VRRP Interface Tracking

Feature history for VRRP interface tracking

Table 1. Feature History

Feature Name

Release Information

Description

Support for Multiple VRRP Groups on the Same LAN Interface or Sub-interface

Cisco SD-WAN Release 20.3.1

This feature increases support from one VRRP group per interface to five VRRP groups per interface. Multiple VRRP groups are useful for providing redundancy and for load balancing.

VRRP interface tracking for Cisco IOS XE Catalyst SD-WAN devices

Cisco IOS XE Catalyst SD-WAN Release 17.7.1a

Cisco SD-WAN Release 20.7.1

This feature enables VRRP to set the Cisco IOS XE Catalyst SD-WAN device as active or standby based on the WAN Interface or SIG tracker events. It increases the TLOC preference value on a new VRRP active device to ensure traffic symmetry.

From this release, you can configure VRRP interface tracking using the Cisco SD-WAN Manager feature template and the CLI template on Cisco IOS XE Catalyst SD-WAN devices.

VRRP

A Virtual Router Redundancy Protocol (VRRP) is a LAN-side protocol that

  • provides redundant gateway service for switches and IP end stations,

  • allows configuration on interfaces and subinterfaces using templates, and

  • supports failover and election of a new primary router based on interface state, OMP session, or remote prefix reachability.

In Cisco Catalyst SD-WAN, VRRP is configured on service-side VPN interfaces or subinterfaces (excluding reserved VPNs 0 and 512), with each group identified by a unique number and assigned an IP address.

The protocol enables up to 512 groups per router, with priority values determining primary router election. Failover can be triggered by interface status, three consecutive advertisements missed, OMP session loss, or loss of prefix reachability, ensuring continuous gateway service.

For VRRP to function with IEEE 802.1Q tagging, MTU adjustments may be necessary.

This is not applicable from Cisco IOS XE Catalyst SD-WAN Release 17.4.1a and later, where physical and subinterfaces can share the same MTU.

  • If the primary VRRP goes down, traffic is redirected to the secondary VRRP, which then becomes the primary gateway.

  • VRRP is configured per interface or subinterface within a service-side VPN; reserved VPNs (0, 512) are not supported except for physical interface configuration.

  • Each VRRP group requires a unique group number and IP address, with a maximum of 512 groups per router.

  • Routers in the same VRRP group act as a single virtual router; the router with the highest priority (1–254, default 100) becomes primary.

  • Advertisement messages are sent by the primary every 1–3600 seconds (default: every second).

  • The x710 NIC must have the t->system-> vrrp-advt-with-phymac command configured, for VRRP to function.

Configure VRRP

Configuring VRRP using Cisco Catalyst SD-WAN Manager

Procedure

To have an interface run the Virtual Router Redundancy Protocol (VRRP), which allows multiple routers to share a common virtual IP address for default gateway redundancy, select the VRRP tab. Then click Add New VRRP and configure the following parameters:

Parameter Name Description

Group ID

Enter the virtual router ID, which is a numeric identifier of the virtual router. You can configure a maximum of 24 groups.

Range: 1 through 255

Priority

Enter the priority level of the router. There router with the highest priority is elected as primary VRRP router. If two routers have the same priority, the one with the higher IP address is elected as primary VRRP router.

Range: 1 through 254

Default: 100
Timer (milliseconds)

Specify how often the primary VRRP router sends VRRP advertisement messages. If subordinate routers miss three consecutive VRRP advertisements, they elect a new primary VRRP routers.

Range: 100 through 40950 milliseconds

Default: 100 msecs

Note

 

When the timer is 100 ms for the VRRP feature template on Cisco IOS XE Catalyst SD-WAN devices, the VRRP fails if the traffic is high on LAN interface.

Track OMP​

Track Prefix List

By default, VRRP uses of the state of the service (LAN) interface on which it is running to determine which router is the primary virtual router. if a router loses all its WAN control connections, the LAN interface still indicates that it is up even though the router is functionally unable to participate in VRRP. To take WAN side connectivity into account for VRRP, configure one of the following:

Track OMP: Click On for VRRP to track the Overlay Management Protocol (OMP) session running on the WAN connection. If the primary VRRP router loses all its OMP sessions, VRRP elects a new default gateway from those that have at least one active OMP session.

Note

 

From Cisco IOS XE Catalyst SD-WAN Release 17.18.1a, enabling Track OMP changes the device CLI command from vrrp track omp shutdown to vrrp track omp decrement 10 .

Track Prefix List: Track both the OMP session and a list of remote prefixes, which is defined in a prefix list configured on the local router. If the primary VRRP router loses all its OMP sessions, VRRP failover occurs as described for the Track OMP option. In addition, if reachability to all of the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic is dropped while the routers determine the primary VRRP router.

IP Address

 Enter the IP address of the virtual router. This address must be different from the configured interface IP addresses of both the local router and the peer running VRRP.

Configure a prefix list for VRRP using Configuration Groups

Before you begin

On the Configuration > Configuration Groups page, choose SD-WAN as the solution type.

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Configuration Groups.

Step 2

Create and configure Prefix List for VRRP in a Policy Object Profile.

  1. Choose the Prefix policy object from the Select Policy Object drop-down list.

  2. Enter the Prefix List Name.

  3. In the Internet Protocol field, click IPv4 or IPv6.

  4. Under Add Prefix, enter the prefix for the list. Optionally, click the Choose a file link to import a prefix list.

  5. Click Save The following table describe the options for configuring the prefix.

    Table 2. Prefix List

    Field

    Description

    Prefix List Name

    Enter a name for the prefix list.

    Internet Protocol

    Specifies the internet protocol. The options are IPv4 and IPv6.

What to do next

Also see Deploy a configuration group.

Configure a prefix list for VRRP using a feature template

To configure a prefix list,

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Policy > Localized Policy.

Step 2

From the Custom Options drop-down list, click Lists.

  1. Click Prefix from the left pane, and click New Prefix List.

  2. In Prefix List Name, enter a name for the prefix list.

  3. Choose IPv4 as the Internet Protocol.

  4. In Add Prefix, enter the prefix entries separated by commas.

  5. Click Add.

Step 3

Click Next and configure Forwarding Classes/QoS.

Step 4

Click Next and configure Access Control Lists.

Step 5

Click Next and in Route Policy pane, select a relevant route policy and click , and click Edit to add the newly added prefix list.

Step 6

From the Match pane, click AS Path List and in the Address, choose the newly added prefix list.

Step 7

Click Save Match and Actions.

Step 8

Click Next and enter the Policy Name and Policy Description in the Policy Overview screen.

Step 9

Click Save Policy.

Configure a prefix list for VRRP using a device template

To configure the Prefix List to the VRRP using a device template,

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Templates > Device Templates.

In Cisco vManage Release 20.7.x and earlier releases, Device Templates is titled Device.

Step 2

Select a relevant device template and click , then click Edit to edit the template details.

Step 3

From Policy, select the policy with the newly added prefix list and click Update.

Step 4

Click Feature Templates.

Step 5

Select a relevant device template and click and click Edit to edit the template details.

Step 6

Click VRRP.

Step 7

Select a relevant group ID and click the pen icon to associate the new prefix-list to the VRRP details and click the Track Prefix List drop-down to enter the newly added prefix-list name.

Step 8

Click Save Changes and then Update. Click Device Templates and select the policy with the newly added prefix list.

Step 9

Click and click Attach Devices. From Available Devices, double-click the relevant device to move it to Selected Devices, and then click Attach.

Configure VRRP using CLI commands

To provide redundant gateway service on Cisco Catalyst SD-WAN devices by configuring VRRP on service-side interfaces using CLI commands.

Before you begin

  • VRRP must be configured on service-side VPNs (not on VPN 0 or 512, except for the physical interface when using subinterfaces).

  • Ensure required interfaces and subinterfaces are created and enabled.

  • Adjust MTU for 802.1Q tagging if needed (not required for Cisco IOS XE Catalyst SD-WAN Release 17.4.1a and later).

Procedure

Step 1

Enter the target VPN .

Example:

vpn <vpn-id>

Step 2

Select and enable the interface (or subinterface). Select and enable the interface (or subinterface).

Example:

interface <irbnumber>[.<subinterface>]
no shutdown

Step 3

Assign an IP address to the interface.

Example:

ipv4 ip-address

Step 4

Within each VRRP group, the router with the higher priority value is elected as primary VRRP. By default, each virtual router IP address has a default primary election priority of 100, so the router with the higher IP address is elected as primary. You can modify the priority value, setting it to a value from 1 through 254.

Example:

priority number

Step 5

The primary VRRP periodically sends advertisement messages, indicating that it is still operating. If backup routers miss three consecutive VRRP advertisements, they assume that the primary VRRP is down and elect a new primary VRRP. By default, these messages are sent every second. You can change the VRRP advertisement time to be a value from 1 through 3600 seconds.

Example:

timer seconds

Step 6

By default, VRRP uses the state of the interface on which it is running, to determine which router is the primary virtual router. This interface is on the service (LAN) side of the router. When the interface for the primary VRRP goes down, a new primary VRRP virtual router is elected based on the VRRP priority value. Because VRRP runs on a LAN interface, if a router loses all its WAN control connections, the LAN interface still indicates that it is up even though the router is functionally unable to participate in VRRP. To take WAN side connectivity into account for VRRP, you can configure one of the following:

  1. Track the Overlay Management Protocol (OMP) session running on the WAN connection when determining the primary VRRP virtual router.

    Example:

    track-omp

    If all OMP sessions are lost on the primary VRRP router, VRRP elects a new default gateway from among all the gateways that have one or more active OMP sessions even if the gateway chosen has a lower VRRP priority than the current primary VRRP router. With this option, VRRP failover occurs once the OMP state changes from up to down, which occurs when the OMP hold timer expires. Until the hold timer expires and a new primary VRRP is elected, all overlay traffic is dropped. When the OMP session recovers, the local VRRP interface claims itself as primary VRRP even before it learns and installs OMP routes from the Cisco Catalyst SD-WAN Controllers. Until the routers are learned, traffic is also dropped.

  2. Track both the OMP session and a list of remote prefixes. list-name is the name of a prefix list configured with the policy lists prefix-list command on the Cisco vEdge device :

    Example:

    track-prefix-list list-name

If all OMP sessions are lost, VRRP failover occurs as described for the track-omp option. In addition, if reachability to all the prefixes in the list is lost, VRRP failover occurs immediately, without waiting for the OMP hold timer to expire, thus minimizing the amount of overlay traffic is dropped while the router determines the primary VRRP.

As discussed above, the IEEE 802.1Q protocol adds 4 bytes to each packet's length. Hence, for packets to be transmitted, either increase the MTU size on the physical interface in VPN 0 (the default MTU is 1500 bytes) or decrease the MTU size on the VRRP interface.

For devices running on Cisco IOS XE Catalyst SD-WAN Release 17.14.1a and later, adjusting the MTU size is not required, both the physical interface and sub interface can have the same MTU size.

Here is an example of configuring VRRP on redundant physical interfaces. For subinterface 2, vEdge1 is configured to act as the primary VRRP, and for subinterface 3, vEdge2 acts as the primary VRRP. 

vEdge1# show running-config vpn 1 
vpn 1
 interface ge0/6.2
  ip address 10.2.2.3/24
  mtu      1496
  no shutdown
  vrrp 2
   ipv4 10.2.2.1
   track-prefix-list vrrp-prefix-list1
  !
 !
 interface ge0/6.3
  ip address 10.2.3.5/24
  mtu      1496
  shutdown
  vrrp 3
   ipv4 10.2.3.11
   track-prefix-list vrrp-prefix-list1
  !
 !
!

vEdge2# show running-config vpn 1 
vpn 1
 interface ge0/1.2
  ip address 10.2.2.4/24
  mtu      1496
  no shutdown
  vrrp 2
   ipv4 10.2.2.1
   track-prefix-list vrrp-prefix-list2
  !
 !
 interface ge0/1.3
  ip address 10.2.3.6/24
  mtu      1496
  no shutdown
  vrrp 3
   ipv4 10.2.3.11
   track-prefix-list vrrp-prefix-list2
  !
 !
!

vEdge1# show interface vpn 1 
 
                             IF      IF                                                              TCP                                   
                             ADMIN   OPER    ENCAP  PORT                              SPEED          MSS                 RX       TX       
VPN  INTERFACE  IP ADDRESS   STATUS  STATUS  TYPE   TYPE     MTU   HWADDR             MBPS   DUPLEX  ADJUST  UPTIME      PACKETS  PACKETS  
-------------------------------------------------------------------------------------------------------------------------------------------
1    ge0/6.2    10.2.2.3/24  Up      Up      vlan   service  1496  00:0c:29:ab:b7:94  10     full    0       0:00:05:52  0        357      
1    ge0/6.3    10.2.3.5/24  Down    Down    vlan   service  1496  00:0c:29:ab:b7:94  -      -       0       -           0        0 

vEdge1# show vrrp interfaces       

                                                                                           MASTER                             TRACK   PREFIX  
              GROUP  VIRTUAL                                 VRRP    OMP    ADVERTISEMENT  DOWN                               PREFIX  LIST    
VPN  IF NAME  ID     IP         VIRTUAL MAC        PRIORITY  STATE   STATE  TIMER          TIMER   LAST STATE CHANGE TIME     LIST    STATE   
----------------------------------------------------------------------------------------------------------------------------------------------
1    ge0/6.2  2      10.2.2.1   00:0c:29:ab:b7:94  100       master  down   1              3       2015-05-01T20:09:37+00:00  -       -       
     ge0/6.3  3      10.2.3.11  00:00:00:00:00:00  100       init    down   1              3       0000-00-00T00:00:00+00:00  -       -

In the following example, Router-1 is the primary VRRP, because it has a higher priority value than Router 2:

Router-1# show running-config vpn 1
vpn 1
!
 interface ge0/1.15
  ip address 10.10.1.2/24
  mtu         1496
  no shutdown
  vrrp 15
   priority  110
   track-omp
   ipv4 10.20.23.1
  !
 !
!

Router-1# show vrrp vpn 1
                                                                                                MASTER                             TRACK   PREFIX  
               GROUP                                              VRRP    OMP    ADVERTISEMENT  DOWN                               PREFIX  LIST    
VPN  IF NAME   ID     VIRTUAL IP     VIRTUAL MAC        PRIORITY  STATE   STATE  TIMER          TIMER   LAST STATE CHANGE TIME     LIST    STATE   
---------------------------------------------------------------------------------------------------------------------------------------------------
1    ge0/1.1   1      10.20.22.1     00:0c:bd:08:79:a4  100       backup  up     1              3       2016-01-13T03:10:55+00:00  -       -       
     ge0/1.5   5      10.20.22.193   00:0c:bd:08:79:a4  100       backup  up     1              3       2016-01-13T03:10:55+00:00  -       -       
     ge0/1.10  10     10.20.22.225   00:0c:bd:08:79:a4  100       backup  up     1              3       2016-01-13T03:10:55+00:00  -       -       
     ge0/1.15  15     10.20.23.1     00:0c:bd:08:79:a4  110       master  up     1              3       2016-01-13T03:10:56+00:00  -       -       
     ge0/1.20  20     10.20.24.1     00:0c:bd:08:79:a4  100       backup  up     1              3       2016-01-13T03:10:56+00:00  -       -       
     ge0/1.25  25     10.20.25.1     00:0c:bd:08:79:a4  110       master  up     1              3       2016-01-13T03:10:56+00:00  -       -       
     ge0/1.30  30     10.20.25.129   00:0c:bd:08:79:a4  100       backup  up     1              3       2016-01-13T03:10:56+00:00  -       -   


Router-1# show vrrp vpn 1 interfaces ge0/1.15 groups 15

                                                                               MASTER                             TRACK   PREFIX  
GROUP                                            VRRP    OMP    ADVERTISEMENT  DOWN                               PREFIX  LIST    
ID     VIRTUAL IP   VIRTUAL MAC        PRIORITY  STATE   STATE  TIMER          TIMER   LAST STATE CHANGE TIME     LIST    STATE   
----------------------------------------------------------------------------------------------------------------------------------
1      10.20.33.1  00:0c:bd:08:79:a4  110       master  up     1              3       2016-01-13T03:10:56+00:00  -       -       

Router-2# show running-config vpn 1
vpn 1
!
 interface ge0/1.15
  ip address 10.10.1.3/24
  mtu         1496
  no shutdown
  vrrp 15
   track-omp
   ipv4 10.20.23.1
  !
 !
!

Router-2# show vrrp vpn 1 interfaces groups

                                                                                           MASTER                             TRACK   PREFIX  
          GROUP                                              VRRP    OMP    ADVERTISEMENT  DOWN                               PREFIX  LIST    
IF NAME   ID     VIRTUAL IP     VIRTUAL MAC        PRIORITY  STATE   STATE  TIMER          TIMER   LAST STATE CHANGE TIME     LIST    STATE   
----------------------------------------------------------------------------------------------------------------------------------------------
ge0/1.1   1      10.20.32.1     00:0c:bd:08:2b:a5  110       master  up     1              3       2016-01-13T00:22:15+00:00  -       -       
ge0/1.5   5      10.20.32.193   00:0c:bd:08:2b:a5  110       master  up     1              3       2016-01-13T00:22:15+00:00  -       -       
ge0/1.10  10     10.20.32.225   00:0c:bd:08:2b:a5  110       master  up     1              3       2016-01-13T00:22:15+00:00  -       -       
ge0/1.15  15     10.20.33.1     00:0c:bd:08:2b:a5  100       backup  up     1              3       2016-01-13T03:10:56+00:00  -       -       
ge0/1.20  20     10.20.34.1     00:0c:bd:08:2b:a5  110       master  up     1              3       2016-01-13T00:22:16+00:00  -       -       
ge0/1.25  25     10.20.35.1     00:0c:bd:08:2b:a5  100       backup  up     1              3       2016-01-13T03:10:56+00:00  -       -       
ge0/1.30  30     10.20.35.129   00:0c:bd:08:2b:a5  100       master  up     1              3       2016-01-13T00:22:16+00:00  -       -    

Router-2# show vrrp vpn 100 interfaces groups 15

                                                                                         MASTER                             TRACK   PREFIX  
          GROUP                                            VRRP    OMP    ADVERTISEMENT  DOWN                               PREFIX  LIST    
IF NAME   ID     VIRTUAL IP   VIRTUAL MAC        PRIORITY  STATE   STATE  TIMER          TIMER   LAST STATE CHANGE TIME     LIST    STATE   
--------------------------------------------------------------------------------------------------------------------------------------------
ge0/0.15  15     10.20.33.1   00:0c:bd:08:2b:a5  100       backup  up     1              3       2016-01-13T03:10:56+00:00  -       -

Cisco SD-WAN supports configuring multiple VRRP groups on an interface. A use case for configuring this is where primary and secondary IP addresses have been assigned to a single interface. On one interface, you can configure:

  • One primary IP address

  • Up to four secondary IP addresses

To support each of these IP addresses, you can configure up to 5 VRRP groups (each with a unique group ID) on an interface, subinterface, or integrated routing and bridging (IRB) interface that supports VRRP groups.

The following is an example of configuring 5 VRRP groups on 1 interface.

vpn 2
 interface ge0/4.2
  ip address 10.0.1.10/24
  ip secondary-address 10.0.2.10/24
  ip secondary-address 10.0.3.10/24
  ip secondary-address 10.0.4.10/24
  mtu 1496
  no shutdown
  vrrp 1
   priority 101
    ipv4 10.0.1.1
!
  vrrp 2
   ipv4 10.0.1.2
!
  vrrp 3
   priority 101
    ipv4 10.0.2.1
!
  vrrp 4
   ipv4 10.0.3.1
!
  vrrp 5
   ipv4 10.0.4.1
  !
 !
!

VRRP tracking use cases

The VRRP state is determined based on the tunnel link status. If the tunnel or interface is down on the primary VRRP, then the traffic is directed to the secondary VRRP. The secondary VRRP router in the LAN segment becomes primary VRRP to provide gateway for the service-side traffic.

Zscaler Tunnel Use Case 1—Primary VRRP, Single Internet Provider

The primary and secondary Zscaler tunnels are connected through a single internet provider to the primary VRRP. The primary and secondary VRRP routers are connected using TLOC extension. In this scenario, the VRRP state transitions occurs if the primary and secondary tunnels go down on the primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. To avoid asymmetric routing, VRRP notifies this change to the Overlay through OMP.

Zscaler Tunnel Use Case 2—VRRP Routers in TLOC Extension, Dual Internet Providers

The primary and secondary VRRP routers are configured in TLOC extension high availability mode. The primary and secondary Zscaler tunnels are directly connected with primary and secondary VRRP routers, respectively, using dual internet providers. In this scenario too, the VRRP state transition occurs if the primary and secondary tunnels go down on the primary VRRP. The predetermined priority value decrements when the tracking object is down, which triggers the VRRP state transition. VRRP notifies this change to the overlay through OMP.

TLOC Preference

Transport Locators (TLOCs) connect an OMP route to a physical location. A TLOC is directly reachable using an entry in the routing table of the physical network, or represented by a prefix beyond a NAT device.

In Cisco IOS XE Catalyst SD-WAN devices, the TLOC change increase preference value increases based on the configured value. You can configure the TLOC change increase preference value on both the active and the backup nodes.

Restrictions for VRRP interface tracking

  • Use VRRP only with service-side VPNs.

  • Configure VRRP physical interfaces with VPN 0 when you use subinterfaces.

  • Enable VRRP tracking only on a physical uplink interface or a logical tunnel interface (IPSEC, GRE, or both).

  • Do not use IP prefix as an object for the VRRP Tracking feature.

  • Apply the same tracker to multiple VRRP groups or VPNs.

  • Do not track multiple VRRP interfaces using the same track object.

  • Group a maximum of 16 track objects under a list track object.

  • Do not configure tloc-change or increase-preference on more than one VRRP group.

Configure VRRP tracking using CLI templates

You can configure VRRP tracking using the CLI add-on feature templates and CLI device templates. For more information, see CLI Templates.

VRRP object tracking using CLI

Procedure

Use the following configuration to add an interface to a track list using the Cisco SD-WAN Manager device CLI template: 

Device(config)# track <object-id1> interface <interface-type-number> [line-protocol]
Device(config-tracker)# exit 
Device(config)# track < object-id2> interface <interface-type-number> [line-protocol]
Device(config-tracker)# exit 
Device(config)# track <group-object-id> list boolean [and | Or] 
Device(config-tracker)# object <object-id1>
Device(config-tracker)# object <object-id2>
Device(config-tracker)# exit
Device(config)# interface GigabitEthernet2


Device(config-if)# vrf forwarding <vrf-number>

Device(config-if)# ipv4 address <ip-address> <subnet-mask>
Device(config-if)# negotiation auto
Device(config-if)# vrrp <vrrp-number> address-family ipv4
Device(config-if-vrrp)# address <ipv4-address> [primary | secondary]
Device(config-if-vrrp)# track <object-id> [decrement <dec-value> | shutdown]
Device(config-if-vrrp)# tloc-change increase-preference <value>
Device(config-if-vrrp)# exit

Example:

Interface Object Tracking Using CLI

config-transaction
  track 100 interface Tunnel123 line-protocol
   exit
 track 200 interface GigabitEthernet5 line-protocol
  exit
track 400 list boolean and
  object 100
  object 200
  exit
 
interface GigabitEthernet2
 vrf forwarding 1
 ip address 10.10.1.1 255.255.255.0
 negotiation auto
vrrp 1 address-family ipv4
  address 10.10.1.10 primary
  track 400 decrement 10
  tloc-change increase-preference 333
  exit

SIG container tracking

Procedure

Use the following example to configure a track list and tracking for SIG containers using the Cisco SD-WAN Manager device CLI template. 

Device(config)# track <object-id1> service global

Device(config-tracker)# exit 
Device(config)# track <object-id2> service global
Device(config-tracker)# exit 
Device(config)# track <group-object-id> list boolean [and | Or] 
Device(config-tracker)# object <object-id1>
Device(config-tracker)# object <object-id2>
Device(config-tracker)# exit

Device(config)# interface GigabitEthernet2

Device(config-if)# vrf forwarding <vrf-number>

Device(config-if)# ip address <ip-address> <subnet-mask>
Device(config-if)# negotiation auto
Device(config-if)# vrrp <vrrp-number> address-family ipv4
Device(config-if-vrrp)# address <ipv4-address> [primary | secondary]
Device(config-if-vrrp)# track <object-id> [decrement <dec-value> | shutdown]
Device(config-if-vrrp)# tloc-change increase-preference <value>
Device(config-if-vrrp)#exit

Example:

SIG Object Tracking Using CLI

config-transaction
  track 1 service global
  exit
  exit 
  track 2 service global
track 3 list boolean and
  object 1
  object 2
  exit
 
interface GigabitEthernet2
 vrf forwarding 1
 ip address 10.10.1.1 255.255.255.0
 negotiation auto
vrrp 1 address-family ipv4
  address 10.10.1.10 primary
  track 3 decrement 10
  tloc-change increase-preference 333
  exit

Configure VRRP tracking

  1. Configure an object tracker using a feature template.

  2. Configure VRRP for a VPN Interface template and associate the object tracker with the template.

Configure an object tracker using a feature template

Use the Cisco System template to configure an object tracker.

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose ConfigurationTemplates.

Step 2

Click Feature Templates.

Note

 

In Cisco SD-WAN Release 20.7.x and earlier releases, Feature Templates is titled Feature.

Step 3

Navigate to the Cisco System template for the device.

Step 4

Click Tracker and choose New Object Tracker to configure the tracker parameters.

Table 3. Tracker Parameters

Field

Description
Tracker Type

Choose Interface or SIG or Route to configure the object tracker.

Object ID

Enter the object ID number.
Interface

Choose global or device-specific tracker interface name.
Route IP

Enter the IP route prefix to track the state of an IP route.
Route IP Mask

Enter the prefix mask.
VPN

Enter the VPN number.

Step 5

Click Add.

Step 6

Optionally, to create a tracker group, click Tracker, and click Tracker Groups > New Object Tracker Groups to configure the tracker parameters.

Note

 

Ensure that you have created two trackers to create a track group.
Table 4. Object Tracker Group Parameters
Field Description

Group Tracker ID

Enter the name of the tracker group.

Tracker ID

Enter the name of the object tracker that you want to group.

Criteria

Choose AND or OR explicitly.

OR ensures that the transport interface status is reported as active if either one of the associated trackers of the tracker group reports that the route is active.

If you choose AND operation, the transport interface status is reported as active if both the associated trackers of the tracker group report that the route is active.

Note

 

Provide information in all the mandatory fields before you save the template.

Step 7

Click Add.

Step 8

Click Save.

Configure VRRP for a VPN interface template and associate interface object tracker

To configure VRRP for a Cisco VPN template, do the following:

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Configuration > Templates .

Step 2

Click Feature Templates.

Note

 

In Cisco SD-WAN Release 20.7.x and earlier releases, Feature Templates is titled Feature.

Step 3

Navigate to the Cisco VPN Interface Ethernet template for the device.

Note

 

For information about creating a new Cisco VPN Interface Ethernet template, see Configure VPN Ethernet Interface.

Step 4

Click VRRP and choose IPv4.

Step 5

Click New VRRP to create a new VRRP or edit the existing VRRP and configure the following parameters:

Parameter Name Description

TLOC Preference Change

 (Optional) Choose On or Off to set whether the TLOC preference can be changed or not.

TLOC Preference Change Value

 (Optional) Enter the TLOC preference change. Range: 1 to 4294967295.

Step 6

Click the Add Tracking Object link, and in the Tracking Object dialog box that is displayed, click Add Tracking Object.

Step 7

In the Tracker ID field, enter the Interface Object ID or Object Group Tracker ID.

Step 8

From the Action drop-down list, choose Decrement and enter the Decrement Value as 1. Cisco vEdge Devices support decrement value of 1.

Or

Choose Shutdown

Step 9

Click Add to save the VRRP details, then click Save to save the configuration.

Monitor VRRP configuration

To view information about VRRP configuration:

Procedure

Step 1

From the Cisco SD-WAN Manager menu, choose Monitor > Devices.

For Cisco SD-WAN Release 20.6.x and earlier: From the Cisco SD-WAN Manager menu, choose Monitor > Network.

Step 2

Choose a device from the list of devices.

Step 3

Click Real Time.

Step 4

From the Device Options drop-down list, choose VRRP Information.

Note

 

You can view the status of the VRRP configuration in Track State.

Verify VRRP tracking

View the summary of the VRRP configuration

The following is a sample output for the show vrrp command: 

Device# show vrrp
GigabitEthernet2 - Group 1 - Address-Family IPv4
State is MASTER
State duration 37 mins 52.978 secs
Virtual IP address is 10.10.1.10
Virtual MAC address is 0000.5E00.0101
Advertisement interval is 1000 msec
Preemption enabled
Priority is 100
State change reason is VRRP_TRACK_UP
Tloc preference configured, value 333
Track object 400 state UP decrement 10
Master Router is 10.10.1.1 (local), priority is 100
Master Advertisement interval is 1000 msec (expires in 607 msec)
Master Down interval is unknown
FLAGS: 1/1

View the summary of tracked objects

The following is a sample output for the show track brief command: 

Device# show track brief
Track Type      Instance           Parameter     State      Last Change
100   interface Tunnel123 l        line-protocol Up         00:12:48
200   interface GigabitEthernet5   line-protocol Up         00:49:57
400   list                         boolean       Up         00:12:47

View the state of the tracked list

The following is a sample output for the show track list command: 

Device# show track list
Track 400
  List boolean and
  Boolean AND is Up
    6 changes, last change 00:12:58
    object 100 Up
    object 200 Up
  Tracked by: 
    VRRPv3 GigabitEthernet2 IPv4 group 1

View a brief summary state of the tracked list

The following is a sample output for the show track list brief command: 

Track  Type        Instance        Parameter        State  Last Change 
         400    list                         boolean          Up    00:13:02