华为路由器:BFD技术——静态路由与BFD联动实现主备切换
程序员文章站
2022-06-21 18:56:20
...
BFD(Bidirectional Forwarding Detection)是双向转发检测,它是一种实现网络可靠性的机制,它可被用于检测网络中的链路状况,IP可达性等,BFD可以与多种协议或机制进行联动,以确保它们更加可靠的工作,例如静态路由、OSPF、ISIS、BGP、VRRP、PIM及MPLS LSP等。
案例一
R1
The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys R1
[R1]int g0/0/1
[R1-GigabitEthernet0/0/1]ip add 12.1.1.1 24
[R1-GigabitEthernet0/0/1]q
[R1]int g0/0/0
[R1-GigabitEthernet0/0/0]ip add 21.1.1.1 24
[R1-GigabitEthernet0/0/0]q
[R1]int LoopBack 0
[R1-LoopBack0]ip add 1.1.1.1 24
[R1-LoopBack0]q
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 13 Routes : 13
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 LoopBack0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
12.1.1.0/24 Direct 0 0 D 12.1.1.1 GigabitEthernet0/0/1
12.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
21.1.1.0/24 Direct 0 0 D 21.1.1.1 GigabitEthernet0/0/0
21.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
21.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R1]ip route-static 2.2.2.0 24 12.1.1.2
[R1]ip route-static 2.2.2.0 24 21.1.1.2
[R1]undo ip route-static 2.2.2.0 24 21.1.1.2
[R1]ip route-static 2.2.2.0 24 21.1.1.2 ?
description Add or delete description of unicast static route
inherit-cost Inherit the cost of the iterated route
permanent Specifies route permanent
preference Specifies route preference
tag Specifies route tag
track Specify track object
<cr> Please press ENTER to execute command
[R1]ip route-static 2.2.2.0 24 21.1.1.2 pr
[R1]ip route-static 2.2.2.0 24 21.1.1.2 preference 70
#静态路由默认是60,这里优先级设置成70意思就是备份。如果设置成50就是主线
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 LoopBack0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.0/24 Static 60 0 主 RD 12.1.1.2 GigabitEthernet0/0/1
12.1.1.0/24 Direct 0 0 D 12.1.1.1 GigabitEthernet0/0/1
12.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
21.1.1.0/24 Direct 0 0 D 21.1.1.1 GigabitEthernet0/0/0
21.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
21.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
#备份的路由是看不到的,因为它优先级低,当主挂了之后,备份路由就会出现在路由表中,也就是路由表中只能同时出现一个。这是路由器的一个特性。
[R1]
R2
The device is running!
<Huawei>sys
Enter system view, return user view with Ctrl+Z.
[Huawei]un in en
Info: Information center is disabled.
[Huawei]sys R2
[R2]
[R2]int g0/0/1
[R2-GigabitEthernet0/0/1]ip add 12.1.1.2 24
[R2-GigabitEthernet0/0/1]q
[R2]int g0/0/0
[R2-GigabitEthernet0/0/0]ip add 21.1.1.2 24
[R2-GigabitEthernet0/0/0]q
[R2]int LoopBack 0
[R2-LoopBack0]ip add 2.2.2.2 24
[R2-LoopBack0]
[R2]ip route-static 1.1.1.0 24 12.1.1.1
[R2]ip route-static 1.1.1.0 24 21.1.1.1 preference 70
[R2]
[R2]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Static 60 0 主RD 12.1.1.1 GigabitEthernet0/0/1
2.2.2.0/24 Direct 0 0 D 2.2.2.2 LoopBack0
2.2.2.2/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
12.1.1.0/24 Direct 0 0 D 12.1.1.2 GigabitEthernet0/0/1
12.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
21.1.1.0/24 Direct 0 0 D 21.1.1.2 GigabitEthernet0/0/0
21.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
21.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R2]
#备份的路由任然不显示。
测试1.1.1.1是否能ping通2.2.2.2
不能如下这样ping,这样走的是直连。
<R1>ping 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=80 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=10 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 10/30/80 ms
<R1>
应该这样ping
<R1>sys
Enter system view, return user view with Ctrl+Z.
[R1]ping -a 1.1.1.1 2.2.2.2 #源地址1.1.1.1,目标地址2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=30 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=20 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=20 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/22/30 ms
说明:这条ping -a 1.1.1.1 2.2.2.2只有交换机上支持,windwos不支持。
接下来,我们演示主线故障,把主线拆了
[R1]ping -a 1.1.1.1 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=50 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=20 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=20 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 20/32/50 ms
[R1]dis ip rou
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 11 Routes : 11
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 LoopBack0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.0/24 Static 70 0 备 RD 21.1.1.2 GigabitEthernet0/0/0
21.1.1.0/24 Direct 0 0 D 21.1.1.1 GigabitEthernet0/0/0
21.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
21.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R1]
我们看到任然可以ping通,备份线路70出现在路由表中。
案例二
在案例一的基础上我们做了一些修改。
[R1]dis ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 14 Routes : 14
Destination/Mask Proto Pre Cost Flags NextHop Interface
1.1.1.0/24 Direct 0 0 D 1.1.1.1 LoopBack0
1.1.1.1/32 Direct 0 0 D 127.0.0.1 LoopBack0
1.1.1.255/32 Direct 0 0 D 127.0.0.1 LoopBack0
2.2.2.0/24 Static 60 0 RD 12.1.1.2 GigabitEthernet0/0/1
12.1.1.0/24 Direct 0 0 D 12.1.1.1 GigabitEthernet0/0/1
12.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
12.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/1
21.1.1.0/24 Direct 0 0 D 21.1.1.1 GigabitEthernet0/0/0
21.1.1.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
21.1.1.255/32 Direct 0 0 D 127.0.0.1 GigabitEthernet0/0/0
127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
[R1]ping -a 1.1.1.1 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Reply from 2.2.2.2: bytes=56 Sequence=1 ttl=255 time=110 ms
Reply from 2.2.2.2: bytes=56 Sequence=2 ttl=255 time=40 ms
Reply from 2.2.2.2: bytes=56 Sequence=3 ttl=255 time=30 ms
Reply from 2.2.2.2: bytes=56 Sequence=4 ttl=255 time=40 ms
Reply from 2.2.2.2: bytes=56 Sequence=5 ttl=255 time=30 ms
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
5 packet(s) received
0.00% packet loss
round-trip min/avg/max = 30/50/110 ms
通过上面的路由表,我们看到现在还是主(60的)的在线。1.1.1.1和2.2.2.2之间也可以通信。
现在我们模拟故障,端口右边1条
[R1]ping -a 1.1.1.1 2.2.2.2
PING 2.2.2.2: 56 data bytes, press CTRL_C to break
Request time out
Request time out
Request time out
Request time out
Request time out
--- 2.2.2.2 ping statistics ---
5 packet(s) transmitted
0 packet(s) received
100.00% packet loss
为什么,因为R1检测到g0/0/1接口还活着。案例一中能切换就是因为g0/0/1死了。
因此能否切换主要是在g0/0/1这个接口,是否挡掉。很明显案例二中g0/0/1没挡掉。但是它的另一端挡掉了。只要g0/0/1这个接口不挡掉。就无法切换。
知识点:主备切换的网络,之间的多条线路尽量直连,中间不能有任何设备。有设备就会导致不能主备切换。
那这种情况下我们怎么解决这个问题呢?下面才是本篇的重点:BFD
两个BFD会发送探测包,如果发现不通则主备切换。
探测报文很小,几乎不占用带宽,默认1秒发送1次,探测时间也可以改。
[R1]bfd
[R1-bfd]q
[R1]bfd 1 bind ?
ldp-lsp Information about LDP LSP
mpls-te Information about MPLS TE
peer-ip Set peer IP address #基于IP地址
static-lsp Information about static LSP
[R1]bfd 1 bind peer-ip 12.1.1.2 s # 1是组ID,两端必须一致
[R1]bfd 1 bind peer-ip 12.1.1.2 source-ip 12.1.1.1
#peer-ip 12.1.1.2 远端IP
#source-ip 12.1.1.1 本地IP
[R1-bfd-session-1]discriminator ?
local Local discriminator #本地
remote Remote discriminator #远端
[R1-bfd-session-1]discriminator local ?
INTEGER<1-8191> Discriminator value #范围
[R1-bfd-session-1]discriminator local 1
[R1-bfd-session-1]discriminator remote 2
[R1-bfd-session-1]commit #确认提交
[R1]ip route-static 2.2.2.0 24 12.1.1.1
Error: The next-hop address is invalid.
[R1]ip route-static 2.2.2.0 24 12.1.1.2 track bfd-session 1 #静态路由调用bfd
Info: Succeeded in modifying route.
[R2]bfd
[R2-bfd]q
[R2]bfd 1 bind peer-ip 12.1.1.1 source-ip 12.1.1.2
[R2-bfd-session-1]discriminator local 2
[R2-bfd-session-1]discriminator remote 1
[R2-bfd-session-1]commit
[R2]ip route-static 1.1.1.0 24 12.1.1.1 track bfd-session 1
Info: Succeeded in modifying route.
我们任然用下面这条命令来ping
ping -a 1.1.1.1 -c 2000 2.2.2.2 #-C 2000 连续ping2000次
已经成功切换主备,中间掉包大概2秒左右。真机有相应的机制不会有这么长时间。
[R1]dis bfd session all #bfd的查看
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
1 2 12.1.1.2 Down S_IP_PEER -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 0/1
[R1]dis bfd session all verbose
--------------------------------------------------------------------------------
Session MIndex : 256 (Multi Hop) State : Down Name : 1
--------------------------------------------------------------------------------
Local Discriminator : 1 Remote Discriminator : 2
Session Detect Mode : Asynchronous Mode Without Echo Function
BFD Bind Type : Peer IP Address
Bind Session Type : Static
Bind Peer IP Address : 12.1.1.2
Bind Interface : -
Track Interface : -
Bind Source IP Address : 12.1.1.1
FSM Board Id : 0 TOS-EXP : 7
Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000
Actual Tx Interval (ms): 11999 Actual Rx Interval (ms): 11999
Local Detect Multi : 3 Detect Interval (ms) : -
Echo Passive : Disable Acl Number : -
Destination Port : 3784 TTL : 254
Proc Interface Status : Disable Process PST : Disable
WTR Interval (ms) : -
Active Multi : 3
Last Local Diagnostic : Control Detection Time Expired
Bind Application : No Application Bind
Session TX TmrID : 1036 Session Detect TmrID : -
Session Init TmrID : - Session WTR TmrID : -
Session Echo Tx TmrID : -
PDT Index : FSM-0 | RCV-0 | IF-0 | TOKEN-0
Session Description : -
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 0/1
上一篇: 分布式系统常见负载均衡算法
下一篇: 导入第三方Jar包到Nexus私服