案例:在Novrvel公司现有R1、R2两台路由器同时连接互联网,当有一台路由器出现网络故障,会使IP流量失败转移而引起混乱。使内网的主机不能与外网正常通信。为了解决这个问题我们可以使用HSRP(热备份路由器协议)。
下面简单介绍下HSRP
HSRP:热备份路由器协议(HSRP:Hot Standby Router Protocol)热备份路由器协议(HSRP)的设计目标是支持特定情况下 IP 流量失败转移不会引起混乱、并允许主机使用单路由器,以及即使在实际第一跳路由器使用失败的情形下仍能维护路由器间的连通性。换句话说,当源主机不能动态知道第一跳路由器的 IP 地址时,HSRP 协议能够保护第一跳路由器不出故障。该协议中含有多种路由器,对应一个虚拟路由器。HSRP 协议只支持一个路由器代表虚拟路由器实现数据包转发过程。终端主机将它们各自的数据包转发到该虚拟路由器上。
负责转发数据包的路由器称之为活跃路由器(Active Router)。一旦活跃路由器出现故障,HSRP 将激活备份路由器(Standby Routers)取代活跃路由器。HSRP 协议提供了一种决定使用主动路由器还是备份路由器的机制,并指定一个虚拟的 IP 地址作为网络系统的缺省网关地址。如果主动路由器出现故障,备份路由器(Standby Routers)承接活跃路由器的所有任务,并且不会导致主机连通中断现象。
HSRP 运行在 UDP 上,采用端口号1985。路由器转发协议数据包的源地址使用的是实际 IP 地址,而并非虚拟地址,正是基于这一点,HSRP 路由器间能相互识别。
实验目的
掌握HSRP热备份协议的配置
实验拓扑
实验说明:
在实验中我们假设R1、R2的Loopback 0接口连接互联网,所以给他们配置相同的IP地址13.13.13.1.我们用路由器R3模拟内网中的任意一台主机PC1(ip地址为:192.168.1.200/24;默认网关为192.168.1.100)
预配置 (在真实工程可能都已经配置好的)
步骤1 在R3做预配置
PC1(config)#
no ip routing //用R3模拟PC1关闭它的路由功能
PC1(config)#
ip default-gateway 192.168.1.100 //配置主机的默认网关
PC1(config)#
interface e0/0
PC1(config-if)#
ip address 192.168.1.200 255.255.255.0
PC1(config-if)#
no shutdown
PC1(config-if)#
end
步骤2 在R1、R2做预配置
R1(config)#
interface e0/0
R1(config-if)#
ip address 192.168.1.1 255.255.255.0
R1(config-if)#
no shutdown
R2(config)#
interface e0/0
R2(config-if)#
ip address 192.168.1.2 255.255.255.0
R2(config-if)#
no shutdown
实验过程
步骤1 在R1 E0/0接口上配置HSRP
R1#
debug standby //打开HSRP信息调试,目的是查看活跃路由和备份路由的选举
R1#
configure terminal
R1(config)#
interface e0/0
R1(config-if)#
standby 1 ip 192.168.1.100
//将路由器的e0/0接口加入到HSRP 组1中,HRSP组1的虚拟IP地址是192.168.1.100
*Mar 1 00:13:12.347: HSRP: Et0/0 Grp 1 Disabled ->
Init //路由器进入初始状态
*Mar 1 00:13:23.363: HSRP: Et0/0 Grp 1 Init ->
Listen //路由器进入监听状态
*Mar 1 00:13:33.359: HSRP: Et0/0 Grp 1 Listen ->
Speak //路由器进入发言状态
*Mar 1 00:13:43.363: HSRP: Et0/0 Grp 1 Speak ->
Standby //成为备用路由器
*Mar 1 00:13:43.367: HSRP: Et0/0 Grp 1 Hello out 192.168.1.1 Standby pri 100 vIP 192.168.1.100
*Mar 1 00:13:43.367: HSRP: Et0/0 Grp 1 Standby router is unknown, was local
*Mar 1 00:13:43.367: HSRP: Et0/0 Grp 1 Standby ->
Active //成为HSRP组1的活跃路由器
R1(config-if)#
standby 1 priority 120 //配置HSRP组1的优先级为 120
R1(config-if)#
standby 1 preempt //配置抢占
R1(config-if)#
standby 1 track lo0 30 //配置HSRP接口跟踪,指出了路由器发送被跟踪的接口不可用后将其优先级降低多少;默认为10,这里给他配置30.那么当活跃路由器出故障后接口的优先级变为90=120-30,那么备用路由的优先级必须大于90才能成为活跃路由器。
R1(config-if)#
exit
R1(config)#
interface lo0
R1(config-if)#
ip address 13.13.13.1 255.255.255.0 //用Loopback0模拟连接路联网的端口,并给他配置IP地址。
R1(config-if)#^Z
步骤2 查看R1的HSRP运行状态
R1#
show standby //查看HSRP的运行状态
FastEthernet0/0 - Group 1
State is Active //当前R1的F0/0接口是激活状态的
2 state changes, last state change 00:00:24
Virtual IP address is 192.168.1.100 //虚拟路由器的IP地址是192.168.1.100
Active virtual MAC address is 0000.0c07.ac01 //虚拟路由器MAC地址是,0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.240 secs
Preemption enabled //抢占选项已经有配置,则在优先级相同的情况下先初始化HSRP的路由器将成为活跃路由器;如果希望活跃路由器恢复故障后仍为活跃路由器则需要配置抢占。
Active router is local
Standby router is unknown
Priority
120 (default 120) //HSRP组中优先级高的路由器将成为活跃路由器,默认的值为100;
IP redundancy name is "hsrp-Fa0/0-1" (default)
步骤3 在R2E0/0接口配置HSRP
R2(config)#
interface e0/0
R2(config-if)#
standby 1 ip 192.168.1.100
R2(config-if)#
standby 1 priority 100
R2(config-if)#
standby 1 preempt
R2(config)#
interface lo0
R2(config-if)#
ip address 13.13.13.1 255.255.255.0
R2(config-if)#^Z
步骤 4 验证活跃路由器的转换过程
PC1#
ping
//在PC上ping连接互联网络端口的地址
Protocol [ip]:
Target IP address: 13.13.13.1
Repeat count [5]:
10000000 //为了看到现象我们在这里多设置ping的次数
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Type escape sequence to abort.
Sending 10000000, 100-byte ICMP Echos to 13.13.13.1, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
R1(config)#interface f0/0
R1(config-if)#shutdown //在活跃路由器上模拟故障
R1(config-if)#no shutdown //修复故障
在去PC1上查看ping 的过程
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
……!!!!!!!!!!!!!!!!
//在HSRP活跃和备用路由器的过程中,会出现短暂的中断
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
.!!!!!!!!!!!!!
//当原来的活跃路由器正常工作后,会立即抢占自己的活跃路由器位置,
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!.
Success rate is 99 percent (2003/2011), round-trip min/avg/max = 4/84/388 ms
通过实验我们知道了HSRP协议在真实网络中,确保活跃路由发生故障时。不会影响网络内的主机正常访问网络。也就是一旦活跃路由器出现故障,HSRP 将激活备份路由器(Standby Routers)取代活跃路由器。