(Optional) Optimizing a VRRP6 Group

To optimize a VRRP6 group, enable the ping to a virtual IPv6 address, set the interval at which the master device in the group sends NA packets, and disable a device from checking the hop count in received VRRP6 Advertisement packets.

Context

Table 1 describes VRRP6 group optimization functions.

**Table 1** VRRP6 group optimization functions
Function Item	Description
Enabling the ping to a virtual IPv6 address	Hosts can ping the virtual IPv6 address of a VRRP6 group configured on routers. This function can be used to monitor the connectivity of links between hosts and a gateway.
Disabling a device from checking the hop count in received VRRP6 Advertisement packets	A VRRP6-enabled device checks the hop count in received VRRP6 Advertisement packets. If the hop count in a VRRP6 Advertisement packet is not 255, the device discards the packet. If different vendors' devices are used on a network, checking the hop count in received VRRP6 Advertisement packets may cause a device to incorrectly discard packets. To prevent this issue, disable the device from checking the hop count in received VRRP6 Advertisement packets, implementing interworking between different vendors' devices.
Specifying a mode that the master device uses to send ND packets	A QinQ termination sub-interface sends ND packets with two tags and the inner tag is a range of VLAN IDs. To ensure that switches connected to users learn the correct MAC address of the VRRP6 group, the VRRP6 group on the QinQ termination sub-interface sends ND packets to all VLANs identified by inner VLAN IDs. This increases the burden on the VRRP6-enabled device. To release the burden, the VRRP6-enabled device can be configured to send ND packets carrying only the minimal inner VLAN ID.
Configuring a device to calculate a VRRP6 packet's checksum based on the content excluding the IPv6 pseudo header	After a Huawei device receives a VRRP6 packet, it calculates the packet's checksum based on the content including the IPv6 pseudo header. However, a non-Huawei device may calculate the packet's checksum based on the content excluding the IPv6 pseudo header. As a result, VRRP negotiation between the Huawei and non-Huawei devices may fail. To resolve this issue, run the vrrp6 checksum exclude pseudo-header command to configure the Huawei device to calculate the packet's checksum based on the content excluding the IPv6 pseudo header.

Procedure

Enable the ping to a virtual IPv6 address.
1. Run system-view
  The system view is displayed.
2. Run vrrp virtual-ip ping enable
  The ping to a virtual IPv6 address is enabled.
  
  This command needs to be run only when the ping to a virtual IPv6 address is disabled.
  
  After the ping function is enabled, a device on an external network can ping a virtual IPv6 address. This function exposes the device to ICMPv6 attacks. The undo vrrp virtual-ip ping enable command can be used to disable the ping function.
3. Run commit
  The configuration is committed.
Disable a device from checking the hop count in received VRRP6 Advertisement packets.
1. Run system-view
  The system view is displayed.
2. Run interface interface-type interface-number
  The view of the interface on which the VRRP6 group is configured is displayed.
3. Run vrrp6 un-check hop-limit
  The device is disabled from checking the hop count in received VRRP6 Advertisement packets.
  
  To enable a device to check the hop count in received VRRP6 Advertisement packets, run the undo vrrp6 un-check hop-limit command.
4. Run commit
  The configuration is committed.
Specify a mode that the master device uses to send ND packets.
1. Run system-view
  The system view is displayed.
2. Run interface interface-type interface-number.sub-interface-number
  The view of an Ethernet sub-interface or Eth-Trunk sub-interface that is configured with QinQ VLAN tag termination is displayed.
3. Run vrrp6 nd send-mode simple
  The QinQ termination sub-interface in the Master state is configured to send ND packets carrying the outer VLAN ID and the minimal inner VLAN ID.
4. Run vrrp gratuitous-arp timeout time
  The interval at which the master device sends a gratuitous ND packet is set.
5. Run commit
  The configuration is committed.
Configure a device to calculate a VRRP6 packet's checksum based on the content excluding the IPv6 pseudo header.
1. Run system-view
  The system view is displayed.
2. Run vrrp6 checksum exclude pseudo-header
  The device is configured to calculate a VRRP6 packet's checksum based on the content excluding the IPv6 pseudo header.
3. Run commit
  The configuration is committed.