一、技术原理、场景应用1.1 场景需求上行转发侧跨设备或非邻设备网络侧出接口目的IP不可达时VRRP无法感知会导致用户流量丢失。通过VRRP联动NQA测试实例使用NQA检测Master端上行链路状态故障检测NQA检测到上行链路故障时通知VRRP降低Master设备优先级主备切换优先级降低后Backup设备优先级高于Master成为新的Master链路恢复上行链路恢复后NQA通知VRRP恢复设备优先级原Master重新抢占1.2 关键特性NQA测试类型限制VRRP与NQA联动功能的NQA测试实例只能是ICMP测试实例优先级降低机制缺省情况下当NQA实例状态变为Failed时优先级降低抢占机制链路恢复后原Master设备优先级恢复重新抢占成为Master二、实验拓扑外网/上行网络 │ DeviceC (10.1.1.2) │ ┌─────────┴─────────┐ DeviceA DeviceB (10.1.1.1) (10.1.1.3) │ │ └─────────┬─────────┘ │ VRRP虚拟网关 10.1.1.254 │ 用户网络DeviceAVRRP Master优先级120DeviceBVRRP Backup优先级100DeviceC上行网络设备监控目标虚拟网关10.1.1.254三、配置步骤3.1 DeviceA配置Master设备步骤1配置接口IP地址# 进入系统视图 Huawei system-view [Huawei] sysname DeviceA # 配置接口三层模式如为二层接口 [DeviceA] interface GigabitEthernet 0/0/1 [DeviceA-GigabitEthernet0/0/1] undo portswitch # 配置IP地址 [DeviceA-GigabitEthernet0/0/1] ip address 10.1.1.1 255.255.255.0 [DeviceA-GigabitEthernet0/0/1] quit步骤2创建NQA测试实例# 创建NQA测试实例 [DeviceA] nqa test-instance admin nqa_vrrp [DeviceA-nqa-admin-nqa_vrrp] test-type icmp [DeviceA-nqa-admin-nqa_vrrp] destination-address ipv4 10.1.1.2 [DeviceA-nqa-admin-nqa_vrrp] frequency 5 [DeviceA-nqa-admin-nqa_vrrp] probe-count 3 [DeviceA-nqa-admin-nqa_vrrp] timeout 2000 [DeviceA-nqa-admin-nqa_vrrp] start now [DeviceA-nqa-admin-nqa_vrrp] quit命令解析命令说明nqa test-instance admin nqa_vrrp创建NQA测试实例管理员名admin实例名nqa_vrrptest-type icmp必须为ICMP类型VRRP联动只支持ICMPdestination-address ipv4 10.1.1.2设置监控的目标IP地址上行链路目的设备frequency 5检测频率5秒probe-count 3每次检测发送3个ICMP报文timeout 2000等待响应超时时间2000msstart now立即启动测试实例步骤3配置VRRP备份组# 进入接口视图 [DeviceA] interface GigabitEthernet 0/0/1 # 创建VRRP备份组 [DeviceA-GigabitEthernet0/0/1] vrrp vrid 1 virtual-ip 10.1.1.254 # 配置优先级高于默认值100 [DeviceA-GigabitEthernet0/0/1] vrrp vrid 1 priority 120 # 配置抢占模式延迟20秒抢占 [DeviceA-GigabitEthernet0/0/1] vrrp vrid 1 preempt-mode timer delay 10 [DeviceA-GigabitEthernet0/0/1] quit命令解析命令说明vrrp vrid 1 virtual-ip 10.1.1.254创建VRID为1的VRRP组虚拟IP为10.1.1.254vrrp vrid 1 priority 120设置优先级为120范围1-254值越大优先级越高vrrp vrid 1 preempt-mode timer delay 10配置抢占模式延迟10秒后抢占步骤4配置VRRP与NQA联动# 进入接口视图 [DeviceA] interface GigabitEthernet 0/0/1 # 配置VRRP监视NQA测试实例 [DeviceA-GigabitEthernet0/0/1] vrrp vrid 1 track nqa admin nqa_vrrp reduced 40 [DeviceA-GigabitEthernet0/0/1] quit参数说明vrid 1VRRP备份组标识1-255track nqa使能VRRP监视NQA测试实例功能admin nqa_vrrp指定要监视的NQA测试实例reduced 40当NQA测试失败时优先级降低40缺省值为10关键配置原则优先级降低后 Backup设备优先级DeviceA降低后120 - 40 80 DeviceB优先级100 80 100 可以触发切换3.2 DeviceB配置Backup设备步骤1配置接口IP地址Huawei system-view [Huawei] sysname DeviceB [DeviceB] interface GigabitEthernet 0/0/1 [DeviceB-GigabitEthernet0/0/1] undo portswitch [DeviceB-GigabitEthernet0/0/1] ip address 10.1.1.3 255.255.255.0 [DeviceB-GigabitEthernet0/0/1] quit步骤2配置VRRP备份组[DeviceB] interface GigabitEthernet 0/0/1 # 创建相同的VRRP备份组 [DeviceB-GigabitEthernet0/0/1] vrrp vrid 1 virtual-ip 10.1.1.254 # 优先级设置为100默认值低于DeviceA的120 [DeviceB-GigabitEthernet0/0/1] vrrp vrid 1 priority 100 # 配置抢占模式 [DeviceB-GigabitEthernet0/0/1] vrrp vrid 1 preempt-mode [DeviceB-GigabitEthernet0/0/1] quit注意DeviceB不需要配置NQA联动因为只有Master设备需要监控上行链路。四、工作原理解析4.1 正常工作状态DeviceA状态 - 优先级120 - 角色Master - NQA测试Success DeviceB状态 - 优先级100 - 角色Backup - NQA测试不配置4.2 上行链路故障切换过程故障触发流程1. NQA检测到10.1.1.2不可达 ↓ 2. NQA测试实例状态变为Failed ↓ 3. DeviceA优先级降低120 - 40 80 ↓ 4. DeviceA发送VRRP报文优先级80 ↓ 5. DeviceB接收到优先级80的报文 ↓ 6. DeviceB优先级100 80立即抢占成为Master日志输出示例# DeviceA日志 May 20 14:00:00 DeviceA NQA: Test instance admin nqa_vrrp state changed to Failed May 20 14:00:00 DeviceA VRRP: VRID 1 priority reduced to 80 May 20 14:00:01 DeviceA VRRP: VRID 1 state changed to Backup # DeviceB日志 May 20 14:00:01 DeviceB VRRP: VRID 1 state changed to Master4.3 链路恢复后切换过程恢复触发流程1. NQA检测到10.1.1.2恢复可达 ↓ 2. NQA测试实例状态变为Success ↓ 3. DeviceA优先级恢复80 40 120 ↓ 4. DeviceA等待20秒后发送VRRP报文优先级120 ↓ 5. DeviceB接收到优先级120的报文 ↓ 6. DeviceB降级为BackupDeviceA重新成为Master五、配置验证5.1 查看NQA测试结果命令格式display nqa results test-instance admin-name test-name正常输出示例[DeviceA] display nqa results test-instance admin nqa_vrrp NQA entry(admin, nqa_vrrp) :testflag is active ,testtype is icmp 1 . Test 1 result The test is finished Send operation times: 3 Receive response times: 3 Completion: success RTD OverThresholds number: 0 Attempts number: 1 Drop operation number: 0 Disconnect operation number: 0 Operation timeout number: 0 System busy operation number: 0 Connection fail number: 0 Operation sequence errors number: 0 RTT Stats errors number: 0 Destination ip address: 10.1.1.2 Min/Max/Average Completion Time: 10/20/15字段说明Completion: success测试成功Completion: failed测试失败Send operation times发送探测次数Receive response times接收响应次数5.2 查看VRRP状态命令格式display vrrp [interface interface-type interface-number] [virtual-router-id] [verbose]正常输出示例DeviceA - Master[DeviceA] display vrrp verbose Vlanif100 | Virtual Router 1 State : Master Virtual IP : 10.1.1.254 Master IP : 10.1.1.1 Local IP : 10.1.1.1 PriorityRun : 120 PriorityConfig : 120 MasterPriority : 120 Preempt : YES Delay Time : 20 s TimerRun : 1 s TimerConfig : 1 s Auth type : NONE Virtual MAC : 0000-5e00-0101 Check TTL : YES Config type : normal-vrrp Track NQA : admin nqa_vrrp Reduced : 40 NQA state : Success Create time : 2026-05-20 13:30:00 Last change time : 2026-05-20 13:30:00关键字段说明表格字段说明State当前状态Master/Backup/InitializePriorityRun当前运行优先级PriorityConfig配置优先级Track NQA监视的NQA测试实例NQA stateNQA测试实例状态Success/Failed5.3 故障模拟验证模拟上行链路故障# 在DeviceC上关闭接口 [DeviceC] interface GigabitEthernet 0/0/1 [DeviceC-GigabitEthernet0/0/1] shutdown # 观察切换 [DeviceA] display vrrp verbose [DeviceA] display nqa results test-instance admin nqa_vrrp预期结果DeviceAState: BackupPriorityRun: 80NQA state: FailedDeviceBState: MasterPriorityRun: 100恢复上行链路# 在DeviceC上恢复接口 [DeviceC] interface GigabitEthernet 0/0/1 [DeviceC-GigabitEthernet0/0/1] undo shutdown # 等待20秒后观察 [DeviceA] display vrrp verbose预期结果DeviceAState: MasterPriorityRun: 120NQA state: SuccessDeviceBState: Backup六、常见问题6.1 问题1NQA测试失败但VRRP未切换原因优先级降低值设置不当降低后优先级仍高于Backup设备错误配置示例[DeviceA-GigabitEthernet0/0/1] vrrp vrid 1 track nqa admin nqa_vrrp reduced 10 # 降低后120 - 10 110仍大于Backup的100无法切换正确配置[DeviceA-GigabitEthernet0/0/1] vrrp vrid 1 track nqa admin nqa_vrrp reduced 30 # 降低后120 - 30 90小于Backup的100可以切换6.2 问题2NQA测试实例无法创建检查步骤# 1. 检查NQA功能是否启用 [DeviceA] display nqa configuration # 2. 确保测试类型为ICMPVRRP联动只支持ICMP [DeviceA] nqa test-instance admin nqa_vrrp [DeviceA-nqa-admin-nqa_vrrp] test-type icmp # 3. 检查目标IP是否可达 [DeviceA] ping 10.1.1.26.3 问题3切换后无法恢复原因1Backup设备未配置抢占模式解决方案[DeviceB-GigabitEthernet0/0/1] vrrp vrid 1 preempt-mode # 或 [DeviceB-GigabitEthernet0/0/1] vrrp vrid 1 preempt-mode timer delay 0原因2NQA测试实例未启动解决方案[DeviceA-nqa-admin-nqa_vrrp] start now6.4 问题4ENSP设备不支持完整VRRP功能检查方法[DeviceA] display version # 查看设备型号和VRP版本建议使用AR系列路由器如AR2220、AR3260或使用S5700/S7700系列三层交换机确保VRP版本支持VRRP与NQA联动功能七、配置总结与实践7.1 完整配置命令汇总DeviceAMastersystem-view sysname DeviceA # 配置接口 interface GigabitEthernet 0/0/1 undo portswitch ip address 10.1.1.1 255.255.255.0 # 配置VRRP vrrp vrid 1 virtual-ip 10.1.1.254 vrrp vrid 1 priority 120 vrrp vrid 1 preempt-mode timer delay 20 vrrp vrid 1 track nqa admin nqa_vrrp reduced 40 quit # 配置NQA nqa test-instance admin nqa_vrrp test-type icmp destination-address ipv4 10.1.1.2 frequency 5 probe-count 3 timeout 2000 start now quitDeviceBBackupsystem-view sysname DeviceB interface GigabitEthernet 0/0/1 undo portswitch ip address 10.1.1.3 255.255.255.0 vrrp vrid 1 virtual-ip 10.1.1.254 vrrp vrid 1 priority 100 vrrp vrid 1 preempt-mode quit7.2 实践建议项目建议值说明Master优先级120-150预留足够的降低空间Backup优先级100默认低于Master优先级优先级降低值Master - Backup 10确保降低后低于BackupNQA检测频率5-10秒根据网络稳定性调整NQA超时时间2000-3000ms避免误判抢占延迟时间20-30秒避免频繁切换探测报文数量3-5个提高检测准确性7.3 配置检查设备支持VRRP与NQA联动功能NQA测试实例类型为ICMPNQA测试实例已启动start nowVRRP优先级配置合理Master Backup优先级降低值设置正确降低后 BackupBackup设备配置了抢占模式虚拟IP地址配置正确接口已配置为三层模式undo portswitch八、扩展应用场景8.1 多VLAN环境下的VRRPNQA联动在多VLAN环境中可以为每个VLAN配置独立的VRRP备份组并联动相同的NQA测试实例# VLAN 10 interface Vlanif 10 ip address 192.168.10.1 255.255.255.0 vrrp vrid 1 virtual-ip 192.168.10.254 vrrp vrid 1 priority 120 vrrp vrid 1 track nqa admin nqa_vrrp reduced 40 # VLAN 20 interface Vlanif 20 ip address 192.168.20.1 255.255.255.0 vrrp vrid 2 virtual-ip 192.168.20.254 vrrp vrid 2 priority 120 vrrp vrid 2 track nqa admin nqa_vrrp reduced 408.2 与路由联动结合使用可以将VRRP与路由联动结合实现更复杂的故障检测# VRRP与路由联动 vrrp vrid 1 track ip route 10.1.1.0 255.255.255.0 reduced 30 # VRRP与NQA联动同时配置 vrrp vrid 1 track nqa admin nqa_vrrp reduced 40