当前位置:网站首页>VRRP virtual redundancy protocol configuration
VRRP virtual redundancy protocol configuration
2022-07-25 01:58:00 【wespten】
One 、VRRP summary
VRPP(Virtual Router Redundancy Protocol) The full name is virtual router redundancy protocol , It is a fault-tolerant protocol . The protocol combines several routing devices to form a virtual routing device , The virtual router has the only virtual router in the local LAN ID And the virtual IP Address . actually , The virtual router consists of a Master Equipment and a number of Backup Equipment composition . Under normal circumstances , All business Master To undertake , All clients only need to set up and several virtual servers IP Is the gateway address . When Master Failure time ,Backup Take over the job , Switch the service to the backup router in time , In order to maintain the continuity and reliability of communication . The client does not need to make any configuration changes , No sense of failure .
VRRP Of Master The election is based on priority , The priority value range is 0-255, By default , The configuration priority is 100. On the interface, you can manually select by configuring the priority size Master equipment .
Two 、VRRP Basic configuration
Experimental topology I :
To configure OSPF
AR1:
#
interface GigabitEthernet0/0/0
ip address 172.16.2.254 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.3.254 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.2.0 0.0.0.255
network 172.16.3.0 0.0.0.255AR2:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.2.1 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255AR3:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.200 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.3.1 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.3.0 0.0.0.255When the configuration is complete , stay AR1 Check OSPF Neighborhood establishment :
Can be observed , here AR1 Already with AR2,AR3 Successfully established OSPF Neighborhood ;
To configure VRRP agreement
In order to improve the reliability of the network , The company adopts the form of double export to connect to the external network . Now the network administrator wants to realize the active and standby backup for two export gateway routers , That is, under normal circumstances , Only the main gateway works , It can automatically switch to the backup gateway in case of failure . Now configure VRRP Protocol to achieve such requirements .
stay AR2 and AR3 On the configuration VRRP Protocol creation VRRP Backup group , Specify that AR1 and AR2 In the same place VRRP In backup group ,VRRP The backup group number is 1, Configure virtual IP by 172.16.1.254. Pay attention to the virtual IP The address must be in the same network segment as the current interface .
AR2:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254AR3:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.200 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254When the configuration is complete ,PC Will use virtual router IP Address as default gateway
stay VRRP Agreement , Priority determines the role of the router in the backup group , The higher priority becomes Master.
If the priority is the same , Comparison interface IP Address size , Bigger become Master. The priority value defaults to 1000 Reserved by the system ,255 Reserved for IP Address owners use .
Now configure AR2 The priority of 120,AR3 The priority of remains the default 100 unchanged , This will make AR2 Become Master,AR3 by Backup.
AR2:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 120When the configuration is complete , stay AR2 and AR3 Check out VRRP Information .
AR2:
AR3:
It can be observed that now AR2 Of VRRP Status is Master,AR3 yes Backup. Both are in VRRP Backup group 1 in .
test PC Packet forwarding path when accessing the public network :
It can be observed that at this time, it is through AR2 forward .
verification VRRP Active standby switching
Now manually simulate network failure , take LSW1 Of E0/0/3 Interface off .
see AR2 and AR3 Of VRRP Working state :
Can be observed AR3 Become Master, Thus, users' access to the public network can be ensured , Almost imperceptible failure .
In the same way we use undo showdown stay LSW1 in , You can make AR2 Recover from failure .
Experimental topology II :
R3:
#
interface Ethernet0/0/0
ip address 124.16.8.254 255.255.255.0
#
interface Ethernet0/0/1
ip address 110.69.70.1 255.255.255.0
#
#
ip route-static 172.16.8.0 255.255.255.0 Ethernet0/0/1 110.69.70.254
#IFW1:
#
interface Ethernet0/0/0
ip address 110.69.70.2 255.255.255.0
vrrp vrid 1 virtual-ip 110.69.70.254
vrrp vrid 1 track interface GigabitEthernet0/0/0
#
#
interface GigabitEthernet0/0/0
ip address 172.16.8.2 255.255.255.0
vrrp vrid 2 virtual-ip 172.16.8.254
vrrp vrid 2 track interface Ethernet0/0/0
#
#
ip route-static 124.16.8.0 255.255.255.0 Ethernet0/0/0 110.69.70.1
#IFW2:
#
interface Ethernet0/0/0
ip address 110.69.70.3 255.255.255.0
vrrp vrid 1 virtual-ip 110.69.70.254
vrrp vrid 1 track interface GigabitEthernet0/0/0
#
#
interface GigabitEthernet0/0/0
ip address 172.16.8.3 255.255.255.0
vrrp vrid 2 virtual-ip 172.16.8.254
vrrp vrid 2 track interface Ethernet0/0/0
#
#
ip route-static 124.16.8.0 255.255.255.0 Ethernet0/0/0 110.69.70.1
#3、 ... and 、 To configure VRRP Tracking interface and authentication of
When VRRP Of Master There is a problem with the uplink interface of the device , and Master The equipment has been maintained Active state , Then it will lead to network interruption , So we must make VRRP The operation status of the can be associated with the uplink interface . In configuration VRRP In a redundant network , In order to further improve the reliability of the network , Need to be in Master Configure uplink interface monitoring on the device , Monitor the outgoing interface connected to the external network . That is, when this interface is disconnected , Automatically reduce the priority by a certain value ( This value is manually configured ), Make the reduced priority less than Backup Priority of the device , such Backup The device will preempt Master Role taking over ;
VRRP Support message authentication . By default , The device is responsible for sending and receiving VRRP The message will not be processed , I think what I received is true 、 legal VRRP message . In order to make VRRP More safe and stable operation , You can configure the VRRP Certification of .VRRP Support simple characters (Simple) Certification and MD5 authentication , The user can select the authentication method according to the security needs ;
The topology :
OSPF To configure
AR2:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.2.100 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255AR1:
#
interface GigabitEthernet0/0/0
ip address 172.16.2.254 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.3.254 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.2.0 0.0.0.255
network 172.16.3.0 0.0.0.255AR3:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.3.200 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.3.0 0.0.0.255When the configuration is complete , see AR1 Check on OSPF Neighborhood establishment .
Can be observed , here AR1 Already with AR2 and AR3 Successfully set up OSPF Neighborhood
VRRP Basic configuration
AR2:
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 120AR3:
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254When the configuration is complete , see AR2、AR3 Upper VRRP Information .
At this time, the network fails ,AR2 And internet router AR1 There is a problem with the link between .
When the configuration is complete , Check the switching between active and standby :
Observed router AR2 Of Master There is no role switching , All traffic is still sent to AR2, As a result, users cannot access the Internet at this time , Connectivity test is omitted here . namely VRRP It is impossible to switch between active and standby devices by sensing the failure of the uplink interface .
Configure uplink interface monitoring
In order to further improve the reliability and security of the network , Need to be in Master equipment AR2 On the configuration VRRP Uplink interface monitoring . When AR2 When the uplink interface of fails , Will automatically lower the priority so that Backup Equipment can preempt Master role , Take over the job , Minimize the impact of network outages .
stay AR1 On the recovery G0/0/0 Interface , And in AR2 Configure uplink interface monitoring on . Monitor the uplink interface G0/0/0, When this interface is broken , Crop priority 50, Change priority to 70, Less than AR3 The priority of the 100.
When the configuration is complete , close AR1 Of G0/0/0 Interface simulation failure occurs , And check the switching between active and standby .
Can be observed , When AR2 The status of the specified interface monitored on is DOWN when ,VRRP The priority is cut out 50, Turn into 70, Smaller than router AR3 The priority of the 100, because AR3 Of VRRP The default is preemption mode , So it becomes Backup, from AR3 Become the new Master And continue the forwarding of the network . By default , When the monitored interface changes to DOWN when ,VRRP The value of priority is reduced 10.
stay AR2 and AR3 On the configuration VRRP authentication
stay AR2 and AR3 Yes VRRP Virtual group 1 Configure interface authentication , The authentication method is MD5, The password for huawei.
Pay attention to the configuration VRRP Message authentication , same VRRP The backup group must be authenticated in the same way , otherwise Master Equipment and Backup The device failed to negotiate .
When the configuration is complete , see .
Can be observed , Configuration of authentication mode succeeded .
Four 、 To configure VRRP Backup group
When VRRP When configured as a single backup group , The business is all handled by Master The equipment bears , and Backup The device is completely idle , Underutilized .
VRRP Load sharing can be achieved by configuring multiple backup groups , This problem has been solved effectively .
VRRP Allow the same interface of the same device to join multiple interfaces VRRP Backup group , There are different priorities in different backup groups , Make each backup group Master The equipment is different , That is to establish multiple virtual gateway routers . Each host can use different virtual group routers as gateway exits , In this way, we can share the data flow and back up each other , Make full use of the resources of each device .
VRRP In the priority value range of ,255 It's reserved for IP Used by the address owner , When one VRRP Physical router interface IP Address and virtual router IP The address is the same , This router is called virtual IP Address owner ,VRRP Priority is automatically set to 255; priority 0 It's also a special value , When Master Device delete VRRP Configuration stop VRRP when , Priority will be sent 0 Of VRRP Message notification Backup equipment , When Backup After receiving the message , Immediately from Backup The state changes to Mastup state .
The topology :
OSPF To configure
AR1:
#
interface GigabitEthernet0/0/0
ip address 172.16.2.254 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.3.254 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.2.0 0.0.0.255
network 172.16.3.0 0.0.0.255
AR2:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.2.254 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.2.0 0.0.0.255AR3:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.200 255.255.255.0
#
interface GigabitEthernet0/0/1
ip address 172.16.3.1 255.255.255.0
#
interface NULL0
#
ospf 1
area 0.0.0.0
network 172.16.1.0 0.0.0.255
network 172.16.3.0 0.0.0.255After we finish the basic configuration , See if you can ping through .
To configure VRRP Dual backup group
In order to improve the reliability of the network , The company adopts double export .
AR2:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 120AR3:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.200 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254After the configuration is completed, view VRRP Information :
Can be observed ,AR2 As group 1 Of Master,AR3 by Backup.
AR2:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.100 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 1 priority 120
vrrp vrid 2 virtual-ip 172.16.1.253AR3:
#
interface GigabitEthernet0/0/0
ip address 172.16.1.200 255.255.255.0
vrrp vrid 1 virtual-ip 172.16.1.254
vrrp vrid 2 virtual-ip 172.16.1.253
vrrp vrid 2 priority 120When the configuration is complete , see VRRP Information :
Can be observed AR3 As group 2 Of Master,AR2 by Backup.
Can be observed , We realized the need of network optimization .
verification VRRP Preemption feature
In the virtual group 2 in AR3 by Master Router , The priority for 120. Now the virtual group 2 Revision in China AR2 The preemptive mode of is non preemptive ( The default is preemption ), And change the priority to 200, Greater than AR3 The priority of the .
AR2:
Can be observed , Even though AR2 The configuration priority of is greater than AR3, And the final running priority is also greater than AR3, But because of AR2 Right and wrong preemption mode ,AR2 Will not preempt to become Master.
Configure virtual IP The owner
In the virtual group 1 in ,AR2 The configuration priority of is 120,AR3 The configuration priority of is the default 100,AR2 The virtual group is temporary 1 Of Master Router . Now the network administrator in order to ensure AR2 In the virtual group 1 Always be Master, stay AR2 Of G0/0/0 Modify on the interface IP The address is 172.16.1.254/24, such AR2 Becomes the virtual of the virtual group IP Address owner .
see AR2 Upper VRRP Information .
Can be observed ,, although AR2 In the virtual group 1 The configuration priority of is 120, But it's becoming virtual IP After the address owner , Its operation priority is 255, higher than AR3 The priority of the 254, therefore AR3 Can't preempt to become a member of this group Master, This again verifies Master The election and preemption of are the priority of comparison .
边栏推荐
- Commonjs export import
- SAP Spartacus - progressive web applications, progressive web applications
- 2022.7.20 linear table
- Eolink - quickly develop interfaces through document driven
- Resolution of multi thread conflict lock
- Cloud native platform, let edge applications play out!
- Detailed explanation of the principles and differences between static pages and dynamic pages
- "Nowadays, more than 99.9% of the code is garbage!"
- The introduction of 23 Filipino doctors for 18million was a hot topic, and the school teacher responded: expedient
- [26. String hash]
猜你喜欢
Standard transfer function
Summary of the most complete MySQL data types in history (Part 2)
Speed comparison between 64 bit width and 32 bit width of arm64 memory
Deep understanding of string class
Several schemes of traffic exposure in kubernetes cluster
6-11 vulnerability exploitation - use the built environment to send emails
Win10 configuring CUDA and cudnn
Digital power supply -- Chapter 1
The cloud ecology conference comes with the "peak"!
MySQL advanced (13) command line export import database
随机推荐
The solution of displaying garbled code in SecureCRT
[29. DFS depth is preferred]
Take C language from 0 to 1 - program structure and use examples
Boutique solution | Haitai cloud password application service solution to create secure and compliant Cloud Applications
"Nowadays, more than 99.9% of the code is garbage!"
About the relationship between parent process and child process (UAC bypass idea)
Common functional interfaces_ Predicate interface_ Default method and and predicate interface exercise_ Set interface filtering
Multithreading and high concurrency (II) -- synchronized locking and unlocking process
Freedom and self action Hegel
Focus on improving women's and children's sense of gain, happiness and security! In the next ten years, Guangzhou Women's and children's undertakings will make such efforts
[linear DP] Digital triangle
Seven text editors that programmers should know are necessary for programming
Agreement on sharing agricultural scientific data in China
PG Optimization -- execution plan
Eolink - quickly develop interfaces through document driven
Origin and development of philosophy Hegel external historical form
Jsonp solves cross domain plug-ins (JS, TS)
Plug ins QRcode and ityped
Harbor installation
10 commonly used data visualization tool software