VRRP虚拟路由器冗余技术学习与实验
1:VRRP技术简述
上图是网络经典故障中的单点故障,网关路由器的故障影响了整个网段的主机,通过使用VRRP的方法可以有效解决上述问题。VRRP是虚拟路由器冗余协议,通过把几台路由设备联合组成一台虚拟的路由设备,将虚拟路由设备的IP地址作为用户的默认网关实现与外部网络通信。当网关设备发生故障时,VRRP能够选举新的网关设备承担数据流量,从而保障网络的可靠性,保障网络不中断,在实现多个真实网关的冗余备份的同时完成了数据转发的负载均衡。
2:VRRP组成员及选举规则
主路由器:Master →负责承担数据报文转发任务
备份路由器:Backup →负责监控主路由器状态
虚拟路由器 :Virtual → 又称VRRP备份组,作为局域网中主机的默认网关
VRRP主备选举原则:
首先比较优先级,优先级大的为master
如果优先级一致,其次比较ip地址,IP地址大的为master
3:VRRP工作过程
1)VRRP备份组中的设备根据优先级选举出”Master-主路由器“
2)“Master-主路由器”发送“免费ARP报文”,将虚拟MAC地址通知给与它连接的设备,承担数据转发任务
3)“Master-主路由器”周期性发送VRRP通告报文(三层心跳报文)
4)通告报文发送的周期时间:默认情况下是1秒
5)通告报文发送的目的地址是组播地址:224.0.0.18
6)“Backup-备份路由器”监控“主路由器”状态,在3倍的"发送周期"后,如果无法收到“主路由器”发送的VRRP 通告报文,备份路由器升级为“新的Master-主路由器”,新的Master-路由器会立即发送免费ARP报文,刷新与它连接设备中的MAC表项,从而把用户流量引到新的Master设备上来。
7)“原Master”设备故障恢复时,首先切换至Backup状态:
&:如果“原Master”已开启抢占模式,并且对比优先级,发现自己的优先级高,则主动将自己切换成Master。
&:如果”原Master“没有开启抢占模式,即便优先级高,也不会进行抢占,依然保持Backup状态
4:VRRP负载分担综合实验
实验需求:
1)PC1属于vlan10 ,PC2属于vlan20
2)vlan10的主网关是SW1,备份网关是SW2,vlan10的数据流量默认由SW1转发
3)vlan20的主网关是SW2,备份网关是SW1,vlan20的数据流量默认由SW2转发
4)SW1和SW2部署MSTP和VRRP,既要实现负载分担,又要互为备份
配置步骤:
第一步:配置PC和server的IP地址,掩码,网关
第二步:配置SW3交换机
1)创建vlan
2)配置MSTP
第三步:配置SW1和SW2
1)创建vlan,配置vlanif
2)配置VRRP,MSTP
第四步:SW1/SW2/R3配置静态路由
第五步:验证VRRP
详细配置命令:
第一步:配置PC和server的IP地址,掩码,网关
第二步:在sw3交换机
SW3配置:
[SW3]vlan batch 10 20
[SW3]int g0/0/1
[SW3-GigabitEthernet0/0/1]port link-type access
[SW3-GigabitEthernet0/0/1]port default vlan 10
[SW3-GigabitEthernet0/0/1]int g0/0/2
[SW3-GigabitEthernet0/0/2]port link-type access
[SW3-GigabitEthernet0/0/2]port default vlan 20
[SW3-GigabitEthernet0/0/2]quit
[SW3]port-group group-member g0/0/3 g0/0/4
[SW3-port-group]port link-type trunk
[SW3-port-group]port trunk allow-pass vlan all
[SW3-port-group]quit
[SW3]stp region-configuration
[SW3-mst-region] region-name vrrptest
[SW3-mst-region] instance 10 vlan 10
[SW3-mst-region] instance 20 vlan 20
[SW3-mst-region] active region-configuration
第三步:SW1和SW2配置VRRP和MSTP和静态路由
SW1配置:
[SW1]vlan batch 10 20
[SW1]int g0/0/2
[SW1-GigabitEthernet0/0/2]port link-type trunk
[SW1-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW1-GigabitEthernet0/0/2]qui
[SW1]vlan batch 13
[SW1]int vlanif 10
[SW1-Vlanif10]ip address 192.168.10.251 24
[SW1-Vlanif10]int vlanif 20
[SW1-Vlanif20]ip address 192.168.20.251 24
[SW1-Vlanif20]int vlanif 13
[SW1-Vlanif13]ip address 192.168.13.1 24
[SW1-Vlanif13]quit
[SW1]int vlanif10
[SW1-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[SW1-Vlanif10]vrrp vrid 10 priority 130
[SW1-Vlanif10]vrrp vrid 10 track int g0/0/1 reduced 50 //设置上行链路追踪
[SW1-Vlanif10]vrrp vrid 10 authentication-mode md5 123456 //开启认证
[SW1-Vlanif10]int vlanif 20
[SW1-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[SW1-Vlanif20]vrrp vrid 20 authentication-mode md5 123456
[SW1-Vlanif20]quit
[SW1]int g0/0/1
[SW1-GigabitEthernet0/0/1]port link-type access
[SW1-GigabitEthernet0/0/1]port default vlan 13
[SW1-GigabitEthernet0/0/1]quit
[SW1]ip route-static 192.168.2.0 24 192.168.13.3
[SW1]stp region-configuration //配置MSTP
[SW1-mst-region]region-name vrrptest
[SW1-mst-region]instance 10 vlan 10
[SW1-mst-region]instance 20 vlan 20
[SW1-mst-region]active region-configuration
[SW1-mst-region]quit
[SW1]stp instance 10 priority 4096 //让SW1成为vlan10的主根
[SW1]stp instance 20 priority 8192 //让SW1成为vlan20的备根
[SW1]int g0/0/24
[SW1-GigabitEthernet0/0/24]port link-type trunk
[SW1-GigabitEthernet0/0/24]port trunk allow-pass vlan all
SW2的配置:
[SW2]vlan batch 10 20 23
[SW2]int g0/0/2
[SW2-GigabitEthernet0/0/2]port link-type trunk
[SW2-GigabitEthernet0/0/2]port trunk allow-pass vlan all
[SW2-GigabitEthernet0/0/2]quit
[SW2]int vlanif 10
[SW2-Vlanif10]ip address 192.168.10.252 24
[SW2-Vlanif10]vrrp vrid 10 virtual-ip 192.168.10.254
[SW2-Vlanif10]vrrp vrid 10 authentication-mode md5 123456
[SW2-Vlanif10]int vlanif20
[SW2-Vlanif20]ip address 192.168.20.252 24
[SW2-Vlanif20]vrrp vrid 20 virtual-ip 192.168.20.254
[SW2-Vlanif20]vrrp vrid 20 priority 130
[SW2-Vlanif20]vrrp vrid 20 track int g0/0/1 reduced 50
[SW2-Vlanif20]vrrp vrid 20 authentication-mode md5 123456
[SW2-Vlanif20]quit
[SW2]int vlanif 23
[SW2-Vlanif23]ip address 192.168.23.1 24
[SW2-Vlanif23]int g0/0/1
[SW2-GigabitEthernet0/0/1]port link-type access
[SW2-GigabitEthernet0/0/1]port default vlan 23
[SW2-GigabitEthernet0/0/1]quit
[SW2]ip route-static 192.168.2.0 24 192.168.23.3
[SW2]stp region-configuration
[SW2-mst-region] region-name vrrptest
[SW2-mst-region] instance 10 vlan 10
[SW2-mst-region] instance 20 vlan 20
[SW2-mst-region] active region-configuration
[SW2-mst-region]quit
[SW2]stp instance 10 priority 8192
[SW2]stp instance 20 priority 4096
[SW2]int g0/0/24
[SW2-GigabitEthernet0/0/24]port link-type trunk
[SW2-GigabitEthernet0/0/24]port trunk allow-pass vlan all
第四步:R3配置静态路由
R1的配置:
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.2.254 24
[R1-GigabitEthernet0/0/0]int g0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.13.3 24
[R1-GigabitEthernet0/0/1]int g0/0/2
[R1-GigabitEthernet0/0/2]ip address 192.168.23.3 24
[R1-GigabitEthernet0/0/2]quit
[R1]ip route-static 192.168.10.0 24 192.168.13.1
[R1]ip route-static 192.168.10.0 24 192.168.23.1 preference 70
[R1]ip route-static 192.168.20.0 24 192.168.23.1
[R1]ip route-static 192.168.20.0 24 192.168.13.1 preference 70
第五步:验证VRRP
PC1 ping server1 验证连通性
PC1 tracert server1 验证数据转发路径
PC2 ping server1 验证连通性
PC2 tracert server1 验证数据转发路径VRRP实验拓扑实现 提取码:c9mn