VRRP
VRRP能够在不改变组网的情况下,采用将多台路由设备组成一个虚拟路由器,通过配置虚拟路由器的IP地址为默认网关,实现默认网关的备份。
在配置VRRP备份组内各交换机时,建议将Backup配置为立即抢占,即不延迟(延迟时间为0),而将Master配置为延时抢占,并且配置15秒以上的延迟时间。
这样配置的目的是为了在网络环境不稳定时,在上下行链路的状态恢复一致性期间等待一定时间,避免由于双方频繁抢占导致用户设备学习到错误的Master设备地址而导致流量中断问题。
VRRP主备备份配置
华为设备:
●正常情况下,主机以SwitchA为默认网关接入Internet,当SwitchA故障时,SwitchB接替SwitchA作为网关继续进行工作,实现网关的冗余备份。
● SwitchA故障恢复后,其延时20秒通过抢占的方式重新成为Master,承担数据传输。
1.配置设备间的网络互连
# 配置设备各接口的IP地址,以SwitchA为例。SwitchB和SwitchC的配置与SwitchA类似。
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan batch 100 300 [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type hybrid [SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 300 //接口收到不带vlan标记的帧时,打上vlan标签。 [SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 300 //接口发送数据帧时,剥离vlan标记。 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type hybrid [SwitchA-GigabitEthernet1/0/2] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/2] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/2] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit [SwitchA] interface vlanif 300 [SwitchA-Vlanif300] ip address 192.168.1.1 24 [SwitchA-Vlanif300] quit
#配置Switch的二层转发功能。
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 100 [Switch-vlan100] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type hybrid [Switch-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type hybrid [Switch-GigabitEthernet1/0/2] port hybrid pvid vlan 100 [Switch-GigabitEthernet1/0/2] port hybrid untagged vlan 100 [Switch-GigabitEthernet1/0/2] quit
#配置SwitchA、SwitchB和SwitchC间采用OSPF协议进行互连。以SwitchA为例,SwitchB和SwitchC的配置与SwitchA类似。
[SwitchA] ospf 1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
2.配置VRRP备份组
[SwitchA] interface vlanif 100 [SwitchA-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111 //在三层接口下配置虚拟地址 [SwitchA-Vlanif100] vrrp vrid 1 priority 120 //设备在VRRP备份组中的优先级缺省为100,修改Master设备的优先级大于Backup设备 [SwitchA-Vlanif100] vrrp vrid 1 preempt-mode timer delay 20 //设备在VRRP备份组中缺省采用立即抢占方式。修改Master设备的延迟抢占时间,以避免在网络环境不稳定时,由于双方频繁抢占而导致流量中断的问题 [SwitchA-Vlanif100] quit
[SwitchB] interface vlanif 100 [SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111 [SwitchB-Vlanif100] quit
3.验证配置结果
[SwitchA] display vrrp
Vlanif100 | Virtual Router 1
State : Master //SwitchA为Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s //当故障恢复时,延迟20秒后抢占为master
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
[SwitchB] display vrrp
Vlanif100 | Virtual Router 1
State : Backup //备份状态
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s //当master故障时,立即抢占
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
VRRP负载分担配置
华为设备:
HostA和HostC通过Switch双归属到SwitchA和SwitchB。为减轻SwitchA上数据流量的承载压力,HostA以SwitchA为默认网关接入Internet,SwitchB作为备份网关;HostC以SwitchB为默认网关接入Internet,SwitchA作为备份网关,以实现流量的负载均衡。
1.配置设备间的网络互连
# 配置设备各接口的IP地址,以SwitchA为例。SwitchB和SwitchC的配置与SwitchA类似。
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan batch 100 300 [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type hybrid [SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 300 [SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 300 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type hybrid [SwitchA-GigabitEthernet1/0/2] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/2] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/2] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit [SwitchA] interface vlanif 300 [SwitchA-Vlanif300] ip address 192.168.1.1 24 [SwitchA-Vlanif300] quit
# 配置Switch的二层转发功能。
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 100 [Switch-vlan100] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type hybrid [Switch-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type hybrid [Switch-GigabitEthernet1/0/2] port hybrid pvid vlan 100 [Switch-GigabitEthernet1/0/2] port hybrid untagged vlan 100 [Switch-GigabitEthernet1/0/2] quit
# 配置SwitchA、SwitchB和SwitchC间采用OSPF协议进行互连。以SwitchA为例,SwitchB和SwitchC的配置与SwitchA类似。
[SwitchA] ospf 1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
2.配置VRRP备份组
# 在SwitchA和SwitchB上创建VRRP备份组1,配置SwitchA的优先级为120,抢占延时为20秒,作为Master设备;SwitchB的优先级为缺省值,作为Backup设备。
[SwitchA] interface vlanif 100 [SwitchA-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111 [SwitchA-Vlanif100] vrrp vrid 1 priority 120 [SwitchA-Vlanif100] vrrp vrid 1 preempt-mode timer delay 20 [SwitchA-Vlanif100] quit
[SwitchB] interface vlanif 100 [SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111 [SwitchB-Vlanif100] quit
# 在SwitchA和SwitchB上创建VRRP备份组2,配置SwitchB的优先级为120,抢占延时为20秒,作为Master设备;SwitchA的优先级为缺省值,作为Backup设备。
[SwitchB] interface vlanif 100 [SwitchB-Vlanif100] vrrp vrid 2 virtual-ip 10.1.1.112 [SwitchB-Vlanif100] vrrp vrid 2 priority 120 [SwitchB-Vlanif100] vrrp vrid 2 preempt-mode timer delay 20 [SwitchB-Vlanif100] quit
[SwitchA] interface vlanif 100 [SwitchA-Vlanif100] vrrp vrid 2 virtual-ip 10.1.1.112 [SwitchA-Vlanif100] quit
3.验证配置结果
#完成上述配置后,在SwitchA上执行display vrrp命令,可以看到SwitchA在备份组1中作为Master设备,在备份组2中作为Backup设备。
[SwitchA] display vrrp
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
Vlanif100 | Virtual Router 2
State : Backup
Virtual IP : 10.1.1.112
Master IP : 10.1.1.2
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
# 在SwitchB上执行display vrrp命令,可以看到SwitchB在备份组1中作为Backup设备,在备份组2中作为Master设备。
[SwitchB] display vrrp
Vlanif100 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
Vlanif100 | Virtual Router 2
State : Master
Virtual IP : 10.1.1.112
Master IP : 10.1.1.2
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
VRRP与BFD联动实现快速切换配置
VRRP备份组通过收发VRRP协议报文进行主备状态的协商,以实现设备的冗余备份功能。当VRRP备份组之间的链路出现故障时,由于此时VRRP报文无法正常协商,Backup设备需要等待3倍协商周期(通常为3秒左右)后才会切换为Master设备,在等待切换期间内,业务流量仍会发往Master设备,此时会造成业务流量丢失。
BFD能够快速检测、监控网络中链路或者IP路由的连通状况,通过部署VRRP与BFD联动,可以使主备切换的时间控制在1秒以内,有效解决上述问题。通过在Master设备和Backup设备之间建立BFD会话并与VRRP备份组进行绑定,由BFD机制快速检测VRRP备份组的通信故障,并在出现故障时及时通知VRRP备份组进行主备切换,从而大大减少应用中断时间。
华为设备:
当SwitchA或SwitchA到SwitchB间链路出现故障时,VRRP报文协商需要一定的协商周期。为了实现链路故障时快速切换,可以在链路中部署BFD链路检测机制,并配置VRRP监视BFD会话,实现当主用接口或者链路出现Down时,备用设备迅速切换为Master,承担网络流量,以减少故障对业务传输的影响。
1.配置设备间的网络互连
# 配置设备各接口的IP地址,以SwitchA为例。SwitchB的配置与SwitchA类似。
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan 100 [SwitchA-vlan100] quit [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type hybrid [SwitchA-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [SwitchA-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface vlanif 100 [SwitchA-Vlanif100] ip address 10.1.1.1 24 [SwitchA-Vlanif100] quit
# 配置Switch的二层转发功能。
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan 100 [Switch-vlan100] quit [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type hybrid [Switch-GigabitEthernet1/0/1] port hybrid pvid vlan 100 [Switch-GigabitEthernet1/0/1] port hybrid untagged vlan 100 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type hybrid [Switch-GigabitEthernet1/0/2] port hybrid pvid vlan 100 [Switch-GigabitEthernet1/0/2] port hybrid untagged vlan 100 [Switch-GigabitEthernet1/0/2] quit
# 配置SwitchA和SwitchB间采用OSPF协议进行互连。以SwitchA为例,SwitchB的配置与SwitchA类似。
[SwitchA] ospf 1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
2.配置VRRP备份组
# 在SwitchA上创建VRRP备份组1,配置SwitchA在该备份组中的优先级为120,并配置抢占延时为20秒。
[SwitchA] interface vlanif 100 [SwitchA-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.3 [SwitchA-Vlanif100] vrrp vrid 1 priority 120 //设备在VRRP备份组中的优先级缺省为100,修改Master设备的优先级大于Backup设备 [SwitchA-Vlanif100] vrrp vrid 1 preempt-mode timer delay 20 //设备在VRRP备份组中缺省采用立即抢占方式。修改Master设备的延迟抢占时间,以避免在网络环境不稳定时,由于双方频繁抢占而导致流量中断的问题 [SwitchA-Vlanif100] quit
# 在SwitchB上创建VRRP备份组1,其在该备份组中的优先级为缺省值100。
[SwitchB] interface vlanif 100 [SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.3 [SwitchB-Vlanif100] quit
3.配置静态BFD会话
# 在SwitchA上配置BFD会话。
[SwitchA] bfd [SwitchA-bfd] quit [SwitchA] bfd atob bind peer-ip 10.1.1.2 interface vlanif 100 //配置静态BFD会话,监测备份组之间的链路。 [SwitchA-bfd-session-atob] discriminator local 1 //配置BFD会话的本地标识符,SwitchA上的本地标识符需要与SwitchB上的远端标识符一致 [SwitchA-bfd-session-atob] discriminator remote 2 //配置BFD会话的远端标识符,SwitchA上的远端标识符需要与SwitchB上的本地标识符一致 [SwitchA-bfd-session-atob] min-rx-interval 100 //配置BFD报文的接收间隔 [SwitchA-bfd-session-atob] min-tx-interval 100 //配置BFD报文的发送间隔 [SwitchA-bfd-session-atob] commit //提交BFD会话配置,使配置生效 [SwitchA-bfd-session-atob] quit
# 在SwitchB上配置BFD会话。
[SwitchB] bfd [SwitchB-bfd] quit [SwitchB] bfd btoa bind peer-ip 10.1.1.1 interface vlanif 100 [SwitchB-bfd-session-btoa] discriminator local 2 [SwitchB-bfd-session-btoa] discriminator remote 1 [SwitchB-bfd-session-btoa] min-rx-interval 100 [SwitchB-bfd-session-btoa] min-tx-interval 100 [SwitchB-bfd-session-btoa] commit [SwitchB-bfd-session-btoa] quit
#配置完成后,在SwitchA或SwitchB上执行display bfd session命令,可以看到BFD会话的状态为Up。以SwitchA的显示为例。
[SwitchA] display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
1 2 10.1.1.2 Up S_IP_IF Vlanif100
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
4.配置VRRP与BFD联动功能
# 在SwitchB上配置VRRP与BFD联动,当BFD会话状态Down时,SwitchB的优先级增加40。
[SwitchB] interface vlanif 100 [SwitchB-Vlanif100] vrrp vrid 1 track bfd-session 2 increased 40 //其中2代表BFD会话的本地标识符 [SwitchB-Vlanif100] quit
5.验证配置结果
# 完成上述配置后,在SwitchA和SwitchB上分别执行display vrrp命令,可以看出SwitchA为Master设备,SwitchB为Backup设备,联动的BFD会话状态为UP。
[SwitchA] display vrrp
Vlanif100 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.3
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
[SwitchB] display vrrp
Vlanif100 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.3
Master IP : 10.1.1.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Track BFD : 2 Priority increased : 40
BFD-session state : UP
Create time : 2012-01-12 20:15:46
Last change time : 2012-01-12 20:15:46
VRRP+Eth-Trunk与接口状态联动配置
华为设备
VRRP主备备份功能有时需要额外的技术来完善其工作。例如,Master设备到达某网络的链路突然断掉时,VRRP无法感知故障进行切换,导致主机无法通过Master设备远程访问该网络。此时,可以通过VRRP与接口状态联动,解决这个问题。
当Master设备发现上行接口发生故障时,Master设备降低自己的优先级(使得Master设备的优先级低于Backup设备的优先级),并立即发送VRRP报文。Backup设备接收到优先级比自己低的VRRP报文后,切换至Master状态,充当VRRP备份组中新的Master设备,从而保证了流量的正常转发。
用户通过Switch双归属到SwitchA和SwitchB。用户希望实现:
-
正常情况下,主机以SwitchA为默认网关接入Internet,当SwitchA或者其上下行接口故障时,SwitchB接替作为网关继续进行工作,实现网关的冗余备份。
-
SwitchA和SwitchB之间增加带宽,实现链路冗余备份,提高链路可靠性。
-
SwitchA故障恢复后,可以在20秒内重新成为网关。
1.配置设备间的网络互连
# 配置核心层设备各接口的IP地址,以SwitchA为例。SwitchB和SwitchC的配置与SwitchA类似。
<HUAWEI> system-view [HUAWEI] sysname SwitchA [SwitchA] vlan batch 11 to 15 101 to 180 301 to 305 400 [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] port link-type trunk [SwitchA-GigabitEthernet1/0/1] undo port trunk allow-pass vlan 1 [SwitchA-GigabitEthernet1/0/1] port trunk allow-pass vlan 400 [SwitchA-GigabitEthernet1/0/1] quit [SwitchA] interface gigabitethernet 1/0/2 [SwitchA-GigabitEthernet1/0/2] port link-type trunk [SwitchA-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1 [SwitchA-GigabitEthernet1/0/2] port trunk allow-pass vlan 101 to 180 [SwitchA-GigabitEthernet1/0/2] quit [SwitchA] interface vlanif 11 [SwitchA-Vlanif11] ip address 10.1.1.2 24 [SwitchA-Vlanif11] quit [SwitchA] interface vlanif 12 [SwitchA-Vlanif12] ip address 10.1.2.2 24 [SwitchA-Vlanif12] quit [SwitchA] interface vlanif 13 [SwitchA-Vlanif13] ip address 10.1.3.2 24 [SwitchA-Vlanif13] quit [SwitchA] interface vlanif 14 [SwitchA-Vlanif14] ip address 10.1.4.2 24 [SwitchA-Vlanif14] quit [SwitchA] interface vlanif 15 [SwitchA-Vlanif15] ip address 10.1.5.2 24 [SwitchA-Vlanif15] quit [SwitchA] interface vlanif 400 [SwitchA-Vlanif400] ip address 192.168.1.1 24 [SwitchA-Vlanif400] quit
# 配置汇聚层交换机Switch的二层透传功能。
<HUAWEI> system-view [HUAWEI] sysname Switch [Switch] vlan batch 11 to 15 101 to 180 [Switch] interface gigabitethernet 1/0/1 [Switch-GigabitEthernet1/0/1] port link-type trunk [Switch-GigabitEthernet1/0/1] undo port trunk allow-pass vlan 1 [Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 11 to 15 101 to 180 [Switch-GigabitEthernet1/0/1] quit [Switch] interface gigabitethernet 1/0/2 [Switch-GigabitEthernet1/0/2] port link-type trunk [Switch-GigabitEthernet1/0/2] undo port trunk allow-pass vlan 1 [Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 11 to 15 101 to 180 [Switch-GigabitEthernet1/0/2] quit
# 配置核心层交换机SwitchA、SwitchB和Switch之间采用OSPF协议进行互连。以SwitchA为例,SwitchB和SwitchC的配置与SwitchA类似。
[SwitchA] ospf 1 [SwitchA-ospf-1] area 0 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.4.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 10.1.5.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [SwitchA-ospf-1-area-0.0.0.0] quit [SwitchA-ospf-1] quit
2.在核心层交换机SwitchA和SwitchB上配置super-VLAN
# 配置super-VLAN,以SwitchA为例。SwitchB的配置与SwitchA类似。
[SwitchA] vlan 11 [SwitchA-vlan11] aggregate-vlan [SwitchA-vlan11] access-vlan 101 to 116 301 [SwitchA-vlan11] quit [SwitchA] vlan 12 [SwitchA-vlan12] aggregate-vlan [SwitchA-vlan12] access-vlan 117 to 132 302 [SwitchA-vlan12] quit [SwitchA] vlan 13 [SwitchA-vlan13] aggregate-vlan [SwitchA-vlan13] access-vlan 133 to 148 303 [SwitchA-vlan13] quit [SwitchA] vlan 14 [SwitchA-vlan14] aggregate-vlan [SwitchA-vlan14] access-vlan 149 to 164 304 [SwitchA-vlan14] quit [SwitchA] vlan 15 [SwitchA-vlan15] aggregate-vlan [SwitchA-vlan15] access-vlan 165 to 180 305 [SwitchA-vlan15] quit
3.在核心层交换机SwitchA和SwitchB上配置链路聚合
# 在SwitchA上创建Eth-Trunk1并配置为LACP模式,SwitchB的配置与SwitchA类似。
[SwitchA] interface eth-trunk 1 [SwitchA-Eth-Trunk1] mode lacp [SwitchA-Eth-Trunk1] port link-type trunk [SwitchA-Eth-Trunk1] undo port trunk allow-pass vlan 1 [SwitchA-Eth-Trunk1] port trunk allow-pass vlan 301 to 305 [SwitchA-Eth-Trunk1] quit
# 配置SwitchA上的成员接口加入Eth-Trunk,SwitchB的配置与SwitchA类似。
[SwitchA] interface gigabitethernet 1/0/3 [SwitchA-GigabitEthernet1/0/3] eth-trunk 1 [SwitchA-GigabitEthernet1/0/3] quit [SwitchA] interface gigabitethernet 1/0/4 [SwitchA-GigabitEthernet1/0/4] eth-trunk 1 [SwitchA-GigabitEthernet1/0/4] quit
4.在核心层交换机SwitchA和SwitchB上配置VRRP备份组
# 在SwitchA上创建VRRP备份组,配置SwitchA在该备份组中的优先级为120,并配置抢占时间为20秒。
[SwitchA] interface vlanif 11 [SwitchA-Vlanif11] vrrp vrid 1 virtual-ip 10.1.1.1 [SwitchA-Vlanif11] vrrp vrid 1 priority 120 //设备在VRRP备份组中的优先级缺省为100,修改Master设备的优先级大于Backup设备 [SwitchA-Vlanif11] vrrp vrid 1 preempt-mode timer delay 20 //设备在VRRP备份组中缺省采用立即抢占方式。修改Master设备的延迟抢占时间,以避免在网络环境不稳定时,由于双方频繁抢占而导致流量中断的问题 [SwitchA-Vlanif11] vrrp vrid 1 track interface gigabitethernet 1/0/1 reduced 100 //监视上行接口,配置的优先级降低值必须确保优先级降低后Master设备的优先级低于Backup设备的优先级,以触发主备切换 [SwitchA-Vlanif11] vrrp vrid 1 track interface gigabitethernet 1/0/2 reduced 100 //监视下行接口,配置的优先级降低值必须确保优先级降低后Master设备的优先级低于Backup设备的优先级,以触发主备切换 [SwitchA-Vlanif11] vrrp advertise send-mode 301 //指定VRRP协议报文在VLAN 301里发送,以节约网络带宽 [SwitchA-Vlanif11] quit [SwitchA] interface vlanif 12 [SwitchA-Vlanif12] vrrp vrid 2 virtual-ip 10.1.2.1 [SwitchA-Vlanif12] vrrp vrid 2 priority 120 [SwitchA-Vlanif12] vrrp vrid 2 preempt-mode timer delay 20 [SwitchA-Vlanif12] vrrp vrid 2 track interface gigabitethernet 1/0/1 reduced 100 [SwitchA-Vlanif12] vrrp vrid 2 track interface gigabitethernet 1/0/2 reduced 100 [SwitchA-Vlanif12] vrrp advertise send-mode 302 [SwitchA-Vlanif12] quit [SwitchA] interface vlanif 13 [SwitchA-Vlanif13] vrrp vrid 3 virtual-ip 10.1.3.1 [SwitchA-Vlanif13] vrrp vrid 3 priority 120 [SwitchA-Vlanif13] vrrp vrid 3 preempt-mode timer delay 20 [SwitchA-Vlanif13] vrrp vrid 3 track interface gigabitethernet 1/0/1 reduced 100 [SwitchA-Vlanif13] vrrp vrid 3 track interface gigabitethernet 1/0/2 reduced 100 [SwitchA-Vlanif13] vrrp advertise send-mode 303 [SwitchA-Vlanif13] quit [SwitchA] interface vlanif 14 [SwitchA-Vlanif14] vrrp vrid 4 virtual-ip 10.1.4.1 [SwitchA-Vlanif14] vrrp vrid 4 priority 120 [SwitchA-Vlanif14] vrrp vrid 4 preempt-mode timer delay 20 [SwitchA-Vlanif14] vrrp vrid 4 track interface gigabitethernet 1/0/1 reduced 100 [SwitchA-Vlanif14] vrrp vrid 4 track interface gigabitethernet 1/0/2 reduced 100 [SwitchA-Vlanif14] vrrp advertise send-mode 304 [SwitchA-Vlanif14] quit [SwitchA] interface vlanif 15 [SwitchA-Vlanif15] vrrp vrid 5 virtual-ip 10.1.5.1 [SwitchA-Vlanif15] vrrp vrid 5 priority 120 [SwitchA-Vlanif15] vrrp vrid 5 preempt-mode timer delay 20 [SwitchA-Vlanif15] vrrp vrid 5 track interface gigabitethernet 1/0/1 reduced 100 [SwitchA-Vlanif15] vrrp vrid 5 track interface gigabitethernet 1/0/2 reduced 100 [SwitchA-Vlanif15] vrrp advertise send-mode 305 [SwitchA-Vlanif15] quit
# 在SwitchB上创建VRRP备份组,其在该备份组中的优先级为缺省值100。
[SwitchB] interface vlanif 11 [SwitchB-Vlanif11] vrrp vrid 1 virtual-ip 10.1.1.1 [SwitchB-Vlanif11] vrrp advertise send-mode 301 [SwitchB-Vlanif11] quit [SwitchB] interface vlanif 12 [SwitchB-Vlanif12] vrrp vrid 2 virtual-ip 10.1.2.1 [SwitchB-Vlanif12] vrrp advertise send-mode 302 [SwitchB-Vlanif12] quit [SwitchB] interface vlanif 13 [SwitchB-Vlanif13] vrrp vrid 3 virtual-ip 10.1.3.1 [SwitchB-Vlanif13] vrrp advertise send-mode 303 [SwitchB-Vlanif13] quit [SwitchB] interface vlanif 14 [SwitchB-Vlanif14] vrrp vrid 4 virtual-ip 10.1.4.1 [SwitchB-Vlanif14] vrrp advertise send-mode 304 [SwitchB-Vlanif14] quit [SwitchB] interface vlanif 15 [SwitchB-Vlanif15] vrrp vrid 5 virtual-ip 10.1.5.1 [SwitchB-Vlanif15] vrrp advertise send-mode 305 [SwitchB-Vlanif15] quit
5.在核心层交换机SwitchA、SwitchB、SwitchC和Switch上去使能STP协议
# 在SwitchA,SwitchB,SwitchC和Switch上全局去使能STP。以SwitchA为例,SwitchB、SwitchC和Switch的配置与SwitchA类似。
[SwitchA] stp disable Warning: The global STP state will be changed. Continue?[Y/N]:y
6.验证配置结果
# 完成上述配置后,在核心层交换机SwitchA上执行display vrrp命令,可以看到SwitchA在备份组中均作为Master设备。以查看备份组1为例,其他备份组回显信息相似。
[SwitchA] display vrrp 1
Vlanif11 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
Send VRRP packet to subvlan : 301
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet1/0/1 Priority reduced : 100
IF state : UP
Track IF : GigabitEthernet1/0/2 Priority reduced : 100
IF state : UP
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
# 在核心层交换机SwitchB上执行display vrrp命令,可以看到SwitchB在备份组中均作为Backup设备。以查看备份组1为例,其他备份组回显信息相似。
[SwitchB] display vrrp 1
Vlanif11 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
Send VRRP packet to subvlan : 301
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
备注:该文档参考华为技术文档。
