实验目的
企业出口网关设备故障通过VRRP BFD联动快速切换
实验过程
1. AR1与AR2运行VRRP协议,作为VLAN 10和VLAN 20的网关
2. AR1与AR2通过设备优先级让设备互为主备,提高网络冗余性
3. AR1作为VLAN 10的主网关,AR2作为VLAN 20的主网关
4. 在AR1和AR2上配置NAT和必要的路由
5. PC机可以与8.8.8.8地址通信
6. 当 SW2 与 R3 之间的链路故障时, R1 无法感知,会导致网关不切换为了进一步
提高可靠性,要求配置BFD联动VRRP,当上联链路失效后,流量能够切换到另一台
设备。
在交换机上创建 VLAN 并划分接口
[SW1] vlan batch 10 20
[SW1] interface g0/0/1
[SW1-GigabitEthernet0/0/1] port link-type trunk
[SW1-GigabitEthernet0/0/1] port trunk allow-pass vlan 10 20
[SW1-GigabitEthernet0/0/1] interface g0/0/2
[SW1-GigabitEthernet0/0/2] port link-type trunk
[SW1-GigabitEthernet0/0/2] port trunk allow-pass vlan 10 20
[SW1-GigabitEthernet0/0/2] interface g0/0/3
[SW1-GigabitEthernet0/0/3] port link-type access
[SW1-GigabitEthernet0/0/3] port default vlan 10
[SW1-GigabitEthernet0/0/3] interface g0/0/4
[SW1-GigabitEthernet0/0/4] port link-type access
[SW1-GigabitEthernet0/0/4] port default vlan 20
配置AR
AR1
[AR1] interface g0/0/1.10
[AR1-GigabitEthernet0/0/1.10] ip address 192.168.10.252 24
[AR1-GigabitEthernet0/0/1.10] dot1q termination vid 10
[AR1-GigabitEthernet0/0/1.10] arp broadcast enable
[AR1-GigabitEthernet0/0/1.10] vrrp vrid 10 virtual-ip 192.168.10.254
[AR1-GigabitEthernet0/0/1.10] vrrp vrid 10 priority 200
[AR1-GigabitEthernet0/0/1.10] interface g0/0/1.20
[AR1-GigabitEthernet0/0/1.20] ip address 192.168.20.252 24
[AR1-GigabitEthernet0/0/1.20] dot1q termination vid 20
[AR1-GigabitEthernet0/0/1.20] arp broadcast enable
[AR1-GigabitEthernet0/0/1.20] vrrp vrid 20 virtual-ip 192.168.20.254
[AR1-GigabitEthernet0/0/1.20] int g0/0/0
[AR1-GigabitEthernet0/0/0] ip address 100.1.10.1 24
AR2
[AR2] interface g0/0/1.10
[AR2-GigabitEthernet0/0/1.10] ip address 192.168.10.253 24
[AR2-GigabitEthernet0/0/1.10] dot1q termination vid 10
[AR2-GigabitEthernet0/0/1.10] arp broadcast enable
[AR2-GigabitEthernet0/0/1.10] vrrp vrid 10 virtual-ip 192.168.10.254
[AR2-GigabitEthernet0/0/1.10] interface g0/0/1.20
[AR2-GigabitEthernet0/0/1.20] ip address 192.168.20.253 24
[AR2-GigabitEthernet0/0/1.20] dot1q termination vid 20
[AR2-GigabitEthernet0/0/1.20] arp broadcast enable
[AR2-GigabitEthernet0/0/1.20] vrrp vrid 20 virtual-ip 192.168.20.254
[AR2-GigabitEthernet0/0/1.20] vrrp vrid 20 priority 200
[AR2-GigabitEthernet0/0/1.20] int g0/0/0
[AR2-GigabitEthernet0/0/0] ip address 100.1.20.1 24
配置 NAT 和静态路由
AR1
[AR1] ip route-static 0.0.0.0 0.0.0.0 100.1.10.3
[AR1] acl 2000
[AR1-acl-basic-2000] rule 5 permit source 192.168.10.0 0.0.0.255
[AR1-acl-basic-2000] rule 10 permit source 192.168.20.0 0.0.0.255
[AR1-acl-basic-2000] interface g0/0/0
[AR1-GigabitEthernet0/0/0] nat outbound 2000
AR2
[AR2] ip route-static 0.0.0.0 0.0.0.0 100.1.20.3
[AR2] acl 2000
[AR2-acl-basic-2000] rule 5 permit source 192.168.10.0 0.0.0.255
[AR2-acl-basic-2000] rule 10 permit source 192.168.20.0 0.0.0.255
[AR2-acl-basic-2000] interface g0/0/0
[AR2-GigabitEthernet0/0/0] nat outbound 2000
AR3
[AR3] interface g0/0/0
[AR3-GigabitEthernet0/0/0] ip address 100.1.10.3 24
[AR3-GigabitEthernet0/0/0] int g0/0/1
[AR3-GigabitEthernet0/0/1] ip address 100.1.20.3 24
[AR3-GigabitEthernet0/0/1] interface lo 0
[AR3-LoopBack0] ip address 8.8.8.8 32
配置 BFD
AR1
[AR1] bfd
[AR1-bfd] quit
[AR1] bfd 1to3 bind peer-ip 100.1.10.3 source-ip 100.1.10.1 auto
AR3
[AR3] bfd
[AR3-bfd] quit
[AR3] bfd 3to1 bind peer-ip 100.1.10.1 source-ip 100.1.10.3 auto
配置 R1 的 VRRP 联动bfd 会话
AR1
[AR1] interface g0/0/1.10
[AR1-GigabitEthernet0/0/1.10]vrrp vrid 10 track bfd-session session-name
1to3 reduced 150
关闭交换机S2 g0/0/2口,观察流量情况
