Preface

In the enterprise network, layer-3 switches or routers are generally used as gateway devices , The gateway device is connected with an exit router or firewall to access the external network , If the gateway device in the enterprise fails , As a result, the terminal equipment of the intranet cannot access the public network . To avoid this happening ,VRRP（ Virtual router redundancy protocol ） Technology can realize redundant backup of gateway equipment , Even if one gateway device goes down , The other can also forward traffic , Ensure that the intranet terminal can access the Internet normally .

One 、VRRP The principle of Technology

Because a network card can only be configured with one gateway address , So the two gateway devices jointly create one ip Address , When one of the devices goes down , Another device can also continue to maintain this virtual ip, Realize the redundant backup effect of gateway equipment .

Two 、VRRP Experiment and configuration

1、 The topology

2、 Introduction to experimental topology

• PC1 It is the terminal equipment of the intranet .LSW3 It's the access switch .
• LSW1 and LSW2 It's a gateway device , Used to realize gateway redundancy .LSW1 Of GE0/0/1 Oral ip The address is 192.168.1.252/24,LSW2 Of GE0/0/1 Oral IP The address is 192.168.1.253/24, They use VRRP Technology jointly virtualizes a gateway address 192.168.1.254/24.
• Above the gateway device is an exit router .
• Router AR3 Simulate operator network , The loopback port simulates an address in the public network .

3、 Experimental configuration

VRRP Configuration command

Device configuration

LSW3:
vlan 10
int e0/0/2
port link-type trunk
port trunk allow-pass vlan 10 // Allow labeling VLAN10 The data frame passes through 

int e0/0/3
port link-type trunk
port trunk allow-pass vlan 10 // Allow labeling VLAN10 The data frame passes through 

int e0/0/1
port link-type access
port de v 10

LSW1:
vlan 10
int vlanif 10 // establish vlanif Interface 
ip add 192.168.1.252 24
int g0/0/1
port link-type trunk
port trunk allow-pass v 10
int vlanif 10
vrrp vrid 10 virtual-ip 192.168.1.254 // Configure under this port VRRP, And set the virtual address to 192.168.1.254
 vrrp vrid 10 priority 200 // Set the primary routing priority of this port to 200, The default priority is 100
 
// When an uplink port failure is detected , Automatically reduce priority 150, Make the standby port the primary port 
vrrp vrid 10 track interface g0/0/2 reduced  150 

vlan 20
int vlanif 20
ip add 172.16.2.2 24
int g0/0/2
port link-type access
p d v 20

// Configure dynamic routing protocol in the intranet OSPF, Ensure intranet communication 
ospf 1 router-id 2.2.2.2
area 0
network 172.16.2.0 0.0.0.255
network 192.168.1.0 0.0.0.255

ip route-s 0.0.0.0 0 172.16.2.1  // Configure the default route with static route 

LSW2:
vlan 10
int vlanif 10
ip add 192.168.1.253 24
int g0/0/1
port link-type trunk
port trunk allow-pass v 10
int vlanif 10
 vrrp vrid 10 virtual-ip 192.168.1.254  // Configure under this port VRRP, And set the virtual address to 192.168.1.254

vlan 20
int vlanif 20
ip add 172.16.1.2 24
int g0/0/2
port link-type access
p d v 20

// Configure dynamic routing protocol in the intranet OSPF, Ensure intranet communication 
ospf 1 router-id 1.1.1.1
area 0
network 172.16.1.0 0.0.0.255
network 192.168.1.0 0.0.0.255

ip route-s 0.0.0.0 0 172.16.1.1  // Configure the default route with static route 

 Exit router ：
int g0/0/0
ip add 172.16.2.1 24
int g0/0/1
ip add 172.16.1.1 24
int g0/0/2
ip add 100.1.1.2 24

// To configure easy ip, Convert the packet source address of the intranet accessing the public network into the public network address of the interface 
acl number 2000  
 rule 5 permit 
int g0/0/2
nat outbound 2000

ip route-s 0.0.0.0 0 100.1.1.1

// Configure dynamic routing protocol in the intranet OSPF, Ensure intranet communication , Two gateway devices ,OSPF It can also play the role of equipment redundancy 
ospf 1 router-id 3.3.3.3
area 0
network 172.16.2.0 0.0.0.255
network 172.16.1.0 0.0.0.255

 Operator router ：
int g0/0/0
ip add 100.1.1.1 24
int loo0
ip add 3.3.3.3 32

3、 ... and 、 experimental result

• Use command display vrrp You can see vrrp The state of the interface , You can see that in the picture LSW1 yes Master Main equipment , fictitious ip yes 192.168.1.254, Priority is 200.

• LSW2 The state of is Backup Spare equipment , fictitious ip yes 192.168.1.254, Priority is the default 100.

• Use PC1ping The address of the public network , Discovery is through .

• When the main link is disconnected, simulate the main equipment downtime , After a period of time, the backup device will automatically forward traffic .
  
  

summary

Use VRRP Redundancy of gateway equipment , Avoid a single point of failure , Suitable for deployment in the enterprise network . Of course, it's not just gateways , Any important node ip Both devices can be used for redundancy , So as to increase the stability of the system .