Hsrp+route-map solving multi-router multi-ISP

The first two days did a single router multi-ISP exit experiment. Today do a multi-router multi-ISP exit experiment. Go straight to the chase.

Topology Description (Post editor I can't insert pictures, tragedy, you can according to my description, I draw a diagram, topology is very simple.) ）

Experimental simulator GNS3.

There are three routers r1,r2,r3 and switches, and one cloud (connected to the network on the local virtual network card)

R1 analog public network, up a loopback interface, the address is 1.1.1.1. Test public network use.

R2 Analog Telecom Export, f0/0 port connection R1 f0/0. The F0/1 connects the internal switches, and the trunk is in the middle.

R3 analog Netcom Export, f0/0 port connection R1 F0/1. F0/1 connect the internal switch. The middle of the trunk.

The native virtual network card, hangs on the switch, and is zoned into the VLAN10. ip:10.10.10.3

R2 is the primary router for VLAN10. R3 is the primary router for Vlan20. Each other is a backup relationship.

R2:

Interface fastethernet0/0

IP address 111.111.111.1 255.255.255.0

IP Nat Outside

Shutdown

Duplex Auto

Speed auto

Interface fastethernet1/0

Switchport mode Trunk

No IP address

Interface Vlan10

IP address 10.10.10.1 255.255.255.0

IP nat Inside

IP policy Route-map setnext10

Standby IP 10.10.10.254

Standby Priority 120

Standby preempt

Standby track fastethernet0/0 30

( It is strongly recommended to use SLAs to invoke, standby track 1 Decrement 30 This is the call statement.) The following is the test result on the real machine, when the SLA is invoked above the Vlan20. After unplugging the optical fiber optical machine:

switch#

12:28:43.547:%TRACKING-5-STATE:1 IP SLA 1 reachability up->down

switch#

12:28:45.003:%hsrp-5-statechange:vlan20 Grp 0 State Active, Speak

switch#

12:28:56.271:%hsrp-5-statechange:vlan20 GRP 0 State Speak-Standby

, Vlan20 from the original active into the standby)

!

Interface Vlan20

IP address 20.20.20.2 255.255.255.0

IP nat Inside

IP policy Route-map setnext10

Standby IP 20.20.20.254

Standby preempt

IP nat inside source Route-map Netvlan10 interface fastethernet0/0 overload

IP nat inside source Route-map Netvlan20 interface fastethernet0/0 overload

No IP HTTP Server

No IP http secure-server

IP classless

IP Route 0.0.0.0 0.0.0.0 fastethernet0/0

!

!

!

IP Access-list Extended vlan10

Permit IP 10.10.10.0 0.0.0.255 any

IP Access-list Extended Vlan20

Permit IP 20.20.20.0 0.0.0.255 any

No CDP log mismatch duplex

!

Route-map Setnext Permit 10

Match IP Address vlan10

Set IP next-hop verify-availability 111.111.111.2 1 track 1

(You can use track to determine if this is a path, because HSRP already has track on it, so the configuration here is primarily to invoke SLAs to detect, but not affect, because track 1 is not defined.) However, the SLA cannot be simulated above gns3. Web IOU Simulator can not simulate HSRP, gateway out, only the state of HSRP, the actual no use, saying only ping different virtual IP bug, but did not say can not ping out of the network. I don't know if it's me or that. You can try it on your own. ）

!

Route-map Setnext Permit 20

Match IP Address Vlan20

Set IP next-hop 111.111.111.2

!

Route-map Netvlan20 Permit 10

Match IP Address Vlan20

Match Interface fastethernet0/0

!

Route-map NETVLAN10 Permit 10

Match IP Address vlan10

Match Interface fastethernet0/0

End

The Route-map section does not explain that the previous experiment has been explained in detail. It's not clear that you can go and see.

R3 configuration is similar to R2, which is the primary and secondary of HSRP, as well as the IP address. others.

Directly on the test results:

Host Ping External network:

C:\users\administrator.user-20161031kx>ping 1.1.1.1

Pinging 1.1.1.1 with 32 bytes of data:

The request timed out.

Reply from 1.1.1.1: Byte =32 time =27ms ttl=254

Reply from 1.1.1.1: Byte =32 time =110ms ttl=254

Reply from 1.1.1.1: Byte =32 time =27ms ttl=254

To view NAT translations for R2:

*mar 1 02:22:08.323:nat*: i:icmp (10.10.10.3, 1)---(1.1.1.1, 1) [9042]

*mar 1 02:22:08.323:nat*: s=10.10.10.3->111.111.111.1, d=1.1.1.1 [9042]

*mar 1 02:22:08.359:nat*: o:icmp (1.1.1.1, 1)---(111.111.111.1, 1) [9042]

*mar 1 02:22:08.359:nat*: s=1.1.1.1, d=111.111.111.1->10.10.10.3 [9042]

The process of the packet is: PC---->R2-----> Extranet

The PC has been successfully converted on R2.

To close the exit port of the R2:

* 4 02:25:35.595:%hsrp-6-statechange:vlan10 Grp 0 State Active, Speak

R2 has become a backup router.

This is the time to ping the extranet with a PC:

View NAT information for R3 (the router does not go R2 at this time)

* 4 02:28:12.223:nat*: i:icmp (10.10.10.3, 1), (1.1.1.1, 1) [9506]

* 4 02:28:12.223:nat*: s=10.10.10.3->222.222.222.1, d=1.1.1.1 [9506]

* 4 02:28:12.239:nat*: o:icmp (1.1.1.1, 1), (222.222.222.1, 1) [9506]

The process of the packet is: PC---->R3-----> Extranet

The PC has been successfully converted on R3

The experiment is over, thank you!

This article from "CCIE" blog, declined reprint!

Hsrp+route-map solving multi-router multi-ISP