一、在多层交换网络中实现默认网关路由器冗余
1、代理ARP:主机使用ARP来确定前往远程目的地的下一跳的MAC地址,本地路由器使用其MAC地址来响应。(如果负责转发的路由器故障,主机需要等待ARP超时后,再学习到其他路由器的MAC)
2、IRDP(interior gateway routing protocol):ICMP的一种扩展,动态发现默认路由器的一种协议。很少用,发现故障慢。IRDP生命周期。
二、HSRP(hot standby routing protocol)的作用及原理
HSRP是cisco私有协议,在多台路由器之间共享的虚拟MAC地址和虚拟IP地址以及一个通过多播协议对LAN接口和串行接口进行监控的进程组成。虚拟成一个路由器(网关)提供服务,此时,PC的网关设置为虚拟网关地址。
1、HSRP组件
一台活跃路由器(发hello、回应PC ARP请求)、一台备用路由器(发hello、监听)、一台虚拟路由器(PC网关)、其他HSRP成员路由器(监听)
2、工作:协议包每3秒发送一次,持续10秒(3个周期)。HSRP被 UDP封装,端口号是1985。目标IP为224.0.0.2
3、虚拟MAC:0000.0c07.ac01 0000.0c厂商编号 07ac HSRP编号 01 组号,最多支持256个组(标识一个组)
4、HSRP状态
Initial:初始状态,HSRP未全面动转,修改配置或接口启动进入此状态
Learn:学习状态,不知道虚拟IP,未看到活跃路由器发hello。等待活跃路由器发hello。
Listen:监听状态,知道虚拟IP。没有活动和备份路由器信息。(其他HSRP成员路由器都处于此状态)
Speak:发方状态,定期发hello,参与选举活跃路由器选举。
Standby:备用状态,下一任活跃路由器,定期发hello。
Active:活跃状态,转发HSRP虚拟MAC地址和IP的数据包。定期发hello。
三、配置及查看
1、单组HSRP配置(备份)
Int vlan 2
Ip address 192.168.1.10 255.255.255.0
Standby 1 ip 192.168.1.1(配置虚拟IP,组号默认为0)
Standby 1 priority 200(越高越好,默认为100)
Standby 1 preemt(抢占,默认没有)
Standby 1 track f0/1 110(跟踪上行端口,110降优先级)
R(config-if)#standby 1 authentication ?(认证)
WORD Plain text authentication string(默认cisco,明文显示)
md5 Use MD5 authentication(md5加密)
text Plain text authentication
R(config-if)#standby 1 timers ?(时间,hello和hold time)
<1-254> Hello interval in seconds
msec Specify hello interval in milliseconds(毫秒)
同一个组号可以有不同的IP(secondary)。仍由STP控制数据流。HSRP的主应该是STP的根。
2、多组HSRP(负载)
在同一子网内做多个虚拟网关,不同的PC网关设置不同。实现负载
interface Ethernet0/0
ip address 11.11.1.1 255.255.255.0
standby 1 ip 11.11.1.10
standby 1 priority 150
standby 1 preempt
standby 1 track Ethernet0/1 60
standby 2 ip 11.11.1.20
standby 2 priority 90
standby 2 preempt
standby 2 track Ethernet0/1
end
3、查看
Show standby
Show standby brief
R#debug standby ?
errors HSRP errors
events HSRP events
packets HSRP packets
terse Display limited range of HSRP errors, events and packets
三层交换机上实现HSRP HSRP是一种Cisco专有协议,它通过在冗余网关之间共享协议和MAC地址,提供了不间断的IP路径冗余。该协议由在两台路由器之间共享的虚拟 MAC地址和虚拟IP地址以及一个通过多波协议对LAN接口和串行接口进行监控的进程组成。HSRP支持将多台路由器用作备用默认网关。 
将SW1和SW2组成一个HSRP组,实现路由器的冗余,首先按拓扑图所示配置IP地址,使用一台交换机来模拟PC,用一以路由器模拟WEB,在SW1、SW2和WEB之间配置EIGRP协议:
sw1(config-if)#interface fa0/8
sw1(config-if)#no switchport
sw1(config-if)#ip address 10.1.1.3 255.255.255.0
sw1(config-if)#no shutdown
sw1(config-if)#interface vlan 1
sw1(config-if)#ip address 10.1.2.3 255.255.255.0
sw1(config-if)#no shutdown
sw1(config-if)#exit
sw1(config)#ip routing
sw1(config)#router eigrp 100
sw1(config-router)#network 10.0.0.0
sw1(config-router)#no auto-summary
sw2(config)#interface fa0/7
sw2(config-if)#no switchport
sw2(config-if)#ip address 10.1.1.2 255.255.255.0
sw2(config-if)#no shutdown
sw2(config-if)#interface vlan 1
sw2(config-if)#ip address 10.1.2.2 255.255.255.0
sw2(config-if)#no shutdown
sw2(config-if)#exit
sw2(config)#ip routing
sw2(config)#router eigrp 100
sw2(config-router)#network 10.0.0.0
sw2(config-router)#no auto-summary
WEB(config)#interface fa0/1
WEB(config-if)#ip address 10.1.1.4 255.255.255.0
WEB(config-if)#no sh
WEB(config-if)#exit
WEB(config)#router eigrp 100
WEB(config-router)#network 10.0.0.0
WEB(config-router)#no auto-summary
PC(config)#interface vlan 1
PC(config-if)#ip address 10.1.2.100 255.255.255.0
PC(config-if)#no shutdown
PC(config-if)#exit
PC(config)#ip default-gateway 10.1.2.1
将PC的网关指向了10.1.2.1,这个地址将是HSRP组的虚拟IP地址,配置HSRP:
sw1(config)#interface vlan 1
sw1(config-if)#standby ip 10.1.2.1
sw1(config-if)#standby preempt
sw2(config)#interface vlan 1
sw2(config-if)#standby ip 10.1.2.1
sw2(config-if)#standby preempt
HSRP应在接口上配置,配置时应指定虚拟IP地址,参数preempt可以帮助优先级比较高的路由器在故障恢复后重新成为活跃路由器。
查看HSRP信息:
sw1#show standby
Vlan1 - Group 0
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.728
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac00
2 state changes, last state change 00:00:32
IP redundancy name is "hsrp-Vl1-0" (default)
sw2#show standby
Vlan1 - Group 0
Local state is Speak, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.032
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.3, priority 100 expires in 7.176
Standby router is unknown
0 state changes, last state change never
IP redundancy name is "hsrp-Vl1-0" (default)
可以发现两者在默认情况下优先级相同,由于SW1是先初始化的,所以成为了活跃路由器,而SW2是备份路由器。
在PC上执行trace,查看路由情况:
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 10.1.2.3 0 msec 4 msec 0 msec
2 10.1.1.4 0 msec 4 msec *
可以看见,数据包是通过目前的活跃路由器SW1转发的。
如果将SW1与PC之间的链路断开,可以发现PC仍然能与WEB通讯,再次使用trace:
PC#ping 10.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 *
10.1.2.2 0 msec 0 msec
2 10.1.1.4 4 msec 0 msec *
可以看到路径改为通过SW2,而在SW1和SW2上查看HSRP信息:
sw1#show standby
Vlan1 - Group 0
Local state is Init (interface down), priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Virtual IP address is 10.1.2.1 configured
Active router is unknown
Standby router is unknown
3 state changes, last state change 00:01:39
IP redundancy name is "hsrp-Vl1-0" (default)
sw2#show standby
Vlan1 - Group 0
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.954
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is Unknown
Virtual mac address is 0000.0c07.ac00
2 state changes, last state change 00:01:07
IP redundancy name is "hsrp-Vl1-0" (default)
可以看到此时SW1的状态是阻塞,而SW2成为了活跃路由器。
将SW1与PC之间的链路恢复,再次查看SW1的HSRP信息:
sw1#show standby
Vlan1 - Group 0
Local state is Listen, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.2, priority 100 expires in 9.448
Standby router is unknown
3 state changes, last state change 00:02:03
IP redundancy name is "hsrp-Vl1-0" (default)
sw1#show standby
Vlan1 - Group 0
Local state is Speak, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.996
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.2, priority 100 expires in 9.164
Standby router is unknown
3 state changes, last state change 00:02:12
IP redundancy name is "hsrp-Vl1-0" (default)
sw1#show standby
Vlan1 - Group 0
Local state is Standby, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.528
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.2, priority 100 expires in 7.384
Standby router is local
4 state changes, last state change 00:00:01
IP redundancy name is "hsrp-Vl1-0" (default)
可以看到SW1经过了监听、发言之后,最终成为了备份路由器。由于SW1和SW2都采用的是默认的优先级100,即使我们配置了抢占(preempt)选项,SW1也无法重新成为活跃路由器。此时,我们可以手工指定SW1的优先级:
sw1(config)#interface vlan 1
sw1(config-if)#standby priority 150
00:23:25: %STANDBY-6-STATECHANGE: Vlan1 Group 0 state Standby -> Active
sw1#show standby
Vlan1 - Group 0
Local state is Active, priority 150, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.252
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac00
5 state changes, last state change 00:00:03
IP redundancy name is "hsrp-Vl1-0" (default)
可以看到SW1重新成为了活跃路由器。
此时,如果我们断开SW1与WEB之间的链路:
sw1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.2.0 is directly connected, Vlan1
D 10.1.1.0 [90/28416] via 10.1.2.2, 00:01:49, Vlan1
sw1#show standby
Vlan1 - Group 0
Local state is Active, priority 150, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.728
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac00
2 state changes, last state change 00:00:32
IP redundancy name is "hsrp-Vl1-0" (default)
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 10.1.2.3 4 msec 0 msec 4 msec
2 10.1.2.2 0 msec 0 msec 4 msec
3 10.1.1.4 4 msec 0 msec *
此时,SW1仍然保持它活跃路由器的身份,但是从SW1并不能直接到达WEB,流量会通过SW2转发,这样就带来了性能问题,可以通过配置track参数来解决这个问题。
将WEB与SW1恢复连通,配置track参数:
sw1(config)#interface vlan 1
sw1(config-if)#standby track fa0/8 51
这表示当Fa0/8出现问题时,SW1的优先级将自动减少51,这样能保证此时SW1的优先级比SW2更低,而让SW2成为活跃路由器。
再次断开SW1与WEB之间的连接:
sw1#show standby
Vlan1 - Group 0
Local state is Standby, priority 99 (confgd 150), may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.674
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.2, priority 100 expires in 7.516
Standby router is local
4 state changes, last state change 00:00:07
IP redundancy name is "hsrp-Vl1-0" (default)
Priority tracking 1 interface or object, 0 up:
Interface or object Decrement State
FastEthernet0/8 51 Down (administratively down)
可以看到此时SW1的优先级变成了99,成为了备份路由器。
HSRP工作过程中,HSRP组中始终只有一台路由器处在转发状态,这无疑对资源造成了极大的浪费。我们可以能过配置多个HSRP组,对不同的HSRP组指定不同的活跃路由器,将主机的网关指向不同的虚拟IP地址,以达到负载均衡的目的。
删除之前的HSRP操作,创建两个HSRP组:
sw1(config)#interface vlan 1
sw1(config-if)#no standby ip 10.1.2.1
sw1(config-if)#standby 1 ip 10.1.2.1
sw1(config-if)#standby 1 preempt
sw1(config-if)#standby 1 track fa0/8
sw1(config-if)#standby 2 ip 10.1.2.254
sw1(config-if)#standby 2 preempt
sw1(config-if)#standby 2 priority 95
sw1(config-if)#standby 2 track fa0/8
sw2(config)#interface vlan 1
sw2(config-if)#no standby ip 10.1.2.1
sw2(config-if)#standby 1 ip 10.1.2.1
sw2(config-if)#standby 1 preempt
sw2(config-if)#standby 1 track fa0/7
sw2(config-if)#standby 1 priority 95
sw2(config-if)#standby 2 ip 10.1.2.254
sw2(config-if)#standby 2 preempt
我们对SW1和SW2的不同HSRP组分别配置了不同的优先级,保证他们在不同的组里处于不同的角色,实现了负载均衡:
sw1#show standby
Vlan1 - Group 1
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.210
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac01
5 state changes, last state change 00:00:06
IP redundancy name is "hsrp-Vl1-1" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/8 10 Up
Vlan1 - Group 2
Local state is Standby, priority 95, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.346
Virtual IP address is 10.1.2.254 configured
Active router is 10.1.2.2, priority 100 expires in 7.680
Standby router is local
4 state changes, last state change 00:01:22
IP redundancy name is "hsrp-Vl1-2" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/8 10 Up
sw2#show standby
Vlan1 - Group 1
Local state is Standby, priority 95, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.384
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.3, priority 100 expires in 9.872
Standby router is local
3 state changes, last state change 00:02:48
IP redundancy name is "hsrp-Vl1-1" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/7 10 Up
Vlan1 - Group 2
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.358
Virtual IP address is 10.1.2.254 configured
Active router is local
Standby router is 10.1.2.3 expires in 7.908
Virtual mac address is 0000.0c07.ac02
1 state changes, last state change 00:04:24
IP redundancy name is "hsrp-Vl1-2" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/7 10 Up
在PC上使用trace命令:
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 10.1.2.3 4 msec 0 msec 4 msec
2 10.1.1.4 4 msec 0 msec *
将PC的默认网关改为10.1.2.254,再次trace:
PC(config)#ip default-gateway 10.1.2.254
PC(config)#end
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 10.1.2.2 1000 msec 0 msec 4 msec
2 10.1.1.4 4 msec 0 msec *
可以看到PC在两种情况下使用了不同的路由器来转发数据,实现了负载均衡的目的。
热备份HSRP配置
r1(config)#int f0/0
r1(config-if)#ip add 192.168.1.1 255.255.255.0
r1(config-if)#no shu
r1(config-if)#int f1/0
r1(config-if)#ip add 192.168.2.1 255.255.255.0
r1(config-if)#no shu
r1(config)#router rip
r1(config-router)#network 192.168.1.0
r1(config-router)#network 192.168.2.0
r1(config)#int f0/0
r1(config-if)#standby 47 ip 192.168.1.254 备份组为47虚拟IP为1.254
r1(config-if)#standby 47 priority 180 优先级为180
r1(config-if)#standby 47 preemtp 配置占先权
r1(config-if)#standby 47 track f1/0 100 端口跟踪,优先级减少100
r2(config)#int f0/0r2(config-if)#ip add 192.168.1.2 255.255.255.0
r2(config-if)#no shu
r2(config-if)#int f1/0
r2(config-if)#ip add 192.168.3.1 255.255.255.0
r2(config-if)#no shu
r2(config)#router rip
r2(config-router)#network 192.168.1.0
r2(config-router)#network 192.168.3.0
r2(config)#int f0/0
r2(config-if)#standby 47 ip 192.168.1.254 备份组为47虚拟IP为1.254
r2(config-if)#standby 47 priority 150 优先级为150
r3(config)#int f0/0
r3(config-if)#ip add 192.168.2.2 255.255.255.0
r3(config-if)#no shu
r3(config-if)#int f1/0
r3(config-if)#ip add 192.168.3.2 255.255.255.0
r3(config-if)#no shu
r3(config-if)#int f2/0
r3(config-if)#ip add 192.168.4.1 255.255.255.0
r3(config-if)#no shu
r3(config)#router rip
r3(config-router)#network 192.168.2.0
r3(config-router)#network 192.168.3.0
r3(config-router)#network 192.168.4.0
VPCS1:ip 192.168.1.3 192.168.1.254 24 VPCS1IP为1.3网关为1.254
VPCS2:ip 192.168.4.2 192.168.4.1 24 VPCS2IP为4.2网关为4.1
之后测试就可以了。
| 
扫一扫
988
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
