华为VRRP和NQA联动

 

拓扑图

 

 

--------------------------------------------------------------------------------------

ISP1、ISP2、NET配置OSPF进行模拟

[NET]int GigabitEthernet 0/0/0

[NET-GigabitEthernet0/0/0]ip add 100.1.1.2 24

[NET-GigabitEthernet0/0/0]quit

 

[NET]int GigabitEthernet 0/0/1

[NET-GigabitEthernet0/0/1]ip add 200.1.1.2 24

[NET-GigabitEthernet0/0/1]quit

 

[NET]int lo0

[NET-LoopBack0]ip add 8.8.8.8 24

[NET-LoopBack0]quit

 

[NET]ospf 1 router-id 3.3.3.3

[NET-ospf-1]area 0

[NET-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255

[NET-ospf-1-area-0.0.0.0]network 200.1.1.0 0.0.0.255

[NET-ospf-1-area-0.0.0.0]quit

[NET-ospf-1]import-route direct type 1

[NET-ospf-1]quit

 

[ISP1]int GigabitEthernet 0/0/1

[ISP1-GigabitEthernet0/0/1]ip add 100.1.1.1 24

[ISP1-GigabitEthernet0/0/1]quit

 

[ISP1]int GigabitEthernet 0/0/0

[ISP1-GigabitEthernet0/0/0]ip add 10.1.1.1 24

[ISP1-GigabitEthernet0/0/0]quit

 

[ISP1]ospf 1 router-id 1.1.1.1

[ISP1-ospf-1]area 0

[ISP1-ospf-1-area-0.0.0.0]network 100.1.1.0 0.0.0.255

[ISP1-ospf-1-area-0.0.0.0]quit

[ISP1-ospf-1]import-route direct type 1

[ISP1-ospf-1]quit

 

 

 

[ISP2]int GigabitEthernet 0/0/1

[ISP2-GigabitEthernet0/0/1]ip add 200.1.1.1 24

[ISP2-GigabitEthernet0/0/1]quit

 

[ISP2]int GigabitEthernet 0/0/0

[ISP2-GigabitEthernet0/0/0]ip add 20.1.1.1 24

[ISP2-GigabitEthernet0/0/0]quit

 

[ISP2]ospf 1 router-id 2.2.2.2

[ISP2-ospf-1]area 0

[ISP2-ospf-1-area-0.0.0.0]network 200.1.1.0 0.0.0.255

[ISP2-ospf-1-area-0.0.0.0]quit

[ISP2-ospf-1]import-route direct type 1

[ISP2-ospf-1]quit

 

------------------------------------------------------------------------

配置交换机core交换机

[SW-CORE]vlan batch 10 20 100

 

[SW-CORE]int vlan 10

[SW-CORE-Vlanif10]ip add 192.168.1.254 24

[SW-CORE-Vlanif10]quit

 

[SW-CORE]int vlan 20

[SW-CORE-Vlanif20]ip add 192.168.2.254 24

[SW-CORE-Vlanif20]quit

 

[SW-CORE]int vlan 100

[SW-CORE-Vlanif100]ip add 1.1.1.3 24

[SW-CORE-Vlanif100]quit

 

[SW-CORE]port-group 1

[SW-CORE-port-group-1]group-member Ethernet 0/0/1 to Ethernet 0/0/2

[SW-CORE-port-group-1]port link-type access

[SW-CORE-port-group-1]port default vlan 100

[SW-CORE-port-group-1]quit

 

[SW-CORE]int Ethernet0/0/10

[SW-CORE-Ethernet0/0/10]port link-type access

[SW-CORE-Ethernet0/0/10]port default vlan 10

[SW-CORE-Ethernet0/0/10]quit

 

[SW-CORE]int Ethernet0/0/20

[SW-CORE-Ethernet0/0/20]port link-type access

[SW-CORE-Ethernet0/0/20]port default vlan 20

[SW-CORE-Ethernet0/0/20]quit

 

[SW-CORE]ip route-static 0.0.0.0 0.0.0.0 1.1.1.10 //交换机默认路由的下一跳地址为virtual-ip的地址

 

------------------------------------------------------------------

 

GW1和GW2配置接口地址、路由、NAT

 

[GW1]int GigabitEthernet 0/0/0

[GW1-GigabitEthernet0/0/0]ip add 10.1.1.2 24

[GW1-GigabitEthernet0/0/0]quit

 

[GW1]int GigabitEthernet 0/0/1

[GW1-GigabitEthernet0/0/1]ip add 1.1.1.1 24

[GW1-GigabitEthernet0/0/1]quit

 

[GW1]ip route-static 0.0.0.0 0.0.0.0 10.1.1.1

[GW1]ip route-static 192.168.0.0 255.255.0.0 1.1.1.3

 

[GW1]acl 2000

[GW1-acl-basic-2000]rule permit source any

[GW1-acl-basic-2000]quit

 

[GW1]int g0/0/0

[GW1-GigabitEthernet0/0/0]nat outbound 2000

[GW1-GigabitEthernet0/0/0]quit

 

-------

 

[GW2]int GigabitEthernet 0/0/0

[GW2-GigabitEthernet0/0/0]ip add 20.1.1.2 24

[GW2-GigabitEthernet0/0/0]quit

 

[GW2]int GigabitEthernet 0/0/1

[GW2-GigabitEthernet0/0/1]ip add 1.1.1.2 24

[GW2-GigabitEthernet0/0/1]quit

 

[GW2]ip route-static 0.0.0.0 0.0.0.0 20.1.1.1

 

[GW2]ip route-static 192.168.0.0 255.255.0.0 1.1.1.3

 

[GW2]acl 2000

[GW2-acl-basic-2000]rule permit source any

[GW2-acl-basic-2000]quit

 

[GW2]int g0/0/0

[GW2-GigabitEthernet0/0/0]nat outbound 2000

[GW2-GigabitEthernet0/0/0]quit

 

---------------------------------------------------------

 

GW1和GW2配置VRRP

[GW1]int GigabitEthernet 0/0/1

[GW1-GigabitEthernet0/0/1]vrrp vrid 1 virtual-ip 1.1.1.10   //启用VRRP组和地址

[GW1-GigabitEthernet0/0/1]vrrp vrid 1 priority 120   //配置优先级，优先级大的选为Master

[GW1-GigabitEthernet0/0/1]vrrp vrid 1 track interface GigabitEthernet 0/0/0 reduced 50    //配置追踪接口

[GW1-GigabitEthernet0/0/1]quit

 

[GW2]int GigabitEthernet 0/0/1

[GW2-GigabitEthernet0/0/1]vrrp vrid 1 virtual-ip 1.1.1.10

[GW2-GigabitEthernet0/0/1]quit

 

注：华为VRRP的抢占默认是开启的

 

--------------------------------------------------

配置完之后，启动VRRP的两台路由器可以通过监测自身的设备情况来实现主备切换，实现网络冗余的作用

 

出现的问题：VRRP仅能监测本设备，链路上出现了问题是不能监测到的。

 

例如：交换机LSW2的e0/0/1口down，VRRP是监测不到的，GW1还会是master，网络会断掉

 

-------------------

应对办法：VRRP和NQA联动

 

 

配置NQA

[GW1]nqa test-instance admin nqa_vrrp  //创建一个nqa测试实例，测试管理账户名为admin，测试实例名称为nqa_icmp

[GW1-nqa-admin-nqa_icmp]test-type icmp   //测试类型为icmp协议测试

[GW1-nqa-admin-nqa_icmp]frequency 10   //指定连续两次探测时间间隔为10s

[GW1-nqa-admin-nqa_icmp]probe-count 2   //指定一次探测进行的测试次数

[GW1-nqa-admin-nqa_icmp]destination-address ipv4 100.1.1.1   //要测试的对端ip地址，会监测GW1到100.1.1.1之间的链路

[GW1-nqa-admin-nqa_icmp]start now   //启动当前测试例

[GW1-nqa-admin-nqa_icmp]quit

 

[GW1-nqa-admin-nqa_icmp]stop   //停止当前测试例*不需要配置

 

[GW1]dis nqa results  //查看网络测试性能

 

 

[GW1-GigabitEthernet0/0/1]vrrp vrid 1 track nqa admin nqa_vrrp reduced 50  //配置VRRP和NQA联动

 

----------------------------------------------------------------------------

测试验证

 

交换机LSW2的e0/0/1口down

 

 

 

ISP1的g0/0/0接口down