VSD Group Configuration

A VSD group is a set of physical devices that collectively comprise a single VSD. One physical device acts as the master of the VSD group. The virtual security interface (VSI) of the VSD is bound to the physical interface of the master. The other physical device acts as the backup.

To configure a VSD group

  1. Enter the necessary information:

Group ID: Enter a value from 0 to 7 to identify the VSD group.

Note: By default, when you enable NSRP, the device creates VSD group 0 and makes all existing interfaces virtual security interfaces (VSIs) of this VSD group.

Priority: Enter a number from 1 to 255. devices in an NSRP configuration require both master and backup units. The system with the better priority number (closer to 1) becomes the master. You can either use priority numbers to designate one device as master and the others as backups, or you can leave the priority number at its default (100) and let the VSD group members elect a master automatically.

Enable Preempt: Enable the preempt option for a device that you want to be master of the VSD group. Normally, that device also has the better priority number (closer to 1). In the event of a failover resulting in the new master having a lower priority than the previous master, when the previous master—with the preempt option set—becomes operable and eligible again, it automatically regains mastership of the VSD group.

Preempt Hold-Down Time (sec): Enter an amount of time from 0 to 600 seconds. Using the hold-down time to delay a failover ensures that surrounding network devices have sufficient time to negotiate new links before the new master takes over.

Status: (Read-only)The member of a VSD group can be in one of six states:

Master  – The state of a VSD group member that processes traffic sent to the VSI.

Primary Backup – The state of a VSD group member that becomes the master should the current master step down. The election process uses device priorities to determine which member to promote. Note that when electing a new master, an RTO peer has precedence over any other VSD group member, even if that member has a higher priority rating.

Backup – The state of a VSD group member that monitors the status of the primary backup and elects one of the backup devices to primary backup if the current one steps down.

Initial – The transient state of a VSD group member while it joins a VSD group, either when the device boots up or when it is added via the set nsrpvsd-group id <id_num> command.

Ineligible – The state that an administrator purposefully assigns to a VSD group member so that it cannot participate in the election process.

Inoperable – The state of a VSD group member after a system check determines that the device has an internal problem (such as no processing boards) or a network connection problem (such as when an interface link fails).

Not defined The device is not a member of a VSD group.

  1. Click OK to save your configuration.