MSTP+VRRP配置

  1. 项目拓扑与项目需求
  2. MSTP+VRRP配置_第1张图片

项目需求:某公司内部为了实现高冗余性,部署了两台汇聚交换机,分别为LSW1、LSW2,AR1为公司的出口设备。公司内部有两个部门,分别划分在vlan10和vlan20。现在需要实现以下需求:

  • 由于汇聚层和接入层采用二层组网,需要使用MSTP防止环路。
  • LSW1和LSW2作为内部设备的网关,使用VRRP技术实现网关冗余,效果为LSW1为vlan10的主网关,LSW2为vlan20的主网关。
  • 在LSW1和LSW2 的OSPF进程上引入vlan10和vlan20的IP网段时,使用route-policy(if-match不同的vlanif,设置不同的cost值),效果为PC1回包流量路径规划如下:

PC2访问PC1的回包路径为PC1-AR2-AR1-LSW1-LSW3-PC2,PC3的回包路径为PC1-AR2-LSW2-LSW4-PC3。

  • 当LSW1的上行链路故障时,PC2访问外网的路径为PC2-LSW3-LSW2-AR1,LSW2的上行链路故障时,PC3访问外网的路径为PC3-LSW4-LSW2-AR1。

  1. 实验步骤

步骤1:配置MSTP

1)配置MSTP

[LSW1]stp region-configuration

[LSW1-mst-region]region-name huawei

[LSW1-mst-region]revision-level 1

[LSW1-mst-region]instance 10 vlan 10

[LSW1-mst-region]instance 20 vlan 20

[LSW1-mst-region]active region-configuration

其他交换机同理,不做赘述

2)在交换机上划分vlan,并配置接口链路类型

此时配置的实例生效:

[LSW1]display brief

 MSTID  Port                        Role  STP State     Protection

   0    GigabitEthernet0/0/1        DESI  FORWARDING      NONE

   0    GigabitEthernet0/0/2        DESI  FORWARDING      NONE

   0    GigabitEthernet0/0/3        ALTE  DISCARDING      NONE

   0    GigabitEthernet0/0/4        ROOT  FORWARDING      NONE

  10    GigabitEthernet0/0/2        DESI  FORWARDING      NONE

  10    GigabitEthernet0/0/3        ALTE  DISCARDING      NONE

  10    GigabitEthernet0/0/4        ROOT  FORWARDING      NONE

  20    GigabitEthernet0/0/2        DESI  FORWARDING      NONE

  20    GigabitEthernet0/0/3        ALTE  DISCARDING      NONE

  20    GigabitEthernet0/0/4        ROOT  FORWARDING      NONE

可得LSW1 不为根桥,修改 LSW1 为vlan10的主网关,避免引起次优路径的问题

配置LSW1为实例10的根桥

[LSW1]stp instance 10 root primary

[LSW1]stp instance 20 root secondary

配置LSW2为vlan的主网关,不做赘述

查看配置:

[LSW1]display stp brief

 MSTID  Port                        Role  STP State     Protection

   0    GigabitEthernet0/0/1        DESI  FORWARDING      NONE

   0    GigabitEthernet0/0/2        DESI  FORWARDING      NONE

   0    GigabitEthernet0/0/3        ALTE  DISCARDING      NONE

   0    GigabitEthernet0/0/4        ROOT  FORWARDING      NONE

  10    GigabitEthernet0/0/2        DESI  FORWARDING      NONE

  10    GigabitEthernet0/0/3        DESI  FORWARDING      NONE

  10    GigabitEthernet0/0/4        DESI  FORWARDING      NONE

  20    GigabitEthernet0/0/2        DESI  LEARNING        NONE

  20    GigabitEthernet0/0/3        ROOT  FORWARDING      NONE

  20    GigabitEthernet0/0/4        DESI  FORWARDING      NONE

配置成功

步骤2:配置VRRP

  1. 配置主网关

[LSW1]interface Vlanif 10

[LSW1-Vlanif10]ip address 10.1.1.252 24

[LSW1]interface Vlanif 20

[LSW1-Vlanif20]ip address 20.1.1.252 24

[LSW2]interface Vlanif 10

[LSW2-Vlanif10]ip address 10.1.1.253 24

[LSW2]interface Vlanif 20

[LSW2-Vlanif20]ip address 20.1.1.253 24

  1. 修改优先级主备切换

LSW1的配置:

[LSW1]interface Vlanif10

[LSW1-Vlanif10]ip address 10.1.1.252 255.255.255.0

[LSW1-Vlanif10]vrrp vrid 1 virtual-ip 10.1.1.254

[LSW1-Vlanif10]vrrp vrid 1 priority 120

[LSW1]interface Vlanif20

[LSW1-Vlanif20]ip address 20.1.1.252 255.255.255.0

[LSW1-Vlanif20]vrrp vrid 2 virtual-ip 20.1.1.254

LSW2的配置:

[LSW2]interface Vlanif10

[LSW2-Vlanif10]ip address 10.1.1.253 255.255.255.0

[LSW2-Vlanif10]vrrp vrid 1 virtual-ip 10.1.1.254

[LSW2]interface Vlanif20

[LSW2-Vlanif20]ip address 20.1.1.253 255.255.255.0

[LSW2-Vlanif20]vrrp vrid 2 virtual-ip 20.1.1.254

[LSW2-Vlanif20]vrrp vrid 2 priority 120

  1. 测试

查看VRRP配置:

[LSW1]display vrrp brief

VRID  State        Interface                Type     Virtual IP    

----------------------------------------------------------------

1     Master       Vlanif10                 Normal   10.1.1.254    

2     Backup       Vlanif20                 Normal   20.1.1.254    

----------------------------------------------------------------

Total:2     Master:1     Backup:1     Non-active:0  

测试网络连通性:

PC>ping 10.1.1.254

Ping 10.1.1.254: 32 data bytes, Press Ctrl_C to break

From 10.1.1.254: bytes=32 seq=1 ttl=255 time=78 ms

From 10.1.1.254: bytes=32 seq=2 ttl=255 time=47 ms

From 10.1.1.254: bytes=32 seq=3 ttl=255 time=31 ms

From 10.1.1.254: bytes=32 seq=4 ttl=255 time=47 ms

From 10.1.1.254: bytes=32 seq=5 ttl=255 time=47 ms

--- 10.1.1.254 ping statistics ---

  5 packet(s) transmitted

  5 packet(s) received

  0.00% packet loss

  round-trip min/avg/max = 31/50/78 ms

PC>

步骤3:运行OSPF,并配置NAT,实现网络互联互通

  1. 配置OSPF

LSW1的配置:

[LSW1-Vlanif1]ip address 10.0.11.2 24

[LSW1]ospf 1

[LSW1-ospf-1]import-route direct //以路由引入的方式,方便做选路

[LSW1-ospf-1]area 0

[LSW1-ospf-1-area-0.0.0.0]network 10.0.11.0 0.0.0.255 //只宣告一个网段

LSW2的配置:

[LSW2-Vlanif1]ip address 10.0.12.2 24

[LSW2]ospf 1

[LSW2-ospf-1]import-route direct

[LSW2-ospf-1]area 0

[LSW2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

AR1的配置:

[AR1]ospf 1

[AR1-ospf-1-area-0.0.0.0]network 10.0.11.0 0.0.0.255

[AR1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

查看协议:

[AR1]display ip routing-table protocol  ospf

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Public routing table : OSPF

         Destinations : 4        Routes : 6       

OSPF routing table status :

         Destinations : 4        Routes : 6

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  O_ASE   150  1           D   10.0.11.2       GigabitEthernet

0/0/0

                    O_ASE   150  1           D   10.0.12.2       GigabitEthernet

0/0/1

     10.1.1.254/32  O_ASE   150  1           D   10.0.11.2       GigabitEthernet

0/0/0

       20.1.1.0/24  O_ASE   150  1           D   10.0.11.2       GigabitEthernet

0/0/0

                    O_ASE   150  1           D   10.0.12.2       GigabitEthernet

0/0/1

     20.1.1.254/32  O_ASE   150  1           D   10.0.12.2       GigabitEthernet

0/0/1

OSPF routing table status :

         Destinations : 0        Routes : 0

(2)NAT配置

[AR1]acl 2000

[AR1-acl-basic-2000]rule permit source any

[AR1-acl-basic-2000]interface g0/0/2

[AR1-GigabitEthernet0/0/2]nat outbound 2000

[AR1-GigabitEthernet0/0/2]quit

配置AR1去往外网的路由:

[AR1]ip route-static 0.0.0.0 0 64.1.1.2  //配置去往外网路由

[AR1]ping 100.1.1.1

  PING 100.1.1.1: 56  data bytes, press CTRL_C to break

    Reply from 100.1.1.1: bytes=56 Sequence=1 ttl=127 time=20 ms

    Reply from 100.1.1.1: bytes=56 Sequence=2 ttl=127 time=30 ms

    Reply from 100.1.1.1: bytes=56 Sequence=3 ttl=127 time=20 ms

    Reply from 100.1.1.1: bytes=56 Sequence=4 ttl=127 time=20 ms

    Reply from 100.1.1.1: bytes=56 Sequence=5 ttl=127 time=20 ms

  --- 100.1.1.1 ping statistics ---

    5 packet(s) transmitted

    5 packet(s) received

    0.00% packet loss

round-trip min/avg/max = 20/22/30 ms

配置PC端去往外网的路由:

[AR1-ospf-1]default-route-advertise  //下发默认路由

PC>ping 100.1.1.1

Ping 100.1.1.1: 32 data bytes, Press Ctrl_C to break

From 100.1.1.1: bytes=32 seq=1 ttl=125 time=62 ms

From 100.1.1.1: bytes=32 seq=2 ttl=125 time=63 ms

From 100.1.1.1: bytes=32 seq=3 ttl=125 time=78 ms

From 100.1.1.1: bytes=32 seq=4 ttl=125 time=47 ms

From 100.1.1.1: bytes=32 seq=5 ttl=125 time=62 ms

--- 100.1.1.1 ping statistics ---

  5 packet(s) transmitted

  5 packet(s) received

  0.00% packet loss

  round-trip min/avg/max = 47/62/78 ms

PC>

步骤4:按需求写路由策略,实现PC2访问PC1的回包路径为PC1-AR2-AR1-LSW1-LSW3-PC2,PC3的回包路径为PC1-AR2-LSW2-LSW4-PC3

LSW1的配置

[LSW1-route-policy]route-policy 1 permit node 10

[LSW1-route-policy]if-match interface Vlanif20

[LSW1-route-policy]apply cost 100

[LSW1]route-policy 1 permit node 20

Info: New Sequence of this List.

[LSW1-ospf-1]import-route direct route-policy 1  //调用策略

查看路由表:

dis ip routing-table protocol ospf

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Public routing table : OSPF

         Destinations : 4        Routes : 5       

OSPF routing table status :

         Destinations : 4        Routes : 5

Destination/Mask    Proto   Pre  Cost      Flags NextHop         Interface

       10.1.1.0/24  O_ASE   150  1           D   10.0.11.2       GigabitEthernet

0/0/0

                    O_ASE   150  1           D   10.0.12.2       GigabitEthernet

0/0/1

     10.1.1.254/32  O_ASE   150  1           D   10.0.11.2       GigabitEthernet

0/0/0

       20.1.1.0/24  O_ASE   150  1           D   10.0.12.2       GigabitEthernet

0/0/1

     20.1.1.254/32  O_ASE   150  1           D   10.0.12.2       GigabitEthernet

0/0/1

OSPF routing table status :

         Destinations : 0        Routes : 0

由表可知去往20网段下一跳相同

LSW2的配置

[LSW2] route-policy 1 permit node 10

[LSW2-route-policy]if-match interface Vlanif10

[LSW2-route-policy]apply cost 100

[LSW2]route-policy 1 permit node 20

[LSW2-ospf-1]import-route  direct route-policy 1 

步骤5:配置上行链路故障联动下行,实现需求4

LSW1的配置:

[LSW1]display vrrp

  Vlanif10 | Virtual Router 1

    State : Backup

    Virtual IP : 10.1.1.254

    Master IP : 10.1.1.253

    PriorityRun : 80 //减少40

    PriorityConfig : 120//配置120

    MasterPriority : 100

    Preempt : YES   Delay Time : 0 s

    TimerRun : 1 s

    TimerConfig : 1 s

    Auth type : NONE

    Virtual MAC : 0000-5e00-0101

    Check TTL : YES

    Config type : normal-vrrp

    Track IF : GigabitEthernet0/0/1   Priority reduced : 40

    IF state : DOWN

Create time : 2023-07-25 15:28:52 UTC-08:00

联动接口:

[LSW1]monitor-link group 1

[LSW1-mtlk-group1]port GigabitEthernet 0/0/1 uplink

[LSW1-mtlk-group1]port  GigabitEthernet 0/0/2 downlink  //上行链路故障联动下行链路断开

LSW2的配置:

[LSW2-Vlanif20]ip address 20.1.1.253 255.255.255.0

[LSW2-Vlanif20]vrrp vrid 2 virtual-ip 20.1.1.254

[LSW2-Vlanif20]vrrp vrid 2 priority 120

[LSW2-Vlanif20]vrrp vrid 2 track interface GigabitEthernet0/0/1 reduced 80

联动接口:

[LSW2]monitor-link group 1

[LSW2-mtlk-group1]port GigabitEthernet 0/0/1 uplink

[LSW2-mtlk-group1]port GigabitEthernet 0/0/3 downlink

补充:配置抢占延时,使得G0/0/1恢复时重新学习OSPF路由期间,流量正常访问

LSW1的配置:

[LSW1-Vlanif10]vrrp vrid 1 preempt-mode timer delay 60

LSW2同理。

你可能感兴趣的:(网络,运维)