No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

CX11x, CX31x, CX710 (Earlier Than V6.03), and CX91x Series Switch Modules V100R001C10 Configuration Guide 13

The documents describe the configuration of various services supported by the CX11x&CX31x&CX91x series switch modules The description covers configuration examples and function configurations.
Rate and give feedback:
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring Basic Functions of an IPv6 VRRP Group

Configuring Basic Functions of an IPv6 VRRP Group

An IPv6 VRRP group implements gateway backup and ensures stable and high-efficient data forwarding.

Pre-configuration Tasks

Before configuring basic functions of an IPv6 VRRP group, complete the following task:

  • Configuring network layer attributes of interfaces to ensure network connectivity

Creating a VRRP6 Group

Context

VRRP6 virtualizes multiple devices into one gateway without changing the networking, and uses the virtual gateway's IP address as the default gateway address to implement next-hop gateway backup. After a VRRP6 group is configured, traffic is forwarded through the master. When the master fails, a new master is selected among backups to forward traffic. This ensures device-level reliability.

If load balancing is required in addition to gateway backup, configure two or more VRRP6 groups on an interface in single-gateway load balancing mode or multi-gateway load balancing mode.

Procedure

  1. Create a VRRP6 group working in active/standby mode.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      ipv6 enable

      IPv6 is enabled on the interface.

      By default, the IPv6 function is disabled on an interface.

    5. Run:

      vrrp6 vrid virtual-router-id virtual-ip virtual-ipv6-address [ link-local ]

      A VRRP6 group is created, and a virtual IPv6 address is assigned to the VRRP6 group.

      By default, no VRRP6 group is created.

      The first virtual IPv6 address of a VRRP6 group must be a link-local address.

    6. Run:

      commit

      The configuration is committed.

  2. Create VRRP6 groups working in multi-gateway load balancing mode.

    If VRRP6 groups need to work in multi-gateway load balancing mode, repeat the Create a VRRP6 group working in master/backup mode steps to configure two or more VRRP6 groups on the interface and assign different VRIDs to them.

  3. Create VRRP6 groups working in single-gateway load balancing mode.

    The device supports single-gateway load balancing for common VRRP6 groups, including those that have been bound to an mVRRP6 group.

    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      ipv6 enable

      IPv6 is enabled on the interface.

    5. Run:

      vrrp6 vrid virtual-router-id [ virtual-ip virtual-ipv6-address [ link-local ] ]

      A VRRP6 group is created and assigned a virtual IPv6 address.

      • If you use the VRRP6 group as a VRRP6 LBRG, you must assign a virtual IPv6 address to the VRRP6 group.
      • If you use the VRRP6 group as a VRRP6 LBRG member group, you do not need to assign a virtual IPv6 address to the VRRP6 group.

    6. Run:

      vrrp6 vrid virtual-router-id priority priority-value

      A priority is configured for the device in the VRRP6 group.

    7. Run:

      vrrp6 vrid virtual-router-id load-balance

      A VRRP6 LBRG is created.

    8. Run:

      vrrp6 vrid virtual-router-id join load-balance-vrrp vrid lb-vrid-value

      A VRRP6 group is added to the VRRP6 LBRG.

    9. Run:

      commit

      The configuration is committed.

Setting the Device Priority in a VRRP6 Group

Context

The device with a higher priority in a VRRP6 group is more likely to become the master. You can specify the master to forward traffic by setting the device priority.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run:

    vrrp6 vrid virtual-router-id priority priority-value

    The device priority in a VRRP6 group is set.

    By default, the device priority is 100.

    • Priority 0 is reserved in the system. Priority 255 is reserved for the IP address owner, and the priority of the IP address owner cannot be changed. The priority ranges from 1 to 254.

    • When devices in a VRRP6 group have the same priority and attempt to be the master simultaneously, the device on an interface with the largest IP address is the master. The device that first switches to the Master state becomes the master, and other backups remain unchanged.

  5. Run:

    commit

    The configuration is committed.

(Optional) Configuring VRRP6 Time Parameters

Context

You can set VRRP6 time parameters as needed. Table 11-18 lists applicable scenarios.

Table 11-18 Applicable scenarios of VRRP6 time parameters

Function

Usage Scenario

Interval at which VRRP6 Advertisement packets are sent

The master in a VRRP6 group sends VRRP6 Advertisement packets to backups at intervals to notify that it is working properly. After the Master_Down_Interval timer expires, a new master is selected among the backups if the backups do not receive VRRP Advertisement packets.

Heavy network traffic or time differences on different devices may result in the backup status change due to timeout of VRRP6 Advertisement packets. When packets from the original master reach the new master, the status of the new master changes. You can increase the interval to solve this problem.

Preemption delay of the master

On an unstable network, if the BFD session status monitored by a VRRP6 group flaps frequently or the backups cannot receive VRRP6 Advertisement packets within a specified period, an active/standby switchover is frequently performed, which causes network flapping. You can adjust the preemption delay of the master in the VRRP6 group so that the backup switches to the master after the delay. This prevents frequent change of the VRRP6 group status.

Timeout interval at which ND packets are sent by the master

To ensure that MAC address entries on the downstream switch are correct, the master in a VRRP6 group periodically sends ND packets to update MAC address entries on the downstream switch.

Delay in recovering a VRRP6 group

On an unstable network, frequent flapping of the BFD session status or interface status monitored by a VRRP6 group may result in frequent switching of the VRRP6 group status. After the delay in recovering a VRRP6 group is set, the VRRP6 group does not immediately respond to an interface or BFD session Up event. Instead, the VRRP6 group processes this event after the delay in recovering a VRRP6 group. This prevents frequent switching of the VRRP6 group status.

Procedure

  • Set the interval at which VRRP6 Advertisement packets are sent.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      vrrp6 vrid virtual-router-id timer advertise advertise-interval

      The interval at which VRRP6 Advertisement packets are sent is set.

      By default, VRRP6 Advertisement packets are sent at intervals of 1s.

      If devices in a VRRP6 group use different intervals, VRRP6 may not work.

    5. Run:

      commit

      The configuration is committed.

  • Set the preemption delay of the master.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface interface-type interface-number

      The interface view is displayed.

    3. On an Ethernet interface, run:

      undo portswitch

      The interface is switched to Layer 3 mode.

      By default, an Ethernet interface works in Layer 2 mode.

      If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

      If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

    4. Run:

      vrrp6 vrid virtual-router-id preempt timer delay delay-value

      The preemption delay is set.

      The default preemption delay is 5 seconds for a preemption caused by an interface Up event or 0 seconds (indicating immediate preemption) for a preemption caused by other reasons.

      You can use the vrrp6 vrid virtual-router-id preempt disable command to set the non-preemption mode. In non-preemption mode, the master that works properly can retain the Master state. The backup cannot switch to the master even if the priority of the master decreases.

      You can use the undo vrrp6 vrid virtual-router-id preempt command to restore the default preemption mode.

      It is recommended that you set the preemption delay of the backup in a VRRP6 group to 0, configure the master in preemption mode, and set the preemption delay. On an unstable network, these settings allow a period of time for status synchronization between the uplink and downlink. If the preceding settings are not used, two masters coexist and users devices may learn the incorrect address of the master.

    5. Run:

      commit

      The configuration is committed.

  • Set the interval at which the master sends NA packets.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      vrrp6 na interval interval

      The interval at which the master sends NA packets is set.

      By default, the master sends NA packets every 120s. After the interval is set, the master sends NA packets at the configured interval.

      • To restore the default interval at which NA packets are sent, run the undo vrrp6 na interval command in the system view.

      • To disable the master from sending NA packets, run the vrrp6 na interval disable command in the system view.

    3. Run:

      commit

      The configuration is committed.

  • Set the delay in recovering a VRRP6 group.
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      vrrp6 recover-delay delay-value

      The delay in recovering a VRRP6 group is set.

      By default, the delay in recovering a VRRP6 group is 0.

      • After this command is used, all VRRP6 groups on the device are configured with the same delay.

      • When the device in a VRRP6 group restarts, VRRP6 status flapping may occur. It is recommended that the delay be set based on actual networking.

    3. Run:

      commit

      The configuration is committed.

(Optional) Disabling VRRP6 TTL Check

Context

The system checks the TTL value in received VRRP6 Advertisement packets, and discards VRRP6 Advertisement packets in which the TTL value is not 255. On a network where devices of different vendors are deployed, if TTL check is enabled on the device, the device may incorrectly discard valid packets. In this case, disable TTL check so that devices of different vendors can communicate.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface interface-type interface-number

    The interface view is displayed.

  3. On an Ethernet interface, run:

    undo portswitch

    The interface is switched to Layer 3 mode.

    By default, an Ethernet interface works in Layer 2 mode.

    If an Ethernet interface already has Layer 2 configuration, this command fails to be executed on the interface. Before running this command on the interface, delete all the Layer 2 configuration of the interface.

    If many Ethernet interfaces need to be switched to Layer 3 mode, run the undo portswitch batch interface-type { interface-number1 [ to interface-number2 ] } &<1-10> command in the system view to switch these interfaces to Layer 3 mode in batches.

  4. Run:

    vrrp6 hop-limit-check disable

    The device is configured not to check the TTL value in VRRP6 Advertisement packets.

    By default, the system checks the TTL value in VRRP6 Advertisement packets.

  5. Run:

    commit

    The configuration is committed.

(Optional) Enabling the Ping to a Virtual IP Address

Context

The device allows user devices to ping a virtual IP address to serve the following purposes:
  • Monitors the operating status of the master in a VRRP6 group.
  • Monitors communication between a user device and a network connected through a default gateway that uses the virtual IP address.

If the ping to a virtual IP address is enabled, a device on an external network can ping a virtual IP address. This exposes the device to ICMP-based attacks. The vrrp virtual-ip ping disable command can be used to disable the ping function.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    undo vrrp virtual-ip ping disable

    The ping to a virtual IP address is enabled.

    By default, the ping function is enabled. The master in a VRRP group responds to ping packets sent to the virtual IP address.

(Optional) Configuring a Device to Calculate a VRRP6 Advertisement Packet's Checksum Based on the Content Excluding the IPv6 Pseudo Header

Context

After a Huawei device receives a VRRP6 Advertisement packet , it calculates the packet's checksum based on the content including the IPv6 pseudo header. However, a non-Huawei device may calculate the packet's checksum based on the content excluding the IPv6 pseudo header. As a result, VRRP6 negotiation between the Huawei and non-Huawei devices may fail. To resolve this issue, run the vrrp6 checksum exclude pseudo-header command to configure the Huawei device to calculate the packet's checksum based on the content excluding the IPv6 pseudo header.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vrrp6 checksum exclude pseudo-header

    The device is configured to calculate a VRRP6 Advertisement packet 's checksum based on the content excluding the IPv6 pseudo header.

    By default, the device calculates a VRRP6 Advertisement packet 's checksum based on the content including the IPv6 pseudo header.

  3. Run:

    commit

    The configuration is committed.

Checking the Configuration

Procedure

  • Run the display vrrp6 [ admin-vrrp | [ interface interface-type interface-number [ virtual-router-id ] | virtual-router-id ] [ verbose ] ] command to check the VRRP6 group status and parameters.
  • Run the display vrrp6 [ interface interface-type interface-number [ virtual-router-id ] ] statistics command to check statistics about sent and received packets of the VRRP6 group.
Translation
Download
Updated: 2019-12-13

Document ID: EDOC1000041694

Views: 61017

Downloads: 3623

Average rating:
This Document Applies to these Products
Related Version
Related Documents
Share
Previous Next