- 產品與解決方案
- 行業解決方案
- 服務
- 支持
- 合作夥伴
- 關於我們
39-VRRP典型配置舉例
本章節下載: 39-VRRP典型配置舉例 (502.49 KB)
資料版本:6W100-20190628
Copyright © 2019 bobty下载软件 版權所有,保留一切權利。
非經本公司書麵許可,任何單位和個人不得擅自摘抄、複製本文檔內容的部分或全部,並不得以任何形式傳播。
除bobty下载软件 的商標外,本手冊中出現的其它公司的商標、產品標識及商品名稱,由各自權利人擁有。
本文檔中的信息可能變動,恕不另行通知。
目 錄
本文檔介紹VRRP的配置舉例。
本文檔不嚴格與具體軟、硬件版本對應,如果使用過程中與產品實際情況有差異,請參考相關產品手冊,或以設備實際情況為準。
本文檔中的配置均是在實驗室環境下進行的配置和驗證,配置前設備的所有參數均采用出廠時的缺省配置。如果您已經對設備進行了配置,為了保證配置效果,請確認現有配置和以下舉例中的配置不衝突。
本文檔假設您已了解VRRP、STP和以太網鏈路聚合特性。
如圖1所示,Host A所在網絡的出口處部署了兩台網關設備。現要求使用VRRP主備備份功能,將這兩台設備組成一台虛擬路由器,作為Host A的缺省網關。具體應用需求如下:
· 在正常情況下,由Device A承擔網關功能,轉發Host A發送至外網的流量;
· 當Device A或者Device A的上行接口出現故障時,由Device B接替Device A承擔網關功能;
· 當Device A或者Device A的上行接口故障恢複後,由Device A繼續承擔網關功能。
圖1 IPv4 VRRP單備份組配置組網圖
· 為了讓Device A成為Master,需要為Device A配置較高的優先級;
· 將VRRP組的搶占模式和監視上行接口狀態功能結合使用,可以使Master設備根據上行接口的狀態自動調整自身的VRRP優先級,從而使VRRP組內的角色發生轉變,實現主備切換;
· 為了避免VRRP備份組中的角色頻繁發生變化,可以配置一定的搶占延遲時間。
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· 備份組的虛擬IP地址不能為全零地址(0.0.0.0)、廣播地址(255.255.255.255)、環回地址、非A/B/C類地址和其它非法IP地址(如0.0.0.1)。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情況使用VRRPv3)。請確保IPv4 VRRP備份組中的所有路由器上配置的IPv4 VRRP版本一致,否則備份組無法正常工作。
· 建議將備份組的虛擬IP地址和備份組中設備下行接口的IP地址配置為同一網段,否則可能導致局域網內的主機無法訪問外部網絡。
· 刪除IP地址擁有者上的VRRP備份組,將導致地址衝突。建議先修改配置了備份組的接口的IP地址,再刪除該接口上的VRRP備份組,以避免地址衝突。
· 對於同一個VRRP備份組的成員設備,必須保證虛擬路由器的IP地址配置完全一樣。
· 用戶在配置降低優先級幅度時,需要確保降低後的優先級比備份組內其他設備的優先級要低,確保備份組內有其他設備被選為Master。
· 缺省情況下,本設備的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
(1) Device A的配置
# 配置接口IP地址。
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 192.168.0.2 24
# 創建VRRP備份組1,並配置VRRP備份組1的虛擬IP地址為192.168.0.1。
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 設置Device A在VRRP備份組1中的優先級為110,高於Device B的優先級100,以保證Device A成為Master負責轉發流量。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 110
# 設置Device A工作在搶占方式,以保證Device A故障恢複後,能再次搶占成為Master,即隻要Device A正常工作,就由Device A負責轉發流量。為了避免頻繁地進行狀態切換,配置搶占延遲時間為500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 創建和上行端口Ten-GigabitEthernet1/0/2關聯的Track項1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置監視Track項1,Track項的狀態為Negative時,Device A在VRRP備份組中的優先級降低的數值為50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
(2) Device B的配置
# 配置接口IP地址。
<DeviceB> system-view
[DeviceB] vlan 2
[DeviceB-vlan2] port ten-gigabitethernet 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 192.168.0.3 24
# 創建VRRP備份組1,並配置VRRP備份組1的虛擬IP地址為192.168.0.1。
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 設置Device B在VRRP備份組1中的優先級為100。
[DeviceB-Vlan-interface2] vrrp vrid 1 priority 100
# 設置Device B工作在搶占方式,搶占延遲時間為500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置完成後,在Host A上可以ping通Host B。
# 通過display vrrp verbose命令查看配置後的結果,顯示Device A上VRRP備份組1的詳細信息。
[DeviceA-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 通過display vrrp verbose命令查看配置後的結果,顯示Device B上VRRP備份組1的詳細信息。
[DeviceB-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 401ms left
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上顯示信息表示在VRRP備份組1中Device A為Master,Device B為Backup,Host A發送給Host B的報文通過Device A轉發。
# Device A出現故障後,在Host A上仍然可以ping通Host B。
# 通過display vrrp verbose命令查看Device B上VRRP備份組的詳細信息,Device A出現故障後,顯示Device B上VRRP備份組1的詳細信息。
[DeviceB-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.3
以上顯示信息表示Device A出現故障後,Device B成為Master,Host A發送給Host B的報文通過Device B轉發。
# Device A故障恢複後,顯示Device A上VRRP備份組1的詳細信息。
[DeviceA-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
以上顯示信息表示Device A故障恢複後,Device A會搶占成為Master,Host A發送給Host B的報文仍然通過Device A轉發。
· Device A的配置文件:
#
vlan 2
#
interface Vlan-interface2
ip address 192.168.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.2
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vlan 2
#
interface Vlan-interface2
ip address 192.168.0.1 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.2
vrrp vrid 1 priority 100
vrrp vrid 1 preempt-mode delay 500
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
如圖2所示,某公司為了實現網關設備的冗餘備份,以及內網主機流量的負載分擔,在內部網絡的出口處部署了兩台設備,並使用VRRP負載分擔功能,將這兩台設備組成兩台虛擬路由器,分別作為區域A和區域B的缺省網關。具體應用需求如下:
· Device A是VRRP備份組1中的Master設備,Device B是VRRP備份組2中的Master設備。在正常情況下,區域A的用戶通過Device A進行數據轉發,區域B的用戶通過Device B進行數據轉發。
· 當Device A或者Device A的上行接口發生故障後,Device B能夠迅速承擔區域A內主機流量的轉發任務;Device A故障恢複後,繼續承擔VRRP備份組1的網關功能;
· 當Device B或者Device B的上行接口發生故障後,Device A能夠迅速承擔區域B內主機流量的轉發任務;Device B故障恢複後,繼續承擔VRRP備份組2的網關功能。
圖2 IPv4 VRRP多備份組配置組網圖
· 為了讓Device A和Device B分別成為VRRP備份組1和VRRP備份組2中的Master,需要在VRRP備份組1中為Device A配置較高的優先級,在VRRP備份組2中為Device B配置較高的優先級。
· 為了避免VRRP備份組中的角色頻繁發生變化,可以配置一定的搶占延遲時間。
· 為了避免網關設備(Device A和Device B)與二層交換機形成二層環路,使用STP協議在每個VRRP備份組中阻塞一個端口。
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· VRRP備份組的虛擬IP地址不能為全零地址(0.0.0.0)、廣播地址(255.255.255.255)、環回地址、非A/B/C類地址和其它非法IP地址(如0.0.0.1)。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情況使用VRRPv3)。請確保IPv4 VRRP備份組中的所有路由器上配置的IPv4 VRRP版本一致,否則VRRP備份組無法正常工作。
· 建議將備份組的虛擬IP地址和備份組中設備下行接口的IP地址配置為同一網段,否則可能導致局域網內的主機無法訪問外部網絡。
· 刪除IP地址擁有者上的VRRP備份組,將導致地址衝突。建議先修改配置了VRRP備份組的接口的IP地址,再刪除該接口上的VRRP備份組,以避免地址衝突。
· 用戶在配置降低優先級幅度時,需要確保降低後的優先級比VRRP備份組內其他設備的優先級要低,確保VRRP備份組內有其他設備被選為Master設備。
· 對於同一個VRRP備份組的成員設備,如下配置必須保證完全一樣:
¡ 虛擬路由器的IP地址個數
¡ 每個備份組虛擬路由器的IP地址
¡ 定時器間隔時間
· 缺省情況下,本設備的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
(1) Device A的配置
# 配置接口IP地址。
<DeviceA> system-view
[DeviceA] vlan 101
[DeviceA-vlan101] port ten-gigabitethernet 1/0/1
[DeviceA-vlan101] quit
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] ip address 10.0.0.2 24
[DeviceA-Vlan-interface101] quit
# 請參考以上方法配置圖2中其它接口的IP地址,配置步驟這裏省略。
# 配置兩個網關設備間采用Trunk口直連,允許VLAN 101和VLAN 102的報文通過
[DeviceA] interface ten-gigabitethernet 1/0/24
[DeviceA-Ten-GigabitEthernet1/0/24] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/24] undo port trunk permit vlan 1
[DeviceA-Ten-GigabitEthernet1/0/24] port trunk permit vlan 101 to 102
[DeviceA-Ten-GigabitEthernet1/0/24] port trunk pvid vlan 101
[DeviceA-Ten-GigabitEthernet1/0/24] quit
# 關閉Ten-GigabitEthernet1/0/2的STP功能
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# 創建VRRP備份組1,並配置VRRP備份組1的虛擬IP地址為10.0.0.1,並配置Device A在VRRP備份組1中的優先級為120,高於Device B的優先級。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
[DeviceA-Vlan-interface101] vrrp vrid 1 priority 120
[DeviceA-Vlan-interface101] quit
# 創建VRRP備份組2,並配置VRRP備份組2的虛擬IP地址為11.0.0.1。
[DeviceA] interface vlan-interface 102
[DeviceA-Vlan-interface102] vrrp vrid 2 virtual-ip 11.0.0.1
[DeviceA-Vlan-interface102] quit
# 設置Device A工作在搶占方式,配置搶占延遲時間為500厘秒。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface101] quit
# 創建和上行端口Ten-GigabitEthernet1/0/2關聯的Track項1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置監視Track項1,Track項的狀態為Negative時,Device A在VRRP備份組1中的優先級降低的數值為50。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface101] quit
# 配置MSTP,將VLAN101映射到MSI 1,VLAN102映射到MSI 2,並將Device A作為MSI 1的根橋。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 101
[DeviceA-mst-region] instance 2 vlan 102
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp instance 2 root secondary
[DeviceA] stp global enable
(2) Device B的配置
<DeviceB> system-view
[DeviceB] vlan 101
[DeviceB-vlan101] port ten-gigabitethernet 1/0/1
[DeviceB-vlan101] quit
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] ip address 10.0.0.3 24
[DeviceB-Vlan-interface101] quit
# 請參考以上方法配置圖2中其它接口的IP地址,配置步驟省略。
# 配置兩個網關設備間采用trunk口直連,允許VLAN 101和VLAN 102的報文通過
[DeviceB] interface ten-gigabitethernet 1/0/24
[DeviceB-Ten-GigabitEthernet1/0/24] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/24] undo port trunk permit vlan 1
[DeviceB-Ten-GigabitEthernet1/0/24] port trunk permit vlan 101 to 102
[DeviceB-Ten-GigabitEthernet1/0/24] port trunk pvid vlan 101
[DeviceB-Ten-GigabitEthernet1/0/24] quit
# 關閉Ten-GigabitEthernet1/0/2的STP功能
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceB-Ten-GigabitEthernet1/0/2] quit
# 創建VRRP備份組1,並配置VRRP備份組1的虛擬IP地址為10.0.0.1。
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
[DeviceB-Vlan-interface101] quit
# 創建VRRP備份組2,並配置VRRP備份組2的虛擬IP地址為11.0.0.1,並配置Device B在VRRP備份組2中的優先級為120,高於Device A的優先級。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp vrid 2 virtual-ip 11.0.0.1
[DeviceB-Vlan-interface102] vrrp vrid 2 priority 120
# 設置Device B工作在搶占方式,配置搶占延遲時間為500厘秒。
[DeviceB-Vlan-interface102] vrrp vrid 2 preempt-mode delay 500
[DeviceB-Vlan-interface102] quit
# 創建和上行端口Ten-GigabitEthernet1/0/2關聯的Track項2。
[DeviceB] track 2 interface ten-gigabitethernet 1/0/2
# 配置監視Track項2,Track項的狀態為Negative時,Device B在VRRP備份組2中的優先級降低的數值為50。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp vrid 2 track 2 priority reduced 50
[DeviceB-Vlan-interface102] quit
# 配置MSTP,將VLAN101映射到MSI 1,VLAN102映射到MSI 2,並將Device B作為MSI 2的根橋。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 101
[DeviceB-mst-region] instance 2 vlan 102
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 2 root primary
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2SwitchA的配置
# 配置MSTP,將VLAN101映射到MSI 1,激活MSTI配置,全局使能STP協議。
<L2SwitchA> system-view
[L2SwitchA] stp region-configuration
[L2SwitchA-mst-region] region-name vrrp
[L2SwitchA-mst-region] instance 1 vlan 101
[L2SwitchA-mst-region] active region-configuration
[L2SwitchA-mst-region] quit
[L2SwitchA] stp global enable
(4) L2SwitchB的配置
# 配置MSTP,將VLAN102映射到MSI 1,激活MSTI配置,全局使能STP協議。
<L2SwitchB> system-view
[L2SwitchB] stp region-configuration
[L2SwitchB-mst-region] region-name vrrp
[L2SwitchB-mst-region] instance 1 vlan 102
[L2SwitchB-mst-region] active region-configuration
[L2SwitchB-mst-region] quit
[L2SwitchB] stp global enable
(1) 配置完成後,區域A和區域B中的主機都可以ping通外網。
# 檢查區域A的主機到目的端100.0.0.1是否可達。
<host A> ping 100.0.0.1
PING 100.0.0.1 (100.0.0.1): 56 data bytes
56 bytes from 100.0.0.1: seq=0 ttl=128 time=22.43 ms
56 bytes from 100.0.0.1: seq=1 ttl=128 time=7.17 ms
56 bytes from 100.0.0.1: seq=2 ttl=128 time=8.91 ms
56 bytes from 100.0.0.1: seq=3 ttl=128 time=7.45 ms
56 bytes from 100.0.0.1: seq=4 ttl=128 time=9.11 ms
--- 100.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 7.17/11.01/22.43 ms
# 檢查區域B的主機到目的端100.1.0.1是否可達。
<host C> ping 100.1.0.1
PING 100.1.0.1 (100.1.0.1): 56 data bytes
56 bytes from 100.1.0.1: seq=0 ttl=128 time=22.43 ms
56 bytes from 100.1.0.1: seq=1 ttl=128 time=7.17 ms
56 bytes from 100.1.0.1: seq=2 ttl=128 time=8.91 ms
56 bytes from 100.1.0.1: seq=3 ttl=128 time=7.45 ms
56 bytes from 100.1.0.1: seq=4 ttl=128 time=9.11 ms
--- 100.1.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 7.17/11.01/22.43 ms
(2) 通過display vrrp verbose命令查看配置後的結果。
# 查看Device A上全部IPv4 VRRP備份組的詳細信息,顯示Device A在備份組1中為Master設備,在備份組2中為Backup設備。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 11.0.0.3
# 查看Device B上全部IPv4 VRRP備份組的詳細信息,顯示Device B在備份組1中為Backup設備,在備份組2中為Master設備。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 10.0.0.2
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 11.0.0.3
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
# Device A出現故障後,通過display vrrp verbose命令查看Device B上備份組的詳細信息。可以看到Device B搶占為備份組1的Master。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.3
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 11.0.0.3
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
以上顯示信息表示Device A出現故障後,區域A和區域B中的主機仍然可以ping通外網。
# 當Device A故障恢複後,顯示Device A上備份組的詳細信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Become Master : 3550ms left
Auth Type : None
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 11.0.0.3
以上顯示信息表示當Device A故障恢複後,Device A在VRRP備份組1中恢複為原來的優先級並搶占成為該備份組的Master,VLAN 101內的主機通過Device A與外界通信。
· Device A的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 1 root primary
stp instance 2 root secondary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface Vlan-interface102
ip address 11.0.0.2 255.255.255.0
vrrp vrid 2 virtual-ip 11.0.0.1
#
interface Vlan-interface4094
ip address 100.0.0.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 102
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 2 root primary
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
#
interface Vlan-interface102
ip address 11.0.0.3 255.255.255.0
vrrp vrid 2 virtual-ip 11.0.0.1
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode delay 500
vrrp vrid 2 track 2 priority reduced 50
#
interface Vlan-interface4094
ip address 100.1.0.2 255.255.255.0
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 102
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 2 interface Ten-GigabitEthernet1/0/2
#
如圖3所示,Host A、Host B和Host C所在網絡的出口處部署了三台設備。現要求使用VRRP負載均衡功能,將Device A、Device B和Device C組成一台虛擬路由器,作為局域網內主機的缺省網關。具體應用需求如下:
· 實現VRRP備份組中三台設備都可以轉發報文,實現流量負載分擔,充分利用網關資源;
· 當Device A、Device B或Device C自身或其上行接口出現故障時,Host A、Host B和Host C可以通過其他正常運行的設備繼續通信,避免通信中斷;當Device A、Device B或Device C故障恢複後,繼續承擔網關功能。
圖3 IPv4 VRRP負載均衡模式配置組網圖
· 為了使Device A優先與Device B和Device C被選舉為VRRP備份組的Master設備,需要為其配置高於Device B和Device C的優先級;為了使Device B優先於Device C被選舉為VRRP備份組的Master設備,需要為其配置高於Device C的優先級;
· 為了避免由於故障造成VRRP備份組中的角色頻繁發生變化,可以配置一定的搶占延遲時間;
· 在Device A、Device B和Device C上配置虛擬轉發器通過Track項監視上行接口的狀態。當上行接口出現故障時,降低該接口所在設備虛擬轉發器的權重,以便其他設備接管該設備的轉發任務,避免通信中斷;
· 為了保證原Master設備故障恢複後,能再次搶占成為Master,需要配置VRRP備份組工作在搶占模式。
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· 建議將備份組的虛擬IP地址和備份組中設備下行接口的IP地址配置為同一網段,否則可能導致局域網內的主機無法訪問外部網絡。
· VRRP備份組的虛擬IP地址不能為全零地址(0.0.0.0)、廣播地址(255.255.255.255)、環回地址、非A/B/C類地址和其它非法IP地址(如0.0.0.1)。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情況使用VRRPv3)。請確保IPv4 VRRP備份組中的所有路由器上配置的IPv4 VRRP版本一致,否則VRRP備份組無法正常工作。
· VRRP工作在負載均衡模式時,備份組的虛擬IP地址和接口的IP地址不能相同,否則VRRP負載均衡功能將無法正常工作。
· 當監視的上行鏈路出現故障時,配置的權重降低數額需保證VF Owner的權重低於失效下限,即權重降低的數額大於245,其它的虛擬轉發器才能接替VF Owner成為AVF。
· 對於同一個VRRP備份組的成員設備,必須保證備份組虛擬路由器的IP地址配置完全一樣。
· 用戶在配置降低權重幅度時,需要確保降低後的優先級比VRRP備份組內其他設備的優先級要低,確保VRRP備份組內有其他設備被選為Master。
· 缺省情況下,本設備的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
(1) 配置接口
# 配置接口。
<DeviceA> system-view
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 10.1.1.2 24
[DeviceA-Vlan-interface2] quit
[DeviceA] vlan 3
[DeviceA-vlan3] port ten-gigabitethernet 1/0/2
[DeviceA-vlan3] quit
[DeviceA] interface vlan-interface 3
[DeviceA-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在負載均衡模式。
[DeviceA] vrrp mode load-balance
# 創建VRRP備份組1,並配置VRRP備份組1的虛擬IP地址為10.1.1.1。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device A在VRRP備份組1中的優先級為120,高於Device B的優先級110和Device C的優先級100,以保證Device A成為Master。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 120
# 配置Device A工作在搶占方式,以保證Device A故障恢複後,能再次搶占成為Master,即隻要Device A正常工作,Device A就會成為Master。為了避免頻繁地進行狀態切換,配置搶占延遲時間為500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
(3) 配置Track
# 創建和Ten-GigabitEthernet1/0/2關聯的Track項1。如果Track項的狀態為Negative,則說明Device A的上行接口出現故障。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置虛擬轉發器監視Track項1。Track項的狀態為Negative時,降低Device A上虛擬轉發器的權重,使其低於失效下限10,即權重降低的數額大於245,以便其他設備接替Device A的轉發任務。本例中,配置虛擬轉發器權重降低數額為250。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceA-Vlan-interface2] quit
(1) 配置接口
# 配置接口。
<DeviceB> system-view
[DeviceB] vlan 2
[DeviceB-vlan2] port ten-gigabitethernet 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 10.1.1.3 24
[DeviceB-Vlan-interface2] quit
[DeviceB] vlan 3
[DeviceB-vlan3] port ten-gigabitethernet 1/0/2
[DeviceB-vlan3] quit
[DeviceB] interface vlan-interface 3
[DeviceB-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在負載均衡模式。
[DeviceB] vrrp mode load-balance
# 創建VRRP備份組1,並配置VRRP備份組1的虛擬IP地址為10.1.1.1。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device B在VRRP備份組1中的優先級為110,高於Device C的優先級,以保證Device A出現故障時,Device B成為Master。
[DeviceB-Vlan-interface2] vrrp vrid 1 priority 110
# 配置Device B工作在搶占方式,搶占延遲時間為500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
(3) 配置Track
# 創建和Ten-GigabitEthernet1/0/2關聯的Track項1。如果Track項的狀態為Negative,則說明Device B的上行接口出現故障。
[DeviceB] track 1 interface ten-gigabitethernet 1/0/2
# 配置虛擬轉發器監視Track項1。Track項的狀態為Negative時,降低Device B上虛擬轉發器的權重,使其低於失效下限10,即權重降低的數額大於245,以便其他設備接替Device B的轉發任務。本例中,配置虛擬轉發器權重降低數額為250。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceB-Vlan-interface2] quit
(1) 配置接口
# 配置接口。
<DeviceC> system-view
[DeviceC] vlan 2
[DeviceC-vlan2] port ten-gigabitethernet 1/0/1
[DeviceC-vlan2] quit
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] ip address 10.1.1.4 24
[DeviceC-Vlan-interface2] quit
[DeviceC] vlan 3
[DeviceC-vlan3] port ten-gigabitethernet 1/0/2
[DeviceC-vlan3] quit
[DeviceC] interface vlan-interface 3
[DeviceC-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在負載均衡模式。
[DeviceA] vrrp mode load-balance
# 創建VRRP備份組1,並配置VRRP備份組1的虛擬IP地址為10.1.1.1。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device C工作在搶占方式,搶占延遲時間為500厘秒。
[DeviceC-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceC-Vlan-interface2] quit
(3) 配置Track
# 創建和Ten-GigabitEthernet1/0/2關聯的Track項1。如果Track項的狀態為Negative,則說明Device C的上行接口出現故障。
[DeviceC] track 1 interface ten-gigabitethernet 1/0/2
# 配置虛擬轉發器監視Track項1。Track項的狀態為Negative時,降低Device C上虛擬轉發器的權重,使其低於失效下限10,即權重降低的數額大於245,以便其他設備接替Device C的轉發任務。本例中,配置虛擬轉發器權重降低數額為250。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceC-Vlan-interface2] quit
(1) 配置完成後,在Host A上可以ping通外網,通過display vrrp verbose命令查看配置後的結果
# 顯示Device A上VRRP備份組的詳細信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.2 (Local, Master)
10.1.1.3 (Backup)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 255
Active : local
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 顯示Device B上VRRP備份組的詳細信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.3 (Local, Backup)
10.1.1.2 (Master)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : 10.1.1.2
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 顯示Device C上VRRP備份組的詳細信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : 10.1.1.2
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上顯示信息表示在VRRP備份組1中Device A為Master,Device B和Device C 為Backup。Device A、Device B和Device C上各自存在一個AVF,並存在作為備份的兩個LVF。
(2) Device A的上行接口(VLAN接口3)出現故障後
# 顯示Device A上VRRP備份組的詳細信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.2 (Local, Master)
10.1.1.3 (Backup)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 0 Active
Config Weight : 255
Running Weight : 5
Forwarder 01
State : Initialize
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 0
Active : 10.1.1.4
Forwarder 02
State : Initialize
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 0
Active : 10.1.1.3
Forwarder 03
State : Initialize
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 0
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Negative Weight Reduced : 250
# 顯示Device C上VRRP備份組的詳細信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 3 Forwarders 2 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Take Over)
Owner ID : 0000-5e01-1101
Priority : 85
Active : local
Redirect Time : 93 secs
Time-out Time : 1293 secs
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 85
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上顯示信息表示Device A的上行接口出現故障後,Device A上虛擬轉發器的權重降低為5,低於失效下限。Device A上所有虛擬轉發器的狀態均變為Initialized,不能再用於轉發。Device C成為虛擬MAC地址000f-e2ff-0011對應虛擬轉發器的AVF,接管Device A的轉發任務。
# Timeout Timer超時後(約1800秒後),查看Device C上VRRP備份組的詳細信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上顯示信息表示,Timeout Timer超時後,刪除虛擬MAC地址000f-e2ff-0011對應的虛擬轉發器,不再轉發目的MAC地址為該MAC的報文。
(3) Device A出現故障後
# 顯示Device B上VRRP備份組的詳細信息。
[DeviceB] display vrrp verbose
IPv4 Standby Information:
Run mode : Load balance
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.3 (Local, Master)
10.1.1.4 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上顯示信息表示Device A出現故障後,Device B的優先級高於Device C,將搶占成為Master。
· Device A的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device C的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.4 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface Ten-GigabitEthernet1/0/2
#
如圖4所示,Area A區域的用戶(Host A和Host B)所在網絡的出口處部署了兩台網關設備。現要求使用VRRP主備備份功能,將這兩台設備組成一台虛擬路由器,作為Area A區域用戶的缺省網關。具體應用需求如下:
· 在正常情況下,由Device A承擔網關功能,轉發Area A區域用戶發送至外網的流量;
· 當Device A或者Device A的上行接口出現故障時,由Device B接替Device A承擔網關功能;
· 當Device A或者Device A的上行接口故障恢複後,由Device A繼續承擔網關功能。
圖4 IPv6 VRRP單備份組配置組網圖
· 為了讓Device A成為Master,需要為Device A配置較高的優先級;
· 將VRRP組的搶占模式和監視上行接口狀態功能結合使用,可以使Master設備根據上行接口的狀態自動調整自身的VRRP優先級,從而使VRRP組內的角色發生轉變,實現主備切換;
· 為了避免VRRP備份組中的角色頻繁發生變化,可以配置一定的搶占延遲時間。
· 為了避免網關設備(Device A和Device B)與二層交換機形成二層環路,使用STP協議在VRRP備份組中阻塞一個端口。
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· 建議將備份組的虛擬IPv6地址和備份組中設備下行接口的IPv6地址配置為同一網段,否則可能導致局域網內的主機無法訪問外部網絡。
· IPv6 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情況使用VRRPv3)。請確保IPv6 VRRP備份組中的所有路由器上配置的IPv6 VRRP版本一致,否則備份組無法正常工作。
· 刪除IP地址擁有者上的VRRP備份組,將導致地址衝突。建議先修改配置了備份組的接口的IP地址,再刪除該接口上的VRRP備份組,以避免地址衝突。
· 對於同一個VRRP備份組的成員設備,必須保證虛擬路由器的IP地址配置完全一樣。
· 用戶在配置降低優先級幅度時,需要確保降低後的優先級比備份組內其他設備的優先級要低,確保備份組內有其他設備被選為Master。
· 缺省情況下,S6890係列交換機的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
(1) Device A的配置
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface2] ipv6 address 1::1 64
# 創建VRRP備份組1,並配置備份組1的虛擬IPv6地址為FE80::10和1::10。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置允許發布RA消息,以便Area A的主機通過RA消息學習到缺省網關地址。
[DeviceA-Vlan-interface2] undo ipv6 nd ra halt
# 設置Device A在VRRP備份組1中的優先級為110,高於Device B的優先級100,以保證Device A成為Master負責轉發流量。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# 設置Device A工作在搶占方式,以保證Device A故障恢複後,能再次搶占成為Master,即隻要Device A正常工作,就由Device A負責轉發流量。為了避免頻繁地進行狀態切換,配置搶占延遲時間為500厘秒。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 創建和上行接口Ten-GigabitEthernet1/0/3關聯的Track項1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/3
# 配置監視Track項1,Track項的狀態為Negative時,Device A在VRRP備份組中的優先級降低的數值為50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
# 配置兩個網關設備間采用Trunk口直連,允許VLAN 2的報文通過
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[DeviceA-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceA-Ten-GigabitEthernet1/0/2] port trunk pvid vlan 2
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# 配置MSTP,並將Device A作為MSI 1的根橋。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 2
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp global enable
(2) Device B的配置
# 配置接口IP地址。
<DeviceB> system-view
[DeviceB] vlan 2
[DeviceB-vlan2] port ten-gigabitethernet 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface2] ipv6 address 1::2 64
# 創建VRRP備份組1,並配置備份組1的虛擬IPv6地址為FE80::10和1::10。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置允許發布RA消息,以便Area A的主機通過RA消息學習到缺省網關地址。
[DeviceB-Vlan-interface2] undo ipv6 nd ra halt
# 設置Device B工作在搶占方式,搶占延遲時間為500厘秒。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置兩個網關設備間采用Trunk口直連,允許VLAN 2的報文通過
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/2] undo port trunk permit vlan 1
[DeviceB-Ten-GigabitEthernet1/0/2] port trunk permit vlan 2
[DeviceB-Ten-GigabitEthernet1/0/2] port trunk pvid vlan 2
[DeviceB-Ten-GigabitEthernet1/0/2] quit
# 配置MSTP,並全局使能STP。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 2
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) Switch A的配置
# 配置MSTP,將VLAN2映射到MSI 1,激活MSTI配置,全局使能STP協議。
<SwitchA> system-view
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name vrrp
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] stp global enable
# 配置完成後,Area A裏麵的主機可以ping通外網。如Host A可以ping通IPv6地址為30::1的主機。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 通過display vrrp ipv6 verbose命令查看配置後的結果,顯示Device A上IPv6 VRRP備份組1的詳細信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 通過display vrrp ipv6 verbose命令查看配置後的結果,顯示Device B上IPv6 VRRP備份組1的詳細信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3000ms left
Auth Type : None
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
以上顯示信息表示在IPv6 VRRP備份組1中Device A為Master路由器,Device B為Backup路由器,Area A的用戶發送給外網的報文通過Device A轉發。
# Device A或Device A的上行接口出現故障後,Area A的用戶上仍然可以與外網通信。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 通過display vrrp ipv6 verbose命令查看Device B上IPv6 VRRP備份組的詳細信息,Device A或Device A的上行接口出現故障後,顯示Device B上IPv6 VRRP備份組1的詳細信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::2
以上顯示信息表示Device A或Device A的上行接口出現故障後,Device B成為Master路由器,Area A的用戶發送給外網的報文通過Device B轉發。
# Device A或Device A的上行接口故障恢複後,顯示Device A上VRRP備份組1的詳細信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
以上顯示信息表示Device A故障恢複後,Device A會搶占成為Master,Area A的用戶發送給外網的報文仍然通過Device A轉發。
· Device A的配置文件:
#
sysname DeviceA
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Vlan-interface2
ipv6 address fe80::1 link-local
ipv6 address 1::1/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 110
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 priority reduced 50
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
port trunk pvid vlan 2
#
track 1 interface Ten-GigabitEthernet1/0/3
#
· Device B的配置文件:
#
sysname DeviceB
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface2
ipv6 address fe80::2 link-local
ipv6 address 1::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 preempt-mode delay 500
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
port trunk pvid vlan 2
#
· Switch A的配置文件:
#
sysname SwitchA
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp global enable
#
如圖5所示,某公司為了實現網關設備的冗餘備份,以及內網主機流量的負載分擔,在內部網絡的出口處部署了兩台設備,並使用VRRP負載分擔功能,將這兩台設備組成兩台虛擬路由器,分別作為區域A和區域B的缺省網關。具體應用需求如下:
· Device A是VRRP備份組1中的Master設備,Device B是VRRP備份組2中的Master設備。在正常情況下,區域A的用戶通過Device A進行數據轉發,區域B的用戶通過Device B進行數據轉發。
· 當Device A或者Device A的上行接口發生故障後,Device B能夠迅速承擔區域A內主機流量的轉發任務;Device A故障恢複後,繼續承擔VRRP備份組1的網關功能;
· 當Device B或者Device B的上行接口發生故障後,Device A能夠迅速承擔區域B內主機流量的轉發任務;Device B故障恢複後,繼續承擔VRRP備份組2的網關功能。
圖5 IPv6 VRRP多備份組配置組網圖
· 為了讓Device A和Device B分別成為VRRP備份組1和VRRP備份組2中的Master,需要在VRRP備份組1中為Device A配置較高的優先級,在VRRP備份組2中為Device B配置較高的優先級。
· 為了避免VRRP備份組中的角色頻繁發生變化,可以配置一定的搶占延遲時間。
· 將VRRP組的搶占模式和監視上行接口狀態功能結合使用,可以使Master設備根據上行接口的狀態自動調整自身的VRRP優先級,從而使VRRP組內的角色發生轉變,實現主備切換;
· 為了避免網關設備(Device A和Device B)與二層交換機形成二層環路,使用STP協議在每個VRRP備份組中阻塞一個端口。
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· 建議將備份組的虛擬IPv6地址和備份組中設備下行接口的IPv6地址配置為同一網段,否則可能導致局域網內的主機無法訪問外部網絡。
· IPv6 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情況使用VRRPv3)。請確保IPv6 VRRP備份組中的所有路由器上配置的IPv6 VRRP版本一致,否則VRRP備份組無法正常工作。
· 刪除IP地址擁有者上的VRRP備份組,將導致地址衝突。建議先修改配置了VRRP備份組的接口的IPv6地址,再刪除該接口上的VRRP備份組,以避免地址衝突。
· 用戶在配置降低優先級幅度時,需要確保降低後的優先級比VRRP備份組內其他設備的優先級要低,確保VRRP備份組內有其他設備被選為Master設備。
· 對於同一個VRRP備份組的成員設備,如下配置必須保證完全一樣:
¡ 虛擬路由器的IP地址個數
¡ 每個備份組虛擬路由器的IP地址
¡ 定時器間隔時間
· 缺省情況下,S6890係列交換機的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
(1) Device A的配置
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] vlan 101
[DeviceA-vlan101] port ten-gigabitethernet 1/0/1
[DeviceA-vlan101] quit
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface101] ipv6 address 10::2 64
[DeviceA-Vlan-interface101] quit
# 請參考以上方法配置圖5中其它接口的IPv6地址,配置步驟這裏省略。
# 配置兩個網關設備間采用Trunk口直連,允許VLAN 101和VLAN 102的報文通過
[DeviceA] interface ten-gigabitethernet 1/0/24
[DeviceA-Ten-GigabitEthernet1/0/24] port link-type trunk
[DeviceA-Ten-GigabitEthernet1/0/24] undo port trunk permit vlan 1
[DeviceA-Ten-GigabitEthernet1/0/24] port trunk permit vlan 101 to 102
[DeviceA-Ten-GigabitEthernet1/0/24] port trunk pvid vlan 101
[DeviceA-Ten-GigabitEthernet1/0/24] quit
# 關閉Ten-GigabitEthernet1/0/2的STP功能
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# 創建VRRP備份組1,並配置備份組1的虛擬IPv6地址為FE80::10和10::1,配置搶占延遲時間為500厘秒,並配置Device A在VRRP備份組1中的優先級為120,高於Device B的優先級。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 priority 120
# 配置允許發布RA消息,以便Area A內主機通過RA消息學習到缺省網關地址。
[DeviceA-Vlan-interface101] undo ipv6 nd ra halt
[DeviceA-Vlan-interface101] quit
# 創建VRRP備份組2,並配置備份組2的虛擬IPv6地址為FE80::20和11::1,配置搶占延遲時間為500厘秒。
[DeviceA] interface vlan-interface 102
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip 11::1
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 preempt-mode delay 500
# 配置允許發布RA消息,以便Area B內主機通過RA消息學習到缺省網關地址。
[DeviceA-Vlan-interface102] undo ipv6 nd ra halt
[DeviceA-Vlan-interface102] quit
# 創建和上行接口Ten-GigabitEthernet1/0/2關聯的Track項1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置監視Track項1,Track項的狀態為Negative時,Device A在VRRP備份組1中的優先級降低的數值為50。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface101] quit
# 配置MSTP,將VLAN101映射到MSI 1,VLAN102映射到MSI 2,並將Device A作為MSI 1的根橋。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 101
[DeviceA-mst-region] instance 2 vlan 102
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp instance 2 root secondary
[DeviceA] stp global enable
(2) Device B的配置
<DeviceB> system-view
[DeviceB] vlan 101
[DeviceB-vlan101] port ten-gigabitethernet 1/0/1
[DeviceB-vlan101] quit
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface101] ipv6 address 10::3 64
[DeviceB-Vlan-interface101] quit
# 請參考以上方法配置圖5中其它接口的IP地址,配置步驟省略。
# 配置兩個網關設備間采用trunk口直連,允許VLAN 101和VLAN 102的報文通過
[DeviceB] interface ten-gigabitethernet 1/0/24
[DeviceB-Ten-GigabitEthernet1/0/24] port link-type trunk
[DeviceB-Ten-GigabitEthernet1/0/24] undo port trunk permit vlan 1
[DeviceB-Ten-GigabitEthernet1/0/24] port trunk permit vlan 101 to 102
[DeviceB-Ten-GigabitEthernet1/0/24] port trunk pvid vlan 101
[DeviceB-Ten-GigabitEthernet1/0/24] quit
# 關閉Ten-GigabitEthernet1/0/2的STP功能
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] undo stp enable
[DeviceB-Ten-GigabitEthernet1/0/2] quit
# 創建VRRP備份組1,並配置備份組1的虛擬IPv6地址為FE80::10和10::1。
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允許發布RA消息,以便Area A內主機通過RA消息學習到缺省網關地址。
[DeviceB-Vlan-interface101] undo ipv6 nd ra halt
[DeviceB-Vlan-interface101] quit
# 創建VRRP備份組2,並配置備份組1的虛擬IPv6地址為FE80::20和11::1,並配置Device B在VRRP備份組2中的優先級為120,高於Device A的優先級。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip 11::1
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 priority 120
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 preempt-mode delay 500
# 配置允許發布RA消息,以便Area B內主機通過RA消息學習到缺省網關地址。
[DeviceB-Vlan-interface102] undo ipv6 nd ra halt
[DeviceB-Vlan-interface102] quit
# 創建和上行接口Ten-GigabitEthernet1/0/2關聯的Track項2。
[DeviceB] track 2 interface ten-gigabitethernet 1/0/2
# 配置監視Track項2,Track項的狀態為Negative時,Device B在VRRP備份組2中的優先級降低的數值為50。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 track 2 priority reduced 50
[DeviceB-Vlan-interface102] quit
# 配置MSTP,將VLAN101映射到MSI 1,VLAN102映射到MSI 2,並將Device B作為MSI 2的根橋。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 101
[DeviceB-mst-region] instance 2 vlan 102
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 2 root primary
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2SwitchA的配置
# 配置MSTP,將VLAN101映射到MSI 1,激活MSTI配置,全局使能STP協議。
<L2SwitchA> system-view
[L2SwitchA] stp region-configuration
[L2SwitchA-mst-region] region-name vrrp
[L2SwitchA-mst-region] instance 1 vlan 101
[L2SwitchA-mst-region] active region-configuration
[L2SwitchA-mst-region] quit
[L2SwitchA] stp global enable
(4) L2SwitchB的配置
# 配置MSTP,將VLAN102映射到MSI 1,激活MSTI配置,全局使能STP協議。
<L2SwitchB> system-view
[L2SwitchB] stp region-configuration
[L2SwitchB-mst-region] region-name vrrp
[L2SwitchB-mst-region] instance 1 vlan 102
[L2SwitchB-mst-region] active region-configuration
[L2SwitchB-mst-region] quit
[L2SwitchB] stp global enable
(1) 配置完成後,區域A和區域B中的主機都可以ping通外網。
# 檢查區域A到外網IPv6地址為30::1的主機是否可達。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\areaA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 檢查區域B到外網IPv6地址為30::1的主機是否可達。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\areaB>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(2) 通過display vrrp ipv6 verbose命令查看配置後的結果。
# 查看Device A上全部IPv6 VRRP備份組的詳細信息,顯示Device A在VRRP備份組1中為Master設備,在VRRP備份組2中為Backup設備。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual MAC : 0000-5e00-0201
Virtual IP : FE80::20
11::1
Master IP : FE80::4
# 查看Device B上全部IPv6 VRRP備份組的詳細信息,顯示Device B在備份組1中為Backup設備,在備份組2中為Master設備。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3500ms left
Virtual IP : FE80::10
10::2
Virtual MAC : 0000-5e00-0202
Master IP : FE80::1
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0202
Master IP : FE80::4
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
# Device A或Device A的上行接口出現故障後,通過display vrrp ipv6 verbose命令查看Device B上備份組的詳細信息。可以看到Device B搶占為備份組1的Master。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
10::2
Virtual MAC : 0000-5e00-0101
Master IP : FE80::2
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0202
Master IP : FE80::4
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
以上顯示信息表示Device A或Device A的上行接口出現故障後,Device B搶占成為Master,負責轉發用戶的業務數據。
# 當Device A故障恢複後,顯示Device A上備份組的詳細信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::4
以上顯示信息表示當Device A或Device A的上行接口故障恢複後,Device A在VRRP備份組1中恢複為原來的優先級並搶占成為該備份組的Master,區域A內的主機通過Device A與外界通信。
· Device A的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 1 root primary
stp instance 2 root secondary
stp global enable
#
interface Vlan-interface101
ipv6 address fe80::1 link-local
ipv6 address 10::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 priority reduced 50
#
interface Vlan-interface102
ipv6 address fe80::3 link-local
ipv6 address 11::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
vrrp ipv6 vrid 2 virtual-ip 11::1
vrrp ipv6 vrid 2 preempt-mode delay 500
#
interface Vlan-interface4094
ipv6 address 3::101/64
undo stp enable
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 102
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 2 root primary
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface101
ipv6 address fe80::3 link-local
ipv6 address 10::3/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
vrrp ipv6 vrid 1 preempt-mode delay 500
#
interface Vlan-interface102
ipv6 address fe80::2 link-local
ipv6 address 11::3/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
vrrp ipv6 vrid 2 virtual-ip 11::1
vrrp ipv6 vrid 2 priority 120
vrrp ipv6 vrid 2 preempt-mode delay 500
vrrp ipv6 vrid 2 track 2 priority reduced 50
#
interface Vlan-interface4094
ipv6 address 4::101/64
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 101
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 102
#
interface Ten-GigabitEthernet1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 2 interface Ten-GigabitEthernet1/0/2
#
· L2Switch A的配置文件:
#
sysname L2SwitchA
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
active region-configuration
#
stp global enable
#
· L2Switch B的配置文件:
#
sysname L2SwitchB
#
stp region-configuration
region-name vrrp
instance 1 vlan 102
active region-configuration
#
stp global enable
#
如圖6所示,Host A、Host B和Host C所在網絡的出口處部署了三台設備。現要求使用VRRP負載均衡功能,將Device A、Device B和Device C組成一台虛擬路由器,作為局域網內主機的缺省網關。具體應用需求如下:
· 實現VRRP備份組中三台設備都可以轉發報文,實現流量負載分擔,充分利用網關資源;
· 當Device A、Device B或Device C自身或其上行接口出現故障時,Host A、Host B和Host C可以通過其他正常運行的設備繼續通信,避免通信中斷;當Device A、Device B或Device C故障恢複後,繼續承擔網關功能。
圖6 IPv6 VRRP負載均衡模式配置組網圖
· 為了使Device A優先與Device B和Device C被選舉為VRRP備份組的Master設備,需要為其配置高於Device B和Device C的優先級;為了使Device B優先於Device C被選舉為VRRP備份組的Master設備,需要為其配置高於Device C的優先級;
· 為了避免由於故障造成VRRP備份組中的角色頻繁發生變化,可以配置一定的搶占延遲時間;
· 在Device A、Device B和Device C上配置虛擬轉發器通過Track項監視上行接口的狀態。當上行接口出現故障時,降低該接口所在設備虛擬轉發器的權重,以便其他設備接管該設備的轉發任務,避免通信中斷;
· 為了保證原Master設備故障恢複後,能再次搶占成為Master,需要配置VRRP備份組工作在搶占模式。
本舉例是在S6890-CMW710-R2712版本上進行配置和驗證的。
· 建議將備份組的虛擬IPv6地址和備份組中設備下行接口的IPv6地址配置為同一網段,否則可能導致局域網內的主機無法訪問外部網絡。
· IPv6 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情況使用VRRPv3)。請確保IPv6 VRRP備份組中的所有路由器上配置的IPv6 VRRP版本一致,否則VRRP備份組無法正常工作。
· VRRP工作在負載均衡模式時,備份組的虛擬IPv6地址和接口的IPv6地址不能相同,否則VRRP負載均衡功能將無法正常工作。
· 當監視的上行鏈路出現故障時,配置的權重降低數額需保證VF Owner的權重低於失效下限,即權重降低的數額大於245,其它的虛擬轉發器才能接替VF Owner成為AVF。
· 對於同一個VRRP備份組的成員設備,必須保證備份組虛擬路由器的IPv6地址配置完全一樣。
· 用戶在配置降低權重幅度時,需要確保降低後的優先級比VRRP備份組內其他設備的優先級要低,確保VRRP備份組內有其他設備被選為Master。
· 缺省情況下,S6890係列交換機的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] vlan 2
[DeviceA-vlan2] port ten-gigabitethernet 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface2] ipv6 address 1::1 64
[DeviceA-Vlan-interface2] quit
(1) 配置VRRP
# 配置VRRP工作在負載均衡模式。
[DeviceA] vrrp ipv6 mode load-balance
# 創建VRRP備份組1,並配置備份組1的虛擬IPv6地址為FE80::10和1::10。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device A在VRRP備份組1中的優先級為120,高於Device B的優先級110和Device C的優先級100,以保證Device A成為Master。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 priority 120
# 配置Device A工作在搶占方式,配置搶占延遲時間為500厘秒。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允許發布RA消息,以便1::/64網段內主機通過RA消息學習到缺省網關地址。
[DeviceA-Vlan-interface2] undo ipv6 nd ra halt
[DeviceA-Vlan-interface2] quit
(2) 配置Track
# 創建和Ten-GigabitEthernet1/0/2關聯的Track項1。如果Track項的狀態為Negative,則說明Device A的上行接口出現故障。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/2
# 配置虛擬轉發器監視Track項1。Track項的狀態為Negative時,降低Device A上虛擬轉發器的權重,使其低於失效下限10,即權重降低的數額大於245,以便其他設備接替Device A的轉發任務。本例中,配置虛擬轉發器權重降低數額為250。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceA-Vlan-interface2] quit
(1) 配置接口
# 配置接口IPv6地址。
<DeviceB> system-view
[DeviceB] vlan 2
[DeviceB-vlan2] port ten-gigabitethernet 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface2] ipv6 address 1::2 64
[DeviceB-Vlan-interface2] quit
(2) 配置VRRP
# 配置VRRP工作在負載均衡模式。
[DeviceB] vrrp ipv6 mode load-balance
# 創建VRRP備份組1,並配置備份組1的虛擬IPv6地址為FE80::10和1::10。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device B的優先級110,高於Device C的優先級100,以保證Device A出現故障時,Device B成為Master。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# 配置Device B工作在搶占方式,配置搶占延遲時間為5秒。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允許發布RA消息,以便1::/64網段內主機通過RA消息學習到缺省網關地址。
[DeviceB-Vlan-interface2] undo ipv6 nd ra halt
[DeviceB-Vlan-interface2] quit
(3) 配置Track
# 創建和Ten-GigabitEthernet1/0/2關聯的Track項1。如果Track項的狀態為Negative,則說明Device B的上行接口出現故障。
[DeviceB] track 1 interface ten-gigabitethernet 1/0/2
# 配置虛擬轉發器監視Track項1。Track項的狀態為Negative時,降低Device B上虛擬轉發器的權重,使其低於失效下限10,即權重降低的數額大於245,以便其他設備接替Device B的轉發任務。本例中,配置虛擬轉發器權重降低數額為250。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceB-Vlan-interface2] quit
(1) 配置接口
# 配置接口IPv6地址。
<DeviceC> system-view
[DeviceC] vlan 2
[DeviceC-vlan2] port ten-gigabitethernet 1/0/1
[DeviceC-vlan2] quit
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] ipv6 address fe80::3 link-local
[DeviceC-Vlan-interface2] ipv6 address 1::3 64
[DeviceC-Vlan-interface2] quit
(2) 配置VRRP
# 配置VRRP工作在負載均衡模式。
[DeviceC] vrrp ipv6 mode load-balance
# 創建VRRP備份組1,並配置備份組1的虛擬IPv6地址為FE80::10和1::10。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device C工作在搶占方式,配置搶占延遲時間為500厘秒。
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允許發布RA消息,以便1::/64網段內主機通過RA消息學習到缺省網關地址。
[DeviceC-Vlan-interface2] undo ipv6 nd ra halt
[DeviceC-Vlan-interface2] quit
(3) 配置Track
# 創建和Ten-GigabitEthernet1/0/2關聯的Track項1。如果Track項的狀態為Negative,則說明Device C的上行接口出現故障。
[DeviceC] track 1 interface ten-gigabitethernet 1/0/2
# 配置虛擬轉發器監視Track項1。Track項的狀態為Negative時,降低Device C上虛擬轉發器的權重,使其低於失效下限10,即權重降低的數額大於245,以便其他設備接替Device C的轉發任務。本例中,配置虛擬轉發器權重降低數額為250。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceC-Vlan-interface2] quit
(1) 配置完成後,在Host A上可以ping通外網,通過display vrrp ipv6 verbose命令查看配置後的結果
# 顯示Device A上VRRP備份組的詳細信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::1 (Local, Master)
FE80::2 (Backup)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 255
Active : local
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 顯示Device B上VRRP備份組的詳細信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::2 (Local, Backup)
FE80::1 (Master)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : FE80::1
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 顯示Device C上VRRP備份組的詳細信息。
[DeviceC] display vrrp ipv6 verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : FE80::1
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上顯示信息表示在VRRP備份組1中Device A為Master,Device B和Device C 為Backup。Device A、Device B和Device C上各自存在一個AVF,並存在作為備份的兩個LVF。
(2) Device A的上行接口(VLAN接口3)出現故障後
# 顯示Device A上VRRP備份組的詳細信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::1 (Local, Master)
FE80::2 (Backup)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 0 Active
Config Weight : 255
Running Weight : 5
Forwarder 01
State : Initialize
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 0
Active : FE80::3
Forwarder 02
State : Initialize
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 0
Active : FE80::2
Forwarder 03
State : Initialize
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 0
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Negative Weight Reduced : 250
# 顯示Device C上VRRP備份組的詳細信息。
[DeviceC] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 3 Forwarders 2 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Take Over)
Owner ID : 0000-5e01-1101
Priority : 85
Active : local
Redirect Time : 93 secs
Time-out Time : 1293 secs
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 85
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上顯示信息表示Device A的上行接口出現故障後,Device A上虛擬轉發器的權重降低為5,低於失效下限。Device A上所有虛擬轉發器的狀態均變為Initialized,不能再用於轉發。Device C成為虛擬MAC地址000f-e2ff-0011對應虛擬轉發器的AVF,接管Device A的轉發任務。
# Timeout Timer超時後(約1800秒後),查看Device C上VRRP備份組的詳細信息。
[DeviceC] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Become Master : 3550ms left
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上顯示信息表示,Timeout Timer超時後,刪除虛擬MAC地址000f-e2ff-0011對應的虛擬轉發器,不再轉發目的MAC地址為該MAC的報文。
(3) Device A出現故障後
# 顯示Device B上VRRP備份組的詳細信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Standby Information:
Run mode : Load balance
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : FE80::10
1::10
Member IP List : FE80::2 (Local, Master)
FE80::3 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上顯示信息表示Device A出現故障後,Device B的優先級高於Device C,將搶占成為Master。
· Device A的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::1 link-local
ipv6 address 1::1 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface vlan-interface3
#
· Device B的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::2 link-local
ipv6 address 1::2 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 110
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface vlan-interface3
#
· Device C的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::3 link-local
ipv6 address 1::3 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface vlan-interface3
#
如圖7所示,Area A區域的用戶(Host A和Host B)所在網絡的出口處部署了兩台網關設備。網關設備之間通過聚合接口相連。現要求使用VRRP主備備份功能,將這兩台設備組成一台虛擬路由器,作為Area A區域用戶的缺省網關。具體應用需求如下:
· 在正常情況下,由Device A承擔網關功能,轉發Area A區域用戶發送至外網的流量;
· 當Device A的上行接口出現故障時,由Device B接替Device A承擔網關功能;
· Device A的上行接口故障恢複後,由Device A繼續承擔網關功能。
· Device A、Device B與L2switch之間分別創建二層靜態鏈路聚合組,用於增加Device A和Device B到用戶之間的帶寬,形成冗餘,增強可靠性。
· Device A和Device B之間創建二層靜態鏈路聚合組,用於當Device A的下行接口所在的聚合組Down,用戶數據切換到L2switch—>Device B—>Device A鏈路時,增加Device B與Device A之間帶寬,形成冗餘,增強可靠性。
圖7 VRRP單備份組配置組網圖
· 為了讓Device A成為Master,需要為Device A配置較高的優先級;
· 將VRRP組的搶占模式和監視上行接口狀態功能結合使用,可以使Master設備根據上行接口的狀態自動調整自身的VRRP優先級,從而使VRRP組內的角色發生轉變,實現主備切換;
· 為了避免VRRP備份組中的角色頻繁發生變化,可以配置一定的搶占延遲時間。
· 為了避免網關設備(Device A和Device B)與二層交換機形成二層環路,使用STP協議在VRRP備份組中阻塞一個端口。
本舉例是S6890-CMW710-R2712版本上進行配置和驗證的。
· 建議將備份組的虛擬IP地址和備份組中設備下行接口的IP地址配置為同一網段,否則可能導致局域網內的主機無法訪問外部網絡。
· VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情況使用VRRPv3)。請確保VRRP備份組中的所有路由器上配置的VRRP版本一致,否則備份組無法正常工作。
· 刪除IP地址擁有者上的VRRP備份組,將導致地址衝突。建議先修改配置了備份組的接口的IP地址,再刪除該接口上的VRRP備份組,以避免地址衝突。
· 對於同一個VRRP備份組的成員設備,必須保證虛擬路由器的IP地址配置完全一樣。
· 用戶在配置降低優先級幅度時,需要確保降低後的優先級比備份組內其他設備的優先級要低,確保備份組內有其他設備被選為Master。
· 聚合鏈路的兩端應配置相同的聚合模式。
· 用戶刪除聚合接口時,係統將自動刪除對應的聚合組,且該聚合組內的所有成員端口將全部離開該聚合組。
· 配置了下列功能的端口將不能加入二層聚合組:AC與交叉連接關聯(請參見“MPLS配置指導”中的“MPLS L2VPN”)以及AC與VSI關聯(請參見“VXLAN配置指導”中的“VXLAN”)。
· 缺省情況下,S6890係列交換機的接口處於ADM(Administratively Down)狀態,請根據實際需要在對應接口視圖下使用undo shutdown命令開啟接口。
(1) Device A的配置
# 創建二層聚合接口1。
<DeviceA> system-view
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] quit
# 分別將端口Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/4加入到聚合組1中。
[DeviceA] interface ten-gigabitethernet 1/0/3
[DeviceA-Ten-GigabitEthernet1/0/3] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/3] quit
[DeviceA] interface ten-gigabitethernet 1/0/4
[DeviceA-Ten-GigabitEthernet1/0/4] port link-aggregation group 1
[DeviceA-Ten-GigabitEthernet1/0/4] quit
# 配置二層聚合接口1為Trunk端口,並允許所有的報文通過。
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan all
[DeviceA-Bridge-Aggregation1] quit
# 創建二層聚合接口2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] quit
# 分別將端口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2加入到聚合組2中。
[DeviceA] interface ten-gigabitethernet 1/0/1
[DeviceA-Ten-GigabitEthernet1/0/1] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/0/1] quit
[DeviceA] interface ten-gigabitethernet 1/0/2
[DeviceA-Ten-GigabitEthernet1/0/2] port link-aggregation group 2
[DeviceA-Ten-GigabitEthernet1/0/2] quit
# 創建VLAN 2,並配置IP地址。
[DeviceA] vlan 2
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 192.168.0.2 24
[DeviceA-Vlan-interface2] quit
# 配置二層聚合接口2為Access端口,加入VLAN 2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] port link-type access
[DeviceA-Bridge-Aggregation2] port access vlan 2
[DeviceA-Bridge-Aggregation2] quit
# 創建VRRP備份組1,並配置備份組1的虛擬IP地址為192.168.0.1。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 設置Device A在VRRP備份組1中的優先級為110,高於Device B的優先級100,以保證Device A成為Master負責轉發流量。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 110
# 設置Device A工作在搶占方式,以保證Device A故障恢複後,能再次搶占成為Master,即隻要Device A正常工作,就由Device A負責轉發流量。為了避免頻繁地進行狀態切換,配置搶占延遲時間為500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 創建和上行接口Ten-GigabitEthernet1/0/10關聯的Track項1。
[DeviceA] track 1 interface ten-gigabitethernet 1/0/10
# 配置監視Track項1,Track項的狀態為Negative時,Device A在VRRP備份組中的優先級降低的數值為50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
# 配置MSTP,並將Device A作為MSI 1的根橋。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 2
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp global enable
(2) Device B的配置
# 創建二層聚合接口1。
<DeviceB> system-view
[DeviceB] interface bridge-aggregation 1
[DeviceB-Bridge-Aggregation1] quit
# 分別將端口Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/4加入到聚合組1中。
[DeviceB] interface ten-gigabitethernet 1/0/3
[DeviceB-Ten-GigabitEthernet1/0/3] port link-aggregation group 1
[DeviceB-Ten-GigabitEthernet1/0/3] quit
[DeviceB] interface ten-gigabitethernet 1/0/4
[DeviceB-Ten-GigabitEthernet1/0/4] port link-aggregation group 1
[DeviceB-Ten-GigabitEthernet1/0/4] quit
# 配置二層聚合接口1為Trunk端口,並允許所有的報文通過。
[DeviceB] interface bridge-aggregation 1
[DeviceB-Bridge-Aggregation1] port link-type trunk
[DeviceB-Bridge-Aggregation1] port trunk permit vlan all
[DeviceB-Bridge-Aggregation1] quit
# 創建二層聚合接口3。
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] quit
# 分別將端口Ten-GigabitEthernet1/0/1和Ten-GigabitEthernet1/0/2加入到聚合組3中。
[DeviceB] interface ten-gigabitethernet 1/0/1
[DeviceB-Ten-GigabitEthernet1/0/1] port link-aggregation group 3
[DeviceB-Ten-GigabitEthernet1/0/1] quit
[DeviceB] interface ten-gigabitethernet 1/0/2
[DeviceB-Ten-GigabitEthernet1/0/2] port link-aggregation group 3
[DeviceB-Ten-GigabitEthernet1/0/2] quit
# 創建VLAN 2,並配置IP地址。
[DeviceB] vlan 2
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 192.168.0.3 24
[DeviceB-Vlan-interface2] quit
# 配置二層聚合接口3為Access端口,加入VLAN 2。
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] port link-type access
[DeviceB-Bridge-Aggregation3] port access vlan 2
[DeviceB-Bridge-Aggregation3] quit
# 創建VRRP備份組1,並配置備份組1的虛擬IP地址為192.168.0.1。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 設置Device B工作在搶占方式,搶占延遲時間為500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置MSTP,並全局使能STP。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 2
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2switch的配置
# 創建二層聚合接口2。
<L2switch> system-view
[L2switch] interface bridge-aggregation 2
[L2switch-Bridge-Aggregation2] quit
# 分別將端口Ten-GigabitEthernet1/0/3和Ten-GigabitEthernet1/0/4加入到聚合組2中。
[L2switch] interface ten-gigabitethernet 1/0/3
[L2switch-Ten-GigabitEthernet1/0/3] port link-aggregation group 2
[L2switch-Ten-GigabitEthernet1/0/3] quit
[L2switch] interface ten-gigabitethernet 1/0/4
[L2switch-Ten-GigabitEthernet1/0/4] port link-aggregation group 2
[L2switch-Ten-GigabitEthernet1/0/4] quit
# 創建二層聚合接口3。
[L2switch] interface bridge-aggregation 3
[L2switch-Bridge-Aggregation3] quit
# 分別將端口Ten-GigabitEthernet1/0/5和Ten-GigabitEthernet1/0/6加入到聚合組3中。
[L2switch] interface ten-gigabitethernet 1/0/5
[L2switch-Ten-GigabitEthernet1/0/5] port link-aggregation group 3
[L2switch-Ten-GigabitEthernet1/0/5] quit
[L2switch] interface ten-gigabitethernet 1/0/6
[L2switch-Ten-GigabitEthernet1/0/6] port link-aggregation group 3
[L2switch-Ten-GigabitEthernet1/0/6] quit
# 創建VLAN 2,並將聚合組2和3加入該VLAN。
[L2switch] vlan 2
[L2switch-vlan2] quit
[L2switch] interface bridge-aggregation 2
[L2switch-Bridge-Aggregation2] port access vlan 2
[L2switch-Bridge-Aggregation2] quit
[L2switch] interface bridge-aggregation 3
[L2switch-Bridge-Aggregation3] port access vlan 2
[L2switch-Bridge-Aggregation3] quit
# 配置MSTP,將VLAN2映射到MSI 1,激活MSTI配置,全局使能STP協議。
[L2switch] stp region-configuration
[L2switch-mst-region] region-name vrrp
[L2switch-mst-region] instance 1 vlan 2
[L2switch-mst-region] active region-configuration
[L2switch-mst-region] quit
[L2switch] stp global enable
(1) 配置完成後,用戶主機可以ping通外網,如Host A可以ping通外網IP地址為20.1.1.1的主機。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(2) 配置完成後,使用display vrrp verbose命令查看VRRP組狀態
# 顯示Device A上VRRP備份組的詳細信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 顯示Device B上VRRP備份組的詳細信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2950ms left
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上顯示信息表示在VRRP備份組1中Device A為Master,Device B為Backup。用戶流量由Device A來轉發。
(3) 使用display interface Bridge-Aggregation brief查看靜態二層聚合組的情況
# 顯示Device A上靜態聚合組的信息。
[DeviceA] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG1 UP 2G(a) F(a) A 1
BAGG2 UP 2G(a) F(a) A 2
# 顯示Device B上靜態聚合組的信息。
[DeviceB] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG1 UP 2G(a) F(a) A 1
BAGG3 UP 2G(a) F(a) A 2
# 顯示L2switch上靜態聚合組的信息。
[L2switch] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG2 UP 2G(a) F(a) A 2
BAGG3 UP 2G(a) F(a) A 2
以上信息表明靜態聚合組1、2和3 的speed都為2G,Device A、Device B、L2switch之間帶寬都增加了一倍,並且也增加了可靠性。
(4) Device A的上行接口(Ten-GigabitEthernet1/0/10)出現故障後,用戶主機可以ping通外網,如Host A可以ping通外網IP地址為20.1.1.1的主機。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(5) Device A的上行接口(Ten-GigabitEthernet1/0/10)出現故障後,使用display vrrp verbose命令查看VRRP組狀態
# 顯示Device A上VRRP備份組的詳細信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 60
Preempt Mode : Yes Delay Time : 500
Become Master : 3350ms left
Auth Type : None
Virtual IP : 192.168.0.1
Master IP : 192.168.0.3
VRRP Track Information:
Track Object : 1 State : Negative Pri Reduced : 50
# 顯示Device B上VRRP備份組的詳細信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.3
以上顯示信息表示Device A的上行接口出現故障後,Device A的優先級降低50,低於Device B,Device B搶占成為Master,用戶流量由Device B進行轉發。
(6) 當Device A的上行接口故障恢複後,使用display vrrp verbose命令查看VRRP組狀態
# 顯示Device A上VRRP備份組的詳細信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 顯示Device B上VRRP備份組的詳細信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2950ms left
Auth Type : None
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上顯示信息表示Device A的上行接口故障恢複後,Device A重新搶占成為Master,Device B為Backup。用戶流量由Device A來轉發。
· Device A的配置文件
#
sysname DeviceA
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Vlan-interface2
ip address 192.168.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
track 1 interface Ten-GigabitEthernet1/0/10
#
· Device B的配置文件
#
sysname DeviceB
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root secondary
stp global enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Vlan-interface2
ip address 192.168.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 preempt-mode delay 500
#
interface Ten-GigabitEthernet1/0/1
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
· L2switch的配置文件
#
sysname L2switch
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp global enable
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Bridge-Aggregation3
port access vlan 2
#
interface Ten-GigabitEthernet1/0/3
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/2
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/4
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface Ten-GigabitEthernet1/0/5
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface Ten-GigabitEthernet1/0/6
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
· H3C S6890交換機二層技術-以太網交換配置指導(R27xx)
· H3C S6890交換機二層技術-以太網交換命令參考(R27xx)
· H3C S6890交換機可靠性配置指導(R27xx)
· H3C S6890交換機可靠性命令指導(R27xx)
不同款型規格的資料略有差異, 詳細信息請向具體銷售和400谘詢。H3C保留在沒有任何通知或提示的情況下對資料內容進行修改的權利!
支持
