• 产品与解决方案
  • 行业解决方案
  • 服务
  • 支持
  • 合作伙伴
  • 新华三人才研学中心
  • 关于我们

10-可靠性配置举例

目录

01-S12500_VRRP典型配置举例

本章节下载 01-S12500_VRRP典型配置举例  (362.64 KB)

docurl=/cn/Service/Document_Software/Document_Center/Switches/Catalog/S12500/S12500/Configure/Typical_Configuration_Example/H3C_S12500-R7129-6W100/10/201309/796632_30005_0.htm

01-S12500_VRRP典型配置举例


1  简介

本文档介绍了VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)的配置举例。

设备支持两种模式的VRRP:

·     标准协议模式:基于RFC实现的VRRP。备份组中只有Master路由器可以转发报文,Backup路由器处于监听状态,无法转发报文。

·     负载均衡模式:在标准协议模式的基础上实现了负载均衡功能,只需创建一个备份组,就可以实现备份组中的每台路由器都能转发流量。

除了负载均衡模式,用户还可以创建多个标准备份组实现负载分担。这种方式下,需要将设备在一个备份组中配置为Master设备,在其他备份组中配置为Backup设备,并且为局域网内的主机分配不同的备份组作为网关。

2  配置前提

本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。

本文假设您已了解VRRP特性。

3  IPv4 VRRP单备份组配置举例

3.1  组网需求

图1所示,在承担网关功能的Switch A和Switch B上分别配置组号相同的VRRP备份组,用户IPv4网络中的主机将VRRP备份组作为缺省网关。要求满足如下需求:

·     Switch A是VRRP备份组中的Master设备,用户网络的主机在正常情况下优先从Switch A访问外网。当Switch A故障时,Switch B能够成为Master设备,承担转发任务。

·     当Switch A连接上行链路的接口故障时,用户网络中的主机能够从Switch B访问外网。

·     配置MSTP避免Switch A、Switch B和L2 Switch之间存在的环路问题,并指定Master设备为根桥。

图1 IPv4 VRRP单备份组配置组网图

3.2  配置思路

·     为了保证用户网络在正常情况下优先从Switch A访问外网,可以设置Switch A在备份组中具有更高的优先级,即保证Switch A优先作为备份组的Master设备。本例中将Switch A的优先级配置为120,Switch B使用缺省优先级100。

·     Switch A连接上行链路的接口出现故障时,备份组无法感知上行链路接口的故障,这将导致用户网络内的主机无法访问外部网络。可以在Switch A上配置Track项监视上行接口,当Switch A连接上行链路的接口处于Down或Removed状态时,Switch A主动降低自己的优先级,使得备份组内的Switch B优先级高于Switch A,Switch B能够成功抢占成为Master,承担转发任务。

3.3  使用版本

本举例是在S12500-CMW710-R7129版本上进行配置和验证的。

3.4  配置注意事项

·     建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。

·     设备在某个备份组中作为IP地址拥有者(接口IP地址与虚拟IP地址相同的设备被称为IP地址拥有者)时,如果在该设备上配置该备份组监视指定的Track项,则该配置不会生效。该路由器不再作为IP地址拥有者后,监视功能的配置才会生效。

·     IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则备份组无法正常工作。

3.5  配置步骤

3.5.1  配置Switch A

# 配置VLAN 101。

<SwitchA> system-view

[SwitchA] vlan 101

[SwitchA-vlan101] port Gigabitethernet 2/0/1

[SwitchA-vlan101] port Gigabitethernet 2/0/24

[SwitchA-vlan101] quit

[SwitchA] interface GigabitEthernet 2/0/1

[SwitchA-GigabitEthernet2/0/1] undo shutdown

[SwitchA-GigabitEthernet2/0/1] quit

[SwitchA] interface GigabitEthernet 2/0/24

[SwitchA-GigabitEthernet2/0/24] undo shutdown

[SwitchA-GigabitEthernet2/0/24] quit

[SwitchA] interface vlan-interface 101

[SwitchA–Vlan-interface101] undo shutdown

[SwitchA-Vlan-interface101] ip address 10.0.0.2 24

[SwitchA–Vlan-interface101] quit

# 配置VLAN 4094。

[SwitchA] vlan 4094

[SwitchA-vlan4094] port Gigabitethernet 2/0/2

[SwitchA-vlan4094] quit

[SwitchA] interface GigabitEthernet 2/0/2

[SwitchA-GigabitEthernet2/0/2] undo shutdown

[SwitchA-GigabitEthernet2/0/2] quit

[SwitchA] interface vlan-interface 4094

[SwitchA–Vlan-interface4094] undo shutdown

[SwitchA-Vlan-interface4094] ip address 100.0.0.2 24

[SwitchA-Vlan-interface4094] quit

 # 创建VRRP备份组1,并配置备份组1的虚拟IP地址为10.0.0.1。

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1

# 配置Switch A在备份组1中的优先级为120。

[SwitchA-Vlan-interface101] vrrp vrid 1 priority 120

[SwitchA-Vlan-interface101] quit

# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。

[SwitchA] track 1 interface Vlan-interface 4094

# 配置备份组1监视Track项1,当Track项的状态为Negative时,降低Switch A在备份组中的优先级。

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] vrrp vrid 1 track 1 reduced 255

[SwitchA-Vlan-interface101] quit

# 配置MSTP。

[SwitchA] stp region-configuration

[SwitchA-mst-region] region-name vrrp

[SwitchA-mst-region] instance 1 vlan 101

[SwitchA-mst-region] active region-configuration

[SwitchA-mst-region] quit

[SwitchA] stp instance 1 root primary

[SwitchA] stp global enable

3.5.2  配置Switch B

# 配置VLAN 101。

<SwitchB> system-view

[SwitchB] vlan 101

[SwitchB-vlan101] port Gigabitethernet 3/0/1

[SwitchB-vlan101] port Gigabitethernet 3/0/24

[SwitchB-vlan101] quit

[SwitchB] interface GigabitEthernet 3/0/1

[SwitchB-GigabitEthernet3/0/1] undo shutdown

[SwitchB-GigabitEthernet3/0/1] quit

[SwitchB] interface GigabitEthernet 3/0/24

[SwitchB-GigabitEthernet3/0/24] undo shutdown

[SwitchB-GigabitEthernet3/0/24] quit

[SwitchB] interface Vlan-interface 101

[SwitchB-Vlan-interface101] undo shutdown

[SwitchB-Vlan-interface101] ip address 10.0.0.3 24

[SwitchB-Vlan-interface101] quit

# 配置VLAN 4094。

[SwitchB] vlan 4094

[SwitchB-vlan4094] port Gigabitethernet 3/0/2

[SwitchB-vlan4094] quit

[SwitchB] interface GigabitEthernet 3/0/2

[SwitchB-GigabitEthernet3/0/2] undo shutdown

[SwitchB-GigabitEthernet3/0/2] quit

[SwitchB] interface Vlan-interface 4094

[SwitchB-Vlan-interface4094] undo shutdown

[SwitchB-Vlan-interface4094] ip address 100.0.0.3 24

[SwitchB-Vlan-interface4094] quit

# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为10.0.0.1。

[SwitchB] interface Vlan-interface 101

[SwitchB-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1

[SwitchB-Vlan-interface101] quit

# 配置MSTP。

[SwitchB] stp region-configuration

[SwitchB-mst-region] region-name vrrp

[SwitchB-mst-region] instance 1 vlan 101

[SwitchB-mst-region] active region-configuration

[SwitchB-mst-region] quit

[SwitchB] stp global enable

3.5.3  配置L2 Switch

配置MSTP,配置方法同Switch B。

3.6  验证配置

(1)     配置完成后,Host A和Host B都可以ping通外网。

(2)     通过display vrrp verbose命令查看配置后的结果。

# 查看Switch A上全部IPv4 VRRP备份组的详细信息,显示Switch A在备份组1中为Master设备。

[SwitchA] display vrrp verbose

IPv4 Virtual Router Information:

     Running  Mode       : Standard

Total number of virtual routers : 1

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.0.0.1

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.0.0.2

   VRRP Track Information:

     Track Object: 1             State : Positive        Pri Reduced : 255

# 查看Switch B上全部IPv4 VRRP备份组的详细信息,显示Switch B在备份组1中为Backup设备。

[SwitchB] display vrrp verbose

IPv4 Virtual Router Information:

     Running  Mode       : Standard

Total number of virtual routers : 1

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.0.0.1

     Master IP      : 10.0.0.2

# 查看L2 Switch上的MSTP状态,显示与Backup(Switch B)相连的端口被阻塞。

<L2Switch> display stp instance 1 brief

 MSTID      Port                         Role  STP State     Protection

   1        GigabitEthernet3/0/1         ROOT  FORWARDING    NONE

   1        GigabitEthernet3/0/2         ALTE  DISCARDING    NONE

# Switch A出现故障或者被监视的上行VLAN接口down后,通过display vrrp verbose命令查看Switch B上备份组的详细信息。可以看到Switch B抢占为Master

[SwitchB] display vrrp verbose

IPv4 Virtual Router Information:

     Running Mode       : Standard

Total number of virtual routers : 1

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.0.0.1

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.0.0.3

3.7  配置文件

·     Switch A:

#

vlan 101

#

vlan 4094

#

stp region-configuration

 region-name vrrp

 instance 1 vlan 101

 active region-configuration

#

 stp instance 1 root primary

 stp global enable

#

interface Vlan-interface101

 ip address 10.0.0.2 255.255.255.0

 vrrp vrid 1 virtual-ip 10.0.0.1

 vrrp vrid 1 priority 120

 vrrp vrid 1 track 1 reduced 255

#

interface Vlan-interface4094

 ip address 100.0.0.2 255.255.255.0

#

interface GigabitEthernet2/0/1

 port link-mode bridge

 port access vlan 101

#

interface GigabitEthernet2/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet2/0/24

 port link-mode bridge

 port access vlan 101

#

track 1 interface Vlan-interface 4094

#

·     Switch B:

#

vlan 101

#

vlan 4094

#

stp region-configuration

 region-name vrrp

 instance 1 vlan 101

 active region-configuration

#

stp global enable

#

interface Vlan-interface101

 ip address 10.0.0.3 255.255.255.0

 vrrp vrid 1 virtual-ip 10.0.0.1

#

interface Vlan-interface4094

 ip address 100.0.0.3 255.255.255.0

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 101

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/24

 port link-mode bridge

 port access vlan 101

#

4  IPv4 VRRP多备份组负载分担配置举例

4.1  组网需求

图2所示,S在承担网关功能的Switch A和Switch B上分别配置两个VRRP备份组,区域A用户将VRRP备份组1作为缺省网关,区域B用户将VRRP备份组2作为缺省网关。要求满足如下需求:

·     Switch A是VRRP备份组1中的Master设备,Switch B是VRRP备份组2中的Master设备。在正常情况下,区域A用户通过Switch A进行数据转发,区域B用户通过Switch B进行数据转发。当一台网关设备出现故障时,另一台网关设备能够承担受影响区域内主机流量的转发任务。

·     当备份组中的Master设备连接上行链路的接口故障时,受影响区域内的主机仍然可以通过另一台网关设备访问外部网络。

·     配置MSTP多实例避免Switch A、Switch B和L2 Switch之间存在的环路问题,并使得各实例中均以Master设备为根桥。

图2 IPv4 VRRP多备份组负载分担配置组网图

 

4.2  配置思路

·     为了保证Switch A优先作为备份组1的Master设备,设置Switch A在备份组1中具有更高的优先级(本例中Switch A在备份组1中的优先级配置为120,Switch B使用缺省优先级100);为了保证Switch B优先作为备份组2的Master设备,设置Switch B在备份组2中具有更高的优先级(本例中Switch B在备份组2中的优先级配置为120,Switch A使用缺省优先级100)。

·     Master设备连接的上行链路的接口出现故障时,备份组无法感知上行链路接口的故障,这将导致用户网络内的主机无法访问外部网络。可以分别在两个VRRP备份组中的Master设备上配置Track项监视上行接口,当Master设备连接上行链路的接口处于Down或Removed状态时,Master设备主动降低自己的优先级,使得备份组内的Backup设备优先级高于Master设备,从而能够成功抢占成为Master,承担转发任务。

4.3  使用版本

本举例是在S12500-CMW710-R7129版本上进行配置和验证的。

4.4  配置注意事项

·     建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。

·     设备在某个备份组中作为IP地址拥有者时,如果在该设备上配置该备份组监视指定的Track项,则该配置不会生效。该路由器不再作为IP地址拥有者后,监视功能的配置才会生效。

·     IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则备份组无法正常工作。

4.5  配置步骤

4.5.1  配置Switch A

# 配置VLAN 101。

<SwitchA> system-view

[SwitchA] vlan 101

[SwitchA-vlan101] port Gigabitethernet 2/0/1

[SwitchA-vlan101] quit

[SwitchA] interface GigabitEthernet 2/0/1

[SwitchA-GigabitEthernet2/0/1] undo shutdown

[SwitchA-GigabitEthernet2/0/1] quit

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] undo shutdown

[SwitchA-Vlan-interface101] ip address 10.0.0.2 24

[SwitchA-Vlan-interface101] quit

# 配置VLAN 102。

[SwitchA] vlan 102

[SwitchA-vlan102] port Gigabitethernet 2/0/3

[SwitchA-vlan102] quit

[SwitchA] interface GigabitEthernet 2/0/3

[SwitchA-GigabitEthernet2/0/3] undo shutdown

[SwitchA-GigabitEthernet2/0/3] quit

[SwitchA] interface vlan-interface 102

[SwitchA-Vlan-interface102] undo shutdown

[SwitchA-Vlan-interface102] ip address 11.0.0.2 24

[SwitchA-Vlan-interface102] quit

# 配置VLAN 4094。

[SwitchA] vlan 4094

[SwitchA-vlan4094] port Gigabitethernet 2/0/2

[SwitchA-vlan4094] quit

[SwitchA] interface GigabitEthernet 2/0/2

[SwitchA-GigabitEthernet2/0/2] undo shutdown

[SwitchA-GigabitEthernet2/0/2] quit

[SwitchA] interface vlan-interface 4094

[SwitchA-Vlan-interface4094] undo shutdown

[SwitchA-Vlan-interface4094] ip address 100.0.0.2 24

[SwitchA-Vlan-interface4094] quit

# 配置Switch A和Switch B直连的端口GE2/0/24为Trunk口,允许VLAN 101和VLAN 102通过。

[SwitchA] interface GigabitEthernet2/0/24

[SwitchA-GigabitEthernet2/0/24] undo shutdown

[SwitchA-GigabitEthernet2/0/24] port link-type trunk

[SwitchA-GigabitEthernet2/0/24] undo port trunk permit vlan 1

[SwitchA-GigabitEthernet2/0/24] port trunk permit vlan 101 to 102

[SwitchA-GigabitEthernet2/0/24] port trunk pvid vlan 101

[SwitchA-GigabitEthernet2/0/24] quit

# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为10.0.0.1。

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1

# 配置Switch A在备份组1中的优先级为120。

[SwitchA-Vlan-interface101] vrrp vrid 1 priority 120

[SwitchA-Vlan-interface101] quit

# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。

[SwitchA] track 1 interface Vlan-interface 4094

# 配置备份组1监视Track项1,当Track项的状态为Negative时,降低Switch A在备份组1中的优先级。

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] vrrp vrid 1 track 1 reduced 255

[SwitchA-Vlan-interface101] quit

# 创建VRRP备份组2,并配置备份组2的虚拟IP地址为11.0.0.1。

[SwitchA] interface vlan-interface 102

[SwitchA-Vlan-interface102] vrrp vrid 1 virtual-ip 11.0.0.1

[SwitchA-Vlan-interface102] quit

# 配置MSTP。

[SwitchA] stp region-configuration

[SwitchA-mst-region] region-name vrrp

[SwitchA-mst-region] instance 1 vlan 101

[SwitchA-mst-region] instance 2 vlan 102

[SwitchA-mst-region] active region-configuration

[SwitchA-mst-region] quit

[SwitchA] stp instance 1 root primary

[SwitchA] stp global enable

4.5.2  配置Switch B

# 配置VLAN 101。

<SwitchB> system-view

[SwitchB] vlan 101

[SwitchB-vlan101] port Gigabitethernet 3/0/1

[SwitchB-vlan101] quit

[SwitchB] interface GigabitEthernet 3/0/1

[SwitchB-GigabitEthernet3/0/1] undo shutdown

[SwitchB-GigabitEthernet3/0/1] quit

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] undo shutdown

[SwitchB-Vlan-interface101] ip address 10.0.0.3 24

[SwitchB-Vlan-interface101] quit

# 配置VLAN 102。

[SwitchB] vlan 102

[SwitchB-vlan102] port Gigabitethernet 3/0/3

[SwitchB-vlan102] quit

[SwitchB] interface GigabitEthernet 3/0/3

[SwitchB-GigabitEthernet3/0/3] undo shutdown

[SwitchB-GigabitEthernet3/0/3] quit

[SwitchB] interface vlan-interface 102

[SwitchB-Vlan-interface102] undo shutdown

[SwitchB-Vlan-interface102] ip address 11.0.0.3 24

[SwitchB-Vlan-interface102] quit

# 配置VLAN 4094。

[SwitchB] vlan 4094

[SwitchB-vlan4094] port Gigabitethernet 3/0/2

[SwitchB-vlan4094] quit

[SwitchB] interface GigabitEthernet 3/0/2

[SwitchB-GigabitEthernet3/0/2] undo shutdown

[SwitchB-GigabitEthernet3/0/2] quit

[SwitchB] interface vlan-interface 4094

[SwitchB-Vlan-interface4094] undo shutdown

[SwitchB-Vlan-interface4094] ip address 100.0.0.3 24

[SwitchB-Vlan-interface4094] quit

# 配置Switch B和Switch A直连的端口GE3/0/24为Trunk口,允许VLAN 101和VLAN 102通过。

[SwitchB] interface GigabitEthernet3/0/24

[SwitchB-GigabitEthernet3/0/24] undo shutdown

[SwitchB-GigabitEthernet3/0/24] port link-type trunk

[SwitchB-GigabitEthernet3/0/24] undo port trunk permit vlan 1

[SwitchB-GigabitEthernet3/0/24] port trunk permit vlan 101 to 102

[SwitchB-GigabitEthernet3/0/24] port trunk pvid vlan 101

[SwitchB-GigabitEthernet3/0/24] quit

# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为10.0.0.1

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1

[SwitchB-Vlan-interface101] quit

# 创建VRRP备份组2,并配置备份组2的虚拟IP地址为11.0.0.1。

[SwitchB] interface vlan-interface 102

[SwitchB-Vlan-interface102] vrrp vrid 1 virtual-ip 11.0.0.1

# 配置Switch B在备份组2中的优先级为120。

[SwitchB-Vlan-interface102] vrrp vrid 1 priority 120

[SwitchB-Vlan-interface102] quit

# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。

[swithcB] track 1 interface Vlan-interface 4094

# 配置备份组2监视Track项1,当Track项的状态为Negative时,降低Switch B在备份组2中的优先级。

[SwitchB] interface vlan-interface 102

[SwitchB-Vlan-interface102] vrrp vrid 1 track 1 reduced 255

[SwitchB-Vlan-interface102] quit

# 配置MSTP。

[SwitchB] stp region-configuration

[SwitchB-mst-region] region-name vrrp

[SwitchB-mst-region] instance 1 vlan 101

[SwitchB-mst-region] instance 2 vlan 102

[SwitchB-mst-region] active region-configuration

[SwitchB-mst-region] quit

[SwitchB] stp instance 2 root primary

[SwitchB] stp global enable

4.6  验证配置

(1)     配置完成后,区域A和区域B中的主机都可以ping通外网。

(2)     通过display vrrp verbose命令查看配置后的结果。

# 查看Switch A上全部IPv4 VRRP备份组的详细信息,显示Switch A在备份组1中为Master设备,在备份组2中为Backup设备。

[SwitchA] display vrrp verbose

IPv4 Virtual Router Information:

     Running Mode       : Standard

Total number of virtual routers : 2

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.0.0.1

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.0.0.2

   VRRP Track Information:

     Track object: 1             State : Positive      Pri Reduced : 255

 

   Interface Vlan-interface102

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 11.0.0.1

     Master IP      : 11.0.0.3

# 查看Switch B上全部IPv4 VRRP备份组的详细信息,显示Switch B在备份组1中为Backup设备,在备份组2中为Master设备。

[SwitchB] display vrrp verbose

IPv4 Virtual Router Information:

     Running Mode       : Standard

Total number of virtual routers : 2

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.0.0.1

     Master IP      : 10.0.0.2

 

   Interface Vlan-interface102

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 11.0.0.1

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 11.0.0.3

   VRRP Track Information:

     Track object: 1             State :positive         Pri Reduced : 255

# 查看Switch A上MSTP状态的简要信息,显示Switch A的端口GE2/0/3在MSTI2中被阻塞。

[SwitchA] display stp brief

MSTID      Port                         Role  STP State     Protection

   0        GigabitEthernet2/0/1         DESI  FORWARDING    NONE

   0        GigabitEthernet2/0/24        DESI  FORWARDING    NONE

   0        GigabitEthernet2/0/3         ROOT  FORWARDING    NONE

   1        GigabitEthernet2/0/1         DESI  FORWARDING    NONE

   1        GigabitEthernet2/0/24        DESI  FORWARDING    NONE

   2        GigabitEthernet2/0/24        ROOT  FORWARDING    NONE

   2        GigabitEthernet2/0/3         ALTE  DISCARDING    NONE

# 查看Switch B上MSTP状态的简要信息,显示Switch B的端口GE3/0/1在MSTI1中被阻塞。

[SwitchB] display stp brief

 MSTID      Port                         Role  STP State     Protection

   0        GigabitEthernet3/0/1         DESI  FORWARDING    NONE

   0        GigabitEthernet3/0/24        ALTE  DISCARDING    NONE

   0        GigabitEthernet3/0/3         ROOT  FORWARDING    NONE

   1        GigabitEthernet3/0/1         ALTE  DISCARDING    NONE

   1        GigabitEthernet3/0/24        ROOT  FORWARDING    NONE

   2        GigabitEthernet3/0/24        DESI  FORWARDING    NONE

   2        GigabitEthernet3/0/3         DESI  FORWARDING    NONE

# Switch A出现故障或者被监视的上行VLAN接口down后,通过display vrrp verbose命令查看Switch B上备份组的详细信息。可以看到Switch B抢占为备份组1Master

[SwitchB] display vrrp verbose

IPv4 Virtual Router Information:

     Running  Mode       : Standard

Total number of virtual routers : 2

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.0.0.1

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.0.0.3

 

   Interface Vlan-interface102

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 11.0.0.1

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 11.0.0.3

   VRRP Track Information:

     Track Obeject: 1             State : Positive         Pri Reduced : 255

4.7  配置文件

·     Switch A:

#

vlan 101 to 102

#

vlan 4094

#

stp region-configuration

 region-name vrrp

 instance 1 vlan 101

 instance 2 vlan 102

 active region-configuration

#

 stp instance 1 root primary

 stp global enable

#

interface Vlan-interface101

 ip address 10.0.0.2 255.255.255.0

 vrrp vrid 1 virtual-ip 10.0.0.1

 vrrp vrid 1 priority 120

 vrrp vrid 1 track 1 reduced 255

#

interface Vlan-interface102

 ip address 11.0.0.2 255.255.255.0

 vrrp vrid 1 virtual-ip 11.0.0.1

#

interface Vlan-interface4094

 ip address 100.0.0.2 255.255.255.0

#

interface GigabitEthernet2/0/1

 port link-mode bridge

 port access vlan 101

#

interface GigabitEthernet2/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet2/0/3

 port link-mode bridge

 port access vlan 102

#

interface GigabitEthernet2/0/24

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 101 to 102

 port trunk pvid vlan 101

#

track 1 interface Vlan-interface 4094

#

·     Switch B:

#

vlan 101 to 102

#

vlan 4094

#

stp region-configuration

 region-name vrrp

 instance 1 vlan 101

 instance 2 vlan 102

 active region-configuration

#

stp instance 2 root primary

 stp global enable

#

interface Vlan-interface101

 ip address 10.0.0.3 255.255.255.0

 vrrp vrid 1 virtual-ip 10.0.0.1

#

interface Vlan-interface102

 ip address 11.0.0.3 255.255.255.0

 vrrp vrid 1 virtual-ip 11.0.0.1

 vrrp vrid 1 priority 120

 vrrp vrid 1 track 1 reduced 255

#

interface Vlan-interface4094

 ip address 100.0.0.3 255.255.255.0

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 101

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/3

 port link-mode bridge

 port access vlan 102

#

interface GigabitEthernet3/0/24

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 101 to 102

 port trunk pvid vlan 101

#

track 1 interface Vlan-interface 4094

#

5  IPv4 VRRP负载均衡模式配置举例

5.1  组网需求

图3所示,在承担网关功能的Switch A、Switch B和Switch C上配置有VRRP备份组,虚拟IP地址为10.1.1.1/24。用户IPv4网络中的主机将VRRP备份组作为缺省网关。要求通过配置VRRP负载均衡模式满足如下需求:

·     Switch A是VRRP备份组中的Master设备,Switch B、Switch C是Backup设备。某台网关设备(Switch A、Switch B或Switch C)出现故障时,用户主机仍然可以通过其他网关设备访问外部网络。

·     不同主机的流量通过备份组中不同的网关设备转发,避免流量集中在Master设备上。

·     AVF(Active Virtual Forwarder,动态虚拟转发器)上行链路出现故障时,能及时通知LVF(Listening Virtual Forwarder,监听虚拟转发器)接替其转发流量。

图3 IPv4 VRRP负载均衡模式配置组网图

 

5.2  配置思路

·     为了保证Switch A作为Master,可以将Switch A在备份组中的优先级配置为120,高于Switch B(Switch B在备份组中的优先级配置为110)、Switch C(Switch C在备份组中的优先级为缺省值100)。

·     为了保证AVF上行链路出现故障时,能及时通知LVF接替其转发流量。可以在各网关设备上配置虚拟转发器的监视功能,利用BFD监测AVF连接的上行链路的状态,并通过Track功能在虚拟转发器和BFD之间建立联动。当上行链路出现故障,Track项的状态变为Negative,虚拟转发器的权重将降低指定的数额,以便虚拟转发器优先级更高的网关设备抢占成为AVF,接替其转发流量。

5.3  使用版本

本举例是在S12500-CMW710-R7129版本上进行配置和验证的。

5.4  配置注意事项

·     VRRP工作在负载均衡模式时,虚拟IP地址不能与VRRP备份组中路由器的接口IP地址相同,即负载均衡模式的VRRP备份组中不能存在IP地址拥有者。

·     建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。

·     IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则备份组无法正常工作。

5.5  配置步骤

5.5.1  配置Switch A

# 配置VLAN 2。

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port Gigabitethernet 3/0/1

[SwitchA-vlan2] quit

[SwitchA] interface GigabitEthernet 3/0/1

[SwitchA-GigabitEthernet3/0/1] undo shutdown

[SwitchA-GigabitEthernet3/0/1] quit

[SwitchA] interface vlan-interface 2

[SwitchA–Vlan-interface2] undo shutdown

[SwitchA-Vlan-interface2] ip address 10.1.1.2 24

[SwitchA–Vlan-interface2] quit

# 配置VLAN 4094。

[SwitchA] vlan 4094

[SwitchA-vlan4094] port Gigabitethernet 3/0/5

[SwitchA-vlan4094] quit

[SwitchA] interface GigabitEthernet 3/0/5

[SwitchA-GigabitEthernet3/0/5] undo shutdown

[SwitchA-GigabitEthernet3/0/5] quit

[SwitchA] interface vlan-interface 4094

[SwitchA–Vlan-interface4094] undo shutdown

[SwitchA-Vlan-interface4094] ip address 100.0.0.2 24

[SwitchA–Vlan-interface4094] quit

# 配置VRRP工作在负载均衡模式。

[SwitchA] vrrp mode load-balance

# 创建备份组1,并配置备份组1的虚拟IP地址为10.1.1.1。

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1

# 配置Switch A在备份组1中的优先级为120。

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 120

# 配置虚拟转发器的监视功能。

[SwitchA-Vlan-interface2] vrrp vrid 1 weight track 1 reduced 255

[SwitchA-Vlan-interface2] quit

# 配置BFD echo报文方式的源IP地址。IP地址可以任意指定,不需要与实际接口地址对应。请不要将BFD echo报文的源IP地址配置为属于该设备任何一个接口所在网段。

[SwitchA] bfd echo-source-ip 45.45.45.45

# 配置接口接收BFD echo报文的最小时间间隔。

[SwitchA] interface vlan-interface 4094

[SwitchA-Vlan-interface4094] bfd min-echo-receive-interval 100

# 配置单跳BFD检测时间倍数。

[SwitchA-Vlan-interface4094] bfd detect-multiplier 3

[SwitchA–Vlan-interface4094] quit

# 创建和BFD会话关联的Track项1,远端IP为上行设备的接口IP地址。

[SwitchA] track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.2

5.5.2  配置Switch B

# 配置VLAN 2。

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port Gigabitethernet 3/0/1

[SwitchB-vlan2] quit

[SwitchB] interface GigabitEthernet 3/0/1

[SwitchB-GigabitEthernet3/0/1] undo shutdown

[SwitchB-GigabitEthernet3/0/1] quit

[SwitchB] interface vlan-interface 2

[SwitchB–Vlan-interface2] undo shutdown

[SwitchB-Vlan-interface2] ip address 10.1.1.3 24

[SwitchB-Vlan-interface2] quit

# 配置VLAN 4094。

[SwitchB] vlan 4094

[SwitchB-vlan4094] port Gigabitethernet 3/0/5

[SwitchB-vlan4094] quit

[SwitchB] interface GigabitEthernet 3/0/5

[SwitchB-GigabitEthernet3/0/5] undo shutdown

[SwitchB-GigabitEthernet3/0/5] quit

[SwitchB] interface vlan-interface 4094

[SwitchB–Vlan-interface4094] undo shutdown

[SwitchB-Vlan-interface4094] ip address 100.0.0.3 24

[SwitchB–Vlan-interface4094] quit

# 配置VRRP工作在负载均衡模式。

[SwitchB] vrrp mode load-balance

# 创建备份组1,并配置备份组1的虚拟IP地址为10.1.1.1。

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1

# 配置Swtich B在备份组1中的优先级为110。

[SwitchB-Vlan-interface2] vrrp vrid 1 priority 110

# 配置虚拟转发器的监视功能。

[SwitchB-Vlan-interface2] vrrp vrid 1 weight track 1 reduced 255

[SwitchB-Vlan-interface2] quit

# 配置BFD echo报文方式的源IP地址。IP地址可以任意指定,不需要与实际接口地址对应。请不要将BFD echo报文的源IP地址配置为属于该设备任何一个接口所在网段。

[SwitchB] bfd echo-source-ip 56.56.56.56

# 配置接口接收BFD echo报文的最小时间间隔。

[SwitchB] interface vlan-interface 4094

[SwitchB-Vlan-interface4094] bfd min-echo-receive-interval 100

# 配置单跳BFD检测时间倍数。

[SwitchB-Vlan-interface4094] bfd detect-multiplier 3

[SwitchB–Vlan-interface4094] quit

# 创建和BFD会话关联的Track项,远端IP为上行设备的接口IP地址。

[SwitchB] track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.3

5.5.3  配置Switch C

# 配置VLAN 2。

<SwitchC> system-view

[SwitchC] vlan 2

[SwitchC-vlan2] port Gigabitethernet 3/0/1

[SwitchC-vlan2] quit

[SwitchC] interface GigabitEthernet 3/0/1

[SwitchC-GigabitEthernet3/0/1] undo shutdown

[SwitchC-GigabitEthernet3/0/1] quit

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] undo shutdown

[SwitchC-Vlan-interface2] ip address 10.1.1.4 24

[SwitchC-Vlan-interface2] quit

# 配置VLAN 4094。

[SwitchC] vlan 4094

[SwitchC-vlan4094] port Gigabitethernet 3/0/5

[SwitchC-vlan4094] quit

[SwitchC] interface GigabitEthernet 3/0/5

[SwitchC-GigabitEthernet3/0/5] undo shutdown

[SwitchC-GigabitEthernet3/0/5] quit

[SwitchC] interface vlan-interface 4094

[SwitchC-Vlan-interface4094] undo shutdown

[SwitchC-Vlan-interface4094] ip address 100.0.0.4 24

[SwitchC-Vlan-interface4094] quit

# 配置VRRP工作在负载均衡模式。

[SwitchC] vrrp mode load-balance

# 创建备份组1,并配置备份组1的虚拟IP地址为10.1.1.1。

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1

# 配置虚拟转发器的监视功能。

[SwitchC-Vlan-interface2] vrrp vrid 1 weight track 1 reduced 255

[SwitchC-Vlan-interface2] quit

# 配置BFD echo报文方式的源IP地址。IP地址可以任意指定,不需要与实际接口地址对应。请不要将BFD echo报文的源IP地址配置为属于该设备任何一个接口所在网段。

[SwitchC] bfd echo-source-ip 67.67.67.67

# 配置接口接收BFD echo报文的最小时间间隔。

[SwitchC] interface vlan-interface 4094

[SwitchC-Vlan-interface4094] bfd min-echo-receive-interval 100

# 配置单跳BFD检测时间倍数。

[SwitchC-Vlan-interface4094] bfd detect-multiplier 3

[SwitchC-Vlan-interface4094] quit

# 创建和BFD会话关联的Track项,远端IP为上行设备的接口IP地址。

[SwitchC] track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.4

5.6  验证配置

(1)     配置完成后,Host A、Host B和Host C都可以ping通外网。

(2)     通过display vrrp verbose命令查看配置后的结果。

# 查看Switch A上全部IPv4 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch A在备份组1中为Master设备。Switch A上存在一个AVF,和两个作为备份的LVF。

[SwitchA] display vrrp verbose

IPv4 Virtual Router Information:

     Running Mode       : Load Balance

Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 1

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Master IP      : 10.1.1.2

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Active

     Virtual MAC    : 000f-e2ff-0011 (Owner)

     Owner ID       : 6697-1250-0100

     Priority       : 255

     Active         : local

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-0012 (Learnt)

     Owner ID       : 00e0-6405-3100

     Priority       : 127

     Active         : 10.1.1.3

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-0013 (Learnt)

     Owner ID       : 0001-0002-0103

     Priority       : 127

     Active         : 10.1.1.4

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 255

# 查看Switch B上全部IPv4 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch B在备份组1中为Backup设备。Switch B上存在一个AVF,和两个作为备份的LVF。

[SwitchB] display vrrp verbose

IPv4 Virtual Router Information:

     Running Mode       : Load Balance

Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 1

     Admin Status   : Up                   State        : Backup

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Master IP      : 10.1.1.2

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Listening

     Virtual MAC    : 000f-e2ff-0011 (Learnt)

     Owner ID       : 6697-1250-0100

     Priority       : 127

     Active         : 10.1.1.2

    Forwarder 02

     State          : Active

     Virtual MAC    : 000f-e2ff-0012 (Owner)

     Owner ID       : 00e0-6405-3100

     Priority       : 255

     Active         : local

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-0013 (Learnt)

     Owner ID       : 0001-0002-0103

     Priority       : 127

     Active         : 10.1.1.4

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 255

# 查看Switch C上全部IPv4 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch C在备份组1中为Backup设备。Switch C上存在一个AVF,和两个作为备份的LVF。

[SwitchC] display vrrp verbose

IPv4 Virtual Router Information:

     Running Mode       : Load Balance

Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 1

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Master IP      : 10.1.1.2

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Listening

     Virtual MAC    : 000f-e2ff-0011 (Learnt)

     Owner ID       : 6697-1250-0100

     Priority       : 127

     Active         : 10.1.1.2

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-0012 (Learnt)

     Owner ID       : 00e0-6405-3100

     Priority       : 127

     Active         : 10.1.1.3

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-0013 (Owner)

     Owner ID       : 0001-0002-0103

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 255

# Switch A出现故障后,通过display vrrp verbose命令查看Switch C上备份组的详细信息。

[SwitchC] display vrrp verbose

IPv4 Virtual Router Information:

     Running Mode       : Load Balance

Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 1

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Master IP      : 10.1.1.3

   Forwarder Information: 3 Forwarders 2 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Active

     Virtual MAC    : 000f-e2ff-0011 (Take Over)

     Owner ID       : 6697-1250-0100

     Priority       : 85

     Active         : local

     Redirect Time  : 588 secs

     Time-out Time  : 1788 secs

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-0012 (Learnt)

     Owner ID       : 00e0-6405-3100

     Priority       : 85

     Active         : 10.1.1.3

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-0013 (Owner)

     Owner ID       : 0001-0002-0103

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 255

以上显示信息表示Switch A出现故障后,Switch B成为Master路由器;Switch C成为虚拟MAC地址000f-e2ff-0011对应的虚拟转发器的AVF,Host A发送给外网的报文通过Switch C转发。

5.7  配置文件

·     Switch A:

#

vlan 2

#

vlan 4094

#

 vrrp mode load-balance

#

 bfd echo-source-ip 45.45.45.45

#

interface Vlan-interface2

 ip address 10.1.1.2 255.255.255.0

 vrrp vrid 1 virtual-ip 10.1.1.1

 vrrp vrid 1 priority 120

 vrrp vrid 1 weight track 1 reduced 255

#

interface Vlan-interface4094

 ip address 100.0.0.2 255.255.255.0

 bfd min-echo-receive-interval 100

 bfd detect-multiplier 3

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 2

#

interface GigabitEthernet3/0/5

 port link-mode bridge

 port access vlan 4094

#

 track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.2

#

·     Switch B:

#

vlan 2

#

vlan 4094

#

 vrrp mode load-balance

#

 bfd echo-source-ip 56.56.56.56

#

interface Vlan-interface2

 ip address 10.1.1.3 255.255.255.0

 vrrp vrid 1 virtual-ip 10.1.1.1

 vrrp vrid 1 priority 110

 vrrp vrid 1 weight track 1 reduced 255

#

interface Vlan-interface4094

 ip address 100.0.0.3 255.255.255.0

 bfd min-echo-receive-interval 100

 bfd detect-multiplier 3

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 2

#

#

interface GigabitEthernet3/0/5

 port link-mode bridge

 port access vlan 4094

#

track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.3

#

·     Switch C:

#

vlan 2

#

vlan 4094

#

 vrrp mode load-balance

#

 bfd echo-source-ip 67.67.67.67

#

interface Vlan-interface2

 ip address 10.1.1.4 255.255.255.0

 vrrp vrid 1 virtual-ip 10.1.1.1

 vrrp vrid 1 weight track 1 reduced 255

#

interface Vlan-interface4094

 ip address 100.0.0.4 255.255.255.0

 bfd min-echo-receive-interval 100

 bfd detect-multiplier 3

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 2

#

#

interface GigabitEthernet3/0/5

 port link-mode bridge

 port access vlan 4094

#

track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.4

#

6  IPv6 VRRP单备份组配置举例

6.1  组网需求

图4所示,在承担网关功能的Switch A和Switch B上分别配置组号相同的IPv6 VRRP备份组,用户IPv6网络中的主机将VRRP备份组作为缺省网关。要求满足如下需求:

·     Switch A是VRRP备份组中的Master设备,用户网络的主机在正常情况下优先从Switch A访问外网。当Switch A故障时,Switch B能够成为Master设备,承担转发任务。

·     当Switch A连接上行链路的接口故障时,用户网络中的主机能够从Switch B访问外网。

·     配置MSTP避免Switch A、Switch B和L2 Switch之间存在的环路问题,并指定Master设备为根桥。

图4 IPv6 VRRP单备份组配置组网图

 

6.2  配置思路

·     为了保证用户网络在正常情况下优先从Switch A访问外网,可以设置Switch A在备份组中具有更高的优先级,即保证Switch A优先作为备份组的Master设备。本例中将Switch A的优先级配置为120,Switch B使用缺省优先级100。

·     Switch A连接上行链路的接口出现故障时,备份组无法感知上行链路接口的故障,这将导致用户网络内的主机无法访问外部网络。可以在Switch A上配置Track项监视上行接口,当Switch A连接上行链路的接口处于Down或Removed状态时,Switch A主动降低自己的优先级,使得备份组内的Switch B优先级高于Switch A,Switch B能够成功抢占成为Master,承担转发任务。

6.3  使用版本

本举例是在S12500-CMW710-R7129版本上进行配置和验证的。

6.4  配置注意事项

·     建议将备份组的虚拟IPv6地址和接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。

·     设备在某个备份组中作为IP地址拥有者时,如果在该设备上配置该备份组监视指定的Track项,则该配置不会生效。该路由器不再作为IP地址拥有者后,监视功能的配置才会生效。

6.5  配置步骤

6.5.1  配置Switch A

# 配置VLAN 101。

<SwitchA> system-view

[SwitchA] vlan 101

[SwitchA-vlan101] port Gigabitethernet 2/0/1

[SwitchA-vlan101] port Gigabitethernet 2/0/24

[SwitchA-vlan101] quit

[SwitchA] interface GigabitEthernet 2/0/1

[SwitchA-GigabitEthernet2/0/1] undo shutdown

[SwitchA-GigabitEthernet2/0/1] quit

[SwitchA] interface GigabitEthernet 2/0/24

[SwitchA-GigabitEthernet2/0/24] undo shutdown

[SwitchA-GigabitEthernet2/0/24] quit

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] undo shutdown

[SwitchA-Vlan-interface101] ipv6 address 10::2 64

[SwitchA-Vlan-interface101] quit

# 配置VLAN 4094。

[SwitchA] vlan 4094

[SwitchA-vlan4094] port Gigabitethernet 2/0/2

[SwitchA-vlan4094] quit

[SwitchA] interface GigabitEthernet 2/0/2

[SwitchA-GigabitEthernet2/0/2] undo shutdown

[SwitchA-GigabitEthernet2/0/2] quit

[SwitchA] interface vlan-interface 4094

[SwitchA-Vlan-interface4094] undo shutdown

[SwitchA-Vlan-interface4094] ipv6 address 100::2 64

[SwitchA-Vlan-interface4094] quit

 # 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::1和10::1。

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1

# 配置Switch A在备份组1中的优先级为120。

[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 priority 120

[SwitchA-Vlan-interface101] quit

# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。

[switchA] track 1 interface vlan-interface 4094

# 配置备份组1监视Track项1,当Track项的状态为Negative时,降低Switch A在备份组中的优先级。

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 track 1 reduced 255

[SwitchA-Vlan-interface101] quit

# 配置MSTP。

[SwitchA] stp region-configuration

[SwitchA-mst-region] region-name vrrp

[SwitchA-mst-region] instance 1 vlan 101

[SwitchA-mst-region] active region-configuration

[SwitchA-mst-region] quit

[SwitchA] stp instance 1 root primary

[SwitchA] stp global enable

6.5.2  配置Switch B

# 配置VLAN 101。

<SwitchB> system-view

[SwitchB] vlan 101

[SwitchB-vlan101] port Gigabitethernet 3/0/1

[SwitchB-vlan101] port Gigabitethernet 3/0/24

[SwitchB-vlan101] quit

[SwitchB] interface GigabitEthernet 3/0/1

[SwitchB-GigabitEthernet3/0/1] undo shutdown

[SwitchB-GigabitEthernet3/0/1] quit

[SwitchB] interface GigabitEthernet 3/0/24

[SwitchB-GigabitEthernet3/0/24] undo shutdown

[SwitchB-GigabitEthernet3/0/24] quit

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] undo shutdown

[SwitchB-Vlan-interface101] ipv6 address 10::3 64

[SwitchB-Vlan-interface101] quit

# 配置VLAN 4094。

[SwitchB] vlan 4094

[SwitchB-vlan4094] port Gigabitethernet 3/0/2

[SwitchB-vlan4094] quit

[SwitchB] interface GigabitEthernet 3/0/2

[SwitchB-GigabitEthernet3/0/2] undo shutdown

[SwitchB-GigabitEthernet3/0/2] quit

[SwitchB] interface vlan-interface 4094

[SwitchB-Vlan-interface4094] undo shutdown

[SwitchB-Vlan-interface4094] ipv6 address 100::3 64

[SwitchB-Vlan-interface4094] quit

 # 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::1和10::1。

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

[SwitchB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1

[SwitchB-Vlan-interface101] quit

# 配置MSTP。

[SwitchB] stp region-configuration

[SwitchB-mst-region] region-name vrrp

[SwitchB-mst-region] instance 1 vlan 101

[SwitchB-mst-region] active region-configuration

[SwitchB-mst-region] quit

[SwitchB] stp global enable

6.5.3  配置L2 Switch

配置MSTP,配置方法同Switch B。

6.6  验证配置

(1)     配置完成后,在Host A和Host B上可以ping通外网。

(2)     通过display vrrp ipv6 verbose命令查看配置后的结果。

# 查看Switch A上全部IPv6 VRRP备份组的详细信息,显示Switch A在备份组1中为Master设备。

[SwitchA] display vrrp ipv6 verbose

IPv6 virtual Router Information:

     Running Mode       : Standard

Total number of virtual routers : 1

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      10::1

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::2E0:64FF:FE05:3100

   VRRP Track Information:

     Track Object: 1             State : Positive        Pri Reduced : 255

# 查看Switch B上全部IPv6 VRRP备份组的详细信息,显示Switch B在备份组1中为Backup设备。

[SwitchB] display vrrp ipv6 verbose

IPv6 virtual Router Information:

     Running Mode       : Standard

Total number of virtual routers : 1

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      10::1

     Master IP      : FE80::2E0:64FF:FE05:3100

# 查看L2 Switch上的MSTP状态,显示与BackupSwitch B)相连的端口被阻塞。

<L2Switch> display stp instance 1 brief

 MSTID      Port                         Role  STP State     Protection

   1        GigabitEthernet3/0/1         ROOT  FORWARDING    NONE

   1        GigabitEthernet3/0/2         ALTE  DISCARDING    NONE

# Switch A出现故障或者被监视的上行VLAN接口down后,通过display vrrp ipv6 verbose命令查看Switch B上备份组的详细信息。可以看到Switch B抢占为Master

[SwitchB] display vrrp ipv6 verbose

IPv6 virtual Router Information:

     Running Mode       : Standard

Total number of virtual routers : 1

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      10::1

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::6697:12FF:FE50:100

6.7  配置文件

·     Switch A:

#

vlan 101

#

vlan 4094

#

stp region-configuration

 region-name vrrp

 instance 1 vlan 101

 active region-configuration

#

stp instance 1 root primary

 stp global enable

#

interface Vlan-interface101

 ipv6 address 10::2/64

 vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

 vrrp ipv6 vrid 1 virtual-ip 10::1

 vrrp ipv6 vrid 1 priority 120

 vrrp ipv6 vrid 1 track 1 reduced 255

#

interface Vlan-interface4094

 ipv6 address 100::2/64

#

interface GigabitEthernet2/0/1

 port link-mode bridge

 port access vlan 101

#

interface GigabitEthernet2/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet2/0/24

 port link-mode bridge

 port access vlan 101

#

track 1 interface Vlan-interface 4094

#

·     Switch B:

#

vlan 101

#

vlan 4094

#

stp region-configuration

 region-name vrrp

 instance 1 vlan 101

 active region-configuration

#

stp global enable

#

interface Vlan-interface101

 ipv6 address 10::3/64

 vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

 vrrp ipv6 vrid 1 virtual-ip 10::1

#

interface Vlan-interface4094

 ipv6 address 100::3/64

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 101

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/24

 port link-mode bridge

 port access vlan 101

#

7  IPv6 VRRP多备份组负载分担配置举例

7.1  组网需求

图5所示,在承担网关功能的Switch A和Switch B上分别配置两个IPv6 VRRP备份组,区域A用户将VRRP备份组1作为缺省网关,区域B用户将VRRP备份组2作为缺省网关。要求满足如下需求:

·     Switch A是VRRP备份组1中的Master设备,Switch B是VRRP备份组2中的Master设备。在正常情况下,区域A用户通过Switch A进行数据转发,区域B用户通过Switch B进行数据转发。当一台网关设备出现故障时,另一台网关设备能够承担受影响区域内主机流量的转发任务。

·     当备份组中的Master设备连接上行链路的接口故障时,受影响区域内的主机仍然可以通过另一台网关设备访问外部网络。

·     配置MSTP多实例避免Switch A、Switch B和L2 Switch之间存在的环路问题,并使得各实例中均以Master设备为根桥。

图5 IPv6 VRRP多备份组负载分担配置组网图

 

7.2  配置思路

·     为了保证Switch A优先作为备份组1的Master设备,设置Switch A在备份组1中具有更高的优先级(本例中Switch A在备份组1中的优先级配置为120,Switch B使用缺省优先级100);为了保证Switch B优先作为备份组2的Master设备,设置Switch B在备份组2中具有更高的优先级(本例中Switch B在备份组2中的优先级配置为120,Switch A使用缺省优先级100)。

·     Master设备连接的上行链路的接口出现故障时,备份组无法感知上行链路接口的故障,这将导致用户网络内的主机无法访问外部网络。可以分别在两个VRRP备份组中的Master设备上配置Track项监视上行接口,当Master设备连接上行链路的接口处于Down或Removed状态时,Master设备主动降低自己的优先级,使得备份组内的Backup设备优先级高于Master设备,从而能够成功抢占成为Master,承担转发任务。

7.3  使用版本

本举例是在S12500-CMW710-R7129版本上进行配置和验证的。

7.4  配置注意事项

·     建议将备份组的虚拟IPv6地址和接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。

·     设备在某个备份组中作为IP地址拥有者时,如果在该设备上配置该备份组监视指定的Track项,则该配置不会生效。该路由器不再作为IP地址拥有者后,监视功能的配置才会生效。

7.5  配置步骤

7.5.1  配置Switch A

# 配置VLAN 101。

<SwitchA> system-view

[SwitchA] vlan 101

[SwitchA-vlan101] port Gigabitethernet 2/0/1

[SwitchA-vlan101] quit

[SwitchA] interface GigabitEthernet 2/0/1

[SwitchA-GigabitEthernet3/0/1] undo shutdown

[SwitchA-GigabitEthernet3/0/1] quit

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] undo shutdown

[SwitchA-Vlan-interface101] ipv6 address 10::2 64

[SwitchA-Vlan-interface101] quit

# 配置VLAN 102。

[SwitchA] vlan 102

[SwitchA-vlan102] port Gigabitethernet 2/0/3

[SwitchA-vlan102] quit

[SwitchA] interface GigabitEthernet 2/0/3

[SwitchA-GigabitEthernet2/0/3] undo shutdown

[SwitchA-GigabitEthernet2/0/3] quit

[SwitchA] interface vlan-interface 102

[SwitchA-Vlan-interface102] undo shutdown

[SwitchA-Vlan-interface102] ipv6 address 11::2 64

[SwitchA-Vlan-interface102] quit

# 配置VLAN 4094。

[SwitchA] vlan 4094

[SwitchA-vlan4094] port Gigabitethernet 2/0/2

[SwitchA-vlan4094] quit

[SwitchA] interface GigabitEthernet 2/0/2

[SwitchA-GigabitEthernet2/0/2] undo shutdown

[SwitchA-GigabitEthernet2/0/2] quit

[SwitchA] interface vlan-interface 4094

[SwitchA-Vlan-interface4094] undo shutdown

[SwitchA-Vlan-interface4094] ipv6 address 100::2 64

[SwitchA-Vlan-interface4094] quit

# 配置Switch A和Switch B直连的端口GE2/0/24为Trunk口,允许VLAN 101和VLAN 102通过。

[SwitchA] interface GigabitEthernet2/0/24

[SwitchA-GigabitEthernet2/0/24] undo shutdown

[SwitchA-GigabitEthernet2/0/24] port link-type trunk

[SwitchA-GigabitEthernet2/0/24] undo port trunk permit vlan 1

[SwitchA-GigabitEthernet2/0/24] port trunk permit vlan 101 to 102

[SwitchA-GigabitEthernet2/0/24] port trunk pvid vlan 101

[SwitchA-GigabitEthernet2/0/24] quit

# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::1和10::1。

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1

# 配置Switch A在备份组1中的优先级为120。

[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 priority 120

[SwitchA-Vlan-interface101] quit

# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。

[SwitchA] track 1 interface vlan-interface 4094

# 配置备份组1监视Track项1,当Track项的状态为Negative时,降低Switch A在备份组1中的优先级。

[SwitchA] interface vlan-interface 101

[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 track 1 reduced 255

[SwitchA-Vlan-interface101] quit

# 创建IPv6 VRRP备份组2,并配置备份组2的虚拟IPv6地址为FE80::1和11::1。

[SwitchA] interface vlan-interface 102

[SwitchA-Vlan-interface102] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

[SwitchA-Vlan-interface102] vrrp ipv6 vrid 1 virtual-ip 11::1

[SwitchA-Vlan-interface102] quit

# 配置MSTP。

[SwitchA] stp region-configuration

[SwitchA-mst-region] region-name vrrp

[SwitchA-mst-region] instance 1 vlan 101

[SwitchA-mst-region] instance 2 vlan 102

[SwitchA-mst-region] active region-configuration

[SwitchA-mst-region] quit

[SwitchA] stp instance 1 root primary

[SwitchA] stp global enable

7.5.2  配置Switch B

# 配置VLAN 101。

<SwitchB> system-view

[SwitchB] vlan 101

[SwitchB-vlan101] port Gigabitethernet 3/0/1

[SwitchB-vlan101] quit

[SwitchB] interface GigabitEthernet 3/0/1

[SwitchB-GigabitEthernet3/0/1] undo shutdown

[SwitchB-GigabitEthernet3/0/1] quit

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] undo shutdown

[SwitchB-Vlan-interface101] ipv6 address 10::3 64

[SwitchB-Vlan-interface101] quit

# 配置VLAN 102。

[SwitchB] vlan 102

[SwitchB-vlan102] port Gigabitethernet 3/0/3

[SwitchB-vlan102] quit

[SwitchB] interface GigabitEthernet 3/0/3

[SwitchB-GigabitEthernet3/0/3] undo shutdown

[SwitchB-GigabitEthernet3/0/3] quit

[SwitchB] interface vlan-interface 102

[SwitchB-Vlan-interface102] undo shutdown

[SwitchB-Vlan-interface102] ipv6 address 11::3 64

[SwitchB-Vlan-interface102] quit

# 配置VLAN 4094。

[SwitchB] vlan 4094

[SwitchB-vlan4094] port Gigabitethernet 3/0/2

[SwitchB-vlan4094] quit

[SwitchB] interface GigabitEthernet 3/0/2

[SwitchB-GigabitEthernet3/0/2] undo shutdown

[SwitchB-GigabitEthernet3/0/2] quit

[SwitchB] interface vlan-interface 4094

[SwitchB-Vlan-interface4094] undo shutdown

[SwitchB-Vlan-interface4094] ipv6 address 100::3 64

[SwitchB-Vlan-interface4094] quit

# 配置Switch B和Switch A直连的端口GE3/0/24为Trunk口,允许VLAN 101和VLAN 102通过。

[SwitchB] interface GigabitEthernet3/0/24

[SwitchB-GigabitEthernet3/0/24] undo shutdown

[SwitchB-GigabitEthernet3/0/24] port link-type trunk

[SwitchB-GigabitEthernet3/0/24] undo port trunk permit vlan 1

[SwitchB-GigabitEthernet3/0/24] port trunk permit vlan 101 to 102

[SwitchB-GigabitEthernet3/0/24] port trunk pvid vlan 101

[SwitchB-GigabitEthernet3/0/24] quit

# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::110::1

[SwitchB] interface vlan-interface 101

[SwitchB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

[SwitchB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1

[SwitchB-Vlan-interface101] quit

# 创建IPv6 VRRP备份组2,并配置备份组2的虚拟IPv6地址为FE80::1和11::1。

[SwitchB] interface vlan-interface 102

[SwitchB-Vlan-interface102] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

[SwitchB-Vlan-interface102] vrrp ipv6 vrid 1 virtual-ip 11::1

# 配置Switch B在备份组2中的优先级为120。

[SwitchB-Vlan-interface102] vrrp ipv6 vrid 1 priority 120

[SwitchB-Vlan-interface102] quit

# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。

[SwitchB] track 1 interface Vlan-interface 4094

# 配置备份组2监视Track项1,当Track项的状态为Negative时,降低Switch B在备份组2中的优先级。

[SwitchB] interface vlan-interface 102

[SwitchB-Vlan-interface102] vrrp ipv6 vrid 1 track 1 reduced 255

[SwitchB-Vlan-interface102] quit

# 配置MSTP。

[SwitchB] stp region-configuration

[SwitchB-mst-region] region-name vrrp

[SwitchB-mst-region] instance 1 vlan 101

[SwitchB-mst-region] instance 2 vlan 102

[SwitchB-mst-region] active region-configuration

[SwitchB-mst-region] quit

[SwitchB] stp instance 2 root primary

[SwitchB] stp global enable

7.6  验证配置

(1)     配置完成后,区域A和区域B中的主机可以ping通外网。

(2)     通过display vrrp ipv6 verbose命令查看配置后的结果。

# 查看Switch A上全部IPv6 VRRP备份组的详细信息,显示Switch A在备份组1中为Master设备,在备份组2中为Backup设备。

[SwitchA] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

     Running Mode       : Standard

Total number of virtual routers : 2

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      10::1

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::2E0:64FF:FE05:3100

   VRRP Track Information:

     Track Object: 1             State : Positive         Pri Reduced : 255

 

   Interface Vlan-interface102

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      11::1

     Master IP      : FE80::6697:12FF:FE50:3100

# 查看Switch B上全部IPv6 VRRP备份组的详细信息,显示Switch B在备份组1中为Backup设备,在备份组2中为Master设备。

[SwitchB] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

     Running  Mode       : Standard

Total number of virtual routers : 2

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      10::1

     Master IP      : FE80::2E0:64FF:FE05:3100

 

   Interface Vlan-interface102

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      11::1

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::6697:12FF:FE50:100

   VRRP Track Information:

     Track Object: 1             State : Positive         Pri Reduced : 255

# 查看Switch A上MSTP状态的简要信息,显示Switch A的端口GE2/0/3在MSTI2中被阻塞。

[SwitchA] display stp brief

MSTID      Port                         Role  STP State     Protection

   0        GigabitEthernet2/0/1         DESI  FORWARDING    NONE

   0        GigabitEthernet2/0/24        DESI  FORWARDING    NONE

   0        GigabitEthernet2/0/3         ROOT  FORWARDING    NONE

   1        GigabitEthernet2/0/1         DESI  FORWARDING    NONE

   1        GigabitEthernet2/0/24        DESI  FORWARDING    NONE

   2        GigabitEthernet2/0/24        ROOT  FORWARDING    NONE

   2        GigabitEthernet2/0/3         ALTE  DISCARDING    NONE

# 查看Switch B上MSTP状态的简要信息,显示Switch B的端口GE3/0/1在MSTI1中被阻塞。

[SwitchB] display stp brief

 MSTID      Port                         Role  STP State     Protection

   0        GigabitEthernet3/0/1         DESI  FORWARDING    NONE

   0        GigabitEthernet3/0/24        ALTE  DISCARDING    NONE

   0        GigabitEthernet3/0/3         ROOT  FORWARDING    NONE

   1        GigabitEthernet3/0/1         ALTE  DISCARDING    NONE

   1        GigabitEthernet3/0/24        ROOT  FORWARDING    NONE

   2        GigabitEthernet3/0/24        DESI  FORWARDING    NONE

   2        GigabitEthernet3/0/3         DESI  FORWARDING    NONE

# Switch A出现故障或者被监视的上行VLAN接口down后,通过display vrrp ipv6 verbose命令查看Switch B上备份组的详细信息。可以看到Switch B抢占为备份组1Master

[SwitchB] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

     Running Mode       : Standard

Total number of virtual routers : 2

   Interface Vlan-interface101

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      10::1

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::6697:12FF:FE50:100

 

   Interface Vlan-interface102

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::1

                      11::1

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::6697:12FF:FE50:100

   VRRP Track Information:

     Track Object: 1             State : Positive         Pri Reduced : 255

7.7  配置文件

·     Switch A:

#

vlan 101 to 102

#

vlan 4094

#

stp region-configuration

 region-name vrrp

 instance 1 vlan 101

 instance 2 vlan 102

 active region-configuration

#

 stp instance 1 root primary

 stp  global enable

#

interface Vlan-interface101

 ipv6 address 10::2/64

 vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

 vrrp ipv6 vrid 1 virtual-ip 10::1

 vrrp ipv6 vrid 1 priority 120

 vrrp ipv6 vrid 1 track 1 reduced 255

#

interface Vlan-interface102

 ipv6 address 11::2/64

 vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

 vrrp ipv6 vrid 1 virtual-ip 11::1

#

interface Vlan-interface4094

 ipv6 address 100::2/64

#

interface GigabitEthernet2/0/1

 port link-mode bridge

 port access vlan 101

#

interface GigabitEthernet2/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet2/0/3

 port link-mode bridge

 port access vlan 102

#

interface GigabitEthernet2/0/24

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 101 to 102

 port trunk pvid vlan 101

#

track 1 interface Vlan-interface 4094

#

·     Switch B:

#

vlan 101 to 102

#

vlan 4094

#

stp region-configuration

 region-name vrrp

 instance 1 vlan 101

 instance 2 vlan 102

 active region-configuration

#

stp instance 2 root primary

 stp global enable

#

interface Vlan-interface101

 ipv6 address 10::3/64

 vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

 vrrp ipv6 vrid 1 virtual-ip 10::1

#

interface Vlan-interface102

 ipv6 address 11::3/64

 vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local

 vrrp ipv6 vrid 1 virtual-ip 11::1

 vrrp ipv6 vrid 1 priority 120

 vrrp ipv6 vrid 1 track 1 reduced 255

#

interface Vlan-interface4094

 ipv6 address 100::3/64

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 101

#

interface GigabitEthernet3/0/2

 port link-mode bridge

 port access vlan 4094

#

interface GigabitEthernet3/0/3

 port link-mode bridge

 port access vlan 102

#

interface GigabitEthernet3/0/24

 port link-type trunk

 undo port trunk permit vlan 1

 port trunk permit vlan 101 to 102

 port trunk pvid vlan 101

#

track 1 interface Vlan-interface 4094

#

8  IPv6 VRRP负载均衡模式配置举例

8.1  组网需求

图6所示,在承担网关功能的Switch A、Switch B和Switch C上配置有IPv6 VRRP备份组,虚拟IPv6地址为FE80::10。用户IPv6网络中的主机将VRRP备份组作为缺省网关。要求通过配置VRRP负载均衡模式满足如下需求:

·     Switch A是VRRP备份组中的Master设备,Switch B、Switch C是Backup设备。某台网关设备(Switch A、Switch B或Switch C)出现故障时,用户主机仍然可以通过其他网关设备访问外部网络。

·     不同主机的流量通过备份组中不同的网关设备转发,避免流量集中在Master设备上。

·     AVF上行链路出现故障时,能及时通知LVF接替其转发流量。

图6 IPv6 VRRP负载均衡模式配置组网图

 

8.2  配置思路

·     为了保证Switch A作为Master,可以将Switch A在备份组中的优先级配置为120,高于Switch B(Switch B在备份组中的优先级配置为110)、Switch C(Switch C在备份组中的优先级为缺省值100)。

·     为了保证AVF上行链路出现故障时,能及时通知LVF接替其转发流量。可以在各网关设备上配置虚拟转发器的监视功能,利用接口管理监视上行接口的状态,并通过Track功能在虚拟转发器和接口管理之间建立联动。当上行链路出现故障,Track项的状态变为Negative,虚拟转发器的权重将降低指定的数额,以便虚拟转发器优先级更高的网关设备抢占成为AVF,接替其转发流量。

8.3  使用版本

本举例是在S12500-CMW710-R7129版本上进行配置和验证的。

8.4  配置注意事项

·     VRRP工作在负载均衡模式时,虚拟IP地址不能与VRRP备份组中路由器的接口IP地址相同,即负载均衡模式的VRRP备份组中不能存在IP地址拥有者。

·     建议将备份组的虚拟IPv6地址和接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。

·     为了使主机能通过RA消息学习到缺省网关地址,需要在所有网关设备与主机相连的VLAN接口上取消对RA消息发布的抑制(缺省情况下,抑制发布RA消息)。

8.5  配置步骤

8.5.1  配置Switch A

# 配置VLAN 2。

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port Gigabitethernet 3/0/1

[SwitchA-vlan2] quit

[SwitchA] interface GigabitEthernet 3/0/1

[SwitchA-GigabitEthernet3/0/1] undo shutdown

[SwitchA-GigabitEthernet3/0/1] quit

[SwitchA] interface vlan-interface 2

[SwitchA–Vlan-interface2] undo shutdown

[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64

[SwitchA–Vlan-interface2] quit

# 配置VLAN 4094。

[SwitchA] vlan 4094

[SwitchA-vlan4094] port Gigabitethernet 3/0/5

[SwitchA-vlan4094] quit

[SwitchA] interface GigabitEthernet 3/0/5

[SwitchA-GigabitEthernet3/0/5] undo shutdown

[SwitchA-GigabitEthernet3/0/5] quit

[SwitchA] interface vlan-interface 4094

[SwitchA-Vlan-interface4094] undo shutdown

[SwitchA-Vlan-interface4094] ipv6 address 2001::1/64

[SwitchA-Vlan-interface4094] quit

# 配置VRRP工作在负载均衡模式。

[SwitchA] vrrp ipv6 mode load-balance

# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# 配置Switch A在备份组1中的优先级为120

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 120

# 配置允许发布RA消息。

[SwitchA-Vlan-interface2] undo ipv6 nd ra halt

# 在VLAN接口2上配置虚拟转发器权重监视Track项1,当Track项1状态为Negative时,VLAN接口2上IPv6 VRRP备份组1所有虚拟转发器的权重都降低255。

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 weight track 1 reduced 255

[SwitchA-Vlan-interface2] quit

# 创建与VLAN接口4094的IPv6协议状态关联的Track项1。

[SwitchA] track 1 interface Vlan-interface4094 protocol ipv6

8.5.2  配置Switch B

# 配置VLAN 2。

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port Gigabitethernet 3/0/1

[SwitchB-vlan2] quit

[SwitchB] interface GigabitEthernet 3/0/1

[SwitchB-GigabitEthernet3/0/1] undo shutdown

[SwitchB-GigabitEthernet3/0/1] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] undo shutdown

[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

[SwitchB-Vlan-interface2] ipv6 address 1::2 64

[SwitchB-Vlan-interface2] quit

# 配置VLAN 4094。

[SwitchB] vlan 4094

[SwitchB-vlan4094] port Gigabitethernet 3/0/5

[SwitchB-vlan4094] quit

[SwitchB] interface GigabitEthernet 3/0/5

[SwitchB-GigabitEthernet3/0/5] undo shutdown

[SwitchB-GigabitEthernet3/0/5] quit

[SwitchB] interface vlan-interface 4094

[SwitchB-Vlan-interface4094] undo shutdown

[SwitchB-Vlan-interface4094] ipv6 address 2001::2/64

[SwitchB-Vlan-interface4094] quit

# 配置VRRP工作在负载均衡模式。

[SwitchB] vrrp ipv6 mode load-balance

# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# 配置Swtich B在备份组1中的优先级为110。

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# 配置允许发布RA消息。

[SwitchB-Vlan-interface2] undo ipv6 nd ra halt

# 在VLAN接口2上配置虚拟转发器权重监视Track项1,当Track项1状态为Negative时,VLAN接口2上IPv6 VRRP备份组1所有虚拟转发器的权重都降低255。

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 weight track 1 reduced 255

[SwitchB-Vlan-interface2] quit

# 创建与VLAN接口4094的IPv6协议状态关联的Track项1。

[SwitchB] track 1 interface Vlan-interface4094 protocol ipv6

8.5.3  配置Switch C

# 配置VLAN 2。

<SwitchC> system-view

[SwitchC] vlan 2

[SwitchC-vlan2] port Gigabitethernet 3/0/1

[SwitchC-vlan2] quit

[SwitchC] interface GigabitEthernet 3/0/1

[SwitchC-GigabitEthernet3/0/1] undo shutdown

[SwitchC-GigabitEthernet3/0/1] quit

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] undo shutdown

[SwitchC-Vlan-interface2] ipv6 address fe80::3 link-local

[SwitchC-Vlan-interface2] ipv6 address 1::3 64

[SwitchC-Vlan-interface2] quit

# 配置VLAN 4094。

[SwitchC] vlan 4094

[SwitchC-vlan4094] port Gigabitethernet 3/0/5

[SwitchC-vlan4094] quit

[SwitchC] interface GigabitEthernet 3/0/5

[SwitchC-GigabitEthernet3/0/5] undo shutdown

[SwitchC-GigabitEthernet3/0/5] quit

[SwitchC] interface vlan-interface 4094

[SwitchC-Vlan-interface4094] undo shutdown

[SwitchC-Vlan-interface4094] ipv6 address 2001::3/64

[SwitchC-Vlan-interface4094] quit

# 配置VRRP工作在负载均衡模式。

[SwitchC] vrrp ipv6 mode load-balance

# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# 配置允许发布RA消息。

[SwitchC-Vlan-interface2] undo ipv6 nd ra halt

# 在VLAN接口2上配置虚拟转发器权重监视Track项1,当Track项1状态为Negative时,VLAN接口2上IPv6 VRRP备份组1所有虚拟转发器的权重都降低255。

[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 weight track 1 reduced 255

[SwitchC-Vlan-interface2] quit

# 创建与VLAN接口4094的IPv6协议状态关联的Track项1。

[SwitchC] track 1 interface Vlan-interface4094 protocol ipv6

8.6  验证配置

(1)     配置完成后,Host A、Host B和Host C都可以ping通外网。

(2)     通过display vrrp ipv6 verbose命令查看配置后的结果。

# 查看Switch A上全部IPv6 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch A在备份组1中为Master设备。Switch A上存在一个AVF,和两个作为备份的LVF。

[SwitchA] display vrrp ipv6 verbose

IPv6 virtual Router Information:

     Running Mode       : Load Balance

Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Master IP      : FE80::1

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Active

     Virtual MAC    : 000f-e2ff-4011 (Owner)

     Owner ID       : 6697-1250-0100

     Priority       : 255

     Active         : local

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-4012 (Learnt)

     Owner ID       : 00e0-6405-3100

     Priority       : 127

     Active         : FE80::2

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-4013 (Learnt)

     Owner ID       : 00e0-3948-0100

     Priority       : 127

     Active         : FE80::3

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 255

# 查看Switch B上全部IPv6 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch B在备份组1中为Backup设备。Switch B上存在一个AVF,和两个作为备份的LVF。

[SwitchB] display vrrp ipv6 verbose

IPv6 virtual Router Information:

     Running Mode       : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Master IP      : FE80::1

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Listening

     Virtual MAC    : 000f-e2ff-4011 (Learnt)

     Owner ID       : 6697-1250-0100

     Priority       : 127

     Active         : FE80::1

    Forwarder 02

     State          : Active

     Virtual MAC    : 000f-e2ff-4012 (Owner)

     Owner ID       : 00e0-6405-3100

     Priority       : 255

     Active         : local

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-4013 (Learnt)

     Owner ID       : 00e0-3948-0100

     Priority       : 127

     Active         : FE80::3

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 255

# 查看Switch C上全部IPv6 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch C在备份组1中为Backup设备。Switch C上存在一个AVF,和两个作为备份的LVF。

[SwitchC] display vrrp ipv6 verbose

IPv6 virtual Router Information:

     Running Mode       : Load Balance

Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Master IP      : FE80::1

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Listening

     Virtual MAC    : 000f-e2ff-4011 (Learnt)

     Owner ID       : 6697-1250-0100

     Priority       : 127

     Active         : FE80::1

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-4012 (Learnt)

     Owner ID       : 00e0-6405-3100

     Priority       : 127

     Active         : FE80::2

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-4013 (Owner)

     Owner ID       : 00e0-3948-0100

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 255

# Switch A出现故障后,通过display vrrp verbose命令查看Switch C上备份组的详细信息。

[SwitchC] display vrrp ipv6 verbose

IPv6 virtual Router Information:

     Running Mode       : Load Balance

Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Master IP      : FE80::2

   Forwarder Information: 3 Forwarders 2 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Active

     Virtual MAC    : 000f-e2ff-4011 (Take Over)

     Owner ID       : 6697-1250-0100

     Priority       : 85

     Active         : local

     Redirect Time  : 549 secs

     Time-out Time  : 1749 secs

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-4012 (Learnt)

     Owner ID       : 00e0-6405-3100

     Priority       : 85

     Active         : FE80::2

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-4013 (Owner)

     Owner ID       : 00e0-3948-0100

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 255

以上显示信息表示Switch A出现故障后,Switch B成为Master路由器;Switch C成为虚拟MAC地址000F-E2FF-4011对应的虚拟转发器的AVF,Host A发送给外网的报文通过Switch C转发。

8.7  配置文件

·     Switch A:

#

vlan 2

#

vlan 4094

#

 vrrp ipv6 mode load-balance

#

interface Vlan-interface2

 ipv6 address 1::1/64

 ipv6 address FE80::1 link-local

 vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local

 vrrp ipv6 vrid 1 virtual-ip 1::10

 vrrp ipv6 vrid 1 priority 120

 vrrp ipv6 vrid 1 weight track 1 reduced 255

 undo ipv6 nd ra halt

#

interface Vlan-interface4094

 ipv6 address 2001::1/64

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 2

#

interface GigabitEthernet3/0/5

 port link-mode bridge

 port access vlan 4094

#

track 1 interface Vlan-interface4094 protocol ipv6

#

·     Switch B:

#

vlan 2

#

vlan 4094

#

 Vrrp ipv6 mode load-balance

#

interface Vlan-interface2

 ipv6 address 1::2/64

 ipv6 address FE80::2 link-local

 vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local

 vrrp ipv6 vrid 1 virtual-ip 1::10

 vrrp ipv6 vrid 1 priority 120

 vrrp ipv6 vrid 1 weight track 1 reduced 255

 undo ipv6 nd ra halt

#

interface Vlan-interface4094

 ipv6 address 2001::2/64

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 2

#

interface GigabitEthernet3/0/5

 port link-mode bridge

 port access vlan 4094

#

track 1 interface Vlan-interface4094 protocol ipv6

#

·     Switch C:

#

vlan 2

#

vlan 4094

#

 vrrp ipv6 mode load-balance

#

interface Vlan-interface2

 ipv6 address 1::3/64

 ipv6 address FE80::3 link-local

 vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local

 vrrp ipv6 vrid 1 virtual-ip 1::10

 vrrp ipv6 vrid 1 priority 120

 vrrp ipv6 vrid 1 weight track 1 reduced 255

 undo ipv6 nd ra halt

#

interface Vlan-interface4094

 ipv6 address 2001::3/64

#

interface GigabitEthernet3/0/1

 port link-mode bridge

 port access vlan 2

#

interface GigabitEthernet3/0/5

 port link-mode bridge

 port access vlan 4094

#

track 1 interface Vlan-interface4094 protocol ipv6

#

9  相关资料

·     《H3C S12500系列路由交换机 可靠性配置指导》中的“VRRP”

·     《H3C S12500系列路由交换机 可靠性命令参考》中的“VRRP”

·     《H3C S12500系列路由交换机 可靠性配置指导》中的“BFD”

·     《H3C S12500系列路由交换机 可靠性命令参考》中的“BFD”

·     《H3C S12500系列路由交换机 可靠性配置指导》中的“Track”

·     《H3C S12500系列路由交换机 可靠性命令参考》中的“Track”

·     《H3C S12500系列路由交换机 二层技术-以太网交换配置指导》中的“生成树”

·     《H3C S12500系列路由交换机 二层技术以太网交换命令参考》中的“生成树”

不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!

新华三官网
联系我们