实验一

配置VRRP命令
理解VRRP的主备选取流程
理解主备切换
理解STP根交换机为什么要和VRRP的MASTER路由器为同一台

拓扑

要求
配置LSW1和LSW2为VRRP组，其中LSW1的角色为Master，LSW2为Backup
LSW1，LSW2，LSW3配置STP协议，LSW2为根桥
AR1，LSW1，LSW2配置OSPF，使PC1可以和AR1的环回口通信

基础配置（OSPF,VLAN,STP）

PC1配置

LSW3配置

<Huawei>
<Huawei>sys
[Huawei]sys LSW3
[LSW3]vlan batch 10
[LSW3]inte gi 0/0/3
[LSW3-GigabitEthernet0/0/3]port link-type access 
[LSW3-GigabitEthernet0/0/3]port default vlan 10
[LSW3-GigabitEthernet0/0/3]inte gi 0/0/1
[LSW3-GigabitEthernet0/0/1]port link-type trunk 
[LSW3-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[LSW3-GigabitEthernet0/0/1]inte gi 0/0/2
[LSW3-GigabitEthernet0/0/2]port link-type trunk 
[LSW3-GigabitEthernet0/0/2]port trunk allow-pass vlan 10
[LSW3-GigabitEthernet0/0/2]q
[LSW3]stp mode stp 

LSW1配置

<Huawei>sys
[Huawei]sys LSW1
[LSW1]vlan batch 10
[LSW1]inte gi 0/0/2
[LSW1-GigabitEthernet0/0/2]port link-type trunk 
[LSW1-GigabitEthernet0/0/2]port trunk allow-pass vlan 10
[LSW1-GigabitEthernet0/0/2]inte gi 0/0/1
[LSW1-GigabitEthernet0/0/1]port link-type trunk 
[LSW1-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[LSW1-GigabitEthernet0/0/1]q
[LSW1]stp mode stp 
[LSW1]inte gi 0/0/3
[LSW1-GigabitEthernet0/0/3]port link-type access 
[LSW1-GigabitEthernet0/0/3]port default vlan 1
[LSW1-GigabitEthernet0/0/3]inte vlan 10
[LSW1-Vlanif10]ip addr 192.168.1.252 255.255.255.0
[LSW1-Vlanif10]inte vlan 1
[LSW1-Vlanif1]ip addr 12.1.1.1 255.255.255.0
[LSW1-Vlanif1]q
[LSW1]ospf 1 router-id 1.1.1.1
[LSW1-ospf-1]area 0
[LSW1-ospf-1-area-0.0.0.0]network 12.1.1.1 0.0.0.0
[LSW1-ospf-1-area-0.0.0.0]network 192.168.1.252 0.0.0.0   //宣告虚拟IP路由

LSW2配置

<Huawei>
<Huawei>sys 
Enter system view, return user view with Ctrl+Z.
[Huawei]sys LSW2
[LSW2]vlan 10
[LSW2-vlan10]inte gi 0/0/1
[LSW2-GigabitEthernet0/0/1]port link-type trunk 
[LSW2-GigabitEthernet0/0/1]port trunk allow-pass vlan 10
[LSW2-GigabitEthernet0/0/2]inte gi 0/0/2
[LSW2-GigabitEthernet0/0/2]port link-type trunk 
[LSW2-GigabitEthernet0/0/2]port trunk allow-pass vlan 10
[LSW2-GigabitEthernet0/0/2]q
[LSW2]stp priority 4096
[LSW2]inte gi 0/0/3
[LSW2-GigabitEthernet0/0/3]port link-type access 
[LSW2-GigabitEthernet0/0/3]port default vlan 1
[LSW2-GigabitEthernet0/0/3]inte vlan 10
[LSW2-Vlanif10]ip addr 192.168.1.253 255.255.255.0
[LSW2-Vlanif10]inte vlan 1
[LSW2-Vlanif1]ip addr 12.1.2.1 255.255.255.0
[LSW2-Vlanif1]q
[LSW2]ospf 1 router-id 2.2.2.2
[LSW2-ospf-1]area 0
[LSW2-ospf-1-area-0.0.0.0]network 12.1.2.1 0.0.0.0
[LSW2-ospf-1-area-0.0.0.0]network 192.168.1.253 0.0.0.0    //宣告虚拟IP路由

AR1配置

<Huawei>sys 
[Huawei]sys AR1
[AR1]inte gi 0/0/0
[AR1-GigabitEthernet0/0/0]ip addr 12.1.1.2 255.255.255.0
[AR1-GigabitEthernet0/0/0]inte gi 0/0/1
[AR1-GigabitEthernet0/0/1]ip addr 12.1.2.2 255.255.255.0
[AR1-GigabitEthernet0/0/1]inte lo 1
[AR1-LoopBack1]ip addr 8.8.8.8 255.255.255.255
[AR1-LoopBack1]q
[AR1]ospf 1 router-id 8.8.8.8
[AR1-ospf-1]area 0
[AR1-ospf-1-area-0.0.0.0]network 12.1.1.2 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 12.1.2.2 0.0.0.0
[AR1-ospf-1-area-0.0.0.0]network 8.8.8.8 0.0.0.0

配置VRRP

LSW2配置

[LSW2]inte vlan 10
[LSW2-Vlanif10]vrrp vrid 1 virtual-ip 192.168.1.254    //在VLANIF10接口开启VRRP，VRID号为1（此号标识VRRP同一组的标识）,虚拟IP为192.168.1.254
[LSW2-Vlanif10]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Master       Vlanif10                 Normal   192.168.1.254  
----------------------------------------------------------------
Total:1     Master:1     Backup:0     Non-active:0     

在MASTER_DOWN超时后,LSW2成为Master，并且发送VRRP报文，在LSW2的GE0/0/2口抓包

LSW1配置

[LSW1]inte vlan 10
[LSW1-Vlanif10]vrrp vrid 1 virtual-ip 192.168.1.254
[LSW1-Vlanif10]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Backup       Vlanif10                 Normal   192.168.1.254  
----------------------------------------------------------------
Total:1     Master:0     Backup:1     Non-active:0     

LSW1的VLANIF10接口配置VRRP后角色为BACKUP，监听到来自LSW2的VRRP报文，在经过对比后发现优先级相同（LSW1和LSW2都没有配置优先级，所以默认都为100），备份路由器不会比较接口IP地址大小，所以发现优先级相同后，不会去竞争MASTER,所以在LSW2的GE0/0/1接口抓包还是LSW2在发送VRRP报文

LSW1配置优先级

[LSW1-Vlanif10]vrrp vrid 1 priority 200

LSW1配置优先级为200后，监听到来自LSW2的VRRP中的优先级为100，小于自己的优先级，VRRP默认模式为抢夺模式，所以发送VRRP开始抢夺Master，LSW2接收到来自LSW1的VRRP报文，发现优先级大于自己，切换模式为BACKUP，此时在LSW2的GE0/0/2接口抓包，发现发送VRRP的对象变成了LSW1

查看LSW1和LSW2的接口角色状态

[LSW1-Vlanif10]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Master       Vlanif10                 Normal   192.168.1.254     //LSW1抢夺了Master
----------------------------------------------------------------
Total:1     Master:1     Backup:0     Non-active:0  

[LSW2-Vlanif10]dis vrrp brief
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Backup       Vlanif10                 Normal   192.168.1.254  
----------------------------------------------------------------
Total:1     Master:0     Backup:1     Non-active:0   

真理:STP的根桥和VRRP的Master机器为何要是一台

在配置时，经过设置桥优先级，使LSW2成为根桥，通过设置VRRP优先级使LSW1成为Master，查看状态验证
LSW2树根验证

[LSW2]dis stp 
-------[CIST Global Info][Mode STP]-------
CIST Bridge         :4096 .4c1f-cc01-1a97
Config Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC      :4096 .4c1f-cc01-1a97 / 0    	    //根桥ID就是自己的桥ID
CIST RegRoot/IRPC   :4096 .4c1f-cc01-1a97 / 0
CIST RootPortId     :0.0
BPDU-Protection     :Disabled
TC or TCN received  :13
TC count per hello  :0
STP Converge Mode   :Normal 
Time since last TC  :0 days 0h:27m:36s
Number of TC        :15
Last TC occurred    :GigabitEthernet0/0/2

LSW1 Master验证

[LSW1]dis vrrp brief 
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Master       Vlanif10                 Normal   192.168.1.254  
----------------------------------------------------------------
Total:1     Master:1     Backup:0     Non-active:0 

经过STP计算，LSW3的GE0/0/1口被阻塞（验证）

[LSW3]dis stp brief 
 MSTID  Port                        Role  STP State     Protection
   0    GigabitEthernet0/0/1        ALTE  DISCARDING      NONE   //1口被STP计算阻塞
   0    GigabitEthernet0/0/2        ROOT  FORWARDING      NONE
   0    GigabitEthernet0/0/3        DESI  FORWARDING      NONE

此时PC1 ping AR1的环回口8.8.8.8，在LSW2的GE0/0/2口抓包，LSW1的GE0/0/3口抓包

PC>ping 8.8.8.8

Ping 8.8.8.8: 32 data bytes, Press Ctrl_C to break
From 8.8.8.8: bytes=32 seq=1 ttl=254 time=140 ms
From 8.8.8.8: bytes=32 seq=2 ttl=254 time=79 ms
From 8.8.8.8: bytes=32 seq=3 ttl=254 time=94 ms
From 8.8.8.8: bytes=32 seq=4 ttl=254 time=94 ms
From 8.8.8.8: bytes=32 seq=5 ttl=254 time=78 ms

--- 8.8.8.8 ping statistics ---
  5 packet(s) transmitted
  5 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 78/97/140 ms

LSW2的GE0/0/1口

LSW1的GE0/0/3口

由此抓包可得知PC1 ping AR1的ICMP路径为如下，导致如此绕的原因就是STP的树根和VRRP的VRRP协议的MASTER不一致，导致通信的线路如此曲折

将树根更改为LSW1

[LSW1]stp priority 0
[LSW1]dis stp 
-------[CIST Global Info][Mode STP]-------
CIST Bridge         :0    .4c1f-cc16-213e
Config Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
Active Times        :Hello 2s MaxAge 20s FwDly 15s MaxHop 20
CIST Root/ERPC      :0    .4c1f-cc16-213e / 0    //根桥的桥ID和自己的桥ID一样
CIST RegRoot/IRPC   :0    .4c1f-cc16-213e / 0
CIST RootPortId     :0.0
BPDU-Protection     :Disabled
TC or TCN received  :77
TC count per hello  :0
STP Converge Mode   :Normal 
Time since last TC  :0 days 0h:44m:42s
Number of TC        :13
Last TC occurred    :GigabitEthernet0/0/1

此时经过STP计算，被封锁的口应该为LSW3的GE0/0/2口，此时再用PC1 ping AR1的环回口路线就变成如下，在LSW1的GE0/0/2口抓包验证

LSW1的GE0/0/2口抓包

验证主备切换

一，Master主动放弃身份

LSW1配置主动放弃MASTER身份，接口退出VRRP

[LSW1-Vlanif10]undo vrrp vrid 1

在LSW1的GE0/0/1口抓包，发现LSW1发送了一个VRRP优先级为0的数据包，当组内其他的VRRP路由器接受到后会瞬间转换为Master

此时查看LSW2的VRRP角色转变为Master

[LSW2]dis vrrp b
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Master       Vlanif10                 Normal   192.168.1.254  
----------------------------------------------------------------
Total:1     Master:1     Backup:0     Non-active:0     

二，Master设备出现问题导致无法正常发送VRRP报文(链路断掉了或者直接设备关机了)

LSW1关闭接口

[LSW1]inte gi 0/0/1
[LSW1-GigabitEthernet0/0/1]shutdown 
[LSW1-GigabitEthernet0/0/1]inte gi 0/0/2
[LSW1-GigabitEthernet0/0/2]shutdown 

查看LSW2的VRRP角色,LSW2的计时器Master_Down时间内接受不到来自MASTER的VRRP报文，自己将会变成MASTER

[LSW2]dis vrrp b
VRID  State        Interface                Type     Virtual IP     
----------------------------------------------------------------
1     Master       Vlanif10                 Normal   192.168.1.254   //角色转换为Master
----------------------------------------------------------------
Total:1     Master:1     Backup:0     Non-active:0     
[LSW2]

验证通信

通信正常

PC>ping 8.8.8.8

Ping 8.8.8.8: 32 data bytes, Press Ctrl_C to break
From 8.8.8.8: bytes=32 seq=1 ttl=254 time=110 ms
From 8.8.8.8: bytes=32 seq=2 ttl=254 time=47 ms

--- 8.8.8.8 ping statistics ---
  2 packet(s) transmitted
  2 packet(s) received
  0.00% packet loss
  round-trip min/avg/max = 47/78/110 ms

本栏目推荐文章
• AT_cf17_final_j 题解
• 代码随想录 day17 平衡二叉树 二叉树的所有路径 左叶子之和
• odoo17.0 POS 微信支付
• 17-案例实战：教你快速搭建 Kubernete 监控平台
• JDK版本升级到17后，GeoServer的图层无法图层预览
• PowerDotNet平台化软件架构设计与实现系列（17）：PCRM个人用户管理平台
• JDK1.8 如何升级到JDK17
• (原创)odoo17新特性:计算字段之预计算
• 17.PG索引核心
• Cadence 17.4 Allegro 创建异形焊盘Shape

VRRP 17vrrp 17 vrrp 技术vrrp 防火墙vrrp 原理vrrp 5vrrp golang vrrp ipvs huawei track vrrp amp mstp vrrp ensp vrrp mstp