Configuration Guide
IP Service Configuration
Snooping Table Synchronization Configuration
17 min
introduction introduction snooping entries include dhcp snooping entries, nd snooping entries, and user static binding entries, collectively referred to as snp entries these entries play a crucial role in performing security functions and mac detection in a typical clustered networking environment, leaf devices act as distributed gateways, connecting multiple aps mobile terminals may migrate between aps under different leaf devices to minimize migration time, snooping entries can be synchronized across all devices in the network consequently, after migration, there is no need to acquire ip addresses or relearn snooping entries; legitimate access to the network can be achieved through security authentication similarly, user statically configured binding entries can also be synchronized using the snp synchronization mechanism, reducing the need for redundant configuration across different devices explanation of principles explanation of principles a protocol interaction is established between leaf devices and spine devices to facilitate snp table synchronization typically, a more powerful spine device is chosen as the server for snp table synchronization, while the leaf devices act as clients when a client receives a dhcp ack message or an nd protocol's dad message, it learns new entries for the snp table and simultaneously sends update messages to the designated spine server the spine device then propagates these update messages to the remaining leaf devices within the network consequently, all devices within the network gain access to the updated snp table entries generally, interaction messages for table synchronization between devices are encapsulated using loopback addresses, ensuring that the loopback addresses between devices are reachable at the layer 3 within the network snp server configuration snp server configuration true 415,336 left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left unhandled content type left unhandled content type enabling snp table synchronization table synchronization enabling snp table synchronization table synchronization enable the snp table synchronization function on the device and specify the device attributes by default, the ipv4 address of the device's loopback0 interface is used as the source ip address for protocol interaction messages it's also possible to specify a specific interface ip as the source address note this ip address needs to be reachable via layer 3 routing from the neighbor ip and peer ip to ensure normal interaction of protocol messages true 350,305 05677525853287,143 94322474146713 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type configuring snp neighbor address configuring snp neighbor address the snp neighbor is another device with the snp server attribute it's important to note that this ip address should match the source ip address configured when enabling snp table synchronization on the neighbor device true 306,323 82045929018796,147 17954070981204 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type configuring snp peer address configuring snp peer address snp peer is a device with the attribute of being a client, typically a leaf device please note that this ip address should be consistent with the source ip address used when enabling snp table synchronization for the configured peer device true 294,275 80793319415454,196 19206680584546 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type snp client configuration snp client configuration in most cases, the leaf device directly connected to end user terminals is chosen as the client in the snp table synchronization process true 300,274 8141962421712,424 1858037578288 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type left #d8e5f5 unhandled content type display and maintenance display and maintenance true 336,211 85177453027143,204 14822546972857 left #4283c7 unhandled content type left #4283c7 unhandled content type left #4283c7 unhandled content type left unhandled content type left unhandled content type left unhandled content type configuration example configuration example network requirements network requirements terminals accessed by different devices belong to the same network segment, and the gateway information of terminals remains unchanged during migration, and ip addresses are not reassigned via dhcp it is required that snp table entries can be synchronized between devices, and the new device can still open the security function to check the legality of messages sent by terminals after migration procedure procedure leaf a configuration \# omit the interface and ip address configuration process \# establish bgp neighbors sonic(config)# router bgp 65200 sonic(config router)# bgp router id 10 15 1 1 sonic(config router)# no bgp ebgp requires policy sonic(config router)# neighbor peer v4 ebgp peer group sonic(config router)# neighbor 10 20 1 1 sonic(config router)# neighbor 10 20 1 1 bfd sonic(config router)# neighbor 10 20 1 1 description spinea sonic(config router)# neighbor 10 20 1 1 peer group peer v4 ebgp sonic(config router)# neighbor 10 20 1 2 sonic(config router)# neighbor 10 20 1 2 bfd sonic(config router)# neighbor 10 20 1 2 description spineb sonic(config router)# neighbor 10 20 1 2 peer group peer v4 ebgp sonic(config router)# address family ipv4 unicast \# declare the route aboute loopback0 address sonic(config router af)# network 30 11 0 85/32 sonic(config router af)# neighbor peer v4 ebgp activate \# configure snp entry synchronization sonic(config)# snp sync enable client 10 15 1 1 10 15 1 1 sonic(config)# snp sync neighbor 10 20 1 1 sonic(config)# snp sync neighbor 10 20 1 2 \# enable the dhcp relay and dhcp snooping functions sonic(config)# dhcp relay test v4 sonic(config dhcp relay test v4)# down link interface vlan 100 sonic(config dhcp relay test v4)# up link interface 5 sonic(config dhcp relay test v4)# server ip 192 168 0 10 sonic(config dhcp relay test v4)# loopback interface loopback 0 sonic(config dhcp relay test v4)# exit sonic(config)# dhcp snooping enable sonic(config)# interface vlan 100 sonic(config vlanif 100)# dhcp snooping enable \# configure the interface to which the dhcp server is connected as a trusted port sonic(config)# interface ethernet 5 sonic(config if 5)# dhcp snooping enable sonic(config if 5)# dhcp snooping trusted leaf b and leaf a are similar in configuration spine a configuration \# omit the interface and ip address configuration process \# establish bgp neighbors sonic(config)# router bgp 65100 sonic(config router)# bgp router id 10 20 1 1 sonic(config router)# no bgp ebgp requires policy sonic(config router)# neighbor peer v4 ebgp peer group sonic(config router)# neighbor 10 15 1 1 sonic(config router)# neighbor 10 15 1 1 bfd sonic(config router)# neighbor 10 15 1 1 description leafa sonic(config router)# neighbor 10 15 1 1 peer group peer v4 ebgp sonic(config router)# neighbor 10 15 1 2 sonic(config router)# neighbor 10 15 1 2 bfd sonic(config router)# neighbor 10 15 1 2 description leafb sonic(config router)# neighbor 10 15 1 2 peer group peer v4 ebgp sonic(config router)# address family ipv4 unicast \# declare the route aboute loopback0 address sonic(config router af)# network 10 20 1 1/32 sonic(config router af)# neighbor peer v4 ebgp activate \# configure snp entry synchronization sonic(config)# snp sync enable server 10 20 1 1 10 20 1 1 sonic(config)# snp sync peer 10 20 1 2 sonic(config)# snp sync neighbor 10 10 1 1 sonic(config)# snp sync neighbor 10 10 1 2 verify configuration verify configuration view the snp entry synchronization status of the leaf device sonic# show snooping status switch id 10 15 1 1 source ip address 10 15 1 1 coherent status yes sequence number 10526 device mode client neighbors status summary switch id active sequence number connect active number \ neighbors 10 20 1 1 yes 10526 2 10 20 1 2 yes 10526 2 total number of snooping table 2 view the snp entry synchronization status of the spine device sonic# show snooping status switch id 10 20 1 1 source ip address 10 20 1 1 coherent status yes sequence number 10526 connect active number 2 device mode server neighbors and peers status summary switch id active sequence number connect active number \ peers 10 20 1 2 yes 10526 2 \ neighbors 10 15 1 1 yes 10526 1 10 15 1 2 yes 10526 1
