02 VRRP Configuration

Operation Manual – VRRP
H3C S9500 Series Routing Switches Table of Contents
Table of Contents
Chapter 1 VRRP Configuration .................................................................................................... 1-1

1.1 Introduction to VRRP ......................................................................................................... 1-1
1.1.1 Overview ................................................................................................................. 1-1
1.1.2 VRRP Group Overview ........................................................................................... 1-2
1.1.3 VRRP Timers .......................................................................................................... 1-5
1.1.4 Format of VRRP Packets ........................................................................................ 1-5
1.1.5 Principles of VRRP.................................................................................................. 1-8
1.1.6 VRRP Interface Tracking ........................................................................................ 1-8
1.1.7 VRRP Application (Taking IPv4-Based VRRP for Example) .................................. 1-8
1.2 Configuring VRRP for IPv4 .............................................................................................. 1-10
1.2.1 IPv4-Based VRRP Configuration Task List........................................................... 1-10
1.2.2 Enabling Users to Ping Virtual IP Addresses of VRRP Groups............................ 1-11
1.2.3 Configuring the Association Between Virtual IP Address and MAC Address ............... 1-11
1.2.4 Creating VRRP Group and Configuring Virtual IP Address .................................. 1-12
1.2.5 Configuring Priority, Preemptive Mode and Interface Tracking for a VRRP Group............. 1-14
1.2.6 Configuring VRRP Packet Attributes .................................................................... 1-15
1.2.7 Enabling the Trap Function of VRRP.................................................................... 1-16
1.2.8 Displaying and Maintaining VRRP for IPv4........................................................... 1-17
1.3 Configuring VRRP for IPv6 .............................................................................................. 1-17
1.3.1 IPv6-Based VRRP Configuration Task List........................................................... 1-17
1.3.2 Enabling Users to Ping Virtual IPv6 Addresses of VRRP Groups ........................ 1-18
1.3.3 Configuring the Association Between Virtual IPv6 Address and MAC Address............ 1-18
1.3.4 Creating VRRP Group and Configuring Virtual IPv6 Address .............................. 1-19
1.3.5 Configuring Priority, Preemption Mode and Interface Tracking for a VRRP Group............. 1-20
1.3.6 Configuring VRRP Packet Attributes .................................................................... 1-21
1.3.7 Displaying and Maintaining VRRP for IPv6........................................................... 1-22
1.4 IPv4-Based VRRP Configuration Examples.................................................................... 1-22
1.4.1 Single VRRP Group Configuration Example......................................................... 1-23
1.4.2 VRRP Interface Tracking Configuration Example................................................. 1-25
1.4.3 Multiple VRRP Groups Configuration Example .................................................... 1-29
1.5 IPv6-Based VRRP Configuration Examples.................................................................... 1-32
1.5.1 Single VRRP Group Configuration Example......................................................... 1-33
1.5.2 VRRP Interface Tracking Configuration Example................................................. 1-36
1.5.3 Multiple VRRP Groups Configuration Example .................................................... 1-39
1.6 Troubleshooting VRRP .................................................................................................... 1-42
i
H3C S9500 Series Routing Switches Chapter 1 VRRP Configuration
Chapter 1 VRRP Configuration
When configuring VRRP, go to these sections for information you are interested in:
z Introduction to VRRP
z Configuring VRRP for IPv4
z Configuring VRRP for IPv6
z IPv4-Based VRRP Configuration Examples
z IPv6-Based VRRP Configuration Examples
z Troubleshooting VRRP
Note:
z The term router and the icon router in this document refer to a router in a generic
sense or an S9500 series routing switch running routing protocols.
z At present, the interfaces that VRRP involves can only be VLAN interfaces for
S9500 series switches.
1.1 Introduction to VRRP

This section covers these topics:
z Overview
z VRRP Group Overview
z VRRP Timers
z Format of VRRP Packets
z Principles of VRRP
z VRRP Interface Tracking
z VRRP Application (Taking IPv4-Based VRRP for Example)
1.1.1 Overview
As shown in Figure 1-1, you can configure a default route with the gateway as the next
hop for every host on a network segment, allowing all packets destined to other network
segments to be sent over the default route to the gateway and then be forwarded by the
gateway. This enables hosts on a network segment to communicate with external
networks. However, when the gateway fails, all the hosts using the gateway as the
default next-hop router are isolated from the external network.
1-1
Host A
Network
Host B Gateway
Host C
Figure 1-1 Common LAN networking
Apparently, this approach to enabling hosts on a network to communicate with external

networks is easy to configure but it imposes a very high requirement of performance
stability on the device acting as the gateway. A common way to improve system
reliability is to use more egress gateways, introducing the problem of routing among the
multiple egresses.
Virtual Router Redundancy Protocol (VRRP) was designed to address this problem.
VRRP can add routers that can act as network gateways to a VRRP group, forming a
virtual router. Routers in the VRRP group elect a master through the VRRP election
mechanism to take the responsibility of a gateway, and hosts on a LAN only need to
configure the virtual router as their default network gateway.
VRRP is an error-tolerant protocol, which improves the network reliability and simplifies
configurations on hosts. Deploying VRRP on multicast and broadcast LANs such as
Ethernet, you can ensure that the system can still provide highly reliable default links
without changing configurations (such as dynamic routing protocols, route discovery
protocols) when a device fails and prevent network interruption due to a single link
failure.
There are two VRRP versions: VRRPv2 and VRRPv3. VRRPv2 is based on IPv4, while
VRRPv3 is based on IPv6. The two versions implement the same functions but provide
different commands.
1.1.2 VRRP Group Overview
This section introduces some concepts used throughout this document:

z VRRP group
z VRRP priority
z Working mode
z Authentication mode
1-2
I. VRRP group
VRRP combines a group of routers on a LAN (including a master and multiple backups)
into a virtual router called VRRP group.
The VRRP group has the following features:
z A virtual router has an IP address. A host on the LAN only needs to know the IP
address of the virtual router and uses the IP address as the next hop of the default
route.
z Every host on the LAN communicates with external networks through the virtual
router.
z Routers in the VRRP group elect the gateway according to their priorities. Once
the master acting as the gateway fails, the other routers in the VRRP group elect a
new gateway to undertake the responsibility of the failed router, thus ensuring that
the hosts in the network segment can communicate with the external networks
uninterruptedly.
Virtual router
Router A
Host A
Router B
Network
Host B
Router C
Host C
Figure 1-2 Network diagram for VRRP
As shown in Figure 1-2, Router A, Router B, and Router C form a virtual router, which
has its own IP address. Hosts on the Ethernet use the virtual router as the default
gateway.
The router with the highest priority of the three routers is elected as the master to act as
the gateway, and the other two are backups.
1-3
Caution:
z The IP address of the virtual router can be either an unused IP address on the
segment where the VRRP group resides or the IP address of an interface on a
router in the VRRP group. In the latter case, the router is called the IP address
owner.
z In a VRRP group, there can only be one IP address owner.
II. VRRP priority
VRRP determines the role (master or backup) of each router in the VRRP group by
priority. A router with a higher priority has more opportunity to become the master.
VRRP priority that can be configured by users is in the range of 1 to 254. A bigger
number means a higher priority. Priority 0 is reserved for special uses and priority 255
for the IP address owner. When a router acts as the IP address owner, its priority
remains 255. That is, if there is an IP address owner in a VRRP group, it acts as the
master as long as it works properly.
III. Working mode
A router in a VRRP group can work in one of the following two modes:
z Non-preemptive mode
Once a router in the VRRP group becomes the master, it stays as the master as long as
it operates normally, even if a backup is assigned a higher priority later.
z Preemptive mode
Once a backup finds its priority higher than that of the router acting as the master, it
sends VRRP advertisements to start a new master election in the VRRP group and
becomes the master. Accordingly, the original master becomes a backup.
IV. Authentication mode
On a secure network, you can configure the routers not to perform authentication. In
this case, neither the routers sending VRRP packets nor the routers receiving the
VRRP packets perform authentication.
On a network where potential threats are present, you can configure VRRP
authentication to enhance the network security.
VRRP provides two authentication modes:
z simple: Simple text authentication
A router sending a packet fills the authentication key into the packet, and the router
receiving the packet compares its local authentication key with that of the received
1-4
packet. If the two authentication keys are the same, the received VRRP packet is
considered real and valid; otherwise, the received packet is considered an invalid one.
z md5: MD5 authentication
The router encrypts a packet to be sent using the authentication key and MD5 algorithm
and saves the encrypted packet in the authentication header. The router receiving the
packet uses the authentication key to decrypt the packet and checks whether the
packet is valid.
1.1.3 VRRP Timers
VRRP timers include VRRP advertisement interval timer and VRRP preemption delay
timer.
I. VRRP advertisement interval timer
The master in a VRRP group sends VRRP advertisements periodically to inform the
other routers in the VRRP group that it operates properly.
You can adjust the interval of sending VRRP advertisements by setting the VRRP
advertisement interval timer. If a backup receives no advertisements in a period three
times the interval, the backup regards itself as the master and sends VRRP
advertisements to start a new master election.
II. VRRP preemption delay timer
In an unstable network, a backup may fail to receive the packets from the master due to
network congestion, thus causing the members in the group to change their states
frequently. This problem can be addressed through setting the VRRP preemption delay
timer.
With the VRRP preemption delay timer set, if a backup receives no advertisement in a
period three times the advertisement interval and then in preemption delay, it considers
that the master fails. In this case, it regards itself as the master and sends VRRP
advertisements to start a new master election in a VRRP group.
1.1.4 Format of VRRP Packets
VRRP uses multicast packets. The router acting as the master sends VRRP packets
periodically to declare its existence. VRRP packets are also used for checking the
parameters of the virtual router and electing the master.
1-5
I. IPv4-based VRRP packet format
Figure 1-3 IPv4-based VRRP packet format
As shown in Figure 1-3, an IPv4-based VRRP packet consists of the following fields:
z Version: Version number of the protocol, 2 for VRRPv2.
z Type: Type of the VRRP packet. Only one VRRP packet type is present, that is,
VRRP advertisement, which is represented by 1.
z Virtual Rtr ID (VRID): Serial number of the virtual router, that is, serial number of
the VRRP group. It ranges from 1 to 255.
z Priority: Priority of the router in the VRRP group, in the range 0 to 255. A greater
value represents a higher priority.
z Count IP Addrs: Number of virtual IP addresses for the VRRP group. A VRRP
group can have multiple virtual IP addresses.
z Auth Type: Authentication type. 0 means no authentication, 1 means simple
authentication, and 2 means MD5 authentication.
z Adver Int: Interval for sending advertisement packets, in seconds. The default is 1.
z Checksum: 16-bit checksum for validating the data in VRRP packets.
z IP Address: Virtual IP address entry of the VRRP group. The allowed number is
given by the Count IP Addrs field.
z Authentication Data: Authentication key. Currently, this field is used only for simple
authentication and is 0 for any other authentication modes.
1-6
II. IPv6-based VRRP packet format
0 3 7 15 23 31
Version Type Virtual Rtr ID Priority Count IPv6 Addrs
Auth Type Adver Int Checksum
IPv6 address 1
IPv6 address n
Authentication data 1
Authentication data 2
Figure 1-4 IPv6-based VRRP packet format
As shown in Figure 1-4, an IPv6-based VRRP packet consists of the following fields:
z Version: Version number of the protocol, 3 for VRRPv3.
z Type: Type of the VRRP packet. Only one VRRP packet type is present, that is,
VRRP advertisement, which is represented by 1.
z Virtual Rtr ID (VRID): Serial number of the virtual router, that is, serial number of
the VRRP group. It ranges from 1 to 255.
z Priority: Priority of the router in the VRRP group, in the range 0 to 255. A greater
value represents a higher priority.
z Count IPv6 Addrs: Number of virtual IPv6 addresses for the VRRP group. A VRRP
group can have multiple virtual IPv6 addresses.
z Auth Type: Authentication type. 0 means no authentication, 1 means simple
authentication. VRRPv3 does not support MD5 authentication.
z Adver Int: Interval for sending advertisement packets, in centiseconds. The default
is 100.
z Checksum: 16-bit checksum for validating the data in VRRPv3 packets.
z IPv6 Address: Virtual IPv6 address entry of the VRRP group. The allowed number
is given by the Count IPv6 Addrs field.
z Authentication Data: Authentication key. Currently, this field is used only for simple
authentication and is 0 for any other authentication modes.
1-7
1.1.5 Principles of VRRP
1) With VRRP enabled, the routers determine their respective roles in the VRRP
group by priority. The router with the highest priority becomes the master, while
the others are the backups. The master sends VRRP advertisement packets
periodically to notify the backups that it is working properly, and each of the
backups starts a timer to wait for advertisement packets from the master.
2) In preemptive mode, when a backup receives a VRRP advertisement, it compares
the priority in the packet with that of its own. If its priority is lower, it remains a
backup; otherwise, it becomes the master.
3) In non-preemptive mode, the router in the VRRP group remains as a master or
backup as long as the master does not fail. The backup will no become the master
even if the former is configured with a higher priority.
4) If the timer of a backup expires but the backup still does not receive any VRRP
advertisement packet, it considers that the master fails. In this case, the backup
considers itself as the master and sends VRRP advertisements to start the
election process to elect a new master for forwarding packets.
1.1.6 VRRP Interface Tracking
The VRRP interface tracking function expands the backup functionality of VRRP. It
provides backup not only when the interface to which a VRRP group is assigned fails
but also when other interfaces on the router become unavailable. When a monitored
interface goes down, the priority of the router owning the interface is automatically
decreased by a specified value, allowing a higher priority router in the VRRP group to
become the master.
1.1.7 VRRP Application (Taking IPv4-Based VRRP for Example)
I. Master/backup
In master/backup mode, only one router, the master, provides services. When the
master fails, a new master is elected from the original backups. This mode requires
only one VRRP group, in which each router holds different priorities and the one with
the highest priority becomes the master, as shown in Figure 1-5.
1-8
Figure 1-5 VRRP in master/backup mode
At the beginning, Router A is the master and therefore can forward packets to external
networks, while Router B and Router C are backups and are thus in the state of
listening. If Router A fails, Router B and Router C will elect for the new master. The new
master takes over the forwarding task to provide services to hosts on the LAN.
II. Load balancing
You can create more than one VRRP group on an interface of a router, allowing the
router to be the master of one VRRP group but a backup of another at the same time.
In load balancing mode, multiple routers provide services at the same time. This mode
requires two or more VRRP groups, each of which includes a master and one or more
backups. The masters of the VRRP groups can be assumed by different routers, as
shown in Figure 1-6.
1-9
Virtual router 1 Virtual router 2 Virtual router 3
Router A
Backup
Master Backup
Host A
Router B
Backup
Backup Master
Network
Host B
Router C
Master
Backup Backup
Host C
Figure 1-6 VRRP in load balancing mode
A router can be in multiple VRRP groups and hold a different priority in different group.
In Figure 1-6, three VRRP groups are present:
z VRRP group 1: Router A is the master; Router B and Router C are the backups.
z VRRP group 2: Router B is the master; Router A and Router C are the backups.
z VRRP group 3: Router C is the master; Router A and Router B are the backups.
For load balancing among Router A, Router B, and Router C, hosts on the LAN need to
be configured to use VRRP group 1, 2, and 3 as the default gateways respectively.
When configuring VRRP priorities, ensure that each router holds such a priority in each
VRRP group that it will take the expected role in the group.
1.2 Configuring VRRP for IPv4

1.2.1 IPv4-Based VRRP Configuration Task List
Complete these tasks to configure VRRP for IPv4:
Task Remarks
Enabling Users to Ping Virtual IP Addresses of VRRP Groups Optional
Configuring the Association Between Virtual IP Address and
Optional
MAC Address
Creating VRRP Group and Configuring Virtual IP Address Required
Configuring Priority, Preemptive Mode and Interface Tracking Optional
1-10
Task Remarks
Configuring VRRP Packet Attributes Optional
Enabling the Trap Function of VRRP Optional
Caution:
VRRP is not supported on the VLAN interfaces of Super VLAN. Do not configure VRRP
on this type of interfaces.
1.2.2 Enabling Users to Ping Virtual IP Addresses of VRRP Groups
You can configure that the master of a VRRP group responds to the received ICMP
echo requests, that is, the virtual IP address of the VRRP group can be successfully
pinged.
Follow these steps to enable a user to successfully ping the virtual IP addresses of
VRRP groups:
To do… Use the command… Remarks

Enter system view system-view —
Enable users to ping Optional
virtual IP address of the vrrp ping-enable
VRRP group Enabled by default.
Caution:
Configure this function before creating a VRRP group. Otherwise, your configuration
will fail.
1.2.3 Configuring the Association Between Virtual IP Address and MAC Address
After the virtual IP address of a VRRP group is associated with a MAC address, the
master takes the configured MAC address as the source MAC address of the packets
to be sent, so that the hosts in the internal network can learn the association between
the IP address and the MAC address and thus forward the packets to be forwarded to
the other network segments to the master properly.
There are two types of association between virtual IP address and MAC address:
1-11
z Virtual IP address is associated with virtual router MAC address

By default, a MAC address is created for a VRRP group after the VRRP group is
created, and the virtual IP address is associated with the virtual MAC address. With
such association adopted, the hosts in the internal network need not update the
association between IP address and MAC address when the master changes.
z Virtual IP address is associated with real MAC address of the interface
When an IP address owner exists in a VRRP group, if you associate the virtual IP
address with the virtual MAC address, two MAC addresses are associated with an IP
address. In this case, you can associate the virtual IP address of the VRRP group with
the real MAC address, so that the packets from a host are forwarded to the IP address
owner according the real MAC address.
Follow these steps to configure the association between virtual IP address and MAC
address:

Optional
Configure the association The virtual MAC address
vrrp method { real-mac |
between MAC address is associated with the
virtual-mac }
and virtual IP address virtual IP address by
default.
Caution:
You need to configure the association before creating a VRRP group. After a VRRP
group is created, you cannot modify the association between the virtual IP address and
the MAC address.
1.2.4 Creating VRRP Group and Configuring Virtual IP Address
You need to configure a virtual IP address for a VRRP group when creating the VRRP
group. If the interface connects to multiple sub-networks, you can configure multiple
virtual IP addresses for the VRRP group to realize router backup on different
sub-networks. A VRRP group is created automatically when you specify the first virtual
IP address for the VRRP group. If you specify a virtual IP address for the VRRP group
later, the virtual IP address is only added to the virtual IP address list of the VRRP
group.
1-12
Caution:
It is not recommended to create VRRP groups on the VLAN interface of a super VLAN.
Otherwise, network performance may be affected.
I. Configuration prerequisites
Before creating VRRP group and configuring virtual IP address, you should first
configure the IP address of the interface and ensure that the virtual IP address to be
configured is in the same network segment as the IP address of the interface.
II. Configuration procedure
Follow these steps to create VRRP group and configure virtual IP address:

interface interface-type
Enter VLAN interface view —
interface-number
Create a VRRP group and Required
configure virtual IP vrrp vrid virtual-router-id
address of the VRRP virtual-ip virtual-address Standup group is not
group created by default.
1-13
Caution:
z For S9500 series switches, the maximum number of VRRPv2 VRRP groups on an
interface is 16, the maximum number of virtual IP addresses in a VRRP group is 16
and the maximum number of VRRP groups on a switch is 96.
z A VRRP group is removed after you remove all the virtual IP addresses in it. In
addition, configurations on that VRRP group no longer take effect.
z Removal of the VRRP group on the IP address owner will cause IP address collision.
In such a case, it is recommended to modify the IP address of the interface on the IP
address owner to resolve the collision.
z The virtual IP address of the VRRP group cannot be 0.0.0.0, 255.255.255.255,
loopback address, non A/B/C address and other illegal IP addresses such as
0.0.0.1.
z Only when the configured virtual IP address and the interface IP address belong to
the same segment and are legal host addresses can the VRRP group operate
normally. If the configured virtual IP address and the interface IP address do not
belong to the same network segment, or the configured IP address is the network
address or network broadcast address of the network segment to which the
interface IP address belongs, the state of the VRRP group is always initialize,
though you can perform the configuration successfully, that is, VRRP does not take
effect in this case.
1.2.5 Configuring Priority, Preemptive Mode and Interface Tracking for a VRRP
Group
Before you configure these features, you should first create a VRRP group on the
interface and configure virtual IP address for it.
By configuring priority, preemption mode and interface tracking for a VRRP group, you
can decide which switch in the VRRP group serves as the Master.
Follow these steps to configure priority, preemption mode and interface tracking for a
VRRP group:
interface-number
1-14
Configure switch priority vrrp vrid virtual-router-id Optional

in the VRRP group priority priority-value 100 by default.
Optional
Configure the switch in
the VRRP group to work vrrp vrid virtual-router-id The switch in the VRRP
in preemption mode and preempt-mode [ timer group works in
configure preemption delay delay-value ] preemption mode and the
delay preemption delay is 0
seconds by default.
vrrp vrid virtual-router-id
track interface Optional
Configure the interface to interface-type
be tracked interface-number No interface is being
[ reduced tracked by default.
priority-reduced ]
Caution:
z The running priority of an IP address owner is always 255 and you do not need to
configure it. An IP address owner always works in the preemptive mode.
z Interface tracking is not configurable on an IP address owner.
z Tracked interfaces can only be VLAN interfaces.
z The priority of a device is restored if the state of the interface under tracking
changes from down to up.
1.2.6 Configuring VRRP Packet Attributes
Before configuring the relevant attributes of VRRP packets, you should first create the
VRRP group and configure the virtual IP address.
Follow these steps to configure VRRP packet attributes:
To do... Use the command... Remarks

interface-number
1-15
To do... Use the command... Remarks

Configure the
authentication mode and Optional
vrrp vrid virtual-router-id
authentication key when
authentication-mode Authentication is not
the VRRP groups send
{ md5 | simple } key performed by default
and receive VRRP
packets
Configure the time interval
vrrp vrid virtual-router-id Optional
for the Master in the
timer advertise
VRRP group to send 1 second by default
adver-interval
VRRP advertisement
Disable TTL check on Optional

vrrp un-check ttl
VRRP packets Enabled by default
Note:
z You may configure different authentication modes and authentication keys for the
VRRP groups on an interface. However, the members of the same VRRP group
must use the same authentication mode and authentication key.
z Factors like excessive traffic or different timer setting on switches can cause the
Backup timer to time-out abnormally and trigger a change of the state. To solve this
problem, you can prolong the time interval to send VRRP packets and configure a
preemption delay.
1.2.7 Enabling the Trap Function of VRRP
After the trap function is enabled for a VRRP module, the VRRP module will generate
traps with severity level errors to report its key events. The generated traps will be sent
to the information center of the device, where you can configure whether to output the
trap information and the output destination. For information center configurations, refer
to Information Center Configuration in the System Volume.
Follow these steps to enable the trap function of VRRP:

snmp-agent trap enable Optional
Enable the trap function of
vrrp [ authfailure |
VRRP Enabled by default.
newmaster ]
1-16
Note:
For detailed description on the snmp-agent trap enable vrrp command, refer to
command snmp-agent trap enable in SNMP Commands in the System Volume.
1.2.8 Displaying and Maintaining VRRP for IPv4

display vrrp [ verbose ] [ interface
Display VRRP Available in any
interface-type interface-number [ vrid
status view
virtual-router-id ] ]
display vrrp statistics [ interface
statistics view
reset vrrp statistics [ interface
Remove VRRP Available in user
statistics view
1.3 Configuring VRRP for IPv6

1.3.1 IPv6-Based VRRP Configuration Task List
Complete these tasks to configure VRRP for IPv6:
Task Remarks
Enabling Users to Ping Virtual IPv6 Addresses Optional
Configuring the Association Between Virtual IPv6 Address
Optional
and MAC Address
Creating VRRP Group and Configuring Virtual IPv6 Address Required
Configuring Priority, Preemption Mode and Interface Tracking Optional
Configuring VRRP Packet Attributes Optional
Caution:
VRRP is not supported on the VLAN interfaces of Super VLAN. Do not configure VRRP
on this type of interfaces.
1-17
1.3.2 Enabling Users to Ping Virtual IPv6 Addresses of VRRP Groups
You can configure whether the master responds to the received ICMPv6 echo requests,
that is, whether the virtual IPv6 address of a VRRP group can be successfully pinged.
Follow these steps to enable a user to successfully ping the virtual IPv6 addresses of
VRRP groups:

Enable a user to ping Optional
virtual IPv6 address of the vrrp ipv6 ping-enable
VRRP group Enabled by default
Caution:
You should configure this function before creating a VRRP group. Otherwise, you
cannot ping the virtual IPv6 addresses of VRRP groups.
1.3.3 Configuring the Association Between Virtual IPv6 Address and MAC
Address
After the virtual IPv6 address of a VRRP group is associated with the MAC address, the
master takes the configured MAC address as the source MAC address of the packets
to be sent, so that the hosts in the internal network can learn the association between
the IPv6 address and the MAC address and thus forward the packets to be forwarded
to the other network segments to the master properly.
There are two types of association between virtual IPv6 address and MAC address:
z Virtual IPv6 address is associated with virtual router MAC address
By default, a MAC address is created for a VRRP group after the VRRP group is
created, and the virtual IPv6 address is associated with the virtual MAC address. With
such association adopted, the hosts in the internal network need not update the
association between IPv6 address and MAC address when the master changes.
z Virtual IPv6 address is associated with real MAC address of the interface
When an IP address owner exists in a VRRP group, if you associate the virtual IPv6
address with the virtual MAC address, two MAC addresses are associated with an IPv6
address. In this case, you can associate the virtual IPv6 address of the VRRP group
with the real MAC address, so that the packets from a host are forwarded to the IP
address owner according the real MAC address.
1-18
Follow these steps to configure the association between virtual IPv6 address and MAC
address:

Optional
Configure the association
between virtual IPv6 vrrp ipv6 method The virtual MAC address
address and MAC { real-mac | virtual-mac } of the VRRP group is
address associated with the virtual
IPv6 address by default.
Caution:
You need to configure the association before creating a VRRP group. After a VRRP
group is created, you cannot modify the association between the virtual IP address and
the MAC address.
1.3.4 Creating VRRP Group and Configuring Virtual IPv6 Address
You need to configure a virtual IPv6 address for a VRRP group when creating the
VRRP group. You can configure multiple virtual IPv6 addresses for a VRRP group.
A VRRP group is created automatically when you specify the first virtual IPv6 address
for the VRRP group. If you specify a virtual IPv6 address for the VRRP group later, the
virtual IPv6 address is only added to the virtual IPv6 address list of the VRRP group.
Caution:
It is not recommended to create VRRP groups on the VLAN interface of a super VLAN.
Otherwise, network performance may be affected.
Before creating VRRP group and configuring virtual IPv6 address, you should first
configure the IPv6 address of the interface and ensure that the virtual IPv6 address to
be configured is in the same network segment as the IPv6 address of the interface.
Follow these steps to create VRRP group and configure its virtual IPv6 address:
1-19

interface-number
Required
No VRRP group is
created by default.
vrrp ipv6 vrid The first virtual IPv6
Create VRRP group and
virtual-router-id virtual-ip address of the VRRP
configure its virtual IPv6
virtual-address group must be a link local
address
[ link-local ] address. Only one link
local address is allowed in
a VRRP group, and must
be removed the last.
Caution:
z For S9500 series switches, the maximum number of VRRPv3 VRRP groups on an
interface is 16, the maximum number of virtual IP addresses in a VRRP group is 16
and the maximum number of VRRP groups on a switch is 96.
z A VRRP group is removed after you remove all the virtual IPv6 addresses in it. In
addition, configurations on that VRRP group no longer take effect.
z Removal of the VRRP group on the IP address owner will cause IP address collision.
In such a case, it is recommended to modify the IPv6 address of the interface on the
IP address owner to resolve the collision.
1.3.5 Configuring Priority, Preemption Mode and Interface Tracking for a VRRP
Group
Before configuring these features, you should first create the VRRP group and
configure the virtual IPv6 address.
By configuring VRRP group priority, preemption mode and interface tracking, you can
decide which switch in the VRRP group serves as the Master.
Follow these steps to configure priority, preemption mode and interface tracking for a
VRRP group:
1-20

interface-number
Configure the priority of vrrp ipv6 vrid Optional
the switch in the VRRP virtual-router-id priority
group priority-value 100 by default
Optional
Configure the switch in
vrrp ipv6 vrid The switch in the VRRP
the standby to work in
virtual-router-id group works in
preemption mode and
preempt-mode [ timer preemption mode and the
configure preemption
delay delay-value ] preemption delay is zero
delay of the VRRP group
seconds by default.
vrrp ipv6 vrid

virtual-router-id track Optional
Configure the interface to interface interface-type
be tracked interface-number No interface is being
[ reduced tracked by default.
priority-reduced ]
Caution:
z The running priority of an IP address owner is always 255 and you do not need to
configure it. An IP address owner always works in the preemptive mode.
z Interface tracking is not configurable on an IP address owner.
z Tracked interfaces can only be VLAN interfaces.
z The priority of a device is reset if the state of the interface under tracking changes
from down to up.
1.3.6 Configuring VRRP Packet Attributes
Before configuring the relevant attributes of VRRP packets, you should first create the
VRRP group and configure the virtual IPv6 address.
Follow these steps to configure VRRP packet attributes:

1-21

interface-number
Configure the
authentication mode and vrrp ipv6 vrid Optional
authentication key when virtual-router-id
the VRRP groups send authentication-mode Authentication is not
and transmit VRRP simple key performed by default
packets
Configure the time interval Optional
vrrp ipv6 vrid
for the Master in the
virtual-router-id timer 100 centiseconds by
VRRP group to send
advertise adver-interval default
VRRP advertisement
Note:
z You may configure different authentication modes and authentication keys for the
VRRP groups on an interface. However, the members of the same VRRP group
must use the same authentication mode and authentication key.
z Factors like excessive traffic or different timer setting on switches can cause the
Backup timer to time-out abnormally and change the state. To solve this problem,
you can prolong the time interval to send VRRP packets and configure a delay for
preemption.
1.3.7 Displaying and Maintaining VRRP for IPv6

display vrrp ipv6 [verbose] [ interface
status view
display vrrp ipv6 statistics [ interface
interface-type interface-number [vrid
statistics view
reset vrrp ipv6 statistics [interface
Remove VRRP Available in user
interface-type interface-number [vrid
statistics view
1.4 IPv4-Based VRRP Configuration Examples

This section provides these configuration examples:
z Single VRRP Group Configuration Example
1-22
z VRRP Interface Tracking Configuration Example

z Multiple VRRP Groups Configuration Example
1.4.1 Single VRRP Group Configuration Example
I. Network requirements
z Host A needs to access Host B on the Internet, using 202.38.160.111/24 as its

default gateway.
z Switch A and Switch B belong to VRRP group 1 with the virtual IP address of
202.38.160.111/24.
z If Switch A operates normally, packets sent from Host A to Host B are forwarded
by Switch A; if Switch A fails, packets sent from Host A to Host B are forwarded by
Switch B.
II. Network diagram
Figure 1-7 Network diagram for single VRRP group configuration
III. Configuration procedure
1) Configure Switch A
# Configure VLAN 2.
<SysnameA> system-view
[SysnameA] vlan 2
[SysnameA-vlan2] port ethernet 2/1/4
[SysnameA-vlan2] quit
[SysnameA] interface vlan-interface 2
[SysnameA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0
# Create VRRP group 1 and configure its virtual IP address as 202.38.160.111.

[SysnameA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
1-23
# Configure the priority of Switch A in the VRRP group 1 as 110.

[SysnameA-Vlan-interface2] vrrp vrid 1 priority 110
# Configure Switch A to work in preemption mode and configure the preemption delay
to five seconds.
[SysnameA-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
[SysnameA-Vlan-interface2] return
2) Configure Switch B
# Configure VLAN 2.
<SysnameB> system-view
[SysnameB] vlan 2
[SysnameB-vlan2] port ethernet 2/1/4
[SysnameB-vlan2] quit
[SysnameB] interface vlan-interface 2
[SysnameB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

[SysnameB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
# Configure Switch B to work in preemptive mode and configure the preemption delay
to five seconds.
[SysnameB-Vlan-interface2] vrrp vrid 1 preempt-mode timer delay 5
[SysnameB-Vlan-interface2] return
3) Verify the configuration
After the configuration, host B can be pinged through on host A. You can use the
display vrrp verbose command to verify the configuration.
# Display detailed information of VRRP group 1 on Switch A.
<SysnameA> display vrrp verbose
IPv4 Standby Information:
Run Method : VIRTUAL-MAC
Virtual IP Ping : Enable
Total number of virtual routers: 1
Interface : Vlan-interface2
VRID : 1 Adver. Timer : 1
Admin Status : UP State : Master
Config Pri : 110 Run Pri : 110
Preempt Mode : YES Delay Time : 5
Auth Type : NONE
Virtual IP : 202.38.160.111
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.1
# Display detailed information of VRRP group 1 on Switch B.
1-24
<SysnameB> display vrrp verbose

Admin Status : UP State : Backup
Auth Type : NONE
Virtual IP : 202.38.160.111
Master IP : 202.38.160.1
The above information indicates that in VRRP group 1 Switch A is the master, Switch B
is the backup and packets sent from host A to host B are forwarded by Switch A.
If Switch A fails, you can still ping through host B on host A. You can use the display
vrrp verbose command to view the detailed information of the VRRP group on Switch
B.
# If Switch A fails, the detailed information of VRRP group 1 on Switch B is displayed.
Auth Type : NONE
Virtual IP : 202.38.160.111
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.2
The above information indicates that if Switch A fails, Switch B becomes the master,
and packets sent from host A to host B are forwarded by Switch B.
1.4.2 VRRP Interface Tracking Configuration Example
z Host A needs to access Host B on the Internet, using 202.38.160.111/24 as its

default gateway.
1-25
202.38.160.111/24.
by Switch A; if Switch A is in work, but when its interface VLAN-interface 3 which
connects to the internet is not available, packets sent from Host A to Host B are
forwarded by Switch B.
II. Network diagram
Figure 1-8 Network diagram for interface tracking in VRRP
# Configure VLAN 2.
[SysnameA] vlan 2
[SysnameA-Vlan-interface2] ip address 202.38.160.1 255.255.255.0

[SysnameA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
# Set the priority of Switch A in the VRRP group to 110.

[SysnameA-Vlan-interface2] vrrp vrid 1 priority 110
# Configure the authentication mode of the VRRP group as simple and authentication
key as hello.
[SysnameA-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello
1-26
# Configure the master to send VRRP packets every five seconds.

[SysnameA-Vlan-interface2] vrrp vrid 1 timer advertise 5
# Set the interface to be tracked.

[SysnameA-Vlan-interface2] vrrp vrid 1 track interface vlan-interface 3
reduced 30
# Configure VLAN 2.
[SysnameB] vlan 2
[SysnameB-Vlan-interface2] ip address 202.38.160.2 255.255.255.0

[SysnameB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.111
# Configure the authentication mode of the VRRP group as simple and authentication
key as hello.
[SysnameB-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello
# Configure the master to send VRRP packets every five seconds.

[SysnameB-Vlan-interface2] vrrp vrid 1 timer advertise 5
After the configuration, Host B can be pinged through on Host A. You can use the
display vrrp verbose command to verify the configuration.
Auth Type : SIMPLE TEXT Key : hello
Track IF : Vlan-interface3 Pri Reduced : 30
Virtual IP : 202.38.160.111
1-27
Virtual MAC : 0000-5e00-0101

Master IP : 202.38.160.1

Virtual IP : 202.38.160.111
Master IP : 202.38.160.1
is the backup and packets sent from Host A to host B are forwarded by Switch A.
If Switch A is in work, but when its VLAN-interface 3 that connects to the Internet is not
available, you can still ping through Host B on Host A. Use the display vrrp verbose
command to view the detailed information of the VRRP group.
# If VLAN-interface 3 on Switch A is not available, the detailed information of VRRP
group 1 on Switch A is displayed.
Virtual IP : 202.38.160.111
Master IP : 202.38.160.2
# If VLAN-interface 3 on Switch A is not available, the detailed information of VRRP

group 1 on Switch B is displayed.
1-28

Virtual IP : 202.38.160.111
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.2
The above information indicates that if VLAN-interface 3 on Switch A is not available,

the priority of Switch A is reduced to 80 and it becomes the backup. Switch B becomes
the master and packets sent from Host A to Host B are forwarded by Switch B.
1.4.3 Multiple VRRP Groups Configuration Example
z Hosts in VLAN 2 use 202.38.160.100/25 as their default gateway and hosts in

VLAN 3 use 202.38.160.200/25 as their default gateway.
z Switch A and Switch B belong to both VRRP group 1 and VRRP group 2. The
virtual IP address of VRRP group 1 is 202.38.160.100/25, and that of VRRP group
2 is 202.38.160.200/25.
z In VRRP group 1, Switch A has a higher priority than Switch B. In VRRP group 2,
Switch B has a higher priority than Switch A. In this case, hosts in VLAN 2 and
VLAN 3 can communicate with the outside through Switch A and Switch B
respectively, and if Switch A or Switch B fails, the hosts can use the other switch to
communicate with the outside, so as to avoid communication interruption.
1-29
II. Network diagram
Figure 1-9 Network diagram for multiple VRRP groups configuration
# Configure VLAN 2.
<SwitchA> system-view
[SwitchA] vlan 2
[SwitchA-vlan2] port ethernet 1/5
[SwitchA-vlan2] quit
[SwitchA] interface vlan-interface 2
[SwitchA-Vlan-interface2] ip address 202.38.160.1 255.255.255.128

[SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.100
# Set the priority of Switch A in VRRP group 1 to 110.

[SwitchA-Vlan-interface2] vrrp vrid 1 priority 110
[SwitchA-Vlan-interface2] quit
# Configure VLAN 3.
[SwitchA] vlan 3
[SwitchA-vlan3] port ethernet 1/6
[SwitchA-vlan3] quit
[SwitchA] interface vlan-interface 3
[SwitchA-Vlan-interface3] ip address 202.38.160.130 255.255.255.128
# Create VRRP group 2 and set its virtual IP address to 202.38.160.200.

[SwitchA-Vlan-interface3] vrrp vrid 2 virtual-ip 202.38.160.200
1-30
# Configure VLAN 2.
<SwitchB> system-view
[SwitchB] vlan 2
[SwitchB-vlan2] port ethernet 1/5
[SwitchB-vlan2] quit
[SwitchB] interface vlan-interface 2
[SwitchB-Vlan-interface2] ip address 202.38.160.2 255.255.255.128

[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 202.38.160.100
[SwitchB-Vlan-interface2] quit
# Configure VLAN 3.
[SwitchB] vlan 3
[SwitchB-vlan3] port ethernet 1/6
[SwitchB-vlan3] quit
[SwitchB] interface vlan-interface 3
[SwitchB-Vlan-interface3] ip address 202.38.160.131 255.255.255.128
# Create VRRP group 2 and set its virtual IP address to 202.38.160.200.

[SwitchB-Vlan-interface3] vrrp vrid 2 virtual-ip 202.38.160.200
# Set the priority of Switch B in VRRP group 2 to 110.

[SwitchB-Vlan-interface3] vrrp vrid 2 priority 110
You can use the display vrrp verbose command to verify the configuration.
# Display detailed information of the VRRP group on Switch A.
[SwitchA-Vlan-interface3] display vrrp verbose
Auth Type : NONE
Virtual IP : 202.38.160.100
Virtual MAC : 0000-5e00-0101
Master IP : 202.38.160.1
1-31

Auth Type : NONE
Virtual IP : 202.38.160.200
Master IP : 202.38.160.131
# Display detailed information of the VRRP group on Switch B.

[SwitchB-Vlan-interface3] display vrrp verbose
Auth Type : NONE
Virtual IP : 202.38.160.100
Master IP : 202.38.160.1
Auth Type : NONE
Virtual IP : 202.38.160.200
Virtual MAC : 0000-5e00-0102
Master IP : 202.38.160.131
is the backup and hosts with the default gateway of 202.38.160.100/25 accesses the
Internet through Switch A; in VRRP group 2 Switch A is the backup, Switch B is the
master and hosts with the default gateway of 202.38.160.200/25 accesses the Internet
through Switch B.
1.5 IPv6-Based VRRP Configuration Examples

This section provides these configuration examples:
z Single VRRP Group Configuration Example
z VRRP Interface Tracking Configuration Example
z Multiple VRRP Groups Configuration Example
1-32
1.5.1 Single VRRP Group Configuration Example
z Host A needs to access Host B on the Internet, using FE80::10 as its default
gateway.
z Switch A and Switch B belong to VRRP group 1 with the virtual IPv6 address of
FE80::10.
by Switch A; if Switch A fails, packets sent from Host A to Host B are forwarded by
Switch B.
II. Network diagram
Virtual IPv6 address:

FE80::10
Vlan-int2
FE80::1
Switch A
Gateway:
FE80::10
Internet
Host A Host B
Vlan-int2
FE80::2
Switch B
Figure 1-10 Network diagram for single IPv6 VRRP group configuration
# Configure VLAN 2.
[SysnameA] ipv6
[SysnameA] vlan 2
[SysnameA-Vlan-interface2] ipv6 address fe80::1 link-local
[SysnameA-Vlan-interface2] ipv6 address 1::1 64
# Create a VRRP group 1 and set its virtual IPv6 address to FE80::10.
[SysnameA-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
1-33
[SysnameA-Vlan-interface2] vrrp ipv6 vrid 1 priority 110
# Set Switch A to work in preemptive mode, with the preemption delay set to 5 seconds.
[SysnameA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5
# Enable Switch A to send RA messages.

[SysnameA-Vlan-interface2] undo ipv6 nd ra halt
# Configure VLAN 2.
[SysnameB] ipv6
[SysnameB] vlan 2
[SysnameB-Vlan-interface2] ipv6 address fe80::2 link-local
[SysnameB-Vlan-interface2] ipv6 address 1::2 64
[SysnameB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local
# Configure Switch B to work in the preemptive mode, with the preemption delay set to
5 seconds.
[SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5
# Enable Switch B to send RA messages.

[SysnameB-Vlan-interface2] undo ipv6 nd ra halt
display vrrp ipv6 verbose command to verify the configuration.
<SysnameA> display vrrp ipv6 verbose
Auth Type : NONE
1-34
Virtual IP : FE80::10
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1

<<SysnameB> display vrrp ipv6 verbose
Auth Type : NONE
Master IP : FE80::1
is the backup and packets sent from Host A to Host B are forwarded by Switch A.
If Switch A fails, you can still ping through Host B on Host A. You can use the display
vrrp ipv6 verbose command to view the detailed information of the VRRP group on
Switch B.
# If Switch A fails, the detailed information of VRRP group 1 on Switch B is displayed.
<SysnameB> display vrrp ipv6 verbose
Auth Type : NONE
Virtual MAC : 0000-5e00-0201
Master IP : FE80::2
The above information indicates that if Switch A fails, Switch B becomes the master,
and packets sent from Host A to Host B are forwarded by Switch B.
1-35
1.5.2 VRRP Interface Tracking Configuration Example
z Host A needs to access Host B on the Internet, using FE80::10 as its default
gateway.
FE80::10.
by Switch A; if Switch A is in work, but its Vlan-interface3 which connects to the
Internet is not available, packets sent from Host A to Host B are forwarded by
Switch B.
II. Network diagram
Virtual IPv6 address:

FE80::10
Vlan-int2
FE80::1
Vlan-int3
Switch A
Gateway:
FE80::10
Internet
Host B
Host A
Vlan-int2
FE80::2
Switch B
Figure 1-11 Network diagram for IPv6 VRRP interface tracking
# Configure VLAN 2.
[SysnameA] ipv6
[SysnameA] vlan 2
[SysnameA-vlan2] port ethernet 1/5
1-36

# Set the authentication mode for VRRP group 1 to SIMPLE and authentication key to
hello.
[SysnameA-Vlan-interface2] vrrp ipv6 vrid 1 authentication-mode simple hello
# Set the VRRP advertisement interval to 500 centiseconds.
[SysnameA-Vlan-interface2] vrrp ipv6 vrid 1 timer advertise 500
# Set Switch A work in preemption mode. The preemption delay is five seconds.
[SysnameA-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5
# Set the interface to be tracked.

[SysnameA-Vlan-interface2] vrrp ipv6 vrid 1 track interface vlan-interface 3
reduced 30
# Configure VLAN 2.
[SysnameB] ipv6
[SysnameB] vlan 2
[SysnameB-vlan2] port ethernet 1/5
# Set the authentication mode for VRRP group 1 to SIMPLE and authentication key to
hello.
[SysnameB-Vlan-interface2] vrrp ipv6 vrid 1 authentication-mode simple hello
# Set the VRRP advertisement interval to 500 centiseconds.
[SysnameB-Vlan-interface2] vrrp ipv6 vrid 1 timer advertise 500
# Set Switch B to work in preemption mode. The preemption delay is five seconds.
[SysnameB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode timer delay 5
display vrrp ipv6 verbose command to verify the configuration.
1-37

Virtual MAC : 0000-5e00-0201
Master IP : FE80::1

Master IP : FE80::1
is the backup and packets sent from Host A to Host B are forwarded by Switch A.
If Switch A is in work, but its interface VLAN-interface 3 is not available, you can still
ping through Host B on Host A. You can use the display vrrp ipv6 verbose command
to view the detailed information of the VRRP group.
# If Switch A is in work, but its interface VLAN-interface 3 is not available, the detailed
information of VRRP group 1 on Switch A is displayed.
1-38

Master IP : FE80::2
# If Switch A is in work but its interface VLAN-interface 3 is not available, the detailed
information of VRRP group 1 on Switch B is displayed.
Virtual MAC : 0000-5e00-0201
Master IP : FE80::2
The above information indicates that if VLAN-interface 3 on Switch A is not available,

the priority of Switch A reduces to 80 and it becomes the backup. Switch B becomes the
master and packets sent from Host A to Host B are forwarded by Switch B.
1.5.3 Multiple VRRP Groups Configuration Example
z In the network, some hosts use FE80::10 as their default gateway and some hosts
use FE80::20 as their default gateway.
z Load sharing and mutual backup between default gateways can be implemented
by using VRRP groups.
1-39
II. Network diagram
Figure 1-12 Network diagram for multiple IPv6 VRRP group configuration
# Configure VLAN 2.
[SysnameA] ipv6
[SysnameA] vlan 2
# Create VRRP group 1 and set its virtual IP address to FE80::10.



# Configure VLAN 2.
[SysnameB] ipv6
1-40



# Set the priority of Switch B in VRRP group 2 to 110.

[SysnameB-Vlan-interface2] vrrp ipv6 vrid 2 priority 110
You can use the display vrrp ipv6 verbose command to verify the configuration.
# Display detailed information of the VRRP group on Switch A.
Auth Type : NONE
Virtual MAC : 0000-5e00-0201
Master IP : FE80::1
Auth Type : NONE
Master IP : FE80::2
# Display detailed information of the VRRP group on Switch B.

1-41

Auth Type : NONE
Master IP : FE80::1
Auth Type : NONE
Virtual MAC : 0000-5e00-0202
Master IP : FE80::2
is the backup and the host with the default gateway of FE80::10 accesses the Internet
through Switch A; in VRRP group 2 Switch A is the backup, Switch B is the master and
the host with the default gateway of FE80::20 accesses the Internet through Switch B.
Note:
Multiple VRRP groups are commonly used in actual networking. In IPv6 network, you
need to manually configure the default gateway for VRRP group to share load.
1.6 Troubleshooting VRRP

I. Symptom 1:
The console screen displays error prompts frequently.

Analysis:
This error is probably due to the inconsistent configuration of the other device in the
VRRP group, or that a device is attempting to send illegitimate VRRP packets.
1-42
Solution:
z In the first case, modify the configuration.
z In the latter case, you have to resort to non-technical measures.
II. Symptom 2:
Multiple masters are present in the same VRRP group.

Analysis:
z If presence of multiple masters only lasts a short period, this is normal and
requires no manual intervention.
z If it lasts long, you must ensure that these masters can receive VRRP packets and
the packets received are legitimate.
Solution:
Ping between these masters, and do the following:
z If the ping fails, check network connectivity.
z If the ping succeeds, check that their configurations are consistent in terms of
number of virtual IP addresses, virtual IP addresses, advertisement interval, and
authentication mode.
III. Symptom 3:
Frequent VRRP state transition.

Analysis:
The VRRP advertisement interval is set too short.
Solution:
Increase the interval to sent VRRP advertisement or introduce a preemption delay.
1-43

02 VRRP Configuration

Transféré par

Informations du document

Copyright

Formats disponibles

Partager ce document

Partager ou intégrer le document

Options de partage

Avez-vous trouvé ce document utile ?

Ce contenu est-il inapproprié ?

Droits d'auteur :

Formats disponibles

02 VRRP Configuration

Transféré par

Droits d'auteur :

Formats disponibles

Operation Manual – VRRP

H3C S9500 Series Routing Switches Table of Contents

Chapter 1 VRRP Configuration .................................................................................................... 1-1

Chapter 1 VRRP Configuration

1.1 Introduction to VRRP

Figure 1-1 Common LAN networking

Apparently, this approach to enabling hosts on a network to communicate with external

1.1.2 VRRP Group Overview

This section introduces some concepts used throughout this document:

Figure 1-2 Network diagram for VRRP

II. VRRP priority

III. Working mode

IV. Authentication mode

1.1.3 VRRP Timers

I. VRRP advertisement interval timer

II. VRRP preemption delay timer

1.1.4 Format of VRRP Packets

I. IPv4-based VRRP packet format

Figure 1-3 IPv4-based VRRP packet format

II. IPv6-based VRRP packet format

Auth Type Adver Int Checksum

Figure 1-4 IPv6-based VRRP packet format

1.1.5 Principles of VRRP

1.1.6 VRRP Interface Tracking

1.1.7 VRRP Application (Taking IPv4-Based VRRP for Example)

Figure 1-5 VRRP in master/backup mode

II. Load balancing

Virtual router 1 Virtual router 2 Virtual router 3

Figure 1-6 VRRP in load balancing mode

1.2 Configuring VRRP for IPv4

Complete these tasks to configure VRRP for IPv4:

Configuring Priority, Preemptive Mode and Interface Tracking Optional

1.2.2 Enabling Users to Ping Virtual IP Addresses of VRRP Groups

To do… Use the command… Remarks

z Virtual IP address is associated with virtual router MAC address

To do… Use the command… Remarks

1.2.4 Creating VRRP Group and Configuring Virtual IP Address

II. Configuration procedure

To do… Use the command… Remarks

II. Configuration procedure

To do… Use the command… Remarks

Configure switch priority vrrp vrid virtual-router-id Optional

1.2.6 Configuring VRRP Packet Attributes

II. Configuration procedure

Follow these steps to configure VRRP packet attributes:

To do... Use the command... Remarks

To do... Use the command... Remarks

Disable TTL check on Optional

1.2.7 Enabling the Trap Function of VRRP

To do… Use the command… Remarks

1.2.8 Displaying and Maintaining VRRP for IPv4

To do… Use the command… Remarks

1.3 Configuring VRRP for IPv6

Complete these tasks to configure VRRP for IPv6:

1.3.2 Enabling Users to Ping Virtual IPv6 Addresses of VRRP Groups

To do… Use the command… Remarks

To do… Use the command… Remarks

1.3.4 Creating VRRP Group and Configuring Virtual IPv6 Address

II. Configuration procedure

To do… Use the command… Remarks

II. Configuration procedure

To do… Use the command… Remarks

vrrp ipv6 vrid

1.3.6 Configuring VRRP Packet Attributes