Normally, as shown in Figure 1-1, you can configure a default route with the gateway as the next hop for every host on a network segment, allowing all packets destined to the other network segments to be sent over the default route to the gateway and then be forwarded by the gateway. This enables hosts on a network segment to communicate with external networks. However, when the gateway fails, all the hosts using the gateway as the default next-hop switch fail to communicate with the external network.

Figure 1-1 LAN networking

Apparently, this approach to enabling hosts on a network to communicate with external networks is easy to configure but it imposes a very high requirement of performance stability on the device acting as the gateway. A common way to improve system reliability is to use more egress gateways, introducing the problem of routing among the multiple egresses.

Virtual Router Redundancy Protocol (VRRP) is an error-tolerant protocol designed to address this problem through separating physical devices from logical devices. Deploying VRRP on multicast and broadcast LANs such as Ethernet, you can ensure that the system can still provide highly reliable default links without changing configurations (such as dynamic routing protocols, route discovery protocols) when a device fails and prevent network interruption due to a single link failure.

There are two VRRP versions: VRRPv2 and VRRPv3. VRRPv2 is based on IPv4, while VRRPv3 is based on IPv6. The two versions implement the same functions but provide different commands.

1.1.2 VRRP Standby Group Overview

VRRP combines a group of switches (including a master and multiple backups) on a LAN into a virtual router called standby group.

The VRRP standby group has the following features:

l A virtual router has an IP address. A host on the LAN only needs to know the IP address of the virtual router and uses the IP address as the next hop of the default route.

l Every host on the LAN communicates with external networks through the virtual router.

l Switches in the standby group elect the gateway according to their priorities. Once the master switch acting as the gateway fails, the other switches in the standby group elect a new gateway to undertake the responsibility of the failed switch, thus ensuring that the hosts in the network segment can communicate with the external networks uninterruptedly.

Figure 1-2 Network diagram for VRRP

As shown in Figure 1-2, Switch A, Switch B, and Switch C form a virtual router, which has its own IP address. Hosts on the Ethernet use the virtual router as the default gateway.

The switch with the highest priority of the three switches is elected as the master switch to act as the gateway, and the other two are backup switches.

Caution:

l The IP address of the virtual router can be either an unused IP address on the segment where

l the standby group resides or the IP address of an interface on a switch in the standby group. In the latter case, the switch is called the IP address owner.

l In a VRRP standby group, there can only be one IP address owner.

I. VRRP priority

VRRP determines the role (master or backup) of each switch in the standby group by priority. A switch with a higher priority has more opportunity to become the master.

VRRP priority is in the range of 0 to 255. A bigger number means a higher priority. Priorities 1 to 254 are configurable. Priority 0 is reserved for special uses and priority 255 for the IP address owner. When a switch acts as the IP address owner, its priority remains 255. That is, if there is an IP address owner in a standby group, it acts as the master as long as it works properly.

II. Working mode

A switch in a standby group can work in one of the following two modes:

l Non-preemption mode

Once a switch in the standby group becomes the master, it stays as the master as long as it operates normally, even if a backup switch is assigned a higher priority later.

l Preemption mode

Once a backup switch finds its priority higher than that of the switch acting as the master, it sends VRRP advertisements to start a new master switch election in the standby group and becomes the master. Accordingly, the original master switch becomes a backup.

III. Authentication mode

VRRP provides two authentication modes:

l simple: Simple text authentication

You can adopt the simple text authentication mode in a network facing possible security problems. A switch sending a packet fills the authentication key into the packet, and the switch receiving the packet compares its local authentication key with that of the received packet. If the two authentication keys are the same, the received VRRP packet is considered real and valid; otherwise, the received packet is considered an invalid one.

l md5: MD5 authentication

You can adopt MD5 authentication in a network facing severe security problems. The switch encrypts a packet to be sent using the authentication key and MD5 algorithm and saves the encrypted packet in the authentication header. The switch receiving the packet uses the authentication key to decrypt the packet and checks whether the packet is valid.

On a secure network, you need not set the authentication mode.

1.1.3 VRRP Timers

VRRP timers include VRRP advertisement interval timer and VRRP preemption delay timer.

I. VRRP advertisement interval timer

The master switch in a VRRP standby group sends VRRP advertisements periodically to inform the other switches in the standby group that it operates properly.

You can adjust the interval of sending VRRP advertisements by setting the VRRP advertisement interval timer. If a backup switch receives no advertisements in three times the interval, the backup switch regards itself as the master switch and sends VRRP advertisements to start a new master switch election.

II. VRRP preemption delay timer

In an unstable network, a backup switch may fail to receive the packets from the master switch due to network congestion, thus causing the members in the group to change their states frequently. This problem can be addressed through setting the VRRP preemption delay timer.

With the VRRP preemption delay timer set, if a backup switch receives no advertisement in three times the advertisement interval and then in preemption delay, it considers that the master fails. In this case, it regards itself as the master and sends VRRP advertisements to start a new master switch election in a standby group.

1.1.4 Format of VRRP Packets

VRRP uses multicast packets. The switch acting as the master sends VRRP packets periodically to declare its existence. VRRP packets are also used for checking the parameters of the virtual router and electing the master.

I. IPv4-based VRRP packet format

Figure 1-3 IPv4-based VRRP packet format

As shown in Figure 1-3, an IPv4-based VRRP packet consists of the following fields:

l Version: Version number of the protocol, 2 for VRRPv2.

l Type: Type of the VRRP packet. Only one VRRP packet type is present, that is, VRRP advertisement, which is represented by 1.

l Virtual Rtr ID (VRID): Number of the virtual router, that is, number of the standby group. It ranges from 1 to 255.

l Priority: Priority of the switch in the standby group, in the range 0 to 255. A greater value represents a higher priority.

l Count IP Addrs: Number of virtual IP addresses for the standby group. A standby group can have multiple virtual IP addresses.

l Auth Type: Authentication type. 0 means no authentication, 1 means simple authentication, and 2 means MD5 authentication.

l Adver Int: Interval for sending advertisement packets, in seconds. The default is 1.

l Checksum: 16-bit checksum for validating the data in VRRP packets.

l IP Address: Virtual IP address entry of the standby group. The allowed number is given by the Count IP Addrs field.

l Authentication Data: Authentication key. Currently, this field is used only for simple authentication and is 0 for any other authentication modes.

II. IPv6-based VRRP packet format

Figure 1-4 IPv6-based VRRP packet format

As shown in Figure 1-4, an IPv6-based VRRP packet consists of the following fields:

l Version: Version number of the protocol, 3 for VRRPv3.

l Type: Type of the VRRP packet. Only one VRRP packet type is present, that is, VRRP advertisement, which is represented by 1.

l Virtual Rtr ID (VRID): Number of the virtual router, that is, number of the standby group. It ranges from 1 to 255.

l Priority: Priority of the switch in the standby group, in the range 0 to 255. A greater value represents a higher priority.

l Count IPv6 Addrs: Number of virtual IPv6 addresses for the standby group. A standby group can have multiple virtual IPv6 addresses.

l Auth Type: Authentication type. 0 means no authentication, 1 means simple authentication. VRRPv3 does not support MD5 authentication.

l Adver Int: Interval for sending advertisement packets, in centiseconds. The default is 100.

l Checksum: 16-bit checksum for validating the data in VRRPv3 packets.

l IPv6 Address: Virtual IPv6 address entry of the standby group. The allowed number is given by the Count IPv6 Addrs field.

l Authentication Data: Authentication key. Currently, this field is used only for simple authentication and is 0 for any other authentication modes.

1.1.5 Principles of VRRP

l With VRRP enabled, the switches determine their respective roles in the standby group by priority. The switch with the highest priority becomes the master, while the others are the backups. The master sends VRRP advertisement packets periodically to notify the backups that it is working properly, and each of the backups starts a timer to wait for advertisement packets from the master.

l In preemption mode, when a backup receives a VRRP advertisement packet, it compares the priority in the packet with that of its own. If its priority is higher, it becomes the master; otherwise, it remains a backup.

l In non-preemption mode, the switch in the standby group remains as a master or backup as long as the master does not fail. The backup will no become the master even if the former is configured with a higher priority.

l If the timer of a backup expires but the backup still does not receive any VRRP advertisement packet, it considers that the master fails. In this case, the backup switch considers itself as the master switch and sends VRRP advertisements to start the election process to elect a new master switch for forwarding packets.

1.1.6 VRRP Interface Tracking

The interface tracking function expands the backup functionality of VRRP. It provides backup not only when the interface to which a standby group is assigned fails but also when other interfaces on the switch become unavailable. This is achieved by tracking interfaces. When a monitored interface goes down, the priority of the switch owning the interface is automatically decreased by a specified value, allowing a higher priority switch in the standby group to become the master.

1.1.7 VRRP Application (Taking IPv4-Based VRRP for Example)

I. Master/backup

In master/backup mode, only one switch, the master, provides services. When the master fails, a new master is elected from the original backups. This mode requires only one standby group, in which each switch holds different priorities and the one with the highest priority becomes the master, as shown in Figure 1-5.

Figure 1-5 VRRP in master/backup mode

At the beginning, Switch A is the master and therefore can forward packets to external networks, while Switch B and Switch C are backups and are thus in the state of listening. If Switch A fails, Switch B and Switch C will elect for the new master. The new master takes over the forwarding task to provide services to hosts on the LAN.

II. Load balancing

You can create more than one standby group on an interface of a switch, allowing the switch to be the master of one standby group but a backup of another at the same time.

In load balancing mode, multiple switches provide services at the same time. This mode requires two or more standby groups, each of which includes a master and one or more backups. The masters of the standby groups can be assumed by different switches, as shown in Figure 1-6.

Figure 1-6 VRRP in load balancing mode

A switch can be in multiple standby groups and hold a different priority in different group.

In Figure 1-6, three standby groups are present:

l Standby group 1: Switch A is the master; Switch B and Switch C are the backups.

l Standby group 2: Switch B is the master; Switch A and Switch C are the backups.

l Standby group 3: Switch C is the master; Switch A and Switch B are the backups.

For load balancing among Switch A, Switch B, and Switch C, hosts on the LAN need to be configured to use standby group 1, 2, and 3 as the default gateways respectively. When configuring VRRP priorities, ensure that each switch holds such a priority in each standby group that it will take the expected role in the group.

1.2 Configuring VRRP for IPv4

1.2.1 VRRP for IPv4 Configuration Task List

Complete these tasks to configure VRRP for IPv4:

Task	Remarks
Enabling Users to Ping Virtual IP Addresses	Optional
Configuring the Association Between Virtual IP Address and MAC Address	Optional
Creating Standby Group and Configuring Virtual IP Address	Required
Configuring Standby Group Priority, Preemption Mode and Interface Tracking	Optional
Configuring VRRP Packet Attributes	Optional

1.2.2 Enabling Users to Ping Virtual IP Addresses

You can configure whether the master switch responds to the received ICMP echo requests, that is, whether the virtual IP address of a standby group can be successfully pinged.

Follow these steps to enable a user to successfully ping the virtual IP addresses of standby groups:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enable users to ping virtual IP address of the standby group	vrrp ping-enable	Optional Enabled by default.

To do…

Use the command…

Remarks

Enter system view

system-view

—

Enable users to ping virtual IP address of the standby group

vrrp ping-enable

Optional

Enabled by default.

Caution:

Configure this function before creating a standby group. Otherwise, your configuration will fail.

1.2.3 Configuring the Association Between Virtual IP Address and MAC Address

After the virtual IP address of a standup group is associated with a MAC address, the master switch takes the configured MAC address as the source MAC address of the packets to be sent, so that the hosts in the internal network can learn the association between the IP address and the MAC address and thus forward the packets to be forwarded to the other network segments to the master switch properly.

There are two types of association between virtual IP address and MAC address:

l Virtual IP address is associated with virtual router MAC address

By default, a MAC address is created for a standby group after the standby group is created, and the virtual IP address is associated with the virtual MAC address. With such association adopted, the hosts in the internal network need not update the association between IP address and MAC address when the master switch changes.

l Virtual IP address is associated with real MAC address of the interface

When an IP address owner exists in a standby group, if you associate the virtual IP address with the virtual MAC address, two MAC addresses are associated with an IP address. In this case, you can associate the virtual IP address of the standby group with the real MAC address, so that the packets from a host are forwarded to the IP address owner according the real MAC address.

Follow these steps to configure the association between MAC address and virtual IP address:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the association between virtual IP address and MAC address	vrrp method { real-mac \| virtual-mac }	Optional The virtual MAC address is associated with the virtual IP address by default.

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure the association between virtual IP address and MAC address

vrrp method { real-mac | virtual-mac }

Optional

The virtual MAC address is associated with the virtual IP address by default.

Caution:

You should configure this function before creating a standby group. Otherwise, you cannot modify the mapping between the virtual IP address and the MAC address.

1.2.4 Creating Standby Group and Configuring Virtual IP Address

You need to configure a virtual IP address for a standby group when creating the standby group. A VRRP standby group is created automatically when you specify the first virtual IP address for the standby group. If you specify a virtual IP address for the standby group later, the virtual IP address is only added to the virtual IP address list of the VRRP standby group.

I. Configuration prerequisites

Before creating standby group and configuring virtual IP address, you should first configure the IP address of the interface and ensure that the virtual IP address to be configured is in the same network segment as the IP address of the interface.

II. Configuration procedure

Follow these steps to create standby group and configure virtual IP address:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter the specified interface view	interface interface-type interface-number	—
Create standby group and configure virtual IP address of the standby group	vrrp vrid virtual-router-id virtual-ip virtual-address	Required Standup group is not created by default.

Caution:

l The maximum number of standby groups on an interface and the maximum number of virtual IP addresses in a standby group vary by device.

l A standby group is removed after you remove all the virtual IP addresses in it. In addition, configurations on that standby group no longer take effect.

l The virtual IP address of the virtual router can be either an unused IP address on the segment where the standby group resides or the IP address of an interface on a switch in the standby group. In the latter case, the switch is called the IP address owner.

l The virtual IP address of the standby group cannot be 0.0.0.0, 255.255.255.255, loopback address, non A/B/C address and other illegal IP addresses such as 0.0.0.1.

l Only when the configured virtual IP address and the interface IP address belong to the same segment and are legal host addresses can the standby group operate normally. If the configured virtual IP address and the interface IP address do not belong to the same network segment, or the configured IP address is the network address or network broadcast address of the network segment that the interface IP address belongs to, the state of the standby group is always initialize though you can perform the configuration successfully, that is, VRRP does not take effect in this case.

1.2.5 Configuring Standby Group Priority, Preemption Mode and Interface Tracking

I. Configuration prerequisites

Before you configure these features, you should first create a standby group on the interface and configure virtual IP address for it.

II. Configuration procedure

By configuring switch priority, preemption mode and interface tracking, you can decide which switch in the standby group serves as the Master.

Follow these steps to configure standby group priority, preemption mode and interface tracking:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter interface view	interface interface-type interface-number	—
Configure switch priority in the standby group	vrrp vrid virtual-router-id priority priority-value	Optional 100 by default.
Configure the switch in the standby group to work in preemption mode and configure preemption delay	vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ]	Optional The switch in the standby group works in preemption mode and the preemption delay is 0 seconds by default.
Configure the interface to be tracked	vrrp vrid virtual-router-id track interface interface-type interface-number [ reduced priority-reduced ]	Optional No interface is being tracked by default.

Caution:

l The priority of an IP address owner is always 255 and not configurable.

l Interface tracking is not configurable to an IP address owner.

l The priority of a device is restored if the state of the interface under tracking changes from down to up.

1.2.6 Configuring VRRP Packet Attributes

I. Configuration prerequisites

Before configuring the relevant attributes of VRRP packets, you should first create the standby group and configure the virtual IP address.

II. Configuration procedure

Follow these steps to configure VRRP packet attributes:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter the specified interface view	interface interface-type interface-number	—
Configure the authentication mode and authentication key when the standby groups send and receive VRRP packets	vrrp vrid virtual-router-id authentication-mode { md5 \| simple } key	Optional Authentication is not performed by default
Configure the time interval for the Master in the standby group to send VRRP advertisement	vrrp vrid virtual-router-id timer advertise adver-interval	Optional 1 second by default
Disable TTL check on VRRP packets	vrrp un-check ttl	Optional Enabled by default Do not create a standby group before executing this command.

& Note:

l You may configure different authentication modes and authentication keys for the standby groups on an interface. However, the members of the same standby group must use the same authentication mode and authentication key.

l Factors like excessive traffic or different timer setting on switches can cause the Backup timer to time-out abnormally and trigger a change of the state. To solve this problem, you can prolong the time interval to send VRRP packets and configure a preemption delay.

1.2.7 Displaying and Maintaining VRRP for IPv4

To do…	Use the command…	Remarks
Display VRRP status	display vrrp [ verbose ] [ interface interface-type interface-number [ vrid virtual-router-id ] ]	Available in any view
Display VRRP statistics	display vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]	Available in any view
Remove VRRP statistics	reset vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]	Available in user view

1.3 Configuring VRRP for IPv6

1.3.1 VRRP for IPv6 Configuration Task List

Complete these tasks to configure VRRP for IPv6:

Task	Remarks
Enabling Users to Ping Virtual IPv6 Addresses	Optional
Configuring the Association Between Virtual IPv6 Address and MAC Address	Optional
Creating Standby Group and Configuring Virtual IPv6 Address	Required
Configuring Standby Group Priority, Preemption Mode and Interface Tracking	Optional
Configuring VRRP Packet Attributes	Optional

1.3.2 Enabling Users to Ping Virtual IPv6 Addresses

You can configure whether the master switch responds to the received ICMPv6 echo requests, that is, whether the virtual IPv6 address of a standby group can be pinged through.

Follow these steps to enable a user to successfully ping the virtual IPv6 addresses of standby groups:

To do...	Use the command...	Remarks
Enter system view	system-view	—
Enable a user to ping virtual IPv6 address of the standby group	vrrp ipv6 ping-enable	Optional Enabled by default

To do...

Use the command...

Remarks

Enter system view

system-view

—

Enable a user to ping virtual IPv6 address of the standby group

vrrp ipv6 ping-enable

Optional

Enabled by default

Caution:

You should configure this function before creating a standby group. Otherwise, you cannot ping the virtual IPv6 addresses of standby groups.

1.3.3 Configuring the Association Between Virtual IPv6 Address and MAC Address

After the virtual IPv6 address of a standup group is associated with the MAC address, the master switch takes the configured MAC address as the source MAC address of the packets to be sent, so that the hosts in the internal network can learn the association between the IPv6 address and the MAC address and thus forward the packets to be forwarded to the other network segments to the master switch properly.

There are two types of association between virtual IPv6 address and MAC address:

l Virtual IPv6 address is associated with virtual router MAC address

By default, a MAC address is created for a standby group after the standby group is created, and the virtual IPv6 address is associated with the virtual MAC address. With such association adopted, the hosts in the internal network need not update the association between IPv6 address and MAC address when the master switch changes.

l Virtual IPv6 address is associated with real MAC address of the interface

When an IP address owner exists in a standby group, if you associate the virtual IPv6 address with the virtual MAC address, two MAC addresses are associated with an IPv6 address. In this case, you can associate the virtual IPv6 address of the standby group with the real MAC address, so that the packets from a host is forwarded to the IP address owner according the real MAC address.

Follow these steps to configure the association between MAC address and virtual IPv6 address:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Configure the association between virtual IPv6 address and MAC address	vrrp ipv6 method { real-mac \| virtual-mac }	Optional The virtual MAC address of the standby group is associated with the virtual IPv6 address by default.

To do…

Use the command…

Remarks

Enter system view

system-view

—

Configure the association between virtual IPv6 address and MAC address

vrrp ipv6 method { real-mac | virtual-mac }

Optional

The virtual MAC address of the standby group is associated with the virtual IPv6 address by default.

Caution:

You should configure this function before creating a standby group. Otherwise, you cannot modify the mapping between the virtual IPv6 address and the MAC address.

1.3.4 Creating Standby Group and Configuring Virtual IPv6 Address

You need to configure a virtual IPv6 address for a standby group when creating the standby group. A VRRP standby group is created automatically when you specify the first virtual IPv6 address for the standby group. If you specify a virtual IPv6 address for the standby group later, the virtual IPv6 address is only added to the virtual IPv6 address list of the VRRP standby group.

I. Configuration prerequisites

Before creating standby group and configuring virtual IPv6 address, you should first configure the IPv6 address of the interface and ensure that the virtual IPv6 address to be configured is in the same network segment as the IPv6 address of the interface.

II. Configuration procedure

Follow these steps to create standby group and configure its virtual IPv6 address:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter the specified interface view	interface interface-type interface-number	—
Create standby group and configure its virtual IPv6 address	vrrp ipv6 vrid virtual-router-id virtual-ip virtual-address [ link-local ]	Required No standby group is created by default. The first virtual IPv6 address of the standby group must be a link local address. Only one link local address is allowed in a standby group, and must be removed the last.

Caution:

l The maximum number of standby groups on an interface and the maximum number of virtual IPv6 addresses in a standby group vary by device.

l A standby group is removed after you remove all the virtual IPv6 addresses in it. In addition, configurations on that standby group no longer take effect.

1.3.5 Configuring Standby Group Priority, Preemption Mode and Interface Tracking

I. Configuration prerequisites

Before configuring these features, you should first create the standby group and configure the virtual IPv6 address.

II. Configuration procedure

By configuring standby group priority, preemption mode and interface tracking, you can decide which switch in the standby group serves as the Master.

Follow these steps to configure standby group priority, preemption mode and interface tracking:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter the specified interface view	interface interface-type interface-number	—
Configure the priority of the switch in the standby group	vrrp ipv6 vrid virtual-router-id priority priority-value	Optional 100 by default
Configure the switch in the standby to work in preemption mode and configure preemption delay of the standby group	vrrp ipv6 vrid virtual-router-id preempt-mode [ timer delay delay-value ]	Optional The switch in the standby group works in preemption mode and the preemption delay is zero seconds by default.
Configure the interface to be tracked	vrrp ipv6 vrid virtual-router-id track interface interface-type interface-number [ reduced priority-reduced ]	Optional No interface is being tracked by default.

Caution:

l The priority of an IP address owner is always 255 and not configurable.

l Interface tracking is not configurable on an IP address owner.

l The priority of a device is reset if the state of the interface under tracking changes from down to up.

1.3.6 Configuring VRRP Packet Attributes

I. Configuration prerequisites

Before configuring the relevant attributes of VRRP packets, you should first create the standby group and configure the virtual IPv6 address.

II. Configuration procedure

Follow these steps to configure VRRP packet attributes:

To do…	Use the command…	Remarks
Enter system view	system-view	—
Enter the specified interface view	interface interface-type interface-number	—
Configure the authentication mode and authentication key when the standby groups send and transmit VRRP packets	vrrp ipv6 vrid virtual-router-id authentication-mode simple key	Optional Authentication is not performed by default
Configure the time interval for the Master in the standby group to send VRRP advertisement	vrrp ipv6 vrid virtual-router-id timer advertise adver-interval	Optional 100 centiseconds by default

You may configure different authentication modes and authentication keys for the standby groups on an interface. However, the members of the same standby group must use the same authentication mode and authentication key.

Factors like excessive traffic or different timer setting on switches can cause the Backup timer to time-out abnormally and change the state. To solve this problem, you can prolong the time interval to send VRRP packets and configure a delay for preemption.

1.3.7 Displaying and Maintaining VRRP for IPv6

To do…	Use the command…	Remarks
Display VRRP status	display vrrp ipv6 [verbose] [ interface interface-type interface-number [ vrid virtual-router-id ] ]	Available in any view
Display VRRP statistics	display vrrp ipv6 statistics [ interface interface-type interface-number [vrid virtual-router-id ] ]	Available in any view
Remove VRRP statistics	reset vrrp ipv6 statistics [interface interface-type interface-number [vrid virtual-router-id ] ]	Available in user view

1.4 IPv4-Based VRRP Configuration Examples

This section provides these configuration examples:

l Single VRRP Standby Group Configuration Example

l VRRP Interface Tracking Configuration Example

l Multiple VRRP Standby Group Configuration Example

1.4.1 Single VRRP Standby Group Configuration Example

I. Network requirements

l Host A needs to access Host B on the Internet, using 202.38.160.111/24 as its default gateway.

l Switch A and Switch B belong to standby group 1 with the virtual IP address of 202.38.160.111/24.

l If Switch A operates normally, packets sent from Host A to Host B are forwarded by Switch A; if Switch A fails, packets sent from Host A to Host B are forwarded by Switch B.

II. Network diagram

Figure 1-7 Network diagram for single VRRP standby group configuration

III. Configuration procedure

1) Configure Switch A

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port GigabitEthernet 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

# Create standby group 1 and set its virtual IP address to be 202.38.160.111.

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority of Switch A in standby group 1 to 110.

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110

# Set Switch A to work in preemption mode. The preemption delay is five seconds.

[SwitchA-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5

2) Configure Switch B

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-Vlan2] port GigabitEthernet 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

# Create standby group 1 and set its virtual IP address to be 202.38.160.111.

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set Switch B to work in preemption mode. The preemption delay is five seconds.

[SwitchB-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5

3) Verify the configuration

After the configuration, Host B can be pinged through on Host A. You can use the display vrrp command to verify the configuration.

# Display detailed information of standby group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 1

Admin Status : UP State : Master

Config Pri : 110 Run Pri : 110

Preempt Mode : YES Delay Time : 5

Auth Type : NONE

Virtual IP : 202.38.160.111

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.1

# Display detailed information of standby group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 1

Admin Status : UP State : Backup

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 5

Auth Type : NONE

Virtual IP : 202.38.160.111

Master IP : 202.38.160.1

The above information indicates that in standby group 1 Switch A is the master, Switch B is the backup and packets sent from Host A to Host B are forwarded by Switch A.

If Switch A fails, you can still ping through Host B on Host A. Use the display vrrp command to view the detailed information of the standby group on Switch B.

# If Switch A fails, the detailed information of standby group 1 on Switch B is displayed.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 1

Admin Status : UP State : Master

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 5

Auth Type : NONE

Virtual IP : 202.38.160.111

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.2

The above information indicates that if Switch A fails, Switch B becomes the master, and packets sent from Host A to Host B are forwarded by Switch B.

1.4.2 VRRP Interface Tracking Configuration Example

I. Network requirements

l Host A needs to access Host B on the Internet, using 202.38.160.111/24 as its default gateway.

l Switch A and Switch B belong to standby group 1 with the virtual IP address of 202.38.160.111.

l If Switch A operates normally, packets sent from Host A to Host B are forwarded by Switch A; if Switch A is in work, but its VLAN-interface 3 which connects to the Internet is not available, packets sent from Host A to Host B are forwarded by Switch B.

II. Network diagram

Figure 1-8 Network diagram for VRRP interface tracking

III. Configuration procedure

1) Configure Switch A

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port GigabitEthernet 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

# Create a standby group 1 and set its virtual IP address to 202.38.160.111.

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Configure the priority of Switch A in the standby group to 110.

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110

# Configure the authentication mode of the standby group to simple and authentication key to hello.

[SwitchA-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello

# Set the interval for Master to send VRRP advertisement to five seconds.

[SwitchA-Vlan-interface2] vrrp vrid 1 timer advertise 5

# Set the interface to be tracked.

[SwitchA-Vlan-interface2] vrrp vrid 1 track interface vlan-interface 3 reduced 30

2) Configure Switch B

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port GigabitEthernet 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

# Create a standby group 1 and set its virtual IP address to 202.38.160.111.

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Configure the authentication mode of the standby group to simple and authentication key to hello.

[SwitchB-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello

# Set the interval for Master to send VRRP advertisement to five seconds.

[SwitchB-Vlan-interface2] vrrp vrid 1 timer advertise 5

3) Verify the configuration

After the configuration, Host B can be pinged through on Host A. You can use the display vrrp command to verify the configuration.

# Display detailed information of standby group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 5

Admin Status : UP State : Master

Config Pri : 110 Run Pri : 110

Preempt Mode : YES Delay Time : 0

Auth Type : SIMPLE TEXT Key : hello

Track IF : Vlan-interface3 Pri Reduced : 30

Virtual IP : 202.38.160.111

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.1

# Display detailed information of standby group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 5

Admin Status : UP State : Backup

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 0

Auth Type : SIMPLE TEXT Key : hello

Virtual IP : 202.38.160.111

Master IP : 202.38.160.1

The above information indicates that in standby group 1 Switch A is the master, Switch B is the backup and packets sent from Host A to Host B are forwarded by Switch A.

If Switch A is in work, but when its interface VLAN-interface 3 that connects to the Internet is not available, you can still ping through Host B on Host A. Use the display vrrp command to view the detailed information of the standby group.

# If VLAN-interface 3 on Switch A is not available, the detailed information of standby group 1 on Switch A is displayed.

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 5

Admin Status : UP State : Backup

Config Pri : 110 Run Pri : 80

Preempt Mode : YES Delay Time : 0

Auth Type : SIMPLE TEXT Key : hello

Track IF : Vlan-interface3 Pri Reduced : 30

Virtual IP : 202.38.160.111

Master IP : 202.38.160.2

# If VLAN-interface 3 on Switch A is not available, the detailed information of standby group 1 on Switch B is displayed.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 5

Admin Status : UP State : Master

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 0

Auth Type : SIMPLE TEXT Key : hello

Virtual IP : 202.38.160.111

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.2

The above information indicates that if VLAN-interface 3 on Switch A is not available, the priority of Switch A is reduced to 80 and it becomes the backup. Switch B becomes the master and packets sent from Host A to Host B are forwarded by Switch B.

1.4.3 Multiple VRRP Standby Group Configuration Example

I. Network requirements

l In the segment 202.38.160.0/24, some hosts use 202.38.160.111/24 as their default gateway and some hosts use 202.38.160.112/24 as their default gateway.

l Load sharing and mutual backup between default gateways can be implemented by using VRRP standby groups.

II. Network diagram

Figure 1-9 Network diagram for multiple VRRP standby group configuration

III. Configuration procedure

1) Configure Switch A

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port GigabitEthernet 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

# Create a standby group 1 and set its virtual IP address to 202.38.160.111.

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Configure the priority of Switch A in standby group 1 to 110.

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110

# Create a standby group 2 and set its virtual IP address to 202.38.160.112.

[SwitchA-Vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112

2) Configure Switch B

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port GigabitEthernet 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

# Create a standby group 1 and set its virtual IP address to 202.38.160.111.

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Create a standby group 2 and set its virtual IP address to 202.38.160.112.

[SwitchB-Vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112

# Configure the priority of Switch B in standby group 2 to 110.

[SwitchB-Vlan-interface2] vrrp vrid 2 priority 110

3) Verify the configuration

You can use the display vrrp command to verify the configuration.

# Display detailed information of the standby group on Switch A.

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 1

Admin Status : UP State : Master

Config Pri : 110 Run Pri : 110

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : 202.38.160.111

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.1

Interface : Vlan-interface2

VRID : 2 Adver. Timer : 1

Admin Status : UP State : Backup

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : 202.38.160.112

Master IP : 202.38.160.2

# Display detailed information of the standby group on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 1

Admin Status : UP State : Backup

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : 202.38.160.111

Master IP : 202.38.160.1

Interface : Vlan-interface2

VRID : 2 Adver. Timer : 1

Admin Status : UP State : Master

Config Pri : 110 Run Pri : 110

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : 202.38.160.112

Virtual MAC : 0000-5e00-0102

Master IP : 202.38.160.2

The above information indicates that in standby group 1 Switch A is the master, Switch B is the backup and the host with the default gateway of 202.38.160.111/24 accesses the Internet through Switch A; in standby group 2 Switch A is the backup, Switch B is the master and the host with the default gateway of 202.38.160.112/24 accesses the Internet through Switch B.

1.5 IPv6-Based VRRP Configuration Examples

This section provides these configuration examples:

l Single VRRP Standby Group Configuration Example

l VRRP Interface Tracking Configuration Example

l Multiple VRRP Standby Group Configuration Example

1.5.1 Single VRRP Standby Group Configuration Example

I. Network requirements

l Host A needs to access Host B on the Internet, using FE80::10 as its default gateway.

l Switch A and Switch B belong to standby group 1 with the virtual IP address of FE80::10.

l If Switch A operates normally, packets sent from Host A to Host B are forwarded by Switch A; if Switch A fails, packets sent from Host A to Host B are forwarded by Switch B.

II. Network diagram

Figure 1-10 Network diagram for single VRRP standby group configuration

III. Configuration procedure

1) Configure Switch A

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] ipv6

[SwitchA] vlan 2

[SwitchA-vlan2] port GigabitEthernet 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64

# Create a standby group 1 and set its virtual IP address to FE80::10.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

# Set the priority of Switch A in standby group 1 to 110.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# Set Switch A to work in preemption mode.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode

# Enable Switch A to send RA messages.

[SwitchA-Vlan-interface2] undo ipv6 nd ra halt

2) Configure Switch B

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] ipv6

[SwitchB] vlan 2

[SwitchB-vlan2] port GigabitEthernet 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

# Create a standby group 1 and set its virtual IP address to FE80::10.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

# Enable Switch B to send RA messages.

[SwitchB-Vlan-interface2] undo ipv6 nd ra halt

3) Verify the configuration

After the configuration, Host B can be pinged through on Host A. You can use the display vrrp ipv6 command to verify the configuration.

# Display detailed information of standby group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 100

Admin Status : UP State : Master

Config Pri : 110 Run Pri : 110

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : FE80::10

Virtual MAC : 0000-5e00-0201

Master IP : FE80::1

# Display detailed information of standby group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 100

Admin Status : UP State : Backup

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : FE80::10

Master IP : FE80::1

The above information indicates that in standby group 1 Switch A is the master, Switch B is the backup and packets sent from Host A to Host B are forwarded by Switch A.

If Switch A fails, you can still ping through Host B on Host A. You can use the display vrrp ipv6 command to view the detailed information of the standby group on Switch B.

# If Switch A fails, the detailed information of standby group 1 on Switch B is displayed.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 100

Admin Status : UP State : Master

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : FE80::10

Virtual MAC : 0000-5e00-0201

Master IP : FE80::2

The above information indicates that if Switch A fails, Switch B becomes the master, and packets sent from Host A to Host B are forwarded by Switch B.

1.5.2 VRRP Interface Tracking Configuration Example

I. Network requirements

l Host A needs to access Host B on the Internet, using FE80::10 as its default gateway.

l Switch A and Switch B belong to standby group 1 with the virtual IP address of FE80::10.

II. Network diagram

Figure 1-11 Network diagram for VRRP interface tracking

III. Configuration procedure

1) Configure Switch A

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] ipv6

[SwitchA] vlan 2

[SwitchA-vlan2] port GigabitEthernet 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64

# Create a standby group 1 and set its virtual IP address to FE80::10.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

# Set the priority of Switch A in standby group 1 to 110.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# Set the authentication mode for standby group 1 to simple and authentication key to hello.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 authentication-mode simple hello

# Set the VRRP advertisement interval to 500 centiseconds.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 timer advertise 500

# Set Switch A work in preemption mode. The preemption delay is five seconds.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5

# Set the interface to be tracked.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 track interface vlan-interface 3 reduced 30

2) Configure Switch B

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] ipv6

[SwitchB] vlan 2

[SwitchB-vlan2] port GigabitEthernet 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

[SwitchB-Vlan-interface2] ipv6 address 1::2 64

# Create a standby group 1 and set its virtual IP address to FE80::10.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

# Set the authentication mode for standby group 1 to simple and authentication key to hello.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 authentication-mode simple hello

# Set the VRRP advertisement interval to 500 centiseconds.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 timer advertise 500

# Set Switch B to work in preemption mode. The preemption delay is five seconds.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5

3) Verify the configuration

After the configuration, Host B can be pinged through on Host A. You can use the display vrrp ipv6 command to verify the configuration.

# Display detailed information of standby group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 500

Admin Status : UP State : Master

Config Pri : 110 Run Pri : 110

Preempt Mode : YES Delay Time : 5

Auth Type : SIMPLE TEXT Key : hello

Track IF : Vlan-interface3 Pri Reduced : 30

Virtual IP : FE80::10

Virtual MAC : 0000-5e00-0201

Master IP : FE80::1

# Display detailed information of standby group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 500

Admin Status : UP State : Backup

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 5

Auth Type : SIMPLE TEXT Key : hello

Virtual IP : FE80::10

Master IP : FE80::1

The above information indicates that in standby group 1 Switch A is the master, Switch B is the backup and packets sent from Host A to Host B are forwarded by Switch A.

If Switch A is in work, but its interface VLAN-interface 3 is not available, you can still ping through Host B on Host A. You can use the display vrrp ipv6 command to view the detailed information of the standby group.

# If Switch A is in work, but its interface VLAN-interface 3 is not available, the detailed information of standby group 1 on Switch A is displayed.

[SwitchA-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 500

Admin Status : UP State : Backup

Config Pri : 110 Run Pri : 80

Preempt Mode : YES Delay Time : 5

Auth Type : SIMPLE TEXT Key : hello

Track IF : Vlan-interface3 Pri Reduced : 30

Virtual IP : FE80::10

Master IP : FE80::2

# If Switch A is in work, but its interface VLAN-interface 3 is not available, the detailed information of standby group 1 on Switch B is displayed.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 500

Admin Status : UP State : Master

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 5

Auth Type : SIMPLE TEXT Key : hello

Virtual IP : FE80::10

Virtual MAC : 0000-5e00-0201

Master IP : FE80::2

The above information indicates that if VLAN-interface 3 on Switch A is not available, the priority of Switch A reduces to 80 and it becomes the backup. Switch B becomes the master and packets sent from Host A to Host B are forwarded by Switch B.

1.5.3 Multiple VRRP Standby Group Configuration Example

I. Network requirements

l In the network, some hosts use FE80::10 as their default gateway and some hosts use FE80::20 as their default gateway.

l Load sharing and mutual backup between default gateways can be implemented by using VRRP standby groups.

II. Network diagram

Figure 1-12 Network diagram for multiple VRRP standby group configuration

III. Configuration procedure

1) Configure Switch A

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] ipv6

[SwitchA] vlan 2

[SwitchA-vlan2] port GigabitEthernet 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64

# Create standby group 1 and set its virtual IP address to FE80::10.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

# Set the priority of Switch A in standby group 1 to 110.

[Switch-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# Create standby group 2 and set its virtual IP address to FE80::20.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local

2) Configure Switch B

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] ipv6

[SwitchB-vlan2] port GigabitEthernet 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

[SwitchB-Vlan-interface2] ipv6 address 1::2 64

# Create standby group 1 and set its virtual IP address to FE80::10.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

# Create standby group 2 and set its virtual IP address to FE80::20.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 2 virtual-ip fe80::20 link-local

# Set the priority of Switch B in standby group 2 to 110.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 2 priority 110

3) Verify the configuration

You can use the display vrrp ipv6 command to verify the configuration.

# Display detailed information of the standby group on Switch A.

[SwitchA-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 100

Admin Status : UP State : Master

Config Pri : 110 Run Pri : 110

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : FE80::10

Virtual MAC : 0000-5e00-0201

Master IP : FE80::1

Interface : Vlan-interface2

VRID : 2 Adver. Timer : 100

Admin Status : UP State : Backup

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : FE80::20

Master IP : FE80::2

# Display detailed information of the standby group on Switch B.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Standby Information:

Run Method : VIRTUAL-MAC

Virtual IP Ping : Enable

Interface : Vlan-interface2

VRID : 1 Adver. Timer : 100

Admin Status : UP State : Backup

Config Pri : 100 Run Pri : 100

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : FE80::10

Master IP : FE80::1

Interface : Vlan-interface2

VRID : 2 Adver. Timer : 100

Admin Status : UP State : Master

Config Pri : 110 Run Pri : 110

Preempt Mode : YES Delay Time : 0

Auth Type : NONE

Virtual IP : FE80::20

Virtual MAC : 0000-5e00-0202

Master IP : FE80::2

The above information indicates that in standby group 1 Switch A is the master, Switch B is the backup and the host with the default gateway of FE80::10 accesses the Internet through Switch A; in standby group 2 Switch A is the backup, Switch B is the master and the host with the default gateway of FE80::20 accesses the Internet through Switch B.

& Note:

Multiple standby groups are commonly used in actual networking. In IPv6 network, you need to manually configure the default gateway for VRRP standby group to share load.

1.6 Troubleshooting VRRP

Symptom 1:

The console screen displays error prompts frequently.

Analysis:

This error is probably due to the inconsistent configuration of the other switch in the standby group, or that a device is attempting to send illegitimate VRRP packets.

Solution:

l In the first case, modify the configuration.

l In the latter case, you have to resort to non-technical measures.

Symptom 2:

Multiple masters are present in the same standby group.

Analysis:

l If presence of multiple masters only lasts a short period, this is normal and requires no manual intervention.

l If it lasts long, you must ensure that these masters can receive VRRP packets and the packets received are legitimate.

Solution:

Ping between these masters, and do the following:

l If the ping fails, check network connectivity.

l If the ping succeeds, check that their configurations are consistent in terms of number of virtual IP addresses, virtual IP addresses, advertisement interval, and authentication.

Symptom 3:

Frequent VRRP state transition.

Analysis:

The VRRP advertisement interval is set too short.

Solution:

Increase the interval to sent VRRP advertisement or introduce a preemption delay

H3C S5500-EI Series Switches Operation Manual-Release 2102(V1.01)

1.1 Introduction to VRRP

1.1.2 VRRP Standby Group Overview

I. VRRP priority

II. Working mode

III. Authentication mode

1.1.3 VRRP Timers

I. VRRP advertisement interval timer

II. VRRP preemption delay timer

1.1.4 Format of VRRP Packets

I. IPv4-based VRRP packet format

II. IPv6-based VRRP packet format

1.1.5 Principles of VRRP

1.1.6 VRRP Interface Tracking

I. Master/backup

II. Load balancing

1.2 Configuring VRRP for IPv4

1.2.2 Enabling Users to Ping Virtual IP Addresses

1.2.3 Configuring the Association Between Virtual IP Address and MAC Address

1.2.4 Creating Standby Group and Configuring Virtual IP Address

I. Configuration prerequisites

II. Configuration procedure

1.2.5 Configuring Standby Group Priority, Preemption Mode and Interface Tracking

I. Configuration prerequisites

II. Configuration procedure

1.2.6 Configuring VRRP Packet Attributes

I. Configuration prerequisites

II. Configuration procedure

1.2.7 Displaying and Maintaining VRRP for IPv4

1.3 Configuring VRRP for IPv6

1.3.2 Enabling Users to Ping Virtual IPv6 Addresses

1.3.3 Configuring the Association Between Virtual IPv6 Address and MAC Address

1.3.4 Creating Standby Group and Configuring Virtual IPv6 Address

I. Configuration prerequisites

II. Configuration procedure

1.3.5 Configuring Standby Group Priority, Preemption Mode and Interface Tracking

I. Configuration prerequisites

II. Configuration procedure

1.3.6 Configuring VRRP Packet Attributes

I. Configuration prerequisites

II. Configuration procedure

1.3.7 Displaying and Maintaining VRRP for IPv6

1.4 IPv4-Based VRRP Configuration Examples

1.4.1 Single VRRP Standby Group Configuration Example

I. Network requirements

II. Network diagram

III. Configuration procedure

1.4.2 VRRP Interface Tracking Configuration Example

I. Network requirements

II. Network diagram

III. Configuration procedure

1.4.3 Multiple VRRP Standby Group Configuration Example

I. Network requirements

II. Network diagram

III. Configuration procedure

1.5.1 Single VRRP Standby Group Configuration Example

I. Network requirements

II. Network diagram

III. Configuration procedure

1.5.2 VRRP Interface Tracking Configuration Example

I. Network requirements

II. Network diagram

III. Configuration procedure

1.5.3 Multiple VRRP Standby Group Configuration Example

I. Network requirements

II. Network diagram

III. Configuration procedure

1.6 Troubleshooting VRRP

Cloud & AI

InterConnect

Intelligent Terminal Products

Product Support Services

Technical Service Solutions

Resource Center

Policy

Online Help

Become a Partner

Partner Resources

Partner Business Management

Company Information