h3c msr 810 & 2600 & 3600 routers

H3C MSR 810 & 2600 & 3600 Routers Comware 7 Virtual Technologies

Configuration Guide

New H3C Technologies Co., Ltd. http://www.h3c.com Software version: MSR-CMW710-R0809 Document version: 6W400-20200823

Copyright © 2020, New H3C Technologies Co., Ltd. and its licensors

All rights reserved

No part of this manual may be reproduced or transmitted in any form or by any means without prior written consent of New H3C Technologies Co., Ltd.

Trademarks

Except for the trademarks of New H3C Technologies Co., Ltd., any trademarks that may be mentioned in this document are the property of their respective owners.

Notice

The information in this document is subject to change without notice. All contents in this document, including statements, information, and recommendations, are believed to be accurate, but they are presented without warranty of any kind, express or implied. H3C shall not be liable for technical or editorial errors or omissions contained herein.

Preface This configuration guide describes the IRF and VM management features.

This preface includes the following topics about the documentation: • Audience. • Conventions. • Documentation feedback.

Audience This documentation is intended for: • Network planners. • Field technical support and servicing engineers. • Network administrators.

Conventions The following information describes the conventions used in the documentation.

Command conventions

Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown.

Italic Italic text represents arguments that you replace with actual values.

[ ] Square brackets enclose syntax choices (keywords or arguments) that are optional.

{ x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.

[ x | y | ... ] Square brackets enclose a set of optional syntax choices separated by vertical bars, from which you select one or none.

{ x | y | ... } * Asterisk marked braces enclose a set of required syntax choices separated by vertical bars, from which you select a minimum of one.

[ x | y | ... ] * Asterisk marked square brackets enclose optional syntax choices separated by vertical bars, from which you select one choice, multiple choices, or none.

&<1-n> The argument or keyword and argument combination before the ampersand (&) sign can be entered 1 to n times.

# A line that starts with a pound (#) sign is comments.

GUI conventions

Convention Description

Boldface Window names, button names, field names, and menu items are in Boldface. For example, the New User window opens; click OK.

> Multi-level menus are separated by angle brackets. For example, File > Create > Folder.

Symbols


WARNING! An alert that calls attention to important information that if not understood or followed can result in personal injury.

CAUTION: An alert that calls attention to important information that if not understood or followed can result in data loss, data corruption, or damage to hardware or software.

IMPORTANT: An alert that calls attention to essential information.

NOTE: An alert that contains additional or supplementary information.

TIP: An alert that provides helpful information.

Network topology icons


Represents a generic network device, such as a router, switch, or firewall.

Represents a routing-capable device, such as a router or Layer 3 switch.

Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features.

Represents an access controller, a unified wired-WLAN module, or the access controller engine on a unified wired-WLAN switch.

Represents an access point.

Represents a wireless terminator unit.

Represents a wireless terminator.

Represents a mesh access point.

Represents omnidirectional signals.

Represents directional signals.

Represents a security product, such as a firewall, UTM, multiservice security gateway, or load balancing device.

Represents a security module, such as a firewall, load balancing, NetStream, SSL VPN, IPS, or ACG module.

Examples provided in this document Examples in this document might use devices that differ from your device in hardware model, configuration, or software version. It is normal that the port numbers, sample output, screenshots, and other information in the examples differ from what you have on your device.

TT

TT

Documentation feedback You can e-mail your comments about product documentation to [email protected].

We appreciate your comments.

i

Contents

Configuring an IRF fabric ··············································································· 1

About IRF ··························································································································································· 1 IRF network model ····································································································································· 1 IRF benefits ················································································································································ 1 Basic concepts ··········································································································································· 2 IRF network topology ································································································································· 4 Master election ··········································································································································· 4 Interface naming conventions ···················································································································· 5 File system naming conventions ················································································································ 5 Configuration synchronization ···················································································································· 6 Multi-active handling procedure ················································································································· 6 MAD mechanisms ······································································································································ 8

Restrictions: Hardware compatibility with IRF ·································································································· 11 Restrictions and guidelines: IRF configuration ································································································· 12

Hardware compatibility with IRF··············································································································· 12 Software requirements for IRF ················································································································· 13 IRF fabric size ·········································································································································· 13 Candidate IRF physical interfaces ··········································································································· 13 Transceiver modules and cables selection for IRF ·················································································· 13 IRF port connection ·································································································································· 14 IRF physical interface configuration restrictions and guidelines ······························································ 14 Feature compatibility and configuration restrictions with IRF ··································································· 15 Licensing requirements for IRF ················································································································ 15 Configuration rollback restrictions ············································································································ 15

IRF tasks at a glance ······································································································································· 16 Planning the IRF fabric setup ··························································································································· 16 Setting up an IRF fabric ··································································································································· 17

Assigning a member ID to each IRF member device ··············································································· 17 Specifying a priority for each member device ·························································································· 17 Binding physical interfaces to IRF ports ··································································································· 17 Saving configuration to the next-startup configuration file ······································································· 18 Connecting IRF physical interfaces·········································································································· 18 Setting the operating mode to IRF mode ································································································· 18 Accessing the IRF fabric ·························································································································· 19

Configuring MAD ·············································································································································· 20 Restrictions and guidelines for MAD configuration ·················································································· 20 Configuring LACP MAD ··························································································································· 20 Configuring BFD MAD ······························································································································ 21 Excluding interfaces from the shutdown action upon detection of multi-active collision ·························· 25 Recovering an IRF fabric ························································································································· 25

Optimizing IRF settings for an IRF fabric ········································································································· 26 Changing the member ID of a member device ························································································ 26 Changing the priority of a member device ······························································································· 26 Adding physical interfaces to an IRF port ································································································ 27 Bulk-configuring basic IRF settings for a member device ········································································ 28 Enabling IRF auto-merge ························································································································· 29 Configuring a member device description ································································································ 29 Configuring the IRF bridge MAC address ································································································ 29 Enabling software auto-update for software image synchronization ························································ 30 Setting the IRF link down report delay ····································································································· 31 Removing an expansion interface card that has IRF physical interfaces ················································· 31 Replacing an expansion interface card that has IRF physical interfaces ················································· 31

Display and maintenance commands for IRF ·································································································· 32

1

Configuring an IRF fabric About IRF

The Intelligent Resilient Framework (IRF) technology virtualizes multiple physical devices at the same layer into one virtual fabric to provide data center class availability and scalability. IRF virtualization technology offers processing power, interaction, unified management, and uninterrupted maintenance of multiple devices.

IRF network model Figure 1 shows an IRF fabric that has two devices, which appear as a single node to the upper-layer and lower-layer devices.

Figure 1 IRF application scenario

IRF benefits IRF provides the following benefits: • Simplified topology and easy management—An IRF fabric appears as one node and is

accessible at a single IP address on the network. You can use this IP address to log in at any member device to manage all the members of the IRF fabric. In addition, you do not need to run the spanning tree feature among the IRF members.

• 1:N redundancy—In an IRF fabric, one member acts as the master to manage and control the entire IRF fabric. All the other members process services while backing up the master. When the master fails, all the other member devices elect a new master from among them to take over without interrupting services.

• IRF link aggregation—You can assign several physical links between neighboring members to their IRF ports to create a load-balanced aggregate IRF connection with redundancy.

• Multichassis link aggregation—You can use the Ethernet link aggregation feature to aggregate the physical links between the IRF fabric and its upstream or downstream devices across the IRF members.

IP network

IRF fabric

IP network

IRF linkSimplified to

Master Subordinate

2

• Network scalability and resiliency—Processing capacity of an IRF fabric equals the total processing capacities of all the members. You can increase ports, network bandwidth, and processing capacity of an IRF fabric simply by adding member devices without changing the network topology.

Basic concepts Operating mode

The device operates in one of the following modes: • Standalone mode—The device cannot form an IRF fabric with other devices. • IRF mode—The device can form an IRF fabric with other devices.

IRF member roles IRF uses two member roles: master and standby (called subordinate throughout the documentation).

When devices form an IRF fabric, they elect a master to manage and control the IRF fabric, and all the other devices back up the master. When the master device fails, the other devices automatically elect a new master. For more information about master election, see "Master election."

IRF member ID An IRF fabric uses member IDs to uniquely identify and manage its members. This member ID information is included as the first part of interface numbers and file paths to uniquely identify interfaces and files in an IRF fabric. Two devices cannot form an IRF fabric if they use the same member ID. A device cannot join an IRF fabric if its member ID has been used in the fabric.

Member priority Member priority determines the possibility of a member device to be elected the master. A member with higher priority is more likely to be elected the master.

IRF port An IRF port is a logical interface that connects IRF member devices. Every IRF-capable device has two IRF ports.

In standalone mode, the IRF ports are named IRF-port 1 and IRF-port 2.

In IRF mode, the IRF ports are named IRF-port n/1 and IRF-port n/2, where n is the member ID of the device. The two IRF ports are referred to as IRF-port 1 and IRF-port 2.

To use an IRF port, you must bind a minimum of one physical interface to it. The physical interfaces assigned to an IRF port automatically form an aggregate IRF link. An IRF port goes down when all its IRF physical interfaces are down.

IRF physical interface IRF physical interfaces connect IRF member devices and must be bound to an IRF port. They forward traffic between member devices, including IRF protocol packets and data packets that must travel across IRF member devices.

IRF split IRF split occurs when an IRF fabric breaks up into multiple IRF fabrics because of IRF link failures, as shown in Figure 2. The split IRF fabrics operate with the same IP address. IRF split causes routing and forwarding problems on the network. To quickly detect a multi-active collision, configure a minimum of one MAD mechanism (see "Configuring MAD").

3

Figure 2 IRF split

IRF merge IRF merge occurs when two split IRF fabrics reunite or when two independent IRF fabrics are united, as shown in Figure 3.

Figure 3 IRF merge

MAD An IRF link failure causes an IRF fabric to split in two IRF fabrics operating with the same Layer 3 settings, including the same IP address. To avoid IP address collision and network problems, IRF uses multi-active detection (MAD) mechanisms to detect the presence of multiple identical IRF fabrics, handle collisions, and recover from faults.

IRF domain ID One IRF fabric forms one IRF domain. IRF uses IRF domain IDs to uniquely identify IRF fabrics and prevent IRF fabrics from interfering with one another.

As shown in Figure 4, IRF fabric 1 contains Device A and Device B, and IRF fabric 2 contains Device C and Device D. Both fabrics use the LACP aggregate links between them for MAD. When a member device receives an extended LACPDU for MAD, it checks the domain ID to determine whether the packet is from the local IRF fabric. Then, the member device can handle the packet correctly.

=IRF link

Device A Device B

IRF fabric

Device A Device B

IRF fabric 1 IRF fabric 2

+

IRF linkDevice A Device BDevice A Device B

IRF fabric 1 IRF fabric 2 IRF fabric

+ =

4

Figure 4 A network that contains two IRF domains

IRF network topology An IRF fabric can use a daisy-chain topology, as shown in Figure 5.

IMPORTANT: No relay devices are allowed between IRF member devices.

Figure 5 Daisy-chain topology

Master election Master election occurs each time the IRF fabric topology changes in the following situations: • The IRF fabric is established. • The master device fails or is removed.

Device A Device BIRF fabric 1 (domain 10)

IRF link

Core network

IRF fabric 2 (domain 20)

IRF link

Device C Device D

Access network

IRF fabric

Master

Subordinate

IRF-port 2

IRF-port 1

5

• The IRF fabric splits. • Independent IRF fabrics merge.

NOTE: Master election does not occur when split IRF fabrics merge. For information about the master device of the merged IRF fabric, see "Failure recovery."

Master election selects a master in descending order: 1. Current master, even if a new member has higher priority.

When an IRF fabric is being formed, all members consider themselves as the master. This rule is skipped.

2. Member with higher priority. 3. Member with the longest system uptime.

Two members are considered to start up at the same time if the difference between their startup times is equal to or less than 10 minutes. For these members, the next tiebreaker applies.

4. Member with the lowest CPU MAC address.

For the setup of a new IRF fabric, the subordinate devices must reboot to complete the setup after the master election.

For an IRF merge, devices must reboot if they are in the IRF fabric that fails the master election.

Interface naming conventions A physical interface is numbered in the format of chassis-number/slot-number/interface-index. • chassis-number—Device ID. The default value for this argument is 1. In IRF mode, the device

ID is the IRF member ID. After the device converts from IRF mode to standalone mode, it still uses the IRF member ID as its device ID.

• slot-number—Slot number of the interface. In standalone mode, the interfaces on an MSR router are numbered in the format of slot-number/interface-index. No member ID is included.

• interface-index—Interface index on the device. Interface index depends on the number of physical interfaces available on the device. To identify the index of a physical interface, examine its index mark on the chassis.

For example:

# In standalone mode, GigabitEthernet 0/1 represents the first fixed physical interface on the device. Set its link type to trunk, as follows: <Sysname> system-view

[Sysname] interface gigabitethernet 0/1

[Sysname-GigabitEthernet0/1] port link-type trunk

# On the IRF fabric Sysname, GigabitEthernet 2/0/1 represents the first fixed port on member device 2. Set its link type to trunk, as follows: <Sysname> system-view

[Sysname] interface gigabitethernet 2/0/1

[Sysname-GigabitEthernet2/0/1] port link-type trunk

File system naming conventions In standalone mode, you can use the storage device name to access the device's file system.

6

On a multichassis IRF fabric, you can use the storage device name to access the file system of the master. To access the file system of any other member device, use the name in the slotmember-ID#storage-device-name format.

For more information about storage device naming conventions, see Fundamentals Configuration Guide.

For example: • To create and access the test folder under the root directory of the flash memory on the master

device: <Master> mkdir test

Creating directory flash:/test... Done.

<Master> cd test

<Master> dir

Directory of flash:/test

The directory is empty.

524288 KB total (29832 KB free)

• To create and access the test folder under the root directory of the flash memory on member device 2: <Master> mkdir slot2#flash:/test

Creating directory slot2#flash:/test... Done.

<Master> cd slot2#flash:/test

<Master> dir

Directory of slot2#flash:/test

The directory is empty.

524288 KB total (128812 KB free)

Configuration synchronization IRF uses a strict running-configuration synchronization mechanism. In an IRF fabric, all devices obtain and run the running configuration of the master. Configuration changes are automatically propagated from the master to the remaining devices. The configuration files of these devices are retained, but the files do not take effect. The devices use their own startup configuration files only after they are removed from the IRF fabric.

As a best practice, back up the next-startup configuration file on a device before adding the device to an IRF fabric as a subordinate.

A subordinate device's next-startup configuration file might be overwritten if the master and the subordinate use the same file name for their next-startup configuration files. You can use the backup file to restore the original configuration after removing the subordinate from the IRF fabric.

For more information about configuration management, see Fundamentals Configuration Guide.

Multi-active handling procedure The multi-active handling procedure includes detection, collision handling, and failure recovery.

Detection IRF provides MAD mechanisms by extending LACP and BFD to detect multi-active collisions. As a best practice, configure a minimum of one MAD mechanism on an IRF fabric. For more information about the MAD mechanisms and their application scenarios, see "MAD mechanisms."

7

For information about LACP, see Ethernet link aggregation in Layer 2—LAN Switching Configuration Guide. For information about BFD, see High Availability Configuration Guide.

Collision handling When MAD detects a multi-active collision, it sets all IRF fabrics except one to the Recovery state. The fabric that is not placed in Recovery state can continue to forward traffic. The Recovery-state IRF fabrics are inactive and cannot forward traffic.

LACP MAD and BFD MAD use the following process to handle a multi-active collision: 1. Compare the number of members in each fabric. 2. Set all fabrics to the Recovery state except the one that has the most members. 3. Compare the member IDs of the masters if all IRF fabrics have the same number of members. 4. Set all fabrics to the Recovery state except the one that has the lowest numbered master. 5. Shut down all common network interfaces in the Recovery-state fabrics except for the following

interfaces: Interfaces automatically excluded from being shut down by the system. Interfaces specified by using the mad exclude interface command.

Failure recovery To merge two split IRF fabrics, first repair the failed IRF link and remove the IRF link failure.

After the failed IRF link between two split IRF fabrics is recovered, log in to the inactive IRF fabric to reboot its member devices if the system requires you to do so. After these member devices join the active IRF fabric as subordinate devices, the IRF merge is complete, as shown in Figure 6. The network interfaces that have been shut down by MAD automatically restore their original state.

CAUTION: If you inadvertently reboot the active IRF fabric after the failed IRF link recovers, its member devices will join the inactive IRF fabric with their network interfaces being shut down by MAD. To restore the original states of the network interfaces in the merged IRF fabric, use the mad restore command.

NOTE: If the IRF auto-merge feature is enabled, the inactive IRF member devices will automatically reboot after the failed IRF link recovers and a manual reboot is typically not required.

Figure 6 Recovering the IRF fabric

If the active IRF fabric fails before the IRF link is recovered (see Figure 7), use the mad restore command on the inactive IRF fabric to recover the inactive IRF fabric. This command brings up all network interfaces that were shut down by MAD. After the IRF link is repaired, merge the two parts into a unified IRF fabric.

IRF fabric

IP network

IP network

IRF fabric 1(Active)

IRF fabric 2(Recovery)

IP network

IP network



IP network

IP network

After the IRF link is

recoveredIRF merge

8

Figure 7 Active IRF fabric fails before the IRF link is recovered

MAD mechanisms IRF provides MAD mechanisms by extending LACP and BFD.

Table 1 compares the MAD mechanisms and their application scenarios.

Table 1 Comparison of MAD mechanisms

MAD mechanism Advantages Disadvantages Application

scenarios

LACP MAD

• Detection speed is fast. • Runs on existing

aggregate links without requiring MAD-dedicated physical links or Layer 3 interfaces.

Requires an intermediate device that supports extended LACP for MAD.

Link aggregation is used between the IRF fabric and its upstream or downstream device.

BFD MAD

• Detection speed is fast. • Intermediate device, if

used, can come from any vendor.

Requires MAD dedicated physical links and Layer 3 interfaces, which cannot be used for transmitting user traffic. The MSR routers support Layer 3 aggregate interfaces for BFD MAD and the interfaces must operate in static aggregation mode.

• No special requirements for network scenarios.

• If no intermediate device is used, this mechanism is only suitable for IRF fabrics that have only two members



IP network

IP network


IP network

IP network

IRF fabric 1 fails before the IRF link is recovered.

IRF fabric 1 fails

because of physical problems


IP network

IP network

IRF fabric 1 fails

because of physical problems

IRF fabric

IP network

IP network

Repair the IRF link and IRF fabric 1, and finish IRF merge

Execute the mad restore command on IRF fabric 2

9

MAD mechanism Advantages Disadvantages Application

scenarios that are geographically close to one another.

LACP MAD As shown in Figure 8, LACP MAD has the following requirements: • Every IRF member must have a link with an intermediate device. • All the links form a dynamic link aggregation group. • The intermediate device must be a device that supports extended LACP for MAD.

The IRF member devices send extended LACPDUs that convey a domain ID and an active ID (the member ID of the master). The intermediate device transparently forwards the extended LACPDUs received from one member device to all the other member devices. • If the domain IDs and active IDs sent by all the member devices are the same, the IRF fabric is

integrated. • If the extended LACPDUs convey the same domain ID but different active IDs, a split has

occurred. LACP MAD handles this situation as described in "Collision handling."

Figure 8 LACP MAD scenario

BFD MAD BFD MAD detects multi-active collisions by using BFD.

Intermediate device

Master Subordinate

IRF fabric

Internet

Customer premise network

IRF link

Common traffic path

LACP MAD traffic path

LACP-enabled dynamic link aggregation

LACP-enabled dynamic link aggregation

10

You can use common or management Ethernet ports for BFD MAD.

If management Ethernet ports are used, BFD MAD has the following requirements: • An intermediate device is required and each IRF member device must have a BFD MAD link to

the intermediate device. • Each member device is assigned a MAD IP address on the master's management Ethernet

port.

If common Ethernet ports are used, BFD MAD has the following requirements: • If an intermediate device is used, each member device must have a BFD MAD link to the

intermediate device. If no intermediate device is used, all member devices must have a BFD MAD link to each other. As a best practice, use an intermediate device to connect IRF member devices if the IRF fabric has more than two member devices. A full mesh of IRF members might cause broadcast loops.

• Ports on BFD MAD links are assigned to a VLAN (or Layer 3 aggregate interface) used for BFD MAD. Each member device is assigned a MAD IP address on the VLAN interface (or Layer 3 aggregate interface).

The BFD MAD links and BFD MAD VLAN (or Layer 3 aggregate interface) must be dedicated. Do not use BFD MAD links or BFD MAD VLAN (or Layer 3 aggregate interface) for any other purposes.

When you use a Layer 3 aggregate interface for BFD MAD, make sure its member ports do not exceed the maximum number of Selected ports allowed for an aggregation group. If the number of member ports exceeds the maximum number of Selected ports, some member ports cannot become Selected. BFD MAD will be unable to work correctly and its state will change to Faulty. For more information about setting the maximum number of Selected ports for an aggregation group, see Ethernet link aggregation in Layer 2—LAN Switching Configuration Guide.

NOTE: • The MAD addresses identify the member devices and must belong to the same subnet.

• Of all management Ethernet ports on an IRF fabric, only the master's management Ethernet port is accessible.

Figure 9 shows a typical BFD MAD scenario that uses an intermediate device. On the intermediate device, assign the ports on the BFD MAD links to the same VLAN.

Figure 10 shows a typical BFD MAD scenario that does not use an intermediate device.

With BFD MAD, the master attempts to establish BFD sessions with other member devices by using its MAD IP address as the source IP address. • If the IRF fabric is integrated, only the MAD IP address of the master takes effect. The master

cannot establish a BFD session with any other member. If you execute the display bfd session command, the state of the BFD sessions is Down.

• When the IRF fabric splits, the IP addresses of the masters in the split IRF fabrics take effect. The masters can establish a BFD session. If you execute the display bfd session command, the state of the BFD session between the two devices is Up.

11

Figure 9 BFD MAD scenario with an intermediate device

Figure 10 BFD MAD scenario without an intermediate device

Restrictions: Hardware compatibility with IRF Hardware IRF compatibility

MSR810, MSR810-W, MSR810-W-DB, MSR810-LM, MSR810-W-LM, MSR810-10-PoE, MSR810-LM-HK, MSR810-W-LM-HK, MSR810-LM-CNDE-SJK, MSR810-CNDE-SJK

No

MSR810-LMS, MSR810-LUS No

MSR810-LMS-EA, MSR810-LME No

MSR2600-6-X1, MSR2600-10-X1 No

MSR 2630 Yes

MSR3600-28, MSR3600-51 Yes

MSR3600-28-SI, MSR3600-51-SI No

MSR3600-28-X1, MSR3600-28-X1-DP, MSR3600-51-X1, MSR3600-51-X1-DP Yes

MSR3610-I-DP, MSR3610-IE-DP, MSR3610-IE-ES, MSR3610-IE-EAD No

MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC Yes

MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660 Yes

MSR3610-G, MSR3620-G Yes

Device

Master Subordinate

IRF fabric

IRF link

BFD MAD link

192.168.1.2/24 192.168.1.3/24

BFD MAD link

Master Subordinate

IRF fabric

IRF link

BFD MAD linkVLAN 2192.168.1.2/24

VLAN 2192.168.1.3/24

12

Hardware IRF compatibility

MSR810-W-WiNet, MSR810-LM-WiNet No

MSR830-4LM-WiNet No

MSR830-5BEI-WiNet, MSR830-6EI-WiNet, MSR830-10BEI-WiNet No

MSR830-6BHI-WiNet, MSR830-10BHI-WiNet No

MSR2600-6-WiNet, MSR2600-10-X1-WiNet No

MSR2630-WiNet Yes

MSR3600-28-WiNet Yes

MSR3610-X1-WiNet Yes

MSR3610-WiNet, MSR3620-10-WiNet, MSR3620-DP-WiNet, MSR3620-WiNet, MSR3660-WiNet Yes


MSR2630-XS No

MSR3600-28-XS Yes

MSR3610-XS Yes

MSR3620-XS Yes

MSR3610-I-XS No

MSR3610-IE-XS No


MSR810-LM-GL No

MSR810-W-LM-GL No

MSR830-6EI-GL No

MSR830-10EI-GL No

MSR830-6HI-GL No

MSR830-10HI-GL No

MSR2600-6-X1-GL No

MSR3600-28-SI-GL No

Restrictions and guidelines: IRF configuration Hardware compatibility with IRF

The MSR routers in Table 2 support IRF. To establish an IRF fabric successfully, make sure the member device models meet the compatibility requirements in Table 2.

13

Table 2 Hardware compatibility matrix for IRF establishment

Hardware IRF member restrictions

MSR 2630 All members are the same model.

MSR3600-28, MSR3600-51 All members are the same model.

MSR3610-X1, MSR3610-X1-DP, MSR3610-X1-DC, MSR3610-X1-DP-DC All members are the same model.

MSR 3610, MSR 3620, MSR 3620-DP, MSR 3640, MSR 3660 All members are the same model.

IMPORTANT: • Voice, WLAN, or FCM modules cannot operate in IRF mode.

• If you install a SIC-CNDE module on one IRF member device, you must install SIC-CNDE modules on all other member devices.

Software requirements for IRF All IRF member devices must run the same software image version. Make sure the software auto-update feature is enabled on all member devices.

IRF fabric size An IRF fabric can contain a maximum of two member devices.

Candidate IRF physical interfaces Typically, use high-speed ports as IRF physical interfaces. The following compatibility matrix shows the candidate IRF physical interfaces for the hardware platforms:

Hardware Candidate IRF physical interfaces

MSR3600-28, MSR3600-51 The lowest numbered fixed GE port

Other MSR routers All fixed GE ports

On some devices, specific physical interfaces have been assigned to the IRF port by default. You cannot modify or configure IRF port bindings. On some devices, you must assign physical interfaces to IRF ports from the CLI.

Transceiver modules and cables selection for IRF When you select transceiver modules and cables, follow these restrictions and guidelines: • Use straight-through or crossover copper Ethernet cables to connect copper Ethernet ports for

a short-distance connection. • Use transceiver modules and fibers to connect fiber Ethernet ports for a long-distance

connection. • The transceiver modules at the two ends of an IRF link must be the same type.

Support for transceiver modules and cables varies by device model.

14

For more information about the transceiver modules and DAC cables, see the switch installation guide and H3C Transceiver Modules User Guide.

NOTE: The transceiver modules and DAC cables available for the switch are subject to change over time. For the most up-to-date list of transceiver modules and DAC cables, contact your H3C sales representative.

IRF port connection When you connect two neighboring IRF members, follow these restrictions and guidelines: • You must connect the physical interfaces of IRF-port 1 on one member to the physical

interfaces of IRF-port 2 on the other. • For high availability, bind multiple physical interfaces to an IRF port. You can bind a maximum of

two physical interfaces to an IRF port.

IMPORTANT: Because of hardware restrictions, do not bind CPU WAN ports and switching WAN ports to the same IRF port on the MSR 3600-28-X1, MSR 3600-28-X1-DP, MSR 3600-51-X1, or MSR 3600-51-X1-DP router. In addition, the two ends of an IRF physical link must use the same type of WAN ports. If you bind a CPU WAN port to an IRF port, you cannot bind a switching WAN port to the neighboring IRF port. On the MSR 3600-28-X1 or MSR 3600-28-X1-DP router, GE 0/0 to GE 0/3 and GE 0/27 are switching WAN ports, and GE 0/28 is a CPU WAN port. On the MSR 3600-51-X1 or MSR 3600-51-X1-DP router, GE 0/0 to GE 0/3 and GE 0/51 are switching WAN ports, and GE 0/52 is a CPU WAN port.

Figure 11 Connecting IRF physical interfaces

IRF physical interface configuration restrictions and guidelines Command configuration restrictions

On a physical interface bound to an IRF port, you can execute only the following commands: • Interface commands, including the description and shutdown commands.

For more information about these commands, see Ethernet interface configuration in Interface Command Reference.

Suppressing SNMP notifications of packet drops on IRF physical interfaces Before an IRF member device forwards a packet, it examines its forwarding path in the IRF fabric for a loop. If a loop exists, the device discards the packet on the source interface of the looped path.

IRF-port 1IRF-port 2

IRF fabric

15

This loop elimination mechanism will drop a large number of broadcast packets on the IRF physical interfaces.

To suppress SNMP notifications of packet drops that do not require attention, do not monitor packet forwarding on the IRF physical interfaces.

Feature compatibility and configuration restrictions with IRF

Feature compatibility and configuration restrictions

Feature Feature compatibility and configuration restrictions

Routing

To form an IRF fabric, all member devices must use the same settings for the following routing features: • Maximum number of ECMP routes (set by using the

max-ecmp-num command). • ECMP mode (set by using the ecmp mode command).

For more information about the routing features, see basic IP routing configuration in Layer 3—IP Routing Configuration Guide.

Layer 2 forwarding IRF ports cannot forward Layer 2 traffic.

Link aggregation Multichassis Layer 2 link aggregation is not supported.

IPsec

IPsec anti-replay requires that packets on the same interface be processed on the same slot. For information about how to perform IPsec anti-replay on an IRF fabric for a global interface (such as a VLAN or tunnel interface) that has physical interfaces across slots, see IPsec in Security Configuration Guide.

Session

Session backup is not supported between member devices. The packets must be sent and received on the same member device for services that require session establishment. Examples of these services include NAT, ASPF, and AFT.

Dialing Not supported on the AUX, AM, or ISDN interfaces in IRF mode.

Web network management Not supported in IRF mode.

Built-in AC Not supported in IRF mode.

VLAN In IRF mode, Ethernet switching modules on the master and subordinate devices must support the same maximum number of VLANs.

Licensing requirements for IRF For a license-based feature to run correctly on an IRF fabric, make sure the licenses installed for the feature on all member devices are the same. For more information about feature licensing, see Fundamentals Configuration Guide.

Configuration rollback restrictions The configuration rollback feature cannot roll back the following IRF settings: • Member device description (set by using the irf member description command).

• Member device priority (set by using the irf member priority command).

• IRF physical interface and IRF port bindings (set by using the port group interface command).

16

For more information about the configuration rollback feature, see configuration file management in Fundamentals Configuration Guide.

IRF tasks at a glance To configure IRF, perform the following tasks: 1. Setting up an IRF fabric

a. Assigning a member ID to each IRF member device b. (Optional.) Specifying a priority for each member device c. Binding physical interfaces to IRF ports d. Saving configuration to the next-startup configuration file e. Connecting IRF physical interfaces f. Setting the operating mode to IRF mode g. Accessing the IRF fabric

2. Configuring MAD Configure a minimum of one MAD mechanism on an IRF fabric. Configuring LACP MAD Configuring BFD MAD Excluding interfaces from the shutdown action upon detection of multi-active collision

This feature excludes an interface from the shutdown action for management or other special purposes when an IRF fabric transits to the Recovery state.

Recovering an IRF fabric 3. (Optional.) Optimizing IRF settings for an IRF fabric

Changing the member ID of a member device Changing member IDs in an IRF fabric can void member ID-related configuration and cause unexpected problems. Make sure you understand the impact on your live network before you change member IDs.

Changing the priority of a member device Adding physical interfaces to an IRF port Bulk-configuring basic IRF settings for a member device

You can configure member IDs, priorities, domain ID, IRF physical interfaces separately or in bulk.

Enabling IRF auto-merge When two IRF fabrics merge, this feature enables the IRF fabric that failed the master election to automatically reboot all its member devices to complete the merge.

Configuring a member device description Configuring the IRF bridge MAC address Enabling software auto-update for software image synchronization

This feature automatically synchronizes the current software images of the master to devices that are attempting to join the IRF fabric.

Setting the IRF link down report delay

Planning the IRF fabric setup Consider the following items when you plan an IRF fabric: • Hardware compatibility and restrictions.

17

• IRF fabric size. • Master device. • Member ID and priority assignment scheme. • Fabric topology and cabling scheme. • IRF physical interfaces.

Setting up an IRF fabric Assigning a member ID to each IRF member device About this task

Assign a unique IRF member ID to a device before changing the device's operating mode to IRF. If you do not assign a member ID to the device, the device automatically uses the member ID of 1 after the mode changes to IRF.

The member ID assigned to the device is saved in both active and standby MPUs. The standby MPU might store a different member ID than the active MPU after an MPU replacement. For consistency, the system updates the member ID in the active MPU automatically to the standby MPU when the difference is detected.

Procedure 1. Enter system view.

system-view

2. Assign an IRF member ID to the device. irf member member-id

By default, the device operates in standalone mode and does not have an IRF member ID.

Specifying a priority for each member device About this task

IRF member priority represents the possibility for a device to be elected the master in an IRF fabric. A larger priority value indicates a higher priority.


system-view

2. Specify a priority for the device in standalone mode. irf priority priority

The default IRF member priority is 1.

Binding physical interfaces to IRF ports About this task

In standalone mode, IRF port binding operations do not affect the current configuration of the interface. However, when the operating mode changes to IRF mode, the default configuration is restored on the physical interface.

18

Restrictions and guidelines Make sure the IRF physical interfaces of an IRF port use the same binding mode. In IRF mode, IRF physical interfaces of an IRF port cannot be configured to use different binding modes. In standalone mode, you can configure the IRF physical interfaces of an IRF port to use different binding modes. However, only one binding mode takes effect after the operating mode changes from standalone to IRF. The binding mode of the first IRF physical interface in the configuration file has the highest priority.


system-view

2. Enter IRF port view in standalone mode. irf-port irf-port-number

3. Bind a physical interface to the IRF port. port group interface interface-type interface-number By default, no physical interfaces are bound to an IRF port. Repeat this step to assign multiple physical interfaces to the IRF port.

Saving configuration to the next-startup configuration file About this task

Save the running configuration before converting to the IRF mode. The mode change requires a reboot, which causes all unsaved settings to be lost.

Procedure To save the running configuration to the next-startup configuration file, execute the following command in any view:

save

For more information about this command, see configuration file management in Fundamentals Command Reference.

Connecting IRF physical interfaces Follow the restrictions in "IRF port connection" to connect IRF physical interfaces as well as based on the topology and cabling scheme.

Setting the operating mode to IRF mode About this task

By default, the device operates in standalone mode. To assign the device to an IRF fabric, you must change its operating mode to IRF mode.

After you change the operating mode, the device automatically reboots for the change to take effect.

During the reboot, you may choose to have the system automatically convert the startup configuration file. Automatic configuration conversion prevents slot- or interface-related settings from becoming invalid. For example, the system adds member ID information to interface numbers and file paths in IRF mode.

19

Restrictions and guidelines Upon an operating mode change, the system automatically converts interface names by adding or deleting the first number segment (the member ID) in the interface number. When performing this task, the system converts every string in a valid interface name format without identifying whether or not they are interface names. To avoid undesirable configuration changes that result from false modification, do not name any objects except interfaces in a valid interface name format.

The following are valid interface name formats: • interface-type interface-number, which has a space between the two arguments. • interface-typeinterface-number, which does not have a space between the two arguments.

The system uses the space-separated format to match CPOS E1, E3, T1, and T3 interfaces and uses the non-space format to match other types of physical interfaces.

If a string (except the string configured by using the description command) matches a valid interface name, the system converts that string. For example, if a VLAN exists with a name of GigabitEthernet0/7 in standalone mode, the VLAN name will change to GigabitEthernetn/0/7 in IRF mode. The n argument represents the IRF member ID.

Prerequisites Before you change the operating mode, verify that a unique IRF member ID has been assigned to the device.


system-view

2. Set the operating mode to IRF mode. chassis convert mode irf

The default operating mode is standalone mode. IRF generates packets on a device in IRF mode even if the device does not form an IRF fabric with any other devices. To conserve system resources, set a device to standalone mode after removing it from an IRF fabric. To restore the standalone mode, use the undo chassis convert mode command.

Accessing the IRF fabric The following methods are available for accessing an IRF fabric: • Local login—Log in through the console port of any member device. • Remote login—Log in at a Layer 3 interface on any member device by using methods

including Telnet and SNMP.

The IRF fabric appears as one device after it is formed. When you log in to an IRF fabric, you are placed at the CLI of the master, regardless of at which member device you are logged in. You configure and manage all IRF members at the CLI of the master. All settings you have made are automatically propagated to the IRF members.

For more information, see login configuration in Fundamentals Configuration Guide.

20

Configuring MAD Restrictions and guidelines for MAD configuration Assigning IRF domain IDs

An IRF fabric has only one IRF domain ID.

You can change the IRF domain ID by using the irf domain or mad enable command. The IRF domain IDs configured by using the commands overwrite each other.

If LACP MAD runs between two IRF fabrics, assign each fabric a unique IRF domain ID. (For BFD MAD, this task is optional.)

Actions on interfaces shut down by MAD To prevent a multi-active collision from causing network issues, avoid using the undo shutdown command to bring up the interfaces shut down by a MAD mechanism on a Recovery-state IRF fabric.

Configuring LACP MAD 1. Enter system view.

system-view

2. Assign a domain ID to the IRF fabric. irf domain domain-id

The default IRF domain ID is 0. 3. Create an aggregate interface and enter aggregate interface view.

Enter Layer 2 aggregate interface view. interface bridge-aggregation interface-number

Enter Layer 3 aggregate interface view. interface route-aggregation interface-number

Perform this step also on the intermediate device. 4. Configure the aggregation group to operate in dynamic aggregation mode.

link-aggregation mode dynamic

By default, an aggregation group operates in static aggregation mode. LACP MAD takes effect only on dynamic aggregate interfaces. Perform this step also on the intermediate device.

5. Enable LACP MAD. mad enable

By default, LACP MAD is disabled. 6. Return to system view.

quit

7. Enter Ethernet interface view or interface range view. Enter Ethernet interface view.

interface interface-type interface-number Enter interface range view. Choose one of the following commands:

interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24>

21

interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]

To assign a range of ports to the aggregation group, enter interface range view. To assign one port to the aggregation group, enter Ethernet interface view.

8. Assign the Ethernet port or the range of Ethernet ports to the specified aggregation group. port link-aggregation group group-id Multichassis link aggregation is allowed. Perform this step also on the intermediate device.

Configuring BFD MAD

Restrictions and guidelines for configuring BFD MAD Before you configure BFD MAD, choose a BFD MAD link scheme as described in "BFD MAD."

As a best practice, connect the BFD MAD links after you finish the BFD MAD configuration.

When you configure BFD MAD on a VLAN interface, follow these restrictions and guidelines:

Category Restrictions and guidelines

BFD MAD VLAN

• Do not enable BFD MAD on VLAN-interface 1. • If you are using an intermediate device, perform the following tasks:

On the IRF fabric and the intermediate device, create a VLAN for BFD MAD.

On the IRF fabric and the intermediate device, assign the ports of BFD MAD links to the BFD MAD VLAN.

On the IRF fabric, create a VLAN interface for the BFD MAD VLAN. • Make sure the IRF fabrics on the network use different BFD MAD VLANs. • Make sure the BFD MAD VLAN contains only ports on the BFD MAD

links. Exclude a port from the BFD MAD VLAN if that port is not on a BFD MAD link. If you have assigned that port to all VLANs by using the port trunk permit vlan all command, use the undo port trunk permit command to exclude that port from the BFD MAD VLAN.

BFD MAD VLAN and feature compatibility

Do not use the BFD MAD VLAN and its member ports for any purpose other than configuring BFD MAD. • Use only the mad bfd enable and mad ip address commands

on the BFD MAD-enabled VLAN interface. If you configure other features, both BFD MAD and other features on the interface might run incorrectly.

• Disable the spanning tree feature on any Layer 2 Ethernet ports in the BFD MAD VLAN. The MAD feature is mutually exclusive with the spanning tree feature.

MAD IP address

• To avoid network issues, only use the mad ip address command to configure IP addresses on the BFD MAD-enabled VLAN interface. Do not configure an IP address by using the ip address command or configure a VRRP virtual address on the BFD MAD-enabled VLAN interface.

• Make sure all the MAD IP addresses are on the same subnet.

When you configure BFD MAD on a Layer 3 aggregate interface, follow these restrictions and guidelines:

22


BFD MAD-enabled Layer 3 aggregate interface

• Make sure the Layer 3 aggregate interface operates in static aggregation mode.

• Make sure the member ports in the aggregation group do not exceed the maximum number of Selected ports allowed for an aggregation group. If the number of member ports exceeds the maximum number of Selected ports, some member ports cannot become Selected. BFD MAD will be unable to work correctly and its state will change to Faulty.

BFD MAD VLAN

• On the intermediate device (if any), assign the ports on the BFD MAD links to the same VLAN. Do not assign the ports to an aggregate interface. If the ports are hybrid ports, make sure these ports are untagged members of their PVIDs.

• If the intermediate device acts as a BFD MAD intermediate device for multiple IRF fabrics, assign different BFD MAD VLANs to the IRF fabrics.

• Do not use the BFD MAD VLAN on the intermediate device for any purposes other than BFD MAD.

• Make sure the BFD MAD VLAN on the intermediate device contains only ports on the BFD MAD links. Exclude a port from the BFD MAD VLAN if that port is not on a BFD MAD link. If you have assigned that port to all VLANs by using the port trunk permit vlan all command, use the undo port trunk permit command to exclude that port from the BFD MAD VLAN.

BFD MAD-enabled Layer 3 aggregate interface and feature compatibility

Use only the mad bfd enable and mad ip address commands on the BFD MAD-enabled interface. If you configure other features, both BFD MAD and other features on the interface might run incorrectly.

MAD IP address

• To avoid network issues, only use the mad ip address command to configure IP addresses on the BFD MAD-enabled interface. Do not configure an IP address by using the ip address command or configure a VRRP virtual address on the BFD MAD-enabled interface.


When you configure BFD MAD that uses management Ethernet ports, follow these restrictions and guidelines:


Management Ethernet ports for BFD MAD

Connect a management Ethernet port on each IRF member device to the common Ethernet ports on the intermediate device.

BFD MAD VLAN

• On the intermediate device, create a VLAN for BFD MAD, and assign the ports used for BFD MAD to the VLAN. On the IRF fabric, you do not need to assign the management Ethernet ports to the VLAN.

• Make sure the IRF fabrics on the network use different BFD MAD VLANs. • Make sure the BFD MAD VLAN on the intermediate device contains only

ports on the BFD MAD links.

MAD IP address

• Use the mad ip address command instead of the ip address command to configure MAD IP addresses on the BFD MAD-enabled management Ethernet ports.


Configuring BFD MAD on a VLAN interface 1. Enter system view.

system-view 2. (Optional.) Assign a domain ID to the IRF fabric.

irf domain domain-id

23

By default, the domain ID of an IRF fabric is 0. 3. Create a VLAN dedicated to BFD MAD.

vlan vlan-id By default, only VLAN 1 exists.

4. Return to system view. quit

5. Enter Ethernet interface view or interface range view. Enter Ethernet interface view.


interface range { interface-type interface-number [ to interface-type interface-number ] } &<1-24> interface range name name [ interface { interface-type interface-number [ to interface-type interface-number ] } &<1-24> ]

To assign a range of ports to the BFD MAD VLAN, enter interface range view. To assign one port to the BFD MAD VLAN, enter Ethernet interface view.

6. Assign the port or the range of ports to the BFD MAD VLAN. Assign the ports to the VLAN as access ports.

port access vlan vlan-id Assign the ports to the VLAN as trunk ports.

port trunk permit vlan vlan-id Assign the ports to the VLAN as hybrid ports.

port hybrid vlan vlan-id { tagged | untagged } The link type of BFD MAD ports can be access, trunk, or hybrid. The default link type of a port is access.


8. Enter VLAN interface view. interface vlan-interface vlan-interface-id

9. Enable BFD MAD. mad bfd enable By default, BFD MAD is disabled.

10. Assign a MAD IP address to a member device on the VLAN interface. mad ip address ip-address { mask | mask-length } member member-id By default, no MAD IP addresses are configured on any VLAN interfaces. Repeat this step to assign a MAD IP address to each member device on the VLAN interface.

Configuring BFD MAD on a Layer 3 aggregate interface 1. Enter system view.

system-view

2. (Optional.) Assign a domain ID to the IRF fabric. irf domain domain-id

By default, the domain ID of an IRF fabric is 0. 3. Create a Layer 3 aggregate interface for BFD MAD.

interface route-aggregation interface-number

24


5. Enter interface view or interface range view. Enter Ethernet interface view.



To assign a range of ports to the aggregation group for the aggregate interface, enter interface range view. To assign one port to the aggregation group for the aggregate interface, enter Ethernet interface view.

6. Assign the port or the range of ports to the aggregation group for the aggregate interface. port link-aggregation group number


8. Enter Layer 3 aggregate interface view. interface route-aggregation interface-number

9. Enable BFD MAD. mad bfd enable

By default, BFD MAD is disabled. 10. Assign a MAD IP address to a member device on the Layer 3 aggregate interface.

mad ip address ip-address { mask | mask-length } member member-id By default, no MAD IP addresses are configured on aggregate interfaces. Repeat this step to assign a MAD IP address to each member device on the aggregate interface.

Configuring BFD MAD that uses management Ethernet ports 1. Enter system view.

system-view 2. (Optional.) Assign a domain ID to the IRF fabric.

irf domain domain-id By default, the domain ID of an IRF fabric is 0.

3. Enter management Ethernet interface view. interface m-gigabitethernet interface-number Of all management Ethernet ports on an IRF fabric, only the master's management Ethernet port is accessible.

4. Enable BFD MAD. mad bfd enable By default, BFD MAD is disabled.

5. Assign a MAD IP address to each member device. mad ip address ip-address { mask | mask-length } member member-id By default, no MAD IP addresses are configured.

25

Excluding interfaces from the shutdown action upon detection of multi-active collision About this task

When an IRF fabric transits to the Recovery state, the system automatically excludes the following network interfaces from being shut down: • IRF physical interfaces. • Member interfaces of an aggregate interface if the aggregate interface is excluded from being

shut down.

You can exclude a network interface from the shutdown action for management or other special purposes. For example: • Exclude a port from the shutdown action so you can Telnet to the port for managing the device. • Exclude a VLAN interface and its Layer 2 ports from the shutdown action so you can log in

through the VLAN interface.

Restrictions and guidelines If the Layer 2 ports of a VLAN interface are distributed on multiple member devices, the exclusion operation might introduce IP collision risks. The VLAN interface might be up on both active and inactive IRF fabrics.


system-view

2. Configure a network interface to not shut down when the IRF fabric transits to the Recovery state. mad exclude interface interface-type interface-number

By default, all network interfaces on a Recovery-state IRF fabric are shut down, except for the network interfaces automatically excluded by the system.

Recovering an IRF fabric About this task

For split IRF fabrics, if the active IRF fabric fails before the IRF link is recovered, perform this task on the inactive IRF fabric to recover the inactive IRF fabric. The manual recovery operation brings up all interfaces that were shut down by MAD on the inactive IRF fabric.


system-view

2. Recover the inactive IRF fabric. mad restore

26

Optimizing IRF settings for an IRF fabric Changing the member ID of a member device Restrictions and guidelines

CAUTION: In IRF mode, an IRF member ID change can invalidate member ID-related settings and cause data loss. Make sure you fully understand its impact on your live network.

The new member ID takes effect at reboot. After the device reboots, the settings on all member ID-related physical resources (including common physical network interfaces) are removed, regardless of whether you have saved the configuration.


system-view

2. Change the member ID of a member device. irf member member-id renumber new-member-id

By default, the device uses the member ID that is set in standalone mode. 3. Save the running configuration.

save [ safely ] [ force ] 4. Return to user view.

quit 5. Reboot the member device.

reboot [ slot slot-number ] The slot-number must be the same as the member-id specified in the irf member member-id renumber new-member-id command.

Changing the priority of a member device About this task

You can change the priority of a member device so it can be elected the master in the next master election.

A change to member priority can affect the master re-election result. However, it does not cause an immediate master re-election.


system-view

2. Specify a priority for a member of an IRF fabric. irf member member-id priority priority

The default IRF member priority is 1.

27

Adding physical interfaces to an IRF port Restrictions and guidelines

Make sure the IRF physical interfaces of an IRF port use the same binding mode. In IRF mode, IRF physical interfaces of an IRF port cannot be configured to use different binding modes.


system-view

2. Enter the interface view or interface range view of an IRF physical interface or a range of IRF physical interfaces, respectively. Enter Layer 3 Ethernet interface view.



To shut down one IRF physical interface, enter its interface view. To shut down a range of IRF physical interfaces, enter interface range view.

3. Shut down the physical interfaces. shutdown

By default, a physical interface is not administratively down. If you cannot shut down a physical interface, follow the system instruction to shut down its peer interface.


5. Enter IRF port view. irf-port member-id/irf-port-number

6. Bind each physical interface to the IRF port. port group interface interface-type interface-number By default, no physical interfaces are bound to an IRF port. Repeat this step to assign multiple physical interfaces to the IRF port.


8. Enter the interface view or interface range view of an IRF physical interface or a range of IRF physical interfaces, respectively. Enter Layer 3 Ethernet interface view.



9. Bring up the physical interfaces. undo shutdown

28


11. Save the running configuration. save

Activating IRF port settings causes IRF merge and reboot. To avoid data loss, save the running configuration to the startup configuration file before you perform the operation.

12. Activate the configuration on the IRF port. irf-port-configuration active

After this step is performed, the state of the IRF port changes to UP. The member devices elect a master, and the subordinate device reboots automatically. After the IRF fabric is formed, you can add physical interfaces to an IRF port (in UP state) without repeating this step.

Bulk-configuring basic IRF settings for a member device About this task

Use the easy IRF feature to bulk-configure basic IRF settings for a device in IRF mode, including the member ID, domain ID, priority, and IRF port bindings.

The easy IRF feature provides the following configuration methods: • Interactive method—Enter the easy-irf command without parameters. The system will

guide you to set the parameters step by step. • Non-interactive method—Enter the easy-irf command with parameters.

As a best practice, use the interactive method if you are new to IRF.

Restrictions and guidelines The device reboots immediately after you specify a new member ID for it. Make sure you are aware of the impact on the network.

If you execute the easy-irf command multiple times, the following settings take effect:

• The most recent settings for the member ID, domain ID, and priority. • IRF port bindings added through repeated executions of the command. To remove an IRF

physical interface from an IRF port, you must use the undo port group interface command in IRF port view.

If you specify IRF physical interfaces by using the interactive method, you must also follow these restrictions and guidelines: • Do not enter spaces between the interface type and interface number. • Use a comma (,) to separate two physical interfaces. No spaces are allowed between

interfaces.


system-view

2. Bulk-configure basic IRF settings for the device. easy-irf [ member member-id [ renumber new-member-id ] domain domain-id [ priority priority ] [ irf-port1 interface-list1 ] [ irf-port2 interface-list2 ] ] Make sure the new member ID is unique in the IRF fabric to which the device will be added.

29

Enabling IRF auto-merge About this task

When two IRF fabrics merge, you must reboot the member devices in the IRF fabric that fails in the master election. The auto-merge feature enables the IRF fabric to automatically reboot all its member devices to complete the merge.

If this feature is disabled, you must manually reboot the devices that failed the master election to complete the merge.


system-view

2. Enable IRF auto-merge. irf auto-merge enable

By default, this feature is enabled.

Configuring a member device description 1. Enter system view.

system-view 2. Configure a description for a member device.

irf member member-id description text By default, no member device description is configured.

Configuring the IRF bridge MAC address About this task

The bridge MAC address of a system must be unique on a switched LAN. IRF bridge MAC address identifies an IRF fabric by Layer 2 protocols (for example, LACP) on a switched LAN.

By default, an IRF fabric uses the bridge MAC address of the master as the IRF bridge MAC address. After the master leaves, the IRF bridge MAC address persists for a period of time or permanently depending on the IRF bridge MAC persistence setting. When the IRF bridge MAC persistence timer expires, the IRF fabric uses the bridge MAC address of the current master as the IRF bridge MAC address.

The following is how IRF handles the IRF bridge MAC address if IRF fabrics merge: • When IRF fabrics merge, IRF ignores the IRF bridge MAC address and checks the bridge MAC

address of each member device in the IRF fabrics. IRF merge fails if any two member devices have the same bridge MAC address.

• After IRF fabrics merge, the merged IRF fabric uses the bridge MAC address of the merging IRF fabric that won the master election as the IRF bridge MAC address.

Restrictions and guidelines

CAUTION: The bridge MAC address change causes transient traffic disruption.

When you configure IRF bridge MAC persistence, follow these restrictions and guidelines: • If the IRF fabric has multichassis aggregate links, do not use the undo irf mac-address

persistent command. Use of this command might cause traffic disruption.

30

Configuring IRF bridge MAC persistence 1. Enter system view.

system-view

2. Configure IRF bridge MAC persistence. Retain the bridge MAC address permanently even if the address owner has left the fabric.

irf mac-address persistent always

Retain the bridge MAC address for 6 minutes after the address owner leaves the fabric. irf mac-address persistent timer

Change the bridge MAC address as soon as the address owner leaves the fabric. undo irf mac-address persistent

By default, the IRF bridge MAC address remains unchanged for 6 minutes after the address owner leaves. The irf mac-address persistent timer command avoids unnecessary bridge MAC address changes caused by device reboot, transient link failure, or purposeful link disconnection.

Enabling software auto-update for software image synchronization About this task

The software auto-update feature automatically synchronizes the current software images of the master to devices that are attempting to join the IRF fabric.

To join an IRF fabric, a device must use the same software images as the master in the fabric.

When you add a device to the IRF fabric, software auto-update compares the startup software images of the device with the current software images of the IRF master. If the two sets of images are different, the device automatically performs the following operations: 1. Downloads the current software images of the master. 2. Sets the downloaded images as its main startup software images. 3. Reboots with the new software images to rejoin the IRF fabric.

You must manually update the new device with the software images running on the IRF fabric if software auto-update is disabled.

Restrictions and guidelines To ensure a successful software auto-update in a multi-user environment, prevent anyone from rebooting member devices during the auto-update process. To inform administrators of the auto-update status, configure the information center to output the status messages to configuration terminals (see Network Management and Monitoring Configuration Guide).

Make sure the device you are adding to the IRF fabric has sufficient storage space for the new software images.

If sufficient storage space is not available, the device automatically deletes the current software images. If the reclaimed space is still insufficient, the device cannot complete the auto-update. You must reboot the device, and then access the Bootware menu to delete files.


system-view

2. Enable software auto-update.

31

irf auto-update enable

By default, software auto-update is enabled.

Setting the IRF link down report delay About this task

To prevent frequent IRF splits and merges during link flapping, configure the IRF ports to delay reporting link down events.

An IRF port does not report a link down event to the IRF fabric immediately after its link changes from up to down. If the IRF link state is still down when the delay is reached, the port reports the change to the IRF fabric.

IRF ports do not delay link up events. They report the link up event immediately after the IRF link comes up.

Restrictions and guidelines Make sure the IRF link down report delay is shorter than the heartbeat or hello timeout settings of upper-layer protocols (for example, CFD and OSPF). If the report delay is longer than the timeout setting of a protocol, unnecessary recalculations might occur.

Set the delay to 0 seconds in the following situations: • The IRF fabric requires a fast master/subordinate or IRF link switchover. • The BFD or GR feature is used. • You want to shut down an IRF physical interface or reboot an IRF member device. (After you

complete the operation, reconfigure the delay depending on the network condition.)


system-view

2. Set the IRF link down report delay. irf link-delay interval By default, the IRF link down report delay is 0 milliseconds.

Removing an expansion interface card that has IRF physical interfaces

To remove an expansion interface card that provides IRF physical interfaces: 1. Perform one of the following tasks to eliminate temporary packet loss:

Remove cables from the IRF physical interfaces on the card. Shut down the IRF physical interfaces on the card by using the shutdown command.

2. Remove the card.

Replacing an expansion interface card that has IRF physical interfaces Replacing the old card with a different model replacement card

1. Shut down the IRF physical interfaces on the old card by using the shutdown command. 2. Remove the IRF port bindings that contain the physical interfaces.

32

3. Remove the old card, and then install the replacement card. 4. Verify that the replacement card has been correctly installed by using the display device

command. 5. Reconfigure the IRF port bindings, as described in "Binding physical interfaces to IRF ports." 6. Activate the IRF port settings by using the irf-port-configuration active command.

You can skip this step if the IRF port is in UP state when you add bindings.

Replacing the old card with the same model replacement card 1. Shut down the IRF physical interfaces on the old card by using the shutdown command. 2. Remove the old card, and then install the replacement card. 3. Verify that the replacement card has been correctly installed by using the display device

command. Bring up the physical interfaces by using the undo shutdown command after the interface card completes startup.

Display and maintenance commands for IRF Execute display commands in any view.

Task Command

Display information about all IRF members. display irf

Display the IRF fabric topology. display irf topology

Display IRF link information. display irf link

Display IRF configuration. display irf configuration

Display MAD configuration. display mad [ verbose ]

i

Contents

Configuring virtual machines ·········································································· 1

About virtual machine hosting ···························································································································· 1 Architecture ················································································································································ 1 Supported vNICs ········································································································································ 2 Communication mechanisms ····················································································································· 3

Restrictions: Hardware compatibility with VMs ·································································································· 7 VM configuration tasks at a glance ···················································································································· 7 Installing a VM···················································································································································· 8 Starting a VM ····················································································································································· 9 Resizing a VM ···················································································································································· 9

Adding a disk to a VM ································································································································ 9 Removing a disk or CD-ROM from a VM ································································································· 10 Adding a CD-ROM ··································································································································· 10 Specifying a boot order number for a disk or CD-ROM ··········································································· 11 Setting the physical NIC network mode for VMs ······················································································ 11 Adding an SR-IOV NIC to a VM ··············································································································· 12 Specifying a VLAN for a VF interface ······································································································· 12 Removing an SR-IOV NIC from a VM ······································································································ 13 Adding a vTap NIC to a VM ····················································································································· 13 Specifying a VLAN for a vTap NIC ··········································································································· 13 Removing a vTap NIC from a VM ············································································································ 14 Allocating CPU cores to the VM plane ····································································································· 14 Allocating vCPUs to a VM ························································································································ 15 Binding vCPUs to physical CPUs············································································································· 15 Setting the minimum amount of physical memory available for the Comware system ···························· 15 Allocating memory to a VM ······················································································································ 16

Maintaining a VM ············································································································································· 16 Configuring VNC parameters for remote VM login ··················································································· 16 Enabling VM auto-start ····························································································································· 17 Suspending a VM ····································································································································· 17 Resuming a suspended VM ····················································································································· 17 Stopping a VM ·········································································································································· 18 Backing up a VM ······································································································································ 18 Restoring a VM ········································································································································ 19 Exporting a VM ········································································································································· 19 Uninstalling a VM ····································································································································· 19

Display and maintenance commands for VMs ································································································· 20

1

Configuring virtual machines About virtual machine hosting

A virtual machine (VM) is a complete computer system running in an isolated environment with full hardware system functions simulated by software. A VM can provide the same services as a physical computer. When creating a VM, you need to assign part of the CPU, memory, and hard disk resources on the physical device that hosts the VM to the VM. Each VM can install an operating system like a physical computer for service processing.

The device can act as an ICT converged gateway that integrates IT and CT. It supports VM deployment through x86 virtualization technology to complete interaction of service data for enterprise users.

Architecture The device can host one or multiple VMs. The maximum number of hosted VMs on the device depends on the device's CPU and memory usage. The device can use Layer 2 broadcast and Layer 3 routing to communicate with a VM, as shown in Figure 1.

IMPORTANT: The dotted lines in the figure represent links virtualized by software. The virtual links only indicate the connection relationship. The solid lines represent physical links that actually exist inside the device.

Figure 1 MSR router architecture

As shown in Figure 1, the router architecture contains the following components: • VMs—Deployed as needed on the router to offer new applications or services. The operating

system of a VM is called the guest OS. • SR-IOV NIC—NIC built with single route input/output virtualization (SR-IOV) technology to

support hardware-based virtualization. VMs use the SR-IOV physical function (PF) to access

vSwitch

Switch

VM-Ethernet

LAN (inner)

Router VM1vTap VF

VMnvTap VF

SR-IOVNIC

WAN

LAN

WAN

LAN LAN LAN LANLAN

2

the I/O modules through the physical SR-IOV NIC at high performance as if through physical interfaces.

• VF—The SR-IOV technology virtualizes a physical function (PF) into multiple virtual functions (VFs). Typically, a physical NIC is a PF. VMs use the VFs virtualized from the PF as their virtual NICs. The Comware system supports a maximum of eight VFs numbered from 0 to 7. By default, the VFs do not belong to a VLAN.

• vTap—Software-based virtual NIC that connects a VM to the vSwitch. The device reserves eight MAC addresses for vTap NICs to use.

• VM-Ethernet—Virtual Layer 2 Ethernet interfaces on the virtual software switching system (vSwitch). The Comware system supports eight VM-Ethernet interfaces. By default, the interfaces belong to VLAN 1. The system randomly associates a VM-Ethernet interface with a vTap NIC.

• vSwitch—Virtual software switching system. The vSwitch provides Layer 2 VM-Ethernet interfaces for VM vTap NICs.

• Router—The routing system. • Switch—Switching system. • WAN—Layer 3 Ethernet ports. • LAN—Layer 2 Ethernet ports. By default, the ports belong to VLAN 1. • LAN (internal)—An internal Layer 2 Ethernet interface connected to the SR-IOV NIC. By

default, the link type of the interface is trunk.

Supported vNICs The VMs can use vTap and SR-IOV NICs for network connectivity.

vTap NIC A vTap NIC provides software-based forwarding. It is slower than an SR-IOV NIC. However, you do not need to install any driver for the vTap NICs. In addition, the vTap NICs can run on a low version operating system.

Use vTap NICs in scenarios where VMs do not process much service data.

SR-IOV NIC An SR-IOV NIC provides hardware-based forwarding. It forwards traffic at higher speeds than vTap NICs.

The system supports the following physical NIC network modes based on how a physical SR-IOV NIC is used: • Passthrough—The physical NIC is allocated to a VM exclusively. The VM uses the PF

interface of the physical NIC for communication. By default, the passthrough mode is used. • SR-IOV share—Multiple VMs share the physical NIC. The VMs use the VF interfaces of the

physical NIC for communication.

NOTE: To use SR-IOV NICs for VM connectivity, you must install an SR-IOV NIC driver in the guest OS of VMs. For this purpose, you must add a vTap NIC first and use the network service provided by the vTap NIC to download the SR-IOV NIC driver.

3

Communication mechanisms Communication scenarios

Table 1 Communication scenarios and used interfaces

Scenario Ports or interfaces

VM-VM traffic forwarding • Between vTap interfaces • Between a vTap interface and a PF or VF interface • Between PF or VF interfaces

VM-WAN traffic forwarding • Between a vTap interface and a WAN port • Between a PF or VF interface and a WAN port

VM-LAN traffic forwarding • Between a vTap interface and a LAN port • Between a PF or VF interface and a LAN port

VM-VM traffic forwarding Figure 2 illustrates the forwarding path for the traffic between the vTap interfaces of two VMs. The vSwitch is used to forward the traffic.

Figure 2 vTap-vTap traffic forwarding

Figure 3 illustrates the forwarding path for the traffic from a vTap interface on one VM to a VF interface on another VM. 1. The source vTap NIC forwards the traffic to the vSwitch. 2. The vSwitch forwards the traffic to the Switch module. 3. The Switch module forwards the traffic to the destination VF interface through the LAN (inner)

port.

The path of VF-to-vTap traffic forwarding is the reverse of the vTap-to-VF traffic forwarding path.

vSwitch

Switch

VM-Ethernet

LAN (inner)

Router VM1vTap VF

VMnvTap VF

SR-IOVNIC

WAN

LAN

WAN

LAN LAN LAN LANLAN

4

Figure 3 vTap-VF traffic forwarding

Figure 4 illustrates the forwarding path for the traffic between the VF interfaces of two VMs. The SR-IOV NIC forwards the traffic.

Figure 4 VF-VF traffic forwarding

VM-WAN traffic forwarding Figure 5 illustrates the forwarding path for the traffic from a vTap interface on a VM to a WAN port on the Router module. 1. The vTap interface forwards the traffic to the vSwitch. 2. The vSwitch forwards the traffic to the Router module. 3. The Router module forwards the traffic to the WAN port.

The path of WAN-to-vTap traffic forwarding is the reverse of the vTap-to-WAN traffic forwarding path.

vSwitch

Switch

VM-Ethernet

LAN (inner)

Router VM1vTap VF

VMnvTap VF

SR-IOVNIC

WAN

LAN

WAN

LAN LAN LAN LANLAN

vSwitch

Switch

VM-Ethernet

LAN (inner)

Router VM1vTap VF

VMnvTap VF

SR-IOVNIC

WAN

LAN

WAN

LAN LAN LAN LANLAN

5

Figure 5 vTap-WAN traffic forwarding

Figure 6 illustrates the forwarding path for the traffic from a VF interface on a VM to a WAN port on the device. 1. The SR-IOV NIC forwards the traffic to the Switch module through the LAN (inner) port. 2. The Switch module forwards the traffic to the Router module. 3. The Router module forwards the traffic to the WAN port.

The path of WAN-to-VF traffic forwarding is the reverse of the VF-to-WAN traffic forwarding path.

Figure 6 VF-WAN traffic forwarding

VM-LAN traffic forwarding Figure 7 illustrates the forwarding path for the traffic from a vTap interface on a VM to a LAN port on the device.

vSwitch

Switch

VM-Ethernet

LAN (inner)

Router VM1vTap VF

VMnvTap VF

SR-IOVNIC

WAN

LAN

WAN

LAN LAN LAN LANLAN

vSwitch

Switch

VM-Ethernet

LAN (inner)

Router VM1vTap VF

VMnvTap VF

SR-IOVNIC

WAN

LAN

WAN

LAN LAN LAN LANLAN

6

1. The vTap interface forwards the traffic to the vSwitch. 2. The vSwitch forwards the traffic to the Switch module. 3. The Switch module forwards the traffic to the LAN port.

The path of LAN-to-vTap traffic forwarding is the reverse of the vTap-to-LAN traffic forwarding path.

Figure 7 vTap-LAN traffic forwarding

Figure 8 illustrates the forwarding path for the traffic from a VF interface on a VM to a LAN port on the device. The SR-IOV NIC forwards the traffic to the Switch module. Then, the Switch module forwards the traffic to the LAN port.

The path of LAN-to-VF traffic forwarding is the reverse of the VF-to-LAN traffic forwarding path.

Figure 8 VF-LAN traffic forwarding

vSwitch

Switch

VM-Ethernet

LAN (inner)

Router VM1vTap VF

VMnvTap VF

SR-IOVNIC

WAN

LAN

WAN

LAN LAN LAN LANLAN

vSwitch

Switch

VM-Ethernet

LAN (inner)

Router VM1vTap VF

VMnvTap VF

SR-IOVNIC

WAN

LAN

WAN

LAN LAN LAN LANLAN

7

Restrictions: Hardware compatibility with VMs Only the following MSR routers support VMs: • MSR3610-I-DP. • MSR3610-I-XS. • MSR3610-IE-DP. • MSR3610-IE-XS. • MSR3610-IE-ES. • MSR3610-IE-EAD.

VM configuration tasks at a glance To configure and manage VMs, perform the following tasks: 1. Installing a VM 2. Starting a VM 3. Resizing a VM

Adding a disk to a VM Removing a disk or CD-ROM from a VM Adding a CD-ROM Specifying a boot order number for a disk Setting the physical NIC network mode for VMs Adding an SR-IOV NIC to a VM Specifying a VLAN for a VF interface Removing an SR-IOV NIC from a VM Adding a vTap NIC to a VM Specifying a VLAN for a vTap NIC Removing a vTap NIC from a VM Allocating CPU cores to the VM plane Allocating vCPUs to a VM Binding vCPUs to physical CPUs Setting the minimum amount of physical memory available for the Comware system Allocating memory to a VM

4. Maintaining a VM Configuring VNC parameters for remote VM login Enabling VM auto-start Suspending a VM Resuming a suspended VM Stopping a VM Backing up a VM Restoring a VM Exporting a VM Uninstalling a VM

8

Installing a VM About this task

The following VM installation methods are available on the device: • Install a VM by using a .pkg file—You can bulk-install VMs by using a .pkg VM file. A .pkg file

contains all files that make up a VM. All VMs created from a .pkg file have the same parameter settings as the source VM, including their guest OS, CPU, and memory settings. After a VM is installed, you can tune its settings as needed.

• Install a VM by manually specifying its parameters—You can install VMs by specifying VM parameters at the CLI of the device. Each VM has its own parameter settings, including the guest OS, CPU, and memory settings.

Restrictions and guidelines If you are using the VM to provide H3C vFW services, use the following guidelines when you specify memory for the VM: • If the vFW requires only one CPU core, allocate 2 GB of memory to the VM. • If the vFW requires two CPU cores, allocate 4 GB of memory to the VM. • If the vFW requires four CPU cores, allocate 8 GB of memory to the VM.

Prerequisites If you are installing a VM by manually specifying its parameters, use the create-disk command to create a disk for the VM as described in "Adding a disk to a VM."

If you are using a .pkg file to install a VM, export an existing .pkg file as described in "Exporting a VM." If a USB flash drive is used to store the .pkg file, make sure the file system format of the USB flash drive is EXT4.


system-view

2. Enter VMM view. vmm

3. Install a VM. Choose one of the following methods: Install a VM by using a local .pkg file.

install vm-pkg pkg-path Install a VM by using a .pkg file stored on a USB flash drive. First, insert the USB flash drive

into the device. Then, reboot the device. The VM is installed on the device after the reboot. Make sure the .pkg file is stored in the VmImages folder at the root directory of the USB flash drive. The folder name is case sensitive.

Install a VM based on the specified parameters. In passthrough mode: install vm-name vm-name vcpu vcpu-count memory size vncport vncport disk disk-file format { raw | qcow2 } disk-bus { ide | virtio } [ cdrom cdrom-file ] [ vnic { vtap [ mac mac-address ] [ vlan vlan-id ] | sriov pf pfid } ] In SR-IOV share mode: install vm-name vm-name vcpu vcpu-count memory size vncport vncport disk disk-file format { raw | qcow2 } disk-bus { ide | virtio } [ cdrom cdrom-file ] [ vnic { vtap [ mac mac-address ] [ vlan vlan-id ] | sriov pf pfid vf vfid [ vlan vlan-id ] } ]

9

Starting a VM About this task

For a VM to start successfully, you must make sure the system has sufficient memory. In addition to the memory for VMs, you must also make sure sufficient memory is available for the VM plane to run.

If system memory becomes insufficient while it is running, the system automatically stops the VM that uses the most memory.

Prerequisites Make sure the VM you want to start has been created on the device and the system has sufficient memory to start the VM.


system-view


3. Start a VM. start vm vm-name

Resizing a VM After you install a VM, you can resize the VM as needed by adding or removing its resources such as disks and memory.

Adding a disk to a VM About this task

Disks for VMs are in the form of disk files. You add a disk to a VM by associating the disk file with the VM.

A VM supports the following bus types of disks: • IDE—IDE disks and CD-ROMs share disk drive names hda, hdb, hdc, and hdd. The VM

randomly assigns a drive name to an IDE disk or CD-ROM. • Virtio—The drive names of virtio disks are vda, vdb, vdc, and vdd. The VM randomly assigns

a drive name to a virtio disk.

A VM supports a maximum of four disks for each bus type.

Restrictions and guidelines If you perform this task on a running VM, you must restart the VM for the configuration to take effect. If you perform this task on a stopped VM, the configuration takes effect after you start the VM.

After you add a disk to a VM, you must partition and format that disk on the VM before you can use it.

You can mount only one disk to a vFW VM.

When a VM is deployed, the VM automatically assigns a boot order number of 1 to its boot disk. To change the boot disk, you can perform the following operations: 1. (Optional.) Add a new disk to the VM. 2. Modify the boot order number of the original boot disk.

10

3. Assign the new boot disk a boot order number that has higher priority than that of the original boot disk.

For more information, see "Specifying a boot order number for a disk." To view the disk boot order, use the display vmdisklist command.


system-view


3. Create a VM disk. create-disk disk-file size size format { raw | qcow2 }

4. Add the disk to a VM. add disk vm vm-name format { raw | qcow2 } disk-file path-file disk-bus { ide | virtio }

Removing a disk or CD-ROM from a VM Restrictions and guidelines

If you perform this task on a running VM, you must restart the VM for the configuration to take effect. If you perform this task on a stopped VM, the configuration takes effect after you start the VM.

Removing a disk or CD-ROM from a VM does not delete the disk or delete the image files uploaded by the CD-ROM. To release storage space, you must use the delete command to manually delete the disk or the image files. For more information, see file system management in Fundamentals Configuration Guide.


system-view


3. Remove a disk or CD-ROM from a VM. delete disk vm vm-name target target

Adding a CD-ROM About this task

The device supports a maximum of four CD-ROMs. CD-ROMs can contain operating system image files or hardware driver image files.

The CD-ROMs and IDE disks share drive names hda, hdb, hdc, and hdd. When you add a CD-ROM or IDE disk to a VM, the VM randomly assigns a drive name to the CD-ROM or IDE disk.


Before using a newly added CD-ROM, specify a boot order number for it. CD-ROMs that contain operating system image files always have higher boot priority that those containing hardware driver image files. The same type of CD-ROMs boot according to the priority of their boot order numbers.

11

If you do not change the boot disk or uninstall the images of a CD-ROM after the CD-ROM is installed, the CD-ROM will no longer be used for booting.

When a VM is deployed, the VM automatically assigns a boot order number of 8 to the CD-ROM that contains the operating system image file. To replace the operating system images, perform the following operations: 1. Add a new CD-ROM that contains the new operating system image file. 2. Set the boot order of the new CD-ROM to take precedence over that of the original CD-ROM. 3. (Optional.) Add a new hard disk as the boot disk of the VM.

Alternatively, you can remove the CD-ROM that contains the current operating system image file and add the CD-ROM that contains the new operating system image file to the VM.

For more information about boot order configuration, see "Specifying a boot order number for a disk." To view the disk boot order, use the display vmdisklist command.


system-view


3. Add a CD-ROM. add cdrom vm vm-name cdrom-file cdrom-file

Specifying a boot order number for a disk or CD-ROM About this task

Perform this task to specify a boot order number for a disk or CD-ROM. The lower the number, the higher the boot priority.

Restrictions and guidelines To ensure that a VM can start, make sure no disk or CD-ROM has the same boot order number as the disk or CD-ROM used to boot the VM.



system-view


3. Specify a boot order number for a disk or CD-ROM. set bootorder vm vm-name target target order-number

Setting the physical NIC network mode for VMs Restrictions and guidelines

For the configuration to take effect, you must save the configuration and reboot the device.

To ensure that VMs can start up after the device reboots, make sure the NIC interfaces added to VMs are the interfaces required by the configured NIC network mode.

12


system-view

2. Set the VM network mode. vm network-mode { passthrough | sr-iov }

By default, the passthrough mode is used.

Adding an SR-IOV NIC to a VM About this task

Perform this task to allocate an SR-IOV NIC to a VM by specifying the MAC address of a PF or VF.

Restrictions and guidelines Make sure the NIC interfaces added to VMs are the interfaces required by the configured NIC network mode.

For an SR-IOV NIC to operate on a VM, you must install an SR-IOV NIC driver on the VM.



system-view


3. Add an SR-IOV NIC to a VM. Choose one of the following tasks: In passthrough mode, add a PF interface to a VM.

add sriov vm vm-name pf pfid

In SR-IOV share mode, add a VF interface to a VM. add sriov vm vm-name pf pfid vf vfid [ vlan vlan-id ]

Specifying a VLAN for a VF interface Restrictions and guidelines

This feature is supported only in SR-IOV share mode.


system-view


3. Specify a VLAN for a VF interface. set sriov pf pfid vf vfid vlan vlan-id

4. Remove a VF interface from its VLAN. undo set sriov pf pfid vf vfid vlan [ vlan-id ]

13

Removing an SR-IOV NIC from a VM About this task

Remove a PF or VF from a VM to remove an SR-IOV NIC from that VM.


Prerequisites Use the display vminterface command to obtain the ID of the PF or VF to be removed.


system-view


3. Remove an SR-IOV NIC from a VM. Choose one of the following tasks: In passthrough mode, remove a PF interface from a VM.

delete sriov vm vm-name pf pfid In SR-IOV share mode, remove a VF interface from a VM.

delete sriov vm vm-name pf pfid vf vfid

Adding a vTap NIC to a VM About this task

The Comware system has reserved eight MAC addresses for vTap NICs. When you add a vTap NIC to a VM, select a MAC address to uniquely identify it.

Restrictions and guidelines You can add a vTap NIC only to one VM. To display the MAC addresses of NICs that have been added to a VM, use the display vminterface command.



system-view


3. Add a vTap NIC to a VM. add vtap vm vm-name mac mac-address [ vlan vlan-id ]

Specifying a VLAN for a vTap NIC About this task

The device randomly associates a VM-Ethernet interface with a vTap NIC of a VM when that vTap NIC is added to the VM. To ensure VM mobility, the VLAN ID for the vTap NIC is saved in the XML

14

configuration file. When a VM starts, it uses the XML configuration file to assign the associated VM-Ethernet interface to the specified VLAN.

Prerequisites Use the display vminterface command to obtain the MAC address of the vTap NIC.


system-view


3. Specify a VLAN for the vTap NIC of a VM. set vtap vm vm-name mac mac-address vlan vlan-id

Removing a vTap NIC from a VM Restrictions and guidelines



system-view


3. Remove a vTap NIC from a VM. delete vtap vm vm-name mac mac-address

Allocating CPU cores to the VM plane About this task

Functionalities of the system are categorized into the control, data, and VM planes. The virtualization functions run on the VM plane.

By default, the control plane is allocated one physical CPU core, the data plane is allocated one physical CPU core, and the VM plane is allocated the remaining physical CPU cores.

To change the number of physical CPU cores assigned to the VM plane, perform this task.

Restrictions and guidelines For the configuration in this task to take effect, you must save the configuration and reboot the device.

After you modify the number of CPU cores allocated to the VM plane, you must reallocate vCPUs to VMs and bind vCPUs to physical CPUs. For the reallocation and binding to take effect on a VM, you must restart the VM.


system-view

2. Allocate physical CPU cores to the VM plane. set vcpu-pool vcpu-number

15

Allocating vCPUs to a VM Restrictions and guidelines

If you set the number of vCPUs allocated to a VM to 0, the VM will be inaccessible at the next startup. To access the VM, you must reallocate vCPUs to the VM.



system-view


3. Allocate vCPUs to a VM. set vcpu vm vm-name vcpu-count vcpu-count

Binding vCPUs to physical CPUs About this task

Perform this task to bind the vCPUs of a VM to physical CPUs on the device.

Restrictions and guidelines If you bind multiple vCPUs of a VM to only one physical CPU, the VM might fail to start up because of CPU resource conflict. As a best practice to ensure correct VM startup, bind the vCPUs to different physical CPUs.



system-view


3. Bind a vCPU on a VM to a physical CPU. set vcpupin vm vm-name vcpuindex vcpuindex cpuindex cpuindex

Setting the minimum amount of physical memory available for the Comware system Hardware and feature compatibility

This feature is supported only by the following routers: • MSR3610-I-DP. • MSR3610-I-XS. • MSR3610-IE-DP. • MSR3610-IE-XS.

16

Restrictions and guidelines Make sure the Comware system is allocated a minimum of 2 GB of physical memory. In addition, the amount of physical memory allocated to the Comware system cannot exceed (the total amount of physical memory on the device - 2) GB.

The amount of physical memory available for the Comware system equals the total amount of physical memory on the device minus the amount of physical memory occupied by all VMs. As a best practice to avoid memory conflicts, set the minimum amount of physical memory available for the Comware system to a proper value.

For the configuration to take effect, you must save the configuration and reboot the device.


system-view


3. Set the minimum amount of physical memory available for the Comware system. set comware-memory size

By device, a minimum of 3 GB of physical memory is available for the Comware system.

Allocating memory to a VM Restrictions and guidelines

To ensure that a VM can operate, make sure the VM is allocated a minimum of 512 MB of memory.



system-view


3. Allocate memory to a VM. set memory vm vm-name size size

Maintaining a VM Configuring VNC parameters for remote VM login About this task

To remotely access the desktop of a VM from a VNC viewer (or client), perform this task.

When the VM is running, you can access the VM desktop from a VNC viewer (or client) by using the VNC server IP address and VNC port number. The VNC server IP address is the IP address of a Layer 3 interface or a VLAN interface on the device.


17


system-view


3. Set the VNC port number of the VM. set vnc vm vm-name vncport vncport

4. Set the VNC login password of the VM. set vnc vm vm-name setpasswd password

5. Set the IP address for accessing the VM. set vnc vm vm-name listen ip-address

6. (Optional.) Delete the VNC login password on the VM. set vnc vm vm-name delpasswd

Enabling VM auto-start About VM auto-start

Perform this task to enable a VM to start up automatically when the device starts.


system-view


3. Enable VM auto-start. autostart vm vm-name

By default, VM auto-start is disabled.

Suspending a VM About this task

Perform this task to suspend a VM. The VM will then be placed in Paused state.


system-view


3. Suspend a VM. suspend vm vm-name

Resuming a suspended VM 1. Enter system view.

system-view

18


3. Resume a suspended VM. resume vm vm-name

Stopping a VM About this task

When the Comware system reboots, the system automatically attempts to stop all hosted VMs securely within 6 minutes. If VMs are operating incorrectly, it will take 6 minutes to stop each VM. If the system fails to stop a VM within 6 minutes, it will force that VM down.

Perform this task to manually stop a VM.

Restrictions and guidelines

CAUTION: A force stop might cause data loss. Do not force a VM down unless necessary.

If a VM fails to stop because of an abnormal process, access the VM, manually close the process, and retry the stop operation. If the stop operation still fails, force the VM down.

If the VM does not have an operating system, you must specify the force keyword to force it down.


system-view


3. Stop a VM. stop vm vm-name [ force ]

Backing up a VM About this task

Perform this task to back up a VM to a .vmb file in the specified path.

Restrictions and guidelines Make sure the file path is correct and the target storage medium has sufficient storage space.

If a USB flash drive is used to store the backup file, make sure the file system format of the USB flash drive is EXT4.

Prerequisites You must stop a VM by using the stop vm command before you can back up it.


system-view


3. Back up a VM.

19

backup vm vm-name backup-path

Restoring a VM About this task

Perform this task to restore a VM by using a .vmb backup file.


system-view


3. Restore a VM by using a .vmb backup file. restore pakagepath backup-image-path

Exporting a VM About this task

Perform this task to export a VM to a .pkg file in the specified path.

Restrictions and guidelines Make sure you have access permissions to the target path and the target path has sufficient storage space.

If the .pkg file is saved on a USB flash drive, make sure the file system format of the USB flash drive is EXT4.

Prerequisites You must stop a VM by using the stop vm command before you can export it.


system-view


3. Export a VM. export vm vm-name pkg-path

Uninstalling a VM Restrictions and guidelines

After you uninstall a VM, the hard disks allocated to the VM still retain the VM operating system image files and running data files. To release storage space, you must use the delete command to manually delete the hard disks. For more information about deleting hard disks, see file system management in Fundamentals Configuration Guide.

Prerequisites You must stop a VM by using the stop vm command before you can uninstall it.

20


system-view


3. Uninstall a VM. uninstall vm vm-name

Display and maintenance commands for VMs Execute display commands in any view.

Task Command Display the minimum amount of physical memory available for the Comware system.

display comware-memory size

Display physical NIC information in passthrough mode. display passthrough

Display physical NIC information in SR-IOV share mode. display sriov

Display the number of CPUs allocated to VMs. display vcpu-pool

Display the VNC port number of a VM. display vncport vm vm-name

Display detailed information about a VM.

display vm [ vm-name [ static-configuration ] ]

Display the physical NIC network mode. display vm-network-mode

Display the CPU usage of a VM. display vmcpu-usage vm vm-name

Display the bindings between vCPUs and physical CPUs for a VM. display vmcpupin [ vm vm-name ]

Display disk usage information about a VM. display vmdisk-usage vm vm-name

Display disk or CD-ROM information. display vmdisklist [ vm vm-name ]

Display network interface information about a VM. display vminterface [ vm vm-name ]

Display the VM list. display vmlist

Display the memory usage of a VM. display vmmem-usage vm vm-name

h3c msr 810 & 2600 & 3600 routers

Documents