码迷,mamicode.com
首页 > 其他好文 > 详细

假装网络工程师6——vrrp使用场景介绍

时间:2019-12-03 10:31:45      阅读:154      评论:0      收藏:0      [点我收藏+]

标签:eve   sys   组播   down   pass   反向代理   命令   use   之间   

一、背景介绍

vrrp作为一种常见的虚拟路由冗余协议,工作在应用层,协议号为112,该协议普遍用于各种生产环境中,其工作原理是隐藏多个实际提供服务的网元地址,取而代之使用一个虚拟的地址进行反向代理,所有终端指向反向代理地址,这样即使一台或多台网元故障,反向代理地址依然生效,网元之间通过一个特定的组播地址进行通信
技术图片
本章就以2个网元对外提供统一网关地址为例,介绍vrrp的使用。

二、实验拓扑

技术图片

  1. PC1和PC2属于vlan和vlan20,SW3为接入层交换机,SW1和SW2是三层交换机与二层交换机SW3之间通过trunk相连
  2. 3个SW之间使用MSTP,且SW2为instance1的主根,instance2的备根,SW1正好相反
    技术图片
  3. vlan10跟vlan20的网关地址位于2台三层交换机的svi接口,是一个反向代理地址,且互为主备

    三、配置文件

    SW1的配置文件

    [SW1]display current-configuration 
    #
    sysname SW1
    #
    undo info-center enable
    #
    vlan batch 10 20
    #
    stp instance 1 root secondary
    stp instance 2 root primary
    #
    cluster enable
    ntdp enable
    ndp enable
    #
    drop illegal-mac alarm
    #
    diffserv domain default
    #
    stp region-configuration
    region-name hw
    revision-level 1
    instance 1 vlan 10
    instance 2 vlan 20
    active region-configuration
    #
    drop-profile default
    #
    aaa
    authentication-scheme default
    authorization-scheme default
    accounting-scheme default
    domain default
    domain default_admin
    local-user admin password simple admin
    local-user admin service-type http
    #
    interface Vlanif1
    #
    interface Vlanif10
    ip address 192.168.10.2 255.255.255.0
    vrrp vrid 1 virtual-ip 192.168.10.254
    #
    interface Vlanif20
    ip address 192.168.20.2 255.255.255.0
    vrrp vrid 2 virtual-ip 192.168.20.254
    vrrp vrid 2 priority 150
    #
    interface MEth0/0/1
    #
    interface Ethernet0/0/1
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20
    #
    interface Ethernet0/0/2
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20

    SW2的配置文件

    [SW2]display current-configuration 
    #
    sysname SW2
    #
    undo info-center enable
    #
    vlan batch 10 20
    #
    stp instance 1 root primary
    stp instance 2 root secondary
    #
    cluster enable
    ntdp enable
    ndp enable
    #
    drop illegal-mac alarm
    #
    diffserv domain default
    #
    stp region-configuration
    region-name hw
    revision-level 1
    instance 1 vlan 10
    instance 2 vlan 20
    active region-configuration
    #
    drop-profile default
    #
    aaa
    authentication-scheme default
    authorization-scheme default
    accounting-scheme default
    domain default
    domain default_admin
    local-user admin password simple admin
    local-user admin service-type http
    #
    interface Vlanif1
    #
    interface Vlanif10
    ip address 192.168.10.1 255.255.255.0
    vrrp vrid 1 virtual-ip 192.168.10.254
    vrrp vrid 1 priority 150
    #
    interface Vlanif20
    ip address 192.168.20.1 255.255.255.0
    vrrp vrid 2 virtual-ip 192.168.20.254
    #
    interface MEth0/0/1
    #
    interface Ethernet0/0/1
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20
    #
    interface Ethernet0/0/2
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20

    SW3的配置文件

    [SW3]display current-configuration 
    #
    sysname SW3
    #
    undo info-center enable
    #
    vlan batch 10 20
    #
    cluster enable
    ntdp enable
    ndp enable
    #
    drop illegal-mac alarm
    #
    diffserv domain default
    #
    stp region-configuration
    region-name hw
    revision-level 1
    instance 1 vlan 10
    instance 2 vlan 20
    active region-configuration
    #
    drop-profile default
    #
    aaa
    authentication-scheme default
    authorization-scheme default
    accounting-scheme default
    domain default
    domain default_admin
    local-user admin password simple admin
    local-user admin service-type http
    #
    interface Vlanif1
    #
    interface MEth0/0/1
    #
    interface Ethernet0/0/1
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20
    #
    interface Ethernet0/0/2
    port link-type trunk
    undo port trunk allow-pass vlan 1
    port trunk allow-pass vlan 10 20
    #
    interface Ethernet0/0/3
    port link-type access
    port default vlan 10
    stp edged-port enable
    #
    interface Ethernet0/0/4
    port link-type access
    port default vlan 20
    stp edged-port enable

    此时在SW1的e0/0/1口抓包,SW2的vlanif10正常时,PC1去ping网关流量不会经过该端口,当将SW2的vlanif10端口shutdown,再使用PC1去ping网关在该端口上就能抓到流量

    四、注意事项

  4. vrrp是应用层协议,所以配置时必须在三层以上设备的接口进行配置
  5. vrrp主网关多与mstp根桥保持一致,以本案为例,SW2是MSTP instance1的根桥,所以vlan10的网关优先选取SW2,原因就是instance1此时在SW3上的e0/0/2接口是阻塞状态,SW1同样道理
  6. 还可以在端口故障时设置自动降低优先级,该命令使用时默认端口故障条件成立
    [SW2-Vlanif10]vrrp vrid 10 track interface Vlanif 10 ?
    increased  Increase priority
    reduced    Reduce priority
    <cr>       

假装网络工程师6——vrrp使用场景介绍

标签:eve   sys   组播   down   pass   反向代理   命令   use   之间   

原文地址:https://blog.51cto.com/arkling/2455547

(0)
(0)
   
举报
评论 一句话评论(0
登录后才能评论!
© 2014 mamicode.com 版权所有  联系我们:gaon5@hotmail.com
迷上了代码!