实战:冗余网关vrrp
虚拟路由冗余协议(Virtual Router Redundancy Protocol,VRRP),实现网关冗余。
1.环境准备
AR1
<Huawei>sys
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode aaa
[Huawei-aaa]local-user zhao password cipher 123456
[Huawei-aaa]local-user zhao privilege level 3
[Huawei-aaa]quit
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.0.2 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 12.2.2.1 24
[Huawei]ip route-static 0.0.0.0 0 12.2.2.2
[Huawei-GigabitEthernet0/0/1]return
<Huawei>save
AR2
<Huawei>sys
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode aaa
[Huawei-ui-console0]aaa
[Huawei-aaa]local-user zhao password cipher 123456
[Huawei-aaa]local-user zhao privilege level 3
[Huawei-aaa]quit
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 192.168.0.3 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 14.2.2.1 24
[Huawei]ip route-static 0.0.0.0 0 14.2.2.2
[Huawei-GigabitEthernet0/0/1]return
<Huawei>save
AR3
<Huawei>sys
[Huawei]user-interface console 0
[Huawei-ui-console0]authentication-mode aaa
[Huawei-ui-console0]aaa
[Huawei-aaa]local-user zhao password cipher 123456
[Huawei-aaa]local-user zhao privilege level 3
[Huawei-aaa]quit
[Huawei]interface GigabitEthernet 0/0/1
[Huawei-GigabitEthernet0/0/1]ip address 14.2.2.2 24
[Huawei-GigabitEthernet0/0/1]quit
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]ip address 12.2.2.2 24
[Huawei-GigabitEthernet0/0/0]quit
[Huawei]interface GigabitEthernet 2/0/0
[Huawei-GigabitEthernet2/0/0]ip address 15.2.2.1 24
[Huawei]ip route-static 192.168.0.0 24 12.2.2.1
[Huawei]ip route-static 192.168.0.0 24 14.2.2.1
[Huawei-GigabitEthernet2/0/0]return
<Huawei>save
2.配置网关冗余VRRP
AR1
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.0.1 #配置虚拟IP
[Huawei-GigabitEthernet0/0/0]vrrp vrid 1 priority 120 #优先级120
[Huawei-GigabitEthernet0/0/0]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 40 #0/0/1的链路断了,减少40优先级
[Huawei-GigabitEthernet0/0/0]vrrp vrid 1 preempt-mode timer delay 30 #链路恢复后延迟30秒连接
AR2
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]vrrp vrid 1 virtual-ip 192.168.0.1 #配置虚拟IP
[Huawei-GigabitEthernet0/0/0]vrrp vrid 1 priority 100 #优先级
192.168.0.0网段的计算机,网关都改成192.168.0.1
测试
删除g 0/0/1的链路
往下面的链路走
192.168.0.3相当于192.168.0.1
3.增加负载均衡
AR2
<Huawei>sys
[Huawei]interface GigabitEthernet 0/0/0
[Huawei-GigabitEthernet0/0/0]vrrp vrid 2 virtual-ip 192.168.0.254
[Huawei-GigabitEthernet0/0/0]vrrp vrid 2 priority 120
[Huawei-GigabitEthernet0/0/0]vrrp vrid 2 track interface GigabitEthernet 0/0/1 r
educed 40
[Huawei-GigabitEthernet0/0/0]vrrp vrid 2 preempt-mode timer delay 30
AR1
[Huawei-GigabitEthernet0/0/0]vrrp vrid 2 virtual-ip 192.168.0.254
[Huawei-GigabitEthernet0/0/0]vrrp vrid 2 priority 100
0.12和0.13的两台计算机改网关192.168.0.254
测试
断开下面链路
AR2
[Huawei]display vrrp brief
4.参数解释
[Huawei-GigabitEthernet0/0/0]vrrp vrid 1 ?
authentication-mode Specify password and authentication mode
preempt-mode Specify preempt mode #抢占模式
priority Specify priority #优先级
timer Specify timer #时间
track Specify the track configuration #监测接口的情况
version-3 Specify the device to support V3 for VRRP
virtual-ip Specify virtual IP address #虚拟IP
track的主要作用是监视备份组中接口的状态。当监视的接口状态发生变化时,VRRP备份组的主备状态会自动调整,确保网络的稳定性和可靠性。例如,如果监视的接口出现故障,VRRP track会检测到这一变化,并相应地将主备角色切换到备份路由器,从而保证网络的连续性。
VRRP timer的作用和机制
心跳检测:VRRP timer负责定期发送心跳包(通常是每秒一次),以确保所有VRRP路由器之间的通信。如果某个路由器在预设的时间内没有收到心跳包,它会认为主路由器故障,从而触发备份路由器的接管。
状态切换:当主路由器故障时,备份路由器会接收到心跳包超时的信号,然后通过VRRP timer触发状态切换,将虚拟路由器的MAC地址和IP地址切换到备份路由器上,确保网络服务的连续性。
优先级调整:VRRP timer还可以用于调整路由器的优先级,高优先级的路由器会更快地接管虚拟路由器的角色,确保关键服务的高可用性。