拓扑
要求:
1.接入层和汇聚层配置MSTP+VRRP实现高可用性
2.汇聚层和核心层配置BFD高可用性
3.汇聚层和核心层之间允许OSPF,OSPF配置BFD实现高可用性
4.核心层到LSP配置静态路由,要求配置BFD实现高可用性
配置
基础配置(VLAN+IP)
PC1配置,PC2参考PC1
Access配置
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type access
port default vlan 10
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/4
port link-type access
port default vlan 20
converge1
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/3
port link-type access
#
interface Vlanif1
ip address 12.1.1.2 255.255.255.252
#
interface Vlanif10
ip address 192.168.1.252 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.252 255.255.255.0
converge2
#
vlan batch 10 20
#
interface GigabitEthernet0/0/1
port link-type access
#
interface GigabitEthernet0/0/2
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface GigabitEthernet0/0/3
port link-type trunk
port trunk allow-pass vlan 10 20
#
interface Vlanif1
ip address 12.1.2.2 255.255.255.252
#
interface Vlanif10
ip address 192.168.1.253 255.255.255.0
#
interface Vlanif20
ip address 192.168.2.253 255.255.255.0
core
#
interface GigabitEthernet0/0/0
ip address 12.1.1.1 255.255.255.252
#
interface GigabitEthernet0/0/1
ip address 12.1.2.1 255.255.255.252
#
interface GigabitEthernet0/0/2
ip address 200.10.10.2 255.255.255.252
#
interface GigabitEthernet4/0/0
ip address 200.10.20.1 255.255.255.252
LSP
#
interface GigabitEthernet0/0/0
ip address 200.10.10.1 255.255.255.252
#
interface LoopBack0
ip address 8.8.8.8 255.255.255.255
#
interface GigabitEthernet0/0/1
ip address 200.10.20.1 255.255.255.252
MSTP配置
converge1
#
stp region-configuration
region-name gls.com
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 1 priority 0
stp instance 2 priority 4096
converge2
#
stp region-configuration
region-name gls.com
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
stp instance 1 priority 4096
stp instance 2 priority 0
Access
#
stp region-configuration
region-name gls.com
revision-level 1
instance 1 vlan 10
instance 2 vlan 20
active region-configuration
#
验证配置
[Access]dis stp instance 1 b
MSTID Port Role STP State Protection
1 GigabitEthernet0/0/1 ROOT FORWARDING NONE
1 GigabitEthernet0/0/2 DESI FORWARDING NONE
1 GigabitEthernet0/0/3 ALTE DISCARDING NONE
[Access]dis stp instance 2 b
MSTID Port Role STP State Protection
2 GigabitEthernet0/0/1 ALTE DISCARDING NONE
2 GigabitEthernet0/0/3 ROOT FORWARDING NONE
2 GigabitEthernet0/0/4 DESI FORWARDING NONE
VRRP配置
converge1
#
interface Vlanif10
ip address 192.168.1.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254
vrrp vrid 1 priority 150
#
interface Vlanif20
ip address 192.168.2.252 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.254
converge2
#
interface Vlanif10
ip address 192.168.1.253 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254
#
interface Vlanif20
ip address 192.168.2.253 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.254
vrrp vrid 2 priority 150
验证配置
[converge1]display vrrp brief
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif10 Normal 192.168.1.254
2 Backup Vlanif20 Normal 192.168.2.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
[converge2]display vrrp b
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Backup Vlanif10 Normal 192.168.1.254
2 Master Vlanif20 Normal 192.168.2.254
----------------------------------------------------------------
Total:2 Master:1 Backup:1 Non-active:0
路由配置(OSPF+静态路由)
core
#
ospf 1 router-id 1.1.1.1
default-route-advertise always
area 0.0.0.0
network 12.1.1.0 0.0.0.3
network 12.1.2.0 0.0.0.3
#
ip route-static 0.0.0.0 0.0.0.0 200.10.10.1
ip route-static 0.0.0.0 0.0.0.0 200.10.20.1 preference 70
converge1
#
ospf 1 router-id 2.2.2.2
area 0.0.0.0
network 12.1.1.0 0.0.0.3
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.1.254 0.0.0.0
network 192.168.2.254 0.0.0.0
#
converge2
#
ospf 1 router-id 3.3.3.3
area 0.0.0.0
network 12.1.2.0 0.0.0.3
network 192.168.1.0 0.0.0.255
network 192.168.2.0 0.0.0.255
network 192.168.1.254 0.0.0.0
network 192.168.2.254 0.0.0.0
#
VRRP联动BFD配置
converge1
#
bfd 1 bind peer-ip 12.1.1.1 source-ip 12.1.1.2 auto
#
interface Vlanif10
ip address 192.168.1.252 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.254
vrrp vrid 1 priority 150
vrrp vrid 1 track bfd-session session-name 1 reduced 60
converge2
#
bfd 2 bind peer-ip 12.1.2.1 source-ip 12.1.2.2 auto
#
interface Vlanif20
ip address 192.168.2.253 255.255.255.0
vrrp vrid 2 virtual-ip 192.168.2.254
vrrp vrid 2 priority 150
vrrp vrid 2 track bfd-session session-name 1 reduced 60
core
#
bfd 1 bind peer-ip 12.1.1.2 source-ip 12.1.1.1 auto
commit
#
bfd 2 bind peer-ip 12.1.2.2 source-ip 12.1.2.1 auto
commit
静态路由联动BFD
core
#
bfd lsp bind peer-ip 200.10.10.1 source-ip 200.10.10.2 auto
#
ip route-static 0.0.0.0 0.0.0.0 200.10.10.1 track bfd-session lsp
ip route-static 0.0.0.0 0.0.0.0 200.10.20.1 preference 70
LSP
#
bfd lsp bind peer-ip 200.10.10.2 source-ip 200.10.10.1 auto
nat配置
#
acl name lsp 3999
rule 5 permit ip source 192.168.1.0 0.0.0.255
rule 10 permit ip source 192.168.2.0 0.0.0.255
#
interface GigabitEthernet0/0/2
ip address 200.10.10.2 255.255.255.252
nat outbound 3999
#
interface GigabitEthernet4/0/0
ip address 200.10.20.2 255.255.255.252
nat outbound 3999
OSPF联动BFD
core
[core-ospf-1]bfd all-interfaces enable
converge1
[core-ospf-1]bfd all-interfaces enable
converge2
[converge2-ospf-1]bfd all-interfaces enable
配置验证
core
[core]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8192 8192 200.10.10.1 Up S_AUTO_PEER -
8193 8193 12.1.2.2 Up D_IP_IF GigabitEthernet0/0/1
8195 8198 12.1.1.2 Up D_IP_IF GigabitEthernet0/0/0
8196 8194 12.1.1.2 Up S_AUTO_PEER -
8198 8197 12.1.2.2 Up S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 5/0
converge1
[converge1]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8194 8196 12.1.1.1 Up S_AUTO_PEER -
8195 8194 192.168.2.253 Up D_IP_IF Vlanif20
8196 8195 192.168.1.253 Up D_IP_IF Vlanif10
8198 8195 12.1.1.1 Up D_IP_IF Vlanif1
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 4/0
converge2
[converge2]dis bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
8193 8193 12.1.2.1 Up D_IP_IF Vlanif1
8194 8195 192.168.2.252 Up D_IP_IF Vlanif20
8195 8196 192.168.1.252 Up D_IP_IF Vlanif10
8197 8198 12.1.2.1 Up S_AUTO_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 4/0
将core的GE0/0/2接口关闭
配置验证
PC1,PC2访问公网
关闭converge1的上行链路,BFD分别通知OSPF和VRRP协议,OSPF,VRRP再进行相应操作
[converge1-GigabitEthernet0/0/3]shutdown
[converge1-GigabitEthernet0/0/3]dis vrrp b
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Backup Vlanif10 Normal 192.168.1.254
2 Backup Vlanif20 Normal 192.168.2.254
----------------------------------------------------------------
Total:2 Master:0 Backup:2 Non-active:0
[converge2]dis vrrp b
VRID State Interface Type Virtual IP
----------------------------------------------------------------
1 Master Vlanif10 Normal 192.168.1.254
2 Master Vlanif20 Normal 192.168.2.254
----------------------------------------------------------------
Total:2 Master:2 Backup:0 Non-active:0
且CONVERGE1和core1之间的邻居也检测后断开
LSP的GE0/0/0端口关闭,core通过BFD检测链路故障,切换默认路由
[LSP-GigabitEthernet0/0/0]shutdown
core
