思科IOS软件允许管理员将交换机上的多条物理链路(multiple physical links),结合成为一条单一的逻辑链路。这样做提供了一种负载分配以及链路冗余的理想方案,且可同时为二层及三层子系统所使用(provides an ideal solution for load sharing, as well as link redundancy, and can be used by both Layer 2 and Layer 3 subsystems)。
- 不同二层以太网通道的配置和验证,Configuring and verifying Layer 2 EtherChannels
本课对应了以下ICND2大纲要求。
- 不同以太网通道技术,EtherChannels
## 掌握各种以太网通道
**Understanding EtherChannels**
以太网通道是由一些物理的、单独的FastEthernet、GigabitEthernet或Ten-GigabitEthernet(10Gbps)链路绑定在一起,所构成的一条单一逻辑链路(links that are bundled together into a single logical link),如下面的图33.1所示。由FastEthernet链路所构成的以太网通道叫做FastEtherChannel(FEC);由GigabitEthernet链路所构成的通道被称为GigabitEtherChannel(GEC);最后,由Ten-GigabitEthernet链路所构成的以太网通道则被称为是Ten-GigabitEtherChannel(10GEC)。
*图33.1 -- 以太网通道的物理和逻辑视图*
**每个以太网通道最多可由8个端口构成。**以太网通道中的物理链路**必须有着相似特性**(physical links in an EtherChannel must share similar characteristics),诸如是定义在同一个VLAN中、或有着同样的速率以及双工设置。当在思科Catalyst交换机上配置以太网通道时,重要的是记住在不同Catalyst交换机型号之间,所支持的以太网通道数目会有所不同。
端口聚合协议(Port Aggregation Protocol, PAgP)是一个实现以太网通道自动建立的思科专有链路聚合协议(a Cisco proprietary link aggregation protocol that enables the automatic creation of EtherChannels)。默认下,PAgP数据包在可作为以太网通道的端口之间发送(PAgP packets are sent between EtherChannel-capable ports),就以太网通道的形成进行协商。这些数据包被发送到目的多播MAC地址`01-00-0C-CC-CC-CC`(the destination Multicast MAC address `01-00-0C-CC-CC-CC`),而该多播MAC地址也是CDP、UDLD、VTP以及DTP所用到同一多播地址。下图33.2显示了在线路上所见到的一个PAgP数据帧中所包含的字段。
**该`on`模式强制将某个端口无条件地置于某个通道当中。**该通道将只在另一个交换机端口连接上、且被配置为`on`模式时建立起来。在此模式开启后,就不会有该通道的协商被本地以太网通道协议所执行。也就是说,这样做将切实关闭以太网通道协商并强制该端口到该通道(when this mode is enabled, there is no negotiation of the channel performed by the local EtherChannel protocol. In other words, this effectively disables EtherChannel negotiation and forces the port to the channel)。该模式的运作与中继链路上的`switchport nonegatiate`类似。**而重要的是记住配置为`on`模式的交换机接口不会对PAgP数据包进行交换。**
自动模式(`auto` mode)是一种仅在该端口接收到一个PAgP数据包时,才与另一PAgP端口进行协商的PAgP端口模式。在此模式开启后,该(这些)端口绝不会发起PAgP通信,而会在与邻居交换机建立一个以太网通道之前,被动地侦听任何接收到的PAgP数据包(when this mode is enabled, the port(s) will never initiate PAgP communications but will instead listen passively for any received PAgP packets before creating an EtherChannel with the neighbouring switch)。
### 我要模式
**Desirable Mode**
我要模式(`desirable` mode)是一种导致某端口发起与另一PAgP端口就通道建立而进行PAgP协商的PAgP端口模式(desirable mode is a PAgP mode that causes the port to initiate PAgP negotiation for a channel with another PAgP port)。也就是说,在此模式下,该端口主动尝试与运行了PAgP的另一交换机建立一个以太网通道。
总的来说,要记住配置成`on`模式的交换机接口,不交换PAgP数据包,**但它们会与那些配置为`auto`或`desirable`模式的伙伴接口进行PAgP数据包的交换**(but they do exchange PAgP packets with partner interfaces configured in the auto or desirable modes)。表33.1展示了不同的PAgP组合及其在建立一个以太网通道时所使用的结果。
尽管PAgP允许以太网通道中的所有链路用于转发和接收用户流量,但应熟知一些关于在转发来自其它协议的流量时的限制。**DTP及CDP透过以太网通道中的所有物理接口发送和接收(协议)数据包。而PAgP仅在那些起来(`up`)并开启了`auto`或`desirable`模式的接口上发送并接收PAgP协议数据单元**(while PAgP allows for all links within the EtherChannel to be used to forward and receive user traffic, there are some restrictions that you should be familiar with regarding the forwarding of traffic from other protocols. DTP and CDP send and receive packets over all the physical interfaces in the EtherChannel. PAgP sends and receives PAgP Protocol Data Units only from interfaces that are up and have PAgP enabled for auto or desirable modes)。
在以太网通道捆绑(an EtherChannel bundle)被配置成一个中继端口时,该中继就在编号最低的VLAN上发送和接收PAgP数据帧。**生成树协议总是选择以太网通道捆绑中的第一个可运作端口**(when an EtherChannel bundle is configured as a trunk port, the trunk sends and receives PAgP frames on the lowest numbered VLAN. Spanning Tree Protocol(STP) always chooses the first operational port in an EtherChannel bundle)。命令`show pagp [channel number] neighbor`同样可用于验证将会用于STP数据包发送和接收的端口,确定出以太网通道捆绑中STP将使用的端口,如下面的输出所示。
```console
Switch-1#show pagp neighbor
Flags: S - Device is sending Slow hello. C - Device is in Consistent state.
A - Device is in Auto mode. P - Device learns on physical port.
当在以太网通道上配置诸如`Loop Guard`这样的附加STP特性时,非常重要的是记住就算该通道捆绑中的其它端口是可运作的,**在`Loop Guard`阻塞以太网通道捆绑的第一个端口时,就不会有BPDUs通过该通道得以发送了**。这是因为PAgP将强制令到作为以太网通道端口组中的所有端口在`Loop Guard`配置上一致(when configuring additional STP features such as Loop Guard on an EtherChannel, it is very important to remember that if Loop Guard blocks the first port, no BPDUs will be sent over the channel, even if other ports in the channel bundle are operational. This is because PAgP will enforce uniform Loop Guard configuration on all of the ports that are part of the EtherChannel group)。
> 接入交换机通过采用多机以太网通道(Multichassis EtherChannel, MEC)与VSS连接起来。而一个MEC就是一个对两台物理的Catalyst 6500交换机进行跨越而端接至一台逻辑虚拟交换机系统的以太网通道。增强的端口聚合协议(Enhanced PAgP, PAgP+)可用于允许Catalyst 6500交换机在其相互之间的以太网通道失效,导致两台交换机都假定其自身是活动角色(双活动), 从而切实影响到交换网络中流量转发时,经由MEC进行通信(an MEC is simply an EtherChannel that spans the two physical Catalyst 6500 switches but terminates to the single logical VSS. Enhanced PAgP(PAgP+) can be used to allow the Catalyst 6500 switches to communicate via the MEC in the event that the EtherChannel between them fails, which would result in both switches assuming the active role(dual active), effectively affecting forwarding of traffic within the switched network)。这在下面的图表中进行了演示。
链路聚合控制协议(Link Aggregation Control Protocol, LACP)是IEEE 802.3ad规格的组成部分,用于从多条物理链路建立起一条逻辑链路。因为LACP与PAgP是不兼容的,所以链路的两端需要运行LACP以令到以太网通道组自动形成(Because LACP and PAgP are incompatible, both ends of the link need to run LACP in order to automate the formation of EtherChannel groups)。
LACP通过在端口之间交换LACP数据包,实现对端口通道自动创建的支持。其对端口组别具备的各项能力进行动态学习,并通知给其它端口。而一旦LACP正确地识别出这些匹配的以太网链路,其就推进将这些链路编组为一个GigabitEthernet端口通道。与PAgP要求端口有着相同速率及双工设置不同,**LACP要求端口只能是全双工,因为半双工是不支持的**。某个LACP以太网通道中的那些半双工端口,被置为暂停状态(Half-duplex ports in an LACP EtherChannel are placed into the suspended state)。
默认情况下,一条链路上的所有入口广播及多播数据包在该端口通道的其它链路上的返回都被阻止(by default, all inbound Broadcast and Multicast packets on one link in a port channel are blocked from returning on any other link of the port channel)。LACP数据包被发送到IEEE 802.3慢速协议多播组地址(the IEEE 802.3 Slow Protocols Multicast group address)`01-80-C2-00-00-02`。LACP数据帧以EtherType数值0x8809进行编码。下图33.4演示了一个以太网数据帧中的这些字段。
LACP主动模式将一个交换机端口置为经由发送LACP数据包,对远端端口发起协商的主动协商状态(an active negotiating state in which the switch port initiates negotiations with remote ports by sending LACP packets)。主动模式与PAgP的`desirable`模式等价。也就是说,在此模式下,交换机端口主动尝试与另一台同样运行LACP的交换机建立以太网通道。
重要的是记住**主动和被动模式只在非PAgP接口上是有效的**(the active and passive modes are valid on non-PAgP interfaces only)。但是,如有着一个PAgP以太网通道,并打算将其转换到LACP,那么**思科IOS软件允许随时对协议进行改变**。而其间唯一的限制,就是此**改变导致全部现有以太网通道重置为新协议的默认通道模式**。下表33.2展示了不同的LACP组合及它们在两台交换机之间建立一个以太网通道中应用的结果。
*表 33.2 -- 使用不同LACP模式的以太网通道形成*
*Table 33.2 -- EtherChannel Formation Using Different LACP Modes*
对于PAgP及LACP以太网通道,Catalyst交换机使用到一种利用数据包头部的一些关键字段,生成一个随后匹配到以太网通道组中的某条物理链路的散列值的多态算法。也就是说,交换机通过将由帧中的地址所形成的二进制模式,减少到从以太网通道中多条链路选出一条的一个数值,从而实现流量负载在这些链路上的分配(a polymorphic algorithm that utilises key fields from the header of the packet to generate a hash, which is then matched to a physical link in an EtherChannel group. In other words, the switch distributes the traffic load across the links in an EtherChannel by reducing part of the binary pattern formed from the addresses in the frame to a numerical value that selects one of the links in the EtherChannel)。
此操作可在MAC地址或IP地址上完成,并可仅基于源或目的地址,或同时基于源或目的地址。尽管对以太网通道负载分配中所用到的该散列值的实际计算的深入探讨,是超出CCNA考试要求范围的,但知道管理员可以指定头部中的哪些字段,作为确定某个数据包的传输物理链路所用到的算法的输入,是重要的(while delving into detail on the actual computation of the hash used in EtherChannel load distribution is beyond the scope of the CCNA exam requirements, it is important to know that the adminitrator can define which fields in the header can be used as input to the algorithm used to determine the physical link transport to the packet)。
- 确保以太网通道中的所有接口都是开启的。在某些情况下,如这些接口没有开启,那么该逻辑端口通道接口(the logical port channel interface)就不会被自动创建。
- 在初次配置一个以太网通道组时,重要的是记住这些端口与所加入的第一个组端口参数集一致(when first configuring an EtherChannel group, it is important to remember that ports follow the parameters set for the first group port added)。
- 如有为某个以太网通道中的某个成员端口配置交换机端口分析器(Switch Port Analyzer, SPAN), 那么该端口将会从该以太网通道组中移除。
- 在开始通道配置之前,建议首先关闭所有成员接口(it is recommended to shut down all member interfaces prior to beginning channelling configuration)。
### 配置并验证二层以太网通道
**Configuring and Verifying Layer 2 EtherChannels**
该部分内容通过无条件地强制所选接口建立一个以太网通道,对二层以太网通道的配置进行了说明(this section describes the configuration of Layer 2 EtherChannels by unconditionally forcing the selected interfaces to establish an EtherChannel)。
1. 第一个配置步骤是通过全局配置命令`interface [name]`或`interface range [range]`,进入那些所需要的以太网通道接口的接口配置模式;
5. 下一配置步骤就是通过接口配置命令`channel-group [number] mode on`, 将这些接口配置为无条件中继(the next configuration step is to configure the interfaces to unconditionally trunk via the `channel-group [number] mode on` interface configration command)。
> **注意:** 注意到该交换机自动默认创建出`interface port-channel 1`(根据下面的输出)。**没有要配置该接口的显式用户配置**(notice that the switch automatically creates `interface port-channel 1` by default(refer to the output below). No explicit user configurtion is required to configure this interface)。
在上面的输出中,可以看到在通道组1(Channel Group 1)中有三条链路。接口FastEthernet0/1是默认端口;**该端口将用于发送比如的STP数据包**。如果该端口失效,FastEthernet0/2就将被指定为默认端口,如此延续(this port will be used to send STP pakcets, for example. If this port fails, FastEthernet0/2 will be designated as the default port, and so forth)。同时通过看看`Po1`后面的`SU`标志,还可以看到该端口组是一个活动的二层以太网通道。下面的输出现实了由`show EtherChannel detail`命令所打印出的信息。
```console
Switch-2#show EtherChannel detail
Channel-group listing:
----------------------
Group: 1
----------
Group state = L2
Ports: 3 Maxports = 8
Port-channels: 1 Max Port-channels = 1
Protocol: -
Ports in the group:
-------------------
Port: Fa0/1
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On/FEC Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Pol
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:20m:20s
Port: Fa0/2
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On/FEC Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Pol
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:21m:20s
Port: Fa0/3
------------
Port state = Up Mstr In-Bndl
Channel group = 1 Mode = On/FEC Gcchange = -
Port-channel = Po1 GC = - Pseudo port-channel = Pol
Port index = 0 Load = 0x00 Protocol = -
Age of the port in the current state: 0d:00h:21m:20s
Time since last port bundled: 0d:00h:21m:20s Fa0/3
```
在上面的输出中,可以看出这是一个带有通道组中最多8个可能端口中的三个的二层以太网通道。还可以看出,以太网通道模式是`on`, 这是基于由一条短横线所表示的协议字段看出的。此外,同样可以看出这是一个FastEtherChannel(FEC)(in the output above, you can see that this is a Layer 2 EtherChannel with three out of a maximum of eight possible ports in the channel group. You can also see that the EtherChannel mode is on, based on the protocol being denoted by a hash(-). In addition, you can also see that this is a FastEtherChannel(FEC))。
5. 作为可选项,通过执行接口配置命令`channel-protocol pagp`,将PAgP配置作为以太网通道协议(the EtherChannel protocol)。因为以太网通道默认是PAgP的,所以此命令被认为是可选的而无需输入。但执行该命令被看作是良好实践,因为可以令到配置绝对确定(it is considered good practice to issue this command just to be absolutely sure of your configuration)。
> **注意:** 在上面的输出中,选择了端口通道的`desirable`模式。可以在此命令(`channel-group 1 mode desirable`)之后加上一个额外关键字`[non-silent]`。这是因为,默认情况下,PAgP的`auto`模式默认是安静模式。当交换机被连接到一台不兼容PAgP的设备时,就用到安静模式,且绝不会传送数据包(an additional keyword, `[non-silent]`, may also be appended to the end of this command. This is because, by default, PAgP auto and desirable modes default to a silent mode. The silent mode is used when the switch is connected to a device that is not PAgP-capable and that seldom, if ever transmits packets)。一台安静相邻设备的例子(an example of a silent partner),就是一台文件服务器或未有生成流量的数据包分析器。而如果一台设备不会发出PAgP数据包(比如处于`auto`模式),也用到安静模式。
在此示例中,在一个连接到一台安静相邻设备的物理端口上运行PAgP阻止了那个交换机端口成为运作端口;但是,该安静设置允许PAgP运行,从而将该接口加入到一个通道组,同时利用该接口进行传输。在本例中,因为Switch 2将被配置为`auto`模式(被动模式), 该端口采用默认的安静模式运作,就是首先的了(In this case, running PAgP on a physical port connected to a silent partner prevents that switch port from ever becoming operational; however, the silent setting allows PAgP to operate, to attatch the interface to a channel group, and to use the interface for transmission. In this example, because Switch 2 will be configured for auto mode(passive mode), it is preferred that the port uses the default silent mode operation)。这在下面的PAgP以太网通道配置中进行了演示。
```console
Switch-1#conf t
Enter configuration commands, one per line. End with CNTL/Z.
5. 通过执行接口配置命令`channel-protocol lacp`, 将LACP配置作为以太网通道协议。因为以太网通道协议默认时PAgP,该命令被认为时LACP所强制的,同时也是所要求输入的(because EtherChannels default to PAgP, this command is considered mandatory for LACP and is required);
6. 下一配置步骤时通过接口配置命令`channel-group [number] mode`,将这些接口配置为无条件中继(the next configuration step is to configure the interfaces to unconditionally trunk via the `channel-group [number] mode` interface configuration command)。
默认LACP允许最多16个端口进入到一个端口通道组中(by default, LACP allows up to 16 ports to be entered into a port channel group)。前8个运作接口将为LACP所使用,而剩下的8个接口将被置为热备份状态。命令`show EtherChannel detail`显示出一个LACP以太网通道中所支持的链路最大数量,如下面的输出所示。
Flags: S - Device is sending Slow LACPDUs. F - Device is sending Fast
LACPDUs.
A - Device is in Active mode. P - Device is in Passive mode.
Channel group 1
LACP port Admin Oper Port Port
Port Flags State Priority Key Key Number State
Fa0/1 SA bndl 32768 0x1 0x1 0x0 0x3D
Fa0/2 SA bndl 32768 0x1 0x1 0x1 0x3D
Fa0/3 SA bndl 32768 0x1 0x1 0x2 0x3D
```
关键字`[neighbor]`打印出邻居名称、LACP邻居的ID、邻居的设备ID(MAC),以及邻居端口等信息。这些标志还表明邻居运行所处状态,以及其是否时一个物理学习设备(the flags also indicate the mode the neighbor is operating in, as well as whether it is a physical learner, for example)。下面的输出对此进行了演示。
```console
Switch-1#show lacp neighbor
Flags: S - Device is sending Slow LACPDUs. F - Device is sending Fast
LACPDUs.
A - Device is in Active mode. P - Device is in Passive mode.
Channel group 1 neighbors
Partner’s information
Partner Partner Partner
Port System ID Port Number Age Flags
Fa0/1 00001,0014.a9e5.d640 0x1 11s SP
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x1 0x3C
Partner’s information:
Partner Partner Partner
Port System ID Port Number Age Flags
Fa0/2 00001,0014.a9e5.d640 0x2 19s SP
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x1 0x3C
Partner’s information:
Partner Partner Partner
Port System ID Port Number Age Flags
Fa0/3 00001,0014.a9e5.d640 0x3 24s SP
LACP Partner Partner Partner
Port Priority Oper Key Port State
32768 0x1 0x3C
```
最后,关键字`[sys-id]`提供了本地交换机的系统ID(finally, the `[sys-id]` keyword provides the system ID of the local switch)。这是一个该交换机MAC地址和LACP优先级的结合体,如下面的输出所示。
```console
Switch-1#show lacp sys-id
1 ,000d.bd06.4100
```
## 第33天问题
1. What type of ports does a FastEtherChannel contain?
2. How many ports can a standard EtherChannel contain?
3. What are the two protocol options you have when configuring EtherChannels on a Cisco switch?
4. Which of the protocols mentioned above is Cisco proprietary?
5. PagP packets are sent to the destination Multicast MAC address `01-00-0C-CC-CC-CC`. True
or false?
6. What are the two port modes supported by PagP?
7. What are the two port modes supported by LACP?
8. If more than eight links are assigned to an EtherChannel bundle running LACP, the protocol uses the port priority to determine which ports are placed into a standby mode. True or false?
9. LACP automatically configures an administrative key value on each port configured to use LACP. The administrative key defines the ability of a port to aggregate with other ports. Only ports that have the same administrative key are allowed to be aggregated into the same port channel group. True or false?
10. What is the command used to assign a port to a channel group?
## 第33天答案
1. 100 Mbps ports.
2. Up to eight ports.
3. PagP and LACP.
4. PagP.
5. True.
6. Auto and desirable.
7. Active and passive.
8. True.
9. True.
10. The `channel-group [number] mode` command in Interface Configuration mode.
