Network Working Group T. Li Request for Comments: 2281 Juniper Networks Category: Informational B. Cole Juniper Networks P. Morton Cisco Systems D. Li Cisco Systems March 1998
Network Working Group T. Li Request for Comments: 2281 Juniper Networks Category: Informational B. Cole Juniper Networks P. Morton Cisco Systems D. Li Cisco Systems March 1998
Cisco Hot Standby Router Protocol (HSRP)
Cisco热备用路由器协议(HSRP)
Status of this Memo
本备忘录的状况
This memo provides information for the Internet community. It does not specify an Internet standard of any kind. Distribution of this memo is unlimited.
本备忘录为互联网社区提供信息。它没有规定任何类型的互联网标准。本备忘录的分发不受限制。
Copyright Notice
版权公告
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
IESG Note
IESG注释
This document reflects an existing deployed protocol. The IETF does have a working group which is in the process of producing a standards track protocol to address the same issues.
本文档反映了现有的已部署协议。IETF确实有一个工作组,该工作组正在制定一个标准跟踪协议,以解决相同的问题。
Abstract
摘要
The memo specifies the Hot Standby Router Protocol (HSRP). The goal of the protocol is to allow hosts to appear to use a single router and to maintain connectivity even if the actual first hop router they are using fails. Multiple routers participate in this protocol and in concert create the illusion of a single virtual router. The protocol insures that one and only one of the routers is forwarding packets on behalf of the virtual router. End hosts forward their packets to the virtual router.
备忘录指定了热备用路由器协议(HSRP)。该协议的目标是允许主机看起来使用单个路由器,并在实际使用的第一跳路由器出现故障时保持连接。多个路由器参与此协议,并协同创建单个虚拟路由器的幻觉。该协议确保只有一个路由器代表虚拟路由器转发数据包。终端主机将其数据包转发到虚拟路由器。
The router forwarding packets is known as the active router. A standby router is selected to replace the active router should it fail. The protocol provides a mechanism for determining active and standby routers, using the IP addresses on the participating routers. If an active router fails a standby router can take over without a major interruption in the host's connectivity. This memo also discusses the ARP, MAC address, and security issues with this protocol.
转发数据包的路由器称为活动路由器。如果活动路由器出现故障,则选择备用路由器替换该路由器。该协议提供了一种使用参与路由器上的IP地址来确定主路由器和备用路由器的机制。如果活动路由器出现故障,备用路由器可以接管,而不会严重中断主机的连接。本备忘录还讨论了ARP、MAC地址和该协议的安全问题。
TABLE OF CONTENTS
目录
1 Introduction .............................................. 2 2 Conditions of Use ......................................... 3 3 Scope ..................................................... 4 3.1 Terminology ............................................... 4 4 Definitions ............................................... 4 5 Protocol .................................................. 4 5.1 Packet formats ............................................ 4 5.2 Operational parameters .................................... 7 5.3 States .................................................... 8 5.4 Timers .................................................... 9 5.5 Events .................................................... 9 5.6 Actions ................................................... 10 5.7 State Transitions.......................................... 11 6 MAC address considerations ................................ 13 6.1 General ................................................... 13 6.2 Address Filter ............................................ 14 6.3 ICMP Redirect ............................................. 14 6.4 Proxy ARP ................................................. 15 7 Security Considerations ................................... 15 8 References ................................................ 15 9 Authors' Addresses ........................................ 16 10 Full Copyright Statement .................................. 17
1 Introduction .............................................. 2 2 Conditions of Use ......................................... 3 3 Scope ..................................................... 4 3.1 Terminology ............................................... 4 4 Definitions ............................................... 4 5 Protocol .................................................. 4 5.1 Packet formats ............................................ 4 5.2 Operational parameters .................................... 7 5.3 States .................................................... 8 5.4 Timers .................................................... 9 5.5 Events .................................................... 9 5.6 Actions ................................................... 10 5.7 State Transitions.......................................... 11 6 MAC address considerations ................................ 13 6.1 General ................................................... 13 6.2 Address Filter ............................................ 14 6.3 ICMP Redirect ............................................. 14 6.4 Proxy ARP ................................................. 15 7 Security Considerations ................................... 15 8 References ................................................ 15 9 Authors' Addresses ........................................ 16 10 Full Copyright Statement .................................. 17
The Hot Standby Router Protocol, HSRP, provides a mechanism which is designed to support non-disruptive failover of IP traffic in certain circumstances. In particular, the protocol protects against the failure of the first hop router when the source host cannot learn the IP address of the first hop router dynamically. The protocol is designed for use over multi-access, multicast or broadcast capable LANs (e.g., Ethernet). HSRP is not intended as a replacement for existing dynamic router discovery mechanisms and those protocols should be used instead whenever possible [1]. A large class of legacy host implementations that do not support dynamic discovery are capable of configuring a default router. HSRP provides failover services to those hosts.
热备用路由器协议HSRP提供了一种机制,旨在支持特定情况下IP流量的无中断故障切换。特别是,当源主机无法动态地学习第一跳路由器的IP地址时,该协议可以防止第一跳路由器发生故障。该协议设计用于多址、多播或支持广播的局域网(如以太网)。HSRP并不打算取代现有的动态路由器发现机制,只要可能,就应该使用这些协议[1]。一大类不支持动态发现的旧式主机实现能够配置默认路由器。HSRP为这些主机提供故障切换服务。
All of the routers participating in HSRP are assumed to be running appropriate IP routing protocols and have a consistent set of routes. The discussion of which protocols are appropriate and whether routing is consistent in any given situation is beyond the scope of this specification.
所有参与HSRP的路由器都假定运行适当的IP路由协议,并且具有一组一致的路由。关于哪些协议是合适的以及路由在任何给定情况下是否一致的讨论超出了本规范的范围。
Using HSRP, a set of routers work in concert to present the illusion of a single virtual router to the hosts on the LAN. This set is known as an HSRP group or a standby group. A single router elected from the group is responsible for forwarding the packets that hosts send to the virtual router. This router is known as the active router. Another router is elected as the standby router. In the event that the active router fails, the standby assumes the packet forwarding duties of the active router. Although an arbitrary number of routers may run HSRP, only the active router forwards the packets sent to the virtual router.
使用HSRP,一组路由器协同工作,向LAN上的主机呈现单个虚拟路由器的幻觉。该组称为HSRP组或备用组。从组中选择的单个路由器负责转发主机发送到虚拟路由器的数据包。此路由器称为活动路由器。另一个路由器被选为备用路由器。如果主动路由器出现故障,备用路由器承担主动路由器的数据包转发职责。尽管任意数量的路由器可以运行HSRP,但只有活动路由器转发发送到虚拟路由器的数据包。
To minimize network traffic, only the active and the standby routers send periodic HSRP messages once the protocol has completed the election process. If the active router fails, the standby router takes over as the active router. If the standby router fails or becomes the active router, another router is elected as the standby router.
为了最小化网络流量,一旦协议完成选择过程,只有主路由器和备用路由器发送定期HSRP消息。如果活动路由器出现故障,备用路由器将作为活动路由器接管。如果备用路由器出现故障或成为活动路由器,则选择另一个路由器作为备用路由器。
On a particular LAN, multiple hot standby groups may coexist and overlap. Each standby group emulates a single virtual router. For each standby group, a single well-known MAC address is allocated to the group, as well as an IP address. The IP address SHOULD belong to the primary subnet in use on the LAN, but MUST differ from the addresses allocated as interface addresses on all routers and hosts on the LAN, including virtual IP addresses assigned to other HSRP groups.
在特定LAN上,多个热备用组可能共存并重叠。每个备用组模拟单个虚拟路由器。对于每个备用组,为该组分配一个已知的MAC地址和一个IP地址。IP地址应属于LAN上使用的主子网,但必须不同于LAN上所有路由器和主机上作为接口地址分配的地址,包括分配给其他HSRP组的虚拟IP地址。
If multiple groups are used on a single LAN, load splitting can be achieved by distributing hosts among different standby groups.
如果在单个LAN上使用多个组,则可以通过在不同的备用组之间分配主机来实现负载拆分。
The remainder of this specification discusses the operation of a single standby group. In the case of multiple groups, each group operates independently of other groups on the LAN and according to this specification. Note that individual routers may participate in multiple groups. In this case, the router maintains separate state and timers for each group.
本规范的其余部分讨论单个备用组的操作。在多个组的情况下,每个组独立于LAN上的其他组并根据本规范进行操作。请注意,单个路由器可能参与多个组。在这种情况下,路由器为每个组维护单独的状态和计时器。
2 Conditions of Use
2使用条件
US Patent number 5,473,599 [2], assigned to Cisco Systems, Inc. may be applicable to HSRP. If an implementation requires the use of any claims of patent no. 5,473,599, Cisco will license such claims on reasonable, nondiscriminatory terms for use in practicing the standard. More specifically, such license will be available for a one-time, paid up fee.
分配给Cisco Systems,Inc.的美国专利号5473599[2]可能适用于HSRP。如果实施需要使用第5473599号专利的任何权利要求,Cisco将以合理、非歧视性的条款许可此类权利要求,以便在实施本标准时使用。更具体地说,此类许可证将一次性付费提供。
3 Scope
3范围
This document describes the packets, messages, states, and events used to implement the protocol. It does not discuss network management or internal implementation issues.
本文档描述用于实现协议的数据包、消息、状态和事件。它不讨论网络管理或内部实施问题。
The language conventions of RFC 2119 [3] are used in this document.
本文件使用RFC 2119[3]的语言约定。
4 Definitions
4定义
Active Router - the router that is currently forwarding packets for the virtual router
活动路由器-当前正在为虚拟路由器转发数据包的路由器
Standby Router - the primary backup router
备用路由器-主备用路由器
Standby Group - the set of routers participating in HSRP that jointly emulate a virtual router
备用组-参与HSRP并共同模拟虚拟路由器的路由器集
Hello Time - the interval between successive HSRP Hello messages from a given router
Hello Time-来自给定路由器的连续HSRP Hello消息之间的间隔
Hold Time - the interval between the receipt of a Hello message and the presumption that the sending router has failed
保持时间-收到Hello消息和假定发送路由器失败之间的间隔
5 Protocol
5协议
Within a standby group, the routers periodically advertise state information using various messages.
在备用组中,路由器使用各种消息定期公布状态信息。
The standby protocol runs on top of UDP, and uses port number 1985. Packets are sent to multicast address 224.0.0.2 with TTL 1.
备用协议在UDP之上运行,并使用端口号1985。使用TTL 1将数据包发送到多播地址224.0.0.2。
Routers use their actual IP address as the source address for protocol packets, not the virtual IP address. This is necessary so that the HSRP routers can identify each other.
路由器使用其实际IP地址作为协议包的源地址,而不是虚拟IP地址。这是必要的,以便HSRP路由器能够相互识别。
The format of the data portion of the UDP datagram is:
UDP数据报的数据部分格式为:
1 2 3
1 2 3
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version | Op Code | State | Hellotime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Holdtime | Priority | Group | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Virtual IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 2 3 4 5 6 7 8 9 0 1 +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Version | Op Code | State | Hellotime | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Holdtime | Priority | Group | Reserved | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Authentication Data | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+ | Virtual IP Address | +-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+-+
Version: 1 octet
版本:1个八位组
The version of the HSRP messages. This document describes version 0.
HSRP消息的版本。本文档介绍版本0。
Op Code: 1 octet
操作码:1个八位组
The Op Code describes the type of message contained in this packet. Possible values are:
Op代码描述此数据包中包含的消息类型。可能的值为:
0 - Hello 1 - Coup 2 - Resign
0-你好1-政变2-辞职
Hello messages are sent to indicate that a router is running and is capable of becoming the active or standby router.
发送Hello消息以指示路由器正在运行,并且能够成为活动或备用路由器。
Coup messages are sent when a router wishes to become the active router.
当路由器希望成为活动路由器时,将发送Coup消息。
Resign messages are sent when a router no longer wishes to be the active router.
当路由器不再希望成为活动路由器时,将发送辞职消息。
State: 1 octet
状态:1个八位组
Internally, each router in the standby group implements a state machine. The State field describes the current state of the router sending the message. Details on the individual states are described below. Possible values are:
在内部,备用组中的每个路由器都实现一个状态机。状态字段描述发送消息的路由器的当前状态。下文介绍了各个州的详细情况。可能的值为:
0 - Initial 1 - Learn 2 - Listen 4 - Speak 8 - Standby 16 - Active
0-初始1-学习2-听4-说8-待机16-激活
Hellotime: 1 octet
Hellotime:1个八位组
This field is only meaningful in Hello messages. It contains the approximate period between the Hello messages that the router sends. The time is given in seconds.
此字段仅在Hello消息中有意义。它包含路由器发送的Hello消息之间的大致间隔时间。时间以秒为单位。
If the Hellotime is not configured on a router, then it MAY be learned from the Hello message from the active router. The Hellotime SHOULD only be learned if no Hellotime is configured and the Hello message is authenticated. A router that sends a Hello message MUST insert the Hellotime that it is using in the Hellotime field in the Hello message. If the Hellotime is not learned from a Hello message from the active router and it is not manually configured, a default value of 3 seconds is RECOMMENDED.
如果Hellotime未在路由器上配置,则可以从活动路由器的Hello消息中学习。只有在没有配置Hellotime并且Hello消息经过身份验证的情况下,才应该学习Hellotime。发送Hello消息的路由器必须在Hello消息的Hellotime字段中插入它正在使用的Hellotime。如果Hellotime未从活动路由器的Hello消息中学习,且未手动配置,则建议默认值为3秒。
Holdtime: 1 octet
保持时间:1个八位组
This field is only meaningful in Hello messages. It contains the amount of time that the current Hello message should be considered valid. The time is given in seconds.
此字段仅在Hello消息中有意义。它包含当前Hello消息应被视为有效的时间量。时间以秒为单位。
If a router sends a Hello message, then receivers should consider that Hello message to be valid for one Holdtime. The Holdtime SHOULD be at least three times the value of the Hellotime and MUST be greater than the Hellotime. If the Holdtime is not configured on a router, then it MAY be learned from the Hello message from the active router. The Holdtime SHOULD only be learned if the Hello message is authenticated. A router that sends a Hello message MUST insert the Holdtime that it is using in the Holdtime field in the Hello message.
如果路由器发送hello消息,那么接收方应考虑HELLO消息对于一个HOLD时间有效。保持时间应至少是Hellotime值的三倍,并且必须大于Hellotime。如果未在路由器上配置保持时间,则可以从活动路由器的Hello消息中学习保持时间。仅当Hello消息经过身份验证时,才应了解保持时间。发送Hello消息的路由器必须在Hello消息的Holdtime字段中插入它正在使用的Holdtime。
A router which is in active state MUST NOT learn new values for the Hellotime and the Holdtime from other routers, although it may continue to use values which it learned from the previous active router. It MAY also use the Hellotime and Holdtime values learned through manual configuration. The active router MUST NOT use one configured time and one learned time. If the Holdtime is not learned and it is not manually configured, a default value of 10 seconds is RECOMMENDED.
处于活动状态的路由器不得从其他路由器学习Hellotime和Holdtime的新值,尽管它可以继续使用从先前活动路由器学习的值。它还可以使用通过手动配置获得的Hellotime和Holdtime值。活动路由器不得使用一个配置时间和一个学习时间。如果未读入保持时间且未手动配置,则建议默认值为10秒。
Priority: 1 octet
优先级:1个八位组
This field is used to elect the active and standby routers. When comparing priorities of two different routers, the router with the numerically higher priority wins. In the case of routers with equal priority the router with the higher IP address wins.
此字段用于选择主路由器和备用路由器。当比较两个不同路由器的优先级时,优先级较高的路由器获胜。在同等优先级路由器的情况下,IP地址较高的路由器获胜。
Group: 1 octet
组:1个八隅体
This field identifies the standby group. For Token Ring, values between 0 and 2 inclusive are valid. For other media values between 0 and 255 inclusive are valid.
此字段标识备用组。对于令牌环,介于0和2之间(含0和2)的值是有效的。对于其他媒体,介于0和255(含0和255)之间的值有效。
Authentication Data: 8 octets
认证数据:8个八位字节
This field contains a clear-text 8 character reused password.
此字段包含一个8个字符的明文密码。
If no authentication data is configured, the RECOMMENDED default value is 0x63 0x69 0x73 0x63 0x6F 0x00 0x00 0x00.
如果未配置身份验证数据,建议的默认值为0x63 0x69 0x73 0x63 0x6F 0x00 0x00 0x00。
Virtual IP Address: 4 octets
虚拟IP地址:4个八位字节
The virtual IP address used by this group.
此组使用的虚拟IP地址。
If the virtual IP address is not configured on a router, then it MAY be learned from the Hello message from the active router. An address SHOULD only be learned if no address was configured and the Hello message is authenticated.
如果虚拟IP地址未在路由器上配置,则可以从活动路由器的Hello消息中学习该地址。只有在未配置地址且Hello消息经过身份验证的情况下,才应读入地址。
The following information MUST be known to each router in the standby group. The mechanisms used to determine this information are outside of the scope of this document.
备用组中的每个路由器都必须知道以下信息。用于确定此信息的机制不在本文件范围内。
Standby group number
备用组号
Virtual MAC address
虚拟MAC地址
Priority
优先事项
Authentication Data
认证数据
Hellotime
Hellotime
Holdtime
保持时间
The following information MUST be known to at least one router in each standby group and MAY be known by any of the other routers in the group.
以下信息必须为每个备用组中的至少一个路由器所知,并且可能为组中的任何其他路由器所知。
Virtual IP Address
虚拟IP地址
The following information MAY be configured on any router:
可在任何路由器上配置以下信息:
Preemption capability
抢占能力
If a router has higher priority than the active router and preemption is configured, it MAY take over as the active router using a Coup message.
如果路由器的优先级高于活动路由器,并且配置了抢占,则它可能会使用Coup消息接管活动路由器。
Each router in the group participates in the protocol by implementing a simple state machine. This specification describes the externally visible behavior of this state machine. Implementations MAY vary their internal implementations within the functional description of the state machine.
组中的每个路由器通过实现一个简单的状态机参与协议。本规范描述此状态机的外部可见行为。在状态机的功能描述中,实现可能会改变其内部实现。
All routers begin in the Initial state. This section discusses the intent of each state. For specific details on the actions taken in each state, please see the state transition table in section 5.7.
所有路由器都以初始状态开始。本节讨论每个州的意图。有关在每个州采取的行动的具体细节,请参见第5.7节中的州过渡表。
1. Initial
1. 最初的
This is the starting state and indicates that HSRP is not running. This state is entered via a configuration change or when an interface first comes up.
这是启动状态,表示HSRP未运行。此状态是通过配置更改或第一次出现接口时进入的。
2. Learn
2. 学
The router has not determined the virtual IP address, and not yet seen an authenticated Hello message from the active router. In this state the router is still waiting to hear from the active router.
路由器尚未确定虚拟IP地址,并且尚未看到来自活动路由器的经过身份验证的Hello消息。在这种状态下,路由器仍在等待来自活动路由器的消息。
3. Listen
3. 听
The router knows the virtual IP address, but is neither the active router nor the standby router. It listens for Hello messages from those routers.
路由器知道虚拟IP地址,但既不是活动路由器也不是备用路由器。它监听来自那些路由器的Hello消息。
4. Speak
4. 谈
The router sends periodic Hello messages and is actively participating in the election of the active and/or standby router. A router cannot enter Speak state unless it has the virtual IP address.
路由器定期发送Hello消息,并积极参与主动和/或备用路由器的选择。除非路由器具有虚拟IP地址,否则无法进入Speak状态。
5. Standby
5. 备用物品
The router is a candidate to become the next active router and sends periodic Hello messages. Excluding transient conditions, there MUST be at most one router in the group in Standby state.
路由器是成为下一个活动路由器的候选路由器,并定期发送Hello消息。不包括瞬态条件,组中最多必须有一个路由器处于待机状态。
6. Active
6. 忙碌的
The router is currently forwarding packets that are sent to the group's virtual MAC address. The router sends periodic Hello messages. Excluding transient conditions, there MUST be at most one router in Active state in the group.
路由器当前正在转发发送到组的虚拟MAC地址的数据包。路由器定期发送Hello消息。排除瞬态条件,组中最多必须有一个处于活动状态的路由器。
Each router maintains three timers, an Active timer, a Standby timer, and a Hello timer.
每个路由器维护三个计时器,一个活动计时器、一个备用计时器和一个Hello计时器。
The Active timer is used to monitor the active router. The active timer is started anytime an authenticated Hello message is seen from the active router. It is set to expire in the Holdtime seen in the Hello message.
活动计时器用于监视活动路由器。只要从活动路由器看到经过身份验证的Hello消息,活动计时器就会启动。它设置为在Hello消息中显示的等待时间内过期。
The Standby timer is used to monitor the standby router The Standby timer is started anytime an authenticated Hello message is seen from the standby router. It is set to expire in the Holdtime seen in the Hello message.
备用定时器用于监控备用路由器。只要从备用路由器看到经过身份验证的Hello消息,备用定时器就会启动。它设置为在Hello消息中显示的等待时间内过期。
The Hello timer expires once per Hellotime period. If the router is in Speak, Standby, or Active states, it should generate a Hello message upon Hello timer expiry. The Hello timer MUST be jittered.
Hello计时器在每个Hellotime期间过期一次。如果路由器处于通话、待机或活动状态,它应该在Hello定时器到期时生成Hello消息。Hello计时器必须抖动。
These are the events in the HSRP finite state machine.
这些是HSRP有限状态机中的事件。
a - HSRP is configured on an enabled interface.
在启用的接口上配置-HSRP。
b - HSRP is disabled on an interface or the interface is disabled.
b-接口上的HSRP被禁用或接口被禁用。
c - Active timer expiry. The Active timer was set to the Holdtime when the last Hello message was seen from the active router.
c-活动计时器到期。活动计时器设置为从活动路由器看到最后一条Hello消息时的保持时间。
d - Standby timer expiry. The Standby timer was set to the Holdtime when the last Hello message was seen from the standby router.
d-待机计时器到期。备用计时器设置为从备用路由器看到最后一条Hello消息时的保持时间。
e - Hello timer expiry. The periodic timer for sending Hello messages has expired.
你好,计时器过期了。发送Hello消息的定期计时器已过期。
f - Receipt of a Hello message of higher priority from a router in Speak state.
f-从处于Speak状态的路由器接收更高优先级的Hello消息。
g - Receipt of a Hello message of higher priority from the active router.
g-从活动路由器接收优先级更高的Hello消息。
h - Receipt of a Hello message of lower priority from the active router.
h-从活动路由器接收优先级较低的Hello消息。
i - Receipt of a Resign message from the active router.
i-从活动路由器接收辞职消息。
j - Receipt of a Coup message from a higher priority router.
j-从高优先级路由器接收政变消息。
k - Receipt of a Hello message of higher priority from the standby router.
k-从备用路由器接收更高优先级的Hello消息。
l - Receipt of a Hello message of lower priority from the standby router.
l-从备用路由器接收优先级较低的Hello消息。
This section specifies the actions to be taken as part of the state machine.
本节指定作为状态机的一部分要执行的操作。
A Start Active Timer If this action occurred as the result of the receipt of a an authenticated Hello message from the active router, the Active timer is set to the Holdtime field in the Hello message. Otherwise the Active timer is set to the current Holdtime value in use by this router. The Active timer is then started.
启动活动计时器如果此操作是由于从活动路由器收到经过身份验证的Hello消息而发生的,则活动计时器将设置为Hello消息中的Holdtime字段。否则,活动计时器将设置为此路由器使用的当前保持时间值。然后启动活动计时器。
B Start Standby Timer If this action occurred as the result of the receipt of an authenticated Hello message from the standby router, the Standby timer is set to the Holdtime field in the Hello message. Otherwise the Standby timer is set to the current hold time value in use by this router. The Standby timer is then started.
B启动备用计时器如果此操作是由于从备用路由器收到经过身份验证的Hello消息而发生的,则备用计时器将设置为Hello消息中的Holdtime字段。否则,备用定时器设置为该路由器使用的当前保持时间值。然后启动待机计时器。
C Stop Active Timer The Active timer is stopped.
C停止活动计时器活动计时器停止。
D Stop Standby Timer The Standby timer is stopped.
D停止待机计时器待机计时器停止。
E Learn Parameters This action is taken when an authenticated message is received from the active router. If the virtual IP address for this group was not manually configured, the virtual IP address MAY be learned from the message. The router MAY learn Hellotime and Holdtime values from the message.
E Learn Parameters当从活动路由器接收到经过身份验证的消息时,将执行此操作。如果未手动配置此组的虚拟IP地址,则可以从消息中了解虚拟IP地址。路由器可以从消息中学习Hellotime和Holdtime值。
F Send Hello Message The router sends a Hello message with its current State, Hellotime and Holdtime.
F发送Hello消息路由器发送一条Hello消息,其中包含其当前状态、Hellotime和Holdtime。
G Send Coup Message The router sends a Coup message to inform the active router that there is a higher priority router available.
G发送政变消息路由器发送政变消息,通知活动路由器有更高优先级的路由器可用。
H Send Resign Message The router sends a Resign message to allow another router to become the active router.
H发送辞职消息路由器发送辞职消息以允许另一路由器成为活动路由器。
I Send Gratuitous ARP Message The router broadcasts an ARP response packet advertising the group's virtual IP address and virtual MAC address. The packet is sent using the virtual MAC address as the source MAC address in the link layer header, as well as within the ARP packet.
我发送免费的ARP消息,路由器广播ARP响应包,公布组的虚拟IP地址和虚拟MAC地址。使用虚拟MAC地址作为链路层报头中以及ARP数据包内的源MAC地址发送数据包。
This table describes the state transitions of the state machine. For each event and current state of the router, the router MUST perform the set of actions specified and transition to the designated state. If no action is specified, no action should be taken. If no state change is specified, no state change should be performed.
此表描述了状态机的状态转换。对于路由器的每个事件和当前状态,路由器必须执行指定的一组操作并转换到指定状态。如果未指定任何操作,则不应采取任何操作。如果未指定状态更改,则不应执行状态更改。
The notation used in this table has the specified set of actions listed as letters corresponding to the actions listed in section 5.6. The next state is listed as a number as specified in section 5.3. A slash ('/') separates the actions and states. Certain state transitions have alternatives which depend on external state. Alternatives are separated by a '|'. See the attached notes for details on these transitions.
本表中使用的符号具有与第5.6节中列出的动作相对应的一组指定动作。下一个状态列为第5.3节规定的数字。斜线(“/”)分隔动作和状态。某些状态转换具有依赖于外部状态的备选方案。备选方案之间用“|”分隔。有关这些转换的详细信息,请参见随附的注释。
States +-----+----------+----------+----------+----------+----------+----------+ | | 1 | 2 | 3 | 4 | 5 | 6 | | | Initial | Learn | Listen | Speak | Standby | Active | +-----+----------+----------+----------+----------+----------+----------+ |Event| | +-----+----------+----------+----------+----------+----------+----------+ | a | AB/2|3+ | | | | | | +-----+----------+----------+----------+----------+----------+----------+ | b | | CD/1 | CD/1 | CD/1 | CD/1 | CDH/1 | +-----+----------+----------+----------+----------+----------+----------+ | c | | | AB/4 | | CDFI/6 | | +-----+----------+----------+----------+----------+----------+----------+ | d | | | B/4 | D/5 | | | +-----+----------+----------+----------+----------+----------+----------+ | e | | | | F | F | F | +-----+----------+----------+----------+----------+----------+----------+ | f | | | | B/3 | B/3 | | +-----+----------+----------+----------+----------+----------+----------+ | g | | EAB/3 | EA | EA | EA | AB/4 | +-----+----------+----------+----------+----------+----------+----------+ | h | | EAB/3 | A|BGFI/6*| A|BGFI/6*| A|BGFI/6*| G | +-----+----------+----------+----------+----------+----------+----------+ | i | | | AB/4 | A | CFI/6 | | +-----+----------+----------+----------+----------+----------+----------+ | j | | | | | | ABH/4 | +-----+----------+----------+----------+----------+----------+----------+ | k | | | B | B/3 | B/3 | B | +-----+----------+----------+----------+----------+----------+----------+ | l | | | B/4 | D/5 | | B | +-----+----------+----------+----------+----------+----------+----------+
States +-----+----------+----------+----------+----------+----------+----------+ | | 1 | 2 | 3 | 4 | 5 | 6 | | | Initial | Learn | Listen | Speak | Standby | Active | +-----+----------+----------+----------+----------+----------+----------+ |Event| | +-----+----------+----------+----------+----------+----------+----------+ | a | AB/2|3+ | | | | | | +-----+----------+----------+----------+----------+----------+----------+ | b | | CD/1 | CD/1 | CD/1 | CD/1 | CDH/1 | +-----+----------+----------+----------+----------+----------+----------+ | c | | | AB/4 | | CDFI/6 | | +-----+----------+----------+----------+----------+----------+----------+ | d | | | B/4 | D/5 | | | +-----+----------+----------+----------+----------+----------+----------+ | e | | | | F | F | F | +-----+----------+----------+----------+----------+----------+----------+ | f | | | | B/3 | B/3 | | +-----+----------+----------+----------+----------+----------+----------+ | g | | EAB/3 | EA | EA | EA | AB/4 | +-----+----------+----------+----------+----------+----------+----------+ | h | | EAB/3 | A|BGFI/6*| A|BGFI/6*| A|BGFI/6*| G | +-----+----------+----------+----------+----------+----------+----------+ | i | | | AB/4 | A | CFI/6 | | +-----+----------+----------+----------+----------+----------+----------+ | j | | | | | | ABH/4 | +-----+----------+----------+----------+----------+----------+----------+ | k | | | B | B/3 | B/3 | B | +-----+----------+----------+----------+----------+----------+----------+ | l | | | B/4 | D/5 | | B | +-----+----------+----------+----------+----------+----------+----------+
Notes
笔记
+ If the virtual IP address is configured, set state 3 (Listen) If the virtual IP address is not configured, set state 2 (Learn). In either case do actions A and B.
+ 如果已配置虚拟IP地址,请设置状态3(侦听)。如果未配置虚拟IP地址,请设置状态2(学习)。在任何一种情况下,都要执行动作A和B。
* If the router is configured to preempt do actions B, G, F, and I and set state to 6 (Active). If the router is not configured to preempt do actions A with no state change.
* 如果路由器配置为抢占执行操作B、G、F和I,并将状态设置为6(活动)。如果路由器未配置为抢占,则执行无状态更改的操作。
6 MAC Address Considerations
6 MAC地址注意事项
Each HSRP group has an associated well known virtual MAC address. On token ring networks, these addresses are actually functional addresses. The three addresses 0xC0 0x00 0x00 0x01 0x00 0x00, 0xC0 0x00 0x00 0x02 0x00 0x00, and 0xC0 0x00 0x00 0x04 0x00 0x00 correspond to groups 0, 1, and 2 respectively.
每个HSRP组都有一个相关的已知虚拟MAC地址。在令牌环网上,这些地址实际上是功能地址。三个地址0xC0 0x00 0x00 0x01 0x00 0x00、0xC0 0x00 0x00 0x02 0x00 0x00和0xC0 0x00 0x00 0x04 0x00 0x00 0x00分别对应于组0、1和2。
On other media, the virtual MAC addresses are 0x00 0x00 0x0C 0x07 0xAC XX where XX represents the HSRP group number. Routers which implement HSRP SHOULD use well-known HSRP MAC addresses as the group's virtual MAC address whenever possible.
在其他介质上,虚拟MAC地址为0x00 0x00 0x0C 0x07 0xAC XX,其中XX表示HSRP组号。实施HSRP的路由器应尽可能使用众所周知的HSRP MAC地址作为组的虚拟MAC地址。
The active router MUST accept and forward traffic that is destined for the group's virtual MAC address. It MUST stop accepting or forwarding such traffic when the router leaves the Active state.
活动路由器必须接受并转发以组的虚拟MAC地址为目的地的流量。当路由器离开活动状态时,它必须停止接受或转发此类流量。
If and only if the router is in the Active state, the router MUST use the group's virtual MAC address as the source MAC address for its Hello messages. This is necessary in order to allow learning bridges to be able to determine which LAN segment the virtual MAC address currently belongs to.
当且仅当路由器处于活动状态时,路由器必须使用组的虚拟MAC地址作为其Hello消息的源MAC地址。这是必要的,以便使学习网桥能够确定虚拟MAC地址当前属于哪个LAN段。
For each group, there is one virtual IP address and one virtual MAC address. This is a desirable situation, since the ARP table entries in the end stations do not need to change over time as the HSRP active router moves from one router to another.
对于每个组,都有一个虚拟IP地址和一个虚拟MAC地址。这是一种理想的情况,因为当HSRP活动路由器从一个路由器移动到另一个路由器时,终端站中的ARP表条目不需要随时间而改变。
Additionally, for HSRP to work in bridging environments, the bridges must be able to quickly update themselves as the virtual MAC address "moves". Although learning bridges typically are able to do this, some have been known to have problems with this. It is RECOMMENDED that only true learning bridges be used with HSRP.
此外,为了使HSRP在桥接环境中工作,桥接器必须能够在虚拟MAC地址“移动”时快速更新自身。虽然学习桥通常能够做到这一点,但一些人已经知道在这方面存在问题。建议HSRP仅使用真正的学习桥梁。
The movement of the virtual MAC address can cause further undesirable side effects in environments where additional state is tied to the MAC address. For example on Token Ring, if Source Route Bridging is in use, a RIF will be stored with the virtual MAC address in a host's RIF cache. The RIF indicates the path and final ring used to reach the MAC address. As routers transition into Active state, they will not be able to affect the RIF caches on the hosts on the bridged ring. This may lead to packets being bridged to the ring for the previous active router.
在附加状态与MAC地址绑定的环境中,虚拟MAC地址的移动可能导致进一步的不良副作用。例如,在令牌环上,若正在使用源路由桥接,RIF将和虚拟MAC地址一起存储在主机的RIF缓存中。RIF指示用于到达MAC地址的路径和最终环。当路由器转换到活动状态时,它们将无法影响桥接环上主机上的RIF缓存。这可能导致数据包被桥接到先前活动路由器的环。
In such circumstances, a router MAY use its normal MAC addresses as the virtual MAC address. This method of operation is strongly discouraged. In this mode, the virtual IP address will map to a different MAC address over time. This can create problems for end stations, since ARP tables assume a relatively static mapping between MAC address and IP address. These ARP tables are normally updated when the end stations receive the gratuitous ARP responses generated by a router that enters the active state.
在这种情况下,路由器可以使用其正常MAC地址作为虚拟MAC地址。强烈反对这种操作方法。在此模式下,虚拟IP地址将随时间映射到不同的MAC地址。这会给终端站带来问题,因为ARP表假定MAC地址和IP地址之间存在相对静态的映射。这些ARP表通常在终端站接收到由进入活动状态的路由器生成的免费ARP响应时更新。
As noted, routers currently emulating a virtual router adopt their group's MAC and IP addresses. MAC addresses are typically provided in an address filter or 'list' of MAC addresses in a router's interface controller. It is desirable for routers to be able to add one or more virtual MAC addresses to their controllers' MAC address filter while maintaining their primary MAC addresses.
如前所述,目前模拟虚拟路由器的路由器采用其组的MAC和IP地址。MAC地址通常在路由器接口控制器中的地址过滤器或MAC地址“列表”中提供。路由器希望能够在保持其主MAC地址的同时,将一个或多个虚拟MAC地址添加到其控制器的MAC地址过滤器中。
Unfortunately, some interface controllers support address filtering for only one unicast MAC address. Or, in the case of Token Ring, the functional address which HSRP should use is already in use for some other protocol. In these cases, such routers can still implement HSRP, but the protocol must change the interface's primary MAC address when assuming or relinquishing control as the active router.
不幸的是,一些接口控制器只支持一个单播MAC地址的地址过滤。或者,在令牌环的情况下,HSRP应该使用的功能地址已经用于某些其他协议。在这些情况下,这样的路由器仍然可以实现HSRP,但协议必须在假定或放弃作为活动路由器的控制时更改接口的主MAC地址。
This is potentially problematic because some traffic may otherwise wish to use the router's primary MAC address. However, the problem MAY be mitigated by having the router send out gratuitous ARP packets regarding its non-HSRP IP addresses. Through this, other network entities using IP should update their ARP tables to reflect that the router is now using a group virtual MAC address rather than its primary MAC address.
这可能是有问题的,因为有些流量可能希望使用路由器的主MAC地址。然而,可以通过让路由器发送关于其非HSRP IP地址的免费ARP分组来缓解该问题。通过这种方式,使用IP的其他网络实体应该更新其ARP表,以反映路由器现在使用的是组虚拟MAC地址,而不是其主MAC地址。
Some protocols may not be able to run simultaneously with the standby protocol due to the interface primary MAC address change. For example, DECnet phase IV and HSRP will not be able to run at the same time on some equipment.
由于接口主MAC地址更改,某些协议可能无法与备用协议同时运行。例如,DECnet第四阶段和HSRP将无法在某些设备上同时运行。
While running HSRP, it is important to prevent the host from discovering the primary MAC addresses of the routers in its standby group. Thus, any protocol that informs a host of a router's primary address should be disabled. Thus, routers participating in HSRP on an interface MUST NOT send ICMP redirects on that interface.
在运行HSRP时,重要的是防止主机发现其备用组中路由器的主MAC地址。因此,任何通知主机路由器主地址的协议都应该被禁用。因此,在接口上参与HSRP的路由器不得在该接口上发送ICMP重定向。
Typically, hosts learn the HSRP virtual IP address through the configuration of their default router. These hosts then send packets for destinations outside of the LAN to the virtual IP address. In some environments, hosts may instead make use of proxy ARP in order to route off of the LAN. In this case, the hosts use the MAC address that is supplied in proxy ARP responses. HSRP functionality is maintained if the proxy ARP responses specify the HSRP virtual MAC address.
通常,主机通过配置其默认路由器来学习HSRP虚拟IP地址。然后,这些主机将LAN之外的目的地的数据包发送到虚拟IP地址。在某些环境中,主机可能会转而使用代理ARP来路由出LAN。在这种情况下,主机使用代理ARP响应中提供的MAC地址。如果代理ARP响应指定HSRP虚拟MAC地址,则保持HSRP功能。
If an HSRP router is configured to support proxy ARP with HSRP, then the router MUST specify the HSRP virtual MAC address in any proxy ARP responses it generates. These proxy ARP responses MUST not be suppressed based upon HSRP state. Suppression based upon state could result in lack of any proxy ARP response being generated, since these proxy ARP responses may be suppressed due to other reasons, such as split-horizon rules.
如果HSRP路由器配置为支持带有HSRP的代理ARP,则路由器必须在其生成的任何代理ARP响应中指定HSRP虚拟MAC地址。不得基于HSRP状态抑制这些代理ARP响应。基于状态的抑制可能导致缺少生成的任何代理ARP响应,因为这些代理ARP响应可能由于其他原因而被抑制,例如分割地平线规则。
This protocol does not provide security. The authentication field found within the message is useful for preventing misconfiguration. The protocol is easily subverted by an active intruder on the LAN. This can result in a packet black hole and a denial-of-service attack. It is difficult to subvert the protocol from outside the LAN as most routers will not forward packets addressed to the all-routers multicast address (224.0.0.2).
此协议不提供安全性。消息中的身份验证字段有助于防止错误配置。该协议很容易被局域网上的主动入侵者破坏。这可能导致数据包黑洞和拒绝服务攻击。很难从LAN外部破坏协议,因为大多数路由器不会将数据包转发到所有路由器的多播地址(224.0.0.2)。
[1] Deering, S., "ICMP Router Discovery Messages", RFC 1256, September 1991.
[1] Deering,S.,“ICMP路由器发现消息”,RFC 1256,1991年9月。
[2] United States Patent. Patent Number : 5,473,599. Standby Router Protocol. Date of Patent: Dec. 5, 1995.
[2] 美国专利。专利号:5473599。备用路由器协议。专利日期:1995年12月5日。
[3] Bradner, S., "Key words for use in RFCs to Indicate Requirement Levels", BCP 14, RFC 2119, March 1997.
[3] Bradner,S.,“RFC中用于表示需求水平的关键词”,BCP 14,RFC 2119,1997年3月。
Tony Li Juniper Networks, Inc. 3260 Jay St. Santa Clara, CA 95054
Tony Li Juniper Networks,Inc.加利福尼亚州圣克拉拉杰街3260号,邮编95054
Phone: (408) 327-1900 EMail: tli@juniper.net
电话:(408)327-1900电子邮件:tli@juniper.net
Bruce Cole Juniper Networks, Inc. 3260 Jay St. Santa Clara, CA 95054
Bruce Cole Juniper Networks,Inc.加利福尼亚州圣克拉拉杰街3260号,邮编95054
Phone: (408) 327-1900 EMail: cole@juniper.net
电话:(408)327-1900电子邮件:cole@juniper.net
Phil Morton Cisco Systems 170 Tasman Dr. San Jose, CA 95143
Phil Morton Cisco Systems 170加利福尼亚州圣何塞塔斯曼博士,邮编95143
Phone: (408) 526-7632 EMail: pmorton@cisco.com
电话:(408)526-7632电子邮件:pmorton@cisco.com
Dawn Li Cisco Systems 170 Tasman Dr. San Jose, CA 95143
Dawn Li Cisco Systems 170加利福尼亚州圣何塞塔斯曼博士95143
Phone: (408) 527-2014 EMail: dawnli@cisco.com
电话:(408)527-2014电子邮件:dawnli@cisco.com
Copyright (C) The Internet Society (1998). All Rights Reserved.
版权所有(C)互联网协会(1998年)。版权所有。
This document and translations of it may be copied and furnished to others, and derivative works that comment on or otherwise explain it or assist in its implementation may be prepared, copied, published and distributed, in whole or in part, without restriction of any kind, provided that the above copyright notice and this paragraph are included on all such copies and derivative works. However, this document itself may not be modified in any way, such as by removing the copyright notice or references to the Internet Society or other Internet organizations, except as needed for the purpose of developing Internet standards in which case the procedures for copyrights defined in the Internet Standards process must be followed, or as required to translate it into languages other than English.
本文件及其译本可复制并提供给他人,对其进行评论或解释或协助其实施的衍生作品可全部或部分编制、复制、出版和分发,不受任何限制,前提是上述版权声明和本段包含在所有此类副本和衍生作品中。但是,不得以任何方式修改本文件本身,例如删除版权通知或对互联网协会或其他互联网组织的引用,除非出于制定互联网标准的需要,在这种情况下,必须遵循互联网标准过程中定义的版权程序,或根据需要将其翻译成英语以外的其他语言。
The limited permissions granted above are perpetual and will not be revoked by the Internet Society or its successors or assigns.
上述授予的有限许可是永久性的,互联网协会或其继承人或受让人不会撤销。
This document and the information contained herein is provided on an "AS IS" basis and THE INTERNET SOCIETY AND THE INTERNET ENGINEERING TASK FORCE DISCLAIMS ALL WARRANTIES, EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO ANY WARRANTY THAT THE USE OF THE INFORMATION HEREIN WILL NOT INFRINGE ANY RIGHTS OR ANY IMPLIED WARRANTIES OF MERCHANTABILITY OR FITNESS FOR A PARTICULAR PURPOSE.
本文件和其中包含的信息是按“原样”提供的,互联网协会和互联网工程任务组否认所有明示或暗示的保证,包括但不限于任何保证,即使用本文中的信息不会侵犯任何权利,或对适销性或特定用途适用性的任何默示保证。