< Home

Description of Parameters Set on the Web UI

This topic describes the parameters for configuring hot standby on the web UI.

Choose System > High Availability > Dual-System Hot Standby. On the Dual-System Hot Standby page, click Edit. Table 1 lists the description of hot standby parameters.

Table 1 Description of parameters for configuring hot standby

Parameter

Description

Configure the basic hot standby function.

Dual-System Hot Standby

Enable dual-system hot standby.

Operating Mode

Two backup modes are available:

  • Active/Standby Backup
  • Load Balancing

Default Status

In active/standby mode, determine whether the local device is active or standby. This parameter is available only when Operating Mode is Active/Standby Backup.

Heartbeat Interface

Specify the heartbeat interface, IP address of the heartbeat interface, and IP address of the peer interface of the heartbeat interface.

Proactive Preemption

Determine whether to enable the preemption function. By default, the preemption function is enabled, and the preemption delay is 60s. The preemption function takes effect only on the active device.

The preemption function enables the original active device to return to active after recovery. If the preemption function is disabled, the original active device remains in standby state after recovering from a fault.

Automatic Static Route Backup

After this function is enabled, IPv4 static route or policy-based route configuration can be automatically backed up to the peer.

In hot standby networking where the FWs connect to switches in upstream and downstream directions, the FWs use static routes or policy-based routes. Generally, the next hops of the routes of the FW are the same and the outbound interfaces belong to the same broadcast domain. In this case, you are advised to enable automatic backup of static routes or policy-based routes to ensure that the routes of the active and standby FWs are the same. Otherwise, services may be interrupted after the active/standby switchover. In other cases, you are not advised to enable route backup. Otherwise, functions of the standby FW may be abnormal.

In mirroring mode, static routes and policy-based routes are automatically backed up. Therefore, you do not need to enable automatic backup of static routes and policy-based routes in mirroring mode.

Automatic PBR Backup

Hello Packet Interval

Set the interval at which Hello packets are sent. The default interval is 1000 ms and is recommended. Ensure that the active and standby devices have the same interval.

  • In active/standby mode, this parameter is the interval at which the active device sends Hello packets.

  • In load balancing mode, this parameter is the interval at which the two devices exchanges Hello packets.

Configure interface monitoring.

VLAN

ID of the VLAN monitored by the VGMP group.

When the FW works at Layer 2, to enable the VGMP group to monitor the status of Layer 2 service interfaces, add upstream and downstream service interfaces to the same VLAN and configure a VGMP group to monitor the VLAN. That is, monitor the status of member interfaces in the VLAN.

Interface

Name of the service interface monitored by the VGMP group.

In the networking where the FW connects to routers in upstream and downstream directions, the routers cannot transparently transmit VRRP multicast packets. Therefore, the interfaces cannot be added to a VGMP group for monitoring by configuring a VRRP group. In this case, you need to configure a VGMP group to monitor service interfaces, so that the VGMP group can monitor the physical status of the service interfaces.

Configure VRRP monitoring.

VRID

ID of a VRRP group. The interfaces with the same interface number on the active and standby devices must have the same VRID.

Interface

Interface added to a VRRP group. This interface must be an uplink/downlink service interface of the FW.

Interface IP Address/MASK

After you select Interface, the IP address/mask of the interface is automatically displayed.

Virtual IP Address/MASK

Virtual IP address and mask of the VRRP backup group.

The virtual IP address cannot be an interface IP address. If the virtual IP address and interface IP address of a VRRP group are in different network segments, the subnet mask is required.

The virtual IP address is shared by both devices deployed in hot standby mode. For upstream and downstream devices, the two FWs work as one device with the virtual IP address of the VRRP group as the interface address. Therefore, the next hop of the static routes on the upstream and downstream devices must be the virtual IP addresses of the VRRP groups.

Virtual MAC

A virtual MAC address is a MAC address generated based on the VRID in the format of 00-00-5E-00-01-{ VRID}. Each VRID maps with one virtual MAC address.

In hot standby scenarios, if the peer device needs to verify the MAC address, enable the virtual MAC address function. Otherwise, the MAC address changes upon active/standby switchovers, leading to packet loss.

Link-Local Address

For a VRRPv6 group, both the virtual IP address and link-local address are required. The link-local address is an IPv6 address whose prefix is FE80, such as FE80::7. This address is used for communication between adjacent nodes on a link and is valid only for the link. Before configuring a virtual IPv6 address for a VRRPv6 group, you must configure a link-local address for the group.

State

If you set Operating Mode to Load Balancing, this parameter is displayed.

If one device in a VRRP group is in active state, the other device in the VRRP group must be in standby state. If one device in a VRRP group is in standby state, the other device in the VRRP group must be in active state.

Configure IP-link monitoring.

IP-Link Name

Name of the IP-link monitored by the VGMP group.

You can configure a VGMP group to track the IP-link status to monitor the status of the links directly or indirectly connected to the FW.

Configure BFD monitoring.

Local Discriminator

Name of the static BFD session monitored by the VGMP group.

You can configure a VGMP group to track the BFD session status to monitor the status of the links directly or indirectly connected to the FW.

Configure OSPF monitoring.

Interface

Name of the interface connected to the OSPF neighbor monitored by the VGMP group.

When OSPF runs between the FW and a router, you need to configure the VGMP group to monitor the OSPF neighbor status, so that the FW can detect OSPF route faults and trigger a switchover in a timely manner. To speed up the switchover triggering and reduce the impact on services, it is recommended that BFD monitoring and OSPF monitoring be both configured, so that BFD can quickly detect link faults and notify OSPF of the faults, speeding up OSPF response to network topology changes.

Peer Address

IP address of the OSPF neighbor monitored by the VGMP group.

On a multi-access network, for example, an Ethernet, an interface may connect to multiple routers on the same network segment. In this case, if only one OSPF neighbor needs to be monitored, you must specify the IP address of the neighbor. Otherwise, you do not need to set this parameter.

Configure BGP monitoring.

Peer Address

Name of the interface connected to the OSPF neighbor monitored by the VGMP group.

When BGP runs between the FW and a router, you need to configure the VGMP group to monitor the BGP peer status, so that the FW can detect BGP route faults and trigger a switchover in a timely manner. To speed up the switchover triggering and reduce the impact on services, it is recommended that BFD monitoring and BGP monitoring be both configured, so that BFD can quickly detect link faults and notify BGP of the faults, speeding up BGP response to network topology changes.

Virtual Router

Name of a VPN instance to which the BGP peer belongs. If this parameter is not specified, the BGP peer to be monitored belongs to the public system.

After the configuration is complete, choose System > High Availability > Dual-System Hot Standby to view the running status of hot standby. Table 2 lists the description of parameters.

Table 2 Description of hot standby monitoring items

Parameter

Description

Current Running Mode
  • Single Device: is displayed if hot standby is not enabled.
  • Active/Standby Backup: is displayed when the devices work in active/standby mode.
  • Load Balancing: is displayed when the devices work in load balancing mode.

Current Working Role
  • Initialization: is displayed after the configuration is complete and before hot standby is established,
  • Active: is displayed on the active device after hot standby is established.
  • Standby: is displayed on the standby device after hot standby is established.

Click Details to view records about the active/standby switchover, including Time, Description and Reason.

Since V600R007C20SPC300, a forcible active/standby switchover can be performed on the web UI of the device. The forcible active/standby switchover method is used to check whether the link of the standby device is normal during device maintenance. It is not recommended to use this method in other cases.

You can perform a forcible active/standby switchover by using either of the following methods:

  • Click Manual Active/Standby Switchover on the active device. The priority of the VGMP group on the active device decreases by 1, which is lower than the priority of the VGMP group on the standby device. As a result, an active/standby switchover is triggered.
  • Click Manual Active/Standby Switchover on the standby device. The priority of the VGMP group on the standby device increases by 1, which is higher than the priority of the VGMP group on the active device. As a result, an active/standby switchover is triggered.

After the active/standby switchover test is performed, click Active/standby Switchback to restore the device status. In non-mirroring hot standby scenarios, if the preemption delay function has been enabled, the active/standby switchback is performed after the delay. By default, the preemption delay is 60s.

Current HeartBeat Interface

Heartbeat interface and its bandwidth usage.

Proactive Preemption

Whether the preemption function is enabled.

Configuration Consistency

Whether the configurations of the active and standby devices are consistent.

Click Check to check whether the configurations of the devices are consistent.

Click Details. The Consistency Check dialog box is displayed. You can view the overall check result, check date, and check result of each module and perform the following operation:
  • Click Synchronize Configuration to synchronize the configurations on the active and standby devices.
  • Click Recheck to check the configuration consistency between the active and standby devices again.

  • Click Details in the row where each module is located to view the detailed differences between the modules on the two devices.

    A large number of policies, addresses, services, IPv4 ACLs, IPv6 ACLs, interfaces, security zones, and OSPF processes can be configured. To prevent excessive use of system resources from affecting device performance, the system compares the first 20 different items of two devices at a time. Click Synchronize Configuration or manually modify the 20 differences. Click Recheck and resolve the differences until the configurations on the two devices are the same.

    NOTE:
    The following differences cannot be resolved by clicking Synchronize Configuration. Instead, you must manually modify them:
    • Different policy rule configuration sequences
    • Same configuration command but different parameters

Interface Monitoring (Interface | VLAN)

State of a monitored interface or VLAN.

VRRP Monitoring

State of a monitored VRRP group.

IP-Link Monitoring

State of a monitored IP-Link.

BFD Monitoring

State of a monitored BFD.

OSPF Monitoring

State of a monitored OSPF neighbor.

BGP Monitoring

State of a monitored BGP peer.
Parent Topic: References for Hot Standby
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
Next topic >