2.5-冗余VLAN
生活随笔
收集整理的這篇文章主要介紹了
2.5-冗余VLAN
小編覺得挺不錯(cuò)的,現(xiàn)在分享給大家,幫大家做個(gè)參考.
2.5-冗余VLAN ????High-Availability(AH) First?hop?routers?on?the?LAN?redundancy?Network/首跳冗余網(wǎng)絡(luò)(出口第一個(gè)網(wǎng)絡(luò)): 建立:Fault-tolerant/容錯(cuò)網(wǎng)絡(luò) 避免:Single?Points?of?Failure/單點(diǎn)失效 A:網(wǎng)絡(luò)拓?fù)淙哂?#xff08;成本最高的): B:硬件的冗余: 交換引擎的冗余,電源冗余,線卡(大模塊,高端設(shè)備用)冗余,風(fēng)扇冗余,線路冗余,ISP冗余(電信和網(wǎng)通,而且出口要不同)。 C:軟件/協(xié)議的冗余: HSRP(RFC2281) VRRP(RFC2383) GLBP(Gateway?Load?Balancing?Protocol) LAB1:Default?gateway(不運(yùn)行代理ARP) step1: PC4(config)#ip?default-gateway?192.168.1.2(設(shè)定默認(rèn)網(wǎng)關(guān)) PC5(config)#ip?default-gateway?192.168.1.3 step2: 關(guān)閉兩個(gè)出口路由器R2/3,的內(nèi)口(以太口)的代理ARP: R2/3(CONFIG)#INT?E0 NO?IP?PROXY-ARP SHOW?IP?INT?E?0 ...PROXY?ARP?IS?DISABLED STEP3:在外網(wǎng)運(yùn)行動(dòng)態(tài)路由協(xié)議RIP: R1/2/3# ROUTER?RIP VER?2 NO?AUTO R1:NET?1.0.0.0/12.0.0.0/13.0.0.0 R2:NET?12.0.0.0 R3:NET?13.0.0.0 SHO?IP?ROUTE?RIP R1:DEBUG?IP?PACKET R4:PING?1.1.1.1 R1:UN?ALL STEP4:R2/3上,做NAT:(基于NAT路由器外口地址的端口復(fù)用) 4-1:定義內(nèi)網(wǎng)的用戶群: ACCESS-LIST?1?PERMIT?192.168.1.0?0.0.0.255 4-2:定義NAT的內(nèi)口/外口: int?s?0 ip?nat?outside int?e?0 ip?nat?inside 4-3:進(jìn)行基于NAT路由器外口地址的端口復(fù)用: ip?nat?inside?source?list?1?interface?serial?0?overload step?5: 觀察指定默認(rèn)網(wǎng)關(guān)的單點(diǎn)失效。 pc4:ping?1.1.1.1?!!!!!?<control>+<shief>+<6>終止ping r1:int?s?0 ???shut ping?1.1.1.1?..... LAB2:Proxy?ARP/代理ARP: The?client?uses?ARP?to?get?the?destination?it?wants?to?reach, and?a?router?will?respond?to?the?ARP?request?with?its?own?MAC?address. step?1: PC主機(jī)上,無需配置網(wǎng)關(guān): pc4/5#?no?ip?default-gateway r2/3#int?e?0 ip?proxy-arp step?3: PC4/5# show?arp? clear?arp-cache?(windows:arp?-d) debug?arp r2?mac:x.x.c4d3 r3?mac:x.x.9dcc r4可以從r2或者r3走,但是只會(huì)有一個(gè)ARP映射產(chǎn)生,后來的會(huì)覆蓋先來的。 step4:觀察通過代理ARP實(shí)現(xiàn)的冗余網(wǎng)絡(luò),是不滿足高可靠性的要求的。 First-Hop?redundancy?Protocol(FHRP)首跳冗余 active?router?&?stand?by?router 在LAN用第一跳構(gòu)建冗余網(wǎng)絡(luò)(First?hop?routers?on?the?LAN?Redundancy?Network): ????建立:容錯(cuò)網(wǎng)絡(luò)(Fault-tolerant); ????避免:單點(diǎn)失效(Single?Points?of?Failure)。 ????硬件冗余: ????1:拓?fù)淙哂?#xff1b; ????2:交換引擎的冗余、電源冗余、線卡冗余、風(fēng)扇冗余、線路冗余。 ????軟件/協(xié)議的冗余: ????HSRP(RFC2281);c? ????VRRP(RFC2383); ????IRDP(RFC1256); ????GLBP(Gateway?Load?Balancing?Protocol); ????SRM(Single?Router?Mode); ????SLB(Server?Load?Balancing)。 ????冗余VLAN的近似通用配置: ????1?配置虛擬路由器 ????2?配置優(yōu)先級(jí) ????3?配置搶占路由器 ????Routing?protocol?(路由協(xié)議): ????The?client?listens?to?dynamic?routing?protocol?updates(for?example,from?IGP?RIP/OSPF?)And?forms?its?own?routing?table?。 ????IRDP(ICMP?Router?Discovery?Protocol): ????IRDP?client-the?client?runs?an?ICMP(Internet?Control?Message?Protocol)?router?discovery?client?; ????缺陷:網(wǎng)絡(luò)收斂性較慢;而且兼容性差→受限于主機(jī)的操作系統(tǒng)→少有操作系統(tǒng)支持! ????熱備份路由協(xié)議HSRP(Hot?Standby?Router?Protocol): ????HRSP是CISCO私有的,特點(diǎn)是收斂快; ????The?HSRP(Hot?Standby?Router?Protocol)?is?a?FHRP(First-Hop?Redundancy?Protocol),Designed?to?allow?for?transparent?fail-over?of?the?first-hop?IP?router?。 ????HSRP?provides?high?network?availability?by?providing?first-hop?routing?redundancy?for?IP?hosts?on?Ehernet,?with?a?default?gateway?IP?address. ????VRRP(Virtual?Router?Redundancy?Protocol): ????VRRP是業(yè)界標(biāo)準(zhǔn);其組播地址是:224.0.0.18?; ????配置命令:(c)#Interface?Ethernet?1/0?→Ip?address?192.168.1.2?255.0.0.0?→Vrrp?1?description?VL-1?→Vrrp?1?priority?100?→Vrrp?1?preempt?→Vrrp?1?ip?192.168.2.100?→Vrrp?1?authentication?cisco(認(rèn)證)→Vrrp?1?timers?advertise?2(作用類似于Hello包)。 ????GLBP(Gateway?Load?Balancing?Protocol): ????GLBP是CISCO私有的協(xié)議,和它競(jìng)爭(zhēng)的是HSRP和VRRP;GLBP使用的組播地址是:224.0.0.12?; ????The?advantage?of?GLBP?is?that?it?additionally?provides?load?balancing?over?multiple?routers(gateways)?using?a?single?virtual?ip?address?and?multiple?virtual?MAC?addresses; ????配置命令:Interface?fastethernet?0/0?→Ip?address?10.21..8.32?255.255.255.0?→Glbp?10?priority?100?→Glbp?10?preempt??→Glbp?10?ip?10.0.0.1?。 ---------------------------------------------------------------------------- ???LAB1:Deafualt?Gateway: ????STEP1:按圖構(gòu)建拓樸: ????要在邊界路由器面向PC的接口(R2/R3的E0)關(guān)閉自動(dòng)ARP否則會(huì)自動(dòng)構(gòu)建Deafault-Gateway無法達(dá)到實(shí)驗(yàn)要求:int?e0?→no?ip?proxy-arp?; ????STEP2:配置Deafault-Gateway: ????Deafault-Gateway的特點(diǎn)是配置簡(jiǎn)單和單點(diǎn)失效,其配置在主機(jī)(R4/R5)上完成: ????(c)#no?ip?routing?→ip?default?gateway?192.168.1.2?; ????STEP3:要在邊緣路由器(R2/R3)運(yùn)行NAT: ????(c)#access-list?1?permint?192.168.1.0?0.0.0.255(首先定義要進(jìn)行NAT的網(wǎng)段)→int?s0?→ip?nat?outside?→int?e0?→ip?nat?inside(接著定義NAT的內(nèi)/外口)→ip?nat?inside?source?list?1?int?s0?overload(最后進(jìn)行NAT轉(zhuǎn)換并端口復(fù)用); ????然后測(cè)試,在PC4和PC5上ping通R1:斷開一邊后另外一邊仍然是通的,而且斷開邊的PC也不會(huì)走另一條鏈路;得到結(jié)論:無法檢測(cè)到設(shè)備/鏈路故障,有可能導(dǎo)致單點(diǎn)失效。 ---------------------------------------------------------------------------- ???LAB2:代理ARP: ????STEP1:接上個(gè)實(shí)驗(yàn): ????ARP的欺騙:the?client?uses?ARP(Address?Resolution?Protocol)?Toget?the?destingation?it?wants?to?reach?,?and?a?router?will?respond?to?the?ARP?request?with?its?own?MAC?address?; ????PC上無需配置網(wǎng)關(guān):(c)#no?ip?default-gateway; ????STEP2:在網(wǎng)關(guān)路由器上啟動(dòng)ARP(默認(rèn)啟動(dòng)但是剛剛關(guān)了): ????(c)#int?e0?→ip?proxy-arp?; ????STEP3:測(cè)試ARP的運(yùn)作: ????分別在PC4/PC5?上ping1.1.1.1進(jìn)行測(cè)試; ????清理ARP進(jìn)程的命令:#clear?arp-cache?。 ---------------------------------------------------------------------------- ???LAB3:構(gòu)建HSRP: ????STEP1:構(gòu)建拓樸: ????要關(guān)掉ARP; ????STEP2:配置虛擬路由VR: ????在R2/R3上:(c)#in?e0?→standby?1?ip?192.168.1.100(定義虛擬路由器/網(wǎng)關(guān)的IP)?→standby?1?priority?105(定義HSRP優(yōu)先級(jí)控制active競(jìng)選,默認(rèn)100,R3取默認(rèn)值)?→standby?1?preempt(指定搶占競(jìng)選模式:優(yōu)先級(jí)髙的路由成為active)?; ????STEP3:在內(nèi)網(wǎng)指定VR為默認(rèn)網(wǎng)關(guān): ip?default?gateway?192.168.1.100 ????STEP4:查看HSRP的狀態(tài): ????用#sh?standby?brief查看;在PC4/PC5上ping1.1.1.1?; ????STEP5:查看協(xié)商狀態(tài): ????#debug?standby后第一次ping;注意清理ARP表#clear?arp-cache?; ????STEP6:跟蹤HSRP路由器的外口: ????在R2/R3上:(c-i)#standby?1?track?s0(跟蹤外口:外口斷了路由器能檢測(cè)到,而且能自動(dòng)切換鏈路); ????STEP7:其他命令: ????(c-i)#standby?1?authentication?123?(HSRP的認(rèn)證); ????(c-i)#standby?1?mac-address?00c0.abcd.1234?; ????(c-i)#standby?1?name?vlan-eng?; ????(c-i)#standby?1?timers?3?10?。 上課筆記:LAB:HSRP STEP?1:關(guān)閉R2/3的代理ARP功能: int?e?0 no?ip?proxy-arp step2:構(gòu)建一個(gè)虛擬路由器在內(nèi)網(wǎng)指定VR為默認(rèn)網(wǎng)關(guān)(R2/3共同維護(hù)) r2為Active網(wǎng)關(guān),r3為standby網(wǎng)關(guān) 2-1: r2/3:standby?1(組號(hào))name?vr-1 standy?1?ip?192.168.1.100(定義虛擬路由器/網(wǎng)關(guān)的IP) 2-2:定義參與HSRP的路由器的優(yōu)先級(jí): int?e?0 r3:standby?1?priority?100?(默認(rèn)100) r2:standby?1?priority?105(定義HSRP優(yōu)先級(jí),越高越可能成為Active?Router) 2-3:HSRP搶占: R2/3(CONFIG-IF)#standby?1?preempt(搶占:誰的優(yōu)先級(jí)高,誰就Active)ospf?DR選舉無搶占性 step3:PC4,指定VR-1為默認(rèn)網(wǎng)關(guān): PC4(config)#ip?default-gateway?192.168.1.100(指定虛擬路由器為網(wǎng)關(guān)) step4:觀察HSRP的簡(jiǎn)要工作狀態(tài): r2/3#show?standby?brief?可以查看誰是ACTIVE誰是STANDBY ping?192.168.1.100?!!!!! step5:觀察HSRP的切換: r2/3#debug?standby pc4?ping?1.1.1.1 關(guān)閉以太網(wǎng),內(nèi)口(e0)--沒問題,可以切換后正常通信。 standby?hello包為每三秒一次,r3三次沒收到r2?hello包就吧自己轉(zhuǎn)換為active,所以會(huì)有五個(gè)包的lost,平均兩秒一個(gè)包。 關(guān)閉串口,外口(s0)--有問題,standby路由器因?yàn)檎J盏絩2?hello包,所以不轉(zhuǎn)發(fā)數(shù)據(jù),而r1這時(shí)關(guān)閉了與r2的串口連接。 step6:跟蹤HSRP路由器的外口: r2/3(config)#int?e?0?在e0口做 r2/3(config-if)#standby?1?track?serial?0 跟蹤本路由器的外口: 如果外口失效,本機(jī)自動(dòng)將自己的HSRP優(yōu)先級(jí)默認(rèn)減10。 線路恢復(fù)正常后HSRP優(yōu)先級(jí)自動(dòng)增加10,r2會(huì)迅速?gòu)膕tandby變成active,甚至不會(huì)丟包。 step?7:Advanced?HSRP r2/3(config-if)#standby?1?authentication?123(HSRP的認(rèn)證) r2/3(config-if)#standby?1?MAC-address?00C0.1234.ABCD(指定虛擬MAC) r2/3(config-if)#standby?1?timers?3(hello包)?10(超時(shí)) LAB:不同子網(wǎng)(VLAN)間的負(fù)載均衡:(R2600) r2: int?e?0/0.10 en?dot1q?10 ip?add?192.168.10.2?255.255.255.0 standby?10?ip?192.168.10.100 standby?10?ip?priority?105 standby?10?ip?preempt standby?10?name?vr-10 standby?10?track?s?0/0 int?e?0/0.20 en?dot1q?20 ip?add?192.168.20.2?255.255.255.0 standby?20?ip?192.168.20.100 standby?20?ip?priority?100 standby?20?ip?preempt standby?20?name?vr-20 standby?20?track?s?0/0 r3: int?e?0/0.10 en?dot1q?10 ip?add?192.168.10.3?255.255.255.0 standby?10?ip?192.168.10.100 standby?10?ip?priority?100 standby?10?ip?preempt standby?10?name?vr-10 standby?10?track?s?0/0 int?e?0/0.10 en?dot1q?10 ip?add?192.168.20.3?255.255.255.0 standby?20?ip?192.168.20.100 standby?20?ip?priority?105 standby?20?ip?preempt standby?20?name?vr-20 standby?20?track?s?0/0 更先進(jìn)的拓?fù)?#xff08;看2-13圖) sw1: int?vlan10 ip?add?192.168.10.1?255.255.255.0 standby?10?ip?192.168.10.100 standby?10?ip?priority?105 standby?10?ip?preempt standby?10?name?vr-10 int?vlan20 ip?add?192.168.20.1?255.255.255.0 standby?20?ip?192.168.20.100 standby?20?ip?priority?100 standby?20?ip?preempt standby?20?name?vr-20 sw2: int?vlan10 ip?add?192.168.10.3?255.255.255.0 standby?10?ip?192.168.10.100 standby?10?ip?priority?100 standby?10?ip?preempt standby?10?name?vr-10 int?vlan20 ip?add?192.168.20.3?255.255.255.0 standby?20?ip?192.168.20.100 standby?20?ip?priority?105 standby?20?ip?preempt standby?20?name?vr-20 VRRP:原理與HSRP一樣 ra#int?e?0 ip?add?192.168.1.3?255.255.255.0 vrrp?1?description?vr-1 vrrp?1?priority?105 vrrp?1?preempt vrrp?1?ip?192.168.1.100 rb#int?e?0 ip?add?192.168.1.2?255.255.255.0 vrrp?1?description?vr-1 vrrp?1?priority?100 vrrp?1?preempt vrrp?1?ip?192.168.1.100 GLBP:(CISCO私有)(Gateway?load?balancing?protocol) The?advantage?of?GLBP?is?that?it?additionally?provides?load?balancing?over?multiple?routers(gateways),?mapping?a?single?virtual?ip?address?to?multiple?virtual?MAC?addresses; ra#int?fa?0/0 ip?add?192.168.10.2?255.255.255.0 glbp?10?priority?105 glbp?10?preempt glbp?10?ip?192.168.10.100 rb#int?fa?0/0 ip?add?192.168.10.3?255.255.255.0 glbp?10?priority?100 glbp?10?preempt glbp?10?ip?192.168.10.100 ------------------------------------------------------------------------- ???LAB4:HSRP: ????STEP1:構(gòu)建拓樸: ????要關(guān)掉ARP; ????STEP2:配置虛擬路由VRA: ????在邊界路由器的接口上配置HSRP的虛擬路由A: ????在R2上:(c)#in?e0?→standby?1?name?VR-A?→standby?1?priority?105?preempt?→standby?1?ip?192.168.1.100?→standby?1?track?s0?; ????在R3上:(c)#in?e0?→standby?1?name?VR-A?→standby?1?priority?100?preempt?→standby?1?ip?192.168.1.100?→standby?1?track?s0?; ????注意優(yōu)先級(jí);
????STEP2:配置虛擬路由VRB: ????在邊界路由器的接口上配置HSRP的虛擬路由B: ????在R2上:(c)#in?e0?→standby?use-bia(啟動(dòng)多個(gè)組)→standby?2?name?VR-B?→standby?2?priority?100?preempt?→standby?2?ip?192.168.1.200?→standby?2?track?s0?; ????在R2上:(c)#in?e0?→standby?use-bia(啟動(dòng)多個(gè)組)→standby?2?name?VR-B?→standby?2?priority?105?preempt?→standby?2?ip?192.168.1.200?→standby?2?track?s0?; ????STEP3:在不同的分組用戶中指定不同的VR作為網(wǎng)關(guān): ????PC4(config)#ip?default-gateway?192.168.1.100?; ????PC5(config)#ip?default-gateway?192.168.1.200?。 ---------------------------------------------------------------------------- ???LAB5:不同子網(wǎng)(vlan)間的負(fù)載均衡(R2600) ????其他同: ????R1(config)#in?e0/0?; ????no?shut?; ????int?e0/0.10?; ????en?dot1q?10?; ????ip?add?192.168.10.1?255.255.255.0?; ????standby?10?ip?192.168.10.100?; ????standby?10?priority?105?; ????standby?10?preempt??; ????standby?10?name?VR-10?; ????standby?10?track?s0/0?; ????in?e0/0.20?; ????en?dot1q?20?; ????ip?add?192.168.10.1?255.255.255.0?; ????standby?20?ip?192.168.20.100?; ????standby?20?preempt??; ????standby?20?name?VR-20?; ????standby?20?track?s0/0?。
來自為知筆記(Wiz)
| HSRP? | R2? | R3? |
| VR-A? | Active? | 100? |
| VR-B? | 100? | Active? |
來自為知筆記(Wiz)
轉(zhuǎn)載于:https://www.cnblogs.com/sanyuanempire/p/6155133.html
總結(jié)
以上是生活随笔為你收集整理的2.5-冗余VLAN的全部?jī)?nèi)容,希望文章能夠幫你解決所遇到的問題。
- 上一篇: Content Security Pol
- 下一篇: codewars-random(2)