OcNOS-RON-6.3.1 : Layer 3 Guide : Virtual Router Redundancy Protocol Configuration Guide : VRRP Configuration : Interface Tracking
Interface Tracking
The need for VRRP Interface Tracking arose because VRRPv3 was unable to track the gateway interface status. The VRRP Interface Tracking feature provides dynamic failover of an entire circuit, in the event that one member of the group fails. It introduces the concept of a circuit, where two or more Virtual Routers on a single system can be grouped. In the event that a failure occurs, and one of the Virtual Routers performs the Master to Backup transition, the other Virtual Routers in the group are notified, and are forced into the Master to Backup transition, so that both incoming and outgoing packets are routed through the same gateway router, eliminating the problem for Firewall/NAT environments.
Note: VRRP Interface Tracking feature allows you to track the state of an upstream Interface and update the VRRP router priority accordingly. Up to 5 interfaces can be tracked per VRRP session for upstream interfaces and Interface tracking will be disabled when the session is the owner of the VIP.
To configure VRRP Interface Tracking, each circuit is configured to have a corresponding priority-delta value, which is passed to VRRP when a failure occurs. The priority of each Virtual Router on the circuit is decremented by the priority-delta value, causing the VR Master to VR Backup transition.
In this example, two routers, R1 and R2, are configured as backup routers with different priorities. The priority-delta value is configured to be greater than the difference of both the priorities. R1 is configured to have a priority of 150, and R2 has a priority of 50. R1, with a greater priority, is the Virtual Router Master. The priority-delta value is 110, greater than 100 (150 minus 50). On R1, when the external interface xe41, xe50/1 and xe50/2 fails, the priority of R1 becomes 40 (150 minus 110). Since R2 has a greater priority (50) than R1, R2 becomes the VR Master, and routing of packages continues without interruption. When this VR Backup (R1) is up again, it regains its original priority (150), and becomes the VR Master again.
Topology
Figure 1-19: VRRP Interface Tracking
R1
 
(config)#configure terminal
Enter the Configure mode.
(config)#bridge 1 protocol rstp vlan-bridge
Create a RSTP VLAN aware bridge.
(config)#vlan 1001-1002 bridge 1
Create VLAN 1001,1002 and map it to bridge 1.
(config)#interface xe29
Enter interface mode.
(config-if)#switchport
Configure switch port.
(config-if)#bridge-group 1 spanning-tree disable
Configure bridge group to l2 interface with spanning-tree Disable.
(config-if)#switchport mode trunk
Configure switch port mode as trunk.
(config-if)#switchport trunk allowed vlan add 1001,1002
Allow vlan 1001 ,1002 on the interface.
(config-if)#interface vlan1.1001
Enter the vlan interface
(config-if)#ip address 10.1.1.2/24
Configure ipv4 address
(config-if)#ipv6 address 1000:1::2/32
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#exit
Exit the interface mode
(config)#router vrrp 1 vlan1.1001
Create a new ipv4 VRRP instance for interface vlan1.1001
(config-router)#virtual-ip 10.1.1.1
Set the virtual IP address for the VRRP session
(config-router)#priority 150
Configure the priority to 150
(config-router)#circuit-failover xe41 70
Configure the priority-delta value to be 70. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#circuit-failover xe50/1 10
Configure the priority-delta value to be 10. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#circuit-failover xe50/2 30
Configure the priority-delta value to be 10. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters.
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the configuration on the node
(config-router)#exit
Exit the router mode.
(config)#router ipv6 vrrp 1 vlan1.1001
Create a new ipv6 VRRP instance for interface vlan1.1001.
(config-router)#virtual-ipv6 fe80::1
Set the virtual IPv6 address for the VRRP session.
(config-router)#priority 150
Configure the priority to 150
(config-router)#circuit-failover xe41 70
Configure the priority-delta value to be 70. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#circuit-failover xe50/1 10
Configure the priority-delta value to be 10. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#circuit-failover xe50/2 30
Configure the priority-delta value to be 10. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the configuration on the node
(config-router)#exit
Exit the router mode
(config)#interface xe50/1
Enter interface mode
(config-if)#ip address 20.1.1.1/24
Configure ipv4 address
(config-if)#ipv6 address 2000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#interface xe50/2
Enter interface mode
(config-if)#ip address 30.1.1.1/24
Configure ipv4 address
(config-if)#ipv6 address 3000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#interface xe41
Enter interface mode
(config-if)#ip address 60.1.1.1/24
Configure ipv4 address
(config-if)#ipv6 address 6000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#commit
Commit the configuration on the node
(config-if)#exit
Exit interface and configure mode
R2
 
(config)#bridge 1 protocol rstp vlan-bridge
Create a RSTP VLAN aware bridge with bridge-id.
(config)#vlan 1001-1002 bridge 1
Create VLAN 1001,1002 and map it to bridge 1
(config)#interface xe31
Enter interface mode
(config-if)#switchport
Configure switch port
(config-if)#bridge-group 1 spanning-tree disable
Configure bridge group to l2 interface with spanning-tree
Disable
(config-if)#switchport mode trunk
Configure switch port mode as trunk
(config-if)#switchport trunk allowed vlan add 1001,1002
Allow vlan 1001 ,1002 on the interface
(config-if)#interface vlan1.1001
Enter the vlan interface
(config-if)#ip address 10.1.1.3/24
Configure ipv4 address
(config-if)#ipv6 address 1000:1::3/32
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#commit
Commit the configuration on the node
(config-if)#exit
Exit interface mode
(config)#router vrrp 1 vlan1.1001
Create a router ipv4 VRRP instance for interface vlan1.1001.
(config-router)#virtual-ip 10.1.1.1
Set the virtual IP address for the VRRP session.
(config-router)#priority 50
Configure the priority to 50 (less than 150), because R2 is the VR Backup router.
(config-router)#v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters.
(config-router)#enable
Enable the VRRP session
(config-router)#commit
Commit the configuration on the node
(config-router)#exit
Exit the router mode
(config)#router ipv6 vrrp 1 vlan1.1001
Create a router ipv6 VRRP ipv6 instance for interface vlan1.1001.
(config-router)#virtual-ipv6 fe80::1
Set the virtual IPv6 address for the VRRP session.
(config-router)#priority 50
Configure the priority to 50 (less than 150), because R2 is the VR Backup router.
(config-router)#commit
Commit the configuration on the node
(config-router)#exit
Exit the router mode
(config)#interface xe41
Enter interface mode
(config-if)#ip address 80.1.1.1/24
Configure ipv4 address
(config-if)#ipv6 address 8000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#interface xe42
Enter interface mode
(config-if)#ip address 90.1.1.1/24
Enter the tracked interface
(config-if)#ipv6 address 9000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#commit
Commit the configuration on the node
(config-if)#exit
Exit interface and configure mode
Validation
R1# show vrrp 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv4
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Master
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.2
Operational master IP address: 10.1.1.2
Configured priority: 150, Current priority: 150
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 1 minutes 12 seconds (7200 centi sec)
Master uptime: 0 hours 2 minutes 34 seconds (15400 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Monitored circuit: xe41, Priority Delta: 70, Status: UP
Monitored circuit: xe50/1, Priority Delta: 10, Status: UP
Monitored circuit: xe50/2, Priority Delta: 30, Status: UP
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface vlan1.1001: JOINED V
2-Compatible: TRUE
 
R1#
R2#show vrrp 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv4
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Backup
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.3
Operational master IP address: 10.1.1.2
Priority is 50
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 7 hours 52 minutes 53 seconds (2837300 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface vlan1.1001: JOINED
V2-Compatible: TRUE
 
R2#
R1#show vrrp ipv6 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv6
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Master
Virtual IP address: fe80::1 (Not-owner)
Virtual MAC address is 0000.5e00.0201
Operational primary IP address: fe80::ba6a:97ff:fe3c:de9d
Operational master IP address: fe80::ba6a:97ff:fe3c:de9d
Configured priority: 150, Current priority: 150
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 3 minutes 54 seconds (23400 centi sec)
Master uptime: 0 hours 2 minutes 34 seconds (15400 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Monitored circuit: xe41, Priority Delta: 70, Status: UP
Monitored circuit: xe50/1, Priority Delta: 10, Status: UP
Monitored circuit: xe50/2, Priority Delta: 30, Status: UP
Multicast membership on IPv6 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R1#
R2#show vrrp ipv6 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv6
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Backup
Virtual IP address: fe80::1 (Not-owner)
Virtual MAC address is 0000.5e00.0201
Operational primary IP address: fe80::82a2:35ff:fe35:135f
Operational master IP address: fe80::ba6a:97ff:fe3c:de9d
Priority is 50
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 7 hours 55 minutes 11 seconds (2851100 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv6 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R2#
After shut down of all tracked interfaces (xe50/1, xe50/2 and xe41) in R1:
R1#show vrrp 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv4
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Backup
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.2
Operational master IP address: 10.1.1.3
Configured priority: 150, Current priority: 40
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 7 minutes 46 seconds (46600 centi sec)
Skew time: 84 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Monitored circuit: xe41, Priority Delta: 70, Status: DOWN
Monitored circuit: xe50/1, Priority Delta: 10, Status: DOWN
Monitored circuit: xe50/2, Priority Delta: 30, Status: DOWN
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface vlan1.1001: JOINED
V2-Compatible: TRUE
R1#
R2#show vrrp 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv4
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Master
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.3
Operational master IP address: 10.1.1.3
Priority is 50
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 7 hours 57 minutes 41 seconds (2866100 centi sec)
Master uptime: 0 hours 2 minutes 34 seconds (15400 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv4 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R2#
R1#show vrrp ipv6 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv6
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Backup
Virtual IP address: fe80::1 (Not-owner)
Virtual MAC address is 0000.5e00.0201
Operational primary IP address: fe80::ba6a:97ff:fe3c:de9d
Operational master IP address: fe80::82a2:35ff:fe35:135f
Configured priority: 150, Current priority: 40
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 8 minutes 43 seconds (52300 centi sec)
Skew time: 84 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Monitored circuit: xe41, Priority Delta: 70, Status: DOWN
Monitored circuit: xe50/1, Priority Delta: 10, Status: DOWN
Monitored circuit: xe50/2, Priority Delta: 30, Status: DOWN
Multicast membership on IPv6 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R1#
R2#show vrrp ipv6 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv6
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Master
Virtual IP address: fe80::1 (Not-owner)
Virtual MAC address is 0000.5e00.0201
Operational primary IP address: fe80::82a2:35ff:fe35:135f
Operational master IP address: fe80::82a2:35ff:fe35:135f
Priority is 50
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 7 hours 59 minutes 4 seconds (2874400 centi sec)
Master uptime: 0 hours 2 minutes 34 seconds (15400 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv6 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R2#
Last modified date: 07-13-2023