(1).Keepalived概述
keepalived 是一個類似於 layer3, 4 & 5 交換機制的軟件,也就是我們平時說的第 3 層、第 4 層和第 5層交換。 Keepalived 的作用是檢測 web 服務器的狀態,如果有一台 web 服務器死機,或工作出現故障,Keepalived 將檢測到,並將有故障的 web 服務器從系統中剔除,當 web 服務器工作正常后 Keepalived 自動將web 服務器加入到服務器群中,這些工作全部自動完成,不需要人工干涉,需要人工做的只是修復故障的web 服務器。
(2).Keepalived工作原理
Layer3,4&5 工作在 IP/TCP 協議棧的 IP 層, TCP 層,及應用層,。
Layer3: Keepalived 使用 Layer3 的方式工作式時, Keepalived 會定期向服務器群中的服務器發送一個 ICMP 的數據包(即我們平時用的 Ping 程序) , 如果發現某台服務的 IP 地址沒有激活,Keepalived 便報告這台服務器失效,並將它從服務器群中剔除,這種情況的典型例子是某台服務器被非法關機。 Layer3 的方式是以服務器的 IP 地址是否有效作為服務器工作正常與否的標准。
Layer4: 主要以 TCP 端口的狀態來決定服務器工作正常與否。如 web server 的服務端口一般是80,如果 Keepalived 檢測到 80 端口沒有啟動,則 Keepalived 將把這台服務器從服務器群中刪除。
Layer5: Layer5 就是工作在具體的應用層了,比 Layer3,Layer4 要復雜一點,在網絡上占用的帶寬也要大一些。 Keepalived 將根據用戶的設定檢查服務器程序的運行是否正常,如果與用戶的設定不相符,則 Keepalived 將把服務器從服務器群中剔除。
以上摘自百度百科:https://baike.baidu.com/item/Keepalived/10346758?fr=aladdin
(3).keepalived的作用
1.管理VIP使VIP在LVS之間漂移;
2.監控LVS分發器。運行在主分發器上的keepalived會以組播的形式向網絡中宣告自身的存在,即告訴備用分發器一件事——主分發器是否還存活。當備用分發器在一個單位時間內收不到組播,備用分發器就會認為主分發器掛了,開始接手主分發器的工作,並將VIP分配給自己;
3.管理RS(真實服務器)。keepalived會每隔一個時間段去做一次類似訪問的操作。探針elinks -dump http://[IP地址:端口號]
經典高可用web架構: LVS+keepalived+nginx+apache+php+eaccelerator(+nfs可選)
(4).實驗環境
youxi1 192.168.5.100(VIP)、192.168.5.101(DIP) 主分發器
youxi2 192.168.5.100(VIP)、192.168.5.102(DIP) 備用分發器
youxi3 192.168.5.103 真實服務器1
youxi4 192.168.5.104 真實服務器2
(5).實驗
keepalived下載地址:https://www.keepalived.org/download.html,下載完成后上傳到主分發器youxi1和備用分發器youxi2
1)在主分發器youxi1上搭建keepalived+LVS-DR
安裝ipvsadm,不需要配置VIP,要么本地源,要么epel源
[root@youxi1 ~]# yum -y install ipvsadm
安裝keepalived的依賴包
[root@youxi1 ~]# yum -y install gcc openssl-devel libnfnetlink-devel libnl libnl3-devel
源碼安裝keepalived
[root@youxi1 ~]# tar zxf keepalived-1.4.5.tar.gz -C /usr/local/src/ [root@youxi1 ~]# cd /usr/local/src/keepalived-1.4.5/ [root@youxi1 keepalived-1.4.5]# ./configure --prefix=/usr/local/keepalived //最后會出現一下報表 Keepalived configuration ------------------------ Keepalived version : 1.4.5 Compiler : gcc Preprocessor flags : -I/usr/include/libnl3 Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2 -D_GNU_SOURCE -fPIE Linker flags : -pie Extra Lib : -lcrypto -lssl -lnl-genl-3 -lnl-3 Use IPVS Framework : Yes IPVS use libnl : Yes IPVS syncd attributes : No IPVS 64 bit stats : No fwmark socket support : Yes Use VRRP Framework : Yes Use VRRP VMAC : Yes Use VRRP authentication : Yes With ip rules/routes : Yes SNMP vrrp support : No SNMP checker support : No SNMP RFCv2 support : No SNMP RFCv3 support : No DBUS support : No SHA1 support : No Use Debug flags : No smtp-alert debugging : No Use Json output : No Stacktrace support : No Memory alloc check : No libnl version : 3 Use IPv4 devconf : No Use libiptc : No Use libipset : No init type : systemd Build genhash : Yes Build documentation : No [root@youxi1 keepalived-1.4.5]# make && make install [root@youxi1 keepalived-1.4.5]# echo $? 0
./configure產生的參數報表中:
Use IPVS Framework表示使用IPVS框架,即LVS的核心代碼,如果不想使用LVS可以在./configure時指定--disable-lvs參數,這里就會顯示NO了;
IPVS use libnl表示IPVS使用新版的libnl,libnl是NTTLINK的一個實現,其實就是支持IPv6的LVS;
Use VRRP Framework表示使用VRRP框架,這是必須的,是keepalived的核心進程VRRPD;
生成啟動腳本文件
[root@youxi1 keepalived-1.4.5]# cp keepalived/etc/init.d/keepalived /etc/init.d/ [root@youxi1 keepalived-1.4.5]# vim /etc/init.d/keepalived //也可以不改這一行,但需要新建一個參數文件,或將參數文件拷貝過去 . /usr/local/keepalived/etc/sysconfig/keepalived //第15行 [root@youxi1 keepalived-1.4.5]# chmod +x /etc/init.d/keepalived //做一個軟鏈接給啟動腳本文件使用 [root@youxi1 keepalived-1.4.5]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/ [root@youxi1 keepalived-1.4.5]# vim /usr/local/keepalived/etc/sysconfig/keepalived //修改參數文件 KEEPALIVED_OPTIONS="-D -f /usr/local/keepalived/etc/keepalived/keepalived.conf" //指向配置文件
修改配置文件etc/keepalived/keepalived.conf,keepalived配置文件參數詳見:https://blog.csdn.net/mofiu/article/details/76644012
[root@youxi1 keepalived-1.4.5]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
#郵件功能一般沒用
notification_email { #指定當keepalived出現問題時,發送郵件給哪些用戶
root@localhost
}
notification_email_from root@localhost #指定發件人
smtp_server localhost #指定SMTP服務器地址
smtp_connect_timeout 30 #指定SMTP連接超時時間
router_id youxi1 #標識當前節點名稱,不允許重復
}
vrrp_instance VI_1 { #定義一個實例,一個實例就是一個集群,實例名稱VI_1可以更改
state MASTER #指定該節點為主節點
interface ens33 #指定VIP的網絡接口
virtual_router_id 51 #指定VRRP組名,主節點和備用節點需要配置相同VRRP組名
priority 100 #優先級,范圍1~254,數學數值比較,越大優先級越高。主節點優先級必須高於備用節點
advert_int 1 #組播信息發送間隔,單位秒,主節點備用節點必須設置一致
authentication { #設置驗證信息,主節點備用節點必須設置一致
auth_type PASS #指定認證方法,PASS簡單密碼認證
auth_pass 1111 #指定認證所使用的密碼,最多8位
}
virtual_ipaddress { #指定VIP,主節點備用節點必須一致
192.168.5.100
}
}
virtual_server 192.168.5.100 80 { #對VIP為192.168.5.100,端口號為80的服務器添加相關信息
delay_loop 6 #keepalived多長時間監測一次真實服務器,單位秒
lb_algo rr #LVS調度算法
lb_kind DR #LVS-DR模式
persistence_timeout 50 #同一個IP50秒內的請求都會發到同一個真實服務器,會影響rr算法調度,測試時可以注釋掉
protocol TCP #4層協議
real_server 192.168.5.103 80 { #對IP為192.168.5.103,端口號為80的真實服務器添加相關信息
weight 1 #指定權重,默認為1
TCP_CHECK{
connect_timeout 3 #連接超時時間,默認5秒
nb_get_retry 3 #重試次數,默認1次
delay_before_retry 3 #重試時間間隔,默認1秒
connect_port 80 #監測端口號
}
}
real_server 192.168.5.104 80 { #對IP為192.168.5.104,端口號為80的真實服務器添加相關信息
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
啟動keepalived,並設置開機自啟
[root@youxi1 keepalived-1.4.5]# systemctl start keepalived.service
[root@youxi1 keepalived-1.4.5]# systemctl enable keepalived.service
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@youxi1 keepalived-1.4.5]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2019-07-23 16:40:45 CST; 14s ago
Main PID: 4645 (keepalived)
CGroup: /system.slice/keepalived.service
├─4645 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keep...
├─4646 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keep...
└─4647 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keep...
7月 23 16:40:52 youxi1 Keepalived_vrrp[4647]: Sending gratuitous ARP on ens...0
7月 23 16:40:52 youxi1 Keepalived_vrrp[4647]: Sending gratuitous ARP on ens...0
7月 23 16:40:52 youxi1 Keepalived_vrrp[4647]: Sending gratuitous ARP on ens...0
7月 23 16:40:52 youxi1 Keepalived_vrrp[4647]: Sending gratuitous ARP on ens...0
7月 23 16:40:54 youxi1 Keepalived_healthcheckers[4646]: TCP connection to [1...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: TCP connection to [1...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: Check on service [19...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: Removing service [19...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: Remote SMTP server [...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: SMTP alert successfu...
Hint: Some lines were ellipsized, use -l to show in full.
查看ipvsadm規則以及狀態
[root@youxi1 keepalived-1.4.5]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.5.100:80 rr persistent 50 [root@youxi1 keepalived-1.4.5]# systemctl status ipvsadm.service //並沒有啟動ipvsadm服務 ● ipvsadm.service - Initialise the Linux Virtual Server Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; disabled; vendor preset: disabled) Active: inactive (dead)
如果防火牆是開啟狀態,請添加端口號
[root@youxi1 keepalived-1.4.5]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success
2)在備用分發器youxi2上搭建keepalived+LVS-DR
和主分發器youxi1基本一樣,只有在修改配置文件etc/keepalived/keepalived.conf時略有不同
[root@youxi2 keepalived-1.4.5]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id youxi2 //修改
}
vrrp_instance VI_1 {
state BACKUP //修改
interface ens33
virtual_router_id 51
priority 90 //修改
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.100
}
}
virtual_server 192.168.5.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.5.103 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.5.104 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
正常啟動keepalived,並設置開機自啟
[root@youxi2 keepalived-1.4.5]# systemctl start keepalived.service [root@youxi2 keepalived-1.4.5]# systemctl enable keepalived.service Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
防火牆如果是開啟狀態記得添加端口號。注意:備用節點比主節點多添加一個vrrp協議規則(如果是iptables,那么就是iptables -A INPUT -p VRRP -j ACCEPT)。
[root@youxi2 keepalived-1.4.5]# firewall-cmd --permanent --zone=public --add-protocol=vrrp success [root@youxi2 keepalived-1.4.5]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success
3)測試VIP漂移
查看主節點和備用節點的ip地址
[root@youxi1 keepalived-1.4.5]# ip a sh dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e6:d6:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.101/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@youxi2 keepalived-1.4.5]# ip a sh dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:75:fa:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.5.102/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::5b8e:3731:3ac1:e7d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
停止主節點的keepalived,再查看主節點和備用節點IP
[root@youxi1 keepalived-1.4.5]# systemctl stop keepalived.service
[root@youxi1 keepalived-1.4.5]# ip a sh dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e6:d6:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.101/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@youxi2 keepalived-1.4.5]# ip a sh dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:75:fa:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.5.102/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::5b8e:3731:3ac1:e7d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
測試完記得開啟主節點youxi1的keepalived
4)搭建真實服務器1youix3
配置回環口lo:1為VIP
[root@youxi3 ~]# cd /etc/sysconfig/network-scripts/
[root@youxi3 network-scripts]# cp ifcfg-lo{,:1}
[root@youxi3 network-scripts]# vim ifcfg-lo:1
DEVICE=lo:1 //修改
IPADDR=192.168.5.100 //修改
NETMASK=255.255.255.255 //修改
#iNETWORK=127.0.0.0 //注釋
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255 //注釋
ONBOOT=yes
NAME=loopback
[root@youxi3 network-scripts]# systemctl restart network
[root@youxi3 network-scripts]# ip a sh dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.5.100/32 brd 192.168.5.100 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
搭建一個簡易的網頁
[root@youxi3 network-scripts]# yum -y install httpd [root@youxi3 network-scripts]# systemctl start httpd.service [root@youxi3 network-scripts]# systemctl enable httpd.service Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@youxi3 network-scripts]# echo youxi3 > /var/www/html/index.html
如果防火牆是開啟狀態,記得添加端口號
[root@youxi3 ~]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success
5)搭建真實服務器2youxi4
基本和搭建youxi3一樣,只是index.html內容改為youxi4,方便測試。
6)測試
注釋掉persistence_timeout參數,然后重啟
在Windows上查看
停掉youxi1上的keepalived,再次查看,中間會有幾秒的斷開,
(6).實現keepalived兩台服務器互為主從
在以上基礎實現keepalived互為主從,添加另一個VIP192.168.5.105,這次youxi2作為Master,youxi1作為Backup。
在youxi1上修改配置文件,添加實例和對應主機,最后重啟keepalived
[root@youxi1 ~]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
vrrp_instance VI_2 { #添加一個新的實例
state BACKUP #youxi1作為BACKUP
interface ens33
virtual_router_id 52 #VRRP組名IP
priority 90 #優先級要低於同實例的youxi2服務器
advert_int 1
authentication { #驗證信息
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.5.105
}
}
virtual_server 192.168.5.105 80 { //添加一個實例對應的虛擬服務器
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.5.103 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.5.104 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@youxi1 ~]# systemctl restart keepalived.service //重啟服務
在youxi2上修改配置文件,添加實例和對應主機,並重啟服務
[root@youxi2 ~]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.5.105
}
}
virtual_server 192.168.5.105 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.5.103 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.5.104 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@youxi2 ~]# systemctl restart keepalived.service
添加youxi3和youxi4的回環口lo:2了
[root@youxi3 ~]# cd /etc/sysconfig/network-scripts/
[root@youxi3 network-scripts]# cp ifcfg-lo{:1,:2}
[root@youxi3 network-scripts]# vim ifcfg-lo:2
DEVICE=lo:2
IPADDR=192.168.5.105
NETMASK=255.255.255.255
#iNETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@youxi3 network-scripts]# systemctl restart network
[root@youxi4 ~]# cd /etc/sysconfig/network-scripts/
[root@youxi4 network-scripts]# cp ifcfg-lo{:1,:2}
[root@youxi4 network-scripts]# vim ifcfg-lo:2
DEVICE=lo:2
IPADDR=192.168.5.105
NETMASK=255.255.255.255
#NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@youxi4 network-scripts]# systemctl restart network
如果防火牆開啟,記得給youxi1添加vrrp協議通過
[root@youxi1 ~]# firewall-cmd --permanent --zone=public --add-protocol=vrrp && firewall-cmd --reload success success
這樣就做成了主從了
[root@youxi1 ~]# ip a sh dev ens33 //youxi1上只有100,而沒有105
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e6:d6:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.101/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@youxi2 ~]# ip a sh dev ens33 //youxi2上只有105,而沒有100
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:75:fa:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.5.102/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.105/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::5b8e:3731:3ac1:e7d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
測試
(7).擴展:
VRRP是一種路由容錯協議,也可以叫做備份路由協議。一個局域網絡內的所有主機都設置缺省路由(默認網關),當網內主機發出的目的地址不在本網段時,報文將被通過缺省路由發往外部路由器,從而實現了主機與外部網絡的通信。當缺省路由器down掉(即端口關閉)之后,內部主機將無法與外部通信,如果路由器設置了VRRP時,那么這時,虛擬路由將啟用備份路由器,從而實現全網通信。
HSRP:熱備份路由器協議(HSRP)的設計目標是支持特定情況下 IP 流量失敗轉移不會引起混亂、並允許主機使用單路由器,以及即使在實際第一跳路由器使用失敗的情形下仍能維護路由器間的連通性。換句話說,當源主機不能動態知道第一跳路由器的 IP 地址時,HSRP 協議能夠保護第一跳路由器不出故障,是CISCO的私有協議!該協議中含有多台路由器,對應一個HSRP組。該組中只有一個路由器承擔轉發用戶流量的職責,這就是活動路由器。當活動路由器失效后,備份路由器將承擔該職責,成為新的活動路由器。這就是熱備份的原理。
HSRP和VRRP的區別:HSRP是cisco的專有協議.在Cisco的HSRP之后,internet工程任務小組(internet engineering task force,IETF)也制定一種路由冗余協議:虛擬路由冗余協議(Virtual Router Redundancy Protocol,VRRP),目前包括Csico在內的主流廠商均在其產品中支持VRRP協議!VRRP和HSRP也有很多不同。VRRP和HSRP 的一個主要的區別在安全方面:它允許參與VRRP組的設備間建立認證機制 。另一個主要區別 :VRRP中只有三種狀態----初始狀態(Initialize)、主狀態(Master)、備份狀態(Backup),而HSRP 有六種狀態。其余在報文類型 、報文格式和通過TCP而非UDP發送的報文方面也有所不同