如何使用HSRP提供在一个多址BGP网络的冗余
Contents
Introduction
本文讲述了您在具有两个独立的网络服务提供商(ISP)连接的多址边界网关协议(BGP)网络中如何提供冗余性。如果与一个 ISP 的连接发生故障,系统将使用 BGP set as-path {tag|prepend as-path-string} 命令和 Hot Standby Router Protocol (HSRP),动态通过其他 ISP 重新路由流量。
Prerequisites
Requirements
本文档的读者应掌握以下这些主题的相关知识:
Components Used
This document is not restricted to specific software and hardware versions.
The information in this document was created from the devices in a specific lab environment.All of the devices used in this document started with a cleared (default) configuration.If your network is live, make sure that you understand the potential impact of any command.
Conventions
有关文档规则的详细信息,请参阅 Cisco 技术提示规则。
背景信息
配置的目标在本文的将达到此网络策略:
-
必须通过R1路由所有出局流量发出从主机在网络192.168.21.0/24和被注定对互联网到ISP-A。然而,如果该链路发生故障或R1发生故障,必须通过R2to ISP-B重路由所有出局流量(然后到互联网),不用人工干预。
-
必须通过R1路由所有Inbound数据流被注定对自控系统,从互联网的AS 100。在链路从ISP-A到R1发生故障情况下,必须通过ISP-B自动地重路由Inbound数据流到R2。
这些需求可以与两技术回面:BGP和HSRP。
一个充分地冗余出局路径的第一个目标可以实现与HSRP。典型地个人计算机没有交换的功能收集和路由信息。默认网关的IP地址在PC静态被配置,并且,如果网关路由器断开, PC丢失连接到在其本地网络段之外的所有设备。这是实际情形,即使一个备选网关存在。HSRP设计符合这些要求。参考HSRP功能和功能欲知更多信息。
第二个目标可以用set as-path prepend命令的BGP完成,允许BGP传播一条更长的AS路径(通过不止一次加在前面其自己的AS编号)通过前缀的192.168.21.0/24 R2to ISP-B链路。因此,从AS 100的外面来为192.168.21.0/24注定的所有数据流通过ISP-A采取更短的AS路径对R1链路。如果主路径(对R1的ISP-A)出故障,所有数据流采取更长的AS路径(对R2的ISP-B)为了到达网络192.168.21.0/24。为了得知更多set as-path prepend命令的BGP,请参见在BGP案例分析文件的AS_PATH属性图表。
Configure
本部分提供有关如何配置本文档所述功能的信息。
Note: 有关本文档所用命令的详细信息,请使用命令查找工具(仅限注册用户)。
Network Diagram
本文使用表示的网络建立这里:
在此图表中,路由器1 (R1)和路由器2 (R2)是AS 100,有分别并列与ISP-A (AS 300)和ISP-B (AS400)的外部BGP (EBGP)。路由器6 (R6)是AS 600的部分,有与ISP-A和ISP-B的eBGP对等体。R1.R2有IBGP同位体,是必要保证最佳路由。例如,当您设法到达AS400内部路由时, R1不使用更长的路径AS 300。R1寄数据流给R2。
R1和R2为在通用的以太网分段的HSRP也被配置。在同一个以太网段的主机有默认路由往HSRP备用IP地址192.168.21.10的该点。
配置
| R1 |
|---|
Current configuration hostname R1 ! interface serial 0 ip address 192.168.31.1 255.255.255.0 ! interface Ethernet1 ip address 192.168.21.1 255.255.255.0 standby 1 priority 105 standby 1 preempt delay minimum 60 standby 1 ip 192.168.21.10 standby 1 track Serial0 !--- The standby track serial command tracks the state of !--- the Serial0 interface and brings down the !--- priority of standby group 1, if the interface goes down. !--- The standby preempt delay minimum 60 command makes sure that !--- R1 preempts and takes over as active router again. This command also ensures that !--- the router waits 60 seconds before doing so in order to give BGP time enough !--- to converge and populate the routing table. This avoids !--- traffic being sent to R1 before it is ready to forward it. ! ! router bgp 100 no synchronization network 192.168.21.0 neighbor 192.168.21.2 remote-as 100 neighbor 192.168.21.2 next-hop-self neighbor 192.168.31.3 remote-as 300 no auto-summary ! |
| R2 |
|---|
Current configuration: hostname R2 ! interface serial 0 ip address 192.168.42.2 255.255.255.0 ! interface Ethernet1 ip address 192.168.21.2 255.255.255.0 standby 1 priority 100 standby 1 preempt standby 1 ip 192.168.21.10 ! ! router bgp 100 no synchronization network 192.168.21.0 neighbor 192.168.21.1 remote-as 100 neighbor 192.168.21.1 next-hop-self neighbor 192.168.42.4 remote-as 400 neighbor 192.168.42.4 route-map foo out !--- It appends AS 100 to the BGP updates sent to AS 400 !--- in order to make it a backup for the ISP-A to R1 path. no auto-summary ! access-list 1 permit 192.168.21.0 route-map foo permit 10 match ip address 1 set as-path prepend 100 end |
Verify
本部分所提供的信息可用于确认您的配置是否正常工作。
命令输出解释程序工具(仅限注册用户)支持某些 show 命令,使用此工具可以查看对 show 命令输出的分析。
当您配置在所有网络时的冗余,您必须考虑两件事:
-
一个冗余路径的创建去从一个本地网络的信息包的目的地网络。
-
一个冗余路径的创建回来从目的地的信息包的到一个本地网络。
去从本地网络的信息包往目的地
在本例中,本地网络是192.168.21.0/24。路由器R1和R2运行在被连接的以太网段的HSRP建立接口Ethernet 1。R1被配置作为HSRP活动路由器以备用优先级105,并且R2配置有备用优先级100。暂挂1跟踪Serial0 (s0) on命令R1允许HSRP进程监控该接口。如果接口状态断开,减少HSRP优先级。当接口s0线路通信协议断开时, HSRP优先级减少到95 (DEFAULT值由减少哪优先级是10)。这做另一个HSRP路由器, R2,有更加高优先级(优先级100)。R2适合HSRP活动路由器并且吸引被注定的数据流对有效HSRP地址192.169.21.10。
当在R1的接口s0是UP时,请发出show standby命令为了发现有效HSRP路由器:
R1#show standby
Ethernet1 - Group 1
Local state is Active, priority 105, may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.338
Virtual IP address is 192.168.21.10 configured
Active router is local
Standby router is 192.168.21.2 expires in 8.280
Virtual mac address is 0000.0c07.ac01
13 state changes, last state change 00:46:10
IP redundancy name is "hsrp-Et0-1"(default)
Priority tracking 1 interface, 1 up:
Interface Decrement State
Serial0 10 Up
R2#show standby
Ethernet1 - Group 1
State is Standby
56 state changes, last state change 00:05:13
Virtual IP address is 192.168.21.10
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.964 secs
Preemption enabled
Active router is 192.168.21.1, priority 105 (expires in 9.148 sec)
Standby router is local
Priority 100 (default 100)
IP redundancy name is "hsrp-Et0-1" (default)
R1#show standby ethernet 1 brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Et1 1 105 P Active local 192.168.21.2 192.168.21.10
R1#
R2#show standby ethernet 1 brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Et1 1 100 P Standby 192.168.21.1 local 192.168.21.10
R2#
show standby命令显示R1作为有效HSRP路由器由于高优先级105。因为R1是活动路由器, R1拥有备用IP地址192.168.21.10。从主机的所有IP数据流配置有默认网关对192.168.21.10路由通过R1。
如果建立在路由器R1的s0接口下来, HSRP活动路由器更改,因为在R1的HSRP用standby track serial 0命令配置。当Serial0接口协议断开时, HSRP减少R1优先级按10 (默认值)到95。R1更改其状态到“暂挂”。R2接管作为活动路由器和因而拥有备用IP地址192.168.21.10。相应地,从在192.168.21.0/24分段路由数据流的主机注定的所有数据流通过R2。debug and show命令输出确认同样。
R1(config)# interface s0 R1(config-if)# shut %STANDBY-6-STATECHANGE: Standby: 1: Ethernet1 state Active -> Speak %LINK-5-CHANGED: Interface Serial0, changed state to administratively down %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down %STANDBY-6-STATECHANGE: Standby: 1: Ethernet1 state Speak -> Standby %LINK-3-UPDOWN: Interface Serial0, changed state to down: %STANDBY-6-STATECHANGE: Standby: 1: Ethernet1 state Active -> Speak %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down %STANDBY-6-STATECHANGE: Standby: 1: Ethernet1 state Speak -> Standby
注意R1适合备用路由器。
如果R2进入激活状态,则您看到输出类似于此:
R2# %STANDBY-6-STATECHANGE: Standby: 1: Ethernet1 state Standby -> Active
如果执行show standby命令在R1和R2,请观察备用优先级,在接口s0在R1后去下来:
R1#show standby
Ethernet1 - Group 1
Local state is Standby, priority 95 (confgd 105), may preempt
Hellotime 3 sec, holdtime 10 sec
Next hello sent in 0.808
Virtual IP address is 192.168.21.10 configured
Active router is 192.168.21.2, priority 100 expires in 9.008
Standby router is local
15 state changes, last state change 00:00:40
IP redundancy name is "hsrp-Et0-1" (default)
Priority tracking 1 interface, 0 up:
Interface Decrement State
Serial0 10 Down (administratively down)
R1#
R2#show standby
Ethernet1 - Group 1
State is Active
57 state changes, last state change 00:00:33
Virtual IP address is 192.168.21.10
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (bia)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.648 secs
Preemption enabled
Active router is local
Standby router is 192.168.21.1, priority 95 (expires in 7.096 sec)
Priority 100 (default 100)
IP redundancy name is "hsrp-Et0-1" (default)
R2#
R2#
R1#sh standby ethernet 1 brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active addr Standby addr Group addr
Et0 1 95 P Standby 192.168.21.2 local 192.168.21.10
R1#
R2#sh standby ethernet 1 brief
P indicates configured to preempt.
|
Interface Grp Prio P State Active Standby Virtual IP
Et0 1 100 P Active local 192.168.21.1 192.168.21.10
R2#
注意R1的备用优先级从105减少了到95和R2成为活动路由器。
摘要
在连通性故障ISP-A和R1之间的情形下, HSRP减少备用组的优先级R1的。R1从激活状态去一个备用状态。R2从一个备用状态去激活状态。备用IP地址192.168.21.10变得激活在发送数据流的R2和主机到互联网使用R2和ISP-B,提供备选路径为出局流量。
关于hsrp standby track命令的更多信息,请参见如何使用standby preempt和standby track命令。
来自目的地的信息包往本地网络
根据在Background Information部分定义的网络策略,因为ISP-A是您的主路径,并且ISP-B是来往192.168.21.0/24的数据流的备用路径(原因例如往ISP-A的更大的带宽连接),您在BGP更新能添附您自己的AS编号被宣布往在R2to的ISP-B通过ISP-B做AS路径长期出现。为了执行此,请配置BGP邻居的192.168.42.4一个路由映射。在该路由映射,请添附您自己的AS用set as-path prepend命令。应用此路由映射于出局更新于相邻192.168.42.4。
Note: 在生产,您必须不止一次添附AS编号保证宣布的路由变得更喜欢。
当R1之间的BGP连接对ISP-A和R2to ISP-B是UP时,这是在R6的BGP表网络的192.168.21.0 :
R6# show ip bgp 192.168.21.0 BGP routing table entry for 192.168.21.0/24, version 30 Paths: (2 available, best #1) Advertised to non peer-group peers: 192.168.64.4 300 100 192.168.63.3 from 192.168.63.3 (10.5.5.5) Origin IGP, localpref 100, valid, external, best, ref 2 400 100 100 192.168.64.4 from 192.168.64.4 (192.168.64.4) Origin IGP, localpref 100, valid, external
与AS路径{400 100 100比较}从ISP-B,因为有一个更小的AS路径长度BGP选择最佳路径作为AS {300 100}通过ISP-A。那里原因是从ISP-B的一个更长的AS路径长度是由于AS路径加在前面在R2的配置。
当连接中断在R1和ISP-A之间时, R6必须通过ISP-B选择备选路径到达网络192.168.21.0/24 AS 100 :
R1(config)#interface s0 R1(config-if)#shut %LINEPROTO-5-UPDOWN: Line protocol on Interface Serial0, changed state to down
这是在R6的BGP表网络的192.168.21.0/24 :
R6#show ip bgp 192.168.21.0
BGP routing table entry for 192.168.21.0/24, version 31
Paths: (1 available, best #1)
Advertised to non peer-group peers:
192.168.63.3
400 100 100
192.168.64.4 from 192.168.64.4 (192.168.64.4)
Origin IGP, localpref 100, valid, external, best
参考BGP的配置示例与两个不同的服务提供商(多归属)关于在一个多址网络的BGP配置的更多信息。
Troubleshoot
目前没有针对此配置的故障排除信息。
反馈