Khái niệm giao thức HSRP

Khi nim giao thc HSRP

Mt network c cung cp tnh nng High Availability ngha l cc c s h tng mng hay cc server quan trng trong network lun lun trong trng thi c th c truy cp n vo bt k thi im no. Hot Standby Routing Prototocol (HSRP) l mt trong nhng s tnh nng cung cp kh nng Redundancy layer 3 cho cc host trong network. HSRP s ti u ha vic cung cp cc ng kt ni khi pht hin mt ng link b fail v nhng c ch phc hi sau khi ta gp s c trong mng. Virtual Router Redundancy Protocol (VRRP) v Gateway Load Balancing Protocol (GLBP)cng l nhng giao thc cung cp kh nng Redundancy layer 3. VRRP l mt giao thc standard. GLBP l giao thc ca Cisco. N c ci tin t VRRP v cung cp thm tnh nng cn bng ti. Trc tin ta cn phi hiu mt s khi nim c lin quan n qu trnh routing nh sau 1.S dng Default Gateway

- Mt my tnh trong mng c th i n cc ng mng khc nhau th ta phi cu hnh default gateway. Gi s PC trn s cu hnh default gateway hng n Router A chuyn tip gi tin i n file server A. V Router B cng c cu hnh nh tuyn. - Trong m hnh bn di Router A c chc nng routing cc packet n nhn c

n subnet A. Cn router B c chc nng routing n subnet B. Nu nh Router A b hng hc khng c cn s dng c na th cc c ch nh tuyn ng s tnh ton li v quyt nh Router B s l thit b chuyn tip gi tin thay th cho router A. - Nhng PC A th khng th no nhn bit c thng tin nh tuyn ny c. cc PC ta thng ch cu hnh duy nht mt default gateway IP v a ch IP ny s khng thay i khi m hnh mng ca ta thay i. Nh vy dn n trng hp l PC A khng th gi traffic i n cc host thuc cc ng mng khc trong m hnh mng. - Nu nh mt router no d phng v hot ng ging nh default gateway cho segment th ta khng cn phi cu hnh li a ch IP default gatway cho cc PC. 2. Proxy ARP

- Cisco IOS s dng proxy Arp cho php cc host m n khng c tnh nng nh tuyn c th ly c a ch Mac address ca gateway c th forward packet ra khi local subnet. V d nh trong m hnh trn proxy ARP router nhn c mt gi tin ARP request t mt host cho mt a ch IP. a ch IP ny khng c cng nm chung mt segment so vi host gi gi tin request. Router s gi v mt gi tin ARP vi Mac address l ca router v IP l a ch m my cn i n. Nh vy host s gi ton b tt c cc packet n a ch IP c phn gii thnh Mac address ca router. Sau router li lm tip cng vic y gi tin ny i n a ch IP cn n. - Nh vy vi tnh nng proxy ARP cc end-user station s coi nh l cc

destination device c kt ni n chnh phn on mng ca n. Nu nh router l chc nng proxy ARP b fail th cc end station vn tip tc gi packet n IP c phn gii thnh Mac address ca fail router. V cc packet s b discard. - Thc t th Proxy Mac address c thi gian sng nht nh trong bng ARP cache ca my tnh. Sau khong thi gian ny th workstation s yu cu a ch ca mt router khc. Nhng n khng th gi traffic trong sut khong thi gian ny. 3. Router Redundancy

- Trong HSRP mt thit lp cho cc router hot ng phi hp vi nhau a ra mt router o cho cc host trong mng LAN. Bng cch dng chung mt a ch IP v a ch Mac layer 2, hai hay nhiu router c th hot ng nh l mt router o. IP address o c cu hnh nh l default gateway cho cc my trm trong mt segment. Khi nhng frame c gi t mt my trm n n default gateway, cc my trm dng c ch ARP phn gii MAC address vi a ch IP default gateway. C ch ARP s c tr v bng Mac address ca virtual router. Cc frame gi n Mac address o v sau frame ny c x l tip tc bi active hoc l standby router trc thuc group router o m ta ang cu hnh. - Mt hay nhiu router s dng giao thc ny quyt nh router vt l no s c trch nhim x l frame c gi n a ch IP o v a ch Mac o. Cc my trm s gi traffic n router o. Mt router tht s c trch nhim forward traffic ny i tip tuy nhin router tht nay trong trng thi transparent so vi cc my trm u cui.Giao thc redundacy ny cung cp cho ta mt c ch quyt

nh router no s vai tr active trong vic forward traffic v router no s vai tr standby.

- Khi mt forwarding router b fail th qu trnh chuyn i s din ra nh sau o Khi standby router khng cn nhn c gi tin hello t mt forwarding router o Sau standby router s gi nh vai tr ca n lc ny l forwarding router o Lc ny qu trnh truyn frame ca PC s khng b nh hng g bi v router ang trng thi forwarding s dng IP address o vo Mac address nh lc ban u. 4. Cu hnh Layer 3 Redundancy vi giao thc HSRP Ta c s lun l nh sau

- Hot Standby Router Protocol HSRP nh ngha ra mt standby group. Mi router c gn mt vai tr xc nh bn trong standby group ny. HSRP cung cp mt cch d phng gateway cho end station bng cch chia s chung mt IP v Mac address gia cc redundant gateway. Giao thc ny s truyn thn g tin v IP o v Mac o gia hai router nm trong cng mt HSRP group - Mt group HSRP bao gm cc thng tin sau o Active router o Standby router o Virtual router o Other router - HSRP active router v standby router gi gi tin hello n a ch multicast 224.0.0.2, dng giao thc UDP port 1985 duy tr thng tin. 5. Qu trnh hot ng ca HSRP

Tt c router trong mt HSRP group c mt vai tr c th v tng tc vi nhau theo mt phng php xc nh - Virtual Router: thc t ch l mt cp IP address v Mac address m tt c cc thit b u cui dng n lm IP default gateway. Active router x l tt c packet v tt c cc frame c gi ti virtual router address. - Active Router: trong HSRP group mt router s c chn lm active router. Active router thc t l thit b vt l forward packet v n cng l thit b gi Mac address o n cc thit b u cui - Trong m hnh trn router A c gi nh vai tr active v forward tt c cc frame n a ch Mac l 0000.0c07.acXX vi XX l s group ca HSRP. XX l h s hexa - a ch IP v a ch Mac tng ng ca virtual router c duy tr trong bng ARP ca mi router thuc HSRP group. kim tra bng ARP trong bng ARP ta dng lnh show ip arp

Hnh trn hin th bng ARP ca mt router ang lm thnh vin ca HSRP group 1 trong Vlan 10. Trong bng ARP trn ta thy rng virtual router c a ch l 172.16.10.110 v c mt Well-known Mac l 0000.0c07.ac01 vi 01 l s group. S HSRP group 1 hin th di dng c s 10 v 01 l di h c s 16 - HSRP standby router lun theo di trng thi hot ng ca HSRP group v s nhanh chng chuyn trng thi forwarding packet nu active router khng c hot ng. C hai active router v standby router s truyn hello message thng bo cho tt c router khc trong group HSRP bit rng vai tr ca n lc ny l g ? Cc router dng a ch destination multicast 224.0.0.2, kiu truyn UDP port 1985. V a ch IP source l a ch IP ca sending router. - Ngoi ra bn trong HSRP group c th cha mt s router khc nhng vai tr ca n khng phi active hay standby. Nhng router dng ny s monitor hello message c gi bi active v standby router chc chn rng active v standby router ang tn ti trong HSRP group. Router ny ch forward nhng packet n chnh a ch IP ca n nhng khng forward packet c t a ch n virtual router. Nhng router dng ny s c message ti mi thi gian gia hai gi tin hello - Mt s thut ng trong HSRP o Hello Interval Time: Khong thi gian gia hai gi tin Hello HSRP thnh cng t mt router. Thi gian ny l 3 giy o Hold Interval Time: khong thi gian gia hai gi tin hello c nhn v gi nh rng sender router b fail. Mc nh l 10 giy - Khi active router b fail, th nhng router khc thuc cng HSRP group s khng cn nhn c message t active router. V standby router sau s c gi nh l Active router. V nu nh c router khc bn trong HSRP group th n s c a ln lm standby router. Nu nh c hai active v standby router b fail th tt c router trong group lm active v standby router.

- Trong qu trnh ny new activer router gnh ly IP o v Mac o ca virtual router nh vy dn n cc thit b u cui s nhn thy tnh trng h hng ca cc dch v. Cc thit b u cui tip tc gi traffic n Mac addres ca virtual router. New activer router s gnh vc chp nhn phn phi gi tin. 6. Cc trng thi trong giao thc HSRP - Mt router trong HSRP group c mt s trng thi hot ng nh sau: initial, learn, listen, speak, standby hoc l active

- Khi mt router ang trong mt s nhng trng thi trn th n s thc hin mt s hnh ng nht nh. Khng phi tt c HSRP router trong group s chuyn i sang tt c cc trng thi. V d nh ta c 3 router trong group, mt trong ba con

router thuc group khng ng vai tr l standby hay active th con router ny vn duy tr trng thi Listen. - Tt c cc router u bt u trng thi Initial, iu ny hin th rng HSRP ang khng hot ng. Sau n s chuyn sang trng thi learn, trng thi ny router s mong ch thy c HSRP packet v t nhng packet ny n quyt nh xem virtual IP l g ? v xc nh active router trong HSRP group. - Khi mt interface thy HSRP packet v quyt nh xem virtual IP l g th n tip tc chuyn sang trng thi listen. Mc ch ca trng thi listen l xc nh xem c Active hay Standby router cho HSRP group. Nu nh c active hay standby router ri th n vn gi nguyn trng thi. Tuy nhin nu gi tin hello khng c thy t bt k router no, interface chuyn sang trng thi Speak. - Trng trng thi Speak, cc router ch ng tham d vo qu trnh chn la ra active router, standby router bng cch nhn vo gi tin hello xc nh vai tr - C 3 dng timer c s dng trong giao thc HSRP l active, standby, hello. Nu nh khng c mt gi tin hello no c nhn t Active HSRP router trong khong thi gian active, th router chuyn sang trng thi HSRP mi. o Active timer: dng monitor Active Router. Timer s reset li vo bt k thi im no khi mt router trong group HSRP nhn c gi tin hello c gi ra t Active Router. Gi tr Timer expire ph hp vi gi tr hold time ang c set tng ng vi field trong HSRP hello message. o Standby timer: dng monitor standby router. Timer s reset li vo bt k thi im no khi mt router trong group HSRP nhn c gi tin hello c gi ra t Standby Router. Gi tr Timer expire ph hp vi gi tr hold time ang c set tng ng vi field trong HSRP hello message. o Hello timer: thi gian ca hello packet. Tt c HSRP router trong bt k trng thi no ca HSRP u to ra hello packetkhi m hello timer expire

- trong trng thi Standby, bi v router lc ny nh l mt ng vin tr thnh Active Router k tip. N nh k gi ra cc gi tin hello. N cng listen cc hello message t active router. Trong mt mng HSRP th ch c duy nht mt standby router

- Trong Active State, router c nhim v forward packet. N gi a ch Mac o ca group. N cng c nhim v hi p cc gi tin ARP request hng n IP o. Active Router cng nh k gi ra cc hello message. Trong mt HSRP group ch c duy nht mt Active Router.

Cu hnh HSRP Mt network c cung cp tnh nng High Availability ngha l cc c s h tng mng hay cc server quan trng trong network lun lun trong trng thi c th c truy cp n vo bt k thi im no. Hot Standby Routing Prototocol (HSRP) l mt trong nhng s tnh nng cung cp kh nng Redundancy layer 3 cho cc host trong network. HSRP s ti u ha vic cung cp cc ng kt ni khi pht hin mt ng link b fail v nhng c ch phc hi sau khi ta gp s c trong mng. Topic trc a ra phn l thuyt HSRP, Bi ny mnh s a cch cu hnh HSRP, u tin chng ta hiu 1 s ty chn cu hnh v d priority, track, preempt : - Cu lnh cu hnh trong mode interface : Standby preempt cho php router tr thnh active router khi m u tin ca n cao hn tt c cc router c cu hnh HSRP khc trong 1 Hot Standby group. Cu hnh ca c router bao gm cc cu lnh mi router c th l standby router cho router khc. Nu bn khng s dng cu lnh standby preempt router khng th tr thnh active router. - Cu hnh interface standby priority thit lp u tin cho router HSRP (mc nh priority l 100) - Cu hnh interface : standby timers thit lp thi gian gia cc thng ip hello (c gi l hello time). Hello Interval Time: Khong thi gian gia hai gi tin Hello HSRP thnh cng t mt router. Thi gian ny l 3 giy. Hold Interval Time: khong thi gian gia hai gi tin hello c nhn v gi nh rng sender router b

fail. Mc nh l 10 giy. Nu bn quyt nh thay i gi tr mc nh , bn phi cu hnh mi router s dng hello time v hold time tng t. - Cu lnh standby track cho php bn ch nh 1 interface khc trn router cho vic s ly HSRP mc ch gim st vic thay i u tin HSRP cho 1 nhm. Nu 1 interface b down, priority HSRP s c gim. C ngha l router HSRP khc vi u tin cao hn c th tr thnh active router nu router c standby preempt c enable. - Cu lnh cu hnh standby authentication thit lp s m ha chui, gi tr ca n l 8 k t c gii m m tng hp nn thnh thng ip HSRP muticast. Cu lnh ny l ty chn. Nu bn chn n, mi cu hnh HSRP trong 1 nhm s c s dng cng 1 chi mi router c th xc thc ngun ca thng ip HSRP m n nhn. M hnh mng:

Cu hnh : Cc bn t cu hnh nh tuyn gia cc switch layer 3

Ciscozine_1# interface FastEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk interface Vlan101 ip address 172.16.101.2 255.255.255.0 standby 1 ip 172.16.101.1 standby 1 priority 150 standby 1 preempt standby 1 track FastEthernet0/3 55 standby 1 authentication C3s_101 no shutdown interface Vlan102 ip address 172.16.102.2 255.255.255.0 standby 2 ip 172.16.102.1 standby 2 preempt standby 2 track FastEthernet0/3 standby 2 authentication C3s_102 no shutdown

interface Vlan103 ip address 172.16.103.2 255.255.255.0 standby 3 ip 172.16.103.1 standby 3 priority 150 standby 3 preempt standby 3 track FastEthernet0/3 50 standby 3 authentication C3s_103 no shutdown Cu hnh switch layer 3 Ciscozine_2: Ciscozine_2# interface FastEthernet0/0 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/1 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/2 switchport trunk encapsulation dot1q switchport mode trunk interface FastEthernet0/3 switchport trunk encapsulation dot1q switchport mode trunk interface Vlan101 ip address 172.16.101.3 255.255.255.0 standby 1 ip 172.16.101.1 standby 1 preempt standby 1 track FastEthernet0/3 standby 1 authentication C3s_101 no shutdown

interface Vlan102 ip address 172.16.102.3 255.255.255.0 standby 2 ip 172.16.102.1 standby 2 priority 150 standby 2 preempt standby 2 track FastEthernet0/3 60 standby 2 authentication C3s_102 no shutdown interface Vlan103 ip address 172.16.103.3 255.255.255.0 standby 3 ip 172.16.103.1 standby 3 preempt standby 3 track FastEthernet0/3 standby 3 authentication C3s_103 no shutdown switchport trunk encapsulation dot1q switchport mode trunk // Thit lp trunking gia cc switch

Switch layer 3 Ciscozine_1 l thit b chnh cho VLAN 101 v VLAN 103 v l thit b d phng cho VLAN 101 v VLAN 103. Cu hnh ny cho php s cn bng ti trong mng. Nu cng FastEthenet 0/3 trn thit b chnh b t, thit b d phng s tr thnh thit b chnh, tr khi FastEthenet 0/3 trn thit b backup cng fail hoc FastEthenet 0/3 trn thit b chnh s c active tr li. iu ny c m phng bn di :

Nu cng FastEthernet0/3 down, Ciscozine_2 s tr thnh active router cho VLAN 101 v VLAN 103

Nu cng FastEthernet0/3 ca Ciscozine_1 v cng FastEthernet0/3 ca Ciscozine_2 b down, active router cho VLAN 101 v VLAN 103 s l Ciscozine_1. Gii thch: a ch Ip standby l 172.16.103.1 HSRP u tin cc router vi u tin cao hn, v nu n l nh nhau, n s u tin cc a ch IP cao hn. Ciscozine_1 l active router bi v n c mt u tin l 150 trong khi Ciscozine_2 u tin mc nh ca 100. C 2 u c cu lnh preempt tr thnh active router khi u tin ca n cao hn tt c cc router cu hnh HSRP khc trong 1 Hot Standby group. Interface tracking cho php u tin ca mt nhm standby router s t ng thay i da trn s sn c ca interface router. Khi mt interface down, u tin ca router HSRP s gim. Nu FastEthernet0/3 ca Ciscozine_1, u tin HSRP gim i 50 v do , u tin s l 100 (150-50). Sau l c 2 router u s c cng u tin l 100 v Ciscozine_2 s l active router bi v n c a ch ip cao hn. Nu FastEthernet 0 / 3 ca Ciscozine_2 down, u tin ca Ciscozine_2 s c gim i ca 10 gi tr mc nh v do s c u tin 90 (100-10). Sau , active router s l Ciscozine_1 mt ln na! authentication key l C3s_103 v n c gi di dng clear text. T IOS version 12.3(2)T n c th gi key s dng MD5. Tng t p dng vi VLAN 101 v VLAN 102