R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101
77
Track configuration examples
VRRP-track-NQA collaboration configuration example (the
master monitors the uplinks)
Network requirements
• As shown in Figure 42, Host A needs to access Host B on the Internet. The default gateway of Host
A i s 10 .1.1.10 / 24 .
• Firewall A and Firewall B belong to VRRP group 1, which has the virtual IP address 10.1.1.10.
• When Router A works normally, packets from Host A to Host B are forwarded through Firewall A.
When NQA detects that a fault is on the uplink of Firewall A, packets from Host A to Host B are
forwarded through Firewall B.
Figure 42 Network diagram
Configuration procedure
1. Configure the IP address of each interface as shown in Figure 42.
2. Configure an NQA test group on Firewall A:
<FirewallA> system-view
# Create an NQA test group with the administrator name admin and the operation tag test.
[FirewallA] nqa entry admin test
# Configure the test type as ICMP echo test.
[FirewallA-nqa-admin-test] type icmp-echo
# Configure the destination address as 10.1.2.2.
[FirewallA-nqa-admin-test-icmp-echo] destination ip 10.1.2.2
# Configure the interval between two consecutive tests as 100 milliseconds.
[FirewallA-nqa-admin-test-icmp-echo] frequency 100
# Create reaction entry 1, specifying that five consecutive probe failures trigger the track module.
[FirewallA-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail
threshold-type consecutive 5 action-type trigger-only
[FirewallA-nqa-admin-test-icmp-echo] quit