L2 Interchassis HA Configuration without Connectedapps - OnePK
Configuration Overview
This section provides a sample interchassis wsg-service High Availability (HA) configuration for SecGW functionality between four VPC-VSM instances (StarOS VMs) running on VSMs in separate ASR 9000 chassis without connectedapps – OnePK usage.
Interchassis Layer 2 redundancy supports hot standby redundancy between two VPC-VSM instances in different ASR 9000 chassis. The standby instance is ready to become active when switchover is triggered.
SA re-negotiation is not required and traffic loss is minimal. The route database on the standby VSM must contain only the routes that were successfully injected by the active VSM.
Because of the asymmetric assignment of VSM resources among StarOS VMs, operator should configure one-to-one mapping between StarOS VMs across active/standby VSMs in different ASR 9000 chassis.
Active VSM |
Standby VSM |
---|---|
VM1-SecGW1 |
VM1-SecGW1 |
VM2-SecGW2 |
VM2-SecGW2 |
VM3-SecGW3 |
VM3-SecGW3 |
VM4-SecGW4 |
VM4-SecGW4 |
Each VM is monitored through SRP and each Chassis is monitored through HSRP configurations and BGP is used for Chassis to VM communication.
How Chassis Failover Happens
When an ASR 9000 interface in RSP goes down, a BGP notification is sent from that RSP to its SecGW stating the same. Immediately, SecGW will sends SRP HELLO packet to its SecGW peer with its state changed to "ActivePendingStandby" from "Active". When standby SecGW receives the hello packet it becomes New Active and sends HELLO response with its state changed from "standby" to "Active".
ASR 9000 Chassis RSP Configuration (IOS-XR)
This section provides sample RSP configuration for chassis failover (active) without OnePK.
.
.
.
router bgp 20
bfd minimum-interval 150
bfd multiplier 3
bgp router-id 2.2.2.1
address-family ipv4 unicast
maximum-paths ebgp 2
!
neighbor 172.27.54.12
remote-as 220
bfd fast-detect
description SecGW1-clear
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
soft-reconfiguration inbound always
.
.
.
neighbor 172.27.54.44
remote-as 220
bfd fast-detect
description SecGW2-ike
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
soft-reconfiguration inbound always
.
.
.
router hsrp
interface BVI1871
hsrp delay minimum 1 reload 240
address-family ipv4
hsrp 3 version 2
timers msec 300 1
preempt
priority 100
address 172.27.54.35
track object WsgIPsla
.
.
.
interface BVI1881
hsrp delay minimum 1 reload 240
address-family ipv4
hsrp 1 version 2
timers msec 300 1
preempt
priority 100
address 172.27.54.3
track object WsgIPsla
.
.
.
ASR 9000 Backup Chassis Configuration
This section provides sample RSP configuration for chassis failover (standby) without OnePK.
.
.
.
router bgp 20
bfd minimum-interval 150
bfd multiplier 3
bgp router-id 2.2.2.2
address-family ipv4 unicast
maximum-paths ebgp 2
.
.
.
neighbor 172.27.54.13
remote-as 220
bfd fast-detect
description SecGW2-clear
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
soft-reconfiguration inbound always
.
.
.
neighbor 172.27.54.45
remote-as 220
bfd fast-detect
description SecGW1-ike
address-family ipv4 unicast
route-policy pass-all in
route-policy pass-all out
soft-reconfiguration inbound always
.
.
.
router hsrp
interface BVI1871
hsrp delay minimum 1 reload 240
address-family ipv4
hsrp 3 version 2
timers msec 300 1
preempt
priority 100
address 172.27.54.35
track object WsgIPsla
.
.
.
interface BVI1881
hsrp delay minimum 1 reload 240
address-family ipv4
hsrp 1 version 2
timers msec 300 1
preempt
priority 100
address 172.27.54.3
track object WsgIPsla
.
.
.
SecGW1 Configuration on Active Chassis
This section provides sample SecGW configuration for VM failover (active) without OnePk.
.
.
.
router bgp 220
neighbor 172.27.54.33 remote-as 20
neighbor 172.27.54.33 timers keepalive-interval 1 holdtime-interval 3
neighbor 172.27.54.33 fall-over bfd
no neighbor 172.27.54.33 capability graceful-restart
neighbor 172.27.54.1 remote-as 20
neighbor 172.27.54.1 timers keepalive-interval 1 holdtime-interval 3
neighbor 172.27.54.1 fall-over bfd
no neighbor 172.27.54.1 capability graceful-restart
address-family ipv4
neighbor 172.27.54.33 distribute-list PermitLoopbackEncr out
neighbor 172.27.54.1 distribute-list DenyInRoutes in
neighbor 172.27.54.1 distribute-list PermitLoopbackClr out
#exit
.
.
.
service-redundancy-protocol
.
.
.
monitor bgp context wsg 172.27.54.33 group 3
monitor bgp context wsg 172.27.54.1 group 1
.
.
.
SecGW1 Configuration on Standby Chassis
This section provides sample SecGW configuration for VM failover (standby) without OnePK.
.
.
.
router bgp 220
neighbor 172.27.54.34 remote-as 20
neighbor 172.27.54.34 timers keepalive-interval 1 holdtime-interval 3
neighbor 172.27.54.34 fall-over bfd
no neighbor 172.27.54.34 capability graceful-restart
neighbor 172.27.54.2 remote-as 20
neighbor 172.27.54.2 timers keepalive-interval 1 holdtime-interval 3
neighbor 172.27.54.2 fall-over bfd
no neighbor 172.27.54.2 capability graceful-restart
address-family ipv4
neighbor 172.27.54.34 distribute-list PermitLoopbackEncr out
neighbor 172.27.54.2 distribute-list DenyInRoutes in
neighbor 172.27.54.2 distribute-list PermitLoopbackClr out
#exit
.
.
.
bfd multihop-peer 172.27.54.106 interval 250 min_rx 250 multiplier 3
#exit
service-redundancy-protocol
.
.
.
monitor bgp context wsg 172.27.54.34 group 3
monitor bgp context wsg 172.27.54.2 group 1
.
.
.