Aruba网络架构有很强的冗余性和扩展性,例如AOS8的Cluster特性,而管理这个集群的核心大脑—Mobility Master(MM),同样有很强大的冗余性。MM支持L2冗余和L3冗余,L2表示在同一个子网下基于VRRP冗余,L3可以做跨网段的冗余,例如异地数据中心的冗余。
下面是一个完全冗余架构图,MM在本地数据中心做L2 Redundancy,同时跟异地数据中心做L3 Redundancy
L2 Redundancy配置要点:
- 两台MM做VRRP
- 需要3个IP,两个MM设备IP和一个vrrp Virtual IP
- 确保两台MM时间同步
- 开启数据库同步
1.初始化MM-1(MM2过程略)
Enter System name [ArubaMM-VA_86_53_A3]: Lab6-MM1
Enter Controller VLAN ID [1]: 650
Enter Controller VLAN port [GE 0/0/0]:
Enter Controller VLAN port mode (access|trunk) [access]:
Enter VLAN interface IP address [172.16.0.254]: 10.6.50.11
Enter VLAN interface subnet mask [255.255.255.0]:
Enter IP Default gateway [none]: 10.6.50.250
Do you wish to configure IPV6 address on vlan (yes|no) [yes]: no
Enter Country code (ISO-3166), <ctrl-I> for supported list: cn
You have chosen Country code CN for China (yes|no)?: yes
Enter the controller's IANA Time zone [America/Los_Angeles]: Asia/Shanghai
Enter Time in UTC [22:55:05]:
Enter Date (MM/DD/YYYY) [3/13/2020]:
Enter Password for admin login (up to 32 chars): ********
Re-type Password for admin login: ********
.......
If you accept the changes the switch will restart!
Type <ctrl-P> to go back and change answer for any question
Do you wish to accept the changes (yes|no) yes2.配置MM-1 VRRP(MM2过程略)
(MM1) [mynode] (config) #vrrp 10 //virtual router ID,范围1-255
(MM1) [mynode] (config) #ip address 10.6.50.10 //VRRP virtual IP
(MM1) [mynode] (config) #description Primary-MM1
(MM1) [mynode] (config) #authentication aruba123 //VRRP消息验证密码,确保两端一致
(MM1) [mynode] (config) #preempt delay 60 //抢占延迟,秒
(MM1) [mynode] (config) #priority 120
(MM1) [mynode] (config) #advertise 5
(MM1) [mynode] (config) #vlan x50
(MM1) [mynode] (config) #no shutdown3.开启Redundancy
(MM1) [mynode] (config) #cd /mm
(MM1) [mm] (config) #database synchronize period 30 //数据库同步时间,分钟
(MM1) ^[mm] (config) #write mem
(MM1) [mm] (config) #cd /mynode
(MM1) [mynode] (config) # master-redundancy
(MM1) ^ [mynode] (config-submode)# master-vrrp 10
(MM1) ^ [mynode] (config-submode)# peer-ip-address 10.6.50.12 ipsec aruba123 //对端mm-2 IP地址
(MM1) ^ [mynode] (config-submode)# write memory4.同步数据库命令:database-synchronize
(Lab6-MM1) [mynode] #database-synchronize //只能在master上使用
Database synchronize has been initiated.
Please check the status using 'show database synchronize' command.5.配置查看常用命令
#show vrrp
#show vrrp summary
#show vrrp stats all
#show master-redundancy
#show database synchronize
#show crypto ipsec sa
#show switches查看L2 mm状态
(Lab6-MM1) [mynode] #show master-redundancy
Master redundancy configuration:
VRRP Id 10 current state is MASTER
Peer's IP Address is 10.6.50.12
Peer's IPSEC Key is ********
(Lab6-MM2) [mynode] #show master-redundancy
Master redundancy configuration:
VRRP Id 10 current state is BACKUP
Peer's IP Address is 10.6.50.11
Peer's IPSEC Key is ********
查看L2同步状态
(Lab6-MM1) [mynode] #show database synchronize
Last L2 manual synchronization time: Tue Jun 23 12:31:27 2020
Last L3 synchronization time: Secondary not synchronized since last reboot
To Master Switch at 10.6.50.12: succeeded
WMS Database backup file size: 30575 bytes
Upgrademgr Database backup file size: 3381 bytes
Cluster upgrademgr Database backup file size: 3868 bytes
Local User Database backup file size: 35475 bytes
Global AP Database backup file size: 23052 bytes
IAP Database backup file size: 3750 bytes
Airgroup Database backup file size: 3052 bytes
License Database backup file size: 4926 bytes
CPSec Database backup file size: 3224 bytes
Bocmgr Database backup file size: 6016 bytes
L2 Synchronization took 1 second
L3 Synchronization took less than one second
5 L2 synchronization attempted
0 L2 synchronization have failed
0 L3 synchronization attempted
0 L3 synchronization have failed
L2 Periodic synchronization is enabled and runs every 30 minutes
L3 Periodic synchronization is disabled登录Virtual IP,自动跳转至MM master,显示2个MM
(Lab6-MM1) [mynode] #show switches
All Switches
------------
IP Address IPv6 Address Name Location Type Model Version Status Configuration State Config Sync Time (sec) Config ID
---------- ------------ ---- -------- ---- ----- ------- ------ ------------------- ---------------------- ---------
10.6.50.11 None Lab6-MM1 Building1.floor1 master ArubaMM-VA 8.6.0.2_73853 up UPDATE SUCCESSFUL 0 2
10.6.50.12 None Lab6-MM2 Building1.floor1 standby ArubaMM-VA 8.6.0.2_73853 up UPDATE SUCCESSFUL 0 2L3 Redundancy配置要点
MM之间互相可达,具体开放端口参考https://arubase.club/archives/3492
本例里面10.6.x.x为L2,10.5.x.x是另外一个网段,模拟L3 Redundancy
L3 Redundancy本端配置:
(Lab6-MM1) [mynode] #configure t
(Lab6-MM1) [mynode] (config) #master-l3redundancy
(Lab6-MM1) ^[mynode] (config-submode)#l3-peer-ip-address 10.5.50.11 ipsec aruba123 //第三台MM
(Lab6-MM1) ^[mynode] (config-submode)#l3-sync-state primary //本MM角色
(Lab6-MM1) ^[mynode] (config-submode)#l3-sync-time 2 //同步时间,小时
(Lab6-MM1) ^[mynode] (config-submode)#write memoryL3 Redundancy远端配置:
(Lab5-MM-1) [mynode] #configure t
(Lab5-MM-1) [mynode] (config) #master-l3redundancy
(Lab5-MM-1) ^[mynode] (config-submode)#l3-peer-ip-address 10.6.50.10 ipsec aruba123 //对端MM Virtual IP
(Lab5-MM-1) ^[mynode] (config-submode)#l3-sync-state secondary //MM角色
(Lab5-MM-1) ^[mynode] (config-submode)#l3-sync-time 2 //同步时间,小时
(Lab5-MM-1) ^[mynode] (config-submode)#write memory 状态查看
查看IPSec建立情况,下图可以看出:10.6.x.x是L2的redundancy会话信息,同时有一条10.5.x.x的会话信息,这个便是L3redundancy
查看同步信息,对比L2 Redundancy输出,多了L3同步信息。
(Lab6-MM1) [mynode] #show database synchronize
Last L2 manual synchronization time: Tue Jun 23 13:32:43 2020
Last L3 manual synchronization time: Tue Jun 23 13:32:43 2020
To Master Switch at 10.6.50.12: succeeded
To Secondary Master Switch at 10.5.50.11: succeeded
WMS Database backup file size: 30575 bytes
Upgrademgr Database backup file size: 3381 bytes
Cluster upgrademgr Database backup file size: 3868 bytes
Local User Database backup file size: 35475 bytes
Global AP Database backup file size: 23052 bytes
IAP Database backup file size: 3750 bytes
Airgroup Database backup file size: 3052 bytes
License Database backup file size: 2628 bytes
CPSec Database backup file size: 3224 bytes
Bocmgr Database backup file size: 6016 bytes
L2 Synchronization took 1 second
L3 Synchronization took less than one second
8 L2 synchronization attempted
0 L2 synchronization have failed
1 L3 synchronization attempted
0 L3 synchronization have failed
L2 Periodic synchronization is enabled and runs every 30 minutes
L3 Periodic synchronization is enabled and runs every 120 minutes在远端MM上查看状态
(Lab5-MM-1) [mynode] #show master-l3redundancy config-sync status
L3 Config-Sync Status //此命令只能在角色为second的mm上使用
Sync Success: 1
Sync Failures: 0
Last Sync Start: Sat Mar 14 11:33:37 2020
Last Sync Finish: Sat Mar 14 11:33:39 2020
Last Sync Success: Sat Mar 14 11:33:39 2020MC配置要点:
初始化过程中,填写L2 MM的Virtual IP,或者L3 MM IP(如果有)
Enter System name [Aruba7010_DE_B1_80]: Lab6-md1
Enter Switch Role (standalone|md) [md]:
Enter IP type to terminate IPSec tunnel or secured websocket connection (ipv4|ipv6) [ipv4]:
Enter Master switch IP address/FQDN or ACP IP address/FQDN: 10.6.50.10
Enter Master switch Type? (MM|ACP) [MM]:
Is this a VPN concentrator for managed device to reach Master switch (yes|no) [no]:
This device connects to Master switch via VPN concentrator (yes|no) [no]:
Is Master switch Virtual Mobility Master? (yes|no) [yes]:
Master switch Authentication method (PSKwithIP|PSKwithMAC) [PSKwithIP]:
Enter IPSec Pre-shared Key: ********
Re-enter IPSec Pre-shared Key: ********
Do you want to enable L3 Redundancy (yes|no) [no]: yes
Enter Secondary Master switch IP address or FQDN: 10.5.50.11
This device connects to Secondary Master switch via VPN concentrator (yes|no) [no]:
Is Secondary Master switch Virtual Mobility Master? (yes|no) [yes]: yes
Secondary Master switch Authentication method (PSKwithIP|PSKwithMAC) [PSKwithIP]:
其他略.....
这个MM三层冗余技术是Aruba私有技术吧,只要三层能通信,尽管这两台设备在不同的物理位置都是可以做三层冗余的吗
有没有遇到过MM的地址可以通,然后vrrp地址突然不通了