No relevant resource is found in the selected language.

This site uses cookies. By continuing to browse the site you are agreeing to our use of cookies. Read our privacy policy>Search


To have a better experience, please upgrade your IE browser.


Configuration Guide - VXLAN

CloudEngine 12800 and 12800E V200R003C00

This document describes the configurations of VXLAN.
Rate and give feedback :
Huawei uses machine translation combined with human proofreading to translate this document to different languages in order to help you better understand the content of this document. Note: Even the most advanced machine translation cannot match the quality of professional translators. Huawei shall not bear any responsibility for translation accuracy and it is recommended that you refer to the English document (a link for which has been provided).
Application of VRRP for Determining the Master/Backup Gateway Status for Firewalls

Application of VRRP for Determining the Master/Backup Gateway Status for Firewalls

Service Description

An enterprise requires two firewalls to enhance network reliability and security. VRRP is needed to determine the master/backup status of firewalls so that the backup firewall can immediately take over upon a master firewall failure.

Networking Description

On the network shown in Figure 6-9, XGW1 and XGW2 are connected through a VXLAN tunnel or Layer 2 sub-interfaces. VRRP is deployed between the XGWs to determine the master/backup status of the XGWs and accordingly the master/backup status of the firewalls connecting to the XGWs.

Figure 6-9 VRRP for determining the master/backup gateway status for firewalls

After user traffic arrives at an XGW, an XGW first checks whether the destination MAC address of received packets is the VRRP virtual MAC address. If it is, the XGW routes the packets at Layer 3. Otherwise, the XGW broadcasts the packets in the BD.

Feature Deployment

To implement the master/backup gateway function for firewalls, perform the following operations:
  1. Establish a VXLAN tunnel between XGWs. Alternatively, create a Layer 2 sub-interface on each XGW to connect to the other XGW and add these Layer 2 sub-interfaces to the same BD to allow the XGWs to be connected through a direct link.
  2. Create a Layer 2 sub-interface on each XGW to connect to its downstream firewall and add these sub-interfaces to the same BD to allow access of firewalls to XGWs.
  3. Configure a VBDIF interface and VRRP on each XGW for the two XGWs to negotiate the master/backup status.
  4. Configure the VRRP virtual IP address as the default gateway address of the firewalls, so that the firewalls have a master gateway and a backup gateway.

After the preceding configurations are complete, VRRP Advertisement packets can be transmitted through sub-interfaces for master/backup negotiation, thereby improving network security and reliability.

Updated: 2019-05-05

Document ID: EDOC1100004207

Views: 25161

Downloads: 65

Average rating:
This Document Applies to these Products
Related Documents
Related Version
Previous Next