rfc2338 VRRP

VRRP(Virtual Router Redundancy Protocol)
a standards-based,defined in IETF standard RFC 2338
VRRP is so similar to HSRP

VRRP group
 group numbers range=HSRP
VRRP role
 master router:等同於HSRP active router
 backup state:等同於HSRP all others

VRRP priority
 default priority和HSRP相等,都是100
 The one with the highest router priority VRRP group
 priority=0,表示固定為Backup status

virtual router MAC address
概念類似HSRP virtual MAC address,格式為0000.5e00.01xx,
ps:where xx is a two-digithex VRRP group number.

no tracking interfaces
VRRP has no mechanism for tracking interfaces to allow more capable routers to take over
the master role.
ps:
可透過建立Track的Profile來達成

VRRP advertisements
VRRP advertisements are sent at 1-second intervals.
只有Master Router會送advertisements
Backup routers optionally can learn the advertisement interval from the master router
ps:
VRRP sends its advertisements to the multicast destination address 224.0.0.18 , using IP protocol 112

VRRP Holdtime
Down Interval = 3* Advertisement Timer + Skew time
ps:Skew Time = 256-priority/256

Different between VRRP and HSRP
hollotime:VRRP is 1-second, HSRP is 3-second
VirtualIP: VRRP support, HSRP don't support

...............................................................................................................................

Assign a VRRP router priority
(config-if)#vrrp < group> priority
Assign a virtual IP address.
(config-if)#vrrp < group> ip < ip-address> [secondary]
ex:
l3device_a的設定如下
l3device_a(config)# interface vlan 50
l3device_a(config-if)# ip address 192.168.1.10 255.255.255.0
l3device_a(config-if)# vrrp 1 priority 200
l3device_a(config-if)# vrrp 1 ip 192.168.1.1
l3device_b的設定如下
l3device_b(config)# interface vlan 50
l3device_b(config-if)# ip address 192.168.1.11 255.255.255.0
l3device_b(config-if)# vrrp 1 priority 100
l3device_b(config-if)# vrrp 1 ip 192.168.1.1

..........

其他設定

preempt
By default, all VRRP routers are configured to preempt the current master router if their priorities are greater

Disable preempting (default is to preempt).
(config-if)#no vrrp < group> preempt
Change the preempt delay (default 0 seconds).
(config-if)# vrrp < group> preempt [delay < seconds>]

...

Alter the advertisement timer
(config-if)#vrrp < group> timers advertise [msec] < interval>
Learn the advertisement interval from the master router.
(config-if)#vrrp < group> timers learn

...

Use authentication for advertisements.
(config-if)#vrrp < group> authentication < string>
認證方法有以下幾種
Plain-text
MD5 key-string
MD5 Key-chain


.....................................

VRRP loadbalance
概念同HSRP
ex:
假設有1個switch連接l3device_a和l3device_b,並讓網路可以loadbalance,設定VRRP設定如下l3device_a的設定如下
l3device_a(config)# interface vlan 50
l3device_a(config-if)# ip address 192.168.1.10 255.255.255.0
l3device_a(config-if)# vrrp 1 priority 200
l3device_a(config-if)# vrrp 1 ip 192.168.1.1
l3device_a(config-if)# vrrp 2 priority 100
l3device_a(config-if)# vrrp 2 ip 192.168.1.2
l3device_a(config-if)# no vrrp 2 preempt
l3device_b的設定如下
l3device_b(config)# interface vlan 50
l3device_b(config-if)# ip address 192.168.1.11 255.255.255.0
l3device_b(config-if)# vrrp 1 priority 100
l3device_b(config-if)# vrrp 1 ip 192.168.1.1
l3device_b(config-if)# no vrrp 1 preempt
l3device_b(config-if)# vrrp 2 priority 200
l3device_b(config-if)# vrrp 2 ip 192.168.1.2
clients設定如下
將一部份pc的gateway設成vrrp group1的ip(192.168.1.1)
和另一部份pc設成vrrp group2的ip(192.168.1.2)

.........................................

display information about VRRP status
#show vrrp [brief]
ps
l3device_a# show vrrp brief 為例,畫面大致如下
Interface Grp Pri Time Own Pre State Master addr Group addr
Vlan50 1 200 3218 Y Master 192.168.1.10 192.168.1.1
Vlan50 2 100 3609 Backup 192.168.1.11 192.168.1.2
ps:
l3device_b# show vrrp brief 為例,畫面大致如下
Interface Grp Pri Time Own Pre State Master addr Group addr
Vlan50 1 100 3609 Backup 192.168.1.10 192.168.1.1
Vlan50 2 200 3218 Y Master 192.168.1.11 192.168.1.2
ps
l3device_a# show vrrp 為例,畫面大致如下
Vlan50 - Group 1
 State is Master
 Virtual IP address is 192.168.1.1
 Virtual MAC address is 0000.5e00.0101
 Advertisement interval is 1.000 sec
 Preemption is enabled
  min delay is 0.000 sec
 Priority is 200
 Authentication is enabled
 Master Router is 192.168.1.10 (local), priority is 200
 Master Advertisement interval is 1.000 sec
 Master Down interval is 3.218 sec
Vlan50 - Group 2
 State is Backup
 Virtual IP address is 192.168.1.2
 Virtual MAC address is 0000.5e00.0102
 Advertisement interval is 1.000 sec
 Preemption is disabled
 Priority is 100
 Authentication is enabled
 Master Router is 192.168.1.11, priority is 200
 Master Advertisement interval is 1.000 sec
 Master Down interval is 3.609 sec
(expires in 2.977 sec)
ps:
l3device_b# show vrrp 為例,畫面大致如下
Vlan50 - Group 1
 State is Backup
 Virtual IP address is 192.168.1.1
 Virtual MAC address is 0000.5e00.0101
 Advertisement interval is 1.000 sec
 Preemption is disabled
 Priority is 100
 Authentication is enabled
 Master Router is 192.168.1.10, priority is 200
 Master Advertisement interval is 1.000 sec
 Master Down interval is 3.609 sec
 (expires in 2.833 sec)
Vlan50 - Group 2
 State is Master
 Virtual IP address is 192.168.1.2 
 Virtual MAC address is 0000.5e00.0102
 Advertisement interval is 1.000 sec
 Preemption is enabled
  min delay is 0.000 sec
 Priority is 200
 Authentication is enabled
 Master Router is 192.168.1.11 (local),priority is 200
 Master Advertisement interval is 1.000 sec
 Master Down interval is 3.218 sec

 

2011-09-12 17:57:10發表 2013-08-03 14:33:34修改   

數據分析
程式開發
計算機組織與結構
資料結構與演算法
Database and MySql
manage tool
windows
unix-like
linux service
network
network layer3
network layer2
network WAN
network service
作業系統
數位鑑識
資訊安全解決方案
資訊安全威脅
Cisco security
Cisco network
Cisco layer3

Cisco layer2



  登入      [牛的大腦] | [單字我朋友] Powered by systw.net