cisco VRRP(TRACK+SLA) 配置实例
cisco VRRP(TRACK+SLA) 配置实例
cisco VRRP(TRACK+SLA) 配置实例
You also want an ePaper? Increase the reach of your titles
YUMPU automatically turns print PDFs into web optimized ePapers that Google loves.
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
一.实验目的<br />
Cisco vrrp <strong>配置实例</strong>(本例主要测试 <strong>cisco</strong> track+sla 机制)<br />
注:本实验全部由 gns3 模拟所有设备<br />
二.实验拓扑<br />
三.具体操作<br />
1<br />
1. 基本配置<br />
QQ:1779737860<br />
相关设备的地址及连通配置,如上图所示各设备节点地址已经标注,此处配置<br />
部分省略!<br />
2. <strong>VRRP</strong> 基本配置<br />
1) vrrp 原理<br />
虚拟路由器冗余协议(<strong>VRRP</strong>)是一种选择协议,它可以把一个虚拟路由器<br />
的责任动态分配到局域网上的 <strong>VRRP</strong> 路由器中的一台。控制虚拟路由器 IP<br />
地址的 <strong>VRRP</strong> 路由器称为主路由器,它负责转发数据包到这些虚拟 IP 地<br />
址。一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,<br />
这就允许虚拟路由器的 IP 地址可以作为终端主机的默认第一跳路由器。使<br />
用 <strong>VRRP</strong> 的好处是有更高的默认路径的可用性而无需在每个终端主机上配
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
2<br />
置动态路由或路由发现协议。 <strong>VRRP</strong> 包封装在 IP 包中发送。<br />
2) vrrp 在此例中的基本配置<br />
R4<br />
R5<br />
3) vrrp 基本测试<br />
R4#<br />
R5#<br />
R4#show vrrp<br />
FastEthernet0/1 - Group 1<br />
State is Master<br />
R4(config)#int f 0/1<br />
R4(config-if)#vrrp 1 ip 192.168.2.1<br />
R4(config-if)#vrrp 1 priority 200<br />
R4(config-if)#vrrp 1 preempt<br />
R5(config)#int f 0/1<br />
R5(config-if)#vrrp 1 ip 192.168.2.1<br />
R5(config-if)#vrrp 1 priority 110<br />
R5(config-if)#vrrp 1 preempt<br />
Virtual IP address is 192.168.2.1<br />
Virtual MAC address is 0000.5e00.0101<br />
Advertisement interval is 1.000 sec<br />
Preemption enabled<br />
Priority is 255 (cfgd 200)<br />
Master Router is 192.168.2.1 (local), priority is 255<br />
Master Advertisement interval is 1.000 sec<br />
Master Down interval is 3.003 sec<br />
R5#show vrrp<br />
3. vrrp 的功能测试<br />
FastEthernet0/1 - Group 1<br />
State is Backup<br />
Virtual IP address is 192.168.2.1<br />
Virtual MAC address is 0000.5e00.0101<br />
Advertisement interval is 1.000 sec<br />
Preemption enabled<br />
Priority is 110<br />
Master Router is 192.168.2.1, priority is 255<br />
Master Advertisement interval is 1.000 sec<br />
Master Down interval is 3.570 sec (expires in 3.178 sec)<br />
QQ:1779737860<br />
第一种情况:当拓扑中 R4 的 f0/1 口 down 时,(如下图)我们测试 vrrp 的<br />
功能<br />
R5#show vrrp
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
3<br />
R5#<br />
PC1#<br />
FastEthernet0/1 - Group 1<br />
State is Master<br />
Virtual IP address is 192.168.2.1<br />
Virtual MAC address is 0000.5e00.0101<br />
Advertisement interval is 1.000 sec<br />
Preemption enabled<br />
Priority is 110<br />
Master Router is 192.168.2.2 (local), priority is 110<br />
Master Advertisement interval is 1.000 sec<br />
Master Down interval is 3.570 sec<br />
PC1#traceroute 1.1.1.1<br />
Type escape sequence to abort.<br />
Tracing the route to 1.1.1.1<br />
1 192.168.2.2 68 msec 40 msec 36 msec<br />
2 56.1.1.2 116 msec * 100 msec<br />
QQ:1779737860<br />
注:vrrp 组将原来的备用口(r5 的 f0/1 切换到 master<br />
状态,数据从 r5 这条链路上来!)<br />
第二种情况:当拓扑中,R4 的 f0/0 口 down 时,(如下图)我们测试 vrrp<br />
的功能<br />
R4#<br />
R4#show vrrp<br />
FastEthernet0/1 - Group 1<br />
State is Master<br />
Virtual IP address is 192.168.2.1<br />
Virtual MAC address is 0000.5e00.0101<br />
Advertisement interval is 1.000 sec<br />
Preemption enabled<br />
Priority is 255 (cfgd 120)<br />
Master Router is 192.168.2.1 (local), priority is 255<br />
Master Advertisement interval is 1.000 sec<br />
Master Down interval is 3.003 sec
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
4<br />
PC1#<br />
PC1#ping 1.1.1.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:<br />
U.U.U<br />
Success rate is 0 percent (0/5)<br />
PC1#tracer<br />
PC1#traceroute 1.1.1.1<br />
Type escape sequence to abort.<br />
Tracing the route to 1.1.1.1<br />
1 192.168.2.1 36 msec 60 msec 20 msec<br />
2 192.168.2.1 !H * !H<br />
QQ:1779737860<br />
注:此时 R4 的 f0/1 口仍然充当 Master 角色,数据依然<br />
决定从 R4 这条链路上来,然而此时的出口 f0/0 处于<br />
down 状态,数据从 f0/1 口上来后无法进行正常转发!<br />
对于这种情况的解决方法是:<br />
在 R4 的 vrrp 组下,启用 track 端口机制,即当发现 R4 的出口(f0/0)<br />
出现 down 状态时,通过降低本端设备 vrrp 优先级的方式来达到备用 vrrp<br />
服务器切换到 MASTER 状态,从而保证数据正常传输的方法!具体操作如<br />
下:<br />
R5 相关命令<br />
更改 f0/1 地址 R4(config-if)#ip add 192.168.2.3 255.255.255.0<br />
定义 track 语句 R4(config)#track 1 interface fastEthernet 0/0 line-protocol<br />
应用 track R4(config-if)#vrrp 1 track 1 decrement 90<br />
注:可能有人对于更改 f0/1 口地址这步比较迷惑,原因是这样的:如果 vrrp<br />
要做 track 就不能将让虚拟路由器的 ip 地址和真实路由器的 IP 地址相同<br />
如果使用真实路由器的 IP 地址作为虚拟路由 IP 地址的话,优先级将会被固<br />
定为 255,不能通过 track 来 object 来减少<br />
R4#show vrrp<br />
FastEthernet0/1 - Group 1<br />
State is Backup<br />
Virtual IP address is 192.168.2.1<br />
Virtual MAC address is 0000.5e00.0101<br />
Advertisement interval is 1.000 sec<br />
Preemption enabled<br />
Priority is 30 (cfgd 120)
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
5<br />
R4#<br />
R5#<br />
PC1#<br />
Track object 1 state Down decrement 90<br />
Master Router is 192.168.2.2, priority is 110<br />
Master Advertisement interval is 1.000 sec<br />
Master Down interval is 3.531 sec (expires in 3.219 sec)<br />
R5#show vrrp<br />
FastEthernet0/1 - Group 1<br />
State is Master<br />
Virtual IP address is 192.168.2.1<br />
Virtual MAC address is 0000.5e00.0101<br />
Advertisement interval is 1.000 sec<br />
Preemption enabled<br />
Priority is 110<br />
Master Router is 192.168.2.2 (local), priority is 110<br />
Master Advertisement interval is 1.000 sec<br />
Master Down interval is 3.570 sec<br />
PC1#ping 1.1.1.1<br />
Type escape sequence to abort.<br />
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:<br />
!!!!!<br />
QQ:1779737860<br />
Success rate is 100 percent (5/5), round-trip min/avg/max = 52/64/76 ms<br />
第三种情况:当拓扑中,R6 的 f0/0 口 down 时,(如下图)<br />
我们测试 vrrp 的功能<br />
R4#show vrrp<br />
FastEthernet0/1 - Group 1<br />
State is Master<br />
Virtual IP address is 192.168.2.1<br />
Virtual MAC address is 0000.5e00.0101<br />
Advertisement interval is 1.000 sec<br />
Preemption enabled
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
6<br />
R4#<br />
Priority is 120<br />
Track object 1 state Up decrement 90<br />
Master Router is 192.168.2.3 (local), priority is 120<br />
Master Advertisement interval is 1.000 sec<br />
Master Down interval is 3.531 sec<br />
QQ:1779737860<br />
注:此时由于 r4 的出口 f0/0 处于 up 状态,数据从 r4 上<br />
来后由 f0/0 口出去,由于下一跳链路故障导致,数据依<br />
然无法正常传输!<br />
对于这种情况的解决方法是:要求 vrrp 在运行中具有检测吓一跳地址<br />
状态的机制,即 track+sla,具体操作如下:<br />
R4 相关命令<br />
Sla 相关 R4(config)#ip sla 11<br />
R4(config-ip-sla)#icmp-echo 46.1.1.2<br />
R4(config)#icmp-echo 46.1.1.2 source-interface FastEthernet0/1<br />
R4(config)# ip sla schedule 11 life forever start-time now<br />
Track 相关 R4(config)#track 11 rtr 11 reachability<br />
vrrp 应用 R4(config-if)#vrrp 1 track 11 decrement 50<br />
R4(config-if)#<br />
*Mar 1 04:31:59.222: %<strong>VRRP</strong>-6-STATECHANGE: Fa0/1 Grp 1 state Master -><br />
Backup<br />
R4(config-if)#<br />
R4#show vrrp<br />
FastEthernet0/1 - Group 1<br />
R4#<br />
State is Backup<br />
Virtual IP address is 192.168.2.1<br />
Virtual MAC address is 0000.5e00.0101<br />
Advertisement interval is 1.000 sec<br />
Preemption enabled<br />
Priority is 70 (cfgd 120)<br />
Track object 11 state Down decrement 50<br />
Master Router is 192.168.2.2, priority is 110<br />
Master Advertisement interval is 1.000 sec<br />
Master Down interval is 3.531 sec (expires in 2.683 sec)<br />
注:此种情况对于解决 r4 的 f0/0 端口 down 或是 r6 的 f0/0 口 down 都启作用,
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
7<br />
是使用 vrrp 及 hsrp 的必备配置!<br />
4. 路由器 R4 配置存根<br />
R4#show run<br />
Building configuration...<br />
Current configuration : 1050 bytes<br />
!<br />
version 12.4<br />
service timestamps debug datetime msec<br />
service timestamps log datetime msec<br />
no service password-encryption<br />
!<br />
hostname R4<br />
!<br />
boot-start-marker<br />
boot-end-marker<br />
!<br />
!<br />
no aaa new-model<br />
memory-size iomem 5<br />
!<br />
!<br />
ip cef<br />
no ip domain lookup<br />
!<br />
!<br />
ip auth-proxy max-nodata-conns 3<br />
ip admission max-nodata-conns 3<br />
!<br />
multilink bundle-name authenticated<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
QQ:1779737860
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
8<br />
!<br />
archive<br />
!<br />
!<br />
!<br />
!<br />
!<br />
log config<br />
hidekeys<br />
track 11 rtr 11 reachability<br />
!<br />
!<br />
!<br />
!<br />
interface FastEthernet0/0<br />
!<br />
ip address 46.1.1.1 255.255.255.0<br />
duplex auto<br />
speed auto<br />
interface FastEthernet0/1<br />
!<br />
ip address 192.168.2.3 255.255.255.0<br />
duplex auto<br />
speed auto<br />
vrrp 1 ip 192.168.2.1<br />
vrrp 1 priority 120<br />
vrrp 1 track 11 decrement 50<br />
no ip http server<br />
no ip http secure-server<br />
!<br />
ip forward-protocol nd<br />
ip route 0.0.0.0 0.0.0.0 46.1.1.2<br />
!<br />
!<br />
ip sla 11<br />
icmp-echo 46.1.1.2 source-interface FastEthernet0/1<br />
ip sla schedule 11 life forever start-time now<br />
!<br />
!<br />
!<br />
!<br />
control-plane<br />
!<br />
QQ:1779737860
Multilayer S <strong>cisco</strong> <strong>VRRP</strong>(<strong>TRACK+SLA</strong>) <strong>配置实例</strong><br />
9<br />
R4#<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
!<br />
line con 0<br />
exec-timeout 0 0<br />
logging synchronous<br />
line aux 0<br />
line vty 0 4<br />
!<br />
!<br />
end<br />
QQ:1779737860
Change language