HP FlexFabric 11900 Switch Series High Availability Configuration Guide Part number: 5998-5264 Software version: Release 2111 and later Document version: 6W100-20140110
Legal and notice information © Copyright 2014 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring Ethernet OAM ········································································································································· 1 Overview············································································································································································ 1 Major functions of Ethernet OAM ··························································································································
Configuring DLDP authentication·································································································································· 29 Displaying and maintaining DLDP································································································································ 30 DLDP configuration examples ······································································································································· 30 Automatically shu
Configuring Track ······················································································································································ 70 Overview········································································································································································· 70 Collaboration fundamentals ································································································································· 70
Configuring Ethernet OAM Overview Ethernet Operation, Administration and Maintenance (OAM) is a tool that monitors Layer 2 link status and addresses common link-related issues on the "last mile." Ethernet OAM improves Ethernet management and maintainability. You can use it to monitor the status of the point-to-point link between two directly connected devices.
How Ethernet OAM works This section describes the working procedures of Ethernet OAM. Ethernet OAM connection establishment Ethernet OAM connection is the basis of all the other Ethernet OAM functions. OAM connection establishment is also known as the "Discovery phase," where an Ethernet OAM entity discovers the remote OAM entity to establish a session.
Table 3 Ethernet OAM link error events Ethernet OAM link events Description Errored symbol event An errored symbol event occurs when the number of detected symbol errors in the detection window (specified number of received symbols) exceeds the predefined threshold. Errored frame event An errored frame event occurs when the number of detected error frames in the detection window (specified detection interval) exceeds the predefined threshold.
Ethernet OAM configuration task list Tasks at a glance (Required.) Configuring basic Ethernet OAM functions (Optional.) Configuring the Ethernet OAM connection detection timers (Optional.) Configuring link monitoring • • • • Configuring errored symbol event detection Configuring errored frame event detection Configuring errored frame period event detection Configuring errored frame seconds event detection (Optional.
You can configure this command in system view or port view. The configuration in system view takes effect on all ports, and the configuration in port view takes effect on the specified port. For a port, the configuration in port view takes precedence. After the timeout timer of an Ethernet OAM connection expires, the local OAM entity ages out its connection with the peer OAM entity, causing the OAM connection to disconnect.
Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the errored symbol event detection window. oam global errored-symbol-period window window-value By default, the errored symbol event detection window is 100000000. 3. Configure the errored symbol event triggering threshold. oam global errored-symbol-period threshold threshold-value By default, the errored symbol event triggering threshold is 1.
Step 4. Configure the errored frame event triggering threshold. Command Remarks oam errored-frame threshold threshold-value By default, an interface uses the value configured globally. Configuring errored frame period event detection An errored frame period event occurs when the number of times that frame errors in the detection window (specified number of received frames) are detected exceeds the predefined threshold. You can configure this command in system view or port view.
You can configure this command in system view or port view. The configuration in system view takes effect on all ports, and the configuration in port view takes effect on the specified port. For a port, the configuration in port view takes precedence. To configure errored frame seconds event detection globally: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the errored frame seconds event detection window.
Displaying and maintaining Ethernet OAM Execute display commands in any view and reset commands in user view: Purpose Command Display information about an Ethernet OAM connection. display oam { local | remote } [ interface interface-type interface-number ] Display Ethernet OAM configuration. display oam configuration [ interface interface-type interface-number ] Display the statistics on critical events after an Ethernet OAM connection is established.
[DeviceA] oam errored-frame threshold 10 [DeviceA-Ten-GigabitEthernet1/0/1] quit 2. Configure Device B: # Configure Ten-GigabitEthernet 1/0/1 to operate in passive Ethernet OAM mode (the default), and enable Ethernet OAM for it. system-view [DeviceB] interface ten-gigabitethernet 1/0/1 [DeviceB-Ten-GigabitEthernet1/0/1] oam mode passive [DeviceB-Ten-GigabitEthernet1/0/1] oam enable [DeviceB-Ten-GigabitEthernet1/0/1] quit 3.
Configuring CFD Overview Connectivity Fault Detection (CFD), which conforms to IEEE 802.1ag Connectivity Fault Management (CFM), is an end-to-end per-VLAN link layer OAM mechanism. CFD is used for link connectivity detection, fault verification, and fault location. Basic CFD concepts Maintenance domain A maintenance domain (MD) defines the network or part of the network where CFD plays its role. An MD is identified by its MD name.
An MA serves the specified VLAN or no VLAN. An MA that serves a VLAN is considered carrying VLAN attribute. An MA that serves no VLAN is considered having no VLAN attribute. An MP can receive packets sent by other MPs in the same MA. The level of an MA equals the level of the MD that the MA belongs to. Maintenance point An MP is configured on a port and belongs to an MA. MPs include the following types: maintenance association end points (MEPs) and maintenance association intermediate points (MIPs).
Figure 3 Procedure of creating MIPs Figure 4 demonstrates a grading example of the CFD module. Four levels of MDs (0, 2, 3, and 5) are designed. The bigger the number, the higher the level and the larger the area covered. MPs are configured on the ports of Device A through Device F. Port 1 of Device B is configured with the following MPs: a level 5 MIP, a level 3 inward-facing MEP, a level 2 inward-facing MEP, and a level 0 outward-facing MEP.
CFD functions CFD works effectively only in networks that are configured correctly. Its functions, which are implemented through the MPs, include: • Continuity check (CC) • Loopback (LB) • Linktrace (LT) Continuity check Connectivity faults are usually caused by device faults or configuration errors. Continuity check checks the connectivity between MEPs. This function is implemented through periodic sending of CCMs by the MEPs.
Tasks at a glance Configuring basic CFD settings: • • • • (Required.) Enabling CFD (Required.) Configuring service instances (Required.) Configuring MEPs (Required.) Configuring MIP auto-generation rules Configuring CFD functions: • (Required.) Configuring CC on MEPs • (Optional.) Configuring LB on MEPs • (Optional.
Step Command Remarks 3. cfd service-instance instance-id ma-id { icc-based icc-name | integer ma-num | string ma-name | vlan-based [ vlan-id ] } [ ma-index index-value ] md md-name [ vlan vlan-id ] By default, no service instance exists. Create a service instance. Configuring MEPs CFD is implemented through various operations on MEPs. As a MEP is configured on a service instance, the MD level and VLAN attribute of the service instance become the attribute of the MEP.
• Changes occur to the VLAN attribute of a port. • The rule specified in the cfd mip-rule command changes. An MA with no VLAN attribute is mainly used to detect direct link status. It cannot generate MIPs. For an MA with VLAN attribute, if the same or higher level MEP exists on the interface, no MIP is generated for the MA on the interface. To configure the rules for generating MIPs: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure MIP auto-generation rules.
• Configurations in aggregate interface view take effect on the aggregate interface and all its member ports. • Configurations on a member port take effect only when the member port leaves the aggregation group. To configure CC on a MEP: Step Command Remarks 1. Enter system view. system-view N/A 2. (Optional.) Set the CCM interval field. cfd cc interval interval-value service-instance instance-id By default, the interval field value is 4. 3.
Step Command Remarks 1. Find the path between a source MEP and a target MEP. cfd linktrace service-instance instance-id mep mep-id { target-mac mac-address | target-mep target-mep-id } [ ttl ttl-value ] [ hw-only ] Available in any view. 2. Enter system view. system-view N/A 3. Enable LT messages automatic sending. cfd linktrace auto-detection [ size size-value ] By default, LT messages automatic sending is disabled. Displaying and maintaining CFD Execute display commands in any view.
• In MD_A, Device B is designed to have MIPs when its port is configured with low level MEPs. Port Ten-GigabitEthernet 1/0/3 is configured with MEPs of MD_B, and the MIPs of MD_A can be configured on this port. You should configure the MIP generation rule of MD_A as explicit. • The MIPs of MD_B are designed on Device C, and are configured on all ports. You should configure the MIP generation rule as default.
[DeviceB] cfd md MD_B level 3 [DeviceB] cfd service-instance 2 ma-id vlan-based md MD_B vlan 100 Configure Device D as you configure Device B. # Create MD_B (level 3) on Device C, and create service instance 2 (in which the MA is identified by a VLAN and serves VLAN 100). [DeviceC] cfd md MD_B level 3 [DeviceC] cfd service-instance 2 ma-id vlan-based md MD_B vlan 100 4.
[DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] cfd cc service-instance 1 mep 1001 enable [DeviceA-Ten-GigabitEthernet1/0/1] quit # On Device B, enable the sending of CCM frames for MEP 2001 in service instance 2 on Ten-GigabitEthernet 1/0/3.
Configuring DLDP Overview Unidirectional links occur when one end of a link can receive packets from the other end, but the other end cannot receive packets sent by the first end. Unidirectional fiber links include the following types: • Occur when fibers are cross-connected. • Occur when a fiber is not connected at one end or when one fiber of a fiber pair gets broken. Figure 6 shows a correct fiber connection and the two types of unidirectional fiber connections.
Basic concepts DLDP neighbor states If port A and B are on the same link and port A can receive link-layer packets from port B, port B is a DLDP neighbor of port A. Two ports that can exchange packets are neighbors. Table 6 DLDP neighbor states DLDP timer Description Confirmed The link to a DLDP neighbor is bidirectional. Unconfirmed The state of the link to a newly discovered neighbor is not determined. DLDP port states A DLDP-enabled port is called a "DLDP port.
DLDP timer DelayDown timer RecoverProbe timer Description If a port is physically down, the device triggers the DelayDown timer (the default is 1 second and is configurable), rather than removing the corresponding neighbor entry. When the DelayDown timer expires, the device removes the corresponding DLDP neighbor information if the port is down, and does not perform any operation if the port is up. This timer is set to 2 seconds.
a. Port 1 receives the RecoverProbe packet from Port 4, and returns a RecoverEcho packet. b. Port 4 cannot receive any RecoverEcho packet from Port 1, so Port 4 cannot become the neighbor of Port 1. c. Port 3 can receive the RecoverEcho packet from Port 1, but Port 3 is not the intended destination, so Port 3 cannot become the neighbor of Port 1. The same process occurs on the other three ports. The four ports are all in Unidirectional state. • Unidirectional links occur after you enable DLDP.
packet to Port 2. At the same time, Port 1 deletes the neighborship with Port 2, and starts the RecoverProbe timer. Port 2 stays in Inactive state during this process. When an interface is physically down, but the Tx end of the interface is still operating, DLDP sends a LinkDown packet to inform the peer to delete the relevant neighbor entry.
Configuration prerequisites Configure the full duplex mode for the ports at two ends of the link, and configure a speed for the two ports, rather than letting them negotiate a speed. Enabling DLDP To correctly configure DLDP on the device, you must enable DLDP globally and on each port. To enable DLDP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DLDP globally. dldp global enable By default, DLDP is globally disabled. 3. Enter Layer 2 or Layer 3 Ethernet interface view.
Step Command Remarks N/A 1. Enter system view. system-view 2. Set the DelayDown timer. dldp delaydown-timer time The default is 1 second. The DelayDown timer setting applies to all DLDP-enabled ports. Setting the port shutdown mode On detecting a unidirectional link, the ports can be shut down in one of the following modes: • Auto mode—When a unidirectional link is detected, DLDP changes the DLDP port state to Unidirectional. The unidirectional port periodically sends RecoverProbe packets.
Step Command Remarks By default, no password is configured for DLDP authentication. Configure the password for DLDP authentication. 3. dldp authentication-password { cipher cipher | simple simple } If you do not configure the authentication password after you configure the authentication mode, the authentication mode is none no matter which authentication mode you configure. Displaying and maintaining DLDP Execute display commands in any view and the reset command in user view.
system-view [DeviceA] dldp global enable # Configure Ten-GigabitEthernet 1/0/1 to operate in full duplex mode and at 10000 Mbps, and enable DLDP on the port.
DLDP unidirectional-shutdown mode: Auto DLDP delaydown-timer value: 1s Number of enabled ports: 2 Interface Ten-GigabitEthernet1/0/1 DLDP port state: Bidirectional Number of the port’s neighbors: 1 Neighbor MAC address: 0023-8956-3600 Neighbor port index: 1 Neighbor state: Confirmed Neighbor aged time: 11s Interface Ten-GigabitEthernet1/0/2 DLDP port state: Bidirectional Number of the port’s neighbors: 1 Neighbor MAC address: 0023-8956-3600 Neighbor port index: 2 Neighbor state: Confirmed Neighbor aged tim
Number of enabled ports: 2 Interface Ten-GigabitEthernet1/0/1 DLDP port state: Unidirectional Number of the port’s neighbors: 0 (Maximum number ever detected: 1) Interface Ten-GigabitEthernet1/0/2 DLDP port state: Unidirectional Number of the port’s neighbors: 0 (Maximum number ever detected: 1) The output shows that the DLDP port status of both Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 is unidirectional, which indicates that DLDP detects unidirectional links on them and automatically shuts
Figure 11 Network diagram Configuration procedure 1. Configure Device A: # Enable DLDP globally. system-view [DeviceA] dldp enable # Configure Ten-GigabitEthernet 1/0/1 to operate in full duplex mode and at 10000 Mbps, and enable DLDP on the port.
[DeviceB-Ten-GigabitEthernet1/0/2] dldp enable [DeviceB-Ten-GigabitEthernet1/0/2] quit # Set the port shutdown mode to manual. [DeviceB] dldp unidirectional-shutdown manual 3. Verify the configuration: After the configurations are complete, you can use the display dldp command to display the DLDP configuration globally and on ports. # Display the DLDP configuration globally and on all the DLDP-enabled ports of Device A.
%Jul 12 08:29:25:004 2013 DeviceA IFNET/3/PHY_UPDOWN: Ten-GigabitEthernet1/0/1 link status is UP. %Jul 12 08:29:25:005 2013 DeviceA IFNET/5/LINK_UPDOWN: Line protocol on the interface Ten-GigabitEthernet1/0/1 is UP. %Jul 12 08:29:25:893 2013 DeviceA IFNET/3/PHY_UPDOWN: Ten-GigabitEthernet1/0/2 link status is UP. %Jul 12 08:29:25:894 2013 DeviceA IFNET/5/LINK_UPDOWN: Line protocol on the interface Ten-GigabitEthernet1/0/2 is UP.
[DeviceA-Ten-GigabitEthernet1/0/2] shutdown Correct the fiber connections and bring up the two ports: # Bring up Ten-GigabitEthernet 1/0/2. [DeviceA-Ten-GigabitEthernet1/0/2] undo shutdown The following log information is displayed on Device A: [DeviceA-Ten-GigabitEthernet1/0/2]%Jul 12 08:46:17:677 2013 DeviceA IFNET/3/PHY_UPDOWN: Ten-GigabitEthernet1/0/2 link status is UP. %Jul 12 08:46:17:678 2013 DeviceA IFNET/5/LINK_UPDOWN: Line protocol on the interface Ten-GigabitEthernet1/0/2 is UP.
Configuring VRRP The term "interface" in this chapter collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Overview Typically, you can configure a default gateway for every host on a LAN. All packets destined for other networks are sent through the default gateway.
VRRP has two versions: VRRPv2 and VRRPv3. VRRPv2 supports IPv4 VRRP. VRRPv3 supports IPv4 VRRP and IPv6 VRRP. VRRP standard mode In VRRP standard mode, only the master in the VRRP group can provide gateway service. When the master fails, the backup routers elect a new master to take over for nonstop gateway service. Figure 13 VRRP networking As shown in Figure 13, Router A, Router B, and Router C form a virtual router, which has its own IP address.
Authentication method To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets to authenticate one another. VRRP provides the following authentication methods: • Simple authentication The sender fills an authentication key into the VRRP packet, and the receiver compares the received authentication key with its local authentication key. If the two authentication keys match, the received VRRP packet is legitimate.
Master election Routers in a VRRP group determine their roles by priority. When a router joins a VRRP group, it has a backup role. The router role changes according to the following situations: • If the backup does not receive any VRRP advertisement when the timer (3 × advertisement interval + Skew_Time) expires, it becomes the master. • If the backup receives a VRRP advertisement with a greater or the same priority within the timer (3 × advertisement interval + Skew_Time), it remains a backup.
Figure 14 VRRP in master/backup mode Assume that Router A is acting as the master to forward packets to external networks, and Router B and Router C are backups in listening state. When Router A fails, Router B and Router C elect a new master to forward packets for hosts on the subnet. Load sharing A router can join multiple VRRP groups and has different priorities in different VRRP groups, and it can act as the master in one VRRP group and a backup in another.
• VRRP group 1—Router A is the master. Router B and Router C are the backups. • VRRP group 2—Router B is the master. Router A and Router C are the backups. • VRRP group 3—Router C is the master. Router A and Router B are the backups. To implement load sharing among Router A, Router B, and Router C, hosts on the subnet must be configured with the virtual IP addresses of VRRP group 1, 2, and 3 as default gateways, respectively.
Creating a VRRP group and assigning a virtual IP address A VRRP group can operate correctly after you create it and assign at least one virtual IP address to it. You can configure multiple virtual IP addresses for the VRRP group on an interface that connects to multiple subnets for router backup on different subnets.
Configuration procedure To configure the router priority, preemptive mode, and tracking function: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the priority of the router in the VRRP group. vrrp vrid virtual-router-id priority priority-value The default setting is 100. 4. Enable the preemptive mode for the router in a VRRP group and configure the preemption delay time.
Step 4. Command Configure the interval at which the master in an IPv4 VRRP group sends VRRP advertisements. Remarks The default setting is 100 centiseconds. vrrp vrid virtual-router-id timer advertise adver-interval To maintain system stability, HP recommends setting the VRRP advertisement interval to be greater than 100 centiseconds. 5. Specify the source interface for receiving and sending VRRP packets.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Disable a VRRP group. vrrp vrid virtual-router-id shutdown By default, a VRRP group is enabled. Displaying and maintaining IPv4 VRRP Execute display commands in any view and the reset command in user view. Task Command Display states of IPv4 VRRP groups. display vrrp [ interface interface-type interface-number [ vrid virtual-router-id ] ] [ verbose ] Display statistics for IPv4 VRRP groups.
• If you create an IPv6 VRRP group but do not assign any virtual IPv6 addresses to it, the VRRP group stays in inactive state and does not function. • To avoid IP address collisions, change the IPv6 address of the interface on the IP address owner before you remove the VRRP group from the interface. • The virtual IPv6 addresses of an IPv6 VRRP group and the IPv6 address of the interface where the VRRP group is configured must be in the same subnet.
Step Command Remarks 3. Configure the priority of the router in the VRRP group. vrrp ipv6 vrid virtual-router-id priority priority-value The default setting is 100. 4. Enable the preemptive mode for the router in a VRRP group and configure the preemption delay time. vrrp ipv6 vrid virtual-router-id preempt-mode [ delay delay-value ] By default, the router in a VRRP group operates in preemptive mode and the preemption delay time is 0 seconds, which means an immediate preemption. 5.
Disabling an IPv6 VRRP group You can temporarily disable an IPv6 VRRP group. After being disabled, the VRRP group stays in initialized state, and its configurations remain unchanged. You can change the configuration of a VRRP group when it is disabled. Your changes take effect when you enable the VRRP group again. To disable an IPv6 VRRP group: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3.
Figure 16 Network diagram Configuration procedure 1. Configure Switch A: # Configure VLAN 2. system-view [SwitchA] vlan 2 [SwitchA-vlan2] port ten-gigabitethernet 1/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ip address 10.1.1.1 255.255.255.0 # Create VRRP group 1 on VLAN-interface 2, and set its virtual IP address to 10.1.1.111. [SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.
[SwitchB-Vlan-interface2] vrrp vrid 1 preempt-mode delay 5 3. Verify the configuration: # Ping Host B from Host A. (Details not shown.) # Display detailed information about VRRP group 1 on Switch A.
Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.2 The output shows that when Switch A fails, Switch B takes over to forward packets from Host A to Host B. # Recover the link between Host A and Switch A, and display detailed information about VRRP group 1 on Switch A.
Figure 17 Network diagram Virtual IP address 1: 10.1.1.100/25 XGE1/0/5 Vlan-int2 10.1.1.1/25 XGE1/0/6 Vlan-int3 10.1.1.130/25 VLAN 2 Gateway: 10.1.1.100/25 Switch A Internet VLAN 3 XGE1/0/5 Vlan-int2 10.1.1.2/25 XGE1/0/6 Vlan-int3 10.1.1.131/25 Gateway: 10.1.1.200/25 Switch B Virtual IP address 2: 10.1.1.200/25 Configuration procedure 1. Configure Switch A: # Configure VLAN 2.
[SwitchB-Vlan-interface2] ip address 10.1.1.2 255.255.255.128 # Create VRRP group 1, and set its virtual IP address to 10.1.1.100. [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.100 [SwitchB-Vlan-interface2] quit # Configure VLAN 3. [SwitchB] vlan 3 [SwitchB-vlan3] port ten-gigabitethernet 1/0/6 [SwitchB-vlan3] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] ip address 10.1.1.131 255.255.255.128 # Create VRRP group 2, and set its virtual IP address to 10.1.1.200.
Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 211ms left Auth Type : None Virtual IP : 10.1.1.100 Master IP : 10.1.1.1 Interface Vlan-interface3 VRID : 2 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.1.200 Virtual MAC : 0000-5e00-0102 Master IP : 10.1.1.
Figure 18 Network diagram Virtual IPv6 address: FE80::10 XGE1/0/5 1::10/64 Vlan-int2 FE80::1 1::1/64 Switch A Gateway: 1::10/64 Host A Internet XGE1/0/5 Vlan-int2 FE80::2 1::2/64 Host B Switch B Configuration procedure 1. Configure Switch A: # Configure VLAN 2.
# Create VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10. [SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10 # Configure Switch B to operate in preemptive mode, and set the preemption delay to 5 seconds. [SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 5 # Enable Switch B to send RA messages, so Host A can learn the default gateway address.
Running Mode : Standard Total number of virtual routers : 1 Interface Vlan-interface2 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : FE80::10 1::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::2 The output shows that when Switch A fails, Switch B takes over to forward packets from Host A to Host B.
Figure 19 Network diagram Configuration procedure 1. Configure Switch A: # Configure VLAN 2. system-view [SwitchA] vlan 2 [SwitchA-vlan2] port ten-gigabitethernet 1/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local [SwitchA-Vlan-interface2] ipv6 address 1::1 64 # Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 to 1::10.
[SwitchA-Vlan-interface3] vrrp ipv6 vrid 2 virtual-ip 2::10 # Enable Switch A to send RA messages, so hosts in VLAN 3 can learn the default gateway address. [SwitchA-Vlan-interface3] undo ipv6 nd ra halt 2. Configure Switch B: # Configure VLAN 2.
Auth Type : None Virtual IP : FE80::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::1 1::10 Interface Vlan-interface3 VRID : 2 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 402ms left Auth Type : None Virtual IP : FE90::10 Master IP : FE90::2 2::10 # Display detailed information about the VRRP groups on Switch B.
Troubleshooting VRRP An error prompt is displayed Symptom An error prompt "The virtual router detected a VRRP configuration error." is displayed during configuration. Analysis This symptom is probably caused by the following reasons: • The VRRP advertisement interval in the packet is not the same as that for the current VRRP group (in VRRPv2 only). • The number of virtual IP addresses in the packet is not the same as that for the current VRRP group.
Analysis The VRRP advertisement interval is set too short. Solution Increase the interval for sending VRRP advertisements or introduce a preemption delay.
Configuring BFD The term "interface" in this chapter collectively refers to VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Introduction to BFD Bidirectional forwarding detection (BFD) provides a general-purpose, standard, medium- and protocol-independent fast failure detection mechanism.
• Control packets—Encapsulated into UDP packets with port number 3784 for single-hop detection or port number 4784 for multi-hop detection. Echo packet mode The local end of the link sends echo packets to establish BFD sessions and monitor link status. The peer end does not establish BFD sessions and only forwards the packets back to the originating end. In echo packet mode, BFD supports only single-hop detection and the BFD session is independent of the operating mode.
Protocols and standards • RFC 5880, Bidirectional Forwarding Detection (BFD) • RFC 5881, Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop) • RFC 5882, Generic Application of Bidirectional Forwarding Detection (BFD) • RFC 5883, Bidirectional Forwarding Detection (BFD) for Multihop Paths • RFC 5884, Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs) • RFC 5885, Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity V
Configuring control packet mode To configure control packet mode for single-hop detection: Step Command Remarks 1. Enter system view. system-view N/A 2. Specify the mode for establishing a BFD session. bfd session init-mode { active | passive } By default, active is specified. 3. Enter interface view. interface interface-type interface-number N/A 4. Configure the authentication mode for single-hop control packets.
Step Command Remarks 5. Configure the multi-hop detection time multiplier. bfd multi-hop detect-multiplier value The default setting is 5. 6. Configure the minimum interval for receiving multi-hop BFD control packets. bfd multi-hop min-receive-interval value The default setting is 400 milliseconds. 7. Configure the minimum interval for transmitting multi-hop BFD control packets. bfd multi-hop min-transmit-interval value The default setting is 400 milliseconds.
Configuring Track Overview The Track module works between application modules and detection modules, as shown in Figure 20. It shields the differences between various detection modules from application modules. Collaboration is enabled after you associate the Track module with a detection module and an application module. The detection module probes specific objects such as interface status, link status, network reachability, and network performance, and informs the Track module of detection results.
• NQA. • BFD. • CFD. • Interface management. Collaboration between the Track module and an application module The following application modules can be associated with the Track module: • VRRP. • Static routing. • Policy-based routing. When configuring a track entry for an application module, you can set a notification delay to avoid immediate notification of status changes, which can cause communication failure.
Tasks at a glance Remarks (Required.) Associating the Track module with an application module: • Associating Track with VRRP • Associating Track with static routing • Associating Track with PBR Use one of the methods. Associating the Track module with a detection module Associating Track with NQA NQA supports multiple test types to analyze network performance, services, and service quality.
If the BFD detects that the link is operating correctly, the Track module sets the track entry to Positive state. • Configuration prerequisites Before you associate Track with BFD, configure the source IP address of BFD echo packets. For more information, see "Configuring BFD." Configuration procedure To associate Track with BFD: Step 1. Enter system view. 2.
Associating Track with interface management The interface management module monitors the link status or network-layer protocol status of the interface. The interface management module functions as follows when it is associated with a track entry: • When the link or network-layer protocol status of the interface changes to up, the interface management module informs the Track module of the change and the Track module sets the track entry to Positive.
group association. Use the detection modules to monitor the status of the uplink of the router and establish collaborations between the detection modules, Track module, and VRRP. When the uplink fails, the detection modules notify the Track module to change the status of the monitored track entry to Negative, and the priority of the master decreases by a user-specified value.
The NotReady state of the track entry shows that the accessibility of the next hop of the static route is unknown, and that the static route is valid. • Follow these guidelines when you associate Track with static routing: • You can associate a nonexistent track entry with a static route. The association takes effect only after you use the track command to create the track entry.
• The Positive state of the track entry shows that the object is available, and the apply clause is valid. • The Negative state of the track entry shows that the object is not available, and the apply clause is invalid. • The NotReady state of the track entry shows that the apply clause is valid. The following objects can be associated with a track entry: • Outgoing interface. • Next hop. • Default outgoing interface. • Default next hop.
Step 4. Associate Track with IPv6 PBR. Command Remarks apply next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ipv6-address [ direct ] [ track track-entry-number ] }&<1-n> N/A Displaying and maintaining track entries Execute the display command in any view. Task Command Display information about a specific or all track entries.
Configuration procedure 1. Create VLANs and assign corresponding ports to them. Configure the IP address of each VLAN interface as shown in Figure 21. (Details not shown.) 2. Configure an NQA test group on Switch A: # Create an NQA test group with the administrator name admin and the operation tag test. system-view [SwitchA] nqa entry admin test # Configure the test type as ICMP-echo. [SwitchA-nqa-admin-test] type icmp-echo # Configure the destination address as 10.1.2.2.
# Create VRRP group 1, and configure the virtual IP address 10.1.1.10 for the group. [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.10 # Set the authentication mode of VRRP group 1 to simple, and the authentication key to hello. [SwitchB-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello # Configure the master to send VRRP packets at an interval of 500 centiseconds.
# Display detailed information about VRRP group 1 on Switch A when a fault is on the link between Switch A and Switch C. IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface Vlan-interface2 VRID : 1 Adver Timer : 500 Admin Status : Up State : Backup Config Pri : 110 Running Pri : 80 Preempt Mode : Yes Delay Time : 5 Become Master : 2200ms left Auth Type : Simple Key : ****** Virtual IP : 10.1.1.10 Master IP : 10.1.1.
applications. To solve this problem, VRRP uses BFD to probe the state of the master. Once the master fails, the backup can become the new master in milliseconds. Figure 22 Network diagram Internet Switch A Master Virtual router Virtual IP address: 192.168.0.10 Switch B Backup Vlan-int2 192.168.0.101/24 Vlan-int2 192.168.0.102/24 L2 switch BFD probe packets VRRP packets Configuration procedure 1. Create VLANs and assign corresponding ports to them.
[SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.10 [SwitchB-Vlan-interface2] vrrp vrid 1 track 1 switchover [SwitchB-Vlan-interface2] return Verifying the configuration # Display detailed information about VRRP group 1 on Switch A.
The output shows that when the status of the track entry becomes Positive, Switch A is the master and Switch B the backup. # Enable VRRP state debugging and BFD event debugging on Switch B. terminal debugging terminal monitor debugging vrrp fsm debugging bfd event When Switch A fails, the following output is displayed on Switch B. *Dec 17 14:44:34:142 2013 SwitchB BFD/7/EVENT:Send sess-down Msg, [Src:192.168.0.102,Dst:192.168.0.
Figure 23 Network diagram Internet Master uplink device Backup uplink device Vlan-int3 1.1.1.2/24 Uplink Uplink Vlan-int3 1.1.1.1/24 Switch A Master Vlan-int2 192.168.0.101/24 Switch B Backup Virtual router Virtual IP address: 192.168.0.10 Vlan-int2 192.168.0.102/24 L2 switch BFD probe packets VRRP packets Configuration procedure 1. Create VLANs and assign corresponding ports to them. Configure the IP address of each VLAN interface as shown in Figure 23. (Details not shown.) 2.
[SwitchB-Vlan-interface2] return Verifying the configuration # Display detailed information about the VRRP group on Switch A. display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface Vlan-interface2 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 192.168.0.
# When the uplink of Switch A goes down, the status of track entry 1 becomes Negative. display track 1 Track ID: 1 State: Negative Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: BFD session mode: Echo Outgoing interface: Vlan-interface2 VPN instance name: Remote IP: 1.1.1.2 Local IP: 1.1.1.1 # Display detailed information about VRRP group 1 on Switch A.
Static routing-Track-NQA collaboration configuration example Network requirements As shown in Figure 24, Switch A, Switch B, Switch C, and Switch D are connected to two segments 20.1.1.0/24 and 30.1.1.0/24. Configure static routes on these switches so that the two segments can communicate with each other. Configure route backup to improve network reliability. Switch A is the default gateway of the hosts in segment 20.1.1.0/24. Two static routes to 30.1.1.
2. Configure Switch A: # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.1.1.2 and the default priority 60. This static route is associated with track entry 1. system-view [SwitchA] ip route-static 30.1.1.0 24 10.1.1.2 track 1 # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.3.1.3 and the priority 80. [SwitchA] ip route-static 30.1.1.0 24 10.3.1.3 preference 80 # Configure a static route to 10.2.1.
system-view [SwitchD] ip route-static 20.1.1.0 24 10.2.1.2 track 1 # Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.4.1.3 and the priority 80. [SwitchD] ip route-static 20.1.1.0 24 10.4.1.3 preference 80 # Configure a static route to 10.1.1.1, with the address of the next hop as 10.2.1.2. [SwitchD] ip route-static 10.1.1.1 24 10.2.1.2 # Create an NQA test group with the administrator admin and the operation tag test.
10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 Direct 0 0 20.1.1.1 Vlan6 20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.0/24 Static 60 0 10.1.1.2 Vlan2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.1 InLoop0 The output shows the NQA test result: the master route is available (the status of the track entry is Positive), and Switch A forwards packets to 30.1.1.0/24 through Switch B.
Reply from 30.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms Reply from 30.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms --- Ping statistics for 30.1.1.1 --5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss round-trip min/avg/max/std-dev = 1/1/2/1 ms # The output on Switch D is similar to that on Switch A. When the master route fails, the hosts in 30.1.1.0/24 can still communicate with the hosts in 20.1.1.0/24. [SwitchB] ping -a 30.1.1.1 20.1.1.1 Ping 20.1.1.
Figure 25 Network diagram Configuration procedure 1. Create VLANs and assign corresponding ports to them. Configure the IP address of each VLAN interface as shown in Figure 25. (Details not shown.) 2. Configure Switch A: # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.2.1.2 and the default priority 60. This static route is associated with track entry 1. system-view [SwitchA] ip route-static 30.1.1.0 24 10.2.1.2 track 1 # Configure a static route to 30.1.1.
[SwitchC] ip route-static 30.1.1.0 24 10.4.1.2 # Configure a static route to 20.1.1.0/24, with the address of the next hop as 10.3.1.1. [SwitchB] ip route-static 20.1.1.0 24 10.3.1.1 Verifying the configuration # Display information about the track entry on Switch A.
Remote IP: 10.2.1.2 Local IP: 10.2.1.1 # Display the routing table of Switch A. [SwitchA] display ip routing-table Destinations : 9 Routes : 9 Destination/Mask Proto Cost NextHop Interface 10.2.1.0/24 Direct 0 Pre 0 10.2.1.1 Vlan2 10.2.1.1/32 Direct 0 0 127.0.0.1 InLoop0 10.3.1.0/24 Direct 0 0 10.3.1.1 Vlan3 10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 Direct 0 0 20.1.1.1 Vlan5 20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.0/24 Static 80 0 10.3.1.
VRRP-Track-interface management collaboration configuration example In this example, the master monitors the uplink interface. Network requirements As shown in Figure 26, Host A needs to access Host B on the Internet. The default gateway of Host A is 10.1.1.10/24. Switch A and Switch B belong to VRRP group 1, whose virtual IP address is 10.1.1.10. When Switch A works correctly, packets from Host A to Host B are forwarded through Switch A.
[SwitchB] interface vlan-interface 2 # Create VRRP group 1 and configure the virtual IP address 10.1.1.10 for the group. [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.10 Verifying the configuration After configuration, ping Host B on Host A, and you can see that Host B is reachable. Use the display vrrp command to view the configuration result. # Display detailed information about VRRP group 1 on Switch A.
[SwitchA-Vlan-interface3] display vrrp verbose IPv4 Virtual Router Information: Running Mode : Standard Total number of virtual routers : 1 Interface Vlan-interface2 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 110 Running Pri : 80 Preempt Mode : Yes Delay Time : 0 Become Master : 2200ms left Auth Type : None Virtual IP : 10.1.1.10 Master IP : 10.1.1.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index authenticating A high availability DLDP MD5 authentication, 29 advertising high availability DLDP MD5 mode, 25 high availability DLDP advertisement packet send interval, 28 high availability DLDP non-authentication mode, 25 high availability DLDP advertisement timer, 24 high availability DLDP password authentication, 29 high availability IPv6 VRRP packet attribute, 49 high availability DLDP plaintext authentication, 29 high availability VRRP advertisement interval, 40 high availability DLD
high availability CFD functions, 17 CFD basic concepts, 11 high availability CFD linktrace on MEP, 18 basic configuration, 15 high availability CFD loopback on MEP, 18 configuration, 11, 14, 19 high availability CFD MEPs, 16 continuity check function, 14, 14 high availability CFD MIP auto-generation rules, 16 continuity check on MEP, 17 high availability CFD service instance, 15 displaying, 19 high availability DLDP, 23, 27, 30 enabling, 15 high availability DLDP authentication, 29 function c
high availability Ethernet OAM errored symbol event detection, 5 Track BFD/VRRP backup master monitor, 81 Track BFD/VRRP master uplink monitor, 84 high availability Ethernet OAM fault detection, 1 VRRP-Track-interface management collaboration, 96 high availability Ethernet OAM remote fault detection, 3 VRRP-Track-NQA collaboration, 78 Track application collaboration, 71 confirmed DLDP neighbor state, 24 Track configuration, 70 connecting high availability Ethernet OAM connection detection timer, 4
static routing-Track-NQA collaboration, 88 electing high availability VRRP master election, 41 Track BFD/VRRP backup master monitor, 81 Track BFD/VRRP master uplink monitor, 84 enabling Track configuration, 78 high availability CFD, 15 VRRP-Track-interface management collaboration, 96 high availability DLDP, 28 VRRP-Track-NQA collaboration, 78 disabling high availability IPv4 VRRP group, 46 high availability IPv6 VRRP group, 50 high availability VRRP SNMP notification, 46 enhanced timer (DLDP), 24
IPv4 VRRP router tracking, 44 high availability CFD maintenance domain, 11 IPv4 VRRP single group configuration, 50 fault detection high availability BFD basic configuration, 67 IPv4 VRRP version specification, 43 high availability BFD configuration, 65 IPv4 VRRP virtual IP address assignment, 44 IPv6 VRRP configuration, 47, 56 forwarding IPv6 VRRP group creation, 47 bidirectional detection.
group disable, 50 high availability DLDP port state, 24 initial DLDP port state, 24 maintaining, 50 interface management multiple groups configuration, 59 packet attribute configuration, 49 VRRP-Track-interface management collaboration, 96 router preemptive mode, 48 interval router priority configuration, 48 high availability DLDP advertisement packet send interval, 28 router tracking function, 48 single group configuration, 56 IP addressing high availability IPv4 VRRP virtual IP address assignme
high availability CFD loopback on MEP configuration, 18 high availability IPv4 VRRP group creation, 44 high availability IPv4 VRRP group disable, 46 high availability IPv4 VRRP packet attribute, 45 high availability CFD maintenance point, 12 high availability IPv4 VRRP router preemptive mode, 44 high availability CFD MEP configuration, 16 high availability IPv4 VRRP router priority, 44 high availability CFD MIP auto-generation rule, 16 high availability IPv4 VRRP router tracking, 44 high availabilit
high availability DLDP plaintext authentication, 25 high availability DLDP port shutdown auto mode, 29 high availability DLDP port shutdown manual mode, 29 multi-hop detection (BFD), 68 multiple neighbors detection (DLDP), 27 N neighbor high availability DLDP multiple neighbors detection, 27 high availability IPv4 VRRP router preemptive mode, 44 high availability DLDP neighbor state, 24 high availability DLDP single neighbor detection, 25 high availability IPv6 VRRP router preemptive mode, 48 high avail
high availability Ethernet OAM link monitoring configuration, 5 high availability DLDP automatic unidirectional link shutdown, 30 high availability Ethernet OAM port action configuration, 8 high availability DLDP configuration, 23, 27, 30 high availability DLDP manual unidirectional link shutdown, 33 high availability IPv4 VRRP group creation, 44 high availability Ethernet OAM basic configuration, 4 high availability IPv4 VRRP group disable, 46 high availability IPv4 VRRP packet attribute, 45 high av
high availability BFD echo packet mode, 67 probe timer (DLDP), 24 high availability DLDP advertisement packet send interval, 28 procedure assigning high availability IPv4 VRRP virtual IP address, 44 high availability IPv4 VRRP packet attribute, 45 high availability DLDP authentication, 29 assigning high availability IPv6 VRRP virtual IP address, 47 high availability BFD supported, 66 associating Track/BFD, 72 password associating Track/application module, 74 PIM associating Track/CFD, 73 plainte
configuring high availability Ethernet OAM errored frame event detection, 6 configuring VRRP-Track-interface management collaboration, 96 configuring high availability Ethernet OAM errored frame period event detection, 7 configuring VRRP-Track-NQA collaboration, 78 creating high availability IPv4 VRRP group, 44 configuring high availability Ethernet OAM errored frame seconds event detection, 7 creating high availability IPv6 VRRP group, 47 configuring high availability Ethernet OAM errored symbol even
high availability Ethernet OAM loopback, 1 service restrictions high availability DLDP configuration, 27 high availability CFD service instance, 15 session high availability BFD control packet active operating mode, 65 RIP high availability BFD-supported, 66 high availability BFD control packet asynchronous operating mode, 65 router high availability IPv4 VRRP router preemptive mode, 44 high availability BFD control packet demand operating mode, 65 high availability IPv4 VRRP router priority, 44 hi
BFD/VRRP master uplink monitor configuration, 84 subnetting high availability IPv4 VRRP configuration, 43, 50 CFD association, 73 collaboration between Track and application modules, 71 high availability IPv4 VRRP multiple groups configuration, 53 collaboration between Track and detection modules, 70 high availability IPv4 VRRP single group configuration, 50 configuration, 70, 71, 78 high availability IPv6 VRRP configuration, 47, 56 detection module association, 72 displaying entries, 78 high avail
troubleshooting multiple masters appear in group, 63 V version VRRP-Track-interface management collaboration, 96 high availability IPv4 VRRP specification, 43 VRRP-Track-NQA collaboration, 78 virtual high availability IPv4 VRRP virtual IP address assignment, 44 high availability IPv6 VRRP virtual IP address assignment, 47 router redundancy protocol.
