此拓扑出自2021年软考网络工程师下半年试题(四),相关配置参考华为官方文档。
VRRP+BFD案例实验(简单)
IP地址规划表
设备 | 接口 | IP地址 |
R1 | GigabitEthernet0/0/0 | 10.12.0.1/29 |
R1 | GigabitEthernet0/0/1 | 10.2.2.1/24 |
R1 | GigabitEthernet0/0/2 | 10.13.1.1/29 |
R1 | GigabitEthernet4/0/0 | 10.4.1.10/24 |
R2 | GigabitEthernet0/0/0 | 10.12.0.2/29 |
R2 | GigabitEthernet0/0/1 | 10.23.0.1/29 |
R2 | GigabitEthernet0/0/2 | 10.1.1.1/24 |
R2 | GigabitEthernet4/0/0 | 110.125.0.2/28 |
R3 | GigabitEthernet0/0/0 | 10.23.0.3/29 |
R3 | GigabitEthernet0/0/1 | 10.2.2.3/24 |
R3 | GigabitEthernet0/0/2 | 10.13.1.3/29 |
R3 | GigabitEthernet4/0/0 | 10.3.1.10/24 |
ISP | GigabitEthernet0/0/0 | 110.125.0.1/28 |
ISP | GigabitEthernet0/0/1 | 114.114.114.1/24 |
DNS服务器 | Ethernet0/0/0 | 114.114.114.114/24 |
Web服务器 | Ethernet0/0/0 | 10.2.2.22/24 |
PC | Ethernet0/0/0 | 10.1.1.10/24 |
client2 | Ethernet0/0/0 | 10.4.1.1/24 |
client3 | Ethernet0/0/0 | 10.3.1.1/24 |
一、项目实施
1、配置接口
- R1的配置
[R1]interface GigabitEthernet 0/0/0
[R1-GigabitEthernet0/0/0]ip address 10.12.0.1 255.255.255.248
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]ip address 10.2.2.1 255.255.255.0
[R1]interface GigabitEthernet 0/0/2
[R1-GigabitEthernet0/0/2]ip address 10.13.1.1 255.255.255.248
[R1]interface GigabitEthernet 4/0/0
[R1-GigabitEthernet4/0/0]ip address 10.4.1.10 255.255.255.0
- R2的配置
[R2]interface GigabitEthernet 0/0/0
[R2-GigabitEthernet0/0/0]ip address 10.12.0.2 255.255.255.248
[R2]interface GigabitEthernet 0/0/1
[R2-GigabitEthernet0/0/1]ip address 10.23.0.1 255.255.255.248
[R2]interface GigabitEthernet 0/0/2
[R2-GigabitEthernet0/0/2]ip address 10.1.1.1 255.255.255.0
[R2]interface GigabitEthernet 4/0/0
[R2-GigabitEthernet4/0/0]ip address 110.125.0.2 255.255.255.240
- R3的配置
[R3]interface GigabitEthernet 0/0/0
[R3-GigabitEthernet0/0/0]ip address 10.23.0.3 255.255.255.248
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]ip address 10.2.2.3 255.255.255.0
[R3]interface GigabitEthernet 0/0/2
[R3-GigabitEthernet0/0/2]ip address 10.13.1.3 255.255.255.248
[R3]interface GigabitEthernet 4/0/0
[R3-GigabitEthernet4/0/0]ip address 10.3.1.10 255.255.255.0
- ISP的配置
[ISP]int GigabitEthernet 0/0/0
[ISP-GigabitEthernet0/0/0]ip address 110.125.0.1 255.255.255.240
[ISP-GigabitEthernet0/0/0]interface GigabitEthernet 0/0/1
[ISP-GigabitEthernet0/0/1]ip address 114.114.114.1 255.255.255.0
2、配置静态路由
- R1的配置
[R1]ip route-static 0.0.0.0 0.0.0.0 10.12.0.2
[R1]ip route-static 0.0.0.0 0.0.0.0 10.13.1.3 preference 100
- R2的配置
[R2]ip route-static 0.0.0.0 0.0.0.0 110.125.0.1
[R2]ip route-static 10.2.2.0 255.255.255.0 10.12.0.1
[R2]ip route-static 10.2.2.0 255.255.255.0 10.23.0.3 preference 100
[R2]ip route-static 10.3.1.0 255.255.255.0 10.23.0.3
[R2]ip route-static 10.4.1.0 255.255.255.0 10.12.0.1
- R3的配置
[R3]ip route-static 0.0.0.0 0.0.0.0 10.23.0.1
[R3]ip route-static 0.0.0.0 0.0.0.0 10.13.1.1 preference 100
3、配置BFD(Bidirectional Forwarding Detection,双向转发检测)
- R1的配置
[R1]bfd #开启全局BFD功能,进入BFD视图
#缺省状态,全局BFD功能未开启
[R1-bfd]quit
[R1]bfd 1 bind peer-ip 10.12.0.2 source-ip 10.12.0.1 auto #配置单跳BFD会话,绑定远端IP地址和本端IP地址,
配置静态标识符自动协商,配置标识符必需相同否则无法建立bfd会话
[R1-bfd-session-1]commit #提交配置
[R1-bfd-session-1]quit
- R2的配置
[R2]bfd 1 bind peer-ip 10.12.0.1 source-ip 10.12.0.2 auto #配置单跳BFD会话,绑定远端IP地址和本端IP地址,
配置静态标识符自动协商,配置标识符必需相同否则无法建立bfd会话
[R2-bfd-session-1]commit #提交配置
[R2-bfd-session-1]quit
[R2]bfd 2 bind peer-ip 10.23.0.3 source-ip 10.23.0.1 auto #配置单跳BFD会话,绑定远端IP地址和本端IP地址,
配置静态标识符自动协商,配置标识符必需相同否则无法建立bfd会话
[R2-bfd-session-2]commit #提交配置
[R2-bfd-session-2]quit
- R3的配置
[R3]bfd #开启全局BFD功能,进入BFD视图
#缺省状态,全局BFD功能未开启
[R3-bfd]quit
[R3]bfd 1 bind peer-ip 10.23.0.1 source-ip 10.23.0.3 auto #配置单跳BFD会话,绑定远端IP地址和本端IP地址,
配置静态标识符自动协商,配置标识符必需相同否则无法建立bfd会话
[R3-bfd-session-1]commit #提交配置
[R3-bfd-session-1]quit
4、配置虚拟路由冗余协议VRRP(Virtual Router Redundancy Protocol)
- R1的配置
[R1]interface GigabitEthernet 0/0/1
[R1-GigabitEthernet0/0/1]vrrp vrid 1 virtual-ip 10.2.2.10 #配置虚拟网关为10.2.2.10,vrid为1
[R1-GigabitEthernet0/0/1]vrrp vrid 1 priority 120 #配置vrrp优先级为120,高于默认的100,设置设备为Master设备
[R1-GigabitEthernet0/0/1]vrrp vrid 1 preempt-mode timer delay 2 #设置设备为抢占模式配置抢占时间为2秒,设备默认采用立即抢占
避免网络不稳定,双方频繁抢占产生流量中断的问题。
[R1-GigabitEthernet0/0/1]vrrp vrid 1 track interface GigabitEthernet0/0/0 reduced 30 #配置VRRP与接口状态联动,监视
上行接口GE0/0/0 ,当GE0/0/0失效时,优先级减30,使R3即使抢占主设备的位置,为服务器提供服务
- R3的配置
[R3]interface GigabitEthernet 0/0/1
[R3-GigabitEthernet0/0/1]vrrp vrid 1 virtual-ip 10.2.2.10 #配置虚拟网关为10.2.2.10,vrid为1
[R3-GigabitEthernet0/0/1]vrrp vrid 1 preempt-mode timer delay #设置设备为抢占模式配置抢占时间为2秒,设备默认采用立即抢占
避免网络不稳定,双方频繁抢占产生流量中断的问题。
[R3-GigabitEthernet0/0/1]vrrp vrid 1 track interface GigabitEthernet0/0/0 reduced 30 #配置VRRP与接口状态联动,监视
上行接口GE0/0/0 ,当GE0/0/0失效时,优先级减30,使R3即使抢占主设备的位置,为服务器提供服务
5、配置ACL限制
限制周六周日不能访问服务器的Web服务,其他网段无限制。
[R2]time-range ftime 9:00 to 17:00 ?
<0-6> Day of the week(0 is Sunday)
Fri Friday
Mon Monday
Sat Saturday
Sun Sunday
Thu Thursday
Tue Tuesday
Wed Wednesday
daily Every day of the week
off-day Saturday and Sunday
working-day Monday to Friday
[R2]time-range ftime 9:00 to 17:00 off-day
[R1]interface GigabitEthernet 0/0/2
[R2-acl-adv-3001]rule 5 deny tcp destination-port eq 80 source 10.1.1.0 0.0.0.25
5 destination 10.2.2.22 0.0.0.0 time-range ftime
[R2]interface GigabitEthernet 0/0/2
[R2-GigabitEthernet0/0/2]traffic-filter inbound acl 3001
二、项目实施
1、验证BFD会话通告
- R1的通告
[R1]display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8193 8192 10.12.0.2 Up S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
- R2的通告
[R2]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 8193 10.12.0.1 Up S_AUTO_PEER -
8193 8192 10.23.0.3 Up S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 2/0
- R3的通告
[R3]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 8193 10.23.0.1 Up S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
2、查看VRRP状态
- R1的vrrp状态
[R1]display vrrp
GigabitEthernet0/0/1 | Virtual Router 1
State : Master
Virtual IP : 10.2.2.10
Master IP : 10.2.2.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 2 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet0/0/0 Priority reduced : 30
IF state : UP
Create time : 2022-03-18 09:23:38 UTC-08:00
Last change time : 2022-03-18 11:19:48 UTC-08:00
- R3的vrrp状态
[R3]display vrrp
GigabitEthernet0/0/1 | Virtual Router 1
State : Backup
Virtual IP : 10.2.2.10
Master IP : 10.2.2.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 2 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Track IF : GigabitEthernet0/0/0 Priority reduced : 30
IF state : UP
Create time : 2022-03-18 09:23:35 UTC-08:00
Last change time : 2022-03-18 11:19:49 UTC-08:00
验证vrrp虚拟网关
- R1的路由表
[R1]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 18 Routes : 18
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 10.12.0.2 GigabitEthernet
0/0/0
10.2.2.0/24 Direct 0 0 D 10.2.2.1 GigabitEthernet
0/0/1
10.2.2.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.2.2.10/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.4.1.0/24 Direct 0 0 D 10.4.1.10 GigabitEthernet
4/0/0
10.4.1.10/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
4/0/0
10.4.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
4/0/0
10.12.0.0/29 Direct 0 0 D 10.12.0.1 GigabitEthernet
0/0/0
10.12.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.12.0.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.13.1.0/29 Direct 0 0 D 10.13.1.1 GigabitEthernet
0/0/2
10.13.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.13.1.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- R2的路由表
[R3]display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 17 Routes : 17
Destination/Mask Proto Pre Cost Flags NextHop Interface
0.0.0.0/0 Static 60 0 RD 10.23.0.1 GigabitEthernet
0/0/0
10.2.2.0/24 Direct 0 0 D 10.2.2.3 GigabitEthernet
0/0/1
10.2.2.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.2.2.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/1
10.3.1.0/24 Direct 0 0 D 10.3.1.10 GigabitEthernet
4/0/0
10.3.1.10/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
4/0/0
10.3.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
4/0/0
10.13.1.0/29 Direct 0 0 D 10.13.1.3 GigabitEthernet
0/0/2
10.13.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.13.1.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/2
10.23.0.0/29 Direct 0 0 D 10.23.0.3 GigabitEthernet
0/0/0
10.23.0.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
10.23.0.7/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
此拓扑出自2021年软考网络工程师下半年试题(四),相关配置参考华为官方文档。
