HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 2186
123
2.
Configure Device A:
# Create VLANs 1 through 30.
system-view
[DeviceA] vlan 1 to 30
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk po rts, assign them to
VLANs 1 through 30, and enable flus h message receiving on them.
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] port link-type trunk
[DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 1 to 30
[DeviceA-GigabitEthernet1/0/1] smart-link flush enable
[DeviceA-GigabitEthernet1/0/1]...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2185.png "Page 2186
123
2.
Configure Device A:
# Create VLANs 1 through 30.
system-view
[DeviceA] vlan 1 to 30
# Configure GigabitEthernet 1/0/1 and GigabitEthernet 1/0/2 as trunk po rts, assign them to
VLANs 1 through 30, and enable flus h message receiving on them.
[DeviceA] interface gigabitethernet 1/0/1
[DeviceA-GigabitEthernet1/0/1] port link-type trunk
[DeviceA-GigabitEthernet1/0/1] port trunk permit vlan 1 to 30
[DeviceA-GigabitEthernet1/0/1] smart-link flush enable
[DeviceA-GigabitEthernet1/0/1]...")
![Page 2187
124
# Configure GigabitEthernet 1/0/1 as a trunk port, assign it to VLANs 1 through 30, and enable
flush message receiving on it.
[DeviceD] interface gigabitethernet 1/0/1
[DeviceD-GigabitEthernet1/0/1] port link-type trunk
[DeviceD-GigabitEthernet1/0/1] port trunk permit vlan 1 to 30
[DeviceD-GigabitEthernet1/0/1] smart-link flush enable
[DeviceD-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a trunk port, assign it to VLANs 1 through 30, disable the
spanning tree feature, and...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2186.png "Page 2187
124
# Configure GigabitEthernet 1/0/1 as a trunk port, assign it to VLANs 1 through 30, and enable
flush message receiving on it.
[DeviceD] interface gigabitethernet 1/0/1
[DeviceD-GigabitEthernet1/0/1] port link-type trunk
[DeviceD-GigabitEthernet1/0/1] port trunk permit vlan 1 to 30
[DeviceD-GigabitEthernet1/0/1] smart-link flush enable
[DeviceD-GigabitEthernet1/0/1] quit
# Configure GigabitEthernet 1/0/2 as a trunk port, assign it to VLANs 1 through 30, disable the
spanning tree feature, and...")
128 VRRP preemption delay timer To avoid frequent state changes among members in a VRRP group and provide the backups enough time to collect information (such as routing information), each backup waits for a period of time (the preemption delay time) after it receives an advertisement with the priority lower than the local priority, then sends VRRP advertisements to start a new ma ster election in the VRRP group and becomes the master. Packet format The master multicasts VRRP packets periodically to declare its existence. VRRP packets are also used for checking the parameters of the virtua l router and electing the master. VRRP packets are encapsulated in IP packets, with the protocol number being 1 12 . Figure 32 sh ows the format of a VRRPv2 packet and Figure 33 sho ws the format of a VRRPv3 packet. Figure 32 Format of a VRRPv2 packet Figure 33 Format of a VRRPv3 packet A VRRP packet comprises the following fields:
129 • Version —Version number of the protocol, 2 for VRRPv2 and 3 for VRRPv3. • Ty p e —Type of the VRRPv2 or VRRPv3 packet. Only one VRRP packet type is present, that is, VRRP advertisement, which is represented by 1. • Virtual Rtr ID (VRID) —ID of the vir tual router, that is, ID of the VRRP group. It ranges from 1 to 255. • Priority —Priority of the router in the VRRP group, in the range of 0 to 255. A greater value represents a higher priority. • Count IP Addrs/Count IPv6 Addrs —Number of virtual IPv4 or IPv6 addresses for the VRRP group. A VRRP group can have multiple virtual IPv4 or IPv6 addresses. • Auth Type —Authentication type. 0 means no authentication, 1 means simple text authentication, and 2 means MD5 authentication. VRRPv3 does not support MD5 authentication. • Adver Int —Interval for sending advertisement packets. Fo r VRRPv2, the interval is in seconds and defaults to 1. For VRRPv3, the interval is in centiseconds and defaults to 100. • Checksum—16-bit checksum for validating the data in VRRP packets. • IP Address/IPv6 Address —Virtual IPv4 or IPv6 address entry of the VRRP group. The Count IP Addrs or Count IPv6 Addrs field defines the number of the virtual IP v4 or IPv6 addresses. • Authentication Data —Authentication key. This field is used only for simple authentication and is 0 for any other authentication modes. Principles of VRRP • Routers in a VRRP group determine their roles by prio rity. The router with the highest priority is the master, and the others are the backups. The master periodically sends VRRP advertisements to notify the backups that it is operating properly, and each of the backups starts a timer to wait for advertisements from the master. • In preemptive mode, when a backup receives a VRRP advertisement, it compares the priority in the packet with its own priority. If the priority of the backup is higher, the backup becomes the master. Otherwise, it remains as a backup. With the preemptive mode, a VRRP group always has a router with the highest priority as the master for packet forwarding. • In non -preemptive mode, a router in the VRRP group remains as a master or backup as long as the master does not fail. A backup does not become the master even if it is configured with a higher priority. The non-preemptive mode helps avoid frequent switchover between the master and backups. • If the timer of a backup expires but the backup still does not receive any VRRP advertisement, it considers that the master fails. In this case, the backup considers itself as the master and sends VRRP advertisements to start a new master election. The VRRP group configuration might be different on routers, and network problems might exist, so multiple master routers might exist in one VRRP group. These master routers will elect one master according to their priorities and IP addresses. The router with the highest priority wins the election. If a tie exists in the priority, the router with the highest IP address wins. After a backup router receives an advertisement, it compares its priority against that carried in the advertisement. If its priority is higher than that carried in the advertisement, it takes over the master. VRRP tracking To enable the VRRP tracking function, configure the routers in the VRRP group to operate in preemptive mode first, so that only the router with the highest priority can always operate as the master for packet forwarding.
130 Tracking a specified interface The interface tracking function expands the backup functionality of VRRP. It provides backup not only when the interface to which a VRRP group is assigned fails but also when other interfaces (such as uplink interfaces) on the router become unavailable. If the uplink interface of a router in a VRRP group fails, usually the VRRP group cannot be aware of the uplink interface failure. If the router is the master of the VRRP group, hosts on the LAN are not able to access external networks because of the uplink failure. This problem can be solved by tracking a specified uplink inter face. If the tracked uplink inter face is down or removed, the priorit y of the master is automatically decreased by a specified value and a higher priority router in the VRRP group becomes the master. Monitoring a track entry By monitoring a track entry, you can: • Monitor an uplink and change the priority of the ro uter according to the state of the uplink. If the uplink fails, hosts in the LAN cannot access extern al networks through the router. In this case, the state of the monitored track entry is negative and the priority of the router decreases by a specified value. Then, a higher priority router in the VRRP group becomes the master to maintain the proper communication between the hosts in the LAN and external networks. • Monitor the master on a backup. When the master fails, the backup immediately preempts as the master to maintain normal communication. For more information about track entries, see Configuring track. VRRP application (taking IPv4-based VRRP for example) Master/backup In master/backup mode, only the master forwards packets. When the master fails, a new master is elected from the backups. This mode requires only one VRRP group, in which each router holds a different priority and the one with the highest priority becomes the master, as shown in Figure 34. Figure 34 VRRP in master/backup mode Assume that Router A is the master and therefore can forward packets to external networks, whereas Router B and Router C are backups and are thus in the state of listening. If Router A fails, Router B and Router C elect for a new master to forward packets to hosts on the LAN.
131 Load sharing More than one VRRP group can be created on an interface o f a r o u t e r t o a l l o w t h e r o u t e r t o b e t h e m a s t e r of one VRRP group but a backup of another at the same time. In load sharing mode, multiple routers provide services simultaneously. This mode requires two or more VRRP groups, each of which comprises a master and one or more backups. The masters of the VRRP groups are assumed by different routers, as shown in Figure 35. Figure 35 VRRP in load sharing mode A router can be in multiple VRRP groups and hold a different priority in a different group. As shown in Figure 35, the f ollowing VRRP groups are present: • VRRP group 1 —Router A is the master; Router B and Router C are the backups. • VRRP group 2 —Router B is the master; Router A and Router C are the backups. • VRRP group 3 —Router C is the master; Router A and Router B are the backups. For load sharing among Router A, Router B, and Router C , h o s t s o n t h e L A N n e e d t o b e c o n f i g u re d t o u s e VRRP group 1, 2, and 3 as the default gateways. When you configure VRRP priorities, make sure that each router holds such a priority in each VRRP group that it will take the expected role in the group. VRRP load balancing mode Overview When VRRP is operating in standard protocol mo de, only the master can forward packets and the backups are in the state of listening. You can crea te multiple VRRP groups to share the load among multiple routers, but hosts on the LAN need to be configured with different gateways, thus making the configuration complicated. In load balancing mode, VRRP prov ides load balancing in addition to virtual gateway redundancy by mapping a virtual IP address to multiple virtual MAC addresses to assign each router in a VRRP group
132 one virtual MAC address. In this way, each router in this VRRP group can respond to ARP requests (in an IPv4 network) or ND requests (in an IPv6 network) from corresponding hosts, so that different hosts can send packets to different routers, and each router in the VRRP group can forward packets. In load balancing mode, you need to create only one VRRP group to balance load among multiple routers, instead of allowing one router to bear the load but other routers to stay idle. VRRP load balancing mode is based on VRRP standard protocol mode, so mechanisms, such as master election, preemption, and tracking functions, in th e standard protocol mode are also supported in the load balancing mode. In addition, VRRP load bal ancing mode has new mechanisms, which are introduced in the following sections. Assigning virtual MAC addresses When VRRP is operating in load balancing mode, the master assigns virtual MAC addresses to the routers in the VRRP group and answers the ARP requests or ND requests from different hosts. The backup routers, however, do not answer the ARP requests or ND requests from the hosts. Assume that a VRRP group is operating in an IPv4 network. The following describes how the load balancing mode works: 1. The master assigns virt ual MAC addresses to the routers (inc luding the master itself and the backups) in the VRRP group. For example, as shown in Figure 36, the v irtual IP address of the VRRP group is 10.1.1.1/24; Router A is the master; Router B and Router C are the backups. Router A assigns 000f-e2ff-0011 to itself, and 000f-e2ff-0012 to Router B. Figure 36 Allocating virtual MAC addresses 2. After receiving an ARP request dest ined for the virtual IP address of the VRRP group from a host, the master, based on the load balancing algorithm, uses a corresponding virtual MAC address to answer the ARP request. For example, as shown Figure 37, when Hos t A sends an ARP request to retrieve the MAC address of gatewa y 10.1.1.1, the master (Router A), after receiving the request, returns the virtual MAC addr ess of Router A to Host A; when Host B sends an ARP request to retrieve the MAC address of gatewa y 10.1.1.1, the master (Router A), after receiving the request, returns the virtual MAC address of Router B to Host B.
133 Figure 37 Answering ARP requests 3. Different hosts send packets to different routers according to the requested virtual MAC addresses. For example, as shown in Figure 38, Host A regards th e virtual MAC address of Router A as the gateway MAC address, so it sends packets to Rout er A for forwarding; Host B regards the virtual MAC address of Router B as the gateway MAC address, so it sends packets to Router B for forwarding. Figure 38 Sending packets to different routers for forwarding
134 Virtual forwarder Creating a virtual forwarder Virtual MAC addresses help different hosts transmit packets to different routers in a VRRP group. To enable the routers in the VRRP group to forward the packets, be sure to create virtual forwarders (VFs) on the routers. Each VF associates with a virtual MAC address in the VRRP group and forwards packets destined to this virtual MAC address. The following describes how VFs are created on the routers in a VRRP group: 1. The master assigns virtual MAC addres ses to all routers in the VRRP group. After learning its virtual MAC address, a router in the VRRP group creates a VF that corresponds to this MAC address, and becomes the owner of this VF. 2. The router advertises the VF information to the other routers in the VRRP group. 3. After receiving the VF advertisement, each of the other routers creates the advertised VF. As described in the preceding steps, each router in the VRRP group creates not only a VF corresponding to its virtual MAC address, but also VFs advertised by the other routes in the VRRP group.. VF weight and priority The weight of a VF indicates the forwarding capabili ty of a router. A higher weight indicates a higher forwarding capability. When the weight is lower than the lower limit of failure, the router cannot be capable of forwarding packets for the hosts. The priority of a VF determines the VF state. Among the VFs that correspond to the same virtual MAC address on different routers in the VRRP group, the VF with the highest priority is in the active state and is known as the active virtual forwarder (AVF), which forwards packets; other VFs are in the listening state and are known as the listening virtual forwarders (LVF s), which monitor the state of the AVF. The priority val u e of a VF rang es from 0 to 255 , where 255 i s reser ved for the VF owner. I f the weig ht of a VF owner is higher than or equal to the lower limit of failure, the priority value of the VF owner is 255. The priority value of a VF is calculated based on its weight: • I f t h e wei g h t o f a V F i s h i g h e r t h a n o r e q u a l t o t h e l owe r l i m i t o f fa i l u re, a n d t h e ro u t e r wh e re t h e V F resides is the owner of the VF, the priority value of the VF is 255. • If the weight of a VF is higher than or equal to the lower limit of failure, but the router where the VF resides is not the owner of the VF, the priority value of the VF is weight/(number of local AVFs +1) • If the weight of a VF is lower than the lower limit of failure, the priority value of the VF is 0. VF backup The VFs corresponding to a virtual MAC address on different routers in the VRRP group back up one another.
135 Figure 39 VF information Figure 39 illustrates the VF information on each router in the VRRP group and how the routers back up one another. The master, Router A, as signs virtual MAC addresses 000f-e2ff-001 1, 000f-e2ff-0012, and 000f-e2ff-0013 to itself, Router B, and Router C, respectively. The VFs corresponding to these three virtual MAC addresses, VF 1, VF 2, and VF 3, are created on each of the three routers, and the VFs corresponding to the same virtual MAC address on di fferent routers back up one another. For example, VF 1 on Router A, Router B, and Router C can implement backup. • Router A is the owner of VF 1, and the priority value of VF 1 on Router A is 255. In this case, VF 1 on Router A acts as the AVF to forward the packets destined for virtual MAC address 000f-e2ff-001 1. • The priority value of VF 1 on Router B and Router C is weight/(number of local AVFs + 1), that is, 255/(1 + 1) =127, which is lower than that of VF 1 on Router A. In this case, VF 1 on both Router B and Router C acts as the LVF to listen to the status of VF 1 on Router A. • When VF 1 on Router A fails, VF 1 on Router B an d Router C elects the one with a higher priority value as the new AVF, responsible for forwarding the packets destined for virtual MAC address 000f-e2ff-001 1. NOTE: A VF always operates in preemptive mode. When an LV F finds its priority value higher than that in the advertisement sent by the AVF, the LVF declares itself as the AVF. VF timers When the AVF on a router fails, the newly elected AV F on another router creates a redirect timer and a timeout timer for the failed AVF. • Redirect Timer —Before this timer times out, the master still uses the virtual MAC address corresponding to the failed AVF to respond to ARP/ND requests from the hosts, and the VF owner can share traffic load if the VF owner resumes normal operation within this time. When this timer times out, the master stops using the virtual MAC address corresponding to the failed AVF to respond to ARP/ND requests from the hosts. Host A Host B Host C Router A Master Router B Backup Router C Backup Virtual IP address: 10.1.1.1/24 10.1.1.2/24 10.1.1.3/24 10.1.1.4/24 Network VF Virtual MAC address VF priority State 000f-e2ff-0011 VF 1 255 AVF 000f-e2ff-0012 VF 2 127 LVF 000f-e2ff-0013 VF 3 127 LVF VF Virtual MAC address VF priority State 000f-e2ff-0011 VF 1 127 LVF 000f-e2ff-0012 VF 2 255 AVF 000f-e2ff-0013 VF 3 127 LVF VF Virtual MAC address VF priority State 000f-e2ff-0011 VF 1 127 LVF 000f-e2ff-0012 VF 2 127 LVF 000f-e2ff-0013 VF 3 255 AVF
136 • Timeout Timer —The duration that the new AVF takes over the VF owner. Before this timer times out, all the routers in the VRRP group keep the failed AVF, and the new AVF forwards the packets destined for the virtual MAC address corresponding to the failed AVF. When this timer times out, all the routers in the VRRP group remove the failed AVF, and the new AVF stops forwarding the packets destined for the virtual MAC address corresponding to the failed AVF. VF tracking The AVF forwards packets destined to the MAC address of the AVF. If the uplink of the AVF fails and no LVF is notified to take over the AVFs work, hosts (on the LAN) that use the MAC address of the AVF as their gateway MAC address cannot access the external network. This problem can be solved by the VF tracking function. You can monitor the uplink state by using network quality analyzer (NQA) and bidirectional forwarding detection (BFD), and establish the collaboration between the VF and th e NQA or between the VF and the BFD through the tracking function. When the uplink fails, the state of the monitored track entry changes to negative and the weight of the VF decreases by a specified value. Then, the VF with a higher priority becomes the AVF and forwards packets. The VF tracking function can also work on an LVF to monitor its corresponding AVF on another router. When the AVF fails, the LVF immediately takes over the AVF to ensure uninterrupted network communications. Packet types VRRP standard protocol mode defines only VRRP ad vertisement. Only the master in a VRRP group periodically sends VRRP advertisements, and the backups do not send VRRP advertisements. VRRP load balancing mode defines the following types of packets: • Advertisement —VRRP advertises VRRP group state and inform ation about the VF that is in the active state. Both the master and the backups periodically send VRRP advertisements. • Request —If a backup is not the VF owner, it sends a request to ask the master to assign a virtual MAC address. • Reply —When receiving a request, the master sends a reply to the backup router to assign a virtual MAC address. After receiving the reply, the backup router creates a VF that corresponds to the virtual MAC address, and then becomes the owner of this VF. • Release —When a VF owner fails, the router that takes over its responsibility sends a release after a specified period of time to notify the other router s in the VRRP group to delete the VF of the failed VF owner. NOTE: The format of these packets is similar to that of th e advertisement in VRRP standard protocol mode excep t that a packet used in load balancing mode is appended with option field, which contains information for load balancing. Configuring VRRP for IPv4 VRRP for IPv4 configuration task list To form a VRRP group, perform the following configurations on each device in the VRRP group.
137 Complete these tasks to configure VRRP for IPv4: Task Remarks Configuring a VRRP operation mode Optional Specifying the type of MAC addresses mapped to virtual IP addresses Optional When VRRP is operating in load balancing mode, this configuration is not effective. Creating a VRRP group and configuring virtual IP address Required Configuring router priority, preemptive mode and tracking function Optional Configuring VF tracking Optional The VF tracking function is effective only when VRRP is operating in load balancing mode. Configuring VRRP packet attributes Optional Enabling the trap function for VRRP Optional Configuring a VRRP operation mode VRRP can operate in either of the following modes: • Standard protocol mode —When VRRP is operating in this mode, only the master in a VRRP group is responsible for forwarding packets. • Load balancing mode —When VRRP is operating in this mode, all the routers (master and backups) that have the AVF in a VRRP group can forward packets, thus implementing load balancing. After the VRRP operation mode is specified on a rout er, all VRRP groups on the router operate in the specified operation mode. To configure a VRRP operation mode: Step Command Remarks 1. Enter system view. system-view N/A 2. Configure a VRRP operation mode. Configure VRRP to operate in standard protocol mode: undo vrrp mode Configure VRRP to operate in load balancing mode: vrrp mode load-balance Use either command. By default, VRRP operates in standard protocol mode. Specifying the type of MAC addresses mapped to virtual IP addresses After you specify the type of MAC addresses mapped to the virtual IP addresses of VRRP groups and create a VRRP group, the master in the VRRP group uses the specified type of MAC address as the source MAC address for sending packets and uses the specified type of MAC address to answer ARP requests