当前位置: 首页 > news >正文

旁挂组网负载分担组网场景实验

news 来源:原创 2025/6/8 21:32:44

旁挂组网负载分担组网场景实验

一、拓扑

在这里插入图片描述

二、需求

1、SW3的流量

正常情况下:SW1_VRF-->FW1--->SW1_Public--->R5

故障情况下:SW2_VRF-->FW2--->SW2_Public--->R6

2、SW4的流量

正常情况下:SW2_VRF-->FW2--->SW2_Public--->R6

故障情况下:SW1_VRF-->FW1--->SW1_Public--->R5

3、交换网络负载均衡

三、分析

在这里插入图片描述

四、配置

二层交换网络

在这里插入图片描述

使用传统三层架构中MSTP+VRRP组网形式

VLAN 2--->SW3,SW4作为备份
VLAN 3--->SW4,SW3作为备份
MSTP设计--->SW3、4、5运行

实例1:VLAN 2
实例2:VLAN 3

SW3是实例1的主根,实例2的备份根;
SW4是实例2的主根,实例1的备份根

IP地址规划:
SW3:
VLAN 2:192.168.2.1/24
VLAN 3:192.168.3.1/24

SW4:
VLAN 2:192.168.2.2/24
VLAN 3:192.168.3.2/24

虚拟IP:
VLAN 2:192.168.2.254/24
VLAN 3:192.168.3.254/24
二层交换配置
sw3:
	创建vlan
		vlan batch 2 3
		int g 0/0/3
		port link-type trunk
		port trunk allow-pass  vlan 2 3
		int g 0/0/4
		port link-type trunk
		port trunk allow-pass  vlan 2 3
	生成树配置
		stp enable
		stp mode mstp
		stp region-configuration
		region-name  aa
		instance 1 vlan 2
		instance 2 vlan   3
		active region-configuration
		display  stp  region-configuration
		stp  instance  1  root  primary
		stp  instance  2  root  secondary
		stp  instance  0  root  paimary
		默认设置但不能省略
	IP地址配置
		interface  vlanif   2
		ip ad  192.168.2.1  24
		vrrp  vrid  1  virtual-ip  192.168.2.254
		vrrp  vrid  1  priority   120
		vrrp  vrid  1  preempt-mode  timer   delay  20----抢占延迟
		vrrp  vrid  1  track   interface   g    0/0/1   reduced   15----上行接口监控
		vrrp  vrid  1   track  interface  g  0/0/2   reduced  15---上行接口监控
		interface  vlanif   3
		IP ad  192.168.3.1  24
		vrrp  vrid   1  virtual-ip  192.168.3.254  

sw4
	创建vlan
		vlan batch 2 3
		int g 0/0/3
		port link-type trunk
		port trunk allow-pass  vlan 2 3
		int g 0/0/4
		port link-type trunk
		port trunk allow-pass  vlan 2 3
	生成树配置
		stp enable
		stp mode mstp
		stp region-configuration
		region-name  aa
		instance 1 vlan 2
		instance 2 vlan   3
		active region-configuration
		display  stp  region-configuration
		stp  instance  1  root  secondary
		stp  instance  2  root  primary
		stp  instance  0  root secondary
	IP地址配置
		interface  vlanif   2
		ip ad  192.168.2.2 24
		vrrp  vrid  1  virtual-ip  192.168.2.254
		interface  vlanif   3
		IP ad  192.168.3.2  24
		vrrp  vrid   1  virtual-ip  192.168.3.254  
		vrrp  vrid  1  priority   120
		vrrp  vrid  1  preempt-mode  timer   delay  20

		vrrp  vrid  1  track   interface   g    0/0/1   reduced   15
		vrrp  vrid  1   track  interface  g  0/0/2   reduced  15


sw5
	vlan 配置
		vlan batch  2  3
		int  g  0//0/3
		port  link -type  access
		port  de   vlan  2
		int   g  0/0/4
		po  link  access
		po  de  vlan 3
		int   g   0/0/1
		po link  trunk
		port  trunk  allow-pas  vlan 2  3
		int   g   0/0/2
		po link  trunk
		port  trunk  allow-pas  vlan 2  3
	stp配置
		stp  enable
		stp  mode  mstp
		stp  region-configuration 
		region-name  aa
		instance  1  vlan2
		instance  2  vlan 3
		active  region-configuration
		 dsiplay  stp  brief-----检查配置
汇聚到核心层路由

在这里插入图片描述

SW1-SW2:VLAN 102---10.10.2.0/24
SW1-SW3:VLAN 103---10.10.3.0/24
SW1-SW4:VLAN 104---10.10.4.0/24
SW2-SW3:VLAN 203---10.20.3.0/24
SW2-SW4:VLAN 204---10.20.4.0/24

VRF空间配置信息:
名称:VRF
RD:100:1
RT:100:1

SW3:
主要流量发送给SW1,备份发给SW2
SW4:
主要流量发送给SW2,备份发给SW1

------------------------------------sw3与sw4只需要修改路由的cost值便可满足需求
		
SW1:
192.168.2.0/24--->主要发送给SW3,备份给SW4
192.168.3.0/24--->主要发送给SW4,备份给SW3

SW2:
192.168.2.0/24--->主要发送给SW3,备份给SW4
192.168.3.0/24--->主要发送给SW4,备份给SW3
-------------------------------------------
SW3:
将SW3本地发送的192.168.3.0/24路由的开销值改大
192.168.2.0/24路由开销不变
通过重发布,来调用路由策略
重发布时,不要引入其他路由信息

sw4与sw3对称。
配置
sw3
	创建vlan
		vlan  batch 103  203
		int g 0/0/1
		port link-type access
		port  default  vlan 103
		undo stp enable
		int g 0/0/2
		port link-type access
		port default vlan 203
		stp enable
	配置IP
		interface vlanif 103
		ip ad 10.10.3.3 24
		interface vlanif 203
		ip ad 10.20.3.3 24
	配置OSPF
		ospf 1 router-id 3.3.3.3
		area 0
		network 10.10.3.0 0.0.0.0
		network 10.203.3 0.0.0.0
		network 192.168.2.1 0.0.0.0
		network 192.168.3.1 0.0.0.0
	静默接口
		ospf 1
		silent-interface vlanif 2
		silent-interface vlanif 3

sw4
	创建vlan
		vlan batch 104 204
		int g 0/0/1
		port link-type access
		port default vlan 204
		stp enable
		int g 0/0/2
		port link-type access
		port default vlan 104
		stp enable
	配置IP
		int vlanif 104
		ip ad 10.10.4.4 24
		int vlanif 204
		ip ad 10.20.4.4 24
	配置OSPF
		ospf 1 router-id 4.4.4.4
		area 0
		network 10.10.4.4 0.0.0.0
		network 10.20.4.4 0.0.0.0
		network 192.168.2.2 0.0.0.0
		network 192.168.3.2 0.0.0.0
	静默接口
		ospf 1
		silent-interface vlanif 2
		silent-interface vlanif 3

sw1
	配置VRF
		vpn-target 100:1  both
		router-distinguisher 100:1
		ip vpn-instance VRF
	创建vlan 
		vlan batch 102 103 104
		int g 0/0/5
		port link-type access
		port default vlan 103
		undo stp enable
		int g 0/0/4
		port link-type trunk
		undo port trunk allow-pass vlan 1
		port trunk allow-pass vlan 102
		undo stp enable
		int g 0/0/6
		port link-type access
		port default vlan 104
		undo stp enable
	接口配置
		interface vlanif  102
		ip banding vpn-instance vrf
			将接口划入到VRF此交换机中
			在接口配置之前执行
				不然配置会被清理
		ip ad 10.10.2.1 24
		interface vlanif 103
		ip banding vpn-instance vrf
		ip ad 10.10.3.1 24
		int v 104
		ip banding vpn-instance vrf
		ip ad 10.10.4.1 24

			dis ip routing-table vpn-instance vrf-----查看实例路由

			ping -vpn-instance vrf  10.10.2.1----------测试
	ospf配置
		ospf 1 router-id 1.1.1.1 vpn-instance vrf
		area 0 
		network 10.10.2.1 0.0.0.0
		network  10.10.3.1 0.0.0.0
		network 10.10.4.1 0.0.0.0
		display ospf peer brief----查看邻居

		dis ip routing-table vpn-instance----查看vrf路由


sw2
	配置VRF
		vpn-target 100:1  both
		router-distinguisher 100:1
		ip vpn-instance VRF
	创建vlan 
		vlan batch 102 203 204
		int g 0/0/4
		port link-type trunk
		undo port trunk allow-pass vlan 1
		port trunk allow-pass vlan 102
		undo stp enable
		int g 0/0/5
		port link-type access
		port default vlan 204
		undo stp enable
		port link-type access
		port default vlan 203
		undo stp enable
	接口配置
		interface vlanif  102
		ip banding vpn-instance vrf------将接口划入到VRF此交换机中在接口配置之前执行不然配置会被清理
			
		ip ad 10.10.2.2 24
		interface vlanif 203
		ip banding vpn-instance vrf
		ip ad 10.20.3.2 24
		int v 204
		ip banding vpn-instance vrf
		ip ad 10.20.4.2 24
	ospf配置
		ospf 1 router-id 2.2.2.2 vpn-instance vrf
		area 0 
		network 10.10.2.2 0.0.0.0
		network  10.20.3.2 0.0.0.0
		network 10.20.4.2 0.0.0.0
		dis ospf peer brief

		dis ip routing-table vpn-instance


路由策略:
	sw3
		interface vlanif 203
		ospf  cost 5
		ospf  1
		area 0
		undo network  192.168.2.1 0.0.0.0
		undo network 192.168.3.1 0.0.0.0
		抓流量
			ip ip-prefix aa permit 192.168.3.0 24
			ip ip-prefix bb permit 192.168.2.0 24
		做策略
			router-policy aa permit node 10
			if-match ip-prefix aa
			apply cost 5
			router-policy aa permit node 20
			if-match ip-prefx bb
		调用
			ospf 1 
			import-route direct route-policy aa
	sw4
		interface vlanif 104
		ospf cost 5
		ospf  1
		area 0
		undo network  192.168.2.2 0.0.0.0
		undo network 192.168.3.2 0.0.0.0
		sw3
			抓流量
				ip ip-prefix aa permit 192.168.2.0 24
				ip ip-prefix bb permit 192.168.3.0 24
			做策略
				router-policy aa permit node 10
				if-match ip-prefix aa
				apply cost 5
				router-policy aa permit node 20
				if-match ip-prefx bb
			调用
				ospf 1 
				import-route direct route-policy aa
VRF交换机与防火墙的路由交互

在这里插入图片描述

FW1为主
VRRP备份组1---VRRP备份组5
VRRP备份组3---VRRP备份组7

FW2为主
VRRP备份组2---VRRP备份组6
VRRP备份组4---VRRP备份组8


VRRP备份组1:VRF使用,SW1为Master,SW2为Backup
VLAN 401---10.40.1.0/24
SW1:10.40.1.1/24
SW2:10.40.1.2/24
虚拟地址:10.40.1.100

VRRP备份组2:VRF使用,SW2为Master,SW1为Backup
VLAN 402---10.40.2.0/24
SW1:10.40.2.1/24
SW2:10.40.2.2/24
虚拟地址:10.40.2.100

VRRP备份组3:Public使用,SW1为Master,SW2为Backup
VLAN 403---10.40.3.0/24
SW1:10.40.3.1/24
SW2:10.40.3.2/24
虚拟地址:10.40.3.100

VRRP备份组4:Public使用,SW2为Master,SW1为Backup
VLAN 404---10.40.4.0/24
SW1:10.40.4.1/24
SW2:10.40.4.2/24
虚拟地址:10.40.4.100

VRRP备份组5:防火墙使用,FW1为Master,FW2为Backup
VLAN 401---10.40.1.0/24
FW1:10.40.1.10/24
FW2:10.40.1.20/24
虚拟地址:10.40.1.200

VRRP备份组6:防火墙使用,FW2为Master,FW1为Backup
VLAN 402---10.40.2.0/24
FW1:10.40.2.10/24
FW2:10.40.2.20/24
虚拟地址:10.40.2.200

VRRP备份组7:防火墙使用,FW1为Master,FW2为Backup
VLAN 403---10.40.3.0/24
FW1:10.40.3.10/24
FW2:10.40.3.20/24
虚拟地址:10.40.3.200

VRRP备份组8:防火墙使用,FW2为Master,FW1为Backup
VLAN 404---10.40.4.0/24
FW1:10.40.4.10/24
FW2:10.40.4.20/24
虚拟地址:10.40.4.200
配置
sw1
	vrf
		vlan batch 401 402
		int g 0/0/3
		po li t 
		po t all vlan 401 402
		int g 0/0/4
		po t all vlan 401 402
		int v 401
		ip banding vpn-instance vrf
		ip ad 10.40.1.1 24
		vrrp vrid 1 virtual-ip 10.40.1.100
		vrrp vrid 1 priority 120
		vrrp vrid 1 preempt-mode timer delay 60
		vrrp vrid 1 track int g 0/0/3 reduced 30
		int v 402
		ip banding vpn-instance vrf
		ip ad 10.40.2 .1 24
		vrrp vrid 2 virtual-ip 10.40.2.100
	public
		vlan  batch 403 404
		int g 0/0/1
		po li t
		po t all vlan 403 404
		int g 0/0/2
		po li t
		po t all vlan 403 404
		int v 403
		ip ad 10.40.3.1 24
		vrrp vrid 3 virtual-ip 10.40.3.100
		vrrp vrid 3 priority  120
		vrrp vrid 3 preempt-mode timer delay 60
		int v 404
		ip ad 10.40.4.1 24
		vrrp vrid 4 virtual-ip 10.40.4.100
	路由配置
		IP route-static vpn-instance vrf  0.0.0.0 0 10.40.1.200
		IP route-static vpn-instance vrf  0.0.0.0 0 10.40.2.200 preference 70
		ip route-static 192.168.0.0  16 10.40.3.200
		ip route-static 192.168.0.0 16 10.40.4.200 preference 70

sw2
	public
		vlan  batch 403 404
		int g 0/0/1
		po li t
		po t all vlan 403 404
		int g 0/0/2
		po li t
		po t all vlan 403 404
		int v 403
		ip ad 10.40.3.2 24
		vrrp vrid 3 virtual-ip 10.40.3.100
		int v 404
		ip ad 10.40.4.2 24
		vrrp vrid 4 virtual-ip 10.40.4.100
		vrrp vrid 4 priority 120
		vrrp vrid 4 preempt-mode timer delay 60
		vrrp vrid 4 track interface g 0/0/1 reduced 30
	vrf
		vlan batch 401 402
		int g 0/0/3
		po li t 
		po t all vlan 401 402
		int g 0/0/4
		po lin t
		po t all vlan 401 402
		int v 401
		ip banding vpn-instance vrf
		ip ad 10.40.1.2 24
		vrrp vrid 1 virtual-ip 10.40.1.100
		int v 402
		ip banding vpn-instance vrf
		ip ad 10.40.2 .2 24
		vrrp vrid 2 virtual-ip 10.40.2.100
		vrrp vrid 2 priority 120
		vrrp vrid  2 preempt-mode timer delay 60
		vrrp vrid 2 track interace g 0/0/3 reduced 30
	路由配置
		IP route-static vpn-instance vrf  0.0.0.0 0 10.40.2.200
		IP route-static vpn-instance vrf  0.0.0.0 0 10.40.1.200 preference 70
		ip route-static 192.168.0.0  16 10.40.4.200
		ip route-static 192.168.0.0 16 10.40.3.200 preference 70

fw1
	vlan batch 401 402 403 404
	interface virtual-template
	int g 1/0/0
	ip ad 10.10.10.1 30
	interface g 1/0/2.401
	ip ad 10.40.1.10 24
	vlan-type dotlq 401
	int g 1/0/2 .402
	ip ad 10.40.2.10 24
	vlan-type dotlq 402
	int g 1/0/3.403
	ip ad 10.40.3.10 24
	vlan-type dotlq 403
	int g 1/0/3.404
	ip ad  10.40.4.10 24
	vlan-type dotlq 404
	firewall zone trust
	add int g 1/0/2.401
	add int g 1/0/2.402
	firewall zone untrust
	add int g 1/0/3.403
	add int g 1/0/3.404
	firewall zone dmz
	add int g 1/0/0
	双机热备
		int g 1/0/2.401
		vrrp vrid 5 virtual-ip 10.40.1.200 active
		int g 1/0/2.402
		vrrp vrid 6 virtual-ip 10.40.2.200 standby
		int g 1/0/3.403
		vrrp vrid 7 virtual-ip 10.40.3.200 active
		int g 1/0/3.404
		vrrrp vrid 8 virtual-ip 10.40.4.200 standby
		hrp mrror session enable
			快速备份
		hrp interface g 1/0/0 remote 10.10.10.2
			定义心跳线与对端IP
		hrp enable
	路由配置
		IP route-static 0.0.0.0  0 10.40.3.100
		IP route-static 0.0.0.0  0 10.40.4.100 preference 70
		ip route-static 192.168.0.0  16  10.40.1.100
		ip route-static 192.168.0.0  16  10.40.2.100 preference  70
	安全策略
		security-policy
		rule name t_to_u
		souce-zone trust
		destination-zone untrust
		souce-addess 192.168.0.0 16
		action permit
		dis security -policy rule all
			显示所有策略
	激活接口
		int g 1/0/2
		ip ad 1.1.1.1 24
		undo ip ad
		int g 1/0/3
		ip ad 1.1.1.1 24
		undo ip ad 

fw2
	vlan batch 401 402 403 404
	interface virtual-template
		待定
	int g 1/0/0
	ip ad 10.10.10.2 30
	interface g 1/0/2.401
	ip ad 10.40.1.20 24
	vlan-type dotlq 401
	int g 1/0/2 .402
	ip ad 10.40.2.20 24
	vlan-type dotlq 402
	int g 1/0/3.403
	ip ad 10.40.3.20 24
	vlan-type dotlq 403
	int g 1/0/3.404
	ip ad  10.40.4.20 24
	vlan-type dotlq 404
	firewall zone trust
	add int g 1/0/2.401
	add int g 1/0/2.402
	firewall zone untrust
	add int g 1/0/3.403
	add int g 1/0/3.404
	firewall zone dmz
	add int g 1/0/0
	双机热备
		int g 1/0/2.401
		vrrp vrid 5 virtual-ip 10.40.1.200  standby
		int g 1/0/2.402
		vrrp vrid 6 virtual-ip 10.40.2.200 avtive
		int g 1/0/3.403
		vrrp vrid 7 virtual-ip 10.40.3.200 standby
		int g 1/0/3.404
		vrrrp vrid 8 virtual-ip 10.40.4.200 active
		hrp mrror session enable
			快速备份
		hrp interface g 1/0/0 remote 10.10.10.1
			定义心跳线与对端IP
		hrp enable
	路由配置
		IP route-static 0.0.0.0  0 10.40.4.100
		IP route-static 0.0.0.0  0 10.40.3.100 preference 70
		ip route-static 192.168.0.0  16  10.40.2.100
		ip route-static 192.168.0.0  16  10.40.1.100 preference  70
	激活接口
		int g 1/0/2
		ip ad 1.1.1.1 24
		undo ip ad
		int g 1/0/3
		ip ad 1.1.1.1 24
		undo ip ad
核心到边界

在这里插入图片描述

SW1-SW2:VLAN 201 --- 10.20.1.0/24
SW1-R5:VLAN 105 ---- 10.10.5.0/24
SW2-R6:VLAN 206 ---- 10.20.6.0/24
R5-R6: ---- 10.56.0.0/24
配置
sw1
	vlan batch 201 105
	int g 0/0/7
	po lin acc
	po default vlan 105
	undo stp enable
	int g 0/0/2
	po t all vlan 201
	undo stp enable
	int  v  105
	ip ad 10.10.5.1 24
	int v 201 
	ip ad 10.20.1.1 24
	ospf 2 route-id 1.1.1.1
	area 0
	network 10.20.1.1 0.0.0.0
	network 10.10.5.1 0.0.0.0
	ospf 2
	import-route static

sw2
	vlan batch 201 206
	int g 0/0/7
	po lin acc
	po default vlan 206
	undo stp enable
	int g 0/0/2
	po t all vlan 201
	undo stp enable
	int  v  206
	ip ad 10.20.6.2 24
	int v 201 
	ip ad 10.20.1.2 24
	ospf 2 route-id 2.2.2.2
	area 0
	network 10.20.1.2 0.0.0.0
	network 10.20.6.2 0.0.0.0
	ospf 1
	default-route-advertise--------下放路由
	ospf 2
	import-route static-------导入静态路由

r5
	int g 0/0/0
	ip  ad  10.10.5.5 24
	int g 0/0/1
	ip ad 10.56.0.5 24
	ospf 1 route-id  5.5.5.5
	area 0
	network 10.56.0.5 0.0.0.0
	network 10.10.5.5 0.0.0.0
	int g 0/0/2
	ip ad 12.0.0.5 24
	ip route-static 0.0.0.0 0 12.0.0.100
	ospf 1
	default-route-advertise
	acl 2000
	rule permit souce 192.168.0.0 0.0.255.255
	int g 0/0/2
	nat outbound 2000

r6
	int g  0/0/0
	ip ad 10.20.6.6 24
	int g 0/0/1
	ip ad 10.56.0.6 24
	ospf 1 route-id 6.6.6.6
	aera 0 
	nerwork 10.56.0.6 0.0.0.0
	network 10.20.6.6  0.0.0.0
	int g 0/0/2
	ip ad 13.0.0.6 24
	ip route-static 0.0.0.0 0 13.0.0.100
	ospf 1
	default-route-advertise
	acl 2000
	rule permit souce 192.168.0.0 0.0.255.255
	int g 0/0/2
	nat outbound 2000

isp
	int g 0/0/0
	ip ad 12.0.0.100 24
	int g 0/0/1
	ip ad 13.0.0.100 24
	interface loopback 0
	ip ad 100.1.1 24

相关文章:

  • HTTP/1.0、HTTP/1.1、HTTP/2 核心区别对比
  • 达梦数据库阻塞死锁及解锁
  • 【SpringBoot】【log】 自定义logback日志配置
  • 算法之刷题汇总
  • 布隆过滤器、布隆算法笔记
  • 线程间的通信
  • [C++] enum 以及 enum class 简单用法
  • Transformer 代码剖析6 - 位置编码 (pytorch实现)
  • Cursor+pycharm接入Codeuim(免费版),Tab自动补全功能平替
  • 支付宝 IoT 设备入门宝典(下)设备经营篇
  • 软件安全性测试类型分享,第三方软件测试机构如何进行安全性测试?
  • 建造者模式
  • 蓝(准备)
  • Python Cookbook-2.17 在目录树中改变文件扩展名
  • VSCode离线安装插件
  • 关于网页地图的坐标系
  • 《深度学习实战》第6集:扩散模型(Diffusion Models)与高质量图像生成
  • Ruby基础
  • 【免费】YOLO[笑容]目标检测全过程(yolo环境配置+labelimg数据集标注+目标检测训练测试)
  • Spring Boot 接口 JSON 序列化优化:忽略 Null 值的九种解决方案详解
  • 吉林长春今天疫情新增/seo优化服务公司
  • 潍坊制作网站的公司/北京最新消息今天
  • 改网站字体颜色代码/西安网站建设制作公司
  • 万州网/优化营商环境条例
  • 俄文网站建设 俄文网站设计/网站收录查询工具
  • 蒙文网站建设情况汇报/镇江网站seo