Login
- Table of Contents
- Related Documents
-
| Title | Size | Download |
|---|---|---|
| 01-RBM-based hot backup commands | 224.82 KB |
Contents
configuration auto-sync enable
configuration auto-sync enable route-static
configuration manual-sync-check
display remote-backup-group status
display remote-backup-group sync-check
RBM-based hot backup commands
adjust-cost enable
Use adjust-cost enable to enable hot backup to adjust the link cost for the specified routing protocol on the standby device.
Use undo adjust-cost enable to disable hot backup from adjusting the link cost for the specified routing protocol on the standby device.
Syntax
adjust-cost { bgp | isis | ospf | ospfv3 } enable { absolute [ absolute-cost ] | increment [ increment-cost ] }
undo adjust-cost { bgp | isis | ospf | ospfv3 } enable
Default
The hot backup system does not adjust the link cost for the specified routing protocol on the standby device.
Views
RBM view
Predefined user roles
network-admin
Parameters
bgp: Specifies the BGP protocol.
isis: Specifies the IS-IS protocol.
ospf: Specifies the OSPF protocol.
ospfv3: Specifies the OSPFv3 protocol.
absolute [ absolute-cost ]: Specifies an absolute cost in the range of 1 to 65535. The default value is 65500. If you specify this option, the standby device will advertise an absolute link cost for the specified routing protocol.
increment [ increment-cost ]: Specifies an increment cost in the range of 1 to 65535. The default value is 100. If you specify this option, the standby device will advertise the original link cost plus this increment cost for the specified routing protocol.
Usage guidelines
In a hot backup system, the routing protocols on the hot backup member devices advertise link cost according to their respective operation mechanisms. This command allows you to enable the routing protocols to advertise link cost modified as configured. The active device still uses the original link cost advertisement method.
To ensure switchover of both uplink and downlink traffic to the new active device, configure this command with the same parameters on both hot backup member devices.
In dual-active mode, both devices advertise link cost according to the operation mechanisms of the running routing protocols. When one device is faulty and becomes the standby device, it will advertise link cost modified as configured.
To enable the feature for multiple routing protocols, execute this command multiple times by specifying the protocols.
If you execute the command multiple times for a specific routing protocol, the most recent configuration takes effect.
Examples
# Enable hot backup to adjust OSPF link cost on the standby device by specifying an absolute value of 6000.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] adjust-cost ospf enable absolute 6000
backup-mode
Use backup-mode to configure the hot backup mode.
Use undo backup-mode to restore the default.
Syntax
backup-mode dual-active
undo backup-mode
Default
The hot backup mode is active/standby.
Views
RBM view
Predefined user roles
network-admin
Usage guidelines
The hot backup system supports active/standby mode and dual-active mode. In active/standby mode, only the active device processes services. In dual-active mode, both devices process services.
Changing the dual-active mode to active/standby mode might affect services. Make sure you understand the potential impact before performing the operation.
You cannot configure the local device to operate in dual-active mode if its hot backup role is elected automatically.
Examples
# Configure the dual-active mode.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] backup-mode dual-active
configuration auto-sync enable
Use configuration auto-sync enable to enable automatic configuration synchronization.
Use undo configuration auto-sync enable to disable automatic configuration synchronization.
Syntax
configuration auto-sync enable
undo configuration auto-sync enable
Default
Automatic configuration synchronization is enabled.
Views
RBM view
Predefined user roles
network-admin
Usage guidelines
The automatic configuration synchronization feature synchronizes existing configuration on the primary device in bulk to the secondary device. Consequent synchronization for added, deleted, or modified configuration will be performed in real time.
If the amount of configuration to be synchronized is large, bulk synchronization might take one to two hours.
Examples
# Enable automatic configuration synchronization.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] configuration auto-sync enable
configuration auto-sync enable route-static
Use configuration auto-sync enable route-static to enable static route synchronization by hot backup.
Use undo configuration auto-sync enable route-static to disable static route synchronization by hot backup.
Syntax
configuration auto-sync enable route-static
undo configuration auto-sync enable route-static
Default
Static route synchronization by hot backup is enabled.
Views
RBM view
Predefined user roles
network-admin
Usage guidelines
Enable this feature only when virtual IP addresses are configured to direct traffic on the hot backup system. Do not enable this feature in any other hot backup scenarios.
This feature enables the primary device to copy all static routes to the secondary device in automatic or manual configuration synchronization.
This feature takes effect only after automatic configuration synchronization is enabled by using the configuration auto-sync enable command. If you enable automatic configuration synchronization prior to static route synchronization, the device will automatically synchronize the static routes added after static route synchronization is enabled. To synchronize the static routes configured before static route synchronization is enabled, execute the configuration manual-sync command to synchronize the configuration manually.
Examples
# Enable static route synchronization by hot backup.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] configuration auto-sync enable
[Sysname-remote-backup-group] configuration auto-sync enable route-static
Related commands
configuration auto-sync enable
configuration manual-sync
configuration manual-sync
Use configuration manual-sync to manually synchronize the configuration of the primary device to the secondary device.
Syntax
configuration manual-sync
Views
RBM view
Predefined user roles
network-admin
Usage guidelines
This command takes effect only on the primary device.
This command does not take effect when bulk configuration backup is in progress. To view the backup progress, execute the display remote-backup-group status command.
Examples
# Manually synchronize the configuration of the primary device to the secondary device.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] configuration manual-sync
Related commands
display remote-backup-group status
configuration manual-sync-check
Use configuration manual-syn-check to perform a one-off configuration consistency check.
Syntax
configuration manual-sync-check
Views
RBM view
Predefined user roles
network-admin
Usage guidelines
This command allows you to perform a one-off configuration consistency check as needed. If the system detects configuration inconsistency, it generates a log for you to manually synchronize configuration. To view the check result, execute the display remote-backup-group sync-check command.
Examples
# Perform a one-off configuration consistency check.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] configuration manual-sync-check
Related commands
configuration manual-sync
display remote-backup-group sync-check
configuration sync-check
Use configuration sync-check to enable configuration consistency check.
Use undo configuration sync-check to disable configuration consistency check.
Syntax
configuration sync-check [ interval interval ]
undo configuration sync-check
Default
Configuration consistency check is enabled.
Views
RBM view
Predefined user roles
network-admin
Parameters
interval interval: Specifies the configuration consistency check interval, in the range of 1 to 168 hours. The default value is 24.
Usage guidelines
The hot backup system verifies configuration consistency between the primary and secondary devices to avoid service interruption upon active/standby switchover. If a device detects configuration inconsistency, it generates a log for you to manually synchronize configuration.
Examples
# Enable configuration consistency check and set the check interval to 120 hours.
<Sysname>system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] configuration sync-check interval 120
Related commands
configuration manual-sync
configuration manual-sync-check
data-channel
Use data-channel to configure a data channel.
Use undo data-channel to restore the default.
Syntax
data-channel interface interface-type interface-number
undo data-channel
Default
No data channel is configured.
Views
RBM view
Predefined user roles
network-admin
Parameters
interface interface-type interface-number: Specifies an interface by its type and number to set up a data channel between the hot backup member devices.
Usage guidelines
The primary and secondary devices use the interface specified in the command to set up a data channel. The data channel transmits only backup packets and the packets that require transparent transmission.
The data channel is a Layer 2 channel that can transverse only Layer 2 switches.
Examples
# Set up a data channel using interface GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] data-channel interface gigabitethernet 1/0/1
delay-time
Use delay-time to enable traffic switchover upon failure recovery.
Use undo delay-time to disable traffic switchover upon failure recovery.
Syntax
delay-time delay-time
undo delay-time
Default
Traffic switchover upon failure recovery is disabled.
Views
RBM view
Predefined user roles
network-admin
Parameters
delay-time: Specifies the switchover delay time in the range of 1 to 1440 minutes.
Usage guidelines
After an active/standby switchover in a hot backup system, if the original active device recovers, traffic will not be switched back by default. Perform this task to enable traffic switchover to the original active device upon failure recovery. You can set a delay timer to ensure smooth service switchover.
In dual-active mode, you must configure this command to ensure that both devices can operate after the failure is recovered.
If this timer is modified during the countdown of the switchover delay timer, the switchover will still be performed according to the old timer value. Subsequent switchovers will be performed based on the modified timer value. If traffic switchover upon failure recovery is disabled during the countdown of the switchover delay timer, no switchover will occur.
Examples
# Enable traffic switchover upon failure recovery and set the switchover delay time to two minutes.
<Sysname>system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] delay-time 2
device-role
Use device-role to configure the hot backup role.
Use undo device-role to restore the default.
Syntax
device-role { auto | primary | secondary }
undo device-role
Default
The hot backup role is not configured.
Views
RBM view
Predefined user roles
network-admin
Parameters
auto: Enables automatic hot backup role election based on the device running status.
primary: Assigns the primary role to the device.
secondary: Assigns the secondary role to the device.
Usage guidelines
The hot backup system backs up important configuration from the primary device to the secondary device to prevent service interruption when an active/standby switchover occurs. The configuration on the secondary device is overwritten. The unidirectional backup mechanism avoids configuration conflicts, especially in dual-active mode, and ensures configuration consistency on the primary and secondary devices.
Hot backup roles can be configured manually or automatically elected based on device running status.
· Manual configuration—Use commands to assign the hot backup roles. The hot backup role of a device is fixed, unless you change the role from the CLI. This method is applicable in active/standby or dual-active mode for devices with independent management interfaces.
· Automatic election—Hot backup roles are elected and switch over with the device running status. The standby device is the secondary device, and the active device is the primary device. This method is applicable for devices with service interfaces as management interface in active/standby mode. It does not apply to dual-active mode.
Configure one member device as the primary device and the other as the secondary device in the hot backup system. To use automatic hot backup role election, set the role to auto for both hot backup member devices.
As a best practice, configure service modules only on the primary device, not on the secondary device.
Each hot backup member device adds a prefix to the view prompt to identify its hot backup role.
· The primary device adds the RBM_P prefix, RBM_P<Sysname> for example.
· The secondary device adds the RBM_S prefix, RBM_S<Sysname> for example.
After you assign hot backup roles to the hot backup member devices, both devices add the RBM_P prefix to their view prompts. The devices display view prompt prefixes according to their hot backup roles after they set up the control channel.
Examples
# Assign the primary role to the device.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] device-role primary
RBM_P[Sysname-remote-backup-group]
display mad
Use display mad to display MAD configuration.
Syntax
display mad [ verbose ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
verbose: Displays detailed MAD configuration. If you do not specify this keyword, the command displays brief MAD configuration.
Examples
# Display brief MAD configuration.
<Sysname> display mad
MAD ARP disabled.
MAD ND disabled.
# Display detailed MAD configuration
<Sysname> display mad verbose
Multi-active recovery state: No
MAD ARP disabled.
MAD ND disabled.
Table 1 Command output
|
Field |
Description |
|
Multi-active recovery state |
Whether RBM is in Recovery state: · Yes—RBM is in Recovery state. When MAD detects that a hot backup system has split, it allows one member device to forward traffic. All the other member devices are set to the Recovery state. · No—RBM is not in Recovery state. |
display mac-address virtual
Use display mac-address virtual to display virtual MAC addresses.
Syntax
display mac-address virtual [ mac-address | interface interface-type interface-number ]
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Parameters
mac-address: Specifies a MAC address in H-H-H format. The first eight hexadecimal digits of the MAC address must be 40fe-9555. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter 40fe-9555-1 for 40fe-9555-0001.
interface interface-type interface-number: Specifies an interface by its type and number.
Usage guidelines
If you do not specify any parameters, this command displays all virtual MAC addresses.
Examples
# Display all virtual MAC addresses.
<Sysname> display mac-address virtual
MAC address Port
40fe-9555-0101 GigabitEthernet1/0/1
40fe-9555-0002 GigabitEthernet1/0/2
Table 2 Command output
|
Field |
Description |
|
MAC address |
Virtual MAC address. |
|
Port |
Name of the interface that uses the virtual MAC address. If the interface name contains the at sign (@), the interface is assigned to a non-default vSystem, and the number after @ is the vSystem ID. |
Related commands
mac-address virtual
display remote-backup-group status
Use display remote-backup-group status to display hot backup status information.
Syntax
display remote-backup-group status
Views
Any view
Predefined user roles
network-admin
network-operator
context-admin
context-operator
Examples
# Display hot backup status information on the default context.
<Sysname> display remote-backup-group status
Remote backup group information:
Backup mode: Dual-active
Device management role: Auto
Device running management role: Primary
Device running status: Active
Data channel interface: GigabitEthernet1/0/1
Local IP: 1.1.1.1
Remote IP: 1.1.1.2 Destination port: 1028
Control channel status: Connected
Keepalive interval: 1s
Keepalive count: 10
Configuration consistency check interval: 24 hour
Configuration consistency check result: Consistent
Configuration backup status: Batch backup (Do not operate
the device at will, such as board insertion and removal.)
Static route backup status: Enabled
Session backup status: Hot backup enabled
Delay-time: 1 min
Remaining switchover delay time: 3 minutes, 32 seconds
Uptime since last switchover: 0 days, 0 hours, 11 minutes
Switchover records:
Time Status change Cause
2021-06-22 13:33:33 Initial to Standby Local device rebooted
2021-06-22 14:34:34 Initial to Active Peer device rebooted
# Display hot backup status information on non-default contexts.
<Sysname> display remote-backup-group status
Remote backup group information:
Backup mode: Dual-active
Device management role: Auto
Device running management role: Primary
Device running status: Active
Control channel status: Connected
Configure channel status: Connected
Configuration backup status: Batch backup (Do not operate
the device at will, such as board insertion and removal.)
Table 3 Command output
|
Field |
Description |
|
Backup mode |
Hot backup mode: · Dual-active. · Active/standby. |
|
Device management role |
Hot backup role of the device: · Primary. · Secondary. · Primary(Batch backup in progress)—The device is automatically elected as the primary device, and the device is bulk synchronizing configuration. Do not make any changes to the software or hardware of the device. · Auto—Automatic hot backup role election is enabled. |
|
Device running management role |
Effective hot backup role. This field is displayed only when the configured hot backup role and the effective hot backup role are inconsistent. · Primary (The two member devices have the same role. Please assign different roles to them.). · Secondary (The two member devices have the same role. Please assign different roles to them.). · Primary—Automatic hot backup role election is enabled on both hot backup member devices, and the local device is the primary device. · Secondary—Automatic hot backup role election is enabled on both hot backup member devices, and the local device is the secondary device. · Initial—Automatic hot backup role election is enabled, but the effective hot backup role is Initial. · Primary (Only one of the two member devices has the auto role. Please assign the auto role to both of them.). · Secondary (Only one of the two member devices has the auto role. Please assign the auto role to both of them). |
|
Device running status |
Running status of the device. · Active. · Standby. · Initial—The local IP address, peer IP address, or hot backup role is not configured. |
|
Data channel interface |
Interface used to set up the data channel. |
|
Local IP |
Local IP address used by control channel packets. This field is not displayed if the parameter is not configured. |
|
Remote IP |
Peer IP address used by control channel packets. This field is not displayed if the parameter is not configured. |
|
Local IPv6 |
Local IPv6 address used by control channel packets. This field is not displayed if the parameter is not configured. |
|
Remote IPv6 |
Peer IPv6 address used by control channel packets. This field is not displayed if the parameter is not configured. |
|
Destination port |
Peer port number used by control channel packets. |
|
Control channel status |
Control channel status: · Connected. · Disconnected. |
|
Configure channel status |
Status of the configuration channel for a non-default context: · Connected. · Disconnected. This field is available only for non-default contexts. A non-default context cannot synchronize configuration if this channel is disconnected. |
|
Keepalive interval |
Interval for sending keepalive packets. |
|
Keepalive count |
Maximum number of keepalive attempts. |
|
Configuration consistency check interval |
Configuration consistency check interval in hours. This field is displayed only when configuration consistency check is enabled. |
|
Configuration consistency check result |
Result of the configuration consistency check: · Consistent. · Inconsistent. · Checking. · Not Performed. |
|
Configuration backup status |
Status of configuration backup: · Batch backup in progress (Do not operate the device at will, such as board insertion and removal.). · Auto sync enabled. · Auto sync disabled. |
|
Static route backup status |
Status of static route synchronization: · Enabled. · Disabled. |
|
Session backup status |
Status of session entry backup: · Batch backup in progress. · Hot backup enabled. · Hot backup disabled. |
|
Delay-time |
Delay time for traffic switchover back to the original active device in minutes. This field is not displayed and the traffic switchover feature is disabled for the hot backup system if the delay time is not configured. |
|
Remaining switchover delay time |
Remaining delay time for traffic switchover back to the original active device in minutes. This field is not displayed if traffic switchover is disabled. |
display remote-backup-group sync-check
Use display remote-backup-group sync-check to display the configuration consistency check result for hot backup.
Syntax
display remote-backup-group sync-check
Views
Any view
Predefined user roles
network-admin
network-operator
Usage guidelines
Use this command when the hot backup member devices have inconsistent configuration. You can view the inconsistent configuration only after the configuration consistency check is finished.
The command displays detailed inconsistency information for only the service features supported by hot backup. For a feature not supported by hot backup, the command displays only the interface where configuration inconsistency exists.
Examples
# Display the configuration consistency check result for hot backup. (The configuration consistency check has not been performed.)
<Sysname> display remote-backup-group sync-check
No configuration consistency checks have been performed.
# Display the configuration consistency check result for hot backup. (No inconsistent configuration exists.)
<Sysname> display remote-backup-group sync-check
No inconsistent configuration exists.
# Display the configuration consistency check result for hot backup. (Inconsistent configuration exists.)
<Sysname> display remote-backup-group sync-check
Inconsistent configuration exists.
Configuration on secondary device:
#
security-policy ip
rule 0 name abc
source-zone trust
destination-zone untrust
#
Configuration on primary device:
#
security-policy ip
rule 0 name abc
source-zone dmz
destination-zone trust
#
Context 2
Configuration on secondary device:
#
security-policy ip
rule 0 name 10
#
Configuration on primary device:
#
security-policy ip
#
Context 3
Configuration on secondary device:
#
object-group ipv6 address d
#
security-policy ipv6
rule 0 name d
source-ip d
#
Configuration on primary device:
#
security-policy ipv6
rule 0 name d
#
Related commands
configuration sync-check
configuration manual-sync-check
hot-backup enable
Use hot-backup enable to enable service entry hot backup.
Use undo hot-backup enable to disable service entry hot backup.
Syntax
hot-backup enable
undo hot-backup enable
Default
Service entry hot backup is enabled.
Views
RBM view
Predefined user roles
network-admin
Usage guidelin
This command enables the active device in the hot backup system to back up service entries to the standby device in real time. This prevents service interruption when an active/standby switchover occurs.
Examples
# Enable service entry hot backup.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] hot-backup enable
hot-backup protocol enable
Use hot-backup protocol enable to enable hot backup for the session entries of application layer protocols.
Use undo hot-backup protocol enable to disable hot backup for the session entries of application layer protocols.
Syntax
hot-backup protocol { dns | http } * enable
undo hot-backup protocol { dns | http } * enable
Default
The hot backup system performs hot backup for the session entries of application layer protocols.
Views
RBM view
Predefined user roles
network-admin
Parameters
dns: Specifies DNS.
http: Specifies HTTP.
Usage guidelines
For this command to take effect, first execute the hot-backup enable command.
Enable HTTP and DNS backup if asymmetric-path traffic traverses the hot backup system. HTTP and DNS backup ensures that a flow and its return traffic are processed correctly on hot backup members.
If hot backup active/standby mode is used or only symmetric-path traffic traverses the hot backup system, disabling HTTP and DNS backup can improve performance of hot backup members at the expense of delayed data synchronization. When you disable HTTP and DNS backup, make sure you are fully aware of the impact on the network. A device removes a DNS or HTTP connection if packet exchange is inactive. When a switchover interrupts a connection, the DNS or HTTP client re-initiates the connection immediately, which has little impact on user services.
The hot backup system backs up the sessions created for other application protocols as long as service entry backup is enabled.
Examples
# Disable hot backup for the session entries of application layer protocols.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] undo hot-backup protocol dns enable
Related commands
hot-backup enable
ip address
Use ip address to assign an IP address to an interface.
Use undo ip address to remove an IP address from an interface.
Syntax
ip address ip-address { mask-length | mask } [ sub ] float
undo ip address [ ip-address { mask-length | mask } [ sub ] ]
Default
No IP address is assigned to an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
ip-address: Specifies an IP address in dotted decimal notation.
mask-length: Specifies the subnet mask length in the range of 1 to 31. For a loopback interface, the value range is 1 to 32.
mask: Specifies the subnet mask in dotted decimal notation.
sub: Assigns a secondary IP address to the interface.
float: Assigns a floating IP address to the interface. This keyword is applicable only to RBM-based hot backup.
Usage guidelines
Use the command to assign a primary or secondary IP address to an interface.
An interface can have only one primary IP address. If you execute this command multiple times to specify different primary IP addresses, the most recent configuration takes effect. If the interface connects to multiple subnets, configure primary and secondary IP addresses on the interface so the subnets can communicate with each other through the interface.
You cannot assign secondary IP addresses to an interface that obtains an IP address through BOOTP, DHCP, PPP address negotiation, or IP unnumbered.
If you do not specify any parameters, the undo ip address command removes all IP addresses from the interface. The undo ip address ip-address { mask | mask-length } command removes the primary IP address. The undo ip address ip-address { mask | mask-length } sub command removes a secondary IP address.
The primary and secondary IP addresses assigned to the interface can be located on the same network segment. Different interfaces on your device must reside on different network segments.
You can assign a floating IP address to an interface on an RBM-based hot backup system. The floating attribute does not take effect in other scenarios. In RBM-based hot backup, floating IP addresses can simplify hot backup configuration. On the active device, assign floating IP addresses to the interfaces attached to downstream tenants, and the addresses will be automatically synchronized to the standby device. With floating IP addresses, you do not need to configure VRRP virtual addresses on the service interfaces of the hot backup member devices. Configure floating IP addresses only on the active device in a hot backup system operating in active/standby mode. Floating IP addresses are not available in dual-active mode. You cannot configure, modify, or delete floating IP addresses on the standby device. For more information about VRRP, see VRRP configuration in High Availability Configuration Guide.
To remove the floating attribute for an IP address, execute the ip address command to assign the IP address again without specifying the float keyword.
Examples
# Assign GigabitEthernet 1/0/1 a primary IP address 129.102.0.1 and a secondary IP address 202.38.160.1, with both subnet masks being 255.255.255.0.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ip address 129.102.0.1 255.255.255.0
[Sysname-GigabitEthernet1/0/1] ip address 202.38.160.1 255.255.255.0 sub
Related commands
display ip address float (Layer 3—IP Services Command Reference)
ipv6 address
mac-address virtual
ipv6 address
Use ipv6 address to assign an IPv6 global unicast address to an interface.
Use undo ipv6 address to delete an IPv6 global unicast address from an interface.
Syntax
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length } float
undo ipv6 address [ ipv6-address prefix-length | ipv6-address/prefix-length ]
Default
No IPv6 global unicast address is assigned to an interface.
Views
Interface view
Predefined user roles
network-admin
context-admin
Parameters
ipv6-address: Specifies an IPv6 address.
prefix-length: Specifies a prefix length in the range of 1 to 128.
float: Assigns a floating IPv6 address to the interface. This keyword is applicable only to RBM-based hot backup.
Usage guidelines
Like public IPv4 addresses, IPv6 global unicast addresses are assigned to ISPs. This type of address allows for prefix aggregation to reduce the number of global routing entries.
If you do not specify any parameters, the undo ipv6 address command deletes all IPv6 addresses of an interface.
You can assign a floating IPv6 address to an interface on an RBM-based hot backup system. The floating attribute does not take effect in other scenarios. In RBM-based hot backup, floating IPv6 addresses can simplify hot backup configuration. On the active device, assign floating IPv6 addresses to the interfaces attached to downstream tenants, and the addresses will be automatically synchronized to the standby device. With floating IPv6 addresses, you do not need to configure VRRP virtual addresses on the service interfaces of the hot backup member devices. Configure floating IPv6 addresses only on the active device in a hot backup system operating in active/standby mode. Floating IPv6 addresses are not available in dual-active mode. You cannot configure, modify, or delete floating IPv6 addresses on the standby device. For more information about VRRP, see VRRP configuration in High Availability Configuration Guide.
To remove the floating attribute for an IPv6 address, execute the ipv6 address command to assign the IPv6 address again without specifying the float keyword.
Examples
# Set the IPv6 global unicast address of GigabitEthernet 1/0/1 to 2001::1 with prefix length 64.
Method 1:
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 address 2001::1/64
Method 2:
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1] ipv6 address 2001::1 64
Related commands
display ipv6 address float (Layer 3—IP Services Command Reference)
ip address
mac-address virtual
keepalive count
Use keepalive count to set the maximum number of keepalive attempts.
Use undo keepalive count to restore the default.
Syntax
keepalive count counts
undo keepalive count
Default
The maximum number of keepalive attempts is 10.
Views
RBM view
Predefined user roles
network-admin
Parameters
times: Sets the maximum number of keepalive attempts, in the range of 1 to 255.
Usage guidelines
If the value for the maximum number of keepalive attempts is too small, network latency will cause incorrect switchovers. If this issue occurs, increase the value of this parameter.
The device periodically sends keepalive packets to the hot backup peer over the control channel. If the device has not received any responses from the peer when the maximum number of keepalive attempts is reached, the control channel is disconnected.
Examples
# Set the maximum number of keepalive attempts to 6.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] keepalive count 6
Related commands
keepalive interval
keepalive interval
Use keepalive interval to set the interval for sending keepalive packets.
Use undo keepalive interval to restore the default.
Syntax
keepalive interval interval
undo keepalive interval
Default
The device sends keepalive packets at one-second intervals.
Views
RBM view
Predefined user roles
network-admin
Parameters
interval: Sets the interval for sending keepalive packets in seconds, in the range of 1 to 60.
Usage guidelines
The device periodically sends keepalive packets to the peer over the control channel. If the device has not received any responses from the peer when the maximum number of keepalive attempts is reached, the control channel is disconnected.
Examples
# Set the interval for sending keepalive packets to 2 seconds.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] keepalive interval 2
Related commands
keepalive count
local-ip
Use local-ip to configure the local IPv4 address for setting up the control channel.
Use undo local-ip to restore the default.
Syntax
local-ip ipv4-address
undo local-ip
Default
The local IPv4 address is not configured for setting up the control channel.
Views
RBM view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the local IPv4 address for setting up the control channel. The IP address cannot be an all-zero, loopback, or multicast address.
Usage guidelines
The hot backup system compares the specified local and peer IP address to determine the device role for setting up the control channel. The device with higher IP address acts as the server to listen for TCP connection requests, and the other device acts as the client to initiate the TCP connection.
You can configure a local IPv4 address or a local IPv6 address, but not both.
Examples
# Configure the local IPv4 address as 1.1.1.2 for setting up the control channel.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] local-ip 1.1.1.2
Related commands
local-ipv6
remote-ip
local-ipv6
Use local-ipv6 to configure the local IPv6 address for setting up the control channel.
Use undo local-ipv6 to restore the default.
Syntax
local-ipv6 ipv6-address
undo local-ipv6
Default
The local IPv6 address is not configured for setting up the control channel.
Views
RBM view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the local IPv6 address for setting up the control channel. The IP address cannot be an all-zero address, loopback address, multicast address, or IPv6 address with an embedded IPv4 address.
Usage guidelines
The hot backup system compares the specified local and peer IPv6 address to determine the device role for setting up the control channel. The device with higher IPv6 address acts as the server to listen for TCP connection requests, and the other device acts as the client to initiate the TCP connection.
You can configure a local IPv4 address or a local IPv6 address, but not both.
Examples
# Configure the local IPv6 address as 2019::1 for setting up the control channel.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] local-ipv6 2019::1
Related commands
local-ip
remote-ipv6
mac-address virtual
Use mac-address virtual to modify the virtual MAC address of an interface.
Use undo mac-address virtual to restore the default.
Syntax
mac-address virtual mac-address
undo mac-address virtual
Default
The virtual MAC address of an interface is automatically assigned by the device, and the primary and secondary devices assign the same virtual MAC address to the interfaces with the same ID.
Views
Layer 3 Ethernet interface view
Layer 3 aggregate interface view
VLAN interface view
Management Ethernet interface view
Reth interface view
Predefined user roles
network-admin
context-admin
Parameters
mac-address: Specifies a MAC address in H-H-H format. The first eight hexadecimal digits of the MAC address must be 40fe-9555. You can omit the consecutive zeros at the beginning of each segment. For example, you can enter 40fe-9555-1 for 40fe-9555-0001.
Usage guidelines
Application scenarios
On a hot backup system, the administrator can configure a floating IP address and a virtual MAC address on an interface of the primary device for other devices to communicate with the hot backup member devices through the floating IP address and the virtual MAC address. The source MAC address of the service packets sent by the primary and secondary devices is the virtual MAC address, and the source IP address is the floating IP address. Other devices do not know the real IP addresses or MAC addresses of the primary and secondary devices, which facilitates hot backup management and security deployment.
Typically, the virtual MAC address of an interface is automatically assigned by the device. If multiple interfaces of a device are assigned the same virtual MAC address, use this command to manually modify the virtual MAC addresses of involved interfaces to resolve the conflict.
Restrictions and guidelines
If you change virtual MAC addresses on the primary device, the primary device will synchronize the modifications to the virtual MAC address to the secondary device. This mechanism ensures consistent virtual MAC addresses between the primary and secondary devices.
Virtual MAC addresses are supported only in active/standby mode, not in dual-active mode.
If you execute this command multiple times on an interface, the most recent configuration takes effect.
If an interface is assigned to a non-default context in exclusive mode, a user can log in to the non-default context and modify the interface's virtual MAC address in interface view.
If an interface is assigned to a non-default context in shared mode, a user cannot modify the interface's virtual MAC address in interface view. The virtual MAC address of the interface shared with the non-default context is automatically generated by the system.
If an interface is assigned to a non-default vSystem, the virtual MAC address of the interface used within the non-default vSystem is automatically generated by the system. You cannot modify the virtual MAC address of the interface.
Examples
# Change the virtual MAC address to 40fe-9555-1234 on GigabitEthernet 1/0/1.
<Sysname> system-view
[Sysname] interface gigabitethernet 1/0/1
[Sysname-GigabitEthernet1/0/1]mac-address virtual 40fe-9555-1234
Related commands
display mac-address virtual
ip address
ipv6 address
mad arp enable
Use mad arp enable to enable ARP MAD.
Use undo mad arp enable to disable ARP MAD.
Syntax
mad arp enable
undo mad arp enable
Default
ARP MAD is disabled.
Views
VLAN interface view
Predefined user roles
network-admin
context-admin
Usage guidelines
Do not enable ARP MAD on VLAN-interface 1. VLAN 1 cannot be used for MAD.
If you execute the mad arp enable command, you must enter a domain ID. To use the current domain ID, press Enter. You must enter the same domain ID on the hot backup member devices.
The domain ID is a global setting. You can use either the mad arp enable or mad nd enable command to edit the global domain ID on an hot backup member device. If you configure the global domain ID multiple times, the most recent configuration takes effect.
When you use contexts on hot backup member devices, you can execute the mad arp enable command on any context to edit the global domain ID. The configuration applies to all contexts.
Examples
# Enable ARP MAD on VLAN-interface 3.
<Sysname> system-view
[Sysname] interface vlan-interface 3
[Sysname-Vlan-interface3] mad arp enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 0]: 1
The assigned domain ID is: 1
Related commands
mad nd enable
mad nd enable
Use mad nd enable to enable ND MAD.
Use undo mad nd enable to disable ND MAD.
Syntax
mad nd enable
undo mad nd enable
Default
ND MAD is disabled.
Views
VLAN interface view
Predefined user roles
network-admin
context-admin
Usage guidelines
Do not enable ND MAD on VLAN-interface 1. VLAN 1 cannot be used for MAD.
If you execute the mad nd enable command, you must enter a domain ID. To use the current domain ID, press Enter. You must enter the same domain ID on the hot backup member devices.
The domain ID is a global setting. You can use either the mad arp enable or mad nd enable command to edit the global domain ID on an hot backup member device. If you configure the global domain ID multiple times, the most recent configuration takes effect.
When you use contexts on hot backup member devices, you can execute the mad nd enable command on any context to edit the global domain ID. The configuration applies to all contexts.
Examples
# Enable ND MAD on VLAN-interface 3.
<Sysname> system-view
[Sysname] interface vlan-interface 3
[Sysname-Vlan-interface3] mad nd enable
You need to assign a domain ID (range: 0-4294967295)
[Current domain is: 0]: 1
The assigned domain ID is: 1
Related commands
mad arp enable
remote-backup group
Use remote-backup group command to enter RBM view.
Use undo remote-backup group to remove all settings in RBM view.
Syntax
remote-backup group
undo remote-backup group
Views
System view
Predefined user roles
network-admin
Usage guidelines
The hot backup system provides backup for important configuration and service entries between devices. It collaborates with VRRP to implement hot backup that enables smooth master/backup switchover upon link failures for service continuity.
Examples
# Enter RBM view.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group]
remote-ip
Use remote-ip to configure the peer IPv4 address for setting up the control channel.
Use undo remote-ip to restore the default.
Syntax
remote-ip ipv4-address [ port port-number ]
undo remote-ip ipv4-address
Default
The peer IPv4 address is not configured for setting up the control channel.
Views
RBM view
Predefined user roles
network-admin
Parameters
ipv4-address: Specifies the peer IPv4 address for setting up the control channel. The IP address cannot be an all-zero, loopback, or multicast address.
port port-number: Specifies a port by its number used for establishing TCP connection. The value range for the port-number argument is 1024 to 65535, and the default value is 60064.
Usage guidelines
The control channel transmits data by using packets, including hot backup status packets, configuration consistency check packets, and configuration synchronization packets. Each member device compares the specified local and peer IP address to determine the device role for setting up the control channel. The device with higher IP address acts as the server to listen for TCP connection requests, and the other device acts as the client to initiate the TCP connection.
If the port number is configured on the server, the port provides services for the client. If the port number is configured on the client, the port serves as the destination port to establish TCP connection to the server. The source port is randomly generated on the client.
You can specify only one peer IP address with the same port number on the hot backup member devices.
You can configure a remote IPv4 address or a remote IPv6 address, but not both.
Examples
# Configure the peer IPv4 address and port number as 1.1.1.1 and 4456 for setting up the control channel.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] remote-ip 1.1.1.1 port 4456
Related commands
local-ip
remote-ipv6
remote-ipv6
Use remote-ipv6 to configure the peer IPv6 address for setting up the control channel.
Use undo remote-ipv6 to restore the default.
Syntax
remote-ipv6 ipv6-address [ port port-number ]
undo remote-ipv6 ipv6-address
Default
The peer IPv6 address is not configured for setting up the control channel.
Views
RBM view
Predefined user roles
network-admin
Parameters
ipv6-address: Specifies the peer IPv6 address for setting up the control channel. The IP address cannot be an all-zero address, loopback address, multicast address, or IPv6 address with an embedded IPv4 address.
port port-number: Specifies a port by its number used for establishing TCP connection. The value range for the port-number argument is 1024 to 65535, and the default value is 60064. Make sure the port number is not in use.
Usage guidelines
The control channel transmits data by using packets, including hot backup status packets, configuration consistency check packets, and configuration synchronization packets. Each member device compares the specified local and peer IPv6 address to determine the device role for setting up the control channel. The device with higher IPv6 address acts as the server to listen for TCP connection requests, and the other device acts as the client to initiate the TCP connection.
If the port number is configured on the server, the port provides services for the client. If the port number is configured on the client, the port serves as the destination port to establish TCP connection to the server. The source port is randomly generated on the client.
You can specify only one peer IPv6 address with the same port number on the hot backup member devices.
You can configure a remote IPv4 address or a remote IPv6 address, but not both.
Examples
# Configure the peer IPv6 address and port number as 2018::1 and 4456 for setting up the control channel.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] remote-ipv6 2018::1 port 4456
Related commands
local-ipv6
remote-ip
silent-backup-interface
Use silent-backup-interface to disable the standby device from sending or receiving protocol packets of a dynamic routing protocol.
Use undo silent-backup-interface to enable the standby device to send and receive protocol packets of a dynamic routing protocol.
Syntax
silent-backup-interface { ospf | ospfv3 }
undo silent-backup-interface { ospf | ospfv3 }
Default
The standby device can send and receive protocol packets of a dynamic routing protocol.
Views
RBM view
Predefined user roles
network-admin
Parameters
ospf: Specifies OSPF.
ospfv3: Specifies OSPFv3.
Usage guidelines
This command disconnects the neighbor relationships for a dynamic routing protocol on the standby device. The active device can send and receive protocol packets of that dynamic routing protocol, and correctly process both uplink and downlink traffic.
You can execute this command multiple times to disable multiple dynamic routing protocols on the standby device.
You cannot use this command together with the adjust-cost enable command.
Examples
# Disable the standby device from sending or receiving OSPF protocol packets.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] silent-backup-interface ospf
Related commands
adjust-cost enable
switchover request
Use switchover request to perform an active/standby switchover.
Syntax
switchover request
Views
RBM view
Predefined user roles
network-admin
Usage guidelines
To replace components or upgrade software on the current active device, you can execute this command to switch services to the standby device.
If you execute this command on the active device, the active device becomes the standby device, and the new active device processes service traffic. If you execute this command on the standby device, the standby device becomes the active device to process service traffic.
This command applies only when the hot backup system operates in active/standby mode.
In a hot backup system and VRRP associated network, executing this command might cause temporary virtual IP address conflict in the VRRP group, which is considered a normal condition.
For stable operation of the hot backup system, do not repeatedly execute this command within one minute.
Examples
# Perform an active/standby switchover.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] switchover request
track
Use track to associate hot backup with Track.
Use undo track to remove the association.
Syntax
track track-entry-number
undo track track-entry-number
Default
The hot backup system is not associated with Track.
Views
RBM view
Predefined user roles
network-admin
Parameters
track-entry-number: Specifies a track entry by its ID in the range of 1 to 1024.
Usage guidelines
Use this command to associate hot backup with Track to monitor links. If one of the monitored track entries becomes Negative, the hot backup system performs an active/standby switchover and switches traffic to the new active device to ensure service continuity. For more information about Track, see Network Management and Monitoring Configuration Guide.
You can use the track interface and track commands in conjunction, but you cannot use these commands to monitor the same interfaces.
To associate hot backup with multiple track entries, execute this command multiple times.
Examples
# Associate hot backup with track entries 1 and 2.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] track 1
[Sysname-remote-backup-group] track 2
Related commands
track (Network Management and Monitoring Command Reference)
track interface
Use track interface to enable hot backup to monitor an interface.
Use undo track interface to remove the configuration.
Syntax
track interface interface-type interface-number
undo track interface [ interface-type interface-number ]
Default
The hot backup system does not monitor any interfaces.
Views
RBM view
Predefined user roles
network-admin
Parameters
interface-type interface-number: Specifies an interface by its type and number. You can specify a Layer 2 or Layer 3 Ethernet interface in the current software version. If you do not specify this argument, the undo form of the command removes the monitoring for all interfaces.
Usage guidelines
Use this command to enable hot backup to monitor the interfaces connecting the uplink and downlink devices. The monitored interfaces can forward packets only when they are all up. If any of the monitored interfaces goes down, none of them will be able to forward packets.
If the uplink and downlink interfaces of the hot backup system are Layer 3 Ethernet interfaces and hot backup is used with static routes, use the track interface command to monitor those interfaces.
If the uplink and downlink interfaces of the hot backup system are Layer 2 Ethernet interfaces connected to peer Layer 3 interfaces, use the track interface command to monitor the Layer 2 Ethernet interfaces.
You can use the track interface and track commands in conjunction, but you cannot use these commands to monitor the same interfaces.
The track vlan and track interface commands are mutually exclusive. You cannot configure both of them.
You cannot use the track interface command to monitor the interfaces used by VRRP.
To enable hot backup to monitor multiple interfaces, execute this command multiple times. Make sure the monitored interfaces operate in the same mode.
The hot backup system does not support monitoring member ports of aggregate interfaces.
Examples
# Enable hot backup to monitor interfaces GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] track interface gigabitethernet 1/0/1
[Sysname-remote-backup-group] track interface gigabitethernet 1/0/2
Related commands
track
track interface
track vlan
track vlan
Use track vlan to enable hot backup to monitor a VLAN.
Use undo track vlan to remove the configuration.
Syntax
track vlan vlan-id
undo track vlan [ vlan-id ]
Default
The hot backup system does not monitor any VLANs.
Views
RBM view
Predefined user roles
network-admin
Parameters
vlan-id: Specifies a VLAN by its ID in the range of 1 to 4094. If you do not specify this argument, the undo form of the command removes the monitoring for all VLANs.
Usage guidelines
Use this command to enable hot backup to monitor the VLANs of the uplink and downlink devices. The monitored VLANs are active and the member ports can forward packets only when the member ports are all up. If any of the member ports goes down, none of them will be able to forward packets, and all the monitored VLANs will become inactive.
In active/standby mode, the state of monitored VLANs is active on the primary device and inactive on the secondary device.
In dual-active mode, the state of monitored VLANs is active on both the hot backup member devices.
Do not enable hot backup to monitor VLAN 1 (to which all access ports belong by default). This restriction prevents an unused interface in down state from interrupting operation of other interfaces in VLAN 1.
To enable hot backup to monitor multiple VLANs, execute this command multiple times.
The track vlan command is mutually exclusive with the track interface command. You cannot use the track vlan command in conjunction with the track interface command.
Examples
# Enable hot backup to monitor VLAN 10.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] track vlan 10
Related commands
track
track interface
track vlan
transparent-transmit enable
Use transparent-transmit enable to enable transparent service traffic transmission between the remote backup group members.
Use undo transparent-transmit enable to disable transparent service traffic transmission between the remote backup group members.
Syntax
transparent-transmit enable
undo transparent-transmit enable
Default
Transparent service traffic transmission is enabled.
Views
RBM view
Predefined user roles
network-admin
Usage guidelines
Enable transparent service traffic transmission only when asymmetric-path traffic traverses the hot backup system operating in dual-active mode.
If an asymmetric-path flow traverses the hot backup system operating in dual-active mode, the flow and its return traffic are processed by different remote backup group members. This will degrade the traffic processing performance of modules such as NBAR , load balancing, and DPI. For example, the packet recognition rate of NBAR might drop. For an asymmetric-path flow and its return traffic to be processed by the same remote backup group member, enable transparent service traffic transmission. Transparent service traffic transmission is resource-intensive. Make sure you are fully aware of the impact of this feature when you use it on a live network.
Examples
# Enable transparent service traffic transmission between the remote backup group members.
<Sysname> system-view
[Sysname] remote-backup group
[Sysname-remote-backup-group] transparent-transmit enable
