案例出处
场景:
路由器上两条ISP接入,通过两条静态默认路由访问internet,当一条线路出现问题但物理链路UP就会出现一部分网页打不开或一部分PC无法访问internet。为了解决这种问题,可以在路由器上配置TRACK联动NQA来实现链路检测,当一条线路出问题可以自动把所有数据包走另一条线路。
如图,在AR 上配置:
1、 分别配置IP地址和NAT(略)
2、 配置静态路由并关联track
[AR]ip route-static 0.0.0.0 0 192.168.88.1 track 1 //添加静态默认路由,下一跳为192.168.88.1 关联track1
[AR]ip route-static 0.0.0.0 0 192.168.200.1 track 2 //添加静态默认路由,下一跳为192.168.200.1 关联track2 实测如果默认路由分出优先级,首选走哪个,用preference 80(默认60)降低优先级负载均衡: 如果两条链路的路由优先级相同(上面2条静态路由优先级同为默认的60)的话,就会实现负载均衡,数据包传输过程中,两条链路都会走
[AR]nqa entry admin wan1 //创建管理员名为admin,操作标签为wan1的NQA测试组。
[AR-nqa-admin-wan1]type icmp-echo //配置测试类型为ICMP-ECHO(ping测试)
[AR-nqa-admin-wan1-icmp-echo]destination ip 114.114.114.114 //配置测试目的地址为114.114.114.114(可以配置为运营商的网关地址或可靠的服务IP)
[AR-nqa-admin-wan1-icmp-echo]next-hop ip 192.168.88.1 //配置出口下一跳为192.168.88.1(ISP提供)
[AR-nqa-admin-wan1-icmp-echo]frequency 100 //配置测试频率为100ms
[AR-nqa-admin-wan1-icmp-echo]reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only //配置联动项1,连续失败5次触发联动。
[AR]nqa schedule admin wan1 start-time now lifetime forever //启动wan1 探测
[AR]track 1 nqa entry admin wan1 reaction 1 //配置track项1,关联NQA测试组(管理员admin,标签wan1)的联动项1.[AR]nqa entry admin wan2 //创建管理员名为admin,操作标签为wan2的NQA测试组(实际操作不需要探测第二条线路,只需要探测第一条线路且默认走第一条线路,如果探测第一条线路断了,则第二条生效,如果第二条断了,无所谓,本来走的就不是第二条)。
[AR-nqa-admin-wan1]type icmp-echo //配置测试类型为ICMP-ECHO(ping测试)
[AR-nqa-admin-wan1-icmp-echo]destination ip 8.8.8.8 //配置测试目的地址为8.8.8.8(可以配置为运营商的网关地址或可靠的服务IP,建议和WAN1的测试目的地址不同以防目的服务器有问题导致链路不通)
[AR-nqa-admin-wan1-icmp-echo]next-hop ip 192.168.200.1 //配置出口下一跳为192.168.200.1
[AR-nqa-admin-wan1-icmp-echo]frequency 100 //配置测试频率为100ms
[AR-nqa-admin-wan1-icmp-echo]reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only //配置联动项1,连续失败5次触发联动。
[AR]nqa schedule admin wan1 start-time now lifetime forever //启动探测 到wan1的
[AR]track 2 nqa entry admin wan2 reaction 1 //配置track项2,关联NQA测试组(管理员admin,标签wan2)的联动项1.实测这个也不需要以上便可实现两条默认路由互相备份实现网络的高可用性!
如需策略路由在以上基础上添加策略路由并关联track项即可
====================================================================
我的在MSR3620上的实验结果OK啦
[H3C-Test2LineAutoChange]dis cur
#
version 7.1.049, Release 0106P21
#
sysname H3C-Test2LineAutoChange
#
ip unreachables enable
ip ttl-expires enable
#
dhcp enable//常规的DHCP内网地址池配置
dhcp server forbidden-ip 192.168.1.1 192.168.1.10
#
password-recovery enable
#
vlan 1
#
dhcp server ip-pool lan
network 192.168.1.0 mask 255.255.255.0
dns-list 202.99.166.4 222.222.222.222
gateway-list 192.168.1.1#
nqa entry admin dianxin//创建NQA测试(探测)组:admin/dianxin,管理员admin,操作标签dianxin---实测去掉不用探测条二条线路
type icmp-echo//测试类型为ping
destination ip 172.16.12.254//测试目标IP为ISP网关或可靠的外网IP
frequency 1000//测试频率为1000ms
next-hop 172.16.12.254//出接口的下一步即ISP给的网关
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trap-only//配置联动项1:reaction 1 连续失败5次触发此联动#配置NQA探测出口网络的通断有三步骤:
nqa entry admin liantong//(一)创建NQA测试(探测)组:admin liantong 管理员admin,操作标签liantong 下面说明同上 探测优先级高的即可,高的通则通,不通第二条生效走第二条,第二条不通本来就是第一条,2条都断就没办法了 就全断了
type icmp-echo
destination ip 114.114.114.114//可用ISP的网关
frequency 1000
next-hop 172.16.11.254
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only//配置联动项1:reaction 1 连续失败5次触发此联动
#
nqa schedule admin liantong start-time now lifetime forever//(三)启动探测 到联通的 不用启用到电信的探测
#
controller Cellular0/0
#
controller Cellular0/1
#
interface Aux0
#
interface NULL0
#
interface GigabitEthernet0/0--出联通并NAT
port link-mode route
description to LianTong
combo enable copper
ip address 172.16.11.11 255.255.255.0
nat outbound
#
interface GigabitEthernet0/1---出电信并NAT
port link-mode route
description to DianXin
ip address 172.16.12.12 255.255.255.0
nat outbound
#
interface GigabitEthernet0/2---内网接口并关联DHCP池
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator#配置静态路由并关联track 可优先级区分首选走哪个 也可不区分(测试通过了)
ip route-static 0.0.0.0 0 172.16.11.254 track 1-----------------下行可不配preference优先级,都是默认的60,这样就成的浮动路由,随意走,而现在默认走11,不走12,只有当11掉了(灯亮线断或灯不亮线断)才走12
ip route-static 0.0.0.0 0 172.16.12.254 track 2 preference 80
#
undo info-center enable
#
domain system
#
aaa session-limit ftp 32
aaa session-limit telnet 32
aaa session-limit http 32
aaa session-limit ssh 32
aaa session-limit https 32
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
track 1 nqa entry admin liantong reaction 1//(二)配置track1 关联上面NQA测试的测试组admin liantong的联动项1
track 2 nqa entry admin dianxin reaction 1//配置track2
#
return
以上便可实现两条默认路由互相备份实现网络的高可用性!
如需策略路由在以上基础上添加策略路由并关联track项即可
无注释 纯净----------------------------------
<H3C-Test2LineAutoChange>dis cur
#
version 7.1.049, Release 0106P21
#
sysname H3C-Test2LineAutoChange
#
ip unreachables enable
ip ttl-expires enable
#
dhcp enable
dhcp server forbidden-ip 192.168.1.1 192.168.1.10
#
password-recovery enable
#
vlan 1
#
dhcp server ip-pool lan
network 192.168.1.0 mask 255.255.255.0
dns-list 202.99.166.4 222.222.222.222
gateway-list 192.168.1.1
#
nqa entry admin dianxin
type icmp-echo
destination ip 172.16.12.254
frequency 1000
next-hop 172.16.12.254
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trap-only
#
nqa entry admin liantong
type icmp-echo
destination ip 114.114.114.114
frequency 1000
next-hop 172.16.11.254
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
#
nqa schedule admin liantong start-time now lifetime forever
#
controller Cellular0/0
#
controller Cellular0/1
#
interface Aux0
#
interface NULL0
#
interface GigabitEthernet0/0
port link-mode route
description to LianTong
combo enable copper
ip address 172.16.11.11 255.255.255.0
nat outbound
#
interface GigabitEthernet0/1
port link-mode route
description to DianXin
ip address 172.16.12.12 255.255.255.0
nat outbound
#
interface GigabitEthernet0/2
port link-mode route
ip address 192.168.1.1 255.255.255.0
#
scheduler logfile size 16
#
line class aux
user-role network-admin
#
line class tty
user-role network-operator
#
line class vty
user-role network-operator
#
line aux 0
user-role network-admin
#
line vty 0 63
user-role network-operator
#
ip route-static 0.0.0.0 0 172.16.11.254 track 1
ip route-static 0.0.0.0 0 172.16.12.254 track 2 preference 80
#
undo info-center enable
#
domain system
#
aaa session-limit ftp 32
aaa session-limit telnet 32
aaa session-limit http 32
aaa session-limit ssh 32
aaa session-limit https 32
domain default enable system
#
role name level-0
description Predefined level-0 role
#
role name level-1
description Predefined level-1 role
#
role name level-2
description Predefined level-2 role
#
role name level-3
description Predefined level-3 role
#
role name level-4
description Predefined level-4 role
#
role name level-5
description Predefined level-5 role
#
role name level-6
description Predefined level-6 role
#
role name level-7
description Predefined level-7 role
#
role name level-8
description Predefined level-8 role
#
role name level-9
description Predefined level-9 role
#
role name level-10
description Predefined level-10 role
#
role name level-11
description Predefined level-11 role
#
role name level-12
description Predefined level-12 role
#
role name level-13
description Predefined level-13 role
#
role name level-14
description Predefined level-14 role
#
user-group system
#
track 1 nqa entry admin liantong reaction 1
track 2 nqa entry admin dianxin reaction 1
#
return
本文章为转载内容,我们尊重原作者对文章享有的著作权。如有内容错误或侵权问题,欢迎原作者联系我们进行内容更正或删除文章。
