VRRP技术专题专题知识学习完此课程,您将会:熟悉VRRP的工作原理掌握VRRP的基本配置了解VRRP的典型组网模型及常见问题目标第1章VRRP工作原理第2章VRRP的基本配置第3章VRRP常见问题课程内容技术背景NETWORK单点故障192.168.1.254192.168.1.1/24网关1.254192.168.1.2/24网关1.254192.168.1.3/24网关1.254VRRP带来什么?R1R2GE0/0/0192.168.1.253/24GE0/0/0192.168.1.252/24VRRPMasterBackupVirtualRouter192.168.1.254192.168.1.2/24网关1.254VRRP带来什么?R1R2GE0/0/0192.168.1.253/24GE0/0/0192.168.1.252/24MasterBackupVirtualRouter192.168.1.254192.168.1.2/24网关1.254VRRP带来什么?R1R2GE0/0/0192.168.1.253/24GE0/0/0192.168.1.252/24BackupMasterVirtualRouter192.168.1.254192.168.1.2/24网关1.254VRRP概述利用VRRP,一组路由器(同一个LAN中的接口)协同工作,但只有一个处于Master状态,处于该状态的路由器(的接口)承担实际的数据流量转发任务。在一个VRRP组内的多个路由器接口共用一个虚拟IP地址,该地址被作为局域网内所有主机的缺省网关地址。VRRP决定哪个路由器是Master,Master路由器负责接收发送至用户网关(也就是发向上文提到的虚拟IP地址)的数据包并进行转发,以及响应PC对于其网关的ARP请求。Backup路由器侦听Master路由器的状态,并准备随时接替Master路由器的工作。VRRP术语VRRP路由器运行VRRP的路由器,一台VRRP路由器(的接口)可以同时参与到多个VRRP组中,在不同的组中,一台VRRP路由器可以充当不同的角色VRRP组一个VRRP组由多个VRRP路由器组成,使用groupID进行标识,属于同一VRRP组的VRRP路由器互相交换信息,每一个VRRP组中只能有一个Master。虚拟路由器对于每一个VRRP组,抽象出来的一个逻辑路由器,该路由器充当网络用户的网关,该路由器并非真实存在,事实上对于用户而言,只需知道虚拟路由器的IP,至于具体的虚拟路由器的角色由谁来承担、数据转发任务由谁来承担、Master挂掉之后谁来接替,这是VRRP的工作。VRRP术语虚拟IP地址、MAC地址虚拟IP地址用于标示虚拟路由器,该地址实际上就是用户的网关地址。与虚拟IP地址对应的MAC也是虚拟的,该MAC地址由固定位加上VRRP组ID构成,当PC发arp请求虚拟IP地址对应的MAC地址,Master路由器响应这个arp请求并告知虚拟MAC地址。Master、Backup路由器Master路由器:就是在VRRP组实际转发数据包的路由器,在每一个VRRP组中,仅有Master响应对虚拟IP地址的ARP请求。Master路由器同时以一定的时间间隔发送VRRP消息,以便通知Backup路由器自己的存活。Backup路由器:就是在VRRP组中处于监听状态的路由器,一旦Master路由器出现故障,Backup路由器就开始接替工作选举依据:先比较接口优先级(比大),如果相等则比接口IP地址(比大)虚拟MAC地址通过VRRP形成的虚拟路由器使用虚拟IP地址和虚拟MAC与网络中的PC进行通信。虚拟MAC的格式如下,最后1个字节的VRID表示VRRPID号的16进制,例如VRID是1,虚拟MAC地址为00-00-5E-00-01-01。InternetAddressPhysicalAddress192.168.1.25200-E0-FC-03-AD-5A192.168.1.25300-E0-FC-03-C9-82192.168.1.25400-00-5E-00-01-01R1R2GE0/0/0192.168.1.253/24GE0/0/0192.168.1.252/24VRRPMasterBackupVirtualRouter192.168.1.25400-00-5E-00-01-01Master/BackupRouterMasterRouter响应PC对网关(虚拟路由器IP地址)的ARP请求(使用虚拟MAC响应)。转发目的MAC地址为虚拟MAC地址的IP报文。周期性发送VRRP组播包以告知自己的存活情况。BackupRouter持续侦听Masterrouter发送的VRRP组播包;当MasterRouter出现问题的时候,接替它的位置;对虚拟IP地址的ARP请求,不做响应;丢弃目的MAC地址为虚拟MAC地址的IP报文;丢弃目的IP地址为虚拟IP地址的IP报文。VRRP状态机VRRP协议的状态共有三种,分别是Initialize,Master,Backup,初始状态都是Initialize,通过比较优先级产生Master和Backup,在规定时间内,Backup若没有收到Master发来的心跳报文,将切换为Master。InitializeMasterBackupShutdownShutdownStartup,winStartup,loss收到优先级更高的VRRP通告Master_Down_TimerVRRP报文VRRP报文Version:2Type:1ADVERTISEMENTVirtualRtrID(VRID):配置的VRRP备份组号,1~255Priority:优先级,0~255(其中0,255不可以配置)255:如果配置的虚拟地址与接口实际IP地址相同,则优先级为255100:缺省值CountIPAddrs:配置的备份组虚拟地址个数(1个备份组可对应多个虚拟地址)AuthenticationType:验证类型,协议中指定了3种类型0-NoAuthentication1-SimpleTextPassword2-IPAuthenticationHeaderVRRP报文AdvertisementInterval(AdverInt):发送报文的时间间隔,缺省为1秒Checksum:校验和IPAddress(es):配置的备份组虚拟地址的列表(一个备份组可支持多个地址)AuthenticationData:验证字。第1章VRRP工作原理第2章VRRP的基本配置第3章VRRP常见问题课程内容VRRP实验1R1R2GE0/0/0192.168.1.253/24GE0/0/0192.168.1.252/24MasterBackup192.168.1.1/24网关1.254VirtualRouter192.168.1.254VRRPVRRP实验1(R1配置)[R1]interfaceGigabitEthernet0/0/0[R1-GigabitEthernet0/0/0]ipaddress192.168.1.25324[R1-GigabitEthernet0/0/0]vrrpvrid1virtual-ip192.168.1.254[R1-GigabitEthernet0/0/0]vrrpvrid1priority120[R1-GigabitEthernet0/0/0]vrrpvrid1preempt-modetimerdelay20[R1-GigabitEthernet0/0/0]quit配置虚拟路由器1的抢占时间为20s,抢占时间是指当主设备因为故障修复重新切换为主状态时等待的时间VRRP实验1(R2配置)[R2]interfaceGigabitEthernet0/0/0[R2-GigabitEthernet0/0/0]ipaddress192.168.1.25224[R2-GigabitEthernet0/0/0]vrrpvrid1virtual-ip192.168.1.254[R2-GigabitEthernet0/0/0]quitVRRP实验1(R1查看VRRP详细信息)[R1]displayvrrpGigabitEthernet0/0/0|VirtualRouter1State:MasterVirtualIP:192.168.1.254MasterIP:192.168.1.253PriorityRun:120PriorityConfig:120MasterPriority:120Preempt:YESDelayTime:20sTimerRun:1sTimerConfig:1sAuthtype:NONEVirtualMAC:0000-5e00-0101CheckTTL:YESConfigtype:normal-vrrpBackup-forward:disabledCreatetime:2013-12-2918:26:48UTC-05:13Lastchangetime:2013-12-2918:26:52UTC-05:13本设备在该VRRP组的状态,为masterVRRP组ID接口在本VRRP组的优先级开启抢占,且延迟时间为20sVRRP实验1(R1查看VRRP简要信息)[R1]displayvrrpbriefTotal:1Master:1Backup:0Non-active:0VRIDStateInterfaceTypeVirtualIP----------------------------------------------------------------1MasterGE0/0/0Normal192.168.1.254VRRP实验1(R2查看VRRP详细信息)[R2]displayvrrpGigabitEthernet0/0/0|VirtualRouter1State:BackupVirtualIP:192.168.1.254MasterIP:192.168.1.253PriorityRun:100PriorityConfig:100MasterPriority:120Preempt:YESDelayTime:0sTimerRun:1sTimerConfig:1sAuthtype:NONEVirtualMAC:0000-5e00-0101CheckTTL:YESConfigtype:normal-vrrpBackup-forward:disabledCreatetime:2013-12-2918:27:17UTC-05:13Lastchangetime:2013-12-2918:27:17UTC-05:13本设备在该VRRP组的状态,为master接口在本VRRP组的优先级开启抢占Master的IP地址VRRP实验2track接口状态R1R2GE0/0/0192.168.1.253/24GE0/0/0192.168.1.252/24MasterBackup192.168.1.1/24网关1.254R1的VRRP组跟踪接口GE0/0/1的状态,如果接口DOWN了,那么立即将VRRP组优先级减去30,比R2的更小。GE0/0/1VRRPVRRP实验2track接口状态(R1的配置)[R1]interfaceGigabitEthernet0/0/0[R1-GigabitEthernet0/0/0]ipaddress192.168.1.25324[R1-GigabitEthernet0/0/0]vrrpvrid1virtual-ip192.168.1.254[R1-GigabitEthernet0/0/0]vrrpvrid1priority120[R1-GigabitEthernet0/0/0]vrrpvrid1trackinterfaceGi0/0/1reduced30[R1-GigabitEthernet0/0/0]vrrpvrid1preempt-modetimerdelay20[R1-GigabitEthernet0/0/0]quitVRRP实验3VRRP与BFD联动R1R2GE0/0/0192.168.1.253/24GE0/0/0192.168.1.252/24MasterSlave192.168.1.1/24网关1.254R1、R2之间配置了一组BFD,用于快速检测双方接口的状态,一旦发现对端接口连通性出现问题,立即引发VRRP发生切换。VRRPVRRP实验3VRRP与BFD联动(R1的配置)[R1]interfaceGigabitEthernet0/0/0[R1-GigabitEthernet0/0/0]ipaddress192.168.1.25324[R1-GigabitEthernet0/0/0]vrrpvrid1virtual-ip192.168.1.254[R1-GigabitEthernet0/0/0]vrrpvrid1priority120[R1-GigabitEthernet0/0/0]vrrpvrid1preempt-modetimerdelay20[R1-GigabitEthernet0/0/0]quit[R1]bfd[R1-bfd]quit[R1]bfdmytrackbindpeer-ip192.168.1.252interfaceGigabitEthernet0/0/0[R1-bfd-session-atob]discriminatorlocal1[R1-bfd-session-atob]discriminatorremote2[R1-bfd-session-atob]min-rx-interval50[R1-bfd-session-atob]min-tx-interval50[R1-bfd-session-atob]commit[R1-bfd-session-atob]quitVRRP实验3VRRP与BFD联动(R2的配置)[R2]interfaceGigabitEthernet0/0/0[R2-GigabitEthernet0/0/0]ipaddress192.168.1.25224[R2-GigabitEthernet0/0/0]vrrpvrid1virtual-ip192.168.1.254[R2-GigabitEthernet0/0/0]vrrpvrid1trackbfd-session2increased50[R2-GigabitEthernet0/0/0]quit[R2]bfd[R2-bfd]quit[R2]bfdmytrackbindpeer-ip192.168.1.253interfaceGigabitEthernet0/0/0[R2-bfd-session-atob]discriminatorlocal2[R2-bfd-session-atob]discriminatorremote1[R2-bfd-session-atob]min-rx-interval50[R2-bfd-session-atob]min-tx-interval50[R2-bfd-session-atob]commit[R2-bfd-session-atob]quitVRRP实验4路由器上运行多组VRRP实现负载分担R1GE0/0/0.10192.168.1.253/24dot1qterminationvid10vrrpvrid1MasterGE0/0/0.20192.168.2.252/24dot1qterminationvid20vrrpvrid2SlavePC1VLAN10192.168.1.1/24网关1.254PC2VLAN20192.168.2.1/24网关2.254R2TrunkTrunkGE0/0/0.10192.168.1.252/24dot1qterminationvid10vrrpvrid1SlaveGE0/0/0.20192.168.2.253/24dot1qterminationvid20vrrpvrid2Master内网存在两个VLAN:10及20;现在要求在网络正常的情况下,vlan10流量走左侧,vlan20走右侧,并且能够在左右两侧链路或R1、R2发生故障时自动切换。GE0/0/0GE0/0/0VRRP实验4路由器上运行多组VRRP实现负载分担R1的配置如下:[R1]interfaceGigabitEthernet0/0/0.10[R1-GigabitEthernet0/0/0.10]dot1qterminationvid10[R1-GigabitEthernet0/0/0.10]arpbroadcastenable[R1-GigabitEthernet0/0/0.10]ipaddress192.168.1.25324[R1-GigabitEthernet0/0/0.10]vrrpvrid1virtual-ip192.168.1.254[R1-GigabitEthernet0/0/0.10]vrrpvrid1priority120[R1-GigabitEthernet0/0/0.10]vrrpvrid1preempt-modetimerdelay20[R1-GigabitEthernet0/0/0.10]quit[R1]interfaceGigabitEthernet0/0/0.20[R1-GigabitEthernet0/0/0.20]dot1qterminationvid20[R1-GigabitEthernet0/0/0.20]arpbroadcastenable[R1-GigabitEthernet0/0/0.20]ipaddress192.168.2.25224[R1-GigabitEthernet0/0/0.20]vrrpvrid2virtual-ip192.168.2.254[R1-GigabitEthernet0/0/0.20]quitVRRP实验4路由器上运行多组VRRP实现负载分担R2的配置如下:[R2]interfaceGigabitEthernet0/0/0.10[R2-GigabitEthernet0/0/0.10]dot1qterminationvid10[R2-GigabitEthernet0/0/0.10]arpbroadcastenable[R2-GigabitEthernet0/0/0.10]ipaddress192.168.1.25224[R2-GigabitEthernet0/0/0.10]vrrpvrid1virtual-ip192.168.1.254[R2-GigabitEthernet0/0/0.10]quit[R2]interfaceGigabitEthernet0/0/0.20[R2-GigabitEthernet0/0/0.20]dot1qterminationvid20[R2-GigabitEthernet0/0/0.20]arpbroadcastenable[R2-GigabitEthernet0/0/0.20]ipaddress192.168.2.25324[R2-GigabitEthernet0/0/0.20]vrrpvrid2virtual-ip192.168.2.254[R2-GigabitEthernet0/0/0.20]vrrpvrid2priority120[R2-GigabitEthernet0/0/0.20]vrrpvrid2preempt-modetimerdelay20[R2-GigabitEthernet0/0/0.20]quitVRRP实验5三层交换机上跑VRRPSW1interfacevlanif10192.168.10.253/24vrrpvrid1Master192.168.10.1/24网关192.168.10.254SW2interfacevlanif10192.168.10.252/24vrrpvrid1BackupTrunkTrunkG0/0/22G0/0/23G0/0/22G0/0/23G0/0/1VRRPSW3VRRP实验5三层交换机上跑VRRP(SW1)[SW1]vlan10[SW1-vlan10]quit[SW1]interfaceGigabitEthernet0/0/22[SW1-GigabitEthernet0/0/22]portlink-typetrunk[SW1-GigabitEthernet0/0/22]porttrunkallow-passvlan10[SW1-GigabitEthernet0/0/22]quit[SW1]interfacevlanif10[SW1-vlanif10]ipaddress192.168.10.25324[SW1-vlanif10]vrrpvrid1virtual-ip192.168.10.254[SW1-vlanif10]vrrpvrid1priority120[SW1-vlanif10]vrrpvrid1preempt-modetimerdelay20VRRP实验5三层交换机上跑VRRP(SW2)[SW2]vlan10[SW2-vlan10]quit[SW2]interfaceGigabitEthernet0/0/23[SW2-GigabitEthernet0/0/23]portlink-typetrunk[SW2-GigabitEthernet0/0/23]porttrunkallow-passvlan10[SW2-GigabitEthernet0/0/23]quit[SW2]interfacevlanif10[SW2-vlanif10]ipaddress192.168.10.25224[SW2-vlanif10]vrrpvrid1virtual-ip192.168.10.254VRRP实验5思考:三层交换机上多组VRRPSW1interfacevlanif10192.168.10.253/24vrrpvrid1MasterPC1(VLAN10)192.168.10.1/24网关192.168.10.254SW2interfacevlanif10192.168.10.252/24vrrpvrid1BackupTrunkTrunkG0/0/22G0/0/23G0/0/22G0/0/23G0/0/1VRRPSW3interfacevlanif20192.168.20.252/24vrrpvrid2Backupinterfacevlanif20192.168.20.253/24vrrpvrid2MasterPC2(VLAN20)192.168.20.1/24网关192.168.20.254G0/0/2VRRP实验6VRRP+MSTP典型组网Gi0/0/22Gi0/0/23Gi0/0/24Gi0/0/24SW1SW2SW3Instance1vlan1020PrimaryInstance2vlan3040SecondaryInstance1vlan1020SecondaryInstance2vlan3040PrimaryVrid1forInstance1MasterVrid2forInstance2SlaveVrid1forInstance1SlaveVrid2forInstance2MasterGi0/0/22Gi0/0/23VRRP实验6VRRP+MSTP典型组网(SW1的配置)vlanbatch10203040stpmodemstpstpregion-configurationregion-namehuaweiinstance1vlan1020instance2vlan3040activeregion-configurationquitstpinstance1priority0stpinstance2priority4096stpenable!interfaceGigabitEthernet0/0/24portlink-typetrunkporttrunkallow-passallinterfaceGigabitEthernet0/0/22portlink-typetrunkporttrunkallow-passallinterfaceVlanif10ipaddress192.168.10.253255.255.255.0vrrpvrid10virtual-ip192.168.10.254vrrpvrid10priority120vrrpvrid10preempt-modetimerdelay20interfaceVlanif20ipaddress192.168.20.253255.255.255.0vrrpvrid20virtual-ip192.168.20.254vrrpvrid20priority120vrrpvrid20preempt-modetimerdelay20interfaceVlanif30ipaddress192.168.30.252255.255.255.0vrrpvrid30virtual-ip192.168.30.254interfaceVlanif40ipaddress192.168.40.252255.255.255.0vrrpvrid40virtual-ip192.168.40.254VRRP实验6VRRP+MSTP典型组网(SW2的配置)vlanbatch10203040stpmodemstpstpregion-configurationregion-namehuaweiinstance1vlan1020instance2vlan3040activeregion-configurationquitstpinstance1priority4096stpinstance2priority0stpenable!interfaceGigabitEthernet0/0/24portlink-typetrunkporttrunkallow-passallinterfaceGigabitEthernet0/0/22portlink-typetrunkporttrunkallow-passallinterfaceVlanif10ipaddress192.168.10.252255.255.255.0vrrpvrid10virtual-ip192.168.10.254interfaceVlanif20ipaddress192.168.20.252255.255.255.0vrrpvrid20virtual-ip192.168.20.254interfaceVlanif30ipaddress192.168.30.253255.255.255.0vrrpvrid30virtual-ip192.168.30.254vrrpvrid30priority120vrrpvrid30preempt-modetimerdelay20interfaceVlanif40ipaddress192.168.40.253255.255.255.0vrrpvrid40virtual-ip192.168.40.254vrrpvrid40priority120vrrpvrid40preempt-modetimerdelay20VRRP实验6VRRP+MSTP典型组网(SW3的配置)vlanbatch10203040stpmodemstpstpregion-configurationregion-namehuaweiinstance1vlan1020instance2vlan3040activeregion-configurationquitstpinstance1priority32768stpinstance2priority32768stpenable!interfaceGigabitEthernet0/0/24portlink-typetrunkporttrunkallow-passallinterfaceGigabitEthernet0/0/22portlink-typetrunkporttrunkallow-passall第1章VRRP工作原理第2章VRRP的基本配置第3章VRRP常见问题课程内容问题一VRRP出现双主R1R2GE0/0/0GE0/0/0VRRP由于VRRP协议报文是组播数据包,这就限制了VRRP的成员接口必须处于一个LAN或者说一个广播域内,否则VRRP报文将无法正常收发,这时就会出现双主故障。在上图中,二层交换机就构成了一个二层组播环境,也就R1、R2的GE0/0/0口处于一个广播域内,那么VRRP组播数据包的收发就没有问题。但是如果二层交换机连接R1、R2的这两个接口被划分到了两个不同的VLAN,那么就会出现双主故障。问题一VRRP出现双主上述两种组网,建议使用动态路由对接。VRRPVRRP问题二交换机与路由器VRRP的区别图A中,两台路由器与交换机相连的端口启用VRRP,交换机做二层透传,当图中所示链路中断时,主路由器的VRRP状态切换为initialize,备路由器的VRRP状态切换为Master;图B中,上面两台交换机与下面两台交换机相连端口所属vlan的vlanif启用VRRP,下面两台交换机做二层透传,主备交换机之间允许透传对应vlan,当图中所示链路中断时,主交换机的端口状态切换为down,但该端口所属vlan的vlanif状态仍然是up,原因是主备交换机之间的链路允许该vlan通过,只要交换机上仍然有端口属于该vlan,则vlanif的状态不改变,该vlanif下的vrrp状态也不改变。问题三故障主设备修复后加入网络业务中断某些场景下,主设备出现故障,修复重启时发现原先正常的业务中断了,该现象多发生在93/65/85等框式交换机。原因
分析
定性数据统计分析pdf销售业绩分析模板建筑结构震害分析销售进度分析表京东商城竞争战略分析
:框式交换机的重启过程需要加载单板,单板的加载是有顺序的,首先加载主备主控板,接下来是业务板,当一块业务板加载成功之后,存在vlanif的vrrp状态正常,而其他连接业务的单板还没有加载完成的现象。如果VRRP的抢占功能开启,并且没有设置抢占等待时间,未重启完毕的交换机也会将VRRP的状态切换为主,此时业务就会中断。解决办法:配置VRRP的抢占等待时间,通常配置180S,命令如下:vrrpvrid1preempt-modetimerdelay180问题四同一个广播域内VRRP组ID冲突vrrpvrid1vrrpvrid1如图中所示,路由器与交换机之间通过vrrp的方式对接,但vrrp的vrid设置为一样,vrrp通过vrid来区分不同的vrrp组,如出现上图这类情况就会造成vrrp的计算混乱,所以同一个广播域内vrid必须不同。
浙公网安备 33021202002483