假装网络工程师6——vrrp使用场景介绍

标签：eve   sys   组播   down   pass   反向代理   命令   use   之间   

vrrp作为一种常见的虚拟路由冗余协议，工作在应用层，协议号为112，该协议普遍用于各种生产环境中，其工作原理是隐藏多个实际提供服务的网元地址，取而代之使用一个虚拟的地址进行反向代理，所有终端指向反向代理地址，这样即使一台或多台网元故障，反向代理地址依然生效，网元之间通过一个特定的组播地址进行通信

本章就以2个网元对外提供统一网关地址为例，介绍vrrp的使用。

二、实验拓扑

1. PC1和PC2属于vlan和vlan20，SW3为接入层交换机，SW1和SW2是三层交换机与二层交换机SW3之间通过trunk相连
2. 3个SW之间使用MSTP，且SW2为instance1的主根，instance2的备根，SW1正好相反
   
3. vlan10跟vlan20的网关地址位于2台三层交换机的svi接口，是一个反向代理地址，且互为主备

   三、配置文件

   SW1的配置文件

   [SW1]display current-configuration 
   #
   sysname SW1
   #
   undo info-center enable
   #
   vlan batch 10 20
   #
   stp instance 1 root secondary
   stp instance 2 root primary
   #
   cluster enable
   ntdp enable
   ndp enable
   #
   drop illegal-mac alarm
   #
   diffserv domain default
   #
   stp region-configuration
   region-name hw
   revision-level 1
   instance 1 vlan 10
   instance 2 vlan 20
   active region-configuration
   #
   drop-profile default
   #
   aaa
   authentication-scheme default
   authorization-scheme default
   accounting-scheme default
   domain default
   domain default_admin
   local-user admin password simple admin
   local-user admin service-type http
   #
   interface Vlanif1
   #
   interface Vlanif10
   ip address 192.168.10.2 255.255.255.0
   vrrp vrid 1 virtual-ip 192.168.10.254
   #
   interface Vlanif20
   ip address 192.168.20.2 255.255.255.0
   vrrp vrid 2 virtual-ip 192.168.20.254
   vrrp vrid 2 priority 150
   #
   interface MEth0/0/1
   #
   interface Ethernet0/0/1
   port link-type trunk
   undo port trunk allow-pass vlan 1
   port trunk allow-pass vlan 10 20
   #
   interface Ethernet0/0/2
   port link-type trunk
   undo port trunk allow-pass vlan 1
   port trunk allow-pass vlan 10 20

   SW2的配置文件

   [SW2]display current-configuration 
   #
   sysname SW2
   #
   undo info-center enable
   #
   vlan batch 10 20
   #
   stp instance 1 root primary
   stp instance 2 root secondary
   #
   cluster enable
   ntdp enable
   ndp enable
   #
   drop illegal-mac alarm
   #
   diffserv domain default
   #
   stp region-configuration
   region-name hw
   revision-level 1
   instance 1 vlan 10
   instance 2 vlan 20
   active region-configuration
   #
   drop-profile default
   #
   aaa
   authentication-scheme default
   authorization-scheme default
   accounting-scheme default
   domain default
   domain default_admin
   local-user admin password simple admin
   local-user admin service-type http
   #
   interface Vlanif1
   #
   interface Vlanif10
   ip address 192.168.10.1 255.255.255.0
   vrrp vrid 1 virtual-ip 192.168.10.254
   vrrp vrid 1 priority 150
   #
   interface Vlanif20
   ip address 192.168.20.1 255.255.255.0
   vrrp vrid 2 virtual-ip 192.168.20.254
   #
   interface MEth0/0/1
   #
   interface Ethernet0/0/1
   port link-type trunk
   undo port trunk allow-pass vlan 1
   port trunk allow-pass vlan 10 20
   #
   interface Ethernet0/0/2
   port link-type trunk
   undo port trunk allow-pass vlan 1
   port trunk allow-pass vlan 10 20

   SW3的配置文件

   [SW3]display current-configuration 
   #
   sysname SW3
   #
   undo info-center enable
   #
   vlan batch 10 20
   #
   cluster enable
   ntdp enable
   ndp enable
   #
   drop illegal-mac alarm
   #
   diffserv domain default
   #
   stp region-configuration
   region-name hw
   revision-level 1
   instance 1 vlan 10
   instance 2 vlan 20
   active region-configuration
   #
   drop-profile default
   #
   aaa
   authentication-scheme default
   authorization-scheme default
   accounting-scheme default
   domain default
   domain default_admin
   local-user admin password simple admin
   local-user admin service-type http
   #
   interface Vlanif1
   #
   interface MEth0/0/1
   #
   interface Ethernet0/0/1
   port link-type trunk
   undo port trunk allow-pass vlan 1
   port trunk allow-pass vlan 10 20
   #
   interface Ethernet0/0/2
   port link-type trunk
   undo port trunk allow-pass vlan 1
   port trunk allow-pass vlan 10 20
   #
   interface Ethernet0/0/3
   port link-type access
   port default vlan 10
   stp edged-port enable
   #
   interface Ethernet0/0/4
   port link-type access
   port default vlan 20
   stp edged-port enable

   此时在SW1的e0/0/1口抓包，SW2的vlanif10正常时，PC1去ping网关流量不会经过该端口，当将SW2的vlanif10端口shutdown，再使用PC1去ping网关在该端口上就能抓到流量

   四、注意事项

4. vrrp是应用层协议，所以配置时必须在三层以上设备的接口进行配置
5. vrrp主网关多与mstp根桥保持一致，以本案为例，SW2是MSTP instance1的根桥，所以vlan10的网关优先选取SW2，原因就是instance1此时在SW3上的e0/0/2接口是阻塞状态，SW1同样道理
6. 还可以在端口故障时设置自动降低优先级，该命令使用时默认端口故障条件成立

   [SW2-Vlanif10]vrrp vrid 10 track interface Vlanif 10 ?
   increased  Increase priority
   reduced    Reduce priority
   <cr>       

假装网络工程师6——vrrp使用场景介绍

标签：eve   sys   组播   down   pass   反向代理   命令   use   之间   

原文地址：https://blog.51cto.com/arkling/2455547