11-high availability configuration guide-vrrp configuration[1]

7/30/2019 11-High Availability Configuration Guide-VRRP Configuration[1]

1/54

i

Table of Contents

1 VRRP Configuration1-1

VRRP Overview 1-1VRRP Standard Protocol Mode 1-2

Introduction to VRRP Group1-2VRRP Timers1-4Packet Format 1-4Principles of VRRP1-6VRRP Tracking1-6VRRP Application (Taking IPv4-Based VRRP for Example)1-7

VRRP Load Balancing Mode 1-8Overview1-8Allocating Virtual MAC Addresses1-9Virtual Forwarder1-10Packet Types1-11

Configuring VRRP for IPv4 1-12VRRP for IPv4 Configuration Task List 1-12Configuring the Association Between Virtual IP Address and MAC Address 1-12Configuring VRRP Working Mode1-13Creating VRRP Group and Configuring Virtual IP Address 1-14Configuring Router Priority, Preemptive Mode and Tracking Function1-15Configuring VF Tracking1-16Configuring VRRP Packet Attributes1-17Enabling the Trap Function of VRRP1-18Displaying and Maintaining VRRP for IPv41-18

Configuring VRRP for IPv6 1-19VRRP for IPv6 Configuration Task List 1-19Configuring the Association Between Virtual IPv6 Address and MAC Address 1-19Creating VRRP Group and Configuring Virtual IPv6 Address1-20Configuring Router Priority, Preemptive Mode and Tracking Function1-21Configuring VF Tracking1-22Configuring VRRP Packet Attributes1-23Displaying and Maintaining VRRP for IPv61-24

IPv4-Based VRRP Configuration Examples1-24Single VRRP Group Configuration Example1-24VRRP Interface Tracking Configuration Example1-27Multiple VRRP Group Configuration Example 1-29VRRP Load Balancing Mode Configuration Example 1-32

IPv6-Based VRRP Configuration Examples1-37Single VRRP Group Configuration Example1-37VRRP Interface Tracking Configuration Example1-40Multiple VRRP Group Configuration Example 1-43


2/54

ii

VRRP Load Balancing Mode Configuration Example 1-47Troubleshooting VRRP 1-51


3/54

1-1

1 VRRP ConfigurationThis chapter includes these sections:

z VRRP Overview

z VRRP Standard Protocol Mode

z VRRP Load Balancing Mode

z Configuring VRRP for IPv4

z Configuring VRRP for IPv6

z IPv4-Based VRRP Configuration Examples

z IPv6-Based VRRP Configuration Examples

z Troubleshooting VRRP

z The switch operates in IRF or standalone (the default) mode. For more information about the IRF

mode, see IRFin the IRF Configuration Guide.

z The term routerin this document refers to both routers and Layer 3 switches.

z At present, the interfaces that VRRP involves can only be VLAN interfaces unless otherwise

specified.

VRRP Overview

Normally, as shown in Figure 1-1, you can configure a default route with the gateway as the next hop for

every host on a network segment. All packets destined to other network segments are sent over the

default route to the gateway and then be forwarded by the gateway. However, when the gateway fails,

all the hosts using the gateway as the default next-hop router fail to communicate with the external

network.


4/54

1-2

Figure 1-1 LAN networking

Gateway

Network

Host A

Host B

Host C

Configuring a default route for network hosts facilitates your configuration, but also requires high

performance stability of the switch acting as the gateway. Using more egress gateways is a common

way to improve system reliability, introducing the problem of routing among the multiple egresses.

Virtual Router Redundancy Protocol (VRRP) is designed to address this problem. VRRP adds a group

of routers that can act as network gateways to a VRRP group, which forms a virtual router. Routers in

the VRRP group elect a master through the VRRP election mechanism to take the responsibility of a

gateway, and hosts on a LAN only need to configure the virtual router as their default network gateway.

VRRP is an error-tolerant protocol, which improves the network reliability and simplifies configurations

on hosts. Deploying VRRP on multicast and broadcast LANs such as Ethernet, you can ensure that thesystem can still provide highly reliable default links without changing configurations (such as dynamic

routing protocols, route discovery protocols) when a switch fails, and prevent network interruption due

to failure of a single link.

VRRP works in one of the following two modes:

z Standard protocol mode: Includes two versions based on RFC: VRRPv2 and VRRPv3. VRRPv2 is

based on IPv4, and VRRPv3 is based on IPv6. The two versions implement the same functions but

are applied in different network environments. For more information, see VRRP Standard Protocol

Mode.

z Load balancing mode: Extends the standard protocol mode and realizes load balancing. For more

information, see VRRP Load Balancing Mode.

VRRP Standard Protocol Mode

Introduction to VRRP Group

VRRP combines a group of routers (including a master and multiple backups) on a LAN into a virtual

router called VRRP group.

A VRRP group has the following features:

z A virtual router has an IP address, which is a virtual IP address. A host on the LAN only needs to

know the IP address of the virtual router and uses the IP address as the next hop of the default

route.


5/54

1-3

z Every host on the LAN communicates with external networks through the virtual router.

z Routers in the VRRP group elect the master acting as the gateway according to their priorities. The

other routers function as the backups. When the master fails, to ensure that the hosts in the

network segment can communicate with the external networks uninterruptedly, the backups in the

VRRP group elect a new gateway to undertake the responsibility of the failed master.

Figure 1-2 Network diagram for VRRP

Host A

Host B

Host C

Router A

Router B

Router C

Virtual router

Network

As shown in Figure 1-2, Router A, Router B, and Router C form a virtual router, which has its own IP

address. Hosts on the Ethernet use the virtual router as the default gateway.

The router with the highest priority of the three routers is elected as the master to act as the gateway,

and the other two are backups.

z The IP address of the virtual router can be either an unused IP address on the segment where the

VRRP group resides or the IP address of an interface on a router in the VRRP group. In the latter

case, the router is called the IP address owner.

z In a VRRP group, you can configure only one IP address owner.

z Status of a router in a VRRP group includes master, backup, and initialize.

VRRP priority

VRRP determines the role (master or backup) of each router in the VRRP group by priority. A router with

a higher priority has more opportunity to become the master.

VRRP priority is in the range of 0 to 255. The greater the number, the higher the priority. Priorities 1 to

254 are configurable. Priority 0 is reserved for special uses and priority 255 for the IP address owner.

When a router acts as the IP address owner, its running priority is always 255. That is, the IP address

owner in a VRRP group acts as the master as long as it works properly.

Working mode

A router in a VRRP group works in one of the following two modes:

z Non-preemptive mode


6/54

1-4

When a router in the VRRP group becomes the master, it stays as the master as long as it operates

normally, even if a backup is assigned a higher priority later.

z Preemptive mode

When a backup finds its priority higher than that of the master, the backup sends VRRP advertisements

to start a new master election in the VRRP group and becomes the master. Accordingly, the original

master becomes a backup.

Authentication mode

To avoid being attacked by unauthorized users, VRRP authenticates the received packets by adding

authentication keys into the packets. VRRP provides two authentication modes:

z simple: Simple text authentication

A router sending a packet fills an authentication key into the packet, and the router receiving the packet

compares its local authentication key with that of the received packet. If the two authentication keys are

the same, the received VRRP packet is considered real and valid; otherwise, the received packet is

considered invalid.

z md5: MD5 authentication

The router encrypts a packet to be sent using the authentication key and MD5 algorithm and saves the

encrypted packet in the authentication header. The router receiving the packet uses the authentication

key to decrypt the packet and checks the validity of the packet.

On a secure network, you do not need to set the authentication mode.

VRRP Timers

VRRP timers include VRRP advertisement interval timer and VRRP preemption delay timer.

VRRP advertisement interval timerThe master in a VRRP group sends VRRP advertisements periodically to inform the other routers in the

VRRP group that it operates properly.

You can adjust the interval for sending VRRP advertisements by setting the VRRP advertisement

interval timer. If a backup receives no advertisements in a period three times the interval, the backup

regards itself as the master and sends VRRP advertisements to start a new master election.

VRRP preemption delay timer

To prevent members in a VRRP group from changing their states frequently and make backups have

enough time to collect information (such as routing information), each backup waits for a period of time

(the preemption delay time) after it receives an advertisement with the priority lower than the local

priority, then sends VRRP advertisements to start a new master election in the VRRP group and finally

becomes the master.

Packet Format

The master multicasts VRRP packets periodically to declare its existence. VRRP packets are also used

for checking the parameters of the virtual router and electing the master.

Figure 1-3 shows the format of a VRRPv2 packet and Figure 1-4 shows the format of a VRRPv3 packet.


7/54

1-5

Figure 1-3 Format of a VRRPv2 packet

..

.

Figure 1-4 Format of a VRRPv3 packet

Version Type Virtual Rtr ID Priority Count IPv6 Addrs

Auth Type Adver Int Checksum

IPv6 address 1

Authentication data 1

Authentication data 2

IPv6 address n

0 7 15 23 313

A VRRP packet consists of the following fields:

z Version: Version number of the protocol, 2 for VRRPv2 and 3 for VRRPv3.

z Type: Type of the VRRPv2 or VRRPv3 packet. Only one VRRP packet type is present, that is,

VRRP advertisement, which is represented by 1.

z Virtual Rtr ID (VRID): Serial number of the virtual router, that is, serial number of the VRRP group.

It ranges from 1 to 255.

z Priority: Priority of the router in the VRRP group, in the range 0 to 255. A greater value represents

a higher priority.

z Count IP Addrs/Count IPv6 Addrs: Number of virtual IPv4 or IPv6 addresses for the VRRP group. A

VRRP group can have multiple virtual IPv4 or IPv6 addresses.

z Auth Type: Authentication type. 0 means no authentication, 1 means simple text authentication,

and 2 means MD5 authentication. VRRPv3 does not support MD5 authentication.z Adver Int: Interval for sending advertisement packets. For VRRPv2, the interval is in seconds and

defaults to 1; for VRRPv3, the interval is in centiseconds and defaults to 100.


8/54

1-6

z Checksum: 16-bit checksum for validating the data in VRRP packets.

z IP Address/IPv6 Address: Virtual IPv4 or IPv6 address entry of the VRRP group. The Count IP

Addrs or Count IPv6 Addrs field defines the number of the virtual IP v4 or IPv6 addresses.

z Authentication Data: Authentication key. Currently, this field is used only for simple authentication

and is 0 for any other authentication modes.

Principles of VRRP

z With VRRP enabled, the routers decide their respective roles in the VRRP group by priority. The

router with the highest priority becomes the master, and the others are the backups. The master

sends VRRP advertisements periodically to notify the backups that it is working properly, and each

of the backups starts a timer to wait for advertisements from the master.

z In preemptive mode, when a backup receives a VRRP advertisement, it compares the priority in

the packet with that of its own. If the priority of the backup is higher, the backup becomes the

master; otherwise, it remains a backup.

z In non-preemptive mode, the router in the VRRP group remains as a master or backup as long as

the master does not fail. The backup does not become the master even if the backup is configured

with a higher priority.

z If the timer of a backup expires but the backup still does not receive any VRRP advertisement, it

considers that the master fails. In this case, the backup considers itself as the master and sends

VRRP advertisements to start a new master election.

VRRP Tracking

Tracking a specified interface

The interface tracking function expands the backup functionality of VRRP. It provides backup not only

when the interface to which a VRRP group is assigned fails but also when other interfaces (such as

uplink interfaces) on the router become unavailable.

If the uplink interface of a router in a VRRP group fails, normally the VRRP group cannot be aware of the

uplink failure. If the router is the master of the VRRP group, hosts on the LAN are not able to access the

external network because of the uplink failure. You can solve the problem through the function of

tracking a specified interface. In this case, it is the uplink interface. After you configure to monitor the

uplink interface, when the uplink interface goes down, the priority of the master is automatically

decreased by a specified value and a higher priority router in the VRRP group becomes the master.

Tracking a track entry

By monitoring a track entry, you can:

z Monitor an uplink and modify the priority of the router according to the state of the uplink. If there is

a fault on the uplink, hosts in the LAN cannot access the external network through the router. In this

case, the state of the monitored track entry changes to negative and the priority of the router

decreases by a specified value. After that, a higher priority router in the VRRP group becomes the

master to maintain the proper communication between the hosts in the LAN and the external

network.

z Monitor the master on a backup. If there is a fault on the master, the backup working in the mode

switches to the master immediately to maintain normal communication.


9/54

1-7

For more information about the track entry, see Trackin the High Availability Configuration Guide.

VRRP Application (Taking IPv4-Based VRRP for Example)

Master/backup

In master/backup mode, only one router, the master, forwards packets. When the master fails, a new

master is elected from the original backups. This mode requires only one VRRP group, in which each

router holds a different priority and the one with the highest priority becomes the master, as shown in

Figure 1-5.

Figure 1-5 VRRP in master/backup mode

At the beginning, Router A is the master and therefore can forward packets to external networks,

whereas Router B and Router C are backups and are thus in the state of listening. If Router A fails,

Router B and Router C elect for a new master. The new master takes over the forwarding task to

provide services to hosts on the LAN.

Load sharing

You can create more than one VRRP group on an interface of a router, and allow the router to be the

master of one VRRP group but a backup of another at the same time.

In load sharing mode, multiple routers provide services at the same time. This mode requires two or

more VRRP groups, each of which includes a master and one or more backups. The masters of the

VRRP groups are assumed by different routers, as shown in Figure 1-6.


10/54

1-8

Figure 1-6 VRRP in load sharing mode

Host A

Host B

Host C

Router A

Backup

Router BBackup

Router CMaster

VRRP group 2 VRRP group 3VRRP group 1

Master

Backup

Backup Backup

Master

Backup

Network

A router can be in multiple VRRP groups and hold a different priority in different group.

In Figure 1-6, three VRRP groups are present:

z VRRP group 1: Router A is the master; Router B and Router C are the backups.

z VRRP group 2: Router B is the master; Router A and Router C are the backups.

z VRRP group 3: Router C is the master; Router A and Router B are the backups.

For load sharing among Router A, Router B, and Router C, hosts on the LAN need to be configured to

use VRRP group 1, 2, and 3 as the default gateways respectively. When configuring VRRP priorities,

make sure that each router holds such a priority in each VRRP group that it will take the expected role in

the group.

VRRP Load Balancing Mode

Overview

When VRRP works in the standard protocol mode, only the master can forward packets and the

backups are in the state of listening. Although you can create multiple VRRP groups to implement loadsharing among multiple routers, hosts on the LAN need to be configured with different gateways, thus

making the configuration complicated.

When VRRP works in the load balancing mode, namely, besides virtual gateway redundancy, VRRP

realizes load balancing. The working principle is as follows: associate a virtual IP address with multiple

virtual MAC addresses to make each router in a VRRP group correspond to a virtual MAC address. In

this way, each router in this VRRP group can forward packets. In the load balancing mode, you need to

create only one VRRP group to realize load balancing among multiple routers, thus avoiding that the

backups are always in the idle state and the network resources are not fully utilized.


11/54

1-9

z The VRRP load balancing mode is based on the VRRP standard protocol mode, so mechanisms,

such as master election, preemption, and tracking functions, in the standard protocol mode are

also supported in the load balancing mode. Besides, VRRP load balancing mode has some new

mechanisms, which are introduced in the following parts.

z To configure the VRRP load balancing function in IRF mode, you must configure the bridge MAC

address to be permanently preserved (default setting). For more information about IRF mode, see

IRFin the IRF Configuration Guide.

Allocating Virtual MAC Addresses

When VRRP works in the load balancing mode, the master allocates virtual MAC addresses to routers

in the VRRP group and replies the ARP requests (for the IPv4 network) or ND requests (for the IPv6

network) from different hosts by allocating different virtual MAC addresses to the hosts according to a

load balancing algorithm. The backup routers, however, do not reply the ARP requests (for the IPv4

network) or ND requests (for the IPv6 network) from the hosts.

Figure 1-7 Allocating virtual MAC addresses

As shown in Figure 1-7, the virtual IP address of the VRRP group is 10.1.1.1/24; Router A is the master;

Router B and Router C are the backups. Router A allocates different virtual MAC addresses to Routers

A, B and C.


12/54

1-10

Host A, Host B, and Host C send ARP requests to obtain the MAC address corresponding to the

gateway with the virtual IP address 10.1.1.1. The master (Router A) replies ARP requests of the hosts

with different virtual MAC addresses based on the load balancing algorithm.

z The MAC address obtained by Host A is the virtual MAC address of Router A, that is, Host A takes

the virtual MAC address of Router A as the MAC address of the gateway, and thus to ensure that

the packets from Host A are forwarded by Router A.

z The MAC address obtained by Host B is the virtual MAC address of Router B, and thus to ensure

that the packets from Host B are forwarded by Router B.

z The MAC address obtained by Host C is the virtual MAC address of Router C, and thus to ensure

that the packets from Host C are forwarded by Router C.

Virtual Forwarder

When working in the load balancing mode, VRRP uses VFs to realize load balancing. Each VF

associates with a virtual MAC address of the VRRP group and forwards packets destined to this virtual

MAC address.

The master allocates virtual MAC addresses to all routers (including the master and the backups) in the

VRRP group. After obtaining its virtual MAC address, a router in the VRRP group will create a VF

corresponding to this MAC address, and then the router becomes the owner of this VF.

VF weight and priority

The weight of a VF indicates the forwarding capability of a routers: the higher the weight, the higher the

forwarding capability. When the weight is lower than a specified value which is the lower limit of failure,

the routers will not be capable of forwarding packets for the hosts.

The priority of a VF decides the VF state: a VF with the highest priority is in the active state and is known

as the active virtual forwarder (AVF), which forwards packets; other VFs are in the listening state and

are known as the listening virtual forwarders (LVFs), which listen to the state of the AVF. The priority

value of a VF ranges from 0 to 255, where 255 is reserved for the VF owner.

The priority value of a VF is calculated based on its weight.

VF backup

If the weight of the VF owner is no less than the lower limit of failure, the priority of the VF owner is the

highest value 255. Therefore, the VF owner is the AVF and forwards packets destined to the MAC

address of the AVF. After receiving the advertisements sent by the AVF, other routers in the VRRP

group create their own VFs, which are in the listening state. Figure 1-8 illustrates the VF information on

each router in the VRRP group.


13/54

1-11

Figure 1-8 VF information

Host A

Host B

Host C

Router AMaster

Router BBackup

Router CBackup

Virtual IP address:10.1.1.1/24

10.1.1.2/24

10.1.1.3/24

10.1.1.4/24

Network

VFVirtual

MAC address VF priority State

000f-e2ff-0011VF 1 255 AVF

000f-e2ff-0012VF 2 127 LVF

000f-e2ff-0013VF 3 127 LVF

VFVirtual


000f-e2ff-0011VF 1 127 LVF

000f-e2ff-0012VF 2 255 AVF

000f-e2ff-0013VF 3 127 LVF

VFVirtual


000f-e2ff-0011VF 1 127 LVF

000f-e2ff-0012VF 2 127 LVF

000f-e2ff-0013VF 3 255 AVF

LVFs listen to the AVF. When the AVF fails, the LVFs elect a new AVF with the highest priority value

among the LVFs.

A VF always works in the preemption mode. When an LVF finds its priority higher than that in the

advertisement sent by the AVF, the LVF declares itself as the AVF.

VF tracking

The AVF forwards packets destined to the MAC address of the AVF. If the uplink of the AVF fails and no

LVF is notified to take over the AVF's work, hosts (on the LAN) that take the MAC address of the AVF astheir gateway MAC address cannot access the external network.

You can solve this problem through the VF tracking function. You can monitor the uplink state by using

network quality analyzer (NQA) and bidirectional forwarding detection (BFD), and establish the

collaboration between the VF and the NQA or between the VF and the BFD through the tracking

function. When the uplink fails, the state of the monitored track entry changes to negative and the

weight of the VF decreases by a specified value. After that, the VF with a higher priority becomes the

AVF and forwards packets.

Packet Types

VRRP standard protocol mode defines only one type of packet: the VRRP advertisement. Only the

master in a VRRP group sends VRRP advertisements periodically, and the backups do not send VRRP

advertisements.

To realize load balancing, VRRP load balancing mode defines four types of packets:

z Advertisement: VRRP uses the advertisements to notify the VRRP group state on the local router

and the information of the VF that is in the active state. Both the master and the backups send

VRRP advertisements periodically.

z Request: If a backup router is not the VF owner, it sends a request to ask the master for virtual

MAC address.


14/54

1-12

z Reply: After receiving a request, the master sends a reply to the backup router to allocate a virtual

MAC address. Upon receiving the reply, the backup router creates a VF corresponding to the

virtual MAC address, and then the backup router becomes the owner of this VF.

z Release: After a VF owner failed for a specified time, the router that takes over its responsibility will

send a release to notify the other routers in the VRRP group to delete the VF of the failed VF owner.

The format of the above four types of packets is similar to that of the advertisement in the VRRP

standard protocol mode. The difference is that a packet used in the load balancing mode is appended

with option fields, which carry information for load balancing.

Configuring VRRP for IPv4

VRRP for IPv4 Configuration Task List

Complete these tasks to configure VRRP for IPv4:

Task Remarks

Configuring the Association Between Virtual IPAddress and MAC Address

Optional

When VRRP works in the load balancing mode, theassociation between the virtual IP address and the MACaddress cannot be configured.

Configuring VRRP Working Mode Optional

Creating VRRP Group and Configuring Virtual IPAddress

Required

Configuring Router Priority, Preemptive Mode andTracking Function

Optional

Configuring VF Tracking

Optional

The VF tracking function is effective only when VRRPworks in the load balancing mode.

Configuring VRRP Packet Attributes Optional

Enabling the Trap Function of VRRP Optional

Configuring the Association Between Virtual IP Address and MAC Address

After the virtual IP address of a VRRP group is associated with a MAC address, the master takes the

configured MAC address as the source MAC address of the packets to be sent, so that the hosts in the

internal network can learn the association between the IP address and the MAC address and thus

forward the packets to be forwarded to the other network segments to the master.

There are two types of association between virtual IP address and MAC address:

z

Virtual IP address is associated with virtual router MAC addressBy default, a MAC address is created for a VRRP group after the VRRP group is created, and the virtual

IP address is associated with the virtual MAC address. With such association adopted, the hosts in the


15/54

1-13

internal network do not need to update the association between IP address and MAC address when the

master changes.

z Virtual IP address is associated with real MAC address of the interface

If an IP address owner exists in a VRRP group and you associate the virtual IP address with the virtual

MAC address, two MAC addresses are associated with an IP address. In this case, you can associate

the virtual IP address of the VRRP group with the real MAC address, so that the packets from a host are

forwarded to the IP address owner according the real MAC address.

Follow these steps to configure the association between MAC address and virtual IP address:

To do Use the command Remarks

Enter system view system-view

Configure the association betweenvirtual IP address and MACaddress

vrrp method { real-mac |virtual-mac }

Optional

The virtual MAC address isassociated with the virtual IPaddress by default.

z When VRRP works in the load balancing mode, the association between the virtual IP address and

the MAC address cannot be configured. In this mode, the virtual IP address is always associated

with the virtual MAC address.

z You should configure this function before creating a VRRP group. Otherwise, you cannot modify

the mapping between the virtual IP address and the MAC address.

Configuring VRRP Working Mode

VRRP works in one of the following two modes:

z Standard protocol mode: In a VRRP group, only the master forwards packets.

z Load balancing mode: In a VRRP group, all switches (master and backups) that have AVF can

forward packets to realize load balancing.

After you configure the working mode of a VRRP group, all switches in the VRRP group work in the

same mode.

Follow these steps to configure the VRRP working mode:



Configure VRRP to work in thestandard protocol mode

undo vrrp mode

Optional

By default, VRRP works in thestandard protocol mode.

Configure VRRP to work in theload balancing mode

vrrp mode load-balance

Optional

By default, VRRP works in thestandard protocol mode.


16/54

1-14

Creating VRRP Group and Configuring Virtual IP Address

You need to configure a virtual IP address for a VRRP group when creating the VRRP group on an

interface. If the interface connects to multiple sub-networks, you can configure multiple virtual IP

addresses for the VRRP group to realize router backup on different sub-networks.

A VRRP group is created automatically when you specify the first virtual IP address for the VRRP group.If you specify another virtual IP address for the VRRP group later, the virtual IP address is added to the

virtual IP address list of the VRRP group.

It is not recommended to create VRRP groups on the VLAN interface of a super VLAN. Otherwise,

network performance may be affected.

Configuration prerequisites

Before creating a VRRP group and configuring a virtual IP address on an interface, you should first

configure an IP address for the interface and ensure that the virtual IP address to be configured is in the

same network segment as the IP address of the interface.

Configuration procedure

Follow these steps to create VRRP group and configure virtual IP address:



Enter the specified interface viewinterface interface-typeinterface-number

Create VRRP group and configurevirtual IP address of the VRRPgroup

vrrp vridvirtual-router-idvirtual-ip virtual-address

Required

VRRP group is not created bydefault.


17/54

1-15

z When VRRP works in the load balancing mode, the virtual IP address cannot be the same with IP

address of any interface in the VRRP group, that is, in the load balancing mode, the VRRP group

does not have an IP address owner.

z Up to 16 VRRP groups can be created on an interface and up to 16 virtual IP addresses can be

assigned to a VRRP group.

z A VRRP group is removed after you remove all the virtual IP addresses in it. In addition,

configurations on that VRRP group no longer take effect.

z The virtual IP address of the virtual router can be either an unused IP address on the segment

where the VRRP group resides or the IP address of an interface on a router in the VRRP group. In

the latter case, the router is called the IP address owner.

z Removal of the VRRP group on the IP address owner will cause IP address collision. In such a

case, it is recommended to modify the IP address of the interface on the IP address owner to

resolve the collision.

z The virtual IP address of the VRRP group cannot be 0.0.0.0, 255.255.255.255, loopback

addresses, non class A/B/C addresses or other illegal IP addresses such as 0.0.0.1.

z Only when the configured virtual IP address and the interface IP address belong to the same

segment and are legal host addresses can the VRRP group operate normally. If the configured

virtual IP address and the interface IP address do not belong to the same network segment, or the

configured IP address is the network address or network broadcast address of the network

segment that the interface IP address belongs to, the state of the VRRP group is always initialize

though you can perform the configuration successfully, that is, VRRP does not take effect in this

case.

Configuring Router Priority, Preemptive Mode and Tracking Function


Before you configure these features, you should first create a VRRP group on the interface and

configure a virtual IP address for it.


By configuring router priority, preemptive mode, interface tracking, or a track entry, you can decide

which router in the VRRP group serves as the master.

Follow these steps to configure router priority, preemptive mode and the track entry tracking function:



Enter interface viewinterface interface-typeinterface-number

Configure router priority in theVRRP group

vrrp vrid virtual-router-idprioritypriority-value

Optional

100 by default.


18/54

1-16


Configure the router in the VRRPgroup to work in preemptive modeand configure preemption delay

vrrp vrid virtual-router-idpreempt-mode [ timer delaydelay-value]

Optional

The router in the VRRP groupworks in preemptive mode and thepreemption delay is 0 seconds bydefault.

Configure the interface to betracked

vrrp vrid virtual-router-idtrackinterface interface-typeinterface-number[ reducedpriority-reduced]

Optional

No interface is being tracked bydefault.

Configure VRRP to track aspecified track entry

vrrp vridvirtual-router-idtracktrack-entry-number[ reducedpriority-reduced| switchover ]

Optional

Not configured by default.

z The running priority of an IP address owner is always 255 and you do not need to configure it. An IP

address owner always works in the preemptive mode.

z Do not configure VRRP tracking of an interface or an object on an IP address owner.

z The tracked interface can be a VLAN interface only.

z If the state of the interface under tracking changes from down to up, the priority of the switch

corresponding to the interface is restored automatically.

z If the state of a track entry changes from negative to positive or invalid, the priority of the switch

corresponding to the track entry is restored automatically.



Before configuring the VF tracking function, create a VRRP group and configure a virtual IP address for

it.


VRRP works in the load balancing mode. Suppose that the VF is configured to monitor the track entry.

When the state of the track entry becomes negative, the weight values of all VFs on the routers

decrease by a specified value; when the state of the track entry becomes positive or invalid, the weight

values of all VFs on the routers restore their original values.

Follow these steps to configure VF tracking:




Configure the VF to monitor aspecified track entry

vrrp vridvirtual-router-idweighttracktrack-entry-number

[ reduced weight-reduced]

Required

No track entry is specified by

default.


19/54

1-17

z You can configure the VF tracking function when VRRP works in either the standard protocol mode

or the load balancing mode; however, the VF tracking function is effective only when VRRP works

in the load balancing mode.

z Do not configure VF tracking on an IP address owner.

z By default, the weight of a VF is 255, and its lower limit of failure is 10.

z If the weight of a VF is higher than or equal to the lower limit of failure, the priority of the VF is

always 255 and does not change with the weight value. Therefore, in case of an uplink failure, only

when the weight of the VF owner decreases a properly specified value and becomes lower than the

lower limit of failure, can another VF takes over the VF owner's work and becomes the AVF.

Configuring VRRP Packet Attributes


Before configuring the relevant attributes of VRRP packets, you should first create a VRRP group and

configure a virtual IP address for it.


Follow these steps to configure VRRP packet attributes:



Enter the specified interface view interface interface-typeinterface-number

Configure the authentication modeand authentication key when theVRRP groups send and receiveVRRP packets

vrrp vrid virtual-router-idauthentication-mode { md5 |simple } key

Optional

Authentication is not performed bydefault

Configure the time interval for theMaster in the VRRP group to sendVRRP advertisement

vrrp vrid virtual-router-idtimeradvertiseadver-interval

Optional

1 second by default

Disable TTL check on VRRP

packets vrrp un-check ttl

Optional

Enabled by default

You do not need to create a VRRPgroup before executing thiscommand.


20/54

1-18

z You may configure different authentication modes and authentication keys for the VRRP groups on

an interface. However, the members of the same VRRP group must use the same authentication

mode and authentication key.

z Excessive traffic or different timer setting on routers can cause the Backup timer to time out

abnormally and trigger a change of the state. To solve this problem, you can prolong the time

interval to send VRRP packets.

Enabling the Trap Function of VRRP

After the trap function is enabled for a VRRP module, the VRRP module will generate traps with severity

level errors to report its key events. The generated traps will be sent to the information center of the

switch, where you can configure whether to output the trap information and the output destination. For

the configuration of the information center, see Information Center in the Network Management and

Monitoring Configuration Guide.

Follow these steps to enable the trap function of VRRP:



Enable the trap function of VRRPsnmp-agent trap enable vrrp[ authfailure | newmaster ]

Optional

Enabled by default.

For more information about the snmp-agent trap enable vrrp command, see the snmp-agent trap

enable command in SNMPin the Network Management and Monitoring Command Reference.

Displaying and Maintaining VRRP for IPv4


Display VRRP group statusdisplayvrrp[ verbose ] [ interfaceinterface-type interface-number[ vridvirtual-router-id] ]

Available in any view

Display VRRP group statisticsdisplay vrrpstatistics[ interfaceinterface-type interface-number[ vridvirtual-router-id] ]


Clear VRRP group statisticsreset vrrp statistics [ interfaceinterface-type interface-number[ vridvirtual-router-id]]

Available in user view


21/54

1-19

Configuring VRRP for IPv6

VRRP for IPv6 Configuration Task List

Complete these tasks to configure VRRP for IPv6:

Task Remarks

Configuring the Association Between Virtual IPv6Address and MAC Address

Optional

Configuring VRRP Working Mode Optional

Creating VRRP Group and Configuring Virtual IPv6Address

Required

Configuring Router Priority, Preemptive Mode andTracking Function

Optional


Optional

The VF tracking function is effective only when VRRP

works in the load balancing mode.

Configuring VRRP Packet Attributes Optional

Configuring the Association Between Virtual IPv6 Address and MAC Address

After the virtual IPv6 address of a VRRP group is associated with the MAC address, the master takes

the configured MAC address as the source MAC address of the packets to be sent, so that the hosts in

the internal network can learn the association between the IPv6 address and the MAC address and thus

forward the packets to be forwarded to the other network segments to the master.

There are two types of association between virtual IPv6 address and MAC address:

z Virtual IPv6 address is associated with virtual MAC address

By default, a MAC address is created for a VRRP group after the VRRP group is created, and the virtual

IPv6 address is associated with the virtual MAC address. With such association adopted, the hosts in

the internal network do not need to update the association between IPv6 address and MAC address

when the master changes.

z Virtual IPv6 address is associated with real MAC address of the interface

If an IP address owner exists in a VRRP group and you associate the virtual IPv6 address with the

virtual MAC address, two MAC addresses are associated with an IPv6 address. In this case, you can

associate the virtual IPv6 address of the VRRP group with the real MAC address, so that the packets

from a host is forwarded to the IP address owner according the real MAC address.

Follow these steps to configure the association between MAC address and virtual IPv6 address:



Configure the association betweenvirtual IPv6 address and MACaddress

vrrp ipv6 method { real-mac |virtual-mac }

Optional

The virtual MAC address of theVRRP group is associated with thevirtual IPv6 address by default.


22/54

1-20

z When VRRP works in the load balancing mode, the association between virtual IPv6 address and

the MAC address cannot be configured. In this mode, the virtual IPv6 address is always associated

with the virtual MAC address.

z You should configure this function before creating a VRRP group. Otherwise, you cannot modify

the mapping between the virtual IPv6 address and the MAC address.

Creating VRRP Group and Configuring Virtual IPv6 Address

You need to configure a virtual IPv6 address for a VRRP group when creating the VRRP group. You can

configure multiple virtual IPv6 addresses for a VRRP group.

A VRRP group is created automatically when you specify the first virtual IPv6 address for the VRRP

group. If you specify another virtual IPv6 address for the VRRP group later, the virtual IPv6 address is

added to the virtual IPv6 address list of the VRRP group.

It is not recommended to create VRRP groups on the VLAN interface of a super VLAN. Otherwise,

network performance may be affected.


Before creating a VRRP group and configuring a virtual IPv6 address, you should first configure an IPv6

address of the interface and ensure that the virtual IPv6 address to be configured is in the same network

segment as the IPv6 address of the interface.


Follow these steps to create VRRP group and configure its virtual IPv6 address:



Enter the specifiedinterface view

interface interface-typeinterface-number

Create a VRRPgroup and configureits virtual IPv6address

vrrp ipv6 vridvirtual-router-idvirtual-ip virtual-address[ link-local ]

Required

No VRRP group is created by default.

The first virtual IPv6 address of the VRRP groupmust be a link local address. Only one link localaddress is allowed in a VRRP group, and must beremoved the last.


23/54

1-21

z When VRRP works in the load balancing mode, the virtual IPv6 address cannot be the same with

IPv6 address of any interface in the VRRP group, that is, in the load balancing mode, the VRRP

group does not have an IP address owner.

z Up to 16 VRRP groups can be created on an interface and up to 16 virtual IPv6 addresses can be

assigned to a VRRP group.

z A VRRP group is removed after you remove all the virtual IPv6 addresses in it. In addition,

configurations on that VRRP group no longer take effect.

z Removal of the VRRP group on the IP address owner will cause IP address collision. In such a

case, it is recommended to modify the IPv6 address of the interface on the IP address owner to

resolve the collision.

Configuring Router Priority, Preemptive Mode and Tracking Function


Before configuring these features, you should first create a VRRP group and configure a virtual IPv6

address.


By configuring router priority, preemptive mode, interface tracking, or a track entry, you can decide

which router in the VRRP group serves as the Master.

Follow these steps to configure router priority, preemptive mode and interface tracking:




Configure the priority of the routerin the VRRP group

vrrp ipv6 vrid virtual-router-idprioritypriority-value

Optional

100 by default

Configure the router in the VRRPgroup to work in preemptive modeand configure preemption delay of

the VRRP group

vrrp ipv6 vrid virtual-router-idpreempt-mode [ timer delay

delay-value]

Optional

The router in the VRRP groupworks in preemptive mode and the

preemption delay is zero secondsby default.

Configure the interface to betracked

vrrp ipv6 vrid virtual-router-idtrack interface interface-typeinterface-number[ reducedpriority-reduced]

Optional

No interface is being tracked bydefault.

Configure VRRP to track aspecified track entry

vrrp ipv6 vridvirtual-router-idtracktrack-entry-number[ reducedpriority-reduced|switchover ]

Optional

Not configured by default.


24/54

1-22

z The running priority of an IP address owner is always 255 and you do not need to configure it. An IP

address owner always works in the preemptive mode.

z Interface tracking is not configurable on an IP address owner.

z The tracked interface can be a VLAN interface only.

z If the state of the interface under tracking changes from down to up, the priority of the switch

corresponding to the interface is restored automatically.

z If the state of a track entry changes from negative to positive or invalid, the priority of the router

corresponding to the track entry is restored automatically.



Before configuring the VF tracking function, create a VRRP group and configure a virtual IPv6 address

for it.


VRRP works in load balancing mode. Suppose that the VF is configured to monitor the track entry.

When the state of the track entry becomes negative, the weight values of all VFs on the routers

decrease by a specified value; when the state of the track entry becomes positive or invalid, the weight

values of all VFs on the routers restore their original values.

Follow these steps to configure VF tracking:To do Use the command Remarks



Configure the VF to monitor aspecified track entry

vrrp ipv6 vridvirtual-router-idweighttracktrack-entry-number[ reducedweight-reduced]

Required

No track entry is specified bydefault.


25/54

1-23

z You can configure the VF tracking function when VRRP works in either the standard protocol mode

or the load balancing mode; however, the VF tracking function is effective only when VRRP works

in the load balancing mode.

z Do not configure VF tracking on an IP address owner.

z By default, the weight of a VF is 255, and its lower limit of failure is 10.

z If the weight of a VF owner is higher than or equal to the lower limit of failure, the priority of the VF

owner is always 255 and does not change with the weight value. Therefore, in case of an uplink

failure, only when the weight of the VF owner decreases by a properly specified value and

becomes lower than the lower limit of failure, can another VF take over the VF owner's work and

become the AVF.

Configuring VRRP Packet Attributes


Before configuring the relevant attributes of VRRP packets, you should first create a VRRP group and

configure a virtual IPv6 address.


Follow these steps to configure VRRP packet attributes:




Configure the authentication modeand authentication key when theVRRP groups send or receiveVRRP packets

vrrp ipv6 vrid virtual-router-idauthentication-mode simplekey

Optional

Authentication is not performed bydefault.

Configure the time interval for theMaster in the VRRP group to sendVRRP advertisement

vrrp ipv6 vrid virtual-router-idtimeradvertiseadver-interval

Optional

100 centiseconds by default

z You may configure different authentication modes and authentication keys for the VRRP groups on

an interface. However, the members of the same VRRP group must use the same authentication

mode and authentication key.

z Excessive traffic or different timer setting on routers can cause the Backup timer to time out

abnormally and change the state. To solve this problem, you can prolong the time interval to send

VRRP packets.


26/54

1-24

Displaying and Maintaining VRRP for IPv6


Display VRRP group statusdisplayvrrp ipv6[ verbose ][ interfaceinterface-type interface-number[vridvirtual-router-id] ]


Display VRRP group statisticsdisplay vrrpipv6 statistics[ interfaceinterface-type interface-number[ vridvirtual-router-id] ]


Clear VRRP group statisticsreset vrrp ipv6 statistics [ interfaceinterface-type interface-number[ vridvirtual-router-id]]

Available in user view

IPv4-Based VRRP Configuration Examples

This section provides these configuration examples:z Single VRRP Group Configuration Example

z VRRP Interface Tracking Configuration Example

z Multiple VRRP Group Configuration Example

z VRRP Load Balancing Mode Configuration Example

By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in the state of DOWN.

To configure such an interface, use the undo shutdown command to bring it up first.

Single VRRP Group Configuration Example

Network requirements

z Host A needs to access Host B on the Internet, using 202.38.160.111/24 as its default gateway.

z Switch A and Switch B belong to VRRP group 1 with the virtual IP address of 202.38.160.111/24.

z If Switch A operates normally, packets sent from Host A to Host B are forwarded by Switch A; if

Switch A fails, packets sent from Host A to Host B are forwarded by Switch B.


27/54

1-25

Figure 1-9 Network diagram for single VRRP group configuration

Host A

Switch A

Switch B


Vlan-int2202.38.160.1/24

Vlan-int2202.38.160.2/24

Host B

202.38.160.3/24

203.2.3.1/24

Internet

Configuration procedure1) Configure Switch A

# Configure VLAN 2.

system-view

[SwitchA] vlan 2

[SwitchA-vlan2] port Gigabitethernet 3/0/5

[SwitchA-vlan2] quit

[SwitchA] interface vlan-interface 2

[SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

# Create VRRP group 1 and set its virtual IP address to be 202.38.160.111.

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority of Switch A in VRRP group 1 to 110.

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110

# Set Switch A to work in preemptive mode. The preemption delay is five seconds.

[SwitchA-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5

2) Configure Switch B

# Configure VLAN 2.

system-view

[SwitchB] vlan 2

[SwitchB-Vlan2] port Gigabitethernet 3/0/5[SwitchB-vlan2] quit

[SwitchB] interface vlan-interface 2

[SwitchB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

# Create VRRP group 1 and set its virtual IP address to be 202.38.160.111.

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set Switch B to work in preemptive mode. The preemption delay is five seconds.

[SwitchB-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5

3) Verify the configuration

After the configuration, Host B can be pinged through on Host A. You can use the display vrrp verbose

command to verify the configuration.

# Display detailed information of VRRP group 1 on Switch A.


28/54

1-26

[SwitchA-Vlan-interface2] display vrrp verbose

IPv4 Standby Information:

Run Mode : Standard

Run Method : Virtual MAC

Total number of virtual routers : 1

Interface Vlan-interface2

VRID : 1 Adver Timer : 1

Admin Status : Up State : Master

Config Pri : 110 Running Pri : 110

Preempt Mode : Yes Delay Time : 5

Auth Type : None

Virtual IP : 202.38.160.111

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.1

# Display detailed information of VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp verbose


Run Mode : Standard





Admin Status : Up State : Backup



Auth Type : None

Virtual IP : 202.38.160.111

Master IP : 202.38.160.1

The above information shows that in VRRP group 1 Switch A is the master, Switch B is the backup and

packets sent from Host A to Host B are forwarded by Switch A.

If Switch A fails, you can still ping through Host B on Host A. Use the display vrrp verbose command to

view the detailed information of the VRRP group on Switch B.

# If Switch A fails, the detailed information of VRRP group 1 on Switch B is displayed.



Run Mode : Standard

Run Method : Virtual MACTotal number of virtual routers : 1






Auth Type : None

Virtual IP : 202.38.160.111

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.2

The above information shows that if Switch A fails, Switch B becomes the master, and packets sent from

Host A to Host B are forwarded by Switch B.


29/54

1-27

VRRP Interface Tracking Configuration Example


z Host A needs to access Host B on the Internet, using 202.38.160.111/24 as its default gateway.

z Switch A and Switch B belong to VRRP group 1 with the virtual IP address of 202.38.160.111/24.

z If Switch A operates normally, packets sent from Host A to Host B are forwarded by Switch A; ifVLAN-interface 3 through which Switch A connects to the Internet is not available, packets sent

from Host A to Host B are forwarded by Switch B.

Figure 1-10 Network diagram for VRRP interface tracking

Host A

Switch A

Switch B


Vlan-int2202.38.160.1/24

Vlan-int2202.38.160.2/24

Host B

202.38.160.3/24

203.2.3.1/24

Vlan-int3

Internet


1) Configure Switch A# Configure VLAN 2.

system-view

[SwitchA] vlan 2





# Create a VRRP group 1 and set its virtual IP address to 202.38.160.111.


# Configure the priority of Switch A in the VRRP group to 110.[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110

# Configure the authentication mode of the VRRP group as simple and authentication key as hello.

[SwitchA-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello

# Set the interval for Master to send VRRP advertisement to five seconds.

[SwitchA-Vlan-interface2] vrrp vrid 1 timer advertise 5

# Set the interface to be tracked.

[SwitchA-Vlan-interface2] vrrp vrid 1 track interface vlan-interface 3 reduced 30


# Configure VLAN 2. system-view

[SwitchB] vlan 2


30/54

1-28

[SwitchB-vlan2] port Gigabitethernet 3/0/5

[SwitchB-vlan2] quit





# Configure the authentication mode of the VRRP group as simple and authentication key as hello.

[SwitchB-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello

# Set the interval for Master to send VRRP advertisement to five seconds.

[SwitchB-Vlan-interface2] vrrp vrid 1 timer advertise 5


After the configuration, Host B can be pinged successfully on Host A. You can use the display vrrp

verbose command to verify the configuration.




Run Mode : Standard








Auth Type : Simple Key : hello

Virtual IP : 202.38.160.111Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.1

VRRP Track Information:

Track Interface: Vlan3 State : Up Pri Reduced : 30




Run Mode : Standard









Virtual IP : 202.38.160.111

Master IP : 202.38.160.1




31/54

1-29

If interface VLAN-interface 3 through which Switch A connects to the Internet is not available, you can

still ping Host B successfully on Host A. Use the display vrrp verbose command to view the detailed

information of the VRRP group.

# If VLAN-interface 3 on Switch A is not available, the detailed information of VRRP group 1 on Switch A

is displayed.



Run Mode : Standard









Virtual IP : 202.38.160.111

Master IP : 202.38.160.2

VRRP Track Information:

Track Interface: Vlan3 State : Down Pri Reduced : 30

# If VLAN-interface 3 on Switch A is not available, the detailed information of VRRP group 1 on Switch B

is displayed.



Run Mode : Standard









Virtual IP : 202.38.160.111

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.2

The above information shows that if VLAN-interface 3 on Switch A is not available, the priority of SwitchA is reduced to 80 and it becomes the backup. Switch B becomes the master and packets sent from


Multiple VRRP Group Configuration Example


z Hosts in VLAN 2 use 202.38.160.100/25 as their default gateway and hosts in VLAN 3 use

202.38.160.200/25 as their default gateway.

z Switch A and Switch B belong to both VRRP group 1 and VRRP group 2. The virtual IP address of

VRRP group 1 is 202.38.160.100/25, and that of VRRP group 2 is 202.38.160.200/25.


32/54

1-30

z In VRRP group 1, Switch A has a higher priority than Switch B. In VRRP group 2, Switch B has a

higher priority than Switch A. In this case, hosts in VLAN 2 and VLAN 3 can communicate with the

outside through Switch A and Switch B respectively, and if Switch A or Switch B fails, the hosts can

use the other switch to communicate with the outside, so as to avoid communication interruption.

Figure 1-11 Network diagram for multiple VRRP group configuration

Switch A

Switch B

Virtual IP address 1:202.38.160.100/25

Virtual IP address 2:202.38.160.200/25

Vlan-int2202.38.160.1/25

Vlan-int2202.38.160.2/25

Internet

VLAN 2

Gateway:

202.38.160.100/25

VLAN 3

Gateway:

202.38.160.200/25

Vlan-int3202.38.160.130/25

Vlan-int3202.38.160.131/25


1) Configure Switch A

# Configure VLAN 2.

system-view

[SwitchA] vlan 2







# Configure the priority of Switch A in VRRP group 1 as 110.


[SwitchA-Vlan-interface2] quit

# Configure VLAN 3.[SwitchA] vlan 3








# Configure VLAN 2.

system-view

[SwitchB] vlan 2



33/54

1-31






[SwitchB-Vlan-interface2] quit

# Configure VLAN 3.

[SwitchB] vlan 3







# Configure the priority of Switch B in VRRP group 2 to 110.

[SwitchB-Vlan-interface3] vrrp vrid 2 priority 1103) Verify the configuration

You can use the display vrrp verbose command to verify the configuration.

# Display detailed information of the VRRP group on Switch A.



Run Mode : Standard








Auth Type : None

Virtual IP : 202.38.160.100

Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.1






Auth Type : None

Virtual IP : 202.38.160.200

Master IP : 202.38.160.131

# Display detailed information of the VRRP group on Switch B.



Run Mode : Standard






34/54

1-32




Auth Type : None

Virtual IP : 202.38.160.100

Master IP : 202.38.160.1






Auth Type : None

Virtual IP : 202.38.160.200

Virtual MAC : 0000-5e00-0102

Master IP : 202.38.160.131


hosts with the default gateway of 202.38.160.100/25 accesses the Internet through Switch A; in VRRPgroup 2 Switch A is the backup, Switch B is the master and hosts with the default gateway of

202.38.160.200/25 accesses the Internet through Switch B.

VRRP Load Balancing Mode Configuration Example


z Switch A, Switch B, and Switch C belong to VRRP group 1 with the virtual IP address of

10.1.1.1/24.

z Hosts on network segment 10.1.1.0/24 use 10.1.1.1/24 as their default gateway. Use the VRRP

group to ensure that when a gateway (Switch A, Switch B, or Switch C) fails, the hosts on the LAN

can access the external network through another gateway.

z VRRP group 1 works in the load balancing mode to make good use of network resources.


35/54

1-33

Figure 1-12 Network diagram for VRRP load balancing mode



# Configure VLAN 2. system-view

[SwitchA] vlan 2



# Configure VRRP to work in the load balancing mode.

[SwitchA] vrrp mode load-balance

# Create VRRP group 1 and configure its virtual IP address as 10.1.1.1.


[SwitchA-Vlan-interface2] ip address 10.1.1.2 24

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1# Set the priority of Switch A in VRRP group 1 to 120.


# Set Switch A to work in preemptive mode. The preemption delay is five seconds.

[SwitchA-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5


# Configure VLAN 2.

system-view

[SwitchB] vlan 2





36/54

1-34

[SwitchB] vrrp mode load-balance

# Create VRRP group 1 and configure its virtual IP address as 10.1.1.1


[SwitchB-Vlan-interface2] ip address 10.1.1.3 24


# Set the priority of Switch B in VRRP group 1 to 110.[SwitchB-Vlan-interface2] vrrp vrid 1 priority 110


[SwitchB-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5

3) Configure Switch C

# Configure VLAN 2.

system-view

[SwitchC] vlan 2

[SwitchC-vlan2] port Gigabitethernet 3/0/5

[SwitchC-vlan2] quit


[SwitchC] vrrp mode load-balance

# Create VRRP group 1 and configure its virtual IP address as 10.1.1.1.

[SwitchC] interface vlan-interface 2

[SwitchC-Vlan-interface2] ip address 10.1.1.4 24

[SwitchC-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1

# Set Switch C to work in preemptive mode. The preemption delay is five seconds.

[SwitchC-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5


After the configuration, Host A can ping the external network. You can use the display vrrp verbose

command to verify the configuration.




Run Mode : Load Balance








Auth Type : None

Virtual IP : 10.1.1.1

Master IP : 10.1.1.2

Forwarder Information: 3 Forwarders 1 Active

Config Weight : 255

Running Weight : 255

Forwarder 01

State : Active

Virtual MAC : 000f-e2ff-0011 (Owner)Owner ID : 0000-5e01-1101

Priority : 255


37/54

1-35

Active : local

Forwarder 02

State : Listening

Virtual MAC : 000f-e2ff-0012 (Learnt)

Owner ID : 0000-5e01-1103

Priority : 127

Active : 10.1.1.3

Forwarder 03

State : Listening


Owner ID : 0000-5e01-1105

Priority : 127

Active : 10.1.1.4












Auth Type : None




Config Weight : 255


Forwarder 01

State : Listening


Owner ID : 0000-5e01-1101

Priority : 127

Active : 10.1.1.2

Forwarder 02

State : ActiveVirtual MAC : 000f-e2ff-0012 (Owner)

Owner ID : 0000-5e01-1103

Priority : 255

Active : local

Forwarder 03

State : Listening


Owner ID : 0000-5e01-1105

Priority : 127

Active : 10.1.1.4

# Display detailed information of VRRP group 1 on Switch C.

[SwitchC-Vlan-interface2] display vrrp verbose


38/54

1-36










Auth Type : None




Config Weight : 255


Forwarder 01

State : ListeningVirtual MAC : 000f-e2ff-0011 (Learnt)

Owner ID : 0000-5e01-1101

Priority : 127

Active : 10.1.1.2

Forwarder 02

State : Listening


Owner ID : 0000-5e01-1103

Priority : 127

Active : 10.1.1.3

Forwarder 03

State : Active

Virtual MAC : 000f-e2ff-0013 (Owner)

Owner ID : 0000-5e01-1105

Priority : 255

Active : local

The above information shows that in VRRP group 1, Switch A is the master and Switch B and Switch C

are the backups. On each of the three switches, there are one AVF and two LVFs acting as the backups.

# If Switch A fails, use the display vrrp verbose command to display the detailed information of VRRP

group 1 on Switch C.

[SwitchC-Vlan-interface2] display vrrp verbose










Auth Type : None




39/54

1-37


Config Weight : 255


Forwarder 01

State : Active

Virtual MAC : 000f-e2ff-0011 (Take Over)

Owner ID : 0000-5e01-1101

Priority : 85

Active : local

Redirect Time : 577 secs

Time-out Time : 1777 secs

Forwarder 02

State : Listening


Owner ID : 0000-5e01-1103

Priority : 85

Active : 10.1.1.3Forwarder 03

State : Active

Virtual MAC : 000f-e2ff-0013 (Owner)

Owner ID : 0000-5e01-1105

Priority : 255

Active : local

The above information shows that if Switch A fails, Switch B becomes the master, Switch C becomes

the AVF among the VFs corresponding to the virtual MAC address 000f-e2ff-0011, and packets sent

from Host A to the external network are forwarded by Switch C.

IPv6-Based VRRP Configuration Examples

This section provides these configuration examples:

z Single VRRP Group Configuration Example

z VRRP Interface Tracking Configuration Example

z Multiple VRRP Group Configuration Example

z VRRP Load Balancing Mode Configuration Example

By default, Ethernet interfaces, VLAN interfaces, and aggregate interfaces are in the state of DOWN.

To configure such an interface, use the undo shutdown command to bring it up first.

Single VRRP Group Configuration Example


z Host A needs to access Host B on the Internet, using 1::10/64 as its default gateway.z Switch A and Switch B belong to VRRP group 1 with the virtual IPv6 address of FE80::10.


40/54

1-38


Switch A fails, packets sent from Host A to Host B are forwarded by Switch B.

Figure 1-13 Network diagram for single VRRP group configuration

Host A

Switch A

Switch B

Virtual IPv6 address:FE80::10

Vlan-int2FE80::1

Vlan-int2FE80::2

Host B

Gateway:FE80::10

Internet



# Configure VLAN 2.

system-view

[SwitchA] ipv6

[SwitchA] vlan 2




[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64

# Create a VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10


[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# Set Switch A to work in preemptive mode, with the preemption delay set to 5 seconds.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5# Enable Switch A to send RA messages.

[SwitchA-Vlan-interface2] undo ipv6 nd ra halt


# Configure VLAN 2.

system-view

[SwitchB] ipv6

[SwitchB] vlan 2



[SwitchB] interface vlan-interface 2[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

[SwitchB-Vlan-interface2] ipv6 address 1::2 64


41/54

1-39


[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Configure Switch B to work in the preemptive mode, with the preemption delay set to 5 seconds.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5

# Enable Switch B to send RA messages.[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5


After the configuration, Host B can be pinged through on Host A. You can use the display vrrp ipv6

verbose command to verify the configuration.


[SwitchA-Vlan-interface2] display vrrp ipv6 verbose


Run Mode : Standard








Auth Type : None

Virtual IP : FE80::10

1::10

Virtual MAC : 0000-5e00-0201

Master IP : FE80::1# Display detailed information of VRRP group 1 on Switch B.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose


Run Mode : Standard








Auth Type : None


1::10

Master IP : FE80::1



If Switch A fails, you can still ping through Host B on Host A. You can use the display vrrp ipv6

verbose command to view the detailed information of the VRRP group on Switch B.

# If Switch A fails, the detailed information of VRRP group 1 on Switch B is displayed.

[SwitchB-Vlan-interface2] display vrrp ipv6 verbose



42/54

1-40

Run Mode : Standard








Auth Type : None


1::10

Virtual MAC : 0000-5e00-0201

Master IP : FE80::2

The above information shows that if Switch A fails, Switch B becomes the master, and packets sent from


VRRP Interface Tracking Configuration Example


z Host A needs to access Host B on the Internet, using 1::10/64 as its default gateway.

z Switch A and Switch B belong to VRRP group 1 with the virtual IP addresses of 1::10/64 and

FE80::10.


VLAN-interface 3 through which Switch A connects to the Internet is not available, packets sent

from Host A to Host B are forwarded by Switch B.

Figure 1-14 Network diagram for VRRP interface tracking

Host A

Switch A

Switch B

Virtual IPv6 address:FE80::101::10/64

Vlan-int2FE80::11::1/64

Vlan-int2FE80::21::2/64

Host B

Gateway:1::10/64

Vlan-int3

Internet



# Configure VLAN 2.

system-view

[SwitchA] ipv6

[SwitchA] vlan 2


43/54

1-41




[SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local

[SwitchA-Vlan-interface2] ipv6 address 1::1 64


[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10


[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110

# Set the authentication mode for VRRP group 1 to simple and authentication key to hello.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 authentication-mode simple hello

# Set the VRRP advertisement interval to 500 centiseconds.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 timer advertise 500

# Set Switch A work in preemptive mode. The preemption delay is five seconds.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5

# Set the interface to be tracked.

[SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 track interface vlan-interface 3 reduced 30

# Enable Switch A to send RA messages.

[SwitchA-Vlan-interface2] undo ipv6 nd ra halt


# Configure VLAN 2.

system-view

[SwitchB] ipv6

[SwitchB] vlan 2




[SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local

[SwitchB-Vlan-interface2] ipv6 address 1::2 64


[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10

# Set the authentication mode for VRRP group 1 to simple and authentication key to hello.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 authentication-mode simple hello

# Set the VRRP advertisement interval to 500 centiseconds.

[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 timer advertise 500


[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5

# Enable Switch B to send RA messages.

[SwitchB-Vlan-interface2] undo ipv6 nd ra halt


After the configuration, Host B can be pinged through on Host A. You can use the display vrrp ipv6

verbose command to verify

11-high availability configuration guide-vrrp configuration[1]

Documents