vrrp 双主 故障
- 0关注
- 0收藏,47浏览
问题描述:
两台软硬件相同的H3C 应用交付网关A和B做vrrp热备,优先级低的备用设备也为master状态,出现双主故障,找不到故障原因。防火墙厂家工程师加了vrrp协议放通策略,或者路由设备A不连接防火墙还是双主故障,交换机A和B是非网管交换机,交换机C和D为H3C S5130V2 ,做的静态链路聚合。两个路由器之间ping测试,数据延迟平均值:20~30ms,最大延迟约80ms,无丢包。
组网及组网描述:
路由器A vrrp相关配置如下:
interface GigabitEthernet1/0/0
port link-mode route
description dianxin
ip address 192.168.201.66 255.255.255.252
nqa entry admin test
type icmp-echo
destination ip 192.168.201.65
frequency 100
reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only
nqa schedule admin test start-time now lifetime forever
track 1 nqa entry admin test reaction 1
interface GigabitEthernet1/0/13
port link-mode route
description lan
ip address 192.168.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.1 255.255.255.0
vrrp vrid 1 priority 110
vrrp vrid 1 track 1 priority reduced 20
路由器B相关配置如下:
nterface GigabitEthernet1/0/13
port link-mode route
description lan
ip address 192.168.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.1 255.255.255.0
您好,看了下配置,给你做了个脚本,参考
最终标准配置
# 上行接口(不变)
interface GigabitEthernet1/0/0
port link-mode route
description dianxin
ip address 192.168.201.66 255.255.255.252
quit
# NQA探测(优化后)
nqa entry admin test
type icmp-echo
destination ip 192.168.201.65
frequency 2000
reaction 1 checked-element probe-fail threshold-type consecutive 10 action-type trigger-only
quit
nqa schedule admin test start-time now lifetime forever
# Track联动(优化后)
track 1 nqa entry admin test reaction 1
# VRRP绑定接口(完整优化)
interface GigabitEthernet1/0/13
port link-mode route
description lan
ip address 192.168.1.3 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.1 255.255.255.0
vrrp vrid 1 priority 110
vrrp vrid 1 track 1 priority reduced 15
vrrp vrid 1 preempt-mode timer delay 3
vrrp vrid 1 timer advertise 2
quit
路由器 B 最终完整配置(备网关,优先级稍低,对称联动上行)
# 上行接口(补充完整,和A对应,根据B实际上行配置,此处参考A格式)
interface GigabitEthernet1/0/0
port link-mode route
description dianxin
ip address 192.168.201.x 255.255.255.252 # 替换为B的实际上行IP
quit
# NQA探测(和A对称)
nqa entry admin test
type icmp-echo
destination ip 192.168.201.65 # 替换为B的实际上行网关
frequency 2000
reaction 1 checked-element probe-fail threshold-type consecutive 10 action-type trigger-only
quit
nqa schedule admin test start-time now lifetime forever
# Track联动(和A对称)
track 1 nqa entry admin test reaction 1
# VRRP绑定接口(完整优化)
interface GigabitEthernet1/0/13
port link-mode route
description lan
ip address 192.168.1.2 255.255.255.0
vrrp vrid 1 virtual-ip 192.168.1.1 255.255.255.0
vrrp vrid 1 priority 100
vrrp vrid 1 track 1 priority reduced 15
vrrp vrid 1 preempt-mode timer delay 5
vrrp vrid 1 timer advertise 2
quit
编辑答案
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作
举报
×
侵犯我的权益
×
侵犯了我企业的权益
×
- 1. 您举报的内容是什么?(请在邮件中列出您举报的内容和链接地址)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
- 3. 是哪家企业?(营业执照,单位登记证明等证件)
- 4. 您与该企业的关系是?(您是企业法人或被授权人,需提供企业委托授权书)
抄袭了我的内容
×
原文链接或出处
诽谤我
×
- 1. 您举报的内容以及侵犯了您什么权益?(请在邮件中列出您举报的内容、链接地址,并给出简短的说明)
- 2. 您是谁?(身份证明材料,可以是身份证或护照等证件)
对根叔社区有害的内容
×
不规范转载
×
举报说明
暂无评论