No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search

Reminder

To have a better experience, please upgrade your IE browser.

upgrade

Fat AP and Cloud AP V200R008C00 CLI-based Configuration Guide

Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Configuring VRRP

Configuring VRRP

This section describes how to configure VRPP.

Configuring Basic Functions of an IPv4 VRRP Group

An IPv4 VRRP group implements gateway backup and ensures stable and efficient data forwarding.

Pre-configuration Tasks
Before configuring basic functions of an IPv4 VRRP group, complete the following task:
  • Configuring network layer attributes of interfaces to ensure network connectivity
Creating a VRRP Group

Context

VRRP virtualizes multiple routing devices into a virtual router without changing the networking, and uses the next hop address in the default route of hosts as the IP address of the virtual router to implement gateway backup. After a VRRP group is configured, traffic is forwarded through the master. When the master fails, a new master is selected among backups to forward traffic. This implements gateway backup.

If load balancing is required in addition to gateway backup, configure two or more VRRP groups on an interface in multi-gateway load balancing mode.

If both VRRP and static ARP are configured on a VLANIF interface on a device, an IP address mapped to a static ARP entry cannot be used as a virtual IP address. If a VRRP virtual IP address is an IP address mapped to a static ARP entry on the device, the device generates incorrect host routes, affecting traffic forwarding.

The virtual MAC address of a VRRP group cannot be configured as a static MAC address or blackhole MAC address.

NOTE:

It is recommended that a VRRP group be not configured on the VLANIF interface corresponding to a Super-VLAN. This is because device performance may be affected.

Procedure
  • Create a VRRP group working in master/backup mode.

    1. Run:
      system-view

      The system view is displayed.

    2. Run:
      interface vlanif vlan-id

      The VLANIF interface view is displayed.

    3. Run:
      vrrp vrid virtual-router-id virtual-ip virtual-address

      A VRRP group is created, and a virtual IP address is assigned to the VRRP group.

      NOTE:
      • VRRP groups must use different virtual IP addresses. The virtual IP address of a VRRP group must be on the same network segment as the IP address of the interface where the VRRP group is configured.

      • Two devices in a VRRP group must be configured with the same VRID.

      • When multiple VRRP groups exist on the network, ensure that VRIDs on different devices are unique. Otherwise, virtual MAC address conflicts may occur.

  • Create VRRP groups working in multi-gateway load balancing mode.

    If VRRP groups need to work in multi-gateway load balancing mode, repeat the steps to configure two or more VRRP groups on the interface and assign different VRIDs to them.

Setting the Device Priority in a VRRP Group

Context

The device with a higher priority in a VRRP group is more likely to become the master. You can specify the master by setting the device priority.

Procedure
  1. Run:
    system-view

    The system view is displayed.

  2. Run:
    interface vlanif vlan-id

    The VLANIF interface view is displayed.

  3. Run:
    vrrp vrid virtual-router-id priority priority-value

    The device priority in a VRRP group is set.

    By default, the device priority is 100. A greater value indicates a higher priority of VRRP packets.

    NOTE:
    • Priority 0 is reserved in the system. Priority 255 is reserved for the IP address owner, and the priority of the IP address owner cannot be changed. The priority that can be set for switches ranges from 1 to 254.

    • When devices in a VRRP group have the same priority, if devices preempt to be the master simultaneously, the device on an interface with the largest IP address is the master. The device that first switches to Master state becomes the master.

(Optional) Configuring the VRRP Version Number

Context

IPv4 VRRP supports VRRPv2 and VRRPv3. If devices in a VRRP group use different VRRP versions, VRRP packets may fail to be forwarded.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    vrrp version { v2 | v3 }

    The VRRP version number is set.

    By default, VRRPv2 is used.

(Optional) Configuring VRRP Time Parameters

Context

You can set VRRP time parameters as needed. Table 24-7 lists applicable scenarios.

Table 24-7  Applicable scenarios of VRRP time parameters
Function Applicable Scenario
Interval at which VRRP Advertisement packets are sent The master in a VRRP group sends VRRP Advertisement packets to the backup at intervals to notify that it works properly. After the Master_Down_Interval timer expires, the backup switches to the master if it does not receive VRRP Advertisement packets.

Heavy network traffic or time differences on different devices may result in the status change of the backup due to timeout of VRRP packets. When packets from the original master reach the new master, the status of the new master changes. You can increase the interval to solve this problem.

Preemption delay On an unstable network, if the BFD session status monitored by a VRRP group flaps frequently or the backup cannot receive VRRP Advertisement packets within a specified period, an active/standby switchover is frequently performed, which causes network flapping. You can adjust the preemption delay of the master in the VRRP group so that the backup preempts to be the master after the delay. This prevents frequent change of the VRRP group status.
Timeout interval at which gratuitous ARP packets are sent by the master To ensure that MAC address entries on the downstream switch are correct, the master in the VRRP group periodically sends gratuitous ARP packets to update MAC address entries on the downstream switch.
Delay in recovering a VRRP group On an unstable network, frequent flapping of the BFD session status or interface status monitored by a VRRP group may result in frequent switching of the VRRP group status. After the delay in recovering a VRRP group is set, the VRRP group does not immediately respond to an interface or BFD session Up event. Instead, the VRRP group processes this event after the delay in recovering a VRRP group. This prevents frequent switching of the VRRP group status.

Procedure

  • Setting the interval at which VRRP Advertisement packets are sent
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface vlanif vlan-id

      The VLANIF interface view is displayed.

    3. Run:

      vrrp vrid virtual-router-id timer advertise advertise-interval

      The interval at which VRRP Advertisement packets are sent is set.

      By default, the interval is 1 second.

  • Setting the preemption delay of the master
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      interface vlanif vlan-id

      The VLANIF interface view is displayed.

    3. Run:

      vrrp vrid virtual-router-id preempt-mode timer delay delay-value

      The preemption delay is set.

      By default, the preemption delay is 0. In immediate preemption mode, a backup can immediately preempt to be the master when its priority is higher than the master.

      You can use the vrrp vrid virtual-router-id preempt-mode disable command to set the non-preemption mode. In non-preemption mode, the master that works properly can retain the Master state. The backup cannot preempt to be the master even if the priority of the master decreases.

      You can use the undo vrrp vrid virtual-router-id preempt-mode command to restore the default preemption mode.

      NOTE:

      It is recommended that you set the preemption delay of the backup in a VRRP group to 0, configure the master in preemption mode, and set the preemption delay. On an unstable network, these settings allow a period of time for status synchronization between the uplink and downlink. If the preceding settings are not used, two masters coexist and users devices may learn incorrect address of the master.

  • Setting the timeout interval at which gratuitous ARP packets are sent by the master
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      vrrp gratuitous-arp timeout time

      The timeout interval at which gratuitous ARP packets are sent by the master is set.

      By default, the master sends gratuitous ARP packets every 120s.

      NOTE:

      The timeout interval at which the master sends gratuitous ARP packets must be shorter than the aging time of ARP entries on user devices.

      • To restore the default interval at which a gratuitous ARP packet is sent, run the undo vrrp gratuitous-arp timeout command in the system view.

      • If the master does not need to send gratuitous ARP packets, run the vrrp gratuitous-arp timeout disable command in the system view.

  • Setting the delay in recovering a VRRP group
    1. Run:

      system-view

      The system view is displayed.

    2. Run:

      vrrp recover-delay delay-value

      The delay in recovering a VRRP group is set.

      By default, the delay in recovering a VRRP group is 0.

      NOTE:
      • After this command is used, all VRRP groups on the device are configured with the same delay.

      • When the device in a VRRP group restarts, VRRP status flapping may occur. It is recommended that the delay be set based on actual networking.

(Optional) Disabling VRRP TTL Check

Context

The system checks the TTL value in received VRRP packets, and discards VRRP packets in which the TTL value is not 255. On a network where devices of different vendors are deployed, if TTL check is enabled on the device, the device may incorrectly discard valid packets. In this case, disable TTL check so that devices of different vendors can communicate.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface vlanif vlan-id

    The VLANIF interface view is displayed.

  3. Run:

    vrrp un-check ttl

    The device is configured not to check the TTL value in VRRP packets.

    By default, the system checks the TTL value in VRRP packets.

(Optional) Setting the Authentication Mode of VRRP Packets

Context

Different authentication modes and authentication keys can be set in VRRPv2 Advertisement packets:
  • Non-authentication: The device does not authenticate outgoing VRRP Advertisement packets. In addition, the device does not authenticate the received VRRP packets. It considers all the received packets valid.
  • Simple authentication: The device encapsulates the authentication mode and authentication key into an outgoing VRRP Advertisement packet. The device that receives the VRRP Advertisement packet compares the authentication mode and authentication key in the packet with those configured on the device. If the values are the same, the device considers the received VRRP Advertisement packet valid. If the values are different, the device considers the received VRRP Advertisement packet invalid and discards it.
  • MD5 authentication: The device uses the MD5 algorithm to encrypt the authentication key and encapsulates the key in the Authentication Data field of an outgoing VRRP Advertisement packet. The device that receives the VRRP Advertisement packet matches the authentication mode with the decrypted authentication key in the packet.
NOTE:

Only VRRPv2 supports authentication. VRRPv3 does not support authentication. VRRPv2 reserves the authentication field in VRRP packets to be compatible with VRRP defined in RFC 2338. VRRP authentication cannot improve security.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface vlanif vlan-id

    The VLANIF interface view is displayed.

  3. Run:

    vrrp vrid virtual-router-id authentication-mode { simple { key | plain key | cipher cipher-key } | md5 md5-key }

    The authentication mode in VRRP Advertisement packets is configured.

    NOTE:
    • Devices in a VRRP group must be configured with the same authentication mode and authentication key; otherwise, the VRRP group cannot negotiate the Master and Backup status.

    • An MD5 key can be entered in cipher text or plain text. The MD5 key in plain text is a string of 1 to 8 characters, and the MD5 key in cipher text is a string of 24, 32 or 48 characters.

Checking the Configuration

Procedure

  • Run either of the following commands to check the VRRP group status and parameters:

    • display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] [ brief ]
    • display vrrp { interface interface-type interface-number [ virtual-router-id ] | virtual-router-id } [ verbose ]

  • Run the display vrrp protocol-information command to check VRRP information.
  • Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] statistics command to check statistics about sent and received packets of a VRRP group.

Configuring an IPv4 mVRRP Group

An mVRRP group can be bound to VRRP groups and determine the status of its bound VRRP groups. mVRRP helps decrease the number of VRRP packets to be sent and minimize network bandwidth consumption.

Pre-configuration Tasks
Before configuring basic functions of an IPv4 mVRRP group, complete the following task:
  • Configuring network layer attributes of interfaces to ensure network connectivity
Configuring an mVRRP Group

Context

Each VRRP group needs to maintain its own state machine. Configuring an mVRRP group reduces bandwidth occupied by VRRP packets.

Procedure
  1. Run:
    system-view

    The system view is displayed.

  2. Run:
    interface vlanif vlan-id

    A VLANIF interface is created and the VLANIF interface view is displayed.

  3. Run:
    vrrp vrid virtual-router-id virtual-ip virtual-address

    A VRRP group is created, and a virtual IP address is assigned to the VRRP group.

  4. Run:
    vrrp vrid virtual-router-id priority priority-value

    The priority of the VRRP group is configured.

  5. Run:
    admin-vrrp vrid virtual-router-id

    The VRRP group is configured as an mVRRP group.

  6. Run:
    vrrp vrid  virtual-router-id timer advertise advertise-interval 

    The interval at which the master sends VRRP Advertisement packets is configured.

(Optional) Configuring a VRRP Group and Binding the VRRP Group to an mVRRP Group

Context

You can bind VRRP groups to an mVRRP group so that mVRRP determines the status of the bound VRRP groups.

Procedure
  1. Run:
    system-view

    The system view is displayed.

  2. Run:
    vrrp vrid virtual-router-id virtual-ip virtual-address

    A VRRP group is created, and a virtual IP address is assigned to the VRRP group.

    Because the mVRRP group determines the status of its service VRRP groups, you do not need to set priorities for the bound VRRP groups.

  3. Run:
    vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interface-number vrid virtual-router-id2 unflowdown

    The VRRP group is bound to an mVRRP group.

    After the binding is complete, the state machine of the bound VRRP group depends on the status of the mVRRP group. The bound VRRP group inherits the status of the mVRRP group, and deletes its VRRP packet timeout timer and stops sending or receiving VRRP packets.

    NOTE:

    A VRRP backup group can only be bound to a single mVRRP backup group.

Checking the Configuration

Procedure

  • Run the display vrrp binding admin-vrrp [ interface interface-type1 interface-number1 ] [ vrid virtual-router-id1 ] member-vrrp [ interface interface-type2 interface-number2 ] [ vrid virtual-router-id2 ] command to check bindings between an mVRRP group and VRRP groups.
  • Run the display vrrp admin-vrrp command to check the status of all mVRRP groups.

Configuring VRRP Association

VRRP association enables VRRP to detect faults in a timely manner and triggers an active/standby switchover when the master or the uplink of the master becomes faulty. VRRP association optimizes VRRP switchover and enhances network reliability.

Pre-configuration Tasks
Before configuring basic functions of an IPv4 VRRP group, complete the following task:

You can configure VRRP association only after basic VRRP functions are configured.

Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby Switchover

Context

When a VRRP group is faulty, the backup detects the fault and switches to the master after the Master_Down_Interval timer expires. The switchover period is at least 3s. During the switchover period, service traffic is still sent to the original master, causing user traffic loss. As shown in Figure 24-22, the VRRP group is associated with a BFD session on the backup so that the BFD session can rapidly detect communication faults of the VRRP group. When the BFD session detects a fault, it notifies the VRRP group that the priority of the backup needs to be increased. Then an active/standby switchover is triggered immediately. This millisecond-level switchover reduces traffic loss.

When the fault is rectified, the priority of the backup is restored and the original master preempts to be the master to forward traffic.

NOTE:
  • A VRRP group can be associated with only a static BFD session or a static BFD session with automatically negotiated discriminators.

  • The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Figure 24-22  Association between VRRP and BFD to implement a rapid active/standby switchover

Procedure

  1. Configure a static session or a static BFD session with automatically negotiated discriminators. For details, see Configuring Single-Hop BFD, Configuring Multi-Hop BFD, or Configuring Static BFD with Automatically Negotiated Discriminators.
  2. Run:

    system-view

    The system view is displayed.

  3. Run:

    interface vlanif vlan-id

    The view of the VLANIF interface on the backup where a VRRP group is configured is displayed.

  4. Run:

    vrrp vrid virtual-router-id track bfd-session { bfd-session-id | session-name bfd-configure-name } [ increased value-increased | reduced value-reduced ]

    Association between VRRP and BFD is configured.

    NOTE:
    When associating a VRRP group with a BFD session, note the following points:
    • If session-name bfd-configure-name is specified, the VRRP group can bind to only a static BFD session with automatically negotiated discriminators.

    • If bfd-session-id is specified, the VRRP group can bind to only a static BFD session.

    • After the value by which the priority increases is set, ensure that the priority of the backup is higher than the priority of the master.

    • When a BFD session is associated with VRRP or static route, the system does not allow the associated BFD session to be deleted by default. To delete the associated BFD session, run the bfd session nonexistent-config-check disable command to disable the device from checking whether the associated BFD session is deleted.

Configuring Association Between VRRP and the Interface Status

Context

When the uplink interface of the master becomes faulty, VRRP cannot detect the status change of interfaces not in the VRRP group, causing service interruption. You can associate a VRRP group with the interface status. When the monitored interface is faulty, the priority of the master is reduced. This triggers an active/standby switchover and reduces the impact of services on the uplink interface.

When the fault is rectified, the priority of the original master is restored and preempts to be the master to forward traffic.

NOTE:

The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Procedure

  1. Run:

    system-view

    The system view is displayed.

  2. Run:

    interface vlanif vlan-id

    The view of the VLANIF interface on the master where a VRRP group is configured is displayed.

  3. Run:

    vrrp vrid virtual-router-id track interface interface-type interface-number [ increased value-increased | reduced value-reduced ]

    Association between VRRP and the interface status is configured.

    By default, when the monitored interface goes Down, the VRRP priority of the device decreases by 10.

    NOTE:
    • After the value by which the priority decreases is set, ensure that the priority of the backup is higher than the priority of the master.

Configuring Association Between VRRP and BFD to Monitor the Uplink Status

Context

Because VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted. As shown in Figure 24-23, a VRRP group is associated with a BFD session on the master so that the BFD session monitors the uplink status of the master. When the BFD session detects faults on the uplink, it notifies the VRRP group that the priority of the master needs to be decreased. Then an active/standby switchover is triggered immediately. This reduces the impact of uplink faults on service forwarding.

When the fault is rectified, the priority of the original master is restored and preempts to be the master to forward traffic.

BFD implements millisecond-level detection. Association between VRRP and BFD provides fast active/standby switchover.

NOTE:
  • A VRRP group can be associated with only a static BFD session or a static BFD session with automatically negotiated discriminators.

  • The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup and non-0 on the master.

Figure 24-23  Association between VRRP and BFD

Procedure

  1. Configure a static BFD session or a static BFD session with automatically negotiated discriminators. For details, see Configuring Single-Hop BFD, Configuring Multi-Hop BFD, and Configuring Static BFD with Automatically Negotiated Discriminators.
  2. Run:

    system-view

    The system view is displayed.

  3. Run:

    interface vlanif vlan-id

    The view of the VLANIF interface on the master where a VRRP group is configured is displayed.

  4. Run:

    vrrp vrid virtual-router-id track bfd-session { bfd-session-id | session-name bfd-configure-name } [ increased value-increased | reduced value-reduced ]

    Association between VRRP and BFD is configured.

    By default, when the monitored BFD session becomes Down, the VRRP priority decreases by 10.

    NOTE:
    When associating a VRRP group with a BFD session, note the following points:
    • If session-name bfd-configure-name is specified, the VRRP group can bind to only a static BFD session with automatically negotiated discriminators.

    • If bfd-session-id is specified, the VRRP group can bind to only a static BFD session.

    • After the VRRP group is associated with a BFD session, the BFD session type cannot be modified. Before deleting the BFD session type, you must delete all original configurations.

    • After the value by which the priority decreases is set, ensure that the priority of the backup is higher than the priority of the master.

Checking the Configuration

Procedure

  • Run either of the following commands to check the VRRP group status and parameters:

    • display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] [ brief ]
    • display vrrp { interface interface-type interface-number [ virtual-router-id ] | virtual-router-id } verbose

  • Run the display vrrp protocol-information command to check VRRP information.
  • Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] statistics command to check statistics about sent and received packets of a VRRP group.
Translation
Download
Updated: 2019-01-11

Document ID: EDOC1000176006

Views: 116402

Downloads: 309

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Share
Previous Next