主页 / 问题 / 1609314
Accepted
Nigredo499
Asked:2025-03-25 14:08:49 +0800 CST2025-03-25 14:08:49 +0800 CST

Mikrotik -> 华为 M-LAG:VLAN 迁移后,网络可用性仅限于一台交换机

  • 772

同事。

我正在解决将多个 VLAN 从 Mikrotik 传输到由两台华为 CE6863E 交换机组装并通过 M-LAG 联合起来的最近委托的核心的问题。

转移的目的:从 Mikrotik 中删除所有内部网络,以便它成为 PE。

网络图

我们决定从负责 VoIP 的 VLAN 203 开始​​。我遇到了一个问题:在我提升核心上的 VLAN 之后(之前已经在 Mikrotik 上禁用它),只能从 MSK-Core-1 ping 该网络的主机,而从 MSK-Core-2 无法 ping 任何主机,除了 int VLAN 203 本身的 IP - 该网络的网关。

MSK-Core-1 配置:

dfs-group 1
 priority 200
 source ip 10.197.255.254
 consistency-check enable mode loose

stp bridge-address 0001-0001-0001
stp mode rstp
stp v-stp enable
stp instance 0 root primary
stp tc-protection

arp direct-route enable

bridge-domain 1
 arp l2-proxy enable

interface Vlanif203
 description Vo-Ip
 ip address 10.197.203.254 255.255.255.0
 arp proxy enable
 arp proxy inter-vlan enable
 arp proxy intra-vlan enable
 mac-address 0000-5e00-0101
 dhcp server enable
 dhcp select relay
 dhcp relay binding server group ad-dhcp-srv
 dhcp relay source-interface Vlanif203

interface MEth0/0/0
 ip address 10.197.1.101 255.255.255.0
 arp detect mode unicast

interface Eth-Trunk0
 stp disable
 mode lacp-static
 peer-link 1
 port vlan exclude 1

interface 25GE1/0/1
 description Link-MikroTik-Sfp2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2 to 499 501 to 4094
 device transceiver 10GBASE-FIBER
 port mode 10G

interface LoopBack0
 ip address 10.197.255.254 255.255.255.255

bgp 65197
 router-id 10.197.255.254
 private-4-byte-as enable
 peer 10.197.255.253 as-number 65197 # MSK-Core-2
 peer 10.197.255.253 connect-interface LoopBack0
 peer 10.197.255.253 capability-advertise graceful-restart
 peer 10.197.255.255 as-number 65197 # MikroTik
 peer 10.197.255.255 connect-interface LoopBack0
 peer 10.197.255.255 capability-advertise graceful-restart
 #
 ipv4-family unicast
  network 10.197.203.0 255.255.255.0
  network 10.197.255.254 255.255.255.255
  peer 10.197.255.253 enable
  peer 10.197.255.255 enable
  peer 10.197.255.255 preferred-value 50

ip route-static 0.0.0.0 0.0.0.0 10.197.255.255
ip route-static 10.197.255.253 255.255.255.255 10.197.1.102
ip route-static 10.197.255.255 255.255.255.255 10.197.1.254

MSK-Core-2 配置(与 MSK-Core-1 相同):

dfs-group 1
 priority 150
 source ip 10.197.255.253
 consistency-check enable mode loose

stp instance 0 root secondary

interface LoopBack0
 ip address 10.197.255.253 255.255.255.255

bgp 65197
 router-id 10.197.255.253
 private-4-byte-as enable
 peer 10.197.255.254 as-number 65197 # MSK-Core-1
 peer 10.197.255.254 connect-interface LoopBack0
 peer 10.197.255.254 capability-advertise graceful-restart
 peer 10.197.255.255 as-number 65197
 peer 10.197.255.255 connect-interface LoopBack0
 peer 10.197.255.255 capability-advertise graceful-restart
 #
 ipv4-family unicast
  network 10.197.203.0 255.255.255.0
  network 10.197.255.253 255.255.255.255
  peer 10.197.255.254 enable
  peer 10.197.255.255 enable
  peer 10.197.255.255 preferred-value 50

ip route-static 0.0.0.0 0.0.0.0 10.197.255.255
ip route-static 10.197.255.254 255.255.255.255 10.197.1.101
ip route-static 10.197.255.255 255.255.255.255 10.197.1.254

M-LAG:

<MSK-Core-1>display dfs-group 1 m-lag
*                : Local node
Heart beat state : OK
Node 1 *
  Dfs-Group ID   : 1
  Priority       : 200
  Address        : ip address 10.197.255.254
  State          : Master
  Causation      : -
  System ID      : e84d-7424-0b11
  SysName        : MSK-Core-1
  Version        : V200R022C00SPC500
  Device Type    : CE6863E
Node 2
  Dfs-Group ID   : 1
  Priority       : 150
  Address        : ip address 10.197.255.253
  State          : Backup
  Causation      : -
  System ID      : e8ea-4d4a-6af1
  SysName        : MSK-Core-2
  Version        : V200R022C00SPC500
  Device Type    : CE6863E

路由:

<MSK-Core-1>dis bgp routing-table
*> 10.197.203.0/24 0.0.0.0 0 0 i

<MSK-Core-2>dis bgp routing-table
*> 10.197.203.0/24 0.0.0.0 0 0 i

[~MSK-Core-1-Vlanif203]dis ip routing-table 10.197.203.0 
10.197.203.0/24 Direct 0 0 D 10.197.203.254 Vlanif203 

[~MSK-Core-2-Vlanif203]dis ip routing-table 10.197.203.0 
10.197.203.0/24 Direct 0 0 D 10.197.203.254 Vlainf203

地址解析协议(ARP):

[~MSK-Core-1]dis arp | i 10.197.203.  
10.197.203.254 0000-5e00-0101 I Vlanif203 
10.197.203.1 bc24-1166-e8bc 20 D/203 25GE1/0/40 
10.197.203.19 44db-d26b-e3b5 20 D/203 25GE1/0/2 

[~MSK-Core-2]dis arp | i 10.197.203.
# записей гораздо больше и все через Eth-Trunk0
10.197.203.254 0000-5e00-0101 I Vlanif203 
10.197.203.1 bc24-1166-e8bc 20 D/203 Eth-Trunk0 
10.197.203.19 44db-d26b-e3b5 20 D/203 Eth-Trunk0

平安:

[~MSK-Core-1]ping 10.197.203.1
Reply from 10.197.203.1: bytes=56 Sequence=1 ttl=64 time=1 ms

[~MSK-Core-2]ping 10.197.203.1
Request time out

我请求帮助解决这个问题。往哪边挖?我哪里设置错了?

mikrotik

1 个回答

  1. Best Answer

    问题解决了。为了确保完全的网络可用性,管理接口 (Meth) 的 IP 地址不能用于除通过 ssh 访问交换机之外的任何其他服务(路由、对等)。

    • 0

相关问题