CCNP交换.VRRP协议
案例:在Novrvel公司现有R1、R2两台路由器同时连接互联网,当有一台路由器出现网络故障,会使IP流量失败转移而引起混乱。使内网的主机不能与外网正常通信。为了解决这个问题我们也可以使用VRRP协议
VRRP(Virtual Router Redundancy Protocol)协议是用于实现路由器冗余的协议
VRRP协议是为消除在静态缺省路由环境下的缺省路由器单点故障引起的网络失效而设计的主备模式的协议,使得在发生故障而进行设备功能切换时可以不影响内外数据通信,不需要再修改内部网络的网络参数。VRRP协议需要具有IP地址备份,优先路由选择,减少不必要的路由器间通信等功能。
VRRP协议将两台或多台路由器设备虚拟成一个设备,对外提供虚拟路由器IP(一个或多个),而在路由器组内部,如果实际拥有这个对外IP的路由器如果工作正常的话就是MASTER,或者是通过算法选举产生,MASTER实现针对虚拟路由器IP的各种网络功能,如ARP请求,ICMP,以及数据的转发等;其他设备不拥有该IP,状态是BACKUP,除了接收MASTER的VRRP状态通告信息外,不执行对外的网络功能。当主机失效时,BACKUP将接管原先MASTER的网络功能。
实验拓扑
实验说明
在实验中我们假设R1、R2的Loopback 0接口连接互联网(所以我们他们的IP地址配置为222.90.90.10),我们用路由器R3模拟内网中的任意一台主机PC1(IP地址为:192.168.0.3/24;默认网关为192.168.0.100)
实验目的
理解VRRP协议在选举主动路由器的过程。
掌握VRRP的配置
预配置
R1(config)#interface loopback0
R1(config-if)#ip address 222.90.90.10 255.255.255.255
R1(config-if)#interface fastethernet0/0
R1(config-if)#ip address 192.168.0.1 255.255.255.0
R1(config-if)#no shutdown
R1(config-if)#ip address 222.90.90.10 255.255.255.255
R1(config-if)#interface fastethernet0/0
R1(config-if)#ip address 192.168.0.1 255.255.255.0
R1(config-if)#no shutdown
R2(config)#interface loopback 0
R2(config-if)#ip address 222.90.90.10 255.255.255.0
R2(config-if)#interface fastethernet 0/0
R2(config-if)#ip address 192.168.0.2 255.255.255.0
R2(config-if)#no shutdown
R2(config-if)#ip address 222.90.90.10 255.255.255.0
R2(config-if)#interface fastethernet 0/0
R2(config-if)#ip address 192.168.0.2 255.255.255.0
R2(config-if)#no shutdown
实验过程
步骤1 在R1上配置VRRP协议
R1(config-if)#
vrrp 1 ip 192.168.0.100
//配置R1上的VRRP组1,虚拟路由器的地址是192.168.0.100
*Jan 3 02:13:35.487: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup
*Jan 3 02:13:39.099: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup �C> Master
//配置R1上的VRRP组1,虚拟路由器的地址是192.168.0.100
*Jan 3 02:13:35.487: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup
*Jan 3 02:13:39.099: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup �C> Master
//现在只有R1上配置了VRRP协议,所以现在F0/0接口成为组1的master路由器
R1#
debug vrrp all //开启debug调试页面
VRRP debugging is on
R1#
*Jan 3 02:21:40.103: VRRP: Grp 1 sending Advertisement checksum B9EF
*Jan 3 02:21:41.103: VRRP: Grp 1 sending Advertisement checksum B9EF
VRRP debugging is on
R1#
*Jan 3 02:21:40.103: VRRP: Grp 1 sending Advertisement checksum B9EF
*Jan 3 02:21:41.103: VRRP: Grp 1 sending Advertisement checksum B9EF
//VRRP每隔一秒便发送一次通告
R1#
show vrrp //查看VRRP的信息
FastEthernet0/0 - Group 1
State is Master //FastEthernet0/0 是VRRP组1 的主动路由器
Virtual IP address is 192.168.0.100 //虚拟路由器的主机地址是192.168.0.100
Virtual MAC address is 0000.5e00.0101 //虚拟路由器的MAC地址是0000.5e00.0101
Advertisement interval is 1.000 sec //每隔1秒进行宣告
Preemption enabled //默认情况下VRRP是有抢占功能的
Priority is 100 //VRRP接口默认的优先级是100
Master Router is 192.168.0.1 (local), priority is 100 //主路由器的本地地址为192.168.0.1.优先级为100
Master Advertisement interval is 1.000 sec //主路由器每隔1秒发送一次通告
Master Down interval is 3.609 sec
FastEthernet0/0 - Group 1
State is Master //FastEthernet0/0 是VRRP组1 的主动路由器
Virtual IP address is 192.168.0.100 //虚拟路由器的主机地址是192.168.0.100
Virtual MAC address is 0000.5e00.0101 //虚拟路由器的MAC地址是0000.5e00.0101
Advertisement interval is 1.000 sec //每隔1秒进行宣告
Preemption enabled //默认情况下VRRP是有抢占功能的
Priority is 100 //VRRP接口默认的优先级是100
Master Router is 192.168.0.1 (local), priority is 100 //主路由器的本地地址为192.168.0.1.优先级为100
Master Advertisement interval is 1.000 sec //主路由器每隔1秒发送一次通告
Master Down interval is 3.609 sec
R1#
show vrrp brief //查看VRRP运行情况
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/0 1 100 3609 Y Master 192.168.0.1 192.168.0.100
Interface Grp Pri Time Own Pre State Master addr Group addr
Fa0/0 1 100 3609 Y Master 192.168.0.1 192.168.0.100
R1#
debug ip packet //打开IP调试
IP packet debugging is on
R1#
*Jan 3 02:36:29.115: IP: s=192.168.0.1 (local), d=224.0.0.18 (FastEthernet0/0), len 40, sending broad/multicast
//VRRP默认采用组播进行更新,目标地址是224.0.0.18
IP packet debugging is on
R1#
*Jan 3 02:36:29.115: IP: s=192.168.0.1 (local), d=224.0.0.18 (FastEthernet0/0), len 40, sending broad/multicast
//VRRP默认采用组播进行更新,目标地址是224.0.0.18
步骤2 在R2上配置VRRP
R2#
debug vrrp //打开dubug调试页面
VRRP debugging is on
R2# configure terminal
R2(config)# interface fastethernet 0/0
R2(config-if)# vrrp 1 ip 192.168.0.100 //配置R2上的VRRP组1,虚拟路由器的地址是192.168.0.100
*Jan 3 02:41:08.787: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Create -> Disable
*Jan 3 02:41:08.791: VRRP: Grp 1 Event - primary IP configured
*Jan 3 02:41:08.791: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Disable -> Init
*Jan 3 02:41:08.795: VRRP: vrrp_interface_state: Fa0/0 is Up
*Jan 3 02:41:08.795: VRRP: Grp 1 Event - Interface UP
*Jan 3 02:41:08.799: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup
*Jan 3 02:41:09.419: VRRP: Grp 1 Advertisement priority 100, ipaddr 192.168.0.1
*Jan 3 02:41:12.411: VRRP: Grp 1 Event - Master down timer expired
*Jan 3 02:41:12.411: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup -> Master
*Jan 3 02:41:12.415: VRRP: tbridge_smf_update failed
*Jan 3 02:41:12.419: VRRP: Grp 1 sending Advertisement checksum B9EF
*Jan 3 02:41:12.427: VRRP: Grp 1 Advertisement priority 100, ipaddr 192.168.0.1
R2(config-if)#
*Jan 3 02:41:13.419: VRRP: Grp 1 sending Advertisement checksum B9EF
*Jan 3 02:41:14.419: VRRP: Grp 1 sending Advertisement checksum B9EF
VRRP debugging is on
R2# configure terminal
R2(config)# interface fastethernet 0/0
R2(config-if)# vrrp 1 ip 192.168.0.100 //配置R2上的VRRP组1,虚拟路由器的地址是192.168.0.100
*Jan 3 02:41:08.787: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Create -> Disable
*Jan 3 02:41:08.791: VRRP: Grp 1 Event - primary IP configured
*Jan 3 02:41:08.791: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Disable -> Init
*Jan 3 02:41:08.795: VRRP: vrrp_interface_state: Fa0/0 is Up
*Jan 3 02:41:08.795: VRRP: Grp 1 Event - Interface UP
*Jan 3 02:41:08.799: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup
*Jan 3 02:41:09.419: VRRP: Grp 1 Advertisement priority 100, ipaddr 192.168.0.1
*Jan 3 02:41:12.411: VRRP: Grp 1 Event - Master down timer expired
*Jan 3 02:41:12.411: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup -> Master
*Jan 3 02:41:12.415: VRRP: tbridge_smf_update failed
*Jan 3 02:41:12.419: VRRP: Grp 1 sending Advertisement checksum B9EF
*Jan 3 02:41:12.427: VRRP: Grp 1 Advertisement priority 100, ipaddr 192.168.0.1
R2(config-if)#
*Jan 3 02:41:13.419: VRRP: Grp 1 sending Advertisement checksum B9EF
*Jan 3 02:41:14.419: VRRP: Grp 1 sending Advertisement checksum B9EF
//通过上面的调试信息可以知道R2现在成为了VRRP组1的Master路由器。为什么呢?
因为R1 和R2有相同的优先级。在VRRP中当优先级相同时,那个路由器的接口的IP地址大谁就是Master路由器。
步骤3 当我们想要R1成为Master路由器时,可以改变它的优先级
R1(config)#
interface f0/0
R1(config-if)# vrrp 1 priority 150
//改变R1路由器VRRP的优先级为150
R1(config-if)# vrrp 1 priority 150
//改变R1路由器VRRP的优先级为150
*Jan 3 02:50:47.771: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup �C>
Master
//我们开到路由器由备用路由器到了主动路由器
步骤4 配置R3(PC1)
PC1(config)#
interface fastethernet0/0
PC1(config-if)# ip address 192.168.0.3 255.255.255.0
PC1(config-if)# no shutdown
PC1(config-if)# no ip routing //关闭路由器的路由功能,因为这里模拟一台PC
PC1(config)# ip route 0.0.0.0 0.0.0.0 192.168.0.100 //配置一条到下一跳为192.168.0.100的默认路由
PC1(config-if)# ip address 192.168.0.3 255.255.255.0
PC1(config-if)# no shutdown
PC1(config-if)# no ip routing //关闭路由器的路由功能,因为这里模拟一台PC
PC1(config)# ip route 0.0.0.0 0.0.0.0 192.168.0.100 //配置一条到下一跳为192.168.0.100的默认路由
PC1(config)#
ip default-gateway 192.168.0.100 //配置PC的默认网关为192.168.0.100
为了观察VRRP路由器的转换过程我们通过PING命令来查看结果。
PC1#
ping
Protocol [ip]:
Target IP address: 222.90.90.10 //ping的目的地址
Repeat count [5]: 1000000 //发送ping数据包的次数,为了看到现象我们设置一个大数
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
Protocol [ip]:
Target IP address: 222.90.90.10 //ping的目的地址
Repeat count [5]: 1000000 //发送ping数据包的次数,为了看到现象我们设置一个大数
Datagram size [100]:
Timeout in seconds [2]:
Extended commands [n]:
Sweep range of sizes [n]:
步骤5 模拟Master路由器故障 ,关闭接口
R1(config)# interface fastethernet0/0
R1(config-if)# shutdown //关闭接口,模拟故障
R1(config-if)#
*Jan 3 03:11:43.535: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Master -> Init
R1(config-if)#
*Jan 3 03:11:45.539: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Jan 3 03:11:46.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R1(config-if)# no shutdown //开启接口,修复故障
*Jan 3 03:11:55.227: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup
*Jan 3 03:11:57.203: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Jan 3 03:11:58.203: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#
*Jan 3 03:11:58.643: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup �C> Master
R1(config)# interface fastethernet0/0
R1(config-if)# shutdown //关闭接口,模拟故障
R1(config-if)#
*Jan 3 03:11:43.535: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Master -> Init
R1(config-if)#
*Jan 3 03:11:45.539: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Jan 3 03:11:46.539: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R1(config-if)# no shutdown //开启接口,修复故障
*Jan 3 03:11:55.227: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup
*Jan 3 03:11:57.203: %LINK-3-UPDOWN: Interface FastEthernet0/0, changed state to up
*Jan 3 03:11:58.203: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to up
R1(config-if)#
*Jan 3 03:11:58.643: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup �C> Master
//发现R1又成为了Master路由器
步骤 6 查看R3ping的结果
Type escape sequence to abort.
Sending 1000000, 100-byte ICMP Echos to 222.90.90.10, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!! ..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
Sending 1000000, 100-byte ICMP Echos to 222.90.90.10, timeout is 2 seconds:
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!! ..!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//当出现
..时,是VRRP的Master路由器由R1切换到R2的过程(也就是我们模拟故障,关闭R1后)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! .!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
//当出现
.时,是VRRP的Master路由器由R2切换到R1的过程。(也就是故障修复后)
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!
总结
虚拟路由器冗余协议(VRRP)是一种选择协议,它可以把一个虚拟路由器的责任动态分配到局域网上的 VRRP 路由器中的一台。控制虚拟路由器 IP 地址的 VRRP 路由器称为主路由器,它负责转发数据包到这些虚拟 IP 地址。一旦主路由器不可用,这种选择过程就提供了动态的故障转移机制,这就允许虚拟路由器的 IP 地址可以作为终端主机的默认第一跳路由器。使用 VRRP 的好处是有更高的默认路径的可用性而无需在每个终端主机上配置动态路由或路由发现协议。