MSTP+VRRP配置

项目拓扑与项目需求

项目需求:某公司内部为了实现高冗余性，部署了两台汇聚交换机，分别为LSW1、LSW2，AR1为公司的出口设备。公司内部有两个部门，分别划分在vlan10和vlan20。现在需要实现以下需求：

由于汇聚层和接入层采用二层组网，需要使用MSTP防止环路。
LSW1和LSW2作为内部设备的网关，使用VRRP技术实现网关冗余，效果为LSW1为vlan10的主网关，LSW2为vlan20的主网关。
在LSW1和LSW2 的OSPF进程上引入vlan10和vlan20的IP网段时,使用route-policy(if-match不同的vlanif,设置不同的cost值)，效果为PC1回包流量路径规划如下：

PC2访问PC1的回包路径为PC1-AR2-AR1-LSW1-LSW3-PC2，PC3的回包路径为PC1-AR2-LSW2-LSW4-PC3。

当LSW1的上行链路故障时，PC2访问外网的路径为PC2-LSW3-LSW2-AR1，LSW2的上行链路故障时，PC3访问外网的路径为PC3-LSW4-LSW2-AR1。

实验步骤

步骤1：配置MSTP

1）配置MSTP

[LSW1]stp region-configuration

[LSW1-mst-region]region-name huawei

[LSW1-mst-region]revision-level 1

[LSW1-mst-region]instance 10 vlan 10

[LSW1-mst-region]instance 20 vlan 20

[LSW1-mst-region]active region-configuration

其他交换机同理，不做赘述

2）在交换机上划分vlan，并配置接口链路类型

此时配置的实例生效：

[LSW1]display brief

MSTID Port Role STP State Protection

0 GigabitEthernet0/0/1 DESI FORWARDING NONE

0 GigabitEthernet0/0/2 DESI FORWARDING NONE

0 GigabitEthernet0/0/3 ALTE DISCARDING NONE

0 GigabitEthernet0/0/4 ROOT FORWARDING NONE

10 GigabitEthernet0/0/2 DESI FORWARDING NONE

10 GigabitEthernet0/0/3 ALTE DISCARDING NONE

10 GigabitEthernet0/0/4 ROOT FORWARDING NONE

20 GigabitEthernet0/0/2 DESI FORWARDING NONE

20 GigabitEthernet0/0/3 ALTE DISCARDING NONE

20 GigabitEthernet0/0/4 ROOT FORWARDING NONE

可得LSW1 不为根桥，修改 LSW1 为vlan10的主网关，避免引起次优路径的问题

配置LSW1为实例10的根桥

[LSW1]stp instance 10 root primary

[LSW1]stp instance 20 root secondary

配置LSW2为vlan的主网关，不做赘述

查看配置：

[LSW1]display stp brief

MSTID Port Role STP State Protection

0 GigabitEthernet0/0/1 DESI FORWARDING NONE

0 GigabitEthernet0/0/2 DESI FORWARDING NONE

0 GigabitEthernet0/0/3 ALTE DISCARDING NONE

0 GigabitEthernet0/0/4 ROOT FORWARDING NONE

10 GigabitEthernet0/0/2 DESI FORWARDING NONE

10 GigabitEthernet0/0/3 DESI FORWARDING NONE

10 GigabitEthernet0/0/4 DESI FORWARDING NONE

20 GigabitEthernet0/0/2 DESI LEARNING NONE

20 GigabitEthernet0/0/3 ROOT FORWARDING NONE

20 GigabitEthernet0/0/4 DESI FORWARDING NONE

配置成功

步骤2：配置VRRP

配置主网关

[LSW1]interface Vlanif 10

[LSW1-Vlanif10]ip address 10.1.1.252 24

[LSW1]interface Vlanif 20

[LSW1-Vlanif20]ip address 20.1.1.252 24

[LSW2]interface Vlanif 10

[LSW2-Vlanif10]ip address 10.1.1.253 24

[LSW2]interface Vlanif 20

[LSW2-Vlanif20]ip address 20.1.1.253 24

修改优先级主备切换

LSW1的配置：

[LSW1]interface Vlanif10

[LSW1-Vlanif10]ip address 10.1.1.252 255.255.255.0

[LSW1-Vlanif10]vrrp vrid 1 virtual-ip 10.1.1.254

[LSW1-Vlanif10]vrrp vrid 1 priority 120

[LSW1]interface Vlanif20

[LSW1-Vlanif20]ip address 20.1.1.252 255.255.255.0

[LSW1-Vlanif20]vrrp vrid 2 virtual-ip 20.1.1.254

LSW2的配置：

[LSW2]interface Vlanif10

[LSW2-Vlanif10]ip address 10.1.1.253 255.255.255.0

[LSW2-Vlanif10]vrrp vrid 1 virtual-ip 10.1.1.254

[LSW2]interface Vlanif20

[LSW2-Vlanif20]ip address 20.1.1.253 255.255.255.0

[LSW2-Vlanif20]vrrp vrid 2 virtual-ip 20.1.1.254

[LSW2-Vlanif20]vrrp vrid 2 priority 120

测试

查看VRRP配置：

[LSW1]display vrrp brief

VRID State Interface Type Virtual IP

----------------------------------------------------------------

1 Master Vlanif10 Normal 10.1.1.254

2 Backup Vlanif20 Normal 20.1.1.254

----------------------------------------------------------------

Total:2 Master:1 Backup:1 Non-active:0

测试网络连通性：

PC>ping 10.1.1.254

Ping 10.1.1.254: 32 data bytes, Press Ctrl_C to break

From 10.1.1.254: bytes=32 seq=1 ttl=255 time=78 ms

From 10.1.1.254: bytes=32 seq=2 ttl=255 time=47 ms

From 10.1.1.254: bytes=32 seq=3 ttl=255 time=31 ms

From 10.1.1.254: bytes=32 seq=4 ttl=255 time=47 ms

From 10.1.1.254: bytes=32 seq=5 ttl=255 time=47 ms

--- 10.1.1.254 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 31/50/78 ms

PC>

步骤3：运行OSPF，并配置NAT，实现网络互联互通

配置OSPF

LSW1的配置：

[LSW1-Vlanif1]ip address 10.0.11.2 24

[LSW1]ospf 1

[LSW1-ospf-1]import-route direct　//以路由引入的方式，方便做选路

[LSW1-ospf-1]area 0

[LSW1-ospf-1-area-0.0.0.0]network 10.0.11.0 0.0.0.255　//只宣告一个网段

LSW2的配置：

[LSW2-Vlanif1]ip address 10.0.12.2 24

[LSW2]ospf 1

[LSW2-ospf-1]import-route direct

[LSW2-ospf-1]area 0

[LSW2-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

AR1的配置：

[AR1]ospf 1

[AR1-ospf-1-area-0.0.0.0]network 10.0.11.0 0.0.0.255

[AR1-ospf-1-area-0.0.0.0]network 10.0.12.0 0.0.0.255

查看协议：

[AR1]display ip routing-table protocol ospf

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Public routing table : OSPF

Destinations : 4 Routes : 6

OSPF routing table status : <Active>

Destinations : 4 Routes : 6

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 O_ASE 150 1 D 10.0.11.2 GigabitEthernet

0/0/0

O_ASE 150 1 D 10.0.12.2 GigabitEthernet

0/0/1

10.1.1.254/32 O_ASE 150 1 D 10.0.11.2 GigabitEthernet

0/0/0

20.1.1.0/24 O_ASE 150 1 D 10.0.11.2 GigabitEthernet

0/0/0

O_ASE 150 1 D 10.0.12.2 GigabitEthernet

0/0/1

20.1.1.254/32 O_ASE 150 1 D 10.0.12.2 GigabitEthernet

0/0/1

OSPF routing table status : <Inactive>

Destinations : 0 Routes : 0

（2）NAT配置

[AR1]acl 2000

[AR1-acl-basic-2000]rule permit source any

[AR1-acl-basic-2000]interface g0/0/2

[AR1-GigabitEthernet0/0/2]nat outbound 2000

[AR1-GigabitEthernet0/0/2]quit

配置AR1去往外网的路由：

[AR1]ip route-static 0.0.0.0 0 64.1.1.2 //配置去往外网路由

[AR1]ping 100.1.1.1

PING 100.1.1.1: 56 data bytes, press CTRL_C to break

Reply from 100.1.1.1: bytes=56 Sequence=1 ttl=127 time=20 ms

Reply from 100.1.1.1: bytes=56 Sequence=2 ttl=127 time=30 ms

Reply from 100.1.1.1: bytes=56 Sequence=3 ttl=127 time=20 ms

Reply from 100.1.1.1: bytes=56 Sequence=4 ttl=127 time=20 ms

Reply from 100.1.1.1: bytes=56 Sequence=5 ttl=127 time=20 ms

--- 100.1.1.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 20/22/30 ms

配置PC端去往外网的路由：

[AR1-ospf-1]default-route-advertise //下发默认路由

PC>ping 100.1.1.1

Ping 100.1.1.1: 32 data bytes, Press Ctrl_C to break

From 100.1.1.1: bytes=32 seq=1 ttl=125 time=62 ms

From 100.1.1.1: bytes=32 seq=2 ttl=125 time=63 ms

From 100.1.1.1: bytes=32 seq=3 ttl=125 time=78 ms

From 100.1.1.1: bytes=32 seq=4 ttl=125 time=47 ms

From 100.1.1.1: bytes=32 seq=5 ttl=125 time=62 ms

--- 100.1.1.1 ping statistics ---

5 packet(s) transmitted

5 packet(s) received

0.00% packet loss

round-trip min/avg/max = 47/62/78 ms

PC>

步骤4：按需求写路由策略，实现PC2访问PC1的回包路径为PC1-AR2-AR1-LSW1-LSW3-PC2，PC3的回包路径为PC1-AR2-LSW2-LSW4-PC3

LSW1的配置

[LSW1-route-policy]route-policy 1 permit node 10

[LSW1-route-policy]if-match interface Vlanif20

[LSW1-route-policy]apply cost 100

[LSW1]route-policy 1 permit node 20

Info: New Sequence of this List.

[LSW1-ospf-1]import-route direct route-policy 1 //调用策略

查看路由表：

<AR1>dis ip routing-table protocol ospf

Route Flags: R - relay, D - download to fib

------------------------------------------------------------------------------

Public routing table : OSPF

Destinations : 4 Routes : 5

OSPF routing table status : <Active>

Destinations : 4 Routes : 5

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 O_ASE 150 1 D 10.0.11.2 GigabitEthernet

0/0/0

O_ASE 150 1 D 10.0.12.2 GigabitEthernet

0/0/1

10.1.1.254/32 O_ASE 150 1 D 10.0.11.2 GigabitEthernet

0/0/0

20.1.1.0/24 O_ASE 150 1 D 10.0.12.2 GigabitEthernet

0/0/1

20.1.1.254/32 O_ASE 150 1 D 10.0.12.2 GigabitEthernet

0/0/1

OSPF routing table status : <Inactive>

Destinations : 0 Routes : 0

由表可知去往20网段下一跳相同

LSW2的配置

[LSW2] route-policy 1 permit node 10

[LSW2-route-policy]if-match interface Vlanif10

[LSW2-route-policy]apply cost 100

[LSW2]route-policy 1 permit node 20

[LSW2-ospf-1]import-route direct route-policy 1

步骤5：配置上行链路故障联动下行，实现需求4

LSW1的配置：

[LSW1]display vrrp

Vlanif10 | Virtual Router 1

State : Backup

Virtual IP : 10.1.1.254

Master IP : 10.1.1.253

PriorityRun : 80 //减少40

PriorityConfig : 120//配置120

MasterPriority : 100

Preempt : YES Delay Time : 0 s

TimerRun : 1 s

TimerConfig : 1 s

Auth type : NONE

Virtual MAC : 0000-5e00-0101

Check TTL : YES

Config type : normal-vrrp

Track IF : GigabitEthernet0/0/1 Priority reduced : 40

IF state : DOWN

Create time : 2023-07-25 15:28:52 UTC-08:00

联动接口：

[LSW1]monitor-link group 1

[LSW1-mtlk-group1]port GigabitEthernet 0/0/1 uplink

[LSW1-mtlk-group1]port GigabitEthernet 0/0/2 downlink //上行链路故障联动下行链路断开

LSW2的配置：

[LSW2-Vlanif20]ip address 20.1.1.253 255.255.255.0

[LSW2-Vlanif20]vrrp vrid 2 virtual-ip 20.1.1.254

[LSW2-Vlanif20]vrrp vrid 2 priority 120

[LSW2-Vlanif20]vrrp vrid 2 track interface GigabitEthernet0/0/1 reduced 80

联动接口：

[LSW2]monitor-link group 1

[LSW2-mtlk-group1]port GigabitEthernet 0/0/1 uplink

[LSW2-mtlk-group1]port GigabitEthernet 0/0/3 downlink

补充：配置抢占延时，使得G0/0/1恢复时重新学习OSPF路由期间，流量正常访问

LSW1的配置：

[LSW1-Vlanif10]vrrp vrid 1 preempt-mode timer delay 60

LSW2同理。

MSTP+VRRP配置

相关文章

[论文必备]最强科研绘图分析工具Origin（2）——简单使用教程

Linux下基本指令(上)

flex布局与几个实例（含源码）

LLMs 用强化学习进行微调 RLHF: Fine-tuning with reinforcement learning

OpenGLES：3D立方体纹理贴图

英语——分享篇——每日100词——601-700

C++ - 布隆过滤器

论文学习：RT-DETR

【云备份】

mac电脑任务管理器 Things3 for Mac中文

Redis-双写一致性

Go 语言内置类型全解析：从布尔到字符串的全维度探究

云原生边缘计算KubeEdge安装配置

通过BeanFactotyPostProcessor动态修改@FeignClient的path

Spring 体系架构模块和三大核心组件介绍

【计算机网络】HTTPS协议详解

【应用层协议】HTTPS的加密流程

flink选择slot

国庆中秋特辑（八）Spring Boot项目如何使用JPA

基于SpringBoot的网上超市系统