文章目录

  • 一、冗余分类
  • 二、HSRP:热备份网关协议
  • 三、VRRP:虚拟网关冗余协议
  • 四、GLBP:网关负载均衡协议


一、冗余分类

链路冗余: 链路聚合,etherchannel,stp等
设备冗余: 热备份(加电状态,故障后可自动切换),冷备份
电源冗余: 双电源,UPS等
引擎冗余: 双主板,
切换技术:
1,RPR;切换时间2-4分钟,主引擎正常工作,备份引擎配置相同,但不加电
2,RPR+;切换时间1-2分钟,主引擎正常工作,备份引擎实时同步主引擎
3,sso over nsf;切换时间1-2s,主引擎正常工作,备份引擎只同步cef表(数据层面的转发表)等即可进行数据转发,然后再控制层面进行同步
网关冗余: HSRP、VRRP、GLBP

二、HSRP:热备份网关协议

思科私有协议,一个group指定一个VIP地址,自动生成一个Vmac地址
MAC地址:0000.0c07.ac0a

0000.0c

07.ac

0a

固定

代表hsrp

组编号

HSRP特点:

  • 1.使用hello包进行active和standby选举,hello时间3s,hold时间 10s,更新地址224.0.0.2 ,持续发送
  • 2.抢占默认关闭
  • 3.若接口启用HSRP,则接口ICMP重定向失效
  • 4.选举规则:
  1. 比较优先级,优先级越大越优,默认优先级为100.可以修改范围0-255
  2. 比较接口物理IP地址,越大越优
    配置:

R1、R2、R3为三个路由器,正常配置IP地址和宣告路由,R3创建环回模拟主机,R4、R5模拟两台主机,关闭路由功能,设置网关地址为10.1.1.254
配置HSRP:

R1(config)#int f0/0 
R1(config-if)#standby 10 ip 10.1.1.254
R2(config)#int f0/0 
R2(config-if)#standby 10 ip 10.1.1.254

查看:

R1#show standby 
FastEthernet0/0 - Group 10
  State is Standby
    3 state changes, last state change 00:00:31
  Virtual IP address is 10.1.1.254
  Active virtual MAC address is 0000.0c07.ac0a
    Local virtual MAC address is 0000.0c07.ac0a (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 1.472 secs
  Preemption disabled
  Active router is 10.1.1.2, priority 100 (expires in 8.352 sec)
  Standby router is local
  Priority 100 (default 100)
  Group name is "hsrp-Fa0/0-10" (default)
  
R2#sho standby 
FastEthernet0/0 - Group 10
  State is Active           //由于R2的IP地址大,故R2优选为Active
    2 state changes, last state change 00:00:56
  Virtual IP address is 10.1.1.254
  Active virtual MAC address is 0000.0c07.ac0a
    Local virtual MAC address is 0000.0c07.ac0a (v1 default)
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 0.384 secs
  Preemption disabled
  Active router is local
  Standby router is 10.1.1.1, priority 100 (expires in 10.832 sec)
  Priority 100 (default 100)
  Group name is "hsrp-Fa0/0-10" (default)

R4#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!
R5#ping 1.1.1.1
Type escape sequence to abort.
Sending 5, 100-byte ICMP Echos to 1.1.1.1, timeout is 2 seconds:
!!!!!

若关闭R2的f0/0,则R1会自动切换为Active

R2(config)#int f0/0
R2(config-if)#shu
R1(config-if)#do sho stand
FastEthernet0/0 - Group 10
  State is Active
R4#traceroute 1.1.1.1
Type escape sequence to abort.
Tracing the route to 1.1.1.1
  1 10.1.1.1 28 msec 20 msec 24 msec
  2 13.1.1.2 12 msec 68 msec 44 msec

故障切换:
HSRP下行链路发生故障:切换时间等于HSRP hold时间(10s)
HSRP上行链路发生故障:切换时间与路由协议收敛有关,可定义流量工程检测上行链路故障,并开启抢占,那么当检测到上行链路故障时,自动减小其优先级,Standby即可自动抢占为Active,若检测上行直连链路,则不需要流量工程,直接R2(config-if)#standby 10 track serial 1/1 开启抢占:standby 10 preempt

R2(config)#ip sla 1
R2(config-ip-sla)#icmp-echo 23.1.1.1 source-ip 23.1.1.2
R2(config-ip-sla-echo)#frequency 5
R2(config-ip-sla-echo)#exi
R2(config)#ip sla schedule 1 life forever start-time now 
R2(config)#track 1 ip sla 1 reachability 
R2(config)#int f0/0
R2(config-if)#standby 10 track 1 decrement 20

验证:关闭R2的s1/1口,R2的日志

*May 17 13:21:25.131: %TRACKING-5-STATE: 1 ip sla 1 reachability Up->Down
*May 17 13:21:26.627: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 10 state Active -> Speak
*May 17 13:21:38.523: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 10 state Speak -> Standby

这样也只是实现了网关备份,但是并没有实现负载分担,要实现负载分担,我们只需要再新建一个standby group 20,虚拟网关IP地址为10.1.1.100,调大R2的优先级,让R1成为group 10的Active,R2成为group20的Active即可,然后将R4网关改为10.1.1.254,R5网关改为10.1.1.100即可实现R4走R1,R5走R2。

三、VRRP:虚拟网关冗余协议

共有协议,一个group指定一个VIP地址,自动生成一个Vmac地址
MAC地址:0000.5e00.010a

0000.5e00.01

0a

代表VRRP

组编号

特点:

  • 1.hello时间1s hold时间3.6
  • 2.在选举过程中发送hello,若选举完成之后仅仅master 发送hello, 源Mac地址为Vmac,目标IP地址为224.0.0.18
  • 3.选举一个master其余为backup
  • 4.默认抢占开启
  • 5.不能跟踪上行直连接口 ,只能跟踪 track
  • 6.在VRRP中,虚拟IP地址可以设为某个备份网关的真实IP地址,那么此真实接口优先级变为255
  • 7.启用VRRP,接口ICMP重定向不失效
    配置:
R1(config)#int f0/0 
R1(config-if)#vrrp 10 ip 10.1.1.254
R2(config)#int f0/0 
R2(config-if)#vrrp 10 ip 10.1.1.254

故障切换:
VRRP下行链路发生故障:切换时间等于VRRP hold时间(3.6s)
VRRP上行链路发生故障:切换时间与路由协议收敛有关

四、GLBP:网关负载均衡协议

思科私有协议,HSRP协议的增加,变种
AVG:虚拟活动网关,抢占默认关闭,priority,负责应答用户AVF的MAC地址,自动负载均衡
AVF:虚拟活动转发,抢占默认开启,weight,负载转发数据
MAC地址:0007.b400.6402

0007.b4

00.64

02

代表GLBP

组编号

AVF编号

部署:

R1(config)#int f0/0
R1(config-if)#glbp 1 ip 10.1.1.254
R2(config)#int f0/0
R2(config-if)#glbp 1 ip 10.1.1.254

查看:
这里R1为AVG的Active,R2为AVG的Standby
R1为AVF1的Active,AVF2的Standby
R2为AVF2的Active,AVF1的Standby
有多少个网关,就有多少个AVF。

R1#show glbp  
FastEthernet0/0 - Group 1
  State is Active		//这是AVG的状态,R1为AVG的Active
    1 state change, last state change 00:10:17
  Virtual IP address is 10.1.1.254
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.592 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Preemption disabled
  Active is local
  Standby is 10.1.1.2, priority 100 (expires in 7.616 sec)
  Priority 100 (default)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
  Load balancing: round-robin
  Group members:
    ca01.d250.0000 (10.1.1.1) local
    ca02.d2c4.0000 (10.1.1.2)
  There are 2 forwarders (1 active)
  Forwarder 1
    State is Active		//R1为AVF1的Active
      1 state change, last state change 00:10:05
    MAC address is 0007.b400.0101 (default)
    Owner ID is ca01.d250.0000
    Redirection enabled
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100
    Client selection count: 1
  Forwarder 2			//R1为AVF2的Standby
    State is Listen
    MAC address is 0007.b400.0102 (learnt)
    Owner ID is ca02.d2c4.0000
    Redirection enabled, 599.744 sec remaining (maximum 600 sec)
    Time to live: 14399.744 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 10.1.1.2 (primary), weighting 100 (expires in 10.560 sec)
    Client selection count: 1

R2#sho glbp 
FastEthernet0/0 - Group 1
  State is Standby				//这是AVG的状态,R2为AVG的Standby
    1 state change, last state change 00:10:09
  Virtual IP address is 10.1.1.254
  Hello time 3 sec, hold time 10 sec
    Next hello sent in 2.976 secs
  Redirect time 600 sec, forwarder timeout 14400 sec
  Preemption disabled
  Active is 10.1.1.1, priority 100 (expires in 8.768 sec)
  Standby is local
  Priority 100 (default)
  Weighting 100 (default 100), thresholds: lower 1, upper 100
  Load balancing: round-robin
  Group members:
    ca01.d250.0000 (10.1.1.1)
    ca02.d2c4.0000 (10.1.1.2) local
  There are 2 forwarders (1 active)
  Forwarder 1				//R2为AVF1的Standby
    State is Listen
    MAC address is 0007.b400.0101 (learnt)
    Owner ID is ca01.d250.0000
    Time to live: 14397.504 sec (maximum 14400 sec)
    Preemption enabled, min delay 30 sec
    Active is 10.1.1.1 (primary), weighting 100 (expires in 11.360 sec)
  Forwarder 2				//R2为AVF2的Active
    State is Active
      1 state change, last state change 00:10:15
    MAC address is 0007.b400.0102 (default)
    Owner ID is ca02.d2c4.0000
    Preemption enabled, min delay 30 sec
    Active is local, weighting 100