CCNA-26、FHRP
2022-11-15 本文已影响0人
Tess鱼丸
FHRP(首跳冗余)
HSRP、VRRP
为什么需要FHRP
.一旦网络网关或关键节点出现故障,将对业务造成灾难性故障
·链路失效无法检测,业务稳定性受到威胁
FHRP为我们带来什么?
·关键业务节点的冗余,可靠的业务支撑网络。
但是FHRP是思科私有的协议,后面还待学VRRP
VRRP简介
·关键业务节点的冗余,可靠的业务支撑网络
VRRP
FHRP之HSRP
HSRP定义了路由器的备份组.
备份组是一组参与HSRP的路由器,它们一起来模拟一台虚拟的路由.
.HSRP备用组包含了下列实体∶
·活跃路由器( active )
·备用路由器( standby )
·虚拟路由器.( Virtual )
·其他HSRP成员路由器.
活跃路由器备份路由器发送Hello包是通过组播地址224.0.0.2采用UDP=1985端口,间隔为3s
-Active路由器
·活跃路由器的竞争
-优先级(0~255,默认100 ) #越大越优先
-IP地址
-越大越优
·只有处于active的路由器才能响应用户的ARP请求和转发数据
-Standby路由器
.Standby路由器监听224.0.0.2的hello消息,一旦发现active出现问题
( holdtime=10s ),立马从standby升级成为active
#当Active路由器失效时,Standby路由器就会去顶替Active路由器工作。
虚拟IP作为网关
虚拟IP作为网关
虚拟MAC
0000.0c是标准开头
07.ac是标准HSRP
01是HSRP的组(十六进制表示)10就是16
Router(config-if)# standby 1 ip 10.1.1.1
将接口加入HSRP组1,虚拟IP为10.1.1.1
Router(config-if) # standby 1 priority 120
该接口在组1中的优先级为120
Router(config-if) # standby 1 preempt
当active的优先级低于本接口时,抢占active (抢占默认关闭)
#案例
Router#show standby brief
indicates configured to preempt.
Interface Grp Prio state Active addr standby addr Group addr
v111 11 110 Active local 172.16.11.114 172.16.11.115
验证HSRP工作状态
#本地配置结果
WAN#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/1 1 120 P Init unknown unknown 10.1.1.1
WAN#
============================================================================
HSRP实验
实验
先把拓扑搭建好,再配置好接口地址
VPCS> ip 192.168.1.1/24 192.168.1.254
Checking for duplicate address...
PC1 : 192.168.1.1 255.255.255.0 gateway 192.168.1.254
==================================================================
R1(config)#interface gigabitEthernet 0/0
R1(config-if)#ip address 192.168.1.253 255.255.255.0
R2(config-if)#no shutdown
R1(config)#interface gigabitEthernet 0/1
R1(config-if)#ip address 192.168.14.1 255.255.255.0
R2(config-if)#no shutdown
=================================================================
R2(config)#interface gigabitEthernet 0/0
R2(config-if)#ip address 192.168.1.252 255.255.255.0
R2(config-if)#no shutdown
R2(config)#interface gigabitEthernet 0/1
R2(config-if)#ip address 192.168.25.1 255.255.255.0
R2(config-if)#no shutdown
=================================================================
R3(config)#interface gigabitEthernet 0/0
R3(config-if)#ip address 192.168.14.2 255.255.255.0
R3(config-if)#interface loopback 0
R3(config-if)#ip address 1.1.1.1 255.255.255.0
R4(config)#interface gigabitEthernet 0/0
R4(config-if)#ip address 192.168.25.2 255.255.255.0
R4(config)#interface loopback 0
R4(config-if)#ip address 1.1.1.1 255.255.255.0
#配置完接口地址后,测试联通性
R1#ping 192.168.14.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.14.2, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 7/8/10 ms
R1#ping 192.168.14.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.14.1, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/3 ms
R1#ping 192.168.1.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 2/2/5 ms
R1#ping 192.168.1.252
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.252, timeout is 2 seconds:
.!!!!
Success rate is 80 percent (4/5), round-trip min/avg/max = 10/11/13 ms
=========================================
#同样R2也要测试连通性
R2#ping 192.168.1.253
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.1.253, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 10/13/17 ms
R2#ping 192.168.25.2
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 192.168.25.2, timeout is 2 seconds:
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/8/11 ms
R2#
添加路由
#在R1和R2上添加去往1.1.1.1的路由
R1(config)#ip route 1.1.1.1 255.255.255.255 192.168.14.2
R2(config)#ip route 1.1.1.1 255.255.255.255 192.168.25.2
#在R3和R4上添加回192.168.1.0的路由
R3(config)#ip route 192.168.1.0 255.255.255.0 192.168.14.1
R4(config)#ip route 192.168.1.0 255.255.255.0 192.168.25.1
再配置好路由后测试通连
R1#ping 1.1.1.1 source gigabitEthernet 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.14.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/9 ms
R1#
R2#ping 1.1.1.1 source gigabitEthernet 0/1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
Packet sent with a source address of 192.168.25.1
!!!!!
Success rate is 100 percent (5/5), round-trip min/avg/max = 6/7/10 ms
R2#
=====================================================================
#PC的路由已经通了
VPCS> ping 1.1.1.1
1.1.1.1 icmp_seq=1 timeout
84 bytes from 1.1.1.1 icmp_seq=2 ttl=254 time=10.677 ms
84 bytes from 1.1.1.1 icmp_seq=3 ttl=254 time=11.217 ms
84 bytes from 1.1.1.1 icmp_seq=4 ttl=254 time=15.907 ms
84 bytes from 1.1.1.1 icmp_seq=5 ttl=254 time=13.642 ms
VPCS>
再开始配置HSRP
R1(config)#interface gigabitEthernet 0/0
R1(config-if)#standby 1 priority 120 #配置优先级
R1(config-if)#standby 1 ip 192.168.1.254 #配置接口虚拟网关
#查看接口下的配置
R1#show run int g0/0
Building configuration...
Current configuration : 170 bytes
!
interface GigabitEthernet0/0
ip address 192.168.1.253 255.255.255.0
standby 1 ip 192.168.1.254
standby 1 priority 120
end
R1#
=======================================================
R2(config)#interface gigabitEthernet 0/0
R2(config-if)#standby 1 priority 110
R2(config-if)#standby 1 ip 192.168.1.254
查看HSRP的选举
R1#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/0 1 120 Active local 192.168.1.252 192.168.1.254
R1#
后面开启PC的长ping,再断掉R1的链路,查看PC那死否能无缝衔接R2的链路通信,
VPCS> ping 1.1.1.1 -t
84 bytes from 1.1.1.1 icmp_seq=166 ttl=254 time=13.135 ms
R1(config)#interface gigabitEthernet 0/0
R1(config-if)#shutdown
R1(config-if)#
*Nov 15 15:50:54.739: %HSRP-5-STATECHANGE: GigabitEthernet0/0 Grp 1 state Standby -> Init
*Nov 15 15:50:56.699: %LINK-5-CHANGED: Interface GigabitEthernet0/0, changed state to administratively down
*Nov 15 15:50:57.700: %LINEPROTO-5-UPDOWN: Line protocol on Interface GigabitEthernet0/0, changed state to down
R1(config-if)#
####shutdown后PC端可以继续ping1.1.1.1没有任何影响
R1#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/0 1 120 Init unknown unknown 192.168.1.254
R1#
==========================================================
####接口启用后的状态
*Nov 15 16:00:13.052: %HSRP-5-STATECHANGE: GigabitEthernet0/0 Grp 1 state Speak -> Standby
R1#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/0 1 120 Standby 192.168.1.252 local 192.168.1.254
R1#
===========================================================
####R2正常状态下是Active,因为它的优先级高
R2#show standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/0 1 110 Active local 192.168.1.253 192.168.1.254
R2#
===========================================================
####配置R1抢回Active状态
preempt 让当前优先级高的成为活跃路由器
R1(config-if)#standby 1 preempt
*Nov 15 16:01:29.421: %HSRP-5-STATECHANGE: GigabitEthernet0/0 Grp 1 state Standby -> Active
R1#sh standby brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Gi0/0 1 120 P Active local 192.168.1.252 192.168.1.254
R1#
关联Track
HSRP无法感知上联接口的状况,可以结合track进行监控
无法感知上联接口状态
配置关联Track
Router(config-if )#standby 1 track GigabitEthernet 0/1 50
当Gi0/1 DOWN时,将该接口的优先级降低50
####设置主路由与备份路由的优先值时要注意,不能差距过大,这样上联链路断了时,他的优先级降低50后,
####如果备份路由接口的优先级还是没有主路由的优先级大,那他还是不会使用备用链路。
(不同的IOS关联track会有细微的差别)
TIPS :
####抢占必须开启####
####R1的上行链路断了后PC就无法通信了
R1(config)#interface gigabitEthernet 0/1
R1(config-if)#shutdown
===============================================================
VPCS> ping 1.1.1.1 -t
84 bytes from 1.1.1.1 icmp_seq=1 ttl=254 time=15.274 ms
84 bytes from 1.1.1.1 icmp_seq=4 ttl=254 time=12.625 ms
84 bytes from 1.1.1.1 icmp_seq=5 ttl=254 time=13.886 ms
*192.168.1.253 icmp_seq=6 ttl=255 time=12.416 ms (ICMP type:3, code:1, Destination host unreachable)
*192.168.1.253 icmp_seq=7 ttl=255 time=9.884 ms (ICMP type:3, code:1, Destination host unreachable)
^C
VPCS>
####进入0/0口,配置命令在g0/1down后降低优先级30
R1(config)#interface gigabitEthernet 0/0
R1(config-if)#standby 1 track g0/1 30
####这样就配置完了
