Shulou(Shulou.com)06/01 Report--

Hot backup routing Protocol (HSRP)

I. related concepts of HSRP

1. The principle of HSRP

1.1.Overview of HSRP

HSRP (Host Standby Routing Protocol, Hot backup routing Protocol) is a private protocol of Cisco, which ensures that when the network edge device or access link fails, the user communication can be repaired quickly and transparently, so as to provide redundancy for IP network. By applying HSRP, the uptime of the network can be close to 100%. In order to ensure the reliability requirements of the network.

HSRP provides fault tolerance and enhanced routing capabilities for IP networks. By using a virtual IP address and a virtual MAC address, two or more routers on the LAN network can serve as one virtual router. HSRP uses intra-group Cisco routers to monitor each other's health:

Members of the virtual router group exchange status information continuously through HSRP messages.

"if one of them fails, the other can continue to complete the routing function in his place.

1.2. Members of HSRP group

The HSRP backup group consists of an active router, a backup router, a virtual router, and other routers.

The functions of each router are as follows:

Active router: forwards packets sent to the virtual router. Another router in the group is selected as the backup router. The active router assumes and maintains its active role by sending Hello messages.

Backup router: monitor the operational status of the HSRP group and quickly assume responsibility for forwarding packets when the active router is not operational. The backup router also transmits a Hello message informing all routers in the group of changes in the role and status of the backup router.

Virtual router: provides the end user with a router that can work continuously. The virtual router comes with its own IP address and MAC address. However, the packet is not actually forwarded.

HSRP backup group: can contain other routers. These routers monitor Hello messages but do not respond. These routers forward any packets that pass through them, but do not forward packets that pass through the virtual router.

1.3. the specific working principle of HSRP

Each router in the HSRP group has a specified priority (priority), which is used to measure the priority of the router in the active router selection. The default priority is 100, which is optional in the user configuration and can make any value within 0such 255. The router with the highest priority in the group will become the active router.

The active HSRP router is determined by setting the priority of the HSRP group members. The figure below is as follows

The active router replaces the virtual router to respond to the data flow. If the end host sends a packet to the MAC address of the virtual router, the active router will accept and process the packet. If the end host sends an ARP resolution request to the IP address of the virtual router, the active router will reply with the MAC address of the virtual router.

As shown in the figure above, router A has a priority of 200 and router B has a priority of 150 (the default priority is 100). Router An assumes the role of an active router and forwards all data frames that reach the automatically generated HSRP virtual MAC.

When selecting an active router and a backup router, the router with the larger IP address wins if the priority is the same. (for example, if both routers have a HSRP priority of 100, the IP address of the port of one router on this LAN segment is 10.1.1.2, and the IP address of the port of the other router on this LAN segment is 10.1.1.3, then the router with the IP address of 10.1.1.3 becomes the active router).

Devices running HSRP send and receive multicast Hello packets based on the user Datagram Protocol (UDP 1985), detect router failures, and identify active and backup routers. HSRP routers in a group learn Hello intervals, hold times (Hold Time), and virtual IP addresses from active routers.

1.4.Virtual MAC address

ARP establishes an association between IP addresses and MAC addresses. Each layer 3 switch maintains an address resolution table. Before trying to contact a device, a layer 3 switch checks its ARP cache to determine if the address has been resolved. The IP address of the virtual router and the corresponding MAC address are maintained in the ARP table of each layer 3 switch in the HSRP group.

The MAC address used by the virtual router consists of three parts:

Vendor code-the first three bytes of the MAC address, representing the manufacturer.

HSRP encoding (virtual MAC address)-HSRP encoding is always "07.ac".

Group (HSRP group number)-the last byte of the MAC address is the identification number of the group. (for example, group number 47 is converted to hexadecimal to 2f, which will constitute the last byte of the MAC address)

You can also use the following command to display the virtual IP address and MAC address of each HSRP group:

1.5.The HSRP message

All routers in HSRP send or receive HSRP messages. These messages are used to determine and maintain router roles within the group. The HSRP message is encapsulated in the data portion of the UDP packet, using UDP port number 1985. 2. Status of HSRP

2. Status of HSRP

HSRP configured routers have six states, one of which is as follows:

Initial state, learning state, monitoring status, speaking status, backup status, active status.

Not all HSRP routers experience all states. For example, a router that is not a backup router or an active router will not have a backup state or an active state.

2.1, six states of HSRP

A, initial state: all routers start from the initial state. This is a starting state and indicates that HSRP is not yet running. Enter this state when the configuration changes or when a port is enabled for the first time.

B. Learning status: the router waits for a message from the active router. At this point, the router has not seen the Hello message from the active router, nor has it learned the IP address of the virtual router.

C, listening status: the router knows the IP address of the virtual router, but it is neither an active router nor a backup router. At this point, the router listens for Hello messages from the active and backup routers. All routers except the active router and the backup router remain listening.

D, speech status: the router periodically sends Hello messages and participates in the election of active or backup routers. The router cannot enter the speaking state until it has obtained the IP address of the virtual router.

E, backup status: the router is a candidate to be the next active router, and it can also send Hello messages periodically. There is only one backup router in a group.

F, active state: in the active state, the router is responsible for forwarding packets sent to the virtual MAC address of the backup group. Send Hello messages on the active router cycle. There must be one and only one active router in a group.

2.2, HSRP timer

HSRP uses two timers: the Hello interval timer and the hold time timer. HSRP routers in any state generate Hello packets after the Hello interval timer expires. The default Hello interval is 3s, and the default hold time is 10s.

Routers that do not have timers configured learn the values of these timers from the active or backup router. Timer values configured on active routers override timer settings on other routers. Routers in the same SHRP group should use the same chronograph value. In general, the hold time will be greater than or equal to three times the Hello interval, and the hold time must be greater than the Hello interval.

The default HSRP timer applies to most LAN segments.

3. The difference between HSRP and VRRP

HSRP is a private protocol for Cisco. VRRP is a routing backup redundancy protocol developed by IETF, and its implementation principle and process are basically the same as those of HSRP.

One of the main differences between VRRP and HSRP is in security. VRRP allows the establishment of authentication mechanism between devices of Caiyu VRRP group. Another major difference is that there are only three states in VRRP-initial state (initialize), primary state (Master), and backup state (Backup), while HSRP has six states. In addition, there are differences in message type, message format, and sending messages over TCP rather than UDP.

Second, after-class experiment

With the development of the company, the demand for the network is getting higher and higher. in order to ensure the stability and reliability of the network, the company decided to build two core switches for dual-computer hot standby, and at the same time, in order to make full use of resources, it is also necessary to achieve vlan load balance and facilitate equipment management.

The idea of realization is:

1. Configure VTP service on the core switch

2. The interfaces between switches are all configured in Trunk mode.

3. Configure HSRP on SW1 and SW2

4. Configure DHCP service

5. R2 configures ACL and NAT

6. Use static route and default route for routing.

7. Improve the load balance and redundancy of the link.

Experimental requirements:

1. Unified management of vlan

2. SW1 is the load of vlan10, 20, and SW2 is the load of vlan30, 40

3. All clients use automatic access to IP addresses.

4. The client can ping the address of R1.

5. Verify whether the SW1 can communicate normally after the shutdown.

Lab Topology:

Experimental command and explanation

SW1#en\\ enter privileged mode

SW1#vlan da\\ enter vlan database mode

SW1 (vlan) # vtp do ww\\ create a VTP domain named ww

SW1 (vlan) # vtp ser\\ set to VTP server mode

SW1 (vlan) # vlan 10\\ create vlan 10

SW1 (vlan) # vlan 20

SW1 (vlan) # vlan 30

SW1 (vlan) # vlan 40

SW1 (vlan) # exit\\ returns to the previous mode

SW1#conf t\\ enter global configuration mode

SW1 (config) # int vlan10\\ enter the vlan10 interface

SW1 (config-if) # ip add 192.168.10.1 255.255.255.0\\ configure vlan 10 IP address

SW1 (config-if) # no sh\\ on

SW1 (config-if) # stan 10 ip 192.168.10.254\\ configure HSRP virtual IP address

SW1 (config-if) # stan 10 pri 150\\ configure a priority of 150

SW1 (config-if) # stan 10 pre\\ configuration preemptive

SW1 (config-if) # stan 10 tr f0Tax 0100\\ configure port tracking, minus 100 priority when the port is blocked

SW1 (config-if) # standby 10 timers 2 8\\ configure Hello message, 2s is Hello,8 is hold time

SW1 (config-if) # int vlan 20

SW1 (config-if) # ip add 192.168.20.1 255.255.255.0

SW1 (config-if) # no sh

SW1 (config-if) # stan 20 ip 192.168.20.254

SW1 (config-if) # stan pri 150

SW1 (config-if) # stan 20 pre

SW1 (config-if) # standby 10 tr f0lap 0 100

SW1 (config-if) # int vlan 30

SW1 (config-if) # ip add 192.168.30.1 255.255.255.0

SW1 (config-if) # no sh

SW1 (config-if) # stan 30 ip 192.168.30.254

SW1 (config-if) # stan 30 pre

SW1 (config-if) # int vlan 40

SW1 (config-if) # ip add 192.168.40.1 255.255.255.0

SW1 (config-if) # no sh

SW1 (config-if) # stan 40 ip 192.168.40.254

SW1 (config-if) # stan 40 pre

SW1 (config-if) # int r f0swap 1-2\\ enter interfaces 1 to 2

SW1 (config-if-range) # sw mo tr\\ configure port to be in Trunk mode

SW1 (config-if-range) # channel-group 1 mo on\\ configure link load (port aggregation)

SW1 (config-if-range) # no sh\\ Open the port

SW1 (config-if-range) # int r f0swap 5-8\\ enter interfaces 5 to 8

SW1 (config-if-range) # sw mo tr\\ configure port to be in Trunk mode

SW1 (config-if-range) # no sh\\ Open the port

SW1 (config-if-range) # int f0swap 0\\ enter the f0Lex0 interface

SW1 (config-if) # no sw\\ turn off switched interface mode

SW1 (config-if) # ip add 192.168.1.2 255.255.255.0

SW1 (config-if) # exit

SW1 (config) # ip dhcp pool vlan10\\ create DHCP address pool name

SW1 (dhcp-config) # netw 192.168.10.0 255.255.255.0\\ address field assigned by the pool

SW1 (dhcp-config) # defa 192.168.10.254\\ default gateway address

SW1 (dhcp-config) # dns 8.8.8.8\\ DNS server address

SW1 (config-if) # exit

SW1 (config) # ip dhcp pool vlan20

SW1 (dhcp-config) # netw 192.168.20.0 255.255.255.0

SW1 (dhcp-config) # defa 192.168.20.254

SW1 (dhcp-config) # dns 8.8.8.8

SW1 (config-if) # exit

SW1 (config) # ip dhcp pool vlan30

SW1 (dhcp-config) # netw 192.168.30.0 255.255.255.0

SW1 (dhcp-config) # defa 192.168.30.254

SW1 (dhcp-config) # dns 8.8.8.8

SW1 (config-if) # exit

SW1 (config) # ip dhcp pool vlan40

SW1 (dhcp-config) # netw 192.168.40.0 255.255.255.0

SW1 (dhcp-config) # defa 192.168.40.254

SW1 (dhcp-config) # dns 8.8.8.8

SW1 (config) # spanning-tree vlan10 root primary\\ designated as the root bridge for vlan10

SW1 (config) # spanning-tree vlan 20 root primary

SW1 (config) # spanning-tree vlan30 root secondary\\ designated as an auxiliary to vlan30

SW1 (config) # spanning-tree vlan 40 root secondary

SW1 (config) # ip route 0.0.0.0 0.0.0.0 192.168.1.1\\ configure a default route

SW2#en

SW2#vlan da

SW2 (vlan) # vtp do ww

SW2 (vlan) # vtp cl

SW2 (vlan) # vtp client

SW2 (vlan) # exit

SW2#conf t

SW2 (config) # int r f0lap 1-2

SW2 (config-if-range) # sw mo tr

SW2 (config-if-range) # channel-group 1 mo on

SW2 (config-if-range) # no sh

SW2 (config-if-range) # int r f0lap 5-8

SW2 (config-if-range) # sw mo tr

SW2 (config-if-range) # no sh

SW2 (config-if-range) # exit

SW2 (config) # int vlan10\\ enter the vlan10 interface

SW2 (config-if) # ip add 192.168.10.2 255.255.255.0

SW2 (config-if) # no sh

SW2 (config-if) # stan 10 ip 192.168.10.254

SW2 (config-if) # stan 10 pre

SW2 (config-if) # standby 10 timers 2 8

SW2 (config-if) # int vlan 20

SW2 (config-if) # ip add 192.168.20.1 255.255.255.0

SW2 (config-if) # no sh

SW2 (config-if) # stan 20 ip 192.168.20.254

SW2 (config-if) # stan 20 pre

SW2 (config-if) # int vlan 30

SW2 (config-if) # ip add 192.168.30.1 255.255.255.0

SW2 (config-if) # no sh

SW2 (config-if) # stan 30 ip 192.168.30.254

SW2 (config-if) # stan 30 pri 150

SW2 (config-if) # stan 30 pre

SW2 (config-if) # stan 30 tr f0lap 0 100

SW2 (config-if) # int vlan 40

SW2 (config-if) # ip add 192.168.40.1 255.255.255.0

SW2 (config-if) # no sh

SW2 (config-if) # stan 40 ip 192.168.40.254

SW2 (config-if) # stan 30 pri 150

SW2 (config-if) # stan 40 pre

SW2 (config-if) # stan 40 tr f0lap 0 100

SW1 (config-if-range) # int f0and0

SW1 (config-if) # no sw

SW1 (config-if) # ip add 192.168.0.2 255.255.255.0

SW2 (config-if) # exit

SW2 (config) # ip dhcp pool vlan10

SW2 (dhcp-config) # netw 192.168.10.0 255.255.255.0

SW2 (dhcp-config) # defa 192.168.10.254

SW2 (dhcp-config) # dns 8.8.8.8

SW2 (config-if) # exit

SW2 (config) # ip dhcp pool vlan20

SW2 (dhcp-config) # netw 192.168.20.0 255.255.255.0

SW2 (dhcp-config) # defa 192.168.20.254

SW2 (dhcp-config) # dns 8.8.8.8

SW2 (config-if) # exit

SW2 (config) # ip dhcp pool vlan30

SW2 (dhcp-config) # netw 192.168.30.0 255.255.255.0

SW2 (dhcp-config) # defa 192.168.30.254

SW2 (dhcp-config) # dns 8.8.8.8

SW2 (config-if) # exit

SW2 (config) # ip dhcp pool vlan40

SW2 (dhcp-config) # netw 192.168.40.0 255.255.255.0

SW2 (dhcp-config) # defa 192.168.40.254

SW2 (dhcp-config) # dns 8.8.8.8

SW2 (config) # spanning-tree vlan 10 root secondary

SW2 (config) # spanning-tree vlan 20 root secondary

SW2 (config) # spanning-tree vlan 30 root primary

SW2 (config) # spanning-tree vlan 40 root primary

SW2 (config) # ip route 0.0.0.0 0.0.0.0 192.168.0.1

SW3#en

SW3#vlan da

SW3 (vlan) # vtp do ww

SW3 (vlan) # vtp client

SW3 (vlan) # exit

SW3#conf t

SW3 (config) # int r f0swap 0-1

SW3 (config-if-range) # sw mo tr

SW3 (config-if-range) # no sh

SW3 (config-if-range) # int f0bin5

SW3 (config-if) # sw ac vlan 10

SW3 (config-if) # no sh

(both SW3 and SW6 switches can be configured using the SW3 command. The only difference is that the VLAN number added by f0Unip 5 has been changed.)

R2#conf t

R2 (config) # int f0and0

R2 (config-if) # ip add 192.168.1.1 255.255.255.0\ interface configuration IP address

R2 (config-if) # ip nat inside\\ is configured as the inside NAT interface

R2 (config-if) # no sh

R2 (config-if) # int f1and0

R2 (config-if) # ip add 192.168.0.1 255.255.255.0

R2 (config-if) # ip nat inside

R2 (config-if) # no sh

R2 (config-if) # int f2and0

R2 (config-if) # ip add 169.239.123.241 255.255.255.248

R2 (config-if) # ip nat outside\\ is configured as an external NAT interface

R2 (config-if) # no sh

R2 (config-if) # exit

R2 (config) # ip access-list ex test\\ create a named ACL

R2 (config-ext-nacl) # per ip 192.168.10.0 0.0.0.255 any\\ allow the 192.168.10.0 network segment to access all addresses (here you can simplify the following command with subnetting)

R2 (config-ext-nacl) # per ip 192.168.20.0 0.0.0.255 any

R2 (config-ext-nacl) # per ip 192.168.30.0 0.0.0.255 any

R2 (config-ext-nacl) # per ip 192.168.40.0 0.0.0.255 any

R2 (config-ext-nacl) # exit

R2 (config) # ip nat inside source list test int f2amp 0 ov\\ convert the ACL named test to the address on the f2ap0 interface

R2 (config) # ip route 0.0.0.0 0.0.0.0 169.239.123.242\\ configure a default route

R2 (config) # ip route 192.168.10.0 255.255.255.0 192.168.1.2 1\\ static route plus floating route

R2 (config) # ip route 192.168.20.0 255.255.255.0 192.168.1.2 1

R2 (config) # ip route 192.168.30.0 255.255.255.0 192.168.1.2 2

R2 (config) # ip route 192.168.40.0 255.255.255.0 192.168.1.2 2

R2 (config) # ip route 192.168.10.0 255.255.255.0 192.168.0.2 2

R2 (config) # ip route 192.168.20.0 255.255.255.0 192.168.0.2 2

R2 (config) # ip route 192.168.30.0 255.255.255.0 192.168.0.2 1

R2 (config) # ip route 192.168.40.0 255.255.255.0 192.168.0.2 1

(there are several ways of static routes that can be changed according to your preferences. The following are subnetted routes:

Ip route 192.168.0.0 255.255.192.0 192.168.1.2 1

Ip route 192.168.0.0 255.255.192.0 192.168.0.2)

R1#conf t

R1 (config) # int f0bin0

R1 (config-if) # ip add 169.239.123.242 255.255.255.248

R1 (config-if) # no sh

R1 (config-if) # exit

R1 (config) # ip route 0.0.0.0 0.0.0.0 169.239.123.241

Experimental verification:

The client automatically obtains the IP address

Packets are forwarded according to the specified path, vlan40 uses SW2 for forwarding, and vlan10 uses SW1 for forwarding

Ping R1 with different clients

View HSRP backup status

SW1 to view HSRP backup status

SW2 to view HSRP backup status

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.