(1).Keepalived概述
keepalived 是一个类似于 layer3, 4 & 5 交换机制的软件,也就是我们平时说的第 3 层、第 4 层和第 5层交换。 Keepalived 的作用是检测 web 服务器的状态,如果有一台 web 服务器死机,或工作出现故障,Keepalived 将检测到,并将有故障的 web 服务器从系统中剔除,当 web 服务器工作正常后 Keepalived 自动将web 服务器加入到服务器群中,这些工作全部自动完成,不需要人工干涉,需要人工做的只是修复故障的web 服务器。
(2).Keepalived工作原理
Layer3,4&5 工作在 IP/TCP 协议栈的 IP 层, TCP 层,及应用层,。
Layer3: Keepalived 使用 Layer3 的方式工作式时, Keepalived 会定期向服务器群中的服务器发送一个 ICMP 的数据包(即我们平时用的 Ping 程序) , 如果发现某台服务的 IP 地址没有激活,Keepalived 便报告这台服务器失效,并将它从服务器群中剔除,这种情况的典型例子是某台服务器被非法关机。 Layer3 的方式是以服务器的 IP 地址是否有效作为服务器工作正常与否的标准。
Layer4: 主要以 TCP 端口的状态来决定服务器工作正常与否。如 web server 的服务端口一般是80,如果 Keepalived 检测到 80 端口没有启动,则 Keepalived 将把这台服务器从服务器群中删除。
Layer5: Layer5 就是工作在具体的应用层了,比 Layer3,Layer4 要复杂一点,在网络上占用的带宽也要大一些。 Keepalived 将根据用户的设定检查服务器程序的运行是否正常,如果与用户的设定不相符,则 Keepalived 将把服务器从服务器群中剔除。
以上摘自百度百科:https://baike.baidu.com/item/Keepalived/10346758?fr=aladdin
(3).keepalived的作用
1.管理VIP使VIP在LVS之间漂移;
2.监控LVS分发器。运行在主分发器上的keepalived会以组播的形式向网络中宣告自身的存在,即告诉备用分发器一件事——主分发器是否还存活。当备用分发器在一个单位时间内收不到组播,备用分发器就会认为主分发器挂了,开始接手主分发器的工作,并将VIP分配给自己;
3.管理RS(真实服务器)。keepalived会每隔一个时间段去做一次类似访问的操作。探针elinks -dump http://[IP地址:端口号]
经典高可用web架构: LVS+keepalived+nginx+apache+php+eaccelerator(+nfs可选)
(4).实验环境
youxi1 192.168.5.100(VIP)、192.168.5.101(DIP) 主分发器
youxi2 192.168.5.100(VIP)、192.168.5.102(DIP) 备用分发器
youxi3 192.168.5.103 真实服务器1
youxi4 192.168.5.104 真实服务器2
(5).实验
keepalived下载地址:https://www.keepalived.org/download.html,下载完成后上传到主分发器youxi1和备用分发器youxi2
1)在主分发器youxi1上搭建keepalived+LVS-DR
安装ipvsadm,不需要配置VIP,要么本地源,要么epel源
[root@youxi1 ~]# yum -y install ipvsadm
安装keepalived的依赖包
[root@youxi1 ~]# yum -y install gcc openssl-devel libnfnetlink-devel libnl libnl3-devel
源码安装keepalived
[root@youxi1 ~]# tar zxf keepalived-1.4.5.tar.gz -C /usr/local/src/ [root@youxi1 ~]# cd /usr/local/src/keepalived-1.4.5/ [root@youxi1 keepalived-1.4.5]# ./configure --prefix=/usr/local/keepalived //最后会出现一下报表 Keepalived configuration ------------------------ Keepalived version : 1.4.5 Compiler : gcc Preprocessor flags : -I/usr/include/libnl3 Compiler flags : -Wall -Wunused -Wstrict-prototypes -Wextra -g -O2 -D_GNU_SOURCE -fPIE Linker flags : -pie Extra Lib : -lcrypto -lssl -lnl-genl-3 -lnl-3 Use IPVS Framework : Yes IPVS use libnl : Yes IPVS syncd attributes : No IPVS 64 bit stats : No fwmark socket support : Yes Use VRRP Framework : Yes Use VRRP VMAC : Yes Use VRRP authentication : Yes With ip rules/routes : Yes SNMP vrrp support : No SNMP checker support : No SNMP RFCv2 support : No SNMP RFCv3 support : No DBUS support : No SHA1 support : No Use Debug flags : No smtp-alert debugging : No Use Json output : No Stacktrace support : No Memory alloc check : No libnl version : 3 Use IPv4 devconf : No Use libiptc : No Use libipset : No init type : systemd Build genhash : Yes Build documentation : No [root@youxi1 keepalived-1.4.5]# make && make install [root@youxi1 keepalived-1.4.5]# echo $? 0
./configure产生的参数报表中:
Use IPVS Framework表示使用IPVS框架,即LVS的核心代码,如果不想使用LVS可以在./configure时指定--disable-lvs参数,这里就会显示NO了;
IPVS use libnl表示IPVS使用新版的libnl,libnl是NTTLINK的一个实现,其实就是支持IPv6的LVS;
Use VRRP Framework表示使用VRRP框架,这是必须的,是keepalived的核心进程VRRPD;
生成启动脚本文件
[root@youxi1 keepalived-1.4.5]# cp keepalived/etc/init.d/keepalived /etc/init.d/ [root@youxi1 keepalived-1.4.5]# vim /etc/init.d/keepalived //也可以不改这一行,但需要新建一个参数文件,或将参数文件拷贝过去 . /usr/local/keepalived/etc/sysconfig/keepalived //第15行 [root@youxi1 keepalived-1.4.5]# chmod +x /etc/init.d/keepalived //做一个软链接给启动脚本文件使用 [root@youxi1 keepalived-1.4.5]# ln -s /usr/local/keepalived/sbin/keepalived /usr/sbin/ [root@youxi1 keepalived-1.4.5]# vim /usr/local/keepalived/etc/sysconfig/keepalived //修改参数文件 KEEPALIVED_OPTIONS="-D -f /usr/local/keepalived/etc/keepalived/keepalived.conf" //指向配置文件
修改配置文件etc/keepalived/keepalived.conf,keepalived配置文件参数详见:https://blog.csdn.net/mofiu/article/details/76644012
[root@youxi1 keepalived-1.4.5]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
#邮件功能一般没用
notification_email { #指定当keepalived出现问题时,发送邮件给哪些用户
root@localhost
}
notification_email_from root@localhost #指定发件人
smtp_server localhost #指定SMTP服务器地址
smtp_connect_timeout 30 #指定SMTP连接超时时间
router_id youxi1 #标识当前节点名称,不允许重复
}
vrrp_instance VI_1 { #定义一个实例,一个实例就是一个集群,实例名称VI_1可以更改
state MASTER #指定该节点为主节点
interface ens33 #指定VIP的网络接口
virtual_router_id 51 #指定VRRP组名,主节点和备用节点需要配置相同VRRP组名
priority 100 #优先级,范围1~254,数学数值比较,越大优先级越高。主节点优先级必须高于备用节点
advert_int 1 #组播信息发送间隔,单位秒,主节点备用节点必须设置一致
authentication { #设置验证信息,主节点备用节点必须设置一致
auth_type PASS #指定认证方法,PASS简单密码认证
auth_pass 1111 #指定认证所使用的密码,最多8位
}
virtual_ipaddress { #指定VIP,主节点备用节点必须一致
192.168.5.100
}
}
virtual_server 192.168.5.100 80 { #对VIP为192.168.5.100,端口号为80的服务器添加相关信息
delay_loop 6 #keepalived多长时间监测一次真实服务器,单位秒
lb_algo rr #LVS调度算法
lb_kind DR #LVS-DR模式
persistence_timeout 50 #同一个IP50秒内的请求都会发到同一个真实服务器,会影响rr算法调度,测试时可以注释掉
protocol TCP #4层协议
real_server 192.168.5.103 80 { #对IP为192.168.5.103,端口号为80的真实服务器添加相关信息
weight 1 #指定权重,默认为1
TCP_CHECK{
connect_timeout 3 #连接超时时间,默认5秒
nb_get_retry 3 #重试次数,默认1次
delay_before_retry 3 #重试时间间隔,默认1秒
connect_port 80 #监测端口号
}
}
real_server 192.168.5.104 80 { #对IP为192.168.5.104,端口号为80的真实服务器添加相关信息
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
启动keepalived,并设置开机自启
[root@youxi1 keepalived-1.4.5]# systemctl start keepalived.service
[root@youxi1 keepalived-1.4.5]# systemctl enable keepalived.service
Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
[root@youxi1 keepalived-1.4.5]# systemctl status keepalived.service
● keepalived.service - LVS and VRRP High Availability Monitor
Loaded: loaded (/usr/lib/systemd/system/keepalived.service; enabled; vendor preset: disabled)
Active: active (running) since 二 2019-07-23 16:40:45 CST; 14s ago
Main PID: 4645 (keepalived)
CGroup: /system.slice/keepalived.service
├─4645 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keep...
├─4646 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keep...
└─4647 /usr/local/keepalived/sbin/keepalived -D -f /usr/local/keep...
7月 23 16:40:52 youxi1 Keepalived_vrrp[4647]: Sending gratuitous ARP on ens...0
7月 23 16:40:52 youxi1 Keepalived_vrrp[4647]: Sending gratuitous ARP on ens...0
7月 23 16:40:52 youxi1 Keepalived_vrrp[4647]: Sending gratuitous ARP on ens...0
7月 23 16:40:52 youxi1 Keepalived_vrrp[4647]: Sending gratuitous ARP on ens...0
7月 23 16:40:54 youxi1 Keepalived_healthcheckers[4646]: TCP connection to [1...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: TCP connection to [1...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: Check on service [19...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: Removing service [19...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: Remote SMTP server [...
7月 23 16:40:57 youxi1 Keepalived_healthcheckers[4646]: SMTP alert successfu...
Hint: Some lines were ellipsized, use -l to show in full.
查看ipvsadm规则以及状态
[root@youxi1 keepalived-1.4.5]# ipvsadm -Ln IP Virtual Server version 1.2.1 (size=4096) Prot LocalAddress:Port Scheduler Flags -> RemoteAddress:Port Forward Weight ActiveConn InActConn TCP 192.168.5.100:80 rr persistent 50 [root@youxi1 keepalived-1.4.5]# systemctl status ipvsadm.service //并没有启动ipvsadm服务 ● ipvsadm.service - Initialise the Linux Virtual Server Loaded: loaded (/usr/lib/systemd/system/ipvsadm.service; disabled; vendor preset: disabled) Active: inactive (dead)
如果防火墙是开启状态,请添加端口号
[root@youxi1 keepalived-1.4.5]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success
2)在备用分发器youxi2上搭建keepalived+LVS-DR
和主分发器youxi1基本一样,只有在修改配置文件etc/keepalived/keepalived.conf时略有不同
[root@youxi2 keepalived-1.4.5]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
! Configuration File for keepalived
global_defs {
notification_email {
root@localhost
}
notification_email_from root@localhost
smtp_server localhost
smtp_connect_timeout 30
router_id youxi2 //修改
}
vrrp_instance VI_1 {
state BACKUP //修改
interface ens33
virtual_router_id 51
priority 90 //修改
advert_int 1
authentication {
auth_type PASS
auth_pass 1111
}
virtual_ipaddress {
192.168.5.100
}
}
virtual_server 192.168.5.100 80 {
delay_loop 6
lb_algo rr
lb_kind DR
persistence_timeout 50
protocol TCP
real_server 192.168.5.103 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.5.104 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
正常启动keepalived,并设置开机自启
[root@youxi2 keepalived-1.4.5]# systemctl start keepalived.service [root@youxi2 keepalived-1.4.5]# systemctl enable keepalived.service Created symlink from /etc/systemd/system/multi-user.target.wants/keepalived.service to /usr/lib/systemd/system/keepalived.service.
防火墙如果是开启状态记得添加端口号。注意:备用节点比主节点多添加一个vrrp协议规则(如果是iptables,那么就是iptables -A INPUT -p VRRP -j ACCEPT)。
[root@youxi2 keepalived-1.4.5]# firewall-cmd --permanent --zone=public --add-protocol=vrrp success [root@youxi2 keepalived-1.4.5]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success
3)测试VIP漂移
查看主节点和备用节点的ip地址
[root@youxi1 keepalived-1.4.5]# ip a sh dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e6:d6:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.101/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@youxi2 keepalived-1.4.5]# ip a sh dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:75:fa:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.5.102/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::5b8e:3731:3ac1:e7d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
停止主节点的keepalived,再查看主节点和备用节点IP
[root@youxi1 keepalived-1.4.5]# systemctl stop keepalived.service
[root@youxi1 keepalived-1.4.5]# ip a sh dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e6:d6:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.101/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@youxi2 keepalived-1.4.5]# ip a sh dev ens33
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:75:fa:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.5.102/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::5b8e:3731:3ac1:e7d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
测试完记得开启主节点youxi1的keepalived
4)搭建真实服务器1youix3
配置回环口lo:1为VIP
[root@youxi3 ~]# cd /etc/sysconfig/network-scripts/
[root@youxi3 network-scripts]# cp ifcfg-lo{,:1}
[root@youxi3 network-scripts]# vim ifcfg-lo:1
DEVICE=lo:1 //修改
IPADDR=192.168.5.100 //修改
NETMASK=255.255.255.255 //修改
#iNETWORK=127.0.0.0 //注释
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255 //注释
ONBOOT=yes
NAME=loopback
[root@youxi3 network-scripts]# systemctl restart network
[root@youxi3 network-scripts]# ip a sh dev lo
1: lo: <LOOPBACK,UP,LOWER_UP> mtu 65536 qdisc noqueue state UNKNOWN group default qlen 1000
link/loopback 00:00:00:00:00:00 brd 00:00:00:00:00:00
inet 127.0.0.1/8 scope host lo
valid_lft forever preferred_lft forever
inet 192.168.5.100/32 brd 192.168.5.100 scope global lo:1
valid_lft forever preferred_lft forever
inet6 ::1/128 scope host
valid_lft forever preferred_lft forever
搭建一个简易的网页
[root@youxi3 network-scripts]# yum -y install httpd [root@youxi3 network-scripts]# systemctl start httpd.service [root@youxi3 network-scripts]# systemctl enable httpd.service Created symlink from /etc/systemd/system/multi-user.target.wants/httpd.service to /usr/lib/systemd/system/httpd.service. [root@youxi3 network-scripts]# echo youxi3 > /var/www/html/index.html
如果防火墙是开启状态,记得添加端口号
[root@youxi3 ~]# firewall-cmd --permanent --zone=public --add-port=80/tcp && firewall-cmd --reload success success
5)搭建真实服务器2youxi4
基本和搭建youxi3一样,只是index.html内容改为youxi4,方便测试。
6)测试
注释掉persistence_timeout参数,然后重启
在Windows上查看
停掉youxi1上的keepalived,再次查看,中间会有几秒的断开,
(6).实现keepalived两台服务器互为主从
在以上基础实现keepalived互为主从,添加另一个VIP192.168.5.105,这次youxi2作为Master,youxi1作为Backup。
在youxi1上修改配置文件,添加实例和对应主机,最后重启keepalived
[root@youxi1 ~]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
vrrp_instance VI_2 { #添加一个新的实例
state BACKUP #youxi1作为BACKUP
interface ens33
virtual_router_id 52 #VRRP组名IP
priority 90 #优先级要低于同实例的youxi2服务器
advert_int 1
authentication { #验证信息
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.5.105
}
}
virtual_server 192.168.5.105 80 { //添加一个实例对应的虚拟服务器
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.5.103 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.5.104 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@youxi1 ~]# systemctl restart keepalived.service //重启服务
在youxi2上修改配置文件,添加实例和对应主机,并重启服务
[root@youxi2 ~]# vim /usr/local/keepalived/etc/keepalived/keepalived.conf
vrrp_instance VI_2 {
state MASTER
interface ens33
virtual_router_id 52
priority 100
advert_int 1
authentication {
auth_type PASS
auth_pass 2222
}
virtual_ipaddress {
192.168.5.105
}
}
virtual_server 192.168.5.105 80 {
delay_loop 6
lb_algo rr
lb_kind DR
# persistence_timeout 50
protocol TCP
real_server 192.168.5.103 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
real_server 192.168.5.104 80 {
weight 1
TCP_CHECK{
connect_timeout 3
nb_get_retry 3
delay_before_retry 3
connect_port 80
}
}
}
[root@youxi2 ~]# systemctl restart keepalived.service
添加youxi3和youxi4的回环口lo:2了
[root@youxi3 ~]# cd /etc/sysconfig/network-scripts/
[root@youxi3 network-scripts]# cp ifcfg-lo{:1,:2}
[root@youxi3 network-scripts]# vim ifcfg-lo:2
DEVICE=lo:2
IPADDR=192.168.5.105
NETMASK=255.255.255.255
#iNETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@youxi3 network-scripts]# systemctl restart network
[root@youxi4 ~]# cd /etc/sysconfig/network-scripts/
[root@youxi4 network-scripts]# cp ifcfg-lo{:1,:2}
[root@youxi4 network-scripts]# vim ifcfg-lo:2
DEVICE=lo:2
IPADDR=192.168.5.105
NETMASK=255.255.255.255
#NETWORK=127.0.0.0
# If you're having problems with gated making 127.0.0.0/8 a martian,
# you can change this to something else (255.255.255.255, for example)
#BROADCAST=127.255.255.255
ONBOOT=yes
NAME=loopback
[root@youxi4 network-scripts]# systemctl restart network
如果防火墙开启,记得给youxi1添加vrrp协议通过
[root@youxi1 ~]# firewall-cmd --permanent --zone=public --add-protocol=vrrp && firewall-cmd --reload success success
这样就做成了主从了
[root@youxi1 ~]# ip a sh dev ens33 //youxi1上只有100,而没有105
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:e6:d6:27 brd ff:ff:ff:ff:ff:ff
inet 192.168.5.101/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.100/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link noprefixroute
valid_lft forever preferred_lft forever
[root@youxi2 ~]# ip a sh dev ens33 //youxi2上只有105,而没有100
2: ens33: <BROADCAST,MULTICAST,UP,LOWER_UP> mtu 1500 qdisc pfifo_fast state UP group default qlen 1000
link/ether 00:0c:29:75:fa:5d brd ff:ff:ff:ff:ff:ff
inet 192.168.5.102/24 brd 192.168.5.255 scope global noprefixroute ens33
valid_lft forever preferred_lft forever
inet 192.168.5.105/32 scope global ens33
valid_lft forever preferred_lft forever
inet6 fe80::5b8e:3731:3ac1:e7d7/64 scope link noprefixroute
valid_lft forever preferred_lft forever
inet6 fe80::201:7257:85b:7dc8/64 scope link tentative noprefixroute dadfailed
valid_lft forever preferred_lft forever
测试
(7).扩展:
VRRP是一种路由容错协议,也可以叫做备份路由协议。一个局域网络内的所有主机都设置缺省路由(默认网关),当网内主机发出的目的地址不在本网段时,报文将被通过缺省路由发往外部路由器,从而实现了主机与外部网络的通信。当缺省路由器down掉(即端口关闭)之后,内部主机将无法与外部通信,如果路由器设置了VRRP时,那么这时,虚拟路由将启用备份路由器,从而实现全网通信。
HSRP:热备份路由器协议(HSRP)的设计目标是支持特定情况下 IP 流量失败转移不会引起混乱、并允许主机使用单路由器,以及即使在实际第一跳路由器使用失败的情形下仍能维护路由器间的连通性。换句话说,当源主机不能动态知道第一跳路由器的 IP 地址时,HSRP 协议能够保护第一跳路由器不出故障,是CISCO的私有协议!该协议中含有多台路由器,对应一个HSRP组。该组中只有一个路由器承担转发用户流量的职责,这就是活动路由器。当活动路由器失效后,备份路由器将承担该职责,成为新的活动路由器。这就是热备份的原理。
HSRP和VRRP的区别:HSRP是cisco的专有协议.在Cisco的HSRP之后,internet工程任务小组(internet engineering task force,IETF)也制定一种路由冗余协议:虚拟路由冗余协议(Virtual Router Redundancy Protocol,VRRP),目前包括Csico在内的主流厂商均在其产品中支持VRRP协议!VRRP和HSRP也有很多不同。VRRP和HSRP 的一个主要的区别在安全方面:它允许参与VRRP组的设备间建立认证机制 。另一个主要区别 :VRRP中只有三种状态----初始状态(Initialize)、主状态(Master)、备份状态(Backup),而HSRP 有六种状态。其余在报文类型 、报文格式和通过TCP而非UDP发送的报文方面也有所不同