- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
47-VRRP典型配置举例
本章节下载: 47-VRRP典型配置举例 (494.07 KB)
H3C S6860产品VRRP配置举例
Copyright © 2018 新华三技术有限公司 版权所有,保留一切权利。
非经本公司书面许可,任何单位和个人不得擅自摘抄、复制本文档内容的部分或全部,并不得以任何形式传播。
除新华三技术有限公司的商标外,本手册中出现的其它公司的商标、产品标识及商品名称,由各自权利人拥有。
本文档中的信息可能变动,恕不另行通知。
目 录
本文档介绍VRRP的配置举例。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解VRRP、STP和以太网链路聚合特性。
如图1所示,Host A所在网络的出口处部署了两台网关设备。现要求使用VRRP主备备份功能,将这两台设备组成一台虚拟路由器,作为Host A的缺省网关。具体应用需求如下:
· 在正常情况下,由Device A承担网关功能,转发Host A发送至外网的流量;
· 当Device A或者Device A的上行接口出现故障时,由Device B接替Device A承担网关功能;
· 当Device A或者Device A的上行接口故障恢复后,由Device A继续承担网关功能。
图1 IPv4 VRRP单备份组配置组网图
· 为了让Device A成为Master,需要为Device A配置较高的优先级;
· 将VRRP组的抢占模式和监视上行接口状态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP组内的角色发生转变,实现主备切换;
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 备份组的虚拟IP地址不能为全零地址(0.0.0.0)、广播地址(255.255.255.255)、环回地址、非A/B/C类地址和其它非法IP地址(如0.0.0.1)。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则备份组无法正常工作。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 对于同一个VRRP备份组的成员设备,必须保证虚拟路由器的IP地址配置完全一样。
· 用户在配置降低优先级幅度时,需要确保降低后的优先级比备份组内其他设备的优先级要低,确保备份组内有其他设备被选为Master。
(1) Device A的配置
# 配置接口IP地址。
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 192.168.0.2 24
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为192.168.0.1。
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 设置Device A在VRRP备份组1中的优先级为110,高于Device B的优先级100,以保证Device A成为Master负责转发流量。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 110
# 设置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,就由Device A负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 创建和上行端口Ten-GigabitEthernet1/0/2关联的Track项1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
(2) Device B的配置
# 配置接口IP地址。
<DeviceB> system-view
[DeviceB] vlan 2
[DeviceB-vlan2] port ten-gigabitethernet 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 192.168.0.3 24
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为192.168.0.1。
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 设置Device B在VRRP备份组1中的优先级为100。
[DeviceB-Vlan-interface2] vrrp vrid 1 priority 100
# 设置Device B工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置完成后,在Host A上可以ping通Host B。
# 通过display vrrp verbose命令查看配置后的结果,显示Device A上VRRP备份组1的详细信息。
[DeviceA-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 通过display vrrp verbose命令查看配置后的结果,显示Device B上VRRP备份组1的详细信息。
[DeviceB-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 401ms left
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上显示信息表示在VRRP备份组1中Device A为Master,Device B为Backup,Host A发送给Host B的报文通过Device A转发。
# Device A出现故障后,在Host A上仍然可以ping通Host B。
# 通过display vrrp verbose命令查看Device B上VRRP备份组的详细信息,Device A出现故障后,显示Device B上VRRP备份组1的详细信息。
[DeviceB-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.3
以上显示信息表示Device A出现故障后,Device B成为Master,Host A发送给Host B的报文通过Device B转发。
# Device A故障恢复后,显示Device A上VRRP备份组1的详细信息。
[DeviceA-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
以上显示信息表示Device A故障恢复后,Device A会抢占成为Master,Host A发送给Host B的报文仍然通过Device A转发。
· Device A的配置文件:
#
vlan 2
#
interface Vlan-interface2
ip address 192.168.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.2
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vlan 2
#
interface Vlan-interface2
ip address 192.168.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.2
vrrp vrid 1 priority 100
vrrp vrid 1 preempt-mode delay 500
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
如图2所示,某公司为了实现网关设备的冗余备份,以及内网主机流量的负载分担,在内部网络的出口处部署了两台设备,并使用VRRP负载分担功能,将这两台设备组成两台虚拟路由器,分别作为区域A和区域B的缺省网关。具体应用需求如下:
· Device A是VRRP备份组1中的Master设备,Device B是VRRP备份组2中的Master设备。在正常情况下,区域A的用户通过Device A进行数据转发,区域B的用户通过Device B进行数据转发。
· 当Device A或者Device A的上行接口发生故障后,Device B能够迅速承担区域A内主机流量的转发任务;Device A故障恢复后,继续承担VRRP备份组1的网关功能;
· 当Device B或者Device B的上行接口发生故障后,Device A能够迅速承担区域B内主机流量的转发任务;Device B故障恢复后,继续承担VRRP备份组2的网关功能。
图2 IPv4 VRRP多备份组配置组网图
· 为了让Device A和Device B分别成为VRRP备份组1和VRRP备份组2中的Master,需要在VRRP备份组1中为Device A配置较高的优先级,在VRRP备份组2中为Device B配置较高的优先级。
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
· 为了避免网关设备(Device A和Device B)与二层交换机形成二层环路,使用STP协议在每个VRRP备份组中阻塞一个端口。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· VRRP备份组的虚拟IP地址不能为全零地址(0.0.0.0)、广播地址(255.255.255.255)、环回地址、非A/B/C类地址和其它非法IP地址(如0.0.0.1)。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则VRRP备份组无法正常工作。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了VRRP备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 用户在配置降低优先级幅度时,需要确保降低后的优先级比VRRP备份组内其他设备的优先级要低,确保VRRP备份组内有其他设备被选为Master设备。
· 对于同一个VRRP备份组的成员设备,如下配置必须保证完全一样:
¡ 虚拟路由器的IP地址个数
¡ 每个备份组虚拟路由器的IP地址
¡ 定时器间隔时间
(1) Device A的配置
# 配置接口IP地址。
<DeviceA> system-view
[DeviceA] vlan 101
[DeviceA-vlan101] port ten-gigabitethernet 1/0/1
[DeviceA-vlan101] quit
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] ip address 10.0.0.2 24
[DeviceA-Vlan-interface101] quit
# 请参考以上方法配置图2中其它接口的IP地址,配置步骤这里省略。
# 配置两个网关设备间采用Trunk口直连,允许VLAN 101和VLAN 102的报文通过
[DeviceA] interface ten-gigabitethernet 1/0/24
[DeviceA-Ten-GigabitEthernet1/0/24] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/24] undo port trunk permit vlan 1
[DeviceA-Ten-GigabitEthernet1/0/24] port trunk permit vlan 101 to 102
[DeviceA-Ten-GigabitEthernet1/0/24] port trunk pvid vlan 101
[DeviceA-Ten-GigabitEthernet1/0/24] quit
# 关闭Ten-GigabitEthernet1/0/2的STP功能
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.0.0.1,并配置Device A在VRRP备份组1中的优先级为120,高于Device B的优先级。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
[DeviceA-Vlan-interface101] vrrp vrid 1 priority 120
[DeviceA-Vlan-interface101] quit
# 创建VRRP备份组2,并配置VRRP备份组2的虚拟IP地址为11.0.0.1。
[DeviceA] interface vlan-interface 102
[DeviceA-Vlan-interface102] vrrp vrid 2 virtual-ip 11.0.0.1
[DeviceA-Vlan-interface102] quit
# 设置Device A工作在抢占方式,配置抢占延迟时间为500厘秒。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface101] quit
# 创建和上行端口Ten-GigabitEthernet1/0/2关联的Track项1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组1中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface101] quit
# 配置MSTP,将VLAN101映射到MSI 1,VLAN102映射到MSI 2,并将Device A作为MSI 1的根桥。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 101
[DeviceA-mst-region] instance 2 vlan 102
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp instance 2 root secondary
[DeviceA] stp global enable
(2) Device B的配置
<DeviceB> system-view
[DeviceB] vlan 101
[DeviceB-vlan101] port ten-gigabitethernet 1/0/1
[DeviceB-vlan101] quit
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] ip address 10.0.0.3 24
[DeviceB-Vlan-interface101] quit
# 请参考以上方法配置图2中其它接口的IP地址,配置步骤省略。
# 配置两个网关设备间采用trunk口直连,允许VLAN 101和VLAN 102的报文通过
[DeviceB] interface ten-gigabitethernet 1/0/24
[DeviceB-Ten-GigabitEthernet1/0/24] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/24] undo port trunk permit vlan 1
[DeviceB-Ten-GigabitEthernet1/0/24] port trunk permit vlan 101 to 102
[DeviceB-Ten-GigabitEthernet1/0/24] port trunk pvid vlan 101
[DeviceB-Ten-GigabitEthernet1/0/24] quit
# 关闭Ten-GigabitEthernet1/0/2的STP功能
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceB-Ten-GigabitEthernet1/0/2] quit
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.0.0.1。
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
[DeviceB-Vlan-interface101] quit
# 创建VRRP备份组2,并配置VRRP备份组2的虚拟IP地址为11.0.0.1,并配置Device B在VRRP备份组2中的优先级为120,高于Device A的优先级。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp vrid 2 virtual-ip 11.0.0.1
[DeviceB-Vlan-interface102] vrrp vrid 2 priority 120
# 设置Device B工作在抢占方式,配置抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface102] vrrp vrid 2 preempt-mode delay 500
[DeviceB-Vlan-interface102] quit
# 创建和上行端口Ten-GigabitEthernet1/0/2关联的Track项2。
[DeviceB] track 2 interface ten-gigabitethernet 1/0/2
# 配置监视Track项2,Track项的状态为Negative时,Device B在VRRP备份组2中的优先级降低的数值为50。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp vrid 2 track 2 priority reduced 50
[DeviceB-Vlan-interface102] quit
# 配置MSTP,将VLAN101映射到MSI 1,VLAN102映射到MSI 2,并将Device B作为MSI 2的根桥。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 101
[DeviceB-mst-region] instance 2 vlan 102
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 2 root primary
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2SwitchA的配置
# 配置MSTP,将VLAN101映射到MSI 1,激活MSTI配置,全局使能STP协议。
<L2SwitchA> system-view
[L2SwitchA] stp region-configuration
[L2SwitchA-mst-region] region-name vrrp
[L2SwitchA-mst-region] instance 1 vlan 101
[L2SwitchA-mst-region] active region-configuration
[L2SwitchA-mst-region] quit
[L2SwitchA] stp global enable
(4) L2SwitchB的配置
# 配置MSTP,将VLAN102映射到MSI 1,激活MSTI配置,全局使能STP协议。
<L2SwitchB> system-view
[L2SwitchB] stp region-configuration
[L2SwitchB-mst-region] region-name vrrp
[L2SwitchB-mst-region] instance 1 vlan 102
[L2SwitchB-mst-region] active region-configuration
[L2SwitchB-mst-region] quit
[L2SwitchB] stp global enable
(1) 配置完成后,区域A和区域B中的主机都可以ping通外网。
# 检查区域A的主机到目的端100.0.0.1是否可达。
<host A> ping 100.0.0.1
PING 100.0.0.1 (100.0.0.1): 56 data bytes
56 bytes from 100.0.0.1: seq=0 ttl=128 time=22.43 ms
56 bytes from 100.0.0.1: seq=1 ttl=128 time=7.17 ms
56 bytes from 100.0.0.1: seq=2 ttl=128 time=8.91 ms
56 bytes from 100.0.0.1: seq=3 ttl=128 time=7.45 ms
56 bytes from 100.0.0.1: seq=4 ttl=128 time=9.11 ms
--- 100.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 7.17/11.01/22.43 ms
# 检查区域B的主机到目的端100.1.0.1是否可达。
<host C> ping 100.1.0.1
PING 100.1.0.1 (100.1.0.1): 56 data bytes
56 bytes from 100.1.0.1: seq=0 ttl=128 time=22.43 ms
56 bytes from 100.1.0.1: seq=1 ttl=128 time=7.17 ms
56 bytes from 100.1.0.1: seq=2 ttl=128 time=8.91 ms
56 bytes from 100.1.0.1: seq=3 ttl=128 time=7.45 ms
56 bytes from 100.1.0.1: seq=4 ttl=128 time=9.11 ms
--- 100.1.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 7.17/11.01/22.43 ms
(2) 通过display vrrp verbose命令查看配置后的结果。
# 查看Device A上全部IPv4 VRRP备份组的详细信息,显示Device A在备份组1中为Master设备,在备份组2中为Backup设备。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 11.0.0.3
# 查看Device B上全部IPv4 VRRP备份组的详细信息,显示Device B在备份组1中为Backup设备,在备份组2中为Master设备。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 10.0.0.2
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 11.0.0.3
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
# Device A出现故障后,通过display vrrp verbose命令查看Device B上备份组的详细信息。可以看到Device B抢占为备份组1的Master。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.3
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 11.0.0.3
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
以上显示信息表示Device A出现故障后,区域A和区域B中的主机仍然可以ping通外网。
# 当Device A故障恢复后,显示Device A上备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Become Master : 3550ms left
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 11.0.0.3
以上显示信息表示当Device A故障恢复后,Device A在VRRP备份组1中恢复为原来的优先级并抢占成为该备份组的Master,VLAN 101内的主机通过Device A与外界通信。
· Device A的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 1 root primary
stp instance 2 root secondary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface Vlan-interface102
ip address 11.0.0.2 255.255.255.0
vrrp vrid 2 virtual-ip 11.0.0.1
#
interface Vlan-interface4094
ip address 100.0.0.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 102
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 2 root primary
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
#
interface Vlan-interface102
ip address 11.0.0.3 255.255.255.0
vrrp vrid 2 virtual-ip 11.0.0.1
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode delay 500
vrrp vrid 2 track 2 priority reduced 50
#
interface Vlan-interface4094
ip address 100.1.0.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 102
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 2 interface Ten-GigabitEthernet1/0/2
#
如图3所示,Host A、Host B和Host C所在网络的出口处部署了三台设备。现要求使用VRRP负载均衡功能,将Device A、Device B和Device C组成一台虚拟路由器,作为局域网内主机的缺省网关。具体应用需求如下:
· 实现VRRP备份组中三台设备都可以转发报文,实现流量负载分担,充分利用网关资源;
· 当Device A、Device B或Device C自身或其上行接口出现故障时,Host A、Host B和Host C可以通过其他正常运行的设备继续通信,避免通信中断;当Device A、Device B或Device C故障恢复后,继续承担网关功能。
图3 IPv4 VRRP负载均衡模式配置组网图
· 为了使Device A优先与Device B和Device C被选举为VRRP备份组的Master设备,需要为其配置高于Device B和Device C的优先级;为了使Device B优先于Device C被选举为VRRP备份组的Master设备,需要为其配置高于Device C的优先级;
· 为了避免由于故障造成VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间;
· 在Device A、Device B和Device C上配置虚拟转发器通过Track项监视上行接口的状态。当上行接口出现故障时,降低该接口所在设备虚拟转发器的权重,以便其他设备接管该设备的转发任务,避免通信中断;
· 为了保证原Master设备故障恢复后,能再次抢占成为Master,需要配置VRRP备份组工作在抢占模式。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· VRRP备份组的虚拟IP地址不能为全零地址(0.0.0.0)、广播地址(255.255.255.255)、环回地址、非A/B/C类地址和其它非法IP地址(如0.0.0.1)。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则VRRP备份组无法正常工作。
· VRRP工作在负载均衡模式时,备份组的虚拟IP地址和接口的IP地址不能相同,否则VRRP负载均衡功能将无法正常工作。
· 当监视的上行链路出现故障时,配置的权重降低数额需保证VF Owner的权重低于失效下限,即权重降低的数额大于245,其它的虚拟转发器才能接替VF Owner成为AVF。
· 对于同一个VRRP备份组的成员设备,必须保证备份组虚拟路由器的IP地址配置完全一样。
· 用户在配置降低权重幅度时,需要确保降低后的优先级比VRRP备份组内其他设备的优先级要低,确保VRRP备份组内有其他设备被选为Master。
(1) 配置接口
# 配置接口。
<DeviceA> system-view
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 10.1.1.2 24
[DeviceA-Vlan-interface2] quit
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] quit
[DeviceA] vlan 3
[DeviceA-vlan3] port ten-gigabitethernet 1/0/2
[DeviceA-vlan3] quit
[DeviceA] interface vlan-interface 3
[DeviceA-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceA] vrrp mode load-balance
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.1.1.1。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device A在VRRP备份组1中的优先级为120,高于Device B的优先级110和Device C的优先级100,以保证Device A成为Master。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 120
# 配置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,Device A就会成为Master。为了避免频繁地进行状态切换,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
(3) 配置Track
# 创建和Ten-GigabitEthernet1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device A的上行接口出现故障。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device A上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device A的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceA-Vlan-interface2] quit
(1) 配置接口
# 配置接口。
<DeviceB> system-view
[DeviceB] vlan 2
[DeviceB-vlan2] port ten-gigabitethernet 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 10.1.1.3 24
[DeviceB-Vlan-interface2] quit
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] quit
[DeviceB] vlan 3
[DeviceB-vlan3] port ten-gigabitethernet 1/0/2
[DeviceB-vlan3] quit
[DeviceB] interface vlan-interface 3
[DeviceB-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceB] vrrp mode load-balance
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.1.1.1。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device B在VRRP备份组1中的优先级为110,高于Device C的优先级,以保证Device A出现故障时,Device B成为Master。
[DeviceB-Vlan-interface2] vrrp vrid 1 priority 110
# 配置Device B工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
(3) 配置Track
# 创建和Ten-GigabitEthernet1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device B的上行接口出现故障。
[DeviceB] track 1 interface ten-gigabitethernet 1/0/2
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device B上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device B的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceB-Vlan-interface2] quit
(1) 配置接口
# 配置接口。
<DeviceC> system-view
[DeviceC] interface ten-gigabitethernet 1/0/1
[DeviceC-Ten-GigabitEthernet1/0/1] undo shutdown
[DeviceC-Ten-GigabitEthernet1/0/1] quit
[DeviceC] vlan 2
[DeviceC-vlan2] port ten-gigabitethernet 1/0/1
[DeviceC-vlan2] quit
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] ip address 10.1.1.4 24
[DeviceC-Vlan-interface2] quit
[DeviceC] interface ten-gigabitethernet 1/0/2
[DeviceC-Ten-GigabitEthernet1/0/2] quit
[DeviceC] vlan 3
[DeviceC-vlan3] port ten-gigabitethernet 1/0/2
[DeviceC-vlan3] quit
[DeviceC] interface vlan-interface 3
[DeviceC-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceA] vrrp mode load-balance
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.1.1.1。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device C工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceC-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceC-Vlan-interface2] quit
(3) 配置Track
# 创建和Ten-GigabitEthernet1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device C的上行接口出现故障。
[DeviceC] track 1 interface ten-gigabitethernet 1/0/2
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device C上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device C的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceC-Vlan-interface2] quit
(1) 配置完成后,在Host A上可以ping通外网,通过display vrrp verbose命令查看配置后的结果
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.2 (Local, Master)
10.1.1.3 (Backup)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 255
Active : local
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.3 (Local, Backup)
10.1.1.2 (Master)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : 10.1.1.2
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 显示Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : 10.1.1.2
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示在VRRP备份组1中Device A为Master,Device B和Device C 为Backup。Device A、Device B和Device C上各自存在一个AVF,并存在作为备份的两个LVF。
(2) Device A的上行接口(VLAN接口3)出现故障后
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.2 (Local, Master)
10.1.1.3 (Backup)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 0 Active
Config Weight : 255
Running Weight : 5
Forwarder 01
State : Initialize
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 0
Active : 10.1.1.4
Forwarder 02
State : Initialize
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 0
Active : 10.1.1.3
Forwarder 03
State : Initialize
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 0
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Negative Weight Reduced : 250
# 显示Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 3 Forwarders 2 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Take Over)
Owner ID : 0000-5e01-1101
Priority : 85
Active : local
Redirect Time : 93 secs
Time-out Time : 1293 secs
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 85
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示Device A的上行接口出现故障后,Device A上虚拟转发器的权重降低为5,低于失效下限。Device A上所有虚拟转发器的状态均变为Initialized,不能再用于转发。Device C成为虚拟MAC地址000f-e2ff-0011对应虚拟转发器的AVF,接管Device A的转发任务。
# Timeout Timer超时后(约1800秒后),查看Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示,Timeout Timer超时后,删除虚拟MAC地址000f-e2ff-0011对应的虚拟转发器,不再转发目的MAC地址为该MAC的报文。
(3) Device A出现故障后
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Standby Information:
Run mode : Load balance
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.3 (Local, Master)
10.1.1.4 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示Device A出现故障后,Device B的优先级高于Device C,将抢占成为Master。
· Device A的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device C的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.4 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface Ten-GigabitEthernet1/0/2
#
如图4所示,Area A区域的用户(Host A和Host B)所在网络的出口处部署了两台网关设备。现要求使用VRRP主备备份功能,将这两台设备组成一台虚拟路由器,作为Area A区域用户的缺省网关。具体应用需求如下:
· 在正常情况下,由Device A承担网关功能,转发Area A区域用户发送至外网的流量;
· 当Device A或者Device A的上行接口出现故障时,由Device B接替Device A承担网关功能;
· 当Device A或者Device A的上行接口故障恢复后,由Device A继续承担网关功能。
图4 IPv6 VRRP单备份组配置组网图
· 为了让Device A成为Master,需要为Device A配置较高的优先级;
· 将VRRP组的抢占模式和监视上行接口状态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP组内的角色发生转变,实现主备切换;
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
· 为了避免网关设备(Device A和Device B)与二层交换机形成二层环路,使用STP协议在VRRP备份组中阻塞一个端口。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 建议将备份组的虚拟IPv6地址和备份组中设备下行接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· IPv6 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv6 VRRP备份组中的所有路由器上配置的IPv6 VRRP版本一致,否则备份组无法正常工作。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 对于同一个VRRP备份组的成员设备,必须保证虚拟路由器的IP地址配置完全一样。
· 用户在配置降低优先级幅度时,需要确保降低后的优先级比备份组内其他设备的优先级要低,确保备份组内有其他设备被选为Master。
(1) Device A的配置
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface2] ipv6 address 1::1 64
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置允许发布RA消息,以便Area A的主机通过RA消息学习到缺省网关地址。
[DeviceA-Vlan-interface2] undo ipv6 nd ra halt
# 设置Device A在VRRP备份组1中的优先级为110,高于Device B的优先级100,以保证Device A成为Master负责转发流量。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# 设置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,就由Device A负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 创建和上行接口Ten-GigabitEthernet1/0/3关联的Track项1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/3
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
# 配置两个网关设备间采用Trunk口直连,允许VLAN 2的报文通过
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceA-Ten-GigabitEthernet1/0/2] port trunk pvid vlan 2
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# 配置MSTP,并将Device A作为MSI 1的根桥。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 2
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp global enable
(2) Device B的配置
# 配置接口IP地址。
<DeviceB> system-view
[DeviceB] vlan 2
[DeviceB-vlan2] port ten-gigabitethernet 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface2] ipv6 address 1::2 64
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置允许发布RA消息,以便Area A的主机通过RA消息学习到缺省网关地址。
[DeviceB-Vlan-interface2] undo ipv6 nd ra halt
# 设置Device B工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置两个网关设备间采用Trunk口直连,允许VLAN 2的报文通过
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceB-Ten-GigabitEthernet1/0/2] port trunk pvid vlan 2
[DeviceB-Ten-GigabitEthernet1/0/2] quit
# 配置MSTP,并全局使能STP。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 2
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) Switch A的配置
# 配置MSTP,将VLAN2映射到MSI 1,激活MSTI配置,全局使能STP协议。
<SwitchA> system-view
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name vrrp
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] stp global enable
# 配置完成后,Area A里面的主机可以ping通外网。如Host A可以ping通IPv6地址为30::1的主机。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 通过display vrrp ipv6 verbose命令查看配置后的结果,显示Device A上IPv6 VRRP备份组1的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 通过display vrrp ipv6 verbose命令查看配置后的结果,显示Device B上IPv6 VRRP备份组1的详细信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3000ms left
Auth Type : None
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
以上显示信息表示在IPv6 VRRP备份组1中Device A为Master路由器,Device B为Backup路由器,Area A的用户发送给外网的报文通过Device A转发。
# Device A或Device A的上行接口出现故障后,Area A的用户上仍然可以与外网通信。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 通过display vrrp ipv6 verbose命令查看Device B上IPv6 VRRP备份组的详细信息,Device A或Device A的上行接口出现故障后,显示Device B上IPv6 VRRP备份组1的详细信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::2
以上显示信息表示Device A或Device A的上行接口出现故障后,Device B成为Master路由器,Area A的用户发送给外网的报文通过Device B转发。
# Device A或Device A的上行接口故障恢复后,显示Device A上VRRP备份组1的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
以上显示信息表示Device A故障恢复后,Device A会抢占成为Master,Area A的用户发送给外网的报文仍然通过Device A转发。
· Device A的配置文件:
#
sysname DeviceA
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Vlan-interface2
ipv6 address fe80::1 link-local
ipv6 address 1::1/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 110
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 priority reduced 50
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
port trunk pvid vlan 2
#
track 1 interface Ten-GigabitEthernet1/0/3
#
· Device B的配置文件:
#
sysname DeviceB
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface2
ipv6 address fe80::2 link-local
ipv6 address 1::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 preempt-mode delay 500
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
port trunk pvid vlan 2
#
· Switch A的配置文件:
#
sysname SwitchA
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp global enable
#
如图5所示,某公司为了实现网关设备的冗余备份,以及内网主机流量的负载分担,在内部网络的出口处部署了两台设备,并使用VRRP负载分担功能,将这两台设备组成两台虚拟路由器,分别作为区域A和区域B的缺省网关。具体应用需求如下:
· Device A是VRRP备份组1中的Master设备,Device B是VRRP备份组2中的Master设备。在正常情况下,区域A的用户通过Device A进行数据转发,区域B的用户通过Device B进行数据转发。
· 当Device A或者Device A的上行接口发生故障后,Device B能够迅速承担区域A内主机流量的转发任务;Device A故障恢复后,继续承担VRRP备份组1的网关功能;
· 当Device B或者Device B的上行接口发生故障后,Device A能够迅速承担区域B内主机流量的转发任务;Device B故障恢复后,继续承担VRRP备份组2的网关功能。
图5 IPv6 VRRP多备份组配置组网图
· 为了让Device A和Device B分别成为VRRP备份组1和VRRP备份组2中的Master,需要在VRRP备份组1中为Device A配置较高的优先级,在VRRP备份组2中为Device B配置较高的优先级。
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
· 将VRRP组的抢占模式和监视上行接口状态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP组内的角色发生转变,实现主备切换;
· 为了避免网关设备(Device A和Device B)与二层交换机形成二层环路,使用STP协议在每个VRRP备份组中阻塞一个端口。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 建议将备份组的虚拟IPv6地址和备份组中设备下行接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· IPv6 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv6 VRRP备份组中的所有路由器上配置的IPv6 VRRP版本一致,否则VRRP备份组无法正常工作。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了VRRP备份组的接口的IPv6地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 用户在配置降低优先级幅度时,需要确保降低后的优先级比VRRP备份组内其他设备的优先级要低,确保VRRP备份组内有其他设备被选为Master设备。
· 对于同一个VRRP备份组的成员设备,如下配置必须保证完全一样:
¡ 虚拟路由器的IP地址个数
¡ 每个备份组虚拟路由器的IP地址
¡ 定时器间隔时间
(1) Device A的配置
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] vlan 101
[DeviceA-vlan101] port ten-gigabitethernet 1/0/1
[DeviceA-vlan101] quit
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface101] ipv6 address 10::2 64
[DeviceA-Vlan-interface101] quit
# 请参考以上方法配置图5中其它接口的IPv6地址,配置步骤这里省略。
# 配置两个网关设备间采用Trunk口直连,允许VLAN 101和VLAN 102的报文通过
[DeviceA] interface ten-gigabitethernet 1/0/24
[DeviceA-Ten-GigabitEthernet1/0/24] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/24] undo port trunk permit vlan 1
[DeviceA-Ten-GigabitEthernet1/0/24] port trunk permit vlan 101 to 102
[DeviceA-Ten-GigabitEthernet1/0/24] port trunk pvid vlan 101
[DeviceA-Ten-GigabitEthernet1/0/24] quit
# 关闭Ten-GigabitEthernet1/0/2的STP功能
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和10::1,配置抢占延迟时间为500厘秒,并配置Device A在VRRP备份组1中的优先级为120,高于Device B的优先级。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 priority 120
# 配置允许发布RA消息,以便Area A内主机通过RA消息学习到缺省网关地址。
[DeviceA-Vlan-interface101] undo ipv6 nd ra halt
[DeviceA-Vlan-interface101] quit
# 创建VRRP备份组2,并配置备份组2的虚拟IPv6地址为FE80::20和11::1,配置抢占延迟时间为500厘秒。
[DeviceA] interface vlan-interface 102
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip 11::1
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 preempt-mode delay 500
# 配置允许发布RA消息,以便Area B内主机通过RA消息学习到缺省网关地址。
[DeviceA-Vlan-interface102] undo ipv6 nd ra halt
[DeviceA-Vlan-interface102] quit
# 创建和上行接口Ten-GigabitEthernet1/0/2关联的Track项1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组1中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface101] quit
# 配置MSTP,将VLAN101映射到MSI 1,VLAN102映射到MSI 2,并将Device A作为MSI 1的根桥。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 101
[DeviceA-mst-region] instance 2 vlan 102
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp instance 2 root secondary
[DeviceA] stp global enable
(2) Device B的配置
<DeviceB> system-view
[DeviceB] vlan 101
[DeviceB-vlan101] port ten-gigabitethernet 1/0/1
[DeviceB-vlan101] quit
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface101] ipv6 address 10::3 64
[DeviceB-Vlan-interface101] quit
# 请参考以上方法配置图5中其它接口的IP地址,配置步骤省略。
# 配置两个网关设备间采用trunk口直连,允许VLAN 101和VLAN 102的报文通过
[DeviceB] interface ten-gigabitethernet 1/0/24
[DeviceB-Ten-GigabitEthernet1/0/24] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/24] undo port trunk permit vlan 1
[DeviceB-Ten-GigabitEthernet1/0/24] port trunk permit vlan 101 to 102
[DeviceB-Ten-GigabitEthernet1/0/24] port trunk pvid vlan 101
[DeviceB-Ten-GigabitEthernet1/0/24] quit
# 关闭Ten-GigabitEthernet1/0/2的STP功能
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceB-Ten-GigabitEthernet1/0/2] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和10::1。
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允许发布RA消息,以便Area A内主机通过RA消息学习到缺省网关地址。
[DeviceB-Vlan-interface101] undo ipv6 nd ra halt
[DeviceB-Vlan-interface101] quit
# 创建VRRP备份组2,并配置备份组1的虚拟IPv6地址为FE80::20和11::1,并配置Device B在VRRP备份组2中的优先级为120,高于Device A的优先级。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip 11::1
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 priority 120
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 preempt-mode delay 500
# 配置允许发布RA消息,以便Area B内主机通过RA消息学习到缺省网关地址。
[DeviceB-Vlan-interface102] undo ipv6 nd ra halt
[DeviceB-Vlan-interface102] quit
# 创建和上行接口Ten-GigabitEthernet1/0/2关联的Track项2。
[DeviceB] track 2 interface ten-gigabitethernet 1/0/2
# 配置监视Track项2,Track项的状态为Negative时,Device B在VRRP备份组2中的优先级降低的数值为50。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 track 2 priority reduced 50
[DeviceB-Vlan-interface102] quit
# 配置MSTP,将VLAN101映射到MSI 1,VLAN102映射到MSI 2,并将Device B作为MSI 2的根桥。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 101
[DeviceB-mst-region] instance 2 vlan 102
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 2 root primary
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2SwitchA的配置
# 配置MSTP,将VLAN101映射到MSI 1,激活MSTI配置,全局使能STP协议。
<L2SwitchA> system-view
[L2SwitchA] stp region-configuration
[L2SwitchA-mst-region] region-name vrrp
[L2SwitchA-mst-region] instance 1 vlan 101
[L2SwitchA-mst-region] active region-configuration
[L2SwitchA-mst-region] quit
[L2SwitchA] stp global enable
(4) L2SwitchB的配置
# 配置MSTP,将VLAN102映射到MSI 1,激活MSTI配置,全局使能STP协议。
<L2SwitchB> system-view
[L2SwitchB] stp region-configuration
[L2SwitchB-mst-region] region-name vrrp
[L2SwitchB-mst-region] instance 1 vlan 102
[L2SwitchB-mst-region] active region-configuration
[L2SwitchB-mst-region] quit
[L2SwitchB] stp global enable
(1) 配置完成后,区域A和区域B中的主机都可以ping通外网。
# 检查区域A到外网IPv6地址为30::1的主机是否可达。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\areaA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 检查区域B到外网IPv6地址为30::1的主机是否可达。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\areaB>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(2) 通过display vrrp ipv6 verbose命令查看配置后的结果。
# 查看Device A上全部IPv6 VRRP备份组的详细信息,显示Device A在VRRP备份组1中为Master设备,在VRRP备份组2中为Backup设备。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual MAC : 0000-5e00-0201
Virtual IP : FE80::20
11::1
Master IP : FE80::4
# 查看Device B上全部IPv6 VRRP备份组的详细信息,显示Device B在备份组1中为Backup设备,在备份组2中为Master设备。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3500ms left
Virtual IP : FE80::10
10::2
Virtual MAC : 0000-5e00-0202
Master IP : FE80::1
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0202
Master IP : FE80::4
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
# Device A或Device A的上行接口出现故障后,通过display vrrp ipv6 verbose命令查看Device B上备份组的详细信息。可以看到Device B抢占为备份组1的Master。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
10::2
Virtual MAC : 0000-5e00-0101
Master IP : FE80::2
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0202
Master IP : FE80::4
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
以上显示信息表示Device A或Device A的上行接口出现故障后,Device B抢占成为Master,负责转发用户的业务数据。
# 当Device A故障恢复后,显示Device A上备份组的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::4
以上显示信息表示当Device A或Device A的上行接口故障恢复后,Device A在VRRP备份组1中恢复为原来的优先级并抢占成为该备份组的Master,区域A内的主机通过Device A与外界通信。
· Device A的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 1 root primary
stp instance 2 root secondary
stp global enable
#
interface Vlan-interface101
ipv6 address fe80::1 link-local
ipv6 address 10::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 priority reduced 50
#
interface Vlan-interface102
ipv6 address fe80::3 link-local
ipv6 address 11::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
vrrp ipv6 vrid 2 virtual-ip 11::1
vrrp ipv6 vrid 2 preempt-mode delay 500
#
interface Vlan-interface4094
ipv6 address 3::101/64
undo stp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 102
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 2 root primary
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface101
ipv6 address fe80::3 link-local
ipv6 address 10::3/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
vrrp ipv6 vrid 1 preempt-mode delay 500
#
interface Vlan-interface102
ipv6 address fe80::2 link-local
ipv6 address 11::3/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
vrrp ipv6 vrid 2 virtual-ip 11::1
vrrp ipv6 vrid 2 priority 120
vrrp ipv6 vrid 2 preempt-mode delay 500
vrrp ipv6 vrid 2 track 2 priority reduced 50
#
interface Vlan-interface4094
ipv6 address 4::101/64
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 102
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 2 interface Ten-GigabitEthernet1/0/2
#
· L2Switch A的配置文件:
#
sysname L2SwitchA
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
active region-configuration
#
stp global enable
#
· L2Switch B的配置文件:
#
sysname L2SwitchB
#
stp region-configuration
region-name vrrp
instance 1 vlan 102
active region-configuration
#
stp global enable
#
如图6所示,Host A、Host B和Host C所在网络的出口处部署了三台设备。现要求使用VRRP负载均衡功能,将Device A、Device B和Device C组成一台虚拟路由器,作为局域网内主机的缺省网关。具体应用需求如下:
· 实现VRRP备份组中三台设备都可以转发报文,实现流量负载分担,充分利用网关资源;
· 当Device A、Device B或Device C自身或其上行接口出现故障时,Host A、Host B和Host C可以通过其他正常运行的设备继续通信,避免通信中断;当Device A、Device B或Device C故障恢复后,继续承担网关功能。
图6 IPv6 VRRP负载均衡模式配置组网图
· 为了使Device A优先与Device B和Device C被选举为VRRP备份组的Master设备,需要为其配置高于Device B和Device C的优先级;为了使Device B优先于Device C被选举为VRRP备份组的Master设备,需要为其配置高于Device C的优先级;
· 为了避免由于故障造成VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间;
· 在Device A、Device B和Device C上配置虚拟转发器通过Track项监视上行接口的状态。当上行接口出现故障时,降低该接口所在设备虚拟转发器的权重,以便其他设备接管该设备的转发任务,避免通信中断;
· 为了保证原Master设备故障恢复后,能再次抢占成为Master,需要配置VRRP备份组工作在抢占模式。
本举例是在S6860-CMW710-R2612版本上进行配置和验证的。
· 建议将备份组的虚拟IPv6地址和备份组中设备下行接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· IPv6 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv6 VRRP备份组中的所有路由器上配置的IPv6 VRRP版本一致,否则VRRP备份组无法正常工作。
· VRRP工作在负载均衡模式时,备份组的虚拟IPv6地址和接口的IPv6地址不能相同,否则VRRP负载均衡功能将无法正常工作。
· 当监视的上行链路出现故障时,配置的权重降低数额需保证VF Owner的权重低于失效下限,即权重降低的数额大于245,其它的虚拟转发器才能接替VF Owner成为AVF。
· 对于同一个VRRP备份组的成员设备,必须保证备份组虚拟路由器的IPv6地址配置完全一样。
· 用户在配置降低权重幅度时,需要确保降低后的优先级比VRRP备份组内其他设备的优先级要低,确保VRRP备份组内有其他设备被选为Master。
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface2] ipv6 address 1::1 64
[DeviceA-Vlan-interface2] quit
(1) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceA] vrrp ipv6 mode load-balance
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device A在VRRP备份组1中的优先级为120,高于Device B的优先级110和Device C的优先级100,以保证Device A成为Master。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 priority 120
# 配置Device A工作在抢占方式,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允许发布RA消息,以便1::/64网段内主机通过RA消息学习到缺省网关地址。
[DeviceA-Vlan-interface2] undo ipv6 nd ra halt
[DeviceA-Vlan-interface2] quit
(2) 配置Track
# 创建和Ten-GigabitEthernet1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device A的上行接口出现故障。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device A上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device A的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceA-Vlan-interface2] quit
(1) 配置接口
# 配置接口IPv6地址。
<DeviceB> system-view
[DeviceB] vlan 2
[DeviceB-vlan2] port ten-gigabitethernet 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface2] ipv6 address 1::2 64
[DeviceB-Vlan-interface2] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceB] vrrp ipv6 mode load-balance
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device B的优先级110,高于Device C的优先级100,以保证Device A出现故障时,Device B成为Master。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# 配置Device B工作在抢占方式,配置抢占延迟时间为5秒。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允许发布RA消息,以便1::/64网段内主机通过RA消息学习到缺省网关地址。
[DeviceB-Vlan-interface2] undo ipv6 nd ra halt
[DeviceB-Vlan-interface2] quit
(3) 配置Track
# 创建和Ten-GigabitEthernet1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device B的上行接口出现故障。
[DeviceB] track 1 interface ten-gigabitethernet 1/0/2
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device B上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device B的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceB-Vlan-interface2] quit
(1) 配置接口
# 配置接口IPv6地址。
<DeviceC> system-view
[DeviceC] vlan 2
[DeviceC-vlan2] port ten-gigabitethernet 1/0/1
[DeviceC-vlan2] quit
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] ipv6 address fe80::3 link-local
[DeviceC-Vlan-interface2] ipv6 address 1::3 64
[DeviceC-Vlan-interface2] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceC] vrrp ipv6 mode load-balance
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device C工作在抢占方式,配置抢占延迟时间为500厘秒。
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允许发布RA消息,以便1::/64网段内主机通过RA消息学习到缺省网关地址。
[DeviceC-Vlan-interface2] undo ipv6 nd ra halt
[DeviceC-Vlan-interface2] quit
(3) 配置Track
# 创建和Ten-GigabitEthernet1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device C的上行接口出现故障。
[DeviceC] track 1 interface ten-gigabitethernet 1/0/2
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device C上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device C的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceC-Vlan-interface2] quit
(1) 配置完成后,在Host A上可以ping通外网,通过display vrrp ipv6 verbose命令查看配置后的结果
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::1 (Local, Master)
FE80::2 (Backup)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 255
Active : local
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::2 (Local, Backup)
FE80::1 (Master)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : FE80::1
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 显示Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp ipv6 verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : FE80::1
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示在VRRP备份组1中Device A为Master,Device B和Device C 为Backup。Device A、Device B和Device C上各自存在一个AVF,并存在作为备份的两个LVF。
(2) Device A的上行接口(VLAN接口3)出现故障后
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::1 (Local, Master)
FE80::2 (Backup)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 0 Active
Config Weight : 255
Running Weight : 5
Forwarder 01
State : Initialize
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 0
Active : FE80::3
Forwarder 02
State : Initialize
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 0
Active : FE80::2
Forwarder 03
State : Initialize
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 0
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Negative Weight Reduced : 250
# 显示Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 3 Forwarders 2 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Take Over)
Owner ID : 0000-5e01-1101
Priority : 85
Active : local
Redirect Time : 93 secs
Time-out Time : 1293 secs
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 85
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示Device A的上行接口出现故障后,Device A上虚拟转发器的权重降低为5,低于失效下限。Device A上所有虚拟转发器的状态均变为Initialized,不能再用于转发。Device C成为虚拟MAC地址000f-e2ff-0011对应虚拟转发器的AVF,接管Device A的转发任务。
# Timeout Timer超时后(约1800秒后),查看Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示,Timeout Timer超时后,删除虚拟MAC地址000f-e2ff-0011对应的虚拟转发器,不再转发目的MAC地址为该MAC的报文。
(3) Device A出现故障后
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Standby Information:
Run mode : Load balance
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::2 (Local, Master)
FE80::3 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示Device A出现故障后,Device B的优先级高于Device C,将抢占成为Master。
· Device A的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::1 link-local
ipv6 address 1::1 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface vlan-interface3
#
· Device B的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::2 link-local
ipv6 address 1::2 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 110
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface vlan-interface3
#
· Device C的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::3 link-local
ipv6 address 1::3 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface vlan-interface3
#
如图7所示,Area A区域的用户(Host A和Host B)所在网络的出口处部署了两台网关设备。网关设备之间通过聚合接口相连。现要求使用VRRP主备备份功能,将这两台设备组成一台虚拟路由器,作为Area A区域用户的缺省网关。具体应用需求如下:
· 在正常情况下,由Device A承担网关功能,转发Area A区域用户发送至外网的流量;
· 当Device A的上行接口出现故障时,由Device B接替Device A承担网关功能;
· Device A的上行接口故障恢复后,由Device A继续承担网关功能。
· Device A、Device B与L2switch之间分别创建二层静态链路聚合组,用于增加Device A和Device B到用户之间的带宽,形成冗余,增强可靠性。
· Device A和Device B之间创建二层静态链路聚合组,用于当Device A的下行接口所在的聚合组Down,用户数据切换到L2switch—>Device B—>Device A链路时,增加Device B与Device A之间带宽,形成冗余,增强可靠性。
图7 VRRP单备份组配置组网图
· 为了让Device A成为Master,需要为Device A配置较高的优先级;
· 将VRRP组的抢占模式和监视上行接口状态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP组内的角色发生转变,实现主备切换;
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
· 为了避免网关设备(Device A和Device B)与二层交换机形成二层环路,使用STP协议在VRRP备份组中阻塞一个端口。
本举例是S6860-CMW710-R2612版本上进行配置和验证的。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保VRRP备份组中的所有路由器上配置的VRRP版本一致,否则备份组无法正常工作。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 对于同一个VRRP备份组的成员设备,必须保证虚拟路由器的IP地址配置完全一样。
· 用户在配置降低优先级幅度时,需要确保降低后的优先级比备份组内其他设备的优先级要低,确保备份组内有其他设备被选为Master。
· 聚合链路的两端应配置相同的聚合模式。
· 用户删除聚合接口时,系统将自动删除对应的聚合组,且该聚合组内的所有成员端口将全部离开该聚合组。
· 配置了下列功能的端口将不能加入二层聚合组:MAC地址认证(请参见“安全配置指导”中的“MAC地址认证”)、端口安全(请参见“安全配置指导”中的“端口安全”)、802.1X(请参见“安全配置指导”中的“802.1X”)、AC与交叉连接关联(请参见“MPLS配置指导”中的“MPLS L2VPN”)以及AC与VSI关联(请参见“VXLAN配置指导”中的“VXLAN”)。
(1) Device A的配置
# 创建二层聚合接口1。
<DeviceA> system-view
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] quit
# 分别将端口Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/4加入到聚合组1中。
[DeviceA] interface ten-gigabitethernet 1/0/3
[DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/3] quit
[DeviceA] interface ten-gigabitethernet 1/0/4
[DeviceA-Ten-GigabitEthernet1/0/4] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/4] quit
# 配置二层聚合接口1为Trunk端口,并允许所有的报文通过。
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan all
[DeviceA-Bridge-Aggregation1] quit
# 创建二层聚合接口2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] quit
# 分别将端口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2加入到聚合组2中。
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# 创建VLAN 2,并配置IP地址。
[DeviceA] vlan 2
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 192.168.0.2 24
[DeviceA-Vlan-interface2] quit
# 配置二层聚合接口2为Access端口,加入VLAN 2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] port link-type access
[DeviceA-Bridge-Aggregation2] port access vlan 2
[DeviceA-Bridge-Aggregation2] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为192.168.0.1。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 设置Device A在VRRP备份组1中的优先级为110,高于Device B的优先级100,以保证Device A成为Master负责转发流量。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 110
# 设置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,就由Device A负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 创建和上行接口Ten-GigabitEthernet1/0/10关联的Track项1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/10
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
# 配置MSTP,并将Device A作为MSI 1的根桥。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 2
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp global enable
(2) Device B的配置
# 创建二层聚合接口1。
<DeviceB> system-view
[DeviceB] interface bridge-aggregation 1
[DeviceB-Bridge-Aggregation1] quit
# 分别将端口Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/4加入到聚合组1中。
[DeviceB] interface ten-gigabitethernet 1/0/3
[DeviceB-Ten-GigabitEthernet1/0/3] port link-aggregation group 1
[DeviceB-Ten-GigabitEthernet1/0/3] quit
[DeviceB] interface ten-gigabitethernet 1/0/4
[DeviceB-Ten-GigabitEthernet1/0/4] port link-aggregation group 1
[DeviceB-Ten-GigabitEthernet1/0/4] quit
# 配置二层聚合接口1为Trunk端口,并允许所有的报文通过。
[DeviceB] interface bridge-aggregation 1
[DeviceB-Bridge-Aggregation1] port link-type trunk
[DeviceB-Bridge-Aggregation1] port trunk permit vlan all
[DeviceB-Bridge-Aggregation1] quit
# 创建二层聚合接口3。
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] quit
# 分别将端口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2加入到聚合组3中。
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] port link-aggregation group 3
[DeviceB-Ten-GigabitEthernet1/0/1] quit
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] port link-aggregation group 3
[DeviceB-Ten-GigabitEthernet1/0/2] quit
# 创建VLAN 2,并配置IP地址。
[DeviceB] vlan 2
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 192.168.0.3 24
[DeviceB-Vlan-interface2] quit
# 配置二层聚合接口3为Access端口,加入VLAN 2。
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] port link-type access
[DeviceB-Bridge-Aggregation3] port access vlan 2
[DeviceB-Bridge-Aggregation3] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为192.168.0.1。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 设置Device B工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置MSTP,并全局使能STP。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 2
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2switch的配置
# 创建二层聚合接口2。
<L2switch> system-view
[L2switch] interface bridge-aggregation 2
[L2switch-Bridge-Aggregation2] quit
# 分别将端口Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/4加入到聚合组2中。
[L2switch] interface ten-gigabitethernet 1/0/3
[L2switch-Ten-GigabitEthernet1/0/3] port link-aggregation group 2
[L2switch-Ten-GigabitEthernet1/0/3] quit
[L2switch] interface ten-gigabitethernet 1/0/4
[L2switch-Ten-GigabitEthernet1/0/4] port link-aggregation group 2
[L2switch-Ten-GigabitEthernet1/0/4] quit
# 创建二层聚合接口3。
[L2switch] interface bridge-aggregation 3
[L2switch-Bridge-Aggregation3] quit
# 分别将端口Ten-GigabitEthernet1/0/5和Ten-GigabitEthernet1/0/6加入到聚合组3中。
[L2switch] interface ten-gigabitethernet 1/0/5
[L2switch-Ten-GigabitEthernet1/0/5] port link-aggregation group 3
[L2switch-Ten-GigabitEthernet1/0/5] quit
[L2switch] interface ten-gigabitethernet 1/0/6
[L2switch-Ten-GigabitEthernet1/0/6] port link-aggregation group 3
[L2switch-Ten-GigabitEthernet1/0/6] quit
# 创建VLAN 2,并将聚合组2和3加入该VLAN。
[L2switch] vlan 2
[L2switch-vlan2] quit
[L2switch] interface bridge-aggregation 2
[L2switch-Bridge-Aggregation2] port access vlan 2
[L2switch-Bridge-Aggregation2] quit
[L2switch] interface bridge-aggregation 3
[L2switch-Bridge-Aggregation3] port access vlan 2
[L2switch-Bridge-Aggregation3] quit
# 配置MSTP,将VLAN2映射到MSI 1,激活MSTI配置,全局使能STP协议。
[L2switch] stp region-configuration
[L2switch-mst-region] region-name vrrp
[L2switch-mst-region] instance 1 vlan 2
[L2switch-mst-region] active region-configuration
[L2switch-mst-region] quit
[L2switch] stp global enable
(1) 配置完成后,用户主机可以ping通外网,如Host A可以ping通外网IP地址为20.1.1.1的主机。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(2) 配置完成后,使用display vrrp verbose命令查看VRRP组状态
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2950ms left
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上显示信息表示在VRRP备份组1中Device A为Master,Device B为Backup。用户流量由Device A来转发。
(3) 使用display interface Bridge-Aggregation brief查看静态二层聚合组的情况
# 显示Device A上静态聚合组的信息。
[DeviceA] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG1 UP 2G(a) F(a) A 1
BAGG2 UP 2G(a) F(a) A 2
# 显示Device B上静态聚合组的信息。
[DeviceB] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG1 UP 2G(a) F(a) A 1
BAGG3 UP 2G(a) F(a) A 2
# 显示L2switch上静态聚合组的信息。
[L2switch] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG2 UP 2G(a) F(a) A 2
BAGG3 UP 2G(a) F(a) A 2
以上信息表明静态聚合组1、2和3 的speed都为2G,Device A、Device B、L2switch之间带宽都增加了一倍,并且也增加了可靠性。
(4) Device A的上行接口(Ten-GigabitEthernet1/0/10)出现故障后,用户主机可以ping通外网,如Host A可以ping通外网IP地址为20.1.1.1的主机。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(5) Device A的上行接口(Ten-GigabitEthernet1/0/10)出现故障后,使用display vrrp verbose命令查看VRRP组状态
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 60
Preempt Mode : Yes Delay Time : 500
Become Master : 3350ms left
Auth Type : None
Virtual IP : 192.168.0.1
Master IP : 192.168.0.3
VRRP Track Information:
Track Object : 1 State : Negative Pri Reduced : 50
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.3
以上显示信息表示Device A的上行接口出现故障后,Device A的优先级降低50,低于Device B,Device B抢占成为Master,用户流量由Device B进行转发。
(6) 当Device A的上行接口故障恢复后,使用display vrrp verbose命令查看VRRP组状态
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2950ms left
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上显示信息表示Device A的上行接口故障恢复后,Device A重新抢占成为Master,Device B为Backup。用户流量由Device A来转发。
· Device A的配置文件
#
sysname DeviceA
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Vlan-interface2
ip address 192.168.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
track 1 interface Ten-GigabitEthernet1/0/10
#
· Device B的配置文件
#
sysname DeviceB
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root secondary
stp global enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Vlan-interface2
ip address 192.168.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 preempt-mode delay 500
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
· L2switch的配置文件
#
sysname L2switch
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp global enable
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Bridge-Aggregation3
port access vlan 2
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/6
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
· H3C S6860系列以太网交换机 二层技术-以太网交换配置指导-Release 26xx系列
· H3C S6860系列以太网交换机 二层技术-以太网交换命令参考-Release 26xx系列
· H3C S6860系列以太网交换机 可靠性交换配置指导-Release 26xx系列
· H3C S6860系列以太网交换机 可靠性交换命令参考-Release 26xx系列
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
