vrrp

Configures VRRP group settings

A default gateway is a critical resource for connectivity. However, it is prone to a single point of failure. Thus, redundancy for the default gateway is required. If WAN backhaul is available, and a router failure occurs, then the controller should act as a router and forward traffic on to its WAN link.

Define an external VRRP configuration when router redundancy is required in a network requiring high availability.

Central to VRRP configuration is the election of a VRRP master. A VRRP master (once elected) performs the following functions:

Responds to ARP requests
Forwards packets with a destination link layer MAC address equal to the virtual router‘s MAC address
Rejects packets addressed to the IP address associated with the virtual router, if it is not the IP address owner
Accepts packets addressed to the IP address associated with the virtual router, if it is the IP address owner or accept mode is true.

The nodes that lose the election process enter a backup state. In the backup state they monitor the master for any failures, and in case of a failure one of the backups, in turn, becomes the master and assumes the management of the designated virtual IPs. A backup does not respond to an ARP request, and discards packets destined for a virtual IP resource.

Supported in the following platforms:

Access Points — AP505i, AP510i/e, AP560i/h
Service Platforms — NX5500, NX7500, NX9500, NX9600, VX9000

Syntax

vrrp [<1-255>|version]

vrrp <1-255> [delta-priority <1-253>|description <LINE>|ip <IP> {<IP>}|preempt {delay <1-65535>}|priority <1-254>|sync-group]

vrrp <1-255> interface vlan <1-4094>

vrrp <1-255> monitor [<IF-NAME>|critical-resource|pppoe1|vlan|wwan1]

vrrp <1-255> monitor [<IF-NAME>|pppoe1|vlan <1-4094>|wwan1] {(<IF-NAME>|critical-resource|pppoel|vlan|wwan1)}

vrrp <1-255> monitor critical-resource <CRM-NAME1> <CRM-NAME2> <CRM-NAME3> <CRM-NAME4> (action [decrement-priority|increment-priority] {<IF-NAME>|pppoe1| vlan|wwan1})

vrrp <1-255> timers advertise [<1-255>|centiseconds <25-4095>|msec <250-999>]

vrrp version [2|3]

Parameters

vrrp <1-255> [delta-priority <1-253>|description <LINE>|vrrp ip <IP> {<IP>}| preempt {delay <1-65535>}|priority <1-254>|sync-group]

vrrp <1-255>	Configures the virtual router ID from 1- 255. Identifies the virtual router the packet is reporting status for.
delta-priority <1-253>	Configures the priority to decrement (local link monitoring and critical resource monitoring) or increment (critical resource monitoring). When the monitored interface is down, the configured priority decrements by a value defined by the delta-priority option. When monitoring critical resources, the value increments by the delta-priority option. <1-253> – Specify the delta priority level from 1- 253.
description <LINE>	Configures a text description for the virtual router to further distinguish it from other routers with similar configuration <LINE> – Provide a description (a string from 1- 64 characters in length)
ip <IP-ADDRESSES>	Identifies the IP address(es) backed by the virtual router. These are IP addresses of Ethernet switches, routers, and security appliances defined as virtual router resources. <IP-ADDRESSES> – Specify the IP address(es) in the A.B.C.D format. This configuration triggers VRRP operation.
preempt {delay <1-65535>}	Controls whether a high priority backup router preempts a lower priority master. This field determines if a node with higher priority can takeover all virtual IPs from a node with lower priority. This feature is disabled by default. delay – Optional. Configures the pre-emption delay timer from 1 - 65535 seconds (default is 0 seconds). This option can be used to delay sending out the master advertisement or, in case of monitored link coming up, adjusting the VRRP priority by priority delta.
priority <1-254>	Configures the priority level of the router within a VRRP group. This value determines which node is elected as the Master. Higher values imply higher priority, value 254 has the highest precedence (default is 100).
sync-group	Adds this VRRP group to a synchronized group. To trigger VRRP failover, it is essential all individual groups within a synchronized group have failover. VRRP failover is triggered if an advertisement is not received from the virtual masters that are part of this VRRP sync group. This feature is disabled by default.

vrrp <1-255> interface vlan <1-4094>

vrrp <1-255>	Configures the virtual router ID from 1- 255. Identifies the virtual router the packet is reporting status for.
interface vlan <1-4094>	Enables VRRP on the specified switch VLAN interface (SVI) vlan <1-4094> – Specify the VLAN interface ID from 1 - 4094.

vrrp <1-255> monitor critical-resource <CRM-NAME1> <CRM-NAME2> <CRM-NAME3> <CRM-NAME4> 
(action [decrement-priority|increment-priority] {<IF-NAME>|pppoe1|vlan| wwan1})

vrrp <1-255>	Configures the virtual router ID from 1- 255. Identifies the virtual router the packet is reporting status for.
monitor	Enables link monitoring or Critical Resource Monitoring (CRM)
critical-resource <CRM-NAME1>	Specifies the name of the critical resource to monitor. VRRP can be configured to monitor maximum of four critical resources. Use the <CRM-NAME2>, <CRM-NAME3>, and <CRM-NAME4> to provide names of the remaining three critical resources. By default VRRP is configured to monitor all critical resources on the device.
action [decrement-priority\| increment-priority]	Sets the action on critical resource down event. It is a recursive parameter that sets the action for each of the four critical resources being monitored. decrement-priority – Decrements the priority of virtual router on critical resource down event increment-priority – Increments the priority of virtual router on critical resource down event
<IF-NAME>	Optional. Enables interface monitoring <IF-NAME> – Specify the interface name to monitor
pppoe1	Optional. Enables Point-to-Point Protocol (PPP) over Ethernet interface monitoring
vlan <1-4094>	Optional. Enables VLAN (switched virtual interface) interface monitoring <1-4094> – Specify the VLAN interface ID from 1- 4094.
wwan1	Optional. Enables Wireless WAN interface monitoring

vrrp <1-255> timers advertise [<1-255>|centiseconds <25-4095>|msec <250-999>]

vrrp <1-255>

Configures the virtual router ID from 1- 255. Identifies the virtual router the packet is reporting status for.

timers

Configures the timer that runs every interval

advertise [<1-255>| centiseconds <25-4095>| msec <250-999>]

Configures the VRRP advertisements time interval. This is the interval at which a master sends out advertisements on each of its configured VLANs.

<1-255> – Configures the timer interval from 1- 255 seconds. (applicable for VRRP version 2 only)
centiseconds <25-4095> – Configures the timer interval in centiseconds (1/100th of a second). Specify a value between 25 - 4095 centiseconds (applicable for VRRP version 3 only).
msec <250-999> – Configures the timer interval in milliseconds (1/1000th of a second). Specify a value between 250 - 999 msec (applicable for VRRP version 2 only).

Default is 1 second.

vrrp version [2|3]

vrrp version [2|3]

Configures one of the following VRRP versions:

2 – VRRP version 2 (RFC 3768). This is the default setting.
3 – VRRP version 3 (RFC 5798 only IPV4)

The VRRP version determines the router redundancy. Version 3 supports sub-second (centisecond) VRRP failover and support services over virtual IP.

Example

nx9500-6C8809(config-profile-default-rfs4000)#vrrp version 3

nx9500-6C8809(config-profile-default-rfs4000)#vrrp 1 sync-group

nx9500-6C8809(config-profile-default-rfs4000)#vrrp 1 delta-priority 100

nx9500-6C8809(config-profile-default-rfs4000)#show context
profile rfs4000 default-rfs4000
 bridge vlan 1
 ......................................................
 vrrp 1 timers advertise 1
 vrrp 1 preempt
 vrrp 1 sync-group
 vrrp 1 delta-priority 100
 vrrp version 3
nx9500-6C8809(config-profile-default-rfs4000)#

Related Commands

no	Reverts VRRP settings

Published July 2019prev | next

Email this topic

Print this page Print this page

Leave feedback Feedback