03-Layer 2—LAN Switching Command Reference

HomeSupportResource CenterReference GuidesCommand ReferencesH3C S6520X & S6520-SI & S5560X-HI & S5000-EI & MS4600 Command References-R6615Pxx-6W10103-Layer 2—LAN Switching Command Reference
06-DRNI commands
Title Size Download
06-DRNI commands 262.50 KB

DRNI commands

display drni consistency

Use display drni consistency to display information about the configuration consistency check done by DRNI.

Syntax

display drni consistency { type1 | type2 } { global | interface interface-type interface-number }

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

type1: Specifies type 1 configuration consistency check.

type2: Specifies type 2 configuration consistency check.

global: Specifies global information.

interface interface-type interface-number: Specifies a DR interface by its type and number.

Usage guidelines

This command displays configuration details for the DR member devices when type 1 or type 2 setting inconsistencies are detected. For more information about type 1 or type 2 configuration, see DRNI configuration in Layer 2—LAN Switching Configuration Guide.

The device does not check the invalid VLANs for inconsistency during global or interface-specific type 2 configuration consistency check.

This command displays the following fields only when VLAN or VLAN interface inconsistencies are detected during global type 2 configuration consistency check:

·     Vlan-int(shutdown).

·     Vlan-int(IPv4).

·     Vlan-int(IPv6).

·     Vlan-int(VRRPv4).

Examples

# Display global information about type 1 configuration consistency check.

<Sysname> display drni consistency type1 global

Configuration       Local                         Peer

Link type           Access                        Trunk

PVID                10                            20

Global STP          Enabled                       Disabled

STP mode            MSTP                          RSTP

MST region          abc                           def

Revision level      100                           200

MSTI(VLANs)         1(1,64,127,190,316,379,442,   1(2,4,61,121,261,291,362)

                    505,568,631)

STP-enabled VLANs   10,12,14,16,18                20,22,24,26,28

# Display global information about type 2 configuration consistency check.

<Sysname> display drni consistency type2 global

Configuration       Local                         Peer

VLANs               1,3,5,7,9                     2,4,6,8,10

Vlan-int            10,12,14,17,22,33             11,19,23,27,47

Vlan-int(shutdown)  100,103,107,200,301           200,261,290,333,465

Vlan-int(IPv4)      1019(192.168.1.1/29)          1019(192.168.1.2/29)

Vlan-int(IPv6)      40(fc00:0:0:102:0:0:0:1/64)   40(fc00:0:0:102:0:0:0:2/64)

Vlan-int(VRRPv4)    100(192.168.100.1/24)         100(192.168.100.2/24)

Global BPDU guard   Enabled                       Disabled

MAC aging time      100s                          No-aging

Port security       Enabled                       Disabled

Psec load sharing   Local                         Odd-MAC

Psec MAC move state Enabled                       Disabled

Psec MAC move mode  Port                          All

Dot1x               Enabled                       Disabled

802.1X auth method  Chap                          Pap

MAC-authentication  Enabled                       Disabled

MAC auth method     Chap                          Pap

 

VSI name            vpna

VNI                 10

Gateway interface   VSI-interface1

 

VSI name            vpnb                          vpnb

VNI                 20                            30

Gateway interface   VSI-interface1

 

VSI interface       1                             1

MAC address         1-1-1                         2-2-2

IPv4 address        192.168.0.1/24                192.168.0.2/24

IPv6 address        1::1/64                       1::2/64

Physical state      UP                            DOWN

Protocol state      UP                            DOWN

 

VSI interface       2                             2

MAC address         1-1-1                         2-2-3

IPv4 address        192.168.1.1/24                192.168.1.2/24

IPv6 address        2::2/64                       2::2/128

Physical state      UP                            DOWN

Protocol state      UP                            DOWN

# Display information about type 1 configuration consistency check on DR interface Bridge-Aggregation 1.

<Sysname> display drni consistency type1 interface bridge-aggregation 1

Configuration       Local                         Peer

LAGG mode           Static                        Dynamic

Link type           Access                        Trunk

PVID                10                            20

STP                 Enabled                       Disabled

# Display information about type 2 configuration consistency check on DR interface Bridge-Aggregation 1.

<Sysname> display drni consistency type2 interface bridge-aggregation 1

Configuration       Local                         Peer

VLANs               1,3,5,7,9                     2,4,6,8,10

LACP select speed   Enabled                       Disabled

LAGG ignore speed   Enabled                       Disabled

Root guard          Enabled                       Disabled

Psec port mode      Autolearn                     Mac-else-userlogin-secure-ext

Dot1x               Enabled                       Disabled

Dot1x critical VSI  vpna                          vpnb

Dot1x handshake     Enabled                       Disabled

Dot1x multi-trigger Enabled                       Disabled

Dot1x uni-trigger   Enabled                       Disabled

MAC-authentication  Enabled                       Disabled

MAC crt microseg    1                             2

MAC critical VSI    vpna                          vpnb

MAC URL user logoff Enabled                       Disabled

MAC with dot1x      Enabled                       Disabled

Web-auth            Enabled                       Disabled

Web auth-fail VLAN  1                             2

Web-auth P server   serverA                       serverB

Web-auth S server   serverB                       serverA

Table 1 Command output

Field

Description

Local

Local configuration. This field displays a hyphen (-) if no configuration inconsistency exists. If the parameter does not have a local configuration, this field is empty.

Peer

Peer configuration. This field displays a hyphen (-) if no configuration inconsistency exists. If the parameter does not have a peer configuration, this field is empty.

Link type

Link type of the IPP:

·     Access.

·     Hybrid.

·     Trunk.

PVID

PVID of the IPP.

MSTI(VLANs)

VLAN-to-MSTI mappings. This field displays Inconsistent if inconsistent VLAN-to-MSTI mappings are detected and DRNI cannot obtain VLAN-to-MSTI mappings.

VLANs

VLANs permitted by an interface. The system checks tagged VLANs before untagged VLANs.

Vlan-int(shutdown)

VLAN interfaces that were administratively shut down.

Vlan-int(VRRPv4)

Virtual IPv4 address of the VRRP group on a VLAN interface.

MAC aging time

MAC aging timer in seconds. This field displays No-aging if MAC address entries do not age out.

Port security

Global state of port security:

·     Enabled.

·     Disabled.

Psec load sharing

Authentication load sharing mode for users on port security-enabled DR interfaces:

·     Centralized—The primary DR member device authenticates users.

·     Local—Each DR member device authenticates their local users.

·     Odd-MAC—The local DR member device authenticates odd-MAC users on all DR interfaces of the DR system.

·     Even-MAC—The local DR member device authenticates even-MAC users on all DR interfaces of the DR system.

Psec MAC move state

State of the MAC move feature:

·     Enabled.

·     Disabled.

Dot1x

Global state of 802.1X authentication:

·     Enabled.

·     Disabled.

Psec MAC move mode

Port security MAC move mode:

·     Port—Allows an authenticated online user to move between ports on the device.

·     VLAN—Allows an authenticated online user to move between VLANs on a trunk or hybrid port.

·     All—Allows an authenticated online user to move between ports on the device or VLANs on a trunk or hybrid port.

802.1X auth method

802.1X authentication method:

·     Chap—Performs EAP termination and uses CHAP to communicate with the RADIUS server.

·     Eap—Relays EAP packets and supports any of the EAP authentication methods to communicate with the RADIUS server.

·     Pap—Performs EAP termination and uses PAP to communicate with the RADIUS server.

MAC-authentication

Global state of MAC authentication:

·     Enabled.

·     Disabled.

MAC auth method

MAC authentication method:

·     Chap—CHAP authentication.

·     Pap—PAP authentication.

VSI name

Name of the VSI that has ACs on a DR interface.

VNI

VXLAN ID of the VSI.

Gateway interface

VSI interface associated with the VSI.

VSI interface

VSI interface number.

MAC address

MAC address of the VSI interface.

IPv4 address

IPv4 address of the VSI interface.

IPv6 address

IPv6 address of the VSI interface.

Physical state

Physical link state of the VSI interface:

·     ADM—The interface has been shut down by using the shutdown command.

·     DOWN—The interface is administratively up, but its physical state is down.

·     UP—The interface is both administratively and physically up.

Protocol state

Data link layer state of the VSI interface:

·     DOWN—The data link layer protocol is down.

·     UP—The data link layer protocol is up.

LACP select speed

Whether a DR interface uses port speed as the prioritized criterion for reference port selection:

·     Enabled.

·     Disabled.

LAGG ignore speed

Whether a DR interface ignores port speed in setting the aggregation states of member ports:

·     Enabled.

·     Disabled.

Dot1x

State of 802.1X authentication on the interface:

·     Enabled.

·     Disabled.

Dot1x critical VSI

Name of the 802.1X critical VSI.

Dot1x handshake

Whether the 802.1X online user handshake feature is enabled:

·     Enabled.

·     Disabled.

Dot1x multi-trigger

Whether the 802.1X multicast trigger feature is enabled:

·     Enabled.

·     Disabled.

Dot1x uni-trigger

Whether the 802.1X unicast trigger feature is enabled:

·     Enabled.

·     Disabled.

MAC-authentication

State of MAC authentication on the interface:

·     Enabled.

·     Disabled.

MAC crt microseg

ID of the MAC authentication critical microsegment. This field is supported only by the S5560X-HI and S6520X-HI switches.

MAC critical VSI

Name of the MAC authentication critical VSI.

MAC URL user logoff

Whether the device logs off MAC authentication users that have been assigned authorization URLs and have not passed authentication on the port when the first user is assigned to the critical microsegment:

·     Enabled.

·     Disabled.

This field is supported only by the S5560X-HI and S6520X-HI switches.

MAC with dot1x

State of parallel processing of MAC authentication and 802.1X authentication:

·     Enabled.

·     Disabled.

Web-auth

State of Web authentication on the interface:

·     Enabled.

·     Disabled.

Web auth-fail VLAN

The Auth-Fail VLAN for Web authentication.

Web-auth P server

Name of the primary Web server for Web authentication.

Web-auth S server

Name of the secondary Web server for Web authentication.

 

display drni consistency-check status

Use display drni consistency-check status to display the configuration consistency check status.

Syntax

display drni consistency-check status

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the configuration consistency check status.

<Sysname> display drni consistency-check status

                 Global Consistency Check Configuration

Local status     : Enabled           Peer status     : Enabled

Local check mode : Strict            Peer check mode : Strict

 

                 Consistency Check on Modules

Module           Type1           Type2

LAGG             Check           Check

VLAN             Check           Check

STP              Check           Check

MAC              Not Check       Check

L2VPN            Not Check       Check

PORTSEC          Not Check       Check

DOT1X            Not Check       Check

MACA             Not Check       Check

WEBAUTH          Not Check       Check

 

                 Type1 Consistency Check Result

Global consistency check result: SUCCESS

Inconsistent global modules: -

 

DR interface     DR group ID     Check Result      Inconsistency modules

BAGG4            4               SUCCESS           -

Table 2 Command output

Field

Description

Local status

Status of configuration consistency check at the local end:

·     Enabled.

·     Disabled.

Peer status

Status of configuration consistency check at the peer end:

·     Enabled.

·     Disabled.

Local check mode

Configuration consistency check mode at the local end:

·     Loose.

·     Strict.

Peer check mode

Configuration consistency check mode at the peer end:

·     Loose.

·     Strict.

Module

Feature module name.

Type1

Whether DRNI checks the module for a type 1 configuration inconsistency:

·     Check.

·     Not Check.

Type2

Whether DRNI checks the module for a type 2 configuration inconsistency:

·     Check.

·     Not Check.

Global consistency check result

Result of global configuration consistency check:

·     FAILURE.

·     SUCCESS.

Inconsistent global modules

Modules that failed global configuration consistency check. If the check succeeded, this field displays a hyphen (-).

DR interface

Abbreviated name of the DR interface.

Inconsistency modules

Modules that failed interface configuration consistency check. If the check succeeded, this field displays a hyphen (-).

 

display drni drcp statistics

Use display drni drcp statistics to display DRCPDU statistics.

Syntax

display drni drcp statistics [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies a Layer 2 aggregate interface or VXLAN tunnel interface by its type and number. If you do not specify this option, the command displays the DRCPDU statistics about the IPP and all DR interfaces.

Examples

# Display DRCPDU statistics.

<Sysname> display drni drcp statistics

 * indicates the port is the IPP.

Interface type:

BAGG -- Bridge-Aggregation, Tun -- Tunnel

Interface     State     Sent     Received(Normal/Error/Unknown)

*BAGG3        UP        30       26/0/0

 BAGG4        UP        29       26/0/0

# Display DRCPDU statistics about Bridge-Aggregation 4.

<Sysname> display drni drcp statistics interface bridge-aggregation 4

* indicates the port is the IPP.

Interface type:

BAGG -- Bridge-Aggregation, Tun -- Tunnel

Interface  : BAGG4

State      : UP

Sent       : 31

Received (Normal/Error/Unknown): 28/0/0

Last received packet information:

  Source MAC address: 3cd4-437d-0300

  Time: 2019/09/11 09:19:58

  Action: Accept

Table 3 Command output

Field

Description

Interface

Abbreviated interface name. The name of the IPP is prefixed with an asterisk (*).

State

Physical state of the interface:

·     UP.

·     DOWN.

Sent

Number of sent DRCPDUs.

Received (Normal/Error/Unknown)

Numbers of received normal, error, and unrecognized DRCPDUs.

Last received packet information

Information about the most recently received DRCPDU.

Time

Date and time when the DRCPDU was received, in the YYYY/MM/DD hh:mm:ss format.

Action

Action taken on the DRCPDU:

·     Accept.

·     Drop.

If the DRCPDU was dropped, this field also displays the reason for dropping the DRCPDU.

 

Related commands

reset drni drcp statistics

display drni keepalive

Use display drni keepalive to display DR keepalive packet statistics.

Syntax

display drni keepalive

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display DR keepalive packet statistics.

<Sysname> display drni keepalive

Neighbor keepalive link status (cause): Up

Neighbor is alive for: 135642 s 501 ms

Keepalive packet transmission status:

  Sent: Successful

  Received: Successful

Last received keepalive packet information:

  Source IP address: 1.1.1.1

  Time: 2019/09/11 09:21:51

  Action: Accept

 

Distributed relay keepalive parameters:

Destination IP address: 10.0.0.2

Source IP address: 10.0.0.1

Keepalive UDP port : 6400

Keepalive VPN name : vpn1

Keepalive interval : 1000 ms

Keepalive timeout  : 5 sec

Keepalive hold time: 3 sec

Table 4 Command output

Field

Description

Neighbor keepalive link status (cause)

State of the DR peer:

·     Unknown—No DR peer is detected because the destination IP address of keepalive packets is not specified.

·     Up—The DR peer is up.

·     Down—The DR peer is down.

Cause of the keepalive link down event:

·     DR system init—DR system initialization.

·     Local IP not configured—The local end does not have source and destination IP address settings for the keepalive link.

·     Local Tx failed—Packet transmission failed on the local end.

·     Local Rx timeout—Packet reception timed out on the local end.

·     Peer Rx timeout—Packet reception timed out on the peer end.

Neighbor is alive for

Time period for which the DR peer has been up.

Last received keepalive packet information

Information about the most recently received keepalive packet.

Time

Date and time when the keepalive packet was received, in the YYYY/MM/DD hh:mm:ss format. If the device has not received any keepalive packets, this field displays N/A.

Action

Action taken on the keepalive packet:

·     Accept.

·     Drop.

If the keepalive packet was dropped, this field also displays the reason for dropping the packet.

Destination IP address

Destination IP address of keepalive packets sent by the device.

Source IP address

Source IP address of keepalive packets sent by the device.

Keepalive UDP port

Destination UDP port of keepalive packets.

Keepalive VPN name

VPN instance for keepalive packets. If no VPN instance is configured for keepalive packets, this field displays N/A.

Keepalive interval

Interval at which the device sends keepalive packets.

Keepalive timeout

Keepalive timeout timer.

Keepalive hold time

Keepalive hold timer setting. The keepalive hold timer specifies the amount of time that the device uses to identify the cause of an IPL down event.

 

Related commands

drni keepalive { ip | ipv6 }

drni keepalive hold-time

drni keepalive interval

display drni mad verbose

Use display drni mad verbose to display detailed DRNI MAD information.

Syntax

display drni mad verbose

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display detailed DRNI MAD information.

<Sysname> display drni mad verbose

DRNI MAD DOWN state    : No

Restore delay          : 30 s

Remaining restore delay: -

DRNI MAD default action: DOWN

DRNI MAD DOWN persistence: Disabled

Excluding logical interfaces: Disabled

Port configuration for DRNI MAD DOWN action:

 Included ports(user-configured):

   Bridge-Aggregation1

   Ten-GigabitEthernet1/0/5(ineffective)

 Included ports(system-configured):

   Member interfaces of DR Bridge-Aggregation3:

     Ten-GigabitEthernet 1/0/3

 Excluded ports(user-configured):

   Bridge-Aggregation2

   Ten-GigabitEthernet1/0/4

 Excluded ports(system-configured):

   Management interfaces:

     M-GigabitEthernet0/0/0

   DR interfaces:

     Bridge-Aggregation4

   IPP:

     Bridge-Aggregation3

   Member interfaces of IPP Bridge-Aggregation3:

     Ten-GigabitEthernet1/0/1

     Ten-GigabitEthernet1/0/2

Table 5 Command output

Field

Description

DRNI MAD DOWN state

Whether the network interfaces on the device are in DRNI MAD DOWN state:

·     Yes—The device has network interfaces placed in DRNI MAD DOWN state.

·     No—No network interfaces are in DRNI MAD DOWN state.

If this field displays Yes, check the IPL for the link down issue to remove multi-active collision.

Restore delay

Data restoration interval, in seconds.

Remaining restore delay

The remaining time (in seconds) before the data restoration interval expires. If the data restoration interval has not started, this field displays a hyphen (-).

DRNI MAD default action

Default action to take on network interfaces when the DR system splits:

·     DOWN—Shut down interfaces and place them in DRNI MAD DOWN state.

·     NONE—DRNI MAD does not take action on interfaces.

DRNI MAD DOWN persistence

DRNI MAD DOWN state persistence:

·     Enabled—The DR member device does not bring up the network interfaces in DRNI MAD DOWN state when its role changes from secondary to primary.

·     Disabled—The DR member device brings up the network interfaces in DRNI MAD DOWN state when its role changes from secondary to primary.

Excluding logical interfaces

Whether all logical interfaces are excluded from the shutdown action by DRNI MAD:

·     Enabled.

·     Disabled.

Included ports(user-configured)

Network interfaces manually configured to be shut down by DRNI MAD when the DR system splits.

An interface entry will be marked as ineffective if the system does not allow the specified interface to be shut down by DRNI MAD. DRNI MAD will not shut down interfaces in ineffective entries when the DR system splits.

The following are interfaces not allowed to be shut down by DRNI MAD:

·     Interfaces automatically excluded from being shut down by DRNI MAD.

·     Interfaces used for special purposes.

Included ports(system-configured)

Network interfaces automatically set by the system to shut down by DRNI MAD when the DR system splits.

Aggregation member ports of DR interfaces are in this category of interfaces.

Excluded ports(user-configured)

Network interfaces manually configured to not be shut down by DRNI MAD.

An interface entry will be marked as ineffective if the specified interface is in the list of ports excluded by the system from the DRNI MAD shutdown action. In this situation, the manual configuration does not take effect.

Excluded ports(system-configured)

Network interfaces set by the system to not shut down by DRNI MAD, including:

·     Management interfaces.

·     DR interfaces.

·     IPP.

·     Aggregation member interfaces if a Layer 2 aggregate interface is used as the IPP.

 

Related commands

drni mad default-action

drni mad exclude logical-interfaces

drni mad exclude interface

drni mad include interface

drni mad persistent

display drni role

Use display drni role to display DR role information.

Syntax

display drni role

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display DR role information.

<Sysname> display drni role

                    Effective role information

Factors                  Local                    Peer

Effective role           Primary                  Secondary

Initial role             None                     None

MAD DOWN state           Yes                      Yes

Health level             0                        0

Role priority            32768                    32768

Bridge MAC               3cd4-3ce1-0200           3cd4-437d-0300

Effective role trigger: IPL calculation

Effective role reason: Bridge MAC

 

                    Configured role information

Factors                  Local                    Peer

Configured role          Primary                  Secondary

Role priority            32768                    32768

Bridge MAC               3cd4-3ce1-0200           3cd4-437d-0300

Table 6 Command output

Field

Description

Factors

Factors used in role calculation.

Local

Local configuration.

Peer

Peer configuration.

Effective role

Effective device role:

·     None.

·     Primary.

·     Secondary.

Status of DR interfaces

The status of all DR interfaces:

·     DownAll DR interfaces are down.

·     UPOne or more DR interfaces are up.

Initial role

Device role before role calculation:

·     None.

·     Primary.

·     Secondary.

MAD DOWN state

Whether there were interfaces in DRNI MAD DOWN state during role calculation:

·     Yes.

·     No.

This field displays N/A if no peer exists.

Health level

Health level of the device during role calculation. The member device with a lower value is healthier.

This field displays N/A if no peer exists.

Effective role trigger

Why effective role calculation was triggered:

·     DR system init—DR system initialization.

·     IPL calculation—The local device role was calculated over the IPL.

·     IPL down and role calculation over keepalive link—The IPL went down, and the local device role was calculated over the keepalive link.

·     IPL and keepalive link down—Both the IPL and the keepalive link went down.

·     IPL and keepalive link down. All local DR interfaces down—Both the IPL and the keepalive link went down, and all local DR interfaces went down.

Effective role reason

Factor that determined the effective device role:

·     No peer existed. In this situation, a hyphen (-) is displayed.

·     Status of DR interfaces.

·     Single None role. One DR member device had the None role, and the other DR member device had the Primary role.

·     MAD status.

·     Health level.

·     Role priority.

·     Bridge MAC.

Configured role

Manually assigned device role:

·     None.

·     Primary.

·     Secondary.

 

Related commands

drni role priority

display drni summary

Use display drni summary to display summary information about the IPP and DR interfaces.

Syntax

display drni summary

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display summary information about the IPP and DR interfaces. In this example, global configuration consistency check was successful.

<Sysname> display drni summary

Flags: A -- Aggregate interface down, B -- No peer DR interface configured

       C -- Configuration consistency check failed

 

IPP: BAGG3

IPP state (cause): UP

Keepalive link state (cause): UP

 

                     DR interface information

DR interface  DR group  Local state (cause)  Peer state  Remaining down time(s)

BAGG4         4         UP                   UP          -

Table 7 Command output

Field

Description

IPP

Abbreviated name of the IPP.

IPP state (cause)

State of the IPP:

·     UP.

·     DOWN.

·     If the IPP is down, this field also displays the cause of the down state.

Keepalive link state (cause)

State of the keepalive link:

·     UP.

·     DOWN.

Cause of the keepalive link down event:

·     DR system init—DR system initialization.

·     Local IP not configured—The local end does not have source and destination IP address settings for the keepalive link.

·     Local Tx failed—Packet transmission failed on the local end.

·     Local Rx timeout—Packet reception timed out on the local end.

·     Peer Rx timeout—Packet reception timed out on the peer end.

DR interface

Name of the DR interface.

Local state (cause)

State of the DR interface:

·     UP.

·     DOWN.

If the DR interface is down, this field also displays the cause of the down state:

·     A—The aggregate interface went down.

·     B—The peer DR interface did not exist.

·     C—Configuration consistency check failed.

Peer state

State of the peer DR interface:

·     UP.

·     DOWN—No peer DR interface exists or the peer DR interface is down.

·     UNKNOWN—The state of the peer DR interface is unknown when the IPL is down.

Remaining down time (s)

Remaining time (in seconds) during which the DR interface will stay in DRNI MAD DOWN state. If the DR interface is not in DRNI MAD DOWN state, this field displays a hyphen (-).

 

display drni system

Use display drni system to display the DR system settings.

Syntax

display drni system

Views

Any view

Predefined user roles

network-admin

network-operator

Examples

# Display the DR system settings.

<Sysname> display drni system

                     System information

Local system number: 1                      Peer system number: 2

Local system MAC: 0001-0001-0001            Peer system MAC: 0001-0001-0001

Local system priority: 123                  Peer system priority: 123

Local bridge MAC: 3cd4-3ce1-0200            Peer bridge MAC: 3cd4-437d-0300

Local effective role: Primary               Peer effective role: Secondary

Health level: 0

Standalone mode on split: Enabled

In standalone mode: Yes

 

                     System timer information

Timer                      State       Value (s)    Remaining time (s)

Auto recovery              Disabled    -            -

Restore delay              Disabled    30           -

Consistency-check delay    Disabled    15           -

Standalone delay           Disabled    -            -

Role to None delay         Disabled    60           -

Table 8 Command output

Field

Description

Local system number

Local DR system number. If the parameter is not configured, this field displays N/A.

Peer system number

Peer DR system number. If the parameter is not configured or the peer does not exist, this field displays N/A.

Local system MAC

Local DR system MAC address. If the parameter is not configured, this field displays N/A.

Peer system MAC

Peer DR system MAC address. If the parameter is not configured or the peer does not exist, this field displays N/A.

Local system priority

Local DR system priority. If the parameter is not configured, this field displays N/A.

Peer system priority

Peer DR system priority. If the parameter is not configured or the peer does not exist, this field displays N/A.

Local bridge MAC

Local bridge MAC address.

Peer bridge MAC

Peer bridge MAC address. If the peer does not exist, this field displays N/A.

Local effective role

Effective role of the local device:

·     None.

·     Primary.

·     Secondary.

Peer effective role

Effective role of the peer device:

·     None.

·     Primary.

·     Secondary.

Health level

Health level of the device. The member device with a lower value is healthier.

Standalone mode on split

Whether DRNI standalone mode is enabled:

·     Enabled.

·     Disabled.

In standalone state

Whether the device is in DRNI standalone mode:

·     Yes.

·     No.

Timer

Timer type:

·     Auto recovery—Reload delay timer.

·     Restore delay—Data restoration interval.

·     Consistency check delay—Configuration consistency check delay timer.

·     Standalone delay—Delay that the device must wait before changing to DRNI standalone mode.

·     Role to None delay—Delay that the device must wait before setting its role to None.

State

State of the timer:

·     Enabled.

·     Disabled.

Value (s)

Value of the timer, in seconds.

Remaining time (s)

Remaining time of the timer, in seconds.

If the timer has not started, this field displays a hyphen (-).

 

display drni troubleshooting

Use display drni troubleshooting to display DRNI troubleshooting information.

Syntax

display drni troubleshooting [ dr | ipp | keepalive ] [ history ] [ count ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

dr: Displays DR interface troubleshooting information.

ipp: Displays IPP troubleshooting information.

keepalive: Displays keepalive link troubleshooting information.

history: Displays troubleshooting records. If you do not specify this keyword, the command displays current troubleshooting information.

count: Specifies the number of events to display, in the range of 1 to 200. If you do not specify this argument, the command displays the most recent 20 events.

Usage guidelines

If you do not specify the dr, ipp, or keepalive keywords, this command displays troubleshooting information about DR interfaces, the IPP, and the keepalive link.

Examples

# Display DRNI troubleshooting records.

<Sysname> display drni troubleshooting history

Total: 3

 

Time                     Event description

2019-09-10 14:13:53.103  IPP BAGG10 went down because the IPP role of the

                         interface was removed. Please reconfigure an interface

                         as the IPP.

2019-09-10 14:23:53.102  Keepalive link went down because the peer keepalive

                         timeout timer expired. Please check the keepalive

                         packet transmission and reception status at the two

                         ends.

2019-09-10 14:53:53.103  Local DR interface state of BAGG1024 in DR group 1024

                         changed to down because the aggregate interface went

                         down. Please check the aggregate link status.

Related commands

reset drni troubleshooting history

display drni verbose

Use display drni verbose to display detailed information about the IPP and DR interfaces.

Syntax

display drni verbose [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies a DR interface or the IPP by its number. The interface number must already exist. If you do not specify an interface, the command displays detailed information about the IPP and all DR interfaces.

Usage guidelines

If the specified interface is not the IPP or a DR interface, no information is displayed.

Examples

# Display detailed information about DR interface Bridge-Aggregation 1.

<Sysname> display drni verbose interface bridge-aggregation 1

Flags: A -- Home_Gateway, B -- Neighbor_Gateway, C -- Other_Gateway,

       D -- IPP_Activity, E -- DRCP_Timeout, F -- Gateway_Sync,

       G -- Port_Sync, H -- Expired

 

DR interface/DR group ID: BAGG1/1

Local DR interface state: UP

Peer DR interface state: UP

DR group state: UP

Local DR interface down cause: -

Remaining DRNI DOWN time: -

Local DR interface LACP MAC: Config=0001-0001-0001, Effective=0001-0001-0001

Peer DR interface LACP MAC: Config=0001-0001-0001, Effective=0001-0001-0001

Local DR interface LACP priority: Config=200, Effective=200

Peer DR interface LACP priority: Config=200, Effective=200

Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG

Local Selected ports (index): XGE1/0/1 (260), XGE1/0/2 (261)

Peer Selected ports indexes: 260, 261

# Display detailed information about IPP Bridge-Aggregation 2.

<Sysname> display drni verbose interface bridge-aggregation 2

Flags: A -- Home_Gateway, B -- Neighbor_Gateway, C -- Other_Gateway,

       D -- IPP_Activity, E -- DRCP_Timeout, F -- Gateway_Sync,

       G -- Port_Sync, H -- Expired

 

IPP/IPP ID: BAGG2/1

State: UP

Cause: -

Local DRCP flags/Peer DRCP flags: ABDFG/ABDFG

Local Selected ports (index): XGE1/0/1 (258), XGE1/0/2 (259)

Peer Selected ports indexes: 258, 259

Table 9 Command output

Field

Description

Flags

DRCP state flags. The flag field is one byte long, represented by ABCDEFGH from the lowest bit to the highest bit. A letter is displayed when its bit is 1 and is not displayed when its bit is 0.

·     A—Indicates whether DRCP is enabled on the local device. 1 indicates enabled. 0 indicates disabled.

·     B—Indicates whether DRCP is enabled on the DR peer. 1 indicates enabled. 0 indicates disabled.

·     C—Indicates whether DRCP is enabled on a third DR member device. 1 indicates enabled. 0 indicates disabled.

·     D—Indicates whether the local IPP has determined that DRCP is enabled on the DR peer. 1 indicates yes. 0 indicates no.

·     E—Indicates the DRCP timeout timer. 1 indicates the short timeout timer. 0 indicates the long timeout timer.

·     F—Indicates whether the local IPP permits the packets that contain the negotiated gateway conversation IDs. 1 indicates yes. 0 indicates no.

·     G—Indicates whether the local IPP permits the packets that contain the negotiated port conversation IDs. 1 indicates yes. 0 indicates no.

·     H—Indicates whether the local DRCPDU receive machine is in default or expired state. 1 indicates yes. 0 indicates no.

IPP

Abbreviated name of the IPP.

DR interface

Abbreviated name of the DR interface.

Local DR interface state

State of the local DR interface:

·     UP—The DR interface is up if it has Selected ports in its aggregation group.

·     DOWN—The DR interface is down if it does not have Selected ports in its aggregation group.

Peer DR interface state

State of the peer DR interface:

·     UP—The DR interface is up if it has Selected ports in its aggregation group.

·     DOWN—The DR interface is down if it does not have Selected ports in its aggregation group.

·     UNKNOWN—The state of the peer DR interface is unknown when the IPL is down.

DR group state

State of the DR group:

·     UP—The DR group is up if it contains a minimum of one member DR interface in UP state.

·     DOWN—The DR group is down if it all its member DR interfaces are in DOWN state.

Local DR interface down cause

Cause of the down state of the local DR interface. If the local DR interface is up, this field displays a hyphen (-).

Remaining DRNI DOWN time

Remaining time (in seconds) during which the DR interface will stay in DRNI MAD DOWN state. If the DR interface is not in DRNI MAD DOWN state, this field displays a hyphen (-).

State

State of the IPP:

·     UP.

·     DOWN.

Cause

Cause of the down state of the IPP. If the IPP is up, this field displays a hyphen (-).

Config

Configured value.

Effective

Effective value.

Local DRCP flags

Local DRCP state flags. If all bits are set to 0, this field displays Unknown.

Peer DRCP flags

Peer DRCP state flags. If all bits are set to 0 or no peer exists, this field displays Unknown.

Local Selected ports (index)

Abbreviated name of the Selected ports in the local aggregation group and their port indexes.

Peer Selected ports indexes

Port indexes of the Selected ports in the peer aggregation group.

 

display drni virtual-ip

Use display drni virtual-ip to display DRNI virtual IP addresses.

Syntax

display drni virtual-ip [ interface interface-type interface-number ]

Views

Any view

Predefined user roles

network-admin

network-operator

Parameters

interface interface-type interface-number: Specifies a VLAN interface or loopback interface by its number. The interface number must already exist. If you do not specify an interface, the command displays detailed information about all DRNI virtual IP addresses.

Examples

# Display all DRNI virtual IP addresses.

<Sysname> display drni virtual-ip

Interface   IP address                MAC address       Effective State

Vlan2       10.10.10.10/24            0001-0001-0001    ACTIVE

            10.10.20.10/24            0001-0001-0002    STANDBY

Loop1       1::20/124                 0001-0001-0003    STANDBY

            1::10/124                 0001-0001-0004    ACTIVE

Table 10 Command output

Field

Description

Interface

Abbreviated name of the interface.

IP address

Virtual IP address.

MAC address

Virtual MAC address.

Effective State

State of the virtual IP address:

·     Active—The virtual IPv4 address is active on the local device.

·     Standby—The virtual IPv4 address is standby on the local device.

 

drni authentication key

Use drni authentication key to enable DRNI packet authentication and configure an authentication key.

Use undo drni authentication key to disable DRNI packet authentication.

Syntax

drni authentication key { simple | cipher } string

undo drni authentication key

Default

DRNI packet authentication is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

cipher: Specifies an authentication key in encrypted form.

simple: Specifies an authentication key in plaintext form. For security purposes, the authentication key specified in plaintext form will be stored in encrypted form.

string: Specifies the authentication key. Its plaintext form is a case-sensitive string of 1 to 32 characters. Its encrypted form is a case-sensitive string of 1 to 73 characters.

Usage guidelines

To prevent DRCPDU and keepalive packet tampering from causing link flapping, enable DRNI packet authentication on DR member devices. With this feature enabled, DR member devices compute a message digest by using an authentication key for each outgoing DRCPDU or keepalive packet and insert the message digest into the packet. When receiving a DRCPDU or keepalive packet, a DR member device computes a message digest and compares it with the message digest in the packet. If the message digests match, the packet passes authentication. If the message digests do not match, the device drops the packet.

For successful authentication, configure the same authentication key for the DR member devices.

Examples

# Enable DRNI packet authentication and configure the authentication key as abcdefg.

<Sysname> system-view

[Sysname] drni authentication key simple abcdefg

drni auto-recovery reload-delay

Use drni auto-recovery reload-delay to enable DR system auto-recovery and set the reload delay timer.

Use undo drni auto-recovery reload-delay to restore the default.

Syntax

drni auto-recovery reload-delay delay-value

undo drni auto-recovery reload-delay

Default

DR system auto-recovery is disabled and the reload delay timer is not set.

Views

System view

Predefined user roles

network-admin

Parameters

delay-value: Specifies a reload delay in the range of 240 to 3600 seconds.

Usage guidelines

If only one DR member device recovers after the entire DR system reboots, auto-recovery enables that member device to remove its DR interfaces from the DRNI DOWN interface list.

·     If that member device has up DR interfaces, it takes over the primary role when the reload delay timer expires and forwards traffic.

·     If that member device does not have up DR interfaces, it is stuck in the None role and does not forward traffic.

If auto-recovery is disabled, that DR member device will be stuck in the None role with all its DR interfaces being DRNI DOWN after it recovers.

If both DR member devices recover and have up DR interfaces after the entire DR system reboots, active-active situation might occur if both IPL and keepalive links were down when the reload delay timer expires. If this rare situation occurs, examine the IPL and keepalive links and restore them.

To avoid incorrect role preemption, make sure the reload delay timer is longer than the amount of time required for the device to restart.

Examples

# Enable DR system auto-recovery and set the reload delay timer to 245 seconds.

<Sysname> system-view

[Sysname] drni auto-recovery reload-delay 245

Related commands

display drni role

drni consistency-check disable

Use drni consistency-check disable to disable DRNI from performing configuration consistency check.

Use undo drni consistency-check disable to enable DRNI to perform configuration consistency check.

Syntax

drni consistency-check disable

undo drni consistency-check disable

Default

DRNI performs configuration consistency check.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To ensure that the DR system can operate correctly, DRNI by default performs configuration consistency check when the DR system is set up.

Configuration consistency check might fail when you upgrade the DR member devices in a DR system. To prevent the DR system from falsely shutting down DR interfaces, you can temporarily disable configuration consistency check.

You must make sure the DR member devices use the same setting for configuration consistency check.

Examples

# Disable DRNI from performing configuration consistency check.

<Sysname> system-view

[Sysname] drni consistency-check disable

drni consistency-check mode

Use drni consistency-check mode to set the mode of configuration consistency check.

Use undo drni consistency-check mode to restore the default.

Syntax

drni consistency-check mode { loose | strict }

undo drni consistency-check mode

Default

Configuration consistency check uses strict mode.

Views

System view

Predefined user roles

network-admin

Parameters

loose: Specifies loose mode.

strict: Specifies strict mode.

Usage guidelines

The device handles configuration inconsistency depending on the mode of configuration consistency check.

·     For type 1 configuration inconsistency:

¡     The device generates log messages if loose mode is enabled.

¡     The device shuts down DR interfaces and generates log messages if strict mode is enabled.

·     For type 2 configuration inconsistency, the device only generates log messages, whether strict or loose mode is enabled.

Examples

# Enable the loose mode of configuration consistency check.

<Sysname> system-view

[Sysname] drni consistency-check mode loose

drni drcp period short

Use drni drcp period short to enable the short DRCP timeout timer (3 seconds) on the IPP or a DR interface.

Use undo drni drcp period to restore the default.

Syntax

drni drcp period short

undo drni drcp period

Default

An aggregate interface uses the long DRCP timeout timer (90 seconds).

Views

Layer 2 aggregate interface view

VXLAN tunnel interface view

Predefined user roles

network-admin

Usage guidelines

This command takes effect only on the IPP or a DR interface.

DRCP uses a timeout mechanism to specify the amount of time that an IPP or DR interface must wait to receive DRCPDUs before it determines that the peer interface is down. This timeout mechanism provides the following timer options:

·     Short DRCP timeout timer, which is fixed at 3 seconds. If this timer is used, the peer interface sends one DRCPDU every second.

·     Long DRCP timeout timer, which is fixed at 90 seconds. If this timer is used, the peer interface sends one DRCPDU every 30 seconds.

Short DRCP timeout timer enables the DR member devices to detect a peer interface down event more quickly than the long DRCP timeout timer. However, this benefit is at the expense of bandwidth and system resources.

To avoid traffic interruption during an ISSU or DRNI process restart, disable the short DRCP timeout timer before you perform an ISSU or DRNI process restart. For more information about ISSU, see Fundamentals Configuration Guide.

Examples

# Enable the short DRCP timeout timer on Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] drni drcp period short

drni ipp mac-address hold

Use drni ipp mac-address hold to enable the IPP to retain MAC address entries for single-homed devices.

Use undo drni ipp mac-address hold to disable the IPP from retaining MAC address entries for single-homed devices.

Syntax

drni ipp mac-address hold

undo drni ipp mac-address hold

Default

The IPP does not retain MAC address entries for single-homed devices when the devices go down.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When a DR member device detects that the link to a single-homed device goes down, the IPP takes the following actions:

·     Deletes the MAC address entries for the single-homed device.

·     Sends a message to the peer IPP for it to delete the affected MAC address entries.

If the link to a single-homed device flaps constantly, the IPP repeatedly deletes and adds MAC address entries for the device. This situation increases floods of unicast traffic destined for the single-homed device.

To reduce flood traffic, enable the IPP to retain MAC address entries for single-homed devices. After the links to single-homed devices go down, the affected MAC address entries age out on expiration of the MAC aging timer instead of being deleted immediately. The timer is set by using the mac-address timer command. For more information about this command, see MAC address table commands in Layer 2—LAN Switching Command Reference.

Examples

# Enable the IPP to retain MAC address entries for single-homed devices.

<Sysname> system-view

[Sysname] drni ipp mac-address hold

Related commands

mac-address timer

drni keepalive { ip | ipv6 }

Use drni keepalive { ip | ipv6 } to configure DR keepalive packet parameters.

Use undo drni keepalive { ip | ipv6 } to restore the default.

Syntax

drni keepalive { ip | ipv6 } destination { ipv4-address | ipv6-address } [ source { ipv4-address | ipv6-address } | udp-port udp-number | vpn-instance vpn-instance-name ] *

undo drni keepalive { ip | ipv6 }

Default

No keepalive packet parameters are configured.

Views

System view

Predefined user roles

network-admin

Parameters

ip: Specifies IPv4 addresses.

ipv6: Specifies IPv6 addresses.

destination: Specifies an IP address of the DR peer as the destination IP address of keepalive packets.

source: Specifies a local IP address as the source IP address of keepalive packets. If you do not specify a source IP address, the IP address of the outgoing interface is used.

ipv4-address: Specifies an IPv4 address.

ipv6-address: Specifies an IPv6 address.

udp-port udp-number: Specifies the destination UDP port of keepalive packets. The value range for the udp-number argument is 1 to 65535. If you do not specify a UDP port number, 6400 is used.

vpn-instance vpn-instance-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31 characters. If the keepalive packets belong to the public network, do not specify a VPN instance.

Usage guidelines

The device accepts only keepalive packets that are sourced from the specified destination IP address. The keepalive link goes down if the device receives keepalive packets sourced from any other IP addresses.

Make sure the DR member devices in a DR system use the same keepalive destination UDP port.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Specify the destination and source IP addresses of keepalive packets as 192.168.68.125 and 192.168.68.100, respectively.

<Sysname> system-view

[Sysname] drni keepalive ip destination 192.168.68.125 source 192.168.68.100

Related commands

display drni keepalive

drni keepalive hold-time

Use drni keepalive hold-time to set the keepalive hold timer.

Use undo drni keepalive hold-time to restore the default.

Syntax

drni keepalive hold-time value

undo drni keepalive hold-time

Default

The keepalive hold timer is 3 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies a timer value in the range of 3 to 10 seconds.

Usage guidelines

IMPORTANT

IMPORTANT:

For the DR member device to correctly determine the cause of an IPL down event, make sure the keepalive hold timer is longer than the keepalive interval and is shorter than the keepalive timeout timer.

 

The keepalive hold timer starts when the IPL goes down. The keepalive hold timer specifies the amount of time that the device uses to identify the cause of an IPL down event.

·     If the device receives keepalive packets from the DR peer before the timer expires, the IPL is down because the IPL fails.

·     If the device does not receive keepalive packets from the DR peer before the timer expires, the IPL is down because the peer DR member device fails.

If you use DRNI and VRRP together, make sure the keepalive hold timer is shorter than the interval at which the VRRP master sends VRRP advertisements. Violation of this restriction might cause a VRRP master/backup switchover to occur before IPL failure is confirmed. To set the interval at which the VRRP master sends VRRP advertisements, use the vrrp vrid timer advertise command. For more information about this command, see High Availability Command Reference.

Examples

# Set the keepalive hold timer to 5 seconds.

<Sysname> system-view

[Sysname] drni keepalive hold-time 5

Related commands

display drni keepalive

vrrp vrid timer advertise (High Availability Command Reference)

drni keepalive interval

Use drni keepalive interval to set the DR keepalive interval and timeout timer.

Use undo drni keepalive interval to restore the default.

Syntax

drni keepalive interval interval [ timeout timeout ]

undo drni keepalive interval

Default

The DR keepalive interval is 1000 milliseconds, and the DR keepalive timeout timer is 5 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

interval interval: Specifies the keepalive interval, in the range of 100 to 10000 milliseconds.

timeout timeout: Specifies the keepalive timeout timer, in the range of 3 to 20 seconds. The local keepalive timeout timer must be two times the keepalive interval of the peer at minimum.

Usage guidelines

The device sends keepalive packets at the specified interval to its DR peer. If the device has not received a keepalive packet from the DR peer before the keepalive timeout timer expires, the device determines that the keepalive link is down.

You must configure the same DR keepalive interval on the DR member devices in a DR system.

If you execute this command multiple times, the most recent configuration takes effect.

Examples

# Set the DR keepalive interval and timeout timer to 2000 milliseconds and 6 seconds, respectively.

<Sysname> system-view

[Sysname] drni keepalive interval 2000 timeout 6

Changing the keepalive interval might cause system setup failure. Continue? [Y/N]:y

Related commands

display drni keepalive

drni mad default-action

Use drni mad default-action to configure the default DRNI MAD action to take on network interfaces on the secondary DR member device when the DR system splits.

Use undo drni mad default-action to restore the default.

Syntax

drni mad default-action { down | none }

undo drni mad default-action

Default

DRNI MAD shuts down network interfaces on the secondary DR member device.

Views

System view

Predefined user roles

network-admin

Parameters

down: Sets the action to DRNI MAD DOWN. DRNI MAD will shut down all network interfaces on the secondary DR member device when the DR system splits, except the interfaces excluded manually or by the system.

none: Sets the DRNI MAD action to NONE. DRNI MAD will not shut down any network interfaces when the DR system splits, except the interfaces configured manually or by the system to be shut down by DRNI MAD.

Usage guidelines

In most network environments, use the DRNI MAD DOWN action in conjunction with the drni mad exclude interface command.

·     The DRNI MAD DOWN action helps avoid network issues caused by multi-active collision, which occurs if the IPL goes down while the keepalive link is up.

·     The drni mad exclude interface command enables you to exclude special-purpose interfaces, for example, interfaces used in DRNI for DR keepalive detection.

This configuration method is inefficient if a large number of interfaces on the secondary DR member must be retained in up state after the DR system splits. For example, if you use a VXLAN tunnel as the IPL in an EVPN environment, you must retain a large number of logical interfaces (for example, VLAN, aggregate, loopback, tunnel, and VSI interfaces) in up state.

In these situations, use the following method to configure DRNI MAD:

·     Set the default DRNI MAD action to NONE.

·     Execute the drni mad include interface command to specify interfaces that must be shut down by DRNI MAD in addition to those already automatically specified by the system.

The DRNI MAD DOWN action will not take effect on the following interfaces:

·     Interfaces automatically or manually excluded from being shut down by DRNI MAD. To identify these interfaces, execute the display drni mad verbose command.

·     Interfaces used for special purposes, including:

¡     Interfaces placed in a loopback test by using the loopback command.

¡     Interfaces in a mirroring group.

¡     Interfaces forced to stay up by using the port-up mode command.

Examples

# Configure DRNI MAD to shut down all network interfaces except excluded interfaces when the DR system splits.

<Sysname> system-view

[Sysname] drni mad default-action down

Related commands

display drni mad verbose

drni mad exclude logical-interfaces

drni mad exclude interface

drni mad include interface

loopback (Interface Command Reference)

mirroring-group reflector-port (Network Management and Monitoring Command Reference)

port up-mode (Interface Command Reference)

drni mad exclude interface

Use drni mad exclude interface to add an interface to the user-configured list of excluded ports, which will not be shut down by DRNI MAD when the DR system splits.

Use undo drni mad exclude interface to remove an interface from the user-configured list of excluded ports.

Syntax

drni mad exclude interface interface-type interface-number

undo drni mad exclude interface interface-type interface-number

Default

DRNI MAD shuts down all network interfaces when detecting a multi-active collision, except for the network interfaces set by the system to not shut down.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

This command is typically used when the default DRNI MAD action is set to DRNI MAD DOWN. In this situation, when DRNI MAD detects a multi-active collision, DRNI sets all network interfaces on the secondary DR member device to DRNI MAD DOWN state, except for the following interfaces:

·     Network interfaces manually configured to not shut down by DRNI MAD.

·     Network interfaces set by the system to not shut down by DRNI MAD, including:

¡     IPP.

¡     Aggregation member interfaces if a Layer 2 aggregate interface is used as the IPP.

¡     DR interfaces.

¡     Management interfaces.

You must exclude the following interfaces from the shutdown action by DRNI MAD:

·     For correct keepalive detection, you must exclude the interfaces used for keepalive detection from the shutdown action.

·     For DR member devices to synchronize ARP entries, you must exclude the VLAN interfaces of the VLANs to which the DR interfaces and IPPs belong from the shutdown action.

·     If the IPP is a tunnel interface, you must exclude the traffic outgoing interface for the tunnel from the shutdown action. To view the traffic outgoing interface for a tunnel, use the display fib ip-address or display ip routing-table ip-address command. To view the destination address of a tunnel, use the display interface tunnel command.

Examples

# Exclude Ten-GigabitEthernet 1/0/1 from the shutdown action by DRNI MAD.

<Sysname> system-view

[Sysname] drni mad exclude interface ten-gigabitethernet 1/0/1

Related commands

display drni mad verbose

display fib (Layer 3—IP Services Command Reference)

display interface tunnel (Layer 3—IP Services Command Reference)

display ip routing-table (Layer 3—IP Routing Command Reference)

drni mad default-action

drni mad exclude logical-interfaces

drni mad include interface

drni mad exclude logical-interfaces

Use drni mad exclude logical-interfaces to exclude all logical interfaces from the shutdown action by DRNI MAD.

Use undo drni mad exclude logical-interfaces to restore the default.

Syntax

drni mad exclude logical-interfaces

undo drni mad exclude logical-interfaces

Default

By default, DRNI MAD shuts down all network interfaces when it detects a multi-active collision, except for the network interfaces set by the system to not shut down.

Views

System view

Predefined user roles

network-admin

Usage guidelines

When a VXLAN tunnel is used as the IPL on an EVPN DR system, you must retain a large number of logical interfaces (for example, VLAN, aggregate, loopback, tunnel, and VSI interfaces) in up state. To simplify configuration, you can exclude all logical interfaces from the shutdown action by DRNI MAD.

The drni mad exclude interface and drni mad include interface commands take precedence over the drni mad exclude logical-interfaces command.

Examples

# Exclude all logical interfaces from the shutdown action by DRNI MAD.

<Sysname> system-view

[Sysname] drni mad exclude logical-interfaces

Related commands

display drni mad verbose

drni mad default-action

drni mad exclude interface

drni mad include interface

drni mad include interface

Use drni mad include interface to add an interface to the user-configured list of included ports, which will be shut down by DRNI MAD when the DR system splits.

Use undo drni mad include interface to remove a network interface from the user-configured list of included ports.

Syntax

drni mad include interface interface-type interface-number

undo drni mad include interface interface-type interface-number

Default

The user-configured included port list does not contain any ports.

Views

System view

Predefined user roles

network-admin

Parameters

interface-type interface-number: Specifies an interface by its type and number.

Usage guidelines

This command is typically used when the default DRNI MAD action is set to NONE. In this situation, DRNI MAD does not shut down the network interfaces on the secondary DR member device when the DR system splits. To avoid network issues caused by multi-active collision, add network interfaces to the user-configured include port list if they are not in the system-configured included port list. DRNI MAD on the secondary DR member device will shut down the interfaces in the system-configured and user-configured included port lists when the DR system splits.

For example, if you use a VXLAN tunnel as the IPL in an EVPN environment, you must retain a large number of logical interfaces (for example, VLAN, aggregate, loopback, tunnel, and VSI interfaces) in up state. To improve configuration efficiency, you can set the default DRNI MAD action to NONE and add interfaces to the user-configured include port list.

The DRNI MAD DOWN action will not take effect on the following interfaces:

·     Network interfaces automatically or manually excluded from being shut down by DRNI MAD. To identify these interfaces, execute the display drni mad verbose command.

·     Network interfaces used for special purposes, including:

¡     Interfaces placed in a loopback test by using the loopback command.

¡     Interfaces in a mirroring group.

¡     Interfaces forced to stay up by using the port-up mode command.

Examples

# Configure DRNI MAD to shut down Bridge-Aggregation 1 on the secondary DR member device when the DR system splits.

<Sysname> system-view

[Sysname] drni mad include interface bridge-aggregation 1

Related commands

display drni mad verbose

drni mad default-action

drni mad exclude logical-interfaces

drni mad exclude interface

loopback (Interface Command Reference)

mirroring-group reflector-port (Network Management and Monitoring Command Reference)

port up-mode (Interface Command Reference)

drni mad persistent

Use drni mad persistent to enable DRNI MAD DOWN state persistence.

Use undo drni mad persistent to disable DRNI MAD DOWN state persistence.

Syntax

drni mad persistent

undo drni mad persistent

Default

The secondary DR member device brings up interfaces in DRNI MAD DOWN state when its role changes to primary.

Views

System view

Predefined user roles

network-admin

Usage guidelines

DRNI MAD DOWN state persistence prevents the secondary DR member device from bringing up the network interfaces in DRNI MAD DOWN state when its role change to primary. This feature helps avoid the forwarding issues that might occur in the multi-active situation that occurs because the keepalive link goes down while the IPL is down.

Examples

# Enable DRNI MAD DOWN state persistence.

<Sysname> system-view

[Sysname] drni mad persistent

Related commands

display drni mad verbose

drni mad restore

drni mad restore

Use drni mad restore to bring up the interfaces in DRNI MAD DOWN state.

Syntax

drni mad restore

Views

System view

Predefined user roles

network-admin

Usage guidelines

Execute this command only when both the IPL and the keepalive link are down.

You can bring up the interfaces in DRNI MAD DOWN state on the secondary DR member device for it to forward traffic if the following conditions exist:

·     The primary DR member device fails while the IPL is down.

·     DRNI MAD DOWN state persists on the secondary DR member device.

Examples

# Bring up the interfaces in DRNI MAD DOWN state.

<Sysname> system-view

[Sysname] drni mad restore

To avoid network issues, make sure the primary device has failed and cannot forward traffic. Continue? [Y/N]:y

Related commands

display drni mad verbose

drni mad persistent

drni restore-delay

Use drni restore-delay to set the data restoration interval.

Use undo drni restore-delay to restore the default.

Syntax

drni restore-delay value

undo drni restore-delay

Default

The data restoration interval is 30 seconds.

Views

System view

Predefined user roles

network-admin

Parameters

value: Specifies the data restoration interval, in the range of 1 to 3600 seconds.

Usage guidelines

The data restoration interval specifies the maximum amount of time for the secondary DR member device to synchronize data with the primary DR member device during DR system setup. Within the data restoration interval, the secondary DR member device sets all network interfaces to DRNI MAD DOWN state, except for the following interfaces:

·     Interfaces excluded from the MAD shutdown action by DRNI.

When the data restoration interval expires, the secondary DR member device brings up all network interfaces.

To avoid packet loss and forwarding failure, increase the data restoration interval if the amount of data is large or if an ISSU is to be performed between the DR member devices.

Examples

# Set the data restoration interval to 50 seconds.

<Sysname> system-view

[Sysname] drni restore-delay 50

drni role priority

Use drni role priority to set the DR role priority of the device.

Use undo drni role priority to restore the default.

Syntax

drni role priority priority-value

undo drni role priority

Default

The DR role priority of the device is 32768.

Views

System view

Predefined user roles

network-admin

Parameters

priority-value: Specifies the DR role priority, in the range of 0 to 65535. The lower the value, the higher the priority.

Usage guidelines

For features that require centralized traffic processing, a DR member device is assigned the primary or secondary role based on its DR role priority. The secondary DR member device forwards the traffic of those features to the primary DR member device for processing. If the DR member devices use the same DR role priority, the member device with a lower bridge MAC address is assigned the primary role.

As a best practice to avoid network flapping, do not modify the DR role priority of DR member devices after the DR system is established.

Examples

# Set the DR role priority of the device to 66.

<Sysname> system-view

[Sysname] drni role priority 66

Related commands

display drni role

drni sequence enable

Use drni sequence enable to enable DRNI sequence number check.

Use undo drni sequence enable to disable DRNI sequence number check.

Syntax

drni sequence enable

undo drni sequence enable

Default

DRNI sequence number check is disabled.

Views

System view

Predefined user roles

network-admin

Usage guidelines

To protect DR member devices from replay attacks, enable DRNI sequence number check for them to identify attack packets.

With this feature enabled, the DR member devices insert a sequence number into each outgoing DRCPDU or keepalive packet and the sequence number increases by 1 for each sent packet. When receiving a DRCPDU or keepalive packet, the DR member devices check its sequence number and drop the packet if the check result is either of the following:

·     The sequence number of the packet is the same as that of a previously received packet.

·     The sequence number of the packet is smaller than that of the most recently received packet.

As a best practice to improve security, use DRNI sequence number check together with DRNI packet authentication.

After one DR member device reboots, the other DR member device might receive and accept the packets that were intercepted by an attacker before the reboot. As a best practice, change the  authentication key after a DR member device reboots.

Examples

# Enable DRNI sequence number check.

<Sysname> system-view

[Sysname] drni sequence enable

drni standalone enable

Use drni standalone enable to enable DRNI standalone mode.

Use undo drni standalone enable to disable DRNI standalone mode.

Syntax

drni standalone enable [ delay delay-time ]

undo drni standalone enable [ delay ]

Default

DRNI standalone mode is disabled.

Views

System view

Predefined user roles

network-admin

Parameters

delay delay-time: Sets the delay that the device must wait before changing to DRNI standalone mode. The value range for this delay is 0 to 3600 seconds. If you do not set this parameter, the device changes to DRNI standalone mode without delay when both the IPL and the keepalive link go down.

Usage guidelines

Enable DRNI standalone mode to avoid forwarding issues in the multi-active situation that might occur after both the IPL and the keepalive link are down.

DRNI standalone mode helps avoid traffic forwarding issues in this multi-active situation by allowing only the member ports in the DR interfaces on one member device to forward traffic.

If you execute this command multiple times, the most recent configuration takes effect.

As a best practice, enable DRNI standalone mode on both primary and secondary DR member devices.

To prevent member ports of DR interfaces from flapping, set the DRNI standalone mode delay to be longer than the time required for a device reboot.

Before you enable DRNI standalone mode on a DR member device, make sure its LACP system priority is higher than that of the remote aggregation system. This restriction ensures that the reference port is on the remote aggregation system and prevents the interfaces attached to the DR system from flapping.

 

 

NOTE:

A DR member device changes to DRNI standalone mode only when it detects that both the IPL and the keepalive link are down. It does not change to DRNI standalone mode when the peer DR member device reboots.

 

Examples

# Enable DRNI standalone mode.

<Sysname> system-view

[Sysname] drni standalone enable

drni system-mac

Use drni system-mac to configure the DR system MAC address.

Use undo drni system-mac to restore the default.

Syntax

drni system-mac mac-address

undo drni system-mac

Default

The DR system MAC address is not configured.

Views

System view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in the H-H-H format. The MAC address cannot be a multicast MAC address, all-zero MAC address, or all-F MAC address.

Usage guidelines

 

CAUTION

CAUTION:

Changing the DR system MAC address causes DR system split. When you perform this task on a live network, make sure you are fully aware of its impact.

 

The DR system MAC address uniquely identifies the DR system on the network. For the DR member devices to be identified as one DR system, you must configure the same DR system MAC address on them. As a best practice to avoid MAC address collision, use the bridge MAC address of one DR member device as the DR system MAC address.

Examples

# Configure the DR system MAC address as 0001-0001-0001.

<Sysname> system-view

[Sysname] drni system-mac 1-1-1

Changing the system MAC address might flap the intra-portal link and cause DR system setup failure. Continue? [Y/N]:y

[Sysname]

drni system-number

Use drni system-number to set the DR system number.

Use undo drni system-number to restore the default.

Syntax

drni system-number system-number

undo drni system-number

Default

The DR system number is not set.

Views

System view

Predefined user roles

network-admin

Parameters

system-number: Specifies the DR system number. Available values are 1 and 2.

Usage guidelines

CAUTION

CAUTION:

Changing the DR system number causes DR system split. When you perform this task on a live network, make sure you are fully aware of its impact.

 

You must assign different DR system numbers to the DR member devices in a DR system.

Examples

# Set the DR system number to 1.

<Sysname> system-view

[Sysname] drni system-number 1

Changing the system number might flap the intra-portal link and cause DR system setup failure. Continue? [Y/N]:y

[Sysname]

Related commands

display drni system

drni system-priority

Use drni system-priority to set the DR system priority.

Use undo drni system-priority to restore the default.

Syntax

drni system-priority priority

undo drni system-priority

Default

The DR system priority is 32768.

Views

System view

Predefined user roles

network-admin

Parameters

priority: Specifies a priority value in the range of 0 to 65535. The lower the value, the higher the priority.

Usage guidelines

CAUTION

CAUTION:

Changing the DR system priority causes DR system split. When you perform this task on a live network, make sure you are fully aware of its impact.

 

A DR system uses its DR system priority as the system LACP priority to communicate with the remote aggregation system.

You must configure the same DR system priority for the DR member devices in a DR system.

Examples

# Set the DR system priority to 64.

<Sysname> system-view

[Sysname] drni system-priority 64

Changing the system priority might flap the intra-portal link and cause DR system setup failure. Continue? [Y/N]:y

[Sysname]

Related commands

display drni system

port drni group

Use port drni group to assign an aggregate interface to a DR group.

Use undo port drni group to restore the default.

Syntax

port drni group group-id [ allow-single-member ]

undo port drni group

Default

An aggregate interface does not belong to a DR group.

Views

Layer 2 aggregate interface view

Predefined user roles

network-admin

Parameters

group-id: Specifies a DR group number in the range of 1 to 1024.

allow-single-member: Allows the Layer 2 aggregate interface to be the only member of the specified DR group. DRNI MAD will not place the interface in DRNI MAD DOWN state. If you do not specify this keyword, DRNI MAD will shut down the interface if it is the only member of the specified DR group. As a best practice, specify this keyword for a dynamic aggregate interface.

Usage guidelines

To use a Layer 2 aggregate interface as a DR interface, you must assign it to a DR group.

The device can have multiple DR interfaces. However, you can assign a Layer 2 aggregate interface to only one DR group.

A Layer 2 aggregate interface cannot operate as both IPP and DR interface.

If you specify the allow-single-member keyword for a DR interface, the access device attached to the aggregate interface is identified as a single-homed device. The DR interface is a single-homed DR interface.

To change the allow-single-member setting for a single-homed DR interface, first execute the undo port drni group command to remove it from its DR group.

To prevent loops when you assign a single-homed aggregate interface to a DR group, use the following procedure:

1.     Assign the aggregate interface to the DR group.

2.     Assign ports to the aggregation group of the aggregate interface.

When you remove a single-homed DR interface from its DR group, use the following procedure:

1.     Remove the member ports from the aggregation group of the DR interface.

2.     Remove the DR interface from the DR group.

Examples

# Assign Bridge-Aggregation 1 to DR group 100.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port drni group 100

Related commands

display drni summary

display drni verbose

port drni intra-portal-port

Use port drni intra-portal-port to specify an aggregate interface or VXLAN tunnel interface as the IPP.

Use undo port drni intra-portal-port to restore the default.

Syntax

port drni intra-portal-port port-id

undo port drni intra-portal-port

Default

No interface is the IPP.

Views

Layer 2 aggregate interface view

VXLAN tunnel interface view

Predefined user roles

network-admin

Parameters

port-id: Specifies the IPP ID, which is fixed at 1.

Usage guidelines

A DR member device can have only one IPP.

Make sure the bandwidth of the IPP is higher than that of a DR interface.

A Layer 2 aggregate interface cannot operate as both IPP and DR interface.

If you specify an aggregate interface as an IPP, the device assigns the aggregate interface as a trunk port to all VLANs when the interface uses the default VLAN settings. If not, the device does not change the VLAN settings of the interface.

The device does not change the VLAN settings of an aggregate interface when you remove its IPP role.

As a best practice to reduce the impact of interface flapping on upper-layer services, execute the link-delay command on the IPP.

To use DRNI, you must use the undo mac-address static source-check enable command in system view or IPP view to disable static source check.

MAC address learning is not configurable on the IPP.

Examples

# Specify Bridge-Aggregation 2 as the IPP.

<Sysname> system-view

[Sysname] interface bridge-aggregation 2

[Sysname-Bridge-Aggregation2] port drni intra-portal-port 1

Related commands

link-delay

mac-address mac-learning enable

port drni ipv6 virtual-ip

Use port drni ipv6 virtual-ip to assign a DRNI virtual IPv6 address to an interface.

Use undo port drni ipv6 virtual-ip to restore the default.

Syntax

VLAN interface view:

port drni ipv6 virtual-ip ipv6-address { prefix-length [ active | standby ] [ virtual-mac mac-address ] | link-local }

undo port drni ipv6 virtual-ip [ ipv6-address ]

Loopback interface view:

port drni ipv6 virtual-ip ipv6-address { prefix-length [ active | standby ] | link-local }

undo port drni ipv6 virtual-ip [ ipv6-address ]

VSI interface view:

port drni ipv6 virtual-ip ipv6-address { prefix-length [ active | standby ] | link-local }

undo port drni ipv6 virtual-ip [ ipv6-address ]

Default

No DRNI virtual IPv6 addresses are assigned to interfaces.

Views

VLAN interface view

Loopback interface view

VSI interface view

Predefined user roles

network-admin

Parameters

ipv6-address: Specifies a virtual IPv6 address.

prefix-length: Specifies a prefix length for the IPv6 address, in the range of 0 to 128.

active: Sets the virtual IPv6 address to be active on the local device.

standby: Sets the virtual IPv6 address to be standby on the local device.

virtual-mac mac-address: Specifies a MAC address in the H-H-H format. The MAC address cannot be a multicast MAC address, all-zero MAC address, or all-F MAC address.

link-local: Uses the specified link-local address as the virtual IPv6 address. Specify this keyword only for OSPFv3 neighbor establishment when dual-active gateways exist on the DR system.

Usage guidelines

To ensure correct traffic forwarding, assign DRNI virtual IPv6 addresses to the following interfaces on the DR system:

·     VLAN interfaces that act as dual-active gateways for the same VLAN.

·     Loopback interfaces that offer AAA and 802.1X authentication services.

·     VSI interfaces that act as distributed EVPN gateways.

If you do not specify the active or standby keyword for a virtual IPv6 address, the address is active only on the primary DR member device.

If you execute the undo port drni ipv6 virtual-ip command without specifying the ipv6-address argument, the command deletes all DRNI virtual IPv6 addresses on the interface.

When the IPP fails, the standby virtual IPv6 address becomes active on the primary DR member device. If no virtual MAC address is associated with the standby virtual IPv6 address, the MAC address of the interface that owns the standby virtual IPv6 address is used as the virtual MAC address. In this scenario, the devices attached to the primary DR member device will refresh their ND entries.

When you assign multiple DRNI virtual IPv6 addresses to an interface, follow these restrictions and guidelines:

·     You can assign a maximum of two virtual IPv6 addresses to an interface.

·     If you configure different virtual MAC addresses for a virtual IPv6 address, the most recent configuration takes effect.

·     You cannot configure the same virtual MAC address for multiple virtual IPv6 addresses.

·     When you assign a virtual IPv6 address to VLAN interfaces, you must configure the same virtual MAC address for the virtual IPv6 address on both DR member devices.

If you assign both virtual IPv4 and IPv6 addresses to VLAN interfaces, make sure the virtual IPv4 and IPv6 addresses that use the same virtual MAC address are in the same state on the DR member devices.

When both DR member devices act as gateways for dualhomed user-side devices, the gateway interfaces (VLAN or VSI interfaces) on the DR member devices use the same IP address and MAC address. In this scenario, the DR member devices cannot set up neighbor relationships with the user-side devices. To resolve this issue, assign virtual IPv6 addresses to the gateway interfaces and configure routing protocols such as BGP and OSPFv3 to use the virtual IPv6 addresses for neighbor relationship setup.

For the DR member devices to set up BGP peer relationships with other devices, perform the following tasks:

·     Execute the port drni ipv6 virtual-ip ipv6-address prefix-length [ active | standby ] [ virtual-mac mac-address ] command.

·     Execute the peer source-address command to specify the virtual IPv6 address as the source IPv6 address for establishing TCP connections to peers.

For the DR member devices to set up OSPFv3 neighbor relationships with other devices, execute the port drni ipv6 virtual-ip ipv6-address link-local command.

When dual-active gateways exist on the DR system, you must assign unique virtual IPv6 addresses to the gateway interfaces on the DR member devices and configure both virtual IPv6 addresses to be active. When you assign a virtual MAC address to a VLAN interface, make sure the virtual MAC address is identical to the MAC address assigned to the VLAN interface by using the mac-address command.

Examples

# Assign DRNI virtual IPv6 address 1::10/64 to VLAN-interface 2 and set the state of the address to active.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] port drni ipv6 virtual-ip 1::10 64 active virtual-mac 1-1-1

Related commands

nas-ip (Security Command Reference)

port-security drni load-sharing-mode (Security Command Reference)

port drni system-mac

Use port drni system-mac to configure the DR system MAC address on an aggregate interface.

Use undo port drni system-mac to restore the default.

Syntax

port drni system-mac mac-address

undo port drni system-mac

Default

The DR system MAC address is not configured.

Views

Aggregate interface view

Predefined user roles

network-admin

Parameters

mac-address: Specifies a MAC address in the H-H-H format. The MAC address cannot be a multicast MAC address, all-zero MAC address, or all-F MAC address.

Usage guidelines

CAUTION

CAUTION:

Changing the DR system MAC address causes DR system split. When you perform this task on a live network, make sure you are fully aware of its impact.

 

The DR system MAC address uniquely identifies the DR system on the network. For the DR member devices to be identified as one DR system, you must configure the same DR system MAC address on the DR interfaces in the same DR group. As a best practice to avoid MAC address collision, use the bridge MAC address of one DR member device as the DR system MAC address.

You can configure the DR system MAC address on an aggregate interface only after it is configured as a DR interface.

You can configure the DR system MAC address globally and in aggregate interface view. The global DR system MAC address takes effect on all aggregation groups. On an aggregate interface, the interface-specific DR system MAC address takes precedence over the global DR system MAC address.

Examples

# Configure the DR system MAC address as 0001-0001-0001 on Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port drni system-mac 1-1-1

Related commands

display drni verbose

drni system-mac

port drni system-priority

Use port drni system-priority to set the DR system priority on an aggregate interface.

Use undo port drni system-priority to restore the default.

Syntax

port drni system-priority priority

undo port drni system-priority

Default

The DR system priority is 32768.

Views

Aggregate interface view

Predefined user roles

network-admin

Parameters

priority: Specifies a priority value in the range of 0 to 65535. The lower the value, the higher the priority.

Usage guidelines

A DR system uses its DR system priority as the LACP system priority to communicate with the remote aggregation system.

You must configure the same DR system priority for the DR interfaces in the same DR group.

You can configure the DR system priority on an aggregate interface only after it is configured as a DR interface.

You can configure the DR system priority globally and in aggregate interface view. The global DR system priority takes effect on all aggregation groups. On an aggregate interface, the interface-specific DR system priority takes precedence over the global DR system priority.

Examples

# Set the DR system priority to 64 on Bridge-Aggregation 1.

<Sysname> system-view

[Sysname] interface bridge-aggregation 1

[Sysname-Bridge-Aggregation1] port drni system-priority 64

Related commands

display drni verbose

drni system-priority

port drni virtual-ip

Use port drni virtual-ip to assign a DRNI virtual IPv4 address to an interface.

Use undo port drni virtual-ip to restore the default.

Syntax

VLAN interface view:

port drni virtual-ip ipv4-address { mask-length | mask } [ active | standby ] virtual-mac mac-address

undo port drni virtual-ip [ ipv4-address ]

Loopback interface view:

port drni virtual-ip ipv4-address { mask-length | mask } [ active | standby ]

undo port drni virtual-ip [ ipv4-address ]

VSI interface view:

port drni virtual-ip ipv4-address { mask-length | mask } [ active | standby ]

undo port drni virtual-ip [ ipv4-address ]

Default

No DRNI virtual IPv4 addresses are assigned to interfaces.

Views

VLAN interface view

Loopback interface view

VSI interface view

Predefined user roles

network-admin

Parameters

ipv4-address: Specifies a virtual IPv4 address.

mask-length: Specifies the subnet mask length in the range of 0 to 32.

mask: Specifies the subnet mask in dotted decimal notation.

active: Sets the virtual IPv4 address to be active on the local device.

standby: Sets the virtual IPv4 address to be standby on the local device.

virtual-mac mac-address: Specifies a MAC address in the H-H-H format. The MAC address cannot be a multicast MAC address, all-zero MAC address, or all-F MAC address.

Usage guidelines

To ensure correct traffic forwarding, assign DRNI virtual IPv4 addresses to the following interfaces on the DR system:

·     VLAN interfaces that act as dual-active gateways for the same VLAN.

·     Loopback interfaces that offer AAA and 802.1X authentication services.

·     VSI interfaces that act as distributed EVPN gateways.

If you do not specify the active or standby keyword for a virtual IPv4 address, the address is active only on the primary DR member device.

If you execute the undo port drni ipv4 virtual-ip command without specifying the ipv4-address argument, the command deletes all DRNI virtual IPv4 addresses on the interface.

When the IPP fails, the standby virtual IPv4 address becomes active on the primary DR member device. If no virtual MAC address is associated with the standby virtual IPv4 address, the MAC address of the interface that owns the standby virtual IPv4 address is used as the virtual MAC address. In this scenario, the devices attached to the primary DR member device will refresh their ARP entries.

When you assign multiple DRNI virtual IPv4 addresses to an interface, follow these restrictions and guidelines:

·     You can assign a maximum of two virtual IPv4 addresses to an interface.

·     If you configure different virtual MAC addresses for a virtual IPv4 address, the most recent configuration takes effect.

·     You cannot configure the same virtual MAC address for multiple virtual IPv4 addresses.

·     When you assign a virtual IPv4 address to VLAN interfaces, you must configure the same virtual MAC address for the virtual IPv4 address on both DR member devices.

If you assign both virtual IPv4 and IPv6 addresses to VLAN interfaces, make sure the virtual IPv4 and IPv6 addresses that use the same virtual MAC address are in the same state on the DR member devices.

When both DR member devices act as gateways for dualhomed user-side devices, the gateway interfaces (VLAN or VSI interfaces) on the DR member devices use the same IP address and MAC address. In this scenario, the DR member devices cannot set up neighbor relationships with the user-side devices. To resolve this issue, assign virtual IPv4 addresses to the gateway interfaces and configure routing protocols such as BGP and OSPF to use the virtual IPv4 addresses for neighbor relationship setup.

For the DR member devices to set up BGP peer relationships with other devices, perform the following tasks:

·     Execute the port drni virtual-ip ipv4-address { mask-length | mask } [ active | standby ] [ virtual-mac mac-address ] command.

·     Execute the peer source-address command to specify the virtual IPv4 address as the source IPv4 address for establishing TCP connections to peers.

For the DR member devices to set up OSPF neighbor relationships with other devices, perform the following tasks:

·     Execute the port drni virtual-ip ipv4-address { mask-length | mask } [ active | standby ] [ virtual-mac mac-address ] command.

·     Execute the ospf peer sub-address enable command to specify the virtual IPv4 address as the secondary IPv4 address for establishing OSPF neighbor relationships.

When dual-active gateways exist on the DR system, you must assign unique virtual IPv4 addresses to the gateway interfaces on the DR member devices and configure both virtual IPv4 addresses to be active. When you assign a virtual MAC address to a VLAN interface, make sure the virtual MAC address is identical to the MAC address assigned to the VLAN interface by using the mac-address command.

Examples

# Assign DRNI virtual IPv4 address 10.10.10.10/24 to VLAN-interface 2 and set the state of the address to active.

<Sysname> system-view

[Sysname] interface vlan-interface 2

[Sysname-Vlan-interface2] port drni virtual-ip 10.10.10.10 24 active virtual-mac 1-1-1

Related commands

nas-ip (Security Command Reference)

port-security drni load-sharing-mode (Security Command Reference)

reset drni drcp statistics

Use reset drni drcp statistics to clear DRCPDU statistics.

Syntax

reset drni drcp statistics [ interface interface-list ]

Views

User view

Predefined user roles

network-admin

Parameters

interface interface-list: Specifies a space-separated list of interface items. Each item specifies an aggregate interface or a range of aggregate interfaces in the form of interface-type interface-number1 [ to interface-type interface-number2 ]. The value for interface-number2 must be greater than or equal to the value for interface-number1. The aggregate interfaces must be DR interfaces or the IPP. If you do not specify this option, the command clears the DRCPDU statistics about all DR interfaces and the IPP.

Examples

# Clear DRCPDU statistics.

<Sysname> reset drni drcp statistics

Related commands

display drni drcp statistics

reset drni troubleshooting history

Use reset drni troubleshooting history to clear DRNI troubleshooting records.

Syntax

reset drni troubleshooting history

Views

User view

Predefined user roles

network-admin

Examples

# Clear DRNI troubleshooting records.

<Sysname> reset drni troubleshooting history

Related commands

display drni troubleshooting

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become a Partner
  • Partner Resources
  • Partner Business Management
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网