十个网络优化改造案例之三 交换机HSRP主备切换
Posted
tags:
篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了十个网络优化改造案例之三 交换机HSRP主备切换相关的知识,希望对你有一定的参考价值。
主要内容及技术
HSRP
静态路由调整
前言:
这是一次较大规模的网络整改。当两台核心层设备Cisco 6509的上行业务不同的时候,要把两台Cisco 6509的角色进行互换,这还是需要花一番功夫的。这不仅仅是两台Cisco6509 HSRP Active和Standby角色互换的问题,其中牵涉到的上行路由、OSPF配置、两台Cisco 6509上连接的外联业务的对换问题。
当年我接到这个任务的时候,光是研究两台Cisco 6509上万行的配置就用了三天的时间。这次我讲这个案例的时候,限于时间和篇幅我不能完全贴出Cisco 6509的关键配置,但是我会尽可能完整的给大家讲述这个案例。
由于本次网络改造是对生产环境中的核心设备进行操作,故存在一定的风险性。在实施的时候要考虑到可能出现的问题,避免出现设备停机,网络大面积中断的情况。
一、需求描述
市局局域网两台核心交换机,型号均为Cisco 6509E。这两台核心交换机形成HSRP组,其中Cisco 6509A机(主机名:SJ-Core-C6509E-1)为主要设备,Cisco 6509 B机(主机名:SJ- Core -C6509E-2)为备用设备。目前,因为A机比B机早投运4年,硬件老化,满载运行时经常出现网络中断的情况,所以经研究决定,将A机负责的外联业务转移至B机:即A机由原先的主要设备改为备用设备,B机由原先的备用设备改成主要设备。考虑到核心设备设备承担业务多且不确定因素多,施工时间短,所以本次转移项目就只对重要业务进行转移。
需要转移的业务如下:
1、所有外联业务
2、办公区域和服务器区域的Active设备全部转移到B机
3、访问省骨干网的主要出口由A机转移至B机
4、访问Internet的数据流仍然由B机转发
5、无线网络控制区域无需调整
1.1、 市局局域网拓扑图
连接接口信息:
1、Cisco 6509-A机(主机名为SJ-Core-C6509-1)
l Ten 7/3:办公区域交换机-1
l Ten 7/4:办公区域交换机-2
l Gi 9/1—Gi 9/6:外联区域1—6
l Gi 9/11-Gi 9/13:无线网控制区
l Gi 9/9:连接Internet防火墙(外网业务)
l Gi 9/10:连接ASA防火墙(内网业务)10.192.192.169/30
2、Cisco 6509-A机(主机名为SJ-Core-C6509-1)
l Ten 7/3:服务器区域交换机-1
l Ten 7/4:服务器区域交换机-2
l Gi 9/10:连接ASA防火墙(内网业务)10.192.192.173/30
1.2、 主要业务与互联接口
下表列出Cisco 6509 A机上需要转移的业务和接口信息
接口编号 | 业务连接 | IP地址 |
Gi9/1 | 外联业务1 | Vlan 21 |
Gi9/2 | 外联业务2 | Vlan 22 |
Gi9/3 | 外联业务3 | Vlan 23 |
Gi9/4 | 外联业务4 | Vlan 24 |
Gi9/5 | 外联业务5 | Vlan 25 |
Gi9/6 | 外联业务6 | Vlan 26 |
Gi9/9 | ISP Internet | 10.192.193.142/29 |
Gi9/10 | SGS-ASA5520 | 10.192.192.169/30 |
1.3、 业务互换需求
在1.2节表格中列出的Gi 9/1-Gi9/6都必须转移到B机上,互联VLAN如果配置了HSRP,则把HSRP的Active设备转移到B机,如果没有配置HSRP,则在A机上删掉这个业务VLAN的SVI配置,将其转移到B机。
Cisco 6509A上的Gi 9/9接口连接线转移到B机,将该接口的IP地址配置也转移到B机。Cisco 6509A上的Gi 9/10接口和Cisco 6509B上的Gi 9/10互换IP地址配置。
二、准备阶段
2.1、查看Cisco6509-A机当前运行的接口(包括SVI接口)配置
a、Cisco 6509-A机上外联业务SVI当前配置
interfaceVlan21
description Wailian-1
ip address 10.192.193.74 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 21 ip 10.192.193.73
standby 21 priority 120
standby 21 preempt
standby 21 track GigabitEthernet9/10 60
!
interfaceVlan22
description Wailian-2
ip address 10.192.193.82 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 22 ip 10.192.193.81
standby 22 priority 120
standby 22 preempt
standby 22 track GigabitEthernet9/10 60
!
interfaceVlan23
description Wailian-3
ip address 10.192.193.90 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 23 ip 10.192.193.89
standby 23 priority 120
standby 23 preempt
standby 23 track GigabitEthernet9/10 60
!
interfaceVlan24
description Wailian-4
ip address 10.192.193.98 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 24 ip 10.192.193.97
standby 24 priority 120
standby 24 preempt
standby 24 track GigabitEthernet9/10 60
!
interfaceVlan25
description Wailian-5
ip address 10.192.193.106 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 25 ip 10.192.193.105
standby 25 priority 120
standby 25 preempt
standby 25 track GigabitEthernet9/10 60
!
interfaceVlan26
description Wailian-6
ip address 10.192.193.114 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 26 ip 10.192.193.113
standby 26 priority 120
standby 26 preempt
standby 26 track GigabitEthernet9/10 60
b、Cisco 6509-A机上内网出口和外网出口配置
interfaceGigabitEthernet9/9
description Internet-NGFW
ip address 10.192.193.142 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
speed 1000
rmon collection stats 6099 owner monitor
!
interfaceGigabitEthernet9/10
description SGS-ASA5550
ip address 10.192.192.169 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip policy route-map uniaccess_policy1
speed 1000
rmon collection stats 6035 owner monitor
!
c、Cisco 6509-A机上办公业务网段配置
interfaceVlan55
description Part-1
ip address 10.192.195.130 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
standby 55 ip 10.192.195.129
standby 55 priority 120
standby 55 preempt
!
interfaceVlan56
description Part-2
ip address 172.17.199.194 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
standby 56 ip 172.17.199.193
standby 56 priority 120
standby 56 track GigabitEthernet9/10 60
!
interfaceVlan65
description Part-3
ip address 10.192.195.138 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map uniaccess_policy
standby 65 ip 10.192.195.137
standby 65 priority 120
standby 65 preempt
!
interfaceVlan69
description Part-4
ip address 10.192.193.66 255.255.255.248
no ip proxy-arp
ip flow ingress
ip route-cache flow
standby 69 ip 10.192.193.65
standby 69 priority 120
standby 69 preempt
standby 69 track GigabitEthernet9/10 60
!
interfaceVlan71
description Part-5
ip address 10.192.193.58 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip route-cache flow
standby 71 ip 10.192.193.57
standby 71 priority 120
standby 71 preempt
!
interfaceVlan73
description Part-6
ip address 10.192.193.178 255.255.255.248
no ip proxy-arp
ip flow ingress
ip route-cache flow
standby 73 ip 10.192.193.177
standby 73 priority 120
standby 73 preempt
2.2、查看Cisco6509-B机当前运行的接口(包括SVI接口)配置
a、Cisco 6509-B机上外联业务SVI当前配置
interfaceVlan21
description Wailian-1
ip address 10.192.193.75 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 21 ip 10.192.193.73
standby 21 preempt
standby 21 track GigabitEthernet9/10 60
!
interfaceVlan22
description Wailian-2
ip address 10.192.193.83 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 22 ip 10.192.193.81
standby 22 preempt
standby 22 track GigabitEthernet9/10 60
!
interfaceVlan23
description Wailian-3
ip address 10.192.193.91 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 23 ip 10.192.193.89
standby 23 preempt
standby 23 track GigabitEthernet9/10 60
!
interfaceVlan24
description Wailian-4
ip address 10.192.193.99 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 24 ip 10.192.193.97
standby 24 preempt
standby 24 track GigabitEthernet9/10 60
!
interfaceVlan25
description Wailian-5
ip address 10.192.193.107 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 25 ip 10.192.193.105
standby 25 preempt
standby 25 track GigabitEthernet9/10 60
!
interfaceVlan26
description Wailian-6
ip address 10.192.193.115 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
standby 26 ip 10.192.193.113
standby 26 preempt
standby 26 track GigabitEthernet9/10 60
b、Cisco 6509-B机上内网出口和外网出口配置
interfaceGigabitEthernet9/10
description SGS-ASA5550
ip address 10.192.192.173 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip policy route-map uniaccess_policy1
speed 1000
rmon collection stats 6035 owner monitor
c、Cisco 6509-B机上办公业务网段配置
interfaceVlan55
description Part-1
ip address 10.192.195.131 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
standby 55 ip 10.192.195.129
standby 55 preempt
!
interfaceVlan56
description Part-2
ip address 172.17.199.195 255.255.255.192
no ip redirects
no ip unreachables
no ip proxy-arp
standby 56 ip 172.17.199.193
standby 56 track GigabitEthernet9/10 60
!
interfaceVlan65
description Part-3
ip address 10.192.195.139 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip policy route-map uniaccess_policy
standby 65 ip 10.192.195.137
standby 65 preempt
!
interfaceVlan69
description Part-4
ip address 10.192.193.67 255.255.255.248
no ip proxy-arp
ip flow ingress
ip route-cache flow
standby 69 ip 10.192.193.65
standby 69 preempt
standby 69 track GigabitEthernet9/10 60
!
interfaceVlan71
description Part-5
ip address 10.192.193.59 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
ip flow ingress
ip route-cache flow
standby 71 ip 10.192.193.57
standby 71 preempt
!
interfaceVlan73
description Part-6
ip address 10.192.193.179 255.255.255.248
no ip proxy-arp
ip flow ingress
ip route-cache flow
standby 73 ip 10.192.193.177
standby 73 preempt
2.3、路由配置
这个实际上只是针对局域网做了OSPF的配置,因为不改动任何对内的接口IP地址和网段,所对本次割接没有什么意义。控制外联业务和数据流出的路由都是静态路由。特别是下一跳地址指向防火墙的路由。
a、Cisco 6509-A机上的静态路由
iproute 0.0.0.0 0.0.0.0 10.192.193.139
iproute 10.31.16.0 255.255.255.0 10.192.192.170
iproute 10.41.0.0 255.255.0.0 10.192.192.170
iproute 10.41.212.64 255.255.255.240 10.192.193.139
iproute 10.42.0.0 255.255.0.0 10.192.192.170
iproute 10.50.0.0 255.255.224.0 10.192.192.170
iproute 10.52.0.0 255.255.0.0 10.192.192.170
iproute 10.52.16.52 255.255.255.255 10.192.192.170
iproute 10.91.0.0 255.255.0.0 10.192.192.170
iproute 10.91.0.0 255.255.224.0 10.192.192.170
iproute 10.91.32.0 255.255.240.0 10.192.192.170
iproute 10.111.13.34 255.255.255.255 10.192.192.170
iproute 10.111.13.38 255.255.255.255 10.192.192.170
iproute 10.111.13.39 255.255.255.255 10.192.192.170
iproute 10.111.13.45 255.255.255.255 10.192.192.170
iproute 10.192.0.0 255.255.128.0 10.192.192.170
iproute 10.192.128.0 255.255.192.0 10.192.192.170
iproute 10.192.224.0 255.255.224.0 10.192.192.170
iproute 10.192.232.0 255.255.255.0 10.192.192.170
iproute 10.193.0.0 255.255.0.0 10.192.192.170
iproute 10.194.0.0 255.255.0.0 10.192.192.170
iproute 10.115.0.0 255.255.0.0 10.192.192.170
iproute 10.115.136.0 255.255.255.0 10.192.192.170
iproute 10.197.160.0 255.255.224.0 10.192.192.170
iproute 10.197.160.0 255.255.248.0 10.192.192.170
iproute 10.197.184.0 255.255.255.0 10.192.192.170
iproute 10.197.191.248 255.255.255.252 10.192.192.170
iproute 10.121.13.59 255.255.255.255 10.192.192.170
iproute 10.150.65.0 255.255.255.0 10.192.192.170
iproute 10.154.33.0 255.255.255.0 10.192.192.170
iproute 10.164.128.0 255.255.128.0 10.192.192.170
iproute 10.164.142.0 255.255.255.0 10.192.192.170
iproute 10.165.64.0 255.255.255.0 10.192.192.170
iproute 10.165.64.16 255.255.255.240 10.192.192.170
iproute 10.165.65.0 255.255.255.0 10.192.192.170
iproute 10.165.74.0 255.255.255.0 10.192.192.170
iproute 10.165.89.0 255.255.255.0 10.192.192.170
iproute 10.165.90.0 255.255.255.0 10.192.192.170
iproute 10.165.91.0 255.255.255.0 10.192.192.170
b、Cisco 6509-B机上的静态路由
iproute 10.31.16.0 255.255.255.0 10.192.192.174
iproute 10.41.0.0 255.255.0.0 10.192.192.174
iproute 10.42.0.0 255.255.0.0 10.192.192.174
iproute 10.50.0.0 255.255.224.0 10.192.192.174
iproute 10.52.0.0 255.255.0.0 10.192.192.174
iproute 10.52.16.52 255.255.255.255 10.192.192.174
iproute 10.91.0.0 255.255.0.0 10.192.192.174
iproute 10.91.0.0 255.255.224.0 10.192.192.174
iproute 10.91.32.0 255.255.240.0 10.192.192.174
iproute 10.111.13.38 255.255.255.255 10.192.192.174
iproute 10.111.13.45 255.255.255.255 10.192.192.174
iproute 10.192.0.0 255.255.128.0 10.192.192.174
iproute 10.192.128.0 255.255.192.0 10.192.192.174
iproute 10.192.224.0 255.255.224.0 10.192.192.174
iproute 10.192.232.0 255.255.255.0 10.192.192.174
iproute 10.193.0.0 255.255.0.0 10.192.192.174
iproute 10.194.0.0 255.255.0.0 10.192.192.174
iproute 10.115.0.0 255.255.0.0 10.192.192.174
iproute 10.197.160.0 255.255.224.0 10.192.192.174
iproute 10.197.160.0 255.255.248.0 10.192.192.174
iproute 10.197.184.0 255.255.255.0 10.192.192.174
iproute 10.197.191.248 255.255.255.252 10.192.192.174
iproute 10.121.13.0 255.255.255.0 10.192.192.174
iproute 10.121.13.59 255.255.255.255 10.192.192.174
iproute 10.150.65.0 255.255.255.0 10.192.192.174
iproute 10.154.33.0 255.255.255.0 10.192.192.174
iproute 10.164.128.0 255.255.128.0 10.192.192.174
iproute 10.164.142.0 255.255.255.0 10.192.192.174
iproute 10.165.64.0 255.255.255.0 10.192.192.174
iproute 10.165.64.16 255.255.255.240 10.192.192.174
iproute 10.165.65.0 255.255.255.0 10.192.192.174
iproute 10.165.74.0 255.255.255.0 10.192.192.174
iproute 10.165.89.0 255.255.255.0 10.192.192.174
iproute 10.165.90.0 255.255.255.0 10.192.192.174
iproute 10.165.91.0 255.255.255.0 10.192.192.174
三、实施阶段
3.1、物理接口及配置转移
设备 | 接口 | 转移前配置 | 转移前业务 | 转移后配置 | 转移后业务 |
A机 C6509E-1 | Gi9/9 | 10.192.193.142 | ISP | 无配置 | 无连接 |
Gi9/10 | 10.192.192.169 | ASA5520-G0/1 | 10.192.192.173 | ASA5520-G0/2 | |
B机 C6509-2 | Gi9/9 | 无配置 | 无连接 | 10.192.193.142 | ISP |
Gi9/10 | 10.192.192.173 | ASA5520-G0/2 | 10.192.192.169 | ASA5520-G0/1 |
另外,A机的Gi 9/1-9/6的连接线全部转移到B机,并把Gi 9/1-Gi9/6的接口配置全部转移到B机。
A机清空物理接口Gi9/9的IP地址配置:
interfaceGigabitEthernet9/9
no description Internet-NGFW
no ip address 10.192.193.142 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
speed 1000
rmon collection stats 6099 owner monitor
!
说明,A机和B机连接防火墙的接口互换,所以A机、B机连接防火墙接口的配置也互换
interfaceGigabitEthernet9/10
descriptionSGS-ASA5520
ipaddress 10.192.192.173 255.255.255.252
speed1000
shutdown
rmoncollection stats 6035 owner monitor
B机对应接口配置上和A机原先配置相同的IP地址,如果是需要加入VLAN,则加入与A机接口原本配置相同的VLAN:
interfaceGigabitEthernet9/9
description PE2 Gi2/0/43 3-isp Internet
ip address 10.192.193.142 255.255.255.248
no ip redirects
no ip unreachables
no ip proxy-arp
speed 1000
rmon collection stats 6099 owner monitor
!
interfaceGigabitEthernet9/10
description ZunYi-SGS-ASA5520 G0/1
ip address 10.192.192.169 255.255.255.252
no ip redirects
no ip unreachables
no ip proxy-arp
ip route-cache flow
ip policy route-map uniaccess_policy1
speed 1000
rmon collection stats 6035 owner monitor
!
interfaceGigabitEthernet9/1
description wailian-1
switchport
switchport access vlan 21
switchport mode access
no ip address
spanning-tree portfast
!
interfaceGigabitEthernet9/2
description wailian-2
switchport
switchport access vlan 22
switchport mode access
no ip address
spanning-tree portfast
!
interfaceGigabitEthernet9/3
description wailian-3
switchport
switchport access vlan 23
no ip address
spanning-tree portfast
!
interfaceGigabitEthernet9/4
description wailian-4
switchport
switchport access vlan 24
no ip address
spanning-tree portfast
!
interfaceGigabitEthernet9/5
description wailian-5
switchport
switchport access vlan 25
no ip address
rmon collection stats 6095 owner monitor
spanning-tree portfast
!
interfaceGigabitEthernet9/6
description wailian-6
switchport
switchport access vlan 26
no ip address
spanning-tree portfast
3.2、HSRP主备切换配置
不用改变HSRP SVI口IP地址和虚拟IP地址,直接将HSRP的优先级互换。在Cisco 6509 A上删掉Track配置,在Cisco 6509 B上删掉Track配置。
因为篇幅问题,以VLAN 21为例
Cisco 6509-A配置:
interfaceVlan21
standby21 priority 100
standby21 preempt
nostandby 21 track GigabitEthernet9/10 60
Cisco 6509-B配置:
interfaceVlan21
standby21 priority 120
standby21 preempt
standby21 track GigabitEthernet9/10 60
3.3、静态路由互相转移配置
将Cisco 6509-A内下一跳地址为10.192.192.170的静态路由全部删掉,然后全部粘贴到B机内;再将Cisco 6509-B下一跳地址为10.192.192.174的静态路由全部删掉,然后全部粘贴到A机内。
访问Internet的默认路由也要转移到B机内。
A机删除的路由:
noip route 0.0.0.0 0.0.0.0 10.192.193.139
noip route 10.31.16.0 255.255.255.0 10.192.192.170
noip route 10.41.0.0 255.255.0.0 10.192.192.170
no ip route 10.42.0.0 255.255.0.0 10.192.192.170
noip route 10.50.0.0 255.255.224.0 10.192.192.170
noip route 10.52.0.0 255.255.0.0 10.192.192.170
noip route 10.52.16.52 255.255.255.255 10.192.192.170
noip route 10.91.0.0 255.255.0.0 10.192.192.170
noip route 10.91.0.0 255.255.224.0 10.192.192.170
noip route 10.91.32.0 255.255.240.0 10.192.192.170
noip route 10.111.13.34 255.255.255.255 10.192.192.170
noip route 10.111.13.38 255.255.255.255 10.192.192.170
noip route 10.111.13.39 255.255.255.255 10.192.192.170
noip route 10.111.13.45 255.255.255.255 10.192.192.170
noip route 10.192.0.0 255.255.128.0 10.192.192.170
noip route 10.192.128.0 255.255.192.0 10.192.192.170
noip route 10.192.224.0 255.255.224.0 10.192.192.170
noip route 10.192.232.0 255.255.255.0 10.192.192.170
noip route 10.193.0.0 255.255.0.0 10.192.192.170
noip route 10.194.0.0 255.255.0.0 10.192.192.170
noip route 10.115.0.0 255.255.0.0 10.192.192.170
noip route 10.115.136.0 255.255.255.0 10.192.192.170
noip route 10.197.160.0 255.255.224.0 10.192.192.170
noip route 10.197.160.0 255.255.248.0 10.192.192.170
noip route 10.197.184.0 255.255.255.0 10.192.192.170
noip route 10.197.191.248 255.255.255.252 10.192.192.170
noip route 10.121.13.59 255.255.255.255 10.192.192.170
noip route 10.150.65.0 255.255.255.0 10.192.192.170
noip route 10.154.33.0 255.255.255.0 10.192.192.170
noip route 10.164.128.0 255.255.128.0 10.192.192.170
noip route 10.164.142.0 255.255.255.0 10.192.192.170
noip route 10.165.64.0 255.255.255.0 10.192.192.170
noip route 10.165.64.16 255.255.255.240 10.192.192.170
noip route 10.165.65.0 255.255.255.0 10.192.192.170
noip route 10.165.74.0 255.255.255.0 10.192.192.170
noip route 10.165.89.0 255.255.255.0 10.192.192.170
noip route 10.165.90.0 255.255.255.0 10.192.192.170
noip route 10.165.91.0 255.255.255.0 10.192.192.170
A机新增的路由:
iproute 10.31.16.0 255.255.255.0 10.192.192.174
iproute 10.41.0.0 255.255.0.0 10.192.192.174
iproute 10.42.0.0 255.255.0.0 10.192.192.174
iproute 10.50.0.0 255.255.224.0 10.192.192.174
iproute 10.52.0.0 255.255.0.0 10.192.192.174
iproute 10.52.16.52 255.255.255.255 10.192.192.174
iproute 10.91.0.0 255.255.0.0 10.192.192.174
iproute 10.91.0.0 255.255.224.0 10.192.192.174
iproute 10.91.32.0 255.255.240.0 10.192.192.174
iproute 10.111.13.38 255.255.255.255 10.192.192.174
iproute 10.111.13.45 255.255.255.255 10.192.192.174
iproute 10.192.0.0 255.255.128.0 10.192.192.174
iproute 10.192.128.0 255.255.192.0 10.192.192.174
iproute 10.192.224.0 255.255.224.0 10.192.192.174
iproute 10.192.232.0 255.255.255.0 10.192.192.174
iproute 10.193.0.0 255.255.0.0 10.192.192.174
iproute 10.194.0.0 255.255.0.0 10.192.192.174
iproute 10.115.0.0 255.255.0.0 10.192.192.174
iproute 10.197.160.0 255.255.224.0 10.192.192.174
iproute 10.197.160.0 255.255.248.0 10.192.192.174
iproute 10.197.184.0 255.255.255.0 10.192.192.174
iproute 10.197.191.248 255.255.255.252 10.192.192.174
iproute 10.121.13.0 255.255.255.0 10.192.192.174
iproute 10.121.13.59 255.255.255.255 10.192.192.174
iproute 10.150.65.0 255.255.255.0 10.192.192.174
iproute 10.154.33.0 255.255.255.0 10.192.192.174
iproute 10.164.128.0 255.255.128.0 10.192.192.174
iproute 10.164.142.0 255.255.255.0 10.192.192.174
iproute 10.165.64.0 255.255.255.0 10.192.192.174
iproute 10.165.64.16 255.255.255.240 10.192.192.174
iproute 10.165.65.0 255.255.255.0 10.192.192.174
iproute 10.165.74.0 255.255.255.0 10.192.192.174
iproute 10.165.89.0 255.255.255.0 10.192.192.174
iproute 10.165.90.0 255.255.255.0 10.192.192.174
iproute 10.165.91.0 255.255.255.0 10.192.192.174
B机删除的路由
noip route 10.31.16.0 255.255.255.0 10.192.192.174
noip route 10.41.0.0 255.255.0.0 10.192.192.174
noip route 10.42.0.0 255.255.0.0 10.192.192.174
noip route 10.50.0.0 255.255.224.0 10.192.192.174
noip route 10.52.0.0 255.255.0.0 10.192.192.174
noip route 10.52.16.52 255.255.255.255 10.192.192.174
noip route 10.91.0.0 255.255.0.0 10.192.192.174
noip route 10.91.0.0 255.255.224.0 10.192.192.174
noip route 10.91.32.0 255.255.240.0 10.192.192.174
noip route 10.111.13.38 255.255.255.255 10.192.192.174
noip route 10.111.13.45 255.255.255.255 10.192.192.174
noip route 10.192.0.0 255.255.128.0 10.192.192.174
noip route 10.192.128.0 255.255.192.0 10.192.192.174
noip route 10.192.224.0 255.255.224.0 10.192.192.174
noip route 10.192.232.0 255.255.255.0 10.192.192.174
noip route 10.193.0.0 255.255.0.0 10.192.192.174
noip route 10.194.0.0 255.255.0.0 10.192.192.174
noip route 10.115.0.0 255.255.0.0 10.192.192.174
noip route 10.197.160.0 255.255.224.0 10.192.192.174
noip route 10.197.160.0 255.255.248.0 10.192.192.174
noip route 10.197.184.0 255.255.255.0 10.192.192.174
noip route 10.197.191.248 255.255.255.252 10.192.192.174
noip route 10.121.13.0 255.255.255.0 10.192.192.174
noip route 10.121.13.59 255.255.255.255 10.192.192.174
noip route 10.150.65.0 255.255.255.0 10.192.192.174
noip route 10.154.33.0 255.255.255.0 10.192.192.174
noip route 10.164.128.0 255.255.128.0 10.192.192.174
noip route 10.164.142.0 255.255.255.0 10.192.192.174
noip route 10.165.64.0 255.255.255.0 10.192.192.174
noip route 10.165.64.16 255.255.255.240 10.192.192.174
noip route 10.165.65.0 255.255.255.0 10.192.192.174
noip route 10.165.74.0 255.255.255.0 10.192.192.174
noip route 10.165.89.0 255.255.255.0 10.192.192.174
noip route 10.165.90.0 255.255.255.0 10.192.192.174
noip route 10.165.91.0 255.255.255.0 10.192.192.174
B机新增的路由
iproute 0.0.0.0 0.0.0.0 10.192.193.139
iproute 10.31.16.0 255.255.255.0 10.192.192.170
iproute 10.41.0.0 255.255.0.0 10.192.192.170
iproute 10.41.212.64 255.255.255.240 10.192.193.139
iproute 10.42.0.0 255.255.0.0 10.192.192.170
iproute 10.50.0.0 255.255.224.0 10.192.192.170
iproute 10.52.0.0 255.255.0.0 10.192.192.170
iproute 10.52.16.52 255.255.255.255 10.192.192.170
iproute 10.91.0.0 255.255.0.0 10.192.192.170
iproute 10.91.0.0 255.255.224.0 10.192.192.170
iproute 10.91.32.0 255.255.240.0 10.192.192.170
iproute 10.111.13.34 255.255.255.255 10.192.192.170
iproute 10.111.13.38 255.255.255.255 10.192.192.170
iproute 10.111.13.39 255.255.255.255 10.192.192.170
iproute 10.111.13.45 255.255.255.255 10.192.192.170
iproute 10.192.0.0 255.255.128.0 10.192.192.170
iproute 10.192.128.0 255.255.192.0 10.192.192.170
iproute 10.192.224.0 255.255.224.0 10.192.192.170
iproute 10.192.232.0 255.255.255.0 10.192.192.170
iproute 10.193.0.0 255.255.0.0 10.192.192.170
iproute 10.194.0.0 255.255.0.0 10.192.192.170
iproute 10.115.0.0 255.255.0.0 10.192.192.170
iproute 10.115.136.0 255.255.255.0 10.192.192.170
iproute 10.197.160.0 255.255.224.0 10.192.192.170
iproute 10.197.160.0 255.255.248.0 10.192.192.170
iproute 10.197.184.0 255.255.255.0 10.192.192.170
iproute 10.197.191.248 255.255.255.252 10.192.192.170
iproute 10.121.13.59 255.255.255.255 10.192.192.170
iproute 10.150.65.0 255.255.255.0 10.192.192.170
iproute 10.154.33.0 255.255.255.0 10.192.192.170
iproute 10.164.128.0 255.255.128.0 10.192.192.170
iproute 10.164.142.0 255.255.255.0 10.192.192.170
iproute 10.165.64.0 255.255.255.0 10.192.192.170
iproute 10.165.64.16 255.255.255.240 10.192.192.170
iproute 10.165.65.0 255.255.255.0 10.192.192.170
iproute 10.165.74.0 255.255.255.0 10.192.192.170
iproute 10.165.89.0 255.255.255.0 10.192.192.170
iproute 10.165.90.0 255.255.255.0 10.192.192.170
iproute 10.165.91.0 255.255.255.0 10.192.192.170
如果在实施业务转移之后,影响到其他外联业务的正常通行,或者出现无法访问Internet的情况,应该根据操作日志进行回滚至转移之前的状态,先保证各种业务的正常通行以后,再重新实施转移。
四、后记
本案例涉及到的网络技术也就是HSRP和静态路由,看起来比较简单。但由于操作的是两台核心设备,配置量很大而且繁杂,在不了解网络拓扑的情况下是一件非常烧脑的问题。不过只要搞清楚其中OSPF路由是负责哪些区域的通信,静态路由到底是负责哪些区域的通信,实际上写出方案到最后的实施还是比较顺利的。
局域网再怎么复杂,也一般不会牵涉到BGP或者MPLS VPN这样高级的协议。但往往正是一些二层协议难以控制,增加了局域网割接或排除故障的难度。不管拿到什么样的一个局域网,先弄清楚环境再说。
本文出自 “捷哥的IT小屋” 博客,谢绝转载!
以上是关于十个网络优化改造案例之三 交换机HSRP主备切换的主要内容,如果未能解决你的问题,请参考以下文章