■实验拓扑
■实验需求
1. 多厂商的网关冗余(VRPP)
2. 考虑上行/上上行/下行链路的之间的track
3. 生成树配置
4. VPC能访问R4的loopback口地址(8.8.8.8)
■实验步骤
▶思科路由器CISCO-R4
Router(config)#hostname CISCO-R4
CISCO-R4(config)#int e0/0
CISCO-R4(config-if)#ip address 14.1.1.4 255.255.255.0
CISCO-R4(config-if)#no shut
CISCO-R4(config-if)#int e0/1
CISCO-R4(config-if)#ip address 24.1.1.4 255.255.255.0
CISCO-R4(config-if)#no shut
CISCO-R4(config-if)#int lo0
CISCO-R4(config-if)#ip address 8.8.8.8 255.255.255.0
CISCO-R4(config-if)#do show ip int brief
Interface IP-Address OK? Method Status Protocol
Ethernet0/0 14.1.1.4 YES manual up up
Ethernet0/1 24.1.1.4 YES manual up up
Ethernet0/2 unassigned YES unset administratively down down
Ethernet0/3 unassigned YES unset administratively down down
Loopback0 8.8.8.8 YES manual up up
CISCO-R4(config-if)#exit
CISCO-R4(config)#router ospf 1
CISCO-R4(config-router)#network 0.0.0.0 0.0.0.0 area 0
CISCO-R4(config-router)#exit
CISCO-R4(config)#exit
CISCO-R4#wr
Building configuration...
[OK]
CISCO-R4#
▶思科核心交换机CISCO-Core1
Switch(config)#hostname CISCO-Core1
CISCO-Core1(config)#int e0/0
CISCO-Core1(config-if)#no switchport
CISCO-Core1(config-if)#ip address 14.1.1.1 255.255.255.0
CISCO-Core1(config-if)#no shut
CISCO-Core1(config-if)#int range e0/1 - 2
CISCO-Core1(config-if-range)#switchport trunk encapsulation dot1q
CISCO-Core1(config-if-range)#switchport mode trunk
CISCO-Core1(config-if-range)#exit
CISCO-Core1(config)#vlan 100
CISCO-Core1(config-vlan)#vlan 200
CISCO-Core1(config-vlan)#exit
CISCO-Core1(config)#int range e0/1-2
CISCO-Core1(config-if-range)#shut
CISCO-Core1(config-if-range)#exit
CISCO-Core1(config)#spanning-tree mode mst
CISCO-Core1(config)#spanning-tree mst configuration
CISCO-Core1(config-mst)#name glab
CISCO-Core1(config-mst)#instance 1 vlan 100
CISCO-Core1(config-mst)#instance 2 vlan 200
CISCO-Core1(config-mst)#exit
CISCO-Core1(config)#spanning-tree mst 1 root secondary
CISCO-Core1(config)#spanning-tree mst 2 root primary
CISCO-Core1(config)#exit
CISCO-Core1#show spanning-tree vlan 100
MST1
Spanning tree enabled protocol mstp
Root ID Priority 28673
Address aabb.cc00.1000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 28673 (priority 28672 sys-id-ext 1)
Address aabb.cc00. 1000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/1 Desg FWD 2000000 128.2 P2p
Et0/2 Desg FWD 2000000 128.3 P2p
CISCO-Core1#show spanning-tree vlan 200
MST2
Spanning tree enabled protocol mstp
Root ID Priority 24578
Address aabb.cc00.1000
This bridge is the root
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
BridgeID Priority 24578 (priority24576sys-id-ext2)
Address aabb.cc00.1000
HelloTime 2 sec MaxAge20sec ForwardDelay15sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/1 Desg FWD 2000000 128.2 P2p
Et0/2 Desg FWD 2000000 128.3 P2p
CISCO-Core1(config)#int vlan 200
CISCO-Core1(config-if)#ip address 192.168.200.252 255.255.255.0
CISCO-Core1(config-if)#no shut
CISCO-Core1(config)#int vlan 100
CISCO-Core1(config-if)#ip address 192.168.100.252 255.255.255.0
CISCO-Core1(config-if)#no shut
CISCO-Core1(config)#router ospf 1
CISCO-Core1(config-router)#network 0.0.0.0 0.0.0.0 area 0
CISCO-Core1(config-router)#passive-interface vlan 100
CISCO-Core1(config-router)#passive-interface vlan 200
CISCO-Core1(config-router)#exit
CISCO-Core1#show ip ospf nei
Neighbor ID Pri State Dead Time Address Interface
8.8.8.8 1 FULL/DR 00:00:36 14.1.1.4 Ethernet0/0
CISCO-Core1#wr
Building configuration...
Compressed configuration from 1382 bytes to 879 bytes[OK]
CISCO-Core1#
▶华为核心交换机HUAWEI-Core2
[HUAWEI]sysname HUAWEI-Core2
[HUAWEI-Core2]int g1/0/0
[HUAWEI-Core2-GE1/0/0]undo portswitch
[HUAWEI-Core2-GE1/0/0]ip address 24.1.1.2 24
[HUAWEI-Core2-GE1/0/0]q
[HUAWEI-Core2]interface range g1/0/1 to g1/0/2
[HUAWEI-Core2-port-group]port link-type trunk
[HUAWEI-Core2-port-group]port trunk allow-pass vlan all
[HUAWEI-Core2-port-group]q
[HUAWEI-Core2]stp enable
[HUAWEI-Core2]stp mode mstp
[HUAWEI-Core2]stp region-configuration
[HUAWEI-Core2-mst-region]region-name glab
[HUAWEI-Core2-mst-region]instance 1 vlan 100
[HUAWEI-Core2-mst-region]instance 2 vlan 200
[HUAWEI-Core2-mst-region]q
[HUAWEI-Core2]stp instance 1 root primary
[HUAWEI-Core2]stp instance 2 root secondary
[HUAWEI-Core2]dis stp instance 1
MSTI 1 Global Information:
MSTI Bridge ID :0.701d-8b93-5265
MSTI RegRoot/IRPC :0.701d-8b93-5265 / 0 (This bridge is the root)
MSTI RootPortId :0.0
MSTI RootPortId :0.0
MSTI Root Type :Primary root
Master Bridge :32768.701d-8b93-5265
Cost to Master :0
TC received :5
TC count per hello :0
Time since last TC :0 days 0h:6m:45s
Number of TC :4
Last TC occurred :GE1/0/2
Topo Change Flag :0
MSTI 1 Port Information:
Port Id :2
Port Name :GE1/0/1
Port State :Forwarding
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T) :Cnotallow=auto / Active=199999
Desg. Bridge/Port :0.701d-8b93-5265 / 128.2
Port Times :RemHops 20
TC or TCN send :4
TC or TCN received :3
Last forwarding time : 2022/08/17 16:33:47 UTC
MSTI 1 Port Information:
Port Id :3
Port Name :GE1/0/2
Port State :Forwarding
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T) :Cnotallow=auto / Active=199999
Desg. Bridge/Port :0.701d-8b93-5265 / 128.3
Port Times :RemHops 20
TC or TCN send :4
TC or TCN received :2
Last forwarding time : 2022/08/17 16:33:47 UTC
[HUAWEI-Core2]dis stp instance 2
MSTI 2 Global Information:
MSTI Bridge ID :4096.701d-8b93-5265
MSTI RegRoot/IRPC :4096.701d-8b93-5265 / 0 (This bridge is the root)
MSTI RootPortId :0.0
MSTI Root Type :Secondary root
Master Bridge :32768.701d-8b93-5265
Cost to Master :0
TC received :8
TC count per hello :0
Time since last TC :0 days 0h:7m:1s
Number of TC :5
Last TC occurred :GE1/0/2
Topo Change Flag :0
MSTI 2 Port Information:
Port Id :2
Port Name :GE1/0/1
Port State :Forwarding
Port Role :Designated Port
Port Priority :128
Port Cost(Dot1T) :Cnotallow=auto / Active=199999
Desg. Bridge/Port :4096.701d-8b93-5265 / 128.2
Port Times :RemHops 20
[HUAWEI-Core2]undo stp instance 2 root secondary
[HUAWEI-Core2]stp instance 2 priority 32768
//将Core2上的优先级调至比Core1上的高后,再display后,发现Core2已不再是instance的根桥
[HUAWEI-Core2]int Vlanif 100
[HUAWEI-Core2-Vlanif100]ip address 192.168.100.253 24
[HUAWEI-Core2-Vlanif100]q
[HUAWEI-Core2]int Vlanif 200
[HUAWEI-Core2-Vlanif200]ip address 192.168.200.253 24
[HUAWEI-Core2-Vlanif200]q
[HUAWEI-Core2]ospf
[HUAWEI-Core2-ospf-1]area 0
[HUAWEI-Core2-ospf-1-area-0.0.0.0]network 0.0.0.0 0.0.0.0
[HUAWEI-Core2-ospf-1-area-0.0.0.0]q
[HUAWEI-Core2]q
<HUAWEI-Core2>save
▶思科接入交换机CISCO-Access
Switch(config)#hostname CISCO-Access
CISCO-Access(config)#vlan 100
CISCO-Access(config-vlan)#vlan 200
CISCO-Access(config-vlan)#int e0/2
CISCO-Access(config-if)#switchport host
CISCO-Access(config-if)#switchport access vlan 100
CISCO-Access(config-if)#no shut
CISCO-Access(config-if)#int e0/3
CISCO-Access(config-if)#switchport host
CISCO-Access(config-if)#switchport access vlan 200
CISCO-Access(config-if)#no shut
CISCO-Access(config)#spanning-tree mode mst
CISCO-Access(config)#spanning-tree mst configuration
CISCO-Access(config-mst)#name glab
CISCO-Access(config-mst)#instance 1 vlan 100
CISCO-Access(config-mst)#instance 2 vlan 200
CISCO-Access(config-mst)#exit
CISCO-Access#show spanning-tree vlan 100
MST1
Spanning tree enabled protocol mstp
Root ID Priority 1
Address 701d.8b93.5265
Cost 2000000
Port 2 (Ethernet0/1)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32769 (priority 32768 sys-id-ext 1)
Address aabb.cc00.3000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Altn BLK 2000000 128.1 P2p
Et0/1 Root FWD 2000000 128.2 P2p
Et0/2 Desg FWD 2000000 128.3 P2p Edge
CISCO-Access#show spanning-tree vlan 200
MST2
Spanning tree enabled protocol mstp
Root ID Priority 24578
Address aabb.cc00.1000
Cost 2000000
Port 1 (Ethernet0/0)
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Bridge ID Priority 32770 (priority 32768 sys-id-ext 2)
Address aabb.cc00.3000
Hello Time 2 sec Max Age 20 sec Forward Delay 15 sec
Interface Role Sts Cost Prio.Nbr Type
------------------- ---- --- --------- -------- --------------------------------
Et0/0 Root FWD 2000000 128.1 P2p
Et0/1 Altn BLK 2000000 128.2 P2p
Et0/3 Desg FWD 2000000 128.4 P2p Edge
CISCO-Access#
▶VPC1
VPCS> ip 192.168.100.1/24 192.168.100.253
Checking for duplicate address...
VPCS : 192.168.100.1 255.255.255.0 gateway 192.168.100.253
VPCS> ping 8.8.8.8
84 bytes from 8.8.8.8 icmp_seq=1 ttl=254 time=5.405 ms
84 bytes from 8.8.8.8 icmp_seq=2 ttl=254 time=3.955 ms
84 bytes from 8.8.8.8 icmp_seq=3 ttl=254 time=3.371 ms
84 bytes from 8.8.8.8 icmp_seq=4 ttl=254 time=3.779 ms
84 bytes from 8.8.8.8 icmp_seq=5 ttl=254 time=3.774 ms
VPCS>
▶VPC2
VPCS> ip 192.168.200.1/24 192.168.200.252
Checking for duplicate address...
VPCS : 192.168.200.1 255.255.255.0 gateway 192.168.200.252
VPCS> ping 8.8.8.8
84 bytes from 8.8.8.8 icmp_seq=1 ttl=254 time=1.743 ms
84 bytes from 8.8.8.8 icmp_seq=2 ttl=254 time=1.638 ms
84 bytes from 8.8.8.8 icmp_seq=3 ttl=254 time=1.810 ms
84 bytes from 8.8.8.8 icmp_seq=4 ttl=254 time=1.738 ms
84 bytes from 8.8.8.8 icmp_seq=5 ttl=254 time=1.632 ms
VPCS>
▶跨厂商的网关冗余(VLAN200的VRPP Active在CISCO-Core1上)
► Master:
CISCO-Core1(config)#int vlan 200
CISCO-Core1(config-if)#vrrp 200 ip 192.168.200.254
CISCO-Core1(config-if)#vrrp 200 priority 109
► Backup:
[HUAWEI-Core2]int Vlanif 200
[HUAWEI-Core2-Vlanif200]vrrp vrid 200 virtual-ip 192.168.200.254
[HUAWEI-Core2-Vlanif200]dis this
#
interface Vlanif200
ip address 192.168.200.253 255.255.255.0
vrrp vrid 200 virtual-ip 192.168.200.254
#
return
[HUAWEI-Core2-Vlanif200]dis vrrp
Type:
N: Normal
A: Administrator
M: Member
L: Load-Balance
LM: Load-Balance-Member
Total:2 Master:1 Backup:1 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
200 Backup Vlanif200 N 192.168.200.254
[HUAWEI-Core2-Vlanif200]
▶跨厂商的网关冗余(VLAN100的VRPP Active在HUAWEI-Core2上)
► Master:
[HUAWEI-Core2]int vlan 100
[HUAWEI-Core2-Vlanif100]vrrp vrid 100 virtual-ip 192.168.100.254
[HUAWEI-Core2-Vlanif100]vrrp vrid 100 priority 101
► Backup:
CISCO-Core1(config)#int vlan 100
CISCO-Core1(config-if)#vrrp 100 ip 192.168.100.254
CISCO-Core1(config-if)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl100 100 100 3609 Y Backup 192.168.100.253 192.168.100.254
Vl200 200 109 3574 Y Master 192.168.200.252 192.168.200.254
CISCO-Core1(config-if)#
[HUAWEI-Core2-Vlanif200]dis vrrp verbose
Vlanif200 | Virtual Router 200
State : Backup
Virtual IP : 192.168.200.254
Master IP : 192.168.200.252
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 109
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-01c8
Check TTL : YES
Config Type : Normal
Create Time : 2022-08-18 16:46:26
Last Change Time : 2022-08-18 17:09:05
Vlanif100 | Virtual Router 100
State : Master
Virtual IP : 192.168.100.254
Master IP : 192.168.100.253
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier: 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0164
Check TTL : YES
Config Type : Normal
Create Time : 2022-08-18 16:33:09
Last Change Time : 2022-08-18 16:33:13
[HUAWEI-Core2-Vlanif200]
▶思科上下行链路的track(VLAN200的VRPP Active在CISCO-Core1上时)
► Master:
CISCO-Core1(config)#track 1 interface e0/0 line-protocol
CISCO-Core1(config-track)#track 2 interface e0/2 line-protocol
CISCO-Core1(config-track)#exit
CISCO-Core1(config)#ip sla 1
//远端链路使用sla
CISCO-Core1(config-ip-sla)#icmp-echo 14.1.1.4 source-ip 14.1.1.1
CISCO-Core1(config-ip-sla-echo)#exit
CISCO-Core1(config)#ip sla schedule 1 start-time now life forever
CISCO-Core1(config)#track 3 ip sla 1
//track3匹配远端链路
CISCO-Core1(config-track)#exit
CISCO-Core1(config-if)#vrrp 200 track 1 decrement 10
CISCO-Core1(config-if)#vrrp 200 track 2 decrement 10
CISCO-Core1(config-if)#vrrp 200 track 3 decrement 10
CISCO-Core1(config-if)#do show run int vlan 200
Building configuration...
Current configuration : 173 bytes
!
interface Vlan200
ip address 192.168.200.252 255.255.255.0
vrrp 200 ip 192.168.200.254
vrrp 200 priority 109
vrrp 200 track 1
vrrp 200 track 2
vrrp 200 track 3
end
CISCO-Core1(config-if)#
//将接口e0/0断开
CISCO-Core1(config)#int e0/0
CISCO-Core1(config-if)#shutdown
CISCO-Core1(config-if)#
*Aug 18 17:02:17.852: %TRACK-6-STATE: 1 interface Et0/0 line-protocol Up -> Down
*Aug 18 17:02:17.858: %OSPF-5-ADJCHG: Process 1, Nbr 8.8.8.8 on Ethernet0/0 from FULL to DOWN, Neighbor Down:
Interface down or detached
CISCO-Core1(config-if)#
*Aug 18 17:02:18.033: %VRRP-6-STATECHANGE: Vl200 Grp 200 state Master -> Backup
CISCO-Core1(config-if)#
*Aug 18 17:02:19.850: %LINK-5-CHANGED: Interface Ethernet0/0, changed state to administratively down
*Aug 18 17:02:20.854: %LINEPROTO-5-UPDOWN: Line protocol on Interface Ethernet0/0, changed state to down
CISCO-Core1(config-if)#do show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl200 200 99 3574 Y Backup 192.168.200.253 192.168.200.254
CISCO-Core1(config-if)#
[HUAWEI-Core2-Vlanif200]dis vrrp
Type:
N: Normal
A: Administrator
M: Member
L: Load-Balance
LM: Load-Balance-Member
Total:2 Master:1 Backup: Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
100 Master Vlanif100 N 192.168.100.254
200 Backup Vlanif200 N 192.168.200.254
[HUAWEI-Core2-Vlanif200]dis vrrp
Type:
N: Normal
A: Administrator
M: Member
L: Load-Balance
LM: Load-Balance-Member
Total:2 Master:2 Backup:0 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
100 Master Vlanif100 N 192.168.100.254
200 Master Vlanif200 N 192.168.200.254
[HUAWEI-Core2-Vlanif200]
VPCS> ip 192.168.200.1/24 192.168.200.254
Checking for duplicate address...
VPCS : 192.168.200.1 255.255.255.0 gateway 192.168.200.254
VPCS> trace 8.8.8.8
trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop
//接口e0/0没down之前,VPC2通过200.252上去
1 192.168.200.252 0.903 ms 0.811 ms 1.009 ms
2 *14.1.1.4 1.599 ms (ICMP type:3, code:3, Destination port unreachable) *
VPCS> trace 8.8.8.8
trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop
//接口e0/0没down之后,VPC2通过200.253上去
1 192.168.200.253 21.694 ms 3.758 ms 4.592 ms
2 *24.1.1.4 4.666 ms (ICMP type:3, code:3, Destination port unreachable) *
▶华为上下行链路的track(VLAN100的VRPP Active在HUAWEI-Core2上时)--nqa/bfd(链路检测)
► Master:
[HUAWEI-Core2]nqa test-instance admin icmp
[HUAWEI-Core2-nqa-admin-icmp]test-type icmp
[HUAWEI-Core2-nqa-admin-icmp]destination-address ipv4 24.1.1.4
[HUAWEI-Core2-nqa-admin-icmp]frequency 10
[HUAWEI-Core2-nqa-admin-icmp]interval seconds 3
[HUAWEI-Core2-nqa-admin-icmp]start now
[HUAWEI-Core2-nqa-admin-icmp]q
[HUAWEI-Core2]bfd
[HUAWEI-Core2-bfd]bfd 1 bind peer-ip 24.1.1.4 source-ip 24.1.1.2
//配置BFD会话的本地标识符 //配置BFD会话的远端标识符
[HUAWEI-Core2-bfd-session-1]discriminator local 1
[HUAWEI-Core2-bfd-session-1]discriminator remote 2
[HUAWEI-Core2-bfd-session-1]dis this
#
bfd 1 bind peer-ip 24.1.1.4 source-ip 24.1.1.2
discriminator local 1
discriminator remote 2
#
return
[HUAWEI-Core2-bfd-session-1]q
[HUAWEI-Core2]int vlan 100
[HUAWEI-Core2-Vlanif100]vrrp vrid 100 track nqa admin icmp reduce 30
[HUAWEI-Core2-Vlanif100]vrrp vrid 100 track bfd 1 reduce 30
[HUAWEI-Core2-Vlanif100]vrrp vrid 100 track interface g1/0/0 reduce 30
[HUAWEI-Core2-Vlanif100]vrrp vrid 100 track interface g1/0/2 reduce 30
[HUAWEI-Core2-Vlanif100]dis this
#
interface Vlanif100
ip address 192.168.100.253 255.255.255.0
vrrp vrid 100 virtual-ip 192.168.100.254
vrrp vrid 100 track interface GE1/0/0 reduce 30
vrrp vrid 100 track interface GE1/0/2 reduce 30
vrrp vrid 100 track bfd session-name 1 reduce 30
vrrp vrid 100 track nqa admin icmp reduce 30
#
return
[HUAWEI-Core2-Vlanif100]q
[HUAWEI-Core2]dis vrrp 100
Type:
N: Normal
A: Administrator
M: Member
L: Load-Balance
LM: Load-Balance-Member
Total:1 Master:0 Backup:1 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
100 Backup Vlanif100 N 192.168.100.254
[HUAWEI-Core2]dis vrrp 100 verbose
Vlanif100 | Virtual Router 100
State : Backup
Virtual IP : 192.168.100.254
Master IP : 192.168.100.252
PriorityRun : 70
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier: 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0164
Check TTL : YES
Config Type : Normal
Track IF : GE1/0/0 Priority Reduced : 30
IF State : UP
Track IF : GE1/0/2 Priority Reduced : 30
IF State : UP
Track BFD : 1 Priority Reduced : 30
BFD-session State : DOWN
Track NQA : admin icmp Priority Reduced : 30
NQA State : success
Create Time : 2022-08-18 16:33:09
Last Change Time : 2022-08-18 18:00:10
[HUAWEI-Core2]
//确认华为交换机优先级降低后,VLAN100的Master已切换至CISCO-Core1
[HUAWEI-Core2]dis vrrp
Type:
N: Normal
A: Administrator
M: Member
L: Load-Balance
LM: Load-Balance-Member
Total:2 Master:0 Backup:2 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
100 Backup Vlanif100 N 192.168.100.254
200 Backup Vlanif200 N 192.168.200.254
[HUAWEI-Core2]
CISCO-Core1#show vrrp bri
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl100 100 100 3609 Y Master 192.168.100.252 192.168.100.254
Vl200 200 109 3574 Y Master 192.168.200.252 192.168.200.254
CISCO-Core1#
■实验总结
1、STP和VRRP设计的Active不是同一台核心。
i. 核心之间是二层链路,trunk allow all vlan,通,通过trunk透传
ii. 核心之间是二层链路,不允许vlan通过,STP vlan 200失败,原来被block的接口就会变成forwarding转发数据
iii. 核心之间是三层链路,不存在环路,access上的所有接口都能转发数据
2、 VRRP可以使用2个地址,但是做track的时候还是需要3个地址
3、华为核心交换机上配置网关冗余(nqa、bfd)
NQA:(Network Quality Analysis)指一种实时的网络性能探测和统计技术(单向做)
※跟sla很像,使用icmp、源目ip地址
BFD:(Bidirectional Forwarding Detection,双向转发检测)是一种高速故障检测机制(双向做)
※nqa是秒级的,bfd是毫秒级的,相对来说bfd使用更多
■问题汇总
▶仅nqa生效的场合
如实验步骤中所示,华为交换机上在配置完nqa和bfd后。在接口没有down的情况下,
VLAN 100的VRRP Master就已经切换到思科Core1上了。
[HUAWEI-Core2]display vrrp
Type:
N: Normal
A: Administrator
M: Member
L: Load-Balance
LM: Load-Balance-Member
Total:2 Master:0 Backup:2 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
100 Backup Vlanif100 N 192.168.100.254
200 Backup Vlanif200 N 192.168.200.254
[HUAWEI-Core2]display vrrp verbose
Vlanif200 | Virtual Router 200
State : Backup
Virtual IP : 192.168.200.254
Master IP : 192.168.200.252
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 109
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier: 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-01c8
Check TTL : YES
Config Type : Normal
Create Time : 2022-08-18 16:46:26
Last Change Time : 2022-08-18 19:02:05
Vlanif100 | Virtual Router 100
State
Virtual IP : 192.168.100.254
Master IP : 192.168.100.252
PriorityRun : 71
PriorityConfig : 101
MasterPriority : 100
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0164
Check TTL : YES
Config Type : Normal
Track IF : GE1/0/0 Priority Reduced : 30
IF State : UP
Track IF : GE1/0/2 Priority Reduced : 30
IF State : UP
Track BFD : 1 Priority Reduced : 30
BFD-session State : DOWN
Track NQA : admin icmp Priority Reduced : 30
NQA State : success
Create Time : 2022-08-18 16:33:09
Last Change Time : 2022-08-18 19:47:14
[HUAWEI-Core2]dis ip int bri
*down: administratively down
!down: FIB overload down
^down: standby
(l): loopback
(s): spoofing
(d): Dampening Suppressed
The number of interface that is UP in Physical is 5
The number of interface that is DOWN in Physical is 0
The number of interface that is UP in Protocol is 4
The number of interface that is DOWN in Protocol is 1
Interface IP Address/Mask Physical Protocol VPN
GE1/0/0 24.1.1.2/24 up up --
MEth0/0/0 unassigned up down --
NULL0 unassigned up up(s) --
Vlanif100 192.168.100.253/24 up up --
Vlanif200 192.168.200.253/24 up up --
[HUAWEI-Core2]
CISCO-Core1#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl100 100 100 3609 Y Master 192.168.100.252 192.168.100.254
Vl200 200 109 3574 Y Master 192.168.200.252 192.168.200.254
CISCO-Core1#
★理论上,down掉华为交换机的g1/0/0或g1/0/2接口,导致链路状态发生改变后,原Master的优先级下降
从而导致切换成Backup状态。
现在好像是vlan100接口下只要调用nqa和bfd后,优先级立即会减30,从而导致切换。
[HUAWEI-Core2]int Vlanif 100
[HUAWEI-Core2-Vlanif100]dis this
#
interface Vlanif100
ip address 192.168.100.253 255.255.255.0
vrrp vrid 100 virtual-ip 192.168.100.254
vrrp vrid 100 priority 101
vrrp vrid 100 track interface GE1/0/0 reduce 30
vrrp vrid 100 track interface GE1/0/2 reduce 30
vrrp vrid 100 track bfd session-name 1 reduce 30
vrrp vrid 100 track nqa admin icmp reduce 30
#
return
[HUAWEI-Core2-Vlanif100]undo vrrp vrid 100 track bfd session-name 1
[HUAWEI-Core2-Vlanif100]dis vrrp
Type:
N: Normal
A: Administrator
M: Member
L: Load-Balance
LM: Load-Balance-Member
Total:2 Master:1 Backup:1 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
100 Master Vlanif100 N 192.168.100.254
200 Backup Vlanif200 N 192.168.200.254
[HUAWEI-Core2-Vlanif100]
[HUAWEI-Core2-Vlanif100]dis vrrp verbose
Vlanif200 | Virtual Router 200
State : Backup
Virtual IP : 192.168.200.254
Master IP : 192.168.200.252
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 109
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier: 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-01c8
Check TTL : YES
Config Type : Normal
Create Time : 2022-08-18 16:46:26
Last Change Time : 2022-08-18 19:02:05
Vlanif100 | Virtual Router 100
State : Master
Virtual IP : 192.168.100.254
Master IP : 192.168.100.253
PriorityRun : 101
PriorityConfig : 101
MasterPriority : 101
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0164
Check TTL : YES
Config Type : Normal
Track IF : GE1/0/0 Priority Reduced : 30
IF State : UP
Track IF : GE1/0/2 Priority Reduced : 30
IF State : UP
Track NQA : admin icmp Priority Reduced : 30
NQA State : success
Create Time : 2022-08-18 16:33:09
Last Change Time : 2022-08-18 20:21:00
[HUAWEI-Core2-Vlanif100]
vlan 100接口下不要调用bfd,就正常了。然后正常down g1/0/0或g1/0/2接口后,优先级也能正常下降。
基于此,nqa和bfd是不是不太可能会同时配置,若同时配置的话,可能会发生上述现象?
------------------------------------------------------------------------------------------------------------------------------------------
▶仅bdf生效的场合
[HUAWEI-Core2]bfd
[HUAWEI-Core2]bfd 1 bind peer-ip 24.1.1.4 interface g1/0/0 one-arm-echo
[HUAWEI-Core2-bfd-session-1]discriminator local 1
[HUAWEI-Core2-bfd-session-1]q
[HUAWEI-Core2]in vlan 100
[HUAWEI-Core2-Vlanif100]vrrp vrid 100 track bfd 1 reduce 30
[HUAWEI-Core2-Vlanif100]dis this
#
interface Vlanif100
ip address 192.168.100.253 255.255.255.0
vrrp vrid 100 virtual-ip 192.168.100.254
vrrp vrid 100 priority 101
vrrp vrid 100 track interface GE1/0/0 reduce 30
vrrp vrid 100 track interface GE1/0/2 reduce 30
vrrp vrid 100 track bfd session-name 1 reduce 30
#
return
[HUAWEI-Core2-Vlanif100]
[HUAWEI-Core2-Vlanif100]dis vrrp
Type:
N: Normal
A: Administrator
M: Member
L: Load-Balance
LM: Load-Balance-Member
Total:2 Master:1 Backup:1 Non-active:0
VRID State Interface Type Virtual IP
----------------------------------------------------------------
100 Master Vlanif100 N 192.168.100.254
200 Backup Vlanif200 N 192.168.200.254
[HUAWEI-Core2-Vlanif100]dis vrrp verbose
Vlanif200 | Virtual Router 200
State : Backup
Virtual IP : 192.168.200.254
Master IP : 192.168.200.252
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 109
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-01c8
Check TTL : YES
Config Type : Normal
Create Time : 2022-08-18 16:46:26
Last Change Time : 2022-08-19 03:06:17
Vlanif100 | Virtual Router 100
State : Master
Virtual IP : 192.168.100.254
Master IP : 192.168.100.253
PriorityRun : 101
PriorityConfig : 101
MasterPriority : 101
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0164
Check TTL : YES
Config Type : Normal
Track IF : GE1/0/0 Priority Reduced : 30
IF State : UP
Track IF : GE1/0/2 Priority Reduced : 30
IF State : UP
Track BFD : 1 Priority Reduced : 30
BFD-session State : UP
Create Time : 2022-08-18 16:33:09
Last Change Time : 2022-08-19 11:54:38
//down掉g1/0/2接口,查看bfd是否生效
[HUAWEI-Core2]int g1/0/2
[HUAWEI-Core2-GE1/0/2]shutdown
[HUAWEI-Core2-GE1/0/2]dis vrrp verbose
Vlanif200 | Virtual Router 200
State : Backup
Virtual IP : 192.168.200.254
Master IP : 192.168.200.252
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 109
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier: 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-01c8
Check TTL : YES
Config Type : Normal
Create Time : 2022-08-18 16:46:26
Last Change Time : 2022-08-19 03:06:17
Vlanif100 | Virtual Router 100
//由Master→Backup,且优先级降至71
State : Backup
Virtual IP : 192.168.100.254
Master IP : 192.168.100.252
PriorityRun : 71
PriorityConfig : 101
MasterPriority : 100
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 3
TimerRun : 1s
TimerConfig : 1s
Auth Type : NONE
Virtual MAC : 0000-5e00-0164
Check TTL : YES
Config Type : Normal
Track IF : GE1/0/0 Priority Reduced : 30
IF State : UP
Track IF : GE1/0/2 Priority Reduced : 30
IF State : DOWN
Track BFD : 1 Priority Reduced : 30
BFD-session State : UP
Create Time : 2022-08-18 16:33:09
Last Change Time : 2022-08-19 12:10:39
[HUAWEI-Core2-GE1/0/2]
