本文通过实验介绍了如何利用NQA与静态路由、策略路由联动,以解决非直连链路故障时的业务中断问题。实验模拟了不同数量的ISP故障场景,验证了当ISP链路出现故障时,内网PC能够自动切换到其他可用链路访问互联网,确保了网络的高可用性。
背景
由于静态路由、策略路由本身并没有检测机制,如果非本机直连链路发生故障,静态路由、策略路由不会自动改变,ip routing-table中的路由表不会发生变化,路由仍然按照原路由表转发数据到故障链路,会导致业务中断。除非链路故障恢复或者管理员介入后才可恢复。
这就无法保证及时进行链路切换,可能造成较长时间的业务中断。
静态路由、策略路由与NQA联动可以解决非本机直连链路发生故障后可以及时进行链路切换。
通过实验来验证静态路由、策略路由与NQA联动的配置和效果
实验
实验描述
某个企业有三条互联网专线分别为ISP1、ISP2、ISP3
有三个内网网段192.168.1.0/24、192.168.2.0/24、192.168.3.0/24
实验目的
通过策略路由正常情况下1网段通过ISP1访问互联网;
2网段通过ISP2访问互联网;
3网段通过ISP3访问互联网;
通过配置NQA联动,达到ISP链路故障时网段通过其他ISP访问互联网的目的;
实验拓扑
实验配置
1、连通性配置
SW:
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]vlan batch 1921 to 1923 Info: This operation may take a few seconds. Please wait for a moment...done. [Huawei]int gi 0/0/2 [Huawei-GigabitEthernet0/0/2]port link-type access [Huawei-GigabitEthernet0/0/2]port default vlan 1921 [Huawei-GigabitEthernet0/0/2]int gi 0/0/3 [Huawei-GigabitEthernet0/0/3]port link-type access [Huawei-GigabitEthernet0/0/3]port default vlan 1922 [Huawei-GigabitEthernet0/0/3]int gi 0/0/4 [Huawei-GigabitEthernet0/0/4]port link-type access [Huawei-GigabitEthernet0/0/4]port default vlan 1923 [Huawei-GigabitEthernet0/0/4]q [Huawei]dhcp enable Info: The operation may take a few seconds. Please wait for a moment.done. [Huawei]int vlanif 1921 [Huawei-Vlanif1921]ip add 192.168.1.1 24 [Huawei-Vlanif1921]dhcp select global [Huawei-Vlanif1921]q [Huawei]int vlanif 1922 [Huawei-Vlanif1922]ip add 192.168.2.1 24 [Huawei-Vlanif1922]dhcp select global [Huawei-Vlanif1922]int vlanif 1923 [Huawei-Vlanif1923]ip add 192.168.3.1 24 [Huawei-Vlanif1923]dhcp select global [Huawei-Vlanif1923]q [Huawei]vlan 300 [Huawei-vlan300]q [Huawei]int vlanif 300 [Huawei-Vlanif300]ip add 192.168.200.1 30 [Huawei-Vlanif300]q [Huawei]int vlanif 300 [Huawei-Vlanif300]ospf network-type p2p [Huawei-Vlanif300]q [Huawei]ospf 1 router-id 192.168.200.1 [Huawei-ospf-1]area 0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.200.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.1.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.2.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]network 192.168.3.1 0.0.0.0 [Huawei-ospf-1-area-0.0.0.0]q [Huawei-ospf-1]int gi 0/0/1 [Huawei-GigabitEthernet0/0/1]port link-type access [Huawei-GigabitEthernet0/0/1]port default vlan 300
AR:
<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]sysn AR [AR]int gi 4/0/0 [AR-GigabitEthernet4/0/0]ip add 192.168.200.2 30 [AR-GigabitEthernet4/0/0]ospf network-type p2p [AR-GigabitEthernet4/0/0]q [AR]ospf 1 router-id 192.168.200.2 [AR-ospf-1]area 0 [AR-ospf-1-area-0.0.0.0]net 192.168.200.2 0.0.0.0 [AR-ospf-1-area-0.0.0.0]q [AR]dis ospf peer OSPF Process 1 with Router ID 192.168.200.2 Neighbors Area 0.0.0.0 interface 192.168.200.2(GigabitEthernet4/0/0)'s neighbors Router ID: 192.168.200.1 Address: 192.168.200.1 State: Full Mode:Nbr is Slave Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 31 sec Retrans timer interval: 5 Neighbor is up for 00:00:06 Authentication Sequence: [ 0 ] [AR]int gi 0/0/0 [AR-GigabitEthernet0/0/0]ip add 10.10.10.1 30 [AR-GigabitEthernet0/0/0]int gi 0/0/1 [AR-GigabitEthernet0/0/1]ip add 20.20.20.1 30 [AR-GigabitEthernet0/0/1]int gi 0/0/2 [AR-GigabitEthernet0/0/2]ip add 30.30.30.1 30 [AR-GigabitEthernet0/0/2]q [AR]ospf [AR-ospf-1]area 1 [AR-ospf-1-area-0.0.0.1]net 10.10.10.1 0.0.0.0 [AR-ospf-1-area-0.0.0.1]net 20.20.20.1 0.0.0.0 [AR-ospf-1-area-0.0.0.1]net 30.30.30.1 0.0.0.0 [AR-ospf-1-area-0.0.0.1]q <AR>dis ospf peer OSPF Process 1 with Router ID 192.168.200.2 Neighbors Area 0.0.0.0 interface 192.168.200.2(GigabitEthernet4/0/0)'s neighbors Router ID: 192.168.200.1 Address: 192.168.200.1 State: Full Mode:Nbr is Slave Priority: 1 DR: None BDR: None MTU: 0 Dead timer due in 33 sec Retrans timer interval: 5 Neighbor is up for 00:16:37 Authentication Sequence: [ 0 ] Neighbors Area 0.0.0.1 interface 10.10.10.1(GigabitEthernet0/0/0)'s neighbors Router ID: 10.10.10.2 Address: 10.10.10.2 State: Full Mode:Nbr is Slave Priority: 1 DR: 10.10.10.1 BDR: 10.10.10.2 MTU: 0 Dead timer due in 32 sec Retrans timer interval: 5 Neighbor is up for 00:07:56 Authentication Sequence: [ 0 ] Neighbors Area 0.0.0.1 interface 20.20.20.1(GigabitEthernet0/0/1)'s neighbors Router ID: 20.20.20.2 Address: 20.20.20.2 State: Full Mode:Nbr is Slave Priority: 1 DR: 20.20.20.1 BDR: 20.20.20.2 MTU: 0 Dead timer due in 38 sec Retrans timer interval: 5 Neighbor is up for 00:04:51 Authentication Sequence: [ 0 ] Neighbors Area 0.0.0.1 interface 30.30.30.1(GigabitEthernet0/0/2)'s neighbors Router ID: 30.30.30.2 Address: 30.30.30.2 State: Full Mode:Nbr is Slave Priority: 1 DR: 30.30.30.1 BDR: 30.30.30.2 MTU: 0 Dead timer due in 36 sec Retrans timer interval: 5 Neighbor is up for 00:03:13<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]sysn ISP1 [ISP1]int gi 0/0/0 [ISP1-GigabitEthernet0/0/0]ip add 10.10.10.2 30 [ISP1-GigabitEthernet0/0/0]int gi 0/0/1 [ISP1-GigabitEthernet0/0/1]ip add 110.110.110.2 30 [ISP1-GigabitEthernet0/0/1]q [ISP1]ospf 1 router-id 10.10.10.2 [ISP1-ospf-1]area 1 [ISP1-ospf-1-area-0.0.0.1]net 10.10.10.2 0.0.0.0 [ISP1-ospf-1-area-0.0.0.1]net 110.110.110.2 0.0.0.0 [ISP1-ospf-1-area-0.0.0.1]q [ISP1-ospf-1] <ISP1>ISP2:<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]sysn ISP2 [ISP2]int gi 0/0/0 [ISP2-GigabitEthernet0/0/0]ip add 20.20.20.2 30 [ISP2-GigabitEthernet0/0/0]int gi 0/0/1 [ISP2-GigabitEthernet0/0/1]ip add 120.120.120.2 30 [ISP2-GigabitEthernet0/0/1]q [ISP2]ospf 1 router-id 20.20.20.2 [ISP2-ospf-1]area 1 [ISP2-ospf-1-area-0.0.0.1]net 20.20.20.2 0.0.0.0 [ISP2-ospf-1-area-0.0.0.1]net 120.120.120.2 0.0.0.0 [ISP2-ospf-1-area-0.0.0.1]q [ISP2-ospf-1] <ISP2>ISP3:<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]sysn ISP3 [ISP3]int gi 0/0/0 [ISP3-GigabitEthernet0/0/0]ip add 30.30.30.2 30 [ISP3-GigabitEthernet0/0/0]int gi 0/0/1 [ISP3-GigabitEthernet0/0/1]ip add 130.130.130.2 30 [ISP3-GigabitEthernet0/0/1]q [ISP3]ospf 1 router-id 30.30.30.2 [ISP3-ospf-1]area 1 [ISP3-ospf-1-area-0.0.0.1]net 130.130.130.2 0.0.0.0 [ISP3-ospf-1-area-0.0.0.1]net 30.30.30.2 0.0.0.0 [ISP3-ospf-1-area-0.0.0.1]q [ISP3-ospf-1]qInternet:<Huawei>sys Enter system view, return user view with Ctrl+Z. [Huawei]un in en Info: Information center is disabled. [Huawei]sysn Internet [Internet]int gi 0/0/0 [Internet-GigabitEthernet0/0/0]ip add 110.110.110.1 30 [Internet-GigabitEthernet0/0/0]int gi 0/0/1 [Internet-GigabitEthernet0/0/1]ip add 120.120.120.1 30 [Internet-GigabitEthernet0/0/1]int gi 0/0/2 [Internet-GigabitEthernet0/0/2]ip add 130.130.130.1 30 [Internet-GigabitEthernet0/0/2]q [Internet]int lo0 [Internet-LoopBack0]ip add 1.1.1.1 32 [Internet-LoopBack0]q [Internet]ospf 1 router-id 1.1.1.1 [Internet-ospf-1]area 1 [Internet-ospf-1-area-0.0.0.1]net 110.110.110.1 0.0.0.0 [Internet-ospf-1-area-0.0.0.1]net 120.120.120.1 0.0.0.0 [Internet-ospf-1-area-0.0.0.1]net 130.130.130.1 0.0.0.0 [Internet-ospf-1-area-0.0.0.1]net 1.1.1.1 0.0.0.0 [Internet-ospf-1-area-0.0.0.1]q [Internet-ospf-1] <Internet>连通性测试:PC>ping 192.168.1.1 Ping 192.168.1.1: 32 data bytes, Press Ctrl_C to break From 192.168.1.1: bytes=32 seq=1 ttl=255 time=31 ms From 192.168.1.1: bytes=32 seq=2 ttl=255 time=31 ms From 192.168.1.1: bytes=32 seq=3 ttl=255 time=15 ms From 192.168.1.1: bytes=32 seq=4 ttl=255 time=31 ms From 192.168.1.1: bytes=32 seq=5 ttl=255 time=16 ms --- 192.168.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/24/31 ms PC>ping 192.168.2.1 Ping 192.168.2.1: 32 data bytes, Press Ctrl_C to break From 192.168.2.1: bytes=32 seq=1 ttl=255 time=62 ms From 192.168.2.1: bytes=32 seq=2 ttl=255 time=62 ms From 192.168.2.1: bytes=32 seq=3 ttl=255 time=15 ms From 192.168.2.1: bytes=32 seq=4 ttl=255 time=15 ms From 192.168.2.1: bytes=32 seq=5 ttl=255 time=16 ms --- 192.168.2.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 15/34/62 ms PC>ping 192.168.2.10 Ping 192.168.2.10: 32 data bytes, Press Ctrl_C to break From 192.168.2.10: bytes=32 seq=1 ttl=127 time=78 ms From 192.168.2.10: bytes=32 seq=2 ttl=127 time=78 ms From 192.168.2.10: bytes=32 seq=3 ttl=127 time=47 ms From 192.168.2.10: bytes=32 seq=4 ttl=127 time=94 ms From 192.168.2.10: bytes=32 seq=5 ttl=127 time=47 ms --- 192.168.2.10 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 47/68/94 ms PC>ping 192.168.200.2 Ping 192.168.200.2: 32 data bytes, Press Ctrl_C to break From 192.168.200.2: bytes=32 seq=1 ttl=254 time=125 ms From 192.168.200.2: bytes=32 seq=2 ttl=254 time=31 ms From 192.168.200.2: bytes=32 seq=3 ttl=254 time=62 ms From 192.168.200.2: bytes=32 seq=4 ttl=254 time=46 ms From 192.168.200.2: bytes=32 seq=5 ttl=254 time=62 ms --- 192.168.200.2 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 31/65/125 ms PC>ping 1.1.1.1 Ping 1.1.1.1: 32 data bytes, Press Ctrl_C to break From 1.1.1.1: bytes=32 seq=1 ttl=252 time=218 ms From 1.1.1.1: bytes=32 seq=2 ttl=252 time=140 ms From 1.1.1.1: bytes=32 seq=3 ttl=252 time=110 ms From 1.1.1.1: bytes=32 seq=4 ttl=252 time=78 ms From 1.1.1.1: bytes=32 seq=5 ttl=252 time=109 ms --- 1.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received 0.00% packet loss round-trip min/avg/max = 78/131/218 ms PC>telnet 1.1.1.1 Invalid command! PC>2、策略路由配置<AR>sys Enter system view, return user view with Ctrl+Z. [AR]acl 3001 [AR-acl-adv-3001]rule per ip so 192.168.1.0 0.0.0.255 [AR-acl-adv-3001]q [AR]acl 3002 [AR-acl-adv-3002]rule per ip so 192.168.2.0 0.0.0.255 [AR-acl-adv-3002]q [AR]acl 3003 [AR-acl-adv-3003]rule per ip so 192.168.3.0 0.0.0.255 [AR-acl-adv-3003]q [AR]traffic classif [AR]traffic classifier 3001 [AR-classifier-3001]if [AR-classifier-3001]if-match acl 3001 [AR-classifier-3001]traffic classifier 3002 [AR-classifier-3002]if-match acl 3002 [AR-classifier-3002]traffic cla Authentication Sequence: [ 0 ] <AR>dis ospf rou OSPF Process 1 with Router ID 192.168.200.2 Routing Tables Routing for Network Destination Cost Type NextHop AdvRouter Area 10.10.10.0/30 1 Transit 10.10.10.1 192.168.200.2 0.0.0.1 20.20.20.0/30 1 Transit 20.20.20.1 192.168.200.2 0.0.0.1 30.30.30.0/30 1 Transit 30.30.30.1 192.168.200.2 0.0.0.1 192.168.200.0/30 1 Stub 192.168.200.2 192.168.200.2 0.0.0.0 1.1.1.1/32 2 Stub 10.10.10.2 1.1.1.1 0.0.0.1 1.1.1.1/32 2 Stub 20.20.20.2 1.1.1.1 0.0.0.1 1.1.1.1/32 2 Stub 30.30.30.2 1.1.1.1 0.0.0.1 110.110.110.0/30 2 Transit 10.10.10.2 10.10.10.2 0.0.0.1 120.120.120.0/30 2 Transit 20.20.20.2 20.20.20.2 0.0.0.1 130.130.130.0/30 2 Transit 30.30.30.2 30.30.30.2 0.0.0.1 192.168.1.0/24 2 Stub 192.168.200.1 192.168.200.1 0.0.0.0 192.168.2.0/24 2 Stub 192.168.200.1 192.168.200.1 0.0.0.0 192.168.3.0/24 2 Stub 192.168.200.1 192.168.200.1 0.0.0.0 Total Nets: 13 Intra Area: 13 Inter Area: 0 ASE: 0 NSSA: 0 <AR> Please check whether system data has been changed, and save data in time Configuration console time out, please press any key to log onISP1:ssifier 3003 [AR-classifier-3003]if-match acl 3003 [AR-classifier-3003]q [AR]traffic be [AR]traffic behavior 3001 [AR-behavior-3001]re [AR-behavior-3001]redirect ip [AR-behavior-3001]redirect ipv6-nexthop [AR-behavior-3001]redirect ip-nexthop 10.10.10.2 [AR-behavior-3001]traffic behavior 3002 [AR-behavior-3002]redirect ip-nexthop 20.20.20.2 [AR-behavior-3002]traffic behavior 3003 [AR-behavior-3003]redirect ip-nexthop 30.30.30.2 [AR-behavior-3003]q [AR]traffic pol [AR]traffic policy 3000 [AR-trafficpolicy-3000]cla [AR-trafficpolicy-3000]classifier 3001 be [AR-trafficpolicy-3000]classifier 3001 behavior 3001 [AR-trafficpolicy-3000]classifier 3002 behavior 3002 [AR-trafficpolicy-3000]classifier 3003 behavior 3003 [AR-trafficpolicy-3000]q [AR]int gi 4/0/0 [AR-GigabitEthernet4/0/0]traffic [AR-GigabitEthernet4/0/0]traffic-filter [AR-GigabitEthernet4/0/0]traffic-policy 3000 inbound [AR-GigabitEthernet4/0/0]q [AR]
验证策略路由效果:
NQA配置
[AR]nqa test-instance admin isp1 [AR-nqa-admin-isp1]test-type icmp [AR-nqa-admin-isp1]destination-address ipv4 10.10.10.2 [AR-nqa-admin-isp1]frequency 10 [AR-nqa-admin-isp1]probe-count 2 [AR-nqa-admin-isp1]start now [AR-nqa-admin-isp1]q [AR]nqa test-instance admin isp2 [AR-nqa-admin-isp2]test-type icmp [AR-nqa-admin-isp2]destination-address ipv4 20.20.20.2 [AR-nqa-admin-isp2]frequency 10 [AR-nqa-admin-isp2]probe-count 2 [AR-nqa-admin-isp2]start now [AR-nqa-admin-isp2]q [AR]nqa test-instance admin isp3 [AR-nqa-admin-isp3]test-type icmp [AR-nqa-admin-isp3]ndestination-address ipv4 30.30.30.2 [AR-nqa-admin-isp3]frequency 10 [AR-nqa-admin-isp3]probe-count 2 [AR-nqa-admin-isp3]start now
NQA与静态路由联动
[AR]ip route-static 0.0.0.0 0.0.0.0 10.10.10.2 track nqa admin isp1 [AR]ip route-static 0.0.0.0 0.0.0.0 20.20.20.2 track nqa admin isp2 [AR]ip route-static 0.0.0.0 0.0.0.0 30.30.30.2 track nqa admin isp3
NQA与策略路由联动
[AR]traffic behavior 3001 [AR-behavior-3001]dis th [V200R003C00] # traffic behavior 3001 redirect ip-nexthop 10.10.10.2 # return [AR-behavior-3001]red [AR-behavior-3001]redirect ip [AR-behavior-3001]redirect ip-nexthop 10.10.10.2 track nqa admin isp1 [AR-behavior-3001]q [AR]traffic behavior 3002 [AR-behavior-3002]dis th [V200R003C00] # traffic behavior 3002 redirect ip-nexthop 20.20.20.2 # return [AR-behavior-3002]redirect ip-nexthop 20.20.20.2 track nqa admin isp2 [AR-behavior-3002]q [AR]traffic behavior 3003 [AR-behavior-3003]redirect ip-nexthop 30.30.30.2 track nqa admin isp3 [AR-behavior-3003]q [AR]
配置 验证
模拟1条专线故障时内网PC访问互联网情况
ISP1关机,查看PC访问模拟Internet的路径
结论:
可以看到PC1仍然可以访问互联网,通过ISP3
PC2\PC3仍然按照原来策略路由进行互联网访问;
模拟2条专线故障时内网PC访问互联网情况
ISP1、ISP2关机,查看PC访问模拟Internet的路径
结论:
可以看到PC1、PC2仍然可以访问互联网,通过ISP3
PC3仍然按照原来策略路由进行互联网访问;
注意:2条专线和3条专线配置NQA联动思路都是一样的,不要认为2条专线互为主备,3条专线就不知道该怎么配置了,这个实验明确证明了多条互联网专线时,NQA与静态路由、策略路由联动可以实现运营商故障时内网访问互联网不中断。
推荐本站淘宝优惠价购买喜欢的宝贝:
本文链接:https://hqyman.cn/post/8522.html 非本站原创文章欢迎转载,原创文章需保留本站地址!
微信支付宝扫一扫,打赏作者吧~休息一下~~
官码2024000195号
萌ICP备20248119号
