Configuring Basic Functions of an IPv6 VRRP Group
Creating a VRRP6 Group
Context
VRRP6 virtualizes multiple devices into one gateway without changing the networking, and uses the virtual gateway's IP address as the default gateway address to implement next-hop gateway backup. After a VRRP6 group is configured, traffic is forwarded through the master. When the master fails, a new master is selected among backups to forward traffic. This ensures device-level reliability.
If load balancing is required in addition to gateway backup, configure two or more VRRP6 groups on an interface in single-gateway load balancing mode or multi-gateway load balancing mode.
Procedure
- Create a VRRP6 group working in active/standby mode.
- Create VRRP6 groups working in multi-gateway load balancing mode.
If VRRP6 groups need to work in multi-gateway load balancing mode, repeat the Create a VRRP6 group working in master/backup mode steps to configure two or more VRRP6 groups on the interface and assign different VRIDs to them.
Setting the Device Priority in a VRRP6 Group
Context
The device with a higher priority in a VRRP6 group is more likely to become the master. You can specify the master to forward traffic by setting the device priority.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run vrrp6 vrid virtual-router-id priority priority-value
The device priority in a VRRP6 group is set.
By default, the device priority is 100.
Priority 0 is reserved in the system. Priority 255 is reserved for the IP address owner. The priority ranges from 1 to 254.
The priority of an IP address owner is fixed at 255 and cannot be manually changed. You can run the vrrp vrid virtual-router-id priority priority-value command to configure a non-255 priority for an IP address owner, but the configured priority does not take effect. If a VRRP device is no longer an IP address owner, the configured priority is used.
When devices in a VRRP6 group have the same priority and attempt to be the master simultaneously, the device on an interface with the largest IP address is the master. The device that first switches to the Master state becomes the master, and other backups remain unchanged.
(Optional) Configuring VRRP6 Time Parameters
Context
You can set VRRP6 time parameters as needed. Table 7-7 lists applicable scenarios.
Function | Usage Scenario |
---|---|
Interval at which VRRP6 Advertisement packets are sent | The master in a VRRP6 group sends VRRP6 Advertisement packets to backups at intervals to notify that it is working properly. After the Master_Down_Interval timer expires, a new master is selected among the backups if the backups do not receive
VRRP Advertisement packets. Heavy network traffic or time differences on different devices may result in the backup status change due to timeout of VRRP6 Advertisement packets. When packets from the original master reach the new master, the status of the new master changes. You can increase the interval to solve this problem. |
Preemption delay of the master | On an unstable network, if the BFD session status monitored by a VRRP6 group flaps frequently or the backups cannot receive VRRP6 Advertisement packets within a specified period, an active/standby switchover is frequently performed, which causes network flapping. You can adjust the preemption delay of the master in the VRRP6 group so that the backup switches to the master after the delay. This prevents frequent change of the VRRP6 group status. |
Timeout interval at which ND packets are sent by the master | To ensure that MAC address entries on the downstream switch are correct, the master in a VRRP6 group periodically sends ND packets to update MAC address entries on the downstream switch. |
Delay before a VRRP6 group recovers | On an unstable network, frequent flapping of the BFD session status or interface status monitored by a VRRP6 group may result in frequent switching of the VRRP6 group status. After the delay is set, the VRRP6 group does not immediately respond to an interface or BFD session Up event. Instead, the VRRP6 group processes this event after the delay. This prevents frequent switching of the VRRP6 group status. |
(Optional) Disabling VRRP6 TTL Check
Context
The system checks the TTL value in received VRRP6 Advertisement packets, and discards VRRP6 Advertisement packets in which the TTL value is not 255. On a network where devices of different vendors are deployed, if TTL check is enabled on the device, the device may incorrectly discard valid packets. In this case, disable TTL check so that devices of different vendors can communicate.
Procedure
- Run system-view
The system view is displayed.
- Run interface interface-type interface-number
The interface view is displayed.
- Run vrrp6 un-check hop-limit
The device is configured not to check the TTL value in VRRP6 Advertisement packets.
By default, the system checks the TTL value in VRRP6 Advertisement packets.
(Optional) Enabling the Ping to a Virtual IP Address
Context
- Monitors the operating status of the master in a VRRP6 group.
- Monitors communication between a user device and a network connected through a default gateway that uses the virtual IP address.
If the ping to a virtual IP address is enabled, a device on an external network can ping a virtual IP address. This exposes the device to ICMP-based attacks. The undo vrrp virtual-ip ping enable command can be used to disable the ping function.
Checking the Configuration
Procedure
- Run the display vrrp6 [ interface interface-type interface-number ] [ vrid virtual-router-id ] [ brief ] command to check the VRRP6 group status and parameters.
- Run the display vrrp6 [ interface interface-type interface-number ] [ vrid virtual-router-id ] statistics command to check statistics about sent and received packets of the VRRP6 group.