配置VRRP主备备份
组网需求
用户通过网关设备接入上层网络,为保证用户的各种业务在网络传输中不中断,需在网关设备上配置VRRP主备备份功能。
如图1所示,DeviceD双归接入DeviceA和DeviceB,用户希望通过DeviceA进行业务转发,DeviceB作为备份。当DeviceA出现故障时,由DeviceB接替进行数据传输。当DeviceA恢复后,链路又重新切回DeviceA上进行数据传输。
配置思路
采用如下思路配置主备备份VRRP备份组:
- 配置各设备接口IP地址及路由协议,使网络层路由可达。
- 在DeviceA和DeviceB上配置VRRP备份组。在DeviceA上配置较高优先级,作为Master设备承担流量;在DeviceB上配置较低优先级,作为备用设备,实现冗余备份。
操作步骤
- 配置DeviceA、DeviceB和DeviceC各接口的IP地址,并配置采用OSPF协议进行互连。DeviceD的配置详见配置脚本。
# 配置DeviceA。
<HUAWEI> system-view [~HUAWEI] sysname DeviceA [*HUAWEI] commit [~DeviceA] interface 100ge 1/0/3 [~DeviceA-100GE1/0/3] undo portswitch [*DeviceA-100GE1/0/3] ip address 10.1.1.1 24 [*DeviceA-100GE1/0/3] quit [*DeviceA] interface 100ge 1/0/1 [*DeviceA-100GE1/0/1] undo portswitch [*DeviceA-100GE1/0/1] ip address 192.168.1.1 24 [*DeviceA-100GE1/0/1] quit [*DeviceA] ospf 1 [*DeviceA-ospf-1] area 0 [*DeviceA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [*DeviceA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [*DeviceA-ospf-1-area-0.0.0.0] quit [*DeviceA-ospf-1] quit [*DeviceA] commit
# 配置DeviceB。
<HUAWEI> system-view [~HUAWEI] sysname DeviceB [*HUAWEI] commit [~DeviceB] interface 100ge 1/0/3 [~DeviceB-100GE1/0/3] undo portswitch [*DeviceB-100GE1/0/3] ip address 10.1.1.2 24 [*DeviceB-100GE1/0/3] quit [*DeviceB] interface 100ge 1/0/2 [*DeviceB-100GE1/0/2] undo portswitch [*DeviceB-100GE1/0/2] ip address 192.168.2.1 24 [*DeviceB-100GE1/0/2] quit [*DeviceB] ospf 1 [*DeviceB-ospf-1] area 0 [*DeviceB-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255 [*DeviceB-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255 [*DeviceB-ospf-1-area-0.0.0.0] quit [*DeviceB-ospf-1] quit [*DeviceB] commit
# 配置DeviceC。
<HUAWEI> system-view [~HUAWEI] sysname DeviceC [*HUAWEI] commit [~DeviceC] interface 100ge 1/0/1 [~DeviceC-100GE1/0/1] undo portswitch [*DeviceC-100GE1/0/1] ip address 192.168.1.2 24 [*DeviceC-100GE1/0/1] quit [*DeviceC] interface 100ge 1/0/2 [*DeviceC-100GE1/0/2] undo portswitch [*DeviceC-100GE1/0/2] ip address 192.168.2.2 24 [*DeviceC-100GE1/0/2] quit [*DeviceC] interface 100ge 1/0/3 [*DeviceC-100GE1/0/3] undo portswitch [*DeviceC-100GE1/0/3] ip address 172.16.1.1 24 [*DeviceC-100GE1/0/3] quit [*DeviceC] ospf 1 [*DeviceC-ospf-1] area 0 [*DeviceC-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255 [*DeviceC-ospf-1-area-0.0.0.0] network 192.168.2.0 0.0.0.255 [*DeviceC-ospf-1-area-0.0.0.0] network 172.16.1.0 0.0.0.255 [*DeviceC-ospf-1-area-0.0.0.0] quit [*DeviceC-ospf-1] quit [*DeviceC] commit
- 配置VRRP备份组。
# 在DeviceA上,创建VRRP备份组1,配置VRRP安全策略,配置DeviceA在该备份组中的优先级为120(作为Master设备),并配置抢占延迟时间为20秒。
[~DeviceA] interface 100ge 1/0/3 [~DeviceA-100GE1/0/3] vrrp vrid 1 virtual-ip 10.1.1.111 [~DeviceA-100GE1/0/3] vrrp vrid 1 authentication-mode md5 YsH_2022 [*DeviceA-100GE1/0/3] vrrp vrid 1 priority 120 [*DeviceA-100GE1/0/3] vrrp vrid 1 preempt timer delay 20 [*DeviceA-100GE1/0/3] quit [*DeviceA] commit
# 在DeviceB上,创建VRRP备份组1,配置VRRP安全策略,并配置DeviceB在该备份组中的优先级为缺省值100(作为Backup设备)。
[~DeviceB] interface 100ge 1/0/3 [~DeviceB-100GE1/0/3] vrrp vrid 1 virtual-ip 10.1.1.111 [~DeviceB-100GE1/0/3] vrrp vrid 1 authentication-mode md5 YsH_2022 [*DeviceB-100GE1/0/3] quit [*DeviceB] commit
检查配置结果
# 在DeviceA和DeviceB上查看VRRP备份组的状态信息。
[~DeviceA] display vrrp verbose
100GE1/0/3 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20s Remain : --
Hold Multiplier : 4
TimerRun : 1s
TimerConfig : 1s
Auth Type : MD5 Auth Key : ******
Virtual MAC : 00-e0-fc-12-78-90
Check TTL : YES
Config Type : Normal
Create Time : 2020-12-29 05:41:23
Last Change Time : 2020-12-29 05:41:33
[~DeviceB] display vrrp verbose
100GE1/0/3 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 4
TimerRun : 1s
TimerConfig : 1s
Auth Type : MD5 Auth Key : ******
Virtual MAC : 00-e0-fc-12-78-90
Check TTL : YES
Config Type : Normal
Create Time : 2020-12-29 05:41:23
Last Change Time : 2020-12-29 05:41:33
可以看到DeviceA在备份组中的状态是Master,DeviceB在备份组中的状态是Backup。
# 在DeviceA和DeviceB上查看路由信息。
[~DeviceA] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 100GE1/0/3
10.1.1.1/32 Direct 0 0 D 127.0.0.1 100GE1/0/3
10.1.1.111/32 Direct 0 0 D 127.0.0.1 100GE1/0/3
10.1.1.255/32 Direct 0 0 D 127.0.0.1 100GE1/0/3
172.16.1.0/24 OSPF 10 2 D 192.168.1.2 100GE1/0/3
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 Direct 0 0 D 192.168.1.1 100GE1/0/1
192.168.1.1/32 Direct 0 0 D 127.0.0.1 100GE1/0/1
192.168.1.2/32 Direct 0 0 D 192.168.1.2 100GE1/0/1
192.168.1.255/32 Direct 0 0 D 127.0.0.1 100GE1/0/1
192.168.2.0/24 OSPF 10 2 D 10.1.1.2 100GE1/0/3
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[~DeviceB] display ip routing-table
Route Flags: R - relay, D - download to fib, T - to vpn-instance, B - black hole route
------------------------------------------------------------------------------
Routing Table : _public_
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.2 100GE1/0/3
10.1.1.2/32 Direct 0 0 D 127.0.0.1 100GE1/0/3
10.1.1.111/32 OSPF 10 2 D 10.1.1.1 100GE1/0/3
10.1.1.255/32 Direct 0 0 D 127.0.0.1 100GE1/0/3
172.16.1.0/24 OSPF 10 2 D 192.168.2.2 100GE1/0/2
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 OSPF 10 2 D 10.1.1.1 100GE1/0/3
192.168.2.0/32 Direct 0 0 D 127.0.0.1 100GE1/0/2
192.168.2.1/32 Direct 0 0 D 192.168.2.1 100GE1/0/2
192.168.2.2/24 Direct 0 0 D 127.0.0.1 100GE1/0/2
192.168.2.255/32 Direct 0 0 D 127.0.0.1 100GE1/0/2
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
在DeviceA上可以看到路由表中有一条目的地址为虚拟IP地址的直连路由,而DeviceB上该路由为OSPF路由。
# 验证DeviceA故障时DeviceB能够成为Master设备。在DeviceA的100GE1/0/3接口执行shutdown命令,模拟DeviceA出现故障。
[~DeviceA] display vrrp verbose
100GE1/0/3 | Virtual Router 1
State : Initialize
Virtual IP : 10.1.1.111
Master IP : 0.0.0.0
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 0
Preempt : YES Delay Time : 20s Remain : --
Hold Multiplier : 4
TimerRun : 1s
TimerConfig : 1s
Auth Type : MD5 Auth Key : ******
Virtual MAC : 00-e0-fc-12-78-90
Check TTL : YES
Config Type : Normal
Create Time : 2020-12-29 05:51:23
Last Change Time : 2020-12-29 05:51:33
[~DeviceB] display vrrp verbose
100GE1/0/3 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.2
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 100
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 4
TimerRun : 1s
TimerConfig : 1s
Auth Type : MD5 Auth Key : ******
Virtual MAC : 00-e0-fc-12-78-90
Check TTL : YES
Config Type : Normal
Create Time : 2020-12-29 05:51:23
Last Change Time : 2020-12-29 05:51:33
可以看到DeviceA在备份组中的状态为Initialize,DeviceB在备份组中的状态是Master。
# 验证DeviceA恢复后能够抢占成为Master。对DeviceA的100GE1/0/3接口执行undo shutdown命令,100GE1/0/3接口恢复Up态后,需要等待20秒。
[~DeviceA] display vrrp verbose
100GE1/0/3 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20s Remain : --
Hold Multiplier : 4
TimerRun : 1s
TimerConfig : 1s
Auth Type : MD5 Auth Key : ******
Virtual MAC : 00-e0-fc-12-78-90
Check TTL : YES
Config Type : Normal
Create Time : 2020-12-29 05:56:23
Last Change Time : 2020-12-29 05:56:33
[~DeviceB] display vrrp verbose
100GE1/0/3 | Virtual Router 1
State : Backup
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 100
PriorityConfig : 100
MasterPriority : 120
Preempt : YES Delay Time : 0s Remain : --
Hold Multiplier : 4
TimerRun : 1s
TimerConfig : 1s
Auth Type : MD5 Auth Key : ******
Virtual MAC : 00-e0-fc-12-78-90
Check TTL : YES
Config Type : Normal
Create Time : 2020-12-29 05:56:23
Last Change Time : 2020-12-29 05:56:33
可以看到DeviceA在备份组中的状态恢复成Master,DeviceB在备份组中的状态变为Backup。
配置脚本
-
# sysname DeviceA # interface 100GE1/0/1 undo portswitch ip address 192.168.1.1 255.255.255.0 # interface 100GE1/0/3 undo portswitch ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 authentication-mode md5 YsH_2022 vrrp vrid 1 priority 120 vrrp vrid 1 preempt timer delay 20 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return
- DeviceB
# sysname DeviceB # interface 100GE1/0/2 undo portswitch ip address 192.168.2.1 255.255.255.0 # interface 100GE1/0/3 undo portswitch ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 authentication-mode md5 YsH_2022 # ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 10.1.1.0 0.0.0.255 # return
- DeviceC
# sysname DeviceC # interface 100GE1/0/1 undo portswitch ip address 192.168.1.2 255.255.255.0 # interface 100GE1/0/2 undo portswitch ip address 192.168.2.2 255.255.255.0 # interface 100GE1/0/3 undo portswitch ip address 172.16.1.1 255.255.255.0 # ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 172.16.1.0 0.0.0.255 # return
-
# sysname DeviceD # vlan 10 # interface 100GE1/0/1 port default vlan 10 # interface 100GE1/0/2 port link-type access port default vlan 10 # return