Upload
claudia1794
View
223
Download
1
Embed Size (px)
Citation preview
8/18/2019 CCNP2 CAP 6 PPT
1/49
First-Hop RedundancyImplementing Cisco IP Switched
Networks (SWI CH! Foundation"earning #uide
8/18/2019 CCNP2 CAP 6 PPT
2/49
SWI CH Chapter $ %&er&iew• %&er&iew o' First Hop or e'ault-
gateway Redundancy•
Con)gure and &eri'y HSRP• Con)gure and &eri'y *RRP• Con)gure and &eri'y #"+P
8/18/2019 CCNP2 CAP 6 PPT
3/49
%&er&iew o' FHRP and HSRP• HSRP o&er&iew• HSRP state transitions• ,ligning HSRP with S P topology• Con)guring and tuning HSRP• "oad sharing with HSRP• %ptions 'or HSRP• Con)guring HSRP inter'ace tracking• Con)guring o .ect tracking in com ination with
HSRP• Con)guring HSRP authentication• uning HSRP timers• he di/erences etween HSRP&0 and HSRP&1
8/18/2019 CCNP2 CAP 6 PPT
4/49
%&er&iew o' de'ault gatewayredundancy
• Hosts and ser&ers in a su net need agateway to reach de&ices that are not inthe same su net
• Hosts either use de'ault-gateway or pro2y-arp to reach de&ices on the other su nets
• With pro2y-arp techni3ue4 a layer 5 de&iceo/ers its own 6,C address in response toan ,RP 3uery to a 6,C address that e2istoutside the source su net and handling thecommunication
8/18/2019 CCNP2 CAP 6 PPT
5/49
he need 'or First-HopRedundancy
8/18/2019 CCNP2 CAP 6 PPT
6/49
First-Hop Redundancy%&er&iew
8/18/2019 CCNP2 CAP 6 PPT
7/49
HSRP %&er&iew
• *irtual router• ,cti&e router• Stand y router•
%ther routers
8/18/2019 CCNP2 CAP 6 PPT
8/49
HSRP ,cti&e Router%peration
8/18/2019 CCNP2 CAP 6 PPT
9/49
HSRP State ransition
• Stand y 7777 ip 7777777 de'ault group is 8• e'ault priority is 088• e'ault is N% preempt
8/18/2019 CCNP2 CAP 6 PPT
10/49
HSRP State ransition
8/18/2019 CCNP2 CAP 6 PPT
11/49
,ligning HSRP with S P opology
•
"ayer 1 ad.acency re3uirs hello e2change• HSRP &0 destination address 119:8:8:1 ; udp?• HSRP &0 6,C@ 8888:8c8A:,C22 ; 22 is the group id• HSRP &1 6,C@ 8888:8c=F:F222 ; 222 is the group id• HSRP &1 destination address 119:8:8:081 ; udp?• IP&$ 6,C@ 88@8?@A5@a8@8B@BB FF81@@$$ ; udp
8/18/2019 CCNP2 CAP 6 PPT
12/49
Con)guring and uningHSRP
8/18/2019 CCNP2 CAP 6 PPT
13/49
etailed opology with IP addresses
8/18/2019 CCNP2 CAP 6 PPT
14/49
Forwarding through the ,cti&e Router
8/18/2019 CCNP2 CAP 6 PPT
15/49
HSRP %peration -R1 ,cti&e
8/18/2019 CCNP2 CAP 6 PPT
16/49
HSRP %peration -R1 Failure
8/18/2019 CCNP2 CAP 6 PPT
17/49
HSRP States ,'ter R1 Failure
8/18/2019 CCNP2 CAP 6 PPT
18/49
,'ter R1 Reco&ers
8/18/2019 CCNP2 CAP 6 PPT
19/49
"oad Sharing with HSRP
8/18/2019 CCNP2 CAP 6 PPT
20/49
6ulti#roup HSRP Con)g onSW0
8/18/2019 CCNP2 CAP 6 PPT
21/49
6ulti#roup HSRP Con)g onSW1
8/18/2019 CCNP2 CAP 6 PPT
22/49
The need for interface tracking withHSRP
• HSRP can track inter'aces or o .ects• ecrement priority ased on tracked o .ect status• HSRP tracking 'eature ensures that a router with
an una&aila le key inter'ace will relin3uish theacti&e router role
• When the de)ned conditions remain the same therouter priority remains the same 088 de'ault
•
When the tracked o .ect status changes4 therouter priority is decremented 08 de'ault
8/18/2019 CCNP2 CAP 6 PPT
23/49
HSRP Inter'ace racking
8/18/2019 CCNP2 CAP 6 PPT
24/49
HSRP Inter'ace racking Connected inter'ace 'ailure
8/18/2019 CCNP2 CAP 6 PPT
25/49
HSRP Inter'ace racking Path'ailure
8/18/2019 CCNP2 CAP 6 PPT
26/49
HSRP ,uthentication• HSRP authentication pre&ents rogue "ayer
5 de&ices on the network 'rom .oining theHSRP group
• , rogue de&ice may claim the acti&e role
and can pre&ent the hosts 'romcommunicating with the rest o' the networkcreating a denial-o'-ser&ice ( oS! attack:
• HSRP pro&ides two types o' authentication@ – Plain te2t (Dight characters! – 6 ?
8/18/2019 CCNP2 CAP 6 PPT
27/49
HSRP imers• , hello message contains the priority
o' the router4 the hello time4 andhold-time parameters:
•
Hello time 5s de'ault• Hold-time 08s de'ault• Can e con)gured su -seconds with
msec keyword
8/18/2019 CCNP2 CAP 6 PPT
28/49
HSRP *ersions• here are two &ersions a&aila le on most
Cisco routers and layer 5 multilayer switches• HSRP&0 - 119:8:8:1 - udp?• HSRP&1 E 119:8:8:081 udp?• HSRP &ersion 1 has a di/erent packet 'ormat
that includes $- ytes identi)er )eld thatuni3uely identi)es the sender:
•
*ersions should e changed on all de&ices inthe same group: %therwise4 you might getduplicate IP address messages
8/18/2019 CCNP2 CAP 6 PPT
29/49
",+ -> HSRP (%mit *RRP!#roup work indi&idual su mission
Fa0/12
Fa0/
11
F a
0 / 7
DLS1
DLS2
Fa0/
11Fa0/12
Fa0/12
Fa0/11 Fa0/12
Fa0/11
F a
0 / 8
F a
0 / 7
F a
0 / 8
F a
0 / 7
F a
0 / 8
F a
0 / 7
F a
0 / 8
ALS1
ALS2
Fa0/6
Host A
Payr oll
Engineering
Host B
VLAN 10172.16.10.100/2
VLAN 20172.16.20.100/2
Fa0/6
Fa0/6
Fa0/6
VLAN !!172.16.!!.100/2
VLAN 0172.16. 0.100/2
Ser"er S#LSer"er
All S$it%&'to'S$it%& %onne%tions are 802.1(tr)n*s
VLAN !!+172.16.!!.1
VLAN !!+172.16.!!.2
VLAN !!+172.16.!!.
VLAN !!+172.16.!!.,
Po,
Po
,
Po2
Po1
Po1
20!.16-.200.2-
8/18/2019 CCNP2 CAP 6 PPT
30/49
HSRP&1 IP&$ support• HSRP 'or IP&$ address-'amily does
not play well with IP&9 address-'amily on the same inter'ace
• isa le pre&ious IP&9 HSRP con)ge'ore proceeding with the IP&$
HSRP con)g
8/18/2019 CCNP2 CAP 6 PPT
31/49
HSRP&1 IP&$ support
Lin*'lo%al A ress all inter3a%es4 Lo0
8/18/2019 CCNP2 CAP 6 PPT
32/49
",+ =@ HSRP 'orIP&$
Lo0
0/1 0/1
S0/0/0D E
S0/0/0S0/0/1
S0/0/1
,
F0/-
ALS1
F0/7
F0/8
F0/7
F0/8
F0/11
F0/12
F0/11
F0/12
F0/!F0/10
F0/!
F0/10
F0/-
,1
2
DLS1DLS2
Po1 Po2
802.1# 802.1#
802.1#
Po10
Lo0
Lin lo%al A ress all inter3a%es41 5 FE80++1 DLS1 5 FE80++D12 5 FE80++2 DLS2 5 FE80++D2, 5 FE80++, ALS1 5 FE80++A1
Lo02001+ 8+%a3e+101++1/6
2001+ 8+%a3e+11++/6
.D1
.1
E P 1o)ters an
L, s$it%&es4
2001+ 8+%a3e+12++/6
.1
.2 .2
2001+ 8+%a3e+2,++/6
2001+ 8+%a3e+,2++/6.,
.D2DLS1 Ps+ 2001+DB8+ AFE+ ++D1++/6 9:!!;100;110;120;200
DLS2 Ps+ Ps+ 2001+DB8+ AFE+ ++D2/6 9:!!;100;110;120;200
VLAN !!
F0/6
Lo02001+ 8+%a3e+201++1/6
.,
8/18/2019 CCNP2 CAP 6 PPT
33/49
*RRP %&er&iew
• *RRP 6aster ; HSRP ,cti&e• *RRP +ackup ; HSRP Stand y• %ne 6aster one or more ackups• Gsing actual address used y a router makes that router master:• Priority 8 to 1?? de'ault 088 - 8 has special meaning the
current master is not a&aila le• 119:8:8:0> protocol 001• e'ault hello ad&ertisement 0 sec and hold time a out 5 seconds:
%nly master sends hello•
he 5?$8 switches in the la % N% support *RRP or #"+P
8/18/2019 CCNP2 CAP 6 PPT
34/49
IP addressing the 'or the *RRP topology
8/18/2019 CCNP2 CAP 6 PPT
35/49
*RRP ,uthentication
8/18/2019 CCNP2 CAP 6 PPT
36/49
*RRP % .ect racking
8/18/2019 CCNP2 CAP 6 PPT
37/49
#"+P
8/18/2019 CCNP2 CAP 6 PPT
38/49
#"+P Con)guration opology
8/18/2019 CCNP2 CAP 6 PPT
39/49
IP addresses used in #"+P Con)guration
8/18/2019 CCNP2 CAP 6 PPT
40/49
#"+P Final Con)guration
8/18/2019 CCNP2 CAP 6 PPT
41/49
#"+P %peration@ ,RP+roadcast
8/18/2019 CCNP2 CAP 6 PPT
42/49
#"+P %peration@ *irtual 6,C,ddress ,ssignment
8/18/2019 CCNP2 CAP 6 PPT
43/49
#"+P %peration@ ra c Path 'or eachPC
8/18/2019 CCNP2 CAP 6 PPT
44/49
#"+P %peration@ Failed R0 new datapath
8/18/2019 CCNP2 CAP 6 PPT
45/49
#"+P and S P
8/18/2019 CCNP2 CAP 6 PPT
46/49
#"+P % .ect racking
8/18/2019 CCNP2 CAP 6 PPT
47/49
#"+P racking etects inter'ace'ailure
8/18/2019 CCNP2 CAP 6 PPT
48/49
#"+P % .ect racking sample con)g
" 08@ #"+PL 0
8/18/2019 CCNP2 CAP 6 PPT
49/49
"a 08@ #"+P*RRP
F0/1 F0/1
S0/0/0
S0/0/0S0/0/1
D E
S0/0/1
,
F0/-
ALS1
F0/7
F0/11
F0/7
F0/8
F0/8
F0/12
F0/11
F0/12
F0!F0/10
F0/!
F0/10
F0/18
F0/18
F0/-
-
,1
F0/6
2
DLS1 DLS2
VLAN 10
VLAN 10 VLAN 10
Lo0
SRV1
-B