前言
随着网络的发展,人们对网络传输中安全性和稳定性的要求越来越高,本文就VRRP展开描述
一、VRRP是什么?
VRRP是虚拟路由器冗余协议,是由Internet工程任务组制定的一种路由备份冗余协议。
二、VRRP简述
1.工作原理
将系统中的多台路由器组成VRRP组,该组拥有同一个虚拟IP地址作为LAN的默认网关地址。在任何时刻,一个组内控制虚拟IP地址的路由器是主路由器(Master),由它来转发数据包。如果主路由器发生了故障,VRRP组将选择一个优先级最高的冗余备份路由器(Backup)作为新的主路由器,从而保证业务流量的平滑切换。
2.VRRP术语
VRRP路由器: 运行VRRP的路由器。一台VRRP路由器(的接口)可以同时参与到多个VRRP组中,在不同的组中,一台VRRP路由器可以充当不同的角色。
VRRP组: 一个VRRP组由多个VRRP路由器组成,使用相同的VRID进行标识,属于同一VRRP组的VVRP路由器互相交换信息,每一个VRRP组中只能有一个Master
虚拟路由器:对于每一个VRRP路由器组,抽象出来的一个逻辑路由器,该路由器充当网络用户的网关,该路由器并非真实存在
虚拟IP地址:虚拟路由器的IP,实际上就是用户的网关地址
虚拟MAC地址:虚拟路由器根据VRID生成的MAC地址,一个虚拟路由器拥有一个虚拟MAC地址,格式为 00-00-5E-00-01-{VRID}
Master路由器:在VRRP组中实际转发数据包的路由器,在每一个VRRP组中,仅有Master响应对虚拟IP的ARP请求。Master路由器同时以一定的时间间隔发送VRRP消息,以便通知Backup路由器自己的存活状态
Backup路由器:处于监听状态的路由器,一旦Master路由器出现故障,Backup路由器就开始接替工作
Master路由器和Backup路由器选举:先比较接口VRRP优先级(比大),如果相等,则比较接口IP地址(比大)
3.VRRP状态机
VRRP协议的状态共有,分别是Initialize,Master,Backup,初始状态都是Initialize,通过比较优先级产生Master和Backup,在规定时间内,Backup若没有收到Master发来的心跳报文,将切换为Master总结
一组路由器(同一个LAN中接口)协同工作,但只有处于Master状态的路由器(的接口)承担实际的数据流量转发任务。在一个VRRP组内的多个路由器接口共用一个虚拟IP地址,该地址被作为局域网内所有主机的缺省网关地址
实验
1.vrrp+单臂路由
实验要求:sw1和sw2配置vrrp,sw1作为vlan10的主,vlan20的备,sw2相反,使得pc1和pc2都可以ping通各自网关,测试断掉一条线路不影响结果
(1)SW1配置
[SW1] dis cu
#
sysname SW1
#
undo info-center enable
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.1.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254
vrrp vrid 1 priority 110
#
interface Vlanif20
ip address 192.168.2.253 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.254
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
(2)SW2配置
[SW2]dis cu
#
sysname SW2
#
undo info-center enable
#
vlan batch 10 20
#
interface Vlanif10
ip address 192.168.1.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254
#
interface Vlanif20
ip address 192.168.2.252 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.254
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
(3)SW3配置
[SW3]dis cu
#
sysname SW3
#
undo info-center enable
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
(4)检验
①sw1作为vlan10的主,vlan20的备
[SW1] dis vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif10 Normal 192.168.1.254
2 Backup Vlanif20 Normal 192.168.2.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
[SW1]
②sw2作为vlan10的备,vlan20的主
[SW2]dis vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Backup Vlanif10 Normal 192.168.1.254
2 Master Vlanif20 Normal 192.168.2.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
[SW2]
③pc1和pc2可以ping通各自网关
④断开一条线路,不影响
2.vrrp+静态路由
实验要求:R1和R2上的g0/0/0配置子接口使得pc1和pc2能ping通3.3.3.3
(1)R1配置
<R1>dis cu
[V200R003C00]
#
sysname R1
#
#
undo info-center enable
#
interface GigabitEthernet0/0/0.1
dot1q termination vid 10
ip address 192.168.1.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254
vrrp vrid 1 priority 110
arp broadcast enable
#
interface GigabitEthernet0/0/0.2
dot1q termination vid 20
ip address 192.168.2.253 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.254
arp broadcast enable
#
interface GigabitEthernet0/0/1
ip address 13.0.0.1 255.255.255.0
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 13.0.0.2
#
(2)R2配置
<R2>dis cu
[V200R003C00]
#
sysname R2
#
undo info-center enable
#
wlan ac-global carrier id other ac id 0
#
interface GigabitEthernet0/0/0.1
dot1q termination vid 10
ip address 192.168.1.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254
arp broadcast enable
#
interface GigabitEthernet0/0/0.2
dot1q termination vid 20
ip address 192.168.2.252 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.254
vrrp vrid 2 priority 110
arp broadcast enable
#
interface GigabitEthernet0/0/1
ip address 23.0.0.1 255.255.255.0
#
ip route-static 0.0.0.0 0.0.0.0 23.0.0.2
#
(3)R3配置
interface GigabitEthernet0/0/0
ip address 13.0.0.2 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 23.0.0.2 255.255.255.0
#
interface NULL0
#
interface LoopBack0
ip address 3.3.3.3 255.255.255.255
#
ip route-static 192.168.0.0 255.255.0.0 13.0.0.1
ip route-static 192.168.0.0 255.255.0.0 23.0.0.1
#
(4)检验
3.vrrp+mstp
实验要求:交换机配置mstp+vrrp,sw1作为vlan10的主,vlan20的备,
sw2相反,使得pc1和pc2可以互通
(1)SW1配置
[SW1]dis cu
#
sysname SW1
#
undo info-center enable
#
vlan batch 10 20
#
stp instance 1 root primary
stp instance 2 root secondary
#
cluster enable
ntdp enable
ndp enable
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name wd
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
interface Vlanif10
ip address 192.168.10.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
vrrp vrid 1 priority 110
#
interface Vlanif20
ip address 192.168.20.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.20.254
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
(2)SW2配置
<SW2>dis cu
#
sysname SW2
#
undo info-center enable
#
vlan batch 10 20
#
stp instance 1 root secondary
stp instance 2 root primary
#
stp region-configuration
region-name wd
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.10.254
#
interface Vlanif20
ip address 192.168.20.252 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.20.254
vrrp vrid 2 priority 110
#
interface MEth0/0/1
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
(3)SW3配置
[SW3]dis cu
#
sysname SW3
#
undo info-center enable
#
vlan batch 10 20
#
stp region-configuration
region-name wd
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
interface GigabitEthernet0/0/1
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface GigabitEthernet0/0/4
port link-type trunk
port trunk allow-pass vlan 2 to 4094
(4)检验
①sw1作为vlan10的主,vlan20的备
[SW1-Vlanif20]dis vrrp br
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif10 Normal 192.168.10.254
2 Backup Vlanif20 Normal 192.168.20.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
[SW1-Vlanif20]
①sw2作为vlan20的主,vlan10的备
<SW2>dis vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Backup Vlanif10 Normal 192.168.10.254
2 Master Vlanif20 Normal 192.168.20.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
<SW2>
③stp查询
[SW3]dis stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet0/0/1 DESI FORWARDING NONE
0 GigabitEthernet0/0/2 DESI FORWARDING NONE
0 GigabitEthernet0/0/3 DESI FORWARDING NONE
0 GigabitEthernet0/0/4 DESI FORWARDING NONE
1 GigabitEthernet0/0/1 DESI FORWARDING NONE
1 GigabitEthernet0/0/3 ROOT FORWARDING NONE
1 GigabitEthernet0/0/4 ALTE DISCARDING NONE
2 GigabitEthernet0/0/2 DESI FORWARDING NONE
2 GigabitEthernet0/0/3 ALTE DISCARDING NONE
2 GigabitEthernet0/0/4 ROOT FORWARDING NONE
[SW3]
④pc1和pc2互ping
1227
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
