热备份路由器协议HSRP和虚拟路由器冗余协议VRRP
HSRP:
该协议中含有多台路由器,对应一个HSRP组。该组中只有一个路由器承担转发用户流量的职责,这就是活动路由器。当活动路由器失效后,备份路由器将承担该职责,成为新的活动路由器。这就是热备份的原理。
我们通过一个小案例说明它的热备份原理。
案例拓扑:
实验原理:
R1作为vlan10用户的的主路由器,即vlan10用户访问inter网时,数据都走r1通过,当r1坏掉时,vlan10用户的数据可以通过r2访问internet
R2作为vlan20用户的的主路由器,即vlan20用户访问inter网时,数据都走r2通过,当r2坏掉时,vlan20用户的数据可以通过r1访问internet
当然我们还可以在sw1和sw2之间做端口聚合,再做一次备份
参考配置:
r1# show run
Building configuration...
Current configuration : 1199 bytes
!
version 12.4
!
hostname r1
!
interface FastEthernet0/0
ip address 1.1.1.1 255.255.255.0
ip nat outside(作为nat的外部端口)
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0
no ip address
ip nat inside(nat的内部端口)
ip virtual-reassembly
duplex auto
speed auto
!
interface FastEthernet1/0.10(划分子接口)
encapsulation dot1Q 10(封装dot1q)
ip address 192.168.10.1 255.255.255.0
ip nat inside
ip virtual-reassembly
standby 10 ip 192.168.10.254
standby 10 priority 120(作为vlan10的主路由器)
standby 10 preempt
standby 10 track FastEthernet0/0 30(在fa0/0上做端口监听,若出现故障优先级减30)
!
interface FastEthernet1/0.20(划分子接口)
encapsulation dot1Q 20(封装dot1q)
ip address 192.168.20.1 255.255.255.0
ip nat inside
ip virtual-reassembly
standby 20 ip 192.168.20.254(r1为vlan20的备份路由器)
!
ip http server
no ip http secure-server
!
ip route 0.0.0.0 0.0.0.0 1.1.1.2
!
ip nat inside source list 1 interface FastEthernet0/0 overload(nat端口复用)
!
access-list 1 permit any
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
!
End
r2#show run
Building configuration...
Current configuration : 1209 bytes
!
version 12.4
!
hostname r2
!
interface FastEthernet0/0
no ip address
ip nat inside(nat内部端口)
ip virtual-reassembly
shutdown
duplex auto
speed auto
!
interface FastEthernet0/0.10(划分子接口)
encapsulation dot1Q 10(封装dot1q)
ip address 192.168.10.2 255.255.255.0
ip nat inside
ip virtual-reassembly
standby 10 ip 192.168.10.254(r2作为vlan10的备份路由)
!
interface FastEthernet0/0.20(划分子接口)
encapsulation dot1Q 20(封装dot1q)
ip address 192.168.20.2 255.255.255.0
ip nat inside
ip virtual-reassembly
standby 20 ip 192.168.20.254
standby 20 priority 120(r2作为vlan10的主路由)
standby 20 preempt
standby 20 track FastEthernet1/0 30(在fa1/0上监听当路由器出现故障优先级降低30)
!
interface FastEthernet1/0
ip address 2.2.2.1 255.255.255.0
ip nat outside(nat外部端口)
ip virtual-reassembly
duplex auto
speed auto
!
ip route 0.0.0.0 0.0.0.0 2.2.2.2
!
ip nat inside source list 1 interface FastEthernet1/0 overload(nat端口复用)
!
access-list 1 permit any
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
End
sw1#show run
Building configuration...
Current configuration : 1060 bytes
!
version 12.4
hostname sw1
interface FastEthernet0/1
switchport mode trunk
!
interface FastEthernet0/10
switchport access vlan 10
!
interface FastEthernet0/14
switchport access vlan 20
!
interface FastEthernet0/15
switchport mode trunk
!
interface Vlan10
no ip address
!
interface Vlan20
no ip address
End
sw2#show run
Building configuration...
Current configuration : 987 bytes
!
version 12.4
hostname sw2
interface FastEthernet0/0
switchport mode trunk
!
interface FastEthernet0/10
switchport access vlan 10
!
interface FastEthernet0/14
switchport access vlan 20
!
interface FastEthernet0/15
switchport mode trunk
!
interface Vlan1
no ip address
!
interface Vlan10
no ip address
!
interface Vlan20
no ip address
end
isp#show run
Building configuration...
Current configuration : 669 bytes
!
version 12.4
hostname isp
!
interface Loopback1
ip address 3.3.3.3 255.255.255.0
!
interface FastEthernet0/0
ip address 1.1.1.2 255.255.255.0
duplex auto
speed auto
!
interface FastEthernet10
ip address 2.2.2.2 255.255.255.0
duplex auto
speed auto
!
line con 0
exec-timeout 0 0
logging synchronous
line aux 0
line vty 0 4
!
End
VRRP:
它是一种路由容错协议,也可以叫做备份路由协议。一个局域网络内的所有主机都设置缺省路由,当网内主机发出的目的地址不在本网段时,报文将被通过缺省路由发往外部路由器,从而实现了主机与外部网络的通信。当缺省路由器down掉(即端口关闭)之后,内部主机将无法与外部通信,如果路由器设置了VRRP时,那么这时,虚拟路由将启用备份路由器,从而实现全网通信。
案例拓扑:
实验原理:
Sw1作为实例10的主路由器,来自vlan10和vlan20的数据以sw1为根选举阻塞端口
Sw2作为实例10的主路由器,来自vlan30和vlan40的数据以sw2为根选举阻塞端口
若主路由器发生故障,可以使用备份路由器进行数据转发
参考配置:
Sw1
[Huawei-Vlanif40]
[Huawei-Vlanif40]dis cu
#
sysname Huawei
#
vlan batch 10 20 30 40
#
stp instance 10 root primary
stp instance 20 root secondary
#
cluster enable
stp region-configuration
region-name A
revision-level 1
instance 10 vlan 10 20
instance 20 vlan 30 40
active region-configuration
#
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 120
vrrp vrid 20 virtual-ip 192.168.10.253
#
interface Vlanif20
ip address 192.168.20.1 255.255.255.0
vrrp vrid 21 virtual-ip 192.168.20.254
vrrp vrid 22 virtual-ip 192.168.20.253
vrrp vrid 22 priority 120
#
interface Vlanif30
ip address 192.168.30.1 255.255.255.0
vrrp vrid 31 virtual-ip 192.168.30.254
vrrp vrid 31 priority 120
vrrp vrid 32 virtual-ip 192.168.30.253
#
interface Vlanif40
ip address 192.168.40.1 255.255.255.0
vrrp vrid 41 virtual-ip 192.168.40.254
vrrp vrid 42 virtual-ip 192.168.40.253
vrrp vrid 42 priority 120
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
[Huawei]dis vrrp brief
VRIDStateInterfaceTypeVirtual IP
----------------------------------------------------------------
10BackupVlanif10Normal192.168.10.253
20MasterVlanif10Normal192.168.10.254
21MasterVlanif20Normal192.168.20.253
22BackupVlanif20Normal192.168.20.254
31BackupVlanif30Normal192.168.30.253
32MasterVlanif30Normal192.168.30.254
41MasterVlanif40Normal192.168.40.253
42BackupVlanif40Normal192.168.40.254
----------------------------------------------------------------
Total:8Master:4Backup:4Non-active:0
Sw2
[Huawei]dis cu
#
sysname Huawei
#
vlan batch 10 20 30 40
#
stp instance 10 root secondary
stp instance 20 root primary
#
drop illegal-mac alarm
#
diffserv domain default
#
stp region-configuration
region-name A
revision-level 1
instance 10 vlan 10 20
instance 20 vlan 30 40
active region-configuration
interface Vlanif1
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 20 virtual-ip 192.168.10.253
vrrp vrid 20 priority 120
#
interface Vlanif20
ip address 192.168.20.2 255.255.255.0
vrrp vrid 21 virtual-ip 192.168.20.254
vrrp vrid 21 priority 120
vrrp vrid 22 virtual-ip 192.168.20.253
#
interface Vlanif30
ip address 192.168.30.2 255.255.255.0
vrrp vrid 31 virtual-ip 192.168.30.254
vrrp vrid 32 virtual-ip 192.168.30.253
vrrp vrid 32 priority 120
#
interface Vlanif40
ip address 192.168.40.2 255.255.255.0
vrrp vrid 41 virtual-ip 192.168.40.254
vrrp vrid 41 priority 120
vrrp vrid 42 virtual-ip 192.168.40.253
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/21
port link-type trunk
port trunk allow-pass vlan 2 to 4094
[Huawei]dis vrrp brief
VRIDStateInterfaceTypeVirtual IP
----------------------------------------------------------------
10BackupVlanif10Normal192.168.10.254
20MasterVlanif10Normal192.168.10.253
21MasterVlanif20Normal192.168.20.254
22BackupVlanif20Normal192.168.20.253
31BackupVlanif30Normal192.168.30.254
32MasterVlanif30Normal192.168.30.253
41MasterVlanif40Normal192.168.40.254
42BackupVlanif40Normal192.168.40.253
----------------------------------------------------------------
Total:8Master:4 Backup:4Non-active:0
Sw3
[Huawei]dis cu
#
sysname Huawei
#
vlan batch 10 20 30 40
#
stp region-configuration
region-name A
revision-level 1
instance 10 vlan 10 20
instance 20 vlan 30 40
active region-configuration
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
return
sw4
<Huawei>dis cu
#
sysname Huawei
#
vlan batch 10 20 30 40
#
interface Vlanif1
#
interface MEth0/0/1
#
interface Ethernet0/0/1
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
interface Ethernet0/0/2
port link-type trunk
port trunk allow-pass vlan 2 to 4094
#
验证信息:
Sw2
Instance 10
[Huawei]dis stp instance 10
-------[MSTI 10 Global Info]-------
MSTI Bridge ID:4096.4c1f-ccb1-8c98
MSTI RegRoot/IRPC:0.4c1f-cc38-a98d / 1
MSTI RootPortId:128.21
MSTI Root Type:Secondary root
Master Bridge:32768.4c1f-cc17-56ed
Cost to Master:1
TC received:4
TC count per hello:0
Time since last TC:0 days 0h:0m:25s
Number of TC:6
Last TC occurred:Ethernet0/0/21
----[Port1(Ethernet0/0/1)][LEARNING]----
Port Role:Designated Port
Port Priority:128
Port Cost(Dot1T ):Config=auto / Active=1
Designated Bridge/Port:4096.4c1f-ccb1-8c98 / 128.1
Port Times:RemHops 19
TC or TCN send:5
TC or TCN received:0
----[Port2(Ethernet0/0/2)][LEARNING]----
Port Role:Designated Port
Port Priority:128
Port Cost(Dot1T ):Config=auto / Active=1
Designated Bridge/Port:4096.4c1f-ccb1-8c98 / 128.2
Port Times:RemHops 19
TC or TCN send:5
TC or TCN received:2
----[Port21(Ethernet0/0/21)][FORWARDING]----
Port Role:Root Port
Port Priority:128
Port Cost(Dot1T ):Config=auto / Active=1
Designated Bridge/Port:0.4c1f-cc38-a98d / 128.21
Port Times:RemHops 20
TC or TCN send:2
TC or TCN received:2
----[Port22(Ethernet0/0/22)][DISCARDING]----
Port Role:Alternate Port
Port Priority:128
Port Cost(Dot1T ):Config=auto / Active=1
Designated Bridge/Port:0.4c1f-cc38-a98d / 128.22
Port Times:RemHops 20
TC or TCN send:0
TC or TCN received:0
Instance 20
[Huawei]dis stp instance 20
-------[MSTI 20 Global Info]-------
MSTI Bridge ID:0.4c1f-ccb1-8c98
MSTI RegRoot/IRPC:0.4c1f-ccb1-8c98 / 0
MSTI RootPortId:0.0
MSTI Root Type:Primary root
Master Bridge:32768.4c1f-cc17-56ed
Cost to Master:1
TC received:7
TC count per hello:0
Time since last TC:0 days 0h:0m:59s
Number of TC:6
Last TC occurred:Ethernet0/0/22
----[Port1(Ethernet0/0/1)][FORWARDING]----
Port Role:Designated Port
Port Priority:128
Port Cost(Dot1T ):Config=auto / Active=1
Designated Bridge/Port:0.4c1f-ccb1-8c98 / 128.1
Port Times:RemHops 20
TC or TCN send:8
TC or TCN received:0
----[Port2(Ethernet0/0/2)][FORWARDING]----
Port Role:Designated Port
Port Priority:128
Port Cost(Dot1T ):Config=auto / Active=1
Designated Bridge/Port:0.4c1f-ccb1-8c98 / 128.2
Port Times:RemHops 20
TC or TCN send:9
TC or TCN received:3
----[Port21(Ethernet0/0/21)][FORWARDING]----
Port Role:Designated Port
Port Priority:128
Port Cost(Dot1T ):Config=auto / Active=1
Designated Bridge/Port:0.4c1f-ccb1-8c98 / 128.21
Port Times:RemHops 20
TC or TCN send:3
TC or TCN received:4
----[Port22(Ethernet0/0/22)][FORWARDING]----
Port Role:Designated Port
Port Priority:128
Port Cost(Dot1T ):Config=auto / Active=1
Designated Bridge/Port:0.4c1f-ccb1-8c98 / 128.22
Port Times:RemHops 20
TC or TCN send:2
TC or TCN received:0