version.
In V200R003C00 and later versions, for the CE6870EI and CE6875EI, an M-LAG
consisting of standalone switches or stacks supports IPv6 Layer 3 multicast, and an M-
LAG consisting of other models does not support IPv6 Layer 3 multicast.
When ServerA functions as a multicast source and ServerB functions as a
multicast group member, traffic sent by the multicast source is load balanced
to M-LAG master and backup devices. After receiving the traffic, M-LAG
master and backup devices query the local multicast forwarding table and
forward the traffic.
IP IP
Network Network
Multicast
ServerA Receiver ServerA source
IP
Network
DAD link
Master Backup
Peer-link
S-1 Receiver
Link failure
Multicast traffic forwarding from
a network-side multicast source
Independent Layer 3 link
Ethernet
Network
DAD link
Peer-link
Master Backup
S-1 S-2
Blocked interface
Unidirectional isolation
Access-side broadcast traffic
Network-side broadcast traffic
IP
Network
DAD link
Peer-link
Master Backup
S-1 S-2
Unidirectional isolation
Uplink Failure
Network Network
Uplink failure
S-1 S-1
DAD packets are generally transmitted through the DAD link between
management interfaces. Therefore, DAD between M-LAG master and backup
devices is not affected when an uplink fails. The dual-active system is not affected,
and M-LAG master and backup devices still properly forward traffic. In Figure
4-13, traffic passing the M-LAG master device is forwarded through the peer-link
because the uplink of the M-LAG master device fails.
If the DAD link is on a service network and the faulty uplink is the DAD link, the
M-LAG works properly without being affected. If the peer-link also fails, DAD
cannot be performed and packet loss occurs.
Downlink Failure
Network Network
Downlink
failure
S-1 S-1
If a downlink M-LAG member interface fails, the DFS group master and backup
states do not change. However, if the faulty M-LAG member interface is in master
state, the backup M-LAG member interface changes to master state, and traffic is
switched to the corresponding link for transmission. The link of the faulty M-LAG
member interface goes Down, and the dual-homing networking changes to
single-homing networking. The MAC address of the faulty M-LAG member
interface is changed to that of the peer-link interface in corresponding entries.
After the faulty M-LAG member interface recovers, the status of M-LAG member
interfaces is not changed. The backup M-LAG member interface that changes to
the master M-LAG member interface remains in master state, and the original
master M-LAG member interface is in backup state after the fault is rectified. You
can run the display dfs-group dfs-group-id node node-id m-lag command to
view the status of an M-LAG member interface.
Assume that a multicast source is at the network side and a multicast group
member is at the access side. If the M-LAG member interface on the M-LAG
master device fails, the device instructs the remote device to update multicast
entries through M-LAG synchronization packets. M-LAG master and backup
devices do not load balance traffic depending on whether the last digit of the
multicast group address is an odd or even number, and all multicast traffic is
forwarded by the M-LAG backup device on which the M-LAG member interface is
Up. If the M-LAG member interface on the M-LAG backup device fails, multicast
traffic is forwarded similarly.
Network Network
M-LAG master
device failure
S-1 S-1
If the M-LAG master device fails, the M-LAG backup device becomes the master
device and continues to forward traffic, and its Eth-Trunk link is still in Up state.
The Eth-Trunk link of the M-LAG master device goes Down, and the dual-homing
networking changes to single-homing networking.
If the M-LAG backup device fails, the M-LAG master and backup status remains
unchanged, and the Eth-Trunk link of the M-LAG backup device goes Down. The
Eth-Trunk link of the M-LAG master device is still in Up state and continues to
forward traffic. The dual-homing networking changes to single-homing
networking.
When a faulty M-LAG member device recovers, the peer-link goes Up first, and the
two M-LAG member devices renegotiate their master and backup roles. After the
negotiation succeeds, the M-LAG member interface on the faulty M-LAG member
device goes Up and traffic is load balanced. Both the M-LAG master and backup
devices retain their original roles after recovering from a fault.
Peer-Link Failure
Network Network
Peer-link failure
S-1 S-1
Faulty link
Error-Down interface
If the peer-link fails but the DAD heartbeat status is normal when M-LAG is used
for dual-homing access on a common Ethernet, VXLAN, or IP network, interfaces
excluding the logical interface, management interface, peer-link interface, and
stack interface on the M-LAG backup device enter the Error-Down state by
default. If the peer-link fails but the DAD heartbeat status is normal when M-LAG
is used for dual-homing access on a TRILL network, the M-LAG member interface
on the M-LAG backup device enters the Error-Down state.
When the faulty peer-link recovers, the M-LAG member interface in the Error-
Down state automatically restores to the Up state after 240s by default, and the
other interfaces in the Error-Down state automatically restore to the Up state
immediately.
You can run the dual-active detection error-down mode routing-switch
command to configure logical interfaces to enter the Error-Down state when the
peer-link fails but the DAD heartbeat status is normal in an M-LAG scenario. If the
peer-link fails but the DAD heartbeat status is normal when M-LAG is used for
dual-homing access on a VXLAN or IP network, the VLANIF interface, VBDIF
interface, loopback interface, and M-LAG member interface on the M-LAG backup
device enter the Error-Down state.
NOTE
After logical interfaces are configured to change to Error-Down state when the peer-link
fails but the DAD heartbeat status is normal in an M-LAG, if a faulty peer-link interface in
the M-LAG recovers, the devices restore VLANIF interfaces, VBDIF interfaces, and loopback
interfaces to Up state 6 seconds after DFS group pairing succeeds to ensure that ARP entry
synchronization on a large number of VLANIF interfaces is normal. If a delay after which
the Layer 3 protocol status of the interface changes to Up is configured, the delay after
which VLANIF interfaces, VBDIF interfaces, and loopback interfaces go Up is the configured
delay plus 6 seconds.
You can run the m-lag unpaired-port suspend and m-lag unpaired-port
reserved commands to flexibly configure whether an interface enters the Error-
Down state when the peer-link fails but the DAD heartbeat status is normal in an
M-LAG scenario. Table 4-4 describes the interfaces in the Error-Down state when
the peer-link fails, the DAD heartbeat status is normal, and the following functions
are configured.
Table 4-4 Interfaces in the Error-Down state when the peer-link fails but the DAD
heartbeat status is normal
Device Configuration M-LAG Access to a Common
Ethernet, VXLAN, or IP Network
Figure 4-17 Networking when enhanced DAD for secondary faults is enabled
1 Network Network 2
Peer-link failure
Enhanced DAD
for secondary
faults
Backup Master
DAD link DAD link
S-1 S-1
Faulty link
Interface in Error-
Down state
As shown in scenario 2 in Figure 4-17, if the peer-link fails but the DAD heartbeat
status is normal when M-LAG is used for dual-homing access, some interfaces on
the DFS backup device enter the Error-Down state. In this case, the DFS master
device continues to work. If the DFS master device cannot work because it is
powered off or it restarts due to a fault, both the DFS master and backup devices
cannot forward traffic, as shown in scenario 3 in Figure 4-17.
In this scenario, enhanced DAD for secondary faults ensures nonstop forwarding
when secondary faults occur, meeting reliability requirements. As shown in Figure
4-17, this function is used to describe different fault phases and triggered
behaviors.
1. Peer-link failure: If the peer-link fails but the DAD heartbeat status is normal,
some interfaces (for details, see Peer-Link Failure) on the DFS backup device
are triggered to enter the Error-Down state. The DFS master device continues
to work.
2. DFS master device failure: If the peer-link fails and the DFS master device
cannot work because it is powered off or it restarts because of a fault, the M-
LAG master and backup devices cannot forward traffic and services are
interrupted.
3. Enhanced DAD for secondary faults enabled: If enhanced DAD for secondary
faults is enabled, the DFS backup device can detect that the DFS master
device fails through the DAD mechanism (because it does not receive any
heartbeat packets from the master device within a certain period). The
backup device then becomes the DFS master device, restores the interfaces in
Error-Down state to the Up state, and forwards traffic.
4. Secondary fault rectification scenario: Faults on the original DFS master
device are rectified and the peer-link failure persists.
– If the LACP M-LAG system ID is switched to the LACP system ID of the
local device within a certain period, the access device selects only one of
the uplinks as the active link during LACP negotiation. The actual traffic
forwarding is normal.
– If the default LACP M-LAG system ID is used, that is, it is not switched,
two M-LAG devices use the same system ID to negotiate with the access
device. Therefore, links to both devices can be selected as the active link.
In this scenario, because the peer-link failure persists, M-LAG devices
cannot synchronize information such as the priority and system MAC
address of each other. As a result, two M-LAG master devices exist, and
multicast traffic forwarding may be abnormal. In this case, as shown in
Figure 4-18, the HB DFS master/backup status is negotiated through
heartbeat packets carrying necessary information for DFS group master/
backup negotiation (such as the DFS group priority and system MAC
address). Some interfaces (for details, see Peer-Link Failure) on the HB
DFS backup device are triggered to enter the Error-Down state. The HB
DFS master device continues to work.
NOTE
If secondary faults occur on the DFS backup device after the peer-link fails, traffic
forwarding is not affected. The DFS master device continues to forward traffic.
S-1 S-1
Single-level M-LAG
● Connecting a switch in dual-homing mode
As shown in Figure 4-19, to ensure reliability, a switch is connected to a
network to implement link redundancy. MSTP can be deployed to implement
redundancy, but the link use efficiency is low and many bandwidth resources
are wasted. To implement redundancy and improve the link use efficiency,
deploy M-LAG between SwitchA and SwitchB so that the switch can be dual-
homed to SwitchA and SwitchB. SwitchA and SwitchB load balance traffic.
When one device fails, traffic can be rapidly switched to the other device to
ensure nonstop service transmission.
Ethernet/IP/
TRILL/VXLAN
Network
peer-link
Switch A Switch B
M-LAG
Switch
Server 1 Server 2
The configuration of dual homing a server is the same as common link aggregation
configuration. Ensure that the server and switches use the same link aggregation mode.
The LACP mode at both ends is recommended.
Ethernet/IP/
TRILL/VXLAN
Network
peer-link
Switch A Switch B
M-LAG
Server
Multi-level M-LAG
As shown in Figure 4-21, after M-LAG is deployed between SwitchA and SwitchB,
M-LAG is deployed between SwitchC and SwitchD. The two M-LAGs are
connected. This deployment simplifies networking and allows more servers to be
connected to the network in dual-homing mode. Before deploying multi-level M-
LAG, configure Virtual Spanning Tree Protocol (V-STP).
Network
Peer-link
SwitchC SwitchD
Peer-link
SwitchA SwitchB
Server
NOTE
● When the root bridge mode is used, two devices that constitute an M-LAG must function as
root bridges on a Layer 2 network and do not support M-LAG cascading in the root bridge
mode.
● When the V-STP mode is used, two devices that constitute an M-LAG can choose not to
function as root bridges on a Layer 2 network. The networking is flexible and the two
devices support M-LAG cascading. V-STP is recommended because it can eliminate loops
caused by incorrect M-LAG configurations or connections.
License Requirements
M-LAG is a basic function of the switch, and as such is controlled by the license
for basic software functions. The license for basic software functions has been
loaded and activated before delivery. You do not need to manually activate it.
Version Requirements
CE8868EI V200R005C10
CE8861EI V200R005C10
CE8860EI V100R006C00
CE8850-32CQ-EI V200R002C50
CE8850-64CQ-EI V200R005C00
CE7850EI V100R005C10
CE7855EI V200R001C00
CE6810EI V100R005C10
CE6810LI V100R005C10
CE6850EI V100R005C10
CE6850HI/CE6850U-HI/ V100R005C10
CE6851HI
CE6855HI V200R001C00
CE6856HI V200R002C50
CE6857EI V200R005C10
CE6860EI V200R002C50
CE6865EI V200R005C00
CE6870-24S6CQ-EI/ V200R001C00
CE6870-48S6CQ-EI
CE6870-48T6CQ-EI V200R002C50
CE6875EI V200R003C00
CE6880EI V200R005C00
CE5880EI V200R005C10
CE5810EI V100R005C10
CE5850EI V100R005C10
CE5850HI V100R005C10
CE5855EI V100R005C10
NOTE
For details about the mapping between software versions and switch models, see the
Hardware Query Tool.
● During M-LAG setup, you must use optical modules or copper transceiver
modules that are certified for Huawei data center switches. If high-speed
cables or active optical cables (AOCs) are used, you must purchase cables
from Huawei. Optical or copper transceiver modules that are not certified for
Huawei Ethernet switches, and cables not purchased from Huawei cannot
ensure transmission reliability and may affect service stability. Huawei is not
liable for any problem caused by the use of optical or copper modules that
are not certified for Huawei data center switches, or cables not purchased
from Huawei, and will not fix such problems.
● The two devices that constitute an M-LAG must use the same model. If one
end is an SVF, the other end must be an SVF. If one end is a CloudEngine
8800, 7800, 6800, and 5800 series switches, the other end must be a
CloudEngine 8800, 7800, 6800, and 5800 series switches. It is recommended
that devices at both ends use the same model and version.
● The two devices that constitute an M-LAG need to be configured with the
root bridge and bridge ID or V-STP. They are virtualized into one device for
STP calculation to prevent loops.
● When the root bridge mode is used to configure M-LAG, the two devices that
constitute an M-LAG must use the same bridge ID and the highest root
priority so that the devices function as the root nodes.
● When the switch used as the root bridge is configured with M-LAG, the switch
does not support STP multi-process. When the switch is configured with both
V-STP and M-LAG, the switch does not support the MSTP mode or STP multi-
process in versions earlier than V200R002C50; the switch does not support the
MSTP mode but supports the STP multi-process in V200R002C50 and later
versions.
● In V-STP scenarios, configure M-LAG and connect cables according to the
following sequence:
a. Configure V-STP.
b. Configure a DFS group and peer-link interfaces.
c. Use a cable to connect peer-link interfaces of M-LAG master and backup
devices.
d. Configure M-LAG member interfaces and use cables to connect M-LAG
master and backup devices and the user-side host or switching device.
● If the M-LAG consistency check mode is set to strict mode and the system
detects that type 1 configurations of the two M-LAG devices are inconsistent,
contact the device administrator to immediately adjust the configurations and
not restart the devices. If type 1 configurations are inconsistent, member
interfaces on the M-LAG backup device enter the Error-Down state and the
alarm about type 1 configuration inconsistency is generated.
If the administrator does not adjust the configurations and restarts the M-
LAG master device, interfaces on the M-LAG backup device may enter the
Error-Down state because of type 1 configuration inconsistency during re-
negotiation between M-LAG devices when the master device is recovering. In
this case, M-LAG member interfaces on the M-LAG master device go Up after
a delay. As a result, both the M-LAG master and backup devices fail to
forward traffic, and services are interrupted.
If M-LAG configuration consistency check is disabled and type 1 and type 2
configurations of M-LAG master and backup devices are inconsistent, traffic
forwarding may be abnormal. You are advised to manually adjust
configurations of M-LAG master and backup devices to ensure that they have
consistent type 1 and type 2 configurations, and enable M-LAG configuration
consistency check.
● If the system software of M-LAG member switches is upgraded from a version
earlier than V200R003C00 to V200R019C10 or a later version, the M-LAG
configuration consistency check fails during the upgrade. If the system
software of M-LAG member switches is upgraded from a version between
V200R003C00 and V200R005C10 to V200R019C10 or a later version, the M-
LAG configuration consistency check is not supported during the upgrade.
After the upgrade is complete, the M-LAG configuration consistency check is
performed.
Limitations on Configuring Dual-Active Gateways
● When the two devices that constitute an M-LAG function as gateways and
servers are single-homed or dual-homed to the two devices, pay attention to
the following points:
– (Recommended) Select the access mode in which the same IP and MAC
addresses are configured for VLANIF and VBDIF interfaces. This mode is
supported in V100R006C00 and later versions. In V200R002C50 and
earlier versions, if the same IP and MAC addresses are configured on two
VLANIF or VBDIF interfaces, the IP and MAC address conflict alarm
hwEthernetARPMACIPConflict is generated. It is normal that this alarm is
generated in this scenario. You can ignore this alarm. To mask this alarm,
run the undo snmp-agent trap enable feature-name arp trap-name
hwethernetarpmacipconflict command to disable the alarm function
for this conflict. After the alarm function for this conflict is disabled, you
cannot detect loops on the network through alarms, and user services
may be interrupted. Exercise caution when performing this operation. In
V200R003C00SPC810 and later versions, if the same IP and MAC
addresses are configured on two VLANIF and VBDIF interfaces, the
conflict alarm is not generated.
– In a data center, if M-LAG dual-active gateways need to be deployed, you
are advised to deploy them by configuring IP addresses and virtual MAC
addresses of VLANIF/VBDIF interfaces, not by configuring VRRP.
the MAC address of the faulty M-LAG member interface is changed to that of
a peer-link interface in corresponding entries.
● In V200R005C10 and earlier versions, if a static ARP entry with a specified M-
LAG member interface as the outbound interface is configured in an M-LAG
dual-homing scenario, the outbound interface of the ARP entry cannot be
changed to a peer-link interface when the M-LAG member interface fails. As a
result, traffic cannot be forwarded. Therefore, do not configure a static ARP
entry with a specified M-LAG member interface as the outbound interface in
an M-LAG dual-homing scenario.
● In V200R005C00 and earlier versions, if a static IPv6 neighbor entry with a
specified M-LAG member interface as the outbound interface is configured in
an M-LAG dual-homing scenario, the outbound interface of the entry cannot
be changed to a peer-link interface when the M-LAG member interface fails.
As a result, traffic cannot be forwarded. Therefore, do not configure a static
IPv6 neighbor entry with a specified M-LAG member interface as the
outbound interface in an M-LAG dual-homing scenario. In V200R005C10, you
can enable enhanced M-LAG Layer 3 forwarding on switches except the
CE6810LI, CE5880EI, and CE6880EI to apply for backup FRR resources for all
ND entries with M-LAG member interfaces as outbound interfaces. The
outbound interfaces can be changed to peer-link interfaces to establish active
and standby paths for traffic forwarding. However, FRR resources applied for
static IPv6 peer relationship entries are not released when the M-LAG
member interface goes Down and the corresponding VLANIF interface is still
Up. As a result, the corresponding system resources are not released.
● If an access device is dual-homed to M-LAG master and backup devices
through Layer 2 sub-interfaces and one Layer 2 sub-interface is Down, north-
south traffic cannot be forwarded through the peer-link because of the M-
LAG unidirectional isolation mechanism, resulting in packet loss. In the M-LAG
unidirectional isolation mechanism, if a device is dual-homed to the M-LAG in
active-active mode through main interfaces, all packets excluding Layer 3
known unicast packets from a peer-link interface to an M-LAG member
interface are isolated.
● After logical interfaces are configured to change to Error-Down state when
the peer-link fails but the DAD heartbeat status is normal in an M-LAG, if a
faulty peer-link interface in the M-LAG recovers, the devices restore VLANIF
interfaces, VBDIF interfaces, and loopback interfaces to Up state 6 seconds
after DFS group pairing succeeds to ensure that ARP entry synchronization on
a large number of VLANIF interfaces is normal. If a delay after which the
Layer 3 protocol status of the interface changes to Up is configured, the delay
after which VLANIF interfaces, VBDIF interfaces, and loopback interfaces go
Up is the configured delay plus 6s.
Limitations on Interconnection with an M-LAG
● In M-LAG scenarios, when the switch connects to the Network Attached
Storage (NAS) device or a load balancer, the NAS device or load balancer (for
example, F5 load balancer enabled with Auto Last Hop) does not send an ARP
request message to learn the gateway's MAC address. Instead, the NAS device
or load balancer analyzes data flows from the gateway and uses the source
MAC address in data flows received first as the gateway's MAC address. In this
case, the same MAC address needs to be configured on VLANIF interfaces of
the two switches (switches excluding the CE6870EI and CE6875EI) that
constitute an M-LAG; otherwise, the NAS device or load balancer may fail to
Stack Switches can set up a stack, and the stack then can be
used to establish an M-LAG as an independent device.
SVF Switches can set up an SVF system, and the SVF system
then can be used to establish an M-LAG as an independent
device. In an SVF system, M-LAG member interfaces must
be on spine or leaf switches. The interfaces cannot be on
both spine and leaf switches.
QinQ and VLAN The M-LAG is accessed through VLAN mapping and VLAN
Mapping stacking. Layer 3 services, including ARP, ND, and ICMP are
not supported.
IP unicast routing ● The two devices that constitute an M-LAG cannot set
up routing neighbor relationships with the devices to be
accessed.
● If two member devices in an M-LAG need to establish a
neighbor relationship, you are advised to manually
configure router IDs on the two M-LAG devices. If the
devices automatically obtain router IDs, the neighbor
relationship may fail to be established due to a router
ID conflict.
● M-LAG member devices function as active-active
gateways. An independent link between M-LAG
member devices is used as the best-effort link and
OSPF is configured. M-LAG member devices import the
direct route of a downstream server connected to the
M-LAG and advertise the route to each other. IP FRR is
configured, and the direct route is specified as the
primary link and the dynamic OSPF route is specified as
the backup link. When a network-side device sends
traffic to the server, the traffic is transmitted along the
backup path on the M-LAG gateways because there is
no ARP entry for the primary link. As a result, a loop
occurs between the M-LAG member devices and the
network-side device cannot access the server. In this
case, you can run the ip ip-prefix ip-prefix-name
[ index index-number ] { permit | deny } ipv4-address
mask-length [ match-network ] [ greater-equal
greater-equal-value ] [ less-equal less-equal-value ]
command on the M-LAG gateways to configure an
OSPF routing policy to permit all routes excluding the
direct route.
FCoE The M-LAG function is not available if FSB and FCF or FSB
and NPV coexist on the device.
MPLS/L3VPN For devices that support MPLS and L3VPN, MPLS and
L3VPN cannot be configured on M-LAG member
interfaces.
Storm control You are not advised to configure storm control for
multicast packets on physical member interfaces of a peer-
link. Otherwise, M-LAG synchronization packets may be
suppressed, resulting in abnormal forwarding of data
packets in the M-LAG system.
Context
When the root bridge mode is used to configure M-LAG, the M-LAG master and
backup devices must be used as root bridges and configured with the same bridge
ID on the STP network so that the two devices are simulated into one root bridge.
Procedure
Step 1 Run system-view
By default, a switch does not function as the root bridge of any spanning tree.
After the configuration is complete, the priority of the device is 0 and cannot be
changed.
The MAC address of the device that participates in spanning tree calculation is
specified.
By default, the device's MAC address is the bridge MAC address of the device that
participates in spanning tree calculation. You are advised to use the smaller MAC
address of the M-LAG master and slave device as the bridge MAC address for
spanning tree calculation.
----End
Context
A Dynamic Fabric Service (DFS) group is used for device pairing. A DFS group
needs to be bound to an IP address so that DFS master and backup devices can
exchange Dual-Active Detection (DAD) packets. The bound IP address is used for
communication with the remote end.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dfs-group dfs-group-id
A DFS group is created and its view is displayed, or the view of an existing DFS
group is displayed.
Step 3 Bind the DFS group to an IP address based on the actual scenario.
When a device is dual-homed to PEs on an Ethernet, a VXLAN, or an IP network,
bind the DFS group to an IP address. Run either of the following commands. The
commands cannot be configured simultaneously.
● Run source ip ip-address [ vpn-instance vpn-instance-name ] [ peer peer-ip-
address [ udp-port port-number ] ]
The DFS group is bound to an IPv4 address and a VPN instance.
● Run source ipv6 ipv6-address [ vpn-instance vpn-instance-name ] [ peer
peer-ipv6-address [ udp-port port-number ] ]
The DFS group is bound to an IPv6 address and a VPN instance.
Assume that the heartbeat IP address and UDP port number of the peer device are
specified when the heartbeat IP address for communication bound to a DFS group
is configured. When the configuration takes effect, the two M-LAG devices
immediately start to send and receive heartbeat packets and negotiate the HB
DFS master/backup status. In scenarios where enhanced DAD for secondary faults
is enabled, if faults on the original DFS master device are rectified and the peer-
link fault persists, the corresponding interfaces on the backup device are triggered
to enter the Error-Down state based on the HB DFS master/backup status. This
mechanism prevents abnormal traffic forwarding in the scenario where two
master devices exist and improves device reliability.
Step 4 (Optional) Run priority priority
The priority of the DFS group is set.
The priority of a DFS group is used for master/backup negotiation between two
devices. A larger value indicates a higher priority of the device. The device with a
higher priority is the master device.
If the priorities of two devices are the same, the device with a smaller MAC
address is the master device.
By default, the priority of a DFS group is 100.
Step 5 (Optional) Run m-lag up-delay value [ auto-recovery interval interval-time ]
The delay for the M-LAG member interface to report the Up event is set.
To ensure the revertive switching performance, the default delay for the M-LAG
member interface to report the Up event is 240s, and the automatic recovery
interval is not configured in scenarios such as switch restart, card reset, or peer-
link fault recovery.
Step 6 (Optional) Run set lacp system-id switch-delay { switch-delay-time |
immediately }
In this case, enhanced DAD for secondary faults can be enabled. When the peer-
link fails and secondary faults occur, the DFS backup device detects the fault on
the DFS master device and restores the interfaces in Error-Down state to forward
traffic. This ensures nonstop transmission when secondary faults occur.
If the peer-link fault persists after secondary faults are rectified, two master
devices may exist. It is recommended that you specify the IP address of the peer
device when configuring the IP address bound to the DFS group. In this case, if the
peer-link fault persists after the faulty device recovers, the corresponding
interfaces on the HB DFS backup device are triggered to enter the Error-Down
state, preventing abnormal traffic forwarding in the scenario where two master
devices exist.
Logical interfaces are configured to enter the Error-Down state when the peer-link
fails but the DAD status is normal in an M-LAG scenario.
By default, logical interfaces are not triggered to enter the Error-Down state when
the peer-link fails but the DAD status is normal in an M-LAG scenario. On a dual-
homing TRILL network where M-LAG is deployed, when the peer-link fails but the
DAD status is normal, the M-LAG interface on the backup device enters the Error-
Down state. On a dual-homing Ethernet or IP network where M-LAG is deployed,
when the peer-link fails but the DAD status is normal, physical interfaces except
the logical interface, interface configured with m-lag unpaired-port reserved,
management interface, peer-link interface, and stack interface on the backup
device all enter the Error-Down state.
NOTE
After logical interfaces are configured to change to Error-Down state when the peer-link
fails but the DAD heartbeat status is normal in an M-LAG, if a faulty peer-link interface in
the M-LAG recovers, the devices restore VLANIF interfaces, VBDIF interfaces, and loopback
interfaces to Up state 6 seconds after DFS group pairing succeeds to ensure that ARP entry
synchronization on a large number of VLANIF interfaces is normal. If a delay after which
the Layer 3 protocol status of the interface changes to Up is configured, the delay after
which VLANIF interfaces, VBDIF interfaces, and loopback interfaces go Up is the configured
delay plus 6 seconds.
The system is configured not to trigger the remote M-LAG device to delete the
corresponding MAC address on the peer-link interface under certain conditions.
By default, the system triggers the remote M-LAG device to delete the
corresponding MAC address on the peer-link interface under certain conditions.
----End
Prerequisites
The DFS group between two devices in the M-LAG has been paired successfully
and the master and backup states have been negotiated.
Context
The M-LAG configuration falls into two types: key configuration (Type 1) and
common configuration (Type 2), as described in Table 4-8. Two M-LAG
consistency check modes are available: strict and loose.
● Key configuration (Type 1): If the configurations of two devices in the M-LAG
are inconsistent, problems may occur, for example, loops may occur or
packets are discarded for a long period of time though the M-LAG status is
normal.
Whether BPDU
protection is enabled
LACP mode
VBDIF interface
configuration
● BD ID
● IPv4 address
● IPv6 address
● VRRP4 group
● MAC address
● Status
NOTE
The device only checks the
virtual MAC address by
default.
For the IPv6 address and
VRRP4 configuration, the
consistency check only
take effect when the
VBDIF interface is up. If the
VBDIF interface is down,
the preceding
configurations do not take
effect on the interface.
VLANIF interface
configuration
● VLAN ID
● IPv4 address
● IPv6 address
● VRRP4 group
● VRRP6 group
● MAC address
● Status
NOTE
The device only checks the
virtual MAC address by
default.
For the IPv6 address and
VRRP4 configuration, the
consistency check only
take effect when the
VLANIF interface is up. If
the VLANIF interface is
down, the preceding
configurations do not take
effect on the interface.
Parameters
Number of member
interfaces of the Eth-
Trunk to which an M-
LAG member interface
belongs
NOTE
Only the numbers of
member interfaces of Eth-
Trunks are compared. The
physical Up/Down status
or bandwidth of member
interfaces is not checked.
Procedure
● Configure M-LAG consistency check.
a. Run system-view
The system view is displayed.
b. Run dfs-group dfs-group-id
Exception Handling
● In loose mode, if the key or common configuration of two devices in the M-
LAG is inconsistent, either of the following alarms is triggered:
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.1 hwMLagConsistencyCheckType1" and
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.3 hwMLagConsistencyCheckType2".
When the configuration of two devices in the M-LAG is adjusted, M-LAG
consistency check is successful and the alarm is cleared.
● In strict mode, if the key configuration of two devices in the M-LAG is
inconsistent, member interfaces on the M-LAG backup device enter the Error-
Down state and the alarm about key configuration inconsistency is generated:
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.1 hwMLagConsistencyCheckType1".
The device records the status of an interface as Error-Down when it detects
that a fault occurs. The interface in Error-Down state cannot receive or send
packets and the interface indicator is off. You can run the display error-down
recovery command to check information about all interfaces in Error-Down
state on the device.
When the interface enters the Error-Down state, adjust the configuration of
M-LAG master and backup devices. You are not advised to manually restore
the interface or run the error-down auto-recovery cause m-lag interval
interval-value command in the system view to enable the interface to go Up
automatically. Otherwise, excess packets, packet loss, or forwarding failure
may occur. Exercise caution when you perform the preceding operation.
If the M-LAG consistency check mode is set to strict mode and the system
detects that type 1 configurations of the two M-LAG devices are inconsistent,
it is recommended that the device administrator immediately adjust the
configurations, and it is not recommended that the device administrator
restart the devices. If type 1 configurations are inconsistent, member
interfaces on the M-LAG backup device enter the Error-Down state and the
alarm about type 1 configuration inconsistency is generated.
If the administrator does not adjust the configurations and restarts the M-
LAG master device, interfaces on the M-LAG backup device may enter the
Error-Down state because of type 1 configuration inconsistency during re-
negotiation between M-LAG devices when the master device is recovering. In
this case, M-LAG member interfaces on the M-LAG master device go Up after
a delay. As a result, both the M-LAG master and backup devices fail to
forward traffic, and services are interrupted.
----End
Context
A peer-link is a direct aggregated link between two devices configured with M-
LAG. It is used to exchange protocol packets and transmit some traffic, and
ensures normal running of M-LAG.
Prerequisites
The direct link between two devices configured with M-LAG has been configured
as an aggregated link.
Procedure
Step 1 Run system-view
NOTE
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n is 64. For
other models, the value of n depends on the assign forward eth-trunk mode command.
NOTE
STP needs to be disabled because two devices need to be simulated into one STP root bridge
and the directly connected interface cannot be blocked.
----End
Procedure
● When the Eth-Trunk works in manual load balancing mode, perform the
following operations.
a. Run system-view
The system view is displayed.
NOTE
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n
is 64. For other models, the value of n depends on the assign forward eth-trunk
mode command.
d. Run dfs-group dfs-group-id m-lag m-lag-id
The Eth-Trunk is bound to a DFS group, that is, the Eth-Trunk is
configured as an M-LAG member interface.
NOTE
The two devices configured with M-LAG must use the same M-LAG ID.
e. Run commit
The configuration is committed.
● (Recommended) When the Eth-Trunk works in LACP mode, perform the
following operations.
a. Run system-view
The system view is displayed.
b. Run interface eth-trunk trunk-id
The Eth-Trunk interface view is displayed.
c. Run trunkport interface-type { interface-number1 [ to interface-
number2 ] } &<1-n>
NOTE
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n
is 64. For other models, the value of n depends on the assign forward eth-trunk
mode command.
NOTE
The two devices configured with M-LAG must use the same M-LAG ID.
f. (Optional) Configure the LACP M-LAG system priority and system ID.
▪ Run the quit command to exit from the Eth-Trunk interface view.
NOTE
After the DFS pairing succeeds in V200R001C00 and later versions, the
master device automatically synchronizes its LACP M-LAG system priority
and system ID to the backup device. The M-LAG member interface of the
backup device uses the synchronized LACP M-LAG system priority and
system ID to perform LACP negotiation. You do not need to manually
configure the LACP M-LAG system priority and system ID.
▪ Run the lacp m-lag priority priority command to set the LACP M-
LAG system priority.
The default LACP M-LAG system priority is 32768.
○ The LACP M-LAG system priority is valid for the M-LAG
composed of an Eth-Trunk in LACP mode, whereas the LACP
system priority configured by the lacp priority command is valid
for an Eth-Trunk in LACP mode.
○ The LACP M-LAG system priority configured in the Eth-Trunk
interface view takes effect only on the Eth-Trunk. When DFS
pairing succeeds, the M-LAG master device does not synchronize
the LACP M-LAG system priority of the Eth-Trunk to the M-LAG
backup device. Therefore, the LACP M-LAG system priority of an
Eth-Trunk must be configured on both the M-LAG master and
backup devices and be the same.
----End
Context
On a dual-homing IP or VXLAN network, both the M-LAG master and backup
devices need to function as Layer 3 gateways. In this case, VLANIF/VBDIF
interfaces corresponding to M-LAG member interfaces must have the same IP
address and MAC address. You can configure the same IP address and run the
mac-address command to configure the same virtual MAC address for the
VLANIF/VBDIF interfaces.
Procedure
● Configure an IP address and a MAC address for a VLANIF/VBDIF interface to
implement dual-active gateway.
a. Run system-view
The system view is displayed.
b. Run interface { vlanif vlan-id | vbdif bd-id }
The VLANIF or VBDIF interface view is displayed.
c. Configure an IP address for the interface:
NOTE
----End
Context
On a dual-homing Ethernet, VXLAN, or IP network where M-LAG is deployed,
when the peer-link fails but the DAD status is normal, interfaces except the
management interface, peer-link interface, and stack interface on the backup
device all enter the Error-Down state. When the faulty peer-link is restored, the M-
LAG interface in Error-Down state goes Up after 240 seconds by default and other
interfaces in Error-Down state go Up automatically.
Table 4-9 describes the Error-Down state of interfaces when the peer-link fails but
the DAD status is normal.
Table 4-9 Error-Down state of interfaces when the peer-link fails but the DAD
status is normal
Device where both m-lag unpaired- Only the M-LAG member interface
port suspend and m-lag unpaired- and the interface configured with m-
port reserved are configured lag unpaired-port suspend are in
Error-Down state.
Procedure
Step 1 Run system-view
----End
NOTE
CE6810LI, CE5880EI, and CE6880EI switches do not support enhanced M-LAG Layer 3
forwarding in an IPv6 scenario.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run m-lag forward layer-3 enhanced enable
Enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario.
By default, enhanced M-LAG Layer 3 forwarding is disabled in an IPv6 scenario.
After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, backup
FRR resources are requested for all ND entries with M-LAG member interfaces as
outbound interfaces. The outbound interfaces can be changed to peer-link
interfaces to establish active and standby paths for traffic forwarding. If the FEI
side detects that an M-LAG member interface fails, dual-homing networking is
changed to single-homing networking. The next hop in the corresponding ND
entry is changed from the M-LAG member interface to the peer-link interface. This
improves the switchover performance when faults occur.
NOTE
● After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, the active and
standby paths may fail to be delivered due to increased next-hop resource consumption.
As a result, packet loss occurs.
● After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, the TTL value
decreases by 1 on the M-LAG master and backup devices because packets are forwarded
inside the M-LAG.
● After enhanced M-LAG Layer 3 forwarding is enabled, you need to configure an Eth-
Trunk interface to clear all the learned ND entries when the Eth-Trunk joining in or
being removed from M-LAG. This prevents the upper-layer protocol module from
detecting the waste of FRR resources caused by the change of M-LAG member
interfaces.
● After enhanced M-LAG Layer 3 forwarding is enabled, you can disable this function only
after 300s. After enhanced M-LAG Layer 3 forwarding is disabled, you can enable this
function only after 300s.
Follow-up Procedure
After M-LAG is configured, if the peer-link fails but the heartbeat status is normal,
some interfaces on the backup device will enter the Error-Down state. The device
records the status of an interface as Error-Down when it detects that a fault
occurs. The interface in Error-Down state cannot receive or send packets and the
interface indicator is off. You can run the display error-down recovery command
to check information about all interfaces in Error-Down state on the device.
When M-LAG is used for dual-homing to an Ethernet, VXLAN network, or IP
network and the peer-link fails but the heartbeat is normal, all physical interfaces
except the management interface, peer-link interface, and stack interface on the
backup device will enter the error-down state. When the peer-link recovers, the M-
LAG interface in Error-Down state becomes Up after 240 seconds by default, and
the physical interfaces in Error-Down state are restored to Up state.
When the interface enters the Error-Down state, locate the cause. You are not
advised to manually restore the interface or run the error-down auto-recovery
cause m-lag interval interval-value command in the system view to enable the
interface to go Up automatically. Otherwise, packet loss or forwarding failure may
occur. Exercise caution when you perform the preceding operation.
Context
Virtual Spanning Tree Protocol (V-STP) is a Layer 2 topology management feature
and virtualizes two STP-enabled devices into one device to perform STP
calculation.
STP can detect the M-LAG master or backup status. After V-STP is enabled on the
M-LAG master and backup devices and M-LAG master/backup negotiation is
successful, two devices are virtualized into one device for port role calculation and
fast convergence. STP needs to synchronize the bridge information and instance
priority of the M-LAG master and backup devices. After M-LAG master/backup
negotiation is successful, the backup device uses the bridge MAC address and
instance priority that is synchronized from the master device for STP calculation
and packet transmission. This ensures STP parameter calculation on the virtualized
device.
When configuring V-STP, ensure that the STP/RSTP timer settings on the two
devices that constitute an M-LAG be the same. Otherwise, network flapping may
occur.
Procedure
Step 1 Run system-view
V-STP does not support the MSTP mode, and supports multi-process. By default,
an MSTP process works in MSTP mode. Currently, only STP and RSTP modes are
supported in V-STP scenarios. The MSTP process therefore must be configured to
work in STP or RSTP mode in V-STP scenarios.
----End
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run dfs-group dfs-group-id
A DFS group is created and its view is displayed, or the view of an existing DFS
group is displayed.
Step 3 Bind the DFS group to an IP address based on the actual scenario.
When a device is dual-homed to PEs on an Ethernet, a VXLAN, or an IP network,
bind the DFS group to an IP address. Run either of the following commands. The
commands cannot be configured simultaneously.
● Run source ip ip-address [ vpn-instance vpn-instance-name ] [ peer peer-ip-
address [ udp-port port-number ] ]
Assume that the heartbeat IP address and UDP port number of the peer device are
specified when the heartbeat IP address for communication bound to a DFS group
is configured. When the configuration takes effect, the two M-LAG devices
immediately start to send and receive heartbeat packets and negotiate the HB
DFS master/backup status. In scenarios where enhanced DAD for secondary faults
is enabled, if faults on the original DFS master device are rectified and the peer-
link fault persists, the corresponding interfaces on the backup device are triggered
to enter the Error-Down state based on the HB DFS master/backup status. This
mechanism prevents abnormal traffic forwarding in the scenario where two
master devices exist and improves device reliability.
The priority of a DFS group is used for master/backup negotiation between two
devices. A larger value indicates a higher priority of the device. The device with a
higher priority is the master device.
If the priorities of two devices are the same, the device with a smaller MAC
address is the master device.
The delay for the M-LAG member interface to report the Up event is set.
To ensure the revertive switching performance, the default delay for the M-LAG
member interface to report the Up event is 240s, and the automatic recovery
interval is not configured in scenarios such as switch restart, card reset, or peer-
link fault recovery.
The authentication mode and password of DFS group synchronization packets are
configured.
The stack status indicator is enabled to display the DFS group master and backup
status.
By default, the stack status indicator does not display the DFS group master and
backup status.
After the stack status indicator is enabled to display the DFS group master and
backup status, the stack status indicator on the DFS master device is steady on
and that on the DFS backup device is off.
When an access device is connected to M-LAG master and backup devices using
M-LAG dual-homing access mode or Layer 2 access mode, you cannot disable or
delay the Error-Down action.
On a dual-homing network where M-LAG is deployed, when the peer-link fails but
the DAD status is normal, some interfaces on the DFS backup device enter the
Error-Down state. In this case, the DFS master device continues to work. When the
DFS master device cannot work because it is powered off or it restarts, the M-LAG
master and backup devices cannot forward traffic.
In this case, enhanced DAD for secondary faults can be enabled. When the peer-
link fails and secondary faults occur, the DFS backup device detects the fault on
the DFS master device and restores the interfaces in Error-Down state to forward
traffic. This ensures nonstop transmission when secondary faults occur.
If the peer-link fault persists after secondary faults are rectified, two master
devices may exist. It is recommended that you specify the IP address of the peer
device when configuring the IP address bound to the DFS group. In this case, if the
peer-link fault persists after the faulty device recovers, the corresponding
interfaces on the HB DFS backup device are triggered to enter the Error-Down
state, preventing abnormal traffic forwarding in the scenario where two master
devices exist.
Logical interfaces are configured to enter the Error-Down state when the peer-link
fails but the DAD status is normal in an M-LAG scenario.
By default, logical interfaces are not triggered to enter the Error-Down state when
the peer-link fails but the DAD status is normal in an M-LAG scenario. On a dual-
homing TRILL network where M-LAG is deployed, when the peer-link fails but the
DAD status is normal, the M-LAG interface on the backup device enters the Error-
Down state. On a dual-homing Ethernet or IP network where M-LAG is deployed,
when the peer-link fails but the DAD status is normal, physical interfaces except
the logical interface, interface configured with m-lag unpaired-port reserved,
management interface, peer-link interface, and stack interface on the backup
device all enter the Error-Down state.
On the IP or VXLAN network where M-LAG is deployed, when the dual-active
detection error-down mode routing-switch command is used, only VLANIF
interfaces, VBDIF interfaces, loopback interfaces, and M-LAG member interfaces
are triggered to enter the Error-Down state.
NOTE
After logical interfaces are configured to change to Error-Down state when the peer-link
fails but the DAD heartbeat status is normal in an M-LAG, if a faulty peer-link interface in
the M-LAG recovers, the devices restore VLANIF interfaces, VBDIF interfaces, and loopback
interfaces to Up state 6 seconds after DFS group pairing succeeds to ensure that ARP entry
synchronization on a large number of VLANIF interfaces is normal. If a delay after which
the Layer 3 protocol status of the interface changes to Up is configured, the delay after
which VLANIF interfaces, VBDIF interfaces, and loopback interfaces go Up is the configured
delay plus 6 seconds.
----End
NOTE
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run stp process process-id
An STP process is created and the STP process view is displayed.
Step 3 Run stp mode { stp | rstp }
The working mode of the STP process is configured.
By default, the working mode of an STP process is MSTP. V-STP does not support
the MSTP mode, so the V-STP mode needs to switch to STP or RSTP. When a
switch starts, the default STP process with the ID of 0 exists. STP configurations in
the system view and interface view belong to STP process 0.
Step 4 Run stp enable
MSTP of the STP process is enabled.
By default, STP in a process is disabled.
Step 5 Run commit
The configuration is committed.
----End
Context
The M-LAG configuration falls into two types: key configuration (Type 1) and
common configuration (Type 2), as described in Table 4-10. Two M-LAG
consistency check modes are available: strict and loose.
● Key configuration (Type 1): If the configurations of two devices in the M-LAG
are inconsistent, problems may occur, for example, loops may occur or
packets are discarded for a long period of time though the M-LAG status is
normal.
In strict mode, if the key configuration of two devices in the M-LAG is
inconsistent, member interfaces on the M-LAG backup device enter the Error-
Down state and the alarm about key configuration inconsistency is generated.
In loose mode, if the key configuration of two devices in the M-LAG is
inconsistent, the alarm about key and common configuration inconsistency is
generated.
● Common configuration (Type 2): If the configurations of two devices in the
M-LAG are inconsistent, the M-LAG status may be abnormal. Compared with
Whether BPDU
protection is enabled
LACP mode
VBDIF interface
configuration
● BD ID
● IPv4 address
● IPv6 address
● VRRP4 group
● MAC address
● Status
NOTE
The device only checks the
virtual MAC address by
default.
For the IPv6 address and
VRRP4 configuration, the
consistency check only
take effect when the
VBDIF interface is up. If the
VBDIF interface is down,
the preceding
configurations do not take
effect on the interface.
VLANIF interface
configuration
● VLAN ID
● IPv4 address
● IPv6 address
● VRRP4 group
● VRRP6 group
● MAC address
● Status
NOTE
The device only checks the
virtual MAC address by
default.
For the IPv6 address and
VRRP4 configuration, the
consistency check only
take effect when the
VLANIF interface is up. If
the VLANIF interface is
down, the preceding
configurations do not take
effect on the interface.
Parameters
Number of member
interfaces of the Eth-
Trunk to which an M-
LAG member interface
belongs
NOTE
Only the numbers of
member interfaces of Eth-
Trunks are compared. The
physical Up/Down status
or bandwidth of member
interfaces is not checked.
Procedure
● Configure M-LAG consistency check.
a. Run system-view
The system view is displayed.
b. Run dfs-group dfs-group-id
Exception Handling
● In loose mode, if the key or common configuration of two devices in the M-
LAG is inconsistent, either of the following alarms is triggered:
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.1 hwMLagConsistencyCheckType1" and
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.3 hwMLagConsistencyCheckType2".
When the configuration of two devices in the M-LAG is adjusted, M-LAG
consistency check is successful and the alarm is cleared.
● In strict mode, if the key configuration of two devices in the M-LAG is
inconsistent, member interfaces on the M-LAG backup device enter the Error-
Down state and the alarm about key configuration inconsistency is generated:
"ETRUNK_1.3.6.1.4.1.2011.5.25.178.8.2.1 hwMLagConsistencyCheckType1".
The device records the status of an interface as Error-Down when it detects
that a fault occurs. The interface in Error-Down state cannot receive or send
packets and the interface indicator is off. You can run the display error-down
recovery command to check information about all interfaces in Error-Down
state on the device.
When the interface enters the Error-Down state, adjust the configuration of
M-LAG master and backup devices. You are not advised to manually restore
the interface or run the error-down auto-recovery cause m-lag interval
interval-value command in the system view to enable the interface to go Up
automatically. Otherwise, excess packets, packet loss, or forwarding failure
may occur. Exercise caution when you perform the preceding operation.
If the M-LAG consistency check mode is set to strict mode and the system
detects that type 1 configurations of the two M-LAG devices are inconsistent,
it is recommended that the device administrator immediately adjust the
configurations, and it is not recommended that the device administrator
restart the devices. If type 1 configurations are inconsistent, member
interfaces on the M-LAG backup device enter the Error-Down state and the
alarm about type 1 configuration inconsistency is generated.
If the administrator does not adjust the configurations and restarts the M-
LAG master device, interfaces on the M-LAG backup device may enter the
Error-Down state because of type 1 configuration inconsistency during re-
negotiation between M-LAG devices when the master device is recovering. In
this case, M-LAG member interfaces on the M-LAG master device go Up after
a delay. As a result, both the M-LAG master and backup devices fail to
forward traffic, and services are interrupted.
----End
Context
A peer-link is a direct aggregated link between two devices configured with M-
LAG. It is used to exchange protocol packets and transmit some traffic, and
ensures normal running of M-LAG.
Prerequisites
The direct link between two devices configured with M-LAG has been configured
as an aggregated link.
Procedure
Step 1 Run system-view
NOTE
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n is 64. For
other models, the value of n depends on the assign forward eth-trunk mode command.
----End
Procedure
● When the Eth-Trunk works in manual load balancing mode, perform the
following operations.
a. Run system-view
The system view is displayed.
NOTE
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n
is 64. For other models, the value of n depends on the assign forward eth-trunk
mode command.
d. Run dfs-group dfs-group-id m-lag m-lag-id
The Eth-Trunk is bound to a DFS group, that is, the Eth-Trunk is
configured as an M-LAG member interface.
NOTE
The two devices configured with M-LAG must use the same M-LAG ID.
e. (Optional) Run stp binding process process-id
The port is added to the specified MSTP process.
After STP multi-process is enabled, some M-LAG member interfaces on
M-LAG devices can be managed in each process. Devices perform STP
calculation based on processes, and the interfaces that are not in
processes do not participate in STP calculation of processes. The M-LAG
member port is added to the specified MSTP process.
For the CE5810EI, the value of n is 8. For the CE5880EI and CE6880EI, the value of n
is 64. For other models, the value of n depends on the assign forward eth-trunk
mode command.
NOTE
The two devices configured with M-LAG must use the same M-LAG ID.
f. (Optional) Run stp binding process process-id
The port connected to the access link is added to the specified MSTP
process.
After STP multi-process is enabled, some M-LAG member interfaces on
M-LAG devices can be managed in each process. Devices perform STP
calculation based on processes, and the interfaces that are not in
processes do not participate in STP calculation of processes. The M-LAG
member port is added to the specified MSTP process.
▪ Run the quit command to exit from the Eth-Trunk interface view.
NOTE
After the DFS pairing succeeds in V200R001C00 and later versions, the
master device automatically synchronizes its LACP M-LAG system priority
and system ID to the backup device. The M-LAG member interface of the
backup device uses the synchronized LACP M-LAG system priority and
system ID to perform LACP negotiation. You do not need to manually
configure the LACP M-LAG system priority and system ID.
▪ Run the lacp m-lag priority priority command to set the LACP M-
LAG system priority.
The default LACP M-LAG system priority is 32768.
○ The LACP M-LAG system priority is valid for the M-LAG
composed of an Eth-Trunk in LACP mode, whereas the LACP
system priority configured by the lacp priority command is valid
for an Eth-Trunk in LACP mode.
○ The LACP M-LAG system priority configured in the Eth-Trunk
interface view takes effect only on the Eth-Trunk. When DFS
pairing succeeds, the M-LAG master device does not synchronize
the LACP M-LAG system priority of the Eth-Trunk to the M-LAG
backup device. Therefore, the LACP M-LAG system priority of an
Eth-Trunk must be configured on both the M-LAG master and
backup devices and be the same.
----End
Prerequisites
The M-LAG member interface has been added to the corresponding VLAN, or the
Layer 2 sub-interface of the Eth-Trunk to which the M-LAG member interface
belongs has been added to the corresponding BD.
Context
On a dual-homing IP or VXLAN network, both the M-LAG master and backup
devices need to function as Layer 3 gateways. In this case, VLANIF/VBDIF
interfaces corresponding to M-LAG member interfaces must have the same IP
address and MAC address. You can configure the same IP address and run the
mac-address command to configure the same virtual MAC address for the
VLANIF/VBDIF interfaces.
Procedure
● Configure an IP address and a MAC address for a VLANIF/VBDIF interface to
implement dual-active gateway.
a. Run system-view
NOTE
----End
Table 4-11 Error-Down state of interfaces when the peer-link fails but the DAD
status is normal
Device where both m-lag unpaired- Only the M-LAG member interface
port suspend and m-lag unpaired- and the interface configured with m-
port reserved are configured lag unpaired-port suspend are in
Error-Down state.
Procedure
Step 1 Run system-view
The interface is configured not to enter the Error-Down state when the peer-link
fails but the DAD status is normal.
----End
NOTE
CE6810LI, CE5880EI, and CE6880EI switches do not support enhanced M-LAG Layer 3
forwarding in an IPv6 scenario.
Procedure
Step 1 Run system-view
The system view is displayed.
Step 2 Run m-lag forward layer-3 enhanced enable
Enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario.
By default, enhanced M-LAG Layer 3 forwarding is disabled in an IPv6 scenario.
After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, backup
FRR resources are requested for all ND entries with M-LAG member interfaces as
outbound interfaces. The outbound interfaces can be changed to peer-link
interfaces to establish active and standby paths for traffic forwarding. If the FEI
side detects that an M-LAG member interface fails, dual-homing networking is
changed to single-homing networking. The next hop in the corresponding ND
entry is changed from the M-LAG member interface to the peer-link interface. This
improves the switchover performance when faults occur.
NOTE
● After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, the active and
standby paths may fail to be delivered due to increased next-hop resource consumption.
As a result, packet loss occurs.
● After enhanced M-LAG Layer 3 forwarding is enabled in an IPv6 scenario, the TTL value
decreases by 1 on the M-LAG master and backup devices because packets are forwarded
inside the M-LAG.
● After enhanced M-LAG Layer 3 forwarding is enabled, you need to configure an Eth-
Trunk interface to clear all the learned ND entries when the Eth-Trunk joining in or
being removed from M-LAG. This prevents the upper-layer protocol module from
detecting the waste of FRR resources caused by the change of M-LAG member
interfaces.
● After enhanced M-LAG Layer 3 forwarding is enabled, you can disable this function only
after 300s. After enhanced M-LAG Layer 3 forwarding is disabled, you can enable this
function only after 300s.
----End
Follow-up Procedure
After M-LAG is configured, if the peer-link fails but the heartbeat status is normal,
some interfaces on the backup device will enter the Error-Down state. The device
records the status of an interface as Error-Down when it detects that a fault
occurs. The interface in Error-Down state cannot receive or send packets and the
interface indicator is off. You can run the display error-down recovery command
to check information about all interfaces in Error-Down state on the device.
When M-LAG is used for dual-homing to an Ethernet, VXLAN network, or IP
network and the peer-link fails but the heartbeat is normal, all physical interfaces
except the management interface, peer-link interface, and stack interface on the
backup device will enter the error-down state. When the peer-link recovers, the M-
LAG interface in Error-Down state becomes Up after 2 minutes by default, and the
physical interfaces in Error-Down state are restored to Up state.
When the interface enters the Error-Down state, locate the cause. You are not
advised to manually restore the interface or run the error-down auto-recovery
cause m-lag interval interval-value command in the system view to enable the
interface to go Up automatically. Otherwise, packet loss or forwarding failure may
occur. Exercise caution when you perform the preceding operation.
Context
During M-LAG operating status monitoring, you can check causes for fault
locating if an M-LAG fault occurs.
Procedure
Step 1 Run the display m-lag troubleshooting [ history ]command to check causes for
the M-LAG faults.
This command can display the causes of a maximum of 100 recent faults at most.
----End
Context
Before you check causes of M-LAG faults within a certain period, clear the existing
historical fault event information on the device.
NOTE
The historical fault event information about M-LAG faults cannot be restored after being
cleared. Confirm your operation before clearing the historical fault event information.
Procedure
● Run the reset m-lag troubleshooting history command in the user view to
clear historical fault event information about M-LAG faults.
----End
Networking Requirements
As shown in Figure 4-22, a server is dual-homed to an Ethernet network through
M-LAG. The customer requires high service reliability. Link aggregation between
the server and devices only achieves link-level reliability, and a fault on a device
may cause service interruption. M-LAG can be configured. When devices work
properly, links load balance traffic and a fault of any device does not affect
services. High service reliability is therefore ensured. On an Ethernet network, the
blocked interface cannot transmit heartbeat packets of M-LAG master and backup
devices; therefore, a DFS group is configured and bound to the IP address of the
management interface to ensure that heartbeat packets of M-LAG master and
backup devices can be transmitted normally.
Ethernet
Network
SwitchC SwitchD
10GE1/0/1 10GE1/0/2
10GE1/0/2 10GE1/0/1
Peer-link 1
10GE1/0/1 10GE1/0/2 10GE1/0/2 10GE1/0/1
10GE1/0/3 10GE1/0/3
SwitchA SwitchB
10GE1/0/4 10GE1/0/4
10GE1/0/6 10GE1/0/5 10GE1/0/5 10GE1/0/6
Server
Configuration Roadmap
1. Configure SwitchA and SwitchB as the root bridge and configure the same
bridge ID to ensure that M-LAG master and backup devices are used as root
bridges.
2. Configure IP addresses for management interfaces on SwitchA and SwitchB to
ensure Layer 3 connectivity and transmission of heartbeat packets of M-LAG
master and backup devices.
3. Configure M-LAG on SwitchA and SwitchB so that the server is dual-homed to
SwitchA and SwitchB.
4. Create VLANIF interfaces on SwitchC and SwitchD and configure IP addresses
for the VLANIF interfaces. Create VRRP groups on the VLANIF interfaces and
configure VRRP groups as gateways of M-LAG master and backup devices.
Procedure
Step 1 Configure SwitchA and SwitchB as root bridges and configure the same bridge ID
for them.
NOTE
If the two devices that constitute an M-LAG connect to downstream switching devices, you must
configure root protection.
# Configure SwitchA.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] stp root primary
[*SwitchA] stp bridge-address 39-39-39
[*SwitchA] interface eth-trunk 1
[*SwitchA-Eth-Trunk1] trunkport 10ge 1/0/5
[*SwitchA-Eth-Trunk1] trunkport 10ge 1/0/6
[*SwitchA-Eth-Trunk1] stp edged-port enable
[*SwitchA-Eth-Trunk1] commit
[~SwitchA-Eth-Trunk1] quit
# Configure SwitchB.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchB
[*HUAWEI] commit
[~SwitchB] stp root primary
[*SwitchB] stp bridge-address 39-39-39
[*SwitchB] interface eth-trunk 1
[*SwitchB-Eth-Trunk1] trunkport 10ge 1/0/5
[*SwitchB-Eth-Trunk1] trunkport 10ge 1/0/6
[*SwitchB-Eth-Trunk1] stp edged-port enable
[*SwitchB-Eth-Trunk1] commit
[~SwitchB-Eth-Trunk1] quit
# Configure SwitchB.
[~SwitchB] interface meth 0/0/0
[~SwitchB-MEth0/0/0] ip address 10.1.1.2 24
[*SwitchB-MEth0/0/0] quit
[*SwitchB] commit
Step 3 Create a DFS group and bind IP addresses of management interfaces to the DFS
group on SwitchA and SwitchB.
Configure IP addresses for management interfaces on SwitchA and SwitchB to
ensure Layer 3 connectivity.
# Configure SwitchA.
[~SwitchA] dfs-group 1
[*SwitchA-dfs-group-1] source ip 10.1.1.1
[*SwitchA-dfs-group-1] priority 150
[*SwitchA-dfs-group-1] quit
[*SwitchA] commit
# Configure SwitchB.
[~SwitchB] dfs-group 1
[*SwitchB-dfs-group-1] source ip 10.1.1.2
[*SwitchB-dfs-group-1] priority 120
[*SwitchB-dfs-group-1] quit
[*SwitchB] commit
# Configure SwitchB.
[~SwitchB] interface eth-trunk 0
[*SwitchB-Eth-Trunk0] trunkport 10ge 1/0/3
[*SwitchB-Eth-Trunk0] trunkport 10ge 1/0/4
[*SwitchB-Eth-Trunk0] undo stp enable
[*SwitchB-Eth-Trunk0] mode lacp-static
[*SwitchB-Eth-Trunk0] peer-link 1
[*SwitchB-Eth-Trunk0] quit
[*SwitchB] commit
Step 5 Add Eth-Trunks that connect SwitchA and SwitchB to the server to VLAN 11 and
bind the Eth-Trunks to the DFS group.
The uplink interface of the server connected to the switch needs to be bound to
an aggregation link, and the link aggregation modes on the server and switch
must be consistent.
# Configure SwitchA.
[~SwitchA] vlan batch 11
[*SwitchA] interface eth-trunk 1
[*SwitchA-Eth-Trunk1] mode lacp-dynamic
[*SwitchA-Eth-Trunk1] port link-type access
[*SwitchA-Eth-Trunk1] port default vlan 11
[*SwitchA-Eth-Trunk1] dfs-group 1 m-lag 1
[*SwitchA-Eth-Trunk1] quit
[*SwitchA] commit
# Configure SwitchB.
[~SwitchB] vlan batch 11
[*SwitchB] interface eth-trunk 1
[*SwitchB-Eth-Trunk1] mode lacp-dynamic
[*SwitchB-Eth-Trunk1] port link-type access
[*SwitchB-Eth-Trunk1] port default vlan 11
[*SwitchB-Eth-Trunk1] dfs-group 1 m-lag 1
[*SwitchB-Eth-Trunk1] quit
[*SwitchB] commit
Step 6 Configure the links between SwitchA and SwitchC and between SwitchB and
SwitchD as aggregated links, and configure interface types and allowed VLANs.
# Configure SwitchA.
[~SwitchA] interface eth-trunk 2
[*SwitchA-Eth-Trunk2] mode lacp-static
# Configure SwitchB.
[~SwitchB] interface eth-trunk 2
[*SwitchB-Eth-Trunk2] mode lacp-static
[*SwitchB-Eth-Trunk2] port link-type trunk
[*SwitchB-Eth-Trunk2] port trunk allow-pass vlan 11
[*SwitchB-Eth-Trunk2] trunkport 10ge 1/0/1
[*SwitchB-Eth-Trunk2] trunkport 10ge 1/0/2
[*SwitchB-Eth-Trunk2] quit
[*SwitchB] commit
# Configure SwitchC.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchC
[*HUAWEI] commit
[~SwitchC] vlan batch 11
[*SwitchC] interface eth-trunk 2
[*SwitchC-Eth-Trunk2] mode lacp-static
[*SwitchC-Eth-Trunk2] port link-type trunk
[*SwitchC-Eth-Trunk2] port trunk allow-pass vlan 11
[*SwitchC-Eth-Trunk2] trunkport 10ge 1/0/1
[*SwitchC-Eth-Trunk2] trunkport 10ge 1/0/2
[*SwitchC-Eth-Trunk2] quit
[*SwitchC] commit
# Configure SwitchD.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchD
[*HUAWEI] commit
[~SwitchD] vlan batch 11
[*SwitchD] interface eth-trunk 2
[*SwitchD-Eth-Trunk2] mode lacp-static
[*SwitchD-Eth-Trunk2] port link-type trunk
[*SwitchD-Eth-Trunk2] port trunk allow-pass vlan 11
[*SwitchD-Eth-Trunk2] trunkport 10ge 1/0/1
[*SwitchD-Eth-Trunk2] trunkport 10ge 1/0/2
[*SwitchD-Eth-Trunk2] quit
[*SwitchD] commit
Step 7 Create VLANIF interfaces on SwitchC and SwitchD and configure IP addresses for
the VLANIF interfaces. Create VRRP groups on the VLANIF interfaces.
# Configure VRRP group 1 on SwitchC and set the priority of SwitchC to 120.
[~SwitchC] interface vlanif 11
[*SwitchC-Vlanif11] ip address 10.2.1.1 24
[*SwitchC-Vlanif11] vrrp vrid 1 virtual-ip 10.2.1.111
[*SwitchC-Vlanif11] vrrp vrid 1 priority 120
[*SwitchC-Vlanif11] quit
[*SwitchC] commit
Failed reason:
1 -- Relationship between vlan and port is inconsistent
2 -- STP configuration under the port is inconsistent
3 -- STP port priority configuration is inconsistent
4 -- LACP mode of M-LAG is inconsistent
5 -- M-LAG configuration is inconsistent
6 -- The number of M-LAG members is inconsistent
# Check M-LAG information on SwitchB.
[~SwitchA] display dfs-group 1 node 2 m-lag brief
* - Local node
Failed reason:
1 -- Relationship between vlan and port is inconsistent
2 -- STP configuration under the port is inconsistent
3 -- STP port priority configuration is inconsistent
4 -- LACP mode of M-LAG is inconsistent
5 -- M-LAG configuration is inconsistent
6 -- The number of M-LAG members is inconsistent
In the preceding command outputs, the value of Heart beat state is OK,
indicating that the heartbeat is normal. SwitchA is used as Node 1, its priority
is 150, and its status is Master. SwitchB is used as Node 2, its priority is 120,
and its status is Backup. The value of Causation is -, and the values of Port
State of Node 1 and Node 2 are both Up, and the M-LAG status of Node 1
and Node 2 is both active, indicating that the M-LAG configuration is correct.
● Run the display vrrp command on SwitchC and SwitchD. You can see that
SwitchC is in Master state and SwitchD is in Backup state.
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
dfs-group 1
priority 150
source ip 10.1.1.1
#
vlan batch 11
#
stp bridge-address 0039-0039-0039
stp instance 0 root primary
#
interface MEth0/0/0
ip address 10.1.1.1 255.255.255.0
#
interface Eth-Trunk0
stp disable
mode lacp-static
peer-link 1
#
interface Eth-Trunk1
port default vlan 11
stp edged-port enable
mode lacp-dynamic
dfs-group 1 m-lag 1
#
interface Eth-Trunk2
port link-type trunk
interface 10GE1/0/6
eth-trunk 1
#
return
● SwitchC configuration file
#
sysname SwitchC
#
vlan batch 11
#
interface Vlanif11
ip address 10.2.1.1 255.255.255.0
vrrp vrid 1 virtual-ip 10.2.1.111
vrrp vrid 1 priority 120
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 11
mode lacp-static
#
interface 10GE1/0/1
eth-trunk 2
#
interface 10GE1/0/2
eth-trunk 2
#
return
● SwitchD configuration file
#
sysname SwitchD
#
vlan batch 11
#
interface Vlanif11
ip address 10.2.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.2.1.111
#
interface Eth-Trunk2
port link-type trunk
port trunk allow-pass vlan 11
mode lacp-static
#
interface 10GE1/0/1
eth-trunk 2
#
interface 10GE1/0/2
eth-trunk 2
#
return
Networking Requirements
As shown in Figure 4-23, the switch is dual-homed to the IP network through M-
LAG. The requirements are as follows:
● When one access link fails, traffic can be fast switched to the other link to
ensure reliability.
● The load balancing mode can be used to forward traffic to make full use of
bandwidth and ensure that two links are in active state.
IP
Network
SwitchC
10GE1/0/1 10GE1/0/2
10GE1/0/1~1/0/4
Switch
Configuration Roadmap
The configuration roadmap is as follows:
In a V-STP scenario, to prevent a port from being blocked due to the spanning tree
calculation result, configure the main interface to implement Layer 3 connectivity or
disable the spanning tree protocol on the IP network.
5. On SwitchA and SwitchB, associate uplink and downlink interfaces with the
Monitor Link group to prevent a user-side traffic forwarding failure and traffic
loss due to the uplink fault.
Procedure
Step 1 On the switch, bind the uplink interface to an Eth-Trunk.
<HUAWEI> system-view
[~HUAWEI] sysname Switch
[*HUAWEI] commit
[~Switch] vlan batch 11
[*Switch] interface eth-trunk 20
[*Switch-Eth-Trunk20] mode lacp-static
[*Switch-Eth-Trunk20] port link-type trunk
[*Switch-Eth-Trunk20] port trunk allow-pass vlan 11
[*Switch-Eth-Trunk20] trunkport 10ge 1/0/1 to 1/0/4
[*Switch-Eth-Trunk20] quit
[*Switch] commit
Step 2 Configure the V-STP, DFS group, peer-link, and M-LAG interface on SwitchA and
SwitchB.
# Configure SwitchA.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchA
[*HUAWEI] commit
[~SwitchA] stp mode rstp
[~SwitchA] stp bridge-address 1-1-1
[*SwitchA] stp v-stp enable
[*SwitchA] interface loopback 0
[*SwitchA-LoopBack0] ip address 10.1.1.1 32
[*SwitchA-LoopBack0] quit
[*SwitchA] dfs-group 1
[*SwitchA-dfs-group-1] source ip 10.1.1.1
[*SwitchA-dfs-group-1] priority 150
[*SwitchA-dfs-group-1] quit
[*SwitchA] interface eth-trunk 1
[*SwitchA-Eth-Trunk1] trunkport 10ge 1/0/4
[*SwitchA-Eth-Trunk1] trunkport 10ge 1/0/5
[*SwitchA-Eth-Trunk1] mode lacp-static
[*SwitchA-Eth-Trunk1] peer-link 1
[*SwitchA-Eth-Trunk1] quit
[*SwitchA] vlan batch 11
[*SwitchA] interface eth-trunk 10
[*SwitchA-Eth-Trunk10] mode lacp-static
[*SwitchA-Eth-Trunk10] port link-type trunk
[*SwitchA-Eth-Trunk10] port trunk allow-pass vlan 11
[*SwitchA-Eth-Trunk10] trunkport 10ge 1/0/2
[*SwitchA-Eth-Trunk10] trunkport 10ge 1/0/3
[*SwitchA-Eth-Trunk10] dfs-group 1 m-lag 1
[*SwitchA-Eth-Trunk10] quit
[*SwitchA] commit
# Configure SwitchB.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchB
[*HUAWEI] commit
[~SwitchB] stp mode rstp
[~SwitchB] stp bridge-address 1-1-1
[*SwitchB] stp v-stp enable
[*SwitchB] interface loopback 0
[*SwitchB-LoopBack0] ip address 10.1.1.2 32
[*SwitchB-LoopBack0] quit
[*SwitchB] dfs-group 1
[*SwitchB-dfs-group-1] source ip 10.1.1.2
[*SwitchB-dfs-group-1] priority 120
[*SwitchB-dfs-group-1] quit
[*SwitchB] interface eth-trunk 1
[*SwitchB-Eth-Trunk1] trunkport 10ge 1/0/4
[*SwitchB-Eth-Trunk1] trunkport 10ge 1/0/5
[*SwitchB-Eth-Trunk1] mode lacp-static
[*SwitchB-Eth-Trunk1] peer-link 1
[*SwitchB-Eth-Trunk1] quit
[*SwitchB] vlan batch 11
[*SwitchB] interface eth-trunk 10
Step 3 On SwitchA and SwitchB, configure an IP address and a MAC address for a VLANIF
interface to implement dual-active gateway of access devices.
VLANIF interfaces corresponding to M-LAG member interfaces of M-LAG master
and backup devices must be configured with the same IP address and MAC
address so that M-LAG devices use the same IP address and virtual MAC address.
# Configure SwitchA.
[~SwitchA] interface vlanif 11
[*SwitchA-Vlanif11] ip address 10.2.1.1 24
[*SwitchA-Vlanif11] mac-address 0000-5e00-0101
[*SwitchA-Vlanif11] quit
[*SwitchA] commit
# Configure SwitchB.
[~SwitchB] interface vlanif 11
[*SwitchB-Vlanif11] ip address 10.2.1.1 24
[*SwitchB-Vlanif11] mac-address 0000-5e00-0101
[*SwitchB-Vlanif11] quit
[*SwitchB] commit
Step 4 Configure OSPF on SwitchA, SwitchB, and SwitchC to ensure Layer 3 connectivity.
# Configure SwitchA.
[~SwitchA] interface 10ge 1/0/1
[~SwitchA-10GE1/0/1] undo portswitch
[*SwitchA-10GE1/0/1] ip address 10.3.1.1 24
[*SwitchA-10GE1/0/1] quit
[*SwitchA] ospf 1
[*SwitchA-ospf-1] area 0
[*SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.1 0.0.0.0
[*SwitchA-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255
[*SwitchA-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255
[*SwitchA-ospf-1-area-0.0.0.0] quit
[*SwitchA-ospf-1] quit
[*SwitchA] commit
# Configure SwitchB.
[~SwitchB] interface 10ge 1/0/1
[~SwitchB-10GE1/0/1] undo portswitch
[*SwitchB-10GE1/0/1] ip address 10.4.1.1 24
[*SwitchB-10GE1/0/1] quit
[*SwitchB] ospf 1
[*SwitchB-ospf-1] area 0
[*SwitchB-ospf-1-area-0.0.0.0] network 10.1.1.2 0.0.0.0
[*SwitchB-ospf-1-area-0.0.0.0] network 10.2.1.0 0.0.0.255
[*SwitchB-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255
[*SwitchB-ospf-1-area-0.0.0.0] quit
[*SwitchB-ospf-1] quit
[*SwitchB] commit
# Configure SwitchC.
<HUAWEI> system-view
[~HUAWEI] sysname SwitchC
[*HUAWEI] commit
[~SwitchC] interface 10ge 1/0/1
[~SwitchC-10GE1/0/1] undo portswitch
[*SwitchC-10GE1/0/1] ip address 10.3.1.2 24
[*SwitchC-10GE1/0/1] quit
[*SwitchC] interface 10ge 1/0/2
[*SwitchC-10GE1/0/2] undo portswitch
[*SwitchC-10GE1/0/2] ip address 10.4.1.2 24
[*SwitchC-10GE1/0/2] quit
[*SwitchC] ospf 1
[*SwitchC-ospf-1] area 0
[*SwitchC-ospf-1-area-0.0.0.0] network 10.3.1.0 0.0.0.255
[*SwitchC-ospf-1-area-0.0.0.0] network 10.4.1.0 0.0.0.255
[*SwitchC-ospf-1-area-0.0.0.0] quit
[*SwitchC-ospf-1] quit
Step 5 On SwitchA and SwitchB, associate uplink and downlink interfaces with the
Monitor Link group.
# Configure SwitchA.
[~SwitchA] monitor-link group 1
[*SwitchA-mtlk-group1] port 10ge 1/0/1 uplink
[*SwitchA-mtlk-group1] port eth-trunk 10 downlink 1
[*SwitchA-mtlk-group1] quit
[*SwitchA] commit
# Configure SwitchB.
[~SwitchB] monitor-link group 1
[*SwitchB-mtlk-group1] port 10ge 1/0/1 uplink
[*SwitchB-mtlk-group1] port eth-trunk 10 downlink 1
[*SwitchB-mtlk-group1] quit
[*SwitchB] commit
In the preceding command outputs, the value of Heart beat state is OK,
indicating that the heartbeat is normal. SwitchA is used as Node 1, its priority is
150, and its status is Master. SwitchB is used as Node 2, its priority is 120, and its
status is Backup. The value of Causation is -, the values of Port State of Node 1
and Node 2 are both Up, and the M-LAG status of both Node 1 and Node 2 is
active, indicating that the M-LAG configuration is correct.
----End
Configuration Files
● SwitchA configuration file
#
sysname SwitchA
#
dfs-group 1
priority 150
source ip 10.1.1.1
#
vlan batch 11
#
stp mode rstp
stp bridge-address 0001-0001-0001
stp v-stp enable
#
interface Vlanif11
ip address 10.2.1.1 255.255.255.0
mac-address 0000-5e00-0101
#
interface Eth-Trunk1
mode lacp-static
peer-link 1
#
interface Eth-Trunk10
port link-type trunk
port trunk allow-pass vlan 11
mode lacp-static
dfs-group 1 m-lag 1
#
interface 10GE1/0/1
undo portswitch
ip address 10.3.1.1 255.255.255.0
#
interface 10GE1/0/2
eth-trunk 10
#
interface 10GE1/0/3
eth-trunk 10
#
interface 10GE1/0/4
eth-trunk 1
#
interface 10GE1/0/5
eth-trunk 1
#
interface LoopBack0
ip address 10.1.1.1 255.255.255.255
#
monitor-link group 1
port 10GE1/0/1 uplink
port Eth-Trunk10 downlink 1
#
ospf 1
area 0.0.0.0
network 10.1.1.1 0.0.0.0
network 10.2.1.0 0.0.0.255
network 10.3.1.0 0.0.0.255
#
return
#
sysname SwitchC
#
interface 10GE1/0/1
undo portswitch
ip address 10.3.1.2 255.255.255.0
#
interface 10GE1/0/2
undo portswitch
ip address 10.4.1.2 255.255.255.0
#
ospf 1
area 0.0.0.0
network 10.3.1.0 0.0.0.255
network 10.4.1.0 0.0.0.255
#
return