VRRP与HSRP的区别 一
2010-05-14 15:23
369 查看
1、HSRP不支持将真实的接口地址,设置为虚拟的网关地址,而VRRP支持
在功能上,VRRP和HSRP非常相似,但是就安全而言,VRRP对
HSRP的一个主要优势:它允许参与VRRP组的设备间建立认证机制.并且,不像HSRP那样要求虚拟路由器不能是其中一个路由器的ip地址,但是
VRRP允许这种情况发生(如果”拥有”虚拟路由器地址的路由器被建立并且正在运行,那么应该总是由这个虚拟路由器管理—等价于HSRP中的活动路由
器),但是为了确保万一失效发生的时候终端主机不必重新学习MAC地址,它指定使用的MAC地址00-00-5e-00-01-VRID,这里的VRID
是虚拟路由器的ID(等价于一个HSRP的组标识符).
泰克网络技术论坛【我们一起努力】%K d D S /(x T
2.另外一个不同是VRRP不使用HSRP中的政变或者一个等价消息,VRRP的状态机比HSRP的要简单,HSRP有6
个状态(初始(Initial)状态,学习(Learn)状态,监听(Listen)状态,对话(Speak)状态,备份(Standby)状态,活动
(Active)状态)和8个事件,
VRRP只有3个状态(初始状态(Initialize)、主状态(Master)、备份状态(Backup))和5个事件.
CCIE培训,CCNA培训,CCNP培训,
上海CCNA培训,上海CCNP培训,上海CCIE培训7T+[ } } o A
3. HSRP有三种报文,而且有三种状态可以发送报文
呼叫(Hello)报文,告辞(Resign)报文,突变(Coup)报文
bbs.tech-lab.cn
z/f6z j
a w+U l
VRRP有一种报文CCIE培
训,CCNA培训,CCNP培训,上海CCNA培训,上海CCNP培训,上海CCIE培训 p-_ {5E P:]
VRRP广播报文:由主路由器定时发出来通告它的存在,使用这些报文可以检测虚拟路由器各种参数,还可以用于主路由器的选举。
4. HSRP将报文承载在UDP报文上,而VRRP承载在TCP报文上(HSRP 使用UDP 1985端口,向组播地址224.0.0.2
发送hello消息。)CISCO
技术,CCIE认证交流,CCNP认证交流,CCNA认证交流,f g } ^:W+G)G C ?
5.VRRP的安全:VRRP协议包括三种主要的认证方式:无认证,简单的明文密码和使用 MD5 HMAC ip认证的强认证.
强认证方法使用IP认证头(AH)协议.AH是与用在IPSEC中相同的协议,AH为认证VRRP分组中的内容和分组头提供了一个方法. MD5
HMAC 的使用表明使用一个共享的密钥用于产生hash值.路由器发送一个VRRP分组产生MD5
hash值,并将它置于要发送的通告中,在接收时,接受方使用相同的密钥和MD5值,重新计算分组内容和分组头的hash值,如果结果相同,这个消息就是
真正来自于一个可信赖的主机,如果不相同,它必须丢弃,这可以防止攻击者通过访问LAN而发出能影响选择过程的通告消息或者其他一些方法中断网络.CCIE
培训,CCNP培训,CCNA培训:] j w#C4| I t Z
另外,VRRP包括一个保护VRRP分组不会被另外一个远程网络添加内容的机制(设置TTL值=255,并在接受时检查),这限制了可以进行本地攻击的大
部分缺陷.而另一方面,HSRP在它的消息中使用的TTL值是1. V9y7Z N g!Y1p0a
6.VRRP的崩溃间隔时间:3*通告间隔+时滞时间(skew-time)
以上是网上搜索出来的东东,下面通过实验来验证看看,拓扑如下:
下面我们通过实验来做一些验证
hos R1
in e1/0
ip add 172.16.12.1 255.255.255.0
no sh
int e1/1
ip add 172.16.13.1 255.255.255.0
no sh
hos R2
in e1/0
ip add 172.16.23.1 255.255.255.0
no sh
int e1/1
ip add 172.16.12.2 255.255.255.0
no sh
hos R3
in e1/0
ip add 172.16.13.2 255.255.255.0
no sh
int e1/1
ip add 172.16.23.2 255.255.255.0
no sh-----然后在每个路由器上开起debug ip pa de 和 debug stand event
OK,下面开始,首先验证下HSRP是否支持真实IP设为虚拟路由器的IP,
R2上E1/0接口下打入:
R2(config-if)#standby 23 ip 172.16.23.1
% address cannot equal interface IP address,显然不支持,OK,接下来就来看看hsrp的工作过程,
R2(config-if)#standby 23 ip 172.16.23.254
*Mar 1 00:50:01.431: HSRP: Et1/0 Grp 23 Disabled -> Init
*Mar 1 00:50:01.431: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Disabled -> Init
*Mar 1 00:50:11.439: HSRP: Et1/0 Interface up
*Mar 1 00:50:11.439: HSRP: Et1/0 Starting minimum interface delay (1
secs)
*Mar 1 00:50:12.471: HSRP: Et1/0 Interface min delay expired
*Mar 1 00:50:12.471: HSRP: Et1/0 Grp 23 Init: a/HSRP enabled
*Mar 1 00:50:12.471: HSRP: Et1/0 Grp 23 Init -> Listen
*Mar 1 00:50:12.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Init -> Backup
*Mar 1 00:50:12.471: IP: s=172.16.23.1 (local), d=224.0.0.2
(Ethernet1/0), len 44, sending
broad/multicast--------------说明HSRP通过组播的方式来通讯,
*Mar 1 00:50:12.471: UDP src=1985,
dst=1985---------------承载在UDP包上,端口1985
*Mar 1 00:50:22.471: HSRP: Et1/0 Grp 23 Listen: c/Active timer expired
(unknown)
*Mar 1 00:50:22.471: HSRP: Et1/0 Grp 23 Listen -> Speak
*Mar 1 00:50:22.475: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Backup -> Speak
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Speak: d/Standby timer expired
(unknown)
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby router is local
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Speak -> Standby
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Speak -> Standby
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby: c/Active timer
expired (unknown)
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Active router is local
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby router is unknown, was
local
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby -> Active
*Mar 1 00:50:32.471: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state
Standby -> Active
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Standby -> Active
*Mar 1 00:50:35.471: HSRP: Et1/0 Grp 23 Redundancy group hsrp-Et1/0-23
state Active -> Active
*Mar 1 00:50:38.471: HSRP: Et1/0 Grp 23 Redundancy group hsrp-Et1/0-23
state Active ->
小插曲,我此时在R2和R3上都无法ping通172.16.23.254,大家猜猜是为什么?呵呵。
R2(config-if)#standby 23 preempt
R2(config-if)#standby 23 track ethernet 1/1,此时的debug 信息输出如下:
*Mar 1 01:09:10.979: HSRP: Et1/0 Grp
23 Track "Ethernet1/1" create interface object
*Mar 1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 add, decrement
10------------这个decrement value可调,默认10
*Mar 1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 Start tracking
*Mar 1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 link id 1
*Mar 1 01:09:11.627: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:09:14.631: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:09:17.635: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:09:20.639: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:09:23.639: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254-----怎么是3秒?记得是2秒啊
我在R3上R3(config-if)# standby 23 ip 172.16.23.254
*Mar 1 01:16:12.387: HSRP: Et1/1 API MAC address update
*Mar 1 01:16:12.391: HSRP: Et1/1 Grp 23 Disabled -> Init
*Mar 1 01:16:12.391: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Disabled -> Init
*Mar 1 01:16:22.395: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:22.399: HSRP: Et1/1 Grp 23 Active router is 172.16.23.1
*Mar 1 01:16:22.399: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:22.403: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:22.407: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:22.411: HSRP: Et1/1 Interface up
*Mar 1 01:16:22.411: HSRP: Et1/1 Starting minimum interface delay (1
secs)
*Mar 1 01:16:23.411: HSRP: Et1/1 Interface min delay expired
*Mar 1 01:16:23.411: HSRP: Et1/1 Grp 23 Init: a/HSRP enabled
*Mar 1 01:16:23.411: HSRP: Et1/1 Grp 23 Init -> Listen
*Mar 1 01:16:23.411: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Init -> Backup
*Mar 1 01:16:23.411: HSRP: Et1/1 Redirect adv out, Passive, active 0
passive 1
*Mar 1 01:16:25.315: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:28.335: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:31.315: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:33.411: HSRP: Et1/1 Grp 23 Listen: d/Standby timer
expired (unknown)
*Mar 1 01:16:33.411: HSRP: Et1/1 Grp 23 Listen -> Speak
*Mar 1 01:16:33.415: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Backup -> Speak
*Mar 1 01:16:33.415: HSRP: Et1/1 Grp 23 Hello out 172.16.23.2
Speak pri 100 vIP 172.16.23.254
*Mar 1 01:16:34.315: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:36.419: HSRP: Et1/1 Grp 23 Hello out 172.16.23.2
Speak pri 100 vIP 172.16.23.254
*Mar 1 01:16:37.315: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:39.423: HSRP: Et1/1 Grp 23 Hello out 172.16.23.2
Speak pri 100 vIP 172.16.23.254
*Mar 1 01:16:40.395: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:42.427: HSRP: Et1/1 Grp 23 Hello out 172.16.23.2
Speak pri 100 vIP 172.16.23.254
*Mar 1 01:16:43.355: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:43.411: HSRP: Et1/1 Grp 23 Speak: d/Standby timer expired
(unknown)
*Mar 1 01:16:43.411: HSRP: Et1/1 Grp 23 Standby router is local
*Mar 1 01:16:43.415: HSRP: Et1/1 Grp 23 Speak -> Standby
*Mar 1 01:16:43.415: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Speak -> Standby
调低R3的pri值为95,下面来试试track功能好不好用,R2的先,shut掉E1/1
*Mar 1 01:29:12.435: HSRP: Et1/0 Grp 23 Track 1 object changed, state
Up -> Down
*Mar 1 01:29:12.439: HSRP: Et1/0 Grp 23 Priority 100 ->
90--------------不会吧 难道down掉了仅仅是把pri降低10吗?
*Mar 1 01:29:12.663: HSRP: Et1/0 Grp 23 Hello in 172.16.23.2
Standby pri 150 vIP 172.16.23.254
*Mar 1 01:29:12.791: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 90 vIP 172.16.23.254
-----------晕死,发现问题,只在R2上打了preemt,没在R3上打,加上后debug 信息马上输出
R3(config-if)#
*Mar 1 01:51:44.359: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 90 vIP 172.16.23.254
*Mar 1 01:51:44.363: HSRP: Et1/1 Grp 23 Standby: h/Hello rcvd from
lower pri Active router (90/172.16.23.1)
*Mar 1 01:51:44.367: HSRP: Et1/1 Grp 23 Active router is local, was
172.16.23.1
*Mar 1 01:51:44.367: HSRP: Et1/1 Grp 23 Standby router is unknown, was
local
*Mar 1 01:51:44.371: HSRP: Et1/1 Redirect adv out, Active, active 1
passive 2
*Mar 1 01:51:44.371: HSRP: Et1/1 Grp 23 Coup out 172.16.23.2
Standby pri 95 vIP 172.16.23.254
*Mar 1 01:51:44.375: HSRP: Et1/1 Grp 23 Standby -> Active
*Mar 1 01:51:44.375: %HSRP-6-STATECHANGE: Ethernet1/1 Grp 23 state
Standby -> Active
*Mar 1 01:51:44.375: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Standby -> Active
再把被track的口no sh,R2上debug 信息输出如下
R2(config-if)#
*Mar 1 01:55:43.075: HSRP: Et1/0 Grp 23 Hello in 172.16.23.2
Active pri 95 vIP 172.16.23.254
*Mar 1 01:55:43.259: HSRP: Et1/0 API 172.16.12.2 is not an HSRP
address
*Mar 1 01:55:43.259: HSRP: Et1/1 API 172.16.12.2 is not an HSRP
address
*Mar 1 01:55:43.267: HSRP: Et1/1 API MAC address update
*Mar 1 01:55:43.271: HSRP: Et1/1 API Software interface coming up
*Mar 1 01:55:43.275: HSRP: Et1/1 Interface up
*Mar 1 01:55:43.275: HSRP: Et1/1 Starting minimum interface delay (1
secs)
*Mar 1 01:55:43.279: HSRP: Et1/1 API Software interface coming up
*Mar 1 01:55:43.691: HSRP: Et1/0 Grp 23 Track 1 object changed, state
Down -> Up
*Mar 1 01:55:43.695: HSRP: Et1/0 Grp 23 Priority 90 -> 100
*Mar 1 01:55:43.695: HSRP: Et1/1 Grp 0 Track 1 object changed, state
Down -> Up
*Mar 1 01:55:43.699: HSRP: Et1/1 Grp 0 Priority 90 -> 100
*Mar 1 01:55:43.955: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Standby pri 100 vIP 172.16.23.254
*Mar 1 01:55:44.275: HSRP: Et1/1 Interface min delay expired
*Mar 1 01:55:45.263: %LINK-3-UPDOWN: Interface Ethernet1/1, changed
state to up
*Mar 1 01:55:45.267: HSRP: API Hardware state change
*Mar 1 01:55:46.075: HSRP: Et1/0 Grp 23 Hello in 172.16.23.2
Active pri 95 vIP 172.16.23.254
*Mar 1 01:55:46.079: HSRP: Et1/0 Grp 23 Standby: h/Hello rcvd from
lower pri Active router (95/172.16.23.2)
*Mar 1 01:55:46.083: HSRP: Et1/0 Grp 23 Active router is local, was
172.16.23.2
*Mar 1 01:55:46.083: HSRP: Et1/0 Grp 23 Standby router is unknown, was
local
*Mar 1 01:55:46.087: HSRP: Et1/0 Redirect adv out, Active, active 1
passive 2
*Mar 1 01:55:46.087: HSRP: Et1/0 Grp 23 Coup out 172.16.23.1
Standby pri 100 vIP 172.16.23.254
*Mar 1 01:55:46.091: HSRP: Et1/0 Grp 23 Standby -> Active
*Mar 1 01:55:46.095: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state
Standby -> Active
*Mar 1 01:55:46.095: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Standby -> Active
*Mar 1 01:55:46.099: HSRP: Et1/0 Redirect adv out, Active, active 1
passive 1
*Mar 1 01:55:46.099: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:55:46.135: HSRP: Et1/0 Grp 23 Hello in 172.16.23.2
Speak pri 95 vIP 172.16.23.254
再把R2与R3互联的接口down掉,debug输出如下:
R2(config-if)#
*Mar 1 02:03:16.167: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 02:03:16.647: HSRP: Et1/0 API Software interface going down
*Mar 1 02:03:16.651: HSRP: Et1/0 API Software interface going down
*Mar 1 02:03:16.651: HSRP: Et1/0 Interface down
*Mar 1 02:03:16.651: HSRP: Et1/0 Grp 23 Active: b/HSRP disabled
*Mar 1 02:03:16.655: HSRP: Et1/0 Grp 23 Active router is unknown, was
local
*Mar 1 02:03:16.655: HSRP: Et1/0 Grp 23 Standby router is unknown, was
172.16.23.2
*Mar 1 02:03:16.659: HSRP: Et1/0 Grp 23 Resign out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 02:03:16.663: HSRP: Et1/0 Grp 23 Active -> Init
*Mar 1 02:03:16.663: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state
Active -> Init
*Mar 1 02:03:16.667: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Active -> Init
*Mar 1 02:03:16.667: HSRP: Et1/0 Redirect adv out, Passive, active 0
passive 1
*Mar 1 02:03:16.671: HSRP: Et1/0 Grp 23 Resign out 172.16.23.1
Init pri 100 vIP 172.16.23.254
*Mar 1 02:03:16.679: %OSPF-5-ADJCHG: Process 100, Nbr 172.16.23.2 on
Ethernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 02:03:16.679: HSRP: Et1/0 API Add active HSRP addresses to ARP
table
*Mar 1 02:03:18.647: %LINK-5-CHANGED: Interface Ethernet1/0, changed
state to administratively down
*Mar 1 02:03:18.647: HSRP: API Hardware state change
*Mar 1 02:03:19.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet1/0, changed state to down
*Mar 1 02:03:45.147: HSRP: Et1/0 Redirect adv out, Passive, active 0
passive 1
此时,R3,*Mar 1 02:03:21.655:
%HSRP-6-STATECHANGE: Ethernet1/1 Grp 23 state Standby -> Active
无忧网客联盟专业讨论网络技术,CCNA
文章转载至http://bbs.net527.cn
无忧linux时代
在功能上,VRRP和HSRP非常相似,但是就安全而言,VRRP对
HSRP的一个主要优势:它允许参与VRRP组的设备间建立认证机制.并且,不像HSRP那样要求虚拟路由器不能是其中一个路由器的ip地址,但是
VRRP允许这种情况发生(如果”拥有”虚拟路由器地址的路由器被建立并且正在运行,那么应该总是由这个虚拟路由器管理—等价于HSRP中的活动路由
器),但是为了确保万一失效发生的时候终端主机不必重新学习MAC地址,它指定使用的MAC地址00-00-5e-00-01-VRID,这里的VRID
是虚拟路由器的ID(等价于一个HSRP的组标识符).
泰克网络技术论坛【我们一起努力】%K d D S /(x T
2.另外一个不同是VRRP不使用HSRP中的政变或者一个等价消息,VRRP的状态机比HSRP的要简单,HSRP有6
个状态(初始(Initial)状态,学习(Learn)状态,监听(Listen)状态,对话(Speak)状态,备份(Standby)状态,活动
(Active)状态)和8个事件,
VRRP只有3个状态(初始状态(Initialize)、主状态(Master)、备份状态(Backup))和5个事件.
CCIE培训,CCNA培训,CCNP培训,
上海CCNA培训,上海CCNP培训,上海CCIE培训7T+[ } } o A
3. HSRP有三种报文,而且有三种状态可以发送报文
呼叫(Hello)报文,告辞(Resign)报文,突变(Coup)报文
bbs.tech-lab.cn
z/f6z j
a w+U l
VRRP有一种报文CCIE培
训,CCNA培训,CCNP培训,上海CCNA培训,上海CCNP培训,上海CCIE培训 p-_ {5E P:]
VRRP广播报文:由主路由器定时发出来通告它的存在,使用这些报文可以检测虚拟路由器各种参数,还可以用于主路由器的选举。
4. HSRP将报文承载在UDP报文上,而VRRP承载在TCP报文上(HSRP 使用UDP 1985端口,向组播地址224.0.0.2
发送hello消息。)CISCO
技术,CCIE认证交流,CCNP认证交流,CCNA认证交流,f g } ^:W+G)G C ?
5.VRRP的安全:VRRP协议包括三种主要的认证方式:无认证,简单的明文密码和使用 MD5 HMAC ip认证的强认证.
强认证方法使用IP认证头(AH)协议.AH是与用在IPSEC中相同的协议,AH为认证VRRP分组中的内容和分组头提供了一个方法. MD5
HMAC 的使用表明使用一个共享的密钥用于产生hash值.路由器发送一个VRRP分组产生MD5
hash值,并将它置于要发送的通告中,在接收时,接受方使用相同的密钥和MD5值,重新计算分组内容和分组头的hash值,如果结果相同,这个消息就是
真正来自于一个可信赖的主机,如果不相同,它必须丢弃,这可以防止攻击者通过访问LAN而发出能影响选择过程的通告消息或者其他一些方法中断网络.CCIE
培训,CCNP培训,CCNA培训:] j w#C4| I t Z
另外,VRRP包括一个保护VRRP分组不会被另外一个远程网络添加内容的机制(设置TTL值=255,并在接受时检查),这限制了可以进行本地攻击的大
部分缺陷.而另一方面,HSRP在它的消息中使用的TTL值是1. V9y7Z N g!Y1p0a
6.VRRP的崩溃间隔时间:3*通告间隔+时滞时间(skew-time)
以上是网上搜索出来的东东,下面通过实验来验证看看,拓扑如下:
下面我们通过实验来做一些验证
hos R1
in e1/0
ip add 172.16.12.1 255.255.255.0
no sh
int e1/1
ip add 172.16.13.1 255.255.255.0
no sh
hos R2
in e1/0
ip add 172.16.23.1 255.255.255.0
no sh
int e1/1
ip add 172.16.12.2 255.255.255.0
no sh
hos R3
in e1/0
ip add 172.16.13.2 255.255.255.0
no sh
int e1/1
ip add 172.16.23.2 255.255.255.0
no sh-----然后在每个路由器上开起debug ip pa de 和 debug stand event
OK,下面开始,首先验证下HSRP是否支持真实IP设为虚拟路由器的IP,
R2上E1/0接口下打入:
R2(config-if)#standby 23 ip 172.16.23.1
% address cannot equal interface IP address,显然不支持,OK,接下来就来看看hsrp的工作过程,
R2(config-if)#standby 23 ip 172.16.23.254
*Mar 1 00:50:01.431: HSRP: Et1/0 Grp 23 Disabled -> Init
*Mar 1 00:50:01.431: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Disabled -> Init
*Mar 1 00:50:11.439: HSRP: Et1/0 Interface up
*Mar 1 00:50:11.439: HSRP: Et1/0 Starting minimum interface delay (1
secs)
*Mar 1 00:50:12.471: HSRP: Et1/0 Interface min delay expired
*Mar 1 00:50:12.471: HSRP: Et1/0 Grp 23 Init: a/HSRP enabled
*Mar 1 00:50:12.471: HSRP: Et1/0 Grp 23 Init -> Listen
*Mar 1 00:50:12.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Init -> Backup
*Mar 1 00:50:12.471: IP: s=172.16.23.1 (local), d=224.0.0.2
(Ethernet1/0), len 44, sending
broad/multicast--------------说明HSRP通过组播的方式来通讯,
*Mar 1 00:50:12.471: UDP src=1985,
dst=1985---------------承载在UDP包上,端口1985
*Mar 1 00:50:22.471: HSRP: Et1/0 Grp 23 Listen: c/Active timer expired
(unknown)
*Mar 1 00:50:22.471: HSRP: Et1/0 Grp 23 Listen -> Speak
*Mar 1 00:50:22.475: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Backup -> Speak
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Speak: d/Standby timer expired
(unknown)
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby router is local
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Speak -> Standby
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Speak -> Standby
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby: c/Active timer
expired (unknown)
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Active router is local
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby router is unknown, was
local
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Standby -> Active
*Mar 1 00:50:32.471: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state
Standby -> Active
*Mar 1 00:50:32.471: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Standby -> Active
*Mar 1 00:50:35.471: HSRP: Et1/0 Grp 23 Redundancy group hsrp-Et1/0-23
state Active -> Active
*Mar 1 00:50:38.471: HSRP: Et1/0 Grp 23 Redundancy group hsrp-Et1/0-23
state Active ->
小插曲,我此时在R2和R3上都无法ping通172.16.23.254,大家猜猜是为什么?呵呵。
R2(config-if)#standby 23 preempt
R2(config-if)#standby 23 track ethernet 1/1,此时的debug 信息输出如下:
*Mar 1 01:09:10.979: HSRP: Et1/0 Grp
23 Track "Ethernet1/1" create interface object
*Mar 1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 add, decrement
10------------这个decrement value可调,默认10
*Mar 1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 Start tracking
*Mar 1 01:09:10.979: HSRP: Et1/0 Grp 23 Track 1 link id 1
*Mar 1 01:09:11.627: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:09:14.631: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:09:17.635: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:09:20.639: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:09:23.639: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254-----怎么是3秒?记得是2秒啊
我在R3上R3(config-if)# standby 23 ip 172.16.23.254
*Mar 1 01:16:12.387: HSRP: Et1/1 API MAC address update
*Mar 1 01:16:12.391: HSRP: Et1/1 Grp 23 Disabled -> Init
*Mar 1 01:16:12.391: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Disabled -> Init
*Mar 1 01:16:22.395: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:22.399: HSRP: Et1/1 Grp 23 Active router is 172.16.23.1
*Mar 1 01:16:22.399: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:22.403: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:22.407: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:22.411: HSRP: Et1/1 Interface up
*Mar 1 01:16:22.411: HSRP: Et1/1 Starting minimum interface delay (1
secs)
*Mar 1 01:16:23.411: HSRP: Et1/1 Interface min delay expired
*Mar 1 01:16:23.411: HSRP: Et1/1 Grp 23 Init: a/HSRP enabled
*Mar 1 01:16:23.411: HSRP: Et1/1 Grp 23 Init -> Listen
*Mar 1 01:16:23.411: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Init -> Backup
*Mar 1 01:16:23.411: HSRP: Et1/1 Redirect adv out, Passive, active 0
passive 1
*Mar 1 01:16:25.315: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:28.335: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:31.315: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:33.411: HSRP: Et1/1 Grp 23 Listen: d/Standby timer
expired (unknown)
*Mar 1 01:16:33.411: HSRP: Et1/1 Grp 23 Listen -> Speak
*Mar 1 01:16:33.415: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Backup -> Speak
*Mar 1 01:16:33.415: HSRP: Et1/1 Grp 23 Hello out 172.16.23.2
Speak pri 100 vIP 172.16.23.254
*Mar 1 01:16:34.315: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:36.419: HSRP: Et1/1 Grp 23 Hello out 172.16.23.2
Speak pri 100 vIP 172.16.23.254
*Mar 1 01:16:37.315: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:39.423: HSRP: Et1/1 Grp 23 Hello out 172.16.23.2
Speak pri 100 vIP 172.16.23.254
*Mar 1 01:16:40.395: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:42.427: HSRP: Et1/1 Grp 23 Hello out 172.16.23.2
Speak pri 100 vIP 172.16.23.254
*Mar 1 01:16:43.355: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:16:43.411: HSRP: Et1/1 Grp 23 Speak: d/Standby timer expired
(unknown)
*Mar 1 01:16:43.411: HSRP: Et1/1 Grp 23 Standby router is local
*Mar 1 01:16:43.415: HSRP: Et1/1 Grp 23 Speak -> Standby
*Mar 1 01:16:43.415: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Speak -> Standby
调低R3的pri值为95,下面来试试track功能好不好用,R2的先,shut掉E1/1
*Mar 1 01:29:12.435: HSRP: Et1/0 Grp 23 Track 1 object changed, state
Up -> Down
*Mar 1 01:29:12.439: HSRP: Et1/0 Grp 23 Priority 100 ->
90--------------不会吧 难道down掉了仅仅是把pri降低10吗?
*Mar 1 01:29:12.663: HSRP: Et1/0 Grp 23 Hello in 172.16.23.2
Standby pri 150 vIP 172.16.23.254
*Mar 1 01:29:12.791: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 90 vIP 172.16.23.254
-----------晕死,发现问题,只在R2上打了preemt,没在R3上打,加上后debug 信息马上输出
R3(config-if)#
*Mar 1 01:51:44.359: HSRP: Et1/1 Grp 23 Hello in 172.16.23.1
Active pri 90 vIP 172.16.23.254
*Mar 1 01:51:44.363: HSRP: Et1/1 Grp 23 Standby: h/Hello rcvd from
lower pri Active router (90/172.16.23.1)
*Mar 1 01:51:44.367: HSRP: Et1/1 Grp 23 Active router is local, was
172.16.23.1
*Mar 1 01:51:44.367: HSRP: Et1/1 Grp 23 Standby router is unknown, was
local
*Mar 1 01:51:44.371: HSRP: Et1/1 Redirect adv out, Active, active 1
passive 2
*Mar 1 01:51:44.371: HSRP: Et1/1 Grp 23 Coup out 172.16.23.2
Standby pri 95 vIP 172.16.23.254
*Mar 1 01:51:44.375: HSRP: Et1/1 Grp 23 Standby -> Active
*Mar 1 01:51:44.375: %HSRP-6-STATECHANGE: Ethernet1/1 Grp 23 state
Standby -> Active
*Mar 1 01:51:44.375: HSRP: Et1/1 Grp 23 Redundancy "hsrp-Et1/1-23"
state Standby -> Active
再把被track的口no sh,R2上debug 信息输出如下
R2(config-if)#
*Mar 1 01:55:43.075: HSRP: Et1/0 Grp 23 Hello in 172.16.23.2
Active pri 95 vIP 172.16.23.254
*Mar 1 01:55:43.259: HSRP: Et1/0 API 172.16.12.2 is not an HSRP
address
*Mar 1 01:55:43.259: HSRP: Et1/1 API 172.16.12.2 is not an HSRP
address
*Mar 1 01:55:43.267: HSRP: Et1/1 API MAC address update
*Mar 1 01:55:43.271: HSRP: Et1/1 API Software interface coming up
*Mar 1 01:55:43.275: HSRP: Et1/1 Interface up
*Mar 1 01:55:43.275: HSRP: Et1/1 Starting minimum interface delay (1
secs)
*Mar 1 01:55:43.279: HSRP: Et1/1 API Software interface coming up
*Mar 1 01:55:43.691: HSRP: Et1/0 Grp 23 Track 1 object changed, state
Down -> Up
*Mar 1 01:55:43.695: HSRP: Et1/0 Grp 23 Priority 90 -> 100
*Mar 1 01:55:43.695: HSRP: Et1/1 Grp 0 Track 1 object changed, state
Down -> Up
*Mar 1 01:55:43.699: HSRP: Et1/1 Grp 0 Priority 90 -> 100
*Mar 1 01:55:43.955: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Standby pri 100 vIP 172.16.23.254
*Mar 1 01:55:44.275: HSRP: Et1/1 Interface min delay expired
*Mar 1 01:55:45.263: %LINK-3-UPDOWN: Interface Ethernet1/1, changed
state to up
*Mar 1 01:55:45.267: HSRP: API Hardware state change
*Mar 1 01:55:46.075: HSRP: Et1/0 Grp 23 Hello in 172.16.23.2
Active pri 95 vIP 172.16.23.254
*Mar 1 01:55:46.079: HSRP: Et1/0 Grp 23 Standby: h/Hello rcvd from
lower pri Active router (95/172.16.23.2)
*Mar 1 01:55:46.083: HSRP: Et1/0 Grp 23 Active router is local, was
172.16.23.2
*Mar 1 01:55:46.083: HSRP: Et1/0 Grp 23 Standby router is unknown, was
local
*Mar 1 01:55:46.087: HSRP: Et1/0 Redirect adv out, Active, active 1
passive 2
*Mar 1 01:55:46.087: HSRP: Et1/0 Grp 23 Coup out 172.16.23.1
Standby pri 100 vIP 172.16.23.254
*Mar 1 01:55:46.091: HSRP: Et1/0 Grp 23 Standby -> Active
*Mar 1 01:55:46.095: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state
Standby -> Active
*Mar 1 01:55:46.095: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Standby -> Active
*Mar 1 01:55:46.099: HSRP: Et1/0 Redirect adv out, Active, active 1
passive 1
*Mar 1 01:55:46.099: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 01:55:46.135: HSRP: Et1/0 Grp 23 Hello in 172.16.23.2
Speak pri 95 vIP 172.16.23.254
再把R2与R3互联的接口down掉,debug输出如下:
R2(config-if)#
*Mar 1 02:03:16.167: HSRP: Et1/0 Grp 23 Hello out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 02:03:16.647: HSRP: Et1/0 API Software interface going down
*Mar 1 02:03:16.651: HSRP: Et1/0 API Software interface going down
*Mar 1 02:03:16.651: HSRP: Et1/0 Interface down
*Mar 1 02:03:16.651: HSRP: Et1/0 Grp 23 Active: b/HSRP disabled
*Mar 1 02:03:16.655: HSRP: Et1/0 Grp 23 Active router is unknown, was
local
*Mar 1 02:03:16.655: HSRP: Et1/0 Grp 23 Standby router is unknown, was
172.16.23.2
*Mar 1 02:03:16.659: HSRP: Et1/0 Grp 23 Resign out 172.16.23.1
Active pri 100 vIP 172.16.23.254
*Mar 1 02:03:16.663: HSRP: Et1/0 Grp 23 Active -> Init
*Mar 1 02:03:16.663: %HSRP-6-STATECHANGE: Ethernet1/0 Grp 23 state
Active -> Init
*Mar 1 02:03:16.667: HSRP: Et1/0 Grp 23 Redundancy "hsrp-Et1/0-23"
state Active -> Init
*Mar 1 02:03:16.667: HSRP: Et1/0 Redirect adv out, Passive, active 0
passive 1
*Mar 1 02:03:16.671: HSRP: Et1/0 Grp 23 Resign out 172.16.23.1
Init pri 100 vIP 172.16.23.254
*Mar 1 02:03:16.679: %OSPF-5-ADJCHG: Process 100, Nbr 172.16.23.2 on
Ethernet1/0 from FULL to DOWN, Neighbor Down: Interface down or detached
*Mar 1 02:03:16.679: HSRP: Et1/0 API Add active HSRP addresses to ARP
table
*Mar 1 02:03:18.647: %LINK-5-CHANGED: Interface Ethernet1/0, changed
state to administratively down
*Mar 1 02:03:18.647: HSRP: API Hardware state change
*Mar 1 02:03:19.647: %LINEPROTO-5-UPDOWN: Line protocol on Interface
Ethernet1/0, changed state to down
*Mar 1 02:03:45.147: HSRP: Et1/0 Redirect adv out, Passive, active 0
passive 1
此时,R3,*Mar 1 02:03:21.655:
%HSRP-6-STATECHANGE: Ethernet1/1 Grp 23 state Standby -> Active
无忧网客联盟专业讨论网络技术,CCNA
CCNP
CCIE
CCSP
文章转载至http://bbs.net527.cn
无忧网客联盟
无忧linux时代
内容来自用户分享和网络整理,不保证内容的准确性,如有侵权内容,可联系管理员处理 
相关文章推荐
- hsrp和vrrp的区别(简)
- HSRP与VRRP的区别
- HSRP VRRP GLBP区别
- 热备份路由协议中思科HSRP与华为VRRP的配置实例及区别
- HSRP.VRRP.GLBP-介绍和区别
- HSRP与VRRP的区别
- VRRP原理、HSRP原理及二者的区别
- VRRP原理、HSRP原理及二者的区别
- hsrp和vrrp的区别
- HSRP与VRRP的区别
- HSRP与VRRP的区别
- VRRP与HSRP的区别
- hsrp和vrrp的区别(简)
- HSRP.VRRP.GLBP介绍和区别
- VRRP与HSRP的区别
- VRRP和HSRP的区别:
- VRRP原理、HSRP原理及二者的区别
- VRRP工作原理及与HSRP的区别
- VRRP和HSRP 及之间的区别(精)
- HSRP与VRRP以及GLBP区别