VRRP
一.认识VRRP
1.1、VRRP的定义
VRRP:虚拟路由冗余协议(Virtual Router Redundancy Protocol,简称VRRP)是由IETF提出的解决局域网中配置静态网关出现单点失效现象的路由协议,1998年已推出正式的RFC2338协议标准。VRRP广泛应用在边缘网络中,它的设计目标是支持特定情况下IP数据流量失败转移不会引起混乱,允许主机使用单路由器,以及即使在实际第一跳路由器使用失败的情形下仍能够维护路由器间的连通性。
1.2、VRRP的作用
出口网关的备份,保证出口网关的高可用性。
1.3、VRRP的好处
1.主路由器失效后,备份路由器立即顶替路由器的工作,保证数据不丢失。
2.两个不同的路由器成为不同组的主路由器,相互备份。
3.跟踪上行链路接口状态,当上行链路接口失效时,自动备份路由提示为主路由器,保证数据不丢失。
1.4、VRRP的工作原理
通过在冗余网关间共享虚拟MAC和IP地址,保证数据转发时并不是转给某一个具体网关的IP,而是把数据转发给虚拟网关的IP,因此,不论哪一个路由器成为主路由,都不会影响数据通信。通过组播协议对数据端口进行监控,一旦检测数据转发的端口坏掉,主路由器会停发HELLO包,备路由器提升为主路由,实现数据的稳定高效转发。
注:VRRP是一种选择协议,它可以把一个虚拟路由器的责任动态分配到局域网上的 VRRP 路由器中的一台。控制虚拟路由器 IP 地址的 VRRP 路由器称为主路由器,它负责转发数据包到这些虚拟 IP 地址。一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的 IP 地址可以作为终端主机的默认第一跳路由器。是一种LAN接入设备备份协议。一个局域网络内的所有主机都设置缺省网关,这样主机发出的目的地址不在本网段的报文将被通过缺省网关发往三层交换机,从而实现了主机和外部网络的通信。
VRRP是一种路由容错协议,也可以叫做备份路由协议。一个局域网络内的所有主机都设置缺省路由,当网内主机发出的目的地址不在本网段时,报文将被通过缺省路由发往外部路由器,从而实现了主机与外部网络的通信。当缺省路由器down掉(即端口关闭)之后,内部主机将无法与外部通信,如果路由器设置了VRRP时,那么这时,虚拟路由将启用备份路由器,从而实现全网通信。
在VRRP协议中,有两组重要的概念:VRRP路由器和虚拟路由器,主控路由器和备份路由器。VRRP路由器是指运行VRRP的路由器,是物理实体;虚拟路由器是指VRRP协议创建的,是逻辑概念。一组VRRP路由器协同工作,共同构成一台虚拟路由器。该虚拟路由器对外表现为一个具有唯一固定的IP地址和MAC地址的逻辑路由器。处于同一个VRRP组中的路由器具有两种互斥的角色:主控路由器和备份路由器,一个VRRP组中有且只有一台处于主控角色的路由器,可以有一个或者多个处于备份角色的路由器VRRP协议从路由器组中选出一台作为主控路由器,负责ARP解析和转发IP数据包,组中的其他路由器作为备份的角色并处于待命状态,当由于某种原因主控路由器发生故障时,其中的一台备份路由器能在瞬间的时延后升级为主控路由器,由于此切换非常迅速而且不用改变IP地址和MAC地址,故对终端使用者系统是透明的。
二.项目测试目的(VRRP)
1.掌握查看VRRP主路由器和备份路由器状态的方法
2.掌握VRRP虚拟路由器的配置
3.理解VRRP的应用场景
4.掌握修改VRRP优先级的方法
三.VRRP配置
3.1、项目拓扑图
3.2、PC1和PC2设置
3.3、二层交换机LSW1设置
<Huawei>
<Huawei>undo ter
<Huawei>undo terminal mo
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname LS1
[LS1]user-int
[LS1]user-interface co
[LS1]user-interface console 0
[LS1-ui-console0]idle-time
[LS1-ui-console0]idle-timeout 0 0
[LS1-ui-console0]q
[LS1]vlan bat 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[LS1]int e0/0/1
[LS1-Ethernet0/0/1]port-ty
[LS1-Ethernet0/0/1]port link-ty
[LS1-Ethernet0/0/1]port link-type access
[LS1-Ethernet0/0/1]port de
[LS1-Ethernet0/0/1]port default vlan 10
[LS1-Ethernet0/0/1]int e0/0/2
[LS1-Ethernet0/0/2]port lin
[LS1-Ethernet0/0/2]port link-type access
[LS1-Ethernet0/0/2]port de
[LS1-Ethernet0/0/2]port default vlan 20
[LS1-Ethernet0/0/2]q
[LS1]int g0/0/1
[LS1-GigabitEthernet0/0/1]port l
[LS1-GigabitEthernet0/0/1]port link-type trunk
[LS1-GigabitEthernet0/0/1]port t
[LS1-GigabitEthernet0/0/1]port trunk allow
[LS1-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[LS1-GigabitEthernet0/0/1]int g0/0/2
[LS1-GigabitEthernet0/0/2]port li
[LS1-GigabitEthernet0/0/2]port link-type trunk
[LS1-GigabitEthernet0/0/2]port tr
[LS1-GigabitEthernet0/0/2]port trunk all
[LS1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[LS1-GigabitEthernet0/0/2]q
[LS1]dis
[LS1]display por
[LS1]display port vlan
Port Link Type PVID Trunk VLAN List
-------------------------------------------------------------------------------
Ethernet0/0/1 access 10 -
Ethernet0/0/2 access 20 -
Ethernet0/0/3 hybrid 1 -
Ethernet0/0/4 hybrid 1 -
Ethernet0/0/5 hybrid 1 -
Ethernet0/0/6 hybrid 1 -
Ethernet0/0/7 hybrid 1 -
Ethernet0/0/8 hybrid 1 -
Ethernet0/0/9 hybrid 1 -
Ethernet0/0/10 hybrid 1 -
Ethernet0/0/11 hybrid 1 -
Ethernet0/0/12 hybrid 1 -
Ethernet0/0/13 hybrid 1 -
Ethernet0/0/14 hybrid 1 -
Ethernet0/0/15 hybrid 1 -
Ethernet0/0/16 hybrid 1 -
Ethernet0/0/17 hybrid 1 -
Ethernet0/0/18 hybrid 1 -
Ethernet0/0/19 hybrid 1 -
Ethernet0/0/20 hybrid 1 -
Ethernet0/0/21 hybrid 1 -
Ethernet0/0/22 hybrid 1 -
GigabitEthernet0/0/1 trunk 1 1-4094
GigabitEthernet0/0/2 trunk 1 1-4094
[LS1]
3.4、三层交换机LSW2和LSW3设置
LSW2:
<Huawei>undo ter
<Huawei>undo terminal mo
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW2
[SW2]user-in
[SW2]user-interface c
[SW2]user-interface co
[SW2]user-interface console
^
Error:Incomplete command found at '^' position.
[SW2]user-interface console 0
[SW2-ui-console0]idle-tim
[SW2-ui-console0]idle-timeout 0 0
[SW2-ui-console0]q
[SW2]int g0/0/1
[SW2-GigabitEthernet0/0/1]port-l
[SW2-GigabitEthernet0/0/1]port li
[SW2-GigabitEthernet0/0/1]port link-type tr
[SW2-GigabitEthernet0/0/1]port link-type trunk
[SW2-GigabitEthernet0/0/1]port tr
[SW2-GigabitEthernet0/0/1]port trunk all
[SW2-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/1]q
[SW2]vlan bat 10 20 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW2]int vlan 10
[SW2-Vlanif10]ip add 192.168.10.10 24
[SW2-Vlanif10]vrrp v
[SW2-Vlanif10]vrrp vrid 1 vir
[SW2-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.1
[SW2-Vlanif10]vrrp vr
[SW2-Vlanif10]vrrp vrid 1 pro
[SW2-Vlanif10]vrrp vrid 1 pri
[SW2-Vlanif10]vrrp vrid 1 priority 105
[SW2-Vlanif10]vrrp vr
[SW2-Vlanif10]vrrp vrid 1 tra
[SW2-Vlanif10]vrrp vrid 1 track int g0/0/2
[SW2-Vlanif10]int vlan 20
[SW2-Vlanif20]ip add 192.168.20.10 24
[SW2-Vlanif20]vrrp vr
[SW2-Vlanif20]vrrp vrid 2 vir
[SW2-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.1
[SW2-Vlanif20]vrrp vri
[SW2-Vlanif20]vrrp vrid 2 tra
[SW2-Vlanif20]vrrp vrid 2 track int g0/0/2
[SW2-Vlanif20]
[SW2-Vlanif20]q
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port-li
[SW2-GigabitEthernet0/0/2]port li
[SW2-GigabitEthernet0/0/2]port link-type access
[SW2-GigabitEthernet0/0/2]port de
[SW2-GigabitEthernet0/0/2]port default vlan 100
[SW2-GigabitEthernet0/0/2]int vlan 100
[SW2-Vlanif100]ip add 10.10.10.1 24
[SW2-Vlanif100]q
[SW2]ip rou
[SW2]ip route-st
[SW2]ip route-static 1.1.1.1 32 10.10.10.11
[SW2]dis
[SW2]display vrrp
Vlanif10 | Virtual Router 1
State : Master
Virtual IP : 192.168.10.1
Master IP : 192.168.10.10
PriorityRun : 105
PriorityConfig : 105
MasterPriority : 105
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Track IF : GigabitEthernet0/0/2 Priority reduced : 10
IF state : UP
Create time : 2021-08-24 20:19:41 UTC-08:00
Last change time : 2021-08-24 20:19:44 UTC-08:00
Vlanif20 | Virtual Router 2
State : Master
Virtual IP : 192.168.20.1
Master IP : 192.168.20.10
PriorityRun : 100
LSW3:
<Huawei>undo ter
<Huawei>undo terminal mo
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname SW3
[SW3]user-int
[SW3]user-interface co
[SW3]user-interface console 0
[SW3-ui-console0]idle-tim
[SW3-ui-console0]idle-timeout 0 0
[SW3-ui-console0]q
[SW3]vlan bat 10 20 200
Info: This operation may take a few seconds. Please wait for a moment...done.
[SW3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port li
[SW3-GigabitEthernet0/0/1]port link-tr
[SW3-GigabitEthernet0/0/1]port link-ty
[SW3-GigabitEthernet0/0/1]port link-type tr
[SW3-GigabitEthernet0/0/1]port link-type trunk
[SW3-GigabitEthernet0/0/1]port tr
[SW3-GigabitEthernet0/0/1]port trunk all
[SW3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[SW3-GigabitEthernet0/0/1]q
[SW3]int vlan 10
[SW3-Vlanif10]ip add 192.168.10.11 24
[SW3-Vlanif10]vrrp vr
[SW3-Vlanif10]vrrp vrid 1 vir
[SW3-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.1
[SW3-Vlanif10]vrrp vrid 1 tra
[SW3-Vlanif10]vrrp vrid 1 track int
[SW3-Vlanif10]vrrp vrid 1 track interface g0/0/2
[SW3-Vlanif10]int vlan 20
SW3-Vlanif20]ip add 192.168.20.11 24
[SW3-Vlanif20]vrrp vr
[SW3-Vlanif20]vrrp vrid 2 vir
[SW3-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.1
[SW3-Vlanif20]vrrp v
[SW3-Vlanif20]vrrp vrid 2 pri
[SW3-Vlanif20]vrrp vrid 2 priority 105
[SW3-Vlanif20]vrrp vr
[SW3-Vlanif20]vrrp vrid 2 tr
[SW3-Vlanif20]vrrp vrid 2 track in
[SW3-Vlanif20]vrrp vrid 2 track interface g0/0/2
[SW3-Vlanif20]q
[SW3]int g0/0/2
[SW3-GigabitEthernet0/0/2]port li
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3-GigabitEthernet0/0/2]port de
[SW3-GigabitEthernet0/0/2]port default vlan 200
[SW3-GigabitEthernet0/0/2]q
[SW3]int vlan 200
[SW3-Vlanif200]ip add 20.20.20.2 24
[SW3-Vlanif200]q
[SW3]ip rou
[SW3]ip route-st
[SW3]ip route-static 1.1.1.1 32 20.20.20.11
[SW3-Vlanif20]q
[SW3]dis
[SW3]display vrrp
Vlanif10 | Virtual Router 1
State : Backup
Virtual IP : 192.168.10.1
Master IP : 192.168.10.10
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 105
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Track IF : GigabitEthernet0/0/2 Priority reduced : 10
IF state : UP
Create time : 2021-08-24 20:32:35 UTC-08:00
Last change time : 2021-08-24 20:54:52 UTC-08:00
Vlanif20 | Virtual Router 2
State : Master
Virtual IP : 192.168.20.1
Master IP : 192.168.20.11
PriorityRun : 105
---- More ----
3.4、路由器R1设置
R1:
<Huawei>undo ter
<Huawei>undo terminal mo
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
<Huawei>system-view
Enter system view, return user view with Ctrl+Z.
[Huawei]sysn
[Huawei]sysname R1
[R1]user-in
[R1]user-interface c
[R1-ui-console0]idle-tim
[R1-ui-console0]idle-timeout 0 0
[R1-ui-console0]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 10.10.10.11 24
[R1-GigabitEthernet0/0/0]
[R1-GigabitEthernet0/0/0]undo shu
[R1-GigabitEthernet0/0/0]undo shutdown
Info: Interface GigabitEthernet0/0/0 is not shutdown.
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 20.20.20.11 24
[R1-GigabitEthernet0/0/1]undo shu
[R1-GigabitEthernet0/0/1]undo shutdown
Info: Interface GigabitEthernet0/0/1 is not shutdown.
[R1-GigabitEthernet0/0/1]q
[R1]int loo
[R1]int LoopBack 0
[R1-LoopBack0]ip add 1.1.1.1 32
[R1-LoopBack0]q
[R1]ip rou
[R1]ip route-st
[R1]ip route-static 192.168.10.0 24 10.10.10.1
[R1]ip route-static 192.168.10.0 24 20.20.20.2 pr
[R1]ip route-static 192.168.10.0 24 20.20.20.2 preference 65
[R1]ip rou
[R1]ip route-st
[R1]ip route-static 192.168.20.0 24 20.20.20.2
[R1]ip route-static 192.168.20.0 24 10.10.10.1 pr
[R1]ip route-static 192.168.20.0 24 10.10.10.1 preference 65
[R1]dis
[R1]display rou
[R1]display route-
[R1]display routing
[R1]display ip r
[R1]display ip rou
[R1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 9 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
10.10.10.0/24 Direct 0 0 D 10.10.10.11 GigabitEthernet
0/0/0
10.10.10.11/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
20.20.20.0/24 Direct 0 0 D 20.20.20.11 GigabitEthernet
0/0/1
20.20.20.11/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.10.0/24 Static 60 0 RD 10.10.10.1 GigabitEthernet
0/0/0
192.168.20.0/24 Static 60 0 RD 20.20.20.2 GigabitEthernet
0/0/1
[R1]
3.5、连通性测试
PC1分别ping和tracertPC2、R1的IP地址(PC2同理):
Ping 192.168.20.100: 32 data bytes, Press Ctrl_C to break
From 192.168.20.100: bytes=32 seq=1 ttl=127 time=94 ms
From 192.168.20.100: bytes=32 seq=2 ttl=127 time=94 ms
From 192.168.20.100: bytes=32 seq=3 ttl=127 time=94 ms
From 192.168.20.100: bytes=32 seq=4 ttl=127 time=93 ms
From 192.168.20.100: bytes=32 seq=5 ttl=127 time=78 ms
--- 192.168.20.100 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/90/94 ms
PC>tracert 192.168.20.100
traceroute to 192.168.20.100, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.10 47 ms 31 ms 47 ms
2 192.168.20.100 94 ms 78 ms 78 ms
PC>ping 1.1.1.1
Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break
From 1.1.1.1: bytes=32 seq=1 ttl=254 time=125 ms
From 1.1.1.1: bytes=32 seq=2 ttl=254 time=62 ms
From 1.1.1.1: bytes=32 seq=3 ttl=254 time=78 ms
From 1.1.1.1: bytes=32 seq=4 ttl=254 time=63 ms
From 1.1.1.1: bytes=32 seq=5 ttl=254 time=63 ms
--- 1.1.1.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 62/78/125 ms
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.10 63 ms 31 ms 47 ms
2 1.1.1.1 63 ms 62 ms 63 ms
这时我们发现这里的走的物理ip都是192.168.10.10
然后我们在LSW2上进入g0/0/2接口上关闭接口:
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]shut
[SW2-GigabitEthernet0/0/2]shutdown
这时我们再ping一次会发现这时的走的物理ip为192.168.10.11,项目测试成功。
PC>tracert 1.1.1.1
traceroute to 1.1.1.1, 8 hops max
(ICMP), press Ctrl+C to stop
1 192.168.10.11 31 ms 47 ms 47 ms
2 1.1.1.1 62 ms 63 ms 62 ms
三.总结
VPPR的作用:出口网关的备份,保证出口网关的高用性
VRRP的好处:1.主路由器失效后,备份路由器立即顶替路由器的工作,保证数据不丢失。
2.两个不同的路由器成为不同组的主路由器,相互备份。
3.跟踪上行链路接口状态,当上行链路接口失效时,自动备份路由提示为主路由器,保证数据不丢失
VRRP工作原理:通过在冗余网关间共享虚拟MAC和IP地址,保证数据转发时并不是转给某一个具体网关的IP,而是把数据转发给虚拟网关的IP,因此,不论哪一个路由器成为主路由,都不会影响数据通信。通过组播协议对数据端口进行监控,一旦检测数据转发的端口坏掉,主路由器会停发HELLO包,备路由器提升为主路由,实现数据的稳定高效转发。
4.VRRP配置的总结:成为VRRP的接口真实IP(物理IP)必须存在,并且成员间的接口的真实IP必须不一样,虚拟接口必须一样,因为承担了同一个组的流量,主路由器的优先级必须大于备份路由器(VRRP的默认接口优先级为100);主路由器一旦失效后,默认优先级会自动降10,所以主路由的接口优先级不能比备份路由器大超过9。
741
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
