01-S12500_VRRP典型配置举例
本章节下载: 01-S12500_VRRP典型配置举例 (362.64 KB)
目 录
本文档介绍了VRRP(Virtual Router Redundancy Protocol,虚拟路由器冗余协议)的配置举例。
设备支持两种模式的VRRP:
· 标准协议模式:基于RFC实现的VRRP。备份组中只有Master路由器可以转发报文,Backup路由器处于监听状态,无法转发报文。
· 负载均衡模式:在标准协议模式的基础上实现了负载均衡功能,只需创建一个备份组,就可以实现备份组中的每台路由器都能转发流量。
除了负载均衡模式,用户还可以创建多个标准备份组实现负载分担。这种方式下,需要将设备在一个备份组中配置为Master设备,在其他备份组中配置为Backup设备,并且为局域网内的主机分配不同的备份组作为网关。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文假设您已了解VRRP特性。
如图1所示,在承担网关功能的Switch A和Switch B上分别配置组号相同的VRRP备份组,用户IPv4网络中的主机将VRRP备份组作为缺省网关。要求满足如下需求:
· Switch A是VRRP备份组中的Master设备,用户网络的主机在正常情况下优先从Switch A访问外网。当Switch A故障时,Switch B能够成为Master设备,承担转发任务。
· 当Switch A连接上行链路的接口故障时,用户网络中的主机能够从Switch B访问外网。
· 配置MSTP避免Switch A、Switch B和L2 Switch之间存在的环路问题,并指定Master设备为根桥。
图1 IPv4 VRRP单备份组配置组网图
· 为了保证用户网络在正常情况下优先从Switch A访问外网,可以设置Switch A在备份组中具有更高的优先级,即保证Switch A优先作为备份组的Master设备。本例中将Switch A的优先级配置为120,Switch B使用缺省优先级100。
· Switch A连接上行链路的接口出现故障时,备份组无法感知上行链路接口的故障,这将导致用户网络内的主机无法访问外部网络。可以在Switch A上配置Track项监视上行接口,当Switch A连接上行链路的接口处于Down或Removed状态时,Switch A主动降低自己的优先级,使得备份组内的Switch B优先级高于Switch A,Switch B能够成功抢占成为Master,承担转发任务。
本举例是在S12500-CMW710-R7129版本上进行配置和验证的。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 设备在某个备份组中作为IP地址拥有者(接口IP地址与虚拟IP地址相同的设备被称为IP地址拥有者)时,如果在该设备上配置该备份组监视指定的Track项,则该配置不会生效。该路由器不再作为IP地址拥有者后,监视功能的配置才会生效。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则备份组无法正常工作。
# 配置VLAN 101。
<SwitchA> system-view
[SwitchA] vlan 101
[SwitchA-vlan101] port Gigabitethernet 2/0/1
[SwitchA-vlan101] port Gigabitethernet 2/0/24
[SwitchA-vlan101] quit
[SwitchA] interface GigabitEthernet 2/0/1
[SwitchA-GigabitEthernet2/0/1] undo shutdown
[SwitchA-GigabitEthernet2/0/1] quit
[SwitchA] interface GigabitEthernet 2/0/24
[SwitchA-GigabitEthernet2/0/24] undo shutdown
[SwitchA-GigabitEthernet2/0/24] quit
[SwitchA] interface vlan-interface 101
[SwitchA–Vlan-interface101] undo shutdown
[SwitchA-Vlan-interface101] ip address 10.0.0.2 24
[SwitchA–Vlan-interface101] quit
# 配置VLAN 4094。
[SwitchA] vlan 4094
[SwitchA-vlan4094] port Gigabitethernet 2/0/2
[SwitchA-vlan4094] quit
[SwitchA] interface GigabitEthernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] undo shutdown
[SwitchA-GigabitEthernet2/0/2] quit
[SwitchA] interface vlan-interface 4094
[SwitchA–Vlan-interface4094] undo shutdown
[SwitchA-Vlan-interface4094] ip address 100.0.0.2 24
[SwitchA-Vlan-interface4094] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为10.0.0.1。
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
# 配置Switch A在备份组1中的优先级为120。
[SwitchA-Vlan-interface101] vrrp vrid 1 priority 120
[SwitchA-Vlan-interface101] quit
# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。
[SwitchA] track 1 interface Vlan-interface 4094
# 配置备份组1监视Track项1,当Track项的状态为Negative时,降低Switch A在备份组中的优先级。
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] vrrp vrid 1 track 1 reduced 255
[SwitchA-Vlan-interface101] quit
# 配置MSTP。
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name vrrp
[SwitchA-mst-region] instance 1 vlan 101
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] stp instance 1 root primary
[SwitchA] stp global enable
# 配置VLAN 101。
<SwitchB> system-view
[SwitchB] vlan 101
[SwitchB-vlan101] port Gigabitethernet 3/0/1
[SwitchB-vlan101] port Gigabitethernet 3/0/24
[SwitchB-vlan101] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
[SwitchB] interface GigabitEthernet 3/0/24
[SwitchB-GigabitEthernet3/0/24] undo shutdown
[SwitchB-GigabitEthernet3/0/24] quit
[SwitchB] interface Vlan-interface 101
[SwitchB-Vlan-interface101] undo shutdown
[SwitchB-Vlan-interface101] ip address 10.0.0.3 24
[SwitchB-Vlan-interface101] quit
# 配置VLAN 4094。
[SwitchB] vlan 4094
[SwitchB-vlan4094] port Gigabitethernet 3/0/2
[SwitchB-vlan4094] quit
[SwitchB] interface GigabitEthernet 3/0/2
[SwitchB-GigabitEthernet3/0/2] undo shutdown
[SwitchB-GigabitEthernet3/0/2] quit
[SwitchB] interface Vlan-interface 4094
[SwitchB-Vlan-interface4094] undo shutdown
[SwitchB-Vlan-interface4094] ip address 100.0.0.3 24
[SwitchB-Vlan-interface4094] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为10.0.0.1。
[SwitchB] interface Vlan-interface 101
[SwitchB-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
[SwitchB-Vlan-interface101] quit
# 配置MSTP。
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name vrrp
[SwitchB-mst-region] instance 1 vlan 101
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
[SwitchB] stp global enable
配置MSTP,配置方法同Switch B。
(1) 配置完成后,Host A和Host B都可以ping通外网。
(2) 通过display vrrp verbose命令查看配置后的结果。
# 查看Switch A上全部IPv4 VRRP备份组的详细信息,显示Switch A在备份组1中为Master设备。
[SwitchA] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
VRRP Track Information:
Track Object: 1 State : Positive Pri Reduced : 255
# 查看Switch B上全部IPv4 VRRP备份组的详细信息,显示Switch B在备份组1中为Backup设备。
[SwitchB] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Master IP : 10.0.0.2
# 查看L2 Switch上的MSTP状态,显示与Backup(Switch B)相连的端口被阻塞。
<L2Switch> display stp instance 1 brief
MSTID Port Role STP State Protection
1 GigabitEthernet3/0/1 ROOT FORWARDING NONE
1 GigabitEthernet3/0/2 ALTE DISCARDING NONE
# Switch A出现故障或者被监视的上行VLAN接口down后,通过display vrrp verbose命令查看Switch B上备份组的详细信息。可以看到Switch B抢占为Master。
[SwitchB] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.3
· Switch A:
#
vlan 101
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
vrrp vrid 1 priority 120
vrrp vrid 1 track 1 reduced 255
#
interface Vlan-interface4094
ip address 100.0.0.2 255.255.255.0
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 4094
#
interface GigabitEthernet2/0/24
port link-mode bridge
port access vlan 101
#
track 1 interface Vlan-interface 4094
#
· Switch B:
#
vlan 101
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
active region-configuration
#
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
#
interface Vlan-interface4094
ip address 100.0.0.3 255.255.255.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet3/0/2
port link-mode bridge
port access vlan 4094
#
interface GigabitEthernet3/0/24
port link-mode bridge
port access vlan 101
#
如图2所示,S在承担网关功能的Switch A和Switch B上分别配置两个VRRP备份组,区域A用户将VRRP备份组1作为缺省网关,区域B用户将VRRP备份组2作为缺省网关。要求满足如下需求:
· Switch A是VRRP备份组1中的Master设备,Switch B是VRRP备份组2中的Master设备。在正常情况下,区域A用户通过Switch A进行数据转发,区域B用户通过Switch B进行数据转发。当一台网关设备出现故障时,另一台网关设备能够承担受影响区域内主机流量的转发任务。
· 当备份组中的Master设备连接上行链路的接口故障时,受影响区域内的主机仍然可以通过另一台网关设备访问外部网络。
· 配置MSTP多实例避免Switch A、Switch B和L2 Switch之间存在的环路问题,并使得各实例中均以Master设备为根桥。
图2 IPv4 VRRP多备份组负载分担配置组网图
· 为了保证Switch A优先作为备份组1的Master设备,设置Switch A在备份组1中具有更高的优先级(本例中Switch A在备份组1中的优先级配置为120,Switch B使用缺省优先级100);为了保证Switch B优先作为备份组2的Master设备,设置Switch B在备份组2中具有更高的优先级(本例中Switch B在备份组2中的优先级配置为120,Switch A使用缺省优先级100)。
· Master设备连接的上行链路的接口出现故障时,备份组无法感知上行链路接口的故障,这将导致用户网络内的主机无法访问外部网络。可以分别在两个VRRP备份组中的Master设备上配置Track项监视上行接口,当Master设备连接上行链路的接口处于Down或Removed状态时,Master设备主动降低自己的优先级,使得备份组内的Backup设备优先级高于Master设备,从而能够成功抢占成为Master,承担转发任务。
本举例是在S12500-CMW710-R7129版本上进行配置和验证的。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 设备在某个备份组中作为IP地址拥有者时,如果在该设备上配置该备份组监视指定的Track项,则该配置不会生效。该路由器不再作为IP地址拥有者后,监视功能的配置才会生效。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则备份组无法正常工作。
# 配置VLAN 101。
<SwitchA> system-view
[SwitchA] vlan 101
[SwitchA-vlan101] port Gigabitethernet 2/0/1
[SwitchA-vlan101] quit
[SwitchA] interface GigabitEthernet 2/0/1
[SwitchA-GigabitEthernet2/0/1] undo shutdown
[SwitchA-GigabitEthernet2/0/1] quit
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] undo shutdown
[SwitchA-Vlan-interface101] ip address 10.0.0.2 24
[SwitchA-Vlan-interface101] quit
# 配置VLAN 102。
[SwitchA] vlan 102
[SwitchA-vlan102] port Gigabitethernet 2/0/3
[SwitchA-vlan102] quit
[SwitchA] interface GigabitEthernet 2/0/3
[SwitchA-GigabitEthernet2/0/3] undo shutdown
[SwitchA-GigabitEthernet2/0/3] quit
[SwitchA] interface vlan-interface 102
[SwitchA-Vlan-interface102] undo shutdown
[SwitchA-Vlan-interface102] ip address 11.0.0.2 24
[SwitchA-Vlan-interface102] quit
# 配置VLAN 4094。
[SwitchA] vlan 4094
[SwitchA-vlan4094] port Gigabitethernet 2/0/2
[SwitchA-vlan4094] quit
[SwitchA] interface GigabitEthernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] undo shutdown
[SwitchA-GigabitEthernet2/0/2] quit
[SwitchA] interface vlan-interface 4094
[SwitchA-Vlan-interface4094] undo shutdown
[SwitchA-Vlan-interface4094] ip address 100.0.0.2 24
[SwitchA-Vlan-interface4094] quit
# 配置Switch A和Switch B直连的端口GE2/0/24为Trunk口,允许VLAN 101和VLAN 102通过。
[SwitchA] interface GigabitEthernet2/0/24
[SwitchA-GigabitEthernet2/0/24] undo shutdown
[SwitchA-GigabitEthernet2/0/24] port link-type trunk
[SwitchA-GigabitEthernet2/0/24] undo port trunk permit vlan 1
[SwitchA-GigabitEthernet2/0/24] port trunk permit vlan 101 to 102
[SwitchA-GigabitEthernet2/0/24] port trunk pvid vlan 101
[SwitchA-GigabitEthernet2/0/24] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为10.0.0.1。
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
# 配置Switch A在备份组1中的优先级为120。
[SwitchA-Vlan-interface101] vrrp vrid 1 priority 120
[SwitchA-Vlan-interface101] quit
# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。
[SwitchA] track 1 interface Vlan-interface 4094
# 配置备份组1监视Track项1,当Track项的状态为Negative时,降低Switch A在备份组1中的优先级。
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] vrrp vrid 1 track 1 reduced 255
[SwitchA-Vlan-interface101] quit
# 创建VRRP备份组2,并配置备份组2的虚拟IP地址为11.0.0.1。
[SwitchA] interface vlan-interface 102
[SwitchA-Vlan-interface102] vrrp vrid 1 virtual-ip 11.0.0.1
[SwitchA-Vlan-interface102] quit
# 配置MSTP。
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name vrrp
[SwitchA-mst-region] instance 1 vlan 101
[SwitchA-mst-region] instance 2 vlan 102
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] stp instance 1 root primary
[SwitchA] stp global enable
# 配置VLAN 101。
<SwitchB> system-view
[SwitchB] vlan 101
[SwitchB-vlan101] port Gigabitethernet 3/0/1
[SwitchB-vlan101] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] undo shutdown
[SwitchB-Vlan-interface101] ip address 10.0.0.3 24
[SwitchB-Vlan-interface101] quit
# 配置VLAN 102。
[SwitchB] vlan 102
[SwitchB-vlan102] port Gigabitethernet 3/0/3
[SwitchB-vlan102] quit
[SwitchB] interface GigabitEthernet 3/0/3
[SwitchB-GigabitEthernet3/0/3] undo shutdown
[SwitchB-GigabitEthernet3/0/3] quit
[SwitchB] interface vlan-interface 102
[SwitchB-Vlan-interface102] undo shutdown
[SwitchB-Vlan-interface102] ip address 11.0.0.3 24
[SwitchB-Vlan-interface102] quit
# 配置VLAN 4094。
[SwitchB] vlan 4094
[SwitchB-vlan4094] port Gigabitethernet 3/0/2
[SwitchB-vlan4094] quit
[SwitchB] interface GigabitEthernet 3/0/2
[SwitchB-GigabitEthernet3/0/2] undo shutdown
[SwitchB-GigabitEthernet3/0/2] quit
[SwitchB] interface vlan-interface 4094
[SwitchB-Vlan-interface4094] undo shutdown
[SwitchB-Vlan-interface4094] ip address 100.0.0.3 24
[SwitchB-Vlan-interface4094] quit
# 配置Switch B和Switch A直连的端口GE3/0/24为Trunk口,允许VLAN 101和VLAN 102通过。
[SwitchB] interface GigabitEthernet3/0/24
[SwitchB-GigabitEthernet3/0/24] undo shutdown
[SwitchB-GigabitEthernet3/0/24] port link-type trunk
[SwitchB-GigabitEthernet3/0/24] undo port trunk permit vlan 1
[SwitchB-GigabitEthernet3/0/24] port trunk permit vlan 101 to 102
[SwitchB-GigabitEthernet3/0/24] port trunk pvid vlan 101
[SwitchB-GigabitEthernet3/0/24] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为10.0.0.1。
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
[SwitchB-Vlan-interface101] quit
# 创建VRRP备份组2,并配置备份组2的虚拟IP地址为11.0.0.1。
[SwitchB] interface vlan-interface 102
[SwitchB-Vlan-interface102] vrrp vrid 1 virtual-ip 11.0.0.1
# 配置Switch B在备份组2中的优先级为120。
[SwitchB-Vlan-interface102] vrrp vrid 1 priority 120
[SwitchB-Vlan-interface102] quit
# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。
[swithcB] track 1 interface Vlan-interface 4094
# 配置备份组2监视Track项1,当Track项的状态为Negative时,降低Switch B在备份组2中的优先级。
[SwitchB] interface vlan-interface 102
[SwitchB-Vlan-interface102] vrrp vrid 1 track 1 reduced 255
[SwitchB-Vlan-interface102] quit
# 配置MSTP。
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name vrrp
[SwitchB-mst-region] instance 1 vlan 101
[SwitchB-mst-region] instance 2 vlan 102
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
[SwitchB] stp instance 2 root primary
[SwitchB] stp global enable
(1) 配置完成后,区域A和区域B中的主机都可以ping通外网。
(2) 通过display vrrp verbose命令查看配置后的结果。
# 查看Switch A上全部IPv4 VRRP备份组的详细信息,显示Switch A在备份组1中为Master设备,在备份组2中为Backup设备。
[SwitchA] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
VRRP Track Information:
Track object: 1 State : Positive Pri Reduced : 255
Interface Vlan-interface102
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 11.0.0.1
Master IP : 11.0.0.3
# 查看Switch B上全部IPv4 VRRP备份组的详细信息,显示Switch B在备份组1中为Backup设备,在备份组2中为Master设备。
[SwitchB] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Master IP : 10.0.0.2
Interface Vlan-interface102
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 11.0.0.3
VRRP Track Information:
Track object: 1 State :positive Pri Reduced : 255
# 查看Switch A上MSTP状态的简要信息,显示Switch A的端口GE2/0/3在MSTI2中被阻塞。
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet2/0/1 DESI FORWARDING NONE
0 GigabitEthernet2/0/24 DESI FORWARDING NONE
0 GigabitEthernet2/0/3 ROOT FORWARDING NONE
1 GigabitEthernet2/0/1 DESI FORWARDING NONE
1 GigabitEthernet2/0/24 DESI FORWARDING NONE
2 GigabitEthernet2/0/24 ROOT FORWARDING NONE
2 GigabitEthernet2/0/3 ALTE DISCARDING NONE
# 查看Switch B上MSTP状态的简要信息,显示Switch B的端口GE3/0/1在MSTI1中被阻塞。
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet3/0/1 DESI FORWARDING NONE
0 GigabitEthernet3/0/24 ALTE DISCARDING NONE
0 GigabitEthernet3/0/3 ROOT FORWARDING NONE
1 GigabitEthernet3/0/1 ALTE DISCARDING NONE
1 GigabitEthernet3/0/24 ROOT FORWARDING NONE
2 GigabitEthernet3/0/24 DESI FORWARDING NONE
2 GigabitEthernet3/0/3 DESI FORWARDING NONE
# Switch A出现故障或者被监视的上行VLAN接口down后,通过display vrrp verbose命令查看Switch B上备份组的详细信息。可以看到Switch B抢占为备份组1的Master。
[SwitchB] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.3
Interface Vlan-interface102
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 11.0.0.3
VRRP Track Information:
Track Obeject: 1 State : Positive Pri Reduced : 255
· Switch A:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
vrrp vrid 1 priority 120
vrrp vrid 1 track 1 reduced 255
#
interface Vlan-interface102
ip address 11.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 11.0.0.1
#
interface Vlan-interface4094
ip address 100.0.0.2 255.255.255.0
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 4094
#
interface GigabitEthernet2/0/3
port link-mode bridge
port access vlan 102
#
interface GigabitEthernet2/0/24
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Vlan-interface 4094
#
· Switch B:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 2 root primary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
#
interface Vlan-interface102
ip address 11.0.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 11.0.0.1
vrrp vrid 1 priority 120
vrrp vrid 1 track 1 reduced 255
#
interface Vlan-interface4094
ip address 100.0.0.3 255.255.255.0
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet3/0/2
port link-mode bridge
port access vlan 4094
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 102
#
interface GigabitEthernet3/0/24
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Vlan-interface 4094
#
如图3所示,在承担网关功能的Switch A、Switch B和Switch C上配置有VRRP备份组,虚拟IP地址为10.1.1.1/24。用户IPv4网络中的主机将VRRP备份组作为缺省网关。要求通过配置VRRP负载均衡模式满足如下需求:
· Switch A是VRRP备份组中的Master设备,Switch B、Switch C是Backup设备。某台网关设备(Switch A、Switch B或Switch C)出现故障时,用户主机仍然可以通过其他网关设备访问外部网络。
· 不同主机的流量通过备份组中不同的网关设备转发,避免流量集中在Master设备上。
· AVF(Active Virtual Forwarder,动态虚拟转发器)上行链路出现故障时,能及时通知LVF(Listening Virtual Forwarder,监听虚拟转发器)接替其转发流量。
图3 IPv4 VRRP负载均衡模式配置组网图
· 为了保证Switch A作为Master,可以将Switch A在备份组中的优先级配置为120,高于Switch B(Switch B在备份组中的优先级配置为110)、Switch C(Switch C在备份组中的优先级为缺省值100)。
· 为了保证AVF上行链路出现故障时,能及时通知LVF接替其转发流量。可以在各网关设备上配置虚拟转发器的监视功能,利用BFD监测AVF连接的上行链路的状态,并通过Track功能在虚拟转发器和BFD之间建立联动。当上行链路出现故障,Track项的状态变为Negative,虚拟转发器的权重将降低指定的数额,以便虚拟转发器优先级更高的网关设备抢占成为AVF,接替其转发流量。
本举例是在S12500-CMW710-R7129版本上进行配置和验证的。
· VRRP工作在负载均衡模式时,虚拟IP地址不能与VRRP备份组中路由器的接口IP地址相同,即负载均衡模式的VRRP备份组中不能存在IP地址拥有者。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则备份组无法正常工作。
# 配置VLAN 2。
<SwitchA> system-view
[SwitchA] vlan 2
[SwitchA-vlan2] port Gigabitethernet 3/0/1
[SwitchA-vlan2] quit
[SwitchA] interface GigabitEthernet 3/0/1
[SwitchA-GigabitEthernet3/0/1] undo shutdown
[SwitchA-GigabitEthernet3/0/1] quit
[SwitchA] interface vlan-interface 2
[SwitchA–Vlan-interface2] undo shutdown
[SwitchA-Vlan-interface2] ip address 10.1.1.2 24
[SwitchA–Vlan-interface2] quit
# 配置VLAN 4094。
[SwitchA] vlan 4094
[SwitchA-vlan4094] port Gigabitethernet 3/0/5
[SwitchA-vlan4094] quit
[SwitchA] interface GigabitEthernet 3/0/5
[SwitchA-GigabitEthernet3/0/5] undo shutdown
[SwitchA-GigabitEthernet3/0/5] quit
[SwitchA] interface vlan-interface 4094
[SwitchA–Vlan-interface4094] undo shutdown
[SwitchA-Vlan-interface4094] ip address 100.0.0.2 24
[SwitchA–Vlan-interface4094] quit
# 配置VRRP工作在负载均衡模式。
[SwitchA] vrrp mode load-balance
# 创建备份组1,并配置备份组1的虚拟IP地址为10.1.1.1。
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Switch A在备份组1中的优先级为120。
[SwitchA-Vlan-interface2] vrrp vrid 1 priority 120
# 配置虚拟转发器的监视功能。
[SwitchA-Vlan-interface2] vrrp vrid 1 weight track 1 reduced 255
[SwitchA-Vlan-interface2] quit
# 配置BFD echo报文方式的源IP地址。IP地址可以任意指定,不需要与实际接口地址对应。请不要将BFD echo报文的源IP地址配置为属于该设备任何一个接口所在网段。
[SwitchA] bfd echo-source-ip 45.45.45.45
# 配置接口接收BFD echo报文的最小时间间隔。
[SwitchA] interface vlan-interface 4094
[SwitchA-Vlan-interface4094] bfd min-echo-receive-interval 100
# 配置单跳BFD检测时间倍数。
[SwitchA-Vlan-interface4094] bfd detect-multiplier 3
[SwitchA–Vlan-interface4094] quit
# 创建和BFD会话关联的Track项1,远端IP为上行设备的接口IP地址。
[SwitchA] track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.2
# 配置VLAN 2。
<SwitchB> system-view
[SwitchB] vlan 2
[SwitchB-vlan2] port Gigabitethernet 3/0/1
[SwitchB-vlan2] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
[SwitchB] interface vlan-interface 2
[SwitchB–Vlan-interface2] undo shutdown
[SwitchB-Vlan-interface2] ip address 10.1.1.3 24
[SwitchB-Vlan-interface2] quit
# 配置VLAN 4094。
[SwitchB] vlan 4094
[SwitchB-vlan4094] port Gigabitethernet 3/0/5
[SwitchB-vlan4094] quit
[SwitchB] interface GigabitEthernet 3/0/5
[SwitchB-GigabitEthernet3/0/5] undo shutdown
[SwitchB-GigabitEthernet3/0/5] quit
[SwitchB] interface vlan-interface 4094
[SwitchB–Vlan-interface4094] undo shutdown
[SwitchB-Vlan-interface4094] ip address 100.0.0.3 24
[SwitchB–Vlan-interface4094] quit
# 配置VRRP工作在负载均衡模式。
[SwitchB] vrrp mode load-balance
# 创建备份组1,并配置备份组1的虚拟IP地址为10.1.1.1。
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Swtich B在备份组1中的优先级为110。
[SwitchB-Vlan-interface2] vrrp vrid 1 priority 110
# 配置虚拟转发器的监视功能。
[SwitchB-Vlan-interface2] vrrp vrid 1 weight track 1 reduced 255
[SwitchB-Vlan-interface2] quit
# 配置BFD echo报文方式的源IP地址。IP地址可以任意指定,不需要与实际接口地址对应。请不要将BFD echo报文的源IP地址配置为属于该设备任何一个接口所在网段。
[SwitchB] bfd echo-source-ip 56.56.56.56
# 配置接口接收BFD echo报文的最小时间间隔。
[SwitchB] interface vlan-interface 4094
[SwitchB-Vlan-interface4094] bfd min-echo-receive-interval 100
# 配置单跳BFD检测时间倍数。
[SwitchB-Vlan-interface4094] bfd detect-multiplier 3
[SwitchB–Vlan-interface4094] quit
# 创建和BFD会话关联的Track项,远端IP为上行设备的接口IP地址。
[SwitchB] track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.3
# 配置VLAN 2。
<SwitchC> system-view
[SwitchC] vlan 2
[SwitchC-vlan2] port Gigabitethernet 3/0/1
[SwitchC-vlan2] quit
[SwitchC] interface GigabitEthernet 3/0/1
[SwitchC-GigabitEthernet3/0/1] undo shutdown
[SwitchC-GigabitEthernet3/0/1] quit
[SwitchC] interface vlan-interface 2
[SwitchC-Vlan-interface2] undo shutdown
[SwitchC-Vlan-interface2] ip address 10.1.1.4 24
[SwitchC-Vlan-interface2] quit
# 配置VLAN 4094。
[SwitchC] vlan 4094
[SwitchC-vlan4094] port Gigabitethernet 3/0/5
[SwitchC-vlan4094] quit
[SwitchC] interface GigabitEthernet 3/0/5
[SwitchC-GigabitEthernet3/0/5] undo shutdown
[SwitchC-GigabitEthernet3/0/5] quit
[SwitchC] interface vlan-interface 4094
[SwitchC-Vlan-interface4094] undo shutdown
[SwitchC-Vlan-interface4094] ip address 100.0.0.4 24
[SwitchC-Vlan-interface4094] quit
# 配置VRRP工作在负载均衡模式。
[SwitchC] vrrp mode load-balance
# 创建备份组1,并配置备份组1的虚拟IP地址为10.1.1.1。
[SwitchC] interface vlan-interface 2
[SwitchC-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置虚拟转发器的监视功能。
[SwitchC-Vlan-interface2] vrrp vrid 1 weight track 1 reduced 255
[SwitchC-Vlan-interface2] quit
# 配置BFD echo报文方式的源IP地址。IP地址可以任意指定,不需要与实际接口地址对应。请不要将BFD echo报文的源IP地址配置为属于该设备任何一个接口所在网段。
[SwitchC] bfd echo-source-ip 67.67.67.67
# 配置接口接收BFD echo报文的最小时间间隔。
[SwitchC] interface vlan-interface 4094
[SwitchC-Vlan-interface4094] bfd min-echo-receive-interval 100
# 配置单跳BFD检测时间倍数。
[SwitchC-Vlan-interface4094] bfd detect-multiplier 3
[SwitchC-Vlan-interface4094] quit
# 创建和BFD会话关联的Track项,远端IP为上行设备的接口IP地址。
[SwitchC] track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.4
(1) 配置完成后,Host A、Host B和Host C都可以ping通外网。
(2) 通过display vrrp verbose命令查看配置后的结果。
# 查看Switch A上全部IPv4 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch A在备份组1中为Master设备。Switch A上存在一个AVF,和两个作为备份的LVF。
[SwitchA] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Load Balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 6697-1250-0100
Priority : 255
Active : local
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 00e0-6405-3100
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0001-0002-0103
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 255
# 查看Switch B上全部IPv4 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch B在备份组1中为Backup设备。Switch B上存在一个AVF,和两个作为备份的LVF。
[SwitchB] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Load Balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 6697-1250-0100
Priority : 127
Active : 10.1.1.2
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 00e0-6405-3100
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0001-0002-0103
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 255
# 查看Switch C上全部IPv4 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch C在备份组1中为Backup设备。Switch C上存在一个AVF,和两个作为备份的LVF。
[SwitchC] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Load Balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.1.1.1
Master IP : 10.1.1.2
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 6697-1250-0100
Priority : 127
Active : 10.1.1.2
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 00e0-6405-3100
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0001-0002-0103
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 255
# Switch A出现故障后,通过display vrrp verbose命令查看Switch C上备份组的详细信息。
[SwitchC] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Load Balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.1.1.1
Master IP : 10.1.1.3
Forwarder Information: 3 Forwarders 2 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Take Over)
Owner ID : 6697-1250-0100
Priority : 85
Active : local
Redirect Time : 588 secs
Time-out Time : 1788 secs
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 00e0-6405-3100
Priority : 85
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0001-0002-0103
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 255
以上显示信息表示Switch A出现故障后,Switch B成为Master路由器;Switch C成为虚拟MAC地址000f-e2ff-0011对应的虚拟转发器的AVF,Host A发送给外网的报文通过Switch C转发。
· Switch A:
#
vlan 2
#
vlan 4094
#
vrrp mode load-balance
#
bfd echo-source-ip 45.45.45.45
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 120
vrrp vrid 1 weight track 1 reduced 255
#
interface Vlan-interface4094
ip address 100.0.0.2 255.255.255.0
bfd min-echo-receive-interval 100
bfd detect-multiplier 3
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet3/0/5
port link-mode bridge
port access vlan 4094
#
track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.2
#
· Switch B:
#
vlan 2
#
vlan 4094
#
vrrp mode load-balance
#
bfd echo-source-ip 56.56.56.56
#
interface Vlan-interface2
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 110
vrrp vrid 1 weight track 1 reduced 255
#
interface Vlan-interface4094
ip address 100.0.0.3 255.255.255.0
bfd min-echo-receive-interval 100
bfd detect-multiplier 3
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 2
#
#
interface GigabitEthernet3/0/5
port link-mode bridge
port access vlan 4094
#
track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.3
#
· Switch C:
#
vlan 2
#
vlan 4094
#
vrrp mode load-balance
#
bfd echo-source-ip 67.67.67.67
#
interface Vlan-interface2
ip address 10.1.1.4 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 weight track 1 reduced 255
#
interface Vlan-interface4094
ip address 100.0.0.4 255.255.255.0
bfd min-echo-receive-interval 100
bfd detect-multiplier 3
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 2
#
#
interface GigabitEthernet3/0/5
port link-mode bridge
port access vlan 4094
#
track 1 bfd echo interface Vlan-interface4094 remote ip 100.0.0.1 local ip 100.0.0.4
#
如图4所示,在承担网关功能的Switch A和Switch B上分别配置组号相同的IPv6 VRRP备份组,用户IPv6网络中的主机将VRRP备份组作为缺省网关。要求满足如下需求:
· Switch A是VRRP备份组中的Master设备,用户网络的主机在正常情况下优先从Switch A访问外网。当Switch A故障时,Switch B能够成为Master设备,承担转发任务。
· 当Switch A连接上行链路的接口故障时,用户网络中的主机能够从Switch B访问外网。
· 配置MSTP避免Switch A、Switch B和L2 Switch之间存在的环路问题,并指定Master设备为根桥。
图4 IPv6 VRRP单备份组配置组网图
· 为了保证用户网络在正常情况下优先从Switch A访问外网,可以设置Switch A在备份组中具有更高的优先级,即保证Switch A优先作为备份组的Master设备。本例中将Switch A的优先级配置为120,Switch B使用缺省优先级100。
· Switch A连接上行链路的接口出现故障时,备份组无法感知上行链路接口的故障,这将导致用户网络内的主机无法访问外部网络。可以在Switch A上配置Track项监视上行接口,当Switch A连接上行链路的接口处于Down或Removed状态时,Switch A主动降低自己的优先级,使得备份组内的Switch B优先级高于Switch A,Switch B能够成功抢占成为Master,承担转发任务。
本举例是在S12500-CMW710-R7129版本上进行配置和验证的。
· 建议将备份组的虚拟IPv6地址和接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 设备在某个备份组中作为IP地址拥有者时,如果在该设备上配置该备份组监视指定的Track项,则该配置不会生效。该路由器不再作为IP地址拥有者后,监视功能的配置才会生效。
# 配置VLAN 101。
<SwitchA> system-view
[SwitchA] vlan 101
[SwitchA-vlan101] port Gigabitethernet 2/0/1
[SwitchA-vlan101] port Gigabitethernet 2/0/24
[SwitchA-vlan101] quit
[SwitchA] interface GigabitEthernet 2/0/1
[SwitchA-GigabitEthernet2/0/1] undo shutdown
[SwitchA-GigabitEthernet2/0/1] quit
[SwitchA] interface GigabitEthernet 2/0/24
[SwitchA-GigabitEthernet2/0/24] undo shutdown
[SwitchA-GigabitEthernet2/0/24] quit
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] undo shutdown
[SwitchA-Vlan-interface101] ipv6 address 10::2 64
[SwitchA-Vlan-interface101] quit
# 配置VLAN 4094。
[SwitchA] vlan 4094
[SwitchA-vlan4094] port Gigabitethernet 2/0/2
[SwitchA-vlan4094] quit
[SwitchA] interface GigabitEthernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] undo shutdown
[SwitchA-GigabitEthernet2/0/2] quit
[SwitchA] interface vlan-interface 4094
[SwitchA-Vlan-interface4094] undo shutdown
[SwitchA-Vlan-interface4094] ipv6 address 100::2 64
[SwitchA-Vlan-interface4094] quit
# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::1和10::1。
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
# 配置Switch A在备份组1中的优先级为120。
[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 priority 120
[SwitchA-Vlan-interface101] quit
# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。
[switchA] track 1 interface vlan-interface 4094
# 配置备份组1监视Track项1,当Track项的状态为Negative时,降低Switch A在备份组中的优先级。
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 track 1 reduced 255
[SwitchA-Vlan-interface101] quit
# 配置MSTP。
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name vrrp
[SwitchA-mst-region] instance 1 vlan 101
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] stp instance 1 root primary
[SwitchA] stp global enable
# 配置VLAN 101。
<SwitchB> system-view
[SwitchB] vlan 101
[SwitchB-vlan101] port Gigabitethernet 3/0/1
[SwitchB-vlan101] port Gigabitethernet 3/0/24
[SwitchB-vlan101] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
[SwitchB] interface GigabitEthernet 3/0/24
[SwitchB-GigabitEthernet3/0/24] undo shutdown
[SwitchB-GigabitEthernet3/0/24] quit
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] undo shutdown
[SwitchB-Vlan-interface101] ipv6 address 10::3 64
[SwitchB-Vlan-interface101] quit
# 配置VLAN 4094。
[SwitchB] vlan 4094
[SwitchB-vlan4094] port Gigabitethernet 3/0/2
[SwitchB-vlan4094] quit
[SwitchB] interface GigabitEthernet 3/0/2
[SwitchB-GigabitEthernet3/0/2] undo shutdown
[SwitchB-GigabitEthernet3/0/2] quit
[SwitchB] interface vlan-interface 4094
[SwitchB-Vlan-interface4094] undo shutdown
[SwitchB-Vlan-interface4094] ipv6 address 100::3 64
[SwitchB-Vlan-interface4094] quit
# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::1和10::1。
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
[SwitchB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
[SwitchB-Vlan-interface101] quit
# 配置MSTP。
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name vrrp
[SwitchB-mst-region] instance 1 vlan 101
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
[SwitchB] stp global enable
配置MSTP,配置方法同Switch B。
(1) 配置完成后,在Host A和Host B上可以ping通外网。
(2) 通过display vrrp ipv6 verbose命令查看配置后的结果。
# 查看Switch A上全部IPv6 VRRP备份组的详细信息,显示Switch A在备份组1中为Master设备。
[SwitchA] display vrrp ipv6 verbose
IPv6 virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::2E0:64FF:FE05:3100
VRRP Track Information:
Track Object: 1 State : Positive Pri Reduced : 255
# 查看Switch B上全部IPv6 VRRP备份组的详细信息,显示Switch B在备份组1中为Backup设备。
[SwitchB] display vrrp ipv6 verbose
IPv6 virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
10::1
Master IP : FE80::2E0:64FF:FE05:3100
# 查看L2 Switch上的MSTP状态,显示与Backup(Switch B)相连的端口被阻塞。
<L2Switch> display stp instance 1 brief
MSTID Port Role STP State Protection
1 GigabitEthernet3/0/1 ROOT FORWARDING NONE
1 GigabitEthernet3/0/2 ALTE DISCARDING NONE
# Switch A出现故障或者被监视的上行VLAN接口down后,通过display vrrp ipv6 verbose命令查看Switch B上备份组的详细信息。可以看到Switch B抢占为Master。
[SwitchB] display vrrp ipv6 verbose
IPv6 virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::6697:12FF:FE50:100
· Switch A:
#
vlan 101
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Vlan-interface101
ipv6 address 10::2/64
vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 track 1 reduced 255
#
interface Vlan-interface4094
ipv6 address 100::2/64
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 4094
#
interface GigabitEthernet2/0/24
port link-mode bridge
port access vlan 101
#
track 1 interface Vlan-interface 4094
#
· Switch B:
#
vlan 101
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
active region-configuration
#
stp global enable
#
interface Vlan-interface101
ipv6 address 10::3/64
vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
#
interface Vlan-interface4094
ipv6 address 100::3/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet3/0/2
port link-mode bridge
port access vlan 4094
#
interface GigabitEthernet3/0/24
port link-mode bridge
port access vlan 101
#
如图5所示,在承担网关功能的Switch A和Switch B上分别配置两个IPv6 VRRP备份组,区域A用户将VRRP备份组1作为缺省网关,区域B用户将VRRP备份组2作为缺省网关。要求满足如下需求:
· Switch A是VRRP备份组1中的Master设备,Switch B是VRRP备份组2中的Master设备。在正常情况下,区域A用户通过Switch A进行数据转发,区域B用户通过Switch B进行数据转发。当一台网关设备出现故障时,另一台网关设备能够承担受影响区域内主机流量的转发任务。
· 当备份组中的Master设备连接上行链路的接口故障时,受影响区域内的主机仍然可以通过另一台网关设备访问外部网络。
· 配置MSTP多实例避免Switch A、Switch B和L2 Switch之间存在的环路问题,并使得各实例中均以Master设备为根桥。
图5 IPv6 VRRP多备份组负载分担配置组网图
· 为了保证Switch A优先作为备份组1的Master设备,设置Switch A在备份组1中具有更高的优先级(本例中Switch A在备份组1中的优先级配置为120,Switch B使用缺省优先级100);为了保证Switch B优先作为备份组2的Master设备,设置Switch B在备份组2中具有更高的优先级(本例中Switch B在备份组2中的优先级配置为120,Switch A使用缺省优先级100)。
· Master设备连接的上行链路的接口出现故障时,备份组无法感知上行链路接口的故障,这将导致用户网络内的主机无法访问外部网络。可以分别在两个VRRP备份组中的Master设备上配置Track项监视上行接口,当Master设备连接上行链路的接口处于Down或Removed状态时,Master设备主动降低自己的优先级,使得备份组内的Backup设备优先级高于Master设备,从而能够成功抢占成为Master,承担转发任务。
本举例是在S12500-CMW710-R7129版本上进行配置和验证的。
· 建议将备份组的虚拟IPv6地址和接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 设备在某个备份组中作为IP地址拥有者时,如果在该设备上配置该备份组监视指定的Track项,则该配置不会生效。该路由器不再作为IP地址拥有者后,监视功能的配置才会生效。
# 配置VLAN 101。
<SwitchA> system-view
[SwitchA] vlan 101
[SwitchA-vlan101] port Gigabitethernet 2/0/1
[SwitchA-vlan101] quit
[SwitchA] interface GigabitEthernet 2/0/1
[SwitchA-GigabitEthernet3/0/1] undo shutdown
[SwitchA-GigabitEthernet3/0/1] quit
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] undo shutdown
[SwitchA-Vlan-interface101] ipv6 address 10::2 64
[SwitchA-Vlan-interface101] quit
# 配置VLAN 102。
[SwitchA] vlan 102
[SwitchA-vlan102] port Gigabitethernet 2/0/3
[SwitchA-vlan102] quit
[SwitchA] interface GigabitEthernet 2/0/3
[SwitchA-GigabitEthernet2/0/3] undo shutdown
[SwitchA-GigabitEthernet2/0/3] quit
[SwitchA] interface vlan-interface 102
[SwitchA-Vlan-interface102] undo shutdown
[SwitchA-Vlan-interface102] ipv6 address 11::2 64
[SwitchA-Vlan-interface102] quit
# 配置VLAN 4094。
[SwitchA] vlan 4094
[SwitchA-vlan4094] port Gigabitethernet 2/0/2
[SwitchA-vlan4094] quit
[SwitchA] interface GigabitEthernet 2/0/2
[SwitchA-GigabitEthernet2/0/2] undo shutdown
[SwitchA-GigabitEthernet2/0/2] quit
[SwitchA] interface vlan-interface 4094
[SwitchA-Vlan-interface4094] undo shutdown
[SwitchA-Vlan-interface4094] ipv6 address 100::2 64
[SwitchA-Vlan-interface4094] quit
# 配置Switch A和Switch B直连的端口GE2/0/24为Trunk口,允许VLAN 101和VLAN 102通过。
[SwitchA] interface GigabitEthernet2/0/24
[SwitchA-GigabitEthernet2/0/24] undo shutdown
[SwitchA-GigabitEthernet2/0/24] port link-type trunk
[SwitchA-GigabitEthernet2/0/24] undo port trunk permit vlan 1
[SwitchA-GigabitEthernet2/0/24] port trunk permit vlan 101 to 102
[SwitchA-GigabitEthernet2/0/24] port trunk pvid vlan 101
[SwitchA-GigabitEthernet2/0/24] quit
# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::1和10::1。
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
# 配置Switch A在备份组1中的优先级为120。
[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 priority 120
[SwitchA-Vlan-interface101] quit
# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。
[SwitchA] track 1 interface vlan-interface 4094
# 配置备份组1监视Track项1,当Track项的状态为Negative时,降低Switch A在备份组1中的优先级。
[SwitchA] interface vlan-interface 101
[SwitchA-Vlan-interface101] vrrp ipv6 vrid 1 track 1 reduced 255
[SwitchA-Vlan-interface101] quit
# 创建IPv6 VRRP备份组2,并配置备份组2的虚拟IPv6地址为FE80::1和11::1。
[SwitchA] interface vlan-interface 102
[SwitchA-Vlan-interface102] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
[SwitchA-Vlan-interface102] vrrp ipv6 vrid 1 virtual-ip 11::1
[SwitchA-Vlan-interface102] quit
# 配置MSTP。
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name vrrp
[SwitchA-mst-region] instance 1 vlan 101
[SwitchA-mst-region] instance 2 vlan 102
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] stp instance 1 root primary
[SwitchA] stp global enable
# 配置VLAN 101。
<SwitchB> system-view
[SwitchB] vlan 101
[SwitchB-vlan101] port Gigabitethernet 3/0/1
[SwitchB-vlan101] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] undo shutdown
[SwitchB-Vlan-interface101] ipv6 address 10::3 64
[SwitchB-Vlan-interface101] quit
# 配置VLAN 102。
[SwitchB] vlan 102
[SwitchB-vlan102] port Gigabitethernet 3/0/3
[SwitchB-vlan102] quit
[SwitchB] interface GigabitEthernet 3/0/3
[SwitchB-GigabitEthernet3/0/3] undo shutdown
[SwitchB-GigabitEthernet3/0/3] quit
[SwitchB] interface vlan-interface 102
[SwitchB-Vlan-interface102] undo shutdown
[SwitchB-Vlan-interface102] ipv6 address 11::3 64
[SwitchB-Vlan-interface102] quit
# 配置VLAN 4094。
[SwitchB] vlan 4094
[SwitchB-vlan4094] port Gigabitethernet 3/0/2
[SwitchB-vlan4094] quit
[SwitchB] interface GigabitEthernet 3/0/2
[SwitchB-GigabitEthernet3/0/2] undo shutdown
[SwitchB-GigabitEthernet3/0/2] quit
[SwitchB] interface vlan-interface 4094
[SwitchB-Vlan-interface4094] undo shutdown
[SwitchB-Vlan-interface4094] ipv6 address 100::3 64
[SwitchB-Vlan-interface4094] quit
# 配置Switch B和Switch A直连的端口GE3/0/24为Trunk口,允许VLAN 101和VLAN 102通过。
[SwitchB] interface GigabitEthernet3/0/24
[SwitchB-GigabitEthernet3/0/24] undo shutdown
[SwitchB-GigabitEthernet3/0/24] port link-type trunk
[SwitchB-GigabitEthernet3/0/24] undo port trunk permit vlan 1
[SwitchB-GigabitEthernet3/0/24] port trunk permit vlan 101 to 102
[SwitchB-GigabitEthernet3/0/24] port trunk pvid vlan 101
[SwitchB-GigabitEthernet3/0/24] quit
# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::1和10::1。
[SwitchB] interface vlan-interface 101
[SwitchB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
[SwitchB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
[SwitchB-Vlan-interface101] quit
# 创建IPv6 VRRP备份组2,并配置备份组2的虚拟IPv6地址为FE80::1和11::1。
[SwitchB] interface vlan-interface 102
[SwitchB-Vlan-interface102] vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
[SwitchB-Vlan-interface102] vrrp ipv6 vrid 1 virtual-ip 11::1
# 配置Switch B在备份组2中的优先级为120。
[SwitchB-Vlan-interface102] vrrp ipv6 vrid 1 priority 120
[SwitchB-Vlan-interface102] quit
# 创建和接口管理关联的Track项1,监视上行VLAN接口4094的状态。
[SwitchB] track 1 interface Vlan-interface 4094
# 配置备份组2监视Track项1,当Track项的状态为Negative时,降低Switch B在备份组2中的优先级。
[SwitchB] interface vlan-interface 102
[SwitchB-Vlan-interface102] vrrp ipv6 vrid 1 track 1 reduced 255
[SwitchB-Vlan-interface102] quit
# 配置MSTP。
[SwitchB] stp region-configuration
[SwitchB-mst-region] region-name vrrp
[SwitchB-mst-region] instance 1 vlan 101
[SwitchB-mst-region] instance 2 vlan 102
[SwitchB-mst-region] active region-configuration
[SwitchB-mst-region] quit
[SwitchB] stp instance 2 root primary
[SwitchB] stp global enable
(1) 配置完成后,区域A和区域B中的主机可以ping通外网。
(2) 通过display vrrp ipv6 verbose命令查看配置后的结果。
# 查看Switch A上全部IPv6 VRRP备份组的详细信息,显示Switch A在备份组1中为Master设备,在备份组2中为Backup设备。
[SwitchA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::2E0:64FF:FE05:3100
VRRP Track Information:
Track Object: 1 State : Positive Pri Reduced : 255
Interface Vlan-interface102
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
11::1
Master IP : FE80::6697:12FF:FE50:3100
# 查看Switch B上全部IPv6 VRRP备份组的详细信息,显示Switch B在备份组1中为Backup设备,在备份组2中为Master设备。
[SwitchB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
10::1
Master IP : FE80::2E0:64FF:FE05:3100
Interface Vlan-interface102
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
11::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::6697:12FF:FE50:100
VRRP Track Information:
Track Object: 1 State : Positive Pri Reduced : 255
# 查看Switch A上MSTP状态的简要信息,显示Switch A的端口GE2/0/3在MSTI2中被阻塞。
[SwitchA] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet2/0/1 DESI FORWARDING NONE
0 GigabitEthernet2/0/24 DESI FORWARDING NONE
0 GigabitEthernet2/0/3 ROOT FORWARDING NONE
1 GigabitEthernet2/0/1 DESI FORWARDING NONE
1 GigabitEthernet2/0/24 DESI FORWARDING NONE
2 GigabitEthernet2/0/24 ROOT FORWARDING NONE
2 GigabitEthernet2/0/3 ALTE DISCARDING NONE
# 查看Switch B上MSTP状态的简要信息,显示Switch B的端口GE3/0/1在MSTI1中被阻塞。
[SwitchB] display stp brief
MSTID Port Role STP State Protection
0 GigabitEthernet3/0/1 DESI FORWARDING NONE
0 GigabitEthernet3/0/24 ALTE DISCARDING NONE
0 GigabitEthernet3/0/3 ROOT FORWARDING NONE
1 GigabitEthernet3/0/1 ALTE DISCARDING NONE
1 GigabitEthernet3/0/24 ROOT FORWARDING NONE
2 GigabitEthernet3/0/24 DESI FORWARDING NONE
2 GigabitEthernet3/0/3 DESI FORWARDING NONE
# Switch A出现故障或者被监视的上行VLAN接口down后,通过display vrrp ipv6 verbose命令查看Switch B上备份组的详细信息。可以看到Switch B抢占为备份组1的Master。
[SwitchB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::6697:12FF:FE50:100
Interface Vlan-interface102
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::1
11::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::6697:12FF:FE50:100
VRRP Track Information:
Track Object: 1 State : Positive Pri Reduced : 255
· Switch A:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Vlan-interface101
ipv6 address 10::2/64
vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 track 1 reduced 255
#
interface Vlan-interface102
ipv6 address 11::2/64
vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
vrrp ipv6 vrid 1 virtual-ip 11::1
#
interface Vlan-interface4094
ipv6 address 100::2/64
#
interface GigabitEthernet2/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet2/0/2
port link-mode bridge
port access vlan 4094
#
interface GigabitEthernet2/0/3
port link-mode bridge
port access vlan 102
#
interface GigabitEthernet2/0/24
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Vlan-interface 4094
#
· Switch B:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 2 root primary
stp global enable
#
interface Vlan-interface101
ipv6 address 10::3/64
vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
#
interface Vlan-interface102
ipv6 address 11::3/64
vrrp ipv6 vrid 1 virtual-ip FE80::1 link-local
vrrp ipv6 vrid 1 virtual-ip 11::1
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 track 1 reduced 255
#
interface Vlan-interface4094
ipv6 address 100::3/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 101
#
interface GigabitEthernet3/0/2
port link-mode bridge
port access vlan 4094
#
interface GigabitEthernet3/0/3
port link-mode bridge
port access vlan 102
#
interface GigabitEthernet3/0/24
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Vlan-interface 4094
#
如图6所示,在承担网关功能的Switch A、Switch B和Switch C上配置有IPv6 VRRP备份组,虚拟IPv6地址为FE80::10。用户IPv6网络中的主机将VRRP备份组作为缺省网关。要求通过配置VRRP负载均衡模式满足如下需求:
· Switch A是VRRP备份组中的Master设备,Switch B、Switch C是Backup设备。某台网关设备(Switch A、Switch B或Switch C)出现故障时,用户主机仍然可以通过其他网关设备访问外部网络。
· 不同主机的流量通过备份组中不同的网关设备转发,避免流量集中在Master设备上。
· AVF上行链路出现故障时,能及时通知LVF接替其转发流量。
图6 IPv6 VRRP负载均衡模式配置组网图
· 为了保证Switch A作为Master,可以将Switch A在备份组中的优先级配置为120,高于Switch B(Switch B在备份组中的优先级配置为110)、Switch C(Switch C在备份组中的优先级为缺省值100)。
· 为了保证AVF上行链路出现故障时,能及时通知LVF接替其转发流量。可以在各网关设备上配置虚拟转发器的监视功能,利用接口管理监视上行接口的状态,并通过Track功能在虚拟转发器和接口管理之间建立联动。当上行链路出现故障,Track项的状态变为Negative,虚拟转发器的权重将降低指定的数额,以便虚拟转发器优先级更高的网关设备抢占成为AVF,接替其转发流量。
本举例是在S12500-CMW710-R7129版本上进行配置和验证的。
· VRRP工作在负载均衡模式时,虚拟IP地址不能与VRRP备份组中路由器的接口IP地址相同,即负载均衡模式的VRRP备份组中不能存在IP地址拥有者。
· 建议将备份组的虚拟IPv6地址和接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 为了使主机能通过RA消息学习到缺省网关地址,需要在所有网关设备与主机相连的VLAN接口上取消对RA消息发布的抑制(缺省情况下,抑制发布RA消息)。
# 配置VLAN 2。
<SwitchA> system-view
[SwitchA] vlan 2
[SwitchA-vlan2] port Gigabitethernet 3/0/1
[SwitchA-vlan2] quit
[SwitchA] interface GigabitEthernet 3/0/1
[SwitchA-GigabitEthernet3/0/1] undo shutdown
[SwitchA-GigabitEthernet3/0/1] quit
[SwitchA] interface vlan-interface 2
[SwitchA–Vlan-interface2] undo shutdown
[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local
[SwitchA-Vlan-interface2] ipv6 address 1::1 64
[SwitchA–Vlan-interface2] quit
# 配置VLAN 4094。
[SwitchA] vlan 4094
[SwitchA-vlan4094] port Gigabitethernet 3/0/5
[SwitchA-vlan4094] quit
[SwitchA] interface GigabitEthernet 3/0/5
[SwitchA-GigabitEthernet3/0/5] undo shutdown
[SwitchA-GigabitEthernet3/0/5] quit
[SwitchA] interface vlan-interface 4094
[SwitchA-Vlan-interface4094] undo shutdown
[SwitchA-Vlan-interface4094] ipv6 address 2001::1/64
[SwitchA-Vlan-interface4094] quit
# 配置VRRP工作在负载均衡模式。
[SwitchA] vrrp ipv6 mode load-balance
# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Switch A在备份组1中的优先级为120。
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 120
# 配置允许发布RA消息。
[SwitchA-Vlan-interface2] undo ipv6 nd ra halt
# 在VLAN接口2上配置虚拟转发器权重监视Track项1,当Track项1状态为Negative时,VLAN接口2上IPv6 VRRP备份组1所有虚拟转发器的权重都降低255。
[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 weight track 1 reduced 255
[SwitchA-Vlan-interface2] quit
# 创建与VLAN接口4094的IPv6协议状态关联的Track项1。
[SwitchA] track 1 interface Vlan-interface4094 protocol ipv6
# 配置VLAN 2。
<SwitchB> system-view
[SwitchB] vlan 2
[SwitchB-vlan2] port Gigabitethernet 3/0/1
[SwitchB-vlan2] quit
[SwitchB] interface GigabitEthernet 3/0/1
[SwitchB-GigabitEthernet3/0/1] undo shutdown
[SwitchB-GigabitEthernet3/0/1] quit
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] undo shutdown
[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local
[SwitchB-Vlan-interface2] ipv6 address 1::2 64
[SwitchB-Vlan-interface2] quit
# 配置VLAN 4094。
[SwitchB] vlan 4094
[SwitchB-vlan4094] port Gigabitethernet 3/0/5
[SwitchB-vlan4094] quit
[SwitchB] interface GigabitEthernet 3/0/5
[SwitchB-GigabitEthernet3/0/5] undo shutdown
[SwitchB-GigabitEthernet3/0/5] quit
[SwitchB] interface vlan-interface 4094
[SwitchB-Vlan-interface4094] undo shutdown
[SwitchB-Vlan-interface4094] ipv6 address 2001::2/64
[SwitchB-Vlan-interface4094] quit
# 配置VRRP工作在负载均衡模式。
[SwitchB] vrrp ipv6 mode load-balance
# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Swtich B在备份组1中的优先级为110。
[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# 配置允许发布RA消息。
[SwitchB-Vlan-interface2] undo ipv6 nd ra halt
# 在VLAN接口2上配置虚拟转发器权重监视Track项1,当Track项1状态为Negative时,VLAN接口2上IPv6 VRRP备份组1所有虚拟转发器的权重都降低255。
[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 weight track 1 reduced 255
[SwitchB-Vlan-interface2] quit
# 创建与VLAN接口4094的IPv6协议状态关联的Track项1。
[SwitchB] track 1 interface Vlan-interface4094 protocol ipv6
# 配置VLAN 2。
<SwitchC> system-view
[SwitchC] vlan 2
[SwitchC-vlan2] port Gigabitethernet 3/0/1
[SwitchC-vlan2] quit
[SwitchC] interface GigabitEthernet 3/0/1
[SwitchC-GigabitEthernet3/0/1] undo shutdown
[SwitchC-GigabitEthernet3/0/1] quit
[SwitchC] interface vlan-interface 2
[SwitchC-Vlan-interface2] undo shutdown
[SwitchC-Vlan-interface2] ipv6 address fe80::3 link-local
[SwitchC-Vlan-interface2] ipv6 address 1::3 64
[SwitchC-Vlan-interface2] quit
# 配置VLAN 4094。
[SwitchC] vlan 4094
[SwitchC-vlan4094] port Gigabitethernet 3/0/5
[SwitchC-vlan4094] quit
[SwitchC] interface GigabitEthernet 3/0/5
[SwitchC-GigabitEthernet3/0/5] undo shutdown
[SwitchC-GigabitEthernet3/0/5] quit
[SwitchC] interface vlan-interface 4094
[SwitchC-Vlan-interface4094] undo shutdown
[SwitchC-Vlan-interface4094] ipv6 address 2001::3/64
[SwitchC-Vlan-interface4094] quit
# 配置VRRP工作在负载均衡模式。
[SwitchC] vrrp ipv6 mode load-balance
# 创建IPv6 VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[SwitchC] interface vlan-interface 2
[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置允许发布RA消息。
[SwitchC-Vlan-interface2] undo ipv6 nd ra halt
# 在VLAN接口2上配置虚拟转发器权重监视Track项1,当Track项1状态为Negative时,VLAN接口2上IPv6 VRRP备份组1所有虚拟转发器的权重都降低255。
[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 weight track 1 reduced 255
[SwitchC-Vlan-interface2] quit
# 创建与VLAN接口4094的IPv6协议状态关联的Track项1。
[SwitchC] track 1 interface Vlan-interface4094 protocol ipv6
(1) 配置完成后,Host A、Host B和Host C都可以ping通外网。
(2) 通过display vrrp ipv6 verbose命令查看配置后的结果。
# 查看Switch A上全部IPv6 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch A在备份组1中为Master设备。Switch A上存在一个AVF,和两个作为备份的LVF。
[SwitchA] display vrrp ipv6 verbose
IPv6 virtual Router Information:
Running Mode : Load Balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::10
1::10
Master IP : FE80::1
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-4011 (Owner)
Owner ID : 6697-1250-0100
Priority : 255
Active : local
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-4012 (Learnt)
Owner ID : 00e0-6405-3100
Priority : 127
Active : FE80::2
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-4013 (Learnt)
Owner ID : 00e0-3948-0100
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 255
# 查看Switch B上全部IPv6 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch B在备份组1中为Backup设备。Switch B上存在一个AVF,和两个作为备份的LVF。
[SwitchB] display vrrp ipv6 verbose
IPv6 virtual Router Information:
Running Mode : Load Balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::10
1::10
Master IP : FE80::1
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-4011 (Learnt)
Owner ID : 6697-1250-0100
Priority : 127
Active : FE80::1
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-4012 (Owner)
Owner ID : 00e0-6405-3100
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-4013 (Learnt)
Owner ID : 00e0-3948-0100
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 255
# 查看Switch C上全部IPv6 VRRP备份组的详细信息,显示备份组1工作在负载均衡模式,Switch C在备份组1中为Backup设备。Switch C上存在一个AVF,和两个作为备份的LVF。
[SwitchC] display vrrp ipv6 verbose
IPv6 virtual Router Information:
Running Mode : Load Balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::10
1::10
Master IP : FE80::1
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-4011 (Learnt)
Owner ID : 6697-1250-0100
Priority : 127
Active : FE80::1
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-4012 (Learnt)
Owner ID : 00e0-6405-3100
Priority : 127
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-4013 (Owner)
Owner ID : 00e0-3948-0100
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 255
# Switch A出现故障后,通过display vrrp verbose命令查看Switch C上备份组的详细信息。
[SwitchC] display vrrp ipv6 verbose
IPv6 virtual Router Information:
Running Mode : Load Balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : FE80::10
1::10
Master IP : FE80::2
Forwarder Information: 3 Forwarders 2 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-4011 (Take Over)
Owner ID : 6697-1250-0100
Priority : 85
Active : local
Redirect Time : 549 secs
Time-out Time : 1749 secs
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-4012 (Learnt)
Owner ID : 00e0-6405-3100
Priority : 85
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-4013 (Owner)
Owner ID : 00e0-3948-0100
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 255
以上显示信息表示Switch A出现故障后,Switch B成为Master路由器;Switch C成为虚拟MAC地址000F-E2FF-4011对应的虚拟转发器的AVF,Host A发送给外网的报文通过Switch C转发。
· Switch A:
#
vlan 2
#
vlan 4094
#
vrrp ipv6 mode load-balance
#
interface Vlan-interface2
ipv6 address 1::1/64
ipv6 address FE80::1 link-local
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 weight track 1 reduced 255
undo ipv6 nd ra halt
#
interface Vlan-interface4094
ipv6 address 2001::1/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet3/0/5
port link-mode bridge
port access vlan 4094
#
track 1 interface Vlan-interface4094 protocol ipv6
#
· Switch B:
#
vlan 2
#
vlan 4094
#
Vrrp ipv6 mode load-balance
#
interface Vlan-interface2
ipv6 address 1::2/64
ipv6 address FE80::2 link-local
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 weight track 1 reduced 255
undo ipv6 nd ra halt
#
interface Vlan-interface4094
ipv6 address 2001::2/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet3/0/5
port link-mode bridge
port access vlan 4094
#
track 1 interface Vlan-interface4094 protocol ipv6
#
· Switch C:
#
vlan 2
#
vlan 4094
#
vrrp ipv6 mode load-balance
#
interface Vlan-interface2
ipv6 address 1::3/64
ipv6 address FE80::3 link-local
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 weight track 1 reduced 255
undo ipv6 nd ra halt
#
interface Vlan-interface4094
ipv6 address 2001::3/64
#
interface GigabitEthernet3/0/1
port link-mode bridge
port access vlan 2
#
interface GigabitEthernet3/0/5
port link-mode bridge
port access vlan 4094
#
track 1 interface Vlan-interface4094 protocol ipv6
#
· 《H3C S12500系列路由交换机 可靠性配置指导》中的“VRRP”
· 《H3C S12500系列路由交换机 可靠性命令参考》中的“VRRP”
· 《H3C S12500系列路由交换机 可靠性配置指导》中的“BFD”
· 《H3C S12500系列路由交换机 可靠性命令参考》中的“BFD”
· 《H3C S12500系列路由交换机 可靠性配置指导》中的“Track”
· 《H3C S12500系列路由交换机 可靠性命令参考》中的“Track”
· 《H3C S12500系列路由交换机 二层技术-以太网交换配置指导》中的“生成树”
· 《H3C S12500系列路由交换机 二层技术以太网交换命令参考》中的“生成树”
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!