vpn interface vrrp—Configure the Virtual Router Redundancy Protocol (VRRP) to allow multiple routers to share a common virtual IP address for default gateway redundancy (on vEdge routers only).
Hosts are assigned a single default gateway (also called default router) IP address, either through DHCP or statically for the first-hop router. This situation creates a single point of failure in the network. VRRP provides default gateway (first-hop router) redundancy through configuration of a virtual IP address shared by multiple routers on a single LAN or subnet.
One router on the LAN or subnet becomes master, thus assuming the role of the default gateway, and the other routers take the role of slave. When the master router fails, one of the slaves is elected as the new master and assumes the role of default gateway.
You cannot configure VRRP on an interface that is in the transport VPN (VPN 0).
vManage Feature Template
For vEdge routers only:
Configuration ► Templates ► VPN Interface Ethernet
- Advertisement Time
- timer seconds
How often the VRRP master sends VRRP advertisement messages. If slave routers miss three consecutive VRRP advertisements, they elect a new master.
Range: 1 through 3600 seconds
Default: 1 second
- For Cisco XE SD-WAN Routers
- Range: 100 through 3600 milliseconds
- Default: 100 milliseconds
- Priority To Be Elected Master
- priority number
Priority level of the router. The router with the highest priority is elected as master. If two vEdge routers have the same priority, the one with the higher IP address is elected as master.
Range: 1 through 254
- Track Interface State
- (track-omp | track-prefix-list list-name)
By default, VRRP uses of the state of the service (LAN) interface on which it is running to determine which vEdge router is the master virtual router. When the interface for the master goes down, a new VRRP master virtual router is elected based on the VRRP priority value.
Because VRRP runs on a LAN interface, if a vEdge router loses all its WAN control connections, the LAN interface still indicates that it is up even though the router is functionally unable to participate in VRRP. To take WAN side connectivity into account for VRRP, you can configure one of the following:
track-omp—Track the Overlay Management Protocol (OMP) session running on the WAN connection when determining the VRRP master virtual router. If all OMP sessions are lost on the master VRRP router, VRRP elects a new default gateway from among all the gateways that have one or more active OMP sessions even if the gateway chosen has a lower VRRP priority than the current master. With this option, VRRP failover occurs once the OMP state changes from up to down, which occurs when the OMP hold timer expires. (The default OMP hold timer interval is 60 seconds.) Until the hold timer expires and a new VRRP master is elected, all overlay traffic is dropped. When the OMP session recovers, the local VRRP interface claims itself as master even before it learns and installs OMP routes from the vSmart controllers. Until the routes are learned, traffic is also dropped.
track-prefix-list list-name—Track both the OMP session and a list of remote prefixes. list-name is the name of a prefix list configured with the policy lists prefix-list command on the vEdge router. If all OMP sessions are lost, VRRP failover occurs as described for the track-omp option. In addition, if reachability to all the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic is dropped while the vEdge routers determine the VRRP master.
Default: VRRP tracks only the interface on which it is configured.
- Virtual Router ID
- vrrp group-number
Virtual router ID, which is a numeric identifier of the virtual router. For each interface or subinterface, you can configure only a single VRRP group. On a router, you can configure a maximum of 24 groups.
Range: 1 through 255
- Virtual Router IP Address
- ip address ip-address
IP address of the virtual router. The virtual IP address must be different from the configured interface IP addresses of both the local vEdge router and the peer running VRRP. For each interface or subinterface, you can configure only a single virtual IP address.
Configure VRRP in VPN 1, on the subinterface ge0/1.3 on Cisco vEdge Devices:
vpn 1 interface ge0/1.3 ip address 10.2.3.11/24 mtu 1490 no shutdown vrrp 3 priority 200 timer 1 ipv4 10.2.3.201 track-prefix-list vrrp-prefix-list ! !
Configure VRRP on Cisco XE SD-WAN Routers
interface GigabitEthernet0/0/2 description to-LAN no shutdown arp timeout 1200 vrf forwarding 1 ip address 10.180.4.3 255.255.255.0 ip redirects ip mtu 1500 mtu 1500 negotiation auto vrrp 1 address-family ipv4 vrrpv2 address 10.180.4.1 priority 90 timers advertise 1000 exit exit
Note: For Cisco XE SD-WAN Routers Range: 100 through 3600 milliseconds Default: 100 milliseconds
Command introduced in Viptela Software Release 14.1.
In Release 15.2, add tracking by prefix list.
In Releaes 18.3, you can configure a maximum of 24 VRRP groups on a router.