Skip to main content

Cluster Configuration of Campus Network on CX-M Asterfusion Enterprise SONiC Switch

1 Purpose

This article mainly introduces the campus network cluster configuration of CX-M series Asterfusion enterprise SONiC switches. By reading this article, users can quickly master the cluster configuration and go online of a typical campus network. The cluster configuration method summarizes the common configurations of the campus network, encapsulates and synchronizes some repeated configurations, and simplifies the entire network configuration, thereby making the entire network configuration more concise.

2 Model and Version

Model:
CX-M series switches
Version:
AsterNOSv5.2.8

3 Cluster configuration instructions

3.1 Cluster introduction

This article uses typical Spine and Leaf architectures and full three-layer networking to build a campus network equipment cluster. In the cluster configuration, communication between cluster devices is completed by specifying the device interconnection port ID, the device’s member ID in the cluster, and the device Loopback interface ID. Realize the interoperability between Leaf and Spine devices at the control level. After completing the cluster configuration, configurations other than unique interface IP address configurations on devices with the same attributes can be synchronized to other devices of the same type. This simplifies the configuration of the entire network and brings the entire network online quickly.

3.2 Enable cluster configuration

configure terminal # Enter system configuration view
cluster # Enter the cluster configuration view
enable #Enable cluster function

Example:
CX204# configure terminal
CX204(config)# cluster
CX204(config-cluster)# enable

3.3 Configure cluster member ID and shared key

configure terminal # Enter system configuration view
cluster # Enter the cluster configuration view
member ID #Configure the member ID of the device in the cluster
security-key {key-value|auto-generate} #Configure a shared key between devices

Example:
CX204# configure terminal
CX204(config)# cluster
CX204(config-cluster)# member 3
CX204(config-cluster)# security-key 12345abcdecampus_1t

3.4 Configure neighbor relationships between cluster devices

configure terminal # Enter system configuration view
cluster # Enter the cluster configuration view
peer ip address ip-address # Configure the neighbor relationship between cluster switches
upstream ip address ip-address# Configure the IP address for upstream traffic
downstream ip address ip-address # Configure the IP address for downstream traffic

Example:
CX204# configure terminal
CX204(config)# router-type leaf
CX204(config)# cluster
CX204(config-cluster)# peer ip address 10.0.10.2

Example:
CX204# configure terminal
CX204(config)# router-type spine
CX204(config)# cluster
CX204(config-cluster)# upstream ip address 10.0.10.10 remote-as 65100
CX204(config-cluster)# downstream ip address 192.168.10.2

3.5 Configure route aggregation

configure terminal # Enter system configuration view
cluster # Enter the cluster configuration view
aggregate-address a.b.c.d/M #Configure route aggregation network segment.

Example:
CX204# configure terminal
CX204 (config)# cluster
CX204 (config-cluster)# aggregate-address 192.168.10.2/24

3.6 Cluster configuration sync

configure terminal # Enter system configuration view
cluster # Enter the cluster configuration view
sync #Sync configure

Example:
CX204# configure terminal
CX204 (config)# cluster
CX204 (config-cluster)# sync

4 Cluster configuration case

4.1 Requirements

A customer needs to build a campus network, use VLAN to divide services into internal employee network, guest network and AP management network, isolate the Layer 2 broadcast domain, enable ARP proxy and ARP-To-Host functions, and announce host routes through routing protocols. Realize three-layer traffic interoperability. Wireless terminals need to achieve seamless roaming, routing to support high reliability and rapid fault convergence. Wireless terminals can access the network after passing AP authentication, and enable IPSG and DAI security features to prevent users from setting IP addresses privately.

4.2 Topology

cluster-configuration-campus-network-1

4.3 IP address planning

DeviceTypeValueNote
Leaf 1Ethernet4910.10.1.1/24
Leaf 1Ethernet5010.20.1.1/24
Leaf 1Loopback0192.168.50.11/32
Leaf 2Ethernet4910.10.2.1/24
Leaf 2Ethernet5010.20.2.1/24
Leaf 2Loopback0192.168.50.12/32
Spine 1Ethernet110.10.1.2/24
Spine 1Ethernet210.10.2.2/24
Spine 1Ethernet4910.30.1.2/24
Spine 1Loopback0192.168.50.15/32
Spine 2Ethernet110.20.1.2/24
Spine 2Ethernet210.20.2.2/24
Spine 2Ethernet4910.40.1.2/24
Spine 2Loopback0192.168.50.16/32
DHCP ServerEth0192.168.0.10
Vlan100192.168.10.1/24
Vlan200192.168.20.1/24
Vlan300192.168.30.1/24

4.4 Configure step

Step 1 Configure each switch interface address and device type

Leaf1

Leaf1# configure terminal
Leaf1(config)# router-type leaf
Leaf1(config)# interface ethernet 49
Leaf1(config-if-49)# ip address 10.10.1.1/24
Leaf1(config)# interface ethernet 50
Leaf1(config-if-50)# ip address 10.20.1.1/24
Leaf1(config)# interface loopback 0
Leaf1(config-loif-0)# ip address 192.168.50.11/32

Leaf2

Leaf2# configure terminal
Leaf2(config)# router-type leaf
Leaf2(config)# interface ethernet 49
Leaf2(config-if-49)# ip address 10.10.2.1/24
Leaf2(config)# interface ethernet 50
Leaf2(config-if-50)# ip address 10.20.2.1/24
Leaf2(config)# interface loopback 0
Leaf2(config-loif-0)# ip address 192.168.50.12/32

Spine1

Spine1# configure terminal
Spine1(config)# router-type spine
Spine1(config)# interface ethernet 1
Spine1(config-if-1)# ip address 10.10.1.2/24
Spine1(config)# interface ethernet 2
Spine1(config-if-2)# ip address 10.10.2.2/24
Spine1(config)# interface ethernet 49
Spine1(config-if-49)# ip address 10.30.1.2/24
Spine1(config)# interface loopback 0
Spine1(config-loif-0)# ip address 192.168.50.15/32

Spine2

Spine2# configure terminal
Spine2(config)# router-type spine
Spine2(config)# interface ethernet 1
Spine2(config-if-1)# ip address 10.20.1.2/24
Spine2(config)# interface ethernet 2
Spine2(config-if-2)# ip address 10.20.2.2/24
Spine2(config)# interface ethernet 49
Spine2(config-if-49)# ip address 10.40.1.2/24
Spine2(config)# interface loopback 0
Spine2(config-loif-0)# ip address 192.168.50.16/32

Step 2 Configure the cluster function of each device

Leaf1

Leaf1(config)# cluster
Leaf1(config-cluster)# peer ip 10.10.1.2
Leaf1(config-cluster)# peer ip 10.20.1.2
Leaf1(config-cluster)# member 1
Leaf1(config-cluster)# security-key campusnetwork-t11
Leaf1(config-cluster)# ports ethernet 49,50
Leaf1(config-cluster)# exit

Leaf2

Leaf2(config)# cluster
Leaf2(config-cluster)# peer ip 10.10.2.2
Leaf2(config-cluster)# peer ip 10.20.2.2
Leaf2(config-cluster)# member 2
Leaf2(config-cluster)# security-key campusnetwork-t11
Leaf2(config-cluster)# ports ethernet 49,50
Leaf2(config-cluster)# exit

Spine1

Spine1(config)# cluster
Spine1(config-cluster)# member 3
Spine1(config-cluster)# security-key campusnetwork-t11
Spine1(config-cluster)# ports ethernet 1,2
Spine1(config-cluster)# upstream ip address 10.30.1.1 remote-as 10200
Spine1(config-cluster)# downstream ip address 10.10.1.1
Spine1(config-cluster)# downstream ip address 10.10.2.1
Spine1(config-cluster)# aggregate-address 192.168.10.0/24
Spine1(config-cluster)# aggregate-address 192.168.20.0/24
Spine1(config-cluster)# aggregate-address 192.168.30.0/24
Spine1(config-cluster)# exit

Spine2

Spine2(config)# cluster
Spine2(config-cluster)# member 4
Spine2(config-cluster)# security-key campusnetwork-t11
Spine2(config-cluster)# ports ethernet 1,2
Spine2(config-cluster)# upstream ip address 10.40.1.1 remote-as 10200
Spine2(config-cluster)# downstream ip address 10.20.1.1
Spine2(config-cluster)# downstream ip address 10.20.2.1
Spine2(config-cluster)# aggregate-address 192.168.10.0/24
Spine2(config-cluster)# aggregate-address 192.168.20.0/24
Spine2(config-cluster)# aggregate-address 192.168.30.0/24
Spine2(config-cluster)# exit

Step 3 Configure vlan related functions on Leaf1 device

Leaf1(config)# vlan 100
Leaf1(config-vlan-100)# broadcast drop
Leaf1(config-vlan-100)# exit
Leaf1(config)# vlan 200
Leaf1(config-vlan-200)# broadcast drop
Leaf1(config-vlan-200)# exit
Leaf1(config)# vlan 300
Leaf1(config-vlan-300)# broadcast drop
Leaf1(config-vlan-300)# exit
Leaf1(config)# port-group ethernet 1-48
Leaf1(config-port-group-1-48)# switchport access vlan 300
Leaf1(config-port-group-1-48)# switchport trunk vlan 100
Leaf1(config-port-group-1-48)# switchport trunk vlan 200
Leaf1(config)# interface vlan 100
Leaf1(config-vlanif-100)# mac-address 00:00:00:11:01:00
Leaf1(config-vlanif-100)# ip address 192.168.10.1/24
Leaf1(config-vlanif-100)# arp-proxy mode anycast_gw
Leaf1(config)# interface vlan 200
Leaf1(config-vlanif-200)# mac-address 00:00:00:11:02:00
Leaf1(config-vlanif-200)# ip address 192.168.20.1/24
Leaf1(config-vlanif-200)# arp-proxy mode anycast_gw
Leaf1(config)# interface vlan 300
Leaf1(config-vlanif-300)# mac-address 00:00:00:11:03:00
Leaf1(config-vlanif-300)# ip address 192.168.30.1/24
Leaf1(config-vlanif-300)# arp-proxy mode anycast_gw

Step 4 Configure DHCP Relay related functions on Leaf1 device

Leaf1(config)# dhcp-relay campus v4
Leaf1(config-dhcp-relay-campus__v4)# down_link interface vlan 100
Leaf1(config-dhcp-relay-campus__v4)# down_link interface vlan 200
Leaf1(config-dhcp-relay-campus__v4)# down_link interface vlan 300
Leaf1(config-dhcp-relay-campus__v4)# loopback_interface loopback 0
Leaf1(config-dhcp-relay-campus__v4)# server_ip 192.168.0.10
Leaf1(config-dhcp-relay-campus__v4)# up_link interface ethernet 49
Leaf1(config-dhcp-relay-campus__v4)# up_link interface ethernet 50

Step 5 Configure DHCP Snooping related functions on Leaf1 device

Leaf1(config)# dhcp snooping enable v4
Leaf1(config)# interface ethernet 49
Leaf1(config-if-49)# dhcp-snooping enable
Leaf1(config-if-49)# dhcp-snooping trusted
Leaf1(config)# interface ethernet 50
Leaf1(config-if-50)# dhcp-snooping enable
Leaf1(config-if-50)# dhcp-snooping trusted
Leaf1(config)# vlan 100
Leaf1(config-vlan-100)# dhcp-snooping enable
Leaf1(config)# vlan 200
Leaf1(config-vlan-200)# dhcp-snooping enable
Leaf1(config)# vlan 300
Leaf1(config-vlan-300)# dhcp-snooping enable

Step 6 Configure security functions on Leaf1 device

Leaf1(config)# vlan 100
Leaf1(config-vlan-100)# arp anti-attack-check enable
Leaf1(config-vlan-100)# ipv4-source-check enable
Leaf1(config)# vlan 200
Leaf1(config-vlan-200)# arp anti-attack-check enable
Leaf1(config-vlan-200)# ipv4-source-check enable
Leaf1(config)# vlan 300
Leaf1(config-vlan-300)# arp anti-attack-check enable
Leaf1(config-vlan-300)# ipv4-source-check enable

Step 7 Configure other functions on Leaf1 device

Leaf1(config)# port-group ethernet 1-48
Leaf1(config-port-group-1-48)# poe enable
Leaf1(config)# arp-to-host convert enable default
Leaf1(config)# arp-to-host policy vlan 100 permit
Leaf1(config)# arp-to-host policy vlan 200 permit
Leaf1(config)# arp-to-host policy vlan 300 permit
Leaf1(config)# vlan 100
Leaf1(config-vlan-100)# mac-trigger enable
Leaf1(config)# vlan 200
Leaf1(config-vlan-200)# mac-trigger enable
Leaf1(config)# ha-route failover enable
Leaf1(config)# ha-route fast-migration enable
Leaf1(config)# snp-sync enable client
Leaf1(config)# snp-sync neighbor 192.168.50.15
Leaf1(config)# snp-sync neighbor 192.168.50.16

Step 8 Configure spine device DHCP snooping table entry synchronization

Spine1

Spine1(config)# snp-sync enable server
Spine1(config)# snp-sync peer 192.168.50.16
Spine1(config)# snp-sync neighbor 192.168.50.11
Spine1(config)# snp-sync neighbor 192.168.50.12

Spine2

Spine2(config)# snp-sync enable server
Spine2(config)# snp-sync peer 192.168.50.15
Spine2(config)# snp-sync neighbor 192.168.50.11
Spine2(config)# snp-sync neighbor 192.168.50.12

Step 9 Configure the spine1 device fault fast convergence function

Spine1

Spine1(config)# ha-route failover enable

Step 10 Sync configuration

Execute the synchronization command on Leaf1 and synchronize it to other Leaf devices.

Leaf1(config)# cluster
Leaf1(config-cluster)# sync

Execute the synchronization command on Spine1 and synchronize it to other Spine devices.

Spine1(config)# cluster
Spine1(config-cluster)# sync

4.5 Verify network configuration

  1. The wireless terminal is online and can be assigned an IP address and access the network normally.
  2. After disconnecting the link between Leaf1 and Spine1, the terminal under Leaf1 can still access the external network normally without the user noticing.
  3. When Spine1 is powered off, the terminal under Leaf1 can still access the external network normally without the user noticing.
  4. Manually set the IP address of the terminal device linked on leaf1 to 192.168.20.80, and found that the terminal cannot access the network.

CX-N series switches
CX-M series switches

If you have more technical questions, feel free to propose a ticket on our  https://help.cloudswit.ch/portal/en/signin