how to configure virtual router redundancy protocol (vrrp) configuration note sept 08 emea eng a4.pd

11
An HP ProCurve Networking Configuration Note How to configure Virtual Router Redundancy Protocol (VRRP) on HP ProCurve switches Contents 1. Introduction ................................................................................................................................................................. 2 2. Network diagram ......................................................................................................................................................... 2 3. VRRP configuration .................................................................................................................................................... 3 4. VRRP troubleshooting ................................................................................................................................................ 7 5. VRRP Redundancy tests .......................................................................................................................................... 10 6. Firmware versions .................................................................................................................................................... 11 7. Reference documents............................................................................................................................................... 11

Upload: andy-oliver

Post on 29-Jul-2015

150 views

Category:

Documents


5 download

TRANSCRIPT

Page 1: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

An HP ProCurve Networking Configuration Note

How to configure Virtual Router Redundancy Protocol (VRRP) on HP ProCurve switches

Contents 1. Introduction ................................................................................................................................................................. 2 

2. Network diagram ......................................................................................................................................................... 2 

3. VRRP configuration .................................................................................................................................................... 3 

4. VRRP troubleshooting ................................................................................................................................................ 7 

5. VRRP Redundancy tests .......................................................................................................................................... 10 

6. Firmware versions .................................................................................................................................................... 11 

7. Reference documents ............................................................................................................................................... 11 

Page 2: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 2

1. Introduction This application note explains configuration of Virtual Router Redundancy Protocol (VRRP) on a redundant network architecture, in order to provide gateway redundancy and load balancing capabilities.

2. Network diagram The platform which will be used in this document to detail the different steps of the configuration consists of:

- 2 x ProCurve switch 8212zl, named “Core-1” and “Core-2” connected by a 10G- SR link. Each one contains 2 x 24-port gigabit modules and a 4-slot 10G module with SR transceivers.

- A ProCurve switch 3500yl named “Edge-1”, with a 10G module at the rear, connected as follows: o Port A1 (10G-SR at the rear) to port C2 on Core-1 o Port A1 (second 10G-SR at the rear) to port C3 on Core-2

- A ProCurve switch 5406wl named “Edge-2”, with 2 x 24-port gigabit modules and a 4-slot 10G module with SR transceivers, connected as follows:

o Port C1 to port C3 on Core-1 o Port C2 to port C2 on Core-2

This hardware configuration is detailed in Figure-1 below.

Figure 1. Network setup

Page 3: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 3

VLANs and Multiple Spanning-tree have been configured on all switches; 2 instances have been defined:

- MSTP instance 1 contains VLANs 10, 20 and 108. Core-1 is the Root for this instance and Core-2 the Secondary Root.

- MSTP instance 2 contains VLANs 30 and 40. Core-2 is the Root for this instance and Core-1 the Secondary Root.

For more details about this configuration please refer to application note AN-I1 “Configure Multiple Spanning-tree on ProCurve Switches”.

3. VRRP Configuration Configured for each VLAN, VRRP enables to define a virtual IP address shared by the two Core switches. Two roles are defined:

- the Owner listens on this virtual IP address in normal time; the virtual address corresponds to the owner’s physical IP address.

- The Backup listens to VRRP advertisements from the Owner, and starts listening to the virtual address in case of failure of the Owner.

- Best Practice is to configure VRRP Roles in synch with MSTP Root per instance roles, for optimal load balancing of the traffic on the network. So, on each VLAN:

- VRRP Owner corresponds to MSTP Root switch

- VRRP Backup corresponds to MSTP Secondary Root.

With this configuration, the VLANs in the first instance will route their traffic through the first Core switch, and the VLANs in the second instance will route their traffic through the second one. Instead of having one router routing all the traffic of the network and the second only used for failover purposes, this maximizes the use of network bandwidth.

Page 4: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 4

The resulting MSTP-VRRP topology is as follows:

On all VLANs, Virtual IP address is similar to the VRRP Owner physical address: 10.1.VLAN.1 (except on VLAN 108 (Management) where it is 10.3.108.201)

Page 5: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 5

To achieve this topology, VRRP has been configured as follows on the Core switches:

Core- 1 VRRP Configuration

! VRRP is enabled globally Router vrrp ! Core-1 is set as VRRP Owner for Vlan 10, 20 and 108 ! As a convention. VRID matches Vlan number

Core-1(config)# Vlan 10 vrrp vrid 10 Core-1(config-vlan-10-vrid-10)# owner ! virtual-ip address matches physical address of the owner Core-1(config-vlan-10-vrid-10)# virtual-ip-address 10.1.10.1 255.255.255.0 ! VRRP is enabled on the VLAN Core-1(config-vlan-10-vrid-10)# enable Core-1(config-vlan-10-vrid-10)# exit

Core-1(config)# Vlan 20 vrrp vrid 20 Core-1(config-vlan-20-vrid-20)# owner Core-1(config-vlan-20-vrid-20)# virtual-ip-address 10.1.20.1 255.255.255.0 Core-1(config-vlan-20-vrid-20)# enable Core-1(config-vlan-20-vrid-20)# exit

Core-1(config)# Vlan 108 vrrp vrid 18 Core-1(config-vlan-108-vrid-18)# owner Core-1(config-vlan-108-vrid-18)# virtual-ip-address 10.3.108.201 255.255.255.0 Core-1(config-vlan-108-vrid-18)# enable Core-1(config-vlan-108-vrid-18)# exit

! Core-1 is set as VRRP Backup for Vlan 30 and 40

Core-1(config)# Vlan 30 vrrp vrid 30 Core-1(config-vlan-30-vrid-30)# backup ! virtual-ip address still matches physical address of the owner, which is the second Core switch Core-1(config-vlan-30-vrid-30)# virtual-ip-address 10.1.30.1 255.255.255.0 Core-1(config-vlan-30-vrid-30)# enable Core-1(config-vlan-30-vrid-30)# exit

Core-1(config)# Vlan 40 vrrp vrid 40 Core-1(config-vlan-40-vrid-40)# backup Core-1(config-vlan-40-vrid-40)# virtual-ip-address 10.1.40.1 255.255.255.0 Core-1(config-vlan-40-vrid-40)# enable Core-1(config-vlan-40-vrid-40)# exit

Page 6: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 6

Core- 2 VRRP Configuration

! VRRP is enabled globally Router vrrp ! Core-2 is set as VRRP Backup for Vlan 10, 20 and 108

Core-2(config)# vlan 10 vrrp vrid 10 Core-2(config-vlan-10-vrid-10)# backup Core-2(config-vlan-10-vrid-10)# virtual-ip-address 10.1.10.1 255.255.255.0 Core-2(config-vlan-10-vrid-10)# enable Core-2(config-vlan-10-vrid-10)# exit

Core-2(config)# vlan 20 vrrp vrid 20 Core-2(config-vlan-20-vrid-20)# backup Core-2(config-vlan-20-vrid-20)# virtual-ip-address 10.1.20.1 255.255.255.0 Core-2(config-vlan-20-vrid-20)# enable Core-2(config-vlan-20-vrid-20)# exit

Core-2(config)# vlan 108 vrrp vrid 18 Core-2(config-vlan-108-vrid-18)# backup Core-2(config-vlan-108-vrid-18)# virtual-ip-address 10.3.108.201 255.255.255.0 Core-2(config-vlan-108-vrid-18)# enable Core-2(config-vlan-108-vrid-18)# exit

! Core-2 is set as VRRP Owner for Vlan 30 and 40

Core-2(config)# vlan 30 vrrp vrid 30 Core-2(config-vlan-30-vrid-30)# owner Core-2(config-vlan-30-vrid-30)# virtual-ip-address 10.1.30.1 255.255.255.0 Core-2(config-vlan-30-vrid-30)# enable Core-2(config-vlan-30-vrid-30)# exit

Core-2(config)# vlan 40 vrrp vrid 40 Core-2(config-vlan-40-vrid-40)# owner Core-2(config-vlan-40-vrid-40)# virtual-ip-address 10.1.40.1 255.255.255.0 Core-2(config-vlan-40-vrid-40)# enable Core-2(config-vlan-40-vrid-40)# exit

Note : No configuration is needed on Edge switches. The Edge switches, as also the hosts on the network, just forward the packets to route to their default gateway, and it is transparent for them whether Core-1 or Core-2 is the physical router.

Page 7: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 7

Best Practice : VRRP advertisement packets are exchanged on the link between the two Core switches. This link is very important and a failure can lead to a VLAN that is cut into 2 parts which will cause communication disruption. So, it is recommended to configure a trunk of 2 links or more between the two Core switches for better redundancy.

By default, the advertise-interval (Hello interval between 2 VRRP advertisements sent by the Master switch on a VLAN to its Backup(s)) is 1 sec. The VRRP “down time” interval ( time, calculated by the Backup router(s) after which the Master is considered down if no VRRP advertisement is received) is set to 3 times the advertise-interval.

If the advertise-interval is modified, the down time interval is automatically recalculated to always be equal to 3 Hello intervals.

All VRRP routers must be configured with the same advertise-interval.

The router supports the following maximums:

- 32 VRs per VLAN in any combination of Masters and Backups ( ie a Master + up to 31 Backups per VLAN)

- 2048 VRs per router

VR= Virtual Router defines a combination of Master and Backups on the same VLAN.

For more information about VRRP configuration and parameters please consult the Multicast and Routing Guide for the ProCurve Series 3500yl, 6200yl, 5400zl and 8212zl series Chapter-6 Virtual Router Redundancy Protocol:

http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-MRG-Jan08-6-VRRP.pdf

4. VRRP Troubleshooting The following commands help to check and troubleshoot VRRP:

Show vrrp [vlan x] config

This command displays information about the VRRP Configuration. “show vrrp config” displays this info for all VLANs, show vrrp vlan X config for one particular VLAN.

- Global configuration: VRRP Enabled or not

- Per VLAN configuration:

- Virtual Router ID can be checked

- Mode to which the router has been configured for this VLAN: Owner or Backup

- Priority: by default it is 255 for an Owner and 100 for a Backup Router

- Advertisement Interval

- Virtual IP address

Page 8: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 8

!View VRRP Configuration on Core-1

Core-1(config)#show vrrp config VRRP Global Configuration Information

VRRP Enabled : Yes Traps Enabled : Yes

VRRP Virtual Router Configuration Information Vlan ID : 10 Virtual Router ID : 10

Administrative Status [Disabled] : Enabled Mode [Uninitialized] : Owner Priority [100] : 255 Advertisement Interval [1] : 2 Preempt Mode [True] : True Preempt Delay Time [0] : 60 Primary IP Address : Lowest

IP Address Subnet Mask --------------- --------------- 10.1.10.1 255.255.255.0

...

VRRP Virtual Router Configuration Information Vlan ID : 30 Virtual Router ID : 30

Administrative Status [Disabled] : Enabled Mode [Uninitialized] : Backup Priority [100] : 100 Advertisement Interval [1] : 2 Preempt Mode [True] : True Preempt Delay Time [0] : 0 Primary IP Address : Lowest

IP Address Subnet Mask --------------- --------------- 10.1.30.1 255.255.255.0

Page 9: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 9

Show vrrp [vlan X]

This command show the status of the virtual router on each VLAN, and statistics about the packets received and transmitted by this virtual router.

Core-1(config)#show vrrp

VRRP Global Statistics Information

VRRP Enabled : Yes Protocol Version : 2 Invalid VRID Pkts Rx : 0 Checksum Error Pkts Rx : 0 Bad Version Pkts Rx : 0

VRRP Virtual Router Statistics Information Vlan ID : 10 Virtual Router ID : 10 State : Master Up Time : 23 hours Virtual MAC Address : 00005e-00010a Master's IP Address : 10.1.10.1 Associated IP Addr Count : 1 Near Failovers : 1 Advertise Pkts Rx : 1 Become Master : 1 Zero Priority Rx : 0 Zero Priority Tx : 0 Bad Length Pkts : 0 Bad Type Pkts : 0 Mismatched Interval Pkts : 0 Mismatched Addr List Pkts : 0 Mismatched IP TTL Pkts : 0 Mismatched Auth Type Pkts : 0

. . .

VRRP Virtual Router Statistics Information Vlan ID : 40 Virtual Router ID : 40 State : Backup Up Time : 23 hours Virtual MAC Address : 00005e-000128 Master's IP Address : 10.1.40.1 Associated IP Addr Count : 1 Near Failovers : 1 Advertise Pkts Rx : 41919 Become Master : 0 Zero Priority Rx : 0 Zero Priority Tx : 0 Bad Length Pkts : 0 Bad Type Pkts : 0 Mismatched Interval Pkts : 0 Mismatched Addr List Pkts : 0 Mismatched IP TTL Pkts : 0 Mismatched Auth Type Pkts : 0

Note: note the difference between the VRRP Roles ( “Owner” or “Backup”), which is what has been explicitly configured on the router, and the VRRP States ( “Master” or “Backup”) which represent the status of a router at a given time. Example: A router has been configured as Backup on a VRID. In normal time, the state of this router is Backup. When the Owner router on this VRID fails, Backup router state changes to Master.

Page 10: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 10

Note: The Virtual MAC address is a Multicast MAC address and corresponds to all routers in the VR. It is always composed of :

- the same prefix: 00005e-0001xx - the 2 last bytes correspond to the VRID ( E.g.: 0a corresponds to 10 and 28 to 40 in hexadecimal notation)

5. VRRP Redundancy tests To test VRRP Redundancy, we established a continuous ping between a client in VLAN 108 and another machine in VLAN 30, and then restarted Core-1. We lost 2-3 pings when Core-1 went down and Core-2 took over the Master role in VLAN 108, and then 2-3 pings again when Core-1 went back up and retrieved its Master role in VLAN 108. So the failover time is estimated between 1 and 3 s.

Note: When the Owner fails and the Backup takes over, the virtual address can not be reached by a ping command any more. ARP table is updated.

Note: The protocol responsible of the topology convergence in case of link failure is MSTP, and in case of core switch failure it is VRRP.

Page 11: How to Configure Virtual Router Redundancy Protocol (VRRP) Configuration Note Sept 08 EMEA Eng A4.Pd

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

HP ProCurve Networking 11

6. Firmware versions Switches firmware versions used in this application note are: For ProCurve switches 3500yl, 5406zl and 8212zl: K.13.25

7. Reference documents This concludes the procedure for configuring VRRP on ProCurve switches. For further information about how to configure VRRP on ProCurve switches 3500yl-5400zl-8212zl, please refer to the following links:

- ProCurve Multicast and Routing Guide for the ProCurve Series 3500yl, 6200yl, 5400zl and 8212zl series Chapter-6 Virtual Router Redundancy Protocol: http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-MRG-Jan08-6-VRRP.pdf

- Command Line Reference Guide: http://cdn.procurve.com/training/Manuals/8200-6200-5400-3500-CLI-K13-Mar2008.pdf

For further information, please visit www.procurve.eu

© 2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

4AA2-2445EEE, September 2008