Configuring VRRP - Cisco

1 Configuring VRRPThe Virtual RouterRedundancyProtocol(VRRP)is an electionprotocolthat dynamicallyassignsresponsibilityfor one or more virtual routersto the VRRP routerson a LAN, allowingseveralrouterson conjunctionwith one or more other routersattachedto a LAN. In a VRRP configuration,one router iselectedas the virtual router master, with the other routersacting as backupsin case the virtual router moduleexplainsthe conceptsrelatedto VRRP and describeshow to configureVRRP in a network. FindingFeatureInformation,page 1 Restrictionsfor VRRP, page 2 InformationAbout VRRP, page 2 How to ConfigureVRRP, page 7 ConfigurationExamplesfor VRRP, page 14 AdditionalReferences,page 16 FeatureInformationfor VRRP, page 18 Glossary, page 22 Finding Feature InformationYour softwarereleasemay not supportall the featuresdocumentedin this the latest caveatsandfeatureinformation,see Bug SearchTool and the releasenotes for your platformand informationabout the featuresdocumentedin this module,and to see a list of the releasesin which eachfeatureis supported,see the Cisco FeatureNavigatorto find informationabout platformsupportand Cisco softwareimage access Cisco FeatureNavigator, go to An accounton not Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE ( catalyst 3850 Switches)

2 1 Restrictions for VRRP VRRP is designedfor use over multiaccess,multicast,or isnot intendedas a replacementfor existingdynamicprotocols. VRRP is supportedon Ethernet,Fast Ethernet,BridgeGroup Virtual Interface(BVI), and GigabitEthernetinterfaces,and on MultiprotocolLabel Switching(MPLS)Virtual PrivateNetworks(VPNs),VRF-awareMPLS VPNs,and VLANs. Becauseof the forwardingdelay that is associatedwith the initializationof a BVI interface,you mustconfigurethe VRRP advertisetimer to a value equal to or greaterthan the forwardingdelay on the over the masterrole. Use thebridgeforward-timecommandto set the forwardingdelay on theBVI thevrrptimersadvertisecommandto set the VRRP About VRRPVRRP as follows: ProxyARP TheclientusesAddressResolutionProtocol(A RP)togetthedestinationitwantstoreach,and a router will respondto the ARP requestwith its own MAC address. Routingprotocol The client listens to dynamicroutingprotocolupdates(for example,from RoutingInformationProtocol[RIP]) and forms its own routingtable.

3 ICMP RouterDiscoveryProtocol(IRDP)client The client runs an InternetControlMessageProtocol(ICMP)rout er drawbackto dynamicdiscoveryprotocolsis that they incur some configurationand processingoverheadon the LAN client. Also, in the event of a router failure,the processof switchingto anotherrouter can alternativeto dynamicdiscoveryprotocolsis to staticallyconfigurea defaultrouter on the client. Thisapproachsimplifiesclient configurationand processing,but createsa single point of the defaultgatewayfails, the LAN client is limitedto communicatingonly on the local IP networksegmentand is cutoff from the rest of the can solve the static enablesa group of routersto form a singlevirtualrouter. The LAN clients can then be configuredwith the virtual router as their defaultgateway. The virtualrouter, representinga group of routers,is also knownas a VRRP is supportedon Ethernet,Fast Ethernet,BVI, and GigabitEthernetinterfaces,and on MPLS VPNs,VRF-awareMPLS VPNs,and VLANs.

4 First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE ( catalyst 3850 Switches)2 Configuring VRRPR estrictions for VRRPThe figure below shows a LAN topologyin which VRRP is this example,RoutersA, B, andCareVRRP routers(routersrunningVRRP) the same as that configuredfor the Ethernetinterfaceof RouterA ( ).Figure 1: Basic VRRP TopologyBecausethevirtualrouterusestheIP addressofthephysicalEthernetinterfaceofR outerA,RouterAassumesthe role of the virtual router masterand is also knownas the IP addressowner. As the virtual router master,RouterA controlsthe IP addressof the virtual router and is responsiblefor forwardingpacketssent to this through3 are configuredwith the defaultgatewayIP addressof and C functionas virtual router the virtual router masterfails, the router configuredwith the higher prioritywill becomethe virtual router masterand provideuninterruptedservicefor the LANhosts. When RouterA recovers,it becomesthe virtual router masteragain.

5 For more detail on the roles thatVRRP routersplay and what happensif the virtual router masterfails, see the VRRP Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE ( catalyst 3850 Switches) 3 Configuring VRRPVRRP OperationThe figure below shows a LAN topologyin which VRRP is configuredso that RoutersA and B share thetraffic to and from clients 1 through4 and that RoutersA and B act as virtual router backupsto each other ifeither router 2: Load Sharing and Redundancy VRRP TopologyIn this topology, two virtual routersare configured.(For more information,see the MultipleVirtual RouterSupportsection.)For virtual router 1, RouterA is the owner of IP virtual router master, addressof virtual router 2, RouterB is the owner of IP virtual router master, and RouterA isthe virtual router backupto RouterB. Clients3 and 4 are configuredwith the defaultgatewayIP BenefitsRedundancyVRRP enablesyou to configuremultipleroutersas the defaultgatewayrouter, which reducesthe possibilityof a single point of failure in a SharingYoucanconfigureVRRP insuchawaythattraffictoandfromLANclients canbesharedbymultiplerouters,therebyshar ingthe traffic load more Virtual RoutersMultiple IP AddressesThevirtualroutercanmanagemultip leIPaddresses, ,ifyouhavemultiplesubnetsconfiguredon an Ethernetinterface,you can configureVRRP on each subnet.

6 First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE ( catalyst 3850 Switches)4 Configuring VRRPVRRP BenefitsPreemptionThe redundancyschemeof VRRP enablesyou to preempta virtual router backupthat has taken over for afailing virtual router masterwith a higher priorityvirtual router backupthat has messagedigest 5 (MD5)algorithmauthenticationprotectsagai nstVRRP-spoofingsoftwareand usesthe industry-standardMD5 algorithmfor improvedreliabilityand ProtocolVRRP usesadedicatedInternetAssignedNumbersAut hority(IANA)standardmulticastaddress( )for VRRP addressingschememinimizesthe numberof routersthat must servicethemulticastsand allows test equipmentto accuratelyidentifyVRRP packetson a IANA assignedVRRP the IP Object TrackingVRRP objecttrackingprovidesawaytoensurethebes tVRRP routeristhevirtualroutermasterforthegrou pby alteringVRRP prioritiesto the status of trackedobjectssuch as the interfaceor IP route Virtual Router Support Routerprocessingcapability Routermemorycapability Routerinterfacesupportof multipleMAC addressesIn a topologywhere multiplevirtual routersare configuredon a router interface,the interfacecan act as amasterfor one virtual router and as a backupfor one or more virtual Router Priority and PreemptionAn importantaspect of the VRRP redundancyschemeis VRRP router priority.

7 Prioritydeterminesthe rolethat each VRRP router plays and what happensif the virtual router a VRRP router owns the IP addressof the virtual router and the IP addressof the physicalinterface,thisrouter will functionas a virtual router determinesif a VRRP router functionsas a virtual router backupand the order of backupwith a value of 1 through254 using example,if RouterA, the virtual router masterin a LAN topology, fails, an electionprocesstakes placeto determineif virtual router backupsB or C shouldtake over. If RoutersB and C are configuredwith theprioritiesof 101 and 100, respectively, RouterB is electedto becomevirtual router masterbecauseit has thehigherpriority. If RoutersB and C areboth configuredwiththepriorityof 100, thevirtualrouterbackupwiththe higher IP addressis electedto becomethe virtual router default,a preemptiveschemeis enabledwherebya higher priorityvirtual router backupthat becomesavailabletakes over for the virtual router backupthat was electedto becomevirtual router master.

8 You candisablethis preemptiveschemeusing theno preemptionis disabled,the virtualFirst Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE ( catalyst 3850 Switches) 5 Configuring VRRPM ultiple Virtual Router Supportrouterbackupthatiselectedtobecome virtualroutermasterremainsthemasteruntil theoriginalvirtualroutermasterrecoversan d AdvertisementsThe virtual router mastersends VRRP advertisementsto other VRRP routersin the same group. Theadvertisementscommunicatethe priorityand stateof the virtualrouter master. The VRRP advertisementsareencapsulatedin IP packetsand sent to the IP Version 4 multicastaddressassignedto the VRRP group. Theadvertisementsare sent every secondby default;the intervalis VRRP protocolas per RFC 3768 does not supportmillisecondtimers, Cisco routersallow youto need to manuallyconfigurethe millisecondtimer values on both must use millisecondtimers where absolutelynecessaryand with carefulconsiderationand work only under favorablecircumstances,and you must be aware that the use of themillisecondtimer values restrictsVRRP operationto Cisco Object TrackingObjecttrackingis an independentprocessthat managescreating,monitoring,and (HSRP),GatewayLoadBalancingProtocol(GLBP ),andVRRP registertheirinterestwithspecifictracked objectsandact when the state of an object trackedobject is identifiedby a uniquenumberthat is specifiedon the trackingCLI.

9 Client processessuch as VRRP use this numberto track a trackingprocessperiodicallypolls the trackedobjectsand notes any changeof value. The changesin thetrackedobject are communicatedto interestedclient processes,either immediatelyor after a object values are reportedas either up or you to track individualobjectssuch as a the state of an interfaceline protocol,state of an IProute, or the reachabilityof a providesan interfaceto the VRRP group can track multipleobjectsthat mayaffect the priorityof the VRRP specifythe object numberto be trackedand VRRP is notifiedofany changeto the increments(or decrements)the priorityof the virtual device based on thestate of the object being VRRP Object Tracking Affects the Priority of a DeviceThe priorityof a device can changedynamicallyif it has been configuredfor object trackingand the objectthat is being trackedgoes down. The trackingprocessperiodicallypolls the trackedobjectsand notes anychangeof value.

10 The changesin the trackedobject are communicatedto VRRP, either immediatelyor the line protocolstate of an interfaceor the reachabilityof an IP route. If the specifiedobject goes down,the VRRP priorityis VRRP device with the higher prioritycan now becomethe virtual device First Hop Redundancy Protocols Configuration Guide, Cisco IOS XE Release 3SE ( catalyst 3850 Switches)6 Configuring VRRPVRRP Advertisementsmasterif it has the VRRP ObjectTracking sectionfor moreinformationon object Service Software Upgrade--VRRPVRRP supportsIn ServiceSoftwareUpgrade(ISSU).In ServiceSoftwareUpgrade(ISSU)allows ahigh-availability(HA) systemto run in statefulswitchover(SSO) mode even when different versionsofsoftwareare runningon the active and standbyRoute Processors(RPs) or line providesthe ability to upgradeor downgradefrom one supportedreleaseto anotherwhile continuingto forwardpacketsand maintainsessions,therebyreducingplannedo utagetime. The ability to upgradeordowngradeis achievedby runningdifferent softwareversionson the active RP and standbyRP for a shortperiod of time to maintainstate informationbetweenRPs.