Home » HP Manuals » Servers » HP 6125XLG » Manual Viewer

HP 6125XLG R2306-HP 6125XLG Blade Switch High Availability Configuration Guide - Page 47

Authentication method, VRRP timers, Skew_Time, VRRP advertisement interval

Add to My Manuals
Save this manual to your list of manuals

Page 47 highlights

• Preemptive mode-A backup starts a new master election and takes over as master when it detects that it has a higher priority than the current master. Preemptive mode makes sure the router with the highest priority in a VRRP group always acts as the master. Authentication method To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets to authenticate one another. VRRP provides the following authentication methods: • Simple authentication The sender fills an authentication key into the VRRP packet, and the receiver compares the received authentication key with its local authentication key. If the two authentication keys match, the received VRRP packet is legitimate. Otherwise, the received packet is illegitimate and gets discarded. • MD5 authentication The sender computes a digest for the packet to be sent by using the authentication key and MD5 algorithm, and saves the result in the VRRP packet. The receiver performs the same operation with the authentication key and MD5 algorithm, and compares the result with the content in the authentication header. If the results match, the received VRRP packet is legitimate. Otherwise, the received packet is illegitimate and gets discarded. On a secure network, you can choose to not authenticate VRRP packets. NOTE: IPv4 VRRPv3 and IPv6 VRRPv3 do not support VRRP packet authentication. VRRP timers Skew_Time Skew_Time helps avoid the situation that multiple backups in a VRRP group become the master at the same time when the master in the VRRP group fails. Skew_Time is not configurable and its value depends on the version of VRRP: • In VRRPv2 (described in RFC 3768), Skew_Time is (256 - Router priority)/256. • In VRRPv3 (described in RFC 5798), Skew_Time is ((256 - Router priority) × VRRP advertisement interval)/256. VRRP advertisement interval The master in a VRRP group periodically sends VRRP advertisements to declare its presence. You can configure the interval at which the master sends VRRP advertisements. If a backup does not receive a new VRRP advertisement from the master when the timer (3 × VRRP advertisement interval + Skew_Time) expires, it regards that the master has failed and takes over as the master. VRRP preemption delay timer To avoid frequent state changes among members in a VRRP group and provide the backups enough time to collect information (such as routing information). In preempt mode, a backup does not immediately become the master after it receives an advertisement with lower priority than the local priority. Instead, it waits for a period of time (preemption delay time + Skew_Time) before taking over as the master. 42

Section	Page
Title Page	1
Contents	3
Configuring Ethernet OAM	6
Overview	6
Major functions of Ethernet OAM	6
Ethernet OAMPDUs	6
How Ethernet OAM works	6
Ethernet OAM connection establishment	7
Link monitoring	7
Remote fault detection	8
Remote loopback	8
Protocols and standards	9
Ethernet OAM configuration task list	9
Configuring basic Ethernet OAM functions	9
Configuring the Ethernet OAM connection detection timers	10
Configuring link monitoring	10
Configuring errored symbol event detection	11
Configuring errored frame event detection	11
Configuring errored frame period event detection	12
Configuring errored frame seconds event detection	13
Configuring the action a port takes after it receives an Ethernet OAM event from the remote end	13
Configuring Ethernet OAM remote loopback	14
Configuration guidelines	14
Enabling Ethernet OAM remote loopback on a specific port	14
Enabling Ethernet OAM remote loopback on the port	15
Rejecting the Ethernet OAM remote loopback request from a remote port	15
Displaying and maintaining Ethernet OAM	15
Ethernet OAM configuration example	16
Network requirements	16
Configuration procedure	16
Configuring CFD	18
Overview	18
Basic CFD concepts	18
Maintenance domain	18
Maintenance association	18
Maintenance point	19
MEP list	20
CFD functions	21
Continuity check	21
Loopback	21
Linktrace	21
Protocols and standards	21
CFD configuration task list	21
Configuring basic CFD settings	22
Enabling CFD	22
Configuring service instances	22
Configuring MEPs	23
Configuring MIP auto-generation rules	23
Configuring CFD functions	24
Configuration prerequisites	24
Configuring CC on MEPs	24
Configuring LB on MEPs	25
Configuring LT on MEPs	25
Displaying and maintaining CFD	26
CFD configuration example	26
Network requirements	26
Configuration procedure	27
Verifying the configuration	29
Configuring DLDP	30
Overview	30
Basic concepts	31
DLDP neighbor states	31
DLDP port states	31
DLDP timers	31
DLDP authentication mode	32
How DLDP works	32
Detecting one neighbor	32
Detecting multiple neighbors	34
Configuration restrictions and guidelines	34
DLDP configuration task list	34
Configuration prerequisites	35
Enabling DLDP	35
Setting the interval to send advertisement packets	35
Setting the DelayDown timer	35
Setting the port shutdown mode	36
Configuring DLDP authentication	36
Displaying and maintaining DLDP	37
DLDP configuration examples	37
Automatically shutting down unidirectional links	37
Network requirements	37
Configuration procedure	37
Manually shutting down unidirectional links	40
Network requirements	40
Configuration procedure	41
Configuring VRRP	45
Overview	45
VRRP standard mode	46
Router priority in a VRRP group	46
Preemption	46
Authentication method	47
VRRP timers	47
Skew_Time	47
VRRP advertisement interval	47
VRRP preemption delay timer	47
Master election	48
VRRP tracking	48
VRRP application	48
Master/backup	48
Load sharing	49
VRRP load balancing mode	50
Virtual MAC address assignment	50
Virtual forwarder	52
Virtual forwarder creation	52
VF weight and priority	52
VF backup	53
VF timers	53
VF tracking	54
Protocols and standards	54
Configuring IPv4 VRRP	54
IPv4 VRRP configuration task list	54
Specifying an IPv4 VRRP operating mode	55
Specifying the IPv4 VRRP version	55
Creating a VRRP group and assigning a virtual IP address	55
Configuration guidelines	55
Configuration procedure	56
Configuring the router priority, preemptive mode, and tracking function	56
Configuration guidelines	56
Configuration procedure	56
Configuring IPv4 VRRP packet attributes	57
Configuration guidelines	57
Configuration procedure	57
Configuring VF tracking	58
Configuration guidelines	58
Configuration procedure	58
Disabling an IPv4 VRRP group	58
Displaying and maintaining IPv4 VRRP	59
Configuring IPv6 VRRP	59
IPv6 VRRP configuration task list	59
Specifying an IPv6 VRRP operating mode	59
Creating a VRRP group and assigning a virtual IPv6 address	60
Configuration guidelines	60
Configuration procedure	60
Configuring the router priority, preemptive mode, and tracking function	61
Configuration guidelines	61
Configuration procedure	61
Configuring VF tracking	61
Configuration guidelines	61
Configuration procedure	62
Configuring the IPv6 VRRP advertisement interval	62
Configuration guidelines	62
Configuration procedure	62
Disabling an IPv6 VRRP group	63
Displaying and maintaining IPv6 VRRP	63
IPv4 VRRP configuration examples	63
Single VRRP group configuration example	63
Network requirements	63
Configuration procedure	64
Multiple VRRP groups configuration example	66
Network requirements	66
Configuration procedure	67
VRRP load balancing configuration example	69
Network requirements	69
Configuration procedure	70
IPv6 VRRP configuration examples	77
Single VRRP group configuration example	77
Network requirements	77
Configuration procedure	78
Multiple VRRP groups configuration example	80
Network requirements	80
Configuration procedure	81
VRRP load balancing configuration example	83
Network requirements	84
Configuration procedure	84
Troubleshooting VRRP	92
An error prompt is displayed	92
Symptom	92
Analysis	92
Solution	92
Multiple masters appear in a VRRP group	92
Symptom	92
Analysis	92
Solution	93
Fast VRRP state flapping	93
Symptom	93
Analysis	93
Solution	93
Configuring BFD	94
Introduction to BFD	94
BFD session establishment	94
BFD session modes and operating modes	94
Control packet mode	95
Supported features	95
Protocols and standards	96
Configuring BFD basic functions	96
Configuring echo packet mode	96
Configuring control packet mode	96
Displaying and maintaining BFD	98
Configuring Track	99
Overview	99
Collaboration fundamentals	99
Collaboration between the Track module and a detection module	99
Collaboration between the Track module and an application module	100
Collaboration application example	100
Track configuration task list	100
Associating the Track module with a detection module	101
Associating Track with NQA	101
Associating Track with BFD	101
Configuration prerequisites	102
Configuration procedure	102
Associating Track with interface management	102
Associating the Track module with an application module	103
Associating Track with VRRP	103
Associating Track with static routing	104
Associating Track with PBR	106
Configuration prerequisites	106
Configuration procedure	106
Displaying and maintaining track entries	107
Track configuration examples	107
VRRP-Track-NQA collaboration configuration example	107
Network requirements	107
Configuration procedure	108
Verifying the configuration	109
Configuring BFD for a VRRP backup to monitor the master	111
Network requirements	111
Configuration procedure	111
Verifying the configuration	112
Configuring BFD for the VRRP master to monitor the uplinks	114
Network requirements	114
Configuration procedure	114
Verifying the configuration	115
Static routing-Track-NQA collaboration configuration example	117
Network requirements	117
Configuration procedure	118
Verifying the configuration	120
Static routing-Track-BFD collaboration configuration example	122
Network requirements	122
Configuration procedure	122
Verifying the configuration	123
VRRP-Track-interface management collaboration configuration example	125
Network requirements	125
Configuration procedure	126
Verifying the configuration	126
Support and other resources	129
Contacting HP	129
Subscription service	129
Related information	129
Documents	129
Websites	129
Conventions	130
Command conventions	130
GUI conventions	130
Symbols	130
Network topology icons	131
Port numbering in examples	131

Match case Limit results 1 per page

•

Preemptive mode

—A backup starts a new master election and takes over as master when it detects

that it has a higher priority than the current master. Preemptive mode makes sure the router with the

highest priority in a VRRP group always acts as the master.

Authentication method

To avoid attacks from unauthorized users, VRRP member routers add authentication keys in VRRP packets

to authenticate one another. VRRP provides the following authentication methods:

•

Simple authentication

The sender fills an authentication key into the VRRP packet, and the receiver compares the received

authentication key with its local authentication key. If the two authentication keys match, the

received VRRP packet is legitimate. Otherwise, the received packet is illegitimate and gets

discarded.

•

MD5 authentication

The sender computes a digest for the packet to be sent by using the authentication key and MD5

algorithm, and saves the result in the VRRP packet. The receiver performs the same operation with

the authentication key and MD5 algorithm, and compares the result with the content in the

authentication header. If the results match, the received VRRP packet is legitimate. Otherwise, the

received packet is illegitimate and gets discarded.

On a secure network, you can choose to not authenticate VRRP packets.

NOTE:

IPv4 VRRPv3 and IPv6 VRRPv3 do not support VRRP packet authentication.

VRRP timers

Skew_Time

Skew_Time helps avoid the situation that multiple backups in a VRRP group become the master at the

same time when the master in the VRRP group fails.

Skew_Time is not configurable and its value depends on the version of VRRP:

•

In VRRPv2 (described in RFC 3768), Skew_Time is (256 – Router priority)/256.

•

In VRRPv3 (described in RFC 5798), Skew_Time is ((256 – Router priority) × VRRP advertisement

interval)/256.

VRRP advertisement interval

The master in a VRRP group periodically sends VRRP advertisements to declare its presence.

You can configure the interval at which the master sends VRRP advertisements. If a backup does not

receive a new VRRP advertisement from the master when the timer (3 × VRRP advertisement interval +

Skew_Time) expires, it regards that the master has failed and takes over as the master.

VRRP preemption delay timer

To avoid frequent state changes among members in a VRRP group and provide the backups enough time

to collect information (such as routing information). In preempt mode, a backup does not immediately

become the master after it receives an advertisement with lower priority than the local priority. Instead,

it waits for a period of time (preemption delay time + Skew_Time) before taking over as the master.