OcNOS-SP : Layer 3 Guide : Virtual Router Redundancy Protocol Configuration Guide : VRRP Configuration
VRRP Configuration
This chapter provides an overview of Virtual Router Redundancy Protocol (VRRP) and its implementation with OcNOS. VRRP eliminates the risk of a single point of failure inherent in a static default routing environment. It specifies an election protocol that dynamically assigns responsibility for a virtual router to one of the VRRP routers on a LAN. One of the major advantages of VRRP is that it makes default path available without requiring configuration of dynamic routing on every end-host.
OcNOS only supports VRRP protocol version 3.
For complete information about MC-LAG configuration with Intra-domain-Link (IDL), refer to Configuration and Intra-domain-peer (IDP), refer to Configuration in OcNOS Layer 2 Config Guide.
Terminology
Terms related to VRRP configuration are defined in the table below.
 
Backup Router
The VRRP router that is backing up an IP address. It assumes forwarding responsibility for the virtual IP address if the Master fails.
Critical IP
The IP address that a VRRP router sends/receives messages on for a particular session.
IP Address Owner
The VRRP Router that has the virtual router's IP address(es) as real interface address(es). This is the router that, when up, will respond to packets addressed to one of these IP addresses for ICMP pings, TCP connections, and so on
Master Router
The VRRP router that owns the IP address (i.e., is being backed up), and which is the default router for forwarding for that IP address.
Virtual IP
The IP address that is being backed up by a VRRP session.
Virtual Router
A router managed by VRRP that acts as a default router for hosts on a shared LAN. It consists of a Virtual Router Identifier and a set of associated IP addresses across a common LAN. A VRRP Router might backup one or more virtual routers.
VRRPv2 Router
A router running the Virtual Router Redundancy Protocol version 2. It might participate in one or more virtual routers.
VRRPv3 Router
A router running the Virtual Router Redundancy Protocol version 3. It might participate in one or more virtual routers.
VRRP Process
Typically, end hosts are connected to the enterprise network through a single router (first-hop router) that is in the same Local Area Network (LAN) segment. The most popular method of configuration is for the end hosts to configure statically this router as their default gateway. This minimizes configuration and processing overhead. As shown in Figure 1-173, the problem with this configuration is that it produces a single point of failure if this first-hop router fails.
VRRP Process - First-Hop Not Reachable
The Virtual Router Redundancy Protocol attempts to solve this problem by introducing the concept of a virtual router, composed of two or more VRRP routers on the same subnet as shown in Figure 1-174. The concept of a virtual IP address is also introduced, which is the address that end hosts configure as their default gateway. One of the routers called the “Master” forwards packets on behalf of this IP address.
VRRP Process - Master and Backup VR
As shown in Figure 1-175, if the Master router fails, one of the other routers (Backup) assumes forwarding responsibility for it.
VRRP Process - Master Down and Backup Takeover
At first glance, the configuration in might not seem very useful, as it doubles the cost, and leaves one router idle at all times. This, however, can be avoided by creating two virtual routers and splitting the traffic between them.
Note: Adding a default route in the kernel on the interface that is used for VRRP might cause loss of network connectivity. According to the VRRP guidelines, when the VRRP session changes, the MAC address for the machine that attains the master state also changes. The change causes the default route from the kernel to disappear and leads to loss of connectivity. To avoid this situation, add the default route in the NSM and not in the kernel. This ensures that the default route remains on the machine across changes in the VRRP state.
To add default route through NSM, run the following command in NSM:
ip route 0.0.0.0/0 <IPADDRESS>
where <IPADDRESS> is the IP address of the default gateway.
One Virtual Router
In this configuration, the end-hosts install a default route to the IP address of virtual router 1(VRID = 1), and both routers R1 and R2 run VRRP. R1 is configured to be the Owner for virtual router 1 (VRID = 1) and R2 as a Backup for virtual router 1. If R1 fails, R2 will take over virtual router 1 and its IP addresses, and provide uninterrupted service for the hosts. Configuring only one virtual router doubles the cost, and leaves R2 idle at all times.
Topology
VRRP with One Virtual Router
R1
 
#configure terminal
Enter the Configure mode.
(config)#router vrrp 1 eth2
Create a VRRP instance for interface eth2.
(config-router)#virtual-ip 10.10.10.50 owner
Set the virtual IP address for the VRRP session. Define the default state (owner) of the VRRP router within the virtual router.
(config-router)#preempt-mode true
Set the preempt mode to specify that the highest priority will function as a backup to master when master is unavailable.
(config-router)#advertisement-interval 100
Configure the advertisement interval to 100 centi seconds (value must be a multiple of 5).
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
R2
 
#configure terminal
Enter the Configure mode.
(config)#router vrrp 1 eth2
Create a VRRP instance for interface eth2.
(config-router)#virtual-ip 10.10.10.50
Set the virtual IP address for the VRRP session.
(config-router)#priority 200
Configure the priority to 200 (less than 255), because R2 is the Backup router.
(config-router)#preempt-mode true
Set the preempt mode to specify that the highest priority will function as a backup to master when master is unavailable.
(config-router)#advertisement-interval 100
Configure the advertisement interval to 100 centi seconds (value must be a multiple of 5).
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
Validation
DUT
#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility enabled
 
Address family IPv4
VRRP Id: 1 on interface: vlan1.1000
State: AdminUp - Master
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.2
Operational master IP address: 10.1.1.2
Priority is 100
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 1 minutes 52 seconds (11200 centi sec)
Master uptime: 0 hours 0 minutes 21 seconds (2100 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv4 interface vlan1.1000: JOINED
V2-Compatible: TRUE
SD-1
#show vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: eth2
State: AdminUp - Backup
Virtual IP address: 10.10.10.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.10.10.40
Operational master IP address: 10.10.10.50
Priority is 90
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 0 minutes 29 seconds (2900 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth2: JOINED
V2-Compatible: TRUE
Two Virtual Routers
In the previous, one virtual router example, R2 is not backed up by R1. This example illustrates how to back up R2 by configuring a second virtual router. In this configuration, R1 and R2 are two virtual routers, and the hosts split their traffic between R1 and R2. R1and R2 functions as backups for each other.
Topology
Configuring VRRP with Two Virtual Routers
R1
 
#configure terminal
Enter the Configure mode.
(config)#router vrrp 1 xe1
Create a VRRP instance for interface xe1.
(config-router)#virtual-ip 10.10.10.81 owner
Set the virtual IP address for the VRRP session. Define the default state (owner) of the VRRP router within the virtual router.
(config-router)#preempt-mode true
Set the preempt mode to specify that the highest priority will function as a backup to master when master is unavailable.
(config-router)#advertisement-interval 100
Configure the advertisement interval to 100 centi seconds (value must be a multiple of 5).
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session 1 on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode and enter the Configure mode.
(config)#router vrrp 2 xe1
Create a VRRP instance for interface xe1.
(config-router)#virtual-ip 10.10.10.82
Set the virtual IP address for the VRRP session.
(config-router)#priority 200
Configure the priority to 200 (less than 255), because R2 is the Backup router.
(config-router)#preempt-mode true
Set the preempt mode to specify that the highest priority will function as a backup to master when master is unavailable.
(config-router)#advertisement-interval 100
Configure the advertisement interval to 100 centi seconds (value must be a multiple of 5).
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session two on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
R2
 
#configure terminal
Enter the Configure mode.
(config)#router vrrp 1 xe1
Create a VRRP instance for interface xe1.
(config-router)#virtual-ip 10.10.10.81
Set the virtual IP address for the VRRP session.
(config-router)#priority 200
Configure the priority to 200 (less than 255), because R2 is the Backup router.
(config-router)#preempt-mode true
Set the preempt mode to specify that the highest priority will function as a backup to master when master is unavailable.
(config-router)#advertisement-interval 100
Configure the advertisement interval to 100 centi seconds (value must be a multiple of 5).
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session 1 on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit the Router mode and enter the Configure mode.
(config)#router vrrp 2 xe1
Create a VRRP instance for interface xe1
(config-router)#virtual-ip 10.10.10.82 owner
Set the virtual IP address for the VRRP session. Define the default state (owner) of the VRRP router within the virtual router.
(config-router)#preempt-mode true
Set the preempt mode to specify that the highest priority will function as a backup to master when master is unavailable.
(config-router)#advertisement-interval 100
Configure the advertisement interval to 100 centi seconds (value must be a multiple of 5).
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session two on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
Validation
The following outputs on R1and R2 display the complete configuration for each session on R1 and R2. In session one, R1 is the master router, and in session two R2 is the master router.
R1
R1#sh vrrp 1 eth1 VRRP Version: 3 VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: xe1
State: AdminUp - Master
Virtual IP address: 10.10.10.81 (Owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.10.10.81
Operational master IP address: 10.10.10.81
Priority is 255
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 1 minutes 25 seconds (8500 centi sec)
Master uptime: 0 hours 1 minutes 18 seconds (7800 centi sec)
Accept mode: FALSE Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth1: JOINED V2-Compatible: TRUE
 
R1#sh vrrp 2 eth1 VRRP Version: 3 VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 2 on interface: xe1
State: AdminUp - Backup
Virtual IP address: 10.10.10.82 (Not-owner)
Virtual MAC address is 0000.5e00.0102
Operational primary IP address: 10.10.10.81
Operational master IP address: 10.10.10.82 Priority is 200
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 2 minutes 3 seconds (12300 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: FALSE Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth1: JOINED V2-Compatible: TRUE
 
R2
R2#sh vrrp 1 eth1 VRRP Version: 3 VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: xe1
State: AdminUp - Backup
Virtual IP address: 10.10.10.81 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.10.10.82
Operational master IP address: 10.10.10.81
Priority is 200
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 0 minutes 37 seconds (3700 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: FALSE Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth1: JOINED
V2-Compatible: TRUE
 
R2#sh vrrp 2 eth1 VRRP Version: 3 VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 2 on interface: xe1
State: AdminUp - Master
Virtual IP address: 10.10.10.82 (Owner)
Virtual MAC address is 0000.5e00.0102
Operational primary IP address: 10.10.10.82
Operational master IP address: 10.10.10.82 Priority is 255
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 0 minutes 12 seconds (1200 centi sec)
Master uptime: 0 hours 1 minutes 18 seconds (7800 centi sec)
Accept mode: FALSE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth1: JOINED
V2-Compatible: TRUE
 
R2#
Two Backup Routers
In this configuration, Host B could be a gateway router. As such, interface eth1 on Routers R1, R2, and R3, and the gateway router, would run the IGP protocol.
Topology
Configuring VRRP with Two Backup Routers
R1
 
#configure terminal
Enter the Configure mode.
(config)#interface eth2
Enter interface mode for eth2.
(config-if)#ip address 2.2.2.1/24
Configure the IP address for interface eth2 to be in network 0.
(config-if)#commit
Commit the candidate configuration to the running configuration.
(config-if)#exit
Exit interface mode.
(config)#interface eth1
Enter interface mode for eth1.
(config-if)#ip address 1.1.1.1/24
Configure the IP address for interface eth1 to be in network 1.
(config-if)#commit
Commit the candidate configuration to the running configuration.
(config-if)#exit
Exit interface mode.
(config)#router vrrp 1 eth2
Create a VRRP instance for interface eth2.
(config-router)#virtual-ip 2.2.2.1 owner
Configure R1 as the owner.
(config-router)#advertisement-interval 100
Configure the default value for the advertisement interval. The configurable range is 5 to 4095 centi seconds (value must be a multiple of 5).
(config-router)#preempt-mode true
Set true as the default value for the field.
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
R2
 
#configure terminal
Enter the Configure mode.
(config)#interface eth2
Enter interface mode for eth2.
(config-if)#ip address 2.2.2.2/24
Configure the IP address for interface eth2 to be in network 0.
(config-if)#commit
Commit the candidate configuration to the running configuration.
(config-if)#exit
Exit interface mode.
(config)#interface eth1
Enter interface mode for eth1.
(config-if)#ip address 1.1.1.2/24
Configure the IP address for interface eth1 to be in network 1.
(config-if)#commit
Commit the candidate configuration to the running configuration.
(config-if)#exit
Exit interface mode.
(config)#router vrrp 1 eth2
Create a VRRP instance for interface eth2.
(config-router)#virtual-ip 2.2.2.1
Configure R2 as the backup.
(config-router)#advertisement-interval 100
Configure the default value for the advertisement interval. The configurable range is 5 to 4095 centi seconds (value must be a multiple of 5).
(config-router)#priority 100
Set the default value for the backup router.
(config-router)#preempt-mode true
Set true as the default value for the field.
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
R3
 
#configure terminal
Enter the Configure mode.
(config)#interface eth2
Enter interface mode for eth2.
(config-if)#ip address 2.2.2.3/24
Configure the IP address for interface eth2 to be in network 0.
(config-if)#commit
Commit the candidate configuration to the running configuration.
(config-if)#exit
Exit interface mode.
(config)#interface eth1
Enter interface mode for eth1.
(config-if)#ip address 1.1.1.3/24
Configure the IP address for interface eth1 to be in network 1.
(config-if)#commit
Commit the candidate configuration to the running configuration.
(config-if)#exit
Exit interface mode.
(config)#router vrrp 1 eth2
Create a VRRP instance for interface eth2.
(config-router)#virtual-ip 2.2.2.1
Configure R3 as the backup.
(config-router)#advertisement-interval 100
Configure the default value for the advertisement interval. The configurable range is 5 to 4095 centi seconds (value must be a multiple of 5).
(config-router)#priority 254
Configure the priority for R3. The configurable range is 1-255.
(config-router)#preempt-mode true
Set true as the default value for the field.
(config-router)# v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
Validation
Router 1
R1#show vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: eth2
State: AdminUp - Master
Virtual IP address: 2.2.2.1 (Owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 2.2.2.1
Operational master IP address: 2.2.2.1
Priority is 255
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 9 minutes 6 seconds (54600 centi sec)
Master uptime: 0 hours 1 minutes 18 seconds (7800 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth2: JOINED
V2-Compatible: TRUE
Router 2
R2#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: eth2
State: AdminUp - Backup
Virtual IP address: 2.2.2.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 2.2.2.2
Operational master IP address: 2.2.2.1
Priority is 100
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 11 minutes 28 seconds (68800 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth2: JOINED
V2-Compatible: TRUE
Router 3
R3#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: eth2
State: AdminUp - Backup
Virtual IP address: 2.2.2.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 2.2.2.3
Operational master IP address: 2.2.2.1
Priority is 254
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 14 minutes 23 seconds (86300 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth2: JOINED
V2-Compatible: TRUE
Ping Output at Host A
HOSTA#ping 1.1.1.5
Press CTRL+C to exit
PING 1.1.1.5 (1.1.1.5) 56(84) bytes of data.
64 bytes from 1.1.1.5: icmp_seq=1 ttl=63 time=1.40 ms
64 bytes from 1.1.1.5: icmp_seq=2 ttl=63 time=1.09 ms
Disabling the Master/Owner
 
#configure terminal
Enter the Configure mode.
(config)#router vrrp 1 eth2
Create a VRRP instance for interface eth2.
(config-router)#disable
Disable the VRRP session.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
Output After Disabling the Master
Router 1
R1#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: eth2
State: AdminDown - Init (admin state down)
Virtual IP address: 2.2.2.1 (Owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 2.2.2.1
Operational master IP address: 2.2.2.1
Priority is 255
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 0 minutes 0 seconds (0 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth2: LEFT
V2-Compatible: TRUE
Router 3
R3#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: eth2
State: AdminUp - Master
Virtual IP address: 2.2.2.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 2.2.2.3
Operational master IP address: 2.2.2.3
Priority is 254
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 40 minutes 55 seconds (245500 centi sec)
Master uptime: 0 hours 1 minutes 18 seconds (7800 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface eth2: JOINED
V2-Compatible: TRUE
 
HOSTA#ping 1.1.1.5
Press CTRL+C to exit
PING 1.1.1.5 (1.1.1.5) 56(84) bytes of data.
64 bytes from 1.1.1.5: icmp_seq=1 ttl=63 time=1.40 ms
64 bytes from 1.1.1.5: icmp_seq=2 ttl=63 time=1.09 m
Interface Tracking
The need for VRRP Interface Tracking arose because VRRPv3 was unable to track the gateway interface status. The VRRP Interface Tracking feature provides dynamic failover of an entire circuit, in the event that one member of the group fails. It introduces the concept of a circuit, where two or more Virtual Routers on a single system can be grouped. In the event that a failure occurs, and one of the Virtual Routers performs the Master to Backup transition, the other Virtual Routers in the group are notified, and are forced into the Master to Backup transition, so that both incoming and outgoing packets are routed through the same gateway router, eliminating the problem for Firewall/NAT environments.
Note: VRRP Interface Tracking feature allows you to track the state of an upstream Interface and update the VRRP router priority accordingly. Up to 5 interfaces can be tracked per VRRP session for upstream interfaces and Interface tracking will be disabled when the session is the owner of the VIP.
To configure VRRP Interface Tracking, each circuit is configured to have a corresponding priority-delta value, which is passed to VRRP when a failure occurs. The priority of each Virtual Router on the circuit is decremented by the priority-delta value, causing the VR Master to VR Backup transition.
In this example, two routers, R1 and R2, are configured as backup routers with different priorities. The priority-delta value is configured to be greater than the difference of both the priorities. R1 is configured to have a priority of 150, and R2 has a priority of 50. R1, with a greater priority, is the Virtual Router Master. The priority-delta value is 110, greater than 100 (150 minus 50). On R1, when the external interface xe41, xe50/1 and xe50/2 fails, the priority of R1 becomes 40 (150 minus 110). Since R2 has a greater priority (50) than R1, R2 becomes the VR Master, and routing of packages continues without interruption. When this VR Backup (R1) is up again, it regains its original priority (150), and becomes the VR Master again.
Topology
VRRP Interface Tracking
R1
 
(config)#configure terminal
Enter the Configure mode.
(config)#bridge 1 protocol rstp vlan-bridge
Create a RSTP VLAN aware bridge.
(config)#vlan 1001-1002 bridge 1
Create VLAN 1001,1002 and map it to bridge 1.
(config)#interface xe29
Enter interface mode.
(config-if)#switchport
Configure switch port.
(config-if)#bridge-group 1 spanning-tree disable
Configure bridge group to l2 interface with spanning-tree Disable.
(config-if)#switchport mode trunk
Configure switch port mode as trunk.
(config-if)#switchport trunk allowed vlan add 1001,1002
Allow vlan 1001 ,1002 on the interface.
(config-if)#interface vlan1.1001
Enter the vlan interface
(config-if)#ip address 10.1.1.2/24
Configure ipv4 address
(config-if)#ipv6 address 1000:1::2/32
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#exit
Exit the interface mode
(config)#router vrrp 1 vlan1.1001
Create a new ipv4 VRRP instance for interface vlan1.1001
(config-router)#virtual-ip 10.1.1.1
Set the virtual IP address for the VRRP session
(config-router)#priority 150
Configure the priority to 150
(config-router)#circuit-failover xe41 70
Configure the priority-delta value to be 70. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#circuit-failover xe50/1 10
Configure the priority-delta value to be 10. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#circuit-failover xe50/2 30
Configure the priority-delta value to be 10. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters.
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the configuration on the node
(config-router)#exit
Exit the router mode.
(config)#router ipv6 vrrp 1 vlan1.1001
Create a new ipv6 VRRP instance for interface vlan1.1001.
(config-router)#virtual-ipv6 fe80::1
Set the virtual IPv6 address for the VRRP session.
(config-router)#priority 150
Configure the priority to 150
(config-router)#circuit-failover xe41 70
Configure the priority-delta value to be 70. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#circuit-failover xe50/1 10
Configure the priority-delta value to be 10. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#circuit-failover xe50/2 30
Configure the priority-delta value to be 10. In case of failover, this priority-delta value is subtracted from the current VR Master.
(config-router)#enable
Enable the VRRP session on the router.
(config-router)#commit
Commit the configuration on the node
(config-router)#exit
Exit the router mode
(config)#interface xe50/1
Enter interface mode
(config-if)#ip address 20.1.1.1/24
Configure ipv4 address
(config-if)#ipv6 address 2000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#interface xe50/2
Enter interface mode
(config-if)#ip address 30.1.1.1/24
Configure ipv4 address
(config-if)#ipv6 address 3000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#interface xe41
Enter interface mode
(config-if)#ip address 60.1.1.1/24
Configure ipv4 address
(config-if)#ipv6 address 6000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#commit
Commit the configuration on the node
(config-if)#exit
Exit interface and configure mode
R2
 
(config)#bridge 1 protocol rstp vlan-bridge
Create a RSTP VLAN aware bridge with bridge-id.
(config)#vlan 1001-1002 bridge 1
Create VLAN 1001,1002 and map it to bridge 1
(config)#interface xe31
Enter interface mode
(config-if)#switchport
Configure switch port
(config-if)#bridge-group 1 spanning-tree disable
Configure bridge group to l2 interface with spanning-tree
Disable
(config-if)#switchport mode trunk
Configure switch port mode as trunk
(config-if)#switchport trunk allowed vlan add 1001,1002
Allow vlan 1001 ,1002 on the interface
(config-if)#interface vlan1.1001
Enter the vlan interface
(config-if)#ip address 10.1.1.3/24
Configure ipv4 address
(config-if)#ipv6 address 1000:1::3/32
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#commit
Commit the configuration on the node
(config-if)#exit
Exit interface mode
(config)#router vrrp 1 vlan1.1001
Create a router ipv4 VRRP instance for interface vlan1.1001.
(config-router)#virtual-ip 10.1.1.1
Set the virtual IP address for the VRRP session.
(config-router)#priority 50
Configure the priority to 50 (less than 150), because R2 is the VR Backup router.
(config-router)#v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters.
(config-router)#enable
Enable the VRRP session
(config-router)#commit
Commit the configuration on the node
(config-router)#exit
Exit the router mode
(config)#router ipv6 vrrp 1 vlan1.1001
Create a router ipv6 VRRP ipv6 instance for interface vlan1.1001.
(config-router)#virtual-ipv6 fe80::1
Set the virtual IPv6 address for the VRRP session.
(config-router)#priority 50
Configure the priority to 50 (less than 150), because R2 is the VR Backup router.
(config-router)#commit
Commit the configuration on the node
(config-router)#exit
Exit the router mode
(config)#interface xe41
Enter interface mode
(config-if)#ip address 80.1.1.1/24
Configure ipv4 address
(config-if)#ipv6 address 8000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#interface xe42
Enter interface mode
(config-if)#ip address 90.1.1.1/24
Enter the tracked interface
(config-if)#ipv6 address 9000::1/64
Configure ipv6 address
(config-if)#ipv6 router ospf area 0.0.0.0
Tag ospfv3 instance on interface with area 0
(config-if)#commit
Commit the configuration on the node
(config-if)#exit
Exit interface and configure mode
Validation
R1# show vrrp 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv4
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Master
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.2
Operational master IP address: 10.1.1.2
Configured priority: 150, Current priority: 150
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 1 minutes 12 seconds (7200 centi sec)
Master uptime: 0 hours 2 minutes 34 seconds (15400 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Monitored circuit: xe41, Priority Delta: 70, Status: UP
Monitored circuit: xe50/1, Priority Delta: 10, Status: UP
Monitored circuit: xe50/2, Priority Delta: 30, Status: UP
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface vlan1.1001: JOINED V
2-Compatible: TRUE
 
R1#
R2#show vrrp 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv4
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Backup
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.3
Operational master IP address: 10.1.1.2
Priority is 50
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 7 hours 52 minutes 53 seconds (2837300 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface vlan1.1001: JOINED
V2-Compatible: TRUE
 
R2#
R1#show vrrp ipv6 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv6
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Master
Virtual IP address: fe80::1 (Not-owner)
Virtual MAC address is 0000.5e00.0201
Operational primary IP address: fe80::ba6a:97ff:fe3c:de9d
Operational master IP address: fe80::ba6a:97ff:fe3c:de9d
Configured priority: 150, Current priority: 150
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 3 minutes 54 seconds (23400 centi sec)
Master uptime: 0 hours 2 minutes 34 seconds (15400 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Monitored circuit: xe41, Priority Delta: 70, Status: UP
Monitored circuit: xe50/1, Priority Delta: 10, Status: UP
Monitored circuit: xe50/2, Priority Delta: 30, Status: UP
Multicast membership on IPv6 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R1#
R2#show vrrp ipv6 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv6
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Backup
Virtual IP address: fe80::1 (Not-owner)
Virtual MAC address is 0000.5e00.0201
Operational primary IP address: fe80::82a2:35ff:fe35:135f
Operational master IP address: fe80::ba6a:97ff:fe3c:de9d
Priority is 50
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 7 hours 55 minutes 11 seconds (2851100 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv6 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R2#
After shut down of all tracked interfaces (xe50/1, xe50/2 and xe41) in R1:
R1#show vrrp 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv4
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Backup
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.2
Operational master IP address: 10.1.1.3
Configured priority: 150, Current priority: 40
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 7 minutes 46 seconds (46600 centi sec)
Skew time: 84 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Monitored circuit: xe41, Priority Delta: 70, Status: DOWN
Monitored circuit: xe50/1, Priority Delta: 10, Status: DOWN
Monitored circuit: xe50/2, Priority Delta: 30, Status: DOWN
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface vlan1.1001: JOINED
V2-Compatible: TRUE
R1#
R2#show vrrp 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv4
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Master
Virtual IP address: 10.1.1.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.3
Operational master IP address: 10.1.1.3
Priority is 50
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 7 hours 57 minutes 41 seconds (2866100 centi sec)
Master uptime: 0 hours 2 minutes 34 seconds (15400 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv4 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R2#
R1#show vrrp ipv6 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv6
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Backup
Virtual IP address: fe80::1 (Not-owner)
Virtual MAC address is 0000.5e00.0201
Operational primary IP address: fe80::ba6a:97ff:fe3c:de9d
Operational master IP address: fe80::82a2:35ff:fe35:135f
Configured priority: 150, Current priority: 40
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 8 minutes 43 seconds (52300 centi sec)
Skew time: 84 centi sec
Master Down Interval: 380 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Monitored circuit: xe41, Priority Delta: 70, Status: DOWN
Monitored circuit: xe50/1, Priority Delta: 10, Status: DOWN
Monitored circuit: xe50/2, Priority Delta: 30, Status: DOWN
Multicast membership on IPv6 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R1#
R2#show vrrp ipv6 1 vlan1.1001
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
Address family IPv6
VRRP Id: 1 on interface: vlan1.1001
State: AdminUp - Master
Virtual IP address: fe80::1 (Not-owner)
Virtual MAC address is 0000.5e00.0201
Operational primary IP address: fe80::82a2:35ff:fe35:135f
Operational master IP address: fe80::82a2:35ff:fe35:135f
Priority is 50
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 7 hours 59 minutes 4 seconds (2874400 centi sec)
Master uptime: 0 hours 2 minutes 34 seconds (15400 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv6 interface vlan1.1001: JOINED
V2-Compatible: FALSE
R2#
VRRP-Backward Compatibility
This section contains VRRP Backward Compatibility configuration examples.
The backward compatibility feature which implements version 3 of VRRP protocol recognizes the presence of VRRP version 2 compatible routers in the network and performs all operations normally. This support is intended for upgrade scenarios and is not recommended for permanent deployments. This should only occur when a router is transitioning from VRRPv2 to VRRPv3.
VRRP Backward Compatibility is applicable only for VRRP IPv4.
Topology
R1
 
#configure terminal
Enter the Configure mode.
(config)#interface xe1
Enter Interface configuration mode.
(config-if)#ip address 5.5.5.90/24
Configure IP address on the interface.
(config-if)#commit
Commit the candidate configuration to the running configuration.
(config-if)#exit
Exit Router mode.
(config)#router vrrp 1 xe1
Configure VRRP on DUT with Virtual router Identifier as 1 on the interface xe1.
(config-router)#virtual-ip 5.5.5.190
Configure Virtual-IP address as the interface IP address of Owner which is not actually present in the LAN.
(config-router)#v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable VRRP session on DUT.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
(config)#vrrp compatible-v2 enable
Enable VRRP-Backward compatibility feature on a VRRPv3 running router.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
R2
 
#configure terminal
Enter the Configure mode.
(config)# interface xe1
Enter Interface configuration mode.
(config-if)#ip address 5.5.5.100/24
Configure IP address on the interface.
(config-if)#commit
Commit the candidate configuration to the running configuration.
(config-if)#exit
Exit Router mode.
(config)#router vrrp 1 xe1
Configure VRRP on DUT with Virtual router Identifier as 1 on the interface xe1.
(config-router)#virtual-ip 5.5.5.190
Configure Virtual-IP address as the interface IP address of Owner which is not actually present in the LAN.
(config-router)#v2-compatible
Enable the v2-compatible
(config-router)#authentication text abcd
Configure the authentication text to specify that as simple text for vrrpv2 packets, accept only 8 characters
(config-router)#enable
Enable VRRP session on DUT.
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit Router mode.
Validation
R1
#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility enabled
 
Address family IPv4
VRRP Id: 1 on interface: xe1
State: AdminUp - Master
Virtual IP address: 5.5.5.190 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 5.5.5.90
Operational master IP address: 5.5.5.90
Priority is 100
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 2 minutes 32 seconds (15200 centi sec)
Master uptime: 0 hours 2 minutes 28 seconds (14800 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface xe1: JOINED
V2-Compatible: TRUE
R2
#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: xe1
State: AdminUp - Backup
Virtual IP address: 5.5.5.190 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 5.5.5.100
Operational master IP address: 5.5.5.90
Priority is 100
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 1 minutes 11 seconds (7100 centi sec)
Skew time: 60 centi sec
Master Down Interval: 360 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface xe1: JOINED
V2-Compatible: TRUE
 
Redundancy Using VRRP and OSPF: Two Virtual Routers
This example illustrates a configuration of two routers between two end-hosts. R1 and R2 are two virtual routers functioning as backups for each other, with VRRP running on the 10.10.12.0/24 network (LAN), and OSPF running on the 10.10.10.0/24 network (ISP).
Topology
Redundancy Using VRRP and OSPF
R3 is an OSPF router representing an OSPF network to an ISP.
R1 is the VRRP Master/OSPF router.
R2 is the VRRP Backup/OSPF router.
Host 1 is an end-host.
VRRP handles any failure of the Master’s link to the LAN. Failures in the OSPF network that could cause the Master to lose routing information would cause packets from Host 1 that are targeted for R3 to be dropped. Running VRRP on the OSPF network to create redundancy is undesirable, because doing so would cause erroneous VRRP packets to be sent to the ISP.
An alternative method to achieve redundancy is to run OSPF on the LAN side. By running OSPF on the LAN, any routing information lost by the Master would be regained from the Backup on the LAN interface, resulting in ICMP redirects to R2 for traffic received from Host 1. To reduce OSPF control traffic, R1 and R2 are configured as Area Border Routers (ABR), and the LAN is configured as a stub network to reduce LSA advertisement traffic on the LAN. Before enabling OSPF on the LAN, verify that VRRP is running with R1 as the Master and R2 as the Backup.
R1#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: vlan1.1000
State: AdminUp - Master
Virtual IP address: 10.1.1.2 (Owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.2
Operational master IP address: 10.1.1.2
Priority is 255
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 1 minutes 11 seconds (7100 centi sec)
Master uptime: 0 hours 1 minutes 11 seconds (7100 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv4 interface vlan1.1000: JOINED
V2-Compatible: FALSE
 
R2#sh vrrp
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: vlan1.1000
State: AdminUp - Backup
Virtual IP address: 10.1.1.2 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.1.1.3
Operational master IP address: 10.1.1.2
Priority is 100
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 0 minutes 38 seconds (3800 centi sec)
Skew time: 60 centi sec
Master Down Interval: 360 centi sec
Accept mode: TRUE
Preempt mode: TRUE
Multicast membership on IPv4 interface vlan1.1000: JOINED
V2-Compatible: FALSE
 
Steps to configure OSPF on the LAN are given below.
R3
 
#configure terminal
Enter the Configure mode.
(config)#router ospf 1
Configure the routing process and specify the process ID (1). The process ID should be a unique integer.
(config-router)#ospf router-id 10.10.10.181
Specify the OSPF router ID.
(config-router)#timers spf exp 0 0
Set timers to minimum time for quick convergence.
(config-router)#network 10.10.10.0/24 area 0
Define one interface (10.10.10.0/24) on which OSPF runs and associate the area ID (0).
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit router VRRP mode.
R1
 
#configure terminal
Enter the Configure mode.
(config)#router ospf 1
Configure the routing process and specify the process ID (1). The process ID should be a unique integer.
(config-router)#ospf router-id 10.10.12.6
Specify the OSPF router ID.
(config-router)#area 1 stub
Define area 1 as a stub network.
(config-router)#network 10.10.10.0/24 area 0
Define one interface (10.10.10.0/24) on which OSPF runs and associate the area ID (0).
(config-router)#network 10.10.12.0/24 area 1
Define the other interface (10.10.12.0/24) on which OSPF runs and associate the area ID (1)
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit router VRRP mode.
R2
 
#configure terminal
Enter the Configure mode.
(config)#router ospf 1
Configure the routing process, and specify the process ID (1). The process ID should be a unique integer
(config-router)#ospf router-id 10.10.12.251
Specify the OSPF router ID.
(config-router)#area 1 stub
Define area 1 as a stub network.
(config-router)#network 10.10.10.0/24 area 0
Define one interface (10.10.10.0/24) on which OSPF runs and associate the area ID (0).
(config-router)#network 10.10.12.0/24 area 1
Define the other interface (10.12.10.0/24) on which OSPF runs and associate the area ID (1)
(config-router)#commit
Commit the candidate configuration to the running configuration.
(config-router)#exit
Exit router VRRP mode.
Verification
1. Set gateway on the end-host (statically):
(root@host1)#route add -net 10.10.10.0 netmask 255.255.255.0 gw 10.10.12.6
2. Verify end-host reachability via traceroute:
(root@host1)#traceroute 10.10.10.181
traceroute to 10.10.10.181 (10.10.10.181), 30 hops max, 38 byte packets
1 10.10.12.6 (10.10.12.6) 0.835 ms 0.350 ms 0.341 ms
2 10.10.10.181 (10.10.10.181) 9.557 ms 0.572 ms 0.545 ms
3. Bring down eth2 of R1:
[root@r1 sbin]#ifconfig eth2 down
4. Verify end-host reachability via traceroute:
(root@host1)#traceroute 10.10.10.181
traceroute to 10.10.10.181 (10.10.10.181), 30 hops max, 38 byte packets
1 10.10.12.6 (10.10.12.6) 0.461 ms 0.352 ms 0.334 ms
2 10.10.12.251 (10.10.12.251) 0.425 ms 0.432 ms 0.410 ms
3 10.10.10.181 (10.10.10.181) 0.691 ms 0.639 ms 0.607 ms
5. Bring up eth2 of R1:
[root@r1 sbin]#ifconfig eth2 up
6. Verify end-host reachability via traceroute:
(root@host1)#traceroute 10.10.10.181
traceroute to 10.10.10.181 (10.10.10.181), 30 hops max, 38 byte packets
1 10.10.12.6 (10.10.12.6) 0.457 ms 0.356 ms 0.443 ms
2 10.10.10.181 (10.10.10.181) 0.698 ms 0.642 ms 0.618 ms
VRRP Over MLAG
This section contains VRRP over MLAG configuration examples.
In this configuration TOR1 and TOR2 forms the VRRP master/backup relationship over MLAG interface.
For complete information about MC-LAG configuration with Intra-domain-Link (IDL) and Intra-domain-peer (IDP), refer to Configuration and Configuration in OcNOS Layer 2 Config Guide. .
Topology
 
VRRP over MLAG
SW1
 
#config terminal
Enter the Configure mode.
(config)#hostname SW1
Assign the hostname for the router.
SW1(config)# bridge 1 protocol rstp vlan-bridge
Create bridge
SW1(config)#vlan database
Enter to VLAN database
SW1(config-vlan)#vlan 2-1002 bridge 1 state enable
Create VLANs
SW1(config-vlan)#exit
Exit the VLAN database mode
SW1(config)# int po1
Enter the interface mode
SW1(config-if)#switchport
Configure the interface as Layer 2
SW1(config-if)# bridge-group 1
Assign the bridge to the interface.
SW1(config-if)#switchport mode trunk
Configure the interface as trunk mode
SW1(config-if)#switchport trunk allowed vlan all
Configure the interface to allow all VLAN IDs
(config-if)#commit
Commit the candidate configuration to the running configuration.
SW1(config-if)#exit
Exit the interface mode
SW1(config)# int xe15
Enter the interface mode
SW1(config-if)# channel-group 1 mode active
Add the interface as member of LAG interface
SW1(config-if)# int xe31
Enter the interface mode
SW1(config-if)# channel-group 1 mode active
Add the interface as member of LAG interface
SW1(config-if)# int xe36
Enter the interface mode
SW1(config-if)#switchport
Configure the interface as Layer 2
SW1(config-if)# bridge-group 1
Assign the bridge to the interface.
SW1(config-if)#switchport mode trunk
Configure the interface as trunk mode
SW1(config-if)#switchport trunk allowed vlan all
Configure the interface to allow all VLAN IDs
SW1(config-if)#exit
Exit the interface mode
SW1(config-if)#commit
Commit the candidate configuration to the running configuration.
SW1(config-if)#exit
Exit the interface mode.
TOR1
 
#config terminal
Enter the Config terminal
(config)#hostname TOR1
Assign the hostname to the router
TOR1(config)# bridge 1 protocol rstp vlan-bridge
Configure the bridge
TOR1(config)#vlan database
Enter the VLAN database
TOR1(config-vlan)#vlan 2-1002 bridge 1 state enable
Configure VLANs
TOR1(config-vlan)#commit
Commit the candidate configuration to the running configuration.
TOR1(config-vlan)#exit
Exit the VLAN database
TOR1(config)# int po1
Enter the interface mode
TOR1(config-if)#switchport
Configure the interface as L2
TOR1(config-if)# bridge-group 1
Assign the bridge to the interface
TOR1(config-if)#switchport mode trunk
Configure the interface as trunk mode
TOR1(config-if)#switchport trunk allowed vlan all
Configure to allow all the VLANs
TOR1(config-if)#commit
Commit the candidate configuration to the running configuration.
TOR1(config-if)#exit
Exit the interface mode
TOR1(config)# int xe15
Enter the interface mode
TOR1(config-if)# channel-group 1 mode active
Assign the interface as member of LAG interface
TOR1(config-if)#exit
Exit the interface mode
TOR1(config)#interface xe7
Enter interface mode.
TOR1(config)#switchport
Configure as switchport L2 interface.
TOR1(config)#mcec domain configuration
Enter the MCEC mode
TOR1(config-mcec-domain)#domain-system-number 1
Assign the domain system number for MLAG interface.
TOR1(config-mcec-domain)#domain-address 1111.2222.3333
Assign the domain address
TOR1(config-mcec-domain)#domain-hello-timeout short
Assign the domain hello timeout
TOR1(config-mcec-domain)#intra-domain-link xe7
Assign the interface as IDL
TOR1(config-mcec-domain)#commit
Commit the candidate configuration to the running configuration.
TOR1(config-mcec-domain)#exit
Exit the MCEC domain
TOR1(config)#interface lo
Enter the interface mode
TOR1(config-if)#ip add 1.1.1.1/32 secondary
Assign IP address to the interface
TOR1(config-if)#int xe11
Enter the interface mode
TOR1(config-if)#ip add 20.20.20.1/24
Assign IP address to the interface
TOR1(config-if)#commit
Commit the candidate configuration to the running configuration.
TOR1(config-if)#exit
Exit the interface mode
TOR1(config)#router ospf 100
Configure the routing process and specify the process ID (100). The process ID should be a unique integer.
TOR1(config-router)#network 20.20.20.1/24 area 0
Add the network to the OSPF process
TOR1(config-router)#network 1.1.1.1/32 area 0
Define one interface (1.1.1.1/32) on which OSPF runs and associate the area ID (0).
TOR1(config-router)#redistribute connected
Redistribute the connected routes
TOR1(config-router)#commit
Commit the candidate configuration to the running configuration
TOR1(config-router)#exit
Exit the OSPF process
TOR1(config)#interface mlag1
Enter mlag1 interface
TOR1(config)#switchport
Configure as switchport L2 interface
TOR1(config)#bridge-group 1
Assign the bridge to the interface
TOR1(config)#switchport mode trunk
Make the interface trunk mode
TOR1(config)#switchport trunk allowed vlan all
Configure to allow all vlans
TOR1(config)#int po1
Enter the interface mode
TOR1(config-if)#mlag 1
Redistribute the connected routes
TOR1(config-if)#exit
Exit the interface mode
TOR1(config)#int vlan1.2
Enter interface mode
TOR1(config-if)#ip address 10.10.10.1/24
Assign IP address
TOR1(config-if)#exit
Exit the interface mode
TOR1(config)#router vrrp 1 vlan1.2
Create the VRRP process
TOR1(config-router)# virtual-ip 10.10.10.1 owner
Assign the virtual IP address to VRRP
TOR1(config-router)#enable
Enable the VRRP process
TOR1(config-router)#commit
Commit the candidate configuration to the running configuration.
TOR1(config-router)#exit
Exit the VRRP mode
TOR2
 
#config terminal
Enter the Config terminal
(config)#hostname TOR2
Assign the hostname to the router
TOR2(config)# bridge 1 protocol rstp vlan-bridge
Configure the bridge
TOR2(config)#vlan database
Enter the VLAN database
TOR2(config-vlan)#vlan 2-1002 bridge 1 state enable
Configure VLANs
TOR2(config-vlan)#commit
Commit the candidate configuration to the running configuration.
TOR2(config-vlan)#exit
Exit the VLAN database
TOR2(config)# int po1
Enter the interface mode
TOR2(config-if)#switchport
Configure the interface as L2
TOR2(config-if)# bridge-group 1
Assign the bridge to the interface
TOR2(config-if)#switchport mode trunk
Configure the interface as trunk mode
TOR2(config-if)#switchport trunk allowed vlan add 2
Configure to add the VLAN 2 to the receiving packet.
TOR2(config-if)#commit
Commit the candidate configuration to the running configuration.
TOR2(config-if)#exit
Exit the interface mode
TOR2(config)# int xe32
Enter the interface mode
TOR2(config-if)# channel-group 1 mode active
Assign the interface as member of LAG interface
TOR2(config-if)#exit
Exit the interface mode
TOR2(config)#interface xe7
Enter interface mode
TOR2(config)#switchport
Configure as switchport L2 interface
TOR2(config)#mcec domain configuration
Enter the MCEC mode
TOR2(config-mcec-domain)#domain-system-number 2
Assign the domain system number for MLAG interface.
TOR2(config-mcec-domain)#domain-address 1111.2222.3333
Assign the domain address
TOR2(config-mcec-domain)#domain-hello-timeout short
Assign the domain hello timeout
TOR2(config-mcec-domain)#intra-domain-link xe7
Assign the interface as IDL
TOR2(config-mcec-domain)#commit
Commit the candidate configuration to the running configuration.
TOR2(config-mcec-domain)#exit
Exit the MCEC domain
TOR2(config)#interface mlag1
Enter mlag1 interface
TOR2(config)#switchport
Configure as switchport L2 interface
TOR2(config)#bridge-group 1
Assign the bridge to the interface
TOR2(config)#switchport mode trunk
Make the interface trunk mode
TOR2(config)#switchport trunk allowed vlan all
Configure to allow all vlans
TOR2(config)# int po1
Enter the interface mode
TOR2(config-if)# mlag 1
Create the MLAG interface.
TOR2(config-if)#commit
Commit the candidate configuration to the running configuration.
TOR2(config-if)#exit
Exit the interface mode
TOR2(config)#interface lo
Enter the interface mode
TOR2(config-if)#ip add 2.2.2.2/32 secondary
Assign IP address to the interface
TOR2(config-if)#int xe5
Enter the interface mode
TOR2(config-if)#ip add 30.30.30.1/24
Assign IP address to the interface
TOR2(config-if)#commit
Commit the candidate configuration to the running configuration.
TOR2(config-if)#exit
Exit the interface mode
TOR2(config)#router ospf 100
Enter the OSPF router mode
TOR2(config-router)#network 30.30.30.1/24 area 0
Add the network to the OSPF process
TOR2(config-router)#network 2.2.2.2/32 area 0
Add the network to the OSPF process
TOR2(config-router)#redistribute connected
Redistribute the connected routes
TOR2(config-router)#commit
Commit the candidate configuration to the running configuration.
TOR2(config-router)#exit
Exit the OSPF process
TOR2(config)#int vlan1.2
Enter interface mode
TOR2(config-if)#ip address 10.10.10.2/24
Assign IP address
TOR2(config-if)#exit
Exit the interface mode
TOR2(config)#router vrrp 1 vlan1.2
Create the VRRP process
TOR2(config-router)# virtual-ip 10.10.10.1
Assign the virtual IP address to VRRP
TOR2(config-router)#enable
Enable the VRRP process
TOR2(config-router)#commit
Commit the candidate configuration to the running configuration.
TOR2(config-router)#exit
Exit the VRRP mode
SW2
 
#config terminal
Enter the Config terminal
(config)#hostname SW2
Assign the hostname to the router
SW2(config)# bridge 1 protocol rstp vlan-bridge
Configure the bridge
SW2(config)#vlan database
Enter the VLAN database
SW2(config-vlan)#vlan 2-1002 bridge 1 state enable
Configure VLANs
SW2(config-vlan)#commit
Commit the candidate configuration to the running configuration.
SW2(config-vlan)#exit
Exit the VLAN database
SW2(config)# int xe11
Enter the interface mode
SW2(config-if)#ip address 20.20.20.2/24
Assign IP address to the interface
SW2(config-if)# int xe5
Enter the interface mode
SW2(config-if)#ip address 30.30.30.2/24
Assign IP address to the interface
SW2(config-if)#commit
Commit the candidate configuration to the running configuration.
SW2(config-if)# int xe46
Enter the interface mode
SW2(config-if)#ip address 40.40.40.1/24
Assign IP address to the interface
SW2(config-if)#int lo
Enter the interface mode
SW2(config-if)#ip add 3.3.3.3/32 secondary
Assign IP address to the interface
SW2(config-if)#int xe32
Enter the interface mode
SW2(config-if)#ip add 50.50.50.2/24
Assign IP address to the interface
SW2(config-if)#exit
Exit interface mode
SW2(config)# router ospf 100
Enter OSPF router
SW2(config-router)# network 3.3.3.3/32 area 0
Add the IP address to the OSPF process
SW2(config-router)# network 20.20.20.0/24 area 0
Add the IP address to the OSPF process
SW2(config-router)# network 30.30.30.0/24 area 0
Add the IP address to the OSPF process
SW2(config-router)#network 50.50.50.2/24 area 0
Add the IP address to the OSPF process
SW2(config-router)#commit
Commit the candidate configuration to the running configuration.
SW2(config-router)#exit
Exit the OSPF mode
Validation
TOR1
TOR1#show mlag domain summary
 
------------------------------------
Domain Configuration
------------------------------------
 
Domain System Number : 1
Domain Address : 1111.2222.3333
Domain Priority : 32768
Intra Domain Interface : xe7
Domain Adjacency : UP
Domain Sync via : Intra-domain-interface
------------------------------------
MLAG Configuration
------------------------------------
 
MLAG-1
Mapped Aggregator : po1
Physical properties Digest : 54 a9 3a 2a 2b 50 65 bb 3c bc 3d bd c2 43 d6 22
Total Bandwidth : 10g
Mlag Sync : IN_SYNC
Mode : Active-Standby
Current Mlag state : Active
Switchover-mode : Revertive
 
TOR1#show vrrp 1 vlan1.2
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: vlan1.2
State: AdminUp - Master
Virtual IP address: 10.10.10.1 (Owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.10.10.1
Operational master IP address: 10.10.10.1
Priority is 255
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 5 minutes 11 seconds (31100 centi sec)
Master uptime: 0 hours 5 minutes 11 seconds (31100 centi sec)
Accept mode: TRUE
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface vlan1.2: JOINED
V2-Compatible: TRUE
 
TOR2
TOR2#show mlag domain summary
 
------------------------------------
Domain Configuration
------------------------------------
 
Domain System Number : 2
Domain Address : 1111.2222.3333
Domain Priority : 32768
Intra Domain Interface : xe7
Domain Adjacency : UP
Domain Sync via : Intra-domain-interface
------------------------------------
MLAG Configuration
------------------------------------
 
MLAG-1
Mapped Aggregator : po1
Physical properties Digest : 54 a9 3a 2a 2b 50 65 bb 3c bc 3d bd c2 43 d6 22
Total Bandwidth : 10g
Mlag Sync : IN_SYNC
Mode : Active-Standby
Current Mlag state : Standby
Switchover-mode : Revertive
 
TOR2#show vrrp 1 vlan1.2
VRRP Version: 3
VMAC enabled
Backward Compatibility disabled
 
Address family IPv4
VRRP Id: 1 on interface: vlan1.2
State: AdminUp - Backup
Virtual IP address: 10.10.10.1 (Not-owner)
Virtual MAC address is 0000.5e00.0101
Operational primary IP address: 10.10.10.2
Operational master IP address: 10.10.10.1
Priority is 100
Advertisement interval: 100 centi sec
Master Advertisement interval: 100 centi sec
Virtual router uptime: 0 hours 6 minutes 27 seconds (38700 centi sec)
Skew time: 80 centi sec
Master Down Interval: 380 centi sec
Preempt mode: TRUE
Auth-type: simple text, String: abcd
Multicast membership on IPv4 interface vlan1.2: JOINED
V2-Compatible: TRUE
Session is on MLAG interface. Dataplane acting as Master