一、在多层交换网络中实现默认网关路由器冗余 1、代理ARP:主机使用ARP来确定前往远程目的地的下一跳的MAC地址,本地路由器使用其MAC地址来响应。(如果负责转发的路由器故障,主机需要等待ARP超时后,再学习到其他路由器的MAC) 2、IRDP(interior gateway routing protocol):ICMP的一种扩展,动态发现默认路由器的一种协议。很少用,发现故障慢。IRDP生命周期。 二、HSRP(hot standby routing protocol
一、在多层交换网络中实现默认网关路由器冗余 1、代理ARP:主机使用ARP来确定前往远程目的地的下一跳的MAC地址,本地路由器使用其MAC地址来响应。(如果负责转发的路由器故障,主机需要等待ARP超时后,再学习到其他路由器的MAC) 2、IRDP(interior gateway routing protocol):ICMP的一种扩展,动态发现默认路由器的一种协议。很少用,发现故障慢。IRDP生命周期。二、HSRP(hot standby routing protocol)的作用及原理 HSRP是cisco私有协议,在多台路由器之间共享的虚拟MAC地址和虚拟地址以及一个通过多播协议对LAN接口和串行接口进行监控的进程组成。虚拟成一个路由器(网关)提供服务,此时,PC的网关设置为虚拟网关地址。1、HSRP组件 一台活跃路由器(发hello、回应PC ARP请求)、一台备用路由器(发hello、监听)、一台虚拟路由器(PC网关)、其他HSRP成员路由器(监听)2、工作:协议包每3秒发送一次,持续10秒(3个周期)。HSRP被 UDP封装,端口号是1985。目标IP为224.0.0.23、虚拟MAC:0000.0c07.ac01 0000.0c厂商编号 07ac HSRP编号 01 组号,最多支持256个组(标识一个组)4、HSRP状态 Initial:初始状态,HSRP未全面动转,修改或接口启动进入此状态 Learn:学习状态,不知道虚拟IP,未看到活跃路由器发hello。等待活跃路由器发hello。 Listen:监听状态,知道虚拟IP。没有活动和备份路由器信息。(其他HSRP成员路由器都处于此状态) Speak:发方状态,定期发hello,参与选举活跃路由器选举。 Standby:备用状态,下一任活跃路由器,定期发hello。 Active:活跃状态,转发HSRP虚拟MAC地址和IP的数据包。定期发hello。三、配置及查看 1、单组HSRP配置(备份) Int vlan 2 Ip address 192.168.1.10 255.255.255.0 Standby 1 ip 192.168.1.1(配置虚拟IP,组号默认为0) Standby 1 priority 200(越高越好,默认为100) Standby 1 preemt(抢占,默认没有) Standby 1 track f0/1 110(跟踪上行端口,110降优先级) R()#standby 1 authentication ?(认证) WORD Plain text authentication string(默认cisco,明文显示) md5 Use MD5 authentication(md5加密) text Plain text authentication R(config-if)#standby 1 timers ?(时间,hello和hold time) <1-254> Hello interval in secondsmsec Specify hello interval in milliseconds(毫秒) 同一个组号可以有不同的IP(secondary)。仍由STP控制数据流。HSRP的主应该是STP的根。 2、多组HSRP(负载) 在同一子网内做多个虚拟网关,不同的PC网关设置不同。实现负载 interface Ethernet0/0ip address 11.11.1.1 255.255.255.0standby 1 ip 11.11.1.10standby 1 priority 150standby 1 preemptstandby 1 track Ethernet0/1 60standby 2 ip 11.11.1.20standby 2 priority 90standby 2 preemptstandby 2 track Ethernet0/1end 3、查看 Show standby Show standby briefR#debug standby ? errors HSRP errorsevents HSRP eventspackets HSRP packetsterse Display limited range of HSRP errors, events and packets三层交换机上实现HSRP HSRP是一种Cisco专有协议,它通过在冗余网关之间共享协议和MAC地址,提供了不间断的IP路径冗余。该协议由在两台路由器之间共享的虚拟 MAC地址和虚拟IP地址以及一个通过多波协议对LAN接口和串行接口进行监控的进程组成。HSRP支持将多台路由器用作备用默认网关。
将SW1和SW2组成一个HSRP组,实现路由器的冗余,首先按拓扑图所示配置IP地址,使用一台交换机来模拟PC,用一以路由器模拟WEB,在SW1、SW2和WEB之间配置EIGRP协议: sw1(config-if)#interface fa0/8sw1(config-if)#no switchportsw1(config-if)#ip address 10.1.1.3 255.255.255.0sw1(config-if)#no shutdownsw1(config-if)#interface vlan 1sw1(config-if)#ip address 10.1.2.3 255.255.255.0sw1(config-if)#no shutdownsw1(config-if)#exitsw1(config)#ip routingsw1(config)#router eigrp 100sw1(config-router)#network 10.0.0.0sw1(config-router)#no auto-summarysw2(config)#interface fa0/7sw2(config-if)#no switchportsw2(config-if)#ip address 10.1.1.2 255.255.255.0sw2(config-if)#no shutdownsw2(config-if)#interface vlan 1sw2(config-if)#ip address 10.1.2.2 255.255.255.0sw2(config-if)#no shutdownsw2(config-if)#exitsw2(config)#ip routingsw2(config)#router eigrp 100sw2(config-router)#network 10.0.0.0sw2(config-router)#no auto-summaryWEB(config)#interface fa0/1WEB(config-if)#ip address 10.1.1.4 255.255.255.0WEB(config-if)#no shWEB(config-if)#exitWEB(config)#router eigrp 100WEB(config-router)#network 10.0.0.0WEB(config-router)#no auto-summaryPC(config)#interface vlan 1PC(config-if)#ip address 10.1.2.100 255.255.255.0PC(config-if)#no shutdownPC(config-if)#exitPC(config)#ip default-gateway 10.1.2.1将PC的网关指向了10.1.2.1,这个地址将是HSRP组的虚拟IP地址,配置HSRP: sw1(config)#interface vlan 1sw1(config-if)#standby ip 10.1.2.1sw1(config-if)#standby preemptsw2(config)#interface vlan 1 sw2(config-if)#standby ip 10.1.2.1sw2(config-if)#standby preemptHSRP应在接口上配置,配置时应指定虚拟IP地址,参数preempt可以帮助优先级比较高的路由器在故障恢复后重新成为活跃路由器。查看HSRP信息: sw1#show standbyVlan1 - Group 0Local state is Active, priority 100, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 2.728Virtual IP address is 10.1.2.1 configuredActive router is localStandby router is unknownVirtual mac address is 0000.0c07.ac002 state changes, last state change 00:00:32IP redundancy name is "hsrp-Vl1-0" (default)sw2#show standbyVlan1 - Group 0Local state is Speak, priority 100, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 1.032Virtual IP address is 10.1.2.1 configuredActive router is 10.1.2.3, priority 100 expires in 7.176Standby router is unknown0 state changes, last state change neverIP redundancy name is "hsrp-Vl1-0" (default)可以发现两者在默认情况下优先级相同,由于SW1是先初始化的,所以成为了活跃路由器,而SW2是备份路由器。在PC上执行trace,查看路由情况: PC#trace 10.1.1.4Type escape sequence to abort.Tracing the route to 10.1.1.41 10.1.2.3 0 msec 4 msec 0 msec2 10.1.1.4 0 msec 4 msec *可以看见,数据包是通过目前的活跃路由器SW1转发的。如果将SW1与PC之间的链路断开,可以发现PC仍然能与WEB通讯,再次使用trace: PC#ping 10.1.1.4Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 msPC#trace 10.1.1.4Type escape sequence to abort.Tracing the route to 10.1.1.41 *10.1.2.2 0 msec 0 msec2 10.1.1.4 4 msec 0 msec *可以看到路径改为通过SW2,而在SW1和SW2上查看HSRP信息: sw1#show standbyVlan1 - Group 0Local state is Init (interface down), priority 100, may preemptHellotime 3 sec, holdtime 10 secVirtual IP address is 10.1.2.1 configuredActive router is unknownStandby router is unknown3 state changes, last state change 00:01:39IP redundancy name is "hsrp-Vl1-0" (default)sw2#show standbyVlan1 - Group 0Local state is Active, priority 100, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 2.954Virtual IP address is 10.1.2.1 configuredActive router is localStandby router is UnknownVirtual mac address is 0000.0c07.ac002 state changes, last state change 00:01:07IP redundancy name is "hsrp-Vl1-0" (default)可以看到此时SW1的状态是阻塞,而SW2成为了活跃路由器。将SW1与PC之间的链路恢复,再次查看SW1的HSRP信息: sw1#show standbyVlan1 - Group 0Local state is Listen, priority 100, may preemptHellotime 3 sec, holdtime 10 secVirtual IP address is 10.1.2.1 configuredActive router is 10.1.2.2, priority 100 expires in 9.448Standby router is unknown3 state changes, last state change 00:02:03IP redundancy name is "hsrp-Vl1-0" (default)sw1#show standbyVlan1 - Group 0Local state is Speak, priority 100, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 1.996Virtual IP address is 10.1.2.1 configuredActive router is 10.1.2.2, priority 100 expires in 9.164Standby router is unknown3 state changes, last state change 00:02:12IP redundancy name is "hsrp-Vl1-0" (default)sw1#show standbyVlan1 - Group 0Local state is Standby, priority 100, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 1.528Virtual IP address is 10.1.2.1 configuredActive router is 10.1.2.2, priority 100 expires in 7.384Standby router is local4 state changes, last state change 00:00:01IP redundancy name is "hsrp-Vl1-0" (default)可以看到SW1经过了监听、发言之后,最终成为了备份路由器。由于SW1和SW2都采用的是默认的优先级100,即使我们配置了抢占(preempt)选项,SW1也无法重新成为活跃路由器。此时,我们可以手工指定SW1的优先级:sw1(config)#interface vlan 1sw1(config-if)#standby priority 15000:23:25: %STANDBY-6-STATECHANGE: Vlan1 Group 0 state Standby -> Activesw1#show standbyVlan1 - Group 0Local state is Active, priority 150, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 2.252Virtual IP address is 10.1.2.1 configuredActive router is localStandby router is unknownVirtual mac address is 0000.0c07.ac005 state changes, last state change 00:00:03IP redundancy name is "hsrp-Vl1-0" (default)可以看到SW1重新成为了活跃路由器。此时,如果我们断开SW1与WEB之间的链路: sw1#show ip routeCodes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGPD - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter areaN1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGPi - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area* - candidate default, U - per-user static route, o - ODRP - periodic downloaded static routeGateway of last resort is not set 10.0.0.0/24 is subnetted, 2 subnetsC 10.1.2.0 is directly connected, Vlan1D 10.1.1.0 [90/28416] via 10.1.2.2, 00:01:49, Vlan1sw1#show standbyVlan1 - Group 0Local state is Active, priority 150, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 2.728Virtual IP address is 10.1.2.1 configuredActive router is localStandby router is unknownVirtual mac address is 0000.0c07.ac002 state changes, last state change 00:00:32IP redundancy name is "hsrp-Vl1-0" (default)PC#trace 10.1.1.4 Type escape sequence to abort.Tracing the route to 10.1.1.41 10.1.2.3 4 msec 0 msec 4 msec2 10.1.2.2 0 msec 0 msec 4 msec3 10.1.1.4 4 msec 0 msec *此时,SW1仍然保持它活跃路由器的身份,但是从SW1并不能直接到达WEB,流量会通过SW2转发,这样就带来了性能问题,可以通过配置track参数来解决这个问题。将WEB与SW1恢复连通,配置track参数: sw1(config)#interface vlan 1sw1(config-if)#standby track fa0/8 51这表示当Fa0/8出现问题时,SW1的优先级将自动减少51,这样能保证此时SW1的优先级比SW2更低,而让SW2成为活跃路由器。再次断开SW1与WEB之间的连接: sw1#show standbyVlan1 - Group 0Local state is Standby, priority 99 (confgd 150), may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 1.674Virtual IP address is 10.1.2.1 configuredActive router is 10.1.2.2, priority 100 expires in 7.516Standby router is local4 state changes, last state change 00:00:07IP redundancy name is "hsrp-Vl1-0" (default)Priority tracking 1 interface or object, 0 up:Interface or object Decrement StateFastEthernet0/8 51 Down (administratively down)可以看到此时SW1的优先级变成了99,成为了备份路由器。HSRP工作过程中,HSRP组中始终只有一台路由器处在转发状态,这无疑对资源造成了极大的浪费。我们可以能过配置多个HSRP组,对不同的HSRP组指定不同的活跃路由器,将主机的网关指向不同的虚拟IP地址,以达到负载均衡的目的。 删除之前的HSRP操作,创建两个HSRP组: sw1(config)#interface vlan 1sw1(config-if)#no standby ip 10.1.2.1sw1(config-if)#standby 1 ip 10.1.2.1sw1(config-if)#standby 1 preemptsw1(config-if)#standby 1 track fa0/8sw1(config-if)#standby 2 ip 10.1.2.254sw1(config-if)#standby 2 preemptsw1(config-if)#standby 2 priority 95sw1(config-if)#standby 2 track fa0/8sw2(config)#interface vlan 1sw2(config-if)#no standby ip 10.1.2.1sw2(config-if)#standby 1 ip 10.1.2.1sw2(config-if)#standby 1 preemptsw2(config-if)#standby 1 track fa0/7sw2(config-if)#standby 1 priority 95sw2(config-if)#standby 2 ip 10.1.2.254sw2(config-if)#standby 2 preempt我们对SW1和SW2的不同HSRP组分别配置了不同的优先级,保证他们在不同的组里处于不同的角色,实现了负载均衡: sw1#show standbyVlan1 - Group 1Local state is Active, priority 100, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 2.210Virtual IP address is 10.1.2.1 configuredActive router is localStandby router is unknownVirtual mac address is 0000.0c07.ac015 state changes, last state change 00:00:06IP redundancy name is "hsrp-Vl1-1" (default)Priority tracking 1 interface or object, 1 up:Interface or object Decrement StateFastEthernet0/8 10 UpVlan1 - Group 2Local state is Standby, priority 95, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 2.346Virtual IP address is 10.1.2.254 configuredActive router is 10.1.2.2, priority 100 expires in 7.680Standby router is local4 state changes, last state change 00:01:22IP redundancy name is "hsrp-Vl1-2" (default)Priority tracking 1 interface or object, 1 up:Interface or object Decrement StateFastEthernet0/8 10 Upsw2#show standby Vlan1 - Group 1Local state is Standby, priority 95, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 1.384Virtual IP address is 10.1.2.1 configuredActive router is 10.1.2.3, priority 100 expires in 9.872Standby router is local3 state changes, last state change 00:02:48IP redundancy name is "hsrp-Vl1-1" (default)Priority tracking 1 interface or object, 1 up:Interface or object Decrement StateFastEthernet0/7 10 UpVlan1 - Group 2Local state is Active, priority 100, may preemptHellotime 3 sec, holdtime 10 secNext hello sent in 1.358Virtual IP address is 10.1.2.254 configuredActive router is localStandby router is 10.1.2.3 expires in 7.908Virtual mac address is 0000.0c07.ac021 state changes, last state change 00:04:24IP redundancy name is "hsrp-Vl1-2" (default)Priority tracking 1 interface or object, 1 up:Interface or object Decrement StateFastEthernet0/7 10 Up在PC上使用trace命令: PC#trace 10.1.1.4Type escape sequence to abort.Tracing the route to 10.1.1.41 10.1.2.3 4 msec 0 msec 4 msec2 10.1.1.4 4 msec 0 msec *将PC的默认网关改为10.1.2.254,再次trace: PC(config)#ip default-gateway 10.1.2.254PC(config)#endPC#trace 10.1.1.4Type escape sequence to abort.Tracing the route to 10.1.1.41 10.1.2.2 1000 msec 0 msec 4 msec2 10.1.1.4 4 msec 0 msec *可以看到PC在两种情况下使用了不同的路由器来转发数据,实现了负载均衡的目的。 热备份HSRP配置
|
