Are you better today than you were yesterday?
1. Technologies commonly used in existing networks (vrrp and bfd)
VRRP (Virtual Router Redundancy Protocol) is a network protocol used to improve the reliability and fault tolerance of routers. It allows multiple routers to share a virtual IP address, with one router acting as the main router and responsible for forwarding data packets, and the other routers acting as backup routers. When the main router fails, the backup router will take over the work of the main router.
BFD (Bidirectional Forwarding Detection) is a unified detection mechanism for the entire network, which is used to quickly detect and monitor the forwarding connectivity status of links or IP routes in the network.
Three modules: application module——track module——BFD detection module
Single-hop detection: Cross-domain Layer 3 devices are not allowed. If you add the interface keyword during configuration, it is single-hop detection.
When sending a BFD message, request the MAC address of the peer-ip for sending the message.
Multi-hop detection: It can span three-layer devices. If the interface keyword is not added during configuration, it is multi-hop detection.
When sending a BFD message, the MAC address of the next hop of the peer-ip is requested for sending the message.
BFD is often associated with those protocols: When establishing a BFD session connection: the session is established based on the upper layer protocol (ospf, vrrp, static routing, policy routing), BFD itself will not establish neighbor relationships
2. VRRP and BFD linkage experiment
The most commonly used ones in the current network are the linkage between ospf and bfd, and the linkage between vrrp and bfd. Here I will mainly talk about the main configuration process and understanding of the linkage between vrrp and bfd:
What I chose here is bfd bidirectional forwarding detection plus vrrp configuration.
As shown in the figure, the hosts in the LAN are dual-homed to RouterA and RouterB where VRRP backup groups are deployed through the Switch, where RouterA is the master. Dual gateway dhcp redundant backup is done here.
The user hopes that when RouterA or the link between RouterA and Switch fails, the switching time between the active and backup gateways is less than 1 second to reduce the impact of the failure on service transmission.
The linkage between VRRP and BFD is used to achieve fast switching between the active and standby gateways. The configuration ideas are as follows:
Configure the IP address and routing protocol of each device interface to make network layer routing reachable.
Configure a VRRP backup group on Router4 and Router5. Router4 has a priority of 120 and a preemption delay of 20 seconds. It serves as the master device. Router5 has a default priority and serves as a backup device to implement master and backup backup of the gateway.
Configure static BFD sessions on Router4 and Router5 to monitor the links between backup groups.
Configure VRRP and BFD association on Router5 to implement rapid switchover of the VRRP backup group when a link fails.
Detailed configuration:
r4
<Huawei>sy Enter system view, return user view with Ctrl + Z. [Huawei]sy R4 [R4]int g0/0/0 [R4]dhcp e [R4]ip pool pc //Create an address pool [R4-ip-pool-pc]gateway-list 192.168.1.254 //Gateway [R4-ip-pool-pc]network 192.168.1.0 mask 255.255.255.0 //Network segment mask [R4-ip-pool-pc]q [R4]int g0/0/0 [R4-GigabitEthernet0/0/0]ip add 10.1.1.1 24 //Configure the interface address of the external network [R4-GigabitEthernet0/0/0]net outbound 3000 //I pressed the wrong 3000 here and below to understand that this is a reference to easy ip for address translation. [R4-GigabitEthernet0/0/0]int g0/0/1 [R4-GigabitEthernet0/0/1]ip add 192.168.1.1 24 // Configure the address for intranet communication [R4-GigabitEthernet0/0/1]dhcp sel gl [R4-GigabitEthernet0/0/1]vrrp vrid 1 virtual-ip 192.168.1.254 //Configure vrrp virtual gateway backup, which is in the same network segment as the real address [R4-GigabitEthernet0/0/1]vrrp vrid 1 priority 110 //Set the priority to 110 which is the master device [R4-GigabitEthernet0/0/1]vrrp vrid 1 preempt-mode timer delay 3 //Set the preemption delay to three seconds, which means that the convergence between this conversion is three seconds [R4-GigabitEthernet0/0/1]vrrp vrid 1 authentication-mode md5 campus //Set authentication mode to md5 and encryption authentication to asymmetric encryption algorithm [R4]acl 3000 [R4-acl-adv-3000]rule 5 permit ip source 192.168.1.0 0.0.0.255 //Set acl to allow intranet addresses [R4-acl-adv-3000]q [R4]bfd [R4-bfd]q [R4-bfd]bfd lwh bind peer-ip 192.168.1.2 interface GigabitEthernet0/0/1 //Bind bfd The peer-ip is 192.168.1.2 and goes out from g0/0/1 [R4-bfd-session-lwh] discriminator local 2 //Configure local identifier [R4-bfd-session-lwh] discriminator remote 1 //Configure the remote identifier. Note here that when you set the remote identifier, when you are at the remote end, the local identifier of the remote end is 1, then the opposite end The identifier is 2 [R4-bfd-session-lwh] min-tx-interval 50 //This is used to configure the sending interval of bfd messages. [R4-bfd-session-lwh] min-rx-interval 50 // This is the shortest bfd message sending interval that you want to use in this section. [R4-bfd-session-lwh] commit [R4-bfd-session-lwh]q [R4] [R4]ip route-static 0.0.0.0 0 10.1.1.2 //Set the next address pointing to another public network address
r5
<Huawei>sy Enter system view, return user view with Ctrl + Z. [Huawei]sy R5 [R5]int g0/0/0 [R5]dhcp e [R5]ip pool pc [R5-ip-pool-pc]gateway-list 192.168.1.254 [R5-ip-pool-pc]network 192.168.1.0 mask 255.255.255.0 [R5-ip-pool-pc]q [R5]int g0/0/0 [R5-GigabitEthernet0/0/0]ip add 10.2.2.2 24 [R5-GigabitEthernet0/0/0]int g0/0/1 [R5-GigabitEthernet0/0/1]ip add 192.168.1.2 24 [R5-GigabitEthernet0/0/1]dhcp sel gl [R5-GigabitEthernet0/0/1]vrrp vrid 1 virtual-ip 192.168.1.254 [R5-GigabitEthernet0/0/1]vrrp vrid 1 priority 90 [R5-GigabitEthernet0/0/1]vrrp vrid 1 preempt-mode timer delay 3 [R5-GigabitEthernet0/0/1]vrrp vrid 1 authentication-mode md5 campus [R5]acl 3000 [R5-acl-adv-3000]rule 5 permit ip source 192.168.1.0 0.0.0.255 [R5-acl-adv-3000]q [R5]bfd [R5-bfd]q [R5-bfd]bfd lwh bind peer-ip 192.168.1.1 interface GigabitEthernet0/0/1 [R5-bfd-session-lwh] discriminator local 1 [R5-bfd-session-lwh] discriminator remote 2 [R5-bfd-session-lwh] min-tx-interval 50 [R5-bfd-session-lwh] min-rx-interval 50 [R5-bfd-session-lwh] commit [R5-bfd-session-lwh]q [R5] [R5]ip route-static 0.0.0.0 0 10.2.2.1
r6
<Huawei>sy [Huawei]sy s6 [s6] [s6]ospf 2 [s6-ospf-2]area 2 [s6-ospf-2-area-0.0.0.2] network 10.1.1.2 0.0.0.0 [s6-ospf-2-area-0.0.0.2] network 10.2.2.1 0.0.0.0 [s6-ospf-2-area-0.0.0.2] network 10.3.3.3 0.0.0.0 [s6-ospf-2-area-0.0.0.2] q [s6] [s6]int g0/0/0 [s6-GigabitEthernet0/0/0]ip address 10.1.1.2 255.255.255.0 [s6-GigabitEthernet0/0/0]int g0/0/1 [s6-GigabitEthernet0/0/1] ip address 10.2.2.1 255.255.255.0 [s6-GigabitEthernet0/0/1]int g0/0/2 [s6-GigabitEthernet0/0/2] ip address 10.3.3.3 255.255.255.0 [s6-GigabitEthernet0/0/2] dhcp select interface
The effect is as follows:
After completing the above configuration, execute the display vrrp command on Router4 and Router5 respectively. It can be seen that Router4 is the Master device, Router5 is the Backup device, and the associated BFD session status is UP.
After the configuration is complete, execute the display bfd session command on Router4 or Router5. You can see that the status of the BFD session is Up. Take the display of Router4 as an example
Run the shutdown command on interface GE0/0/1 of Router4 to simulate a link failure. At this time, execute the display vrrp command on Router4 and Router5 respectively. It can be seen that the status of Router4 changes to Initialize, the status of Router5 changes to Master, and the associated BFD session status is DOWN.
Just change to masterd before it’s too late.
Internal network access to external network
The switching delay has indeed become smaller
At this time, bfd linkage is down
Here, you can use tracert to test. You will find that when accessing the external network, the priority is r4. If r5 is turned down, the r4 link will be continuously monitored for timely switching.