数据中心基于VRRP的二层架构

一、核心需求

• 为确保业务可靠性，建议部署冗余链路。当主用上行链路中断时，流量可自动切换至备用链路转发。

• 需同步采取措施避免冗余备份链路导致的环网问题，切实消除网络中的潜在环路隐患。

二、配置MSTP、创建实例

核心1

#
sysname HX1
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2
 instance 2 vlan 3
 instance 3 vlan 4
 instance 4 vlan 5
#

核心2

#
sysname HX2
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2
 instance 2 vlan 3
 instance 3 vlan 4
 instance 4 vlan 5
#

接入层配置以接入1为例

接入1

#
sysname JR1
#
stp region-configuration
 region-name RG1
 instance 1 vlan 2
 instance 2 vlan 3
 instance 3 vlan 4
 instance 4 vlan 5
#

三、配置实例的根桥、备份根桥

核心1

#
stp instance 1 root primary
stp instance 2 root secondary
stp instance 3 root primary
stp instance 4 root secondary
stp pathcost-standard legacy
#

核心2

#
stp instance 1 root secondary
stp instance 2 root primary
stp instance 3 root secondary
stp instance 4 root primary
stp pathcost-standard legacy
#

四、全设备是能stp

#
stp enable
#

五、配置根保护

各实例的根桥设备的指定端口配置根保护功能

以核心1为例

#
interface GE1/0/1
 description TO-JY1
 stp root-protection
#

六、配置二层转发

创建二层转发vlan

#
核心1/2
#
vlan batch 2-5
#
接入1
#
vlan batch 2
#
接入2
#
vlan batch 3
#
接入3
#
vlan batch 4
#
接入4
#
vlan batch 5
#

配置接口 接入vlan 同时增加vrrp配置

核心1

在核心层设备核心和核心2上创建VRRP备份组1，配置DeviceA的优先级为120，抢占延时为20秒，作为Master设备；DeviceB的优先级为缺省值，作为Backup设备。

在核心层设备核心1和核心2上创建VRRP备份组3，配置DeviceA的优先级为120，抢占延时为20秒，作为Master设备；DeviceB的优先级为缺省值，作为Backup设备。

<HX1>
#
interface Vlanif2
 ip address 10.1.2.102 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.2.100
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt timer delay 20
#
interface Vlanif3
 ip address 10.1.3.102 255.255.255.0
 vrrp vrid 2 virtual-ip 10.1.3.100
#
interface Vlanif4
 ip address 10.1.4.102 255.255.255.0
 vrrp vrid 3 virtual-ip 10.1.4.100
 vrrp vrid 3 priority 120
 vrrp vrid 3 preempt timer delay 20
#
interface Vlanif5
 ip address 10.1.5.102 255.255.255.0
 vrrp vrid 4 virtual-ip 10.1.5.100
#
interface GE1/0/1
 description TO-JY1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2
 stp root-protection
#
interface GE1/0/2
 description TO-JY2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3
#
interface GE1/0/3
 description TO-JY3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 4
 stp root-protection
#               
interface GE1/0/4
 description TO-JY4
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 5
#
interface GE1/0/10
 description TO-HX2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2 to 5
#

核心2

在核心层设备核心1和核心2上创建VRRP备份组2，配置DeviceB的优先级为120，抢占延时为20秒，作为Master设备；DeviceA的优先级为缺省值，作为Backup设备。

在核心层设备核心1和核心2上创建VRRP备份组4，配置DeviceB的优先级为120，抢占延时为20秒，作为Master设备；DeviceA的优先级为缺省值，作为Backup设备。

<HX2>dis cu interface 
#
interface Vlanif2
 ip address 10.1.2.103 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.2.100
#
interface Vlanif3
 ip address 10.1.3.103 255.255.255.0
 vrrp vrid 2 virtual-ip 10.1.3.100
 vrrp vrid 2 priority 120
 vrrp vrid 2 preempt timer delay 20
#
interface Vlanif4
 ip address 10.1.4.103 255.255.255.0
 vrrp vrid 3 virtual-ip 10.1.4.100
#
interface Vlanif5
 ip address 10.1.5.103 255.255.255.0
 vrrp vrid 4 virtual-ip 10.1.5.100
 vrrp vrid 4 priority 120
 vrrp vrid 4 preempt timer delay 20
#
interface GE1/0/1
#
interface GE1/0/2
 description TO-JY1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2
#
interface GE1/0/3
 description TO-JY2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 3
 stp root-protection
#
interface GE1/0/4
 description TO-JY3
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 4
#
interface GE1/0/5
 description TO-JY4
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 5
 stp root-protection
#
interface GE1/0/10
 description TO-HX1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2 to 5
#

接入1（接入层以接入1为例，详细配置见附件）

<JR1> 
#
interface MEth0/0/0
#
interface GE1/0/1
 description TO-HX1
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2
#
interface GE1/0/2
 description TO-HX2
 port link-type trunk
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 2
 stp instance 1 cost 20000
#

七、VRRP备份组查验

<HX1>dis vrrp verbose 
Vlanif2 | Virtual Router 1
State          : Master
Virtual IP     : 10.1.2.100
Master IP      : 10.1.2.102
PriorityRun    : 120
PriorityConfig : 120
MasterPriority : 120
Preempt        : YES   Delay Time : 20s   Remain : --
Hold Multiplier: 3
TimerRun       : 1s
TimerConfig    : 1s
Auth Type      : NONE
Virtual MAC    : 0000-5e00-0101
Check TTL      : YES
Config Type    : Normal
Backup-forward : disabled
Create Time       : 2026-04-04 01:37:14
Last Change Time  : 2026-04-04 01:47:29

Vlanif3 | Virtual Router 2
State          : Backup
Virtual IP     : 10.1.3.100
Master IP      : 10.1.3.103
PriorityRun    : 100
PriorityConfig : 100
MasterPriority : 120
Preempt        : YES   Delay Time : 0s   Remain : --
Hold Multiplier: 3
TimerRun       : 1s
TimerConfig    : 1s
Auth Type      : NONE
Virtual MAC    : 0000-5e00-0102
Check TTL      : YES
Config Type    : Normal
Backup-forward : disabled
Create Time       : 2026-04-04 01:39:30
Last Change Time  : 2026-04-04 02:10:18

Vlanif4 | Virtual Router 3
State          : Master
Virtual IP     : 10.1.4.100
Master IP      : 10.1.4.102
PriorityRun    : 120
PriorityConfig : 120
MasterPriority : 120
Preempt        : YES   Delay Time : 20s   Remain : --
Hold Multiplier: 3
TimerRun       : 1s
TimerConfig    : 1s
Auth Type      : NONE
Virtual MAC    : 0000-5e00-0103
Check TTL      : YES
Config Type    : Normal
Backup-forward : disabled
Create Time       : 2026-04-04 01:40:57
Last Change Time  : 2026-04-04 01:50:32

Vlanif5 | Virtual Router 4
State          : Backup
Virtual IP     : 10.1.5.100
Master IP      : 10.1.5.103
PriorityRun    : 100
PriorityConfig : 100
MasterPriority : 120
Preempt        : YES   Delay Time : 0s   Remain : --
Hold Multiplier: 3
TimerRun       : 1s
TimerConfig    : 1s
Auth Type      : NONE
Virtual MAC    : 0000-5e00-0104
Check TTL      : YES
Config Type    : Normal
Backup-forward : disabled
Create Time       : 2026-04-04 01:45:13
Last Change Time  : 2026-04-04 02:13:37

<HX2>dis vrrp verbose 
Vlanif2 | Virtual Router 1
State          : Backup
Virtual IP     : 10.1.2.100
Master IP      : 10.1.2.102
PriorityRun    : 100
PriorityConfig : 100
MasterPriority : 120
Preempt        : YES   Delay Time : 0s   Remain : --
Hold Multiplier: 3
TimerRun       : 1s
TimerConfig    : 1s
Auth Type      : NONE
Virtual MAC    : 0000-5e00-0101
Check TTL      : YES
Config Type    : Normal
Backup-forward : disabled
Create Time       : 2026-04-04 02:03:23
Last Change Time  : 2026-04-04 02:15:01

Vlanif3 | Virtual Router 2
State          : Master
Virtual IP     : 10.1.3.100
Master IP      : 10.1.3.103
PriorityRun    : 120
PriorityConfig : 120
MasterPriority : 120
Preempt        : YES   Delay Time : 20s   Remain : --
Hold Multiplier: 3
TimerRun       : 1s
TimerConfig    : 1s
Auth Type      : NONE
Virtual MAC    : 0000-5e00-0102
Check TTL      : YES
Config Type    : Normal
Backup-forward : disabled
Create Time       : 2026-04-04 02:03:23
Last Change Time  : 2026-04-04 02:10:31

Vlanif4 | Virtual Router 3
State          : Backup
Virtual IP     : 10.1.4.100
Master IP      : 10.1.4.102
PriorityRun    : 100
PriorityConfig : 100
MasterPriority : 120
Preempt        : YES   Delay Time : 0s   Remain : --
Hold Multiplier: 3
TimerRun       : 1s
TimerConfig    : 1s
Auth Type      : NONE
Virtual MAC    : 0000-5e00-0103
Check TTL      : YES
Config Type    : Normal
Backup-forward : disabled
Create Time       : 2026-04-04 02:04:25
Last Change Time  : 2026-04-04 03:03:42

Vlanif5 | Virtual Router 4
State          : Master
Virtual IP     : 10.1.5.100
Master IP      : 10.1.5.103
PriorityRun    : 120
PriorityConfig : 120
MasterPriority : 120
Preempt        : YES   Delay Time : 20s   Remain : --
Hold Multiplier: 3
TimerRun       : 1s
TimerConfig    : 1s
Auth Type      : NONE
Virtual MAC    : 0000-5e00-0104
Check TTL      : YES
Config Type    : Normal
Backup-forward : disabled
Create Time       : 2026-04-04 02:05:16
Last Change Time  : 2026-04-04 02:13:51

八、接口规划

|-----|-------------------------------------|----------|--------|
| 设备 | vlan IP | 接口 | 描述 |
| 核心1 | vlan2 IP：10.1.2.102 vip：10.1.2.100 | GE1/0/1 | TO-JY1 |
| 核心1 | vlan3 IP：10.1.3.102 vip：10.1.3.100 | GE1/0/2 | TO-JY2 |
| 核心1 | vlan3 IP：10.1.4.102 vip：10.1.4.100 | GE1/0/3 | TO-JY3 |
| 核心1 | vlan4 IP：10.1.5.102 vip :10.1.5.100 | GE1/0/4 | TO-JY4 |
| 核心1 | vlan2-5 | GE1/0/10 | TO-HX2 |
| 核心2 | vlan2 IP：10.1.2.103 vip：10.1.2.100 | GE1/0/2 | TO-JY1 |
| 核心2 | vlan3 IP：10.1.3.103 vip：10.1.3.100 | GE1/0/3 | TO-JY2 |
| 核心2 | vlan3 IP：10.1.4.103 vip：10.1.4.100 | GE1/0/4 | TO-JY3 |
| 核心2 | vlan4 IP：10.1.5.103 vip :10.1.5.100 | GE1/0/5 | TO-JY4 |
| 核心2 | vlan2-5 | GE1/0/10 | TO-HX2 |
| 接入1 | vlan2 | GE1/0/1 | TO-HX1 |
| 接入1 | vlan2 | GE1/0/2 | TO-HX2 |
| 接入2 | vlan3 | GE1/0/2 | TO-HX1 |
| 接入2 | vlan3 | GE1/03 | TO-HX2 |
| 接入3 | vlan4 | GE1/0/3 | TO-HX1 |
| 接入3 | vlan4 | GE1/0/4 | TO-HX2 |
| 接入4 | vlan5 | GE1/0/4 | TO-HX1 |
| 接入4 | vlan5 | GE1/0/5 | TO-HX2 |