VRRP与HSRP的区别

最新推荐文章于 2024-03-06 12:10:40 发布

weixin_34198762

最新推荐文章于 2024-03-06 12:10:40 发布

阅读量366

点赞数

原文链接：http://blog.51cto.com/netsky1/240824

版权

VRRP与HSRP的区别

1、HSRP不支持将真实的接口地址，设置为虚拟的网关地址，而VRRP支持
在功能上,VRRP和HSRP非常相似,但是就安全而言,VRRP对HSRP的一个主要优势:它允许参与VRRP组的设备间建立认证机制.并且,不像HSRP那样要求虚拟路由器不能是其中一个路由器的ip地址,但是VRRP允许这种情况发生(如果”拥有”虚拟路由器地址的路由器被建立并且正在运行,那么应该总是由这个虚拟路由器管理—等价于HSRP中的活动路由器),但是为了确保万一失效发生的时候终端主机不必重新学习MAC地址,它指定使用的MAC地址00-00-5e-00-01-VRID,这里的VRID是虚拟路由器的ID(等价于一个HSRP的组标识符). 泰克网络技术论坛【我们一起努力】%K d D S \(x T
2.另外一个不同是VRRP不使用HSRP中的政变或者一个等价消息,VRRP的状态机比HSRP的要简单,HSRP有6个状态(初始(Initial)状态，学习(Learn)状态，监听(Listen)状态，对话(Speak)状态，备份(Standby)状态，活动(Active)状态)和8个事件, VRRP只有3个状态(初始状态(Initialize)、主状态(Master)、备份状态(Backup))和5个事件. CCIE培训,CCNA培训,CCNP培训,上海CCNA培训,上海CCNP培训,上海CCIE培训7T+[ } } o A
3. HSRP有三种报文，而且有三种状态可以发送报文
呼叫(Hello)报文，告辞(Resign)报文，突变(Coup)报文 bbs.tech-lab.cn z/f6z j
a w+U l
VRRP有一种报文CCIE培训,CCNA培训,CCNP培训,上海CCNA培训,上海CCNP培训,上海CCIE培训 p-_ {5E P:]
VRRP广播报文：由主路由器定时发出来通告它的存在，使用这些报文可以检测虚拟路由器各种参数，还可以用于主路由器的选举。
4. HSRP将报文承载在UDP报文上，而VRRP承载在TCP报文上(HSRP 使用UDP 1985端口，向组播地址224.0.0.2 发送hello消息。)CISCO技术,CCIE认证交流,CCNP认证交流,CCNA认证交流,f g } ^:W+G)G C ?
5.VRRP的安全:VRRP协议包括三种主要的认证方式:无认证,简单的明文密码和使用 MD5 HMAC ip认证的强认证.
强认证方法使用IP认证头(AH)协议.AH是与用在IPSEC中相同的协议,AH为认证VRRP分组中的内容和分组头提供了一个方法. MD5 HMAC 的使用表明使用一个共享的密钥用于产生hash值.路由器发送一个VRRP分组产生MD5 hash值,并将它置于要发送的通告中,在接收时,接受方使用相同的密钥和MD5值,重新计算分组内容和分组头的hash值,如果结果相同,这个消息就是真正来自于一个可信赖的主机,如果不相同,它必须丢弃,这可以防止***者通过访问LAN而发出能影响选择过程的通告消息或者其他一些方法中断网络.CCIE 培训,CCNP培训,CCNA培训:] j w#C4| I t Z
另外,VRRP包括一个保护VRRP分组不会被另外一个远程网络添加内容的机制(设置TTL值=255,并在接受时检查),这限制了可以进行本地***的大部分缺陷.而另一方面,HSRP在它的消息中使用的TTL值是1. V9y7Z N g!Y1p0a
6.VRRP的崩溃间隔时间:3*通告间隔+时滞时间(skew-time) 以上是网上搜索出来的东东，下面通过实验来验证看看，拓扑如下：

下面我们通过实验来做一些验证

hos R1

in e1/0
ip add 172.16.12.1 255.255.255.0
no sh
int e1/1
ip add 172.16.13.1 255.255.255.0
no sh

hos R2
in e1/0
ip add 172.16.23.1 255.255.255.0
no sh
int e1/1
ip add 172.16.12.2 255.255.255.0
no sh

hos R3
in e1/0
ip add 172.16.13.2 255.255.255.0
no sh
int e1/1
ip add 172.16.23.2 255.255.255.0
no sh-----然后在每个路由器上开起debug ip pa de 和 debug stand event
OK，下面开始，首先验证下HSRP是否支持真实IP设为虚拟路由器的IP，
R2上E1/0接口下打入:
R2(config-if)#standby 23 ip 172.16.23.1
% address cannot equal interface IP address,显然不支持，OK，接下来就来看看hsrp的工作过程，
R2(config-if)#standby 23 ip 172.16.23.254
*Mar   1 00:50:01.431: HSRP: Et1/0 Grp 23 Disabled -> Init
*Mar   1 00:50:01.431: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23" state Disabled -> Init
*Mar   1 00:50:11.439: HSRP: Et1/0 Interface up
*Mar   1 00:50:11.439: HSRP: Et1/0 Starting minimum interface delay (1 secs)
*Mar   1 00:50:12.471: HSRP: Et1/0 Interface min delay expired
*Mar   1 00:50:12.471: HSRP: Et1/0 Grp 23 Init: a/HSRP enabled
*Mar   1 00:50:12.471: HSRP: Et1/0 Grp 23 Init -> Listen
*Mar   1 00:50:12.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23" state Init -> Backup
*Mar   1 00:50:12.471: IP: s=172.16.23.1 (local), d=224.0.0.2 (Ethernet1/0), len 44, sending broad/multicast--------------说明HSRP通过组播的方式来通讯，
*Mar   1 00:50:12.471:      UDP src=1985, dst=1985---------------承载在UDP包上，端口1985
*Mar   1 00:50:22.471: HSRP: Et1/0 Grp 23 Listen: c/Active timer expired (unknown)
*Mar   1 00:50:22.471: HSRP: Et1/0 Grp 23 Listen -> Speak
*Mar   1 00:50:22.475: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23" state Backup -> Speak
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Speak: d/Standby timer expired (unknown)
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby router is local
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Speak -> Standby
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23" state Speak -> Standby
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby: c/Active timer expired (unknown)
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Active router is local
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby router is unknown, was local
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby -> Active
*Mar   1 00:50:32.471: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state Standby -> Active
*Mar   1 00:50:32.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23" state Standby -> Active
*Mar   1 00:50:35.471: HSRP: Et1/0 Grp 23 Redundancy group hsrp-Et1/0-23 state Active -> Active
*Mar   1 00:50:38.471: HSRP: Et1/0 Grp 23 Redundancy group hsrp-Et1/0-23 state Active ->
小插曲，我此时在R2和R3上都无法ping通172.16.23.254,大家猜猜是为什么？呵呵。
R2(config-if)#standby 23 preempt
R2(config-if)#standby 23 track ethernet 1/1,此时的debug 信息输出如下：

*Mar   1 01:09:10.979: HSRP: Et1/0 Grp 23 Track "Ethernet1/1" create interface object
*Mar   1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 add, decrement 10------------这个decrement value可调，默认10
*Mar   1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 Start tracking
*Mar   1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 link id 1
*Mar   1 01:09:11.627: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:09:14.631: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:09:17.635: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:09:20.639: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:09:23.639: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Active   pri 100 vIP 172.16.23.254-----怎么是3秒？记得是2秒啊
我在R3上R3(config-if)# standby 23 ip 172.16.23.254
*Mar   1 01:16:12.387: HSRP: Et1/1 API MAC address update
*Mar   1 01:16:12.391: HSRP: Et1/1 Grp 23 Disabled -> Init
*Mar   1 01:16:12.391: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23" state Disabled -> Init
*Mar   1 01:16:22.395: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:22.399: HSRP: Et1/1 Grp 23 Active router is 172.16.23.1
*Mar   1 01:16:22.399: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:22.403: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:22.407: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:22.411: HSRP: Et1/1 Interface up
*Mar   1 01:16:22.411: HSRP: Et1/1 Starting minimum interface delay (1 secs)
*Mar   1 01:16:23.411: HSRP: Et1/1 Interface min delay expired
*Mar   1 01:16:23.411: HSRP: Et1/1 Grp 23 Init: a/HSRP enabled
*Mar   1 01:16:23.411: HSRP: Et1/1 Grp 23 Init -> Listen
*Mar   1 01:16:23.411: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23" state Init -> Backup
*Mar   1 01:16:23.411: HSRP: Et1/1 Redirect adv out, Passive, active 0 passive 1
*Mar   1 01:16:25.315: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:28.335: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:31.315: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:33.411: HSRP: Et1/1 Grp 23 Listen: d/Standby timer expired (unknown)
*Mar   1 01:16:33.411: HSRP: Et1/1 Grp 23 Listen -> Speak
*Mar   1 01:16:33.415: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23" state Backup -> Speak
*Mar   1 01:16:33.415: HSRP: Et1/1 Grp 23 Hello   out 172.16.23.2 Speak    pri 100 vIP 172.16.23.254
*Mar   1 01:16:34.315: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:36.419: HSRP: Et1/1 Grp 23 Hello   out 172.16.23.2 Speak    pri 100 vIP 172.16.23.254
*Mar   1 01:16:37.315: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:39.423: HSRP: Et1/1 Grp 23 Hello   out 172.16.23.2 Speak    pri 100 vIP 172.16.23.254
*Mar   1 01:16:40.395: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:42.427: HSRP: Et1/1 Grp 23 Hello   out 172.16.23.2 Speak    pri 100 vIP 172.16.23.254
*Mar   1 01:16:43.355: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:16:43.411: HSRP: Et1/1 Grp 23 Speak: d/Standby timer expired (unknown)
*Mar   1 01:16:43.411: HSRP: Et1/1 Grp 23 Standby router is local
*Mar   1 01:16:43.415: HSRP: Et1/1 Grp 23 Speak -> Standby
*Mar   1 01:16:43.415: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23" state Speak -> Standby
调低R3的pri值为95，下面来试试track功能好不好用，R2的先，shut掉E1/1
*Mar   1 01:29:12.435: HSRP: Et1/0 Grp 23 Track 1 object changed, state Up -> Down
*Mar   1 01:29:12.439: HSRP: Et1/0 Grp 23 Priority 100 -> 90--------------不会吧难道down掉了仅仅是把pri降低10吗？
*Mar   1 01:29:12.663: HSRP: Et1/0 Grp 23 Hello   in   172.16.23.2 Standby pri 150 vIP 172.16.23.254
*Mar   1 01:29:12.791: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Active   pri 90 vIP 172.16.23.254
-----------晕死，发现问题，只在R2上打了preemt,没在R3上打，加上后debug 信息马上输出
R3(config-if)#
*Mar   1 01:51:44.359: HSRP: Et1/1 Grp 23 Hello   in   172.16.23.1 Active   pri 90 vIP 172.16.23.254
*Mar   1 01:51:44.363: HSRP: Et1/1 Grp 23 Standby: h/Hello rcvd from lower pri Active router (90/172.16.23.1)
*Mar   1 01:51:44.367: HSRP: Et1/1 Grp 23 Active router is local, was 172.16.23.1
*Mar   1 01:51:44.367: HSRP: Et1/1 Grp 23 Standby router is unknown, was local
*Mar   1 01:51:44.371: HSRP: Et1/1 Redirect adv out, Active, active 1 passive 2
*Mar   1 01:51:44.371: HSRP: Et1/1 Grp 23 Coup    out 172.16.23.2 Standby pri 95 vIP 172.16.23.254
*Mar   1 01:51:44.375: HSRP: Et1/1 Grp 23 Standby -> Active
*Mar   1 01:51:44.375: %HSRP-6-STATECHANGE: Ethernet1/1 Grp 23 state Standby -> Active
*Mar   1 01:51:44.375: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23" state Standby -> Active
再把被track的口no sh,R2上debug 信息输出如下
R2(config-if)#
*Mar   1 01:55:43.075: HSRP: Et1/0 Grp 23 Hello   in   172.16.23.2 Active   pri 95 vIP 172.16.23.254
*Mar   1 01:55:43.259: HSRP: Et1/0 API 172.16.12.2 is not an HSRP address
*Mar   1 01:55:43.259: HSRP: Et1/1 API 172.16.12.2 is not an HSRP address
*Mar   1 01:55:43.267: HSRP: Et1/1 API MAC address update
*Mar   1 01:55:43.271: HSRP: Et1/1 API Software interface coming up
*Mar   1 01:55:43.275: HSRP: Et1/1 Interface up
*Mar   1 01:55:43.275: HSRP: Et1/1 Starting minimum interface delay (1 secs)
*Mar   1 01:55:43.279: HSRP: Et1/1 API Software interface coming up
*Mar   1 01:55:43.691: HSRP: Et1/0 Grp 23 Track 1 object changed, state Down -> Up
*Mar   1 01:55:43.695: HSRP: Et1/0 Grp 23 Priority 90 -> 100
*Mar   1 01:55:43.695: HSRP: Et1/1 Grp 0 Track 1 object changed, state Down -> Up
*Mar   1 01:55:43.699: HSRP: Et1/1 Grp 0 Priority 90 -> 100
*Mar   1 01:55:43.955: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Standby pri 100 vIP 172.16.23.254
*Mar   1 01:55:44.275: HSRP: Et1/1 Interface min delay expired
*Mar   1 01:55:45.263: %LINK-3-UPDOWN: Interface Ethernet1/1, changed state to up
*Mar   1 01:55:45.267: HSRP: API Hardware state change
*Mar   1 01:55:46.075: HSRP: Et1/0 Grp 23 Hello   in   172.16.23.2 Active   pri 95 vIP 172.16.23.254
*Mar   1 01:55:46.079: HSRP: Et1/0 Grp 23 Standby: h/Hello rcvd from lower pri Active router (95/172.16.23.2)
*Mar   1 01:55:46.083: HSRP: Et1/0 Grp 23 Active router is local, was 172.16.23.2
*Mar   1 01:55:46.083: HSRP: Et1/0 Grp 23 Standby router is unknown, was local
*Mar   1 01:55:46.087: HSRP: Et1/0 Redirect adv out, Active, active 1 passive 2
*Mar   1 01:55:46.087: HSRP: Et1/0 Grp 23 Coup    out 172.16.23.1 Standby pri 100 vIP 172.16.23.254
*Mar   1 01:55:46.091: HSRP: Et1/0 Grp 23 Standby -> Active
*Mar   1 01:55:46.095: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state Standby -> Active
*Mar   1 01:55:46.095: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23" state Standby -> Active
*Mar   1 01:55:46.099: HSRP: Et1/0 Redirect adv out, Active, active 1 passive 1
*Mar   1 01:55:46.099: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 01:55:46.135: HSRP: Et1/0 Grp 23 Hello   in   172.16.23.2 Speak    pri 95 vIP 172.16.23.254

再把R2与R3互联的接口down掉，debug输出如下：
R2(config-if)#
*Mar   1 02:03:16.167: HSRP: Et1/0 Grp 23 Hello   out 172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 02:03:16.647: HSRP: Et1/0 API Software interface going down
*Mar   1 02:03:16.651: HSRP: Et1/0 API Software interface going down
*Mar   1 02:03:16.651: HSRP: Et1/0 Interface down
*Mar   1 02:03:16.651: HSRP: Et1/0 Grp 23 Active: b/HSRP disabled
*Mar   1 02:03:16.655: HSRP: Et1/0 Grp 23 Active router is unknown, was local
*Mar   1 02:03:16.655: HSRP: Et1/0 Grp 23 Standby router is unknown, was 172.16.23.2
*Mar   1 02:03:16.659: HSRP: Et1/0 Grp 23 Resign out 172.16.23.1 Active   pri 100 vIP 172.16.23.254
*Mar   1 02:03:16.663: HSRP: Et1/0 Grp 23 Active -> Init
*Mar   1 02:03:16.663: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state Active -> Init
*Mar   1 02:03:16.667: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23" state Active -> Init
*Mar   1 02:03:16.667: HSRP: Et1/0 Redirect adv out, Passive, active 0 passive 1
*Mar   1 02:03:16.671: HSRP: Et1/0 Grp 23 Resign out 172.16.23.1 Init     pri 100 vIP 172.16.23.254
*Mar   1 02:03:16.679: %OSPF-5-ADJCHG: Process 100, Nbr 172.16.23.2 on Ethernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar   1 02:03:16.679: HSRP: Et1/0 API Add active HSRP addresses to ARP table
*Mar   1 02:03:18.647: %LINK-5-CHANGED: Interface Ethernet1/0, changed state to administratively down
*Mar   1 02:03:18.647: HSRP: API Hardware state change
*Mar   1 02:03:19.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet1/0, changed state to down
*Mar   1 02:03:45.147: HSRP: Et1/0 Redirect adv out, Passive, active 0 passive 1

此时，R3，*Mar 1 02:03:21.655: %HSRP-6-STATECHANGE: Ethernet1/1 Grp 23 state Standby -> Active

转载于:https://blog.51cto.com/netsky1/240824