在現今網路環境中,針對Default-Gateway造成單點錯誤發生的可能性,Cisco透過其專屬的HSRP協定建立一個可提供避免單點錯誤造成網路無法存取的方式。
簡而言之,HSRP Group間的路由器透過Multicast(Destination IP: 224.0.0.2, Src/Dst UDP Port: 1985)進行溝通,並將一個Virtual IP對應至一個Virtual MAC Address (為00.00.0c.07.AC.XX, XX為Group number),並藉由定時的Hello封包(預設3秒送出一次)偵測Active的Default-Gateway是否仍運作正常,當處於Standby的路由器在時限內(預設10秒)沒有收到Hello封包則會即刻接手該Default-Gateway的IP。
HSRP Functions:
- standby # ip {ip_address}: enable HSRP function for the interface, while # is the HSRP group ID which will be associate with the virtual MAC address, and ip_address is the Virtual IP for the default gateway.
- standby # priority {priority_number}: specify the priority for the router. The router with the highest priority number will be the active default-gateway, the second highest one will be the standby, while the others (if they exist) will in the passive mode and listen to the hello packets)
- standby # track {interface}: when another interface gets into trouble, it might affect the functionality of the default gateway. Using the track command to involve other interfaces to reduce the priority from the router. By default, each interface down will reduce 10 in the priority.
- standby # preempt: When preempt is given, the standby router at the moment might take over the active one then the standby router has higher priority.
- standby # authentication {authentication_string}: members of a stand by group will authenticate each other with the authentication string to prevent unauthorized group member taking over the active router.
- standby # timers {hello_time} {hold_time}: specifies the hello time and hold time.
Lab Note: 當HSRP群組中的priority相同時,則會透過該界面的實體IP進行Active/Passive的選舉,IP值較高的會優先取得Active,在Lab中透過3750(L3)與2621進行HSRP測試發現,即使兩部設備都下了preempt及使用預設priority,當2621 IP > 3750 IP時,不論2621當時是否為Active,皆會接手Virtual IP並進入Active狀態,但當3750大過2621時,則會維持現狀,原因不明……。
Sample
