R3721-F3210-F3171-HP High-End Firewalls High Availability Configuration Guide-6PW101
90
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.0/24 Static 60 0 10.1.1.2 GE0/1
10.3.1.0/24 Direct 0 0 10.3.1.1 GE0/2
10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0
20.1.1.0/24 Direct 0 0 20.1.1.1 GE0/3
20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
30.1.1.0/24 Static 60 0 10.1.1.2 GE0/1
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
The output shows the NQA test result: the master route is available (the status of the track entry is
Positive), and Firewall A forwards packets to 30.1.1.0/24 through Router A.
# Remove the IP address of interface GigabitEthernet 0/1 on Router A.
<RouterA> system-view
[RouterA] interface gigabitethernet 0/1
[RouterA-GigabitEthernet0/1] undo ip address
# Display information of the track entry on Firewall A.
[FirewallA] display track all
Track ID: 1
Status: Negative
Duration: 0 days 0 hours 0 minutes 32 seconds
Notification delay: Positive 0, Negative 0 (in seconds)
Reference object:
NQA entry: admin test
Reaction: 1
# Display the routing table of Firewall A.
[FirewallA] display ip routing-table
Routing Tables: Public
Destinations : 10 Routes : 10
Destination/Mask Proto Pre Cost NextHop Interface
10.1.1.0/24 Direct 0 0 10.1.1.1 GE0/1
10.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
10.2.1.0/24 Static 60 0 10.1.1.2 GE0/1
10.3.1.0/24 Direct 0 0 10.3.1.1 GE0/2
10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0
20.1.1.0/24 Direct 0 0 20.1.1.1 GE0/3
20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0
30.1.1.0/24 Static 80 0 10.3.1.3 GE0/2
127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0
127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0
The output shows the NQA test result: if the master route is unavailable (the status of the track entry
is Negative), the backup static route takes effect and Firewall A forwards packets to 30.1.1.0/24
through Router B.
# When the master route fails, the hosts in 20.1.1.0/24 can still communicate with the hosts in
30.1.1.0/24.
[FirewallA] ping -a 20.1.1.1 30.1.1.1