VRRP协议简介与实例
一、前言
虚拟路由冗余协议(Virtual Router Redundancy Protocol,简称VRRP)是由IETF提出的解决局域网中配置静态网关出现单点失效现象的路由协议。
VRRP广泛应用在边缘网络中,它的设计目标是支持特定情况下IP数据流量失败转移不会引起混乱,允许主机使用单路由器,以及即使在实际第一跳路由器使用失败的情形下仍能够维护路由器间的连通性。
VRRP决定哪个路由器是Master,Master路由器负责接收发送至用户网关的数据包并进行转发,以及响应PC对于其网关IP的ARP请求。
Backup路由器侦听Master路由器的状态,并在Master路由器发生故障时,接替其工作,从而保证业务流量的平滑切换。
二、VRRP术语
- VRRP路由器
VRRP路由器是指运行VRRP的路由器,该路由器可以是一个或多虚拟路由器。 - 虚拟路由器
虚拟路由器是指由VRRP协议创建的,作为一个共享LAN内主机的缺省路由器。它由一个虚拟路由器标示符(VRID)和同一个LAN中的一组关联IP地址组成。一个VRRP路由器可以备份一个或多个虚拟路由器。 - 主虚拟路由器和备份虚拟路由器
①主虚拟路由器:该VRRP路由器将承担下列任务:转发那些寻址到与虚拟路由器关联的IP地址的数据包,应答对该IP地址的ARP请求。
② 备份虚拟路由器:一组可用的VRRP路由器,当主虚拟路由器失效后,将承担虚拟路由器的转发功能。 - VRRP备份组
将域中的一组路由器划分到一起称为一个备份组。既然是备份组,那么这个组中最少需要两台路由器,一台作为master另一台作为slaver。理论上最多可以有无限台路由器,但只能有一台master,其余的全部为slaver。 - 虚拟MAC地址
通过VRRP形成的虚拟路由器使用虚拟IP 地址和虚拟MAC与网络中的PC进行通信。
格式如下:最后一个字节的VRID表示虚拟路由器的ID的16进制,例如VRID是1,那么虚拟MAC地址就是00-00-5E-00-01-01
三、VRRP状态
VRRP定义 三种状态模型:
1、Initialize状态
初始状态都是Initialize,通过比较优先级后产生了Master和Backup。
2、Master状态
- 设置定时通告定时器;
- 用VRRP虚拟MAC地址响应路由器IP地址的ARP请求;
- 转发目的MAC是VRRP虚拟MAC的数据包;
- 如果是虚拟路由器IP的拥有者(接口实际IP地址为虚拟IP地址),将接受目的地址是虚拟路由器IP的数据包,否则丢弃;
- 当收到shutdown的事件时删除定时通告定时器,发送优先值级为0的通告包,转初始化状态;
- 如果定时通告定时器超时时,发送VRRP通告信息;收到VRRP通告信息时,如果优先值为0,发送VRRP通告信息。否则,判断数据的优先级是否高于本机,或相等而且实际IP地址大于本地实际IP,设置定时通告定时器,复位主机超时定时器,转BACKUP状态;否则的话,丢弃该通告包。
3、Backup状态
- 设置主机超时定时器;
- 不能响应针对虚拟路由器IP的ARP请求信息;
- 丢弃所有目的MAC地址是虚拟路由器MAC地址的数据包;
- 不接受目的是虚拟路由器IP的所有数据包;
- 当收到shutdown的事件时删除主机超时定时器,转初始化状态;
- 主机超时定时器超时的时候,发送VRRP通告信息,广播ARP地址信息,转MASTER状态;
- 收到VRRP通告信息时。如果优先值为0,表示进入与MASTER选举,否则判断数据的优先级是否高于本机,如果高的话承认MASTER有效,复位主机超时定时器;否则的话,丢弃该通告包。
四、VRRP的作用
VRRP提供了局域网上的设备备份机制。
VRRP是一种容错机制,它保证了当主机的下一条路由出现故障时,可以及时由另一台路由器来替代,从而保证通讯的连续性和可靠性。
Master报文:Master正常工作时,它会每隔一段时间(缺损值为1秒)向组内Backup设备发送VRRP报文,通告自己工作正常。
VRRP通告报文被封装在IP报文里,通过组播地址224.0.0.18发送,TTL为255,协议号为112。
五、实例
需求:
- 1、创建两个虚拟路由,一个以左侧交换机为Master,另一个以右侧交换机为Master
- 2、查看VRRP表
- 3、断掉左侧三层交换机的G0/0/2口后查看VRRP表,查看原备份理由是否称为Master
- 4、全网互通
1、配置PC机
2、各个设备基础配置
LSW6
The device is running!
<Huawei>
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]idle-timeout 0 0
[Huawei-ui-console0]q
[Huawei]vlan bat 10 20
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int e0/0/1
[Huawei-Ethernet0/0/1]port link-type access
[Huawei-Ethernet0/0/1]port default vlan 10
[Huawei-Ethernet0/0/1]int e0/0/2
[Huawei-Ethernet0/0/2]port link-type access
[Huawei-Ethernet0/0/2]port default vlan 20
[Huawei-Ethernet0/0/2]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type trunk
[Huawei-GigabitEthernet0/0/2]port trunk allow-pass vlan all
LSW4
The device is running!
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]idle-timeout 0 0
[Huawei-ui-console0]q
[Huawei]vlan bat 10 20 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlan 10
[Huawei-Vlanif10]ip add 192.168.10.10 24
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]ip add 192.168.20.10 24
[Huawei-Vlanif20]int vlan 100
[Huawei-Vlanif100]ip add 11.0.0.2 24
[Huawei-Vlanif100]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 100
LSW5
The device is running!
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]idle-timeout 0 0
[Huawei-ui-console0]q
[Huawei]vlan bat 10 20 100
Info: This operation may take a few seconds. Please wait for a moment...done.
[Huawei]int vlan 10
[Huawei-Vlanif10]ip add 192.168.10.20 24
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]ip add 192.168.20.20 24
[Huawei-Vlanif20]int vlan 100
[Huawei-Vlanif100]ip add 12.0.0.2 24
[Huawei-Vlanif100]int g0/0/1
[Huawei-GigabitEthernet0/0/1]port link-type trunk
[Huawei-GigabitEthernet0/0/1]port trunk allow-pass vlan all
[Huawei-GigabitEthernet0/0/1]int g0/0/2
[Huawei-GigabitEthernet0/0/2]port link-type access
[Huawei-GigabitEthernet0/0/2]port default vlan 100
R2
The device is running!
<Huawei>undo terminal monitor
Info: Current terminal monitor is off.
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]user-interface console 0
[Huawei-ui-console0]idle-timeout 0 0
[Huawei-ui-console0]int g0/0/0
[Huawei-GigabitEthernet0/0/0]ip add 11.0.0.1 24
[Huawei-GigabitEthernet0/0/0]int g0/0/1
[Huawei-GigabitEthernet0/0/1]ip add 12.0.0.1 24
[Huawei-GigabitEthernet0/0/1]int loop0
[Huawei-LoopBack0]ip add 10.0.0.1 24
[Huawei-LoopBack0]q
[Huawei]ip route-s 192.168.10.0 24 11.0.0.2
[Huawei]ip route-s 192.168.10.0 24 12.0.0.2 pre 70
[Huawei]ip route-s 192.168.20.0 24 11.0.0.2
[Huawei]ip route-s 192.168.20.0 24 12.0.0.2 pre 70
3、VRRP配置
LSW4
[Huawei-GigabitEthernet0/0/2]int vlan 10
[Huawei-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.1
[Huawei-Vlanif10]vrrp vrid 1 priority 120
[Huawei-Vlanif10]vrrp vrid 1 track interface g0/0/2 reduced 30
[Huawei-Vlanif10]int vlan 20
[Huawei-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.1
[Huawei-Vlanif20]vrrp vrid 2 priority 100
[Huawei-Vlanif20]q
LSW5
[Huawei-GigabitEthernet0/0/2]int vlan 20
[Huawei-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.1
[Huawei-Vlanif20]vrrp vrid 2 priority 120
[Huawei-Vlanif20]vrrp vrid 2 track interface g0/0/2 reduced 30
[Huawei-Vlanif20]int vlan 10
[Huawei-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.1
[Huawei-Vlanif10]vrrp vrid 1 priority 100
[Huawei-Vlanif10]q
4、OSPF配置
上面都完成的时候,PC1已经可以连上PC2,也能连上11.0.0.1/24,但是却连不上12.0.0.1/24和10.0.0.1/24;PC2也能连上PC1和12.0.0.1,但是却连不上11.0.0.1/24和10.0.0.1/24。
所以我们还得配置下OSPF。
LSW4
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 11.0.0.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]q
LSW5
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 192.168.10.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 192.168.20.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 12.0.0.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]q
R2
[Huawei]ospf 1
[Huawei-ospf-1]area 0
[Huawei-ospf-1-area-0.0.0.0]network 10.0.0.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 11.0.0.0 0.0.0.255
[Huawei-ospf-1-area-0.0.0.0]network 12.0.0.0 0.0.0.255
5、测试连通性
PC>ping 12.0.0.1
Ping 12.0.0.1: 32 data bytes, Press Ctrl_C to break
From 12.0.0.1: bytes=32 seq=1 ttl=254 time=47 ms
From 12.0.0.1: bytes=32 seq=2 ttl=254 time=62 ms
From 12.0.0.1: bytes=32 seq=3 ttl=254 time=79 ms
From 12.0.0.1: bytes=32 seq=4 ttl=254 time=62 ms
From 12.0.0.1: bytes=32 seq=5 ttl=254 time=63 ms
--- 12.0.0.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/62/79 ms
PC>ping 10.0.0.1
Ping 10.0.0.1: 32 data bytes, Press Ctrl_C to break
From 10.0.0.1: bytes=32 seq=1 ttl=254 time=62 ms
From 10.0.0.1: bytes=32 seq=2 ttl=254 time=47 ms
From 10.0.0.1: bytes=32 seq=3 ttl=254 time=63 ms
From 10.0.0.1: bytes=32 seq=4 ttl=254 time=62 ms
From 10.0.0.1: bytes=32 seq=5 ttl=254 time=47 ms
--- 10.0.0.1 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 47/56/63 ms
PC>ping 192.168.20.10
Ping 192.168.20.10: 32 data bytes, Press Ctrl_C to break
From 192.168.20.10: bytes=32 seq=1 ttl=255 time=47 ms
From 192.168.20.10: bytes=32 seq=2 ttl=255 time=31 ms
From 192.168.20.10: bytes=32 seq=3 ttl=255 time=31 ms
From 192.168.20.10: bytes=32 seq=4 ttl=255 time=32 ms
From 192.168.20.10: bytes=32 seq=5 ttl=255 time=31 ms
--- 192.168.20.10 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 31/34/47 ms
6、三层交换机的VRRP配置情况
LSW4
[Huawei]dis vrrp
Vlanif10 | Virtual Router 1
State : Master
Virtual IP : 192.168.10.1
Master IP : 192.168.10.10
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Track IF : GigabitEthernet0/0/2 Priority reduced : 30
IF state : UP
Create time : 2020-12-31 08:05:49 UTC-08:00
Last change time : 2020-12-31 08:52:51 UTC-08:00
Vlanif20 | Virtual Router 2
State : Backup
Virtual IP : 192.168.20.1
Master IP : 192.168.20.20
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Create time : 2020-12-31 08:07:26 UTC-08:00
Last change time : 2020-12-31 08:10:45 UTC-08:00
LSW5
[Huawei]dis vrrp
Vlanif10 | Virtual Router 1
State : Backup
Virtual IP : 192.168.10.1
Master IP : 192.168.10.10
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Create time : 2020-12-31 08:12:12 UTC-08:00
Last change time : 2020-12-31 08:52:51 UTC-08:00
Vlanif20 | Virtual Router 2
State : Master
Virtual IP : 192.168.20.1
Master IP : 192.168.20.20
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Track IF : GigabitEthernet0/0/2 Priority reduced : 30
IF state : UP
Create time : 2020-12-31 08:10:29 UTC-08:00
Last change time : 2020-12-31 08:10:45 UTC-08:00
7、断开LSW4的G0/0/2后VRRP配置情况
LSW4
[Huawei]dis vrrp
Vlanif10 | Virtual Router 1
State : Backup
Virtual IP : 192.168.10.1
Master IP : 192.168.10.20
PriorityRun : 90
PriorityConfig : 120
MasterPriority : 100
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Track IF : GigabitEthernet0/0/2 Priority reduced : 30
IF state : DOWN
Create time : 2020-12-31 08:05:49 UTC-08:00
Last change time : 2020-12-31 11:18:01 UTC-08:00
Vlanif20 | Virtual Router 2
State : Backup
Virtual IP : 192.168.20.1
Master IP : 192.168.20.20
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Create time : 2020-12-31 08:07:26 UTC-08:00
Last change time : 2020-12-31 08:10:45 UTC-08:00
LSW5
[Huawei]dis vrrp
Vlanif10 | Virtual Router 1
State : Master
Virtual IP : 192.168.10.1
Master IP : 192.168.10.20
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Create time : 2020-12-31 08:12:12 UTC-08:00
Last change time : 2020-12-31 11:18:01 UTC-08:00
Vlanif20 | Virtual Router 2
State : Master
Virtual IP : 192.168.20.1
Master IP : 192.168.20.20
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 0 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Config type : normal-vrrp
Track IF : GigabitEthernet0/0/2 Priority reduced : 30
IF state : UP
Create time : 2020-12-31 08:10:29 UTC-08:00
Last change time : 2020-12-31 08:10:45 UTC-08:00