Home > HP > Printer > HP 5500 Ei 5500 Si Switch Series Configuration Guide

HP 5500 Ei 5500 Si Switch Series Configuration Guide

Add to Favourites
    Download as PDF Print this page Share this page

    Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.

    View all the pages
    Page
    of 2513
    Add page 2251 to Favourites
    image text
    Enable zoom 
    							 188 
Configuring stateful failover (available only on 
the HP 5500 EI) 
Stateful failover overview 
Some customers require the key entries or access points of their networks, such as the Internet access 
point of an enterprise or a database server of a bank, to be highly reliable to ensure continuous data 
transmission. Deploying only one device (even with high reliability) in such a network risks a single point 
of failure, as shown in Figure 48. S
 tateful failover can solve this problem. 
Figure 48  Network with one device deployed 
 
 
Operating procedure 
Stateful failover involves service backup and traffi c switchover. The operating procedure of stateful 
failover is as follows:  
1.  As shown in  Figure 49, Device A and Device B connects to  each other over a failover link.  
2. The two devices exchange state negotiation message s periodically through the failover link. After 
the two devices enter the synchronized state, they  b a c k  u p  t h e  s e s s i o n s  o f  e ac h  o t he r  t o  m a k e  s u r e  
that the sessions on them are consistent.  
3.  I f  o n e  d e v i c e  f a i l s ,  t h e  o t h e r  d e v i c e  c a n  t a k e  o v e r  t h e  s e r v i c e s  b y  u s i ng  V R R P  o r  a  d y n a m i c  r o u t i ng  
protocol (such as OSPF) to avoid service interruption. 
In this document, the stateful failover featur e supports backing up only portal services.
    Add page 2252 to Favourites
    image text
    Enable zoom 
    							 189 
Figure 49 Network diagram for stateful failover 
 
 
Stateful failover states 
Stateful failover has the following states: 
•  Silence —Indicates that the device has just started, or  is transiting from synchronization state to 
independence state. 
•   Independence —Indicates that the silence timer has expired, but no failover link is established. 
•   Synchronization —Indicates that the device has completed  state negotiation with the other device 
and is ready for service backup. 
Figure 50  Stateful failover state relations 
 
 
Introduction to stateful failover configuration 
To implement stateful failover on two devices, perform the following configurations:  
•  Routing configuration. Configure VRRP or a dynamic routing protocol on the devices and the 
uplink/downlink devices to make sure that the traffic can automatically switch to the other device 
when a device fails.  
SilenceThe device is started
IndependenceThe silence timer 
expiresSynchronizationState negotiation succeeds State negotiation 
fails
    Add page 2253 to Favourites
    image text
    Enable zoom 
    							 190 
•  Service backup configuration, which can implement real-time service backup between the two 
devices.  
This configuration guide only introduces the service backup configuration.  
Complete the following tasks to configure stateful failover:  
 
Task Remarks 
Enabling stateful failover  Required 
Configuring the backup VLAN Required 
Service module related 
configurations Optional 
You must perform further configurations on the device before it can 
automatically back up portal service information to the backup device. 
For more information, see Security Configuration Guide
.  
 
Enabling stateful failover 
When you enable stateful failover with the dhbk enable backup-type { dissymmetric-path |  
symmetric-path  } command:  
•   If you specify the  dissymmetric-path  keyword, the two devices operate in active/active mode. 
Sessions enter and leave the internal network thro ugh different devices to achieve load sharing.  
•   If you specify the  symmetric-path keyword, the two devices operate in active/standby mode. 
Sessions enter and leave the internal network through one device.  
Select a keyword based on the network environment and resources, and specify the same keyword for 
both devices.  
To enable stateful failover:  
 
Step Command Remarks 
1.   Enter system view. 
system-view  N/A 
2.  Enable stateful failover in a 
specified mode.  dhbk enable backup-type
 
{  dissymmetric-path  | 
symmetric-path  }  Disabled by default. 
 
Configuring the backup VLAN 
After you specify a VLAN as a backup VLAN, the inte
rfaces added to the VLAN can serve as stateful 
failover interfaces to transmit stateful failover packets.  
The device identifies stateful failover packets  by the VLAN tag and private protocol number, and 
broadcasts them in the backup VLAN to the peer. Do not configure other services for the backup VLAN 
(such as MAC VLAN or Voice VLAN); otherwise, the operation of stateful failover may be affected.  
The interfaces assigned to a backup VLAN can forwar d other packets besides stateful failover packets. 
To configure a backup VLAN:
    Add page 2254 to Favourites
    image text
    Enable zoom 
    							 191 
Step Command Remarks 
1.  Enter system view. 
system-view  N/A 
2.  Create a VLAN and assign 
interfaces to the VLAN.  See 
Layer 2—LAN Switching 
Configuration Guide .  N/A 
3.
  Return to system view.  quit  N/A 
4.  Specify the VLAN as a 
backup VLAN.  dhbk vlan 
vlan-id  Not specified by default.  
 
Displaying and maintaining stateful failover 
 
Task Command Remarks 
Display the running status and 
related information of stateful 
failover.  display
 dhbk status  [ | { begin  | 
exclude  | include  } 
regular-expression  ]  Available in any view 
 
Stateful failover configuration example 
Network requirements 
In 
Figure 51 , Device B and Device C serve as the internal gateways of an enterprise network. Device A 
and Device D, respectively attached to Device B and Device C, provide portal access authentication for 
internal users. Configure stateful failover between  Device A and Device D. When one device fails, the 
other device takes over the services to ensure service continuity.  
Figure 51  Network diagram 
 
 
Configuration procedure 
1. Configure Device A: 
# Create VLAN 100.  
 system-view
    Add page 2255 to Favourites
    image text
    Enable zoom 
    							 192 
[DeviceA] vlan 100 
# Assign GigabitEthernet 1/0/1 to VLAN 100.  
[DeviceA-vlan100] port gigabitethernet 1/0/1 
[DeviceA-vlan100] quit 
# Specify VLAN 100 as a backup VLAN.  
[DeviceA] dhbk vlan 100 
# Enable symmetric-path mode stateful failover.  
[DeviceA] dhbk enable backup-type symmetric-path 
2. Configure Device B: 
# Create VLAN 100.  
 system-view 
[DeviceB] vlan 100 
# Assign GigabitEthernet 1/0/1 to VLAN 100.  
[DeviceB-vlan100] port gigabitethernet 1/0/1 
[DeviceB-vlan100] quit 
# Assign GigabitEthernet 1/0/2 to VLAN 100.  
Because Device B and Device C may exchange  packets of multiple VLANs, configure 
GigabitEthernet 1/0/2 as a trunk port an d permit packets of VLAN 100 to pass.  
[DeviceB] interface gigabitethernet 1/0/2 
[DeviceB-GigabitEthernet1/0/2] port link-type trunk 
[DeviceB-GigabitEthernet1/0/2] port trunk permit vlan 100 
 Please wait... Done. 
3. The configurations on Device C are similar to those on Device B. (Details not shown.)  
4. The configurations on Device D are similar to  those on Device A. (Details not shown.) 
Configuration guidelines 
When you configure stateful failover, follow these guidelines:  
•  Stateful failover can be implemented only betwee n two devices rather than among more than two 
devices. 
•   The same numbered interfaces must exist on the two devices. Otherwise, session backup fails. For 
example, if Device A uses GigabitEthernet 1/0/1 and GigabitEthernet 1/0/3 to forward backup 
data, Device B must also use GigabitEthernet 1/0/1 and GigabitEthernet 1/0/3.
    Add page 2256 to Favourites
    image text
    Enable zoom 
    							 193 
Configuring BFD (available only on the HP 
5500 EI) 
The term router in the BFD features refers to both routers and Layer 3 switches.  
The term interface  in the BFD features refers to Layer 3 interfaces, including VLAN interfaces and 
route-mode (or Layer 3) Ethernet ports. You can set an  Ethernet port to operate in route mode by using the 
port  link-mode  route  command (see  Layer 2—LAN Switching Configuration Guide ). 
BFD overview 
Devices must quickly detect communication failures so that measures can be taken promptly to ensure 
service continuity and enhance network availability.  
The main fault detection methods include the following:  
•  Hardware detection —Detects link failures by sending hardware detection signals, such as 
synchronous digital hierarchy (SDH) alarms. Hardware detection can quickly detect link failures, 
but not all media types support hardware detection.  
•   Hello  mechanism —Devices can use the hello mechanism of a routing protocol to detect link failures, 
which has a failure detection rate in seconds. On a high-speed interface, such as a Gigabit 
interface, a failure that lasts fo r one second will cause a large quantity of data to be dropped. The 
hello mechanism is unacceptable for delay-sensitive  services such as voice service. Moreover, this 
detection method largely relies on the routing protocol.  
•   Other detection methods —Some protocols provide dedicated  detection mechanisms. However, 
they cannot be deployed for inter-system communications.  
Bidirectional forwarding detection (BFD) provides  a single mechanism to monitor links. With BFD, 
devices can quickly detect communication failures and restore communications through backup paths.  
How BFD works 
BFD provides a general-purpose, standard, medium-  and protocol-independent fast failure detection 
mechanism. It can uniformly and quickly detect the fa ilures of the bidirectional forwarding paths between 
two routers for protocols, such as routing protocols.  
BFD provides no neighbor discovery mechanism. Protocols that BFD services notify BFD of routers to 
which it needs to establish sessions. After a session is  established, if no BFD control packet is received 
from the peer within the negotiated BFD interval, BFD notifies a failure to the protocol, which takes 
appropriate measures.
    Add page 2257 to Favourites
    image text
    Enable zoom 
    							 194 
Operation of BFD 
Figure 52 BFD session establishment (on OSPF routers) 
 
 
The process of BFD session establishment is as follows: 
1. A protocol sends hello messages to discover neighbors and establish neig\
hborships. 
2. After establishing neighborships, the protocol noti fies BFD of the neighbor information, including 
destination and source addresses. 
3.  BFD uses the information to establish BFD sessions. 
Figure 53  BFD fault detection (on OSPF routers) 
 
 
The process of BFD fault detection is as follows: 
1. BFD detects a link failure. 
2. BFD clears the neighbor session. 
3. BFD notifies the protocol of the failure. 
4. The protocol terminates the neighborship on the link. 
5. If a backup link is available, the pr otocol will use it to forward packets.  
 NOTE:  
No detection time resolution is defined in the BFD  draft. Most devices supporting BFD provide detection 
measured in milliseconds. 
 
Router A Router B
1
2
3
2
OSPF advertises the BFD neighbor relationship
BFD neighbors
OSPF neighbors
5
OSPF  neighbors BFD neighbors
Router A
Router B
1
2
Fault
BFD notifies the OSPF link failure
3
3 4
Backup link
    Add page 2258 to Favourites
    image text
    Enable zoom 
    							 195 
BFD detection methods 
•  Single-hop detection —Detects the IP connectivity between two directly connected systems.  
•   Multi-hop detection—Detects any of the paths between two systems. These paths have multiple 
hops and may be overlapped. 
•   Bidirectional detection —Sends detection packets at two sides of  a bidirectional link to detect the 
bidirectional link status, finding link failures in milliseconds. (BFD LSP detection is a special case in 
which BFD control packets are sent in one directio n, and the peer device reports the link status 
through other links.)  
BFD session modes 
•   Control packet mode —Both ends of the link exchange BFD co ntrol packets to monitor link status.  
•   Echo mode —One end of the link sends Echo packets to the other end, which then forwards the 
packets back to the originating end, monito ring link status in both directions. 
BFD operating modes 
Before a BFD session is established, BFD has the following operating modes—active and passive.  
•  Active mode —BFD actively sends BFD control packets regardless of whether any BFD control 
packet is received from the peer.  
•   Passive  mod e —BFD does not send control packets until a BFD control packet is received from the 
peer.  
At least one end must operate in the active  mode for a BFD session to be established.  
After a BFD session is established, both en ds must operate in the asynchronous mode —Both endpoints 
p e r i o d i c a l l y  s e n d  B F D  c o n t ro l  p a c ke t s  t o  e a c h  o t h e r.  B F D  c o n s i d e r s  t h e  s e s s i o n  d own  i f  i t  re c e i ve s  n o  B F D  
control packets within a specific interval. 
 
  NOTE:  
When a BFD session is maintained by sending Echo  packets, the session is independent of the operating
mode.  
Dynamic BFD parameter changes 
After a BFD session is established, both ends can  negotiate the related BFD parameters, such as the 
minimum transmit interval, minimum receive interval , initialization mode, and packet authentication 
mode. After that, both ends use the negotiated paramet ers, without affecting the current session state.  
Authentication modes 
BFD provides the following authentication methods: 
•  Simple —Simple authentication 
•   MD5—MD5 (Message Digest 5) authentication 
•   SHA1—SHA1 (Secure Hash Algorithm 1) authentication 
BFD packet format 
BFD control packets are encapsulated into UDP packets  with por t number 3784 for single -hop detection 
or port number 4784 for multi-hop detection (it can also be 3784 based on the configuration task). BFD 
echo packets have a similar format to BFD control packets (except that the  Desired Min TX Interval and 
Required Min RX Interval  fields are null), with UDP port number 3785.
    Add page 2259 to Favourites
    image text
    Enable zoom 
    							 196 
Figure 54 BFD packet format 
 
 
•  Vers —Protocol version. The protocol version is 1. 
•   Diag —This bit indicates the reason for the last transition of the local session from  up to some other 
state.  Table  19  lists
  the states.  
Table 19  Diag bit values 
Dia
g Description 
0 No  Diagnostic 
1 Control Detection Time Expired 
2 Echo Function Failed 
3  Neighbor Signaled Session Down 
4 Forwarding Plane Reset 
5 Path  Down 
6 Concatenated  Path Down 
7 Administratively  Down 
8 Reverse Concatenated Path Down 
9~31  Reserved for future use 
 
•  State (Sta) —Current BFD session state. Its value can be  0 for AdminDown, 1 for Down, 2 for Init, 
and 3 for Up.  
•   Poll (P) —If set, the transmitting system is requesting  verification of connectivity, or of a parameter 
change. If clear, the transmitting system is not requesting verification. 
•   Final (F) —If set, the transmitting system is responding to a received BFD control packet that had the 
Poll (P) bit set. If clear, the transmitting system is not responding to a Poll. 
•   Control Plane Independent (C) —If set, the transmitting systems BFD implementation does not share 
fate with its control plane (BFD is implemented in  the forwarding plane and can continue to function 
through disruptions in the control plane.)  If clear, the transmitting systems BFD implementation 
shares fate with its control plane. 
•   Authentication Present (A)—If set, the Authentication Section is present, and the session is to be 
authenticated.  
•   Demand (D) — I f  s e t,  D e m a n d  m o d e  i s  a c t ive  i n  t h e  t ra n s m i t t i n g  sys t e m  ( t h e  sys t e m  wi s h e s  t o  o p e ra t e  
in Demand mode, knows that the session is up in bo th directions, and is directing the remote system 
to cease the periodic transmission of BFD Control pac kets). If clear, Demand mode is not active in 
the transmitting system.
    Add page 2260 to Favourites
    image text
    Enable zoom 
    							 197 
•  Reserved (R) —This byte must be set to zero on transmit and ignored on receipt. 
•   Detect Mult—Detection time multiplier.  
•   Length —Length of the BFD control packet, in bytes.  
•   My Discriminator —A unique, nonzero discriminator value generated by the transmitting system, 
used to demultiplex multiple BFD sessions between the same pair of systems.  
•   Yo u r  D i s c r i m i n a t o r —The discriminator received from the remo te system. This field reflects back the 
received value of My Discriminator or is 0 if that value is unknown.  
•   Desired Min TX Interval —This is the minimum interval, in microseconds, that the local system would 
like to use when transmitting BFD control packets. The value zero is reserved. 
•   Required Min RX Interval —This is the minimum interval, in microseconds, between received BFD 
control packets that this system is capable of support ing. If this value is zero, the transmitting system 
does not want the remote system to send any periodic BFD control packets. 
•   Required Min Echo RX Interval —This is the minimum interval, in microseconds, between received 
BFD echo packets that this system is capable of su pporting. If this value is zero, the transmitting 
system does not support the receipt of BFD echo packets. 
•   Auth Type —The authentication type in use, if the Authentication Present (A) bit is set. 
•   Auth Len—The length, in bytes, of the authentication section, including the Auth Type and Auth Len 
fields.  
Supported features 
•  OSPF. For more information, see  Layer 3—IP Routing Configuration Guide .  
•   OSPFv3. For more information, see  Layer 3—IP Routing Configuration Guide .  
•   IS-IS. For more information, see  Layer 3—IP Routing Configuration Guide . 
•   IPv6 IS-IS. For more information, see  Layer 3—IP Routing Configuration Guide . 
•   RIP. For more information, see  Layer 3—IP Routing Configuration Guide . 
•   Static routing. For more information, see  Layer 3—IP Routing Configuration Guide .  
•   BGP. For more information, see Layer 3—IP Routing Configuration Guide .  
•   IPv6 BGP. For more information, see  Layer 3—IP Routing Configuration Guide .  
•   PIM. For more information, see IP Multicast Configuration Guide . 
•   IPv6 PIM. For more information, see IP Multicast Configuration Guide . 
•   Track. For more information, see  Configuring track. 
•   I

P fast reroute (FRR) . Currently, IP FRR is supported by OSPF, RIP, IS -IS, and static routing. For more 
information, see  Layer 3—IP Routing Configuration Guide .  
Protocols and standards 
•  draft-ietf-bfd-base-09,  Protocol Independent Bidirectional Forwarding Detection  
•   draft-ietf-bfd-v4v6-1hop-10, BFD for IPv4 and IPv6 (Single Hop)  
•   draft-ietf-bfd-multihop-08,  BFD for Multihop Paths 
•   draft-ietf-bfd-generic-05,  Generic Application of BFD
    All HP manuals Comments (0)

    Related Manuals for HP 5500 Ei 5500 Si Switch Series Configuration Guide