分类: 系统运维
2012-04-28 19:28:23
当网络中某一网关设备出现故障,可能导致整个子网被隔离,为构建可靠的网络,可以实施冗余网关,即建立多个可靠的网关: 当一台活动网关设备出现故障,链路可以自动切换到备用网关上。常见的网关冗余有多种方式,如HSRP、GLBP、VRRP等,这些的目的一致,做法不 一,本文将讨论的是HSRP(热)。
HSRP是Cisco专用协议,它能让几台路由器使用冗余网关地址,目的是提高网络的可用性。
以下是为HSRP的实验环境拓扑:
图中右边为拥有冗余网关的子网VLAN200(10.200.1.0/24),其网关为10.200.1.1;
VLAN200通过二层交换机(本例是选用Cisco2950)同两台三层交换机(本例中选用Cisco3560G-24TS)直接相边接,此二台 Cisco3560交换机即为内部网络的网关(其中一台为活动网状,另一台为备份路由器),IP地址分别为SW2:10.200.1.2、 SW3:10.200.1.3;
对于网络内部而言,他们所知道的网关仅一个地址,即10.200.1.1,实际情况无需透明。
HSRP的所有冗余网关都分配到同一个HSRP组(Group),这个组的IP地址即为公司内部所知道的网关10.200.1.1,这两台Cisco3560与SW1相联接口地址分别为10.200.1.2,10.200.1.3。HSRP组IP地址配置命令为standbygroup ipip address
|
interface vlan 100 ip address 10.200.1.2 255.255.255.0 no shutdown standby 1 ip 10.200.1.1 !建立HSRP组1,配置IP地址为10.200.1.1 |
1. HSRP路由器的选举
HSPR选举基于优先级。HSRP的优先级为0-255,默认为100。当路由器的优先级相同时,HSRP接口IP地址最高的三层交换机成为活动网关。本实验中如果SW2和SW3优先级相同,则SW3将成为活动网关,SW2为备用网关。
HSRP的优先级是可以配置的,命令为:standbygroupprioritypriority
若要使SW2为活动网关,则可输入命令:
SW2(config-if)#standby 1 priority 150
2. HSRP基本配置
(1)首先在三层交换机SW2、SW3上配置建立VLAN200并配置其IP地址
|
SW2(config)#interface vlan 200 SW2(config-if)#ip address 10.200.1.2 255.255.255.0 SW2(config-if)#no shutdown |
SW3(config)#interface vlan 200 SW3(config-if)#ip address 10.200.1.3 255.255.255.0 SW3(config-if)#no shutdown |
通过下面命令进行验证:
|
SW2#show ip interface brief Interface IP-Address OK? Method Status Protocol ……………… Vlan200 10.200.1.2 YES manual up up ……………… |
(2)将SW2、SW3与SW1相连接的接口 G0/24封装为中继模式
|
SW2(config)#interface gigabitEthernet 0/24 SW2(config-if)#switchport mode trunk SW2(config-if)# switchport trunk encapsulation dot1q |
(3)配置HSRP组地址,查看Debug信息
|
SW2(config)#interface vlan 200 SW2(config-if)#standby 1 ip 10.200.1.1 |
在SW3中也做同样的配置。
HSRP定时(默认为3秒)发送HELLO包监测网络状况。HSRP设备要成为活动状态要经历:禁用(Down)、初始化(Init)、监听(Listen)、发言(Speak)、备用(Standby)、活动(Active),在SW3上用debug standby命令查看HSRP所经历的状态:
|
SW3#06:19:53: HSRP: Vl200 API Software interface coming up 06:19:53: HSRP: Vl200 Interface UP 06:19:53: HSRP: Vl200 Starting minimum interface delay (1 secs) 06:19:54: HSRP: Vl200 Interface min delay expired 06:19:54: HSRP: Vl200 Grp 1 Init: a/HSRP enabled 06:19:54: HSRP: Vl200 Grp 1 Init -> Listen 06:19:54: HSRP: Vl200 Grp 1 Redundancy "hsrp-Vl200-1" state Init -> Backup 06:20:04: HSRP: Vl200 Grp 1 Listen: c/Active timer expired (unknown) 06:20:04: HSRP: Vl200 Grp 1 Listen -> Speak 06:20:04: HSRP: Vl200 Grp 1 Redundancy "hsrp-Vl200-1" state Backup -> Speak 06:20:04: HSRP: Vl200 Grp 1 Hello out 10.200.1.3 Speak pri 100 vIP 10.200.1.1 06:20:07: HSRP: Vl200 Grp 1 Hello out 10.200.1.3 Speak pri 100 vIP 10.200.1.1 06:20:10: HSRP: Vl200 Grp 1 Hello out 10.200.1.3 Speak pri 100 vIP 10.200.1.1 06:20:13: HSRP: Vl200 Grp 1 Hello out 10.200.1.3 Speak pri 100 vIP 10.200.1.1 !以上四行证实默认情况下HSRP每3秒钟发送一次HELLO包 06:20:14: HSRP: Vl200 Grp 1 Speak: d/Standby timer expired (unknown) 06:20:14: HSRP: Vl200 Grp 1 Standby router is local 06:20:14: HSRP: Vl200 Grp 1 Speak -> Standby 06:20:14: HSRP: Vl200 Grp 1 Redundancy "hsrp-Vl200-1" state Speak -> Standby 06:20:14: HSRP: Vl200 Grp 1 Hello out 10.200.1.3 Standby pri 100 vIP 10.200.1.1 06:20:14: HSRP: Vl200 Grp 1 Standby: c/Active timer expired (unknown) 06:20:14: HSRP: Vl200 Grp 1 Active router is local 06:20:14: HSRP: Vl200 Grp 1 Standby router is unknown, was local 06:20:14: HSRP: Vl200 Grp 1 Standby -> Active 06:20:14: %HSRP-6-STATECHANGE: Vlan200 Grp 1 state Standby -> Active 06:20:14: HSRP: Vl200 Grp 1 Redundancy "hsrp-Vl200-1" state Standby -> Active |
在SW2和SW3未进行优先级(Priority)配置的情况下,SW3已经成为了活动(Active)状态,这是因其HSRP接口IP地址10.200.1.3高于SW2的HSRP接口IP地址10.200.1.2。
用show standby命令查看SW2、SW3中的HSRP配置:
|
SW2#show standby Vlan200 - Group 1 State is Standby 36 state changes, last state change 00:00:17 Virtual IP address is 10.200.1.1 Active virtual MAC address is 0000.0c07.ac01 !该MAC为此HSRP虚拟的MAC地址 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.626 secs Preemption disabled Active router is 10.200.1.3, priority 100 (expires in 8.641 sec) Standby router is local Priority 100 (default 100) IP redundancy name is "hsrp-Vl200-1" (default) |
|
SW3#show standby Vlan200 - Group 1 State is Active 14 state changes, last state change 00:01:20 Virtual IP address is 10.200.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.164 secs Preemption disabled Active router is local Standby router is 10.200.1.2, priority 100 (expires in 9.144 sec) Priority 100 (default 100) IP redundancy name is "hsrp-Vl200-1" (default) |
(4)配置VLAN200中一台计算机进行测试,分配IP:10.200.1.4/24,设置网关:10.200.1.1
在此计算机上用“arp –a”命令可以发现IP地址10.200.1.1 对应的MAC地址变为00-00-0c-07-ac-01,这是HSRP特定的虚拟的MAC地址。
|
C:\Documents and Settings\nic>arp -a Interface: 10.200.1.4 on Interface 0x2000003 Internet Address Physical Address Type 10.200.1.1 00-00-0c-07-ac-01 dynamic |
然后用“ping 10.200.1.1”测试能通,说明HSRP组正确配置。
3. 深入探讨HSRP
(1)配置HSRP接口优先级
接下来在SW2中配置HSRP优先级为150
|
SW2(config-if)#standby 1 priority 150 |
在经过一段时间的等待后SW2状态变为Active,SW3为Standby
|
SW3#show standby Vlan200 - Group 1 State is Standby !SW3状态变为Standby 25 state changes, last state change 00:00:06 Virtual IP address is 10.200.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.539 secs Preemption disabled Active router is 10.200.1.2, priority 150 (expires in 7.543 sec) Standby router is local Priority 100 (default 100) IP redundancy name is "hsrp-Vl200-1" (default) |
用“ping 10.200.1.1 –t” 命令持续ping 网关地址,以检测链路连通性。
然后物理断开处于Active状态的SW2,观察ping的情况:
|
Reply from 10.200.1.1: bytes=32 time<10ms TTL=255 Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Request timed out. Reply from 10.200.1.1: bytes=32 time<10ms TTL=255 Reply from 10.200.1.1: bytes=32 time<10ms TTL=255 Reply from 10.200.1.1: bytes=32 time<10ms TTL=255 |
可以发现在短暂的网络中断后链路又恢复了正常,说明HSRP起到了备份网关的作用,网络中断的时间开销应该是HELLO包检测到网络状态变化、保持定时器时间、SW3从Standby状态变为Active状态的时间的总和。
Hello时间和保持定时器时间可以修改,命令是:
standbygrouptimers [msec]hello [msec] holdtime
(2)track跟踪接口的配置
HSRP可以通过跟踪某个接口的状态动态调整优先级。所用命令为:
stanbygroup tracktype mod/num [decrementvalue],如在SW3配置跟踪G0/24接口,若接口失效,则优先级降低60,若接口恢复,则优先级增加60:
SW3(config-if)#stanby 1 track GigabitEthernet0/24 60
用debug standby命令查看,并且断开SW3的GigabitEthernet0/24接口:
SW3(config)#
06:34:40: HSRP: Vl200 Grp 1 Hello out 10.200.1.3 Active pri 150 vIP 10.200.1.1
06:34:41: HSRP: Vl200 Grp 1 Hello in 10.200.1.2 Standby pri 100 vIP 10.200.1.1
06:34:43: HSRP: Vl200 Grp 1 Track 1 object changed, state Up -> Down
06:34:43: HSRP: Vl200 Grp 1 Priority 150 -> 90
06:34:43: HSRP: Vl200 Grp 1 Hello out 10.200.1.3 Active pri 90 vIP 10.200.1.1
可见SW3的HSRP接口优先级降低到90。
另外,可以运用HSRP技术实现负载均衡,原理是:建立2个HSRP组,在group1(10.200.1.1)中,SW2为高优先级,配置 preempt,SW3为低优先级,在group2(10.200.1.10)中SW3为高优先级,配置preempt,SW2为低优先级;让一半用户配 置网关为10.200.1.1,另一半用户配置网关为10.200.1.10。这样HSRP拥有两个虚拟MAC地址,一半数据流经SW2,一半数据流经 SW3,起到负载均衡的作用。以下是配置:
|
SW3 |
SW2 |
|
interface Vlan200 ip address 10.200.1.3 255.255.255.0 standby 1 ip 10.200.1.1 standby 1 priority 150 standby 1 preempt standby 2 ip 10.200.1.10 |
interface Vlan200 ip address 10.200.1.2 255.255.255.0 standby 1 ip 10.200.1.1 standby 2 ip 10.200.1.10 standby 2 priority 150 standby 2 preempt |
查看HSRP:
|
SW2#show standby Vlan200 - Group 1 State is Standby 54 state changes, last state change 12:08:58 Virtual IP address is 10.200.1.1 Active virtual MAC address is 0000.0c07.ac01 Local virtual MAC address is 0000.0c07.ac01 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 2.069 secs Preemption disabled Active router is 10.200.1.3, priority 150 (expires in 8.197 sec) Standby router is local Priority 100 (default 100) IP redundancy name is "hsrp-Vl200-1" (default) Vlan200 - Group 2 State is Active 2 state changes, last state change 00:00:44 Virtual IP address is 10.200.1.10 Active virtual MAC address is 0000.0c07.ac02 Local virtual MAC address is 0000.0c07.ac02 (v1 default) Hello time 3 sec, hold time 10 sec Next hello sent in 0.131 secs Preemption enabled Active router is local Standby router is 10.200.1.3, priority 100 (expires in 7.098 sec) Priority 150 (configured 150) |
|
SW2#show standby vlan 200 brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Vl200 1 100 Standby 10.200.1.3 local 10.200.1.1 Vl200 2 150 P Active local 10.200.1.3 10.200.1.10 SW2# |
|
SW3# show standby vlan 200 brief P indicates configured to preempt. | Interface Grp Prio P State Active Standby Virtual IP Vl200 1 150 P Active local 10.200.1.2 10.200.1.1 Vl200 2 100 Standby 10.200.1.2 local 10.200.1.10 |
除了本文介绍的HSRP外,其它的路由器冗余协议还有VRRP、GLBP等,路由冗余能有效的提高网络的可用性和稳定性。稳健的网络也难免出现问题,备份链路和负载均衡是必要的。
