客户现网是F1020的防火墙做了IRF,双出口电信、联通接在不同的防火墙上,现在想配置冗余组实现主备切换,另外客户反馈想通过对上行检测下一跳地址来切换而不仅仅是接口物理状态。
1、接口ip地址、安全域、域间策略、路由配置略
2、防火墙配置如下:
#
nqa entry admin test
type icmp-echo
destination ip 10.1.1.1
frequency 100
trigger-only
#
nqa schedule admin test start-time now lifetime forever
#
interface Reth2
ip address 40.1.1.2 255.255.255.0
member interface GigabitEthernet1/0/14 priority 255
member interface GigabitEthernet2/0/14 priority 50
#
interface GigabitEthernet1/0/15
port link-mode route
ip address 10.1.1.2 255.255.255.0
nat outbound
#
interface GigabitEthernet2/0/15
port link-mode route
ip address 20.1.1.2 255.255.255.0
nat outbound
#
redundancy group aaa
member interface Reth2
node 1
bind slot 1
priority 100
track 1 interface GigabitEthernet1/0/15
track 2 interface GigabitEthernet1/0/14
node-member interface GigabitEthernet1/0/15
node 2
bind slot 2
priority 50
track 3 interface GigabitEthernet2/0/15
track 4 interface GigabitEthernet2/0/14
node-member interface GigabitEthernet2/0/15
#
track 1 nqa entry admin test reaction 1
track 2 interface GigabitEthernet1/0/14 physical
track 3 interface GigabitEthernet2/0/15 physical
track 4 interface GigabitEthernet2/0/14 physical
#
测试过程:
(1)正常情况下冗余接口、冗余组状态
[H3C]dis redundancy group
Redundancy group aaa (ID 1):
Node ID Slot Priority Status Track weight
1 Slot1 100 Primary 255
2 Slot2 50 Secondary 255
Preempt delay time remained : 0 min
Preempt delay timer setting : 1 min
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth2
Node 1:
Node member Physical status
GE1/0/15 UP
Track info:
Track Status Reduced weight Interface
1 Positive 255 GE1/0/15
2 Positive 255 GE1/0/14
Node 2:
Node member Physical status
GE2/0/15 UP
Track info:
Track Status Reduced weight Interface
3 Positive 255 GE2/0/15
4 Positive 255 GE2/0/14
[H3C] dis reth int reth 2
Reth2 :
Redundancy group : aaa
Member Physical status Forwarding status Presence status
GE1/0/14 UP Active Normal
GE2/0/14 UP Inactive Normal
(2)断开上行交换机和路由器互联接口,冗余接口、冗余组切换状态
[H3C]dis redundancy group
Redundancy group aaa (ID 1):
Node ID Slot Priority Status Track weight
1 Slot1 100 Secondary -255
2 Slot2 50 Primary 255
Preempt delay time remained : 0 min
Preempt delay timer setting : 1 min
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth2
Node 1:
Node member Physical status
GE1/0/15 UP
Track info:
Track Status Reduced weight Interface
1 Negative 255 GE1/0/15(Fault)
2 Negative 255 GE1/0/14
Node 2:
Node member Physical status
GE2/0/15 UP
Track info:
Track Status Reduced weight Interface
3 Positive 255 GE2/0/15
4 Positive 255 GE2/0/14
[H3C]dis reth int reth 2
Reth2 :
Redundancy group : aaa
Member Physical status Forwarding status Presence status
GE1/0/14 DOWN(redundancy down) Inactive Normal
GE2/0/14 UP Active Normal
(3)恢复交换机和路由器互联接口,冗余接口、冗余组回切状态
[H3C]dis redundancy group
Redundancy group aaa (ID 1):
Node ID Slot Priority Status Track weight
1 Slot1 100 Primary 255
2 Slot2 50 Secondary 255
Preempt delay time remained : 1 min
Preempt delay timer setting : 1 min
Remaining hold-down time : 0 sec
Hold-down timer setting : 1 sec
Manual switchover request : No
Member interfaces:
Reth2
Node 1:
Node member Physical status
GE1/0/15 UP
Track info:
Track Status Reduced weight Interface
1 Positive 255 GE1/0/15
2 Positive 255 GE1/0/14
Node 2:
Node member Physical status
GE2/0/15 UP
Track info:
Track Status Reduced weight Interface
3 Positive 255 GE2/0/15
4 Positive 255 GE2/0/14
[H3C]dis reth int reth 2
Reth2 :
Redundancy group : aaa
Member Physical status Forwarding status Presence status
GE1/0/14 UP Active Normal
GE2/0/14 UP Inactive Normal
(4)切换过程中业务丢包情况测试
[SW1]ping -c 1000 100.1.1.1
PING 100.1.1.1: 56 data bytes, press CTRL_C to break
Reply from 100.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=2 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=3 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=12 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=15 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=16 ttl=254 time=1 ms
Reply from 100.1.1.1: bytes=56 Sequence=17 ttl=254 time=1 ms
Reply from 100.1.1.1: bytes=56 Sequence=18 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=19 ttl=254 time=2 ms
Request time out
Request time out //主切备
Request time out
Reply from 100.1.1.1: bytes=56 Sequence=23 ttl=254 time=3 ms
Reply from 100.1.1.1: bytes=56 Sequence=24 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=25 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=26 ttl=254 time=2 ms
:
:
:
:
Reply from 100.1.1.1: bytes=56 Sequence=214 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=215 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=216 ttl=254 time=1 ms
Reply from 100.1.1.1: bytes=56 Sequence=217 ttl=254 time=12 ms
Reply from 100.1.1.1: bytes=56 Sequence=220 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=221 ttl=254 time=3 ms
Reply from 100.1.1.1: bytes=56 Sequence=222 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=223 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=224 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=225 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=226 ttl=254 time=2 ms
Request time out //备回切主
Reply from 100.1.1.1: bytes=56 Sequence=228 ttl=254 time=2 ms
Reply from 100.1.1.1: bytes=56 Sequence=229 ttl=254 time=2 ms
可以看出在主设备切换成备设备的过程中大概丢3个包左右,备设备回切到主设备的过程中大概丢1个包左右。
无
该案例暂时没有网友评论
编辑评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作