Vous êtes sur la page 1sur 11

An HP ProCurve Networking Configuration Note

How to configure Virtual Router Redundancy Protocol (VRRP) on HP ProCurve switches

Contents
1. Introduction ................................................................................................................................................................. 2 2. Network diagram ......................................................................................................................................................... 2 3. VRRP configuration .................................................................................................................................................... 3 4. VRRP troubleshooting ................................................................................................................................................ 7 5. VRRP Redundancy tests .......................................................................................................................................... 10 6. Firmware versions .................................................................................................................................................... 11 7. Reference documents............................................................................................................................................... 11

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

1. Introduction
This application note explains configuration of Virtual Router Redundancy Protocol (VRRP) on a redundant network architecture, in order to provide gateway redundancy and load balancing capabilities.

2. Network diagram
The platform which will be used in this document to detail the different steps of the configuration consists of: - 2 x ProCurve switch 8212zl, named Core-1 and Core-2 connected by a 10G- SR link. Each one contains 2 x 24-port gigabit modules and a 4-slot 10G module with SR transceivers. - A ProCurve switch 3500yl named Edge-1, with a 10G module at the rear, connected as follows: o Port A1 (10G-SR at the rear) to port C2 on Core-1 o Port A1 (second 10G-SR at the rear) to port C3 on Core-2 - A ProCurve switch 5406wl named Edge-2, with 2 x 24-port gigabit modules and a 4-slot 10G module with SR transceivers, connected as follows: o Port C1 to port C3 on Core-1 o Port C2 to port C2 on Core-2 This hardware configuration is detailed in Figure-1 below.

Figure 1. Network setup

HP ProCurve Networking

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

VLANs and Multiple Spanning-tree have been configured on all switches; 2 instances have been defined: - MSTP instance 1 contains VLANs 10, 20 and 108. Core-1 is the Root for this instance and Core-2 the Secondary Root. - MSTP instance 2 contains VLANs 30 and 40. Core-2 is the Root for this instance and Core-1 the Secondary Root. For more details about this configuration please refer to application note AN-I1 Configure Multiple Spanning-tree on ProCurve Switches.

3. VRRP Configuration
Configured for each VLAN, VRRP enables to define a virtual IP address shared by the two Core switches. Two roles are defined: the Owner listens on this virtual IP address in normal time; the virtual address corresponds to the owners physical IP address. The Backup listens to VRRP advertisements from the Owner, and starts listening to the virtual address in case of failure of the Owner.

Best Practice
is to configure VRRP Roles in synch with MSTP Root per instance roles, for optimal load balancing of the traffic on the network. So, on each VLAN: VRRP Owner corresponds to MSTP Root switch VRRP Backup corresponds to MSTP Secondary Root.

With this configuration, the VLANs in the first instance will route their traffic through the first Core switch, and the VLANs in the second instance will route their traffic through the second one. Instead of having one router routing all the traffic of the network and the second only used for failover purposes, this maximizes the use of network bandwidth.

HP ProCurve Networking

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

The resulting MSTP-VRRP topology is as follows:

On all VLANs, Virtual IP address is similar to the VRRP Owner physical address: 10.1.VLAN.1 (except on VLAN 108 (Management) where it is 10.3.108.201)

HP ProCurve Networking

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

To achieve this topology, VRRP has been configured as follows on the Core switches:

Core- 1 VRRP Configuration


! VRRP is enabled globally Router vrrp ! Core-1 is set as VRRP Owner for Vlan 10, 20 and 108 ! As a convention. VRID matches Vlan number Core-1(config)# Vlan 10 vrrp vrid 10 Core-1(config-vlan-10-vrid-10)# owner ! virtual-ip address matches physical address of the owner Core-1(config-vlan-10-vrid-10)# virtual-ip-address 10.1.10.1 255.255.255.0
! VRRP is enabled on the VLAN

Core-1(config-vlan-10-vrid-10)# enable Core-1(config-vlan-10-vrid-10)# exit Core-1(config)# Vlan 20 vrrp vrid 20 Core-1(config-vlan-20-vrid-20)# owner Core-1(config-vlan-20-vrid-20)# virtual-ip-address 10.1.20.1 255.255.255.0 Core-1(config-vlan-20-vrid-20)# enable Core-1(config-vlan-20-vrid-20)# exit Core-1(config)# Vlan 108 vrrp vrid 18 Core-1(config-vlan-108-vrid-18)# owner Core-1(config-vlan-108-vrid-18)# virtual-ip-address 10.3.108.201 255.255.255.0 Core-1(config-vlan-108-vrid-18)# enable Core-1(config-vlan-108-vrid-18)# exit ! Core-1 is set as VRRP Backup for Vlan 30 and 40 Core-1(config)# Vlan 30 vrrp vrid 30 Core-1(config-vlan-30-vrid-30)# backup ! virtual-ip address still matches physical address of the owner, which is the second Core switch Core-1(config-vlan-30-vrid-30)# virtual-ip-address 10.1.30.1 255.255.255.0 Core-1(config-vlan-30-vrid-30)# enable Core-1(config-vlan-30-vrid-30)# exit Core-1(config)# Vlan 40 vrrp vrid 40 Core-1(config-vlan-40-vrid-40)# backup Core-1(config-vlan-40-vrid-40)# virtual-ip-address 10.1.40.1 255.255.255.0 Core-1(config-vlan-40-vrid-40)# enable Core-1(config-vlan-40-vrid-40)# exit

HP ProCurve Networking

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

Core- 2 VRRP Configuration


! VRRP is enabled globally Router vrrp ! Core-2 is set as VRRP Backup for Vlan 10, 20 and 108 Core-2(config)# vlan 10 vrrp vrid 10 Core-2(config-vlan-10-vrid-10)# backup Core-2(config-vlan-10-vrid-10)# virtual-ip-address 10.1.10.1 255.255.255.0 Core-2(config-vlan-10-vrid-10)# enable Core-2(config-vlan-10-vrid-10)# exit Core-2(config)# vlan 20 vrrp vrid 20 Core-2(config-vlan-20-vrid-20)# backup Core-2(config-vlan-20-vrid-20)# virtual-ip-address 10.1.20.1 255.255.255.0 Core-2(config-vlan-20-vrid-20)# enable Core-2(config-vlan-20-vrid-20)# exit Core-2(config)# vlan 108 vrrp vrid 18 Core-2(config-vlan-108-vrid-18)# backup Core-2(config-vlan-108-vrid-18)# virtual-ip-address 10.3.108.201 255.255.255.0 Core-2(config-vlan-108-vrid-18)# enable Core-2(config-vlan-108-vrid-18)# exit ! Core-2 is set as VRRP Owner for Vlan 30 and 40 Core-2(config)# vlan 30 vrrp vrid 30 Core-2(config-vlan-30-vrid-30)# owner Core-2(config-vlan-30-vrid-30)# virtual-ip-address 10.1.30.1 255.255.255.0 Core-2(config-vlan-30-vrid-30)# enable Core-2(config-vlan-30-vrid-30)# exit Core-2(config)# vlan 40 vrrp vrid 40 Core-2(config-vlan-40-vrid-40)# owner Core-2(config-vlan-40-vrid-40)# virtual-ip-address 10.1.40.1 255.255.255.0 Core-2(config-vlan-40-vrid-40)# enable Core-2(config-vlan-40-vrid-40)# exit

Note :
No configuration is needed on Edge switches. The Edge switches, as also the hosts on the network, just forward the packets to route to their default gateway, and it is transparent for them whether Core-1 or Core-2 is the physical router.

HP ProCurve Networking

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

Best Practice :
VRRP advertisement packets are exchanged on the link between the two Core switches. This link is very important and a failure can lead to a VLAN that is cut into 2 parts which will cause communication disruption. So, it is recommended to configure a trunk of 2 links or more between the two Core switches for better redundancy. By default, the advertise-interval (Hello interval between 2 VRRP advertisements sent by the Master switch on a VLAN to its Backup(s)) is 1 sec. The VRRP down time interval ( time, calculated by the Backup router(s) after which the Master is considered down if no VRRP advertisement is received) is set to 3 times the advertiseinterval. If the advertise-interval is modified, the down time interval is automatically recalculated to always be equal to 3 Hello intervals. All VRRP routers must be configured with the same advertise-interval. The router supports the following maximums: - 32 VRs per VLAN in any combination of Masters and Backups ( ie a Master + up to 31 Backups per VLAN) - 2048 VRs per router VR= Virtual Router defines a combination of Master and Backups on the same VLAN. For more information about VRRP configuration and parameters please consult the Multicast and Routing Guide for the ProCurve Series 3500yl, 6200yl, 5400zl and 8212zl series Chapter-6 Virtual Router Redundancy Protocol: http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-MRG-Jan08-6-VRRP.pdf

4. VRRP Troubleshooting
The following commands help to check and troubleshoot VRRP: Show vrrp [vlan x] config This command displays information about the VRRP Configuration. show vrrp config displays this info for all VLANs, show vrrp vlan X config for one particular VLAN. - Global configuration: VRRP Enabled or not - Per VLAN configuration: - Virtual Router ID can be checked - Mode to which the router has been configured for this VLAN: Owner or Backup - Priority: by default it is 255 for an Owner and 100 for a Backup Router - Advertisement Interval - Virtual IP address

HP ProCurve Networking

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

!View VRRP Configuration on Core-1


Core-1(config)#show vrrp config VRRP Global Configuration Information

VRRP Enabled Traps Enabled

: Yes : Yes

VRRP Virtual Router Configuration Information Vlan ID : 10 Virtual Router ID : 10

Administrative Status [Disabled] : Enabled Mode [Uninitialized] : Owner Priority [100] : 255 Advertisement Interval [1] : 2 Preempt Mode [True] : True Preempt Delay Time [0] : 60 Primary IP Address : Lowest

IP Address Subnet Mask --------------- --------------10.1.10.1 255.255.255.0

...

VRRP Virtual Router Configuration Information Vlan ID : 30 Virtual Router ID : 30

Administrative Status [Disabled] : Enabled Mode [Uninitialized] : Backup Priority [100] : 100 Advertisement Interval [1] : 2 Preempt Mode [True] : True Preempt Delay Time [0] : 0 Primary IP Address : Lowest

IP Address Subnet Mask --------------- --------------10.1.30.1 255.255.255.0

HP ProCurve Networking

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

Show vrrp [vlan X] This command show the status of the virtual router on each VLAN, and statistics about the packets received and transmitted by this virtual router.

Core-1(config)#show vrrp

VRRP Global Statistics Information

VRRP Enabled Protocol Version Invalid VRID Pkts Rx Checksum Error Pkts Rx

Bad Version Pkts Rx

:0

: : : :

Yes 2 0 0

VRRP Virtual Router Statistics Information Vlan ID : 10 Virtual Router ID : 10 State : Master Up Time : 23 hours Virtual MAC Address : 00005e-00010a Master's IP Address : 10.1.10.1 Associated IP Addr Count : 1 Near Failovers : Advertise Pkts Rx : 1 Become Master : Zero Priority Rx : 0 Zero Priority Tx : Bad Length Pkts : 0 Bad Type Pkts : Mismatched Interval Pkts : 0 Mismatched Addr List Pkts : Mismatched IP TTL Pkts : 0 Mismatched Auth Type Pkts :

1 1 0 0 0 0

. . .

VRRP Virtual Router Statistics Information Vlan ID : 40 Virtual Router ID : 40 State : Backup Up Time : 23 hours Virtual MAC Address : 00005e-000128 Master's IP Address : 10.1.40.1 Associated IP Addr Count : 1 Near Failovers : Advertise Pkts Rx : 41919 Become Master : Zero Priority Rx : 0 Zero Priority Tx : Bad Length Pkts : 0 Bad Type Pkts : Mismatched Interval Pkts : 0 Mismatched Addr List Pkts : Mismatched IP TTL Pkts : 0 Mismatched Auth Type Pkts :

1 0 0 0 0 0

Note:
note the difference between the VRRP Roles ( Owner or Backup), which is what has been explicitly configured on the router, and the VRRP States ( Master or Backup) which represent the status of a router at a given time. Example: A router has been configured as Backup on a VRID. In normal time, the state of this router is Backup. When the Owner router on this VRID fails, Backup router state changes to Master.

HP ProCurve Networking

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

Note:
The Virtual MAC address is a Multicast MAC address and corresponds to all routers in the VR. It is always composed of : - the same prefix: 00005e-0001xx - the 2 last bytes correspond to the VRID ( E.g.: 0a corresponds to 10 and 28 to 40 in hexadecimal notation)

5. VRRP Redundancy tests


To test VRRP Redundancy, we established a continuous ping between a client in VLAN 108 and another machine in VLAN 30, and then restarted Core-1. We lost 2-3 pings when Core-1 went down and Core-2 took over the Master role in VLAN 108, and then 2-3 pings again when Core-1 went back up and retrieved its Master role in VLAN 108. So the failover time is estimated between 1 and 3 s.

Note: When the Owner fails and the Backup takes over, the virtual address can not be reached by a ping command any more. ARP table is updated. Note: The protocol responsible of the topology convergence in case of link failure is MSTP, and in case of core switch failure it is VRRP.

HP ProCurve Networking

10

How to configure Virtual Router Redundancy Protocol on HP ProCurve switches

6. Firmware versions
Switches firmware versions used in this application note are: For ProCurve switches 3500yl, 5406zl and 8212zl: K.13.25

7. Reference documents
This concludes the procedure for configuring VRRP on ProCurve switches. For further information about how to configure VRRP on ProCurve switches 3500yl-5400zl-8212zl, please refer to the following links: - ProCurve Multicast and Routing Guide for the ProCurve Series 3500yl, 6200yl, 5400zl and 8212zl series Chapter-6 Virtual Router Redundancy Protocol: http://cdn.procurve.com/training/Manuals/3500-5400-6200-8200-MRG-Jan08-6-VRRP.pdf - Command Line Reference Guide: http://cdn.procurve.com/training/Manuals/8200-6200-5400-3500-CLI-K13-Mar2008.pdf

For further information, please visit www.procurve.eu


2008 Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice. The only warranties for HP products and services are set forth in the express warranty statements accompanying such products and services. Nothing herein should be construed as constituting an additional warranty. HP shall not be liable for technical or editorial errors or omissions contained herein.

4AA2-2445EEE, September 2008

HP ProCurve Networking

11