Association between VRRP and BFD Implementation on Huawei routers.
- January 26, 2025
- Posted by: James Majani
- Categories: Huawei, Networking
VRRP basic concepts.
VRRP groups several routers into a virtual router. If one of routers fails, traffic can be switched to another router, ensuring service continuity and reliability.
After a VRRP group is configured, VRRP devices negotiate the master/backup state through VRRP Advertisement packets. If an interface or a link fails, or the network topology changes, devices in the VRRP group cannot immediately detect the failure or change. Consequently, the master/backup VRRP switchover is delayed. Additionally, after a master/backup VRRP switchover is complete, route switching fails to be performed because no route is associated with the VRRP group, interrupting the normal forwarding of traffic.
To resolve these problems, configure VRRP association. If an object associated with a VRRP group fails, the VRRP group is notified and performs a primary/secondary link switchover. In addition, when a master/backup VRRP switchover is performed, the VRRP group instructs its associated object to perform a switchover accordingly. VRRP association ensures proper traffic forwarding and improves link reliability.
BFD is used to rapidly detect faults in links or IP routes. BFD for VRRP enables a master/backup VRRP switchover to be completed within 1 second, thereby preventing traffic loss. A BFD session is established between the master and backup devices in a VRRP group and is bound to the VRRP group. BFD immediately detects communication faults in the VRRP group and instructs the VRRP group to perform a master/backup switchover, minimizing service interruptions.
Networking description.
An enterprise LAN has two egress Core switches . Users are connected to access switches and access switches aggregate to the Core. Gateway of LAN services as well as DHCP server for the campus network is on the Core switches. VRRP is implemented to enhance gateway reliability, multiple gateways are deployed to prevent a single point of failure. Implement BFD for VRRP. Bidirectional Forwarding Detection (BFD) for Virtual Router Redundancy Protocol (VRRP) is a mechanism that detects link or IP route failures and quickly switches between master and backup devices. This helps to minimize service interruptions and prevent traffic loss.
Step 1: Configure Basic parameters on devices.
*******************************************ACC-01
system-view
sysname ACC-01
#
vlan batch 10
#
interface Ethernet0/0/1
port link-type access
port default vlan 10
#
interface Ethernet0/0/2
port link-type access
port default vlan 10
#
int
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
return
*******************************************CORE-01
system-view
sysname CORE-01
#
vlan batch 10
#
dhcp enable
#
ip pool rd
gateway-list 192.168.10.3
network 192.168.10.0 mask 255.255.255.0
excluded-ip-address 192.168.10.1 192.168.10.2
#
interface Vlanif10
ip address 192.168.10.1 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/1
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
return
*******************************************CORE-02
system-view
sysname CORE-02
#
vlan batch 10
#
dhcp enable
#
interface Vlanif10
ip address 192.168.10.2 255.255.255.0
dhcp select global
#
interface GigabitEthernet0/0/2
port link-type trunk
undo port trunk allow-pass vlan 1
port trunk allow-pass vlan 10
#
return
Step 2: Configure BFD session between CORE-01 and CORE-02.
*******************************************CORE-01
system-view
#
bfd
#
bfd trackvrrp bind peer-ip 192.168.10.2 interface Vlanif10
discriminator local 1
discriminator remote 2
commit
*******************************************CORE-01
system-view
#
bfd
bfd trackvrrp bind peer-ip 192.168.10.1 interface Vlanif10
discriminator local 2
discriminator remote 1
commit
#
returnStep 3: Check BFD session.
Step 4. Configure VRRP.
*******************************************CORE-01
system-view
#
interface Vlanif10
vrrp vrid 1 virtual-ip 192.168.10.3
vrrp vrid 1 priority 150
vrrp vrid 1 preempt-mode timer delay 10
#
return
*******************************************CORE-02
system-view
#
interface Vlanif10
vrrp vrid 1 virtual-ip 192.168.10.3
#
returnStep 5: Check VRRP status.
The command outputs show that the VRRP status of CORE-01 is Master and that of CORE-02 is Backup.
Step 6: Configure association between VRRP and BFD on CORE-02.
*******************************************CORE-02
system-view
#
interface Vlanif10
vrrp vrid 1 track bfd-session 2 increased 100
#
returnStep 7. Check VRRP status and association with BFD.
The output shows that association between VRRP and BFD differs from VRRP. Specifically, after a VRRP group is associated with a BFD session and a fault occurs, the backup device immediately preempts the master role by increasing its VRRP priority, and it does not wait for a period three times the interval at which VRRP Advertisement packets are sent. This means that a master/backup VRRP switchover can be performed in milliseconds.
Step 8: Simulate failure on CORE-01 to trigger switchover.
*******************************************CORE-01
system-view
#
interface Vlanif10
shutdown
#
returnStep 9: Check VRRP status.
If BFD detects a fault, the BFD session goes down. CORE-02 increases its VRRP priority to 200 (100 + 100 = 200), making it higher than CORE-01’s VRRP priority. CORE-02 then immediately preempts the master role and sends gratuitous ARP packets to allow hosts to update ARP entries.