作者:鄧聰聰
二層 :環路----STP
--鏈路聚合
三層: 網關 ----VRRP
VRRP 虛擬路由冗余協議
概念:虛擬路由器
--由轉發數據的路由器和備份的路由去組成的一個虛擬組
--虛擬IP地址-------內網主機的網關地址
--虛擬MAC:00-00-3E-00-01-VRID
master路由器----------實際轉發數據的路由器 ;
backup路由器----------備份網關路由器
選擇主備網關:
看優先級,數值大的做為主網關、如果優先級一樣,看接口IP,IP數值大的做為主網關
VRID :
虛擬組---虛擬編號---代表的虛擬路由器(屬於一個虛擬組的不同路由器上的vrid必須相同)
VRRP主網關發送報文的地址: 組播地址224.0.0.18
VRRP協議報文發送的周期: 1S
VRRP協議號: 112
VRRP : 虛擬IP 、vrid 、認證
============================================================================
組網拓撲:
1、核心動態路由協議
2、匯聚層做高可用
匯聚層路由信息:
[sw3]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 19 Routes : 20 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_NSSA 150 1 D 4.1.1.1 Vlanif4 2.1.1.0/30 OSPF 10 2 D 4.1.1.1 Vlanif4 3.1.1.0/30 OSPF 10 2 D 4.1.1.1 Vlanif4 4.1.1.0/30 Direct 0 0 D 4.1.1.2 Vlanif4 4.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif4 5.1.1.0/30 OSPF 10 2 D 4.1.1.1 Vlanif4 6.1.1.0/30 Direct 0 0 D 6.1.1.2 Vlanif6 6.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif6 7.1.1.0/30 OSPF 10 2 D 10.1.1.3 Vlanif10 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif10 10.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif10 10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif10 20.1.1.0/30 OSPF 10 3 D 4.1.1.1 Vlanif4 OSPF 10 3 D 10.1.1.3 Vlanif10 100.1.1.0/24 Static 60 0 D 0.0.0.0 NULL0 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 Direct 0 0 D 192.168.0.1 Vlanif2019 192.168.0.1/32 Direct 0 0 D 127.0.0.1 Vlanif2019 222.222.222.1/32 OSPF 10 2 D 4.1.1.1 Vlanif4
[sw4]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 18 Routes : 19 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_NSSA 150 1 D 7.1.1.1 Vlanif7 2.1.1.0/30 OSPF 10 3 D 7.1.1.1 Vlanif7 OSPF 10 3 D 10.1.1.2 Vlanif10 3.1.1.0/30 OSPF 10 2 D 7.1.1.1 Vlanif7 4.1.1.0/30 OSPF 10 2 D 10.1.1.2 Vlanif10 5.1.1.0/30 Direct 0 0 D 5.1.1.2 Vlanif5 5.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif5 6.1.1.0/30 OSPF 10 2 D 7.1.1.1 Vlanif7 7.1.1.0/30 Direct 0 0 D 7.1.1.2 Vlanif7 7.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif7 10.1.1.0/24 Direct 0 0 D 10.1.1.3 Vlanif10 10.1.1.1/32 OSPF 10 2 D 10.1.1.2 Vlanif10 10.1.1.3/32 Direct 0 0 D 127.0.0.1 Vlanif10 20.1.1.0/30 OSPF 10 2 D 7.1.1.1 Vlanif7 100.1.1.0/24 O_NSSA 150 1 D 10.1.1.2 Vlanif10 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 OSPF 10 2 D 10.1.1.2 Vlanif10 222.222.222.1/32 OSPF 10 2 D 7.1.1.1 Vlanif7
核心路由:
<sw5>dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 16 Routes : 20 Destination/Mask Proto Pre Cost Flags NextHop Interface 2.1.1.0/30 Direct 0 0 D 2.1.1.1 Vlanif2 2.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif2 3.1.1.0/30 OSPF 10 2 D 20.1.1.2 Vlanif20 OSPF 10 2 D 2.1.1.2 Vlanif2 4.1.1.0/30 OSPF 10 2 D 2.1.1.2 Vlanif2 5.1.1.0/30 OSPF 10 2 D 2.1.1.2 Vlanif2 6.1.1.0/30 OSPF 10 2 D 20.1.1.2 Vlanif20 7.1.1.0/30 OSPF 10 2 D 20.1.1.2 Vlanif20 10.1.1.0/24 OSPF 10 3 D 2.1.1.2 Vlanif2 OSPF 10 3 D 20.1.1.2 Vlanif20 10.1.1.1/32 OSPF 10 3 D 2.1.1.2 Vlanif2 OSPF 10 3 D 20.1.1.2 Vlanif20 20.1.1.0/30 Direct 0 0 D 20.1.1.1 Vlanif20 20.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif20 100.1.1.0/24 O_ASE 150 1 D 2.1.1.2 Vlanif2 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 OSPF 10 3 D 20.1.1.2 Vlanif20 OSPF 10 3 D 2.1.1.2 Vlanif2 222.222.222.1/32 Direct 0 0 D 127.0.0.1 LoopBack1
[sw1]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 19 Routes : 21 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_ASE 150 1 D 2.1.1.1 Vlanif2 2.1.1.0/30 Direct 0 0 D 2.1.1.2 Vlanif2 2.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif2 3.1.1.0/30 Direct 0 0 D 3.1.1.1 Vlanif3 3.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif3 4.1.1.0/30 Direct 0 0 D 4.1.1.1 Vlanif4 4.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif4 5.1.1.0/30 Direct 0 0 D 5.1.1.1 Vlanif5 5.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif5 6.1.1.0/30 OSPF 10 3 D 5.1.1.2 Vlanif5 7.1.1.0/30 OSPF 10 2 D 5.1.1.2 Vlanif5 10.1.1.0/24 OSPF 10 2 D 4.1.1.2 Vlanif4 OSPF 10 2 D 5.1.1.2 Vlanif5 10.1.1.1/32 OSPF 10 2 D 4.1.1.2 Vlanif4 20.1.1.0/30 OSPF 10 2 D 3.1.1.2 Vlanif3 OSPF 10 2 D 2.1.1.1 Vlanif2 100.1.1.0/24 O_NSSA 150 1 D 4.1.1.2 Vlanif4 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 OSPF 10 2 D 4.1.1.2 Vlanif4 222.222.222.1/32 OSPF 10 1 D 2.1.1.1 Vlanif2
[sw2]dis ip routing-table Route Flags: R - relay, D - download to fib ------------------------------------------------------------------------------ Routing Tables: Public Destinations : 19 Routes : 21 Destination/Mask Proto Pre Cost Flags NextHop Interface 0.0.0.0/0 O_ASE 150 1 D 20.1.1.1 Vlanif20 2.1.1.0/30 OSPF 10 2 D 3.1.1.1 Vlanif3 OSPF 10 2 D 20.1.1.1 Vlanif20 3.1.1.0/30 Direct 0 0 D 3.1.1.2 Vlanif3 3.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif3 4.1.1.0/30 OSPF 10 2 D 6.1.1.2 Vlanif6 5.1.1.0/30 OSPF 10 3 D 6.1.1.2 Vlanif6 6.1.1.0/30 Direct 0 0 D 6.1.1.1 Vlanif6 6.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif6 7.1.1.0/30 Direct 0 0 D 7.1.1.1 Vlanif7 7.1.1.1/32 Direct 0 0 D 127.0.0.1 Vlanif7 10.1.1.0/24 OSPF 10 2 D 6.1.1.2 Vlanif6 OSPF 10 2 D 7.1.1.2 Vlanif7 10.1.1.1/32 OSPF 10 2 D 6.1.1.2 Vlanif6 20.1.1.0/30 Direct 0 0 D 20.1.1.2 Vlanif20 20.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif20 100.1.1.0/24 O_NSSA 150 1 D 6.1.1.2 Vlanif6 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/24 OSPF 10 2 D 6.1.1.2 Vlanif6 222.222.222.1/32 OSPF 10 1 D 20.1.1.1 Vlanif20
設備sw1-sw6配置信息:
[sw1]dis cu # sysname sw1 # vlan batch 2 to 10 # stp disable # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif2 ip address 2.1.1.2 255.255.255.252 ospf authentication-mode md5 3 cipher s.2G'<U(x<'eKRQqbl+OV${# # interface Vlanif3 ip address 3.1.1.1 255.255.255.252 # interface Vlanif4 ip address 4.1.1.1 255.255.255.252 # interface Vlanif5 ip address 5.1.1.1 255.255.255.252 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 to 10 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 4 # interface GigabitEthernet0/0/3 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 # interface GigabitEthernet0/0/4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 5 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 1 area 0.0.0.0 network 2.1.1.0 0.0.0.3 network 3.1.1.0 0.0.0.3 area 0.0.0.1 network 4.1.1.0 0.0.0.3 network 5.1.1.0 0.0.0.3 nssa # user-interface con 0 user-interface vty 0 4 # return [sw1]
[sw2]dis cu # sysname sw2 # vlan batch 2 to 10 20 # stp disable # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif3 ip address 3.1.1.2 255.255.255.252 # interface Vlanif6 ip address 6.1.1.1 255.255.255.252 # interface Vlanif7 ip address 7.1.1.1 255.255.255.252 # interface Vlanif20 ip address 20.1.1.2 255.255.255.252 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 3 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 7 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 20 # interface GigabitEthernet0/0/5 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 6 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 1 import-route static type 2 area 0.0.0.0 network 3.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 area 0.0.0.1 network 6.1.1.0 0.0.0.3 network 7.1.1.0 0.0.0.3 nssa area 0.0.0.2 network 111.1.1.1 0.0.0.0 # user-interface con 0 user-interface vty 0 4 # return [sw2]
[sw3]dis cu # sysname sw3 # vlan batch 2 to 10 2019 # stp instance 0 root primary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name 10 revision-level 1 instance 1 vlan 2 to 100 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif4 ip address 4.1.1.2 255.255.255.252 # interface Vlanif6 ip address 6.1.1.2 255.255.255.252 ospf cost 2000 # interface Vlanif10 ip address 10.1.1.2 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 vrrp vrid 10 priority 254 vrrp vrid 10 preempt-mode timer delay 5 # interface Vlanif2019 ip address 192.168.0.1 255.255.255.0 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 4 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 2019 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 6 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 1 import-route static route-policy tag area 0.0.0.1 network 4.1.1.0 0.0.0.3 network 6.1.1.0 0.0.0.3 network 192.168.0.0 0.0.0.255 network 10.1.1.0 0.0.0.255 nssa no-summary # route-policy tag permit node 10 if-match tag 201 # ip route-static 100.1.1.0 255.255.255.0 NULL0 tag 201 # user-interface con 0 user-interface vty 0 4 # return [sw3]
[sw4]dis cu # sysname sw4 # vlan batch 2 to 10 # stp instance 0 root secondary # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # stp region-configuration region-name 10 revision-level 1 instance 1 vlan 2 to 100 active region-configuration # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif5 ip address 5.1.1.2 255.255.255.252 ospf cost 2000 # interface Vlanif7 ip address 7.1.1.2 255.255.255.252 # interface Vlanif10 ip address 10.1.1.3 255.255.255.0 vrrp vrid 10 virtual-ip 10.1.1.1 vrrp vrid 10 preempt-mode timer delay 3 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 7 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 3 10 # interface GigabitEthernet0/0/4 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 5 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ospf 1 area 0.0.0.1 network 5.1.1.0 0.0.0.3 network 7.1.1.0 0.0.0.3 network 10.1.1.0 0.0.0.255 nssa no-summary # user-interface con 0 user-interface vty 0 4 # port-group link-type # return [sw4]
<sw5>dis cu # sysname sw5 # vlan batch 2 to 10 20 # stp disable # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif2 ip address 2.1.1.1 255.255.255.252 ospf authentication-mode md5 3 cipher 9yiv#-7/e)Hj<w)JO!C@G%S# # interface Vlanif20 ip address 20.1.1.1 255.255.255.252 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 2 # interface GigabitEthernet0/0/2 port link-type trunk undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 20 # interface GigabitEthernet0/0/3 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # interface LoopBack1 ip address 222.222.222.1 255.255.255.255 # ospf 1 default-route-advertise always area 0.0.0.0 network 2.1.1.0 0.0.0.3 network 20.1.1.0 0.0.0.3 network 222.222.222.1 0.0.0.0 # user-interface con 0 user-interface vty 0 4 # return <sw5>
<sw6>dis cu # sysname sw6 # vlan batch 10 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 # interface Vlanif10 ip address 10.1.1.5 255.255.255.0 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/2 port link-type access port default vlan 10 # interface GigabitEthernet0/0/3 port link-type trunk port trunk allow-pass vlan 10 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # user-interface con 0 user-interface vty 0 4 # return <sw6>