03 VRRP Configuration

8/6/2019 03 VRRP Configuration

1/21

Operation Manual VRRPH3C S9500 Series Routing Switches Table of Contents

i

Table of Contents

Chapter 1 VRRP Configuration ....................................................................................................1-11.1 Introduction to VRRP.........................................................................................................1-11.2 Configuring VRRP .............................................................................................................1-2

1.2.1 Configuring the Function of Pinging the Virtual IP Address.... ................................ 1-31.2.2 Configuring the TTL Value Check for VRRP Packets............................................. 1-31.2.3 Configuring the Mapping Mode between Virtual IP Address and MAC Address ............ 1-31.2.4 Configuring a Virtual IP Address............................................................................. 1-41.2.5 Configuring a Priority for a Switch in the VRRP Group........................................... 1-41.2.6 Configuring Preemption and Delay for a Switch in a VRRP Group ........................ 1-51.2.7 Configuring Authentication Type and Authentication Key....................................... 1-61.2.8 Configuring the Interval for Sending VRRP Packets on the Master ....................... 1-71.2.9 Configuring the Switch to Track a Specified Interface ............................................ 1-71.2.10 Configuring VRRP Link Monitoring ....................................................................... 1-81.2.11 Configuring IFM Tracking......................................................................................1-91.2.12 Configuring the Fast Switch Function for a Virtual Router.................................. 1-10

1.3 Displaying and Debugging VRRP....................................................................................1-111.4 VRRP Configuration Examples........................................................................................1-12

1.4.1 Single VRRP Group Configuration Example......................................................... 1-121.4.2 VRRP Interface Tracking Configuration Example................................................. 1-131.4.3 VRRP Link Monitoring Configuration Example ..................................................... 1-141.4.4 IFM Tracking Configuration Example.................................................................... 1-161.4.5 Multiple Virtual Routers Configuration Example ................................................... 1-18

1.5 Troubleshooting VRRP....................................................................................................1-19


2/21

Operation Manual VRRPH3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

1-1

Chapter 1 VRRP Configuration

When configuring VRRP, go to these sections for information you are interested in:

Introduction to VRRP

Configuring VRRP

Displaying and Debugging VRRP

VRRP Configuration Examples

Troubleshooting VRRP

1.1 Introduction to VRRP

The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general,

a default route (for example, 10.100.10.1 as shown in the following internetworking

diagram) is configured for every host on the network, so that the packets destined to

some other network segment from the hosts will go through the default route to the

Layer 3 Switch. If Switch is down, all the hosts taking Switch as the next-hop will be

disconnected from the external network.

Ethernet

Switch

Host 1 Host 2 Host 3

10 .10 0.1 0.7 1 0.1 00 .10 .8 10.100.10.9

10.100.10.1

Network

Figure 1-1 Network diagram for LAN

VRRP, designed for LANs with multicast and broadcast capabilities (such as Ethernet)

settles the above problem. VRRP integrates a group of LAN switches (including a

Master and several Backups) into a virtual router. The diagram below is taken as an

example to explain how VRRP works.


3/21


1-2

Master

Virtual IP address10.100.10.1

Backup

Virtual IP address10.100.10.1

Actual IP address10.100.10.2 Actual IP address10.100.10.3

Ethernet

Host 1 Host 2 Host 3

10 .10 0.1 0.7 10 .10 0.10.8 10 .10 0.1 0.9

Network

Figure 1-2 Network diagram for virtual router

This virtual router has its own IP address: 10.100.10.1 (which can be the interface

address of a switch within the virtual router). The switches within the virtual router have

their own IP addresses (such as 10.100.10.2 for the Master switch and 10.100.10.3 for

the Backup switch). The hosts on the LAN only know the IP address of this virtual router

10.100.10.1 (usually called as virtual IP address of the virtual router), but not the

specific IP addresses 10.100.10.2 of the Master switch and 10.100.10.3 of the Backup

switch. A default route with the next hop 10.100.10.1 is configured on the hosts.

Therefore, hosts within the network will communicate with the external network through

this virtual router. If the Master switch in the virtual group breaks down, another Backup

switch will function as the new Master switch to continue serving the hosts without any

interruption.

1.2 Configuring VRRP

The following sections describe the VRRP configuration tasks:

Configuring the Function of Pinging the Virtual IP Address

Configuring the TTL Value Check for VRRP Packets

Configuring the Mapping Mode between Virtual IP Address and MAC Address

Configuring a Virtual IP Address

Configuring a Priority for a Switch in the VRRP Group

Configuring Preemption and Delay for a Switch in a VRRP Group

Configuring Authentication Type and Authentication Key

Configuring the Interval for Sending VRRP Packets on the Master

Configuring the Switch to Track a Specified Interface

Configuring VRRP Link Monitoring

Configuring IFM Tracking

Configuring the Fast Switch Function for a Virtual Router


4/21


1-3

1.2.1 Configuring the Function of Pinging the Virtual IP Address

This task is to enable/disable the function of pinging the IP address of the virtual router.

With this function enabled, you can ping the virtual IP address of the virtual router or

telnet to the virtual IP address of the virtual router.

Perform the following configuration in system view to enable/disable the ping function:

To do Use the command

Enable the ping function vrrp ping-enable

Disable to ping function undo vrrp ping-enable

By default, the ping function is enabled, that is, you can ping or telnet to the virtual IP

address of the virtual router.

You should enable the ping function before configuring the virtual router. If VRRP is

already configured on the switch, it is not allowed to modify the configuration.

1.2.2 Configuring the TTL Value Check for VRRP Packets

This task is to enable/disable the TTL value check for VRRP packets on the backup

switch. The TTL value must be 225. If the backup switch finds the TTL of a VRRP

packet is not 225, the packet will be discarded.

Perform the following configuration in VLAN interface view to enable/disable the TTL

value check for VRRP packets:


Disable the TTL value check for VRRP packets vrrp un-check ttl

Enable the TTL value check for VRRP packets undo vrrp un-check ttl

1.2.3 Configuring the Mapping Mode between Virtual IP Address and MAC

Address

This task is to configure the mapping mode between virtual lP address and MAC

address. In VRRP, the virtual IP address of the virtual router corresponds to the virtual

MAC address, to ensure correct data forwarding.

Depending on the chips installed, some switches support mapping one virtual IP

address to multiple MAC addresses.

S9500 series not only guarantee correct data forwarding in the subnet, but also allow

you to specify a mapping mode, either virtual IP address to real MAC address mapping

or virtual IP address to virtual MAC address mapping.

Perform the following configuration in system view to configure IP-to-MAC mappings:


5/21


1-4


Specify a mapping mode for the virtualIP address

vrrp method { real-mac | virtual-mac }

Restore the default undo vrrp method

By default, the virtual IP address of the virtual router corresponds to the virtual MAC

address.

You should perform this configuration only before configuring the virtual router.

1.2.4 Configuring a Virtual IP Address

This task is to assign a virtual IP address to a virtual router or remove an assigned

virtual IP address.

Perform the following configuration in VLAN interface view to add/delete a virtual IP

address:


Assign a virtual IP address to a virtualrouter

vrrp vridvirtual-router-idvirtual-ipvirtual-address

Delete a virtual IP addressundo vrrp vridvirtual-router-id[ virtual-ipvirtual-address]

The virtual-router-idranges from 1 to 255.

The virtual-address can be an unused address in the network segment where the

virtual router resides, or the IP address of an interface in the virtual router. If the virtual

address is the same as the real IP address of a member switch in the virtual router, the

switch is called an IP Address Owner. When assigning an IP address to a nonexistent

virtual router, the system will create a new virtual router accordingly. When adding a

new address to an existing virtual router, the system will directly add it into the virtual IP

address list.

After the last virtual IP address is removed from the virtual router, the whole virtualrouter will also be removed. That is, there is no virtual router on the interface any more

and any configuration of it is invalid accordingly.

1.2.5 Configuring a Priority for a Switch in the VRRP Group

The status of each switch in the virtual router will be determined by its priority in VRRP.

The switch with the highest priority will become the master.

Perform the following configuration in VLAN interface view to configure a priority for the

switch in the virtual router:


6/21


1-5


Configure a priority for the switch in thevirtual router.

vrrp vrid virtual-router-idprioritypriority

Remove the priority setting of the switch undo vrrp vrid virtual-router-idpriority

The priority ranges from 0 to 255. The greater the number, the higher the priority.

However the value can only be taken from 1 to 254. The priority 0 is reserved for special

use and priority 255 is reserved for the IP address owner by the system.

By default, the priority is 100.

Note:The priority for IP address owner is always 255, which cannot be configured.

1.2.6 Configuring Preemption and Delay for a Switch in a VRRP Group

Once a switch in the VRRP group becomes the master, as long as it still functions

properly, other switches, even configured with a higher priority later, cannot become the

master unless they are configured to work in preemption mode. The switch in

preemption mode will become the master switch, when it finds its own priority is higherthan that of the current master switch. Accordingly, the former master switch will

become a backup switch.

Together with the preemption setting, a delay can also be set. In this way, a backup will

wait for a period of time before becoming the new master. In an unstable network if the

backup switch has not received the packets from the master switch punctually, it will

become the master switch. However, the receiving failure may be due to network

congestion, instead of the malfunction of the master switch. In this case, the backup will

receive the packets after a while. The delay setting can thereby avoid the frequent

status changing.

Perform the following configuration in VLAN interface view to configure preemption and

delay for a switch within a virtual router:


Enable the preemption modeand configure a delay.

vrrp vrid virtual-router-idpreempt-mode [ timerdelaydelay-value]

Disable the preemption mode. undo vrrp vridvirtual-router-idpreempt-mode


7/21


1-6

The delay in seconds ranges from 0 to 255. By default, the preemption mode is enabled

with a delay of 0 seconds.

Note:If preemption mode is disabled, the delay will automatically become 0 seconds.

1.2.7 Configuring Authentication Type and Authentication Key

VRRP provides following authentication types:

simple: Simple character authentication

md5: MD5 authentication

In a network under possible security threats, the authentication type can be set to

simple. Then the switch will add the authentication key into the VRRP packets before

transmitting it. The receiver will compare the authentication key of the packet with the

locally configured one. If they are the same, the packet will be taken as a true and legal

one. Otherwise it will be regarded as an illegal packet and discarded. In this case, an

authentication key not exceeding 8 characters should be configured.

In a totally unsafe network, the authentication type can be set to md5. The switch will

use the authentication type and MD5 algorithm provided by the Authentication Header

to authenticate the VRRP packets. In this case an authentication key not exceeding 8

characters should be configured.

Those packets failing to pass the authentication will be discarded and a trap packet will

be sent to the network management system.

Perform the following configuration in VLAN interface view to configure authentication

type and authentication key:


Configure authentication type andauthentication key

vrrp vrid virtual-router-idauthentication-mode { md5 | simple } key

Remove the authentication typeand authentication key

undo vrrp vrid virtual-router-idauthentication-mode

By default, no authentication is performed.


8/21


1-7

Note:The same authentication type and authentication key should be configured for all VLAN

interfaces that belong to the virtual router.

1.2.8 Configuring the Interval for Sending VRRP Packets on the Master

The master switch advertises its normal operation state to the backup switch by

sending VRRP packets regularly (at adver-interval). And the backup switch only

receives VRRP packets. If the backup has not received any VRRP packet from the

master within a period of time (specified by master-down-interval), it will consider the

master as down, and then take its place and become the Master.

You can use the following command to set a timer and adjust the interval (adver-interval)

at which Master transmits VRRP packets. The master-down-intervalof the Backup

switch is three times that of the adver-interval. The excessive network traffic or the

differences between different switch timers will result in master-down-intervaltiming out

and state changing abnormally. Such problems can be solved through prolonging the

adver-intervaland preemption delay time. adver-intervalis measured in seconds.

Perform the following configuration in VLAN interface view to configure the interval for

the master to send VRRP packets:

To do Use the commandConfigure the interval for the master tosend VRRP packets

vrrp vrid virtual-router-idtimeradvertiseadver-interval

Restore the defaultundo vrrp vrid virtual-router-idtimeradvertise

By default, adver-intervalis 1.

Note:

You must configure the same interval for switches within the VRRP group.

1.2.9 Configuring the Switch to Track a Specified Interface

The VRRP interface track function extends the function of a VRRP group. It enables

redundancy between VRRP interfaces, and between other switch interfaces.

You can use the following command to track a specified interface on the master switch.

If the interface is down, the priority of the switch will reduce automatically by the value


9/21


1-8

specified by value-reduced. Then the backup switch with the highest priority becomes

the new master.

Perform the following configuration in VLAN interface view to configure the switch to

track a specified interface:


Configure the switch to track a specifiedinterface

vrrp vrid virtual-router-idtrackinterface vlan-interface vlan-id[ reducedvalue-reduced]

Stop tracking the specified interfaceundo vrrp vridvirtual-router-idtrackinterfacevlan-interfacevlan-id

By default, priority is reduced by 10.

Note: If the switch is an IP address owner, its interfaces cannot be tracked.

If the interface is up again, the corresponding priority of the switch, will be restored

automatically.

On each virtual router, a maximum of eight interfaces can be tracked.

1.2.10 Configuring VRRP Link Monitoring

This task allows you to configure the backup VRRP device to monitor the link to the

master. When the monitored link goes down, the backup device immediately switches

to the master state.

The monitored link can be an Ethernet interface, or a manual aggregation group or

static aggregation group.

If the monitored link is an Ethernet interface, the backup device immediately switches

to the master state when the link goes down; if the monitored link is an aggregation

group, the backup device switches to the master state after all the ports in the

aggregation group go down.


10/21


1-9

Caution:

Before you configure VRRP link monitoring, it is required that no physical loop exists

and the spanning tree protocol (STP) is not enabled on the network.

If all the physical links in between are down, the backup device considers that the

master device is down, and then the backup device switches to the master state. At

this time, two master devices may exist, and you need to ensure communication

through networking.

Make sure that all the links between the master and backup devices are monitored.

Perform the following configuration in VLAN interface view to configure the switch to

monitor a specified link:


Configure the device tomonitor the specifiedlink

vrrp vrid virtual-router-idmonitor { interfaceinterface-type interface-number| link-aggregationgroup group-id}

Disable link monitoring undo vrrp vrid virtual-router-idmonitor

By default, link monitoring is disabled.

Note: When you configure the device to monitor a specified interface, the interface cannot

belong to any aggregation group (including dynamic aggregation groups).

After you configure the device to monitor an aggregation group, the aggregation

group cannot be removed directly.

You cannot configure the device to monitor multiple links.

After you configure the device to monitor a specified link, you need to use a board

that supports reporting connection failures and configure the link-status hold 0

command globally to meet the performance requirements.

1.2.11 Configuring IFM Tracking

As a special card on softswitch devices, the IP forwarding module (IFM) is the portal of

softswitch, which is used to distribute IP signals. The disconnection with the IFM means

the termination of softswitch; therefore, the reliability of IFM has great importance.


11/21


1-10

Figure 1-3 Network diagram for IFM devices

As shown in Figure 1-3, the two Layer 3 switches form a VRRP group. Each switch is

enabled to track the status of the corresponding IFM device through the OAM module.

When receiving signals from the IFM device, the priority of the corresponding interface

on a switch will increase by the value specified by value-increased. The switch with a

higher priority becomes the master. When the link of the master is down, the priority will

decrease by a specified value. As a result, the backup will have a higher priority and

become the master switch. Thus, the cooperation between IFM and VRRP through

OAM is implemented.

Perform the following configuration in VLAN interface view to enable/disable IFM

tracking:


Enable IFM tracking vrrp vrid virtual-router-idtrack ifm [ increasedvalue-increased]

Disable IFM tracking undo vrrp vridvirtual-router-idtrackifm

By default, the value of the value-increasedargument is 2.

1.2.12 Configuring the Fast Switch Function for a Virtual Router

In VRRP, a backup device can switch to the master state after the specified timer

expires. This mechanism causes delay in state switching and is not applicable to

network environments that require fast state switching because it may interrupt traffic

temporarily. To solve this problem, S9500 series switches support the fast switch

function for the virtual router.

If the uplink virtual interface tracked by the master goes down, the master device

immediately decreases its priority and sends an advertisement packet.

Upon receiving the advertisement packet, the backup device compares the priority

in the packet with that of its own. If the backup device has a higher priority, it

switches to the master state immediately.


12/21


1-11

Perform the following configuration in VLAN interface view to enable/disable the fast

switch function for a virtual router:


Enable the fast switch functionfor a virtual router

vrrp vrid virtual-router-idfast-switch

Disable the fast switchfunction for the virtual router

undo vrrp vridvirtual-router-idfast-switch

By default, the fast switch function is disabled for a virtual router.

1.3 Displaying and Debugging VRRP

To do Use the command Remarks

Display VRRP stateinformation

displayvrrp[ interfacevlan-interface interface-number[ virtual-route-identifierifm| ifm |vrid virtual-router-id] ]

Display the configurationinformation of theVRRP-enabled IFMdevice

display vrrp ifm

Display VRRP statistics

information

display vrrpstatistics[ interfaceinterface-type interface-number[ vrid virtual-router-id] ]

Display VRRP detailedinformation

display vrrp verbose [ interfacetype number[ vridvirtual-router-id] ]

Available in anyview

Clear the statisticsinformation about VRRP

reset vrrp statistics [ interfaceinterface-type interface-number[ vrid virtual-router-id]]

Enable VRRP debuggingdebugging vrrp { state | packet |error }

Disable VRRP debuggingundo debugging vrrp { state |packet | error }

Available in userview

By default, VRRP debugging is disabled.


13/21


1-12

1.4 VRRP Configuration Examples

1.4.1 Single VRRP Group Configuration Example

I. Network requirements

Host A takes the VRRP virtual router containing switch A and switch B as its default

gateway to access host B on the Internet.

It is required that:

The virtual router ID is 1;

The virtual IP address is 202.38.160.111;

Switch A is the master and switch B is the backup:

Preemption is allowed.

II. Network diagram

Virtual IP address:

202.38.160.111

Switch_A

Host A

202.38.160.3

VLAN- interface2: 202.38.160.1

Switch_B

VLAN-interface2: 202.38.160.2

VLAN-- interface3: 10.100.10.2

Host B

10.2.3.1

Internet

Figure 1-4 Network diagram for VRRP configuration

III. Configuration procedure

1) Configure switch A

# Configure VLAN 2.

[LSW-A] vlan 2

[LSW-A-vlan2] interface vlan 2

[LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0

[LSW-A-vlan-interface2] quit

# Configure VRRP.

[LSW-A] vrrp ping-enable

[LSW-A] interface vlan 2

[LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111


14/21


1-13

[LSW_A-vlan-interface2] vrrp vrid 1 priority 110

[LSW-A-vlan-interface2] vrrp vrid 1 preempt-mode

2) Configure switch B

# Configure VLAN2.

[LSW-B] vlan 2

[LSW-B-vlan2] interface vlan 2

[LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0

[LSW-B-vlan-interface2] quit

# Configure VRRP.

[LSW-B] vrrp ping-enable

[LSW-B] interface vlan 2

[LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

[LSW-B-vlan-interface2] vrrp vrid 1 preempt-mode

The virtual router can be used soon after configuration. Host A can be configured with

the default gateway 202.38.160.111.

Under normal conditions, switch A functions as the gateway. Once switch A breaks

down, switch B will function as the gateway instead.

Configure the preemption mode for switch A, so that it can become the master again

after recovery.

1.4.2 VRRP Interface Tracking Configuration Example


See Figure 1-4. If the interface of switch A connected to the Internet is down, switch B

should function as the gateway. This can be implemented by tracking the

corresponding interface.

The virtual router ID is 1. In addition, the MD5 authentication and VRRP packet sending

interval are configured.

II. Network diagram

See Figure 1-4.



# Configure VLAN2.

[LSW-A] vlan 2




# Enable the function to ping the virtual IP address of the virtual router.


15/21


1-14

[H3CLSW-A ] vrrp ping-enable

# Create the VRRP virtual router.



# Set the priority for the virtual router.


# Set the authentication mode and authentication key for the virtual router.

[LSW_A-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure the interface to send VRRP packets every 5 seconds.

[LSW_A-vlan-interface2] vrrp vrid 1 timer advertise 5

# Track VLAN-interface 3.

[LSW_A-vlan-interface2] vrrp vrid 1 track interface vlan-interface 3 reduced

30


# Configure VLAN2.

[LSW-B] vlan 2





[H3CLSW-B] vrrp ping-enable

# Create the virtual router.

[LSW-B] interface vlan 2

[LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111


[LSW_B-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure the interface to send VRRP packets every five seconds.

[LSW_B-vlan-interface2] vrrp vrid 1 timer advertise 5

Under normal conditions, switch A functions as the gateway. Once VLAN-interface 3 of

switch A is down, its priority will be reduced by 30, lower than that of switch B so that

switch B will become the master.

When VLAN-interface 3 of switch A recovers, it will become the master again.

1.4.3 VRRP Link Monitoring Configuration Example


As shown in the figure below:


16/21


1-15

No physical loops exist between Switch A, Switch B and Host Server, and STP is

not enabled.

Switch A is the master while Switch B is the backup. No physical link is available

between Switch A and Host Server.Normally, Switch A acts as the gateway. The traffic sent from Host Server is forwarded

at Layer 2 through Switch B to Switch A which then forwards the traffic at Layer 3 to the

IP network.

It is required to configure Switch B to monitor the link to Switch A. If Switch A fails or the

link between Switch A and Switch B fails, Switch B becomes the master and acts as the

gateway instead of Switch A. Then, the traffic from Host Server is forwarded to the IP

network directly through Switch B. The state switching delay should be in milliseconds.

II. Network diagram

Figure 1-5 Network diagram for VRRP configuration


1) Configure Switch A

# Configure VLAN 2.

system-view

[LSW-A] vlan 2




# Enable pinging the virtual IP address of the virtual router.

[LSW-A ] vrrp ping-enable

# Create virtual router 1.


[LSW-A-vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.3


17/21


1-16

# Set the VRRP priority for Switch A.

[LSW-A-vlan-interface2] vrrp vrid 1 priority 110

2) Configure Switch B

# Configure VLAN 2.

system-view

[LSW-B] vlan 2




# Enable pinging the virtual IP address of the virtual router.

[LSW-B] vrrp ping-enable

# Create virtual router 1.[LSW-B] interface vlan 2

[LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.3

# Enable Switch B to monitor interface Ethernet 2/1/1.

[LSW-B-vlan-interface2] vrrp vrid 1 monitor interface Ethernet 2/1/1


# Configure the global link state holdtime.

[LSW-B] link-status hold 0

1.4.4 IFM Tracking Configuration Example


As shown in the following figure, an IFM softswitch device is attached to a switch.

It is required to configure the two switches as a VRRP group and configure IFM tracking

to track the IFM devices through OAM. A switch that can receive signals from the

corresponding IFM device increases its priority with a specified value to influence

master switch election.

II. Network diagram

Figure 1-6 Network diagram for IFM tracking


18/21


1-17


1) Configure Switch A

# Configure VLAN 2.

[Switch A] vlan 2

[Switch A-vlan2] interface vlan-interface 2

[Switch A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

[Switch A-Vlan-interface2] quit

# Enable OAM.

[Switch A] Ethernet3/1/1

[Switch A-Ethernet3/1/1] oam ethernet mode passive

[Switch A-Ethernet3/1/1] oam ethernet enable

[Switch A-Ethernet3/1/1] quit

# Enable the function of pinging the virtual IP address of the virtual router.

[Switch A] vrrp ping-enable

# Configure the virtual router.

[Switch A] interface vlan-interface 2

[Switch A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority of the virtual router.

[Switch A-Vlan-interface2] vrrp vrid 1 priority 105


[Switch A-Vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure IFM tracking, and set the increased value to 10.

[Switch A-Vlan-interface2] vrrp vrid 1 track ifm increased 10

2) Configure Switch B

# Configure VLAN2.

[Switch B] vlan 2

[Switch B-vlan2] interface vlan-interface 2

[Switch B-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

[Switch B-Vlan-interface2] quit

# Enable OAM.

[Switch B] Ethernet3/1/1

[Switch B-Ethernet3/1/1] oam ethernet mode passive

[Switch B-Ethernet3/1/1] oam ethernet enable

[Switch B-Ethernet3/1/1] quit


[Switch B] vrrp ping-enable

# Create the virtual router.


19/21


1-18

[Switch B] interface vlan 2

[Switch B-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111


[Switch B-Vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure IFM tracking, and set the increased value to 10.

[Switch B-Vlan-interface2] vrrp vrid 1 track ifm increased 10

Note:Switch A acts as the gateway in normal cases. When Switch B tracks the state of the

IFM device being Master through OAM, the priority of Switch B will be increased by 10,

greater than that of Switch A (105), and Switch B will turn the Master and act as the

gateway.

1.4.5 Multiple Virtual Routers Configuration Example


A switch can function as a backup switch for multiple virtual routers to implement load

balancing. See Figure 1-4. For example, Switch A, the master switch of virtual router 1,

can be the backup switch for virtual router 2, and Switch B can be the backup switch forvirtual router 1. Some hosts employ virtual router 1 as the gateway, while others employ

virtual router 2 as the gateway. In this way, both load balancing and backup are

implemented.

II. Network diagram

Refer to Figure 1-4.



# Configure VLAN2.

[LSW-A] vlan 2








20/21


1-19




# Configure VLAN2.

[LSW-B] vlan 2








[LSW_B-vlan-interface2] vrrp vrid 2 priority 110

Note:Multiple virtual routers are often used in actual network applications.

1.5 Troubleshooting VRRP

As the configuration of VRRP is not very complicated, almost all the malfunctions can

be found through viewing the configuration and debugging information. Here are some

possible failures you might meet and the corresponding troubleshooting methods.

I. Symptom 1: Frequent prompts of configuration errors on the console

This indicates that incorrect VRRP packets have been received. It may be because of

the inconsistent configuration of another switch within the virtual router, or the attempts

of some devices to send out illegal VRRP packets. The first possible fault can be solved

through modifying the configuration. And as the second possibility is caused by the

malicious attempt of some devices, non-technical measures should be resorted to.

II. Symptom 2: More than one Master existing within the same virtual router

There are also 2 reasons. One is short time coexistence of many master switches,

which is normal and needs no manual intervention. Another is the long time

coexistence of many Master switches, which may be because switches in the virtual

router cannot receive VRRP packets from each other, or receive some illegal packets.

To solve such problems, an attempt should be made to ping the master switches. If

such an attempt fails, check the device connectivity. If they can be pinged, check the


21/21


1-20

VRRP configuration. For the configuration of the same VRRP virtual router, complete

consistency for the number of virtual IP addresses, each virtual IP address, timer

duration and authentication type must be guaranteed.

III. Symptom 3: Frequent Master/Backup switchovers

Such problem occurs when the virtual router timer duration is too short. So the problem

can be solved through prolonging this duration or the preemption delay.

Documents

03 VRRP Configuration