原理解析: VRRP以虚拟路由器的形式为终端用户提供服务,而实际负责数据转发的路由器由一组运行VRRP协议的路由器选举产生,从而实现三层网关的备份。
一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,自动切换到备路由器上保障链路的畅通。使用 VRRP 的好处是有更高的默认路径的可用性而无需在每个终端主机上配置动态路由或路由发现协议。
网络拓扑:
项目需求:业务层的华为s5328c三层交换机和上联的8508通过OSPF互联,与负载均衡和下面的防火墙实现VRRP的冗余和热备互联。
配置过程:
HX-S5328-A上的配置(HX-S5328-B与其类似)
#
vlan batch 10 20 50 60(批量创建vlan)
#
interface Vlanif10
description Link_to_HX-S5328-B-GE0/0/24
ip address 172.29.141.5 255.255.255.252
ospf cost 1000
ospf authentication-mode md5 10 cipher *******************
ospf network-type p2p
ospf timer hello 3
#
interface Vlanif20
description Link_to_E1000-A-GE0/0/0
ip address 172.29.141.9 255.255.255.248
vrrp vrid 20 virtual-ip 172.29.141.11(添加虚拟IP地址)
vrrp vrid 20 priority 150(设置备份组优先级)
vrrp vrid 20 preempt-mode(设置抢占模式)
vrrp vrid 20 track interface GigabitEthernet0/0/18 reduced 60(设置监视指定接口)
#
interface Vlanif50
description Link_to_radware4016
ip address 172.29.141.253 255.255.255.128
vrrp vrid 50 virtual-ip 172.29.141.254
vrrp vrid 50 priority 150
vrrp vrid 20 preempt-mode
vrrp vrid 20 track interface GigabitEthernet0/0/2 reduced 60
#
interface Vlanif60
description Link_to_S8508-1-G9/1/12
ip address 172.29.252.2 255.255.255.252
ospf authentication-mode md5 1 cipher *********************
ospf network-type p2p
ospf timer hello 3
(注:以上设置VRRP虚拟路由组)
#
ospf 100
import-route direct(在OSPF中引入直连路由,类似思科redistribute命令)
area 20
authentication-mode md5
network 172.29.252.0 0.0.0.3
network 172.29.141.4 0.0.0.3
network 172.29.141.1 0.0.0.0
#
ip route-static 0.0.0.0 0.0.0.0 172.29.252.1(往上与8508互通)
ip route-static 172.29.141.64 255.255.255.192 172.29.141.14(往下与防火墙区域互通)
#
interface GigabitEthernet0/0/1
description Link_to_S8508-1-G9/1/12
port link-type access
port default vlan 60
ndp enable
bpdu enable
undo negotiation auto
#
interface GigabitEthernet0/0/2
description Link_to_radware1-G1
port link-type access
port default vlan 50
ndp enable
bpdu enable
#
interface GigabitEthernet0/0/18
description Link_to_E1000-A-GE0/0/0
port link-type access
port default vlan 20
ndp enable
bpdu enable
(注:设备间的端口互联)
#
interface Eth-Trunk1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10 20 50
bpdu enable
#
interface GigabitEthernet0/0/22
description Link_to_S5328-A_S5328-B
eth-trunk 1
undo ntdp enable
undo ndp enable
#
interface GigabitEthernet0/0/23
description Link_to_S5328-A_S5328-B
eth-trunk 1
undo ntdp enable
undo ndp enable
#
interface GigabitEthernet0/0/24
description Link_to_S5328-A_S5328-B
eth-trunk 1
undo ntdp enable
undo ndp enable
(注:把3个端口做链路捆绑并允许VLAN 10、20、50通过)
总结:VRRP协议的工作机理与CISCO公司的HSRP有许多相似之处。我们可以在具体的项目实践中灵活应用这两种协议来解决问题。相对来说,HSRP是私有协议而VRRP是开放协议,使用VRRP协议,只需较少的管理费用,却大大提升了网络性能和稳定性,具有很好的应用价值。