HP VSR1000, MSR3000, MSR4000, MSR2000 High Availability Configuration Manual

Download

HP VSR1000 Virtual Services Router

High Availability Configuration Guide

Part number: 5998-4649

Software version: VSR1000_HP-CMW710-E0101P01-X64

Document version: 5W100-20130918

Legal and notice information

No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P.

The information contained herein is subject to change without notice.

HEWLETT-PACKARD COMPANY MAKES NO WARRANTY OF ANY KIND WITH REGARD TO THIS MATERIAL, INCLUDING, BUT NOT LIMITED TO, THE IMPLIED WARRANTIES OF MERCHANTABILITY AND FITNESS FOR A PARTICULAR PURPOSE. Hewlett-Packard shall not be liable for errors contained herein or for incidental or consequential damages in connection with the furnishing, performance, or use of this material.

The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

Configuring VRRP ························································································································································· 1

Overview ············································································································································································ 1 VRRP standard mode ························································································································································ 2

Router priority in a VRRP group ······························································································································ 2 Preemption ································································································································································ 2 Authentication method ············································································································································· 3 VRRP timers ······························································································································································· 3 Master election ························································································································································· 4 VRRP tracking ···························································································································································· 4 VRRP application ······················································································································································ 4

VRRP load balancing mode ············································································································································· 6

Virtual MAC address assignment ··························································································································· 6

Virtual forwarder ······················································································································································ 8 Protocols and standards ················································································································································ 10 Configuring IPv4 VRRP ·················································································································································· 10

IPv4 VRRP configuration task list ·························································································································· 10

Specifying an IPv4 VRRP operating mode ·········································································································· 11

Specifying the IPv4 VRRP version ························································································································ 11

Creating a VRRP group and assigning a virtual IP address ············································································· 11

Configuring the router priority, preemptive mode, and tracking function ······················································ 12

Configuring IPv4 VRRP packet attributes ············································································································ 13

Configuring VF tracking ········································································································································ 14

Enabling SNMP notifications for VRRP ················································································································ 15

Disabling an IPv4 VRRP group ····························································································································· 15

Displaying and maintaining IPv4 VRRP ··············································································································· 15 Configuring IPv6 VRRP ·················································································································································· 16

IPv6 VRRP configuration task list ·························································································································· 16

Specifying an IPv6 VRRP operating mode ·········································································································· 16

Creating a VRRP group and assigning a virtual IPv6 address ········································································· 17

Configuring the router priority, preemptive mode, and tracking function ······················································ 18

Configuring IPv6 VRRP packet attributes ············································································································ 19

Disabling an IPv6 VRRP group ····························································································································· 20

Displaying and maintaining IPv6 VRRP ··············································································································· 20 IPv4 VRRP configuration examples ······························································································································· 20

Single VRRP group configuration example ········································································································· 20

Multiple VRRP groups configuration example ···································································································· 23

VRRP load balancing configuration example ····································································································· 25 IPv6 VRRP configuration examples ······························································································································· 33

Single VRRP group configuration example ········································································································· 33

Multiple VRRP groups configuration example ···································································································· 36

VRRP load balancing configuration example ····································································································· 39 Troubleshooting VRRP ···················································································································································· 47

An error prompt is displayed ······························································································································· 47

Multiple masters appear in a VRRP group ·········································································································· 48

Fast VRRP state flapping ······································································································································· 48

Configuring BFD ························································································································································· 49

Introduction to BFD ························································································································································· 49

BFD session establishment ···································································································································· 49

BFD session modes and operating modes ·········································································································· 49

Supported features ················································································································································ 50

Protocols and standards ······································································································································· 51 Configuring BFD basic functions ·································································································································· 51

Configuring echo packet mode ··························································································································· 51

Configuring control packet mode ························································································································ 52 Displaying and maintaining BFD ·································································································································· 53

Configuring Track ······················································································································································ 54

Collaboration fundamentals ································································································································· 54

Collaboration application example ····················································································································· 55 Track configuration task list ··········································································································································· 55 Associating the Track module with a detection module ····························································································· 56

Associating Track with NQA ······························································································································· 56

Associating Track with BFD ·································································································································· 56

Associating Track with interface management ··································································································· 57 Associating the Track module with an application module ······················································································· 58

Associating Track with VRRP ································································································································ 58

Associating Track with static routing ··················································································································· 59

Associating Track with PBR ·································································································································· 60 Displaying and maintaining track entries ···················································································································· 62 Track configuration examples ······································································································································· 62

VRRP-Track-NQA collaboration configuration example ···················································································· 62

Configuring BFD for a VRRP backup to monitor the master ·············································································· 66

Configuring BFD for the VRRP master to monitor the uplink ············································································· 69

Static routing-Track-NQA collaboration configuration example ······································································ 72

Static routing-Track-BFD collaboration configuration example ········································································· 77

VRRP-Track-interface management collaboration configuration example ······················································· 80

Support and other resources ····································································································································· 84

Contacting HP ································································································································································ 84

Subscription service ·············································································································································· 84 Related information ························································································································································ 84

Documents ······························································································································································ 84

Websites ································································································································································· 84 Conventions ···································································································································································· 85

Index ··········································································································································································· 87

Configuring VRRP

Overview

Typically, you can configure a default gateway for every host on a LAN. All packets destined for other networks are sent through the default gateway. As shown in Figure 1, w hosts can communicate with external networks.

Figure 1 LAN networking

hen the default gateway fails, no

Using a default gateway facilitates your configuration but requires high availability. Using more egress gateways improves link availability but introduces the problem of routing among the egresses.

Virtual Router Redundancy Protocol (VRRP) is designed to address this issue. VRRP adds a group of network gateways to a VRRP group called a "virtual router." A VRRP group comprises one master and multiple backups, but has only one virtual IP address. The hosts on the subnet only need to configure this virtual IP address as their default network gateway for communicating with external networks.

The virtual IP address of the virtual router can be either an unused IP address on the subnet where the VRRP group resides or the IP address of an interface on a router in the VRRP group. In the latter case, the router is called the IP address owner. A VRRP group can have only one IP address owner.

VRRP avoids single points of failure and simplifies the configuration on hosts. When the master in the VRRP group on a multicast or broadcast LAN (for example, an Ethernet network) fails, another router in the VRRP group can take over as the master without causing dynamic route recalculation, route re-discovery, gateway reconfiguration on the hosts, or traffic interruption.

VRRP operates in either of the following modes:

• Standard mode—Implemented based on RFCs. For more information, see "VRRP standard mode."

• Load balanc

members. For more information, see "VRRP load balancing mode."

ing mode—Extends the VRRP standard mode to distribute load across VRRP group

P has two versions: VRRPv2 and VRRPv3. VRRPv2 supports IPv4 VRRP. VRRPv3 supports IPv4 VRRP

VRR and IPv6 VRRP.

VRRP standard mode

In VRRP standard mode, only the master in the VRRP group can provide gateway service. When the master fails, the backup routers elect a new master to take over for nonstop gateway service.

Figure 2 VRRP networking

As shown in Figure 2, Router A, Router B, and Router C form a virtual router, which has its own IP address. Hosts on the subnet use the virtual router as the default gateway.

The router with the highest priority among the three routers is elected as the master, and the other two are backups.

Router priority in a VRRP group

VRRP determines the role (master or backup) of each router in a VRRP group by priority. A router with higher priority is more likely to become the master.

VRRP priorities range from 0 to 255, and a greater number represents a higher priority. Priorities 1 to 254 are configurable. Priority 0 is reserved for special uses, and priority 255 is for the IP address owner. The router acting as the IP address owner in a VRRP group always has a running priority of 255 and acts as the master as long as it operates correctly.

Preemption

A router in a VRRP group operates in either non-preemptive mode or preemptive mode:

• Non-preemptive mode—When a router in the VRRP group becomes the master, it acts as the master

as long as it operates correctly, even if a backup router is later assigned a higher priority. Non-preemptive mode helps avoid frequent switchover between the master and backup routers.

• Preemptive mode—A backup starts a new master election and takes over as master when it detects

that it has a higher priority than the current master. Preemptive mode makes sure the router with the highest priority in a VRRP group always acts as the master.

Authentication method

To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets to authenticate one another. VRRP provides the following authentication methods:

• Simple authentication

The sender fills an authentication key into the VRRP packet, and the receiver compares the received authentication key with its local authentication key. If the two authentication keys match, the received VRRP packet is legitimate. Otherwise, the received packet is illegitimate and gets discarded.

• MD5 authentication

The sender computes a digest for the packet to be sent by using the authentication key and MD5 algorithm, and saves the result in the VRRP packet. The receiver performs the same operation with the authentication key and MD5 algorithm, and compares the result with the content in the authentication header. If the results match, the received VRRP packet is legitimate. Otherwise, the received packet is illegitimate and gets discarded.

On a secure network, you can choose to not authenticate VRRP packets.

NOTE:

IPv4 VRRPv3 and IPv6 VRRPv3 do not support VRRP packet authentication.

VRRP timers

Skew_Time

Skew_Time helps avoid the situation that multiple backups in a VRRP group become the master at the same time when the master in the VRRP group fails.

Skew_Time is not configurable and its value depends on the version of VRRP:

• In VRRPv2 (described in RFC 3768), Skew_Time is (256 – Router priority)/256.

• In VRRPv3 (described in RFC 5798), Skew_Time is ((256 – Router priority) × VRRP advertisement

interval)/256.

VRRP advertisement interval

The master in a VRRP group periodically sends VRRP advertisements to declare its presence.

You can configure the interval at which the master sends VRRP advertisements. If a backup does not receive a new VRRP advertisement from the master when the timer (3 × VRRP advertisement interval + Skew_Time) expires, it regards that the master has failed and takes over as the master.

VRRP preemption delay timer

To avoid frequent state changes among members in a VRRP group and provide the backups enough time to collect information (such as routing information). In preempt mode, a backup does not immediately become the master after it receives an advertisement with lower priority than the local priority. Instead, it waits for a period of time (preemption delay time + Skew_Time) before taking over as the master.

Master election

Routers in a VRRP group determine their roles by priority. When a router joins a VRRP group, it has a backup role. The router role changes according to the following situations:

• If the backup does not receive any VRRP advertisement when the timer (3 × advertisement interval

+ Skew_Time) expires, it becomes the master.

• If the backup receives a VRRP advertisement with a greater or the same priority within the timer (3

× advertisement interval + Skew_Time), it remains a backup.

• If the backup receives a VRRP advertisement with a smaller priority within the timer (3 ×

advertisement interval + Skew_Time), it remains a backup when operating in non-preemptive mode, or becomes the master when operating in preemptive mode.

The elected master starts a VRRP advertisement interval to periodically send VRRP advertisements to notify the backups that it is operating correctly. Each of the backups starts a timer to wait for advertisements from the master.

After a backup receives a VRRP advertisement, it compares only the priority in the packet with its own priority.

When multiple routers in a VRRP group declare that they are the master because of network problems, the one with the highest priority becomes the master. If two routers have the same priority, the one with the highest IP address becomes the master.

VRRP tracking

To enable VRRP tracking, configure the routers in the VRRP group to operate in preemptive mode first, so that only the router with the highest priority operates as the master for packet forwarding. For more information about track entries, see High Availability Configuration Guide.

The VRRP tracking function uses network quality analyzer (NQA) or bidirectional forwarding detection (BFD) to monitor the state of the master, and establishes the collaboration between the VRRP device state and NQA or BFD through the Track function. It implements the following:

• Monitors the upstream link and changes the priority of the router according to the state of the link.

If the upstream link fails, the hosts on the subnet cannot access external networks through the router and the state of the track entry becomes Negative. The priority of the master decreases by a specified value. Then, a router with a higher priority in the VRRP group becomes the master to maintain the proper communication between the hosts on the subnet and external networks.

• Monitors the state of the master on the backups. When the master fails, a backup immediately takes

over as the master to ensure uninterrupted communication.

When the track entry changes from Negative to Positive or Notready, the router automatically restores its priority. For more information about track entries, see "Configuring Track."

VRRP application

Master/backup

In master/backup mode, only the master forwards packets, as shown in Figure 3. When the master fails, a new master is elected from among the backups. This mode requires only one VRRP group, and each router in the group has a different priority. The one with the highest priority becomes the master.

Figure 3 VRRP in master/backup mode

Assume that Router A is acting as the master to forward packets to external networks, and Router B and Router C are backups in listening state. When Router A fails, Router B and Router C elect a new master to forward packets for hosts on the subnet.

Load sharing

A router can join multiple VRRP groups and has different priorities in different VRRP groups, and it can act as the master in one VRRP group and a backup in another.

In load sharing mode, multiple VRRP groups provide gateway services. This mode requires at least two VRRP groups, and each group has one master and multiple backups. The master roles in the VRRP groups are assumed by different routers, as shown in Figure 4.

Figure 4 Load shar

ing of VRRP

A router can be in multiple VRRP groups and have a different priority in each group.

As shown in Figure 4, the f

ollowing VRRP groups are present:

• VRRP group 1—Router A is the master. Router B and Router C are the backups.

• VRRP group 2—Router B is the master. Router A and Router C are the backups.

• VRRP group 3—Router C is the master. Router A and Router B are the backups.

To implement load sharing among Router A, Router B, and Router C, hosts on the subnet must be configured with the virtual IP addresses of VRRP group 1, 2, and 3 as default gateways, respectively. When you configure them, make sure that each router is assigned an appropriate priority in each VRRP group so that each router can take the expected role in each group.

VRRP load balancing mode

In a standard-mode VRRP group, only the master can forward packets and backups are in listening state. You can create multiple VRRP groups to share traffic, but you must configure different gateways for hosts on the subnet.

In load balancing mode, a VRRP group maps its virtual IP address to multiple virtual MAC addresses, assigning one virtual MAC address to each member router. Every router in this VRRP group can forward traffic and respond to IPv4 ARP requests or IPv6 ND requests from hosts. Because their virtual MAC addresses are different, traffic from hosts is distributed across the VRRP group members. Load balancing mode simplifies configuration and improves forwarding efficiency.

VRRP load balancing mode uses the same master election, preemption, and tracking mechanisms as the standard mode, and adds new mechanisms as described in the following sections.

Virtual MAC address assignment

In load balancing mode, the master assigns virtual MAC addresses to routers in the VRRP group and uses different MAC addresses to respond to ARP requests or ND requests from different hosts. The backup routers, however, do not answer ARP requests or ND requests from hosts.

In an IPv4 network, a load balanced VRRP group works as follows:

1. The master assigns virtual MAC addresses to all member routers, including itself. This example

assumes that the virtual IP address of the VRRP group is 10.1.1.1/24, Router A is the master, and Router B is the backup. Router A assigns 000f-e2ff-0011 for itself and 000f-e2ff-0012 for Router B. See Figure 5.

Figure 5 Virtual MAC address assignment

Network

Router A

Master

Virtual IP: 10.1.1.1/24

Virtual MAC: 000f-e2ff-0011

Allocate Virtual MAC 000f-e2ff-0012 to Router B

Gateway IP: 10.1.1.1/24 Gateway IP: 10.1.1.1/24

Host A Host B

Router B

Backup

Virtual MAC: 000f-e2ff-0012

2. When an ARP request arrives, the master (Router A) selects a virtual MAC address based on the

load balancing algorithm to answer the ARP request. In this example, Router A returns the virtual MAC address of itself in response to the ARP request from Host A, and returns the virtual MAC address of Router B in response to the ARP request from Host B. See Figure 6.

Figure 6 Answering A

RP requests

3. Each host sends packets to the returned MAC address. As shown in Figure 7, Host A sends packets

to Router A and Host B sends packets to Router B.

Figure 7 Sending packets to different routers for forwarding

Virtual forwarder

Virtual forwarder creation

Virtual MAC addresses enable traffic distribution across routers in a VRRP group. To enable routers in the VRRP group to forward packets, VFs must be created on them. Each VF is associated with a virtual MAC address in the VRRP group and forwards packets that are sent to this virtual MAC address.

VFs are created on routers in a VRRP group, as follows:

1. The master assigns virtual MAC addresses to all routers in the VRRP group. Each member router

creates a VF for this MAC address and becomes the owner of this VF.

2. Each VF owner advertises its VF information to the other member routers.

3. After receiving the VF advertisement, each of the other routers creates the advertised VF.

Eventually, every member router maintains one VF for each virtual MAC address in the VRRP group.

VF weight and priority

The weight of a VF indicates the forwarding capability of a VF. A higher weight means higher forwarding capability. When the weight is lower than the lower limit of failure, the VF cannot forward packets.

The priority of a VF determines the VF state. Among the VFs created on different member routers for the same virtual MAC address, the VF with the highest priority, known as the active virtual forwarder (AVF), is in active state to forward packets, and all other VFs listen to the state of the AVF and are known as the listening virtual forwarders (LVFs). VF priority is in the range of 0 to 255, where 255 is reserved for the VF owner. When the weight of a VF owner is higher than or equal to the lower limit of failure, the priority of the VF owner is 255.

The priority of a VF is calculated based on its weight:

• On the router that owns the VF, if the weight of the VF is higher than or equal to the lower limit of

failure, the priority of the VF is 255.

• On a router that does not own the VF, if the weight of the VF is higher than or equal to the lower limit

• If the weight of the VF is lower than the lower limit of failure, the priority of the VF is 0.

VF backup

The VFs corresponding to a virtual MAC address on different routers in the VRRP group back up one another.

Figure 8 VF information

of failure, the priority of the VF is calculated as weight/(number of local AVFs +1).

VF timers

Figure 8 shows the VF table on each router in the VRRP group and how the VFs back up one another. The

master, Router A, assigns virtual MAC addresses 000f-e2ff-0011, 000f-e2ff-0012, and 000f-e2ff-0013 to itself, Router B, and Router C; and each router creates VF 1, VF 2, and VF 3, respectively, for the virtual MAC addresses. The VFs for the same virtual MAC address on different routers back up one another. For example, the VF 1 instances on Router A, Router B, and Router C back up one another.

• The VF 1 instance on Router A (the VF 1 owner) has priority 255 and acts as the AVF to forward

packets sent to virtual MAC address 000f-e2ff-0011.

• The VF 1 instances on Router B and Router C have a priority of 255/(1 + 1), or 127. Because their

priorities are lower than the priority of the VF 1 instance on Router A, they act as LVFs to listen to the state of the VF 1 instance on Router A.

• When the VF 1 instance on Router A fails, the VF 1 instances on Router B and Router C elect the one

with higher priority as the new AVF to forward packets destined for virtual MAC address 000f-e2ff-0011. If the two LVFs' priorities are the same, the LVF with a greater device MAC address becomes the new AVF.

A VF always operates in preemptive mode. When an LVF finds its priority value higher than the one advertised by the AVF, the LVF declares itself as the AVF.

When the AVF on a router fails, the new AVF on another router creates a redirect timer and a timeout timer for the failed AVF, as follows:

• Redirect timer—Before this timer expires, the master still uses the virtual MAC address

• Timeout timer—The duration after which the new AVF takes over responsibilities of the failed VF

VF tracking

An AVF forwards packets destined for the MAC address of the AVF. If the upstream link of the AVF fails but no LVF takes over the AVF role, the hosts on the subnet that use the MAC address of the AVF as their gateway MAC address cannot access the external network.

The VF tracking function can solve this problem. You can use NQA or BFD to monitor the upstream link state of the VF owner, and establish the collaboration between the VFs and NQA or BFD through the tracking function. When the upstream link fails, the state of the track entry changes to Negative, and the weights of the VFs (including the AVF) on the router decrease by a specified value. The corresponding LVF with a higher priority on another router becomes the AVF and forwards packets.

corresponding to the failed AVF to respond to ARP/ND requests from hosts, and the VF owner can share traffic load if the VF owner resumes normal operation within this time. When this timer expires, the master stops using the virtual MAC address corresponding to the failed AVF to respond to ARP/ND requests from hosts.

owner. Before this timer expires, all routers in the VRRP group keep the VFs that correspond to the failed AVF, and the new AVF forwards packets destined for the virtual MAC address of the failed AVF. When this timer expires, all routers in the VRRP group remove the VFs that correspond to the failed AVF, including the new AVF. Packets destined for the virtual MAC address of the failed AVF are not forwarded any longer.

Protocols and standards

• RFC 3768, Virtual Router Redundancy Protocol (VRRP)

• RFC 5798, Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6

Configuring IPv4 VRRP

This section describes how to configure IPv4 VRRP.

IPv4 VRRP configuration task list

Tasks at a glance

(Required.) Specifying an IPv4 VRRP operating mode N/A

(Optional.) Specifying the IPv4 VRRP version N/A

(Required.) Creating a VRRP group and assigning a virtual IP address N/A

(Optional.) Configuring the router priority, preemptive mode, and tracking

function

(Optional.) Configuring IPv4 VRRP packet attributes N/A

Remarks

N/A

(Optional.) Configuring VF tracking

(Optional.) Enabling SNMP notifications for VRRP N/A

This configuration applies to only VRRP load balancing mode.

Tasks at a glance

(Optional.) Disabling an IPv4 VRRP group N/A

Specifying an IPv4 VRRP operating mode

A VRRP group can operate in either of the following modes:

• Standard mode—Only the master can forward packets.

• Load balancing mode—All members that have an AVF can forward packets.

After an IPv4 VRRP operating mode is configured on a router, all IPv4 VRRP groups on the router operate in the specified operating mode.

To specify an IPv4 VRRP operating mode:

Step Command

1. Enter system view.

2. Specify an IPv4 VRRP

operating mode.

system-view N/A

• Specify the standard mode:

undo vrrp mode

• Specify the load balancing

mode:

vrrp mode load-balance

Remarks

Use one of the commands.

By default, VRRP operates in standard mode.

Specifying the IPv4 VRRP version

The VRRP version on all routers in an IPv4 VRRP group must be the same.

To specify the version of IPv4 VRRP:

Step Command

1. Enter system view.

2. Enter interface view.

3. Specify the version of

VRRP.

system-view N/A

interface interface-type interface-number N/A

vrrp version version-number By default, VRRPv3 is used.

Remarks

Creating a VRRP group and assigning a virtual IP address

A VRRP group can operate correctly after you create it and assign at least one virtual IP address to it. You can configure multiple virtual IP addresses for the VRRP group on an interface that connects to multiple subnets for router backup on different subnets.

Configuration guidelines

• The maximum number of VRRP groups that you can create on an interface is 8. The maximum

number of virtual IP addresses that you can assign to a VRRP group is 16.

• In VRRP load balancing mode, the device supports a maximum of MaxVRNum/N VRRP groups.

MaxVRNum refers to the maximum number of VRRP groups supported by the device in VRRP

standard mode, and N refers to the number of devices in the VRRP group.

• When VRRP is operating in standard mode, the virtual IP address of a VRRP group can be either an

unused IP address on the subnet where the VRRP group resides or the IP address of an interface on a router in the VRRP group.

• In load balancing mode, the virtual IP address of a VRRP group can be any unassigned IP address

of the subnet where the VRRP group resides, rather than the IP address of any interface in the VRRP group. No IP address owner can exist in a VRRP group.

• When a router is the IP address owner in a VRRP group, do not configure the network command on

the interface to use the IP address of the interface, or the virtual IP address of the VRRP group, to establish a neighbor relationship with the adjacent router. For more information about the network command, see Layer 3—IP Routing Command Reference.

• If you create an IPv4 VRRP group but do not assign any virtual IP address for it, the VRRP group stays

in inactive state and does not function.

• Removal of the VRRP group on the IP address owner causes IP address collision. To avoid the

collision, change the IP address of the interface on the IP address owner before you remove the VRRP group from the interface.

• The virtual IP addresses of an IPv4 VRRP group and the IP address of the downlink interface of the

VRRP group must be in the same subnet. Otherwise, the hosts in the subnet cannot access external networks.

Configuration procedure

To create a VRRP group and assign a virtual IP address:

Step Command

1. Enter system view.

2. Enter interface view.

3. Create a VRRP group

and assign a virtual IP address.

system-view N/A

interface interface-type interface-number N/A

vrrp vrid virtual-router-id virtual-ip virtual-address

Remarks

By default, no VRRP group exists.

Configuring the router priority, preemptive mode, and tracking function

The router priority determines which router in the VRRP group serves as the master. The preemptive mode enables a backup to take over as the master when it detects that it has a higher priority than the current master. The tracking function decreases the router priority or enables the backup to take over as the master when the state of the monitored track entry transits to Negative.

Configuration guidelines

• The running priority of an IP address owner is always 255, and you do not need to configure it. An

IP address owner always operates in preemptive mode.

• If you associate a track entry with a VRRP group on an IP address owner, the association does not

take effect until the router is not an IP address owner.

Configuration procedure

To configure the router priority, preemptive mode, and tracking function:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the priority of the

router in the VRRP group.

4. Enable the preemptive mode

for the router in a VRRP group and configure the preemption delay time.

5. Associate a VRRP group with

a track entry.

system-view N/A

interface interface-type

interface-number

vrrp vrid virtual-router-id priority priority-value

vrrp vrid virtual-router-id preempt-mode [ delay

delay-value ]

vrrp vrid virtual-router-id track track-entry-number [ reduced priority-reduced | switchover ]

Configuring IPv4 VRRP packet attributes

Configuration guidelines

• You can configure different authentication modes and authentication keys for VRRP groups on an

interface. However, members of the same VRRP group must use the same authentication mode and authentication key.

Remarks

N/A

The default setting is 100.

By default, the router in a VRRP group operates in preemptive mode and the preemption delay time is 0 seconds, which means an immediate preemption.

By default, a VRRP group is not associated with any track entry.

• In VRRPv3, authentication mode and authentication key settings do not take effect.

• In VRRPv2, all routers in a VRRP group must have the same VRRP advertisement interval.

• In VRRPv3, routers in an IPv4 VRRP group can have different intervals for sending VRRP

advertisements. The master in the VRRP group sends VRRP advertisements at specified intervals, and carries the interval in the advertisements. After a backup receives the advertisement, it records the interval in the advertisement. If the backup does not receive a new VRRP advertisement from the master when the timer (3 x recorded interval + Skew_Time) expires, it regards the master as failed and takes over as the new master.

Configuration procedure

To configure VRRP packet attributes:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the authentication

mode and authentication key for an IPv4 VRRP group to send and receive VRRP packets.

Remarks

system-view N/A

interface interface-type

interface-number

vrrp vrid virtual-router-id authentication-mode { md5 | simple } { cipher | plain } key

N/A

By default, authentication is disabled.

Step Command

4. Configure the interval at

which the master in an IPv4 VRRP group sends VRRP advertisements.

5. Specify the source interface

for receiving and sending VRRP packets.

6. Enable TTL check for IPv4

VRRP packets.

7. Return to system view.

8. Configure a DSCP value for

VRRP packets.

vrrp vrid virtual-router-id timer advertise adver-interval

vrrp vrid virtual-router-id source-interface interface-type interface-number

vrrp check-ttl enable

quit N/A

vrrp dscp dscp-value

Remarks

The default setting is 100 centiseconds.

To maintain system stability, HP recommends that you set the VRRP advertisement interval to be greater than 100 centiseconds.

By default, the source interface for receiving and sending VRRP packets is not specified. The interface where the VRRP group resides sends and receives VRRP packets.

By default, TTL check for IPv4 VRRP packets is enabled.

The DSCP value identifies the packet priority during transmission.

By default, the DSCP value for VRRP packets is 48.

Configuring VF tracking

You can configure VF tracking in both standard mode and load balancing mode, but the function takes effect only in load balancing mode.

In load balancing mode, you can establish the collaboration between the VFs and NQA or BFD through the tracking function. When the state of the track entry transits to Negative, the weights of all VFs in the VRRP group on the router decrease by a specific value. When the state of the track entry transits to Positive or Notready, the original weight values of the VFs restore.

Configuration guidelines

• By default, the weight of a VF is 255, and its lower limit of failure is 10.

• When the weight of a VF owner is higher than or equal to the lower limit of failure, its priority is

always 255 and does not change with the weight. To guarantee that an LVF can take over the VF owner as the AVF when the upstream link of the VF owner fails, the reduced weight for the VF owner must be higher than 245 so the weight of the VF owner can drop below the lower limit of failure.

Configuration procedure

To configure VF tracking:

Step Command

1. Enter system view.

Remarks

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

Step Command

3. Configure the VFs in a VRRP

group to monitor a track entry and configure the reduced weight.

vrrp vrid virtual-router-id weight track track-entry-number [ reduced

weight-reduced ]

Enabling SNMP notifications for VRRP

Perform this task to enable VRRP to report important events through notifications to the SNMP module. The SNMP module determines how to output the notifications according to the configured output rules. For more information about notifications, see Network Management and Monitoring Configuration Guide.

To enable SNMP notifications for VRRP:

Step Command

1. Enter system view.

2. Enable SNMP notifications for

VRRP.

system-view N/A

snmp-agent trap enable vrrp [ auth-failure | new-master ]

Remarks

By default, no track entry is specified.

Remarks

By default, SNMP notifications for VRRP are enabled.

Disabling an IPv4 VRRP group

You can temporarily disable an IPv4 VRRP group. After being disabled, the VRRP group stays in initialized state, and its configurations remain unchanged. You can change the configuration of a VRRP group when the VRRP group is disabled. Your changes take effect when you enable the VRRP group again.

To disable an IPv4 VRRP group:

Step Command

1. Enter system view.

2. Enter interface view.

3. Disable a VRRP group.

system-view N/A

interface interface-type

interface-number

vrrp vrid virtual-router-id shutdown

Displaying and maintaining IPv4 VRRP

Execute display commands in any view and the reset command in user view.

Remarks

N/A

By default, a VRRP group is enabled.

Task Command

Display states of IPv4 VRRP groups.

Display statistics for IPv4 VRRP groups.

display vrrp [ interface interface-type interface-number [ vrid virtual-router-id ] ] [ verbose ]

display vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]

Task Command

Clear statistics for IPv4 VRRP groups.

reset vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]

Configuring IPv6 VRRP

This section describes how to configure IPv6 VRRP.

IPv6 VRRP configuration task list

Tasks at a glance

(Required.) Specifying an IPv6 VRRP operating

mode

(Required.) Creating a VRRP group and

assigning a virtual IPv6 address

(Optional.) Configuring the router priority,

preemptive mode, and tracking function

(Optional.) Configuring VF tracking

Remarks

N/A

This configuration applies to only VRRP load balancing mode.

(Optional.) Configuring IPv6 VRRP packet

attributes

(Optional.) Disabling an IPv6 VRRP group N/A

N/A

Specifying an IPv6 VRRP operating mode

A VRRP group can operate in either of the following modes:

• Standard mode—Only the master can forward packets.

• Load balancing mode—All members that have an AVF can forward packets.

After the IPv6 VRRP operating mode is specified on a router, all IPv6 VRRP groups on the router operate in the specified operating mode.

To specify an IPv6 VRRP operating mode:

Step Command

1. Enter system view.

2. Specify an IPv6 VRRP

operating mode.

system-view N/A

• Specify the standard mode:

undo vrrp ipv6 mode

• Specify the load balancing

mode:

vrrp ipv6 mode load-balance

Remarks

Use one of the commands.

By default, VRRP operates in standard mode.

Creating a VRRP group and assigning a virtual IPv6 address

A VRRP group can work correctly after you create it and assign at least one virtual IPv6 address for it. You can configure multiple virtual IPv6 addresses for the VRRP group on an interface that connects to multiple subnets for router backup.

Configuration guidelines

• If a router is the IP address owner in a VRRP group, do not configure the ospfv3 area command on

the interface to use the IPv6 address of the interface or the virtual IPv6 address of the VRRP group, to establish an OSPFv3 neighbor relationship with the adjacent router. For more information about the ospfv3 area command, see Layer 3—IP Routing Command Reference.

• In load balancing mode, the virtual IPv6 address of a VRRP group cannot be the same as the IPv6

address of any interface in the VRRP group.

• The maximum number of VRRP groups that you can create on an interface is 8. The maximum

number of virtual IPv6 addresses that you can assign for a VRRP group is 16.

• If you create an IPv6 VRRP group but do not assign any virtual IPv6 addresses to it, the VRRP group

stays in inactive state and does not function.

• To avoid IP address collisions, change the IPv6 address of the interface on the IP address owner

before you remove the VRRP group from the interface.

• The virtual IPv6 addresses of an IPv6 VRRP group and the IPv6 address of the interface where the

VRRP g rou p is co nfigured must be in t he sam e subn et. Other wise, hosts on the s ubnet c annot a ccess external networks.

Configuration procedure

To create a VRRP group and assign a virtual IPv6 address:

Step Command

1. Enter system view.

2. Enter interface view.

3. Create a VRRP group and

assign a virtual IPv6 address, which is a link-local address.

4. (Optional.) Assign a virtual

IPv6 address, which is a global unicast address.

Remarks

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id virtual-ip virtual-address link-local

vrrp ipv6 vrid virtual-router-id virtual-ip virtual-address

N/A

By default, no VRRP group exists.

The first virtual IPv6 address that you assign to an IPv6 VRRP group must be a link-local address, and it must be the last address you remove. Only one link local address is allowed in a VRRP group.

By default, no global unicast address is assigned for an IPv6 VRRP group.

Configuring the router priority, preemptive mode, and tracking function

Configuration guidelines

• The running priority of an IP address owner is always 255, and you do not need to configure it. An

IP address owner always operates in preemptive mode.

• If you associate a track entry with a VRRP group on an IP address owner, the association does not

take effect until the router becomes a non-IP address owner.

• When the track entry changes from Negative to Positive or Notready, the router automatically

restores its priority.

Configuration procedure

To configure the router priority, preemptive mode, and tracking function:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the priority of the

router in the VRRP group.

4. Enable the preemptive mode

for the router in a VRRP group and configure the preemption delay time.

5. Associate a VRRP group with

a track entry.

Configuring VF tracking

You can configure VF tracking in both standard mode and load balancing mode, but the function takes effect only in load balancing mode.

In load balancing mode, you can configure the VFs in a VRRP group to monitor a track entry. When the state of the track entry transits to Negative, the weights of all VFs in the VRRP group on the router decrease by a specific value. When the state of the track entry transits to Positive or Notready, the original weights of the VFs restore.

Remarks

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id priority priority-value

vrrp ipv6 vrid virtual-router-id preempt-mode [ delay

delay-value ]

vrrp ipv6 vrid virtual-router-id track track-entry-number [ reduced priority-reduced | switchover ]

N/A

The default setting is 100.

By default, the router in a VRRP group operates in preemptive mode and the preemption delay time is 0 seconds, which means an immediate preemption.

By default, a VRRP group is not associated with any track entry.

Configuration guidelines

• By default, the weight of a VF is 255, and its lower limit of failure is 10.

• When the weight of a VF owner is higher than or equal to the lower limit of failure, its priority is

Configuration procedure

To configure VF tracking:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the VFs in a VRRP

group to monitor a track entry and configure the reduced weight.

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id weight track track-entry-number

[ reduced weight-reduced ]

Configuring IPv6 VRRP packet attributes

This section describes how to configure IPv6 VRRP packet attributes.

Configuration guidelines

• The routers in an IPv6 VRRP group can have different intervals for sending VRRP advertisements. The

master in the VRRP group sends VRRP advertisements at the specified interval and carries the interval attribute in the advertisements. After a backup receives the advertisement, it records the interval in the advertisement. If the backup does not receive a new VRRP advertisement from the master when the timer (3 x recorded interval + Skew_Time) expires, it regards the master as failed and takes over as the new master.

Remarks

N/A

By default, no track entry is specified.

• A high volume of network traffic might cause a backup to fail to receive VRRP advertisements from

the master within the specified time, resulting in an unexpected master switchover. To solve this problem, configure a larger interval.

Configuration procedure

To configure the IPv6 VRRP packet attribute:

Step Command

1. Enter system view.

2. Enter interface view.

3. Configure the IPv6 VRRP

advertisement interval.

4. Return to system view.

5. Configure a DSCP value for IPv6

VRRP packets.

Remarks

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id timer advertise adver-interval

quit N/A

vrrp ipv6 dscp dscp-value

N/A

The default setting is 100 centiseconds.

To maintain system stability, HP recommends that you set the VRRP advertisement interval to be greater than 100 centiseconds.

The DSCP value identifies the packet priority during transmission.

By default, the DSCP value for IPv6 VRRP packets is 56.

Disabling an IPv6 VRRP group

You can temporarily disable an IPv6 VRRP group. After being disabled, the VRRP group stays in initialized state, and its configurations remain unchanged. You can change the configuration of a VRRP group when it is disabled. Your changes take effect when you enable the VRRP group again.

To disable an IPv6 VRRP group:

Step Command

1. Enter system view.

2. Enter interface view.

3. Disable an IPv6 VRRP group.

system-view N/A

interface interface-type

interface-number

vrrp ipv6 vrid virtual-router-id shutdown

Displaying and maintaining IPv6 VRRP

Execute display commands in any view and the reset command in user view.

Task Command

Display the states of IPv6 VRRP groups.

Display statistics for IPv6 VRRP groups.

Clear statistics for IPv6 VRRP groups.

display vrrp ipv6 [ interface interface-type interface-number [ vrid virtual-router-id ] ] [ verbose ]

display vrrp ipv6 statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]

reset vrrp ipv6 statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]

Remarks

N/A

By default, an IPv6 VRRP group is enabled.

IPv4 VRRP configuration examples

This section provides examples of configuring IPv4 VRRP applications on routers.

Single VRRP group configuration example

This section provides an example of configuring a single VRRP group on routers.

Network requirements

Router A and Router B form a VRRP group and use the virtual IP address 10.1.1.111/24 to provide gateway service for the subnet where Host A resides, as shown in Figure 9.

outer A operates as the master to forward packets from Host A to Host B. When Router A fails, Router

B takes over to forward packets for Host A.

Configure Router A to operate in preempt mode so Router A can forward traffic as long as Router A operates correctly. Configure the preempt delay as 5 seconds to avoid frequent status change.

Figure 9 Network diagram

Configuration procedure

1. Configure Router A:

# Specify an IP address for Router A.

<RouterA> system-view [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ip address 10.1.1.1 255.255.255.0

# Create VRRP group 1 on GigabitEthernet 1/0 and set its virtual IP address to 10.1.1.111.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.111

# Assign Router A a higher priority than Router B in VRRP group 1, so Router A can become the master.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 priority 110

# Configure Router A to operate in preemptive mode, so it can become the master whenever it operates correctly, and set the preemption delay to 5 seconds to avoid frequent status switchover.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5

2. Configure Router B:

# Specify an IP address for Router A.

<RouterB> system-view [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ip address 10.1.1.2 255.255.255.0

# Create VRRP group 1 on GigabitEthernet 1/0 and set its virtual IP address to 10.1.1.111.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.111

# Configure the priority of Router B in VRRP group 1 as 100.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 priority 100

# Configure Router B to operate in preemptive mode, and set the preemption delay to 5 seconds.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5

3. Verify the configuration:

# Ping Host B from Host A. (Details not shown.)

# Display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information:

Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : 10.1.1.111 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.1

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 412ms left Auth Type : None Virtual IP : 10.1.1.111 Master IP : 10.1.1.1

The output shows that Router A is operating as the master in VRRP group 1 to forward packets from Host A to Host B.

# Disconnect the link between Host A and Router A, and verify that Host A can still ping Host B. (Details not shown.)

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : 10.1.1.111 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.2

The output shows that when Router A fails, Router B takes over to forward packets from Host A to Host B.

# Recover the link between Host A and Router A, and display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : 10.1.1.111 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.1

The output shows that after Router A resumes normal operation, it becomes the master to forward packets from Host A to Host B.

Multiple VRRP groups configuration example

To implement load sharing between the VRRP groups, you must manually configure the default gateway 1 0 .1.1.111 f o r s o m e h o s t s a n d 10 .1.1.112 for the other on the subnet 10.1.1.0/24.

Network requirements

Router A and Router B form two VRRP groups to implement load sharing and mutual backup. VRRP group 1 uses the virtual IP address 10.1.1.111/24 to provide gateway service for some hosts on the subnet

10.1.1.0/24, and VRRP group 2 uses the virtual IP address 10.1.1.112/24 to provide gateway service for the other hosts on the subnet, as shown in Figure 10.

Figure 10 Network diagram

Configuration procedure

1. Configure Router A:

# Specify an IP address for Router A.

<RouterA> system-view

[RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ip address 10.1.1.1 255.255.255.0

# Create VRRP group 1 and set its virtual IP address to 10.1.1.111.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.111

# Assign Router A a higher priority than Router B in VRRP group 1, so Router A can become the master in the group.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 priority 110

# Create VRRP group 2, and set its virtual IP address to 10.1.1.112.

[RouterA-GigabitEthernet1/0] vrrp vrid 2 virtual-ip 10.1.1.112

2. Configure Router B:

# Specify an IP address for Router B.

<RouterB> system-view [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ip address 10.1.1.2 255.255.255.0

# Create VRRP group 1, and set its virtual IP address to 10.1.1.111.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.111

# Create VRRP group 2, and set its virtual IP address to 10.1.1.112.

[RouterB-GigabitEthernet1/0] vrrp vrid 2 virtual-ip 10.1.1.112

# Assign Router B a higher priority than Router A in VRRP group 2, so Router B can become the master in the group.

[RouterB-GigabitEthernet1/0] vrrp vrid 2 priority 110

3. Verify the configuration:

# Display detailed information about the VRRP groups on Router A.

[RouterA-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 2 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.1.111 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.1

Interface GigabitEthernet1/0 VRID : 2 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 201ms left Auth Type : None Virtual IP : 10.1.1.112 Master IP : 10.1.1.2

# Display detailed information about the VRRP groups on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 2 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 185ms left Auth Type : None Virtual IP : 10.1.1.111 Master IP : 10.1.1.1

Interface GigabitEthernet1/0 VRID : 2 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.1.112 Virtual MAC : 0000-5e00-0102 Master IP : 10.1.1.2

The output shows that Router A is operating as the master in VRRP group 1 to forward Internet traffic for hosts that use the default gateway 10.1.1.111/24, and Router B is operating as the master in VRRP group 2 to forward Internet traffic for hosts that use the default gateway

10.1.1.112/24.

VRRP load balancing configuration example

This section provides an example of configuring the VRRP load balancing mode.

Network requirements

Router A, Router B, and Router C form a load-balanced VRRP group, and use the virtual IP address 10 .1.1.1 / 24 to p r o v i d e g a t e w a y se r v i c e f o r s u b ne t 10 .1.1. 0 / 2 4 , a s s h o w n in Figure 11.

nfigure VFs on Router A, Router B, and Router C to monitor their respective GigabitEthernet 2/0. When the interface on any one of them fails, the weights of the VFs on the problematic router decrease so another AVF can take over.

Figure 11 Network diagram

Network

IP: 10.1.1.2/24

VIP: 10.1.1.1/24

IP: 10.1.1.5/24

Gateway IP: 10.1.1.1/24

Configuration procedure

1. Configure Router A:

# Configure VRRP to operate in load balancing mode.

<RouterA> system-view [RouterA] vrrp mode load-balance

# Create VRRP group 1, and set its virtual IP address to 10.1.1.1.

[RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ip address 10.1.1.2 24 [RouterA-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.1

# Assign Router A the highest priority in VRRP group 1, so Router A can become the master.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 priority 120

# Configure Router A to operate in preemptive mode, so it can become the master whenever it operates correctly. Set the preemption delay to 5 seconds to avoid frequent status switchover.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5 [RouterA-GigabitEthernet1/0] quit

# Create track entry 1 to monitor the upstream link status of GigabitEthernet 2/0. When the upstream link fails, the track entry transits to Negative.

[RouterA] track 1 interface ethernet 1/2

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] vrrp vrid 1 weight track 1 reduced 250

2. Configure Router B:

Router A Router B Router C

Master

AVF 1

GE1/0

Host A Host B Host C

GE2/0

Gateway IP: 10.1.1.1/24

Backup

AVF 2

GE1/0

IP: 10.1.1.3/24

VIP: 10.1.1.1/24

IP: 10.1.1.6/24

GE2/0

VIP: 10.1.1.1/24

Gateway IP: 10.1.1.1/24

GE2/0

GE1/0

IP: 10.1.1.4/24

IP: 10.1.1.7/24

Backup

AVF 3

# Configure VRRP to operate in load balancing mode.

<RouterB> system-view [RouterB] vrrp mode load-balance

# Create VRRP group 1, and set its virtual IP address to 10.1.1.1.

[RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ip address 10.1.1.3 24 [RouterB-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.1

# Assign Router B a higher priority than Router C in VRRP group 1, so Router B can become the master when Router A fails.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 priority 110

# Configure Router B to operate in preemptive mode, and set the preemption delay to 5 seconds.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5 [RouterB-GigabitEthernet1/0] quit

# Create track entry 1 to monitor the upstream link status of GigabitEthernet 2/0. When the upstream link fails, the track entry transits to Negative.

[RouterB] track 1 interface ethernet 1/2

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] vrrp vrid 1 weight track 1 reduced 250

3. Configure Router C:

# Configure VRRP to operate in load balancing mode.

<RouterC> system-view [RouterC] vrrp mode load-balance

# Create VRRP group 1, and set its virtual IP address as 10.1.1.1.

[RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] ip address 10.1.1.4 24 [RouterC-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.1

# Configure Router C to operate in preemptive mode, and set the preemption delay to 5 seconds.

[RouterC-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5 [RouterC-GigabitEthernet1/0] quit

# Create track entry 1 to monitor the upstream link status of GigabitEthernet 2/0. When the upstream link fails, the track entry transits to Negative.

[RouterC] track 1 interface ethernet 1/2

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] vrrp vrid 1 weight track 1 reduced 250

4. Verify the configuration:

# Verify that Host A can ping the external network. (Details not shown.)

# Display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0

VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 120 Running Pri : 120 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : 10.1.1.1 Member IP List : 10.1.1.2 (Local, Master)

10.1.1.3 (Backup)

10.1.1.4 (Backup) Forwarder Information: 3 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Active Virtual MAC : 000f-e2ff-0011 (Owner) Owner ID : 0000-5e01-1101 Priority : 255 Active : local Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-0012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 127 Active : 10.1.1.3 Forwarder 03 State : Listening Virtual MAC : 000f-e2ff-0013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 127 Active : 10.1.1.4 Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 5 Become Master : 426ms left Auth Type : None Virtual IP : 10.1.1.1 Member IP List : 10.1.1.3 (Local, Backup)

10.1.1.2 (Master)

10.1.1.4 (Backup)

Forwarder Information: 3 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Listening Virtual MAC : 000f-e2ff-0011 (Learnt) Owner ID : 0000-5e01-1101 Priority : 127 Active : 10.1.1.2 Forwarder 02 State : Active Virtual MAC : 000f-e2ff-0012 (Owner) Owner ID : 0000-5e01-1103 Priority : 255 Active : local Forwarder 03 State : Listening Virtual MAC : 000f-e2ff-0013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 127 Active : 10.1.1.4 Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

# Display detailed information about VRRP group 1 on Router C.

[RouterC-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 417ms left Auth Type : None Virtual IP : 10.1.1.1 Member IP List : 10.1.1.4 (Local, Backup)

10.1.1.2 (Master)

10.1.1.3 (Backup) Forwarder Information: 3 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Listening Virtual MAC : 000f-e2ff-0011 (Learnt) Owner ID : 0000-5e01-1101 Priority : 127 Active : 10.1.1.2

Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-0012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 127 Active : 10.1.1.3 Forwarder 03 State : Active Virtual MAC : 000f-e2ff-0013 (Owner) Owner ID : 0000-5e01-1105 Priority : 255 Active : local Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

The output shows that Router A is the master in VRRP group 1, and each of the three routers has one AVF and two LVFs.

# Disconnect the link of GigabitEthernet 2/0 on Router A, and display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 120 Running Pri : 120 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : 10.1.1.1 Member IP List : 10.1.1.2 (Local, Master)

10.1.1.3 (Backup)

10.1.1.4 (Backup) Forwarder Information: 3 Forwarders 0 Active Config Weight : 255 Running Weight : 5 Forwarder 01 State : Initialize Virtual MAC : 000f-e2ff-0011 (Owner) Owner ID : 0000-5e01-1101 Priority : 0 Active : 10.1.1.4 Forwarder 02 State : Initialize Virtual MAC : 000f-e2ff-0012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 0 Active : 10.1.1.3 Forwarder 03

State : Initialize Virtual MAC : 000f-e2ff-0013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 0 Active : 10.1.1.4 Forwarder Weight Track Information: Track Object : 1 State : Negative Weight Reduced : 250

# Display detailed information about VRRP group 1 on Router C.

[RouterC-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 412ms left Auth Type : None Virtual IP : 10.1.1.1 Member IP List : 10.1.1.4 (Local, Backup)

10.1.1.2 (Master)

10.1.1.3 (Backup) Forwarder Information: 3 Forwarders 2 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Active Virtual MAC : 000f-e2ff-0011 (Take Over) Owner ID : 0000-5e01-1101 Priority : 85 Active : local Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-0012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 85 Active : 10.1.1.3 Forwarder 03 State : Active Virtual MAC : 000f-e2ff-0013 (Owner) Owner ID : 0000-5e01-1105 Priority : 255 Active : local Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

forward traffic. The VF for MAC address 000f-e2ff-0011 on Router C becomes the AVF to forward traffic.

# When the timeout timer (about 1800 seconds) expires, display detailed information about VRRP group 1 on Router C.

[RouterC-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : 10.1.1.1 Member IP List : 10.1.1.4 (Local, Backup)

10.1.1.2 (Master)

10.1.1.3 (Backup) Forwarder Information: 2 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-0012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 127 Active : 10.1.1.3 Forwarder 03 State : Active Virtual MAC : 000f-e2ff-0013 (Owner) Owner ID : 0000-5e01-1105 Priority : 255 Active : local Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

The output shows that when the timeout timer expires, the VF for virtual MAC address 000f-e2ff-0011 is removed, and no longer forwards the packets destined for the MAC address.

# When Router A fails, display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 5 Auth Type : None

Virtual IP : 10.1.1.1 Member IP List : 10.1.1.3 (Local, Master)

10.1.1.4 (Backup) Forwarder Information: 2 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 02 State : Active Virtual MAC : 000f-e2ff-0012 (Owner) Owner ID : 0000-5e01-1103 Priority : 255 Active : local Forwarder 03 State : Listening Virtual MAC : 000f-e2ff-0013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 127 Active : 10.1.1.4 Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

The output shows that when Router A fails, Router B becomes the master because it has a higher priority than Router C, and the VF for virtual MAC address 000f-e2ff-0011 is removed.

IPv6 VRRP configuration examples

This section provides examples of configuring IPv6 VRRP applications on routers.

Single VRRP group configuration example

This section provides an example of configuring a single VRRP group on routers.

Network requirements

Router A and Router B form a VRRP group, and use the virtual IP addresses 1::10/64 and FE80::10 to provide gateway service for the subnet where Host A resides, as shown in Figure 12.

st A learns 1::10/64 as its default gateway from RA messages sent by the routers.

Router A operates as the master to forward packets from Host A to Host B. When Router A fails, Router B takes over to forward packets for Host A.

Figure 12 Network diagram

Configuration procedure

1. Configure Router A:

# Specify an IPv6 address for Router A.

<RouterA> system-view [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ipv6 address fe80::1 link-local [RouterA-GigabitEthernet1/0] ipv6 address 1::1 64

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip 1::10

# Assign Router A a higher priority than Router B in VRRP group 1, so Router A can become the master.

[RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 priority 110

# Configure Router A to operate in preemptive mode, so it can become the master whenever it operates correctly, and set the preemption delay to 5 seconds to avoid frequent status switchover.

[RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 preempt-mode delay 5

# Enable Router A to send RA messages, so Host A can learn the default gateway address.

[RouterA-GigabitEthernet1/0] undo ipv6 nd ra halt

2. Configure Router B:

# Specify an IPv6 address for Router B.

<RouterB> system-view [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ipv6 address fe80::2 link-local [RouterB-GigabitEthernet1/0] ipv6 address 1::2 64

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip 1::10

# Configure Router B to operate in preemptive mode, and set the preemption delay to 5 seconds.

[RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 preempt-mode delay 5

# Enable Router B to send RA messages, so Host A can learn the default gateway address.

[RouterB-GigabitEthernet1/0] undo ipv6 nd ra halt

3. Verify the configuration:

# Ping Host B from Host A. (Details not shown.)

# Display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : FE80::10 1::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::1

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 411ms left Auth Type : None Virtual IP : FE80::10 1::10 Master IP : FE80::1

The output shows that Router A is operating as the master in VRRP group 1 to forward packets from Host A to Host B.

# Disconnect the link between Host A and Router A, and verify that Host A can still ping Host B. (Details not shown.)

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5

Auth Type : None Virtual IP : FE80::10 1::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::2

The output shows that when Router A fails, Router B takes over to forward packets from Host A to Host B.

# Recover the link between Host A and Router A, and display detailed information about VRRP group 1 on Router A.

The output shows that after Router A resumes normal operation, it becomes the master to forward packets from Host A to Host B.

Multiple VRRP groups configuration example

To implement load sharing between the VRRP groups, you must manually configure the default gateway 1::10 for some hosts and 1::20 for the other on the subnet 1::/64.

Network requirements

Router A and Router B form two VRRP groups to implement load sharing and mutual backup. VRRP group 1 uses the virtual IP address 1::10/64 to provide gateway service for some hosts on the subnet 1::/64, and VRRP group 2 uses the virtual IP address 1::20/64 to provide gateway service for the other hosts on the subnet, as shown in Figure 13.

Figure 13 Network diagram

Configuration procedure

1. Configure Router A:

# Specify an IPv6 address for Router A.

<RouterA> system-view [RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ipv6 address fe80::1 link-local [RouterA-GigabitEthernet1/0] ipv6 address 1::1 64

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 to 1::10.

[RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip 1::10

# Assign a higher priority to Router A than Router B in VRRP group 1, so Router A can become the master in the group.

[RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 priority 110

# Create VRRP group 2, and set its virtual IPv6 addresses to FE80::20 and 1::20.

[RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local [RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 2 virtual-ip 1::20

2. Configure Router B:

# Specify an IPv6 address for Router B.

<RouterB> system-view [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ipv6 address fe80::2 link-local [RouterB-GigabitEthernet1/0] ipv6 address 1::2 64

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip 1::10

# Create VRRP group 2, and set its virtual IPv6 addresses to FE80::20 and 1::20.

[RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local [RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 2 virtual-ip 1::20

# Assign Router B a higher priority than Router A in VRRP group 2, so Router B can become the master in the group.

[RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 2 priority 110

3. Verify the configuration:

# Display detailed information about the VRRP groups on Router A.

[RouterA-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 2 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : FE80::10 1::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::1

Interface GigabitEthernet1/0 VRID : 2 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 410ms left Auth Type : None Virtual IP : FE80::20 1::20 Master IP : FE80::2

# Display detailed information about the VRRP groups on Router B.

[RouterB-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 2 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 407ms left Auth Type : None Virtual IP : FE80::10 1::10 Master IP : FE80::1

Interface GigabitEthernet1/0 VRID : 2 Adver Timer : 100

Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : FE80::20 1::20 Virtual MAC : 0000-5e00-0202 Master IP : FE80::2

The output shows that Router A is operating as the master in VRRP group 1 to forward Internet traffic for hosts that use the default gateway 1::10/64. Router B is operating as the master in VRRP group 2 to forward Internet traffic for hosts that use the default gateway 1::20/64.

VRRP load balancing configuration example

This section provides an example of configuring the VRRP load balancing mode.

Network requirements

Router A, Router B, and Router C form a load balanced VRRP group and use the virtual IPv6 addresses FE80::10 and 1::10 to provide gateway service for the subnet 1::/64, as shown in Figure 14.

sts on subnet 1::/64 learn 1::10 as their default gateway from RA messages sent by the routers.

Configure VFs on Router A, Router B, or Router C to monitor their respective GigabitEthernet 2/0. When the interface on any of them fails, the weights of the VFs on the problematic router decrease so another AVF can take over.

Figure 14 Network diagram

Configuration procedure

1. Configure Router A:

# Configure VRRP to operate in load balancing mode.

<RouterA> system-view [RouterA] vrrp ipv6 mode load-balance

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] ipv6 address fe80::1 link-local [RouterA-GigabitEthernet1/0] ipv6 address 1::1 64 [RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip 1::10

# Assign Router A the highest priority in VRRP group 1, so Router A can become the master.

[RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 priority 120

# Configure Router A to operate in preemptive mode, so it can become the master whenever it operates correctly. Set the preemption delay to 5 seconds to avoid frequent status switchover.

[RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 preempt-mode delay 5

# Enable Router A to send RA messages, so hosts on subnet 1::/64 can learn the default gateway address.

[RouterA-GigabitEthernet1/0] undo ipv6 nd ra halt [RouterA-GigabitEthernet1/0] quit

# Create track entry 1 to monitor the upstream link status of GigabitEthernet 2/0. When the upstream link fails, the track entry transits to Negative.

[RouterA] track 1 interface ethernet 1/2

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] vrrp ipv6 vrid 1 weight track 1 reduced 250

2. Configure Router B:

# Configure VRRP to operate in load balancing mode.

<RouterB> system-view [RouterB] vrrp ipv6 mode load-balance

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] ipv6 address fe80::2 link-local [RouterB-GigabitEthernet1/0] ipv6 address 1::2 64 [RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip 1::10

# Assign Router B a higher priority than Router C in VRRP group 1, so Router B can become the master when Router A fails.

[RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 priority 110

# Configure Router B to operate in preemptive mode and set the preemption delay to 5 seconds.

[RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 preempt-mode delay 5

# Enable Router B to send RA messages, so hosts on subnet 1::/64 can learn the default gateway address.

[RouterB-GigabitEthernet1/0] undo ipv6 nd ra halt

[RouterB-GigabitEthernet1/0] quit

# Create track entry 1 to monitor the upstream link status of GigabitEthernet 2/0. When the upstream link fails, the track entry transits to Negative.

[RouterB] track 1 interface ethernet 1/2

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] vrrp ipv6 vrid 1 weight track 1 reduced 250

3. Configure Router C:

# Configure VRRP to operate in load balancing mode.

<RouterC> system-view [RouterC] vrrp ipv6 mode load-balance

# Create VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10.

[RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] ipv6 address fe80::3 link-local [RouterC-GigabitEthernet1/0] ipv6 address 1::3 64 [RouterC-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [RouterC-GigabitEthernet1/0] vrrp ipv6 vrid 1 virtual-ip 1::10

# Configure Router C to operate in preemptive mode and set the preemption delay to 5 seconds.

[RouterC-GigabitEthernet1/0] vrrp ipv6 vrid 1 preempt-mode delay 5

# Enable Router C to send RA messages, so hosts on subnet 1::/64 can learn the default gateway address.

[RouterC-GigabitEthernet1/0] undo ipv6 nd ra halt [RouterC-GigabitEthernet1/0] quit

# Create track entry 1 to monitor the upstream link status of GigabitEthernet 2/0. When the upstream link fails, the track entry transits to Negative.

[RouterC] track 1 interface ethernet 1/2

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[RouterC] interface gigabitethernet 1/0 [RouterC-GigabitEthernet1/0] vrrp ipv6 vrid 1 weight track 1 reduced 250

4. Verify the configuration:

# Verify that Host A can ping the external network. (Details not shown.)

# Display detailed information about VRRP group 1 on Router A.

Member IP List : FE80::1 (Local, Master) FE80::2 (Backup) FE80::3 (Backup) Forwarder Information: 3 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Active Virtual MAC : 000f-e2ff-4011 (Owner) Owner ID : 0000-5e01-1101 Priority : 255 Active : local Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-4012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 127 Active : FE80::2 Forwarder 03 State : Listening Virtual MAC : 000f-e2ff-4013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 127 Active : FE80::3 Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 5 Become Master : 400ms left Auth Type : None Virtual IP : FE80::10 1::10 Member IP List : FE80::2 (Local, Backup) FE80::1 (Master) FE80::3 (Backup) Forwarder Information: 3 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Listening

Virtual MAC : 000f-e2ff-4011 (Learnt) Owner ID : 0000-5e01-1101 Priority : 127 Active : FE80::1 Forwarder 02 State : Active Virtual MAC : 000f-e2ff-4012 (Owner) Owner ID : 0000-5e01-1103 Priority : 255 Active : local Forwarder 03 State : Listening Virtual MAC : 000f-e2ff-4013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 127 Active : FE80::3 Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

# Display detailed information about VRRP group 1 on Router C.

[RouterC-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 402ms left Auth Type : None Virtual IP : FE80::10 1::10 Member IP List : FE80::3 (Local, Backup) FE80::1 (Master) FE80::2 (Backup) Forwarder Information: 3 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Listening Virtual MAC : 000f-e2ff-4011 (Learnt) Owner ID : 0000-5e01-1101 Priority : 127 Active : FE80::1 Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-4012 (Learnt) Owner ID : 0000-5e01-1103

Priority : 127 Active : FE80::2 Forwarder 03 State : Active Virtual MAC : 000f-e2ff-4013 (Owner) Owner ID : 0000-5e01-1105 Priority : 255 Active : local Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

The output shows that Router A is the master in VRRP group 1, and each of the three routers has one AVF and two LVFs.

# Disconnect the link of GigabitEthernet 2/0 on Router A, and display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 120 Running Pri : 120 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : FE80::10 1::10 Member IP List : FE80::1 (Local, Master) FE80::2 (Backup) FE80::3 (Backup) Forwarder Information: 3 Forwarders 0 Active Config Weight : 255 Running Weight : 5 Forwarder 01 State : Initialize Virtual MAC : 000f-e2ff-4011 (Owner) Owner ID : 0000-5e01-1101 Priority : 0 Active : FE80::3 Forwarder 02 State : Initialize Virtual MAC : 000f-e2ff-4012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 0 Active : FE80::2 Forwarder 03 State : Initialize Virtual MAC : 000f-e2ff-4013 (Learnt) Owner ID : 0000-5e01-1105

Priority : 0 Active : FE80::3 Forwarder Weight Track Information: Track Object : 1 State : Negative Weight Reduced : 250

# Display detailed information about VRRP group 1 on Router C.

[RouterC-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 401ms left Auth Type : None Virtual IP : FE80::10 1::10 Member IP List : FE80::3 (Local, Backup) FE80::1 (Master) FE80::2 (Backup) Forwarder Information: 3 Forwarders 2 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Active Virtual MAC : 000f-e2ff-4011 (Take Over) Owner ID : 0000-5e01-1101 Priority : 85 Active : local Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-4012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 85 Active : FE80::2 Forwarder 03 State : Active Virtual MAC : 000f-e2ff-4013 (Owner) Owner ID : 0000-5e01-1105 Priority : 255 Active : local Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

The output shows that whenGigabitEthernet 2/0 on Router A fails, the weights of the VFs on Router A drop below the lower limit of failure. All VFs on Router A transit to the Initialized state and cannot forward traffic. The VF for MAC address 000f-e2ff-4011 on Router C becomes the AVF to forward traffic.

# When the timeout timer (about 1800 seconds) expires, display detailed information about VRRP group 1 on Router C.

[RouterC-GigabitEthernet1/0] display vrrp ipv6 verbose IPv6 Virtual Router Information: Running Mode : Load Balance Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 400ms left Auth Type : None Virtual IP : FE80::10 1::10 Member IP List : FE80::3 (Local, Backup) FE80::1 (Master) FE80::2 (Backup) Forwarder Information: 2 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-4012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 127 Active : FE80::2 Forwarder 03 State : Active Virtual MAC : 000f-e2ff-4013 (Owner) Owner ID : 0000-5e01-1105 Priority : 255 Active : local Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

The output shows that when the timeout timer expires, the VF for virtual MAC address 000f-e2ff-4011 is removed, and no longer forwards the packets destined for the MAC address.

# When Router A fails, display detailed information about VRRP group 1 on Router B.

Virtual IP : FE80::10 1::10 Member IP List : FE80::2 (Local, Master) FE80::3 (Backup) Forwarder Information: 2 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 02 State : Active Virtual MAC : 000f-e2ff-4012 (Owner) Owner ID : 0000-5e01-1103 Priority : 255 Active : local Forwarder 03 State : Listening Virtual MAC : 000f-e2ff-4013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 127 Active : FE80::3 Forwarder Weight Track Information: Track Object : 1 State : Positive Weight Reduced : 250

The output shows that when Router A fails, Router B becomes the master because it has a higher priority than Router C, and the VF for virtual MAC address 000f-e2ff-4011 is removed.

Troubleshooting VRRP

An error prompt is displayed

Symptom

An error prompt "The virtual router detected a VRRP configuration error." is displayed during configuration.

Analysis

This symptom is probably caused by the following reasons:

• The VRRP advertisement interval in the packet is not the same as that for the current VRRP group.

• The number of virtual IP addresses in the packet is not the same as that for the current VRRP group.

• The virtual IP address list is not the same as that for the current VRRP group.

• A device in the VRRP group receives illegitimate VRRP packets. For example, the IP address owner

receives a VRRP packet with the priority 255.

Solution

• Modify the configuration on routers in VRRP groups to ensure consistent configuration.

• Take fault location and anti-attack measures to eliminate potential threats.

Multiple masters appear in a VRRP group

Symptom

Multiple masters appear in a VRRP group.

Analysis

It is normal for a VRRP group to have multiple masters for a short time, and this situation requires no manual intervention.

If multiple masters coexist for a longer period, it might be because the masters cannot receive advertisements from each other, or because the received advertisements are illegitimate.

Solution

Ping between these masters, and do the following checks:

• If the ping fails, examine network connectivity.

• If the ping succeeds, check for configuration inconsistencies in the number of virtual IP addresses,

virtual IP addresses, and authentication. For IPv4 VRRP, also make sure a consistent version of VRRP is configured on all routers in the VRRP group. For VRRPv2, make sure consistent VRRP advertisement interval is configured on the routers in the VRRP group.

Fast VRRP state flapping

Symptom

Fast VRRP state flapping occurs.

Analysis

The VRRP advertisement interval is set too short.

Solution

Increase the interval for sending VRRP advertisements or introduce a preemption delay.

Configuring BFD

Introduction to BFD

Bidirectional forwarding detection (BFD) provides a general-purpose, standard, medium- and protocol-independent fast failure detection mechanism. It can detect and monitor the connectivity of links in IP to detect communication failures quickly so that measures can be taken to ensure service continuity and enhance network availability.

BFD can uniformly and quickly detect the failures of the bidirectional forwarding paths between two devices for upper-layer protocols such as routing protocols and MPLS. The hello mechanism used by upper layer protocols needs seconds to detect a link failure, while BFD can provide detection measured in milliseconds.

BFD can be used for single-hop and multi-hop detections:

• Single-hop detection—Detects the IP connectivity between two directly connected systems.

• Multi-hop detection—Detects any of the paths between two systems. These paths have multiple

hops, and might overlap.

BFD session establishment

BFD provides no neighbor discovery mechanism. Protocols that BFD services notify BFD of routers to which it needs to establish sessions.

BFD sessions are established as follows:

1. A protocol sends Hello messages to discover neighbors and establish neighborships.

2. After establishing neighborships, the protocol notifies BFD of the neighbor information, including

destination and source addresses.

3. BFD uses the information to establish BFD sessions.

When BFD detects a link failure:

1. BFD clears the neighbor session.

2. BFD notifies the protocol of the failure.

3. The protocol terminates the neighborship on the link.

4. If a backup link is available, the protocol will use it for communication.

BFD session modes and operating modes

BFD sessions use the following types of packets:

• Echo packets—Encapsulated into UDP packets with port number 3785.

• Control packets—Encapsulated into UDP packets with port number 3784 for single -hop detection

or port number 4784 for multi-hop detection.

Echo packet mode

The local end of the link sends echo packets to establish BFD sessions and monitor link status. The peer end does not establish BFD sessions and only forwards the packets back to the originating end.

In echo packet mode, BFD supports only single-hop detection and the BFD session is independent of the operating mode.

Control packet mode

Both ends of the link exchange BFD control packets to monitor link status.

Before a BFD session is established, BFD has two operating modes—active and passive.

• Active mode—BFD actively sends BFD control packets regardless of whether any BFD control

packet is received from the peer.

• Passive mode—BFD does not send control packets until a BFD control packet is received from the

peer.

At least one end must operate in active mode for a BFD session to be established.

After a BFD session is established, both ends must operate in one of the following BFD operating modes:

• Asynchronous mode—Both endpoints periodically send BFD control packets to each other. BFD

considers that the session is down if it receives no BFD control packets within a specific interval.

• Demand mode—No BFD control packets are exchanged after the session is established. When the

connectivity to another system needs to be verified explicitly, a system sends several BFD control packets that have the Poll (P) bit set at the negotiated transmit interval. If no response is received within the detection interval, the session is considered down. If the connectivity is found to be up, no more BFD control packets are sent until the next command is issued.

In addition, both ends of the link can exchange BFD control packets to establish and maintain BFD sessions, and one end of the link sends echo packets to monitor link status.

Supported features

• Static routing. For more information, see Layer 3—IP Routing Configuration Guide.

• IPv6 static routing. For more information, see Layer 3—IP Routing Configuration Guide.

• RIP. For more information, see Layer 3—IP Routing Configuration Guide.

• OSPF. For more information, see Layer 3—IP Routing Configuration Guide.

• OSPFv3. For more information, see Layer 3—IP Routing Configuration Guide.

• IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.

• IPv6 IS-IS. For more information, see Layer 3—IP Routing Configuration Guide.

• BGP. For more information, see Layer 3—IP Routing Configuration Guide.

• IPv6 BGP. For more information, see Layer 3—IP Routing Configuration Guide.

• PIM. For more information, see IP Multicast Configuration Guide.

• IPv6 PIM. For more information, see IP Multicast Configuration Guide.

• Track. For more information, see "Configuring Track."

• IP fast reroute (FRR). IP FRR is supported by OSPF, RIP, IS-IS and static routing. For more information,

see Layer 3—IP Routing Configuration Guide.

Protocols and standards

• RFC 5880, Bidirectional Forwarding Detection (BFD)

• RFC 5881, Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop)

• RFC 5882, Generic Application of Bidirectional Forwarding Detection (BFD)

• RFC 5883, Bidirectional Forwarding Detection (BFD) for Multihop Paths

• RFC 5884, Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs)

• RFC 5885, Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity

Verification (VCCV)

Configuring BFD basic functions

Before configuring BFD basic functions, configure the network layer addresses of the interfaces so that adjacent nodes are reachable to each other at the network layer.

After a BFD session is established, the two ends negotiate BFD parameters, including minimum sending interval, minimum receiving interval, initialization mode, and packet authentication, by exchanging negotiation packets. They use the negotiated parameters without affecting the session status.

Configuring echo packet mode

Step Command

1. Enter system view.

2. Configure the source IP

address of echo packets.

3. Enter interface view.

4. (Optional.) Configure the

minimum interval for receiving BFD echo packets.

5. (Optional.) Configure the

single-hop detection time multiplier.

system-view N/A

• Configure the source IP address

of echo packets: bfd echo-source-ip ip-address

• Configure the source IPv6

address of echo packets:

bfd echo-source-ipv6 ipv6-address

interface interface-type interface-number

bfd min-echo-receive-interval value

bfd detect-multiplier value The default setting is 5.

Remarks

Use either command.

By default, no source IP address is configured for echo packets.

The source IP address cannot be on the same network segment as any local interface's IP address. Otherwise, a large number of ICMP redirect packets might be sent from the peer, resulting in link congestion.

The source IPv6 address of echo packets can only be a global unicast address.

N/A

By default, the minimum interval for receiving BFD echo packets is 500 milliseconds.

Configuring control packet mode

To configure control packet mode for single-hop detection:

Step Command

1. Enter system view.

2. Specify the mode for

establishing a BFD session.

3. Enter interface view.

4. Configure the authentication

mode for single-hop control packets.

5. Enable the Demand BFD

session mode.

6. Enable the echo packet mode.

7. Configure the minimum

interval for transmitting single-hop BFD control packets.

8. Configure the minimum

interval for receiving single-hop BFD control packets.

9. Configure the single-hop

detection time multiplier.

system-view N/A

bfd session init-mode { active | passive }

interface interface-type

interface-number

bfd authentication-mode simple

key-id { cipher cipher-string | plain plain-string }

bfd demand enable

bfd echo enable

bfd min-transmit-interval value

bfd min-receive-interval value

bfd detect-multiplier value The default setting is 5.

Remarks

By default, active is specified.

N/A

By default, single-hop BFD packets are not authenticated.

By default, the BFD session is in Asynchronous mode.

By default, the echo packet mode is disabled.

If you enable the echo packet mode for a BFD session in which control packets are sent and the session goes up, BFD periodically sends echo packets to detect link connectivity and decrease control packet receive rate.

By default, the minimum interval for transmitting single-hop BFD control packets is 500 milliseconds.

By default, the minimum interval for receiving single-hop BFD control packets is 500 milliseconds.

To configure control packet mode for multi-hop detection:

Step Command

1. Enter system view.

2. Specify the mode for

establishing a BFD session.

3. Configure the authentication

mode for multi-hop BFD control packets.

4. Configure the destination port

number for multi-hop BFD control packets.

system-view

bfd session init-mode { active | passive }

bfd multi-hop authentication-mode simple key-id { cipher cipher-string | plain plain-string }

bfd multi-hop destination-port port-number

Remarks

N/A

By default, active is specified.

By default, no authentication is performed.

The default setting is 4784.

Step Command

5. Configure the multi-hop

detection time multiplier.

6. Configure the minimum

interval for receiving multi-hop BFD control packets.

7. Configure the minimum

interval for transmitting multi-hop BFD control packets.

bfd multi-hop detect-multiplier

value

bfd multi-hop min-receive-interval value

bfd multi-hop min-transmit-interval value

Displaying and maintaining BFD

Execute the display command in any view and the reset command in user view.

Task Command

Display BFD session information. display bfd session [ discriminator value | verbose ]

Clear BFD session statistics. reset bfd session statistics

Remarks

The default setting is 5.

By default, the minimum interval for receiving multi-hop BFD control packets is 500 milliseconds.

By default, the minimum interval for transmitting multi-hop BFD control packets is 500 milliseconds.

Configuring Track

Overview

The Track module works between application modules and detection modules, as shown in Figure 15. It shields the differences between various detection modules from application modules.

Collaboration is enabled after you associate the Track module with a detection module and an application module. The detection module probes specific objects such as interface status, link status, network reachability, and network performance, and informs the Track module of detection results. The Track module sends the detection results to the associated application module. When notified of changes for the tracked object, the application modules can react to avoid communication interruption and network performance degradation.

Figure 15 Collaboration through the Track module

Detection

module

management

NQA

BFD

Interface

Associates with

a detection entry

Sends the

detection result

Track

module

Associates with

a track entry

Sends the track

entry status

Collaboration fundamentals

The Track module collaborates with detection modules and application modules:

• Collaboration between the Track module and a detection module

• Collaboration between the Track module and an application module

Collaboration between the Track module and a detection module

The detection module sends the detection result of the associated tracked object to the Track module. Depending on the result, the Track module changes the status of the track entry:

Application modules

VRRP

Static route

Policy-based

routing

• If the tracked object functions correctly (for example, the target interface is up or the target network

is reachable), the state of the track entry is Positive.

• If the tracked object does not function correctly (for example, the target interface is down or the

target network is unreachable), the state of the track entry is Negative.

• If the detection result is not valid (for example, the NQA test group that is associated with the track

entry does not exist), the state of the track entry is NotReady.

The following detection modules can be associated with the Track module:

• NQA.

• BFD.

• Interface management.

Collaboration between the Track module and an application module

The following application modules can be associated with the Track module:

• VRRP.

• Static routing.

• Policy-based routing.

When configuring a track entry for an application module, you can set a notification delay to avoid immediate notification of status changes, which can cause communication failure. This issue occurs when route convergence is slower than the link state change notification. For example, when the master in a VRRP group detects that the uplink interface fails through the Track module, the Track module notifies the master to decrease its priority so that a backup with higher priority preempts as the new master. When the failed uplink interface recovers, the Track module immediately notifies the original master to restore its priority and forward traffic. If the uplink route has not recovered, forwarding failure will occur.

Collaboration application example

The following is an example of collaboration between NQA, Track, and static routing.

Configure a static route with next hop 192.168.0.88 on the device. If the next hop is reachable, the static route is valid. If the next hop becomes unreachable, the static route should become invalid. For this purpose, configure collaboration between the NQA, track, and static routing modules:

1. Create an NQA test group to monitor the accessibility of IP address 192.168.0.88.

2. Create a track entry and associate it with the NQA test group. When the next hop 192.168.0.88

is reachable, the track entry is in Positive state. When the next hop becomes unreachable, the track entry is in Negative state.

3. Associate the track entry with the static route. When the track entry turns to the Positive state, the

static route is valid. When the associated track entry turns to Negative state, the static route is invalid.

Track configuration task list

To implement the collaboration function, establish associations between the Track module and the detection modules, and between the Track module and the application modules.

To configure the Track module, perform the following tasks:

Tasks at a glance

(Required.) Associating the Track module with a detection module:

• Associating Track with NQA

• Associating Track with BFD

• Associating Track with interface management

Remarks

Use one of the methods.

(Required.) Associating the Track module with an application module:

• Associating Track with VRRP

• Associating Track with static routing

• Associating Track with PBR

Use one of the methods.

Associating the Track module with a detection module

Associating Track with NQA

NQA supports multiple test types to analyze network performance, services, and service quality. For example, an NQA test group can periodically detect whether a destination is reachable, or whether the TCP connection to a TCP server can be set up.

An NQA test group functions as follows when it is associated with a track entry:

• If the consecutive failures reach the specified threshold, the NQA module notifies the Track module

that the tracked object has malfunctioned. Then the Track module sets the track entry to Negative state.

• If the specified threshold is not reached, the NQA module notifies the Track module that the tracked

object is functioning correctly. The Track module then sets the track entry to Positive state.

For more information about NQA, see Network Management and Monitoring Configuration Guide.

To associate Track with NQA:

Step Command

1. Enter system view.

2. Create a track entry,

associate it with an NQA reaction entry, and specify the delay time for the Track module to notify the associated application module when the track entry status changes.

system-view N/A

track track-entry-number nqa entry

admin-name operation-tag reaction item-number [ delay { negative negative-time | positive positive-time } * ]

Associating Track with BFD

BFD supports the control packet mode and echo packet mode. A track entry can only be associated with the echo-mode BFD session, and cannot be associated with the control-mode BFD session. For more information about BFD, see "Configuring BFD."

BFD functions as follows when it is associated with a track entry:

• If the BFD detects that the link fails, it informs the track entry of the link failure. The Track module sets

the track entry to Negative state.

• If the BFD detects that the link is operating correctly, the Track module sets the track entry to Positive

state.

Remarks

No track entry is created by default.

If the specified NQA test group or the reaction entry in the track entry does not exist, the status of the track entry is NotReady.

Configuration prerequisites

Before you associate Track with BFD, configure the source IP address of BFD echo packets. For more information, see "Configuring BFD."

Configuration procedure

To associate Track with BFD:

Step Command

1. Enter system view.

2. Create a track entry,

associate it with the BFD session, and specify the delay time for the Track module to notify the associated application module when the track entry status changes.

system-view N/A

track track-entry-number bfd { control | echo } interface interface-type interface-number remote ip remote-ip local ip local-ip [ delay { negative negative-time | positive positive-time } * ]

Associating Track with interface management

The interface management module monitors the link status or network-layer protocol status of the interface. The interface management module functions as foll ows when it i s associa ted wi th a track entry:

• When the link or network-layer protocol status of the interface changes to up, the interface

management module informs the Track module of the change and the Track module sets the track entry to Positive.

• When the link or network-layer protocol status of the interface changes to down, the interface

management module informs the Track module of the change and the Track module sets the track entry to Negative.

Remarks

No track entry is created by default.

Do not configure the virtual IP address of a VRRP group as the local or remote address of a BFD session.

To associate Track with interface management:

Step Command

1. Enter system view.

system-view N/A

• Create a track entry, associate it with the interface

management module to monitor the link status of an interface, and specify the delay time for the Track module to notify the associated application module when the track entry status changes:

track track-entry-number interface interface-type interface-number [ delay { negative negative-time

| positive positive-time } * ]

2. Associating Track with

interface management.

• Create a track entry, associate it with the interface

management module to monitor the Layer 3 protocol status of an interface, and specify the delay time for the Track module to notify the associated application module when the track entry status changes:

track track-entry-number interface interface-type interface-number protocol { ipv4 | ipv6 } [ delay

{ negative negative-time | positive positive-time } * ]

Remarks

Use either method.

No track entry is created by default.

Associating the Track module with an application module

Associating Track with VRRP

When VRRP is operating in standard mode or load balancing mode, associate the Track module with the VRRP group to implement the following actions:

• Change the priority of a router according to the status of the uplink. If a fault occurs on the uplink

of the router, the VRRP group is not aware of the uplink failure. If the router is the master, hosts in the LAN cannot access the external network. This problem can be solved by establishing a Track-VRRP group association. Use the detection modules to monitor the status of the uplink of the router and establish collaborations between the detection modules, Track module, and VRRP. When the uplink fails, the detection modules notify the Track module to change the status of the monitored track entry to Negative, and the priority of the master decreases by a user-specified value. This allows a higher priority router in the VRRP group to become the master, and maintains proper communication between the hosts in the LAN and the external network.

• Monitor the master on a backup. If a fault occurs on the master, the backup operating in switchover

mode will switch to the master immediately to maintain normal communication.

When VRRP is operating in load balancing mode, associate the Track module with the VRRP VF to implement the following functions:

• Change the priority of the AVF according to its uplink state. When the uplink of the AVF fails, the

track entry changes to Negative state and the weight of the AVF decreases by a user-specified value so that the VF with a higher priority becomes the new AVF to forward packets.

• Monitor the AVF status from the LVF, which refers to the VF in listening state. When the AVF fails, the

LVF that is operating in switchover mode becomes the new AVF to ensure continuous forwarding.

Follow these guidelines when you associate Track with VRRP:

• VRRP tracking is not valid on an IP address owner. An IP address owner refers to a router when the

IP address of the virtual router is the IP address of an interface on the router in the VRRP group.

• When the status of the track entry changes from Negative to Positive or NotReady, the associated

router or VF restores its priority automatically.

• You can associate a nonexistent track entry with a VRRP group or VF. The association takes effect

only after you use the track command to create the track entry.

To associate Track with VRRP group:

Step Command

1. Enter system view.

2. Enter interface view.

system-view N/A

interface interface-type interface-number

Remarks

N/A

No track entry is specified for a

3. Associate a track entry with a

VRRP group.

vrrp [ ipv6 ] vrid virtual-router-id track track-entry-number [ reduced

priority-reduced | switchover ]

VRRP group by default.

This command is supported when VRRP is operating in both standard mode and load balancing mode.

To associate Track with VRRP VF:

Step Command

1. Enter system view.

2. Enter interface view.

3. Associate Track with VRRP VF.

system-view N/A

interface interface-type interface-number

vrrp [ ipv6 ] vrid virtual-router-id weight track track-entry-number

[ reduced weight-reduced ]

Associating Track with static routing

A static route is a manually configured route. With a static route configured, packets to the specified destination are forwarded through the path specified by the administrator. For more information about static route configuration, see Layer 3—IP Routing Configuration Guide.

The disadvantage of using static routes is that they cannot adapt to network topology changes. Faults or topological changes in the network can make the routes unreachable, causing network breaks.

Remarks

N/A

By default, no track entry is specified for a VF.

This command is configurable when VRRP is operating in standard mode or load balancing mode. However, this command takes effect only when VRRP is operating in load balancing mode.

To prevent this problem, configure another route to back up the static route. When the static route is reachable, packets are forwarded through the static route. When the static route is unreachable, packets are forwarded through the backup route, avoiding network breaks and enhancing network reliability.

To check the accessibility of a static route in real time, establish an association between Track and the static route.

If you specify the next hop but not the egress interface when configuring a static route, you can establish collaborations among the static route, the Track module, and detection modules. This enables you to check the accessibility of the static route by the status of the track entry.

• The Positive state of the track entry shows that the next hop of the static route is reachable, and that

the configured static route is valid.

• The Negative state of the track entry shows that the next hop of the static route is not reachable, and

that the configured static route is invalid.

• The NotReady state of the track entry shows that the accessibility of the next hop of the static route

is unknown, and that the static route is valid.

Follow these guidelines when you associate Track with static routing:

• You can associate a nonexistent track entry with a static route. The association takes effect only after

you use the track command to create the track entry.

• If the Track module detects the next hop accessibility of the static route in a private network through

NQA, the VPN instance name of the next hop of the static route must be consistent with that configured for the NQA test group. Otherwise, the accessibility detection cannot function correctly.

• If a static route needs route recursion, the associated track entry must monitor the next hop of the

recursive route instead of that of the static route. Otherwise, a valid route might be considered invalid.

To associate Track with static routing:

Step Command

1. Enter system view.

system-view N/A

• Method 1:

ip route-static dest-address { mask | mask-length } { next-hop-address [ track track-entry-number ] | interface-type interface-number [ next-hop-address ] | vpn-instance

d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ permanent ] [ preference

2. Associate the static

route with a track entry to check the accessibility of the next hop.

preference-value ] [ tag tag-value ] [ description description-text ]

• Method 2:

ip route-static vpn-instance s-vpn-instance-name dest-address { mask | mask-length } { next-hop-address [ public ] [ track track-entry-number ] | interface-type interface-number [ next-hop-address ] | vpn-instance d-vpn-instance-name next-hop-address [ track track-entry-number ] } [ permanent ] [ preference preference-value ] [ tag tag-value ] [ description description-text ]

Remarks

Not configured by default.

Associating Track with PBR

PBR is a routing mechanism based on user-defined policies. Different from the traditional destination-based routing mechanism, PBR allows you to use a policy (based on such criteria as the source address and packet length) to route packets. You can specify the VPN instance, packet priority, outgoing interface, next hop, default outgoing interface, default next hop, and other parameters to guide the forwarding of packets that match specific ACLs or have specific lengths. For more information about PBR, see Layer 3—IP Routing Configuration Guide.

PBR cannot detect the availability of any action taken on packets. When an action is not available, packets processed by the action might be discarded. For example, configure PBR to forward packets that match certain criteria through a user-specified interface. When the interface fails, PBR cannot sense the failure, and continues to forward matching packets out of the interface.

This problem can be solved by associating Track with PBR, which improves the flexibility of the PBR application and enables PBR to sense topology changes.

After you associate a track entry with an apply clause, the detection module associated with the track entry sends the detection result of the availability of the object (an interface or an IP address) specified in the apply clause.

• The Positive state of the track entry shows that the object is available, and the apply clause is valid.

• The Negative state of the track entry shows that the object is not available, and the apply clause is

invalid.

• The NotReady state of the track entry shows that the apply clause is valid.

The following objects can be associated with a track entry:

• Outgoing interface.

• Next hop.

• Default outgoing interface.

• Default next hop.

Configuration prerequisites

Before you associate Track with PBR, create a policy or a policy node and configure the match criteria as well.

Configuration procedure

You can associate a nonexistent track entry with PBR. The association takes effect only after you use the track command to create the track entry.

To associate Track with PBR:

Step Command Remarks

1. Enter system view.

2. Create a policy or policy

node and enter PBR policy node view.

3. Define a match criterion.

4. Associate Track with PBR.

system-view N/A

policy-based-route policy-name [ deny | permit ] node node-number

N/A

• Define a packet length match criterion:

if-match packet-length min-len max-len

• Define an ACL match criterion:

if-match acl { acl-number | name acl-name }

By default, no packets are filtered.

• Set the outgoing interface, and associate it

with a track entry:

apply output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n>

• Set the next hop, and associate it with a

track entry: apply next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ip-address [ direct ] [ track track-entry-number ] }&<1-n>

• Set the default outgoing interface, and

associate it with a track entry:

apply default-output-interface

{ interface-type interface-number [ track track-entry-number ] }&<1-n>

Use at least one of the commands.

• Set the default next hop, and associate it

with a track entry: apply default-next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ip-address [ direct ] [ track track-entry-number ] }&<1-n>

To associate Track with IPv6 PBR:

Step Command Remarks

1. Enter system view.

system-view N/A

Step Command Remarks

2. Create a policy or policy

node and enter PBR policy node view.

ipv6 policy-based-route policy-name [ deny | permit ] node node-number

N/A

• Define an IPv6 packet length match

criterion:

3. Define a match criterion.

if-match packet-length min-len max-len

• Define an ACL match criterion:

if-match acl { acl6-number | name acl6-name }

By default, no packets are filtered.

• Set the outgoing interface, and associate it

with a track entry:

apply output-interface { interface-type interface-number [ track track-entry-number ] }&<1-n>

• Set the next hop, and associate it with a

track entry: apply next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ipv6-address [ direct ] [ track

4. Associate Track with IPv6

PBR.

track-entry-number ] }&<1-n>

• Set the default outgoing interface, and

associate it with a track entry:

apply default-output-interface

{ interface-type interface-number [ track track-entry-number ] }&<1-n>

Use at least one of the commands.

• Set the default next hop, and associate it

with a track entry: apply default-next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ipv6-address [ direct ] [ track track-entry-number ] }&<1-n>

Displaying and maintaining track entries

Execute display commands in any view.

Task Command

Display information about a specific or all track entries. display track { track-entry-number | all }

Track configuration examples

VRRP-Track-NQA collaboration configuration example

In this example, the master monitors the uplink.

Network requirements

• As shown in Figure 16, configure Host A to access Host B on the Internet. The default gateway of

H o s t A i s 10 .1.1.10 / 24 .

• Router A and Router B belong to VRRP group 1, which has the virtual IP address 10.1.1.10.

• When Router A works correctly, packets from Host A to Host B are forwarded through Router A.

When NQA detects that a fault is on the uplink of Router A, packets from Host A to Host B are forwarded through Router B.

Figure 16 Network diagram

Configuration procedure

1. Configure the IP address of each interface as shown in Figure 16. (Details not shown.)

2. Configure an NQA test group on Router A:

# Create an NQA test group with the administrator name admin and the operation tag test.

<RouterA> system-view [RouterA] nqa entry admin test

# Configure the test type as ICMP echo test.

[RouterA-nqa-admin-test] type icmp-echo

# Configure the destination address as 10.1.2.2.

[RouterA-nqa-admin-test-icmp-echo] destination ip 10.1.2.2

# Configure the interval between two consecutive tests as 100 milliseconds.

[RouterA-nqa-admin-test-icmp-echo] frequency 100

# Create reaction entry 1, specifying that five consecutive probe failures trigger the Track module.

[RouterA-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

[RouterA-nqa-admin-test-icmp-echo] quit

# Start the NQA test.

[RouterA] nqa schedule admin test start-time now lifetime forever

3. Configure a track entry on Router A:

# Configure track entry 1, and associate it with reaction entry 1 of the NQA test group (with the administrator admin, and the operation tag test).

[RouterA] track 1 nqa entry admin test reaction 1

4. Configure VRRP on Router A:

# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group.

[RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.10

# Set the priority of Router A in VRRP group 1 to 110.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 priority 110

# Set the authentication mode of VRRP group 1 to simple, and the authentication key to hello.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 authentication-mode simple plain hello

# Configure the master to send VRRP packets at an interval of 500 centiseconds.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 timer advertise 500

# Configure Router A to operate in preemptive mode, and set the preemption delay to 5 seconds.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5

# Configure to monitor track entry 1 and specify the priority decrement to 30.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 track 1 reduced 30

5. Configure VRRP on Router B:

<RouterB> system-view [RouterB] interface gigabitethernet 1/0

# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.10

# Set the authentication mode of VRRP group 1 to simple, and the authentication key to hello.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 authentication-mode simple plain hello

# Configure the master to send VRRP packets at an interval of 500 centiseconds.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 timer advertise 500

# Configure Router B to operate in preemptive mode, and set the preemption delay to 5 seconds.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 preempt-mode delay 5

Verifying the configuration

After configuration, ping Host B on Host A, and you can see that Host B is reachable. To view the configuration result, use the display vrrp command.

# Display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 500 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 5 Auth Type : Simple Key : ****** Virtual IP : 10.1.1.10 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.1 VRRP Track Information: Track Object : 1 State : Positive Pri Reduced : 30

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 500 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 2200ms left Auth Type : Simple Key : ****** Virtual IP : 10.1.1.10 Master IP : 10.1.1.1

The outpu t shows tha t in VR RP group 1, Ro uter A is the master and Router B is a backup. Packets from Host A to Host B are forwarded through Router A.

When a fault is on the link between Router A and Router C, you can still successfully ping Host B on Host A. To view information about VRRP group 1, use the display vrrp command.

# Display detailed information about VRRP group 1 on Router A when a fault is on the link between Router A and Router C.

[RouterA-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 500 Admin Status : Up State : Backup Config Pri : 110 Running Pri : 80 Preempt Mode : Yes Delay Time : 5 Become Master : 2200ms left Auth Type : Simple Key : ****** Virtual IP : 10.1.1.10 Master IP : 10.1.1.2 VRRP Track Information: Track Object : 1 State : Negative Pri Reduced : 30

# Display detailed information about VRRP group 1 on Router B when a fault is on the link between Router A and Router C.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 500 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Auth Type : Simple Key : ******

Virtual IP : 10.1.1.10 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.2

The output shows that when a fault is on the link between Router A and Router C, the priority of Router A decreases to 80. Router A becomes the backup, and Router B becomes the master. Packets from Host A to Host B are forwarded through Router B.

Configuring BFD for a VRRP backup to monitor the master

Network requirements

• As shown in Figure 17, Router A and Router B belong to VRRP group 1, whose virtual IP address is

192.168.0.10.

• The default gateway of the hosts in the LAN is 192.168.0.10. When Router A works correctly, the

hosts in the LAN access the external network through Router A. When Router A fails, the hosts in the LAN access the external network through Router B.

• If the master in a VRRP group fails and BFD is not configured, the backup cannot become the master

until the configured timeout timer expires. The timeout is usually 3 to 4 seconds, which is a long delay for most applications. To solve this problem, VRRP uses BFD to probe the state of the master. Once the master fails, the backup can become the new master in milliseconds.

Figure 17 Network diagram

Configuration procedure

1. Configure VRRP on Router A:

<RouterA> system-view [RouterA] interface gigabitethernet 1/0

# Create VRRP group 1, and configure the virtual IP address 192.168.0.10 for the group. Set the priority of Router A in VRRP group 1 to 110.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 192.168.0.10 [RouterA-GigabitEthernet1/0] vrrp vrid 1 priority 110 [RouterA-GigabitEthernet1/0] return

2. Configure BFD on Router B:

# Configure the source address of BFD echo packets as 10.10.10.10.

<RouterB> system-view [RouterB] bfd echo-source-ip 10.10.10.10

3. Create a track entry to be associated with the BFD session on Router B:

# Create track entry 1 to be associated with the BFD session to check whether Router A is reachable.

[RouterB] track 1 bfd echo interface gigabitethernet 1/0 remote ip 192.168.0.101 local ip 192.168.0.102

4. Configure VRRP on Router B:

# Create VRRP group 1, and configure the virtual IP address 192.168.0.10 for the group. VRRP group 1 monitors the status of track entry 1. When the status of the track entry becomes Negative, Router B becomes the master quickly.

[RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 192.168.0.10 [RouterB-GigabitEthernet1/0] vrrp vrid 1 track 1 switchover [RouterB-GigabitEthernet1/0] return

Verifying the configuration

# Display detailed information about VRRP group 1 on Router A.

<RouterA> display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 192.168.0.10 Virtual MAC : 0000-5e00-0101 Master IP : 192.168.0.101

# Display detailed information about VRRP group 1 on Router B.

Preempt Mode : Yes Delay Time : 0 Become Master : 2200ms left Auth Type : None Virtual IP : 192.168.0.10 Master IP : 192.168.0.101 VRRP Track Information: Track Object : 1 State : Positive Switchover

# Display information about track entry 1 on Router B.

<RouterB> display track 1 Track ID: 1 State: Positive Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: BFD session mode: Echo Outgoing Interface: GigabitEthernet1/0 VPN instance name: -

Remote IP: 192.168.0.101

Local IP: 192.168.0.102

The output shows that when the status of the track entry becomes Positive, Router A is the master, and Router B the backup.

# Enable VRRP state debugging and BFD event debugging on Router B.

<RouterB> terminal debugging <RouterB> terminal monitor <RouterB> debugging vrrp state <RouterB> debugging bfd event

# When Router A fails, the following output is displayed on Router B.

*Dec 17 14:44:34:142 2008 RouterB BFD/7/EVENT:Send sess-down Msg, [Src:192.168.0.102,Dst:192.168.0.101,GigabitEthernet1/0,Echo], instance:0, protocol:Track

*Dec 17 14:44:34:144 2008 RouterB VRRP/7/DebugState: IPv4 GigabitEthernet1/0 | Virtual Router 1 : Backup --> Master reason: The status of the tracked object changed

# Display detailed information about the VRRP group on Router B.

<RouterB> display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 192.168.0.10 Virtual MAC : 0000-5e00-0101 Master IP : 192.168.0.102 VRRP Track Information:

Track Object : 1 State : Negative Switchover

The output shows that when BFD detects that Router A fails, it notifies VRRP through the Track module to change the status of Router B to master without waiting for a period three times the advertisement interval. This ensures that a backup can quickly preempt as the master.

Configuring BFD for the VRRP master to monitor the uplink

Network requirements

• As shown in Figure 18, Router A and Router B belong to VRRP group 1, whose virtual IP address is

192.168.0.10.

• The default gateway of the hosts in the LAN is 192.168.0.10.

• When Router A works correctly, hosts in the LAN access the external network through Router A.

When Router A detects that the uplink is down through BFD, it decreases its priority so that Router B can preempt as the master, ensuring that the hosts in the LAN can access the external network through Router B.

Figure 18 Network diagram

Internet

Master

uplink

device

GE1/0

1.1.1.2/24

GE1/0

1.1.1.1/24

Router A

Master

GE2/0

192.168.0.101/24

Configuration procedure

1. Configure BFD on Router A:

Uplink

Virtual Router

Virtual IP address:

192.168.0.10

L2 switch

Backup

uplink

device

Uplink

Router B

Backup

GE2/0

192.168.0.102/24

BFD probe packets

VRRP packets

# Configure the source address of BFD echo packets as 10.10.10.10.

<RouterA> system-view [RouterA] bfd echo-source-ip 10.10.10.10

2. Create the track entry to associate with the BFD session on Router A:

# Create track entry 1 for the BFD session on Router A to check whether the uplink device with the IP address 1.1.1.2 is reachable.

[RouterA] track 1 bfd echo interface gigabitethernet 1/0 remote ip 1.1.1.2 local ip

1.1.1.1

3. Configure VRRP on Router A:

# Create VRRP group 1, and configure the virtual IP address of the group as 192.168.0.10. Configure the priority of Router A in VRRP group 1 as 110, and configure VRRP group 1 to monitor the status of track entry 1. When the status of the track entry becomes Negative, the priority of Router A decreases by 20.

[RouterA] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] vrrp vrid 1 virtual-ip 192.168.0.10 [RouterA-GigabitEthernet2/0] vrrp vrid 1 priority 110 [RouterA-GigabitEthernet2/0] vrrp vrid 1 track 1 reduced 20 [RouterA-GigabitEthernet2/0] return

4. Configure VRRP on Router B:

# Create VRRP group 1, and configure the virtual IP address of the group as 192.168.0.10.

<RouterB> system-view [RouterB] interface gigabitethernet 2/0 [RouterB-GigabitEthernet2/0] vrrp vrid 1 virtual-ip 192.168.0.10 [RouterB-GigabitEthernet2/0] return

Verifying the configuration

# Display detailed information about the VRRP group on Router A.

<RouterA> display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet2/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 192.168.0.10 Virtual MAC : 0000-5e00-0101 Master IP : 192.168.0.101 VRRP Track Information: Track Object : 1 State : Positive Pri Reduced : 20

# Display information about track entry 1 on Router A.

<RouterA> display track 1 Track ID: 1 State: Positive Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: BFD session mode: Echo Outgoing interface: GigabitEthernet1/0 VPN instance name: Remote IP: 1.1.1.2 Local IP: 1.1.1.1

# Display detailed information about the VRRP group on Router B.

<RouterB> display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet2/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 2200ms left Auth Type : None Virtual IP : 192.168.0.10 Master IP : 192.168.0.101

The output shows that when the status of track entry 1 becomes Positive, Router A is the master and Router B the backup.

# When the uplink of Router A goes down, the status of track entry 1 becomes Negative.

<RouterA> display track 1 Track ID: 1 State: Negative Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: BFD session mode: Echo Outgoing interface: GigabitEthernet1/0 VPN instance name: Remote IP: 1.1.1.2 Local IP: 1.1.1.1

# Display detailed information about the VRRP group on Router A.

<RouterA> display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet2/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 110 Running Pri : 90 Preempt Mode : Yes Delay Time : 0 Become Master : 2200ms left Auth Type : None Virtual IP : 192.168.0.10 Master IP : 192.168.0.102 VRRP Track Information: Track Object : 1 State : Negative Pri Reduced : 20

# Display detailed information about VRRP group 1 on Router B.

<RouterB> display vrrp verbose IPv4 Virtual Router Information:

Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet2/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 192.168.0.10 Virtual MAC : 0000-5e00-0101 Master IP : 192.168.0.102

The output shows that when Router A detects that the uplink fails through BFD, it decreases its priority by 20 to make sure that Router B can preempt as the master.

Static routing-Track-NQA collaboration configuration example

Network requirements

As shown in Figure 19, Router A, Router B, Router C, and Router D are connected to two segments

20.1.1.0/24 and 30.1.1.0/24. Configure static routes on these routers so that the two segments can communicate with each other. Configure route backup to improve network reliability.

Router A is the default gateway of the hosts in segment 20.1.1.0/24. Two static routes to 30.1.1.0/24 exist on Router A, with the next hop being Router B and Router C, respectively. These two static routes back up each other, as follows:

• The static route with Router B as the next hop has a higher priority, and is the master route. If this

route is available, Router A forwards packe t s t o 3 0 .1.1.0 /2 4 t hr o u g h R o u t e r B .

• The static route with Router C as the next hop acts as the backup route.

• Configure static routing-Track-NQA collaboration to determine whether the master route is

available in real time. If the master route is unavailable, the backup route takes effect, and Router A forwards packets to 30.1.1.0/24 through Router C.

Similarly, Router D is the default gateway of the hosts in segment 30.1.1.0/24. Two static routes to

20.1.1.0/24 exist on Router D, with the next hop being Router B and Router C, respectively. These two static routes back up each other, as follows:

• The static route with Router B as the next hop has a higher priority, and is the master route. If this

route is available, Router D forwards packets to 20.1.1.0/24 through Router B.

• The static route with Router C as the next hop acts as the backup route.

• Configure static routing-Track-NQA collaboration to determine whether the master route is

available in real time. If the master route is unavailable, the backup route takes effect, and Router D forwards packets to 20.1.1.0/24 through Router C.

Figure 19 Network diagram

Configuration procedure

1. Configure the IP address of each interface as shown in Figure 19. (Details not shown.)

2. Configure Router A:

# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.1.1.2 and the default priority 60. This static route is associated with track entry 1.

<RouterA> system-view [RouterA] ip route-static 30.1.1.0 24 10.1.1.2 track 1

# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.3.1.3 and the priority 80.

[RouterA] ip route-static 30.1.1.0 24 10.3.1.3 preference 80

# Configure a static route to 10.2.1.4, with the address of the next hop as 10.1.1.2.

[RouterA] ip route-static 10.2.1.4 24 10.1.1.2

# Create an NQA test group with the administrator admin and the operation tag test.

[RouterA] nqa entry admin test

# Configure the test type as ICMP-echo.

[RouterA-nqa-admin-test] type icmp-echo

# Configure the destination address of the test as 10.2.1.4 and the next hop address as 10.1.1.2 to check the connectivity of the path from Router A to Router B, and then to Router D through NQA.

[RouterA-nqa-admin-test-icmp-echo] destination ip 10.2.1.4 [RouterA-nqa-admin-test-icmp-echo] next-hop 10.1.1.2

# Configure the test frequency as 100 milliseconds.

[RouterA-nqa-admin-test-icmp-echo] frequency 100

# Configure reaction entry 1, specifying that five consecutive probe failures trigger the Track module.

[RouterA-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

[RouterA-nqa-admin-test-icmp-echo] quit

# Start the NQA test.

[RouterA] nqa schedule admin test start-time now lifetime forever

# Configure track entry 1, and associate it with reaction entry 1 of the NQA test group (with the administrator admin, and the operation tag test).

[RouterA] track 1 nqa entry admin test reaction 1

3. Configure Router B:

# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.2.1.4.

<RouterB> system-view [RouterB] ip route-static 30.1.1.0 24 10.2.1.4

# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.1.1.1.

[RouterB] ip route-static 20.1.1.0 24 10.1.1.1

4. Configure Router C:

# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.4.1.4.

<RouterC> system-view [RouterC] ip route-static 30.1.1.0 24 10.4.1.4

# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.3.1.1.

[RouterC] ip route-static 20.1.1.0 24 10.3.1.1

5. Configure Router D:

# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.2.1.2 and the default priority 60. This static route is associated with track entry 1.

<RouterD> system-view [RouterD] ip route-static 20.1.1.0 24 10.2.1.2 track 1

# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.4.1.3 and the default priority 80.

[RouterD] ip route-static 20.1.1.0 24 10.4.1.3 preference 80

# Configure a static route to 10.1.1.1, with the address of the next hop as 10.2.1.2.

[RouterD] ip route-static 10.1.1.1 24 10.2.1.2

# Create an NQA test group with the administrator admin and the operation tag test.

[RouterD] nqa entry admin test

# Configure the test type as ICMP-echo.

[RouterD-nqa-admin-test] type icmp-echo

# Configure the destination address of the test as 10.1.1.1 and the next hop address as 10.2.1.2 to check the connectivity of the path from Router D to Router B, and then to Router A through NQA.

[RouterD-nqa-admin-test-icmp-echo] destination ip 10.1.1.1 [RouterD-nqa-admin-test-icmp-echo] next-hop 10.2.1.2

# Configure the test frequency as 100 milliseconds.

[RouterD-nqa-admin-test-icmp-echo] frequency 100

# Configure reaction entry 1, specifying that five consecutive probe failures trigger the Track module.

[RouterD-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

[RouterD-nqa-admin-test-icmp-echo] quit

# Start the NQA test.

[RouterD] nqa schedule admin test start-time now lifetime forever

# Configure track entry 1, and associate it with reaction entry 1 of the NQA test group (with the administrator admin, and the operation tag test).

[RouterD] track 1 nqa entry admin test reaction 1

Verifying the configuration

# Display information about the track entry on Router A.

[RouterA] display track all Track ID: 1 State: Positive Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: NQA entry: admin test Reaction: 1

# Display the routing table of Router A.

[RouterA] display ip routing-table Routing Tables: Public Destinations : 10 Routes : 10

Destination/Mask Proto Pre Cost NextHop Interface

10.1.1.0/24 Direct 0 0 10.1.1.1 GE1/0

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.2.1.0/24 Static 60 0 10.1.1.2 GE1/0

10.3.1.0/24 Direct 0 0 10.3.1.1 GE2/0

10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0

20.1.1.0/24 Direct 0 0 20.1.1.1 GE3/0

20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.0/24 Static 60 0 10.1.1.2 GE1/0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

The output shows the NQA test result: the master route is available (the status of the track entry is Positive), and Router A forwards packets to 30.1.1.0/24 through Router B.

# Remove the IP address of interface Ethernet 1/1 on Router B.

<RouterB> system-view [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] undo ip address

# Display information about the track entry on Router A.

[RouterA] display track all Track ID: 1 State: Negative Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: NQA entry: admin test Reaction: 1

# Display the routing table of Router A.

[RouterA] display ip routing-table Routing Tables: Public

Destinations : 10 Routes : 10

Destination/Mask Proto Pre Cost NextHop Interface

10.1.1.0/24 Direct 0 0 10.1.1.1 GE1/0

10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.2.1.0/24 Static 60 0 10.1.1.2 GE1/0

10.3.1.0/24 Direct 0 0 10.3.1.1 GE2/0

10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0

20.1.1.0/24 Direct 0 0 20.1.1.1 GE3/0

20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.0/24 Static 80 0 10.3.1.3 GE2/0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

The output shows the NQA test result: if the master route is unavailable (the status of the track entry is Negative), the backup static route takes effect and Router A forwards packets to 30.1.1.0/24 through Router C.

# When the master route fails, the hosts in 20.1.1.0/24 can still communicate with the hosts in 3 0 .1.1. 0 / 2 4 .

[RouterA] ping -a 20.1.1.1 30.1.1.1 Ping 30.1.1.1: 56 data bytes, press CTRL_C to break Reply from 30.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms Reply from 30.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 30.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 30.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms Reply from 30.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms

--- Ping statistics for 30.1.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss round-trip min/avg/max/std-dev = 1/1/2/1 ms

# The output on Router D is similar to that on Router A. When the master route fails, the hosts in

30.1.1.0/24 can still communicate with the hosts in 20.1.1.0/24.

[RouterD] ping -a 30.1.1.1 20.1.1.1 Ping 20.1.1.1: 56 data bytes, press CTRL_C to break Reply from 20.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms Reply from 20.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 20.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 20.1.1.1: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 20.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms

--- Ping statistics for 20.1.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss round-trip min/avg/max/std-dev = 1/1/2/1 ms

Static routing-Track-BFD collaboration configuration example

Network requirements

As shown in Figure 20, Router A, Router B, and Router C are connected to two segments 20.1.1.0/24 and

30.1.1.0/24. Configure static routes on these routers so that the two segments can communicate with each other. Configure route backup to improve network reliability.

• The static route with Router B as the next hop has a higher priority, and is the master route. If this

route is available, Router A forwards packe t s t o 3 0 .1.1.0 /2 4 t hr o u g h R o u t e r B .

• The static route with Router C as the next hop acts as the backup route.

• Configure static routing-Track-BFD collaboration to determine whether the master route is available

in real time. If the master route is unavailable, BFD can quickly detect the route failure to make the backup route take effect. Router A forwards packets to 30.1.1.0/24 through Router C and Router B.

Similarly, Router B is the default gateway of the hosts in segment 30.1.1.0/24. Two static routes to

20.1.1.0/24 exist on Router B, with the next hop being Router A and Router C, respectively. These two static routes back up each other, where:

• The static route with Router A as the next hop has a higher priority, and is the master route. If this

route is available, Router B forwards packets to 20.1.1.0/24 through Router A.

• The static route with Router C as the next hop acts as the backup route.

• Configure static routing-Track-BFD collaboration to determine whether the master route is available

in real time. If the master route is unavailable, BFD can quickly detect the route failure to make the backup route take effect. Router B forwards packets t o 2 0 .1.1. 0 / 24 t h r o u g h Ro ut e r C an d R o ut e r A .

Figure 20 Network diagram

Configuration procedure

1. Configure the IP address of each interface as shown in Figure 20. (Details not shown.)

2. Configure Router A:

# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.2.1.2 and the default priority 60. This static route is associated with track entry 1.

<RouterA> system-view [RouterA] ip route-static 30.1.1.0 24 10.2.1.2 track 1

# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.3.1.3 and the priority 80.

[RouterA] ip route-static 30.1.1.0 24 10.3.1.3 preference 80

# Configure the source address of BFD echo packets as 10.10.10.10.

[RouterA] bfd echo-source-ip 10.10.10.10

# Configure track entry 1, and associate it with the BFD session. Check whether Router A can be interoperated with the next hop of static route, which is Router B.

[RouterA] track 1 bfd echo interface gigabitethernet 1/0 remote ip 10.2.1.2 local ip

10.2.1.1

3. Configure Router B:

# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.2.1.1 and the default priority 60. This static route is associated with track entry 1.

<RouterB> system-view [RouterB] ip route-static 20.1.1.0 24 10.2.1.1 track 1

# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.4.1.3 and the priority 80.

[RouterB] ip route-static 20.1.1.0 24 10.4.1.3 preference 80

# Configure the source address of BFD echo packets as 1.1.1.1.

[RouterB] bfd echo-source-ip 1.1.1.1

# Configure track entry 1 that is associated with the BFD session to check whether Router B can communicate with the next hop Router A of the static route.

[RouterB] track 1 bfd echo interface gigabitethernet 1/0 remote ip 10.2.1.1 local ip

10.2.1.2

4. Configure Router C:

# Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.4.1.2.

<RouterC> system-view [RouterC] ip route-static 30.1.1.0 24 10.4.1.2

# Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.3.1.1.

[RouterB] ip route-static 20.1.1.0 24 10.3.1.1

Verifying the configuration

# Display information about the track entry on Router A.

[RouterA] display track all Track ID: 1 State: Positive Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: BFD session mode: Echo Outgoing interface: GigabitEthernet1/0 VPN instance name: Remote IP: 10.2.1.2 Local IP: 10.2.1.1

# Display the routing table of Router A.

[RouterA] display ip routing-table Routing Tables: Public Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost NextHop Interface

10.2.1.0/24 Direct 0 0 10.2.1.1 GE1/0

10.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.3.1.0/24 Direct 0 0 10.3.1.1 GE2/0

10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0

20.1.1.0/24 Direct 0 0 20.1.1.1 GE3/0

20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.0/24 Static 60 0 10.2.1.2 GE1/0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

The output shows the BFD detection result: the next hop 10.2.1.2 is reachable (the status of the track entry is Positive), and the master static route takes effect. Router A forwards packets to 30.1.1.0/24 through Router B.

# Remove the IP address of interface GigabitEthernet 1/0 on Router B.

<RouterB> system-view [RouterB] interface gigabitethernet 1/0 [RouterB-GigabitEthernet1/0] undo ip address

# Display information about the track entry on Router A.

[RouterA] display track all Track ID: 1 State: Negative Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: BFD session mode: Echo Outgoing interface: GigabitEthernet1/0 VPN instance name: Remote IP: 10.2.1.2 Local IP: 10.2.1.1

# Display the routing table of Router A.

[RouterA] display ip routing-table Routing Tables: Public Destinations : 9 Routes : 9

Destination/Mask Proto Pre Cost NextHop Interface

10.2.1.0/24 Direct 0 0 10.2.1.1 GE1/0

10.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0

10.3.1.0/24 Direct 0 0 10.3.1.1 GE2/0

10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0

20.1.1.0/24 Direct 0 0 20.1.1.1 GE3/0

20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0

30.1.1.0/24 Static 80 0 10.3.1.3 GE2/0

127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0

127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0

The output shows the BFD detection result: if the next hop 10.2.1.2 is unreachable (the status of the track entry is Negative), the backup static route takes effect, and Router A forwards packets to 30.1.1.0/24 through Router C and Router B.

# When the master route fails, the hosts in 20.1.1.0/24 can still communicate with the hosts in 3 0 .1.1. 0 / 2 4 .

--- Ping statistics for 30.1.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss round-trip min/avg/max/std-dev = 1/1/2/1 ms

# The output on Router B is similar to that on Router A. When the master route fails, the hosts in

30.1.1.0/24 can still communicate with the hosts in 20.1.1.0/24.

[RouterB] ping -a 30.1.1.1 20.1.1.1 Ping 20.1.1.1: 56 data bytes, press CTRL_C to break Reply from 20.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms Reply from 20.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 20.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 20.1.1.1: bytes=56 Sequence=4 ttl=254 time=1 ms Reply from 20.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms

--- Ping statistics for 20.1.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss round-trip min/avg/max/std-dev = 1/1/2/1 ms

VRRP-Track-interface management collaboration configuration example

In this example, the master monitors the uplink interface.

Network requirements

• As shown in Figure 21, Host A needs to access Host B on the Internet. The default gateway of Host

A i s 10 .1.1.10 / 2 4 .

• Router A and Router B belong to VRRP group 1, whose virtual IP address is 10.1.1.10.

• When Router A works correctly, packets from Host A to Host B are forwarded through Router A.

When VRRP detects that a fault is on the uplink interface of Router A through the interface management module, packets from Host A to Host B are forwarded through Router B.

Figure 21 Network diagram

Configuration procedure

1. Configure the IP address of each interface as shown in Figure 21. (Details not shown.)

2. Configure a track entry on Router A:

# Configure track entry 1, and associate it with the link status of the uplink interface GigabitEthernet 2/0.

[RouterA] track 1 interface gigabitethernet 2/0

3. Configure VRRP on Router A:

# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group.

[RouterA] interface gigabitethernet 1/0 [RouterA-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.10

# Set the priority of Router A in VRRP group 1 to 110.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 priority 110

# Configure to monitor track entry 1 and specify the priority decrement as 30.

[RouterA-GigabitEthernet1/0] vrrp vrid 1 track 1 reduced 30

4. Configure VRRP on Router B:

<RouterB> system-view [RouterB] interface gigabitethernet 1/0

# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group.

[RouterB-GigabitEthernet1/0] vrrp vrid 1 virtual-ip 10.1.1.10

Verifying the configuration

After configuration, ping Host B on Host A, and you can see that Host B is reachable. Use the display vrrp command to view the configuration result.

# Display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100

Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.1.10 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.1 VRRP Track Information: Track Object : 1 State : Positive Pri Reduced : 30

# Display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 2200ms left Auth Type : None Virtual IP : 10.1.1.10 Master IP : 10.1.1.1

The outpu t shows tha t in VR RP group 1, Ro uter A is the master and Router B is a backup. Packets from Host A to Host B are forwarded through Router A.

# Shut down the uplink interface GigabitEthernet 2/0 on Router A.

[RouterA-GigabitEthernet1/0] interface gigabitethernet 2/0 [RouterA-GigabitEthernet2/0] shutdown

Af ter s hut ting down the uplink interface on Router A, you can stil l success fully ping Host B on Host A. Use the display vrrp command to view information about VRRP group 1.

# After shutting down the uplink interface on Router A, display detailed information about VRRP group 1 on Router A.

[RouterA-GigabitEthernet2/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 110 Running Pri : 80 Preempt Mode : Yes Delay Time : 0 Become Master : 2200ms left Auth Type : None Virtual IP : 10.1.1.10 Master IP : 10.1.1.2 VRRP Track Information: Track Object : 1 State : Negative Pri Reduced : 30

# After shutting down the uplink interface on Router A, display detailed information about VRRP group 1 on Router B.

[RouterB-GigabitEthernet1/0] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface GigabitEthernet1/0 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.1.10 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.2

The output shows that when the uplink interface on Router A is shut down, the priority of Router A decreases to 80. Router A becomes the backup, and Router B becomes the master. Packets from Host A to Host B are forwarded through Router B.

Support and other resources

Contacting HP

For worldwide technical support information, see the HP support website:

http://www.hp.com/support

Before contacting HP, collect the following information:

• Product model names and numbers

• Technical support registration number (if applicable)

• Product serial numbers

• Error messages

• Operating system type and revision level

• Detailed questions

Subscription service

HP recommends that you register your product at the Subscriber's Choice for Business website:

http://www.hp.com/go/wwalerts

After registering, you will receive email notification of product enhancements, new driver versions, firmware updates, and other product resources.

Related information

Documents

To find related documents, browse to the Manuals page of the HP Business Support Center website:

http://www.hp.com/support/manuals

• For related documentation, navigate to the Networking section, and select a networking category.

• For a complete list of acronyms and their definitions, see HP FlexNetwork Technology Acronyms.

Websites

• HP.com http://www.hp.com

• HP Networking http://www.hp.com/go/networking

• HP manuals http://www.hp.com/support/manuals

• HP download drivers and software http://www.hp.com/support/downloads

• HP software depot http://www.software.hp.com

• HP Education http://www.hp.com/learn

HP VSR1000, MSR3000, MSR4000, MSR2000 High Availability Configuration Manual

Specifications and Main Features

Frequently Asked Questions

User Manual

Contents

Configuring VRRP

Overview

VRRP standard mode

Router priority in a VRRP group

Preemption

Authentication method

VRRP timers

Skew_Time

VRRP advertisement interval

VRRP preemption delay timer

Master election

VRRP tracking

VRRP application

Master/backup

Load sharing

VRRP load balancing mode

Virtual MAC address assignment

Virtual forwarder

Virtual forwarder creation

VF weight and priority

VF backup

VF timers

VF tracking

Protocols and standards

Configuring IPv4 VRRP

IPv4 VRRP configuration task list

Specifying an IPv4 VRRP operating mode

Specifying the IPv4 VRRP version

Creating a VRRP group and assigning a virtual IP address

Configuration guidelines

Configuration procedure

Configuring the router priority, preemptive mode, and tracking function

Configuration guidelines

Configuration procedure

Configuring IPv4 VRRP packet attributes

Configuration guidelines

Configuration procedure

Configuring VF tracking

Configuration guidelines

Configuration procedure

Enabling SNMP notifications for VRRP

Disabling an IPv4 VRRP group

Displaying and maintaining IPv4 VRRP

Configuring IPv6 VRRP

IPv6 VRRP configuration task list

Specifying an IPv6 VRRP operating mode

Creating a VRRP group and assigning a virtual IPv6 address

Configuration guidelines

Configuration procedure

Configuring the router priority, preemptive mode, and tracking function

Configuration guidelines

Configuration procedure

Configuring VF tracking

Configuration guidelines

Configuration procedure

Configuring IPv6 VRRP packet attributes

Configuration guidelines

Configuration procedure

Disabling an IPv6 VRRP group

Displaying and maintaining IPv6 VRRP

IPv4 VRRP configuration examples

Single VRRP group configuration example

Network requirements

Configuration procedure

Multiple VRRP groups configuration example

Network requirements

Configuration procedure

VRRP load balancing configuration example

Network requirements

Configuration procedure

IPv6 VRRP configuration examples

Single VRRP group configuration example

Network requirements

Configuration procedure

Multiple VRRP groups configuration example