Manualshelf

R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
81828384858687888990
83
The output shows that when the status of the track entry becomes Positive, Firewall A is the master
and Firewall B the backup.
# Enable VRRP state debugging and BFD event debugging on Firewall B.
<FirewallB> terminal debugging
<FirewallB> terminal monitor
<FirewallB> debugging vrrp state
<FirewallB> debugging bfd event
# When Firewall A fails, the following output is displayed on Firewall B.
*Dec 17 14:44:34:142 2008 FirewallB BFD/7/EVENT:Send sess-down Msg,
[Src:192.168.0.102,Dst:192.168.0.101,GigabitEthernet 0/1,Echo], instance:0,
protocol:Track
*Dec 17 14:44:34:144 2008 FirewallB VRRP/7/DebugState: IPv4 GigabitEthernet 0/1 |
Virtual Router 1 : Backup --> Master reason: The status of the tracked object changed
# Display the detailed information of the VRRP group on Firewall B.
<FirewallB> display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface GigabitEthernet 0/1
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 192.168.0.10
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.102
VRRP Track Information:
Track Object : 1 State : Negative Switchover
The output shows that when BFD detects that Firewall A fails, it notifies VRRP through the track
module to change the status of Firewall B to master, without waiting for a period three times the
advertisement interval so that a backup can quickly preempt as the master.
Configuring BFD for the VRRP master to monitor the uplink
Network requirements
As shown in Figure 44, Firewall A and Firewall B belong to VRRP group 1, whose virtual IP address
is 192.168.0.10.
The default gateway of the hosts in the LAN is 192.168.0.10.
When Firewall A works properly, hosts in the LAN access the external network through Firewall A.
When Firewall A detects that the uplink is down through BFD, it decreases its priority so that Firewall
B can preempt as the master, ensuring that the hosts in the LAN can access the external network
through Firewall B.