Application of hsrp vrrp in Enterprise Network

Vrrp introduction vro redundancy protocol (VRRP) is a selection protocol that dynamically allocates the responsibility of a vro to one of the VRRP routers on the LAN. The VRRP router that controls the IP address of a vro is called the primary router. It forwards packets to these virtual IP addresses. Once the primary router is unavailable, this selection process provides a dynamic failover mechanism, which allows the IP address of the virtual router to act as the default first hop router of the terminal host. The advantage of using VRRP is higher availability of default paths without configuring dynamic routing or routing discovery protocols on each terminal host. The VRRP package is encapsulated and sent in the IP package.
Working principle of www.2cto.com Vrrp vrrp only defines one type of message-vrrp message, which is a set of broadcast text, which is regularly published by the primary layer-3 Switch to notify him of its existence. These packets can be used to detect various parameters of a vl3 switch and to elect a primary L3 switch. Three state models are defined in VRRP: Initial State Initialize, active state Master, and Backup state Backup. Only active vswitches can provide services for forwarding requests to virtual IP addresses. Vrrp packets are encapsulated in IP packets and support various upper-layer protocols. VRRP also supports setting real IP addresses as virtual IP addresses. The vswitch selects the primary switch based on the configured priority. The highest priority is the primary switch, and the status is Master. If the highest priority is set, the default value is 100 ), the main IP address of the interface is compared, and the main IP address is larger than the main switch, which provides the actual routing service. Other switches act as backup switches to monitor the status of the primary switch at any time.
Www.2cto.com Vrrp main configuration command to set whether the virtual IP address can be pinged through vrrp ping-enabale to add the virtual ip address of the backup group interface vrrp vrid virtual_router_id virtual-ip IP-address to set the backup group priority vrrp vrid virtual_router_id priority sets the backup group's preemption mode and delay time vrrp vrid virtual_router_id preempt-mode [timer-delay seconds] sets the backup group's authentication mode and authentication word vrrp authentication-mode simple [key] sets the backup group's timer vrrp vrid virtual_router_id timer-advertise seconds sets monitoring for the specified interface vrrp vrid limit u Al_router_id track interface_type interface_number [CED priority] display and debug VRRP display VRRP status information display vrrp turn on VRRP debug information switch debugging vrrp {packet | state} case 1 (vrrp) device: vswitch Quidway S3526 Quidway 2000 series one vroququidway 2600 Two topology: Router R1 Configuration: vror2 R2 configure switch SW1 configure interface Ethernet0/23 port link-type trunkport trunk permit vlan all # interface Ethernet0/24 port link-type trunkport trunk permit vlan all switch SW2 configure interf Ace Ethernet1/0/23 port link-type trunkport trunk permit vlan all # interface Ethernet1/0/24 port link-type trunkport trunk permit vlan all # test: Case 2 (hsrp) HSRP introduction HSRP: the Hot backup Router Protocol (HSRP: Hot Standby Router Protocol) is a unique technology of the cisco platform and a private Protocol of cisco. The hot backup router protocol (HSRP) is designed to support the failure of IP traffic transfer under certain circumstances, which will not cause confusion and allow the host to use a single router, and maintain the connectivity between routers even if the first hop router fails to be used. In other words, when the source host cannot dynamically know the IP address of the First-hop router, The HSRP protocol can protect the first-hop router from failure.
The Router responsible for packet forwarding is called the Active Router ). Once the active router fails, HSRP will activate the backup router (Standby Routers) to replace the active router. The HSRP Protocol provides a mechanism to determine whether to use an active router or back up a router, and designate a virtual IP address as the default gateway address of the network system. If the active router fails, the backup router (Standby Routers) undertakes all the tasks of the active router, and does not cause host connection interruption. HSRP runs on UDP and port 1985 is used. The source address of the router packet forwarding protocol uses the actual IP address instead of the virtual address. Based on this, HSRP routers can recognize each other. differences between HSRP and VRRP 1. in terms of functionality, VRRP and HSRP are very similar, but in terms of security, VRRP has a major advantage for HSRP: it allows devices in the VRRP group to establish authentication mechanisms. in addition, unlike HSRP, the virtual router cannot be the IP address of one of the routers, but VRRP allows this situation (if the "vro with" vro address "is created and is running, it should always be managed by this vro-equivalent to the active vro in HSRP), but to ensure that the terminal host does not have to learn the MAC address again in case of failure, it specifies the MAC address 00-00-5e-00-01-VRID used. The VRID here is the ID of the vro (equivalent to a group ID of HSRP ). 2. another difference is that VRRP does not use the coup in HSRP or an equivalent message. VRRP's state machine is simpler than HSRP's, and HSRP has 6 states. (Initial status, Learn status, Listen status, Speak status, Standby status, and Active status) and 8 events, VRRP only has 3 states (Initialize), Master Status (Master), Backup status (Backup) and 5 events. www.2cto.com 3. HSRP has three types of packets, and three statuses can be used to send a packet call (Hello) Message Resign (Resign) packet mutation (Coup) packet VRRP has a packet VRRP broadcast packet: the primary router regularly sends out a notice about its existence. These packets can detect vro parameters and be used for primary router election. 4. HSRP carries the packets on UDP packets, while VRRP carries the packets on IP packets (HSRP uses UDP port 1985 to send hello messages to the multicast address 224.0.0.2 .) 5. VRRP security: VRRP protocol includes three main authentication methods: no authentication, simple plaintext password and strong authentication using MD5 HMAC ip. step 1 configure R1 # show standby allEthernet0/0.10-Group 10 State is Active2 state changes, last state change 00: 01: 21 Virtual IP address is 192.168.10.254Active virtual MAC address is 255.c07.ac0alocal virtual MAC address is 255.c07.ac0a (v1 default) Hello time 3 sec, hold time 10 secNext hello sent in 2.204 secsPreemption enabled, delay min 5 SecsActive router is localStandby router is unknownPriority 120 (configured 120) IP redundancy name is "hsrp-Et0/0.10-10" (default) Ethernet0/0.20-Group 20 State is Active2 state changes, last state change 00: 00: 19 Virtual IP address is 192.168.255.254active virtual MAC address is 255.c07.ac14local virtual MAC address is 255.c07.ac14 (v1 default) Hello time 3 sec, hold time 10 secNext hello sent I N 1.836 secsPreemption enabled, delay min 5 secsActive router is localEthernet0/0 (not full duplex), with sw1 FastEthernet0/0 (full duplex ). standby router is unknownPriority 80 (configured 80) IP redundancy name is "hsrp-Et0/0.20-20" (default) interface Ethernet0/0no ip addresshalf-duplex! Interface Ethernet0/0.10 encapsulation dot1Q 10ip address 192.168.10.1 255.255.255.0 // sub-interface ip address standby 10 ip address 192.168.10.254 // virtual ip address standby 10 priority 120 // priority standby 10 preempt delay minimum 5 // set backup group preemption mode and delay time! Interface Ethernet0/0.20 encapsulation dot1Q 20ip address 192.168.20.1 listen 20 ip Route 20 priority 80 standby 20 preempt delay minimum 5R2 configuration R2 # show standby allEthernet0/0.10-Group 10 State is Active2 state changes, last state change 00: 01: 40 Virtual IP address is 192.168.10.254Active virtual MAC address is already running c07.ac0alocal virtual MAC address is already running c07.ac0a (v1 Default) Hello time 3 sec, hold time 10 secNext hello sent in 1.200 secsPreemption enabled, delay min 5 secsActive router is localStandby router is unknownPriority 80 (configured 80) IP redundancy name is "hsrp-Et0/0.10-10" (default) Ethernet0/0.20-Group 20 State is Active2 state changes, last state change 00: 00: 12 Virtual IP address is 192.168.255.254active virtual MAC address is 255.c07.ac14local Virtual MAC address is wrongly c07.ac14 (v1 default) Hello time 3 sec, hold time 10 secNext hello sent in 2.388 secsPreemption enabled, delay min 5 secsActive router is localStandby router is unknownPriority 120 (configured 120) IP redundancy name is "hsrp-Et0/0.20-20" (default) Sw1 configuration sw1 # show int f0/0 switchportName: Fa0/0 Switchport: EnabledAdministrative Mode: trunkOperational Mode: trunkAdministrat Ive Trunking Encapsulation: dot1qOperational Trunking Encapsulation: Specification of Trunking: DisabledAccess Mode VLAN: 0 (Inactive) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALLTrunking VLANs Active: 1, 10, 20 Priority for untagged frames: 0 Override vlan tag priority: FALSEVoice VLAN: noneAppliance trust: nonesw1 # show int f0/1 switchportName: Fa0/1 Switchport: EnabledAdminis Trative Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: Allocation of Trunking: DisabledAccess Mode VLAN: 0 (Inactive) Trunking Native Mode VLAN: 1 (default) trunking VLANs Enabled: ALLTrunking VLANs Active: 1, 10, 20 Priority for untagged frames: 0 Override vlan tag priority: FALSEVoice VLAN: noneAppliance trust: nonesw1 # interfac E FastEthernet0/0 switchport mode trunk! Interface FastEthernet0/1 switchport mode configurations sw2 # show int f0/0 switchportName: Fa0/0 Switchport: Pull Mode: trunkOperational Mode: Pull Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: DisabledAccess Mode VLAN: 0 (Inactive) Trunking Native Mode VLAN: 1 (default) Trunking VLANs Enabled: ALLTrunking VLANs Active: 1, 10, 20 Priority for untagged frames: 0 Override vlan tag priority: FALSEVoice VLAN: noneAppliance trust: nonesw2 # show int f0/1 switchportName: Fa0/1 Switchport: idle Mode: trunkOperational Mode: trunkAdministrative Trunking Encapsulation: dot1qOperational Trunking Encapsulation: dot1qNegotiation of Trunking: DisabledAccess Mode VLAN: 0 (Inactive) Trunking Native Mode VLAN: 1 (default) T Runking VLANs Enabled: ALLTrunking VLANs Active: 1, 10, 20 Priority for untagged frames: 0 Override vlan tag priority: FALSEVoice VLAN: noneAppliance trust: nonesw2 # show running-config! Interface FastEthernet0/0 switchport mode trunk! Interface FastEthernet0/1 switchport mode trunk