十个网络优化改造案例之三 交换机HSRP主备切换

Posted

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了十个网络优化改造案例之三 交换机HSRP主备切换相关的知识,希望对你有一定的参考价值。


主要内容及技术

HSRP

静态路由调整

前言:

  这是一次较大规模的网络整改。当两台核心层设备Cisco 6509的上行业务不同的时候,要把两台Cisco 6509的角色进行互换,这还是需要花一番功夫的。这不仅仅是两台Cisco6509 HSRP ActiveStandby角色互换的问题,其中牵涉到的上行路由、OSPF配置、两台Cisco 6509上连接的外联业务的对换问题。

当年我接到这个任务的时候,光是研究两台Cisco 6509上万行的配置就用了三天的时间。这次我讲这个案例的时候,限于时间和篇幅我不能完全贴出Cisco 6509的关键配置,但是我会尽可能完整的给大家讲述这个案例。

  由于本次网络改造是对生产环境中的核心设备进行操作,故存在一定的风险性。在实施的时候要考虑到可能出现的问题,避免出现设备停机,网络大面积中断的情况。

一、需求描述

市局局域网两台核心交换机,型号均为Cisco 6509E。这两台核心交换机形成HSRP组,其中Cisco 6509A机(主机名:SJ-Core-C6509E-1)为主要设备,Cisco 6509 B机(主机名:SJ- Core -C6509E-2)为备用设备。目前,因为A机比B机早投运4年,硬件老化,满载运行时经常出现网络中断的情况,所以经研究决定,将A机负责的外联业务转移至B机:即A机由原先的主要设备改为备用设备,B机由原先的备用设备改成主要设备。考虑到核心设备设备承担业务多且不确定因素多,施工时间短,所以本次转移项目就只对重要业务进行转移。

需要转移的业务如下:

1、所有外联业务

2、办公区域和服务器区域的Active设备全部转移到B

3、访问省骨干网的主要出口由A机转移至B

4、访问Internet的数据流仍然由B机转发

5、无线网络控制区域无需调整

1.1、         市局局域网拓扑图

技术分享

连接接口信息:

1、Cisco 6509-A机(主机名为SJ-Core-C6509-1

l Ten 7/3:办公区域交换机-1

l Ten 7/4:办公区域交换机-2

l Gi 9/1—Gi 9/6:外联区域1—6

l Gi 9/11-Gi 9/13:无线网控制区

l Gi 9/9:连接Internet防火墙(外网业务)

l Gi 9/10:连接ASA防火墙(内网业务)10.192.192.169/30

2、Cisco 6509-A机(主机名为SJ-Core-C6509-1

l Ten 7/3:服务器区域交换机-1

l Ten 7/4:服务器区域交换机-2

l Gi 9/10:连接ASA防火墙(内网业务)10.192.192.173/30

1.2、         主要业务与互联接口

下表列出Cisco 6509 A机上需要转移的业务和接口信息

接口编号

业务连接

IP地址

Gi9/1

外联业务1

Vlan 21

Gi9/2

外联业务2

Vlan 22

Gi9/3

外联业务3

Vlan 23

Gi9/4

外联业务4

Vlan 24

Gi9/5

外联业务5

Vlan 25

Gi9/6

外联业务6

Vlan 26

Gi9/9

ISP Internet

10.192.193.142/29

Gi9/10

SGS-ASA5520

10.192.192.169/30

 

1.3、         业务互换需求

1.2节表格中列出的Gi 9/1-Gi9/6都必须转移到B机上,互联VLAN如果配置了HSRP,则把HSRPActive设备转移到B机,如果没有配置HSRP,则在A机上删掉这个业务VLANSVI配置,将其转移到B机。

Cisco 6509A上的Gi 9/9接口连接线转移到B机,将该接口的IP地址配置也转移到B机。Cisco 6509A上的Gi 9/10接口和Cisco 6509B上的Gi 9/10互换IP地址配置。

二、准备阶段

2.1、查看Cisco6509-A机当前运行的接口(包括SVI接口)配置

aCisco 6509-A机上外联业务SVI当前配置

interfaceVlan21

 description Wailian-1

 ip address 10.192.193.74 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 21 ip 10.192.193.73

 standby 21 priority 120

 standby 21 preempt

 standby 21 track GigabitEthernet9/10 60

!

interfaceVlan22

 description Wailian-2

 ip address 10.192.193.82 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 22 ip 10.192.193.81

 standby 22 priority 120

 standby 22 preempt

 standby 22 track GigabitEthernet9/10 60

!

interfaceVlan23

 description Wailian-3

 ip address 10.192.193.90 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 23 ip 10.192.193.89

 standby 23 priority 120

 standby 23 preempt

 standby 23 track GigabitEthernet9/10 60

!

interfaceVlan24

 description Wailian-4

 ip address 10.192.193.98 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 24 ip 10.192.193.97

 standby 24 priority 120

 standby 24 preempt

 standby 24 track GigabitEthernet9/10 60

!

interfaceVlan25

 description Wailian-5

 ip address 10.192.193.106 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 25 ip 10.192.193.105

 standby 25 priority 120

 standby 25 preempt

 standby 25 track GigabitEthernet9/10 60

!

interfaceVlan26

 description Wailian-6

 ip address 10.192.193.114 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 26 ip 10.192.193.113

 standby 26 priority 120

 standby 26 preempt

 standby 26 track GigabitEthernet9/10 60

bCisco 6509-A机上内网出口和外网出口配置

interfaceGigabitEthernet9/9

 description Internet-NGFW

 ip address 10.192.193.142 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 speed 1000

 rmon collection stats 6099 owner monitor

!

interfaceGigabitEthernet9/10

 description SGS-ASA5550

 ip address 10.192.192.169 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 ip policy route-map uniaccess_policy1

 speed 1000

 rmon collection stats 6035 owner monitor

!

cCisco 6509-A机上办公业务网段配置

interfaceVlan55

 description Part-1

 ip address 10.192.195.130 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 standby 55 ip 10.192.195.129

 standby 55 priority 120

 standby 55 preempt

!

interfaceVlan56

 description Part-2

 ip address 172.17.199.194 255.255.255.192

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 standby 56 ip 172.17.199.193

 standby 56 priority 120

 standby 56 track GigabitEthernet9/10 60

!

interfaceVlan65

 description Part-3

 ip address 10.192.195.138 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip policy route-map uniaccess_policy

 standby 65 ip 10.192.195.137

 standby 65 priority 120

 standby 65 preempt

!        

interfaceVlan69

 description Part-4

 ip address 10.192.193.66 255.255.255.248

 no ip proxy-arp

 ip flow ingress

 ip route-cache flow

 standby 69 ip 10.192.193.65

 standby 69 priority 120

 standby 69 preempt

 standby 69 track GigabitEthernet9/10 60

!

interfaceVlan71

 description Part-5

 ip address 10.192.193.58 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 ip route-cache flow

 standby 71 ip 10.192.193.57

 standby 71 priority 120

 standby 71 preempt

!

interfaceVlan73

 description Part-6

 ip address 10.192.193.178 255.255.255.248

 no ip proxy-arp

 ip flow ingress

 ip route-cache flow

 standby 73 ip 10.192.193.177

 standby 73 priority 120

 standby 73 preempt

2.2、查看Cisco6509-B机当前运行的接口(包括SVI接口)配置

aCisco 6509-B机上外联业务SVI当前配置

interfaceVlan21

 description Wailian-1

 ip address 10.192.193.75 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 21 ip 10.192.193.73

 standby 21 preempt

 standby 21 track GigabitEthernet9/10 60

!

interfaceVlan22

 description Wailian-2

 ip address 10.192.193.83 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 22 ip 10.192.193.81

 standby 22 preempt

 standby 22 track GigabitEthernet9/10 60

!

interfaceVlan23

 description Wailian-3

 ip address 10.192.193.91 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 23 ip 10.192.193.89

 standby 23 preempt

 standby 23 track GigabitEthernet9/10 60

!

interfaceVlan24

 description Wailian-4

 ip address 10.192.193.99 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 24 ip 10.192.193.97

 standby 24 preempt

 standby 24 track GigabitEthernet9/10 60

!

interfaceVlan25

 description Wailian-5

 ip address 10.192.193.107 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 25 ip 10.192.193.105

 standby 25 preempt

 standby 25 track GigabitEthernet9/10 60

!

interfaceVlan26

 description Wailian-6

 ip address 10.192.193.115 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 standby 26 ip 10.192.193.113

 standby 26 preempt

 standby 26 track GigabitEthernet9/10 60

bCisco 6509-B机上内网出口和外网出口配置

interfaceGigabitEthernet9/10

 description SGS-ASA5550

 ip address 10.192.192.173 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 ip policy route-map uniaccess_policy1

 speed 1000

 rmon collection stats 6035 owner monitor

cCisco 6509-B机上办公业务网段配置

interfaceVlan55

 description Part-1

 ip address 10.192.195.131 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 standby 55 ip 10.192.195.129

 standby 55 preempt

!

interfaceVlan56

 description Part-2

 ip address 172.17.199.195 255.255.255.192

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 standby 56 ip 172.17.199.193

 standby 56 track GigabitEthernet9/10 60

!

interfaceVlan65

 description Part-3

 ip address 10.192.195.139 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip policy route-map uniaccess_policy

 standby 65 ip 10.192.195.137

 standby 65 preempt

!        

interfaceVlan69

 description Part-4

 ip address 10.192.193.67 255.255.255.248

 no ip proxy-arp

 ip flow ingress

 ip route-cache flow

 standby 69 ip 10.192.193.65

 standby 69 preempt

 standby 69 track GigabitEthernet9/10 60

!

interfaceVlan71

 description Part-5

 ip address 10.192.193.59 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip flow ingress

 ip route-cache flow

 standby 71 ip 10.192.193.57

 standby 71 preempt

!

interfaceVlan73

 description Part-6

 ip address 10.192.193.179 255.255.255.248

 no ip proxy-arp

 ip flow ingress

 ip route-cache flow

 standby 73 ip 10.192.193.177

 standby 73 preempt

2.3、路由配置

  这个实际上只是针对局域网做了OSPF的配置,因为不改动任何对内的接口IP地址和网段,所对本次割接没有什么意义。控制外联业务和数据流出的路由都是静态路由。特别是下一跳地址指向防火墙的路由。

a、Cisco 6509-A机上的静态路由

iproute 0.0.0.0 0.0.0.0 10.192.193.139

iproute 10.31.16.0 255.255.255.0 10.192.192.170

iproute 10.41.0.0 255.255.0.0 10.192.192.170

iproute 10.41.212.64 255.255.255.240 10.192.193.139

iproute 10.42.0.0 255.255.0.0 10.192.192.170

iproute 10.50.0.0 255.255.224.0 10.192.192.170

iproute 10.52.0.0 255.255.0.0 10.192.192.170

iproute 10.52.16.52 255.255.255.255 10.192.192.170

iproute 10.91.0.0 255.255.0.0 10.192.192.170

iproute 10.91.0.0 255.255.224.0 10.192.192.170

iproute 10.91.32.0 255.255.240.0 10.192.192.170

iproute 10.111.13.34 255.255.255.255 10.192.192.170

iproute 10.111.13.38 255.255.255.255 10.192.192.170

iproute 10.111.13.39 255.255.255.255 10.192.192.170

iproute 10.111.13.45 255.255.255.255 10.192.192.170

iproute 10.192.0.0 255.255.128.0 10.192.192.170

iproute 10.192.128.0 255.255.192.0 10.192.192.170

iproute 10.192.224.0 255.255.224.0 10.192.192.170

iproute 10.192.232.0 255.255.255.0 10.192.192.170

iproute 10.193.0.0 255.255.0.0 10.192.192.170

iproute 10.194.0.0 255.255.0.0 10.192.192.170

iproute 10.115.0.0 255.255.0.0 10.192.192.170

iproute 10.115.136.0 255.255.255.0 10.192.192.170

iproute 10.197.160.0 255.255.224.0 10.192.192.170

iproute 10.197.160.0 255.255.248.0 10.192.192.170

iproute 10.197.184.0 255.255.255.0 10.192.192.170

iproute 10.197.191.248 255.255.255.252 10.192.192.170

iproute 10.121.13.59 255.255.255.255 10.192.192.170

iproute 10.150.65.0 255.255.255.0 10.192.192.170

iproute 10.154.33.0 255.255.255.0 10.192.192.170

iproute 10.164.128.0 255.255.128.0 10.192.192.170

iproute 10.164.142.0 255.255.255.0 10.192.192.170

iproute 10.165.64.0 255.255.255.0 10.192.192.170

iproute 10.165.64.16 255.255.255.240 10.192.192.170

iproute 10.165.65.0 255.255.255.0 10.192.192.170

iproute 10.165.74.0 255.255.255.0 10.192.192.170

iproute 10.165.89.0 255.255.255.0 10.192.192.170

iproute 10.165.90.0 255.255.255.0 10.192.192.170

iproute 10.165.91.0 255.255.255.0 10.192.192.170

b、Cisco 6509-B机上的静态路由

iproute 10.31.16.0 255.255.255.0 10.192.192.174

iproute 10.41.0.0 255.255.0.0 10.192.192.174

iproute 10.42.0.0 255.255.0.0 10.192.192.174

iproute 10.50.0.0 255.255.224.0 10.192.192.174

iproute 10.52.0.0 255.255.0.0 10.192.192.174

iproute 10.52.16.52 255.255.255.255 10.192.192.174

iproute 10.91.0.0 255.255.0.0 10.192.192.174

iproute 10.91.0.0 255.255.224.0 10.192.192.174

iproute 10.91.32.0 255.255.240.0 10.192.192.174

iproute 10.111.13.38 255.255.255.255 10.192.192.174

iproute 10.111.13.45 255.255.255.255 10.192.192.174

iproute 10.192.0.0 255.255.128.0 10.192.192.174

iproute 10.192.128.0 255.255.192.0 10.192.192.174

iproute 10.192.224.0 255.255.224.0 10.192.192.174

iproute 10.192.232.0 255.255.255.0 10.192.192.174

iproute 10.193.0.0 255.255.0.0 10.192.192.174

iproute 10.194.0.0 255.255.0.0 10.192.192.174

iproute 10.115.0.0 255.255.0.0 10.192.192.174

iproute 10.197.160.0 255.255.224.0 10.192.192.174

iproute 10.197.160.0 255.255.248.0 10.192.192.174

iproute 10.197.184.0 255.255.255.0 10.192.192.174

iproute 10.197.191.248 255.255.255.252 10.192.192.174

iproute 10.121.13.0 255.255.255.0 10.192.192.174

iproute 10.121.13.59 255.255.255.255 10.192.192.174

iproute 10.150.65.0 255.255.255.0 10.192.192.174

iproute 10.154.33.0 255.255.255.0 10.192.192.174

iproute 10.164.128.0 255.255.128.0 10.192.192.174

iproute 10.164.142.0 255.255.255.0 10.192.192.174

iproute 10.165.64.0 255.255.255.0 10.192.192.174

iproute 10.165.64.16 255.255.255.240 10.192.192.174

iproute 10.165.65.0 255.255.255.0 10.192.192.174

iproute 10.165.74.0 255.255.255.0 10.192.192.174

iproute 10.165.89.0 255.255.255.0 10.192.192.174

iproute 10.165.90.0 255.255.255.0 10.192.192.174

iproute 10.165.91.0 255.255.255.0 10.192.192.174

三、实施阶段

3.1、物理接口及配置转移

设备

接口

转移前配置

转移前业务

转移后配置

转移后业务

A

C6509E-1

Gi9/9

10.192.193.142

ISP

无配置

无连接

Gi9/10

10.192.192.169

ASA5520-G0/1

10.192.192.173

ASA5520-G0/2

B

C6509-2

Gi9/9

无配置

无连接

10.192.193.142

ISP

Gi9/10

10.192.192.173

ASA5520-G0/2

10.192.192.169

ASA5520-G0/1

另外,A机的Gi 9/1-9/6的连接线全部转移到B机,并把Gi 9/1-Gi9/6的接口配置全部转移到B机。

A机清空物理接口Gi9/9IP地址配置:

interfaceGigabitEthernet9/9

 no description Internet-NGFW

 no ip address 10.192.193.142 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 speed 1000

 rmon collection stats 6099 owner monitor

!

说明,A机和B机连接防火墙的接口互换,所以A机、B机连接防火墙接口的配置也互换

interfaceGigabitEthernet9/10

descriptionSGS-ASA5520

ipaddress 10.192.192.173 255.255.255.252

speed1000

shutdown

rmoncollection stats 6035 owner monitor

 

B机对应接口配置上和A机原先配置相同的IP地址,如果是需要加入VLAN,则加入与A机接口原本配置相同的VLAN

interfaceGigabitEthernet9/9

 description PE2 Gi2/0/43 3-isp Internet

 ip address 10.192.193.142 255.255.255.248

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 speed 1000

 rmon collection stats 6099 owner monitor

!

interfaceGigabitEthernet9/10

 description ZunYi-SGS-ASA5520 G0/1

 ip address 10.192.192.169 255.255.255.252

 no ip redirects

 no ip unreachables

 no ip proxy-arp

 ip route-cache flow

 ip policy route-map uniaccess_policy1

 speed 1000

 rmon collection stats 6035 owner monitor

!

interfaceGigabitEthernet9/1

 description wailian-1

 switchport

 switchport access vlan 21

 switchport mode access

 no ip address

 spanning-tree portfast

!

interfaceGigabitEthernet9/2

 description wailian-2

 switchport

 switchport access vlan 22

 switchport mode access

 no ip address

 spanning-tree portfast

!

interfaceGigabitEthernet9/3

 description wailian-3

 switchport

 switchport access vlan 23

 no ip address

 spanning-tree portfast

!

interfaceGigabitEthernet9/4

 description wailian-4

 switchport

 switchport access vlan 24

 no ip address

 spanning-tree portfast

!

interfaceGigabitEthernet9/5

 description wailian-5

 switchport

 switchport access vlan 25

 no ip address

 rmon collection stats 6095 owner monitor

 spanning-tree portfast

!

interfaceGigabitEthernet9/6

 description wailian-6

 switchport

 switchport access vlan 26

 no ip address

 spanning-tree portfast

3.2HSRP主备切换配置

  不用改变HSRP SVIIP地址和虚拟IP地址,直接将HSRP的优先级互换。在Cisco 6509 A上删掉Track配置,在Cisco 6509 B上删掉Track配置。

  因为篇幅问题,以VLAN 21为例

Cisco 6509-A配置:

interfaceVlan21

standby21 priority 100

standby21 preempt

nostandby 21 track GigabitEthernet9/10 60

Cisco 6509-B配置:

interfaceVlan21

standby21 priority 120

standby21 preempt

standby21 track GigabitEthernet9/10 60

3.3、静态路由互相转移配置

Cisco 6509-A内下一跳地址为10.192.192.170的静态路由全部删掉,然后全部粘贴到B机内;再将Cisco 6509-B下一跳地址为10.192.192.174的静态路由全部删掉,然后全部粘贴到A机内。

访问Internet的默认路由也要转移到B机内。

A机删除的路由:

noip route 0.0.0.0 0.0.0.0 10.192.193.139

noip route 10.31.16.0 255.255.255.0 10.192.192.170

noip route 10.41.0.0 255.255.0.0 10.192.192.170

no ip route 10.42.0.0 255.255.0.0 10.192.192.170

noip route 10.50.0.0 255.255.224.0 10.192.192.170

noip route 10.52.0.0 255.255.0.0 10.192.192.170

noip route 10.52.16.52 255.255.255.255 10.192.192.170

noip route 10.91.0.0 255.255.0.0 10.192.192.170

noip route 10.91.0.0 255.255.224.0 10.192.192.170

noip route 10.91.32.0 255.255.240.0 10.192.192.170

noip route 10.111.13.34 255.255.255.255 10.192.192.170

noip route 10.111.13.38 255.255.255.255 10.192.192.170

noip route 10.111.13.39 255.255.255.255 10.192.192.170

noip route 10.111.13.45 255.255.255.255 10.192.192.170

noip route 10.192.0.0 255.255.128.0 10.192.192.170

noip route 10.192.128.0 255.255.192.0 10.192.192.170

noip route 10.192.224.0 255.255.224.0 10.192.192.170

noip route 10.192.232.0 255.255.255.0 10.192.192.170

noip route 10.193.0.0 255.255.0.0 10.192.192.170

noip route 10.194.0.0 255.255.0.0 10.192.192.170

noip route 10.115.0.0 255.255.0.0 10.192.192.170

noip route 10.115.136.0 255.255.255.0 10.192.192.170

noip route 10.197.160.0 255.255.224.0 10.192.192.170

noip route 10.197.160.0 255.255.248.0 10.192.192.170

noip route 10.197.184.0 255.255.255.0 10.192.192.170

noip route 10.197.191.248 255.255.255.252 10.192.192.170

noip route 10.121.13.59 255.255.255.255 10.192.192.170

noip route 10.150.65.0 255.255.255.0 10.192.192.170

noip route 10.154.33.0 255.255.255.0 10.192.192.170

noip route 10.164.128.0 255.255.128.0 10.192.192.170

noip route 10.164.142.0 255.255.255.0 10.192.192.170

noip route 10.165.64.0 255.255.255.0 10.192.192.170

noip route 10.165.64.16 255.255.255.240 10.192.192.170

noip route 10.165.65.0 255.255.255.0 10.192.192.170

noip route 10.165.74.0 255.255.255.0 10.192.192.170

noip route 10.165.89.0 255.255.255.0 10.192.192.170

noip route 10.165.90.0 255.255.255.0 10.192.192.170

noip route 10.165.91.0 255.255.255.0 10.192.192.170

 

A机新增的路由:

iproute 10.31.16.0 255.255.255.0 10.192.192.174

iproute 10.41.0.0 255.255.0.0 10.192.192.174

iproute 10.42.0.0 255.255.0.0 10.192.192.174

iproute 10.50.0.0 255.255.224.0 10.192.192.174

iproute 10.52.0.0 255.255.0.0 10.192.192.174

iproute 10.52.16.52 255.255.255.255 10.192.192.174

iproute 10.91.0.0 255.255.0.0 10.192.192.174

iproute 10.91.0.0 255.255.224.0 10.192.192.174

iproute 10.91.32.0 255.255.240.0 10.192.192.174

iproute 10.111.13.38 255.255.255.255 10.192.192.174

iproute 10.111.13.45 255.255.255.255 10.192.192.174

iproute 10.192.0.0 255.255.128.0 10.192.192.174

iproute 10.192.128.0 255.255.192.0 10.192.192.174

iproute 10.192.224.0 255.255.224.0 10.192.192.174

iproute 10.192.232.0 255.255.255.0 10.192.192.174

iproute 10.193.0.0 255.255.0.0 10.192.192.174

iproute 10.194.0.0 255.255.0.0 10.192.192.174

iproute 10.115.0.0 255.255.0.0 10.192.192.174

iproute 10.197.160.0 255.255.224.0 10.192.192.174

iproute 10.197.160.0 255.255.248.0 10.192.192.174

iproute 10.197.184.0 255.255.255.0 10.192.192.174

iproute 10.197.191.248 255.255.255.252 10.192.192.174

iproute 10.121.13.0 255.255.255.0 10.192.192.174

iproute 10.121.13.59 255.255.255.255 10.192.192.174

iproute 10.150.65.0 255.255.255.0 10.192.192.174

iproute 10.154.33.0 255.255.255.0 10.192.192.174

iproute 10.164.128.0 255.255.128.0 10.192.192.174

iproute 10.164.142.0 255.255.255.0 10.192.192.174

iproute 10.165.64.0 255.255.255.0 10.192.192.174

iproute 10.165.64.16 255.255.255.240 10.192.192.174

iproute 10.165.65.0 255.255.255.0 10.192.192.174

iproute 10.165.74.0 255.255.255.0 10.192.192.174

iproute 10.165.89.0 255.255.255.0 10.192.192.174

iproute 10.165.90.0 255.255.255.0 10.192.192.174

iproute 10.165.91.0 255.255.255.0 10.192.192.174

 

B机删除的路由

noip route 10.31.16.0 255.255.255.0 10.192.192.174

noip route 10.41.0.0 255.255.0.0 10.192.192.174

noip route 10.42.0.0 255.255.0.0 10.192.192.174

noip route 10.50.0.0 255.255.224.0 10.192.192.174

noip route 10.52.0.0 255.255.0.0 10.192.192.174

noip route 10.52.16.52 255.255.255.255 10.192.192.174

noip route 10.91.0.0 255.255.0.0 10.192.192.174

noip route 10.91.0.0 255.255.224.0 10.192.192.174

noip route 10.91.32.0 255.255.240.0 10.192.192.174

noip route 10.111.13.38 255.255.255.255 10.192.192.174

noip route 10.111.13.45 255.255.255.255 10.192.192.174

noip route 10.192.0.0 255.255.128.0 10.192.192.174

noip route 10.192.128.0 255.255.192.0 10.192.192.174

noip route 10.192.224.0 255.255.224.0 10.192.192.174

noip route 10.192.232.0 255.255.255.0 10.192.192.174

noip route 10.193.0.0 255.255.0.0 10.192.192.174

noip route 10.194.0.0 255.255.0.0 10.192.192.174

noip route 10.115.0.0 255.255.0.0 10.192.192.174

noip route 10.197.160.0 255.255.224.0 10.192.192.174

noip route 10.197.160.0 255.255.248.0 10.192.192.174

noip route 10.197.184.0 255.255.255.0 10.192.192.174

noip route 10.197.191.248 255.255.255.252 10.192.192.174

noip route 10.121.13.0 255.255.255.0 10.192.192.174

noip route 10.121.13.59 255.255.255.255 10.192.192.174

noip route 10.150.65.0 255.255.255.0 10.192.192.174

noip route 10.154.33.0 255.255.255.0 10.192.192.174

noip route 10.164.128.0 255.255.128.0 10.192.192.174

noip route 10.164.142.0 255.255.255.0 10.192.192.174

noip route 10.165.64.0 255.255.255.0 10.192.192.174

noip route 10.165.64.16 255.255.255.240 10.192.192.174

noip route 10.165.65.0 255.255.255.0 10.192.192.174

noip route 10.165.74.0 255.255.255.0 10.192.192.174

noip route 10.165.89.0 255.255.255.0 10.192.192.174

noip route 10.165.90.0 255.255.255.0 10.192.192.174

noip route 10.165.91.0 255.255.255.0 10.192.192.174

 

B机新增的路由

iproute 0.0.0.0 0.0.0.0 10.192.193.139

iproute 10.31.16.0 255.255.255.0 10.192.192.170

iproute 10.41.0.0 255.255.0.0 10.192.192.170

iproute 10.41.212.64 255.255.255.240 10.192.193.139

iproute 10.42.0.0 255.255.0.0 10.192.192.170

iproute 10.50.0.0 255.255.224.0 10.192.192.170

iproute 10.52.0.0 255.255.0.0 10.192.192.170

iproute 10.52.16.52 255.255.255.255 10.192.192.170

iproute 10.91.0.0 255.255.0.0 10.192.192.170

iproute 10.91.0.0 255.255.224.0 10.192.192.170

iproute 10.91.32.0 255.255.240.0 10.192.192.170

iproute 10.111.13.34 255.255.255.255 10.192.192.170

iproute 10.111.13.38 255.255.255.255 10.192.192.170

iproute 10.111.13.39 255.255.255.255 10.192.192.170

iproute 10.111.13.45 255.255.255.255 10.192.192.170

iproute 10.192.0.0 255.255.128.0 10.192.192.170

iproute 10.192.128.0 255.255.192.0 10.192.192.170

iproute 10.192.224.0 255.255.224.0 10.192.192.170

iproute 10.192.232.0 255.255.255.0 10.192.192.170

iproute 10.193.0.0 255.255.0.0 10.192.192.170

iproute 10.194.0.0 255.255.0.0 10.192.192.170

iproute 10.115.0.0 255.255.0.0 10.192.192.170

iproute 10.115.136.0 255.255.255.0 10.192.192.170

iproute 10.197.160.0 255.255.224.0 10.192.192.170

iproute 10.197.160.0 255.255.248.0 10.192.192.170

iproute 10.197.184.0 255.255.255.0 10.192.192.170

iproute 10.197.191.248 255.255.255.252 10.192.192.170

iproute 10.121.13.59 255.255.255.255 10.192.192.170

iproute 10.150.65.0 255.255.255.0 10.192.192.170

iproute 10.154.33.0 255.255.255.0 10.192.192.170

iproute 10.164.128.0 255.255.128.0 10.192.192.170

iproute 10.164.142.0 255.255.255.0 10.192.192.170

iproute 10.165.64.0 255.255.255.0 10.192.192.170

iproute 10.165.64.16 255.255.255.240 10.192.192.170

iproute 10.165.65.0 255.255.255.0 10.192.192.170

iproute 10.165.74.0 255.255.255.0 10.192.192.170

iproute 10.165.89.0 255.255.255.0 10.192.192.170

iproute 10.165.90.0 255.255.255.0 10.192.192.170

iproute 10.165.91.0 255.255.255.0 10.192.192.170

如果在实施业务转移之后,影响到其他外联业务的正常通行,或者出现无法访问Internet的情况,应该根据操作日志进行回滚至转移之前的状态,先保证各种业务的正常通行以后,再重新实施转移。

四、后记

  本案例涉及到的网络技术也就是HSRP和静态路由,看起来比较简单。但由于操作的是两台核心设备,配置量很大而且繁杂,在不了解网络拓扑的情况下是一件非常烧脑的问题。不过只要搞清楚其中OSPF路由是负责哪些区域的通信,静态路由到底是负责哪些区域的通信,实际上写出方案到最后的实施还是比较顺利的。

  局域网再怎么复杂,也一般不会牵涉到BGP或者MPLS VPN这样高级的协议。但往往正是一些二层协议难以控制,增加了局域网割接或排除故障的难度。不管拿到什么样的一个局域网,先弄清楚环境再说。

 


本文出自 “捷哥的IT小屋” 博客,谢绝转载!

以上是关于十个网络优化改造案例之三 交换机HSRP主备切换的主要内容,如果未能解决你的问题,请参考以下文章

十个网络优化改造案例之四--NAS区域网络第一次改造

十个网络优化改造案例之二- 办公大楼局域网组网案例

十个网络优化改造案例:数据中心网络缺陷大改造

十个网络优化改造案例之五 NAS区域网络第二次改造

使用cisco的HRSP配置路由器主备冗余以及故障测试

HSRP 双机热备