http://hi.baidu.com/axin2005/item/ec21cb1900ba7413e2f9867f (轉(zhuǎn))
一、在多層交換網(wǎng)絡(luò)中實現(xiàn)默認(rèn)網(wǎng)關(guān)路由器冗余
1,、代理ARP:主機(jī)使用ARP來確定前往遠(yuǎn)程目的地的下一跳的MAC地址,,本地路由器使用其MAC地址來響應(yīng),。(如果負(fù)責(zé)轉(zhuǎn)發(fā)的路由器故障,主機(jī)需要等待ARP超時后,,再學(xué)習(xí)到其他路由器的MAC)
2,、IRDP(interior gateway routing protocol):ICMP的一種擴(kuò)展,動態(tài)發(fā)現(xiàn)默認(rèn)路由器的一種協(xié)議,。很少用,,發(fā)現(xiàn)故障慢,。IRDP生命周期。
二,、HSRP(hot standby routing protocol)的作用及原理
HSRP是cisco私有協(xié)議,,在多臺路由器之間共享的虛擬MAC地址和虛擬IP地址以及一個通過多播協(xié)議對LAN接口和串行接口進(jìn)行監(jiān)控的進(jìn)程組成。虛擬成一個路由器(網(wǎng)關(guān))提供服務(wù),,此時,,PC的網(wǎng)關(guān)設(shè)置為虛擬網(wǎng)關(guān)地址。
1,、HSRP組件
一臺活躍路由器(發(fā)hello,、回應(yīng)PC ARP請求)、一臺備用路由器(發(fā)hello,、監(jiān)聽),、一臺虛擬路由器(PC網(wǎng)關(guān))、其他HSRP成員路由器(監(jiān)聽)
2,、工作:協(xié)議包每3秒發(fā)送一次,,持續(xù)10秒(3個周期)。HSRP被 UDP封裝,,端口號是1985,。目標(biāo)IP為224.0.0.2
3、虛擬MAC:0000.0c07.ac01 0000.0c廠商編號 07ac HSRP編號 01 組號,,最多支持256個組(標(biāo)識一個組)
4,、HSRP狀態(tài)
Initial:初始狀態(tài),HSRP未全面動轉(zhuǎn),,修改配置或接口啟動進(jìn)入此狀態(tài)
Learn:學(xué)習(xí)狀態(tài),,不知道虛擬IP,未看到活躍路由器發(fā)hello,。等待活躍路由器發(fā)hello,。
Listen:監(jiān)聽狀態(tài),知道虛擬IP,。沒有活動和備份路由器信息,。(其他HSRP成員路由器都處于此狀態(tài))
Speak:發(fā)方狀態(tài),定期發(fā)hello,,參與選舉活躍路由器選舉,。
Standby:備用狀態(tài),下一任活躍路由器,,定期發(fā)hello,。
Active:活躍狀態(tài),轉(zhuǎn)發(fā)HSRP虛擬MAC地址和IP的數(shù)據(jù)包,。定期發(fā)hello,。
三、配置及查看
1,、單組HSRP配置(備份)
Int vlan 2
Ip address 192.168.1.10 255.255.255.0
Standby 1 ip 192.168.1.1(配置虛擬IP,,組號默認(rèn)為0)
Standby 1 priority 200(越高越好,默認(rèn)為100)
Standby 1 preemt(搶占,,默認(rèn)沒有)
Standby 1 track f0/1 110(跟蹤上行端口,,110降優(yōu)先級)
R(config-if)#standby 1 authentication ?(認(rèn)證)
WORD Plain text authentication string(默認(rèn)cisco,明文顯示)
md5 Use MD5 authentication(md5加密)
text Plain text authentication
R(config-if)#standby 1 timers ?(時間,,hello和hold time)
<1-254> Hello interval in seconds
msec Specify hello interval in milliseconds(毫秒)
同一個組號可以有不同的IP(secondary),。仍由STP控制數(shù)據(jù)流。HSRP的主應(yīng)該是STP的根,。
2,、多組HSRP(負(fù)載)
在同一子網(wǎng)內(nèi)做多個虛擬網(wǎng)關(guān),不同的PC網(wǎng)關(guān)設(shè)置不同,。實現(xiàn)負(fù)載
interface Ethernet0/0
ip address 11.11.1.1 255.255.255.0
standby 1 ip 11.11.1.10
standby 1 priority 150
standby 1 preempt
standby 1 track Ethernet0/1 60
standby 2 ip 11.11.1.20
standby 2 priority 90
standby 2 preempt
standby 2 track Ethernet0/1
end
3,、查看
Show standby
Show standby brief
R#debug standby ?
errors HSRP errors
events HSRP events
packets HSRP packets
terse Display limited range of HSRP errors, events and packets
三層交換機(jī)上實現(xiàn)HSRP
HSRP是一種Cisco專有協(xié)議,它通過在冗余網(wǎng)關(guān)之間共享協(xié)議和MAC地址,,提供了不間斷的IP路徑冗余,。該協(xié)議由在兩臺路由器之間共享的虛擬MAC地址和虛擬IP地址以及一個通過多波協(xié)議對LAN接口和串行接口進(jìn)行監(jiān)控的進(jìn)程組成。HSRP支持將多臺路由器用作備用默認(rèn)網(wǎng)關(guān),。
將SW1和SW2組成一個HSRP組,,實現(xiàn)路由器的冗余,首先按拓?fù)鋱D所示配置IP地址,,使用一臺交換機(jī)來模擬PC,,用一以路由器模擬WEB,在SW1,、SW2和WEB之間配置EIGRP協(xié)議:
sw1(config-if)#interface fa0/8
sw1(config-if)#no switchport
sw1(config-if)#ip address 10.1.1.3 255.255.255.0
sw1(config-if)#no shutdown
sw1(config-if)#interface vlan 1
sw1(config-if)#ip address 10.1.2.3 255.255.255.0
sw1(config-if)#no shutdown
sw1(config-if)#exit
sw1(config)#ip routing
sw1(config)#router eigrp 100
sw1(config-router)#network 10.0.0.0
sw1(config-router)#no auto-summary
sw2(config)#interface fa0/7
sw2(config-if)#no switchport
sw2(config-if)#ip address 10.1.1.2 255.255.255.0
sw2(config-if)#no shutdown
sw2(config-if)#interface vlan 1
sw2(config-if)#ip address 10.1.2.2 255.255.255.0
sw2(config-if)#no shutdown
sw2(config-if)#exit
sw2(config)#ip routing
sw2(config)#router eigrp 100
sw2(config-router)#network 10.0.0.0
sw2(config-router)#no auto-summary
WEB(config)#interface fa0/1
WEB(config-if)#ip address 10.1.1.4 255.255.255.0
WEB(config-if)#no sh
WEB(config-if)#exit
WEB(config)#router eigrp 100
WEB(config-router)#network 10.0.0.0
WEB(config-router)#no auto-summary
PC(config)#interface vlan 1
PC(config-if)#ip address 10.1.2.100 255.255.255.0
PC(config-if)#no shutdown
PC(config-if)#exit
PC(config)#ip default-gateway 10.1.2.1
將PC的網(wǎng)關(guān)指向了10.1.2.1,,這個地址將是HSRP組的虛擬IP地址,配置HSRP:
sw1(config)#interface vlan 1
sw1(config-if)#standby ip 10.1.2.1
sw1(config-if)#standby preempt
sw2(config)#interface vlan 1
sw2(config-if)#standby ip 10.1.2.1
sw2(config-if)#standby preempt
HSRP應(yīng)在接口上配置,,配置時應(yīng)指定虛擬IP地址,,參數(shù)preempt可以幫助優(yōu)先級比較高的路由器在故障恢復(fù)后重新成為活躍路由器。
查看HSRP信息:
sw1#show standby
Vlan1 - Group 0
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.728
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac00
2 state changes, last state change 00:00:32
IP redundancy name is "hsrp-Vl1-0" (default)
sw2#show standby
Vlan1 - Group 0
Local state is Speak, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.032
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.3, priority 100 expires in 7.176
Standby router is unknown
0 state changes, last state change never
IP redundancy name is "hsrp-Vl1-0" (default)
可以發(fā)現(xiàn)兩者在默認(rèn)情況下優(yōu)先級相同,,由于SW1是先初始化的,,所以成為了活躍路由器,而SW2是備份路由器,。
在PC上執(zhí)行trace,,查看路由情況:
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 10.1.2.3 0 msec 4 msec 0 msec
2 10.1.1.4 0 msec 4 msec *
可以看見,數(shù)據(jù)包是通過目前的活躍路由器SW1轉(zhuǎn)發(fā)的,。
如果將SW1與PC之間的鏈路斷開,,可以發(fā)現(xiàn)PC仍然能與WEB通訊,,再次使用trace:
PC#ping 10.1.1.4
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 10.1.1.4, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 1/3/4 ms
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 *
10.1.2.2 0 msec 0 msec
2 10.1.1.4 4 msec 0 msec *
可以看到路徑改為通過SW2,而在SW1和SW2上查看HSRP信息:
sw1#show standby
Vlan1 - Group 0
Local state is Init (interface down), priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Virtual IP address is 10.1.2.1 configured
Active router is unknown
Standby router is unknown
3 state changes, last state change 00:01:39
IP redundancy name is "hsrp-Vl1-0" (default)
sw2#show standby
Vlan1 - Group 0
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.954
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is Unknown
Virtual mac address is 0000.0c07.ac00
2 state changes, last state change 00:01:07
IP redundancy name is "hsrp-Vl1-0" (default)
可以看到此時SW1的狀態(tài)是阻塞,,而SW2成為了活躍路由器,。
將SW1與PC之間的鏈路恢復(fù),再次查看SW1的HSRP信息:
sw1#show standby
Vlan1 - Group 0
Local state is Listen, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.2, priority 100 expires in 9.448
Standby router is unknown
3 state changes, last state change 00:02:03
IP redundancy name is "hsrp-Vl1-0" (default)
sw1#show standby
Vlan1 - Group 0
Local state is Speak, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.996
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.2, priority 100 expires in 9.164
Standby router is unknown
3 state changes, last state change 00:02:12
IP redundancy name is "hsrp-Vl1-0" (default)
sw1#show standby
Vlan1 - Group 0
Local state is Standby, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.528
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.2, priority 100 expires in 7.384
Standby router is local
4 state changes, last state change 00:00:01
IP redundancy name is "hsrp-Vl1-0" (default)
可以看到SW1經(jīng)過了監(jiān)聽,、發(fā)言之后,,最終成為了備份路由器。由于SW1和SW2都采用的是默認(rèn)的優(yōu)先級100,,即使我們配置了搶占(preempt)選項,,SW1也無法重新成為活躍路由器。此時,,我們可以手工指定SW1的優(yōu)先級:
sw1(config)#interface vlan 1
sw1(config-if)#standby priority 150
00:23:25: %STANDBY-6-STATECHANGE: Vlan1 Group 0 state Standby -> Active
sw1#show standby
Vlan1 - Group 0
Local state is Active, priority 150, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.252
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac00
5 state changes, last state change 00:00:03
IP redundancy name is "hsrp-Vl1-0" (default)
可以看到SW1重新成為了活躍路由器,。
此時,如果我們斷開SW1與WEB之間的鏈路:
sw1#show ip route
Codes: C - connected, S - static, I - IGRP, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2, E - EGP
i - IS-IS, L1 - IS-IS level-1, L2 - IS-IS level-2, ia - IS-IS inter area
* - candidate default, U - per-user static route, o - ODR
P - periodic downloaded static route
Gateway of last resort is not set
10.0.0.0/24 is subnetted, 2 subnets
C 10.1.2.0 is directly connected, Vlan1
D 10.1.1.0 [90/28416] via 10.1.2.2, 00:01:49, Vlan1
sw1#show standby
Vlan1 - Group 0
Local state is Active, priority 150, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.728
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac00
2 state changes, last state change 00:00:32
IP redundancy name is "hsrp-Vl1-0" (default)
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 10.1.2.3 4 msec 0 msec 4 msec
2 10.1.2.2 0 msec 0 msec 4 msec
3 10.1.1.4 4 msec 0 msec *
此時,,SW1仍然保持它活躍路由器的身份,,但是從SW1并不能直接到達(dá)WEB,流量會通過SW2轉(zhuǎn)發(fā),,這樣就帶來了性能問題,,可以通過配置track參數(shù)來解決這個問題。
將WEB與SW1恢復(fù)連通,,配置track參數(shù):
sw1(config)#interface vlan 1
sw1(config-if)#standby track fa0/8 51
這表示當(dāng)Fa0/8出現(xiàn)問題時,,SW1的優(yōu)先級將自動減少51,這樣能保證此時SW1的優(yōu)先級比SW2更低,,而讓SW2成為活躍路由器,。
再次斷開SW1與WEB之間的連接:
sw1#show standby
Vlan1 - Group 0
Local state is Standby, priority 99 (confgd 150), may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.674
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.2, priority 100 expires in 7.516
Standby router is local
4 state changes, last state change 00:00:07
IP redundancy name is "hsrp-Vl1-0" (default)
Priority tracking 1 interface or object, 0 up:
Interface or object Decrement State
FastEthernet0/8 51 Down (administratively down)
可以看到此時SW1的優(yōu)先級變成了99,成為了備份路由器,。
HSRP工作過程中,,HSRP組中始終只有一臺路由器處在轉(zhuǎn)發(fā)狀態(tài),這無疑對資源造成了極大的浪費(fèi),。我們可以能過配置多個HSRP組,,對不同的HSRP組指定不同的活躍路由器,將主機(jī)的網(wǎng)關(guān)指向不同的虛擬IP地址,,以達(dá)到負(fù)載均衡的目的,。
刪除之前的HSRP操作,創(chuàng)建兩個HSRP組:
sw1(config)#interface vlan 1
sw1(config-if)#no standby ip 10.1.2.1
sw1(config-if)#standby 1 ip 10.1.2.1
sw1(config-if)#standby 1 preempt
sw1(config-if)#standby 1 track fa0/8
sw1(config-if)#standby 2 ip 10.1.2.254
sw1(config-if)#standby 2 preempt
sw1(config-if)#standby 2 priority 95
sw1(config-if)#standby 2 track fa0/8
sw2(config)#interface vlan 1
sw2(config-if)#no standby ip 10.1.2.1
sw2(config-if)#standby 1 ip 10.1.2.1
sw2(config-if)#standby 1 preempt
sw2(config-if)#standby 1 track fa0/7
sw2(config-if)#standby 1 priority 95
sw2(config-if)#standby 2 ip 10.1.2.254
sw2(config-if)#standby 2 preempt
我們對SW1和SW2的不同HSRP組分別配置了不同的優(yōu)先級,,保證他們在不同的組里處于不同的角色,,實現(xiàn)了負(fù)載均衡:
sw1#show standby
Vlan1 - Group 1
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.210
Virtual IP address is 10.1.2.1 configured
Active router is local
Standby router is unknown
Virtual mac address is 0000.0c07.ac01
5 state changes, last state change 00:00:06
IP redundancy name is "hsrp-Vl1-1" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/8 10 Up
Vlan1 - Group 2
Local state is Standby, priority 95, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 2.346
Virtual IP address is 10.1.2.254 configured
Active router is 10.1.2.2, priority 100 expires in 7.680
Standby router is local
4 state changes, last state change 00:01:22
IP redundancy name is "hsrp-Vl1-2" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/8 10 Up
sw2#show standby
Vlan1 - Group 1
Local state is Standby, priority 95, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.384
Virtual IP address is 10.1.2.1 configured
Active router is 10.1.2.3, priority 100 expires in 9.872
Standby router is local
3 state changes, last state change 00:02:48
IP redundancy name is "hsrp-Vl1-1" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/7 10 Up
Vlan1 - Group 2
Local state is Active, priority 100, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 1.358
Virtual IP address is 10.1.2.254 configured
Active router is local
Standby router is 10.1.2.3 expires in 7.908
Virtual mac address is 0000.0c07.ac02
1 state changes, last state change 00:04:24
IP redundancy name is "hsrp-Vl1-2" (default)
Priority tracking 1 interface or object, 1 up:
Interface or object Decrement State
FastEthernet0/7 10 Up
在PC上使用trace命令:
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 10.1.2.3 4 msec 0 msec 4 msec
2 10.1.1.4 4 msec 0 msec *
將PC的默認(rèn)網(wǎng)關(guān)改為10.1.2.254,再次trace:
PC(config)#ip default-gateway 10.1.2.254
PC(config)#end
PC#trace 10.1.1.4
Type escape sequence to abort.
Tracing the route to 10.1.1.4
1 10.1.2.2 1000 msec 0 msec 4 msec
2 10.1.1.4 4 msec 0 msec *
可以看到PC在兩種情況下使用了不同的路由器來轉(zhuǎn)發(fā)數(shù)據(jù),實現(xiàn)了負(fù)載均衡的目的,。
熱備份HSRP配置
r1(config)#int f0/0
r1(config-if)#ip add 192.168.1.1 255.255.255.0
r1(config-if)#no shu
r1(config-if)#int f1/0
r1(config-if)#ip add 192.168.2.1 255.255.255.0
r1(config-if)#no shu
r1(config)#router rip
r1(config-router)#network 192.168.1.0
r1(config-router)#network 192.168.2.0
r1(config)#int f0/0
r1(config-if)#standby 47 ip 192.168.1.254 備份組為47虛擬IP為1.254
r1(config-if)#standby 47 priority 180 優(yōu)先級為180
r1(config-if)#standby 47 preemtp 配置占先權(quán)
r1(config-if)#standby 47 track f1/0 100 端口跟蹤,,優(yōu)先級減少100
r2(config)#int f0/0r2(config-if)#ip add 192.168.1.2 255.255.255.0
r2(config-if)#no shu
r2(config-if)#int f1/0
r2(config-if)#ip add 192.168.3.1 255.255.255.0
r2(config-if)#no shu
r2(config)#router rip
r2(config-router)#network 192.168.1.0
r2(config-router)#network 192.168.3.0
r2(config)#int f0/0
r2(config-if)#standby 47 ip 192.168.1.254 備份組為47虛擬IP為1.254
r2(config-if)#standby 47 priority 150 優(yōu)先級為150
r3(config)#int f0/0
r3(config-if)#ip add 192.168.2.2 255.255.255.0
r3(config-if)#no shu
r3(config-if)#int f1/0
r3(config-if)#ip add 192.168.3.2 255.255.255.0
r3(config-if)#no shu
r3(config-if)#int f2/0
r3(config-if)#ip add 192.168.4.1 255.255.255.0
r3(config-if)#no shu
r3(config)#router rip
r3(config-router)#network 192.168.2.0
r3(config-router)#network 192.168.3.0
r3(config-router)#network 192.168.4.0
VPCS1:ip 192.168.1.3 192.168.1.254 24 VPCS1IP為1.3網(wǎng)關(guān)為1.254
VPCS2:ip 192.168.4.2 192.168.4.1 24 VPCS2IP為4.2網(wǎng)關(guān)為4.1
之后測試就可以了。
