实验说明:
设备互联线路,IP 地址、路由协议、可靠性等配置自定义
实验效果:
- PC_1 网段流量经R1出互联网
- PC_2 网段流量经R2出互联网
- 当任意互联网线路故障后,全部流量走另一线路出互联网
解决思路:
- 设备互联,IP地址规划如图
- Core_SW1、Core_SW2 做堆叠,F1/0/53 to F1/0/54堆叠口,Ten 1/0/50为 BFD 检测线
<Core_SW1>dis irf
MemberID Role Priority CPU-Mac Description
*+1 Master 15 72f0-e201-0504 ---
2 Standby 10 72f0-e6bc-0604 ---
--------------------------------------------------
* indicates the device is the master.
+ indicates the device through which the user logs in.
<Core_SW1>dis irf topology
Topology Info
-------------------------------------------------------------------------
IRF-Port1 IRF-Port2
MemberID Link neighbor Link neighbor Belong To
1 DIS --- UP 2 72f0-e201-0504
2 UP 1 DIS --- 72f0-e201-0504
核心交换机 Core_SW 与 R1, R2 之间启用三层聚合链路
<Core_SW1>dis link-aggregation summary
Aggregation Interface Type:
BAGG -- Bridge-Aggregation, BLAGG -- Blade-Aggregation, RAGG -- Route-Aggregation, SCH-B -- Schannel-Bundle
Aggregation Mode: S -- Static, D -- Dynamic
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Actor System ID: 0x8000, 72f0-e201-0500
AGG AGG Partner ID Selected Unselected Individual Share
Interface Mode Ports Ports Ports Type
--------------------------------------------------------------------------------
BAGG3 S None 2 0 0 Shar
RAGG1 S None 2 0 0 Shar
RAGG2 S None 2 0 0 Shar
<Core_SW1>dis ip int b
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE1/0/1 up up -- --
GE1/0/2 up up -- --
GE2/0/1 up up -- --
GE2/0/2 up up -- --
MGE0/0/0 down down -- --
RAGG1 up up 10.1.1.1 --
RAGG2 up up 10.1.1.5 --
Vlan10 up up 192.168.10.254 --
Vlan20 up up 192.168.20.254 --
<R1>dis link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port: A -- Auto
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE0/1 S 32768 1
GE0/2 S 32768 1
<R1>dis ip int b
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 101.1.1.1 --
GE0/1 up up -- --
GE0/2 up up -- --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
RAGG1 up up 10.1.1.2 --
Ser1/0 down down -- --
Ser2/0 down down -- --
Ser3/0 down down -- --
Ser4/0 down down -- --
<R2>dis link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port: A -- Auto
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Route-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE0/1 S 32768 1
GE0/2 S 32768 1
<R2>dis ip int b
*down: administratively down
(s): spoofing (l): loopback
Interface Physical Protocol IP Address Description
GE0/0 up up 201.1.1.1 --
GE0/1 up up -- --
GE0/2 up up -- --
GE5/0 down down -- --
GE5/1 down down -- --
GE6/0 down down -- --
GE6/1 down down -- --
RAGG1 up up 10.1.1.6 --
Ser1/0 down down -- --
Ser2/0 down down -- --
Ser3/0 down down -- --
Ser4/0 down down -- --
- 核心交换机 Core_SW 与 SW3 之间启用二层聚合链路
<SW3>dis link-aggregation verbose
Loadsharing Type: Shar -- Loadsharing, NonS -- Non-Loadsharing
Port: A -- Auto
Port Status: S -- Selected, U -- Unselected, I -- Individual
Flags: A -- LACP_Activity, B -- LACP_Timeout, C -- Aggregation,
D -- Synchronization, E -- Collecting, F -- Distributing,
G -- Defaulted, H -- Expired
Aggregate Interface: Bridge-Aggregation1
Aggregation Mode: Static
Loadsharing Type: Shar
Port Status Priority Oper-Key
--------------------------------------------------------------------------------
GE1/0/1 S 32768 1
GE1/0/2 S 32768 1
- 核心交换机 Core_SW 配置静态路由;R1、R2 配置默认路由下一跳指向 ISP 设备地址、配置回程静态路由指向 Core_SW 三层聚合接口地址
<Core_SW1>dis cur | inc route
policy-based-route vlan20nexthop permit node 1
ip policy-based-route vlan20nexthop
port link-mode route
port link-mode route
port link-mode route
port link-mode route
ip route-static 0.0.0.0 0 10.1.1.2 track 2
ip route-static 0.0.0.0 0 10.1.1.6 preference 80
<R1>dis ip routing-table pro static
Summary count : 3
Static Routing table status : <Active>
Summary count : 3
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 101.1.1.2 GE0/0
192.168.10.0/24 Static 60 0 10.1.1.1 RAGG1
192.168.20.0/24 Static 60 0 10.1.1.1 RAGG1
Static Routing table status : <Inactive>
Summary count : 0
<R2>dis ip routing-table pro static
Summary count : 3
Static Routing table status : <Active>
Summary count : 3
Destination/Mask Proto Pre Cost NextHop Interface
0.0.0.0/0 Static 60 0 201.1.1.2 GE0/0
192.168.10.0/24 Static 60 0 10.1.1.5 RAGG1
192.168.20.0/24 Static 60 0 10.1.1.5 RAGG1
Static Routing table status : <Inactive>
Summary count : 0
- 核心交换机 Core_SW 配置 NQA,检测 ISP_1, ISP_2 可达性,关联 Track 与静态路由、策略路由联动
#
nqa entry admin isp_1_test
type icmp-echo
destination ip 101.1.1.2
frequency 2000
history-record enable
history-record number 5
next-hop ip 10.1.1.2
probe count 5
probe timeout 1000
reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
source ip 10.1.1.1
#
nqa entry admin isp_2_test
type icmp-echo
destination ip 201.1.1.2
frequency 2000
history-record enable
history-record number 5
next-hop ip 10.1.1.6
probe count 5
probe timeout 1000
reaction 1 checked-element probe-fail threshold-type consecutive 3 action-type trigger-only
source ip 10.1.1.5
#
nqa schedule admin isp_1_test start-time now lifetime forever
nqa schedule admin isp_2_test start-time now lifetime forever
track 1 nqa entry admin isp_2_test reaction 1
#
track 2 nqa entry admin isp_1_test reaction 1
#
ip route-static 0.0.0.0 0 10.1.1.2 track 2
ip route-static 0.0.0.0 0 10.1.1.6 preference 80
#
#
policy-based-route vlan20nexthop permit node 1
if-match acl 3001
apply next-hop 10.1.1.6 track 1
#
#
acl advanced 3001
rule 5 deny ip source 192.168.20.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
rule 10 permit ip source 192.168.20.0 0.0.0.255
#
- ISP 网络设备配置 OSPF
<ISP_NETWORK>dis ip routing-table protocol ospf
Summary count : 5
OSPF Routing table status : <Active>
Summary count : 2
Destination/Mask Proto Pre Cost NextHop Interface
101.1.1.0/30 O_INTRA 10 2 101.1.1.5 GE0/1
201.1.1.0/30 O_INTRA 10 2 201.1.1.5 GE0/2
OSPF Routing table status : <Inactive>
Summary count : 3
Destination/Mask Proto Pre Cost NextHop Interface
1.2.3.4/32 O_INTRA 10 0 0.0.0.0 Loop0
101.1.1.4/30 O_INTRA 10 1 0.0.0.0 GE0/1
201.1.1.4/30 O_INTRA 10 1 0.0.0.0 GE0/2