華爲USG防火牆備份---hrp與ip-link聯動

 

fw1:

interfaceGigabitEthernet0/0/0

ip address 192.168.1.2 255.255.255.0

hrp track master

interfaceGigabitEthernet0/0/1

ip address 202.100.1.1 255.255.255.0

hrp track master

hrp mirror sessionenable

hrp enable

hrp ospf-costadjust-enable

hrp interfaceGigabitEthernet0/0/2

ip-link check enable

ip-link 1destination 100.100.100.100 interface g0/0/1 mode icmp

hrp track ip-link 1master

fw2:

interfaceGigabitEthernet0/0/0

ip address 192.168.2.2 255.255.255.0

hrp track slave

interfaceGigabitEthernet0/0/1

ip address 202.100.2.1 255.255.255.0

hrp track slave

hrp mirror sessionenable

hrp enable

hrp ospf-costadjust-enable

hrp interfaceGigabitEthernet0/0/2

ip-link check enable

ip-link 1destination 100.100.100.100 interface g0/0/1 mode icmp

hrp track ip-link 1salve

-----------------------------------------------------------------------------------------

查看HRP狀態：

HRP_M[FW1]dis hrpstate

09:49:06  2014/07/24

The firewall's config state is: MASTER

Current state of interfaces tracked by master:

             GigabitEthernet0/0/0 : up  

             GigabitEthernet0/0/1 : up  

HRP_S[FW2]dis hrpstate

09:49:27  2014/07/24

The firewall's config state is: SLAVE

Current state of interfaces tracked by slave:

             GigabitEthernet0/0/0 : up  

             GigabitEthernet0/0/1 : up  

--------------------------------------------------------------------------------------------------

查看ip-link狀態：

HRP_M[FW1]disip-link

09:38:14  2014/07/24

num state timer***-instance     ip-address      interface-name  mode vgmp  next-hop      

1   up    3                      100.100.100.100GE0/0/1         icmp  master

HRP_S[FW2]disip-link

09:38:21  2014/07/24

num state timer***-instance     ip-address      interface-name  mode vgmp  next-hop      

1   up   3                     100.100.100.100 GE0/0/1        icmp  slave

----------------------------------------------------------------------------------------------------------------

當服fw1的G0/0/1或G0/0/0失效後，hrp主備切換。

HRP_M[FW1]intg0/0/1

HRP_M[FW1-GigabitEthernet0/0/1]shutdown

HRP_S[FW1-GigabitEthernet0/0/1]dis hrp state

10:30:25  2014/07/24

The firewall's config state is: SLAVE

Current state of interfaces tracked by master:

             GigabitEthernet0/0/0 : up  

             GigabitEthernet0/0/1 : down

HRP_M[FW2]display hrp state

10:30:56  2014/07/24

The firewall's config state is: MASTER

Current state of interfaces tracked by slave:

             GigabitEthernet0/0/0 : up  

             GigabitEthernet0/0/1 : up  

----------------------------------------------------------------------------------

當到達outside路由器100.100.100.100地址失效後，ip-link檢查失效，hrp主備切換。

[Outside-LoopBack0]intg0/0/0

[Outside-GigabitEthernet0/0/0]shutdown     （到達100.100.100.100不通，ip-link檢查失效）

HRP_S[FW1]display hrp state

10:34:28  2014/07/24

The firewall's config state is: SLAVE

Current state of interfaces tracked by master:

             GigabitEthernet0/0/0 : up  

             GigabitEthernet0/0/1 : up  

HRP_M[FW2]display hrp state

10:34:46  2014/07/24

The firewall's config state is: MASTER

Current state of interfaces tracked by slave:

             GigabitEthernet0/0/0 : up  

             GigabitEthernet0/0/1 : up  

HRP_S[FW1]dis ip-link

11:06:44  2014/07/24

num state timer***-instance     ip-address      interface-name  mode vgmp  next-hop      

1   down 3                     100.100.100.100 GE0/0/1        icmp  master

HRP_M[FW2]dis ip-link

11:07:03  2014/07/24

num state timer***-instance     ip-address      interface-name  mode vgmp  next-hop      

1   up   3                     100.100.100.100 GE0/0/1        icmp  slave