VRRP(路由交换之虚拟网关冗余技术)
作者:邓聪聪
二层 :环路----STP
--链路聚合
三层: 网关 ----VRRP
VRRP 虚拟路由冗余协议
概念:虚拟路由器
--由转发数据的路由器和备份的路由去组成的一个虚拟组
--虚拟IP地址-------内网主机的网关地址
--虚拟MAC:00-00-3E-00-01-VRID
master路由器----------实际转发数据的路由器 ;
backup路由器----------备份网关路由器
选择主备网关:
看优先级,数值大的做为主网关、如果优先级一样,看接口IP,IP数值大的做为主网关
VRID :
虚拟组---虚拟编号---代表的虚拟路由器(属于一个虚拟组的不同路由器上的vrid必须相同)
VRRP主网关发送报文的地址: 组播地址224.0.0.18
VRRP协议报文发送的周期: 1S
VRRP协议号: 112
VRRP : 虚拟IP 、vrid 、认证
============================================================================
组网拓扑:
1、核心动态路由协议
2、汇聚层做高可用
汇聚层路由信息:
[sw3]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 19 Routes : 20 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_NSSA 150 1 D 4.1.1.1 Vlanif4 2.1.1.0/30 OSPF 10 2 D 4.1.1.1 Vlanif4 3.1.1.0/30 OSPF 10 2 D 4.1.1.1 Vlanif4 4.1.1.0/30 Direct 0 0 D 4.1.1.2 Vlanif4 4.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif4 5.1.1.0/30 OSPF 10 2 D 4.1.1.1 Vlanif4 6.1.1.0/30 Direct 0 0 D 6.1.1.2 Vlanif6 6.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif6 7.1.1.0/30 OSPF 10 2 D 10.1.1.3 Vlanif10 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10 10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10 20.1.1.0/30 OSPF 10 3 D 4.1.1.1 Vlanif4 OSPF 10 3 D 10.1.1.3 Vlanif10 100.1.1.0/24 Static 60 0 D 0.0.0.0 NULL0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif2019 192.168.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif2019 222.222.222.1/32 OSPF 10 2 D 4.1.1.1 Vlanif4
[sw4]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 18 Routes : 19 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_NSSA 150 1 D 7.1.1.1 Vlanif7 2.1.1.0/30 OSPF 10 3 D 7.1.1.1 Vlanif7 OSPF 10 3 D 10.1.1.2 Vlanif10 3.1.1.0/30 OSPF 10 2 D 7.1.1.1 Vlanif7 4.1.1.0/30 OSPF 10 2 D 10.1.1.2 Vlanif10 5.1.1.0/30 Direct 0 0 D 5.1.1.2 Vlanif5 5.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif5 6.1.1.0/30 OSPF 10 2 D 7.1.1.1 Vlanif7 7.1.1.0/30 Direct 0 0 D 7.1.1.2 Vlanif7 7.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif7 10.1.1.0/24 Direct 0 0 D 10.1.1.3 Vlanif10 10.1.1.1/32 OSPF 10 2 D 10.1.1.2 Vlanif10 10.1.1.3/32 Direct 0 0 D 127.0.0.1 Vlanif10 20.1.1.0/30 OSPF 10 2 D 7.1.1.1 Vlanif7 100.1.1.0/24 O_NSSA 150 1 D 10.1.1.2 Vlanif10 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10 222.222.222.1/32 OSPF 10 2 D 7.1.1.1 Vlanif7
核心路由:
<sw5>dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 16 Routes : 20 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.1.1.0/30 Direct 0 0 D 2.1.1.1 Vlanif2 2.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif2 3.1.1.0/30 OSPF 10 2 D 20.1.1.2 Vlanif20 OSPF 10 2 D 2.1.1.2 Vlanif2 4.1.1.0/30 OSPF 10 2 D 2.1.1.2 Vlanif2 5.1.1.0/30 OSPF 10 2 D 2.1.1.2 Vlanif2 6.1.1.0/30 OSPF 10 2 D 20.1.1.2 Vlanif20 7.1.1.0/30 OSPF 10 2 D 20.1.1.2 Vlanif20 10.1.1.0/24 OSPF 10 3 D 2.1.1.2 Vlanif2 OSPF 10 3 D 20.1.1.2 Vlanif20 10.1.1.1/32 OSPF 10 3 D 2.1.1.2 Vlanif2 OSPF 10 3 D 20.1.1.2 Vlanif20 20.1.1.0/30 Direct 0 0 D 20.1.1.1 Vlanif20 20.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 100.1.1.0/24 O_ASE 150 1 D 2.1.1.2 Vlanif2 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 OSPF 10 3 D 20.1.1.2 Vlanif20 OSPF 10 3 D 2.1.1.2 Vlanif2 222.222.222.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
[sw1]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 19 Routes : 21 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_ASE 150 1 D 2.1.1.1 Vlanif2 2.1.1.0/30 Direct 0 0 D 2.1.1.2 Vlanif2 2.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif2 3.1.1.0/30 Direct 0 0 D 3.1.1.1 Vlanif3 3.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif3 4.1.1.0/30 Direct 0 0 D 4.1.1.1 Vlanif4 4.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif4 5.1.1.0/30 Direct 0 0 D 5.1.1.1 Vlanif5 5.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif5 6.1.1.0/30 OSPF 10 3 D 5.1.1.2 Vlanif5 7.1.1.0/30 OSPF 10 2 D 5.1.1.2 Vlanif5 10.1.1.0/24 OSPF 10 2 D 4.1.1.2 Vlanif4 OSPF 10 2 D 5.1.1.2 Vlanif5 10.1.1.1/32 OSPF 10 2 D 4.1.1.2 Vlanif4 20.1.1.0/30 OSPF 10 2 D 3.1.1.2 Vlanif3 OSPF 10 2 D 2.1.1.1 Vlanif2 100.1.1.0/24 O_NSSA 150 1 D 4.1.1.2 Vlanif4 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 OSPF 10 2 D 4.1.1.2 Vlanif4 222.222.222.1/32 OSPF 10 1 D 2.1.1.1 Vlanif2
[sw2]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 19 Routes : 21 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_ASE 150 1 D 20.1.1.1 Vlanif20 2.1.1.0/30 OSPF 10 2 D 3.1.1.1 Vlanif3 OSPF 10 2 D 20.1.1.1 Vlanif20 3.1.1.0/30 Direct 0 0 D 3.1.1.2 Vlanif3 3.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif3 4.1.1.0/30 OSPF 10 2 D 6.1.1.2 Vlanif6 5.1.1.0/30 OSPF 10 3 D 6.1.1.2 Vlanif6 6.1.1.0/30 Direct 0 0 D 6.1.1.1 Vlanif6 6.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif6 7.1.1.0/30 Direct 0 0 D 7.1.1.1 Vlanif7 7.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif7 10.1.1.0/24 OSPF 10 2 D 6.1.1.2 Vlanif6 OSPF 10 2 D 7.1.1.2 Vlanif7 10.1.1.1/32 OSPF 10 2 D 6.1.1.2 Vlanif6 20.1.1.0/30 Direct 0 0 D 20.1.1.2 Vlanif20 20.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif20 100.1.1.0/24 O_NSSA 150 1 D 6.1.1.2 Vlanif6 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 OSPF 10 2 D 6.1.1.2 Vlanif6 222.222.222.1/32 OSPF 10 1 D 20.1.1.1 Vlanif20
设备sw1-sw6配置信息:
[sw1]dis cu # sysname sw1 # vlan batch 2 to 10 # stp disable # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif2 ip address 2.1.1.2 255.255.255.252 ospf authentication-mode md5 3 cipher s.2G'<U(x<'eKRQqbl+OV${# # interface Vlanif3 ip address 3.1.1.1 255.255.255.252 # interface Vlanif4 ip address 4.1.1.1 255.255.255.252 # interface Vlanif5 ip address 5.1.1.1 255.255.255.252 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 10 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 4 # interface GigabitEthernet0/0/3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 # interface GigabitEthernet0/0/4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 5 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 1 area 0.0.0.0 network 2.1.1.0 0.0.0.3 network 3.1.1.0 0.0.0.3 area 0.0.0.1 network 4.1.1.0 0.0.0.3 network 5.1.1.0 0.0.0.3 nssa # user-interface con 0 user-interface vty 0 4 # return [sw1]
[sw2]dis cu # sysname sw2 # vlan batch 2 to 10 20 # stp disable # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif3 ip address 3.1.1.2 255.255.255.252 # interface Vlanif6 ip address 6.1.1.1 255.255.255.252 # interface Vlanif7 ip address 7.1.1.1 255.255.255.252 # interface Vlanif20 ip address 20.1.1.2 255.255.255.252 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 7 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 20 # interface GigabitEthernet0/0/5 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 6 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 1 import-route static type 2 area 0.0.0.0 network 3.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 area 0.0.0.1 network 6.1.1.0 0.0.0.3 network 7.1.1.0 0.0.0.3 nssa area 0.0.0.2 network 111.1.1.1 0.0.0.0 # user-interface con 0 user-interface vty 0 4 # return [sw2]
[sw3]dis cu # sysname sw3 # vlan batch 2 to 10 2019 # stp instance 0 root primary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name 10 revision-level 1 instance 1 vlan 2 to 100 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif4 ip address 4.1.1.2 255.255.255.252 # interface Vlanif6 ip address 6.1.1.2 255.255.255.252 ospf cost 2000 # interface Vlanif10 ip address 10.1.1.2 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 vrrp vrid 10 priority 254 vrrp vrid 10 preempt-mode timer delay 5 # interface Vlanif2019 ip address 192.168.0.1 255.255.255.0 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 4 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 2019 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 6 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 1 import-route static route-policy tag area 0.0.0.1 network 4.1.1.0 0.0.0.3 network 6.1.1.0 0.0.0.3 network 192.168.0.0 0.0.0.255 network 10.1.1.0 0.0.0.255 nssa no-summary # route-policy tag permit node 10 if-match tag 201 # ip route-static 100.1.1.0 255.255.255.0 NULL0 tag 201 # user-interface con 0 user-interface vty 0 4 # return [sw3]
[sw4]dis cu # sysname sw4 # vlan batch 2 to 10 # stp instance 0 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name 10 revision-level 1 instance 1 vlan 2 to 100 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif5 ip address 5.1.1.2 255.255.255.252 ospf cost 2000 # interface Vlanif7 ip address 7.1.1.2 255.255.255.252 # interface Vlanif10 ip address 10.1.1.3 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 vrrp vrid 10 preempt-mode timer delay 3 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 7 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 3 10 # interface GigabitEthernet0/0/4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 5 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 1 area 0.0.0.1 network 5.1.1.0 0.0.0.3 network 7.1.1.0 0.0.0.3 network 10.1.1.0 0.0.0.255 nssa no-summary # user-interface con 0 user-interface vty 0 4 # port-group link-type # return [sw4]
<sw5>dis cu # sysname sw5 # vlan batch 2 to 10 20 # stp disable # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif2 ip address 2.1.1.1 255.255.255.252 ospf authentication-mode md5 3 cipher 9yiv#-7/e)Hj<w)JO!C@G%S# # interface Vlanif20 ip address 20.1.1.1 255.255.255.252 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 20 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # interface LoopBack1 ip address 222.222.222.1 255.255.255.255 # ospf 1 default-route-advertise always area 0.0.0.0 network 2.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 network 222.222.222.1 0.0.0.0 # user-interface con 0 user-interface vty 0 4 # return <sw5>
<sw6>dis cu # sysname sw6 # vlan batch 10 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 10.1.1.5 255.255.255.0 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # user-interface con 0 user-interface vty 0 4 # return <sw6>
