👭
VRRP の練習
本エントリについて
Dynagen、Dynamips、vpcs を使って、VRRP を練習します。
Dynagen、Dynamips、vpcs の利用環境はすでに整っているものとします。
参考サイト
基本設定
https://zenn.dev/mnod/articles/895119218f52fe の練習をした環境を利用します。
VRRP 有効化 (VLAN10)
debug vrrp events を有効にして作業しています。
sw01
基本設定の段階で、下記が投入済みです。
sw01(config)#spanning-tree vlan 10 root primary
sw01(config)#spanning-tree vlan 11 root secondary
まずは sw01 で VRRP を有効化します。
sw01(config)#interface vlan 10
sw01(config-if)#vrrp 10 ip 10.2.0.254
Dec 29 20:26:38.247: VRRP: Grp 10 Event - primary IP configured
Dec 29 20:26:38.251: VRRP: vrrp_interface_state: Vl10 is Up
Dec 29 20:26:38.251: VRRP: Grp 10 Event - Interface UP
Dec 29 20:26:38.251: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
Dec 29 20:26:41.862: VRRP: Grp 10 Event - Master down timer expired
Dec 29 20:26:41.862: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
VRRP の状態を確認します。
sw01#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 3609 Y Master 10.2.0.252 10.2.0.254
sw01#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.2.0.252 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
疎通確認をします。
VRRPでは 00:00:5e:00:01:xx の MAC アドレスを利用します。
VPCS[1]> show ip
NAME : VPCS[1]
IP/MASK : 10.2.0.2/24
GATEWAY : 10.2.0.254
DNS :
MAC : 00:50:79:66:68:00
LPORT : 20000
RHOST:PORT : 127.0.0.1:30000
MTU: : 1500
VPCS[1]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=8.506 ms
10.2.0.254 icmp_seq=2 ttl=255 time=6.190 ms
10.2.0.254 icmp_seq=3 ttl=255 time=9.796 ms
10.2.0.254 icmp_seq=4 ttl=255 time=9.759 ms
10.2.0.254 icmp_seq=5 ttl=255 time=6.862 ms
VPCS[1]> show arp
00:00:5e:00:01:0a 10.2.0.254 expires in 112 seconds
VPCS[1]> ping 10.2.1.252
10.2.1.252 icmp_seq=1 ttl=255 time=4.575 ms
10.2.1.252 icmp_seq=2 ttl=255 time=6.921 ms
10.2.1.252 icmp_seq=3 ttl=255 time=6.198 ms
10.2.1.252 icmp_seq=4 ttl=255 time=5.075 ms
10.2.1.252 icmp_seq=5 ttl=255 time=6.769 ms
sw02
sw02 でも、基本設定の段階で、下記が投入済みです。
sw02(config)#spanning-tree vlan 11 root primary
sw02(config)#spanning-tree vlan 10 root secondary
sw02 でも VRRP を有効化します。
sw02(config)#interface vlan 10
sw02(config-if)#vrrp 10 ip 10.2.0.254
Dec 29 20:43:01.866: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Init -> Backup
Dec 29 20:43:05.478: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
VRRP の状態を確認します。
sw02 がマスターになりました。
sw02#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 3609 Y Master 10.2.0.253 10.2.0.254
sw02#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.2.0.253 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
sw01 の状態を確認します。
こちらはバックアップに移行していました。
Dec 29 20:43:05.538: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Master -> Backup
sw01#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 3609 Y Backup 10.2.0.253 10.2.0.254
sw01#show vrr
Vlan10 - Group 10
State is Backup
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.2.0.253, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.109 sec)
疎通確認をします。
VPCS[1]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=9.740 ms
10.2.0.254 icmp_seq=2 ttl=255 time=9.800 ms
10.2.0.254 icmp_seq=3 ttl=255 time=1.125 ms
10.2.0.254 icmp_seq=4 ttl=255 time=7.584 ms
10.2.0.254 icmp_seq=5 ttl=255 time=8.670 ms
VPCS[1]> ping 10.2.1.253
10.2.1.253 icmp_seq=1 ttl=255 time=8.203 ms
10.2.1.253 icmp_seq=2 ttl=255 time=9.950 ms
10.2.1.253 icmp_seq=3 ttl=255 time=7.009 ms
10.2.1.253 icmp_seq=4 ttl=255 time=3.519 ms
10.2.1.253 icmp_seq=5 ttl=255 time=1.924 ms
VPCS[1]> ping 10.2.1.252
10.2.1.252 icmp_seq=1 timeout
10.2.1.252 icmp_seq=2 ttl=255 time=15.266 ms
10.2.1.252 icmp_seq=3 ttl=255 time=19.096 ms
10.2.1.252 icmp_seq=4 ttl=255 time=14.419 ms
10.2.1.252 icmp_seq=5 ttl=255 time=16.877 ms
priority 値の追加
sw01 で priority 値を変更します。
VRRPではデフォルトで preempt が有効なので、この時点で sw01 がマスターになります。
sw01(config)#int vlan 10
sw01(config-if)#vrrp 10 priority 105
Dec 29 20:46:54.211: VRRP: Grp 10 Event - Master down timer expired
Dec 29 20:46:54.211: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
状態を確認します。
sw01#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 105 3589 Y Master 10.2.0.252 10.2.0.254
sw01#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Master Router is 10.2.0.252 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
sw02 で確認すると、sw01 で priority 値が設定されたことを認識して、スタンバイとなっています。
Dec 29 20:46:54.252: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Master -> Backup
sw02#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 3609 Y Backup 10.2.0.252 10.2.0.254
sw02#show vrrp
Vlan10 - Group 10
State is Backup
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.2.0.252, priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.861 sec)
疎通確認をしてみます。
VPCS[1]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=9.480 ms
10.2.0.254 icmp_seq=2 ttl=255 time=6.017 ms
10.2.0.254 icmp_seq=3 ttl=255 time=3.731 ms
10.2.0.254 icmp_seq=4 ttl=255 time=10.768 ms
10.2.0.254 icmp_seq=5 ttl=255 time=5.114 ms
VPCS[1]> ping 10.2.0.252
10.2.0.252 icmp_seq=1 ttl=255 time=10.130 ms
10.2.0.252 icmp_seq=2 ttl=255 time=8.424 ms
10.2.0.252 icmp_seq=3 ttl=255 time=4.244 ms
10.2.0.252 icmp_seq=4 ttl=255 time=6.862 ms
10.2.0.252 icmp_seq=5 ttl=255 time=7.825 ms
VPCS[1]> ping 10.2.0.253
10.2.0.253 icmp_seq=1 ttl=255 time=9.298 ms
10.2.0.253 icmp_seq=2 ttl=255 time=10.896 ms
10.2.0.253 icmp_seq=3 ttl=255 time=10.461 ms
10.2.0.253 icmp_seq=4 ttl=255 time=4.336 ms
10.2.0.253 icmp_seq=5 ttl=255 time=4.411 ms
認証設定の追加
sw01 に認証設定を追加します。
キーチェーンの作成と、hsrp への適用の二段構えの作業です。
sw01(config)#key chain ccna
sw01(config-keychain)#key 18
sw01(config-keychain-key)#key-string cisco
sw01(config-keychain-key)#int vlan 10
sw01(config-if)#vrrp 10 authentication md5 key-chain ccna
Dec 29 20:53:22.520: %SYS-5-CONFIG_I: Configured from console by console
状態を確認します。
引き続きマスターとなっています。
sw01#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 105 3589 Y Master 10.2.0.252 10.2.0.254
sw01#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Authentication MD5, key-chain "ccna"
Master Router is 10.2.0.252 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
sw02 側でも状態を確認します。
認証不一致で、こちらもマスターへ移行していました。
sw02#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 3609 Y Master 10.2.0.253 10.2.0.254
sw02#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.2.0.253 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
sw02 でも認証設定を追加します。
sw02(config)#key chain ccna
sw02(config-keychain)#key 18
sw02(config-keychain-key)#key-string cisco
sw02(config-keychain-key)#int vlan 10
sw02(config-if)#vrrp 10 authentication md5 key-chain ccna
Dec 29 20:55:29.110: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Master -> Backup
状態を確認します。
バックアップへ移行しました。
sw02#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 3609 Y Backup 10.2.0.252 10.2.0.254
sw02#show vrrp
Vlan10 - Group 10
State is Backup
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "ccna"
Master Router is 10.2.0.252, priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.817 sec)
sw01 は引き続きマスターとなっています。
sw01#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 105 3589 Y Master 10.2.0.252 10.2.0.254
sw01#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Authentication MD5, key-chain "ccna"
Master Router is 10.2.0.252 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
インタフェーストラッキング
インタフェーストラッキングの設定を追加します。
sw01(config)#track 1 interface fa1/0 line-protocol
sw01(config-track)#int vlan 10
sw01(config-if)#vrrp 10 track 1 decrement 10
状態を確認します。
sw01#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 105 3589 Y Master 10.2.0.252 10.2.0.254
sw01#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Track object 1 state Up decrement 10
Authentication MD5, key-chain "ccna"
Master Router is 10.2.0.252 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
トラッキングテスト
トラッキング対象の fa1/0 を shutdown してみます。
sw01(config)#int fa1/0
sw01(config-if)#shut
Dec 29 21:03:59.493: %TRACKING-5-STATE: 1 interface Fa1/0 line-protocol Up->Down
Dec 29 21:03:59.989: %DTP-5-NONTRUNKPORTON: Port Fa1/0 has become non-trunk
Dec 29 21:04:01.461: %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to administratively down
Dec 29 21:04:02.461: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to down
Dec 29 21:04:02.949: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Master -> Backup
状態を確認すると、バックアップへ移行しています。
sw01#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 95 3589 Y Backup 10.2.0.253 10.2.0.254
sw01#
sw01#show vrrp
Vlan10 - Group 10
State is Backup
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 95 (cfgd 105)
Track object 1 state Down decrement 10
Authentication MD5, key-chain "ccna"
Master Router is 10.2.0.253, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec (expires in 3.241 sec)
sw02 側はマスターへ移行しています。
Dec 29 21:04:02.898: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
sw02#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 3609 Y Master 10.2.0.253 10.2.0.254
sw02#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "ccna"
Master Router is 10.2.0.253 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
疎通確認を実施します。
VPCS[1]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=10.521 ms
10.2.0.254 icmp_seq=2 ttl=255 time=7.939 ms
10.2.0.254 icmp_seq=3 ttl=255 time=8.808 ms
10.2.0.254 icmp_seq=4 ttl=255 time=1.425 ms
10.2.0.254 icmp_seq=5 ttl=255 time=3.997 ms
VPCS[1]> ping 10.2.1.252
10.2.1.252 icmp_seq=1 ttl=255 time=17.699 ms
10.2.1.252 icmp_seq=2 ttl=255 time=13.287 ms
10.2.1.252 icmp_seq=3 ttl=255 time=20.387 ms
10.2.1.252 icmp_seq=4 ttl=255 time=20.633 ms
10.2.1.252 icmp_seq=5 ttl=255 time=16.596 ms
VPCS[1]> ping 10.2.1.253
10.2.1.253 icmp_seq=1 ttl=255 time=1.886 ms
10.2.1.253 icmp_seq=2 ttl=255 time=9.868 ms
10.2.1.253 icmp_seq=3 ttl=255 time=6.568 ms
10.2.1.253 icmp_seq=4 ttl=255 time=11.653 ms
10.2.1.253 icmp_seq=5 ttl=255 time=8.869 ms
トラッキング戻し
先ほど shutdown した sw01 の fa1/0 を no shutdown します。
sw01(config)#int fa1/0
sw01(config-if)#no shut
Dec 29 21:05:51.717: %TRACKING-5-STATE: 1 interface Fa1/0 line-protocol Down->Up
Dec 29 21:05:51.853: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunk
Dec 29 21:05:54.281: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
Dec 29 21:05:54.369: VRRP: Grp 10 Event - Master down timer expired
Dec 29 21:05:54.369: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Backup -> Master
状態を確認します。
マスターへ移行しました。
sw01#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 105 3589 Y Master 10.2.0.252 10.2.0.254
sw01#show vrrp
Vlan10 - Group 10
State is Master
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Track object 1 state Up decrement 10
Authentication MD5, key-chain "ccna"
Master Router is 10.2.0.252 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
sw02 側はバックアップへ移行していました。
Dec 29 21:05:54.422: %VRRP-6-STATECHANGE: Vl10 Grp 10 state Master -> Backup
sw02#show vrrp brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl10 10 100 3609 Y Backup 10.2.0.252 10.2.0.254
sw02#show vrrp
Vlan10 - Group 10
State is Backup
Virtual IP address is 10.2.0.254
Virtual MAC address is 0000.5e00.010a
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "ccna"
Master Router is 10.2.0.252, priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.173 sec)
疎通確認を実施します。
VPCS[1]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=9.354 ms
10.2.0.254 icmp_seq=2 ttl=255 time=10.271 ms
10.2.0.254 icmp_seq=3 ttl=255 time=1.944 ms
10.2.0.254 icmp_seq=4 ttl=255 time=9.613 ms
10.2.0.254 icmp_seq=5 ttl=255 time=4.157 ms
VPCS[1]> ping 10.2.1.253
10.2.1.253 icmp_seq=1 ttl=255 time=19.530 ms
10.2.1.253 icmp_seq=2 ttl=255 time=11.444 ms
10.2.1.253 icmp_seq=3 ttl=255 time=18.594 ms
10.2.1.253 icmp_seq=4 ttl=255 time=15.113 ms
10.2.1.253 icmp_seq=5 ttl=255 time=19.393 ms
VPCS[1]> ping 10.2.1.252
10.2.1.252 icmp_seq=1 ttl=255 time=4.744 ms
10.2.1.252 icmp_seq=2 ttl=255 time=6.581 ms
10.2.1.252 icmp_seq=3 ttl=255 time=3.586 ms
10.2.1.252 icmp_seq=4 ttl=255 time=2.943 ms
10.2.1.252 icmp_seq=5 ttl=255 time=7.334 ms
VRRP 有効化 (VLAN11)
sw02
まずは sw02 で vrrp を有効化し、priority 値を追加します。
sw02(config)#interface vlan 11
sw02(config-if)#vrrp 11 ip 10.2.1.254
sw02(config-if)#vrrp 11 priority 105
Dec 29 22:40:05.189: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Init -> Backup
Dec 29 22:40:08.801: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Backup -> Master
状態を確認します。
sw02#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 105 3589 Y Master 10.2.1.253 10.2.1.254
sw02#show vrrp int vlan 11
Vlan11 - Group 11
State is Master
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Master Router is 10.2.1.253 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
VLAN11のアクセスポートに接続した機器から疎通確認を実施します。
VPCS[2]> show ip
NAME : VPCS[2]
IP/MASK : 10.2.1.1/24
GATEWAY : 10.2.1.254
DNS :
MAC : 00:50:79:66:68:01
LPORT : 20001
RHOST:PORT : 127.0.0.1:30001
MTU: : 1500
VPCS[2]> ping 10.2.1.254
10.2.1.254 icmp_seq=1 ttl=255 time=10.009 ms
10.2.1.254 icmp_seq=2 ttl=255 time=10.144 ms
10.2.1.254 icmp_seq=3 ttl=255 time=9.350 ms
10.2.1.254 icmp_seq=4 ttl=255 time=2.723 ms
10.2.1.254 icmp_seq=5 ttl=255 time=7.417 ms
VPCS[2]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 timeout
10.2.0.254 icmp_seq=2 timeout
10.2.0.254 icmp_seq=3 ttl=255 time=17.955 ms
10.2.0.254 icmp_seq=4 ttl=255 time=17.102 ms
10.2.0.254 icmp_seq=5 ttl=255 time=18.366 ms
sw01
sw01 でも vrrp を有効化します。
sw01(config)#int vlan 11
sw01(config-if)#vrrp 11 ip 10.2.1.254
Dec 29 22:44:15.034: VRRP: Grp 11 Event - primary IP configured
Dec 29 22:44:15.034: VRRP: vrrp_interface_state: Vl11 is Up
Dec 29 22:44:15.038: VRRP: Grp 11 Event - Interface UP
Dec 29 22:44:15.038: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Init -> Backup
状態を確認します。
sw02 で priority 値を追加していますので、プリエンプションは発生しません。
sw01#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 100 3609 Y Backup 10.2.1.253 10.2.1.254
sw01#show vrrp int vlan 11
Vlan11 - Group 11
State is Backup
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.2.1.253, priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.173 sec)
sw02 側でも確認します。
sw02#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 105 3589 Y Master 10.2.1.253 10.2.1.254
sw02#show vrrp int vlan 11
Vlan11 - Group 11
State is Master
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Master Router is 10.2.1.253 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
認証設定の追加
sw02 で認証設定を追加します。
sw02(config-if)#int vlan 11
sw02(config-if)#vrrp 11 authentication md5 key-chain ccna
状態を確認します。
sw02#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 105 3589 Y Master 10.2.1.253 10.2.1.254
sw02#show vrrp int vlan 11
Vlan11 - Group 11
State is Master
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Authentication MD5, key-chain "ccna"
Master Router is 10.2.1.253 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
sw01側の状態を確認します。マスターに移行しています。
Dec 29 22:46:54.434: VRRP: Grp 11 Event - Master down timer expired
Dec 29 22:46:54.434: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Backup -> Master
sw01#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 100 3609 Y Master 10.2.1.252 10.2.1.254
sw01#show vrrp int vlan 11
Vlan11 - Group 11
State is Master
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Master Router is 10.2.1.252 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
sw01 でも認証設定を追加します。
sw01(config)#int vlan 11
sw01(config-if)#vrrp 11 authentication md5 key-chain ccna
Dec 29 22:48:18.566: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Master -> Backup
状態を確認します。バックアップに戻りました。
sw01#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 100 3609 Y Backup 10.2.1.253 10.2.1.254
sw01#show vrrp int vlan 11
Vlan11 - Group 11
State is Backup
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "ccna"
Master Router is 10.2.1.253, priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 3.141 sec)
sw02 側の状態を確認します。
こちらは引き続きマスターとなっています。
sw02#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 105 3589 Y Master 10.2.1.253 10.2.1.254
sw02#show vrrp int vlan 11
Vlan11 - Group 11
State is Master
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Authentication MD5, key-chain "ccna"
Master Router is 10.2.1.253 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
インタフェーストラッキング
インタフェーストラッキングの設定を追加します。
sw02(config)#track 1 interface fa1/0 line-protocol
sw02(config-track)#int vlan 11
sw02(config-if)#vrrp 11 track 1 decrement 10
状態を確認します。
sw02#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 105 3589 Y Master 10.2.1.253 10.2.1.254
sw02#show vrrp int vlan 11
Vlan11 - Group 11
State is Master
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Track object 1 state Up decrement 10
Authentication MD5, key-chain "ccna"
Master Router is 10.2.1.253 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
インタフェーストラッキングのテスト
トラック対象のインタフェースを shutdown します。
sw02(config)#int fa1/0
sw02(config-if)#shut
Dec 29 22:51:47.749: %TRACKING-5-STATE: 1 interface Fa1/0 line-protocol Up->Down
Dec 29 22:51:48.245: %DTP-5-NONTRUNKPORTON: Port Fa1/0 has become non-trunk
Dec 29 22:51:49.721: %LINK-5-CHANGED: Interface FastEthernet1/0, changed state to administratively down
Dec 29 22:51:50.721: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to down
Dec 29 22:51:51.161: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Master -> Backup
状態を確認します。バックアップへ移行しています。
sw02#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 95 3589 Y Backup 10.2.1.252 10.2.1.254
sw02#show vrrp int vlan 11
Vlan11 - Group 11
State is Backup
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 95 (cfgd 105)
Track object 1 state Down decrement 10
Authentication MD5, key-chain "ccna"
Master Router is 10.2.1.252, priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec (expires in 3.517 sec)
sw01 側の状態を確認します。こちらはマスターへ移行しています。
Dec 29 22:51:51.127: VRRP: Grp 11 Event - Master down timer expired
Dec 29 22:51:51.127: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Backup -> Master
sw01#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 100 3609 Y Master 10.2.1.252 10.2.1.254
sw01#show vrrp int vlan 11
Vlan11 - Group 11
State is Master
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "ccna"
Master Router is 10.2.1.252 (local), priority is 100
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec
VLAN11の機器から疎通確認を実施します。
VPCS[2]> ping 10.2.1.254
10.2.1.254 icmp_seq=1 ttl=255 time=9.103 ms
10.2.1.254 icmp_seq=2 ttl=255 time=9.076 ms
10.2.1.254 icmp_seq=3 ttl=255 time=6.155 ms
10.2.1.254 icmp_seq=4 ttl=255 time=10.758 ms
10.2.1.254 icmp_seq=5 ttl=255 time=10.627 ms
VPCS[2]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=5.305 ms
10.2.0.254 icmp_seq=2 ttl=255 time=1.497 ms
10.2.0.254 icmp_seq=3 ttl=255 time=7.061 ms
10.2.0.254 icmp_seq=4 ttl=255 time=4.648 ms
10.2.0.254 icmp_seq=5 ttl=255 time=2.818 ms
VPCS[2]> ping 10.2.0.2
10.2.0.2 icmp_seq=1 ttl=63 time=29.059 ms
10.2.0.2 icmp_seq=2 ttl=63 time=16.466 ms
10.2.0.2 icmp_seq=3 ttl=63 time=18.656 ms
10.2.0.2 icmp_seq=4 ttl=63 time=18.189 ms
10.2.0.2 icmp_seq=5 ttl=63 time=20.000 ms
VLAN10の機器から疎通確認を実施します。
VPCS[1]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=9.554 ms
10.2.0.254 icmp_seq=2 ttl=255 time=6.988 ms
10.2.0.254 icmp_seq=3 ttl=255 time=6.460 ms
10.2.0.254 icmp_seq=4 ttl=255 time=6.242 ms
10.2.0.254 icmp_seq=5 ttl=255 time=2.964 ms
VPCS[1]> ping 10.2.1.254
10.2.1.254 icmp_seq=1 ttl=255 time=3.588 ms
10.2.1.254 icmp_seq=2 ttl=255 time=17.123 ms
10.2.1.254 icmp_seq=3 ttl=255 time=7.207 ms
10.2.1.254 icmp_seq=4 ttl=255 time=8.381 ms
10.2.1.254 icmp_seq=5 ttl=255 time=8.568 ms
VPCS[1]> ping 10.2.1.1
10.2.1.1 icmp_seq=1 ttl=63 time=13.294 ms
10.2.1.1 icmp_seq=2 ttl=63 time=15.943 ms
10.2.1.1 icmp_seq=3 ttl=63 time=28.151 ms
10.2.1.1 icmp_seq=4 ttl=63 time=14.179 ms
10.2.1.1 icmp_seq=5 ttl=63 time=15.583 ms
トラッキング戻し
先ほど shutdown した sw02 の fa1/0 を no shutdown します。
sw02(config)#int fa1/0
sw02(config-if)#no shut
Dec 29 22:54:29.173: %TRACKING-5-STATE: 1 interface Fa1/0 line-protocol Down->Up
Dec 29 22:54:29.497: %DTP-5-TRUNKPORTON: Port Fa1/0 has become dot1q trunk
Dec 29 22:54:31.873: %LINEPROTO-5-UPDOWN: Line protocol on Interface FastEthernet1/0, changed state to up
Dec 29 22:54:32.037: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Backup -> Master
状態を確認します。マスターに戻っています。
sw02#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 105 3589 Y Master 10.2.1.253 10.2.1.254
sw02#show vrrp int vlan 11
Vlan11 - Group 11
State is Master
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 105
Track object 1 state Up decrement 10
Authentication MD5, key-chain "ccna"
Master Router is 10.2.1.253 (local), priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.589 sec
sw01 側も確認します。こちらもバックアップへ戻っています。
Dec 29 22:54:32.079: %VRRP-6-STATECHANGE: Vl11 Grp 11 state Master -> Backup
sw01#show vrrp int vlan 11 brief
Interface Grp Pri Time Own Pre State Master addr Group addr
Vl11 11 100 3609 Y Backup 10.2.1.253 10.2.1.254
sw01#show vrrp int vlan 11
Vlan11 - Group 11
State is Backup
Virtual IP address is 10.2.1.254
Virtual MAC address is 0000.5e00.010b
Advertisement interval is 1.000 sec
Preemption enabled
Priority is 100
Authentication MD5, key-chain "ccna"
Master Router is 10.2.1.253, priority is 105
Master Advertisement interval is 1.000 sec
Master Down interval is 3.609 sec (expires in 2.861 sec)
疎通確認を実施します。
VPCS[2]> ping 10.2.1.254
10.2.1.254 icmp_seq=1 ttl=255 time=8.841 ms
10.2.1.254 icmp_seq=2 ttl=255 time=9.154 ms
10.2.1.254 icmp_seq=3 ttl=255 time=6.861 ms
10.2.1.254 icmp_seq=4 ttl=255 time=7.167 ms
10.2.1.254 icmp_seq=5 ttl=255 time=7.388 ms
VPCS[2]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=10.798 ms
10.2.0.254 icmp_seq=2 ttl=255 time=18.590 ms
10.2.0.254 icmp_seq=3 ttl=255 time=14.434 ms
10.2.0.254 icmp_seq=4 ttl=255 time=11.336 ms
10.2.0.254 icmp_seq=5 ttl=255 time=11.076 ms
VPCS[2]> ping 10.2.0.2
10.2.0.2 icmp_seq=1 ttl=63 time=11.869 ms
10.2.0.2 icmp_seq=2 ttl=63 time=19.620 ms
10.2.0.2 icmp_seq=3 ttl=63 time=19.839 ms
10.2.0.2 icmp_seq=4 ttl=63 time=19.268 ms
10.2.0.2 icmp_seq=5 ttl=63 time=18.522 ms
VPCS[1]> ping 10.2.0.254
10.2.0.254 icmp_seq=1 ttl=255 time=9.766 ms
10.2.0.254 icmp_seq=2 ttl=255 time=7.657 ms
10.2.0.254 icmp_seq=3 ttl=255 time=9.930 ms
10.2.0.254 icmp_seq=4 ttl=255 time=9.998 ms
10.2.0.254 icmp_seq=5 ttl=255 time=1.828 ms
VPCS[1]> ping 10.2.1.254
10.2.1.254 icmp_seq=1 timeout
10.2.1.254 icmp_seq=2 ttl=255 time=13.603 ms
10.2.1.254 icmp_seq=3 ttl=255 time=17.537 ms
10.2.1.254 icmp_seq=4 ttl=255 time=18.486 ms
10.2.1.254 icmp_seq=5 ttl=255 time=12.055 ms
VPCS[1]> ping 10.2.1.1
10.2.1.1 icmp_seq=1 ttl=63 time=17.389 ms
10.2.1.1 icmp_seq=2 ttl=63 time=16.640 ms
10.2.1.1 icmp_seq=3 ttl=63 time=18.771 ms
10.2.1.1 icmp_seq=4 ttl=63 time=16.325 ms
10.2.1.1 icmp_seq=5 ttl=63 time=13.888 ms
まとめ
Dynagen、Dynamips、vpcs を使って、VRRP を練習しました。VRRP では HSRP よりも debug メッセージが少ない印象でした。
VRRP は RFC で標準化されているので、Cisco 以外のベンダーの機器でも対応しています。マルチベンダの構成では有用かもしれません。
Discussion