Operation Manual VRRP H3C S9500 Series Routing Switches

Table of Contents

Table of Contents
Chapter 1 VRRP Configuration .................................................................................................... 1-1 1.1 Introduction to VRRP ......................................................................................................... 1-1 1.2 Configuring VRRP ............................................................................................................. 1-2 1.2.1 Configuring the Function of Pinging the Virtual IP Address.................................... 1-3 1.2.2 Configuring the TTL Value Check for VRRP Packets............................................. 1-3 1.2.3 Configuring the Mapping Mode between Virtual IP Address and MAC Address ............ 1-3 1.2.4 Configuring a Virtual IP Address ............................................................................. 1-4 1.2.5 Configuring a Priority for a Switch in the VRRP Group........................................... 1-4 1.2.6 Configuring Preemption and Delay for a Switch in a VRRP Group ........................ 1-5 1.2.7 Configuring Authentication Type and Authentication Key....................................... 1-6 1.2.8 Configuring the Interval for Sending VRRP Packets on the Master ....................... 1-7 1.2.9 Configuring the Switch to Track a Specified Interface ............................................ 1-7 1.2.10 Configuring VRRP Link Monitoring ....................................................................... 1-8 1.2.11 Configuring IFM Tracking...................................................................................... 1-9 1.2.12 Configuring the Fast Switch Function for a Virtual Router.................................. 1-10 1.3 Displaying and Debugging VRRP.................................................................................... 1-11 1.4 VRRP Configuration Examples........................................................................................ 1-12 1.4.1 Single VRRP Group Configuration Example......................................................... 1-12 1.4.2 VRRP Interface Tracking Configuration Example................................................. 1-13 1.4.3 VRRP Link Monitoring Configuration Example ..................................................... 1-14 1.4.4 IFM Tracking Configuration Example.................................................................... 1-16 1.4.5 Multiple Virtual Routers Configuration Example ................................................... 1-18 1.5 Troubleshooting VRRP .................................................................................................... 1-19

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

Chapter 1 VRRP Configuration

When configuring VRRP, go to these sections for information you are interested in: Introduction to VRRP Configuring VRRP Displaying and Debugging VRRP VRRP Configuration Examples Troubleshooting VRRP

1.1 Introduction to VRRP

The Virtual Router Redundancy Protocol (VRRP) is a fault-tolerant protocol. In general, a default route (for example, 10.100.10.1 as shown in the following internetworking diagram) is configured for every host on the network, so that the packets destined to some other network segment from the hosts will go through the default route to the Layer 3 Switch. If Switch is down, all the hosts taking Switch as the next-hop will be disconnected from the external network.

Network

Switch 10.100.10.1 10.100.10.7 Ethernet 10.100.10.8

10.100.10.9

Host 1

Host 2

Host 3

Figure 1-1 Network diagram for LAN VRRP, designed for LANs with multicast and broadcast capabilities (such as Ethernet) settles the above problem. VRRP integrates a group of LAN switches (including a Master and several Backups) into a virtual router. The diagram below is taken as an example to explain how VRRP works.

1-1

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

Network Actual IP address10.100.10.2 Master Actual IP address10.100.10.3 Backup

Virtual IP address10.100.10.1 10.100.10.7

Ethernet 10.100.10.8

Virtual IP address10.100.10.1 10.100.10.9

Host 1

Host 2

Host 3

Figure 1-2 Network diagram for virtual router This virtual router has its own IP address: 10.100.10.1 (which can be the interface address of a switch within the virtual router). The switches within the virtual router have their own IP addresses (such as 10.100.10.2 for the Master switch and 10.100.10.3 for the Backup switch). The hosts on the LAN only know the IP address of this virtual router 10.100.10.1 (usually called as virtual IP address of the virtual router), but not the specific IP addresses 10.100.10.2 of the Master switch and 10.100.10.3 of the Backup switch. A default route with the next hop 10.100.10.1 is configured on the hosts. Therefore, hosts within the network will communicate with the external network through this virtual router. If the Master switch in the virtual group breaks down, another Backup switch will function as the new Master switch to continue serving the hosts without any interruption.

1.2 Configuring VRRP

The following sections describe the VRRP configuration tasks: Configuring the Function of Pinging the Virtual IP Address Configuring the TTL Value Check for VRRP Packets Configuring the Mapping Mode between Virtual IP Address and MAC Address Configuring a Virtual IP Address Configuring a Priority for a Switch in the VRRP Group Configuring Preemption and Delay for a Switch in a VRRP Group Configuring Authentication Type and Authentication Key Configuring the Interval for Sending VRRP Packets on the Master Configuring the Switch to Track a Specified Interface Configuring VRRP Link Monitoring Configuring IFM Tracking Configuring the Fast Switch Function for a Virtual Router

1-2

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

1.2.1 Configuring the Function of Pinging the Virtual IP Address

This task is to enable/disable the function of pinging the IP address of the virtual router. With this function enabled, you can ping the virtual IP address of the virtual router or telnet to the virtual IP address of the virtual router. Perform the following configuration in system view to enable/disable the ping function: To do Enable the ping function Disable to ping function Use the command vrrp ping-enable undo vrrp ping-enable

By default, the ping function is enabled, that is, you can ping or telnet to the virtual IP address of the virtual router. You should enable the ping function before configuring the virtual router. If VRRP is already configured on the switch, it is not allowed to modify the configuration.

1.2.2 Configuring the TTL Value Check for VRRP Packets

This task is to enable/disable the TTL value check for VRRP packets on the backup switch. The TTL value must be 225. If the backup switch finds the TTL of a VRRP packet is not 225, the packet will be discarded. Perform the following configuration in VLAN interface view to enable/disable the TTL value check for VRRP packets: To do Disable the TTL value check for VRRP packets Enable the TTL value check for VRRP packets Use the command vrrp un-check ttl undo vrrp un-check ttl

1.2.3 Configuring the Mapping Mode between Virtual IP Address and MAC Address
This task is to configure the mapping mode between virtual lP address and MAC address. In VRRP, the virtual IP address of the virtual router corresponds to the virtual MAC address, to ensure correct data forwarding. Depending on the chips installed, some switches support mapping one virtual IP address to multiple MAC addresses. S9500 series not only guarantee correct data forwarding in the subnet, but also allow you to specify a mapping mode, either virtual IP address to real MAC address mapping or virtual IP address to virtual MAC address mapping. Perform the following configuration in system view to configure IP-to-MAC mappings:

1-3

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

To do Specify a mapping mode for the virtual IP address Restore the default

Use the command vrrp method { real-mac | virtual-mac } undo vrrp method

By default, the virtual IP address of the virtual router corresponds to the virtual MAC address. You should perform this configuration only before configuring the virtual router.

1.2.4 Configuring a Virtual IP Address

This task is to assign a virtual IP address to a virtual router or remove an assigned virtual IP address. Perform the following configuration in VLAN interface view to add/delete a virtual IP address: To do Assign a virtual IP address to a virtual router Delete a virtual IP address Use the command vrrp vrid virtual-router-id virtual-ip virtual-address undo vrrp vrid virtual-router-id [ virtual-ip virtual-address ]

The virtual-router-id ranges from 1 to 255. The virtual-address can be an unused address in the network segment where the virtual router resides, or the IP address of an interface in the virtual router. If the virtual address is the same as the real IP address of a member switch in the virtual router, the switch is called an IP Address Owner. When assigning an IP address to a nonexistent virtual router, the system will create a new virtual router accordingly. When adding a new address to an existing virtual router, the system will directly add it into the virtual IP address list. After the last virtual IP address is removed from the virtual router, the whole virtual router will also be removed. That is, there is no virtual router on the interface any more and any configuration of it is invalid accordingly.

1.2.5 Configuring a Priority for a Switch in the VRRP Group

The status of each switch in the virtual router will be determined by its priority in VRRP. The switch with the highest priority will become the master. Perform the following configuration in VLAN interface view to configure a priority for the switch in the virtual router:

1-4

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

To do Configure a priority for the switch in the virtual router. Remove the priority setting of the switch

Use the command vrrp vrid virtual-router-id priority priority undo vrrp vrid virtual-router-id priority

The priority ranges from 0 to 255. The greater the number, the higher the priority. However the value can only be taken from 1 to 254. The priority 0 is reserved for special use and priority 255 is reserved for the IP address owner by the system. By default, the priority is 100.

Note: The priority for IP address owner is always 255, which cannot be configured.

1.2.6 Configuring Preemption and Delay for a Switch in a VRRP Group

Once a switch in the VRRP group becomes the master, as long as it still functions properly, other switches, even configured with a higher priority later, cannot become the master unless they are configured to work in preemption mode. The switch in preemption mode will become the master switch, when it finds its own priority is higher than that of the current master switch. Accordingly, the former master switch will become a backup switch. Together with the preemption setting, a delay can also be set. In this way, a backup will wait for a period of time before becoming the new master. In an unstable network if the backup switch has not received the packets from the master switch punctually, it will become the master switch. However, the receiving failure may be due to network congestion, instead of the malfunction of the master switch. In this case, the backup will receive the packets after a while. The delay setting can thereby avoid the frequent status changing. Perform the following configuration in VLAN interface view to configure preemption and delay for a switch within a virtual router: To do Enable the preemption mode and configure a delay. Disable the preemption mode. Use the command vrrp vrid virtual-router-id preempt-mode [ timer delay delay-value ] undo vrrp vrid virtual-router-id preempt-mode

1-5

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

The delay in seconds ranges from 0 to 255. By default, the preemption mode is enabled with a delay of 0 seconds.

Note: If preemption mode is disabled, the delay will automatically become 0 seconds.

1.2.7 Configuring Authentication Type and Authentication Key

VRRP provides following authentication types: simple: Simple character authentication md5: MD5 authentication In a network under possible security threats, the authentication type can be set to simple. Then the switch will add the authentication key into the VRRP packets before transmitting it. The receiver will compare the authentication key of the packet with the locally configured one. If they are the same, the packet will be taken as a true and legal one. Otherwise it will be regarded as an illegal packet and discarded. In this case, an authentication key not exceeding 8 characters should be configured. In a totally unsafe network, the authentication type can be set to md5. The switch will use the authentication type and MD5 algorithm provided by the Authentication Header to authenticate the VRRP packets. In this case an authentication key not exceeding 8 characters should be configured. Those packets failing to pass the authentication will be discarded and a trap packet will be sent to the network management system. Perform the following configuration in VLAN interface view to configure authentication type and authentication key: To do Configure authentication type and authentication key Remove the authentication type and authentication key Use the command vrrp vrid virtual-router-id authentication-mode { md5 | simple } key undo vrrp vrid virtual-router-id authentication-mode

By default, no authentication is performed.

1-6

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

Note: The same authentication type and authentication key should be configured for all VLAN interfaces that belong to the virtual router.

1.2.8 Configuring the Interval for Sending VRRP Packets on the Master
The master switch advertises its normal operation state to the backup switch by sending VRRP packets regularly (at adver-interval). And the backup switch only receives VRRP packets. If the backup has not received any VRRP packet from the master within a period of time (specified by master-down-interval), it will consider the master as down, and then take its place and become the Master. You can use the following command to set a timer and adjust the interval (adver-interval) at which Master transmits VRRP packets. The master-down-interval of the Backup switch is three times that of the adver-interval. The excessive network traffic or the differences between different switch timers will result in master-down-interval timing out and state changing abnormally. Such problems can be solved through prolonging the adver-interval and preemption delay time. adver-interval is measured in seconds. Perform the following configuration in VLAN interface view to configure the interval for the master to send VRRP packets: To do Configure the interval for the master to send VRRP packets Restore the default Use the command vrrp vrid virtual-router-id timer advertise adver-interval undo vrrp vrid virtual-router-id timer advertise

By default, adver-interval is 1.

Note: You must configure the same interval for switches within the VRRP group.

1.2.9 Configuring the Switch to Track a Specified Interface

The VRRP interface track function extends the function of a VRRP group. It enables redundancy between VRRP interfaces, and between other switch interfaces. You can use the following command to track a specified interface on the master switch. If the interface is down, the priority of the switch will reduce automatically by the value
1-7

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

specified by value-reduced. Then the backup switch with the highest priority becomes the new master. Perform the following configuration in VLAN interface view to configure the switch to track a specified interface: To do Configure the switch to track a specified interface Stop tracking the specified interface Use the command vrrp vrid virtual-router-id track interface vlan-interface vlan-id [ reduced value-reduced ] undo vrrp vrid virtual-router-id track interface vlan-interface vlan-id

By default, priority is reduced by 10.

Note: If the switch is an IP address owner, its interfaces cannot be tracked. If the interface is up again, the corresponding priority of the switch, will be restored automatically. On each virtual router, a maximum of eight interfaces can be tracked.

1.2.10 Configuring VRRP Link Monitoring

This task allows you to configure the backup VRRP device to monitor the link to the master. When the monitored link goes down, the backup device immediately switches to the master state. The monitored link can be an Ethernet interface, or a manual aggregation group or static aggregation group. If the monitored link is an Ethernet interface, the backup device immediately switches to the master state when the link goes down; if the monitored link is an aggregation group, the backup device switches to the master state after all the ports in the aggregation group go down.

1-8

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

Caution: Before you configure VRRP link monitoring, it is required that no physical loop exists and the spanning tree protocol (STP) is not enabled on the network. If all the physical links in between are down, the backup device considers that the master device is down, and then the backup device switches to the master state. At this time, two master devices may exist, and you need to ensure communication through networking. Make sure that all the links between the master and backup devices are monitored.

Perform the following configuration in VLAN interface view to configure the switch to monitor a specified link: To do Configure the device to monitor the specified link Disable link monitoring Use the command vrrp vrid virtual-router-id monitor { interface interface-type interface-number | link-aggregation group group-id } undo vrrp vrid virtual-router-id monitor

By default, link monitoring is disabled.

Note: When you configure the device to monitor a specified interface, the interface cannot belong to any aggregation group (including dynamic aggregation groups). After you configure the device to monitor an aggregation group, the aggregation group cannot be removed directly. You cannot configure the device to monitor multiple links. After you configure the device to monitor a specified link, you need to use a board that supports reporting connection failures and configure the link-status hold 0 command globally to meet the performance requirements.

1.2.11 Configuring IFM Tracking

As a special card on softswitch devices, the IP forwarding module (IFM) is the portal of softswitch, which is used to distribute IP signals. The disconnection with the IFM means the termination of softswitch; therefore, the reliability of IFM has great importance.

1-9

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

Figure 1-3 Network diagram for IFM devices As shown in Figure 1-3, the two Layer 3 switches form a VRRP group. Each switch is enabled to track the status of the corresponding IFM device through the OAM module. When receiving signals from the IFM device, the priority of the corresponding interface on a switch will increase by the value specified by value-increased. The switch with a higher priority becomes the master. When the link of the master is down, the priority will decrease by a specified value. As a result, the backup will have a higher priority and become the master switch. Thus, the cooperation between IFM and VRRP through OAM is implemented. Perform the following configuration in VLAN interface view to enable/disable IFM tracking: To do Enable IFM tracking Disable IFM tracking Use the command vrrp vrid virtual-router-id track ifm [ increased value-increased ] undo vrrp vrid virtual-router-id track ifm

By default, the value of the value-increased argument is 2.

1.2.12 Configuring the Fast Switch Function for a Virtual Router

In VRRP, a backup device can switch to the master state after the specified timer expires. This mechanism causes delay in state switching and is not applicable to network environments that require fast state switching because it may interrupt traffic temporarily. To solve this problem, S9500 series switches support the fast switch function for the virtual router. If the uplink virtual interface tracked by the master goes down, the master device immediately decreases its priority and sends an advertisement packet. Upon receiving the advertisement packet, the backup device compares the priority in the packet with that of its own. If the backup device has a higher priority, it switches to the master state immediately.

1-10

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

Perform the following configuration in VLAN interface view to enable/disable the fast switch function for a virtual router: To do Enable the fast switch function for a virtual router Disable the fast switch function for the virtual router Use the command vrrp vrid virtual-router-id fast-switch undo vrrp vrid virtual-router-id fast-switch

By default, the fast switch function is disabled for a virtual router.

1.3 Displaying and Debugging VRRP

To do Display VRRP state information Display the configuration information of the VRRP-enabled IFM device Display VRRP statistics information Display VRRP detailed information Clear the statistics information about VRRP Enable VRRP debugging Disable VRRP debugging Use the command display vrrp [ interface vlan-interface interface-number [ virtual-route-identifier ifm | ifm | vrid virtual-router-id ] ] Remarks

display vrrp ifm Available in any view display vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ] display vrrp verbose [ interface type number [ vrid virtual-router-id ] ] reset vrrp statistics [ interface interface-type interface-number [ vrid virtual-router-id ] ] debugging vrrp { state | packet | error } undo debugging vrrp { state | packet | error } Available in user view

By default, VRRP debugging is disabled.

1-11

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

1.4 VRRP Configuration Examples

1.4.1 Single VRRP Group Configuration Example
I. Network requirements
Host A takes the VRRP virtual router containing switch A and switch B as its default gateway to access host B on the Internet. It is required that: The virtual router ID is 1; The virtual IP address is 202.38.160.111; Switch A is the master and switch B is the backup: Preemption is allowed.

II. Network diagram

Host B 10.2.3.1

Internet
VLAN- interface3: 10.100.10.2 -

Switch_A VLAN- interface2: 202.38.160.1 Virtual IP address: 202.38.160.111 202.38.160.3

Switch_B VLAN- interface2: 202.38.160.2

Host A

Figure 1-4 Network diagram for VRRP configuration

III. Configuration procedure

1) Configure switch A

# Configure VLAN 2.
[LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0 [LSW-A-vlan-interface2] quit

# Configure VRRP.
[LSW-A] vrrp ping-enable [LSW-A] interface vlan 2 [LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

1-12

Operation Manual VRRP H3C S9500 Series Routing Switches

[LSW_A-vlan-interface2] vrrp vrid 1 priority 110 [LSW-A-vlan-interface2] vrrp vrid 1 preempt-mode

Chapter 1 VRRP Configuration

2)

Configure switch B

# Configure VLAN2.
[LSW-B] vlan 2 [LSW-B-vlan2] interface vlan 2 [LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0 [LSW-B-vlan-interface2] quit

# Configure VRRP.
[LSW-B] vrrp ping-enable [LSW-B] interface vlan 2 [LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111 [LSW-B-vlan-interface2] vrrp vrid 1 preempt-mode

The virtual router can be used soon after configuration. Host A can be configured with the default gateway 202.38.160.111. Under normal conditions, switch A functions as the gateway. Once switch A breaks down, switch B will function as the gateway instead. Configure the preemption mode for switch A, so that it can become the master again after recovery.

1.4.2 VRRP Interface Tracking Configuration Example

I. Network requirements
See Figure 1-4. If the interface of switch A connected to the Internet is down, switch B should function as the gateway. This can be implemented by tracking the corresponding interface. The virtual router ID is 1. In addition, the MD5 authentication and VRRP packet sending interval are configured.

II. Network diagram

See Figure 1-4.

III. Configuration procedure

1) Configure switch A

# Configure VLAN2.
[LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0 [LSW-A-vlan-interface2] quit

# Enable the function to ping the virtual IP address of the virtual router.
1-13

Operation Manual VRRP H3C S9500 Series Routing Switches

[H3CLSW-A ] vrrp ping-enable

Chapter 1 VRRP Configuration

# Create the VRRP virtual router.

[LSW-A] interface vlan 2 [LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority for the virtual router.

[LSW_A-vlan-interface2] vrrp vrid 1 priority 110

# Set the authentication mode and authentication key for the virtual router.
[LSW_A-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure the interface to send VRRP packets every 5 seconds.

[LSW_A-vlan-interface2] vrrp vrid 1 timer advertise 5

# Track VLAN-interface 3.
[LSW_A-vlan-interface2] vrrp vrid 1 track interface vlan-interface 3 reduced 30

2)

Configure switch B

# Configure VLAN2.
[LSW-B] vlan 2 [LSW-B-vlan2] interface vlan 2 [LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0 [LSW-B-vlan-interface2] quit

# Enable the function to ping the virtual IP address of the virtual router.
[H3CLSW-B] vrrp ping-enable

# Create the virtual router.

[LSW-B] interface vlan 2 [LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the authentication mode and authentication key for the virtual router.
[LSW_B-vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure the interface to send VRRP packets every five seconds.

[LSW_B-vlan-interface2] vrrp vrid 1 timer advertise 5

Under normal conditions, switch A functions as the gateway. Once VLAN-interface 3 of switch A is down, its priority will be reduced by 30, lower than that of switch B so that switch B will become the master. When VLAN-interface 3 of switch A recovers, it will become the master again.

1.4.3 VRRP Link Monitoring Configuration Example

I. Network requirements
As shown in the figure below:
1-14

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

No physical loops exist between Switch A, Switch B and Host Server, and STP is not enabled. Switch A is the master while Switch B is the backup. No physical link is available between Switch A and Host Server. Normally, Switch A acts as the gateway. The traffic sent from Host Server is forwarded at Layer 2 through Switch B to Switch A which then forwards the traffic at Layer 3 to the IP network. It is required to configure Switch B to monitor the link to Switch A. If Switch A fails or the link between Switch A and Switch B fails, Switch B becomes the master and acts as the gateway instead of Switch A. Then, the traffic from Host Server is forwarded to the IP network directly through Switch B. The state switching delay should be in milliseconds.

II. Network diagram

Figure 1-5 Network diagram for VRRP configuration

III. Configuration procedure

1) Configure Switch A

# Configure VLAN 2.
<LSW-A> system-view [LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 10.1.1.1 255.255.255.0 [LSW-A-vlan-interface2] quit

# Enable pinging the virtual IP address of the virtual router.

[LSW-A ] vrrp ping-enable

# Create virtual router 1.

[LSW-A] interface vlan 2 [LSW-A-vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.3

1-15

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

# Set the VRRP priority for Switch A.

[LSW-A-vlan-interface2] vrrp vrid 1 priority 110

2)

Configure Switch B

# Configure VLAN 2.
<LSW-B> system-view [LSW-B] vlan 2 [LSW-B-vlan2] interface vlan 2 [LSW-B-vlan-interface2] ip address 10.1.1.2 255.255.255.0 [LSW-B-vlan-interface2] quit

# Enable pinging the virtual IP address of the virtual router.

[LSW-B] vrrp ping-enable

# Create virtual router 1.

[LSW-B] interface vlan 2 [LSW-B-vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.3

# Enable Switch B to monitor interface Ethernet 2/1/1.

[LSW-B-vlan-interface2] vrrp vrid 1 monitor interface Ethernet 2/1/1 [LSW-B-vlan-interface2] quit

# Configure the global link state holdtime.

[LSW-B] link-status hold 0

1.4.4 IFM Tracking Configuration Example

I. Network requirements
As shown in the following figure, an IFM softswitch device is attached to a switch. It is required to configure the two switches as a VRRP group and configure IFM tracking to track the IFM devices through OAM. A switch that can receive signals from the corresponding IFM device increases its priority with a specified value to influence master switch election.

II. Network diagram

Figure 1-6 Network diagram for IFM tracking

1-16

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

III. Configuration procedure

1) Configure Switch A

# Configure VLAN 2.
[Switch A] vlan 2 [Switch A-vlan2] interface vlan-interface 2 [Switch A-Vlan-interface2] ip address 202.38.160.1 255.255.255.0 [Switch A-Vlan-interface2] quit

# Enable OAM.
[Switch A] Ethernet3/1/1 [Switch A-Ethernet3/1/1] oam ethernet mode passive [Switch A-Ethernet3/1/1] oam ethernet enable [Switch A-Ethernet3/1/1] quit

# Enable the function of pinging the virtual IP address of the virtual router.
[Switch A] vrrp ping-enable

# Configure the virtual router.

[Switch A] interface vlan-interface 2 [Switch A-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority of the virtual router.

[Switch A-Vlan-interface2] vrrp vrid 1 priority 105

# Set the authentication mode and authentication key for the virtual router.
[Switch A-Vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure IFM tracking, and set the increased value to 10.

[Switch A-Vlan-interface2] vrrp vrid 1 track ifm increased 10

2)

Configure Switch B

# Configure VLAN2.
[Switch B] vlan 2 [Switch B-vlan2] interface vlan-interface 2 [Switch B-Vlan-interface2] ip address 202.38.160.2 255.255.255.0 [Switch B-Vlan-interface2] quit

# Enable OAM.
[Switch B] Ethernet3/1/1 [Switch B-Ethernet3/1/1] oam ethernet mode passive [Switch B-Ethernet3/1/1] oam ethernet enable [Switch B-Ethernet3/1/1] quit

# Enable the function to ping the virtual IP address of the virtual router.
[Switch B] vrrp ping-enable

# Create the virtual router.

1-17

Operation Manual VRRP H3C S9500 Series Routing Switches

[Switch B] interface vlan 2

Chapter 1 VRRP Configuration

[Switch B-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the authentication mode and authentication key for the virtual router.
[Switch B-Vlan-interface2] vrrp vrid 1 authentication-mode md5 switch

# Configure IFM tracking, and set the increased value to 10.

[Switch B-Vlan-interface2] vrrp vrid 1 track ifm increased 10

Note: Switch A acts as the gateway in normal cases. When Switch B tracks the state of the IFM device being Master through OAM, the priority of Switch B will be increased by 10, greater than that of Switch A (105), and Switch B will turn the Master and act as the gateway.

1.4.5 Multiple Virtual Routers Configuration Example

I. Network requirements
A switch can function as a backup switch for multiple virtual routers to implement load balancing. See Figure 1-4. For example, Switch A, the master switch of virtual router 1, can be the backup switch for virtual router 2, and Switch B can be the backup switch for virtual router 1. Some hosts employ virtual router 1 as the gateway, while others employ virtual router 2 as the gateway. In this way, both load balancing and backup are implemented.

II. Network diagram

Refer to Figure 1-4.

III. Configuration procedure

1) Configure switch A

# Configure VLAN2.
[LSW-A] vlan 2 [LSW-A-vlan2] interface vlan 2 [LSW-A-vlan-interface2] ip address 202.38.160.1 255.255.255.0

# Create virtual router 1.

[LSW_A-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Set the priority for the virtual router.

[LSW_A-vlan-interface2] vrrp vrid 1 priority 150

1-18

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

# Create virtual router 2.

[LSW_A-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112

2)

Configure switch B

# Configure VLAN2.
[LSW-B] vlan 2 [LSW-B-vlan2] interface vlan 2 [LSW-B-vlan-interface2] ip address 202.38.160.2 255.255.255.0

# Create virtual router 1.

[LSW_B-vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111

# Create virtual router 2.

[LSW_B-vlan-interface2] vrrp vrid 2 virtual-ip 202.38.160.112

# Set the priority for the virtual router.

[LSW_B-vlan-interface2] vrrp vrid 2 priority 110

Note: Multiple virtual routers are often used in actual network applications.

1.5 Troubleshooting VRRP

As the configuration of VRRP is not very complicated, almost all the malfunctions can be found through viewing the configuration and debugging information. Here are some possible failures you might meet and the corresponding troubleshooting methods.

I. Symptom 1: Frequent prompts of configuration errors on the console

This indicates that incorrect VRRP packets have been received. It may be because of the inconsistent configuration of another switch within the virtual router, or the attempts of some devices to send out illegal VRRP packets. The first possible fault can be solved through modifying the configuration. And as the second possibility is caused by the malicious attempt of some devices, non-technical measures should be resorted to.

II. Symptom 2: More than one Master existing within the same virtual router
There are also 2 reasons. One is short time coexistence of many master switches, which is normal and needs no manual intervention. Another is the long time coexistence of many Master switches, which may be because switches in the virtual router cannot receive VRRP packets from each other, or receive some illegal packets. To solve such problems, an attempt should be made to ping the master switches. If such an attempt fails, check the device connectivity. If they can be pinged, check the

1-19

Operation Manual VRRP H3C S9500 Series Routing Switches

Chapter 1 VRRP Configuration

VRRP configuration. For the configuration of the same VRRP virtual router, complete consistency for the number of virtual IP addresses, each virtual IP address, timer duration and authentication type must be guaranteed.

III. Symptom 3: Frequent Master/Backup switchovers

Such problem occurs when the virtual router timer duration is too short. So the problem can be solved through prolonging this duration or the preemption delay.

1-20