09-High Availability Configuration Guide

HomeSupportSecurityH3C SecPath F5000 FirewallConfigure & DeployConfiguration GuidesH3C SecPath F50X0-D[F5000-AK] Firewalls Series Configuration Guides (V7) (R9620)-6W40109-High Availability Configuration Guide
09-Interface backup configuration
Title Size Download
09-Interface backup configuration 97.51 KB

Configuring interface backup

About interface backup

Interface backup enables you to configure multiple backup interfaces for a Layer 3 interface to increase link availability. When the primary interface fails or is overloaded, its backup interfaces can take over or participate in traffic forwarding.

Compatible interfaces

Table 1 Interfaces that support interface backup

Category

Interfaces

Remarks

Ethernet

Layer 3 Ethernet interfaces/subinterfaces

N/A

Others

Dialer interfaces

Tunnel interfaces

A dialer interface can be used as the primary interface only when it is a PPPoE client in permanent session mode.

Backup modes

The primary interface and its backup interfaces can operate in strict active/standby mode or load sharing mode.

·     Strict active/standby mode—Only one interface transmits traffic. All the other interfaces are in STANDBY state.

·     Load sharing mode—Backup interfaces participate in traffic forwarding when the amount of traffic on the primary interface reaches the upper threshold. They are activated and deactivated depending on the amount of traffic.

In strict active/standby mode, traffic loss occurs when the active interface is overloaded. Load sharing mode improves link efficiency and reduces the risk of packet loss.

Strict active/standby mode

In strict active/standby mode, the primary interface always has higher priority than all backup interfaces.

·     When the primary interface is operating correctly, all traffic is transmitted through the primary interface.

·     When the primary interface fails, the highest-priority backup interface takes over. If the highest-priority backup interface also fails, the second highest-priority backup interface takes over, and so forth.

 

 

NOTE:

If two backup interfaces have the same priority, the one configured first has preference.

 

An active backup interface is always preempted by the primary interface. However, a higher-priority backup interface cannot preempt a lower-priority backup interface that has taken over the primary interface.

·     The primary interface takes over when it recovers from a failure condition.

·     The higher-priority backup interface cannot take over when it recovers from a failure condition while the primary interface is still down.

As shown in Figure 1, Port A on Router A is the primary interface. Port B (with a priority of 30) and Port C (with a priority of 20) are its backup interfaces.

·     When Port A is operating correctly, all traffic is transmitted through Port A.

·     When Port A fails, Port B takes over because it has higher priority than Port C. If Port B also fails, Port C takes over.

·     When Port A is recovered, it preempts the active backup interface because it is the primary interface. If Port B is recovered while Port A is still down, Port B cannot preempt Port C to forward traffic.

Figure 1 Strict active/backup mode

 

Load sharing mode

In load sharing mode, the backup interfaces are activated to transmit traffic depending on the traffic load on the primary interface.

·     When the amount of traffic on the primary interface exceeds the upper threshold, the backup interfaces are activated in descending order of priority. This action continues until the traffic drops below the upper threshold.

·     When the total amount of traffic on all load-shared interfaces decreases below the lower threshold, the backup interfaces are deactivated in ascending order of priority. This action continues until the total amount of traffic exceeds the lower threshold.

·     When the primary interface fails (in DOWN state), the strict active/standby mode applies. Only one backup interface can forward traffic.

The upper and lower thresholds are user configurable.

 

 

NOTE:

·     "Traffic" on an interface refers to the amount of incoming or outgoing traffic, whichever is higher.

·     If two backup interfaces have the same priority, the one configured first has preference.

 

As shown in Figure 2, Port A on Router A is the primary interface. Port B (with a priority of 30) and Port C (with a priority of 20) are its backup interfaces.

·     When the amount of traffic on Port A exceeds the upper threshold, Port B is activated, because it has higher priority than Port C. If the amount of traffic on Port A still exceeds the upper threshold, Port C is activated.

·     When the total amount of traffic on all load-shared interfaces decreases below the lower threshold, Port C is first deactivated, because its priority is lower than Port B. If the total amount of traffic on Port A and Port B is still below the lower threshold, Port B is deactivated.

Figure 2 Load sharing mode

 

Restrictions and guidelines: Interface backup configuration

When you configure interface backup, follow these restrictions and guidelines:

·     The device supports up to 10 primary interfaces.

·     An interface can be configured as a backup only for one interface.

·     An interface cannot be both a primary and backup interface.

·     The strict active/standby mode and load sharing mode cannot be configured at the same time.

Interface backup tasks at a glance

To configure interface backup, perform the following tasks:

·     Configuring strict active/standby interface backup

Choose one of the following tasks:

¡     Explicitly specifying backup interfaces without traffic thresholds

Use this method if you want to monitor the interface state of the primary interface for a switchover to occur.

¡     Using interface backup with the Track module

Use this method if you want to monitor any other state, such as the link state of the primary interface.

·     Configuring load-shared interface backup

Prerequisites for configuring interface backup

Make sure the primary and backup interfaces have routes to the destination network.

Explicitly specifying backup interfaces without traffic thresholds

About this task

Perform this task if you want to monitor the interface state of the primary interface for a switchover to occur. For the primary and backup interfaces to operate in strict active/standby mode, do not specify the traffic thresholds on the primary interface. If the traffic thresholds are configured, the interfaces will operate in load sharing mode.

You can assign priority to backup interfaces. When the primary interface fails, the backup interfaces are activated in descending order of priority, with the highest-priority interface activated first. If two backup interfaces have the same priority, the one configured first has preference.

To prevent link flapping from causing frequent interface switchovers, you can configure the following switchover delay timers:

·     Up delay timer—Number of seconds that the primary or backup interface must wait before it can come up.

·     Down delay timer—Number of seconds that the active primary or backup interface must wait before it is set to down state.

When the link of the active interface fails, the interface state does not change immediately. Instead, a down delay timer starts. If the link recovers before the timer expires, the interface state does not change. If the link is still down when the timer expires, the interface state changes to down.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

This interface must be the primary interface.

3.     Specify a backup interface.

backup interface interface-type interface-number [ priority ]

By default, an interface does not have any backup interfaces.

Repeat this command to specify up to three backup interfaces for the interface.

4.     Set the switchover delay timers.

backup timer delay up-delay down-delay

By default, the up and down delay timers are both 5 seconds.

Using interface backup with the Track module

About this task

Perform this task if you want to monitor any other state, such as the link state of the primary interface. To use interface backup with the Track module to provide strict active/standby backup for a primary interface:

·     Configure a track entry to monitor state information of the primary interface. For example, monitor its link state.

·     Associate the track entry with a backup interface.

Interface backup changes the state of the backup interface in response to the track entry state, as shown in Table 2.

Table 2 Action on the backup interface in response to the track entry state change

Track entry state

State of the monitored primary link

Action on the backup interface

Positive

The primary link is operating correctly.

Places the backup interface in STANDBY state.

Negative

The primary link has failed.

Activates the backup interface to take over.

NotReady

The primary link is not monitored.

This situation occurs when the track module or the monitoring module is not ready, for example, because the Track module is restarting or the monitoring settings are incomplete. In this situation, interface backup cannot obtain information about the primary link from the track module.

·     If the track entry state stays in NotReady state after it is created, interface backup does not change the state of the backup interface.

·     If the track entry state changes to NotReady from Positive or Negative, the backup interface changes back to the forwarding state before it was used for interface backup.

 

For more information about configuring a track entry, see "Configuring Track."

Restrictions and guidelines

·     You can associate an interface with only one track entry.

·     You can create the associated track entry before or after the association. The association takes effect after the track entry is created.

·     To maintain performance, limit the number of associations to 64.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

This interface must be the interface you are using as a backup.

3.     Associate the interface with a track entry.

backup track track-entry-number

By default, an interface is not associated with a track entry.

Configuring load-shared interface backup

About this task

To implement load-balanced interface backup, you must configure the traffic thresholds on the primary interface. Interface backup regularly compares the amount of traffic with the thresholds to determine whether to activate or deactivate a backup interface. The traffic polling interval is user configurable.

You can assign priority to backup interfaces.

·     When the amount of traffic on the primary interface exceeds the upper threshold, the backup interfaces are activated in descending order of priority.

·     When the total amount of traffic on all load-shared interfaces decreases below the lower threshold, the backup interfaces are deactivated in ascending order of priority.

If two backup interfaces have the same priority, the one configured first has preference.

If a traffic flow has a fast forwarding entry, all packets of the flow will be forwarded out of the outgoing interface in the entry. The packets of the flow will not be distributed between interfaces when the upper threshold is reached. For more information about fast forwarding, see Layer 3—IP Services Configuration Guide.

Procedure

1.     Enter system view.

system-view

2.     Enter interface view.

interface interface-type interface-number

You must enter the view of the primary interface.

3.     Configure a backup interface for the interface.

backup interface interface-type interface-number [ priority ]

By default, an interface does not have any backup interfaces.

Repeat this command to specify up to three backup interfaces.

4.     Set backup load sharing thresholds.

backup threshold upper-threshold lower-threshold

By default, no traffic thresholds are configured.

5.     Set the traffic polling interval.

backup timer flow-check interval

The default interval is 30 seconds.

Display and maintenance commands for interface backup

Execute display commands in any view.

 

Task

Command

Display traffic statistics for load-shared interfaces.

display interface-backup statistics

Display the status of primary and backup interfaces.

display interface-backup state

 

  • Cloud & AI
  • InterConnect
  • Intelligent Computing
  • Security
  • SMB Products
  • Intelligent Terminal Products
  • Product Support Services
  • Technical Service Solutions
All Services
  • Resource Center
  • Policy
  • Online Help
All Support
  • Become A Partner
  • Partner Policy & Program
  • Global Learning
  • Partner Sales Resources
  • Partner Business Management
  • Service Business
All Partners
  • Profile
  • News & Events
  • Online Exhibition Center
  • Contact Us
All About Us
新华三官网