乾颐堂 发表于 2023-10-12 18:42:02

华为防火墙双机热备实验系列六:配置上行路由器 下行交换机(负载分担)

https://editor-material.365editor.com/style/20230220167686474063f2ece47a929material.gif

https://editor-user.365editor.com/98/85/4933185/1697105060512762.png
设备配置:

6.1 FW1,FW2配置负载均衡
#FW1

①指定为负载均衡模式

https://editor-user.365editor.com/98/85/4933185/1697105145167668.png
②监控业务接口G0/0/2

https://editor-user.365editor.com/98/85/4933185/1697105179894596.png

③创建VRRP 虚拟网关IP,G0/0/1为254的主,253的备

https://editor-user.365editor.com/98/85/4933185/1697105209710119.png
④指定心跳线

https://editor-user.365editor.com/98/85/4933185/1697105245613744.png

⑤启用快速会话同步

https://editor-user.365editor.com/98/85/4933185/1697105289531573.png

#FW2

https://editor-user.365editor.com/98/85/4933185/169710532415623.png

6.2 FW1,FW2,ISP2配置BFD1.ISP2

①启用bfd

https://editor-user.365editor.com/98/85/4933185/16971054045423.png

②指定对端探测地址

https://editor-user.365editor.com/98/85/4933185/1697105433928007.png

③本地标识20,远端标识10

https://editor-user.365editor.com/98/85/4933185/1697105459314935.png

④本地标识40,远端30

https://editor-user.365editor.com/98/85/4933185/1697105485243333.png

2.FW1

①启用bfd

https://editor-user.365editor.com/98/85/4933185/1697105532889825.png

②指定远端探测地址

https://editor-user.365editor.com/98/85/4933185/1697105555824069.png

③本地标识10,远端标识20

https://editor-user.365editor.com/98/85/4933185/1697105573422134.png

④关联HRP

https://editor-user.365editor.com/98/85/4933185/169710559694991.png

⑤启用HRP

https://editor-user.365editor.com/98/85/4933185/1697105616455901.png

3.FW2

https://editor-user.365editor.com/98/85/4933185/1697105646329596.png


6.3 安全策略放行安全区域trust到untrust的流量
https://editor-user.365editor.com/98/85/4933185/169710566495732.png

测试现象:


①查看HRP状态,均为active,253和254网关负载均衡。
https://editor-user.365editor.com/98/85/4933185/1697018200387188.png
https://editor-user.365editor.com/98/85/4933185/1697018207141028.png
②PC1和PC2分别配置253和254网关。
https://editor-user.365editor.com/98/85/4933185/1697105726282141.png
③ISP2上查看路由表,下一跳21.1.1.10和22.1.1.20均可到达目的10.1.1.0/24网段
https://editor-user.365editor.com/98/85/4933185/1697105745418057.png
④断开FW1和ISP1的链路,网络短暂的断开后恢复正常,是因为FW2的接口的虚拟IP254从standby变为active状态,而走253网关的设备未受影响。
https://editor-user.365editor.com/98/85/4933185/1697105769352722.pnghttps://editor-user.365editor.com/98/85/4933185/169710577487709.png
https://editor-material.365editor.com/style/20230220167686474063f2ece49a3d3material.gifhttps://editor-material.365editor.com/style/20230220167686474063f2ece4b7c43material.gif

lyx_liyuxing 发表于 2023-10-27 09:55:57

厉害{:6_267:}{:6_267:}{:6_267:}
页: [1]
查看完整版本: 华为防火墙双机热备实验系列六:配置上行路由器 下行交换机(负载分担)