A-A+
MHSRP实例配置(无图版)
我们在做HSRP的时候都知道,两个核心交换中,如果把CORE_A配置成active的话,内网所有的流量都会从A走,如果内网用户比较多,A会累的半死,而B却可以在那睡觉了,这是一种严重的不平衡。为了改变这种状态,我们出现了MHSRP。
在上图中,PC_A和PC_B代表内网的两个网段,当配置完成以后,PC_A访问8.8.8.8的时候从CORE_A转发,当PC_B访问8.8.8.8的时候从CORE_B转发。 当CORE_A出现故障后,PC_A的流量会从CORE_B走,反之亦然。
CORE_A的配置:
- interface Vlan10
- ip address 10.1.1.252 255.255.255.0 配置SVI 10的物理地址
- standby 10 ip 10.1.1.254 配置HSRP group 10 的虚拟地址,也就是PC_A的网关
- standby 10 priority 105 设置优先级为105,默认为100
- standby 10 track Vlan100 vlan100为上行链路的接口
- interface Vlan20
- ip address 20.1.1.252 255.255.255.0
- standby 20 ip 20.1.1.254
- standby 20 preempt 配置抢占,当对方的优先级因track等原因低于自己100时候,会自动抢占为active
CORE_B的配置:
- interface Vlan10
- ip address 10.1.1.253 255.255.255.0
- standby 10 ip 10.1.1.254
- standby 10 preempt
- !
- interface Vlan20
- ip address 20.1.1.253 255.255.255.0
- standby 20 ip 20.1.1.254
- standby 20 priority 105
- standby 20 track Vlan100
由上述配置可以看出,vlan10为CORE_A的Active,vlan20为CORE_B的Active,并为相互备份。
- CORE_A#sh standby vlan 10
- Vlan10 - Group 10
- State is Active
- 2 state changes, last state change 00:15:34
- Virtual IP address is 10.1.1.254
- Active virtual MAC address is 0000.0c07.ac0a
- Local virtual MAC address is 0000.0c07.ac0a (v1 default)
- Hello time 3 sec, hold time 10 sec
- Next hello sent in 1.280 secs
- Preemption disabled
- Active router is local
- Standby router is 10.1.1.253, priority 100 (expires in 7.800 sec)
- Priority 105 (configured 105)
- Track interface Vlan100 state Up decrement 10
- IP redundancy name is "hsrp-Vl10-10" (default)
- CORE_A#sh standby vlan 20
- Vlan20 - Group 20
- State is Standby
- 4 state changes, last state change 00:05:16
- Virtual IP address is 20.1.1.254
- Active virtual MAC address is 0000.0c07.ac14
- Local virtual MAC address is 0000.0c07.ac14 (v1 default)
- Hello time 3 sec, hold time 10 sec
- Next hello sent in 1.188 secs
- Preemption enabled
- Active router is 20.1.1.253, priority 105 (expires in 7.312 sec)
- Standby router is local
- Priority 100 (default 100)
- IP redundancy name is "hsrp-Vl20-20" (default)
- CORE_B# sh standby vlan 10
- Vlan10 - Group 10
- State is Standby
- 1 state change, last state change 00:12:38
- Virtual IP address is 10.1.1.254
- Active virtual MAC address is 0000.0c07.ac0a
- Local virtual MAC address is 0000.0c07.ac0a (v1 default)
- Hello time 3 sec, hold time 10 sec
- Next hello sent in 0.848 secs
- Preemption enabled
- Active router is 10.1.1.252, priority 105 (expires in 8.160 sec)
- Standby router is local
- Priority 100 (default 100)
- IP redundancy name is "hsrp-Vl10-10" (default)
- CORE_B#sh standby vlan 20
- Vlan20 - Group 20
- State is Active
- 2 state changes, last state change 00:06:52
- Virtual IP address is 20.1.1.254
- Active virtual MAC address is 0000.0c07.ac14
- Local virtual MAC address is 0000.0c07.ac14 (v1 default)
- Hello time 3 sec, hold time 10 sec
- Next hello sent in 1.724 secs
- Preemption disabled
- Active router is local
- Standby router is 20.1.1.252, priority 100 (expires in 9.596 sec)
- Priority 105 (configured 105)
- IP redundancy name is "hsrp-Vl20-20" (default)
最后,我们在PC_A和PC_B上对外网做个traceroute
- PC_A#traceroute 8.8.8.8
- Type escape sequence to abort.
- Tracing the route to 8.8.8.8
- 1 10.1.1.252 0 msec 0 msec *
- PC_B#traceroute 8.8.8.8
- Type escape sequence to abort.
- Tracing the route to 8.8.8.8
- 1 20.1.1.253 0 msec 0 msec *
当CORE_A或者CORE_B出现故障后的测试在这里就不演示了,大家做完这些配置的时候可以做个断电测试。
最后在这里留下两个问题:
1、我们在很多拓扑中都会看见两个核心之间有一条链路,请问中间的链路存在与否的区别在哪里?如果存在该链路,我们需要考虑哪几个问题?
2、在上面这个实验中,我们并没有考虑出口那个网云的问题,那么8.8.8.8是如何回包的,它把数据包是回给CORE_A还是CORE_B,如果回给A,那么PC_B的流量来回路径就不一致了,反之亦然,有什么好的解决方案?
以上两个疑问在后期我会有相应的实验讲解,还请大家多多交流.