HP VSR1000, MSR3000, MSR4000, MSR2000 High Availability Configuration Manual

HP VSR1000 Virtual Services Router

High Availability
Configuration Guide

Part number: 5998-4649

Software version: VSR1000_HP-CMW710-E0101P01-X64

Document version: 5W100-20130918

Legal and notice information

© Copyright 2013 Hewlett-Packard Development Company, L.P.

No part of this documentation may be reproduced or transmitted in any form or by any means without
prior written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS
MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY
AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained
herein or for incidental or consequential damages in connection with the furnishing, performance, or use
of this material.

The only warranties for HP products and services are set forth in the express warranty statements
accompanying such products and services. Nothing herein should be construed as constituting an
additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Contents

Configuring VRRP ························································································································································· 1

Overview ············································································································································································ 1
VRRP standard mode ························································································································································ 2

Router priority in a VRRP group ······························································································································ 2
Preemption ································································································································································ 2
Authentication method ············································································································································· 3
VRRP timers ······························································································································································· 3
Master election ························································································································································· 4
VRRP tracking ···························································································································································· 4
VRRP application ······················································································································································ 4

VRRP load balancing mode ············································································································································· 6

Virtual MAC address assignment ··························································································································· 6

Virtual forwarder ······················································································································································ 8
Protocols and standards ················································································································································ 10
Configuring IPv4 VRRP ·················································································································································· 10

IPv4 VRRP configuration task list ·························································································································· 10

Specifying an IPv4 VRRP operating mode ·········································································································· 11

Specifying the IPv4 VRRP version ························································································································ 11

Creating a VRRP group and assigning a virtual IP address ············································································· 11

Configuring the router priority, preemptive mode, and tracking function ······················································ 12

Configuring IPv4 VRRP packet attributes ············································································································ 13

Configuring VF tracking ········································································································································ 14

Enabling SNMP notifications for VRRP ················································································································ 15

Disabling an IPv4 VRRP group ····························································································································· 15

Displaying and maintaining IPv4 VRRP ··············································································································· 15
Configuring IPv6 VRRP ·················································································································································· 16

IPv6 VRRP configuration task list ·························································································································· 16

Specifying an IPv6 VRRP operating mode ·········································································································· 16

Creating a VRRP group and assigning a virtual IPv6 address ········································································· 17

Configuring the router priority, preemptive mode, and tracking function ······················································ 18

Configuring VF tracking ········································································································································ 18

Configuring IPv6 VRRP packet attributes ············································································································ 19

Disabling an IPv6 VRRP group ····························································································································· 20

Displaying and maintaining IPv6 VRRP ··············································································································· 20
IPv4 VRRP configuration examples ······························································································································· 20

Single VRRP group configuration example ········································································································· 20

Multiple VRRP groups configuration example ···································································································· 23

VRRP load balancing configuration example ····································································································· 25
IPv6 VRRP configuration examples ······························································································································· 33

Single VRRP group configuration example ········································································································· 33

Multiple VRRP groups configuration example ···································································································· 36

VRRP load balancing configuration example ····································································································· 39
Troubleshooting VRRP ···················································································································································· 47

An error prompt is displayed ······························································································································· 47

Multiple masters appear in a VRRP group ·········································································································· 48

Fast VRRP state flapping ······································································································································· 48

Configuring BFD ························································································································································· 49

Introduction to BFD ························································································································································· 49

i

BFD session establishment ···································································································································· 49

BFD session modes and operating modes ·········································································································· 49

Supported features ················································································································································ 50

Protocols and standards ······································································································································· 51
Configuring BFD basic functions ·································································································································· 51

Configuring echo packet mode ··························································································································· 51

Configuring control packet mode ························································································································ 52
Displaying and maintaining BFD ·································································································································· 53

Configuring Track ······················································································································································ 54

Overview ········································································································································································· 54

Collaboration fundamentals ································································································································· 54

Collaboration application example ····················································································································· 55
Track configuration task list ··········································································································································· 55
Associating the Track module with a detection module ····························································································· 56

Associating Track with NQA ······························································································································· 56

Associating Track with BFD ·································································································································· 56

Associating Track with interface management ··································································································· 57
Associating the Track module with an application module ······················································································· 58

Associating Track with VRRP ································································································································ 58

Associating Track with static routing ··················································································································· 59

Associating Track with PBR ·································································································································· 60
Displaying and maintaining track entries ···················································································································· 62
Track configuration examples ······································································································································· 62

VRRP-Track-NQA collaboration configuration example ···················································································· 62

Configuring BFD for a VRRP backup to monitor the master ·············································································· 66

Configuring BFD for the VRRP master to monitor the uplink ············································································· 69

Static routing-Track-NQA collaboration configuration example ······································································ 72

Static routing-Track-BFD collaboration configuration example ········································································· 77

VRRP-Track-interface management collaboration configuration example ······················································· 80

Support and other resources ····································································································································· 84

Contacting HP ································································································································································ 84

Subscription service ·············································································································································· 84
Related information ························································································································································ 84

Documents ······························································································································································ 84

Websites ································································································································································· 84
Conventions ···································································································································································· 85

Index ··········································································································································································· 87

ii

Configuring VRRP

Overview

Typically, you can configure a default gateway for every host on a LAN. All packets destined for other
networks are sent through the default gateway. As shown in Figure 1, w
hosts can communicate with external networks.

Figure 1 LAN networking

hen the default gateway fails, no

Using a default gateway facilitates your configuration but requires high availability. Using more egress
gateways improves link availability but introduces the problem of routing among the egresses.

Virtual Router Redundancy Protocol (VRRP) is designed to address this issue. VRRP adds a group of
network gateways to a VRRP group called a "virtual router." A VRRP group comprises one master and
multiple backups, but has only one virtual IP address. The hosts on the subnet only need to configure this
virtual IP address as their default network gateway for communicating with external networks.

The virtual IP address of the virtual router can be either an unused IP address on the subnet where the
VRRP group resides or the IP address of an interface on a router in the VRRP group. In the latter case, the
router is called the IP address owner. A VRRP group can have only one IP address owner.

VRRP avoids single points of failure and simplifies the configuration on hosts. When the master in the
VRRP group on a multicast or broadcast LAN (for example, an Ethernet network) fails, another router in
the VRRP group can take over as the master without causing dynamic route recalculation, route
re-discovery, gateway reconfiguration on the hosts, or traffic interruption.

VRRP operates in either of the following modes:

• Standard mode—Implemented based on RFCs. For more information, see "VRRP standard mode."

• Load balanc

members. For more information, see "VRRP load balancing mode."

ing mode—Extends the VRRP standard mode to distribute load across VRRP group

P has two versions: VRRPv2 and VRRPv3. VRRPv2 supports IPv4 VRRP. VRRPv3 supports IPv4 VRRP

VRR
and IPv6 VRRP.

1

VRRP standard mode

In VRRP standard mode, only the master in the VRRP group can provide gateway service. When the
master fails, the backup routers elect a new master to take over for nonstop gateway service.

Figure 2 VRRP networking

As shown in Figure 2, Router A, Router B, and Router C form a virtual router, which has its own IP address.
Hosts on the subnet use the virtual router as the default gateway.

The router with the highest priority among the three routers is elected as the master, and the other two are
backups.

Router priority in a VRRP group

VRRP determines the role (master or backup) of each router in a VRRP group by priority. A router with
higher priority is more likely to become the master.

VRRP priorities range from 0 to 255, and a greater number represents a higher priority. Priorities 1 to
254 are configurable. Priority 0 is reserved for special uses, and priority 255 is for the IP address owner.
The router acting as the IP address owner in a VRRP group always has a running priority of 255 and acts
as the master as long as it operates correctly.

Preemption

A router in a VRRP group operates in either non-preemptive mode or preemptive mode:

• Non-preemptive mode—When a router in the VRRP group becomes the master, it acts as the master

as long as it operates correctly, even if a backup router is later assigned a higher priority.
Non-preemptive mode helps avoid frequent switchover between the master and backup routers.

• Preemptive mode—A backup starts a new master election and takes over as master when it detects

that it has a higher priority than the current master. Preemptive mode makes sure the router with the
highest priority in a VRRP group always acts as the master.

2

Authentication method

To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets
to authenticate one another. VRRP provides the following authentication methods:

• Simple authentication

The sender fills an authentication key into the VRRP packet, and the receiver compares the received
authentication key with its local authentication key. If the two authentication keys match, the
received VRRP packet is legitimate. Otherwise, the received packet is illegitimate and gets
discarded.

• MD5 authentication

The sender computes a digest for the packet to be sent by using the authentication key and MD5
algorithm, and saves the result in the VRRP packet. The receiver performs the same operation with
the authentication key and MD5 algorithm, and compares the result with the content in the
authentication header. If the results match, the received VRRP packet is legitimate. Otherwise, the
received packet is illegitimate and gets discarded.

On a secure network, you can choose to not authenticate VRRP packets.

NOTE:

IPv4 VRRPv3 and IPv6 VRRPv3 do not support VRRP packet authentication.

VRRP timers

Skew_Time

Skew_Time helps avoid the situation that multiple backups in a VRRP group become the master at the
same time when the master in the VRRP group fails.

Skew_Time is not configurable and its value depends on the version of VRRP:

• In VRRPv2 (described in RFC 3768), Skew_Time is (256 – Router priority)/256.

• In VRRPv3 (described in RFC 5798), Skew_Time is ((256 – Router priority) × VRRP advertisement

interval)/256.

VRRP advertisement interval

The master in a VRRP group periodically sends VRRP advertisements to declare its presence.

You can configure the interval at which the master sends VRRP advertisements. If a backup does not
receive a new VRRP advertisement from the master when the timer (3 × VRRP advertisement interval +
Skew_Time) expires, it regards that the master has failed and takes over as the master.

VRRP preemption delay timer

To avoid frequent state changes among members in a VRRP group and provide the backups enough time
to collect information (such as routing information). In preempt mode, a backup does not immediately
become the master after it receives an advertisement with lower priority than the local priority. Instead,
it waits for a period of time (preemption delay time + Skew_Time) before taking over as the master.

3

Master election

Routers in a VRRP group determine their roles by priority. When a router joins a VRRP group, it has a
backup role. The router role changes according to the following situations:

• If the backup does not receive any VRRP advertisement when the timer (3 × advertisement interval

+ Skew_Time) expires, it becomes the master.

• If the backup receives a VRRP advertisement with a greater or the same priority within the timer (3

× advertisement interval + Skew_Time), it remains a backup.

• If the backup receives a VRRP advertisement with a smaller priority within the timer (3 ×

advertisement interval + Skew_Time), it remains a backup when operating in non-preemptive mode,
or becomes the master when operating in preemptive mode.

The elected master starts a VRRP advertisement interval to periodically send VRRP advertisements to
notify the backups that it is operating correctly. Each of the backups starts a timer to wait for
advertisements from the master.

After a backup receives a VRRP advertisement, it compares only the priority in the packet with its own
priority.

When multiple routers in a VRRP group declare that they are the master because of network problems,
the one with the highest priority becomes the master. If two routers have the same priority, the one with
the highest IP address becomes the master.

VRRP tracking

To enable VRRP tracking, configure the routers in the VRRP group to operate in preemptive mode first, so
that only the router with the highest priority operates as the master for packet forwarding. For more
information about track entries, see High Availability Configuration Guide.

The VRRP tracking function uses network quality analyzer (NQA) or bidirectional forwarding detection
(BFD) to monitor the state of the master, and establishes the collaboration between the VRRP device state
and NQA or BFD through the Track function. It implements the following:

• Monitors the upstream link and changes the priority of the router according to the state of the link.

If the upstream link fails, the hosts on the subnet cannot access external networks through the router
and the state of the track entry becomes Negative. The priority of the master decreases by a
specified value. Then, a router with a higher priority in the VRRP group becomes the master to
maintain the proper communication between the hosts on the subnet and external networks.

• Monitors the state of the master on the backups. When the master fails, a backup immediately takes

over as the master to ensure uninterrupted communication.

When the track entry changes from Negative to Positive or Notready, the router automatically restores its
priority. For more information about track entries, see "Configuring Track."

VRRP application

Master/backup

In master/backup mode, only the master forwards packets, as shown in Figure 3. When the master fails,
a new master is elected from among the backups. This mode requires only one VRRP group, and each
router in the group has a different priority. The one with the highest priority becomes the master.

4

Figure 3 VRRP in master/backup mode

Assume that Router A is acting as the master to forward packets to external networks, and Router B and
Router C are backups in listening state. When Router A fails, Router B and Router C elect a new master
to forward packets for hosts on the subnet.

Load sharing

A router can join multiple VRRP groups and has different priorities in different VRRP groups, and it can act
as the master in one VRRP group and a backup in another.

In load sharing mode, multiple VRRP groups provide gateway services. This mode requires at least two
VRRP groups, and each group has one master and multiple backups. The master roles in the VRRP groups
are assumed by different routers, as shown in Figure 4.

Figure 4 Load shar

ing of VRRP

A router can be in multiple VRRP groups and have a different priority in each group.

As shown in Figure 4, the f

ollowing VRRP groups are present:

5

• VRRP group 1—Router A is the master. Router B and Router C are the backups.

• VRRP group 2—Router B is the master. Router A and Router C are the backups.

• VRRP group 3—Router C is the master. Router A and Router B are the backups.

To implement load sharing among Router A, Router B, and Router C, hosts on the subnet must be
configured with the virtual IP addresses of VRRP group 1, 2, and 3 as default gateways, respectively.
When you configure them, make sure that each router is assigned an appropriate priority in each VRRP
group so that each router can take the expected role in each group.

VRRP load balancing mode

In a standard-mode VRRP group, only the master can forward packets and backups are in listening state.
You can create multiple VRRP groups to share traffic, but you must configure different gateways for hosts
on the subnet.

In load balancing mode, a VRRP group maps its virtual IP address to multiple virtual MAC addresses,
assigning one virtual MAC address to each member router. Every router in this VRRP group can forward
traffic and respond to IPv4 ARP requests or IPv6 ND requests from hosts. Because their virtual MAC
addresses are different, traffic from hosts is distributed across the VRRP group members. Load balancing
mode simplifies configuration and improves forwarding efficiency.

VRRP load balancing mode uses the same master election, preemption, and tracking mechanisms as the
standard mode, and adds new mechanisms as described in the following sections.

Virtual MAC address assignment

In load balancing mode, the master assigns virtual MAC addresses to routers in the VRRP group and uses
different MAC addresses to respond to ARP requests or ND requests from different hosts. The backup
routers, however, do not answer ARP requests or ND requests from hosts.

In an IPv4 network, a load balanced VRRP group works as follows:

1. The master assigns virtual MAC addresses to all member routers, including itself. This example

assumes that the virtual IP address of the VRRP group is 10.1.1.1/24, Router A is the master, and
Router B is the backup. Router A assigns 000f-e2ff-0011 for itself and 000f-e2ff-0012 for Router
B. See Figure 5.

6

Figure 5 Virtual MAC address assignment

Network

Router A

Master

Virtual IP: 10.1.1.1/24

Virtual MAC: 000f-e2ff-0011

Allocate Virtual MAC
000f-e2ff-0012 to Router B

Gateway IP: 10.1.1.1/24 Gateway IP: 10.1.1.1/24

Host A Host B

Router B

Backup

Virtual MAC: 000f-e2ff-0012

2. When an ARP request arrives, the master (Router A) selects a virtual MAC address based on the

load balancing algorithm to answer the ARP request. In this example, Router A returns the virtual
MAC address of itself in response to the ARP request from Host A, and returns the virtual MAC
address of Router B in response to the ARP request from Host B. See Figure 6.

Figure 6 Answering A

RP requests

3. Each host sends packets to the returned MAC address. As shown in Figure 7, Host A sends packets

to Router A and Host B sends packets to Router B.

7

Figure 7 Sending packets to different routers for forwarding

Virtual forwarder

Virtual forwarder creation

Virtual MAC addresses enable traffic distribution across routers in a VRRP group. To enable routers in the
VRRP group to forward packets, VFs must be created on them. Each VF is associated with a virtual MAC
address in the VRRP group and forwards packets that are sent to this virtual MAC address.

VFs are created on routers in a VRRP group, as follows:

1. The master assigns virtual MAC addresses to all routers in the VRRP group. Each member router

creates a VF for this MAC address and becomes the owner of this VF.

2. Each VF owner advertises its VF information to the other member routers.

3. After receiving the VF advertisement, each of the other routers creates the advertised VF.

Eventually, every member router maintains one VF for each virtual MAC address in the VRRP group.

VF weight and priority

The weight of a VF indicates the forwarding capability of a VF. A higher weight means higher
forwarding capability. When the weight is lower than the lower limit of failure, the VF cannot forward
packets.

The priority of a VF determines the VF state. Among the VFs created on different member routers for the
same virtual MAC address, the VF with the highest priority, known as the active virtual forwarder (AVF),
is in active state to forward packets, and all other VFs listen to the state of the AVF and are known as the
listening virtual forwarders (LVFs). VF priority is in the range of 0 to 255, where 255 is reserved for the
VF owner. When the weight of a VF owner is higher than or equal to the lower limit of failure, the priority
of the VF owner is 255.

The priority of a VF is calculated based on its weight:

• On the router that owns the VF, if the weight of the VF is higher than or equal to the lower limit of

failure, the priority of the VF is 255.

8

• On a router that does not own the VF, if the weight of the VF is higher than or equal to the lower limit

• If the weight of the VF is lower than the lower limit of failure, the priority of the VF is 0.

VF backup

The VFs corresponding to a virtual MAC address on different routers in the VRRP group back up one
another.

Figure 8 VF information

of failure, the priority of the VF is calculated as weight/(number of local AVFs +1).

VF timers

Figure 8 shows the VF table on each router in the VRRP group and how the VFs back up one another. The

master, Router A, assigns virtual MAC addresses 000f-e2ff-0011, 000f-e2ff-0012, and 000f-e2ff-0013 to
itself, Router B, and Router C; and each router creates VF 1, VF 2, and VF 3, respectively, for the virtual
MAC addresses. The VFs for the same virtual MAC address on different routers back up one another. For
example, the VF 1 instances on Router A, Router B, and Router C back up one another.

• The VF 1 instance on Router A (the VF 1 owner) has priority 255 and acts as the AVF to forward

packets sent to virtual MAC address 000f-e2ff-0011.

• The VF 1 instances on Router B and Router C have a priority of 255/(1 + 1), or 127. Because their

priorities are lower than the priority of the VF 1 instance on Router A, they act as LVFs to listen to the
state of the VF 1 instance on Router A.

• When the VF 1 instance on Router A fails, the VF 1 instances on Router B and Router C elect the one

with higher priority as the new AVF to forward packets destined for virtual MAC address
000f-e2ff-0011. If the two LVFs' priorities are the same, the LVF with a greater device MAC address
becomes the new AVF.

A VF always operates in preemptive mode. When an LVF finds its priority value higher than the one
advertised by the AVF, the LVF declares itself as the AVF.

When the AVF on a router fails, the new AVF on another router creates a redirect timer and a timeout
timer for the failed AVF, as follows:

9

• Redirect timer—Before this timer expires, the master still uses the virtual MAC address

• Timeout timer—The duration after which the new AVF takes over responsibilities of the failed VF

VF tracking

An AVF forwards packets destined for the MAC address of the AVF. If the upstream link of the AVF fails
but no LVF takes over the AVF role, the hosts on the subnet that use the MAC address of the AVF as their
gateway MAC address cannot access the external network.

The VF tracking function can solve this problem. You can use NQA or BFD to monitor the upstream link
state of the VF owner, and establish the collaboration between the VFs and NQA or BFD through the
tracking function. When the upstream link fails, the state of the track entry changes to Negative, and the
weights of the VFs (including the AVF) on the router decrease by a specified value. The corresponding LVF
with a higher priority on another router becomes the AVF and forwards packets.

corresponding to the failed AVF to respond to ARP/ND requests from hosts, and the VF owner can
share traffic load if the VF owner resumes normal operation within this time. When this timer expires,
the master stops using the virtual MAC address corresponding to the failed AVF to respond to
ARP/ND requests from hosts.

owner. Before this timer expires, all routers in the VRRP group keep the VFs that correspond to the
failed AVF, and the new AVF forwards packets destined for the virtual MAC address of the failed
AVF. When this timer expires, all routers in the VRRP group remove the VFs that correspond to the
failed AVF, including the new AVF. Packets destined for the virtual MAC address of the failed AVF
are not forwarded any longer.

Protocols and standards

• RFC 3768, Virtual Router Redundancy Protocol (VRRP)

• RFC 5798, Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6

Configuring IPv4 VRRP

This section describes how to configure IPv4 VRRP.

IPv4 VRRP configuration task list

Tasks at a glance

(Required.) Specifying an IPv4 VRRP operating mode N/A

(Optional.) Specifying the IPv4 VRRP version N/A

(Required.) Creating a VRRP group and assigning a virtual IP address N/A

(Optional.) Configuring the router priority, preemptive mode, and tracking

function

(Optional.) Configuring IPv4 VRRP packet attributes N/A

Remarks

N/A

(Optional.) Configuring VF tracking

(Optional.) Enabling SNMP notifications for VRRP N/A

10

This configuration applies to only
VRRP load balancing mode.

Tasks at a glance

(Optional.) Disabling an IPv4 VRRP group N/A

Specifying an IPv4 VRRP operating mode

A VRRP group can operate in either of the following modes:

• Standard mode—Only the master can forward packets.

• Load balancing mode—All members that have an AVF can forward packets.

After an IPv4 VRRP operating mode is configured on a router, all IPv4 VRRP groups on the router operate
in the specified operating mode.

To specify an IPv4 VRRP operating mode:

Step Command

1. Enter system view.

2. Specify an IPv4 VRRP

operating mode.

system-view N/A

• Specify the standard mode:

undo vrrp mode

• Specify the load balancing

mode:

vrrp mode load-balance

Remarks

Remarks

Use one of the commands.

By default, VRRP operates in
standard mode.

Specifying the IPv4 VRRP version

The VRRP version on all routers in an IPv4 VRRP group must be the same.

To specify the version of IPv4 VRRP:

Step Command

1. Enter system view.

2. Enter interface view.

3. Specify the version of

VRRP.

system-view N/A

interface interface-type interface-number N/A

vrrp version version-number By default, VRRPv3 is used.

Remarks

Creating a VRRP group and assigning a virtual IP address

A VRRP group can operate correctly after you create it and assign at least one virtual IP address to it. You
can configure multiple virtual IP addresses for the VRRP group on an interface that connects to multiple
subnets for router backup on different subnets.

Configuration guidelines

• The maximum number of VRRP groups that you can create on an interface is 8. The maximum

number of virtual IP addresses that you can assign to a VRRP group is 16.

• In VRRP load balancing mode, the device supports a maximum of MaxVRNum/N VRRP groups.

MaxVRNum refers to the maximum number of VRRP groups supported by the device in VRRP

standard mode, and N refers to the number of devices in the VRRP group.

11

• When VRRP is operating in standard mode, the virtual IP address of a VRRP group can be either an

unused IP address on the subnet where the VRRP group resides or the IP address of an interface on
a router in the VRRP group.

• In load balancing mode, the virtual IP address of a VRRP group can be any unassigned IP address

of the subnet where the VRRP group resides, rather than the IP address of any interface in the VRRP
group. No IP address owner can exist in a VRRP group.

• When a router is the IP address owner in a VRRP group, do not configure the network command on

the interface to use the IP address of the interface, or the virtual IP address of the VRRP group, to
establish a neighbor relationship with the adjacent router. For more information about the network
command, see Layer 3—IP Routing Command Reference.

• If you create an IPv4 VRRP group but do not assign any virtual IP address for it, the VRRP group stays

in inactive state and does not function.

• Removal of the VRRP group on the IP address owner causes IP address collision. To avoid the

collision, change the IP address of the interface on the IP address owner before you remove the
VRRP group from the interface.

• The virtual IP addresses of an IPv4 VRRP group and the IP address of the downlink interface of the

VRRP group must be in the same subnet. Otherwise, the hosts in the subnet cannot access external
networks.

Configuration procedure

To create a VRRP group and assign a virtual IP address:

Step Command

1. Enter system view.

2. Enter interface view.

3. Create a VRRP group

and assign a virtual IP
address.

system-view N/A

interface interface-type interface-number N/A

vrrp vrid virtual-router-id virtual-ip
virtual-address

Remarks

By default, no VRRP group exists.

Configuring the router priority, preemptive mode, and tracking function

The router priority determines which router in the VRRP group serves as the master. The preemptive mode
enables a backup to take over as the master when it detects that it has a higher priority than the current
master. The tracking function decreases the router priority or enables the backup to take over as the
master when the state of the monitored track entry transits to Negative.

Configuration guidelines

• The running priority of an IP address owner is always 255, and you do not need to configure it. An

IP address owner always operates in preemptive mode.

• If you associate a track entry with a VRRP group on an IP address owner, the association does not

take effect until the router is not an IP address owner.

Configuration procedure

To configure the router priority, preemptive mode, and tracking function:

12

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the priority of the

router in the VRRP group.

4. Enable the preemptive mode

for the router in a VRRP group
and configure the preemption
delay time.

5. Associate a VRRP group with

a track entry.

system-view N/A

interface interface-type

interface-number

vrrp vrid virtual-router-id priority
priority-value

vrrp vrid virtual-router-id
preempt-mode [ delay

delay-value ]

vrrp vrid virtual-router-id track
track-entry-number [ reduced
priority-reduced | switchover ]

Configuring IPv4 VRRP packet attributes

Configuration guidelines

• You can configure different authentication modes and authentication keys for VRRP groups on an

interface. However, members of the same VRRP group must use the same authentication mode and
authentication key.

Remarks

N/A

The default setting is 100.

By default, the router in a VRRP
group operates in preemptive
mode and the preemption delay
time is 0 seconds, which means an
immediate preemption.

By default, a VRRP group is not
associated with any track entry.

• In VRRPv3, authentication mode and authentication key settings do not take effect.

• In VRRPv2, all routers in a VRRP group must have the same VRRP advertisement interval.

• In VRRPv3, routers in an IPv4 VRRP group can have different intervals for sending VRRP

advertisements. The master in the VRRP group sends VRRP advertisements at specified intervals, and
carries the interval in the advertisements. After a backup receives the advertisement, it records the
interval in the advertisement. If the backup does not receive a new VRRP advertisement from the
master when the timer (3 x recorded interval + Skew_Time) expires, it regards the master as failed
and takes over as the new master.

Configuration procedure

To configure VRRP packet attributes:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the authentication

mode and authentication key
for an IPv4 VRRP group to
send and receive VRRP
packets.

Remarks

system-view N/A

interface interface-type

interface-number

vrrp vrid virtual-router-id
authentication-mode { md5 |
simple } { cipher | plain } key

N/A

By default, authentication is
disabled.

13

Step Command

4. Configure the interval at

which the master in an IPv4
VRRP group sends VRRP
advertisements.

5. Specify the source interface

for receiving and sending
VRRP packets.

6. Enable TTL check for IPv4

VRRP packets.

7. Return to system view.

8. Configure a DSCP value for

VRRP packets.

vrrp vrid virtual-router-id timer
advertise adver-interval

vrrp vrid virtual-router-id
source-interface interface-type
interface-number

vrrp check-ttl enable

quit N/A

vrrp dscp dscp-value

Remarks

The default setting is 100
centiseconds.

To maintain system stability, HP
recommends that you set the VRRP
advertisement interval to be
greater than 100 centiseconds.

By default, the source interface for
receiving and sending VRRP
packets is not specified. The
interface where the VRRP group
resides sends and receives VRRP
packets.

By default, TTL check for IPv4 VRRP
packets is enabled.

The DSCP value identifies the
packet priority during
transmission.

By default, the DSCP value for
VRRP packets is 48.

Configuring VF tracking

You can configure VF tracking in both standard mode and load balancing mode, but the function takes
effect only in load balancing mode.

In load balancing mode, you can establish the collaboration between the VFs and NQA or BFD through
the tracking function. When the state of the track entry transits to Negative, the weights of all VFs in the
VRRP group on the router decrease by a specific value. When the state of the track entry transits to
Positive or Notready, the original weight values of the VFs restore.

Configuration guidelines

• By default, the weight of a VF is 255, and its lower limit of failure is 10.

• When the weight of a VF owner is higher than or equal to the lower limit of failure, its priority is

always 255 and does not change with the weight. To guarantee that an LVF can take over the VF
owner as the AVF when the upstream link of the VF owner fails, the reduced weight for the VF owner
must be higher than 245 so the weight of the VF owner can drop below the lower limit of failure.

Configuration procedure

To configure VF tracking:

Step Command

1. Enter system view.

Remarks

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

14

N/A

Step Command

3. Configure the VFs in a VRRP

group to monitor a track entry
and configure the reduced
weight.

vrrp vrid virtual-router-id weight
track track-entry-number [ reduced

weight-reduced ]

Enabling SNMP notifications for VRRP

Perform this task to enable VRRP to report important events through notifications to the SNMP module.
The SNMP module determines how to output the notifications according to the configured output rules.
For more information about notifications, see Network Management and Monitoring Configuration
Guide.

To enable SNMP notifications for VRRP:

Step Command

1. Enter system view.

2. Enable SNMP notifications for

VRRP.

system-view N/A

snmp-agent trap enable vrrp
[ auth-failure | new-master ]

Remarks

By default, no track entry is
specified.

Remarks

By default, SNMP notifications for
VRRP are enabled.

Disabling an IPv4 VRRP group

You can temporarily disable an IPv4 VRRP group. After being disabled, the VRRP group stays in
initialized state, and its configurations remain unchanged. You can change the configuration of a VRRP
group when the VRRP group is disabled. Your changes take effect when you enable the VRRP group
again.

To disable an IPv4 VRRP group:

Step Command

1. Enter system view.

2. Enter interface view.

3. Disable a VRRP group.

system-view N/A

interface interface-type

interface-number

vrrp vrid virtual-router-id shutdown

Displaying and maintaining IPv4 VRRP

Execute display commands in any view and the reset command in user view.

Remarks

N/A

By default, a VRRP group is
enabled.

Task Command

Display states of IPv4 VRRP groups.

Display statistics for IPv4 VRRP
groups.

display vrrp [ interface interface-type interface-number [ vrid
virtual-router-id ] ] [ verbose ]

display vrrp statistics [ interface interface-type interface-number [ vrid
virtual-router-id ] ]

15

Task Command

Clear statistics for IPv4 VRRP
groups.

reset vrrp statistics [ interface interface-type interface-number [ vrid
virtual-router-id ] ]

Configuring IPv6 VRRP

This section describes how to configure IPv6 VRRP.

IPv6 VRRP configuration task list

Tasks at a glance

(Required.) Specifying an IPv6 VRRP operating

mode

(Required.) Creating a VRRP group and

assigning a virtual IPv6 address

(Optional.) Configuring the router priority,

preemptive mode, and tracking function

(Optional.) Configuring VF tracking

Remarks

N/A

N/A

N/A

This configuration applies to only VRRP load balancing
mode.

(Optional.) Configuring IPv6 VRRP packet

attributes

(Optional.) Disabling an IPv6 VRRP group N/A

N/A

Specifying an IPv6 VRRP operating mode

A VRRP group can operate in either of the following modes:

• Standard mode—Only the master can forward packets.

• Load balancing mode—All members that have an AVF can forward packets.

After the IPv6 VRRP operating mode is specified on a router, all IPv6 VRRP groups on the router operate
in the specified operating mode.

To specify an IPv6 VRRP operating mode:

Step Command

1. Enter system view.

2. Specify an IPv6 VRRP

operating mode.

system-view N/A

• Specify the standard mode:

undo vrrp ipv6 mode

• Specify the load balancing

mode:

vrrp ipv6 mode load-balance

Remarks

Use one of the commands.

By default, VRRP operates in
standard mode.

16

Creating a VRRP group and assigning a virtual IPv6 address

A VRRP group can work correctly after you create it and assign at least one virtual IPv6 address for it. You
can configure multiple virtual IPv6 addresses for the VRRP group on an interface that connects to multiple
subnets for router backup.

Configuration guidelines

• If a router is the IP address owner in a VRRP group, do not configure the ospfv3 area command on

the interface to use the IPv6 address of the interface or the virtual IPv6 address of the VRRP group,
to establish an OSPFv3 neighbor relationship with the adjacent router. For more information about
the ospfv3 area command, see Layer 3—IP Routing Command Reference.

• In load balancing mode, the virtual IPv6 address of a VRRP group cannot be the same as the IPv6

address of any interface in the VRRP group.

• The maximum number of VRRP groups that you can create on an interface is 8. The maximum

number of virtual IPv6 addresses that you can assign for a VRRP group is 16.

• If you create an IPv6 VRRP group but do not assign any virtual IPv6 addresses to it, the VRRP group

stays in inactive state and does not function.

• To avoid IP address collisions, change the IPv6 address of the interface on the IP address owner

before you remove the VRRP group from the interface.

• The virtual IPv6 addresses of an IPv6 VRRP group and the IPv6 address of the interface where the

VRRP g rou p is co nfigured must be in t he sam e subn et. Other wise, hosts on the s ubnet c annot a ccess
external networks.

Configuration procedure

To create a VRRP group and assign a virtual IPv6 address:

Step Command

1. Enter system view.

2. Enter interface view.

3. Create a VRRP group and

assign a virtual IPv6 address,
which is a link-local address.

4. (Optional.) Assign a virtual

IPv6 address, which is a
global unicast address.

Remarks

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id
virtual-ip virtual-address link-local

vrrp ipv6 vrid virtual-router-id
virtual-ip virtual-address

N/A

By default, no VRRP group exists.

The first virtual IPv6 address that
you assign to an IPv6 VRRP group
must be a link-local address, and it
must be the last address you
remove. Only one link local
address is allowed in a VRRP
group.

By default, no global unicast
address is assigned for an IPv6
VRRP group.

17

Configuring the router priority, preemptive mode, and tracking function

Configuration guidelines

• The running priority of an IP address owner is always 255, and you do not need to configure it. An

IP address owner always operates in preemptive mode.

• If you associate a track entry with a VRRP group on an IP address owner, the association does not

take effect until the router becomes a non-IP address owner.

• When the track entry changes from Negative to Positive or Notready, the router automatically

restores its priority.

Configuration procedure

To configure the router priority, preemptive mode, and tracking function:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the priority of the

router in the VRRP group.

4. Enable the preemptive mode

for the router in a VRRP group
and configure the preemption
delay time.

5. Associate a VRRP group with

a track entry.

Configuring VF tracking

You can configure VF tracking in both standard mode and load balancing mode, but the function takes
effect only in load balancing mode.

In load balancing mode, you can configure the VFs in a VRRP group to monitor a track entry. When the
state of the track entry transits to Negative, the weights of all VFs in the VRRP group on the router
decrease by a specific value. When the state of the track entry transits to Positive or Notready, the
original weights of the VFs restore.

Remarks

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id
priority priority-value

vrrp ipv6 vrid virtual-router-id
preempt-mode [ delay

delay-value ]

vrrp ipv6 vrid virtual-router-id track
track-entry-number [ reduced
priority-reduced | switchover ]

N/A

The default setting is 100.

By default, the router in a VRRP
group operates in preemptive
mode and the preemption delay
time is 0 seconds, which means an
immediate preemption.

By default, a VRRP group is not
associated with any track entry.

Configuration guidelines

• By default, the weight of a VF is 255, and its lower limit of failure is 10.

• When the weight of a VF owner is higher than or equal to the lower limit of failure, its priority is

always 255 and does not change with the weight. To guarantee that an LVF can take over the VF
owner as the AVF when the upstream link of the VF owner fails, the reduced weight for the VF owner
must be higher than 245 so the weight of the VF owner can drop below the lower limit of failure.

18

Configuration procedure

To configure VF tracking:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the VFs in a VRRP

group to monitor a track entry
and configure the reduced
weight.

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id
weight track track-entry-number

[ reduced weight-reduced ]

Configuring IPv6 VRRP packet attributes

This section describes how to configure IPv6 VRRP packet attributes.

Configuration guidelines

• The routers in an IPv6 VRRP group can have different intervals for sending VRRP advertisements. The

master in the VRRP group sends VRRP advertisements at the specified interval and carries the
interval attribute in the advertisements. After a backup receives the advertisement, it records the
interval in the advertisement. If the backup does not receive a new VRRP advertisement from the
master when the timer (3 x recorded interval + Skew_Time) expires, it regards the master as failed
and takes over as the new master.

Remarks

N/A

By default, no track entry is
specified.

• A high volume of network traffic might cause a backup to fail to receive VRRP advertisements from

the master within the specified time, resulting in an unexpected master switchover. To solve this
problem, configure a larger interval.

Configuration procedure

To configure the IPv6 VRRP packet attribute:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the IPv6 VRRP

advertisement interval.

4. Return to system view.

5. Configure a DSCP value for IPv6

VRRP packets.

Remarks

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id
timer advertise adver-interval

quit N/A

vrrp ipv6 dscp dscp-value

N/A

The default setting is 100
centiseconds.

To maintain system stability, HP
recommends that you set the
VRRP advertisement interval to
be greater than 100
centiseconds.

The DSCP value identifies the
packet priority during
transmission.

By default, the DSCP value for
IPv6 VRRP packets is 56.

19

Disabling an IPv6 VRRP group

You can temporarily disable an IPv6 VRRP group. After being disabled, the VRRP group stays in
initialized state, and its configurations remain unchanged. You can change the configuration of a VRRP
group when it is disabled. Your changes take effect when you enable the VRRP group again.

To disable an IPv6 VRRP group:

Step Command

1. Enter system view.

2. Enter interface view.

3. Disable an IPv6 VRRP group.

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id
shutdown

Displaying and maintaining IPv6 VRRP

Execute display commands in any view and the reset command in user view.

Task Command

Display the states of IPv6 VRRP
groups.

Display statistics for IPv6 VRRP
groups.

Clear statistics for IPv6 VRRP
groups.

display vrrp ipv6 [ interface interface-type interface-number [ vrid
virtual-router-id ] ] [ verbose ]

display vrrp ipv6 statistics [ interface interface-type interface-number
[ vrid virtual-router-id ] ]

reset vrrp ipv6 statistics [ interface interface-type interface-number [ vrid
virtual-router-id ] ]

Remarks

N/A

By default, an IPv6 VRRP group is
enabled.

IPv4 VRRP configuration examples

This section provides examples of configuring IPv4 VRRP applications on routers.

Single VRRP group configuration example

This section provides an example of configuring a single VRRP group on routers.

Network requirements

Router A and Router B form a VRRP group and use the virtual IP address 10.1.1.111/24 to provide gateway
service for the subnet where Host A resides, as shown in Figure 9.

R

outer A operates as the master to forward packets from Host A to Host B. When Router A fails, Router

B takes over to forward packets for Host A.

Configure Router A to operate in preempt mode so Router A can forward traffic as long as Router A
operates correctly. Configure the preempt delay as 5 seconds to avoid frequent status change.

20

Figure 9 Network diagram

Configuration procedure

1. Configure Router A:

# Specify an IP address for Router A.

<RouterA> system-view
[RouterA] interface gigabitethernet 1/0
[RouterA-GigabitEthernet1/0] ip address 10.1.1.1 255.255.255.0

# Create VRRP group 1 on GigabitEthernet 1/0 and set its virtual IP address to 10.1.1.111.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.111

# Assign Router A a higher priority than Router B in VRRP group 1, so Router A can become the
master.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 priority 110

# Configure Router A to operate in preemptive mode, so it can become the master whenever it
operates correctly, and set the preemption delay to 5 seconds to avoid frequent status switchover.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5

2. Configure Router B:

# Specify an IP address for Router A.

<RouterB> system-view
[RouterB] interface gigabitethernet 1/0
[RouterB-GigabitEthernet1/0] ip address 10.1.1.2 255.255.255.0

# Create VRRP group 1 on GigabitEthernet 1/0 and set its virtual IP address to 10.1.1.111.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.111

# Configure the priority of Router B in VRRP group 1 as 100.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 priority 100

# Configure Router B to operate in preemptive mode, and set the preemption delay to 5 seconds.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5

3. Verify the configuration:

# Ping Host B from Host A. (Details not shown.)

# Display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp verbose
IPv4 Virtual Router Information:

21

Running Mode : Standard
Total number of virtual routers : 1
Interface GigabitEthernet1/0
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 5
Auth Type : None
Virtual IP : 10.1.1.111
Virtual MAC : 0000-5e00-0101
Master IP : 10.1.1.1

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface GigabitEthernet1/0
VRID : 1 Adver Timer : 100
Admin Status : Up State : Backup
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 5
Become Master : 412ms left
Auth Type : None
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1

The output shows that Router A is operating as the master in VRRP group 1 to forward packets from
Host A to Host B.

# Disconnect the link between Host A and Router A, and verify that Host A can still ping Host B.
(Details not shown.)

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface GigabitEthernet1/0
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 5
Auth Type : None
Virtual IP : 10.1.1.111
Virtual MAC : 0000-5e00-0101
Master IP : 10.1.1.2

The output shows that when Router A fails, Router B takes over to forward packets from Host A to
Host B.

# Recover the link between Host A and Router A, and display detailed information about VRRP
group 1 on Router A.

22

[RouterA-GigabitEthernet1/0] display vrrp verbose
IPv4 Virtual Router Information:
Running Mode : Standard
Total number of virtual routers : 1
Interface GigabitEthernet1/0
VRID : 1 Adver Timer : 100
Admin Status : Up State : Master
Config Pri : 110 Running Pri : 110
Preempt Mode : Yes Delay Time : 5
Auth Type : None
Virtual IP : 10.1.1.111
Virtual MAC : 0000-5e00-0101
Master IP : 10.1.1.1

The output shows that after Router A resumes normal operation, it becomes the master to forward
packets from Host A to Host B.

Multiple VRRP groups configuration example

To implement load sharing between the VRRP groups, you must manually configure the default gateway
1 0 .1.1.111 f o r s o m e h o s t s a n d 10 .1.1.112 for the other on the subnet 10.1.1.0/24.

Network requirements

Router A and Router B form two VRRP groups to implement load sharing and mutual backup. VRRP group
1 uses the virtual IP address 10.1.1.111/24 to provide gateway service for some hosts on the subnet

10.1.1.0/24, and VRRP group 2 uses the virtual IP address 10.1.1.112/24 to provide gateway service for
the other hosts on the subnet, as shown in Figure 10.

Figure 10 Network diagram

Configuration procedure

1. Configure Router A:

# Specify an IP address for Router A.

<RouterA> system-view

23