一、HRSP
1、简介
在骨干网的设备连接中,单一的设备容易出现故障造成网络的中断,可靠性较差,如图所示,如果核心交换机出现问题,不能正常工作,会影响整个网络的通信,因为整个网络的数据转发是通过核心交换机实现。引擎故障、电源故障等都可能引起设备故障。为了提高网络的可靠性,避免单点故障,可以用引擎冗余、添加备用设备或线缆的方式来保证网络的可靠性和稳定性,如图所示,添加设备设置网关冗余。
当PC的数据需要转发至其他网段时,需要通过网关进行发的,而网关通过位于距离PC机最近的三层设备,如果网关出现故障,即三层设备出现故障时,就会影响网络之间的通信。
2、网关冗余主流解决方案
(1)HSRP(Host StandbyRouting Protocol):热备份路由协议,属于思科私有协议。
(2)VRRP(Virtual RouterRedundancy Protocol):虚拟路由冗余协议,属于IEEE制定。此协议除了实现细节上与HSRP有区别,实现原理及过程与HSRP基本相同。
3、HRSP路由器分类
多台路由器构成一个“热备份组”,形成一个虚拟路由器。
根据路由器的状态可分为:
☻活跃路由器
主要负责转发客户端发送到虚拟路由器上的数据包。活跃路由器通过发送Hello消息来承担和保持它活跃的角色。它是在HSRP选举过程中优先级最高的三层设备,即主网关。一组运行HSRP协议的设备上只有一台活跃路由器。
☻备份路由器
监视HSRP组中路由器的状态,如果活跃路由器出现故障,就立即承担起转发数据包的责任。备份路由器也发送Hello消息,告诉组中其他成员备份路由器的角色和状态变化。它是在HSRP选举过程中优先级次高的三层设备,即备份网关。
☻虚拟路由器
PC机的网关,有自己的虚拟IP地址和MAC地址,并不是真正的设备,它向客户端提供可以连续工作的路由器,但实际不转发数据包,数据包主要是活跃路由器进行转发。对于用户来说,整个HSRP组就是一台虚拟路由器,用户端的数据发往虚拟路由器。
☻监控路由器
监视HELLO消息,但不应答,这些路由器转发经由他们的数据包,但不转发虚拟路由器的数据包。在一组运行HSRP协议的三层设备中,如果设备数量超出两台,多余的就会成为监控路由器,只有当活跃路由器和备份路由器都出现故障时,监控路由器会成为新的活跃路由器或备份路由器。实际工程中使用监控路由器的情况较少。
4、工作原理
HSRP组中的每个路由器都有自己的优先级,可以作为选择活跃路由器的衡量值,Cisco路由器优先级默认值为100,取值范围为0-255,组中优先级最高的将被选为活跃路由器,次高的为备份路由器。如果优先级相同,接口IP地址大的路由器当选。如果在HSRP组内,除了活跃路由器和备份路由器,还有其他的路由器,它们会监听活跃路由器和备份路由器的状态,以实现更强的容错能力。
为了减少网络上的数据流量,在完成活跃路由器及备份路由器的设置后,只有活跃路由器和备份路由器发送HSRP消息。当活跃路由器出现故障失效时,备份路由器会成为新的活跃路由器。当备份路由器失效或者成为活跃路由器,其他路由器将被选为备份路由器。
在HSRP组中,指定一个虚拟IP地址作为网络的网关地址。运行HSRP的路由器发送和接收基于UDP的组播Hello消息来确定活跃路由器和备份路由器,检测路由器是否失效。活跃路由器选定后,将代替虚拟路由器对数据进行响应。如果主机发送数据到虚拟路由器的MAC地址,活跃路由器将接收并处理数据。如果主机向虚拟路由器的虚拟IP地址发送ARP解析请求,活跃路由器将使用虚拟MAC地址进行应答。如果活跃路由器在保持时间内没有发送一个Hello包,具有最高优先级的备份路由器将成为新的活跃路由器,网络中所有主机的数据通信将发送给新的活跃路由器。
二、VRRP
在VRRP协议中定义了路由器的三种状态:
初始状态(Initialize)
主状态(Master)
备份状态(Backup)
vrrp跟hrsp原来差不多,这里就不过多解释,给大家看看vrrp代码命令吧
三、单组HSRP配置
1、任务
网络中只有一个网段192.168.1.0/24,两台路由器通过HSRP配置网关备份,R1作为活跃路由器,端口Fa0/0地址192.168.1.1,R2作为备份路由器,端口Fa0/0地址192.168.1.2,PC的网关为192.168.1.254。
2、拓扑图
3、代码
(1)R1
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R1
R1(config)#int f0/0
R1(config-if)#ip add 192.168.1.1 255.255.255.0
R1(config-if)#standby 1 ip 192.168.1.254 //配置HSRP
R1(config-if)#standby 1 priority 120
R1(config-if)#standby 1 preempt
R1(config-if)#no shutdown
R1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#exit(2)R2
Router>en
Router#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Router(config)#hostname R2
R2(config)#int f0/0
R2(config-if)#ip add 192.168.1.2 255.255.255.0
R2(config-if)#standby 1 ip 192.168.1.254
R2(config-if)#standby 1 preempt
R2(config-if)#no shutdown
R2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R2(config-if)#exit4、测试
R1#show standby brief //查看HRSP配置
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 120 P Active local 192.168.1.2 192.168.1.254
//组号为1,优先级120,状态活跃,活跃路由器为local,备份路由器为192.168.1.2.虚拟IP为192.168.1.254R2#show standby brief //查看HRSP配置
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 100 P Standby 192.168.1.1 local 192.168.1.254
//组号为1,优先级为100,状态备份,活跃路由器为192.168.1.1,备份路由器为local,虚拟IP为192.168.1.254这里把R1路由器的F0/0接口断掉,看看R2会变成啥样
R1(config)#int f0/0
R1(config-if)#shutR2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 100 P Active local unknown 192.168.1.254
从这里可以看出R2已经变成活跃路由器了,PC和网关通信可能会暂时超时,之后任然可以与网关通信。
四、多组HSRP配置
1、任务
销售部和人事部分别使用VLAN10(10.1.1.0/24)和VLAN20(10.1.2.0/24),两台三层交换机通过HSRP配置网关备份,三层交换机SW1作为VLAN10的主网关、VLAN20的备份网关,三层交换机SW2作为VLAN10的备份网关、VLAN20的主网关。VLAN10的虚拟IP是10.1.1.254,VLAN20的虚拟IP是10.1.2.254。
2、拓扑图
3、代码
(1)SW1
创建vlan及vlan地址配置
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW1
SW1(config)#int vlan 10
SW1(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
SW1(config-if)#ip add 10.1.1.1 255.255.255.0
SW1(config-if)#exit
SW1(config)#int vlan 20
SW1(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
SW1(config-if)#ip add 10.1.2.1 255.255.255.0
SW1(config-if)#exit
SW1(config)#ip routing
Trunk链路配置
SW1(config)#int f0/1
SW1(config-if)#switchport trunk encapsulation dot1q
SW1(config-if)#switchport mode trunk
SW1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
SW1(config-if)#switchport trunk all vlan all
SW1(config-if)#no shut
SW1(config-if)#exit
HSRP配置
SW1(config)#int vlan 10
SW1(config-if)#standby 10 ip 10.1.1.254
SW1(config-if)#standby 10 priority 120
SW1(config-if)#standby 10 preempt
SW1(config-if)#exit
%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby
%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Standby -> Active
SW1(config)#int vlan 20
SW1(config-if)#standby 20 ip 10.1.2.254
SW1(config-if)#standby 20 preempt
SW1(config-if)#exit(2)SW2
创建vlan及vlan地址配置
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#exit
APPLY completed.
Exiting....
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#hostname SW2
SW2(config)#int vlan 10
SW2(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
SW2(config-if)#ip add 10.1.1.2 255.255.255.0
SW2(config-if)#exit
SW2(config)#int vlan 20
SW2(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
SW2(config-if)#ip add 10.1.2.2 255.255.255.0
SW2(config-if)#exit
SW2(config)#ip routing
Trunk链路配置
SW2(config)#int f0/1
SW2(config-if)#switchport trunk encapsulation dot1q
SW2(config-if)#switchport mode trunk
SW2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
SW2(config-if)#switchport trunk all vlan all
SW2(config-if)#no shut
SW2(config-if)#exit
HRSP配置
SW2(config)#int vlan 10
SW2(config-if)#standby 10 ip 10.1.1.254
SW2(config-if)#standby 10 preempt
SW2(config-if)#exit
SW2(config)#int vlan 20
SW2(config-if)#standby 20 ip 10.1.2.254
%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby
SW2(config-if)#standby 20 priority 120
SW2(config-if)#standby 20 preempt
SW2(config-if)#
%HSRP-6-STATECHANGE: Vlan20 Grp 20 state Standby -> Active
SW2(config-if)#exit(3)二层交换机
Switch>en
Switch#conf t
Enter configuration commands, one per line. End with CNTL/Z.
Switch(config)#vlan 10
Switch(config-vlan)#exit
Switch(config)#vlan 20
Switch(config-vlan)#exit
Switch(config)#
Trunk和access链路配置
Switch(config)#int range f0/1-2
Switch(config-if-range)#switchport mode trunk
Switch(config-if-range)#switchport trunk all vlan all
Switch(config-if-range)#exit
Switch(config)#int f0/3
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 10
Switch(config-if)#exit
Switch(config)#int f0/4
Switch(config-if)#switchport mode access
Switch(config-if)#switchport access vlan 20
Switch(config-if)#exit4、测试
SW1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 120 P Active local 10.1.1.2 10.1.1.254
Vl20 20 100 P Standby 10.1.2.2 local 10.1.2.254 SW2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 P Standby 10.1.1.1 local 10.1.1.254
Vl20 20 120 P Active local 10.1.2.1 10.1.2.254 五、HSRP上行链路跟踪
1、任务
1.本局域网有2个VLAN,生产业务VLAN10,办公业务VLAN20;
2. 为防止二层环路,需全网运行STP,将SW1部署为VLAN10的根网桥、VLAN20的备份根网桥,SW2部署为VLAN20的根网桥、VLAN10的备份根网桥,并将所有PC端接口配置为portfast端口;
3. 部署HSRP为内部VLAN提供网关备份,将SW1部署为VLAN10的主网关、VLAN20的备份网关,SW2部署为VLAN20的主网关、VLAN10的备份网关,实现负载均衡;
4. VLAN10、VLAN20的虚拟网关地址分别为192.168.10.1、192.168.20.1;
5. 要求VLAN10和VLAN20的主网关跟踪上行链路;
6. 切断上行链路,测试HSRP主备网关倒换。
2、拓扑图
3、代码
这里给大家配置思路
(1)先在SW1、SW2、SW3上创建vlan
(这里只给出了SW1的代码,大家自行完成SW2和SW3的vlan配置)
Switch>en
Switch#vlan database
% Warning: It is recommended to configure VLAN from config mode,
as VLAN database mode is being deprecated. Please consult user
documentation for configuring VTP/VLAN in config mode.
Switch(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
Switch(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
Switch(vlan)#exit
APPLY completed.
Exiting....(2)生成树配置
SW1(config)#spanning-tree vlan 10 priority 0 //配置为根交换机
SW1(config)#spanning-tree vlan 20 priority 4096 //配置为备份根交换机
SW2(config)#spanning-tree vlan 10 priority 4096 //配置为备份根交换机
SW2(config)#spanning-tree vlan 20 priority 0 //配置为根交换机(3) Trunk链路和Access链路配置
SW1(config)#int range f0/2-3
SW1(config-if-range)#switchport trunk encapsulation dot1q
SW1(config-if-range)#switchport mode trunk
SW1(config-if-range)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/2, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
SW1(config-if-range)#switchport trunk all vlan all
SW1(config-if-range)#no shut
SW1(config-if-range)#exit
SW2(config)#int range f0/2-3
SW2(config-if-range)#switchport trunk encapsulation dot1q
SW2(config-if-range)#switchport mode trunk
SW2(config-if-range)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/3, changed state to up
SW2(config-if-range)#switchport trunk all vlan all
SW2(config-if-range)#no shut
SW2(config-if-range)#exit
SW3(config)#int range f0/1-2
SW3(config-if-range)#switchport mode trunk
SW3(config-if-range)#switchport trunk all vlan all
SW3(config-if-range)#no shut
SW3(config-if-range)#exit
SW3(config)#int f0/3
SW3(config-if)#switchport mode access
SW3(config-if)#switchport access vlan 10
SW3(config-if)#exit
SW3(config)#int f0/4
SW3(config-if)#switchport mode access
SW3(config-if)#switchport access vlan 20
SW3(config-if)#exit
(4)端口IP地址配置
1、SW1和RT1上行链路IP地址配置
PT1(config)#int f0/0
PT1(config-if)#ip add 192.168.1.1 255.255.255.252
PT1(config-if)#no shut
PT1(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
PT1(config-if)#exit
SW1(config)#int f0/1
SW1(config-if)#no switchport
SW1(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
SW1(config-if)#ip add 192.168.1.2 255.255.255.252
SW1(config-if)#no shut
SW1(config-if)#exit
2、SW2和RT2上行链路IP地址配置
RT2(config)#int f0/0
RT2(config-if)#ip add 192.168.1.5 255.255.255.252
RT2(config-if)#no shut
RT2(config-if)#
%LINK-5-CHANGED: Interface FastEthernet0/0, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
RT2(config-if)#exit
SW2(config)#int f0/1
SW2(config-if)#no switchport
SW2(config-if)#
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to down
%LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/1, changed state to up
SW2(config-if)#ip add 192.168.1.6 255.255.255.252
SW2(config-if)#no shut
SW2(config-if)#exit
(5)VLAN地址配置
SW1(config)#int vlan 10
SW1(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
SW1(config-if)#ip add 192.168.10.3 255.255.255.0
SW1(config-if)#exit
SW1(config)#int vlan 20
SW1(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
SW1(config-if)#ip add 192.168.20.3 255.255.255.0
SW1(config-if)#exit
SW2(config)#int vlan 10
SW2(config-if)#
%LINK-5-CHANGED: Interface Vlan10, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan10, changed state to up
SW2(config-if)#ip add 192.168.10.4 255.255.255.0
SW2(config-if)#exit
SW2(config)#int vlan 20
SW2(config-if)#
%LINK-5-CHANGED: Interface Vlan20, changed state to up
%LINEPROTO-5-UPDOWN: Line protocol on Interface Vlan20, changed state to up
SW2(config-if)#ip add 192.168.20.4 255.255.255.0
SW2(config-if)#exit(6)HSRP和上行链路跟踪配置
(1)交换机SW1的HSRP和上行链路跟踪配置
SW1(config)#int vlan 10
SW1(config-if)#standby 10 ip 192.168.10.1 //配置组10的虚拟IP地址
SW1(config-if)#standby 10 priority 105 //配置组10的优先级为105
SW1(config-if)#standby 10 preempt //配置组10的抢占
SW1(config-if)#standby 10 track f0/1 //配置组10上行链路,其优先级默认减少值为10
SW1(config-if)#exit
SW1(config)#int vlan 20
SW1(config-if)#standby 20 ip 192.168.20.1
SW1(config-if)#standby 20 preempt
%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby
%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Standby -> Active
SW1(config-if)#exit
(2)交换机SW2的HSRP和上行链路跟踪配置
SW2(config)#int vlan 10
SW2(config-if)#standby 10 ip 192.168.10.1
SW2(config-if)#standby 10 preempt
SW2(config-if)#exit
SW2(config)#int vlan 20
SW2(config-if)#standby 20 ip 192.168.20.1
%HSRP-6-STATECHANGE: Vlan10 Grp 10 state Speak -> Standby
SW2(config-if)#standby 20 priority 105
SW2(config-if)#standby 20 preempt
SW2(config-if)#stan
%HSRP-6-STATECHANGE: Vlan20 Grp 20 state Standby -> Active
SW2(config-if)#standby 20 track f0/1
SW2(config-if)#exit4、测试
SW1#show standby brief //查看SW1的HSRP配置信息
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 105 P Active local 192.168.10.4 192.168.10.1
Vl20 20 100 P Standby 192.168.20.4 local 192.168.20.1 SW2#show standby brief //查看SW2的HSRP配置信息
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Vl10 10 100 P Standby 192.168.10.3 local 192.168.10.1
Vl20 20 105 P Active local 192.168.20.3 192.168.20.1 由以上信息可以得知,SW1为vlan10的主网关,vlan20的备份网关;SW2为vlan20的主网关,vlan10的备份网关。
大家可以去试试HSRP主备网关倒换测试看看有什么不一样的地方
六、单组VRRP配置和多组VRRP配置
HSRP和VRRP原理一样,前面说了HSRP是Cisco的私有协议,所以Cisco里面不能敲VRPP协议
但是gns3和ensp里面是可以用VRRP协议,如果有想学习ensp或者是gns3的宝子可以在评论区留言,我会在ensp的专栏里面出一份VRRP协议的配置命令