16-High Availability Configuration Guide

HomeSupportConfigure & DeployConfiguration GuidesH3C SecPath Firewall Series Configuration Guides(V7)-6W40016-High Availability Configuration Guide
04-Track configuration
Title Size Download
04-Track configuration 336.87 KB

Contents

Configuring Track· 1

About Track· 1

Collaboration mechanism·· 1

Supported detection modules· 2

Supported application modules· 2

Restrictions and guidelines: Track configuration· 2

Collaboration application example· 3

Track tasks at a glance· 3

Associating Track with a detection module object 4

Associating Track with NQA· 4

Associating Track with BFD·· 4

Associating Track with interface management 5

Associating Track with route management 6

Associating Track with a tracked list 6

Associating Track with a Boolean list 6

Associating Track with a percentage threshold list 7

Associating Track with a weight threshold list 7

Associating the Track module with an application module· 8

Prerequisites for associating the Track module with an application module· 8

Associating Track with VRRP· 8

Associating Track with static routing· 10

Associating Track with PBR· 11

Associating Track with interface backup· 13

Associating Track with the redundancy group module· 14

Associating Track with EAA· 14

Associating Track with a security policy rule· 15

Display and maintenance commands for Track· 15

Track configuration examples· 16

Example: Configuring VRRP-Track-NQA collaboration· 16

Example: Configuring BFD for a VRRP backup to monitor the master 19

Example: Configuring BFD for the VRRP master to monitor the uplink· 22

Example: Configuring static routing-Track-NQA collaboration· 26

Example: Configuring static routing-Track-BFD collaboration· 30

Example: Configuring VRRP-Track-interface management collaboration· 33

Example: Configuring VRRP-Track-route management collaboration· 36

 


Configuring Track

About Track

The Track module works between application modules and detection modules. It shields the differences between various detection modules from application modules.

Collaboration mechanism

The Track module collaborates with detection modules and application modules.

As shown in Figure 1, collaboration is enabled when you associate the Track module with a detection module and an application module, and it operates as follows:

1.     The detection module probes specific objects such as interface status, link status, network reachability, and network performance, and informs the Track module of detection results.

2.     The Track module sends the detection results to the application module.

3.     When notified of changes for the tracked object, the application modules can react to avoid communication interruption and network performance degradation.

Figure 1 Collaboration through the Track module

 

Collaboration between the Track module and a detection module

The detection module sends the detection result of the tracked object to the Track module. The Track module changes the status of the track entry as follows:

·     If the tracked object operates correctly, the state of the track entry is Positive. For example, the track entry state is Positive in one of the following conditions:

¡     The target interface is up.

¡     The target network is reachable.

·     If the tracked object does not operate correctly, the state of the track entry is Negative. For example, the track entry state is Negative in one of the following conditions:

¡     The target interface is down.

¡     The target network is unreachable.

·     If the detection result is invalid, the state of the track entry is NotReady. For example, the track entry state is NotReady if its associated NQA operation does not exist.

Collaboration between the Track module and an application module

The track module reports the track entry status changes to the application module. The application module can then take correct actions to avoid communication interruption and network performance degradation.

Supported detection modules

The following detection modules can be associated with the Track module:

·     NQA.

·     BFD.

·     Interface management.

·     Route management.

You can associate a track entry with an object of a detection module, such as the state of an interface or reachability of an IP route. The state of the track entry is determined by the state of the tracked object.

You can also associate a track entry with a list of objects called a tracked list. The state of a tracked list is determined by the states of all objects in the list. The following types of tracked lists are supported:

·     Boolean AND list—The state of a Boolean AND list is determined by the states of the tracked objects using the Boolean AND operation.

·     Boolean OR list—The state of a Boolean OR list is determined by the states of the tracked objects using the Boolean OR operation.

·     Percentage threshold list—The state of a percentage threshold list is determined by comparing the percentage of Positive and Negative objects in the list with the percentage thresholds configured for the list.

·     Weight threshold list—The state of a weight threshold list is determined by comparing the weight of Positive and Negative objects in the list with the weight thresholds configured for the list.

Supported application modules

The following application modules can be associated with the Track module:

·     VRRP.

·     Static routing.

·     PBR.

·     Interface backup.

·     Redundancy group.

·     EAA.

·     Security policy.

Restrictions and guidelines: Track configuration

When configuring a track entry for an application module, you can set a notification delay to avoid immediate notification of status changes.

When the delay is not configured and the route convergence is slower than the link state change notification, communication failures occur. For example, when the master in a VRRP group detects an uplink interface failure through Track, Track immediately notifies the master to decrease its priority. A backup with a higher priority then preempts as the new master. When the failed uplink interface recovers, the Track module immediately notifies the original master to restore its priority. If the uplink route has not recovered, forwarding failure will occur.

Collaboration application example

The following is an example of collaboration between NQA, Track, and static routing.

Configure a static route with next hop 192.168.0.88 on the device. If the next hop is reachable, the static route is valid. If the next hop becomes unreachable, the static route is invalid. For this purpose, configure NQA-Track-static routing collaboration as follows:

1.     Create an NQA operation to monitor the accessibility of IP address 192.168.0.88.

2.     Create a track entry and associate it with the NQA operation.

¡     When next hop 192.168.0.88 is reachable, NQA sends the result to the Track module. The Track module sets the track entry to Positive state.

¡     When the next hop becomes unreachable, NQA sends the result to the Track module. The Track module sets the track entry to Negative state.

3.     Associate the track entry with the static route.

¡     When the track entry is in Positive state, the static routing module considers the static route to be valid.

¡     When the track entry is in Negative state, the static routing module considers the static route to be invalid.

Track tasks at a glance

To implement the collaboration function, establish associations between the Track module and detection modules, and between the Track module and application modules.

To configure the Track module, perform the following tasks:

1.     Associating Track with a detection module object

¡     Associating Track with NQA

¡     Associating Track with BFD

¡     Associating Track with interface management

¡     Associating Track with route management

2.     Associating Track with a tracked list

¡     Associating Track with a Boolean list

¡     Associating Track with a percentage threshold list

¡     Associating Track with a weight threshold list

3.     Associating the Track module with an application module

¡     Associating Track with VRRP

¡     Associating Track with static routing

¡     Associating Track with PBR

¡     Associating Track with interface backup

¡     Associating Track with the redundancy group module

¡     Associating Track with EAA

¡     Associating Track with a security policy rule

Associating Track with a detection module object

Associating Track with NQA

About this task

NQA supports multiple operation types to analyze network performance and service quality. For example, an NQA operation can periodically detect whether a destination is reachable, or whether a TCP connection can be established.

An NQA operation operates as follows when it is associated with a track entry:

·     If the consecutive probe failures reach the specified threshold, the NQA module notifies the Track module that the tracked object has malfunctioned. The Track module then sets the track entry to Negative state.

·     If the specified threshold is not reached, the NQA module notifies the Track module that the tracked object is operating correctly. The Track module then sets the track entry to Positive state.

For more information about NQA, see Network Management and Monitoring Configuration Guide.

Restrictions and guidelines

If you associate a track entry with a nonexistent NQA operation or reaction entry, the state of the track entry is NotReady.

Procedure

1.     Enter system view.

system-view

2.     Create a track entry, associate it with an NQA reaction entry, and enter its view.

track track-entry-number nqa entry admin-name operation-tag reaction item-number

3.     Set the delay for notifying the application module of track entry state changes.

delay { negative negative-time | positive positive-time } *

By default, the Track module notifies the application module immediately when the track entry state changes.

Associating Track with BFD

About this task

BFD supports the control packet mode and echo packet mode. A track entry can be associated only with the echo-mode BFD session. For more information about BFD, see "Configuring BFD."

The associated Track and BFD operate as follows:

·     If the BFD detects that the link fails, it informs the Track module of the link failure. The Track module sets the track entry to Negative state.

·     If the BFD detects that the link is operating correctly, the Track module sets the track entry to Positive state.

Restrictions and guidelines

When you associate a track entry with BFD, do not configure the virtual IP address of a VRRP group as the local or remote address of the BFD session.

Prerequisites

Before you associate Track with BFD, configure the source IP address of BFD echo packets. For more information, see "Configuring BFD."

Procedure

1.     Enter system view.

system-view

2.     Create a track entry, associate it with a BFD session, and enter its view.

track track-entry-number bfd echo interface interface-type interface-number remote ip remote-ip-address local ip local-ip-address

3.     Set the delay for notifying the application module of track entry state changes.

delay { negative negative-time | positive positive-time } *

By default, the Track module notifies the application module immediately when the track entry state changes.

Associating Track with interface management

About this task

The interface management module monitors the link status, physical status, or network-layer protocol status of interfaces. The associated Track and interface management operate as follows:

·     When the link status, physical status, or network-layer protocol status of the interface changes to up, the interface management module informs the Track module of the change. The Track module sets the track entry to Positive state.

·     When the link status, physical status, or network-layer protocol status of the interface changes to down, the interface management module informs the Track module of the change. The Track module sets the track entry to Negative state.

Procedure

1.     Enter system view.

system-view

2.     Create a track entry, associate it with an interface, and enter its view.

¡     Create a track entry to monitor the link status of an interface.

track track-entry-number interface interface-type interface-number

¡     Create a track entry to monitor the physical status of an interface.

track track-entry-number interface interface-type interface-number physical

¡     Create a track entry to monitor the network layer protocol status of an interface.

track track-entry-number interface interface-type interface-number protocol { ipv4 | ipv6 }

3.     Set the delay for notifying the application module of track entry state changes.

delay { negative negative-time | positive positive-time } *

By default, the Track module notifies the application module immediately when the track entry state changes.

Associating Track with route management

About this task

The route management module monitors route entry changes in the routing table. The associated Track and route management operate as follows:

·     When a monitored route entry is found in the routing table, the route management module informs the Track module. The Track module sets the track entry to Positive state.

·     When a monitored route entry is removed from the routing table, the route management module informs the Track module of the change. The Track module sets the track entry to Negative state.

Procedure

1.     Enter system view.

system-view

2.     Create a track entry, associate it with an IP route, and enter its view.

track track-entry-number ip route [ vpn-instance vpn-instance-name ] ip-address { mask-length | mask } reachability

3.     Set the delay for notifying the application module of track entry state changes.

delay { negative negative-time | positive positive-time } *

By default, the Track module notifies the application module immediately when the track entry state changes.

Associating Track with a tracked list

Associating Track with a Boolean list

About this task

A Boolean list is a list of tracked objects based on a Boolean logic. It can be further divided into the following types:

·     Boolean AND list—A Boolean AND list is set to the Positive state only when all objects are in Positive state. If one or more objects are in Negative state, the tracked list is set to the Negative state.

·     Boolean OR list—A Boolean OR list is set to the Positive state if any object is in Positive state. If all objects are in Negative state, the tracked list is set to the Negative state.

Procedure

1.     Enter system view.

system-view

2.     Create a track entry.

See "Associating Track with a detection module object."

Create a track entry before you add it as a tracked object to a tracked list.

A minimum of one track entry must be created.

3.     Create a Boolean tracked list and enter its view.

track track-entry-number list boolean { and | or }

4.     Add the track entry as an object to the tracked list.

object track-entry-number [ not ]

Repeat this step to add all interested objects to the tracked list.

5.     (Optional.) Set the delay for notifying the application module of tracked list state changes.

delay { negative negative-time | positive positive-time } *

By default, the Track module notifies the application module immediately when the tracked list state changes.

Associating Track with a percentage threshold list

About this task

A percentage threshold list uses a percentage threshold to measure the state of the list.

·     If the percentage of Positive objects is equal to or above the positive state threshold, the list is set to the Positive state.

·     If the percentage of Positive objects is equal to or below the negative state threshold, the list is set to the Negative state.

·     The state of a percentage threshold list remains unchanged if the percentage of Positive objects is below the positive state threshold and above the negative state threshold.

Procedure

1.     Enter system view.

system-view

2.     Create a track entry.

See "Associating Track with a detection module object."

Create a track entry before you add it as a tracked object to a tracked list.

A minimum of one track entry must be created.

3.     Create a percentage threshold list and enter its view.

track track-entry-number list threshold percentage

4.     Add the track entry as an object to the tracked list.

object track-entry-number

Repeat this step to add all interested objects to the tracked list.

5.     Configure the threshold values used to determine the state of the percentage threshold list.

threshold percentage { negative negative-threshold | positive positive-threshold } *

By default, the negative state threshold is 0% and the positive state threshold is 1%.

6.     (Optional.) Set the delay for notifying the application module of tracked list state changes.

delay { negative negative-time | positive positive-time } *

By default, the Track module notifies the application module immediately when the tracked list state changes.

Associating Track with a weight threshold list

About this task

A weight threshold list uses a weight threshold to measure the state of the list.

·     If the total weight of Positive objects is equal to or above the positive state threshold, the list is set to the Positive state.

·     If the total weight of Positive objects is equal to or below the negative state threshold, the list is set to the Negative state.

·     The state of a weight threshold list remains unchanged if the total weight of Positive objects is below the positive state threshold and above the negative state threshold.

Procedure

1.     Enter system view.

system-view

2.     Create a track entry.

See "Associating Track with a detection module object."

Create a track entry before you add it as a tracked object to a tracked list.

A minimum of one track entry must be created.

3.     Create a weight threshold list and enter its view.

track track-entry-number list threshold weight

4.     Add the track entry as an object to the tracked list.

object track-entry-number [ weight weight ]

Repeat this step to add all interested objects to the tracked list.

5.     Configure the threshold values used to determine the state of the weight threshold list.

threshold weight { negative negative-threshold | positive positive-threshold } *

By default, the negative state threshold is 0 and the positive state threshold is 1.

6.     (Optional.) Set the delay for notifying the application module of tracked list state changes.

delay { negative negative-time | positive positive-time } *

By default, the Track module notifies the application module immediately when the tracked list state changes.

Associating the Track module with an application module

Before you associate the Track module with an application module, make sure the associated track entry has been created.

Prerequisites for associating the Track module with an application module

Create a track entry first before you associate it with an application module.

An application module might obtain incorrect track entry status information if the associated track entry does not exist.

Associating Track with VRRP

About this task

When VRRP is operating in standard mode or load balancing mode, associate the Track module with the VRRP group to implement the following actions:

·     Change the priority of a router according to the status of the uplink. If a fault occurs on the uplink of the router, the VRRP group is not aware of the uplink failure. If the router is the master, hosts in the LAN cannot access the external network. To resolve this problem, configure a detection module-Track-VRRP collaboration. The detection module monitors the status of the uplink of the router and notifies the Track module of the detection result.

When the uplink fails, the detection module notifies the Track module to change the status of the monitored track entry to Negative. The priority of the master decreases by a user-specified value. A router with a higher priority in the VRRP group becomes the master.

·     Monitor the master on a backup. If a fault occurs on the master, the backup operating in switchover mode will switch to the master immediately to maintain normal communication.

When VRRP is operating in load balancing mode, associate the Track module with the VRRP VF to implement the following functions:

·     Change the priority of the AVF according to its uplink state. When the uplink of the AVF fails, the track entry changes to Negative state. The weight of the AVF decreases by a user-specified value. The VF with a higher priority becomes the new AVF to forward packets.

·     Monitor the AVF status from the LVF. When the AVF fails, the LVF that is operating in switchover mode becomes the new AVF to ensure continuous forwarding.

For more information about configuring VRRP, see "Configuring VRRP."

Restrictions and guidelines for Track association with VRRP

·     VRRP tracking does not take effect on an IP address owner. The configuration takes effect when the router does not act as the IP address owner.

An IP address owner is the router with its interface IP address used as the virtual IP address of the VRRP group.

·     When the status of the track entry changes from Negative to Positive or NotReady, the associated router or VF restores its priority automatically.

Associating Track with a VRRP group

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Associate a track entry with a VRRP group.

vrrp [ ipv6 ] vrid virtual-router-id track track-entry-number { forwarder-switchover member-ip ip-address | priority reduced [ priority-reduced ] switchover | weight reduced [ weight-reduced ] }

By default, no track entry is associated with a VRRP group.

This command is supported when VRRP is operating in both standard mode and load balancing mode.

Associating Track with a VRRP VF

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Associate Track with a VRRP VF.

vrrp [ ipv6 ] vrid virtual-router-id track track-entry-number { forwarder-switchover member-ip ip-address | priority reduced [ priority-reduced ] switchover | weight reduced [ weight-reduced ] }

By default, no track entry is associated with a VRRP VF.

This command is configurable when VRRP is operating in standard mode or load balancing mode. However, the configuration takes effect only when VRRP is operating in load balancing mode.

Associating Track with static routing

About this task

A static route is a manually configured route to route packets. For more information about static route configuration, see Layer 3—IP Routing Configuration Guide.

Static routes cannot adapt to network topology changes. Link failures or network topological changes can make the routes unreachable and cause communication interruption.

To resolve this problem, configure another route to back up the static route. When the static route is reachable, packets are forwarded through the static route. When the static route is unreachable, packets are forwarded through the backup route.

To check the accessibility of a static route in real time, associate the Track module with the static route.

If you specify the next hop but not the output interface when configuring a static route, you can configure the static routing-Track-detection module collaboration. This collaboration enables you to verify the accessibility of the static route based on the track entry state.

·     If the track entry is in Positive state, the following conditions exist:

¡     The next hop of the static route is reachable.

¡     The configured static route is valid.

·     If the track entry is in Negative state, the following conditions exist:

¡     The next hop of the static route is not reachable.

¡     The configured static route is invalid.

·     If the track entry is in NotReady state, the following conditions exist:

¡     The accessibility of the next hop of the static route is unknown.

¡     The static route is valid.

Restrictions and guidelines

In static routing-Track-NQA collaboration, you must configure the same VPN instance name for the NQA operation and the next hop of the static route. Otherwise, the accessibility detection cannot operate correctly.

If a static route needs route recursion, the associated track entry must monitor the next hop of the recursive route. The next hop of the static route cannot be monitored. Otherwise, a valid route might be considered invalid.

Procedure

1.     Enter system view.

system-view

2.     Associate a static route with a track entry to check the accessibility of the next hop.

Public network:

ip route-static { dest-address { mask-length | mask } | group group-name } { interface-type interface-number [ next-hop-address ] [ backup-interface interface-type interface-number [ backup-nexthop backup-nexthop-address ] [ permanent ] | bfd { control-packet | echo-packet } | permanent | track track-entry-number ] | next-hop-address [ bfd control-packet bfd-source ip-address | permanent | track track-entry-number ] | vpn-instance d-vpn-instance-name next-hop-address [ bfd control-packet bfd-source ip-address | permanent | track track-entry-number ] } [ preference preference ] [ tag tag-value ] [ description text ]

VPN:

ip route-static vpn-instance s-vpn-instance-name { dest-address { mask-length | mask } | group group-name } { interface-type interface-number [ next-hop-address ] [ backup-interface interface-type interface-number [ backup-nexthop backup-nexthop-address ] [ permanent ] | bfd { control-packet | echo-packet } | permanent | track track-entry-number ] | next-hop-address [ public ] [ bfd control-packet bfd-source ip-address | permanent | track track-entry-number ] | vpn-instance d-vpn-instance-name next-hop-address [ bfd control-packet bfd-source ip-address | permanent | track track-entry-number ] } [ preference preference ] [ tag tag-value ] [ description text ]

By default, Track is not associated with static routing.

Associating Track with PBR

About this task

PBR uses user-defined policies to route packets. You can specify parameters in a PBR policy to guide the forwarding of the packets that match specific criteria. For more information about PBR, see Layer 3—IP Routing Configuration Guide.

PBR cannot detect the availability of any action taken on packets. When an action is not available, packets processed by the action might be discarded. For example, if the output interface specified for PBR fails, PBR cannot detect the failure, and continues to forward matching packets out of the interface.

To enable PBR to detect topology changes and improve the flexibility of the PBR application, configure Track-PBR-detection module collaboration.

After you associate a track entry with an apply clause, the detection module associated with the track entry sends Track the detection result of the availability of the tracked object.

·     The Positive state of the track entry indicates that the object is available, and the apply clause is valid.

·     The Negative state of the track entry indicates that the object is not available, and the apply clause is invalid.

·     The NotReady state of the track entry indicates that the apply clause is valid.

The following objects can be associated with a track entry:

·     Output interface.

·     Next hop.

·     Default output interface.

·     Default next hop.

Prerequisites for Track association with PBR

Before you associate Track with PBR, create a policy node, and set the match criteria.

Associating Track with PBR

1.     Enter system view.

system-view

2.     Create a policy node and enter its view.

policy-based-route policy-name [ deny | permit ] node node-number

3.     Set match criteria. Choose the options to configure as needed:

¡     Set an ACL match criterion.

if-match acl { acl-number | name acl-name }

By default, no ACL match criterion is set.

The ACL match criterion cannot match Layer 2 information.

¡     Set a packet length match criterion.

if-match packet-length min-len max-len

By default, no packet length match criterion is set.

4.     Set actions and associate the policy node with a track entry. Choose the options to configure as needed:

¡     Set the output interface.

apply output-interface { interface-type interface-number [ track track-entry-number ] }&<1-4>

By default, no output interface is set.

¡     Set the next hop.

apply next-hop [ vpn-instance vpn-instance-name | inbound-vpn ]  { ip-address [ direct ] [ track track-entry-number ] [ weight weight-value ]  }&<1-4>

By default, no next hop is set.

¡     Set the default output interface.

apply default-output-interface { interface-type interface-number [ track track-entry-number ] }&<1-4>

By default, no default output interface is set.

¡     Set the default next hop.

apply default-next-hop [ vpn-instance vpn-instance-name | inbound-vpn ]  { ip-address [ direct ] [ track track-entry-number ] }&<1-4>

By default, no default next hop is set.

Associating Track with IPv6 PBR

1.     Enter system view.

system-view

2.     Create an IPv6 policy node and enter its view.

ipv6 policy-based-route policy-name [ deny | permit ] node node-number

3.     Set match criteria. Choose the options to configure as needed:

¡     Set an ACL match criterion.

if-match acl { ipv6-acl-number | name ipv6-acl-name }

By default, no ACL match criterion is set.

The ACL match criterion cannot match Layer 2 information.

¡     Set an IPv6 packet length match criterion.

if-match packet-length min-len max-len

By default, no packet length match criterion is set.

4.     Set actions and associate the policy node with a track entry. Choose the options to configure as needed:

¡     Set the output interface.

apply output-interface { interface-type interface-number [ track track-entry-number ] }&<1-4>

By default, no output interface is set.

¡     Set the next hop.

apply next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ipv6-address [ direct ] [ track track-entry-number ] [ weight weight-value ] } &<1-4>

By default, no next hop is set.

¡     Set the default output interface.

apply default-output-interface { interface-type interface-number [ track track-entry-number ] }&<1-4>

By default, no default output interface is set.

¡     Set the default next hop.

apply default-next-hop [ vpn-instance vpn-instance-name | inbound-vpn ] { ipv6-address [ direct ] [ track track-entry-number ] }&<1-4>

By default, no default next hop is set.

Associating Track with interface backup

About this task

To enable a standby interface to detect the status of the active interface, you can associate the standby interface with a track entry.

·     If the track entry is in Positive state, the following conditions exist:

¡     The link where the active interface resides operates correctly.

¡     The standby interfaces stay in backup state.

·     If the track entry is in Negative state, the following conditions exist:

¡     The link where the active interface resides has failed.

¡     A standby interface changes to the active interface for data transmission.

·     If the track entry is in always NotReady state, the following conditions exist:

¡     The association does not take effect.

¡     Each interface keeps its original forwarding state.

When the track entry turns to NotReady from other state, a standby interface becomes the active interface.

For more information about configuring interface backup, see "Configuring interface backup."

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

3.     Associate the interface with a track entry.

backup track track-entry-number

By default, no track entry is associated with an interface.

You can associate an interface with only one track entry.

If you execute this command multiple times, the most recent configuration takes effect.

Associating Track with the redundancy group module

About this task

The redundancy group can fast detect the link and interface failures after you associate it with Track.

Track changes the track entry state based on the monitoring result of a detection module, and notifies the track entry state change to the redundancy group.

·     If the track entry state changes to Positive, the system increases the weight value of the redundancy group node. When the value of the redundancy group is greater than 0, the node can operate correctly.

·     If the track entry state changes to Negative or NotReady, the system reduces the weight value of redundancy group node. If the value of the redundancy group is less than 0, the node cannot operate correctly. A node switchover occurs. The members (including Reth interfaces) on the other node take over.

For more information about redundancy groups, see "Configuring redundancy groups."

Restrictions and guidelines

To associate Track with a redundancy group configured with automatic node switchover, you must specify the interface interface-type interface-number option in the track command. When the specified interface fails, it will not be shut down by the Reth module.

Procedure

1.     Enter system view.

system-view

2.     Create a redundancy group and enter its view.

redundancy group group-name

3.     Create a redundancy group node and enter its view.

node node-id

4.     Associate Track with the redundancy group.

track track-entry-number [ reduced weight-reduced ] [ interface interface-type interface-number ]

By default, no track entry is associated with a redundancy group.

Associating Track with EAA

About this task

You can configure EAA track event monitor policies to monitor the positive-to-negative or negative-to-positive state changes of track entries.

·     If you specify only one track entry for a policy, EAA triggers the policy when it detects the specified state change on the track entry.

·     If you specify multiple track entries for a policy, EAA triggers the policy when it detects the specified state change on the last monitored track entry. For example, if you configure a policy to monitor the positive-to-negative state change of multiple track entries, EAA triggers the policy when the last positive track entry monitored by the policy is changed to the Negative state.

You can set a suppression time for a track event monitor policy. The timer starts when the policy is triggered. The system does not process messages that report the monitored track event until the timer times out.

For more information about EAA, see Network Management and Monitoring Configuration Guide.

Procedure

1.     Enter system view.

system-view

2.     Create a CLI-defined monitor policy and enter its view, or enter the view of an existing CLI-defined monitor policy.

rtm cli-policy policy-name

3.     Configure a track event.

event track track-entry-number-list state { negative | positive } [ suppress-time suppress-time ]

By default, a monitor policy does not monitor any track event.

Associating Track with a security policy rule

About this task

Perform this task to enable the collaboration between Track and a security policy rule. The collaboration operates as follows:

·     If the rule is associated with the Negative state of a track entry, the device takes the following actions:

¡     Sets the rule state to Active if the track entry is in Negative state.

¡     Sets the rule state to Inactive if the track entry is in Positive state.

·     If the rule is associated with the Positive state of a track entry, the device takes the following actions:

¡     Sets the rule state to Active if the track entry is in Positive state.

¡     Sets the rule state to Inactive if the track entry is in Negative state.

Procedure

1.     Enter system view.

system-view

2.     Enter IPv4 or IPv6 security policy view.

security-policy { ip | ipv6 }

3.     Enter security policy rule view.

rule { rule-id | name name } *

4.     Associate the rule with a track entry.

track { negative | positive } track-entry-number

By default, no track entry is associated with a security policy rule.

Display and maintenance commands for Track

Execute display commands in any view.

 

Task

Command

Display information about track entries.

display track { track-entry-number | all [ negative | positive ] } [ brief ]

 

Track configuration examples

Example: Configuring VRRP-Track-NQA collaboration

Network configuration

As shown in Figure 2:

·     Host A requires access to Host B. The default gateway of Host A is 10.1.1.10/24.

·     Device A and Device B belong to VRRP group 1. The virtual IP address of VRRP group 1 is 10.1.1.10.

Configure VRRP-Track-NQA collaboration to monitor the uplink on the master and meet the following requirements:

·     When Device A operates correctly, it forwards packets from Host A to Host B.

·     When NQA detects a fault on the uplink of Device A, Device B forwards packets from Host A to Host B.

Figure 2 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)

2.     Configure an NQA operation on Device A:

# Create an NQA operation with administrator name admin and operation tag test.

<DeviceA> system-view

[DeviceA] nqa entry admin test

# Specify the ICMP echo operation type.

[DeviceA-nqa-admin-test] type icmp-echo

# Specify 10.1.2.2 as the destination address of ICMP echo requests.

[DeviceA-nqa-admin-test-icmp-echo] destination ip 10.1.2.2

# Configure the ICMP echo operation to repeat every 100 milliseconds.

[DeviceA-nqa-admin-test-icmp-echo] frequency 100

# Configure reaction entry 1 so that five consecutive probe failures will trigger collaboration with the Track module.

[DeviceA-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

[DeviceA-nqa-admin-test-icmp-echo] quit

# Start the NQA operation.

[DeviceA] nqa schedule admin test start-time now lifetime forever

3.     On Device A, configure track entry 1, and associate it with reaction entry 1 of the NQA operation.

[DeviceA] track 1 nqa entry admin test reaction 1

[DeviceA-track-1] quit

4.     Configure VRRP on Device A:

# Specify VRRPv2 to run on GigabitEthernet 1/0/1.

[DeviceA] interface gigabitethernet 1/0/1

[DeviceA-GigabitEthernet1/0/1] vrrp version 2

# Create VRRP group 1, and configure virtual IP address 10.1.1.10 for the group.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 10.1.1.10

# Set the priority of Device A to 110 in VRRP group 1.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 priority 110

# Set the authentication mode of VRRP group 1 to simple, and the authentication key to hello.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 authentication-mode simple plain hello

# Configure the master to send VRRP packets every 500 centiseconds.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 timer advertise 500

# Configure Device A to operate in preemptive mode and set the preemption delay to 5000 centiseconds.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 preempt-mode delay 5000

# Associate VRRP group 1 with track entry 1 and decrease the router priority by 30 when the state of track entry 1 changes to Negative.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 track 1 priority reduced 30

[DeviceA-GigabitEthernet1/0/1] quit

5.     Configure VRRP on Device B:

# Specify VRRPv2 to run on GigabitEthernet 1/0/1.

<DeviceB> system-view

[DeviceB] interface gigabitethernet 1/0/1

[DeviceB-GigabitEthernet1/0/1] vrrp version 2

# Create VRRP group 1, and configure virtual IP address 10.1.1.10 for the group.

[DeviceB-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 10.1.1.10

# Set the authentication mode of VRRP group 1 to simple, and the authentication key to hello.

[DeviceB-GigabitEthernet1/0/1] vrrp vrid 1 authentication-mode simple plain hello

# Configure the master to send VRRP packets every 500 centiseconds.

[DeviceB-GigabitEthernet1/0/1] vrrp vrid 1 timer advertise 500

# Configure Device B to operate in preemptive mode and set the preemption delay to 5000 centiseconds.

[DeviceB-GigabitEthernet1/0/1] vrrp vrid 1 preempt-mode delay 5000

Verifying the configuration

# Ping Host B from Host A to verify that Host B is reachable. (Details not shown.)

# Display detailed information about VRRP group 1 on Device A.

[DeviceA-GigabitEthernet1/0/1] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 500

     Admin Status   : Up              State        : Master

     Config Pri     : 110             Running Pri  : 110

     Preempt Mode   : Yes             Delay Time   : 5000

     Auth Type      : Simple          Key          : ******

     Virtual IP     : 10.1.1.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.1

   VRRP Track Information:

     Track Object   : 1              State : Positive          Pri Reduced : 30

# Display detailed information about VRRP group 1 on Device B.

[DeviceB-GigabitEthernet1/0/1] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 500

     Admin Status   : Up              State        : Backup

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 5000

     Become Master  : 2200ms left

     Auth Type      : Simple          Key          : ******

     Virtual IP     : 10.1.1.10

     Master IP      : 10.1.1.1

The output shows that in VRRP group 1, Device A is the master and Device B is a backup. Device A forwards packets from Host A to Host B.

# Disconnect the link between Device A and Device C, and verify that Host A can still ping Host B. (Details not shown.)

# Display detailed information about VRRP group 1 on Device A.

[DeviceA-GigabitEthernet1/0/1] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 500

     Admin Status   : Up              State        : Backup

     Config Pri     : 110             Running Pri  : 80

     Preempt Mode   : Yes             Delay Time   : 5000

     Become Master  : 2200ms left

     Auth Type      : Simple          Key          : ******

     Virtual IP     : 10.1.1.10

     Master IP      : 10.1.1.2

   VRRP Track Information:

     Track Object   : 1              State : Negative          Pri Reduced : 30

# Display detailed information about VRRP group 1 on Device B when the link between Device A and Device C is faulty.

[DeviceB-GigabitEthernet1/0/1] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 500

     Admin Status   : Up              State        : Master

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 5000

     Auth Type      : Simple          Key          : ******

     Virtual IP     : 10.1.1.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.2

The output shows that Device A has become the backup, and Device B has become the master. Device B forwards packets from Host A to Host B.

Example: Configuring BFD for a VRRP backup to monitor the master

Network configuration

As shown in Figure 3:

·     Device A and Device B belong to VRRP group 1. The virtual IP address of VRRP group 1 is 192.168.0.10.

·     The default gateway of the hosts in the LAN is 192.168.0.10.

Configure VRRP-Track-BFD collaboration to monitor the master on the backup and meet the following requirements:

·     When Device A operates correctly, the hosts in the LAN access the Internet through Device A.

·     When Device A fails, the backup (Device B) can detect the state change of the master through BFD and become the new master. The hosts in the LAN access the Internet through Device B.

Figure 3 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)

2.     Configure Device A:

# Create VRRP group 1, and configure virtual IP address 192.168.0.10 for the group.

<DeviceA> system-view

[DeviceA] interface gigabitethernet 1/0/1

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 192.168.0.10

# Set the priority of Device A to 110 in VRRP group 1.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 priority 110

[DeviceA-GigabitEthernet1/0/1] return

3.     Configure Device B:

# Specify 10.10.10.10 as the source address of BFD echo packets.

<DeviceB> system-view

[DeviceB] bfd echo-source-ip 10.10.10.10

# Create track entry 1, and associate it with the BFD session to verify the reachability of Device A.

[DeviceB] track 1 bfd echo interface gigabitethernet 1/0/1 remote ip 192.168.0.101 local ip 192.168.0.102

[DeviceB-track-1] quit

# Create VRRP group 1, and configure virtual IP address 192.168.0.10 for the group.

[DeviceB] interface gigabitethernet 1/0/1

[DeviceB-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 192.168.0.10

# Configure VRRP group 1 to monitor the status of track entry 1.

[DeviceB-GigabitEthernet1/0/1] vrrp vrid 1 track 1 switchover

[DeviceB-GigabitEthernet1/0/1] return

Verifying the configuration

# Display detailed information about VRRP group 1 on Device A.

<DeviceA> display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Master

     Config Pri     : 110             Running Pri  : 110

     Preempt Mode   : Yes             Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 192.168.0.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 192.168.0.101

# Display detailed information about VRRP group 1 on Device B.

<DeviceB> display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode       : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Backup

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 0

     Become Master  : 2200ms left

     Auth Type      : None

     Virtual IP     : 192.168.0.10

     Master IP      : 192.168.0.101

   VRRP Track Information:

     Track Object   : 1              State : Positive          Switchover

# Display information about track entry 1 on Device B.

<DeviceB> display track 1

Track ID: 1

  State: Positive

  Duration: 0 days 0 hours 0 minutes 32 seconds

  Tracked object type: BFD

  Notification delay: Positive 0, Negative 0 (in seconds)

  Tracked object:

    BFD session mode: Echo

    Outgoing Interface: GigabitEthernet1/0/1

    VPN instance name: --

    Remote IP: 192.168.0.101

    Local IP: 192.168.0.102

The output shows that when the status of the track entry becomes Positive, Device A is the master, and Device B is the backup.

# Enable VRRP state debugging and BFD event notification debugging on Device B.

<DeviceB> terminal debugging

<DeviceB> terminal monitor

<DeviceB> debugging vrrp fsm

<DeviceB> debugging bfd ntfy

# When Device A fails, the following output is displayed on Device B.

*Dec 17 14:44:34:142 2019 DeviceB BFD/7/DEBUG: Notify application:TRACK State:DOWN

*Dec 17 14:44:34:144 2019 DeviceB VRRP4/7/FSM

 IPv4 GigabitEthernet1/0/1 | Virtual Router 1 : Backup --> Master   reason: The status of the tracked object changed

# Display detailed information about the VRRP group on Device B.

<DeviceB> display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Master

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 192.168.0.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 192.168.0.102

   VRRP Track Information:

     Track Object   : 1                    State : Negative   Switchover

The output shows that when BFD detects that Device A fails, the Track module notifies VRRP to change the status of Device B to master. The backup can quickly preempt as the master without waiting for a period three times the advertisement interval plus the Skew_Time.

Example: Configuring BFD for the VRRP master to monitor the uplink

Network configuration

As shown in Figure 4:

·     Device A and Device B belong to VRRP group 1. The virtual IP address of VRRP group 1 is 192.168.0.10.

·     The default gateway of the hosts in the LAN is 192.168.0.10.

Configure VRRP-Track-BFD collaboration to monitor the uplink on the master and meet the following requirements:

·     When Device A operates correctly, hosts in the LAN access the Internet through Device A.

·     When Device A detects that the uplink is down through BFD, Device B can preempt as the master. The hosts in the LAN can access the Internet through Device B.

Figure 4 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)

2.     Configure Device A:

# Specify 10.10.10.10 as the source address of BFD echo packets.

<DeviceA> system-view

[DeviceA] bfd echo-source-ip 10.10.10.10

# Create track entry 1 for the BFD session on Device A to verify the reachability of the uplink device (1.1.1.2).

[DeviceA] track 1 bfd echo interface gigabitethernet 1/0/1 remote ip 1.1.1.2 local ip 1.1.1.1

[DeviceA-track-1] quit

# Create VRRP group 1, and specify 192.168.0.10 as the virtual IP address of the group.

[DeviceA] interface gigabitethernet 1/0/2

[DeviceA-GigabitEthernet1/0/2] vrrp vrid 1 virtual-ip 192.168.0.10

# Set the priority of Device A to 110 in VRRP group 1.

[DeviceA-GigabitEthernet1/0/2] vrrp vrid 1 priority 110

# Associate VRRP group 1 with track entry 1 and decrease the router priority by 20 when the state of track entry 1 changes to Negative.

[DeviceA-GigabitEthernet1/0/2] vrrp vrid 1 track 1 priority reduced 20

[DeviceA-GigabitEthernet1/0/2] return

3.     On Device B, create VRRP group 1, and specify 192.168.0.10 as the virtual IP address of the group.

<DeviceB> system-view

[DeviceB] interface gigabitethernet 1/0/2

[DeviceB-GigabitEthernet1/0/2] vrrp vrid 1 virtual-ip 192.168.0.10

[DeviceB-GigabitEthernet1/0/2] return

Verifying the configuration

# Display detailed information about the VRRP group on Device A.

<DeviceA> display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode       : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/2

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Master

     Config Pri     : 110             Running Pri  : 110

     Preempt Mode   : Yes             Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 192.168.0.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 192.168.0.101

   VRRP Track Information:

     Track Object   : 1              State : Positive          Pri Reduced : 20

# Display information about track entry 1 on Device A.

<DeviceA> display track 1

Track ID: 1

  State: Positive

  Duration: 0 days 0 hours 0 minutes 32 seconds

  Tracked object type: BFD

  Notification delay: Positive 0, Negative 0 (in seconds)

  Tracked object:

    BFD session mode: Echo

    Outgoing interface: GigabitEthernet1/0/1

    VPN instance name: --

    Remote IP: 1.1.1.2

    Local IP: 1.1.1.1

# Display detailed information about the VRRP group on Device B.

<DeviceB> display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/2

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Backup

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 0

     Become Master  : 2200ms left

     Auth Type      : None

     Virtual IP     : 192.168.0.10

     Master IP      : 192.168.0.101

The output shows that when the status of track entry 1 becomes Positive, Device A is the master and Device B is the backup.

# Display information about track entry 1 when the uplink of Device A goes down.

<DeviceA> display track 1

Track ID: 1

  State: Negative

  Duration: 0 days 0 hours 0 minutes 32 seconds

  Tracked object type: BFD

  Notification delay: Positive 0, Negative 0 (in seconds)

  Tracked object:

    BFD session mode: Echo

    Outgoing interface: GigabitEthernet1/0/1

    VPN instance name: --

    Remote IP: 1.1.1.2

    Local IP: 1.1.1.1

# Display detailed information about the VRRP group on Device A.

<DeviceA> display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/2

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Backup

     Config Pri     : 110             Running Pri  : 90

     Preempt Mode   : Yes             Delay Time   : 0

     Become Master  : 2200ms left

     Auth Type      : None

     Virtual IP     : 192.168.0.10

     Master IP      : 192.168.0.102

   VRRP Track Information:

     Track Object   : 1              State : Negative          Pri Reduced : 20

# Display detailed information about VRRP group 1 on Device B.

<DeviceB> display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/2

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Master

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 192.168.0.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 192.168.0.102

The output shows that when Device A detects that the uplink fails through BFD, it decreases its priority by 20. Device B then preempts as the master.

Example: Configuring static routing-Track-NQA collaboration

Network configuration

As shown in Figure 5:

·     Device A is the default gateway of the hosts in network 20.1.1.0/24.

·     Device D is the default gateway of the hosts in network 30.1.1.0/24.

·     Hosts in the two networks communicate with each other through static routes.

To ensure network availability, configure route backup and static routing-Track-NQA collaboration on Device A and Device D as follows:

·     On Device A, assign a higher priority to the static route to 30.1.1.0/24 with next hop Device B. This route is the master route. The static route to 30.1.1.0/24 with next hop Device C acts as the backup route. When the master route is unavailable, the backup route takes effect.

·     On Device D, assign a higher priority to the static route to 20.1.1.0/24 with next hop Device B. This route is the master route. The static route to 20.1.1.0/24 with next hop Device C acts as the backup route. When the master route is unavailable, the backup route takes effect.

Figure 5 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)

2.     Configure Device A:

# Configure a static route to 30.1.1.0/24 with next hop 10.1.1.2 and the default priority (60). Associate this static route with track entry 1.

<DeviceA> system-view

[DeviceA] ip route-static 30.1.1.0 24 10.1.1.2 track 1

# Configure a static route to 30.1.1.0/24 with next hop 10.3.1.3 and priority 80.

[DeviceA] ip route-static 30.1.1.0 24 10.3.1.3 preference 80

# Configure a static route to 10.2.1.4 with next hop 10.1.1.2.

[DeviceA] ip route-static 10.2.1.4 24 10.1.1.2

# Create an NQA operation with administrator name admin and operation tag test.

[DeviceA] nqa entry admin test

# Specify the ICMP echo operation type.

[DeviceA-nqa-admin-test] type icmp-echo

# Specify 10.2.1.4 as the destination address of the operation.

[DeviceA-nqa-admin-test-icmp-echo] destination ip 10.2.1.4

# Specify 10.1.1.2 as the next hop of the operation.

[DeviceA-nqa-admin-test-icmp-echo] next-hop ip 10.1.1.2

# Configure the ICMP echo operation to repeat every 100 milliseconds.

[DeviceA-nqa-admin-test-icmp-echo] frequency 100

# Configure reaction entry 1 so that five consecutive probe failures will trigger collaboration with the Track module.

[DeviceA-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

[DeviceA-nqa-admin-test-icmp-echo] quit

# Start the NQA operation.

[DeviceA] nqa schedule admin test start-time now lifetime forever

# Configure track entry 1, and associate it with reaction entry 1 of the NQA operation.

[DeviceA] track 1 nqa entry admin test reaction 1

[DeviceA-track-1] quit

3.     Configure Device B:

# Configure a static route to 30.1.1.0/24 with next hop 10.2.1.4.

<DeviceB> system-view

[DeviceB] ip route-static 30.1.1.0 24 10.2.1.4

# Configure a static route to 20.1.1.0/24 with next hop 10.1.1.1.

[DeviceB] ip route-static 20.1.1.0 24 10.1.1.1

4.     Configure Device C:

# Configure a static route to 30.1.1.0/24 with next hop 10.4.1.4.

<DeviceC> system-view

[DeviceC] ip route-static 30.1.1.0 24 10.4.1.4

# Configure a static route to 20.1.1.0/24 with next hop 10.3.1.1.

[DeviceC] ip route-static 20.1.1.0 24 10.3.1.1

5.     Configure Device D:

# Configure a static route to 20.1.1.0/24 with next hop 10.2.1.2 and the default priority (60). Associate this static route with track entry 1.

<DeviceD> system-view

[DeviceD] ip route-static 20.1.1.0 24 10.2.1.2 track 1

# Configure a static route to 20.1.1.0/24 with next hop 10.4.1.3 and priority 80.

[DeviceD] ip route-static 20.1.1.0 24 10.4.1.3 preference 80

# Configure a static route to 10.1.1.1 with next hop 10.2.1.2.

[DeviceD] ip route-static 10.1.1.1 24 10.2.1.2

# Create an NQA operation with administrator name admin and operation tag test.

[DeviceD] nqa entry admin test

# Specify the ICMP echo operation type.

[DeviceD-nqa-admin-test] type icmp-echo

# Specify 10.1.1.1 as the destination address of the operation.

[DeviceD-nqa-admin-test-icmp-echo] destination ip 10.1.1.1

# Specify 10.2.1.2 as the next hop of the operation.

[DeviceD-nqa-admin-test-icmp-echo] next-hop ip 10.2.1.2

# Configure the ICMP echo operation to repeat every 100 milliseconds.

[DeviceD-nqa-admin-test-icmp-echo] frequency 100

# Configure reaction entry 1 so that five consecutive probe failures will trigger collaboration with the Track module.

[DeviceD-nqa-admin-test-icmp-echo] reaction 1 checked-element probe-fail threshold-type consecutive 5 action-type trigger-only

[DeviceD-nqa-admin-test-icmp-echo] quit

# Start the NQA operation.

[DeviceD] nqa schedule admin test start-time now lifetime forever

# Configure track entry 1, and associate it with reaction entry 1 of the NQA operation.

[DeviceD] track 1 nqa entry admin test reaction 1

[DeviceD-track-1] quit

Verifying the configuration

# Display track entry information on Device A.

[DeviceA] display track all

Track ID: 1

  State: Positive

  Duration: 0 days 0 hours 0 minutes 32 seconds

  Tracked object type: NQA

  Notification delay: Positive 0, Negative 0 (in seconds)

  Tracked object:

    NQA entry: admin test

    Reaction: 1

    Remote IP/URL: 10.2.1.4

    Local IP:--

    Interface:--

The output shows that the status of track entry 1 is Positive, indicating that the NQA operation has succeeded and the master route is available.

# Display the routing table of Device A.

[DeviceA] display ip routing-table

 

Destinations : 10       Routes : 10

 

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

10.1.1.0/24         Direct 0    0            10.1.1.1        GE1/0/1

10.1.1.1/32         Direct 0    0            127.0.0.1       InLoop0

10.2.1.0/24         Static 60   0            10.1.1.2        GE1/0/1

10.3.1.0/24         Direct 0    0            10.3.1.1        GE1/0/2

10.3.1.1/32         Direct 0    0            127.0.0.1       InLoop0

20.1.1.0/24         Direct 0    0            20.1.1.1        GE1/0/3

20.1.1.1/32         Direct 0    0            127.0.0.1       InLoop0

30.1.1.0/24         Static 60   0            10.1.1.2        GE1/0/1

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

The output shows that Device A forwards packets to 30.1.1.0/24 through Device B.

# Remove the IP address of GigabitEthernet 1/0/1 on Device B.

<DeviceB> system-view

[DeviceB] interface gigabitethernet 1/0/1

[DeviceB-GigabitEthernet1/0/1] undo ip address

# Display information about the track entry on Device A.

[DeviceA] display track all

Track ID: 1

  State: Negative

  Duration: 0 days 0 hours 0 minutes 32 seconds

  Tracked object type: NQA

  Notification delay: Positive 0, Negative 0 (in seconds)

  Tracked object:

    NQA entry: admin test

    Reaction: 1

    Remote IP/URL: 10.2.1.4

    Local IP:--

    Interface:--

The output shows that the status of the track entry is Negative, indicating that the NQA operation has failed and the master route is unavailable.

# Display the routing table of Device A.

[DeviceA] display ip routing-table

 

Destinations : 10       Routes : 10

 

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

10.1.1.0/24         Direct 0    0            10.1.1.1        GE1/0/1

10.1.1.1/32         Direct 0    0            127.0.0.1       InLoop0

10.2.1.0/24         Static 60   0            10.1.1.2        GE1/0/1

10.3.1.0/24         Direct 0    0            10.3.1.1        GE1/0/2

10.3.1.1/32         Direct 0    0            127.0.0.1       InLoop0

20.1.1.0/24         Direct 0    0            20.1.1.1        GE1/0/3

20.1.1.1/32         Direct 0    0            127.0.0.1       InLoop0

30.1.1.0/24         Static 80   0            10.3.1.3        GE1/0/2

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

The output shows that Device A forwards packets to 30.1.1.0/24 through Device C. The backup static route has taken effect.

# Verify that hosts in 20.1.1.0/24 can communicate with the hosts in 30.1.1.0/24 when the master route fails.

[DeviceA] ping -a 20.1.1.1 30.1.1.1

Ping 30.1.1.1: 56  data bytes, press CTRL_C to break

Reply from 30.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms

Reply from 30.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms

Reply from 30.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms

Reply from 30.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms

Reply from 30.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms

--- Ping statistics for 30.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss

round-trip min/avg/max/std-dev = 1/1/2/1 ms

# Verify that the hosts in 30.1.1.0/24 can communicate with the hosts in 20.1.1.0/24 when the master route fails.

[DeviceD] ping -a 30.1.1.1 20.1.1.1

Ping 20.1.1.1: 56  data bytes, press CTRL_C to break

Reply from 20.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms

Reply from 20.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms

Reply from 20.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms

Reply from 20.1.1.1: bytes=56 Sequence=4 ttl=254 time=1 ms

Reply from 20.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms

 

--- Ping statistics for 20.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss

round-trip min/avg/max/std-dev = 1/1/2/1 ms

Example: Configuring static routing-Track-BFD collaboration

Network configuration

As shown in Figure 6:

·     Device A is the default gateway of the hosts in network 20.1.1.0/24.

·     Device B is the default gateway of the hosts in network 30.1.1.0/24.

·     Hosts in the two networks communicate with each other through static routes.

To ensure network availability, configure route backup and static routing-Track-BFD collaboration on Device A and Device B as follows:

·     On Device A, assign a higher priority to the static route to 30.1.1.0/24 with next hop Device B. This route is the master route. The static route to 30.1.1.0/24 with next hop Device C acts as the backup route. When the master route is unavailable, BFD can quickly detect the route failure to make the backup route take effect.

·     On Device B, assign a higher priority to the static route to 20.1.1.0/24 with next hop Device A. This route is the master route. The static route to 20.1.1.0/24 with next hop Device C acts as the backup route. When the master route is unavailable, BFD can quickly detect the route failure to make the backup route take effect.

Figure 6 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)

2.     Configure Device A:

# Configure a static route to 30.1.1.0/24 with next hop 10.2.1.2 and the default priority (60). Associate this static route with track entry 1.

<DeviceA> system-view

[DeviceA] ip route-static 30.1.1.0 24 10.2.1.2 track 1

# Configure a static route to 30.1.1.0/24 with next hop 10.3.1.3 and priority 80.

[DeviceA] ip route-static 30.1.1.0 24 10.3.1.3 preference 80

# Specify 10.10.10.10 as the source address of BFD echo packets.

[DeviceA] bfd echo-source-ip 10.10.10.10

# Configure track entry 1, and associate it with the BFD session to verify the connectivity between Device A and Device B.

[DeviceA] track 1 bfd echo interface gigabitethernet 1/0/1 remote ip 10.2.1.2 local ip 10.2.1.1

[DeviceA-track-1] quit

3.     Configure Device B:

# Configure a static route to 20.1.1.0/24 with next hop 10.2.1.1 and the default priority (60). Associate this static route with track entry 1.

<DeviceB> system-view

[DeviceB] ip route-static 20.1.1.0 24 10.2.1.1 track 1

# Configure a static route to 20.1.1.0/24 with next hop 10.4.1.3 and priority 80.

[DeviceB] ip route-static 20.1.1.0 24 10.4.1.3 preference 80

# Specify 1.1.1.1 as the source address of BFD echo packets.

[DeviceB] bfd echo-source-ip 1.1.1.1

# Configure track entry 1, and associate it with the BFD session to verify the connectivity between Device B and Device A.

[DeviceB] track 1 bfd echo interface gigabitethernet 1/0/1 remote ip 10.2.1.1 local ip 10.2.1.2

[DeviceB-track-1] quit

4.     Configure Device C:

# Configure a static route to 30.1.1.0/24 with next hop 10.4.1.2.

<DeviceC> system-view

[DeviceC] ip route-static 30.1.1.0 24 10.4.1.2

# Configure a static route to 20.1.1.0/24 with next hop 10.3.1.1.

[DeviceB] ip route-static 20.1.1.0 24 10.3.1.1

Verifying the configuration

# Display information about the track entry on Device A.

[DeviceA] display track all

Track ID: 1

  State: Positive

  Duration: 0 days 0 hours 0 minutes 32 seconds

  Tracked object type: BFD

  Notification delay: Positive 0, Negative 0 (in seconds)

  Tracked object:

    BFD session mode: Echo

    Outgoing interface: GigabitEthernet1/0/1

    VPN instance name: --

    Remote IP: 10.2.1.2

    Local IP: 10.2.1.1

The output shows that the status of the track entry is Positive, indicating that next hop 10.2.1.2 is reachable.

# Display the routing table of Device A.

[DeviceA] display ip routing-table

 

Destinations : 9        Routes : 9

 

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

10.2.1.0/24         Direct 0    0            10.2.1.1        GE1/0/1

10.2.1.1/32         Direct 0    0            127.0.0.1       InLoop0

10.3.1.0/24         Direct 0    0            10.3.1.1        GE1/0/2

10.3.1.1/32         Direct 0    0            127.0.0.1       InLoop0

20.1.1.0/24         Direct 0    0            20.1.1.1        GE1/0/3

20.1.1.1/32         Direct 0    0            127.0.0.1       InLoop0

30.1.1.0/24         Static 60   0            10.2.1.2        GE1/0/1

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

The output shows that Device A forwards packets to 30.1.1.0/24 through Device B. The master static route has taken effect.

# Remove the IP address of GigabitEthernet 1/0/1 on Device B.

<DeviceB> system-view

[DeviceB] interface gigabitethernet 1/0/1

[DeviceB-GigabitEthernet1/0/1] undo ip address

# Display information about the track entry on Device A.

[DeviceA] display track all

Track ID: 1

  State: Negative

  Duration: 0 days 0 hours 0 minutes 32 seconds

  Tracked object type: BFD

  Notification delay: Positive 0, Negative 0 (in seconds)

  Tracked object:

    BFD session mode: Echo

    Outgoing interface: GigabitEthernet1/0/1

    VPN instance name: --

    Remote IP: 10.2.1.2

    Local IP: 10.2.1.1

The output shows that the status of the track entry is Negative, indicating that next hop 10.2.1.2 is unreachable.

# Display the routing table of Device A.

[DeviceA] display ip routing-table

 

Destinations : 9        Routes : 9

 

Destination/Mask    Proto  Pre  Cost         NextHop         Interface

10.2.1.0/24         Direct 0    0            10.2.1.1        GE1/0/1

10.2.1.1/32         Direct 0    0            127.0.0.1       InLoop0

10.3.1.0/24         Direct 0    0            10.3.1.1        GE1/0/2

10.3.1.1/32         Direct 0    0            127.0.0.1       InLoop0

20.1.1.0/24         Direct 0    0            20.1.1.1        GE1/0/3

20.1.1.1/32         Direct 0    0            127.0.0.1       InLoop0

30.1.1.0/24         Static 80   0            10.3.1.3        GE1/0/2

127.0.0.0/8         Direct 0    0            127.0.0.1       InLoop0

127.0.0.1/32        Direct 0    0            127.0.0.1       InLoop0

The output shows that Device A forwards packets to 30.1.1.0/24 through Device C. The backup static route has taken effect.

# Verify that the hosts in 20.1.1.0/24 can communicate with the hosts in 30.1.1.0/24 when the master route fails.

[DeviceA] ping -a 20.1.1.1 30.1.1.1

Ping 30.1.1.1: 56  data bytes, press CTRL_C to break

Reply from 30.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms

Reply from 30.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms

Reply from 30.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms

Reply from 30.1.1.1: bytes=56 Sequence=4 ttl=254 time=2 ms

Reply from 30.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms

 

--- Ping statistics for 30.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss

round-trip min/avg/max/std-dev = 1/1/2/1 ms

# Verify that the hosts in 30.1.1.0/24 can communicate with the hosts in 20.1.1.0/24 when the master route fails.

[DeviceB] ping -a 30.1.1.1 20.1.1.1

Ping 20.1.1.1: 56  data bytes, press CTRL_C to break

Reply from 20.1.1.1: bytes=56 Sequence=1 ttl=254 time=2 ms

Reply from 20.1.1.1: bytes=56 Sequence=2 ttl=254 time=1 ms

Reply from 20.1.1.1: bytes=56 Sequence=3 ttl=254 time=1 ms

Reply from 20.1.1.1: bytes=56 Sequence=4 ttl=254 time=1 ms

Reply from 20.1.1.1: bytes=56 Sequence=5 ttl=254 time=1 ms

 

--- Ping statistics for 20.1.1.1 ---

5 packet(s) transmitted, 5 packet(s) received, 0.00% packet loss

round-trip min/avg/max/std-dev = 1/1/2/1 ms

Example: Configuring VRRP-Track-interface management collaboration

Network configuration

As shown in Figure 7:

·     Host A requires access to Host B. The default gateway of Host A is 10.1.1.10/24.

·     Device A and Device B belong to VRRP group 1. The virtual IP address of VRRP group 1 is 10.1.1.10.

Configure VRRP-Track-interface management collaboration to monitor the uplink interface on the master and meet the following requirements:

·     When Device A operates correctly, Device A forwards packets from Host A to Host B.

·     When VRRP detects a fault on the uplink interface of Device A through the interface management module, Device B forwards packets from Host A to Host B.

Figure 7 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)

2.     Configure Device A:

# Configure track entry 1, and associate it with the link status of the uplink interface (GigabitEthernet 1/0/2).

[DeviceA] track 1 interface gigabitethernet 1/0/2

[DeviceA-track-1] quit

# Create VRRP group 1, and configure virtual IP address 10.1.1.10 for the group.

[DeviceA] interface gigabitethernet 1/0/1

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 10.1.1.10

# Set the priority of Device A to 110 in VRRP group 1.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 priority 110

# Associate VRRP group 1 with track entry 1 and decrease the router priority by 30 when the state of track entry 1 changes to Negative.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 track 1 priority reduced 30

3.     On Device B, create VRRP group 1, and configure virtual IP address 10.1.1.10 for the group.

<DeviceB> system-view

[DeviceB] interface gigabitethernet 1/0/1

[DeviceB-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 10.1.1.10

Verifying the configuration

# Ping Host B from Host A to verify that Host B is reachable. (Details not shown.)

# Display detailed information about VRRP group 1 on Device A.

[DeviceA-GigabitEthernet1/0/1] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Master

     Config Pri     : 110             Running Pri  : 110

     Preempt Mode   : Yes             Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.1

   VRRP Track Information:

     Track Object   : 1              State : Positive          Pri Reduced : 30

# Display detailed information about VRRP group 1 on Device B.

[DeviceB-GigabitEthernet1/0/1] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Backup

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 0

     Become Master  : 2200ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.10

     Master IP      : 10.1.1.1

The output shows that in VRRP group 1, Device A is the master and Device B is a backup. Device A forwards packets from Host A to Host B.

# Shut down the uplink interface (GigabitEthernet 1/0/2) on Device A.

[DeviceA-GigabitEthernet1/0/1] interface gigabitethernet 1/0/2

[DeviceA-GigabitEthernet1/0/2] shutdown

# Ping Host B from Host A to verify that Host B is reachable. (Details not shown.)

# Display detailed information about VRRP group 1 on Device A.

[DeviceA-GigabitEthernet1/0/2] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Backup

     Config Pri     : 110             Running Pri  : 80

     Preempt Mode   : Yes             Delay Time   : 0

     Become Master  : 2200ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.10

     Master IP      : 10.1.1.2

   VRRP Track Information:

     Track Object   : 1              State : Negative          Pri Reduced : 30

# Display detailed information about VRRP group 1 on Device B.

[DeviceB-GigabitEthernet1/0/1] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Master

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.2

The output shows that Device A has become the backup, and Device B has become the master. Device B forwards packets from Host A to Host B.

Example: Configuring VRRP-Track-route management collaboration

Network configuration

As shown in Figure 8:

·     Host A requires access to Host B. The default gateway of Host A is 10.1.1.10/24.

·     Device A and Device B belong to VRRP group 1. The virtual IP address of VRRP group 1 is 10.1.1.10.

·     BGP peer relationships are established between Device A and Device C and between Device B and Device D. Device C and Device D advertise default route 0.0.0.0/0 to Device A and Device B.

Configure VRRP-Track-route management collaboration to meet the following requirements:

·     When Device A operates correctly, Device A forwards packets from Host A to Host B.

·     When VRRP detects the removal of the default route from the routing table of Device A through route management, Device B forwards packets from Host A to Host B.

Figure 8 Network diagram

Procedure

1.     Assign IP addresses to interfaces and configure routes, security zones, zone pairs, and interzone policies. Make sure the network connections are available. (Details not shown.)

2.     Establish an IBGP peer relationship between Device A and Device C, and configure Device C to advertise default route 0.0.0.0/0 to Device A.

<DeviceA> system-view

[DeviceA] bgp 100

[DeviceA-bgp-default] peer 10.1.2.2 as-number 100

[DeviceA-bgp-default] address-family ipv4

[DeviceA-bgp-default-ipv4] peer 10.1.2.2 enable

[DeviceA-bgp-default-ipv4] quit

<DeviceC> system-view

[DeviceC] bgp 100

[DeviceC-bgp-default] peer 10.1.2.1 as-number 100

[DeviceC-bgp-default] address-family ipv4

[DeviceC-bgp-default-ipv4] peer 10.1.2.1 enable

[DeviceC-bgp-default-ipv4] peer 10.1.2.1 default-route-advertise

[DeviceC-bgp-default-ipv4] quit

3.     Configure Device B and Device D in the same way Device A and Device C are configured. (Details not shown.)

4.     Configure Track and VRRP on Device A:

# Configure track entry 1, and associate it with default route 0.0.0.0/0.

[DeviceA] track 1 ip route 0.0.0.0 0.0.0.0 reachability

[DeviceA-track-1] quit

# Create VRRP group 1, and configure virtual IP address 10.1.1.10 for the group.

[DeviceA] interface gigabitethernet 1/0/1

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 10.1.1.10

# Set the priority of Device A to 110 in VRRP group 1.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 priority 110

# Associate VRRP group 1 with track entry 1 and decrease the router priority by 30 when the state of track entry 1 changes to Negative.

[DeviceA-GigabitEthernet1/0/1] vrrp vrid 1 track 1 priority reduced 30

[DeviceA-GigabitEthernet1/0/1] quit

5.     On Device B, create VRRP group 1, and configure virtual IP address 10.1.1.10 for the group.

<DeviceB> system-view

[DeviceB] interface gigabitethernet 1/0/1

[DeviceB-GigabitEthernet1/0/1] vrrp vrid 1 virtual-ip 10.1.1.10

[DeviceB-GigabitEthernet1/0/1] quit

Verifying the configuration

# Ping Host B from Host A to verify that Host B is reachable. (Details not shown.)

# Display detailed information about VRRP group 1 on Device A.

[DeviceA] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode       : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Master

     Config Pri     : 110             Running Pri  : 110

     Preempt Mode   : Yes             Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.1

   VRRP Track Information:

     Track Object   : 1              State : Positive          Pri Reduced : 30

# Display detailed information about VRRP group 1 on Device B.

[DeviceB] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode       : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Backup

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 0

     Become Master  : 2200ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.10

     Master IP      : 10.1.1.1

The output shows that in VRRP group 1, Device A is the master and Device B is a backup. Device A forwards packets from Host A to Host B.

# Disable Device C from exchanging routing information with Device A so that default route 0.0.0.0/0 is removed from Device A.

[DeviceC-bgp-default-ipv4] undo peer 10.1.2.1 enable

# Ping Host B from Host A to verify that Host B is reachable. (Details not shown.)

# Display detailed information about VRRP group 1 on Device A.

[DeviceA] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Backup

     Config Pri     : 110             Running Pri  : 80

     Preempt Mode   : Yes             Delay Time   : 0

     Become Master  : 2200ms left

     Auth Type      : None

     Virtual IP     : 10.1.1.10

     Master IP      : 10.1.1.2

   VRRP Track Information:

     Track Object   : 1              State : Negative          Pri Reduced : 30

# Display detailed information about VRRP group 1 on Device B.

[DeviceB] display vrrp verbose

IPv4 Virtual Router Information:

 Running Mode      : Standard

 Total number of virtual routers : 1

   Interface GigabitEthernet1/0/1

     VRID           : 1               Adver Timer  : 100

     Admin Status   : Up              State        : Master

     Config Pri     : 100             Running Pri  : 100

     Preempt Mode   : Yes             Delay Time   : 0

     Auth Type      : None

     Virtual IP     : 10.1.1.10

     Virtual MAC    : 0000-5e00-0101

     Master IP      : 10.1.1.2

The output shows that Device A has become the backup, and Device B has become the master. Device B forwards packets from Host A to Host B.

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become A Partner
  • Partner Policy & Program
  • Global Learning
  • Partner Sales Resources
  • Partner Business Management
  • Service Business
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网