Operation Manual VRRP. Table of Contents

Similar documents
HP Load Balancing Module

HP VPN Firewall Appliances

H3C S5830V2 & S5820V2 Switch Series

Migrating from Cisco HSRP to industry standard VRRP

H3C Firewall Devices. High Availability Configuration Guide (Comware V7) Hangzhou H3C Technologies Co., Ltd.

H3C SecPath Series Firewalls and UTM Devices

Configuring VRRP. Finding Feature Information. The Virtual Router Redundancy Protocol (VRRP) is an election protocol that dynamically assigns

VRRPv3 Protocol Support

VRRP (Virtual Router Redundancy Protocol) Function Added

HP 6125 Blade Switch Series

HP 3600 v2 Switch Series

S Series Switch. Cisco HSRP Replacement. Issue 01. Date HUAWEI TECHNOLOGIES CO., LTD.

Chapter 32 VSRP Commands

Operation Manual ARP H3C S5500-SI Series Ethernet Switches. Table of Contents

AppDirector Redundancy Mechanism

Operation Manual DHCP. Table of Contents

HP Routing Switch Series

Table of Contents 1 IGMP Snooping Configuration 1-1

Configuring ARP attack protection 1

Configuring RRPP. Overview. Basic RRPP concepts. RRPP domain

Operation Manual IPv4 Routing H3C S3610&S5510 Series Ethernet Switches. Table of Contents

Table of Contents 1 IGMP Configuration 1-1

SEP Technology White Paper

M2M CDMA Router. VRRP Configuration Guide

Contents. Configuring EVI 1

First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE (Catalyst 3850 Switches)

Virtual Router Redundancy Protocol (VRRP) Technical Support Guide

Configuring VRRP. Finding Feature Information. Contents

IP Routing Volume Organization

HP A5830 Switch Series Layer 3 - IP Services. Configuration Guide. Abstract

Stateful Failover Technology White Paper

RSTP Configuration. RSTP Configuration

ROUTING CONSORTIUM. Virtual Router Redundancy Protocol Operations Test Suite. Technical Document. Revision 2.5

Syntax instance instance [interface interface-name [vrid virtual-router-id] instance interface interface-name vrid virtual-router-id ipv6

Implementing High Availability. in a Campus Environment. Implementing High Availability. Single Forwarding Path vs. Single Forwarding Path.

Operation Manual Routing Protocol. Table of Contents

HP FlexFabric 5700 Switch Series

Contents. Configuring GRE 1

Table of Contents Chapter 1 MSTP Configuration

Configuring ARP attack protection 1

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Token Ring VLANs and Related Protocols

Token Ring VLANs and Related Protocols

NOTE: The S9500E switch series supports HDLC encapsulation only on POS interfaces. Enabling HDLC encapsulation on an interface

Resilient Ethernet Protocol (REP)

Aggregate Interfaces and LACP

Layer 3 Routing (UI 2.0) User s Manual

Internetwork Expert s CCNP Bootcamp. Gateway Redundancy Protocols & High Availability. What is High Availability?

HP FlexFabric 5700 Switch Series

REDDIG II Computer Networking Training

Section 6.2, IP Routing. Section 6.4, IP/VPN Policy. Section 6.5, IP Quality of Service. Section 6.6, The BANDIT as Firewall

standby arp gratuitous through track vrrp

Configuring MLD. Overview. MLD versions. How MLDv1 operates. MLD querier election

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

WLAN high availability

Hot Standby Router Protocol (HSRP): Frequently Asked Questions

HPE FlexFabric 12900E & 12900

Lab Configuring HSRP and GLBP Topology

62HConfiguring port role restriction 131H37. 63HConfiguring TC-BPDU transmission restriction 132H38. 64HEnabling TC-BPDU guard 133H38

Table of Contents 1 IP Addressing Configuration IP Performance Configuration 2-1

Table of Contents Chapter 1 Link Aggregation Configuration

Configuring EtherChannels and Link-State Tracking

Configuring STP. Understanding Spanning-Tree Features CHAPTER

Table of Contents. Chapter 1 Port Configuration Overview

Table of Contents 1 IPv6 Basics Configuration 1-1

User Handbook. Switch Series. Default Login Details. Version 1.0 Edition

HP 5120 SI Switch Series

HP 5820X & 5800 Switch Series IRF. Command Reference. Abstract

Table of Contents 1 IPv6 Configuration IPv6 Application Configuration 2-1

Accurate study guides, High passing rate! IT TEST BOOK QUESTION & ANSWER. Ittestbook provides update free of charge in one year!

Configuring RIP. Information About RIP CHAPTER

Configuring RIP. RIP Configuration Task List

HUAWEI AR Series SEP Technical White Paper HUAWEI TECHNOLOGIES CO., LTD. Issue 1.0. Date

Network-Level High Availability

HP A5120 EI Switch Series IRF. Command Reference. Abstract

Table of Contents 1 Port Mirroring Configuration 1-1

Configuring HSRP. Understanding HSRP CHAPTER

Operation Manual IP Addressing and IP Performance H3C S5500-SI Series Ethernet Switches. Table of Contents

Table of Contents. 2 Static Route Configuration Commands 2-1 Static Route Configuration Commands 2-1 delete static-routes all 2-1 ip route-static 2-1

HP 6125G & 6125G/XG Blade Switches

Chapter 3 Command List

Table of Contents 1 Static Routing Configuration RIP Configuration 2-1

Actual4Test. Actual4test - actual test exam dumps-pass for IT exams

SecBlade Firewall Cards Stateful Failover Configuration Examples

Operation Manual DHCP H3C S3600 Series Ethernet Switches-Release Table of Contents

Spanning Tree Protocol

Table of Contents 1 GRE Configuration Point to Multi-Point GRE Tunnel Configuration 2-1

Spanning Tree Protocol(STP)

Configuring Spanning Tree Protocol

Configuring VIP and Virtual Interface Redundancy

Vendor: Cisco. Exam Code: Exam Name: Cisco Interconnecting Cisco Networking Devices Part 1 (ICND1 v3.0) Version: Demo

Operation Manual BFD-GR H3C S3610&S5510 Series Ethernet Switches. Table of Contents

H3C S5120-EI Switch Series

MSTP Configuration. Configuration

Operation Manual Cluster Management. Table of Contents

Cisco IOS First Hop Redundancy Protocols Command Reference

HPE FlexNetwork HSR6800 Routers

Command Manual Network Protocol. Table of Contents

HP 5120 EI Switch Series

Chapter 6 Lab 6-1, First Hop Redundancy Protocols HSRP and VRRP INSTRUCTOR VERSION

Transcription:

Table of Contents Table of Contents... 1-1 1.1 Introduction to VRRP... 1-1 1.2 Configuring VRRP... 1-2 1.2.1 Configuring the Function of Pinging the Virtual IP Address... 1-3 1.2.2 Configuring the TTL Value Check for VRRP Packets... 1-3 1.2.3 Configuring the Mapping Mode between Virtual IP Address and MAC Address... 1-3 1.2.4 Configuring a Virtual IP Address... 1-4 1.2.5 Configuring a Priority for a Switch in the VRRP Group... 1-4 1.2.6 Configuring Preemption and Delay for a Switch in a VRRP Group... 1-5 1.2.7 Configuring Authentication Type and Authentication Key... 1-6 1.2.8 Configuring the Interval for Sending VRRP Packets on the Master... 1-7 1.2.9 Configuring the Switch to Track a Specified Interface... 1-7 1.2.10 Configuring VRRP Link Monitoring... 1-8 1.2.11 Configuring IFM Tracking... 1-9 1.2.12 Configuring the Fast Switch Function for a Virtual Router... 1-10 1.3 Displaying and Debugging VRRP... 1-11 1.4 VRRP Configuration Examples... 1-12 1.4.1 Single VRRP Group Configuration Example... 1-12 1.4.2 VRRP Interface Tracking Configuration Example... 1-13 1.4.3 VRRP Link Monitoring Configuration Example... 1-14 1.4.4 IFM Tracking Configuration Example... 1-16 1.4.5 Multiple Virtual Routers Configuration Example... 1-18 1.5 Troubleshooting VRRP... 1-19 i

When configuring VRRP, go to these sections for information you are interested in: Introduction to VRRP Configuring VRRP Displaying and Debugging VRRP VRRP Configuration Examples Troubleshooting VRRP 1.1 Introduction to VRRP The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route (for example, 10.100.10.1 as shown in the following internetworking diagram) is configured for every host on the network, so that the packets destined to some other network segment from the hosts will go through the default route to the Layer 3 Switch. If Switch is down, all the hosts taking Switch as the next-hop will be disconnected from the external network. Network Switch 10.100.10.1 Ethernet 10.100.10.7 10.100.10.8 10.100.10.9 Host 1 Host 2 Host 3 Figure 1-1 Network diagram for LAN VRRP, designed for LANs with multicast and broadcast capabilities (such as Ethernet) settles the above problem. VRRP integrates a group of LAN switches (including a Master and several Backups) into a virtual router. The diagram below is taken as an example to explain how VRRP works. 1-1

Network Actual IP address10.100.10.2 Master Actual IP address10.100.10.3 Backup Virtual IP address10.100.10.1 Ethernet Virtual IP address10.100.10.1 10.100.10.7 10.100.10.8 10.100.10.9 Host 1 Host 2 Host 3 Figure 1-2 Network diagram for virtual router This virtual router has its own IP address: 10.100.10.1 (which can be the interface address of a switch within the virtual router). The switches within the virtual router have their own IP addresses (such as 10.100.10.2 for the Master switch and 10.100.10.3 for the Backup switch). The hosts on the LAN only know the IP address of this virtual router 10.100.10.1 (usually called as virtual IP address of the virtual router), but not the specific IP addresses 10.100.10.2 of the Master switch and 10.100.10.3 of the Backup switch. A default route with the next hop 10.100.10.1 is configured on the hosts. Therefore, hosts within the network will communicate with the external network through this virtual router. If the Master switch in the virtual group breaks down, another Backup switch will function as the new Master switch to continue serving the hosts without any interruption. 1.2 Configuring VRRP The following sections describe the VRRP configuration tasks: Configuring the Function of Pinging the Virtual IP Address Configuring the TTL Value Check for VRRP Packets Configuring the Mapping Mode between Virtual IP Address and MAC Address Configuring a Virtual IP Address Configuring a Priority for a Switch in the VRRP Group Configuring Preemption and Delay for a Switch in a VRRP Group Configuring Authentication Type and Authentication Key Configuring the Interval for Sending VRRP Packets on the Master Configuring the Switch to Track a Specified Interface Configuring VRRP Link Monitoring Configuring IFM Tracking Configuring the Fast Switch Function for a Virtual Router 1-2

1.2.1 Configuring the Function of Pinging the Virtual IP Address This task is to enable/disable the function of pinging the IP address of the virtual router. With this function enabled, you can ping the virtual IP address of the virtual router or telnet to the virtual IP address of the virtual router. Perform the following configuration in system view to enable/disable the ping function: Enable the ping function Disable to ping function vrrp ping-enable undo vrrp ping-enable By default, the ping function is enabled, that is, you can ping or telnet to the virtual IP address of the virtual router. You should enable the ping function before configuring the virtual router. If VRRP is already configured on the switch, it is not allowed to modify the configuration. 1.2.2 Configuring the TTL Value Check for VRRP Packets This task is to enable/disable the TTL value check for VRRP packets on the backup switch. The TTL value must be 225. If the backup switch finds the TTL of a VRRP packet is not 225, the packet will be discarded. Perform the following configuration in VLAN interface view to enable/disable the TTL value check for VRRP packets: Disable the TTL value check for VRRP packets Enable the TTL value check for VRRP packets vrrp un-check ttl undo vrrp un-check ttl 1.2.3 Configuring the Mapping Mode between Virtual IP Address and MAC Address This task is to configure the mapping mode between virtual lp address and MAC address. In VRRP, the virtual IP address of the virtual router corresponds to the virtual MAC address, to ensure correct data forwarding. Depending on the chips installed, some switches support mapping one virtual IP address to multiple MAC addresses. S9500 series not only guarantee correct data forwarding in the subnet, but also allow you to specify a mapping mode, either virtual IP address to real MAC address mapping or virtual IP address to virtual MAC address mapping. Perform the following configuration in system view to configure IP-to-MAC mappings: 1-3

Specify a mapping mode for the virtual IP address Restore the default vrrp method { real-mac virtual-mac } undo vrrp method By default, the virtual IP address of the virtual router corresponds to the virtual MAC address. You should perform this configuration only before configuring the virtual router. 1.2.4 Configuring a Virtual IP Address This task is to assign a virtual IP address to a virtual router or remove an assigned virtual IP address. Perform the following configuration in VLAN interface view to add/delete a virtual IP address: Assign a virtual IP address to a virtual router Delete a virtual IP address vrrp vrid virtual-router-id virtual-ip virtual-address undo vrrp vrid virtual-router-id [ virtual-ip virtual-address ] The virtual-router-id ranges from 1 to 255. The virtual-address can be an unused address in the network segment where the virtual router resides, or the IP address of an interface in the virtual router. If the virtual address is the same as the real IP address of a member switch in the virtual router, the switch is called an IP Address Owner. When assigning an IP address to a nonexistent virtual router, the system will create a new virtual router accordingly. When adding a new address to an existing virtual router, the system will directly add it into the virtual IP address list. After the last virtual IP address is removed from the virtual router, the whole virtual router will also be removed. That is, there is no virtual router on the interface any more and any configuration of it is invalid accordingly. 1.2.5 Configuring a Priority for a Switch in the VRRP Group The status of each switch in the virtual router will be determined by its priority in VRRP. The switch with the highest priority will become the master. Perform the following configuration in VLAN interface view to configure a priority for the switch in the virtual router: 1-4

Configure a priority for the switch in the virtual router. Remove the priority setting of the switch vrrp vrid virtual-router-id priority priority undo vrrp vrid virtual-router-id priority The priority ranges from 0 to 255. The greater the number, the higher the priority. However the value can only be taken from 1 to 254. The priority 0 is reserved for special use and priority 255 is reserved for the IP address owner by the system. By default, the priority is 100. Note: The priority for IP address owner is always 255, which cannot be configured. 1.2.6 Configuring Preemption and Delay for a Switch in a VRRP Group Once a switch in the VRRP group becomes the master, as long as it still functions properly, other switches, even configured with a higher priority later, cannot become the master unless they are configured to work in preemption mode. The switch in preemption mode will become the master switch, when it finds its own priority is higher than that of the current master switch. Accordingly, the former master switch will become a backup switch. Together with the preemption setting, a delay can also be set. In this way, a backup will wait for a period of time before becoming the new master. In an unstable network if the backup switch has not received the packets from the master switch punctually, it will become the master switch. However, the receiving failure may be due to network congestion, instead of the malfunction of the master switch. In this case, the backup will receive the packets after a while. The delay setting can thereby avoid the frequent status changing. Perform the following configuration in VLAN interface view to configure preemption and delay for a switch within a virtual router: Enable the preemption mode and configure a delay. Disable the preemption mode. vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ] undo vrrp vrid virtual-router-id preempt-mode 1-5

The delay in seconds ranges from 0 to 255. By default, the preemption mode is enabled with a delay of 0 seconds. Note: If preemption mode is disabled, the delay will automatically become 0 seconds. 1.2.7 Configuring Authentication Type and Authentication Key VRRP provides following authentication types: simple: Simple character authentication md5: MD5 authentication In a network under possible security threats, the authentication type can be set to simple. Then the switch will add the authentication key into the VRRP packets before transmitting it. The receiver will compare the authentication key of the packet with the locally configured one. If they are the same, the packet will be taken as a true and legal one. Otherwise it will be regarded as an illegal packet and discarded. In this case, an authentication key not exceeding 8 characters should be configured. In a totally unsafe network, the authentication type can be set to md5. The switch will use the authentication type and MD5 algorithm provided by the Authentication Header to authenticate the VRRP packets. In this case an authentication key not exceeding 8 characters should be configured. Those packets failing to pass the authentication will be discarded and a trap packet will be sent to the network management system. Perform the following configuration in VLAN interface view to configure authentication type and authentication key: Configure authentication type and authentication key Remove the authentication type and authentication key vrrp vrid virtual-router-id authentication-mode { md5 simple } key undo vrrp vrid virtual-router-id authentication-mode By default, no authentication is performed. 1-6

Note: The same authentication type and authentication key should be configured for all VLAN interfaces that belong to the virtual router. 1.2.8 Configuring the Interval for Sending VRRP Packets on the Master The master switch advertises its normal operation state to the backup switch by sending VRRP packets regularly (at adver-interval). And the backup switch only receives VRRP packets. If the backup has not received any VRRP packet from the master within a period of time (specified by master-down-interval), it will consider the master as down, and then take its place and become the Master. You can use the following command to set a timer and adjust the interval (adver-interval) at which Master transmits VRRP packets. The master-down-interval of the Backup switch is three times that of the adver-interval. The excessive network traffic or the differences between different switch timers will result in master-down-interval timing out and state changing abnormally. Such problems can be solved through prolonging the adver-interval and preemption delay time. adver-interval is measured in seconds. Perform the following configuration in VLAN interface view to configure the interval for the master to send VRRP packets: Configure the interval for the master to send VRRP packets Restore the default vrrp vrid virtual-router-id timer advertise adver-interval undo vrrp vrid virtual-router-id timer advertise By default, adver-interval is 1. Note: You must configure the same interval for switches within the VRRP group. 1.2.9 Configuring the Switch to Track a Specified Interface The VRRP interface track function extends the function of a VRRP group. It enables redundancy between VRRP interfaces, and between other switch interfaces. You can use the following command to track a specified interface on the master switch. If the interface is down, the priority of the switch will reduce automatically by the value 1-7

specified by value-reduced. Then the backup switch with the highest priority becomes the new master. Perform the following configuration in VLAN interface view to configure the switch to track a specified interface: Configure the switch to track a specified interface Stop tracking the specified interface vrrp vrid virtual-router-id track interface vlan-interface vlan-id [ reduced value-reduced ] undo vrrp vrid virtual-router-id track interface vlan-interface vlan-id By default, priority is reduced by 10. Note: If the switch is an IP address owner, its interfaces cannot be tracked. If the interface is up again, the corresponding priority of the switch, will be restored automatically. On each virtual router, a maximum of eight interfaces can be tracked. 1.2.10 Configuring VRRP Link Monitoring This task allows you to configure the backup VRRP device to monitor the link to the master. When the monitored link goes down, the backup device immediately switches to the master state. The monitored link can be an Ethernet interface, or a manual aggregation group or static aggregation group. If the monitored link is an Ethernet interface, the backup device immediately switches to the master state when the link goes down; if the monitored link is an aggregation group, the backup device switches to the master state after all the ports in the aggregation group go down. 1-8

Caution: Before you configure VRRP link monitoring, it is required that no physical loop exists and the spanning tree protocol (STP) is not enabled on the network. If all the physical links in between are down, the backup device considers that the master device is down, and then the backup device switches to the master state. At this time, two master devices may exist, and you need to ensure communication through networking. Make sure that all the links between the master and backup devices are monitored. Perform the following configuration in VLAN interface view to configure the switch to monitor a specified link: Configure the device to monitor the specified link Disable link monitoring vrrp vrid virtual-router-id monitor { interface interface-type interface-number link-aggregation group group-id } undo vrrp vrid virtual-router-id monitor By default, link monitoring is disabled. Note: When you configure the device to monitor a specified interface, the interface cannot belong to any aggregation group (including dynamic aggregation groups). After you configure the device to monitor an aggregation group, the aggregation group cannot be removed directly. You cannot configure the device to monitor multiple links. After you configure the device to monitor a specified link, you need to use a board that supports reporting connection failures and configure the link-status hold 0 command globally to meet the performance requirements. 1.2.11 Configuring IFM Tracking As a special card on softswitch devices, the IP forwarding module (IFM) is the portal of softswitch, which is used to distribute IP signals. The disconnection with the IFM means the termination of softswitch; therefore, the reliability of IFM has great importance. 1-9

Figure 1-3 Network diagram for IFM devices As shown in Figure 1-3, the two Layer 3 switches form a VRRP group. Each switch is enabled to track the status of the corresponding IFM device through the OAM module. When receiving signals from the IFM device, the priority of the corresponding interface on a switch will increase by the value specified by value-increased. The switch with a higher priority becomes the master. When the link of the master is down, the priority will decrease by a specified value. As a result, the backup will have a higher priority and become the master switch. Thus, the cooperation between IFM and VRRP through OAM is implemented. Perform the following configuration in VLAN interface view to enable/disable IFM tracking: Enable IFM tracking Disable IFM tracking vrrp vrid virtual-router-id track ifm [ increased value-increased ] undo vrrp vrid virtual-router-id track ifm By default, the value of the value-increased argument is 2. 1.2.12 Configuring the Fast Switch Function for a Virtual Router In VRRP, a backup device can switch to the master state after the specified timer expires. This mechanism causes delay in state switching and is not applicable to network environments that require fast state switching because it may interrupt traffic temporarily. To solve this problem, S9500 series switches support the fast switch function for the virtual router. If the uplink virtual interface tracked by the master goes down, the master device immediately decreases its priority and sends an advertisement packet. Upon receiving the advertisement packet, the backup device compares the priority in the packet with that of its own. If the backup device has a higher priority, it switches to the master state immediately. 1-10

Perform the following configuration in VLAN interface view to enable/disable the fast switch function for a virtual router: Enable the fast switch function for a virtual router Disable the fast switch function for the virtual router vrrp vrid virtual-router-id fast-switch undo vrrp vrid virtual-router-id fast-switch By default, the fast switch function is disabled for a virtual router. 1.3 Displaying and Debugging VRRP Remarks Display VRRP state information Display the configuration information of the VRRP-enabled IFM device Display VRRP statistics information Display VRRP detailed information Clear the statistics information about VRRP Enable VRRP debugging Disable VRRP debugging display vrrp [ interface vlan-interface interface-number [ virtual-route-identifier ifm ifm vrid virtual-router-id ] ] display vrrp ifm display vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ] display vrrp verbose [ interface type number [ vrid virtual-router-id ] ] reset vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ] debugging vrrp { state packet error } undo debugging vrrp { state packet error } Available in any view Available in user view By default, VRRP debugging is disabled. 1-11

1.4 VRRP Configuration Examples 1.4.1 Single VRRP Group Configuration Example I. Network requirements Host A takes the VRRP virtual router containing switch A and switch B as its default gateway to access host B on the Internet. It is required that: The virtual router ID is 1; The virtual IP address is 202.38.160.111; Switch A is the master and switch B is the backup: Preemption is allowed. II. Network diagram Host B 10.2.3.1 VLAN- - interface3: 10.100.10.2 Internet Switch_A VLAN- interface2: 202.38.160.1 Virtual IP address: 202.38.160.111 Switch_B VLAN- interface2: 202.38.160.2 202.38.160.3 Host A Figure 1-4 Network diagram for VRRP configuration III. Configuration procedure 1) Configure switch A # Configure VLAN 2. [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0 [LSW-A-vlan-interface2] quit # Configure VRRP. [LSW-A] vrrp ping-enable [LSW-A] interface vlan 2 [LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 1-12

[LSW_A-vlan-interface2] vrrp vrid 1 priority 110 [LSW-A-vlan-interface2] vrrp vrid 1 preempt-mode 2) Configure switch B # Configure VLAN2. [LSW-B] vlan 2 [LSW-B-vlan2] interface vlan 2 [LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0 [LSW-B-vlan-interface2] quit # Configure VRRP. [LSW-B] vrrp ping-enable [LSW-B] interface vlan 2 [LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 [LSW-B-vlan-interface2] vrrp vrid 1 preempt-mode The virtual router can be used soon after configuration. Host A can be configured with the default gateway 202.38.160.111. Under normal conditions, switch A functions as the gateway. Once switch A breaks down, switch B will function as the gateway instead. Configure the preemption mode for switch A, so that it can become the master again after recovery. 1.4.2 VRRP Interface Tracking Configuration Example I. Network requirements See Figure 1-4. If the interface of switch A connected to the Internet is down, switch B should function as the gateway. This can be implemented by tracking the corresponding interface. The virtual router ID is 1. In addition, the MD5 authentication and VRRP packet sending interval are configured. II. Network diagram See Figure 1-4. III. Configuration procedure 1) Configure switch A # Configure VLAN2. [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0 [LSW-A-vlan-interface2] quit # Enable the function to ping the virtual IP address of the virtual router. 1-13

[H3CLSW-A ] vrrp ping-enable # Create the VRRP virtual router. [LSW-A] interface vlan 2 [LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority for the virtual router. [LSW_A-vlan-interface2] vrrp vrid 1 priority 110 # Set the authentication mode and authentication key for the virtual router. [LSW_A-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch # Configure the interface to send VRRP packets every 5 seconds. [LSW_A-vlan-interface2] vrrp vrid 1 timer advertise 5 # Track VLAN-interface 3. [LSW_A-vlan-interface2] vrrp vrid 1 track interface vlan-interface 3 reduced 30 2) Configure switch B # Configure VLAN2. [LSW-B] vlan 2 [LSW-B-vlan2] interface vlan 2 [LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0 [LSW-B-vlan-interface2] quit # Enable the function to ping the virtual IP address of the virtual router. [H3CLSW-B] vrrp ping-enable # Create the virtual router. [LSW-B] interface vlan 2 [LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the authentication mode and authentication key for the virtual router. [LSW_B-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch # Configure the interface to send VRRP packets every five seconds. [LSW_B-vlan-interface2] vrrp vrid 1 timer advertise 5 Under normal conditions, switch A functions as the gateway. Once VLAN-interface 3 of switch A is down, its priority will be reduced by 30, lower than that of switch B so that switch B will become the master. When VLAN-interface 3 of switch A recovers, it will become the master again. 1.4.3 VRRP Link Monitoring Configuration Example I. Network requirements As shown in the figure below: 1-14

No physical loops exist between Switch A, Switch B and Host Server, and STP is not enabled. Switch A is the master while Switch B is the backup. No physical link is available between Switch A and Host Server. Normally, Switch A acts as the gateway. The traffic sent from Host Server is forwarded at Layer 2 through Switch B to Switch A which then forwards the traffic at Layer 3 to the IP network. It is required to configure Switch B to monitor the link to Switch A. If Switch A fails or the link between Switch A and Switch B fails, Switch B becomes the master and acts as the gateway instead of Switch A. Then, the traffic from Host Server is forwarded to the IP network directly through Switch B. The state switching delay should be in milliseconds. II. Network diagram Figure 1-5 Network diagram for VRRP configuration III. Configuration procedure 1) Configure Switch A # Configure VLAN 2. <LSW-A> system-view [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 10.1.1.1 255.255.255.0 [LSW-A-vlan-interface2] quit # Enable pinging the virtual IP address of the virtual router. [LSW-A ] vrrp ping-enable # Create virtual router 1. [LSW-A] interface vlan 2 [LSW-A-vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.3 1-15

# Set the VRRP priority for Switch A. [LSW-A-vlan-interface2] vrrp vrid 1 priority 110 2) Configure Switch B # Configure VLAN 2. <LSW-B> system-view [LSW-B] vlan 2 [LSW-B-vlan2] interface vlan 2 [LSW-B-vlan-interface2] ip address 10.1.1.2 255.255.255.0 [LSW-B-vlan-interface2] quit # Enable pinging the virtual IP address of the virtual router. [LSW-B] vrrp ping-enable # Create virtual router 1. [LSW-B] interface vlan 2 [LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.3 # Enable Switch B to monitor interface Ethernet 2/1/1. [LSW-B-vlan-interface2] vrrp vrid 1 monitor interface Ethernet 2/1/1 [LSW-B-vlan-interface2] quit # Configure the global link state holdtime. [LSW-B] link-status hold 0 1.4.4 IFM Tracking Configuration Example I. Network requirements As shown in the following figure, an IFM softswitch device is attached to a switch. It is required to configure the two switches as a VRRP group and configure IFM tracking to track the IFM devices through OAM. A switch that can receive signals from the corresponding IFM device increases its priority with a specified value to influence master switch election. II. Network diagram Figure 1-6 Network diagram for IFM tracking 1-16

III. Configuration procedure 1) Configure Switch A # Configure VLAN 2. [Switch A] vlan 2 [Switch A-vlan2] interface vlan-interface 2 [Switch A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 [Switch A-Vlan-interface2] quit # Enable OAM. [Switch A] Ethernet3/1/1 [Switch A-Ethernet3/1/1] oam ethernet mode passive [Switch A-Ethernet3/1/1] oam ethernet enable [Switch A-Ethernet3/1/1] quit # Enable the function of pinging the virtual IP address of the virtual router. [Switch A] vrrp ping-enable # Configure the virtual router. [Switch A] interface vlan-interface 2 [Switch A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority of the virtual router. [Switch A-Vlan-interface2] vrrp vrid 1 priority 105 # Set the authentication mode and authentication key for the virtual router. [Switch A-Vlan-interface2] vrrp vrid 1 authentication-mode md5 switch # Configure IFM tracking, and set the increased value to 10. [Switch A-Vlan-interface2] vrrp vrid 1 track ifm increased 10 2) Configure Switch B # Configure VLAN2. [Switch B] vlan 2 [Switch B-vlan2] interface vlan-interface 2 [Switch B-Vlan-interface2] ip address 202.38.160.2 255.255.255.0 [Switch B-Vlan-interface2] quit # Enable OAM. [Switch B] Ethernet3/1/1 [Switch B-Ethernet3/1/1] oam ethernet mode passive [Switch B-Ethernet3/1/1] oam ethernet enable [Switch B-Ethernet3/1/1] quit # Enable the function to ping the virtual IP address of the virtual router. [Switch B] vrrp ping-enable # Create the virtual router. 1-17

[Switch B] interface vlan 2 [Switch B-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the authentication mode and authentication key for the virtual router. [Switch B-Vlan-interface2] vrrp vrid 1 authentication-mode md5 switch # Configure IFM tracking, and set the increased value to 10. [Switch B-Vlan-interface2] vrrp vrid 1 track ifm increased 10 Note: Switch A acts as the gateway in normal cases. When Switch B tracks the state of the IFM device being Master through OAM, the priority of Switch B will be increased by 10, greater than that of Switch A (105), and Switch B will turn the Master and act as the gateway. 1.4.5 Multiple Virtual Routers Configuration Example I. Network requirements A switch can function as a backup switch for multiple virtual routers to implement load balancing. See Figure 1-4. For example, Switch A, the master switch of virtual router 1, can be the backup switch for virtual router 2, and Switch B can be the backup switch for virtual router 1. Some hosts employ virtual router 1 as the gateway, while others employ virtual router 2 as the gateway. In this way, both load balancing and backup are implemented. II. Network diagram Refer to Figure 1-4. III. Configuration procedure 1) Configure switch A # Configure VLAN2. [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0 # Create virtual router 1. [LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority for the virtual router. [LSW_A-vlan-interface2] vrrp vrid 1 priority 150 1-18

# Create virtual router 2. [LSW_A-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112 2) Configure switch B # Configure VLAN2. [LSW-B] vlan 2 [LSW-B-vlan2] interface vlan 2 [LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0 # Create virtual router 1. [LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Create virtual router 2. [LSW_B-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112 # Set the priority for the virtual router. [LSW_B-vlan-interface2] vrrp vrid 2 priority 110 Note: Multiple virtual routers are often used in actual network applications. 1.5 Troubleshooting VRRP As the configuration of VRRP is not very complicated, almost all the malfunctions can be found through viewing the configuration and debugging information. Here are some possible failures you might meet and the corresponding troubleshooting methods. I. Symptom 1: Frequent prompts of configuration errors on the console This indicates that incorrect VRRP packets have been received. It may be because of the inconsistent configuration of another switch within the virtual router, or the attempts of some devices to send out illegal VRRP packets. The first possible fault can be solved through modifying the configuration. And as the second possibility is caused by the malicious attempt of some devices, non-technical measures should be resorted to. II. Symptom 2: More than one Master existing within the same virtual router There are also 2 reasons. One is short time coexistence of many master switches, which is normal and needs no manual intervention. Another is the long time coexistence of many Master switches, which may be because switches in the virtual router cannot receive VRRP packets from each other, or receive some illegal packets. To solve such problems, an attempt should be made to ping the master switches. If such an attempt fails, check the device connectivity. If they can be pinged, check the 1-19

VRRP configuration. For the configuration of the same VRRP virtual router, complete consistency for the number of virtual IP addresses, each virtual IP address, timer duration and authentication type must be guaranteed. III. Symptom 3: Frequent Master/Backup switchovers Such problem occurs when the virtual router timer duration is too short. So the problem can be solved through prolonging this duration or the preemption delay. 1-20

2024 © technodocbox.com Privacy Policy | Terms of Service | Feedback