H3C switch 4-core node IRF2 virtualization Detection Mechanism
Background The project involves four core switches for virtualization. During the implementation, it is found that different detection methods are not the same for survival devices under Split-brain conditions, in the case of BFD monitoring and 10 Gigabit Business Board, once the main business board of the master node fails, all services will be interrupted, and all surviving devices will suppress ports, lacp mad must be used for monitoring to preserve a group of devices with multiple surviving nodes after split-brain. 1. IRF introduces that the H3C switch supports the IRF2 function. Multiple devices can be virtualized into one logical device, which simplifies management and improves reliability. IRF is built on a common 10 Gigabit interface of the device. In some special circumstances (such as physical line failure), communication between IRF devices is interrupted, and one IRF becomes multiple new IRF. These IRF instances have the same IP address and other layer-3 configurations, which may cause address conflicts and cause the fault to expand in the network. To improve system availability, we need a mechanism when IRF is split to detect multiple IRF instances in the network and process them accordingly, minimize the impact of IRF splitting on the business. MAD (Multi-ActiveDetection, Multi-Active detection) is such a detection and processing mechanism. 2. BFD and LACP detection principles bfd mad detection is implemented through the BFD protocol. To make the bfd mad detection function run properly, in addition to enabling the bfd mad detection function under the layer-3 interface, you also need to configure the mad ip address on this interface. The difference between a mad ip address and a common IP address is that the mad ip address is bound to a member device, and each member device in the IRF instance must be configured. The mad ip addresses of all member devices must belong to the same network segment. When IRF runs normally, only the mad ip address configured on the master device takes effect. The mad ip address configured on the slave device does not take effect, and the BFD session is down; (use the display bfd session command to view the status of the BFD session. If the Session State is displayed as Up, it indicates activation; if the Session State is displayed as Down, it indicates that it is in the down State.) When an IRF is split to form multiple IRF, the MADIP addresses configured on different primary devices in IRF take effect. The BFD session is activated and multiple Active conflicts are detected. Conflict handling principles: For bfd mad, the principles are the same as those for arp mad and nd mad detection and processing. The conflict processing will directly enable the IRF with a small number of primary device members to continue working normally; migrate other IRF to the Recovery status. Lacp mad detection principle lacp mad detection is implemented by extending the content of LACP packets. Specifically, the new TLV (Type/Length/Value, type/length/value) data field -- The DomainID (domain number) and ActiveID (equal to the member number of the master device) used to interact with IRF and the number of members. After lacp mad is enabled, the member devices exchange the DomainID and ActiveID information through LACP protocol messages and other member devices. When a member device receives the LACP message, it first compares the DomainID. If the DomainID is the same, ActiveID is compared. If the DomainID is different, the message comes from different IRF and no MAD processing is performed. If the ActiveID is the same, IRF runs normally without multiple Active conflicts. If the ActiveID value is different, IRF is split and multiple Active conflicts are detected. Conflict handling Principle: For lacp mad detection, the conflict processing will first compare the number of member devices in two IRF: a large number of IRF continue to work normally; A small number of Members are migrated to the rediscovery status (that is, the disabled status). If the number of members is equal, IRF with a small number of members on the primary device continues to work normally, and other IRF instances are migrated to the rediscovery status. To reduce the impact of IRF splitting on the network, when only two Member devices constitute an IRF, we recommend that you configure the member device with a smaller member number as the Master. 3. IRF topology of the core area 4. core switch IRF interconnection port 5 core switch plan vswitch 1/2/3/4 IRF ports all use 10-Gigabit ports to establish a neighbor relationship, BFD detection uses gigabit port interconnection, core switch priority setting rules: vswitches 1 correspond to vswitches 20, vswitches 2 correspond to vswitches 15, vswitches 3 correspond to vswitches 10, vswitches 4 correspond to vswitches 5, vswitches in the vgroup will be elected based on the set priority of the master and slave, the master machine with a higher priority will be the master machine in the virtual group. During the virtual combination, the master machine will be elected based on the member number of the device. If the member number is low, the master machine with a higher priority will be elected as the active device in the virtual group. 6. in the core 10-ge board processing process, the original core region deployment method adopted the bfd mad detection method. During the simulated failure test, after removing the 10-ge board of the core switch 1, vswitch 1 and vswitch 2/3/4IRF ports are invalid, and the neighbor relationship is interrupted. Because the BFD detection uses 1-gigabit board interconnection, the BFD detection between switch 1 and switch 2/3/4 is normal, but the IRF neighbor relationship becomes invalid after the 10-Gigabit Board fails, BFD detection finds that the IRF neighbor has an exception. If the priority of vswitch 1 is high, it will become the master, and the member number will become the surviving device at least. On the contrary, vswitch 2/3/4 is migrated to the Recovery status, and services cannot be transmitted through the 10-Gigabit board of vswitch 1 (the 10-Gigabit board is faulty). At the same time, vswitch 2/3/4 is in the Recovery status and cannot transmit 10-Gigabit services, as a result, all services of the Yizhuang and dongba data centers are interrupted. At present, the core region deployment mode is changed to lacp mad detection. The lacp mad detection and bfd mad processing principles are different. lacp mad conflict processing will first compare the number of member devices in two IRF: A large number of IRF Instances continue to work normally. A small number of IRF instances are migrated to the rediscovery status (Disabled). If the number of members is equal, the IRF instances with a small number of primary device members continue to work normally, migrate other IRF to the Recovery status. When a 10 thousand MB board fault is simulated on the core switch, lacp mad also detects that the IRF Neighbor Relationship between 1 and 2/3/4 fails. In the election mode, the number of member devices is compared first. The IRF Neighbor Relationship of the 2/3/4 switch is normal and the number of member devices continues to survive, on the contrary, only one alive vswitch 1 is migrated to the Recovery status. Vswitches 2/3/4 form a virtual group and forward data and process services normally. After switch 1 is rediscovered, switch 2 has the highest priority and is elected as the master. 7. IRF Note: After an IRF is split, do not run the save command on a surviving switch. Once the configuration is saved, the split status will be written to the device, and the split device configuration will be lost. When a fault occurs on the 10-Gigabit board of the device in the virtual group, try to power off the faulty device and replace the 10-Gigabit board before starting the device. In this way, the split switch will be added to the virtual group again, it does not compete with existing virtual group devices. If the Board is replaced online, the IRF neighbor of the switch runs the election campaign in the form of a new role and an existing virtual group. If the election fails, the switch restarts and becomes slave.