image image image image image

On This Page

The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available IP routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.

The protocol achieves this by creating virtual routers, which are an abstract representation of multiple routers (that is, a master and backup routers, acting as a group). The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.

VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP routes beyond that subnet or affect the routing table in any way.

Routers have a priority of between 1-255 and the router with the highest priority becomes the master. The configurable priority value ranges from 1-254, the router which owns the interface IP address as one of its associated IP addresses has the priority value 255. When a planned withdrawal of a master router is to take place, its priority can be lowered, which means a backup router will preempt the master router status rather than having to wait for the hold time to expire.NVIDIA Onyx supports IPv4 in VRRP version 2, and IPv6 in VRRP version 3.

Load Balancing

To create load balancing between routers participating in the same VR, it is recommended to create 2 (or more) VRs. Each router will be a master in one of the VRs, and a backup to the other VR(s). A group of hosts should be configured with Router 1’s virtual address as the default gateway, while the second group should be configured with Router 2’s virtual address.

Configuring VRRP

The Virtual Router Redundancy Protocol (VRRP) is a computer networking protocol that provides for automatic assignment of available IP routers to participating hosts. This increases the availability and reliability of routing paths via automatic default gateway selections on an IP subnetwork.The protocol achieves this by creating virtual routers, which are an abstract representation of multiple routers (that is, a master and backup routers, acting as a group). The default gateway of a participating host is assigned to the virtual router instead of a physical router. If the physical router that is routing packets on behalf of the virtual router fails, another physical router is selected to automatically replace it. The physical router that is forwarding packets at any given time is called the master router.VRRP provides information on the state of a router, not the routes processed and exchanged by that router. Each VRRP instance is limited, in scope, to a single subnet. It does not advertise IP routes beyond that subnet or affect the routing table in any way.Routers have a priority of between 1-255 and the router with the highest priority becomes the master. The configurable priority value ranges from 1-254, the router which owns the interface IP address as one of its associated IP addresses has the priority value 255. When a planned withdrawal of a master router is to take place, its priority can be lowered, which means a backup router will preempt the master router status rather than having to wait for the hold time to expire.

Preconditions

  1. Enable IP routing functionality. Run:

    switch (config)# ip routing

  2. Enable the desired VLAN. Run:

    switch (config)# vlan 20

    The VLAN cannot be the same one configured for the MLAG IPL, if MLAG is used.

  3. Add this VLAN to the desired interface. Run:

    switch (config)# interface ethernet 1/1
switch (config interface ethernet 1/1)# switchport access vlan 20

  4. Create a VLAN interface. Run:

    switch (config)# interface vlan 20
  5. Apply IP address to the VLAN interface.
    1. For IPv4, do the following.

      On one of the switches, run:

      switch (config interface vlan 20)# ip address 20.20.20.20 /24


      On the other switch, run:

      switch (config interface vlan 20)# ip address 20.20.20.30 /24

    2. For IPv6, apply IPv6 address to the VLAN interface.

      On one of the switches, run:

      switch (config interface vlan 20) # ipv6 address 2001::20 /64


      On the other switch, run:

      switch (config interface vlan 20) # ipv6 address 2001::30 /64

  6. Enable the interface. Run:

    switch (config interface vlan 20)# no shutdown


Configuring VRRP

  1. Enable VRRP protocol globally. Run:

    switch (config)# protocol vrrp

  2. Create a virtual router group for an IP interface. Up to 255 VRRP IDs are supported. Run: 

    switch (config interface vlan 20)# vrrp 100

  3. Set the VIP address. 

    1. For IPv4, run:

      switch (config interface vlan 20 vrrp 100)# address 20.20.20.40

    2. For IPv6, run:

       switch (config interface vlan 20 vrrp 100) # address 2001::40

  4. Influence the election of the master in the VR cluster make sure that the priority of the desired master is the highest. Note that the higher IP address is selected in case the priority of the routers in the VR are the same. Select the priority. Run:

    switch (config interface vlan 20 vrrp 100)# priority 200

  5. The advertisement interval should be the same for all the routers within the VR. Modify the interval. Run:

    switch (config interface vlan 20 vrrp 100)# advertisement-interval 2

  6. The authentication text should be the same for all the routers within the VR. Configure the authentication text. Run:

    switch (config interface vlan 20 vrrp 100)# authentication text my-password

    This option is not supported in VRRP IPv6.

  7. Use the preempt command to enable a high-priority backup virtual router to preempt the low-priority master virtual router. Run:

    switch (config interface vlan 20 vrrp 100)# preempt

  8. Disable VRRP. Run: 

    switch (config interface vlan 20 vrrp 100)# shutdown

    The configuration will not be deleted, only the VRRP state machine will be stopped.

Verifying VRRP

  1. Display VRRP brief status. Run:

    switch (config) # show vrrp
Interface  VR         Admin State      Priority   Adv-Intvl   Preempt    State      VR IP addr
-----------------------------------------------------------------------------------------------------------
Vlan20     100        Enabled           100        1          Enabled    Master     20.20.20.40
Vlan20     100        Enabled           100        1          Enabled    Master     2001::40

  2. Display VRRP detailed status. Run:

    switch (config) # show vrrp detail
VRRP Admin State: Enabled

Vlan20 - Vrrp 100:
  Instance Admin State         : Enabled
  State                        : Master
  State v6                     : Master
  Virtual IP Address           : 20.20.20.40
  Virtual IPv6 Address         : 2001::40
  Priority                     : 100
  Advertisement interval(sec)  : 1
  Preemption                   : Enabled
  Virtual MAC Address          : 00:00:5e:00:01:64
  Primary IP Address           : 20.20.20.20
  Master router                : 20.20.20.20
  Virtual MAC Address v6       : 00:00:5e:00:02:64
  Primary IP Address v6        : ::
  Master router v6             : 2001::20
  Master priority              : 100
  Master advertisement interval: 1

  3. Display VRRP statistic counters. Run: 

    switch (config) # show vrrp statistics
Invalid packets:                    0
Too short:                          0
Transitions to Master:              1
Total received:                     0
Bad TTL:                            0
Failed authentication:              0
Unknown authentication:             0
Conflicting authentication:         0
Conflicting Advertise time:         0
Conflicting Addresses:              0
Received with zero priority:        0
Sent with zero priority:            0
Invalid packets v6:                 0
Too short v6:                       0
Transitions to Master v6:           1
Total received v6:                  0
Bad TTL v6:                         0
Conflicting Advertise time v6:      0
Conflicting Addresses v6:           0
Received with zero priority v6:     0
Sent with zero priority v6:         0


Additional Reading and Use Cases

For more information about this feature and its potential applications, please refer to the following community post:


VRRP Commands

protocol vrrp


protocol vrrp
no protocol vrrp 

Enables VRRP globally and unhides VRRP related commands.
The no form of the command deletes all the VRRP configuration and hides VRRP related commands.

Syntax Description

N/A

Default

no protocol vrrp

Configuration Mode

config

History

3.3.4500

Example

switch (config)# protocol vrrp

Related Commands


Notes


clear vrrp statistics


clear vrrp statistics 

Clears VRRP statistics.

Syntax Description

N/A

Default

N/A

Configuration Mode

config

History

3.3.4500

Example

switch (config)# clear vrrp statistics

Related Commands


Notes


vrrp


vrrp <number>
no vrrp <number> 

Creates a virtual router group on this interface and enters a new configuration mode.
The no form of the command deletes the VRRP instance and the related configuration.

Syntax Description

number

A VRRP instance number
Range: 1-255

Default

N/A

Configuration Mode

config interface vlan

History

3.3.4500


3.6.8100

Updated parameter range

3.7.1100

Updated Syntax and notes

Example

switch (config interface vlan 10)#
switch (config interface vlan 10 vrrp 10)#

Related Commands


Notes

A maximum total of 64 VRRP instances are supported per switch system.

address


address <ip-address> [secondary]
no address [<ip-address> [secondary]] 

Sets virtual router IP address (primary and secondary).
The no form of the command deletes the IP address from the VRRP interface.

Syntax Description

ip-address

The virtual IP address

secondary

A secondary IP address for the virtual router

Default

N/A

Configuration Mode

config vrrp interface

History

3.3.4500

3.9.1000Added support IPv6 address

Example

switch (config vrrp 100)# address 10.10.10.10
switch (config vrrp 100)# address 10.10.10.11 secondary
switch (config vrrp 100)# address 10.10.10.12 secondary

switch (config vrrp 100)# address 2001::40
switch (config vrrp 100)# address 2001::41 secondary

Related Commands


Notes

  • The virtual address can be either from the interface’s primary or secondary subnet
  • This command is the enabler of the protocol. Therefore, set all the protocol parameters initially and only then set the ip-address.
  • There are up to 20 IP addresses associated with the VRRP instance. One primary and up to 19 secondary ip-addresses.
  • If the configured IP address is the same as the interface IP address, this switch automatically owns the IP address (priority 255)

  • For IPv6, the OS will auto-generate link-local virtual IP. Up to 19 IPv6 addresses are allowed to be associated with the VRRP instance—one primary address and up to 18 secondary addresses. IPv4 and IPv6 addresses are allowed to be configured on the same VRRP instance.

shutdown


shutdown
no shutdown 

Disables the virtual router.
The no form of the command enables the virtual router (stops the VRRP state machine).

Syntax Description

N/A

Default

Enabled (no shutdown)

Configuration Mode

config vrrp interface

History

3.3.4500

Example

switch (config vrrp 100)# shutdown

Related Commands


Notes


priority


priority <level>
no priority 

Sets the priority of the virtual router.
The no form of the command resets the priority to its default.

Syntax Description

level

The virtual router priority level
Range: 1-254

Default

100

Configuration Mode

config vrrp interface

History

3.3.4500

Example

switch (config vrrp 100)# priority 200

Related Commands


Notes

  • The higher IP address is selected as master if the priority of the routers in the VR are the same
  • To influence the election of the master in the VR cluster make sure that the priority of the desired master is the higher

preempt


preempt
no preempt 

Sets virtual router preemption mode.
The no form of the command disables the virtual router preemption.

Syntax Description

N/A

Default

Enabled (preempt)

Configuration Mode

config vrrp interface

History

3.3.4500

Example

switch (config vrrp 100)# preempt

Related Commands


Notes

To set this router as backup for the current virtual router master, preempt must be enabled.

authentication text


authentication text <password>
no authentication text 

Sets virtual router authentication password and enables authentication.
The no form of the command disables the authentication mechanism.

Syntax Description

password

The virtual router authentication password

Default

Disabled

Configuration Mode

config vrrp interface

History

3.3.4500

3.9.1000Updated notes

Example

switch (config vrrp 100)# authentication text mypassword

Related Commands


Notes

  • The password string must be up to 8 alphanumeric characters
  • This option is not supported in VRRP IPv6 instance

advertisement-interval


advertisement-interval <seconds>
no advertisement-interval 

Sets the virtual router advertisement-interval.
The no form of the command resets the parameter to its default.

Syntax Description

seconds

The virtual router advertisement-interval in seconds
Range: 1-255

Default

1

Configuration Mode

config vrrp interface

History

3.3.4500

Example

switch (config vrrp 100)# advertisement-interval 10

Related Commands


Notes


show vrrp


show vrrp [interface <type> <number>] [vr <id>] 

Displays VRRP brief configuration and status.

Syntax Description

interface <type> <number>

Filters the output to a specific interface type and number

vr <id>

Filters the output to a specific virtual router
Range: 1-10

Default

N/A

Configuration Mode

Any command mode

History

3.3.4500

3.9.1000Added support for VRRP IPv6 instance
Example
switch (config) # show vrrp
Interface VR Admin State Priority Adv-Intvl Preempt State VR IP addr
------------------------------------------------------------------------------
Vlan20 100 Enabled 100 1 Enabled Master 20.20.20.40
Vlan20 100 Enabled 100 1 Enabled Master 2001::40

Related Commands


Notes


show vrrp detail


show vrrp detail [interface <type> <number>] [vr <id>]

Displays detailed VRRP configuration and status.

Syntax Description

interface <type> <number>

Filters the output to a specific interface type and number

vr <id>

Filters the output to a specific virtual router
Range: 1-255

Default

N/A

Configuration Mode

Any command mode

History

3.3.4500

3.6.5000

Updated example

3.6.8008

Updated example

3.9.1000Added support for VRRP IPv6 instance

Example

switch (config) # show vrrp detail
VRRP Admin State: Enabled
Vlan20 - Vrrp 100:
 Instance Admin State         : Enabled
 State                        : Master
 State v6                     : Master
 Virtual IP Address           : 20.20.20.40
 Virtual IPv6 Address         : 2001::40
 Priority                     : 100
 Advertisement interval(sec)  : 1
 Preemption                   : Enabled
 Virtual MAC Address          : 00:00:5e:00:01:64
 Primary IP Address           : 20.20.20.20
 Master router                : 20.20.20.20
 Virtual MAC Address v6       : 00:00:5e:00:02:64
 Primary IP Address v6        : ::
 Master router v6             : fe80::ba59:9fff:fea6:6988
 Master priority              : 100
 Master advertisement interval: 1
 Associated IP Addresses:
  20.20.20.41
 Associated IPv6 Addresses:
  2001::41

Related Commands


Notes



show vrrp statistics


show vrrp statistics [interface <type <number>] [vr <id>] [all] 

Displays VRRP counters.

Syntax Description

interface <type> <number>

Filters the output to a specific interface type and number

vr <id>

Filters the output to a specific virtual router
Range: 1-255

Default

N/A

Configuration Mode

Any command mode

History

3.3.4500


3.6.5000

Updated example

3.9.1000Updated example
Example
switch (config) # show  vrrp statistics 
Invalid packets:                    0          
Too short:                          0          
Transitions to Master:              0          
Total received:                     0          
Bad TTL:                            0          
Failed authentication:              0          
Unknown authentication:             0          
Conflicting authentication:         0          
Conflicting Advertise time:         0          
Conflicting Addresses:              0          
Received with zero priority:        0          
Sent with zero priority:            0          
Invalid packets v6:                 0          
Too short v6:                       0          
Transitions to Master v6:           0          
Total received v6:                  0          
Bad TTL v6:                         0          
Conflicting Advertise time v6:      0          
Conflicting Addresses v6:           0          
Received with zero priority v6:     0          
Sent with zero priority v6:         0

Related Commands


Notes