Configuring VRRP
The Virtual Router Redundancy Protocol (VRRP) provides redundant gateway service for switches and other IP end stations. In the Viptela software, you configure VRRP on an interface, and typically on a subinterface, within a VPN.
For a VRRP interface to operate, its physical interface must be configured in VPN 0:
vEdge(config-vpn-0)# interface ge-slot/port
vEdge(config-interface-ge)# no shutdown
For each VRRP interface (or subinterface), you assign an IP address and you place that interface in a VRRP group.
vEdge(config-vpn)# interface ge-slot/port.subinterface
vEdge(config-interface-ge)# ip address prefix/length
vEdge(config-interface-ge)# vrrp group-number
The group number identifies the virtual router. In a typical VRRP topology, two physical routers are configured to act as a single virtual router, so you configure the same group number on interfaces on both these routers.
For each virtual router ID, you must configure an IP address:
vEdge(config-vrrp)# ipv4 ip-address
Within each VRRP group, the vEdge router with the higher priority value is elected as master. By default, each virtual router IP address has a default master election priority of 100, so the router with the higher IP address is elected master. You can modify the priority value, setting it to a value from 1 through 254:
vEdge(config-vrrp)# priority number
The VRRP master periodically sends advertisement messages, indicating that it is still operating. If slave routers miss three consecutive VRRP advertisements, they assume that the master is down and elect a new master. By default, these messages are sent every second. You can change the VRRP advertisement time to be a value from 1 through 3600 seconds:
vEdge(config-vrrp)# timer seconds
By default, VRRP uses of the state of the interface on which it is running to determine which vEdge router is the master virtual router. This interface is on the service (LAN) side of the vEdge router. When the interface for the master goes down, a new VRRP master virtual router is elected based on the VRRP priority value. Because VRRP runs on a LAN interface, if a vEdge router loses all its WAN control connections, the LAN interface still indicates that it is up even though the router is functionally unable to participate in VRRP. To take WAN side connectivity into account for VRRP, you can configure one of the following:
- Track the Overlay Management Protocol (OMP) session running on the WAN connection when determining the VRRP master virtual router:
vEdge(config-vrrp)# track-omp
If all OMP sessions are lost on the master VRRP router, VRRP elects a new default gateway from among all the gateways that have one or more active OMP sessions even if the gateway chosen has a lower VRRP priority than the current master. With this option, VRRP failover occurs once the OMP state changes from up to down, which occurs when the OMP hold timer expires. (The default OMP hold timer interval is 60 seconds.) Until the hold timer expires and a new VRRP master is elected, all overlay traffic is dropped. When the OMP session recovers, the local VRRP interface claims itself as master even before it learns and installs OMP routes from the vSmart controllers. Until the routers are learned, traffic is also dropped. - Track both the OMP session and a list of remote prefixes. list-name is the name of a prefix list configured with the policy lists prefix-list command on the vEdge router:
vEdge(config-vrrp)# track-prefix-list list-name
If all OMP sessions are lost, VRRP failover occurs as described for the track-omp option. In addition, if reachability to all the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic is dropped while the vEdge routers determine the VRRP master.
As discussed above, the IEEE 802.1Q protocol adds 4 bytes to each packet's length. Hence, for packets to be transmitted, either increase the MTU size on the physical interface in VPN 0 (the default MTU is 1500 bytes) or decrease the MTU size on the VRRP interface. See the example configuration output below.
Here is an example of configuring VRRP on redundant physical interfaces. For subinterface 2, vEdge1 is configured to act as the master, and for subinterface 3, vEdge2 acts as the master.
vEdge1# show running-config vpn 1
vpn 1
interface ge0/6.2
ip address 10.2.2.3/24
mtu 1496
no shutdown
vrrp 2
ipv4 10.2.2.1
track-prefix-list vrrp-prefix-list1
!
!
interface ge0/6.3
ip address 10.2.3.5/24
mtu 1496
shutdown
vrrp 3
ipv4 10.2.3.11
track-prefix-list vrrp-prefix-list1
!
!
!
vEdge2# show running-config vpn 1
vpn 1
interface ge0/1.2
ip address 10.2.2.4/24
mtu 1496
no shutdown
vrrp 2
ipv4 10.2.2.2
track-prefix-list vrrp-prefix-list2
!
!
interface ge0/1.3
ip address 10.2.3.6/24
mtu 1496
no shutdown
vrrp 3
ipv4 10.2.3.12
track-prefix-list vrrp-prefix-list2
!
!
!
vEdge1# show interface vpn 1
IF IF TCP
ADMIN OPER ENCAP PORT SPEED MSS RX TX
VPN INTERFACE IP ADDRESS STATUS STATUS TYPE TYPE MTU HWADDR MBPS DUPLEX ADJUST UPTIME PACKETS PACKETS
-------------------------------------------------------------------------------------------------------------------------------------------
1 ge0/6.2 10.2.2.3/24 Up Up vlan service 1496 00:0c:29:ab:b7:94 10 full 0 0:00:05:52 0 357
1 ge0/6.3 10.2.3.5/24 Down Down vlan service 1496 00:0c:29:ab:b7:94 - - 0 - 0 0
vEdge1# show vrrp interfaces
MASTER TRACK PREFIX
GROUP VIRTUAL VRRP OMP ADVERTISEMENT DOWN PREFIX LIST
VPN IF NAME ID IP VIRTUAL MAC PRIORITY STATE STATE TIMER TIMER LAST STATE CHANGE TIME LIST STATE
----------------------------------------------------------------------------------------------------------------------------------------------
1 ge0/6.2 2 10.2.2.1 00:0c:29:ab:b7:94 100 master down 1 3 2015-05-01T20:09:37+00:00 - -
ge0/6.3 3 10.2.3.11 00:00:00:00:00:00 100 init down 1 3 0000-00-00T00:00:00+00:00 - -
In the following example, Router-1 is the VRRP master, because it has a higher priority value than Router 2:
Router-1# show running-config vpn 1
vpn 1
!
interface ge0/1.15
ip address 10.10.1.2/24
mtu 1496
no shutdown
vrrp 15
priority 110
track-omp
ipv4 10.20.23.1
!
!
!
Router-1# show vrrp vpn 1
MASTER TRACK PREFIX
GROUP VRRP OMP ADVERTISEMENT DOWN PREFIX LIST
VPN IF NAME ID VIRTUAL IP VIRTUAL MAC PRIORITY STATE STATE TIMER TIMER LAST STATE CHANGE TIME LIST STATE
---------------------------------------------------------------------------------------------------------------------------------------------------
1 ge0/1.1 1 10.20.22.1 00:0c:bd:08:79:a4 100 backup up 1 3 2016-01-13T03:10:55+00:00 - -
ge0/1.5 5 10.20.22.193 00:0c:bd:08:79:a4 100 backup up 1 3 2016-01-13T03:10:55+00:00 - -
ge0/1.10 10 10.20.22.225 00:0c:bd:08:79:a4 100 backup up 1 3 2016-01-13T03:10:55+00:00 - -
ge0/1.15 15 10.20.23.1 00:0c:bd:08:79:a4 110 master up 1 3 2016-01-13T03:10:56+00:00 - -
ge0/1.20 20 10.20.24.1 00:0c:bd:08:79:a4 100 backup up 1 3 2016-01-13T03:10:56+00:00 - -
ge0/1.25 25 10.20.25.1 00:0c:bd:08:79:a4 110 master up 1 3 2016-01-13T03:10:56+00:00 - -
ge0/1.30 30 10.20.25.129 00:0c:bd:08:79:a4 100 backup up 1 3 2016-01-13T03:10:56+00:00 - -
Router-1# show vrrp vpn 1 interfaces ge0/1.15 groups 15
MASTER TRACK PREFIX
GROUP VRRP OMP ADVERTISEMENT DOWN PREFIX LIST
ID VIRTUAL IP VIRTUAL MAC PRIORITY STATE STATE TIMER TIMER LAST STATE CHANGE TIME LIST STATE
----------------------------------------------------------------------------------------------------------------------------------
1 10.20.33.1 00:0c:bd:08:79:a4 110 master up 1 3 2016-01-13T03:10:56+00:00 - -
Router-2# show running-config vpn 1
vpn 1
!
interface ge0/1.15
ip address 10.10.1.3/24
mtu 1496
no shutdown
vrrp 15
track-omp
ipv4 10.20.23.1
!
!
!
Router-2# show vrrp vpn 1 interfaces groups
MASTER TRACK PREFIX
GROUP VRRP OMP ADVERTISEMENT DOWN PREFIX LIST
IF NAME ID VIRTUAL IP VIRTUAL MAC PRIORITY STATE STATE TIMER TIMER LAST STATE CHANGE TIME LIST STATE
----------------------------------------------------------------------------------------------------------------------------------------------
ge0/1.1 1 10.20.32.1 00:0c:bd:08:2b:a5 110 master up 1 3 2016-01-13T00:22:15+00:00 - -
ge0/1.5 5 10.20.32.193 00:0c:bd:08:2b:a5 110 master up 1 3 2016-01-13T00:22:15+00:00 - -
ge0/1.10 10 10.20.32.225 00:0c:bd:08:2b:a5 110 master up 1 3 2016-01-13T00:22:15+00:00 - -
ge0/1.15 15 10.20.33.1 00:0c:bd:08:2b:a5 100 backup up 1 3 2016-01-13T03:10:56+00:00 - -
ge0/1.20 20 10.20.34.1 00:0c:bd:08:2b:a5 110 master up 1 3 2016-01-13T00:22:16+00:00 - -
ge0/1.25 25 10.20.35.1 00:0c:bd:08:2b:a5 100 backup up 1 3 2016-01-13T03:10:56+00:00 - -
ge0/1.30 30 10.20.35.129 00:0c:bd:08:2b:a5 100 master up 1 3 2016-01-13T00:22:16+00:00 - -
Router-2# show vrrp vpn 100 interfaces groups 15
MASTER TRACK PREFIX
GROUP VRRP OMP ADVERTISEMENT DOWN PREFIX LIST
IF NAME ID VIRTUAL IP VIRTUAL MAC PRIORITY STATE STATE TIMER TIMER LAST STATE CHANGE TIME LIST STATE
--------------------------------------------------------------------------------------------------------------------------------------------
ge0/0.15 15 10.20.33.1 00:0c:bd:08:2b:a5 100 backup up 1 3 2016-01-13T03:10:56+00:00 - -