Manualshelf

HP VPN Firewall Appliances High Availability Configuration Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
81828384858687888990
81
Local IP : 192.168.0.102
The output shows that when the status of the track entry becomes Positive, Firewall A is the master, and
Firewall B the backup.
# Enable VRRP state debugging and BFD event debugging on Firewall B.
<FirewallB> terminal debugging
<FirewallB> terminal monitor
<FirewallB> debugging vrrp state
<FirewallB> debugging bfd event
# When Firewall A fails, the following output is displayed on Firewall B.
*Dec 17 14:44:34:142 2008 FirewallB BFD/7/EVENT:Send sess-down Msg,
[Src:192.168.0.102,Dst:192.168.0.101,Ethernet1/1,Echo], instance:0, protocol:Track
*Dec 17 14:44:34:144 2008 FirewallB VRRP/7/DebugState: IPv4 gigabitethernet1/1 | Virtual
Router 1 : Backup --> Master reason: The status of the tracked object changed
# Display detailed information about the VRRP group on Firewall B.
<FirewallB> display vrrp verbose
IPv4 Standby Information:
Run Mode : Standard
Run Method : Virtual MAC
Total number of virtual routers : 1
Interface gigabitethernet1/1
VRID : 1 Adver Timer : 1
Admin Status : Up State : Master
Config Pri : 100 Running Pri : 100
Preempt Mode : Yes Delay Time : 0
Auth Type : None
Virtual IP : 192.168.0.10
Virtual MAC : 0000-5e00-0101
Master IP : 192.168.0.102
VRRP Track Information:
Track Object : 1 State : Negative Switchover
The output shows that when BFD detects that Firewall A fails, it notifies VRRP through the Track module to
change the status of Firewall B to master without waiting for a period three times the advertisement
interval. This ensures that a backup can quickly preempt as the master.
Configuring BFD for the VRRP master to monitor the uplink
The following matrix shows the configuration example and hardware compatibility:
Hardware Com
p
atibilit
y
F1000-A-EI/F1000-S-EI No
F1000-E No
F5000 Yes
F5000-S/F5000-C No
VPN firewall modules No