Alcatel Carrier Internetworking Solutions 6600 instruction

Configuring High Availability VLANs

Ingress and Egress Traffic Flows

The figure below shows how ingress traffic is handled by high availability VLANs.

Ingress

Ports

OmniSwitch

MAC Address:

01:20:da:05:f5:2a

MAC Address:

00:95:2a:05:ff:4a

High Availability

VLAN

MAC Address: 00:95:2a:05:ff:4a

Egress

Ports

Ingress to Egress Port Flow

In the above example, packets received on the ingress ports that are destined for the high availability VLAN MAC address are sent out the egress ports that are members of the same VLAN. Since all three servers are connected to egress ports, they all receive the ingress port traffic. This provides a high level of availability in that if one of the server connections goes down, the other connections still forward traffic to one of the redundant servers.

Note the following regarding ingress and egress port traffic flow:

•Ingress port traffic destined for the high availability VLAN MAC address is only sent out on egress ports and not on any other ingress ports.

•If a packet received on an ingress port is not destined for the high availability VLAN MAC address, the packet is bridged as regular traffic to all ports in the VLAN, not just egress ports.

•Traffic received on egress ports is bridged as regular traffic to all ports assigned to the VLAN, regard- less of their ingress or egress port state.

High Availability Firewall Clusters

One key application of high availability VLANs is interfacing with third-party high availability firewall clusters, which allow two or more servers running a common firewall application to work as if they were one system. The following subsection describes an example HA VLAN implementation that is used to interface with a third-party high availability firewall cluster.

page 3-6

Release 5.1.6.R02 User Guide Supplement June 2005

Image 116

Alcatel Carrier Internetworking Solutions 6600 manual Ingress and Egress Traffic Flows, High Availability Firewall Clusters

Contents

Release 5.1.6.R02 Release 5.1.6.R02 User Guide Supplement June Contents Contents Deleting a Vlan Contents High Availability Vlan Commands OmniSwitch CLI Reference GuideIPv6 Commands Following new command should be included in this chapter Mac-address-table port-mac vlan mac Vlan port-mac bandwidth Vlan vid port-mac bandwidth mbps Bandwidth 802.1X Commands 802.1x slot/port guest-vlan vid disable 802.1x guest-vlan AlaDot1xGuestVlanConfTable AlaDot1xGuestVlanNumber 802.1x supp-polling retry 802.1x slot/port supp-polling retry retries 802.1x guest-vlan Show 802.1x non-supp Show 802.1x non-supp slot/port OmniSwitch 7700/7800/8800 Network Configuration Guide IP CommandsConfiguring IP Configuring a Loopback0 Interface Configuring Quick Steps for Configuring Show 802.1x users Slot Configuring a Guest Vlan Guest VLANs for Non-802.1x Supplicants Configuring a BGP Peer with the Loopback0 Interface Configuring High Availability VLANsConfiguring BGP OmniSwitch 6600 Family Network Configuration Guide Supp command Configuring a Guest Vlan User Documentation Addendum Show 802.1x non-supp IPv6 Commands Summary of the IPv6 commands is listed here Ipv6 interface Ra-max-interval interval Enable disable Example Parameterdefault Ipv6 address Displays IPv6 Interface Table Ipv6 interface tunnel source destination Ifname ipv4source ipv4destination Related Commands MIB Objects Ipv6 dad-check Ipv6 hop-limit Ipv6 hop-limit value No ipv6 hop-limit Ipv6 pmtu-lifetime Ipv6 pmtu-lifetime time Ipv6 host Ipv6 neighbor Ipv6 prefix Valid-lifetime time Displays IPv6 prefixes used in router advertisements Ipv6 route Ping6 To a specified destination Traceroute6 Used to test whether an IPv6 destination can be reached from Debug ipv6 packet File filename write debug information to the specified file Raw bytes Related Commands Debug ipv6 trace-category Configures the display of IPv6 debug messages Show ipv6 hosts Show ipv6 hosts substringName IPv6 Address Show ipv6 icmp statistics Show ipv6 icmp statistics ifname Errors Administratively ProhibitedParameter Problems Total MIB Objects Show ipv6 interface Show ipv6 interface ifname loopbackIPv6 Address/Prefix Length Status Show ipv6 interface v6if-6to4-137 Operational status Administrative statusIPv6 interface index RA managed config flag RA other config flagRA retransmit timer ms RA default lifetime ms Show ipv6 interface Show ipv6 pmtu table Show ipv6 pmtu tableDestination Address Expires Path MTU Table Clear ipv6 pmtu table Clear ipv6 pmtu table Show ipv6 neighbors Configures a static entry in the IPv6 Neighbor Table Clear ipv6 neighbors Clear ipv6 neighbors Show ipv6 prefixes Show ipv6 prefixesValid Lifetime Preferred Lifetime Prefixes for router advertisements Protocol Protocol by which the route was learned Show ipv6 routesAge Configures a static entry in the IPv6 route Show ipv6 tcp ports Show ipv6 tcp portsLocal Address Remote Address Displays the UDP Over IPv6 Listener Table Show ipv6 traffic Header errors Address errorsReassembly needed Reassembly failed Show ipv6 icmp statistics Displays IPv6 Icmp statistics Clear ipv6 traffic Clear ipv6 traffic Show ipv6 tunnel Show ipv6 tunnel Ipv6 interface tunnel source Show ipv6 udp ports Show ipv6 udp ports Show ipv6 udp ports Ipv6 load rip Ipv6 load rip Ipv6 rip status Ipv6 rip status enable disableParameterdefault Enable disable Ipv6 rip invalid-timer Ipv6 rip invalid-timer seconds Ipv6 rip garbage-timer Ipv6 rip garbage-timer seconds Ipv6 rip holddown-timer Ipv6 rip holddown-timer seconds Ipv6 rip jitter Ipv6 rip jitter value Ipv6 rip route-tag Ipv6 rip route-tag value Ipv6 rip update-interval Ipv6 rip update-interval seconds Ipv6 rip triggered-sends all updated-only none Update packetsNone RIPng routes are not added to triggered updates Parameterdefault All updated-only none Updated-only Ipv6 rip interface Ipv6 rip interface ifname No ipv6 rip interface ifname Is set to enable, packets can be received on this interface Ipv6 rip interface metric Ipv6 rip interface ifname metric value Ipv6 rip interface ifname recv-status enable disable Ipv6 rip interface recv-status Ipv6 rip interface ifname send-status enable disable Ipv6 rip interface send-status Ipv6 rip interface ifname horizon none split-only poison Parameterdefault None split-only poison PoisonIpv6 rip interface horizon Ipv6 rip debug-level Ipv6 rip debug-type Configures the RIPng debug level Show ipv6 rip Interval Packets Recvd Show ipv6 rip interfaceInterface name Next update Horizon modeMetric Interface status MIB Objects Show ipv6 rip peer Show ipv6 rip peer ipv6addresss Show ipv6 rip peer Gateway Show ipv6 rip routesDest Show ipv6 rip routes detail 9900/100 MIB Objects Show ipv6 rip debug Show ipv6 rip debug Debug Level Debug Type Status on/off Configuring High Availability VLANs This Chapter High Availability VLANs Specifications High Availability Default Values Quick Steps for Creating High Availability VLANs Configuring High Availability VLANs High Availability Vlan Overview Ingress to Egress Port Flow Ingress and Egress Traffic FlowsHigh Availability Firewall Clusters Traditional Firewall Implementation Firewall and High Availability Cluster Configuring High Availability VLANs on a Switch Creating and Deleting VLANs Creating a Vlan Assigning Ingress Ports Assigning and Removing Ingress PortsDeleting a Vlan Removing Ingress Ports Removing Egress Ports Assigning and Removing Egress PortsAssigning Egress Ports Assigning and Removing MAC Addresses Assigning MAC Addresses Configuring Inter-switch Ports for HA VLANs Removing MAC Addresses Configuring the Flood Queue Bandwidth Application Example 1 Firewall Cluster Ingress Traffic Flow Application Example 2 Inter-Switch HA VLANsHA Vlan Inter-Switch Configuration Vlan 2 port default 1/1-3 5/4 Displaying High Availability Vlan Status and Statistics Show vlan Screen similar to the following will be displayed