10-High Availability Configuration Guide

HomeSupportResource CenterConfigure & DeployConfiguration GuidesH3C S12500-X & S12500X-AF Switch Series Configuration Guides(R115x)-6W10210-High Availability Configuration Guide
04-VRRP configuration
Title Size Download
04-VRRP configuration 436.35 KB

Contents

Configuring VRRP· 1

Overview·· 1

VRRP standard mode· 2

Router priority in a VRRP group· 2

Preemption· 2

Authentication method· 3

VRRP timers· 3

Master election· 3

VRRP tracking· 4

VRRP application· 4

VRRP load balancing mode· 6

Virtual MAC address assignment 6

Virtual forwarder 8

Protocols and standards· 10

Configuring IPv4 VRRP· 10

IPv4 VRRP configuration task list 10

Specifying an IPv4 VRRP operating mode· 10

Specifying the IPv4 VRRP version· 11

Creating a VRRP group and assigning a virtual IP address· 11

Configuring the router priority, preemptive mode, and tracking function· 12

Configuring IPv4 VRRP packet attributes· 13

Configuring VF tracking· 14

Enabling SNMP notifications for VRRP· 14

Disabling an IPv4 VRRP group· 15

Displaying and maintaining IPv4 VRRP· 15

Configuring IPv6 VRRP· 15

IPv6 VRRP configuration task list 15

Specifying an IPv6 VRRP operating mode· 16

Creating a VRRP group and assigning a virtual IPv6 address· 16

Configuring the router priority, preemptive mode, and tracking function· 17

Configuring VF tracking· 18

Configuring IPv6 VRRP packet attributes· 18

Disabling an IPv6 VRRP group· 19

Displaying and maintaining IPv6 VRRP· 19

IPv4 VRRP configuration examples· 20

Single VRRP group configuration example· 20

Multiple VRRP groups configuration example· 22

VRRP load balancing configuration example· 25

IPv6 VRRP configuration examples· 33

Single VRRP group configuration example· 33

Multiple VRRP groups configuration example· 36

VRRP load balancing configuration example· 40

Troubleshooting VRRP· 48

An error prompt is displayed· 48

Multiple masters appear in a VRRP group· 48

Fast VRRP state flapping· 49


Configuring VRRP

The term "interface" in this chapter refers to VLAN interfaces, Layer 3 Ethernet interfaces, Layer 3 aggregate interfaces, Layer 3 Ethernet subinterfaces, and Layer 3 aggregate subinterfaces. You can configure an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide).

VRRP cannot be configured on member ports of aggregation groups.

Overview

Typically, you can configure a default gateway for every host on a LAN. All packets destined for other networks are sent through the default gateway. As shown in Figure 1, when the default gateway fails, no hosts can communicate with external networks.

Figure 1 LAN networking

 

Using a default gateway facilitates your configuration but requires high availability. Using more egress gateways improves link availability but introduces the problem of routing among the egresses.

Virtual Router Redundancy Protocol (VRRP) is designed to address this issue. VRRP adds a group of network gateways to a VRRP group called a "virtual router." A VRRP group comprises one master and multiple backups, but has only one virtual IP address. The hosts on the subnet only need to configure this virtual IP address as their default network gateway for communicating with external networks.

The virtual IP address of the virtual router can be either an unused IP address on the subnet where the VRRP group resides or the IP address of an interface on a router in the VRRP group. In the latter case, the router is called the IP address owner. A VRRP group can have only one IP address owner.

VRRP avoids single points of failure and simplifies the configuration on hosts. When the master in the VRRP group on a multicast or broadcast LAN (for example, an Ethernet network) fails, another router in the VRRP group takes over. The switchover is complete without causing dynamic route recalculation, route re-discovery, gateway reconfiguration on the hosts, or traffic interruption.

VRRP operates in either of the following modes:

·          Standard mode—Implemented based on RFCs. For more information, see "VRRP standard mode."

·          Load balancing mode—Extends the VRRP standard mode to distribute load across VRRP group members. For more information, see "VRRP load balancing mode."

VRRP has two versions: VRRPv2 and VRRPv3. VRRPv2 supports IPv4 VRRP. VRRPv3 supports IPv4 VRRP and IPv6 VRRP.

VRRP standard mode

In VRRP standard mode, only the master in the VRRP group can provide gateway service. When the master fails, the backup routers elect a new master to take over for nonstop gateway service.

Figure 2 VRRP networking

 

As shown in Figure 2, Router A, Router B, and Router C form a virtual router, which has its own IP address. Hosts on the subnet use the virtual router as the default gateway.

The router with the highest priority among the three routers is elected as the master, and the other two are backups.

Router priority in a VRRP group

VRRP determines the role (master or backup) of each router in a VRRP group by priority. A router with higher priority is more likely to become the master.

A VRRP priority can be in the range of 0 to 255, and a greater number represents a higher priority. Priorities 1 to 254 are configurable. Priority 0 is reserved for special uses, and priority 255 is for the IP address owner. The router acting as the IP address owner in a VRRP group always has a running priority of 255 and acts as the master as long as it operates correctly.

Preemption

A router in a VRRP group operates in either non-preemptive mode or preemptive mode:

·          Non-preemptive mode—When a router in the VRRP group becomes the master, it acts as the master as long as it operates correctly, even if a backup router is later assigned a higher priority. Non-preemptive mode helps avoid frequent switchover between the master and backup routers.

·          Preemptive mode—A backup starts a new master election and takes over as master when it detects that it has a higher priority than the current master. Preemptive mode makes sure the router with the highest priority in a VRRP group always acts as the master.

Authentication method

To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets to authenticate one another. VRRP provides the following authentication methods:

·          Simple authentication

The sender fills an authentication key into the VRRP packet, and the receiver compares the received authentication key with its local authentication key. If the two authentication keys match, the received VRRP packet is legitimate. Otherwise, the received packet is illegitimate and gets discarded.

·          MD5 authentication

The sender computes a digest for the packet to be sent by using the authentication key and MD5 algorithm, and saves the result in the VRRP packet. The receiver performs the same operation with the authentication key and MD5 algorithm, and compares the result with the content in the authentication header. If the results match, the received VRRP packet is legitimate. Otherwise, the received packet is illegitimate and gets discarded.

On a secure network, you can choose to not authenticate VRRP packets.

 

 

NOTE:

IPv4 VRRPv3 and IPv6 VRRPv3 do not support VRRP packet authentication.

 

VRRP timers

Skew_Time

Skew_Time helps avoid the situation that multiple backups in a VRRP group become the master at the same time when the master in the VRRP group fails.

Skew_Time is not configurable and its value depends on the version of VRRP:

·          In VRRPv2 (described in RFC 3768), Skew_Time is (256 – Router priority)/256.

·          In VRRPv3 (described in RFC 5798), Skew_Time is ((256 – Router priority) × VRRP advertisement interval)/256.

VRRP advertisement interval

The master in a VRRP group periodically sends VRRP advertisements to declare its presence.

You can configure the interval at which the master sends VRRP advertisements. If a backup does not receive a new VRRP advertisement from the master when the timer (3 × VRRP advertisement interval + Skew_Time) expires, it regards that the master has failed and takes over as the master.

VRRP preemption delay timer

You can configure the VRRP preemption delay timer to avoid frequent state changes among members in a VRRP group and provide the backups enough time to collect information (such as routing information). In preempt mode, a backup does not immediately become the master after it receives an advertisement with lower priority than the local priority. Instead, it waits for a period of time (preemption delay time + Skew_Time) before taking over as the master.

Master election

Routers in a VRRP group determine their roles by priority. When a router joins a VRRP group, it has a backup role. The router role changes according to the following situations:

·          If the backup does not receive any VRRP advertisement when the timer (3 × advertisement interval + Skew_Time) expires, it becomes the master.

·          If the backup receives a VRRP advertisement with a greater or the same priority within the timer (3 × advertisement interval + Skew_Time), it remains a backup.

·          If the backup receives a VRRP advertisement with a smaller priority within the timer (3 × advertisement interval + Skew_Time), it remains a backup when operating in non-preemptive mode, or becomes the master when operating in preemptive mode.

The elected master starts a VRRP advertisement interval to periodically send VRRP advertisements to notify the backups that it is operating correctly. Each of the backups starts a timer to wait for advertisements from the master.

After a backup receives a VRRP advertisement, it compares only the priority in the packet with its own priority.

When multiple routers in a VRRP group declare that they are the master because of network problems, the one with the highest priority becomes the master. If two routers have the same priority, the one with the highest IP address becomes the master.

VRRP tracking

To enable VRRP tracking, configure the routers in the VRRP group to operate in preemptive mode first, so that only the router with the highest priority operates as the master for packet forwarding. For more information about track entries, see High Availability Configuration Guide.

The VRRP tracking function uses network quality analyzer (NQA) or bidirectional forwarding detection (BFD) to monitor the state of the master, and establishes the collaboration between the VRRP device state and NQA or BFD through the track function. It implements the following:

·          Monitors the upstream link and changes the priority of the router according to the state of the link. If the upstream link fails, the hosts on the subnet cannot access external networks through the router and the state of the track entry becomes Negative. The priority of the master decreases by a specified value. Then, a router with a higher priority in the VRRP group becomes the master to maintain the proper communication between the hosts on the subnet and external networks.

·          Monitors the state of the master on the backups. When the master fails, a backup immediately takes over as the master to ensure uninterrupted communication.

When the track entry changes from Negative to Positive or Notready, the router automatically restores its priority. For more information about track entries, see "Configuring Track."

VRRP application

Master/backup

In master/backup mode, only the master forwards packets, as shown in Figure 3. When the master fails, a new master is elected from among the backups. This mode requires only one VRRP group, and each router in the group has a different priority. The one with the highest priority becomes the master.

Figure 3 VRRP in master/backup mode

 

Assume that Router A is acting as the master to forward packets to external networks, and Router B and Router C are backups in listening state. When Router A fails, Router B and Router C elect a new master to forward packets for hosts on the subnet.

Load sharing

A router can join multiple VRRP groups and has different priorities in different VRRP groups, and it can act as the master in one VRRP group and a backup in another.

In load sharing mode, multiple VRRP groups provide gateway services. This mode requires at least two VRRP groups, and each group has one master and multiple backups. The master roles in the VRRP groups are assumed by different routers, as shown in Figure 4.

Figure 4 Load sharing of VRRP

 

A router can be in multiple VRRP groups and have a different priority in each group.

As shown in Figure 4, the following VRRP groups are present:

·          VRRP group 1—Router A is the master. Router B and Router C are the backups.

·          VRRP group 2—Router B is the master. Router A and Router C are the backups.

·          VRRP group 3—Router C is the master. Router A and Router B are the backups.

To implement load sharing among Router A, Router B, and Router C, perform the following tasks:

·          Configure the virtual IP addresses of VRRP group 1, 2, and 3 as default gateway IP addresses for hosts on the subnet.

·          Assign the highest priority to Router A, B, and C in VRRP group 1, 2, and 3, respectively.

VRRP load balancing mode

Only the FX and FE cards support the VRRP load balancing mode.

In a standard-mode VRRP group, only the master can forward packets and backups are in listening state. You can create multiple VRRP groups to share traffic, but you must configure different gateways for hosts on the subnet.

In load balancing mode, a VRRP group maps its virtual IP address to multiple virtual MAC addresses, assigning one virtual MAC address to each member router. Every router in this VRRP group can forward traffic and respond to IPv4 ARP requests or IPv6 ND requests from hosts. Because their virtual MAC addresses are different, traffic from hosts is distributed across the VRRP group members. Load balancing mode simplifies configuration and improves forwarding efficiency.

VRRP load balancing mode uses the same master election, preemption, and tracking mechanisms as the standard mode, and adds new mechanisms as described in the following sections.

Virtual MAC address assignment

In load balancing mode, the master assigns virtual MAC addresses to routers in the VRRP group and uses different MAC addresses to respond to ARP requests or ND requests from different hosts. The backup routers, however, do not answer ARP requests or ND requests from hosts.

In an IPv4 network, a load balanced VRRP group works as follows:

1.        The master assigns virtual MAC addresses to all member routers, including itself. This example assumes that the virtual IP address of the VRRP group is 10.1.1.1/24, Router A is the master, and Router B is the backup. Router A assigns 000f-e2ff-0011 for itself and 000f-e2ff-0012 for Router B. See Figure 5.

Figure 5 Virtual MAC address assignment

 

2.        When an ARP request arrives, the master (Router A) selects a virtual MAC address based on the load balancing algorithm to answer the ARP request. In this example, Router A returns the virtual MAC address of itself in response to the ARP request from Host A, and returns the virtual MAC address of Router B in response to the ARP request from Host B. See Figure 6.

Figure 6 Answering ARP requests

 

3.        Each host sends packets to the returned MAC address. As shown in Figure 7, Host A sends packets to Router A and Host B sends packets to Router B.

Figure 7 Sending packets to different routers for forwarding

 

Virtual forwarder

Virtual forwarder creation

Virtual MAC addresses enable traffic distribution across routers in a VRRP group. To enable routers in the VRRP group to forward packets, VFs must be created on them. Each VF is associated with a virtual MAC address in the VRRP group and forwards packets that are sent to this virtual MAC address.

VFs are created on routers in a VRRP group, as follows:

1.        The master assigns virtual MAC addresses to all routers in the VRRP group. Each member router creates a VF for this MAC address and becomes the owner of this VF.

2.        Each VF owner advertises its VF information to the other member routers.

3.        After receiving the VF advertisement, each of the other routers creates the advertised VF.

Eventually, every member router maintains one VF for each virtual MAC address in the VRRP group.

VF weight and priority

The weight of a VF indicates the forwarding capability of a VF. A higher weight means higher forwarding capability. When the weight is lower than the lower limit of failure, the VF cannot forward packets.

The priority of a VF determines the VF state. Among the VFs created on different member routers for the same virtual MAC address, the VF with the highest priority, known as the active virtual forwarder (AVF), is in active state to forward packets. All other VFs listen to the state of the AVF and are known as the listening virtual forwarders (LVFs). VF priority is in the range of 0 to 255, where 255 is reserved for the VF owner. When the weight of a VF owner is higher than or equal to the lower limit of failure, the priority of the VF owner is 255.

The priority of a VF is calculated based on its weight.

·          On the router that owns the VF, if the weight of the VF is higher than or equal to the lower limit of failure, the priority of the VF is 255.

·          On a router that does not own the VF, if the weight of the VF is higher than or equal to the lower limit of failure, the priority of the VF is calculated as weight/(number of local AVFs +1).

·          If the weight of the VF is lower than the lower limit of failure, the priority of the VF is 0.

VF backup

The VFs corresponding to a virtual MAC address on different routers in the VRRP group back up one another.

Figure 8 VF information

 

Figure 8 shows the VF table on each router in the VRRP group and how the VFs back up one another. The master, Router A, assigns virtual MAC addresses 000f-e2ff-0011, 000f-e2ff-0012, and 000f-e2ff-0013 to itself, Router B, and Router C; and each router creates VF 1, VF 2, and VF 3, respectively, for the virtual MAC addresses. The VFs for the same virtual MAC address on different routers back up one another. For example, the VF 1 instances on Router A, Router B, and Router C back up one another.

·          The VF 1 instance on Router A (the VF 1 owner) has priority 255 and acts as the AVF to forward packets sent to virtual MAC address 000f-e2ff-0011.

·          The VF 1 instances on Router B and Router C have a priority of 255/(1 + 1), or 127. Because their priorities are lower than the priority of the VF 1 instance on Router A, they act as LVFs to listen to the state of the VF 1 instance on Router A.

·          When the VF 1 instance on Router A fails, the VF 1 instances on Router B and Router C elect the one with higher priority as the new AVF to forward packets destined for virtual MAC address 000f-e2ff-0011. If the two LVFs' priorities are the same, the LVF with a greater device MAC address becomes the new AVF.

A VF always operates in preemptive mode. When an LVF finds its priority value higher than the one advertised by the AVF, the LVF declares itself as the AVF.

VF timers

When the AVF on a router fails, the new AVF on another router creates a redirect timer and a timeout timer for the failed AVF, as follows:

·          Redirect timer—Before this timer expires, the master still uses the virtual MAC address corresponding to the failed AVF to respond to ARP/ND requests from hosts. The VF owner can share traffic load if the VF owner resumes normal operation within this time. When this timer expires, the master stops using the virtual MAC address corresponding to the failed AVF to respond to ARP/ND requests from hosts.

·          Timeout timer—The duration after which the new AVF takes over responsibilities of the failed VF owner. Before this timer expires, all routers in the VRRP group keep the VFs that correspond to the failed AVF. The new AVF forwards packets destined for the virtual MAC address of the failed AVF. When this timer expires, all routers in the VRRP group remove the VFs that correspond to the failed AVF, including the new AVF. Packets destined for the virtual MAC address of the failed AVF are not forwarded any longer.

VF tracking

An AVF forwards packets destined for the MAC address of the AVF. If the upstream link of the AVF fails but no LVF takes over the AVF role, the hosts on the subnet that use the MAC address of the AVF as their gateway MAC address cannot access the external network.

The VF tracking function can solve this problem. You can use NQA or BFD to monitor the upstream link state of the VF owner, and establish the collaboration between the VFs and NQA or BFD through the tracking function. When the upstream link fails, the state of the track entry changes to Negative, and the weights of the VFs (including the AVF) on the router decrease by a specified value. The corresponding LVF with a higher priority on another router becomes the AVF and forwards packets.

The VF tracking function can also work on an LVF to monitor its corresponding AVF on another router. When the AVF fails, the LVF immediately takes over to ensure uninterrupted network communications.

Protocols and standards

·          RFC 3768, Virtual Router Redundancy Protocol (VRRP)

·          RFC 5798, Virtual Router Redundancy Protocol (VRRP) Version 3 for IPv4 and IPv6

Configuring IPv4 VRRP

This section describes how to configure IPv4 VRRP.

IPv4 VRRP configuration task list

Tasks at a glance

Remarks

(Required.) Specifying an IPv4 VRRP operating mode

N/A

(Optional.) Specifying the IPv4 VRRP version

N/A

(Required.) Creating a VRRP group and assigning a virtual IP address

N/A

(Optional.) Configuring the router priority, preemptive mode, and tracking function

N/A

(Optional.) Configuring IPv4 VRRP packet attributes

N/A

(Optional.) Configuring VF tracking

This configuration takes effect only in VRRP load balancing mode.

(Optional.) Enabling SNMP notifications for VRRP

N/A

(Optional.) Disabling an IPv4 VRRP group

N/A

 

Specifying an IPv4 VRRP operating mode

A VRRP group can operate in either of the following modes:

·          Standard mode—Only the master can forward packets.

·          Load balancing mode—All members that have an AVF can forward packets.

After an IPv4 VRRP operating mode is configured on a router, all IPv4 VRRP groups on the router operate in the specified operating mode.

To specify an IPv4 VRRP operating mode:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Specify an IPv4 VRRP operating mode.

·         Specify the standard mode:
undo vrrp mode

·         Specify the load balancing mode:
vrrp mode load-balance [ version-8 ]

By default, VRRP operates in standard mode.

 

Specifying the IPv4 VRRP version

The VRRP version on all routers in an IPv4 VRRP group must be the same.

To specify the version of IPv4 VRRP:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Specify the version of VRRP.

vrrp version version-number

By default, VRRPv3 is used.

 

Creating a VRRP group and assigning a virtual IP address

A VRRP group can operate correctly after you create it and assign at least one virtual IP address to it. You can configure multiple virtual IP addresses for the VRRP group on an interface that connects to multiple subnets for router backup on different subnets.

Configuration guidelines

·          The value range for VRRP group number varies by card and VRRP operating mode.

 

Cards

VRRP operating mode

Value range

FC cards

VRRP standard mode.

NOTE:

VRRP load balancing mode is not supported on FC cards.

The valid value range is 1 to 7.

FE and FX cards

VRRP standard mode.

The valid value range is 1 to 255. A device can have a maximum of 8 VRRP groups with different virtual router IDs.

VRRP load balancing mode.

The valid value range is 1 to 255. The maximum number of VRRP groups with different virtual router IDs on a device multiplied by the maximum number of VFs among all VRRP groups cannot be larger than 8.

 

·          When VRRP is operating in standard mode, the virtual IP address of a VRRP group can be either an unused IP address on the subnet where the VRRP group resides or the IP address of an interface on a router in the VRRP group.

·          In load balancing mode, the virtual IP address of a VRRP group can be any unassigned IP address of the subnet where the VRRP group resides, rather than the IP address of any interface in the VRRP group. No IP address owner can exist in a VRRP group.

·          When a router is the IP address owner in a VRRP group, do not configure the network command on the interface to use the IP address of the interface, or the virtual IP address of the VRRP group, to establish a neighbor relationship with the adjacent router. For more information about the network command, see Layer 3—IP Routing Command Reference.

·          If you create an IPv4 VRRP group but do not assign any virtual IP address for it, the VRRP group stays in inactive state and does not function.

·          Removal of the VRRP group on the IP address owner causes IP address collision. To avoid the collision, change the IP address of the interface on the IP address owner before you remove the VRRP group from the interface.

·          The virtual IP addresses of an IPv4 VRRP group and the IP address of the downlink interface of the VRRP group must be in the same subnet. Otherwise, the hosts in the subnet cannot access external networks.

Configuration procedure

To create a VRRP group and assign a virtual IP address:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Create a VRRP group and assign a virtual IP address.

vrrp vrid virtual-router-id virtual-ip virtual-address

By default, no VRRP group exists.

 

Configuring the router priority, preemptive mode, and tracking function

The router priority determines which router in the VRRP group serves as the master. The preemptive mode enables a backup to take over as the master when it detects that it has a higher priority than the current master. The tracking function decreases the router priority or enables the backup to take over as the master when the state of the monitored track entry transits to Negative.

Configuration guidelines

·          The running priority of an IP address owner is always 255, and you do not need to configure it. An IP address owner always operates in preemptive mode.

·          If you configure the vrrp vrid track priority reduced or vrrp vrid track switchover command on an IP address owner, the configuration does not take effect until the router becomes a non IP address owner.

Configuration procedure

To configure the router priority, preemptive mode, and tracking function:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Set the priority of the router in the VRRP group.

vrrp vrid virtual-router-id priority priority-value

The default setting is 100.

4.       Enable the preemptive mode for the router in a VRRP group and set the preemption delay.

vrrp vrid virtual-router-id preempt-mode [ delay delay-value ]

By default, the router in a VRRP group operates in preemptive mode and the preemption delay is 0 centiseconds, which means an immediate preemption.

5.       Associate a VRRP group with a track entry.

vrrp vrid virtual-router-id track track-entry-number { forwarder-switchover member-ip ip-address | priority reduced [ priority-reduced ] | switchover | weight reduced [ weight-reduced ] }

By default, a VRRP group is not associated with any track entry.

 

Configuring IPv4 VRRP packet attributes

Configuration guidelines

·          You can configure different authentication modes and authentication keys for VRRP groups on an interface. However, members of the same VRRP group must use the same authentication mode and authentication key.

·          In VRRPv2, all routers in a VRRP group must have the same VRRP advertisement interval.

·          In VRRPv3, authentication mode and authentication key settings do not take effect.

·          In VRRPv3, routers in an IPv4 VRRP group can have different intervals for sending VRRP advertisements. The master in the VRRP group sends VRRP advertisements at specified intervals, and carries the interval in the advertisements. After a backup receives the advertisement, it records the interval in the advertisement. If the backup does not receive a new VRRP advertisement from the master when the timer (3 x recorded interval + Skew_Time) expires, it regards the master as failed and takes over as the new master.

Configuration procedure

To configure VRRP packet attributes:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Configure the authentication mode and authentication key for an IPv4 VRRP group to send and receive VRRP packets.

vrrp vrid virtual-router-id authentication-mode { md5 | simple } { cipher | plain } key

By default, authentication is disabled.

4.       Set the interval at which the master in an IPv4 VRRP group sends VRRP advertisements.

vrrp vrid virtual-router-id timer advertise adver-interval

The default setting is 100 centiseconds.

As a best practice to maintain system stability, set the VRRP advertisement interval to be greater than 100 centiseconds.

5.       Specify the source interface for receiving and sending VRRP packets.

vrrp vrid virtual-router-id source-interface interface-type interface-number

By default, the source interface for receiving and sending VRRP packets is not specified. The interface where the VRRP group resides sends and receives VRRP packets.

6.       Enable TTL check for IPv4 VRRP packets.

vrrp check-ttl enable

By default, TTL check for IPv4 VRRP packets is enabled.

7.       Return to system view.

quit

N/A

8.       Set a DCSP value for VRRP packets.

vrrp dscp dscp-value

The DSCP value identifies the packet priority during transmission.

By default, the DCSP value for VRRP packets is 48.

 

Configuring VF tracking

You can configure VF tracking in both standard mode and load balancing mode, but the function takes effect only in load balancing mode.

In load balancing mode, you can establish the collaboration between the VFs and NQA or BFD through the tracking function. When the state of the track entry transits to Negative, the weights of all VFs in the VRRP group on the router decrease by a specific value. When the state of the track entry transits to Positive or Notready, the original weight values of the VFs restore. If you configure the VF tracking function on an LVF to monitor its corresponding AVF on a specified router, the LVF can take over immediately when the status of the track entry becomes negative, to ensure uninterrupted network communications.

Configuration guidelines

·          By default, the weight of a VF is 255, and its lower limit of failure is 10.

·          When the weight of a VF owner is higher than or equal to the lower limit of failure, its priority is always 255 and does not change with the weight. To guarantee that an LVF can take over the VF owner as the AVF when the upstream link of the VF owner fails, the reduced weight for the VF owner must be higher than 245 so the weight of the VF owner can drop below the lower limit of failure.

Configuration procedure

To configure VF tracking:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Configure the VFs in a VRRP group to monitor a track entry.

vrrp vrid virtual-router-id track track-entry-number { forwarder-switchover member-ip ip-address | priority reduced [ priority-reduced ] | switchover | weight reduced [ weight-reduced ] }

By default, the VF tracking function is not configured.

 

Enabling SNMP notifications for VRRP

Perform this task to enable VRRP to report important events through notifications to the SNMP module. The SNMP module determines how to output the notifications according to the configured output rules. For more information about notifications, see Network Management and Monitoring Configuration Guide.

To enable SNMP notifications for VRRP:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enable SNMP notifications for VRRP.

snmp-agent trap enable vrrp [ auth-failure | new-master ]

By default, SNMP notifications for VRRP are enabled.

 

Disabling an IPv4 VRRP group

You can temporarily disable an IPv4 VRRP group. After being disabled, the VRRP group stays in initialized state, and its configurations remain unchanged. You can change the configuration of a VRRP group when the VRRP group is disabled. Your changes take effect when you enable the VRRP group again.

To disable an IPv4 VRRP group:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Disable a VRRP group.

vrrp vrid virtual-router-id shutdown

By default, a VRRP group is enabled.

 

Displaying and maintaining IPv4 VRRP

Execute display commands in any view and the reset command in user view.

 

Task

Command

Display the states of IPv4 VRRP groups.

display vrrp [ interface interface-type interface-number [ vrid virtual-router-id ] ] [ verbose ]

Display statistics for IPv4 VRRP groups.

display vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]

Clear statistics for IPv4 VRRP groups.

reset vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]

 

Configuring IPv6 VRRP

This section describes how to configure IPv6 VRRP.

IPv6 VRRP configuration task list

Tasks at a glance

Remarks

(Required.) Specifying an IPv6 VRRP operating mode

N/A

(Required.) Creating a VRRP group and assigning a virtual IPv6 address

N/A

(Optional.) Configuring the router priority, preemptive mode, and tracking function

N/A

(Optional.) Configuring VF tracking

This configuration takes effect only in VRRP load balancing mode.

(Optional.) Configuring IPv6 VRRP packet attributes

N/A

(Optional.) Disabling an IPv6 VRRP group

N/A

 

Specifying an IPv6 VRRP operating mode

A VRRP group can operate in either of the following modes:

·          Standard mode—Only the master can forward packets.

·          Load balancing mode—All members that have an AVF can forward packets.

After the IPv6 VRRP operating mode is specified on a router, all IPv6 VRRP groups on the router operate in the specified operating mode.

To specify an IPv6 VRRP operating mode:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Specify an IPv6 VRRP operating mode.

·         Specify the standard mode:
undo vrrp ipv6 mode

·         Specify the load balancing mode:
vrrp ipv6 mode load-balance

By default, VRRP operates in standard mode.

 

Creating a VRRP group and assigning a virtual IPv6 address

A VRRP group can operate correctly after you create it and assign a minimum of one virtual IPv6 address for it. You can configure multiple virtual IPv6 addresses for the VRRP group on an interface that connects to multiple subnets for router backup.

Configuration guidelines

·          Do not create VRRP groups on the VLAN interface of a super VLAN. Otherwise, network performance might be adversely affected.

·          On an IP address owner, as a best practice, do not use the ospfv3 area command to enable OSPF on the interface owning the virtual IPv6 address of the VRRP group. For more information about the ospfv3 area command, see Layer 3—IP Routing Command Reference.

·          In load balancing mode, the virtual IPv6 address of a VRRP group cannot be the same as the IPv6 address of any interface in the VRRP group.

·          In VRRP load balancing mode, the device supports a maximum of MaxVRNum/N VRRP groups. MaxVRNum refers to the maximum number of VRRP groups supported by the device in VRRP standard mode. N refers to the number of devices in the VRRP group.

·          An IPv6 VRRP group without virtual IPv6 addresses configured can exist on a device provided that other settings (for example, priority and preemption mode) are available. Such a VRRP group stays in inactive state and does not function.

·          Removal of the VRRP group on the IP address owner causes IP address collision. To avoid the collision, change the IPv6 address of the interface on the IP address owner before you remove the VRRP group from the interface.

·          The virtual IPv6 address of an IPv6 VRRP group and the downlink interface IPv6 address of the VRRP group must be in the same subnet. Otherwise, the hosts in the subnet might fail to access external networks.

Configuration procedure

To create a VRRP group and assign a virtual IPv6 address:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Create a VRRP group and assign a virtual IPv6 address, which is a link-local address.

vrrp ipv6 vrid virtual-router-id virtual-ip virtual-address link-local

By default, no VRRP groups exist.

The first virtual IPv6 address that you assign to an IPv6 VRRP group must be a link-local address. It must be the last address you remove. Only one link-local address is allowed in a VRRP group.

4.       (Optional.) Assign the VRRP group a virtual IPv6 address, which is a global unicast address.

vrrp ipv6 vrid virtual-router-id virtual-ip virtual-address

By default, no global unicast address is assigned to an IPv6 VRRP group.

 

Configuring the router priority, preemptive mode, and tracking function

Configuration guidelines

·          The running priority of an IP address owner is always 255, and you do not need to configure it. An IP address owner always operates in preemptive mode.

·          If you configure the vrrp ipv6 vrid track priority reduced or vrrp ipv6 vrid track switchover command on an IP address owner, the configuration does not take effect until the router becomes a non-IP address owner.

·          When the track entry changes from Negative to Positive or Notready, the router automatically restores its priority or the failed master router becomes the master again.

Configuration procedure

To configure the router priority, preemptive mode, and tracking function:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Set the priority of the router in the VRRP group.

vrrp ipv6 vrid virtual-router-id priority priority-value

The default setting is 100.

4.       Enable the preemptive mode for the router in a VRRP group and set the preemption delay.

vrrp ipv6 vrid virtual-router-id preempt-mode [ delay delay-value ]

By default, the router in a VRRP group operates in preemptive mode and the preemption delay is 0 centiseconds, which means an immediate preemption.

5.       Associate a VRRP group with a track entry.

vrrp ipv6 vrid virtual-router-id track track-entry-number { forwarder-switchover member-ip ipv6-address | priority reduced [ priority-reduced ] | switchover | weight reduced [ weight-reduced ] }

By default, a VRRP group is not associated with any track entry.

 

Configuring VF tracking

You can configure VF tracking in both standard mode and load balancing mode, but the function takes effect only in load balancing mode.

In load balancing mode, you can configure the VFs in a VRRP group to monitor a track entry. When the state of the track entry transits to Negative, the weights of all VFs in the VRRP group on the router decrease by a specific value. When the state of the track entry transits to Positive or Notready, the original weights of the VFs restore.

Configuration guidelines

·          By default, the weight of a VF is 255, and its lower limit of failure is 10.

·          When the weight of a VF owner is higher than or equal to the lower limit of failure, its priority is always 255. The priority does not change with the weight. When the upstream link of the VF owner fails, an LVF must take over as the AVF. The switchover happens when the weight of the VF owner drops below the lower limit of failure. This requires that the reduced weight for the VF owner be higher than 245.

Configuration procedure

To configure VF tracking:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Configure the VFs in a VRRP group to monitor a track entry.

vrrp ipv6 vrid virtual-router-id track track-entry-number { forwarder-switchover member-ip ipv6-address | priority reduced [ priority-reduced ] | switchover | weight reduced [ weight-reduced ] }

By default, no track entry is specified.

 

Configuring IPv6 VRRP packet attributes

This section describes how to configure IPv6 VRRP packet attributes.

Configuration guidelines

·          The routers in an IPv6 VRRP group can have different intervals for sending VRRP advertisements. The master in the VRRP group sends VRRP advertisements at the specified interval and carries the interval attribute in the advertisements. After a backup receives the advertisement, it records the interval in the advertisement. If the backup does not receive a VRRP advertisement before the timer (3 x recorded interval + Skew_Time) expires, it regards the master as failed and takes over.

·          A high volume of network traffic might cause a backup to fail to receive VRRP advertisements from the master within the specified time. As a result, an unexpected master switchover occurs. To solve this problem, configure a larger interval.

Configuration procedure

To configure the IPv6 VRRP packet attribute:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Set the IPv6 VRRP advertisement interval.

vrrp ipv6 vrid virtual-router-id timer advertise adver-interval

The default setting is 100 centiseconds.

As a best practice to maintain system stability, set the VRRP advertisement interval to be greater than 100 centiseconds.

4.       Return to system view.

quit

N/A

5.       Set a DSCP value for IPv6 VRRP packets.

vrrp ipv6 dscp dscp-value

The DSCP value identifies the packet priority during transmission.

By default, the DSCP value for IPv6 VRRP packets is 56.

 

Disabling an IPv6 VRRP group

You can temporarily disable an IPv6 VRRP group. After being disabled, the VRRP group stays in Initialize state, and its configurations remain unchanged. You can change the configuration of a VRRP group when it is disabled. Your changes take effect when you enable the VRRP group again.

To disable an IPv6 VRRP group:

 

Step

Command

Remarks

1.       Enter system view.

system-view

N/A

2.       Enter interface view.

interface interface-type interface-number

N/A

3.       Disable an IPv6 VRRP group.

vrrp ipv6 vrid virtual-router-id shutdown

By default, an IPv6 VRRP group is enabled.

 

Displaying and maintaining IPv6 VRRP

Execute display commands in any view and the reset command in user view.

 

Task

Command

Display the states of IPv6 VRRP groups.

display vrrp ipv6 [ interface interface-type interface-number [ vrid virtual-router-id ] ] [ verbose ]

Display statistics for IPv6 VRRP groups.

display vrrp ipv6 statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]

Clear statistics for IPv6 VRRP groups.

reset vrrp ipv6 statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ]

 

IPv4 VRRP configuration examples

This section provides examples of configuring IPv4 VRRP applications on switches.

Single VRRP group configuration example

This section provides an example of configuring a single VRRP group on switches.

Network requirements

Switch A and Switch B form a VRRP group and use the virtual IP address 10.1.1.111/24 to provide gateway service for the subnet where Host A resides, as shown in Figure 9.

Switch A operates as the master to forward packets from Host A to Host B. When Switch A fails, Switch B takes over to forward packets for Host A.

Figure 9 Network diagram

 

Configuration procedure

1.        Configure Switch A:

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port fortygige 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 10.1.1.1 255.255.255.0

# Create VRRP group 1 on VLAN-interface 2, and set its virtual IP address to 10.1.1.111.

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.111

# Assign Switch A a higher priority than Switch B in VRRP group 1, so Switch A can become the master.

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110

# Configure Switch A to operate in preemptive mode, so it can become the master whenever it operates correctly, and set the preemption delay to 500 centiseconds to avoid frequent status switchover.

[SwitchA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500

2.        Configure Switch B:

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-Vlan2] port fortygige 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address 10.1.1.2 255.255.255.0

# Create VRRP group 1 on VLAN-interface 2, and set its virtual IP address to 10.1.1.111.

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.111

# Set the priority of Router B to 100 in VRRP group 1.

[SwitchB-Vlan-interface2] vrrp vrid 1 priority 100

# Configure Switch B to operate in preemptive mode, and set the preemption delay to 500 centiseconds.

[SwitchB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500

3.        Verify the configuration:

# Ping Host B from Host A. (Details not shown.)

# Display detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : 10.1.1.111

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.1

# Display detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 401ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.111

     Master IP      : 10.1.1.1

The output shows that Switch A is operating as the master in VRRP group 1 to forward packets from Host A to Host B.

# Disconnect the link between Host A and Switch A, and verify that Host A can still ping Host B. (Details not shown.)

# Display detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : 10.1.1.111

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.2

The output shows that when Switch A fails, Switch B takes over to forward packets from Host A to Host B.

# Recover the link between Host A and Switch A, and display detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : 10.1.1.111

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.1

The output shows that after Switch A resumes normal operation, it becomes the master to forward packets from Host A to Host B.

Multiple VRRP groups configuration example

This section provides an example of configuring multiple VRRP groups on switches.

Network requirements

Switch A and Switch B form two VRRP groups. VRRP group 1 uses the virtual IP address 10.1.1.100/25 to provide gateway service for hosts in VLAN 2, and VRRP group 2 uses the virtual IP address 10.1.1.200/25 to provide gateway service for hosts in VLAN 3, as shown in Figure 10.

Assign a higher priority to Switch A than Switch B in VRRP group 1, but a lower priority in VRRP group 2, to distribute the traffic from VLAN 2 and VLAN 3 between the two switches. When one of the switches fails, the healthy switch provides gateway service for both VLANs.

Figure 10 Network diagram

 

Configuration procedure

1.        Configure Switch A:

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port fortygige 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 10.1.1.1 255.255.255.128

# Create VRRP group 1, and set its virtual IP address to 10.1.1.100.

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.100

# Assign Switch A a higher priority than Switch B in VRRP group 1, so Switch A can become the master in the group.

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110

[SwitchA-Vlan-interface2] quit

# Configure VLAN 3.

[SwitchA] vlan 3

[SwitchA-vlan3] port fortygige 1/0/6

[SwitchA-vlan3] quit

[SwitchA] interface vlan-interface 3

[SwitchA-Vlan-interface3] ip address 10.1.1.130 255.255.255.128

# Create VRRP group 2, and set its virtual IP address to 10.1.1.200.

[SwitchA-Vlan-interface3] vrrp vrid 2 virtual-ip 10.1.1.200

2.        Configure Switch B:

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port fortygige 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address 10.1.1.2 255.255.255.128

# Create VRRP group 1, and set its virtual IP address to 10.1.1.100.

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.100

[SwitchB-Vlan-interface2] quit

# Configure VLAN 3.

[SwitchB] vlan 3

[SwitchB-vlan3] port fortygige 1/0/6

[SwitchB-vlan3] quit

[SwitchB] interface vlan-interface 3

[SwitchB-Vlan-interface3] ip address 10.1.1.131 255.255.255.128

# Create VRRP group 2, and set its virtual IP address to 10.1.1.200.

[SwitchB-Vlan-interface3] vrrp vrid 2 virtual-ip 10.1.1.200

# Assign Switch B a higher priority than Switch A in VRRP group 2, so Switch B can become the master in the group.

[SwitchB-Vlan-interface3] vrrp vrid 2 priority 110

3.        Verify the configuration:

# Display detailed information about the VRRP groups on Switch A.

[SwitchA-Vlan-interface3] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 2

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.100

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.1

 

   Interface Vlan-interface3

     VRID           : 2                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Become Master  : 203ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.200

     Master IP      : 10.1.1.131

# Display detailed information about the VRRP groups on Switch B.

[SwitchB-Vlan-interface3] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 2

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Become Master  : 211ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.100

     Master IP      : 10.1.1.1

 

   Interface Vlan-interface3

     VRID           : 2                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.200

     Virtual MAC    : 0000-5e00-0102

     Master IP      : 10.1.1.131

The output shows that Switch A is operating as the master in VRRP group 1 to forward Internet traffic for hosts that use the default gateway 10.1.1.100/25, and Switch B is operating as the master in VRRP group 2 to forward Internet traffic for hosts that use the default gateway 10.1.1.200/25.

VRRP load balancing configuration example

Network requirements

Switch A, Switch B, and Switch C form a load-balanced VRRP group and use the virtual IP address 10.1.1.1/24 to provide gateway service for subnet 10.1.1.0/24, as shown in Figure 11.

Configure VFs on Switch A, Switch B, and Switch C to monitor their respective VLAN-interface 3. When the interface on any one of them fails, the weights of the VFs on the problematic switch decrease so another AVF can take over.

Figure 11 Network diagram

 

Configuration procedure

1.        Configure Switch A:

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port fortygige 1/0/5

[SwitchA-vlan2] quit

# Configure VRRP to operate in load balancing mode.

[SwitchA] vrrp mode load-balance

# Create VRRP group 1, and set its virtual IP address to 10.1.1.1.

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 10.1.1.2 24

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1

# Assign Switch A the highest priority in VRRP group 1, so Switch A can become the master.

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 120

# Configure Switch A to operate in preemptive mode, so it can become the master whenever it operates correctly. Set the preemption delay to 500 centiseconds to avoid frequent status switchover.

[SwitchA-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500

[SwitchA-Vlan-interface2] quit

# Create track entry 1 to monitor the upstream link status of VLAN-interface 3. When the upstream link fails, the track entry transits to Negative.

[SwitchA] track 1 interface vlan-interface 3

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250

2.        Configure Switch B:

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port fortygige 1/0/5

[SwitchB-vlan2] quit

# Configure VRRP to operate in load balancing mode.

[SwitchB] vrrp mode load-balance

# Create VRRP group 1, and set its virtual IP address to 10.1.1.1.

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address 10.1.1.3 24

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1

# Assign Switch B a higher priority than Switch C in VRRP group 1, so Switch B can become the master when Switch A fails.

[SwitchB-Vlan-interface2] vrrp vrid 1 priority 110

# Configure Switch B to operate in preemptive mode, and set the preemption delay to 500 centiseconds.

[SwitchB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500

[SwitchB-Vlan-interface2] quit

# Create track entry 1 to monitor the upstream link status of VLAN-interface 3. When the upstream link fails, the track entry transits to Negative.

[SwitchB] track 1 interface vlan-interface 3

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250

3.        Configure Switch C:

# Configure VLAN 2.

<SwitchC> system-view

[SwitchC] vlan 2

[SwitchC-vlan2] port fortygige 1/0/5

[SwitchC-vlan2] quit

# Configure VRRP to operate in load balancing mode.

[SwitchC] vrrp mode load-balance

# Create VRRP group 1, and set its virtual IP address to 10.1.1.1.

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] ip address 10.1.1.4 24

[SwitchC-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1

# Configure Switch C to operate in preemptive mode, and set the preemption delay to 500 centiseconds.

[SwitchC-Vlan-interface2] vrrp vrid 1 preempt-mode delay 500

[SwitchC-Vlan-interface2] quit

# Create track entry 1 to monitor the upstream link status of VLAN-interface 3. When the upstream link fails, the traffic entry transits to Negative.

[SwitchC] track 1 interface vlan-interface 3

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] vrrp vrid 1 track 1 weight reduced 250

4.        Verify the configuration:

# Verify that Host A can ping the external network. (Details not shown.)

# Display detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Member IP List : 10.1.1.2 (Local, Master)

                      10.1.1.3 (Backup)

                      10.1.1.4 (Backup)

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Active

     Virtual MAC    : 000f-e2ff-0011 (Owner)

     Owner ID       : 0000-5e01-1101

     Priority       : 255

     Active         : local

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-0012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 127

     Active         : 10.1.1.3

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-0013 (Learnt)

     Owner ID       : 0000-5e01-1105

     Priority       : 127

     Active         : 10.1.1.4

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

# Display detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 410ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Member IP List : 10.1.1.3 (Local, Backup)

                      10.1.1.2 (Master)

                      10.1.1.4 (Backup)

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Listening

     Virtual MAC    : 000f-e2ff-0011 (Learnt)

     Owner ID       : 0000-5e01-1101

     Priority       : 127

     Active         : 10.1.1.2

    Forwarder 02

     State          : Active

     Virtual MAC    : 000f-e2ff-0012 (Owner)

     Owner ID       : 0000-5e01-1103

     Priority       : 255

     Active         : local

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-0013 (Learnt)

     Owner ID       : 0000-5e01-1105

     Priority       : 127

     Active         : 10.1.1.4

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

# Display detailed information about VRRP group 1 on Switch C.

[SwitchC-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 401ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Member IP List : 10.1.1.4 (Local, Backup)

                      10.1.1.2 (Master)

                      10.1.1.3 (Backup)

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Listening

     Virtual MAC    : 000f-e2ff-0011 (Learnt)

     Owner ID       : 0000-5e01-1101

     Priority       : 127

     Active         : 10.1.1.2

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-0012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 127

     Active         : 10.1.1.3

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-0013 (Owner)

     Owner ID       : 0000-5e01-1105

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

The output shows that Switch A is the master in VRRP group 1, and each of the three switches has one AVF and two LVFs.

# Disconnect the link of VLAN-interface 3 on Switch A, and display detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Member IP List : 10.1.1.2 (Local, Master)

                      10.1.1.3 (Backup)

                      10.1.1.4 (Backup)

   Forwarder Information: 3 Forwarders 0 Active

     Config Weight  : 255

     Running Weight : 5

    Forwarder 01

     State          : Initialize

     Virtual MAC    : 000f-e2ff-0011 (Owner)

     Owner ID       : 0000-5e01-1101

     Priority       : 0

     Active         : 10.1.1.4

    Forwarder 02

     State          : Initialize

     Virtual MAC    : 000f-e2ff-0012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 0

     Active         : 10.1.1.3

    Forwarder 03

     State          : Initialize

     Virtual MAC    : 000f-e2ff-0013 (Learnt)

     Owner ID       : 0000-5e01-1105

     Priority       : 0

     Active         : 10.1.1.4

   Forwarder Weight Track Information:

     Track Object   : 1          State : Negative   Weight Reduced : 250

# Display detailed information about VRRP group 1 on Switch C.

[SwitchC-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 401ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Member IP List : 10.1.1.4 (Local, Backup)

                      10.1.1.2 (Master)

                      10.1.1.3 (Backup)

   Forwarder Information: 3 Forwarders 2 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Active

     Virtual MAC    : 000f-e2ff-0011 (Take Over)

     Owner ID       : 0000-5e01-1101

     Priority       : 85

     Active         : local

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-0012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 85

     Active         : 10.1.1.3

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-0013 (Owner)

     Owner ID       : 0000-5e01-1105

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

The output shows that when VLAN-interface 3 on Switch A fails, the weights of the VFs on Switch A drop below the lower limit of failure. All VFs on Switch A transit to the Initialized state and cannot forward traffic. The VF for MAC address 000f-e2ff-0011 on Switch C becomes the AVF to forward traffic.

# When the timeout timer (about 1800 seconds) expires, display detailed information about VRRP group 1 on Switch C.

[SwitchC-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 402ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Member IP List : 10.1.1.4 (Local, Backup)

                      10.1.1.2 (Master)

                      10.1.1.3 (Backup)

   Forwarder Information: 2 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-0012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 127

     Active         : 10.1.1.3

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-0013 (Owner)

     Owner ID       : 0000-5e01-1105

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

The output shows that when the timeout timer expires, the VF for virtual MAC address 000f-e2ff-0011 is removed, and no longer forwards the packets destined for the MAC address.

# When Switch A fails, display detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : 10.1.1.1

     Member IP List : 10.1.1.3 (Local, Master)

                      10.1.1.4 (Backup)

   Forwarder Information: 2 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 02

     State          : Active

     Virtual MAC    : 000f-e2ff-0012 (Owner)

     Owner ID       : 0000-5e01-1103

     Priority       : 255

     Active         : local

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-0013 (Learnt)

     Owner ID       : 0000-5e01-1105

     Priority       : 127

     Active         : 10.1.1.4

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

The output shows that when Switch A fails, Switch B becomes the master because it has a higher priority than Switch C, and the VF for virtual MAC address 000f-e2ff-0011 is removed.

IPv6 VRRP configuration examples

Single VRRP group configuration example

Network requirements

As shown in Figure 12, Switch A and Switch B form a VRRP group. They use the virtual IP addresses 1::10/64 and FE80::10 to provide gateway service for the subnet where Host A resides.

Host A learns 1::10/64 as its default gateway from RA messages sent by the switches.

Switch A operates as the master to forward packets from Host A to Host B. When Switch A fails, Switch B takes over to forward packets for Host A.

Figure 12 Network diagram

 

Configuration procedure

1.        Configure Switch A:

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port gigabitethernet 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Assign Switch A a higher priority than Switch B in VRRP group 1, so Switch A can become the master.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# Configure Switch A to operate in preemptive mode, so it can become the master whenever it operates correctly. Set the preemption delay to 500 centiseconds to avoid frequent status switchover.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500

# Enable Switch A to send RA messages, so Host A can learn the default gateway address.

[SwitchA-Vlan-interface2] undo ipv6 nd ra halt

2.        Configure Switch B:

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port gigabitethernet 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

[SwitchB-Vlan-interface2] ipv6 address 1::2 64

# Create VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Configure Switch B to operate in preemptive mode, and set the preemption delay to 500 centiseconds.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500

# Enable Switch B to send RA messages, so Host A can learn the default gateway address.

[SwitchB-Vlan-interface2] undo ipv6 nd ra halt

Verifying the configuration

# Ping Host B from Host A. (Details not shown.)

# Display detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::1

# Display detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 403ms left

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Master IP      : FE80::1

The output shows that Switch A is operating as the master in VRRP group 1 to forward packets from Host A to Host B.

# Disconnect the link between Host A and Switch A, and verify that Host A can still ping Host B. (Details not shown.)

# Display detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::2

The output shows that when Switch A fails, Switch B takes over to forward packets from Host A to Host B.

# Recover the link between Host A and Switch A, and display detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::1

The output shows that after Switch A resumes normal operation, it becomes the master to forward packets from Host A to Host B.

Multiple VRRP groups configuration example

Network requirements

As shown in Figure 13, Switch A and Switch B form two VRRP groups. VRRP group 1 uses the virtual IPv6 addresses 1::10/64 and FE80::10 to provide gateway service for hosts in VLAN 2. VRRP group 2 uses the virtual IPv6 addresses 2::10/64 and FE90::10 to provide gateway service for hosts in VLAN 3.

From RA messages sent by the switches, hosts in VLAN 2 learn 1::10/64 as their default gateway. Hosts in VLAN 3 learn 2::10/64 as their default gateway.

Assign Switch A a higher priority than Switch B in VRRP group 1 but a lower priority in VRRP group 2. Traffic from VLAN 2 and VLAN 3 can then be distributed between the two switches. When one of the switches fails, the healthy switch provides gateway service for both VLANs.

Figure 13 Network diagram

 

Configuration procedure

1.        Configure Switch A:

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port gigabitethernet 1/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 to 1::10.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Assign Switch A a higher priority than Switch B in VRRP group 1, so Switch A can become the master in the group.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# Enable Switch A to send RA messages, so hosts in VLAN 2 can learn the default gateway address.

[SwitchA-Vlan-interface2] undo ipv6 nd ra halt

[SwitchA-Vlan-interface2] quit

# Configure VLAN 3.

[SwitchA] vlan 3

[SwitchA-vlan3] port gigabitethernet 1/0/6

[SwitchA-vlan3] quit

[SwitchA] interface vlan-interface 3

[SwitchA-Vlan-interface3] ipv6 address fe90::1 link-local

[SwitchA-Vlan-interface3] ipv6 address 2::1 64

# Create VRRP group 2, and set its virtual IPv6 addresses to FE90::10 and 2::10.

[SwitchA-Vlan-interface3] vrrp ipv6 vrid 2 virtual-ip fe90::10 link-local

[SwitchA-Vlan-interface3] vrrp ipv6 vrid 2 virtual-ip 2::10

# Enable Switch A to send RA messages, so hosts in VLAN 3 can learn the default gateway address.

[SwitchA-Vlan-interface3] undo ipv6 nd ra halt

2.        Configure Switch B:

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB-vlan2] port gigabitethernet 1/0/5

[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

[SwitchB-Vlan-interface2] ipv6 address 1::2 64

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Enable Switch B to send RA messages, so hosts in VLAN 2 can learn the default gateway address.

[SwitchB-Vlan-interface2] undo ipv6 nd ra halt

[SwitchB-Vlan-interface2] quit

# Configure VLAN 3.

[SwitchB] vlan 3

[SwitchB-vlan3] port gigabitethernet 1/0/6

[SwitchB-vlan3] quit

[SwitchB] interface vlan-interface 3

[SwitchB-Vlan-interface3] ipv6 address fe90::2 link-local

[SwitchB-Vlan-interface3] ipv6 address 2::2 64

# Create VRRP group 2, and set its virtual IPv6 addresses to FE90::10 and 2::10.

[SwitchB-Vlan-interface3] vrrp ipv6 vrid 2 virtual-ip fe90::10 link-local

[SwitchB-Vlan-interface3] vrrp ipv6 vrid 2 virtual-ip 2::10

# Assign Switch B a higher priority than Switch A in VRRP group 2, so Switch B can become the master in the group.

[SwitchB-Vlan-interface3] vrrp ipv6 vrid 2 priority 110

# Enable Switch B to send RA messages, so hosts in VLAN 3 can learn the default gateway address.

[SwitchB-Vlan-interface3] undo ipv6 nd ra halt

Verifying the configuration

# Display detailed information about the VRRP groups on Switch A.

[SwitchA-Vlan-interface3] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 2

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Virtual MAC    : 0000-5e00-0201

     Master IP      : FE80::1

 

   Interface Vlan-interface3

     VRID           : 2                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Become Master  : 402ms left

     Auth Type      : None

     Virtual IP     : FE90::10

                      2::10

     Master IP      : FE90::2

# Display detailed information about the VRRP groups on Switch B.

[SwitchB-Vlan-interface3] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 2

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 0

     Become Master  : 401ms left

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Master IP      : FE80::1

 

   Interface Vlan-interface3

     VRID           : 2                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 0

     Auth Type      : None

     Virtual IP     : FE90::10

                      2::10

     Virtual MAC    : 0000-5e00-0202

     Master IP      : FE90::2

The output shows the following information:

·          Switch A is operating as the master in VRRP group 1 to forward Internet traffic for hosts that use the default gateway 1::10/64.

·          Switch B is operating as the master in VRRP group 2 to forward Internet traffic for hosts that use the default gateway 2::10/64.

VRRP load balancing configuration example

Network requirements

As shown in Figure 14, Switch A, Switch B, and Switch C form a load balanced VRRP group. They use the virtual IPv6 addresses FE80::10 and 1::10 to provide gateway service for subnet 1::/64.

Hosts on subnet 1::/64 learn 1::10 as their default gateway from RA messages sent by the switches.

Configure VFs on Switch A, Switch B, or Switch C to monitor their respective VLAN-interface 3. When the interface on any of them fails, the weights of the VFs on the problematic switch decrease so another AVF can take over.

Figure 14 Network diagram

 

Configuration procedure

1.        Configure Switch A:

# Configure VLAN 2.

<SwitchA> system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port gigabitethernet 1/0/5

[SwitchA-vlan2] quit

# Configure VRRP to operate in load balancing mode.

[SwitchA] vrrp ipv6 mode load-balance

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Assign Switch A the highest priority in VRRP group 1, so Switch A can become the master.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 120

# Configure Switch A to operate in preemptive mode, so it can become the master whenever it operates correctly. Set the preemption delay to 500 centiseconds to avoid frequent status switchover.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500

# Enable Switch A to send RA messages, so hosts on subnet 1::/64 can learn the default gateway address.

[SwitchA-Vlan-interface2] undo ipv6 nd ra halt

[SwitchA-Vlan-interface2] quit

# Create track entry 1 to monitor the upstream link status of VLAN-interface 3. When the upstream link fails, the track entry transits to Negative.

[SwitchA] track 1 interface vlan-interface 3

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250

2.        Configure Switch B:

# Configure VLAN 2.

<SwitchB> system-view

[SwitchB] vlan 2

[SwitchB-vlan2] port gigabitethernet 1/0/5

[SwitchB-vlan2] quit

# Configure VRRP to operate in load balancing mode.

[SwitchB] vrrp ipv6 mode load-balance

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

[SwitchB-Vlan-interface2] ipv6 address 1::2 64

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Assign Switch B a higher priority than Switch C in VRRP group 1, so Switch B can become the master when Switch A fails.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# Configure Switch B to operate in preemptive mode, and set the preemption delay to 500 centiseconds.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500

# Enable Switch B to send RA messages so hosts on subnet 1::/64 can learn the default gateway address.

[SwitchB-Vlan-interface2] undo ipv6 nd ra halt

[SwitchB-Vlan-interface2] quit

# Create track entry 1 to monitor the upstream link status of VLAN-interface 3. When the upstream link fails, the track entry transits to Negative.

[SwitchB] track 1 interface vlan-interface 3

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250

3.        Configure Switch C:

# Configure VLAN 2.

<SwitchC> system-view

[SwitchC] vlan 2

[SwitchC-vlan2] port gigabitethernet 1/0/5

[SwitchC-vlan2] quit

# Configure VRRP to operate in load balancing mode.

[SwitchC] vrrp ipv6 mode load-balance

# Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] ipv6 address fe80::3 link-local

[SwitchC-Vlan-interface2] ipv6 address 1::3 64

[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Configure Switch C to operate in preemptive mode, and set the preemption delay to 500 centiseconds.

[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 500

# Enable Switch C to send RA messages, so the hosts on the subnet 1::/64 can learn the default gateway address.

[SwitchC-Vlan-interface2] undo ipv6 nd ra halt

[SwitchC-Vlan-interface2] quit

# Create track entry 1 to monitor the upstream link status of VLAN-interface 3. When the upstream link fails, the track entry transits to Negative.

[SwitchC] track 1 interface vlan-interface 3

# Configure the VFs in VRRP group 1 to monitor track entry 1, and decrease their weights by 250 when the track entry transits to Negative.

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 track 1 weight reduced 250

Verifying the configuration

# Verify that Host A can ping the external network. (Details not shown.)

# Display detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Member IP List : FE80::1 (Local, Master)

                      FE80::2 (Backup)

                      FE80::3 (Backup)

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Active

     Virtual MAC    : 000f-e2ff-4011 (Owner)

     Owner ID       : 0000-5e01-1101

     Priority       : 255

     Active         : local

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-4012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 127

     Active         : FE80::2

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-4013 (Learnt)

     Owner ID       : 0000-5e01-1105

     Priority       : 127

     Active         : FE80::3

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

# Display detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 401ms left

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Member IP List : FE80::2 (Local, Backup)

                      FE80::1 (Master)

                      FE80::3 (Backup)

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Listening

     Virtual MAC    : 000f-e2ff-4011 (Learnt)

     Owner ID       : 0000-5e01-1101

     Priority       : 127

     Active         : FE80::1

    Forwarder 02

     State          : Active

     Virtual MAC    : 000f-e2ff-4012 (Owner)

     Owner ID       : 0000-5e01-1103

     Priority       : 255

     Active         : local

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-4013 (Learnt)

     Owner ID       : 0000-5e01-1105

     Priority       : 127

     Active         : FE80::3

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

# Display detailed information about VRRP group 1 on Switch C.

[SwitchC-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 402ms left

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Member IP List : FE80::3 (Local, Backup)

                      FE80::1 (Master)

                      FE80::2 (Backup)

   Forwarder Information: 3 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Listening

     Virtual MAC    : 000f-e2ff-4011 (Learnt)

     Owner ID       : 0000-5e01-1101

     Priority       : 127

     Active         : FE80::1

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-4012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 127

     Active         : FE80::2

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-4013 (Owner)

     Owner ID       : 0000-5e01-1105

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

The output shows that Switch A is the master in VRRP group 1, and each of the three switches has one AVF and two LVFs.

# Disconnect the link of VLAN-interface 3 on Switch A and display detailed information about VRRP group 1 on Switch A.

[SwitchA-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 120                  Running Pri  : 120

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Member IP List : FE80::1 (Local, Master)

                      FE80::2 (Backup)

                      FE80::3 (Backup)

   Forwarder Information: 3 Forwarders 0 Active

     Config Weight  : 255

     Running Weight : 5

    Forwarder 01

     State          : Initialize

     Virtual MAC    : 000f-e2ff-4011 (Owner)

     Owner ID       : 0000-5e01-1101

     Priority       : 0

     Active         : FE80::3

    Forwarder 02

     State          : Initialize

     Virtual MAC    : 000f-e2ff-4012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 0

     Active         : FE80::2

    Forwarder 03

     State          : Initialize

     Virtual MAC    : 000f-e2ff-4013 (Learnt)

     Owner ID       : 0000-5e01-1105

     Priority       : 0

     Active         : FE80::3

   Forwarder Weight Track Information:

     Track Object   : 1          State : Negative   Weight Reduced : 250

# Display detailed information about VRRP group 1 on Switch C.

[SwitchC-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 410ms left

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Member IP List : FE80::3 (Local, Backup)

                      FE80::1 (Master)

                      FE80::2 (Backup)

   Forwarder Information: 3 Forwarders 2 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 01

     State          : Active

     Virtual MAC    : 000f-e2ff-4011 (Take Over)

     Owner ID       : 0000-5e01-1101

     Priority       : 85

     Active         : local

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-4012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 85

     Active         : FE80::2

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-4013 (Owner)

     Owner ID       : 0000-5e01-1105

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

The output shows that when VLAN-interface 3 on Switch A fails, the weights of the VFs on Switch A drop below the lower limit of failure. All VFs on Switch A transit to the Initialized state and cannot forward traffic. The VF for MAC address 000f-e2ff-4011 on Switch C becomes the AVF to forward traffic.

# When the timeout timer (about 1800 seconds) expires, display detailed information about VRRP group 1 on Switch C.

[SwitchC-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Backup

     Config Pri     : 100                  Running Pri  : 100

     Preempt Mode   : Yes                  Delay Time   : 500

     Become Master  : 400ms left

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Member IP List : FE80::3 (Local, Backup)

                      FE80::1 (Master)

                      FE80::2 (Backup)

   Forwarder Information: 2 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 02

     State          : Listening

     Virtual MAC    : 000f-e2ff-4012 (Learnt)

     Owner ID       : 0000-5e01-1103

     Priority       : 127

     Active         : FE80::2

    Forwarder 03

     State          : Active

     Virtual MAC    : 000f-e2ff-4013 (Owner)

     Owner ID       : 0000-5e01-1105

     Priority       : 255

     Active         : local

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

The output shows that when the timeout timer expires, the VF for virtual MAC address 000f-e2ff-4011 is removed. The VF no longer forwards the packets destined for the MAC address.

# When Switch A fails, display detailed information about VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose

IPv6 Virtual Router Information:

 Running Mode      : Load Balance

 Total number of virtual routers : 1

   Interface Vlan-interface2

     VRID           : 1                    Adver Timer  : 100

     Admin Status   : Up                   State        : Master

     Config Pri     : 110                  Running Pri  : 110

     Preempt Mode   : Yes                  Delay Time   : 500

     Auth Type      : None

     Virtual IP     : FE80::10

                      1::10

     Member IP List : FE80::2 (Local, Master)

                      FE80::3 (Backup)

   Forwarder Information: 2 Forwarders 1 Active

     Config Weight  : 255

     Running Weight : 255

    Forwarder 02

     State          : Active

     Virtual MAC    : 000f-e2ff-4012 (Owner)

     Owner ID       : 0000-5e01-1103

     Priority       : 255

     Active         : local

    Forwarder 03

     State          : Listening

     Virtual MAC    : 000f-e2ff-4013 (Learnt)

     Owner ID       : 0000-5e01-1105

     Priority       : 127

     Active         : FE80::3

   Forwarder Weight Track Information:

     Track Object   : 1          State : Positive   Weight Reduced : 250

The output shows the following information:

·          When Switch A fails, Switch B becomes the master because it has a higher priority than Switch C.

·          The VF for virtual MAC address 000f-e2ff-4011 is removed.

Troubleshooting VRRP

An error prompt is displayed

Symptom

An error prompt "The virtual router detected a VRRP configuration error." is displayed during configuration.

Analysis

This symptom is probably caused by the following reasons:

·          The VRRP advertisement interval in the packet is not the same as that for the current VRRP group (in VRRPv2 only).

·          The number of virtual IP addresses in the packet is not the same as that for the current VRRP group.

·          The virtual IP address list is not the same as that for the current VRRP group.

·          A device in the VRRP group receives illegitimate VRRP packets. For example, the IP address owner receives a VRRP packet with the priority 255.

Solution

·          Modify the configuration on routers in VRRP groups to ensure consistent configuration.

·          Take fault location and anti-attack measures to eliminate potential threats.

Multiple masters appear in a VRRP group

Symptom

Multiple masters appear in a VRRP group.

Analysis

It is normal for a VRRP group to have multiple masters for a short time, and this situation requires no manual intervention.

If multiple masters coexist for a longer period, it might be because the masters cannot receive advertisements from each other, or because the received advertisements are illegitimate.

Solution

Ping between these masters, and do the following checks:

·          If the ping fails, examine network connectivity.

·          If the ping succeeds, check for configuration inconsistencies in the number of virtual IP addresses, virtual IP addresses, and authentication. For IPv4 VRRP, also make sure a consistent version of VRRP is configured on all routers in the VRRP group. For VRRPv2, make sure consistent VRRP advertisement interval is configured on the routers in the VRRP group.

Fast VRRP state flapping

Symptom

Fast VRRP state flapping occurs.

Analysis

The VRRP advertisement interval is set too short.

Solution

Increase the interval for sending VRRP advertisements or introduce a preemption delay.

 

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网