Shulou(Shulou.com)06/03 Report--

Gateway Redundancy for Large Enterprise Network Construction

I. Principle of HSRP

HSRP (Hot Standby Routing Protocol) is Cisco's proprietary protocol. HSRP runs on UDP, using port number 1985.

2, hot backup principle: the protocol contains multiple routers, corresponding to a HSRP group

Active routers: Only one router in the group is responsible for forwarding user traffic.

Backup router: When the active router fails, the backup router will assume this responsibility and become the new active router.

--Virtual router:

3. HSRP priority

The HSRP protocol uses a priority to determine which router configured with the HSRP protocol becomes the default active router

--A router becomes active if its priority is set higher than all other routers. -- The default priority of routers is 100, so if only one router is set to a priority higher than 100, that router will

Become an active router.

4. HSRP Preemption

--After the router with high priority is down, the backup route will become the active router;

--Preemption needs to be configured. When the router with high priority is restored, it can regain forwarding power and recover as an active router.

5. HSRP port tracking

--When the tracking port is unavailable, the active router automatically reduces its priority and becomes a backup router;

--When tracking port recovery, the original active router regains permissions because preemption is configured.

6. HSRP configuration steps

--configured as a member of HSRP

--Configure HSRP priority (default is 100)

--Configure HSRP Preemption

--Configure HSRP timer

-- Hello interval (default 3s)

--Default time (10s)

--Configure HSRP port tracking

--View HSRP information

7. HSRP configuration case

--Configuration SW1

Switch>enable Enter privileged mode

Switch#configure terminal Enter global configuration mode

Switch (config)#hostname + name Modify the switch name

SW1（config）#interface vlan 2

Switch（config-if）#ip address 192.168.1.1 255.255.255.0

Switch (config-if)#no shutdown Open port

Switch (config-if)#standby 10 ip 192.168.1.254 Configure the ip address of the virtual switch

Switch（config-if）#standby 10 priority 200

Switch（config-if）#standby 10 preempt

Switch（config-if）#standby 10 timers 2 8

Switch（config-if）#standby 10 track fsteEthernet0/1 100

--Configuration SW2

Switch>enable Enter privileged mode

Switch#configure terminal Enter global configuration mode

Switch (config)#hostname + name Modify the switch name

SW1（config）#interface vlan 2

Switch（config-if）#ip address 192.168.1.2 255.255.255.0

Switch (config-if)#no shutdown Open port

Switch（config-if）#standby 10 ip 192.168.1.254

Switch（config-if）#standby 10 priority 150

Switch（config-if）#standby 10 preempt

Switch（config-if）#standby 10 timers 2 8

--View HSRP information

Switch#Show standby

--View HSRP profile

Switch#Show standby brief

II. VRRP Principle

1. Why configure VRRP protocol?

VRRP (Virtual Router Redundancy Protocol) is a fault-tolerant protocol. Usually, all hosts in a network set a default route, so that the destination address sent by the host is not in the network segment will be sent to router A through the default route, thus realizing the communication between the host and the external network. When router A breaks down, all the hosts in the network segment with router A as the default route will lose communication with the outside, resulting in a single point of failure. VRRP is designed for local area network (such as Ethernet) with multicast or broadcast capability.

2. Overview of VRRP

VRRP (Virtual Router Redundancy Protocol) is a fault-tolerant protocol.

3. VRRP principle (working process)

--After the router enables VRRP, it will determine its role in the backup group according to priority. The router with the highest priority becomes the primary router, and the router with the lowest priority becomes the standby router. The active router sends VRRP notification messages periodically to inform other routers in the backup group that they are working normally; the backup router starts a timer to wait for the arrival of the notification message.

-- VRRP In different primary preemption modes, the primary role replacement mode is different: l In the preemption mode, when the primary router receives the VRRP advertisement message, it will compare its priority with the priority in the advertisement message. If it is higher than the priority in the advertisement message, it will become the primary router; otherwise, it will remain in standby state. In non-preemptive mode, routers in the backup group remain active or standby as long as the active router does not fail, and routers in the backup group do not become active even if they are subsequently configured with a higher priority.

--If the standby router does not receive the VRRP notification message sent by the active router after the timer expires, it is considered that the active router has failed to work normally. At this time, the standby router will think that it is the active router and send the VRRP notification message to the outside. Routers in the backup group elect the active router according to priority to assume the forwarding function of messages.

4. Role of VRRP

- Simplifying network management;

- Adaptability;

--Low network overhead;

-- VRRP realizes gateway redundancy;

--VRRP Load Balancer is generally set in actual networking to achieve traffic Load Balancer.

5. VRRP group members

--Main router

--Backup router

--Virtual router

6. Three states of VRRP

-- Initialize initial state

-- Master activity status

-- Backup status

7. VRRP timer

--The default sending time of VRRP notification is 1s;

-- Master_Down_Interval time, which is equivalent to the hold time in HSRP, i.e. the backup router has not received it for a while

The VRRP advertisement of the main router considers that the main router is abnormal and becomes the main router itself.

-- Master_Down_Interval time is 3 times the VRRP notification sending time plus an offset time.

VRRP provides three authentication methods.

--No certification

--Simple (plain text) authentication

-- MD5 (encryption) authentication

Different authentication methods can be used according to different network environments

--Can be used without authentication in a secure network environment

MD5 authentication can be used in a very insecure network

9. Configuration of VRRP

(1) VRRP configuration steps

--configured as VRRP member

--Configure VRRP priority (default is 100)

--Configure VRRP Preemption (default enabled)

--Configure VRRP timer

--Configure VRRP certification

--Configure VRRP Port Tracking

--View VRRP information

10. VRRP Configuration Case

--Configuration SW1

system-view

[Huawei]interface vlanif 1

[Huawei-Vlanif1]ip address 192.168.1.1 255.255.255.0

[Huawei-Vlanif1]vrrp vrid 1 virtual-ip 192.168.1.254

[Huawei-Vlanif1]vrrp vrid 1 priority 200

[Huawei-Vlanif1]vrrp vrid 1 preempt-mode timer delay 20

[Huawei-Vlanif1]vrrp vrid 1 track interface GigabitEthernet0/0/1 reduced 100

--Configuration SW2

system-view

[Huawei]interface vlanif 1

[Huawei-Vlanif1]ip address 192.168.1.2 255.255.255.0

[Huawei-Vlanif1]vrrp vrid 1 virtual-ip 192.168.1.254

[Huawei-Vlanif1]vrrp vrid 1 priority 150

--View VRRP information

display vrrp

display vrrp

display vrrp brief

display vrrp brief

Welcome to subscribe "Shulou Technology Information " to get latest news, interesting things and hot topics in the IT industry, and controls the hottest and latest Internet news, technology news and IT industry trends.