CloudEngine 12800 V100R001C00 Configuration Guide - Reliability 03

CloudEngine 12800 Series SwitchesV100R001C00

Configuration Guide - Reliability

Issue 03

Date 2013-07-10

HUAWEI TECHNOLOGIES CO., LTD.

Copyright © Huawei Technologies Co., Ltd. 2013. All rights reserved.No part of this document may be reproduced or transmitted in any form or by any means without prior writtenconsent of Huawei Technologies Co., Ltd. Trademarks and Permissions

and other Huawei trademarks are trademarks of Huawei Technologies Co., Ltd.All other trademarks and trade names mentioned in this document are the property of their respective holders. NoticeThe purchased products, services and features are stipulated by the contract made between Huawei and thecustomer. All or part of the products, services and features described in this document may not be within thepurchase scope or the usage scope. Unless otherwise specified in the contract, all statements, information,and recommendations in this document are provided "AS IS" without warranties, guarantees or representationsof any kind, either express or implied.

The information in this document is subject to change without notice. Every effort has been made in thepreparation of this document to ensure accuracy of the contents, but all statements, information, andrecommendations in this document do not constitute a warranty of any kind, express or implied.

Huawei Technologies Co., Ltd.Address: Huawei Industrial Base

Bantian, LonggangShenzhen 518129People's Republic of China

Website: http://enterprise.huawei.com

Issue 03 (2013-07-10) Huawei Proprietary and ConfidentialCopyright © Huawei Technologies Co., Ltd.

i

http://enterprise.huawei.com

About This Document

Intended AudienceThis document provides the basic concepts, configuration procedures, and configurationexamples of the reliability supported by the device.

This document is intended for:

l Data configuration engineersl Commissioning engineersl Network monitoring engineersl System maintenance engineers

Symbol ConventionsThe symbols that may be found in this document are defined as follows.

Symbol Description

DANGERIndicates a hazard with a high level or medium level of riskwhich, if not avoided, could result in death or serious injury.

WARNINGIndicates a hazard with a low level of risk which, if notavoided, could result in minor or moderate injury.

CAUTIONIndicates a potentially hazardous situation that, if notavoided, could result in equipment damage, data loss,performance deterioration, or unanticipated results.

TIP Provides a tip that may help you solve a problem or save time.

NOTE Provides additional information to emphasize or supplementimportant points in the main text.

Command ConventionsThe command conventions that may be found in this document are defined as follows.

CloudEngine 12800 Series SwitchesConfiguration Guide - Reliability About This Document


ii

Convention Description

Boldface The keywords of a command line are in boldface.

Italic Command arguments are in italics.

[ ] Items (keywords or arguments) in brackets [ ] are optional.

{ x | y | ... } Optional items are grouped in braces and separated byvertical bars. One item is selected.

[ x | y | ... ] Optional items are grouped in brackets and separated byvertical bars. One item is selected or no item is selected.

{ x | y | ... }* Optional items are grouped in braces and separated byvertical bars. A minimum of one item or a maximum of allitems can be selected.

[ x | y | ... ]* Optional items are grouped in brackets and separated byvertical bars. You can select one or several items, or selectno item.

&<1-n> The parameter before the & sign can be repeated 1 to n times.

# A line starting with the # sign is comments.

Interface Numbering ConventionsInterface numbers used in this manual are examples. In device configuration, use the existinginterface numbers on devices.

Change HistoryChanges between document issues are cumulative. Therefore, the latest document versioncontains all updates made to previous versions.

Changes in Issue 03 (2013-07-10)The third commercial release has the following updates:

The following information is modified:l 3.2 VRRP Features Supported by the Devicel 3.4.3 (Optional) Configuring VRRP Time Parameters

Changes in Issue 02 (2013-03-15)The third commercial release has the following updates:

The following information is modified:l 3.8.1 Example for Configuring a VRRP Group in Active/Standby Mode



iii

l 3.8.2 Example for Configuring a VRRP Group in Multi-gateway Load BalancingMode

l 3.8.3 Example for Configuring a VRRP Group in Single-gateway Load BalancingMode

Changes in Issue 01 (2012-12-31)Initial commercial release.



iv

Contents

About This Document.....................................................................................................................ii

1 BFD Configuration........................................................................................................................11.1 BFD Overview................................................................................................................................................................31.2 BFD Features Supported by the Device.........................................................................................................................31.3 Default Configuration.....................................................................................................................................................51.4 Configuring Single-Hop BFD........................................................................................................................................51.5 Configuring Multi-Hop BFD..........................................................................................................................................71.6 Configuring Static BFD with Automatically Negotiated Discriminators......................................................................81.7 Configuring BFD to Detect VPN Routes.....................................................................................................................101.8 Configuring BFD Association......................................................................................................................................111.9 Adjusting BFD Parameters...........................................................................................................................................121.9.1 Adjusting the BFD Detection Time...........................................................................................................................121.9.2 Setting the WTR Time of a BFD Session..................................................................................................................131.9.3 Configuring the Description for a BFD Session........................................................................................................131.9.4 Setting the Delay Before a BFD Session Becomes Up.............................................................................................141.9.5 Setting the Priority of BFD Packets..........................................................................................................................151.10 Checking the Configuration........................................................................................................................................151.11 Maintaining BFD........................................................................................................................................................161.12 Configuration Examples.............................................................................................................................................161.12.1 Example for Configuring Single-Hop BFD on a VLANIF Interface......................................................................161.12.2 Example for Configuring Multi-Hop BFD..............................................................................................................191.13 Common Configuration Errors...................................................................................................................................221.13.1 BFD Session Cannot Become Up............................................................................................................................22

2 DLDP Configuration...................................................................................................................242.1 DLDP Overview...........................................................................................................................................................252.2 Default Configuration...................................................................................................................................................252.3 Configure DLDP Functions..........................................................................................................................................262.3.1 Enabling DLDP.........................................................................................................................................................262.3.2 (Optional) Configuring the Working Mode of DLDP...............................................................................................272.3.3 (Optional) Configuring the DLDP-Compatible Mode..............................................................................................272.3.4 (Optional) Setting the Interval for Sending Advertisement Packets.........................................................................282.3.5 (Optional) Setting the Timeout Period of the DelayDown Timer.............................................................................29

CloudEngine 12800 Series SwitchesConfiguration Guide - Reliability Contents


v

2.3.6 (Optional) Setting the Mode of Shutting Down an Interface When a Unidirectional Link Is Detected...................302.3.7 (Optional) Configuring the Authentication Mode for DLDP Packets.......................................................................302.3.8 Checking the Configuration.......................................................................................................................................312.4 Resetting the DLDP Status...........................................................................................................................................322.5 Maintaining DLDP.......................................................................................................................................................332.6 Configuration Examples...............................................................................................................................................332.6.1 Example for Configuring DLDP to Detect a Disconnected Optical Fiber Link........................................................332.6.2 Example for Configuring DLDP to Detect Cross-Connected Optical Fibers............................................................352.7 Common Configuration Errors.....................................................................................................................................382.7.1 DLDP Cannot Discover a Directly Connected Neighbor..........................................................................................38

3 VRRP Configuration...................................................................................................................403.1 Introduction to VRRP...................................................................................................................................................423.2 VRRP Features Supported by the Device.....................................................................................................................433.3 Default Configuration...................................................................................................................................................463.4 Configuring Basic Functions of an IPv4 VRRP Group................................................................................................463.4.1 Creating a VRRP Group............................................................................................................................................463.4.2 Setting the Device Priority in a VRRP Group...........................................................................................................483.4.3 (Optional) Configuring VRRP Time Parameters......................................................................................................493.4.4 (Optional) Setting the Mode in Which VRRP Packets Are Sent in a Super-VLAN.................................................513.4.5 (Optional) Disabling VRRP TTL Check...................................................................................................................523.4.6 (Optional) Setting the Authentication Mode of VRRP Packets................................................................................523.4.7 (Optional) Enabling the Ping to a Virtual IP Address...............................................................................................533.4.8 Checking the Configuration.......................................................................................................................................543.5 Configuring an IPv4 mVRRP Group............................................................................................................................543.5.1 Configuring an mVRRP Group.................................................................................................................................543.5.2 (Optional) Configuring a VRRP Group and Binding the VRRP Group to an mVRRP Group.................................553.5.3 Checking the Configuration.......................................................................................................................................563.6 Configuring VRRP Association...................................................................................................................................563.6.1 Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby Switchover.................563.6.2 Configuring Association Between VRRP and Link/Peer BFD to Implement a Rapid Active/Standby Switchover............................................................................................................................................................................................573.6.3 Configuring Association Between VRRP and the Interface Status...........................................................................593.6.4 Configuring Association Between VRRP and BFD to Monitor the Uplink Status...................................................603.6.5 Configuring Association Between VRRP and Routing to Monitor the Uplink Status..............................................613.6.6 Configuring Association Between a VRRP Group and a Direct Route....................................................................623.6.7 Checking the Configuration.......................................................................................................................................653.7 Maintaining VRRP.......................................................................................................................................................653.7.1 Monitoring the VRRP Running Status......................................................................................................................653.7.2 Clearing VRRP Packet Statistics...............................................................................................................................653.8 Configuration Examples...............................................................................................................................................663.8.1 Example for Configuring a VRRP Group in Active/Standby Mode.........................................................................663.8.2 Example for Configuring a VRRP Group in Multi-gateway Load Balancing Mode................................................71



vi

3.8.3 Example for Configuring a VRRP Group in Single-gateway Load Balancing Mode...............................................763.8.4 Example for Connecting VRRP Groups to L3VPNs.................................................................................................823.8.5 Example for Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby Switchover............................................................................................................................................................................................873.8.6 Example for Configuring Association Between VRRP and the logical Interface Status..........................................923.8.7 Example for Configuring Association Between VRRP and BFD to Monitor the Uplink Status..............................983.8.8 Example for Configuring Association Between VRRP and Routing to Monitor the Uplink Status.......................1053.8.9 Example for Configuring Association Between a VRRP Group and a Direct Route.............................................1133.9 Common Configuration Errors...................................................................................................................................1173.9.1 Multiple Masters Coexist in a VRRP Group...........................................................................................................1173.9.2 VRRP Group Status Changes Frequently................................................................................................................118



vii

1 BFD Configuration

About This Chapter

Bidirectional forwarding detection (BFD) allows network devices to quickly detect faults.

1.1 BFD OverviewBidirectional forwarding detection (BFD) can quickly detect a communications fault betweensystems and notify upper layer applications of the fault.

1.2 BFD Features Supported by the DeviceThe device supports the following BFD features: BFD session setup, BFD detection mode,single-hop and multi-hop BFD, BFD session with automatically negotiated parameters, VPNroute detection, and dynamic change of BFD parameters.

1.3 Default ConfigurationThis section provides the default configuration of a BFD session.

1.4 Configuring Single-Hop BFDSingle-hop BFD fast detects faults on the directly connected link.

1.5 Configuring Multi-Hop BFDMulti-hop BFD fast detects faults on the indirectly connected link.

1.6 Configuring Static BFD with Automatically Negotiated DiscriminatorsWhen the peer device uses dynamic BFD and the local device wants to communicate with thepeer device and detect static routes, create a BFD session with automatically negotiateddiscriminators.This function applies to networks that use static routes to implement Layer 3connectivity.

1.7 Configuring BFD to Detect VPN RoutesThis section describes how to configure BFD to detect VPN routes.

1.8 Configuring BFD AssociationAssociation between BFD and other protocols improves upper-layer application performanceand fast detects faults on links.

1.9 Adjusting BFD ParametersYou can adjust BFD parameters so that the BFD session can fast detect faults on links.

1.10 Checking the ConfigurationAfter the BFD configuration is complete, you can view the BFD session configuration.

CloudEngine 12800 Series SwitchesConfiguration Guide - Reliability 1 BFD Configuration


1

1.11 Maintaining BFDThis section describes how to maintain BFD.

1.12 Configuration ExamplesThis section provides examples for the BFD configuration, including networking requirements,configuration notes, and configuration roadmap.

1.13 Common Configuration ErrorsThis section describes common configuration errors of BFD.



2

1.1 BFD OverviewBidirectional forwarding detection (BFD) can quickly detect a communications fault betweensystems and notify upper layer applications of the fault.

To minimize the impact of a fault on services and improve network reliability, a network deviceis required to rapidly detect a communications fault between adjacent devices and the upperlayer protocol can rectify the fault to ensure service transmission.

Currently, the existing detection mechanisms are as follows:

l Hardware detection: For example, the Synchronous Digital Hierarchy (SDH) alarms areused to report link faults. Hardware detection can quickly detect a fault; however, not allmedia can provide the hardware detection mechanism.

l Slow Hello mechanism: It usually refers to the Hello mechanism offered by a routingprotocol. The slow Hello mechanism can detect a fault in seconds. When traffic istransmitted at a high rate, fault detection with more than 1s will cause packet loss. The slowHello mechanism depends on routing protocols. If no routing protocol is deployed on asmall-scale Layer 3 network, this mechanism cannot be used.

l Other detection mechanisms: Different protocols or manufacturers may provide proprietarydetection mechanisms; however, it is difficult to deploy the proprietary detectionmechanisms when different systems are interconnected.

BFD provides fast fault detection independent of media and routing protocols. It has thefollowing advantages:

l Provides low-load and short-duration detection for faults on the bidirectional forwardingpath of any type.

l Provides uniform detection for all media and protocol layers in real time and supportsdifferent detection intervals and overheads.

1.2 BFD Features Supported by the DeviceThe device supports the following BFD features: BFD session setup, BFD detection mode,single-hop and multi-hop BFD, BFD session with automatically negotiated parameters, VPNroute detection, and dynamic change of BFD parameters.

1. You can create BFD sessions based on the mode in which local and remote discriminatorsare created.

2. You can configure single-hop BFD, multiple-hop BFD, and VPN route detection based ondetection modes.

3. You can configure association between BFD and other protocols.

BFD Session SetupBFD uses local and remote discriminators in control packets to differentiate BFD sessions. Basedon the mode in which local and remote discriminators are created, the device supports thefollowing BFD session types:

l Static BFD sessions with manually specified discriminatorsYou must manually specify the local and remote discriminators of a BFD session. If a staticBFD session is established on the local end using the manually specified discriminators,



3

the static BFD session must also be established on the remote end using the manuallyspecified discriminators.

l Static BFD sessions with automatically negotiated discriminators

When the peer device uses dynamic BFD and the local device wants to communicate withthe peer device and detect static routes, create a BFD session with automatically negotiateddiscriminators. If a static BFD session is established on the local end using the automaticallynegotiated discriminators, the static BFD session can be established on the remote end usingthe automatically negotiated discriminators or a dynamic BFD session can be establishedon the remote end.

l Dynamic BFD sessions triggered by a protocol

The local discriminator is dynamically allocated and the remote discriminator is learnedby the system.

BFD Detection Mode

The Switch supports BFD in asynchronous mode.

Devices send BFD control packets at the negotiated period. If a device does not receive a packetfrom the peer device within the period, the BFD session becomes Down.

Single-hop BFD and Multi-hop BFD

Single-hop BFD detects IP connectivity of the forwarding link between two directly connecteddevices.

Multi-hop BFD detects IP connectivity of paths between two indirectly connected devices. Thesepaths may span multiple hops or overlap.

VPN Route Detection

To fast detect and monitor VPN routes, create a BFD session in a VPN instance.

Association

In practice, BFD is often used with other protocols to serve upper-layer applications, such asBFD for OSPF. By default, the interval for OSPF to send Hello packets is 10 seconds. That is,the Switch detects neighbor faults in seconds. The second-level detection leads to the loss of alarge number of packets on a high-speed network. BFD works with OSPF to fast detect theadjacency fault. In addition, BFD instructs OSPF to recalculate corresponding routes for correctpacket forwarding.

The Switch allows BFD to associate with the following protocols:

l OSPF

l IS-IS

l BGP

l Static route

l PIM

l VRRP



4

1.3 Default ConfigurationThis section provides the default configuration of a BFD session.

Table 1-1 Default BFD parameter settings

Parameter Default Setting

Global BFD Disabled

Minimum interval for sending BFD controlpackets

1000 ms

Minimum interval for receiving BFD controlpackets

1000 ms

Local detection multiplier 3

WTR time 0 min

Delay before a BFD session becomes Up 0 min

Priority of BFD packets 7

1.4 Configuring Single-Hop BFDSingle-hop BFD fast detects faults on the directly connected link.

Pre-configuration TasksBefore configuring single-hop BFD, complete the following tasks:

l Configuring link layer protocol parameters for interfaces to ensure that the link layerprotocol status on the interfaces is Up

l Configuring an IP address for the Layer 3 interface



5

Configuration Process

Figure 1-1 Single-hop BFD configuration process

Enable global BFD

Establish a BFD session

Mandatory

Optional

Set local and remote discriminators

Procedure

Step 1 Run:system-view

The system view is displayed.

Step 2 Run:bfd

BFD is enabled globally and the BFD view is displayed.

By default, BFD is disabled globally.

Step 3 Run:quit

Return to the system view.

Step 4 Run:bfd session-name bind peer-ip ip-address [ vpn-instance vpn-name ] interface interface-type interface-number [ source-ip ip-address ]

A BFD session is created.

NOTE

l When creating a single-hop BFD session, bind the single-hop BFD session to the peer IP address andthe local address.

l When the BFD configuration items are created, the system checks only the format of the IP address.The BFD session cannot be established if an incorrect peer IP address or source IP address is bound.

l When BFD and URPF are used together, UPRF checks the source IP address of the received BFDpackets. You must bind the correct source IP address to the BFD session to prevent BFD packets frombeing discarded incorrectly.

l BFD cannot detect route switching. If the bound peer IP address change causes route switching, BFDdoes not perform negotiation again unless forwarding fails on the original link.

Step 5 Run:discriminator local discr-value



6

The local discriminator is set.

Step 6 Run:discriminator remote discr-value

The remote discriminator is set.

NOTE

The local discriminator of the local system must be the same as the remote discriminator of the remotesystem; the remote discriminator of the local system must be the same as the local discriminator of theremote system. Otherwise, BFD sessions cannot be established.

Step 7 Run:commit

The configuration is committed.

----End

1.5 Configuring Multi-Hop BFDMulti-hop BFD fast detects faults on the indirectly connected link.

Pre-configuration TasksBefore configuring multi-hop BFD, complete the following task:

l Configuring a routing protocol to ensure reachability at the network layer


Figure 1-2 Multi-hop BFD configuration process

Enable global BFD


Mandatory

Optional


Procedure



Step 2 Run:



7

bfd


Step 3 Run:quit


Step 4 Run:bfd session-name bind peer-ip ip-address [ vpn-instance vpn-name ] [ source-ip ip-address ]

A BFD session is created and the peer IP address is specified.

NOTE

l When creating a multi-hop BFD session, you must bind the BFD session to the peer IP address.

l When the BFD configuration items are created, the system checks only the format of the IP address.The BFD session cannot be established if an incorrect peer IP address or source IP address is bound.






NOTE

The local discriminator of the local system must be the same as the remote discriminator of the remotesystem; the remote discriminator of the local system must be the same as the local discriminator of theremote system. Otherwise, BFD sessions cannot be established. After the local discriminator and the remotediscriminator are configured, you cannot modify them.

Step 7 Run:commit


----End

1.6 Configuring Static BFD with Automatically NegotiatedDiscriminators

When the peer device uses dynamic BFD and the local device wants to communicate with thepeer device and detect static routes, create a BFD session with automatically negotiateddiscriminators.This function applies to networks that use static routes to implement Layer 3connectivity.



8

Pre-configuration TasksBefore configuring a BFD session with automatically negotiated discriminators, complete thefollowing task:

l Configuring an IP address for the Layer 3 interface


Figure 1-3 Configuring static BFD with automatically negotiated discriminators

Enable global BFD


Mandatory

Optional

Procedure



Step 2 Run:bfd



Step 3 Run:quit


Step 4 Run:bfd session-name bind peer-ip ip-address [ vpn-instance vpn-name ] [ interface interface-type interface-number ] source-ip ip-address auto

A BFD session with automatically negotiated discriminators is created.

NOTE

l You must specify a source IP address.

l You must specify the peer IP address, which cannot be a multicast IP address.

Step 5 Run:commit


----End



9

1.7 Configuring BFD to Detect VPN RoutesThis section describes how to configure BFD to detect VPN routes.

Pre-configuration Tasks

Before configuring BFD to detect VPN routes, complete the following tasks:

l Configuring network layer attributes of interfaces to ensure network connectivity

l Configuring VPN instances on PEs


Figure 1-4 Configuring BFD to detect VPN routes

Enable global BFD


Mandatory

Optional


Procedure



Step 2 Run:bfd



Step 3 Run:bfd session-name bind peer-ip ip-address vpn-instance vpn-name [ interface interface-type interface-number ] [ source-ip ip-address ]

A BFD session is created and the peer IP address is specified.



10

NOTE

l When creating a BFD session for the first time, bind the BFD session to the peer IP address and thelocal VPN instance. To modify a configured BFD session, delete it and recreate a new one.

l When the BFD configuration items are created, the system checks only the IP address format. The BFDsession cannot be established if an incorrect peer IP address or source IP address is bound.






NOTE

The local discriminator of the local system must be the same as the remote discriminator of the remotesystem; the remote discriminator of the local system must be the same as the local discriminator of theremote system. Otherwise, BFD sessions cannot be established.

Step 6 Run:commit


----End

1.8 Configuring BFD AssociationAssociation between BFD and other protocols improves upper-layer application performanceand fast detects faults on links.

Applications Associated with BFDl BFD for OSPF: See Configuring BFD for OSPF in the CloudEngine 12800 Series Switches

Configuration - Configuration Guide - IP Routing – OSPF Configuration.

l BFD for IS-IS: See Configuring Static BFD for IS-IS and Configuring Dynamic BFD forIS-IS in the CloudEngine 12800 Series Switches Configuration - Configuration Guide - IPRouting – IS-IS Configuration.

l BFD for BGP: See Configuring Association Between BGP and BFD in the CloudEngine12800 Series Switches Configuration - Configuration Guide - IP Routing – BGPConfiguration.

l BFD for static routes: See Configuring Dynamic BFD for IPv4 Static Routes andConfiguring Static BFD for IPv4 Static Routes in the CloudEngine 12800 Series SwitchesConfiguration - Configuration Guide - IP Routing – Static Route Configuration.

l BFD for VRRP: See 3.6.3 Configuring Association Between VRRP and the InterfaceStatus in the CloudEngine 12800 Series Switches Configuration - Configuration Guide -Reliability – VRRP Configuration.



11

l BFD for PIM: See Configuring PIM BFD in the CloudEngine 12800 Series SwitchesConfiguration - Configuration Guide - IP Multicast – PIM-SM (IPv4) Configuration.

1.9 Adjusting BFD ParametersYou can adjust BFD parameters so that the BFD session can fast detect faults on links.

Pre-configuration TasksBefore adjusting BFD parameters, complete the following task:

l Creating a BFD session

1.9.1 Adjusting the BFD Detection Time

ContextWhen you set up a BFD session, you can adjust the minimum interval for sending BFD packets,minimum interval for receiving BFD packets, and local detection multiplier based on the networksituation and performance requirements.

To reduce usage of system resources, when a BFD session is detected in Down state, the systemadjusts the minimum interval for receiving BFD packets and the minimum interval for sendingBFD packets to random values greater than 1000 ms. When the BFD session becomes Up, theconfigured intervals are restored.

Procedure



Step 2 Run:bfd session-name

The BFD session view is displayed.

Step 3 Run:min-tx-interval interval

The minimum interval for sending BFD packets is set.

By default, the minimum interval for sending BFD packets is 1000 ms.

Step 4 Run:min-rx-interval interval

The minimum interval for receiving BFD packets is set.

By default, the minimum interval for receiving BFD packets is 1000 ms.

Step 5 Run:detect-multiplier multiplier

The local detection multiplier is set.



12

By default, the local detection multiplier is 3.

NOTE

It is recommended that the detection interval be set not smaller than 50 ms x 5 or 100 ms x 3.

Step 6 Run:commit


----End

1.9.2 Setting the WTR Time of a BFD Session

Context

If a BFD session flaps, an active/standby switchover is frequently performed on the applicationassociated with the BFD session. To prevent the problem, set the WTR time of the BFD session.When the BFD session changes from Down to Up, BFD reports the change to the upper layerapplication only after the WTR timer times out.

Procedure





Step 3 Run:wtr wtr-value

The WTR time is set.

By default, the WTR time is 0, indicating that the status change of a BFD session is reportedimmediately.

NOTE

If the WTR time is set, set the same WTR time at both ends. Otherwise, when the BFD session statuschanges at one end, applications at both ends detect different BFD session statuses.

Step 4 Run:commit


----End

1.9.3 Configuring the Description for a BFD Session



13

ContextTo differentiate BFD sessions, configure the description for BFD sessions.

NOTE

The description (BFD session view) command is valid for only static BFD sessions, and is invalid fordynamic BFD sessions and BFD sessions with automatically negotiated parameters.

Procedure





Step 3 Run:description description

The description of the BFD session is configured.

By default, the description of a BFD session is empty.

Step 4 Run:commit


----End

1.9.4 Setting the Delay Before a BFD Session Becomes Up

ContextIn practice, some devices determine whether to switch traffic based on the BFD session status.Because the routing protocol becomes Up after the interface becomes Up, routes may be notfound when services are switched back, causing traffic loss. Therefore, the interval between thetime when the routing protocol becomes Up and the time when the interface becomes Up mustbe eliminated.

Procedure



Step 2 Run:bfd

Global BFD is enabled and the BFD view is displayed.



14

Step 3 Run:delay-up time

The delay before a BFD session becomes Up is set.

By default, the delay before a BFD session becomes Up is 0.

Step 4 Run:commit


----End

1.9.5 Setting the Priority of BFD Packets

You can change the priority of BFD packets to:

l Detect whether packets with different priorities on a link can be forwarded.l Ensure that BFD packets with a higher priority are forwarded first.

Procedure





Step 3 Run:tos-exp tos-value

The priority of BFD packets is set.

By default, the priority of BFD packets is 7, representing the highest priority. The value 0 is thelowest priority.

The tos-exp dynamiccommand can be used to set a priority value for a dynamic BFD session.

----End

1.10 Checking the ConfigurationAfter the BFD configuration is complete, you can view the BFD session configuration.

Procedurel Run the display bfd session { all | static | discriminator discr-value | dynamic | peer-ip

peer-ip [ vpn-instance vpn-instance-name ] | static-auto } [ verbose ] command to viewinformation about the BFD session.

l Run the display bfd statistics command to check global BFD statistics.



15

l Run the display bfd statistics session { all | static | dynamic | discriminator discr-value | peer-ip peer-ip [ vpn-instance vpn-name ] | static-auto } command to check BFDsession statistics.

----End

1.11 Maintaining BFDThis section describes how to maintain BFD.

To view BFD statistics within a specified period, clear existing statistics and then use a displaycommand.

CAUTIONThe deleted BFD statistics cannot be restored. Exercise caution when you use this command.

Procedurel Run the reset bfd statistics { all | discriminator discr-value } command in the user view

to clear BFD session statistics.

----End

1.12 Configuration ExamplesThis section provides examples for the BFD configuration, including networking requirements,configuration notes, and configuration roadmap.

1.12.1 Example for Configuring Single-Hop BFD on a VLANIFInterface

Networking Requirements

As shown in Figure 1-5, SwitchA connects to SwitchB through the VLANIF interface. Faultson the link between SwitchA and SwitchB need to be fast detected.

Figure 1-5 Networking diagram for configuring single-hop BFD on a VLANIF interface

VLANIF10010.1.1.5/24

VLANIF10010.1.1.6/24

10GE1/0/1 10GE1/0/1SwitchA SwitchB

Configuration RoadmapThe configuration roadmap is as follows:



16

Configure BFD sessions on SwitchA and SwitchB.

Procedure

Step 1 On SwitchA and SwitchB, create VLANs, configure 10GE1/0/1 interfaces as trunk interfaces,and add 10GE1/0/1 interfaces to VLANs. The configuration details are not mentioned here.

Step 2 Configure IP addresses for VLANIF interfaces so that SwitchA and SwitchB can communicateat Layer 3. The configuration details are not mentioned here.

Step 3 Configure single-hop BFD.

# Enable BFD and create a BFD session on SwitchA.

<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] bfd atob bind peer-ip 10.1.1.6 interface vlanif 100[~SwitchA-bfd-session-atob] discriminator local 1[~SwitchA-bfd-session-atob] discriminator remote 2[~SwitchA-bfd-session-atob] commit[~SwitchA-bfd-session-atob] quit

# Enable BFD and create a BFD session on SwitchB.

<HUAWEI> system-view[~HUAWEI] sysname SwitchB[~HUAWEI] commit[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] bfd btoa bind peer-ip 10.1.1.5 interface vlanif 100[~SwitchB-bfd-session-btoa] discriminator local 2[~SwitchB-bfd-session-btoa] discriminator remote 1[~SwitchB-bfd-session-btoa] commit[~SwitchB-bfd-session-btoa] quit

Step 4 Verify the configuration.

After the configuration is complete, run the display bfd session all verbose command onSwitchA and SwitchB. You can see that a single-hop BFD session is set up and its status is Up.The display on SwitchA is used as an example.

<SwitchA> display bfd session all verbose-------------------------------------------------------------------------------- Name : atob (One Hop) State : Up-------------------------------------------------------------------------------- Local Discriminator : 1 Remote Discriminator : 2 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Vlanif100) Bind Session Type : Static Bind Peer IP Address : 10.1.1.6 Bind Interface : Vlanif100 FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 WTR Interval (ms) : - Detect Interval (ms) : 3000 Local Detect Multi : 3 Active Multi : 3 Destination Port : 3784 TTL : 255 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session Description : - -------------------------------------------------------------------------------- Total UP/DOWN Session Number : 1/0



17

# Run the shutdown command on the 10GE1/0/1 interface of SwitchA to simulate a link fault.

[~SwitchA] interface 10GE 1/0/1[~SwitchA-10GE1/0/1] shutdown[~SwitchA-10GE1/0/1] quit

After the configuration is complete, run the display bfd session all verbose command onSwitchA and SwitchB. You can see that a single-hop BFD session is set up and its status isDown. Take the display on SwitchA as an example.

<SwitchA> display bfd session all verbose-------------------------------------------------------------------------------- Name : atob (One Hop) State : Down-------------------------------------------------------------------------------- Local Discriminator : 1 Remote Discriminator : 2 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Interface(Vlanif100) Bind Session Type : Static Bind Peer IP Address : 10.1.1.6 Bind Interface : Vlanif100 FSM Board Id : 4 TOS-EXP : 7 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 10093 Actual Rx Interval (ms): 10093 WTR Interval (ms) : - Detect Interval (ms) : - Local Detect Multi : 3 Active Multi : 3 Destination Port : 3784 TTL : 255 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session Not Up Reason : In negotiation Session Description : - -------------------------------------------------------------------------------- Total UP/DOWN Session Number : 0/1

----End

Configuration Filesl Configuration file of SwitchA

#sysname SwitchA#vlan batch 100# bfd#interface Vlanif100 ip address 10.1.1.5 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100#bfd atob bind peer-ip 10.1.1.6 interface Vlanif100 discriminator local 1 discriminator remote 2#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 100# bfd#



18

interface Vlanif100 ip address 10.1.1.6 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100#bfd btoa bind peer-ip 10.1.1.5 interface Vlanif100 discriminator local 2 discriminator remote 1#return

1.12.2 Example for Configuring Multi-Hop BFD

Networking RequirementsAs shown in Figure 1-6, SwitchA is indirectly connected to SwitchC. Static routes areconfigured so that SwitchA can communicate with SwitchC. Faults on the link betweenSwitchA and SwitchC need to be fast detected.

Figure 1-6 Networking diagram for configuring multi-hop BFD

SwitchA SwitchCSwitchB

10GE1/0/110.1.1.1/24

10GE1/0/110.1.1.2/24

10GE1/0/210.2.1.1/24

10GE1/0/110.2.1.2/24

VLAN 10 VLAN 20


Configure BFD sessions on SwitchA and SwitchC to detect the multi-hop route.

Procedure

Step 1 Add interfaces to VLANs, create VLANIF interfaces, and assign IP addresses to VLANIFinterfaces. The configuration details are not mentioned here.

Step 2 Configure a reachable static route between SwitchA and SwitchC.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] ip route-static 10.2.0.0 16 10.1.1.2[~SwitchA] commit

The configuration of SwitchC is similar to the configuration of SwitchA, and is not mentionedhere.

Step 3 Configure multi-hop BFD.

# Create a BFD session between SwitchA and SwitchC.

[~SwitchA] bfd[~SwitchA-bfd] quit



19

[~SwitchA] bfd atoc bind peer-ip 10.2.1.2[~SwitchA-bfd-session-atoc] discriminator local 10[~SwitchA-bfd-session-atoc] discriminator remote 20[~SwitchA-bfd-session-atoc] commit[~SwitchA-bfd-session-atoc] quit

# Create a BFD session between SwitchC and SwitchA.

[~SwitchC] bfd[~SwitchC-bfd] quit[~SwitchC] bfd ctoa bind peer-ip 10.1.1.1[~SwitchC-bfd-session-ctoa] discriminator local 20[~SwitchC-bfd-session-ctoa] discriminator remote 10[~SwitchC-bfd-session-ctoa] commit[~SwitchC-bfd-session-ctoa] quit


After the configuration, run the display bfd session verbose command on SwitchA andSwitchC. You can see that a BFD session is set up and is in Up state. Take the display onSwitchA as an example.

<SwitchA> display bfd session all verbose-------------------------------------------------------------------------------- Name : atoc (Multi Hop) State : Up-------------------------------------------------------------------------------- Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer IP Address Bind Session Type : Static Bind Peer IP Address : 10.2.1.2 Bind Interface : - FSM Board Id : 1 TOS-EXP : 7 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 1000 Actual Rx Interval (ms): 1000 WTR Interval (ms) : - Detect Interval (ms) : 3000 Local Detect Multi : 3 Active Multi : 3 Destination Port : 4784 TTL : 254 Last Local Diagnostic : No Diagnostic Bind Application : No Application Bind Session Not Up Reason : In negotiation Session Description : - --------------------------------------------------------------- Total UP/DOWN Session Number : 1/0

# Run the shutdown command on the 10GE1/0/1 interface of SwitchA to simulate a link fault.

[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] shutdown[~SwitchA-10GE1/0/1] commit[~SwitchA-10GE1/0/1] quit

After the configuration, run the display bfd session all verbose command on SwitchA andSwitchB. You can see that a multi-hop BFD session is set up and the status is Down. Take thedisplay on SwitchA as an example.

<SwitchA> display bfd session all verbose-------------------------------------------------------------------------------- Name : atoc (Multi Hop) State : Down-------------------------------------------------------------------------------- Local Discriminator : 10 Remote Discriminator : 20 Session Detect Mode : Asynchronous Mode Without Echo Function BFD Bind Type : Peer IP Address Bind Session Type : Static Bind Peer IP Address : 10.2.1.2 Bind Interface : - FSM Board Id : - TOS-EXP : 7 Min Tx Interval (ms) : 1000 Min Rx Interval (ms) : 1000 Actual Tx Interval (ms): 6761 Actual Rx Interval (ms): 6761



20

WTR Interval (ms) : - Detect Interval (ms) : - Local Detect Multi : 3 Active Multi : 3 Destination Port : 4784 TTL : 254 Last Local Diagnostic : Control Detection Time Expired Bind Application : No Application Bind Session Not Up Reason : In negotiation Session Description : - -------------------------------------------------------------------------------- Total UP/DOWN Session Number : 0/1

----End


#sysname SwitchA#vlan batch 10# bfd#interface Vlanif10 ip address 10.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#bfd atoc bind peer-ip 10.2.1.2 discriminator local 10 discriminator remote 20# ip route-static 10.2.0.0 255.255.0.0 10.1.1.2#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 10 20#interface Vlanif10 ip address 10.1.1.2 255.255.255.0#interface Vlanif20 ip address 10.2.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 10#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 20#return

l Configuration file of SwitchC#sysname SwitchC# bfd# vlan batch 20#interface Vlanif20



21

ip address 10.2.1.2 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 20

#bfd ctoa bind peer-ip 10.1.1.1 discriminator local 20 discriminator remote 10# ip route-static 10.1.0.0 255.255.0.0 10.2.1.1#return

1.13 Common Configuration ErrorsThis section describes common configuration errors of BFD.

1.13.1 BFD Session Cannot Become Up

Common Causes

This fault is commonly caused by one of the following:

l The link carrying the BFD session is faulty. As a result, BFD packets cannot be exchanged.

l The BFD session flaps frequently.

Procedure

Step 1 Run the display current-configuration configuration bfd-session command to check whetherthe local and remote discriminators at both ends match.

l If the local and remote discriminators at both ends match, go to step 2.

l If the local and remote discriminators at both ends do not match, run the discriminatorcommand to correctly configure local and remote discriminators, and then run the displaybfd session all command to check whether the BFD session is Up.

– If the value of the State field is Up, the BFD session has been established.

– If the value of the State field is not Up, go to step 2.

Step 2 Run the display current-configuration configuration bfd-session command to check whetherthe BFD detection time is longer than the delay before the BFD session becomes Up.

Detection time = Received Detect Multi of the remote system x Max (Local RMRI/ReceivedDMTI) Detect Multi is the local detection multiplier, which is set by using the detect-multiplier command. The Required Min Rx Interval (RMRI) is the minimum interval forreceiving BFD packets, which is set by using the min-rx-interval command. The Desired MinTx Interval (DMTI) is the minimum interval for sending BFD packets, which is set by using themin-tx-interval command.

The link delay can be obtained using the ping or tracert mechanism.



22

If the BFD detection time is shorter than the delay before the BFD session becomes Up, run thedetect-multiplier, min-rx-interval, and min-tx-interval commands to increase the BFDdetection time to be longer than the delay.

----End



23

2 DLDP Configuration

About This Chapter

DLDP can detect unidirectional links of optical fibers or copper twisted pairs.

2.1 DLDP OverviewDLDP is used to detect unidirectional links and shut down interfaces or notify the networkadministrator if a unidirectional link fault occurs.

2.2 Default ConfigurationThis section describes the default configuration of the DLDP.

2.3 Configure DLDP FunctionsThis section describes how to configure DLDP for detecting unidirectional links.

2.4 Resetting the DLDP StatusAfter the DLDP status of a disabled interface is reset, the interface re-detects unidirectional links.

2.5 Maintaining DLDPYou can monitor the DLDP running status and debug DLDP faults by maintaining DLDP.

2.6 Configuration ExamplesThis section provides examples for the DLDP configuration, including networking requirements,configuration notes, and configuration roadmap.

2.7 Common Configuration ErrorsThis section describes common configuration errors of DLDP.

CloudEngine 12800 Series SwitchesConfiguration Guide - Reliability 2 DLDP Configuration


24

2.1 DLDP OverviewDLDP is used to detect unidirectional links and shut down interfaces or notify the networkadministrator if a unidirectional link fault occurs.

The Device Link Detection Protocol (DLDP) can detect unidirectional links and takecorresponding measures. DLDP monitors the link status on devices connected through opticalfibers or copper twisted pairs. If a unidirectional link exists on an interface, DLDP automaticallyshuts down or prompts users to manually shut down the interface to prevent network faults.

On running networks, optical fibers may be cross-connected, an optical fiber may bedisconnected, and a line in the copper twisted pair or optical fiber may be disconnected. In thesescenarios, the interface on one end of the link can receive the link layer packets from the peerend, but the peer end cannot receive packets from the local end. This link is a unidirectional link.The physical layer of a unidirectional link is in connected state and can work properly. Thedetection mechanisms on the physical layer such as auto-negotiation cannot detect faults oncommunication among devices. This may lead to incorrect forwarding of traffic.

As shown in Figure 2-1 and Figure 2-2, a unidirectional link fault may be caused by crossconnections of optical fibers or disconnection of an optical fiber.

Figure 2-1 Correct optical fiber connections

SwitchA SwitchB

Interface 2

Interface 1 Interface 3

Interface 4

Figure 2-2 Cross-connected optical fibers

SwitchA SwitchB

Interface 2

Interface 1 Interface 3

Interface 4

2.2 Default ConfigurationThis section describes the default configuration of the DLDP.

Table 2-1 Default configuration of DLDP

Parameter Default Value

DLDP function Disabled

DLDP working mode Enhanced mode

Interval for sending Advertisement packets 5 seconds

Authentication mode of DLDP packets Non-authentication

Timeout value of the DelayDown timer 1 second



25

Parameter Default Value

Shutdown mode of an interface after aunidirectional link is found

Automatic mode

2.3 Configure DLDP FunctionsThis section describes how to configure DLDP for detecting unidirectional links.

Pre-configuration Tasks

Before configuring DLDP, complete the following task:

l Ensure that the interfaces on both ends work in non-auto-negotiation mode.

2.3.1 Enabling DLDP

Context

Unidirectional links can be detected only when the devices on both ends of optical fibers orcopper twisted pairs support DLDP functions.

Procedure



Step 2 Run:dldp enable

DLDP is enabled globally.

By default, DLDP is disabled globally and on each interface.

Step 3 Run:interface interface-type interface-number

The interface view is displayed.

NOTE

l DLDP cannot be configured on Layer 3 interfaces or logical interfaces.

Step 4 Run:dldp enable

DLDP is enabled on the interfaces.

Step 5 Run:commit



26


----End

2.3.2 (Optional) Configuring the Working Mode of DLDP

ContextIf DLDP works in normal mode, the system can identify only unidirectional links caused bycross connections of optical fibers.

If DLDP works in enhanced mode, the system can identify unidirectional links caused by crossconnections of optical fibers and disconnection of one optical fiber. To detect unidirectionallinks caused by disconnection of one optical fiber, manually set the rate and full duplex modeof the connected interfaces. If you do not set the rate and full duplex mode of the connectedinterfaces, DLDP does not take effect even if it is enabled.

Procedure



Step 2 Run:dldp work-mode { enhance | normal }

The working mode of DLDP is configured.

By default, the working mode of DLDP is enhance.

Step 3 Run:commit


----End

2.3.3 (Optional) Configuring the DLDP-Compatible Mode

ContextIf the device needs to work with some old Huawei switches to provide the DLDP function, thisconfiguration is required.

NOTE

In compatible mode, the BPDU MAC address carried in a DLDP packet is 010F-E200-0001.

Procedure





27



Step 3 Run:dldp compatible-mode enable

The DLDP compatible mode is enabled.

If two devices are connected by two cross links, the DLDP compatible mode must be enabledor disabled on both the two interfaces.

If two devices are Huawei devices (not preceding models), the DLDP compatible mode mustbe enabled or disabled on both the two interfaces.

Step 4 Run:dldp compatible-mode local-mac mac-address

The DLDP packets sent in the DLDP compatible mode contain MAC addresses.

After the DLDP compatible mode is enabled on the device, the peer device may discover multipleneighbors, which leads to DLDP flapping. The dldp compatible-mode local-mac commandcan prevent this problem.

NOTE

At least one bit in the MAC address must be 0, and the MAC address cannot be a multicast MAC address.

Step 5 Run:commit


----End

2.3.4 (Optional) Setting the Interval for Sending AdvertisementPackets

ContextAn interface in Advertisement state sends Advertisement packets. DLDP creates a neighborentry, starts the entry timer, and transits to the Probe state if the neighbor entry does not existon the peer interface. DLDP updates the entry timer if the neighbor entry exists.

The interval for sending Advertisement packets must be smaller than one third of the STPconvergence time. If the interval is too long, STP loops occur when a unidirectional link is stillenabled on a DLDP interface. If the interval is too short, the traffic volume on the networkincreases.

Procedure





28

Step 2 Run:dldp interval interval

The interval for sending Advertisement packets is set.

By default, the interval for sending the Advertisement packets is 5 seconds.

NOTE

The same interval for sending Advertisement packets must be set on the local and remote devices that areconnected through optical fibers or copper twisted pairs; otherwise, DLDP cannot work properly.

Step 3 Run:commit


----End

2.3.5 (Optional) Setting the Timeout Period of the DelayDownTimer

ContextIf a DLDP interface in Active, Advertisement, or Probe state receives a Port-Down event, theinterface enters Inactive state and clears the neighbor information. In some cases, the interfaceis Down for a short time. For example, failure of the Tx fiber on an interface may cause jitter ofoptical signals on the Rx fiber, which makes the interface Down and then Up again. To preventthe neighbor information from being deleted immediately in this case, the DLDP interface firstenters the DelayDown state and starts the DelayDown timer. Before the DelayDown timer timesout, the interface retains the neighbor information and responds to only Port-Up events.

l If the DLDP interface does not receive any Port-Up event when the DelayDown timer timesout, the interface deletes the neighbor entry and enters the Inactive state.

l If the DLDP interface receives the Port-Up event before the DelayDown timer times out,the interface returns to the previous state.

Procedure



Step 2 Run:dldp delaydown-timer time

The timeout period of the DelayDown timer is set.

The default timeout value of the DelayDown timer is 1 second.

Step 3 Run:commit


----End



29

2.3.6 (Optional) Setting the Mode of Shutting Down an InterfaceWhen a Unidirectional Link Is Detected

Context

When a unidirectional link is detected, DLDP shuts down the corresponding interface in eitherof the following ways:

l Manual mode: When the network performance is poor, this mode can prevent DLDP fromaffecting packet forwarding by shutting down the interface immediately when aunidirectional link is detected. It is a compromise mode used to prevent interface shutdowndue to incorrect judgment of the system. In this mode, DLDP detects unidirectional links,and the network administrator manually shuts down the interface. Upon detecting aunidirectional link, DLDP records only log and trap messages and prompts the networkadministrator to shut down the interface.

l Automatic mode: It is the default mode. When a unidirectional link is detected, DLDPchanges to the Disable state, records the log and trap messages, and sets the interface statusto Shutdown.

Procedure



Step 2 Run:dldp unidirectional-shutdown { auto | manual }

The interface shutdown mode when a unidirectional link is detected is set.

By default, DLDP automatically shuts down the interface when a unidirectional link is detected.

An interface in DLDP Down state still sends RecoverProbe packets periodically. If the interfacereceives correct RecoverEcho packets, the unidirectional link changes to the bidirectional linkand the DLDP status of the interface becomes Up.

NOTE

When the network performance is good, the automatic mode is recommended. When the network performanceis low, the manual mode is recommended because the automatic mode may lead to a delay in receiving DLDPpackets and a unidirectional link may be detected mistakenly. The network administrator manually shuts downthe interface, preventing packet forwarding from being affected by automatic interface shutdown.

Step 3 Run:commit


----End

2.3.7 (Optional) Configuring the Authentication Mode for DLDPPackets



30

ContextTo ensure packet validity on an insecure network, users can configure one of the followingauthentication modes for DLDP packets.

Table 2-2 Authentication modes of DLDP packets

Authentication Mode Description

Non-authentication mode The receiver compares the authentication keyand authentication type of the packet withthose configured on the local end. If they aredifferent, the receiver discards the packet.

Simple authentication mode The receiver compares the authentication keyand authentication type of the packet withthose configured on the local end. If they aredifferent, the receiver discards the packet.

MD5 authentication mode The receiver compares the authentication keyand authentication type of the packet with theMD5-encrypted password and authenticationtype that are configured on the local end. Ifthey are different, the receiver discards thepacket.

Procedure



Step 2 Run:dldp authentication-mode { md5 md5–password | simple simple-password }

The authentication mode is configured for DLDP packets.

By default, the DLDP packets between the interfaces on the local device and the remote deviceare not authenticated.

NOTE

The local and remote devices must use the same authentication mode and the authentication password; otherwise,the authentication fails. DLDP works properly only after the authentication succeeds.

Step 3 Run:commit


----End

2.3.8 Checking the Configuration



31

Procedurel Run the display dldp [ interface interface-type interface-number | brief ] command to

check the DLDP configuration and neighbor information entries.

----End

2.4 Resetting the DLDP StatusAfter the DLDP status of a disabled interface is reset, the interface re-detects unidirectional links.

ContextWhen a unidirectional link is detected, the interface enters the Disable state. The system promptsyou to shut down the interface or automatically sets the interface state to DLDP Down accordingto the configuration. To enable the interface to detect unidirectional links again, you can resetthe DLDP status of the interface as follows:

l If the interface is shut down using the shutdown command, run the undo shutdowncommand to enable the interface to detect unidirectional links again.

l If the system automatically sets the interface state to DLDP Down, wait the interface torecover using the auto recovery mechanism after the link state becomes bidirectional. Youcan also run the dldp reset command to reset the DLDP status of the interface.

When you reset the DLDP status globally on a device, the DLDP status is reset for all the disabledports on the device. When you reset the DLDP status on a disabled interface, the DLDP statusis reset only for this interface.

Procedurel Reset the DLDP status globally.

1. Run:system-viewThe system view is displayed.

2. Run:dldp resetThe DLDP status is reset globally.

3. Run:commitThe configuration is committed.

l Reset the DLDP status on an interface.


2. Run:interface interface-type interface-numberThe interface view is displayed.

3. Run:dldp reset



32

The DLDP status is reset for the interface.

4. Run:commit


----End

2.5 Maintaining DLDPYou can monitor the DLDP running status and debug DLDP faults by maintaining DLDP.

Context

To view DLDP statistics within a specified period, clear existing statistics and then use a displaycommand.

NOTE

The DLDP statistics cannot be restored after being cleared; therefore, confirm the action before you performthe operation.

Procedurel Run the reset dldp statistics [ interface interface-type interface-number ] command in the

user interface to clear DLDP packet statistics.

----End

2.6 Configuration ExamplesThis section provides examples for the DLDP configuration, including networking requirements,configuration notes, and configuration roadmap.

2.6.1 Example for Configuring DLDP to Detect a DisconnectedOptical Fiber Link


As shown in Figure 2-3, SwitchA and SwitchB are connected through a pair of optical fibers.On an optical fiber, Rx indicates the receive end, and Tx indicates the transmit end. Therequirement is to detect unidirectional links.


Tx

TxRx

RxSwitch A Switch B

10GE1/0/1 10GE1/0/1



33

Configuration Roadmap1. Configure the interfaces on both ends to work in non-auto-negotiation mode.

2. Enable DLDP to detect unidirectional links between SwitchA and SwitchB.

3. Adjust DLDP parameters to detect unidirectional links more efficiently.

Procedure

Step 1 Enable DLDP globally.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~SwitchA] commit[~SwitchA] dldp enable[~SwitchA] commit

Step 2 Enable DLDP on an interface of SwitchA.[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] dldp enable[~SwitchA-10GE1/0/1] commit[~SwitchA-10GE1/0/1] quit

Step 3 Set the interval for sending Advertisement packets to 10 seconds on SwitchA.[~SwitchA] dldp interval 10[~SwitchA] commit

Step 4 Set the timeout value of the DelayDown timer to 4 seconds on SwitchA.[~SwitchA] dldp delaydown-timer 4[~SwitchA] commit

Step 5 Set the authentication mode of DLDP packets to simple password authentication and set thepassword to 12345 on SwitchA.[~SwitchA] dldp authentication-mode simple 12345[~SwitchA] commit

Perform steps 1 to 6 on SwitchB.


After the configuration is complete, run the display dldp command in the interface view. Thecommand output shows that the DLDP status of the interface is advertisement.

[~SwitchA] display dldpDLDP global status : enable DLDP interval(s) : 10DLDP work mode : enhanceDLDP authentication mode : simpleDLDP authentication password : Ls#e*h445SZypQCee$t3w=%#DLDP unidirectional shutdown : autoDLDP delaydown timer(s) : 4The number of enabled ports : 1The number of global neighbors : 1

Interface 10GE1/0/1DLDP port state : advertisementDLDP link state : up The neighbor number of the port : 1 Neighbor mac address : 0025-9e95-7c21 Neighbor port index : 80 Neighbor state : two way Neighbor aged time(s) : 11 Neighbor created time : 2013-06-09 15:09:25



34

Simulate an optical fiber disconnection by removing the receive optical fiber from SwitchA.DLDP automatically shuts down 10GE1/0/1 on SwitchB when a unidirectional link occursbetween SwitchA and 10GE1/0/1 on SwitchB.

# Run the display dldp command on SwitchA and SwitchB. The command output shows thatthe DLDP status of 10GE1/0/1 on SwitchA is inactive, and the DLDP status of 10GE1/0/1 onSwitchB is disable.

[~SwitchA] display dldp interface 10ge 1/0/1Interface 10GE1/0/1DLDP port state : inactiveDLDP link state : down The neighbor number of the port : 0[~SwitchB] display dldp interface 10ge 1/0/1Interface 10GE1/0/1DLDP port state : disableDLDP link state : down The neighbor number of the port : 0

----End


#sysname SwitchA# dldp enable dldp interval 10 dldp delaydown-timer 4 dldp authentication-mode simple %$%$%;a:%$%$%;a:#interface 10GE1/0/1 dldp enable#return

l Configuration file of SwitchB#sysname SwitchB# dldp enable dldp interval 10 dldp delaydown-timer 4 dldp authentication-mode simple %$%$%;a:%$%$%;a:#interface 10GE1/0/1 dldp enable #return

2.6.2 Example for Configuring DLDP to Detect Cross-ConnectedOptical Fibers


As shown in Figure 2-4, SwitchA and SwitchB are connected through a pair of optical fibers.On an optical fiber, Rx indicates the receive end, and Tx indicates the transmit end. Opticalfibers may be cross connected, as shown in Figure 2-5. The requirement is to detectunidirectional links caused by cross connections of optical fibers.



35


SwitchA SwitchB

10GE1/0/2

10GE1/0/1 10GE1/0/1

10GE1/0/2

Rx Tx

Rx

Rx

Tx

Tx

Figure 2-5 Cross-connected optical fibers

SwitchA SwitchB

10GE1/0/2

10GE1/0/1 10GE1/0/1

10GE1/0/2

Rx TxRx

Rx

Tx

Tx

Configuration Roadmap

The configuration roadmap is as follows:

1. Configure the interfaces on both ends to work in non-auto-negotiation mode.2. Enable DLDP to detect unidirectional links between SwitchA and SwitchB.3. Adjust DLDP parameters to detect unidirectional links more efficiently.

Procedure

Step 1 Enable DLDP globally on SwitchA.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~SwitchA] commit[~SwitchA] dldp enable[~SwitchA] commit

Step 2 Enable DLDP on an interface of SwitchA.[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] dldp enable[~SwitchA-10GE1/0/1] commit[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] dldp enable[~SwitchA-10GE1/0/2] commit[~SwitchA-10GE1/0/2] quit

Step 3 Set the interval for sending Advertisement packets to 10 seconds on SwitchA.[~SwitchA] dldp interval 10[~SwitchA] commit

Step 4 Set the timeout value of the DelayDown timer to 4 seconds on SwitchA.[~SwitchA] dldp delaydown-timer 4[~SwitchA] commit

Step 5 Set the authentication mode of DLDP packets to simple password authentication and set thepassword to 12345 on SwitchA.[~SwitchA] dldp authentication-mode simple 12345[~SwitchA] commit

Perform steps 1 to 6 on SwitchB.



36


After the configuration is complete, run the display dldp command in the interface view. Thecommand output shows that the DLDP status of the interface is advertisement.[~SwitchA] display dldp interface 10ge 1/0/1Interface 10GE1/0/1 DLDP port state : advertisement DLDP link state : up The neighbor number of the port : 1 Neighbor mac address : 0001-0001-0001 Neighbor port index : 26 Neighbor state : two way Neighbor aged time(s) : 206 Neighbor created time : 2009/2/13 11:40:49[~SwitchA] display dldp interface 10ge 1/0/2Interface 10GE 1/0/2 DLDP port state : advertisement DLDP link state : up The neighbor number of the port : 1 Neighbor mac address : 0001-0001-0001 Neighbor port index : 28 Neighbor state : two way Neighbor aged time(s) : 188 Neighbor created time : 2009/2/13 11:40:49[~SwitchB] display dldp interface 10ge 1/0/1Interface 10GE1/0/1 DLDP port state : advertisement DLDP link state : up The neighbor number of the port : 1 Neighbor mac address : 781d-ba57-c24a Neighbor port index : 51 Neighbor state : two way Neighbor aged time(s) : 235 Neighbor created time : 2009/2/13 11:40:49[~SwitchB] display dldp interface 10ge 1/0/2Interface 10GE 1/0/2 DLDP port state : advertisement DLDP link state : up The neighbor number of the port : 1 Neighbor mac address : 781d-ba57-c24a Neighbor port index : 53 Neighbor state : two way Neighbor aged time(s) : 214 Neighbor created time : 2009/2/13 11:40:49

As shown in Figure 2-5, if a unidirectional link occurs between the interfaces on SwitchA andSwitchB due to cross connections of optical fibers, DLDP will shut down the interfaces.

Run the display dldp command on SwitchA and SwitchB. The command output shows that theDLDP status of interfaces on SwitchA and SwitchB is disable.[~SwitchA] display dldp interface 10ge 1/0/1Interface 10GE1/0/1 DLDP port state : disable DLDP link state : up The neighbor number of the port is: 0[~SwitchA] display dldp interface 10ge 1/0/2Interface 10GE1/0/2 DLDP port state : disable DLDP link state : up The neighbor number of the port is: 0[~SwitchB] display dldp interface 10ge 1/0/1Interface 10GE1/0/1 DLDP port state : disable DLDP link state : up The neighbor number of the port is: 0[~SwitchB] display dldp interface 10ge 1/0/2Interface 10GE1/0/2



37

DLDP port state : disable DLDP link state : up The neighbor number of the port is: 0

----End


#sysname SwitchA# dldp enable dldp interval 10 dldp delaydown-timer 4 dldp authentication-mode simple %$%$%;a:%$%$%;a:#interface 10GE1/0/1 dldp enable#interface 10GE1/0/2 dldp enable#return

l Configuration file of SwitchB#sysname SwitchB# dldp enable dldp interval 10 dldp delaydown-timer 4 dldp authentication-mode simple %$%$%;a:%$%$%;a:#interface 10GE1/0/1 dldp enable#interface 10GE1/0/2 dldp enable#return

2.7 Common Configuration ErrorsThis section describes common configuration errors of DLDP.

2.7.1 DLDP Cannot Discover a Directly Connected Neighbor

Common Cause

This fault is commonly caused by one of the following:

l The link between the local device and directly connected neighbor failed.

l DLDP is disabled on the peer device.

l DLDP parameters on the local and the peer devices are different.



38

Procedure

Step 1 Run the display interface interface-type interface-number command to check the status of theinterface that cannot discover the peer device.l If the interface status is Down, rectify the failure.l If the interface status is Up, go to step 2.

Step 2 Run the display dldp command to see whether DLDP is enabled globally, that is, run the displaythis command in the interface view to check whether the output information contains the dldpenable field. If so, DLDP has been enabled on the interface; if not, DLDP is disabled on theinterface.l If DLDP is not enabled globally or on an interface, run the dldp enable command in the

corresponding view to enable DLDP.l If DLDP is enabled, go to step 3.

Step 3 Run the display dldp command to check whether the DLDP parameters on the local and peerdevices are the same.

Field Method

DLDP interval Check whether the intervals on both ends arethe same. If the intervals for sending DLDPpackets on both ends are different, run thedldp interval interval command in thesystem view on both devices to set the sameinterval on both devices.

DLDP authentication-mode Check whether authentication modes andpasswords on both ends are the same. If thetwo devices use different authenticationmodes or passwords, run the dldpauthentication-mode { md5 md5-password| simple simple-password | none } commandin the system view to set the sameauthentication mode and password on bothdevices.

----End



39

3 VRRP Configuration

About This Chapter

The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. VRRP switchesservices from the master device to the backup router when the next hop device of the masterdevice fails. This ensures nonstop service transmission and reliability.

3.1 Introduction to VRRPVRRP is a fault-tolerant protocol and provides a single default gateway address for hosts. If aVRRP-enabled device fails, another VRRP-enabled device takes over traffic, ensuringcontinuity and reliability for network communication.

3.2 VRRP Features Supported by the DeviceThe device supports basic VRRP functions and VRRP association.

3.3 Default ConfigurationThis section provides the default VRRP configuration.

3.4 Configuring Basic Functions of an IPv4 VRRP GroupAn IPv4 VRRP group implements gateway backup and ensures stable and efficient dataforwarding.

3.5 Configuring an IPv4 mVRRP GroupAn mVRRP group can be bound to VRRP groups and determine the status of its bound VRRPgroups. mVRRP is often used to solve dual-homing problems.

3.6 Configuring VRRP AssociationVRRP association enables VRRP to detect faults in a timely manner and triggers an active/standby switchover when the master or the uplink of the master becomes faulty. VRRPassociation optimizes VRRP switchover and enhances network reliability.

3.7 Maintaining VRRPThis section describes how to maintain VRRP, including monitoring the VRRP running statusand clearing VRRP packet statistics.

3.8 Configuration ExamplesThis section provides several configuration examples of VRRP.

3.9 Common Configuration Errors

CloudEngine 12800 Series SwitchesConfiguration Guide - Reliability 3 VRRP Configuration


40

This section describes common faults caused by incorrect VRRP configurations and providesthe troubleshooting procedure.



41

3.1 Introduction to VRRPVRRP is a fault-tolerant protocol and provides a single default gateway address for hosts. If aVRRP-enabled device fails, another VRRP-enabled device takes over traffic, ensuringcontinuity and reliability for network communication.

As networks rapidly develop and applications become diversified, various value-added servicessuch as IPTV and video conferencing are widely used. Demands for network infrastructurereliability are increasing, especially in nonstop network transmission for users.

Generally, hosts communicate with external networks through the gateway, as shown in Figure3-1. When the gateway is faulty, hosts fail to communicate with external networks. One methodto prevent communication interruption is usually to configure multiple egress gateways.However, terminal devices cannot select routes to these gateways because terminal devices oftendo not support routing protocols.

Figure 3-1 Default gateway on a LAN

SwitchA

HostA10.1.1.100/24

Gateway

HostB10.1.1.101/24

10.1.1.1/24

Internet

Data flow1Data flow2

VRRP virtualizes multiple routing devices into a virtual gateway device and uses the virtualgateway device IP address as the default gateway address. When the gateway device becomesfaulty, VRRP uses a new gateway device to transmit service traffic. This ensures reliablecommunication.

As shown in Figure 3-2, a VRRP group is configured on SwitchA and SwitchB. The VRRPgroup virtualizes two devices into one gateway device. The virtual gateway device has a virtualIP address and a virtual MAC address. Hosts only detect the virtual gateway device and use thevirtual IP address as the gateway address to communicate with external networks.

Normally, user-side traffic is forwarded by the master. When the master becomes faulty, a newmaster SwitchB is selected among backups through negotiation. The new master then forwardstraffic.



42

Figure 3-2 VRRP group

Virtual IP Address10.1.1.1/24

SwitchAMaster

Internet

HostA10.1.1.100/24

HostB10.1.1.101/24

SwitchBBackup

Virtual IP Address10.1.1.1/24

SwitchAInitialize

Internet

HostA10.1.1.100/24

HostB10.1.1.101/24

SwitchBMaster

Data flow1Data flow2

3.2 VRRP Features Supported by the DeviceThe device supports basic VRRP functions and VRRP association.

NOTEOnly VLANIF interfaces support VRRP.

VRRP Configuration Logic

The configuration logic is as follows:

l Configure basic VRRP functions: The active/standby mode and load balancing mode areconfigured. The active/standby mode is often used. In load balancing mode, multiple VRRPgroups are configured, which implements gateway backup and load balances traffic.

l VRRP association: VRRP association enables VRRP to detect faults in a timely mannerand triggers an active/standby switchover when the master or the uplink of the master



43

becomes faulty. After basic VRRP functions are configured, you can configure VRRPassociation to optimize VRRP switchover and enhance network reliability.

Basic VRRP Functionsl VRRP active/standby mode

In practice, hosts use the default gateway to communicate with external networks. If thedefault gateway is faulty, hosts may fail to communicate with external networks. You canconfigure the VRRP active/standby mode. Multiple devices are virtualized into a gatewaydevice. The virtual gateway device consists of a master device and multiple backup devices.Normally, user-side traffic is forwarded by the master. When the master becomes faulty, anew master is selected among backups through negotiation. The new master then forwardstraffic.

l VRRP load balancing modeWhen all hosts on a LAN communicate with external networks through a gateway, trafficmay be congested or lost on the gateway. You can configure the load balancing mode. Thatis, multiple VRRP groups are configured. Each VRRP group consists of one master andmultiple backups and VRRP groups have different masters. The virtual IP address of eachVRRP group is configured as the default gateway address of some hosts so that traffic isload balanced and gateways back up each other.

mVRRP

Figure 3-3 mVRRP networking

NPE1

NPE2

UPE

mVRRP

As shown in Figure 3-3, to improve network reliability, a UPE is usually dual-homed to twoNPEs. NPEs run mVRRP to determine the master and backup statuses.

The only difference between an mVRRP group and a VRRP group is that the mVRRP groupcan be bound to VRRP groups and determine the status of its bound VRRP groups.

Although an mVRRP group can be bound to multiple VRRP groups, the mVRRP group cannotbe bound to any other mVRRP groups as a VRRP group.

The objects that can be bound to mVRRP in different scenarios are described as follows:

l Binding a VRRP group to an mVRRP group: An UPE is connected to two NPEs. VRRPruns between NPEs. The VRRP priority determines whether an NPE is the master orbackup. Multiple VRRP groups can be configured on the two NPEs to transmit varioustypes of services.



44

Each VRRP group needs to maintain its own state machine; therefore, a large number ofVRRP packets are transmitted between NPEs. To help simplify VRRP operation anddecrease bandwidth consumption, a VRRP group is configured as an mVRRP group andbound to other VRRP groups. mVRRP determines the status of its bound VRRP groups.

VRRP AssociationVRRP association optimizes VRRP switchovers and enhances network reliability. You canconfigure VRRP to monitor the status of other objects. When the status of the monitored objectchanges, an active/standby switchover is performed. Table 3-1 shows objects with which VRRPis associated and association scenarios.

Table 3-1 Objects with which VRRP is associated and association scenarios

Object Association Scenario

Associationbetween VRRPand BFD toimplement arapid active/standbyswitchover

When a VRRP group is faulty, the backup detects the fault and switchesto the master after the Master_Down_Interval timer expires. Theswitchover period is at least 3s. During the switchover period, servicetraffic is still sent to the original master, causing user traffic loss. You canassociate a VRRP group with a BFD session so that the BFD session canrapidly detect communication faults of the VRRP group. When the BFDsession detects a fault, it notifies the VRRP group that the priority of thebackup needs to be increased. Then an active/standby switchover istriggered immediately. This millisecond-level switchover reduces trafficloss.

Associationbetween aVRRP groupand the interfacestatus

When the uplink logical interface of the master becomes faulty, VRRPcannot detect the status change of interfaces not in a VRRP group. Thismay interrupt services. You can associate a VRRP group with the interfacestatus. When the monitored logical interface is faulty, the priority of themaster is adjusted. This triggers an active/standby switchover and reducesthe impact of services on the uplink interface.

Associationbetween aVRRP groupand BFD tomonitor theuplink status

Because VRRP cannot detect faults on the uplink of a VRRP group,services may be interrupted. You can associate a VRRP group with a BFDsession on the master so that the BFD session monitors the uplink statusof the master. When the BFD session detects faults on the uplink, it notifiesthe VRRP group that the priority of the master needs to be decreased. Thenan active/standby switchover is triggered immediately. This reduces theimpact of uplink faults on service forwarding.BFD implements millisecond-level detection. Association between VRRPand BFD provides fast active/standby switchover.

Associationbetween aVRRP groupand routing tomonitor theuplink status

Because VRRP cannot detect faults on the uplink of a VRRP group,services may be interrupted. The VRRP group monitors the number ofroutes on the uplink forwarding path. When the route is withdrawn orbecomes inactive, the master' priority is adjusted and an active/standbyswitchover is performed. This reduces link faults on service forwarding.During route association, link switchover depends on convergence of arouting protocol associated with the VRRP group.



45

Object Association Scenario

Associationbetween aVRRP groupand a directroute

When a VRRP group is configured, uplink traffic passes the master. Thedownlink traffic is often transmitted through a route of a dynamic routingprotocol, so the downlink traffic may pass the master or backup, or be loadbalanced. Uplink and downlink traffic may be transmitted along differentpaths. If the firewall is configured for the VRRP group, the firewall blockstraffic that is sent and received along different paths. In addition, it isdifficult to monitor such traffic and collect traffic statistics.You can associate a VRRP group with a direct route so that VRRP affectsroute selection of a dynamic routing protocol.

3.3 Default ConfigurationThis section provides the default VRRP configuration.

Table 3-2 Default VRRP configuration

Parameter Default Setting

Priority of the device in a VRRP group 100

Preemption Immediate preemption mode

Interval at which VRRP Advertisementpackets are sent

1s

Interval at which gratuitous ARP packets aresent

120s

3.4 Configuring Basic Functions of an IPv4 VRRP GroupAn IPv4 VRRP group implements gateway backup and ensures stable and efficient dataforwarding.

Pre-configuration TasksBefore configuring basic functions of an IPv4 VRRP group, complete the following task:l Configuring network layer attributes of interfaces to ensure network connectivity

3.4.1 Creating a VRRP Group

Applicable ScenarioVRRP virtualizes multiple routing devices into a virtual gateway device and uses the virtualgateway device IP address as the default gateway address. After a VRRP group is configured,traffic is forwarded through the master. When the master fails, a new master is selected amongbackup devices to forward traffic. This implements gateway backup.



46

If load balancing is required in addition to gateway backup, configure two or more VRRP groupson an interface in single-gateway load balancing mode or multi-gateway load balancing mode.

CAUTIONIf both VRRP and static ARP are configured on a VLANIF interface on a device, an IP addressmapped to a static ARP entry cannot be used as a virtual IP address. If a VRRP virtual IP addressis an IP address mapped to a static ARP entry on the device, the device generates incorrect hostroutes, affecting traffic forwarding.In mVRRP, if a device has a virtual IP address, the device does not support load balancing.In load balancing scenarios, you must run the arp fast-reply disable command to disable theARP fast reply funcion.

Procedurel Create a VRRP group working in master/backup mode.

1. Run:system-view

The system view is displayed.2. Run:

interface interface-type interface-number

The interface view is displayed.3. Run:

vrrp vrid virtual-router-id [ virtual-ip virtual-address ]

A VRRP group is created, and a virtual IP address is assigned to the VRRP group.

NOTE

l VRRP groups must use different virtual IP addresses. The virtual IP address of a VRRPgroup must be on the same network segment as the IP address of the interface where theVRRP group is configured.

l Two devices in a VRRP group must be configured with the same VRID.

l Different interfaces can be bound to the same VRRP group.

l Create VRRP groups working in multi-gateway load balancing mode.

If VRRP groups need to work in multi-gateway load balancing mode, repeat the steps toconfigure two or more VRRP groups on the interface and assign different VRIDs to them.

l Create VRRP groups working in single-gateway load balancing mode.1. Run:

system-view




vrrp vrid virtual-router-id virtual-ip virtual-address



47

A VRRP group is created.

– If you use the VRRP group as a load-balance redundancy group (LBRG), you mustassign a virtual IP address to the VRRP group.

– If you use the VRRP group as an LBRG member group, you do not need to assigna virtual IP address to the VRRP group.

4. Run:vrrp vrid virtual-router-id priority priority-value

A VRRP priority is set for the device.5. Run:

vrrp vrid virtual-router-id load-balance

An LBRG is created.6. Run:

vrrp vrid virtual-router-id join load-balance-vrrp vrid lb-vrid-value

A VRRP group is added to the LBRG.

----End

3.4.2 Setting the Device Priority in a VRRP Group

ContextThe device with a higher priority in a VRRP group is more likely to become the master. Youcan specify the master by setting the device priority.

Procedure





Step 3 Run:vrrp vrid virtual-router-id priority priority-value

The device priority in a VRRP group is set.

By default, the device priority is 100.

NOTE

l Priority 0 is reserved in the system. Priority 255 is reserved for the IP address owner, and the priorityof the IP address owner cannot be changed. The priority that can be set ranges from 1 to 254.

l When devices in a VRRP group have the same priority, if devices preempt to be the mastersimultaneously, the device on an interface with the largest IP address is the master. The device thatfirst switches to Master state becomes the master.

----End



48

3.4.3 (Optional) Configuring VRRP Time Parameters

Context

You can set VRRP time parameters as needed. Table 3-3 lists applicable scenarios.

Table 3-3 Applicable scenarios of VRRP time parameters

Function Applicable Scenario

Interval at whichVRRPAdvertisementpackets are sent

The master in a VRRP group sends VRRP Advertisement packets tothe backup at intervals to notify that it works properly. After theMaster_Down_Interval timer expires, the backup switches to the masterif it does not receive VRRP Advertisement packets.Heavy network traffic or time differences on different devices mayresult in the status change of the backup due to timeout of VRRPpackets. When packets from the original master reach the new master,the status of the new master changes. You can increase the interval tosolve this problem.

Preemption delay On an unstable network, if the BFD session status monitored by a VRRPgroup flaps frequently or the backup cannot receive VRRPAdvertisement packets within a specified period, an active/standbyswitchover is frequently performed, which causes network flapping.You can adjust the preemption delay of the master in the VRRP groupso that the backup preempts to be the master after the delay. Thisprevents frequent change of the VRRP group status.

Timeout interval atwhich gratuitousARP packets aresent by the master

To ensure that MAC address entries on the downstream switch arecorrect, the master in the VRRP group periodically sends gratuitousARP packets to update MAC address entries on the downstream switch.

Delay inrecovering a VRRPgroup

On an unstable network, frequent flapping of the BFD session status orinterface status monitored by a VRRP group may result in frequentswitching of the VRRP group status. After the delay in recovering aVRRP group is set, the VRRP group does not immediately respond toan interface or BFD session Up event. Instead, the VRRP groupprocesses this event after the delay in recovering a VRRP group. Thisprevents frequent switching of the VRRP group status.

Procedurel Setting the interval at which VRRP Advertisement packets are sent

1. Run:system-view


2. Run:interface interface-type interface-number



49


vrrp vrid virtual-router-id timer advertise advertise-interval

The interval at which VRRP Advertisement packets are sent is set.

By default, the interval is 1 second.l Setting the preemption delay of the master

1. Run:system-view




vrrp vrid virtual-router-id preempt timer delay delay-value

The preemption delay is set.

By default, the preemption delay is 0. In immediate preemption mode, a backup canimmediately preempt to be the master when its priority is higher than the master.

You can use the vrrp vrid virtual-router-id preempt disable command to set the non-preemption mode. In non-preemption mode, the master that works properly can retainthe Master state. The backup cannot preempt to be the master even if the priority ofthe master decreases.

You can use the undo vrrp vrid virtual-router-id preempt command to restore thedefault preemption mode.

NOTE

It is recommended that you set the preemption delay of the backup in a VRRP group to 0,configure the master in preemption mode, and set the preemption delay. On an unstablenetwork, these settings allow a period of time for status synchronization between the uplinkand downlink. If the preceding settings are not used, two masters coexist and users devicesmay learn incorrect address of the master.

l Setting the timeout interval at which gratuitous ARP packets are sent by the master1. Run:

system-view


vrrp gratuitous-arp interval interval-value

The timeout interval at which gratuitous ARP packets are sent by the master is set.

By default, the master sends gratuitous ARP packets every 120s.

NOTE

The timeout interval at which the master sends gratuitous ARP packets must be shorter thanthe aging time of ARP entries on user devices.

– To restore the default interval at which a gratuitous ARP packet is sent, run theundo vrrp gratuitous-arp interval command in the system view.



50

– If the master does not need to send gratuitous ARP packets, run the vrrpgratuitous-arp interval disable command in the system view.

l Setting the delay in recovering a VRRP group1. Run:

system-view


vrrp recover-delay delay-value

The delay in recovering a VRRP group is set.

By default, the delay in recovering a VRRP group is 0.

NOTE

l After this command is used, all VRRP groups on the device are configured with the samedelay.

l When the device in a VRRP group restarts, VRRP status flapping may occur. It isrecommended that the delay be set based on actual networking.

----End

3.4.4 (Optional) Setting the Mode in Which VRRP Packets Are Sentin a Super-VLAN

ContextWhen a VRRP group is configured in a super VLAN, VRRP Advertisement packets can be sentto a specified sub-VLAN or all sub-VLANs of the super-VLAN. Sending VRRP Advertisementpackets to a specified sub-VLAN efficiently saves network bandwidth.

PrerequisitesA super-VLAN has been configured.

Procedure





Step 3 Run:vrrp advertise vlan { sub-vlan-id | all }

The mode in which VRRP Advertisement packets are sent in a super-VLAN is set.

By default, the master sends VRRP Advertisement packets to a sub-VLAN that is Up and hasthe smallest VLAN ID in the super-VLAN.



51

l If sub-vlan-id is specified, the master sends VRRP Advertisement packets to a specified sub-VLAN.

l If all is specified, the master broadcasts VRRP Advertisement packets to all sub-VLANs ofa super-VLAN.

CAUTIONIf all is specified, the master broadcasts VRRP Advertisement packets to all sub-VLANs of asuper-VLAN. This causes bandwidth usage to increase. Therefore, do not specify all.

----End

3.4.5 (Optional) Disabling VRRP TTL Check

ContextThe system checks the TTL value in received VRRP packets, and discards VRRP packets inwhich the TTL value is not 255. On a network where devices of different vendors are deployed,if TTL check is enabled on the device, the device may incorrectly discard valid packets. In thiscase, disable TTL check so that devices of different vendors can communicate.

ProcedureStep 1 Run:

system-view




Step 3 Run:vrrp check ttl disable

The device is configured not to check the TTL value in VRRP packets.

By default, the system checks the TTL value in VRRP packets.

----End

3.4.6 (Optional) Setting the Authentication Mode of VRRP Packets

ContextOn a secure network, the device considers received VRRP packets valid.

On a vulnerable network, VRRP provides simple authentication and Message Digest 5 (MD5)authentication:l Simple authentication: The device encapsulates the authentication mode and authentication

key into an outgoing VRRP Advertisement packet. The device that receives the VRRP



52

Advertisement packet compares the authentication mode and authentication key in thereceived packet with those configured on the device. If the values are the same, the deviceconsiders the received VRRP Advertisement packet valid. If the values are different, thedevice considers the received VRRP Advertisement packet invalid and discards it.

l MD5 authentication: The device uses the MD5 algorithm to encrypt the authentication keyand encapsulates the key in the Authentication Data field of an outgoing VRRPAdvertisement packet. The device matches the authentication mode with the decryptedauthentication key in the received VRRP Advertisement packet.

NOTE

l MD5 authentication provides higher security than simple authentication.

Procedure





Step 3 Run:vrrp vrid virtual-router-id authentication-mode { simple { key | plain key | cipher cipher-key } | md5 md5-key }

The authentication mode in VRRP Advertisement packets is configured.

NOTE

l Devices in a VRRP group must be configured with the same authentication mode and authenticationkey; otherwise, the VRRP group cannot negotiate the Master and Backup status.

l An MD5 key can be entered in cipher text or plain text. The MD5 key in plain text is a string of 1 to 8characters, and the MD5 key in cipher text is a string of 32 characters.

----End

3.4.7 (Optional) Enabling the Ping to a Virtual IP Address

ContextThe device allows user devices to ping a virtual IP address to serve the following purposes:l Monitors the operating status of the master in a VRRP group.l Monitors communication between a user device and a network connected through a default

gateway that uses the virtual IP address.

Procedure





53

Step 2 Run:undo vrrp virtual-ip ping disable

The ping to a virtual IP address is enabled.

By default, the ping function is enabled. The master in a VRRP group responds to ping packetssent to the virtual IP address.

CAUTIONIf the ping to a virtual IP address is enabled, a device on an external network can ping a virtualaddress. This exposes the device to ICMP-based attacks. The undo vrrp virtual-ip pingdisable command can be used to disable the ping function.

----End


Procedurel Run the display vrrp [ admin-vrrp | [ interface interface-type interface-number [ virtual-

router-id ] | virtual-router-id ] [ verbose ] ] command to check the VRRP group status andparameters.

l Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ]statistics command to check statistics about sent and received packets of a VRRP group.

----End

3.5 Configuring an IPv4 mVRRP GroupAn mVRRP group can be bound to VRRP groups and determine the status of its bound VRRPgroups. mVRRP is often used to solve dual-homing problems.

3.5.1 Configuring an mVRRP Group

ContextEach VRRP group needs to maintain its own state machine. Configuring an mVRRP groupreduces bandwidth occupied by VRRP packets.

Procedure






54


Step 3 Run:vrrp vrid virtual-router-id virtual-ip virtual-address


Step 4 Run:vrrp vrid virtual-router-id priority priority-value

The priority of the VRRP group is configured.

Step 5 Run:vrrp vrid virtual-router-id admin [ ignore-if-down ]

The VRRP group is configured as an mVRRP group.

----End

3.5.2 (Optional) Configuring a VRRP Group and Binding the VRRPGroup to an mVRRP Group

Context

You can bind VRRP groups to an mVRRP group so that mVRRP determines the status of thebound VRRP groups.

Procedure




The view of the interface where a VRRP group is configured is displayed.

Step 3 Run:vrrp vrid virtual-router-id virtual-ip virtual-address


Because the mVRRP group determines the status of its service VRRP groups, you do not needto set priorities for the bound VRRP groups.

Step 4 Run:vrrp vrid virtual-router-id1 track admin-vrrp interface interface-type interface-number vrid virtual-router-id2 trigger-down

The VRRP group is bound to an mVRRP group.

After the binding is complete, the state machine of the bound VRRP group depends on the statusof the mVRRP group. The bound VRRP group inherits the status of the mVRRP group, and



55

deletes its VRRP packet timeout timer and stops sending or receiving VRRP packets. A VRRPgroup can be bound to only one mVRRP group.

----End


Procedurel Run the display vrrp binding [ interface admin-interface-type admin-interface-number ]

[ vrid admin-virtual-router-id ] [ member-vrrp interface member-interface-type member-interface-number [ vrid member-virtual-router-id ] ]command to check information aboutmVRRP group binding.

----End

3.6 Configuring VRRP AssociationVRRP association enables VRRP to detect faults in a timely manner and triggers an active/standby switchover when the master or the uplink of the master becomes faulty. VRRPassociation optimizes VRRP switchover and enhances network reliability.

Pre-configuration TasksBefore configuring basic functions of an IPv4 VRRP group, complete the following task:l 3.4 Configuring Basic Functions of an IPv4 VRRP Group

You can configure VRRP association only after basic VRRP functions are configured.

3.6.1 Configuring Association Between VRRP and BFD toImplement a Rapid Active/Standby Switchover

ContextWhen a VRRP group is faulty, the backup detects the fault and switches to the master after theMaster_Down_Interval timer expires. The switchover period is at least 3s. During the switchoverperiod, service traffic is still sent to the original master, causing user traffic loss. As shown inFigure 3-4, the VRRP group is associated with a BFD session on the backup so that the BFDsession can rapidly detect communication faults of the VRRP group. When the BFD sessiondetects a fault, it notifies the VRRP group that the priority of the backup needs to be increased.Then an active/standby switchover is triggered immediately. This millisecond-level switchoverreduces traffic loss.

When the fault is rectified, the priority of the backup is restored and the original master preemptsto be the master to forward traffic.

NOTE

l A VRRP group can be associated with only a static BFD session or a static BFD session withautomatically negotiated discriminators.

l The master and backup in the VRRP group must work in preemption mode. It is recommended thatthe preemption delay be 0 on the backup and non-0 on the master.



56

Figure 3-4 Association between VRRP and BFD to implement a rapid active/standby switchover

Internet

VRRP

MasterSwitchA

SwitchBBackup

BFD packets

HostB

Switch

HostA

Procedure

Step 1 Configure a static session or a static BFD session with automatically negotiated discriminators.For details, see 1.4 Configuring Single-Hop BFD, 1.5 Configuring Multi-Hop BFD, or 1.6Configuring Static BFD with Automatically Negotiated Discriminators.




The view of the interface on the backup where a VRRP group is configured is displayed.

Step 4 Run:vrrp vrid virtual-router-id track bfd { bfd-session-id | session-name bfd-configure-name } [ increase value-increased | reduce value-reduced ]

Association between VRRP and BFD is configured.

NOTE

When associating a VRRP group with a BFD session, note the following points:

l If session-name bfd-configure-name is specified, the VRRP group can bind to only a static BFD sessionwith automatically negotiated discriminators.

l If bfd-session-id is specified, the VRRP group can bind to only a static BFD session.

l After the VRRP group is associated with a BFD session, the BFD session type cannot be modified.Before deleting the BFD session type, you must delete all original configurations.

l After the value by which the priority increases is set, ensure that the priority of the backup is higherthan the priority of the master.

----End

3.6.2 Configuring Association Between VRRP and Link/Peer BFDto Implement a Rapid Active/Standby Switchover



57

ContextWhen a VRRP group is faulty, the backup detects the fault and switches to the master after theMaster_Down_Interval timer expires. The switchover period is at least 3s. During the switchoverperiod, service traffic is still sent to the original master, causing user traffic loss. As shown inFigure 3-5, the VRRP group is associated with a link/peer BFD session on the backup so thatthe BFD session can rapidly detect communication faults of the VRRP group. When the BFDsession detects a fault, it notifies the VRRP group that the priority of the backup needs to beincreased. Then an active/standby switchover is triggered immediately. This millisecond-levelswitchover reduces traffic loss.

After a fault is rectified, the BFD sessions go Up, and the devices in the VRRP group restoretheir VRRP status.

NOTE



Figure 3-5 Association between VRRP and link/peer BFD to implement a rapid active/standbyswitchover

Internet

VRRP

MasterSwitchA

SwitchBBackup

BFD packets

HostB

Switch

HostA

Peer BFD

Link1 BFD

Link2 BFD

Procedure

Step 1 Configure a static session or a static BFD session with automatically negotiated discriminators.For details, see 1.4 Configuring Single-Hop BFD, 1.5 Configuring Multi-Hop BFD, or 1.6Configuring Static BFD with Automatically Negotiated Discriminators.




The view of the interface on the backup where a VRRP group is configured is displayed.

Step 4 Run:



58

vrrp vrid virtual-router-id track bfd { bfd-session-id | session-name bfd-configure-name } [ peer | link ]

The VRRP group is configured to monitor a link or peer BFD session.

NOTE




l If the VRRP group is bound to an mVRRP group, the mVRRP group maintains the VRRP group status,and the VRRP group is unable to monitor any BFD sessions.

l In the scenario where the VRRP group is associated with a link BFD session and a peer BFD session,the backup becomes the master if the backup detects the peer BFD session status change beforedetecting the link BFD session status change. The backup transitions from Master to Initialize after itdetects the peer BFD session status change. To prevent the preceding problem, run the min-tx-interval command in the BFD session view to set the interval at which link BFD control packets to besmaller than the interval at which peer BFD control packets are sent.

Step 5 (Optional) Run:vrrp vrid virtual-router-id track link-bfd down-number

The threshold of monitored link BFD sessions that are in the Down state is set.

If the number of monitored link BFD sessions reaches the threshold, an active/standbyswitchover is performed.

Step 6 Run:commit


----End

3.6.3 Configuring Association Between VRRP and the InterfaceStatus

ContextWhen the uplink logical interface of the master becomes faulty, VRRP cannot detect the statuschange of interfaces not in the VRRP group, causing service interruption. You can associate aVRRP group with the logical interface status. When the monitored interface is faulty, the priorityof the master is reduced. This triggers an active/standby switchover and reduces the impact ofservices on the uplink interface.

When the fault is rectified, the priority of the original master is restored and preempts to be themaster to forward traffic.

NOTE

The master and backup in the VRRP group must work in preemption mode. It is recommended that thepreemption delay be 0 on the backup and non-0 on the master.

Procedure

Step 1 Run:



59

system-view



The view of the interface on the master where a VRRP group is configured is displayed.

Step 3 Run:vrrp vrid virtual-router-id track interface interface-type interface-number [ increase value-increased | reduce value-reduced ]

Association between VRRP and the logical interface status is configured.

By default, when the monitored logical interface goes Down, the VRRP priority of the devicedecreases by 10.

NOTE

l After the value by which the priority decreases is set, ensure that the priority of the backup is higherthan the priority of the master.

l Only VLANIF interfaces can be monitored.

----End

3.6.4 Configuring Association Between VRRP and BFD to Monitorthe Uplink Status

ContextBecause VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted.As shown in Figure 3-6, a VRRP group is associated with a BFD session on the master so thatthe BFD session monitors the uplink status of the master. When the BFD session detects faultson the uplink, it notifies the VRRP group that the priority of the master needs to be decreased.Then an active/standby switchover is triggered immediately. This reduces the impact of uplinkfaults on service forwarding.


BFD implements millisecond-level detection. Association between VRRP and BFD providesfast active/standby switchover.

NOTE





60

Figure 3-6 Association between VRRP and BFD

SwitchA

SwitchB

SwitchC

SwitchD

Internet

VRRP

Master

Backup

BFD packets

HostB

Switch

HostA

SwitchE

Procedure

Step 1 Configure a static BFD session or a static BFD session with automatically negotiateddiscriminators. For details, see 1.4 Configuring Single-Hop BFD, 1.5 Configuring Multi-HopBFD, and 1.6 Configuring Static BFD with Automatically Negotiated Discriminators.





Step 4 Run:vrrp vrid virtual-router-id track bfd { bfd-session-id | session-name bfd-configure-name } [ increase value-increased | reduce value-reduced ]

Association between VRRP and BFD is configured.

By default, when the monitored BFD session becomes Down, the VRRP priority decreases by10.

NOTE




l After the VRRP group is associated with a BFD session, the BFD session type cannot be modified.Before deleting the BFD session type, you must delete all original configurations.

l After the value by which the priority decreases is set, ensure that the priority of the backup is higherthan the priority of the master.

----End

3.6.5 Configuring Association Between VRRP and Routing toMonitor the Uplink Status



61

ContextBecause VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted.The VRRP group monitors the number of routes on the uplink forwarding path. When the routeis withdrawn or becomes inactive, the master' priority is adjusted and an active/standbyswitchover is performed. This reduces link faults on service forwarding.


During route association, link switchover depends on convergence of a routing protocolassociated with the VRRP group.

NOTE

l When a VRRP group is associated with a static route, the device can detect only faults on the directuplink. To detect faults on an indirect uplink, associate a VRRP group with a dynamic route.


Procedure





Step 3 Run:vrrp vrid virtual-router-id track ip route ip-address { mask-address | mask-length } [ vpn-instance vpn-instance-name ] [ reduce value-reduced ]

Association between a route and a VRRP group is configured.

By default, the master' priority decreases by 10 if the associated route is withdrawn or becomesinactive.

NOTE

After the value by which the priority decreases is set, ensure that the priority of the backup is higher thanthe priority of the master.

----End

3.6.6 Configuring Association Between a VRRP Group and a DirectRoute

ContextTo improve network reliability, a VRRP group is often used as the gateway for users to accessexternal networks. Uplink traffic passes the master, but downlink traffic is often transmittedthrough a route of a dynamic routing protocol. In this case, uplink and downlink traffic may betransmitted along different paths. If the firewall is configured for the VRRP group to improve



62

security, the firewall blocks traffic that is sent and received along different paths. In addition, itis difficult to monitor such traffic and collect traffic statistics.

You can associate a VRRP group with a direct route so that VRRP affects route selection of adynamic routing protocol. Association ensures that uplink traffic and downlink traffic aretransmitted along the same path.

Pre-configuration TasksBefore configuring association between a VRRP group and a direct route, complete the followingtasks:

l Configuring basic VRRP functions and creating a VRRP groupl Configuring a dynamic routing protocol to make IP routes of nodes reachable.

NOTE

After association between a VRRP group and a direct route is configured, an IGP protocol cannot run on theinterface running VRRP. If an IGP protocol runs on the interface, the IGP protocol cannot retain the originalcost of the imported direct route. As a result, the VRRP group cannot be associated with the direct route.

Procedurel Configuring association between a direct route and a VRRP group


2. Run:interface interface-type interface-nameThe view of the VRRP-enabled interface is displayed.

3. Run:direct-route track vrrp vrid virtual-router-id degrade-cost cost-valueAssociation between a direct route and a VRRP group is configured.Association between the VRRP group and the direct route allows the cost of the directroute to be adjusted based on the VRRP group status.– When the VRRP group is in Master state, the cost is set to the default value 0

(highest priority).– When the VRRP group is in Backup state, the cost is specified by cost-value (larger

than the default value 0).

NOTE

A direct route on the network segment that an interface belongs to can be associated with onlyone VRRP group. To associate a direct route that has been associated with one VRRP groupto another VRRP group, you must delete the original association configuration.

4. Run:commitThe configuration is committed.

5. Run:quitReturn to the system view.

l Configuring a dynamic routing protocol to import the direct route



63

IGP protocols and BGP are mainly used. RIP does not retain the original cost of the importedroute, so OSPF, IS-IS, and BGP are used here.

– Configuring OSPF to import the direct route

1. Run:system-view


ospf [ process-id ]

The OSPF process view is displayed.3. Run:

import-route direct

OSPF is configured to import the direct route.4. Run:

default cost inherit-metric

OSPF is configured to retain the original cost of the imported route.

NOTE

l The default command has the lowest priority. When running the default command, ensurethat the apply cost command for the direct route is not executed. Otherwise, the defaultcommand does not take effect.

l After the default cost inherit-metric command is used, the default cost cost-valuecommand that is executed later will overwrite the default cost inherit-metric command.

5. Run:commit

The configuration is committed.– Configuring IS-IS to import the direct route

1. Run:system-view


isis [ process-id ]

The IS-IS process view is displayed.3. Run:

import-route direct inherit-cost

IS-IS is configured to retain the original cost of the imported route.4. Run:

commit

The configuration is committed.– Configuring BGP to import the direct route

1. Run:system-view


bgp as-number



64

The BGP process view is displayed.3. Run:

import-route direct

BGP is configured to import the direct route.BGP retains the original cost of the imported route in the MED.

4. Run:commit


----End


Procedurel Run the display vrrp [ admin-vrrp | [ interface interface-type interface-number [ virtual-

router-id ] | virtual-router-id ] [ verbose ] ] command to check the VRRP group status andparameters.

l Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ]statistics command to check statistics about sent and received packets of a VRRP group.

----End

3.7 Maintaining VRRPThis section describes how to maintain VRRP, including monitoring the VRRP running statusand clearing VRRP packet statistics.

3.7.1 Monitoring the VRRP Running Status

Context

During routine maintenance, you can run the following command to view VRRP packet statisticsand monitor the VRRP running status.

Procedurel Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ]

statistics command in any view to view statistics about sent and received packets of aVRRP group.

3.7.2 Clearing VRRP Packet Statistics

Context

Before recollecting statistics about VRRP packets in a period of time, clear existing statistics.



65

CAUTIONThe cleared statistics cannot be restored. Exercise caution when you run the reset command.

Procedurel Run the reset vrrp [ interface interface-type interface-number ] [ vrid virtual-router-id ]

statistics command in the user view to clear statistics about a VRRP group.

3.8 Configuration ExamplesThis section provides several configuration examples of VRRP.

3.8.1 Example for Configuring a VRRP Group in Active/StandbyMode


As shown in Figure 3-7, HostA is dual-homed to SwitchA and SwitchB through the switch. Therequirements are as follows:l The host uses SwitchA as the default gateway to connect to the Internet. When SwitchA

becomes faulty, SwitchB functions as the gateway. This implements gateway backup.l After SwitchA recovers, it becomes the gateway.

Figure 3-7 Networking diagram for configuring a VRRP group

SwitchBBackup

10GE1/0/210.1.1.2/24

10GE1/0/1192.168.2.1/24

10GE1/0/2192.168.2.2/24

10GE1/0/320.1.1.100/24SwitchC

10GE1/0/1192.168.1.2/24

10GE1/0/1192.168.1.1/24

SwitchAMaster10GE1/0/2

10.1.1.1/24

VRRP VRID 1Virtual IP Address:10.1.1.111

HostA10.1.1.100/24

InternetSwitch

GE1/0/0

GE2/0/0

Device Interface VLANIF Interface IP Address

SwitchA 10GE1/0/1 VLANIF 300 192.168.1.1/24



66


10GE1/0/2 VLANIF 100 10.1.1.1/24

SwitchB 10GE1/0/1 VLANIF 200 192.168.2.1/24

10GE1/0/2 VLANIF 100 10.1.1.2/24

SwitchC 10GE1/0/1 VLANIF 300 192.168.1.2/24

10GE1/0/2 VLANIF 200 192.168.2.2/24

10GE1/0/3 VLANIF 400 20.1.1.100/24


1. Assign an IP address to each interface and configure a routing protocol to ensure networkconnectivity.

2. Configure a VRRP group on SwitchA and SwitchB, set a higher priority for SwitchA sothat SwitchA functions as the master to forward traffic and set the preemption delay to 20son SwitchA, and set a lower priority for SwitchB so that SwitchB functions as the backup.

Procedure

Step 1 Configure devices to ensure network connectivity.

# Assign an IP address to each interface. SwitchA is used as an example. The configurations ofSwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here.

<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 100 300[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 300[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 100[~SwitchA-10GE1/0/2] port trunk pvid vlan 100[~SwitchA-10GE1/0/2] undo port trunk allow-pass vlan 1[~SwitchA-10GE1/0/2] quit[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] ip address 10.1.1.1 24[~SwitchA-Vlanif100] quit[~SwitchA] interface vlanif 300[~SwitchA-Vlanif300] ip address 192.168.1.1 24[~SwitchA-Vlanif300] quit[~SwitchA] commit

# Configure OSPF between SwitchA, SwitchB, and SwitchC. SwitchA is used as an example.The configurations of SwitchB and SwitchC are similar to the configuration of SwitchA, andare not mentioned here.

[~SwitchA] ospf 1[~SwitchA-ospf-1] area 0[~SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255



67

[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] commit[~SwitchA-ospf-1-area-0.0.0.0] quit[~SwitchA-ospf-1] quit

Step 2 Configure VRRP groups.

# Configure VRRP group 1 on SwitchA, and set the priority of SwitchA to 120 and thepreemption delay to 20s.

[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~SwitchA-Vlanif100] vrrp vrid 1 priority 120[~SwitchA-Vlanif100] vrrp vrid 1 preempt timer delay 20[~SwitchA-Vlanif100] commit[~SwitchA-Vlanif100] quit

# Configure VRRP group 1 on SwitchB. SwitchB uses default value 100.

[~SwitchB] interface vlanif 100[~SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~SwitchB-Vlanif100] commit[~SwitchB-Vlanif100] quit


# After the configuration is complete, run the display vrrp command on SwitchA andSwitchB. You can see that SwitchA is in Master state and SwitchB is in Backup state.

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-11 11:39:18 Last change time : 2012-05-26 11:38:58 <SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.111 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-11 11:39:18 Last change time : 2012-05-26 11:38:58

# Run the display ip routing-table command on SwitchA and SwitchB. The command outputshows that a direct route to the virtual IP address exists in the routing table of SwitchA and anOSPF route to the virtual IP address exists in the routing table of SwitchB. The command outputon SwitchA and SwitchB is as follows:



68

<SwitchA> display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------ Routing Tables: Public Destinations : 10 Routes : 10 Destination/Mask Proto Pre Cost Flags NextHop Interface 10.1.1.0/24 Direct 0 0 D 10.1.1.1 Vlanif100 10.1.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.111/32 Direct 0 0 D 127.0.0.1 InLoopBack0 20.1.1.0/24 OSPF 10 2 D 192.168.1.2 Vlanif300 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 Direct 0 0 D 192.168.1.1 Vlanif300 192.168.1.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.2/32 Direct 0 0 D 192.168.1.2 Vlanif300 192.168.2.0/24 OSPF 10 2 D 10.1.1.2 Vlanif100<SwitchB> display ip routing-tableRoute Flags: R - relay, D - download to fib------------------------------------------------------------------------------ Routing Tables: Public Destinations : 10 Routes : 10 10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif100 10.1.1.2/32 Direct 0 0 D 127.0.0.1 InLoopBack0 10.1.1.111/32 OSPF 10 2 D 10.1.1.1 Vlanif100 20.1.1.0/24 OSPF 10 2 D 192.168.2.2 Vlanif200 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.1.0/24 OSPF 10 2 D 10.1.1.1 Vlanif100 192.168.2.0/24 Direct 0 0 D 192.168.2.1 Vlanif200 192.168.2.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0 192.168.2.2/32 Direct 0 0 D 192.168.2.2 Vlanif200

# Run the shutdown command on 10GE1/0/2 of SwitchA to simulate a link fault.[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] shutdown[~SwitchA-10GE1/0/2] commit[~SwitchA-10GE1/0/2] quit

Run the display vrrp command on SwitchB to view the VRRP status. The command outputshows that SwitchB is in Master state.<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 Master IP : 10.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-11 11:39:18 Last change time : 2012-05-26 11:38:58

# Run the undo shutdown command on 10GE1/0/2 of SwitchA. After 20s, run the displayvrrp command on SwitchA to view the VRRP status. SwitchA restores to be in Master state.[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] undo shutdown[~SwitchA-10GE1/0/2] commit[~SwitchA-10GE1/0/2] quit



69

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-11 11:39:18 Last change time : 2012-05-26 11:38:58

----End


#sysname SwitchA#vlan batch 100 300#interface Vlanif100 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120 vrrp vrid 1 preempt timer delay 20#interface Vlanif200 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 100 200#interface Vlanif100 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111#interface Vlanif200 ip address 192.168.2.1 255.255.255.0#interface 10GE1/0/1



70

port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/2 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchC#sysname SwitchC#vlan batch 200 300 400#interface Vlanif200 ip address 192.168.2.2 255.255.255.0#interface Vlanif300 ip address 192.168.1.2 255.255.255.0#interface Vlanif400 ip address 20.1.1.100 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 400#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 20.1.1.0 0.0.0.255#return

3.8.2 Example for Configuring a VRRP Group in Multi-gatewayLoad Balancing Mode

Networking RequirementsAs shown in Figure 3-8, HostA and HostC are dual-homed to SwitchA and SwitchB throughthe switch. Load balancing is required in this scenario. HostA uses SwitchA as the defaultgateway to connect to the Internet, and SwitchB functions as the backup gateway. HostC usesSwitchB as the default gateway to connect to the Internet, and SwitchA functions as the backupgateway.



71

Figure 3-8 Networking diagram for configuring VRRP in multi-gateway load balancing mode

SwitchBVRID 1:BackupVRID 2:MasterVRRP VRID 2

Virtual IP Address:10.1.1.112

SwitchAVRID 1:Master

VRID 2:Backup

10GE1/0/210.1.1.2/24

10GE1/0/1192.168.2.1/24

10GE1/0/2192.168.2.2/24

10GE1/0/320.1.1.100/24SwitchC

10GE1/0/1192.168.1.2/24

10GE1/0/210.1.1.1/24


Internet

HostC10.1.1.101/24

HostA10.1.1.100/24

GE1/0/0

GE2/0/0

Switch

10GE1/0/1192.168.1.1/24



10GE1/0/2 VLANIF 100 10.1.1.1/24


10GE1/0/2 VLANIF 100 10.1.1.2/24


10GE1/0/2 VLANIF 200 192.168.2.2/24

10GE1/0/3 VLANIF 400 20.1.1.100/24




2. Create VRRP groups 1 and 2 on SwitchA and SwitchB. In VRRP group 1, configureSwitchA as the master and SwitchB as the backup. In VRRP group 2, configure SwitchBas the master and SwitchA as the backup.

Procedure




72




[~SwitchA] ospf 1[~SwitchA-ospf-1] area 0[~SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] commit[~SwitchA-ospf-1-area-0.0.0.0] quit[~SwitchA-ospf-1] quit


# Configure VRRP group 1 on SwitchA and SwitchB, set the priority of SwitchA to 120 and thepreemption delay to 20s, and set the default priority for SwitchB.

[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~SwitchA-Vlanif100] vrrp vrid 1 priority 120[~SwitchA-Vlanif100] vrrp vrid 1 preempt timer delay 20[~SwitchA-Vlanif100] commit[~SwitchA-Vlanif100] quit[~SwitchB] interface vlanif 100[~SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~SwitchB-Vlanif100] commit[~SwitchB-Vlanif100] quit

# Configure VRRP group 2 on SwitchA and SwitchB, set the priority of SwitchB to 120 and thepreemption delay to 20s, and set the default priority for SwitchA.

[~SwitchB] interface vlanif 100[~SwitchB-Vlanif100] vrrp vrid 2 virtual-ip 10.1.1.112[~SwitchB-Vlanif100] vrrp vrid 2 priority 120[~SwitchB-Vlanif100] vrrp vrid 2 preempt timer delay 20[~SwitchB-Vlanif100] commit[~SwitchB-Vlanif100] quit[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] vrrp vrid 2 virtual-ip 10.1.1.112[~SwitchA-Vlanif100] commit[~SwitchA-Vlanif100] quit




73

# After the configuration is complete, run the display vrrp command on SwitchA. You can seethat SwitchA is the master in VRRP group 1 and the backup in VRRP group 2.

<SwitchA> dislpay vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.111 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-11 11:39:18 Last change time : 2012-05-26 11:38:58 Vlanif100 | Virtual Router 2 State : Backup Virtual IP : 10.1.1.112 Master IP : 10.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0102 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-11 11:40:18 Last change time : 2012-05-26 11:48:58

# After the configuration is complete, run the display vrrp command on SwitchB. You can seethat SwitchB is the backup in VRRP group 1 and the master in VRRP group 2.

<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.111 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-11 11:39:18 Last change time : 2012-05-26 11:38:58 Vlanif100 | Virtual Router 2 State : Master Virtual IP : 10.1.1.112 Master IP : 10.1.1.2 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0102



74

Check TTL : YES Config type : normal-vrrp Create time : 2012-05-11 11:40:18 Last change time : 2012-05-26 11:48:58

----End


#sysname SwitchA#vlan batch 100 300#interface Vlanif100 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120 vrrp vrid 1 preempt timer delay 20 vrrp vrid 2 virtual-ip 10.1.1.112#interface Vlanif200 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 100 200#interface Vlanif100 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 2 virtual-ip 10.1.1.112 vrrp vrid 2 priority 120 vrrp vrid 2 preempt timer delay 20#interface Vlanif200 ip address 192.168.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/2 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#



75

ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchC#sysname SwitchC#vlan batch 200 300 400#interface Vlanif200 ip address 192.168.2.2 255.255.255.0#interface Vlanif300 ip address 192.168.1.2 255.255.255.0#interface Vlanif400 ip address 20.1.1.100 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 400#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 20.1.1.0 0.0.0.255#return

3.8.3 Example for Configuring a VRRP Group in Single-gatewayLoad Balancing Mode

Networking RequirementsAs shown in Figure 3-9, HostA and HostC are dual-homed to SwitchA and SwitchB. Someusers want to use SwitchA to forward data traffic and use fSwitchB as the backup. Other userswant to use SwitchB to forward data traffic and use SwitchA as the backup. SwitchA andSwitchB used as masters in different VRRP groups can back up each other and load balancedata traffic.



76

Figure 3-9 Network diagram for VRRP groups working in single-gateway load balancing mode

SwitchBLoad-Balance VRRP VRID 1:Backup

Member VRRP VRID 2:Master

VRRP VRID 2

Load-Balance VRRP VRID 1:MasterMember VRRP VRID 2:Backup

SwitchA

10GE1/0/210.1.1.2/24

10GE1/0/1192.168.2.1/24

10GE1/0/2192.168.2.2/24

10GE1/0/320.1.1.100/24SwitchC

10GE1/0/1192.168.1.2/24

10GE1/0/210.1.1.1/24


Internet

HostC10.1.1.101/24

HostA10.1.1.100/24

GE1/0/0

GE2/0/0

Switch

10GE1/0/1192.168.1.1/24



10GE1/0/2 VLANIF 100 10.1.1.1/24


10GE1/0/2 VLANIF 100 10.1.1.2/24


10GE1/0/2 VLANIF 200 192.168.2.2/24

10GE1/0/3 VLANIF 400 20.1.1.100/24



2. Configure two VRRP groups on SwitchA and SwitchB. SwitchA is configured as the masterin VRRP group 1. SwitchB is configured as the master in VRRP group 2. They can loadbalance traffic.

ProcedureStep 1 Configure devices to ensure network connectivity.

# Assign an IP address to each interface. SwitchA is used as an example. The configurations ofSwitchB and SwitchC are similar to the configuration of SwitchA, and are not mentioned here.<HUAWEI> system-view[~HUAWEI] sysname SwitchA



77

[~HUAWEI] commit[~SwitchA] vlan batch 100 300[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 300[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 100[~SwitchA-10GE1/0/2] port trunk pvid vlan 100[~SwitchA-10GE1/0/2] undo port trunk allow-pass vlan 1[~SwitchA-10GE1/0/2] quit[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] ip address 10.1.1.1 24[~SwitchA-Vlanif100] quit[~SwitchA] interface vlanif 300[~SwitchA-Vlanif300] ip address 192.168.1.1 24[~SwitchA-Vlanif300] quit[~SwitchA] commit




# Create VRRP groups 1 and 2 on VLANIF100 of SwitchA, set the priority to 120 forSwitchA in VRRP group 1 so that SwitchA serves as the master in VRRP group 1, and set thepriority to 100 for SwitchA in VRRP group 2 so that SwitchA serves as the backup in VRRPgroup 2.

<SwitchA> system-view[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~SwitchA-Vlanif100] vrrp vrid 1 priority 120[~SwitchA-Vlanif100] vrrp vrid 2

# On VLANIF100 of SwitchA, configure VRRP group 1 as a load-balance redundancy group(LBRG) and add VRRP group 2 to the LBRG.

[~SwitchA-Vlanif100] vrrp vrid 1 load-balance[~SwitchA-Vlanif100] vrrp vrid 2 join load-balance-vrrp vrid 1[~SwitchA-Vlanif100] commit[~SwitchA-Vlanif100] quit

# Create VRRP groups 1 and 2 on VLANIF100 of SwitchB in VRRP group 2 so that SwitchBserves as the master in VRRP group 2 and as the backup in VRRP group 1.

<SwitchB> system-view[~SwitchB] interface vlanif 100[~SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~SwitchB-Vlanif100] vrrp vrid 2[~SwitchB-Vlanif100] vrrp vrid 2 priority 120

# On VLANIF100 of SwitchB, configure VRRP group 1 as an LBRG and add VRRP group 2to the LBRG.

[~SwitchB-Vlanif100] vrrp vrid 1 load-balance[~SwitchB-Vlanif100] vrrp vrid 2 join load-balance-vrrp vrid 1



78

[~SwitchB-Vlanif100] commit[~SwitchB-Vlanif100] quit


Run the display vrrp command on SwitchA. The command output shows that SwitchA servesas the master device in the LBRG and as a backup device in the LBRG member group.

<SwitchA> display vrrp verboseVlanif100 | Virtual Router 1State : MasterVirtual IP : 10.1.1.111Master IP : 10.1.1.1PriorityRun : 120PriorityConfig : 120MasterPriority : 120Preempt : YES Delay Time : 0sTimerRun : 1sTimerConfig : 1sAuth Type : NONEVirtual MAC : 0000-5e00-0101Check TTL : YESConfig Type : lb-vrrpCreate Time : 2012-10-19 03:29:46Last Change Time : 2012-10-19 03:29:51

Vlanif100 | Virtual Router 2State : BackupVirtual IP : 0.0.0.0Master IP : 10.1.1.2PriorityRun : 100PriorityConfig : 100MasterPriority : 120Preempt : YES Delay Time : 0sTimerRun : 1sTimerConfig : 1sAuth Type : NONEVirtual MAC : 0000-5e00-0102Check TTL : YESConfig Type : lb-member-vrrpCreate Time : 2012-10-19 03:30:17Last Change Time : 2012-10-19 03:33:05

Run the display vrrp command on SwitchB. The command output shows that SwitchB servesas a backup device in the LBRG and as the master device in the LBRG member group.

<SwitchB> display vrrp verboseVlanif100 | Virtual Router 1State : BackupVirtual IP : 10.1.1.111Master IP : 10.1.1.1PriorityRun : 100PriorityConfig : 100MasterPriority : 120Preempt : YES Delay Time : 0sTimerRun : 1sTimerConfig : 1sAuth Type : NONEVirtual MAC : 0000-5e00-0101Check TTL : YESConfig Type : lb-vrrpCreate Time : 2012-10-19 03:32:29Last Change Time : 2012-10-19 03:32:31

Vlanif100 | Virtual Router 2State : MasterVirtual IP : 0.0.0.0Master IP : 10.1.1.2



79

PriorityRun : 120PriorityConfig : 120MasterPriority : 120Preempt : YES Delay Time : 0sTimerRun : 1sTimerConfig : 1sAuth Type : NONEVirtual MAC : 0000-5e00-0102Check TTL : YESConfig Type : lb-member-vrrpCreate Time : 2012-10-19 03:32:51Last Change Time : 2012-10-19 03:33:04

Run the display vrrp load-balance command on Switch A. The command output showsinformation about the LBRG and its member group on Switch A.

<SwitchA> display vrrp load-balance member-vrrpInterface: Vlanif100, load-balance-vrrp vrid: 1, state: Master Member-vrrp number: 1 Member-vrrp vrid: 2, state: Backup

Run the display vrrp load-balance command on Switch B. The command output showsinformation about the LBRG and its member group on Switch B.

<SwitchB> display vrrp load-balance member-vrrpInterface: Vlanif100, load-balance-vrrp vrid: 1, state: Backup Member-vrrp number: 1 Member-vrrp vrid: 2, state: Master

----End


#sysname SwitchA#vlan batch 100 300#interface Vlanif100 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 load-balance vrrp vrid 1 priority 120 vrrp vrid 2 vrrp vrid 2 join load-balance-vrrp vrid 1#interface VLANIF300 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return



80

l Configuration file of SwitchB#sysname SwitchB#vlan batch 100 200#interface Vlanif100 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 load-balance vrrp vrid 2 vrrp vrid 2 priority 120 vrrp vrid 2 join load-balance-vrrp vrid 1#interface VLANIF200 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/2 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchC#sysname SwitchC#vlan batch 200 300 400#interface VLANIF200 ip address 192.168.2.2 255.255.255.0#interface VLANIF300 ip address 192.168.1.2 255.255.255.0#interface VLANIF400 ip address 20.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 400#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255 network 20.1.1.0 0.0.0.255#return



81

3.8.4 Example for Connecting VRRP Groups to L3VPNs


IT technologies such as enterprise resource planning, voice over IP (VoIP), video conferencing,and online training provide a framework for office automation and information access inenterprises. As network economy develops, enterprises have growing networks and partners,and employees are often on business trips. A carrier network is required to help an enterpriseconnect its headquarters and branches and provide convenient access services for the staff onbusiness trips.VPN technology was developed and used over an IP network to meet thisrequirement.

To improve VPN reliability, VPN interfaces can be added to different VRRP groups.

In Figure 3-10, there are two VPNs: VPN RED and VPN BLUE. It is required that users indifferent VPNs communicate with each other and reliability on the L3VPN be ensured.

Figure 3-10 Networking diagram for connecting VRRP groups to L3VPNs

Loopback1

Backup group1

Loopback1

Loopback1

Loopback1

VPN BLUE

VPN RED

GE1/0/0CE-A

10GE1/0/1

10GE1/0

/2

10GE1/0/3

10GE1/0/3

10GE1/0/2

GE1/0/0CE-D

PE-C

10GE1/0/3

10GE1/0/1

10GE1/0/2

10GE1/0/310GE1/0/2

10GE1/0/1

GE1/0/0 CE-B

VPN BLUE

PublicNetwork

for VPN BLUE

PE-B

PE-A

Backup group2for VPN RED

Branch of company B

Branch of company A

10GE1/0/1

GE1/0/0CE-C

VPN RED

Headquarters of company A

P

Headquarters of company B

Table 3-4 Configuration data

Device Interface VLANIFInterface

IP Address VPN Instance

P 10GE1/0/1 VLANIF 300 192.168.1.2/24 -



82

Device Interface VLANIFInterface

IP Address VPN Instance

10GE1/0/2 VLANIF 400 192.168.2.2/24 -

10GE1/0/3 VLANIF 500 192.168.3.2/24 -

Loopback1 - 4.4.4.4/32 -

PE-A 10GE1/0/1 VLANIF 100 10.1.1.1/24 VPN-BLUE

10GE1/0/2 VLANIF 200 20.1.1.1/24 VPN-RED

10GE1/0/3 VLANIF 300 192.168.1.1/24 -

Loopback1 - 1.1.1.1/32 -

PE-B 10GE1/0/1 VLANIF 100 10.1.1.2/24 VPN-BLUE

10GE1/0/2 VLANIF 200 20.1.1.2/24 VPN-RED

10GE1/0/3 VLANIF 400 192.168.2.1/24 -

Loopback1 - 2.2.2.2/32 -

PE-C 10GE1/0/1 VLANIF 500 20.2.1.1/24 VPN-RED

10GE1/0/2 VLANIF 600 10.2.1.1/24 VPN-BLUE

10GE1/0/3 VLANIF 700 192.168.3.1/24 -

Loopback1 - 3.3.3.3/32 -

CE-A GE1/0/0 - 10.1.1.100/24 -

CE-B GE1/0/0 - 20.1.1.100/24 -

CE-C GE1/0/0 - 20.2.1.100/24 -

CE-D GE1/0/0 - 10.2.1.100/24 -

Configuration RoadmapVRRP groups 1 and 2 are configured on PE-A and PE-B to improve L3VPN reliability.

Procedure

Step 1 Configure OSPF between PEs and between PEs and P to implement interworking of thebackbone network. The configuration details are not mentioned here.

Step 2 On the MPLS backbone network, configure basic MPLS functions and MPLS LDP and establishLDP LSPs. The configuration details are not mentioned here.

Step 3 Configure VPN instances on each PE and connect CEs to the PEs. The configuration details arenot mentioned here.



83

Step 4 Establish MP-IBGP peer relationships between PEs. The configuration details are not mentionedhere.

Step 5 Configure default routes on CE-A and CE-B. The configuration details are not mentioned here.

For configurations of steps 1 to 5, see "BGP MPLS IP VPN Configuration" in ConfigurationGuide - VPN. You can also see configuration files in this example.

Step 6 Configure two VRRP groups on PE-A and PE-B.

# Create VRRP group 1 and set the VRRP priority to 120 on PE-A so that PE-A is the master.<PE-A> system-view[~PE-A] interface vlanif 100[~PE-A-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~PE-A-Vlanif100] vrrp vrid 1 priority 120[~PE-A-Vlanif100] commit[~PE-A-Vlanif100] quit

# Create VRRP group 2 on PE-A and configure PE-A to use the default priority.[~PE-A] interface vlanif 200[~PE-A-Vlanif200] vrrp vrid 2 virtual-ip 20.1.1.111[~PE-A-Vlanif200] commit[~PE-A-Vlanif200] quit

# Create VRRP group 1 on PE-B and configure PE-B to use the default priority.<PE-B> system-view[~PE-B] interface vlanif 100[~PE-B-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~PE-B-Vlanif100] commit[~PE-B-Vlanif100] quit

# Create VRRP group 2 and set the VRRP priority to 120 on PE-B so that PE-B is the master inVRRP group 2.[~PE-B] interface vlanif 200[~PE-B-Vlanif200] vrrp vrid 2 virtual-ip 20.1.1.111[~PE-B-Vlanif200] vrrp vrid 2 priority 120[~PE-B-Vlanif200] commit[~PE-B-Vlanif200] quit


# Run the display ip routing-table vpn-instance vpn-instance-name command on PE-A andPE-B. The command output shows that a route to the virtual IP address exists in the routing tableon PE-A but not on PE-B. The routing table on PE-A is displayed.<PE-A> display ip routing-table vpn-instance VPN-BLUERoute Flags: R - relay, D - download for forwarding------------------------------------------------------------------------------Routing Table : VPN-BLUE Destinations : 8 Routes : 8

Destination/Mask Proto Pre Cost Flags NextHop Interface

10.1.1.0/24 Direct 0 0 D 10.1.1.2 Vlanif100 10.1.1.1/32 Direct 0 0 D 10.1.1.1 Vlanif100 10.1.1.111/32 Direct 0 0 D 127.0.0.1 Vlanif100 10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif100 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

# Run the ping command on PE-A and PE-B to ping a specified VPN instance. The ping issuccessful on each PE.



84

<PE-A> ping -vpn-instance VPN-BLUE 10.1.1.111

The virtual IP address 10.1.1.111 can be pinged.

----End

Configuration Filesl Configuration file of PE-A

#sysname PE-A#vlan batch 100 200 300#ip vpn-instance VPN-BLUE route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity#ip vpn-instance VPN-RED route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity# mpls lsr-id 1.1.1.1 mpls#mpls ldp#interface Vlanif100 undo shutdown ip binding vpn-instance VPN-BLUE ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120#interface Vlanif200 undo shutdown ip binding vpn-instance VPN-RED ip address 20.1.1.1 255.255.255.0 vrrp vrid 2 virtual-ip 20.1.1.111#interface Vlanif300 undo shutdown ip address 192.168.1.1 255.255.255.0 mpls mpls ldp#interface LoopBack1 ip address 1.1.1.1 255.255.255.255#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 300#bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable



85

# ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance VPN-BLUE import-route direct import-route static # ipv4-family vpn-instance VPN-RED import-route direct import-route static#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 1.1.1.1 0.0.0.0# ip route-static vpn-instance VPN-BLUE 0.0.0.0 0.0.0.0 10.1.1.100 ip route-static vpn-instance VPN-RED 0.0.0.0 0.0.0.0 20.1.1.100return

l Configuration file of PE-B#sysname PE-B#vlan batch 100 200 400#ip vpn-instance VPN-BLUE route-distinguisher 100:1 vpn-target 100:1 export-extcommunity vpn-target 100:1 import-extcommunity#ip vpn-instance VPN-RED route-distinguisher 200:1 vpn-target 200:1 export-extcommunity vpn-target 200:1 import-extcommunity# mpls lsr-id 2.2.2.2 mpls#mpls ldp#interface Vlanif100 undo shutdown ip binding vpn-instance VPN-BLUE ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111#interface Vlanif200 undo shutdown ip binding vpn-instance VPN-RED ip address 20.1.1.2 255.255.255.0 vrrp vrid 2 virtual-ip 20.1.1.111 vrrp vrid 2 priority 120#interface Vlanif400 undo shutdown ip address 192.168.2.1 255.255.255.0 mpls mpls ldp#interface LoopBack1 ip address 2.2.2.2 255.255.255.255#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 100#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 200



86

#interface 10GE1/0/3 port link-type trunk port trunk allow-pass vlan 300#bgp 100 peer 3.3.3.3 as-number 100 peer 3.3.3.3 connect-interface LoopBack1 # ipv4-family unicast undo synchronization peer 3.3.3.3 enable # ipv4-family vpnv4 policy vpn-target peer 3.3.3.3 enable # ipv4-family vpn-instance VPN-BLUE import-route direct import-route static # ipv4-family vpn-instance VPN-RED import-route direct import-route static#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 2.2.2.2 0.0.0.0# ip route-static vpn-instance VPN-BLUE 0.0.0.0 0.0.0.0 10.1.1.100 ip route-static vpn-instance VPN-RED 0.0.0.0 0.0.0.0 20.1.1.100return

3.8.5 Example for Configuring Association Between VRRP and BFDto Implement a Rapid Active/Standby Switchover

Networking RequirementsAs shown in Figure 3-11, hosts on a LAN are dual-homed to SwitchA and SwitchB through theswitch. A VRRP group is established on SwitchA and SwitchB, and SwitchA is the master.

When SwitchA or the link between SwitchA and the switch is faulty, the switchover period iswithin 1s. This reduces the impact of the fault on service transmission.

Figure 3-11 Networking diagram for configuring association between VRRP and BFD toimplement a rapid active/standby switchover



87

SwitchBBackup

Internet

VRRP VRID 1Virtual IP Address:10.1.1.3/24 Master

SwitchA

HostB

Switch

HostA

GE1/0/0

GE2/0/0

10GE1/0/1VLANIF10010.1.1.2/24

10GE1/0/1VLANIF10010.1.1.1/24

BFD packets




2. Configure a VRRP group on SwitchA and SwitchB. SwitchA functions as the master, itspriority is 120, and the preemption delay is 20s. SwitchB functions as the backup and usesthe default priority.

3. Configure a static BFD session on SwitchA and SwitchB to monitor the link of the VRRPgroup.

4. Association between VRRP and BFD is configured on SwitchB. When the link is faulty,an active/standby switchover can be performed rapidly.

Procedure



<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan 100[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 100[~SwitchA-10GE1/0/1] port trunk pvid vlan 100[~SwitchA-10GE1/0/1] undo port trunk allow-pass vlan 1[~SwitchA-10GE1/0/1] quit[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] ip address 10.1.1.1 24[~SwitchA-Vlanif100] quit[~SwitchA] commit





88




Step 3 Configure a static BFD session.

# Create a BFD session on SwitchA.

[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] bfd atob bind peer-ip 10.1.1.2 interface vlanif 100[~SwitchA-bfd-session-atob] discriminator local 1[~SwitchA-bfd-session-atob] discriminator remote 2[~SwitchA-bfd-session-atob] min-rx-interval 50[~SwitchA-bfd-session-atob] min-tx-interval 50 [~SwitchA-bfd-session-atob] commit[~SwitchA-bfd-session-atob] quit

# Create a BFD session on SwitchB.

[~SwitchB] bfd[~SwitchB-bfd] quit[~SwitchB] bfd btoa bind peer-ip 10.1.1.1 interface vlanif 100[~SwitchB-bfd-session-btoa] discriminator local 2[~SwitchB-bfd-session-btoa] discriminator remote 1[~SwitchB-bfd-session-btoa] min-rx-interval 50[~SwitchB-bfd-session-btoa] min-tx-interval 50[~SwitchB-bfd-session-btoa] commit[~SwitchB-bfd-session-btoa] quit

Run the display bfd session command on SwitchA and SwitchB. You can see that the BFDsession is Up. The display on Switch A is used as an example.

<SwitchA> display bfd session all--------------------------------------------------------------------------------Local Remote PeerIpAddr State Type InterfaceName --------------------------------------------------------------------------------1 2 10.1.1.2 Up S_IP_IF Vlanif100 -------------------------------------------------------------------------------- Total UP/DOWN Session Number : 1/0

Step 4 Associate BFD with VRPP.

# Configure association between VRRP and BFD on SwitchB. When the BFD session becomesDown, the priority of SwitchB increases by 40.

[~SwitchB] interface vlanif 100[~SwitchB-Vlanif100] vrrp vrid 1 track bfd 2 increase 40[~SwitchB-Vlanif100] commit[~SwitchB-Vlanif100] quit


# After the configuration is complete, run the display vrrp command on SwitchA and SwitchB.SwitchA is the master, SwitchB is the backup, and the associated BFD session is in Up state.

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master



89

Virtual IP : 10.1.1.3 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-22 17:32:56 Last change time : 2012-05-22 17:33:00<SwitchB>display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.3 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track BFD : 2 Priority increased : 40 BFD-Session State: UP Create time : 2012-05-22 17:33:00 Last change time : 2012-05-22 17:33:04

# Run the shutdown command on 10GE1/0/1 of SwitchA to simulate a link fault. Then run thedisplay vrrp command on SwitchA and SwitchB. You can see that SwitchA is in Initialize state,SwitchB becomes the master, and the associated BFD session becomes Down.

[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] shutdown[~SwitchA-10GE1/0/1] commit[~SwitchA-10GE1/0/1] quit

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Initialize Virtual IP : 10.1.1.3 Master IP : 0.0.0.0 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 0 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-22 17:32:56 Last change time : 2012-05-22 17:33:06<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.3 Master IP : 10.1.1.2 PriorityRun : 140 PriorityConfig : 100 MasterPriority : 140 Preempt : YES Delay Time : 0 s Remain : --



90

TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track BFD : 2 Priority increased : 40 BFD-Session State: DOWN Create time : 2012-05-22 17:33:00 Last change time : 2012-05-22 17:33:06

# Run the undo shutdown command on 10GE1/0/1 of SwitchA. After 20s, run the displayvrrp command on SwitchA and SwitchB. You can see that SwitchA restores to be the master,SwitchB restores to be the backup, and the associated BFD session is in Up state.

[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] undo shutdown[~SwitchA-10GE1/0/1] commit[~SwitchA-10GE1/0/1] quit

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.3 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-22 17:32:56 Last change time : 2012-05-22 17:33:50<SwitchB>display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.3 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track BFD : 2 Priority increased : 40 BFD-Session State: UP Create time : 2012-05-22 17:33:00 Last change time : 2012-05-22 17:33:50

----End


#sysname SwitchA#vlan batch 100# bfd



91

#interface Vlanif100 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.3 vrrp vrid 1 priority 120 vrrp vrid 1 preempt timer delay 20#interface 10GE1/0/1 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#bfd atob bind peer-ip 10.1.1.2 interface Vlanif100 discriminator local 1 discriminator remote 2 min-tx-interval 50 min-rx-interval 50 commit #ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 100#bfd#interface Vlanif100 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.3 vrrp vrid 1 track bfd 2 increase 40#interface 10GE1/0/1 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#bfd btoa bind peer-ip 10.1.1.1 interface Vlanif100 discriminator local 2 discriminator remote 1 min-tx-interval 50 min-rx-interval 50 commit#ospf 1 area 0.0.0.0 network 10.1.1.0 0.0.0.255#return

3.8.6 Example for Configuring Association Between VRRP and thelogical Interface Status

Networking RequirementsAs shown in Figure 3-12, hosts on a LAN are dual-homed to SwitchA and SwitchB through theswitch. A VRRP group is established on SwitchA and SwitchB, and SwitchA is the master.



92

When VLANIF 300 on SwitchA becomes faulty, the VRRP group can immediately detect thefault and an active/standby switchover is performed. SwitchB then continues to forward services.This reduces the impact of the fault on service transmission.

Figure 3-12 Network diagram for configuring association between VRRP and the interfacestatus

SwitchBBackup

Internet

VRRP VRID 1Virtual IP Address:10.1.1.3/24

MasterSwitchA

HostB

Switch

HostA

GE1/0/0

GE2/0/0

10GE1/0/210.1.1.2/24

10GE1/0/210.1.1.1/24

10GE1/0/1192.168.1.1/24

10GE1/0/2192.168.2.2/24

10GE1/0/1192.168.2.1/24

10GE1/0/1192.168.1.2/24

SwitchC



10GE1/0/2 VLANIF 100 10.1.1.1/24


10GE1/0/2 VLANIF 100 10.1.1.2/24


10GE1/0/2 VLANIF 200 192.168.2.2/24



2. Configure a VRRP group on SwitchA and SwitchB, set a higher priority for SwitchA sothat SwitchA functions as the master to forward traffic, and set a lower priority forswitchB so that switchB functions as the backup.

3. Configure association between VRRP and the interface status on SwitchA to monitorVLANIF 300. When the link between SwitchA and SwitchC becomes faulty, the VRRPgroup can immediately detect the fault and an active/standby switchover is performed.



93

Procedure











Step 3 Configure association between VRRP and the interface status.

# Configure association between VRRP and the interface status on SwitchA. When VLANIF100 becomes Down, the priority of SwitchA decreases by 40.

[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] vrrp vrid 1 track interface vlanif 300 reduce 40



94

[~SwitchA-Vlanif100] commit[~SwitchA-Vlanif100] quit


# After the configuration is complete, run the display vrrp command on SwitchA and SwitchB.SwitchA is the master, SwitchB is the backup, and the associated interface is in Up state.

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.3 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track IF : VLANIF300 Priority reduced : 40 IF state : UP Create time : 2012-05-22 17:32:56 Last change time : 2012-05-22 17:33:00<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.3 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-22 17:33:00 Last change time : 2012-05-22 17:33:04

# Run the shutdown command on 10GE1/0/1 of SwitchA to simulate a link fault. Run thedisplay vrrp command on SwitchA and SwitchB. You can see that SwitchA switches to theBackup state, SwitchB switches to the Master state, and the associated interface is in Down state.

[~SwitchA] interface vlanif 300[~SwitchA-Vlanif300] shutdown[~SwitchA-Vlanif300] commit[~SwitchA-Vlanif300] quit<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.3 Master IP : 10.1.1.2 PriorityRun : 80 PriorityConfig : 120 MasterPriority : 100 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track IF : VLANIF300 Priority reduced : 40



95

IF state : DOWN Create time : 2012-05-22 17:33:56 Last change time : 2012-05-22 17:34:00<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.3 Master IP : 10.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-22 17:34:00 Last change time : 2012-05-22 17:34:04

# Run the undo shutdown command on 10GE1/0/1 of SwitchA. Run the display vrrp commandon SwitchA and SwitchB. After 20s, you can see that SwitchA restores to be the master,SwitchB restores to be the backup, and the associated interface is in Up state.

[~SwitchA] interface vlanif 300[~SwitchA-Vlanif300] undo shutdown[~SwitchA-Vlanif300] commit[~SwitchA-Vlanif300] quit<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.3 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track IF : VLANIF300 Priority reduced : 40 IF state : UP Create time : 2012-05-22 17:34:56 Last change time : 2012-05-22 17:35:00<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.3 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-22 17:35:00 Last change time : 2012-05-22 17:35:04

----End



96


#sysname SwitchA#vlan batch 100 300#interface Vlanif100 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.3 vrrp vrid 1 priority 120 vrrp vrid 1 preempt timer delay 20 vrrp vrid 1 track interface Vlanif300 reduce 40#interface Vlanif200 ip address 192.168.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 100 200#interface Vlanif100 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.3#interface Vlanif200 ip address 192.168.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/2 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchC#sysname SwitchC#



97

vlan batch 200 300#interface Vlanif200 ip address 192.168.2.2 255.255.255.0#interface Vlanif300 ip address 192.168.1.2 255.255.255.0#interface 10GE1/0/1 port hybrid pvid vlan 300 port hybrid untagged vlan 300#interface 10GE1/0/2 port hybrid pvid vlan 200 port hybrid untagged vlan 200#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 192.168.2.0 0.0.0.255#return

3.8.7 Example for Configuring Association Between VRRP and BFDto Monitor the Uplink Status


As shown in Figure 3-13, hosts on a LAN are dual-homed to SwitchA and SwitchB through theswitch. A VRRP group is established on SwitchA and SwitchB, and SwitchA is the master.Generally, SwitchA functions as the gateway and user traffic is along the path Switch ->SwitchA -> SwitchC -> SwitchE.

When the link between SwitchC and SwitchE is faulty, the VRRP group can detect the faultwithin 1s and an active/standby switchover is performed rapidly. Then SwitchB forwardsservices, so the impact of the link fault on service transmission is reduced.

Figure 3-13 Association between VRRP and BFD to monitor the uplink status

HostA

SwitchA

SwitchB

SwitchC

SwitchD

Internet

10GE1/0/2192.168.1.1/24


10GE1/0/110.1.1.1/24

10GE1/0/110.1.1.2/24

10GE1/0/1192.168.1.2/24

10GE1/0/220.1.1.1/24

Switch

10GE1/0/2192.168.2.1/24

10GE1/0/1192.168.2.2/24

Master

Backup

10GE1/0/230.1.1.1/24

10GE1/0/230.1.1.2/24

10GE1/0/120.1.1.2/24GE1/0/0

GE2/0/0

SwitchE

BFD packets



98



10GE1/0/2 VLANIF 300 192.168.1.1/24


10GE1/0/2 VLANIF 200 192.168.2.1/24


10GE1/0/2 VLANIF 500 20.1.1.1/24

SwitchD 10GE1/0/1 VLANIF 200 192.168.2.2/24

10GE1/0/2 VLANIF 400 30.1.1.1/24

SwitchE 10GE1/0/1 VLANIF 500 20.1.1.2/24

10GE1/0/2 VLANIF 400 30.1.1.2/24



2. Configure a VRRP group on SwitchA and SwitchB. Set the priority of SwitchA to 120 andthe preemption delay to 20s so that SwitchA functions as the master. Configure SwitchBto use the default priority so that SwitchB functions as the backup.

3. Configure a static BFD session on SwitchA and SwitchE to monitor the link betweenSwitchA and SwitchE.

4. Configure association between VRRP and BFD on SwitchA. When the link is faulty, anactive/standby switchover can be performed rapidly.

Procedure


# Assign an IP address to each interface. SwitchA is used as an example. The configurations ofother devices are similar to the configuration of switchA, and are not mentioned here.

<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 100 300[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 100[~SwitchA-10GE1/0/1] port trunk pvid vlan 100[~SwitchA-10GE1/0/1] undo port trunk allow-pass vlan 1[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 300[~SwitchA-10GE1/0/2] quit[~SwitchA] interface vlanif 100



99

[~SwitchA-Vlanif100] ip address 10.1.1.1 24[~SwitchA-Vlanif100] quit[~SwitchA] interface vlanif 300[~SwitchA-Vlanif300] ip address 192.168.1.1 24[~SwitchA-Vlanif300] quit[~SwitchA] commit

# Configure OSPF between Switchs. SwitchA is used as an example. The configurations of otherSwitchs are similar to the configuration of SwitchA, and are not mentioned here.[~SwitchA] ospf 1[~SwitchA-ospf-1] area 0[~SwitchA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] network 192.168.1.0 0.0.0.255[~SwitchA-ospf-1-area-0.0.0.0] commit[~SwitchA-ospf-1-area-0.0.0.0] quit[~SwitchA-ospf-1] quit


# Configure VRRP group 1 on SwitchA, and set the priority of SwitchA to 120 and thepreemption delay to 20s.[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.10[~SwitchA-Vlanif100] vrrp vrid 1 priority 120[~SwitchA-Vlanif100] vrrp vrid 1 preempt timer delay 20[~SwitchA-Vlanif100] commit[~SwitchA-Vlanif100] quit

# Configure VRRP group 1 on SwitchB. SwitchB uses default priority 100.[~SwitchB] interface vlanif 100[~SwitchB-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.10[~SwitchB-Vlanif100] commit[~SwitchB-Vlanif100] quit

Step 3 Configure a static BFD session.

# Create a BFD session on SwitchA.[~SwitchA] bfd[~SwitchA-bfd] quit[~SwitchA] bfd atob bind peer-ip 20.1.1.2[~SwitchA-bfd-session-atob] discriminator local 1[~SwitchA-bfd-session-atob] discriminator remote 2[~SwitchA-bfd-session-atob] min-rx-interval 50[~SwitchA-bfd-session-atob] min-tx-interval 50 [~SwitchA-bfd-session-atob] commit[~SwitchA-bfd-session-atob] quit

# Create a BFD session on SwitchE.[~SwitchE] bfd[~SwitchE-bfd] quit[~SwitchE] bfd btoa bind peer-ip 192.168.1.1[~SwitchE-bfd-session-btoa] discriminator local 2[~SwitchE-bfd-session-btoa] discriminator remote 1[~SwitchE-bfd-session-btoa] min-rx-interval 50[~SwitchE-bfd-session-btoa] min-tx-interval 50 [~SwitchE-bfd-session-btoa] commit[~SwitchE-bfd-session-btoa] quit

Step 4 Configure association between VRRP and BFD.

# Configure association between VRRP and BFD on SwitchA. When the BFD session becomesDown, the priority of SwitchA decreases by 40.[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] vrrp vrid 1 track bfd 1 reduce 40



100

[~SwitchB-Vlanif100] commit[~SwitchA-Vlanif100] quit


# After the configuration is complete, run the display vrrp command on SwitchA and SwitchB.SwitchA is the master, SwitchB is the backup, and the associated BFD session is in Up state.

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track BFD : 1 Priority reduced : 40 BFD-Session State : UP Create time : 2012-05-22 17:32:56 Last change time : 2012-05-22 17:33:00<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-22 17:33:00 Last change time : 2012-05-22 17:33:04

# Run the shutdown command on 10GE1/0/1 of SwitchE to simulate a link fault.

[~SwitchE] interface 10ge 1/0/1[~SwitchE-10GE1/0/1] shutdown[~SwitchE-10GE1/0/1] commit[~SwitchE-10GE1/0/1] quit

# Run the display vrrp command on SwitchA and SwitchB. You can see that SwitchA is inBackup state, SwitchB becomes the master, and the associated BFD session becomes Down.

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.10 Master IP : 10.1.1.2 PriorityRun : 80 PriorityConfig : 120 MasterPriority : 100 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES



101

Config type : normal-vrrp Track BFD : 1 Priority reduced : 40 BFD-Session State : DOWN Create time : 2012-05-22 17:34:56 Last change time : 2012-05-22 17:35:00<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.10 Master IP : 10.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-22 17:35:00 Last change time : 2012-05-22 17:35:04

# Run the undo shutdown command on 10GE1/0/1 of SwitchE.

[~SwitchE] interface 10ge 1/0/1[~SwitchE-10GE1/0/1] undo shutdown[~SwitchE-10GE1/0/1] commit[~SwitchE-10GE1/0/1] quit

# After 20s, run the display vrrp command on SwitchA and SwitchB. You can see thatSwitchA restores to be the master, SwitchB restores to be the backup, and the associated BFDsession is in Up state.

<SwitchA> display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track BFD : 1 Priority reduced : 40 BFD-Session State : UP Create time : 2012-05-22 17:36:56 Last change time : 2012-05-22 17:37:00<SwitchB> display vrrp verbose Vlanif100 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp



102

Create time : 2012-05-22 17:37:00 Last change time : 2012-05-22 17:37:04

----End


#sysname SwitchA#vlan batch 100 300#interface Vlanif100 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.3 vrrp vrid 1 priority 120 vrrp vrid 1 preempt timer delay 20 vrrp vrid 1 track bfd 1 reduce 40#interface Vlanif300 ip address 192.168.1.1 255.255.255.0#bfd atob bind peer-ip 20.1.1.2 discriminator local 1 discriminator remote 2 min-tx-interval 50 min-rx-interval 50 commit#interface 10GE1/0/1 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 300#ospf 1 area 0.0.0.0 network 192.168.1.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 100 200#interface Vlanif100 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.10#interface Vlanif200 ip address 192.168.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#interface 10GE1/0/2 port link-type trunk



103

port trunk allow-pass vlan 200#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 10.1.1.0 0.0.0.255#return

l Configuration file of SwitchC#sysname SwitchC#vlan batch 300 500#interface Vlanif300 ip address 192.168.1.2 255.255.255.0#interface Vlanif500 ip address 20.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 500#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 20.1.1.0 0.0.0.255#return

l Configuration file of SwitchD#sysname SwitchD#vlan batch 200 400#interface Vlanif200 ip address 192.168.2.2 255.255.255.0#interface Vlanif400 ip address 30.1.1.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 400#ospf 1 area 0.0.0.0 network 192.168.2.0 0.0.0.255 network 30.1.1.0 0.0.0.255#return

l Configuration file of SwitchE#sysname SwitchE# bfd# vlan batch 400 500



104

#interface Vlanif400 ip address 30.1.1.2 255.255.255.0#interface Vlanif500 ip address 20.1.1.2 255.255.255.0#bfd btoa bind peer-ip 192.168.1.1 discriminator local 2 discriminator remote 1 min-tx-interval 50 min-rx-interval 50 commit #interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 500#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 400#ospf 1 area 0.0.0.0 network 20.1.1.0 0.0.0.255 network 30.1.1.0 0.0.0.255#return

3.8.8 Example for Configuring Association Between VRRP andRouting to Monitor the Uplink Status

Networking RequirementsAs shown in Figure 3-14, hosts on a LAN are dual-homed to SwitchA and SwitchB through theswitch. A VRRP group is established on SwitchA and SwitchB, and SwitchA is the master.SwitchA functions as the gateway and user traffic is along the path Switch -> SwitchA ->SwitchC -> SwitchE.

When the route between SwitchC and SwitchE is withdrawn or becomes inactive, the VRRPgroup can detect the fault and an active/standby switchover is performed. SwitchB is enabled toforward services, so the impact of the link fault on service forwarding is reduced.



105

Figure 3-14 Association between VRRP and routing to monitor the uplink status

HostA

SwitchA

SwitchB

SwitchC

SwitchD

Internet

10GE1/0/2192.168.1.1/24


10GE1/0/110.1.1.1/24

10GE1/0/110.1.1.2/24

10GE1/0/1192.168.1.2/24

10GE1/0/220.1.1.1/24

Switch

10GE1/0/2192.168.2.1/24

10GE1/0/1192.168.2.2/24

Master

Backup

10GE1/0/230.1.1.1/24

10GE1/0/230.1.1.2/24

10GE1/0/120.1.1.2/24GE1/0/0

GE2/0/0

SwitchE



10GE1/0/2 VLANIF 300 192.168.1.1/24


10GE1/0/2 VLANIF 200 192.168.2.1/24


10GE1/0/2 VLANIF 500 20.1.1.1/24

SwitchD 10GE1/0/1 VLANIF 200 192.168.2.2/24

10GE1/0/2 VLANIF 400 30.1.1.1/24

SwitchE 10GE1/0/1 VLANIF 500 20.1.1.2/24

10GE1/0/2 VLANIF 400 30.1.1.2/24



2. Configure a VRRP group on SwitchA and SwitchB, set a higher priority for SwitchA sothat SwitchA functions as the master to forward traffic and set the preemption delay to 20s,and set a lower priority for SwitchB so that SwitchB functions as the backup.



106

3. Configure association between VRRP and routing on SwitchA so that an active/standbyswitchover is performed immediately when the monitored route is withdrawn or becomesinactive.

Procedure

Step 1 Assign an IP address to each interface. SwitchA is used as an example. The configurations ofother devices are similar to the configuration of SwitchA, and are not mentioned here.<HUAWEI> system-view[~HUAWEI] sysname SwitchA[~HUAWEI] commit[~SwitchA] vlan batch 100 300[~SwitchA] interface 10ge 1/0/1[~SwitchA-10GE1/0/1] port link-type trunk[~SwitchA-10GE1/0/1] port trunk allow-pass vlan 100[~SwitchA-10GE1/0/1] port trunk pvid vlan 100[~SwitchA-10GE1/0/1] undo port trunk allow-pass vlan 1[~SwitchA-10GE1/0/1] quit[~SwitchA] interface 10ge 1/0/2[~SwitchA-10GE1/0/2] port link-type trunk[~SwitchA-10GE1/0/2] port trunk allow-pass vlan 300[~SwitchA-10GE1/0/2] quit[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] ip address 10.1.1.1 24[~SwitchA-Vlanif100] quit[~SwitchA] interface vlanif 300[~SwitchA-Vlanif300] ip address 192.168.1.1 24[~SwitchA-Vlanif300] quit[~SwitchA] commit




# Configure VRRP group 1 on SwitchB. SwitchB uses default priority 100.


Step 3 Configure IS-IS. SwitchA, SwitchC, and SwitchE are used as an example. The configurationsof other Switchs are similar to the configuration of SwitchA, and are not mentioned here.

# Set the IS-IS NET of SwitchA to 10.0000.0000.0001.00, and set the IS-IS level to 1.

[~SwitchA] isis 1[~SwitchA-isis-1] is-level level-1 [~SwitchA-isis-1] network-entity 10.0000.0000.0001.00[~SwitchA-isis-1] quit[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] isis enable 1[~SwitchA-Vlanif100] quit[~SwitchA] interface vlanif 200[~SwitchA-Vlanif 200] isis enable 1[~SwitchA-Vlanif200] quit

# Set the IS-IS NET of SwitchC to 10.0000.0000.0002.00.



107

[~SwitchC] isis 1[~SwitchC-isis-1] network-entity 10.0000.0000.0002.00[~SwitchC-isis-1] quit[~SwitchC] interface vlanif 300[~SwitchC-Vlanif300] isis enable 1[~SwitchC-Vlanif300] quit[~SwitchC] interface vlanif 500[~SwitchC-Vlanif500] isis enable 1[~SwitchC-Vlanif500] quit

# Set the IS-IS NET of SwitchE to 10.0000.0000.0003.00 and 20.0000.0000.0003.00.[~SwitchE] isis 1[~SwitchE-isis-1] network-entity 10.0000.0000.0003.00[~SwitchE-isis-1] quit[~SwitchE] interface vlanif 500[~SwitchE-Vlanif 500] isis enable 1[~SwitchE-Vlanif500] quit[~SwitchE] isis 2[~SwitchE-isis-2] network-entity 20.0000.0000.0003.00[~SwitchE-isis-2] quit[~SwitchE] interface vlanif 400[~SwitchE-Vlanif400] isis enable 2[~SwitchE-Vlanif400] quit

Step 4 Configure association between VRRP and routing on SwitchA. When the associated route iswithdrawn, the priority of SwitchA decreases by 40.[~SwitchA] interface vlanif 100[~SwitchA-Vlanif100] vrrp vrid 1 track ip route 20.1.1.0 24 reduce 40[~SwitchA-Vlanif100] quit


# After the configuration is complete, run the display isis route command on SwitchA. You cansee a route to network segment 20.1.1.0/24.<SwitchA> display isis route Route information for ISIS(1) ----------------------------- ISIS(1) Level-1 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------- 192.168.1.0/24 10 NULL GE0/0/2 Direct D/-/L/- 20.1.1.0/24 20 NULL 10GE1/0/2 192.168.1.2 A/-/-/- 10.1.1.0/24 10 NULL Vlanif18 Direct D/-/L/- 10.1.1.10/32 10 NULL Vlanif18 Direct D/-/L/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set

# Run the display vrrp command on SwitchA and SwitchB. You can see that SwitchA is themaster, SwitchB is the backup, and the associated route is reachable.<SwitchA> display vrrp verbose 10GE1/0/1 | Virtual Router 1 State : Master Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101



108

Check TTL : YES Config type : normal-vrrp Track IP route : 20.1.1.0/24 Priority reduced : 40 IP route state : Reachable Create time : 2012-05-29 21:25:47 Last change time : 2012-05-29 21:25:51 <SwitchB> display vrrp verbose 10GE1/0/1 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-29 21:25:47 Last change time : 2012-05-29 21:25:51

# Run the shutdown command on 10GE1/0/1 of SwitchE to simulate a link fault.

[~SwitchE] interface 10ge 1/0/1[~SwitchE-10GE1/0/1] shutdown[~SwitchE-10GE1/0/1] quit

# Run the display isis route command on SwitchA. You can see that the route to networksegment 20.1.1.0/24 is withdrawn.

<SwitchA> display isis route Route information for ISIS(1) ----------------------------- ISIS(1) Level-1 Forwarding Table -------------------------------- IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags ------------------------------------------------------------------------------- 192.168.1.0/24 10 NULL 10GE1/0/2 Direct D/-/L/- 10.1.1.0/24 10 NULL Vlanif18 Direct D/-/L/- 10.1.1.10/32 10 NULL Vlanif18 Direct D/-/L/- Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut, U-Up/Down Bit Set

# Run the display vrrp command on SwitchA and SwitchB. You can see that SwitchA is inBackup state, SwitchB is in Master state, and the associated route is reachable.

<SwitchA> display vrrp verbose 10GE1/0/1 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.10 Master IP : 10.1.1.2 PriorityRun : 80 PriorityConfig : 120 MasterPriority : 100 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track IP route : 20.1.1.0/24 Priority reduced : 40 IP route state : Unreachable



109

Create time : 2012-05-29 21:25:47 Last change time : 2012-05-29 21:25:51 <SwitchB> display vrrp verbose 10GE1/0/1 | Virtual Router 1 State : Master Virtual IP : 10.1.1.10 Master IP : 10.1.1.2 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 100 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-29 21:25:47 Last change time : 2012-05-29 21:25:51

# Run the undo shutdown command on GE1/0/0 of SwitchE.

[~SwitchE] interface 10ge 1/0/1[~SwitchE-10GE1/0/1] undo shutdown[~SwitchE-10GE1/0/1] quit

# After 20s, run the display vrrp command on SwitchA and SwitchB. You can see thatSwitchA restores to be the master, SwitchB restores to be the backup, and the associated routeis reachable.

<SwitchA> display vrrp verbose 10GE1/0/1 | Virtual Router 1 State : Master Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track IP route : 20.1.1.0/24 Priority reduced : 40 IP route state : Reachable Create time : 2012-05-29 21:27:47 Last change time : 2012-05-29 21:27:51 <SwitchB> display vrrp verbose 10GE1/0/1 | Virtual Router 1 State : Backup Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 PriorityRun : 100 PriorityConfig : 100 MasterPriority : 120 Preempt : YES Delay Time : 0 s Remain : -- TimerRun : 1 s TimerConfig : 1 s Auth Type : NONE Virtual Mac : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Create time : 2012-05-29 21:27:47 Last change time : 2012-05-29 21:27:51

----End



110


#sysname SwitchA#vlan batch 100 300#isis 1 is-level level-1 network-entity 10.0000.0000.0001.00#interface Vlanif100 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.10 vrrp vrid 1 priority 120 vrrp vrid 1 preempt timer delay 20 vrrp vrid 1 track ip route 20.1.1.0 255.255.255.0 reduce 40 isis enable 1#interface Vlanif200 ip address 192.168.1.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 300#return

l Configuration file of SwitchB#sysname SwitchB#vlan batch 100 200#isis 1 is-level level-1 network-entity 20.0000.0000.0001.00#interface Vlanif100 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.10#interface Vlanif200 ip address 192.168.2.1 255.255.255.0#interface 10GE1/0/1 port link-type trunk port trunk pvid vlan 100 undo port trunk allow-pass vlan 1 port trunk allow-pass vlan 100#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 200#return

l Configuration file of SwitchC#sysname SwitchC#



111

vlan batch 300 500#isis 1 network-entity 10.0000.0000.0002.00#interface Vlanif300 ip address 192.168.1.2 255.255.255.0 isis enable 1#interface Vlanif500 ip address 20.1.1.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 300#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 500#return

l Configuration file of SwitchD#sysname SwitchD#vlan batch 200 400#isis 1 network-entity 20.0000.0000.0002.00#interface Vlanif200 ip address 192.168.1.2 255.255.255.0 isis enable 1#interface Vlanif400 ip address 30.1.1.1 255.255.255.0 isis enable 1#interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 200#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 400#return

l Configuration file of SwitchE#sysname SwitchE#vlan batch 400 500#isis 1 network-entity 10.0000.0000.0003.00#isis 2 network-entity 20.0000.0000.0003.00#interface Vlanif400 ip address 30.1.1.2 255.255.255.0 isis enable 2#interface Vlanif500 ip address 20.1.1.2 255.255.255.0 isis enable 1#



112

interface 10GE1/0/1 port link-type trunk port trunk allow-pass vlan 500#interface 10GE1/0/2 port link-type trunk port trunk allow-pass vlan 400#return

3.8.9 Example for Configuring Association Between a VRRP Groupand a Direct Route


As shown in Figure 3-15, the VRRP group consisting of NPE1 and NPE2 functions as thegateway and uplink traffic is sent to the master device NPE1. OSPF runs between NPE1, NPE2,and NPE3 to ensure connectivity. The path that downlink traffic passes is determined by OSPFroute selection. On NPE3, there are two equal-cost OSPF routes to network segment 10.1.1.0/24,so downlink traffic may be load balanced. In this case, uplink and downlink traffic are transmittedalong different paths, so data is blocked by the firewall. It is required that uplink and downlinktraffic be transmitted along the same path so that data can pass the firewall.

Figure 3-15 Association between a VRRP group and a direct route

NPE1(Master)

NPE2(Backup)

NPE3

User NetworkIP/MPLS Network

UPE

10GE1/0/210.1.1.1/24Vlanif100

10GE1/0/110.1.3.1/24Vlanif300

10GE1/0/210.1.1.2/24Vlanif100

10GE1/0/110.1.2.1/24Vlanif200

10GE1/0/210.1.3.2/24Vlanif300

10GE1/0/110.1.2.2/24Vlanif200

VRRP

10GE1/0/2

10GE1/0/1

FirewallA

FirewallB



l Configure a VRRP group on NPE1 and NPE2 to improve link reliability.l Configure OSPF on NPE1, NPE2, and NPE3 to ensure connectivity at the network layer.



113

l Configure association between a direct route and a VRRP group on NPE1 and NPE2.l Configure OSPF to import direct routes and retain the cost of the imported route on NPE1

and NPE2 so that VRRP can be associated with direct routes.

Procedure

Step 1 Assign an IP address to each interface. For details, see configuration files.


# Create VLAN 100 on the UPE, and add 10GE1/0/1 and 10GE1/0/2 to VLAN 10 so that VRRPpackets from NPE1 and NPE2 can be transparently transmitted.

<UPE> system-view[~UPE] vlan 100[~UPE-vlan100] port 10ge 1/0/1[~UPE-vlan100] port 10ge 1/0/2[~UPE-vlan100] commit[~UPE-vlan100] quit

# Create VRRP group 1 on NPE1 and set the priority of NPE1 in the group to 120 so that NPE1functions as the master.

<NPE1> system-view[~NPE1] interface vlanif 100[~NPE1-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~NPE1-Vlanif100] vrrp vrid 1 priority 120[~NPE1-Vlanif100] commit[~NPE1-Vlanif100] quit

# Create VRRP group 1 on NPE2 and set the priority of NPE2 to 100 so that NPE2 functions asthe backup.

<NPE2> system-view[~NPE2] interface vlanif 100[~NPE2-Vlanif100] vrrp vrid 1 virtual-ip 10.1.1.111[~NPE2-Vlanif100] commit[~NPE2-Vlanif100] quit

Step 3 Configure OSPF.

# Configure OSPF on NPE1.

[~NPE1] ospf 1[~NPE1-ospf-1] area 0[~NPE1-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255[~NPE1-ospf-1-area-0.0.0.0] commit[~NPE1-ospf-1-area-0.0.0.0] quit[~NPE1-ospf-1] quit


[~NPE2] ospf 1[~NPE2-ospf-1] area 0[~NPE2-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255[~NPE2-ospf-1-area-0.0.0.0] commit[~NPE2-ospf-1-area-0.0.0.0] quit[~NPE2-ospf-1] quit


<NPE3> system-view[~NPE3] ospf 1[~NPE3-ospf-1] area 0[~NPE3-ospf-1-area-0.0.0.0] network 10.1.2.0 0.0.0.255[~NPE3-ospf-1-area-0.0.0.0] network 10.1.3.0 0.0.0.255



114

[~NPE3-ospf-1-area-0.0.0.0] commit[~NPE3-ospf-1-area-0.0.0.0] quit[~NPE3-ospf-1] quit

Step 4 Configure association between a direct route and a VRRP group.

# Configure NPE1.

[~NPE1] interface vlanif 100[~NPE1-Vlanif100] direct-route track vrrp vrid 1 degrade-cost 300[~NPE1-Vlanif100] commit[~NPE1-Vlanif100] quit

# Configure NPE2.

[~NPE2] interface vlanif 100[~NPE2-Vlanif100] direct-route track vrrp vrid 1 degrade-cost 300[~NPE2-Vlanif100] commit[~NPE2-Vlanif100] quit

Step 5 Configure OSPF to import direct routes.

# Configure NPE1.

[~NPE1] ospf 1[~NPE1-ospf-1] import-route direct[~NPE1-ospf-1] default cost inherit-metric[~NPE1-ospf-1] commit[~NPE1-ospf-1] quit

# Configure NPE2.

[~NPE2] ospf 1[~NPE2-ospf-1] import-route direct[~NPE2-ospf-1] default cost inherit-metric[~NPE2-ospf-1] commit[~NPE2-ospf-1] quit


# Run the display ip routing-table command on NPE2 to view the IP routing table. You cansee that the cost of the direct route on the network segment where the VRRP-enabled interfaceis located is 300.

<NPE2> display ip routing-tableRoute Flags: R - relay, D - download for forwarding------------------------------------------------------------------------------Routing Table : _public_ Destinations : 12 Routes : 12


10.1.1.0/24 Direct 0 300 D 10.1.1.2 Vlanif100 10.1.1.2/32 Direct 0 0 D 127.0.0.1 Vlanif100 10.1.1.111/32 O_ASE 150 0 D 10.1.2.2 Vlanif200 10.1.1.255/32 Direct 0 0 D 127.0.0.1 Vlanif100 10.1.2.0/24 Direct 0 0 D 10.1.2.1 Vlanif200 10.1.2.1/32 Direct 0 0 D 127.0.0.1 Vlanif200 10.1.2.255/32 Direct 0 0 D 127.0.0.1 Vlanif200 10.1.3.0/24 OSPF 10 2 D 10.1.2.2 Vlanif200 127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0 127.0.0.1/32 Direct 0 0 D 127.0.0.1 InLoopBack0127.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0255.255.255.255/32 Direct 0 0 D 127.0.0.1 InLoopBack0

# Run the display ip routing-table 10.1.1.0 command on NPE3 to view the route to the usernetwork segment. You can see that NPE3 sends downlink traffic through the route with the nexthop 10.1.3.1.



115

<NPE3> display ip routing-table 10.1.1.0Route Flags: R - relay, D - download for forwarding------------------------------------------------------------------------------Routing Table : _public_Summary Count : 1


10.1.1.0/24 O_ASE 150 0 D 10.1.3.1 Vlanif300

----End

Configuration Filesl Configuration file of the UPE

#sysname UPE#vlan batch 100# interface 10GE1/0/1 port default vlan 100# interface 10GE1/0/2 port default vlan 100#return

l Configuration file of NPE1#sysname NPE1#vlan batch 100 300#interface Vlanif100 ip address 10.1.1.1 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 vrrp vrid 1 priority 120 direct-route track vrrp vrid 1 degrade-cost 300#interface Vlanif300 ip address 10.1.3.1 255.255.255.0#interface 10GE1/0/1 port default vlan 300#interface 10GE1/0/2 port default vlan 100# ospf 1 default cost inherit-metric import-route direct area 0.0.0.0 network 10.1.3.0 0.0.0.255#return

l Configuration file of NPE2#sysname NPE2#vlan batch 100 200#interface Vlanif100 ip address 10.1.1.2 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.111 direct-route track vrrp vrid 1 degrade-cost 300#



116

interface Vlanif200 ip address 10.1.2.1 255.255.255.0#interface 10GE1/0/1 port default vlan 200#interface 10GE1/0/2 port default vlan 100# ospf 1 default cost inherit-metric import-route direct area 0.0.0.0 network 10.1.2.0 0.0.0.255#return

l Configuration file of NPE3#sysname NPE3#vlan batch 200 300#interface Vlanif200 ip address 10.1.2.2 255.255.255.0# interface Vlanif300 ip address 10.1.3.2 255.255.255.0#interface 10GE1/0/1 port default vlan 200#interface 10GE1/0/2 port default vlan 300# ospf 1 area 0.0.0.0 network 10.1.2.0 0.0.0.255 network 10.1.3.0 0.0.0.255#return

3.9 Common Configuration ErrorsThis section describes common faults caused by incorrect VRRP configurations and providesthe troubleshooting procedure.

3.9.1 Multiple Masters Coexist in a VRRP Group

Fault Description

Multiple masters exist in a VRRP group.

Procedure

Step 1 Ping masters to check network connectivity between masters.

l If the ping operation fails, check whether the network connection is correct.

l If the ping operation is successful and the TTL value of the ping packet is 255, go to step 2.



117

Step 2 Run the display vrrp virtual-router-id command in any view to check whether the master usesthe same virtual IP address, interval at which VRRP Advertisement packets are sent,authentication mode, and authentication key.l If the configured virtual IP addresses are different, run the vrrp vrid virtual-router-id

virtual-ip virtual-address command to set the same virtual IP address.l If the intervals are different, run the vrrp vrid virtual-router-id timer advertise advertise-

interval command to set the same interval.l If the authentication modes and authentication keys are different, run the vrrp vrid virtual-

router-id authentication-mode { simple { key | plain key | cipher cipher-key } | md5 md5-key } command to set the same authentication mode and authentication key.

----End

3.9.2 VRRP Group Status Changes Frequently

Fault DescriptionThe VRRP group status changes frequently.

Procedure

Step 1 Run the display vrrp virtual-router-id command in any view to check whether the VRRP groupis associated with an interface, a BFD session, or an NQA test instance.l If the VRRP group is associated with the interface, BFD session, or NQA test instance,

flapping of the interface, BFD session, or NQA test instancecauses VRRP group statusflapping. Rectify the fault on the associated module.

l If association is not configured, go to step 2.

Step 2 Run the display vrrp virtual-router-id command in any view to check the preemption delay ofthe VRRP group.l If the preemption delay is 0, run the vrrp vrid virtual-router-id preempt timer delay delay-

value command in the view of the interface where the VRRP group is configured to set thenon-0 preemption delay.

l If the preemption is not 0, go to step 3.

Step 3 Run the vrrp vrid virtual-router-id timer advertise advertise-interval command in the view ofthe interface where the VRRP group is configured to set a larger interval at which VRRPAdvertisement packets are sent, or run the vrrp vrid virtual-router-id preempt timer delaydelay-value command to set a larger preemption delay.

----End



118

CloudEngine 12800 V100R001C00 Configuration Guide - Reliability 03

Documents

Transcript of CloudEngine 12800 V100R001C00 Configuration Guide - Reliability 03