作者:邓聪聪
华为系列路由器的负载均衡NQA联动侦测配置案例:
需求:该局域网,IP地址(末位奇数)走联通,IP地址(末位偶数)走电信当某个运营商不可达时,自动切换。通过NQA来确定运营商是否可达。,并与流行为、静态路由联动,实现自动切换。默认路由走联通,当联通不可达切至电信(配置的路由优先级,华为交换机静态路由默认优先级为60)
配置详情:
内网核心路由器配置;
<Huawei>dis cu [V200R003C00] # snmp-agent local-engineid 800007DB03000000000000 snmp-agent # clock timezone China-Standard-Time minus 08:00:00 # portal local-server load portalpage.zip # drop illegal-mac alarm # set cpu-usage threshold 80 restore 75 # bfd # acl number 2000 description To-Unicom rule 10 permit source 192.168.0.0 0.0.0.255 acl number 2001 description To-Telecom rule 10 permit source 192.168.1.0 0.0.0.255 # acl number 3000 description NAT rule 10 permit ip source 192.168.0.0 0.0.1.255 # traffic classifier DX operator and if-match acl 2001 traffic classifier LT operator and if-match acl 2000 # traffic behavior DX redirect ip-nexthop 20.1.1.1 track nqa test DX traffic behavior LT redirect ip-nexthop 10.1.1.1 track nqa test LT # traffic policy load classifier LT behavior LT classifier DX behavior DX # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$ local-user admin service-type http # firewall zone Local priority 15 # interface GigabitEthernet0/0/0 ip address 10.1.1.2 255.255.255.252 nat outbound 3000 # interface GigabitEthernet0/0/1 ip address 20.1.1.2 255.255.255.252 nat outbound 3000 # interface GigabitEthernet0/0/2 ip address 10.16.0.1 255.255.255.252 traffic-policy load inbound # interface NULL0 # bfd lt bind peer-ip 10.1.1.1 interface GigabitEthernet0/0/0 source-ip 10.1.1.2 o ne-arm-echo discriminator local 1 min-echo-rx-interval 200 commit # ip route-static 0.0.0.0 0.0.0.0 20.1.1.1 preference 150 ip route-static 0.0.0.0 0.0.0.0 10.1.1.1 track nqa test LT ip route-static 192.168.0.0 255.255.254.0 10.16.0.2 ip route-static 202.106.0.30 255.255.255.255 10.1.1.1 ip route-static 219.141.140.10 255.255.255.255 20.1.1.1 # nqa test-instance test DX test-type icmp destination-address ipv4 219.141.140.10 frequency 5 probe-count 2 start now nqa test-instance test LT test-type icmp destination-address ipv4 202.106.0.30 frequency 5 probe-count 1 start now # user-interface con 0 authentication-mode password user-interface vty 0 4 user-interface vty 16 20 # wlan ac # return <Huawei>
内网汇聚设备配置;
[Huawei]dis cu # sysname Huawei # vlan batch 10 100 # cluster enable ntdp enable ndp enable # drop illegal-mac alarm # diffserv domain default # drop-profile default # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password simple admin local-user admin service-type http # interface Vlanif1 ip address 192.168.0.1 255.255.254.0 # interface Vlanif10 ip address 10.16.0.2 255.255.255.252 # interface MEth0/0/1 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 # interface GigabitEthernet0/0/3 port link-type access port default vlan 10 # interface GigabitEthernet0/0/4 # interface GigabitEthernet0/0/5 # interface GigabitEthernet0/0/6 # interface GigabitEthernet0/0/7 # interface GigabitEthernet0/0/8 # interface GigabitEthernet0/0/9 # interface GigabitEthernet0/0/10 # interface GigabitEthernet0/0/11 # interface GigabitEthernet0/0/12 # interface GigabitEthernet0/0/13 # interface GigabitEthernet0/0/14 # interface GigabitEthernet0/0/15 # interface GigabitEthernet0/0/16 # interface GigabitEthernet0/0/17 # interface GigabitEthernet0/0/18 # interface GigabitEthernet0/0/19 # interface GigabitEthernet0/0/20 # interface GigabitEthernet0/0/21 # interface GigabitEthernet0/0/22 # interface GigabitEthernet0/0/23 # interface GigabitEthernet0/0/24 # interface NULL0 # ip route-static 0.0.0.0 0.0.0.0 10.16.0.1 # user-interface con 0 user-interface vty 0 4 # return [Huawei]
模拟运营商配置 unicom;
<Huawei>dis cu # sysname Huawei # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw# local-user admin service-type http # firewall zone Local priority 16 # interface Ethernet0/0/0 # interface Ethernet0/0/1 # interface Serial0/0/0 link-protocol ppp # interface Serial0/0/1 link-protocol ppp # interface Serial0/0/2 link-protocol ppp # interface Serial0/0/3 link-protocol ppp # interface GigabitEthernet0/0/0 ip address 1.1.1.1 255.255.255.252 # interface GigabitEthernet0/0/1 ip address 10.1.1.1 255.255.255.252 # interface GigabitEthernet0/0/2 # interface GigabitEthernet0/0/3 # wlan # interface NULL0 # interface LoopBack1 ip address 202.106.0.30 255.255.255.255 # interface LoopBack12 ip address 202.106.0.100 255.255.255.255 # ospf 1 import-route direct area 0.0.0.0 network 1.1.1.0 0.0.0.3 network 202.106.0.0 0.0.0.255 # user-interface con 0 user-interface vty 0 4 user-interface vty 16 20 # return <Huawei>
模拟运营商配置 telecom;
<Huawei>dis cu # sysname Huawei # aaa authentication-scheme default authorization-scheme default accounting-scheme default domain default domain default_admin local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw# local-user admin service-type http # firewall zone Local priority 16 # interface Ethernet0/0/0 # interface Ethernet0/0/1 # interface Serial0/0/0 link-protocol ppp # interface Serial0/0/1 link-protocol ppp # interface Serial0/0/2 link-protocol ppp # interface Serial0/0/3 link-protocol ppp # interface GigabitEthernet0/0/0 ip address 1.1.1.2 255.255.255.252 # interface GigabitEthernet0/0/1 # interface GigabitEthernet0/0/2 ip address 20.1.1.1 255.255.255.252 # interface GigabitEthernet0/0/3 # wlan # interface NULL0 # interface LoopBack1 ip address 219.141.140.10 255.255.255.255 # ospf 1 import-route direct area 0.0.0.0 network 1.1.1.0 0.0.0.3 # nqa test-instance test 1 test-type icmp destination-address ipv4 1.1.1.1 frequency 5 probe-count 1 start now # user-interface con 0 user-interface vty 0 4 user-interface vty 16 20 # return <Huawei>
模拟故障;修改unicom的 interface GigabitEthernet0/0/1端口配置,使其互联不可达,但链路状态依然up。
故障前路由表状态;
0.0.0.0/0 Static 60 0 RD 10.1.1.1 GigabitEthernet 0/0/0 10.1.1.0/30 Direct 0 0 D 10.1.1.2 GigabitEthernet 0/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 10.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 10.16.0.0/30 Direct 0 0 D 10.16.0.1 GigabitEthernet 0/0/2 10.16.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/2 10.16.0.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/2 20.1.1.0/30 Direct 0 0 D 20.1.1.2 GigabitEthernet 0/0/1 20.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 20.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/23 Static 60 0 RD 10.16.0.2 GigabitEthernet 0/0/2 202.106.0.30/32 Static 60 0 RD 10.1.1.1 GigabitEthernet 0/0/0 219.141.140.10/32 Static 60 0 RD 20.1.1.1 GigabitEthernet 0/0/1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
故障后路由表状态;
0.0.0.0/0 Static 150 0 RD 20.1.1.1 GigabitEthernet 0/0/1 10.1.1.0/30 Direct 0 0 D 10.1.1.2 GigabitEthernet 0/0/0 10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 10.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/0 10.16.0.0/30 Direct 0 0 D 10.16.0.1 GigabitEthernet 0/0/2 10.16.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/2 10.16.0.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/2 20.1.1.0/30 Direct 0 0 D 20.1.1.2 GigabitEthernet 0/0/1 20.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 20.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet 0/0/1 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.0.0/23 Static 60 0 RD 10.16.0.2 GigabitEthernet 0/0/2 202.106.0.30/32 Static 60 0 RD 10.1.1.1 GigabitEthernet 0/0/0 219.141.140.10/32 Static 60 0 RD 20.1.1.1 GigabitEthernet 0/0/1 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
配置验证:
display ip routing-table #用于查看当前设备的路由表状态
display nqa results test-instance test LT #用于验证NQA的状态