标签:功能 weight 引擎 先来 bottom 可靠 failure 默认网关 协议
2.5-冗余VLAN
High-Availability(AH)
First hop routers on the LAN redundancy Network/首跳冗余网络(出口第一个网络):
建立:Fault-tolerant/容错网络
避免:Single Points of Failure/单点失效
A:网络拓扑冗余(成本最高的):
B:硬件的冗余:
交换引擎的冗余,电源冗余,线卡(大模块,高端设备用)冗余,风扇冗余,线路冗余,ISP冗余(电信和网通,而且出口要不同)。
C:软件/协议的冗余:
HSRP(RFC2281)
VRRP(RFC2383)
GLBP(Gateway Load Balancing Protocol)
LAB1:Default gateway(不运行代理ARP)
step1:
PC4(config)#ip default-gateway 192.168.1.2(设定默认网关)
PC5(config)#ip default-gateway 192.168.1.3
step2:
关闭两个出口路由器R2/3,的内口(以太口)的代理ARP:
R2/3(CONFIG)#INT E0
NO IP PROXY-ARP
SHOW IP INT E 0
...PROXY ARP IS DISABLED
STEP3:在外网运行动态路由协议RIP:
R1/2/3#
ROUTER RIP
VER 2
NO AUTO
R1:NET 1.0.0.0/12.0.0.0/13.0.0.0
R2:NET 12.0.0.0
R3:NET 13.0.0.0
SHO IP ROUTE RIP
R1:DEBUG IP PACKET
R4:PING 1.1.1.1
R1:UN ALL
STEP4:R2/3上,做NAT:(基于NAT路由器外口地址的端口复用)
4-1:定义内网的用户群:
ACCESS-LIST 1 PERMIT 192.168.1.0 0.0.0.255
4-2:定义NAT的内口/外口:
int s 0
ip nat outside
int e 0
ip nat inside
4-3:进行基于NAT路由器外口地址的端口复用:
ip nat inside source list 1 interface serial 0 overload
step 5:
观察指定默认网关的单点失效。
pc4:ping 1.1.1.1 !!!!! <control>+<shief>+<6>终止ping
r1:int s 0
shut
ping 1.1.1.1 .....
LAB2:Proxy ARP/代理ARP:
The client uses ARP to get the destination it wants to reach,
and a router will respond to the ARP request with its own MAC address.
step 1:
PC主机上,无需配置网关:
pc4/5# no ip default-gateway
r2/3#int e 0
ip proxy-arp
step 3:
PC4/5#
show arp
clear arp-cache (windows:arp -d)
debug arp
r2 mac:x.x.c4d3
r3 mac:x.x.9dcc
r4可以从r2或者r3走,但是只会有一个ARP映射产生,后来的会覆盖先来的。
step4:观察通过代理ARP实现的冗余网络,是不满足高可靠性的要求的。
First-Hop redundancy Protocol(FHRP)首跳冗余
active router & stand by router
在LAN用第一跳构建冗余网络(First hop routers on the LAN Redundancy Network):
建立:容错网络(Fault-tolerant);
避免:单点失效(Single Points of Failure)。
硬件冗余:
1:拓扑冗余;
2:交换引擎的冗余、电源冗余、线卡冗余、风扇冗余、线路冗余。
软件/协议的冗余:
HSRP(RFC2281);c
VRRP(RFC2383);
IRDP(RFC1256);
GLBP(Gateway Load Balancing Protocol);
SRM(Single Router Mode);
SLB(Server Load Balancing)。
冗余VLAN的近似通用配置:
1 配置虚拟路由器
2 配置优先级
3 配置抢占路由器
Routing protocol (路由协议):
The client listens to dynamic routing protocol updates(for example,from IGP RIP/OSPF )And forms its own routing table 。
IRDP(ICMP Router Discovery Protocol):
IRDP client-the client runs an ICMP(Internet Control Message Protocol) router discovery client ;
缺陷:网络收敛性较慢;而且兼容性差→受限于主机的操作系统→少有操作系统支持!
热备份路由协议HSRP(Hot Standby Router Protocol):
HRSP是CISCO私有的,特点是收敛快;
The HSRP(Hot Standby Router Protocol) is a FHRP(First-Hop Redundancy Protocol),Designed to allow for transparent fail-over of the first-hop IP router 。
HSRP provides high network availability by providing first-hop routing redundancy for IP hosts on Ehernet, with a default gateway IP address.
VRRP(Virtual Router Redundancy Protocol):
VRRP是业界标准;其组播地址是:224.0.0.18 ;
配置命令:(c)#Interface Ethernet 1/0 →Ip address 192.168.1.2 255.0.0.0 →Vrrp 1 description VL-1 →Vrrp 1 priority 100 →Vrrp 1 preempt →Vrrp 1 ip 192.168.2.100 →Vrrp 1 authentication cisco(认证)→Vrrp 1 timers advertise 2(作用类似于Hello包)。
GLBP(Gateway Load Balancing Protocol):
GLBP是CISCO私有的协议,和它竞争的是HSRP和VRRP;GLBP使用的组播地址是:224.0.0.12 ;
The advantage of GLBP is that it additionally provides load balancing over multiple routers(gateways) using a single virtual ip address and multiple virtual MAC addresses;
配置命令:Interface fastethernet 0/0 →Ip address 10.21..8.32 255.255.255.0 →Glbp 10 priority 100 →Glbp 10 preempt →Glbp 10 ip 10.0.0.1 。
----------------------------------------------------------------------------
LAB1:Deafualt Gateway:
STEP1:按图构建拓朴:
要在边界路由器面向PC的接口(R2/R3的E0)关闭自动ARP否则会自动构建Deafault-Gateway无法达到实验要求:int e0 →no ip proxy-arp ;
STEP2:配置Deafault-Gateway:
Deafault-Gateway的特点是配置简单和单点失效,其配置在主机(R4/R5)上完成:
(c)#no ip routing →ip default gateway 192.168.1.2 ;
STEP3:要在边缘路由器(R2/R3)运行NAT:
(c)#access-list 1 permint 192.168.1.0 0.0.0.255(首先定义要进行NAT的网段)→int s0 →ip nat outside →int e0 →ip nat inside(接着定义NAT的内/外口)→ip nat inside source list 1 int s0 overload(最后进行NAT转换并端口复用);
然后测试,在PC4和PC5上ping通R1:断开一边后另外一边仍然是通的,而且断开边的PC也不会走另一条链路;得到结论:无法检测到设备/链路故障,有可能导致单点失效。
---------
-------------------------------------------------------------------
LAB2:代理ARP:
STEP1:接上个实验:
ARP的欺骗:the client uses ARP(Address Resolution Protocol) Toget the destingation it wants to reach , and a router will respond to the ARP request with its own MAC address ;
PC上无需配置网关:(c)#no ip default-gateway;
STEP2:在网关路由器上启动ARP(默认启动但是刚刚关了):
(c)#int e0 →ip proxy-arp ;
STEP3:测试ARP的运作:
分别在PC4/PC5 上ping1.1.1.1进行测试;
清理ARP进程的命令:#clear arp-cache 。
----------------------------------------------------------------------------
LAB3:构建HSRP:
STEP1:构建拓朴:
要关掉ARP;
STEP2:配置虚拟路由VR:
在R2/R3上:(c)#in e0 →standby 1 ip 192.168.1.100(定义虚拟路由器/网关的IP) →standby 1 priority 105(定义HSRP优先级控制active竞选,默认100,R3取默认值) →standby 1 preempt(指定抢占竞选模式:优先级髙的路由成为active) ;
STEP3:在内网指定VR为默认网关:
ip default gateway 192.168.1.100
STEP4:查看HSRP的状态:
用#sh standby brief查看;在PC4/PC5上ping1.1.1.1 ;
STEP5:查看协商状态:
#debug standby后第一次ping;注意清理ARP表#clear arp-cache ;
STEP6:跟踪HSRP路由器的外口:
在R2/R3上:(c-i)#standby 1 track s0(跟踪外口:外口断了路由器能检测到,而且能自动切换链路);
STEP7:其他命令:
(c-i)#standby 1 authentication 123 (HSRP的认证);
(c-i)#standby 1 mac-address 00c0.abcd.1234 ;
(c-i)#standby 1 name vlan-eng ;
(c-i)#standby 1 timers 3 10 。
上课笔记:LAB:HSRP
STEP 1:关闭R2/3的代理ARP功能:
int e 0
no ip proxy-arp
step2:构建一个虚拟路由器在内网指定VR为默认网关(R2/3共同维护)
r2为Active网关,r3为standby网关
2-1:
r2/3:standby 1(组号)name vr-1
standy 1 ip 192.168.1.100(定义虚拟路由器/网关的IP)
2-2:定义参与HSRP的路由器的优先级:
int e 0
r3:standby 1 priority 100 (默认100)
r2:standby 1 priority 105(定义HSRP优先级,越高越可能成为Active Router)
2-3:HSRP抢占:
R2/3(CONFIG-IF)#standby 1 preempt(抢占:谁的优先级高,谁就Active)ospf DR选举无抢占性
step3:PC4,指定VR-1为默认网关:
PC4(config)#ip default-gateway 192.168.1.100(指定虚拟路由器为网关)
step4:观察HSRP的简要工作状态:
r2/3#show standby brief 可以查看谁是ACTIVE谁是STANDBY
ping 192.168.1.100 !!!!!
step5:观察HSRP的切换:
r2/3#debug standby
pc4 ping 1.1.1.1
关闭以太网,内口(e0)--没问题,可以切换后正常通信。
standby hello包为每三秒一次,r3三次没收到r2 hello包就吧自己转换为active,所以会有五个包的lost,平均两秒一个包。
关闭串口,外口(s0)--有问题,standby路由器因为正常收到r2 hello包,所以不转发数据,而r1这时关闭了与r2的串口连接。
step6:跟踪HSRP路由器的外口:
r2/3(config)#int e 0 在e0口做
r2/3(config-if)#standby 1 track serial 0
跟踪本路由器的外口:
如果外口失效,本机自动将自己的HSRP优先级默认减10。
线路恢复正常后HSRP优先级自动增加10,r2会迅速从standby变成active,甚至不会丢包。
step 7:Advanced HSRP
r2/3(config-if)#standby 1 authentication 123(HSRP的认证)
r2/3(config-if)#standby 1 MAC-address 00C0.1234.ABCD(指定虚拟MAC)
r2/3(config-if)#standby 1 timers 3(hello包) 10(超时)
LAB:不同子网(VLAN)间的负载均衡:(R2600)
r2:
int e 0/0.10
en dot1q 10
ip add 192.168.10.2 255.255.255.0
standby 10 ip 192.168.10.100
standby 10 ip priority 105
standby 10 ip preempt
standby 10 name vr-10
standby 10 track s 0/0
int e 0/0.20
en dot1q 20
ip add 192.168.20.2 255.255.255.0
standby 20 ip 192.168.20.100
standby 20 ip priority 100
standby 20 ip preempt
standby 20 name vr-20
standby 20 track s 0/0
r3:
int e 0/0.10
en dot1q 10
ip add 192.168.10.3 255.255.255.0
standby 10 ip 192.168.10.100
standby 10 ip priority 100
standby 10 ip preempt
standby 10 name vr-10
standby 10 track s 0/0
int e 0/0.10
en dot1q 10
ip add 192.168.20.3 255.255.255.0
standby 20 ip 192.168.20.100
standby 20 ip priority 105
standby 20 ip preempt
standby 20 name vr-20
standby 20 track s 0/0
更先进的拓扑(看2-13图)
sw1:
int vlan10
ip add 192.168.10.1 255.255.255.0
standby 10 ip 192.168.10.100
standby 10 ip priority 105
standby 10 ip preempt
standby 10 name vr-10
int vlan20
ip add 192.168.20.1 255.255.255.0
standby 20 ip 192.168.20.100
standby 20 ip priority 100
standby 20 ip preempt
standby 20 name vr-20
sw2:
int vlan10
ip add 192.168.10.3 255.255.255.0
standby 10 ip 192.168.10.100
standby 10 ip priority 100
standby 10 ip preempt
standby 10 name vr-10
int vlan20
ip add 192.168.20.3 255.255.255.0
standby 20 ip 192.168.20.100
standby 20 ip priority 105
standby 20 ip preempt
standby 20 name vr-20
VRRP:原理与HSRP一样
ra#int e 0
ip add 192.168.1.3 255.255.255.0
vrrp 1 description vr-1
vrrp 1 priority 105
vrrp 1 preempt
vrrp 1 ip 192.168.1.100
rb#int e 0
ip add 192.168.1.2 255.255.255.0
vrrp 1 description vr-1
vrrp 1 priority 100
vrrp 1 preempt
vrrp 1 ip 192.168.1.100
GLBP:(CISCO私有)(Gateway load balancing protocol)
The advantage of GLBP is that it additionally provides load balancing over multiple routers(gateways), mapping a single virtual ip address to multiple virtual MAC addresses;
ra#int fa 0/0
ip add 192.168.10.2 255.255.255.0
glbp 10 priority 105
glbp 10 preempt
glbp 10 ip 192.168.10.100
rb#int fa 0/0
ip add 192.168.10.3 255.255.255.0
glbp 10 priority 100
glbp 10 preempt
glbp 10 ip 192.168.10.100
-------------------------------------------------------------------------
LAB4:HSRP:
STEP1:构建拓朴:
要关掉ARP;
STEP2:配置虚拟路由VRA:
在边界路由器的接口上配置HSRP的虚拟路由A:
在R2上:(c)#in e0 →standby 1 name VR-A →standby 1 priority 105 preempt →standby 1 ip 192.168.1.100 →standby 1 track s0 ;
在R3上:(c)#in e0 →standby 1 name VR-A →standby 1 priority 100 preempt →standby 1 ip 192.168.1.100 →standby 1 track s0 ;
注意优先级;
STEP2:配置虚拟路由VRB:
在边界路由器的接口上配置HSRP的虚拟路由B:
在R2上:(c)#in e0 →standby use-bia(启动多个组)→standby 2 name VR-B →standby 2 priority 100 preempt →standby 2 ip 192.168.1.200 →standby 2 track s0 ;
在R2上:(c)#in e0 →standby use-bia(启动多个组)→standby 2 name VR-B →standby 2 priority 105 preempt →standby 2 ip 192.168.1.200 →standby 2 track s0 ;
STEP3:在不同的分组用户中指定不同的VR作为网关:
PC4(config)#ip default-gateway 192.168.1.100 ;
PC5(config)#ip default-gateway 192.168.1.200 。
----------------------------------------------------------------------------
LAB5:不同子网(vlan)间的负载均衡(R2600)
其他同:
R1(config)#in e0/0 ;
no shut ;
int e0/0.10 ;
en dot1q 10 ;
ip add 192.168.10.1 255.255.255.0 ;
standby 10 ip 192.168.10.100 ;
standby 10 priority 105 ;
standby 10 preempt ;
standby 10 name VR-10 ;
standby 10 track s0/0 ;
in e0/0.20 ;
en dot1q 20 ;
ip add 192.168.10.1 255.255.255.0 ;
standby 20 ip 192.168.20.100 ;
standby 20 preempt ;
standby 20 name VR-20 ;
standby 20 track s0/0 。
2.5-冗余VLAN
标签:功能 weight 引擎 先来 bottom 可靠 failure 默认网关 协议
原文地址:http://www.cnblogs.com/sanyuanempire/p/6155133.html
