HP FlexFabric 11900 Switch Series High Availability Configuration Guide Part number: 5998-4066 Software version: Release 2105 and later Document version: 6W100-20130515
Legal and notice information © Copyright 2013 Hewlett-Packard Development Company, L.P. No part of this documentation may be reproduced or transmitted in any form or by any means without prior written consent of Hewlett-Packard Development Company, L.P. The information contained herein is subject to change without notice.
Contents Configuring Ethernet OAM ········································································································································· 1 Overview············································································································································································ 1 Major functions of Ethernet OAM ··························································································································
Configuring DLDP authentication·································································································································· 29 Displaying and maintaining DLDP································································································································ 29 DLDP configuration examples ······································································································································· 30 Automatically shu
Collaboration fundamentals ································································································································· 69 Collaboration application example····················································································································· 70 Track configuration task list··········································································································································· 70 Associating the Track modu
Configuring Ethernet OAM Overview Ethernet Operation, Administration and Maintenance (OAM) is a tool that monitors Layer 2 link status and addresses common link-related issues on the "last mile." Ethernet OAM improves Ethernet management and maintainability. You can use it to monitor the status of the point-to-point link between two directly connected devices.
Ethernet OAM connection establishment Ethernet OAM connection is the basis of all the other Ethernet OAM functions. OAM connection establishment is also known as the "Discovery phase," where an Ethernet OAM entity discovers the remote OAM entity to establish a session. In this phase, two connected OAM entities exchange Information OAMPDUs to advertise their OAM configuration and capabilities to each other for a comparison.
Ethernet OAM link events Description Errored frame event An errored frame event occurs when the number of detected error frames in the detection window (specified detection interval) exceeds the predefined threshold. Errored frame period event An errored frame period event occurs when the number of frame errors in the detection window (specified number of received frames) exceeds the predefined threshold.
Tasks at a glance (Optional.) Configuring link monitoring • • • • Configuring errored symbol event detection Configuring errored frame event detection Configuring errored frame period event detection Configuring errored frame seconds event detection (Optional.
OAM connections stable, HP recommends that you set the connection timeout timer at least five times the handshake packet transmission interval. To configure the Ethernet OAM connection detection timers globally: Step Command Remarks 1. Enter system view. System-view N/A 2. Configure the Ethernet OAM handshake packet transmission interval. oam global timer hello interval The default is 1000 milliseconds. Configure the Ethernet OAM connection timeout timer.
To configure errored symbol event detection on a port: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2/Layer 3 Ethernet port view. interface interface-type interface-number N/A 3. Configure the errored symbol event detection window. oam errored-symbol-period window window-value By default, an interface uses the value configured globally. 4. Configure the errored symbol event triggering threshold.
You can configure this command in system view or port view. The configuration in system view takes effect on all ports, and the configuration in port view takes effect on the specified port. For a port, the configuration in port view takes precedence. To configure errored frame period event detection globally: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure the errored frame period event detection window.
Step 3. Configure the errored frame seconds event triggering threshold. Command Remarks oam global errored-frame-seconds threshold threshold-value By default, the errored frame seconds event triggering threshold is 1. To configure errored frame seconds event detection on a port: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter Layer 2/Layer 3 Ethernet port view. interface interface-type interface-number N/A 3. Configure the errored frame seconds event detection window.
Purpose Command Display the statistics on critical events after an Ethernet OAM connection is established. display oam critical-event [ interface interface-type interface-number ] Display the statistics on Ethernet OAM link error events after an Ethernet OAM connection is established. display oam link-event { local | remote } [ interface interface-type interface-number ] Clear statistics on Ethernet OAM packets and Ethernet OAM link error events.
3. Verify the configuration: Use the display oam critical-event command to display the statistics of Ethernet OAM critical link events. For example: # Display the statistics of Ethernet OAM critical link events on all the ports of Device A.
Configuring CFD Overview Connectivity Fault Detection (CFD), which conforms to IEEE 802.1ag Connectivity Fault Management (CFM), is an end-to-end per-VLAN link layer OAM mechanism used for link connectivity detection, fault verification, and fault location. Basic CFD concepts Maintenance domain A maintenance domain (MD) defines the network or part of the network where CFD plays its role. An MD is identified by its MD name. To accurately locate faults, CFD introduces eight levels (from 0 to 7) to MDs.
An MA serves the specified VLAN or no VLAN. An MA that serves a VLAN is considered carrying VLAN attribute. An MA that serves no VLAN is considered having no VLAN attribute. An MP can receive packets sent by other MPs in the same MA. The level of an MA equals the level of the MD that the MA belongs to. Maintenance point An MP is configured on a port and belongs to an MA. MPs include two types: maintenance association end points (MEPs) and maintenance association intermediate points (MIPs).
Figure 3 Procedure of creating MIPs Figure 4 demonstrates a grading example of the CFD module. Four levels of MDs (0, 2, 3, and 5) are designed. The bigger the number, the higher the level and the larger the area covered. MPs are configured on the ports of Device A through Device F. Port 1 of Device B is configured with the following MPs; a level 5 MIP, a level 3 inward-facing MEP, a level 2 inward-facing MEP, and a level 0 outward-facing MEP.
CFD functions CFD works effectively only in networks that are configured correctly. Its functions, which are implemented through the MPs, include: • Continuity check (CC) • Loopback (LB) • Linktrace (LT) Continuity check Connectivity faults are usually caused by device faults or configuration errors. Continuity check checks the connectivity between MEPs. This function is implemented through periodic sending of CCMs by the MEPs.
Tasks at a glance Configuring basic CFD settings: • • • • (Required.) Enabling CFD (Required.) Configuring service instances (Required.) Configuring MEPs (Required.) Configuring MIP auto-generation rules Configuring CFD functions: • (Required.) Configuring CC on MEPs • (Optional.) Configuring LB on MEPs • (Optional.
Step Command Remarks 3. cfd service-instance instance-id ma-id { icc-based icc-name | integer ma-num | string ma-name | vlan-based [ vlan-id ] } [ ma-index index-value ] md md-name [ vlan vlan-id ] By default, no service instance exists. Create a service instance. Configuring MEPs CFD is implemented through various operations on MEPs. As a MEP is configured on a service instance, the MD level and VLAN attribute of the service instance become the attribute of the MEP.
• Creating or deleting the MEPs on a port. • Changes occur to the VLAN attribute of a port. • The rule specified in the cfd mip-rule command changes. An MA with no VLAN attribute is mainly used to detect direct link status. It cannot generate MIPs. For an MA with VLAN attribute, if the same or higher level MEP exists on the interface, no MIP is generated for the MA on the interface. To configure the rules for generating MIPs: Step 1. Enter system view. 2. Configure the rules generating MIPs.
Step Command Remarks 1. Enter system view. system-view N/A 2. (Optional.) Configure the interval field value in the CCM messages sent by MEPs. cfd cc interval interval-value service-instance instance-id By default, the interval field value is 4. Enter Layer 2 Ethernet interface view, Layer 3 Ethernet interface view, or Layer 2 aggregate interface view.
Step Command Remarks 1. Find the path between a source MEP and a target MEP. cfd linktrace service-instance instance-id mep mep-id { target-mac mac-address | target-mep target-mep-id } [ ttl ttl-value ] [ hw-only ] Available in any view. 2. Enter system view. system-view N/A 3. Enable LT messages automatic sending. cfd linktrace auto-detection [ size size-value ] By default, LT messages automatic sending is disabled. Displaying and maintaining CFD Execute display commands in any view.
• In MD_A, Device B is designed to have MIPs when its port is configured with low level MEPs. Port Ten-GigabitEthernet 1/0/3 is configured with MEPs of MD_B, and the MIPs of MD_A can be configured on this port. You should configure the MIP generation rule of MD_A as explicit. • The MIPs of MD_B are designed on Device C, and are configured on all ports. You should configure the MIP generation rule as default.
[DeviceB] cfd md MD_B level 3 [DeviceB] cfd service-instance 2 ma-id vlan-based md MD_B vlan 100 Configure Device D as you configure Device B. # Create MD_B (level 3) on Device C, and create service instance 2 (in which the MA is identified by a VLAN and serves VLAN 100). [DeviceC] cfd md MD_B level 3 [DeviceC] cfd service-instance 2 ma-id vlan-based md MD_B vlan 100 4.
[DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] cfd cc service-instance 1 mep 1001 enable [DeviceA-Ten-GigabitEthernet1/0/1] quit # On Device B, enable the sending of CCM frames for MEP 2001 in service instance 2 on Ten-GigabitEthernet 1/0/3.
Configuring DLDP Overview Unidirectional links occur when one end of a link can receive packets from the other end, but the other end cannot receive packets sent by the first end. Unidirectional fiber links include the following types: • Occur when fibers are cross-connected. • Occur when a fiber is not connected at one end or when one fiber of a fiber pair gets broken. Figure 6 shows a correct fiber connection and the two types of unidirectional fiber connections.
Basic concepts DLDP neighbor states If port A and B are on the same link and port A can receive link-layer packets from port B, port B is a DLDP neighbor of port A. Two ports that can exchange packets are neighbors. Table 6 DLDP neighbor states DLDP timer Description Confirmed The link to a DLDP neighbor is bidirectional. Unconfirmed The state of the link to a newly discovered neighbor is not determined. DLDP port states A DLDP-enabled port is called a "DLDP port.
DLDP timer DelayDown timer RecoverProbe timer Description If a port is physically down, the device triggers the DelayDown timer (the default is 1 second, configurable), rather than removing the corresponding neighbor entry. When the DelayDown timer expires, the device removes the corresponding DLDP neighbor information if the port is down, and does not perform any operation if the port is up. This timer is set to 2 seconds.
b. Port 4 cannot receive any RecoverEcho packet from Port 1, so Port 4 cannot become the neighbor of Port 1. c. Port 3 can receive the RecoverEcho packet from Port 1, but Port 3 is not the intended destination, so Port 3 cannot become the neighbor of Port 1. The same process occurs on the other three ports. The four ports are all in Unidirectional state. • Unidirectional links occur after you enable DLDP.
Detecting multiple neighbors When multiple devices are connected through a hub, enable DLDP on all interfaces connected to the hub to detect unidirectional links among the neighbors. When no Confirmed neighbor exists, an interface enters the Unidirectional state. Figure 9 Network diagram As shown in Figure 9, Device A through Device D are connected through a hub, and enabled with DLDP.
Enabling DLDP To correctly configure DLDP on the device, you must enable DLDP globally and on each port. To enable DLDP: Step Command Remarks 1. Enter system view. system-view N/A 2. Enable DLDP globally. dldp global enable By default, DLDP is globally disabled. 3. Enter Layer 2 or Layer 3 Ethernet interface view. interface interface-type interface-number N/A 4. Enable DLDP. dldp enable By default, DLDP is disabled on an interface.
Setting the port shutdown mode On detecting a unidirectional link, the ports can be shut down in one of the following two modes. • Auto mode—When a unidirectional link is detected, DLDP changes the DLDP port state to Unidirectional. The unidirectional port periodically sends RecoverProbe packets. When a correct RecoverEcho packet is received, the link between the local port and the neighbor is restored to a bidirectional link, and the port will transit from Unidirectional state to Bidirectional state.
Task Command Display the DLDP configuration globally and of a port. display dldp [ interface interface-type interface-number ] Display the statistics on DLDP packets passing through a port. display dldp statistics [ interface interface-type interface-number ] Clear the statistics on DLDP packets passing through a port.
[DeviceA-Ten-GigabitEthernet1/0/2] quit # Set the port shutdown mode to auto. [DeviceA] dldp unidirectional-shutdown auto 2. Configure Device B: # Enable DLDP globally. system-view [DeviceB] dldp global enable # Configure Ten-GigabitEthernet 1/0/1 to operate in full duplex mode and at 10000 Mbps, and enable DLDP on it.
Neighbor port index: 2 Neighbor state: Confirmed Neighbor aged time: 12s The output shows that both Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 are in Bidirectional state, which means both links are bidirectional. # Enable the monitoring of logs on the current terminal on Device A, and set the lowest level of the logs that can be output to the current terminal to 6.
%Jul 11 17:42:57:709 2012 DeviceA IFNET/3/PHY_UPDOWN: Ten-GigabitEthernet1/0/1 link status is DOWN. %Jul 11 17:42:58:603 2012 DeviceA IFNET/3/PHY_UPDOWN: Ten-GigabitEthernet1/0/2 link status is DOWN. %Jul 11 17:43:02:342 2012 DeviceA IFNET/3/PHY_UPDOWN: Ten-GigabitEthernet1/0/1 link status is UP. %Jul 11 17:43:02:343 2012 DeviceA DLDP/6/DLDP_NEIGHBOR_CONFIRMED: A neighbor was confirmed on interface Ten-GigabitEthernet1/0/1. The neighbor's system MAC is 0023-8956-3600, and the port index is 1.
[DeviceA-Ten-GigabitEthernet1/0/1] duplex full [DeviceA-Ten-GigabitEthernet1/0/1] speed 10000 [DeviceA-Ten-GigabitEthernet1/0/1] dldp enable [DeviceA-Ten-GigabitEthernet1/0/1] quit # Configure Ten-GigabitEthernet 1/0/2 to operate in full duplex mode and at 10000 Mbps, and enable DLDP on the port.
DLDP port state: Bidirectional Number of the port’s neighbors: 1 Neighbor MAC address: 0023-8956-3600 Neighbor port index: 1 Neighbor state: Confirmed Neighbor aged time: 11s Interface Ten-GigabitEthernet1/0/2 DLDP port state: Bidirectional Number of the port’s neighbors: 1 Neighbor MAC address: 0023-8956-3600 Neighbor port index: 2 Neighbor state: Confirmed Neighbor aged time: 12s The output shows that both Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 are in Bidirectional state, which means bo
Interface Ten-GigabitEthernet1/0/1 DLDP port state: Unidirectional Number of the port’s neighbors: 0 (Maximum number ever detected: 1) Interface Ten-GigabitEthernet1/0/2 DLDP port state: Unidirectional Number of the port’s neighbors: 0 (Maximum number ever detected: 1) The output shows that the DLDP port status of both Ten-GigabitEthernet 1/0/1 and Ten-GigabitEthernet 1/0/2 is unidirectional, which indicates that DLDP detects unidirectional links on them but does not shut down the two ports.
[DeviceA] interface ten-gigabitethernet 1/0/1 [DeviceA-Ten-GigabitEthernet1/0/1] undo shutdown The following log information is displayed on Device A: [DeviceA-Ten-GigabitEthernet1/0/1]%Jul 12 08:48:25:952 2012 DeviceA IFNET/3/PHY_UPDOWN: Ten-GigabitEthernet1/0/1 link status is UP. %Jul 12 08:48:25:952 2012 DeviceA DLDP/6/DLDP_NEIGHBOR_CONFIRMED: A neighbor was confirmed on interface Ten-GigabitEthernet1/0/1. The neighbor's system MAC is 0023-8956-3600, and the port index is 1.
Configuring VRRP The term interface in the VRRP feature refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Overview Typically, you can configure a default gateway for every host on a LAN. All packets destined for other networks are sent through the default gateway.
VRRP has two versions: VRRPv2 and VRRPv3. VRRPv2 supports IPv4 VRRP. VRRPv3 supports IPv4 VRRP and IPv6 VRRP. VRRP standard mode In VRRP standard mode, only the master in the VRRP group can provide gateway service. When the master fails, the backup routers elect a new master to take over for nonstop gateway service. Figure 13 VRRP networking As shown in Figure 13, Router A, Router B, and Router C form a virtual router, which has its own IP address.
Authentication method To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets to authenticate one another. VRRP provides the following authentication methods: • Simple authentication The sender fills an authentication key into the VRRP packet, and the receiver compares the received authentication key with its local authentication key. If the two authentication keys match, the received VRRP packet is legitimate.
• Routers in a VRRP group determine their roles by priority. The router with the highest priority is elected as the master, and the others are the backups. The master periodically sends VRRP advertisements to notify the backups that it is operating correctly, and each of the backups starts a timer to wait for advertisements from the master. • In preemptive mode, when a backup receives a VRRP advertisement, it compares only the priority in the packet with its own priority.
Figure 14 VRRP in master/backup mode Assume that Router A is acting as the master to forward packets to external networks, and Router B and Router C are backups in listening state. When Router A fails, Router B and Router C elect a new master to forward packets for hosts on the subnet. Load sharing A router can join multiple VRRP groups and has different priorities in different VRRP groups, and it can act as the master in one VRRP group and a backup in another.
• VRRP group 1—Router A is the master. Router B and Router C are the backups. • VRRP group 2—Router B is the master. Router A and Router C are the backups. • VRRP group 3—Router C is the master. Router A and Router B are the backups. To implement load sharing among Router A, Router B, and Router C, hosts on the subnet must be configured with the virtual IP addresses of VRRP group 1, 2, and 3 as default gateways, respectively.
Configuration guidelines • When VRRP is operating in standard mode, the virtual IP address of a VRRP group can be either an unused IP address on the subnet where the VRRP group resides or the IP address of an interface on a router in the VRRP group. • When a router is the IP address owner in a VRRP group, do not configure the network command on the interface to use the IP address of the interface, or the virtual IP address of the VRRP group, to establish a neighbor relationship with the adjacent router.
Step Command Remarks 2. Enter interface view. interface interface-type interface-number N/A 3. Configure the priority of the router in the VRRP group. vrrp vrid virtual-router-id priority priority-value The default setting is 100. 4. Enable the preemptive mode for the router in a VRRP group and configure the preemption delay time.
Step 5. Enable TTL check for IPv4 VRRP packets. Command Remarks vrrp check-ttl enable By default, TTL check for IPv4 VRRP packets is enabled. Disabling an IPv4 VRRP group You can temporarily disable an IPv4 VRRP group. After being disabled, the VRRP group stays in initialized state, and its configurations remain unchanged. You can change the configuration of a VRRP group when the VRRP group is disabled. Your changes take effect when you enable the VRRP group again.
Tasks at a glance Remarks (Optional.) Configuring the IPv6 VRRP advertisement interval N/A (Optional.) Disabling an IPv6 VRRP group N/A Creating a VRRP group and assigning a virtual IPv6 address A VRRP group can work correctly after you create it and assign at least one virtual IPv6 address for it. You can configure multiple virtual IPv6 addresses for the VRRP group on an interface that connects to multiple subnets for router backup.
Configuring the router priority, preemptive mode, and tracking function The router priority determines which router in the VRRP group serves as the master. The preemptive mode enables a backup to take over as the master when it detects that it has a higher priority than the current master. The tracking function decreases the router priority or enables the backup to take over as the master when the state of the monitored track entry transits to Negative.
A high volume of network traffic might cause a backup to fail to receive VRRP advertisements from the master within the specified time, resulting in an unexpected master switchover. To solve this problem, configure a larger interval. • Configuration procedure To configure the IPv6 VRRP advertisement interval: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A The default setting is 100 centiseconds. 3.
IPv4 VRRP configuration examples This section provides examples of configuring IPv4 VRRP applications on switches. Single VRRP group configuration example This section provides an example of configuring a single VRRP group on switches. Network requirements Switch A and Switch B form a VRRP group and use the virtual IP address 10.1.1.111/24 to provide gateway service for the subnet where Host A resides, as shown in Figure 16. Switch A operates as the master to forward packets from Host A to Host B.
2. Configure Switch B: # Configure VLAN 2. system-view [SwitchB] vlan 2 [SwitchB-Vlan2] port ten-gigabitethernet 1/0/5 [SwitchB-vlan2] quit [SwitchB] interface vlan-interface 2 [SwitchB-Vlan-interface2] ip address 10.1.1.2 255.255.255.0 # Create VRRP group 1 on VLAN-interface 2, and set its virtual IP address to 10.1.1.111. [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.111 # Configure the priority of Router B in VRRP group 1 as 100.
# Disconnect the link between Host A and Switch A, and verify that Host A can still ping Host B. (Details not shown.) # Display detailed information about VRRP group 1 on Switch B.
Figure 17 Network diagram Virtual IP address 1: 10.1.1.100/25 XGE1/0/5 Vlan-int2 10.1.1.1/25 XGE1/0/6 Vlan-int3 10.1.1.130/25 VLAN 2 Gateway: 10.1.1.100/25 Switch A Internet VLAN 3 XGE1/0/5 Vlan-int2 10.1.1.2/25 XGE1/0/6 Vlan-int3 10.1.1.131/25 Gateway: 10.1.1.200/25 Switch B Virtual IP address 2: 10.1.1.200/25 Configuration procedure 1. Configure Switch A: # Configure VLAN 2.
[SwitchB-Vlan-interface2] ip address 10.1.1.2 255.255.255.128 # Create VRRP group 1, and set its virtual IP address to 10.1.1.100. [SwitchB-Vlan-interface2] vrrp vrid 1 virtual-ip 10.1.1.100 [SwitchB-Vlan-interface2] quit # Configure VLAN 3. [SwitchB] vlan 3 [SwitchB-vlan3] port ten-gigabitethernet 1/0/6 [SwitchB-vlan3] quit [SwitchB] interface vlan-interface 3 [SwitchB-Vlan-interface3] ip address 10.1.1.131 255.255.255.128 # Create VRRP group 2, and set its virtual IP address to 10.1.1.200.
Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.1.100 Master IP : 10.1.1.1 Interface Vlan-interface3 VRID : 2 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.1.200 Virtual MAC : 0000-5e00-0102 Master IP : 10.1.1.
Figure 18 Network diagram Configuration procedure 1. Configure Switch A: # Configure VLAN 2. system-view [SwitchA] vlan 2 [SwitchA-vlan2] port ten-gigabitethernet 1/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local [SwitchA-Vlan-interface2] ipv6 address 1::1 64 # Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 and 1::10.
# Create VRRP group 1 and set its virtual IPv6 addresses to FE80::10 and 1::10. [SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip fe80::10 link-local [SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 virtual-ip 1::10 # Configure Switch B to operate in preemptive mode, and set the preemption delay to 5 seconds. [SwitchB-Vlan-interface2] vrrp ipv6 vrid 1 preempt-mode delay 5 # Enable Switch B to send RA messages, so Host A can learn the default gateway address.
Total number of virtual routers : 1 Interface Vlan-interface2 VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Auth Type : None Virtual IP : FE80::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::2 1::10 The output shows that when Switch A fails, Switch B takes over to forward packets from Host A to Host B.
Figure 19 Network diagram Configuration procedure 1. Configure Switch A: # Configure VLAN 2. system-view [SwitchA] vlan 2 [SwitchA-vlan2] port ten-gigabitethernet 1/0/5 [SwitchA-vlan2] quit [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] ipv6 address fe80::1 link-local [SwitchA-Vlan-interface2] ipv6 address 1::1 64 # Create VRRP group 1, and set its virtual IPv6 addresses to FE80::10 to 1::10.
[SwitchA-Vlan-interface3] vrrp ipv6 vrid 2 virtual-ip 2::10 # Enable Switch A to send RA messages, so hosts in VLAN 3 can learn the default gateway address. [SwitchA-Vlan-interface3] undo ipv6 nd ra halt 2. Configure Switch B: # Configure VLAN 2.
Auth Type : None Virtual IP : FE80::10 Virtual MAC : 0000-5e00-0201 Master IP : FE80::1 1::10 Interface Vlan-interface3 VRID : 2 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : FE90::10 2::10 Master IP : FE90::2 # Display detailed information about the VRRP groups on Switch B.
Troubleshooting VRRP An error prompt is displayed Symptom An error prompt "The virtual router detected a VRRP configuration error." is displayed during configuration. Analysis This symptom is probably caused by the following reasons: • The VRRP advertisement interval in the packet is not the same as that for the current VRRP group. • The number of virtual IP addresses in the packet is not the same as that for the current VRRP group.
Analysis The VRRP advertisement interval is set too short. Solution Increase the interval for sending VRRP advertisements or introduce a preemption delay.
Configuring BFD The term interface in the BFD feature refers to Layer 3 interfaces, including VLAN interfaces and Layer 3 Ethernet interfaces. You can set an Ethernet port as a Layer 3 interface by using the port link-mode route command (see Layer 2—LAN Switching Configuration Guide). Introduction to BFD Bidirectional forwarding detection (BFD) provides a general-purpose, standard, medium- and protocol-independent fast failure detection mechanism.
Echo packet mode The local end of the link sends echo packets to establish BFD sessions and monitor link status. The peer end does not establish BFD sessions and only forwards the packets back to the originating end. In echo packet mode, BFD supports only single-hop detection and the BFD session is independent of the operating mode. Control packet mode Both ends of the link exchange BFD control packets to monitor link status.
Protocols and standards • RFC 5880, Bidirectional Forwarding Detection (BFD) • RFC 5881, Bidirectional Forwarding Detection (BFD) for IPv4 and IPv6 (Single Hop) • RFC 5882, Generic Application of Bidirectional Forwarding Detection (BFD) • RFC 5883, Bidirectional Forwarding Detection (BFD) for Multihop Paths • RFC 5884, Bidirectional Forwarding Detection (BFD) for MPLS Label Switched Paths (LSPs) • RFC 5885, Bidirectional Forwarding Detection (BFD) for the Pseudowire Virtual Circuit Connectivity V
Configuring control packet mode To configure control packet mode for single-hop detection: Step Command Remarks 1. Enter system view. system-view N/A 2. Specify the mode for establishing a BFD session. bfd session init-mode { active | passive } By default, active is specified. 3. Enter interface view. interface interface-type interface-number N/A 4. Configure the authentication mode for single-hop control packets.
Step Command Remarks 5. Configure the multi-hop detection time multiplier. bfd multi-hop detect-multiplier value The default setting is 5. 6. Configure the minimum interval for receiving multi-hop BFD control packets. bfd multi-hop min-receive-interval value The default setting is 1000 milliseconds. 7. Configure the minimum interval for transmitting multi-hop BFD control packets. bfd multi-hop min-transmit-interval value The default setting is 1000 milliseconds.
Configuring Track Overview The Track module works between application and detection modules, as shown in Figure 20. It shields the differences between various detection modules from application modules. Collaboration is enabled after you associate the Track module with a detection module and an application module. The detection module probes specific objects such as interface status, link status, network reachability, and network performance, and informs the Track module of detection results.
Interface management module. • Collaboration between the Track module and an application module The following application modules can be associated with the Track module: • VRRP. • Static routing. • Policy-based routing. When configuring a track entry for an application module, you can set a notification delay to avoid immediate notification of status changes, which can cause communication failure. This issue occurs when route convergence is slower than the link state change notification.
Associating the Track module with a detection module Associating Track with NQA NQA supports multiple test types to analyze network performance, services, and service quality. For example, an NQA test group can periodically detect whether a destination is reachable, or whether the TCP connection to a TCP server can be set up.
Step 1. Enter system view. 2. Create a track entry, associate it with the BFD session, and specify the delay time for the Track module to notify the associated application module when the track entry status changes. Command Remarks system-view N/A track track-entry-number bfd { control | echo } interface interface-type interface-number remote ip remote-ip local ip local-ip [ delay { negative negative-time | positive positive-time } * ] No track entry is created by default.
Associating the Track module with an application module Associating Track with VRRP VRRP is an error-tolerant protocol. It adds a group of routers that can act as network gateways to a VRRP group, which forms a virtual router. Depending on their priority level, routers in the VRRP group elect the master router to act as the gateway. A router with a higher priority is more likely to become the master. The other routers function as the backups.
Associating Track with static routing A static route is a manually configured route. With a static route configured, packets to the specified destination are forwarded through the path specified by the administrator. For more information about static route configuration, see Layer 3—IP Routing Configuration Guide. The disadvantage of using static routes is that they cannot adapt to network topology changes. Faults or topological changes in the network can make the routes unreachable, causing network breaks.
Step Command Remarks • Method 1: 2. Associate the static route with a track entry to check the accessibility of the next hop.
Step Command Remarks 1. Enter system view. system-view N/A 2. Create a policy or policy node and enter PBR policy node view. policy-based-route policy-name [ deny | permit ] node node-number N/A Define an ACL match criterion. if-match acl acl-number By default, no packets are filtered. 3. Set the next hop, and associate it with a track entry 4. apply next-hop [ vpn-instance vpn-instance-name ] { ip-address [ direct ] [ track track-entry-number ] }&<1-2> By default, no next hop is set.
Figure 21 Network diagram Configuration procedure 1. Create VLANs and assign corresponding ports to them. Configure the IP address of each VLAN interface as shown in Figure 21. (Details not shown.) 2. Configure an NQA test group on Switch A: # Create an NQA test group with the administrator name admin and the operation tag test. system-view [SwitchA] nqa entry admin test # Configure the test type as ICMP-echo. [SwitchA-nqa-admin-test] type icmp-echo # Configure the destination address as 10.
# Set the authentication mode of VRRP group 1 to simple, and the authentication key to hello. [SwitchA-Vlan-interface2] vrrp vrid 1 authentication-mode simple hello # Configure the master to send VRRP packets at an interval of 500 centiseconds. [SwitchA-Vlan-interface2] vrrp vrid 1 timer advertise 500 # Configure Switch A to operate in preemptive mode, and set the preemption delay to 5 seconds.
Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 5 Become Master : 2200ms left Auth Type : Simple Key : ****** Virtual IP : 10.1.1.10 Master IP : 10.1.1.1 The output shows that in VRRP group 1, Switch A is the master, and Switch B is a backup. Packets from Host A to Host B are forwarded through Switch A. When a fault is on the link between Switch A and Switch C, you can still successfully ping Host B on Host A.
Configuring BFD for a VRRP backup to monitor the master Network requirements • As shown in Figure 22, Switch A and Switch B belong to VRRP group 1, whose virtual IP address is 192.168.0.10. • The default gateway of the hosts in the LAN is 192.168.0.10. When Switch A works properly, the hosts in the LAN access the external network through Switch A. When Switch A fails, the hosts in the LAN access the external network through Switch B.
3. Configure BFD on Switch B: # Configure the source address of BFD echo packets as 10.10.10.10. system-view [SwitchB] bfd echo-source-ip 10.10.10.10 4. Create the track entry to be associated with the BFD session on Switch B: # Create track entry 1 to be associated with the BFD session to check whether Switch A is reachable. [SwitchB] track 1 bfd echo interface vlan-interface 2 remote ip 192.168.0.101 local ip 192.168.0.102 5.
VRRP Track Information: Track Object : 1 State : Positive Switchover # Display information about track entry 1 on Switch B. display track 1 Track ID: 1 State: Positive Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: BFD session mode: Echo Outgoing interface: Vlan-interface2 VPN instance name: Remote IP: 192.168.0.101 Local IP: 192.168.0.
Configuring BFD for the VRRP master to monitor the uplinks Network requirements • As shown in Figure 23, Switch A and Switch B belong to VRRP group 1, whose virtual IP address is 192.168.0.10. • The default gateway of the hosts in the LAN is 192.168.0.10. • When Switch A works properly, the hosts in the LAN access the external network through Switch A.
# Create VRRP group 1, and configure the virtual IP address of the group as 192.168.0.10. Configure the priority of Switch A in VRRP group 1 as 110. Configure VRRP group 1 to monitor the status of track entry 1. When the status of the track entry becomes Negative, the priority of Switch A decreases by 20. [SwitchA] interface vlan-interface 2 [SwitchA-Vlan-interface2] vrrp vrid 1 virtual-ip 192.168.0.
Running Mode : Standard Total number of virtual routers : 1 Interface Vlan-interface2 VRID : 1 Adver Timer : 100 Admin Status : Up State : Backup Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Become Master : 2200ms left Auth Type : None Virtual IP : 192.168.0.10 Master IP : 192.168.0.101 The output shows that when the status of track entry 1 becomes Positive, Switch A is the master, and Switch B the backup.
VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 100 Running Pri : 100 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 192.168.0.10 Virtual MAC : 0000-5e00-0101 Master IP : 192.168.0.102 The output shows that when Switch A detects that the uplink fails through BFD, it decreases its priority by 20 to make sure that Switch B can preempt as the master.
Figure 24 Network diagram Configuration procedure 1. Create VLANs and assign corresponding ports to them. Configure the IP address of each VLAN interface as shown in Figure 24. (Details not shown.) 2. Configure Switch A: # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.1.1.2 and the default priority 60. This static route is associated with track entry 1. system-view [SwitchA] ip route-static 30.1.1.0 24 10.1.1.2 track 1 # Configure a static route to 30.1.1.
[SwitchA] nqa schedule admin test start-time now lifetime forever # Configure track entry 1, and associate it with reaction entry 1 of the NQA test group (with the administrator admin, and the operation tag test). [SwitchA] track 1 nqa entry admin test reaction 1 3. Configure Switch B: # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.2.1.4. system-view [SwitchB] ip route-static 30.1.1.0 24 10.2.1.4 # Configure a static route to 20.1.1.
[SwitchD] track 1 nqa entry admin test reaction 1 Verifying the configuration # Display information about the track entry on Switch A. [SwitchA] display track all Track ID: 1 State: Positive Duration: 0 days 0 hours 0 minutes 32 seconds Notification delay: Positive 0, Negative 0 (in seconds) Tracked object: NQA entry: admin test Reaction: 1 # Display the routing table of Switch A. [SwitchA] display ip routing-table Routing Tables: Public Destinations : 10 Destination/Mask Proto 10.1.1.0/24 10.1.1.
Destination/Mask Proto 10.1.1.0/24 10.1.1.1/32 Pre Cost NextHop Interface Direct 0 0 10.1.1.1 Vlan2 Direct 0 0 127.0.0.1 InLoop0 10.2.1.0/24 Static 60 0 10.1.1.2 Vlan2 10.3.1.0/24 Direct 0 0 10.3.1.1 Vlan3 10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 Direct 0 0 20.1.1.1 Vlan6 20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.0/24 Static 80 0 10.3.1.3 Vlan3 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
Static routing-Track-BFD collaboration configuration example Network requirements As shown in Figure 25, Switch A, Switch B, and Switch C are connected to two segments 20.1.1.0/24 and 30.1.1.0/24. Configure static routes on these routers so that the two segments can communicate with each other. Configure route backup to improve network reliability. Switch A is the default gateway of the hosts in segment 20.1.1.0/24. Two static routes to 30.1.1.
[SwitchA] ip route-static 30.1.1.0 24 10.2.1.2 track 1 # Configure a static route to 30.1.1.0/24, with the address of the next hop as 10.3.1.3 and the priority 80. [SwitchA] ip route-static 30.1.1.0 24 10.3.1.3 preference 80 # Configure the source address of BFD echo packets as 10.10.10.10. [SwitchA] bfd echo-source-ip 10.10.10.10 # Configure track entry 1, and associate it with the BFD session. Check whether Switch A can be interoperated with the next hop of static route (Switch B).
Destinations : 9 Destination/Mask Proto 10.2.1.0/24 10.2.1.1/32 Routes : 9 Pre Cost NextHop Interface Direct 0 0 10.2.1.1 Vlan2 Direct 0 0 127.0.0.1 InLoop0 10.3.1.0/24 Direct 0 0 10.3.1.1 Vlan3 10.3.1.1/32 Direct 0 0 127.0.0.1 InLoop0 20.1.1.0/24 Direct 0 0 20.1.1.1 Vlan5 20.1.1.1/32 Direct 0 0 127.0.0.1 InLoop0 30.1.1.0/24 Static 60 0 10.2.1.2 Vlan2 127.0.0.0/8 Direct 0 0 127.0.0.1 InLoop0 127.0.0.1/32 Direct 0 0 127.0.0.
# When the master route fails, the hosts in 20.1.1.0/24 can still communicate with the hosts in 30.1.1.0/24. [SwitchA] ping -a 20.1.1.1 30.1.1.1 PING 30.1.1.1: 56 data bytes, press CTRL_C to break Reply from 30.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms Reply from 30.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms Reply from 30.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms Reply from 30.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms Reply from 30.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms --- 30.1.1.
Figure 26 Network diagram Configuration procedure 1. Create VLANs and assign corresponding ports to them. Configure the IP address of each VLAN interface as shown in Figure 26. (Details not shown.) 2. Configure a track entry on Switch A: # Configure track entry 1 and associate it with the physical status of the uplink interface VLAN-interface 3. [SwitchA] track 1 interface vlan-interface 3 3. Configure VRRP on Switch A: # Create VRRP group 1 and configure the virtual IP address 10.1.1.
VRID : 1 Adver Timer : 100 Admin Status : Up State : Master Config Pri : 110 Running Pri : 110 Preempt Mode : Yes Delay Time : 0 Auth Type : None Virtual IP : 10.1.1.10 Virtual MAC : 0000-5e00-0101 Master IP : 10.1.1.1 VRRP Track Information: Track Object : 1 State : Positive Pri Reduced : 30 # Display detailed information about VRRP group 1 on Switch B.
Track Object : 1 State : Negative Pri Reduced : 30 # After shutting down the uplink interface on Switch A, display detailed information about VRRP group 1 on Switch B.
Support and other resources Contacting HP For worldwide technical support information, see the HP support website: http://www.hp.
Conventions This section describes the conventions used in this documentation set. Command conventions Convention Description Boldface Bold text represents commands and keywords that you enter literally as shown. Italic Italic text represents arguments that you replace with actual values. [] Square brackets enclose syntax choices (keywords or arguments) that are optional. { x | y | ... } Braces enclose a set of required syntax choices separated by vertical bars, from which you select one.
Network topology icons Represents a generic network device, such as a router, switch, or firewall. Represents a routing-capable device, such as a router or Layer 3 switch. Represents a generic switch, such as a Layer 2 or Layer 3 switch, or a router that supports Layer 2 forwarding and other Layer 2 features. Represents an access controller, a unified wired-WLAN module, or the switching engine on a unified wired-WLAN switch. Represents an access point.
Index advertising authenticating DLDP advertisement packet send interval, 28 DLDP MD5 authentication, 29 DLDP advertisement timer, 24 DLDP MD5 mode, 25 VRRP advertisement interval, 40 DLDP non-authentication mode, 25 alarm DLDP password authentication, 29 Ethernet OAM fault detection, 1 DLDP plaintext authentication, 29 application DLDP plaintext mode, 25 Track application collaboration, 70 DLDP simple authentication, 29 Track/application module association, 73 VRRP MD5 authentication, 40
Track/application modules, 70 BGP Track/detection modules, 69 BFD supported, 65 VRRP-Track-interface management collaboration, 94 bidirectional DLDP port state, 24 VRRP-Track-NQA collaboration, 76 forwarding detection.
CFD MIP default rule, 12 IPv4 VRRP packet attributes, 45 IPv4 VRRP router preemptive mode, 44 DelayDown timer (DLDP), 24, 28 IPv4 VRRP router priority, 44 detecting DLDP automatic unidirectional link shutdown, 30 IPv4 VRRP router tracking function, 44 IPv4 VRRP single group (on switch), 50 DLDP configuration, 23, 27, 30 IPv6 VRRP, 46 DLDP manual unidirectional link shutdown, 33 IPv6 VRRP (on switch), 55 DLDP multiple neighbors detection, 27 IPv6 VRRP multiple groups (on switch), 58 DLDP single n
IPv4 VRRP router priority, 44 authentication modes, 25 IPv4 VRRP router tracking, 44 automatic unidirectional link shutdown, 30 IPv4 VRRP single group configuration (on switch), 50 basic concepts, 24 configuration, 23, 27, 30 IPv6 VRRP configuration (on switch), 55 configuration restrictions, 27 IPv6 VRRP multiple groups (on switch), 58 DelayDown timer, 28 IPv6 VRRP router preemptive mode, 48 displaying, 29 IPv6 VRRP router priority, 48 enabling, 28 IPv6 VRRP router tracking, 48 how it works,
DLDP manual unidirectional link shutdown, 33 Ethernet OAM basic configuration, 4 Ethernet OAM.
DLDP automatic unidirectional link shutdown, 30 virtual IP address assignment, 43 IPv6 DLDP configuration, 23, 27, 30 BFD protocols and standards, 66 DLDP manual unidirectional link shutdown, 33 BFD-supported static routing, 65 Ethernet OAM basic configuration, 4 VRRP.
CFD loopback on MEP configuration, 18 Ethernet OAM remote loopback, 1 CFD MEP configuration, 16 maintaining CFD MEP list, 13 BFD, 68 MIP DLDP, 29 Ethernet OAM, 8 CFD, 12 IPv4 VRRP, 46 CFD MIP auto-generation rule, 16 mode IPv6 VRRP, 49 BFD control packet active operating mode, 64 maintenance BFD control packet asynchronous operating mode, 64 association end point. Use MEP association intermediate point.
Track/detection module association, 71 DLDP authentication modes, 25 Track/detection module collaboration, 69 DLDP multiple neighbors detection, 27 Track/interface management association, 72 DLDP single neighbor detection, 25 Track/policy-based routing association, 75 Ethernet OAM connection detection timer, 4 Track/static routing association, 74 Ethernet OAM errored frame event detection, 6 Track/VRRP association, 73 Ethernet OAM errored frame period event detection, 6 VRRP-Track-interface mana
VRRP timers, 40 Track/NQA association, 71 VRRP tracking, 41 VRRP tracking, 41 VRRP-Track-NQA collaboration, 76 network management OAM BFD basic configuration, 66 BFD configuration, 64 CFD basic configuration, 15 CFD basic concepts, 11 CFD configuration, 11, 14, 19 CFD basic configuration, 15 OAMPDU, 1 CFD configuration, 11, 14 operation, administration and maintenance.
configuring CFD, 14, 19 DLDP automatic unidirectional link shutdown, 30 configuring CFD basic settings, 15 DLDP configuration, 23, 27, 30 configuring CFD continuity check on MEP, 17 DLDP DelayDown timer, 28 configuring CFD functions, 17 DLDP manual unidirectional link shutdown, 33 configuring CFD linktrace on MEP, 18 DLDP port shutdown mode, 29 configuring CFD loopback on MEP, 18 DLDP port state, 24 configuring CFD MEPs, 16 Ethernet OAM port action configuration, 8 configuring CFD MIP auto-gen
configuring IPv6 VRRP, 46 maintaining Ethernet OAM, 8 configuring IPv6 VRRP (on switch), 55 maintaining IPv4 VRRP, 46 configuring IPv6 VRRP multiple groups (on switch), 58 maintaining IPv6 VRRP, 49 setting DLDP advertisement packet send interval, 28 configuring IPv6 VRRP router preemptive mode, 48 setting DLDP DelayDown timer, 28 configuring IPv6 VRRP router priority, 48 setting DLDP port shutdown mode, 29 configuring IPv6 VRRP router tracking function, 48 shutting down DLDP unidirectional link m
DLDP automatic unidirectional link shutdown, 30 DLDP manual unidirectional link shutdown, 33 Ethernet OAM port action configuration, 8 DLDP port shutdown mode, 29 IPv6 VRRP configuration (on switch), 55 DLDP unidirectional link manually, 33 static routing-Track-BFD collaboration, 91 simple authentication static routing-Track-NQA collaboration, 86 VRRP, 40 Track/policy-based routing association, 75 single neighbor detection (DLDP), 25 Track/policy-based routing collaboration, 70 single-hop detect
IPv4 VRRP multiple groups configuration, 52 IPv4 VRRP single group configuration, 50 IPv6 VRRP configuration, 55 IPv6 VRRP multiple groups configuration, 58 static routing-Track-BFD configuration, 91 collaboration static routing-Track-NQA configuration, 86 collaboration VRRP association, 73 IPv6 VRRP single group configuration, 55 VRRP-Track-interface management collaboration configuration, 94 timer DLDP advertisement, 24 VRRP-Track-NQA collaboration configuration, 76 DLDP DelayDown, 24, 28 track
CFD maintenance point, 12 router preemption, 39 CFD MIP auto-generation rule, 16 timers, 40 CFD service instance configuration, 15 Track BFD/VRRP backup master monitor, 80 Track BFD/VRRP master uplink monitor, 83 VRRP application, 41 Track/application module collaboration, 70 authentication methods, 40 Track/VRRP association, 73 configuration, 38 tracking, 41 group router priority, 39 troubleshooting, 62 IPv4. Use IPv4 VRRP troubleshooting error prompt displayed, 62 IPv6.
