Configuring Basic Functions of an IPv6 VRRP Group
Creating a VRRP6 Group
Context
VRRP6 virtualizes multiple devices into one gateway without changing the networking, and uses the virtual gateway's IP address as the default gateway address to implement next-hop gateway backup. After a VRRP6 group is configured, traffic is forwarded through the master. When the master fails, a new master is selected among backups to forward traffic. This ensures device-level reliability.
If load balancing is required in addition to gateway backup, configure two or more VRRP6 groups on an interface in single-gateway load balancing mode or multi-gateway load balancing mode.
Procedure
- Create a VRRP6 group working in active/standby mode.
- Run vrrp6 vrid virtual-router-id virtual-ip virtual-ipv6-address [ link-local ]
A VRRP6 group is created, and a virtual IPv6 address is assigned to the VRRP6 group.
By default, no VRRP6 group is created.
The first virtual IPv6 address of a VRRP6 group must be a link-local address.
VRRP6 groups on different interfaces of a device can be configured with the same VRID.
If the device needs to be configured as the IP address owner in an IPv6 VRRP group, configure VRRP6 on the IP address owner first, and then on the peer device; otherwise, the IP addresses may conflict. If IP address conflict occurs, perform either of the following operations:Disable IPv6 address conflict detection.
- Before configuring an IP address owner, run the ipv6 nd dad attempts value command with value of 0 to disable IPv6 address conflict detection.
- Run the ipv6 address ip-address { mask | mask-length } command in the interface view to configure an IPv6 address so that the master becomes the IP address owner.
- Run the ipv6 nd dad attempts value command with value of 1 to enable IPv6 address conflict detection.
Restart the interface.
- Run the shutdown command in the view of the IP address owner to shut down the interface.
- Run the undo shutdown command in the view of the IP address owner to enable the interface.
- Run vrrp6 vrid virtual-router-id virtual-ip virtual-ipv6-address [ link-local ]
- Create VRRP6 groups working in multi-gateway load balancing mode.
If VRRP6 groups need to work in multi-gateway load balancing mode, repeat the Create a VRRP6 group working in master/backup mode steps to configure two or more VRRP6 groups on the interface and assign different VRIDs to them.
Setting the Device Priority in a VRRP6 Group
Context
The device with a higher priority in a VRRP6 group is more likely to become the master. You can specify the master to forward traffic by setting the device priority.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run vrrp6 vrid virtual-router-id priority priority-value
The device priority in a VRRP6 group is set.
By default, the device priority is 100.
Priority 0 is reserved in the system. Priority 255 is reserved for the IP address owner. The priority ranges from 1 to 254.
The priority of an IP address owner is fixed at 255 and cannot be manually changed. You can run the vrrp vrid virtual-router-id priority priority-value command to configure a non-255 priority for an IP address owner, but the configured priority does not take effect. If a VRRP device is no longer an IP address owner, the configured priority is used.
When devices in a VRRP6 group have the same priority and attempt to be the master simultaneously, the device on an interface with the largest IP address is the master. The device that first switches to the Master state becomes the master, and other backups remain unchanged.
(Optional) Configuring VRRP6 Time Parameters
Context
You can set VRRP6 time parameters as needed. Table 7-7 lists applicable scenarios.
| Function | Usage Scenario |
|---|---|
| Interval at which VRRP6 Advertisement packets are sent | The master in a VRRP6 group sends VRRP6 Advertisement packets to backups at intervals to notify that it is working properly. After the Master_Down_Interval timer expires, a new master is selected among the backups if the backups do not receive
VRRP Advertisement packets. Heavy network traffic or time differences on different devices may result in the backup status change due to timeout of VRRP6 Advertisement packets. When packets from the original master reach the new master, the status of the new master changes. You can increase the interval to solve this problem. |
| Preemption delay of the master | On an unstable network, if the BFD session status monitored by a VRRP6 group flaps frequently or the backups cannot receive VRRP6 Advertisement packets within a specified period, an active/standby switchover is frequently performed, which causes network flapping. You can adjust the preemption delay of the master in the VRRP6 group so that the backup switches to the master after the delay. This prevents frequent change of the VRRP6 group status. |
| Timeout interval at which ND packets are sent by the master | To ensure that MAC address entries on the downstream switch are correct, the master in a VRRP6 group periodically sends ND packets to update MAC address entries on the downstream switch. |
| Delay before a VRRP6 group recovers | On an unstable network, frequent flapping of the BFD session status or interface status monitored by a VRRP6 group may result in frequent switching of the VRRP6 group status. After the delay is set, the VRRP6 group does not immediately respond to an interface or BFD session Up event. Instead, the VRRP6 group processes this event after the delay. This prevents frequent switching of the VRRP6 group status. |
Procedure
- Set the interval at which VRRP6 Advertisement packets are sent.
- Run vrrp6 vrid virtual-router-id timer advertise advertise-interval
The interval at which VRRP6 Advertisement packets are sent is set.
By default, VRRP6 Advertisement packets are sent at intervals of 1s.
If devices in a VRRP6 group use different intervals, VRRP6 may not work.
The interval at which a device sends VRRP6 Advertisement packets cannot be less than the time that the device takes to perform a master/slave main control board switchover. If the interval is less than the switchover time, protocol flapping may occur during a master/slave main control board switchover. It is recommended that the interval be set to a value greater than 1s.
- Run vrrp6 vrid virtual-router-id timer advertise advertise-interval
- Set the preemption delay of the master.
- Run vrrp6 vrid virtual-router-id preempt-mode timer delay delay-value
The preemption delay is set.
By default, the preemption delay time is 0. In immediate preemption mode, a backup can immediately switch to the master when its priority is higher than the master.
You can use the vrrp6 vrid virtual-router-id preempt-mode disable command to set the non-preemption mode. In non-preemption mode, the master that works properly can retain the Master state. The backup cannot switch to the master even if the priority of the master decreases.
You can use the undo vrrp6 vrid virtual-router-id preempt-mode command to restore the default preemption mode.
It is recommended that you set the preemption delay of the backup in a VRRP6 group to 0, configure the master in preemption mode, and set the preemption delay. On an unstable network, these settings allow a period of time for status synchronization between the uplink and downlink. If the preceding settings are not used, two masters coexist and users devices may learn the incorrect address of the master.
- Run vrrp6 vrid virtual-router-id preempt-mode timer delay delay-value
- Set the timeout interval at which ND packets are sent by the master.
- Run vrrp gratuitous-arp timeout time
The interval at which ND packets are sent by the master is set.
By default, the master sends an ND packet every 120s.
The interval at which the master sends ND packets must be shorter than the aging time of ND entries on each user device.
To restore the default interval at which an ND packet is sent, run the undo vrrp gratuitous-arp timeout command in the system view.
To disable the master from sending ND packets, run the vrrp gratuitous-arp timeout disable command in the system view.
- Run vrrp gratuitous-arp timeout time
- Set the delay before a VRRP6 group recovers.
- Run vrrp recover-delay delay-value
The delay before a VRRP6 group recovers is set.
By default, the delay before a VRRP6 group recovers is 0.
After this command is used, all VRRP6 groups on the device are configured with the same delay.
When the device in a VRRP6 group restarts, VRRP6 status flapping may occur. It is recommended that the delay be set based on actual networking.
- Run vrrp recover-delay delay-value
(Optional) Disabling VRRP6 TTL Check
Context
The system checks the TTL value in received VRRP6 Advertisement packets, and discards VRRP6 Advertisement packets in which the TTL value is not 255. On a network where devices of different vendors are deployed, if TTL check is enabled on the device, the device may incorrectly discard valid packets. In this case, disable TTL check so that devices of different vendors can communicate.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run vrrp6 un-check hop-limit
The device is configured not to check the TTL value in VRRP6 Advertisement packets.
By default, the system checks the TTL value in VRRP6 Advertisement packets.
(Optional) Enabling the Ping to a Virtual IP Address
Context
- Monitors the operating status of the master in a VRRP6 group.
- Monitors communication between a user device and a network connected through a default gateway that uses the virtual IP address.
If the ping to a virtual IP address is enabled, a device on an external network can ping a virtual IP address. This exposes the device to ICMP-based attacks. The undo vrrp virtual-ip ping enable command can be used to disable the ping function.
Checking the Configuration
Procedure
- Run the display vrrp6 [ interface interface-type interface-number ] [ vrid virtual-router-id ] [ brief ] command to check the VRRP6 group status and parameters.
- Run the display vrrp6 [ interface interface-type interface-number ] [ vrid virtual-router-id ] statistics command to check statistics about sent and received packets of the VRRP6 group.
