- July 23, 2015
- Posted by: Surender Kumar
- Category: Cisco Routers
Virtual Router Redundancy Protocol
Table of Contents
Virtual Router Redundancy Protocol (VRRP) is another first hop redundancy protocol like HSRP with an exception that it is open standard protocol while HSRP is Cisco proprietary.
The purpose of VRRP is same as that of HSRP but there are still some differences in implementation and features.
VRRP has Master and Backup routers states unlike Active and Standby in HSRP. One router becomes Master which forwards the traffic and others will become Backup routers.
VRRP Configuration
I will use network diagram below to demonstrate the VRRP configuration.
In this network, PC1 (10.10.10.10) can reach the Server (20.20.20.20) via R1 or R2. We need to configure fault tolerance between R1 and R2 so that PC1 has continue connectivity to Server even if any one of the two routers fail.
R1 configuration
VRRP support SLA monitors along with object tracking. So, I will first create an SLA probe to track the reachability of 20.20.20.20 from source interface fastEthernet0/1. If R1 can not reach the address 20.20.20.20 from fa0/1, R1 will assume that link between interface fa0/1 and server is down and it will decrement its priority to make itself Backup router and R2 will become Master to start forwarding the traffic.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#ip sla monitor 1 R1(config-sla-monitor)#type echo protocol ipicmpEcho 20.20.20.20 source-interface fa0/1 R1(config-sla-monitor-echo)#frequency 5 R1(config-sla-monitor-echo)#timeout 1000 R1(config-sla-monitor-echo)#exit R1(config)#ip sla monitor schedule 1 life forever start-time now R1(config)#track 1 rtr 1 reachability R1(config-track)#exit R1(config)#^Z R1#
I have created SLA monitor and tracked object and started tracking the destination 20.20.20.20 from source interface fa0/1. If you have not heard about IP SLA and Object tracking, read this page.
Now I will configure VRRP on R1.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int fa0/0 R1(config-if)#ip address 10.10.10.2 255.255.255.0 R1(config-if)#no shut R1(config-if)#vrrp 1 ip 10.10.10.1 R1(config-if)# *Jul 23 10:22:08.847: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup *Jul 23 10:22:12.459: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Backup -> Master R1(config-if)#vrrp 1 priority 110 R1(config-if)#vrrp 1 ? authentication Authentication description Group specific description ip Enable Virtual Router Redundancy Protocol (VRRP) for IP preempt Enable preemption of lower priority Master priority Priority of this VRRP group shutdown Disable VRRP Configuration timers Set the VRRP timers track Event Tracking R1(config-if)#vrrp 1 track 1 decrement 20 R1(config)#int fa0/1 R1(config-if)#ip address 20.20.20.2 255.255.255.0 R1(config-if)#no shut R1(config-if)#vrrp 2 ip 20.20.20.1
Notice that the syntax to enable VRRP is pretty simple to remember because every command starts with vrrp as opposed to that of HSRP (HSRP configuration starts with keyword standby). Other options after vrrp keyword are same as HSRP. The vrrp 1 ip 10.10.10.1 command is used to assign virtual IP address and vrrp 1 priority 110 command is used to set the priority to 110 (default is 100). Notice that I have not used preempt command because preempt is enabled by default in VRRP unlike HSRP. The vrrp 1 track 1 decrement 20 command is used to add the tracked object 1 and once tracked object becomes invalid, R1 will decrement its priority by 20. This will cause R1’s priority to become 90 and R2 will take over R1 and will become Master.
On interface fa0/1, I’ve simply enabled VRRP with virtual IP 20.20.20.1 and no other configuration is done.
Let’s do the similar configuration on R2
R2 Configuration
R2#conf t Enter configuration commands, one per line. End with CNTL/Z. R2(config)#ip sla monitor 1 R2(config-sla-monitor)#type echo protocol ipicmpEcho 20.20.20.20 source-interface fa0/1 R2(config-sla-monitor-echo)#timeout 1000 R2(config-sla-monitor-echo)#frequency 5 R2(config-sla-monitor-echo)#exit R2(config)#ip sla monitor schedule 1 life forever start-time now R2(config)#track 1 rtr 1 reachability R2(config-track)#exit R2(config)#int fa0/0 R2(config-if)#ip address 10.10.10.3 255.255.255.0 R2(config-if)#no shut R2(config-if)#vrrp 1 ip 10.10.10.1 *Jul 23 10:34:01.219: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Init -> Backup R2(config-if)#vrrp 1 track 1 decrement 10 R2(config-if)#int fa0/1 R2(config-if)#vrrp 2 ip 20.20.20.1 R2(config-if)# *Jul 23 10:50:35.103: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Init -> Backup R2(config-if)#end
VRRP Verification
Now, I will go to PC1 and verify if it is going to 20.20.20.20 via R1 because I have configured it to be Master in first place.
PC1> trace 20.20.20.20 trace to 20.20.20.20, 8 hops max, press Ctrl+C to stop 1 10.10.10.2 10.166 ms 32.160 ms 32.181 ms 2 *20.20.20.20 41.582 ms
PC1 is going to Server via R1.
I am going to start a continuous ping from PC1 to Server and then I will shutdown any interface on R1 to check if R2 takes over R1.
R1#conf t Enter configuration commands, one per line. End with CNTL/Z. R1(config)#int fa0/1 R1(config-if)#shut R1(config-if)# *Jul 23 11:22:01.719: VRRP: vrrp_swif_goingdown: Fa0/1 now Down *Jul 23 11:22:01.719: VRRP: Grp 2 Event - Interface DOWN *Jul 23 11:22:01.719: %VRRP-6-STATECHANGE: Fa0/1 Grp 2 state Backup -> Init *Jul 23 11:22:01.723: VRRP: vrrp_swif_goingdown: Fa0/1 now Down *Jul 23 11:22:10.563: %VRRP-6-STATECHANGE: Fa0/0 Grp 1 state Master -> Backup R1(config-if)#
As soon as the interface fa0/1 goes down, R1 changes its state from Master to Backup.
Let’s check the VRRP status on R2
R2#show vrrp FastEthernet0/0 - Group 1 State is Master Virtual IP address is 10.10.10.1 Virtual MAC address is 0000.5e00.0101 Advertisement interval is 1.000 sec Preemption enabled Priority is 100 Track object 1 state Up decrement 10 Master Router is 10.10.10.3 (local), priority is 100 Master Advertisement interval is 1.000 sec Master Down interval is 3.609 sec FastEthernet0/1 - Group 2 State is Master Virtual IP address is 20.20.20.1 Virtual MAC address is 0000.5e00.0102 Advertisement interval is 1.000 sec Preemption enabled Priority is 100 Master Router is 20.20.20.3 (local), priority is 100 Master Advertisement interval is 1.000 sec Master Down interval is 3.609 sec
At the same time if we look at the ping status on PC1, you will see that PC1 lost 5 packets and regain the connectivity as R2 takes over the Master (forwarder) role.
PC1> ping 20.20.20.20 -t 20.20.20.20 icmp_seq=1 timeout 20.20.20.20 icmp_seq=2 timeout 84 bytes from 20.20.20.20 icmp_seq=3 ttl=63 time=9.190 ms 84 bytes from 20.20.20.20 icmp_seq=4 ttl=63 time=11.241 ms 84 bytes from 20.20.20.20 icmp_seq=5 ttl=63 time=16.382 ms 84 bytes from 20.20.20.20 icmp_seq=6 ttl=63 time=13.214 ms 84 bytes from 20.20.20.20 icmp_seq=7 ttl=63 time=34.199 ms 84 bytes from 20.20.20.20 icmp_seq=8 ttl=63 time=45.192 ms 84 bytes from 20.20.20.20 icmp_seq=9 ttl=63 time=15.260 ms 84 bytes from 20.20.20.20 icmp_seq=10 ttl=63 time=12.255 ms 84 bytes from 20.20.20.20 icmp_seq=11 ttl=63 time=19.469 ms 84 bytes from 20.20.20.20 icmp_seq=12 ttl=63 time=14.195 ms 84 bytes from 20.20.20.20 icmp_seq=13 ttl=63 time=11.876 ms 84 bytes from 20.20.20.20 icmp_seq=14 ttl=63 time=13.195 ms 84 bytes from 20.20.20.20 icmp_seq=15 ttl=63 time=11.214 ms 84 bytes from 20.20.20.20 icmp_seq=16 ttl=63 time=11.656 ms 84 bytes from 20.20.20.20 icmp_seq=17 ttl=63 time=11.267 ms 84 bytes from 20.20.20.20 icmp_seq=18 ttl=63 time=11.180 ms *10.10.10.2 icmp_seq=19 ttl=255 time=8.828 ms (ICMP type:3, code:1, Destination host unreachable) *10.10.10.2 icmp_seq=20 ttl=255 time=4.398 ms (ICMP type:3, code:1, Destination host unreachable) *10.10.10.2 icmp_seq=21 ttl=255 time=11.736 ms (ICMP type:3, code:1, Destination host unreachable) *10.10.10.2 icmp_seq=22 ttl=255 time=2.077 ms (ICMP type:3, code:1, Destination host unreachable) *10.10.10.2 icmp_seq=23 ttl=255 time=1.941 ms (ICMP type:3, code:1, Destination host unreachable) 84 bytes from 20.20.20.20 icmp_seq=24 ttl=63 time=40.218 ms 84 bytes from 20.20.20.20 icmp_seq=25 ttl=63 time=22.209 ms 84 bytes from 20.20.20.20 icmp_seq=26 ttl=63 time=55.872 ms 84 bytes from 20.20.20.20 icmp_seq=27 ttl=63 time=22.203 ms 84 bytes from 20.20.20.20 icmp_seq=28 ttl=63 time=34.151 ms 84 bytes from 20.20.20.20 icmp_seq=29 ttl=63 time=22.208 ms 84 bytes from 20.20.20.20 icmp_seq=30 ttl=63 time=34.386 ms
And when the R1 comes back up, it will become Master again. It proves that VRRP is working as expected to provide gateway redundancy which is transparent to end users. We do not need to make any changes if any gateway router goes down or comes online again. The changeover is happening automatically at network layer.
This concludes our VRRP section. In the next section, I will discuss about Gateway Load Balancing Protocol (GLBP).