华为QUIDWAY系列路由器的负载均衡配置
作者:邓聪聪
华为系列路由器的负载均衡NQA联动侦测配置案例:
需求:该局域网,IP地址(末位奇数)走联通,IP地址(末位偶数)走电信当某个运营商不可达时,自动切换。通过NQA来确定运营商是否可达。,并与流行为、静态路由联动,实现自动切换。默认路由走联通,当联通不可达切至电信(配置的路由优先级,华为交换机静态路由默认优先级为60)
配置详情:
内网核心路由器配置;
- <Huawei>dis cu
- [V200R003C00]
- #
- snmp-agent local-engineid 800007DB03000000000000
- snmp-agent
- #
- clock timezone China-Standard-Time minus 08:00:00
- #
- portal local-server load portalpage.zip
- #
- drop illegal-mac alarm
- #
- set cpu-usage threshold 80 restore 75
- #
- bfd
- #
- acl number 2000
- description To-Unicom
- rule 10 permit source 192.168.0.0 0.0.0.255
- acl number 2001
- description To-Telecom
- rule 10 permit source 192.168.1.0 0.0.0.255
- #
- acl number 3000
- description NAT
- rule 10 permit ip source 192.168.0.0 0.0.1.255
- #
- traffic classifier DX operator and
- if-match acl 2001
- traffic classifier LT operator and
- if-match acl 2000
- #
- traffic behavior DX
- redirect ip-nexthop 20.1.1.1 track nqa test DX
- traffic behavior LT
- redirect ip-nexthop 10.1.1.1 track nqa test LT
- #
- traffic policy load
- classifier LT behavior LT
- classifier DX behavior DX
- #
- aaa
- authentication-scheme default
- authorization-scheme default
- accounting-scheme default
- domain default
- domain default_admin
- local-user admin password cipher %$%$K8m.Nt84DZ}e#<0`8bmE3Uw}%$%$
- local-user admin service-type http
- #
- firewall zone Local
- priority 15
- #
- interface GigabitEthernet0/0/0
- ip address 10.1.1.2 255.255.255.252
- nat outbound 3000
- #
- interface GigabitEthernet0/0/1
- ip address 20.1.1.2 255.255.255.252
- nat outbound 3000
- #
- interface GigabitEthernet0/0/2
- ip address 10.16.0.1 255.255.255.252
- traffic-policy load inbound
- #
- interface NULL0
- #
- bfd lt bind peer-ip 10.1.1.1 interface GigabitEthernet0/0/0 source-ip 10.1.1.2 o
- ne-arm-echo
- discriminator local 1
- min-echo-rx-interval 200
- commit
- #
- ip route-static 0.0.0.0 0.0.0.0 20.1.1.1 preference 150
- ip route-static 0.0.0.0 0.0.0.0 10.1.1.1 track nqa test LT
- ip route-static 192.168.0.0 255.255.254.0 10.16.0.2
- ip route-static 202.106.0.30 255.255.255.255 10.1.1.1
- ip route-static 219.141.140.10 255.255.255.255 20.1.1.1
- #
- nqa test-instance test DX
- test-type icmp
- destination-address ipv4 219.141.140.10
- frequency 5
- probe-count 2
- start now
- nqa test-instance test LT
- test-type icmp
- destination-address ipv4 202.106.0.30
- frequency 5
- probe-count 1
- start now
- #
- user-interface con 0
- authentication-mode password
- user-interface vty 0 4
- user-interface vty 16 20
- #
- wlan ac
- #
- return
- <Huawei>
内网汇聚设备配置;
- [Huawei]dis cu
- #
- sysname Huawei
- #
- vlan batch 10 100
- #
- cluster enable
- ntdp enable
- ndp enable
- #
- drop illegal-mac alarm
- #
- diffserv domain default
- #
- drop-profile default
- #
- aaa
- authentication-scheme default
- authorization-scheme default
- accounting-scheme default
- domain default
- domain default_admin
- local-user admin password simple admin
- local-user admin service-type http
- #
- interface Vlanif1
- ip address 192.168.0.1 255.255.254.0
- #
- interface Vlanif10
- ip address 10.16.0.2 255.255.255.252
- #
- interface MEth0/0/1
- #
- interface GigabitEthernet0/0/1
- #
- interface GigabitEthernet0/0/2
- #
- interface GigabitEthernet0/0/3
- port link-type access
- port default vlan 10
- #
- interface GigabitEthernet0/0/4
- #
- interface GigabitEthernet0/0/5
- #
- interface GigabitEthernet0/0/6
- #
- interface GigabitEthernet0/0/7
- #
- interface GigabitEthernet0/0/8
- #
- interface GigabitEthernet0/0/9
- #
- interface GigabitEthernet0/0/10
- #
- interface GigabitEthernet0/0/11
- #
- interface GigabitEthernet0/0/12
- #
- interface GigabitEthernet0/0/13
- #
- interface GigabitEthernet0/0/14
- #
- interface GigabitEthernet0/0/15
- #
- interface GigabitEthernet0/0/16
- #
- interface GigabitEthernet0/0/17
- #
- interface GigabitEthernet0/0/18
- #
- interface GigabitEthernet0/0/19
- #
- interface GigabitEthernet0/0/20
- #
- interface GigabitEthernet0/0/21
- #
- interface GigabitEthernet0/0/22
- #
- interface GigabitEthernet0/0/23
- #
- interface GigabitEthernet0/0/24
- #
- interface NULL0
- #
- ip route-static 0.0.0.0 0.0.0.0 10.16.0.1
- #
- user-interface con 0
- user-interface vty 0 4
- #
- return
- [Huawei]
模拟运营商配置 unicom;
- <Huawei>dis cu
- #
- sysname Huawei
- #
- aaa
- authentication-scheme default
- authorization-scheme default
- accounting-scheme default
- domain default
- domain default_admin
- local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
- local-user admin service-type http
- #
- firewall zone Local
- priority 16
- #
- interface Ethernet0/0/0
- #
- interface Ethernet0/0/1
- #
- interface Serial0/0/0
- link-protocol ppp
- #
- interface Serial0/0/1
- link-protocol ppp
- #
- interface Serial0/0/2
- link-protocol ppp
- #
- interface Serial0/0/3
- link-protocol ppp
- #
- interface GigabitEthernet0/0/0
- ip address 1.1.1.1 255.255.255.252
- #
- interface GigabitEthernet0/0/1
- ip address 10.1.1.1 255.255.255.252
- #
- interface GigabitEthernet0/0/2
- #
- interface GigabitEthernet0/0/3
- #
- wlan
- #
- interface NULL0
- #
- interface LoopBack1
- ip address 202.106.0.30 255.255.255.255
- #
- interface LoopBack12
- ip address 202.106.0.100 255.255.255.255
- #
- ospf 1
- import-route direct
- area 0.0.0.0
- network 1.1.1.0 0.0.0.3
- network 202.106.0.0 0.0.0.255
- #
- user-interface con 0
- user-interface vty 0 4
- user-interface vty 16 20
- #
- return
- <Huawei>
模拟运营商配置 telecom;
- <Huawei>dis cu
- #
- sysname Huawei
- #
- aaa
- authentication-scheme default
- authorization-scheme default
- accounting-scheme default
- domain default
- domain default_admin
- local-user admin password cipher OOCM4m($F4ajUn1vMEIBNUw#
- local-user admin service-type http
- #
- firewall zone Local
- priority 16
- #
- interface Ethernet0/0/0
- #
- interface Ethernet0/0/1
- #
- interface Serial0/0/0
- link-protocol ppp
- #
- interface Serial0/0/1
- link-protocol ppp
- #
- interface Serial0/0/2
- link-protocol ppp
- #
- interface Serial0/0/3
- link-protocol ppp
- #
- interface GigabitEthernet0/0/0
- ip address 1.1.1.2 255.255.255.252
- #
- interface GigabitEthernet0/0/1
- #
- interface GigabitEthernet0/0/2
- ip address 20.1.1.1 255.255.255.252
- #
- interface GigabitEthernet0/0/3
- #
- wlan
- #
- interface NULL0
- #
- interface LoopBack1
- ip address 219.141.140.10 255.255.255.255
- #
- ospf 1
- import-route direct
- area 0.0.0.0
- network 1.1.1.0 0.0.0.3
- #
- nqa test-instance test 1
- test-type icmp
- destination-address ipv4 1.1.1.1
- frequency 5
- probe-count 1
- start now
- #
- user-interface con 0
- user-interface vty 0 4
- user-interface vty 16 20
- #
- return
- <Huawei>
模拟故障;修改unicom的 interface GigabitEthernet0/0/1端口配置,使其互联不可达,但链路状态依然up。
故障前路由表状态;
- 0.0.0.0/0 Static 60 0 RD 10.1.1.1 GigabitEthernet
- 0/0/0
- 10.1.1.0/30 Direct 0 0 D 10.1.1.2 GigabitEthernet
- 0/0/0
- 10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/0
- 10.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/0
- 10.16.0.0/30 Direct 0 0 D 10.16.0.1 GigabitEthernet
- 0/0/2
- 10.16.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/2
- 10.16.0.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/2
- 20.1.1.0/30 Direct 0 0 D 20.1.1.2 GigabitEthernet
- 0/0/1
- 20.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/1
- 20.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/1
- 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 192.168.0.0/23 Static 60 0 RD 10.16.0.2 GigabitEthernet
- 0/0/2
- 202.106.0.30/32 Static 60 0 RD 10.1.1.1 GigabitEthernet
- 0/0/0
- 219.141.140.10/32 Static 60 0 RD 20.1.1.1 GigabitEthernet
- 0/0/1
- 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
故障后路由表状态;
- 0.0.0.0/0 Static 150 0 RD 20.1.1.1 GigabitEthernet
- 0/0/1
- 10.1.1.0/30 Direct 0 0 D 10.1.1.2 GigabitEthernet
- 0/0/0
- 10.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/0
- 10.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/0
- 10.16.0.0/30 Direct 0 0 D 10.16.0.1 GigabitEthernet
- 0/0/2
- 10.16.0.1/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/2
- 10.16.0.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/2
- 20.1.1.0/30 Direct 0 0 D 20.1.1.2 GigabitEthernet
- 0/0/1
- 20.1.1.2/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/1
- 20.1.1.3/32 Direct 0 0 D 127.0.0.1 GigabitEthernet
- 0/0/1
- 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
- 192.168.0.0/23 Static 60 0 RD 10.16.0.2 GigabitEthernet
- 0/0/2
- 202.106.0.30/32 Static 60 0 RD 10.1.1.1 GigabitEthernet
- 0/0/0
- 219.141.140.10/32 Static 60 0 RD 20.1.1.1 GigabitEthernet
- 0/0/1
- 255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0
配置验证:
display ip routing-table #用于查看当前设备的路由表状态
display nqa results test-instance test LT #用于验证NQA的状态
版权声明:本文为dengcongcong原创文章,遵循 CC 4.0 BY-SA 版权协议,转载请附上原文出处链接和本声明。