DynagenでCCIEを目指す
20100825 HSRP
最終更新:
it_certification
-
view
1. 目的
- HSPRを設定する方法を確認します。
2. 構成
2.1. 設定概要
- 初期設定はIPアドレスのみです。
2.2. 構成図
2.3. netファイル
model = 3660 [localhost] [[3660]] image = C:\Program Files\Dynamips\images\c3660-ik9o3s-mz.124-6.T.bin ram = 128 [[ROUTER R1]] f0/0 = LAN 1 [[ROUTER R2]] f0/0 = LAN 1 f0/1 = LAN 2 [[ROUTER R3]] f0/0 = LAN 1 f0/1 = LAN 2 [[ROUTER R4]] f0/1 = LAN 2
2.4. 初期設定
- R1
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R1 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.1 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 no ip address shutdown duplex auto speed auto ! ip http server no ip http secure-server ! ! ! no cdp run ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- R2
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R2 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.2 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.2.2 255.255.255.0 duplex auto speed auto ! ip http server no ip http secure-server ! ! ! no cdp run ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- R3
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R3 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 ip address 192.168.1.3 255.255.255.0 duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.2.3 255.255.255.0 duplex auto speed auto ! ip http server no ip http secure-server ! ! ! no cdp run ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
- R4
! version 12.4 service timestamps debug datetime msec service timestamps log datetime msec no service password-encryption ! hostname R4 ! boot-start-marker boot-end-marker ! ! no aaa new-model ! resource policy ! memory-size iomem 5 ! ! ip cef no ip domain lookup ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! ! interface FastEthernet0/0 no ip address shutdown duplex auto speed auto ! interface FastEthernet0/1 ip address 192.168.2.4 255.255.255.0 duplex auto speed auto ! ip http server no ip http secure-server ! ! ! no cdp run ! ! ! control-plane ! ! ! ! ! ! ! ! ! line con 0 line aux 0 line vty 0 4 ! ! end
3. [検証] HSRP 基本設定
3.1. HSRP 基本設定
R2, R3の間でHSRPを設定します。R2を主系とし、R3を待機系とします。
R2(config)#interface FastEthernet 0/0 R2(config-if)#standby 1 ip 192.168.1.254 R2(config-if)#standby 1 priority 200 <- デフォルトは100です。数値の大きい方がActiveになります。 R2(config-if)# *Mar 1 00:16:26.767: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby *Mar 1 00:16:26.771: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Standby -> Active R2(config-if)#exit R2(config)# R2(config)# R2(config)#interface FastEthernet 0/1 R2(config-if)#standby 2 ip 192.168.2.254 R2(config-if)#standby 2 priority 200 R2(config-if)# *Mar 1 00:17:12.331: %HSRP-6-STATECHANGE: FastEthernet0/1 Grp 2 state Speak -> Standby *Mar 1 00:17:12.335: %HSRP-6-STATECHANGE: FastEthernet0/1 Grp 2 state Standby -> Active R2(config-if)# R3(config)#interface FastEthernet 0/0 R3(config-if)#standby 1 ip 192.168.1.254 R3(config-if)#standby 1 priority 150 R3(config-if)# *Mar 1 00:17:31.059: %HSRP-6-STATECHANGE: FastEthernet0/0 Grp 1 state Speak -> Standby R3(config-if)#exit R3(config)# R3(config)# R3(config)#interface FastEthernet 0/1 R3(config-if)#standby 2 ip 192.168.2.254 R3(config-if)#standby 2 priority 150 R3(config-if)# *Mar 1 00:18:19.279: %HSRP-6-STATECHANGE: FastEthernet0/1 Grp 2 state Speak -> Standby R3(config-if)#
HSRPの設定について確認します(R3の出力は省略)
R2#show standby
FastEthernet0/0 - Group 1
State is Active
2 state changes, last state change 00:02:04
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.204 secs
Preemption disabled
Active router is local
Standby router is 192.168.1.3, priority 150 (expires in 8.740 sec)
Priority 200 (configured 200)
IP redundancy name is "hsrp-Fa0/0-1" (default)
FastEthernet0/1 - Group 2
State is Active
2 state changes, last state change 00:01:19
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.732 secs
Preemption disabled
Active router is local
Standby router is 192.168.2.3, priority 150 (expires in 8.452 sec)
Priority 200 (configured 200)
IP redundancy name is "hsrp-Fa0/1-2" (default)
R2#
3.2. デフォルトゲートウェイの定義
R1, R4のデフォルトゲートウェイを定義します。
R1(config)#ip route 0.0.0.0 0.0.0.0 192.168.1.254 R4(config)#ip route 0.0.0.0 0.0.0.0 192.168.2.254
R1, R4間で疎通可能な事を確認します。
R1#ping 192.168.2.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.4, timeout is 2 seconds: ..!!! Success rate is 60 percent (3/5), round-trip min/avg/max = 20/26/36 ms R1#
3.3. 障害時の挙動
R1からR4へpingを送信し続けます。
R1#ping 192.168.2.4 repeat 10000
pingを送信している最中に、R2を停止させます。
=> stop R2 100-VM 'R2' stopped =>
通信経路が自動的に切り替わり、pingが成功し続ける事を確認します。
R1#ping 192.168.2.4 repeat 10000 Type escape sequence to abort. Sending 10000, 100-byte ICMP Echos to 192.168.2.4, timeout is 2 seconds: !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!......!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!!! !!!. Success rate is 99 percent (697/704), round-trip min/avg/max = 8/18/80 ms R1#
4. [検証] preempt
4.1. 状態確認
R2を起動させます。
=> start R2
現在の主系を確認します。R2の方がpriorityが大きいにもかかわらず、現在の主系はR3である事が読み取れます。
R2#show standby
FastEthernet0/0 - Group 1
State is Standby
4 state changes, last state change 00:00:09
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.660 secs
Preemption disabled
Active router is 192.168.1.3, priority 150 (expires in 9.616 sec) <- 対向R3のpriorityを確認できます。
Standby router is local
Priority 200 (configured 200) <- priorityを確認できます。
IP redundancy name is "hsrp-Fa0/0-1" (default)
FastEthernet0/1 - Group 2
State is Standby
4 state changes, last state change 00:00:09
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.680 secs
Preemption disabled
Active router is 192.168.2.3, priority 150 (expires in 9.616 sec)
Standby router is local
Priority 200 (configured 200)
IP redundancy name is "hsrp-Fa0/1-2" (default)
R2#
4.2. preempt 設定
常にpriorityが大きい方を主系にするためには、preemptの設定が必要です。
設定例は以下の通りです。なお、delayは切り替わりまでの遅延時間の定義で必須ではありませんが、delayの定義により主系が不ラッピングした際の全断を防ぐ事ができます。
設定例は以下の通りです。なお、delayは切り替わりまでの遅延時間の定義で必須ではありませんが、delayの定義により主系が不ラッピングした際の全断を防ぐ事ができます。
R2(config)#interface fastEthernet 0/0 R2(config-if)#standby 1 preempt delay minimum 30 R2(config-if)#exit R2(config)# R2(config)# R2(config)#interface fastEthernet 0/1 R2(config-if)#standby 2 preempt delay minimum 30
4.3. preempt 確認
preemptが有効になり、主系がR2に切り替わった事を確認します。
R2#show standby
FastEthernet0/0 - Group 1
State is Active
5 state changes, last state change 00:01:06
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.548 secs
Preemption enabled, delay min 30 secs
Active router is local
Standby router is 192.168.1.3, priority 150 (expires in 7.604 sec)
Priority 200 (configured 200)
IP redundancy name is "hsrp-Fa0/0-1" (default)
FastEthernet0/1 - Group 2
State is Active
5 state changes, last state change 00:00:54
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.792 secs
Preemption enabled, delay min 30 secs
Active router is local
Standby router is 192.168.2.3, priority 150 (expires in 9.872 sec)
Priority 200 (configured 200)
IP redundancy name is "hsrp-Fa0/1-2" (default)
R2#
5. [検証] track
5.1. 問題点の把握
R2 Fa1/0がダウンした場合を想定します。
R2(config)#interface FastEthernet 0/1 R2(config-if)#shutdown
R2 Fa1/0がダウンすると、R1, R4間で疎通不能になります。192.168.2.254のデフォルトゲートウェイはR2からR3に切り替わりますが、192.168.1.254のデフォルトゲートウェイはR2のままで切り替わらないからです。
R1#ping 192.168.2.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.4, timeout is 2 seconds: U.U.U Success rate is 0 percent (0/5) R1#
5.2. track 設定
上記のような問題を解決するために、特定のI/Fがダウンした際にpriorityを下げる事でデフォルトゲートウェイの切り替えを行う機能があります。設定例は以下の通りです。
R2(config)#interface FastEthernet 0/0 R2(config-if)#standby 1 track FastEthernet 0/1 60 R2(config-if)#exit R2(config)# R2(config)# R2(config)#interface FastEthernet 0/1 R2(config-if)#standby 2 track FastEthernet 0/0 60
trackによって、R2 Group 1のpriorityが200から140に下がった事が確認できます。しかし、依然R2は主系のままです。
R2#show standby
FastEthernet0/0 - Group 1
State is Active <- priorityはR3よりも低いですが、依然Activeのままです。
5 state changes, last state change 00:03:53
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.576 secs
Preemption enabled, delay min 30 secs
Active router is local
Standby router is 192.168.1.3, priority 150 (expires in 8.624 sec)
Priority 140 (configured 200) <- priorityが140に下がった事が分かります
Track interface FastEthernet0/1 state Down decrement 60
IP redundancy name is "hsrp-Fa0/0-1" (default)
FastEthernet0/1 - Group 2
State is Init (interface down)
6 state changes, last state change 00:00:14
Virtual IP address is 192.168.2.254
Active virtual MAC address is unknown
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Preemption enabled, delay min 30 secs
Active router is unknown
Standby router is unknown
Priority 200 (configured 200)
Track interface FastEthernet0/0 state Up decrement 60
IP redundancy name is "hsrp-Fa0/1-2" (default)
R2#
5.3. preempt設定
R2が依然主系のままでいるのは、R3にpreemptの設定が投入されていないためです。trackは必ずpreemptとセットで使用するようにしましょう。
R3にpreemptの設定を投入します。
R3にpreemptの設定を投入します。
R3(config)#interface FastEthernet 0/0 R3(config-if)#standby 1 preempt delay minimum 30 R3(config-if)#exit R3(config)# R3(config)# R3(config)#interface FastEthernet 0/1 R3(config-if)#standby 2 preempt delay minimum 30
主系がR3に切り替わった事を確認します。
R3#show standby
FastEthernet0/0 - Group 1
State is Active
5 state changes, last state change 00:00:09
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.428 secs
Preemption enabled, delay min 30 secs
Active router is local
Standby router is unknown
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/0-1" (default)
FastEthernet0/1 - Group 2
State is Active
5 state changes, last state change 00:01:37
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.900 secs
Preemption enabled, delay min 30 secs
Active router is local
Standby router is unknown
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/1-2" (default)
R3#
R1, R4間で疎通可能な事を確認します。
R1#ping 192.168.2.4 Type escape sequence to abort. Sending 5, 100-byte ICMP Echos to 192.168.2.4, timeout is 2 seconds: !!!!! Success rate is 100 percent (5/5), round-trip min/avg/max = 96/110/128 ms R1#
6. [検証] 認証
6.1. 平文による認証
以下の要領で、平文による認証を行う事ができます。
R2(config)#interface FastEthernet 0/0 R2(config-if)#standby 1 authentication text HOGE R3(config)#int FastEthernet 0/0 R3(config-if)#standby 1 authentication text HOGE
設定終了後、HSRPが確立されている事を確認します。
R3#show standby
FastEthernet0/0 - Group 1
State is Active
5 state changes, last state change 00:01:51
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 0.796 secs
Authentication text "HOGE" <- 平文による認証を確認できます。
Preemption enabled, delay min 30 secs
Active router is local
Standby router is 192.168.1.2, priority 140 (expires in 8.828 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/0-1" (default)
FastEthernet0/1 - Group 2
State is Active
5 state changes, last state change 00:03:18
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.224 secs
Preemption enabled, delay min 30 secs
Active router is local
Standby router is unknown
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/1-2" (default)
R3#
6.2. MD5による認証
以下の要領で、MD5による認証を行う事ができます。
R2(config)#interface FastEthernet 0/1 R2(config-if)#standby 2 authentication md5 key-string FOO R3(config)#interface FastEthernet 0/1 R3(config-if)#standby 2 authentication md5 key-string FOO
設定終了後、HSRPが確立されている事を確認します。
R3#show standby
FastEthernet0/0 - Group 1
State is Active
5 state changes, last state change 00:08:29
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.336 secs
Authentication text "HOGE"
Preemption enabled, delay min 30 secs
Active router is local
Standby router is 192.168.1.2, priority 140 (expires in 9.412 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/0-1" (default)
FastEthernet0/1 - Group 2
State is Active
5 state changes, last state change 00:09:57
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 2.720 secs
Authentication MD5, key-string "FOO"
Preemption enabled, delay min 30 secs
Active router is local
Standby router is unknown
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/1-2" (default)
R3#
7. [検証] timerの定義
7.1. timerの定義
以下の要領で、timerを定義する事ができます。以下は、helloを1秒、holdを3秒とする設定です。
R2(config)#interface FastEthernet 0/0 R2(config-if)#standby 1 timers 1 3 R3(config)#interface FastEthernet 0/0 R3(config-if)#standby 1 timers 1 3
設定が反映された事を確認します。
R3#show standby
R3#show standby
FastEthernet0/0 - Group 1
State is Active
5 state changes, last state change 00:11:24
Virtual IP address is 192.168.1.254
Active virtual MAC address is 0000.0c07.ac01
Local virtual MAC address is 0000.0c07.ac01 (v1 default)
Hello time 1 sec, hold time 3 sec <- timerを確認する事ができます。
Next hello sent in 0.612 secs
Authentication text "HOGE"
Preemption enabled, delay min 30 secs
Active router is local
Standby router is 192.168.1.2, priority 140 (expires in 2.724 sec)
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/0-1" (default)
FastEthernet0/1 - Group 2
State is Active
5 state changes, last state change 00:12:52
Virtual IP address is 192.168.2.254
Active virtual MAC address is 0000.0c07.ac02
Local virtual MAC address is 0000.0c07.ac02 (v1 default)
Hello time 3 sec, hold time 10 sec
Next hello sent in 1.968 secs
Authentication MD5, key-string "FOO"
Preemption enabled, delay min 30 secs
Active router is local
Standby router is unknown
Priority 150 (configured 150)
IP redundancy name is "hsrp-Fa0/1-2" (default)
R3#
添付ファイル
