实验拓扑图
实验准备
- PC1配置
- 交换机配置
<Huawei>sy
[Huawei]sy sw1
[sw1]int g0/0/1
[sw1-GigabitEthernet0/0/1]stp ed //tab键补全命令
[sw1-GigabitEthernet0/0/1]stp edged-port enable //启用边缘接口
[sw1-GigabitEthernet0/0/1]int g0/0/2
[sw1-GigabitEthernet0/0/2]stp ed
[sw1-GigabitEthernet0/0/2]stp edged-port e
[sw1-GigabitEthernet0/0/2]stp edged-port enable
[sw1-GigabitEthernet0/0/2]int g0/0/3
[sw1-GigabitEthernet0/0/3]stp ed
[sw1-GigabitEthernet0/0/3]stp edged-port enable
- 路由器配置
AR1:
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy r1
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]ip addr 192.168.1.251 24
[r1-GigabitEthernet0/0/0]
[r1-GigabitEthernet0/0/0]int g0/0/1
[r1-GigabitEthernet0/0/1]ip addr 10.1.13.1 24
[r1-GigabitEthernet0/0/1]
AR2:
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy r2
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]ip addr 192.168.1.252 24
[r2-GigabitEthernet0/0/0]
[r2-GigabitEthernet0/0/0]int g0/0/1
[r2-GigabitEthernet0/0/1]ip addr 10.1.23.2 24
[r2-GigabitEthernet0/0/1]
AR3:
<Huawei>sy
Enter system view, return user view with Ctrl+Z.
[Huawei]sy r3
[r3]int loo0
[r3-LoopBack0]ip addr 100.1.1.1 32
[r3-LoopBack0]
[r3-LoopBack0]int g0/0/0
[r3-GigabitEthernet0/0/0]ip addr 10.1.13.3 24
[r3-GigabitEthernet0/0/0]
[r3-GigabitEthernet0/0/0]int g0/0/1
[r3-GigabitEthernet0/0/1]ip addr 10.1.23.3 24
[r3-GigabitEthernet0/0/1]
- 配置完接口后获取动态路由
AR1:
[r1]ospf 1 r 1.1.1.1
[r1-ospf-1]area 0
[r1-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
[r1-ospf-1-area-0.0.0.0]q
[r1-ospf-1]silent-int
[r1-ospf-1]silent-interface g0/0/0
[r1-ospf-1]q
[r1]
AR2:
[r2]ospf 1 r 2.2.2.2
[r2-ospf-1]area 0
[r2-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
[r2-ospf-1-area-0.0.0.0]q
[r2-ospf-1]silent-int
[r2-ospf-1]silent-interface g0/0/0
[r2-ospf-1]q
[r2]
AR3:
[r3]ospf 1 r 3.3.3.3
[r3-ospf-1]area 0
[r3-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
[r3-ospf-1-area-0.0.0.0]q
- PC1访问AR3
实验背景
关闭AR1的接口:
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]shutdown
PC1无法访问AR3:
由拓扑图可见,PC1在AR1关闭接口后,并没有与选择经过AR2来与AR3通信。在没有设置VRRP的情况下需要用户手动改变网关。
设置VRRP
设置备份路由组
AR1:
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.254 //vrid是备份组
//virtual-ip是虚拟IP
[r1-GigabitEthernet0/0/0]
[r1-GigabitEthernet0/0/0]dis vrrp
GigabitEthernet0/0/0 | Virtual Router 1 //备份组编号
State : Master //备份组状态:主用路由
Virtual IP : 192.168.1.254 //虚拟IP
Master IP : 192.168.1.251
PriorityRun : 100 //优先级默认100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2020-07-29 17:28:04 UTC-08:00
Last change time : 2020-07-29 17:28:07 UTC-08:00
[r1-GigabitEthernet0/0/0]
[r1-GigabitEthernet0/0/0]vrrp vrid 1 pri
[r1-GigabitEthernet0/0/0]vrrp vrid 1 priority 120 //修改该接口在备份组中的优先级(高为优先)
[r1-GigabitEthernet0/0/0]dis vrrp
GigabitEthernet0/0/0 | Virtual Router 1
State : Master
Virtual IP : 192.168.1.254
Master IP : 192.168.1.251
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2020-07-29 17:28:04 UTC-08:00
Last change time : 2020-07-29 17:28:07 UTC-08:00
[r1-GigabitEthernet0/0/0]
AR2:
[r2]int g0/0/0
[r2-GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.1.254 //使用同一个备份组
[r2-GigabitEthernet0/0/0]
[r2-GigabitEthernet0/0/0]dis vrrp
GigabitEthernet0/0/0 | Virtual Router 1
State : Backup //备份组状态:备用
Virtual IP : 192.168.1.254
Master IP : 192.168.1.251
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2020-07-29 17:38:00 UTC-08:00
Last change time : 2020-07-29 17:38:00 UTC-08:00
[r2-GigabitEthernet0/0/0]
PC1中修改网关:
PC1持续pingAR3,现在由于AR1优先级高(数据优先经过AR1),所以关闭AR1的g0/0/0接口来模拟故障情景:
[r1-GigabitEthernet0/0/0]shutdown
此时PC1连通AR3的情况:
可见关闭接口后丢了几个数据包,但是依旧能连通AR3,原因是设置了备份,在数据包无法到达AR1的情况下,PC1自动选择AR2继续传输数据。
此时把AR1的g0/0/0接口打开
[r1-GigabitEthernet0/0/0]undo shutdown
由于设置AR1的VRRP备份优先级是120,高于AR2默认的优先级100,所以接口开放后PC1优先选择AR1来进行数据传输,丢包发生在切换路由后。
由于AR2优先级低,所以此时关闭AR2的接口并不会引起切换路由而丢包情况。
丢包的原因在下面抢占中解释。
设置备份组计时器
当主用路由无法使用后,设置备份路由启用时间(默认1s)
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]vrrp vrid 1 timer adver
[r1-GigabitEthernet0/0/0]vrrp vrid 1 timer advertise 5 //设置响应时间,5s后切换备份路由
[r1-GigabitEthernet0/0/0]dis vrrp
GigabitEthernet0/0/0 | Virtual Router 1
State : Master
Virtual IP : 192.168.1.254
Master IP : 192.168.1.251
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 5 s
TimerConfig : 5 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2020-07-29 17:28:04 UTC-08:00
Last change time : 2020-07-29 17:44:53 UTC-08:00
设置抢占延迟:
如AR1故障后恢复,会出现丢包。原因是AR1恢复后需要时间重新收集路由表,此时如果立刻抢占成为主用路由,但是路由表还没有收集到数据包需要的路径,就会丢弃数据包。
[r1]int g0/0/0
[r1-GigabitEthernet0/0/0]vrrp vrid 1 pre
[r1-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode tim
[r1-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer d
[r1-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer delay ?
INTEGER<0-3600> Value of timer, in seconds(default is 0) //默认0s后进行抢占
[r1-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer delay 60 //设置60s后进行抢占
[r1-GigabitEthernet0/0/0]
或者关闭抢占功能:
[r1-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode disable
联动功能:
当AR1的g0/0/1接口故障(或者AR3的g0/0/0接口故障)时,数据无法发送到AR3,但是AR1仍在正常运行,此时由于AR1和AR2的g0/0/0接口都在备份组里,但这两个接口都没有故障,所以没有进行抢占,维持故障状态。
这时需要让AR1的g0/0/0接口监视g0/0/1接口的连通性:
[r1-GigabitEthernet0/0/0]vrrp vrid 1 track ? //track指监视
bfd-session Specify BFD session
interface Interface information //接口信息
ip Specify IP protocol
nqa Specify NQA test class
[r1-GigabitEthernet0/0/0]vrrp vrid 1 track int
[r1-GigabitEthernet0/0/0]vrrp vrid 1 track interface g0/0/1 ? //指定监视接口g0/0/1
increased Increase priority //提高优先级
reduced Reduce priority //降低优先级
<cr> Please press ENTER to execute command
[r1-GigabitEthernet0/0/0]vrrp vrid 1 track interface g0/0/1 reduce 30
//当接口出现连通性问题时降低该路由在备份组中的优先级,使备份路由抢占从而维持数据传输
[r1-GigabitEthernet0/0/0]
[r1-GigabitEthernet0/0/0]
关闭AR1的g0/0/1接口:
[r1-GigabitEthernet0/0/1]shutdown
[r1-GigabitEthernet0/0/1]
[r1-GigabitEthernet0/0/1]dis vrrp
GigabitEthernet0/0/0 | Virtual Router 1
State : Backup //此时作为了备用路由
Virtual IP : 192.168.1.254
Master IP : 192.168.1.252
PriorityRun : 90 //监视到g0/0/1发生故障后主动降低了优先级
PriorityConfig : 120
MasterPriority : 100
Preempt : YES Delay Time : 60 s
TimerRun : 1 s
TimerConfig : 5 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet0/0/1 Priority reduced : 30
IF state : DOWN
Create time : 2020-07-29 17:28:04 UTC-08:00
Last change time : 2020-07-29 18:23:16 UTC-08:00
[r1-GigabitEthernet0/0/1]
此时AR2:
[r2-GigabitEthernet0/0/0]dis vrrp
GigabitEthernet0/0/0 | Virtual Router 1
State : Master //由于AR1降低了自身优先级,所以AR2现在是主用路由
Virtual IP : 192.168.1.254
Master IP : 192.168.1.252
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2020-07-29 17:38:00 UTC-08:00
Last change time : 2020-07-29 18:23:16 UTC-08:00
[r2-GigabitEthernet0/0/0]