Downloads |
Table Of Contents
Virtual Router Redundancy Protocol
Multiple Virtual Router Support
Related Features and Technologies
Supported Standards, MIBs, and RFCs
Virtual Router Redundancy Protocol
Feature History
This document describes the Virtual Router Redundancy Protocol feature. It includes the following sections:
•
Supported Standards, MIBs, and RFCs
Feature Overview
There are several ways a LAN client can determine which router should be the first hop to a particular remote destination. The client can use a dynamic process or static configuration. Examples of dynamic router discovery are as follows:
•
•
•
The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in the event of a router failure, the process of switching to another router can be slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client. This approach simplifies client configuration and processing, but creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network.
The Virtual Router Redundancy Protocol (VRRP) feature can solve the static configuration problem. VRRP enables a group of routers to form a single virtual router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual router, representing a group of routers, is also known as a VRRP group.
VRRP is supported on Ethernet, Fast Ethernet, and Gigabit Ethernet interfaces, and on MPLS VPNs and VLANs.
For example, Figure 1 shows a LAN topology in which VRRP is configured. In this example, Routers A, B, and C are VRRP routers (routers running VRRP) that comprise a virtual router. The IP address of the virtual router is the same as that configured for the Ethernet interface of Router A (10.0.0.1).
Figure 1 Basic VRRP Topology
Because the virtual router uses the IP address of the physical Ethernet interface of Router A, Router A assumes the role of the master virtual router and is also known as the IP address owner. As the master virtual router, Router A controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address. Clients 1 through 3 are configured with the default gateway IP address of 10.0.0.1.
Routers B and C function as backup virtual routers. If the master virtual router fails, the router configured with the higher priority will become the master virtual router and provide uninterrupted service for the LAN hosts. When Router A recovers, it becomes the master virtual router again. For more detail on the roles that VRRP routers play and what happens if the master virtual router fails, see the "VRRP Router Priority" section later in this document.
Figure 2 shows a LAN topology in which VRRP is configured so that routers A and B share the traffic to and from clients 1 through 4 and that Routers A and B act as backup virtual routers to each other if either router fails.
Figure 2 Load Sharing and Redundancy VRRP Topology
In this topology, two virtual routers are configured. (For more information, see the "Multiple Virtual Router Support" section later in this document.) For virtual router 1, Router A is the owner of IP address 10.0.0.1 and master virtual router, and Router B is the backup virtual router to Router A. Clients 1 and 2 are configured with the default gateway IP address of 10.0.0.1.
For virtual router 2, Router B is the owner of IP address 10.0.0.2 and master virtual router, and Router A is the backup virtual router to Router B. Clients 3 and 4 are configured with the default gateway IP address of 10.0.0.2.
Multiple Virtual Router Support
You can configure up to 255 virtual routers on a router physical interface. The actual number of virtual routers that a router interface can support depends on the following factors:
•
•
•
In a topology where multiple virtual routers are configured on a router interface, the interface can act as a master for one virtual router and as a backup for one or more virtual routers.
VRRP Router Priority
An important aspect of the VRRP redundancy scheme is VRRP router priority. Priority determines the role that each VRRP router plays and what happens if the master virtual router fails.
If a VRRP router owns the IP address of the virtual router and the IP address of the physical interface, this router will function as a master virtual router.
Priority also determines if a VRRP router functions as a backup virtual router and the order of ascendancy to becoming a master virtual router if the master virtual router fails. You can configure the priority of each backup virtual router with a value of 1 through 254 using the vrrp priority command.
For example, if Router A, the master virtual router in a LAN topology, fails, an election process takes place to determine if backup virtual Routers B or C should take over. If Routers B and C are configured with the priorities of 101 and 100, respectively, Router B is elected to become master virtual router because it has the higher priority. If Routers B and C are both configured with the priority of 100, the backup virtual router with the higher IP address is elected to become the master virtual router.
By default, a preemptive scheme is enabled whereby a higher priority backup virtual router that becomes available takes over for the backup virtual router that was elected to become master virtual router. You can disable this preemptive scheme using the no vrrp preempt command. If preemption is disabled, the backup virtual router that is elected to become master virtual router remains the master until the original master virtual router recovers and becomes master again.
VRRP Advertisements
The master virtual router sends VRRP advertisements to other VRRP routers in the same group. The advertisements communicate the priority and state of the master virtual router. The VRRP advertisements are encapsulated in IP packets and sent to the IP Version 4 multicast address assigned to the VRRP group. The advertisements are sent every second by default; the interval is configurable.
Benefits
Redundancy
VRRP enables you to configure multiple routers as the default gateway router, which reduces the possibility of a single point of failure in a network.
Load Sharing
You can configure VRRP in such a way that traffic to and from LAN clients can be shared by multiple routers, thereby sharing the traffic load more equitably among available routers.
Multiple Virtual Routers
VRRP supports up to 255 virtual routers (VRRP groups) on a router physical interface, subject to the platform supporting multiple MAC addresses. Multiple virtual router support enables you to implement redundancy and load sharing in your LAN topology.
Multiple IP Addresses
The virtual router can manage multiple IP addresses, including secondary IP addresses. Therefore, if you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.
Preemption
The redundancy scheme of VRRP enables you to preempt a backup virtual router that has taken over for a failing master virtual router with a higher priority backup virtual router that has become available.
Authentication
You can ensure that VRRP messages received from VRRP routers that comprise a virtual router are authenticated by configuring a simple text password.
Advertisement Protocol
VRRP uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address (224.0.0.18) for VRRP advertisements. This addressing scheme minimizes the number of routers that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. The IANA assigned VRRP the IP protocol number 112.
Restrictions
VRRP is intended for use with IPv4 routers only.
Related Features and Technologies
The VRRP feature is similar to the Hot Standby Router Protocol (HSRP) feature. The HSRP feature is documented in the "Configuring IP Services" chapter of the Cisco IOS IP Configuration Guide and in the Cisco IOS IP Command Reference, Volume 1 of 3: Addressing and Services.
You can implement VRRP in a VLAN. VLANs are documented in the Cisco IOS Switching Services Configuration Guide.
Related Documents
For related information on this feature, refer to the following documents:
•
•
•
Supported Platforms
Refer to Feature Navigator for latest platform support as referenced below.
Determining Platform Support Through Cisco Feature Navigator
Cisco IOS software is packaged in feature sets that are supported on specific platforms. To get updated information regarding platform support for this feature, access Cisco Feature Navigator. Cisco Feature Navigator dynamically updates the list of supported platforms as new platform support is added for the feature.
Cisco Feature Navigator is a web-based tool that enables you to determine which Cisco IOS software images support a specific set of features and which features are supported in a specific Cisco IOS image. You can search by feature or release. Under the release section, you can compare releases side by side to display both the features unique to each software release and the features in common.
To access Cisco Feature Navigator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
Cisco Feature Navigator is updated regularly when major Cisco IOS software releases and technology releases occur. For the most current information, go to the Cisco Feature Navigator home page at the following URL:
Availability of Cisco IOS Software Images
Platform support for particular Cisco IOS software releases is dependent on the availability of the software images for those platforms. Software images for some platforms may be deferred, delayed, or changed without prior notice. For updated information about platform support and availability of software images for each Cisco IOS software release, refer to the online release notes or, if supported, Cisco Feature Navigator.
Supported Standards, MIBs, and RFCs
Standards
No new or modified standards are supported by this feature.
MIBs
To locate and download MIBs for selected platforms, Cisco IOS releases, and feature sets, use Cisco MIB Locator found at the following URL:
http://tools.cisco.com/ITDIT/MIBS/servlet/index
If Cisco MIB Locator does not support the MIB information that you need, you can also obtain a list of supported MIBs and download MIBs from the Cisco MIBs page at the following URL:
http://www.cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml
To access Cisco MIB Locator, you must have an account on Cisco.com. If you have forgotten or lost your account information, send a blank e-mail to cco-locksmith@cisco.com. An automatic check will verify that your e-mail address is registered with Cisco.com. If the check is successful, account details with a new random password will be e-mailed to you. Qualified users can establish an account on Cisco.com by following the directions found at this URL:
RFCs
•
Configuration Tasks
See the following sections for configuration tasks for VRRP. Each task in the list is identified as either optional or required.
•
•
•
Customizing VRRP
Customizing the behavior of VRRP is optional. Be aware that as soon as you enable a VRRP group, that group is operating. It is possible that if you first enable a VRRP group before customizing VRRP, the router could take over control of the group and become the master virtual router before you have finished customizing the feature. Therefore, if you plan to customize VRRP, it is a good idea to do so before enabling VRRP.
To customize your VRRP configuration, use any of the following VRRP commands in interface configuration mode:
Enabling VRRP
To enable VRRP on an interface, use the following commands beginning in global configuration mode:
Verifying VRRP
To verify VRRP, use either of the following commands in EXEC mode:
Configuration Examples
This section provides the following configuration example of Router A and Router B each belonging to three VRRP groups:
Router A
interface ethernet 1/0ip address 10.1.0.2 255.0.0.0vrrp 1 priority 120vrrp 1 authentication ciscovrrp 1 timers advertise 3vrrp 1 timers learnvrrp 1 ip 10.1.0.10vrrp 5 priority 100vrrp 5 timers advertise 30vrrp 5 timers learnvrrp 5 ip 10.1.0.50vrrp 100 timers learnno vrrp 100 preemptvrrp 100 ip 10.1.0.100no shutdownRouter B
interface ethernet 1/0ip address 10.1.0.1 255.0.0.0vrrp 1 priority 100vrrp 1 authentication ciscovrrp 1 timers advertise 3vrrp 1 timers learnvrrp 1 ip 10.1.0.10vrrp 5 priority 200vrrp 5 timers advertise 30vrrp 5 timers learnvrrp 5 ip 10.1.0.50vrrp 100 timers learnno vrrp 100 preemptvrrp 100 ip 10.1.0.100no shutdownIn the configuration, each group has the following properties:
•
–
–
–
–
•
–
–
–
•
–
–
–
Command Reference
This section documents the new commands that configure the VRRP feature. All other commands used with this feature are documented in the Cisco IOS Release 12.0 command reference publications.
debug vrrp all
To display debug messages for Virtual Router Redundancy Protocol (VRRP) errors, events, and state transitions, use the debug vrrp all command in EXEC mode. To disable debugging output, use the no form of this command.
debug vrrp all
no debug vrrp all
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following example provides sample output for the debug vrrp all command:
Router# debug vrrp all00:15:30: %IP-4-DUPADDR: Duplicate address 10.18.0.2 on Ethernet1/0, sourced by 0000.5e00.0101May 22 18:41:54.447: VRRP: Grp 1 Advertisement Primary address 10.18.0.2different from ours 10.18.0.1May 22 18:41:57.443: VRRP: Grp 1 Advertisement Primary address 10.18.0.2different from ours 10.18.0.1May 22 18:42:00.443: VRRP: Grp 1 Advertisement Primary address 10.18.0.2different from ours 10.18.0.1May 22 18:48:41.521: VRRP: Grp 1 Event - Advert higher or equal priorityMay 22 18:48:44.521: VRRP: Grp 1 Event - Advert higher or equal priorityMay 22 18:48:47.521: VRRP: Grp 1 Event - Advert higher or equal priorityMay 22 18:53:23.390: VRRP: Grp 1 changing to V_STATE_INITMay 22 18:54:26.143: VRRP: Grp 1 changing to V_STATE_BACKUPMay 22 18:54:35.755: VRRP: Grp 1 changing to V_STATE_MASTERMay 22 18:53:23.390: VRRP: Grp 1 changing to V_STATE_INITMay 22 18:54:26.143: VRRP: Grp 1 changing to V_STATE_BACKUPMay 22 18:54:35.755: VRRP: Grp 1 changing to V_STATE_MASTERRelated Commands
Displays debug messages about VRRP error conditions.
Displays debug messages about VRRP events.
Displays debug messages about the VRRP state transitions.
debug vrrp error
To display debug messages about Virtual Router Redundancy Protocol (VRRP) error conditions, use the debug vrrp error command in EXEC mode. To disable debugging output, use the no form of this command.
debug vrrp error
no debug vrrp error
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following example provides sample output for the debug vrrp error command:
Router# debug vrrp errorRouter#00:15:30: %IP-4-DUPADDR: Duplicate address 10.18.0.2 on Ethernet1/0, sourced by 0000.5e00.0101May 22 18:41:54.447: VRRP: Grp 1 Advertisement Primary address 10.18.0.2different from ours 10.18.0.1May 22 18:41:57.443: VRRP: Grp 1 Advertisement Primary address 10.18.0.2different from ours 10.18.0.1May 22 18:42:00.443: VRRP: Grp 1 Advertisement Primary address 10.18.0.2different from ours 10.18.0.1In the example, the error being observed is that the router has a virtual address of 10.18.0.1 for group 1, but it received a virtual address of 10.18.0.2 for group 1 from another router on the same LAN.
Related Commands
debug vrrp events
To display debug messages about Virtual Router Redundancy Protocol (VRRP) events that are occurring, use the debug vrrp events command in EXEC mode. To disable debugging output, use the no form of this command.
debug vrrp events
no debug vrrp events
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following example provides sample output for the debug vrrp events command:
Router# debug vrrp eventsMay 22 18:48:41.521: VRRP: Grp 1 Event - Advert higher or equal priorityMay 22 18:48:44.521: VRRP: Grp 1 Event - Advert higher or equal priorityMay 22 18:48:47.521: VRRP: Grp 1 Event - Advert higher or equal priorityIn the example, the event being observed is that the router received an advertisement from another router for group 1 that has a higher or equal priority to itself.
Related Commands
debug vrrp packets
To display summary information about Virtual Router Redundancy Protocol (VRRP) packets being sent or received, use the debug vrrp packets command in EXEC mode. To disable debugging output, use the no form of this command.
debug vrrp packets
no debug vrrp packets
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following example provides sample output for the debug vrrp packets command. The output is on the master virtual router; the router for group 1 is sending an advertisement with a checksum of 6BE7.
Router# debug vrrp packetsVRRP Packets debugging is onMay 22 18:51:03.220: VRRP: Grp 1 sending Advertisement checksum 6BE7May 22 18:51:06.220: VRRP: Grp 1 sending Advertisement checksum 6BE7In the following example, the router with physical address 10.18.0.3 is advertising a priority of 105 for VRRP group 1:
Router# debug vrrp packetsVRRP Packets debugging is onMay 22 18:51:09.222: VRRP: Grp 1 Advertisement priority 105, ipaddr 10.18.0.3May 22 18:51:12.222: VRRP: Grp 1 Advertisement priority 105, ipaddr 10.18.0.3debug vrrp state
To display debug messages about the state transitions occurring for Virtual Router Redundancy Protocol (VRRP) groups, use the debug vrrp state command in EXEC mode. To disable debugging output, use the no form of this command.
debug vrrp state
no debug vrrp state
Syntax Description
This command has no arguments or keywords.
Command Modes
EXEC
Command History
Examples
The following example provides sample output for the debug vrrp state command:
Router# debug vrrp stateMay 22 18:53:23.390: VRRP: Grp 1 changing to V_STATE_INITMay 22 18:54:26.143: VRRP: Grp 1 changing to V_STATE_BACKUPMay 22 18:54:35.755: VRRP: Grp 1 changing to V_STATE_MASTERRelated Commands
show vrrp
To display a brief or detailed status of one or all configured Virtual Router Redundancy Protocol (VRRP) groups on the router, use the show vrrp command in EXEC mode.
show vrrp [brief | group]
Syntax Description
Command Modes
EXEC
Command History
Usage Guidelines
If no group is specified, all groups are displayed.
Examples
The following example provides output for the show vrrp command:
Router# show vrrpEthernet1/0 - Group 1State is MasterVirtual IP address is 10.2.0.10Virtual MAC address is 0000.5e00.0101Advertisement interval is 3.000 secPreemption is enabledmin delay is 0.000 secPriority 100Master Router is 10.2.0.1 (local), priority is 100Master Advertisement interval is 3.000 secMaster Down interval is 9.609 secEthernet1/0 - Group 2State is MasterVirtual IP address is 10.0.0.20Virtual MAC address is 0000.5e00.0102Advertisement interval is 1.000 secPreemption is enabledmin delay is 0.000 secPriority 95Master Router is 10.0.0.1 (local), priority is 95Master Advertisement interval is 1.000 secMaster Down interval is 3.628 secTable 1 describes the significant fields shown in the display.
Table 1 show vrrp Field Descriptions
Ethernet1/0 - Group
Interface type and number, and VRRP group number.
State is
Role this interface plays within VRRP (master or backup).
Virtual IP address is
Virtual IP address for this interface.
Virtual MAC address is
Virtual MAC address for this interface.
Advertisement interval is
Interval at which the router will send VRRP advertisements when it is the master virtual router. This value is configured with the vrrp timers advertise command.
Preemption is
Indication of whether preemption is enabled or disabled.
Priority
Priority of the interface.
Master Router is
IP address of the current master virtual router.
priority is
Priority of the current master virtual router.
Master Advertisement interval is
Advertisement interval of the master virtual router.
Master Down interval is
Calculated time that the master virtual router can be down before the backup virtual router takes over.
The following example provides output for the show vrrp command with the brief keyword:
Router# show vrrp briefInterface Grp Prio Time Own Pre State Master addr Group addrEthernet1/0 1 100 3609 P Master 1.0.0.4 1.0.0.10Ethernet1/0 2 105 3589 P Master 1.0.0.4 1.0.0.20Table 2 describes the significant fields shown in the display.
Related Commands
Enables VRRP on an interface and identifies the IP address of the virtual router.
show vrrp interface
To display the Virtual Router Redundancy Protocol (VRRP) groups and their status on a specified interface, use the show vrrp interface command in EXEC mode.
show vrrp interface type number [brief]
Syntax Descriptioninter
type
Interface type.
number
Interface number.
brief
(Optional) Provides a summary view of the group information
Command Modes
EXEC
Command History
Examples
The following example provides output for the show vrrp interface command:
Router# show vrrp interface ethernet 1/0Ethernet1/0 - Group 1State is MasterVirtual IP address is 10.2.0.10Virtual MAC address is 0000.5e00.0101Advertisement interval is 3.000 secPreemption is enabledmin delay is 0.000 secPriority 100Master Router is 10.2.0.1 (local), priority is 100Master Advertisement interval is 3.000 secMaster Down interval is 9.609 secEthernet1/0 - Group 2State is MasterVirtual IP address is 10.0.0.20Virtual MAC address is 0000.5e00.0102Advertisement interval is 1.000 secPreemption is enabledmin delay is 0.000 secPriority 95Master Router is 10.0.0.1 (local), priority is 95Master Advertisement interval is 1.000 secMaster Down interval is 3.628 secRelated Commands
vrrp authentication
To authenticate Virtual Router Redundancy Protocol (VRRP) packets received from other routers in the group, use the vrrp authentication command in interface configuration mode. To disable VRRP authentication, use the no form of this command.
vrrp group authentication text text-string
no vrrp group authentication text text-string
Syntax Description
Defaults
No authentication of VRRP messages occurs.
Command Modes
Interface configuration
Command History
Usage Guidelines
When a VRRP packet arrives from another router in the VRRP group, its authentication string is compared to the string configured on the local system. If the strings match, the message is accepted. If they do not match, the packet is discarded.
All routers within the group must be configured with the same authentication string.
Note that plain text authentication is not meant to be used for security. It simply provides a way to prevent a misconfigured router from participating in VRRP.
Examples
The following example configures an authentication string of x30dn78k:
vrrp 1 authentication x30dn78kRelated Commands
vrrp description
To assign a description to the Virtual Router Redundancy Protocol (VRRP) group, use the vrrp description command in interface configuration mode. To remove the description, use the no form of this command.
vrrp group description text
no vrrp group description
Syntax Description
group
Virtual router group number.
text
Text (up to 80 characters) that describes the purpose or use of the group.
Defaults
There is no description of the VRRP group.
Command Modes
Interface configuration
Command History
Examples
The following example enables VRRP on Ethernet interface 0. VRRP group 1 is described as Building A — Marketing and Administration.
interface ethernet 0ip address 10.0.1.1 255.255.255.0!vrrp 1 ip 10.0.1.20vrrp 1 description Building A - Marketing and AdministrationRelated Commands
vrrp ip
To enable the Virtual Router Redundancy Protocol (VRRP) on an interface and identify the IP address of the virtual router, use the vrrp ip command in interface configuration mode. To disable VRRP on the interface and remove the IP address of the virtual router, use the no form of this command.
vrrp group ip ipaddress [secondary]
no vrrp group ip ipaddress [secondary]
Syntax Description
group
Virtual router group number.
ipaddress
IP address of the virtual router.
secondary
(Optional) Indicates additional IP addresses supported by this group.
Defaults
VRRP is not configured on the interface.
Command Modes
Interface configuration
Command History
Usage Guidelines
Configure this command once without the secondary keyword to indicate the virtual router IP address. If you want to indicate additional IP addresses supported by this group, then do so and include the secondary keyword.
Note that removing the VRRP configuration from the IP address owner and leaving the IP address of the interface active is considered a misconfiguration because duplicate IP addresses on the LAN will result.
Examples
The following example enables VRRP on Ethernet interface 0. The VRRP group is 1. IP address 10.0.1.20 is the address of the virtual router.
interface ethernet 0ip address 10.0.1.1 255.255.255.0ip address 10.0.2.1 255.255.255.0 secondary!vrrp 1 ip 10.0.1.20vrrp 1 ip 10.0.2.20 secondaryRelated Commands
vrrp preempt
To configure the router to take over as master virtual router for a Virtual Router Redundancy Protocol (VRRP) group if it has higher priority than the current master virtual router, use the vrrp preempt command in interface configuration mode. To disable this feature, use the no form of this command.
vrrp group preempt [delay seconds]
no vrrp group preempt
Syntax Description
Defaults
Enabled
Command Modes
Interface configuration
Command History
Usage Guidelines
By default, the router being configured with this command will take over as master virtual router for the group if it has a higher priority than the current master virtual router. You can configure a delay, which will cause the VRRP router to wait the specified number of seconds before issuing an advertisement claiming master ownership.
Note that the router that is the IP address owner will preempt, regardless of the setting of this command.
Examples
The following example configures the router to preempt the current master virtual router when its priority of 200 is higher than that of the current master virtual router. If the router preempts the current master virtual router, it waits 15 seconds before issuing an advertisement claiming it is the master virtual router.
vrrp 1 preempt delay 15vrrp 1 priority 200Related Commands
Enables VRRP and identifies the IP address of the virtual router.
Sets the priority level of the router within a VRRP group.
vrrp priority
To set the priority level of the router within a Virtual Router Redundancy Protocol (VRRP) group, use the vrrp priority command in interface configuration mode. To remove the priority level of the router, use the no form of this command.
vrrp group priority level
no vrrp group priority level
Syntax Description
group
Virtual router group number.
level
Priority of the router within the VRRP group. The range is from 1 to 254. The default is 100.
Defaults
level: 100
Command Modes
Interface configuration
Command History
