使用IP SLA跟踪配置默认路由的ISP故障切换
背景信息本文档还提供了有关如何配置网络地址转换(NAT)的说明,在您需要从多个ISP进行无缝故障转移时,即当主ISP发生故障时,辅助ISP使用辅助ISP的公有IP地址通过正确的NAT进行接管。配置网络图https://www.cisco.com/c/dam/en/us/support/docs/ip/ip-routing/200785-ISP-Failover-with-default-routes-using-I-00.png配置ISP 1和ISP 2直接连接到Internet。出于测试目的,使用IP地址10.10.10.10作为Internet的参考。客户边缘路由器配置接口配置:interface GigabitEthernet0/0/1
description PRIMARY LINK TO ISP 1
ip address 10.0.12.1 255.255.255.252
ip nat outside
negotiation autointerface GigabitEthernet0/0/0description BACKUP LINK TO ISP 2ip address 10.0.13.1 255.255.255.252
ip nat outsidenegotiation auto
跟踪、IP SLA和默认路由配置:
track 8 ip sla 1 reachabilityip sla 1icmp-echo 10.0.12.2 source-ip 10.0.12.1ip sla schedule 1 life forever start-time nowip route 0.0.0.0 0.0.0.0 10.0.12.2 track 8ip route 0.0.0.0 0.0.0.0 10.0.13.2 10
当Track 8为UP状态时,通往Internet的流量将通过ISP 1传输。
CustomerEdge#sh ip route staticCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfRGateway of last resort is 10.0.12.2 to network 0.0.0.0S* 0.0.0.0/0 via 10.0.12.2
当Track 8关闭时,流向Internet的流量将通过ISP 2。
CustomerEdge#sh ip route staticCodes: L - local, C - connected, S - static, R - RIP, M - mobile, B - BGP D - EIGRP, EX - EIGRP external, O - OSPF, IA - OSPF inter area N1 - OSPF NSSA external type 1, N2 - OSPF NSSA external type 2 E1 - OSPF external type 1, E2 - OSPF external type 2 i - IS-IS, su - IS-IS summary, L1 - IS-IS level-1, L2 - IS-IS level-2 ia - IS-IS inter area, * - candidate default, U - per-user static route o - ODR, P - periodic downloaded static route, H - NHRP, l - LISP a - application route + - replicated route, % - next hop override, p - overrides from PfRGateway of last resort is 10.0.13.2 to network 0.0.0.0S* 0.0.0.0/0 via 10.0.13.2
Cisco 建议注意:配置IP SLA时,思科建议使用以下默认值:
1.阈值(毫秒):5000
2.超时(毫秒):5000
3.频率(秒):60NAT故障切换的其他配置:
interface GigabitEthernet0/0/2description TOWARDS CUSTOMER LANip address 192.168.1.1 255.255.255.0
ip nat insidenegotiation auto!ip access-list extended 101permit ip 192.168.1.0 0.0.0.255 any!!route-map NAT_ISP2 permit 10match ip address 101match interface GigabitEthernet0/0/0!route-map NAT_ISP1 permit 10match ip address 101match interface GigabitEthernet0/0/1!
创建路由映射是为了与访问列表101定义的IP地址匹配,并且还要与送出接口匹配。
ip nat inside source route-map NAT_ISP1 interface GigabitEthernet0/0/1 overloadip nat inside source route-map NAT_ISP2 interface GigabitEthernet0/0/0 overload
这些命令启用端口地址转换(PAT),其中要转换的IP地址由路由映射定义。要转换到的IP地址在interface关键字后定义。验证使用本部分可确认配置能否正常运行。可使用show track命令验证跟踪状态。
CustomerEdge#show trackTrack 8IP SLA 1 reachabilityReachability is Up 7 changes, last change 00:00:17Latest operation return code: OKLatest RTT (millisecs) 1Tracked by: Static IP Routing 0
当主ISP链路为UP状态时,流量会流经该链路。
CustomerEdge#traceroute 10.10.10.10Type escape sequence to abort.Tracing the route to 10.10.10.10VRF info: (vrf in name/id, vrf out name/id)1 10.0.12.2 1 msec *0 msec
当主ISP链路断开时,辅助链路将进行故障切换。
CustomerEdge#traceroute 10.10.10.10Type escape sequence to abort.Tracing the route to 10.10.10.10VRF info: (vrf in name/id, vrf out name/id)1 10.0.13.2 1 msec *1 msec
当通向主ISP链路的链路恢复正常后,流量会自动开始流经该链路。同样,对于NAT故障切换:
CustomerLAN#ping 10.10.10.10Type escape sequence to abort.Sending 5, 100-byte ICMP Echos to 10.10.10.10, timeout is 2 seconds:!!!!!Success rate is 100 percent (5/5), round-trip min/avg/max = 1/1/1 msCustomerLAN#sh ip route 10.10.10.10Routing entry for 10.10.10.10/32Known via "static", distance 1, metric 0Routing Descriptor Blocks:* 192.168.1.1 Route metric is 0, traffic share count is 1
当主ISP链路为UP状态时,NAT转换通过主ISP链路进行。
CustomerEdge#sh ip nat translationsProInside global Inside local Outside local Outside global icmp 10.0.12.1:1 192.168.1.2:12 10.10.10.10:12 10.10.10.10:1 Total number of translations: 1
当主ISP链路关闭时,NAT转换通过辅助ISP链路进行。
CustomerEdge#sh ip nat translationsProInside global Inside local Outside local Outside globalicmp 10.0.13.1:1 192.168.1.2:13 10.10.10.10:13 10.10.10.10:1Total number of translations: 1
当主ISP链路恢复正常时,NAT转换将通过主ISP链路进行。
學習一下感謝 {:6_299:} {:6_267:} {:6_267:}{:6_267:}{:6_267:}
页:
[1]