- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 新华三人才研学中心
- 关于我们
12-VRRP配置举例
本章节下载 (156.07 KB)
VRRP(Virtual Router Redundancy Protocol,虚拟路由冗余协议)是一种容错协议。如下图所示,通常一个网络内的所有主机都设置一条缺省路由(图中的缺省路由下一跳地址为10.100.10.1),主机发往外部网络的报文将通过缺省路由发往三层交换机Switch,从而实现了主机与外部网络的通信。当交换机Switch发生故障时,本网段内所有以Switch为缺省路由下一跳的主机将断掉与外部的通信。
VRRP就是为解决上述问题而提出的,它为具有多播或广播能力的局域网(如以太网)设计。VRRP将局域网的一组交换机(包括一个Master即主交换机和若干个Backup即备份交换机)组织成一个虚拟路由器,这组交换机被称为一个备份组。
虚拟的交换机拥有自己的IP地址10.100.10.1(这个IP地址可以和备份组内的某个交换机的接口地址相同),备份组内的交换机也有自己的IP地址(如Master的IP地址为10.100.10.2,Backup的IP地址为10.100.10.3)。局域网内的主机仅仅知道这个虚拟路由器的IP地址10.100.10.1(通常被称为备份组的虚拟IP地址),而不知道具体的Master交换机的IP地址10.100.10.2以及Backup交换机的IP地址10.100.10.3。局域网内的主机将自己的缺省路由下一跳设置为该虚拟路由器的IP地址10.100.10.1。于是,网络内的主机就通过这个虚拟的交换机与其它网络进行通信。当备份组内的Master交换机不能正常工作时,备份组内的其它Backup交换机将接替不能正常工作的Master交换机成为新的Master交换机,继续向网络内的主机提供路由服务,从而实现网络内的主机不间断地与外部网络进行通信。
软件版本:S9500-CMW310-R1628版本及以后升级版本(R2126及以上版本不支持)
硬件版本:S9500交换机全系列硬件版本
l 同一VRRP备份组多个备份的路由器之间,VRRP组握手时间必须一致,否则VRRP组状态会异常;
l 同一VRRP备份组之间VRRP的工作方式必须相同,都为抢占模式,或者都为非抢占模式;
l 必须在配置VRRP组之前启用vrrp ping-enable功能,否则无法ping通VRRP虚地址;
l VRRP监控端口只能监控VLAN接口地址,无法监控某个具体的端口;
l VRRP组的hello时间一般不建议修改;如果VRRP组数较多,可以考虑把各组的hello时间分别设置成2、3、5、7等互质数,减少VRRP hello报文对CPU的冲击。
如图4-3所示,S9500-A、S9500-B与多个二层交换机连接。如S9500-A VLAN 2的接口IP 地址为2.1.1.1,S9500-B的VLAN 2的接口IP 地址为2.1.1.2,并且设置虚拟路由器地址为2.1.1.3,而主机Host-A通过设置自己的默认网关地址为2.1.1.3就可以访问Internet。
该组网是VRRP的一个典型组网,两台三层换机S9500-A和S9500-B组成多组VRRP备份组,如虚拟地址为2.1.1.3下挂二层设备,通过虚拟网关2.1.1.3就可以访问Internet。当S9500-A和S9500-B中有一台由于某种原因不能正常工作时,另一台可以马上切换过来,从而保证不会断流。
图4-3 VRRP典型组网图
S9500-A和S9500-B形成两个虚拟备份组,其中VLAN2以S9500-A为Master,S9500-B为Backup,VLAN3以S9500-B为Master,S9500-A为Backup;配置S9500-A监视VLAN8的虚接口,当VLAN8虚接口不可用时降低VLAN2 VRRP组的优先级,使其成为Backup;配置S9500-B监视VLAN9的虚接口,当VLAN9虚接口不可用时降低VLAN3 VRRP组的优先级,使其成为Backup。
# 配置MSTP实例
[S9500-A]stp enable
[S9500-A]stp non-flooding
[S9500-A]stp region-configuration
[S9500-A-mst-region]region-name vrrp
[S9500-A-mst-region]instance 2 vlan 2
[S9500-A-mst-region]instance 3 vlan 3
[S9500-A-mst-region]active region-configuration
[S9500-A-mst-region]quit
[S9500-A]stp instance 2 root primary
[S9500-A]stp instance 3 root secondary
[S9500-A]interface GigabitEthernet 3/1/1
[S9500-A-GigabitEthernet3/1/1]stp disable
# 创建VLAN 并配置接口地址
<S9500-A> system-view
[S9500-A] vlan 2
[S9500-A-vlan2] interface Vlan-interface 2
[S9500-A-Vlan-interface2] ip address 2.1.1.1 8
[S9500-A-Vlan-interface2] quit
[S9500-A]vlan 3
[S9500-A-vlan3]interface vlan 3
[S9500-A-Vlan-interface3] ip address 3.1.1.1 8
[S9500-A-Vlan-interface3] quit
[S9500-A] vlan 8
[S9500-A-vlan8] interface vlan 8
[S9500-A-Vlan-interface8] ip address 8.1.1.1 8
[S9500-A-Vlan-interface8] quit
# 配置端口加入VLAN
[S9500-A] interface GigabitEthernet 3/1/1
[S9500-A-GigabitEthernet3/1/1] port access vlan 8
[S9500-A-GigabitEthernet3/1/1] quit
[S9500-A] interface GigabitEthernet 2/1/1
[S9500-A-GigabitEthernet2/1/1] port link-type trunk
[S9500-A-GigabitEthernet2/1/1] undo port trunk permit vlan 1
[S9500-A-GigabitEthernet2/1/1] port trunk permit vlan 2 to 3
[S9500-A-GigabitEthernet2/1/1] quit
[S9500-A] interface GigabitEthernet 2/1/2
[S9500-A-GigabitEthernet2/1/2] port link-type trunk
[S9500-A-GigabitEthernet2/1/2] undo port trunk permit vlan 1
[S9500-A-GigabitEthernet2/1/2] port trunk permit vlan 2
[S9500-A-GigabitEthernet2/1/2] quit
[S9500-A] interface GigabitEthernet 2/1/3
[S9500-A-GigabitEthernet2/1/3] port link-type trunk
[S9500-A-GigabitEthernet2/1/3] undo port trunk permit vlan 1
[S9500-A-GigabitEthernet2/1/3] port trunk permit vlan 3
[S9500-A-GigabitEthernet2/1/3] quit
# 配置VRRP备份组
[S9500-A-Vlan-interface2] vrrp vrid 1 virtual-ip 2.1.1.3
[S9500-A-Vlan-interface2] interface vlan 3
[S9500-A-Vlan-interface2] quit
[S9500-A] interface vlan 3
[S9500-A-Vlan-interface3] vrrp vrid 1 virtual-ip 3.1.1.3
# 配置VRRP备份组的优先级和握手时间(可选)
[S9500-A-Vlan-interface2] vrrp vrid 1 priority 130
[S9500-A-Vlan-interface2] vrrp vrid 1 timer advertise 2
# 配置监视接口,监视VLAN 8的虚接口
[S9500-A-Vlan-interface2] vrrp vrid 1 track Vlan-interface 8 reduced 40
# 配置MSTP实例
[S9500-B]stp enable
[S9500-B]stp non-flooding
[S9500-B]stp region-configuration
[S9500-B-mst-region]region-name vrrp
[S9500-B-mst-region]instance 2 vlan 2
[S9500-B-mst-region]instance 3 vlan 3
[S9500-B-mst-region]active region-configuration
[S9500-B-mst-region]quit
[S9500-B]stp instance 3 root primary
[S9500-B]stp instance 2 root secondary
[S9500-B]interface GigabitEthernet 3/1/1
[S9500-B-GigabitEthernet3/1/1]stp disable
# 创建VLAN 并配置接口地址
<S9500-B> system-view
[S9500-B] vlan 2
[S9500-B-vlan2] interface Vlan-interface 2
[S9500-B-Vlan-interface2] ip address 2.1.1.2 8
[S9500-B-Vlan-interface2] quit
[S9500-B]vlan 3
[S9500-B-vlan3]interface vlan 3
[S9500-B-Vlan-interface3]ip address 3.1.1.2 8
[S9500-B-Vlan-interface3] quit
[S9500-B]vlan 9
[S9500-B-vlan9]interface vlan 9
[S9500-B-Vlan-interface9]ip address 9.1.1.1 8
[S9500-B-Vlan-interface9] quit
# 配置端口加入 VLAN
[S9500-B]interface GigabitEthernet 3/1/1
[S9500-B-GigabitEthernet3/1/1]port access vlan 9
[S9500-B-GigabitEthernet3/1/1]quit
[S9500-B]interface GigabitEthernet 2/1/1
[S9500-B-GigabitEthernet2/1/1]port link-type trunk
[S9500-B-GigabitEthernet2/1/1]undo port trunk permit vlan 1
[S9500-B-GigabitEthernet2/1/1]port trunk permit vlan 2 to 3
[S9500-B-GigabitEthernet2/1/1]quit
[S9500-B]interface GigabitEthernet 2/1/2
[S9500-B-GigabitEthernet2/1/2]port link-type trunk
[S9500-B-GigabitEthernet2/1/2]undo port trunk permit vlan 1
[S9500-B-GigabitEthernet2/1/2]port trunk permit vlan 3
[S9500-B-GigabitEthernet2/1/2]quit
[S9500-B]interface GigabitEthernet 2/1/3
[S9500-B-GigabitEthernet2/1/3]port link-type trunk
[S9500-B-GigabitEthernet2/1/3]undo port trunk permit vlan 1
[S9500-B-GigabitEthernet2/1/3]port trunk permit vlan 2
[S9500-B-GigabitEthernet2/1/3]quit
# 配置VRRP备份组
[S9500-B-Vlan-interface2] vrrp vrid 1 virtual-ip 2.1.1.3
[S9500-B-Vlan-interface2] interface vlan 3
[S9500-B-Vlan-interface3] vrrp vrid 1 virtual-ip 2.1.1.3
# 配置VRRP备份组的优先级和握手时间(可选)
[S9500-B-Vlan-interface3] vrrp vrid 1 priority 130
[S9500-B-Vlan-interface3] interface vlan 2
[S9500-B-Vlan-interface2] vrrp vrid 1 timer advertise 2
# 配置监视接口,监视VLAN 9的虚接口
[S9500-B-Vlan-interface3] vrrp vrid 1 track Vlan-interface 9 reduced 40
[L2SW-A]ivlan 2
[L2SW-A]interface Ethernet 0/1
[L2SW-A-Ethernet0/1] port link-type trunk
[L2SW-A-Ethernet0/1] undo port trunk permit vlan 1
[L2SW-A-Ethernet0/1] port trunk permit vlan 2
[L2SW-A-Ethernet0/1]quit
[L2SW-A]interface Ethernet0/2
[L2SW-A-Ethernet0/2] port link-type trunk
[L2SW-A-Ethernet0/2] undo port trunk permit vlan 1
[L2SW-A-Ethernet0/2] port trunk permit vlan 2
[L2SW-A-Ethernet0/2]quit
[L2SW-A]interface Ethernet0/3
[L2SW-A-Ethernet0/3]port access vlan 2
[L2SW-B]ivlan 3
[L2SW-B]interface Ethernet 0/1
[L2SW-B-Ethernet0/1] port link-type trunk
[L2SW-B-Ethernet0/1] undo port trunk permit vlan 1
[L2SW-B-Ethernet0/1] port trunk permit vlan 3
[L2SW-B-Ethernet0/1]quit
[L2SW-B]interface Ethernet0/2
[L2SW-B-Ethernet0/2] port link-type trunk
[L2SW-B-Ethernet0/2] undo port trunk permit vlan 1
[L2SW-B-Ethernet0/2] port trunk permit vlan 3
[L2SW-B-Ethernet0/2]quit
[L2SW-B]interface Ethernet0/3
[L2SW-B-Ethernet0/3]port access vlan 3
#
vlan 2
#
vlan 3
#
interface Vlan-interface2
ip address 2.1.1.1 255.0.0.0
vrrp vrid 1 virtual-ip 2.1.1.3
vrrp vrid 1 priority 130
vrrp vrid 1 timer advertise 2
vrrp vrid 1 track Vlan-interface9 reduced 40
#
interface Vlan-interface3
ip address 3.1.1.1 255.0.0.0
vrrp vrid 1 virtual-ip 3.1.1.3
#
interface GigabitEthernet2/1/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 3
#
interface GigabitEthernet2/1/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
#
interface GigabitEthernet2/1/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
#
interface GigabitEthernet3/1/1
stp disable
port access vlan 8
#
stp instance 2 root primary
stp instance 3 root secondary
stp enable
stp region-configuration
region-name vrrp
instance 2 vlan 2
instance 3 vlan 3
active region-configuration
#
#
vlan 2
#
vlan 3
#
interface Vlan-interface2
ip address 2.1.1.2 255.0.0.0
vrrp vrid 1 virtual-ip 2.1.1.3
vrrp vrid 1 timer advertise 2
#
interface Vlan-interface3
ip address 3.1.1.2 255.0.0.0
vrrp vrid 1 virtual-ip 3.1.1.3
vrrp vrid 1 priority 130
vrrp vrid 1 track Vlan-interface9 reduced 40
#
interface GigabitEthernet2/1/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2 to 3
#
interface GigabitEthernet2/1/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
#
interface GigabitEthernet2/1/3
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
#
interface GigabitEthernet3/1/1
stp disable
port access vlan 9
#
stp instance 3 root primary
stp instance 2 root secondary
stp enable
stp region-configuration
region-name vrrp
instance 2 vlan 2
instance 3 vlan 3
active region-configuration
#
vlan 2
#
interface Ethernet0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
#
interface Ethernet0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
#
interface Ethernet0/3
port access vlan 2
#
#
vlan 3
#
interface Ethernet0/1
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
#
interface Ethernet0/2
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 3
#
interface Ethernet0/3
port access vlan 3
#
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
售前咨询
售后咨询
人工在线咨询
