HSRP Introduction
HSRP 是提供 first-hop 來提供高網路可用性的標準方法。它使一組路由器接口能夠協同工作,向 LAN 上的主機呈現單個虛擬路由或 default gateway 的方法。在網路的多個路由器上配置 HSRP 時,它會提供虛擬媒體訪問控制(MAC,virtual Media Access Control)位址和一組已配置的路由器之間共享的 IP 地址。
當其中一個路由器被選擇為 active 路由器,另一個路由器作為 standby 路由器。在一組設有 HSRP 路由器接口中,active 路由器是路由封包的首選路由器;standby 路由器是在 active 路由器出現故障或滿足預設條件時接管路由任務的路由器。
HSRP 支持的任何路由器接口
Implement HSRP Topology
這邊 Cloud1 是透過虛擬機網路卡取得 IP,這邊不詳述。
目標
- 配置 EIGRP
- 設定 HSRP
- 測試
EIGRP Configuration
我將 R1、R2、R3、R4 配置 EIGRP 協定並將 AS 設定為 100。 這邊用 R1、R2 做範例,其中會在 EIGRP 中加入預設路由。
R1
router eigrp 100
network 172.16.1.0 0.0.0.3
redistribute static metric 100000 1000 255 1 1500
R2
router eigrp 100
network 10.0.1.0 0.0.0.3
network 10.0.3.0 0.0.0.3
network 192.168.10.0
passive-interface FastEthernet0/0(終端設備介面無須參與路由表的更新)
EIGRP Default Route Set
配置默認路由讓 EIGRP 自動學習,這樣不用透過手動建立多個靜態路由。
(config)# ip route 0.0.0.0 0.0.0.0 fa 0/0
(config-router)# redistribute static metric 100000 1000 255 1 1500
路由表如下
(config)#do sh ip route
Codes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP
D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area
N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2
E1 - OSPF external type 1, E2 - OSPF external type 2
i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2
ia - IS-IS inter area, * - candidate default, U - per-user static route
o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP
+ - replicated route, % - next hop override
Gateway of last resort is 10.0.1.2 to network 0.0.0.0
D*EX 0.0.0.0/0 [170/2937856] via 10.0.1.2, 00:09:37, Serial6/7
10.0.0.0/8 is variably subnetted, 5 subnets, 2 masks
C 10.0.1.0/30 is directly connected, Serial6/7
L 10.0.1.1/32 is directly connected, Serial6/7
D 10.0.2.0/30 [90/2681856] via 10.0.3.1, 00:09:40, Serial6/5
[90/2681856] via 10.0.1.2, 00:09:40, Serial6/7
C 10.0.3.0/30 is directly connected, Serial6/5
L 10.0.3.2/32 is directly connected, Serial6/5
172.16.0.0/30 is subnetted, 1 subnets
D 172.16.1.0 [90/2681856] via 10.0.1.2, 00:09:40, Serial6/7
192.168.10.0/24 is variably subnetted, 2 subnets, 2 masks
C 192.168.10.0/24 is directly connected, FastEthernet0/0
L 192.168.10.254/32 is directly connected, FastEthernet0/0
HSRP Configuration
將 HSRP 配置到 R2、R3
R2
interface FastEthernet0/0
ip address 192.168.10.254 255.255.255.0
standby 1 ip 192.168.10.250(定義 interface Group 為 1 的虛擬 IP address)
standby 1 priority 120(定義路由器的優先級,默認值為 100)
standby 1 preempt(強制最高優先級路由器成為 Active 路由器,而不是當前 Active 路由器)
standby 1 track 10 decrement 30
duplex half
其中 track 是用來當斷線時會將 priority -30,假設 R2 的 priority 120,R3 為預設 100,當 R2 該 Group 的介面 down 時,會將 priority -30,在與 R3 的 preempt 做對應,當 R2 priority 低於 R3 時則觸發成為 Activity。
設定完之後,路由器會顯示此訊息
R2(config-if)#
*Apr 19 13:32:06.091: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
查看 R2 HSRP 狀態
R2#show standby
FastEthernet0/0 - Group 1
State is Active (目前的角色)
2 state changes, last state change 00:11:51
Virtual IP address is 192.168.10.250
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.640 secs
Preemption enabled
Active router is local
Standby router is 192.168.10.253, priority 100 (expires in 9.616 sec)
Priority 120 (configured 120)
Track object 10 (unknown)
Group name is "hsrp-Fa0/0-1" (default)
- State is Active
- 目前的角色
- virtual MAC address
- 自行產生,可更改
- Hello time 3 sec, hold time 10 sec
- 預設秒數
- Router 預設每 3 秒會對 Group 裡面的介面做請求,如果
Standby介面過了Hold Time也無法收到Active介面的請求,則判斷對方掛掉,會將自己升格為Active。
- Router 預設每 3 秒會對 Group 裡面的介面做請求,如果
- 可以更改預設值
- 預設秒數
R3
interface FastEthernet0/0
ip address 192.168.10.253 255.255.255.0
standby 1 ip 192.168.10.250
standby 1 preempt
duplex half
查看 R3 HSRP 狀態
R3#show standby
FastEthernet0/0 - Group 1
State is Standby
1 state change, last state change 00:14:27
Virtual IP address is 192.168.10.250
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.344 secs
Preemption enabled
Active router is 192.168.10.254, priority 120 (expires in 9.984 sec)
Standby router is local
Priority 100 (default 100)
Group name is "hsrp-Fa0/0-1" (default)
充當虛擬路由器的所有路由器必須位於同一 LAN 網段中。
Test
我們試著將 R2 F0/0 介面 down 掉,並觀察 R2 與 PC-1。
未 Down
PC-1 反應
PC-1> trace 8.8.8.8
trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop
1 192.168.10.254 837.738 ms 9.916 ms 8.508 ms
2 10.0.1.2 825.340 ms * 24.800 ms
3 172.16.1.2 58.527 ms 33.503 ms 61.034 ms
4 192.168.137.2 110.609 ms 58.531 ms 65.922 ms
5 * * *
6 * * *
7
用 stanby 指令來觀察
#do show stan brief
P indicates configured to preempt.
|
Interface Grp Pri P State Active Standby Virtual IP
Fa0/0 1 120 P Active local 192.168.10.253 192.168.10.250
Down 掉 F0/0 介面
R2 反應
R2(config-if)#shutdown
R2(config-if)#
*Apr 19 14:17:25.171: %TRACKING-5-STATE: 1 interface Fa0/0 line-protocol Up->Down
*Apr 19 14:17:25.179: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Active -> Init
R2(config-if)#
*Apr 19 14:17:27.163: %LINK-5-CHANGED: Interface FastEthernet0/0, changed state to administratively down
*Apr 19 14:17:28.163: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet0/0, changed state to down
R3 反應
R3#
*Apr 19 14:17:25.423: %HSRP-5-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active
PC-1 反應
PC-1> trace 8.8.8.8
trace to 8.8.8.8, 8 hops max, press Ctrl+C to stop
1 192.168.10.253 30.256 ms 14.370 ms 14.348 ms(倒到從 `R3` 路由器)
2 10.0.2.1 29.760 ms 29.760 ms 29.847 ms
3 172.16.1.2 50.592 ms 52.080 ms 50.096 ms
4 192.168.137.2 62.000 ms 62.000 ms 61.007 ms
5 * * *
6 * *
那如果將 R2 的 F0/0 重新 UP 起來呢 ? 換誰當 Activite ?
.
.
.
為 R2
Wireshark observes HSRP packets
HSRP是使用UDP傳輸,port 為1985HSRP用224.0.0.2做群播,並定期發送Hello發包至HSRPGroup 中- 當 Router 的
HSRP為Activity,來源MAC是來自虛擬 IP 的,MAC值為00:00:0c:07:ac:01,當創建HSRP時MAC會以00:00:0c:07:ac:加上 Group 值作為MAC