HP VPN Firewall Appliances High Availability Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module

Associating the Track module with an application

module

Associating Track with VRRP

VRRP is an error-tolerant protocol. It adds a group of routers that can act as network gateways to a VRRP

group, which forms a virtual router. Routers in the VRRP group elect the master acting as the gateway

according to their priorities. A router with a higher priority is more likely to become the master. The other

routers function as the backups. When the master fails, the backups in the VRRP group elect a new

gateway to undertake the responsibility of the failed master. This ensures that the hosts in the network

segment can uninterruptedly communicate with external networks.

When VRRP is operating in standard protocol mode, associate the Track module with the VRRP group to

implement the following actions:

• Change the priority of a router according to the status of the uplink. If a fault occurs on the uplink

of the router, the VRRP group cannot be aware of the uplink failure. If the router is the master, hosts

in the LAN cannot access the external network. This problem can be solved by establishing a

Track-VRRP group association. Use the detection modules to monitor the status of the uplink of the

router and establish collaborations between the detection modules, Track module, and VRRP. When

the uplink fails, the detection modules notify the Track module to change the status of the monitored

track entry to Negative, and the priority of the master decreases by a specific value. This allows a

higher priority router in the VRRP group to become the master, and maintains proper

communication between the hosts in the LAN and the external network.

• Monitor the master on a backup. If a fault occurs on the master, the backup working in switchover

mode will switch to the master immediately to maintain normal communication.

Follow these guidelines when you associate Track with VRRP:

• VRRP tracking is not valid on an IP address owner. An IP address owner refers to a router when the

IP address of the virtual router is the IP address of an interface on the router in the VRRP group.

• You can associate a nonexistent track entry with a VRRP group or VF. The association takes effect

only after you use the track command to create the track entry. For more information about VRRP,

see "Configuring VRRP."

To associate Track with VRRP group:

Ste

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Create a VRRP group and

configure its virtual IP

address.

vrrp vrid virtual-router-id virtual-ip

virtual-address

No VRRP group is created by

default.

4. Associate a track entry with a

VRRP group.

vrrp [ ipv6 ] vrid virtual-router-id

track track-entry-number [ reduced

priority-reduced | switchover ]

No track entry is specified for a

VRRP group by default.