- Cisco Nexus 3000 Switch NX-OS Unicast Routing Configuration Guide, Release 6.x
- Contents
- Preface
- New and Changed Information
- Overview
- Part 1: IP
- Configuring IPv4
- Configuring IPv6
- Part 2: Routing
- Configuring OSPF
- Configuring OSPFv3
- Configuring EIGRP
- Configuring Basic BGP
- Configuring Advanced BGP
- Configuring BGP Additional Paths
- ECMP Recovery
- Configuring ECMP for Host Routes
- Configuring RIP
- Configuring Static Routing
- Configuring Layer 3 Virtualization
- Configuring the Unicast RIB and FIB
- Configuring Route Policy Manager
- Configuring Policy-Based Routing
- Configuring Bidirectional Forwarding Detection
- Part 3: First-Hop Redundancy Protocols
- Configuring HSRP
- Configuring VRRP
- Configuring Object Tracking
- IETF RFCs
- Glossary
- Index
- Information About VRRP
- Licensing Requirements for VRRP
- Guidelines and Limitations
- Default Settings
- Configuring VRRP
- Configuring VRRPv3
- Verifying the VRRPv2 Configuration
- Verifying the VRRPv3 Configuration
- Displaying VRRP Statistics
- Configuration Examples for VRRPv2
- Configuration Example for VRRPv3
- Additional References
Configuring VRRP
This chapter describes how to configure the Virtual Router Redundancy Protocol (VRRP) on a switch
This chapter includes the following sections:
- Information About VRRP
- Licensing Requirements for VRRP
- Guidelines and Limitations
- Default Settings
- Configuring VRRP
- Configuring VRRPv3
- Verifying the VRRPv2 Configuration
- Verifying the VRRPv3 Configuration
- Displaying VRRP Statistics
- Configuration Examples for VRRPv2
- Configuration Example for VRRPv3
- Additional References
Information About VRRP
VRRP allows for transparent failover at the first-hop IP router, by configuring a group of routers to share a virtual IP address. VRRP selects a master router in that group to handle all packets for the virtual IP address. The remaining routers are in standby and take over if that the master router fails.
This section includes the following topics:
- VRRP Operation
- VRRP Benefits
- Multiple VRRP Groups
- VRRP Router Priority and Preemption
- VRRP Advertisements
- VRRP Authentication
- VRRPv3
- Virtualization Support
VRRP Operation
A LAN client can determine which router should be the first hop to a particular remote destination by using a dynamic process or static configuration. Examples of dynamic router discovery are as follows:
- Proxy ARP—The client uses Address Resolution Protocol (ARP) to get the destination it wants to reach, and a router will respond to the ARP request with its own MAC address.
- Routing protocol—The client listens to dynamic routing protocol updates (for example, from Routing Information Protocol [RIP]) and forms its own routing table.
- ICMP Router Discovery Protocol (IRDP) client—The client runs an Internet Control Message Protocol (ICMP) router discovery client.
The disadvantage to dynamic discovery protocols is that they incur some configuration and processing overhead on the LAN client. Also, in the event of a router failure, the process of switching to another router can be slow.
An alternative to dynamic discovery protocols is to statically configure a default router on the client. Although, this approach simplifies client configuration and processing, it creates a single point of failure. If the default gateway fails, the LAN client is limited to communicating only on the local IP network segment and is cut off from the rest of the network.
VRRP can solve the static configuration problem by enabling a group of routers (a VRRP group) to share a single virtual IP address. You can then configure the LAN clients with the virtual IP address as their default gateway.
Figure 21-1 shows a basic VLAN topology. In this example, Routers A, B, and C form a VRRP group. The IP address of the group is the same address that was configured for the Ethernet interface of Router A (10.0.0.1).
Figure 21-1 Basic VRRP Topology
Because the virtual IP address uses the IP address of the physical Ethernet interface of Router A, Router A is the master (also known as the IP address owner). As the master, Router A owns the virtual IP address of the VRRP group router and forwards packets sent to this IP address. Clients 1 through 3 are configured with the default gateway IP address of 10.0.0.1.
Routers B and C function as backups. If the master fails, the backup router with the highest priority becomes the master and takes over the virtual IP address to provide uninterrupted service for the LAN hosts. When router A recovers, it becomes the router master again. For more information, see the “VRRP Router Priority and Preemption” section.
Note
Packets received on a routed port destined for the VRRP virtual IP address will terminate on the local router, regardless of whether that router is the master VRRP router or a backup VRRP router. This includes ping and Telnet traffic. Packets received on a Layer 2 (VLAN) interface destined for the VRRP virtual IP address will terminate on the master router.
VRRP Benefits
The benefits of VRRP are as follows:
- Redundance—Enables you to configure multiple routers as the default gateway router, which reduces the possibility of a single point of failure in a network.
- Load Sharing—Allows traffic to and from LAN clients to be shared by multiple routers. The traffic load is shared more equitably among available routers.
- Multiple VRRP groups—Supports up to 255 VRRP groups on a router physical interface if the platform supports multiple MAC addresses. Multiple VRRP groups enable you to implement redundancy and load sharing in your LAN topology.
- Multiple IP Addresses—Allows you to manage multiple IP addresses, including secondary IP addresses. If you have multiple subnets configured on an Ethernet interface, you can configure VRRP on each subnet.
- Preemption—Enables you to preempt a backup router that has taken over for a failing master with a higher priority backup router that has become available.
- Advertisement Protocol—Uses a dedicated Internet Assigned Numbers Authority (IANA) standard multicast address (224.0.0.18) for VRRP advertisements. This addressing scheme minimizes the number of routers that must service the multicasts and allows test equipment to accurately identify VRRP packets on a segment. IANA has assigned the IP protocol number 112 to VRRP.
- The benefits of VRRPv3 are as follows:
Multiple VRRP Groups
You can configure up to 255 VRRP groups on a physical interface. The actual number of VRRP groups that a router interface can support depends on the following factors:
In a topology where multiple VRRP groups are configured on a router interface, the interface can act as a master for one VRRP group and as a backup for one or more other VRRP groups.
Figure 21-2 shows a LAN topology in which VRRP is configured so that Routers A and B share the traffic to and from clients 1 through 4. Routers A and B act as backups to each other if either router fails.
Figure 21-2 Load Sharing and Redundancy VRRP Topology
This topology contains two virtual IP addresses for two VRRP groups that overlap. For VRRP group 1, Router A is the owner of IP address 10.0.0.1 and is the master. Router B is the backup to router A. Clients 1 and 2 are configured with the default gateway IP address of 10.0.0.1.
For VRRP group 2, Router B is the owner of IP address 10.0.0.2 and is the master. Router A is the backup to router B. Clients 3 and 4 are configured with the default gateway IP address of 10.0.0.2.
VRRP Router Priority and Preemption
An important aspect of the VRRP redundancy scheme is the VRRP router priority because the priority determines the role that each VRRP router plays and what happens if the master router fails.
If a VRRP router owns the virtual IP address and the IP address of the physical interface, this router functions as the master. The priority of the master is 255.
Priority also determines if a VRRP router functions as a backup router and the order of ascendancy to becoming a master if the master fails.
When the master switch and the backup switches have the same priority value, the backup switch has a higher IP address, and initially the master switch is up. In this scenario, when the backup switch comes up, it should not disturb the state of master switch. Only when the master switch goes down, the backup switch becomes the master switch.
For example, if router A, the master in a LAN topology fails, VRRP must determine if backups B or C should take over. If you configure router B with priority 101 and router C with the default priority of 100, VRRP selects router B to become the master because it has the higher priority. If you configure routers B and C with the default priority of 100, VRRP selects the backup with the higher IP address to become the master.
VRRP uses preemption to determine what happens after a VRRP backup router becomes the master. With preemption enabled by default, VRRP will switch to a backup if that backup comes online with a priority higher than the new master. For example, if Router A is the master and fails, VRRP selects Router B (next in order of priority). If Router C comes online with a higher priority than Router B, VRRP selects Router C as the new master, even though Router B has not failed.
If you disable preemption, VRRP will only switch if the original master recovers or the new master fails.
VRRP Advertisements
The VRRP master sends VRRP advertisements to other VRRP routers in the same group. The advertisements communicate the priority and state of the master. Cisco NX-OS encapsulates the VRRP advertisements in IP packets and sends them to the IP multicast address assigned to the VRRP group. Cisco NX-OS sends the advertisements once every second by default, but you can configure a different advertisement interval.
VRRP Authentication
VRRPv3
VRRP version 3 (VRRPv3) enables a group of switches to form a single virtual switch in order to provide redundancy and reduce the possibility of a single point of failure in a network. The LAN clients can then be configured with the virtual switch as their default gateway. The virtual switch, representing a group of switches, is also known as a VRRPv3 group.
Virtualization Support
VRRP supports virtual routing and forwarding (VRF) instances. By default, Cisco NX-OS places you in the default VRF unless you specifically configure another VRF.
If you change the VRF membership of an interface, Cisco NX-OS removes all Layer 3 configuration, including VRRP.
For more information, see Chapter14, “Configuring Layer 3 Virtualization”
Licensing Requirements for VRRP
The following table shows the licensing requirements for this feature:
Guidelines and Limitations
VRRP has the following configuration guidelines and limitations:
- You cannot configure VRRP on the management interface.
- When VRRP is enabled, you should replicate the VRRP configuration across switches in your network.
- We recommend that you do not configure more than one first-hop redundancy protocol on the same interface.
- You must configure an IP address for the interface that you configure VRRP on and enable that interface before VRRP becomes active.
- Cisco NX-OS removes all Layer 3 configurations on an interface when you change the interface VRF membership, port channel membership, or when you change the port mode to Layer 2.
- When you configure VRRP to track a Layer 2 interface, you must shut down the Layer 2 interface and reenable the interface to update the VRRP priority to reflect the state of the Layer 2 interface.
- VRRPv3 has the following configuration guidelines and limitations:
– VRRPv3 is not intended as a replacement for existing dynamic protocols. VRRPv3 is designed for use over multi-access, multicast, or broadcast-capable Ethernet LANs.
– VRRPv3 is supported only on Ethernet and Fast Ethernet interfaces, bridge group virtual interfaces (BVIs), and Gigabit Ethernet interfaces as well as on Multiprotocol Label Switching (MPLS) virtual private networks (VPNs), VRF-aware MPLS VPNs, and VLANs.
– When VRRPv3 is in use, VRRPv2 is unavailable. To configure VRRPv3, you must disable any VRRPv2 configuration.
– Use VRRPv3 millisecond timers only where absolutely necessary and with careful consideration and testing. Millisecond values work only under favorable circumstances. The millisecond timer values are compatible with third-party vendors, as long as they also support VRRPv3.
Default Settings
Table 21-1 lists the default settings for VRRP parameters.
|
|
|
|---|---|
Configuring VRRP
This section includes the following topics:
- Enabling the VRRP Feature
- Configuring VRRP Groups
- Configuring VRRP Priority
- Configuring VRRP Authentication
- Configuring Time Intervals for Advertisement Packets
- Disabling Preemption
- Configuring VRRP Interface State Tracking
Note If you are familiar with the Cisco IOS CLI, be aware that the Cisco NX-OS commands for this feature might differ from the Cisco IOS commands that you would use.
Enabling the VRRP Feature
You must globally enable the VRRP feature before you can configure and enable any VRRP groups.
To enable the VRRP feature, use the following command in global configuration mode:
|
|
|
|---|---|
To disable the VRRP feature and remove all associated configuration, use the following command in global configuration mode:
|
|
|
|---|---|
Configuring VRRP Groups
You can create a VRRP group, assign the virtual IP address, and enable the group.
You can configure one virtual IPv4 address for a VRRP group. By default, the master VRRP router drops the packets addressed directly to the virtual IP address because the VRRP master is only intended as a next-hop router to forward packets. Some applications require that Cisco NX-OS accept packets addressed to the virtual router IP. Use the secondary option to the virtual IP address to accept these packets when the local router is the VRRP master.
Once you have configured the VRRP group, you must explicitly enable the group before it becomes active.
BEFORE YOU BEGIN
Ensure that you configure an IP address on the interface (see the “Configuring IPv4 Addressing” section.
SUMMARY STEPS
2. interface interface-type slot/port
DETAILED STEPS
Configuring VRRP Priority
The valid priority range for a virtual router is from 1 to 254 (1 is the lowest priority and 254 is the highest). The default priority value for backups is 100. For switches whose interface IP address is the same as the primary virtual IP address (the master), the default value is 255.
BEFORE YOU BEGIN
Ensure that you have enabled the VRRP feature (see the “Configuring VRRP” section).
Ensure that you have configured an IP address on the interface (see the “Configuring IPv4 Addressing” section.
SUMMARY STEPS
2. interface interface-type slot/port
6. priority leve l [ forwarding-threshold lower lower-value upper upper-value ]
DETAILED STEPS
Configuring VRRP Authentication
You can configure simple text authentication for a VRRP group.
BEFORE YOU BEGIN
Ensure that the authentication configuration is identical for all VRRP switches in the network.
Ensure that you have enabled the VRRP feature (see the “Configuring VRRP” section).
Ensure that you have configured an IP address on the interface (see the “Configuring IPv4 Addressing” section.
SUMMARY STEPS
2. interface interface-type slot/port
DETAILED STEPS
Configuring Time Intervals for Advertisement Packets
You can configure the time intervals for advertisement packets.
BEFORE YOU BEGIN
Ensure that you have enabled the VRRP feature (see the “Configuring VRRP” section).
Ensure that you have configured an IP address on the interface (see the “Configuring IPv4 Addressing” section.
SUMMARY STEPS
2. interface interface-type slot/port
DETAILED STEPS
|
|
|
|
|---|---|---|
interface interface-type slot/port |
||
Sets the interval time in seconds between sending advertisement frames. The range is from 1 to 254. The default is 1 second. |
||
Disabling Preemption
You can disable preemption for a VRRP group member. If you disable preemption, a higher-priority backup router will not take over for a lower-priority master router. Preemption is enabled by default.
BEFORE YOU BEGIN
Ensure that you have enabled the VRRP feature (see the “Configuring VRRP” section).
Ensure that you have configured an IP address on the interface (see the “Configuring IPv4 Addressing” section.
SUMMARY STEPS
DETAILED STEPS
|
|
|
|
|---|---|---|
interface interface-type slot/port |
||
Disables the preempt option and allows the master to remain when a higher-priority backup appears. |
||
Configuring VRRP Interface State Tracking
Interface state tracking changes the priority of the virtual router based on the state of another interface in the switch. When the tracked interface goes down or the IP address is removed, Cisco NX-OS assigns the tracking priority value to the virtual router. When the tracked interface comes up and an IP address is configured on this interface, Cisco NX-OS restores the configured priority to the virtual router (see the “Configuring VRRP Priority” section).
Note For interface state tracking to function, you must enable preemption on the interface.
Note VRRP does not support Layer 2 interface tracking.
BEFORE YOU BEGIN
Ensure that you have enabled the VRRP feature (see the “Configuring VRRP” section).
Ensure that you have configured an IP address on the interface (see the “Configuring IPv4 Addressing” section.
Ensure that you have enabled the virtual router (see the “Configuring VRRP Groups” section).
SUMMARY STEPS
2. interface interface-type slot/port
DETAILED STEPS
Configuring VRRPv3
Enabling VRRPv3
You must globally enable the VRRPv3 feature before you can configure and enable any VRRPv3 groups.
To enable the VRRPv3 feature, use the following command in global configuration mode:
Configuring VRRPv3 Groups
You can create a VRRPv3 group, assign the virtual IP address, and enable the group.
You can configure one virtual IPv4 address for a VRRPv3 group. By default, the master VRRPv3 router drops the packets addressed directly to the virtual IP address because the VRRPv3 master is only intended as a next-hop router to forward packets. Some applications require that Cisco NX-OS accept packets addressed to the virtual router IP. Use the secondary option to the virtual IP address to accept these packets when the local router is the VRRPv3 master.
Note After you have configured the VRRPv3 group, you must explicitly enable the group before it becomes active.
BEFORE YOU BEGIN
SUMMARY STEPS
2. interface interface-type slot/port
3. vrrpv3 number address-family { ipv4 | ipv6 }
4. (Optional) address ip-address [ primary | secondary ]
5. (Optional) description description
7. (Optional) preempt [delay minimum seconds ]
9. (Optional) timers advertise interval
12. (Optional) show fhrp [ interface-type interface-number] [verbose]
DETAILED STEPS
Configuring the Delay Period for FHRP Client Initialization
You can configure the delay period for the initialization of FHRP clients.
Note In all FHRP protocols, we do not recommend to use aggressive timers as they cause CPU spikes and they result in increased control packet flow. In case of VRRPv3, you should configure sufficient interface delay/reload delay for proper failover of the VRRP nodes.
To configure this feature, use the following command in interface configuration mode:
Configuring VRRPv3 Control Groups
BEFORE YOU BEGIN
SUMMARY STEPS
2. interface interface-type slot/port
3. ip address ip-address mask [ secondary ]
4. vrrpv3 number address-family { ipv4 | ipv6 }
5. (Optional) address ip-address [ primary | secondary ]
7. (Optional) show fhrp [ interface-type interface-number] [verbose]
DETAILED STEPS
Verifying the VRRPv2 Configuration
To display the VRRPv2 configuration information, perform one of the following tasks:
|
|
|
|---|---|
show vrrp v2 vr number interface interface-type port configuration |
|
Verifying the VRRPv3 Configuration
See the following table for information on the fields in the show vrrpv3 command output:
|
|
|
|---|---|
For example, use the show vrrpv3 statistics command to display the VRRPv3 statistics:
Displaying VRRP Statistics
To display VRRP statistics, use the following commands:
|
|
|
|---|---|
show vrrp vr number interface interface-type port statistics |
|
Use the clear vrrp vr command to clear the IPv4 VRRP statistics for a specified interface.
Use the clear vrrp ipv4 command to clear all the statistics for the specified IPv4 virtual router.
Configuration Examples for VRRPv2
In this example, Router A and Router B each belong to three VRRPv2 groups. In the configuration, each group has the following properties:
– Virtual IP address is 10.1.0.10.
– Router A will become the master for this group with priority 120.
– Advertising interval is 3 seconds.
– Router B will become the master for this group with priority 200.
– Advertising interval is 30 seconds.
– Router A will become the master for this group first because it has a higher IP address (10.1.0.2).
– Advertising interval is the default 1 second.
Configuration Example for VRRPv3
See the following configuration example for VRRPv3.
Additional References
For additional information related to implementing VRRP, see the following sections:
Related Documents
|
|
|
|---|---|
Feedback