H3C MSR路由器多出口NQA+TRACK实现冗余自动切换出口线路

 案例出处

 https://blog.csdn.net/qq_41804366/article/details/117293367

场景:

路由器上两条ISP接入,通过两条静态默认路由访问internet,当一条线路出现问题但物理链路UP就会出现一部分网页打不开或一部分PC无法访问internet。为了解决这种问题,可以在路由器上配置TRACK联动NQA来实现链路检测,当一条线路出问题可以自动把所有数据包走另一条线路。

 

如图,在AR 上配置:
1、 分别配置IP地址和NAT(略)
2、 配置静态路由并关联track
[AR]ip route-static 0.0.0.0 0 192.168.88.1 track 1 //添加静态默认路由,下一跳为192.168.88.1 关联track1
[AR]ip route-static 0.0.0.0 0 192.168.200.1 track 2 //添加静态默认路由,下一跳为192.168.200.1 关联track2  实测如果默认路由分出优先级,首选走哪个,用preference 80(默认60)降低优先级

负载均衡: 如果两条链路的路由优先级相同(上面2条静态路由优先级同为默认的60)的话,就会实现负载均衡,数据包传输过程中,两条链路都会走


[AR]nqa entry admin wan1 //创建管理员名为admin,操作标签为wan1的NQA测试组
[AR-nqa-admin-wan1]type icmp-echo //配置测试类型为ICMP-ECHO(ping测试)
[AR-nqa-admin-wan1-icmp-echo]destination ip 114.114.114.114 //配置测试目的地址为114.114.114.114(可以配置为运营商的网关地址或可靠的服务IP
[AR-nqa-admin-wan1-icmp-echo]next-hop ip 192.168.88.1 //配置出口下一跳为192.168.88.1(ISP提供)
[AR-nqa-admin-wan1-icmp-echo]frequency 100 //配置测试频率为100ms
[AR-nqa-admin-wan1-icmp-echo]reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only //配置联动项1,连续失败5次触发联动。
[AR]nqa schedule admin wan1 start-time now lifetime forever //启动wan1 探测
[AR]track 1 nqa entry admin wan1 reaction 1 //配置track项1关联NQA测试组(管理员admin,标签wan1)的联动项1.

[AR]nqa entry admin wan2 //创建管理员名为admin,操作标签为wan2的NQA测试组(实际操作不需要探测第二条线路,只需要探测第一条线路且默认走第一条线路,如果探测第一条线路断了,则第二条生效,如果第二条断了,无所谓,本来走的就不是第二条)。
[AR-nqa-admin-wan1]type icmp-echo //配置测试类型为ICMP-ECHO(ping测试)
[AR-nqa-admin-wan1-icmp-echo]destination ip 8.8.8.8 //配置测试目的地址为8.8.8.8(可以配置为运营商的网关地址或可靠的服务IP,建议和WAN1的测试目的地址不同以防目的服务器有问题导致链路不通)
[AR-nqa-admin-wan1-icmp-echo]next-hop ip 192.168.200.1 //配置出口下一跳为192.168.200.1
[AR-nqa-admin-wan1-icmp-echo]frequency 100 //配置测试频率为100ms
[AR-nqa-admin-wan1-icmp-echo]reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only //配置联动项1,连续失败5次触发联动。
[AR]nqa schedule admin wan1 start-time now lifetime forever //启动探测 到wan1的
[AR]track 2 nqa entry admin wan2 reaction 1 //配置track项2,关联NQA测试组(管理员admin,标签wan2)的联动项1.实测这个也不需要

以上便可实现两条默认路由互相备份实现网络的高可用性!
如需策略路由在以上基础上添加策略路由并关联track项即可
====================================================================

我的在MSR3620上的实验结果OK啦

[H3C-Test2LineAutoChange]dis cur
#
version 7.1.049, Release 0106P21
#
sysname H3C-Test2LineAutoChange
#
ip unreachables enable
ip ttl-expires enable
#
dhcp enable//常规的DHCP内网地址池配置
dhcp server forbidden-ip 192.168.1.1 192.168.1.10
#
password-recovery enable
#
vlan 1
#
dhcp server ip-pool lan
network 192.168.1.0 mask 255.255.255.0
dns-list 202.99.166.4 222.222.222.222
gateway-list 192.168.1.1

#
nqa entry admin dianxin//创建NQA测试(探测)组:admin/dianxin,管理员admin,操作标签dianxin---实测去掉不用探测条二条线路
type icmp-echo//测试类型为ping
destination ip 172.16.12.254//测试目标IP为ISP网关或可靠的外网IP
frequency 1000//测试频率为1000ms
next-hop 172.16.12.254//出接口的下一步即ISP给的网关
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trap-only//配置联动项1:reaction 1 连续失败5次触发此联动

#

配置NQA探测出口网络的通断有三步骤:
nqa entry admin liantong//(一)创建NQA测试(探测)组:admin liantong  管理员admin,操作标签liantong 下面说明同上  探测优先级高的即可,高的通则通,不通第二条生效走第二条,第二条不通本来就是第一条,2条都断就没办法了 就全断了
type icmp-echo
destination ip 114.114.114.114//可用ISP的网关
frequency 1000
next-hop 172.16.11.254
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only//配置联动项1:reaction 1 连续失败5次触发此联动
#
nqa schedule admin liantong start-time now lifetime forever//(三)启动探测 到联通的 不用启用到电信的探测
#
controller Cellular0/0
#
controller Cellular0/1
#
interface Aux0
#
interface NULL0
#
interface GigabitEthernet0/0--出联通并NAT
port link-mode route
description to LianTong
combo enable copper
ip address 172.16.11.11 255.255.255.0
nat outbound
#
interface GigabitEthernet0/1---出电信并NAT
port link-mode route
description to DianXin
ip address 172.16.12.12 255.255.255.0
nat outbound
#
interface GigabitEthernet0/2---内网接口并关联DHCP池
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator

#配置静态路由并关联track 可优先级区分首选走哪个 也可不区分(测试通过了)
ip route-static 0.0.0.0 0 172.16.11.254 track 1-----------------下行可不配preference优先级,都是默认的60,这样就成的浮动路由,随意走,而现在默认走11,不走12,只有当11掉了(灯亮线断或灯不亮线断)才走12
ip route-static 0.0.0.0 0 172.16.12.254 track 2 preference 80
#
undo info-center enable
#
domain system
#
aaa session-limit ftp 32
aaa session-limit telnet 32
aaa session-limit http 32
aaa session-limit ssh 32
aaa session-limit https 32
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
track 1 nqa entry admin liantong reaction 1//(二)配置track1 关联上面NQA测试的测试组admin liantong的联动项1
track 2 nqa entry admin dianxin reaction 1//配置track2 关联上面NQA测试的测试组admin dianxin的联动项1
#
return
以上便可实现两条默认路由互相备份实现网络的高可用性!
如需策略路由在以上基础上添加策略路由并关联track项即可

无注释 纯净----------------------------------

<H3C-Test2LineAutoChange>dis cur
#
version 7.1.049, Release 0106P21
#
sysname H3C-Test2LineAutoChange
#
ip unreachables enable
ip ttl-expires enable
#
dhcp enable
dhcp server forbidden-ip 192.168.1.1 192.168.1.10
#
password-recovery enable
#
vlan 1
#
dhcp server ip-pool lan
network 192.168.1.0 mask 255.255.255.0
dns-list 202.99.166.4 222.222.222.222
gateway-list 192.168.1.1
#
nqa entry admin dianxin
type icmp-echo
destination ip 172.16.12.254
frequency 1000
next-hop 172.16.12.254
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trap-only
#
nqa entry admin liantong
type icmp-echo
destination ip 114.114.114.114
frequency 1000
next-hop 172.16.11.254
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
nqa schedule admin liantong start-time now lifetime forever
#
controller Cellular0/0
#
controller Cellular0/1
#
interface Aux0
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
description to LianTong
combo enable copper
ip address 172.16.11.11 255.255.255.0
nat outbound
#
interface GigabitEthernet0/1
port link-mode route
description to DianXin
ip address 172.16.12.12 255.255.255.0
nat outbound
#
interface GigabitEthernet0/2
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
ip route-static 0.0.0.0 0 172.16.11.254 track 1
ip route-static 0.0.0.0 0 172.16.12.254 track 2 preference 80
#
undo info-center enable
#
domain system
#
aaa session-limit ftp 32
aaa session-limit telnet 32
aaa session-limit http 32
aaa session-limit ssh 32
aaa session-limit https 32
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
track 1 nqa entry admin liantong reaction 1
track 2 nqa entry admin dianxin reaction 1
#
return

 

posted @   techNote  阅读(5178)  评论(0编辑  收藏  举报
(评论功能已被禁用)
相关博文:
· MSR3620双线基础上网物理断切-PBR策略选路-NQA智能判断自动切
· F1050双线物理断及逻辑断都会切NQA应用
· 02、策略路由与NQA联动
· 静态路由、Track与NQA联动配置举例
· HCIA datacom总结实验-实战测试1
阅读排行:
· 开源Multi-agent AI智能体框架aevatar.ai,欢迎大家贡献代码
· Manus重磅发布:全球首款通用AI代理技术深度解析与实战指南
· 被坑几百块钱后,我竟然真的恢复了删除的微信聊天记录!
· 没有Manus邀请码?试试免邀请码的MGX或者开源的OpenManus吧
· 园子的第一款AI主题卫衣上架——"HELLO! HOW CAN I ASSIST YOU TODAY
历史上的今天:
2022-01-08 H3C MSR 3620基础上网及L2TP配置
2022-01-08 09-全部OK后配置了电脑拨号的L2TP~~~H3C F1050
2022-01-08 H3C F1050启用L2TP让电脑远程拨号到内网的VPN配置
点击右上角即可分享
微信分享提示