R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Ste

Command

Remarks

1. Enter system view. system-view N/A

2. Create a track entry, associate it with the

interface management module to monitor the

physical status of an interface, and specify

the delay time for the track module to notify

the associated application module when the

track entry status changes.

track track-entry-number interface

interface-type interface-number

[ delay { negative negative-time |

positive positive-time } * ]

Use either

approach

No track entry is

created by default.

3. Create a track entry, associate it with the

interface management module to monitor the

Layer 3 protocol status of an interface, and

specify the delay time for the track module to

notify the associated application module

when the track entry status changes.

track track-entry-number interface

interface-type interface-number

protocol { ipv4 | ipv6 } [ delay

{ negative negative-time | positive

positive-time } * ]

Associating the track module with an application

module

Associating track with VRRP

VRRP is an error-tolerant protocol. It adds a group of routers that can act as network gateways to a VRRP

group, which forms a virtual router. Routers in the VRRP group elect the master acting as the gateway

according to their priorities. A router with a higher priority is more likely to become the master. The other

routers function as the backups. When the master fails, to make sure that the hosts in the network segment

can uninterruptedly communicate with external networks, the backups in the VRRP group elect a new

gateway to undertake the responsibility of the failed master.

When VRRP works in standard protocol mode, associate the track module with the VRRP group to

implement the following actions:

• Change the priority of a router according to the status of the uplink. If a fault occurs on the uplink

of the router, the VRRP group cannot be aware of the uplink failure. If the router is the master, hosts

in the LAN cannot access the external network. This problem can be solved by establishing a

track-VRRP group association. Use the detection modules to monitor the status of the uplink of the

router and establish collaborations between the detection modules, track module and VRRP. When

the uplink fails, the detection modules notify the track module to change the status of the monitored

track entry to Negative, and the priority of the master then decreases by a specified value, allowing

a higher priority router in the VRRP group to become the master to maintain proper communication

between the hosts in the LAN and the external network.

• Monitor the master on a backup. If a fault occurs on the master, the backup working in the

switchover mode will switch to the master immediately to maintain normal communication.

To associate track with VRRP group:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A