Virtual Router Redundancy Protocol

Virtual Router Redundancy Protocol

Virtual Router Redundancy Protocol (VRRP) is another first hop redundancy protocol like HSRP with an exception that it is open standard protocol while HSRP is Cisco proprietary.

The purpose of VRRP is same as that of HSRP but there are still some differences in implementation and features.

VRRP has Master and Backup routers states unlike Active and Standby in HSRP. One router becomes Master which forwards the traffic and others will become Backup routers.

VRRP Configuration

I will use network diagram below to demonstrate the VRRP configuration.

VRRPIn this network, PC1 (10.10.10.10) can reach the Server (20.20.20.20) via R1 or R2. We need to configure fault tolerance between R1 and R2 so that PC1 has continue connectivity to Server even if any one of the two routers fail.

R1 configuration

VRRP support SLA monitors along with object tracking. So, I will first create an SLA probe to track the reachability of 20.20.20.20 from source interface fastEthernet0/1. If R1 can not reach the address 20.20.20.20 from fa0/1, R1 will assume that link between interface fa0/1 and server is down and it will decrement its priority to make itself Backup router and R2 will become Master to start forwarding the traffic.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#ip sla monitor 1
R1(config-sla-monitor)#type echo protocol ipicmpEcho 20.20.20.20 source-interface fa0/1
R1(config-sla-monitor-echo)#frequency 5
R1(config-sla-monitor-echo)#timeout 1000
R1(config-sla-monitor-echo)#exit
R1(config)#ip sla monitor schedule 1 life forever start-time now
R1(config)#track 1 rtr 1 reachability
R1(config-track)#exit
R1(config)#^Z
R1#

I have created SLA monitor and tracked object and started tracking the destination 20.20.20.20 from source interface fa0/1. If you have not heard about IP SLA and Object tracking, read this page.

Now I will configure VRRP on R1.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int fa0/0
R1(config-if)#ip address 10.10.10.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)#vrrp 1 ip 10.10.10.1
R1(config-if)#
*Jul 23 10:22:08.847: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup
*Jul 23 10:22:12.459: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup -> Master
R1(config-if)#vrrp 1 priority 110
R1(config-if)#vrrp 1 ?
  authentication  Authentication
  description     Group specific description
  ip              Enable Virtual Router Redundancy Protocol (VRRP) for IP
  preempt         Enable preemption of lower priority Master
  priority        Priority of this VRRP group
  shutdown        Disable VRRP Configuration
  timers          Set the VRRP timers
  track           Event Tracking

R1(config-if)#vrrp 1 track 1 decrement 20
R1(config)#int fa0/1
R1(config-if)#ip address 20.20.20.2 255.255.255.0
R1(config-if)#no shut
R1(config-if)#vrrp 2 ip 20.20.20.1

Notice that the syntax to enable VRRP is pretty simple to remember because every command starts with vrrp as opposed to that of HSRP (HSRP configuration starts with keyword standby). Other options after vrrp keyword are same as HSRP. The vrrp 1 ip 10.10.10.1 command is used to assign virtual IP address and vrrp 1 priority 110 command is used to set the priority to 110 (default is 100). Notice that I have not used preempt command because preempt is enabled by default in VRRP unlike HSRP. The vrrp 1 track 1 decrement 20 command is used to add the tracked object 1 and once tracked object becomes invalid, R1 will decrement its priority by 20. This will cause R1’s priority to become 90 and R2 will take over R1 and will become Master.

On interface fa0/1, I’ve simply enabled VRRP with virtual IP 20.20.20.1 and no other configuration is done.

Let’s do the similar configuration on R2

R2 Configuration

R2#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R2(config)#ip sla monitor 1
R2(config-sla-monitor)#type echo protocol ipicmpEcho 20.20.20.20 source-interface fa0/1
R2(config-sla-monitor-echo)#timeout 1000
R2(config-sla-monitor-echo)#frequency 5
R2(config-sla-monitor-echo)#exit
R2(config)#ip sla monitor schedule 1 life forever start-time now
R2(config)#track 1 rtr 1 reachability
R2(config-track)#exit
R2(config)#int fa0/0
R2(config-if)#ip address 10.10.10.3 255.255.255.0
R2(config-if)#no shut
R2(config-if)#vrrp 1 ip 10.10.10.1
*Jul 23 10:34:01.219: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup
R2(config-if)#vrrp 1 track 1 decrement 10
R2(config-if)#int fa0/1
R2(config-if)#vrrp 2 ip 20.20.20.1
R2(config-if)#
*Jul 23 10:50:35.103: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Init -> Backup
R2(config-if)#end

VRRP Verification

Now, I will go to PC1 and verify if it is going to 20.20.20.20 via R1 because I have configured it to be Master in first place.

PC1> trace 20.20.20.20
trace to 20.20.20.20, 8 hops max, press Ctrl+C to stop
 1   10.10.10.2   10.166 ms  32.160 ms  32.181 ms
 2   *20.20.20.20   41.582 ms

PC1 is going to Server via R1.

I am going to start a continuous ping from PC1 to Server and then I will shutdown any interface on R1 to check if R2 takes over R1.

R1#conf t
Enter configuration commands, one per line.  End with CNTL/Z.
R1(config)#int fa0/1
R1(config-if)#shut
R1(config-if)#
*Jul 23 11:22:01.719: VRRP: vrrp_swif_goingdown: Fa0/1 now Down
*Jul 23 11:22:01.719: VRRP: Grp 2 Event - Interface DOWN
*Jul 23 11:22:01.719: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Backup -> Init
*Jul 23 11:22:01.723: VRRP: vrrp_swif_goingdown: Fa0/1 now Down
*Jul 23 11:22:10.563: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Master -> Backup
R1(config-if)#

As soon as the interface fa0/1 goes down, R1 changes its state from Master to Backup.

Let’s check the VRRP status on R2

R2#show vrrp
FastEthernet0/0 - Group 1
  State is Master
  Virtual IP address is 10.10.10.1
  Virtual MAC address is 0000.5e00.0101
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100
    Track object 1 state Up decrement 10
  Master Router is 10.10.10.3 (local), priority is 100
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec

FastEthernet0/1 - Group 2
  State is Master
  Virtual IP address is 20.20.20.1
  Virtual MAC address is 0000.5e00.0102
  Advertisement interval is 1.000 sec
  Preemption enabled
  Priority is 100
  Master Router is 20.20.20.3 (local), priority is 100
  Master Advertisement interval is 1.000 sec
  Master Down interval is 3.609 sec

At the same time if we look at the ping status on PC1, you will see that PC1 lost 5 packets and regain the connectivity as R2 takes over the Master (forwarder) role.

PC1> ping  20.20.20.20 -t
20.20.20.20 icmp_seq=1 timeout
20.20.20.20 icmp_seq=2 timeout
84 bytes from 20.20.20.20 icmp_seq=3 ttl=63 time=9.190 ms
84 bytes from 20.20.20.20 icmp_seq=4 ttl=63 time=11.241 ms
84 bytes from 20.20.20.20 icmp_seq=5 ttl=63 time=16.382 ms
84 bytes from 20.20.20.20 icmp_seq=6 ttl=63 time=13.214 ms
84 bytes from 20.20.20.20 icmp_seq=7 ttl=63 time=34.199 ms
84 bytes from 20.20.20.20 icmp_seq=8 ttl=63 time=45.192 ms
84 bytes from 20.20.20.20 icmp_seq=9 ttl=63 time=15.260 ms
84 bytes from 20.20.20.20 icmp_seq=10 ttl=63 time=12.255 ms
84 bytes from 20.20.20.20 icmp_seq=11 ttl=63 time=19.469 ms
84 bytes from 20.20.20.20 icmp_seq=12 ttl=63 time=14.195 ms
84 bytes from 20.20.20.20 icmp_seq=13 ttl=63 time=11.876 ms
84 bytes from 20.20.20.20 icmp_seq=14 ttl=63 time=13.195 ms
84 bytes from 20.20.20.20 icmp_seq=15 ttl=63 time=11.214 ms
84 bytes from 20.20.20.20 icmp_seq=16 ttl=63 time=11.656 ms
84 bytes from 20.20.20.20 icmp_seq=17 ttl=63 time=11.267 ms
84 bytes from 20.20.20.20 icmp_seq=18 ttl=63 time=11.180 ms
*10.10.10.2 icmp_seq=19 ttl=255 time=8.828 ms (ICMP type:3, code:1, Destination host unreachable)
*10.10.10.2 icmp_seq=20 ttl=255 time=4.398 ms (ICMP type:3, code:1, Destination host unreachable)
*10.10.10.2 icmp_seq=21 ttl=255 time=11.736 ms (ICMP type:3, code:1, Destination host unreachable)
*10.10.10.2 icmp_seq=22 ttl=255 time=2.077 ms (ICMP type:3, code:1, Destination host unreachable)
*10.10.10.2 icmp_seq=23 ttl=255 time=1.941 ms (ICMP type:3, code:1, Destination host unreachable)
84 bytes from 20.20.20.20 icmp_seq=24 ttl=63 time=40.218 ms
84 bytes from 20.20.20.20 icmp_seq=25 ttl=63 time=22.209 ms
84 bytes from 20.20.20.20 icmp_seq=26 ttl=63 time=55.872 ms
84 bytes from 20.20.20.20 icmp_seq=27 ttl=63 time=22.203 ms
84 bytes from 20.20.20.20 icmp_seq=28 ttl=63 time=34.151 ms
84 bytes from 20.20.20.20 icmp_seq=29 ttl=63 time=22.208 ms
84 bytes from 20.20.20.20 icmp_seq=30 ttl=63 time=34.386 ms

And when the R1 comes back up, it will become Master again. It proves that VRRP is working as expected to provide gateway redundancy which is transparent to end users. We do not need to make any changes if any gateway router goes down or comes online again. The changeover is happening automatically at network layer.

This concludes our VRRP section. In the next section, I will discuss about Gateway Load Balancing Protocol (GLBP).

Back



Microsoft Certified Professional | Cisco Certified Network Associate

Leave a Reply