1월 09 2018

[GNS3 Labs. Cisco] VRRP를 이용한 라우터 이중화

VRRP(Virtual Router Redundancy Protocol)를 이용한 라우터 이중화

HSRP가 Cisco 전용 라우터 이중화 규격이라면, VRRP는 IEEE 표준 라우터 이중화 규격이다.

참고문서
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/ipapp_fhrp/configuration/xe-3s/fhp-xe-3s-book/fhp-vrrp.html#GUID-B6FD065C-69CE-4DA5-917C-A9D626D19C2E

아래 그림과 같이 구성한다.

라우터 R-A 설정

인터페이스에 IP주소 부여 

R-A#conf t
R-A(config)#int e0/0
R-A(config-if)#ip address 172.16.10.2 255.255.255.0
R-A(config-if)#no shutdown
R-A(config-if)#end
R-A(config)#int e0/1
R-A(config-if)#ip address 192.168.0.1 255.255.255.252
R-A(config-if)#no shutdown

VRRP 설정

R-A(config)#int e0/0
R-A(config-if)#vrrp 1 ip 172.16.10.1
R-A(config-if)#vrrp 1 priority 110

라우터 R-S 설정
인터페이스에 IP주소 부여

R-S#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R-S(config)#int e0/0
R-S(config-if)#ip address 172.16.10.3 255.255.255.0
R-S(config-if)#no shutdown
R-S(config-if)#end
R-S(config)#int e 0/1
R-S(config-if)#ip address 192.168.0.5 255.255.255.252
R-S(config-if)#no shutdown

vrrp 설정

R-S(config)#int e0/0
R-S(config-if)#vrrp 1 ip 172.16.10.1
R-S(config-if)#vrrp 1 pri
R-S(config-if)#vrrp 1 priority 100
R-S(config-if)#end

라우터 R-A, R-S, 스위치 SW-out에 라우팅 설정을 한다(생략, 각 장비의 설정은 아래 설정값 참고)

VRRP 상태 확인

R-A#sh vrrp
Ethernet0/0 - Group 1
  State is Master
  Virtual IP address is 172.16.10.1
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 110
  Master Router is 172.16.10.2 (local), priority is 110
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.570 sec

R-A#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Et0/0              1   110 3570       Y  Master  172.16.10.2     172.16.10.1

이제, 아래 그림처럼 Router R-A와 스위치 SW-in 의 링크를 단절하고, VRRP 상태를 확인해 본다.

라우터 R-A의 vrrp 상태 

R-A#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Et0/0              1   110 3570       Y  Init    0.0.0.0         172.16.10.1

라우터 R-S가 master가 되었음을 확인 할 수 있다.

R-S#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Et0/0              1   100 3609       Y  Master  172.16.10.3     172.16.10.1

이제, 아래 그림처럼 라우터 R-A 와 스위치 SW-out의 링크가 단절된다면 master 라우터가 R-S로 변경되는가?

의도와는 다르게 라우터 R-S가 master 라우터로 작동하지 않고, VPC-1에서 VPC-3으로 통신이 되지 않는다.

이런 경우를 고려하여, e0/1의 상태를 추적하여 문제가 있는경우 vrrp 우선순위를 감소 시킴으로써, vrrp master 상태가 바뀌도록 설정한다.

track 오브젝트 2 를 만든다.

R-A#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R-A(config)#track 2 int e0/1 line-protocol

vrrp 설정에 위에서 만든 track 오브젝트를 적용한다.(line protocol이 down 되면, vrrp 우선순위를 15 감소)

R-A(config)#int e0/0
R-A(config-if)#vrrp 1 track 2 decrement 15
R-A(config-if)#end
*Jan  9 05:10:53.128: %SYS-5-CONFIG_I: Configured from console by console
*Jan  9 05:10:54.563: %VRRP-6-STATECHANGE: Et0/0 Grp 1 state Master -> Backup

track 오브젝트 상태를 먼저 확인해 본다.

R-A#show track
Track 2
  Interface Ethernet0/1 line-protocol
  Line protocol is Down (hw admin-down)
    3 changes, last change 00:00:04
  Tracked by:
    VRRP Ethernet0/0 1
R-A#

이제 vrrp 상태를 확인해 보면, 라우터 R-A가 backup 라우터가 되었음을 볼 수 있다. 

R-A#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Et0/0              1   95  3570       Y  Backup  172.16.10.3     172.16.10.1

R-S#sh vrrp brief
Interface          Grp Pri Time  Own Pre State   Master addr     Group addr
Et0/0              1   100 3609       Y  Master  172.16.10.3     172.16.10.1

여기까지 스위치 SW-out, 라우터 R-A, R-s의 설정
———————
SW-out 설정
———————

SW-out#sh config
Using 1047 out of 8192 bytes, uncompressed size = 1815 bytes
!
! Last configuration change at 05:18:32 UTC Tue Jan 9 2018
!
version 15.1
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
service compress-config
!
hostname SW-out
!
boot-start-marker
boot-end-marker
!
!
logging discriminator EXCESS severity drops 6 msg-body drops EXCESSCOLL
logging buffered 50000
logging console discriminator EXCESS
!
no aaa new-model
no ip icmp rate-limit unreachable
!
ip cef
!
!
no ip domain-lookup
no ipv6 cef
ipv6 multicast rpf use-bgp
!
!
!
!
!
!
!
spanning-tree mode pvst
spanning-tree extend system-id
!
!
!
!
vlan internal allocation policy ascending
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 no switchport
 ip address 192.168.0.2 255.255.255.252
!
interface Ethernet0/1
 no switchport
 ip address 192.168.0.6 255.255.255.252
!
interface Ethernet0/2
 no switchport
 no ip address
!
interface Ethernet0/3
 no switchport
 ip address 10.10.10.1 255.255.255.0
!
interface Ethernet1/0
 duplex auto
!
interface Ethernet1/1
 duplex auto
!
interface Ethernet1/2
 duplex auto
!
interface Ethernet1/3
 duplex auto
!
interface Ethernet2/0
 duplex auto
!
interface Ethernet2/1
 duplex auto
!
interface Ethernet2/2
 duplex auto
!
interface Ethernet2/3
 duplex auto
!
interface Ethernet3/0
 duplex auto
!
interface Ethernet3/1
 duplex auto
!
interface Ethernet3/2
 duplex auto
!
interface Ethernet3/3
 duplex auto
!
interface Vlan1
 no ip address
 shutdown
!
!
no ip http server
!
ip route 10.10.10.0 255.255.255.0 Ethernet0/3
ip route 172.16.10.0 255.255.255.0 192.168.0.1
ip route 172.16.10.0 255.255.255.0 192.168.0.5
!
!
!
!
control-plane
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
!
end

SW-out#

———————
라우터 R-A 설정
———————

R-A#sh config
Using 2013 out of 32768 bytes
!
! Last configuration change at 05:20:00 UTC Tue Jan 9 2018
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R-A
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
track 2 interface Ethernet0/1 line-protocol
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 172.16.10.2 255.255.255.0
 vrrp 1 ip 172.16.10.1
 vrrp 1 priority 110
 vrrp 1 track 2 decrement 15
!
interface Ethernet0/1
 ip address 192.168.0.1 255.255.255.252
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 Ethernet0/1
ip route 0.0.0.0 0.0.0.0 192.168.0.2
!
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
 transport input all
!
!
end

R-A#

———————
라우터 R-S 설정
———————

R-S#sh config
Using 1880 out of 32768 bytes
!
! Last configuration change at 04:56:20 UTC Tue Jan 9 2018
version 15.2
service timestamps debug datetime msec
service timestamps log datetime msec
no service password-encryption
!
hostname R-S
!
boot-start-marker
boot-end-marker
!
!
!
no aaa new-model
mmi polling-interval 60
no mmi auto-configure
no mmi pvc
mmi snmp-timeout 180
no ip icmp rate-limit unreachable
!
!
!
!
!
!
no ip domain lookup
ip cef
no ipv6 cef
!
multilink bundle-name authenticated
!
!
!
!
!
!
!
!
!
redundancy
!
!
ip tcp synwait-time 5
!
!
!
!
!
!
!
!
!
!
!
!
interface Ethernet0/0
 ip address 172.16.10.3 255.255.255.0
 vrrp 1 ip 172.16.10.1
!
interface Ethernet0/1
 ip address 192.168.0.5 255.255.255.252
!
interface Ethernet0/2
 no ip address
 shutdown
!
interface Ethernet0/3
 no ip address
 shutdown
!
interface Ethernet1/0
 no ip address
 shutdown
!
interface Ethernet1/1
 no ip address
 shutdown
!
interface Ethernet1/2
 no ip address
 shutdown
!
interface Ethernet1/3
 no ip address
 shutdown
!
interface Serial2/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial2/3
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/0
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/1
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/2
 no ip address
 shutdown
 serial restart-delay 0
!
interface Serial3/3
 no ip address
 shutdown
 serial restart-delay 0
!
ip forward-protocol nd
!
!
no ip http server
no ip http secure-server
ip route 0.0.0.0 0.0.0.0 192.168.0.6
!
!
!
!
control-plane
!
!
!
!
!
!
!
line con 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line aux 0
 exec-timeout 0 0
 privilege level 15
 logging synchronous
line vty 0 4
 login
 transport input all
!
!
end

답글 남기기

Your email address will not be published.