• 总结:BGP和静态路由并存,达到故障自动倒换的目的。

    总体结论:

    在上云的场景中,客户需要本地数据中心到云上VPC,出现网络故障时做到自动倒换,保证业务不中断。

    一、客户需求

    1、客户有总厂、分厂、总厂是通过专线和VPN连接上云,分厂是通过专线先连接到总厂,分厂也有VPN连接上云。

    2、客户要求,无论是总厂的专线故障,还是分厂的专线故障,都需要进行网络链路自动倒换,切换到VPN连接,从而保证业务快速恢复。

    二、组网图:

    说明:1、在总厂和分厂的路由器上,分别使用loopback口模拟客户总厂和分厂的网络。

              2、AR5作为VPN网关,此处只配置了静态路由,IPSEC VPN的配置忽略。

    三、配置思路与关键点

    1、专线OK时,优选专线。

         CE1设备要求:到达总厂、分厂的网段,可以从AR5(VPN网关)得到,也可以从AR2(总厂路由器)得到,为了优选从AR2得到,需要配置与AR2(总厂路由器)的BGP邻居的本地优先级更高。

    #
bgp 65001
 timer keepalive 20 hold 60
 peer 10.0.0.2 as-number 65002
 peer 20.0.0.2 as-number 65004
 #
 ipv4-family unicast
  network 10.0.0.0 255.255.255.0
  network 20.0.0.0 255.255.255.0
  network 169.254.195.0 255.255.255.0
  network 192.168.0.0 255.255.255.0
  peer 10.0.0.2 enable
  peer 10.0.0.2 preferred-value 10
  peer 20.0.0.2 enable
#

        对于总厂设备AR2,到达VPC网段也有两个路径,一个是从CE1通过BGP交互得到,一个是通过本地静态路由,下一跳是VPN网关AR5,为了确保专线的优先级更高,需要配置BGP的外部优先级比静态路由的外部优先级更高。不过,这里有两种方法达到此效果,见另外一篇博客。

        总厂路由器关键配置:

    #
bgp 65002
 timer keepalive 20 hold 60
 peer 10.0.0.1 as-number 65001 
 peer 40.0.0.2 as-number 65003 
 #
 ipv4-family unicast
  undo synchronization
  preference 50 50 50 
  network 10.0.0.0 255.255.255.0 
  network 40.0.0.0 255.255.255.0 
  network 60.0.0.0 255.255.255.0 
  peer 10.0.0.1 enable
  peer 40.0.0.2 enable
#

        对于分厂设备而言,到达VPC网段也有与总厂相同的诉求,专线优先级高于VPN,所以,分厂路由器也有提高BGP优先级的相同配置。

     分厂路由器配置:

    #
bgp 65003
 timer keepalive 20 hold 60
 peer 40.0.0.1 as-number 65002 
 #
 ipv4-family unicast
  undo synchronization
  preference 50 50 50 
  network 40.0.0.0 255.255.255.0 
  network 70.0.0.0 255.255.255.0 
  peer 40.0.0.1 enable
#

    2、修改BGP心跳报文间隔为更短,以便尽早检测到网络故障。全部调整为20秒,也就是BGP邻居在1分钟后可以感知到网络故障。

    配置见上面的BGP配置上的timer.

    四、实测效果

    1、专线OK时,流量优选专线。

    云上VPC --- > 总厂:

        AR4 (默认路由) ---> AR1 (默认路由) ---> CE1 (BGP路由) ---> AR2

        

    云上VPC --- > 总厂(回程):

        AR2(BGP路由) ---> CE1 (静态路由) ---> AR1 (直连路由) ---> AR4

        

    云上VPC ---> 分厂:

        AR4 (默认路由) ---> AR1 (默认路由) ---> CE1 (BGP路由) ---> AR2(BGP路由) ---> AR3

        

    云上VPC ---> 分厂(回程):

        AR3(BGP路由) ---> AR2(BGP路由) ---> CE1 (静态路由) ---> AR1 (直连路由) ---> AR4

        

    2、总厂专线故障 (总厂AR2 shutdown GE0/0/0端口, 等待1分钟后)

    云上VPC --- > 总厂:

        AR4 (默认路由) ---> AR1 (默认路由) ---> CE1 (BGP路由) ---> AR5(静态路由)---> AR2

    云上VPC --- > 总厂(回程):

        AR2(静态路由) ---> AR5(BGP路由)--->  CE1 (静态路由) ---> AR1 (直连路由) ---> AR4

     

    云上VPC ---> 分厂:

         AR4 (默认路由) ---> AR1 (默认路由) ---> CE1 (BGP路由) ---> AR5(静态路由)---> AR3

    云上VPC ---> 分厂(回程):

        AR3(静态路由) ---> AR5(BGP路由)--->  CE1 (静态路由) ---> AR1 (直连路由) ---> AR4

    总厂专线故障恢复后,可以看到流量正常回切走总厂专线。

    实测效果,同“1、专线OK时,流量优选专线。”

    3、分厂专线故障(分厂AR3 shutdown GE0/0/0端口, 等待1分钟后)

    云上VPC --- > 总厂:

        AR4 (默认路由) ---> AR1 (默认路由) ---> CE1 (BGP路由) ---> AR2

    云上VPC --- > 总厂(回程):

        AR2(BGP路由) ---> CE1 (静态路由) ---> AR1 (直连路由) ---> AR4

     

    云上VPC ---> 分厂:

         AR4 (默认路由) ---> AR1 (默认路由) ---> CE1 (BGP路由) ---> AR5(静态路由)---> AR3

    云上VPC ---> 分厂(回程):

        AR3(静态路由) ---> AR5(BGP路由)--->  CE1 (静态路由) ---> AR1 (直连路由) ---> AR4

     

    分厂专线故障恢复后,可以看到流量正常回切走分厂专线。

    实测效果,同“1、专线OK时,流量优选专线。”

    五、所有设备的配置

    云上VPC

    AR4配置

    [V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 192.168.0.1 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 192.168.0.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

    AR1配置

    [V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 192.168.0.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 ip address 169.254.195.201 255.255.255.0 
#
interface NULL0
#
ip route-static 0.0.0.0 0.0.0.0 169.254.195.1
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

    专线网关CE1交换机

    !CfgFileCrc:1b29a473
!Software Version V800R013C00SPC560B560
!Last configuration was updated at 2018-05-06 11:32:22 UTC
!Last configuration was saved at 2018-05-06 11:41:11 UTC
!MKHash 0000000000000000
#
sysname HUAWEI
#
device board 1 board-type CE-MPUB
#
aaa
 #
 authentication-scheme default
 #
 authorization-scheme default
 #
 accounting-scheme default
 #
 domain default
 #
 domain default_admin
#
interface MEth0/0/0
 undo shutdown
#
interface GE1/0/0
 undo portswitch
 undo shutdown
 ip address 20.0.0.1 255.255.255.0
#
interface GE1/0/1
 shutdown
#
interface GE1/0/2
 undo portswitch
 undo shutdown
 ip address 169.254.195.1 255.255.255.0
#
interface GE1/0/3
 undo portswitch
 undo shutdown
 ip address 10.0.0.1 255.255.255.0
#
interface GE1/0/4
 shutdown
#
interface GE1/0/5
 shutdown
#
interface GE1/0/6
 shutdown
#
interface GE1/0/7
 shutdown
#
interface GE1/0/8
 shutdown
#
interface GE1/0/9
 shutdown
#
interface GE1/0/10
 shutdown
#
interface GE1/0/11
 shutdown
#
interface GE1/0/12
 shutdown
#
interface GE1/0/13
 shutdown
#
interface GE1/0/14
 shutdown
#
interface GE1/0/15
 shutdown
#
interface GE1/0/16
 shutdown
#
interface GE1/0/17
 shutdown
#
interface GE1/0/18
 shutdown
#
interface GE1/0/19
 shutdown
#
interface GE1/0/20
 shutdown
#
interface GE1/0/21
 shutdown
#
interface GE1/0/22
 shutdown
#
interface GE1/0/23
 shutdown
#
interface GE1/0/24
 shutdown
#
interface GE1/0/25
 shutdown
#
interface GE1/0/26
 shutdown
#
interface GE1/0/27
 shutdown
#
interface GE1/0/28
 shutdown
#
interface GE1/0/29
 shutdown
#
interface GE1/0/30
 shutdown
#
interface GE1/0/31
 shutdown
#
interface GE1/0/32
 shutdown
#
interface GE1/0/33
 shutdown
#
interface GE1/0/34
 shutdown
#
interface GE1/0/35
 shutdown
#
interface GE1/0/36
 shutdown
#
interface GE1/0/37
 shutdown
#
interface GE1/0/38
 shutdown
#
interface GE1/0/39
 shutdown
#
interface GE1/0/40
 shutdown
#
interface GE1/0/41
 shutdown
#
interface GE1/0/42
 shutdown
#
interface GE1/0/43
 shutdown
#
interface GE1/0/44
 shutdown
#
interface GE1/0/45
 shutdown
#
interface GE1/0/46
 shutdown
#
interface GE1/0/47
 shutdown
#
interface NULL0
#
bgp 65001
 timer keepalive 20 hold 60
 peer 10.0.0.2 as-number 65002
 peer 20.0.0.2 as-number 65004
 #
 ipv4-family unicast
  network 10.0.0.0 255.255.255.0
  network 20.0.0.0 255.255.255.0
  network 169.254.195.0 255.255.255.0
  network 192.168.0.0 255.255.255.0
  peer 10.0.0.2 enable
  peer 10.0.0.2 preferred-value 10
  peer 20.0.0.2 enable
#
ip route-static 192.168.0.0 255.255.255.0 169.254.195.201
#
ssh authorization-type default aaa
#
user-interface con 0
#
vm-manager
#
return

    VPN网关AR5

    [V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load portalpage.zip
#
 drop illegal-mac alarm
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 20.0.0.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 30.0.0.2 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 50.0.0.2 255.255.255.0 
#
interface NULL0
#
bgp 65004
 peer 20.0.0.1 as-number 65001 
 #
 ipv4-family unicast
  undo synchronization
  network 20.0.0.0 255.255.255.0 
  import-route static
  peer 20.0.0.1 enable
#
ip route-static 60.0.0.0 255.255.255.0 30.0.0.1
ip route-static 70.0.0.0 255.255.255.0 50.0.0.1
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

    总厂AR2配置

    [V200R003C00]
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 10.0.0.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
 ip address 30.0.0.1 255.255.255.0 
#
interface GigabitEthernet0/0/2
 ip address 40.0.0.1 255.255.255.0 
#
interface NULL0
#
interface LoopBack1
 ip address 60.0.0.1 255.255.255.0 
#
bgp 65002
 timer keepalive 20 hold 60
 peer 10.0.0.1 as-number 65001 
 peer 40.0.0.2 as-number 65003 
 #
 ipv4-family unicast
  undo synchronization
  preference 50 50 50 
  network 10.0.0.0 255.255.255.0 
  network 40.0.0.0 255.255.255.0 
  network 60.0.0.0 255.255.255.0 
  peer 10.0.0.1 enable
  peer 40.0.0.2 enable
#
ip route-static 192.168.0.0 255.255.255.0 30.0.0.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return

    分厂AR3配置

    [V200R003C00]
#
 sysname branch
#
 snmp-agent local-engineid 800007DB03000000000000
 snmp-agent 
#
 clock timezone China-Standard-Time minus 08:00:00
#
portal local-server load flash:/portalpage.zip
#
 drop illegal-mac alarm
#
 wlan ac-global carrier id other ac id 0
#
 set cpu-usage threshold 80 restore 75
#
aaa 
 authentication-scheme default
 authorization-scheme default
 accounting-scheme default
 domain default 
 domain default_admin 
 local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
 local-user admin service-type http
#
firewall zone Local
 priority 15
#
interface GigabitEthernet0/0/0
 ip address 40.0.0.2 255.255.255.0 
#
interface GigabitEthernet0/0/1
#
interface GigabitEthernet0/0/2
 ip address 50.0.0.1 255.255.255.0 
#
interface NULL0
#
interface LoopBack0
 ip address 70.0.0.1 255.255.255.0 
#
bgp 65003
 timer keepalive 20 hold 60
 peer 40.0.0.1 as-number 65002 
 #
 ipv4-family unicast
  undo synchronization
  preference 50 50 50 
  network 40.0.0.0 255.255.255.0 
  network 70.0.0.0 255.255.255.0 
  peer 40.0.0.1 enable
#
ip route-static 192.168.0.0 255.255.255.0 50.0.0.2
#
user-interface con 0
 authentication-mode password
user-interface vty 0 4
user-interface vty 16 20
#
wlan ac
#
return
  • 相关阅读:
    docker 之 docker-compose 初探
    docker 之 .net core 镜像制作
    docker 之 registry私有仓库(harbor)
    ASP.NET Core 学习笔记(认证授权)
    ASP.NET Core 学习笔记(http请求处理)
    ASP.NET Core 学习笔记(依赖注入)
    Linux基础编程之网络编程TCP实例
    功能包和CMakeLists.txt
    ROS的主节点(名称服务器)---roscore
    关于ros开发
  • 原文地址:https://www.cnblogs.com/zhouhaibing/p/8997934.html
Copyright © 2020-2023  润新知