Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide
Implementing VRRP on Cisco IOS XR Software for Cisco ASR 9000 Series Routers
Download this chapter
Implementing VRRP on Cisco IOS XR Software for Cisco ASR 9000 Series RoutersImplementing VRRP on Cisco IOS XR Software for Cisco ASR 9000 Series Routers
Download the complete book
Book-level PDF: Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration GuideBook-level PDF: Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Configuration Guide (PDF - 3 MB)
 Feedback

Table Of Contents

Implementing VRRP on Cisco ASR 9000 Series Routers

Contents

Prerequisites for Implementing VRRP on Cisco ASR 9000 Series Routers

Restrictions for Implementing VRRP on Cisco ASR 9000 Series Routers

Information About Implementing VRRP on Cisco ASR 9000 Series Routers

VRRP Overview

Multiple Virtual Router Support

VRRP Router Priority

VRRP Advertisements

Benefits of VRRP

How to Implement VRRP on Cisco ASR 9000 Series Routers

Customizing VRRP

Enabling VRRP

Verifying VRRP

Clearing VRRP Statistics

Configuration Examples for VRRP Implementation on Cisco ASR 9000 Series Routers

Configuring a VRRP Group: Example

Clearing VRRP Statistics: Example

Additional References

Related Documents

Standards

MIBs

RFCs

Technical Assistance


Implementing VRRP on Cisco ASR 9000 Series Routers

The Virtual Router Redundancy Protocol (VRRP) feature allows for transparent failover at the first-hop IP router, enabling a group of routers to form a single virtual router on the Cisco ASR 9000 Series Aggregation Services Router.

Note For a complete description of the VRRP commands listed in this module, refer to the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference publication. To locate documentation of other commands that appear in this chapter, use the command reference master index, or search online.

Feature History for Implementing VRRP on Cisco ASR 9000 Series Routers

Release
Modification

Release 3.7.2

This feature was introduced on Cisco ASR 9000 Series Routers.


Contents

Prerequisites for Implementing VRRP on Cisco ASR 9000 Series Routers

Restrictions for Implementing VRRP on Cisco ASR 9000 Series Routers

Information About Implementing VRRP on Cisco ASR 9000 Series Routers

How to Implement VRRP on Cisco ASR 9000 Series Routers

Configuration Examples for VRRP Implementation on Cisco ASR 9000 Series Routers

Additional References

Prerequisites for Implementing VRRP on Cisco ASR 9000 Series Routers

You must be in a user group associated with a task group that includes the proper task IDs. The command reference guides include the task IDs required for each command. If you suspect user group assignment is preventing you from using a command, contact your AAA administrator for assistance.

Restrictions for Implementing VRRP on Cisco ASR 9000 Series Routers

The following are restrictions for implementing VRRP:

VRRP is intended for use only with IPv4 routers on Ethernet.

ICMP redirects are not supported.

VRRP MIB is not supported.

Information About Implementing VRRP on Cisco ASR 9000 Series Routers

To implement VRRP, you need to understand the following concepts:

VRRP Overview

Multiple Virtual Router Support

VRRP Router Priority

VRRP Advertisements

Benefits of VRRP

VRRP Overview

A LAN client can use a dynamic process or static configuration to determine which router should be the first hop to a particular remote destination. The client examples of dynamic router discovery are as follows:

Proxy ARP—The client uses Address Resolution Protocol (ARP) to get the destination it wants to reach, and a router responds to the ARP request with its own MAC address.

Routing protocol—The client listens to dynamic routing protocol updates (for example, from Routing Information Protocol [RIP]) and forms its own routing table.

IRDP (ICMP Router Discovery Protocol) client—The client runs an Internet Control Message Protocol (ICMP) router discovery client.

The drawback to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in the event of a router failure, the process of switching to another router can be slow.

An alternative to dynamic discovery protocols is to statically configure a default router on the client. This approach simplifies client configuration and processing, but creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network.

The Virtual Router Redundancy Protocol (VRRP) feature can solve the static configuration problem. VRRP is an IP routing redundancy protocol designed to allow for transparent failover at the first-hop IP router. VRRP enables a group of routers to form a single virtual router. The LAN clients can then be configured with the virtual router as their default gateway. The virtual router, representing a group of routers, is also known as a VRRP group.

For example, Figure 1 shows a LAN topology in which VRRP is configured. In this example, Routers A, B, and C are VRRP routers (routers running VRRP) that compose a virtual router. The IP address of the virtual router is the same as that configured for the interface of Router A (10.0.0.1).

Figure 1 Basic VRRP Topology

Because the virtual router uses the IP address of the physical interface of Router A, Router A assumes the role of the master virtual router and is also known as the IP address owner. As the master virtual router, Router A controls the IP address of the virtual router and is responsible for forwarding packets sent to this IP address. Clients 1 through 3 are configured with the default gateway IP address of 10.0.0.1.

Routers B and C function as backup virtual routers. If the master virtual router fails, the router configured with the higher priority becomes the master virtual router and provides uninterrupted service for the LAN hosts. When Router A recovers, it becomes the master virtual router again.

Multiple Virtual Router Support

You can configure up to100 virtual routers on a router interface. The actual number of virtual routers that a router interface can support depends on the following factors:

Router processing capability

Router memory capability

Router interface support of multiple MAC addresses

In a topology where multiple virtual routers are configured on a router interface, the interface can act as a master for one or more virtual routers and as a backup for one or more virtual routers.

VRRP Router Priority

An important aspect of the VRRP redundancy scheme is VRRP router priority. Priority determines the role that each VRRP router plays and what happens if the master virtual router fails.

If a VRRP router owns the IP address of the virtual router and the IP address of the physical interface, this router functions as a master virtual router.

If no VRRP router owns the IP address, the priority of a VRRP router, combined with the reempt settings, determines if a VRRP router functions as a master or a backup virtual router. By default, the highest priority VRRP router functions as master, and all the others function as backups. Priority also determines the order of ascendancy to becoming a master virtual router if the master virtual router fails. You can configure the priority of each backup virtual router with a value of 1 through 254, using the vrrp priority command.

For example, if Router A, the master virtual router in a LAN topology, fails, an election process takes place to determine if backup virtual Routers B or C should take over. If Routers B and C are configured with the priorities of 101 and 100, respectively, Router B is elected to become master virtual router because it has the higher priority. If Routers B and C are both configured with the priority of 100, the backup virtual router with the higher IP address is elected to become the master virtual router.

By default, a preemptive scheme is enabled whereby a higher-priority backup virtual router that becomes available takes over from the current master virtual router. You can disable this preemptive scheme using the vrrp preempt disable command. If preemption is disabled, the backup virtual router that is elected to become master upon the failure of the original higher priority master, remains the master even if the original master virtual router recovers and becomes available again.

VRRP Advertisements

The master virtual router sends VRRP advertisements to other VRRP routers in the same group. The advertisements communicate the priority and state of the master virtual router. The VRRP advertisements are encapsulated in IP packets and sent to the IP Version 4 multicast address assigned to the VRRP group. The advertisements are sent every second by default; the interval is configurable.

Benefits of VRRP

The benefits of VRRP are as follows:

Redundancy— VRRP enables you to configure multiple routers as the default gateway router, which reduces the possibility of a single point of failure in a network.

Load Sharing—You can configure VRRP in such a way that traffic to and from LAN clients can be shared by multiple routers, thereby sharing the traffic load more equitably among available routers.

Multiple Virtual Routers—VRRP supports up to 100 virtual routers (VRRP groups) on a router interface, subject to the platform supporting multiple MAC addresses. up to a limit of 100 per system with default timers. Multiple virtual router support enables you to implement redundancy and load sharing in your LAN topology.

Multiple IP Addresses—The virtual router can manage multiple IP addresses, including secondary IP addresses. Therefore, if you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.

Preemption—The redundancy scheme of VRRP enables you to preempt a backup virtual router that has taken over for a failing master virtual router with a higher-priority backup virtual router that has become available.

Text Authentication—You can ensure that VRRP messages received from VRRP routers that comprise a virtual router are authenticated by configuring a simple text password.

Advertisement Protocol—VRRP uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address (224.0.0.18) for VRRP advertisements. This addressing scheme minimizes the number of routers that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. The IANA assigns VRRP the IP protocol number 112.

How to Implement VRRP on Cisco ASR 9000 Series Routers

This section contains instructions for the following tasks:

Customizing VRRP

Enabling VRRP

Verifying VRRP

Clearing VRRP Statistics

Customizing VRRP

Customizing the behavior of VRRP is optional. Be aware that as soon as you enable a VRRP group, that group is operating. It is possible that if you first enable a VRRP group before customizing VRRP, the router could take over control of the group and become the master virtual router before you have finished customizing the feature. Therefore, if you plan to customize VRRP, it is a good idea to do so before enabling VRRP.

The sections that follow describe how to customize your VRRP configuration.

SUMMARY STEPS

1. configure

2. router vrrp

3. interface type instance

4. vrrp vrid text-authentication

5. vrrp vrid assume-ownership {disable}

6. vrrp vrid priority priority

7. vrrp vrid preempt [delay seconds] [disable]

8. vrrp vrid timer [msec] interval [force]

9. vrrp vrid track interface type instance [priority-decrement]

10. vrrp delay [minimum seconds] [reload seconds]

11. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RSP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router vrrp

Example:

RP/0/RSP0/CPU0:router(config)# router vrrp

Enables VRRP configuration mode.

Step 3 

interface type instance

Example:

RP/0/RSP0/CPU0:router(config-vrrp)# interface TenGigE 0/2/0/1

RP/0/RSP0/CPU0:router(config-vrrp-if)#

Enables VRRP interface configuration mode on a specific interface.

Step 4  

vrrp vrid text-authentication
Example:

RP/0/RSP0/CPU0:router(config-vrrp-if)# vrrp 1 text-authentication

(Optional) Configures the simple text authentication used for VRRP packets received from other routers running VRRP.

When a VRRP packet arrives from another router in the VRRP group, its authentication string is compared to the string configured on the local system. If the strings match, the message is accepted. If they do not match, the packet is discarded.

All routers within the group must be configured with the same authentication string.

To disable VRRP authentication, use the no vrrp vrid text-authentication command.

Note Plain text authentication is not meant to be used for security. It simply provides a way to prevent a misconfigured router from participating in VRRP.

Step 5  

vrrp vrid assume-ownership {disable}
Example:

RP/0/RSP0/CPU0:router (config-vrrp-if)# vrrp 1 assume-ownership disable

Disables the default configuration that causes a VRRP router to assume ownership of the virtual IP address when in the master state, regardless of whether it is the IP address owner.

When the default setting is in effect, a router that is not the IP address owner but is the master router for another IP address accepts and responds to pings and accepts a Telnet to that router.

To reenable the default setting, use the no vrrp vrid assume-ownership command.

Step 6  

vrrp vrid priority priority
Example:

RP/0/RSP0/CPU0:router(config-vrrp-if)# vrrp 1 priority 254

(Optional) Sets the priority of the virtual router.

Use the vrrp priority command to control which router becomes the master router.

The vrrp priority command is ignored while the router is the virtual IP address owner.

To remove the priority of the virtual router, use the no vrrp vrid priority command.

Step 7 

vrrp vrid preempt [delay seconds] [disable]

Example:

RP/0/RSP0/CPU0:router(config-vrrp-if)# vrrp 1 preempt delay 15

(Optional) Sets the master virtual router and optionally, the time in seconds before the router advertises virtual IP address ownership to be the master router.

Use the vrrp preempt command to control which router becomes the master router.

The vrrp preempt command is ignored while the router is the virtual IP address owner.

(Optional) Use the disable keyword to disable preemption. To reestablish the default (enabled), use the no vrrp vrid preempt command.

Step 8 

vrrp vrid timer [msec] interval [force]

Example:

RP/0/RSP0/CPU0:router(config-vrrp-if)# vrrp 1 timer 4

(Optional) Configures the interval between successive advertisements by the master router in a VRRP virtual router.

To restore the default value, use the no vrrp vrid timer command.

Step 9 

vrrp vrid track interface type instance [priority-decrement]

Example:

RP/0/RSP0/CPU0:router(config-vrrp-if)# vrrp 1 track interface TenGigE 0/0/CPU0/1 30

(Optional) Configures the VRRP to track an interface.

Enter the no vrrp vrid track interface type instance [priority-decrement] command to disable tracking.

Only IP interfaces are tracked.

A tracked interface is up if IP on that interface is up. Otherwise, the tracked interface is down.

You can configure VRRP to track an interface that can alter the priority level of a virtual router for a VRRP virtual router. When the IP protocol state of an interface goes down or the interface has been removed from the router, the priority of the backup virtual router is decremented by the value specified in the priority-decrement argument. When the IP protocol state on the interface returns to the up state, the priority is restored.

Step 10 

vrrp delay [minimum seconds] [reload seconds]


Example:

RP/0/0/CPU0:(config-vrrp-if)# vrrp delay minimum 2 reload 10

(Optional) Delays the startup of the state machine when an interface comes up, so that the network has time to settle and there are no unnecessary state changes early after the link comes up. The reload delay is the delay applied after the first interface up event. The minimum delay is the delay that is applied after any subsequent interface up event (if the interface flaps).

Step 11 

end

or

commit

Example:

RP/0/RSP0/CPU0:router(config-vrrp-if)# end

or

RP/0/RSP0/CPU0:router(config-vrrp-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes: 

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Enabling VRRP

Use the vrrp ipv4 command to enable VRRP on an interface, as described in the sections that follow.

SUMMARY STEPS

1. configure

2. router vrrp

3. interface type instance

4. vrrp vrid ipv4 ip-address [secondary]

5. end
or
commit

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

configure

Example:

RP/0/RSP0/CPU0:router# configure

Enters global configuration mode.

Step 2 

router vrrp

Example:

RP/0/RSP0/CPU0:router(config)# router vrrp

Enables VRRP configuration mode.

Step 3 

interface type instance

Example:

RP/0/RSP0/CPU0:router(config-vrrp)# interface TenGigE 0/2/0/1

RP/0/RSP0/CPU0:router(config-vrrp-if)#

Enables VRRP interface configuration mode on a specific interface.

Step 4  

vrrp vrid ipv4 ip-address [secondary]
Example:

RP/0/RSP0/CPU0:router(config-vrrp-if)# vrrp 1 ipv4 10.1.0.100

Enables the VRRP on an interface and specifies the IP address of the virtual router.

Enter the vrrp ipv4 command once without the secondary keyword to indicate the virtual router IP address. If you want to indicate additional IP addresses supported by the virtual router, include the secondary keyword.

We recommend that you do not remove the VRRP configuration from the IP address owner and leave the IP address of the interface active, because duplicate IP addresses on the LAN will result.

To disable VRRP on the interface and remove the IP address of the virtual router, use the no vrrp vrid ipv4 command.

Step 5 

end

or

commit

Example:

RP/0/RSP0/CPU0:router(config-vrrp-if)# end

or

RP/0/RSP0/CPU0:router(config-vrrp-if)# commit

Saves configuration changes.

When you issue the end command, the system prompts you to commit changes: 

Uncommitted changes found, commit them before 
exiting(yes/no/cancel)? 
[cancel]:

Entering yes saves configuration changes to the running configuration file, exits the configuration session, and returns the router to EXEC mode.

Entering no exits the configuration session and returns the router to EXEC mode without committing the configuration changes.

Entering cancel leaves the router in the current configuration session without exiting or committing the configuration changes.

Use the commit command to save the configuration changes to the running configuration file and remain within the configuration session.

Verifying VRRP

Use the show vrrp command to display a brief or detailed status of one or all VRRP virtual routers.

SUMMARY STEPS

1. show vrrp [interface type instance [vrid]] [brief | detail | statistics [all]]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

show vrrp [interface type instance [vrid]] [brief | detail | statistics [all]]

Example:

RP/0/RSP0/CPU0:router # show vrrp

Displays a brief or detailed status of one or all VRRP virtual routers.

If no interface is specified, all virtual routers are displayed.

Clearing VRRP Statistics

Use the clear vrrp statistics command to clear all the software counters for the specified virtual router.

SUMMARY STEPS

1. clear vrrp statistics [interface type instance [vrid]]

DETAILED STEPS

 
Command or Action
Purpose

Step 1 

clear vrrp statistics [interface type instance [vrid]]

Example:

RP/0/RSP0/CPU0:router# clear vrrp statistics

Clears all software counters for the specified virtual router.

If no interface is specified, statistics of all virtual routers are removed.

Configuration Examples for VRRP Implementation on Cisco ASR 9000 Series Routers

This section provides the following VRRP configuration examples:

Configuring a VRRP Group: Example

Clearing VRRP Statistics: Example

Configuring a VRRP Group: Example

This section provides the following configuration example of Router A and Router B, each belonging to three VRRP groups:

Router A: 

config

router vrrp

interface MgmtEth0/0/CPU0/0

vrrp 1 priority 120

vrrp 1 text-authentication cisco

vrrp 1 timer 3

vrrp 1 ipv4 10.1.0.10

vrrp 5 priority 100

vrrp 5 timer 30

vrrp 5 ipv4 10.1.0.50

100 preempt disable

vrrp 100 ipv4 10.1.0.100

commit

Router B: 

config

router vrrp

interface MgmtEth0/0/CPU0/0

vrrp 1 priority 100

vrrp 1 text-authentication cisco

vrrp 1 timer 3

vrrp 1 ipv4 10.1.0.2

vrrp 5 priority 200

vrrp 5 timer 30

vrrp 5 ipv4 10.1.0.50

100 preempt disable

vrrp 100 ipv4 10.1.0.1

commit

In the configuration example, each group has the following properties:

Group 1:

Virtual IP address is 10.1.0.10.

Router A will become the master for this group with priority 120.

Advertising interval is 3 seconds.

Preemption is enabled.

Group 5:

Router B will become master for this group with priority 200.

Advertising interval is 30 seconds.

Preemption is enabled.

Group 100:

Router A will become master for this group first, because preempt is disabled and it was configured first.

Advertising interval is the default 1 second.

Preemption is disabled.

Clearing VRRP Statistics: Example

The clear vrrp statistics command produces no output of its own. The command modifies the statistics given by show vrrp statistics command so that all the statistics are reset to zero.

The following section provides examples of the output of the show vrrp statistics command followed by the clear vrrp statistics command: 

RP/0/RSP0/CPU0:router# show vrrp statistics

Invalid packets:

 Invalid checksum:              0

 Unknown/unsupported versions:  0

 Invalid vrID:                  10

 Too short:                     0

Protocol:

 Transitions to Master          6

Packets:

 Total received:                155

 Bad TTL:                       0

 Failed authentication:         0

 Unknown authentication:        0

 Conflicting authentication:    0

 Unknown Type field:            0

 Conflicting Advertise time:    0

 Conflicting Addresses:         0

 Received with zero priority:   3

 Sent with zero priority:       3


RP/0/RSP0/CPU0:router# clear vrrp statistics

RP/0/RSP0/CPU0:router# show vrrp statistics

Invalid packets:

 Invalid checksum:              0

 Unknown/unsupported versions:  0

 Invalid vrID:                  0

 Too short:                     0

Protocol:

 Transitions to Master          0

Packets:

 Total received:                0

 Bad TTL:                       0

 Failed authentication:         0

 Unknown authentication:        0

 Conflicting authentication:    0

 Unknown Type field:            0

 Conflicting Advertise time:    0

 Conflicting Addresses:         0

 Received with zero priority:   0

 Sent with zero priority:       0

Additional References

The following sections provide references related to VRRP.

Related Documents

Related Topic
Document Title

Cisco ASR 9000 Series Router VRRP commands

VRRP Commands on Cisco ASR 9000 Series Routers module in the Cisco ASR 9000 Series Aggregation Services Router IP Addresses and Services Command Reference

Cisco ASR 9000 Series Router getting started material

Cisco ASR 9000 Series Aggregation Services Router Getting Started Guide


Standards

Standards
Title

No new or modified standards are supported by this feature, and support for existing standards has not been modified by this feature.


MIBs

MIBs
MIBs Link

To locate and download MIBs using Cisco IOS XR software, use the Cisco MIB Locator found at the following URL and choose a platform under the Cisco Access Products menu: http://cisco.com/public/sw-center/netmgmt/cmtk/mibs.shtml


RFCs

RFCs
Title

No new or modified RFCs are supported by this feature, and support for existing RFCs has not been modified by this feature.


Technical Assistance

Description
Link

The Cisco Technical Support website contains thousands of pages of searchable technical content, including links to products, technologies, solutions, technical tips, and tools. Registered Cisco.com users can log in from this page to access even more content.

http://www.cisco.com/techsupport