- 产品与解决方案
- 行业解决方案
- 服务
- 支持
- 合作伙伴
- 关于我们
01-VRRP典型配置举例
本章节下载: 01-VRRP典型配置举例 (894.56 KB)
本文档介绍VRRP的配置举例。
本文档不严格与具体软、硬件版本对应,如果使用过程中与产品实际情况有差异,请参考相关产品手册,或以设备实际情况为准。
本文档中的配置均是在实验室环境下进行的配置和验证,配置前设备的所有参数均采用出厂时的缺省配置。如果您已经对设备进行了配置,为了保证配置效果,请确认现有配置和以下举例中的配置不冲突。
本文档假设您已了解VRRP、STP和以太网链路聚合特性。
如图1所示,Host A所在网络的出口处部署了两台网关设备。现要求使用VRRP主备备份功能,将这两台设备组成一台虚拟路由器,作为Host A的缺省网关。具体应用需求如下:
· 在正常情况下,由Device A承担网关功能,转发Host A发送至外网的流量;
· 当Device A或者Device A的上行接口出现故障时,由Device B接替Device A承担网关功能;
· 当Device A或者Device A的上行接口故障恢复后,由Device A继续承担网关功能。
图1 IPv4 VRRP单备份组配置组网图
· 为了让Device A成为Master,需要为Device A配置较高的优先级;
· 将VRRP组的抢占模式和监视上行接口状态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP组内的角色发生转变,实现主备切换;
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
本举例是在R2825版本上进行配置和验证的。
· 备份组的虚拟IP地址不能为全零地址(0.0.0.0)、广播地址(255.255.255.255)、环回地址、非A/B/C类地址和其它非法IP地址(如0.0.0.1)。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 对于同一个VRRP备份组的成员设备,必须保证虚拟路由器的IP地址配置完全一样。
(1) Device A的配置
# 配置接口IP地址。
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] undo shutdown
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] vlan 2
[DeviceA-vlan2] port hundredgige 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 192.168.0.2 24
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为192.168.0.1。
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 设置Device A在VRRP备份组1中的优先级为110,高于Device B的优先级100,以保证Device A成为Master负责转发流量。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 110
# 设置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,就由Device A负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 创建和上行端口HundredGigE1/0/2关联的Track项1。
[DeviceA] track 1 interface hundredgige 1/0/2
[DeviceA-track-1] quit
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
(2) Device B的配置
# 配置接口IP地址。
<DeviceB> system-view
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] undo shutdown
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] vlan 2
[DeviceB-vlan2] port hundredgige 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 192.168.0.3 24
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为192.168.0.1。
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 设置Device B在VRRP备份组1中的优先级为100。
[DeviceB-Vlan-interface2] vrrp vrid 1 priority 100
# 设置Device B工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置完成后,在Host A上可以ping通Host B。
# 通过display vrrp verbose命令查看配置后的结果,显示Device A上VRRP备份组1的详细信息。
[DeviceA-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 通过display vrrp verbose命令查看配置后的结果,显示Device B上VRRP备份组1的详细信息。
[DeviceB-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 401ms left
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上显示信息表示在VRRP备份组1中Device A为Master,Device B为Backup,Host A发送给Host B的报文通过Device A转发。
# Device A出现故障后,在Host A上仍然可以ping通Host B。
# 通过display vrrp verbose命令查看Device B上VRRP备份组的详细信息,Device A出现故障后,显示Device B上VRRP备份组1的详细信息。
[DeviceB-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.3
以上显示信息表示Device A出现故障后,Device B成为Master,Host A发送给Host B的报文通过Device B转发。
# Device A故障恢复后,显示Device A上VRRP备份组1的详细信息。
[DeviceA-Vlan-interface2] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
以上显示信息表示Device A故障恢复后,Device A会抢占成为Master,Host A发送给Host B的报文仍然通过Device A转发。
· Device A的配置文件
#
vlan 2
#
interface Vlan-interface2
ip address 192.168.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
track 1 interface HundredGigE1/0/2
#
· Device B的配置文件
#
vlan 2
#
interface Vlan-interface2
ip address 192.168.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 priority 100
vrrp vrid 1 preempt-mode delay 500
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
如图2所示,某公司为了实现网关设备的冗余备份,以及内网主机流量的负载分担,在内部网络的出口处部署了两台设备,并使用VRRP负载分担功能,将这两台设备组成两台虚拟路由器,分别作为区域A和区域B的缺省网关。具体应用需求如下:
· Device A是VRRP备份组1中的Master设备,Device B是VRRP备份组2中的Master设备。在正常情况下,区域A的用户通过Device A进行数据转发,区域B的用户通过Device B进行数据转发。
· 当Device A或者Device A的上行接口发生故障后,Device B能够迅速承担区域A内主机流量的转发任务;Device A故障恢复后,继续承担VRRP备份组1的网关功能;
· 当Device B或者Device B的上行接口发生故障后,Device A能够迅速承担区域B内主机流量的转发任务;Device B故障恢复后,继续承担VRRP备份组2的网关功能。
图2 IPv4 VRRP多备份组配置组网图
· 为了让Device A和Device B分别成为VRRP备份组1和VRRP备份组2中的Master,需要在VRRP备份组1中为Device A配置较高的优先级,在VRRP备份组2中为Device B配置较高的优先级。
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
· 为了避免网关设备(Device A和Device B)与二层交换机形成二层环路,使用STP协议在每个VRRP备份组中阻塞一个端口。
本举例是在R2825版本上进行配置和验证的。
· VRRP备份组的虚拟IP地址不能为全零地址(0.0.0.0)、广播地址(255.255.255.255)、环回地址、非A/B/C类地址和其它非法IP地址(如0.0.0.1)。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了VRRP备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 对于同一个VRRP备份组的成员设备,如下配置必须保证完全一样:
¡ 虚拟路由器的IP地址个数
¡ 每个备份组虚拟路由器的IP地址
¡ 定时器间隔时间
(1) Device A的配置
# 配置接口IP地址。
<DeviceA> system-view
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] undo shutdown
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] vlan 101
[DeviceA-vlan101] port hundredgige 1/0/1
[DeviceA-vlan101] quit
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] ip address 10.0.0.2 24
[DeviceA-Vlan-interface101] quit
# 请参考以上方法配置图2中其它接口的IP地址,配置步骤这里省略。
# 配置两个网关设备间采用Trunk口直连,允许VLAN 101和VLAN 102的报文通过
[DeviceA] interface hundredgige 1/0/24
[DeviceA-HundredGigE1/0/24] port link-type trunk
[DeviceA-HundredGigE1/0/24] undo port trunk permit vlan 1
[DeviceA-HundredGigE1/0/24] port trunk permit vlan 101 to 102
[DeviceA-HundredGigE1/0/24] port trunk pvid vlan 101
[DeviceA-HundredGigE1/0/24] quit
# 关闭HundredGigE1/0/2的STP功能
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] undo stp enable
[DeviceA-HundredGigE1/0/2] quit
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.0.0.1,并配置Device A在VRRP备份组1中的优先级为120,高于Device B的优先级。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
[DeviceA-Vlan-interface101] vrrp vrid 1 priority 120
[DeviceA-Vlan-interface101] quit
# 创建VRRP备份组2,并配置VRRP备份组2的虚拟IP地址为11.0.0.1。
[DeviceA] interface vlan-interface 102
[DeviceA-Vlan-interface102] vrrp vrid 2 virtual-ip 11.0.0.1
[DeviceA-Vlan-interface102] quit
# 设置Device A工作在抢占方式,配置抢占延迟时间为500厘秒。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface101] quit
# 创建和上行端口HundredGigE1/0/2关联的Track项1。
[DeviceA] track 1 interface hundredgige 1/0/2
[DeviceA-track-1] quit
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组1中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface101] quit
# 配置MSTP,将VLAN101映射到MSI 1,VLAN102映射到MSI 2,并将Device A作为MSI 1的根桥。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 101
[DeviceA-mst-region] instance 2 vlan 102
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp instance 2 root secondary
[DeviceA] stp global enable
(2) Device B的配置
<DeviceB> system-view
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1]undo shutdown
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] vlan 101
[DeviceB-vlan101] port hundredgige 1/0/1
[DeviceB-vlan101] quit
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] ip address 10.0.0.3 24
[DeviceB-Vlan-interface101] quit
# 请参考以上方法配置图2中其它接口的IP地址,配置步骤省略。
# 配置两个网关设备间采用trunk口直连,允许VLAN 101和VLAN 102的报文通过
[DeviceB] interface hundredgige 1/0/24
[DeviceB-HundredGigE1/0/24] port link-type trunk
[DeviceB-HundredGigE1/0/24] undo port trunk permit vlan 1
[DeviceB-HundredGigE1/0/24] port trunk permit vlan 101 to 102
[DeviceB-HundredGigE1/0/24] port trunk pvid vlan 101
[DeviceB-HundredGigE1/0/24] quit
# 关闭HundredGigE1/0/2的STP功能
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] undo stp enable
[DeviceB-HundredGigE1/0/2] quit
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.0.0.1。
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] vrrp vrid 1 virtual-ip 10.0.0.1
[DeviceB-Vlan-interface101] quit
# 创建VRRP备份组2,并配置VRRP备份组2的虚拟IP地址为11.0.0.1,并配置Device B在VRRP备份组2中的优先级为120,高于Device A的优先级。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp vrid 2 virtual-ip 11.0.0.1
[DeviceB-Vlan-interface102] vrrp vrid 2 priority 120
# 设置Device B工作在抢占方式,配置抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface102] vrrp vrid 2 preempt-mode delay 500
[DeviceB-Vlan-interface102] quit
# 创建和上行端口HundredGigE1/0/2关联的Track项2。
[DeviceB] track 2 interface hundredgige 1/0/2
[DeviceB-track-2] quit
# 配置监视Track项2,Track项的状态为Negative时,Device B在VRRP备份组2中的优先级降低的数值为50。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp vrid 2 track 2 priority reduced 50
[DeviceB-Vlan-interface102] quit
# 配置MSTP,将VLAN101映射到MSI 1,VLAN102映射到MSI 2,并将Device B作为MSI 2的根桥。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 101
[DeviceB-mst-region] instance 2 vlan 102
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 2 root primary
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2SwitchA的配置
# 配置MSTP,将VLAN101映射到MSI 1,激活MSTI配置,全局使能STP协议。
<L2SwitchA> system-view
[L2SwitchA] stp region-configuration
[L2SwitchA-mst-region] region-name vrrp
[L2SwitchA-mst-region] instance 1 vlan 101
[L2SwitchA-mst-region] active region-configuration
[L2SwitchA-mst-region] quit
[L2SwitchA] stp global enable
(4) L2SwitchB的配置
# 配置MSTP,将VLAN102映射到MSI 1,激活MSTI配置,全局使能STP协议。
<L2SwitchB> system-view
[L2SwitchB] stp region-configuration
[L2SwitchB-mst-region] region-name vrrp
[L2SwitchB-mst-region] instance 1 vlan 102
[L2SwitchB-mst-region] active region-configuration
[L2SwitchB-mst-region] quit
[L2SwitchB] stp global enable
(1) 配置完成后,区域A和区域B中的主机都可以ping通外网。
# 检查区域A的主机到目的端100.0.0.1是否可达。
<host A> ping 100.0.0.1
PING 100.0.0.1 (100.0.0.1): 56 data bytes
56 bytes from 100.0.0.1: seq=0 ttl=128 time=22.43 ms
56 bytes from 100.0.0.1: seq=1 ttl=128 time=7.17 ms
56 bytes from 100.0.0.1: seq=2 ttl=128 time=8.91 ms
56 bytes from 100.0.0.1: seq=3 ttl=128 time=7.45 ms
56 bytes from 100.0.0.1: seq=4 ttl=128 time=9.11 ms
--- 100.0.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 7.17/11.01/22.43 ms
# 检查区域B的主机到目的端100.1.0.1是否可达。
<host C> ping 100.1.0.1
PING 100.1.0.1 (100.1.0.1): 56 data bytes
56 bytes from 100.1.0.1: seq=0 ttl=128 time=22.43 ms
56 bytes from 100.1.0.1: seq=1 ttl=128 time=7.17 ms
56 bytes from 100.1.0.1: seq=2 ttl=128 time=8.91 ms
56 bytes from 100.1.0.1: seq=3 ttl=128 time=7.45 ms
56 bytes from 100.1.0.1: seq=4 ttl=128 time=9.11 ms
--- 100.1.0.1 ping statistics ---
5 packets transmitted, 5 packets received, 0% packet loss
round-trip min/avg/max = 7.17/11.01/22.43 ms
(2) 通过display vrrp verbose命令查看配置后的结果。
# 查看Device A上全部IPv4 VRRP备份组的详细信息,显示Device A在备份组1中为Master设备,在备份组2中为Backup设备。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Become Master : 210ms left
Auth Type : Not supported
Version : 3
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 11.0.0.3
# 查看Device B上全部IPv4 VRRP备份组的详细信息,显示Device B在备份组1中为Backup设备,在备份组2中为Master设备。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Become Master : 210ms left
Auth Type : Not supported
Version : 3
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 11.0.0.3
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
# Device A出现故障后,通过display vrrp verbose命令查看Device B上备份组的详细信息。可以看到Device B抢占为备份组1的Master。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : Not supported
Version : 3
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.3
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 11.0.0.3
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
以上显示信息表示Device A出现故障后,区域A和区域B中的主机仍然可以ping通外网。
# 当Device A故障恢复后,显示Device A上备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 10.0.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 10.0.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Become Master : 3550ms left
Auth Type : Not supported
Version : 3
Virtual IP : 11.0.0.1
Virtual MAC : 0000-5e00-0102
Master IP : 11.0.0.3
以上显示信息表示当Device A故障恢复后,Device A在VRRP备份组1中恢复为原来的优先级并抢占成为该备份组的Master,VLAN 101内的主机通过Device A与外界通信。
· Device A的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 1 root primary
stp instance 2 root secondary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface Vlan-interface102
ip address 11.0.0.2 255.255.255.0
vrrp vrid 2 virtual-ip 11.0.0.1
#
interface Vlan-interface4094
ip address 100.0.0.2 255.255.255.0
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 101
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface HundredGigE1/0/3
port link-mode bridge
port access vlan 102
#
interface HundredGigE1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface HundredGigE1/0/2
#
· Device B的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 2 root primary
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface101
ip address 10.0.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.0.0.1
#
interface Vlan-interface102
ip address 11.0.0.3 255.255.255.0
vrrp vrid 2 virtual-ip 11.0.0.1
vrrp vrid 2 priority 120
vrrp vrid 2 preempt-mode delay 500
vrrp vrid 2 track 2 priority reduced 50
#
interface Vlan-interface4094
ip address 100.1.0.2 255.255.255.0
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 101
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface HundredGigE1/0/3
port link-mode bridge
port access vlan 102
#
interface HundredGigE1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 2 interface HundredGigE1/0/2
#
如图3所示,Host A、Host B和Host C所在网络的出口处部署了三台设备。现要求使用VRRP负载均衡功能,将Device A、Device B和Device C组成一台虚拟路由器,作为局域网内主机的缺省网关。具体应用需求如下:
· 实现VRRP备份组中三台设备都可以转发报文,实现流量负载分担,充分利用网关资源;
· 当Device A、Device B或Device C自身或其上行接口出现故障时,Host A、Host B和Host C可以通过其他正常运行的设备继续通信,避免通信中断;当Device A、Device B或Device C故障恢复后,继续承担网关功能。
图3 IPv4 VRRP负载均衡模式配置组网图
· 为了使Device A优先与Device B和Device C被选举为VRRP备份组的Master设备,需要为其配置高于Device B和Device C的优先级;为了使Device B优先于Device C被选举为VRRP备份组的Master设备,需要为其配置高于Device C的优先级;
· 为了避免由于故障造成VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间;
· 在Device A、Device B和Device C上配置虚拟转发器通过Track项监视上行接口的状态。当上行接口出现故障时,降低该接口所在设备虚拟转发器的权重,以便其他设备接管该设备的转发任务,避免通信中断;
· 为了保证原Master设备故障恢复后,能再次抢占成为Master,需要配置VRRP备份组工作在抢占模式。
本举例是在R2825版本上进行配置和验证的。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· VRRP备份组的虚拟IP地址不能为全零地址(0.0.0.0)、广播地址(255.255.255.255)、环回地址、非A/B/C类地址和其它非法IP地址(如0.0.0.1)。
· VRRP工作在负载均衡模式时,备份组的虚拟IP地址和接口的IP地址不能相同,否则VRRP负载均衡功能将无法正常工作。
· 当监视的上行链路出现故障时,配置的权重降低数额需保证VF Owner的权重低于失效下限,即权重降低的数额大于245,其它的虚拟转发器才能接替VF Owner成为AVF。
· 对于同一个VRRP备份组的成员设备,必须保证备份组虚拟路由器的IP地址配置完全一样。
(1) 配置接口
# 配置接口。
<DeviceA> system-view
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] undo shutdown
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] vlan 2
[DeviceA-vlan2] port hundredgige 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 10.1.1.2 24
[DeviceA-Vlan-interface2] quit
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] undo shutdown
[DeviceA-HundredGigE1/0/2] quit
[DeviceA] vlan 3
[DeviceA-vlan3] port hundredgige 1/0/2
[DeviceA-vlan3] quit
[DeviceA] interface vlan-interface 3
[DeviceA-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceA] vrrp mode load-balance
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.1.1.1。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device A在VRRP备份组1中的优先级为120,高于Device B的优先级110和Device C的优先级100,以保证Device A成为Master。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 120
# 配置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,Device A就会成为Master。为了避免频繁地进行状态切换,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
(3) 配置Track
# 创建和HundredGigE1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device A的上行接口出现故障。
[DeviceA] track 1 interface hundredgige 1/0/2
[DeviceA-track-1] quit
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device A上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device A的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceA-Vlan-interface2] quit
(1) 配置接口
# 配置接口。
<DeviceB> system-view
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] undo shutdown
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] vlan 2
[DeviceB-vlan2] port hundredgige 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 10.1.1.3 24
[DeviceB-Vlan-interface2] quit
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] undo shutdown
[DeviceB-HundredGigE1/0/2] quit
[DeviceB] vlan 3
[DeviceB-vlan3] port hundredgige 1/0/2
[DeviceB-vlan3] quit
[DeviceB] interface vlan-interface 3
[DeviceB-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceB] vrrp mode load-balance
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.1.1.1。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device B在VRRP备份组1中的优先级为110,高于Device C的优先级,以保证Device A出现故障时,Device B成为Master。
[DeviceB-Vlan-interface2] vrrp vrid 1 priority 110
# 配置Device B工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
(3) 配置Track
# 创建和HundredGigE1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device B的上行接口出现故障。
[DeviceB] track 1 interface hundredgige 1/0/2
[DeviceB-track-1] quit
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device B上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device B的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceB-Vlan-interface2] quit
(1) 配置接口
# 配置接口。
<DeviceC> system-view
[DeviceC] interface hundredgige 1/0/1
[DeviceC-HundredGigE1/0/1] undo shutdown
[DeviceC-HundredGigE1/0/1] quit
[DeviceC] vlan 2
[DeviceC-vlan2] port hundredgige 1/0/1
[DeviceC-vlan2] quit
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] ip address 10.1.1.4 24
[DeviceC-Vlan-interface2] quit
[DeviceC] interface hundredgige 1/0/2
[DeviceC-HundredGigE1/0/2] undo shutdown
[DeviceC-HundredGigE1/0/2] quit
[DeviceC] vlan 3
[DeviceC-vlan3] port hundredgige 1/0/2
[DeviceC-vlan3] quit
[DeviceC] interface vlan-interface 3
[DeviceC-Vlan-interface3] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceA] vrrp mode load-balance
# 创建VRRP备份组1,并配置VRRP备份组1的虚拟IP地址为10.1.1.1。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1
# 配置Device C工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceC-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceC-Vlan-interface2] quit
(3) 配置Track
# 创建和HundredGigE1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device C的上行接口出现故障。
[DeviceC] track 1 interface hundredgige 1/0/2
[DeviceC-track-1] quit
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device C上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device C的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250
[DeviceC-Vlan-interface2] quit
(1) 配置完成后,在Host A上可以ping通外网,通过display vrrp verbose命令查看配置后的结果
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.2 (Local, Master)
10.1.1.3 (Backup)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 255
Active : local
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Become Master : 2150ms left
Auth Type : Not supported
Version : 3
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.3 (Local, Backup)
10.1.1.2 (Master)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : 10.1.1.2
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 显示Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2150ms left
Auth Type : Not supported
Version : 3
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : 10.1.1.2
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示在VRRP备份组1中Device A为Master,Device B和Device C 为Backup。Device A、Device B和Device C上各自存在一个AVF,并存在作为备份的两个LVF。
(2) Device A的上行接口(HundredGigE1/0/2)出现故障后
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.2 (Local, Master)
10.1.1.3 (Backup)
10.1.1.4 (Backup)
Forwarder Information: 3 Forwarders 0 Active
Config Weight : 255
Running Weight : 5
Forwarder 01
State : Initialize
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 0
Active : 10.1.1.4
Forwarder 02
State : Initialize
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 0
Active : 10.1.1.3
Forwarder 03
State : Initialize
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 0
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Negative Weight Reduced : 250
# 显示Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2150ms left
Auth Type : Not supported
Version : 3
Become Master : 3550ms left
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 3 Forwarders 2 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Take Over)
Owner ID : 0000-5e01-1101
Priority : 85
Active : local
Redirect Time : 93 secs
Time-out Time : 1293 secs
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 85
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示Device A的上行接口出现故障后,Device A上虚拟转发器的权重降低为5,低于失效下限。Device A上所有虚拟转发器的状态均变为Initialized,不能再用于转发。Device C成为虚拟MAC地址000f-e2ff-0011对应虚拟转发器的AVF,接管Device A的转发任务。
# Timeout Timer超时后(约1800秒后),查看Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2150ms left
Auth Type : Not supported
Version : 3
Become Master : 3550ms left
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.4 (Local, Backup)
10.1.1.2 (Master)
10.1.1.3 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : 10.1.1.3
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示,Timeout Timer超时后,删除虚拟MAC地址000f-e2ff-0011对应的虚拟转发器,不再转发目的MAC地址为该MAC的报文。
(3) Device A出现故障后
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Standby Information:
Run mode : Load balance
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 10.1.1.1
Member IP List : 10.1.1.3 (Local, Master)
10.1.1.4 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : 10.1.1.4
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示Device A出现故障后,Device B的优先级高于Device C,将抢占成为Master。
· Device A的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 120
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface HundredGigE1/0/2
#
· Device B的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface HundredGigE1/0/2
#
· Device C的配置文件:
#
vrrp mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ip address 10.1.1.4 255.255.255.0
vrrp vrid 1 virtual-ip 10.1.1.1
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface HundredGigE1/0/2
#
如图4所示,Area A区域的用户(Host A和Host B)所在网络的出口处部署了两台网关设备。现要求使用VRRP主备备份功能,将这两台设备组成一台虚拟路由器,作为Area A区域用户的缺省网关。具体应用需求如下:
· 在正常情况下,由Device A承担网关功能,转发Area A区域用户发送至外网的流量;
· 当Device A或者Device A的上行接口出现故障时,由Device B接替Device A承担网关功能;
· 当Device A或者Device A的上行接口故障恢复后,由Device A继续承担网关功能。
图4 IPv6 VRRP单备份组配置组网图
· 为了让Device A成为Master,需要为Device A配置较高的优先级;
· 将VRRP组的抢占模式和监视上行接口状态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP组内的角色发生转变,实现主备切换;
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
· 为了避免网关设备(Device A和Device B)与二层交换机形成二层环路,使用STP协议在VRRP备份组中阻塞一个端口。
本举例是在R2825版本上进行配置和验证的。
· 建议将备份组的虚拟IPv6地址和备份组中设备下行接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 对于同一个VRRP备份组的成员设备,必须保证虚拟路由器的IP地址配置完全一样。
(1) Device A的配置
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] undo shutdown
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] vlan 2
[DeviceA-vlan2] port hundredgige 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface2] ipv6 address 1::1 64
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置允许发布RA消息,以便Area A的主机通过RA消息学习到缺省网关地址。
[DeviceA-Vlan-interface2] undo ipv6 nd ra halt
# 设置Device A在VRRP备份组1中的优先级为110,高于Device B的优先级100,以保证Device A成为Master负责转发流量。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# 设置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,就由Device A负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 创建和上行接口HundredGigE1/0/3关联的Track项1。
[DeviceA] track 1 interface hundredgige 1/0/3
[DeviceA-track-1] quit
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
# 配置两个网关设备间采用Trunk口直连,允许VLAN 2的报文通过
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port link-type trunk
[DeviceA-HundredGigE1/0/2] undo port trunk permit vlan 1
[DeviceA-HundredGigE1/0/2] port trunk permit vlan 2
[DeviceA-HundredGigE1/0/2] port trunk pvid vlan 2
[DeviceA-HundredGigE1/0/2] quit
# 配置MSTP,并将Device A作为MSI 1的根桥。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 2
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp global enable
(2) Device B的配置
# 配置接口IP地址。
<DeviceB> system-view
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] undo shutdown
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] vlan 2
[DeviceB-vlan2] port hundredgige 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface2] ipv6 address 1::2 64
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置允许发布RA消息,以便Area A的主机通过RA消息学习到缺省网关地址。
[DeviceB-Vlan-interface2] undo ipv6 nd ra halt
# 设置Device B工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置两个网关设备间采用Trunk口直连,允许VLAN 2的报文通过
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port link-type trunk
[DeviceB-HundredGigE1/0/2] undo port trunk permit vlan 1
[DeviceB-HundredGigE1/0/2] port trunk permit vlan 2
[DeviceB-HundredGigE1/0/2] port trunk pvid vlan 2
[DeviceB-HundredGigE1/0/2] quit
# 配置MSTP,并全局使能STP。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 2
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) Switch A的配置
# 配置MSTP,将VLAN2映射到MSI 1,激活MSTI配置,全局使能STP协议。
<SwitchA> system-view
[SwitchA] stp region-configuration
[SwitchA-mst-region] region-name vrrp
[SwitchA-mst-region] instance 1 vlan 2
[SwitchA-mst-region] active region-configuration
[SwitchA-mst-region] quit
[SwitchA] stp global enable
# 配置完成后,Area A里面的主机可以ping通外网。如Host A可以ping通IPv6地址为30::1的主机。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 通过display vrrp ipv6 verbose命令查看配置后的结果,显示Device A上IPv6 VRRP备份组1的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 通过display vrrp ipv6 verbose命令查看配置后的结果,显示Device B上IPv6 VRRP备份组1的详细信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3000ms left
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
以上显示信息表示在IPv6 VRRP备份组1中Device A为Master路由器,Device B为Backup路由器,Area A的用户发送给外网的报文通过Device A转发。
# Device A或Device A的上行接口出现故障后,Area A的用户上仍然可以与外网通信。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 通过display vrrp ipv6 verbose命令查看Device B上IPv6 VRRP备份组的详细信息,Device A或Device A的上行接口出现故障后,显示Device B上IPv6 VRRP备份组1的详细信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::2
以上显示信息表示Device A或Device A的上行接口出现故障后,Device B成为Master路由器,Area A的用户发送给外网的报文通过Device B转发。
# Device A或Device A的上行接口故障恢复后,显示Device A上VRRP备份组1的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
以上显示信息表示Device A故障恢复后,Device A会抢占成为Master,Area A的用户发送给外网的报文仍然通过Device A转发。
· Device A的配置文件:
#
sysname DeviceA
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Vlan-interface2
ipv6 address fe80::1 link-local
ipv6 address 1::1/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 110
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 priority reduced 50
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
port trunk pvid vlan 2
#
track 1 interface HundredGigE1/0/3
#
· Device B的配置文件:
#
sysname DeviceB
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface2
ipv6 address fe80::2 link-local
ipv6 address 1::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 preempt-mode delay 500
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
interface HundredGigE1/0/2
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 2
port trunk pvid vlan 2
#
· Switch A的配置文件:
#
sysname SwitchA
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp global enable
#
如图5所示,某公司为了实现网关设备的冗余备份,以及内网主机流量的负载分担,在内部网络的出口处部署了两台设备,并使用VRRP负载分担功能,将这两台设备组成两台虚拟路由器,分别作为区域A和区域B的缺省网关。具体应用需求如下:
· Device A是VRRP备份组1中的Master设备,Device B是VRRP备份组2中的Master设备。在正常情况下,区域A的用户通过Device A进行数据转发,区域B的用户通过Device B进行数据转发。
· 当Device A或者Device A的上行接口发生故障后,Device B能够迅速承担区域A内主机流量的转发任务;Device A故障恢复后,继续承担VRRP备份组1的网关功能;
· 当Device B或者Device B的上行接口发生故障后,Device A能够迅速承担区域B内主机流量的转发任务;Device B故障恢复后,继续承担VRRP备份组2的网关功能。
图5 IPv6 VRRP多备份组配置组网图
· 为了让Device A和Device B分别成为VRRP备份组1和VRRP备份组2中的Master,需要在VRRP备份组1中为Device A配置较高的优先级,在VRRP备份组2中为Device B配置较高的优先级。
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
· 将VRRP组的抢占模式和监视上行接口状态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP组内的角色发生转变,实现主备切换;
· 为了避免网关设备(Device A和Device B)与二层交换机形成二层环路,使用STP协议在每个VRRP备份组中阻塞一个端口。
本举例是在R2825版本上进行配置和验证的。
· 建议将备份组的虚拟IPv6地址和备份组中设备下行接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了VRRP备份组的接口的IPv6地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 对于同一个VRRP备份组的成员设备,如下配置必须保证完全一样:
¡ 虚拟路由器的IP地址个数
¡ 每个备份组虚拟路由器的IP地址
¡ 定时器间隔时间
(1) Device A的配置
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] undo shutdown
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] vlan 101
[DeviceA-vlan101] port hundredgige 1/0/1
[DeviceA-vlan101] quit
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface101] ipv6 address 10::2 64
[DeviceA-Vlan-interface101] quit
# 请参考以上方法配置图5中其它接口的IPv6地址,配置步骤这里省略。
# 配置两个网关设备间采用Trunk口直连,允许VLAN 101和VLAN 102的报文通过
[DeviceA] interface hundredgige 1/0/24
[DeviceA-HundredGigE1/0/24] port link-type trunk
[DeviceA-HundredGigE1/0/24] undo port trunk permit vlan 1
[DeviceA-HundredGigE1/0/24] port trunk permit vlan 101 to 102
[DeviceA-HundredGigE1/0/24] port trunk pvid vlan 101
[DeviceA-HundredGigE1/0/24] quit
# 关闭HundredGigE1/0/2的STP功能
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] undo stp enable
[DeviceA-HundredGigE1/0/2] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和10::1,配置抢占延迟时间为500厘秒,并配置Device A在VRRP备份组1中的优先级为120,高于Device B的优先级。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 priority 120
# 配置允许发布RA消息,以便Area A内主机通过RA消息学习到缺省网关地址。
[DeviceA-Vlan-interface101] undo ipv6 nd ra halt
[DeviceA-Vlan-interface101] quit
# 创建VRRP备份组2,并配置备份组2的虚拟IPv6地址为FE80::20和11::1,配置抢占延迟时间为500厘秒。
[DeviceA] interface vlan-interface 102
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip 11::1
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 preempt-mode delay 500
# 配置允许发布RA消息,以便Area B内主机通过RA消息学习到缺省网关地址。
[DeviceA-Vlan-interface102] undo ipv6 nd ra halt
[DeviceA-Vlan-interface102] quit
# 创建和上行接口HundredGigE1/0/2关联的Track项1。
[DeviceA] track 1 interface hundredgige 1/0/2
[DeviceA-track-1] quit
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组1中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 101
[DeviceA-Vlan-interface101] vrrp ipv6 vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface101] quit
# 配置MSTP,将VLAN101映射到MSI 1,VLAN102映射到MSI 2,并将Device A作为MSI 1的根桥。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 101
[DeviceA-mst-region] instance 2 vlan 102
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp instance 2 root secondary
[DeviceA] stp global enable
(2) Device B的配置
<DeviceB> system-view
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] undo shutdown
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] vlan 101
[DeviceB-vlan101] port hundredgige 1/0/1
[DeviceB-vlan101] quit
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface101] ipv6 address 10::3 64
[DeviceB-Vlan-interface101] quit
# 请参考以上方法配置图5中其它接口的IP地址,配置步骤省略。
# 配置两个网关设备间采用trunk口直连,允许VLAN 101和VLAN 102的报文通过
[DeviceB] interface hundredgige 1/0/24
[DeviceB-HundredGigE1/0/24] port link-type trunk
[DeviceB-HundredGigE1/0/24] undo port trunk permit vlan 1
[DeviceB-HundredGigE1/0/24] port trunk permit vlan 101 to 102
[DeviceB-HundredGigE1/0/24] port trunk pvid vlan 101
[DeviceB-HundredGigE1/0/24] quit
# 关闭HundredGigE1/0/2的STP功能
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] undo stp enable
[DeviceB-HundredGigE1/0/2] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和10::1。
[DeviceB] interface vlan-interface 101
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 virtual-ip 10::1
[DeviceB-Vlan-interface101] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允许发布RA消息,以便Area A内主机通过RA消息学习到缺省网关地址。
[DeviceB-Vlan-interface101] undo ipv6 nd ra halt
[DeviceB-Vlan-interface101] quit
# 创建VRRP备份组2,并配置备份组2的虚拟IPv6地址为FE80::20和11::1,并配置Device B在VRRP备份组2中的优先级为120,高于Device A的优先级。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 virtual-ip 11::1
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 priority 120
[DeviceA-Vlan-interface102] vrrp ipv6 vrid 2 preempt-mode delay 500
# 配置允许发布RA消息,以便Area B内主机通过RA消息学习到缺省网关地址。
[DeviceB-Vlan-interface102] undo ipv6 nd ra halt
[DeviceB-Vlan-interface102] quit
# 创建和上行接口HundredGigE1/0/2关联的Track项2。
[DeviceB] track 2 interface hundredgige 1/0/2
[DeviceB-track-2] quit
# 配置监视Track项2,Track项的状态为Negative时,Device B在VRRP备份组2中的优先级降低的数值为50。
[DeviceB] interface vlan-interface 102
[DeviceB-Vlan-interface102] vrrp ipv6 vrid 2 track 2 priority reduced 50
[DeviceB-Vlan-interface102] quit
# 配置MSTP,将VLAN101映射到MSI 1,VLAN102映射到MSI 2,并将Device B作为MSI 2的根桥。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 101
[DeviceB-mst-region] instance 2 vlan 102
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 2 root primary
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2SwitchA的配置
# 配置MSTP,将VLAN101映射到MSI 1,激活MSTI配置,全局使能STP协议。
<L2SwitchA> system-view
[L2SwitchA] stp region-configuration
[L2SwitchA-mst-region] region-name vrrp
[L2SwitchA-mst-region] instance 1 vlan 101
[L2SwitchA-mst-region] active region-configuration
[L2SwitchA-mst-region] quit
[L2SwitchA] stp global enable
(4) L2SwitchB的配置
# 配置MSTP,将VLAN102映射到MSI 1,激活MSTI配置,全局使能STP协议。
<L2SwitchB> system-view
[L2SwitchB] stp region-configuration
[L2SwitchB-mst-region] region-name vrrp
[L2SwitchB-mst-region] instance 1 vlan 102
[L2SwitchB-mst-region] active region-configuration
[L2SwitchB-mst-region] quit
[L2SwitchB] stp global enable
(1) 配置完成后,区域A和区域B中的主机都可以ping通外网。
# 检查区域A到外网IPv6地址为30::1的主机是否可达。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\areaA>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
# 检查区域B到外网IPv6地址为30::1的主机是否可达。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\areaB>ping 30::1
Pinging 30::1 with 32 bytes of data:
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Reply from 30::1: time<1ms
Ping statistics for 30::1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(2) 通过display vrrp ipv6 verbose命令查看配置后的结果。
# 查看Device A上全部IPv6 VRRP备份组的详细信息,显示Device A在VRRP备份组1中为Master设备,在VRRP备份组2中为Backup设备。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3550ms left
Auth Type : Not supported
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0202
Master IP : FE80::4
# 查看Device B上全部IPv6 VRRP备份组的详细信息,显示Device B在备份组1中为Backup设备,在备份组2中为Master设备。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3500ms left
Auth Type : Not supported
Virtual IP : FE80::10
10::2
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0202
Master IP : FE80::4
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
# Device A或Device A的上行接口出现故障后,通过display vrrp ipv6 verbose命令查看Device B上备份组的详细信息。可以看到Device B抢占为备份组1的Master。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
10::2
Virtual MAC : 0000-5e00-0101
Master IP : FE80::2
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0202
Master IP : FE80::4
VRRP Track Information:
Track Object : 2 State : Positive Pri Reduced : 50
以上显示信息表示Device A或Device A的上行接口出现故障后,Device B抢占成为Master,负责转发用户的业务数据。
# 当Device A故障恢复后,显示Device A上备份组的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 2
Interface Vlan-interface101
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
10::1
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
Interface Vlan-interface102
VRID : 2 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3550ms left
Auth Type : Not supported
Virtual IP : FE80::20
11::1
Virtual MAC : 0000-5e00-0202
Master IP : FE80::4
以上显示信息表示当Device A或Device A的上行接口故障恢复后,Device A在VRRP备份组1中恢复为原来的优先级并抢占成为该备份组的Master,区域A内的主机通过Device A与外界通信。
· Device A的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 1 root primary
stp instance 2 root secondary
stp global enable
#
interface Vlan-interface101
ipv6 address fe80::1 link-local
ipv6 address 10::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 priority reduced 50
#
interface Vlan-interface102
ipv6 address fe80::3 link-local
ipv6 address 11::2/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
vrrp ipv6 vrid 2 virtual-ip 11::1
vrrp ipv6 vrid 2 preempt-mode delay 500
#
interface Vlan-interface4094
ipv6 address 3::101/64
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 101
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface HundredGigE1/0/3
port link-mode bridge
port access vlan 102
#
interface HundredGigE1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 1 interface Ten-GigabitEthernet1/0/2
#
· Device B的配置文件:
#
vlan 101 to 102
#
vlan 4094
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
instance 2 vlan 102
active region-configuration
#
stp instance 2 root primary
stp instance 1 root secondary
stp global enable
#
interface Vlan-interface101
ipv6 address fe80::3 link-local
ipv6 address 10::3/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 10::1
vrrp ipv6 vrid 1 preempt-mode delay 500
#
interface Vlan-interface102
ipv6 address fe80::2 link-local
ipv6 address 11::3/64
undo ipv6 nd ra halt
vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local
vrrp ipv6 vrid 2 virtual-ip 11::1
vrrp ipv6 vrid 2 priority 120
vrrp ipv6 vrid 2 preempt-mode delay 500
vrrp ipv6 vrid 2 track 2 priority reduced 50
#
interface Vlan-interface4094
ipv6 address 4::101/64
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 101
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 4094
undo stp enable
#
interface HundredGigE1/0/3
port link-mode bridge
port access vlan 102
#
interface HundredGigE1/0/24
port link-mode bridge
port link-type trunk
undo port trunk permit vlan 1
port trunk permit vlan 101 to 102
port trunk pvid vlan 101
#
track 2 interface Ten-GigabitEthernet1/0/2
#
· L2Switch A的配置文件:
#
sysname L2SwitchA
#
stp region-configuration
region-name vrrp
instance 1 vlan 101
active region-configuration
#
stp global enable
#
· L2Switch B的配置文件:
#
sysname L2SwitchB
#
stp region-configuration
region-name vrrp
instance 1 vlan 102
active region-configuration
#
stp global enable
#
如图6所示,Host A、Host B和Host C所在网络的出口处部署了三台设备。现要求使用VRRP负载均衡功能,将Device A、Device B和Device C组成一台虚拟路由器,作为局域网内主机的缺省网关。具体应用需求如下:
· 实现VRRP备份组中三台设备都可以转发报文,实现流量负载分担,充分利用网关资源;
· 当Device A、Device B或Device C自身或其上行接口出现故障时,Host A、Host B和Host C可以通过其他正常运行的设备继续通信,避免通信中断;当Device A、Device B或Device C故障恢复后,继续承担网关功能。
图6 IPv6 VRRP负载均衡模式配置组网图
· 为了使Device A优先与Device B和Device C被选举为VRRP备份组的Master设备,需要为其配置高于Device B和Device C的优先级;为了使Device B优先于Device C被选举为VRRP备份组的Master设备,需要为其配置高于Device C的优先级;
· 为了避免由于故障造成VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间;
· 在Device A、Device B和Device C上配置虚拟转发器通过Track项监视上行接口的状态。当上行接口出现故障时,降低该接口所在设备虚拟转发器的权重,以便其他设备接管该设备的转发任务,避免通信中断;
· 为了保证原Master设备故障恢复后,能再次抢占成为Master,需要配置VRRP备份组工作在抢占模式。
本举例是在R2825版本上进行配置和验证的。
· 建议将备份组的虚拟IPv6地址和备份组中设备下行接口的IPv6地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· VRRP工作在负载均衡模式时,备份组的虚拟IPv6地址和接口的IPv6地址不能相同,否则VRRP负载均衡功能将无法正常工作。
· 当监视的上行链路出现故障时,配置的权重降低数额需保证VF Owner的权重低于失效下限,即权重降低的数额大于245,其它的虚拟转发器才能接替VF Owner成为AVF。
· 对于同一个VRRP备份组的成员设备,必须保证备份组虚拟路由器的IPv6地址配置完全一样。
# 配置接口IPv6地址。
<DeviceA> system-view
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] undo shutdown
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] vlan 2
[DeviceA-vlan2] port hundredgige 1/0/1
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ipv6 address fe80::1 link-local
[DeviceA-Vlan-interface2] ipv6 address 1::1 64
[DeviceA-Vlan-interface2] quit
(1) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceA] vrrp ipv6 mode load-balance
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device A在VRRP备份组1中的优先级为120,高于Device B的优先级110和Device C的优先级100,以保证Device A成为Master。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 priority 120
# 配置Device A工作在抢占方式,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允许发布RA消息,以便1::/64网段内主机通过RA消息学习到缺省网关地址。
[DeviceA-Vlan-interface2] undo ipv6 nd ra halt
[DeviceA-Vlan-interface2] quit
(2) 配置Track
# 创建和HundredGigE1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device A的上行接口出现故障。
[DeviceA] track 1 interface hundredgige 1/0/2
[DeviceA-track-1] quit
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device A上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device A的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceA-Vlan-interface2] quit
(1) 配置接口
# 配置接口IPv6地址。
<DeviceB> system-view
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] undo shutdown
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] vlan 2
[DeviceB-vlan2] port hundredgige 1/0/1
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ipv6 address fe80::2 link-local
[DeviceB-Vlan-interface2] ipv6 address 1::2 64
[DeviceB-Vlan-interface2] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceB] vrrp ipv6 mode load-balance
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device B的优先级110,高于Device C的优先级100,以保证Device A出现故障时,Device B成为Master。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# 配置Device B工作在抢占方式,配置抢占延迟时间为5秒。
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允许发布RA消息,以便1::/64网段内主机通过RA消息学习到缺省网关地址。
[DeviceB-Vlan-interface2] undo ipv6 nd ra halt
[DeviceB-Vlan-interface2] quit
(3) 配置Track
# 创建和HundredGigE1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device B的上行接口出现故障。
[DeviceB] track 1 interface hundredgige 1/0/2
[DeviceB-track-1] quit
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device B上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device B的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceB-Vlan-interface2] quit
(1) 配置接口
# 配置接口IPv6地址。
<DeviceC> system-view
[DeviceC] interface hundredgige 1/0/1
[DeviceC-HundredGigE1/0/1] undo shutdown
[DeviceC-HundredGigE1/0/1] quit
[DeviceC] vlan 2
[DeviceC-vlan2] port hundredgige 1/0/1
[DeviceC-vlan2] quit
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] ipv6 address fe80::3 link-local
[DeviceC-Vlan-interface2] ipv6 address 1::3 64
[DeviceC-Vlan-interface2] quit
(2) 配置VRRP
# 配置VRRP工作在负载均衡模式。
[DeviceC] vrrp ipv6 mode load-balance
# 创建VRRP备份组1,并配置备份组1的虚拟IPv6地址为FE80::10和1::10。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10
# 配置Device C工作在抢占方式,配置抢占延迟时间为500厘秒。
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500
# 配置允许发布RA消息,以便1::/64网段内主机通过RA消息学习到缺省网关地址。
[DeviceC-Vlan-interface2] undo ipv6 nd ra halt
[DeviceC-Vlan-interface2] quit
(3) 配置Track
# 创建和HundredGigE1/0/2关联的Track项1。如果Track项的状态为Negative,则说明Device C的上行接口出现故障。
[DeviceC] track 1 interface hundredgige 1/0/2
[DeviceC-track-1] quit
# 配置虚拟转发器监视Track项1。Track项的状态为Negative时,降低Device C上虚拟转发器的权重,使其低于失效下限10,即权重降低的数额大于245,以便其他设备接替Device C的转发任务。本例中,配置虚拟转发器权重降低数额为250。
[DeviceC] interface vlan-interface 2
[DeviceC-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250
[DeviceC-Vlan-interface2] quit
(1) 配置完成后,在Host A上可以ping通外网,通过display vrrp ipv6 verbose命令查看配置后的结果
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Member IP List : FE80::1 (Local, Master)
FE80::2 (Backup)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 255
Active : local
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Become Master : 3120ms left
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Member IP List : FE80::2 (Local, Backup)
FE80::1 (Master)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : FE80::1
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
# 显示Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp ipv6 verbose
IPv4 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3120ms left
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 3 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Listening
Virtual MAC : 000f-e2ff-0011 (Learnt)
Owner ID : 0000-5e01-1101
Priority : 127
Active : FE80::1
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示在VRRP备份组1中Device A为Master,Device B和Device C 为Backup。Device A、Device B和Device C上各自存在一个AVF,并存在作为备份的两个LVF。
(2) Device A的上行接口(HundredGigE1/0/2)出现故障后
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 120 Running Pri : 120
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Member IP List : FE80::1 (Local, Master)
FE80::2 (Backup)
FE80::3 (Backup)
Forwarder Information: 3 Forwarders 0 Active
Config Weight : 255
Running Weight : 5
Forwarder 01
State : Initialize
Virtual MAC : 000f-e2ff-0011 (Owner)
Owner ID : 0000-5e01-1101
Priority : 0
Active : FE80::3
Forwarder 02
State : Initialize
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 0
Active : FE80::2
Forwarder 03
State : Initialize
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 0
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Negative Weight Reduced : 250
# 显示Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3550ms left
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 3 Forwarders 2 Active
Config Weight : 255
Running Weight : 255
Forwarder 01
State : Active
Virtual MAC : 000f-e2ff-0011 (Take Over)
Owner ID : 0000-5e01-1101
Priority : 85
Active : local
Redirect Time : 93 secs
Time-out Time : 1293 secs
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 85
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示Device A的上行接口出现故障后,Device A上虚拟转发器的权重降低为5,低于失效下限。Device A上所有虚拟转发器的状态均变为Initialized,不能再用于转发。Device C成为虚拟MAC地址000f-e2ff-0011对应虚拟转发器的AVF,接管Device A的转发任务。
# Timeout Timer超时后(约1800秒后),查看Device C上VRRP备份组的详细信息。
[DeviceC] display vrrp ipv6 verbose
IPv6 Virtual Device Information:
Running mode : Load balance
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 3550ms left
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Member IP List : FE80::3 (Local, Backup)
FE80::1 (Master)
FE80::2 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Listening
Virtual MAC : 000f-e2ff-0012 (Learnt)
Owner ID : 0000-5e01-1103
Priority : 127
Active : FE80::2
Forwarder 03
State : Active
Virtual MAC : 000f-e2ff-0013 (Owner)
Owner ID : 0000-5e01-1105
Priority : 255
Active : local
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示,Timeout Timer超时后,删除虚拟MAC地址000f-e2ff-0011对应的虚拟转发器,不再转发目的MAC地址为该MAC的报文。
(3) Device A出现故障后
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp ipv6 verbose
IPv6 Standby Information:
Run mode : Load balance
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Virtual IP : FE80::10
1::10
Member IP List : FE80::2 (Local, Master)
FE80::3 (Backup)
Forwarder Information: 2 Forwarders 1 Active
Config Weight : 255
Running Weight : 255
Forwarder 02
State : Active
Virtual MAC : 000f-e2ff-0012 (Owner)
Owner ID : 0000-5e01-1103
Priority : 255
Active : local
Forwarder 03
State : Listening
Virtual MAC : 000f-e2ff-0013 (Learnt)
Owner ID : 0000-5e01-1105
Priority : 127
Active : FE80::3
Forwarder Weight Track Information:
Track Object : 1 State : Positive Weight Reduced : 250
以上显示信息表示Device A出现故障后,Device B的优先级高于Device C,将抢占成为Master。
· Device A的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::1 link-local
ipv6 address 1::1 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 120
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface hundredgige 1/0/2
#
· Device B的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::2 link-local
ipv6 address 1::2 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 priority 110
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface hundredgige 1/0/2
#
· Device C的配置文件:
#
vrrp ipv6 mode load-balance
#
vlan 2 to 3
#
interface Vlan-interface2
ipv6 address fe80::3 link-local
ipv6 address 1::3 64
undo ipv6 nd ra halt
vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
vrrp ipv6 vrid 1 virtual-ip 1::10
vrrp ipv6 vrid 1 preempt-mode delay 500
vrrp ipv6 vrid 1 track 1 weight reduced 250
#
interface Vlan-interface3
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 3
#
track 1 interface hundredgige 1/0/2
#
如图7所示,Area A区域的用户(Host A和Host B)所在网络的出口处部署了两台网关设备。网关设备之间通过聚合接口相连。现要求使用VRRP主备备份功能,将这两台设备组成一台虚拟路由器,作为Area A区域用户的缺省网关。具体应用需求如下:
· 在正常情况下,由Device A承担网关功能,转发Area A区域用户发送至外网的流量;
· 当Device A的上行接口出现故障时,由Device B接替Device A承担网关功能;
· Device A的上行接口故障恢复后,由Device A继续承担网关功能。
· Device A、Device B与L2switch之间分别创建二层静态链路聚合组,用于增加Device A和Device B到用户之间的带宽,形成冗余,增强可靠性。
· Device A和Device B之间创建二层静态链路聚合组,用于当Device A的下行接口所在的聚合组Down,用户数据切换到L2switch—>Device B—>Device A链路时,增加Device B与Device A之间带宽,形成冗余,增强可靠性。
图7 VRRP单备份组配置组网图
· 为了让Device A成为Master,需要为Device A配置较高的优先级;
· 将VRRP组的抢占模式和监视上行接口状态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP组内的角色发生转变,实现主备切换;
· 为了避免VRRP备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
· 为了避免网关设备(Device A和Device B)与二层交换机形成二层环路,使用STP协议在VRRP备份组中阻塞一个端口。
本举例是R2825版本上进行配置和验证的。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 对于同一个VRRP备份组的成员设备,必须保证虚拟路由器的IP地址配置完全一样。
· 聚合链路的两端应配置相同的聚合模式。
· 用户删除聚合接口时,系统将自动删除对应的聚合组,且该聚合组内的所有成员端口将全部离开该聚合组。
· 配置了下列功能的端口将不能加入二层聚合组:AC与交叉连接关联(请参见“MPLS配置指导”中的“MPLS L2VPN”)以及AC与VSI关联(请参见“VXLAN配置指导”中的“VXLAN”)。
(1) Device A的配置
# 创建二层聚合接口1。
<DeviceA> system-view
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] quit
# 分别将端口HundredGigE1/0/3和HundredGigE1/0/4加入到聚合组1中。
[DeviceA] interface hundredgige 1/0/3
[DeviceA-HundredGigE1/0/3] port link-aggregation group 1
[DeviceA-HundredGigE1/0/3] quit
[DeviceA] interface hundredgige 1/0/4
[DeviceA-HundredGigE1/0/4] port link-aggregation group 1
[DeviceA-HundredGigE1/0/4] quit
# 配置二层聚合接口1为Trunk端口,并允许所有的报文通过。
[DeviceA] interface bridge-aggregation 1
[DeviceA-Bridge-Aggregation1] port link-type trunk
[DeviceA-Bridge-Aggregation1] port trunk permit vlan all
[DeviceA-Bridge-Aggregation1] quit
# 创建二层聚合接口2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] quit
# 分别将端口HundredGigE1/0/1和HundredGigE1/0/2加入到聚合组2中。
[DeviceA] interface hundredgige 1/0/1
[DeviceA-HundredGigE1/0/1] port link-aggregation group 2
[DeviceA-HundredGigE1/0/1] quit
[DeviceA] interface hundredgige 1/0/2
[DeviceA-HundredGigE1/0/2] port link-aggregation group 2
[DeviceA-HundredGigE1/0/2] quit
# 创建VLAN 2,并配置IP地址。
[DeviceA] vlan 2
[DeviceA-vlan2] quit
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] ip address 192.168.0.2 24
[DeviceA-Vlan-interface2] quit
# 配置二层聚合接口2为Access端口,加入VLAN 2。
[DeviceA] interface bridge-aggregation 2
[DeviceA-Bridge-Aggregation2] port link-type access
[DeviceA-Bridge-Aggregation2] port access vlan 2
[DeviceA-Bridge-Aggregation2] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为192.168.0.1。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 设置Device A在VRRP备份组1中的优先级为110,高于Device B的优先级100,以保证Device A成为Master负责转发流量。
[DeviceA-Vlan-interface2] vrrp vrid 1 priority 110
# 设置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,就由Device A负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为500厘秒。
[DeviceA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceA-Vlan-interface2] quit
# 创建和上行接口HundredGigE1/0/10关联的Track项1。
[DeviceA] track 1 interface hundredgige 1/0/10
[DeviceA-track-1] quit
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP备份组中的优先级降低的数值为50。
[DeviceA] interface vlan-interface 2
[DeviceA-Vlan-interface2] vrrp vrid 1 track 1 priority reduced 50
[DeviceA-Vlan-interface2] quit
# 配置MSTP,并将Device A作为MSI 1的根桥。
[DeviceA] stp region-configuration
[DeviceA-mst-region] region-name vrrp
[DeviceA-mst-region] instance 1 vlan 2
[DeviceA-mst-region] active region-configuration
[DeviceA-mst-region] quit
[DeviceA] stp instance 1 root primary
[DeviceA] stp global enable
(2) Device B的配置
# 创建二层聚合接口1。
<DeviceB> system-view
[DeviceB] interface bridge-aggregation 1
[DeviceB-Bridge-Aggregation1] quit
# 分别将端口HundredGigE1/0/3和HundredGigE1/0/4加入到聚合组1中。
[DeviceB] interface hundredgige 1/0/3
[DeviceB-HundredGigE1/0/3] port link-aggregation group 1
[DeviceB-HundredGigE1/0/3] quit
[DeviceB] interface hundredgige 1/0/4
[DeviceB-HundredGigE1/0/4] port link-aggregation group 1
[DeviceB-HundredGigE1/0/4] quit
# 配置二层聚合接口1为Trunk端口,并允许所有的报文通过。
[DeviceB] interface bridge-aggregation 1
[DeviceB-Bridge-Aggregation1] port link-type trunk
[DeviceB-Bridge-Aggregation1] port trunk permit vlan all
[DeviceB-Bridge-Aggregation1] quit
# 创建二层聚合接口3。
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] quit
# 分别将端口HundredGigE1/0/1和HundredGigE1/0/2加入到聚合组3中。
[DeviceB] interface hundredgige 1/0/1
[DeviceB-HundredGigE1/0/1] port link-aggregation group 3
[DeviceB-HundredGigE1/0/1] quit
[DeviceB] interface hundredgige 1/0/2
[DeviceB-HundredGigE1/0/2] port link-aggregation group 3
[DeviceB-HundredGigE1/0/2] quit
# 创建VLAN 2,并配置IP地址。
[DeviceB] vlan 2
[DeviceB-vlan2] quit
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] ip address 192.168.0.3 24
[DeviceB-Vlan-interface2] quit
# 配置二层聚合接口3为Access端口,加入VLAN 2。
[DeviceB] interface bridge-aggregation 3
[DeviceB-Bridge-Aggregation3] port link-type access
[DeviceB-Bridge-Aggregation3] port access vlan 2
[DeviceB-Bridge-Aggregation3] quit
# 创建VRRP备份组1,并配置备份组1的虚拟IP地址为192.168.0.1。
[DeviceB] interface vlan-interface 2
[DeviceB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.1
# 设置Device B工作在抢占方式,抢占延迟时间为500厘秒。
[DeviceB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500
[DeviceB-Vlan-interface2] quit
# 配置MSTP,并全局使能STP。
[DeviceB] stp region-configuration
[DeviceB-mst-region] region-name vrrp
[DeviceB-mst-region] instance 1 vlan 2
[DeviceB-mst-region] active region-configuration
[DeviceB-mst-region] quit
[DeviceB] stp instance 1 root secondary
[DeviceB] stp global enable
(3) L2switch的配置
# 创建二层聚合接口2。
<L2switch> system-view
[L2switch] interface bridge-aggregation 2
[L2switch-Bridge-Aggregation2] quit
# 分别将端口HundredGigE1/0/3和HundredGigE1/0/4加入到聚合组2中。
[L2switch] interface hundredgige 1/0/3
[L2switch-HundredGigE1/0/3] port link-aggregation group 2
[L2switch-HundredGigE1/0/3] quit
[L2switch] interface hundredgige 1/0/4
[L2switch-HundredGigE1/0/4] port link-aggregation group 2
[L2switch-HundredGigE1/0/4] quit
# 创建二层聚合接口3。
[L2switch] interface bridge-aggregation 3
[L2switch-Bridge-Aggregation3] quit
# 分别将端口HundredGigE1/0/5和HundredGigE1/0/6加入到聚合组3中。
[L2switch] interface hundredgige 1/0/5
[L2switch-HundredGigE1/0/5] port link-aggregation group 3
[L2switch-HundredGigE1/0/5] quit
[L2switch] interface hundredgige 1/0/6
[L2switch-HundredGigE1/0/6] port link-aggregation group 3
[L2switch-HundredGigE1/0/6] quit
# 创建VLAN 2,并将聚合组2和3加入该VLAN。
[L2switch] vlan 2
[L2switch-vlan2] quit
[L2switch] interface bridge-aggregation 2
[L2switch-Bridge-Aggregation2] port access vlan 2
[L2switch-Bridge-Aggregation2] quit
[L2switch] interface bridge-aggregation 3
[L2switch-Bridge-Aggregation3] port access vlan 2
[L2switch-Bridge-Aggregation3] quit
# 配置MSTP,将VLAN2映射到MSI 1,激活MSTI配置,全局使能STP协议。
[L2switch] stp region-configuration
[L2switch-mst-region] region-name vrrp
[L2switch-mst-region] instance 1 vlan 2
[L2switch-mst-region] active region-configuration
[L2switch-mst-region] quit
[L2switch] stp global enable
(1) 配置完成后,用户主机可以ping通外网,如Host A可以ping通外网IP地址为20.1.1.1的主机。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(2) 配置完成后,使用display vrrp verbose命令查看VRRP组状态
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2950ms left
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上显示信息表示在VRRP备份组1中Device A为Master,Device B为Backup。用户流量由Device A来转发。
(3) 使用display interface Bridge-Aggregation brief查看静态二层聚合组的情况
# 显示Device A上静态聚合组的信息。
[DeviceA] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG1 UP 2G(a) F(a) A 1
BAGG2 UP 2G(a) F(a) A 2
# 显示Device B上静态聚合组的信息。
[DeviceB] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG1 UP 2G(a) F(a) A 1
BAGG3 UP 2G(a) F(a) A 2
# 显示L2switch上静态聚合组的信息。
[L2switch] display interface Bridge-Aggregation brief
Brief information on interfaces in bridge mode:
Link: ADM - administratively down; Stby - standby
Speed: (a) - auto
Duplex: (a)/A - auto; H - half; F - full
Type: A - access; T - trunk; H - hybrid
Interface Link Speed Duplex Type PVID Description
BAGG2 UP 2G(a) F(a) A 2
BAGG3 UP 2G(a) F(a) A 2
以上信息表明静态聚合组1、2和3 的speed都为2G,Device A、Device B、L2switch之间带宽都增加了一倍,并且也增加了可靠性。
(4) Device A的上行接口(HundredGigE1/0/10)出现故障后,用户主机可以ping通外网,如Host A可以ping通外网IP地址为20.1.1.1的主机。
Microsoft Windows [Version 6.1.7601]
Copyright (c) 2009 Microsoft Corporation. All rights reserved.
C:\Users\hostA>ping 20.1.1.1
Pinging 20.1.1.1 with 32 bytes of data:
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Reply from 20.1.1.1: bytes=32 time<1ms TTL=128
Ping statistics for 20.1.1.1:
Packets: Sent = 4, Received = 4, Lost = 0 (0% loss),
Approximate round trip times in milli-seconds:
Minimum = 0ms, Maximum = 0ms, Average = 0ms
(5) Device A的上行接口(HundredGigE1/0/10)出现故障后,使用display vrrp verbose命令查看VRRP组状态
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 110 Running Pri : 60
Preempt Mode : Yes Delay Time : 500
Become Master : 3350ms left
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.3
VRRP Track Information:
Track Object : 1 State : Negative Pri Reduced : 50
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.3
以上显示信息表示Device A的上行接口出现故障后,Device A的优先级降低50,低于Device B,Device B抢占成为Master,用户流量由Device B进行转发。
(6) 当Device A的上行接口故障恢复后,使用display vrrp verbose命令查看VRRP组状态
# 显示Device A上VRRP备份组的详细信息。
[DeviceA] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 500
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
VRRP Track Information:
Track Object : 1 State : Positive Pri Reduced : 50
# 显示Device B上VRRP备份组的详细信息。
[DeviceB] display vrrp verbose
IPv4 Virtual Router Information:
Running mode : Standard
Total number of virtual routers : 1
Interface Vlan-interface2
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 500
Become Master : 2950ms left
Auth Type : Not supported
Version : 3
Virtual IP : 192.168.0.1
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.2
以上显示信息表示Device A的上行接口故障恢复后,Device A重新抢占成为Master,Device B为Backup。用户流量由Device A来转发。
· Device A的配置文件
#
sysname DeviceA
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root primary
stp global enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Vlan-interface2
ip address 192.168.0.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 priority 110
vrrp vrid 1 preempt-mode delay 500
vrrp vrid 1 track 1 priority reduced 50
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface HundredGigE1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
track 1 interface HundredGigE1/0/10
#
· Device B的配置文件
#
sysname DeviceB
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp instance 1 root secondary
stp global enable
#
interface Bridge-Aggregation1
port link-type trunk
port trunk permit vlan all
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Vlan-interface2
ip address 192.168.0.3 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.0.1
vrrp vrid 1 preempt-mode delay 500
#
interface HundredGigE1/0/1
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface HundredGigE1/0/2
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface HundredGigE1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
interface HundredGigE1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
port link-aggregation group 1
#
· L2switch的配置文件
#
sysname L2switch
#
vlan 2
#
stp region-configuration
region-name vrrp
instance 1 vlan 2
active region-configuration
#
stp global enable
#
interface Bridge-Aggregation2
port access vlan 2
#
interface Bridge-Aggregation3
port access vlan 2
#
interface HundredGigE1/0/3
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface HundredGigE1/0/4
port link-mode bridge
port access vlan 2
port link-aggregation group 2
#
interface HundredGigE1/0/5
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
interface HundredGigE1/0/6
port link-mode bridge
port access vlan 2
port link-aggregation group 3
#
如图8所示为一个IPv4、IPv6混合组网,终端通过二层交换机接入网关,网关为三层设备。为增强网络可靠性,网关采用双设备VRRP主备组网。
· IPv4管理备份组10统一维护局域网所有IPv4业务备份组的状态,IPv4管理备份组10的虚拟IP地址为10.1.10.1/24。
· IPv6管理备份组210统一维护局域网所有IPv6业务备份组的状态,IPv6管理备份组210的虚拟IP地址为2010::10/64。
· IPv4业务备份组20为局域网内的IPv4设备提供网关服务,虚拟IP地址为10.1.20.1/24。
· IPv6业务备份组220为局域网内的IPv6设备提供网关服务,虚拟IP地址为2020::20/64。
· 正常情况下,由Device A承担网关功能,转发局域网发送至外网的流量。
· 当Device A、Device A的上行链路、Device A的下行链路出现故障时,由Device B接替Device A承担网关功能;当故障恢复后,由Device A继续承担网关功能。
图8 三层子接口组网下,VRRP管理备份组+VRRP业务备份组配置组网图
· Device A和Device B为三层设备作为网关,使用三层聚合接口1作为上行接口,连接互联网;使用三层聚合接口2作为下行接口,连接下行的二层交换机。
· 实际网络中会部署多个VRRP业务备份组,为了减少网络中VRRP协议报文的交互,节省下行带宽,在网络中部署VRRP管理备份组,所有VRRP业务备份组的主备状态跟随VRRP管理备份组的主备状态。
· 在Device A和Device B的聚合子接口2.10上部署VRRP管理备份组,使用VLAN 10通过L2SwitchC交互VRRP协议报文;在Device A和Device B的聚合子接口2.20上部署VRRP业务备份组,用于VLAN 20终端的接入,在聚合子接口2.20上需要终结业务VLAN 20的报文。
· 为了实现VRRP管理备份组的负载分担,可以在IPv4 VRRP管理备份组中,为Device A配置较高的优先级,让Device A成为Master设备,Device B成为Backup设备;在IPv6 VRRP管理备份组中,为Device B配置较高的优先级,让Device B成为Master设备,Device A成为Backup设备。
· 将VRRP管理备份组的抢占模式和监控上行链路态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP管理备份组内的角色发生转变,实现主备切换。
· 为了避免VRRP管理备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
本举例是在R2825版本上进行配置和验证的。
· VRRP备份组的虚拟IP地址不能为全零地址(0.0.0.0)、广播地址(255.255.255.255)、环回地址、非A/B/C类地址和其它非法IP地址(如0.0.0.1)。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则VRRP备份组无法正常工作。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了VRRP备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 用户在配置降低优先级幅度时,需要确保降低后的优先级比VRRP备份组内其他设备的优先级要低,确保VRRP备份组内有其他设备被选为Master设备。
· 对于同一个VRRP备份组的成员设备,如下配置必须保证完全一样:
¡ 虚拟路由器的IP地址个数
¡ 每个备份组虚拟路由器的IP地址
¡ 定时器间隔时间
(1) 配置上行聚合接口。
# 创建上行聚合接口1。
<DeviceA> system-view
[DeviceA] interface route-aggregation 1
[DeviceA-Route-Aggregatio1] link-aggregation mode dynamic
[DeviceA-Route-Aggregation1] quit
# 分别将端口GigabitEthernet1/0/1和GigabitEthernet1/0/2加入到聚合组1中。
[DeviceA] interface range gigabitethernet 1/0/1 gigabitethernet 1/0/2
[DeviceA-if-range] port link-aggregation group 1
[DeviceA-if-range] quit
(2) 配置下行聚合接口。
# 创建下行聚合接口2。
[DeviceA] interface route-aggregation 2
[DeviceA-Route-Aggregation2] link-aggregation mode dynamic
[DeviceA-Route-Aggregation2] quit
# 分别将端口GigabitEthernet1/0/3和GigabitEthernet1/0/4加入到聚合组2中。
[DeviceA] interface range gigabitethernet 1/0/3 gigabitethernet 1/0/4
[DeviceA-if-range] port link-aggregation group 2
[DeviceA-if-range] quit
# 创建聚合子接口2.10,并配置其IPv4地址为10.1.10.2/24,IPv6地址为2010::2/64。
[DeviceA] interface route-aggregation 2.10
[DeviceA-Route-Aggregation2.10] ip address 10.1.10.2 24
[DeviceA-Route-Aggregation2.10] ipv6 address auto link-local
[DeviceA-Route-Aggregation2.10] ipv6 address 2010::2 64
# 在聚合子接口2.10上配置终结VLAN 10,以便聚合子接口发送的VRRP协议报文可以穿越下行二层交换机,到达Device B。
[DeviceA-Route-Aggregation2.10] vlan-type dot1q vid 10
[DeviceA-Route-Aggregation2.10] quit
# 创建聚合子接口2.20,并配置其IPv4地址为10.1.20.2/24,IPv6地址为2020::2/64。
[DeviceA] interface route-aggregation 2.20
[DeviceA-Route-Aggregation2.20] ip address 10.1.20.2 24
[DeviceA-Route-Aggregation2.20] ipv6 address auto link-local
[DeviceA-Route-Aggregation2.20] ipv6 address 2020::2 64
[DeviceA-Route-Aggregation2.20] quit
(3) 在聚合子接口2.10上部署IPv4 VRRP管理备份组10。
# 创建VRRP管理备份组10,并配置VRRP管理备份组10的虚拟IP地址为10.1.10.1。
[DeviceA] interface route-aggregation 2.10
[DeviceA-Route-Aggregation2.10] vrrp vrid 10 virtual-ip 10.1.10.1
[DeviceA-Route-Aggregation2.10] vrrp vrid 10 name IPv4manager
# 设置Device A在VRRP管理备份组10中的优先级为120,高于Device B的优先级100,以保证Device A成为Master负责转发流量。
[DeviceA-Route-Aggregation2.10] vrrp vrid 10 priority 120
# 设置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,就由Device A负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为12000厘秒(120秒)。
[DeviceA-Route-Aggregation2.10] vrrp vrid 10 preempt-mode delay 12000
[DeviceA-Route-Aggregation2.10] quit
# 配置Device A以120秒为周期定时发送免费ARP。
[DeviceA] vrrp send-gratuitous-arp interval 120
# 配置监视Track项1,监控上行聚合接口1。Track项的状态为Negative时,Device A在VRRP管理备份组中的优先级降低的数值为50。以便检测到上行接口故障时,能尽快触发VRRP管理备份组的主备角色倒换。(如果上行有多条备份通路,也可以不配置Track项)
[DeviceA] track 1 interface route-aggregation 1
[DeviceA-track-1] quit
[DeviceA] interface route-aggregation 2.10
[DeviceA-Route-Aggregation2.10] vrrp vrid 10 track 1 priority reduced 50
(4) 在聚合子接口2.10上部署IPv6 VRRP管理备份组210。
# 创建VRRP管理备份组210,并配置VRRP管理备份组210的虚拟IPv6地址为2010::10。
[DeviceA-Route-Aggregation2.10] vrrp ipv6 vrid 210 virtual-ip fe80::10 link-local
[DeviceA-Route-Aggregation2.10] vrrp ipv6 vrid 210 virtual-ip 2010::10
[DeviceA-Route-Aggregation2.10] vrrp ipv6 vrid 210 name IPv6manager
[DeviceA-Route-Aggregation2.10] quit
# 配置Device A以120秒为周期定时发送免费ND报文。
[DeviceA] vrrp ipv6 send-nd interval 120
(5) 在聚合子接口2.20上部署IPv4 VRRP业务备份组20。
# 创建VRRP业务备份组20,并配置VRRP业务备份组20的虚拟IP地址为10.1.20.1。
[DeviceA] interface route-aggregation 2.20
[DeviceA-Route-Aggregation2.20] vrrp vrid 20 virtual-ip 10.1.20.1
# 配置VRRP业务备份组2关联IPv4 VRRP管理备份组1。
[DeviceA-Route-Aggregation2.20] vrrp vrid 20 follow IPv4manager
[DeviceA-Route-Aggregation2.20] quit
(6) 在聚合子接口2.20上部署IPv6 VRRP业务备份组220。
# 创建VRRP业务备份组220,并配置VRRP业务备份组220的虚拟IP地址为2020::20/64。
[DeviceA] interface route-aggregation 2.20
[DeviceA-Route-Aggregation2.20] vrrp ipv6 vrid 220 virtual-ip fe80::20 link-local
[DeviceA-Route-Aggregation2.20] vrrp ipv6 vrid 220 virtual-ip 2020::20
# 配置VRRP业务备份组220关联IPv6 VRRP管理备份组20。
[DeviceA-Route-Aggregation2.20] vrrp ipv6 vrid 220 follow IPv6manager
[DeviceA-Route-Aggregation2.20] quit
(7) 开启本举例中涉及的所有接口。
[DeviceA] interface range route-aggregation 1 route-aggregation 2 gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceA-if-range] undo shutdown
[DeviceA-if-range] quit
[DeviceA]
(1) 配置上行聚合接口。
# 创建上行聚合接口1。
<DeviceB> system-view
[DeviceB] interface route-aggregation 1
[DeviceB-Route-Aggregatio1] link-aggregation mode dynamic
[DeviceB-Route-Aggregation1] quit
# 分别将端口GigabitEthernet1/0/1和GigabitEthernet1/0/2加入到聚合组1中。
[DeviceB] interface range gigabitethernet 1/0/1 gigabitethernet 1/0/2
[DeviceB-if-range] port link-aggregation group 1
[DeviceB-if-range] quit
(2) 配置下行聚合接口。
# 创建下行聚合接口2。
[DeviceB] interface route-aggregation 2
[DeviceB-Route-Aggregation2] link-aggregation mode dynamic
[DeviceB-Route-Aggregation2] quit
# 分别将端口GigabitEthernet1/0/3和GigabitEthernet1/0/4加入到聚合组2中。
[DeviceB] interface range gigabitethernet 1/0/3 gigabitethernet 1/0/4
[DeviceB-if-range] port link-aggregation group 2
[DeviceB-if-range] quit
# 创建聚合子接口2.10,并配置其IPv4地址为10.1.10.3/24,IPv6地址为2010::3/64。
[DeviceB] interface route-aggregation 2.10
[DeviceB-Route-Aggregation2.10] ip address 10.1.10.3 24
[DeviceB-Route-Aggregation2.10] ipv6 address auto link-local
[DeviceB-Route-Aggregation2.10] ipv6 address 2010::3 64
# 在聚合子接口2.10上配置终结VLAN 10,以便聚合子接口发送的VRRP协议报文可以穿越下行二层交换机,到达Device A。
[DeviceA-Route-Aggregation2.10] vlan-type dot1q vid 10
[DeviceA-Route-Aggregation2.10] quit
# 创建聚合子接口2.20,并配置其IPv4地址为10.1.20.3/24,IPv6地址为2020::3/64。
[DeviceB] interface route-aggregation 2.20
[DeviceB-Route-Aggregation2.20] ip address 10.1.20.3 24
[DeviceB-Route-Aggregation2.20] ipv6 address auto link-local
[DeviceB-Route-Aggregation2.20] ipv6 address 2020::3 64
[DeviceB-Route-Aggregation2.20] quit
(3) 在聚合子接口2.10上部署IPv4 VRRP管理备份组10。
# 创建VRRP管理备份组10,并配置VRRP管理备份组10的虚拟IP地址为10.1.10.1。
[DeviceB] interface route-aggregation 2.10
[DeviceB-Route-Aggregation2.10] vrrp vrid 10 virtual-ip 10.1.10.1
[DeviceB-Route-Aggregation2.10] vrrp vrid 10 name IPv4manager
# 配置设备以120秒为周期定时发送免费ARP。
[DeviceB-Route-Aggregation2.10] quit
[DeviceB] vrrp send-gratuitous-arp interval 120
(4) 在聚合子接口2.10上部署IPv6 VRRP管理备份组210。
# 创建IPv6 VRRP管理备份组210,并配置IPv6 VRRP管理备份组210的虚拟IPv6地址为2010::10。
[DeviceB] interface route-aggregation 2.10
[DeviceB-Route-Aggregation2.10] vrrp ipv6 vrid 210 virtual-ip fe80::10 link-local
[DeviceB-Route-Aggregation2.10] vrrp ipv6 vrid 210 virtual-ip 2010::10
[DeviceB-Route-Aggregation2.10] vrrp ipv6 vrid 210 name IPv6manager
# 设置Device B在IPv6 VRRP管理备份组210中的优先级为120,高于Device A的优先级100,以保证Device B成为Master负责转发流量。
[DeviceB-Route-Aggregation2.10] vrrp ipv6 vrid 210 priority 120
# 设置Device B工作在抢占方式,以保证Device B故障恢复后,能再次抢占成为Master,即只要Device B正常工作,就由Device B负责转发流量。为了避免频繁地进行状态切换,配置抢占延迟时间为12000厘秒(120秒)。
[DeviceB-Route-Aggregation2.10] vrrp ipv6 vrid 210 preempt-mode delay 12000
# 配置监视Track项1,监控上行聚合接口1。Track项的状态为Negative时,Device B在VRRP管理备份组中的优先级降低的数值为50。以便检测到上行接口故障时,能尽快触发VRRP管理备份组的主备角色倒换。(如果上行有多条备份通路,也可以不配置Track项)
[DeviceB-Route-Aggregation2.10] quit
[DeviceB] track 1 interface route-aggregation 1
[DeviceB-track-1] quit
[DeviceB] interface route-aggregation 2.10
[DeviceB-Route-Aggregation2.10] vrrp ipv6 vrid 210 track 1 priority reduced 50
[DeviceB-Route-Aggregation2.10] quit
# 配置Device B以120秒为周期定时发送免费ND报文。
[DeviceB] vrrp ipv6 send-nd interval 120
(5) 在聚合子接口2.20上部署IPv4 VRRP业务备份组20。
# 创建VRRP业务备份组2,并配置VRRP业务备份组20的虚拟IP地址为10.1.20.1。
[DeviceB] interface route-aggregation 2.20
[DeviceB-Route-Aggregation2.20] vrrp vrid 20 virtual-ip 10.1.20.1
# 配置VRRP业务备份组20关联IPv4 VRRP管理备份组10。
[DeviceB-Route-Aggregation2.20] vrrp vrid 20 follow IPv4manager
[DeviceB-Route-Aggregation2.20] quit
(6) 在聚合子接口2.20上部署IPv6 VRRP业务备份组220。
# 创建IPv6 VRRP业务备份组220,并配置IPv6 VRRP业务备份组220的虚拟IP地址为2020::20/64。
[DeviceB] interface route-aggregation 2.20
[DeviceB-Route-Aggregation2.20] vrrp ipv6 vrid 220 virtual-ip fe80::20 link-local
[DeviceB-Route-Aggregation2.20] vrrp ipv6 vrid 220 virtual-ip 2020::20
# 配置IPv6 VRRP业务备份组220关联IPv6 VRRP管理备份组210。
[DeviceB-Route-Aggregation2.20] vrrp ipv6 vrid 220 follow IPv6manager
[DeviceB-Route-Aggregation2.20] quit
(7) 开启本举例中涉及的所有接口。
[DeviceB] interface range route-aggregation 1 route-aggregation 2 gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
[DeviceB]
(1) 创建VRRP协议报文传输专用VLAN 10和业务VLAN 20。
<L2SwitchC> system-view
[L2SwitchC] vlan 10
[L2SwitchC-vlan10] quit
[L2SwitchC] vlan 20
[L2SwitchC-vlan20] quit
(2) 将连接终端的接口GigabitEthernet1/0/10加入业务VLAN 20。
[L2SwitchC-vlan20] interface gigabitethernet 1/0/10
[L2SwitchC-vlan20] quit
(3) 配置上行接口类型为Trunk,允许所有VLAN通过,并开启接口。
[L2SwitchC] interface range gigabitethernet 1/0/10 gigabitethernet 1/0/1 to gigabitethernet 1/0/4
[L2SwitchC-if-range] port link-type trunk
[L2SwitchC-if-range] port trunk permit vlan all
[L2SwitchC-if-range] undo shutdown
[L2SwitchC-if-range] quit
(1) 配置完成后,IPv4主机都可以ping通10.1.20.1,IPv6主机都可以ping通2020::20。
# 检查IPv4主机到目的端10.1.20.1是否可达。
# 检查IPv6主机到目的端2020::20是否可达。
(2) 通过display vrrp命令查看配置后的结果,局域网设备通过Device A和外网互通。
# 查看Device A上VRRP备份组的信息,显示Device A在IPv4管理备份组和IPv4业务备份组中均为Master设备,Device A在IPv6管理备份组和IPv6业务备份组中均为Backup设备。
[DeviceA] display vrrp
IPv4 virtual router information:
Running mode : Standard
Gratuitous ARP sending interval : 120 seconds
Enhanced sending of gratuitous ARP packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 10 Master 120 100 None 10.1.10.1
RAGG2.20 20 Master 100 100 None 10.1.20.1
[DeviceA] display vrrp ipv6
IPv6 virtual router information:
Running mode : Standard
ND sending interval : 120 seconds
Enhanced sending of gratuitous ND packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 210 Backup 100 100 None FE80::10
RAGG2.20 220 Backup 100 100 None FE80::20
# 查看Device B上VRRP备份组的信息,显示Device B在IPv4管理备份组和IPv4业务备份组中均为Backup设备,显示Device B在IPv6管理备份组和IPv6业务备份组中均为Master设备。
[DeviceB] display vrrp
IPv4 virtual router information:
Running mode : Standard
Gratuitous ARP sending interval : 120 seconds
Enhanced sending of gratuitous ARP packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 10 Backup 100 100 None 10.1.10.1
RAGG2.20 20 Backup 100 100 None 10.1.20.1
[DeviceB] display vrrp ipv6
IPv6 virtual router information:
Running mode : Standard
ND sending interval : 120 seconds
Enhanced sending of gratuitous ND packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 210 Master 120 100 None FE80::10
RAGG2.20 220 Master 100 100 None FE80::20
(3) 关闭Device A的上行口Route-Aggregation 1,通过display vrrp命令查看配置后的结果,局域网设备通过Device B和外网互通。
# 查看Device A上VRRP备份组的信息,显示Device A在IPv4和IPv6管理备份组、IPv4和IPv6业务备份组中均为Backup设备。
[DeviceA] display vrrp
IPv4 virtual router information:
Running mode : Standard
Gratuitous ARP sending interval : 120 seconds
Enhanced sending of gratuitous ARP packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 10 Backup 70 100 None 10.1.10.1
RAGG2.20 20 Backup 100 100 None 10.1.20.1
[DeviceA] display vrrp ipv6
IPv6 virtual router information:
Running mode : Standard
ND sending interval : 120 seconds
Enhanced sending of gratuitous ND packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 210 Backup 50 100 None FE80::10
RAGG2.20 220 Backup 100 100 None FE80::20
# 查看Device B上VRRP备份组的信息,显示Device B在IPv4和IPv6管理备份组、IPv4和IPv6业务备份组中均为Master设备。
[DeviceB] display vrrp
IPv4 virtual router information:
Running mode : Standard
Gratuitous ARP sending interval : 120 seconds
Enhanced sending of gratuitous ARP packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 10 Master 100 100 None 10.1.10.1
RAGG2.20 20 Master 100 100 None 10.1.20.1
[DeviceB] display vrrp ipv6
IPv6 virtual router information:
Running mode : Standard
ND sending interval : 120 seconds
Enhanced sending of gratuitous ND packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 210 Master 120 100 None FE80::10
RAGG2.20 220 Master 100 100 None FE80::20
(4) 开启Device A的上行口Route-Aggregation 1,通过日志信息可以看出,在抢占延迟时间120s到达后,Device A抢占成为IPv4 VRRP管理备份组和IPv4 VRRP业务备份组的Master设备,显示信息同验证步骤(2)。
#
sysname DeviceA
#
track 1 interface Route-Aggregation1
#
vrrp send-gratuitous-arp
#
vrrp ipv6 send-nd
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Route-Aggregation2
link-aggregation mode dynamic
#
interface Route-Aggregation2.10
ip address 10.1.10.2 255.255.255.0
vrrp vrid 10 virtual-ip 10.1.10.1
vrrp vrid 10 priority 120
vrrp vrid 10 preempt-mode delay 12000
vrrp vrid 10 name IPv4manager
vrrp vrid 10 track 1 priority reduced 50
vlan-type dot1q vid 10
ipv6 address 2010::2/64
ipv6 address auto link-local
vrrp ipv6 vrid 210 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 210 virtual-ip 2010::10
vrrp ipv6 vrid 210 name IPv6manager
#
interface Route-Aggregation2.20
ip address 10.1.20.2 255.255.255.0
vrrp vrid 20 virtual-ip 10.1.20.1
vrrp vrid 20 follow IPv4manager
vlan-type dot1q vid 20
ipv6 address 2020::2/64
ipv6 address auto link-local
vrrp ipv6 vrid 220 virtual-ip FE80::20 link-local
vrrp ipv6 vrid 220 virtual-ip 2020::20
vrrp ipv6 vrid 220 follow IPv6manager
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable fiber
port link-aggregation group 1
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable fiber
port link-aggregation group 1
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable fiber
port link-aggregation group 2
#
interface GigabitEthernet1/0/4
port link-mode route
combo enable fiber
port link-aggregation group 2
#
return
#
sysname DeviceB
#
track 1 interface Route-Aggregation1
#
vrrp send-gratuitous-arp
#
vrrp ipv6 send-nd
#
interface Route-Aggregation1
link-aggregation mode dynamic
#
interface Route-Aggregation2
link-aggregation mode dynamic
#
interface Route-Aggregation2.10
ip address 10.1.10.3 255.255.255.0
vrrp vrid 10 virtual-ip 10.1.10.1
vrrp vrid 10 name IPv4manager
vlan-type dot1q vid 10
ipv6 address 2010::3/64
ipv6 address auto link-local
vrrp ipv6 vrid 210 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 210 virtual-ip 2010::10
vrrp ipv6 vrid 210 priority 120
vrrp ipv6 vrid 210 preempt-mode delay 12000
vrrp ipv6 vrid 210 name IPv6manager
vrrp ipv6 vrid 210 track 1 priority reduced 50
#
interface Route-Aggregation2.20
ip address 10.1.20.3 255.255.255.0
vrrp vrid 20 virtual-ip 10.1.20.1
vrrp vrid 20 follow IPv4manager
vlan-type dot1q vid 20
ipv6 address 2020::3/64
ipv6 address auto link-local
vrrp ipv6 vrid 220 virtual-ip FE80::20 link-local
vrrp ipv6 vrid 220 virtual-ip 2020::20
vrrp ipv6 vrid 220 follow IPv6manager
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable fiber
port link-aggregation group 1
#
interface GigabitEthernet1/0/2
port link-mode route
combo enable fiber
port link-aggregation group 1
#
interface GigabitEthernet1/0/3
port link-mode route
combo enable fiber
port link-aggregation group 2
#
interface GigabitEthernet1/0/4
port link-mode route
combo enable fiber
port link-aggregation group 2
#
return
#
sysname L2SwitchC
#
vlan 10
#
vlan 20
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
#
interface GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
#
interface GigabitEthernet1/0/5
port link-mode bridge
combo enable fiber
shutdown
#
interface GigabitEthernet1/0/10
port link-mode bridge
port access vlan 20
combo enable fiber
#
return
如图9所示为一个IPv4、IPv6混合组网,终端通过二层交换机接入网关,网关为三层设备。为增强网络可靠性,网关采用双设备VRRP主备组网。
· IPv4管理备份组10统一维护局域网所有IPv4业务备份组的状态,IPv4管理备份组10的虚拟IP地址为10.1.10.1/24。
· IPv6管理备份组210统一维护局域网所有IPv6业务备份组的状态,IPv6管理备份组210的虚拟IP地址为2010::10/64。
· IPv4业务备份组20为局域网内的IPv4设备提供网关服务,虚拟IP地址为10.1.20.1/24。
· IPv6业务备份组220为局域网内的IPv6设备提供网关服务,虚拟IP地址为2020::20/64。
· 正常情况下,由Device A承担网关功能,转发局域网发送至外网的流量。
· 当Device A、Device A的上行链路、Device A的下行链路出现故障时,由Device B接替Device A承担网关功能;当故障恢复后,由Device A继续承担网关功能。
图9 VLAN接口组网下,VRRP管理备份组+VRRP业务备份组配置组网图
· 实际网络中会部署多个VRRP业务备份组,为了减少网络中VRRP协议报文的交互,节省下行带宽,在网络中部署VRRP管理备份组,所有VRRP业务备份组的主备状态跟随VRRP管理备份组的主备状态。
· Device A和Device B使用VLAN接口和下行设备相连,其中VLAN接口10上部署VRRP管理备份组,VLAN接口20上部署VRRP业务备份组。
· 为了实现VRRP管理备份组的负载分担,可以在IPv4 VRRP管理备份组中,为Device A配置较高的优先级,让Device A成为Master设备,Device B成为Backup设备;在IPv6 VRRP管理备份组中,为Device B配置较高的优先级,让Device B成为Master设备,Device A成为Backup设备。
· 将VRRP管理备份组的抢占模式和监控上行链路态功能结合使用,可以使Master设备根据上行接口的状态自动调整自身的VRRP优先级,从而使VRRP管理备份组内的角色发生转变,实现主备切换。
· 为了避免VRRP管理备份组中的角色频繁发生变化,可以配置一定的抢占延迟时间。
本举例是在R2825版本上进行配置和验证的。
· VRRP备份组的虚拟IP地址不能为全零地址(0.0.0.0)、广播地址(255.255.255.255)、环回地址、非A/B/C类地址和其它非法IP地址(如0.0.0.1)。
· IPv4 VRRP既可以使用VRRPv2版本,也可以使用VRRPv3版本(缺省情况使用VRRPv3)。请确保IPv4 VRRP备份组中的所有路由器上配置的IPv4 VRRP版本一致,否则VRRP备份组无法正常工作。
· 建议将备份组的虚拟IP地址和备份组中设备下行接口的IP地址配置为同一网段,否则可能导致局域网内的主机无法访问外部网络。
· 删除IP地址拥有者上的VRRP备份组,将导致地址冲突。建议先修改配置了VRRP备份组的接口的IP地址,再删除该接口上的VRRP备份组,以避免地址冲突。
· 用户在配置降低优先级幅度时,需要确保降低后的优先级比VRRP备份组内其他设备的优先级要低,确保VRRP备份组内有其他设备被选为Master设备。
· 对于同一个VRRP备份组的成员设备,如下配置必须保证完全一样:
¡ 虚拟路由器的IP地址个数
¡ 每个备份组虚拟路由器的IP地址
¡ 定时器间隔时间
(1) 在VLAN接口10上部署IPv4 VRRP管理备份组10。
# 配置下行接口VLAN接口10和二层聚合接口10。
<DeviceA> system-view
[DeviceA] vlan 10
[DeviceA-vlan10] quit
[DeviceA] interface bridge-aggregation 10
[DeviceA-Bridge-Aggregation10] link-aggregation mode dynamic
[DeviceA-Bridge-Aggregation10] port link-type trunk
[DeviceA-Bridge-Aggregation10] port trunk permit vlan all
[DeviceA-Bridge-Aggregation10] quit
[DeviceA] interface range gigabitethernet 1/0/10 gigabitethernet 1/0/11
[DeviceA-if-range] port link-aggregation group 10
[DeviceA-GigabitEthernet1/0/11] quit
[DeviceA] interface vlan 10
[DeviceA-Vlan-interface10] ip address 10.1.10.2 24
# 创建VRRP管理备份组10,并配置VRRP管理备份组10的虚拟IP地址为10.1.10.1。
[DeviceA-Vlan-interface10] vrrp vrid 10 virtual-ip 10.1.10.1
[DeviceA-Vlan-interface10] vrrp vrid 10 name IPv4manager
# 设置Device A在VRRP管理备份组10中的优先级为120,高于Device B的优先级100,以保证Device A成为Master负责转发流量。
[DeviceA-Vlan-interface10] vrrp vrid 10 priority 120
# 设置Device A工作在抢占方式,以保证Device A故障恢复后,能再次抢占成为Master,即只要Device A正常工作,就由Device A负责转发IPv4流量。为了避免频繁地进行状态切换,配置抢占延迟时间为12000厘秒(120秒)。
[DeviceA-Vlan-interface10] vrrp vrid 10 preempt-mode delay 12000
# 配置Device A以120秒为周期定时发送免费ARP报文。
[DeviceA-Vlan-interface10] quit
[DeviceA] vrrp send-gratuitous-arp interval 120
# 创建和上行接口GigabitEthernet1/0/1关联的Track项1。
[DeviceA] track 1 interface gigabitethernet 1/0/1
[DeviceA-track-1] quit
# 配置监视Track项1,Track项的状态为Negative时,Device A在VRRP管理备份组中的优先级降低的数值为50。以便检测到上行接口故障时,能尽快触发VRRP管理备份组的主备角色倒换。(如果上行有多条备份通路,也可以不配置Track项)
[DeviceA] interface vlan 10
[DeviceA-Vlan-interface10] vrrp vrid 10 track 1 priority reduced 50
(2) 在VLAN接口10上部署IPv6 VRRP管理备份组210。
# 为VLAN接口10配置IPv6地址。
[DeviceA-Vlan-interface10] ipv6 address auto link-local
[DeviceA-Vlan-interface10] ipv6 address 2010::2 64
# 创建IPv6 VRRP管理备份组210,并配置IPv6 VRRP管理备份组210的虚拟IPv6地址为fe80::10和2010::10。
[DeviceA-Vlan-interface10] vrrp ipv6 vrid 210 virtual-ip fe80::10 link-local
[DeviceA-Vlan-interface10] vrrp ipv6 vrid 210 virtual-ip 2010::10
[DeviceA-Vlan-interface10] vrrp ipv6 vrid 210 name IPv6manager
[DeviceA-Vlan-interface10] quit
# 配置Device A以120秒为周期定时发送免费ND报文。
[DeviceA] vrrp ipv6 send-nd interval 120
(3) 在VLAN接口20上部署IPv4 VRRP业务备份组20。
# 配置下行接口VLAN接口20。
[DeviceA] vlan 20
[DeviceA-vlan20] quit
[DeviceA] interface vlan 20
[DeviceA-Vlan-interface20] ip address 10.1.20.2 24
# 创建VRRP业务备份组20,并配置VRRP业务备份组20的虚拟IP地址为10.1.20.1。
[DeviceA-Vlan-interface20] vrrp vrid 20 virtual-ip 10.1.20.1
# 配置VRRP业务备份组20关联IPv4 VRRP管理备份组10。
[DeviceA-Vlan-interface20] vrrp vrid 20 follow IPv4manager
(4) 在VLAN接口20上部署IPv6 VRRP业务备份组220。
# 配置VLAN接口20。
[DeviceA] interface vlan 20
[DeviceA-Vlan-interface20] ipv6 address auto link-local
[DeviceA-Vlan-interface20] ipv6 address 2020::2 64
# 创建IPv6 VRRP业务备份组220,并配置IPv6 VRRP业务备份组220的虚拟IPv6地址为2020::20/64。
[DeviceA-Vlan-interface20] vrrp ipv6 vrid 220 virtual-ip fe80::20 link-local
[DeviceA-Vlan-interface20] vrrp ipv6 vrid 220 virtual-ip 2020::20
# 配置IPv6 VRRP业务备份组220关联IPv6 VRRP管理备份组210。
[DeviceA-Vlan-interface20] vrrp ipv6 vrid 220 follow IPv6manager
[DeviceA-Vlan-interface20] quit
(5) 开启相关接口。
[DeviceA] interface range gigabitethernet 1/0/1 gigabitethernet 1/0/10 gigabitethernet 1/0/11 bridge-aggregation 10 vlan 10 vlan 20
[DeviceA-if-range] undo shutdown
[DeviceA-if-range] quit
(1) 在VLAN接口10上部署IPv4 VRRP管理备份组10。
# 配置下行接口VLAN接口10和二层聚合接口11。
<DeviceB> system-view
[DeviceB] vlan 10
[DeviceB-vlan10] quit
[DeviceB] interface bridge-aggregation 11
[DeviceB-Bridge-Aggregation11] link-aggregation mode dynamic
[DeviceB-Bridge-Aggregation11] port link-type trunk
[DeviceB-Bridge-Aggregation11] port trunk permit vlan all
[DeviceB-Bridge-Aggregation11] quit
[DeviceB] interface range gigabitethernet 1/0/10 gigabitethernet 1/0/11
[DeviceB-if-range] port link-aggregation group 11
[DeviceB-GigabitEthernet1/0/11] quit
[DeviceB] interface vlan 10
[DeviceB-Vlan-interface10] ip address 10.1.10.3 24
# 创建VRRP管理备份组10,并配置VRRP管理备份组10的虚拟IP地址为10.1.10.1。
[DeviceB-Vlan-interface10] vrrp vrid 10 virtual-ip 10.1.10.1
[DeviceB-Vlan-interface10] vrrp vrid 10 name IPv4manager
# 配置Device A以120秒为周期定时发送免费ARP报文。
[DeviceB-Vlan-interface10] quit
[DeviceB] vrrp send-gratuitous-arp interval 120
(2) 在VLAN接口10上部署IPv6 VRRP管理备份组210。
# 为VLAN接口10配置IPv6地址。
[DeviceB] interface vlan 10
[DeviceB-Vlan-interface10] ipv6 address auto link-local
[DeviceB-Vlan-interface10] ipv6 address 2010::3 64
# 创建IPv6 VRRP管理备份组210,并配置IPv6 VRRP管理备份组210的虚拟IPv6地址为fe80::10和2010::10。
[DeviceB-Vlan-interface10] vrrp ipv6 vrid 210 virtual-ip fe80::10 link-local
[DeviceB-Vlan-interface10] vrrp ipv6 vrid 210 virtual-ip 2010::10
[DeviceB-Vlan-interface10] vrrp ipv6 vrid 210 name IPv6manager
# 设置Device B在IPv6 VRRP管理备份组210中的优先级为120,高于Device A的优先级100,以保证Device B成为Master负责转发流量。
[DeviceB-Vlan-interface10] vrrp ipv6 vrid 210 priority 120
# 设置Device B工作在抢占方式,以保证Device B故障恢复后,能再次抢占成为Master,即只要Device B正常工作,就由Device B负责转发IPv6流量。为了避免频繁地进行状态切换,配置抢占延迟时间为12000厘秒(120秒)。
[DeviceB-Vlan-interface10] vrrp ipv6 vrid 210 preempt-mode delay 12000
# 配置监视Track项1,监控上行接口GigabitEthernet1/0/1。Track项的状态为Negative时,Device A在VRRP管理备份组中的优先级降低的数值为50。
[DeviceB-Vlan-interface10] quit
[DeviceB] track 1 interface gigabitethernet 1/0/1
[DeviceB-track-1] quit
[DeviceB] interface vlan 10
[DeviceB-Vlan-interface10] vrrp ipv6 vrid 210 track 1 priority reduced 50
[DeviceB-Vlan-interface10] quit
# 配置Device A以120秒为周期定时发送免费ND报文。
[DeviceB] vrrp ipv6 send-nd interval 120
(3) 在VLAN接口20上部署IPv4 VRRP业务备份组20。
# 配置下行接口VLAN接口20。
[DeviceB] vlan 20
[DeviceB-vlan20] quit
[DeviceB] interface vlan 20
[DeviceB-Vlan-interface20] ip address 10.1.20.3 24
# 创建VRRP业务备份组20,并配置VRRP业务备份组20的虚拟IP地址为10.1.20.1。
[DeviceB-Vlan-interface20] vrrp vrid 20 virtual-ip 10.1.20.1
# 配置VRRP业务备份组20关联IPv4 VRRP管理备份组10。
[DeviceB-Vlan-interface20] vrrp vrid 20 follow IPv4manager
(4) 在VLAN接口20上部署IPv6 VRRP业务备份组220。
# 配置VLAN接口20。
[DeviceB] interface vlan 20
[DeviceB-Vlan-interface20] ipv6 address auto link-local
[DeviceB-Vlan-interface20] ipv6 address 2020::2 64
# 创建IPv6 VRRP业务备份组220,并配置IPv6 VRRP业务备份组220的虚拟IPv6地址为2020::20/64。
[DeviceB-Vlan-interface20] vrrp ipv6 vrid 220 virtual-ip fe80::20 link-local
[DeviceB-Vlan-interface20] vrrp ipv6 vrid 220 virtual-ip 2020::20
# 配置IPv6 VRRP业务备份组220关联IPv6 VRRP管理备份组210。
[DeviceB-Vlan-interface20] vrrp ipv6 vrid 220 follow IPv6manager
[DeviceB-Vlan-interface20] quit
(5) 开启相关接口。
[DeviceB] interface range gigabitethernet 1/0/1 gigabitethernet 1/0/10 gigabitethernet 1/0/11 bridge-aggregation 11 vlan 10 vlan 20
[DeviceB-if-range] undo shutdown
[DeviceB-if-range] quit
(1) 创建VRRP协议报文传输专用VLAN 10和业务VLAN 20。
<L2SwitchC> system-view
[L2SwitchC] vlan 10
[L2SwitchC-vlan10] quit
[L2SwitchC] vlan 20
[L2SwitchC-vlan20] quit
(2) 将连接终端的接口GigabitEthernet1/0/10加入业务VLAN 20。
[L2SwitchC-vlan20] interface gigabitethernet 1/0/10
[L2SwitchC-vlan20] quit
(3) 配置二层聚合接口10上行连接Device A,二层聚合接口11上行连接Device B,并开启接口。
[L2SwitchC] interface bridge-aggregation 10
[L2SwitchC-Bridge-Aggregation10] link-aggregation mode dynamic
[L2SwitchC-Bridge-Aggregation10] port link-type trunk
[L2SwitchC-Bridge-Aggregation10] port trunk permit vlan all
[L2SwitchC-Bridge-Aggregation10] quit
[L2SwitchC] interface range gigabitethernet 1/0/1 gigabitethernet 1/0/2
[L2SwitchC-if-range] port link-aggregation group 10
[L2SwitchC-GigabitEthernet1/0/11] quit
[L2SwitchC] interface bridge-aggregation 11
[L2SwitchC-Bridge-Aggregation11] link-aggregation mode dynamic
[L2SwitchC-Bridge-Aggregation11] port link-type trunk
[L2SwitchC-Bridge-Aggregation11] port trunk permit vlan all
[L2SwitchC-Bridge-Aggregation11] quit
[L2SwitchC] interface range gigabitethernet 1/0/3 gigabitethernet 1/0/4
[L2SwitchC-if-range] port link-aggregation group 11
[L2SwitchC-if-range] quit
(4) 开启相关接口。
[L2SwitchC] interface range gigabitethernet 1/0/1 to gigabitethernet 1/0/4 gigabitethernet 1/0/10 bridge-aggregation 10 bridge-aggregation 11
[L2SwitchC-if-range] undo shutdown
[L2SwitchC-if-range] quit
(1) 配置完成后,IPv4主机都可以ping通10.1.20.1,IPv6主机都可以ping通2020::20。
# 检查IPv4主机到目的端10.1.20.1是否可达。
# 检查IPv6主机到目的端2020::20是否可达。
(2) 通过display vrrp命令查看配置后的结果,局域网设备通过Device A和外网互通。
# 查看Device A上VRRP备份组的信息,显示Device A在IPv4管理备份组和IPv4业务备份组中均为Master设备,Device A在IPv6管理备份组和IPv6业务备份组中均为Backup设备。
[DeviceA] display vrrp
IPv4 virtual router information:
Running mode : Standard
Gratuitous ARP sending interval : 120 seconds
Enhanced sending of gratuitous ARP packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 10 Master 120 100 None 10.1.10.1
RAGG2.20 20 Master 100 100 None 10.1.20.1
[DeviceA] display vrrp ipv6
IPv6 virtual router information:
Running mode : Standard
ND sending interval : 120 seconds
Enhanced sending of gratuitous ND packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 210 Backup 100 100 None FE80::10
RAGG2.20 220 Backup 100 100 None FE80::20
# 查看Device B上VRRP备份组的信息,显示Device B在IPv4管理备份组和IPv4业务备份组中均为Backup设备,显示Device B在IPv6管理备份组和IPv6业务备份组中均为Master设备。
[DeviceB] display vrrp
IPv4 virtual router information:
Running mode : Standard
Gratuitous ARP sending interval : 120 seconds
Enhanced sending of gratuitous ARP packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 10 Backup 100 100 None 10.1.10.1
RAGG2.20 20 Backup 100 100 None 10.1.20.1
[DeviceB] display vrrp ipv6
IPv6 virtual router information:
Running mode : Standard
ND sending interval : 120 seconds
Enhanced sending of gratuitous ND packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 210 Master 120 100 None FE80::10
RAGG2.20 220 Master 100 100 None FE80::20
(3) 关闭Device A的上行口Route-Aggregation 1,通过display vrrp命令查看配置后的结果,局域网设备通过Device B和外网互通。
# 查看Device A上VRRP备份组的信息,显示Device A在IPv4和IPv6管理备份组、IPv4和IPv6业务备份组中均为Backup设备。
[DeviceA] display vrrp
IPv4 virtual router information:
Running mode : Standard
Gratuitous ARP sending interval : 120 seconds
Enhanced sending of gratuitous ARP packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 10 Backup 70 100 None 10.1.10.1
RAGG2.20 20 Backup 100 100 None 10.1.20.1
[DeviceA] display vrrp ipv6
IPv6 virtual router information:
Running mode : Standard
ND sending interval : 120 seconds
Enhanced sending of gratuitous ND packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 210 Backup 50 100 None FE80::10
RAGG2.20 220 Backup 100 100 None FE80::20
# 查看Device B上VRRP备份组的信息,显示Device B在IPv4和IPv6管理备份组、IPv4和IPv6业务备份组中均为Master设备。
[DeviceB] display vrrp
IPv4 virtual router information:
Running mode : Standard
Gratuitous ARP sending interval : 120 seconds
Enhanced sending of gratuitous ARP packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 10 Master 100 100 None 10.1.10.1
RAGG2.20 20 Master 100 100 None 10.1.20.1
[DeviceB] display vrrp ipv6
IPv6 virtual router information:
Running mode : Standard
ND sending interval : 120 seconds
Enhanced sending of gratuitous ND packets : Disabled
Total number of virtual routers : 2
Interface VRID State Running Adver Auth Virtual
pri timer(cs) type IP
---------------------------------------------------------------------
RAGG2.10 210 Master 120 100 None FE80::10
RAGG2.20 220 Master 100 100 None FE80::20
(4) 开启Device A的上行口Route-Aggregation 1,通过日志信息可以看出,在抢占延迟时间120s到达后,Device A抢占成为IPv4 VRRP管理备份组和IPv4 VRRP业务备份组的Master设备,显示信息同验证步骤(2)。
#
sysname DeviceA
#
track 1 interface GigabitEthernet1/0/1
#
vrrp send-gratuitous-arp
#
vrrp ipv6 send-nd
#
vlan 10
#
vlan 20
#
interface Bridge-Aggregation10
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
#
interface Vlan-interface10
ip address 10.1.10.2 255.255.255.0
vrrp vrid 10 virtual-ip 10.1.10.1
vrrp vrid 10 priority 120
vrrp vrid 10 preempt-mode delay 12000
vrrp vrid 10 name IPv4manager
vrrp vrid 10 track 1 priority reduced 50
ipv6 address 2010::2/64
ipv6 address auto link-local
vrrp ipv6 vrid 210 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 210 virtual-ip 2010::10
vrrp ipv6 vrid 210 name IPv6manager
#
interface Vlan-interface20
ip address 10.1.20.2 255.255.255.0
vrrp vrid 20 virtual-ip 10.1.20.1
vrrp vrid 20 follow IPv4manager
ipv6 address 2020::2/64
ipv6 address auto link-local
vrrp ipv6 vrid 220 virtual-ip FE80::20 link-local
vrrp ipv6 vrid 220 virtual-ip 2020::20
vrrp ipv6 vrid 220 follow IPv6manager
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable fiber
shutdown
#
interface GigabitEthernet1/0/10
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
port link-aggregation group 10
#
interface GigabitEthernet1/0/11
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
port link-aggregation group 10
#
return
#
sysname DeviceB
#
track 1 interface GigabitEthernet1/0/1
#
vrrp send-gratuitous-arp
#
vrrp ipv6 send-nd
#
vlan 10
#
vlan 20
#
interface Bridge-Aggregation11
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
#
interface Vlan-interface10
ip address 10.1.10.3 255.255.255.0
vrrp vrid 10 virtual-ip 10.1.10.1
vrrp vrid 10 name IPv4manager
ipv6 address 2010::3/64
ipv6 address auto link-local
vrrp ipv6 vrid 210 virtual-ip FE80::10 link-local
vrrp ipv6 vrid 210 virtual-ip 2010::10
vrrp ipv6 vrid 210 priority 120
vrrp ipv6 vrid 210 preempt-mode delay 12000
vrrp ipv6 vrid 210 name IPv6manager
vrrp ipv6 vrid 210 track 1 priority reduced 50
#
interface Vlan-interface20
ip address 10.1.20.3 255.255.255.0
vrrp vrid 20 virtual-ip 10.1.20.1
vrrp vrid 20 follow IPv4manager
ipv6 address 2020::2/64
ipv6 address auto link-local
vrrp ipv6 vrid 220 virtual-ip FE80::20 link-local
vrrp ipv6 vrid 220 virtual-ip 2020::20
vrrp ipv6 vrid 220 follow IPv6manager
#
interface GigabitEthernet1/0/1
port link-mode route
combo enable fiber
#
interface GigabitEthernet1/0/10
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
port link-aggregation group 11
#
interface GigabitEthernet1/0/11
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
port link-aggregation group 11
#
return
#
sysname L2SwitchC
#
vlan 10
#
vlan 20
#
interface Bridge-Aggregation10
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
#
interface Bridge-Aggregation11
port link-type trunk
port trunk permit vlan all
link-aggregation mode dynamic
#
interface GigabitEthernet1/0/1
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
port link-aggregation group 10
#
interface GigabitEthernet1/0/2
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
port link-aggregation group 10
#
interface GigabitEthernet1/0/3
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
port link-aggregation group 11
#
interface GigabitEthernet1/0/4
port link-mode bridge
port link-type trunk
port trunk permit vlan all
combo enable fiber
port link-aggregation group 11
#
return
· H3C S12500X-AF系列交换机二层技术-以太网交换配置指导-R28xx
· H3C S12500X-AF系列交换机二层技术-以太网交换命令参考-R28xx
· H3C S12500X-AF系列交换机可靠性配置指导-R28xx
· H3C S12500X-AF系列交换机可靠性命令指导-R28xx
不同款型规格的资料略有差异, 详细信息请向具体销售和400咨询。H3C保留在没有任何通知或提示的情况下对资料内容进行修改的权利!
支持
