Configuring VRRP-A High Availability

CONFIGURING VRRP-A HIGH AVAILABILITY
A10 Thunder Series and AX Series

ACOS 4.1.0
17 February 2016
© 2016 A10 Networks, Inc. Confidential and Proprietary - All Rights Reserved
Information in this document is subject to change without notice.
Patent Protection
A10 Networks products are protected by patents in the U.S. and elsewhere. The following website is provided to satisfy the virtual pat-
ent marking provisions of various jurisdictions including the virtual patent marking provisions of the America Invents Act. A10 Net-
works' products, including all Thunder Series products, are protected by one or more of U.S. patents and patents pending listed at:
https://www.a10networks.com/company/legal-notices/a10-virtual-patent-marking.
Trademarks
The A10 logo, A10 Harmony, A10 Lightning, A10 Networks, A10 Thunder, aCloud, ACOS, Affinity, aFleX, aFlow, aGalaxy, aGAPI, aVCS, AX,
aXAPI, IDsentrie, IP-to-ID, SSL Insight, SSLi, Thunder, Thunder TPS, UASG, and vThunder are trademarks or registered trademarks of A10
Networks, Inc. in the United States and other countries. All other trademarks are property of their respective owners.
Confidentiality
This document contains confidential materials proprietary to A10 Networks, Inc. This document and information and ideas herein may
not be disclosed, copied, reproduced or distributed to anyone outside A10 Networks, Inc. without prior written consent of
A10 Networks, Inc.
A10 Networks Inc. Software License and End User Agreement

Software for all A10 Networks products contains trade secrets of A10 Networks and its subsidiaries and Customer agrees to treat Soft-
ware as confidential information.
Anyone who uses the Software does so only in compliance with the terms of the End User License Agreement (EULA), provided later in
this document or available separately. Customer shall not:
1. reverse engineer, reverse compile, reverse de-assemble or otherwise translate the Software by any means
2. sublicense, rent or lease the Software.
Disclaimer
This document does not create any express or implied warranty about A10 Networks or about its products or services, including but not
limited to fitness for a particular use and non-infringement. A10 Networks has made reasonable efforts to verify that the information
contained herein is accurate, but A10 Networks assumes no responsibility for its use. All information is provided "as-is." The product
specifications and features described in this publication are based on the latest information available; however, specifications are sub-
ject to change without notice, and certain features may not be available upon initial product release. Contact A10 Networks for current
information regarding its products or services. A10 Networks’ products and services are subject to A10 Networks’ standard terms and
conditions.
Environmental Considerations
Some electronic components may possibly contain dangerous substances. For information on specific component types, please con-
tact the manufacturer of that component. Always consult local authorities for regulations regarding proper disposal of electronic com-
ponents in your area.
Further Information
For additional information about A10 products, terms and conditions of delivery, and pricing, contact your nearest A10 Networks loca-
tion, which can be found by visiting www.a10networks.com.
Table of Contents
Overview of VRRP-A ................................................................................................................................................. 7

VRRP-A Overview.................................................................................................................................................................7
VRRP-A Configuration ........................................................................................................................................................8
Basic VRRP-A Configuration ................................................................................................................................................................ 8
VRRP-A and Virtual Router IDs .......................................................................................................................................................... 9
Leader and Follower VRIDs ........................................................................................................................................................................... 10
VRID Virtual MAC Addresses ........................................................................................................................................................................ 11
VRRP-A, Virtual Router IDs, and Partitions ................................................................................................................................11
VRRP-A Active / Standby Device Selection.............................................................................................................. 12
VRRP-A Active Device Selection Overview .............................................................................................................................12
Event Tracking for Weight and Priority ......................................................................................................................................13
Priority Calculation .................................................................................................................................................................................13
Track Event Delay ....................................................................................................................................................................................14
Preemption .................................................................................................................................................................................................14
Preemption Delay ...................................................................................................................................................................................14
Active Device Selection Examples ...............................................................................................................................................14
VRRP-A Failover ................................................................................................................................................................. 18
Policy-Based Failover ............................................................................................................................................................................18
Dynamic Priority Reduction .............................................................................................................................................................18
Force-Self-Standby .................................................................................................................................................................................19
VRRP-A and Floating IP Addresses.............................................................................................................................. 20
VRRP-A and Configuration Synchronization........................................................................................................... 21
VRRP-A and Session Synchronization........................................................................................................................ 21
VRRP-A Interfaces ............................................................................................................................................................. 21
Explicitly Configured VRRP-A Interfaces ...................................................................................................................................22
VRRP-A Interface Types and VRRP-A State ...............................................................................................................................22
Using the GUI to Configure a VRRP-A Interface ...................................................................................................................22
Using the CLI to Configure a VRRP-A Interface ....................................................................................................................23
Preferred Receive Interface for Session Synchronization ...............................................................................................23
Deploying VRRP-A ..................................................................................................................................................25

Basic VRRP-A Deployment............................................................................................................................................. 25
Force-Self-Standby Reload or Restart Persistence................................................................................................ 26
Viewing VRRP-A Information........................................................................................................................................ 26
Configuring Preemption Delays.................................................................................................................................. 26
Use the GUI to Configure VRRP-A Preemption Delay .......................................................................................................26
Use the CLI to Configure VRRP-A Preemption Delay ........................................................................................................27
VRRP-A Configuration Examples................................................................................................................................. 29
page 3 | Document No.: 410-VRRP-A-001 - 2/17/2016

A10 Thunder Series and AX Series—Configuring VRRP-A High Availability
Contents
Simple Deployment ..............................................................................................................................................................................29

Deployment with Custom Priority Settings ...........................................................................................................................30
Configuration of Tracking Options ..............................................................................................................................................31
Ethernet Interface Tracking .......................................................................................................................................................................... 31
Trunk Tracking ...................................................................................................................................................................................................... 31
VLAN Tracking ...................................................................................................................................................................................................... 32
Gateway Tracking ............................................................................................................................................................................................... 32
Route Tracking ..................................................................................................................................................................................................... 32
Preemption Delay .............................................................................................................................................................................................. 33
Increased VLANs for VRRP-A Failover Tracking ................................................................................................................................. 33
VLAN Tracking Configuration Example ................................................................................................................................................ 34
Configuring a Leader and Follower VRID ................................................................................................................. 36
Configuration Example 1 ............................................................................................................................................................................... 36
Configuration Example 2 ............................................................................................................................................................................... 37
VRRP-A Status in CLI Prompt ........................................................................................................................................ 38
VRRP-A Policy-Based Failover Template .........................................................................................................39

Template Rules and Partitions...................................................................................................................................... 39
Policy-Based Failover Template Rules for the Shared Partition ..................................................................................39
Policy-Based Failover Template Rules for L3V Partitions .................................................................................................40
Preemption and Levels ................................................................................................................................................... 40
Precedence Causing a Failover .................................................................................................................................... 40
Higher Weight Scenario .....................................................................................................................................................................41
Higher Priority Scenario ......................................................................................................................................................................42
Equal Weight and Priority Scenario .............................................................................................................................................42
Events Tracked for Weight via the Templates......................................................................................................... 43
Configuring VRRP-A Policy-Based Failovers ............................................................................................................ 46
Using the GUI to Configure VRRP-A Policy-Based Failovers .........................................................................................46
Using the CLI to Create VRRP-A Policy-Based Failovers ...................................................................................................47
Configuring Templates in the Shared Partition ............................................................................................................................... 47
Configuring Templates in L3V Partition ................................................................................................................................................ 48
Verifying the Fail-Over Policy Template Configuration ............................................................................................................... 48
VRRP-A CLI Commands .........................................................................................................................................51

VRRP-A Global Configuration Mode Commands .................................................................................................. 52
vrrp-a common ......................................................................................................................................................................................... 52
vrrp-a fail-over-policy-template ...................................................................................................................................................... 52
vrrp-a force-self-standby ..................................................................................................................................................................... 54
vrrp-a force-self-standby-persistent ............................................................................................................................................. 54
vrrp-a interface .......................................................................................................................................................................................... 55
vrrp-a l2-inline-peer-ip .......................................................................................................................................................................... 55
vrrp-a l3-inline-mode ............................................................................................................................................................................ 56
vrrp-a ospf-inline ...................................................................................................................................................................................... 57
vrrp-a peer-group .................................................................................................................................................................................... 57
vrrp-a preferred-session-sync-port ethernet .......................................................................................................................... 57
vrrp-a restart-port-list ............................................................................................................................................................................ 58
vrrp-a vrid ...................................................................................................................................................................................................... 59
vrrp-a vrid-lead .......................................................................................................................................................................................... 59
Document No.: 410-VRRP-A-001 - 2/17/2016 | page 4

Contents
VRRP-A Common Configuration Mode Commands............................................................................................. 60

arp-retry ......................................................................................................................................................................................................... 60
dead-timer ................................................................................................................................................................................................... 61
device-id ........................................................................................................................................................................................................ 61
disable ............................................................................................................................................................................................................. 61
disable-default-vrid ................................................................................................................................................................................. 62
enable ............................................................................................................................................................................................................. 62
hello-interval ............................................................................................................................................................................................... 63
hostid-append-to-vrid .......................................................................................................................................................................... 63
inline-mode ................................................................................................................................................................................................. 63
preemption-delay ................................................................................................................................................................................... 64
restart-time .................................................................................................................................................................................................. 65
set-id ................................................................................................................................................................................................................ 65
track-event-delay ..................................................................................................................................................................................... 65
VRRP-A VRID Configuration Commands .................................................................................................................. 66
blade-parameters .................................................................................................................................................................................... 66
floating-ip ..................................................................................................................................................................................................... 67
follow ............................................................................................................................................................................................................... 67
preempt-mode ......................................................................................................................................................................................... 68
VRRP-A Blade Parameter Configuration Commands ........................................................................................... 68
fail-over-policy-template ..................................................................................................................................................................... 69
priority ............................................................................................................................................................................................................. 69
tracking-options ....................................................................................................................................................................................... 70
VRRP-A Show Commands.............................................................................................................................................. 71
show vrrp-a .................................................................................................................................................................................................. 72
show vrrp-a fail-over-policy-template ........................................................................................................................................ 75
show vrrp-a hostid .................................................................................................................................................................................. 76
show vrrp-a mac ....................................................................................................................................................................................... 76
show vrrp-a setid-monitor ................................................................................................................................................................. 76
show vrrp-a statistics ............................................................................................................................................................................. 76
show vrrp-a vrid-lead ............................................................................................................................................................................ 77

Contents

Overview of VRRP-A
This chapter provides an overview of VRRP-A high availability.
The following topics are covered:
• VRRP-A Overview
• VRRP-A Configuration
• VRRP-A Active / Standby Device Selection
• VRRP-A Failover
• VRRP-A and Floating IP Addresses
• VRRP-A and Configuration Synchronization
• VRRP-A and Session Synchronization
• VRRP-A Interfaces
VRRP-A Overview
VRRP-A is the ACOS implementation of high availability that is completely different from the industry-standard implementa-
tion of Virtual Router Redundancy Protocol (VRRP). For purposes of operational familiarity, it borrows concepts from VRRP, but
is significantly different from VRRP. VRRP-A will not inter-operate with VRRP.
VRRP-A simplifies configuration of multi-system redundancy, and allows up to eight ACOS devices to serve as mutual back-
ups for IP addresses.
VRRP-A is supported only on ACOS devices that are deployed in gateway (route) or one-armed mode. Transparent mode
deployments (inline deployments) are not supported.
VRRP-A can provide redundancy for the following IP resources:
• Virtual server IP addresses (VIPs)
• Floating IP addresses used as default gateways by downstream devices
• IPv6 NAT pools
• IPv4 NAT pools
• IPv4 static range lists and individual mappings for inside source NAT

VRRP-A Configuration
This section contains the following:
• Basic VRRP-A Configuration
• VRRP-A and Virtual Router IDs
• VRRP-A, Virtual Router IDs, and Partitions
Basic VRRP-A Configuration

Figure 1 illustrates a basic VRRP-A configuration with two devices.
FIGURE 1 Basic VRRP-A Configuration
This type of configuration is called Active-Standby mode, because only the active device processes traffic.
The elements in this illustration are described in Table 1.
TABLE 1 VRRP-A Basic Configuration Elements

Element Description
Set ID Unique identifier for a set of VRRP-A devices. All devices in the set must in the same Layer 2 broadcast
domain.
Device ID Unique identifier for each device within the VRRP-A set.

TABLE 1 VRRP-A Basic Configuration Elements

Element Description
Heartbeat The active ACOS device in the VRID periodically sends hello messages to the standby ACOS device
and other backup devices. The hello messages indicate that the active device for the VRID is still
operating.
If the standby device stops receiving hello messages from the active device, operation for the VRID
fails over to the standby device. The device to which operation fails over becomes the new active
device for the VRID.
VRRP-A sends hello messages to the following addresses:
• IPv4 multicast address 224.0.0.210, MAC address 01:00:5e:00:00:D2

• IPv6 link-local multicast address FF02::D2, MAC address 33:33:00:00:00:D2
To configure the heartbeat, edit the Hello Interval field on the System > VRRP-A > Global page in the
GUI, or use the hello-interval command in the CLI.
Priority Priority is used to help determine the order in which standby devices should become active devices.
For more information, see “VRRP-A Active / Standby Device Selection” on page 12.
VRRP-A and Virtual Router IDs

VRRP-A device ID, set ID, and priority can be configured per Virtual Router ID (VRID), as shown inFigure 2.

FIGURE 2 VRRP-A Configuration with VRIDs
The configuration example in Figure 2 is called Active-Active mode, because both devices can potentially process traffic on
different VIPs.
A VRID is a logical container grouping functional configuration elements (for example, NAT pools, virtual servers, or floating IP
addresses) together. Those elements, in turn, are picked up and processed by another device in the VRRP-A set in case of a
failover.
By default, the shared partition and each L3V partition has its own VRID. The numerical value for this default VRID is 0; in pre-
vious releases, you could configure this VRID using the keyword default, which is no longer supported in Release 4.0.
Admins with write privileges for the partition can assign a floating IP address to the partition’s VRID. Generally, the floating IP
address provides redundancy for the default gateway IP address used by downstream devices. (For more information, see
“VRRP-A and Floating IP Addresses” on page 20.)
Parameters related to selection of the active device and to failover also can be configured.
.A total of 512 VRIDs can be configured; 32 on the shared partition (numbered 0-31), and 8 each on each L3V partition (num-
bered 0-7).
Leader and Follower VRIDs

With an increase in the number of configurable VRIDs to 512, you may configure a VRID as a “leader” VRID and some others as
“follower” VRIDs. The benefit of configuring the leader VRID is that when you are run the risk of consuming all your resources,
one VRID can serve as the leader and others can be configured to operate as followers. This means that only on one VRID will
you be able to configure all capabilities, such as configuring the failover policy template, the preempt mode, priority, and
tracking options, while in the follower VRID, you can only configure Floating IP Addresses.

A maximum of 512 VRIDs are supported on one device. Any time this number is exceeded, VRIDs are automatically config-
ured as follower VRIDs or can be explicitly configured to be added as a follower VRID. To configure a leader or a follower VRID.
refer to “Configuring a Leader and Follower VRID” on page 36.
VRID Virtual MAC Addresses

VRRP-A assigns a virtual MAC address to each VRID. The VRRP-A virtual MAC addresses are numbered as follows:
021f.a000.nnnn
The last 2 bytes (nnnn portion) of the address indicate the partition ID, VRRP-A set ID, and VRID.
VRRP-A, Virtual Router IDs, and Partitions

VRRP-A is supported in the shared partition and L3V partitions. Layer 3 Virtualization allows each L3V partition to have its own
VRID, independent from the VRIDs belonging to other partitions.
Figure 3 shows an example configuration with VRID instances spanning L3V partitions across separate physical devices.
FIGURE 3 VRRP-A Configuration with Partitions
In this example, a pair of ACOS devices are configured with L3V partitions. The VIPs and other IP resources in each partition
are backed up by the partition’s VRID. At any given time, one of the devices is the active device (A) for a VRID and the other
device is the standby (S) for the VRID. For more information about how the active device is selected, see “VRRP-A Active /
Standby Device Selection” on page 12.

VRRP-A Active / Standby Device Selection

• VRRP-A Active Device Selection Overview
• Event Tracking for Weight and Priority
• Priority Calculation
• Track Event Delay
• Preemption
• Preemption Delay
• Active Device Selection Examples
VRRP-A Active Device Selection Overview

Figure 4 shows the flowchart about how a device is selected as the Active device. This process is performed per VRID.
FIGURE 4 VRRP-A Device Selection Flowchart
NOTE: VRRP-A active device selection is unrelated to, and completely independent of, aVCS
vMaster device selection in a virtual chassis.
The VRRP-A device selection process consists of two levels of failover considerations:
• The weight assigned to an event.

• Priority value assigned as part of the VRRP-A deployment.
While both weight and priority are factored in to failover decisions, the weight of the VRID takes precedence over the VRID’s
priority.
Each VRID is allocated a fixed, total weight of 65534 and each event is allocated a corresponding, configurable weight of 1-
255. When the event occurs, the configured weight for the event is deducted from the total weight assigned to the VRID.
Some events (for example, when an interface goes down) are considered to be critical for a VRID and will reduce the VRID’s
weight. ACOS devices that are part of the same set periodically exchange their weight information with peer ACOS devices.
VRRP-A determines the Active or Standby status based on received weight information. Based on the newly computed
weight, a failover will occur from an ACOS device of a lower weight to another ACOS device of a higher weight. This concept
is called preemption.
Preemption based on weight is always enabled. Preemption based on priority can be enabled or disabled.
Event Tracking for Weight and Priority

An ACOS device can be configured to track VRRP-A events for weight or priority or for both. While both weight and priority
can be configured to track the exact same events, such as the state of gateways, trunks, VLANs, interfaces, or routes, how they
are accessed and assigned these values are different.
When you configure VRRP-A using the GUI or command line at the VRRP-A configuration level, you can specify the priority
assigned to each event. When the event occurs, the value you assign to the event will be deducted from the priority you
configure from 1-255 for the VRID of a given ACOS device.
However, if you specify a value for a failed event using a VRRP-A failover template, you are configuring the weight assigned to
an event that will be deducted from a fixed total weight of 65534 assigned to every VRID for an ACOS device.
The fixed total weight for a VRID is not user configurable, unlike the priority assigned the VRID for an ACOS device which is
configurable. A failed event will result in a deduction of the weight assigned to the event from the fixed total weight for the
VRID. Since the weight of each VRID is tallied to figure out the weight and/or priority of an ACOS device, when multiple
devices are configured with VRRP-A, this value is used to gauge the device that will serve as the Active or the Standby device.
When the weight for all VRRP-A enabled devices are unequal, the device with the highest weight will serve as the Active
device, the rest will be placed in a Standby state.
Priority Calculation
Every few seconds, VRRP-A recalculates the priority for each VRID on the active device for the VRIDs.
To calculate the priority, VRRP-A subtracts the priority values for all optional failover trigger events that have occurred from
the configured priority value. The lowest value to which the priority can be reduced is 1.
Once the link or server health is restored, the failover trigger event is no longer occurring and the priority value is not sub-
tracted during the next priority calculation.

Track Event Delay

To prevent unnecessary failovers caused by brief, temporary link or server health changes, VRRP-A uses a track event delay.
The track event delay is the number of seconds a failover-causing event must persist before failover occurs.
For example, if the track event delay is 5 seconds, and a tracked link goes down for 3 seconds, then comes back up, no
failover is triggered. Failover is triggered only if the link stays down for at least 5 seconds.
The track event delay can be from 1-tenth second to 10 seconds. The default is 3 seconds.
Preemption
Preemption allows failover to be triggered by manually changing the priority on one or more devices so that the active
device no longer has the highest priority for the VRID.
Preemption is enabled by default. If preemption is disabled, failover is not triggered by manual priority changes.
Preemption can be configured on an individual VRID basis, by shared partition admins and private partition admins.
Preemption Delay
If VRRP-A preemption is enabled, failover can be triggered by VRRP-A configuration changes, in addition to network changes.
By default, when preemption is enabled, failover can occur as soon as 3 seconds after an applicable configuration change
takes effect.
This release enables you to configure a delay between VRRP-A configuration changes and the failover that occurs due to the
changes. The default VRRP-A preemption delay is 6 seconds (60 units of 100 ms); the value can be customized to a value from
100 ms (1 unit of 100 ms) to 25.5 seconds (255 units of 100 ms).
NOTE: Preemption delay is only valid when VRRP-A is configured in multi-active environments,
where a minimum of three active devices are configured.
In deployments where many sessions are synchronized, setting the preemption delay to a longer value can help ensure
there is time for session synchronization to be completed before failover.
For more information about configuring preemption delays, see “Configuring Preemption Delays” on page 26.
Active Device Selection Examples

One device in the VRRP-A set can be active at any given time for a given partition’s VRID. The active device for a given VRID is
selected based on VRRP-A priority. The device with the highest VRRP-A priority for a VRID becomes the active device for that
VRID. Each VRID has its own priority value, which can be 1-255. The default is 150. Figure 5 shows an example.

FIGURE 5 Selection of Active Device
In this example, the priority of VRID 0 is set to 255 for the shared partition and partition CorpB on device 1, and for partitions
CorpA and CorpC on device 2. The active/standby state of each VRID on each device is based on these priority settings. The
“A” in the illustration denotes the active
If more than one device has the highest priority value, the device with the lowest device ID becomes the active device. For
example, if the VRID priority is left set to the default value on all devices, device 1 becomes the active device for the VRID.
VRRP-A selects the device that has the second-highest priority for a VRID as the standby device for the VRID. In VRRP-A
deployments on more than 2 devices, if more than one device has the second-highest priority value, the device with the
lowest device ID becomes the standby device. Figure 6 shows an example.

FIGURE 6 Selection of Standby Device
The priority for VRID 0 in partition CorpB is set to 255 on device 1 but is left to its default value on the other devices. Since
device 2 is has the lowest device ID number among the remaining devices, device 2 becomes the standby for the VRID
(denoted by “S” in the illustration). The other devices are backups (denoted by “B” in the illustration).
If session synchronization is enabled, sessions are copied from device 1 to device 2. If a failover occurs, device 2 becomes the
active device and device 1 becomes the standby device. Sessions are not synchronized to the backups.
If the standby device becomes unavailable or its priority value is reduced below the priority value on another backup device,
the other device becomes the new standby for the VRID, as shown in Figure 7.

FIGURE 7 Selection of New Standby Device
NOTE: In VRRP-A deployments of 3 or more devices, moving the active role to a backup other
than the standby can cause loss of synchronized sessions, since sessions are synchro-
nized only from the active device to the standby device.
To avoid loss of sessions in this case, first change the priority on the backup so that it will
assume the role of standby. Then, when VRRP-A fails over, the standby will have the syn-
chronized sessions.

VRRP-A Failover
VRRP-A Failover
Failover of a VRID from the active ACOS device to the standby ACOS device can be triggered by any of the following events:
• The standby ACOS device stops receiving VRRP-A hello messages from the active ACOS device.
• The VRRP-A priority on the active device is dynamically reduced below the priority on the standby device. The priority
can be dynamically reduced when a tracked default gateway, data port, or VLAN goes down, a tracked route is not in
the data route table, or a VIP’s real server fails its health check.
• The VRRP-A priority on the active device is manually reduced below the priority on the standby device by an adminis-
trator, and preemption is enabled.
• The force-self-standby option is used on the active device by an administrator.
Policy-Based Failover
VRRP-A provides flexible event tracking and policy-based failover support through configurable templates. This feature
allows policy-based failover even when VRRP-A preemption is disabled and the ACOS device typically would remain in a
Active state, despite VRID priority changes. It allows for event-based failover once a tracked event occurs.
For more information, see “VRRP-A Policy-Based Failover Template” on page 39.
Dynamic Priority Reduction

Depending on configuration, failover can be triggered even if the active device is still operational. For each VRID, each device
begins with a statically configured priority for the VRID.
You can configure the priority of a VRID to be dynamically reduced based on changes in system or network conditions. For
example, you can configure link tracking on an Ethernet port. If the link goes down, the VRID priority on the device is
reduced by the configured amount. Figure 8 shows an example.

VRRP-A Failover
FIGURE 8 Failover Based on Dynamic Priority Reduction
In this example, link tracking is enabled for Ethernet port 6, and configured to reduce the VRID priority by 155 if the link goes
down. Device 1 has the higher configured priority value for VRID 0 in partition CorpB, and is the active device. However, if the
link on Ethernet port 6 goes down, the priority is dynamically reduced below the priority value on device 2. Device 2 there-
fore becomes the active device for the VRID.
See “Events Tracked for Weight via the Templates” on page 43 for a summary of events that can be tracked.
By default, none of the dynamic failover triggers are configured. They can be configured on an individual partition basis.
Force-Self-Standby
The force-self-standby option provides a simple method to force a failover, without the need to change VRID priorities and
use preemption.
The option can be entered by shared partition admins and private partition admins. If entered in the shared partition, the
option applies to all VRIDs on the device. If entered in a private partition, the option applies to all VRIDs within that partition
but does not affect VRIDs in other partitions.
The option remains in effect until one of the other failover triggers occurs or the device is reloaded or rebooted. The option is
not added to the configuration and does not persist across reloads or reboots.

VRRP-A and Floating IP Addresses
VRRP-A and Floating IP Addresses

VRRP-A supports use of floating IP addresses. Floating IP addresses can reside on any device in the VRRP-A set, and always
reside on the device that is currently active. Because floating IP addresses are always reachable regardless of the VRRP-A
states of individual devices, the floating IP addresses provide network stability.
In a typical VRRP-A deployment, floating IP addresses are configured for each of the ACOS device interfaces that are used as
nexthop interfaces by other devices. Figure 9 shows a simple example.
FIGURE 9 Floating IP Address
In this example, a device uses ACOS device IP address 10.8.8.6 as its default gateway. This address is configured as a floating
IP address on the ACOS device, and always resides on the active VRRP-A device.
Because the address is configured as a floating IP address on the ACOS device, the address remains reachable by the client
even if a VRRP-A failover occurs. For example, if VRRP-A fails over from device 1to device 2, then the floating IP address also
moves to device 2.
NOTE: A floating IP address can not be the same as an address that already belongs to a device.
For example, the IP address of an ACOS device interface can not be a floating IP address.

VRRP-A and Configuration Synchronization
Advertisement of the Floating IP MAC Address After Failover

When a floating IP address moves from one ACOS device to another following failover, the MAC address associated with the
floating IP address changes.
To help other devices find a floating IP address following failover, the new active ACOS device sends IPv4 gratuitous ARPs (for
an IPv4 floating IP address) or ICMPv6 neighbor advertisements (for an IPv6 floating IP address). The other devices in the net-
work learn the new MAC address from the gratuitous ARPs or neighbor advertisements.
VRRP-A and Configuration Synchronization

VRRP-A supports the following methods of configuration synchronization:
• Automated – Uses ACOS Virtual Chassis System (aVCS) to automatically synchronize the configuration. See “Auto-
mated Configuration Synchronization” in Configuring ACOS Virtual Chassis Systems.
• Manual – Use the configure sync CLI command. For more information, refer to the Command Line Interface Refer-
ence.
VRRP-A and Session Synchronization

VRRP-A uses one active device and one standby device for a given VRID. If session synchronization (also called connection
mirroring) is enabled, the active device backs up active sessions on the standby device.
Session synchronization applies primarily to Layer 4 sessions. Session synchronization does not apply to DNS sessions. Since
these sessions are typically very short-lived, there is no benefit to synchronizing them. Likewise, session synchronization does
not apply to NATted ICMP sessions or to any static NAT sessions. Synchronization of these sessions is not needed since the
newly active device will create a new flow for the session following failover.
Session synchronization is disabled by default and can be enabled on individual virtual ports.
VRRP-A Interfaces
VRRP-A sends hello messages and session synchronization messages on the ACOS device’s VRRP-A interfaces.
Each ACOS device providing VRRP-A for a VRID must have at least one Up Ethernet interface that can reach the other ACOS
devices. If an ACOS device can not receive hello messages from the other devices for the VRID, the ACOS device's VRRP-A
state becomes Active. In this case, there is more than one active VRRP-A device for the same VRID, which is invalid. One of the
active VRRP-A devices is the ACOS device that does not have a connection to the other devices. The other active VRRP-A
device is the ACOS device that can still reach the other ACOS devices (standby VRRP-A devices).
By default, no VRRP-A interfaces are explicitly configured. In this case, VRRP-A uses all Up Ethernet interfaces to send and lis-
ten for hello messages. For an interface that belongs to more than 1 VLAN, the ACOS device uses the lowest VLAN ID to
which the interface belongs.
If a data interface has both IPv4 and IPv6 addresses, the primary IPv4 address is used.

VRRP-A Interfaces
Admins with write privileges for the shared partition can explicitly specify the ACOS device interfaces to use as VRRP-A inter-
faces. In this case, the specified interfaces are used as VRRP-A interfaces by the shared partition and all L3V partitions.
Explicitly Configured VRRP-A Interfaces

Optionally, you can explicitly configure individual interfaces to act as VRRP-A interfaces. In this case, the ACOS device uses
only the configured VRRP-A interfaces for hello messages.
For individual L3V partitions, the interface requirement differs depending on whether VRRP-A interfaces are explicitly config-
ured:
• If no VRRP-A interfaces are explicitly configured (the default situation), each L3V partition must have at least one
Ethernet interface that can reach the other L3V partitions for the VRID.
• If at least one interface in the shared partition is explicitly configured as an VRRP-A interface, that interface is used for
the shared partition's VRID hello messages, and for the hello messages of all the VRIDs in the L3V partitions.
VRRP-A Interface Types and VRRP-A State

Changes to the state of a VRRP-A interface can trigger a failover. By default, the VRRP-A state of an interface can be Up or
Down. Optionally, you can specify the VRRP-A interface type as one of the following:
• Server interface – A real server can be reached through the interface.
• Router interface – An upstream router (and ultimately, clients) can be reached through the interface.
• Both – Both a server and upstream router can be reached through the interface.
NOTE: In the current release, the interface type is informational only. This setting does not
affect VRRP-A operation or interface tracking.
Using the GUI to Configure a VRRP-A Interface

To use the GUI to configure a VRRP-A interface:
1. Hover over System in the menu bar, the select VRRP-A.
2. Select the VRRP-A Interface tab, then select the interface type you want to enable from the drop-down list.
3. For the interface you want to enable for VRRP-A, click Edit in the Actions column.
4. On the Update VRRP-A Interface page, select the options you want to configure for the VRRP-A interface.
You can enable or disable VRRP-A, or set the interface type and state (see “VRRP-A Interface Types and VRRP-A State” on
page 22).

VRRP-A Interfaces
For specific information about the fields on this screen, refer to the online help.
Using the CLI to Configure a VRRP-A Interface

Use the vrrp-a interface command to configure a VRRP-A interface. For example, to configure ethernet interface 2 as the
VRRP-A interface:
ACOS(config)# vrrp-a interface ethernet 2

ACOS(config-ethernet:2)#
Then, you can configure the interface type and state. The following example allows both upstream routers and real servers to
be reached through this interface, and assign the interface to VLAN 2:
ACOS(config-ethernet:2)# both vlan 2
See “vrrp-a interface” on page 55 for more details.
Preferred Receive Interface for Session Synchronization

By default, VRRP-A on a backup device automatically selects the Ethernet interface on which to receive synchronized ses-
sions. The ACOS device provides an option that enables you to specify the Ethernet interface(s) on which it is preferred to
receive synchronized sessions.
Using the GUI to Configure the Session Synchronization Interface for VRRP-A
1. Hover over System in the menu bar, then select VRRP-A.
2. Click the Settings tab and select Global; this should be the active page by default.
3. Near the bottom of the page, expand the Session Sync Port category to display the configuration area for the feature.

VRRP-A Interfaces
4. Select “Ethernet” from the Interface Type drop-down list.
5. Specify the interface number in the Interface field.
6. If the interface belongs to more than one VLAN, specify the VLAN ID in the VLAN field.
7. Click Add.
8. Repeat for an additional interfaces.
9. Click OK.
Using the CLI to Configure the Session Synchronization Interface for VRRP-A
To specify the Ethernet interface on which to receive synchronized sessions, use the vrrp-a preferred-session-sync-port ether-
net command on the device that you want to receive the session information.
For example, if you want to receive session information on Ethernet port 2 on device ACOS-2:
ACOS-2(config)# vrrp-a preferred-session-sync-port ethernet 2

Deploying VRRP-A
This chapter provides examples of VRRP-A deployment.
The following are covered:
• Basic VRRP-A Deployment
• Force-Self-Standby Reload or Restart Persistence
• Viewing VRRP-A Information
• Configuring Preemption Delays
• VRRP-A Configuration Examples
• Configuring a Leader and Follower VRID
• VRRP-A Status in CLI Prompt
Basic VRRP-A Deployment

Basic VRRP-A deployment requires only the following steps on each ACOS device:
1. Specify the VRRP-A device ID and set ID, then enable VRRP-A using the enable command:
ACOS(config)# vrrp-a common
ACOS(config-common)# device-id 5
ACOS(config-common)# set-id 10
ACOS(config-common)# enable
ACOS-Active(config-common)# exit
ACOS-Active(config)#
You can specify a device ID from 1-8, and a set ID from 1-15. Note that the prompt is updated to reflect whether the
device is a standy device, or the active device.
NOTE: If aVCS is configured, use the same number as the device’s aVCS device ID.
2. As needed, configure floating IP addresses for individual VRIDs.
The following example configures a floating IP address (192.168.9.9) for VRID 13:
ACOS-Active(config)# vrrp-a vrid 13
ACOS-Active(config-vrid:13)# floating-ip 192.168.9.9

Force-Self-Standby Reload or Restart Persistence
Force-Self-Standby Reload or Restart Persistence

If the force-self-standby option is selected via the CLI, this feature will allow a single partition, multiple partitions, or the
device to remain in a forced self-standby state even though the device or partition goes through a reload or device restart.
To place VRRP-A VRID 2 into a forced-self-standby state, issue the following command:
ACOS(config)# vrrp-a force-self-standby vrid 2
To place VRID 2 in a self-standby state even after a restart or reload, use the following command:
ACOS(config)# vrrp-a force-self-standby-persistent vrid 2
If you issue the vrrp-a force-self-standby command, the partition or device will not be placed in a force-self-standby state
after the device reload or restart completes. You must configure self-standby with vrrp-a force-self-standby-persistent to
have your device retain its self-standby state after a future reload or restart operation.
To place all VRIDs in partition (partA) in self-standby state even after a restart or reload, execute the following command in
partition “partA:”
ACOS[partA](config)# vrrp-a force-self-standby
Viewing VRRP-A Information

To view VRRP-A configuration information and statistics, use the commands described in “VRRP-A Show Commands” on
page 71.
Configuring Preemption Delays

• Use the GUI to Configure VRRP-A Preemption Delay
• Use the CLI to Configure VRRP-A Preemption Delay
Use the GUI to Configure VRRP-A Preemption Delay

1. Navigate to System >> VRRP-A >> Global.
2. Edit the value in the Preemption Delay field, to a value from 1-255. The default VRRP-A preemption delay is 6 seconds
(60 units of 100 ms). You can globally set the delay to a value from 100 ms (1 unit of 100 ms) to 25.5 seconds (255 units
of 100 ms).
3. Click OK.

Use the CLI to Configure VRRP-A Preemption Delay

To configure the VRRP-A preemption delay, use the preemption-delay command at the VRRP-A common configuration level
of the CLI.
In the example below, the show vrrp-a command reveals three devices in Active-Active-Active mode:
ACOS# show vrrp-a

vrid 0
Unit State Weight Priority
1 (Local) Active 65534 200
became Active at: Aug 5 05:09:20 2015
for 0 Day, 5 Hour,10 min
2 (Peer) Standby 65534 180 *
3 (Peer) Standby 65534 160
vrid 1
1 (Local) Standby 65534 160
became Standby at: Aug 4 06:23:39 2015
2 (Peer) Active 65534 200
3 (Peer) Standby 65534 180 *
vrid 2
2 (Peer) Standby 65534 160 *
vrid that is running: 0 1 2
To see how preemption delay works, suppose we track route 110.0.0.0 255.255.255.0:
ACOS# show run | sec vrrp-a vrid 0

vrrp-a vrid 0
device-context 1
blade-parameters
priority 200
tracking-options
route 110.0.0.0 255.255.255.0 priority-cost 255
device-context 2
blade-parameters
priority 180
tracking-options

device-context 3
blade-parameters
priority 160
tracking-options
An interface becoming unavailable would also cause the route to disappear and then reappear. Without preemption delay,
the following sequence of events would occur (all times given are approximate and will depend on your exact configura-
tion):
• After the interface goes down, the route disappears (less than 1 second)
• The ACOS device notices the missing route and lowers the device priority for the VRID (less than 1 second).
• Failover occurs (less than 1 second)
• The route is restored (several seconds, depending on your specific configuration)
• The devices notice the route and restore the original device priority for the VRID (less than 1 second)
• Preemption happens 8 seconds after the original device priority is restored
In the same scenario, with preemption delay configured for 25.5 seconds:
ACOS# show run | sec vrrp-a common

vrrp-a common
device-id 1
set-id 1
enable
preemption-delay 255
Below is the timing of the same sequence of events:
• After the interface goes down, the route disappears (less than 1 second)
• The ACOS device notices the missing route and lowers the device priority for the VRID (less than 1 second).
• Failover occurs (less than 1 second)
• The route is restored (several seconds, depending on your specific configuration)
• The devices notice the route and restore the original device priority for the VRID (less than 1 second)
• Preemption happens 25 seconds after the original device priority is restored

VRRP-A Configuration Examples

The following sections show configuration examples for VRRP-A. The first example shows a very basic deployment using the
minimum required commands. The second example includes priority configuration changes and tracking.
Simple Deployment
The following commands deploy VRRP-A on a set of 4 ACOS devices.
Commands on ACOS-1
Enter the following commands on ACOS-1:
ACOS-1(config)# vrrp-a common

ACOS-1(config-common)# device-id 1
ACOS-1(config-common)# set-id 1
ACOS-1(config-common)# enable
Commands on ACOS-2

Commands on ACOS-3

Commands on ACOS-4


Deployment with Custom Priority Settings

The following commands configure VRRP-A on 2 ACOS devices, with the priority settings shown in Figure 5 on page 15.
• On device ACOS-1, the priority value is set to 255 on the shared partition’s VRID 0 and partition CorpB’s VRID 0. The pri-
ority value is left set to its default (150) for CorpA and CorpC; the priority does not need to be set since this is the
default value.
• On device ACOS-2, the priority value is set to 255 on the default VRIDs in partitions CorpA and CorpC. The priority
value is left set to its default (150) for the shared partition and for CorpB; the priority does not need to be set since this
is the default value.
These commands also configure a floating IP address for each VRID. Figure 5 on page 15 does not include the floating IP
addresses. (For more on floating IP addresses, see “VRRP-A and Floating IP Addresses” on page 20.)
Commands on ACOS-1
ACOS-1(config-common)# exit
ACOS-1(config)# vrrp-a vrid 0
ACOS-1(config-vrid:0)# floating-ip 10.10.10.2
ACOS-1(config-vrid:0)# blade-parameters
ACOS-1(config-vrid:0-blade-parameters)# priority 255
ACOS-1(config-vrid:0-blade-parameters)# exit
ACOS-1(config-vrid:0)# exit
ACOS-1(config)# active-partition CorpB
Current active partition: CorpB
ACOS-1[CorpB](config)# vrrp-a vrid 0
ACOS-1[CorpB](config-vrid:0)# floating-ip 30.30.30.2
ACOS-1[CorpB](config-vrid:0)# blade-parameters
ACOS-1[CorpB](config-vrid:0-blade-parameters)# priority 255
ACOS-1[CorpB](config-vrid:0-blade-parameters)# exit
ACOS-1[CorpB](config-vrid:0)# exit
ACOS-1[CorpB](config)#
Commands on ACOS-2
ACOS-2(config-common)# exit
ACOS-2# active-partition CorpA

Current active partition: CorpA

ACOS-2[CorpA]# config
ACOS-2[CorpA](config)# vrrp-a vrid 0
ACOS-2[CorpA](config-vrid:0)# floating-ip 20.20.20.2
ACOS-2[CorpA](config-vrid:0)# blade-parameters
ACOS-2[CorpA](config-vrid:0-blade-parameters)# priority 255
ACOS-2[CorpA](config-vrid:0-blade-parameters)# exit
ACOS-2[CorpA](config-vrid:0)# exit
ACOS-2[CorpA](config)# active-partition CorpC
Currently active partition: CorpC
ACOS-2[CorpC](config)# vrrp-a vrid 0
ACOS-2[CorpC](config-vrid:0)# floating-ip 40.40.40.2
ACOS-2[CorpC](config-vrid:0)# blade-parameters
ACOS-2[CorpC](config-vrid:0-blade-parameters)# priority 255
ACOS-2[CorpC](config-vrid:0-blade-parameters)# exit
ACOS-2[CorpC](config-vrid:0)# exit
ACOS-2[CorpC](config)#
Configuration of Tracking Options

The following commands configure VRRP-A tracking options. For simplicity, commands for only a single device are shown.
More information about these commands can be found in “VRRP-A VRID Configuration Commands” on page 66.
Ethernet Interface Tracking

The following command configures tracking of Ethernet port 1. If the port’s link goes down, 100 is subtracted from the VRID’s
priority value.
ACOS(config)# vrrp-a vrid 1

ACOS(config-vrid:1)# blade-parameters
ACOS(config-vrid:1-blade-parameters)# tracking-options
ACOS(config-vrid:1-blade-parameters-track...)# interface ethernet 1 priority-cost 100
Trunk Tracking
The following commands configure the ACOS device to track the status of a trunk (but not ports within the trunk). The VRRP-
A protocol will reduce the priority of the device by 100 if the trunk goes down.

ACOS(config-vrid:1-blade-parameters-track...)# trunk 1 priority-cost 100

The following commands configure the ACOS device to track the status of a trunk, as well as the status of ports within the
trunk. If trunk 2 goes down, the priority of the associated VRID is reduced by 150. If a port within the trunk goes down, the
priority of the associated VRID is reduced by 40.

ACOS(config-vrid:2-blade-parameters-track...)# trunk 2 priority-cost 150 per-port-pri 40
VLAN Tracking
The following command configures tracking of VLAN 69. If the VLAN is quiet for more than 30 seconds, 50 is subtracted from
the VRID priority.

ACOS(config-vrid:1-blade-parameters-track...)# vlan 69 timeout 30 priority-cost 50
For more information about enhanced VLAN tracking capabilities, see “Increased VLANs for VRRP-A Failover Tracking” on
page 33.
Gateway Tracking
The following commands configure tracking of gateway 10.10.10.1. If the gateway stops responding to pings, 100 is sub-
tracted from the VRID’s priority value.
ACOS(config)# health monitor gatewayhm1

ACOS(config-health:monitor)# method icmp
ACOS(config-health:monitor)# exit
ACOS(config)# slb server gateway1 10.10.10.1
ACOS(config-real server)# health-check gatewayhm1
ACOS(config-real server)# exit
ACOS(config-vrid:0-blade-p[arameters-track...)# gateway 10.10.10.1 priority-cost 100
Route Tracking
The following command configures tracking of routes to destination network 3000::/64. If the IPv6 route table does not con-
tain any routes to the destination, 105 is subtracted from the VRID priority.


ACOS(config-vrid:0-blade-parameters-track...)# route 3000::/64 priority-cost 105
The following commands configure tracking of routes to destination network 5000::/64. If the IPv6 route table does not con-
tain any routes to the destination, 80 is subtracted from the VRID priority.

ACOS(config-vrid:1-blade-parameters-track...)# route 5000::/64 priority-cost 80
Preemption Delay
The following commands configure the desired preemption delay value of 200 milliseconds:

ACOS(config-common)# preemption-delay 200
For more information about preemption delay, see “Preemption Delay” on page 14.
Increased VLANs for VRRP-A Failover Tracking

The VRRP-A failover tracking feature supports an increased number of VLANs. The weight (as assigned using failover policy
templates—for details refer to “VRRP-A Policy-Based Failover Template” on page 39) or priority assigned to the VLAN tracked
event will be used in calculations that will impact VRRP-A failover decisions. In previous releases, only tracking of 5 VLANs per
partition was possible. Currently, 64 VLANs can be tracked per L3V partition.
If VRRP-A stops detecting traffic on a VLAN, VRRP-A reduces the priority for the VRID. The priority value to subtract can be
specified individually for each VLAN.
To configure VLAN tracking use the following command:
vlan vlan-id timeout timeout-value priority-cost value
ACOS provides two ways to track VLANs for VRRP-A:
• Using the priority tracking option—The tracking option performs failover by decreasing a VRID's priority value.
• Using failover policy templates—The failover policy template performs failover by decreasing a VRID's weight value.
You can track a total of 64 different VLANs in three possible ways:
• Configure all 64 VLANs that can be tracked using tracking options.
• Configure all 64 VLANs that can be tracked using a single failover policy template or split over multiple templates.
• Configure a mix of both options mentioned above. That is configure 32 VLANS using the tracking option and config-
ure the remaining 32 VLANs using a failover policy template.
NOTE: Tracking options and the failover policy template can track the same VLANs. For exam-
ple, you configure 64 VLANs using the tracking option. You can also configure tracking

of 64 of the same VLANs using a fail-over-policy template. In essence, you are still only
tracking 64 VLANs.
VLAN Tracking Configuration Example

After you have enabled VRRP-A on the devices, set the VRRP-A VRID, and then to set VLAN tracking-options for 64 VLANs
based on their priority cost:
vrrp-a vrid 31
blade-parameters
tracking-options
vlan 1000 timeout 30 priority-cost 1


The following example shows how 11 VLANs of differing timeout values and weights are being tracked in a failover template
called test.
!
vrrp-a fail-over-policy-template test
vlan 222 timeout 50 weight 100

Configuring a Leader and Follower VRID

!

Configuration Example 1
To configure a leader VRID, do the following:
1. In the shared partition, configure a vrid-lead:

ACOS(config) #vrrp-a vrid-lead lead1
ACOS(config-vrid-lead:lead1)# partition shared vrid 1
2. In the L3V partition, configure the VRID you wish to designate as the follower.
a. To do so, enter the partition:

ACOS# active-partition p1
b. In the currently active partition, p1, enter the following command:

ACOS[p1](config)# vrrp-a vrid 1
ACOS[p1](config-vrid:1)# follow vrid-lead lead1
c. Use the show vrrp-a command to view your configuration:

ACOS[p1](config-vrid-follow)# show vrrp-a
vrid default
became Active at: May 20 12:04:05 2013
for 0 Day,22 Hour,54 min
2 (Peer) Standby 65534 150 *
vrid 1 (follow vrid-lead lead1)
2 (Peer) Standby 65534 150 *
vrid that is running: 0 1
3. By default, the default-vrid-lead exists in the shared partition:

vrrp-a vrid-lead default-vrid-lead
partition shared vrid 1

Configuration Example 2
To configure a leader in the shared partition, issue the following commands:
1. Define a VRID called myname as the leader:

ACOS(config)# vrrp-a vrid-lead myname
ACOS(config-vrid-lead:myname)# partition p1 vrid 0
2. Use the following show command to display your VRID leader configuration:
ACOS(config)# show vrrp-a vrid-lead
vrrp-a vrid-lead myname
partition p1 vrid 0
3. In the L3V partition, configure the VRID to follow the lead VRID:
ACOS[p1](config-vrid:3)# follow vrid-lead myname
4. Observe your configuration using the following command:

ACOS[p1](config)# show running-config | sec vrrp-a
vrrp-a vrid 0 follow vrid-lead default-vrid-lead
floating-ip 7.8.0.25
floating-ip 7.0.0.25
floating-ip 7000::25
!
vrrp-a vrid 3 follow vrid-lead myname
!
5. As the Admin, if you want to change the VRID’s role from being a follower to standalone VRID again, issue the following
command:
Change the role of vrid 3 from follower to standalone? (y/n)y
Again, to view your configuration, use the show run command:
ACOS[p1](config)# show running-config
!
vrrp-a vrid 3
!
If you try to remove a VRID that is configured as a lead VRID and that has other VRIDs that follow it, you will not be allowed to
remove it. You must remove the VRIDs that are configured as followers before you remove the lead VRID.

VRRP-A Status in CLI Prompt
VRRP-A Status in CLI Prompt

The CLI prompt can be customized to identify the devices that are running VRRP-A configuration.
For information about how to do this, see “VRRP-A/aVCS Status in Command Prompt” in the Command Line Interface Refer-
ence.

VRRP-A Policy-Based Failover Template
VRRP-A provides flexible event tracking and policy-based failover support via a template. This feature allows policy-based
failover even when VRRP-A preemption is disabled and the ACOS device typically would remain in an Active state, despite
VRID priority changes. It allows for event-based failover once a tracked event occurs.
The following topics are covered in this chapter:
• Template Rules and Partitions
• Preemption and Levels
• Precedence Causing a Failover
• Events Tracked for Weight via the Templates
• Configuring VRRP-A Policy-Based Failovers
Template Rules and Partitions

• Policy-Based Failover Template Rules for the Shared Partition
• Policy-Based Failover Template Rules for L3V Partitions
Policy-Based Failover Template Rules for the Shared Partition

When creating templates in the shared partition, adhere to the following rules:
• You may create multiple templates, however only one template can be associated with a particular VRID. For example,
if you create two templates called “template1” and “template2,” you can only associate either template1 or template2
with VRID1. Assuming template1 and template2 have different events configured and you want template1 (that
tracks for VLANs and gateways) to also address the events that template2 tracks (for interfaces and routes), edit tem-
plate1 to include the events covered by template2. You cannot associate both templates to VRID1 to have it track all
four events (VLANs, gateways, interfaces, and routes).
• Create templates with unique names, however, the second time you try to create a template with the same name,
you will enter the template module and can edit the events listed in the template.
• You can create a maximum of 32 templates in the shared partition.

Preemption and Levels
• You can associate the same template to multiple VRIDs. For example, VRID1 and VRID23 can both be attached to tem-
plate1.
Policy-Based Failover Template Rules for L3V Partitions

When creating policy-based failover templates in an L3V partition, adhere to the following rules:
• You may create multiple templates, however only one template can be associated with a particular VRID. For example,
if you create two templates called “template1” and “template2,” you can only associate either template1 or template2
with VRID1. Assuming template1 and template2 have different events configured and you want template1 (that
tracks for VLANs and gateways) to also address the events that template2 tracks (for interfaces and routes), edit tem-
plate1 to include the events covered by template2. You cannot associate both templates to VRID1 to have it track all
four events (VLANs, gateways, interfaces, and routes).
• Create templates with unique names, however, the second time you try to create a template with the same name,
you will enter the template module and can edit the events listed in the template.
• To associate a template to a private partition, you must switch to an active-partition.
• Associate the template to the default VRID. Private partitions only contain a default VRID. That is, only one template
can be associated to the default VRID.
• Since each private partition can have its own template, and templates cannot be shared across multiple partitions,
template names do not need to be unique. For example, template1 can be the template for private partition1 and
template1 can be the template for private partition2. They can be named the same, but can track different events for
different VRIDs.
• You can create a maximum of 32 templates in the private partition.
Preemption and Levels

Preemption is always enabled on Level 1 (weight) and can be configured to be as enabled or disabled in Level 2 (priority).
With preemption always being enabled on Level 1, the higher weight of an ACOS device will always place it in Active state
and the remaining ACOS devices in Standby state. Level 1 weight assignments for events will result in the deduction of that
weight from the VRID when an event occurs. When the weight is reduced for a particular VRID, it may result in a failover to
another device if its total weight is lower than that of its peer devices. Since preemption works at the VRID level, any VRID
with a higher weight can take over for another VRID in a different ACOS device of a lower weight. When the original Active
device is operational again, its weight is subject to change, and if it has the highest weight amongst its peers, it will resume
its role and take over as the Active device.
Precedence Causing a Failover

The VRRP-A policy failover template provides a flexible way of defining events that will trigger failover of an ACOS device
from Active to Standby state or vice versa. The following briefly summarizes the order in which VRRP-A failover is determined:
• When the ACOS devices in a VRRP-A configuration have unequal weight, the one with the higher weight will be the
Active device. Refer to Higher Weight Scenario“Higher Weight Scenario” on page 41.

• If all ACOS devices have equal weight, the ACOS device with the higher priority will be the Active device. Refer to
Higher Priority Scenario“Higher Priority Scenario” on page 42.
• If the two ACOS devices have equal weight and equal priority, the device with the lower Device ID will be the Active
device. Refer to “Equal Weight and Priority Scenario” on page 42.
Higher Weight Scenario

Use the show vrrp-a command to view the Active/Standby status of the ACOS devices: Note that Unit 1 is the Active device
and its weight is “65534” for VRID1:
AOCS(config)# show vrrp-a

vrid default
2 (Local) Standby 65534 150 *
became Standby at: May 20 12:10:05 2013
vrid 1
After an event results in a reduction of the weight, Unit 1 now has a weight of “65334” for VRID1, and a failover was triggered
that placed Unit 1 in a Standby state:
ACOS(config)# show vrrp-a

vrid default
vrid 1
2 (Local) Active 65534 150 *

Higher Priority Scenario

Use the show vrrp-a command to view the Active/Standby status of the ACOS devices: Note for VRID1 that Unit 1 is the
Active device and its priority is “200:”

vrid default
vrid 1 became Standby at: May 20 12:10:05 2013

After an event results in a reduction of the priority, Unit 1 now has a priority of “1” for VRID1, and a failover was triggered that
placed Unit 1 in a Standby state:

vrid default
vrid 1
1 (Peer) Standby 65534 1 *
Equal Weight and Priority Scenario

Use the show vrrp-a command to view the Active/Standby status of the ACOS devices: Note that VRID1 has an unequal
weight of “65534” and an equal priority of “150:”

vrid default

Events Tracked for Weight via the Templates

vrid 1
1 (Peer) Standby 65334 150 *
After an event results in an increase in weight, Unit 1 and Unit 2 both have an equal weight and priority, yet a failover is
triggered based on the device ID. For VRID1, Unit 1 is lower than Unit 2, it is now is in Active state instead of the Standby
state:

vrid default
vrid 1

Several events can be tracked for weight or priority. However, the failover policy templates only allow you to specify the
weight for each event, not the priority. If configured using the GUI or the CLI, the following events may cause a change in the
VRID and result in an ACOS device failover:
TABLE 2 Configurable Event Tracking

Event Description
Lost link a default gateway. VRRP-A periodically tests connectivity to the IPv4 and IPv6 default gateways connection
to a real server by pinging them. If a gateway stops responding, VRRP-A reduces the
weight or priority for the VRID. The weight value to subtract can be specified individually
for each gateway’s IP address that you configure in the tracking events list.
VLAN inactivity. If VRRP-A stops detecting traffic on a VLAN, VRRP-A reduces the device’s priority for the
VRID. The priority value to subtract can be specified individually for each VLAN.
VLAN tracking is only supported in the shared partition.

TABLE 2 Configurable Event Tracking

Event Description
Lost link on a trunk. If the trunk or individual ports in the trunk go down, VRRP-A reduces the device’s priority
for the VRID. The priority value to subtract can be specified for the trunk and for individual
ports within the trunk.
If you track a trunk that does not exist, VRRP-A will not reduce the device priority.
To track a trunk port within an L3V partition, you must verify that the tracked port is actu-
ally being used within that partition (for example, verify that the port is used in a VLAN of
the partition):
• If the tracked trunk is down, VRRP-A reduces the device priority based on the trunk
value and ignores the status of the ports within the trunk.
• If the tracked trunk is up, VRRP-A checks the ports within the trunk, and if any of them
are down, VRRP-A reduces the device priority (1x configured port priority). If two ports
are down, VRRP-A reduces the device priority by twice the priority assigned to the
ports within the trunk (2x configured port priority).
Lost data route. If an IPv4 or IPv6 route matching the specified options is not in the data route table, VRRP-
A reduces the device’s priority for the VRID.
Lost link on an Ethernet port If the link goes down on an Ethernet data port, VRRP-A reduces the device’s priority for
the VRID. The priority value to subtract can be specified individually for each Ethernet
data port.
If a tracked interface is a member of a trunk, only the lead port in the trunk is shown in
the tracking configuration and in statistics. For example, if a trunk contains ports 1-3 and
you configure tracking of port 3, the configuration will show that tracking is enabled on
port 1. Likewise, tracking statistics will show port 1, not port 3. Similarly, if port 1 goes
down but port 3 is still up, statistics still will show that port 1 is up since it is the lead port
for the trunk.

The following graphic visually represents where tracking can be enabled for an ACOS device:

Configuring VRRP-A Policy-Based Failovers

This section contains the following topics:
• “Using the GUI to Configure VRRP-A Policy-Based Failovers” on page 46
• “Using the CLI to Create VRRP-A Policy-Based Failovers” on page 47
NOTE: For details on additional template rules, refer to “Template Rules and Partitions” on
page 39.
Using the GUI to Configure VRRP-A Policy-Based Failovers

To configure the policy-based failover feature using the GUI, follow these steps:
1. Go to System > VRRP-A > Failover Policy Template to view the Failover Policy Template page.
2. Click Create to view the Create Failover Policy Template page.
3. Specify a template name in the Template Name field.
4. Configure the remainder of the page as needed.
For a description of the different events, see “Events Tracked for Weight via the Templates” on page 43.
When an event occurs, the specified weight will be subtracted from the weight of the VRID, possibly causing a failover.

For more information about this screen, refer to the online help.
5. Click Create when you are finished.
Your failover template will be listed in the Failover Policy Template page.
Using the CLI to Create VRRP-A Policy-Based Failovers

Failover Policy Templates can be configured using the CLI in either the shared or the private partition.
Configuring Templates in the Shared Partition

To configure the policy-based failover feature in the shared partition using the CLI, follow these steps:
1. Create your failover policy template. For example., create a template with the name template1:
ACOS(config)# vrrp-a fail-over-policy-template template1
ACOS(config-fail-over-policy-template:template1)#
2. Configure the events you wish to track:
a. For gateway tracking, indicate the gateway IP address and assign a weight for the gateway in the event of a failure.
For example, if gateway 10.10.10.1 fails, 50 will be subtracted from the weight of the VRID:
ACOS(config-fail-over-policy-template:template1)# gateway 10.10.10.1 weight 50
b. For interface tracking, indicate the interface type, interface number, and assign a weight for that interface in the
event of a failure. For example, if Ethernet interface 1 fails, 35 will be subtracted from the weight of the VRID:
ACOS(config-fail-over-policy-template:template1)# interface ethernet 1 weight 35
c. For route tracking, indicate the route number and assign a weight for that route in the event of failure. For example,
if route 20.20.20.5 /24 10.10.10.1 fails, 70 will be subtracted from the weight of the VRID:
ACOS(config-fail-over-policy-template:template1)# route 20.20.20.5 /24 10.10.10.1
weight 70
d. For trunk tracking, indicate the trunk identification number and assign a weight for that trunk in the event of failure.
For example, if trunk 4 fails, 25 will be subtracted from the weight of the VRID:
ACOS(config-fail-over-policy-template:template1)# trunk 4 weight 25
e. For VLAN tracking, indicate the VLAN identification number, the timeout value, and assign a weight for that trunk in
the event of failure. For example, if VLAN 6 fails, 40 will be subtracted from the weight of the VRID:
ACOS(config-fail-over-policy-template:template1)# vlan 6 timeout 30 weight 40
3. Assign a failover template to a VRID from the Global configuration level. For example, to assign template1 to VRID 0:
ACOS(config-vrid:0-blade-parameters)# fail-over-policy-template template1

NOTE: Only one template can be assigned to a VRID in any partition.
Configuring Templates in L3V Partition

To configure the policy-based failover feature in an L3V partition, follow these steps:
1. Switch to the active partition (for example, companyA):

ACOS(config)# active-partition companyA id 3
2. Follow the instructions in “Configuring Templates in the Shared Partition” on page 47.
Verifying the Fail-Over Policy Template Configuration

To view the reason for a failover, the show vrrp-a command on the Active ACOS device will display the template event that
has caused the failover:

vrid default
2 (Peer) Standby 65534 150 *
vrid 1
Detected local policy based fail over events:
interface ethernet 1 weight 200
If you specify the name of the template, the show vrrp-a fail-over-policy-template command will display the contents of that
template:
ACOS(config)# show vrrp-a fail-over-policy-template template1

vrrp-a fail-over-policy-template template1
gateway 20.20.20.20 weight 200
trunk 1 priority-weight 200
route 20.20.20.0 255.255.255.0 weight 200
Use the show vrrp-a command with the detail option to display comprehensive information on your current VRRP-A con-
figuration:

ACOS(config)# show vrrp-a detail

vrid default
...
VRRP-A stats
Peer: 1, vrid default
Port 1: received 25685 missed 3
...
Total packets sent for vrid default: 58524

Sent from port 1: 29262
...
Peer IP[1]: 7.7.7.1
To view information on all the fail-over policy templates, you can use the show vrrp-a fail-over-policy-template
command;
ACOS(config)# show vrrp-a fail-over-policy-template

vrrp-a fail-over-policy-template interface
vrrp-a fail-over-policy-template trunk
vrrp-a fail-over-policy-template gateway
vrrp-a fail-over-policy-template route
route 4.4.4.0 255.255.255.0 weight 200
vrrp-a fail-over-policy-template vlan
route 20.20.20.0 255.255.255.0 weight 200


VRRP-A CLI Commands
This chapter describes the commands used to configure VRRP-A high availability.
The following topics are covered:
• “VRRP-A Global Configuration Mode Commands” on page 52
• “VRRP-A Common Configuration Mode Commands” on page 60
• “VRRP-A VRID Configuration Commands” on page 66
• “VRRP-A Blade Parameter Configuration Commands” on page 68
• “VRRP-A Show Commands” on page 71

VRRP-A Global Configuration Mode Commands

This section describes the VRRP-A commands that are available from Global Configuration mode.
• vrrp-a common
• vrrp-a fail-over-policy-template
• vrrp-a force-self-standby
• vrrp-a force-self-standby-persistent
• vrrp-a interface
• vrrp-a l2-inline-peer-ip
• vrrp-a l3-inline-mode
• vrrp-a ospf-inline
• vrrp-a peer-group
• vrrp-a preferred-session-sync-port ethernet
• vrrp-a restart-port-list
• vrrp-a vrid
• vrrp-a vrid-lead
vrrp-a common
Description Enter VRRP-A configuration mode, where additional VRRP-A commands are available.
For more information about these additional commands, see “VRRP-A Common
Configuration Mode Commands” on page 60.
Syntax vrrp-a common
Mode Global configuration mode
vrrp-a fail-over-policy-template
Description Create a failover policy template for VRRP-A. The template provides a mechanism for event
tracking and can enable a policy-based failover to occur. Using a template, assign weight-
related values per event that will be reduced from the fixed total weight of an ACOS device
of 65534. The weight of a device can determine whether the device will serve as an Active or
Standby device. This command allows you to specify the weight value per event that may
cause a device to failover when the event occurs.
Syntax [no] vrrp-a fail-over-policy-template template-name
Replace template-name with the name that you are assigning for the VRRP-A failover
policy template. This template must be associated to a particular VRID to take effect.

This command changes the CLI to the configuration level for the specified failover-policy
template, where the following commands are available.
Command Description
[no] Specify the IP Address of an IPv4 or IPv6 default gateway. VRRP-A periodically tests
gateway gateway-IP-address connectivity to the IPv4 and IPv6 default gateways connection to a real server by
weight value pinging them. If a gateway stops responding, VRRP-A reduces the weight for the
VRID. The weight value to subtract can be specified individually for each gateway’s
IP address that you configure in the tracking events list.
[no] interface Specify a weight for each interface that you are planning to track. If the link goes
interface-type down on an Ethernet data port, VRRP-A reduces the weight for the VRID. The
interface-number weight value to subtract can be specified individually for each Ethernet data port.
weight value
[no] route Indicate the IPv4 or IPv6 route that you wish to track. If the route matching the
route-number subnet specified options is not in the data route table, VRRP-A reduces the weight for the
weight value VRID.
[no] trunk trunk-id Indicate the trunk you wish to track. If the trunk or individual ports in the trunk go
weight value down, VRRP-A reduces the weight for the VRID. The weight value to subtract can
be specified for the trunk and for individual ports within the trunk.
[no] vlan vlan-id Indicate the VLAN you wish to track. If VRRP-A stops detecting traffic on a VLAN,
timeout timeout-value VRRP-A reduces the weight for the VRID. The weight value to subtract can be spec-
weight value ified individually for each VLAN.
Default None
Usage Use this command on any ACOS device to indicate weight values per tracked event via a
failover policy template.
Example The following commands help you to create a template called “template1” and specify
events that will reduce the weight of the VRID:
ACOS(config)#vrrp-a fail-over-policy-template template1

ACOS(config-failover-policy)#interface ethernet 1 weight 200
ACOS(config-failover-policy)#gateway 20.20.20.20 weight 200
ACOS(config-failover-policy)#vlan 10 timeout 2 weight 200
ACOS(config-failover-policy)#route 20.20.20.0 /24 weight 200
ACOS(config-failover-policy)#trunk 1 weight 200

vrrp-a force-self-standby
Description Force the ACOS device to change from active to standby or backup.
Syntax [no] vrrp-a force-self-standby [all-partitions] [vrid num]
Parameter Description
all-partitions Causes all partitions to change to standby state.
vrid num Causes only the specified VRID to change to standby state.
Default N/A
Usage This command provides a simple method to force a failover, without the need to change
VRRP-A configuration settings.
Example Enable the forced standby of VRID 3:
ACOS(config)#vrrp-a force-self-standby vrid 3
vrrp-a force-self-standby-persistent
Description Force a specific VRID to change from active to standby or backup, and remain in backup state
even after the device is reloaded.
Syntax [no] vrrp-a force-self-standby-persistent [vrid num]
Replace num with the VRID number whose state you want to change.
Default N/A
Usage This command provides a simple method to force a failover, without the need to change
VRRP-A configuration settings.
Example Enable the persistent forced standby of VRID 3:
ACOS(config)#vrrp-a force-self-standby vrid 3

vrrp-a interface
Description Configure a VRRP-A interface.
Syntax [no] vrrp-a interface {ethernet port-num | trunk trunk-num}
port-num Configures the specified interface as the VRRP-A interface.
trunk-num Configures the specified trunk interface as the VRRP-A inter-
face.
This command places you in a configuration sub-mode where you can configure the type
and state of the interface using the following commands:
Command Description
both Configures the interface so that both real servers and upstream
routers can be reached through this interface.
no-heartbeat Prevents heartbeat packets from being sent out on this inter-
face.
router-interface Configures the interface so that upstream routers (and ulti-
mately, clients) can be reached through the interface.
server-interface Configure the interface so that real servers can be reached
through the interface.
vlan vlan-id Configures the interface to be part of the specified VLAN.
Mode All up data interfaces within a partition are VRRP-A interfaces for that partition. If an interface
is a tagged member of multiple VLANs, only the VLAN that has the lowest-numbered IP
address for the interface is used as an VRRP-A interface.
Usage This command is valid only in the shared partition. However, the interface(s) specified by the
command are used by all partitions.
Example Configure ethernet interface 3 as the VRRP-A interface, and configure the interface so that
real servers can be reached:
ACOS(config)#vrrp-a interface ethernet 3

ACOS(config-ethernet:3)#server-interfaces
vrrp-a l2-inline-peer-ip
Description Configure a peer IP address in Layer 2 inline mode HA deployments.
ACOS devices require a connection mirror IP address to be configured in Layer 2 inline mode
VRRP-A deployments. A connection mirror interface is a unicast IP address on the peer ACOS

device in the VRRP-A set. This peer IP address is optional in earlier releases but usually is
configured anyway for session synchronization purposes. Specifying a connection mirror IP
address is mandatory for proper operation of ACOS devices in Layer 2 Inline mode VRRP-A.
The connection mirror IP address is used for session synchronization (also called “connection
mirroring”). Until a connection mirror IP address is specified, the ACOS device remains in
Standby state.
If a connection mirror IP address is not configured, a log message such as the following is
generated every 5 minutes:
Sep 01 2012 03:01:30 Warning [HA]:HA Peer IP is not configured. Peer

IP is required in Inline Mode.
Syntax [no] vrrp-a l2-inline-peer-ip ip-address ipaddr
Default Not configured
Example Configure 192.168.1.1 as the peer IP address.
ACOS(config)#vrrp-a l2-inline-peer-ip ip-address 192.168.1.1
vrrp-a l3-inline-mode
Description Enable Layer 3 Inline mode.
Syntax [no] vrrp-a l3-inline-mode
Default Not configured
Example Enable Layer 3 inline mode.
ACOS(config)#vrrp-a l3-inline-mode

vrrp-a ospf-inline
Description Enable OSPF inline mode.
Syntax [no] vrrp-a ospf-inline vlan vlan-id
Replace vlan-id (1-4094) with the VLAN for which you do not want to filter OSPF packets.
Default Not enabled
Example Enable OSPF inline mode and do not filter packets on VLAN 13.
ACOS(config)#vrrp-a ospf-inline vlan 13
vrrp-a peer-group
Description Configure a VRRP-A peer group. This allows you to configure unicast IP/IPv6 addresses
through a layer 3 link (Layer 3 inline mode). Heartbeat messages are routed to the destina-
tion.
Syntax [no] vrrp-a peer-group
This command places you in a sub-configuration mode, where you can configure the peer
address with the peer command:
[no] peer {ipv4-address | ipv6-address}
Replace ipv4-address or ipv6-address with the appropriate IP address of the peer.
Example The following example shows how to configure 192.168.10.10 as a VRRP-A peer:
ACOS(config)#vrrp-a peer-group
ACOS(config-peer-group)#peer 192.168.10.10
vrrp-a preferred-session-sync-port ethernet

Description Specify the Ethernet interfaces on which to receive synchronized sessions.
Syntax [no] vrrp-a preferred-session-sync-port {

ethernet port-num [vlan vlan-id]

trunk trunk-num [vlan vlan-id]

}
port-num Configure the specified ethernet port to receive sync sessions.
trunk-num Configure the specified trunk port to receive sync sessions.
vlan-id If your interface is part of a VLAN, specify the VLAN ID.
Default The default behavior is for VRRP-A (on the backup device) to automatically select the Ether-
net interface on which to receive sync sessions.
Introduced in Release 2.7.0
Example Configure trunk 3 to receive sync sessions.
ACOS(config)#vrrp-a preferred-session-sync-port trunk 3
vrrp-a restart-port-list
Description Causes the ports on the standby system to be restarted after the transition from the standby
mode to active mode.
Beginning with release 4.0.1, you can configure the restart time using “restart-time” on
page 65.
Syntax [no] vrrp-a restart-port-list
This command places you in a sub-configuration mode where the following command is
available:
[no] ethernet port-list
Replace port-list with the VRRP-A interfaces to restart.
NOTE: You must omit at least one port connecting the ACOS devices from the restart port-
list, and heartbeat messages must be enabled on the port. This is so that heartbeat
messages between the ACOS devices are maintained; otherwise, flapping might
occur.
Default Disabled. VRRP-A interfaces are not restarted after a failover.
Usage Use this command in inline mode configurations to cause the router connected to the ACOS
device to relearn MACs, including MACs for the real servers. Without this command, the
router might continue to try to reach the real servers through the ACOS device that becomes
the Standby ACOS device after a failover.

VRRP-A port restart toggles a specified set of ports on the formerly Active ACOS device by
disabling the ports, waiting for a specified number of milliseconds, then re-enabling the
ports. Toggling the ports causes the links to go down, which in turn causes the devices on
the other ends of the links to flush their learned MAC entries on the links. The devices then
can relearn MACs through links with the newly Active ACOS device.
vrrp-a vrid
Description Access the configuration level for a VRID.
Syntax [no] vrrp-a vrid num
Specify the VRID (0-31). If configuring a VRID in an L3V partition, you can specify 0-7.)
This command changes the CLI to the configuration level for the specified VRID.
The commands available at this level are summarized in “VRRP-A VRID Configuration
Commands” on page 66.
vrrp-a vrid-lead
Description Configure a VRID as the “leader” VRID, with other VRIDs to operate as followers.
Syntax [no] vrrp-a vrid-lead name

Replace name with the name of the VRID. You can enter 1-63 characters.
This command changes the CLI to the configuration level for the specified VRID leader,
where the following command is available:
[no] partition [shared | name] vrid [ID-num | default]
This command designates this VRID as the leader for a specific partition.
Default Not set
Usage For the leader VRID only, you can configure all capabilities, such as configuring the failover
policy template, the preempt mode, priority, and tracking options. For follower VRIDs, you
can only configure Floating IP Addresses.
If you try to remove a VRID that is configured as a lead VRID and that has other VRIDs that
follow it, you will not be allowed to remove it. You must remove the VRIDs that are
configured as followers before you remove the lead VRID.
Example The following command configures a VRID lead in the shared partition:
ACOS(config)#vrrp-a vrid-lead lead1

ACOS(config-vrid-lead)#partition shared vrid 1

VRRP-A Common Configuration Mode Commands

This section describes the commands available in VRRP-A common configuration mode.
• arp-retry
• dead-timer
• device-id
• disable-default-vrid
• enable
• hello-interval
• hostid-append-to-vrid
• inline-mode
• preemption-delay
• restart-time
• set-id
• track-event-delay
VRRP-A common configuration mode is accessed by entering the vrrp-a common command:
ACOS(config)#vrrp-a common
arp-retry
Description Change the number of additional gratuitous ARPs, in addition to the first one, an ACOS
device sends after transitioning from Standby to Active. These ARPs are sent at intervals of
500 milliseconds.
Syntax [no] arp-retry num
Replace num with the number of additional gratuitous ARPs to send, after sending the first
one. You can specify 1-255.
Default VRRP-A sends 4 additional gratuitous ARPs by default, for a total of 5.
Mode VRRP-A common configuration mode
Example Send 3 additional gratuitous ARPs when the system becomes active.
ACOS(config-common)#arp-retry 3

dead-timer
Description Change the number of hello intervals during which a standby device will wait for a hello
message from the Active VRRP-A device, before declaring the device to be down and begin-
ning failover.
Syntax [no] dead-timer num
Replace num with the maximum number of hello intervals to wait for a hello message. You
can specify 2-255.
Default 5
Usage For information about the hello interval, see “hello-interval” on page 63.
Example Set the number of hello intervals to 25.
ACOS(config-common)#dead-timer 25
device-id
Description Specify the VRRP-A device ID of the device.
Syntax [no] device-id num

Replace num with the device ID, 1-8.
Default N/A
Usage If aVCS is configured, use the same number as the aVCS device ID.
Example Set the device ID to 7.
ACOS(config-common)#device-id 7
disable
Description Disable VRRP-A on the device.

This command replaces the no enable command in release 4.0.
Syntax disable
Default By default, VRRP-A is disabled on any ACOS device.
Introduced in Release Release 4.0.1
Example Disable VRRP-A on the device.
ACOS(config-common)#disable
ACOS(config-common)#
disable-default-vrid
Description Disable the default VRID on the shared partition.
Syntax [no] disable-default-vrid
Default The default VRID is enabled by default.
Usage This command applies only to the shared partition.
Example Disable the default VRID on the shared partition.
ACOS(config-common)#disable-default-vrid
enable
Description Enable VRRP-A on the device.
Syntax enable
Default By default, VRRP-A is disabled on any ACOS device.
Example Enable VRRP-A on the device.
ACOS(config-common)#enable
ACOS-Active(config-common)#

hello-interval
Description Change the interval at which the active device sends VRRP-A hello messages out its VRRP-A
interfaces.
Syntax [no] hello-interval 100-ms-units
Replace 100-ms-units with the number of 100 ms (milliseconds) intervals between each
hello message. You can specify 1-255 intervals of 100 ms.
Default 2 (200 ms)
Example Set the hello interval to 4 (400 milliseconds).
ACOS(config-common)#hello-interval 4
hostid-append-to-vrid
Description This command enables you to identify the members of the VRRP-A set by serial number.
The show vrrp-a hostid command can be used to view the serial number of each device in
the VRRP-A set. By default, these serial numbers, which act as unique identifiers for all devices
in the VRRP-A set, are included in the VRRP-A hello packets for all VRIDs.
This command causes the device serial numbers to be sent in the VRRP-A hello packets for
the specified VRID only.
Syntax [no] hostid-append-to-vrid {default | vrid-num}
You can specify default, which is VRID 0, or specify a VRID number from 1-31.
Example Example configuration; device serial numbers should be included in the hello packets for
VRID 3 only:

ACOS(config-common)# hostid-append-to-vrid 3
Related Commands show vrrp-a hostid
inline-mode
Description Enable a specified ethernet port or trunk to be in Layer 2 inline hot standby mode.
Inline deployment allows you to insert a pair of ACOS devices into an existing network
without the need to reconfigure other devices in the network.

Inline support applies specifically to network topologies where inserting a pair of ACOS
switches would cause a Layer 2 loop.
Syntax [no] inline-mode {preferred-port port | preferred-trunk trunk}
port Ethernet port number.
trunk Trunk number.
Default Not configured.
Example Configure ethernet port 2 as the port to be used in the inline deplyment:
ACOS(config)#vrrpa-a common
ACOS(config-common)#inline-mode preferred-port 2
preemption-delay
Description Configure a delay between VRRP-A configuration changes and the time that preemption will
take effect.
For more information about preemption delay, see “Preemption Delay” on page 14.
Syntax [no] preemption-delay 100-ms
Replace 100-ms with the number of 100-millisecond units to wait before having
preemption take effect. You can configure the delay to range from 1-255 units, with each
unit equal to 100 ms. The maximum value is 25.5 seconds (255 units of 100ms).
Default 6 seconds (60 units of 100 ms)
Example Configure a preemption delay of 20 seconds (200 100-millisecond units).
ACOS(config-common)#preemption-delay 200

restart-time
Description The amount of time for ports on the standby system to be restarted after the transition from
the standby mode to active mode.
Syntax [no] restart-time seconds
Replace seconds with the number of seconds (1-100).
Usage This command applies only to VRRP-A interfaces in a restart port list configured by the vrrp-a
restart-port-list command.
Usage
set-id
Description Specify the VRRP-A set ID.
Syntax [no] set-id num
Replace num with the set ID, 1-15
Default 1
Example Configure a set ID of 4.
ACOS(config-common)#set-id 4
track-event-delay
Description Change the delay waited by the ACOS device before beginning failover in response to prior-
ity changes.
Syntax [no] track-event-delay 100-ms-units
Replace 100-ms-units with the number of milliseconds (ms) to wait before beginning
failover. You can specify 1-100 intervals of 100 ms.
Default 30 (3 seconds)
Example Configure a delay of 2 seconds (20 100-millisecond units).
ACOS(config-common)#track-event-delay 20

VRRP-A VRID Configuration Commands

This section describes the VRRP-A VRID configuration commands.
• blade-parameters
• floating-ip
• follow
• preempt-mode
VRRP-A VRID configuration mode is accessed by entering the vrrp-a vrid command. For example:

ACOS(config-vrid:0)#
blade-parameters
Description Enter vBlade configuration mode.
Commands available for configuring blade parameters are described in “VRRP-A Blade
Parameter Configuration Commands” on page 68.
Syntax [no] blade-parameters
Mode VRRP-A VRID configuration mode
Example Enter Vblade configuration mode:

ACOS(config-vrid:0-blade-parameters)#

floating-ip
Description Specifies the IP addresses that downstream devices should use as their default IPv4 or IPv6
gateways. Regardless of which device is active for the VRID, downstream devices can reach
their default IPv4 or IPv6 gateway at the floating IP address.
Syntax [no] floating-ip {ipaddr | ipv6addr}
Default N/A
Example The following example configures 10.10.10.8 as the floating IP address for the VRID:
ACOS(config)#vrrp-a vrid 0
ACOS(config-vrid:0)#floating-ip 10.10.10.8
follow
Description Configure a follower VRID.
Before you can use this command, you must have configured a leader VRID using the vrrp-a
vrid-lead command.
See “Configuring a Leader and Follower VRID” on page 36 for more information about leader
and follower VRIDs.
NOTE: This command only appears in an L3V partition; it does not appear in the shared
partition.
Syntax [no] follow vrid-lead name
Replace name with the name of the leader VRID.
Example This example shows how to follow the lead VRID called “lead1” from the shared partition “p1”
on VRID 1:
ACOS(config)#active-partition p1
Current active partition: p1
ACOS[p1](config)#vrrp-a vrid 1
ACOS[p1](config-vrid:1)#follow vrid-lead lead1

VRRP-A Blade Parameter Configuration Commands
preempt-mode
Description Disables ability for failovers to be caused by configuration changes to VRRP-A priority or
device ID.
Syntax [no] preempt-mode {disable | threshold num}
disable Disable preempt mode.
threshold num Controls whether failovers can be caused by configuration
changes to VRRP-A priority or device ID.
The threshold specifies the maximum difference in priority value
that can exist between the active and standby devices without
failover occurring. You can specify 1-255.
The default is 0.
Default Preemption is enabled by default.
Example The following example disables preemption:
ACOS(config-vrid:0)#preempt-mode disable

This section describes the VRRP-A blade parameter configuration commands.
• fail-over-policy-template
• priority
• tracking-options

VRRP-A Blade parameter configuration mode is accessed by entering the blade-parameters command. For example:
ACOS(config-vrid:0)#blade-parameters
ACOS(config-vrid:0-blade-parameters)#
fail-over-policy-template
Description Apply the specified failover policy template to the VRID.
Syntax [no] fail-over-policy-template template-name
Replace template-name with the name of the template you want to apply to this VRID.
Failover policy templates are created with the vrrp-a fail-over-policy-template command.
Default N/A
Mode VRRP-A Blade parameter configuration mode
Usage This command is changed from release 4.0, where it was available under VRRP-A VRID config-
uration mode. See the Release Notes for details.
Example The following example applies the policy template named “template1” to VRID 0:
ACOS(config-vrid:0-blade-parameters)#fail-over-policy-template template1
priority
Description Specifies the preference of the device to become the active device for the VRID. The device
that has the highest priority value for the VRID becomes the active device for the VRID.
Syntax [no] priority num
Replace num with the desired priority (1-255).
Default 150
uration mode. See the ACOS 4.0.1 Release Notes for details.
Example The following example sets the priority on VRID 0 to 200:
ACOS(config-vrid:0-blade-parameters)#priority 200

tracking-options
Description Accesses the configuration level for tracking options. Tracking options can dynamically
reduce the priority value used in dynamic failover.
For detailed information about event tracking, see “Events Tracked for Weight via the
Templates” on page 43.
Syntax [no] tracking-options
The supported tracking options are summarized in the table below.
Option Syntax Description

Gateway [no] gateway {ipaddr | ipv6addr} Configure tracking for the IPv4 or IPv6 default gateways.
priority-cost num
If a gateway fails, the specific num will be subtracted from
the priority on the VRID. You can specify a priority cost from
1-255.
Interface [no] interface ethernet num Configure tracking for a specified interface.
priority-cost num
If the interface fails, the specific num will be subtracted from
the priority on the VRID. You can specify a priority cost from
1-255.
Route [no] route {ipaddr | ipv6addr} Configure tracking for the specified route.
{/mask-length | subnet-mask}
{next-hop-addr} If the specified route is missing, the specific num will be sub-
[distance num] tracted from the priority on the VRID. You can specify a pri-
[priority-cost num] ority cost from 1-255.
[protocol The distance parameter specifies the route’s administra-
{any | static | dynamic}]
tive distance; if not specified, any distance is matched.
The protocol parameter matches the route protocol:
• any - match any routing protocol (default)
• static - match only user-specified static routes
• dynamic - match only routes added by dynamic routing
protocols (for example, OSPF)

VRRP-A Show Commands
Option Syntax Description

Trunk [no] trunk num priority-cost num Configure tracking for a specified trunk.
[per-port-pri num]
If the trunk or individual ports on the trunk fail, the specified
priority cost num will be subtracted from the priority on the
VRID. You can specify a priority cost from 1-255.
The per-port-pri option tracks individual ports in the
trunk. The VRID’s priority is reduced by the per-port-pri
amount for each port that fails. You can specify 1-255.
VLAN [no] vlan vlan-id Configure tracking for the specified VLAN.
timeout seconds
priority-cost num If traffic is no longer detected on the specified VLAN, the
specific num will be subtracted from the priority on the
VRID. You can specify a priority cost from 1-255.
The timeout option configures the number of seconds a
VLAN can remain idle without triggering a failover and pri-
ority cost reduction.
Default N/A
uration mode. See the Release Notes for details.
See “Configuration of Tracking Options” on page 31.

This section describes the VRRP-A show commands. These commands are available at any level in the CLI.
• show vrrp-a
• show vrrp-a fail-over-policy-template
• show vrrp-a hostid
• show vrrp-a mac
• show vrrp-a setid-monitor
• show vrrp-a statistics
• show vrrp-a vrid-lead

show vrrp-a
Description Display VRRP-A information.
Syntax show vrrp-a [detail]
Mode All
Example The following example shows sample output for the show vrrp-a command.
ACOS#show vrrp-a
vrid 0
*
vrid 1
*
Example The following example shows sample output for the show vrrp-a detail command.
ACOS[corpa](config)#show vrrp-a detail

vrid 0
2 (Peer) Standby 65534 199 *
vrid 1
VRRP-A stats
Peer: 2, vrid 0


Heartbeat missed: 0
Peer: 2, vrid 1
Heartbeat missed: 0
Total packets received from peer: 468672
Conn Sync Pkts: Sent 0 Received 0

Conn Query Pkts: Sent 0 Received 0
Conn Sync Create Session Pkts: Sent 0 Received 0

Conn Sync Update Age Pkts: Sent 0 Received 0
Conn Sync Delete Session Pkts: Sent 0 Received 0
Conn Sync Create Persist Session Pkts: Sent 0 Received 0

Conn Sync Update Persist Age Pkts: Sent 0 Received 0
Conn Sync Delete Persist Session Pkts: Sent 0 Received 0
Conn Sync Update LSN RADIUS: Sent 0 Received 0
Conn Sync Update LSN Fullcone: Sent 0 Received 0
Total packets sent for vrid 0: 234335

Total packets sent for vrid 1: 234336

Dup device id: 0 Set id mismatch: 0

Version mismatch: 0 Error partition id: 0
Error port: 0 Error device id: 0
Peer IP[2]: 192.168.110.2

Vrid default tracking:

The following table describes the fields in the preceding command outputs.
Field Description
vrid Virtual router ID
Unit VRRP-A device ID.
“Local” indicates this ACOS device. “Peer” indicates another ACOS device in the
same VRRP-A set.
State VRRP-A state:
• Active
• Standby
Weight Current VRRP-A weight of this device.
Priority Current VRRP-A priority of this device.
vrid that is running VRID that is currently running on the partition.
VRRP-A Stats
The following information is listed for each VRRP-A peer device.
Peer Device ID of the peer device, and the VRID.
Port Data port that connects this device (the Local device) to the peer device.
The received counter indicates the number of Hello packets received for the VRID
from the peer on this port.
The missed counter indicates the number of Hello packets that were expected for
the VRID but did not arrive from the peer on this port.
Heartbeat missed Number of Hello packets that were expected for the VRID from the peer but did
not arrive on any port.
Total packets received from peer Total number of Hello packets received from the peer.
Detail Fields
Note: The following fields appear only if you use the detail option.
Conn Sync Pkts Number of connection (session) synchronization packets sent by this partition for
the VRID.
Conn Query Pkts Number of session synchronization query packets sent by this partition for the
VRID. Query packets are sent by the standby device to request session information.
Conn Sync Create Session Pkts Number of creation packets for synchronized connections sent by this partition for
the VRID.
Conn Sync Update Age Pkts Number of update packets for synchronized connections sent by this partition for
the VRID.
Conn Sync Delete Session Pkts Number of delete packets for synchronized connections sent by this partition for
the VRID.
Total packets sent for vrid N Total number of Hello packets sent by this partition for the VRID. Separate counters
are listed for each data port used by this partition to send the packets.
Dup device ID Number of incoming hello packets that had the same device ID as this device (the
local device).

Field Description
Set ID mismatch Number of incoming hello packets in which the VRRP-A set ID was different from
this device’s set ID.
Version mismatch Number of incoming hello packets that had a different VRRP-A software version
that the one running on this device.
Error port Number of hello messages received from a non-existent port.
Error device ID Number of hello messages received from an invalid device ID (any device ID higher
than 8).
Switch to active, switch to standby Number of times the partition transitioned to Active or Standby for the VRID.
Peer IP IP address of the active peer for the VRID. The active peer is the device to which
this device (the local device) sends sessions for synchronization.
show vrrp-a fail-over-policy-template

Description Display the VRRP-A fail-over policy template details.
Syntax show vrrp-a fail-over-policy-template
Mode All
Example The following command shows VRRP-A information for all the fail-over policy templates:
ACOS(config)#show vrrp-a fail-over-policy-template

vrrp-a fail-over-policy-template interface
vrrp-a fail-over-policy-template trunk
vrrp-a fail-over-policy-template gateway
vrrp-a fail-over-policy-template route
route 4.4.4.0 255.255.255.0 weight 200
vrrp-a fail-over-policy-template vlan
route 20.20.20.0 255.255.255.0 weight 200
If you specify the name of the template, the show vrrp-a fail-over-policy
template command displays the contents of that template only.

show vrrp-a hostid

Description View the serial number or SoftAX UUID of all devices in the VRRP-A set.
Syntax show vrrp-a hostid
Mode All
Example Below is an example output for this command:
ACOS# show vrrp-a hostid

Vrrp-a Set id is 6
device 2 AX10A43012050032
device 3 AX10A83012060148
ACOS#
Related Commands hostid-append-to-vrid
show vrrp-a mac

Description Display the virtual MAC addresses of the VRIDs.
Syntax show vrrp-a mac
Mode All
Example The following command shows the virtual MAC addresses for the default VRID (0) and VRIDs
1 and 2:
ACOS#show vrrp-a mac

VRRP-A vrid MACs
0 021f.a000.0020
1 021f.a000.0021
2 021f.a000.0022
show vrrp-a setid-monitor

Description Display the VRRP-A set information.
Syntax show vrrp-a setid-monitor
Mode All
Introduced in Release 2.7.0
show vrrp-a statistics

Description View VRRP-A statistics.

Syntax show vrrp-a statistics
Mode All
show vrrp-a vrid-lead

Description View the lead VRID configuration on the system.
Syntax show vrrp-a vrid-lead
Mode All
Example Below is an example output for this command:
ACOS#show vrrp-a vrid-lead

vrrp-a vrid-lead lead1
ACOS(NOLICENSE)#
This example shows that two lead VRIDs are configured; the “default-vrid-lead” on the shared
partition, and also “lead1” on the shared partition.



8
Document No.: 410-VRRP-A-001 | 2/17/2016

Configuring VRRP-A High Availability

Uploaded by

Copyright:

Available Formats

Configuring VRRP-A High Availability

Uploaded by

Document Information

Copyright

Available Formats

Share this document

Share or Embed Document

Sharing Options

Did you find this document useful?

Is this content inappropriate?

Copyright:

Available Formats

Configuring VRRP-A High Availability

Uploaded by

Copyright:

Available Formats

CONFIGURING VRRP-A HIGH AVAILABILITY

A10 Thunder Series and AX Series

A10 Networks Inc. Software License and End User Agreement

2. sublicense, rent or lease the Software.

Overview of VRRP-A ................................................................................................................................................. 7

Deploying VRRP-A ..................................................................................................................................................25

page 3 | Document No.: 410-VRRP-A-001 - 2/17/2016

Simple Deployment ..............................................................................................................................................................................29

VRRP-A Policy-Based Failover Template .........................................................................................................39

VRRP-A CLI Commands .........................................................................................................................................51

Document No.: 410-VRRP-A-001 - 2/17/2016 | page 4

VRRP-A Common Configuration Mode Commands............................................................................................. 60

page 5 | Document No.: 410-VRRP-A-001 - 2/17/2016

Document No.: 410-VRRP-A-001 - 2/17/2016 | page 6

This chapter provides an overview of VRRP-A high availability.

The following topics are covered:

• VRRP-A Active / Standby Device Selection

• VRRP-A and Floating IP Addresses

• VRRP-A and Configuration Synchronization

• VRRP-A and Session Synchronization

VRRP-A can provide redundancy for the following IP resources:

• Virtual server IP addresses (VIPs)

• Floating IP addresses used as default gateways by downstream devices

• IPv6 NAT pools

• IPv4 NAT pools

page 7 | Document No.: 410-VRRP-A-001 - 2/17/2016

• Basic VRRP-A Configuration

• VRRP-A and Virtual Router IDs

• VRRP-A, Virtual Router IDs, and Partitions

Basic VRRP-A Configuration

FIGURE 1 Basic VRRP-A Configuration

The elements in this illustration are described in Table 1.

TABLE 1 VRRP-A Basic Configuration Elements

Document No.: 410-VRRP-A-001 - 2/17/2016 | page 8

TABLE 1 VRRP-A Basic Configuration Elements

VRRP-A sends hello messages to the following addresses:

• IPv4 multicast address 224.0.0.210, MAC address 01:00:5e:00:00:D2

VRRP-A and Virtual Router IDs

page 9 | Document No.: 410-VRRP-A-001 - 2/17/2016

FIGURE 2 VRRP-A Configuration with VRIDs

Leader and Follower VRIDs

Document No.: 410-VRRP-A-001 - 2/17/2016 | page 10

VRID Virtual MAC Addresses

VRRP-A, Virtual Router IDs, and Partitions

FIGURE 3 VRRP-A Configuration with Partitions

page 11 | Document No.: 410-VRRP-A-001 - 2/17/2016

VRRP-A Active / Standby Device Selection

• VRRP-A Active Device Selection Overview

• Event Tracking for Weight and Priority

• Track Event Delay

• Active Device Selection Examples

VRRP-A Active Device Selection Overview

FIGURE 4 VRRP-A Device Selection Flowchart

• The weight assigned to an event.

Document No.: 410-VRRP-A-001 - 2/17/2016 | page 12

• Priority value assigned as part of the VRRP-A deployment.

Event Tracking for Weight and Priority

page 13 | Document No.: 410-VRRP-A-001 - 2/17/2016

Track Event Delay

Active Device Selection Examples