HP 5500 Ei 5500 Si Switch Series Configuration Guide
Have a look at the manual HP 5500 Ei 5500 Si Switch Series Configuration Guide online for free. It’s possible to download the document as PDF or print. UserManuals.tech offer 1114 HP manuals and user’s guides for free. Share the user manual or guide on Facebook, Twitter or Google+.
![Page 2257
194
Operation of BFD
Figure 52 BFD session establishment (on OSPF routers)
The process of BFD session establishment is as follows:
1. A protocol sends hello messages to discover neighbors and establish neig\
hborships.
2. After establishing neighborships, the protocol noti fies BFD of the neighbor information, including
destination and source addresses.
3. BFD uses the information to establish BFD sessions.
Figure 53 BFD fault detection (on OSPF routers)
The process of BFD fault...](http://img.usermanuals.tech/thumb/36/58909/w64_hp-5500-ei-5500-si-switch-series-configuration-guide-2256.png "Page 2257
194
Operation of BFD
Figure 52 BFD session establishment (on OSPF routers)
The process of BFD session establishment is as follows:
1. A protocol sends hello messages to discover neighbors and establish neig\
hborships.
2. After establishing neighborships, the protocol noti fies BFD of the neighbor information, including
destination and source addresses.
3. BFD uses the information to establish BFD sessions.
Figure 53 BFD fault detection (on OSPF routers)
The process of BFD fault...")
198
Configuring BFD basic functions
The BFD basic functions configuration is the basis for configuring BFD for other protocols.
Configuration prerequisites
Before configuring BFD basic functions, complete the following tasks:
• Configure the network layer addresses of the interf aces so that adjacent nodes are reachable to
each other at the network layer
• Configure the routing protocols that support BFD
Configuration procedure
To configure BFD basic functions:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Specify the mode for
establishing a BFD session. bfd session init-mode
{ active |
passive } Optional.
active
by default.
3. Configure the destination port
number for multi-hop BFD
control packets. bfd multi-hop destination-port
port-number
Optional.
4784 by default.
4.
Configure the source IP
address of echo packets. bfd echo-source-ip
ip-address Optional.
The source IP address should not
be on the same network segment
as any local interface’s IP address.
Otherwise, a large number of
ICMP redirect packets may be sent
from the peer, resulting in link
congestion.
5.
Enter interface view. interface
interface-type
interface-number N/A
6.
Configure the minimum
interval for receiving BFD
echo packets. bfd min-echo-receive-interval
value
Optional.
For relevant information, see the
description of the
Required Min
Echo RX Interval field in BFD
pac
ket format.
400 milliseconds by default.
7. Configure the minimum
interval for transmitting BFD
control packets. bfd min-transmit-interval
value Optional.
For relevant information, see the
description of the
Desired Min TX
Interval field in BFD packet
format .
400
milliseconds by default.
199
Step Command Remarks
8. Configure the minimum
interval for receiving BFD
control packets. bfd min-receive-interval
value Optional.
For relevant information, see the
description of the
Required Min RX
Interval field in BFD packet
format .
400
milliseconds by default.
9. Configure the detection time
multiplier. bfd detect-multiplier
value Optional.
For relevant information, see the
description of the
Detect Mult field
in BFD packet format .
5
by default.
10. Configure the authentication
mode on the interface. bfd authentication-mode
{ md5
key-id [ cipher ] key | sha1 key-id
[ cipher ] key | simple key-id
[ cipher ] password } Optional.
By default, the interface operates
in the non-authentication mode.
In
Figure 52 for example, if you configure the Desired Min TX Interval as 100 milliseconds, Required Min
RX Interval as 300 milliseconds, and Detect Mult as 5 on Router A, and configure the Desired Min TX
Interval as 150 milliseconds, Required Min RX Interval as 400 milliseconds, and Detect Mult as 10 on
Router B,
• The actual transmitting interval on Router A is 400 milliseconds, which is the greater value between
the minimum interval for transmitting BFD contro l packets on Router A (100 milliseconds) and the
minimum interval for receiving BFD control packets on Router B (400 milliseconds).
• The actual transmitting interval on Router B is 300 milliseconds, which is the greater value between
the minimum interval for transmitting BFD control packets on Router B (150 milliseconds) and the
minimum interval for receiving BFD control packets on Router A (300 milliseconds).
• The actual detection time on Router A is 3000 milliseconds, which is 10 × 300 milliseconds (Detect
Mult on Router B × actual transmitting interval on Router B).
• The actual detection time on Router B is 2000 mi lliseconds, which is 5 × 400 milliseconds (Detect
Mult on Router A × actual transmitting interval on Router A).
Displaying and maintaining BFD
Task Command Remarks
Display information about
BFD-enabled interfaces. display bfd interface
[ verbose ] [ | { begin |
exclude | include } regular-expression ] Available in any view
Display information about
enabled BFD debugging. display bfd debugging-switches
[ | { begin |
exclude | include } regular-expression ] Available in any view
Display BFD session information. display bfd session
[ slot slot-number [ all |
verbose ] | verbose ] [ | { begin | exclude |
include } regular-expression ] Available in any view
Clear BFD session statistics.
reset bfd session statistics [ slot slot-number ] Available in user view
200 Configuring track Only the HP 5500 EI Switch Series supports BFD, VRRP, and PBR configurations. Track overview Introduction to collaboration The track module works between application and detection modules, as shown in Figure 55 . It shields the differences between various detection modules from application modules. Collaboration is enabled after you associate the track module with a detection module and an application module. The detection module probes specific objects such as interface status, link status, network reachability, and network performance, and informs the track module of detection results. The track module sends the detection results to the associ ated application module. When notified of changes of the tracked object, the application modules can react to avoid communication interruption and network performance degradation. Figure 55 Collaboration through the track module Collaboration fundamentals The track module collaborates with detection modules and application modules: • Collaboration between the track module and a detection module • Collaboration between the track module and an application module Collaboration between the track module and a detection module The detection module sends the detection result of the associated tracked object to the track module. Depending on the result, the track module changes the status of the track entry: • If the tracked object functions normally, for example, the target interface is up or the target network is reachable, the state of the track entry is Positive. • If the tracked object functions abnormally, for example, the target interface is down or the target network is unreachable, the state of the track entry is Negative. • If the detection result is not valid, for example, the NQA test group that is associated with the track entry does not exist, the state of the track entry is Invalid.
201 The following detection modules can be associated with the track module: • NQA • BFD (available only on the HP 5500 EI) • Interface management module Collaboration between the track module and an application module After being associated with an application module, wh en the status of the track entry changes, the track module notifies the application module, which then takes proper actions. The following application modules can be associated with the track module: • Virtual Router Redundancy Protocol (VRRP) (available only on the HP 5500 EI) • Static routing • Policy-based routing (available only on the HP 5500 EI) In some cases, the status of a track entry changes whil e a route is still recovering. This leads to problems if the track module immediately notifies the applicat ion modules of the status change and the application modules begin using the route before it is ready. For example, the master in a VRRP group monitors the uplink interface through the track module. When the uplink interface fails, the track module notifies th e master to reduce its priority so that a backup with a higher priority can preempt as the master to forward packets. When failed uplink interface recovers, if the track module immediately notifi es the original master to restore its priority, the master immediately will forward packets to that interface; however, this result in packet forwarding failure because the uplink route has not yet been recovered. To solve this problem, configure a delay before the track module notifies the application modules of the track entry status changes. Collaboration application example The following is an example of collaboration between NQA, track, and static routing. Configure a static route with next hop 192.168.0.88 on the device. If the next hop is reachable, the static route is valid. If the next hop becomes unreachable, the static route should become invalid. For this purpose, configure collaboration between the NQA, track, and static routing modules: 1. Create an NQA test group to monitor th e reachability of IP address 192.168.0.88. 2. Create a track entry and associate it with the NQA test group. When the next hop 192.168.0.88 is reachable, the track entry is in Positive state. When the next hop becomes unreachable, the track entry is in Negative state. 3. Associate the track entry with the static route. When the track entry turns to the Positive state, the static route is valid. When the associated track entry turns to the Negative state, the static route is invalid. Track configuration task list To implement the collaboration function, establis h associations between the track module and the detection modules, and between the trac k module and the application modules. Complete these tasks to configure the track module:
202
Task Remarks
Associating the track module
with a detection module Associating track with NQA
Required
Use any of the
approac
hes.
Associating track with BFD (available only on
the HP 5500 EI)
Associating track with interface management
Associating the track module
with an application module Associating track with VRRP (available only on
the HP
5500 EI) Required
Use any of the
approaches.
Associating track with static routing
Associating track with PBR (available only on
the HP 5500 EI)
Associating the track module with a detection
module
Associating track with NQA
NQA supports multiple test types to analyze network performance, services, service quality. For example,
an NQA test group can periodically detect whethe r a destination is reachable, or whether the TCP
connection to a TCP server can be set up.
An NQA test group functions as follows when it is associated with a track entry:
• If the consecutive failures reach the specified threshold, the NQA module tells the track module that
the tracked object malfunctions. Then the track module sets the track entry to the Negative state.
• If the specified threshold is not reached, the NQA module tells the track module that the tracked
object functions normally. The track module then sets the track entry to the Positive state.
For more information about NQA, see Network Management and Monitoring Configuration Guide .
To associate track with NQA:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Create a track entry,
associate it with an NQA
reaction entry, and specify the
delay time for the track
module to notify the
associated application
module when the track entry
status changes. track
track-entry-number nqa entry
admin-name operation-tag reaction
item-number [ delay { negative
negative-time | positive
positive-time } * ] No track entry is created by
default.
NOTE:
If the specified NQA test group or th e reaction entry in the track entry does not exist, the status of the trac
k
entry is Invalid.
203
Associating track with BFD (available only on the HP 5500 EI)
BFD supports the control packet mode and echo mode. Only echo-mode BFD can be associated with a
track entry.
The BFD functions as follows when it is associated with a track entry:
• If the BFD detects that the link fails, it informs the track entry of the link failure. The track module then
sets the track entry to the Negative state.
• If the BFD detects that the link is normal, the track module sets the track entry to the Positive state.
For more information about BFD, see Configuring BFD (available only on the HP 5500 EI) .
Configuration prerequisites
Before you associate track with BFD, configure the source address of the BFD echo packets.
Configuration procedure
To associate track with BFD:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Create a track entry,
associate it with the BFD
session, and specify the delay
time for the track module to
notify the associated
application module when the
track entry status changes. track
track-entry-number bfd echo interface
interface-type interface-number remote ip
remote-ip local ip local-ip [ delay { negative
negative-time | positive positive-time } * ] No track entry is created
by default.
NOTE:
When associating track with BFD, do not configure the virtual IP address of a VRRP group as the local or
remote address of a BFD session.
Associating track with interface management
The interface management module monitors the physical status or network-layer protocol status of the
interface. The interface management module functions as f o l l o w s w h e n i t i s a s s o c i a t e d w i t h a t r a c k e n t r y :
• When the physical or network-layer protocol stat us of the interface changes to up, the interface
management module informs the track module of the change and the track module sets the track
entry to Positive.
• When the physical or network-layer protocol status of the interface changes to down, the interface
management module informs the track module of the change and the track module sets the track
entry to Negative.
To associate track with interface management:
Step Command Remarks
1. Enter system view. system-view N/A
204
Step Command Remarks
2. Associate track with
interface
management. Create a track entry, associ
ate it with the interface
management module to monitor the physical status of
an interface, and specify th e delay time for the track
module to notify the asso ciated application module
when the track entry status changes:
track track-entry-number interface interface-type
interface-number [ delay { negative negative-time |
positive positive-time } * ]
Create a track entry, associ ate it with the interface
management module to monitor the Layer 3 protocol
status of an interface, and specify the delay time for
the track module to notify the associated application
module when the track entry status changes:
track track-entry-number interface interface-type
interface-number protocol { ipv4 | ipv6 } [ delay
{ negative negative-time | positive positive-time } * ] Use either approach.
No track entry is
created by default.
Associating the track module with an application
module
Associating track with VRRP (available only on the HP 5500 EI)
VRRP is an error-tolerant protocol. It adds a group of
routers that can act as network gateways to a VRRP
group, which forms a virtual router. Routers in the VRRP group elect the master acting as the gateway
according to their priorities. A router with a higher pr io ri t y i s m o re l i ke ly t o b e c o m e t h e m a s te r. Th e o t h e r
routers function as the backups. When the master fails, the backups in the VRRP group elect a new
gateway to undertake the responsibility of the failed master. This ensures that the hosts in the network
segment can uninterruptedly communicate with external networks.
When VRRP is operating in standard protocol mode or load balancing mode, associate the track module
with the VRRP group to implement the following actions:
• Change the priority of a router according to the status of the uplink. If a fault occurs on the uplink
of the router, the VRRP group cannot be aware of the uplink failure. If the router is the master, hosts
in the LAN cannot access the external network. This problem can be solved by establishing a
track-VRRP group association. Use the detection modu les to monitor the status of the uplink of the
router and establish collaborations between the detection modules, track module and VRRP. When
the uplink fails, the detection modules notify the track module to change the status of the monitored
track entry to Negative, and the priority of the master then decreases by a specific value, allowing
a higher priority router in the VRRP group to become the master, and maintaining proper
communication between the hosts in the LAN and the external network.
• Monitor the master on a backup. If a fault occurs on the master, the backup operating in switchover
mode will switch to the master immediately to maintain normal communication.
When VRRP is operating in load balancing mode, associate the track module with the VRRP Virtual
Forwarder (VF) to implement the following functions:
• Chang e the priori t y of the active VF (AVF) ac c ordi ng to its upl i nk state. When the upli nk of the AVF
fails, the track entry changes to Negative state and the weight of the AVF decreases by a specific
value so that the VF with a higher priority becomes the new AVF to forward packets.
205 • M o n i t o r t h e AV F s t a t u s f ro m t h e l i s t e n i n g V F ( LV F ) , w h i c h re f e r s t o t h e V F i n l i s t e n i n g s t a t e. W h e n t h e AVF fails, the LVF that is operating in switchover mode becomes the new AVF to ensure continuous forwarding. VRRP tracking is not valid on an IP address owner. An IP address owner refers to a router when the IP address of the virtual router is the IP address of an interface on the router in the VRRP group. For more information about VRRP, see Configuring VRRP (available only on the HP 5500 EI) . T o associate track with VRRP group: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Create a VRRP group and configure its virtual IP address. vrrp vrid virtual-router-id virtual-ip virtual-address No VRRP group is created by default. 4. Associate a track entry with a VRRP group. vrrp [ ipv6 ] vrid virtual-router-id track track-entry-number [ reduced priority-reduced | switchover ] No track entry is specified for a VRRP group by default. This command is supported when VRRP is operating in both standard protocol mode and load balancing mode. To associate track with VRRP VF: Step Command Remarks 1. Enter system view. system-view N/A 2. Enter interface view. interface interface-type interface-number N/A 3. Create a VRRP group and configure its virtual IP address. vrrp vrid virtual-router-id virtual-ip virtual-address No VRRP group is created by default. 4. Associate track with VRRP VF. Associate a track entry with the VRRP VF: vrrp [ ipv6 ] vrid virtual-router-id weight track track-entry-number [ reduced weight-reduced ] Configure the LVF to monitor the AVF status through the track entry: vrrp [ ipv6 ] vrid virtual-router-id track track-entry-number forwarder-switchover member-ip ip-address Use at least one command. By default, no track entry is specified for a VF. This command is configurable when VRRP is operating in standard mode or load balancing mode. However, this function takes effect only when VRRP is operating in load balancing mode. NOTE: • When the status of the track entry changes from Negative to Positive or Invalid, the associated router o r VF restores its priority automatically. • You can associate a nonexistent track entry with a VRRP group or VF. The association takes effect only after you use the track command to create the track entry.
206
Associating track with static routing
A static route is a manually configured route. With a static route configured, packets to the specified
destination are forwarded through the path specified by the administrator.
The disadvantage of using static routes is that they cannot adapt to network topology changes. Faults or
topological changes in the network can make th e routes unreachable, causing network breaks.
To prevent this problem, configure another route to back up the static route. When the static route is
reachable, packets are forwarded through the static ro ute. When the static route is unreachable, packets
are forwarded through the backup route, avoiding network breaks and enhancing network reliability.
To check the accessibility of a static route in real time, establish association between the track and the
static route.
If you specify the next hop but not the egress interfac e when configuring a static route, you can establish
collaborations among the static route, the track mo dule, and detection modules. This enables you to
check the accessibility of the static route by the status of the track entry.
• The Positive state of the track entry shows that the next hop of the static route is reachable and that
the configured static route is valid.
• The Negative state of the track entry shows that the next hop of the static route is not reachable and
that the configured static route is invalid.
• The Invalid state of the track entry shows that the accessibility of the next hop of the static route is
unknown and that the static route is valid.
If the track module detects the next hop accessibility of the static route in a private network through NQA,
the VPN instance name of the next hop of the static ro ute must be consistent with that configured for the
NQA test group. Otherwise, the accessibility detection cannot function properly.
If a static route needs route recursion, the associated track entry must monitor the next hop of the recursive
route instead of that of the static route; otherwise, a valid route may be considered invalid.
For more information about static route configuration, see Layer 3—IP Routing Configuration Guide.
To associate track with static routing:
Step Command Remarks
1. Enter system view.
system-view N/A
2. Associate the static route
with a track entry to
check the accessibility of
the next hop. Approach 1:
ip route-static
dest-address { mask | mask-length }
{ next-hop-address | vpn-instance
d-vpn-instance-name next-hop-address } track
track-entry-number [ preference preference-value ]
[ tag tag-value ] [ description description-text ]
Approach 2:
ip route-static vpn-instance
s-vpn-instance-name & dest-address { mask |
mask-length } { next-hop-address track
track-entry-number [ public ] | vpn-instance
d-vpn-instance-name
next-hop-address track
track-entry-number } [ preference preference-value ]
[ tag tag-value ] [ description description-text ] Use either approach.
Not configured by
default.
Only the HP 5500 EI
Switch Series supports
the
vpn-instance
keyword.
207 NOTE: You can associate a nonexistent track entry with a static route. The association takes effect only after you use the track command to create the track entry. Associating track with PBR (available only on the HP 5500 EI) Policy-based routing (PBR) is a routing mechanism ba sed on user-defined policies. Different from the traditional destination-based routing mechanism, PBR enables you to use a policy (based on the source address and other criteria) to route packets. PBR cannot detect the availability of any action ta ken on packets. When an action is not available, packets processed by the action may be discarded. For example, configure PBR to forward packets that match certain criteria through a specific next hop. When the specified next hop fails, PBR cannot sense the failure, and continues to forward matching packets to the next hop. This problem can be solved by associating track with PBR, which improves the flexibility of PBR application, and enables PBR to sense topology changes. After you associate a track entry with an apply clause, the detection module associated with the track entry sends the detection result of th e availability of the object (an interface or an IP address) specified in the apply clause. • The Positive state of the track entry shows that the object is available, and the apply clause is valid. • The Negative state of the track entry shows that the object is not available, and the apply clause is invalid. • The Invalid state of the track entry shows that the apply clause is valid. The following objects can be as sociated with a track entry: • Next hop • Default next hop For more information about PBR, see Layer 3—IP Routing Configuration Guide . Configuration prerequisites Before you associate track with PBR, create a policy or a policy node and configure the match criteria as well. Configuration procedure To associate track with PBR: Step Command Remarks 1. Enter system view. system-view N/A 2. Create a policy or policy node and enter PBR policy node view. policy-based-route policy-name [ deny | permit ] node node-number Required 3. Define an ACL match criterion. if-match acl acl-number Optional By default, no packets are filtered.