《VRRP技术专题》PPT课件

2020/4/27,VRRP技术专题,Author/Email:朱仕耿261992/zhushigengVersion:V1.0,Page2,学习完此课程，您将会：熟悉VRRP的工作原理掌握VRRP的基本配置了解VRRP的典型组网模型及常见问题,目标,Page3,第1章VRRP工作原理第2章VRRP的基本配置第3章VRRP常见问题,课程内容,技术背景,Page4,NETWORK,单点故障,192.168.1.254,192.168.1.1/24网关1.254,192.168.1.2/24网关1.254,192.168.1.3/24网关1.254,VRRP带来什么？,Page5,R1,R2,GE0/0/0192.168.1.253/24,GE0/0/0192.168.1.252/24,Master,Backup,VirtualRouter192.168.1.254,192.168.1.2/24网关1.254,VRRP带来什么？,Page6,R1,R2,GE0/0/0192.168.1.253/24,GE0/0/0192.168.1.252/24,Master,Backup,VirtualRouter192.168.1.254,192.168.1.2/24网关1.254,VRRP带来什么？,Page7,R1,R2,GE0/0/0192.168.1.253/24,GE0/0/0192.168.1.252/24,Backup,Master,VirtualRouter192.168.1.254,192.168.1.2/24网关1.254,VRRP概述,利用VRRP，一组路由器（同一个LAN中的接口）协同工作，但只有一个处于Master状态，处于该状态的路由器（的接口）承担实际的数据流量转发任务。在一个VRRP组内的多个路由器接口共用一个虚拟IP地址，该地址被作为局域网内所有主机的缺省网关地址。VRRP决定哪个路由器是Master，Master路由器负责接收发送至用户网关（也就是发向上文提到的虚拟IP地址）的数据包并进行转发，以及响应PC对于其网关的ARP请求。Backup路由器侦听Master路由器的状态，并准备随时接替Master路由器的工作。,Page8,VRRP术语,VRRP路由器运行VRRP的路由器，一台VRRP路由器（的接口）可以同时参与到多个VRRP组中，在不同的组中，一台VRRP路由器可以充当不同的角色VRRP组一个VRRP组由多个VRRP路由器组成，使用groupID进行标识，属于同一VRRP组的VRRP路由器互相交换信息，每一个VRRP组中只能有一个Master。虚拟路由器对于每一个VRRP组，抽象出来的一个逻辑路由器，该路由器充当网络用户的网关，该路由器并非真实存在，事实上对于用户而言，只需知道虚拟路由器的IP，至于具体的虚拟路由器的角色由谁来承担、数据转发任务由谁来承担、Master挂掉之后谁来接替，这是VRRP的工作。,Page9,VRRP术语,虚拟IP地址、MAC地址虚拟IP地址用于标示虚拟路由器，该地址实际上就是用户的网关地址。与虚拟IP地址对应的MAC也是虚拟的，该MAC地址由固定位加上VRRP组ID构成，当PC发arp请求虚拟IP地址对应的MAC地址，Master路由器响应这个arp请求并告知虚拟MAC地址。Master、Backup路由器Master路由器：就是在VRRP组实际转发数据包的路由器，在每一个VRRP组中，仅有Master响应对虚拟IP地址的ARP请求。Master路由器同时以一定的时间间隔发送VRRP消息，以便通知Backup路由器自己的存活。Backup路由器：就是在VRRP组中处于监听状态的路由器，一旦Master路由器出现故障，Backup路由器就开始接替工作选举依据：先比较接口优先级（比大），如果相等则比接口IP地址（比大）,Page10,虚拟MAC地址,通过VRRP形成的虚拟路由器使用虚拟IP地址和虚拟MAC与网络中的PC进行通信。虚拟MAC的格式如下，最后1个字节的VRID表示VRRPID号的16进制，例如VRID是1，虚拟MAC地址为00-00-5E-00-01-01。,Page11,InternetAddressPhysicalAddress192.168.1.25200-E0-FC-03-AD-5A192.168.1.25300-E0-FC-03-C9-82192.168.1.25400-00-5E-00-01-01,R1,R2,GE0/0/0192.168.1.253/24,GE0/0/0192.168.1.252/24,VRRP,Master,Backup,VirtualRouter192.168.1.254,00-00-5E-00-01-01,Master/BackupRouter,MasterRouter响应PC对网关（虚拟路由器IP地址）的ARP请求（使用虚拟MAC响应）。转发目的MAC地址为虚拟MAC地址的IP报文。周期性发送VRRP组播包以告知自己的存活情况。BackupRouter持续侦听Masterrouter发送的VRRP组播包；当MasterRouter出现问题的时候，接替它的位置；对虚拟IP地址的ARP请求，不做响应；丢弃目的MAC地址为虚拟MAC地址的IP报文；丢弃目的IP地址为虚拟IP地址的IP报文。,Page12,VRRP状态机,VRRP协议的状态共有三种，分别是Initialize，Master，Backup，初始状态都是Initialize，通过比较优先级产生Master和Backup，在规定时间内，Backup若没有收到Master发来的心跳报文，将切换为Master。,Page13,VRRP报文,Page14,VRRP报文,Version：2Type：1ADVERTISEMENTVirtualRtrID（VRID）：配置的VRRP备份组号，1255Priority：优先级，0255（其中0，255不可以配置）255：如果配置的虚拟地址与接口实际IP地址相同，则优先级为255100：缺省值CountIPAddrs：配置的备份组虚拟地址个数(1个备份组可对应多个虚拟地址)AuthenticationType:验证类型，协议中指定了3种类型0-NoAuthentication1-SimpleTextPassword2-IPAuthenticationHeader,Page15,VRRP报文,AdvertisementInterval（AdverInt）：发送报文的时间间隔，缺省为1秒Checksum：校验和IPAddress（es）：配置的备份组虚拟地址的列表（一个备份组可支持多个地址）AuthenticationData：验证字。,Page16,Page17,第1章VRRP工作原理第2章VRRP的基本配置第3章VRRP常见问题,课程内容,VRRP实验1,Page18,R1,R2,GE0/0/0192.168.1.253/24,GE0/0/0192.168.1.252/24,Master,Backup,192.168.1.1/24网关1.254,VirtualRouter192.168.1.254,VRRP,VRRP实验1（R1配置）,R1interfaceGigabitEthernet0/0/0R1-GigabitEthernet0/0/0ipaddress192.168.1.25324R1-GigabitEthernet0/0/0vrrpvrid1virtual-ip192.168.1.254R1-GigabitEthernet0/0/0vrrpvrid1priority120R1-GigabitEthernet0/0/0vrrpvrid1preempt-modetimerdelay20R1-GigabitEthernet0/0/0quit,Page19,配置虚拟路由器1的抢占时间为20s，抢占时间是指当主设备因为故障修复重新切换为主状态时等待的时间,VRRP实验1（R2配置）,R2interfaceGigabitEthernet0/0/0R2-GigabitEthernet0/0/0ipaddress192.168.1.25224R2-GigabitEthernet0/0/0vrrpvrid1virtual-ip192.168.1.254R2-GigabitEthernet0/0/0quit,Page20,VRRP实验1（R1查看VRRP详细信息）,R1displayvrrpGigabitEthernet0/0/0|VirtualRouter1State:MasterVirtualIP:192.168.1.254MasterIP:192.168.1.253PriorityRun:120PriorityConfig:120MasterPriority:120Preempt:YESDelayTime:20sTimerRun:1sTimerConfig:1sAuthtype:NONEVirtualMAC:0000-5e00-0101CheckTTL:YESConfigtype:normal-vrrpBackup-forward:disabledCreatetime:2013-12-2918:26:48UTC-05:13Lastchangetime:2013-12-2918:26:52UTC-05:13,Page21,本设备在该VRRP组的状态，为master,VRRP组ID,接口在本VRRP组的优先级,开启抢占，且延迟时间为20s,VRRP实验1（R1查看VRRP简要信息）,R1displayvrrpbriefTotal:1Master:1Backup:0Non-active:0VRIDStateInterfaceTypeVirtualIP-1MasterGE0/0/0Normal192.168.1.254,Page22,VRRP实验1（R2查看VRRP详细信息）,R2displayvrrpGigabitEthernet0/0/0|VirtualRouter1State:BackupVirtualIP:192.168.1.254MasterIP:192.168.1.253PriorityRun:100PriorityConfig:100MasterPriority:120Preempt:YESDelayTime:0sTimerRun:1sTimerConfig:1sAuthtype:NONEVirtualMAC:0000-5e00-0101CheckTTL:YESConfigtype:normal-vrrpBackup-forward:disabledCreatetime:2013-12-2918:27:17UTC-05:13Lastchangetime:2013-12-2918:27:17UTC-05:13,Page23,本设备在该VRRP组的状态，为master,接口在本VRRP组的优先级,开启抢占,Master的IP地址,VRRP实验2track接口状态,Page24,R1,R2,GE0/0/0192.168.1.253/24,GE0/0/0192.168.1.252/24,Master,Backup,192.168.1.1/24网关1.254,R1的VRRP组跟踪接口GE0/0/1的状态，如果接口DOWN了，那么立即将VRRP组优先级减去30，比R2的更小。,GE0/0/1,VRRP,VRRP实验2track接口状态（R1的配置）,R1interfaceGigabitEthernet0/0/0R1-GigabitEthernet0/0/0ipaddress192.168.1.25324R1-GigabitEthernet0/0/0vrrpvrid1virtual-ip192.168.1.254R1-GigabitEthernet0/0/0vrrpvrid1priority120R1-GigabitEthernet0/0/0vrrpvrid1trackinterfaceGi0/0/1reduced30R1-GigabitEthernet0/0/0vrrpvrid1preempt-modetimerdelay20R1-GigabitEthernet0/0/0quit,Page25,VRRP实验3VRRP与BFD联动,Page26,R1,R2,GE0/0/0192.168.1.253/24,GE0/0/0192.168.1.252/24,Master,Slave,192.168.1.1/24网关1.254,R1、R2之间配置了一组BFD，用于快速检测双方接口的状态，一旦发现对端接口连通性出现问题，立即引发VRRP发生切换。,VRRP,VRRP实验3VRRP与BFD联动（R1的配置）,R1interfaceGigabitEthernet0/0/0R1-GigabitEthernet0/0/0ipaddress192.168.1.25324R1-GigabitEthernet0/0/0vrrpvrid1virtual-ip192.168.1.254R1-GigabitEthernet0/0/0vrrpvrid1priority120R1-GigabitEthernet0/0/0vrrpvrid1preempt-modetimerdelay20R1-GigabitEthernet0/0/0quitR1bfdR1-bfdquitR1bfdmytrackbindpeer-ip192.168.1.252interfaceGigabitEthernet0/0/0R1-bfd-session-atobdiscriminatorlocal1R1-bfd-session-atobdiscriminatorremote2R1-bfd-session-atobmin-rx-interval50R1-bfd-session-atobmin-tx-interval50R1-bfd-session-atobcommitR1-bfd-session-atobquit,Page27,VRRP实验3VRRP与BFD联动（R2的配置）,R2interfaceGigabitEthernet0/0/0R2-GigabitEthernet0/0/0ipaddress192.168.1.25224R2-GigabitEthernet0/0/0vrrpvrid1virtual-ip192.168.1.254R2-GigabitEthernet0/0/0vrrpvrid1trackbfd-session2increased50R2-GigabitEthernet0/0/0quitR2bfdR2-bfdquitR2bfdmytrackbindpeer-ip192.168.1.253interfaceGigabitEthernet0/0/0R2-bfd-session-atobdiscriminatorlocal2R2-bfd-session-atobdiscriminatorremote1R2-bfd-session-atobmin-rx-interval50R2-bfd-session-atobmin-tx-interval50R2-bfd-session-atobcommitR2-bfd-session-atobquit,Page28,VRRP实验4路由器上运行多组VRRP实现负载分担,Page29,R1,GE0/0/0.10192.168.1.253/24dot1qterminationvid10vrrpvrid1MasterGE0/0/0.20192.168.2.252/24dot1qterminationvid20vrrpvrid2Slave,PC1VLAN10192.168.1.1/24网关1.254,PC2VLAN20192.168.2.1/24网关2.254,R2,Trunk,Trunk,GE0/0/0.10192.168.1.252/24dot1qterminationvid10vrrpvrid1SlaveGE0/0/0.20192.168.2.253/24dot1qterminationvid20vrrpvrid2Master,内网存在两个VLAN：10及20；现在要求在网络正常的情况下，vlan10流量走左侧，vlan20走右侧，并且能够在左右两侧链路或R1、R2发生故障时自动切换。,GE0/0/0,GE0/0/0,VRRP实验4路由器上运行多组VRRP实现负载分担,R1的配置如下：R1interfaceGigabitEthernet0/0/0.10R1-GigabitEthernet0/0/0.10dot1qterminationvid10R1-GigabitEthernet0/0/0.10arpbroadcastenableR1-GigabitEthernet0/0/0.10ipaddress192.168.1.25324R1-GigabitEthernet0/0/0.10vrrpvrid1virtual-ip192.168.1.254R1-GigabitEthernet0/0/0.10vrrpvrid1priority120R1-GigabitEthernet0/0/0.10vrrpvrid1preempt-modetimerdelay20R1-GigabitEthernet0/0/0.10quitR1interfaceGigabitEthernet0/0/0.20R1-GigabitEthernet0/0/0.20dot1qterminationvid20R1-GigabitEthernet0/0/0.20arpbroadcastenableR1-GigabitEthernet0/0/0.20ipaddress192.168.2.25224R1-GigabitEthernet0/0/0.20vrrpvrid2virtual-ip192.168.2.254R1-GigabitEthernet0/0/0.20quit,Page30,VRRP实验4路由器上运行多组VRRP实现负载分担,R2的配置如下：R2interfaceGigabitEthernet0/0/0.10R2-GigabitEthernet0/0/0.10dot1qterminationvid10R2-GigabitEthernet0/0/0.10arpbroadcastenableR2-GigabitEthernet0/0/0.10ipaddress192.168.1.25224R2-GigabitEthernet0/0/0.10vrrpvrid1virtual-ip192.168.1.254R2-GigabitEthernet0/0/0.10quitR2interfaceGigabitEthernet0/0/0.20R2-GigabitEthernet0/0/0.20dot1qterminationvid20R2-GigabitEthernet0/0/0.20arpbroadcastenableR2-GigabitEthernet0/0/0.20ipaddress192.168.2.25324R2-GigabitEthernet0/0/0.20vrrpvrid2virtual-ip192.168.2.254R2-GigabitEthernet0/0/0.20vrrpvrid2priority120R2-GigabitEthernet0/0/0.20vrrpvrid2preempt-modetimerdelay20R2-GigabitEthernet0/0/0.20quit,Page31,VRRP实验5三层交换机上跑VRRP,Page32,SW1,interfacevlanif10192.168.10.253/24vrrpvrid1Master,192.168.10.1/24网关192.168.10.254,SW2,interfacevlanif10192.168.10.252/24vrrpvrid1Backup,Trunk,Trunk,G0/0/22,G0/0/23,G0/0/22,G0/0/23,G0/0/1,VRRP,SW3,VRRP实验5三层交换机上跑VRRP（SW1）,SW1vlan10SW1-vlan10quitSW1interfaceGigabitEthernet0/0/22SW1-GigabitEthernet0/0/22portlink-typetrunkSW1-GigabitEthernet0/0/22porttrunkallow-passvlan10SW1-GigabitEthernet0/0/22quitSW1interfacevlanif10SW1-vlanif10ipaddress192.168.10.25324SW1-vlanif10vrrpvrid1virtual-ip192.168.10.254SW1-vlanif10vrrpvrid1priority120SW1-vlanif10vrrpvrid1preempt-modetimerdelay20,Page33,VRRP实验5三层交换机上跑VRRP（SW2）,SW2vlan10SW2-vlan10quitSW2interfaceGigabitEthernet0/0/23SW2-GigabitEthernet0/0/23portlink-typetrunkSW2-GigabitEthernet0/0/23porttrunkallow-passvlan10SW2-GigabitEthernet0/0/23quitSW2interfacevlanif10SW2-vlanif10ipaddress192.168.10.25224SW2-vlanif10vrrpvrid1virtual-ip192.168.10.254,Page34,VRRP实验5思考：三层交换机上多组VRRP,Page35,SW1,interfacevlanif10192.168.10.253/24vrrpvrid1Master,PC1（VLAN10）192.168.10.1/24网关192.168.10.254,SW2,interfacevlanif10192.168.10.252/24vrrpvrid1Backup,Trunk,Trunk,G0/0/22,G0/0/23,G0/0/22,G0/0/23,G0/0/1,VRRP,SW3,interfacevlanif20192.168.20.252/24vrrpvrid2Backup,interfacevlanif20192.168.20.253/24vrrpvrid2Master,PC2（VLAN20）192.168.20.1/24网关192.168.20.254,G0/0/2,VRRP实验6VRRP+MSTP典型组网,Page36,Gi0/0/22,Gi0/0/23,Gi0/0/24,Gi0/0/24,SW1,SW2,SW3,Instance1vlan1020PrimaryInstance2vlan3040Secondary,Instance1vlan1020SecondaryInstance2vlan3040Primary,Vrid1forInstance1MasterVrid2forInstance2Slave,Vrid1forInstance1SlaveVrid2forInstance2Master,Gi0/0/22,Gi0/0/23,VRRP实验6VRRP+MSTP典型组网(SW1的配置),vlanbatch10203040stpmodemstpstpregion-configurationregion-namehuaweiinstance1vlan1020instance2vlan3040activeregion-configurationquitstpinstance1priority0stpinstance2priority4096stpenable!interfaceGigabitEthernet0/0/24portlink-typetrunkporttrunkallow-passallinterfaceGigabitEthernet0/0/22portlink-typetrunkporttrunkallow-passall,Page37,interfaceVlanif10ipaddress192.168.10.253255.255.255.0vrrpvrid10virtual-ip192.168.10.254vrrpvrid10priority120vrrpvrid10preempt-modetimerdelay20interfaceVlanif20ipaddress192.168.20.253255.255.255.0vrrpvrid20virtual-ip192.168.20.254vrrpvrid20priority120vrrpvrid20preempt-modetimerdelay20interfaceVlanif30ipaddress192.168.30.252255.255.255.0vrrpvrid30virtual-ip192.168.30.254interfaceVlanif40ipaddress192.168.40.252255.255.255.0vrrpvrid40virtual-ip192.168.40.254,VRRP实验6VRRP+MSTP典型组网(SW2的配置),vlanbatch10203040stpmodemstpstpregion-configurationregion-namehuaweiinstance1vlan1020instance2vlan3040activeregion-configurationquitstpinstance1priority4096stpinstance2priority0stpenable!interfaceGigabitEthernet0/0/24portlink-typetrunkporttrunkallow-passallinterfaceGigabitEthernet0/0/22portlink-typetrunkporttrunkallow-passall,Page38,interfaceVlanif10ipaddress192.168.10.252255.255.255.0vrrpvrid10virtual-ip192.168.10.254interfaceVlanif20ipaddress192.168.20.252255.255.255.0vrrpvrid20virtual-ip192.168.20.254interfaceVlanif30ipaddress192.168.30.253255.255.255.0vrrpvrid30virtual-ip192.168.30.254vrrpvrid30priority120vrrpvrid30preempt-modetimerdelay20interfaceVlanif40ipaddress192.168.40.253255.255.255.0vrrpvrid40virtual-ip192.168.40.254vrrpvrid40priority120vrrpvrid40preempt-modetimerdelay20,VRRP实验6VRRP+MSTP典型组网(SW3的配置),vlanbatch10203040stpmodemstpstpregion-configurationregion-namehuaweiinstance1vlan1020instance2vlan3040activeregion-configurationquitstpinstance1priority32768stpinstan