1 VRRP概念介绍
VRRP全称是虚拟路由器冗余协议(Virtual Router Redundancy Protocol),虚拟路由器冗余协议(VRRP)是一种选择协议,它可以把一个虚拟路由器的责任动态分配到局域网上的 VRRP 路由器中的一台。控制虚拟路由器 IP 地址的 VRRP 路由器称为主路由器,它负责转发数据包到这些虚拟 IP 地址。一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的 IP 地址可以作为终端主机的默认第一跳路由器。使用 VRRP 的好处是有更高的默认路径的可用性而无需在每个终端主机上配置动态路由或路由发现协议。 VRRP 包封装在 IP 包中发送。
2 VRRP的工作机制
VRRP把在同一个广播域中的多个路由器接口编为一组,形成一个虚拟路由器,并为其分配一个IP地址,作为虚拟路由器的接口地址。虚拟路由器的接口地址既可以是其中一个路由器接口的地址,也可以是第三方地址。
如果使用路由器的接口地址作为VRRP虚拟地址,则拥有这个IP地址的路由器作为主用路由器,其他路由器作为备份。如果采用第三方地址,则优先级高的路由器成为主用路由器;如果两路由器优先级相同,则谁先发VRRP报文,谁就成为主用。
下面实验及说明了问题,本实验采用h3c路由器两台,交换机两台,两台主机进行测试,其中在e1上拆分两个子接口,可供vlan间通信,另一路由器亦是如此,如此形成备份,下面是实验的详细步骤及说明
实验拓扑:
[r1]int e1.10
[r1-Ethernet1.10]vlan-type dot1q vid 10 在子接口10上封装dot1q协议封装的vlan号为10
[r1-Ethernet1.10]ip add 192.168.10.1 24 并给子接口配上地址
[r1-Ethernet1.10]int e1.20
[r1-Ethernet1.20]vlan-type dot1q vid 20 配置vlan20 在子接口20 上
[r1-Ethernet1.20]ip add 192.168.20.1 24
[r1]vrrp ping-en
ping vrrp enable 将ping功能打开便于测试
[r1-Ethernet1.10]vrrp vrid 10 virtual-ip 192.168.10.254 加入一个备份组 配置虚拟网关ip
[r1-Ethernet1.10]vrrp vrid 10 priority 120 优先级设为120
[r1-Ethernet1.10]int e1.20
[r1-Ethernet1.20]vrrp vrid 20 virtual-ip 192.168.20.254
下面r2 的配置与r1类似
[r2]int e1.10
[r2-Ethernet1.10]vlan-type dot1q vid 10
[r2-Ethernet1.10]ip add 192.168.10.2 24
[r2]int e1.20
[r2-Ethernet1.20]vlan-type dot1q vid 20
[r2-Ethernet1.20]ip add 192.168.20.2 24
[r2]vrrp ping-enable
ping vrrp enable
[r2]int e1.10
[r2-Ethernet1.10]vrrp vrid 10 virtual-ip 192.168.10.254
[r2-Ethernet1.10]int e1.20
[r2-Ethernet1.20]vrrp vrid 20 virtual-ip 192.168.20.254
[r2-Ethernet1.20]vrrp vrid 20 priority 120
sw1的配置
[sw-1] int e0/23
[sw-1-Ethernet0/23]port link-type trunk 将23端口设为trunk链路
[sw-1-Ethernet0/23]port trunk permit vlan all 并允许所有vlan通过
Please wait........................................... Done
[sw-1-Ethernet0/23]int e0/1 将1端口也设为trunk链路
[sw-1-Ethernet0/1]port link-type trunk
[sw-1-Ethernet0/1]port trunk permit vlan all
Please wait........................................... Done
[sw-1-Ethernet0/1]vlan 10 配置vlan10
[sw-1-vlan10]port e0/5 to e0/10 并给vlan10分配接口
[sw-1-vlan10]vlan 20
[sw-1-vlan20]port e0/15 to e0/20
交换机2 的配置与1 类似
[sw-2] int e0/23
[sw-2-Ethernet0/23]port link-type trunk
[sw-2-Ethernet0/23]port trunk permit vlan all
Please wait........................................... Done
[sw-2-Ethernet0/23]int e0/1
[sw-2-Ethernet0/1]port link-type trunk
[sw-2-Ethernet0/1]port trunk permit vlan all
Please wait........................................... Done
[sw-2-Ethernet0/1]vlan 10
[sw-2-vlan10]port e0/5 to e0/10
[sw-2-vlan10]vlan 20
[sw-2-vlan20]port e0/15 to e0/20
下面为测试结果:
在左边的主机上ping 可看到vlan10 的主机是通过路由器1通讯
当把r1上的线拔掉时候 vrrp即开始作用 链路依然可以通讯只不过是走r2路由器上
下面是在右面主机上ping的结果,可看出vlan20通过r2通讯
当拔掉r2上的线时候通过r1通讯
之所以会出现这样的结果是有与在r1上给vlan10 配置的优先级高于r2,这样vlan1默认通过r1通讯,二r2则相反,当拔掉一个线路时,则另一备份链路起作用
下面是思科的详细配置及结果
R1的配置
R1(config)#int fa0/0.10
R1(config-subif)#encapsulation dot1Q 10
R1(config-subif)#ip add 192.168.10.1 255.255.255.0
R1(config-subif)#int fa0/0.20
R1(config-subif)#encapsulation dot1Q 20
R1(config-subif)#ip add 192.168.20.1 255.255.255.0
R1(config-subif)#int fa0/0
R1(config-if)#no shut
R1(config-if)#
R1(config)#int fa0/0.10
R1(config-subif)#standby 10 ip 192.168.10.254
R1(config-subif)#standby 10 priority 120
R1(config-subif)#standby 10 preempt
R1(config-subif)#
R1(config-subif)#int fa0/0.20
R1(config-subif)#standby 20 ip 192.168.20.254
FastEthernet0/0.10 - Group 10
State is Active
2 state changes, last state change 00:03:28
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.636 secs
Preemption enabled
Active router is local
Standby router is 192.168.10.2, priority 100 (expires in 7.996 sec)
Priority 120 (configured 120)
IP redundancy name is "hsrp-Fa0/0.10-10" (default)
FastEthernet0/0.20 - Group 20
State is Standby
4 state changes, last state change 00:00:31
Virtual IP address is 192.168.20.254
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.604 secs
Preemption disabled
Active router is 192.168.20.2, priority 120 (expires in 7.556 sec)
--More--
R2的配置
R2(config-line)#int fa0/0.10
R2(config-subif)#encapsulation dot1Q 10
R2(config-subif)#ip add 192.168.10.2 255.255.255.0
R2(config-subif)#int fa0/0.20
R2(config-subif)#encapsulation dot1Q 20
R2(config-subif)#ip add 192.168.20.2 255.255.255.0
R2(config-subif)#int fa0/0
R2(config-if)#no shut
R2(config-if)#
R2(config-subif)#int fa0/0.20
R2(config-subif)#standby 20 ip 192.168.20.254
R2(config-subif)#standby 20 priority 120
R2(config-subif)#
*Mar 1 00:26:30.559: %CDP-4-DUPLEX_MISMATCH: duplex mismatch discovered on FastEthernet0/0 (not full duplex), with sw2 FastEthernet0/0 (full duplex).
R2(config-subif)#standby 20 pree
R2(config-subif)#standby 20 preempt
R2(config-subif)#end
R2#
*Mar 1 00:26:43.623: %HSRP-5-STATECHANGE: FastEthernet0/0.20 Grp 20 state Listen -> Active
R2#show
*Mar 1 00:26:45.207: %SYS-5-CONFIG_I: Configured from console by console
R2#show stand
R2#show standby
FastEthernet0/0.10 - Group 10
State is Standby
1 state change, last state change 00:01:38
Virtual IP address is 192.168.10.254
Active virtual MAC address is 0000.0c07.ac0a
Local virtual MAC address is 0000.0c07.ac0a (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.232 secs
Preemption disabled
Active router is 192.168.10.1, priority 120 (expires in 7.928 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Fa0/0.10-10" (default)
FastEthernet0/0.20 - Group 20
State is Active
1 state change, last state change 00:00:06
Virtual IP address is 192.168.20.254
Active virtual MAC address is 0000.0c07.ac14
Local virtual MAC address is 0000.0c07.ac14 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.804 secs
Preemption enabled
Active router is local
sw1的配置
sw1(config)#int fa 0/0
sw1(config-if)#switchport mode trunk
sw1(config-if)#int fa0/1
sw1(config-if)#switchport mode trunk
sw1#vlan database
sw1(vlan)#vlan 10
sw1(vlan)#vlan 20
sw1(vlan)#exit
APPLY completed.
Exiting....
sw1#conf t
sw1(config)#int range fa0/2 - 10
sw1(config-if-range)#switchport mode access
sw1(config-if-range)#switchport access vlan 10
sw1(config)#interface range fa0/11 - 15
sw1(config-if-range)#switchport mode access
sw1(config-if-range)#switchport access vlan 20
sw2的配置
sw2(config)#int fa0/0
sw2(config-if)#switchport mode trunk
sw2(config-if)#int fa0/1
sw2(config-if)#switchport mode trunk
sw2(config-if)#exit
sw2(config)#exit
sw2#vlan database
sw2(vlan)#vlan 10
VLAN 10 added:
Name: VLAN0010
sw2(vlan)#vlan 20
VLAN 20 added:
Name: VLAN0020
sw2(vlan)#exit
APPLY completed.
Exiting....
sw2#conf t
Enter configuration commands, one per line. End with CNTL/Z.
sw2(config)#int r
sw2(config)#int range fa0/11 - 15
sw2(config-if-range)#switchport mode access
sw2(config-if-range)#switchport access vlan 10
sw2(config-if-range)#exit
sw2(config)#int range fa0/2 - 10
sw2(config-if-range)#switchport mode access
sw2(config-if-range)#switchport access vlan 20
sw2(config-if-range)#