Page 1 H3C S5820X&S5800 Switch Series High Availability Configuration Guide Hangzhou H3C Technologies Co., Ltd. http://www.h3c.com Software version: Release 1211 Document version: 6W100-20110415...
Page 2 SecPro, SecPoint, SecEngine, SecPath, Comware, Secware, Storware, NQA, VVG, V G, V G, PSPT, XGbus, N-Bus, TiGem, InnoVision and HUASAN are trademarks of Hangzhou H3C Technologies Co., Ltd. All other trademarks that may be mentioned in this manual are the property of their respective owners Notice The information in this document is subject to change without notice.
Page 3 Preface The H3C S5800&S5820X documentation set includes 12 configuration guides, which describe the software features for the S5800&S5820X Switch Series and guide you through the software configuration procedures. These configuration guides also provide configuration examples to help you apply software features to different network scenarios.
Page 4: Command Conventions
Configuration guide Added and modified features Added features: ITU-T Y.1731 Modified features: • Change configuring the LB function in system view to configuring the LB function in any view • Change configuring the LT function in system view to configuring the LT function in any view DLDP —...
Page 5 Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. About the H3C S5800&S5820X documentation set The H3C S5800&S5820X documentation set includes: Category...
Page 6 Interface Cards User available for the products. Manual Describes the benefits, features, hardware H3C OAP Cards User specifications, installation, and removal of the OAP Manual cards available for the products. H3C Low End Series...
Page 7: Obtaining Documentation
Obtaining documentation You can access the most up-to-date H3C product documentation on the World Wide Web at http://www.h3c.com. Click the links on the top navigation bar to obtain different categories of product documentation: [Technical Support & Documents > Technical Documents] –...
Page 8: Table Of Contents
Contents High availability overview··········································································································································· 1 Availability requirements··················································································································································1 Availability evaluation ······················································································································································1 High availability technologies ·········································································································································2 Fault detection technologies ····································································································································2 Protection switchover technologies·························································································································3 Ethernet OAM configuration ······································································································································· 5 Ethernet OAM overview ···················································································································································5 Background········································································································································································5 Major functions of Ethernet OAM ···································································································································5 Ethernet OAMPDUs··················································································································································5 How Ethernet OAM works ······································································································································7 Protocols and Standards··········································································································································9 Ethernet OAM configuration task list ······························································································································9 Configuring basic Ethernet OAM functions····················································································································9...
Page 9 Displaying and maintaining CFD ································································································································· 29 CFD configuration example ·········································································································································· 30 DLDP configuration·····················································································································································36 Overview········································································································································································· 36 Background ···························································································································································· 36 How DLDP works ··················································································································································· 37 DLDP configuration task list ··········································································································································· 43 Enabling DLDP ································································································································································ 43 Setting DLDP mode························································································································································· 44 Setting the interval for sending advertisement packets ······························································································ 44 Setting the DelayDown timer·········································································································································...
Page 10 Smart Link collaboration mechanisms ················································································································· 96 Smart Link configuration task list ·································································································································· 96 Configuring a smart link device ··································································································································· 97 Configuration prerequisites ·································································································································· 97 Configuring protected VLANs for a smart link group························································································ 97 Configuring member ports for a smart link group ····························································································· 97 Configuring role preemption for a smart link group··························································································...
Page 11 Configuring router priority, preemptive mode and tracking function ····························································136 Configuring VF tracking······································································································································137 Configuring VRRP packet attributes ···················································································································138 Displaying and maintaining VRRP for IPv6·······································································································139 IPv4-based VRRP configuration examples ·················································································································139 Single VRRP group configuration example ·······································································································139 VRRP interface tracking configuration example ·······························································································142 VRRP with multiple VLANs configuration example···························································································145 VRRP load balancing mode configuration example ························································································148 IPv6-based VRRP configuration examples ·················································································································156...
Page 12 Configuring BFD for a VRRP backup to monitor the master············································································202 Configuring BFD for the VRRP master to monitor the uplinks··········································································205 Static routing-track-NQA collaboration configuration example ·····································································209 Static routing-track-BFD collaboration configuration example········································································213 VRRP-track-interface management collaboration configuration example (the master monitors the uplink interface)·······························································································································································217 Index ········································································································································································...
Page 13: High Availability Overview
High availability overview Communication interruptions can seriously affect widely-deployed value-added services such as IPTV and video conference. Therefore, the basic network infrastructures must be able to provide high availability. The following are the effective ways to improve availability: Increasing fault tolerance •...
Page 14: High Availability Technologies
MTTR = fault detection time + hardware replacement time + system initialization time + link recovery time + routing time + forwarding recovery time. A smaller value of each item means a smaller MTTR and a higher availability. High availability technologies As previously mentioned, increasing MTBF or decreasing MTTR can enhance the availability of a network.
Page 15: Protection Switchover Technologies
Technology Introduction Reference Monitor link is a port collaboration function. It is usually used in Monitor link conjunction with Layer 2 topology protocols. The idea is to configuration in the Monitor Link monitor the states of uplink ports and adapt the up/down state of High Availability downlink ports to the up/down state of uplink ports, triggering Configuration Guide...
Page 16 Technology Introduction Reference Layer 3—IP Routing Fast Reroute (FRR) provides a quick per-link or per-node protection Configuration Guide, on an LSP. In this approach, once a link or node fails on a path, MPLS Configuration FRR comes up to reroute the path to a new link or node to bypass Guide/Configuration the failed link or node.
Page 17: Ethernet Oam Configuration
Ethernet OAM configuration This chapter includes these sections: Ethernet OAM overview • Ethernet OAM configuration task list • Configuring basic Ethernet OAM functions • Configuring the Ethernet OAM connection detection timers • Configuring OAM remote loopback • • Displaying and maintaining Ethernet OAM configuration Ethernet OAM configuration example •...
Page 18 Figure 1 Formats of different types of Ethernet OAMPDUs Table 4 Description of the fields in an OAMPDU Field Description Destination MAC address of the Ethernet OAMPDU It is a slow protocol multicast address 0180c2000002. As slow protocol Dest addr packet cannot be forwarded by bridges, Ethernet OAMPDUs cannot be forwarded.
Page 19: How Ethernet Oam Works
How Ethernet OAM works This section describes the working procedures of Ethernet OAM. Ethernet OAM connection establishment Ethernet OAM connection is the base of all the other Ethernet OAM functions. OAM connection establishment is also known as the “Discovery phase”, where an Ethernet OAM entity discovers remote OAM entities and establishes sessions with them.
Page 20 exchange of Event Notification OAMPDUs. When detecting a link error event listed in 7, the local Table OAM entity sends an Event Notification OAMPDU to notify the remote OAM entity. With the log information, network administrators can keep track of network status in time. Table 7 Ethernet OAM link error events Ethernet OAM link events Description...
Page 21: Protocols And Standards
NOTE: S5800&S5820X Switch Series is able to receive information OAMPDUs carrying the critical link events • listed in Table Only the Gigabit optical ports are able send information OAMPDUs carrying Link Fault events. • S5800&S5820X Switch Series is able to send information OAMPDUs carrying Dying Gasp events when •...
Page 22: Configuring The Ethernet Oam Connection Detection Timers
After the timeout timer of an Ethernet OAM connection expires, the local OAM entity ages out its connection with the peer OAM entity, causing the OAM connection to be disconnected. H3C recommends setting the connection timeout timer at least fives times the handshake packet transmission interval,...
Page 23: Configuring Link Monitoring
Configuring link monitoring NOTE: After Ethernet OAM connections are established, the link monitoring periods and thresholds configured in this section take effect on all Ethernet ports automatically. Configuring errored symbol event detection An errored symbol event occurs when the number of detected symbol errors over a specific detection interval exceeds the configured threshold.
Page 24: Configuring Errored Frame Seconds Event Detection
To do… Use the command… Remarks Configure the errored frame Optional oam errored-frame-period threshold period event triggering threshold-value 1 by default threshold Configuring errored frame seconds event detection An errored frame seconds event occurs when the number of error frame seconds detected on a port over a detection interval exceeds the error threshold.
Page 25: Rejecting The Ethernet Oam Remote Loopback Request From A Remote Port
To do… Use the command… Remarks Enter system view system-view — Required Enable Ethernet OAM remote oam loopback interface loopback on a specified port interface-type interface-number Disabled by default. Enable Ethernet OAM remote loopback in interface view Follow these steps to enable Ethernet OAM remote loopback in interface view: To do…...
Page 26: Displaying And Maintaining Ethernet Oam Configuration
To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter Layer 2 Ethernet port view — interface-number Required Reject the Ethernet OAM remote By default, a port does not reject loopback request from a remote oam loopback reject-request the Ethernet OAM remote port loopback request from a remote...
Page 27 Configuration procedure Configure Switch A # Configure GigabitEthernet 1/0/1 to operate in passive Ethernet OAM mode and enable Ethernet OAM for it. <SwitchA> system-view [SwitchA] interface gigabitethernet 1/0/1 [SwitchA-GigabitEthernet1/0/1] oam mode passive [SwitchA-GigabitEthernet1/0/1] oam enable [SwitchA-GigabitEthernet1/0/1] quit # Set the errored frame detection interval to 20 seconds and set the errored frame event triggering threshold to 10.
Page 28 [SwitchA] display oam critical-event Port : GigabitEthernet1/0/1 Link Status : Up Event statistic : ------------------------------------------------------------------------- Link Fault Dying Gasp Critical Event The output shows that no critical link event occurred on the link between Switch A and Switch B. You can use the display oam link-event command to display the statistics of Ethernet OAM link error events.
Page 29: Cfd Configuration
CFD configuration This chapter includes these sections: Overview • CFD configuration task list • Displaying and maintaining CFD • CFD configuration example • Overview Connectivity Fault Detection (CFD), which conforms to IEEE 802.1ag Connectivity Fault Management (CFM) and ITU-T Y.1731, is an end-to-end per-VLAN link layer Operations, Administration and Maintenance (OAM) mechanism used for link connectivity detection, fault verification, and fault location.
Page 30 CFD exchanges messages and performs operations on a per-domain basis. By planning MDs properly in a network, you can use CFD to locate failure points rapidly. Maintenance association A maintenance association (MA) is a set of maintenance points (MPs) in an MD. An MA is identified by the “MD name + MA name”.
Page 31: Cfd Functions
As shown in 5, an inward-facing MEP does not send packets to its host port. Rather, it sends Figure packets to other ports on the device. • A MIP is internal to an MD. It cannot send CFD packets actively; however, it can handle and respond to CFD packets.
Page 32 Loopback (LB) • • Linktrace (LT) Alarm indication signal (AIS) • Loss measurement (LM) • • Delay measurement (DM) Test (TST) • Connectivity faults are usually caused by device faults or configuration errors. CC checks the connectivity between MEPs. This function is implemented through periodic sending of CCMs by the MEPs. As a multicast message, a CCM sent by one MEP is intended to be received by all the other MEPs in the same MA.
Page 33: Protocols And Standards
calculates and records the link transmission delay and jitter (delay variation) according to the transmission time and reception time. 1DM frames are multicast frames. Two-way frame delay measurement The source MEP sends a delay measurement message (DMM), which carries the transmission time, to the target MEP.
Page 34: Configuring Basic Cfd Settings
Tasks Remarks Configuring CC on MEPs Required Configuring LB on MEPs Optional Configuring LT on MEPs Optional Configuring AIS Optional Configuring CFD functions Configuring LM Optional Configuring one-way DM Optional Configuring two-way DM Optional Configuring TST Optional NOTE: A port blocked by STP cannot receive or send CFD messages except in the following cases: The port is configured as an outward-facing MEP.
Page 35: Configuring Service Instances
Configuring service instances Before configuring the MEPs and MIPs, you must first configure service instances. A service instance is a set of service access points (SAPs), and belongs to an MA in an MD. A service instance is indicated by an integer to represent an MA in an MD. The MD and MA define the level and VLAN attribute of the messages handled by the MPs in a service instance.
Page 36: Configuring Mip Generation Rules
Before creating MEPs, configure the MEP list first. An MEP list is a collection of local MEPs allowed to be configured in an MA and the remote MEPs to be monitored. Follow these steps to configure a MEP: To do... Use the command...
Page 37: Configuring Cfd Functions
Follow these steps to configure the rules for generating MIPs: To do... Use the command... Remarks Enter system view system-view — Required Configure the rules for generating cfd mip-rule { explicit | default } By default, neither MIPs nor the MIPs service-instance instance-id rules for generating MIPs are...
Page 38: Configuring Lb On Meps
The relationship between the interval field value in the CCM messages, the interval between CCM messages and the timeout time of the remote MEP is illustrated in Table Table 9 Relationship of interval field value, interval between CCM messages, and timeout time of the remote MEP Interval between CCM Interval field value...
Page 39: Configuring Ais
To do... Use the command... Remarks cfd linktrace service-instance instance-id mep mep-id Required Find the path between a source { target-mep target-mep-id | MEP and a target MEP Available in any view target-mac mac-address } [ ttl ttl-value ] [ hw-only ] Enter system view system-view —...
Page 40: Configuring One-Way Dm
CAUTION: The LM function takes effect only in CFD IEEE 802.1ag. Configuring one-way DM The one-way DM function measures the one-way frame delay between two MEPs, and monitors and manages the link transmission performance. Follow these steps to configure one-way DM: To do…...
Page 41: Displaying And Maintaining Cfd
To do… Use the command… Remarks cfd tst service-instance instance-id mep mep-id Required { target-mac mac-address | target-mep target-mep-id } Configure TST [ number number ] [ length-of-test length ] Disabled by default. [ pattern-of-test { all-zero | prbs } [ with-crc ] ] CAUTION: •...
Page 42: Cfd Configuration Example
To do... Use the command... Remarks display cfd dm one-way history Display the one-way DM result on [ service-instance instance-id [ mep Available in any view the specified MEP mep-id ] ] [ | { begin | exclude | include } regular-expression ] display cfd tst [ service-instance instance-id Display the TST result on the...
Page 43 Figure 8 Network diagram for CFD configuration Configuration procedure Configure a VLAN and assign ports to it On each device shown in 8, create VLAN 100 and assign ports GigabitEthernet 1/0/1 through Figure GigabitEthernet 1/0/4 to VLAN 100. Enable CFD # Enable CFD on Device A.
Page 44 [DeviceC] cfd md MD_B level 3 [DeviceC] cfd ma MA_B md MD_B vlan 100 [DeviceC] cfd service-instance 2 md MD_B ma MA_B Configure MEPs # On Device A, configure a MEP list in service instance 1; create and enable inward-facing MEP 1001 in service instance 1 on GigabitEthernet 1/0/1.
Page 45 # On Device A, enable the sending of CCM frames for MEP 1001 in service instance 1 on GigabitEthernet 1/0/1. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] cfd cc service-instance 1 mep 1001 enable [DeviceA-GigabitEthernet1/0/1] quit # On Device B, enable the sending of CCM frames for MEP 2001 in service instance 2 on GigabitEthernet 1/0/3.
Page 46 Verify the LT function # Identify the path between MEP 1001 and MEP 5001 in service instance 1 on Device A. [DeviceA] cfd linktrace service-instance 1 mep 1001 target-mep 5001 Linktrace to MEP 5001 with the sequence number 1001-43462 MAC Address Last MAC Relay Action 0010-FC00-6512...
Page 47 [DeviceA] cfd dm two-way service-instance 1 mep 1001 target-mep 4002 Frame delay: Reply from 0010-FC00-6512: 10ms Reply from 0010-FC00-6512: 9ms Reply from 0010-FC00-6512: 11ms Reply from 0010-FC00-6512: 5ms Reply from 0010-FC00-6512: 5ms Average: 8ms Send DMM frames: 5 Received: 5 Lost: 0 Frame delay variation: 5ms Average: 3ms...
Page 48: Dldp Configuration
DLDP configuration This chapter includes these topics: Overview • DLDP configuration task list • Displaying and maintaining DLDP • DLDP configuration examples • Troubleshooting DLDP • Overview Background Unidirectional links occur when one end of a link can receive packets from the other end, but the other end cannot receive packets sent by the first end.
Page 49: How Dldp Works
Figure 9 Correct and incorrect fiber connections The Device link detection protocol (DLDP) detects unidirectional links (fiber links or twisted-pair links) and can be configured to shut down the related port automatically or prompt users to take actions to avoid network problems.
Page 50 State Indicates… All neighbors are bi-directionally reachable or DLDP has been in active state for Advertisement more than five seconds. This is a relatively stable state where no unidirectional link has been detected. DLDP enters this state if it receives a packet from an unknown neighbor. In this state, DLDP sends packets to check whether the link is unidirectional.
Page 51 DLDP timer Description In enhanced mode, this timer is triggered if no packet is received from a neighbor when the entry timer expires. Enhanced timer is set to 1 second. Enhanced timer After the Enhanced timer is triggered, the switch sends up to eight probe packets to the neighbor at a frequency of one packet per second.
Page 52 Figure 10 A scenario for enhanced DLDP mode NOTE: In normal DLDP mode, only fiber cross-connected unidirectional links can be detected. • In enhanced DLDP mode, the following types of unidirectional links can be detected: fiber • cross-connected links, and fiber pairs with one fiber or broken or not connected. When a fiber of a fiber pair is broken or not connected, the port that can receive optical signals is in Disable state, and the other port is in Inactive state.
Page 53 DLDP state Type of DLDP packets sent Advertisement Normal Advertisement packet Probe Probe packet Disable Disable packet and then RecoverProbe packet NOTE: A switch sends Flush packets when it transits to Initial state from Active, Advertisement, Probe, or DelayDown state but does not send them when it transits to the Initial state from Inactive or Disable state. A received DLDP packet is processed with the following methods.
Page 54 Packet type Processing procedure Checks whether the If yes, no process is performed. Disable packet local port is in Disable If not, the local port transits to Disable state. state Checks whether the If not, no process is performed. RecoverProbe local port is in Disable packet If yes, returns RecoverEcho packets.
Page 55: Dldp Configuration Task List
Table 16 Description on DLDP neighbor states DLDP neighbor state Description A neighbor is in this state when it is just detected and is being probed. A Unknown neighbor is in this state only when it is being probed. It transits to Two way state or Unidirectional state after the probe operation finishes.
Page 56: Setting Dldp Mode
STP convergence time. If the interval is too long, STP loops may occur before unidirectional links are detected and shut down. If the interval is too short, the number of advertisement packets will increase. H3C recommends you use the default interval in most cases. Follow these steps to set the interval to send Advertisement packets:...
Page 57: Setting The Delaydown Timer
Instead, the DLDP state machine generates log and traps to prompt you to manually shut down unidirectional link ports with the shutdown command. H3C recommends you do as prompted. Then the DLDP state machine transits to the Disable state.
Page 58: Configuring Dldp Authentication
To do… Use the command… Remarks Optional dldp unidirectional-shutdown { auto | Set port shutdown mode manual } auto by default NOTE: On a port with both remote OAM loopback and DLDP enabled, if the port shutdown mode is auto •...
Page 59: Displaying And Maintaining Dldp
Resetting DLDP state in system view Resetting DLDP state in system view applies to all ports of the switch. Follow these steps to reset DLDP in system view: To do… Use the command… Remarks Enter system view system-view — Reset DLDP state dldp reset Required Resetting DLDP state in port view or port group view...
Page 60 Figure 11 Network diagram for configuring automatic shutdown of unidirectional links Correct fiber connection Cross-connected fibers Device A Device A GE1/0/49 GE1/0/50 GE1/0/49 GE1/0/50 GE1/0/49 GE1/0/50 GE1/0/49 GE1/0/50 Device B Device B Ethernet Fiber link Tx end Rx end optical port Configuration procedure Configuration on Device A # Enable DLDP globally.
Page 61 Configuration on Device B # Enable DLDP globally, configure GigabitEthernet 1/0/49 and GigabitEthernet 1/0/50 to operate in full duplex mode and at 1000 Mbps, and then enable DLDP on the two ports. <DeviceB> system-view [DeviceB] dldp enable [DeviceB] interface gigabitethernet 1/0/49 [DeviceB-GigabitEthernet1/0/49] duplex full [DeviceB-GigabitEthernet1/0/49] speed 1000 [DeviceB-GigabitEthernet1/0/49] dldp enable...
Page 62 Neighbor port index : 60 Neighbor state : two way Neighbor aged time : 12 The output indicates that both GigabitEthernet 1/0/49 and GigabitEthernet 1/0/50 are in Advertisement state, which means both links are bidirectional. # Enable system information monitoring on Device A, and enable the display of log and trap information.
Page 63: Manually Shutting Down Unidirectional Links
Manually shutting down unidirectional links Network requirements • As shown in 12, Device A and Device B are connected with two fiber pairs. Figure Configure DLDP to send information when a unidirectional link is detected, to remind the network • administrator to manually shut down the faulty port.
Page 64 [DeviceA-GigabitEthernet1/0/50] dldp enable [DeviceA-GigabitEthernet1/0/50] quit # Set the DLDP mode to enhanced. [DeviceA] dldp work-mode enhance # Set the port shutdown mode to manual. [DeviceA] dldp unidirectional-shutdown manual Configuration on Device B # Enable DLDP globally, configure GigabitEthernet 1/0/49 and GigabitEthernet 1/0/50 to operate in full duplex mode and at 1000 Mbps, and then enable DLDP on the two ports.
Page 65 Interface GigabitEthernet1/0/50 DLDP port state : advertisement DLDP link state : up The neighbor number of the port is 1. Neighbor mac address : 0023-8956-3600 Neighbor port index : 60 Neighbor state : two way Neighbor aged time : 12 The output indicates that both GigabitEthernet 1/0/49 and GigabitEthernet 1/0/50 are in Advertisement state, which means both links are bidirectional.
Page 66: Troubleshooting Dldp
The output indicates that the link status of both GigabitEthernet 1/0/49 and GigabitEthernet 1/0/50 is down. Assume that in this example, the unidirectional links are caused by cross-connected fibers. Correct the fiber connections, and then bring up the ports shut down earlier. # On Device A, bring up GigabitEthernet 1/0/49 and GigabitEthernet 1/0/50: [DeviceA-GigabitEthernet1/0/50] undo shutdown [DeviceA-GigabitEthernet1/0/50]...
Page 67: Rrpp Configuration
RRPP configuration This chapter includes these sections: RRPP overview • RRPP configuration task list • Displaying and maintaining RRPP • RRPP configuration examples • Troubleshooting • RRPP overview The Rapid Ring Protection Protocol (RRPP) is a link layer protocol designed for Ethernet rings. RRPP can prevent broadcast storms caused by data loops when an Ethernet ring is healthy, and rapidly restore the communication paths between the nodes in the event that a link is disconnected on the ring.
Page 68: Basic Concepts In Rrpp
Basic concepts in RRPP Figure 13 RRPP networking diagram RRPP domain Interconnected devices with the same domain ID and control VLANs constitute an RRPP domain. An RRPP domain contains the following elements—primary ring, subring, control VLAN, master node, transit node, primary port, secondary port, common port, edge port, and so on.
Page 69 IP address configuration is prohibited on the control VLAN interfaces. Data VLAN A data VLAN is a VLAN dedicated to transferring data packets. Both RRPP ports and non-RRPP ports can be assigned to a data VLAN. Node Each device on an RRPP ring is a node. The role of a node is configurable. RRPP has the following node roles: Master node—Each ring has one and only one master node.
Page 70: Rrppdus
As shown in Figure 13, Device B and Device C lie on Ring 1 and Ring 2. Device B’s Port 1 and Port 2 and Device C’s Port 1 and Port 2 access the primary ring, so they are common ports. Device B’s Port 3 and Device C’s Port 3 access only the subring, so they are edge ports.
Page 71: Rrpp Timers
RRPP timers When RRPP checks the link state of an Ethernet ring, the master node sends Hello packets out the primary port according to the Hello timer, and determines whether its secondary port receives the Hello packets based on the Fail timer. The Hello timer specifies the interval at which the master node sends Hello packets out the primary •...
Page 72 Ring recovery After the ports belonging to the RRPP domain on the transit nodes, the edge nodes, or the assistant-edge nodes are brought up again, the master node may find the ring is restored after a period of time. A temporary loop may arise in the data VLAN during this period, resulting in a broadcast storm.
Page 73: Typical Rrpp Networking
The master node sends Fast-Hello packets out its primary port at the interval specified by the • Fast-Hello timer. If the secondary port receives the Fast-Hello packets sent by the local master node before the Fast-Fail timer expires, the entire ring is in the Health state; otherwise, the ring transits into the Disconnect state.
Page 74 Figure 15 Schematic diagram for a tangent-ring network Intersecting rings As shown in Figure 16, two or more rings are in the intersecting-ring network topology, with two common nodes between rings. You only need to define an RRPP domain, and configure one ring as the primary ring and the other rings as subrings.
Page 75 Figure 17 Schematic diagram for a dual-homed-ring network Single-ring load balancing In a single-ring network, you can achieve load balancing by configuring multiple domains. As shown in Figure 18, Ring 1 is configured as the primary ring of both Domain 1 and Domain 2. Domain 1 and Domain 2 are configured with different protected VLANs.
Page 76: Protocols And Standards
Figure 19 Schematic diagram for an intersecting-ring load balancing network Protocols and standards RFC 3619, Extreme Networks' Ethernet Automatic Protection Switching (EAPS) Version 1 RRPP configuration task list CAUTION: RRPP does not have an auto election mechanism, so you must configure each node in the ring network •...
Page 77: Creating An Rrpp Domain
Task Remarks Optional Configuring RRPP timers Perform this task on the master node in the RRPP domain. Optional Enabling fast detection Perform this task on the master node, edge node, and Configuring assistant-edge node in the RRPP domain. RRPP fast detection Optional Configuring fast detection...
Page 78: Configuring Protected Vlans
NOTE: When you configure existing VLANs as control VLANs, the system prompts errors. • To ensure proper forwarding of RRPPDUs, do not enable QinQ or VLAN mapping on the control • VLANs. To ensure that RRPPDUs can be sent and received correctly, do not configure the default VLAN of a port •...
Page 79: Configuring Rrpp Ports
Configuring RRPP ports Perform this configuration on each node’s ports intended for accessing RRPP rings. Follow these steps to configure RRPP ports: To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter port view — interface-number Required Configure the link type of the port port link-type trunk...
Page 80 Specifying a master node Perform this configuration on a device to be configured as a master node. Follow these steps to specify a master node: To do… Use the command… Remarks Enter system view system-view — Enter RRPP domain view rrpp domain domain-id —...
Page 81: Activating An Rrpp Domain
Specifying an assistant-edge node When configuring an assistant-edge node, you must first configure the primary ring before configuring the subrings. Perform this configuration on a device to be configured as an assistant-edge node. Follow these steps to specify an assistant-edge node: To do…...
Page 82: Configuring Rrpp Fast Detection
To configure fast detection on the master node of a subring, make sure that the edge node and • assistant-edge node of the subring supports fast detection. Otherwise, H3C does not recommend configuring fast detection on the master node of the subring.
Page 83: Configuring An Rrpp Ring Group
To do… Use the command… Remarks Enter system view system-view — Enter RRPP domain view rrpp domain domain-id — Optional Configure the Fast-Fail timer timer fast-fail-timer fast-fail-value By default, the Fast-Fail timer is 600ms. Optional timer fast-hello-timer Configure the Fast-Hello timer By default, the Fast-Hello timer is fast-hello-value 200ms.
Page 84: Displaying And Maintaining Rrpp
Displaying and maintaining RRPP To do… Use the command… Remarks display rrpp brief [ | { begin | exclude | Display brief RRPP information include } regular-expression ] Display RRPP group configuration display rrpp ring-group [ ring-group-id ] [ | information { begin | exclude | include } regular-expression ] display rrpp verbose domain domain-id [ ring...
Page 85 Configuration procedure Configuration on Device A # Create VLANs 1 through 30, map these VLANs to MSTI 1, and activate the MST region configuration. <DeviceA> system-view [DeviceA] vlan 1 to 30 [DeviceA] stp region-configuration [DeviceA-mst-region] instance 1 vlan 1 to 30 [DeviceA-mst-region] active region-configuration [DeviceA-mst-region] quit # Disable physical state change suppression and STP on GigabitEthernet 1/0/1 and GigabitEthernet...
Page 86: Intersecting Ring Configuration Example
[DeviceB-mst-region] quit # Disable physical state change suppression and STP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2, configure the two ports as trunk ports, and assign them to VLANs 1 through 30, and configure them to trust the 802.1p precedence of the received packets. [DeviceB] interface gigabitethernet 1/0/1 [DeviceB-GigabitEthernet1/0/1] undo link-delay [DeviceB-GigabitEthernet1/0/1] undo stp enable...
Page 87 Device A, Device B, Device C and Device D form primary ring 1, and Device B, Device C and • Device E form subring 2. • Device A is the master node of primary ring 1, with GigabitEthernet 1/0/1 as the primary port and GigabitEthernet 1/0/2 the secondary port.
Page 88 [DeviceA] interface gigabitethernet 1/0/2 [DeviceA-GigabitEthernet1/0/2] undo link-delay [DeviceA-GigabitEthernet1/0/2] undo stp enable [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 1 to 30 [DeviceA-GigabitEthernet1/0/2] qos trust dot1p [DeviceA-GigabitEthernet1/0/2] quit # Create RRPP domain 1, configure VLAN 4092 as the primary control VLAN of RRPP domain 1, and configure the VLANs mapped to MSTI 1 as the protected VLANs of RRPP domain 1.
Page 89 [DeviceB-GigabitEthernet1/0/3] undo stp enable [DeviceB-GigabitEthernet1/0/3] port link-type trunk [DeviceB-GigabitEthernet1/0/3] port trunk permit vlan 1 to 30 [DeviceB-GigabitEthernet1/0/3] qos trust dot1p [DeviceB-GigabitEthernet1/0/3] quit # Create RRPP domain 1, configure VLAN 4092 as the primary control VLAN of RRPP domain 1, and configure the VLANs mapped to MSTI 1 as the protected VLANs of RRPP domain 1.
Page 90 [DeviceC-GigabitEthernet1/0/2] quit [DeviceC] interface gigabitethernet 1/0/3 [DeviceC-GigabitEthernet1/0/3] undo link-delay [DeviceC-GigabitEthernet1/0/3] undo stp enable [DeviceC-GigabitEthernet1/0/3] port link-type trunk [DeviceC-GigabitEthernet1/0/3] port trunk permit vlan 1 to 30 [DeviceC-GigabitEthernet1/0/3] qos trust dot1p [DeviceC-GigabitEthernet1/0/3] quit # Create RRPP domain 1, configure VLAN 4092 as the primary control VLAN of RRPP domain 1, and configure the VLANs mapped to MSTI 1 as the protected VLANs of RRPP domain 1.
Page 91 [DeviceD-GigabitEthernet1/0/2] port link-type trunk [DeviceD-GigabitEthernet1/0/2] port trunk permit vlan 1 to 30 [DeviceD-GigabitEthernet1/0/2] qos trust dot1p [DeviceD-GigabitEthernet1/0/2] quit # Create RRPP domain 1, configure VLAN 4092 as the primary control VLAN of RRPP domain 1, and configure the VLANs mapped to MSTI 1 as the protected VLANs of RRPP domain 1. [DeviceD] rrpp domain 1 [DeviceD-rrpp-domain1] control-vlan 4092 [DeviceD-rrpp-domain1] protected-vlan reference-instance 1...
Page 92: Intersecting-Ring Load Balancing Configuration Example
[DeviceE-rrpp-domain1] protected-vlan reference-instance 1 # Configure Device E as the master node of subring 2, with GigabitEthernet 1/0/1 as the primary port and GigabitEthernet 1/0/2 as the secondary port, and enable ring 2. [DeviceE-rrpp-domain1] ring 2 node-mode master primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 1 [DeviceE-rrpp-domain1] ring 2 enable [DeviceE-rrpp-domain1] quit...
Page 93 Figure 22 Network diagram for intersecting-ring load balancing configuration Configuration procedure Configuration on Device A # Create VLANs 10 and 20, map VLAN 10 to MSTI 1 and VLAN 20 to MSTI 2, and activate MST region configuration. <DeviceA> system-view [DeviceA] vlan 10 [DeviceA-vlan10] quit [DeviceA] vlan 20...
Page 94 [DeviceA-GigabitEthernet1/0/2] port link-type trunk [DeviceA-GigabitEthernet1/0/2] undo port trunk permit vlan 1 [DeviceA-GigabitEthernet1/0/2] port trunk permit vlan 10 20 [DeviceA-GigabitEthernet1/0/2] qos trust dot1p [DeviceA-GigabitEthernet1/0/2] quit # Create RRPP domain 1, configure VLAN 100 as the primary control VLAN of RRPP domain 1, and configure the VLAN mapped to MSTI 1 as the protected VLAN of RRPP domain 1.
Page 95 [DeviceB-GigabitEthernet1/0/1] undo link-delay [DeviceB-GigabitEthernet1/0/1] undo stp enable [DeviceB-GigabitEthernet1/0/1] port link-type trunk [DeviceB-GigabitEthernet1/0/1] undo port trunk permit vlan 1 [DeviceB-GigabitEthernet1/0/1] port trunk permit vlan 10 20 [DeviceB-GigabitEthernet1/0/1] qos trust dot1p [DeviceB-GigabitEthernet1/0/1] quit [DeviceB] interface gigabitethernet 1/0/2 [DeviceB-GigabitEthernet1/0/2] undo link-delay [DeviceB-GigabitEthernet1/0/2] undo stp enable [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] undo port trunk permit vlan 1 [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 10 20...
Page 96 # Configure Device B as the assistant-edge node of subring 3 in RRPP domain 1, with GigabitEthernet 1/0/4 as the edge port, and enable subring 3. [DeviceB-rrpp-domain1] ring 3 node-mode assistant-edge edge-port gigabitethernet 1/0/4 [DeviceB-rrpp-domain1] ring 3 enable [DeviceB-rrpp-domain1] quit # Create RRPP domain 2, configure VLAN 105 as the primary control VLAN of RRPP domain 2, and configure the VLAN mapped to MSTI 2 as the protected VLAN of RRPP domain 2.
Page 97 [DeviceC-GigabitEthernet1/0/2] undo link-delay [DeviceC-GigabitEthernet1/0/2] undo stp enable [DeviceC-GigabitEthernet1/0/2] port link-type trunk [DeviceC-GigabitEthernet1/0/2] undo port trunk permit vlan 1 [DeviceC-GigabitEthernet1/0/2] port trunk permit vlan 10 20 [DeviceC-GigabitEthernet1/0/2] qos trust dot1p [DeviceC-GigabitEthernet1/0/2] quit # Disable physical state change suppression and STP on GigabitEthernet 1/0/3, configure the port as a trunk port, remove it from VLAN 1, and assign it to VLAN 20, and configure it to trust the 802.1p precedence of the received packets.
Page 98 [DeviceC-rrpp-domain2] control-vlan 105 [DeviceC-rrpp-domain2] protected-vlan reference-instance 2 # Configure Device C as the transit node of primary ring 1 in RRPP domain 2, with GigabitEthernet 1/0/1 as the primary port and GigabitEthernet 1/0/2 as the secondary port, and enable ring 1. [DeviceC-rrpp-domain2] ring 1 node-mode transit primary-port gigabitethernet 1/0/1 secondary-port gigabitethernet 1/0/2 level 0 [DeviceC-rrpp-domain2] ring 1 enable...
Page 99 # Create RRPP domain 1, configure VLAN 100 as the primary control VLAN of RRPP domain 1, and configure the VLAN mapped to MSTI 1 as the protected VLAN of RRPP domain 1. [DeviceD] rrpp domain 1 [DeviceD-rrpp-domain1] control-vlan 100 [DeviceD-rrpp-domain1] protected-vlan reference-instance 1 # Configure Device D as the transit node of primary ring 1 in RRPP domain 1, with GigabitEthernet 1/0/1 as the primary port and GigabitEthernet 1/0/2 as the secondary port, and enable ring 1.
Page 100 [DeviceE-GigabitEthernet1/0/2] port link-type trunk [DeviceE-GigabitEthernet1/0/2] undo port trunk permit vlan 1 [DeviceE-GigabitEthernet1/0/2] port trunk permit vlan 20 [DeviceE-GigabitEthernet1/0/2] qos trust dot1p [DeviceE-GigabitEthernet1/0/2] quit # Create RRPP domain 2, configure VLAN 105 as the primary control VLAN, and configure the VLAN mapped to MSTI 2 as the protected VLAN.
Page 101: Fast Detection Configuration Example
# Create RRPP domain 1, configure VLAN 100 as the primary control VLAN, and configure the VLAN mapped to MSTI 1 as the protected VLAN. [DeviceF] rrpp domain 1 [DeviceF-rrpp-domain1] control-vlan 100 [DeviceF-rrpp-domain1] protected-vlan reference-instance 1 # Configure Device F as the master node of subring 3 in RRPP domain 1, with GigabitEthernet 1/0/1 as the primary port and GigabitEthernet 1/0/2 as the secondary port, and enable subring 3.
Page 102 Figure 23 Network diagram for fast detection configuration Configuration procedure Configuration on Device A # Disable physical state change suppression and STP on GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2, configure the two ports as trunk ports, and assign them to all VLANs, and configure them to trust the 802.1p precedence of the received packets.
Page 103 # Enable fast detection, and set the Fast-Hello timer and Fast-Fail timer to 100 milliseconds and 300 milliseconds respectively. The value of the Fast-Fail timer must be equal to or greater than three times the Fast-Hello timer. [DeviceA-rrpp-domain1] fast-detection enable [DeviceA-rrpp-domain1] timer fast-hello-timer 100 [DeviceA-rrpp-domain1] timer fast-fail-timer 300 [DeviceA-rrpp-domain1] quit...
Page 104: Troubleshooting
[DeviceD-GigabitEthernet1/0/2] port link-type trunk [DeviceD-GigabitEthernet1/0/2] port trunk permit vlan all [DeviceD-GigabitEthernet1/0/2] qos trust dot1p [DeviceD-GigabitEthernet1/0/2] quit # Create RRPP domain 1, configure VLAN 4092 as the primary VLAN of RPPP domain 1, and configure the VLANs mapped to MSTIs 0 through 32 as the protected VLANs of RRPP domain 1. [DeviceD] rrpp domain 1 [DeviceD-rrpp-domain1] control-vlan 4092 [DeviceD-rrpp-domain1] protected-vlan reference-instance 0 to 32...
Page 105: Smart Link Configuration
Smart Link configuration This chapter includes these sections: Smart Link overview • Configuring a smart link device • Configuring an associated device • Displaying and maintaining Smart Link • Smart Link configuration examples • Smart Link overview Background To avoid single-point failures and guarantee network reliability, downstream devices are usually dual uplinked to upstream devices.
Page 106: Terminology
The problem with STP, however, is that STP convergence time is long, which makes it not suitable for users who have high demand on convergence speed. RRPP can meet users’ demand on convergence speed, but it involves complicated networking and configurations and is mainly used in ring-shaped networks. NOTE: Layer 2—LAN Switching Configuration Guide For more information about STP and RRPP, see the...
Page 107: How Smart Link Works
messages in the receive control VLAN and refresh their MAC address forwarding entries and ARP/ND entries. Flush message Flush messages are used by a smart link group to notify other devices to refresh their MAC address forwarding entries and ARP/ND entries when link switchover occurs in the smart link group. Flush messages are common multicast data packets, and will be dropped by a blocked receiving port.
Page 108: Smart Link Collaboration Mechanisms
You can configure protected VLANs for a smart link group by referencing MSTIs. Smart Link collaboration mechanisms Collaboration between Smart Link and Monitor Link Smart Link cannot sense by itself when faults occur on the uplink of the upstream devices, or when faults are cleared.
Page 109: Configuring A Smart Link Device
NOTE: A smart link device is a network device that supports Smart Link and is configured with a smart link • group and a transmit control VLAN for flush message transmission. Device C and Device D in Figure 24 are two examples of smart link devices. An associated device is a network device that supports Smart Link, and receives flush messages sent •...
Page 110: Configuring Role Preemption For A Smart Link Group
To do… Use the command… Remarks Enter system view system-view — Create a smart link group and smart-link group group-id — enter smart link group view Configure member ports for a port interface-type Required smart link group interface-number { master | slave } In port view Follow these steps to configure member ports for a smart link group in port view: To do…...
Page 111: Configuring The Collaboration Between Smart Link And Cc Of Cfd
To do… Use the command… Remarks Optional Enable flush update in the flush enable [ control-vlan vlan-id ] By default, flush update is enabled, specified control VLAN and VLAN 1 is the control VLAN. CAUTION: The control VLAN configured for a smart link group must be different from that configured for any other •...
Page 112: Displaying And Maintaining Smart Link
To do… Use the command… Remarks Enter system view system-view — Enter Ethernet port view or Layer 2 interface interface-type — aggregate port view interface-number Required Configure the control VLANs for smart-link flush enable By default, no control VLAN exists receiving flush messages [ control-vlan vlan-id-list ] for receiving flush messages.
Page 113 Figure 25 Network diagram for single smart link group configuration Device A Device B Device E GE1/0/3 GE1/0/3 Master link Slave link Smart link group GE1/0/1 GE1/0/1 GE1/0/2 GE1/0/2 Device C Device D Configuration procedure Configuration on Device C # Create VLANs 1 through 30, map these VLANs to MSTI 1, and activate the MST region configuration. <DeviceC>...
Page 114 # In smart link group 1, enable flush message sending, and specify VLAN 10 as the control VLAN. [DeviceC-smlk-group1] flush enable control-vlan 10 [DeviceC-smlk-group1] quit # Bring up ports GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2. [DeviceC] interface gigabitethernet1/0/1 [DeviceC-GigabitEthernet1/0/1] undo shutdown [DeviceC-GigabitEthernet1/0/1] quit [DeviceC] interface gigabitethernet 1/0/2 [DeviceC-GigabitEthernet1/0/2] undo shutdown...
Page 115 [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] undo shutdown [DeviceD-GigabitEthernet1/0/2] quit Configuration on Device B # Create VLANs 1 through 30. <DeviceB> system-view [DeviceB] vlan 1 to 30 # Configure GigabitEthernet 1/0/1, GigabitEthernet 1/0/2, and GigabitEthernet 1/0/3 as trunk ports that permit VLANs 1 through 30, enable flush message receiving on them, and specify VLAN 10 and VLAN 20 as the control VLANs for receiving flush messages.
Page 116: Multiple Smart Link Groups Load Sharing Configuration Example
Configuration on Device A # Create VLANs 1 through 30. <DeviceA> system-view [DeviceA] vlan 1 to 30 # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports that permit VLANs 1 through 30, enable flush message receiving on them, and specify VLAN 10 and VLAN 20 as the control VLANs for receiving flush messages.
Page 117 Device C is a smart link device, and Device A, Device B, and Device D are associated devices. • Traffic of VLANs 1 through 200 on Device C are dually uplinked to Device A by Device B and Device D. •...
Page 118 # Create smart link group 1, and configure all VLANs mapped to MSTI 1 as the protected VLANs for smart link group 1. [DeviceC] smart-link group 1 [DeviceC-smlk-group1] protected-vlan reference-instance 1 # Configure GigabitEthernet 1/0/1 as the master port and GigabitEthernet 1/0/2 as the slave port for smart link group 1.
Page 119 [DeviceB-GigabitEthernet1/0/2] port link-type trunk [DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 1 to 200 [DeviceB-GigabitEthernet1/0/2] smart-link flush enable control-vlan 10 101 [DeviceB-GigabitEthernet1/0/2] quit Configuration on Device D # Create VLAN 1 through VLAN 200. <DeviceD> system-view [DeviceD] vlan 1 to 200 # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports and assign them to VLANs 1 through 200;...
Page 120 Preemption mode: ROLE Control VLAN: 10 Protected VLAN: Reference Instance 1 Member Role State Flush-count Last-flush-time ----------------------------------------------------------------------------- GigabitEthernet1/0/1 MASTER ACTVIE 16:37:20 2010/02/21 GigabitEthernet1/0/2 SLAVE STANDBY 17:45:20 2010/02/21 Smart link group 2 information: Device ID: 000f-e23d-5af0 Preemption mode: ROLE Preemption delay: 1(s) Control VLAN: 101 Protected VLAN: Reference Instance 2 Member...
Page 121: Monitor Link Configuration
Monitor Link configuration This chapter includes these sections: Overview • Configuring Monitor Link • Displaying and maintaining Monitor Link • Monitor Link configuration example • Overview Monitor Link is a port collaboration function. Monitor Link usually works together with Layer 2 topology protocols.
Page 122: How Monitor Link Works
When any uplink port goes up, the monitor link group goes up and brings up all its downlink ports. CAUTION: H3C does not recommend to manually shut down or bring up the downlink ports in a monitor link group. Configuring Monitor Link Configuration prerequisites Before assigning a port to a monitor link group, make sure the port is not the member port of any aggregation group or service loopback group.
Page 123: Displaying And Maintaining Monitor Link
To do… Use the command… Remarks Enter system view system-view — Enter monitor link group view monitor-link group group-id — Configure member ports for the monitor link port interface-type interface-number Required group { uplink | downlink } In port view Follow these steps to configure member ports for a monitor link group in port view: To do…...
Page 124 Figure 28 Network diagram for monitor link configuration Device A Device B Device D Device C Configuration procedure Configuration on Device C # Create VLANs 1 through 30, map these VLANs to MSTI 1, and activate MST region configuration. <DeviceC> system-view [DeviceC] vlan 1 to 30 [DeviceC] stp region-configuration [DeviceC-mst-region] instance 1 vlan 1 to 30...
Page 125 # Create VLANs 1 through 30. <DeviceA> system-view [DeviceA] vlan 1 to 30 # Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk ports, assign them to VLANs 1 through 30, and enable flush message receiving on them. [DeviceA] interface gigabitethernet 1/0/1 [DeviceA-GigabitEthernet1/0/1] port link-type trunk [DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 1 to 30 [DeviceA-GigabitEthernet1/0/1] smart-link flush enable...
Page 126 [DeviceD-GigabitEthernet1/0/1] smart-link flush enable [DeviceD-GigabitEthernet1/0/1] quit [DeviceD] interface gigabitethernet 1/0/2 [DeviceD-GigabitEthernet1/0/2] port link-type trunk [DeviceD-GigabitEthernet1/0/2] port trunk permit vlan 1 to 30 [DeviceD-GigabitEthernet1/0/2] smart-link flush enable [DeviceD-GigabitEthernet1/0/2] quit # Create monitor link group 1, and then configure GigabitEthernet 1/0/1 as an uplink port and GigabitEthernet 1/0/2 as a downlink port for monitor link group 1.
Page 127: Vrrp Configuration
VRRP configuration This chapter includes these sections: VRRP overview • VRRP standard protocol mode • VRRP load balancing mode • Configuring VRRP for IPv4 • Configuring VRRP for IPv6 • • IPv4-based VRRP configuration examples IPv6-based VRRP configuration examples • Troubleshooting VRRP •...
Page 128: Vrrp Standard Protocol Mode
Configuring a default route for network hosts facilitates your configuration, but also requires high performance stability of the device that acts as the gateway. Using more egress gateways is a common way to improve system reliability, but introduces the problem of routing among the egresses. Virtual Router Redundancy Protocol (VRRP) is designed to address this problem.
Page 129 Figure 30 Network diagram for VRRP Virtual router Router A Host A Router B Network Host B Router C Host C As shown in 30, Router A, Router B, and Router C form a virtual router, which has its own IP Figure address.
Page 130: Vrrp Timers
Authentication mode To avoid attacks from unauthorized users, VRRP adds authentication keys into packets for authentication. VRRP provides two authentication modes: • simple—Simple text authentication A router sending a packet fills an authentication key into the packet, and the router receiving the packet compares its local authentication key with that of the received packet.
Page 131 Figure 31 Format of a VRRPv2 packet Figure 32 Format of a VRRPv3 packet Version Type Virtual Rtr ID Priority Count IPv6 Addrs Auth Type Adver Int Checksum IPv6 address 1 IPv6 address n Authentication data 1 Authentication data 2 A VRRP packet comprises the following fields: •...
Page 132: Principles Of Vrrp
IP Address/IPv6 Address—Virtual IPv4 or IPv6 address entry of the VRRP group. The Count IP Addrs • or Count IPv6 Addrs field defines the number of the virtual IP v4 or IPv6 addresses. • Authentication Data—Authentication key. This field is used only for simple authentication and is 0 for any other authentication modes.
Page 133: Vrrp Application
Tracking a track entry By monitoring a track entry, you can: • Monitor an uplink and change the priority of the router according to the state of the uplink. If the uplink fails, hosts in the LAN cannot access external networks through the router. In this case, the state of the monitored track entry is negative and the priority of the router decreases by a specified value.
Page 134: Vrrp Load Balancing Mode
Figure 34 VRRP in load sharing mode VRRP group 1 VRRP group 2 VRRP group 3 Router A Backup Master Backup Host A Router B Backup Backup Master Network Host B Router C Master Backup Backup Host C A router can be in multiple VRRP groups and hold a different priority in a different group. As shown in 34, three VRRP groups are present: Figure...
Page 135: Assigning Virtual Mac Addresses
NOTE: VRRP load balancing mode is based on VRRP standard protocol mode, so mechanisms, such as master election, preemption, and tracking functions, in the standard protocol mode are also supported in the load balancing mode. In addition, VRRP load balancing mode has new mechanisms, which are introduced in the following sections.
Page 136 Figure 36 Answer ARP requests Different hosts send packets to different routers according to the requested virtual MAC addresses. For example, as shown in 37, Host A regards the virtual MAC address of Router A as the Figure gateway MAC address, so it sends packets to Router A for forwarding; Host B regards the virtual MAC address of Router B as the gateway MAC address, so it sends packets to Router B for forwarding.
Page 137: Virtual Forwarder
Virtual forwarder Creating a virtual forwarder Virtual MAC addresses help different hosts transmit packets to different routers in a VRRP group. To enable the routers in the VRRP group to forward the packets, create virtual forwarders (VFs) on the routers. Each VF associates with a virtual MAC address in the VRRP group and forwards packets destined to this virtual MAC address.
Page 138 Figure 38 VF information Figure 38 illustrates the VF information on each router in the VRRP group and how the routers back up one another. The master, Router A, assigns virtual MAC addresses 000f-e2ff-001 1, 000f-e2ff-0012, and 000f-e2ff-0013 to itself, Router B, and Router C respectively. The VFs corresponding to these three virtual MAC addresses, VF 1, VF 2, and VF 3, are created on each of the three routers, and the VFs corresponding to the same virtual MAC address on different routers back up one another.
Page 139: Packet Types
Timeout Timer—The duration that the new AVF takes over the VF owner. Before this timer times out, • all the routers in the VRRP group keep the failed AVF, and the new AVF forwards the packets destined for the virtual MAC address corresponding to the failed AVF. When this timer times out, all the routers in the VRRP group remove the failed AVF, and the new AVF stops forwarding the packets destined for the virtual MAC address corresponding to the failed AVF.
Page 140: Configuring A Vrrp Working Mode
Task Remarks Optional When VRRP works in load Specifying the type of MAC addresses mapped to virtual IP addresses balancing mode, this configuration is not effective. Creating a VRRP group and configuring virtual IP address Required Configuring router priority, preemptive mode and tracking function Optional Optional The VF tracking function is...
Page 141: Creating A Vrrp Group And Configuring Virtual Ip Address
If you specify another virtual IP address for the VRRP group later, the virtual IP address is added to the virtual IP address list of the VRRP group. NOTE: H3C does not recommend you to create VRRP groups on the VLAN interface of a super VLAN because network performance might be adversely affected. Configuration prerequisites...
Page 142: Configuring Router Priority, Preemptive Mode And Tracking Function
IP address on the segment where the VRRP group resides or the IP address of an interface on a router in the VRRP group. In the latter case, the router is called the IP address owner. When a router is the IP address owner in a VRRP group, H3C recommends you not to use the IP address •...
Page 143: Configuring Vf Tracking
To do… Use the command… Remarks Enter system view system-view — Enter VLAN interface view or Layer interface interface-type — 3 Ethernet interface view interface-number Optional Configure router priority in the vrrp vrid virtual-router-id priority VRRP group priority-value 100 by default. Optional Configure the router in the VRRP vrrp vrid virtual-router-id...
Page 144: Configuring Vrrp Packet Attributes
To do… Use the command… Remarks Enter the specified VLAN interface interface interface-type view or Layer 3 Ethernet interface — interface-number view Configure the VF to monitor a Required vrrp vrid virtual-router-id weight specified track entry and specify track track-entry-number [ reduced No track entry is specified by the amount by which the weight weight-reduced ]...
Page 145: Enabling The Trap Function For Vrrp
NOTE: You might configure different authentication modes and authentication keys for the VRRP groups on an • interface. However, members of the same VRRP group must use the same authentication mode and authentication key. Excessive traffic might cause a backup to trigger a change of its status because the backup does not •...
Page 146: Configuring Vrrp For Ipv6
Configuring VRRP for IPv6 VRRP for IPv6 configuration task list Complete these tasks to configure VRRP for IPv6: Task Remarks Configuring a VRRP working mode Optional Optional Specifying the type of MAC addresses mapped to virtual When VRRP works in load balancing mode, this IPv6 addresses configuration is not effective.
Page 147: Creating A Vrrp Group And Configuring A Virtual Ipv6 Address
If you specify another virtual IPv6 address for the VRRP group later, the virtual IPv6 address is added to the virtual IPv6 address list of the VRRP group. NOTE: H3C does not recommend you to create VRRP groups on the VLAN interface of a super VLAN because, network performance might be adversely affected. Configuration prerequisites...
Page 148: Configuring Router Priority, Preemptive Mode And Tracking Function
IPv6 address of a VRRP group. NOTE: When a router is the IP address owner in a VRRP group, H3C recommends you not to use the IPv6 • address of the interface—virtual IPv6 address of the VRRP group—to establish an OSPFv3 neighbor relationship with the adjacent router, that is, not to use the ospfv3 area command to enable OSPFv3 on Layer 3—IP Routing...
Page 149: Configuring Vf Tracking
To do… Use the command… Remarks vrrp ipv6 vrid virtual-router-id track Optional Configure the interface to be interface interface-type No interface is being tracked by tracked interface-number [ reduced default. priority-reduced ] vrrp ipv6 vrid virtual-router-id track Optional Configure VRRP to track a track-entry-number [ reduced specified track entry Not configured by default.
Page 150: Configuring Vrrp Packet Attributes
NOTE: You can configure the VF tracking function when VRRP works in either standard protocol mode or load • balancing mode; however, the VF tracking function is effective only when VRRP works in load balancing mode. By default, the weight of a VF is 255, and its lower limit of failure is 10. •...
Page 151: Displaying And Maintaining Vrrp For Ipv6
Displaying and maintaining VRRP for IPv6 To do… Use the command… Remarks display vrrp ipv6 [ verbose ] [ interface interface-type interface-number [ vrid Display VRRP group status Available in any view virtual-router-id ] ] [ | { begin | exclude | include } regular-expression ] display vrrp ipv6 statistics [ interface interface-type Display VRRP group statistics...
Page 152 Configuration procedure Configure Switch A # Configure VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 # Create VRRP group 1 and set its virtual IP address to 202.38.160.1 1 1. [SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Set the priority of Switch A in VRRP group 1 to 1 10, which is higher than that of Switch B, so that Switch A can become the master.
Page 153 Virtual IP : 202.38.160.111 Virtual MAC : 0000-5e00-0101 Master IP : 202.38.160.1 # Display the detailed information of VRRP group 1 on Switch B. [SwitchB-Vlan-interface2] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2 VRID...
Page 154: Vrrp Interface Tracking Configuration Example
VRID Adver Timer Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time Auth Type : None Virtual IP : 202.38.160.111 Virtual MAC : 0000-5e00-0101 Master IP : 202.38.160.1 The output shows that after Switch A resumes normal operation, it becomes the master, and packets sent from host A to host B are forwarded by Switch A.
Page 155 [SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 # Create a VRRP group 1 and set its virtual IP address to 202.38.160.1 1 1. [SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 # Configure the priority of Switch A in the VRRP group to 1 10, which is higher than that of Switch B, so that Switch A can become the master.
Page 156 Interface Vlan-interface2 VRID Adver Timer Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time Auth Type : Simple : hello Virtual IP : 202.38.160.111 Virtual MAC : 0000-5e00-0101 Master IP : 202.38.160.1 VRRP Track Information:...
Page 157: Vrrp With Multiple Vlans Configuration Example
# When VLAN-interface 3 on Switch A is not available, the detailed information of VRRP group 1 on Switch B is displayed. [SwitchB-Vlan-interface2] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2 VRID Adver Timer...
Page 158 Configuration procedure Configure Switch A # Configure VLAN 2. <SwitchA> system-view [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.128 # Create a VRRP group 1 and set its virtual IP address to 202.38.160.100. [SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.100 # Configure the priority of Switch A in VRRP group 1 as 1 10, which is higher than that of Switch B, so that Switch A can become the master in VRRP group 1.
Page 159 [SwitchB-Vlan-interface3] vrrp vrid 2 priority 110 Verify the configuration To verify your configuration, use the display vrrp verbose command. # Display the detailed information of the VRRP group on Switch A. [SwitchA-Vlan-interface3] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC...
Page 160: Vrrp Load Balancing Mode Configuration Example
Virtual MAC : 0000-5e00-0102 Master IP : 202.38.160.131 The output shows that in VRRP group 1 Switch A is the master, Switch B is the backup and hosts with the default gateway of 202.38.160.100/25 accesses the Internet through Switch A; in VRRP group 2 Switch A is the backup, Switch B is the master and hosts with the default gateway of 202.38.160.200/25 accesses the Internet through Switch B.
Page 161 [SwitchA-vlan2] port gigabitethernet 1/0/5 [SwitchA-vlan2] quit # Configure VRRP to work in load balancing mode. [SwitchA] vrrp mode load-balance # Create VRRP group 1 and configure its virtual IP address as 10.1.1.1. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.2 24 [SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.1 # Set the priority of Switch A in VRRP group 1 to 120, which is higher than that of Switch B and that of Switch C, so that Switch A can become the master.
Page 162 # Configure the VFs to monitor track entry 1, making the weight of Switch B decrease by more than 245—250 in this example—when track entry 1 turns to negative. In such a case, another router with a higher weight can take over. [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] vrrp vrid 1 weight track 1 reduced 250 Configure Switch C...
Page 163 10.1.1.3 (Backup) 10.1.1.4 (Backup) Forwarder Information: 3 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 01 State : Active Virtual MAC : 000f-e2ff-0011 (Owner) Owner ID : 0000-5e01-1101 Priority : 255 Active : local Forwarder 02 State : Listening Virtual MAC...
Page 164 Priority : 127 Active : 10.1.1.2 Forwarder 02 State : Active Virtual MAC : 000f-e2ff-0012 (Owner) Owner ID : 0000-5e01-1103 Priority : 255 Active : local Forwarder 03 State : Listening Virtual MAC : 000f-e2ff-0013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 127 Active...
Page 165 State : Active Virtual MAC : 000f-e2ff-0013 (Owner) Owner ID : 0000-5e01-1105 Priority : 255 Active : local Forwarder Weight Track Information: Track Object State : Positive Weight Reduced : 250 The output shows that in VRRP group 1, Switch A is the master and Switch B and Switch C are the backups. Each of the three switches has one AVF and two LVFs that act as the backups.
Page 166 Track Object State : Negative Weight Reduced : 250 # Use the display vrrp verbose command to display the detailed information of VRRP group 1 on Switch [SwitchC-Vlan-interface2] display vrrp verbose IPv4 Standby Information: Run Mode : Load Balance Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2...
Page 167 # When the timeout timer—about 1800 seconds—expires, display the detailed information of VRRP group 1 on Switch C. [SwitchC-Vlan-interface2] display vrrp verbose IPv4 Standby Information: Run Mode : Load Balance Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2 VRID Adver Timer...
Page 168: Ipv6-Based Vrrp Configuration Examples
Auth Type : None Virtual IP : 10.1.1.1 Member IP List : 10.1.1.3 (Local, Master) 10.1.1.4 (Backup) Forwarder Information: 2 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 02 State : Active Virtual MAC : 000f-e2ff-0012 (Owner) Owner ID : 0000-5e01-1103 Priority...
Page 169 Figure 43 Network diagram for single VRRP group configuration Configuration procedure Configure Switch A # Configure VLAN 2. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local [SwitchA-Vlan-interface2] ipv6 address 1::1 64 # Create a VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10.
Page 170 [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ipv6 address fe80::2 link-local [SwitchB-Vlan-interface2] ipv6 address 1::2 64 # Create a VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10. [SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10 # Configure Switch B to work in preemptive mode, with the preemption delay set to 5 seconds.
Page 171: Vrrp Interface Tracking Configuration Example
When Switch A fails, you can still ping Host B on Host A. To view the detailed information of the VRRP group on Switch B, use the display vrrp ipv6 verbose command. # When Switch A fails, the detailed information of VRRP group 1 on Switch B is displayed. [SwitchB-Vlan-interface2] display vrrp ipv6 verbose IPv6 Standby Information: Run Mode...
Page 172 When Switch A operates normally, packets sent from Host A to Host B are forwarded by Switch A. • If VLAN-interface 3 through which Switch A connects to the Internet is not available, packets sent from Host A to Host B are forwarded by Switch B. •...
Page 173 [SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5 # Set VLAN-interface 3 on Switch A to be tracked, and configure the amount by which the priority value decreases to be more than 10—30 in this example, so that when VLAN interface 3 fails, the priority of Switch A in VRRP group 1 decreases to a value lower than 100, so Switch B can become the master.
Page 174 Virtual IP : FE80::10 1::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::1 VRRP Track Information: Track Interface: Vlan3 State : Up Pri Reduced : 30 # Display the detailed information of VRRP group 1 on Switch B. [SwitchB-Vlan-interface2] display vrrp ipv6 verbose IPv6 Standby Information: Run Mode : Standard...
Page 175: Vrrp With Multiple Vlans Configuration Example
Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2 VRID Adver Timer : 400 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time Auth Type...
Page 176 Configuration procedure Configure Switch A # Configure VLAN 2. <SwitchA> system-view [SwitchA] ipv6 [SwitchA] vlan 2 [SwitchA-vlan2] port gigabitethernet 1/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local [SwitchA-Vlan-interface2] ipv6 address 1::1 64 # Create VRRP group 1 and set its virtual IPv6 addresses to FE80::10 to 1::10. [SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [SwitchA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10 # Set the priority of Switch A in VRRP group 1 to 1 10, which is higher than that of Switch B, so that Switch...
Page 177 # Enable Switch B to send RA messages, so that hosts in VLAN 2 can learn the default gateway address. [SwitchB-Vlan-interface2] undo ipv6 nd ra halt [SwitchB-Vlan-interface2] quit # Configure VLAN 3. [SwitchB] vlan 3 [SwitchB-vlan3] port gigabitethernet 1/0/6 [SwitchB-vlan3] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] ipv6 address fe90::2 link-local [SwitchB-Vlan-interface3] ipv6 address 2::2 64...
Page 178: Vrrp Load Balancing Mode Configuration Example
# Display the detailed information of the VRRP group on Switch B. [SwitchB-Vlan-interface3] display vrrp ipv6 verbose IPv6 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 2 Interface Vlan-interface2 VRID Adver Timer : 100 Admin Status : Up...
Page 179 Figure 46 Network diagram for VRRP load balancing mode Network Switch A Switch B Switch C Vlan-int3 Vlan-int3 Vlan-int3 Backup Master Backup AVF 3 AVF 1 AVF 2 Vlan-int2 Vlan-int2 Vlan-int2 IP: FE80::1; 1::1/64 IP: FE80::2; 1::2/64 IP: FE80::3; 1::3/64 VIP: FE80::10;...
Page 180 [SwitchA-Vlan-interface2] undo ipv6 nd ra halt [SwitchA-Vlan-interface2] quit # Create track entry 1 to associate with the physical status of VLAN-interface 3 on Switch A. When the track entry becomes negative, it means that the interface fails. [SwitchA] track 1 interface vlan-interface 3 # Configure the VFs to monitor track entry 1, making the weight of Switch A decrease by more than 245—250 in this example—when track entry 1 turns to negative.
Page 181 [SwitchC] vlan 2 [SwitchC-vlan2] port gigabitethernet 1/0/5 [SwitchC-vlan2] quit # Configure VRRP to work in load balancing mode. [SwitchC] vrrp mode load-balance # Create VRRP group 1 and configure its virtual IPv6 addresses as FE80::10 and 1::10. [SwitchC] interface vlan-interface 2 [SwitchC-Vlan-interface2] ipv6 address fe80::3 link-local [SwitchC-Vlan-interface2] ipv6 address 1::3 64 [SwitchC-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local...
Page 182 Config Weight : 255 Running Weight : 255 Forwarder 01 State : Active Virtual MAC : 000f-e2ff-4011 (Owner) Owner ID : 0000-5e01-1101 Priority : 255 Active : local Forwarder 02 State : Listening Virtual MAC : 000f-e2ff-4012 (Learnt) Owner ID : 0000-5e01-1103 Priority : 127...
Page 183 Forwarder 02 State : Active Virtual MAC : 000f-e2ff-4012 (Owner) Owner ID : 0000-5e01-1103 Priority : 255 Active : local Forwarder 03 State : Listening Virtual MAC : 000f-e2ff-4013 (Learnt) Owner ID : 0000-5e01-1105 Priority : 127 Active : FE80::3 Forwarder Weight Track Information: Track Object State : Positive...
Page 184 Virtual MAC : 000f-e2ff-4013 (Owner) Owner ID : 0000-5e01-1105 Priority : 255 Active : local Forwarder Weight Track Information: Track Object State : Positive Weight Reduced : 250 The output shows that in VRRP group 1, Switch A is the master and Switch B and Switch C are the backups. Each of the three switches has one AVF and two LVFs acting as the backups.
Page 185 Track Object State : Negative Weight Reduced : 250 # Use the display vrrp ipv6 verbose command to display the detailed information of VRRP group 1 on Switch C. [SwitchC-Vlan-interface2] display vrrp ipv6 verbose IPv6 Standby Information: Run Mode : Load Balance Run Method : Virtual MAC Total number of virtual routers : 1...
Page 186 # When the timeout timer—about 1800 seconds—expires, display the detailed information of VRRP group 1 on Switch C. [SwitchC-Vlan-interface2] display vrrp ipv6 verbose IPv6 Standby Information: Run Mode : Load Balance Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2 VRID Adver Timer...
Page 187: Troubleshooting Vrrp
Preempt Mode : Yes Delay Time Auth Type : None Virtual IP : FE80::10 1::10 Member IP List : FE80::2 (Local, Master) FE80::3 (Backup) Forwarder Information: 2 Forwarders 1 Active Config Weight : 255 Running Weight : 255 Forwarder 02 State : Active Virtual MAC...
Page 188 If the ping succeeds, check that their configurations are consistent in terms of number of virtual IP • addresses, virtual IP addresses, advertisement interval, and authentication. Frequent VRRP state transition. Analysis: The VRRP advertisement interval is set too short. Solution: Increase the interval to send VRRP advertisement or introduce a preemption delay.
Page 189: Stateful Failover Configuration
Stateful failover configuration This chapter includes these sections: Overview • Introduction to stateful failover configuration • Enabling stateful failover • Configuring the backup VLAN • Displaying and maintaining stateful failover • • Stateful failover configuration example Configuration guidelines • Overview Introduction to stateful failover Some customers require the key entries or access points of their networks, such as the Internet access point of an enterprise or a database server of a bank, to be highly reliable to ensure continuous data...
Page 190: Introduction To Stateful Failover States
If one device fails, the other device can take over the services by using VRRP or a dynamic routing protocol (such as OSPF) to avoid service interruption. In this document, the stateful failover feature supports backing up portal, and DHCP services. Figure 48 Network diagram for stateful failover Introduction to stateful failover states The stateful failover states include:...
Page 191: Introduction To Stateful Failover Configuration
Introduction to stateful failover configuration To implement stateful failover on two devices, you need to perform the following configurations: Routing configuration. Configure VRRP or a dynamic routing protocol on the devices and the • uplink/downlink devices to ensure that the traffic can automatically switch to the other device when a device fails.
Page 192: Configuring The Backup Vlan
Configuring the backup VLAN After you specify a VLAN as a backup VLAN, the interfaces added to the VLAN can serve as stateful failover interfaces to transmit stateful failover packets. Follow these steps to configure a backup VLAN: To do… Use the command…...
Page 193 Figure 50 Network diagram for stateful failover Configuration procedure Configure Device A. # Create VLAN 100. <DeviceA> system-view [DeviceA] vlan 100 # Assign GigabitEthernet 1/0/1 to VLAN 100. [DeviceA-vlan100] port gigabitethernet 1/0/1 [DeviceA-vlan100] quit # Specify VLAN 100 as a backup VLAN. [DeviceA] dhbk vlan 100 # Enable symmetric-path mode stateful failover.
Page 194: Configuration Guidelines
The configurations on Device D are similar to those on Device A (omitted). Configuration guidelines Stateful failover can be implemented only between two devices rather than among more than two • devices. The same numbered interfaces must exist on the two devices. Otherwise, session backup fails. For •...
Page 195: Bfd Configuration
BFD configuration This chapter includes these sections: Introduction to BFD • Configuring BFD basic functions • Enabling trap • Displaying and maintaining BFD • NOTE: The term router or router icon in this document refers to both routers and Layer 3 switches. Introduction to BFD Devices must quickly detect communication failures so that measures can be taken in time to ensure service continuity and enhance network availability.
Page 196 Operation of BFD Figure 51 BFD session establishment (on OSPF routers) BFD session establishment: A protocol sends Hello messages to discover neighbors and establish neighborships. After establishing neighborships, the protocol notifies BFD of the neighbor information, including destination and source addresses. BFD uses the information to establish BFD sessions.
Page 197: Bfd Packet Format
BFD detection methods Single-hop detection: Detects the IP connectivity between two directly connected systems. • • Multi-hop detection: Detects any of the paths between two systems. These paths have multiple hops and may be overlapped. Bidirectional detection: Sends detection packets at two sides of a bidirectional link to detect the •...
Page 198 echo packets have a format similar to the format of BFD control packets (except that the Desired Min TX Interval and Required Min RX Interval fields are null) with UDP port number 3785. Figure 2 illustrates the packet format. Figure 1 BFD packet format Vers: Protocol version.
Page 199: Supported Features
Demand (D): If set, Demand mode is active in the transmitting system (the system wishes to operate • in Demand mode, knows that the session is up in both directions, and is directing the remote system to cease the periodic transmission of BFD Control packets). If clear, Demand mode is not active in the transmitting system.
Page 200: Configuring Bfd Basic Functions
draft-ietf-bfd-multihop-08, BFD for Multihop Paths • • draft-ietf-bfd-generic-05, Generic Application of BFD Configuring BFD basic functions The BFD basic function configuration is the basis for configuring BFD for other protocols. Configuration prerequisites Before configuring BFD basic functions, complete the following tasks: •...
Page 201: Enabling Trap
To do… Use the command… Remarks Optional For relevant information, see the Configure the minimum interval for description of the Required Min RX bfd min-receive-interval value receiving BFD control packets Interval field in “BFD packet format.” The value defaults to 400. Optional For relevant information, see the Configure the detection time...
Page 202: Displaying And Maintaining Bfd
NOTE: For the description of the snmp-agent trap enable bfd command, see the snmp-agent trap enable • Network Management and Monitoring Command Reference command ( Network Management and Monitoring Configuration For the information center configuration, see the • Guide Displaying and maintaining BFD To do…...
Page 203: Track Configuration
Track configuration This chapter includes these sections: Track overview • Track configuration task list • Associating the track module with a detection module • Associating the track module with an application module • Displaying and maintaining track entries • • Track configuration examples Track overview Introduction to collaboration...
Page 204: Collaboration Application Example
If the tracked object functions normally, for example, the target interface is up or the target network • is reachable, the state of the track entry is Positive. • If the tracked object functions abnormally, for example, the target interface is down or the target network is unreachable, the state of the track entry is Negative.
Page 205: Associating The Track Module With A Detection Module
Complete these tasks to configure the track module: Task Remarks Associating track with NQA Required Associating the track module Associating track with BFD with a detection module Use any of the approaches. Associating track with interface management Associating track with VRRP Required Associating the track module Associating track with static routing...
Page 206: Associating Track With Bfd
Associating track with BFD BFD supports the control packet mode and echo mode. Only echo-mode BFD can be associated with a track entry. When associated with a track entry, the BFD functions as follows: If BFD detects the link fails, it informs the track entry of the link failure. The track module then sets the •...
Page 207: Associating The Track Module With An Application Module
To do… Use the command… Remarks Create a track entry, associate it with the interface management module to track track-entry-number interface monitor the physical status of an interface-type interface-number [ delay interface, and specify the delay time { negative negative-time | positive for the track module to notify the positive-time } * ] Required...
Page 208 To do… Use the command… Remarks Enter system view system-view — interface interface-type Enter interface view — interface-number Required Create a VRRP group and vrrp vrid virtual-router-id virtual-ip No VRRP group is created by configure its virtual IP address virtual-address default.
Page 209: Associating Track With Static Routing
Associating track with static routing A static route is a manually configured route. With a static route configured, packets to the specified destination are forwarded through the path specified by the administrator. The disadvantage of using static routes is that they cannot adapt to network topology changes. Faults or topological changes in the network can make the routes unreachable, causing network breaks.
Page 210: Associating Track With Pbr
Associating track with PBR Policy-based routing (PBR) is a routing mechanism based on user-defined policies. Different from the traditional destination-based routing mechanism, PBR enables you to use a policy (based on the source address, and other criteria) to route packets. PBR cannot detect the availability of any action taken on packets.
Page 211: Displaying And Maintaining Track Entries
Displaying and maintaining track entries To do… Use the command… Remarks display track { track-entry-number | Display information about the all } [ | { begin | exclude | Available in any view specified or all track entries include } regular-expression ] Track configuration examples VRRP-track-NQA collaboration configuration example (the master monitors the uplink)
Page 212 # Configure the test type as ICMP-echo. [SwitchA-nqa-admin-test] type icmp-echo # Configure the destination address as 10.1.2.2. [SwitchA-nqa-admin-test-icmp-echo] destination ip 10.1.2.2 # Set the test frequency to 100 ms. [SwitchA-nqa-admin-test-icmp-echo] frequency 100 # Configure reaction entry 1, specifying that five consecutive probe failures trigger the track-NQA collaboration.
Page 213 Verify the configuration After configuration, ping Host B on Host A, and you can see that Host B is reachable. Use the display vrrp command to view the configuration result. # Display detailed information about VRRP group 1 on Switch A. [SwitchA-Vlan-interface2] display vrrp verbose IPv4 Standby Information: Run Mode...
Page 214: Configuring Bfd For A Vrrp Backup To Monitor The Master
Admin Status : Up State : Backup Config Pri : 110 Running Pri : 80 Preempt Mode : Yes Delay Time Auth Type : Simple : hello Virtual IP : 10.1.1.10 Master IP : 10.1.1.2 VRRP Track Information: Track Object State : Negative Pri Reduced : 30 # Display detailed information about VRRP group 1 on Switch B when there is a fault on the link between...
Page 215 Figure 55 Network diagram for monitoring the master on the backup Internet Virtual router Switch A Switch B Virtual IP address: Master Backup 192.168.0.10 Vlan-int2 Vlan-int2 192.168.0.101/24 192.168.0.102/24 L2 switch BFD probe packets VRRP packets Configuration procedure Create VLANs, and assign ports to the VLANs, and configure the IP address of each VLAN interface as shown in Figure 55.
Page 216 [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchB-Vlan-interface2] vrrp vrid 1 track 1 switchover [SwitchB-Vlan-interface2] return Verify the configuration # Display the detailed information of VRRP group 1 on Switch A. <SwitchA> display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method...
Page 217: Configuring Bfd For The Vrrp Master To Monitor The Uplinks
Local IP : 192.168.0.102 The output shows that when the status of the track entry becomes Positive, Switch A is the master and Switch B the backup. # Enable VRRP state debugging and BFD event debugging on Switch B. <SwitchB> terminal debugging <SwitchB>...
Page 218 Figure 56 Network diagram for monitoring uplinks using BFD Internet Master Backup uplink device uplink device Vlan-int3 1.1.1.2/24 Uplink Uplink Vlan-int3 1.1.1.1/24 Switch A Switch B Virtual router Master Virtual IP address: Backup 192.168.0.10 Vlan-int2 Vlan-int2 192.168.0.101/24 192.168.0.102/24 L2 switch BFD probe packets VRRP packets Configuration procedure...
Page 219 [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchB-Vlan-interface2] return Verify the configuration # Display the detailed information of the VRRP group on Switch A. <SwitchA> display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2...
Page 220 The output shows that when the status of track entry 1 becomes Positive, Switch A is the master and Switch B the backup. # When the uplink of Switch A goes down, the status of track entry 1 becomes Negative. <SwitchA>...
Page 221: Static Routing-Track-Nqa Collaboration Configuration Example
Static routing-track-NQA collaboration configuration example Network requirements As shown in Figure 57, Switch A, Switch B, Switch C, and Switch D are connected to two segments 20.1.1.0/24 and 30.1.1.0/24. Configure static routes on these switches so that the two segments can communicate with each other, and configure route backup to improve reliability of the network.
Page 222 # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.1.1.2 and the default priority 60. This static route is associated with track entry 1. <SwitchA> system-view [SwitchA] ip route-static 30.1.1.0 24 10.1.1.2 track 1 # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.3.1.3 and the priority 80.
Page 223 <SwitchD> system-view [SwitchD] ip route-static 20.1.1.0 24 10.2.1.2 track 1 # Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.4.1.3 and the priority [SwitchD] ip route-static 20.1.1.0 24 10.4.1.3 preference 80 # Configure a static route to 10.1.1.1, with the address of the next hop as 10.2.1.2. [SwitchD] ip route-static 10.1.1.1 24 10.2.1.2 # Create an NQA test group with the administrator admin and the operation tag test.
Page 224 10.3.1.0/24 Direct 0 10.3.1.1 Vlan3 10.3.1.1/32 Direct 0 127.0.0.1 InLoop0 20.1.1.0/24 Direct 0 20.1.1.1 Vlan6 20.1.1.1/32 Direct 0 127.0.0.1 InLoop0 30.1.1.0/24 Static 60 10.1.1.2 Vlan2 127.0.0.0/8 Direct 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 127.0.0.1 InLoop0 The output shows the NQA test result: the master route is available (the status of the track entry is Positive), and Switch A forwards packets to 30.1.1.0/24 through Switch B.
Page 225: Static Routing-Track-Bfd Collaboration Configuration Example
Reply from 30.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms Reply from 30.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 30.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 30.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms Reply from 30.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms --- 30.1.1.1 ping statistics --- 5 packet(s) transmitted 5 packet(s) received...
Page 226 Configure static routing-track-BFD collaboration to determine whether the master route is available • in real time. If the master route is unavailable, BFD can quickly detect the route failure to make the backup route take effect, and Switch B forwards packets to 20.1.1.0/24 through Switch C and Switch A.
Page 227 # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.4.1.2. <SwitchC> system-view [SwitchC] ip route-static 30.1.1.0 24 10.4.1.2 # Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.3.1.1. [SwitchB] ip route-static 20.1.1.0 24 10.3.1.1 Verify the configuration # Display information of the track entry on Switch A.
Page 228 BFD Session: Packet type: Echo Interface : Vlan-interface2 Remote IP : 10.2.1.2 Local IP : 10.2.1.1 # Display the routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 9 Routes : 9 Destination/Mask Proto Cost NextHop Interface 10.2.1.0/24...
Page 229: Interface)
5 packet(s) received 0.00% packet loss round-trip min/avg/max = 1/1/2 ms VRRP-track-interface management collaboration configuration example (the master monitors the uplink interface) Network requirements As shown in Figure 59, Host A needs to access Host B on the Internet. The default gateway of Host •...
Page 230 Configure VRRP on Switch B. <SwitchB> system-view [SwitchB] interface vlan-interface 2 # Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group. [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.10 Verify the configuration After configuration, ping Host B on Host A, and you can see that Host B is reachable. Use the display vrrp command to view the configuration result.
Page 231 # After shutting down the uplink interface on Switch A, display detailed information about VRRP group 1 on Switch A. [SwitchA-Vlan-interface3] display vrrp verbose IPv4 Standby Information: Run Mode : Standard Run Method : Virtual MAC Total number of virtual routers : 1 Interface Vlan-interface2 VRID Adver Timer...
Page 232: Index
Index A B C D E H I M O R S T V Displaying and maintaining BFD,190 Displaying and maintaining CFD,29 Activating an RRPP domain,69 Displaying and maintaining DLDP,47 Associating the track module with a detection Displaying and maintaining Ethernet OAM module,193 configuration,14 Associating the track module with an application...
Page 233 Resetting DLDP state,46 RRPP configuration examples,72 Track configuration examples,199 RRPP configuration task list,64 Track configuration task list,192 RRPP overview,55 Track overview,191 Troubleshooting,92 Troubleshooting DLDP,54 Setting DLDP mode,44 Troubleshooting VRRP,175 Setting the DelayDown timer,45 Setting the interval for sending advertisement packets,44 VRRP load balancing mode,122 Setting the port shutdown...

This manual is also suitable for:

S5800 series

H3C S5820X SERIES High Availability Configuration Manual

Quick Links

Troubleshooting

Need help?

Questions and answers

Related Manuals for H3C S5820X SERIES

Summary of Contents for H3C S5820X SERIES

This manual is also suitable for:

Table of Contents