**
VRRP負載均衡
**
SW1配置
The device is running!
system //進入使用者視圖
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname sw1 //更改裝置名稱
[sw1]vlan batch 10 20
Info: This operation may take a few seconds. Please wait for a moment…done.
[sw1]interface g0/0/4 //進入0/0/4接口
[sw1-GigabitEthernet0/0/4]port link-type access //更改鍊路類型
[sw1-GigabitEthernet0/0/4]port default vlan 20 //将接口加入vlan
[sw1-GigabitEthernet0/0/4]quit //退出接口 模式
[sw1]interface g0/0/3 //進入0/0/3接口
[sw1-GigabitEthernet0/0/3]port link-type access //更改鍊路類型
[sw1-GigabitEthernet0/0/3]port default vlan 10 //将接口加入vlan
[sw1-GigabitEthernet0/0/3]quit //退出接口模式
[sw1]interface g0/0/1 //進入0/0/1接口
[sw1-GigabitEthernet0/0/1]port link-type trunk 更改鍊路類型
[sw1-GigabitEthernet0/0/1]port trunk allow-pass vlan all //端口改為運作所有vlan通過
[sw1-GigabitEthernet0/0/1]quit //退出接口模式
[sw1]interface g0/0/2 //進入接口
[sw1-GigabitEthernet0/0/2]port link-type trunk //更改鍊路類型
[sw1-GigabitEthernet0/0/2]port trunk allow-pass vlan all //加入vlan
[sw1-GigabitEthernet0/0/2]quit //退出接口模式
SW2配置
The device is running!
system //進入使用者視圖
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname sw2 //更改裝置名稱
[sw2]vlan batch 10 20 //批量建立vlan
Info: This operation may take a few seconds. Please wait for a moment…done.
[sw2]interface g0/0/2 //進入接口
[sw2-GigabitEthernet0/0/2]port link-type trunk //更改鍊路類型
[sw2-GigabitEthernet0/0/2]port trunk allow-pass vlan all //允許所有vlan通過
[sw2-GigabitEthernet0/0/2]quit //退出接口
[sw2]interface vlanif 10 //進入vlan
[sw2-Vlanif10]ip addres 192.168.10.253 24 //配置IP
[sw2-Vlanif10]undo shutdown //激活
Info: Interface Vlanif10 is not shutdown.
[sw2-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254 //配置虛拟網關
[sw2-Vlanif10]vrrp vrid 1 priority 200 //更改優先級
[sw2-Vlanif10]quit //退出vlan10
[sw2]interface vlanif 20 //進入vlan20
[sw2-Vlanif20]ip address 192.168.20.253 24 //配置IP
[sw2-Vlanif20]undo shutdown //激活
Info: Interface Vlanif20 is not shutdown.
[sw2-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254 //配置虛拟網關
[sw2-Vlanif20]quit //退出vlan20
[sw2]vlan 30
[sw2]interface vlanif 30 //進入vlan30
[sw2-Vlanif30]ip address 192.168.30.1 24 //配置IP
[sw2-Vlanif30]undo shutdown //激活
Info: Interface Vlanif30 is not shutdown.
[sw2-Vlanif30]quit //退出
[sw2]interface g0/0/1 //進入接口
[sw2-GigabitEthernet0/0/1]port link-type access //更改鍊路類型
[sw2-GigabitEthernet0/0/1]port default vlan 30 //接口加入vlan
[sw2-GigabitEthernet0/0/1]quit //退出
SW3配置
system-viem
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname sw3
[sw3]vlan batch 10 20 //批量建立vlan
Info: This operation may take a few seconds. Please wait for a moment…done.
[sw3]interface g0/0/2 //進入接口
[sw3-GigabitEthernet0/0/2]port link-type trunk //更改鍊路類型
[sw3-GigabitEthernet0/0/2]port trunk allow-pass vlan all //
[sw3-GigabitEthernet0/0/2]quit
[sw3]interface vlanif 10
[sw3-Vlanif10]ip address 192.168.10.252 24 //配置IP
[sw3-Vlanif10]undo shutdown
Info: Interface Vlanif10 is not shutdown.
[sw3-Vlanif10]vrrp vrid 1 virtual-ip 192.168.10.254 //配置虛拟網關
[sw3-Vlanif10]quit
[sw3]interface vlanif 20
[sw3-Vlanif20]ip address 192.168.20.252 24
[sw3-Vlanif20]undo shutdown
Info: Interface Vlanif20 is not shutdown.
[sw3-Vlanif20]vrrp vrid 2 virtual-ip 192.168.20.254 //配置虛拟網關
[sw3-Vlanif20]vrrp vrid 2 priority 200 //配置優先級
[sw3-Vlanif20]quit
[sw3]vlan 30
[sw3-vlan30]quit
[sw3]interface vlanif 30
[sw3-Vlanif30]ip address 192.168.40.1 24
[sw3-Vlanif30]undo shutdown
Info: Interface Vlanif30 is not shutdown.
[sw3-Vlanif30]quit
[sw3]interface g0/0/1
[sw3-GigabitEthernet0/0/1]port link-type access
[sw3-GigabitEthernet0/0/1]port default vlan 30
[sw3-GigabitEthernet0/0/1]quit
在這裡插入圖檔描述
R1配置
system
Enter system view, return user view with Ctrl+Z.
[Huawei]sysname R1
[R1]interface g0/0/0
[R1-GigabitEthernet0/0/0]ip address 192.168.30.2 24
[R1-GigabitEthernet0/0/0]quit
[R1]interface g0/0/1
[R1-GigabitEthernet0/0/1]ip address 192.168.40.2 24
[R1-GigabitEthernet0/0/1]quit
總結:
在多個真實的網關裝置之間運作之後,形成一個虛拟的網關,實作多個真實網關之間的“備援備份”以及資料轉發的負載均衡。
場景:
當我們為了提高一個網絡中的網關的安全性,進而在同一個網絡中部署多個網關裝置的時候,我們需要在多個網關裝置之間運作 VRRP。
工作過程:
VRRP在裝置上運作之後會互相發送封包,比較優先級,選取主網關,進而形成一個虛拟網關。來确定出網關裝置之間的不同角色。一旦确定出主網關和備份網關之後,隻有主網關一直周期性發送封包。如果在一定時間之内,沒有收到master發送的封包,就認為master出現故障進而切換角色。
master - 主裝置;有且隻有1個;
backup - 備份裝置;可以有很多;
鍊路追蹤配置
[sw2]interface vlanif 10
[sw2-Vlanif10]vrrp vrid 1 track interface GigabitEthernet 0/0/1 reduced 150 //當g0/0/1線路故障出現問降級150
總結
當主網關出接口線路故障時,PC機不能正常通路外網。是以應将自己的優先級降低從master變為backup。那麼鍊路追蹤在發現線路down掉就會自動發送VRRP封包降低優先級,降低比backup網關角色優先級低。進而讓backup變成master,接管原主網關的工作。
VRRP常見的故障:多個master。
故障原因:
1.多個真實網關之間不通
2.兩邊配置的 VRID 不同
3.兩邊配置的 virtual-ip 不同
4.vrrp 認證不成功