Huawei VRRP Ingles

Contents
7 VRRP Configuration
7.1 Introduction to VRRP
7.2 Principles
7.2.1 Basic Concepts of VRRP
7.2.2 VRRPv2 and VRRPv3 Advertisement Packets
7.2.3 VRRP Implementation
7.2.4 VRRP in Active/Standby Mode
7.2.5 VRRP in Load Balancing Mode
7.3 Applicable Scenarios
7.3.1 Association Between a VRRP Group and the Interface Status to Monitor the Uplink Interface
7.3.2 Association Between VRRP and BFD/NQA/Routing to Monitor the Uplink
7.3.3 Association Between VRRP and BFD to Implement a Rapid Active/Standby Switchover
7.4 Configuration Task Summary
7.5 Configuration Notes
7.6 Default Configuration
7.7 Configuring VRRP
7.7.1 Configuring Basic Functions of an IPv4 VRRP Group
7.7.1.1 Creating a VRRP Group
7.7.1.2 Setting the Device Priority in a VRRP Group
7.7.1.3 (Optional) Configuring the VRRP Version Number
7.7.1.4 (Optional) Configuring VRRP Time Parameters
7.7.1.5 (Optional) Setting the Mode in Which VRRP Advertisement Packets Are Sent in a Super-VLAN
7.7.1.6 (Optional) Disabling VRRP TTL Check
7.7.1.7 (Optional) Setting the Authentication Mode of VRRP Advertisement Packets
7.7.1.8 (Optional) Enabling Ping to a Virtual IP Address
7.7.1.9 Checking the Configuration
7.7.2 Configuring VRRP Association
7.7.2.1 Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby Switchover
7.7.2.2 Configuring Association Between VRRP and the Interface Status to Implement an Active/Standby Switchover
7.7.2.3 Configuring Association Between VRRP and BFD to Monitor the Uplink Status
7.7.2.4 Configuring Association Between VRRP and NQA to Monitor the Uplink Status
7.7.2.5 Configuring Association Between VRRP and Routing to Monitor the Uplink Status
7.7.3.1 Creating a VRRP6 Group
7.7.3.2 Setting the Device Priority in a VRRP6 Group
7.7.3.3 (Optional) Configuring VRRP6 Time Parameters
7.7.3.4 (Optional) Disabling VRRP6 TTL Check
7.7.4 Configuring VRRP6 Association
7.7.4.1 Configuring Association Between VRRP6 and the Interface Status to Implement an Active/Standby Switchover
7.7.4.2 Associating VRRP6 with a Route to Implement a Rapid Master/Backup VRRP6 Switchover
7.8 Maintaining VRRP
7.8.1 Monitoring the VRRP Running Status
7.8.2 Clearing VRRP Advertisement Packet Statistics
7.9 Configuration Examples
7.9.1 Example for Configuring a VRRP Group in Active/Standby Mode
7.9.2 Example for Configuring a VRRP Group in Multi-gateway Load Balancing Mode
7.9.3 Example for Configuring Association Between VRRP and BFD to Implement a Rapid Active/Standby Switchover
7.9.4 Example for Configuring Association Between VRRP and the Interface Status
7.9.5 Example for Configuring Association Between VRRP and BFD to Monitor the Uplink Status
7.9.6 Example for Configuring Association Between VRRP and NQA to Monitor the Uplink Status
7.9.7 Example for Configuring Association Between VRRP and Routing to Monitor the Uplink Status
7.9.8 Example for Configuring VRRP on a Dot1q Termination Sub-interface
7.9.9 Example for Configuring VRRP on a QinQ Termination Sub-interface
7.9.10 Example for Configuring a VRRP6 Group in Active/Standby Mode
7.9.11 Example for Configuring a VRRP6 Group in Load Balancing Mode
7.10 Common Configuration Errors
7.10.1 Multiple Masters Coexist in a VRRP Group
7.10.2 VRRP Group Status Changes Frequently
7.11 FAQ
7.11.1 Can Physical Interfaces Be Configured as Monitored Interfaces of a VRRP Group?
7.11.2 How Is a VRRP Virtual MAC Address Calculated?
7.11.3 What Interfaces Are Provided on the AR That Support VRRP?
7.11.4 Does VRRP Support Authentication?
7.11.5 Why Have I Failed to Configure the Priority 255 of a Router in a VRRP Backup Group?
7.12 References
7 VRRP Configuration
This chapter describes how to configure the Virtual Router Redundancy Protocol (VRRP). VRRP is a fault-tolerant
protocol. VRRP switches services from the master to the backup when the gateway becomes faulty, providing
continuous and reliable communication services.
 7.1 Introduction to VRRP
 7.2 Principles
 7.3 Applicable Scenarios
 7.4 Configuration Task Summary
 7.5 Configuration Notes
 7.6 Default Configuration
 7.7 Configuring VRRP
 7.8 Maintaining VRRP
 7.9 Configuration Examples
 7.10 Common Configuration Errors
 7.11 FAQ
 7.12 References
7.1 Introduction to VRRP

Definition
VRRP groups multiple routing devices into a virtual router and uses the virtual gateway device's IP address as the
default gateway address. When the gateway fails, VRRP selects a new gateway to transmit service traffic to ensure
reliable communication.
Purpose
As networks rapidly develop and applications diversify, various value-added services such as Internet Protocol
television (IPTV) and video conferencing are widely deployed. Demands for network infrastructure reliability are
increasing, especially for nonstop service transmission.
Generally, all hosts on the same network segment are configured with the same default route with the gateway address
as the next hop address. The hosts use the default route to send packets to the gateway and the gateway forwards the
packets to other network segments. When the gateway fails, hosts with the same default route cannot communicate
with external networks. A common method to improve network reliability is to configure multiple egress gateways.
However, route selection between the gateways becomes an issue.
VRRP resolves this issue. VRRP virtualizes multiple routing devices into a virtual router without changing the
networking. The virtual router IP address is configured as the default gateway address. When the gateway fails, VRRP
selects a new gateway to transmit service traffic to ensure reliable communication.
Benefits
On a multicast or broadcast LAN, such as Ethernet, VRRP provides a highly reliable link when the gateway fails,
without modifying host and gateway configurations. VRRP prevents single link failures from interrupting the network.
7.2 Principles
7.2.1 Basic Concepts of VRRP
In Figure 7-1, HostA is dual-homed to RouterA and RouterB through the switch. RouterA and RouterB constitute a
VRRP group to implement link redundancy.
Figure 7-1 VRRP group
In Figure 7-1, VRRP involves the following entities:

 VRRP router: device running VRRP. There may be one or more virtual routers. RouterA and RouterB are
VRRP routers.
 Virtual router: VRRP group consisting of one master and one or more backups. The VRRP group's virtual IP
address is used as the default gateway address on a LAN. RouterA and RouterB constitute a virtual router.
 Virtual router master: VRRP device that forwards packets. RouterA is the virtual router master.
 Virtual router backup: a group of VRRP devices that do not forward packets unless the master is faulty. In this
case, the highest priority backup becomes the master. RouterB is the virtual router backup.
 VRID: virtual router ID. The VRID of the virtual router composed of RouterA and RouterB is 1.
 Virtual IP address: IP address of a virtual router. A virtual router can be assigned one or more virtual IP
addresses. Virtual IP addresses are configurable. The virtual IP address of the virtual router composed
of RouterA and RouterB is 10.1.1.10/24.
 IP address owner: VRRP device that uses an IP address of a virtual router as the actual interface address. If an
IP address owner exists, it usually functions as the virtual router master. The interface address of RouterA and
the IP address of the virtual router are both 10.1.1.10/24, so RouterA is the IP address owner.
 Virtual MAC address: MAC address that is generated by the virtual router based on the VRID. A virtual router
has one virtual MAC address and is in the format of 00-00-5E-00-01-{VRID} (VRRP for IPv4) or 00-00-5E-
00-02-{VRID} (VRRP for IPv6). The virtual router sends ARP Reply packets carrying the virtual MAC
address but not the interface MAC address. The VRID of the virtual router composed
of RouterA and RouterB is 1, so the MAC address of the VRRP group is 00-00-5E-00-01-01.
7.2.2 VRRPv2 and VRRPv3 Advertisement Packets

The master sends VRRP Advertisement packets to notify all backups in the VRRP group of the master's priority and
status.
VRRP Advertisement packets are encapsulated into IP packets and sent to the VRRP virtual IP address. In the IP
packet header, the source address is the primary IP address of the interface that sends the packets (not the virtual IP
address), the destination address is 224.0.0.18, the TTL is 255, and the protocol number is 112.
The primary IP address is selected from one of actual IP addresses of interfaces. Usually, it is the first configured IP
address.
VRRP has two versions: VRRPv2 and VRRPv3. VRRPv2 applies to only the IPv4 network, and VRRPv3 applies to
IPv4 and IPv6 networks.
VRRP is classified into VRRP for IPv4 (VRRP) and VRRP for IPv6 (VRRP6) by network type. VRRP supports
VRRPv2 and VRRPv3, and VRRP6 supports only VRRPv3.
VRRPv2 and VRRPv3 Advertisement Packet Formats

Figure 7-2 shows the VRRPv2 Advertisement packet format, and Figure 7-3 shows the VRRPv3 Advertisement packet
format.
Figure 7-2 Format of a VRRPv2 Advertisement packet
Figure 7-3 Format of a VRRPv3 Advertisement packet
Table 7-1 describes fields in a VRRP Advertisement packet.

Table 7-1 Description of fields in a VRRP Advertisement packet
Field Description
VRRPv2 VRRPv3
Version VRRP protocol version. The value is 2. VRRP protocol version. The value is 3.
Type VRRP Advertisement packet type. The value 1 VRRP Advertisement packet type. The value 1
indicates an Advertisement packet. indicates an Advertisement packet.
Virtual Rtr ID Virtual router ID. The value ranges from 1 to 255. Virtual router ID. The value ranges from 1 to 255.
(VRID)
Priority Priority of the master in a VRRP group. The value Priority of the master in a VRRP group. The value
ranges from 0 to 255. The value 0 indicates that the ranges from 0 to 255. The value 0 indicates that the
device stops participating in the VRRP group so that device stops participating in the VRRP group so that
the backup with the highest priority can become the the backup with the highest priority can become the
master immediately. The value 255 is reserved for master immediately. The value 255 is reserved for
the IP address owner. The default value is 100. the IP address owner. The default value is 100.
Field Description
VRRPv2 VRRPv3
Count IP Number of virtual IPv4 addresses in the VRRP Number of virtual IPv4 or IPv6 addresses in the
Addrs/Count IPvX group. VRRP group.
Addr
-
Auth Type Authentication mode. There are three authentication
modes:
 0: Non Authentication
 1: Simple Text Password
 2: IP Authentication Header (MD5
authentication)
Adver Int/Max Interval at which VRRP Advertisement packets are Interval at which VRRP Advertisement packets are
Adver Int sent, in seconds. The default value is 1. sent, in centiseconds. The default value is 100 (1
second).
Checksum 16-bit checksum, which is used to verify data 16-bit checksum, which is used to verify data
integrity in VRRP Advertisement packets. integrity in VRRP Advertisement packets.
IP Address/IPvX Virtual IPv4 address in the VRRP group. The Count Virtual IPv4 or IPv6 address in the VRRP group.
Address(es) IP Addrs field determines the number of virtual IPv4 The Count IPvX Addrs field determines the number
addresses in the VRRP group. of virtual IPv4 or IPv6 addresses in the VRRP
group.
Authentication Authentication key. This field is used only in simple -
Data authentication and MD5 authentication modes. In
other authentication modes, this field is filled with
0s.
rsvd - Reserved. This field has a fixed value of 0.
VRRPv2 and VRRPv3 have the following differences:
 Apply to different networks. VRRPv3 applies to IPv4 and IPv6 networks, whereas VRRPv2 applies to only
IPv4 networks.
 Have different authentication functions. VRRPv3 does not support authentication, whereas VRRPv2 supports
authentication.
NOTE:
VRRPv2 reserves the authentication field in VRRP Advertisement packets to be compatible with VRRP defined in RFC 2338.
VRRP authentication cannot improve security.
 Use different time units to measure the interval at which VRRP Advertisement packets are sent. VRRPv3 uses
centiseconds, whereas VRRPv2 uses seconds.
VRRP Authentication
Different authentication modes and authentication keys can be set in VRRPv2 Advertisement packets:
 Non-authentication: The local device does not authenticate VRRP Advertisement packets before sending them.
The remote device does not authenticate the received VRRP Advertisement packets and considers all the
received packets valid.
 Simple authentication: The local device encapsulates the authentication mode and authentication key into an
outgoing VRRP Advertisement packet. When the remote device receives the VRRP Advertisement packet, it
checks whether the authentication mode and authentication key in the packet are the same as those configured
locally. If so, the device considers the received VRRP Advertisement packet valid. If not, the device considers
the received VRRP Advertisement packet invalid and discards it.
 MD5 authentication: The local device uses the MD5 algorithm to encrypt the authentication key and
encapsulates the key in the Authentication Data field of an outgoing VRRP Advertisement packet. When the
remote device receives the VRRP Advertisement packet, it decrypts the authentication key, and then checks
whether the authentication mode and authentication key are the same as those configured locally. The remote
device then accepts or discards the packet depending on the authentication result.
7.2.3 VRRP Implementation

VRRP State Machine
VRRP defines three statuses: Initialize, Master, and Backup. Only the device in Master state can forward packets
destined for the virtual IP address.
Table 7-2 VRRP statuses
Status Description
Initialize VRRP is unavailable. The device in Initialize state cannot process VRRP Advertisement packets.
When VRRP is configured on the device or the device detects a fault, it enters the Initialize state.
After receiving an interface Up message, the VRRP-enabled device with priority 255 becomes the
master and the VRRP-enabled device with the priority less than 255 switches to the Backup state.
Master The VRRP device in Master state performs the following operations:
 Sends VRRP Advertisement packets at intervals.
 Uses the virtual MAC address to respond to ARP Request packets destined for the virtual IP
address.
 Forwards IP packets destined for the virtual MAC address.
 Processes the IP packets destined for the virtual IP address if the device is the IP address owner, or
discards the IP packets destined for the virtual IP address if the device is not the IP address owner.
 Becomes the backup if the device receives a VRRP Advertisement packet with a higher priority
than its VRRP priority.
 Becomes the backup if the device receives a VRRP Advertisement packet with the same priority as
its VRRP priority and the IP address of the local interface is smaller than the IP address of the
connected interface on the remote device.
Backup The VRRP device in Backup state performs the following operations:
Status Description
 Receives VRRP Advertisement packets from the master and determines whether the master is
working properly.
 Does not respond to ARP Request packets destined for the virtual IP address.
 Discards IP packets destined for the virtual IP address.
 Resets the Master_Down_Interval timer and does not compare IP addresses if the received packet
carries the same priority as its VRRP priority or higher priority.
Master_Down_Interval timer: If the backup does not receive Advertisement packets after the timer
expires, the backup becomes the master. The calculation formula is as follows:
 Master_Down_Interval = 3xAdvertisement_Interval + Skew_time (offset time)
 Skew_Time = (256 - Priority)/256
 Sets the Skew_time (offset time) if the device receives a VRRP Advertisement packet with lower
priority than its VRRP priority and the packet priority is 0, or discards the packet with nonzero
priority and becomes the master immediately.
VRRP Working Process

The VRRP working process is as follows:
1. Devices in a VRRP group select the master based on their priorities. The master sends gratuitous ARP
packets to notify the connected network devices or hosts of the virtual MAC address of the VRRP group.
2. The master periodically sends VRRP Advertisement packets to all backups in the VRRP group to advertise
its configuration (for example, priority) and running status.
3. If the master fails, the backup with the highest priority becomes the new master.
4. If the original master is replaced by another device in the group, the new master sends gratuitous ARP
packets carrying the virtual MAC address and virtual IP address of the virtual router to update the MAC
address entry on the connected network devices or hosts. User traffic is then switched to the new master.
This process is transparent to users.
5. When the original master recovers and is the IP address owner (with priority 255), the original master
switches to the Master state. If the priority of the original master is smaller than 255, the device first switches
to the Backup state, and then its priority is restored to the original value before the failure.
6. If the backup has a higher priority than the master, the working mode of the backup (preemption or non-
preemption) determines whether the master is re-selected.
 Preemption mode: If the priority of a virtual router backup is higher than the priority of the current virtual
router master, the virtual router backup automatically becomes the virtual router master.
 Non-preemption mode: As long as the virtual router master is working properly, the backup with a higher
priority cannot become the virtual router master.
To ensure that the master and backup work properly, VRRP must be able to select the master and advertise the master
status.
The detailed VRRP working process is as follows:
 Selecting the master
VRRP determines the device role in the virtual router based on device priorities. The device with a higher
priority is more likely to become the master.
The VRRP-enabled device in a VRRP group initially works in Initialize state. After receiving an interface Up
message, the VRRP-enabled device with priority 255 directly becomes the master or the VRRP-enabled
device with the priority less than 255 first switches to the Backup state and then switches back to the Master
state after the Master_Down_Interval timer expires. The device that first switches to the Master state obtains
the priorities of other devices in the group by exchanging VRRP Advertisement packets. Then the master is
selected.
 If the master priority in VRRP Advertisement packets is higher than or equal to the priority of the device,
the backup remains in Backup state.
 If the master priority in VRRP Advertisement packets is lower than the priority of the device, the backup
switches to the Master state in preemption mode or retains in Backup state in non-preemption mode.
 If multiple devices in the VRRP group switch to the master, the devices with a lower priority switch to the
Backup state and the device with the highest priority becomes the master after these devices exchange
VRRP Advertisement packets. If multiple devices have the same priority, the device where the interface
with the largest IP address resides is the master.
 If the device is the IP address owner, it switches to the Master state immediately after receiving an
interface Up message.
 Advertising the master status
The master periodically sends VRRP Advertisement packets to all backups in the VRRP group to advertise its
configuration (for example, priority) and running status. The backup determines whether the master works
properly based on the received VRRP Advertisement packets.
 When the master does not remain in Master state, for example, the master leaves the group, it sends a
VRRP Advertisement packet with priority 0. In this manner, a backup can switch to the master
immediately without waiting for the Master_Down_Interval timer to time out. The switchover period is
called the Skew time and is measured in seconds. The value is calculated using the following formula:
Skew time = (256 - Backup priority)/256
 If the master cannot send VRRP Advertisement packets due to network faults, the backups cannot learn the
running status of the master immediately. The backups consider the master faulty only after the
Master_Down_Interval timer expires. Then a backup switches to the Master state.
Master_Down_Interval = 3 x Advertisement_Interval + Skew_time (in seconds)
NOTE:
If congestion occurs on an unstable network, the backup may not receive VRRP Advertisement packets from the master within the
period of Master_Down_Interval. A backup then switches to the Master state. If the VRRP Advertisement packet from the original
master reaches the backup (new master), the new master switches to the Backup state. In this case, the VRRP group status changes
frequently. To solve the problem, the preemption delay is used. When the Master_Down_Interval timer expires, the backup waits
for the preemption delay. If the backup does not receive a VRRP Advertisement packet within the preemption delay, it switches to
the Master state.
7.2.4 VRRP in Active/Standby Mode
Active/Standby is the basic VRRP working mode, as shown in Figure 7-4. In active/standby mode, a virtual router
consists of one master and multiple backups.
RouterA is the master and forwards service packets. RouterB and RouterC are backups and do not forward service
packets. RouterA periodically sends VRRP Advertisement packets to RouterB and RouterC, notifying other switches
that RouterA is working properly. If RouterA is faulty, a new master is selected from RouterB and RouterC based on
their priorities. The new master then takes over traffic.
After RouterA recovers, it becomes the master in preemption mode. In non-preemption mode, RouterA remains in
Backup state.
Figure 7-4 VRRP in active/standby
7.2.5 VRRP in Load Balancing Mode

In load balancing mode, multiple VRRP groups transmit service traffic simultaneously, as shown in Figure 7-5. The
implementation and packet negotiation in load balancing mode are similar to those in active/standby mode. Each
VRRP group has one master and multiple backups. In load balancing mode, multiple VRRP groups need to be set up
and use different masters. A VRRP device can join multiple VRRP groups and has different priorities in different
VRRP groups.
Multi-Gateway Load Balancing
Multiple VRRP groups with virtual IP addresses are created and specified as gateways for different users to implement
load balancing.
Figure 7-5 Multi-gateway load balancing
In Figure 7-5, two VRRP groups are configured:

 VRRP group 1: RouterA functions as the master and RouterB as the backup.
 VRRP group 2: RouterB functions as the master and RouterA as the backup.
VRRP groups 1 and 2 are gateways for different user hosts. Multiple VRRP groups load balance traffic and back up
each other.
7.3 Applicable Scenarios

7.3.1 Association Between a VRRP Group and the Interface Status to Monitor
the Uplink Interface
A VRRP group can only detect the status change of the interface on which the VRRP group is configured. VRRP
cannot detect faults on the uplink interface or direct uplink of the master, so services are interrupted. You can associate
a VRRP group with the interface status. When the uplink interface or direct uplink of the master fails, the priority of
the master is adjusted. This triggers an active/standby switchover and ensures proper traffic forwarding.
A VRRP group can monitor the interface status in Increased or Reduced mode:
 In Increased mode, when the monitored interface becomes Down, the priority of the master increases.
 In Reduced mode, when the monitored interface becomes Down, the priority of the master decreases.
Figure 7-6 Association between a VRRP group and the interface status
In Figure 7-6, a VRRP group is configured between RouterA and RouterB. RouterA is the master and RouterB is the
backup. RouterA and RouterB work in preemption mode. On RouterA, the Reduced mode is used to monitor uplink
interface Interface1. When Interface1 becomes faulty, the priority of RouterA decreases. Then RouterB becomes the
master through negotiation, ensuring that user traffic is forwarded correctly.
7.3.2 Association Between VRRP and BFD/NQA/Routing to Monitor the

Uplink
VRRP can detect only faults in VRRP groups. Association between a VRRP group and the interface status allows the
device to detect faults on the uplink interface or direct uplink of the master. When an indirect uplink of the master fails,
VRRP cannot detect the fault, causing user traffic loss. You can configure association between VRRP and
BFD/NQA/routing to solve this problem. Association between VRRP and BFD/NQA/routing allows the device to
detect faults on the uplink of the master. When the uplink of the master fails, BFD/NQA/routing rapidly detects the
fault and instructs the master to adjust its priority. This triggers an active/standby switchover and ensures proper traffic
forwarding.
Figure 7-7 Association between VRRP and BFD/NQA/routing
backup. RouterA and RouterB work in preemption mode. BFD/NQA/routing is configured to detect faults on the link
from RouterA to RouterE, and association between VRRP and BFD/NQA/routing is configured on RouterA. When
BFD/NQA/routing detects the fault on the link from RouterA to RouterE, BFD/NQA/routing instructs the master to
adjust its priority. RouterB becomes the master through negotiation, ensuring that user traffic is forwarded correctly.
7.3.3 Association Between VRRP and BFD to Implement a Rapid

Active/Standby Switchover
A VRRP group sends and receives VRRP Advertisement packets to determine the master and backup statuses. When a
VRRP group is faulty, the backup with the highest priority detects the fault and switches to the master after the
Master_Down_Interval timer expires. The switchover period is at least 3s. During the switchover period, service traffic
is still sent to the original master, causing user traffic loss. Association between VRRP and BFD prevents traffic loss.
After a BFD session is configured between the master and the backup, and the BFD session is bound to the VRRP
group, the BFD session detects connectivity of the VRRP group. After detecting a fault, the BFD session notifies the
VRRP group of an active/standby switchover. This mechanism implements millisecond-level switchover and reduces
traffic loss.
Table 7-3 VRRP and BFD association modes
Associatio Usage Scenario VRRP Status Change BFD Support
n Mode
Association A backup monitors the status of the If the BFD session detects a fault and The VRRP-enabled device must be
between a master in a VRRP group. A common goes Down, the BFD module notifies enabled with BFD.
VRRP BFD session monitors the link the VRRP group of the status
group and a between the master and backup. change. After receiving the
common notification, the VRRP group
BFD changes VRRP priorities of devices
session and determines whether to perform
an active/standby switchover.
The VRRP group can be bound to a static BFD session or a static BFD session with automatically negotiated
discriminators.
Figure 7-8 Association between a VRRP group and a common BFD session
backup. User traffic is forwarded through RouterA. Delayed preemption is configured on RouterA and immediate
preemption is configured on RouterB. BFD sessions are configured on RouterA and RouterB and association between
VRRP and BFD is configured on RouterB.
When a fault occurs in the VRRP group, BFD rapidly detects the fault and instructs RouterB to increase the priority. In
this case, RouterB has a higher priority than RouterA. RouterB becomes the master and forwards user traffic. This
implements a rapid active/standby switchover.
7.4 Configuration Task Summary
After basic VRRP functions are configured, VRRP can work properly. To deploy special VRRP functions such as
VRRP association, perform the configurations according to the following sections.
Table 7-4 describes the VRRP configuration tasks.
Table 7-4 VRRP configuration task summary
Scenario Description Task
Configure basic functions of a You can configure a VRRP group to implement 7.7.1 Configuring Basic Functions of
VRRP group gateway backup and ensure stable and highly- an IPv4 VRRP Group
efficient data forwarding. 7.7.3 Configuring Basic Functions of
an IPv6 VRRP Group
Configure association between A VRRP group can be configured to monitor a BFD 7.7.2.1 Configuring Association
VRRP and BFD to implement a session. When the BFD session status changes, BFD Between VRRP and BFD to
rapid active/standby VRRP notifies the VRRP group of the change. After Implement a Rapid Active/Standby
switchover receiving the notification, the VRRP group rapidly Switchover
performs an active/standby switchover.
Configure association between When the uplink interface of the master becomes 7.7.2.2 Configuring Association
VRRP and the interface status faulty, VRRP cannot detect the status change of Between VRRP and the Interface
interfaces not in the VRRP group. This may Status to Implement an
interrupt services. You can associate a VRRP group Active/Standby Switchover
with the interface status. When the monitored 7.7.4.1 Configuring Association
interface is faulty, the priority of the master is Between VRRP6 and the Interface
adjusted. This triggers an active/standby switchover Status to Implement an
and reduces the impact of services on the uplink Active/Standby Switchover
interface.
Configure association between Because VRRP cannot detect faults on the uplink of 7.7.2.3 Configuring Association
VRRP and BFD/NQA/routing to a VRRP group, services may be interrupted. Between VRRP and BFD to Monitor
monitor the uplink status Association between VRRP and BFD/NQA/routing the Uplink Status
allows the device to detect faults on the uplink of the 7.7.2.4 Configuring Association
master. When the uplink of the master fails, Between VRRP and NQA to Monitor
BFD/NQA/routing rapidly detects the fault and the Uplink Status
instructs the master to adjust its priority. This 7.7.2.5 Configuring Association
triggers an active/standby switchover and ensures Between VRRP and Routing to
proper traffic forwarding. Monitor the Uplink Status
BFD implements millisecond-level detection.
Association between VRRP and BFD provides a
rapid active/standby switchover.
NQA technology collects statistics on the delay,
jitter, and packet loss ratio. You can configure the
percentage of failed NQA test instances and NQA
association to trigger an active/standby switchover
when the uplink is unstable.
7.5 Configuration Notes
When configuring VRRP on the router, pay attention to the following points:
 VRRP groups must use different virtual IP addresses. The virtual IP address of a VRRP group must be on the
same network segment as the IP address of the interface where the VRRP group is configured.
 The devices in a VRRP group must be configured with the same VRID.
 Different interfaces can be bound to the same VRRP group.
 If both VRRP and static ARP are configured on a Dot1q termination sub-interface, QinQ termination sub-
interface, or VLANIF interface on a device, an IP address mapped to a static ARP entry cannot be used as a
virtual IP address. If a VRRP virtual IP address is an IP address mapped to a static ARP entry on the device,
the device generates incorrect host routes, affecting traffic forwarding.
 If devices in a VRRP group use different VRRP versions, VRRP Advertisement packets may fail to be
forwarded.
7.6 Default Configuration

Table 7-5 Default VRRP configuration
Parameter Default Setting
Priority of the device in a VRRP group 100
Preemption Immediate preemption
Interval at which VRRP Advertisement packets are sent 1s
Interval at which gratuitous ARP packets are sent 120s
7.7 Configuring VRRP

Pre-configuration Tasks
An IPv4 VRRP group implements gateway backup and ensures stable and highly-efficient data forwarding.
Before configuring basic functions of an IPv4 VRRP group, configure network layer attributes of interfaces to ensure
network connectivity.
7.7.1.1 Creating a VRRP Group
Context
VRRP virtualizes multiple devices into one gateway without changing the networking, and uses the virtual gateway's
IP address as the default gateway address to implement next-hop gateway backup. After a VRRP group is configured,
traffic is forwarded through the master. If the master fails, a new master is selected from the backups to forward traffic.
This implements gateway backup.
If load balancing is required in addition to gateway backup, configure two or more VRRP groups on an interface in
multi-gateway load balancing mode.
Procedure
 Create a VRRP group working in active/standby mode.
1. Run:
system-view
The system view is displayed.

2. Run:
interface interface-type interface-number
The interface view is displayed.

3. Run:
vrrp vrid virtual-router-id virtual-ip virtual-address
A VRRP group is created, and a virtual IP address is assigned to the VRRP group.
By default, no VRRP group is created.
 Create VRRP groups working in multi-gateway load balancing mode.
If VRRP groups need to work in multi-gateway load balancing mode, repeat the steps to configure two or
more VRRP groups on the interface and assign different VRIDs to them.
7.7.1.2 Setting the Device Priority in a VRRP Group
Context
Devices with higher priorities in a VRRP group are more likely to become the master. You can specify the master to
forward traffic by setting device priorities.
Procedure
1. Run:
system-view

2. Run:

3. Run:
vrrp vrid virtual-router-id priority priority-value
The device priority in a VRRP group is set.

By default, the device priority is 100. A larger value indicates a higher priority of VRRP Advertisement
packets.
 Priority 0 is reserved in the system. Priority 255 is reserved for the IP address owner. The configurable
priority ranges from 1 to 254.
 The priority of an IP address owner is fixed at 255 and cannot be manually changed. You can run
the vrrp vrid virtual-router-id priority priority-value command to change the priority of an IP address
owner, but the configured priority does not take effect. If a VRRP device is no longer an IP address
owner, the configured priority is used.
 When devices in a VRRP group have the same priority and attempt to be the master simultaneously, the
device where the interface with the largest IP address resides becomes the master. The device that first
enters the Master state becomes the master, and other backups remain unchanged.
7.7.1.3 (Optional) Configuring the VRRP Version Number
Context
IPv4 VRRP supports VRRPv2 and VRRPv3. If devices in a VRRP group use different VRRP versions, VRRP
Advertisement packets may fail to be forwarded.
 A VRRPv2 group can send and receive only VRRPv2 Advertisement packets, and discards received VRRPv3
Advertisement packets.
 A VRRPv3 group can send and receive both VRRPv2 and VRRPv3 Advertisement packets. You can configure
the mode in which VRRPv3 Advertisement packets are sent as v2-only, v3-only, or v2v3-both.
Procedure
1. Run:
system-view

2. Run:
vrrp version { v2 | v3 }
The VRRP version number is set.

By default, VRRPv2 is used.
If VRRPv3 is used, run the vrrp version-3 send-packet-mode { v2-only | v3-only | v2v3-both } command
to set the mode in which VRRPv3 Advertisement packets are sent. The default mode is v3-only.
7.7.1.4 (Optional) Configuring VRRP Time Parameters
Context
You can set VRRP time parameters as needed. Table 7-6 describes applicable scenarios of VRRP time parameters.
Table 7-6 Applicable scenarios of VRRP time parameters
Parameter Applicable Scenario
Interval at which VRRP The master in a VRRP group sends VRRP Advertisement packets to backups at intervals to notify
Advertisement packets are that it is working properly. After the Master_Down_Interval timer expires, the backup with the
sent highest priority switches to the master if it does not receive VRRP Advertisement packets.
Heavy network traffic or time differences on different devices may result in the status change of
the backups due to timeout of VRRP Advertisement packets. When packets from the original
master reach the new master, the status of the new master changes. You can increase the interval
to solve this problem.
Preemption delay On an unstable network, if the BFD session status monitored by a VRRP group flaps frequently or
the backups cannot receive VRRP Advertisement packets within a specified period, an
active/standby switchover is frequently performed, which causes network flapping. You can adjust
the preemption delay of the master in the VRRP group so that the backup with the highest priority
switches to the master after the delay. This prevents frequent change of the VRRP group status.
Timeout interval at which To ensure that MAC address entries on the downstream switch are correct, the master in a VRRP
gratuitous ARP packets are group periodically sends gratuitous ARP packets to update MAC address entries on the
sent by the master downstream switch.
NOTE:
Do not configure special MAC addresses such as the system MAC address and VRRP virtual MAC address
as blackhole MAC addresses on the backup to prevent VRRP flapping.
Delay before a VRRP group On an unstable network, frequent flapping of the BFD session status or interface status monitored
recovers by a VRRP group may result in frequent switching of the VRRP group status. After the delay is
set, the VRRP group does not immediately respond to an interface or BFD session Up event.
Instead, the VRRP group processes this event after the delay. This prevents frequent switching of
the VRRP group status.
Procedure
 Set the interval at which VRRP Advertisement packets are sent.
1. Run:
system-view
2. Run:
3. Run:
vrrp vrid virtual-router-id timer advertise advertise-interval
The interval at which VRRP Advertisement packets are sent is set.
By default, the interval is 1 second.
NOTE:
The interval at which a device sends VRRP Advertisement packets cannot be less than the time that the device takes to perform
a master/slave main control board switchover. If the interval is less than the switchover time, protocol flapping may occur
during a master/slave main control board switchover. It is recommended that the interval be set to a value greater than 1s.
 Set the preemption delay of the master.
1. Run:
system-view
2. Run:
3. Run:
vrrp vrid virtual-router-id preempt-mode timer delay delay-value
The preemption delay is set.

By default, the preemption delay is 0. In immediate preemption mode, a backup can immediately switch
to the master when its priority is higher than the master.
You can use the vrrp vrid virtual-router-id preempt-mode disable command to set the non-preemption
mode. In non-preemption mode, the master that works properly can retain the Master state. The backup
cannot switch to the master even if the priority of the master decreases.
You can use the undo vrrp vrid virtual-router-id preempt-mode command to restore the default
preemption mode.
NOTE:
It is recommended that you set the preemption delay of the backup in a VRRP group to 0, configure the master in preemption
mode, and set the preemption delay. On an unstable network, these settings allow a period of time for status synchronization
between the uplink and downlink. If the preceding settings are not used, two masters coexist and users devices may learn the
incorrect address of the master.
 Set the timeout interval at which gratuitous ARP packets are sent by the master.
1. Run:
system-view
2. Run:
vrrp gratuitous-arp timeout time
The timeout interval at which gratuitous ARP packets are sent by the master is set.
By default, the master sends gratuitous ARP packets every 120s.
NOTE:
The timeout interval at which the master sends gratuitous ARP packets must be shorter than the aging time of ARP entries on
user devices.
 To restore the default interval at which gratuitous ARP packets are sent, run the undo vrrp
gratuitous-arp timeout command in the system view.
 If the master does not need to send gratuitous ARP packets, run the vrrp gratuitous-arp timeout
disable command in the system view.
 Set the delay before a VRRP group recovers.
1. Run:
system-view
2. Run:
vrrp recover-delay delay-value
The delay before a VRRP group recovers is set.

By default, the delay before a VRRP group recovers is 0.
NOTE:
 After this command is used, all VRRP groups on the device are configured with the same delay.
 When the device in a VRRP group restarts, VRRP status flapping may occur. It is recommended that the delay be set based
on actual networking.
7.7.1.5 (Optional) Setting the Mode in Which VRRP Advertisement Packets Are Sent in a
Super-VLAN
Context
When a VRRP group is configured in a super-VLAN, configure VRRP Advertisement packets to be sent to a specified
sub-VLAN. Otherwise, Advertisement packets would be broadcast in all sub-VLANs, wasting network bandwidth.
Prerequisites
A super-VLAN has been configured.
Procedure
1. Run:
system-view

2. Run:
interface vlanif vlan-id
The VLANIF interface view is displayed.

3. Run:
vrrp advertise send-mode { sub-vlan-id | all }
A mode in which VRRP Advertisement packets are sent in a super-VLAN is set.

By default, the master sends VRRP Advertisement packets to a sub-VLAN that is Up and has the smallest
VLAN ID in a super-VLAN.
 If sub-vlan-id is specified, the master sends VRRP Advertisement packets to a specified sub-VLAN.
 If all is specified, the master broadcasts VRRP Advertisement packets to all sub-VLANs of a super-
VLAN.
7.7.1.6 (Optional) Disabling VRRP TTL Check
Context
The system checks the TTL value in received VRRP Advertisement packets, and discards VRRP Advertisement
packets with TTL values other than 255. On a network where devices of different vendors are deployed, if TTL check
is enabled on the device, the device may incorrectly discard valid packets. In this case, disable TTL check so that
devices of different vendors can communicate.
Procedure
1. Run:
system-view

2. Run:

3. Run:
vrrp un-check ttl
The device is configured not to check the TTL value in VRRP Advertisement packets.
By default, the system checks the TTL value in VRRP Advertisement packets.
7.7.1.7 (Optional) Setting the Authentication Mode of VRRP Advertisement Packets
Context
Different authentication modes and authentication keys can be set in VRRPv2 Advertisement packets:
 Non-authentication: The device does not send authentication information in outgoing VRRP Advertisement
packets, and does not authenticate received VRRP Advertisement packets, considering them all to be valid.
 Simple authentication: The device encapsulates the authentication mode and authentication key into an
outgoing VRRP Advertisement packet. The device that receives the VRRP Advertisement packet compares
the authentication mode and authentication key in the packet with those configured on the device. If the values
are the same, the device considers the received VRRP Advertisement packet valid. If the values are different,
the device considers the received VRRP Advertisement packet invalid and discards it.
 MD5 authentication: The device uses the MD5 algorithm to encrypt the authentication key and encapsulates the
key in the Authentication Data field of an outgoing VRRP Advertisement packet. The device that receives the
VRRP Advertisement packet matches the authentication mode with the decrypted authentication key in the
packet.
NOTE:
Only VRRPv2 supports authentication. VRRPv3 does not support authentication. VRRPv2 reserves the authentication field in VRRP
Advertisement packets to be compatible with VRRP defined in RFC 2338. VRRP authentication cannot improve security.
Procedure
1. Run:
system-view

2. Run:

3. Run:
vrrp vrid virtual-router-id authentication-mode { simple { key | plain key | cipher
cipher-key } | md5 md5-key }
The authentication mode in VRRP Advertisement packets is configured.

By default, a VRRP group uses non-authentication.
NOTE:
 Devices in a VRRP group must be configured with the same authentication mode and authentication key; otherwise, the VRRP
group cannot negotiate the Master and Backup states.
 To ensure security, you are advised to use MD5 as the authentication algorithm of VRRP.
Context
The device allows user devices to ping a virtual IP address for the following purposes:
 Monitoring the operating status of the master in a VRRP group
 Ensuring that the route between a user device and a network connected through a default gateway that uses the
virtual IP address is available
NOTICE:
If ping to a virtual IP address is enabled, a device on an external network can ping the virtual IP address. This exposes
the device to ICMP-based attacks. You can use the vrrp virtual-ip ping disable command to disable the ping
function.
Procedure
1. Run:
system-view

2. Run:
vrrp virtual-ip ping enable
The ping to a virtual IP address is enabled.

By default, the ping function is enabled. The master in a VRRP group responds to ping packets sent to the
virtual IP address.
Procedure
 Run either of the following commands to check the VRRP group status and parameters:
 display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] [ brief ]
 display vrrp { interface interface-type interface-number [ virtual-router-id ] | virtual-router-id } verbose
 Run the display vrrp protocol-information command to check VRRP information.
 Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] statistics command to
check statistics about sent and received packets of the VRRP group.
7.7.2 Configuring VRRP Association

VRRP association enables VRRP to detect faults in a timely manner and triggers an active/standby switchover when
the master or the uplink of the master becomes faulty. VRRP association optimizes VRRP switchover and enhances
network reliability.
Before configuring VRRP association, complete the following task:
 7.7.1 Configuring Basic Functions of an IPv4 VRRP Group
You can configure VRRP association only after basic VRRP functions are configured.
7.7.2.1 Configuring Association Between VRRP and BFD to Implement a Rapid

Context
When a VRRP group is faulty, the backup with the highest priority detects the fault and switches to the master after the
Master_Down_Interval timer expires. The switchover period is at least 3s. During the switchover period, service traffic
is still sent to the original master, causing user traffic loss. In Figure 7-9, the VRRP group is associated with a BFD
session on the backup so that the BFD session can rapidly detect communication faults of the VRRP group. When the
BFD session detects a fault, it notifies the VRRP group that the priority of the backup needs to be increased. Then an
active/standby switchover is triggered immediately. This millisecond-level switchover reduces traffic loss.
When the fault is rectified, the priority of the backup is restored and the original master switches to the master again to
forward traffic.
NOTE:
 A VRRP group can be associated with only a static BFD session or a static BFD session with automatically negotiated discriminators.
 The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the
backup and nonzero on the master.
 Multiple VRRP groups can monitor a BFD session, and a VRRP group can monitor a maximum of eight BFD sessions
simultaneously.
Figure 7-9 Association between VRRP and BFD to implement a rapid active/standby switchover
Procedure
1. Configure a static BFD session or a static BFD session with automatically negotiated discriminators. For
details, see 6.6 Configuring Single-Hop BFD, 6.7 Configuring Multi-Hop BFD, and 6.8 Configuring Static
BFD with Automatically Negotiated Discriminators.
2. Run:
system-view

3. Run:
The view of the interface on the backup where a VRRP group is configured is displayed.
4. Run:
vrrp vrid virtual-router-id track bfd-session { bfd-session-id | session-name bfd-
configure-name } [ increased value-increased | reduced value-reduced ]
Association between VRRP and BFD is configured.

By default, a VRRP group is not associated with a BFD session.
NOTE:
When associating a VRRP group with a BFD session, note the following points:
 If session-name bfd-configure-name is specified, the VRRP group can be bound to only the static BFD session with
automatically negotiated discriminators.
 If bfd-session-id is specified, the VRRP group can be bound to only the static BFD session.
 After the value by which the priority increases is set, ensure that the priority of the backup is higher than the priority of the
master.
 When a BFD session is associated with VRRP or static route, the system does not allow the associated BFD session to be
deleted by default. To delete the associated BFD session, run the bfd session nonexistent-config-check disable command to
disable the device from checking whether the associated BFD session is deleted.
7.7.2.2 Configuring Association Between VRRP and the Interface Status to Implement an
Context
When the uplink interface of the master becomes faulty, VRRP cannot detect the status change of interfaces not in the
VRRP group, causing service interruption. You can associate a VRRP group with the interface status. When the
monitored interface is faulty, the priority of the master is reduced. This triggers an active/standby switchover and
reduces the impact of the uplink interface fault on service forwarding.
When the fault is rectified, the original master restores its priority and switches to the master to forward traffic.
NOTE:
The master and backup in the VRRP group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup
and nonzero on the master.
Procedure
1. Run:
system-view

2. Run:
The view of the interface on the master where a VRRP group is configured is displayed.
3. Run:
vrrp vrid virtual-router-id track interface interface-type interface-number [ increased
value-increased | reduced value-reduced ]
Association between VRRP and the interface status is configured.

By default, when the monitored interface goes Down, the VRRP priority of the device decreases by 10.
NOTE:
 After the value by which the priority decreases is set, ensure that the priority of the backup is higher than the priority of the
master.
7.7.2.3 Configuring Association Between VRRP and BFD to Monitor the Uplink Status
Context
Because VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted. In Figure 7-10, a
VRRP group is associated with a BFD session on the master so that the BFD session monitors the uplink status of the
master. When the BFD session detects a fault on the uplink, it notifies the VRRP group that the priority of the master
needs to be decreased. Then an active/standby switchover is triggered immediately. This reduces the impact of the
uplink fault on service forwarding.
BFD implements millisecond-level detection. Association between VRRP and BFD provides a rapid active/standby
switchover.
NOTE:
 A VRRP group can be associated with only a static BFD session or a static BFD session with automatically negotiated discriminators.
 Multiple VRRP groups can monitor a BFD session, and a VRRP group can monitor a maximum of eight BFD sessions
simultaneously.
Figure 7-10 Association between VRRP and BFD
Procedure
1. Configure a static BFD session or a static BFD session with automatically negotiated discriminators. For
details, see 6.6 Configuring Single-Hop BFD, 6.7 Configuring Multi-Hop BFD, and 6.8 Configuring Static
BFD with Automatically Negotiated Discriminators.
2. Run:
system-view

3. Run:
4. Run:
vrrp vrid virtual-router-id track bfd-session { bfd-session-id | session-name bfd-
configure-name } [ increased value-increased | reduced value-reduced ]
Association between VRRP and BFD is configured.

By default, when the monitored BFD session becomes Down, the VRRP priority decreases by 10.
NOTE:
When associating a VRRP group with a BFD session, note the following points:
 If session-name bfd-configure-name is specified, the VRRP group can be bound to only the static BFD session with
automatically negotiated discriminators.
 If bfd-session-id is specified, the VRRP group can be bound to only the static BFD session.
 After a VRRP group is associated with a BFD session, the BFD session type cannot be modified. Before deleting the BFD
session type, you must delete all original configurations.
 After the value by which the priority decreases is set, ensure that the priority of the backup is higher than the priority of the
master.
7.7.2.4 Configuring Association Between VRRP and NQA to Monitor the Uplink Status
Context
Because VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted. You can associate a
VRRP group with an NQA test instance on the master so that the NQA test instance monitors the uplink status of the
master. When the NQA test instance detects a fault on the uplink, it notifies the VRRP group that the priority of the
master needs to be decreased. Then an active/standby switchover is triggered immediately. This reduces the impact of
the uplink fault on service forwarding.
NQA technology collects statistics on the delay, jitter, and packet loss ratio. You can configure the percentage of failed
NQA test instances and NQA association to trigger an active/standby switchover when the uplink is unstable.
NOTE:
 A VRRP group can only be associated with an NQA ICMP test instance.
Procedure
1. Create an NQA ICMP test instance. For details, see Configuring an ICMP Test Instance.
2. Run:
system-view

3. Run:
4. Run:
vrrp vrid virtual-router-id track nqa admin-name test-name [ reduced value-reduced ]
Association between VRRP and NQA is configured.

By default, when the associated NQA test instance becomes failed, the priority of the device decreases by 10.
NOTE:
When setting the value by which the priority decreases, ensure that the priority of the backup is higher than the priority of the
master to trigger an active/standby over.
7.7.2.5 Configuring Association Between VRRP and Routing to Monitor the Uplink
Status
Context
Because VRRP cannot detect faults on the uplink of a VRRP group, services may be interrupted. The VRRP group
monitors the number of routes on the uplink forwarding path. When the route is withdrawn or becomes inactive, the
master' priority is adjusted and an active/standby switchover is performed. This reduces the link fault on service
forwarding.
During route association, the link switchover depends on convergence of a routing protocol associated with the VRRP
group.
NOTE:
 When a VRRP group is associated with a static route, the device can detect only faults on the direct uplink.
Procedure
1. Run:
system-view

2. Run:
3. Run:
vrrp vrid virtual-router-id track ip route ip-address { mask-address | mask-length } [
vpn-instance vpn-instance-name ] [ reduced value-reduced ]
Association between a route and a VRRP group is configured.
By default, the master' priority decreases by 10 if the associated route is withdrawn or becomes inactive.
When setting the value by which the priority decreases, ensure that the priority of the backup is higher than
the priority of the master.
Procedure
 Run either of the following commands to check the VRRP group status and parameters:
 display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] [ brief ]
 display vrrp { interface interface-type interface-number [ virtual-router-id ] | virtual-router-id } verbose
 Run the display vrrp protocol-information command to check VRRP information.
 Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] statistics command to
check statistics about sent and received packets of the VRRP group.

An IPv6 VRRP group implements gateway backup and ensures stable and highly-efficient data forwarding.
Before configuring basic functions of an IPv6 VRRP group, configure network layer attributes of interfaces to ensure
network connectivity.
7.7.3.1 Creating a VRRP6 Group
Context
VRRP6 virtualizes multiple devices into one gateway without changing the networking, and uses the virtual gateway's
IP address as the default gateway address to implement next-hop gateway backup. After a VRRP6 group is configured,
traffic is forwarded through the master. When the master fails, a new master is selected from backups to forward
traffic. This ensures device-level reliability.
If load balancing is required in addition to gateway backup, configure two or more VRRP6 groups on an interface in
single-gateway load balancing mode or multi-gateway load balancing mode.
Procedure
1. Create a VRRP6 group working in active/standby mode.
a. Run:
system-view
b. Run:
ipv6
The IPv6 function is enabled.

By default, a device is disabled from forwarding IPv6 unicast packets.
c. Run:
d. Run:
ipv6 enable
IPv6 is enabled on the interface.

By default, the IPv6 function is disabled on an interface.
e. Run:
ipv6 address { ipv6-address prefix-length | ipv6-address/prefix-length }
An IPv6 address is configured for the interface.
f. Run:
vrrp6 vrid virtual-router-id virtual-ip virtual-ipv6-address [ link-local ]
A VRRP6 group is created, and a virtual IPv6 address is assigned to the VRRP6 group.
By default, no VRRP6 group is created.
The first virtual IPv6 address of a VRRP6 group must be a link-local address.
NOTE:
 VRRP6 groups on different interfaces of a device can be configured with the same VRID.
If the device needs to be configured as the IP address owner in an IPv6 VRRP group, configure VRRP6
on the IP address owner first, and then on the peer device; otherwise, the IP addresses may conflict. If IP
address conflict occurs, perform either of the following operations:
 Disable IPv6 address conflict detection.
i. Before configuring an IP address owner, run the ipv6 nd dad attempts valuecommand
with value of 0 to disable IPv6 address conflict detection.
ii. Run the ipv6 address ip-address { mask | mask-length } command in the interface view to
configure an IPv6 address so that the master becomes the IP address owner.
iii. Run the ipv6 nd dad attempts value command with value of 1 to enable IPv6 address conflict
detection.
 Restart the interface.
i. Run the shutdown command in the view of the IP address owner to shut down the interface.
ii. Run the undo shutdown command in the view of the IP address owner to enable the interface.
2. Create VRRP6 groups working in multi-gateway load balancing mode.
If VRRP6 groups need to work in multi-gateway load balancing mode, repeat the Create a VRRP6 group
working in master/backup mode steps to configure two or more VRRP6 groups on the interface and assign
different VRIDs to them.
7.7.3.2 Setting the Device Priority in a VRRP6 Group
Context
The device with a higher priority in a VRRP6 group is more likely to become the master. You can specify the master to
forward traffic by setting device priorities.
Procedure
1. Run:
system-view

2. Run:

3. Run:
vrrp6 vrid virtual-router-id priority priority-value
The device priority in a VRRP6 group is set.

By default, the device priority is 100.
 Priority 0 is reserved in the system. Priority 255 is reserved for the IP address owner. The priority ranges
from 1 to 254.
 The priority of an IP address owner is fixed at 255 and cannot be manually changed. You can run
the vrrp vrid virtual-router-id priority priority-value command to change the priority of an IP address
owner, but the configured priority does not take effect. If a VRRP device is no longer an IP address
owner, the configured priority is used.
 When devices in a VRRP6 group have the same priority and attempt to be the master simultaneously, the
device on an interface with the largest IP address is the master. The device that first enters the Master
state becomes the master, and other backups remain unchanged.
7.7.3.3 (Optional) Configuring VRRP6 Time Parameters
Context
You can set VRRP6 time parameters as needed. Table 7-7 lists applicable scenarios.
Table 7-7 Applicable scenarios of VRRP6 time parameters
Function Usage Scenario
Interval at which VRRP6 The master in a VRRP6 group sends VRRP6 Advertisement packets to backups at intervals to notify
Advertisement packets that it is working properly. After the Master_Down_Interval timer expires, a new master is selected
are sent from the backups if the backups do not receive VRRP Advertisement packets.
Heavy network traffic or time differences on different devices may result in the backup status
change due to timeout of VRRP6 Advertisement packets. When packets from the original master
reach the new master, the status of the new master changes. You can increase the interval to solve
this problem.
Preemption delay of the On an unstable network, if the BFD session status monitored by a VRRP6 group flaps frequently or
master the backups cannot receive VRRP6 Advertisement packets within a specified period, an
active/standby switchover is frequently performed, which causes network flapping. You can adjust
the preemption delay of the master in the VRRP6 group so that the backup switches to the master
after the delay. This prevents frequent change of the VRRP6 group status.
Timeout interval at which To ensure that MAC address entries on the downstream switch are correct, the master in a VRRP6
ND packets are sent by group periodically sends ND packets to update MAC address entries on the downstream switch.
the master
Delay before a VRRP6 On an unstable network, frequent flapping of the BFD session status or interface status monitored by
group recovers a VRRP6 group may result in frequent switching of the VRRP6 group status. After the delay is set,
the VRRP6 group does not immediately respond to an interface or BFD session Up event. Instead,
the VRRP6 group processes this event after the delay. This prevents frequent switching of the
VRRP6 group status.
Procedure
 Set the interval at which VRRP6 Advertisement packets are sent.
1. Run:
system-view
2. Run:
3. Run:
vrrp6 vrid virtual-router-id timer advertise advertise-interval
The interval at which VRRP6 Advertisement packets are sent is set.

By default, VRRP6 Advertisement packets are sent at intervals of 1s.
NOTE:
If devices in a VRRP6 group use different intervals, VRRP6 may not work.
The interval at which a device sends VRRP6 Advertisement packets cannot be less than the time that the device takes to
perform a master/slave main control board switchover. If the interval is less than the switchover time, protocol flapping may
occur during a master/slave main control board switchover. It is recommended that the interval be set to a value greater than 1s.
 Set the preemption delay of the master.
1. Run:
system-view
2. Run:
3. Run:
vrrp6 vrid virtual-router-id preempt-mode timer delay delay-value
The preemption delay is set.

By default, the preemption delay time is 0. In immediate preemption mode, a backup can immediately
switch to the master when its priority is higher than the master.
You can use the vrrp6 vrid virtual-router-id preempt-mode disable command to set the non-preemption
mode. In non-preemption mode, the master that works properly can retain the Master state. The backup
cannot switch to the master even if the priority of the master decreases.
You can use the undo vrrp6 vrid virtual-router-id preempt-mode command to restore the default
preemption mode.
NOTE:
It is recommended that you set the preemption delay of the backup in a VRRP6 group to 0, configure the master in preemption
mode, and set the preemption delay. On an unstable network, these settings allow a period of time for status synchronization
between the uplink and downlink. If the preceding settings are not used, two masters coexist and users devices may learn the
incorrect address of the master.
 Set the timeout interval at which ND packets are sent by the master.
1. Run:
system-view
2. Run:
vrrp gratuitous-arp timeout time
The interval at which ND packets are sent by the master is set.

By default, the master sends an ND packet every 120s.
NOTE:
The interval at which the master sends ND packets must be shorter than the aging time of ND entries on each user device.
 To restore the default interval at which an ND packet is sent, run the undo vrrp gratuitous-arp
timeout command in the system view.
 To disable the master from sending ND packets, run the vrrp gratuitous-arp timeout
disable command in the system view.
 Set the delay before a VRRP6 group recovers.
1. Run:
system-view
2. Run:
vrrp recover-delay delay-value
The delay before a VRRP6 group recovers is set.

By default, the delay before a VRRP6 group recovers is 0.
NOTE:
 After this command is used, all VRRP6 groups on the device are configured with the same delay.
 When the device in a VRRP6 group restarts, VRRP6 status flapping may occur. It is recommended that the delay be set
based on actual networking.
7.7.3.4 (Optional) Disabling VRRP6 TTL Check
Context
The system checks the TTL value in received VRRP6 Advertisement packets, and discards VRRP6 Advertisement
packets in which the TTL value is not 255. On a network where devices of different vendors are deployed, if TTL
check is enabled on the device, the device may incorrectly discard valid packets. In this case, disable TTL check so
that devices of different vendors can communicate.
Procedure
1. Run:
system-view

2. Run:

3. Run:
vrrp6 un-check hop-limit
The device is configured not to check the TTL value in VRRP6 Advertisement packets.
By default, the system checks the TTL value in VRRP6 Advertisement packets.
Context
The device allows user devices to ping a virtual IP address for the following purposes:
 Monitoring the operating status of the master in a VRRP group
 Ensuring that the route between a user device and a network connected through a default gateway that uses the
virtual IP address is available
NOTICE:
If ping to a virtual IP address is enabled, a device on an external network can ping the virtual IP address. This exposes
the device to ICMP-based attacks. You can use the vrrp virtual-ip ping disable command to disable the ping
function.
Procedure
1. Run:
system-view

2. Run:
vrrp virtual-ip ping enable
The ping to a virtual IP address is enabled.

By default, the ping function is enabled. The master in a VRRP group responds to ping packets sent to the
virtual IP address.
Procedure
 Run the display vrrp6 [ interface interface-type interface-number ] [ vrid virtual-router-id ] [ brief ]
command to check the VRRP6 group status and parameters.
 Run the display vrrp6 [ interface interface-type interface-number ] [ vrid virtual-router-
id ] statistics command to check statistics about sent and received packets of the VRRP6 group.
7.7.4 Configuring VRRP6 Association

VRRP6 association enables VRRP6 to detect faults in a timely manner and triggers an active/standby switchover when
the master or the uplink of the master becomes faulty. VRRP6 association optimizes VRRP6 switchover and enhances
network reliability.
Before configuring VRRP6 association, complete the following task:
 7.7.3 Configuring Basic Functions of an IPv6 VRRP Group
7.7.4.1 Configuring Association Between VRRP6 and the Interface Status to Implement
an Active/Standby Switchover
Context
When the uplink interface of the master becomes faulty, VRRP6 cannot detect the status change of interfaces not in the
VRRP6 group, causing service interruption. You can associate a VRRP6 group with the interface status. When the
monitored interface is faulty, the priority of the master is reduced. This triggers an active/standby switchover and
reduces the impact of the uplink interface fault on service forwarding.
NOTE:
The master and backup in the VRRP6 group must work in preemption mode. It is recommended that the preemption delay be 0 on the backup
and nonzero on the master.
Procedure
1. Run:
system-view

2. Run:
The view of the interface on the master where a VRRP6 group is configured is displayed.
3. Run:
vrrp6 vrid virtual-router-id track interface interface-type interface-number [
increased value-increased | reduced value-reduced ]
Association between VRRP6 and the interface status is configured.

By default, when the monitored interface goes Down, the VRRP6 priority of the device decreases by 10.
NOTE:
If the IPv4 protocol status on the monitored interface configured with an IPv4 address changes, the priority of the master is
reduced. If the IPv6 protocol status on the monitored interface configured with an IPv6 address changes, the VRRP6 group
remains unchanged.
7.7.4.2 Associating VRRP6 with a Route to Implement a Rapid Master/Backup VRRP6

Switchover
A VRRP6 group can track an uplink route connected to a network. If the tracked route is withdrawn or becomes
inactive, the VRRP6 group is notified of the change and rapidly performs a master/backup VRRP6 switchover.
Context
To improve device reliability, two user gateways working in master/backup mode are connected to a network, and
VRRP6 is enabled on these gateways to determine their master and backup states. Although a VRRP6 group has been
configured, if an uplink route to a network becomes unreachable, access-side users still use the VRRP6 group to
forwards service data along the uplink route, causing service data loss.
Association between the VRRP6 group and route can prevent service data loss. The VRRP6 group can be configured
to track the uplink route to the network. If the route is withdrawn or becomes inactive, the route management (RM)
module notifies the VRRP6 group of the change. After receiving the notification, the VRRP6 group changes its master
device's VRRP6 priority, and performs a master/backup switchover.
Procedure
1. Run:
system-view

2. Run:
The view of the interface where the VRRP6 group is configured is displayed.
3. Run:
vrrp6 vrid virtual-router-id track ipv6 route ipv6-address prefix-length [ vpn-instance
vpn-instance-name ] [ reduced value-reduced ]
The VRRP6 group is configured to track the route.

By default, a VRRP6 group tracks no route.
Procedure
 Run the display vrrp6 [ interface interface-type interface-number ] [ vrid virtual-router-id ] [ brief ]
command to check the VRRP6 group status and parameters.
id ] statistics command to check statistics about sent and received packets of the VRRP6 group.
7.8 Maintaining VRRP

7.8.1 Monitoring the VRRP Running Status
Context
During routine maintenance, you can run the following commands to view VRRP Advertisement packet statistics and
monitor the VRRP running status.
Procedure
 Run the display vrrp [ interface interface-type interface-number ] [ virtual-router-id ] statistics command in
any view to view statistics about sent and received packets of a VRRP group.
id ] statistics command in any view to view statistics about sent and received packets of a VRRP6 group.
7.8.2 Clearing VRRP Advertisement Packet Statistics

Context
Before recollecting statistics about VRRP Advertisement packets in a given period of time, clear existing statistics.
NOTICE:
The cleared statistics cannot be restored. Exercise caution when you run the reset command.
Procedure
 Run the reset vrrp [ interface interface-type interface-number ] [ vrid virtual-router-id ] statistics command
in the user view to clear statistics about a VRRP group.
 Run the reset vrrp6 [ interface interface-type interface-number ] [ vrid virtual-router-id ] statistics command
in the user view to clear statistics about a VRRP6 group.
7.9 Configuration Examples

7.9.1 Example for Configuring a VRRP Group in Active/Standby Mode
Networking Requirements
In Figure 7-11, HostA is dual-homed to RouterA and RouterB through the switch. The requirements are as follows:
 The host uses RouterA as the default gateway to connect to the Internet. When RouterA becomes
faulty, RouterB functions as the gateway. This implements gateway backup.
 After RouterA recovers, it becomes the gateway.
Figure 7-11 Networking diagram for configuring a VRRP group
Configuration Roadmap
The configuration roadmap is as follows:
1. Assign an IP address to each interface and configure a routing protocol to ensure network connectivity.
2. Configure a VRRP group on RouterA and RouterB, set a higher priority for RouterA so that RouterA
functions as the master to forward traffic and set the preemption delay to 20s on RouterA, and set a lower
priority for RouterB so that RouterB functions as the backup.
Procedure
1. Configure devices to ensure network connectivity.
# Assign an IP address to each interface. RouterA is used as an example. The configurations of RouterB
and RouterC are similar to the configuration of RouterA, and are not mentioned here.
<Huawei> system-view
[Huawei] sysname RouterA
[RouterA] interface gigabitethernet 2/0/0
[RouterA-GigabitEthernet2/0/0] ip address 10.1.1.1 24
[RouterA-GigabitEthernet2/0/0] quit
# Configure OSPF between RouterA, RouterB, and RouterC. RouterA is used as an example. The
configurations of RouterB and RouterC are similar to the configuration of RouterA, and are not mentioned
here.
[RouterA] ospf 1
[RouterA-ospf-1] area 0
[RouterA-ospf-1-area-0.0.0.0] network 10.1.1.0 0.0.0.255
[RouterA-ospf-1-area-0.0.0.0] quit
[RouterA-ospf-1] quit
2. Configure VRRP groups.

# Configure VRRP group 1 on RouterA, and set the priority of RouterA to 120 and the preemption delay to
20s.
[RouterA-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111
[RouterA-GigabitEthernet2/0/0] vrrp vrid 1 priority 120
[RouterA-GigabitEthernet2/0/0] vrrp vrid 1 preempt-mode timer delay 20
# Configure VRRP group 1 on RouterB. RouterB uses the default priority of 100.
[RouterB] interface gigabitethernet 2/0/0
[RouterB-GigabitEthernet2/0/0] vrrp vrid 1 virtual-ip 10.1.1.111
[RouterB-GigabitEthernet2/0/0] quit
3. Verify the configuration.

# After the configuration is complete, run the display vrrp command on RouterA and RouterB. You can see
that RouterA is in Master state and RouterB is in Backup state.
[RouterA] display vrrp
GigabitEthernet2/0/0 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
Master IP : 10.1.1.1
PriorityRun : 120
PriorityConfig : 120
MasterPriority : 120
Preempt : YES Delay Time : 20 s
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Config type : normal-vrrp
Backup-forward : disabled
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
[RouterB] display vrrp
State : Backup
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
# Run the shutdown command on GE2/0/0 of RouterA to simulate a link fault.

[RouterA-GigabitEthernet2/0/0] shutdown
Run the display vrrp command on RouterB to view the VRRP status. The command output shows
that RouterB is in Master state.
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
# Run the undo shutdown command on GE2/0/0 of RouterA. After 20s, run the display vrrp command
on RouterA to view the VRRP status. RouterA restores to be in Master state.
[RouterA-GigabitEthernet2/0/0] undo shutdown
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
Configuration Files
 RouterA configuration file
 #
 sysname RouterA
 #
 interface GigabitEthernet1/0/0
 ip address 192.168.1.1 255.255.255.0
 #
 ip address 10.1.1.1 255.255.255.0
 vrrp vrid 1 virtual-ip 10.1.1.111
 vrrp vrid 1 priority 120
 vrrp vrid 1 preempt-mode timer delay 20
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return
 RouterB configuration file

 #
 sysname RouterB
 #
 ip address 192.168.2.1 255.255.255.0
 #
 ip address 10.1.1.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.2.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return
 RouterC configuration file

 #
 sysname RouterC
 #
 ip address 192.168.1.2 255.255.255.0
 #
 ip address 192.168.2.2 255.255.255.0
 #
 ip address 172.16.1.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 172.16.1.0 0.0.0.255
 network 192.168.1.0 0.0.0.255
 network 192.168.2.0 0.0.0.255
 #
return
7.9.2 Example for Configuring a VRRP Group in Multi-gateway Load

Balancing Mode
In Figure 7-12, HostA and HostC are dual-homed to RouterA and RouterB through the switch. The requirements are as
follows:
 HostA uses RouterA as the default gateway to connect to the Internet, and RouterB functions as the backup
gateway.
 HostC uses RouterB as the default gateway to connect to the Internet, and RouterA functions as the backup
gateway.
Therefore, load balancing can be implemented.
Figure 7-12 Networking diagram for configuring VRRP in multi-gateway load balancing mode
Multi-gateway load balancing is used to load balance traffic. The configuration roadmap is as follows:
2. Create VRRP groups 1 and 2 on RouterA and RouterB. In VRRP group 1, configure RouterA as the master
and RouterB as the backup. In VRRP group 2, configure RouterB as the master and RouterA as the backup.
Procedure
here.
[RouterA] ospf 1
# Configure VRRP group 1 on RouterA and RouterB, set the priority of RouterA to 120 and the preemption
delay to 20s, and set the default priority for RouterB.
# Configure VRRP group 2 on RouterA and RouterB, set the priority of RouterB to 120 and the preemption
delay to 20s, and set the default priority for RouterA.
[RouterB-GigabitEthernet2/0/0] vrrp vrid 2 priority 120
[RouterB-GigabitEthernet2/0/0] vrrp vrid 2 preempt-mode timer delay 20

# After the configuration is complete, run the display vrrp command on RouterA. You can see that RouterA
is the master in VRRP group 1 and the backup in VRRP group 2.
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
State : Backup
Virtual IP : 10.1.1.112
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Create time : 2012-05-11 11:40:18
Last change time : 2012-05-26 11:48:58
# After the configuration is complete, run the display vrrp command on RouterB. You can see that RouterB
is the backup in VRRP group 1 and the master in VRRP group 2.
State : Backup
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-11 11:39:18
Last change time : 2012-05-26 11:38:58
State : Master
Virtual IP : 10.1.1.112
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Create time : 2012-05-11 11:40:18
Last change time : 2012-05-26 11:48:58
Configuration Files
 #
 sysname RouterA
 #
 ip address 192.168.1.1 255.255.255.0
 #
 ip address 10.1.1.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterB
 #
 ip address 192.168.2.1 255.255.255.0
 #
 ip address 10.1.1.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.2.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterC
 #
 ip address 192.168.1.2 255.255.255.0
 #
 ip address 192.168.2.2 255.255.255.0
 #
 ip address 172.16.1.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 172.16.1.0 0.0.0.255
 network 192.168.1.0 0.0.0.255
 network 192.168.2.0 0.0.0.255
 #
return
7.9.3 Example for Configuring Association Between VRRP and BFD to

Implement a Rapid Active/Standby Switchover
In Figure 7-13, hosts on a LAN are dual-homed to RouterA and RouterB through the switch. A VRRP group is
established on RouterA and RouterB, and RouterA is the master.
When RouterA or the link between RouterA and the switch is faulty, the switchover period is within 1s. This reduces
the impact of the fault on service transmission.
Figure 7-13 Networking diagram for configuring association between VRRP and BFD to implement a rapid active/standby
switchover
Association between VRRP and BFD is used to implement fast switching of master and backup gateways. The
configuration roadmap is as follows:
2. Configure a VRRP group on RouterA and RouterB, set the priority of RouterA to 120 and the preemption
delay to 20s so that RouterA functions as the master, and set the default priority for RouterB so that RouterB
functions as the backup.
3. Configure a static BFD session on RouterA and RouterB to monitor the link of the VRRP group.
4. Configure association between VRRP and BFD on RouterB. When the link is faulty, an active/standby
switchover can be performed rapidly.
Procedure
# Assign an IP address to each interface and configure a routing protocol. RouterA is used as an example.
The configurations of RouterB and RouterC are similar to the configuration of RouterA, and are not
mentioned here.
[RouterA] ospf

20s.
# Configure VRRP group 1 on RouterB, and set the default priority of 100 for RouterB.
3. Configure a static BFD session.

# Create a BFD session on RouterA.
[RouterA] bfd
[RouterA-bfd] quit
[RouterA] bfd atob bind peer-ip 10.1.1.2 interface gigabitethernet 2/0/0
[RouterA-bfd-session-atob] discriminator local 1
[RouterA-bfd-session-atob] discriminator remote 2
[RouterA-bfd-session-atob] min-rx-interval 50
[RouterA-bfd-session-atob] min-tx-interval 50
[RouterA-bfd-session-atob] commit
[RouterA-bfd-session-atob] quit
# Create a BFD session on RouterB.

[RouterB] bfd
[RouterB-bfd] quit
[RouterB] bfd btoa bind peer-ip 10.1.1.1 interface gigabitethernet 2/0/0
[RouterB-bfd-session-btoa] discriminator local 2
[RouterB-bfd-session-btoa] discriminator remote 1
[RouterB-bfd-session-btoa] min-rx-interval 50
[RouterB-bfd-session-btoa] min-tx-interval 50
[RouterB-bfd-session-btoa] commit
[RouterB-bfd-session-btoa] quit
Run the display bfd session command on RouterA and RouterB. You can see that the BFD session is Up.
The display on Router A is used as an example.
[RouterA] display bfd session all
--------------------------------------------------------------------------------
Local Remote PeerIpAddr State Type InterfaceName
--------------------------------------------------------------------------------
1 2 10.1.1.2 Up S_IP_IF GigabitEthernet1/0/0
--------------------------------------------------------------------------------
Total UP/DOWN Session Number : 1/0
4. Configure association between VRRP and BFD.

# Configure association between VRRP and BFD on RouterB. When the BFD session becomes Down, the
priority of RouterB increases by 40.
[RouterB-GigabitEthernet2/0/0] vrrp vrid 1 track bfd-session 2 increased 40

# After the configuration is complete, run the display vrrp command on RouterA and RouterB. RouterA is
the master, RouterB is the backup, and the associated BFD session is in Up state.
State : Master
Virtual IP : 10.1.1.3
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:32:56
Last change time : 2012-05-22 17:33:00
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Track BFD : 2 Priority increased : 40
BFD-Session State: UP
Create time : 2012-05-22 17:33:00
Last change time : 2012-05-22 17:33:04
# Run the shutdown command on GE2/0/0 of RouterA to simulate a link fault. Then run the display
vrrpcommand on RouterA and RouterB. You can see that RouterA is in Initialize state, RouterB becomes
the master, and the associated BFD session becomes Down.
State : Initialize
Master IP : 0.0.0.0
PriorityRun : 120
MasterPriority : 0
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:32:56
Last change time : 2012-05-22 17:33:06
State : Master
PriorityRun : 140
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
BFD-Session State: DOWN
Create time : 2012-05-22 17:33:00
Last change time : 2012-05-22 17:33:06
# Run the undo shutdown command on GE2/0/0 of RouterA. After 20s, run the display vrrp command
on RouterA and RouterB. You can see that RouterA restores to be the master and RouterB the backup, and
the associated BFD session is in Up state.
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:32:56
Last change time : 2012-05-22 17:33:50
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:33:00
Last change time : 2012-05-22 17:33:50
Configuration Files
 #
 sysname RouterA
 #
 bfd
 #
 ip address 10.1.1.1 255.255.255.0
 #
 bfd atob bind peer-ip 10.1.1.2 interface GigabitEthernet2/0/0
 discriminator local 1
 discriminator remote 2
 min-tx-interval 50
 min-rx-interval 50
 commit
 #
return

 #
 sysname RouterB
 #
 bfd
 #
 ip address 10.1.1.2 255.255.255.0
 vrrp vrid 1 track bfd-session 2 increased 40
 #
 bfd btoa bind peer-ip 10.1.1.1 interface GigabitEthernet2/0/0
 commit
 #
return
7.9.4 Example for Configuring Association Between VRRP and the Interface
Status
established on RouterA and RouterB, and RouterA is the master.
When GE1/0/0 on RouterA becomes faulty, the VRRP group can immediately detect the fault and an active/standby
switchover is performed. RouterB then continues to forward services. This reduces the impact of the fault on service
transmission.
Figure 7-14 Network diagram for configuring association between VRRP and the interface status
functions as the master to forward traffic, and set a lower priority for routerB so that routerB functions as the
backup.
3. Configure association between VRRP and GE1/0/0. When the link between RouterA and RouterC becomes
faulty, the VRRP group can immediately detect the fault and an active/standby switchover is performed.
Procedure
here.
[RouterA] ospf 1

20s.
# Configure VRRP group 1 on RouterB. RouterB uses default value 100.

3. Configure association between VRRP and the interface status.

# Configure association between VRRP and the interface status on RouterA. When GE1/0/0 becomes Down,
the priority of RouterA decreases by 40.
[RouterA-GigabitEthernet2/0/0] vrrp vrid 1 track interface gigabitethernet 1/0/0
reduced 40

the master, RouterB is the backup, and the associated interface is in Up state.
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Track IF : GigabitEthernet1/0/0 Priority reduced : 40
IF state : UP
Create time : 2012-05-22 17:32:56
Last change time : 2012-05-22 17:33:00
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:33:00
Last change time : 2012-05-22 17:33:04
# Run the shutdown command on GE1/0/0 of RouterA to simulate a link fault. Run the display
vrrp command on RouterA and RouterB. You can see that RouterA switches to the Backup state, RouterB
switches to the Master state, and the associated interface is in Down state.
State : Backup
PriorityRun : 80
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
IF state : DOWN
Create time : 2012-05-22 17:33:56
Last change time : 2012-05-22 17:34:00
State : Master
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:34:00
Last change time : 2012-05-22 17:34:04
# Run the undo shutdown command on GE1/0/0 of RouterA. Run the display vrrp command on RouterA
and RouterB. After 20s, you can see that RouterA restores to be the master, RouterB restores to be the
backup, and the associated interface is in Up state.
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
IF state : UP
Create time : 2012-05-22 17:34:56
Last change time : 2012-05-22 17:35:00
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:35:00
Last change time : 2012-05-22 17:35:04
Configuration Files
 #
 sysname RouterA
 #
 ip address 192.168.1.1 255.255.255.0
 #
 ip address 10.1.1.1 255.255.255.0
 vrrp vrid 1 track interface GigabitEthernet1/0/0 reduced 40
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterB
 #
 ip address 192.168.2.1 255.255.255.0
 #
 ip address 10.1.1.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.2.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterC
 #
 ip address 192.168.1.2 255.255.255.0
 #
 ip address 192.168.2.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 192.168.2.0 0.0.0.255
 #
return
7.9.5 Example for Configuring Association Between VRRP and BFD to

Monitor the Uplink Status
established on RouterA and RouterB, and RouterA is the master. Generally, RouterA functions as the gateway and user
traffic is along the path Switch -> RouterA -> RouterC -> RouterE.
When the link between RouterC and RouterE is faulty, the VRRP group can detect the fault within 1s and an
active/standby switchover is performed rapidly. Then RouterB forwards services, so the impact of the link fault on
service transmission is reduced.
Figure 7-15 Association between VRRP and BFD to monitor the uplink status
delay to 20s so that RouterA functions as the master, and configure RouterB to use the default priority so
that RouterB functions as the backup.
3. Configure a static BFD session on RouterA and RouterE to monitor the link between RouterA and RouterE.
4. Configure association between VRRP and BFD on RouterA. When the link is faulty, an active/standby
switchover can be performed rapidly.
Procedure
# Assign an IP address to each interface. RouterA is used as an example. The configurations
of RouterB, RouterC, RouterD, RouterE are similar to the configuration of routerA, and are not mentioned
here.
# Configure OSPF between Routers. RouterA is used as an example. The configurations

of RouterB, RouterC, RouterD, RouterE are similar to the configuration of RouterA, and are not mentioned
here.
[RouterA] ospf 1

20s.
# Configure VRRP group 1 on RouterB. RouterB uses default priority 100.

3. Configure a static BFD session.

# Create a BFD session on RouterA.
[RouterA] bfd
[RouterA-bfd] quit
[RouterA] bfd atob bind peer-ip 172.16.1.2
[RouterA-bfd-session-atob] discriminator local 1
[RouterA-bfd-session-atob] discriminator remote 2
[RouterA-bfd-session-atob] min-rx-interval 50
[RouterA-bfd-session-atob] min-tx-interval 50
[RouterA-bfd-session-atob] commit
[RouterA-bfd-session-atob] quit
# Create a BFD session on RouterE.

[RouterE] bfd
[RouterE-bfd] quit
[RouterE] bfd btoa bind peer-ip 192.168.1.1
[RouterE-bfd-session-btoa] discriminator local 2
[RouterE-bfd-session-btoa] discriminator remote 1
[RouterE-bfd-session-btoa] min-rx-interval 50
[RouterE-bfd-session-btoa] min-tx-interval 50
[RouterE-bfd-session-btoa] commit
[RouterE-bfd-session-btoa] quit
4. Configure association between VRRP and BFD.

# Configure association between VRRP and BFD on RouterA. When the BFD session becomes Down, the
priority of RouterA decreases by 40.
[RouterA-GigabitEthernet1/0/0] vrrp vrid 1 track bfd-session 1 reduced 40

the master, RouterB is the backup, and the associated BFD session is in Up state.
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Track BFD : 1 Priority reduced : 40
Create time : 2012-05-22 17:32:56
Last change time : 2012-05-22 17:33:00
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:33:00
Last change time : 2012-05-22 17:33:04
# Run the shutdown command on GE1/0/0 of RouterE to simulate a link fault.

[RouterE] interface gigabitethernet 1/0/0
[RouterE-GigabitEthernet1/0/0] shutdown
[RouterE-GigabitEthernet1/0/0] quit
# Run the display vrrp command on RouterA and RouterB. You can see that RouterA is in Backup
state, RouterB becomes the master, and the associated BFD session becomes Down.
State : Backup
PriorityRun : 80
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
BFD-Session State: DOWN
Create time : 2012-05-22 17:34:56
Last change time : 2012-05-22 17:35:00
State : Master
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:35:00
Last change time : 2012-05-22 17:35:04
# Run the undo shutdown command on GE1/0/0 of RouterE.

[RouterE-GigabitEthernet1/0/0] undo shutdown
# After 20s, run the display vrrp command on RouterA and RouterB. You can see that RouterA restores to
be the master, RouterB restores to be the backup, and the associated BFD session is in Up state.
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:36:56
Last change time : 2012-05-22 17:37:00
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:37:00
Last change time : 2012-05-22 17:37:04
Configuration Files
 #
 sysname RouterA
 #
 bfd
 #
 ip address 10.1.1.1 255.255.255.0
 vrrp vrid 1 track bfd-session 1 reduced 40
 #
 ip address 192.168.1.1 255.255.255.0
 #
 bfd atob bind peer-ip 172.16.1.2
 commit
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #

return

 #
 sysname RouterB
 #
 bfd
 #
 ip address 10.1.1.2 255.255.255.0
 #
 ip address 192.168.2.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.2.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterC
 #
 ip address 192.168.1.2 255.255.255.0
 #
 ip address 172.16.1.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 172.16.1.0 0.0.0.255
 network 192.168.1.0 0.0.0.255
 #
return
 RouterD configuration file

 #
 sysname RouterD
 #
 ip address 192.168.2.2 255.255.255.0
 #
 ip address 172.16.2.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 172.16.2.0 0.0.0.255
 network 192.168.2.0 0.0.0.255
 #
return
 RouterE configuration file

 #
 sysname RouterE
 #
 bfd
 #
 ip address 172.16.1.2 255.255.255.0
 #
 ip address 172.16.2.2 255.255.255.0
 #
 bfd btoa bind peer-ip 192.168.1.1
 commit
 #
 ospf 1
 area 0.0.0.0
 network 172.16.1.0 0.0.0.255
 network 172.16.2.0 0.0.0.255
 #
return
7.9.6 Example for Configuring Association Between VRRP and NQA to

established on RouterA and RouterB, and RouterA is the master. Generally, RouterA functions as the gateway and user
traffic is transmitted along the path Switch -> RouterA -> RouterC -> RouterE.
When the link between RouterC and RouterE is faulty or unstable, the VRRP group can detect the fault and an
active/standby switchover is performed rapidly. Then RouterB forwards services, so the impact of the link fault on
service transmission is reduced.
Figure 7-16 Association between VRRP and NQA to monitor the uplink status
delay to 20s so that RouterA functions as the master, and configure RouterB to use the default priority so
that RouterB functions as the backup.
3. Configure an NQA test instance of ICMP on RouterA, specify the IP address of GE1/0/0 on RouterE as the
destination address, and configure the NQA test instance to detect connectivity of the link between RouterA
and RouterE.
4. Configure association between VRRP and NQA on RouterA. When the NQA test instance detects the link
fault, an active/standby switchover is triggered.
Procedure
# Assign an IP address to each interface. RouterA is used as an example. The configurations of other routers
are similar to the configuration of routerA, and are not mentioned here.
# Configure Layer 2 transparent transmission on the switch.

[Huawei] sysname Switch
[Switch] vlan 10
[Switch-vlan10] quit
[Switch] interface gigabitethernet 1/0/0
[Switch-GigabitEthernet1/0/0] port hybrid pvid vlan 10
[Switch-GigabitEthernet1/0/0] port hybrid untagged vlan 10
[Switch-GigabitEthernet1/0/0] quit
# Configure OSPF between devices. RouterA is used as an example. The configurations of other Routers are
similar to the configuration of RouterA, and are not mentioned here.
[RouterA] ospf 1

20s.

3. # Configure an NQA test instance of ICMP with destination IP address 20.1.1.2/24 on RouterA. When the
packet loss ratio reaches 80%, the NQA test instance is considered failed.
4. [RouterA] nqa test-instance user test
5. [RouterA-user-test] test-type icmp
6. [RouterA-user-test] destination-address ipv4 20.1.1.2
7. [RouterA-user-test] frequency 20
8. [RouterA-user-test] probe-count 5
9. [RouterA-user-test] fail-percent 80
10. [RouterA-user-test] start now
[RouterA-user-test] quit
11. Configure association between VRRP and NQA on RouterA. When the NQA test instance is failed, the
12. [RouterA] interface gigabitethernet 1/0/0
13. [RouterA-GigabitEthernet1/0/0] vrrp vrid 1 track nqa user test reduced 40
14. [RouterA-GigabitEthernet1/0/0] quit

that RouterA is the master, RouterB is the backup, and the associated NQA test instance is success.
<RouterA> display vrrp
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Track NQA : user test Priority reduced : 40
NQA state : success
Create time : 2012-05-22 17:32:56
Last change time : 2012-05-22 17:33:00
<RouterB> display vrrp
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:33:00
Last change time : 2012-05-22 17:33:04

# Run the display nqa results test-instance user test command on RouterA. The command output shows
that the NQA test instance status is failed.
<RouterA> display nqa results test-instance user test
NQA entry(user, test) :testflag is active ,testtype is icmp
1 .Test 1 result The test is finished
Send operation times: 5 Receive response times: 0
Completion:failed RTD OverThresholds number: 0
Attempts number:1 Drop operation number:0
Disconnect operation number:0 Operation timeout number:5
System busy operation number:0 Connection fail number:0
Operation sequence errors number:0 RTT Stats errors number:0
Destination ip address:20.1.1.2
Min/Max/Average Completion Time: 0/0/0
Sum/Square-Sum Completion Time: 0/0
Last Good Probe Time: 0000-00-00 00:00:00.0
Lost packet ratio: 100 %
state, RouterB becomes the master, and the NQA test instance is failed.
State : Backup
PriorityRun : 80
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
NQA state : failed
Create time : 2012-05-22 17:34:56
Last change time : 2012-05-22 17:35:00
State : Master
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:35:00
Last change time : 2012-05-22 17:35:04

be the master and RouterB the backup, and the associated NQA test instance status is success.
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
NQA state : success
Create time : 2012-05-22 17:36:56
Last change time : 2012-05-22 17:37:00
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth Type : NONE
Virtual Mac : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-22 17:37:00
Last change time : 2012-05-22 17:37:04
Configuration Files
 #
 sysname RouterA
 #
 ip address 10.1.1.1 255.255.255.0
 vrrp vrid 1 track nqa user test reduced 40
 #
 ip address 192.168.1.1 255.255.255.0
 #
 nqa test-instance user test
 test-type icmp
 destination-address ipv4 20.1.1.2
 frequency 20
 fail-percent 80
 probe-count 5
 fail-percent 80
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterB
 #
 ip address 10.1.1.2 255.255.255.0
 #
 ip address 192.168.2.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.2.0 0.0.0.255
 network 10.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterC
 #
 ip address 192.168.1.2 255.255.255.0
 #
 ip address 20.1.1.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 20.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterD
 #
 ip address 192.168.2.2 255.255.255.0
 #
 ip address 30.1.1.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.2.0 0.0.0.255
 network 30.1.1.0 0.0.0.255
 #
return

 #
 sysname RouterE
 #
 ip address 20.1.1.2 255.255.255.0
 #
 ip address 30.1.1.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 20.1.1.0 0.0.0.255
 network 30.1.1.0 0.0.0.255
 #
return
 Switch configuration file

 #
 sysname Switch
 #
 vlan batch 10
 #
 port hybrid pvid vlan 10
 port hybrid untagged vlan 10
 #
 #
return
7.9.7 Example for Configuring Association Between VRRP and Routing to

established on RouterA and RouterB, and RouterA is the master. RouterA functions as the gateway and user traffic is
forwarded along the path Switch -> RouterA -> RouterC -> RouterE.
When the route between RouterC and RouterE is withdrawn or becomes inactive, the VRRP group is required to be
able to detect the fault. Then an active/standby switchover is performed rapidly and RouterB takes over services. This
reduces the impact of the link fault on service forwarding.
Figure 7-17 Association between VRRP and routing to monitor the uplink status
functions as the master to forward traffic and set the preemption delay to 20s, and set a lower priority
for RouterB so that RouterB functions as the backup.
3. Configure association between VRRP and routing on RouterA so that an active/standby switchover is
performed immediately when the monitored route is withdrawn or becomes inactive.
Procedure
1. Assign an IP address to each interface. RouterA is used as an example. The configurations
of RouterB, RouterC, RouterD, and RouterE are similar to the configuration of RouterA, and are not
mentioned here. For details, see the configuration files.
2. <Huawei> system-view
3. [Huawei] sysname RouterA
5. [RouterA-GigabitEthernet1/0/0] ip address 10.1.1.1 24
8. [RouterA-GigabitEthernet2/0/0] ip address 192.168.1.1 24
10. Configure Layer 2 transmission on the switch.

11. <Huawei> system-view
12. [Huawei] sysname Switch
13. [Switch] vlan 100
14. [Switch-vlan100] quit
15. [Switch] interface gigabitethernet1/0/0
16. [Switch-GigabitEthernet1/0/0] port link-type trunk
17. [Switch-GigabitEthernet1/0/0] port trunk allow-pass vlan 100
18. [Switch-GigabitEthernet1/0/0] port trunk pvid vlan 100
19. [Switch-GigabitEthernet1/0/0] undo port trunk allow-pass vlan 1
20. [Switch-GigabitEthernet1/0/0] quit
21. [Switch] interface gigabitethernet2/0/0
22. [Switch-GigabitEthernet2/0/0] port link-type trunk
23. [Switch-GigabitEthernet2/0/0] port trunk allow-pass vlan 100
24. [Switch-GigabitEthernet2/0/0] port trunk pvid vlan 100
25. [Switch-GigabitEthernet2/0/0] undo port trunk allow-pass vlan 1

20s.

27. Configure IS-IS. RouterA, RouterC, and RouterE are used as an example. The configurations of RouterB
and RouterD are similar to the configuration of RouterA, and are not mentioned here. For details, see the
configuration files.
# Set the IS-IS NET of RouterA to 10.0000.0000.0001.00, and set the IS-IS level to 1.
[RouterA] isis 1
[RouterA-isis-1] is-level level-1
[RouterA-isis-1] network-entity 10.0000.0000.0001.00
[RouterA-isis-1] quit
[RouterA-GigabitEthernet2/0/0] isis enable 1
# Set the IS-IS NET of RouterC to 10.0000.0000.0002.00, and set the IS-IS level to 1.
[RouterC] isis 1
[RouterC-isis-1] is-level level-1
[RouterC-isis-1] network-entity 10.0000.0000.0002.00
[RouterC-isis-1] quit
[RouterC] interface gigabitethernet 1/0/0
[RouterC-GigabitEthernet1/0/0] isis enable 1
[RouterC-GigabitEthernet1/0/0] quit
[RouterC] interface gigabitethernet 2/0/0
[RouterC-GigabitEthernet2/0/0] isis enable 1
[RouterC-GigabitEthernet2/0/0] quit
# Set the IS-IS NET of RouterE to 10.0000.0000.0003.00 and 20.0000.0000.0003.00, and set the IS-IS level
to 1.
[RouterE] isis 1
[RouterE-isis-1] is-level level-1
[RouterE-isis-1] network-entity 10.0000.0000.0003.00
[RouterE-isis-1] quit
[RouterE-GigabitEthernet1/0/0] isis enable 1
[RouterE] isis 2
[RouterE-isis-2] is-level level-1
[RouterE-isis-2] network-entity 20.0000.0000.0003.00
[RouterE-isis-2] quit
[RouterE-GigabitEthernet2/0/0] isis enable 2
28. Configure association between VRRP and routing on RouterA. When the associated route is withdrawn, the
30. [RouterA-GigabitEthernet1/0/0] vrrp vrid 1 track ip route 172.16.1.0 24 reduced
40

# After the configuration is complete, run the display isis route command on RouterA. You can see a route
to network segment 172.16.1.0/24.
[RouterA] display isis route
Route information for ISIS(1)

-----------------------------
ISIS(1) Level-1 Forwarding Table

--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------
172.16.1.0/24 20 NULL GE2/0/0 192.168.1.2 A/-/-/-
192.168.1.0/24 10 NULL GE2/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
# Run the display vrrp command on RouterA and RouterB. You can see that RouterA is the
master, RouterB is the backup, and the associated route is reachable.
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Track IP route : 172.16.1.0/24 Priority reduced : 40
IP route state : Reachable
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:25:51
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:25:51

# Run the display isis route command on RouterA. You can see that the route to network segment
172.16.1.0/24 is withdrawn.
[RouterA] display isis route
Route information for ISIS(1)

-----------------------------
ISIS(1) Level-1 Forwarding Table

--------------------------------
IPV4 Destination IntCost ExtCost ExitInterface NextHop Flags

-------------------------------------------------------------------------------
192.168.1.0/24 10 NULL GE2/0/0 Direct D/-/L/-
Flags: D-Direct, A-Added to URT, L-Advertised in LSPs, S-IGP Shortcut,
U-Up/Down Bit Set
state, RouterB is in Master state, and the associated route is unreachable.
State : Backup
PriorityRun : 80
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
IP route state : Unreachable
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:25:51
State : Master
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:25:51

be the master and RouterB the backup, and the associated route is reachable.
State : Master
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
IP route state : Reachable
Create time : 2012-05-29 21:27:47
Last change time : 2012-05-29 21:27:51
State : Backup
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:27:47
Last change time : 2012-05-29 21:27:51
Configuration Files
 #
 sysname RouterA
 #
 isis 1
 is-level level-1
 network-entity 10.0000.0000.0001.00
 #
 ip address 10.1.1.1 255.255.255.0
 vrrp vrid 1 track ip route 172.16.1.0 255.255.255.0 reduced 40
 #
 ip address 192.168.1.1 255.255.255.0
 isis enable 1
 #
 return

 #
 sysname RouterB
 #
 isis 2
 network-entity 20.0000.0000.0001.00
 #
 ip address 10.1.1.2 255.255.255.0
 #
 ip address 192.168.2.1 255.255.255.0
 isis enable 2
 #
 return

 #
 sysname RouterC
 #
 isis 1
 network-entity 10.0000.0000.0002.00
 #
 ip address 192.168.1.2 255.255.255.0
 isis enable 1
 #
 ip address 172.16.1.1 255.255.255.0
 isis enable 1
 #
return

 #
 sysname RouterD
 #
 isis 2
 network-entity 20.0000.0000.0002.00
 #
 ip address 192.168.2.2 255.255.255.0
 isis enable 2
 #
 ip address 172.16.2.1 255.255.255.0
 isis enable 2
 #
return
 #
 sysname RouterE
 #
 isis 1
 network-entity 10.0000.0000.0003.00
 #
 isis 2
 network-entity 20.0000.0000.0003.00
 #

 ip address 172.16.1.2 255.255.255.0
 isis enable 1
 #

 ip address 172.16.2.2 255.255.255.0
 isis enable 2
 #
return

 #
 sysname Switch
 #
 vlan batch 100
 #
 interface Ethernet
 port link-type trunk
 port trunk pvid vlan 100
 undo port trunk allow-pass vlan 1
 port trunk allow-pass vlan 100
 #
 interface Ethernet
 port trunk pvid vlan 100
 undo port trunk allow-pass vlan 1
 #
return
7.9.8 Example for Configuring VRRP on a Dot1q Termination Sub-interface
In Figure 7-18, hosts on a LAN are dual-homed to RouterA and RouterB through the switch. User packets sent from
the switch carry one tag. The requirements are as follows:
 After RouterA recovers, it becomes the gateway within 20s.
Figure 7-18 Networking for configuring VRRP on the Dot1q termination sub-interface
VRRP is configured on the Dot1q termination sub-interface to implement gateway redundancy. The configuration
roadmap is as follows:
2. Configure a VRRP group on sub-interfaces of RouterA and RouterB, set a higher priority for RouterA so
that RouterA functions as the master to forward traffic and set the preemption delay to 20s, and set a lower
Procedure
and RouterC are similar to the configuration of RouterA, and are not mentioned here. For details, see the
[RouterA] interface gigabitethernet 2/0/0.1
[RouterA-GigabitEthernet2/0/0.1] ip address 10.1.1.1 24
[RouterA-GigabitEthernet2/0/0.1] quit
# Configure Layer 2 forwarding on the switch.

[Switch] vlan 10
[Switch-GigabitEthernet1/0/0] port link-type access
[Switch-GigabitEthernet1/0/0] port default vlan 10
[Switch-GigabitEthernet1/0/1] port link-type trunk
[Switch-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
[Switch-GigabitEthernet1/0/2] port link-type trunk
[Switch-GigabitEthernet1/0/2] port trunk allow-pass vlan 10
here. For details, see the configuration files.
[RouterA] ospf 1
2. Configure VRRP on a Dot1q termination sub-interface.

# Configure VRRP group 1 on GE2/0/0.1 of RouterA, and set the priority of RouterA to 120 and the
preemption delay to 20s.
[RouterA-GigabitEthernet2/0/0.1] dot1q termination vid 10
[RouterA-GigabitEthernet2/0/0.1] arp broadcast enable
[RouterA-GigabitEthernet2/0/0.1] dot1q vrrp vid 10
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 10.1.1.111
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 priority 120
[RouterA-GigabitEthernet2/0/0.1] vrrp vrid 1 preempt-mode timer delay 20
# Configure VRRP group 1 on GE2/0/0.1 of RouterB, and set the default priority of 100 for RouterB.
[RouterB] interface gigabitethernet 2/0/0.1
[RouterB-GigabitEthernet2/0/0.1] dot1q termination vid 10
[RouterB-GigabitEthernet2/0/0.1] arp broadcast enable
[RouterB-GigabitEthernet2/0/0.1] dot1q vrrp vid 10
[RouterB-GigabitEthernet2/0/0.1] vrrp vrid 1 virtual-ip 10.1.1.111
[RouterB-GigabitEthernet2/0/0.1] quit

that RouterA is in Master state and RouterB is in Backup state.
GigabitEthernet2/0/0.1 | Virtual Router 1
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-30 21:25:47
Last change time : 2012-05-30 21:25:51
State : Backup
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-30 21:25:47
Last change time : 2012-05-30 21:25:51
# Run the display ip routing-table command on RouterA and RouterB. The command output shows that a
direct route to the virtual IP address exists in the routing table of RouterA and an OSPF route to the virtual
IP address exists in the routing table of RouterB.
[RouterA] display ip routing-table
Route Flags: R - relay, D - download to fib
------------------------------------------------------------------------------
Routing Tables: Public
Destinations : 8 Routes : 9
Destination/Mask Proto Pre Cost Flags NextHop Interface
10.1.1.0/24 Direct 0 0 D 10.1.1.1 GigabitEthernet2/0/0.1

127.0.0.0/8 Direct 0 0 D 127.0.0.1 InLoopBack0
192.168.1.0/24 OSPF 10 2 D 192.168.2.2 GigabitEthernet1/0/0
OSPF 10 2 D 10.1.1.2 GigabitEthernet2/0/0.1
192.168.2.0/24 Direct 0 0 D 192.168.2.1 GigabitEthernet1/0/0
[RouterB] display ip routing-table
------------------------------------------------------------------------------

10.1.1.111/32 OSPF 10 2 D 10.1.1.1 GigabitEthernet2/0/0.1
# Run the shutdown command on GE2/0/0.1 of RouterA to simulate a link fault.

[RouterA-GigabitEthernet2/0/0.1] shutdown
# Run the display vrrp command on RouterA and RouterB. You can see that RouterA is in Initialize state
and RouterB is in Master state.
State : Initialize
Virtual IP : 10.1.1.111
Master IP : 0.0.0.0
PriorityRun : 120
MasterPriority : 0
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-30 21:27:47
Last change time : 2012-05-30 21:27:51
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-30 21:27:47
Last change time : 2012-05-30 21:27:51
# Run the undo shutdown command on GE2/0/0.1 of RouterA.

[RouterA-GigabitEthernet2/0/0.1] undo shutdown
# After 20s, run the display vrrp command on RouterA and RouterB. You can see that RouterA is in Master
state and RouterB is in Backup state.
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-30 21:28:47
Last change time : 2012-05-30 21:28:51
State : Backup
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-30 21:28:47
Last change time : 2012-05-30 21:28:51
Configuration Files
 #
 sysname RouterA
 #
 ip address 192.168.2.1 255.255.255.0
 #
 interface GigabitEthernet2/0/0.1
 dot1q termination vid 10
 dot1q vrrp vid 10
 ip address 10.1.1.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 10.1.1.0 0.0.0.255
 network 192.168.2.0 0.0.0.255
 #
return

 #
 sysname RouterB
 #
 ip address 192.168.1.1 255.255.255.0
 #
 dot1q termination vid 10
 dot1q vrrp vid 10
 ip address 10.1.1.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 10.1.1.0 0.0.0.255
 network 192.168.1.0 0.0.0.255
 #
return

 #
 sysname RouterC
 #
 ip address 192.168.2.2 255.255.255.0
 #
 ip address 192.168.1.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 192.168.2.0 0.0.0.255
 #
return

 #
 sysname Switch
 #
 vlan batch 10
 #
 port link-type access
 port default vlan 10
 #
 #
 #
return
7.9.9 Example for Configuring VRRP on a QinQ Termination Sub-interface
In Figure 7-19, hosts on a LAN are dual-homed to RouterA and RouterB through LSW1. HostA belongs to VLAN 10
and HostB belongs to VLAN 20. User packets sent from LSW1 carry double tags. The requirements are as follows:
Figure 7-19 Networking for configuring VRRP on a QinQ termination sub-interface
2. Configure a VRRP group on sub-interfaces of RouterA and RouterB, set a higher priority for RouterA so
that RouterA functions as the master to forward traffic and set the preemption delay to 20s, and set a lower
Procedure
and RouterC are similar to the configuration of RouterA, and are not mentioned here. For details, see the
here. For details, see the configuration files.
[RouterA] ospf 1
2. Configure Layer 2 forwarding.

# Configure LSW2.
[Huawei] sysname LSW2
[LSW2] vlan 10
[LSW2-vlan10] quit
[LSW2] interface gigabitethernet 1/0/0
[LSW2-GigabitEthernet1/0/0] port link-type access
[LSW2-GigabitEthernet1/0/0] port default vlan 10
[LSW2-GigabitEthernet1/0/0] quit
[LSW2-GigabitEthernet1/0/1] port link-type trunk
[LSW2-GigabitEthernet1/0/1] port trunk allow-pass vlan 10
# Configure LSW3.
[LSW3] vlan 20
[LSW3-vlan20] quit
[LSW3-GigabitEthernet1/0/0] port link-type access
[LSW3-GigabitEthernet1/0/0] port default vlan 20
# Configure LSW1.
[LSW1] vlan 100
[LSW1-vlan100] quit
[LSW1-GigabitEthernet1/0/0] port vlan-stacking vlan 10 stack-vlan 100
[LSW1-GigabitEthernet1/0/1] port vlan-stacking vlan 20 stack-vlan 100
3. Configure VRRP on a QinQ termination sub-interface.

# On RouterA, configure VRRP group 1 on GE2/0/0.1 and VRRP group 2 on GE2/0/0.2, and set the priority
of RouterA in the two VRRP groups to 120 and the preemption delay to 20s.
[RouterA-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[RouterA-GigabitEthernet2/0/0.1] qinq vrrp pe-vid 100 ce-vid 10
[RouterA-GigabitEthernet2/0/0.2] qinq termination pe-vid 100 ce-vid 20
[RouterA-GigabitEthernet2/0/0.2] qinq vrrp pe-vid 100 ce-vid 20
# On RouterB, configure VRRP group 1 on GE2/0/0.1 and VRRP group 2 on GE2/0/0.2, and
configure RouterB to use the default priority in the two VRRP groups.
[RouterB-GigabitEthernet2/0/0.1] qinq termination pe-vid 100 ce-vid 10
[RouterB-GigabitEthernet2/0/0.1] qinq vrrp pe-vid 100 ce-vid 10
[RouterB-GigabitEthernet2/0/0.2] qinq termination pe-vid 100 ce-vid 20
[RouterB-GigabitEthernet2/0/0.2] qinq vrrp pe-vid 100 ce-vid 20

that RouterA is in Master state and RouterB is in Backup state in the two VRRP groups.
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:27:10

State : Master
Virtual IP : 10.1.2.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:27:10
State : Backup
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:27:10

State : Backup
Virtual IP : 10.1.2.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:27:10
# Run the display ip routing-table command on RouterA and RouterB. The command output shows that a
direct route to the virtual IP address exists in the routing table of RouterA and an OSPF route to the virtual
IP address exists in the routing table of RouterB.
[RouterA] display ip routing-table
------------------------------------------------------------------------------

[RouterB] display ip routing-table
------------------------------------------------------------------------------

# Run the shutdown command on GE2/0/0.1 of RouterA to simulate a link fault.

[RouterA-GigabitEthernet2/0/0.1] shutdown
# Run the display vrrp command on RouterA and RouterB. You can see that RouterA is in Initialize state
and RouterB is in Master state in VRRP group 1.
State : Initialize
Virtual IP : 10.1.1.111
Master IP : 0.0.0.0
PriorityRun : 120
MasterPriority : 0
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:27:47
Last change time : 2012-05-29 21:29:10

State : Master
Virtual IP : 10.1.2.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:27:10
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:27:47
Last change time : 2012-05-29 21:29:10

State : Backup
Virtual IP : 10.1.2.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:27:10
# Run the undo shutdown command on GE2/0/0.1 of RouterA.

[RouterA-GigabitEthernet2/0/0.1] undo shutdown
# After 20s, run the display vrrp command on RouterA and RouterB. You can see that RouterA is in Master
state and RouterB is in Backup state in VRRP group 1.
State : Master
Virtual IP : 10.1.1.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:29:47
Last change time : 2012-05-29 21:31:10

State : Master
Virtual IP : 10.1.2.111
PriorityRun : 120
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:27:10
State : Backup
Virtual IP : 10.1.1.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0101
Check TTL : YES
Create time : 2012-05-29 21:29:47
Last change time : 2012-05-29 21:31:10

State : Backup
Virtual IP : 10.1.2.111
PriorityRun : 100
TimerRun : 1 s
TimerConfig : 1 s
Auth type : NONE
Virtual MAC : 0000-5e00-0102
Check TTL : YES
Create time : 2012-05-29 21:25:47
Last change time : 2012-05-29 21:27:10
Configuration Files
 #
 sysname RouterA
 #
 ip address 192.168.2.1 255.255.255.0
 #
 qinq termination pe-vid 100 ce-vid 10
 qinq vrrp pe-vid 100 ce-vid 10
 ip address 10.1.1.1 255.255.255.0
 #
 ip address 10.1.2.1 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 10.1.1.0 0.0.0.255
 network 10.1.2.0 0.0.0.255
 network 192.168.2.0 0.0.0.255
 #
return

 #
 sysname RouterB
 #
 ip address 192.168.1.1 255.255.255.0
 #
 ip address 10.1.1.2 255.255.255.0
 #
 ip address 10.1.2.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 10.1.1.0 0.0.0.255
 network 10.1.2.0 0.0.0.255
 network 192.168.1.0 0.0.0.255
 #
return

 #
 sysname RouterC
 #
 ip address 192.168.2.2 255.255.255.0
 #
 ip address 192.168.1.2 255.255.255.0
 #
 ospf 1
 area 0.0.0.0
 network 192.168.1.0 0.0.0.255
 network 192.168.2.0 0.0.0.255
 #
return
 LSW1 configuration file

 #
 sysname LSW1
 #
 vlan batch 100
 #
 port vlan-stacking vlan 10 stack-vlan 100
 #
 port vlan-stacking vlan 20 stack-vlan 100
 #
 #
 #
return
 Configuration file of LSW2

 #
 sysname LSW2
 #
 vlan batch 10
 #
 #
 #
return
 LSW3 configuration file

 #
 sysname LSW3
 #
 vlan batch 20
 #
 #
 #
return
7.9.10 Example for Configuring a VRRP6 Group in Active/Standby Mode

In Figure 7-20, HostA is dual-homed to RouterA and RouterB through the switch on the IPv6 network. The
requirements are as follows:
Figure 7-20 Networking diagram for configuring a VRRP6 group in active/standby mode
2. Configure a VRRP6 group on RouterA and RouterB, set a higher priority for RouterA so that RouterA
functions as the master to forward traffic and set the preemption delay to 20s on RouterA, set a lower priority
for RouterB so that RouterB functions as the backup.
Procedure
[RouterA] ipv6
[RouterA-GigabitEthernet1/0/0] ipv6 enable
[RouterA-GigabitEthernet1/0/0] ipv6 address 2002::1 64
[RouterA-GigabitEthernet2/0/0] ipv6 address FC00::1 64

[Switch] vlan 10
here.
[RouterA] ospfv3
[RouterA-ospfv3-1] router-id 1.1.1.1
[RouterA-ospfv3-1] quit
[RouterA-GigabitEthernet1/0/0] ospfv3 1 area 0
2. Configure a VRRP6 group.

# Configure VRRP6 group 1 on RouterA, and set the priority of RouterA to 120 and the preemption delay to
20s.
[RouterA-GigabitEthernet2/0/0] vrrp6 vrid 1 virtual-ip FE80::1 link-local
[RouterA-GigabitEthernet2/0/0] vrrp6 vrid 1 virtual-ip FC00::100
[RouterA-GigabitEthernet2/0/0] vrrp6 vrid 1 priority 120
[RouterA-GigabitEthernet2/0/0] vrrp6 vrid 1 preempt-mode timer delay 20
# Configure VRRP6 group 1 on RouterB, and set the default priority of 100 for RouterB.
[RouterB-GigabitEthernet2/0/0] vrrp6 vrid 1 virtual-ip FE80::1 link-local
[RouterB-GigabitEthernet2/0/0] vrrp6 vrid 1 virtual-ip FC00::100

# After the configuration is complete, run the display vrrp6 command on RouterA and RouterB. You can
see that RouterA is in Master state and RouterB is in Backup state.
<RouterA> display vrrp6
State : Master
Virtual IP : FE80::1
FC00::100
Master IP : FE80::218:82FF:FED3:2AF3
PriorityRun : 120
TimerRun : 100 cs
TimerConfig : 100 cs
Virtual Mac : 0000-5e00-0201
Check hop limit : YES
Create time : 2012-01-12 20:15:46 UTC+08:00
Last change time : 2012-01-12 20:15:46 UTC+08:00
<RouterB> display vrrp6
State : Backup
FC00::100
PriorityRun : 100
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0201
Create time : 2012-01-12 20:21:11 UTC+08:00
# Run the shutdown command on GE2/0/0 of RouterA to simulate a link fault.

Run the display vrrp6 command on RouterA and RouterB. You can see that RouterA is in Initialize state
and RouterB is in Master state.
[RouterA] display vrrp6
State : Initialize
FC00::100
Master IP : ::
PriorityRun : 120
MasterPriority : 0
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0201
Create time : 2012-01-12 20:15:46 UTC+08:00
State : Master
FC00::100
Master IP : FE80::218:82FF:FE68:7455
PriorityRun : 100
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0201
Create time : 2012-01-12 20:21:11 UTC+08:00
# Run the undo shutdown command on GE2/0/0 of RouterA. After 20s, run the display vrrp6 command
on RouterA and RouterB. You can see that RouterA is in Master state and RouterB is in Backup state.
[RouterA] display vrrp6
State : Master
FC00::100
PriorityRun : 120
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0201
Create time : 2012-01-12 20:15:46 UTC+08:00
State : Backup
FC00::100
PriorityRun : 100
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0201
Create time : 2012-01-12 20:21:11 UTC+08:00
Configuration Files
 #
 sysname RouterA
 #
 ipv6
 #
 ospfv3 1
 router-id 1.1.1.1
 #

 ipv6 enable
 ipv6 address 2002::1/64
 ospfv3 1 area 0.0.0.0
 #

 ipv6 enable
 ipv6 address FC00::1/64
 ospfv3 1 area 0.0.0.0
 vrrp6 vrid 1 virtual-ip FE80::1 link-local
 vrrp6 vrid 1 virtual-ip FC00::100
 vrrp6 vrid 1 priority 120
 vrrp6 vrid 1 preempt-mode timer delay 20
 #
return

 #
 sysname RouterB
 #
 ipv6
 #
 ospfv3 1
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #
return

 #
 sysname RouterC
 #
 ipv6
 #
 ospfv3 1
 #

 ipv6 enable
 ipv6 address 2002::2
 ospfv3 1 area 0.0.0.0
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #
return

 #
 sysname Switch
 #
 vlan batch 10
 #
 #
 #
return
7.9.11 Example for Configuring a VRRP6 Group in Load Balancing Mode

In Figure 7-21, HostA and HostC are dual-homed to RouterA and RouterB through the switch on the IPv6 network.
The requirements are as follows:
 HostA uses RouterA as the default gateway to connect to the Internet, and RouterB functions as the backup
gateway.
 HostC uses RouterB as the default gateway to connect to the Internet, and RouterA functions as the backup
gateway.
Load balancing needs to be implemented.
Figure 7-21 Networking diagram for configuring a VRRP6 group in load balancing mode
2. Create VRRP6 groups 1 and 2 on RouterA and RouterB. In VRRP6 group 1, configure RouterA as the
master and RouterB as the backup. In VRRP6 group 2, configure RouterB as the master and RouterA as the
backup.
Procedure
[RouterA] ipv6
[RouterA-GigabitEthernet2/0/0] ipv6 address FC00::1 64
[RouterA-GigabitEthernet1/0/0] ipv6 address 2002::1 64

[Switch] vlan 10
here.
[RouterA] ospfv3
[RouterA-ospfv3-1] router-id 1.1.1.1
[RouterA-ospfv3-1] quit
2. Configure VRRP6 groups.

# Configure VRRP6 group 1 on RouterA and RouterB, set the priority of RouterA to 120 and the preemption
delay to 20s, and set the default priority for RouterB.
[RouterA-GigabitEthernet2/0/0] vrrp6 vrid 1 priority 120
[RouterA-GigabitEthernet2/0/0] vrrp6 vrid 1 preempt-mode timer delay 20
# Configure VRRP6 group 2 on RouterA and RouterB, set the priority of RouterB to 120 and the preemption
delay to 20s, and set the default priority for RouterA.
[RouterB-GigabitEthernet2/0/0] vrrp6 vrid 2 priority 120
[RouterB-GigabitEthernet2/0/0] vrrp6 vrid 2 preempt-mode timer delay 20

# After the configuration is complete, run the display vrrp6 command on RouterA. You can see
that RouterA is the master in VRRP6 group 1 and the backup in VRRP6 group 2.
<RouterA> display vrrp6
State : Master
FC00::100
PriorityRun : 120
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0201
Create time : 2011-01-12 20:15:46 UTC+08:00

State : Backup
FC00::60
Master IP : FE80::218:82FF:FE68:7455
PriorityRun : 100
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0202
Create time : 2011-01-12 20:17:46 UTC+08:00
# After the configuration is complete, run the display vrrp6 command on RouterB. You can see
that RouterB is the backup in VRRP6 group 1 and the master in VRRP6 group 2.
State : Backup
FC00::100
PriorityRun : 100
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0201
Create time : 2011-01-12 20:19:46 UTC+08:00

State : Master
FC00::60
Master IP : FE80::218:82FF:FE68:7455
PriorityRun : 120
TimerRun : 100 cs
Virtual Mac : 0000-5e00-0202
Create time : 2011-01-12 20:21:46 UTC+08:00
Configuration Files
 #
 sysname RouterA
 #
 ipv6
 #
 ospfv3 1
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #
return

 #
 sysname RouterB
 #
 ipv6
 #
 ospfv3 1
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #
return

 #
 sysname RouterC
 #
 ipv6
 #
 ospfv3 1
 #

 ipv6 enable
 ipv6 address 2002::2
 ospfv3 1 area 0.0.0.0
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #

 ipv6 enable
 ospfv3 1 area 0.0.0.0
 #
return

 #
 sysname Switch
 #
 vlan batch 10
 #
 #
 #
return
7.10 Common Configuration Errors

7.10.1 Multiple Masters Coexist in a VRRP Group
Fault Description
Multiple masters exist in a VRRP group.
Procedure
1. Ping masters to check network connectivity between masters.
 If the ping operation fails, check whether the network connection is correct.
 If the ping operation is successful and the TTL value of the ping packet is 255, go to step 2.
2. Run the display vrrp protocol-information command in any view to check whether the VRRP version on
each master is compatible with the mode in which VRRP Advertisement packets are sent.
 If the version is incompatible with the mode, run the vrrp version { v2 | v3 } command in the system
view to change the version.
 If the version is compatible with the mode, go to step 3.
NOTE:
 A VRRPv2 group can only send and receive VRRPv2 Advertisement packets, and discards the received VRRPv3
Advertisement packets.
 A VRRPv3 group can send and receive both VRRPv2 and VRRPv3 Advertisement packets. You can configure the mode in
which VRRPv3 Advertisement packets to v2-only, v3-only, or v2v3-both.
3. Run the display vrrp virtual-router-id command in any view to check whether the masters use the same
virtual IP address, interval at which VRRP Advertisement packets are sent, authentication mode, and
authentication key.
 If the configured virtual IP addresses are different, run the vrrp vrid virtual-router-id virtual-ipvirtual-
address command to set the same virtual IP address.
 If the intervals are different, run the vrrp vrid virtual-router-id timer advertise advertise-
intervalcommand to set the same interval.
 If the authentication modes and keys are different, run the vrrp vrid virtual-router-id authentication-
mode { simple { key | plain key | cipher cipher-key } | md5 md5-key } command to set the same
authentication mode and key.
NOTE:
To ensure security, you are advised to use MD5 as the authentication algorithm of VRRP.
7.10.2 VRRP Group Status Changes Frequently

Fault Description
The VRRP group status changes frequently.
Procedure
1. Run the display vrrp virtual-router-id command in any view to check whether the VRRP group is
associated with an interface, an NQA test instance, or a BFD session.
 If the VRRP group is associated with the interface, an NQA test instance, or a BFD session, flapping of
the interface, an NQA test instance, or a BFD session causes VRRP group status flapping. Rectify the
fault on the associated module.
 If association is not configured, go to step 2.
2. Run the display vrrp virtual-router-id command in any view to check the preemption delay of the VRRP
group.
 If the preemption delay is 0, run the vrrp vrid virtual-router-id preempt-mode timer delay delay-
value command in the view of the interface where the VRRP group is configured to set the nonzero
preemption delay.
 If the preemption is not 0, go to step 3.
3. Run the vrrp vrid virtual-router-id timer advertise advertise-interval command in the view of the interface
where the VRRP group is configured to set a larger interval at which VRRP Advertisement packets are sent,
or run the vrrp vrid virtual-router-id preempt-mode timer delay delay-value command to set a larger
preemption delay.
7.11 FAQ
7.11.1 Can Physical Interfaces Be Configured as Monitored Interfaces of a
VRRP Group?
Yes.
7.11.2 How Is a VRRP Virtual MAC Address Calculated?

A virtual MAC address is generated by the virtual router based on the virtual router ID. The virtual MAC address
format is 00-00-5E-00-01-{VRID} (VRRP) and 00-00-5E-00-02-{VRID} (VRRP6).
7.11.3 What Interfaces Are Provided on the AR That Support VRRP?

Interfaces that support VRRP include the Layer 3 Ethernet interface, VLANIF interface, Layer 3 Eth-Trunk interface,
Ethernet subinterface, and Eth-Trunk subinterface.
7.11.4 Does VRRP Support Authentication?

VRRPv2 supports authentication in simple text mode and MD5 mode. VRRPv3 does not support authentication.
7.11.5 Why Have I Failed to Configure the Priority 255 of a Router in a VRRP
Backup Group?
In a VRRP backup group, the priority of 255 is reserved for the IP address owner and cannot be manually configured.
7.12 References
The following table lists the references of this document.
Document Description Remarks
RFC 2338 Virtual Router Redundancy Protocol -
RFC 2787 Definitions of Managed Objects for the Virtual Router Redundancy Protocol -
RFC 3768 Virtual Router Redundancy Protocol -
RFC 5798 Virtual Router Redundancy Protocol Version 3 for IPv4 and IPv6 -

Huawei VRRP Ingles

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Huawei VRRP Ingles

Uploaded by

Copyright:

Available Formats

Contents

 7.1 Introduction to VRRP

 7.3 Applicable Scenarios

 7.4 Configuration Task Summary

 7.5 Configuration Notes

 7.6 Default Configuration

 7.7 Configuring VRRP

 7.8 Maintaining VRRP

 7.9 Configuration Examples

 7.10 Common Configuration Errors

7.1 Introduction to VRRP

In Figure 7-1, VRRP involves the following entities:

7.2.2 VRRPv2 and VRRPv3 Advertisement Packets

VRRPv2 and VRRPv3 Advertisement Packet Formats

Figure 7-3 Format of a VRRPv3 Advertisement packet

Table 7-1 describes fields in a VRRP Advertisement packet.

7.2.3 VRRP Implementation

VRRP Working Process

Figure 7-4 VRRP in active/standby

7.2.5 VRRP in Load Balancing Mode

In Figure 7-5, two VRRP groups are configured:

7.3 Applicable Scenarios

7.3.2 Association Between VRRP and BFD/NQA/Routing to Monitor the

7.3.3 Association Between VRRP and BFD to Implement a Rapid

7.6 Default Configuration

Parameter Default Setting

Priority of the device in a VRRP group 100

Preemption Immediate preemption

Interval at which VRRP Advertisement packets are sent 1s

Interval at which gratuitous ARP packets are sent 120s

7.7 Configuring VRRP

The system view is displayed.

The interface view is displayed.

7.7.1.2 Setting the Device Priority in a VRRP Group

The system view is displayed.

The interface view is displayed.

The device priority in a VRRP group is set.

7.7.1.3 (Optional) Configuring the VRRP Version Number

The system view is displayed.

The VRRP version number is set.

7.7.1.4 (Optional) Configuring VRRP Time Parameters

The system view is displayed.

The interface view is displayed.

 Set the preemption delay of the master.

The system view is displayed.

The interface view is displayed.

The preemption delay is set.

The system view is displayed.

The system view is displayed.

The delay before a VRRP group recovers is set.

The system view is displayed.

The VLANIF interface view is displayed.

A mode in which VRRP Advertisement packets are sent in a super-VLAN is set.

7.7.1.6 (Optional) Disabling VRRP TTL Check

The system view is displayed.

The interface view is displayed.

7.7.1.7 (Optional) Setting the Authentication Mode of VRRP Advertisement Packets

The system view is displayed.

The interface view is displayed.

The authentication mode in VRRP Advertisement packets is configured.

7.7.1.8 (Optional) Enabling Ping to a Virtual IP Address

The system view is displayed.

The ping to a virtual IP address is enabled.

7.7.1.9 Checking the Configuration