Scribd
Upload
166 views21 pages

03 VRRP Configuration

VRRP H3C S9500 Series Routing Switches. 1-1 1. Introduction to VRRP. 1-3 1.2. Configuring the Function of Pinging the Virtual IP Address. 1-4 1.2. Authentication Type and Authentication key. 1-8 1.2. IFM tracking. 1-9 1.2. Fast Switch Function for a Virtual Router. 1-16 1.4. Multiple VRRP Group Configuration Example.

Uploaded by

praveen_1212
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
166 views21 pages

03 VRRP Configuration

VRRP H3C S9500 Series Routing Switches. 1-1 1. Introduction to VRRP. 1-3 1.2. Configuring the Function of Pinging the Virtual IP Address. 1-4 1.2. Authentication Type and Authentication key. 1-8 1.2. IFM tracking. 1-9 1.2. Fast Switch Function for a Virtual Router. 1-16 1.4. Multiple VRRP Group Configuration Example.

Uploaded by

praveen_1212
Copyright
© Attribution Non-Commercial (BY-NC)
We take content rights seriously. If you suspect this is your content, claim it here.
Available Formats
Download as PDF, TXT or read online on Scribd
You are on page 1/ 21

Operation Manual – VRRP

H3C S9500 Series Routing Switches Table of Contents

Table of Contents

Chapter 1 VRRP Configuration .................................................................................................... 1-1


1.1 Introduction to VRRP ......................................................................................................... 1-1
1.2 Configuring VRRP ............................................................................................................. 1-2
1.2.1 Configuring the Function of Pinging the Virtual IP Address.................................... 1-3
1.2.2 Configuring the TTL Value Check for VRRP Packets............................................. 1-3
1.2.3 Configuring the Mapping Mode between Virtual IP Address and MAC Address ............ 1-3
1.2.4 Configuring a Virtual IP Address ............................................................................. 1-4
1.2.5 Configuring a Priority for a Switch in the VRRP Group........................................... 1-4
1.2.6 Configuring Preemption and Delay for a Switch in a VRRP Group ........................ 1-5
1.2.7 Configuring Authentication Type and Authentication Key....................................... 1-6
1.2.8 Configuring the Interval for Sending VRRP Packets on the Master ....................... 1-7
1.2.9 Configuring the Switch to Track a Specified Interface ............................................ 1-7
1.2.10 Configuring VRRP Link Monitoring ....................................................................... 1-8
1.2.11 Configuring IFM Tracking...................................................................................... 1-9
1.2.12 Configuring the Fast Switch Function for a Virtual Router.................................. 1-10
1.3 Displaying and Debugging VRRP.................................................................................... 1-11
1.4 VRRP Configuration Examples........................................................................................ 1-12
1.4.1 Single VRRP Group Configuration Example......................................................... 1-12
1.4.2 VRRP Interface Tracking Configuration Example................................................. 1-13
1.4.3 VRRP Link Monitoring Configuration Example ..................................................... 1-14
1.4.4 IFM Tracking Configuration Example.................................................................... 1-16
1.4.5 Multiple Virtual Routers Configuration Example ................................................... 1-18
1.5 Troubleshooting VRRP .................................................................................................... 1-19

i
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

Chapter 1 VRRP Configuration

When configuring VRRP, go to these sections for information you are interested in:
z Introduction to VRRP
z Configuring VRRP
z Displaying and Debugging VRRP
z VRRP Configuration Examples
z Troubleshooting VRRP

1.1 Introduction to VRRP


The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general,
a default route (for example, 10.100.10.1 as shown in the following internetworking
diagram) is configured for every host on the network, so that the packets destined to
some other network segment from the hosts will go through the default route to the
Layer 3 Switch. If Switch is down, all the hosts taking Switch as the next-hop will be
disconnected from the external network.

Network

Switch

10.100.10.1
Ethernet

10.100.10.7 10.100.10.8 10.100.10.9

Host 1 Host 2 Host 3

Figure 1-1 Network diagram for LAN

VRRP, designed for LANs with multicast and broadcast capabilities (such as Ethernet)
settles the above problem. VRRP integrates a group of LAN switches (including a
Master and several Backups) into a virtual router. The diagram below is taken as an
example to explain how VRRP works.

1-1
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

Network

Actual IP address10.100.10.2 Actual IP address10.100.10.3

Master Backup

Virtual IP address10.100.10.1 Ethernet Virtual IP address10.100.10.1

10.100.10.7 10.100.10.8 10.100.10.9

Host 1 Host 2 Host 3

Figure 1-2 Network diagram for virtual router

This virtual router has its own IP address: 10.100.10.1 (which can be the interface
address of a switch within the virtual router). The switches within the virtual router have
their own IP addresses (such as 10.100.10.2 for the Master switch and 10.100.10.3 for
the Backup switch). The hosts on the LAN only know the IP address of this virtual router
10.100.10.1 (usually called as virtual IP address of the virtual router), but not the
specific IP addresses 10.100.10.2 of the Master switch and 10.100.10.3 of the Backup
switch. A default route with the next hop 10.100.10.1 is configured on the hosts.
Therefore, hosts within the network will communicate with the external network through
this virtual router. If the Master switch in the virtual group breaks down, another Backup
switch will function as the new Master switch to continue serving the hosts without any
interruption.

1.2 Configuring VRRP


The following sections describe the VRRP configuration tasks:
z Configuring the Function of Pinging the Virtual IP Address
z Configuring the TTL Value Check for VRRP Packets
z Configuring the Mapping Mode between Virtual IP Address and MAC Address
z Configuring a Virtual IP Address
z Configuring a Priority for a Switch in the VRRP Group
z Configuring Preemption and Delay for a Switch in a VRRP Group
z Configuring Authentication Type and Authentication Key
z Configuring the Interval for Sending VRRP Packets on the Master
z Configuring the Switch to Track a Specified Interface
z Configuring VRRP Link Monitoring
z Configuring IFM Tracking
z Configuring the Fast Switch Function for a Virtual Router

1-2
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

1.2.1 Configuring the Function of Pinging the Virtual IP Address

This task is to enable/disable the function of pinging the IP address of the virtual router.
With this function enabled, you can ping the virtual IP address of the virtual router or
telnet to the virtual IP address of the virtual router.
Perform the following configuration in system view to enable/disable the ping function:

To do… Use the command…


Enable the ping function vrrp ping-enable
Disable to ping function undo vrrp ping-enable

By default, the ping function is enabled, that is, you can ping or telnet to the virtual IP
address of the virtual router.
You should enable the ping function before configuring the virtual router. If VRRP is
already configured on the switch, it is not allowed to modify the configuration.

1.2.2 Configuring the TTL Value Check for VRRP Packets

This task is to enable/disable the TTL value check for VRRP packets on the backup
switch. The TTL value must be 225. If the backup switch finds the TTL of a VRRP
packet is not 225, the packet will be discarded.
Perform the following configuration in VLAN interface view to enable/disable the TTL
value check for VRRP packets:

To do… Use the command…


Disable the TTL value check for VRRP packets vrrp un-check ttl
Enable the TTL value check for VRRP packets undo vrrp un-check ttl

1.2.3 Configuring the Mapping Mode between Virtual IP Address and MAC
Address

This task is to configure the mapping mode between virtual lP address and MAC
address. In VRRP, the virtual IP address of the virtual router corresponds to the virtual
MAC address, to ensure correct data forwarding.
Depending on the chips installed, some switches support mapping one virtual IP
address to multiple MAC addresses.
S9500 series not only guarantee correct data forwarding in the subnet, but also allow
you to specify a mapping mode, either virtual IP address to real MAC address mapping
or virtual IP address to virtual MAC address mapping.
Perform the following configuration in system view to configure IP-to-MAC mappings:

1-3
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

To do… Use the command…


Specify a mapping mode for the virtual
vrrp method { real-mac | virtual-mac }
IP address
Restore the default undo vrrp method

By default, the virtual IP address of the virtual router corresponds to the virtual MAC
address.
You should perform this configuration only before configuring the virtual router.

1.2.4 Configuring a Virtual IP Address

This task is to assign a virtual IP address to a virtual router or remove an assigned


virtual IP address.
Perform the following configuration in VLAN interface view to add/delete a virtual IP
address:

To do… Use the command…


Assign a virtual IP address to a virtual vrrp vrid virtual-router-id virtual-ip
router virtual-address
undo vrrp vrid virtual-router-id
Delete a virtual IP address
[ virtual-ip virtual-address ]

The virtual-router-id ranges from 1 to 255.


The virtual-address can be an unused address in the network segment where the
virtual router resides, or the IP address of an interface in the virtual router. If the virtual
address is the same as the real IP address of a member switch in the virtual router, the
switch is called an IP Address Owner. When assigning an IP address to a nonexistent
virtual router, the system will create a new virtual router accordingly. When adding a
new address to an existing virtual router, the system will directly add it into the virtual IP
address list.
After the last virtual IP address is removed from the virtual router, the whole virtual
router will also be removed. That is, there is no virtual router on the interface any more
and any configuration of it is invalid accordingly.

1.2.5 Configuring a Priority for a Switch in the VRRP Group

The status of each switch in the virtual router will be determined by its priority in VRRP.
The switch with the highest priority will become the master.
Perform the following configuration in VLAN interface view to configure a priority for the
switch in the virtual router:

1-4
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

To do… Use the command…


Configure a priority for the switch in the vrrp vrid virtual-router-id priority
virtual router. priority
Remove the priority setting of the switch undo vrrp vrid virtual-router-id priority

The priority ranges from 0 to 255. The greater the number, the higher the priority.
However the value can only be taken from 1 to 254. The priority 0 is reserved for special
use and priority 255 is reserved for the IP address owner by the system.
By default, the priority is 100.

Note:
The priority for IP address owner is always 255, which cannot be configured.

1.2.6 Configuring Preemption and Delay for a Switch in a VRRP Group

Once a switch in the VRRP group becomes the master, as long as it still functions
properly, other switches, even configured with a higher priority later, cannot become the
master unless they are configured to work in preemption mode. The switch in
preemption mode will become the master switch, when it finds its own priority is higher
than that of the current master switch. Accordingly, the former master switch will
become a backup switch.
Together with the preemption setting, a delay can also be set. In this way, a backup will
wait for a period of time before becoming the new master. In an unstable network if the
backup switch has not received the packets from the master switch punctually, it will
become the master switch. However, the receiving failure may be due to network
congestion, instead of the malfunction of the master switch. In this case, the backup will
receive the packets after a while. The delay setting can thereby avoid the frequent
status changing.
Perform the following configuration in VLAN interface view to configure preemption and
delay for a switch within a virtual router:

To do… Use the command…


Enable the preemption mode vrrp vrid virtual-router-id preempt-mode [ timer
and configure a delay. delay delay-value ]
Disable the preemption mode. undo vrrp vrid virtual-router-id preempt-mode

1-5
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

The delay in seconds ranges from 0 to 255. By default, the preemption mode is enabled
with a delay of 0 seconds.

Note:
If preemption mode is disabled, the delay will automatically become 0 seconds.

1.2.7 Configuring Authentication Type and Authentication Key

VRRP provides following authentication types:


z simple: Simple character authentication
z md5: MD5 authentication
In a network under possible security threats, the authentication type can be set to
simple. Then the switch will add the authentication key into the VRRP packets before
transmitting it. The receiver will compare the authentication key of the packet with the
locally configured one. If they are the same, the packet will be taken as a true and legal
one. Otherwise it will be regarded as an illegal packet and discarded. In this case, an
authentication key not exceeding 8 characters should be configured.
In a totally unsafe network, the authentication type can be set to md5. The switch will
use the authentication type and MD5 algorithm provided by the Authentication Header
to authenticate the VRRP packets. In this case an authentication key not exceeding 8
characters should be configured.
Those packets failing to pass the authentication will be discarded and a trap packet will
be sent to the network management system.
Perform the following configuration in VLAN interface view to configure authentication
type and authentication key:

To do… Use the command…


Configure authentication type and vrrp vrid virtual-router-id
authentication key authentication-mode { md5 | simple } key
Remove the authentication type undo vrrp vrid virtual-router-id
and authentication key authentication-mode

By default, no authentication is performed.

1-6
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

Note:
The same authentication type and authentication key should be configured for all VLAN
interfaces that belong to the virtual router.

1.2.8 Configuring the Interval for Sending VRRP Packets on the Master

The master switch advertises its normal operation state to the backup switch by
sending VRRP packets regularly (at adver-interval). And the backup switch only
receives VRRP packets. If the backup has not received any VRRP packet from the
master within a period of time (specified by master-down-interval), it will consider the
master as down, and then take its place and become the Master.
You can use the following command to set a timer and adjust the interval (adver-interval)
at which Master transmits VRRP packets. The master-down-interval of the Backup
switch is three times that of the adver-interval. The excessive network traffic or the
differences between different switch timers will result in master-down-interval timing out
and state changing abnormally. Such problems can be solved through prolonging the
adver-interval and preemption delay time. adver-interval is measured in seconds.
Perform the following configuration in VLAN interface view to configure the interval for
the master to send VRRP packets:

To do… Use the command…


Configure the interval for the master to vrrp vrid virtual-router-id timer
send VRRP packets advertise adver-interval
undo vrrp vrid virtual-router-id timer
Restore the default
advertise

By default, adver-interval is 1.

Note:
You must configure the same interval for switches within the VRRP group.

1.2.9 Configuring the Switch to Track a Specified Interface

The VRRP interface track function extends the function of a VRRP group. It enables
redundancy between VRRP interfaces, and between other switch interfaces.
You can use the following command to track a specified interface on the master switch.
If the interface is down, the priority of the switch will reduce automatically by the value

1-7
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

specified by value-reduced. Then the backup switch with the highest priority becomes
the new master.
Perform the following configuration in VLAN interface view to configure the switch to
track a specified interface:

To do… Use the command…


vrrp vrid virtual-router-id track
Configure the switch to track a specified
interface vlan-interface vlan-id
interface
[ reduced value-reduced ]
undo vrrp vrid virtual-router-id track
Stop tracking the specified interface
interface vlan-interface vlan-id

By default, priority is reduced by 10.

Note:
z If the switch is an IP address owner, its interfaces cannot be tracked.
z If the interface is up again, the corresponding priority of the switch, will be restored
automatically.
z On each virtual router, a maximum of eight interfaces can be tracked.

1.2.10 Configuring VRRP Link Monitoring

This task allows you to configure the backup VRRP device to monitor the link to the
master. When the monitored link goes down, the backup device immediately switches
to the master state.
The monitored link can be an Ethernet interface, or a manual aggregation group or
static aggregation group.
If the monitored link is an Ethernet interface, the backup device immediately switches
to the master state when the link goes down; if the monitored link is an aggregation
group, the backup device switches to the master state after all the ports in the
aggregation group go down.

1-8
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

Caution:

z Before you configure VRRP link monitoring, it is required that no physical loop exists
and the spanning tree protocol (STP) is not enabled on the network.
z If all the physical links in between are down, the backup device considers that the
master device is down, and then the backup device switches to the master state. At
this time, two master devices may exist, and you need to ensure communication
through networking.
z Make sure that all the links between the master and backup devices are monitored.

Perform the following configuration in VLAN interface view to configure the switch to
monitor a specified link:

To do… Use the command…


Configure the device to vrrp vrid virtual-router-id monitor { interface
monitor the specified interface-type interface-number | link-aggregation
link group group-id }
Disable link monitoring undo vrrp vrid virtual-router-id monitor

By default, link monitoring is disabled.

Note:
z When you configure the device to monitor a specified interface, the interface cannot
belong to any aggregation group (including dynamic aggregation groups).
z After you configure the device to monitor an aggregation group, the aggregation
group cannot be removed directly.
z You cannot configure the device to monitor multiple links.
z After you configure the device to monitor a specified link, you need to use a board
that supports reporting connection failures and configure the link-status hold 0
command globally to meet the performance requirements.

1.2.11 Configuring IFM Tracking

As a special card on softswitch devices, the IP forwarding module (IFM) is the portal of
softswitch, which is used to distribute IP signals. The disconnection with the IFM means
the termination of softswitch; therefore, the reliability of IFM has great importance.

1-9
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

Figure 1-3 Network diagram for IFM devices

As shown in Figure 1-3, the two Layer 3 switches form a VRRP group. Each switch is
enabled to track the status of the corresponding IFM device through the OAM module.
When receiving signals from the IFM device, the priority of the corresponding interface
on a switch will increase by the value specified by value-increased. The switch with a
higher priority becomes the master. When the link of the master is down, the priority will
decrease by a specified value. As a result, the backup will have a higher priority and
become the master switch. Thus, the cooperation between IFM and VRRP through
OAM is implemented.
Perform the following configuration in VLAN interface view to enable/disable IFM
tracking:

To do… Use the command…


vrrp vrid virtual-router-id track ifm [ increased
Enable IFM tracking
value-increased ]
Disable IFM tracking undo vrrp vrid virtual-router-id track ifm

By default, the value of the value-increased argument is 2.

1.2.12 Configuring the Fast Switch Function for a Virtual Router

In VRRP, a backup device can switch to the master state after the specified timer
expires. This mechanism causes delay in state switching and is not applicable to
network environments that require fast state switching because it may interrupt traffic
temporarily. To solve this problem, S9500 series switches support the fast switch
function for the virtual router.
z If the uplink virtual interface tracked by the master goes down, the master device
immediately decreases its priority and sends an advertisement packet.
z Upon receiving the advertisement packet, the backup device compares the priority
in the packet with that of its own. If the backup device has a higher priority, it
switches to the master state immediately.

1-10
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

Perform the following configuration in VLAN interface view to enable/disable the fast
switch function for a virtual router:

To do… Use the command…


Enable the fast switch function
vrrp vrid virtual-router-id fast-switch
for a virtual router
Disable the fast switch
undo vrrp vrid virtual-router-id fast-switch
function for the virtual router

By default, the fast switch function is disabled for a virtual router.

1.3 Displaying and Debugging VRRP


To do… Use the command… Remarks
display vrrp [ interface
Display VRRP state vlan-interface interface-number
information [ virtual-route-identifier ifm | ifm |
vrid virtual-router-id ] ]
Display the configuration
information of the
display vrrp ifm
VRRP-enabled IFM Available in any
device view
display vrrp statistics [ interface
Display VRRP statistics
interface-type interface-number
information
[ vrid virtual-router-id ] ]
display vrrp verbose [ interface
Display VRRP detailed
type number [ vrid
information
virtual-router-id ] ]
reset vrrp statistics [ interface
Clear the statistics
interface-type interface-number
information about VRRP
[ vrid virtual-router-id ] ]
Available in user
debugging vrrp { state | packet |
Enable VRRP debugging view
error }
undo debugging vrrp { state |
Disable VRRP debugging
packet | error }

By default, VRRP debugging is disabled.

1-11
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

1.4 VRRP Configuration Examples


1.4.1 Single VRRP Group Configuration Example

I. Network requirements

Host A takes the VRRP virtual router containing switch A and switch B as its default
gateway to access host B on the Internet.
It is required that:
z The virtual router ID is 1;
z The virtual IP address is 202.38.160.111;
z Switch A is the master and switch B is the backup:
z Preemption is allowed.

II. Network diagram

Host B

10.2.3.1

Internet

VLAN-
- interface3: 10.100.10.2

Switch_B
Switch_A
Virtual IP address:
VLAN- interface2: 202.38.160.1 VLAN- interface2: 202.38.160.2
202.38.160.111

202.38.160.3

Host A

Figure 1-4 Network diagram for VRRP configuration

III. Configuration procedure

1) Configure switch A
# Configure VLAN 2.
[LSW-A] vlan 2
[LSW-A-vlan2] interface vlan 2
[LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0
[LSW-A-vlan-interface2] quit

# Configure VRRP.
[LSW-A] vrrp ping-enable
[LSW-A] interface vlan 2
[LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

1-12
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

[LSW_A-vlan-interface2] vrrp vrid 1 priority 110


[LSW-A-vlan-interface2] vrrp vrid 1 preempt-mode
2) Configure switch B
# Configure VLAN2.
[LSW-B] vlan 2
[LSW-B-vlan2] interface vlan 2
[LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0
[LSW-B-vlan-interface2] quit

# Configure VRRP.
[LSW-B] vrrp ping-enable
[LSW-B] interface vlan 2
[LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
[LSW-B-vlan-interface2] vrrp vrid 1 preempt-mode

The virtual router can be used soon after configuration. Host A can be configured with
the default gateway 202.38.160.111.
Under normal conditions, switch A functions as the gateway. Once switch A breaks
down, switch B will function as the gateway instead.
Configure the preemption mode for switch A, so that it can become the master again
after recovery.

1.4.2 VRRP Interface Tracking Configuration Example

I. Network requirements

See Figure 1-4. If the interface of switch A connected to the Internet is down, switch B
should function as the gateway. This can be implemented by tracking the
corresponding interface.
The virtual router ID is 1. In addition, the MD5 authentication and VRRP packet sending
interval are configured.

II. Network diagram

See Figure 1-4.

III. Configuration procedure

1) Configure switch A
# Configure VLAN2.
[LSW-A] vlan 2
[LSW-A-vlan2] interface vlan 2
[LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0
[LSW-A-vlan-interface2] quit

# Enable the function to ping the virtual IP address of the virtual router.

1-13
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

[H3CLSW-A ] vrrp ping-enable

# Create the VRRP virtual router.


[LSW-A] interface vlan 2
[LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority for the virtual router.


[LSW_A-vlan-interface2] vrrp vrid 1 priority 110

# Set the authentication mode and authentication key for the virtual router.
[LSW_A-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure the interface to send VRRP packets every 5 seconds.


[LSW_A-vlan-interface2] vrrp vrid 1 timer advertise 5

# Track VLAN-interface 3.
[LSW_A-vlan-interface2] vrrp vrid 1 track interface vlan-interface 3 reduced
30
2) Configure switch B
# Configure VLAN2.
[LSW-B] vlan 2
[LSW-B-vlan2] interface vlan 2
[LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0
[LSW-B-vlan-interface2] quit

# Enable the function to ping the virtual IP address of the virtual router.
[H3CLSW-B] vrrp ping-enable

# Create the virtual router.


[LSW-B] interface vlan 2
[LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the authentication mode and authentication key for the virtual router.
[LSW_B-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure the interface to send VRRP packets every five seconds.


[LSW_B-vlan-interface2] vrrp vrid 1 timer advertise 5

Under normal conditions, switch A functions as the gateway. Once VLAN-interface 3 of


switch A is down, its priority will be reduced by 30, lower than that of switch B so that
switch B will become the master.
When VLAN-interface 3 of switch A recovers, it will become the master again.

1.4.3 VRRP Link Monitoring Configuration Example

I. Network requirements

As shown in the figure below:

1-14
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

z No physical loops exist between Switch A, Switch B and Host Server, and STP is
not enabled.
z Switch A is the master while Switch B is the backup. No physical link is available
between Switch A and Host Server.
Normally, Switch A acts as the gateway. The traffic sent from Host Server is forwarded
at Layer 2 through Switch B to Switch A which then forwards the traffic at Layer 3 to the
IP network.
It is required to configure Switch B to monitor the link to Switch A. If Switch A fails or the
link between Switch A and Switch B fails, Switch B becomes the master and acts as the
gateway instead of Switch A. Then, the traffic from Host Server is forwarded to the IP
network directly through Switch B. The state switching delay should be in milliseconds.

II. Network diagram

Figure 1-5 Network diagram for VRRP configuration

III. Configuration procedure

1) Configure Switch A
# Configure VLAN 2.
<LSW-A> system-view
[LSW-A] vlan 2
[LSW-A-vlan2] interface vlan 2
[LSW-A-vlan-interface2] ip address 10.1.1.1 255.255.255.0
[LSW-A-vlan-interface2] quit

# Enable pinging the virtual IP address of the virtual router.


[LSW-A ] vrrp ping-enable

# Create virtual router 1.


[LSW-A] interface vlan 2
[LSW-A-vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.3

1-15
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

# Set the VRRP priority for Switch A.


[LSW-A-vlan-interface2] vrrp vrid 1 priority 110
2) Configure Switch B
# Configure VLAN 2.
<LSW-B> system-view
[LSW-B] vlan 2
[LSW-B-vlan2] interface vlan 2
[LSW-B-vlan-interface2] ip address 10.1.1.2 255.255.255.0
[LSW-B-vlan-interface2] quit

# Enable pinging the virtual IP address of the virtual router.


[LSW-B] vrrp ping-enable

# Create virtual router 1.


[LSW-B] interface vlan 2
[LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.3

# Enable Switch B to monitor interface Ethernet 2/1/1.


[LSW-B-vlan-interface2] vrrp vrid 1 monitor interface Ethernet 2/1/1
[LSW-B-vlan-interface2] quit

# Configure the global link state holdtime.


[LSW-B] link-status hold 0

1.4.4 IFM Tracking Configuration Example

I. Network requirements

As shown in the following figure, an IFM softswitch device is attached to a switch.


It is required to configure the two switches as a VRRP group and configure IFM tracking
to track the IFM devices through OAM. A switch that can receive signals from the
corresponding IFM device increases its priority with a specified value to influence
master switch election.

II. Network diagram

Figure 1-6 Network diagram for IFM tracking

1-16
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

III. Configuration procedure

1) Configure Switch A
# Configure VLAN 2.
[Switch A] vlan 2
[Switch A-vlan2] interface vlan-interface 2
[Switch A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0
[Switch A-Vlan-interface2] quit

# Enable OAM.
[Switch A] Ethernet3/1/1
[Switch A-Ethernet3/1/1] oam ethernet mode passive
[Switch A-Ethernet3/1/1] oam ethernet enable
[Switch A-Ethernet3/1/1] quit

# Enable the function of pinging the virtual IP address of the virtual router.
[Switch A] vrrp ping-enable

# Configure the virtual router.


[Switch A] interface vlan-interface 2
[Switch A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority of the virtual router.


[Switch A-Vlan-interface2] vrrp vrid 1 priority 105

# Set the authentication mode and authentication key for the virtual router.
[Switch A-Vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure IFM tracking, and set the increased value to 10.


[Switch A-Vlan-interface2] vrrp vrid 1 track ifm increased 10
2) Configure Switch B
# Configure VLAN2.
[Switch B] vlan 2
[Switch B-vlan2] interface vlan-interface 2
[Switch B-Vlan-interface2] ip address 202.38.160.2 255.255.255.0
[Switch B-Vlan-interface2] quit

# Enable OAM.
[Switch B] Ethernet3/1/1
[Switch B-Ethernet3/1/1] oam ethernet mode passive
[Switch B-Ethernet3/1/1] oam ethernet enable
[Switch B-Ethernet3/1/1] quit

# Enable the function to ping the virtual IP address of the virtual router.
[Switch B] vrrp ping-enable

# Create the virtual router.

1-17
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

[Switch B] interface vlan 2


[Switch B-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the authentication mode and authentication key for the virtual router.
[Switch B-Vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure IFM tracking, and set the increased value to 10.


[Switch B-Vlan-interface2] vrrp vrid 1 track ifm increased 10

Note:
Switch A acts as the gateway in normal cases. When Switch B tracks the state of the
IFM device being Master through OAM, the priority of Switch B will be increased by 10,
greater than that of Switch A (105), and Switch B will turn the Master and act as the
gateway.

1.4.5 Multiple Virtual Routers Configuration Example

I. Network requirements

A switch can function as a backup switch for multiple virtual routers to implement load
balancing. See Figure 1-4. For example, Switch A, the master switch of virtual router 1,
can be the backup switch for virtual router 2, and Switch B can be the backup switch for
virtual router 1. Some hosts employ virtual router 1 as the gateway, while others employ
virtual router 2 as the gateway. In this way, both load balancing and backup are
implemented.

II. Network diagram

Refer to Figure 1-4.

III. Configuration procedure

1) Configure switch A
# Configure VLAN2.
[LSW-A] vlan 2
[LSW-A-vlan2] interface vlan 2
[LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0

# Create virtual router 1.


[LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority for the virtual router.


[LSW_A-vlan-interface2] vrrp vrid 1 priority 150

1-18
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

# Create virtual router 2.


[LSW_A-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112
2) Configure switch B
# Configure VLAN2.
[LSW-B] vlan 2
[LSW-B-vlan2] interface vlan 2
[LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0

# Create virtual router 1.


[LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Create virtual router 2.


[LSW_B-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112

# Set the priority for the virtual router.


[LSW_B-vlan-interface2] vrrp vrid 2 priority 110

Note:
Multiple virtual routers are often used in actual network applications.

1.5 Troubleshooting VRRP


As the configuration of VRRP is not very complicated, almost all the malfunctions can
be found through viewing the configuration and debugging information. Here are some
possible failures you might meet and the corresponding troubleshooting methods.

I. Symptom 1: Frequent prompts of configuration errors on the console

This indicates that incorrect VRRP packets have been received. It may be because of
the inconsistent configuration of another switch within the virtual router, or the attempts
of some devices to send out illegal VRRP packets. The first possible fault can be solved
through modifying the configuration. And as the second possibility is caused by the
malicious attempt of some devices, non-technical measures should be resorted to.

II. Symptom 2: More than one Master existing within the same virtual router

There are also 2 reasons. One is short time coexistence of many master switches,
which is normal and needs no manual intervention. Another is the long time
coexistence of many Master switches, which may be because switches in the virtual
router cannot receive VRRP packets from each other, or receive some illegal packets.
To solve such problems, an attempt should be made to ping the master switches. If
such an attempt fails, check the device connectivity. If they can be pinged, check the

1-19
Operation Manual – VRRP
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration

VRRP configuration. For the configuration of the same VRRP virtual router, complete
consistency for the number of virtual IP addresses, each virtual IP address, timer
duration and authentication type must be guaranteed.

III. Symptom 3: Frequent Master/Backup switchovers

Such problem occurs when the virtual router timer duration is too short. So the problem
can be solved through prolonging this duration or the preemption delay.

1-20

You might also like