VRRP
VRRP网关的冗余备份协议,电脑的下一条备份
VRRP简单的原理
通过协商组成一台虚拟路由器,作为网关使用
比如说两台三层交换机,配置都一样,SW1下挂着一台PC机,SW2是SW1的备份交换机配置都一样,VRRP就是让两台SW协商一个相同的IP地址对外PC机使用,而内部SW1与SW2有不同的编号进行区分,这样就不会IP地址造成冲突
VRRP主要角色
主用设备
- 网关的主要维护者
备用设备
- 主用设备的备份
- backup
虚拟设备
- 网关
- 一个没有被占用的IP地址,就是没有任何设备使用
- 如果虚拟地址与某台参与VRRP的SW设备地址IP地址重复,重复的一定是主用设备
- 虚拟mac地址生成
VRRP主备设备选举规则
场景1
- 虚拟地址是参与者中的某个物理IP地址相同
- 拥有虚拟IP的设备默认优先级为255最大,虚拟IP拥有者一定是master
- 其它设备保持优先级默认100
场景2
- 虚拟地址与参与者中的物理IP地址不相同
- 1.优先级越大越优先
- 2.IP地址越大越优先
- 配置
SW1
int vlan 10
ip add 192.168.10.252 255.255.255.0
vrrp vrid 10 virtual-ip 192.168.10.254
vrrp vrid 10 priority 110SW2
int vlan 10
ip add 192.168.10.253 24
vrrp vrid 10 virtual-ip 192.168.10.254
VRRP的数据分流
设置多个VRRP组,实现负载分流,互为备份,充分提高网络利用率
VRRP的抢占
主用设备会一直周期发送自己的通告信息
备用设备不发送任何信息,只监听主用设备发的信息
1.备用优先级更改
- 立即抢占,并发送自己的通告告诉原来的主用设备我的优先级较高
2.备用设备超过3s没有收到主用设备的通告,抢占
- 默认通告周期为1s
- 超市时间3倍
VRRP查看信息的方法
优先级是越大越优先
[SW1-Vlanif10]dis vrrp 10
Vlanif10 | Virtual Router 10
State : Master
Virtual IP : 192.168.10.254
Master IP : 192.168.10.254
PriorityRun : 255
PriorityConfig : 100
MasterPriority : 255
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-010a
Check TTL : YES
Config type : normal-vrrp
Create time : 2020-12-10 16:07:53 UTC-08:00
Last change time : 2020-12-10 16:07:53 UTC-08:00
VRRP练习
R1
[R1]int g0/0/0 [R1-GigabitEthernet0/0/0]ip add 12.1.1.2 24
[R1]int g0/0/1 [R1-GigabitEthernet0/0/1]ip add 22.1.1.2 24
SW1
[SW1]vlan batch 10 20 30 40
Info: This operation may take a few seconds. Please wait for a moment...done.所有交换机相连的接口都是trunk口
g0/0/5
[SW1]int g0/0/5
[SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan 10 20 30 40
[SW1-GigabitEthernet0/0/5]port trunk allow-pass vlan all[SW1-GigabitEthernet0/0/5]dis this # interface GigabitEthernet0/0/5 port link-type trunk port trunk allow-pass vlan 2 to 4094 # return
g0/0/2 [SW1-GigabitEthernet0/0/2]int g0/0/2 [SW1-GigabitEthernet0/0/2]port link-type trunk [SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
g0/0/3 [SW1-GigabitEthernet0/0/3]int g0/0/3 [SW1-GigabitEthernet0/0/3]port link-type trunk [SW1-GigabitEthernet0/0/3]port trunk allow-pass vlan all
g0/0/4 [SW1-GigabitEthernet0/0/4]int g0/0/4 [SW1-GigabitEthernet0/0/4]port link-type trunk [SW1-GigabitEthernet0/0/4]port trunk allow-pass vlan all
配置SVI VLAN 12
[SW1]vlan 12 [SW1-vlan12]int vlan 12 [SW1-Vlanif12]ip address 12.1.1.1 24 [SW1-Vlanif12]int g0/0/1 [SW1-GigabitEthernet0/0/1]port link-type access [SW1-GigabitEthernet0/0/1]port default vlan 12
配置SVI VLAN 10 配置VRRP,虚拟sw,master
[SW1]int vlan 10 [SW1-Vlanif10]ip add 192.168.10.254 24
[SW1]int vlan 10
[SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[SW1-Vlanif10]vrrp vrid 10 priority 110
[SW1-Vlanif10]dis vrrp bri
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master Vlanif10 Normal 192.168.10.254
----------------------------------------------------------------
Total:1 Master:1 Backup:0 Non-active:0配置SVI VLAN 20 这个不是master了
[SW1]int vlan 20 [SW1-Vlanif20]ip add 192.168.20.252 24 [SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
配置SVI VLAN 30 配置VRRP,虚拟sw ,master
[SW1]int vlan 30 [SW1-Vlanif30]ip add 192.168.30.252 24 [SW1-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254 [SW1-Vlanif30]vrrp vrid 30 priority 110
配置SVI VLAN 40 配置VRRP,虚拟sw
[SW1]int vlan 40 [SW1-Vlanif40]ip add 192.168.40.252 24 [SW1-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254
SW2
[SW2]vlan batch 10 20 30 40 Info: This operation may take a few seconds. Please wait for a moment...done.
所有交换机相连的接口都是trunk口
g0/0/5 [SW2]int g0/0/5 [SW2-GigabitEthernet0/0/5]port link-type trunk [SW2-GigabitEthernet0/0/5]port trunk allow-pass vlan all
g0/0/4 [SW2-GigabitEthernet0/0/5]int g0/0/4 [SW2-GigabitEthernet0/0/4]port link-type trunk [SW2-GigabitEthernet0/0/4]port trunk allow-pass vlan all
g0/0/3 [SW2-GigabitEthernet0/0/4]int g0/0/3 [SW2-GigabitEthernet0/0/3]port link-type trunk [SW2-GigabitEthernet0/0/3]port trunk allow-pass vlan all
g0/0/2 [SW2-GigabitEthernet0/0/3]int g0/0/2 [SW2-GigabitEthernet0/0/2]port link-type trunk [SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
配置SVI VLAN 12
[SW2]vlan 22
[SW2-vlan22]int vlan 22
[SW2-Vlanif22]ip add 22.1.1.1 24
[SW2-Vlanif22]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access
[SW2-GigabitEthernet0/0/1]port default vlan 22
配置SVI VLAN 10 配置VRRP,虚拟sw
[SW2]int vlan 10 [SW2-Vlanif10]ip add 192.168.10.253 24
[SW2]int vlan 10
[SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254[SW2-Vlanif10]dis vrrp bri
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Backup Vlanif10 Normal 192.168.10.254
----------------------------------------------------------------
Total:1 Master:0 Backup:1 Non-active:0配置SVI VLAN 20 VRRP,为master
[SW2]int vlan 20 [SW2-Vlanif20]ip add 192.168.20.253 24 SW2 VLAN 20 为master [SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254 [SW2-Vlanif20]vrrp vrid 20 priority 110
配置SVI VLAN 30 VRRP
[SW2]int vlan 30 [SW2-Vlanif30]ip add 192.168.30.253 24 [SW2-Vlanif30]vrrp vrid 30 virtual-ip 192.168.30.254
配置SVI VLAN 40 VRRP ,为master
[SW2]int vlan 40 [SW2-Vlanif40]ip add 192.168.40.253 24 [SW2-Vlanif40]vrrp vrid 40 virtual-ip 192.168.40.254 [SW2-Vlanif40]vrrp vrid 40 priority 110
SW3
[sw3]vlan batch 10 20 Info: This operation may take a few seconds. Please wait for a moment...done.
所有交换机相连的接口都是trunk口
g0/0/1 [sw3]int g0/0/1 [sw3-GigabitEthernet0/0/1]port link-type trunk [sw3-GigabitEthernet0/0/1]port trunk allow-pass vlan all
g0/0/2 [sw3-GigabitEthernet0/0/1]int g0/0/2 [sw3-GigabitEthernet0/0/2]port link-type trunk [sw3-GigabitEthernet0/0/2]port trunk allow-pass vlan all
pc机连接的是access接口
g0/0/3 [sw3-GigabitEthernet0/0/2]int g0/0/3 [sw3-GigabitEthernet0/0/3]port link-type access [sw3-GigabitEthernet0/0/3]port default vlan 10
g0/0/4 [sw3-GigabitEthernet0/0/3]int g0/0/4 [sw3-GigabitEthernet0/0/4]port link-type access [sw3-GigabitEthernet0/0/4]port default vlan 20
SW4
[SW4]vlan 30
所有交换机相连的接口都是trunk口
g0/0/1 [SW4]int g0/0/1 [SW4-GigabitEthernet0/0/1]port link-type trunk [SW4-GigabitEthernet0/0/1]port trunk allow-pass vlan all
g 0/0/2 [SW4-GigabitEthernet0/0/1]int g0/0/2 [SW4-GigabitEthernet0/0/2]port link-type trunk [SW4-GigabitEthernet0/0/2]port trunk allow-pass vlan all
pc机连接的是access接口
g 0/0/3 [SW4]int g0/0/3 [SW4-GigabitEthernet0/0/3]port link-type access [SW4-GigabitEthernet0/0/3]port default vlan 30
SW5
[SW5]vlan 40
所有交换机相连的接口都是trunk口
g 0/0/1 [SW5]int g0/0/1 [SW5-GigabitEthernet0/0/1]port link-type trunk [SW5-GigabitEthernet0/0/1]port trunk allow-pass vlan all
g 0/0/2 [SW5-GigabitEthernet0/0/1]int g0/0/2 [SW5-GigabitEthernet0/0/2]port link-type trunk [SW5-GigabitEthernet0/0/2]port trunk allow-pass vlan all
pc机连接的是access接口
g 0/0/3 [SW5-GigabitEthernet0/0/2]int g0/0/3 [SW5-GigabitEthernet0/0/3]port link-type access [SW5-GigabitEthernet0/0/3]port default vlan 40
实现全网互通,配置ospf
SW1
[SW1]ospf [SW1-ospf-1]area 0 [SW1-ospf-1-area-0.0.0.0]network 12.1.1.1 0.0.0.0 [SW1-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255 [SW1-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
SW2
[SW2]ospf [SW2-ospf-1]area 0 [SW2-ospf-1-area-0.0.0.0]network 22.1.1.1 0.0.0.0 [SW2-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.0]network 192.168.30.0 0.0.0.255 [SW2-ospf-1-area-0.0.0.0]network 192.168.40.0 0.0.0.255
设置被动接口
SW1
[SW1]ospf [SW1-ospf-1]silent-interface vlan 10 [SW1-ospf-1]silent-interface vlan 20 [SW1-ospf-1]silent-interface vlan 30 [SW1-ospf-1]silent-interface vlan 40
SW2
[SW2]ospf [SW2-ospf-1]silent-interface vlan 10 [SW2-ospf-1]silent-interface vlan 20 [SW2-ospf-1]silent-interface vlan 30 [SW2-ospf-1]silent-interface vlan 40
配置ospf总是下发默认路由
[R1]int l 0
[R1-LoopBack0]ip add 114.114.114.114 32
[R1]ospf 1
[R1-ospf-1]default-route-advertise always在sw的路由表中就可以看到默认路由
[SW1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 O_ASE 150 1 D 12.1.1.2 Vlanif12pc机进行测试
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=254 time=94 ms
From 114.114.114.114: bytes=32 seq=2 ttl=254 time=78 ms
--- 114.114.114.114 ping statistics ---
2 packet(s) transmitted
2 packet(s) received
0.00% packet loss
round-trip min/avg/max = 78/86/94 ms
VRRP的缺陷
VRRP的缺陷是无法检测出接口的线路是否正常,如果线路down掉路由就无法通过,备份设备又没有办法切换
VRRP也有自己的解决方法,在master设备上配置
[SW1]int vlan 10 [SW1-Vlanif10]vrrp vrid 10 track interface g0/0/1 reduced 20 Error: The IP address owner cannot perform the track function.
报错了,报错原因是,vrrp的虚拟IP地址和物理的IP地址有重复,要想使用这个功能,把VRRP的物理地址和虚拟地址修改为不一样的
[SW1-Vlanif10]undo ip address 192.168.10.254 24
[SW1-Vlanif10]ip address 192.168.10.252 24
[SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[SW1-Vlanif10]vrrp vrid 10 priority 110
// 为了演示就配置一条看看效果,完整的话master上的接口都配置
[SW1-Vlanif10]vrrp vrid 10 track interface g0/0/1 reduced 20
shutdown g0/0/1接口
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]shutdown[SW1-Vlanif10]dis vrrp bri
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Backup Vlanif10 Normal 192.168.10.254
20 Backup Vlanif20 Normal 192.168.20.254
30 Master Vlanif30 Normal 192.168.30.254
40 Backup Vlanif40 Normal 192.168.40.254
----------------------------------------------------------------
Total:4 Master:1 Backup:3 Non-active:0[SW2]dis vrrp bri
VRID State Interface Type Virtual IP
----------------------------------------------------------------
10 Master Vlanif10 Normal 192.168.10.254
20 Master Vlanif20 Normal 192.168.20.254
30 Backup Vlanif30 Normal 192.168.30.254
40 Master Vlanif40 Normal 192.168.40.254
----------------------------------------------------------------
Total:4 Master:3 Backup:1 Non-active:0PC机进行测试
这里使用PC1,与PC3进行测试,因为它两都是SW1的主设备接口,pc1 vlan10我们做了填补VRRP缺陷的配置,pc3 vlan30主设备在SW1上,没有做填补VRRP的缺陷配置,进行对比
pc1
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
From 114.114.114.114: bytes=32 seq=1 ttl=254 time=109 ms
From 114.114.114.114: bytes=32 seq=2 ttl=254 time=78 ms
From 114.114.114.114: bytes=32 seq=3 ttl=254 time=63 ms
--- 114.114.114.114 ping statistics ---
3 packet(s) transmitted
3 packet(s) received
0.00% packet loss
round-trip min/avg/max = 63/83/109 ms
PC3
PC>ping 114.114.114.114
Ping 114.114.114.114: 32 data bytes, Press Ctrl_C to break
Request timeout!
Request timeout!
Request timeout!
Request timeout!
--- 114.114.114.114 ping statistics ---
4 packet(s) transmitted
0 packet(s) received
100.00% packet loss
继续阅读
我的微信
这是我的微信扫一扫
评论