EN WLC
Дерево страниц

Сравнение версий

Старая версия 1

changes.mady.by.user Отдел Документации

Сохранено

по сравнению с

Новая версия Текущий

changes.mady.by.user Отдел Документации

Сохранено

Ключ

  • Эта строка добавлена.
  • Эта строка удалена.
  • Изменено форматирование.

...

Якорь
Алгоритм настройки VRRP
Алгоритм настройки VRRP
Configuration algorithm

Step

Description

Command

Keys

1

Switch to the interface/tunnel/network bridge configuration mode for which it is necessary to configure VRRP.

esr(config)# interface <IF-TYPE><IF-NUM>

<IF-TYPE> – interface type;

<IF-NUM> – F/S/P – F frame (1), S – slot (0), P – port.

esr(config)# tunnel <TUN-TYPE><TUN-NUM>

<TUN-TYPE> – tunnel type;

<TUN-NUM> – tunnel number.

esr(config)# bridge <BR-NUM>

<BR-NUM> – bridge number.

2

Configure the required parameters on the interface/network bridge, including IP address.

3

Enable VRRP process on IP interface.

esr(config-if-gi)# vrrp


esr(config-if-gi)# ipv6 vrrp


4

Set virtual IP address of VRRP router.

esr(config-if-gi)# vrrp ip <ADDR/LEN>

<ADDR/LEN> – virtual IP address, defined as AAA.BBB.CCC.DDD/EE where each part AAA-DDD takes values of [0..255] and EE takes values of [1..32]. You can specify several IP addresses separated by commas. Up to 4 IP addresses can be assigned to the interface.

esr(config-if-gi)# ipv6 vrrp ip <IPV6-ADDR>

<IPV6-ADDR> – virtual IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF]. Up to 8 IPv6 addresses separated by commas can be specified. 

5

Set the VRRP router identifier.

esr(config-if-gi)# vrrp id <VRID>

<VRID> – VRRP router identifier, takes values in the range of [1..255].

esr(config-if-gi)# ipv6 vrrp id <VRID>

6

Set the VRRP router priority (optional).

esr(config-if-gi)# vrrp priority <PR>

<PR> – VRRP router priority, takes values in the range of [1..254].

Default value: 100.

esr(config-if-gi)# ipv6 vrrp priority <PR>

7

Identify the VRRP router’s inherence to a group. The group provides the ability to synchronize several VRRP processes, so if in one of the processes there is a wizard change, then in another process roles will also be changed (optional).

esr(config-if-gi)# vrrp group <GRID>

<GRID> – VRRP router group identifier, takes values in the range of [1..32].

esr(config-if-gi)# ipv6 vrrp group <GRID>

8

Set the IP address that will be used as a source IP address for VRRP messages (optional).

esr(config-if-gi)# vrrp source-ip <IP>

<ADDR> – sender IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

esr(config-if-gi)# ipv6 vrrp source-ip <IPV6>

<IPV6> – source IPv6 address, defined as X:X:X:X::X where each part takes values in hexadecimal format [0..FFFF].

9

Set the interval between sending VRRP messages (optional).

esr(config-if-gi)# vrrp timers advertise <TIME>

<TIME> – time in seconds, takes values of [1..40].

Default value: 1 second.

esr(config-if-gi)# ipv6 vrrp timers advertise <TIME>

10

Set the interval after which GratuituousARP messages are sent when switching the router to the Master status (optional).

esr(config-if-gi)# vrrp timers garp delay <TIME>

<TIME> – time in seconds, takes values of [1..60].

Default value: 5 seconds.

11

Set the amount of GratuituousARP messages that will be sent when switching the router to the Master status (optional).

esr(config-if-gi)# vrrp timers garp repeat <COUNT>

<COUNT> – amount of messages, takes values of [1..60].

Default value: 5.

12

Set the interval after which GratuituousARP messages will be sent periodically while the router is in the Master status (optional).

esr(config-if-gi)# vrrp timers garp refresh <TIME>

<TIME> – time in seconds, takes values of [1..65535].

Default value: Periodic sending is disabled.

13

Set the amount of GratuituousARP messages that will be sent with the garprefresh period while the router is in the Master status (optional).

esr(config-if-gi)# vrrp timers garp refresh-repeat <COUNT>

<COUNT> – amount of messages, takes values of [1..60].

Default value: 1.

14

Specify whether the higher priority Backup router would try to take the Master role from the current lower priority Master router (optional).

esr(config-if-gi)# vrrp preemption disable


esr(config-if-gi)# ipv6 vrrp preemption disable

15

Set the time interval after which the higher priority Backup route will try to take the Master role from the current lower priority Master router (optional).

esr(config-if-gi)# vrrp preemption delay <TIME>

<TIME> – timeout, takes value in seconds [1..1000].

Default value: 0

esr(config-if-gi)# ipv6 vrrp preemption delay <TIME>

16

Set the password for neighbour authentication (optional).

esr(config-if-gi)# vrrp authentication key ascii-text
{ <CLEAR-TEXT> | encrypted <ENCRYPTED-TEXT> }

<CLEAR-TEXT> – password, set by the string of 8 to 16 characters;

<ENCRYPTED-TEXT> – encrypted password of 8 to 16 bytes (from 16 to 32 characters) in hexadecimal format (0xYYYY ...) or (YYYY ...).

17

Specify authentication algorithm (optional).

esr(config-if-gi)# vrrp authentication algorithm <ALGORITHM>

<ALGORITHM> – authentication algorithm:

  • cleartext – password, transmitted in clear text;
  • md5 – password is hashed by md5 algorithm.

18

Specify VRRP version (optional).

esr(config-if-gi)# vrrp version <VERSION>

<VERSION> – VRRP version: 2, 3.

19

Set the mode when vrrp IP address remains in the UP status regardless of the status of the interface itself (optional).

esr(config-if-gi)# vrrp force-up


20

Specify the delay between the assignment of MASTER status to ipv6 vrrp and the start of ND messages distribution (optional).

esr(config-if-gi)# ipv6 vrrp timers nd delay <TIME>

<TIME> – time in seconds, takes values of [1..60].

Default value: 5.

21

Specify the period of ND protocol information update for ipv6 vrrp in MASTER status (optional).

esr(config-if-gi)# ipv6 vrrp timers nd refresh <TIME>

<TIME> – time in seconds, takes values of [1..65535].

Default value: 5.

22

Specify the amount of ND messages sent in the update period for ipv6 vrrp in MASTER status (optional).

esr(config-if-gi)# ipv6 vrrp timers nd refresh-repeat <NUM>

<NUM> – amount, takes values of [1..60].

Default value: 0.

23

Specify the amount of ND packets sendings after setting ipv6 vrrp to the MASTER status (optional).

esr(config-if-gi)# ipv6 vrrp timers nd repeat <NUM>

<NUM> – amount, takes values of [1..60].

Default value: 1.

Scroll Pagebreak

Configuration example 1

...

Tracking is a mechanism, which allows activating entities, depending on VRRP/SLA state.

Configuration algorithm

Step

Description

Command

Keys

1

Configure VRRP according to the section VRRP configuration algorithm or configure SLA.

 


2

Add Tracking object to the system and switch to the Tracking object parameters configuration mode.

esr(config)#tracking <ID>

<ID> – Tracking object number, takes values of [1..100].

3

Set a rule for tracking VRRP/SLA processes, based on which Tracking object will switch to active state.

esr(config-track)# track vrrp id <VRID> state [not] { master | backup | fault } [vrf <VRF> ]

<VRID> – trackable VRRP router identifier, takes values in the range of [1..255];

<VRF> – VRF name, set by the string of up to 31 characters.

esr(config-track)# track sla test <NUM> [ mode <MODE> ]

<NUM> – SLA test name, set in range of [1..10000];

<MODE> – SLA test tracking mode, may take the following values:

  • state – state of the SLA test is monitored;
  • reachability – state of the communication channel is monitored, which is provided by the SLA test.

4

Enable Tracking object.

esr(config-tracking)#enable


5Set delay for changing state of the monitored object (optional).esr(config-track)# delay { down | up } <TIME><TIME> – delay in seconds, set in range of [1..300].
6Set tracking operation mode (optional).esr(config-track)# mode <MODE>

<MODE> – condition for the Tracking object to be in the active state, takes the following values:

  • and – Tracking object is in active state, if all tracked conditions are in active state;
  • or – Tracking object is in active state, if at least one tracked condition is in active state.
7Create an entity on the ESR that will change depending on the state of the Tracking object.

7.1

Add the ability to manage a static IP route to the specified subnet (optional).

esr(config)# ip route [ vrf <VRF> ] <SUBNET> { <NEXTHOP> [ resolve ] |
interface <IF> | tunnel <TUN> | wan load-balance rule <RULE> |
blackhole | unreachable | prohibit } [ <METRIC> ] [ track <TRACK-ID> ]

<VRF> – VRF name, set by the string of up to 31 characters.

<SUBNET> – destination address, can be specified in the following formats:

AAA.BBB.CCC.DDD – host IP address, where each part takes values of [0..255].

AAA.BBB.CCC.DDD/NN – network IP address with prefix mask, where AAA-DDD take values of [0..255] and NN takes values of [1..32].

<NEXTHOP> – gateway IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255];

  • resolve – when specifying this parameter, gateway IP address will be recursively calculated through the routing table. If the recursive calculation fails to find a gateway from a directly connected subnet, then this route will not be installed into the system;

<IF> – an IP interface name

specified in the form described in Section Types and naming order of router interfaces;

.

<TUN> – the name of the tunnel

is specified as described in section Types and naming order of router tunnels;

.

<RULE> – wan rule number, set in the range of [1..50];

  • blackhole – when specifying the command, the packets to this subnet will be removed by the device without sending notifications to a sender;
  • unreachable – when specifying the command, the packets to this subnet will be removed by the device, a sender will receive in response ICMP Destination unreachable (Host unreachable, code 1);
  • prohibit – when specifying the command, the packets to this subnet will be removed by the device, a sender will receive in response ICMP Destination unreachable (Communication administratively prohibited, code 13);

<METRIC> – route metric, takes values of [0..255];

<TRACK-ID> – Tracking object identifier. If the router is bound to the Tracking object, it will appear in the system only after meeting all requirements specified in the object.

7.2Add the ability to manage the logical state of the interface (optional).esr(config-if-gi)# shutdown track <ID><ID> – Tracking object number, takes values of [1..100].
7.3Add the ability to control the priority of the VRRP process (optional).esr(config-if-gi)# vrrp priority track <ID> { <PRIO> | increment <INC> | decrement <DEC> }

<ID> – Tracking object number, takes values of [1..100];

<PRIO> – priority of the VRRP process, which will be set if the Tracking object is in the active state, takes values of [1..254];

<INC> – value by which the priority of the VRRP process will increase if the Tracking object is in the active state, takes values of [1..254];

<DEC> – value by which the priority of the VRRP process will decrease if the Tracking object is in the active state, takes values of [1..254].

7.4Add the ability to control Next-Hop for packets that match criteria in the specified access list (ACL) (optional).esr(config-route-map-rule)# action set ip next-hop verify-availability <NEXTHOP><METRIC> track <ID>

<NEXTHOP> – gateway IP address in the AAA.BBB.CCC.DDD format, where each part takes values of [0..255];

<METRIC> – route metric, takes values of [0..255];

<ID> – Tracking object number, takes values of [1..100].

7.5

Add the ability to control the BGP AS-Path attribute that will be added to the front of the AS-Path list (optional).

esr(config-route-map-rule)# action set as-path
prepend <AS-PATH> track <ID>

<AS-PATH> – list of autonomous system numbers to be added to the current value in the route. Specified as AS,AS,AS, takes values of [1..4294967295];

<ID> – Tracking object number, takes values of [1..100].

7.6Add the ability to control the BGP MED attribute in the route for which the rule should fire (optional).esr(config-route-map-rule)# action set metric bgp <METRIC> track <ID>

<METRIC> – BGPMED attribute value, takes values of [0..4294967295];

<ID> – Tracking object number, takes values of [1..100].

Configuration example

Objective:

...

Firewall failover is required to reserve firewall sessions.

Configuration algorithm

Step

Description

Command

Key

1

Select the routers communication mode.

 ip firewall failover sync-type <MODE>

<MODE> – communication mode:

  • unicast – unicast mode;
  • multicast – multicast mode.
2Select the IP address of the network interface from which messages will be sent when the Firewall is running in session reservation mode.ip firewall failover source-address <ADDR><ADDR> – IP address of the sender network interface, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Set neighbor's IP address when reserving Firewall sessions in unicast mode.ip firewall failover destination-address <ADDR><ADDR> – neighbor IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
Configuring multicast IP address that will be used to exchange information when the Firewall session backup is in multicast mode.ip firewall failover multicast-address <ADDR>

<ADDR> – multicast IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].

4If Firewall session reservation works in multicast mode, then it is necessary to configure the multicast group ID.ip firewall failover multicast-group <GROUP><GROUP> – multicast group, specified in range [1000..9999].
5Setting the UDP port number of the Firewall session reservation service through which information is exchanged when working in unicast mode (optional).ip firewall failover port <PORT><PORT> – port number of Firewall session reservation service, specified in range [1..65535].
6Binding of a VRRP group, based on which the state (main/backup) of the router is determined when reserving Firewall sessions (optional).ip firewall failover vrrp-group <GRID><GRID> – VRRP router group ID, takes values of [1..32].
7Enabling Firewall session reservation.ip firewall failover


Примечание

When configuring firewall failover, NAT sessions between devices will also be synchronized.

...

DHCP failover is used to reserve a database of IP addresses that were dynamically issued during the operation of the DHCP server.

Configuration algorithm

Step

Description

Command

Keys

1

To configure DHCP failover, switch to its configuration menu.

ip dhcp-server failover [ vrf <VRF> ]

<VRF> – VRF name, set by the string of up to 31 characters.

2Select DHCP failover operation mode.mode { active-active | active-standby }

active-active – operating mode with two active routers;

active-standby – operating mode with one active router and one standby router.

Configure the IP address from which DHCP failover will work.local-address <ADDR><ADDR> – neighbor IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
4Configure the remote IP address of the neighbor that DHCP failover will work with.remote-address <ADDR>
<ADDR> – neighbor IP address, defined as AAA.BBB.CCC.DDD where each part takes values of [0..255].
5Configure the DHCP failover role when redundancy works in Active-Active mode.role <ROLE>

<ROLE> – DHCP server role when operating in standby mode:

  • primary – active DHCP server mode;
  • secondary – standby DHCP server mode.
6Bind the VRRP group, on the basis of which the state (primary/backup) of the router is determined when reserving sessions in the Active-Standby mode.vrrp-group <GRID><GRID> – VRRP router group identifier, takes values in the range of [1..32].
7Enable DHCP failover redundancy.enable


Примечание

The active-standby mode in VRF is not supported.

...