构建高可用性网络系列之网关冗余

   网关冗余技术是指把多个物理网关虚拟出一个或多个虚拟的网关,而接入层网络缺省网关静态配置成这些虚拟网关。虚拟网关的转发任务由选举出来的某个物理网关承担,只要不是所有物理网关同时故障,就一定能选举出一个物理网关承担虚拟网关的转发任务。网关冗余技术也可实现流量的负载分担。目前的虚拟网关技术主要有VRRP(虚拟路由器冗余协议)、HSRP(热备份路由器协议)和GLBP(网关负载平衡协议),其中HSRP和GLBP是CISCO的私有技术。HSRP可以完成和VRRP类似的功能,但它们都不具备负载均衡功能。GLBP做了优化,配置同一个虚拟网关地址就可实现负载均衡。

简单介绍几个术语:

VRRP路由器:

   是指运行VRRP协议的路由器,是物理实体

虚拟路由器:

  是指VRRP创建出来的路由器,是逻辑概念。

主控路由器和备份路由器:

   一个VRRP组中有且只有一个处于主控角色的路由器。可以有一个或多个处于备份角色的路由器。

   VRRP协议使用选择策略从路由器组中选择一台作为主控路由器,负责ARP响应和转发IP数据包。组中的其他路由器作为备份角色处于待命状态。

  简单介绍到这里,那些文绉绉的理论性知识可以参考RFC3768文档。咱直接直接看实例吧,实践出真知。

拓扑环境:


wKioL1LfvhTzEmdWAAF9HWhH9X0292.jpg

配置:

--------------------ISP---------------------

int eth0

ip ad 8.8.8.8 24

loop

quit

int s1

ip ad 12.1.1.2 24

quit

int s0

ip ad 23.1.1.2 24

quit

----------------------R-1------------------

vrrp ping-enable           #开启VRRP ping命令,不开启不能ping通虚拟网关

acl 2000 match-order auto

rule normal permit source any

quit

interface Ethernet1

ip address 172.16.1.1 255.255.255.0    

vrrp vrid 172 virtual-ip 172.16.1.3     #虚拟IP地址

vrrp vrid 172 priority 120

vrrp vrid 172 preempt-mode

vrrp vrid 172 track Serial1 reduced 30   #上游链路down掉的时候优先级减30

quit

interface Serial1

ip address 12.1.1.1 255.255.255.0

nat outbound 2000 interface              #NAT转换

quit

ip route-static 0.0.0.0 0.0.0.0 12.1.1.2

ip route-static 192.168.1.0 255.255.255.0 172.16.1.254  #此处注意下一跳地址


--------------------------R-2-----------------------

vrrp ping-enable

acl 2000 match-order auto

rule normal permit source any

quit

interface Ethernet0

ip address 172.16.1.2 255.255.255.0

vrrp vrid 172 virtual-ip 172.16.1.3

vrrp vrid 172 priority 100

vrrp vrid 172 preempt-mode

quit

interface Serial0

ip address 23.1.1.1 255.255.255.0

nat outbound 2000 interface

quit

ip route-static 0.0.0.0 0.0.0.0 23.1.1.2

ip route-static 192.168.1.0 255.255.255.0 172.16.1.254


----------------------SW-0---------------------------

vlan 10

vlan 20

quit

vlan 10

port eth1/0/1 to eth1/0/4

quit

vlan 20

port eth1/0/21 to eth1/0/24

quit


---------------------SW-3-------------------------


vrrp ping-enable

vlan 100

vlan 200

quit

interface Ethernet0/3

port access vlan 100

quit

interface Ethernet0/24

port access vlan 200

quit

interface Vlan-interface100

ip address 172.16.1.252 255.255.255.0

vrrp vrid 100 virtual-ip 172.16.1.254

vrrp vrid 100 priority 120

vrrp vrid 100 preempt-mode

vrrp vrid 100 track Vlan-interface200 reduced 30

quit

interface Vlan-interface200

ip address 192.168.1.252 255.255.255.0

vrrp vrid 200 virtual-ip 192.168.1.254

vrrp vrid 200 priority 120

vrrp vrid 200 preempt-mode

vrrp vrid 200 track Vlan-interface100 reduced 30

quit

ip route-static 0.0.0.0 0.0.0.0 172.16.1.3


----------------------SW-4-----------------------

vrrp ping-enable

vlan 10

vlan 20

quit

interface Ethernet0/4

port access vlan 10

quit

interface Ethernet0/23

port access vlan 20

quit

interface Vlan-interface10

ip address 172.16.1.253 255.255.255.0

vrrp vrid 100 virtual-ip 172.16.1.254

vrrp vrid 100 priority 100

vrrp vrid 100 preempt-mode

quit

interface Vlan-interface20

ip address 192.168.1.253 255.255.255.0

vrrp vrid 200 virtual-ip 192.168.1.254

vrrp vrid 200 priority 100

vrrp vrid 200 preempt-mode

quit

ip route-static 0.0.0.0 0.0.0.0 172.16.1.3


  拓扑有点简陋了...这个环境中我用一个二层交换划分VLAN简化了实验,真实环境中需要可能需要用到三个二层交换呢。细心的朋友也许已经看出来,在这个网络环境中设备的利用率并不高,可能这个网络环境相当稳定,运行了一年也没有出任何问题,那些备份的设备岂不是闲置了一年。怎么解决这个问题?看下面这个案例。

拓扑环境:

wKiom1LftXCjVxmDAAHNC0tp6kI843.jpg

配置:

------------------ISP------------------

int eth0/4

ip ad 8.8.8.8 24

loopback         #开启环回

quit

int eth0/0

ip ad 12.1.1.2 24

quit

int eth0/1

ip ad 13.1.1.2 24

quit


------------------R-1-------------------

int eth1

ip ad 12.1.1.1 24

quit

int eth0.10               #进入子接口

vlan-type dot1q vid 10    #配置封装协议为802.1q

ip ad 192.168.10.1 24    

quit

int eth0.20

vlan-type dot1q vid 20

ip ad 192.168.20.1 24

quit


ip route-static 0.0.0.0 0.0.0.0 12.1.1.2   #配置默认路由


acl 2000 match-order auto        #创建访问控制列表

rule permit  source any          #设置为允许所有源IP

quit

int eth1

nat outbound 2000 interface      #设置NAT转换

quit

int eth0.10

vrrp vrid 10 virtual-ip 192.168.10.252  #配置VRRP虚拟IP,即接入层主机的网关

vrrp vrid 10 preempt-mode               #配置抢占模式

vrrp vrid 10 priority  120              #配置优先级

vrrp vrid 10 track eth1                 #track上行接口

quit

int eth0.20

vrrp vrid 20 virtual-ip 192.168.20.252

vrrp vrid 20 preempt-mode

vrrp vrid 20 priority 105

vrrp vrid 20 track eth1

quit


-------------------R-2------------------

int eth1

ip add 13.1.1.1 24

quit

int eth0.10

vlan-type dot1q vid 10

ip ad 192.168.10.2 24

quit

int eth0.20

vlan-type dot1q  vid 20

ip ad 192.168.20.2 24

quit

acl 2000 match-order auto

rule permit  source any

quit

int eth1

nat outbound 2000 interface

quit


ip route-static 0.0.0.0 0.0.0.0 13.1.1.2


int eth0.10

vrrp vrid 10 virtual-ip 192.168.10.252

vrrp vrid 10 preempt-mode

vrrp vrid 10 priority 100

quit

int eth0.20

vrrp vrid 20 virtual-ip 192.168.20.252

vrrp vrid 20 preempt-mode

vrrp vrid 20 priority 100

quit


----------------------SW-1------------------

vlan 10           #创建VLAN

vlan 20

quit

int eth1/0/24

port link-type trunk          #设置trunk链路

port trunk permit vlan all    #允许所有Vlan通过

quit

int eth1/0/2

port link-type trunk

port trunk permit vlan all

quit

int eth1/0/10

port access vlan 10           #划为Vlan 10

quit

int eth1/0/20

port access vlan 20

quit


-------------------SW-2------------------

vlan 10

vlan 20

quit

int eth1/0/2

port link-type trunk

port trunk permit vlan all

quit

int eth1/0/24

por link-type  trunk

port trunk permit vlan all

quit

int eth1/0/10

port access vlan 10

quit

int eth1/0/20

port access vla 20

quit


你可能感兴趣的:(vrrp,高可用性网络)