更新 Lenovo TOR 交换机之后,请确保该交换机可以按照解决方案配置全功能运行。
除了将正在运行的交换机配置与更新交换机固件之前保存的备份配置文件进行比较之外,还可以通过建议的以下验证过程帮助确定:
已更新并设置为引导到交换机 NOS
vLAG ISL 完整且可以运行
已打开 BGP 连接并建立了会话
VRRP 主项和备用项已打开且正在转发
已打开所有链路并分配了 IP 地址
ACL 已准备就绪且计数器正在递增
执行以下任务以确保更新后的 TOR 交换机正常工作,再继续操作。在 HLH 上使用 PuTTY 连接到 TOR 交换机。在显示的 PuTTY 安全警报中选择
是。
图 1. PuTTY 安全警报
要验证是否已应用 Lenovo TOR 交换机 NOS 更新,请输入以下命令:
| 示例 |
|---|
Lenovo-TOR1#show version
Lenovo Networking Operating System (NOS) Software
Technical Assistance Center: http://www.lenovo.com
Copyright (C) Lenovo, 2016. All rights reserved.
Software:
Bootloader version: 10.8.1.0
System version: 10.8.1.0
System compile time: Jul 18 17:06:53 PDT 2018
Hardware:
NE2572 ("48x25GE + 6x100GE")
Intel(R) Celeron(R) CPU with 8192 MB of memory
Device name: Lenovo-TOR1
Boot Flash: 16 MB
Kernel uptime is 0 day(s), 0 hour(s), 6 minute(s), 46 second(s)
Last Reset Reason: Power Cycle
Lenovo-TOR1#
2019-01-09T23:18:00.924+00:00 Lenovo-TOR1(cnos:default) %VLAG-5-OS_MISMATCH: vLAG OS version mismatch,
local OS version is 10.8.x.x peer OS version is 10.6.x.x
2019-01-09T23:18:10.924+00:00 Lenovo-TOR1(cnos:default) %VLAG-5-OS_MISMATCH: vLAG OS version mismatch,
local OS version is 10.8.x.x peer OS version is 10.6.x.x
|
可能会定期显示参考信息,如上面的示例结尾所示,指示两个 TOR 交换机之间操作系统不匹配。这在此过程的这一阶段是正常现象。更新第二个 TOR 交换机之后,应该会不再显示这些消息。
要验证 TOR 交换机是否设置为引导至新固件映像(现在为活动映像),请输入以下命令:
| 示例 |
|---|
Lenovo-TOR1#show boot
Current ZTP State: Enable
Current FLASH software:
active image: version 10.8.1.0, downloaded 00:33:35 PST Thu Jan 10 2019
standby image: version 10.6.1.0, downloaded 18:24:35 PST Fri Jan 12 2018
Grub: version 10.8.1.0, downloaded 23:09:14 PST Wed Jan 9 2019
BIOS: version 020AB, release date 02/14/2018
Secure Boot: Enabled
ONIE: version unknown, downloaded unknown
Currently set to boot software active image
Current port mode:
Port Ethernet1/37 is set in 10G mode
Port Ethernet1/38 is set in 10G mode
Port Ethernet1/39 is set in 10G mode
Port Ethernet1/40 is set in 10G mode
Port Ethernet1/45 is set in 10G mode
Port Ethernet1/46 is set in 10G mode
Port Ethernet1/47 is set in 10G mode
Port Ethernet1/48 is set in 10G mode
Next boot port mode:
Port Ethernet1/37 is set in 10G mode
Port Ethernet1/38 is set in 10G mode
Port Ethernet1/39 is set in 10G mode
Port Ethernet1/40 is set in 10G mode
Port Ethernet1/45 is set in 10G mode
Port Ethernet1/46 is set in 10G mode
Port Ethernet1/47 is set in 10G mode
Port Ethernet1/48 is set in 10G mode
Currently scheduled reboot time: none
|
要验证是否已打开所有链路且是否分配了 IP 地址,请运行以下命令:
| show interface brief | include up |
| 示例 |
|---|
Lenovo-TOR1#show interface brief | include up
Ethernet1/1 7 eth trunk up none 25000 --
Ethernet1/2 7 eth trunk up none 25000 --
Ethernet1/3 7 eth trunk up none 25000 --
Ethernet1/4 7 eth trunk up none 25000 --
Ethernet1/40 -- eth routed up none 10000 --
Ethernet1/43 -- eth routed up none 25000 --
Ethernet1/44 -- eth routed up none 25000 --
Ethernet1/47 -- eth routed up none 10000 --
Ethernet1/48 -- eth routed up none 10000 --
Ethernet1/49 99 eth trunk up none 100000 101
Ethernet1/50 99 eth trunk up none 100000 101
po101 99 eth trunk up none 100000 lacp
mgmt0 management up 10.30.8.170 1000 1500
Vlan7 -- up --
Vlan107 -- up --
loopback0 up Loopback0_Rack1_TOR1
|
以太网接口 1/5 到 1/16 的状态取决于缩放单元中的节点数量。以上示例采自一个 4 节点 SXM4400 解决方案。
要验证 vLAG ISL 是否完整且可正常运行,请运行以下命令:
| 示例 |
|---|
Lenovo-TOR1#show vlag information
Global State: enabled
VRRP active/active mode: enabled
vLAG system MAC: 08:17:f4:c3:dd:63
ISL Information:
PCH Ifindex State Previous State
-------+-----------+-----------+---------------------------------
101 100101 Active Inactive
Mis-Match Information:
Local Peer
-------------+---------------------------+-----------------------
Match Result : Match Match
Tier ID : 100 100
System Type : NE2572 NE2572
OS Version : 10.8.x.x 10.8.x.x
Role Information:
Local Peer
-------------+---------------------------+-----------------------
Admin Role : Primary Secondary
Oper Role : Secondary Primary
Priority : 0 0
System MAC : a4:8c:db:bb:0b:01 a4:8c:db:bb:0c:01
Consistency Checking Information:
State : enabled
Strict Mode : disabled
Final Result : pass
|
要验证是否已打开 BGP 连接且是否建立了会话,请运行以下命令:
| 示例 |
|---|
Lenovo-TOR1#show ip bgp summary
BGP router identifier 10.30.8.152, local AS number 64675
BGP table version is 74
2 BGP AS-PATH entries
0 BGP community entries
8 Configured ebgp ECMP multipath: Currently set at 8
8 Configured ibgp ECMP multipath: Currently set at 8
Neighbor V AS MsgRcv MsgSen TblVer InQ OutQ Up/Down State/PfxRcd
10.30.8.146 4 64675 72 74 74 0 0 01:09:14 5
10.30.8.158 4 64675 74 74 74 0 0 01:09:15 33
10.30.8.162 4 64675 74 74 74 0 0 01:09:24 33
10.30.29.12 4 64719 235 215 74 0 0 01:09:17 25
10.30.29.13 4 64719 235 214 74 0 0 01:09:17 25
Total number of neighbors 5
Total number of Established sessions 5
|
请注意,上面的示例采自一个静态路由解决方案。使用动态路由的解决方案中也包括 Border 交换机的两个 BGP 会话,总共 7 个会话。
要验证 VRRP 主项和备用项是否已打开且正在转发,请在每个 TOR 交换机上运行以下命令:
| 示例 |
|---|
Lenovo-TOR1#show vrrp vlag
Flags: F - Forwarding enabled on Backup for vLAG
vLAG enabled, mode: vrrp active
Interface VR IpVer Pri Time Pre State VR IP addr
------------------------------------------------------------------
(F)Vlan7 7 IPV4 100 100 cs Y Backup 10.30.29.1
(F)Vlan107 107 IPV4 100 100 cs Y Backup 10.30.28.1
Lenovo-TOR2#show vrrp vlag
Flags: F - Forwarding enabled on Backup for vLAG
vLAG enabled, mode: vrrp active
Interface VR IpVer Pri Time Pre State VR IP addr
------------------------------------------------------------------
Vlan7 7 IPV4 100 100 cs Y Master 10.30.29.1
Vlan107 107 IPV4 100 100 cs Y Master 10.30.28.1
|
要验证 ACL 是否已准备就绪且计数器正在递增,请运行以下命令:
| show ip access-lists summaryshow ip access-lists |
| 示例 |
|---|
Lenovo-TOR-1#show ip access-lists summary
IPV4 ACL Rack01-CL01-SU01-Infra_IN
statistics enabled
Total ACEs Configured: 28
Configured on interfaces:
Vlan7 - ingress (Router ACL)
Active on interfaces:
Vlan7 - ingress (Router ACL)
Configured and active on VRFs:
IPV4 ACL Rack01-CL01-SU01-Infra_OUT
statistics enabled
Total ACEs Configured: 28
Configured on interfaces:
Vlan7 - egress (Router ACL)
Active on interfaces:
Vlan7 - egress (Router ACL)
Configured and active on VRFs:
IPV4 ACL Rack01-CL01-SU01-Stor_IN
statistics enabled
Total ACEs Configured: 6
Configured on interfaces:
Vlan107 - ingress (Router ACL)
Active on interfaces:
Vlan107 - ingress (Router ACL)
Configured and active on VRFs:
IPV4 ACL Rack01-CL01-SU01-Stor_OUT
statistics enabled
Total ACEs Configured: 6
Configured on interfaces:
Vlan107 - egress (Router ACL)
Active on interfaces:
Vlan107 - egress (Router ACL)
Configured and active on VRFs:
IPV4 ACL UPLINK_ROUTED_IN
statistics enabled
Total ACEs Configured: 4
Configured on interfaces:
Ethernet1/47 - ingress (Router ACL)
Ethernet1/48 - ingress (Router ACL)
Active on interfaces:
Ethernet1/47 - ingress (Router ACL)
Configured and active on VRFs:
IPV4 ACL copp-system-acl-authentication
Total ACEs Configured: 3
Configured on interfaces:
Active on interfaces:
Configured and active on VRFs:
IPV4 ACL copp-system-acl-bgp
Total ACEs Configured: 2
Configured on interfaces:
Active on interfaces:
Configured and active on VRFs:
...
|
| 示例 |
|---|
Lenovo-TOR-1#show ip access-lists
IP access list Rack01-CL01-SU01-Infra_IN
statistics per-entry
500 remark "Permit R01-C01-SU01-INF (10.20.25.0/24)_TO_R01-C01-SU01-INF
(10.20.25.0/24)"
510 permit any 10.20.25.0/24 10.20.25.0/24 [match=70214264]
520 remark "Permit R01-C01-SU01-INF (10.20.25.0/24)_TO_azs-hlh-dvm00 (10
.20.3.61/32)"
530 permit any 10.20.25.0/24 host 10.20.3.61 [match=11180]
540 remark "Permit R01-C01-SU01-INF (10.20.25.0/24)_TO_R01-C01-SU01-InVI
P (10.20.126.128/25)"
550 permit any 10.20.25.0/24 10.20.126.128/25
560 remark "Permit R01-C01-SU01-InVIP (10.20.126.128/25)_TO_R01-C01-SU01
-INF (10.20.25.0/24)"
570 permit any 10.20.126.128/25 10.20.25.0/24 [match=27814360]
580 remark "Permit R01-C01-SU01-INF (10.20.25.0/24)_TO_pub-adm-vip (10.2
0.23.0/27)"
590 permit any 10.20.25.0/24 10.20.23.0/27 [match=80158]
600 remark "Permit pub-adm-vip (10.20.23.0/27)_TO_R01-C01-SU01-INF (10.2
0.25.0/24)"
610 permit any 10.20.23.0/27 10.20.25.0/24 [match=76824]
620 remark "Permit 112 any (0.0.0.0/0)_to_Multicast (224.0.0.18/32)"
630 permit 112 any host 224.0.0.18 [match=62576]
640 remark "Permit UDP any_TO_any(BOOTP) port 67"
650 permit udp any any eq bootps [match=443]
...
|
在更新后的 Lenovo TOR 交换机中验证了基本系统融合之后,请按照以下步骤测试解决方案的连接:
使用 XClarity Administrator 浏览器界面的顶部菜单导航到。
单击界面顶部附近的测试连接按钮。
在主机字段中,输入 8.8.8.8,然后单击测试连接。
此时将显示“成功”窗口。单击关闭关闭此窗口。
作为额外的验证步骤,请登录 Azure Stack Hub 管理员门户。
查看 Azure Stack Hub 管理员门户,确保当前没有可见的警报。
图 2. 查看 Azure Stack Hub 管理员门户是否有警报
等待网络流量和可访问性完全融合且系统稳定。此外,还要检查 Azure Stack Hub 管理员门户,确保所有组件状态指示灯显示运行状况良好。解决方案稳定后,回到“更新 TOR 交换机上的 CNOS”主题,然后对另一台 TOR 交换机重复此过程。两个 TOR 交换机均已更新且验证了其功能和稳定性之后,继续进行 BMC 交换机更新。
图 3. 验证 TOR 交换机固件更新是否完成